The annotated tag, tevent-0.17.0 has been created
at 29bcf16d21feea97b445c222ef4c85fe03e96d82 (tag)
tagging 2401f844c8beb7e856b79fb57f8e4c079b3fb0f0 (commit)
replaces samba-4.22.0rc1
tagged by Stefan Metzmacher
on Thu Jun 19 19:10:30 2025 +0200
- Log -----------------------------------------------------------------
tevent: tag release tevent-0.17.0
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAmhURIYACgkQR5ORYRMI
QCU+7ggAjs6bUQLIGvKA/7xB86ZLL1meLqGFzw9lJ8WetTtC4eVBLL9J6PFVL4m6
TRxuZBlxMzgJrmJNs57T32iaHK45vWQXyoTvEiS9B3aEpy1jvBp6e/O58Gbef+6b
kN6TYawl894mR84xFHSpB843i+ZtY0N7IVdpgcSzfx7c0OvsqqckdQUUA2R0+La6
KcEbDl+s/9Pa+Mp7wHBVvGsj4t0EOdTL+H+iqAYJmmbEVSJKqKRGjsErqnL3h1iu
ZzvzKf9TF+7v/czEsGHp/xaoWTWo34dyJC5hvVKO6fAbNHAVZhZK31y7U6+sXcFl
JEtfwidj2FbhJ6Uhgp7lNbJadnvd7g==
=keKA
-----END PGP SIGNATURE-----
Andrea Venturoli (1):
python:tdb_util: "samba-tool domain backup offline" hangs
Andreas Hasenack (1):
python:netcmd:gpo: fix crash when updating an MOTD GPO
Andreas Schneider (18):
pidl: Update documentation for DCERPC interface connections
python:lsa_utils: Don't use optional arguments for OpenPolicyFallback()
s3:net: Remove `net ads keytab flush`
s3:net: 'net ads keytab list' should only list default keytab
docs-xml: Document 'net ads keytab list'
testprogs: Remove dead code
testprogs: Use 'sync machine password to keytab' for keytab creation
auth:creds: Do a kinit if we have a password and the ccache is empty
lib:cmdline: Make sure --use-krb5-ccache sets the ccache
lib:cmdline: POPT_CALLBACK_REASON_POST should handle if we skip the
password callback
gitlab-ci: Update Fedora to version 42
third_party: Update waf to version 2.0.27
wafsamba: Adjust value type from string name(s) to actual
third_party: Update waf to version 2.1.5
dynconfig/wscript: Adjust default cleanup for waf 2.1.5
third_party: Update waf to version 2.1.6
third_party: Update pam_wrapper to version 1.1.8
lib:util: Disable logging to syslog for startup messages
Anoop C S (12):
vfs_shadow_copy2: Use VFS interface to derive mount point
vfs_ceph_new: Remove redundant re-intialization to NULL
vfs_ceph_new: Remove unused code in cephmount_mount_fs()
vfs_ceph_new: Handle absolute path in vfs_ceph_ll_walk
vfs_ceph_new: Do not resolve by inode number
vfs_ceph_new: Add path based fallback for SMB_VFS_FCHOWN
vfs_ceph_new: Add path based fallback for SMB_VFS_FCHMOD
vfs_ceph_new: Add path based fallback for SMB_VFS_FNTIMES
vfs_ceph_snapshots: Use full path from dirfsp at smb_fname
vfs_ceph_snapshots: Always calculate absolute snapshot path
source3/wscript: Configure prometheus exporter only with profiling
source3/wscript: Remove extra config WITH_PROMETHEUS_EXPORTER
Bjoern Jacke (2):
replace: fix hex_upper -> hexchars_upper
loadparm: move log message to a higher log level
Björn Baumbach (4):
libnet4: check return value of DC lookup
libnet4: free tevent request even on error
pytests: test pysmbd with non-existent file
pytests: test pysmbd with relative path names via samba-tool ntacl
Björn Jacke (1):
doc: mention an smbspool / krb5 detail
Dmitry Antipov (2):
pylibsmb: fix cast warnings in Python method definitions
pylibsmb: do not use obsolete PyEval_InitThreads() for Python > 3.6
Douglas Bagnall (102):
pytest: samba-tool --version tests
samba-tool: do not complain of no sub-command with '-V'
samba-tool: all subcommands know --version
samba-tool: --version shortcircuits option evaluation
py:get_opts:VersionOptions prints version in --help
samba-tool contact: remove useless versionopts references
pytest: add ndr packing tests for security descriptors
ndr: fix coda logic around in ndr_pull_security_ace()
build: --disable-warnings-as-errors avoids some warning config checks
smbclient: report kilobytes per second as kB/s, not kb/s
s3:torture: report kilobytes per second as kB/s, not kb/s
smbd: avoid work in unix token debug no-op
bootstrap: python-cryptography is not just for tests
bootstrap: remove wintest-only dependency
ldb: remove unused sqlite backend
ldb: remove unused nssldb
ldb: remove obsolete copy of https://ldb.samba.org
ldb:manpages: ldbedit: update url schemes
ldb: doxygen: don't mention sqlite
codespellrc: remove reference to non-existent file
ldb: remove unused test-sqlite3.sh
s4/ldap server: avoid NULL deref if search control has no data
librpc/wsp: use unsigned char for high byte comparison
manpages: add samba-tool delegation {add,del}-principal
manpages: add samba-tool dns cleanup
manpages: samba-tool dns zoneoptions
manpages: samba-tool domain functionalprep
manpages: samba-tool kds root-key sub-options
manpages: samba-tool domain schemaupgrade
manpages: samba-tool processes
manpages: samba-tool domain: consistent sddl example
manpages:samba-tool domain tombstones expunge
manpages: samba-tool drs clone-dc-database
manpages: samba-tool drs uptodateness
manpages: samba-tool gpo aclcheck
python:getopt: hack to generate docbook stubs from --help
manpages: samba-tool gpo admx load
manpages: samba-tool gpo backup
manpages: samba-tool cse list
manpages: samba-tool gpo cse register
manpages: samba-tool gpo load
manpages:samba-tool preamble for common options
manpages:samba-tool --help is not man text
manpages:samba-tool: document -H options
manpages:samba-tool: document -V,--version
manpages:samba-tool: separate passwordsettings set/show
manpages:samba-tool gpo manage security list
manpages:samba-tool gpo manage security set
manpages:samba-tool gpo restore typo
manpages:samba-tool group addunixattrs
manpages:samba-tool ntacl getdosinfo (stub)
manpages:samba-tool user addunixattrs
manpages:samba-tool user sensitive
pytest:samba-tool: .check_output() can set environment
pytests: samba_tool.help checks you updated the man page
manpages: samba-tool gpo manage smb_conf list/set
manpages:samba-tool: sort 'service-account' into place alphabetically
pytest:ntacls: test dsacl2fsacl() with a few strings
python:ntacls: pull allow list out of loop
samba-tool gpo: close opened files
pytest: samba-tool gpo: close opened files
pytest: check we can set GPO more than once
pytest: samba-tool gpo: fix has_difference(sortlines=True)
samba-tool gpo backup fix --generalize
samba-tool gpo: better entities check copes with new lines
python:gp_cert_auto_enrol: fix GUID stringification
manpages: avoid extra blank line at end of <programlisting>
manpages:vfs_shell_snap: format smbconf examples on one line
manpages:net: use &doc.version;
manpages:smb.conf: disable roaming profiles with 'logon path ='
python: remove unused in_source_tree() function
python: make source_tree_topdir() test-only
pytest: source_tree_topdir() checks more thoroughly
samba-tool gpo: separate function for dtd header generation
samba-tool gpo: use a real XML parser to check entity validity
samba-tool testparm: drop unsupported options
samba-tool testparm: avoid lowering debug level
samba-tool backup restore: cope with no sysvol
.github: add CodeQL workflow
.gitlab: CodeQL runner runs a bootstrap.sh
.github: CodeQL triggers on current branches
s4/dns/dlz: log when falling back to obsolete dns ldb path
lib/compression: add a windows python script for test vectors
dsdb:group_audit: log_membership_changes: match doxygen to code
pyldb: consistent results in py_ldb_msg_richcmp
python:join: do not suppress unexpected DNS enum errors
ldb_tdb: wrap can cope with NULL path
pylibsmb: avoid unnecessary check of sid/gid counts
s3:smb2: debug mentions function name fewer times
s4:prefork: mention service name in exit messages
s4:prefork: raise debug level of normal exits
s3:posix_acls: avoid unnecessary level 0 debug
pytests: samba_dnsupdate --use-samba-tool versus existing records
tests/samba-tool: optionally allow exception to be a failure in .run*()
samba-tool tests: test dns --allow-existing
samba-tool dns: add --allow-existing to not complain if records exist
samba_dnsupdate: slightly clarify handling of args
samba_dnsupdate: samba-tool add avoids existing record error messages
docs:man: document samba-tool dns add --allow-existing
pytest:samba-tool group: test addmembers
pytest: samba-tool group: test with 16 character name
python: Do not interpret 16 character group names as GUIDs
Felix Bussmann (1):
smbclient3: Replacing Echos in the cli status check with TCP status check.
Gary Lockyer (11):
build: Allow developer builds with clang 20
Fix clang 20 shadows variable in global scope warning
nsswitch wbinfo: fix uninitialised return value on error
Fix clang 20 sometimes-uninitialized warnings
Fix clang 20 unused-but-set-variables warnings
Fix clang 20 unused-function warnings
Fix clang 20 format-truncation warnings
Fix clang 20 format-nonliteral warnings
heimdal build: pass c flags in HEIMDAL_BINARY
heimdal build clang 20: compile lex generated code
Enable clang 20 cast-qual warnings
Günther Deschner (3):
s3-selftest: only run prometheus exporter tests when configured
s3-wscript: make sure to build with selftest without libevent
docs-xml: only generate prometheus manpage when configured
Ivan Korytov (5):
s3:locale:pam_winbind: Update Russian translation
s3-waf: Enable build of MO files for localization
s4:kdc: Fix memory leak for unused keys in TGT
s4:kdc: Fix ticket encryption types memory leak
s4:kdc: Fix memory leak of padata_value
Jennifer Sutton (39):
drs_utils: Remove unnecessary qualification
drs_utils: Make loop exit condition explicit
python:join: Remove unnecessary local variable
python: Tidy up formatting
python: Remove unused ‘more_flags’ parameter
python: Simplify GetNCChanges call setup
python: Correct comment
python: Make set of seen GUIDs a local variable
python3: Remove Python 2–only call to decode()
python:samdb: Add get_lDAPDisplayName_by_governsID_id() method
python:samdb: Add get_must_contain_from_lDAPDisplayName() method
python:samdb: Add get_searchFlags_from_lDAPDisplayName() method
s4:dsdb: Use PyLong_FromUnsignedLong() for unsigned values
drs_utils: Check for presence of more_flags attribute directly
python:tests: Test that secret keys and confidential attributes are not
included in a --no-secrets backup
drs_utils: Split process_chunk() out into its own class
samba-tool: Filter confidential attributes out of backups made with the
‘--no-secrets’ option
s4:dsdb: Remove trailing whitespace
s4:dsdb: Remove unused code
python: Fix logging call
python:tests: Decode stdout and stderr for greater readability
python:tests: Decode stdout for greater readability
python:tests: Permit expected_count to be zero
mailmap: Associate my identity with my old email addresses
lib:compression: Update my name
s3:winbindd: Fix NULL dereference (CID 1615195)
s3:winbindd: Allow ‘ptype’ to be NULL (CID 1615194)
s3:smbd: Don’t free the caller’s buffer (CID 1610056)
s4:dsdb: Fix code spelling
s4:dsdb: Remove trailing whitespace
python:join: Add missing word
s4:torture:drs: Pass through unused parameters
samba-tool: Fix code spelling
s4:dsdb: Check dsdb_module_search() return value
tests/krb5: Correct comment
python: Make use of OID comparator constants
python: Fix code spelling
samba-tool: Fix invalid escape sequences
third_party/heimdal: Import lorikeet-heimdal-202505280044 (commit
1be8ce37d618704abd82a2aa06058fa96845ad41)
John Mulligan (2):
ctdb/ceph: add option to not register mutex rados helper as a service
ctdb/doc: document the newly added option to not register the helper
Jule Anger (2):
VERSION: Bump version up to 4.23.0pre1...
WHATSNEW: Start release notes for Samba 4.23.0pre1.
Martin Schwenke (9):
ctdb-utils: Fix incorrect FSF address
ctdb-scripts: Reformat with "shfmt -w -p -i 0 -fn"
ctdb-daemon: Avoid aborting during early shutdown
ctdb-protocol: Add CTDB server SRVID range
ctdb-daemon: Add failover on shutdown
ctdb-daemon: Add configuration option shutdown failover timeout
ctdb-daemon: Run "startipreallocate" event in SHUTDOWN runstate
ctdb-daemon: Add configuration option shutdown extra timeout
ctdb-daemon: Modernise some DEBUGs
Noel Power (7):
pysmbd: fix samba.tests.samba_tool.ntacl failure due to errno overwrite
wafsamba: simplify mit kerberos detection
wafsamba: Adjust for waf 2.1.5, add default for '--with/without-json'
wafsamba: Set env variables before calling command
wafsamba: Adjust for waf 2.1.5 wafsamba_options_parse_cmd_args return
wafsamba: Adjust for waf 2.1.5 case of some Options.options attributes
wafsamba: Adjust 'match' logic to override paths in config.check()
Pavel Filipenský (10):
s3: Add new keytab specifiers
docs-xml:smbdotconf: Document new options for 'sync machinepassword to
keytab'
s3:libads: Remove specifier for 'host' principal from 'sync machine
password to keytab'
docs: Update documentation for 'sync machine password to keytab'
docs-xml: Update description of dns hotsname (G)
lib:krb5_wrap: Add smb_krb5_parse_name_flags()
s3:libads: Make sure that REALM is always added to keytab principals
s3:utils: Remove call of ads_startup() from net_ads_keytab_create()
s3: Fix use of dbwrap_transaction_cancel() in machine_account_secrets.c
lib/krb5_wrap: Fix placement of TALLOC_FREE(frame)
Ralph Boehme (105):
mdssvc: support a few more attributes
s3:smbd: disable "vfs mkdir use tmp name = auto" on OpenBSD
smbd: fix checks for POSIX opens in file_find_subpath()
smbd: fix check for POSIX opens in have_file_open_below()
smbd: fix lock_flav initialization in smbd_smb2_lock_send()
s3:locking: assert POSIX_LOCK in brl_[un]lock_posix()
s3:locking: make sure brl_conflict_posix() is only called with 2
POSIX_LOCKS
s3/param: remove widelinks check and warning for SMB3 UNIX Extensions
docs-xml: enable SMB3 Unix Extensions by default
s3/lib: fix matching interfaces with multiple assigned IPs
python/gpo.py: avoid SDDL conversion for dsacl2fsacl
python/policies.py: avoid SDDL conversion for dsacl2fsacl
python/provision: avoid SDDL conversion in set_dir_acl()
python/ntacls.py: only allow allow and deny ACEs in setntacl()
smbd: check allocsize change request against current allocsize
smbd: remove get_change_timespec()
libtorture: add torture_assert_nttime_not_equal[_goto]()
smbtorture: whitespace in test_delayed_write_update2()
smbtorture: change variable name in SET_INFO_FILE_EX macro
smbtorture: adjust "base.delaywrite.finfo update on close" for modern SMB
delayed write
smbtorture: adjust "base.delaywrite.delayed update of write time" for
modern SMB delayed write
smbtorture: adjust "base.delaywrite.update of write time and SMBwrite
truncate" for modern SMB delayed write
smbtorture: adjust "base.delaywrite.update of write time and SMBwrite
truncate expand" for modern SMB delayed write
smbtorture: adjust "base.delaywrite.update of write time using
SET_END_OF_FILE" for modern SMB delayed write
smbtorture: adjust "base.delaywrite.update of write time using
SET_ALLOCATION_SIZE" for modern SMB delayed write
smbtorture: adjust "base.delaywrite.delayed update of write time using 2
connections" for modern SMB delayed write
smbtorture: adjust "base.delaywrite.delayed update of write time 3" for
modern SMB delayed write
smbtorture: adjust "base.delaywrite.delayed update of write time 3a" for
modern SMB delayed write
smbtorture: adjust "base.delaywrite.delayed update of write time 3b" for
modern SMB delayed write
smbtorture: adjust "base.delaywrite.delayed update of write time 3c" for
modern SMB delayed write
smbtorture: adjust "base.delaywrite.delayed update of write time 4" for
modern SMB delayed write
smbtorture: adjust "base.delaywrite.delayed update of write time 5" for
modern SMB delayed write
smbtorture: adjust "base.delaywrite.delayed update of write time 5b" for
modern SMB delayed write
smbtorture: adjust "base.delaywrite.delayed update of write time 6" for
modern SMB delayed write
smbtorture: adjust "smb2.timestamps.delayed-write-vs-seteof" for modern
SMB delayed write
smbtorture: adjust "smb2.timestamps.delayed-write-vs-flush" for modern
SMB delayed write
smbtorture: adjust "smb2.timestamps.delayed-write-vs-setbasic" for modern
SMB delayed write
smbtorture: adjust "smb2.timestamps.delayed-2write" for modern SMB
delayed write
smbtorture: add "base.delaywrite.modern_write_time_update-1"
smbtorture: add "smb2.timestamps.modern_write_time_update-1"
smbtorture: add "smb2.timestamps.modern_write_time_update-2"
smbd: implement modern write time update logic
smbtorture: add test smb2.dirlease.oplocks
smbd: fix handling of directory leases and oplock levels
dbwrap: check for option "tdb_hash_size:DBNAME.tdb" in db_open()
smbtorture: add test "open-brlock-deadlock"
s3/brlock: add share_mode_do_locked_brl()
s3/brlock: don't increment current_lock_count if do_lock_fn() failed
s3/locking: add brl_set_modified()
smbd: use share_mode_do_locked_brl()
smbd: call locking_close_file() while still holding a glock on the
locking.tdb record
s3/locking: prepare brl_locktest() for upgradable read-only locks
smbd: check can_lock in strict_lock_check_default()
smbd: use share_mode_do_locked_brl() in strict_lock_check_default()
smbd: use share_mode_do_locked_brl() in vfs_default_durable_disconnect()
smbd: use share_mode_do_locked_brl() in vfs_default_durable_reconnect()
s3:rpc_server/srvsvc: use brl_get_locks_readonly() instead of
brl_get_locks()
s3/locking: parse_share_modes() -> parse_share_mode_data()
s3/locking: locking_tdb_data_get() -> locking_tdb_data_parse()
s3/locking: simplify get_static_share_mode_data_fn()
s3/locking: add a comment to put_share_mode_lock_internal()
s3/locking: add a comment to share_mode_data_ltdb_store()
smbd: rename SHARE_MODE_FLAG_POSIX_OPEN to SHARE_ENTRY_FLAG_POSIX_OPEN
s3/librpc: open_files.idl: move flag definition into open_files.idl
s3/locking: add and use fsp_[get|apply]_share_entry_flags()
s3/locking: store NTCREATEX_FLAG_STREAM_BASEOPEN as share_entry_flag
s3/locking: store NTCREATEX_FLAG_DENY_[DOS|FCB] as share_entry_flags
s3/locking: remove now unused private_options from share_mode_entry
smbd: remove unused private_flags from open_file()
vfs: add fsp_flags ntcreatex_deny_[dos|fcb] and ntcreatex_stream_baseopen
smbd: add fsp_apply_private_ntcreatex_flags()
smbd: remove broken initial-delete-on-close logic from
rename_internals_fsp()
smbd: convert all fsp->fh->private_options to fsp_flags
build: Detect libevent
smbprofile: SMB2-READ result NT_STATUS_END_OF_FILE is not an error
smbprofile: add authentication metrics
s3/smb_prometheus_endpoint: add authentication metrics
selftest: mark samba4.rpc.samr.passwords.lockout on ncacn_np with
.samr.lockout as flapping
smbtorture: remove unused torture_lease_ignore_handler()
smbtorture: make torture_lease_break_callback() static
smbtorture: add support for closing a handle when receiving a lease break
smbtorture: add test smb2.dirlease.rename_dst_parent
smbtorture: fix test smb2.notify-inotify.inotify-rename
smbd: expand logging in contend_dirleases()
smbd: support breaking leases on an object where we don't have an own
internal open
smbd: add has_delete_access_opens()
smbd: add access_mask to delay_for_handle_lease_break_send()
smbd: implement H-lease breaks on parent directory of rename target
selftest: stop running smb2.streams against "ad_dc" environment
selftest: stop running smb2.streams against the ad_dc_ntvfs
smbd: remove parent_dirname_compatible_open()
smbd: use fsp->name_hash in check_parent_access_fsp()
CVE-2025-0620: smbd: smbd doesn't pick up group membership changes when
re-authenticating an expired SMB session
smbd: NDR_PRINT_DEBUG the vfs_default_durable_cookie in all relevant
places
s3/scavenger: support more then one Durable Handle per file
s3/scavenger: raise debug level to 1 for cleanup failures
smbtorture: add a DH reconnect test that demonstrates the open record
clobbering problem
smbd: free smbXsrv_open if SMB_VFS_DURABLE_RECONNECT() failed
smbd: only call scavenger_schedule_disconnected() if smbXsrv_open_close()
succeeded
smbd: compare Open.ClientGuid against Client.ClientGuid in DH reconnect
smbd: DH reconnect hardening
smbtorture: add test smb2.durable-v2-open.reconnect-twice
s3/scavenger: call smbXsrv_open_cleanup() before
share_mode_cleanup_disconnected()
smbtorture: DH reconnect with different user must fail with
NT_STATUS_ACCESS_DENIED
smbd: return EACCESS when Durable Handle is reconnected with different
user
Samuel Cabrero (34):
winbind: Fix running in interactive mode
wscript: Add --with-systemd-userdb option
winbind: Add "winbind varlink service" smb.conf option
winbind:varlink: Add varlink service
winbind:varlink: Create varlink socket directory
winbind:varlink: Add io.systemd.UserDatabase interface
winbind:varlink: Add a function to craft a winbindd_cli_state structure
winbind:varlink: Implement user record enumeration
winbind:varlink: Implement get user record by uid
winbind:varlink: Implement get user record by name
winbind:varlink: Implement get user record by name and uid
winbind:varlink: Implement group record enumeration
winbind:varlink: Implement get group record by gid
winbind:varlink: Implement get group record by name
winbind:varlink: Implement get group record by name and gid
winbind:varlink: Implement memberships enumeration
winbind:varlink: Implement memberships by user
winbind:varlink: Implement memberships by group name
winbind:varlink: Implement membership by group and user names
winbind:varlink: Install connection closed handler
winbind:varlink: Improve membership enumeration continue flag handling
winbind:varlink: Avoid recursion
bootstrap: Install libvarlink and python3-varlink for selftests
pytests/varlink: Add varlink tests
winbind:varlink: Check memory allocation when creating the records
winbind:varlink: Set the disposition field in user records
s3/utils: Add a check for "winbind varlink service"
winbind: Add a check for "winbind varlink service"
winbind:varlink: Initialize variables
winbind:varlink: Print varlink replies
winbind:varlink: Always reply with the requested username
winbind.idl: Add wbint_NormalizeNameMap
winbind.idl: Add wbint_NormalizeNameUnmap
s3:winbind: Delegate normalize_name_map to the idmap child
Saurabh Singh (1):
vfs_vxfs: pathref fixes
Shachar Sharon (6):
vfs_ceph_new: use libcephfs nonblocking API for async-io ops
selftest: Add test for smb_prometheus_endpoint utility
build: use '--with-prometheus-exporter' configure option
smbd: Fix Coverity ID 1635770: avoid NULL deref of reparse
smbd: Fix Coverity ID 1648344: print work-dir properly
s3:auth: Fix Coverity ID 1646934: memory leak in make_pw_chat
Shweta Sodani (2):
vfs_ceph_new:minor logging improvement
vfs_ceph_new: Enhance logging for improved debugging and code flow
visibility (part 2)
Shwetha K Acharya (3):
utils: Fix CID 242227 resource leak
utils: Fix CID 1638831 Division or modulo by zero
lib: Refactor fgets usage, fix resource leaks
Stefan Metzmacher (360):
winbindd: let add_trusted_domain() check sid and dns_name are not changed
winbindd: remove unused free_domain_list()
winbindd: let wb_lookupsid_send() use a stack variable for struct
winbindd_domain
winbindd: wbint_bh_raw_call_child_done() doesn't have state->domain
winbindd: make wb_domain_request_* more robust
winbindd: let setup_child() use a useful mem_ctx for talloc memory
winbindd: assert that wbint_binding_handle() gets a valid memory context
winbindd: winbindd_child->domain is a talloc grant parent if valid
winbindd: add struct winbindd_domain_ref infrastructure
winbindd: use struct winbindd_domain_ref in struct wbint_bh_raw_call_state
winbindd: use struct winbindd_domain_ref in struct
wb_query_user_list_state
winbindd: use struct winbindd_domain_ref in struct getpwent_state
winbindd: use struct winbindd_domain_ref in struct getgrent_state
winbindd: use struct winbindd_domain_ref in struct trustdom_state
winbindd: use struct winbindd_domain_ref in struct
winbindd_list_users_domstate
winbindd: use struct winbindd_domain_ref in struct
winbindd_list_groups_domstate
winbindd: use struct winbindd_domain_ref in struct wb_lookupsids_domain
winbindd: use struct winbindd_domain_ref in struct
winbindd_domain_info_state
winbindd: introduce update_trusted_domains_dc()
s4:dsdb/ldb_modules: add trust_notify module
s4:rpc_server/lsa: no longer send MSG_WINBIND_RELOAD_TRUSTED_DOMAINS
python:tests: let lsa_utils.py use valid netbios names
s4:dsdb/common: check for valid netbios name length for trusts
s4:rpc_server/lsa: let dcesrv_lsa_CreateTrustedDomain check for valid
netbios name length
s4:rpc_server: dcesrv_lsa_DeleteObject needs to close the handles
s4:rpc_server/lsa: don't allow WITHIN_FOREST together with
CROSS_ORGANIZATION
s4:rpc_server/lsa: don't allow WITHIN_FOREST trusts
s4:rpc_server/lsa: WITHIN_FOREST together with FOREST_TRANSITIVE is
invalid
s4:rpc_server/lsa: a PIM trust requires FOREST_TRANSITIVE
s4:rpc_server/lsa: PIM trusts are not supported yet
winbindd: don't support PIM_TRUST and WITHIN_FOREST
s4:kdc: let samba_kdc_trust_message2entry don't support WITHIN_FOREST and
PIM_TRUST
drsblobs.idl: add support for ForestTrustInfo with
FOREST_TRUST_SCANNER_INFO
s4:torture/ndr: add a ForestTrustInfo ndr test with
FOREST_TRUST_SCANNER_INFO
drsblobs.idl: set NDR_PAHEX for ForestTrustDataBinaryData
drsblobs.idl: split explicit binary data and unknown data for
ForestTrustData
drsblobs.idl: introduce ForestTrustDataScannerInfo
drsblobs.idl: use dom_sid0 in ForestTrustDataDomainInfo
drsblobs.idl: make some scannerInfo related stuff public
security.idl: change ORGANISATION into ORGANIZATION
security.idl: add SID_NT_THIS_ORGANIZATION_CERTIFICATE
security.idl: DOMAIN_RID_{FOREST,EXTERNAL}_TRUST_ACCOUNTS
drsuapi.idl: fix source_dsa spelling
winbindd: move dead code into a comment
s3:tldap: avoid using talloc_tos()
s3:tldap: add some const to 'const char * const *attrs'
claims.idl: add some helper structs for claims transformation [MS-CTA]
libcli/security: add claims_tf_rule_set_parse_blob() for MS-CTA rules
libcli/security: add claims_tf_policy_[un]wrap_xml() for
msDS-TransformationRules
libcli/security: add py_claims_tf_policy_{parse_rules,wrap_xml}()
python:tests: add ClaimsTransformationTests to security.py
python:tests/krb5: only expect compressed claims if the compression
reduces the size
ndr_claims: only use compression if it actually reduces the size
libcli/security: add some more global_sid_ values required for SID
filtering
auth.idl: make sure ndr_{push,pull}_auth_SidAttr() is never used
auth: remove sid-filtering comment in
make_user_info_dc_netlogon_validation
auth: let make_user_info_dc_netlogon_validation validate all parameters
first
auth: let make_user_info_dc_netlogon_validation allocate the sid array in
one go
auth: simplify logic in make_user_info_dc_{netlogon_validation,pac}()
libcli/security: simplify logic in add_sid_to_array_attrs()
s4:auth/ntlm: simplifiy logic in name_to_ntstatus_check_password()
s4:dsdb/common: use talloc_zero() in samdb_result_dom_sid_attrs()
s4:dsdb/common: simplify the logic in dsdb_expand_nested_groups()
s4:auth: split auth_user_info_dc_expand_sids() out of
auth_generate_security_token()
s4:auth: let auth_generate_security_token() use
auth_user_info_dc_expand_sids() for device_info
s4:auth: simplify auth_system_user_info_dc()
s4:auth: simplify auth_anonymous_user_info_dc()
s4:auth: let auth_domain_admin_user_info_dc() use
talloc_zero_array(struct auth_SidAttr)
s4:auth: let authsam_make_user_info_dc() use helper variables for the
groupsid
s4:auth: let authsam_make_user_info_dc() use helper variables for the
rodcsid
s4:auth: simplify authsam_make_user_info_dc()
auth: remember the origin of sids from the PAC
s4:kdc: always go through samba_kdc_get_device_info_blob()
s4:kdc: let struct samba_kdc_entry_pac remember the krbtgt samba_kdc_entry
s4:kdc: pass the full samba_kdc_db_context to most helper functions
s3:rpc_client: Add cli_rpc_pipe_reopen_np_noauth()
s3:rpc_cerver: Use dcerpc_lsa_open_policy3() for internal RPC
s3:rpc_client: Use cli_rpc_pipe_reopen_np_noauth() for OpenPolicy fallback
dcesrv_core: Make dcesrv_call_disconnect_after() public
librpc:pyrpc: Allow new authenticated rpc connection on the same
transport as the basis_connection
python:lsa_utils: Fix fallback to OpenPolicy2
libcli/security: add dom_sid_match_prefix() helper
libcli/lsarpc: add missing forward declarations for
lsa_TrustDomainInfo{AuthInfo,Buffer}
libcli/lsarpc: add trust_forest_info_{from,to}_lsa()
s4:rpc_server/lsa: make use of trust_forest_info_{from,to}_lsa()
dsdb:util_trusts: make use of trust_forest_info_to_lsa()
dsdb:util_trusts: remove unused dsdb_trust_forest_info_{from,to}_lsa()
libcli/lsarpc: fix talloc hierarchy in trust_forest_record_to_lsa()
libcli/lsarpc: fix talloc hierarchy in trust_forest_info_from_lsa()
libcli/lsarpc: add trust_forest_info_tln[_ex]_match()
dsdb:util_trusts: replace dsdb_trust_find_tln[_ex]_match() with
trust_forest_info_tln[_ex]_match()
s4:dsdb/common: add dsdb_trust_default_forest_info()
s4:rpc_server/lsa: add allocation checks to fill_trust_domain_ex()
s4:rpc_server/lsa: always add msDS-TrustForestTrustInfo if
FOREST_TRANSITIVE is set
libcli/lsarpc: split out trust_forest_record_from_lsa
libcli/lsarpc: change logic in trust_forest_record_to_lsa() to avoid
default:
libcli/lsarpc: don't allocate in trust_forest_record_to_lsa()
libcli/lsarpc: change trust_forest_record_from_lsa to
lsa_ForestTrustRecord2
libcli/lsarpc: change trust_forest_record_to_lsa to lsa_ForestTrustRecord2
s4:rpc_server/lsa: split out dcesrv_lsa_QueryFTI()
s4:rpc_server/lsa: split out dcesrv_lsa_SetFTI()
libcli/lsarpc: add trust_forest_info_{from,to}_lsa2()
libcli/lsarpc: add trust_forest_info_lsa_{1to2,2to1}()
s4:dsdb/util_trusts: convert most functions from
lsa_ForestTrustInformation to lsa_ForestTrustInformation2
libcli/lsarpc: let trust_forest_record_from_lsa() handle BINARY and
SCANNER records
libcli/lsarpc: let trust_forest_record_to_lsa() handle BINARY and SCANNER
records
libcli/lsarpc: let trust_forest_{record_lsa_1to2,info_from_lsa}() handle
BINARY and SCANNER records
libcli/lsarpc: let trust_forest_{record_lsa_2to1,info_to_lsa}() handle
SCANNER_INFO
libcli/lsarpc: add trust_forest_info_lsa_2to2()
libcli/lsarpc: let trust_forest_info_from_lsa2() handle BINARY and
SCANNER records
s4:dsdb/common: let dsdb_trust_forest_info_add_record() handle BINARY and
SCANNER records
s4:dsdb/common: let dsdb_trust_normalize_forest_info_step1() handle
BINARY and SCANNER records
s4:dsdb/common: let dsdb_trust_normalize_forest_info_step2() handle
SCANNER and BINARY records
s4:dsdb/common: let dsdb_trust_merge_forest_info() handle SCANNER and
BINARY records
s4:rpc_server/lsa: add lsaR[G|S]etForestTrustInformation2 support to
allow FOREST_TRUST_SCANNER_INFO
winbindd: make use of lsaR[G|S]etForestTrustInformation2 to allow
SCANNER_INFO
s3:tldap: add tldap_msg_rc() helper
s4:dsdb: add forest trust scanner service
docs-xml/smbdotconf: add ft_scanner to 'server service'
libcli/auth: split out NTLMv2_RESPONSE_verify_workstation()
s4:rpc_server/netlogon: split out dcesrv_netr_NTLMv2_RESPONSE_verify()
s3:rpc_server/netlogon: split out _netr_NTLMv2_RESPONSE_verify()
libcli/auth: pass trust_forest_domain_info array to
NTLMv2_RESPONSE_verify_netlogon_creds
s4:rpc_server/netlogon: let dcesrv_netr_NTLMv2_RESPONSE_verify generate
trust_forest_domain_info array
s3:rpc_server/netlogon: let _netr_NTLMv2_RESPONSE_verify() generate
trust_forest_domain_info array
libcli/auth: add NTLMv2_RESPONSE_verify_trust() checking
libcli/auth: let NTLMv2_RESPONSE_verify_netlogon_creds() return the
computer_name
s4:rpc_server/netlogon: let dcesrv_netr_NTLMv2_RESPONSE_verify do RODC
checking
libcli/auth: let NTLMv2_RESPONSE_verify_netlogon_creds() check RODC
callers check computer_name
libcli/lsarpc: add trust_forest_info_match_tln_namespace()
s4:rpc_server/lsa: let dcesrv_lsa_lookup_name_account() handle uPNSuffixes
s3:passdb: add pdb_filter_hints()
winbindd: remember ForestTrustInformation in routing_domain->fti
winbindd: add find_routing_from_namespace_noinit()
winbindd: find_auth_domain() and find_lookup_domain_from_name() should
handle namespaces
s4:auth: avoid talloc_reference in claims_data_encoded_claims_set()
s4:kdc: use better variable names in samba_wdc_check_client_access()
s4:kdc: don't return ENOENT from samba_kdc_get_claims_data[_from_pac]
s4:kdc: split out samba_kdc_get_pac() from samba_wdc_get_pac()
s4:kdc: let mit_samba_get_pac() use samba_kdc_get_pac()
s4:kdc: make a lot of pac-glue.c functions static
s4:kdc: move samba_kdc_check_s4u2proxy_rbcd() from db-glue to pac-glue
s4:kdc: pass samba_kdc_entry_pac to samba_kdc_check_s4u2proxy_rbcd()
s4:kdc: make samba_kdc_get_{user_info_dc,claims_data} static
s4:kdc: introduce need_device helper variable in samba_kdc_update_pac()
s4:kdc: move samba_kdc_get_user_info_dc() up in samba_kdc_update_pac()
s4:kdc: move samba_kdc_get_user_info_dc() for the device in
samba_kdc_update_pac()
s4:kdc: move user_info_dc_shallow_copy variable in samba_kdc_update_pac()
s4:kdc: remove useless samba_kdc_get_user_info_dc() from
samba_kdc_get_device_info_blob()
s4:kdc: let samba_kdc_update_pac() use
samba_kdc_entry_pac_valid_principal() to check delegated_proxy
s4:kdc: let samba_kdc_update_pac() always fetch the user claims
s4:kdc: let samba_kdc_get_claims_blob() take struct claims_data as input.
s4:kdc: let samba_kdc_get_pac() use samba_kdc_get_claims_blob()
s4:kdc: let samba_kdc_get_claims_data_from_pac() return if a buffer was
found
s4:kdc: rewrite the logic in samba_kdc_get_claims_data()
s4:kdc: let samba_kdc_get_claims_data() indicate if regeneration is needed
s4:kdc: regenerate the client claims blob in samba_kdc_update_pac() if
needed
s4:kdc: move device_{info,claims}_blob generation in
samba_kdc_update_pac()
s4:kdc: also pass override_resource_groups to
samba_kdc_get_logon_info_blob()
s4:kdc: let samba_kdc_update_pac() always call
samba_kdc_get_logon_info_blob()
s4:kdc: let samba_kdc_update_pac() always call
samba_kdc_get_upn_info_blob()
s4:dsdb/common: add dsdb_trust_get_claims_tf_policy()
s4:kdc: also fetch msDS-[In|E]gressClaimsTransformationPolicy
s4:kdc: let samba_kdc_get_claims_data() check
msDS-IngressClaimsTransformationPolicy
s4:kdc: let samba_kdc_get_claims_blob() check
msDS-EgressClaimsTransformationPolicy
s4:kdc: split access check preparation from the actual check in
samba_kdc_update_pac()
docs-xml/smbdotconf: make it clear that 'client use krb5 netlogon' is
experimental
samba-tool/testparm: make it clear that 'client use krb5 netlogon' is
experimental
s3:testparm: make it clear that 'client use krb5 netlogon' is experimental
python:tests/krb5: add KerberosTicketCreds.set_srealm()
python:tests/krb5: allow get_service_ticket() to fail with expected_status
python:tests/krb5: let create_ccache[_with_ticket] use the correct crealm
python:tests/krb5: give KerberosTicketCreds a basic __str__() function
python:tests/krb5: add set_pac_names() to modify the names in a pac
python:tests/krb5: let set_pac_sids() replace the requester_sid
python:tests/krb5: set_pac_claims with claims=[] should be an empty blob
python:tests/krb5: add remove_pac_buffers()
python:tests/krb5: let modified_ticket() to take modify_{tkt,enc}_fn
python:tests/krb5: let create_trust() take forest_info
python:tests/krb5: let create_trust() take
{ingress,egress}_claims_tf_rules
s4:dsdb/tests: let the token_group.py test work against Windows 2025
s4:auth: let auth_user_info_dc_expand_sids() add This Organization SID
s3:locking: init_strict_lock_struct() already calls
lp_posix_cifsu_locktype()
s3/brlock: split out brl_get_locks_readonly_parse()
s3/brlock: add brl_req_set()
s3/brlock: remove brl_get_locks_for_locking()
libcli/security: split trust_forest_info_* functions into
samba-security-trusts
lib/ldb: allow ldb_get_opaque(ldb, "backend_no_debug_connect")
lib/ldb-samba: allow ldb_get_opaque(ldb, "backend_no_debug_connect")
s4:kdc: specify SDB_F_ values as hex
third_party/heimdal: Import lorikeet-heimdal-202503211047 (commit
752fd2fc0d7e48791df91dd2b45899e64ef65a7a)
third_party/heimdal: Import lorikeet-heimdal-202503211313 (commit
f5c091eff46b975ede09860066239aee5f563bdf)
s4:kdc: adjust to HDB_INTERFACE_VERSION=12
s4:kdc: pass HDB_F_{CROSS_REALM,S4U2SELF,S4U2PROXY}_PRINCIPAL as SDB_F_*
s4:kdc: let SDB_F_CROSS_REALM_PRINCIPAL result in SDB_ERR_NOT_FOUND_HERE
s4:kdc: add some checks for SDB_F_S4U2{SELF,PROXY}_PRINCIPAL
s4:kdc: let mit_samba_check_allowed_to_delegate_from() fetch krbtgt_entry
s4:kdc: let samba_wdc_reget_pac() use krbtgt_skdc_entry as
delegated_proxy_krbtgt_entry
s4:kdc: let samba_kdc_get_device_pac() always extract
device_krbtgt_skdc_entry
s4:kdc: let samba_wdc_get_pac() use samba_kdc_get_device_pac()
s4:kdc: let hdb_samba4_check_rbcd() fill device_pac_entry() without
device_entry
s4:kdc: let samba_kdc_entry_pac[_from_trusted]() assert krbtgt is valid
if pac is valid
s4:kdc: pass pac_princ to samba_kdc_entry_pac_from_trusted()
s4:kdc: pass pac_princ to samba_kdc_entry_pac()
s4:kdc: store pac_princ in struct samba_kdc_entry_pac
s4:kdc: samba_kdc_update_pac() doesn't need explicit
delegated_proxy_principal
s4:kdc: only use compound authentication with an explicit FAST armor
s4:kdc: samba_kdc_add_compounded_auth() should add
Compounded_Authentication again if it's already there
python:tests/krb5: add KDC_ERR_PATH_NOT_ACCEPTED
python:tests/krb5: create_account_opts() can't handle
self.AccountType.TRUST
python:tests/krb5: let check_device_info() handle EXTRA_DOMAIN_SID
python:tests/krb5: allow tgs_exchange_dict() to take
expected_[device_]duplicated_groups
python:tests/krb5: allow create_account_opts() to take
selective_auth_allowed_sid
python:tests/krb5: let check_device_info() allow an empty rid array
python:tests/krb5: allow set_pac_sids() to take upn_dns_sid
python:tests/krb5: let _{get,modify}_tgt() also change the objectsid in
UPN_DNS_INFO
auth: let make_user_info_dc_pac() cross check
PAC_UPN_DNS_FLAG_HAS_SAM_NAME_AND_SID
s4:librpc/idl: remove unused legacy copy of winbind.idl
winbind_struct_protocol.h: add WBFLAG_PAM_FOR_NETLOGON
libwbclient: add WBC_AUTH_PARAM_FLAGS_FOR_NETLOGON to pass
WBFLAG_PAM_FOR_NETLOGON
winbind.idl: add WB_SAMLOGON_FOR_NETLOGON
s3:auth: remember make_auth3_context_for_netlogon() was used
s3:auth: let auth_winbind pass WBC_AUTH_PARAM_FLAGS_FOR_NETLOGON if needed
s4:auth: let auth_context_create_for_netlogon() remember for_netlogon =
true;
s4:auth/ntlm: let auth_winbind pass WB_SAMLOGON_FOR_NETLOGON
winbindd: pass for_netlogon to winbind_dual_SamLogon to avoid caching
winbindd: add find_local_sam_domain() helper
winbindd: let update_trusted_domains_dc() also call pdb_filter_hints()
s3:smbd: work around broken "vfs mkdir use tmp name" on FAT
libcli/smb: convert smb2_lease_pull() to PULL_LE_U*
libcli/smb: make the last 2 reserved bytes explicit in smb2_lease_push()
libcli/smb: convert smb2_lease_push() to PUSH_LE_U*
libcli/smb: make smb2_lease_{pull,push} endian safe
s4:libcli/smb_composite: remove unused struct smb_composite_connectmulti
libcli/smb: add struct smb_transports infrastructure
s4:libcli: introduce smbcli_options.transports based on lpcfg_smb_ports()
s4:libcli: pass struct smbcli_options to smbcli_sock_connect() instead of
port strings
s4:libcli: remove unused dest_ports from smb_connect_nego_send()
s4:libcli: remove unused ports argument from smb2_connect_send
s4:libcli: remove unused ports argument from smb2_connect_ext()
s4:libcli: remove unused ports from smb2_connect()
s4:libcli: remove unused dest_ports from struct smb_composite_connect
s4:torture/raw: remove unused dest_port handling from openbench.c
s4:libcli: remove unused ports from struct smb_composite_fetchfile
s4:libcli: remove unused dest_ports struct smb_composite_fsinfo
s4:libcli: remove unused dest_ports from smbcli_tree_full_connection()
s4:libcli: remove unused ports from smbcli_socket_connect()
s4:client: remove unused destports from do_message_op()
s4:libcli: remove unused ports from smbcli_full_connection()
s4:client: remove unused ports from cifsdd* functions
s4:torture: remove unused ports from masktests.c
s4:client: remove unused ports from do_connect()
s3:smbd: let smbd_accept_connection() use samba_sockaddr to avoid
strict-aliasing warnings
s3:smbd: let smbd_{addr_changed,close_socket_for_ip}() use samba_sockaddr
to avoid strict-aliasing warnings
s3:smbd: remove unused dns_port variable from smbd_open_socket_for_ip()
s3:smbd: only do dns_port logic in one central place.
s3:smbd: simplify binding to wildcard addresses
s3:smbd: let smbd_open_socket_for_ip() return the number of successful
binds
s3:smbd: remove unused msg_ctx argument from smbd_open_socket_for_ip()
s3:smbd: let open_sockets_smbd() use smbd_open_socket_for_ip()
s3:smbd: setup parent->transports from 'smb ports'
s3:smbd: use parent->transports instead of 'smb ports' strings
s4:smb_server: make use of smb_transports_parse() in smbsrv_add_socket()
docs-xml/smbdotconf: add 'client smb transports' option
s4:param: let lpcfg_smbcli_options() use lpcfg_client_smb_transports()
s4:torture: map --smb-ports option to 'client smb transports'
docs-xml/smbdotconf: add 'server smb transport' option
s4:smb_server: make use of lpcfg_server_smb_transports() in
smbsrv_add_socket()
s3:smbd: setup parent->transports from 'server smb transports'
ctdb:events: let 50.samba.script normalize the transports to tcp ports
ctdb:events: let 50.samba.script use 'server smb transports'
docs-xml/smbdotconf: change 'smb ports' into a synonym for 'server smb
transport'
s3:lib: split out open_socket_in_protocol()
s3:smbd: use open_socket_in_protocol() in smbd_open_one_socket()
s3:lib: let open_socket_out_send() use samba_sockaddr to avoid
strict-aliasing warnings
s3:lib: pass 'protocol' to open_socket_out_send()
s3:lib: remove unused open_socket_out_defer_send/recv
s3:libsmb: rework smbsock_connect_* to work on smb_transports internally
lib/util: fix NONNULL(params) __attribute__((nonnull(params)))
s3:libsmb: pass struct smb_transports to smbsock_connect_send()
s3:libsmb: pass struct smb_transports to smbsock_connect()
s3:libsmb: pass struct smb_transports to smbsock_any_connect_send()
s3:libsmb: pass struct smb_transports to smbsock_any_connect()
s3:libsmb: pass struct smb_transports to cli_connect_sock_send()
s3:libsmb: pass struct smb_transports to cli_connect_nb_send()
s3:libsmb: pass struct smb_transports to cli_connect_nb()
s3:libsmb: pass struct smb_transports to cli_start_connection_send()
s3:libsmb: pass struct smb_transports to cli_start_connection()
s3:smbspool: pass struct smb_transports to smb_complete_connection()
s3:smbspool: pass struct smb_transports to smb_connect()
s3:libsmb: pass struct smb_transports to SMBC_server_internal()
s3:libsmb: pass struct smb_transports to do_connect()
s3:libsmb: pass struct smb_transports to cli_cm_connect() and
cli_cm_open()
s3:pylibsmb: add stackframe to py_cli_state_init()
s3:libsmb: pass struct smb_transports to cli_full_connection_creds_send()
s3:libsmb: pass struct smb_transports to cli_full_connection_creds()
example/fuse: pass struct smb_transports to connect_one()
example/winexe: pass struct smb_transports through some more layers
s4:lib/tls: introduce tstream_tls_params_server_lpcfg()
s4:ldap_server: make use of tstream_tls_params_server_lpcfg()
s3:smbd: expand scope of lp_ctx variable in main()
s3:smbd: store transport_type in smbXsrv_channel_global0
s3:smbstatus: provide the transport type via json output
s3:libsmb: introduce smbsock_connect.h
s4:libcli: use the correct talloc parent for smbcli_socket->hostname
s4:libcli: simplify struct smbcli_socket
s4:libcli: pass struct loadparm_context to smb_connect_nego_send()
s4:libcli: pass struct loadparm_context to smb2_connect()
s4:libcli: pass struct loadparm_context to smb2_connect_ext()
s4:libcli: pass struct loadparm_context to smb2_connect_send()
s4:libcli: pass struct loadparm_context to smbcli_socket_connect()
s4:libcli: pass struct loadparm_context to smbcli_sock_connect()
s4:libcli: pass struct loadparm_context to smbcli_full_connection()
s4:libcli: pass struct loadparm_context to smbcli_tree_full_connection()
s4:libcli: pass struct loadparm_context to smb_composite_connect()
s4:libcli: remove unused smb_composite_fsinfo()
s4:libcli: pass struct loadparm_context to smb_composite_fsinfo_send()
s4:libcli: remove unused smb_composite_fetchfile()
s4:libcli: pass struct loadparm_context to smb_composite_fetchfile_send()
s4:libcli: pass struct loadparm_context to smb_composite_connect_send()
s4:libcli: pass struct loadparm_context to smbcli_sock_connect_send()
s3:libsmb: pass struct loadparm_context to smbsock_any_connect()
s3:libsmb: pass struct loadparm_context to smbsock_any_connect_send()
s3:libsmb: pass struct loadparm_context to smbsock_connect()
s3:libsmb: pass struct loadparm_context to smbsock_connect_send()
s4:libcli: make use of smbsock_any_connect_send/recv()
libcli/util: map EPROTONOSUPPORT to NT_STATUS_PROTOCOL_NOT_SUPPORTED
s3:lib: map EPROTONOSUPPORT to NT_STATUS_PROTOCOL_NOT_SUPPORTED
s3:rpc_server: make sure we can bind to the same port on all ip addresses
lib/util: let dump_data_diff() pass omit_zero_bytes to dump_data_diff_cb()
third_party: Update socket_wrapper to version 1.5.0
async_sock: let writev_do() try sendmsg() first
async_sock: make use of recvmsg() in read_packet_handler()
async_sock: split out read_packet_do() from read_packet_handler()
async_sock: try recvmsg(MSG_DONTWAIT) without fd event handler first
script/autobuild.py: don't specify _FORTIFY_SOURCE together with -O3 on
ubuntu
gitlab-ci: add a reference for samba-fuzz regarding oss-fuzz with ubuntu
20.04
gitlab-ci: add ubuntu2404
s4:torture/smb2: let smb2.bench tests start the loop only when everything
is ready
lib/util: remove unused SMB_THREAD handling from talloc_stack.c
lib/util: add atexit handling and complain about dangling frames.
lib/util: add pthread support to talloc_stack.c
libcli/smb: create explicit talloc stackframe in
reparse_data_buffer_marshall()
s3:pylibsmb: avoid using PyErr_NTSTATUS_NOT_OK_RAISE()
s3:pylibsmb: fix a few (potential) memory leaks
s3:pylibsmb: add explicit talloc_stackframes to most functions
s3:pylibsmb: don't use an unbound talloc_stackframe() in
libsmb_samba_cwrapper()
lib/util: activate panic on dangling talloc stackframes
charset/tests: avoid static variables in test_buffer()
s4:messaging/tests: correctly teardown imessage contexts
s4:libnet: pass an explicit talloc parent to libnet_context_init()
s4:rpc_server: don't use event_ctx as talloc parent of dcesrv_sock
lib/torture: extend torture_context_init()
lib/torture: give torture_context_child() a dedicated talloc parent and
avoid talloc_reference
lib/torture: use temporary memory for each test/suites
lib/torture: assert that a test doesn't create new talloc children of
context->ev
third_party: Update socket_wrapper to version 1.5.1
lib/torture: directly remove the dummy signal event again to avoid
flapping tests
tevent: add tevent_reset_immediate()
tevent: version 0.17.0
Thomas Karlsson (1):
samba-tool domain backup: add --no-sysvol option
Vinit Agnihotri (1):
smbd: Fix coverity#1646864 Move variable init code in checked block
Volker Lendecke (112):
vfs: Allow WITH_BACKUP_INTENT in vfs openat functions
vfs_streams_depot: Introduce streams_depot_config_data
pysmbd: Init mangle_fns
pysmbd: Fix interactive samba-tool use after 0bb35e246141
vfs: Fix vfs_streams_depot's fstatat
libcli: avoid work in security token debug no-op
libsmb: Simplify smbXcli_req_unset_pending()
libsmb: Save lines with a direct variable initialization
vfs: We expect sane callers of SMB_VFS_RENAMEAT
smbd: Make recursive_rmdir_fsp() public
vfs: Slightly simplify streams_depot_fstreaminfo()
vfs: Rewrite vfs_streams_depot
smbd: Remove unused recursive_rmdir()
nsswitch: Remove next_token() from wbinfo
nsswitch: Remove next_token() from torture4
torture4: Test next_token_talloc() instead of next_token()
lib: Remove unused next_token()
vfs: Simplify DBGs
lib: Convert ad_unconvert_get_streams() to NTSTATUS
lib: Convert ad_unconvert_open_ad() to NTSTATUS
lib: Convert ad_collect_one_stream() to NTSTATUS
lib: Convert ad_unconvert() to NTSTATUS
lib: Avoid a VFS_STAT call in "net vfs stream2adouble"
lib: Add adouble_name()
lib: Use dirfsp/relname in ad_unconvert()
lib: Pass "dirfsp" to ad_collect_one_stream()
net: Fix a panic in "net vfs getntacl"
net: Remove a call to SMB_VFS_STAT and dirfsp==NULL in create_file
vfs: Fix whitespace
vfs: Fix typos.
vfs: Implement cap_fstatat()
vfs: Implement catia_fstatat()
vfs: Implement dfq_fstatat()
vfs: Implement snapper_gmt_fstatat()
libcli: Fix whitespace
tevent: Fix some whitespace
lib: Remove some dead code from ad_init()
tevent: Fix some whitespace
lib: Simplify ad_alloc()
lib: Slightly simplify ad_alloc()
vfs: Fix a lock order violation in unlinkat_acl_tdb()
vfs: Fix Bug 15791, vfs_acl_tdb unlinkat()
profile: Add time buckets to smbprofile_stats_iobytes
profile: Return number of workers from smbprofile_collect_tdb()
profile: Pass dummy smbd_server_connection to smbprofile_dump()
profile: Add sessions, tcons and files to profile data
profile: Add number of sessions, tcons and files to smbstatus -P
utils: Initial version of smb_prometheus_endpoint
smbprofile: Count failed requests
vfs: Fix "wide links = yes"
smbd: Remove the "posix_pathnames" global variable
smbd: Handle the "posix" special case outside of synthetic_smb_fname_split
smbd: Simplify synthetic_smb_fname_split()
libsmb: Reduce indentation in SMB_open_ctx()
smbd: Replace talloc_zero() with a struct initialization
vfs: Fix some whitespace
libsmb: Save a few lines of ZERO_STRUCTP with SMB_CALLOC_ARRAY
libsmb: Simplify net_share_enum_rpc() with a direct struct initialization
libsmb: Slightly simplify libsmb_xattr
auth: Reduce indentation
libsmb: Simplify SMBC_creat_ctx()
libsmb: Save errno across TALLOC_FREE in a few places
utils: Fix a comment
libsmb: Fix a nomem return from cli_smb2_list_send()
libsmb: Introduce a helper var in SMBC_check_server()
libsmb: Introduce a helper var in SMBC_check_server()
libsmb: Reduce indentation in SMBC_check_server() with an early return
libsmb: Reduce indentation in SMBC_check_server() with a "goto done"
libsmb: Remove a redundant tevent_req_nterror()
libsmb: Simplify cli_smb2_list_send()
libsmb: Reduce indentation in SMBC_find_server()
libsmb: Reduce indentation in SMBC_attr_server()
libsmb: Move 192 bytes from R/W .data to R/O (shared) .text
libsmb: Remove an unused variable
lib: Modernize a few DEBUGs
libsmb: Avoid a "else" in cli_read_max_bufsize()
smbd: Modernize DEBUGs
libsmb: Avoid an "else"
lsa_server4: Fix comments
libsmb: Put useccache initialization into one place
lib: Save lines by avoiding explicit ZERO_STRUCTP calls
lib: Fix whitespace
smbd: Modernize a few DEBUGs
winbind: Fix a few Coverity complaints
libsmb: Modernize two DEBUGs
smbd: Fix some whitespace
smbd: Fix a typo
smbd: Initialize all members of struct inotify_watch_context
smbd: Modernize a DEBUG
smbd: Simplify inotify_handler()
smbd: Handle split MOVED_FROM/MOVED_TO inotify events
smbd: Handle what mkdir_internals() puts on inotify
smbd: Simplify inotify_dispatch()
smbd: Simplify inotify_handler()
smbd: Fix whitespace
lib: Use metadata_fsp() where appropriate
libndr: Simplify indentation in ndr_print
net: Fix a panic in "net vfs getntacl"
libcli: Avoid a ZERO_STRUCT with a direct initialization
librpc: Fix whitespace
smbd: Make safe_symlink_target_path() static
rpc_server: Remove a leftover from before str_list_add_printf()
smbd: Fix CID 1508939 Use of 32-bit time_t
smbd: Avoid a ZERO_STRUCT with an explicit initialization
smbd: Modernize DBGs
libsmb: Remove "source3/libsmb/libsmb.h"
libsmbclient: Add fgetxattr
libsmbclient: Allow O_PATH for smbc_open()
libsmbclient: Request posix file handles on demand
libsmbclient: Intercept "posix.attr.enabled" for fgetxattr
libsmbclient: Intercept "smb311_posix.statinfo" attribute
tevent: Add tevent_context_set_wait_timeout()
Waf Project (1):
third_party/waf: Explicit standard GNU directory command line options are
not honoured
Xavi Hernandez (1):
vfs_ceph_new: detect case sensitivity in CephFS
yogita72 (2):
ctdb-scripts: Fix CTDB_BASE to allow event scripts to run standalone
ctdb-scripts: Add ctdb_diagnostics -l option
-----------------------------------------------------------------------
--
Samba Shared Repository
