The annotated tag, tdb-1.4.13 has been created
at 4eecdddda492e3030977872f32b8a0f8165ea07e (tag)
tagging 70a8c7a89a6d62d2ff172d79b5f4e6439300b88d (commit)
replaces tdb-1.4.12
tagged by Jule Anger
on Thu Feb 6 13:36:20 2025 +0100
- Log -----------------------------------------------------------------
tdb: tag release tdb-1.4.13
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAmekrMQACgkQR5ORYRMI
QCWhjQf8D7a0Z9cbPUknJgvwSRbfp1LmdA6/GgJczn8eAeLI8VW92CXHprCVkkWH
mALGKTwDdyJ1wCscqDO7Sh1tX2sb84HsxYILQwZaGFSKacr9AOvz8zMHhzX3aNJn
ULnO28qMx2NsgKChOg+KeHVPZ1uv5u1z5pPKSpTqeqX0I/5WAKL6b88MAsqtVqVJ
YqW2t+hTIBUbyAm36wo32tQF0XMnw+L5JWWJ2M9zq7Hu2UNx4MzMXOaaqdJLvveO
ZoNee1a98KPp4wiaonjx6/X+2Rqs9FGmyHO4ulif9jvRiw1SZ11SoVsGwevjtdUu
P/YeKrUOCihIb3fotiNkWRuvgzgZrA==
=zm59
-----END PGP SIGNATURE-----
Alexander Bokovoy (2):
kdc: warn if DES-only keys enforced on the account
sync machine password to keytab: handle FreeIPA use case
Andreas Schneider (69):
README: Add languages to code blocks for highlighting
ldb: Build lmdb backend also in non-AD case
lib:ldb: Use tdb_parse_record() in ldb_kv_dn_list_load()
lib:ldb: Use tdb_parse_record() in ldb_kv_dn_list_store()
lib:ldb: Use tdb_parse_record() in ldb_kv_sub_transaction_traverse()
lib:ldb: Use tdb_traverse_read() in ldb_kv_index_sub_transaction_commit()
s3:client: Improve error message on cli_setatr() failure
s3:tests: Track the status of smbcquotas and not tr
s3:tests: Write stderr to file to be able to print it on failure
lib:ldb: Remove trailing spaces from ldb_modules.c
lib:ldb: Don't use RTLD_DEEPBIND by default
lib:ldb: Remove trailing spaces from ldb.3.xml
lib:ldb: Document environment variables in ldb manpage
lib:talloc: Remove trailing spaces from testsuite.c
lib:talloc: Use memset_s() to avoid the call gets optimized out
lib:talloc: Add talloc_zero vs calloc test
lib:talloc: Don't optimize the speed test
lib:talloc: Increase alloc size to 128 kilobytes
lib:talloc: Use tabs to align output in speed test
doc: Update doc about talloc vs malloc speed
s3:notifyd: Use a watcher per db record
nsswitch: Fix memory leak in wbinfo_auth_krb5()
nsswitch: Fix memory leak in nsstest
nsswitch: Fix memory leak in wbcDomainInfoList
s4:torture: Remove trailing spaces in winbind.c
s4:torture: Fix memory leak in torture_decode_compare_pac()
s4:client: Remove trailing spaces in client.c
s4:client: Fix memory leaks in smblcient4
s3:utils: Fix memory leak in ntlm_auth
s3:utils: Remove trailing spaces in ntlm_auth_diagnostics.c
s3:utils: Fix memory leak in ntlm_auth_diagnostics
s3:utils: Fix memory leak in test_lmv2_ntlmv2_broken()
s3:winbind: Fix heap buffer overflow in winbind
s3:libsmb: Make parse_node_status() more robust
python: Fix length of Common Name x509 attribute
selftest: Allow to use SHA1 with OpenSSL for selftest
gitlab-ci: Move to Fedora 41
gitlab-ci: Fix building debian 32bit images
s4:torture: Fix samba3.smb2.name-mangling on btrfs
s4:smbtorture: Fix samba3.smb.dir on btrfs
talloc: Add LGPLv3 LICENSE file
tevent: Add LGPLv3 LICENSE file
tdb: Add LGPLv3 LICENSE file
ldb: Add LGPLv3 LICENSE file
lib:util: Fix stack-use-after-return in crypt_as_best_we_can()
lib:replace: Remove trailing spaces from readline.h
lib:replace: Don't use deprecated readline CPPFunction cast
third_party: Update socket_wrapper to version 1.4.4
s4:torture: Remove obsolete test in samba3.session
s4:torture: Remove obsolete check in raw.close test
s4:torture: Skip test_BackupLog against all of Samba
s4:selftest: Set smbtorture4 targets correctly
s4:torture: Fix target handling in raw.chkpath
s4:torture: Fix checking targets in raw.streams
s4:torture: Remove trailing spaces in getinfo.c
s4:torture: Fix checking targets in smb2.getinfo
s4:torture: Fix spoolss tests running against Samba
s3:selftest: Correctly set smbtorture4 targets
libcli:smb: Implement smb2cli_read_cancel()
libcli:smb: Implement smb2cli_notify_set_notify_async()
s4:torture: Add IPC test for 'smb2 max async credits'
s4:torture: Add IPC test with 2 connections for 'smb2 max async credits'
s3:torture: Add IPC test with multichannel for 'smb2 max async credits'
s4:torture: Add notify test for 'smb2 max async credits'
s4:torture: Add notify test with two connection for 'smb2 max async
credits'
s4:torture: Add notify test with multichannel for 'smb2 max async credits'
s4:torture: Implement ipc test with len=0
s3:smbd: let aio_add_req_to_fsp() return the pointer to the link
s3:smbd: Allow cancel of SMB2 read on ipc handles
Andréas Leroux (3):
netcmd:domain:policy: Fix missing conversion from tgt_lifetime minutes to
10^(-7) seconds
netcmd: More explicit warning when python-gpg is missing
netcmd: Increase the transaction_index_cache_size to 200k for
schemaupgrade
Anoop C S (18):
source3/script: Fix installation of winbind_ctdb_updatekeytab.sh
docs-xml: Fix script location in syncmachinepasswordscript.xml
source3/wscript: Introduce auto mode to build ceph vfs modules
vfs_ceph_new: Call vfs_ceph_userperm_new with handle->conn
vfs_ceph_new: Hold a config reference in vfs_ceph_fh
vfs_ceph_new: Pass module config to userperm helpers
vfs_ceph_new: Use function pointers for API calls
wscript_build: Do not link vfs_ceph_new against libcephfs
docs_xml/vfs_ceph_new: Add new proxy option
s3/smbd: Add a helper to fetch fs capabilities
vfs_default: Retrieve fs capabilites using vfs_get_fs_capabilties
vfs_ceph: Populate fs capabilities within cephwrap_statvfs
vfs_ceph: Retrieve fs capabilties using vfs_get_fs_capabilities
vfs_ceph_new: Populate fs capabilities within vfs_ceph_statvfs
vfs_ceph_new: Retrieve fs capabilties using vfs_get_fs_capabilities
vfs_glusterfs: Retrieve fs capabilities using vfs_get_fs_capabilities
ctdb-build: Add missing ctdb-tcp dependency
vfs_ceph_new: Remove unused symbol for ceph_readdir
Björn Baumbach (11):
python/samdb: fix attribute name in parameter description
python/samdb: add missing function parameter description
python/samdb: rename filter variable to search_filter
python/samdb: fix check which checks if user is already member of group
python/samdb: fix group member removal by SID
python/samdb: no need to set member_base_dn multiple times
samba-tool group removemembers: avoid python backtrace on error
samba-tool user disable: set proper --filter option description
samba-tool user disable: rename filter variable to search_filter
samba-tool user disable: make sure that filter matches only one user
samba-tool user disable: add new --remove-supplemental-groups option
Björn Jacke (1):
samba-tool/backup: set the right permissions on our root dir
Christof Schmitt (11):
shadow_copy2: Ignore VFS_OPEN_HOW_WITH_BACKUP_INTENT
vfs_gpfs: Remove gpfs_stat_x fallback
vfs_gpfs: Remove pathref test
vfs_gpfs: Use gpfs_get_winattrs instead of gpfs_fstat_x
vfs_gpfs: Simplify vfs_gpfs_fset_dos_attributes
vfs_gpfs: Set creation time from vfs_gpfs_fset_dos_attributes
vfs_gpfs: Remove winattr calls from vfs_gpfs_fntimes
gpfswrap: Remove unused gpfs_stat_x wrapper
gpfswrap: Remove unused gpfs_fstat_x
gpfswrap: Remove unused gpfs_set_winattrs_path
vfs_gpfs: Remove one whitespace
David Disseldorp (3):
s4:torture/smb2: test FSCTL_QUERY_ALLOCATED_RANGES truncation
smb2_ioctl: fix truncated FSCTL_QUERY_ALLOCATED_RANGES responses
smbd: improve reinit_after_fork error handling
David Mulder (66):
bootstrap: Migrate to Rocky8
Add simple WAF commands for building Rust bininaries
Add ntstatus_gen for Rust
Add Rust formatting for 80 char lines
Add rust bindings to Samba utils debug
Build the Rust ntstatus generated code
Add lp Rust bindings
Add rust tdb bindings
Add by-upn idmapping for Himmelblaud
Add a daemon caching layer that wraps tdb
Add the Azure Entra Id Daemon
Add NSS module for himmelblaud
Add Samba versioning
Add PAM module for himmelblaud
Add pam_auth to himmelblau daemon
Add nss getpwent to the himmelblau daemon
Add nss getpwnam to the himmelblau daemon
Add nss getpwuid to the himmelblau daemon
Add nss getgrent to the himmelblau daemon
Add nss getgrnam to the himmelblau daemon
Add nss getgrgid to the himmelblau daemon
Add pam_acct_mgmt to the himmelblau daemon
Add pam_open_session stub to the himmelblau daemon
Reorganize rust file tree
Isolate hsm auth value from the cache
Pam prompt for Pin if hello enrolled and enabled
Update libhimmelblau
Add build config for proper TDB build linkage
Add clang and openssl deps
Introduce build option to enable Himmelblau
utf8proc-devel is missing from CentOS 8 Stream
A Rust 'crate' is not a misspelling of 'create'
Adding Cargo.lock file for Rust build
Enable rust cargo test in Samba make test
Modify rust build to share target dir w/ cargo test
Rust WAF detect dependant files from crates
Vendor the rust sources for CI tests
Debian cargo is far to old for building
Add tests for rust chelps crate
Add USING_SYSTEM_TDB test for rust config
Improve cargo test output
Add tests for rust dbg crate
Always normalize cache inputs to lowercase
Add tests for rust himmelblaud build
Only set the debug logfile if not stdout
Add warnings for missing directories at runtime
Fix display of function names in debug
Add talloc stackframe handling
Always print a newline at the end of debug msgs
Use the s4 param functions to access idmap values
Remove the existing socket if present
Ensure clients can write to the himmelblau pipe
Properly handle read/write from the client socket
Fetch the target join os via std::env::consts
Add the user's primary group to the cache
Fix pam echo not displayed via ssh
Fix Rocky8 build for utf8proc-devel
Disable the rust build by default
Add pyglue for Rust for disabling tests
autobuild: Only configure himmelblau if openssl >= 3
glibc needs to be at least vers 2.32 for rust
Add configure checks for glibc and openssl versions
autobuild: Only enable rust build if cargo exists
Fix usage test broken by rust vendor sources
autobuild: Configure samba-o3 for himmelblau testing
Fix pam failure to register Pin following mfa poll
Douglas Bagnall (84):
s4:drs:test:getncchanges: add a timeout failure
s4:drs:tests: add hook for changing highwatermark
s4:drs:tests: repeat getncchanges test with zero reserved_usn
s4:drsuapi:getncchanges: fix whitespace
s4:drsuapi:getncchanges: use DBG_ERR() macro
s4:drsuapi:getncchanges: allow 0 reserved_usn reply
s4:drs:test:getncchanges: remove timeout failure
s4:drs:test:getncchanges skips some tests with reserved_usn = 0
ldb:kv_index: help static analysers to not worry (CID 1615192)
ndr:dnsp: avoid theoretical int overflow (CID 1609418)
dsdb:mod:operational: initialise a pointer (CID 1499411)
dsdb:util: dsdb_module_dn initialises on failure
dsdb:cracknames: free more on error (CID 240724)
ldb:py bindings: ldb.Ldb().__str__ prints connection URL
ldb:pytest:api: remove pass-though tearDowns
ldb:pytest:api: remove unnecessary super() parameters
ldb:tests:api.py uses .disconnect before rmdir
ldb:tests: make api_base module
ldb:tests: make api_search module
ldb:tests: make api_add_modify module
ldb:tests: make api_simple module
ldb:tests: move api.py to api_misc
ldb:tests:api_misc: fix Control test
ldb:tests:repack: use common api_base variables
ldb:tests:api_simple uses conventional 4 space indent
ldb:tests:crash: rationalise imports
ldb:tests:index: use abi_base
ldb:test:api_base: simplify prefix selection
ldb:test:api_base: make flags method a class method
ldb:test:api_search: improve attribute access tests
ldb:test:api_search: put config options on class, not instance.
ldb:test:api_search: use test name as db name
ldb:test:api_search: set up the database once and use copies
ldb:test:api_search: tidy up files in each subclass
ldb:test:api_search: use class method to add index
ldb:test:api_search: skip LMDB tests at class level
ldb:test:api_search: use @unittest.skipIf for LMDB tests
ldb:test:api_search: remove pass-through setUp()s
ldb:test:api_search: shift remaining setUp adds to class add_index
ctdb:tests: s/the the\b/the/ in comments
lib/afs: s/the the\b/the/ in comments
ldb:pack: s/the the/in the/ in comments
pyldb: s/the the\b/the/ in comments
tevent docs: s/the the\b/the/
util:charset: s/the the\b/the/ in comments
libcli:auth:msrpc_parse: s/the the/is the/ in comments
nsswitch:: s/the the\b/the/ in comments
samba-tool:: s/the the\b/the/ in docstring
pytest: s/the the\b/the/ in comments
s3:client:clitar: s/the the/to the/ in comment
s3:headers: s/the the\b/the/ in comments
s3:printing and spoolss: s/the the\b/the/ in comments
s3:smbd:posix_acls: s/the the/that the/ in comment
s4:ldb_mods:group_audit: s/the the/the/ in comments
s4: s/the the\b/the/ in miscellaneous comments
s4:reg: s/the there/there/ in comments
ldb:test:lmdb_free_list: s/the the/to the/ in comment
libndr: specialise ndr_token_find() for key pointer comparison
libgpo:admx:: s/the the\b/the/
selftest:S4: do not add 'env python' multiple times'
selftest:S4: use RR_PROVISION for rr recording
selftest:S4: use PY_DEV_PROVISION for python dev-mode
lib:ldb-samba: use 'ldb' debug class more widely
ldb:tests: add tests ensuring indexes don't change search results
ldb:dn_casefold_internal: TALLOC_FREE only what we talloced
ldb:ldb_pack: filter avoids looping over msg when attrs contain "*"
ldb:kv: s/ltdb/ldb_kv/ in comments and messages
ldb:kv_cache: s/ltdb/ldb_kv/ in comments and messages
ldb:dn_compare: be a bit more transitive
ldb:dn_compare_base: avoid unlikely int overflow
samba-tool: no traceback for unauthenticated rootdse access
util: add a crypt wrapper, derived from dsdb:password_hash
dsdb:password_hash: move hash_blob allocation up
dsdb:password_hash: use talloc_crypt_blob()
util: add a crypt strerror helper
pyglue: add crypt() function
pytest: test that _glue.crypt works
samba-tool user: use _glue.crypt, not crypt.crypt
samba-tool user: hashlib.sha1 is always present
pytest: password_hash uses internal _glue.crypt
bootstrap: we don't need python-crypt-r anymore
util:datablob: data_blob_pad checks its alignment assumption
ldb: fix Coverity 1636883
provision: always use a large transaction index cache
Earl Chew (1):
Describe implication of upstream ICU-22610
Guenther Deschner (6):
vfs_ceph_new: Add a new struct to hold ceph module config
vfs_ceph_new: Introduce new parametric option 'proxy'
vfs_ceph_new: Dynamically open library for 'proxy' mode
vfs_ceph_new: Add required function pointers to config
vfs_ceph_new: Populate function pointers with addresses
s3-sharesec: Add Test to verify command option "--view-all"
Günther Deschner (3):
s3-libads: dump ADS_MODSLIST before attempting the LDAP modify
selfest: add test for non-local offlinejoin provision
s3-libnet: avoid using lp_dns_hostname() in join code
Jeremy Allison (3):
s4: torture: Add a new test lease_rename_with_overwrite.
auth: Add missing talloc_free() in error code path.
auth: Cleanup exit code paths in kerberos_decode_pac().
Jo Sutton (4):
lib/util: Speed up slow data-blob-to-hex functions
librpc: Speed up GUID_buf_string()
util:charset: Remove unreachable code (CID 1272948)
libcli:auth: Remove unreachable code (CID 1272968)
Jones Syue (2):
s3: SIGHUP handlers use consistent log level 3
s3:vfs_crossrename: add back checking for errno ENOENT
Jule Anger (7):
libsmb: use more precise error status
libsmb: make cli_get_posix_fs_info() asynchronous
libsmb: add cli_get_posix_fs_info() for smb2
smbd: check negotiate before the create context is handled
pylibsmb: add python binding for cli_get_posix_fs_info
tests: add test for cli_get_posix_fs_info
tdb: version 1.4.13
Kacper Boström (1):
samba-tool: Fix for inability to delete GPOs containing GPWL policies
Lyanis Souidi (1):
netcmd: user: Fix typo in samba-tool error message
Martin Schwenke (85):
ctdb-daemon: Remove a use of ctdb_errstr()
ctdb-tcp: Use talloc_strdup() instead of repeating logic
ctdb-tcp: Factor out listening code to avoid repetition
ctdb-ib: Remove a use of ctdb_set_error()
ctdb-tcp: Use path_rundir_append() to construct lock_path
ctdb-tcp: Use already constructed node name
ctdb-tcp: Consolidate failure code
ctdb-tcp: Remove a use of ctdb_addr_to_str()
ctdb-tests: nfs_iterate_test() marks RPC service down
ctdb-tests: Argument 3 to nfs_iterate_test() is up iteration
ctdb-tests: Add function rpc_failure() to log failures and warnings
ctdb-tests: Initialise return code file
ctdb-tests: Move result check to rpc_set_service_failure_response()
ctdb-tests: Simplify handling of statistics change
ctdb-tests: Replace implicit healthy behaviour with early exits
ctdb-tests: Drop unnecessarily "else"
ctdb-tests: Make NFS RPC monitoring tests consistent
ctdb-tests: Make _rpc_service_up() and _rpc_services_down() internal
ctdb-scripts: Only consider statistics on timeout
ctdb-scripts: Make initial statistics output empty
ctdb-scripts: Avoid flapping NFS services at startup
codespell: Ignore CTDB bin/
s3:tests: Fix spelling error
ctdb-failover: Add ctdb_smnotify_helper
ctdb-scripts: Use nfs-utils' sm-notify instead of CTDB's smnotify
ctdb-scripts: Remove unused variable NFS_HOSTNAME
ctdb-scripts: Reformat with "shfmt -w -p -i 0 -fn"
ctdb-scripts: Move database handling to its own event script
ctdb-scripts: Add support for backing up persistent TDBs
ctdb-tests: Add persistent TDB backup tests
ctdb-tests: Add missing quotes in test output
ctdb-tests: Fix test failure when tests are installed
ctdb-protocol: Add function ctdb_sock_addr_from_sockaddr()
ctdb-common: Add functions for local IP address checking
ctdb-tests: Add test code for ctdb_sys_have_ip()
ctdb-server: Add some local variables
ctdb-common: Make the argument to ctdb_sys_have_ip() const
ctdb-common: Reimplement ctdb_sys_have_ip() using new infrastructure
ctdb-server: Optimise local IP verification
ctdb-tcp: Only attempt to automatically bind to local IPs
ctdb-tcp: Modernise a DEBUG
ctdb-daemon: Improve error handling when releasing all IPs
ctdb-daemon: Drop unused arguments
ctdb-daemon: Fix a comment
ctdb-daemon: Store public address string in VNN
ctdb-daemon: Add ctdb_vnn_address_string() and use in trivial places
ctdb-daemon: Use ctdb_vnn_address_string() in old-style debugging
ctdb-daemon: Clean up error handling and debug
ctdb-daemon: Replace remaining uses of CTDB_NO_MEMORY() in this file
ctdb-daemon: Use path_etcdir_append() to construct some paths
ctdb-daemon: Ensure CTDB_BASE is set, don't fetch it
ctdb-server: Clean up find_public_ip_vnn()
ctdb-server: Use find_public_ip_vnn() in a couple of extra places
ctdb-scripts: Don't set arp_filter=1 by default in 10.interface
ctdb-tests: Ensure ss stub handles square brackets around addresses
ctdb-tests: Drop unsupported long options from ss stub usage
ctdb-tests: Fix ss -a not supported
ctdb-doc: Improve 10.interface documentation and comments
ctdb-scripts: Reformat with "shfmt -w -p -i 0 -fn"
ctdb-scripts: Don't list connections when not hosting IPs
ctdb-scripts: update_tickles() should use the public IPs cache
ctdb-scripts: Remove superseded compatibility code
ctdb-scripts: Use ss -H option to simplify
ctdb-server: Clean up connection tracking functions
ctdb-server: Drop a log message to DEBUG level
ctdb-server: Drop an unnecessary variable
ctdb-server: Handle pre-existing connection first
ctdb-server: Remove duplicate logic
ctdb-server: Use ctdb_connection_same() to simplify
ctdb-scripts: Move connection tracking to 10.interface
ctdb-scripts: Get connections after tickle list
ctdb-scripts: Track connections for all ports for public IPs
ctdb-scripts: Factor out function kill_tcp_summarise()
ctdb-scripts: Add configuration variable CTDB_KILLTCP_USE_SS_KILL
ctdb-common: Map ENOENT for a missing event script to ENOEXEC
ctdb-scripts: Use CTDB_NFS_SHARED_STATE_DIR in nfs-ganesha-callout
ctdb-scripts: Fix some bit-rotted comments and whitespace
ctdb-scripts: Drop TCP tuning comments from statd_callout_helper
ctdb-scripts: Improve update and listing code
ctdb-scripts: Factor out some statd-callout functions
ctdb-scripts: Fix impending SM_NOTIFY versus record deletion race
ctdb-scripts: Support storing statd-callout state in cluster filesystem
ctdb-tests: Update statd-callout tests to handle both modes
ctdb-scripts: Support CTDB_STATD_CALLOUT_SHARED_STORAGE=none
ctdb-scripts: Change default persistent DB for statd_callout_helper
Michael Tokarev (11):
specify some deps on private libs actually used directly
libsamba-errors: eliminate dependency on samba-debug
silence DNS lookup mismatch messages
silence "Can not convert group sid" warnings in the log
passchange: error message fix
Minimal EDNS0 support for built-in DNS client
testparm: do not fail if /run/samba does not exist
replace direct calls to memset_s() with commonly used macros
remove usage of bzero
include <grp.h> for setgroups in a few places
fruit: fixup size_t overflow check
Noel Power (2):
libcli/smb: Fix failure of Smb3UnixTests.test_create_context_reparse
librpc/ndr: Fix fuzz CI on latest tumbleweed
Pavel Filipenský (38):
Revert "docs-xml: Delete descriptions for removed commands "net ads
keytab add" and "net ads keytab add_update_ads""
docs: Add examples to net.8 that use 'sync machine password to keytab'
s3:script: Rename updatekeytab.sh ==> winbind_ctdb_updatekeytab.sh
s3:script: Install winbind_ctdb_updatekeytab.sh
docs:smbdotconf: Improve documentation for 'sync machine password script'
docs:smbdotconf: Improve documentation for 'sync machine password to
keytab'
docs:smbdotconf: Update 'kerberos method' with 'sync machine password to
keytab'
s3:libads: Do not print error message for a default configuration
lib/param: Don't treat a missing include file as an error in
handle_include().
s3:g_lock: Do not let pointers to point outside the input buffer
smbtorture: Allow debugging output to be configured using smb.conf
parameters
examples:winexe: Initialize Trustee.ptstrName at the right time
s3:tests: Make winbind_call_depth_trace to use global_inject.conf
s3:tests: Adapt winbind_call_depth_trace to depth=3
docs-xml: Fix manpage section generated by cmdline.common.debug.server
docs-xml: Change 'DEBUGLEVEL' -> 'level' to match the option description
docs:manpages: Update 'net ads keytab create'
s3:vfs_crossrename: avoid locking panic in copy_reg()
s3:vfs_crossrename: crossrename_renameat() needs to return 0 if
copy_reg() is successful
docs:manpage: vfs_crossrename is not fully stackable VFS module
selftest: Add test for vfs crossrename module
s3:open.c: Fix a typo
nsswitch:tests: Remove test for deprecated wbinfo --sequence
docs-xml:manpages: Remove deprecated 'wbinfo --sequence'
nsswitch:wbinfo: Remove implementation of deprecated '--sequence'
s4:torture: Remove test for deprecated WINBINDD_SHOW_SEQUENCE
s3:winbindd: Remove implementation of WINBINDD_SHOW_SEQUENCE
nsswitch:winbind: Remove WINBINDD_SHOW_SEQUENCE
s3:winbindd: Remove unused set_routing_domain()
torture:fruit: Test timemachine for 0 bands
s3:vfs_fruit: Fix crash for nbands == 0
docs: Fix the documentation for NET ADS DNS (UN)REGISTER
s3,s4: Make case spelling of sAMAccountName consistent
docs-xml:manpages: Add missing ')' to ADS KEYTAB
docs-xml:manpages: Fix doc for 'net ads enctypes'
docs-xml:manpages: Fix doc for 'net ads setspn'
s3:utils: Fix 'Usage:' for 'net ads setspn'
s3:utils: Fix 'Usage:' for 'net ads enctypes'
Ralph Boehme (161):
docs: document SUPPORTS_BLOCK_REFCOUNTING for share:fake_fscaps
smbd: consolidate fs capabilities code in vfswrap_fs_capabilities()
libreplace: add rep_copy_reflink()
vfs_default: implement FSCTL_DUP_EXTENTS_TO_FILE with copy_reflink()
smbd: add options "fs:[logical|aligned|performance|effective aligned]
bytes per sector"
smbtorture: test creating stream doesn't crash when using "inherit
permissions = yes"
smbd: use metadata_fsp(fsp) in copy_access_posix_acl() for
SMB_VFS_SYS_ACL_SET_FD
s3/lib: add next helper variable in server_id_watch_*
s3/lib: add option "serverid watch:debug = yes" to print kernel stack of
hanging process
s3/lib: add option "serverid watch:debug script"
smbd: log share_mode_watch_recv() errors as errors
smbd: add option "smbd lease break:debug hung procs"
smbd: move trace_state variable behind tv variable
smbd: add option "smbd:debug events" for tevent handling duration
threshold warnings
smbd: consolidate DH reconnect failure code
smbd: remove just created sharemode entry in the error codepaths
smbd: SMB3 POSIX Extensions statfs() is broken
smbd: add SMB2_FS_POSIX_INFORMATION
smbtorture: prepare test_overwrite_read_only_file() for more subtests
smbtorture: fix smb2.notify.mask test
smbtorture: add subtests for overwrite dispositions vs sharemodes
smbd: fix share access check for overwrite dispostions
smbd: remove "fruit:posix_rename"
smbd: remove seperate flag FSP_POSIX_FLAGS_PATHNAMES
smbd: convert fsp->posix_flags to fsp->fsp_flags.posix_open
smbd: fix sharing access check for directories
smbtorture: rename CHECK_VALUE() to CHECK_VAL() in smb2/compound.c
smbtorture: add a bunch of tests for async rename and async interim
responses
smbtorture: test rename with other opens on the file
smbd: return correct error for compound related requests that went async
smbd: force sync rename with lease break
smbd: fix breaking leases on rename
selftest: run smb2.lease test only against the fileserver environment
smbd: smbd_do_setfilepathinfo(): one arg per line
smbd: smbd_do_setfilepathinfo(): pass data as pointer, not
pointer-to-pointer
smbd: use a DATA_BLOB and avoid data copy in
delay_rename_for_lease_break()
smbd: rework async rename check for handle lease breaks
smbtorture: expand test test_lease_unlink() with set-delete-on-close
smbd: split out smb_check_file_disposition_info()
smbd: break handle leases when setting SMB_FILE_DISPOSITION_INFORMATION
smbd: use delay_for_handle_lease_break_send() for initial delete on close
smbtorture: check initial-delete-on-close breaks H-lease for tdis, logoff
and disconnect
smbd: add handle lease breaking when deleting files at session shutdown
time
smbd: smbd_server_connection_terminate() may return
smbd: let smbd_server_connection_terminate_ex() always go through
smbXsrv_connection_shutdown_send()
smbd: add handle lease breaking when deleting files in tree disconnect
smbtorture: add a test for recursive h-lease break when renaming
s3/g_lock: add g_lock_locks() and g_lock_locks_read() varients
s3/locking: add share_mode_forall() and share_mode_forall_read() varients
s3/locking: tweak share_entry_forall()
s3/locking: add share_entry_forall_read() and share_entry_forall()
varients
smbd: add opens_below_forall() and opens_below_forall_read()
smbd: ignore POSIX and stale opens in have_file_open_below()
smbd: ignore POSIX opens in file_find_subpath()
smbd: add has_nonposix_opens()
smbd: print lease key using hex format in get_lease_type()
s3/locking: pass file_id instead of lck to share_mode_watch_send()
smbd: consolidate "have_file_open_below" logic in have_file_open_below()
smbd: recursive delay_for_handle_lease_break_send()
smbtorture: expand test test_lease_v2_rename_target_overwrite()
smbd: Split out smb2_parse_file_rename_information()
smbd: check for handle lease break on destination when renaming
smbd: ndrprint lease value in leases_db_set_fn()
smbd: add fsp_get_smb2_lease()
smbd: trigger notification for file and directory creation will be sent a
wee bit later after dropping the sharemode lock
smbd: call notify_rename() after dropping the lck in
rename_internals_fsp()
smbd: move notify_fname() out of rmdir_internals() up to close_directory()
smbd: notify file truncation after dropping the sharemode lock
smbd: pass fsp to notify_rename()
smbd: pass lease and oplock_request to open_directory()
smbd: pass lease, if any, to notify_fname()
smbd: add contend_dirleases()
smbd: add flag NOTIFY_ACTION_DIRLEASE_BREAK for notify_fname()
smbd: use contend_dirleases() in notify_fname()
smbd: trigger NOTIFY_ACTION_DIRLEASE_BREAK when creating files and
directories
s3/locking: remember parent_lease_key that set delete-on-close
s3/locking: return parent_lease_key from get_delete_on_close_token()
smbd: trigger NOTIFY_ACTION_DIRLEASE_BREAK when removing files
smbd: trigger NOTIFY_ACTION_DIRLEASE_BREAK when removing directories
smbd: trigger NOTIFY_ACTION_DIRLEASE_BREAK when truncating files
smbd: trigger NOTIFY_ACTION_DIRLEASE_BREAK when closing a modified file
smbd: pass lck down to rename_internals_fsp()
smbd: trigger NOTIFY_ACTION_DIRLEASE_BREAK for renames
smbd: trigger NOTIFY_ACTION_DIRLEASE_BREAK when setting file EOF
smbd: trigger NOTIFY_ACTION_DIRLEASE_BREAK when modifying DOS attributes
smbd: in smb_set_file_time() rename "action" variable to "filter"
smbd: trigger NOTIFY_ACTION_DIRLEASE_BREAK when changing timestamps
vfs_gpfs: trigger NOTIFY_ACTION_DIRLEASE_BREAK when changing offline
attribute
vfs_tsmsm: trigger NOTIFY_ACTION_DIRLEASE_BREAK when changing offline
attribute
smbd: trigger change notification when creating hardlink
smbd: trigger NOTIFY_ACTION_DIRLEASE_BREAK when creating hardlink
libcli/smb: rely on the caller zero-initializing "lease" in
smb2_lease_pull()
libcli/smb: ignore lease_flags and lease_duration for leasev1 in
smb2_lease_pull()
smbd: use get_deferred_open_message_state() in open_directory()
smbd: allow directory leases in close_directory()
docs: fix indentation of "strict rename"
smbd: add option "smb3 directory leases"
smbd: grant Directory Lease if requested
selftest: add "smb2.dirlease" test suite
s4/torture: give smb2_generic_create_share() caller some flexibility
smbtorture: add test smb2.dirleases.leases
smbtorture: simplify test_lease_v2_request()
smbtorture: expand Directory Leases test "v2_request
smbtorture: check SMB2_LEASE_FLAG_BREAK_IN_PROGRESS when client requests
new lease
libcli/smb: only allow SMB2_LEASE_FLAG_PARENT_LEASE_KEY_SET in lease_flag
smbtorture: check parent leasekey is ignored unless
SMB2_LEASE_FLAG_PARENT_LEASE_KEY_SET is set
libcli/smb: only copy the parent lease key if
SMB2_LEASE_FLAG_PARENT_LEASE_KEY_SET is set
smbtorture: Directory Leases vs setting EOF
smbtorture: Directory Leases vs setting DOS attributes
smbtorture: Directory Leases vs setting creation date
smbtorture: Directory Leases vs setting modification date
smbtorture: Directory Leases vs setting inode change date
smbtorture: Directory Leases vs setting access date
smbtorture: Directory Leases vs renaming
smbtorture: Directory Leases vs overwrite
smbtorture: Directory Leases vs hardlink
smbtorture: Directory Leases vs unlink
WHATSNEW: SMB3 Directory Leases
smbd: initialize delete_on_close in
smbd_smb2_setinfo_lease_break_fsp_check()
smbtorture: remove more allocation size checks
smbtorture: move hardlink test in test_ntrename() to its own test
smbtorture: use torture_assert_ntstatus_equal_goto() in CHECK_STATUS() in
unlink.c
smbd: avoid a panic in close_directory()
smbd: use NT_PASSTHROUGH_OFFSET in a few places
smbd: rename SMB2_FILE_POSIX_INFORMATION to FSCC_FILE_POSIX_INFORMATION
smbd: rename SMB2_FS_POSIX_INFORMATION to FSCC_FS_POSIX_INFORMATION
pylibsmb: implement getinfo level FSCC_FILE_POSIX_INFORMATION
tests: move wire_mode_to_unix() to libsmb.py
tests: prepare reparsepoints.py for using POSIX on the SMB2 connection
tests: fix test teardown/cleanup of test_create_reparse_directory()
tests: check reparse tag and POSIX file type from query-file with POSIX
infolevel
tests: test POSIX file type on reparse point
smbd: fix DOS attributes for reparse points in fdos_mode()
smbd: simplify smb3_file_posix_information_init()
smbd: move calling fsctl_get_reparse_tag() into
smb3_file_posix_information_init()
smbd: use fsctl_get_reparse_point() in smb3_file_posix_information_init()
smbd: fix an invalid memory access
smbtorture: verify Windows SEC_FILE_APPEND_DATA behaviour
pylibsmb: add "copy_chunk"
tests: use clean_file() from our superclass in smb3unix.py
tests: use libsmb.unix_mode_to_wire() in smb3unix.py
tests: add a test for copy-chunk on a POSIX handle
smbd: fix access_mask to FILE_APPEND_DATA mapping for POSIX opens
vfs: add fsp_flags.posix_append
vfs: add VFS_PWRITE_APPEND_OFFSET
s3/pylibsmb: add VFS_PWRITE_APPEND_OFFSET
smbd: add vfs_valid_allocation_range() as a copy of
vfs_valid_pwrite_range()
smbd: check for VFS_PWRITE_APPEND_OFFSET in vfs_fill_sparse()
lib: add sys_write_full()
vfs_aio_fork: implement POSIX append-IO
vfs_io_uring: implement POSIX append-IO
vfs: implement POSIX append-IO in vfs_pwrite_data()
s3/lib: use VFS_PWRITE_APPEND_OFFSET in default_sys_recvfile()
vfs_default: implement POSIX append-IO
smbd: prepare smb2_write.c for handling a negative offset
smbd: assert fsp->fsp_flags.posix_append and offset in
smbd_smb2_write_send()
smbd: allow VFS_PWRITE_APPEND_OFFSET in vfs_valid_pwrite_range()
tests: test SMB3 POSIX append-IO behaviour
smbd: fill fsp_flas.posix_append in open_file_ntcreate()
s3/mdssvc: add option "elasticsearch:force_substring_search = yes | no"
(default: no)
vfs_gpfs: add gpfs:clamp_invalid_times
Samuel Thibault (2):
ctdb: Include replace.h for PATH_MAX
lib/util: Include grp.h for setgroups during autoconf
Shachar Sharon (17):
vfs_ceph{_new}: do not set errno upon successful call to libcephfs
vfs_ceph_new: handle errno properly for 'readdir'
vfs_ceph_new: use 'ceph_new' for config-param prefix
docs-xml/manpages: 'ceph_new' prefix for config-param of vfs_ceph_new
vfs_ceph_new: add missing newline in debug-logging
s3:smbd: fix NULL dereference in case of readlink failure
vfs_ceph_new: handle case of readlinkat with empty name string
vfs_ceph_new: implement DFS hooks using libcephfs low-level APIs
vfs_ceph_new: switch to ceph_readdir_r
vfs_ceph_new: refactor error-case in cephmount_mount_fs
vfs_ceph_new: avoid setting errno in cephmount_cache_update
vfs_ceph_new: improve mount cache-entry ref-count
vfs_ceph_new: improve mount cache-entry add
vfs_ceph_new: improved mount logging
vfs_ceph_new: improved vfs-opers logging
vfs_ceph_new: log open-flags upon release-fh
vfs_ceph_new: add smbprofile for async-ops
Shweta Sodani (1):
vfs_ceph_new: add profiling support
Stefan Metzmacher (392):
s3:lib: add winbind_lookup_name_ex() fallback for --without-winbind
script/autobuild.py: do some basic testing using --without-winbind
s4:torture/smb2: let smb2.session.expire2* also check compound requests
s3:smb2_server: return NT_STATUS_NETWORK_SESSION_EXPIRED for compound
requests
s4:torture/smb2: add smb2.create.mkdir-visible
lib/util: add a comment to struct server_id_buf
lib/util: let server_id_str_buf() use PRIu32 and PRIu64
lib/util: add server_id_str_buf_unique_ex() and allow the delimiter to be
passed in
lib/util: split out server_id_from_string_ex allow the unique delimiter
to be passed in
lib/util: let server_id_str_buf_unique() use server_id_buf
s3:smbd: split out apply_new_nt_acl() helper
s3:smbd: call apply_new_nt_acl() already in mkdir_internals()
s3:smbd: let mkdir_internal() use a talloc_stackframe()
s3:smbd: improve DEBUG messages in mkdir_internal()
docs-xml: add 'vfs mkdir use tmp name' option
s3:smbd: let mkdir_internal() work more atomically using a temporary name
lib/replace: add renameat2() replacement
s3:vfs: add vfs_rename_how to SMB_VFS_RENAMEAT()
s3:vfs: add VFS_RENAME_HOW_NO_REPLACE
s3:vfs_default: implement VFS_RENAME_HOW_NO_REPLACE in vfswrap_renameat()
s3:smbd: let mkdir_internal() try VFS_RENAME_HOW_NO_REPLACE first
WHATSNEW: add 'vfs mkdir use tmp name' option
pidl: add scalarTypeUsed() helper to find if a type was actually used...
pidl:Samba4/Header: only include ntstatus.h if required
librpc/ndr: avoid alignment allocation in ndr_push_DATA_BLOB()
librpc/ndr: remove unused NDR_PUSH_ALLOC_SIZE()
lib/torture: add torture_assert_nttime_equal_goto()
s3:tests: make use of TMPDIR in test_symlink_traversal_*.sh
s4:libcli: allow smb2_composite_unlink* to truncate the file before close
s4:libcli/smb2: let smb2_deltree delete directory streams
s4:torture/smb2: make use of torture_assert_*_equal_goto() in streams.c
s4:torture/raw: better error handling in streams.c
s4:torture/smb2: better error handling in create.c
s4:lib/messaging: fix interaction between imessaging_reinit and
irpc_destructor
vfs_error_inject: add 'error_inject:durable_reconnect = st_ex_nlink'
s4:torture/smb2: add
smb2.durable-v2-regressions.durable_v2_reconnect_bug15624
s3:tests: let test_durable_handle_reconnect.sh run
smb2.durable-v2-regressions.durable_v2_reconnect_bug15624
s3:test_update_keytab_clustered: add net ads testjoin checks in more
places
s3:utils: let 'net ads testjoin' fail without valid machine credentials
s3:utils: use the correct secrets.tdb in net_use_krb_machine_account()
librpc/rpc: map DCERPC_NCA_S_SERVER_TOO_BUSY to
NT_STATUS_RPC_SERVER_TOO_BUSY
librpc/rpc: map DCERPC_NCA_S_UNSUPPORTED_TYPE to
NT_STATUS_RPC_UNSUPPORTED_TYPE
s4:torture/rpc: avoid checking p->last_fault_code in iremotewinspool*
s4:torture/rpc: remove useless usage of DCERPC_SIGN, DCERPC_SEAL
s4:torture/rpc: avoid using DCERPC_NDR_REF_ALLOC in fsrvp.c
librpc/rpc: add dcerpc_binding_handle_transport_{encrypted,session_key}()
s4:librpc/rpc: add dcerpc_bh_transport_{encrypted,session_key}()
s3:rpc_client: add rpccli_bh_transport_session_key()
s4:pyrpc: let py_iface_transport_encrypted() use
dcerpc_binding_handle_transport_encrypted()
s4:librpc/rpc: remove unused dcerpc_transport_encrypted()
s4:libnet: add struct dcerpc_binding_handle helper variables in
libnet_passwd.c
s4:libnet: make use of dcerpc_binding_handle_transport_session_key() in
libnet_passwd.c
xss4:pyrpc: make use of dcerpc_binding_handle_transport_session_key()
s4:torture/rpc: make use of dcerpc_binding_handle_transport_session_key()
s4:librpc/rpc: remove unused dcerpc_fetch_session_key()
librpc/rpc: add dcerpc_binding_handle_auth_session_key()
s4:librpc/rpc: add dcerpc_bh_auth_session_key()
s3:rpc_client: add rpccli_bh_auth_session_key()
s4:drepl: make use of dcerpc_binding_handle_auth_session_key()
s4:libnet: make use of dcerpc_binding_handle_auth_session_key() in
libnet_become_dc.c
s4:py_net: make use of dcerpc_binding_handle_auth_session_key()
s4:pyrpc: make use of dcerpc_binding_handle_auth_session_key()
s4:torture/drs: make use of dcerpc_binding_handle_auth_session_key()
s3:lib/netapi: make use of dcerpc_binding_handle_transport_session_key()
s3:libnet_join: make use of dcerpc_binding_handle_transport_session_key()
s3:utils/net_rpc: make use of
dcerpc_binding_handle_transport_session_key()
s3:rpc_client: make use of dcerpc_binding_handle_transport_session_key()
s3:libnet_dssync: make use of dcerpc_binding_handle_auth_session_key()
s3:rpcclient/cli_drsuapi: make use of
dcerpc_binding_handle_auth_session_key()
s3:rpc_client: remove unused cli_get_session_key()
s3:rpc_client: the transport_session_key is per connection!
s3:rpcclient: make use of dcerpc_binding_handle_auth_info()
s3:winbindd: cm_connect_lsa_tcp() doesn't need to check for NCACN_IP_TCP
or LEVEL_INTEGRITY
s3:rpc_client: make use of struct samba_sockaddr in
rpc_pipe_open_ncalrpc()
s3:rpc_client: header signing is negotiated per transport connection
librpc/rpc: add get_binding() to dcerpc_binding_handle_ops
libcli/tstream_binding_handle: implement get_binding()
s4:lib/messaging: implement irpc_bh_get_binding()
s3:winbindd: implement wbint_bh_get_binding() in winbindd_dual_ndr.c
s4:librpc/rpc: call dcerpc_binding_set_abstract_syntax after bind or
alter context
s4:librpc/rpc: implement dcerpc_bh_get_binding()
s3:rpc_client: implement rpccli_bh_get_binding()
librpc/rpc: add dcerpc_binding_handle_get_binding()
librpc/rpc: add dcerpc_binding_handle_get_transport() helper function
librpc/rpc: un-const dcerpc_default_transport_endpoint()
s4:libnet: make use of dcerpc_binding_handle_get_binding()
s4:libnet: make use of dcerpc_binding_handle_get_transport()
s4:torture/rpc: make use of dcerpc_binding_handle_get_binding() and
dcerpc_binding_get_flags()
s4:tortore/rpc: make use of dcerpc_binding_get_abstract_syntax() and
dcerpc_binding_get_flags()
s4:torture/rpc: make use of dcerpc_binding_handle_get_transport()
s4:librpc: make all but dcerpc_pipe->binding_handle internal struct
members
s3:rpc_client: remember rpc_pipe_client->print_username
s3:rpc_client: remove references to rpc_pipe_client from wsp_cli.c
s3:winbindd: make use of dcerpc_binding_handle_get_transport()
s3:rpcclient: make use of dcerpc_binding_handle_get_transport()
s3:lib/netapi: make use of dcerpc_binding_get_abstract_syntax()
s3:libsmb: make use of dcerpc_binding_get_abstract_syntax()
s3:librpc/rpc: split out dcerpc_internal.h for struct pipe_auth_data
s3:rpc_client: make most of rpc_pipe_client internal struct members
s3:rpc_client: only pass the pipe_name to rpc_transport_np_init_send()
s3:rpc_client: add struct rpc_client_{association,connection} and helpers
s3:rpc_client: convert rpc_pipe_open_ncalrpc() to
rpc_client_{association,connection}
s3:rpc_client: convert rpc_pipe_open_local_np() to
rpc_client_{association,connection}
s3:rpc_client: convert rpc_pipe_open_tcp_port() to
rpc_client_{association,connection}
s3:rpc_client: convert rpc_pipe_open_np() to
rpc_client_{association,connection}
s3:rpc_client: let cli_rpc_pipe_open() use rpc_client_connection_np()
s3:rpc_client: make real use of rpc_client_{association,connection}
s3:rpc_client: add cli_rpc_pipe_client_prepare_alter() helper
s3:rpc_client: split out cli_rpc_pipe_client_auth_schannel()
s3:rpc_client: make rpccli_setup_netlogon_creds_locked() static
s3:rpc_client: allow rpccli_setup_netlogon_creds_locked() to return
netlogon_pipe
s3:rpc_client: let rpccli_connect_netlogon() reuse the existing connection
s3:libnet: make use of rpccli_connect_netlogon() instead of reimplement
the logic
s3:rpc_client: pass remote_{name,sockaddr} to rpccli_connect_netlogon()
s3:rpc_client: let cli_rpc_pipe_open_schannel() use
rpccli_connect_netlogon() for netlogon
s3:rpc_client: add missing TALLOC_FREE(frame) in cli_rpc_pipe_open()
s3:rpc_client: pass remote_{name,sockaddr} to
rpccli_setup_netlogon_creds[_locked]()
lib/addns: match additional names in a non case insensitive way
system_mitkrb5: require 1.16 as we use ENCTYPE_AES256_CTS_HMAC_SHA384_192
s3:passdb: ENCTYPE_DES_CBC_MD5 is not longer used in
secrets_domain_info_kerberos_keys()
s3:libsmb: ads_dc_name() doesn't need to retry if we found a DC in the
closest site
s3:winbindd: let connect_preferred_dc() pass the dcname to
smbsock_connect()
s3:winbindd: let cm_connect_lsa() require schannel also for direct trusts
s3:winbindd: it's 2024 and all AD domains should be native now
s3:winbindd: remove unused line in add_trusted_domain()
s3:winbindd: let add_trusted_domain() mark domains as initialized when
loaded from config
s3:winbindd: set_dc_type_and_flags() doesn't need to do something for
primary or internal domains
s3:winbindd: dcip_check_name() only takes pss as const input value
s3:winbindd: let store_current_dc_in_gencache() take the dcaddr directly
s4:torture/smb2: improve error handling in durable_open.c
s4:torture/smb2: improve error handling in durable_v2_open.c
s4:torture/smb2: add smb2.durable-open.lock-noW-lease
s4:torture/smb2: add smb2.durable-v2-open.lock-{oplock,lease,noW-lease}
s3:smbd: only store durable handles with byte range locks when having
WRITE lease
s4:torture/smb2: add
smb2.durable-v2-open.{[non]stat[RH]-and,two-same,two-different}-lease
s4:torture/smb2: add smb2.durable-v2-open.{keep,purge}-disconnected-*
tests
s3:smbd: let durable_reconnect_fn already check for a disconnected handle
with the correct file_id
s3:smbd: allow reset_share_mode_entry() to handle more than one durable
handle
s3:smbd: avoid false positives for got_oplock and have_other_lease in
delay_for_oplock_fn
s4:tortore/rpc: let rpc.backupkey without privacy pass against Windows
2022
RawDCERPCTest: ignore errors in smb_pipe_socket.close()
tests/dcerpc/raw_protocol: pass against Windows 2022 and require special
env vars for legacy servers
s4:selftest: only run ad_member with AUTH_LEVEL_CONNECT_LSA=1
dcesrv_core: disconnect after a fault with non AUTH_LEVEL_CONNECT bind
dcesrv_core: return NAK_REASON_PROTOCOL_VERSION_NOT_SUPPORTED for binds
without contexts
tests/dcerpc/raw_protocol: add more test for auth padding during
ALTER_CONTEXT/AUTH3
dcerpc_util: don't allow auth_padding for BIND, ALTER_CONTEXT and AUTH3
pdus
s4:librpc: provide py_schannel bindings
RawDCERPCTest: split prepare_pdu() and send_pdu_blob() out of send_pdu()
RawDCERPCTest: add some more auth_length related asserts
dcesrv_core: add more verbose debugging for missing association groups
tests/dcerpc/raw_protocol: run test_neg_xmit_ffff_ffff over tcp and smb
dcesrv_core: introduce dcesrv_connection->transport_max_recv_frag
tests/dcerpc/raw_protocol: test_no_auth_ctx_request
tests/dcerpc/raw_protocol: fix comment in test_spnego_change_auth_type1
tests/dcerpc/raw_protocol: add tests for max auth_padding, auth_len or
auth_offset
tests/dcerpc/raw_protocol: add more tests for auth_pad alignment
tests/dcerpc/raw_protocol: test invalid schannel binds
dcerpc_util: let dcerpc_pull_auth_trailer() check that auth_offset is 4
bytes aligned
dcerpc_util: let dcerpc_pull_auth_trailer() expose the reject reason
dcerpc_util: let dcerpc_pull_auth_trailer() ignore data_and_pad for bind,
alter, auth3
dcesrv_core: a failure from gensec_update results in
NAK_REASON_INVALID_CHECKSUM
dcesrv_core: alter_context logon failures should result in
DCERPC_FAULT_ACCESS_DENIED
gensec:ntlmssp: only allow messages up to 2888 bytes
gensec:spnego: ignore trailing bytes in SPNEGO_SERVER_START state
dcesrv_core: fix the auth3 for large ntlmssp messages
dcesrv_core: better fault codes dcesrv_auth_prepare_auth3()
third_party/heimdal: Import lorikeet-heimdal-202410161454 (commit
0d61538a16b5051c820702f0711102112cd01a83)
s4:torture/rpc: check that DOWNGRADE_DETECTED has no bits negotiated
s4:torture/rpc: without weak crypto we should require AES
s3:rpc_server/netlogon: correctly negotiate flags in ServerAuthenticate2/3
s3:rpc_server/netlogon: if we require AES there's no need to remove the
ARCFOUR flag
s4:rpc_server/netlogon: if we require AES there's no need to remove the
ARCFOUR flag
netlogon.idl: the capabilities in query_level=2 are the ones send by the
client
libcli/auth: remove unused netlogon_creds_client_init_session_key()
libcli/auth: make use of netlogon_creds_cli_store_internal() in
netlogon_creds_cli_auth_srvauth_done()
libcli/auth: don't allow any unexpected upgrades of negotiate_flags
libcli/auth: if we require aes we don't need to require arcfour nor
strong key
libcli/auth: use a LogonControl after a LogonGetCapabilities downgrade
libcli/auth: use netr_LogonGetCapabilities query_level=2 to verify the
proposed capabilities
s4:librpc/rpc: do LogonControl after LogonGetCapabilities downgrade
s4:librpc/rpc: don't allow any unexpected upgrades of negotiate_flags
s4:librpc/rpc: define required schannel flags and enforce them
s4:librpc/rpc: use netr_LogonGetCapabilities query_level=2 to verify the
proposed capabilities
s4:torture/rpc/netlogon: adjust test_netlogon_capabilities query_level=2
to request_flags
s3:cli_netlogon: let rpccli_connect_netlogon() use force_reauth = true on
retry
s4:dsdb/common: samdb_confirm_rodc_allowed_to_repl_to() only needs a
const sid
s3:rpc_server/netlogon: add client_sid helper variables
s4:rpc_server/netlogon: add client_sid helper variables
libcli/auth: pass client_sid to netlogon_creds_server_init()
libcli/auth: split out netlogon_creds_CredentialState_extra_info
librpc/rpc: make use of creds->ex->client_sid in
dcesrv_netr_check_schannel_get_state()
s3:rpc_server/netlogon: make use of creds->ex->client_sid
s4:rpc_server/netlogon: make use of creds->ex->client_sid
libcli/auth: remove unused creds->sid
libcli/auth: remember client_requested_flags and auth_time in
netlogon_creds_server_init()
s3:rpc_server/netlogon: implement netr_LogonGetCapabilities query_level=2
s4:rpc_server/netlogon: implement netr_LogonGetCapabilities query_level=2
s4:torture/rpc: let test_netlogon_capabilities() fail on legacy servers
libcli/auth: also use netlogon_creds_CredentialState_extra_info for the
client
libcli/auth: let netlogon_creds_cli_store_internal() use
talloc_stackframe()
libcli/auth: let netlogon_creds_cli_store_internal check
netlogon_creds_CredentialState_legacy
libcli/auth: split out netlogon_creds_alloc()
s4:dsdb/common: dsdb_trust_get_incoming_passwords only needs a const
ldb_message
s4:rpc_server/netlogon: split out dcesrv_netr_ServerAuthenticateGeneric()
dcesrv_core: add DCESRV_NOT_USED_ON_WIRE() helper macro
s3:rpc_server: add DCESRV_COMPAT_NOT_USED_ON_WIRE() helper macro
netlogon.idl: add netr_ServerAuthenticateKerberos() and related stuff
libcli/auth: pass auth_{type,level} to
netlogon_creds_{de,en}crypt_samlogon_validation()
libcli/auth: pass auth_{type,level} to
netlogon_creds_{de,en}crypt_samlogon_logon()
libcli/auth: add netlogon_creds_{de,en}crypt_samr_Password()
libcli/auth: add netlogon_creds_{de,en}crypt_samr_CryptPassword()
libcli/auth: add netlogon_creds_{de,en}crypt_SendToSam()
pycredentials: make use of netlogon_creds_encrypt_samr_CryptPassword in
py_creds_encrypt_netr_crypt_password
pycredentials: add py_creds_encrypt_netr_PasswordInfo helper
python/tests: use encrypt_netr_PasswordInfo in
KDCBaseTest._test_samlogon()
pycredentials: remove unused .encrypt_samr_password()
auth/credentials: remove unused netlogon_creds_session_encrypt()
libcli/auth: make netlogon_creds_des_{de,en}crypt_LMKey() static
libcli/auth: make use of netlogon_creds_encrypt_samr_CryptPassword
libcli/auth: make use of netlogon_creds_encrypt_SendToSam
libcli/auth: make use of netlogon_creds_{de,en}crypt_samr_Password
s4:torture/rpc: make use of netlogon_creds_encrypt_samlogon_logon()
s4:torture/rpc: make use of netlogon_creds_decrypt_samlogon_validation()
s4:torture/rpc: make use of netlogon_creds_encrypt_samr_CryptPassword()
s4:torture/rpc: make use of netlogon_creds_{de,en}crypt_samr_Password
s3:rpc_server/netlogon: make use of
netlogon_creds_{de,en}crypt_samr_Password
s3:rpc_server/netlogon: make use of
netlogon_creds_decrypt_samr_CryptPassword()
s4:rpc_server/netlogon: make use of
netlogon_creds_{de,en}crypt_samr_Password()
s4:rpc_server/netlogon: make use of
netlogon_creds_decrypt_samr_CryptPassword
s4:rpc_server/netlogon: make use of netlogon_creds_decrypt_SendToSam
libcli/auth: make sure low level crypto function are not used directly
libcli/auth: return INVALID_PARAMETER for DES in
netlogon_creds_{de,en}crypt_samlogon_logon
libcli/auth: pass auth_{type,level} to schannel_check_creds_state()
libcli/auth: pass auth_{type,level} to netlogon_creds_server_step_check()
libcli/auth: split out netlogon_creds_client_verify() that takes
auth_{type,level}
libcli/auth: make use of netlogon_creds_client_verify()
s4:librpc/rpc: make use of netlogon_creds_client_verify()
libcli/auth: let netlogon_creds_copy() copy all scalar elements
libcli/auth: split out netlogon_creds_cli_check_transport()
s3:cli_netlogon: don't change remote_name in
rpccli_setup_netlogon_creds_locked()
s3:winbindd: call process_set_title() for locator child
libcli/auth: make use of netlogon_creds_cli_check_transport() in more
places
librpc/ndr: add ndr_deepcopy_struct() helper
libcli/auth: let netlogon_creds_copy() make use of ndr_deepcopy_struct()
samr/netlogon.idl: add [flag(NDR_SECRET)] in some more places
netlogon.idl: mark some structs as public so that ndr.ndr_deepcopy()
works in python
netlogon.idl: use authservice("netlogon")
librpr/ndr: split out ndr_print_generic_string()
librpc/ndr: add ndr_print_{struct,union,function}_secret_string()
pidl/Python: allow ndr_print(print_secrets=True)
python/ndr: allow print_secrets=True for ndr_print*
librpc/ndr: let ndr_print_bitmap_flag work for bitmap64bit values
netlogon.idl: add
NetlogonTicketLogonInformation/NetlogonValidationTicketLogon
libcli/auth: don't loose server_dns_domain in
netlogon_creds_cli_context_global()
Revert "libcli/auth: let netlogon_creds_cli_store_internal check
netlogon_creds_CredentialState_legacy"
schannel.idl: change netlogon_creds_CredentialState layout for 4.22
s4:librpc/rpc: make use of creds_state->client_requested_flags
s4:torture/rpc: make use of creds->client_requested_flags
libcli/auth: return RESOURCE_REQUIREMENTS_CHANGED is the proposed flags
changed
s3:libsmb: let discover_dc_netbios() return DOMAIN_CONTROLLER_NOT_FOUND
s3:utils: let net_rpc_testjoin() work for ad domains and no ipv4 address
s3:winbindd: let wb_dsgetdcname* normalize to dns names on an ad_dc
s3:winbindd: make use of samba_sockaddr add_one_dc_unique() to avoid
warnings
s3:winbindd: make use of samba_sockaddr in set_remote_addresses() to
avoid warnings
s3:winbindd: remove useless lines in add_trusted_domains_dc()
s3:rpc_client: remember the local/remote ipv4 or ipv6 addresses
s3:libads: fix compiler warning in trust_pw_change()
s3:libads: let kerberos_kinit_password_ext() always initialize *ntstatus
s3:libads: remove unused time_offset from kerberos_kinit_password()
s3:libads: split out kerberos_kinit_generic_once()
s3:libads: add kerberos_kinit_passwords_ext() helper
s3:cli_pipe: pass target_service to cli_rpc_pipe_open_with_creds()
gensec: add GENSEC_FEATURE_NO_DELEGATION flag to avoid
GSS_C_DELEG[_POLICY]_FLAG
s4:pyrpc: add conn.auth_info()
tests/krb5: make use of conn.auth_info() in _test_samlogon()
libcli/auth: let netlogon_creds_crypt_samlogon_validation handle generic
info
s4:rpc_server/netlogon: let dcesrv_netr_LogonSamLogon_base_reply handle
encryption errors
pyrpc_util: fix error Exception message in py_check_dcerpc_type()
pycredentials: remove unused module methods
pycredentials: add creds.[g|s]et_netlogon_creds()
pycredentials: add credentials.netlogon_creds_*() functions via
py_module_methods
python:tests/krb5: remember the objectGUID of created accounts
python:tests/krb5: avoid some problems when running against w2025
(preview) with STRICT_CHECKING=0
python:tests/krb5: add netlogon.py
s4:selftest: run samba.tests.krb5.netlogon
s4:rpc_server/netlogon: implement dcesrv_netr_ServerPasswordGet()
s4:rpc_server/netlogon: fix error codes in dcesrv_netr_NetrLogonSendToSam
dcesrv_core: add dcesrv_assoc_group_common_destructor()
s3:rpc_server: make use of dcesrv_assoc_group_common_destructor()
s4:rpc_server: make use of dcesrv_assoc_group_common_destructor()
libcli/auth: add let netlogon_creds_alloc() use _talloc_keep_secret()
libcli/auth: add infrastructure for netr_ServerAuthenticateKerberos()
python:tests/krb5: let netlogon.py test strong key without arcfour
pycredentials: add py_netlogon_creds_kerberos_init
python:tests/krb5: add ServerAuthenticateKerberos related tests to
netlogon.py
auth_log: prepare for netr_ServerAuthenticateKerberos
s4:rpc_server/lsa: allow krb5+privacy instead of schannel
docs-xml/smbdotconf: add "server reject aes schannel[:COMPUTERACCOUNT]"
options
docs-xml/smbdotconf: add "server support krb5 netlogon" options
librpc/server: prepare schannel_util.c for netr_ServerAuthenticateKerberos
s4:rpc_server/netlogon: implement dcesrv_netr_ServerAuthenticateKerberos
selftest add 'server reject aes schannel:COMPUTER$' rules
selftest: add 'server support krb5 netlogon = yes' for ad_dc
libcli/auth: let schannel_check_creds_state() take an access_check
callback
librpc/server: call dcesrv_netr_check_schannel() as
schannel_check_creds_state() callback
s4:rpc_server/netlogon: fix dcesrv_netr_ServerPasswordSet[2] for
ServerAuthenticateKerberos
s4:rpc_server/netlogon: fix dcesrv_netr_LogonSamLogon_base_call() for
ServerAuthenticateKerberos()
s4:scripting: fix gen_hresult.py
libcli/util: let nt_errstr() fallback to hresult_errstr()
Happy New Year 2025!
s4:dsdb: fix logic of dsdb_trust_routing_by_name()
schannel.idl: add tdo_guid to netlogon_creds_CredentialState
s4:rpc_server/netlogon: fill netlogon_creds_CredentialState->tdo_guid
python:tests/krb5: fix etypes_to_test values in RawKerberosTest
python:tests/krb5: allow get_mock_rodc_krbtgt_creds(preserve=False) to
create a tmp rodc
python:tests/krb5: allow netlogon.py tests to work against a KDC with
claims enabled
python:tests/krb5: let netlogon.py run the tests also as rodc
s4:rpc_server/netlogon: an RODC is not allowed to call
netr_ServerPasswordGet()
s4:rpc_server/netlogon: fix error codes for netr_NetrLogonSendToSam()
with SEC_CHAN_RODC
pycredentials: add [g|s]et_old_nt_hash()
python:tests/krb5: add
KerberosCredentials.[g|s]et_trust_{incoming,outgoing,account}_creds
python:tests/krb5: allow exporting a keytab file of the accounts used by
the tests
python:tests/krb5: add a create_trust() helper function to test trusted
domains
python:tests/krb5: add domain trust tests to netlogon.py
python:tests/krb5: let netlogon.py export changed passwords to keytab
python:tests/krb5: allow tickets without a kvno
python:tests/krb5: allow get_service_ticket to accept a trust referral
ticket without kvno
python:tests/krb5: let netlogon.py test referral ticket for
SEC_CHAN_DNS_DOMAIN
s4:selftest: samba.tests.krb5.netlogon don't need explicit FAST_SUPPORT
s3:libads: rename variables in trust_pw_change()
s3:libads: prepare trust_pw_change() for ServerAuthenticateKerberos()
docs-xml/smbdotconf: add "reject aes netlogon servers" option
docs-xml/smbdotconf: add "client use krb5 netlogon" option
libcli/auth: add netlogon_creds_cli_use_kerberos() helper
s3:cli_netlogon: use GENSEC_FEATURE_NO_DELEGATION for trust credentials
s3:libnet_join: use GENSEC_FEATURE_NO_DELEGATION for trust credentials
s3:rpcclient: use GENSEC_FEATURE_NO_DELEGATION for trust credentials
s3:winbindd: use GENSEC_FEATURE_NO_DELEGATION for trust credentials for
netlogon
s3:cli_netlogon: prepare for netr_ServerAuthenticateKerberos()
s3:winbindd: split out cm_connect_schannel_or_krb5() helper
libcli/auth: add support for ServerAuthenticateKerberos()
selftest: add 'server support krb5 netlogon = yes' for ad_dc_ntvfs
python:tests: let auth_log.py use self.assertIn(received, [4, 5]
python:tests: let auth_log.py explicitly use
--option=clientusekrb5netlogon=no
python:tests: let auth_log.py also test --option=clientusekrb5netlogon=yes
testprogs/blackbox: let test_rpcclient_schannel.sh explicitly use
--option=clientusekrb5netlogon
python:tests: let s3_net_join.py avoid kerberos_state=DONT_USE_KERBEROS
s3:tests: let test_update_keytab.sh use rpc changetrustpw --server
s4:librpc/rpc: implement DCERPC_SCHANNEL_KRB5
s4:torture/rpc: make more use of netlogon_creds_client_verify()
s4:torture/rpc: prepare lsa lookup tests for ServerAuthenticateKerberos
s4:torture/rpc: prepare netlogon tests for ServerAuthenticateKerberos
s4:torture/rpc: use expected_{account,authority}_name variables in
test_lsa_ops
s4:torture/rpc: prepare test_lsa_ops for ServerAuthenticateKerberos
s4:torture/rpc: let rpc.schannel also use of DCERPC_SCHANNEL_KRB5
s4:torture/rpc: let rpc.samlogon test credential_flags again...
s4:torture/rpc: let rpc.samlogon also test
DCERPC_SCHANNEL_KRB5/ServerAuthenticateKerberos()
selftest: add 'server support krb5 netlogon = yes' for fl2008r2dc
s4:torture/rpc: add rpc.pac tests with
DCERPC_SCHANNEL_KRB5/ServerAuthenticateKerberos()
selftest: force 'client use krb5 netlogon = yes' for admem_idmap_autorid
python:tests/krb5: let netlogon.py check for NETLOGON_NTLMV2_ENABLED
s4:auth/ntlm: let authsam_check_password_internals() add
NETLOGON_NTLMV2_ENABLED
s3:auth: let check_sam_security() add NETLOGON_NTLMV2_ENABLED
s3:winbindd: use struct initializers for all struct winbindd_methods cases
s3:winbindd: consistently use add_sid_to_array_unique() in winbindd_ads.c
s3:winbindd: add winbindd_domain_verify_sid() helper
s3:winbindd: split out wb_gettoken_trylocalgroups() function
s3:winbindd: split our wb_gettoken_trybuiltins() helper
pidl:Python: generate nicer code for PyNdrRpcMethodDef arrays
pidl:Python: introduce $is_raisable_return helper variable
pidl:Python: initialize pointers and add 'result' at the end
pidl:Python: check PyTuple_New() return value
pidl:Python: separate logic to calculate the signature string
pidl:Python: handle NTSTATUS/WERROR exceptions first
pidl:Python: prepare code to avoid NTSTATUS/WERROR exceptions
s4:pyrpc: allow connections with raise_result_exceptions=False
python:tests/dcerpc/lsa: add tests for invalid LookupSids2 combinations
libcli/security: let dom_sid_lookup_predefined_sid() behave like Windows
2008R2
s4:rpc_server/lsa: let LookupSids* behave like Windows 2022/2025
lib/util: add dns_cmp() as it's own file
dsdb:util_trusts: remove unused copy of dns_cmp()
s3:rpc_server:lsa: make use of the lib/util version of dns_cmp()
s3:rpc_client: make use of CHECK_DEBUGLVLC(DBGC_RPC_PARSE, ...)
rpccli_bh_do_ndr_print
s3:winbindd: make use of CHECK_DEBUGLVLC(DBGC_RPC_PARSE, ...) in
wbint_bh_do_ndr_print()
s4:lib/messaging: make use of CHECK_DEBUGLVLC(DBGC_RPC_PARSE, ...) in
irpc_bh_do_ndr_print()
s4:librpc: make use of CHECK_DEBUGLVLC(DBGC_RPC_PARSE, ...) in
dcerpc_bh_do_ndr_print()
libcli:smb: Implement smb2cli_read_set_notify_async()
s4:libcli/smb2: add smb2_tree_channel() helper
s3:smbd: Use nt_status_np_pipe() in
smbd_smb2_ioctl_pipe_{read,write}_done()
s3:rpc_server: Handle an np_read_send with len==0 correctly
librpc/ndr: apply some const to ndr_push_union_blob()
Thomas Klausner (1):
lib/replace: memset_explicit() only takes three arguments
Vinit Agnihotri (4):
sharesec: Fix warning frame not freed in order
param: Add API to load registry without share info
sharesec: Add function to check existence of share from config
sharesec: Check if share exists in configuration
Volker Lendecke (416):
smbd: protect check_smb2_posix_chmod_ace against invalid trustees
libsmb: Slightly restructure map_smb2_handle_to_fnum
libsmb: Add cli_smb2_fnum_is_posix
libsmb: Add cli_fchmod
libsmb: Add cli_chmod
libsmb: Add cli_fchmod for smb311 posix extensions
smbclient: Use cli_chmod instead of cli_posix_chmod
torture3: Use cli_chmod instead of cli_posix_chmod
libsmb: Remove cli_posix_chmod
smbd: Modernize DEBUGs
tsocket: Use iov_buflen
tsocket: Use iov_buflen
lib: Fix whitespace
smbclient: Modernize a d_printf
vfs: Fix a DBG message
lib: Fix a typo
smbd: Save a few lines with a "goto done;"
smbd: Fix a comment and an error message
smbd: Modernize a DEBUG
smbd: Fix some DBGs
smbd: Remove some dead code
smbd: Make parent_override_delete a bit more readable
smbd: Simplify check_user_ok()
smbd: filename_convert_dirfsp always gives an fsp
smbd: Assert we have an fsp in smbd_do_setfilepathinfo
libsmb: Make cli_qpathinfo_standard() static
libsmb: Modernize two DEBUGs
libsmb: Avoid an "else", we return in the "true" branch.
libsmb: Swap if/else branches in remote_password_change
libsmb: Avoid an "else", we return in the "true" branch
libsmb: Remove a pointless variable assignment
build: Fix LIBCLI_SAMR dependencies
samr: Avoid a "ret == false" for a bool
libsmb: Convert cli_oem_change_password() away from cli_api()
libsmb: Fix cli_oem_change_password()
utils: Fix "net rap password" return code
libsmb: Remove a pointless variable
libsmb: Simplify smb1cli_trans_recv()
libsmb: Convert cli_oem_change_password() to NTSTATUS
libsmb: Reduce indentation in cli_RNetShareEnum()
libsmb: Convert cli_RNetShareEnum() away from cli_api()
libsmb: Convert cli_RNetShareEnum() to NTSTATUS
libsmb: Convert cli_NetServerEnum() away from cli_api()
torture3: Convert run_randomipc() away from cli_api()
libsmb: Make cli_api() static to clirap2.c
libsmb: Remove unused cli_nt_error()
libsmb: Remove a reference to cli_errno()
libsmb: Convert cli_NetServerEnum() to return NTSTATUS
libsmb: Don't set errno in cli_NetServerEnum()
libsmb: Remove unused cli_errno()
libsmb: Remove a call to cli_is_error()
libsmb: Remove unused cli_is_error()
libsmb: Remove cli_state->raw_status
libsmb: Remove unused cli_ns_check_server_type()
libsmb: Remove unused cli_NetWkstaUserLogoff()
libsmb: Remove cli_state->rap_error
ctdb: Add a NULL check to convert_node_map_to_list()
smbd: Modernize a few DEBUGs
libndr: Remove 368 bytes from R/W data into R/O text segment
libndr: Use _talloc_array() to benefit from overflow protection
lib: Add a few explicit includes
pidl: replace.h is sufficient in ndr_*.c
idl: security.idl compiles with only secace.h
smbd: Introduce "ace" helper variable
smbd: Modernize a few DEBUGs
smbd: Inline set_sticky_write_time_path into set_sticky_write_time_fsp
idl: Remove unused KRB5_EDATA_NTSTATUS
lib: Add libcli/util/ntstatus.h in a few headers where it's needed
libsmb: Simplify pdb_sethexpwd with hex_byte()
lib: Make a few functions static
pidl: Add headerhelper idl property
idl: misc.idl references DATA_BLOB
idl: dnsp.h references NTTIME
libndr: Simplify ndr_token_retrieve_cmp_fn()
libndr: Streamline ndr_token_retrieve_cmp_fn
libsecurity: Simplify struct ace_condition_script
tests: Improve the error message for bad format chars
lib: Align integer types
util: Make show_msg call DEBUG just once
libndr: We don't need "../" in includes, -I has what is needed
libndr: Remove duplicate prototype
libndr: Use UINT32_MAX -- no need to count F's
libndr: Align an integer type
libndr: Apply endianness flags to subndr
rpc_server: Fix a comment
rpc_host: Fix max_workers calculation
libndr: Use TALLOC_FREE instead of talloc_free
libsmb: Use nybble_to_hex_upper() in smbc_urlencode()
libsmb: Use nybble_to_hex_upper() in virusfilter_url_quote()
passdb: Simplify pdb_gethexhours() with hex_byte()
vfs: Simplify capencode() with nybble_to_hex_lower()
vfs: Simplify capdecode() with hex_byte()
lib: Avoid unused includes
ctdb: Make ctdb_lock_timeout_handler() easier to understand
ctdb: Use str_list_add_printf() in debug_locks_args()
ctdb: Fix a typo
auth: Fix CID 1615191 Uninitialized scalar variable
smbd: We can expect the file to exist in is_visible_fsp()
ctdb: Change the ctdb_vfork_exec prototype to const char*const*
ctdb: Use str_list_add_printf() in lock_helper_args()
smbd: Return reparse tag in smb311 unix query dir
libsmb: Remove duplicate prototypes
libsmb: Rename and simplify unix_filetype_from_wire()
libsmb: Move unix_filetype_to_wire() to libcli/smb
smbd: Slightly simplify unix_perms_from_wire()
smbd: Factor out create/directory mode/mask logic
smbd: Simplify unix_perms_from_wire()
libsmb: Define to transfer file types via smb3 unix extensions
idl: smb3posix.idl references NTTIME
libsmb: Move UNIX constants to smb3posix.idl
pylibsmb: Add unix_mode_to_wire and wire_mode_to_unix
idl: Rename smb3_posix_cc_info.posix_perms to posix_mode
tests: Check that posix extensions return the file type
smbd: Return file type in the posix create context response
tests: Check that we return the posix type in query_directory
posix_ext: Pass unix file type through posix query_directory
pylibsmb: Fix a typo
lib: Fix CID 1620428: Memory - illegal accesses (OVERRUN)
lib: Fix CID 1596761 Resource leak
lib: Factor out ADD_TO_MALLOC_ARRAY()
lib: Avoid duplicate definition of ADD_TO_ARRAY
lib: Change ADD_TO_ARRAY to use a tmp variable
ntvfs: Fix CID 1034883 Resource leak
auth4: Fix CID 1034877 Resource leak
lib: Use talloc_realloc instead of talloc_realloc_size
utils: Fix up 14a533680245
nmbd: Remove the "nmbd proxy logon" feature
libads: Simplify cldap_multi_netlogon_send()
libads: Init a variable to NULL
libads: Simplify get_kdc_ip_string with talloc_asprintf_addbuf
net_ads: Fix indentation in net_ads_cldap_netlogon_json
libads: Modernize DEBUGs
idl: nbt.idl references NTTIME
cldap: Simplify cldap_netlogon with tevent_req_poll_ntstatus
cldap: Save a few lines in cldap_netlogon
ctdb: Save a few lines with talloc_zero()
ctdb: Don't leak a pointer on talloc_realloc failure
tstream_tls: Add tstream_tls_params_peer_name()
tldap_tls: Move creation of tls_params out of tldap_tls_connect()
tldap_tls: Remove tldap_[gs]et_starttls_needed()
torture4: Simplifiy [tcp|udp]_ldap_netlogon()
libcli4: Call map_netlogon_samlogon_response directly
libnet4: Call map_netlogon_samlogon_response directly
libnet4: Call map_netlogon_samlogon_response directly
libnet4: Call map_netlogon_samlogon_response directly
cldap: Remove cldap_netlogon->in.map_response
lib: Fix trailing whitespace
cldap: Make cldap_netlogon.out.netlogon a pointer
cldap: Make finddcs.out.netlogon a pointer
param: Remove parameter "cldap port"
build: Make util_tsock its own subsystem
build: Remove the big samba3util dependency from TLDAP
lib: Add a few required includes
param: Add "client netlogon ping protocol"
tldap: Add tldap_context_create_from_plain_stream()
libads: Add netlogon_pings()
cldap: Use netlogon_pings()
ldap: Use netlogon_pings
kerberos: Use netlogon_pings()
libsmb: Use netlogon_pings() in dsgetdcname
libads: remove cldap_multi_netlogon
libads: Make ads_cldap_netlogon() static
libads: Pass "required_flags" through ads_cldap_netlogon()
libads: Pass "required_flags" through ads_cldap_netlogon_5()
libads: Simplify ads_fill_cldap_reply()
libads: Move check_cldap_reply_required_flags() to netlogon_ping.c
libnet: Save a few lines with talloc_move()
libnet: Simplify error return in libnet_FindSite()
libnet: Initialize variables in libnet_FindSite()
libnet4: Use netlogon_pings() in findsite
libnet4: Use netlogon_pings() in become_dc
libnet4: Use netlogon_pings() in unbecome_dc
libnet4: Use netlogon_pings() in finddcs_cldap
torture4: Use netlogon_pings_send/recv in bench-cldap
torture4: Use netlogon_pings() in rpc.lsa tests
torture4: Add ldap.netlogon-ping test
torture4: Replace direct netlogon ping calls with netlogon_pings()
libcli: Remove cldap_netlogon() and friends
libcli: Move "struct cldap_netlogon" definition to torture
docs: Fix a typo in a parameter file name
libnet: Simplify becomeDC
libcli: Remove two unused functions
libcli: Make cldap_error_reply() static to cldap_server.c
tests: Run ad members with new netlogon ping protocol settings
WHATSNEW: Add client netlogon ping protocol parameter
libndr: Simplify data flow in ndr_push_relative_ptr2
libndr: Early overflow detection
vfs_fruit: Simplify filter_empty_rsrc_stream()
vfs_fruit: Align a few integer types
libcli: Try to fix CID 1609583 Overflowed constant
lib: simplify smbpasswd_gethexpwd() with strhex_to_str()
lib: simplify smbpasswd_sethexpwd() with hex_encode_buf()
idl: Fix trailing whitespace
lib: Modernize a DEBUG
libcli: Convert an int to a size_t
libreplace: Introduce hexchars_{upper|lower}
ldb: User hexchars_upper from replace.h
lib: Simplify nybble_to_hex_*
lsasrv: Simplify dcesrv_lsa_AddRemoveAccountRights()
libsmb: Fix trailing whitespace
libsmb: Fix a "cast increases required alignment" warning
pylibsmb: Add NFS reparse tag types
smbd: Simplify make_connection_snum()
smbd: Convert refuse_symlink_fsp() to bool
smbd: Convert get_ea_value_fsp() to return 0/errno
vfs: Convert streams_xattr_get_name() to return 0/errno
vfs: Simplify streams_xattr_openat()
vfs: Fix streams_xattr_openat
smbd: Make reopen_from_fsp() public
smbd: reopen_from_fsp also works for full fsps
smbd: Simplify smbd_smb2_query_directory_send()
libsmb: Use SMB2_0_INFO_FILE instead of a simple "1"
smbd: Fix an error resource leak in OpenDir_from_pathref()
smbd: Don't print cwd before tcon is done
vfs: Change the condition when to fill the getwd cache
vfs: Use the getwd-cache only if we have a valid tcon
vfs: Only call openat for valid params in fake_acls_stat
vfs: Don't ever call openat(-1, ...) for relative paths
smbd: Inline dup_file_fsp() into fcb_or_dos_open()
smbd: Simplify filename_convert_dirfsp()
smbd: Ignore twrp in chdir_below_conn()
smbd: Tighten non_wide_link_open() for absolute root share open
smbd: Enable fd_openat(cwd_fsp, "/absolute/share/path")
smbd: Simplify OpenDir_from_pathref()
smbd: Use OpenDir_from_pathref() in can_delete_directory_fsp()
smbd: Use OpenDir_from_pathref() in rmdir_internals()
smbd: Slightly simplify filename_convert_dirfsp_nosymlink()
smbd: Fix following symlinks if basedir != cwd_fsp
smbd: Factor out filename_convert_dirfsp_rel()
smbd: Add open_rootdir_pathref_fsp()
net: filename_convert_dirfsp() needs mangling initialized
smbd: Simplify filename_convert_dirfsp_nosymlink()
pysmbd: Python code calls smbd code with "." and ".."
smbd: simplify open_stream_pathref_fsp()
smbd: simplify openat_pathref_fullname()
smbd: Remove non_widelink_open()
libnet: Fix Coverity ID 1634803 Dereference after null check
vfs: Remove files_struct->posix_flags
smbd: Simplify smbd_do_qfilepathinfo()
tests: Use unix_mode_to_wire() in smb3unix tests
libsmb: Save some .data bytes with a const array
smbd: Early talloc_free in an error case
smbpasswd4: Simplify smbpasswd_sethexpwd()
libcli: Simplify debug_conditional_ace()
ntlm_auth: Fix Coverity ID 240743 Resource leak
ntlm_auth: Fix Coverity ID 240747 Resource leak
ntlm_auth: Fix Coverity ID 240748 Resource leak
ntlm_auth: Fix Coverity ID 240749 Resource leak
ntlm_auth: Fix Coverity ID 240750 Resource leak
ntvfs: Fix Coverity ID 240791 Uninitialized scalar variable
ntvfs: Fix Coverity ID 240792 Uninitialized scalar variable
libnet3: Fix Coverity ID 1034874 Resource leak
smbd: Simplify smb_q_posix_symlink()
tests: Fix a comment
test: Fix a typo
smbd: Pass "create_options" to filename_create_ucf_flags()
smbd: Revert "smbd: Simplify filename_convert_dirfsp()"
smbd: Make filename_convert_dirfsp_nosymlink() public
libsmb: Retry the open with OPEN_REPARSE_POINT on
IO_REPARSE_TAG_NOT_HANDLED
smbd: Prepare fdos_mode() for handling symlinks in smb2
smbd: Allow symlinks to be read via GET_REPARSE_POINT
smbd: Set fsp->fsp_flags.posix_open in openat_pathref_fsp_lcomp()
smbd: Fix the turning an absolute symlink into a relative one
smbd: Allow a symlink as lcomp when asking for REPARSE_POINT
tests: Reparse point files are shown as FILE_ATTRIBUTE_REPARSE_POINT
tests: Reparse point dirs are shown as REPARSE_POINT|DIRECTORY
tests: Fix test_symlinkerror_absolute_inshare
smbd: Prepare smbd_smb2_create_recv() to return a symlink error
smbd: Create the proper error blob for STOPPED_ON_SYMLINK
smbd: Always init symlink_err in filename_convert_dirfsp_nosymlink()
smbd: Return NT_STATUS_STOPPED_ON_SYMLINK
tests: Check symlinks are readable as reparse points
libndr: Add overflow check to ndr_push_subcontext_end()
autobuild: Run the samba-minimal-smbd build jobs with -j 2
pdb_ldap: Fix Coverity ID 1508985 Use of 32-bit time_t
libsmb: Fix Coverity ID 1509012 Use of 32-bit time_t
passdb: Fix Coverity ID 1509016 Use of 32-bit time_t
rpcclient: Fix Coverity ID 1509018 Use of 32-bit time_t
libndr: Fix Coverity ID 1509020 Use of 32-bit time_t
net: Fix Coverity ID 1509022 Use of 32-bit time_t
lib: Move some R/W "data" segment to R/O "text"
lib: Simplify smbconf_txt_load_file()
printing: Fix Coverity ID 1509000 Use of 32-bit time_t
printing: Fix Coverity ID 1508942 Use of 32-bit time_t
smbd: Avoid a cast
smbd: TALLOC_FREE(sd) where it was allocated
libndr: Apply const to the ndr_print_* functions's void *
pdbedit: Avoid a use of convert_time_t_to_uint32_t()
smbd: Remove a pointless comment
smbd: Simplify smbd_smb2_query_directory_send()
smbd: Simplify smb_set_info_standard()
smbd: Simplify smb_set_file_allocation_info()
smbd: Simplify smb_set_file_allocation_info()
smbd: Simplify smb_file_position_information()
smbd: Simplify smb_file_position_information()
smbd: Simplify smb_set_posix_lock()
smbd: Modernize DEBUGs
libcli: Avoid an unnecessary "else"
libcli: Fix whitespace
libcli: Fix a typo
libcli: Apply a little const
libcli: Use dom_sid_dup() instead of talloc_memdup()
libcli: Fix a signed/unsigned comparison warning
lib: Simplify security_descriptor_initialise() with a struct init
libcli: README.Coding for dom_sid routines
libcli: Simplify sddl_decode_err_msg()
libcli: Remove a special case
libcli: Speed up sddl_decode_ace()
libcli: Use ndr_deepcopy_struct() in security_token_duplicate()
libcli: Avoid an unnecessary "else"
smbd: Pass "dirfsp" through posix_mkdir()
vfs: Simplify connect_acl_xattr()
vfs: Simplify connect_acl_tdb()
libcli: Simplify pull_integer()
libcli: Remove the "mem_ctx" argument from pull_integer()
libcli: Align an integer type
libcli: Simplify disp_sec_ace_object()
libcli: Make handling implicit_owner_rights bit easier to read
libcli: Fix a potential 32-bit problem with PRIu32
libcli: Modernize a DEBUG
smbd: Simplify get_posix_fsp()
smbd: Simplify smb_q_posix_acl()
smbd: Simplify smb_set_posix_acl()
smbd: Pass "dirfsp" to get_posix_fsp()
smbd: Avoid a (double) cast
smbd: Modernize DEBUGs
lib: Fix Coverity ID 1636566 Untrusted loop bound
smbd: Simplify call_trans2setfileinfo()
smbd: Simplify smb_set_file_end_of_file_info()
smbd: Remove an obsolete comment
printing: Remove a few obsolete openat_pathref_fsp() calls
winbind: Fix Coverity ID 1509002 Use of 32-bit time_t
eventlog: Fix Coverity ID 1508977 Use of 32-bit time_t
net: Fix Coverity ID 1508974 Use of 32-bit time_t
rpcclient: Fix Coverity ID 1508978 Use of 32-bit time_t
smbd: Fix a %d/%u format string hickup
smbd: Pass "dirfsp" through open_streams_for_delete()
lib: Simplify ad_get_internal()
smbd: Simplify ReadDirName()
smbd: Fix typos
smbd: Remove a pointless and partially wrong comment
smbd: simplify can_delete_directory_fsp()
smbd: Fix can_delete_directory_fsp()
smbd: Make can_delete_directory_fsp() look cleaner in strace
smbd: Factor out can_delete_directory_hnd()
smbd: Simplify rmdir_internals()
smbd: Streamline recursive_rmdir()
smbd: Simplify rmdir_internals()
pam_winbind: Fix Bug 15771
Modernize DEBUGs
vfs: Simplify stream_dir()
vfs: Slightly speed up stream_dir()
Fix whitespace
smbd: Simplify smbd_do_qfsinfo()
lib: Fix a comment
lib: Fix error path memleaks in read_ea_list_entry()
vfs_fruit: Fix 63f0b59cbed
smbd: Use MIN() instead of explicit if-statement
torture3: Fix an error message
vfs: Fix DBGs
vfs: Fix a typo
docs: Fix a copy&paste error
smbd: Modernize a DEBUG
vfs: Use fsp_is_alternate_stream() in shadow_copy2
libsmb: Remove a pointless if-statement
lib: factor out generate_random_str_list_buf()
smb1_srv: Use generate_random_str_list_buf()
torture4: Use generate_random_str_list_buf()
torture4: Align a few integer types
torture4: Simplification with generate_random_str_list_buf()
dsdb: Simplification with generate_random_str_list_buf()
dsdb: Align an integer type
nsswitch: Simplify wbcCtxDcInfo()
nsswitch: Align integer types
pam_winbind: Align integer types
smbd: Slightly simplify rename_internals_fsp()
smbd: Slightly simplify rename_internals_fsp()
dsdb: Avoid a talloc
vfs: Simplify acl_common_remove_object()
vfs: Slightly simplify acl_common_remove_object()
vfs: Use is_ntfs_stream_smb_fname() where appropriate
vfs: Rename variables in streams_depot_renameat()
vfs: Do an early talloc_free in an error path
smbd: Modernize a DEBUG
vfs_fruit: Don't expect a pathref fsp in unlinkat
smbd: Simplify rmdir_internals()
smbd: Move parent_pathref() out of rmdir_internals()
smbd: Move parent_pathref() up in close_remove_share_mode()
smbd: Simplify delete_all_streams()
streams_depot: Simplify walk_streams()
smbd: Use filename_convert_dirfsp_rel() in durable reconnect
vfs: Fix streams_depot_lstat()
vfs: Implement streams_xattr_fstatat()
vfs: Implement streams_depot_fstatat()
vfs: Mondernize a few DEBUGs
smbd: Make dirfsp param to synthetic_pathref() const
smbd: Remove an unnecessary call to SMB_VFS_STAT()
lib: Simplify ad_get_internal()
lib: Move 968 bytes from R/W data to R/O text
lib: Fix typos
libsmb: Save some bytes in .text code
vfs: Fix some error path memleaks
vfs: Fix some whitespace
lib: Convert string_replace_allocate() to return 0/errno
vfs: Slightly simplify catia_translate_name()
vfs: Remove a few calls to map_errno_from_nt_status()
lib: Move a pointer from .data to stack
lib: Remove a pointer from R/W .data
smbd: Remove vfs_file_exist()
vfs: Align a few integer types
vfs: Add some const
vfs: Slightly simplify ad_get_meta_fsp()
lib: Shrink .text a bit
smbd: Remove an unnecessary call to SMB_VFS_STAT()
talloc: Add a comment explaining talloc_asprintf_addbuf()
ntvfs: Simplify rap_netshareenum()
-----------------------------------------------------------------------
--
Samba Shared Repository
