[Pkg-samba-maint] [samba] annotated tag debian/2%4.1.3+dfsg-1 created (now 5f49ac8)

Ivo De Decker idd-guest at moszumanska.debian.org
Mon Dec 9 23:01:10 UTC 2013

This is an automated email from the git hooks/post-receive script.

idd-guest pushed a change to annotated tag debian/2%4.1.3+dfsg-1
in repository samba.

        at  5f49ac8   (tag)
   tagging  4fb311762ededb8a807e54e1504fb440bb046ef5 (commit)
  replaces  debian/2%4.0.13+dfsg-1
 tagged by  Ivo De Decker
        on  Tue Dec 10 00:00:40 2013 +0100

- Log -----------------------------------------------------------------
samba Debian release 2:4.1.3+dfsg-1

Abhidnya Chirmule (1):
      To set file create/birth time in GPFS. Signed-off-by: Abhidnya Chirmule <achirmul at in.ibm.com>

Abhidnya Joshi (2):
      s3:winbindd/autorid multiple range support
      docs-xml: manpage update for autorid multirange support

Abhidnya P Chirmule (4):
      s3: Add access_mask to the flock VFS call
      File BirthTime test
      File winattr test
      s3: Add a vfs_time_audit module

Adrian Bunk (1):
      rely on sys/inotify.h for inotify

Alban Browaeys (1):
      Fix bug #8341 - libsmbclient segfault when feed the root of a mounted share via an uri

Alejandro Escanero Blanco (1):
      s3:auth/server_info: the primary rid should be in the groups rid array (bug #8798)

Alexander Bokovoy (348):
      Fix typo in WIFSIGNALED (as per Waider's report)
      Add support for krb5-config from recent MIT and Heimdal. And fallback to traditional guessing only if krb5-config was not found.
      When checking for tgetent, include libtinfo from recent Ncurses as well
      Merger krb5-config and libtinfo to SAMBA_3_0
      Third-party configuration scripts may produce undesirable additions to CFLAGS/CPPFLAGS
      Merge from head CFLAGS/CPPFLAGS and LIBS/LDFLAGS sanitizing
      Improve detection of iconv(3) for various platforms. M4 code is similar to what I use in Midgard for past few years, modified for Samba needs.
      Fix SGML errors in development documents
      Merge cifsntdomain.sgml fixes from 3.0 branch
      Merge encryption.sgml fixes from HEAD
      Merge more SGML strictness fixes from HEAD
      Fix missing tag pairs
      Fixed opened-but-not-closed listitem/varlistentry for LDAPADMINDN
      Fix another opened-but-not-closed tag
      Document results of smb.conf(5) inspection. We have 13 undocumented parameters for HEAD
      Tidy XML formating
      Add new framework for smb.conf(5). Please read README before trying to compile.
      1. Fix  generate-file-list.sh to produce a list sorted by parameter name, not parameter section.
      Reflect current conversion status
      Fix vfs to work with P_LIST-ed lp_vfsobj() -- the traversal is reversed. Based on patch from Metze
      Convert 'Security' section of smb.conf to new format
      Update doc-status
      Fix some mixture of FLAG_GLOBAL|FLAG_SHARE in synonyms
      Convert more parameters to new smb.conf(5) style. Document found occurences of non-documented parameters in doc-status
      Finish conversion of Printing parameters
      Update smbmount to include unicode and lfs capabilities options -- smbfs supports this already
      Update smbmount to include unicode and lfs capabilities options -- smbfs supports this already
      Next batch of conversions: File names.
      Finish conversion of Filenames
      Convert Logon parameters.
      Finish conversion of Browse options
      Finish conversion of WINS options
      Finish conversion of Locking options
      Finish conversion of LDAP options
      Finish conversion of VFS options. This section is not complete yet -- we miss documentation for parametric options and new modules stuff
      Finish conversion of Winbind options. Only Misc section left!
      Fix typos in printing
      Fix current status of conversion
      Update docs-status
      Convert a part of Misc section. More to come after a sleep
      Convert another group of options in Misc section
      Convert another group of options in Misc section
      Fix some minor typos
      Final bits of smb.conf(5) are converted!
      Final touch:
      Fix smb.conf.5.xml and friends:
      Fix a typo spotted when working on PDF version
      Fix typos
      Fix SGML/XML incompability before starting conversion to XML
      Docbook XML conversion: devdoc
      Docbook XML conversion: faq
      Docbook XML conversion: manpages
      Docbook XML conversion: projdoc
      Remove strip-links.pl, not needed anymore
      Docbook XML conversion: XSLT and build infrastructure
      Fix FAQ build
      small fixes
      Rebuild docs
      Fix ulink in winbind section
      Ignore generated file
      Fix VFS layer:
      Add new files needed for VFS fixes.
      Add NT quota support. Patch from Stefan (metze) Metzemacher
      Small fix for HAVE_SYS_QUOTAS usage, spotted by build farm
      Small fix for HAVE_SYS_QUOTAS usage, spotted by build farm
      Better isolate quota stuff
      Forgot to actually change default for quotas to -no- in configure.in
      Forgot to actually change default for quotas to -no- in configure.in
      Wrap into WITH_QUOTAS yet another place in trans2
      Fix a wrong define check.
      GCC accepts unnamed initalization of sub-structure. Let's see how AIX behave with this. Previous fix was incorrect.
      Eliminate NULL pointers from VFS interface. All hooks now really callable, producing either correct result or returning error if the feature isn't supported in the configuration
      Prefix VFS API macros with SMB_ for consistency and to avoid problems with VFS_ macros at system side. We currently have one clash with AIX and its VFS_LOCK. Compiled and tested -- no new functionality or code, just plain rename of macros for yet-unreleased VFS API version. Needs to be done before a24 is out
      Evolve quotas configure check more. Patch from Stefan (metze) Metzemacher. Now we are defaulting to --with-quotas=no but anyway trying to test them in configure. This is done to get information about as much quota API variations as possible -- when --with-quotas=no this does not affect build but provides us with more detailed information on build farm.
      This was actually a24 release (fixed changelog entry), add note about VFS API changes
      Fix macros for next and opaque quota ops. Spotted by metze
      Fixed linkend problems with some links in passdb
      Make inter-paragraph space in latex targets 1.5\baselineskip and do not indent paragraphs
      Sync VFS API changes for vfs_nt_*get_acl. Patch from Stefan Metzmacher <mezte at metzemix.de>
      Fix compiler warnings for vfstest. Patch from Stefan Metzmacher <mezte at metzemix.de>
      First version of VFS API developers documentation. Needs work on both formatting and content.
      Move VFS example skel.c to two different examples: one for opaque operations and one for transparent. Also add configure support for compiling third-party modules. Patch from Stefan Metzmacher <metze at metzemix.de>
      Update WHATSNEW.txt with information from release branch
      Document name resolve order suggested settings for security=ads as mentioned by Jerry
      Propagate changes to WHATSNEW.txt from release tree so that they would not be out of sync with reality.
      Fix memleak in groupdb. Spotted by Metze
      Small documentation fixes from Metze
      Add mandir to installdir target. Otherwise installman fails for clean DESTDIR
      Fix cut&paste bug in strdup() usage example. Found by Metze
      Accept --with-expsam=no as valid option (do nothing on it). Simplifies automatic option generation for spec files
      Add support for MSG_SMB_CONF_UPDATED and MSG_SHUTDOWN to all daemons (smbd, nmbd, winbindd). Reviewed by jerry and tridge.
      Fix comment
      Rise debug level to 5 for not-found-nt-quota message (quota setting for user wasn't found)
      Add a macro to check whether module-specific data set already or not. Returns True or False. Should support further encapsulation of VFS-specific structs
      Add NT quotas support. Users allowed now to manage quotas on systems with sysquotas interface detected (Linux at least) using native Windows tools. Also move default quota support for NT quotas to VFS module default_quota. Code by Metze
      Return proper error when it is impossible to change quota flags
      Mention security=ads in introductory paragraph too
      Add vfs_readonly module which allows to enforce periodic read-only limit on a share based on a specified start and end dates according to date(1) format
      Fix syntax error.
      Use path relative to source/ for modules/getdate.h
      VFS layer should be TRANSPARENT, not OPAQUE
      ntlm_auth should be installed as well. It is now of use by Squid and Midgard and is stable enough so it make sense to provide it in a Samba Team's binary packages
      Try to honor predefined CPPFLAGS when finding correct iconv flags
      Fix charset detection code in configure.
      Do not cache iconv checks because we are looking for it now in different places and negative result does not mean we don't have iconv unless we checked everything
      Fallback to our defaults (CP850/ASCII/UTF8) if there is no native iconv on the platform. This allows to compile and complain about it at runtime
      Ignore modules/*.c in make proto
      Ignore only getdate.* in modules/, not the whole directory. Fixes static builds of modules
      Fix for #150.
      Fix typo in configure.in for libsmbclient
      Ignore smbiconv binary as well
      Add CAP VFS module from Monyo. Primary purpose of this module is to provide CAP-compatible encoded file names for CJKV
      skel_ -> cap_
      Refactor charset plugins a bit and add CP437 module.
      Remove cap_set_quota as it is the same as default one
      Fix CP437 and CP850 syntax for old compilers removing ANSI C99-specifics
      Proper fix for #380 -- use different algorithm to generate codepages
      Now that CAN-2003-0689 is published officially, we need to make possible
      Support for CAN-2003-0689 port from SAMBA_3_0
      Back out --with-good-getgrouplist patch
      Back out --with-good-getgrouplist patch
      Alias charset 646 internally as it is same as ASCII. Should solve Solaris problems where ASCII was not detected and 646.so were requested through dynamic loading
      Alias charset 646 internally
      Update WHATSNEW.txt with information from release branch, SAMBA_3_0 talks only about RC3 while release branch explains RC3->RC4 differences
      Fix scripts to generate correct tables for compilers which have character constants as signed chars instead of unsigned
      Fix warnings on Sun cc Workshop Compilers 5.0. Reported by "Richard Bollinger" <rabollinger at comcast.net>. Also fixed script/gaptab.awk to produce compatible tables.
      Fix pdb_mysql. Jelmer will look into details tonight.
      Merge latest fixes from the release tree for WHATSNEW.txt
      Fix segfault in mount.cifs helper when there is no options specified during mount
      Fix segfault in mount.cifs helper when there is no options specified during mount
      Update WHATSNEW.txt with proper version from release branch
      Update WHATSNEW.txt with text from release branch
      Fix #558 -- support ISO-8859-1 internally. Makes Solaris users a bit happier
      Fix #558 -- support ISO-8859-1 internally. Makes Solaris users a bit happier
      Fix uninitialized variable in passdb code. Reported by Andy Polyakov <appro at fy.chalmers.se>
      Fix uninitialized variable in passdb code. Reported by Andy Polyakov <appro at fy.chalmers.se>
      Fix string overflow due to wrong size calculation
      Fix string overflow due to wrong size calculation
      Fix build after Jeremy -- yet another place where convert_string() wasn't updated
      Fix build after Jeremy -- yet another place where convert_string() wasn't updated
      Fix problems with very long filenames in both smbd and smbclient.
      Fix problems with very long filenames in both smbd and smbclient.
      Fix check_path_syntax() for multibyte encodings which have no '\' as second byte.
      Fix check_path_syntax() for multibyte encodings which have no '\' as second byte.
      r76: Fix smbfs problem with Tree Disconnect issued before smbfs starts its work.
      r516: On GNU/Linux distributions which allow to use both 2.4 and 2.6 kernels
      r517: Remove wrong commit I did by mistake
      r4704: Fix encoding while receiving of a message which was actually sent using STR_ASCII. Patch from Grigory Batalov <bga at altlinux.org>
      r12935: After discussion with Volker fix bug #3397 using a variant of the patch by Alex Deiter (tiamat at komi.mts.ru).
      r13695: Make code consistent with documentation. :-)
      r14158: Fix coverity CID #147 -- do not dereference pointers before checking their existence
      r15152: Fix a case when target is offline. Jerry, this needs to be in 3.0.23pre1
      r16136: By default, rootsbindir relies on SBINDIR so import it here
      r16138: By default, rootsbindir relies on SBINDIR so import it here
      r17198: Fix wins_nss dependencies
      r17338: Add support for multiple shares test inspired by Samba 4 torture's --unclist option. Triggered by -b sharelist_file option.
      r17353: Add support for JFS2 NFS4/AIXC and GPFS acls based on NFSv4 ACLs.
      r17354: Revert -r 17353 per Volker request while gpfs compatibility layer code will be released.
      r17358: Re-add JFS2 NFS4 ACLs support, move readme for it into AIX-specific examples directory.
      r21467: Add GPFS-provided DMAPI support based on their GPL library
      r21885: Chown logic should be activated only if nfs4:chown=yes
      r22172: FSCTL_RECALL_FILE is 0x90117 according to my traces. Record it here.
      r22505: Fix build
      r22840: Add -pie support to Python's setup.py. This should fix build of python libs on recent distributions that take care of security.
      r22867: With Samba4's IDL, we now have two new flags for share types: STYPE_TEMPORARY and STYPE_HIDDEN
      r22973: Apparently, 3.0.25 broke smb4k badly ;-)
      r23302: Refactor vfs_gpfs module, fix problems with chmod Tridge has found during ctdb tests
      r23831: Fix vfs_readahead: transparent modules should always pass through
      r4799: comparison_fn_t is under __USE_GNU on GNU systems, therefore, we need _GNU_SOURCE defined in the test
      r5169: As provisioning script generates everything under $newdb/ directory, put generated domain zone there as well
      r5173: Refer to a proper zone file name in resulting message
      r5538: Fix typo in comment -- non-existant constant name mentioned
      r5646: state->loadfile might be NULL after allocation so this is really
      r6352: Two new composite calls:
      r6597: Make use of libblkid (part of e2fsprogs) for reporting volume GUID, if possible.
      r6599: Fix formating using 'linux' C style
      r8830: Fix provision script after data split
      r8831: Clarify data wipe-out statement
      r9320: Fix premature dereference bug found by Coverty and also get rid of non-used memory context
      r9321: Fix potential bug found by Coverity. src_len has to be int but later we do pass it as size_t. In case src_len is negative, we need to register a failure and return to the caller
      r9476: Make intention to ignore result of receiving excplicit. Fixes warning found by Coverity
      r9478: Fix NTVFS POSIX module to work with EA and blkid after build system changes
      r9479: More fixes for explicit ignoring of returned result to fix Coverity warnings
      r14548: fix build after generated prototypes
      r15036: Add out of tree build support and see how buildfarm will respond to make constructs
      r15051: Remove directory creation from this rule; we use script/buildtree.pl for external build dir instead
      r15052: Do not add builddir variants into include paths when building in-tree
      r15061: Use $(PERL) to run cflags.pl as actual perl binary might not be in /usr/bin
      r15062: Theoretically, this should allow NetBSD make to handle VPATH-like lookups
      r15063: Theoretically, this should allow NetBSD make to handle VPATH-like lookups
      r15064: Remove the change until I find proper solution
      r15099: An attempt to fix BSD make portability issues. With these changes Samba 4 builds successfully on NetBSD 3.0
      r15206: Heimdal is always compiled with _GNU_SOURCE enabled (in its configure.in it is defined unconditionally).
      r15208: Change _GNU_SOURCE propagation to apply only to generated files as Andrew B. suggests
      r15211: REQUIRED_SUBSYSTEMS for binaries are gone, use PRIVATE_DEPENDENCIES here
      r17478: Add BENCH-READWRITE test to simulate read/write workload from simultaneous async clients. This code is based on concept from Mathias Dietz <mdietz at de.ibm.com>
      r23505: Use RAW_READ_READX, not RAW_READ_READ in BENCH-READWRITE test (we already write with RAW_WRITE_WRITEX). Noticed by Gomati Mohanan
      r23506: Turn back to RAW_READ_READ because buildfarm fails. Investigating.
      r23529: When using READX, fill in readx fields. Thanks to Metze for spotting it.
      r23540: Continue fixing bench-readwrite. We need to initialize state->readcnt not only when file is written but at initial write as well.
      r23862: Explain who requested unknown dependency. Helps a lot in chasing dependency hell when trimming down s4 platform
      Correctly free memory in regfio paths
      Fix pam_smbpass build
      Merge branch 'v3-2-test' of ssh://git.samba.org/data/git/samba into v3-2-test
      Fix codepagedir to follow predefined libdir when using FHS. Fixes x86_64 build.
      Fix crash in winbind clients: instead of talloc-based pointer we passed address of a local variable.
      Merge branch 'v3-2-test' of ssh://git.samba.org/data/git/samba into v3-2-test
      Fix crash in winbind clients: instead of talloc-based pointer we passed address of a local variable.
      Merge branch 'v3-2-test' of ssh://git.samba.org/data/git/samba into v3-2-test
      Merge CTDB-related fixes from samba-ctdb 3.0 branch (http://samba.org/~tridge/3_0-ctdb)
      Add support for offline files support, remote storage, and Async I/O force operations to VFS
      Merge latest fixes to vfs_gpfs and NFS4 ACLs from Samba 3.0 CTDB branch (from http://samba.org/~tridge/3_0-ctdb)
      Support GPFS prealloc interface
      Merge a variant of Shadow Copy module for exposing snapshots to windows clients as shadow copies from Samba 3.0 CTDB
      Add offline storage support with Tivoli Storage Manager Space Manager
      idmap TDB2 backend, used for clustered Samba setups.
      Enable building of VFS modules: vfs_tsmsm, vfs_shadowcopy2 and IDMAP module idmap_tdb2
      Fix build for pam_smbpass
      Fix build for pam_smbpass
      Merge branch 'v3-2-test' of ssh://git.samba.org/data/git/samba into ctdb-merge
      Convert old sid-string handling in idmap_tdb2 to a new one
      Merge branch 'ctdb-merge' into v3-2-test
      Merge branch 'v3-2-test' of ssh://git.samba.org/data/git/samba into v3-2-test
      Merge branch 'v3-2-test' of ssh://git.samba.org/data/git/samba into v3-2-test
      Fix more VFS API mixup with offline files
      Rework of VFS is_offline() function to only return boolean offline/online result for a file.
      Remove is_remotestorage() call from VFS. We already have statvfs() there to handle FS capabilities.
      Merge DMAPI fixes from CTDB Samba
      Merge branch 'v3-2-test' of ssh://git.samba.org/data/git/samba into ctdb-merge
      Merge branch 'ctdb-merge' into dmapi-integration
      Merge DMAPI fixes from Tridge
      Fix BOOL introduced by last commit
      Fix typos and replace statvfs call with fs_capabilities()
      Merge branch 'v3-2-test' of ssh://git.samba.org/data/git/samba into dmapi-integration
      Merge branch 'v3-2-test' of ssh://git.samba.org/data/git/samba into dmapi-integration
      Merge branch 'v3-2-test' of ssh://git.samba.org/data/git/samba into dmapi-integration
      Merge branch 'v3-2-test' of ssh://git.samba.org/data/git/samba into dmapi-integration
      Allow actual call to set file offline
      Change the file time before we change the file mode.
      Allow broader range of HSM systems in vfs_tsmsm
      Destroy DMAPI session when main smbd daemon exits.
      Use more error-prone form of testing dm_destroy_session() return code after discussing with Tridge
      Ignore Emacs' semantic.cache
      Merge branch 'v3-2-test' of ssh://git.samba.org/data/git/samba into v3-2-test
      Fix samba-docs build after svn conversion and Samba3 By Example addition.
      Fix Development documentation as well
      Change 'release' target: remove 'htmlfaq' (outdated) and add 'guide'
      Document --require-membership-of={SID|Name}
      Another round of fixes (projdoc -> howto) for images
      This really should be 'max stat cache size', not stat cache
      Fix a dangerous bug in Makefile which actually allows 'make release' to skip
      Code in Samba 3 states "use sendfile = false" so documentation must reflect it
      Document async I/O options
      Fix Samba documentation build for manpages
      Fix another bunch of samba-docs bugs. Use <literal> to escape slashes with text
      And more fixes for slashes: use <literal/> in <command/> and <value/> automatically
      Embed db2latex as interim solution before migration to dblatex
      - Activate embedded db2latex
      Add man page metadata fields that are used by temprorary manpages XSLT
      Refresh our XSL templates to work with current docbook xslt for manpages
      Insert space inside this very long string. It is arguable how to fix it properly but at least man pages good now
      Fix typo
      Fix more entries with back slashes that need to use literal formatting
      Forgot to add these macros to a samba-docs repository
      Attempt to add DTDs as svn external repository for build
      Add first cut at networkless build instructions for samba-docs
      Add small preface to a VFS guide. More to come.
      Prettify attributions
      Remove smbconfexample check from test index.xml, it is not used anymore
      Switch to SVG and Inkscape to generate pictures instead of Dia.
      Fix numbering in the Samba3 developer's guide
      Use indexterm instead of term in expansion xslts
      Use title from a linked item to show up as text of the link if there is no endterm or content in the link itself
      Next update of VFS modules development guide
      Fix documentation build: manpages, links in the HTML documents.
      Ignore intermediary documentation files in git
      Fix yet another set of documentation links
      Fix link for Using Samba
      Fix breakage for connect function after API change (connect -> connect_fn)
      Pass absolute file paths to Inkscape when transforming .svg files
      Merge branch 'master' of ssh://git.samba.org/data/git/samba
      s3-rpc: Decrypt with the proper session key in CreateTrustedDomainEx2.
      WAF: Add support for stopping processing before end of wscript{_*}
      s4-libnet: split export_keytab in a separate python module to avoid pulling in HDB dependency
      wafsamba: add support for separate rules in stages
      s4-auth: Make sure ldb context is initialized even if not passed by Python code
      waf: samba-specific methods should have capitalized names, change process_separate_rule to follow
      waf: move krb5 checks to a separate waf file
      Make sure krb5_principal_get_num_comp is identified as present for Heimdal build
      lib/replace: split out GSSAPI from lib/replace/system/kerberos.h into lib/replace/system/gssapi.h
      s4:ntvfs: add missing headers to vfs_ipc
      Avoid using Heimdal-specific tests in MIT build
      s4:torture: auth/pac.c: use Kerberos wrapper for krb5_keyblock_init
      s4:auth/kerberos: don't do tracing in MIT build
      lib/krb5_wrap: implement krb5_cc_get_lifetime for MIT Kerberos
      dns: fix comments and make s4/libcli/resolve dns resolver working
      s3-passdb: add unixid_from_uid/unixid_from_gid/unixid_from_both API
      auth-credentials: Support using pre-fetched ccache when obtaining kerberos credentials
      s4: samba-tool is usable without export-keytab command, make sure it does not break
      Introduce system MIT krb5 build with --with-system-mitkrb5 option.
      libcli/dns: make 'clidns' private library out of DNS code in WAF build
      wafsamba: ensure TO_LIST does not fail with empty string
      s3-autoconf: fix typo after migrating DNS resolver code to lib/addns
      blackbox: fix samba4.blackbox.kinit test
      auth/credentials: 'workgroup' set via command line will not drop existing ccache
      s4/scripting: in MIT build do not install samba-tool, it is not usable yet
      s3-smbldap: Add API for external callback to perform LDAP bind in smbldap
      waf: for MIT krb5 build require kerberos version above 1.9
      s3-configure.in: when ADS support is disabled, unset HAVE_GSSAPI
      dns_hosts_file: move to a separate subsystem
      freebsd9: support both WAF MIT krb5 build and autoconf build against MIT krb5
      waf-mitkrb5: enable dcerpc_server library to support OpenChange client code
      waf: check for krb5_create_checksum and krb5_creds.flags for some Heimdal versions
      Revert "waf-mitkrb5: enable dcerpc_server library to support OpenChange client code"
      auth-kerberos: avoid crash with MIT krb5 1.10.0 in gss_get_name_attribute()
      waf: support --without-ad-dc for Heimdal (embedded and system) as well
      waf: fix parsing krb5-config --version for MIT krb5
      s3-rpcclient: support all known netr_LogonControl2 variants properly
      wafsamba/samba_abi: fix signature parsing for structures
      gen_abi.sh: filter out symbols not needed for ABI
      wafsamba/samba_abi: allow negative matches in abi_match
      s3-passdb: wrap secrets.tdb accessors used by PDB modules
      s3-passdb: convert pdb_ldap to use secrets wrappers
      s3-passdb: convert pdb_ipa to use secrets wrappers
      s4-torture: dns torture test depends on AD DC build
      s3-waf: avoid exporting init symbols from statically linked modules
      s3-smbldap: use smbldap_ prefix for all functions
      s3-smbldap: use smbldap_ prefixed functions
      s3-smbldap: make smbldap public library and maintain its ABI
      s3-passdb: update abi_match and ignore more statically linked functions
      s3-pdb: filter out more symbols only used in ldapsam internals
      lib/krb5_wrap: when deleting default realm, pass char*, not char**
      s3: make ldapsam-related functions a smbldaphelper subsystem
      s3: make smbldaphelper subsystem an internal library
      docs-xml: convert smb.conf.5 build to waf
      docs-xml: fix build of winbindd- and krb5 locator-related manpages
      Fix release script to build full set of documentation
      wafsamba: Make sure md5 is really work before using it or overriding the hash function
      wafsamba: replace try:except: case with explicit comment about FIPS mode
      PIDL: fix parsing linemarkers in preprocessor output
      source3/wscript: support 'pdb_ldap' module in configure
      autoconf: rename pdb_ldap module to pdb_ldapsam
      Make systemctl reference indirect in packaging/NetworkManager/30-winbind-systemd
      wafsamba: fix samba_abi for default catch-all case
      s3-waf: filter out ldapsam internal init functions
      PASSDB: add support to set and enumerate UPN suffixes associated with our forest
      s3-netlogon: enumerate UPN suffixes from PASSDB when available

Alexander Werth (16):
      s3:vfs/gpfs: Have inherited deny ACE's show up in ACLs
      s3:Really ignore unknown special ids in NFSv4 ACLs.
      vfs: Fix compile of vfs_gpfs.c.
      vfs: Add inheritance emulation to vfs_nfs4acl_xattr.
      s4-smbtorture: Set result message when failing the inheritance test.
      s3: Move up declaration of params struct and related function.
      s3: Change smbacl4_get_vfs_params to use connection_struct instead of fsp.
      s3: Add params parameter to smbacl4_nfs42win function.
      s3: Mapping of special entries to creator owner in mode simple.
      s3: Mapping of cifs creator owner to nfs owner@ ace.
      s3: Add changes that keep nfs4:mode special behavior.
      s3: Use mode bits in some cases in mode simple.
      s3: Update README.nfs4acls.txt
      s3: Update vfs_gpfs man page with new nfs4:mode help text.
      s4-smbtorture: Run tests for nfs4:modes simple and special.
      s3: Remove old mode special substitution.

Alexander Wuerstlein (3):
      Set RFC2307 attributes in samba-tool create
      Tests for 'samba-tool user create' with RFC2307 attributes
      Warn when setting UID/GID without idmap_ldb:use rfc2307 = Yes

Alexander Zagrebin (1):
      Missing break in conversion function prevents tdb password database update.

Alexandre Oliva (28):
      implemented du and tar -n
      major autoconf clean-up
      replace getpass() with getsmbpass() if getsmbpass.c compiles
      check whether system type is the same as stored in the cache (full
      wait_keyboard must still be defined if readline is not available
      automated generation of .dummy files for each subdirectory;
      added WITH_SMBMOUNT
      get away with dummy and .dummy files
      optimize creation of directories in build tree
      fix directory creation mechanism; the optimized version would not work :-(
      added stamp-h
      Avoid the message `make: [.deps/.P] Error 1 (ignored)'
      bin/cvsignore: deleted, so that bin can be removed from the repository
      Speed up directory creation for the common case (i.e., it exists already)
      added 64-bit file support
      rm object files created by mkdir probes
      just try to rmdir bin after removing bin/.dummy, in realclean
      revert 64-bit file support; it's hard-coded already
      added Solaris 2.5
      modify dependency tracking code so that it:
      looks like someone forgot to commit these...
      do not print garbage just because someone does not want dependencies :-)
      * client/client.c (dir_total): use SMB_BIG_UINT
      use double instead of SMB_BIG_UINT for dir_total and ttarf
      declare ttarf as double, as in client.c
      Use ${1+"$@"} instead of $*
      Avoid multiple ``Updating dependencies'' messages before .deps/.stamp
      Make sure that the stamp file is newer than configure.in

Amin Azez (6):
      Fix sending of large nttrans responses.
      Samba4 poor mans debug_ctx()
      Fix open file tracking in vfs_cifs so that oplock breaks can propagate
      Use 32 bit storage for nttrans counts
      Re-order smbsrv_recv_smb_request and smb_messages
      Flag smb messages array with AND_X and LARGE_REQUEST

Amitay Isaacs (320):
      samba-tool: Reimplement GPO functions in python
      ldb: Expose ldb_handler_fold() funcion
      ldb-samba: Allow --show-binary flag on defaultSecurityDescriptor
      s4auth: Remove duplicate assignment of structure variable
      s4auth: Fix the object names for PyCredentials and PyCredentialCacheContainer
      s4auth: Fix the object name for Py_Security
      samba-tool: Added python version of samba-tool
      samba-tool: Replace C version of samba-tool with python version
      samba-tool: Display Usage line and list commands alphabetically
      samba-tool: Raise exception on errors and report using base class
      samba-tool: Display usage for main commands and list them alphabetically
      samba-tool: Catch exceptions at top-level and exit with correct return value
      s4-param: Fix object names for python objects PyLoadparm and PyLoadparmContext
      samba-tool: For samba-tool-c, help lists commands implemented only in C
      s4-libcli: Added python interface for file I/O using SMB
      samba-tool: Python routine to find writable/ldap-capable DC
      s4-libnet: py_net - Remove parsing for credentials argument
      s4-libnet: py_net Add change_password() python command
      samba-tool: Add user password command to change user's own password
      test-blackbox: Rearrange the arguments in required order for samba-tool time
      test-blackbox: Remove 'domain\' from username for samba-tool user setpassword
      test-blackbox: Rearrange arguments for samba-tool user setpassword command
      test-blackbox: use python version of change password command
      tests-blackbox: Revert the test to use user-level change password command
      s4-libcli: Initialize stack structure variables to zero.
      samba-tool: Change samba-tool gpo semantics (use gpo name instead of dn)
      samba-tool: Added gpo fetch command implementation using python smb module.
      s4-libcli: Added python SMB methods for mkdir(), rmdir(), chkpath()
      s4-policy: Expose gp_ads_to_dir_access_mask() function
      s4-policy: Add python wrapper for ads_to_dir_access_mask() function
      samba-tool: Addd functions to print GPO flags and GPlink options
      samba-tool: Rename copy_directory_recurse to copy_directory_remote_to_local
      s4-policy: Use the correct local directory for stat.
      s4-libcli: Replace smb_composite_connect() with smb_full_connection()
      s4-libcli: Check if short_name is not null, before converting to python string
      s4-libcli: get_acl and set_acl require raw_open to set security descriptor
      samba-tool: Add functions to create directories and copy files over SMB share
      samba-tool: Add implementation of gpo create command
      samba-tool: Remove C version of samba-tool
      samba-tool: Rename samba-tool command gpo2 --> gpo
      s4-libcli: Fix the fd leak. Close open file descriptor before return.
      samba-tool: Remove gpo setacl command
      waf: Add SAMBA3_PYTHON context to build python wrappers in samba3
      passdb: Add a function to expose loaded backend list.
      passdb: Add a function to read secrets db from a specified path
      passdb: Added python wrapper to passdb
      passdb: Call with correct backend methods instead of default methods
      passdb: Allocate talloc stackframe before calling in pdb functions.
      s3-param: Make sure we have talloc stack frame before calling in s3 code
      s4-dsdb: Provide additional method to connect to specified database path
      s3-passdb: Fix the error messages and return correct NTSTATUS
      s3-passdb: Connect to specified samdb if location is provided, otherwise use default
      s3-param: Add python wrapper for s3 parameters
      py-samba3: Create samba3 python package to hold other modules
      passdb: Move python wrapper for passdb in samba3 python package
      s3-passdb: Return dom_sid and guid with correct python types.
      s3-passdb: Added python method to get_global_sam_sid
      tests: Update test for s3 to s4 upgrade with two cases
      upgrade: Add missing bits for the s3 to s4 upgrade script
      s3-passdb: Replace SMB_MALLOC_ARRAY()/SAFE_FREE() with talloc equivalents.
      s3-passdb: Python wrapper for passdb
      s3-passdb: Added python wrapper for passdb methods
      s3-passdb: Make arguments for python wrapper enum_group_mapping() optional
      s3-passdb: Return list of sids from python wrapper enum_group_members
      s3-passdb: Fix call for search_aliases(). It returns bool and not NTSTATUS.
      py_security: Fix comparison between two dom_sid objects
      samba3-python: Add methods to get any entry (user/group) and its sid from idmap
      provision: Add idmap database handle to the result of provision
      s3upgrade: Add idmap migration, users/groups import
      s3-passdb: Use pdb_get_nt_passwd() to get nt passwd.
      s3-passdb: Display username when reporting error on add_sam_account.
      python-samba3: Secrets file loaded from private dir, not lib dir
      s3_upgrade: Do not add administrator and root accounts from s3 to s4
      s3-passdb: Fix the get/set routines for pw_history for samu
      s3_upgrade: Set the administrator password on upgrade
      s3_upgrade: Add document strings for python methods
      s3_upgrade: Let python generate backtrace for unknown exceptions
      s3-param: Add a dump() method to output parameters
      s4-param: Use s3 dump method if s3 context is defined
      script: Fix the name of the script in autogenerated header file
      s3-passdb: Convert lm_pw and nt_pw to python string using length
      s3-passdb: Return assigned number of hours and not MAX_HOURS_LEN
      s3-passdb: Make domain_sid argument optional for search_aliases method
      py-samba3: Use passdb/param wrapper for samba3 module
      s3_upgrade: Update commandline options and use updated samba3 python module
      testdata: Set netbios name in the samba3 configuation
      py-samba3-test: Set lock directory to the datadir
      s3_upgrade: Set lock directory to correct directory
      samba3dump: Update the code using modified samba3 module with passdb api
      py-samba3-test: Copy sample database in tempdir before running test
      s3-param: Allocate talloc stackframe before calling s3 param routines
      s3-passdb: Allocate talloc stackframe before calling pdb_get_group_sid()
      s4-kcc: Fix the list of NCs for DRS replica information
      samba-tool: Add --filter option to ldapcmp to ignore specified attributes
      build: Replace mkbuildoptions-waf awk script with waf target
      s4-provision: Extract dns account creation as separate ldif
      s4-provision: exit is not imported directed, use sys.exit
      s4-provision: Add DNS backend option to provision
      s4-provision: LDIF files to set up AD DNS schema
      s4-provision: Reworked DNS provisioning to support AD DNS schema
      s4-provision: Make DNS entries consistent with dns_update script
      s4-provision: Fill msDS-NC-Replica-Locations attribute in DNS provisioning
      s4-test: name attribute remove from Command class, so test not required
      samba-tool: Correctly handle sys.exit() called from subcommand
      samba-tool: max() with key option is available in python >= 2.6
      samba-tool: Provide feedback if synopsis is not defined for a command
      samba-tool: epilog option to OptionParser available in python >= 2.6
      s4-provision: Enable SPNs for DNS
      s4-provision: Add Seperate instructions for BIND 9.7.x and 9.8.x.
      s4-provision: Add named.conf template for BIND9 with DLZ support
      s4-provision: Remove dupliate creation of dns/spn_update_list files
      s4-provision: Generate appropriate named.conf file depending on dns_backend
      s4-s3-upgrade: Check for common user/group names before provisioning
      s4-provision: Create private dir for dns in a separate function
      s4-provision: Fix the informational message from dns provisioning
      s4-s3-upgrade: Check for duplicate sids before provisioning
      samba-tool: Add "domain samba3upgrade" subcommand
      dnsp: Added typedefs to interpret dnsProperty attribute for dnsZone objectclass
      ldb-samba: Added handler to decode dnsProperty attribute
      s4-dns: Added more data types for dnsserver implementation
      s4-dns: Added support for multiple DNS_RPC_RECORDS structures
      werror: Added missing DNS error codes
      s4-provision: Provision DNS records with correct rank
      s4-dns: Added DCERPC dns server for DNS management
      samba-tool: Added dns command for DNS management
      s4-selftest: Add tests for RPC dnsserver
      s4-dns: Update serial number for zone on dns updates
      ldb: ldb_errstring() takes ldb_contxt as an argument
      samba-tool: Enable comparison of DNS naming contexts in ldapcmp
      samba-tool: Improve the description of dns subcommands.
      s4-dnsserver: Set DNS_DP_AUTOCREATED flag for the zone information
      s4-dnsserver: Compare two dns names using last uncommon name components
      s4-dnsserver: List dns zones matching the search filter
      s4-dnsserver: Build a dns name tree for correct enumeration
      s4-dnsserver: Handle the case when the dns name is NULL
      s4-dnsserver: Check the raised exception with assertRaises
      s4-drepl: Search for application partitions in addition to main ones
      dsdb: Handle the case when extended rights string is NULL
      s4-dnsserver: Fix enumeration of zones in ComplexOperation RPC call
      s4-dnsserver: Test forward zones are not listed in reverse zone search
      param: Remove duplicate initialization of 'share backend' parameter
      s4-provision: site is passed as an argument to setup_ad_dns()
      s4-provision: Set security descriptor for DNS records
      s4-provision: Create ldap records for DNS partitions similar to windows
      py_passdb: Cannot steal an item pointer from an array
      s3-s4-upgrade: do not add description if it is empty string or none
      provision: Set the security descriptor while creating partitions
      param: Add "domain logons" and "domain master" parameters
      s3-param: Add "server role" as global parameter
      roles: Add ROLE_AUTO to indicate that the server role is calculated
      py-param: Add python interface to get server_role
      param: Check if server role and security parameters are conflicting
      s4-dsdb: Remove unsed variable
      ldb: Add handy macros for reporting error inside ldb module
      socket_wrapper: Added python interface to socket_wrapper
      s4-s3-upgrade: Fix the minimum and maximum password age calculation
      samba-tool: Fix the domain account policy max_pwd_age calculation
      s4-s3-upgrade: Fix idmap types ID_TYPE_UID/ID_TYPE_GID instead of UID/GID
      s4-s3-upgrade: Add --verbose option to print extra details
      s3-passdb_test: Policy values are converted to signed integer
      dsdb: Fix the password expiry calculation
      s3-py-passdb: Fix handling of uninitialized gid values
      s4-dsdb: Remove LDB_SEQ_HIGHEST_TIMESTAMP sequence number support
      s4-dsdb: Return ldb_result context in dsdb_module_extended
      s4-dsdb: use dsdb_module_extended instead of duplicate code
      s4-dsdb: Added metadata to partition module for global sequence number
      s4-samdb: seqence_number() operation must be in a transaction
      s4-test: Remove metadata and ldb.d directory on clean up
      s4-provision: Extract security descriptors in separate file
      s4-provision: Create a samdb copy for access by dlz_bind9 module
      dlz_bind9: Use the sam database in dns/ as default
      dlz_bind9: Added access check to verify dynamic update
      s4-provision: Make BIND9_DLZ as the default backend for DNS
      s4-repl: Check if GC SPN exists before using it for replication
      s4-provision: Fix the security ace for DnsAdmins group on DNS records
      dlz_bind9: For creating a child entry, use only SEC_ADS_CREATE_CHILD
      dlz_bind9: Use client supplied credentials for DNS record update
      dlz_bind9: Set debugging output to stderr
      dlz_bind9: Add command line options for URL and debug
      s4-cldap: Set DS_DNS_CONTROLLER bit if we are running RPC dnsserver
      s4-provision: CN=MicrosoftDNS,CN=System container is in forest and not domain
      tdb: Fix python documentation for tdb module
      s4-provision: Extract common utility routines in separate file
      s4-param: Added bin_dir(),sbin_dir() methods to get compiled in dirs
      s4-provision: Do not guess partition file names, use @PARTITION record
      setup: Fix phpldapadmin configuration for version 1.2.x
      samba-tool: Remove duplicate code of dsacl to fsacl conversion
      samba-tool: gpo: fix a typo
      samba-tool: Fix DN for GPO entries
      tdb2: Fix python documentation for tdb.Tdb object
      s4-netlogon: Revert patch f02e4ebfafa6e5911e3fe744b1780527ab12c970
      s3-net: Fix the return codes. 0 on success, -1 on failure
      samba-tool: Add transaction wrapper for creating GPO
      param: Fix the data type for bAvailable
      param: domain_logons and domain_master are of type enum_bool_auto
      s4-provision: Set dNSProperty attribute for dns zones
      samba-tool:dns: Add support for reverse names (PTR records)
      s4:rpc-dnsserver: For PTR records, use dns_name_equal instead of strcmp to compare
      s4:rpc-dnsserver: If a zone is reverse zone, set the fReverse flag
      s4:rpc-dnsserver: Cache DNS partition information
      s4:rpc-dnsserver: Implement EnumDirectoryPartition operation
      idl:dnsserver: Add DNS_DP_STATE enumeration for diretory partition state
      s4:rpc-dnsserver: Use cached zone information to get rootservers
      s4:rpc-dnsserver: Fix the enumeration of DNS records
      s4:rpc-dnsserver: Implement DirectoryPartitionInfo RPC operation
      s4:rpc-dnsserver: Use handy macros for error checking
      s4:rpc-dnsserver: Add multiple DNS records in a single operation
      s4:rpc-dnsserver: Implement zone management RPC operations
      s4:rpc-dnsserver: Make sure that zone information is filled in
      s4:rpc-dnsserver: Add comments
      ldif-handler: Fix the case for attribute dnsproperty
      samba-tool:dns: Add zone create/delete commands
      samba-tool:dns: Fix a typo
      test:dnsserver: Add zone creation and deletion test
      s4:rpc-dnsserver: Set the rank for the new DNS record correctly
      s4-provision: Fix the problem of DnsProperty values not being set correctly
      dlz_bind9: create session info from PAC using auth context
      s4-rpc:dnsserver: Do not replace @ with zone_name in update operation
      samba-tool:dns: Check through all the DNS records for a match
      s4-rpc:dnsserver: DNS names are case insensitive
      samba-tool:dns: DNS names are case insensitive
      selftest: Do not run symbol check if setting up testenv
      autobuild.py: Catch only true exceptions in except statement
      python: Change except: statement to except Exception:
      dlz_bind9: for authenticated user, set the AUTHENTICATED USERS sid in token
      s4-torture: For authenticated users, add AUTHENTICATED USERS sid
      build: Add missing dependencies on popt
      s4-s3-upgrade: Use lowercase hostname as hostname for provision
      s4-s3-upgrade: Check if there are duplicate sids for users and groups
      tevent: Fix python documentation strings
      selftest: Fix the exit code of make test when run in buildfarm
      samba-tool dns: Re-add support for option groups
      samba-tool sites: Re-add support for option groups
      mkversion: Add quotes around various version strings
      s4-dsdb: Check if metadata.tdb exists, before trying to open it
      lib/tdb2: Do not include config.h in (to-be) public library, use replace.
      lib/tdb2: Mark public function as such
      lib/tdb2: Fix wscript
      lib/tdb2: Convert tdb2 to a standalone library
      lib/tdb2: 2.0.0 ABI
      dlz_bind9: Do not remove LDB record in subrdataset and delrdataset
      samba-tool: dns: Add MXRecord type to add/update mx records
      samba-tool: dns: Convert dns data in a string to DNS record
      samba-tool: dns: Convert dns data into a dns record for comparison
      samba-tool: dns: Add support to add/update/delete MX and SRV records
      samba-tool: dns: Add extra references for string objects as workaround
      samba-tool: dns: Fix the output display of DNS records
      samba-tool: dns: Update the copyright
      dlz_bind9: Fix the log message level
      s4-provision: dns: Refactor population of dns data code
      s4-provision: dns: Do not re-calculate ntdsguid, use from names
      s4-provision: dns: Add txt DNS record
      upgradedns: Upgrade DNS provision from BIND9_FLATFILE to AD based DNS
      upgradedns: Missing rename from upgradedns to samba_upgradedns
      testsuite: Replace deprecated bzero with memset
      s4-provision: Use "state directory" from lp, as it is always set
      dlz_bind9: This fixes the problem with adding/deleting rdataset
      ndr: Fix the error messages, add correct data type name
      ndr: Fix NDR push function for dnsp_string
      idl: dnsp: Add dnsp_string_list data type for TXT DNS record
      ndr: Add NDR pull, push, print functions for dnsp_string_list
      dlz_bind9: Fix handling of TXT records with multiple quoted strings
      idl: dnsserver: Add DNS_RPC_RECORD_STRING data type for TXT DNS record
      ndr: dnsserver: Add pull and push functions for DNS_RPC_RECORD_STRING
      provision: dns: TXT Records need a list of strings as input
      samba-tool: dns: Copy string data when creating DNS_RPC_RECORD
      samba-tool: dns: Add support for handling TXT records
      s4-rpc: dnsserver: Update data type for TXT DNS records
      upgradedns: Fix import of TXT DNS records
      s4-dns: Fix handling of TXT DNS Record
      dlz_bind9: Match PTR records as DNS names and not just strings
      s4-rpc: dnsserver: Fix the typo in comparing two DNS records
      s3-ctdb: Enable CTDB readonly support only if CTDB supports it
      s4-libcli: pysmb: Fix typo in secinfo_flags
      autobuild: Enable standalone tdb2 tests
      s4-dsdb: Fix the case for attribute name msDS-hasMasterNCs
      build: Fix build issue on OpenBSD 5.x
      build: Do not use --export-dynamic flag on OpenBSD 5.x
      s4-upgradedns: Allow fixing of dns provision after domain join
      s4-rpc: dnsserver: Fix IPv6 reverse zone handling
      s4-upgradedns: Add DNS partitions in msDS-hasMasterNCs in NTDS settings
      s4-upgradedns: Make sure the attribute exists before accessing it
      lib/tdb: Add/expose lock functions to support CTDB
      lib/tdb: Update ABI
      s4-upgradedns: Fix the fqdn for forest dns zone
      dlz_bind9: changes to make dlz_bind9 work with BIND 9.9.0
      dlz_bind9: Build shared libraries for both BIND versions 9.8 and 9.9
      s4-provision: Update configuration lines for dlz_bind9
      s4-upgradedns: Update serverdn with only the attributes that have changed
      s4-dns: Build BIND DLZ modules with correct private library
      samba-upgradedns: Use the correct magic incantation of sys.path.insert()
      dlz_bind9: Fix the named crash on reloading named
      dlz_bind9: Make the talloc destructor static and return 0.
      dsdb: Fix error checking conditions in partition_metadata module
      dbwrap: Rename dbwrap_fetch_uint32->dbwrap_fetch_uint32_bystring
      s4-pysmb: Parse security info as an unsigned integer
      samba-tool: gpo: Fix creation of filesystem ACL from directory ACL
      samba-tool: gpo: Fix policy DN
      samba-tool: gpo: Correct the attribute name from gPlink to gPLink
      samba-tool: gpo: Use gpo (id) instead of gpo_dn (DN)
      samba-tool: Fix indentation
      s4-pysmb: Add deltree() method to remove directory and its contents
      samba-tool: gpo: Add utility functions get_gpo_containers and del_gpo_link
      samba-tool: gpo: Refactor code using utility functions
      samba-tool: gpo: Use utility function dc_url() to set the connection url
      samba-tool: gpo: Add listcontainers subcommand to list containers using given GPO
      samba-tool: gpo: Add del subcommand to delete GPO
      samba-tool: gpo: Improve error messages
      samba-tool: gpo: Update copyright
      s4-dns: dlz_bind9: Ignore zones that are not used by BIND9 DLZ plugin
      s4-rpc: dnsserver: Ignore DNS zones that are not used by RPC dnsserver
      s4-dns: Fix format string vulnerability in an error message (bug #9354)
      samba-tool/dns: Fix a typo in ttl variable name
      s4-dns: Print/Set minimumTTL value in SOA record
      s4-rpc: dnsserver: Fix removal of trailing '.' in soa mname
      s4-rpc: dnsserver: dns_name_equal() returns boolean
      s4-rpc: dnsserver: When updating SOA record, use the specified serial
      s4-dns: Support update of SOA records
      samba-tool/dns: Pass on additional flags when creating zones
      samba-tool/dns: Set secure zone update flag after creating new zone

Anand Avati (4):
      check_parent_exists() can change errno. Ensure we preserve it across calls.
      building RPMs on RHEL fail because of a typo.
      vfs_glusterfs: Samba VFS module for glusterfs
      vfs_glusterfs: Implement proper mashalling/unmarshalling of ACLs

Anatoliy Atanasov (72):
      Handle schema reloading request.
      dsdb_create_prefix_mapping() implementation checks for existing prefix maping in ldb.
      Fix for schemaUpdateNow command
      Test for schemaUpdateNow command
      Fix for DSSYNC test against Windows 2003
      Fix the dsdb_syntax_OID_ldb_to_drsuapi function
      First attempt to implement dcesrv_drsuapi_DsGetNCChanges
      Fill the meta data vector in the responce struct.
      Fix up-to-dateness vector creation.
      Fix up-to-dateness vector creation.
      Add drs_security_level_check for dcesrv calls security checks
      Move replmd_drsuapi_DsReplicaCursor2_compare to a common place.
      Handle dsdb_class_by_lDAPDisplayName returned values in schema_inferiors.c
      Add tests for MS-ADTS: Naming Constraints
      Add support in the ldb_dn.c code for MS-ADTS: Naming Constraints
      Move the check above the talloc
      s4: Handle DRSUAPI_DS_REPLICA_NEIGHBOUR_CRITICAL_ONLY req in getncchanges
      idl: regenerate idl
      s4: Handle DRSUAPI_DS_REPLICA_NEIGHBOUR_ASYNC_REP in getncchanges
      s4/drs:kccdrs_replica_get_info_obj_metadata implementation
      s4/drs: add DRSUAPI_ATTRIBUTE_options attribute
      s4/rodc: change the libnet_become_dc code to do RODC join
      s4/libnet: Fix misleading comment
      s4/rodc: Implement samdb_rodc with ldb context
      s4/rodc: RODC FAS initial implementation
      s4/rodc: Implement msDS-isRODC constructed attr
      s4/test: Implement tests for msDS-isRODC constructed attribute
      s4/rodc: Fix the callbacks up the stack to handle referrals on modify requests
      s4/rodc: Support read-only database
      s4/waf: ABI update for lib/ldb
      s4-rodc: Fix provision warnings by creating ntds objectGUID in provision
      Revert "s4-rodc: Fix provision warnings by creating ntds objectGUID in provision"
      s4-rodc: Cache am_rodc flag
      s4-rodc: Set am_rodc flag during provision
      s4: check the sacl and dacl pointers on the old sd
      s4:auth/session.c - free "group_string" when not needed
      s4:schema/schema_set.c - free LDB message diffs
      s4/schema: remove unnecessary deletion of dsdb_schema cached pointer
      s4/vampire: update dNSHostName for the Server object
      s4/drs: update repsFrom only when we are not in getncchanges extended op
      s4/fsmo: Added python tests for schema master transfer op
      s4/fsmo: Fix callback declaration
      s4/fsmo: Change return type from NTSTATUS to WERROR for drepl_takeFSMOrole
      s4/fsmo: Remove empty new lines
      s4/fsmo: Handle infrastructure, pdc and rid extended ops
      s4/fsmo: Extended fsmo test with infrastructure, pdc and rid roles
      s4/fsmo: Naming master support added
      s4/drs: Added the rest of the enum drsuapi_DsNameFormat values
      s4/drs: use type enum drsuapi_DsNameFormat in DsCrackNames code
      s4/fsmo: Create separate function for retrieving fsmo role dn and owner dn.
      s4/dcdiag: Handle ListRoles command for dcdiag:KnowsOfRoleHolders test
      s4/dsdb:kcc: cleanup and improve readability
      s4/eventlog6: Add idl for EventLog6 RPC
      s4/eventlog6: Add endpoint server for EventLog6 RPC
      s4/eventlog6: Build and hook EventLog6 RPC endpont mapper and idl
      s4/eventlog6: Add dummy implementation for calls 0x5 and 0xB
      s4/irpc: Add function to add security token to the binding handle
      s4/irpc: Add security token to the binding handle when doing irp call forwarding
      s4/test: Added test for simple bind with machine account
      s4/auth: Add logon_parameters to authenticate_username_pw
      s4/syntax: Add tests for DN+String and DN+Binary
      s4/test: Add bind.py to make test
      s4/test: Expand BindTest
      s4/ldap: ldap_syntaxes.py cleanup
      s4/operational: Fix swapped parameters for ldb_msg_copy_attr
      s4/ldapcmp: Fix the parsing of the second set of credentials
      s4/ldapcmp: Check if creds2 is actualy set by the command line
      Revert "s4/ldapcmp: Check if creds2 is actualy set by the command line"
      Revert "s4/ldapcmp: Fix the parsing of the second set of credentials"
      s4/ldapcmp: Correct fix for creds2

Andreas Schneider (1279):
      Remove trailing slashes from service name
      Don't restart winbind if a corrupted tdb is found during initialization.
      Prevent winbindd from segfaulting due to corrupted cache tdb.
      Windows 2008 (Longhorn) auth2 flag fixes.
      Fix Windows 2008 (Longhorn) join.
      Add variable to define if a share should be hidden.
      Rename the 'hidden' variable to 'administrative share'.
      Rename the 'hidden' variable to 'administrative share'.
      Fix saving of the config file in SWAT; [#5516].
      Fix empty input fields in SWAT; [#5515].
      Add krb5 support for the testbrowse example.
      Add documentation for kerberos support in libsmbclient.
      Release still reachable memory if the smbclient context is freed.
      The buf in the smbclient write function should be const.
      Simplify samba_version_string.
      Use the macro to call samba_version_string().
      Update the developers documentation for the new vendor version options.
      Remove trailing withespace from wbinfo -m which breaks gdm auth.
      Set the right return value if wbc_status is set to an error.
      Delete the krb5 ccname variable from the PAM environment if set.
      Create a function out of pam_sm_close_session to delete the credentials.
      Improve the Gemand pam_winbind translation.
      Fix circular dependency error with autoconf 2.6.3.
      Move the doxygen comments of wbclient to the header file.
      Fix a segfault if ? is there but the options are NULL. This is the case if SMBC_parse_path is called by SMBC_stat_ctx.
      Avoid flooding of syslog with failing pam_putenv messages.
      Document default of the printing config variable.
      Add a synopsis section to the pam_winbind manpage.
      Document the try_first_pass option in the pam_winbind manpage.
      Dcoument the PAM data exports in the pam_winbind manpage.
      Move pam_winbind to the right manpage section (8).
      Fix the section of the pam_winbind manpage.
      tsocket: Fixed typo in LGPL header.
      tsocket: Fixed documentation for tsocket_address_bsd_sockaddr().
      tsocket: Fixed tsocket_guide.txt asciidoc syntax.
      s4-kdc: Migrate to tsocket_address.
      s4: Fixed the programming guide to reflect the current tree.
      s4-gensec: Added remote and local setter/getter using tsocket.
      s4-gensec: Replace gensec_set_my_addr() with new tsocket based fn.
      s4-gensec: Replace gensec_get_my_addr with new tsocket based fn.
      s4-gensec: Replace gensec_set_peer_addr with new tsocket based fn.
      s4-gensec: Replace gensec_get_peer_addr with new tsocket based fn.
      s4-gensec: Remove obsolete socket_address vars and fns.
      s4-kdc: Migrate tcp connections to tsocket.
      tsocket: Added complete doxygen documentation.
      tsocket: Added doxygen config file.
      s4-ntp_signd: Migrate to tsocket.
      s4-torture: Migrate ntp_signd test to tsocket.
      s4-winbind: Migrated winbind connection to tsocket.
      s4-libcli: Fixed a talloc_reference error.
      talloc: Documented talloc with doxygen.
      talloc: Added doxygen config file.
      Move the talloc details to the mainpage.
      s3-print: Remove obsolete signal type cast.
      s3-passdb: Remove obsolete signal type cast.
      s3-pam_smbpass: Remove obsolete signal type cast.
      s3-nmbd: Remove obsolete signal type cast.
      s3-libads: Remove obsolete signal type cast.
      s3-lib: Remove obsolete signal type cast.
      s3-smb: Remove the obsolete signal type cast.
      s4-smbd: Remove obsolete singal type cast from the thread process model.
      libutil: Remove obsolete signal type cast.
      libreplace: Remove the obsolete signal type cast.
      s4-smb: Migrate named_pipe_server to tsocket.
      tstream: Added a typedef for the function prototype.
      tsocket: Improve the tsocket_address_bsd_sockaddr documentation.
      s4-smb: Migrate named_pipe_server to tsocket.
      s4-kdc: Fixed the memory context of tstream_bsd_existing()
      s4-ntp: Fixed the memory context of tstream_bsd_existing()
      s4-winbind: Fixed the memory context of tstream_bsd_existing()
      s4-winrepl: Migrated the wins replication server to tsocket.
      s3-rpc_server: Document rpc_pipe_open_internal.
      s3-rpcclient: Leave setprinterdata directly if not enough args were passed.
      s4-gensec: Fixed wrong usage of error_string.
      Fix developer build, remove malloc
      s3-smbd: Don't close stdout if we want to log to stdout.
      s3-selftest: Don't log to stdout, use logfiles instead.
      s3-spoolss: Added a function to open a regkey using the winreg pipe.
      s3-spoolss: Added a set_printer_dataex function using the winreg pipe.
      s3-spoolss: Added a get_printer_dataex function using the winreg pipe.
      s3-spoolss: Added a enum_printer_dataex function using the winreg pipe.
      s3-spoolss: Added a delete_printer_dataex function using the winreg pipe.
      s3-spoolss: Added a enum_printer_key function using the winreg pipe.
      s3-spoolss: Added a delete_printer_key function using the winreg pipe.
      s3-spoolss: Fixed winreg_printer_openkey to be used in a more generic way.
      s3-spoolss: Added a winreg_enumforms1 function.
      s3-spoolss: Added a winreg_addform1 function.
      s3-spoolss: Added a winreg_deleteform1 function.
      s3-spoolss: Added a winreg_setform1 function.
      s3-spoolss: Added a winreg_getform1 function.
      s3-winreg_nt: Fixed QueryValue with data=NULL to get the length.
      s3-time: Added a function to get the startup time of the server.
      s3-spoolss: Use const values for notify functions.
      s3-spoolss: Added missing return value to winreg_printer_enumforms1 docs.
      s3-spoolss: Fixed return values of winreg_printer_deleteform1.
      s3-spoolss: Added winreg helper functions to write registry values.
      s3-spoolss: Added a function to update the ChangeID of a printer.
      s3-spoolss: Added a function to get the ChangeID from a printer.
      s3-spoolss: Added a winreg function to query a dword.
      s3-spoolss: Added more winreg hepler functions.
      s3-spoolss: Fixed winreg_delete_printer_key if key is NULL or emtpy.
      s3-spoolss: Added a winreg_update_printer function.
      s3-spoolss: Added a winreg_create_printer function.
      s3-spoolss: Added a winreg_get_printer function.
      tsocket: Fixed the documentation of tsocket_address_bsd_sockaddr.
      s3-lib: Create a sec_desc_merge and sec_desc_merge_buf function.
      s4-torture: Fixed spoolss dsspooler printername test.
      s4-torture: Added the printername to the AddPrinter comment.
      tsocket: Added the warning again to tsocket_address_bsd_sockaddr.
      s3-libsmb: Fixed a recursion in cli_pull_print.
      tevent: Added basic doxygen documentation.
      tevent: Add doxygen tevent config file.
      tevent: Create a typedef for the debug function callback.
      tevent: Document the missing tevent async request callback functions.
      tevent: Document missing callback typedefs.
      tevent: Document the tevent helper functions.
      tevent: Document the tevent_queue functions.
      tevent: Started a tevent_queue tutorial.
      libwbclient: Fixed doxygen errors.
      s3-spoolss: Added missing Printer Driver in winreg_{update,get}_printer.
      s3-spoolss: Added missing servername option to winreg_{create,get}_printer.
      s3-spoolss: Added a sharename arg to winreg_update_printer.
      s3-spoolss: Fixed memory error in winreg_get_driver.
      s3-spoolss: Added a function to create a default spoolss_DeviceMode.
      s3-spoolss: Added a generic spoolss_create_default_secdesc function.
      s3-spoolss: Added a winreg_printer_query_binary function.
      s3-spoolss: Migrated winreg to spoolss_create_default_secdesc.
      s3-spoolss: Added winreg security descriptor functions.
      s3-spoolss: Fixed the DeviceMode handling in winreg.
      s3-spoolss: Create default DsSpooler values.
      talloc: Documented the missing string functions.
      talloc: Fixed a doxygen problem with PRINTF_ATTRIBUTE.
      tevent: Fixed a doxygen problem with PRINTF_ATTRIBUTE.
      tevent: Added an introduction to the tevent_queue tutorial.
      tevent: Added a description for tevent queue.
      s3-spoolss: Sorted the builtin forms alphabetically.
      s3-spoolss: Added EN ISO 216, A0 and A1 to builtin forms.
      s3-spoolss: Use better names for set_last_from_to.
      s3-spoolss: Create a spoolss_map_to_os2_driver function.
      s3-spoolss: Use the spoolss_map_to_os2_driver to modify drivername.
      s3-spoolss: Added EN ISO 216, A0 and A1 to builtin forms.
      s3-net: Created a migration tool for printing TDBs.
      s4-torture: Try to fix the winreg tests.
      s4-torture: Disable the security descriptor tests.
      s4-torture: Improved the winreg symlink test.
      s3-auth: Added a function to get the server_info from the system user.
      s3-waf: Fixed dependencies of the the avahi subsystem.
      s3-smbd: Remove unneeded dependency of map_username to globals.c.
      s3-auth: Moved smbd user functions to a generic place.
      s3-rpc: Seperate rpc_srv_register for plain connection.
      s3-rpc: Create a file with all functions for a internal named pipe.
      s3-waf: Build rpc_server/srv_spoolss_util.c too.
      s3-winbind: Fixed setting default sequence number.
      s3:misc make use of server_[event/messaging]_context directly
      s3-spoolss: Provide a memory context for clean_up_driver_struct().
      s3-tdb: Added missing out of memory check in rename_file_with_suffix().
      wbinfo: Document the deprecated sequence option correctly.
      doc: Remove the documentation of the sequence command of wbinfo.
      s3-registry: Added a db upgrade function to normalize the key delimiter.
      s3-registry: Convert registry key delimiter from slash to backslash.
      nss_wrapper: Fixed a possible NULL pointer problem.
      librpc: Use switch in GUID_from_data_blob().
      s3-passdb: Make sure that we don't assign garbage.
      s3-libsmb: Make sure that finfo is initialized.
      s3-nmbd: Leave the sync function if there are no syncs.
      s3-lanman: Make sure that job_info is not undefined.
      s3-passdb: Make sure we don't call free on a garbage pointer.
      s3-passdb: Make sure dn is initialized and don't free it.
      s3-vfs: Make sure that retval isn't used uninitialized.
      s3-lanman: Make sure count is not used uninitialized if we jump to out.
      s3-smbd: Make sure that status is initialized when used.
      s3-registry: Fixed keyname delimiter in KEY_CURRENT_VERSION_NORM.
      s3-eventlog: Fixed the keyname delimiter for the registry key.
      s3-net: Make sure that the data blob is initialized.
      s3-librpc: Fixed GUID_from_data_blob() with length of 32.
      s3-net: Use talloc_asprintf and return if file is in wrong format.
      s3-net: Make sure we don't call free on garbage.
      s3-winbind: Make sure we crash if domain is really not found.
      s3-client: Make sure we only write to an opened file.
      libcli: Fixed a build warning for a missing prototype.
      s3-winbind: Free some memory which isn't needed anymore.
      s3-rpc_client: Use the right memory context for array elements.
      s3-winbind: Initialize the server_info on winbindd start.
      s3-winbind: Added a skeleton for samr based functions.
      s3-winbind: Implemented samr backend function sam_query_user_list.
      s3-winbind: Implemented samr backend function sam_enum_dom_groups.
      s3-winbind: Implemented samr backend function sam_query_user.
      s3-winbind: Implemented samr backend function sam_trusted_domains.
      s3-winbind: Implemented samr backend function sam_lookup_groupmem.
      s3-winbind: Implemented samr backend function common_enum_local_groups.
      s3-winbind: Implemented samr backend function common_name_to_sid.
      s3-winbind: Implemented samr backend function common_sid_to_name.
      s3-winbind: Implemented samr backend function common_rids_to_names.
      s3-winbind: Implemented samr backend function common_lockout_policy.
      s3-winbind: Implemented samr backend function common_password_policy.
      s3-winbind: Implemented samr backend function common_lookup_usergroups.
      s3-winbind: Implemented samr backend function common_lookup_useraliases.
      s3-winbind: Implemented samr backend function common_sequence_number.
      s3-winbind: Replace the passdb backend with a samr/lsa based backend.
      s3-winbind: Rename winbindd_rpc.c to winbindd_msrpc.c.
      s3-winbind: Added a common rpc_enum_dom_groups function.
      s3-winbind: Use rpc_enum_dom_groups in msrpc.
      s3-winbind: Use rpc_enum_dom_groups in samr.
      s3-winbind: Added a common rpc_query_user_list function.
      s3-winbind: Use rpc_query_user_list in msrpc.
      s3-winbind: Use rpc_query_user_list in samr.
      s3-winbind: Added a common rpc_enum_local_groups function.
      s3-winbind: Use rpc_enum_local_groups in msrpc.
      s3-winbind: Use rpc_enum_local_groups in samr.
      s3-winbind: Added a common rpc_name_to_sid function.
      s3-winbind: Use rpc_name_to_sid in samr.
      s3-winbind: Added a common rpc_sid_to_name function.
      s3-winbind: Use rpc_sid_to_name in samr.
      s3-winbind: Added a common rpc_rids_to_names function.
      s3-winbind: Use rpc_rids_to_names in samr.
      s3-winbind: Added a common rpc_query_user function.
      s3-winbind: Use rpc_query_user in msrpc.
      s3-winbind: Use rpc_query_user in samr.
      s3-winbind: Added a common rpc_lookup_usergroups function.
      s3-winbind: Use rpc_lookup_usergroups in samr.
      s3-winbind: Use rpc_lookup_usergroups in msrpc.
      s3-winbind: Added a common rpc_lookup_useraliases function.
      s3-winbind: Use rpc_lookup_useraliases in samr.
      s3-winbind: Use rpc_lookup_useraliases in msrpc.
      s3-winbind: Added a common rpc_lookup_groupmem function.
      s3-winbind: Use rpc_lookup_groupmem in samr.
      s3-winbind: Added a common rpc_sequence_number function.
      s3-winbind: Use rpc_sequence_number in samr.
      s3-winbind: Use rpc_sequence_number in msrpc.
      s3-winbind: Rename common_lockout_policy to sam_lockout_policy.
      s3-winbind: Rename common_password_policy to sam_password_policy.
      s3-winbind: Added a common rpc_trusted_domains function.
      s3-winbind: Use rpc_trusted_domains in samr.
      s3-winbind: Use rpc_trusted_domains in msrpc.
      s3-winbind: Rename lookup_groupmem to msrpc_lookup_groupmem.
      s3-winbind: Create all logfiles in the same directory.
      s3-winbind: Make sure we close all policy handles in sam.
      s3-winbind: Make sure that the policy handles are closed.
      s3-winbind: Fixed debug messages of open_internal_lsa_pipe().
      s3-winbind: Use same format for all msrpc debug messages.
      s3-winbind: Handle aliases in rpc_lookup_groupmem().
      s3-build: Add a gdbtestenv environment for Samba3.
      s3-winbind: Set status before we leave in some msrpc functions.
      s3-winbind: Don't cache queries to builtin and own sam domain.
      s3-waf: Fixed the build.
      s3-rpc_client: Fixed a segfault in rpccli_samr_chng_pswd_auth_crap().
      s3-rpc_server: Don't register the same rpc commands twice.
      s3-rpc_server: Added callbacks for init and shutdown of a rpc service.
      s4-torture: Disable setting REG_BINARY printer data with size 0.
      s3-registry: Init all needed registry keys for printing.
      s3-registry: Redirect KEY_CONTROL_PRINTERS to KEY_WINNT_PRINTERS.
      s3-spoolss: Migrated spoolss_SetPrinterDataEx to the winreg functions.
      s3-spoolss: Migrated spoolss_GetPrinterDataEx to the winreg functions.
      s3-spoolss: Migrated spoolss_EnumPrinterDataEx to the winreg functions.
      s3-spoolss: Migrated spoolss_EnumPrinterKey to the winreg functions.
      s3-spoolss: Migrated spoolss_DeletePrinterDataEx to the winreg functions.
      s3-spoolss: Migrated spoolss_DeletePrinterKey to the winreg functions.
      s3-spoolss: Migrated spoolss_EnumForms to the winreg function.
      s3-spoolss: Migrated spoolss_AddForm to the winreg function.
      s3-spoolss: Migrated spoolss_DeleteForm to the winreg function.
      s3-spoolss: Migrated spoolss_SetForm to the winreg function.
      s3-spoolss: Migrated spoolss_GetForm to the winreg function.
      s3-spoolss: Migrated spoolss_Forms to use the winreg changeid function.
      s3-spoolss: Migrated spoolss_AddPrinter and spoolss_SetPrinter.
      s3-spoolss: Removed unused function convert_printer_info().
      s3-spoolss: Removed unused function printer_info2_to_nt_printer_info2().
      s3-spoolss: Migrated spoolss_OpenPrinter to create defaults with winreg_create_printer.
      s3-spoolss: Migrated spoolss_GetPrinter and spoolss_EnumPrinters to winreg_update_printer.
      s3-spoolss: Migrated spoolss_DeletePrinter to cleanup winreg keys.
      s3-spoolss: Set c_setprinter always to 0.
      s3-spoolss: Fixed the driver unc strings for dependent files.
      s3-spoolss: Don't return the printer devicemode in spoolss_EnumJobs.
      s3-spoolss: Use the existing memory context for winreg_get_printer.
      s3-spoolss: Use a temporary talloc context in update_printer.
      s3-spoolss: Create and update DsSpooler values.
      s3-spoolss: Removed the last free_a_printer() call in spoolss_nt.c.
      s3-spoolss: Moved shared printing functions to nt_printing.h
      s3-spoolss: Removed wrong comment.
      s3-printing: Removed unused get_a_printer functions.
      s3-printing: Removed unused mod_a_printer functions.
      s3-printing: Removed unused free_a_printer function.
      s3-printing: Removed unsuded c_setprinter functions.
      s3-printing: Removed unused nt_forms.
      s3-printing: Removed unused security descriptor functions.
      s3-printing: Remove unused printer registry key functions.
      s3-printing: Moved remaining prototypes to nt_printing.h.
      s3-spoolss: Create winprint print processor key.
      Revert "s4-smbtorture: skip driverName and printerName DsSpooler tests for now."
      s3-printing: Move all tdb upgrade functions to a separate file.
      s3-printing: Added automatic migration of printing tdbs.
      s4-torture: Enable tests with keynames including a slash.
      s3-spoolss: Remove unused MAGIC_DISPLAY_FREQUENCY
      s3-spoolss: Remove the program global current_user_info.
      s3-lib: Make the standard_mapping parameter const.
      s3-spoolss: Move the standard mappings to spoolss.
      s3-printing: Added automatic migration of printing tdbs.
      s3-spoolss: Correctly set the default values.
      s3-spoolss: Fixed FILL_DRIVER_STRING leading to wrong results.
      s3-lib: Remove redefinition of RL_COMPLETION_CAST.
      pidl: Use struct pipes_struct.
      s3-rpc_server: Use struct pipes_struct.
      s3-dfs: Use struct pipes_struct.
      s3-dssetup: Use struct pipes_struct.
      s3-echo: Use struct pipes_struct.
      s3-eventlog: Use struct pipes_struct.
      s3-initshutdown: Use struct pipes_struct.
      s3-lsa: Use struct pipes_struct.
      s3-netlogon: Use struct pipes_struct.
      s3-ntsvcs: Use struct pipes_struct.
      s3-rpc_pipe: Use struct pipes_struct.
      s3-samr: Use struct pipes_struct.
      s3-spoolss: Use struct pipes_struct.
      s3-srvsvc: Use struct pipes_struct.
      s3-svcctl: Use struct pipes_struct.
      s3-winreg: Use struct pipes_struct.
      s3-wkssvc: Use struct pipes_struct.
      s3-uid: Use struct pipes_struct.
      s3-winbind: Use struct pipes_struct.
      s3-include: Use struct pipes struct and get rid of the typedef.
      s3-rpc: Use struct pipes_struct.
      s3-spoolss: Fixed debug statements and increased level.
      s3-spoolss: Increased debug level for trace output.
      s3-spoolss: Use a stackframe to allocat memory.
      s3-spoolss: Fixed some C++ build warnings.
      s3-spoolss: Move some debug message to a higher level.
      s3-spoolss: Fixed a segfault if a value has no data.
      idl: Fixed a possible crash bug.
      s3-popt: Only include popt-common.h when needed.
      s3-spoolss: Use the correct value for the data length.
      s4-torture: Fixed the winreg EnumValue test against Windows.
      s3-torture: Correctly cleanup the winreg volatile key test.
      s3-torture: Improve the winreg deletekey torture comments.
      s3-spoolss: Fixed setting driver version correctly.
      s3-spoolss: Make sure we convert a 4 byte value to uint32_t.
      s4-rpc_server: Fixed the build of the dcerpc_server library.
      s3-smbd: Make sure the event context is initialized.
      s3-smbd: Cleanup the order of the init functions.
      s3-loadparm: Added some comments to lp_load_ex calls.
      s3-smbd: Fixed indent.
      s3-smbd: Regroup some init functions.
      s3-smbd: Move rpc services init to smbd parent.
      s3-smbd: Publish nt printers.
      s3-test: Try to fix the build farm subunit parsing.
      s3-auth: Remove obsolete 'update encrypted' option.
      s3-auth: Remove docs about obsolete 'update encrypted' option.
      s3-waf: Fixed the build.
      s3-waf: Fixed the rpc_client build.
      waf: Generate the ntprinting ndr functions.
      s3-waf: Create a variable for LIBNDR_NTPRINTING_SRC.
      s3-waf: Try to fix the idl build.
      s3-waf: Added missing client option to pidl list for wbint.
      s3-samr: Fixed some build warnings.
      s3-samr: Correctly fix the transition from enum to uint32_t.
      s3-printing: Rename jobs_changed functions to jobs_added.
      s3-printing: Added function to update the queue.
      s3-lib: Fixed a possible crash bug.
      s3-build: Add a test-buildfarm target to stay UNIX Makefile compatible.
      s3-build: Use a wrapper script to run the tests.
      s3-build: Don't paste the summary.
      s3-auth: Use SamInfo3_for_guest to create guest server_info.
      s3-passdb: Added a pdb_try_account_unlock function.
      s3-passdb: Try to unlock the account if it is locked out.
      s3-auth: The unlock of the account is now done by the get_sampwnam call.
      s3-spoolss: Fixed a possible crash bug.
      s3-spoolss: Move spoolss winreg to new dcerpc client funtions.
      s3-spoolss: Fixed some build warnings.
      s3-auth: Added get_server_info_system function.
      s3-rpcint: Make auth_serversupplied_info const.
      s3-msdfs: Make auth_serversupplied_info const.
      s3-printing: Make auth_serversupplied_info const.
      s3-spoolss: Make auth_serversupplied_info const.
      s3-spoolss: Use systerm server_info for winreg connection.
      s3-printing: Make missing auth_serversupplied_info const.
      s3-spoolss: Don't leak memory on the session counter list.
      s3-printing: Document the printer list functions.
      s3-rpc_server: Added new parametric option 'rpc_server'
      s3-rpc_server: Use talloc_stackframe.
      s3-waf: Link smbd against RPCECHO.
      s3-spoolss: Fixed print_access_check server_info.
      s3-spoolss: Fixed print job access.
      s3-winbind: Fixed the build of idmap_rid.
      s3-rpc_server: Make auth_serversupplied_info const.
      s3-rpc_server: Normalize rpc_pipe_open_interface pipe name.
      s4-gensec: Add dependency on com_err to GENSEC_KRB5.
      s3-winbind: Fixed init order.
      s3-smbd: Call all the rpc services in the right order.
      s3-build: Remove broken RPC modules support.
      s3-smbd: Call the rpc service shutdown functions.
      s3-waf: Fixed the static rpc service build.
      s3-rpcecho: Only register rpcecho in the developer build.
      s3-rpc_client: Added dcerpc_lsa_open_policy.
      s3-rpc_client: Added dcerpc_lsa_open_policy2.
      s3-rpc_client: Added dcerpc_lsa_lookup_sids and dcerpc_lsa_lookup_sids3.
      s3-rpc_client: Added dcerpc_lsa_lookup_names.
      s3-netlogon: Move to new dcerpc client funtions.
      s3-rpc_client: Fixed the dcerpc_lsa_LookupSids3 lookup_options.
      s3-rpc_client: Fixed the dcerpc_lsa_LookupSids3 client_revision.
      s3-rpc_client: Fixed the dcerpc_lsa_LookupNames4 lookup_options.
      s3-rpc_client: Fixed the dcerpc_lsa_LookupNames4 client_revision.
      s3-auth: Fixed account lockout check.
      s3-rpc_client: Fixed return values of dcerpc_lsa_lookup_sids_generic.
      s3-rpc_client: Fixed status check of dcerpc_lsa_lookup_sids_noalloc.
      tdb: Added doxygen documentation.
      s3-smbd: Fixed a possible null pointer dereference.
      s3-param: Fixed code block in max_open_files().
      s3-rpc_client: Added header information to cli_lsarpc.h.
      s3-rpc_client: Added header information to cli_samr.h.
      s3-rpc_client: Added dcerpc_samr_chgpasswd_user.
      s3-rpc_client: Added dcerpc_samr_chgpasswd_user2.
      s3-rpc_client: Added dcerpc_samr_chng_pswd_auth_crap.
      s3-rpc_client: Added dcerpc_samr_chgpasswd_user3.
      s3-rpc_client: Rename get_query_dispinfo_params.
      s3-rpc_client: Added dcerpc_try_samr_connects.
      s3-lib: Fixed a missing return value in tldap.
      s3-modules: Fixed the for-loop code block.
      s3-utils: Fixed possible resource leak in smbfilter.
      s3-utils: Fixed possible resource leak in smbget.
      s3-utils: Fixed possible resource leak in net_usershare.
      s3-utils: Fixed a resource leak in smbta-util.
      s3-utils: Fixed a resource leak in net_afs.
      librpc: Added support to accept netbios names.
      idl: Added missing endpoint mapper defines.
      s4-selftest: Mark epmapper as knownfail.
      s4-torture: Start with a clean epm_Insert_noreplace test.
      s4-torture: Added test_LookupHandleFree.
      s4-torture: Added a clean test_Lookup_simple.
      s4-torture: Added a clean test_Lookup_terminate_search.
      s4-torture: Added a clean test_Map_simple.
      s4-torture: Comment out the test_InqObject.
      s4-torture: Use binding handle in epm_Delete test.
      s4-torture: Added a test_Insert for epmapper.
      s4-torture: Added a full epm_Map test.
      s4-torture: Reorder the epmapper tests.
      replace: Try to fix broken sys/capabilites.h on Linux.
      s3-epmapper: Added a endpoint mapper skeleton.
      s3-epmapper: Added epm_Insert function.
      s3-epmapper: Added epm_Delete function.
      s3-epmapper: Added epm_Map function from Samba4.
      s3-epmapper: Added arg to match uuid in build_ep_list().
      s3-epmapper: Implemented epm_LookupHandleFree.
      s3-epmapper: Implemented epm_Lookup.
      s3-epmapper: Improved the epm_Map function.
      s3-epmapper: Commented unimplemented functions.
      s3-librpc: Added dcerpc register endpoint functions.
      s3-librpc: Added dcerpc_binding_vector_create function.
      s3-rpc_server: Only allow registering endpoints on priviledged pipes.
      s3-smbd: Added a function to setup rpc services.
      s3-smbd: Disable the endpoint mapper by default.
      s3-selftest: Enable RPC-EPMAPPER tests.
      s3-rpc_client: Added dcerpc_winreg_int_openkey().
      s3-rpc_client: Added winreg query dword helper.
      s3-rpc_client: Added winreg query binary helper.
      s3-rpc_client: Added a winreg set dword helper.
      s3-rpc_client: Added a winreg set sz helper.
      s3-rpc_client: Added a winreg set expand sz helper.
      s3-rpc_client: Added a winreg set multi sz helper.
      s3-rpc_client: Added a winreg query multi sz helper.
      s3-rpc_client: Added a winreg add multi sz helper.
      s3-rpc_client: Added a winreg helper to enum keys.
      s3-rpc_client: Added a winreg query sz helper.
      s3-rpc_client: Added a winreg set binary helper.
      s3-rpc_client: Added a winreg set security descriptor helper.
      s3-rpc_client: Added a winreg query security descriptor helper.
      s3-rpc_server: Migrated eventlog to winreg.
      s3-rpc_server: Added a winreg based eventlog registry init.
      s3-util: Moved eventlog_add_source to admin util.
      s3-smbd: Init the eventlog registry on service startup.
      s3-registry: Remove obsolete reg_eventlog.
      s3-services: Migrated svcctl registry functions to winreg.
      s3-rpc_server: Added a svcctl shutdown function.
      s3-rpc_server: Added a winreg based svcctl registry init.
      s3-smbd: Init the svcctl registry keys on service startup.
      s3-services: Remove obsolete services_db.c.
      s3-rpc_server: Migrated spoolss to dcerpc_winreg_enum_keys.
      s3-rpc_server: Migrated spoolss to dcerpc_winreg_set_sz..
      s3-rpc_server: Migrated spoolss to dcerpc_winreg_set_dword.
      s3-rpc_server: Migrated spoolss to dcerpc_winreg_set_X.
      s3-rpc_server: Migrated spoolss to dcerpc_winreg_set_X.
      s3-rpc_server: Migrated spoolss to dcerpc_winreg_query_dword.
      s3-rpc_server: Migrated spoolss to dcerpc_winreg_set_multi_sz.
      s3-perfcount: Create the directory on tdb open.
      s3: Added missing files in .gitignore.
      s3: Added file for clang complete support in vim.
      s3-rpc_server: Fixed possible segfault with client_id.
      s3-rpc_server: We need a messaging context for rpc.
      s3-rpc_server: Fixed possible segfaults in svcctl server.
      s3-rpc_client: Fixed winreg int documentation.
      s3-rpc_client: Added dcerpc_winreg_int_openkey() which dectects the hive.
      s3-rpc_client: Fixed an uninitialized variable.
      s3-librpc: Only register NCACN_NP.
      s3-rpc_server: Rename named_pipe_read_packet().
      s3-rpc_server: Create a common ncacn listen state.
      s3-rpc_server: Pass tevent_context to dcerpc endpoints.
      s3-rpc_server: Rename srv_rpc_register.
      s3-rpc_server: Rename srv_rpc_register.c.
      s3-rpc_server: Added function to setup tcpip listener!
      s3-rpc_server: Added port option to _rpc_ep_register.
      s3-rpc_server: Added event and msg ctx to _rpc_ep_register.
      s3-rpc_server: Let enpoint mapper listen on port 135.
      s3-rpc_client: Move client pipe functions to own header.
      s3-smbd: Pass tevent context to messaging functions.
      s3-librpc: Added tcpip support for dcerpc_binding_vector_create.
      s3-librpc: Free memory we don't need.
      s3-rpc_server: Added tcpip listener for each rpc service.
      s3-rpc_server: Set client and server connection info.
      s3-rpc_server: Added server address to pipes struct.
      s3-epmap: Return the correct ip address.
      s3-rpc_server: Added prototype to setup a ncalrpc socket.
      s3-rpc_client: Added DCERPC_AUTH_TYPE_NCALRPC bind.
      selftest: Added ncalrpc dir to config.
      s3-librpc: Register endpoints using ncalrpc.
      s3-rpc_server: Created an Endpoint Mapper Daemon.
      s3-rpc_server: Start the Endpoint Mapper Dameon if enabled.
      s3-rpc_server: Introduce transport in pipe_struct.
      s3-rpc_server: Only allow epm insert and delete on NCALRPC.
      s3-rpc_server: Fixed ncalrpc connection accept.
      s3-rpc_server: Remove unneeded ncacn wrappers.
      s3-rpc_server: Improved the dcerpc_ncacn_accept switch.
      s3-rpc_server: Add server support for NCALRPC system user pipe.
      s3-rpc_server: Create the ncalrpc endpoints.
      s3-librpc: Register NCALRPC pipes.
      s3-rpc_server: Fixed the accept() for named_pipe_listener.
      s3-rpc_server: Fixed the accept() for tcpip_listener.
      s3-rpc_server: Fixed the accept() for ncalrpc_listener.
      s3-winbind: Fixed the accept() for new_connection.
      s3-rpc_server: Free unused memory.
      s3-rpc_server: Added IPv6 support for epmapper.
      tevent: Fixed tevent_wakeup_send code example.
      s3-smbd: Increase debug level von context messages.
      s3-rpc_client: Don't ask endpoint mapper for its own port.
      s3-rpc_server: Change irritating debug message.
      s3-rpc_server: Add tevent based endpoint setup functions.
      s3-rpc_server: Use the new endpoint register functions.
      s3-rpc_server: Remove unused _rpc_ep_register.
      s3-rpc_server: Rename system_user to ncalrpc_as_system.
      s3-epmapper: Use DCERPC_AUTH_LEVEL_CONNECT for ep ncalrpc.
      s3-epmapper: Added a cleanup function.
      s3-epmapper: Shutdown the embedded epmapper cleanly.
      s3-epmd: Cleanup endpoint mapper correctly.
      s3-librpc: Leave the epm registration connection open.
      s3-rpc_server: Added a memory context to the ep regsiter state.
      s3-rpc_server: Implement an endpoint monitor loop.
      s3-rpc_server: Rename req to subreq.
      s3-rpc_server: Added disconnect callback function.
      s3-epmapper: Added function to delete endpoint entries.
      s3-epmd: Cleanup endpoints on service pipe disconnect.
      s3-epmapper: Remove unregister on shutdown.
      s3-epmapper: Setup epm in smbd to forward np requests.
      s3-epmapper: Log error if we can't register the endpoint.
      s3-epmapper: Increase debug levels.
      s3-epmapper: Use strcmp instead of strequal and check IPv6.
      s3-epmapper: Refactor the cleanup of endpoints.
      librpc: Added a dcerpc_binding_dup() function.
      s3-epmapper: Make sure we work on a description duplicate.
      librpc: Return an error if we a broken floor.
      s3-spoolssd: Fixed reopening of logs.
      s3-spoolssd: Pass down event and messanging context.
      s3-spoolssd: Added missing include.
      s3-spoolssd: Fixed logfile creation.
      s3-epmap: Make rpc_ep_setup_register an internal function.
      s3-spoolssd: Register spoolssd endpoints.
      s3-spoolssd: Start the spoolss service correctly.
      s3-rpc_server: Only allow embedded, daemon and external server type.
      s3-rpc_server: Fixed rpc_pipe_open_internal documentation.
      s3-winbindd: Use the correct enums for samr_QueryDomainInfo.
      s3-smbd: Added a change_to_user_by_session() function.
      s3-smbd: Added a become_user_by_session() function.
      s3-printing: Use become_user_by_session() function.
      libsmbconf: Introduce a sbcErrType.
      libsmbconf: Added a sbcErrorString() function.
      libsmbconf: Convert smbconf_init() to sbcErr.
      libsmbconf: Convert smbconf_open() to sbcErr.
      libsmbconf: Convert smbconf_drop() to sbcErr.
      libsmbconf: Convert smbconf_get_share_names() to sbcErr.
      libsmbconf: Convert smbconf_create_share() to smbErr.
      libsmbconf: Convert smbconf_get_share() to sbcErr.
      libsmbconf: Convert smbconf_delete_share() to sbcErr.
      libsmbconf: Convert smbconf_set_parameter() to sbcErr.
      libsmbconf: Convert smbconf_get_parameter() to sbcErr.
      libsmbconf: Convert smbconf_delete_parameter() to sbcErr.
      libsmbconf: Convert smbconf_get_includes() to sbcErr.
      libsmbconf: Convert smbconf_set_includes() to sbcErr.
      libsmbconf: Convert smbconf_delete_includes() to sbcErr.
      libsmbconf: Convert smbconf_transaction_*() to sbcErr.
      libsmbconf: Convert smbconf_get_config() to sbcErr.
      s3-waf: Create a registry private library.
      s3-waf: Create a public libsmconf.
      libsmbconf: Document smbconf_backend_requires_messaging().
      libsmbconf: Document smbconf_is_writeable().
      libsmbconf: Document smbconf_shutdown().
      libsmbconf: Document smbconf_changed().
      libsmbconf: Document smbconf_drop().
      libsmbconf: Document smbconf_get_config().
      libsmbconf: Document smbconf_get_share_names().
      libsmbconf: Document smbconf_share_exists().
      libsmbconf: Document smbconf_create_share().
      libsmbconf: Document smbconf_get_share().
      libsmbconf: Document smbconf_delete_share().
      libsmbconf: Document smbconf_set_parameter().
      libsmbconf: Document smbconf_set_global_parameter().
      libsmbconf: Document smbconf_get_parameter().
      libsmbconf: Document smbconf_get_global_parameter().
      libsmbconf: Document smbconf_delete_parameter().
      libsmbconf: Document smbconf_delete_global_parameter().
      libsmbconf: Document smbconf_get_includes().
      libsmbconf: Document smbconf_get_global_includes().
      libsmbconf: Document smbconf_set_includes().
      libsmbconf: Document smbconf_set_global_includes().
      libsmbconf: Document smbconf_delete_includes().
      libsmbconf: Document smbconf_delete_global_includes().
      libsmbconf: Document smbconf_transaction_start().
      libsmbconf: Document smbconf_transaction_commit().
      libsmbconf: Document smbconf_transaction_cancel().
      libsmbconf: Define a doxygen group for libsmbconf.
      s3: Added waf build header locations for clang complete.
      s3-spoolss: Get the printer location from cups.
      s3-printing: Remove obsolete and unused cups_pull_comment_location().
      waf: Enable Samba3 torture tests in top level build.
      s3-rpc_server: Force ncalrpc dir to be mode 755.
      s3-epmapper: Fixed endpoint registration.
      s3-rpc_server: Added syntax id to pipe_rpc_fns struct.
      s3-rpc_server: Store the ndr syntax id in the pipe context.
      s3-rpc_server: Move the context functions to own file.
      s3-rpc_server: Use the correct context syntax.
      s3-rpc_server: Use the correct syntax id in api_pipe_bind_req().
      s3-rpc_server: Use the context syntax id in api_pipe_request().
      s3-rpc_server: Migrate init_pipe_handles() to new syntax.
      s3-rpc_server: Use the correct syntax id for debugging.
      s3-rpc_server: Remove guessing of the syntax id.
      s3-rpc_server: Don't segfault if there are not handles to free.
      s3-rpc_server: Fix debug messages.
      s3-rpc_server: Fixed debug messages for rpc_handles.
      s3-rpc_server: Fixed debug messages of srv_pipe_hnd.
      s3-rpc_server: Remove syntax from pipes_struct.
      s3-rpc_server: Remove unused variable pipes_open.
      s3-epmapper: Register ports on IPv4 too.
      s3-waf: Fix pthreadpool build which needs librt now.
      s3: Update .clang_complete
      s3-winbind: Fix paranoia checks in winbindd_samr.c.
      s3-rpc_client: Fix some valgrind warnings.
      s3-spoolss: Fix some valgrind warnings.
      s3: Added missing includes to .clang_complete.
      s3-auth: Only reload the config file.
      s3-util: Add a get_remote_hostname() function.
      s3-rpc_server: Add local and remote address to pipes struct.
      s3-rpc_server: Migrate rpc function to tsocket_address.
      s3-auth: Added remote_address to ntlmssp server.
      s3-auth: Pass the remote_address down to user_info.
      s3-auth: Remove global smbd_server_conn from auth_unix.c.
      s3-rpc_server: Remove unused client_id in srv_pipe.c.
      s3-rpc_server: Replace client_id in dcerpc gssapi server.
      s3-samr: Replace client_id in samr server.
      s3-spoolss: Replace client_id in the spoolss server.
      s3-epmapper: Replace server_id in the epmapper.
      s3-smbd: Replace client_id in smbd process.
      s3-smbd: Replace client_id in smbd connection.
      s3-smbd: Exit cleanly if we can't create an address string.
      s3-smbd: Replace client_id in smbd reply.
      s3-smbd: Replace client_id in smbd service.
      s3-smbd: Replace client_id in smbd session.
      s3-smbd: Replace client_id in smbd session setup.
      s3-vfs: Replace client_id in smbta.
      s3-vfs: Replace client_id in exand msdfs.
      s3-smbd: Remove obsolete smbd_set_server_fd().
      s3-smbd: Remove client_address from smbd_server_connection struct.
      s3-rpc_server: Remove client_id and server_id from pipes struct.
      s3: RIP 'struct client_address'.
      s3-waf: Fix linking bugs causing segfaults.
      s3-waf: Don't link LIBNTLMSSP twice.
      s3-auth: Fix account check over ncalrpc.
      s3-epmapper: Fix adding tcpip endpoints.
      s3-smbd: Create ev_ctx and msg_ctx and use it.
      s3-smbd: Pass ev_ctx to smbd_parent_loop().
      s3-smbd: Pass ev_ctx and msg_ctx to open_sockets_smbd().
      s3-smbd: Pass ev_ctx and msg_ctx to smbd_accept_connection().
      s3-smbd: Pass ev_ctx to smbd_setup_sig_chld_handler().
      s3-smbd: Pass msg_ctx to smbd_accept_connection.
      s3-smbd: Pass ev_ctx to remove_child_pid().
      s3-smbd: Pass event and messaging context to smbd_parent_housekeeping().
      s3-librpc: Pass messaging context to dcerpc register functions.
      s3-rpc_server: Pass event and messaging context to accept function.
      s3-rpc_server: Fixed segfaults in rpc daemons.
      s3-rpc_server: Add my copyright.
      s3-rpc_server: Fix messaging context in the pipes struct.
      s3-rpc_server: Free the np dir.
      s3-rpc_server: Duplicate the pipe name.
      s3-rpc_server: We need to copy the session_info for external pipes.
      s3-rpc_server: Remove unused endpoint information.
      s3-rpc_server: Fixed header define.
      s3-rpc_server: Pass msg_ctx to make_base_pipes_struct().
      s3-rpc_server: Copy correct local tsocket address.
      s3-rpc_client: Close hive if opening of the key fails.
      s3-rpc_client: Close the hive handle before we open it again.
      s3-rpc_client: Close policy handles before creating defaults.
      s3-rpc_client: Fix memory context in winreg_enum_printer_dataex().
      s3-spoolss: Free local in winreg_printer_binding_handle.
      s3-spoolss: Use tmp_ctx in winreg_delete_printer_key_internal.
      s3-spoolss: Use tmp_ctx in winreg_printer_update_changeid_internal.
      s3-spoolss: Use tmp_ctx in winreg_printer_get_changeid_internal.
      s3-spoolss: Use tmp_ctx in winreg_get_printer_internal.
      s3-spoolss: Use tmp_ctx in winreg_create_printer_internal.
      s3-spoolss: Use tmp_ctx in winreg_update_printer_internal.
      s3-spoolss: Use tmp_ctx in winreg_set_printer_dataex_internal.
      s3-spoolss: Use tmp_ctx in winreg_enum_printer_dataex_internal.
      s3-spoolss: Use tmp_ctx in winreg_get_printer_dataex_internal.
      s3-spoolss: Use tmp_ctx in winreg_delete_printer_dataex_internal.
      s3-spoolss: Use tmp_ctx in winreg_get_driver_internal.
      s3-spoolss: Use tmp_ctx in winreg_get_driver_list_internal.
      s3-spoolss: Use tmp_ctx in winreg_del_driver_internal.
      s3-spoolss: Use tmp_ctx in winreg_add_driver_internal.
      s3-spoolss: Use tmp_ctx in winreg_get_printer_secdesc_internal.
      s3-spoolss: Use tmp_ctx in winreg_set_printer_secdesc_internal.
      s3-spoolss: Use tmp_ctx in winreg_printer_enumforms1_internal.
      s3-spoolss: Use tmp_ctx in winreg_printer_getform1_internal.
      s3-spoolss: Use tmp_ctx in winreg_printer_addform1_internal.
      s3-spoolss: Use tmp_ctx in winreg_printer_setform1_internal.
      s3-spoolss: Use tmp_ctx in winreg_printer_deleteform1_internal.
      s3-spoolss: Use tmp_ctx in winreg_enum_printer_key_internal.
      s3-spoolss: Use tmp_ctx everywhere in _spoolss_DeletePrinterDriverEx.
      s3-spoolss: Free the info2 structure in _spoolss_GetPrinter.
      s3-spoolss: Use get_session_info_system().
      s3-spoolss: Use existing handle in printer_driver_in_use().
      s3-spoolss: Use existing handle in printer_driver_files_in_use().
      s3-printing: Add forward declaration for dcerpc_binding_handle.
      s3-rpc_server: Added common function to create tcpip socket.
      s3-rpc_server: Move the endpoint registration to own file.
      s3-rpc_server: Rename to rpc service setup.
      s3-librpc: Add dcerpc_binding_vector_new().
      s3-librpc: Add dcerpc_binding_vector_add_np_default().
      s3-librpc: Add dcerpc_binding_vector_add_port().
      s3-librpc: Add dcerpc_binding_vector_add_unix().
      s3-librpc: Add dcerpc_binding_vector_dup().
      s3-librpc: Add dcerpc_binding_vector_replace_iface().
      s3-rpc_server: Add RPC socket helper functions.
      s3-rpc_server: Use binding vector in rpc_ep_try_register().
      s3-librpc: Remove obsolete dcerpc_binding_vector_create().
      s3-epmd: Use rpc_setup_tcpip_sockets().
      s3-torture: Run epmapper as daemon and the tests over ncalrpc.
      s3-rpc_server: Disable listening on tcpip ports by default.
      s3-rpc_server: Add rpc_epmapper_mode().
      s3-rpc_server: Use rpc_epmapper_mode().
      s3-rpc_server: Enable endpoint mapper as daemon by default.
      s3-rpc_server: Add rpc_spoolss_mode().
      s3-rpc_server: Use rpc_spoolss_mode().
      s3-rpc_server: Only setup tcpip ports if epmapper is enabled.
      s4-librpc: Fix double free.
      s3-rpc_server: Free the children of p->mem_ctx.
      s3-smbd: Pass tevent context to smbd_server_connection_loop_once().
      s3-rpc_server: Fix sending of packets over named pipe proxy.
      s3-spoolss: Fix prototypes warnings.
      selftest: Always test the spoolss deamon.
      s3-rpc_server: Fix include order in srv_pipe_hnd.c.
      s3-rpc_server: Check explicit for external and daemon server type.
      s3-rpc_server: Make dcerpc_ncacn_accept() public.
      s3-prefork: Fix cast warning.
      s3-spoolssd: Check if we were able to create the prefork pool.
      s3-lsasd: Create a lsa service daemon.
      s3-rpc_server: Correctly register lsa, samr and netlogon.
      s3-smbd: Start lsasd as deamon.
      selftest: Enable testing of the lsa service daemon.
      s3-winbind: We need to use internal rpc connections in winbind.
      s3-waf: Fix build with lsasd.
      rpc_server: Add forward declaration for dcerpc_transport_t.
      s3-rpc_server: Increase epm monitor wait time.
      s3-rpc_server: Add create_dcerpc_ncalrpc_socket().
      s3-lsasd: Add missing ncalrpc listeners.
      s3-lsasd: Listen on \PIPE\lsass.
      s3-id_cache: Move id caches mgmt out of smbd
      s3-id_cache: Use better names for id cache management ops
      s3-passdb: Keep caches coherent
      s3-passdb: Remove always the user from getpwsid cache.
      s3-passdb: Only delete 1 entry from memcache.
      s3-lib: If we create a pipe socket, don't start to listen.
      s3-rpc_server: Make sure we switch always the connecting user.
      doc: Reflect the latest changes to the rpc_server option.
      s3-rpc_server: Disable epmapper by default.
      s3-rpc_server: Handle services with multiple pipe names.
      s3-rpc_server: Add missing rng_fault_state in epmapper.
      s3-spoolss: Fix bug #8236 empty notify servername.
      s3-spoolssd: Remove stale printers only on a valid pcap update.
      s3-smbd: Rename reload_printers() and add documentation.
      s3-spoolss: Fix bug #8351 forms migration.
      rpc_server: Improve debug message for sys_getpeereid().
      s3-samr: Remove fstring in samr.
      uid_wrapper: Add uwrap_setreuid().
      uid_wrapper: Add uwrap_setregid().
      uid_wrapper: Add uwrap_setresuid().
      selftest: Fix plugin_s4_dc configuration.
      s3-netlogon: Fix setting the machinge account password.
      replace: Make sure we compile without uid_wrapper.
      replace: Add checks for setreuid and setregid.
      uid_wrapper: Fix prototypes.
      uid_wrapper: Make sure we have initialized the wrapper.
      uid_wrapper: Handle euid and egid 0.
      uid_wrapper: Fix build on UNIX platforms.
      uid_wrapper: Add uwrap_setresgid().
      nsswitch: Disable uid_wrapper in libwbclient.
      s3-waf: Don't link uid_wrapper more than once.
      Include uid_wrapper correctly.
      s3: Include uid_wrapper where it is missing.
      replace: Add don't include unistd.h directly and add uid_wrapper.
      s3: Enable uid wrapper.
      s3-build: Add .clang_complete.
      s4-torture: Add domain_handle to test_join struct.
      s4-torture: Add torture_delete_testuser().
      s4-torture: Add a samr privilege check.
      s4-torture: Add a user creation check.
      Add systemd service files.
      systemd: Fix dependencies.
      s3: Use autotools to set the winbind socket directory.
      docs: Make clear to use the workgroup name not the realm.
      s3-winbind: Increase the negative cache entry timout.
      s3-winbind: Make sure the map is clean.
      s3-winbind: Don't fail on users without a uid.
      s3: Fix wbinfo socket dir path.
      s3-winbind: Remove unused keys from list.
      s3-winbind: Add an update function for winbind cache.
      s4-librpc: Fix NETLOGON credential chain with Windows 2008.
      s4-torture: Fix schannel test against win2k8.
      s4-torture: LookupSids3 is only available over NCACN_IP_TCP.
      s3-libsmb: Don't duplicate kerberos service tickets.
      s4-librpc: Fix netlogon schannel client connect.
      s4-provision: Fix tdbdump path lookup in make test.
      s3-winbind: Move finding the domain to it's own function.
      s3-winbind: Fix segfault if we can't map the last user.
      s3-waf: Create a smaller samba3util subsystem.
      s3-waf: link SECRETS3 only against samba3util.
      s3-waf: auth_netlogond depends on tldap.
      lib: Remove dead mszip code.
      s3-waf: Link netapi only against needed subsystems.
      s3-waf: Link smbclient only against needed subsystems.
      s3-waf: Link nss_wins only against needed subsystems.
      s3-waf: Replace LIBMSRPC_GEN just with ndr-standard.
      s3-waf: Remove unneeded PARAM_UTIL dependency.
      s3-waf: Add missing depcendencies to smbconf.
      s3-waf: Link param only against needed subsystems.
      s3-waf: Don't link param_service against USER_UTIL twice.
      s3-waf: Link samba3core against needed subsystems.
      s3-waf: Remove LIBSMB_ERR completely.
      s3-waf: Link LIBNTLMSSP only against needed subsystems.
      s3-waf: Link libsmb only against needed subsystems.
      s3-waf: Link smbd_base only against needed subsystems.
      s3-waf: Link LIBNET only against needed subsystems.
      s3-waf: Link LIBNET_DSSYNC only against needed subsystems.
      s3-waf: Remove dead subsystem LIBNBT.
      s3-waf: Link trusts_util only against needed subsystems.
      s3-waf: Link tdb-wrap3 only against needed subsystems.
      s3-waf: Link errors3 only against needed subsystems.
      s3-waf: Link libcli_lsa3 only against needed subsystems.
      s3-waf: Link nmbd only against needed subsystems.
      s3-waf: Link winbindd only against needed subsystems.
      s3-waf: Add missing dependencies to LOCKING.
      s3-waf: Add missing dependencies to PASSCHANGE.
      s3-waf: Link swat only against needed subsystems.
      s3-waf: Link rpcclient only against needed subsystems.
      s3-rpcclient: Remove debug_dsdcinfo_flags() call.
      s3-waf: Link smbclient only against needed subsystems.
      s3-waf: Link net only against needed subsystems.
      s3-waf: Link profiles only against needed subsystems.
      s3-waf: Link smbspool only against needed subsystems.
      s3-waf: Link testparm only against needed subsystems.
      s3-waf: Link smbta-util only against needed subsystems.
      s3-waf: Link smbstatus only against needed subsystems.
      s3-waf: Link smbstatus only against needed subsystems.
      s3-waf: Link smbtree only against needed subsystems.
      s3-waf: Link smbpasswd only against needed subsystems.
      s3-waf: Link pdbedit only against needed subsystems.
      s3-waf: Link smbget only against needed subsystems.
      s3-waf: Link nmblookup only against needed subsystems.
      s3-waf: Link nmblookup only against needed subsystems.
      s3-waf: Link smbconftort only against needed subsystems.
      s3-waf: Link maketest only against needed subsystems.
      s3-waf: Link msgtest only against needed subsystems.
      s3-waf: Link smbcacls only against needed subsystems.
      s3-waf: Link smbcquotas only against needed subsystems.
      s3-waf: Link eventlogadm only against needed subsystems.
      s3-waf: Link sharesec only against needed subsystems.
      s3-waf: Link locktest only against needed subsystems.
      s3-waf: Link pdbtest only against needed subsystems.
      s3-waf: Link vfstest only against needed subsystems.
      s3-waf: Link locktest2 only against needed subsystems.
      s3-waf: Link smbfilter only against needed subsystems.
      s3-waf: Link versiontest only against needed subsystems.
      s3-waf: Link ntlm_auth only against needed subsystems.
      s3-waf: Link rpc_open_tcp only against needed subsystems.
      s3-waf: Link test_lp_load only against needed subsystems.
      s3-waf: Link dbwrap_tool only against needed subsystems.
      s3-waf: Link dbwrap_torture only against needed subsystems.
      s3-waf: Link split_tokens only against needed subsystems.
      s3-waf: Link vlp only against needed subsystems.
      s3-waf: Reduce libnetapi dependencies.
      s3-waf: Reduce libsmbclient dependencies.
      s3-waf: Add missing dependency to RPC_WINREG.
      s3-waf: Add missing dependency to LIBNET.
      s3-waf: Fix cups dependency in PRINTING.
      s3-waf: Reduce dependencies of smbd_base.
      s3-waf: Reduce dependencies of winbindd.
      s3-waf: Add missing dependency of pdb_wbc_sam to wbclient.
      s3-waf: Add missing dependency of ntlmssp to wbclient.
      s3-waf: Create a subsystem for SERVER_MUTEX.
      s3-lib: Fix util_cmdline which doesn't use popt.
      s3-libsmb: Remove dead gssapi code.
      s3-libsmb: Remove dead prototype.
      s3-waf: Link against tdb_compat instead of tdb.
      s3-waf: Link tdbsam against needed libraries.
      s3-net: Don't use an internal krb5 for kdc lookup.
      s3-libsmb: Remove obsolete smb_krb5_locate_kdc.
      s4-heimdal: Remove the execute flag of cfx.c.
      waf: Make sure libraries are installed with the execute flag set.
      s4-python: Remove execute flag of upgradehelpers.py.
      s4-python: Remove env from non-executable samba scripts.
      s4-python: Remove execute flag from netcmd scripts.
      s4-python: Remove env from non-executable netcmd scripts.
      s4-python: Remove env from non-executable test scripts.
      s4-python: Remove execute flag from ndrdump blackbox script.
      s4-python: Remove env from non-executable blackbox test scripts.
      s4-python: Remove execute flag from non-executable rpc_talloc script.
      s4-python: Remove env from non-executable dcerpc scripts.
      s4-python: Remove env from non-executable samba_tool scripts.
      s4-python: Remove env from non-executable webserver script.
      s4-python: Add missing python source file encoding.
      s3-rpc_server: Increase debug level for policy handle.
      s3-rpc_client: Add debug message for printer dataex errors.
      s3-printing: Make printer a const char *.
      s3-printing: Check for browseable too.
      s3-spoolss: Check return codes in update_dsspooler.
      s3-spoolss: Check return type of update_dsspooler().
      waf: Add autoconf --target support.
      systemd: Add samba service file.
      s4-smb2: Fix a talloc crash bug.
      s3-waf: Fix client/smbclient dependencies.
      s3-waf: Add possibility to build with system libsmbclient.
      waf: Add possibility to build with system libwbclient.
      waf: Use Logs.info() instead of print.
      s3-waf: Cleanup smbregistry.
      krb5samba: Add a smb_krb5_cc_get_lifetime() function.
      s4-auth: Use smb_krb5_cc_get_lifetime() wrapper.
      waf: Fix com_err detection with MIT krb5.
      doc: Fixes for the talloc context tutorial.
      doc: Fixes for the talloc stealing tutorial.
      doc: Fixes for the talloc dynamic type system tutorial.
      doc: Fixes for the talloc destructor tutorial.
      doc: Fixes for the talloc pool tutorial.
      doc: Fixes for the talloc debugging tutorial.
      doc: Fixes for the talloc best practices tutorial.
      talloc: Update doxygen config.
      s4-auth: Use smb_krb5_make_pac_checksum.
      krb5samba: Add smb_krb5_make_pac_checksum.
      s3-spoolss: Set DWORD values correctly.
      s3-auth: Don't lookup the system user in pdb.
      s3-auth: Rename to init_system_session_info().
      krb5samba: Add smb_gss_oid_equal wrapper.
      gse: Use the smb_gss_oid_equal wrapper.
      s3-spoolss: delete_drivers should be called as the connecting user.
      s3-winbind: Remove obsolte idmap_adex.
      doc: Remove documentation about idmap_adex.
      s3-printing: Remove deprecated lp_printer_admin().
      doc: Remove all references to 'printer admin' option.
      s3-passdb: Remove obsolte ldapsam_compat support.
      doc: Remove documentation for obsolete ldapsam_compat.
      s3-smbd: Remove deprecated 'share modes' option.
      doc: Remove references to deprecated 'share modes' parameter.
      s4-torture: Fix build warnings in lsa test.
      s4-torture: Use test_LookupSids3 function.
      s4-torture: Test LookupSids3 and LookupNames4 only over tcpip.
      s4-torture: Make sure ncacn_np tests are only called over the a pipe.
      s4-torture: Make sure lsa_OpenPolicy fails over TCP/IP.
      s4-torture: Make sure lsa_OpenPolicy2 fails over TCP/IP.
      s4-torture: Test LookupSids3/LookupNames4 over np and tcpip.
      s3-selftest: Run lsa tests over np and tcpip.
      s3-rpc_server: Make it possible to use more rpc exceptions.
      s3-rpc: Return the correct ntstatus depending on the transport.
      s3-lsarpc: Restrict the transport for ncacn_np functions.
      s3-lsarpc: Restrict lsa_LookupSids3 to ncacn_ip_tcp connections.
      s3-lsarpc: Restrict lsa_LookupNames4 to ncacn_ip_tcp connections.
      s3-lsarpc: Enforce a secure connection for LookupSids3 and LookupNames4.
      s4-torture: Add a lsarpc test_LookupSids3_fail function.
      s4-torture: Add a lsarpc test_LookupNames4_fail function.
      s4-torture: Add a lsarpc test_OpenPolicy_fail function.
      s4-torture: Add a lsarpc test_OpenPolicy2_fail function.
      s4-torture: Add a lsarpc test_GetUserName_fail function.
      s4-torture: Don't consider NONE_MAPPED an error in LookupNames4.
      s4-torture: Don't consider NONE_MAPPED an error in LookupSids3.
      s4-torture: Call lsarpc tests over the correct pipe.
      s4-libnet: Skip calling lsarpc functions over a wrong pipe.
      s4-selftest: Don't plan lsa.secrets tests over tcpip.
      s4-selftest: Don't run lsarpc requiring a named pipe over tcpip.
      selftest: Update knownfail list for samba4.rpc.lsalookup.
      s4-lsaprc: Don't call lsa_OpenPolicy2 in lsa_LookupNames4.
      s4-lsarpc: Don't call lsa_OpenPolicy2 in lsa_LookupSids3.
      s4-lsarpc: Restrict LookupNames4 to crypto connections only.
      s4-lsarpc: Restrict LookupSids3 to crypto connections only.
      s4-lsarpc: DCERPC_FAULT_ACCESS_DENIED for np
      s4-lsarpc: DCERPC_FAULT_ACCESS_DENIED for tcp
      s4-torture: Add DCERPC_SCHANNEL_AES tests.
      s4-torture: Improve samlogon test.
      s4-librpc: Add capabilities check for AES encrypted connections.
      s4-auth: Make sure we use the correct credential state.
      s3-rpc_client: Add capabilities check for AES encrypted connections.
      s3-rpc_client: Fix updating netlogon credentials.
      Enable AES in winbind.
      s3-winbind: Fix bug #9052 resolving our own "Domain Local" groups.
      doc: Remove build/ from doxygen config or it will not work in brew.
      s3-smbd: Fix flooding the logs with records we don't find in pcap.
      libkrb5: Fix build with MIT Kerberos.
      selftest: Define the log directory for s3fs.
      file_server: Fix spoolss support with s3fs.
      selftest: Add missing printing options for plugin_s4_dc.
      selftest: Remove spoolss tests from knownfail.
      s3-winbind: DON'T PANIC if we couldn't find the domain.
      s4-dns: Fix linking the dns service.
      wafsamba: Add support for manpages in SAMBA_MODULE.
      wafsamba: Add a CONFIGURE_FILE option.
      waf: Create catalog file for manpage generation.
      docs: Remove old ldb manpages.
      docs: Remove old tdb manpages.
      waf: Rename nmblookup manpage to nmblookup4.
      waf: Fix bug #8801 - build s3fs manpages.
      docs: Move idmap manpage to there old location.
      docs: Bump version up to 4.0.
      wafsamba: Add a SAMBAMANPAGES function.
      docs: Build manpages correctly.
      s3-rap: Open printers with the right access mask.
      docs: Fix generating idmap manpages.
      s3-printing: Increase debug level for info that the db is empty.
      s3-smbd: Don't segfault if user specified ports out for range.
      s3-spoolss: Fix builtin forms order to match Windows again.
      s3fs-smbd: Move housekeeping to the background process.
      waf: Build pam_smbpass module only if enabled.
      s3fs-smbd: Make sure the registry is set up before we init printing.
      s3fs-printing: Fix RAW printing for normal users.
      packaging: Add config for systemd-tmpfiles.
      packaging: Add support for reloading systemd services.
      s3fs-printing: Simplify the comment and location handling.
      BUG #9295: Build standard auth modules as internal modules.
      wafsamba: If we define a realname and a soname create a symlink.
      waf: Create a libnss_winbind.so symlink.
      waf: Create a libnss_wins.so symlink.
      ntlm_auth: Increase debug level if we use config domain name.
      packaging: Move smbprint to a comman location.
      BUG 9326: Fix net ads join message for the dns domain.
      packaging: Add NetworkManager dispatcher script for winbind.
      s3fs-net: Use talloc for memory allocation.
      s3fs-utils: Free the popt context in smbcacls and smbquotas.
      s3fs-popt: Add function to burn the commandline password.
      s3fs-client: Burn commandline password of client utils.
      torture: Fix smb2.create.blob test.
      s3:winbind: BUG 9386: Failover if netlogon pipe is not available.
      BUG 9436: Fix leaking sockets of SMB connections to a DC.
      s3-reg: Fix copy and paste error in debug message.
      torture: Fix copy and paste error.
      torture: Fix copy and paste error in debug message.
      libnet: Fix copy and paste error in dbsync error message.
      util: Add a UNIX platform independent samba_getpass().
      wbinfo: Use new samba_getpass() function.
      smbclient: Use new samba_getpass() function.
      util: Use new samba_getpass() function.
      torture: Use new samba_getpass() in locktest2.
      torture: Use new samba_getpass() in smbtorture3.
      torture: Use new samba_getpass() in masktest.
      net: Use new samba_getpass() function for 'net ads'.
      net: Use new samba_getpass() function for 'net rpc'.
      net: Use samba_getpass() function in net util.
      ntlm_auth: Use new samba_getpass() function.
      util: Use new samba_getpass() function for passwd util.
      smbget: Use new samba_getpass() function.
      cmdline: Use new samba_getpass() function.
      ntlm_auth4: Use new samba_getpass() function.
      replace: Remove deprecated getpass() support.
      BUG 9459: Install manpages only if we install the target.
      winbind: Make the code more readable in trustdom_list_done().
      s3-registry: Check return code of push_reg_sz().
      s3-rpcclient: Check return value of add_string_to_array().
      s3-net: Check return value of string_to_sid().
      s3-net: Check the return value of strlower_m().
      idl: Fix spoolss check for the size of the struct.
      s3-printing: Don't call talloc_free on an uninitialized pointer.
      vfs: Make sure we don't call talloc_free on an uninitialized pointer.
      s3-netapi: Fix zeroing policy handles in NetLocalGroupAdd_r().
      torture: Fix torture_rpc_spoolss_printer_teardown_common().
      s3-netapi: Initialize group_handle of NetUserSetGroups_r.
      s3-auth: Make sure we work on valid data_blobs.
      s4-netapi: Initialize group_handle of NetGroupGetUsers_r().
      s3-netapi: Initialize group_handle of NetGroupSetUsers_r().
      util: Don't use the pid ret value uninitialized.
      dfs_server: Don't allocate a subcontext twice.
      misc: Add a config for clang complete.
      tdb: Fix possible crash bugs in the python tdb code.
      tdb: Improve the documentation of tdb_reopen() and tdb_close().
      winbind: Use talloc in resolve_alias_to_username().
      winbind: Use talloc in resolve_username_to_alias().
      s3-lib: Remove unsused variable from sys_get_nfs_quota().
      s3-nmbd: Cleanup code to make it more readable.
      s4-libnet: Don't call talloc_get_type() for the same struct twice.
      nsswitch: Cleanup code in parse_wbinfo_domain_user().
      nsswitch: Remove unused variable in _pam_winbind_change_pwd().
      nsswitch: Fix pam_get_{item,data} build warnings.
      s3-utils: Cleanup code in wait_replies().
      s4-client: Make sure we have a valid count if we goto cleanup.
      s3-utils: Correctly handle getenv() for the later system() call.
      s4-libcli: Fix comparison of chosen_oid.
      s3-libsmb: Fix possible comparsion problems.
      torture: Make sure we use the correct size for cxd.
      s3-ctdb: Make sure addr.sun_path is null terminated.
      s4-socket: Make sure unix socket addresses are null terminated.
      s3-registry: Fix counters_directory() dir creation.
      s3-printing: Correctly create the printing cache path.
      s3-lib: Don't close the listener twice if we goto failed.
      util: Remove unused fde_stdin in samba_runcmd.
      s4-libnet: Fix setting the group handle and return codes.
      s4-client: Check return codes in do_connect().
      s3-smbd: Check return code of SMB_VFS_{L}STAT.
      s4-lib: Use directory_create_or_exist() to create messaging dir.
      s3-winbind: Check if we created the directories correctly.
      s4-regsitry: Check return value of ldb_msg_add_empty().
      s3-eventlog: Make sure the eventlog directory exists.
      s3-nmbd: Check if we created the directories correctly.
      s4-libnet: Checkr return codes in samsync_ldb_handle_domain().
      ndr: Check return code of ndr_pull_advance().
      librpc: Check return codes of ndr functions.
      param: Correctly create directory and create common function.
      s3-net: Check return values of push_reg_sz().
      s3-utils: Check return value of secrets_init().
      libcli: Check schannel state return value of tdb_transaction_commit().
      nsswitch: Fix wbclient BAIL macros.
      krb5_wrap: Remove dead code in smb_krb5_renew_ticket().
      s4-librpc: Remove dead code in smb_send_request().
      s3-tldap: Fix dead code in tldap_sasl_bind_send().
      s3-lib: Fix push_ucs2() for-loop.
      s3-libads: Fix copy&paste error in ads_keytab_add_entry().
      s3-rpc_server: Fix useless check if we still have a valid string.
      libwbclient: Fix null check in process_domain_info_string().
      libcli: Fix smb2cli_ioctl_send() if clause.
      s3-vfs: Fix typo in readonly_connect().
      s3-rpc_server: Fix a possible null pointer dereference.
      s3-vfs: Fix a null pointer deferference in vfs_media_harmony.
      s3-winbind: Fix null pointer dereference in store_memory_creds().
      s3-rpc_server: Fix null pointer derefs in rpc_pipe_open_interface().
      s3-libsmb: Fix a possible null pointer dereference.
      s3-netapi: Add missing break in NetUserSetInfo_r().
      s3-lib: Make it clear that we want to fall trough here.
      s3-rpc_server: Make it clear we want to fall trough here.
      s4-dsdb: Make it clear that we want to fall trough here.
      libgpo: Make it clear that we want to fall trough here.
      s3-lib: Cleanup transfer_file_internal() a bit.
      s4-libcli: Use a do-while loop.
      s3-rpc_server: Fix username and remote check.
      s3-libsmb: Remove check if array is NULL.
      s3-prefork: Directly fail if tevent_req_is_unix_error() fails.
      s3-idmap: Check return value of string_to_sid().
      s3-rpcclient: Fix cmd_eventlog_readlog() null pointer passing.
      s3-rpcclient: Fix cmd_eventlog_loginfo() null pointer passing.
      s3-net: Fix rpc_service_list_internal() null pointer passing.
      util: Add a strict directory_create_or_exist function.
      Use the new directory_create_or_exist_strict() function.
      s3-lib: Use new strict directory create function in create_pipe_sock().
      printing: Create default architecture directories on init.
      BUG 9574: Fix a possible null pointer dereference in spoolss.
      ldap: Remove obsolete convertSambaAccount script.
      waf: Fix pdb_ldap which cannot be built as a module.
      Rename pdb_ldap to pdb_ldapsam
      waf: Make sure we link against samba-util.
      winbind: Make domain_name const in wcache_ndr_key().
      messages: Use uint8_t type.
      winbind: Use uint8_t type and use const where needed.
      winbind: Correctly cast name to messaging_send_buf().
      ndr: Comparing an array to null is always true.
      libsmb: Fix possible null pointer dereference.
      torture: Fix samsync domain_name checks.
      nmbd: Fix request data data processing.
      s4-libcli: Add null check for ndr functions in rap.
      s3-tldap: Make sure we don't deref a null pointer.
      librpc: Add NULL check for ndr functions for epm bindings.
      s4-libcli: Check return code of smbcli_request_setup().
      ndrdump: Check return value of ndr_pull_init_blob().
      pyauth: Check return value of lpcfg_from_py_object().
      s4-libcli: Check return value of smbcli_request_setup().
      pdb: Fix array overrun by one.
      torture: Fix array access in spoolss test.
      torture: Fix memcmp of short buffer.
      torture: Make sure we don't overrun the buffer.
      s4-client: Don't leak resource handle.
      s4-client: Don't leak file descriptor.
      s3-net: Don't leak username.
      s3-spoolss: Don't leak memory.
      s3-lsasd: Don't leak file descriptors.
      s3-param: Don't leak file descriptor.
      s3-vfs: Don't leak file descriptor.
      torture: Don't leak file resource handle in spoolss test.
      s3-smbd: Don't leak subcntarr array.
      winbind: Don't leak memory on return.
      wbinfo: Fix several memory leaks.
      s3-torture: Don't leak memory.
      s4-client: Don't leak memory.
      winbind: Don't leak centry memory.
      s4-registry: Don't leak memory on error.
      s4-registry: Don't leak file descriptor.
      s4-cifsdd: Don't leak memory.
      s4-policy: Fix memory leaks in push_recursive().
      smbget: Fix file descriptor leak.
      smbpasswd: Don't leak memory.
      ndrdump: Don't leak plugin handle on error.
      s3-libsmb: Don't leak memory on error.
      s4-lib: Don't leak plugin handle on error.
      s3-vfs: Don't leak file descriptor on error.
      lib-util: Don't leak file descriptor on error.
      s3-rpc_server: Make sure that fd is really closed on error.
      winbind: Use talloc for allocating domain, dns, forest and dc name.
      winbind: Correctly use names in the domain struct.
      winbind: Fix samba3.winbind.struct test.
      waf: Correctly check for prctl in just one place.
      lib: Add prctl_set_comment to utils.
      s3-daemons: Set the comment field of the daemons.
      krb5_wrap: Make sure we don't dereference a NULL pointer.
      winbind: Fix no memory check in _wbint_PingDc().
      s4-client: Make sure entry is a valid string.
      s4-libregistry: Make sure we don't dereference a NULL pointer.
      s4-libregistry: Fix path check and improve while loops.
      gensec: recv_handler can't be NULL at that point.
      dsdb: Check for pointers before we deference them.
      s4-libregistry: Improve NULL handling of name.
      Make sure to set umask() before calling mkstemp().
      pidl: Add skip option to elements.
      ndr: Add ndr_ntprinting_string_flags() function.
      idl: Add flags for strings in ntprinting idl.
      ndr: Pass down string_flags in ndr_pull_ntprinting_printer().
      s3-net: Add encoding=<CP> to 'net printing migrate'.
      s3-net: Add encoding=<CP> to 'net printing dump'.
      torture: Add ntprinting latin1 test.
      torture: Update ndr README.
      BUG 9735: Fix winbind seperator in upn to username conversion.
      epm: Increase debug level for already registered endpoints.
      BUG 9758: Don't leak the epm_Map policy handle.
      BUG 9699: Fix adding case sensitive spn.
      BUG 9139: Fix the username map optimization.
      BUG 9766: Cache name_to_sid/sid_to_name correctly.
      BUG 9817: Fix 'map untrusted to domain' with NTLMv2.
      waf: Create a better wscript for finding ncurses.
      regedit: Don't panic if we can't open the file.
      regedit: Remove talloc leak report.
      regedit: Improve the while loop.
      regedit: Use color only when available.
      krb5wrap: Move mask to the right position.
      s3-libads: Print the debug string of a failed call with LDAP_OTHER.
      tevent: Link the tutorial on the mainpage.
      tsocket: Pass the full port number to getaddrinfo().
      tsocket: Pass the full port number to getaddrinfo().
      torture: Fix comparsion of uninitalized bytes.
      torture: Don't segfault in raw.session on error.
      torture: Don't segfault in smb2.session on error.
      selftest: Fix domain name of plugindc.
      selftest: Add a newline to root entries in the nss files.
      selftest: Use higher ip numbers.
      s3-winbind: Allow sec_initial_uid() to store creds.
      torture: Fix comparsion of uninitalized bytes.
      torture: Don't segfault in raw.session on error.
      torture: Don't segfault in smb2.session on error.
      selftest: Fix domain name of plugindc.
      selftest: Add a newline to root entries in the nss files.
      selftest: Use higher ip numbers.
      s3-winbind: Allow sec_initial_uid() to store creds.
      s3-winbind: Do not delete an existing valid credential cache.
      s3-waf: Rename regedit to samba-regedit.
      docs-xml: Remove obsolete swat manpage and references.
      nsswitch: Add OPT_KRB5CCNAME to avoid an error message.
      s3-libads: Print a message if no realm has been specified.
      s3-winbind: Fix a segfault passing NULL to a fstring argument.
      Followup patch for BUG: https://bugzilla.samba.org/show_bug.cgi?id=10082
      s3-winbind: Don't set a default directory for DIR.
      s3-winbind: Add support for the kernel krb5 keyring buffer.
      doc: Update documentation of pam_winbind krb5 support.
      idl: Add a new message for winbind domain states.
      s3-winbind: Add functions for domain online/offline handling.
      s3-winbind: Register handlers for domain online/offline messages.
      s3-winbind: Send online/offline message of the domain to the parent.
      vfs: Fix building the glusterfs module.
      vfs: Fix some build warnings in glusterfs.
      util: Remove 32bit macros breaking strict aliasing.

Andrew Bartlett (8035):
      Remove warning about trapdoor systems for non-root mode.
      Added the basic tests of smb functionality for HEAD
      Changed some of the tests around, made failures for parts actualy count
      Add the generic funcions file for the basicsmb tests
      Jigger around with the tests a bit more
      This should return the build to normallity.
      Make smbtorture return status values for use in the build_farm tests.
      Not all OSs have setbuffer, so we better check for it.
      Start of smbtorture based testing.  Not all of smbtorture's facilites
      We need strict locking to pass LOCK4
      Fix the torture test, we had the wrong file-name in the tests
      This fix from Eelco Vriezekolk <eelco at nexus.com.na> is for a SIG11 bug where we
      Running torture-RANDOMIPC on the build farm doesn't go down as a 'good idea' as its logsfiles are BIG!
      See if we can stick to slightly valid C..
      This brings HEAD into line with SAMBA_2_2, they now both use bindir.
      Allow us to vary the log-level, so we can run at level 1 normally,
      Allow user to specify CFLAGS even when using configure.developer
      Update smbtorture in line with SAMBA_2_2
      You can't dump_data() a function pointer...
      Add backend encryption support for NTLMv2.
      Add a new paramater:  add machine script
      Fix the loading of configuration files using the include syntax.
      This removes unused paramaters from various authtication functions, and should
      Update tests, start testing password server code, now I have it working and
      Try to avoid clashes with OpenSSL when built --with-ssl, they also have md5.h,
      This fixes security=domain, which has been broke since the big charset
      Fix tree breakage, the last change was entirly non-portable, and we already
      This backs out my last change, which broke some of the finer points of RPC
      I think this was just a typo...  If there was some method to the madness then
      Some minor doco on what the build_farm dir does
      This should fix the build, I think tpot just missed the file for his CVS
      This patch fixes up a few issues where we would do lookups in the local system
      This is my 'Authentication Rewrite' version 1.01, mostly as submitted to
      This is the fix for the PAM bug I probably introduced in the previous commit,
      Record the NT_STATUS constant rather than its number in the logfiles
      Some better debugs for our security=server code.  I want to track down why
      Try to set the socket options early for some OSs (like Sol 8) where they
      This patch does a number of things, mostly smaller than they look :-)
      Kill of idra's extra become_root()/unbecome_root() now I have fixed the actual
      One less getpwnam() call...
      Style cleanup for the last vuid change.
      smbd/auth_server: Doco, we want to use cli_nt_error here soon
      Restore a debug I think I dropped earlier
      Move read only check into a helper funcion.  Ensure conn->service is set
      Move admin user check into a helper function.
      Move the claim_connection stuff till a little later in the process.
      OK, so not freeing these was a mistake.  I'll try to be less exuberent next
      Add comment to clarify why we call this twice.
      Add a new option to disable our paranoid server check.
      A few changes:
      Fix up some unused variables  and functions, fix up formatting
      Fix to only send the status32 error for status32 clients, not to other
      As per plug-fest discussions this paramater no longer defaults to the value
      Fix up some compile issues.  We can't have C99 comments and add a smattering
      Change the description on --with-pam_smbpass to make it clearer - some peope
      Finally commit my fix to this little mess...
      Now that we always get back an NTSTATUS code actually pass it on to the
      Update manpage for new 'add machine script' paramater
      Actually fill in the status for sainity checks
      Restore the profiling data shmem parinoia.  This whole area needs to be
      Fix up NTSTATUS stuff in rpcclient's help function
      This looked suspicious now we are attempting to to NTLMv2.
      Oops...  For reference, NTLMv2 passwords are > 24 chars in length, while
      update for .proto.stamp
      Kill off the //server/share%user hack in share level security.
      Looks like it missed these.  make_connection now no longer takes a 'username'
      Kill off the dangerous passwd program default, as its both very
      Start pushing the NTSTATUS stuff out to the wire for session setups.
      Fix up workstaion and kickoff time checks, moved to auth_smbpasswd.c where
      Minor tidy-up.
      Fix (I hope) for a number of little compile warnings found by the IRIX
      Fix compile warnings on IRIX's cc.
      Reverse some of the breakage I commited a day or two ago, as we need to
      fix debug
      Fix (I hope) compile on HP-UX.  Found by the build farm.
      Remove the ugly hacks to get around the Get_Pwnam() calls in pass_check.c by
      passdb/pampass.c and passdb/pass_check.c are not passdb related at all,
      Use lp_private_dir() not magic on the lp_smb_passwd_file() output.
      This isn't used anymore
      printf() -> d_printf()
      Add the ability to display Samba's build options with smbd -b and as a level 4
      Adding the appropirate files might help...
      Reran autoconf, autoheader
      Try to fix up the shell syntax
      - Fix up to use sampass->username insted of user_info->smb_username
      Revert this one:  The NTLMv2 checks need the original username as found
      Fix for MiXed and UPPER case usernames with plaintext PAM passwords.
      Add and modify some of the various tests I have had sitting around here for a
      Rearrange the ordering of the checks in make_connection().  The new order has
      Check 'hosts equiv' and 'use rhosts' compatability with 'hostname
      Fix up the test for some of the quirkier hosts on the farm, and enable one
      We are not meant to touch the username, so use the pass->pw_name output rather
      Move pass_check.c over to NTSTATUS, allowing full NTSTATUS from PAM to wire!
      These are RIDs not Unix UIDs so make this clear in the feild names.
      Fix up NT_STATUS return for session setups, Win2k objects to anything other
      Zero out these pstrings before we start: makes for much easier debugging.
      Lets call an NTSTATUS an nt_status, not an ecode.
      Add .headers.stamp
      If we disable hostname lookups we can at least get a uniform answer for testing
      Try to fix up manpage installation
      Change ./configure.developer to stay in effect across a
      Fix up the ./configure for the BSDs:
      Don't segfault when deleting accounts not in /etc/passwd.  The RID we want is
      Finish Jeremy's passdb merge :-).
      Update build_options.c in line with new configure options.
      We don't use a modified 'user' in any case, so don't modifiy it.
      More updates to prevent account-guessing.
      Add a new interface pdb_set_plaintext_passwd() to the passdb.  This simply
      Fix up pdbedit to initialise its structures with the standard functions,
      Fix up TDB_SAM with repect to case sensitvity.  (need to use unix_strlower)
      Fix the uninitialised variable, but more importantly fix the SEGFAULT.
      Make use of the pdb_set_plaintext_passwd() update to vastly simplify
      Update for new pdb_set_plaintext_passwd() interface.
      Fix this to use the plaintext password code directly, like SWAT does.
      Rearrange the order of the checks in auth_smbpasswd.c, always check passwords
      Process the workstation trust account code INSIDE the authenticaion subsystem,
      Kill of the reply.c end of the workstaion trust account mess.
      Fix memory leak in get_sampwd_entries(), reindent for clarity.
      Kill unused variables
      Major update to pdbedit's import and export code, in line with reqests for it
      How the heck I missed this I don't know, but somehow I got a copy-and-paste
      Add a few const statements to various odd bits of the tree.  (Fixes some
      Fix up a number of intertwined issues:
      This is the passdb section of the previously mentioned commit.
      Finally kill off the SMBENCRYPT() macro.
      Make header comment clearer, these are RIDs, not UIDs.
      Small changes to register_vuid ahead of a larger restructure.
      Don't try to write the LM password in the NT password feild.
      move libsmb/domain_client_validate.o around in the makefile again, it really is
      Fix up indenting in out SAM password check code.
      Fix for compilation on non-krb5 systems
      Restore the intended behaviour for .headers.stamp
      samba-bugs at samba.org -> samba at samba.org
      A few spelling fixes from Vance.  <vance at digital-host.net>
      Fix up the Makefile for now (thanks herb).
      This commit is number 1 of 4.
      This commit is number 2 of 4.
      This commit is number 3 of 4.
      This commit is number 4 of 4.
      This patch applied, except without the structure changes to nmblib.c
      More spelling and grammer from Vance. <vance at digital-host.net>
      Add a bit of 'const' for the data_blob code.
      Fix up auth_smbpasswd.c to use the password interface, rather than the
      Fix up smbpasswd -e/-d  so that it doesn't change the password under you any
      Spnego on the 'server' end of security=server just does not work, so set the
      Parionia to ensure people don't install libsmb based programs setuid root.
      Small 'const' updates ahead of some AuthRewrite merging.
      SPNEGO works perfectly well with security=domain, so don't exclude it.
      More const.
      This is a farily large patch (3300 lines) and reworks most of the AuthRewrite
      Small changes for guest authenticated pipes.
      ... and clean up the unused variables.
      Fix up domain logons.  Tested with NT4.
      When you make a data_blob() then you probably need to free it too...
      This should fix up the compile with krb5.
      Various post AuthRewrite cleanups, fixups and tidyups.
      Return 1 (rather than 0) on failure.  This may well help get the build farm
      Move the test for non-SPNEGO session setups when using SPNEGO, becouse its a
      Minor cleanups/fixes in the NTLMv2 code
      anonymous logins are guest logins, so mark them as such. (Otherwise they can
      Fix up pdbedit so that it at least compiles without warnings.
      Fixup for accounts without a local /etc/passwd entry.
      Fix up authenticated pipes in line with vuser changes.  This ensures that global
      Fix segfault. sup_tok might not always be with us.
      Initilising these variables before appending the domain groups to them
      UGLY HACK to get machines to join tdbsam domains again.
      Change to guest logon code.
      This change updates lp_guestaccount() to be a *global* paramater, rather than
      Remove built-in support for clear-text kerberos authentication.
      Minor updates.  A small dose of const.
      This extra check isn't needed, we can only get here if secuirty=domain
      make sam_account_ok static.
      Add back the not null checks in a better place.
      Fix up some DEBUG()s
      Kill off 'restrict anonymous' becouse it is useless in its current form.
      Code duplication is bad.  So add an add_signiture() function and just refernce
      Fix up the build again...
      Update some of the error mapping, based on on-the-wire observations of an NT4 server.
      Kill off that crazy copy_sam_passwd().  You simply can't do that if the
      This is another rather major change to the samba authenticaion
      And add the winbind module I missed in the last run.
      Fix ./configure --enable-developer warnings (shadow of global)
      Unless the error is exactly NT_STATUS_OK, we might not have a server info, so
      Add a new torture test to extract a NT->DOS error map from an NT member of a
      oops, I forgot to include the header file
      Add the PDC end of the smbtorture test for creating an NT_STATUS -> DOS error
      This compleats the of the authenticaion subystem into the new 'auth'
      And delete domain_client_validate.c...
      Fix up the build farm again.
      prevent proto from picking up this as a defintion for 'main()' becoue it conflicts with nmbd's definition.
      A number of things to clean up the auth subsytem a bit...
      Fix debug
      Fix --enable-developer shadow warning
      Some random updates for the ADS-HOWTO
      Allow kerberos to work on RedHat and other non /usr systems again
      Make better use of the ads_init() function to get the kerberos relam etc.
      Fix up the ./configure tests for kerberos.  This ensures a more consistant
      This is another major rework of the 'net' command.
      Forgot this one with the last commit...
      This change reworkes the connection code for both rpcclient and net new
      This comment no longer applies.
      Fix up funtion name, as this finds local, not domain master browsers.
      Some changes to the name resolution code in 'net' to allow us to find a
      Add 'net rpc join' to match the ADS equiv.
      smbpasswd is *ugly*!
      Const religion for some of the RPC code.
      Ditto on the const religion.
      Add a mechinism to allow for sane porting of rpcclient components into the new
      Follow herb's suggestion and don't strdup a string to itself.
      Follow herb's suggestion and don't strdup a string to itself
      Split out the name resolution code into a seperate function
      Make it easier to construct anonymous connections with a new flag and helper
      Add a new flag for anonymous connections
      Ensure we fill in the %U for NTLMSSP connections
      Add a couple of extra debugs for the secrets.tdb stuff
      OK.  Smbpasswd -j is DEAD.
      Ensure that 'use spnego' restricts, rather than just advises our clients.
      Leak less memory.
      Fix segfault, and add a comment.
      By popular demand: a new config.guess and config.sub
      Make Samba compile on RH 6.2 again.
      Fix the compile on systems without a full kerberos kit.
      Finish idra's cleanup of the RPC remote shutdown code.
      Finally remove these files, which moved (by cvs backend magic) to source/auth
      Add a pile of doxygen style comments to various parts of Samba.  Many of these
      Allow this to build without LDAP, as per the example below it.
      Make --with-tdbsam compile again, given the new 'am I setting a default' flags.
      Give the main loop talloc context a name (using mbp's new talloc naming
      Fix up the comment in the copyright header
      Add 'net rpc shutdown' and 'net rpc abortshutdown'.
      Ensure the output cli can't have spurious values if the connection fails...
      Named constants are always much better than magic numbers...
      Fix up C99 comment.
      Add a specialised version of tpot's libsmb samlogon code for use with
      A farily large commit:
      Further rpc_client removal, this time from winbindd.
      Now that winbind doesn't rely on this, we may as well remove it...
      Allow usernames in the form of 'NT_STATUS_....' to map to that as the error
      Add a function to convert 'NT_STATUS...' strings back into their actual error
      This brings the NT->DOS error mapping into better line with what NT does.
      Minor update to make the output 'real C'.  (The output is intended to be a C
      Another touch of 'const'
      Actually enforce the passdb API.
      We go to a lot of effort to avoid strcpy() in Samba, but its not much use if
      Re-add bail on failure.
      Workaround some 'smarts' in Win2k.
      A few changes to always output the erorr mapping even when the error was
      Make a couple more of the warnings also be C comments
      Update the NT_STATUS -> DOS error table.
      Add a touch of const
      One line fix to get smbmount working again.
      Add a comment on how this error map was derrived.
      Add a talloc varient of the data_blob functions.
      I've decided to move the auth code around a bit more...
      Fix up the SPNEGO segfault.
      Some more SPNEGO fixes.
      Get this code back to where it belongs...
      This changes the winbind protcol a bit:
      Return the winbind separator over the socket, so programs don't have to parse
      Take a stab at keeping the doco current :-)
      Fix up 'net ads join' to delete and rejoin if the account already exists.
      Back out the crazy notion that the NTLMSSP flags actually mean anything...
      The DC is meant to be sent the *unmapped* username...
      Make this error match Win2k.
      Move all the pdb_get...() and pdb_set...() functions to a new file.
      Thanks to vance for spotting the missing Makefile.in commit.
      Many thanks to Alexander Bokovoy <a.bokovoy at sam-solutions.net>.
      I'm doing some things towards the NamedPipes game with lckl and he has asked me
      Re-indent these two functions to make it actually possible to understand their
      A couple of coding syle updates to follow the re-indent.
      Fix a segfault in auth/auth_domain.c error cases.
      Initialise cli variables and try not to do a cli_shutdown() of uninitialsed
      I like --enable-developer, but I find it rather usless when all it gets me is a
      rerun autoconf
      Change the passdb interface to use allocated strings.
      Commit the auth associated changes I missed from the last commit.
      For some reason I wasn't thinking about failure cases this morning...
      Move the bang (!) command back to the bottom of the list, allowing smbclient
      A nice *big* change to the fundemental way we do things.
      This is the 'winbind default domain' patch from Alexander Bokovoy
      Don't do tridge's crazy 'am I a trusted domain' lookup for guests.
      Update the build farm's test runlist and make it a bit easier to read.
      Fix up runlist botchup.
      This patch makes the 'winbind use default domain' code interact better with
      This is the current patch from Luke Leighton <lckl at samba-tng.org> to add a
      Fix a couple of memory leaks in the cli_establish_connection() code's failure
      Add a touch of 'const' to some auth components, and move the simple plaintext
      Kill off the old varient of 'check_plaintext_password' (new version just
      Fix up an embarrsing bug I introduced when I moved the id21/id23 -> SAM_ACCOUNT
      Kill off another ugly wart from the side of the passdb subsystem.
      This is another *BIG* change...
      Try to see if we can get these tests working...
      Vance and his eagle eyes spotted a copy and paste error in my smb.conf updates.
      A couple more little fixes for the domain security tests.
      This should get the oldstyle domain join tests working again.
      Also echo the smbpasswd command line
      Fix the negation of the extra parinoia check on machine password changes.
      Inititialise the gid to what standard_sub_advanced wants for 'no value'.
      Add the -s command to keep smbpasswd quiet during the tests.
      One less Get_Pwnam_Modify call!
      getpwnam -> getpwnam_alloc
      getpwnam -> getpwnam_alloc
      Change the order of this a bit - as unix password change can fail.
      getpwnam -> getpwnam_alloc.
      Bring auth_winbind into line with the protocol changes
      Fix a 'const' warning.
      Passdb changes:
      Change this code so that we don't do a lookup_name() on root.
      Add some information tidbits to an error DEBUG().
      Try to move towards slightly sane linking for Samba by removing some pdb_...()
      Try to get the compiler not to complain about assignments and truth values...
      These changes commited on a 'no less broken' basis.
      The new plugable password backend system needs to be initialised after
      fix typo
      Fix up a security issue with the way we handle domain groups retuned on the
      This always points at a string literal, so it probably should be 'const'.
      Remove the 'direct to winbind' hacks, as they should (if I understand
      Allow a winbind client to obtain the server's domain name.
      Change the winbind interface to use seperate 'domain' and 'username' feilds for
      local_lookup_name() doens't acutally use its 'domain' argument, so drop it and
      We may as well not use these temporary variables - they are only used once and
      Move the lsa code across to the changed args for lookup_name, and surround it
      Add the become_root()/unbecome_root() wrapper around the lookup_name() call,
      Rework lookup_name() to take seperate username/domain args, and to remove
      Make a talloc'ed copy of this strings so we can pass the right kind of pointer
      Bring this code into line with new winbind_lookup_name() interface.  I think
      Back out some of the less well thought out ideas from last weeks work on
      - Provide sid->name lookup support for non-unix accounts.
      Give pdbedit a -D paramater for setting the DEBUGLEVEL (makes debugging passdb
      Patch from Kevin Stefanik <kstef at mtppi.org> to do some more error checking for
      Yes, dev is an 'input/output' paramater...
      Some more 'winbind default domain' support patches from Alexander Bokovoy
      Name another talloc.
      An attempt at producing the correct Makefile magic for wrepld_proto.h to be
      Back out herb's changes (to allow smbpasswd -x to work on accounts outside
      Initialise some SAM_ACCOUNT structs to NULL, and add some more error checking.
      Make smbgroupedit a little easier on the user.
      A new simpiler syntax demands a new simpiler HOWTO.  (This can all be reverted
      Drastic impromvents to pam_winbind.
      See if we can get slightly valid C for the non-PAM case here.
      Fix use of uninitialsed variable in PAM code
      Try to get this finally working.  (Note to self: *always* check build farm...)
      Fix up some of the DEBUG lines in winbind_pam.c
      Do the reverse DNS lookup, but only if 'hostname lookups = yes'
      Fix up some braindamage in the testsuite.
      A few small winbind updates:
      Winbind cleanup.
      Try not to malloc -1 bytes (apx 4GB) when the data is already in error.
      dont strdup() possibly null values.
      in dos_unmangle() the only function call was to *mangle()*.  Adding the
      Patch from Hasch at t-online.de (Juergen Hasch) to add UTF-8 as an explict
      Thanks to David Edward Shapiro <David.Edward.Shapiro at btitele.com> for spotting
      This fixes a bug (spotted by Rafal Szczesniak <mimir at diament.ists.pwr.wroc.pl>)
      Try to catch the compilers that don't handle immidiate structures as well as we
      rerun autoconf
      Add the pdb_plugin module from Jelmer Vernooij <jelmer at nl.linux.org>.
      Also add the matching example pdb module.
      Get rid of the unused WL variable from the previous patch.  I think these were
      We can't build shared libs on sco, so no point attempting to export dynamic
      Rerun configure
      Make this function static
      This apparently makes winbind work on Solaris again
      "user doesn't exist" isn't worthy of a level 1 debug.  Make it level 3.
      This should fix up the level 0 'convert_string' debug messages that we have
      This should kill off the 'cannot convert' error messages on non-iconv hosts.
      Fix up the pull_utf8_fstring/pstring functions, and add their push eqivilants.
      Move wbinfo over to d_printf().  Patch by Hasch at t-online.de (Juergen Hasch)
      Various comment fixes from Rafal Szczesniak <mimir at diament.ists.pwr.wroc.pl>
      See if we can get a slight chance of this actually working...
      use the variable passed as a paramater, not just one randomly in our namespace.
      Another comment fix for mirmir
      The beginning of trusted and trusting domain support from
      Missed the Makefile.in update...
      Add a dash of const here and there...
      And a little more const.
      Fix up the trusted domains secrets code so as to have a slight chance of
      Missing include file update for the secrets.c trustdom changes
      Remove util_list.h, as its matching .c file has already gone, and nobody is
      Allow Samba to trust NT4 Domains.
      more const
      This patch merges my private LDAP tree into HEAD.
      This is now unused
      Move these inside the #ifdef to fix the compile on non-LDAPsam systems.
      This patch allows NT4 domains to trust Samba.
      Matching header files for the last netlogon cleanup.
      Some more fixes to enusre we execute the same code pathes as before this
      Move the directory creation process outside the 'installbin.sh' script, and
      I don't need my name on this twice :-)
      Fix typo in copyright
      Ensure we never use "" as a domain name (Win9X apparently does this for 'net use' duirng login).
      Actually include some *information* in the mangle debug messages.
      Allow us to see the difference between these two errors.  (We need to chase
      Fix a double-free bug in wbinfo -t's call in winbindd.
      Allow a zero rid in pdb_smbpasswd.  When given a zero rid the pdb backend
      Make ldapsam compile again.
      Make sure to initaliase SAM_ACCOUNT pointers to NULL, otherwise pdb_init_sam()
      Don't leak memory on failure.
      There is no reason we can't join a domain with secuirty=user.  In fact we
      Join as a server trust account if the server role is either PDC or BDC.
      Various winbind updates:
      Minor fixes:
      Patch from Hasch at t-online.de (Juergen Hasch) to add allocate and talloc
      Update some of the DEBUG()s in Get_Pwnam_internal()
      Make a number of the lookup tables 'const'.  I'm told this assists in sharing
      rerun autoconf
      Correctly store the hostname of the remote machine if so configured.  If the
      Extra parinoa and DEBUG()s for the make_user_info_map() code.
      Documentation updates.
      add {push,pull}_ucs2{allocate,talloc}() functions.
      More winbind for HPUX updates from Don Mccall.  I think JRA has already
      Fix up major logic reversal flaws in pdb_ldap.
      Reintroduce the 2.2 name mangling code, until we get are more flexible solution.
      Add a become_root()/unbecome_root() pair to allow acces to the passdb for
      Much better support for both non-algorithic RIDs (where the RID is stored in
      Remove : from the list seperators, as this is used to seperate out components
      Make our atomic increment code actually do this during its first/second run.
      This is the 'multiple pdb backends' patch from ctrlsoft, aka Jelmer Vernooij
      Better handling of uid/gid -> RID and RID -> uid/gid code.
      More updates from ctrlsoft. (Jelmer Vernooij <jelmer at nl.linux.org>)
      Doco update from Hasch at t-online.de (Juergen Hasch)
      Fix the compile-bug in pdb_ldap from my last patch.
      Patch for arbitary smb.conf paramaters (to make the life of plugin maintainers
      Fix the build on platforms that use our internal popt.
      As always, vance looks after the grammer... :-)
      Partly based on the work by mimir (Rafal Szczesniak
      Extra file for the tdb search code (linked list definition).
      Another patch from jelmer:
      Spelling fixes from vance
      Allow -c to specify the location of the config file, and fix up some handling
      Get the sco boxes compiling again - use the sys_ intefaces for all the dl*
      more dl* -> sys_dl* for sco
      Update the doco for the LDAP options in smb.conf, in line with code changes
      This removes --with-ssl from Samba.
      A few more trusted domains updates from mimir.
      Make Get_Pwnam use getpwnam_alloc() in an attempt to make it segfault rather
      Check paramters for NULL.
      Add a touch of const
      Make non-static for some later work (pushing the info3 across the winbind
      This is meant to be accessed via the helper fn, not directly.
      Make --with-ldapsam 'go away'.  This is now a standard, stable, feature
      A few things in this commit:
      As per rsharpe's request, require only a Masters in Astrophysics to
      Make smbpasswd at least slightly sane.  This kills off some of the
      Include the extra #define for the last set of smbpasswd mods.
      Remove const from some functions to match the changed prototype in a
      Oops, I missed commiting this earlier.
      Move client_receive_smb to clientgen.c as a static, as proposed by Elrond.
      Remove unused files.
      Keep the compiler happy
      Updates for sane storage of ldap root DN passwords (tested, with upgrade
      Commit the header file for the LDAP/secrets  changes
      Fix a silly memory (getpnam_alloc()) leak spotted by Elrond, and move
      Add a bit more const, and kill of (finally!) sys_getpwnam and sys_getpwuid.
      Nobody uses this function, and there really doesn't seem much point to
      Given Jeremy's positive response, and a lack of one from tpot, I'll commit
      Nobody uses this, and its really just a layer of internal implementation.
      This function is unused, and doesn't make any sense to me anyway.
      Make function match the defintion require for assignment as a function
      Don't duplicat this here, use the existing function prototype.
      Move the authenticaion subsystem over to the same 'module:options' syntax
      Remove the password length paramater from cli_full_connection - it really
      Some of the updates from ctrlsoft's 'Various' patch:
      Some grammar fixes picked up from the bugs.debian.org, submitted by
      Name the authentication modules, and therfore fix up both the build farm
      Remove unused variable, fix functions to match prototypes in the various
      Only reterive the attributes we are actually going to use - rather than
      Clean up a few unused functions, add a bit of static etc.
      Update some of the LM hash code to better respect the seperation between
      Add support for NTLMv2 (tested!) with NTLMSSP.
      Updates to better report some NTSTATUS errors into PAM, and update to PAM
      Update the SAMR pipe for more use of NTSTATUS and to talloc the stored list of
      A couple of updates for the SmbEncrypt code, and some of its users.
      Add flags2 for security signitures
      Move the code from lib/util_sid.c that deals with the global_sam_sid into
      Globally replace 'global_sam_sid' with get_global_sam_sid(), a self
      Fix comment
      This (hopefully) fixes a bug reported by Kai Krueger <kai at kruegernetz.de>
      This paragraph is irrelevent and misleading  (needs fix for 2.2 as well)
      Fix up comment on netbios scopes, and remove paragraph about international
      With this file being automaticly regenerated, and cleaned up with 'make clean'
      Remove "sids.h" as it really wasn't being used anywhere, and was exporting
      Latest patch from metze <metze at metzemix.de> to move most of samba across
      Add const, kill of useless casts and therefore eliminate warnings.
      Patch (from ctrlsoft <jelmer at nl.linux.org>) to poptify testparm, and the
      Patch from ctrlsoft to make the pluggable passdb subsystem use an lp_list
      Add some comments on writing new pdb modules. (from ctrlsoft)
      Convenience function to allow a SID to be specified as a string.
      Kill useless cast
      Debug fixes from ctrlsoft
      Some updates from ctrlsoft <jelmer at nl.linux.org> to return failure if *any* of
      It looks like we never tested the 'cleanup' code, so when I triggered it
      Patch from ctrlsoft to use the pdb_sethexpwd function in smbpasswd - instead
      Allow non unix accounts to be added to an ldap directory without NUA accounts
      Add a touch of const to this - helps with some yet-to-be-commited changes
      Add back sys_getpwnam() and freinds to the system.c interface, but don't
      It appears that to match NT we should not use the 'samstrict' behaviour,
      Add another 'trivial' built in authentication module - this one is a
      This patch does 2 things:
      Add the missing makefile from previous commit
      Update the netlogon code to better cope with trusted domains, where things
      Rework much of the service.c code:
      Unsused function since last commit
      Simplify this code further.  Just substitute %H, and let the normal code
      When adding popt to an application, you need to ensure it builds on non-popt
      Fix up some of the SMB signing code:
      Two things:  Check how many paramaters that the LDAP libs take for the
      Further updates to the service.c code.  authorise_login() is now a bit simpiler
      Cope with the requirement for constant initialisers on some unix C compilers.
      make the echo'ed command match the actual command run.
      Raise some debug levels.
      Add module versioning to the passdb module system
      Try to get security=domain at least slightly working.
      Add a couple more DEBUG()s to winbindd.
      Break up samba's object dependencies, and its prototype includes.
      Kill off unnecessary cast.
      Add a .cvsignore file
      And another .cvsignore
      Update cli_full_connection() to take a 'flags' paramater, and try to get a
      Try to avoid infinite loops when reteriving users - even from broken servers.
      I'm going to try and check this against Win2k shortly, but I'm certain that
      Fix the smbmnt compile.
      And fix another missing ubiqx...
      Qualify some of the hexidecimal responses with 0x
      Another bug fix from metze.
      We don't use SSL any more...
      Jelmer has been keeping on top of the typos.
      Kill off codepage related stuff, now we don't use codepages any more.
      Remove invalid comment - these are all 'unix' strings now.
      Fix the forword prototype to be a static for this static function.
      Fix the spelling in the LDAP attributes
      Add my copyright (which I should have added months ago...)
      Make these functions static.  These are not mentioned in the external header,
      Break up the passdb objects (to allow RPC clients to link without brining in
      Always free_conn() after all the DEBUG()s etc.
      Patch to add security descriptors to the SAMR pipe.
      More code from "Kai Krueger" <kai at kruegernetz.de>, this time starting to make
      Fix debug comment.
      Increse the maximum non-unix-account ID (becouse the Compaq Test Drive systems
      Copy the NT_TOKEN to the pipe, so the SAMR can use it for access control.
      Updates to the 'name -> sid' code:
      (this should have been part of the previous commit)
      Jerry:  Sorry if I am stepping on toes here, but this should fix the compile on
      Fix const warning
      Kill off const warnings - add a pile of const to various places.
      Make it clear that the debug comment is the same as the command being tested
      If we get a SID from group mapping, no need to check it's prefix.
      This makes smbcacls a bit easier to use and debug.
      Make smbpasswd behave like all the other backends, where a NULL or invalid
      I just noticed that I never added my copyright when I messed with this
      Make smbmnt a standalone program from a linker point of view.  Hopefully this
      make this a ZERO_STRUCTP for consitancy with the rest of Samba.
      Move nttrans.c into the NTSTATUS age.
      Fix up a botched prevoius commit.
      Apply patch from "Kai Krueger" <kai at kruegernetz.de> to make it easier to
      Show the account flags in the 'verbose' listing of pdbedit.
      NT_STATUS_UNSUCCESSFUL just gets clients confused - move to NO_LOGON_SERVERS
      Add a wrapper for dup2() to our system.c
      Update the usage for smbgroupedit to document -d for 'description'.
      Add support for a weird behaviour apparently used by Win9X pass-through
      Add support for duplicating stderr into our logfiles.
      Move some startup time initialisation to server.c, so it is all in one place.
      If we can't connect, make sure its a level 0 so we see it, and the reason.
      Fix up char/uchar casts etc.  Fix up comments on some of the password hash
      Update the smbd reply code a little:
      Make it clear that the 'service' isn't to be touched.  (Make it const).
      Add some const to try and get less warnings.
      Try to fix up warnings - particularly on the IRIX 64 bit compiler (which had a
      correctly declare global_myworkgroup to be the right size.
      More fixes towards warnings on the IRIX compiler
      Oops, my bad.  I forgot to assign this, so lookupnames wasn't doing much :-)
      And a little more 'const'.
      Compilers do find bugs :-)
      More use of intermediate variables to avoid issues with pointer size and casts.
      Looks like I missed this earlier.  We should connect as the specified workgroup
      Tpot missed one...
      Another smattering of static and const
      Add some const & static, remove unused functions.
      More cleanups, and add a comment/hint not to clean somthing up in future :-)
      Give an idea what service didn't have the directory.
      Add another message rather than 'internal module error'
      We must be root to access the passdb, so ensure all calls to local_lookup_sid()
      Actually check the return value of the account_policy_get() call.
      Make it possible to query account policy values from pdbedit (set to come soon).
      If lp_add_home() fails, don't go any further, just return -1.
      Clarify this comment.
      I think this makes the debug statement clearer.
      Mimir has been busy with patches again, and sent in the following
      (another patch from mimir)
      Rafal 'Mimir' Szczesniak <mimir at diament.ists.pwr.wroc.pl> has been busy
      This should fix a nastly little bug where if a user had already done one
      Update the rebind code in pdb_ldap.
      A very long time ago (actually 6 months ago) I promised to commit this code
      Clean this code up a little.  If it's alrady asprintf()ed, I see no
      It seems I didn't need to write a dup2() wrapper - as we already use it a
      Another item off my long-term todo list:
      Warn about n^2 algorithm with utmp=yes.
      Fix a missing 'no memory' return in last night's svrsvc code, and use
      Add the ability to set account policies too.
      This patch does two things:
      We don't need this silly unix username stuff.  NT username is basicly unused,
      Add quotes so we can see 0 length strings.
      These are not critical errors, they should not be a level 0.
      These pointers should be for the service we just cloned, not the new service
      Make some of the charconv code a bit easier to read and work with - when we
      Update a pile of Samba's SID lookup code to ensure:
      Only allow 'security=ads' when we HAVE_ADS.
      fix debug, at idra's suggestion.
      Don't accidenity mess with the wrong domain's sids.
      Rework parinioa to ensure we never get passwords longer than MAX_PASS_LEN, nor
      Winbind updates!
      Let everybody enjoy my new toy - make it the default!
      Add the current working document on the interface to the tree that we have
      Now that I got the function arguments sane, remove the silly (void **) casts
      Try to make this easier to debug - display the username that failed.
      I must have missed this when I was adding 'const' to these earlier...
      Back out idra's change (at his request) - the values in the tdb *should* be
      Try to bind with LDAPv3 if possible.
      Add const to a pile of const to *DOM_SID paramaters.
      Add some more const :-)
      Add 'const' to the function prototypes to match the recent commit.
      Patch from Steve Langasek <vorlon at netexpress.net> to split up our -l
      Samba dependency hell claim's another victim...
      Fix the %m security bug again - and try to make it harder to reintroduce in
      Make 'remote_machine' private to lib/substitute.c, and fix all the user to use
      Fix segfault in the new NTLMSSP code.  jmcd:  can you look at this - what
      Add some const to the 'in' paramaters for these functions.
      Make the 'guest account' always have a RID of DOMAIN_USER_RID_GUEST.
      Return the error if get_group_domain_entries() fails.
      Rework the 'guest account get's RID 501' code again...
      The idea of this function is not to touch the argument, so make it const too...
      Becouse of changes to the meaning of this feild over time, this doesn't
      Add 'const'.
      Add const.
      Move tridge's getgrouplist() replacement function from replace.c to a new
      Quick hack to get around the inadequacy of pdb_smbpasswd.  This should make the
      Change which session key we negotiate.  This uses the NT-based session key that
      Based orginally by work by Kai, this patch moves our NT_TOKEN generation into
      Handle wrap-around on this number by making it unsigned.
      Fix pam_smbpass to always check the return value of pdb_getsampwnam() to
      Use the 'init' flag to determine if the UID is set, rather than testing the
      Cope with non-unix accounts - we just won't get the groups for those users.
      This is like jht's (abortive) patch for showing only non-default testparm
      Add tridge's backtrace script - it should at least work for systems with
      More hacks for 'guest account' to get it to show up with the right rid...
      Move comment
      A few fixes towards libsmbclient and rpcclient - get pointer types right and
      Make samsync use popt
      Ensure we don't change to a user that we can't get an NT_TOKEN for.
      We need to return the value here...
      Fix from kai to correctly decode ntlmssp flags.
      Patch from mimir to back out idra's attempted DOS mitigation patch.
      Use a function that actually exists for the keepalive send.
      Steve Langasek <vorlon at netexpress.net> has again attempted to simplify Samba's
      Clarify function comments
      Try to support non-root-mode systems without getgrouplist().
      Our 'guest' login still requires an entry in the SAM - and build farm machines
      Header file change from last commit.
      Some fixes for SMB signing.  I can now get Win2k to correctly respond with a
      I think this should fix the compile on some of the CUPS based machines.
      We don't need the RTLD_GLOBAL.
      paranoid server security defaults to yes
      Add a fix for 'query_disp_info level 2', which should return all machines in
      Avoid writing unitialised bytes to the wire (and consequent valgrind warnings)
      Add a bit of 'const' and move a lot of our 'repeditive' DEBUG() statements to
      Add a dash of static.
      Set default ACB attributes on 'unixsam' accounts.  This means that machine
      Only cache the user list on the SAMR handle for a particular
      Move the fancy NT_STATUS macros to a new file, so we can include them earlier
      Detect and use syslog.h or sys/syslog.h corretly.  Fixes lack of prototype for
      One less user of Get_Pwnam_modify()...
      Add some DEBUG()s to some libads failure modes.
      Patch from "Stefan (metze) Metzmacher" <metze at metzemix.de>
      Revert accidental commit - I'll need to do a fair bit more testing before I
      patch from metze:  add a 'vfs' debug class
      This commit includes part of the patch from metze posted to the list, and a few
      Updates to sam_skel from metze, add sam/group.c and add a DEBUG() to the
      Make it possible to actually build these modules - process the Makefile.in at
      Get our consts back in line with current norms - only for pointer protection.
      Fix some missing ; on the end of our SAM_ASSERT()...
      This is the 'easy' parts of the trusted domains patch n+3 patch from
      Seems I missed commiting this when I added the rest of metze's ADS patch.
      As per the 'OK' at CIFS2002, only use the readline headers (and this crasy
      Winbind client-side cleanups.
      Don't leak file desciptors in this (impossible?) error case.
      This is the 'main' inclue for for winbind clients - all clients should include
      Fix typo.
      Avoid a segfault in net join when you have not done an kinit, and it's falling
      Move to common user token debugging, and ensure we always print both the
      If adding a user to ldap, make sure we have the 'account' structural class, or
      Actually pick up the kerberos libs in RedHat - the previous shell construct
      Header files should not include includes.h - therein lies maddness, particuarly
      Another patch from metze, towards his work on sam_ads.
      Kill of Get_Pwnam_Modify and smb_getpwnam().  The latter assumes some things
      At least try to get this function picked up by the autoprototyper
      This patch from "Stefan (metze) Metzmacher" <metze at metzemix.de> cleans up
      Whenever we deal with adding machine/trusted domain accounts, always reset the
      Metze claims that without this his win2k server gets horribly confused looking
      Fix the circular dependency that was preventing 'domain master = auto' (the
      Make it clear what this if statement applies to, and what it doesn't
      Patch from "Stefan (metze) Metzmacher" <metze at metzemix.de> to do a *much*
      Patch from "Kai Krueger" <kai at kruegernetz.de> to get some more of our access
      Readd the 2.2 --with-ldapsam paramaters so as to allow a smooth upgrade path to
      When compiled --with-ldapsam, make ldapsam the default passdb backend.
      Fix typo
      I missed committing this - all updates to configure.in adding --with-foo
      Some small cleanups to the libads code (mainly error checking), and give a
      Minor updates:
      Vance picked up a pile of typos etc at the CIFS confernce, and finally got them
      Doco patch from metze.  This reformats the 'ldap ssl' docs, and add doco for
      Move a number of ADS related functions out into utility libs, so that things
      Back our volker's patch as was breaking the build.
      Add const.
      This needs to be #ifdef HAVE_LDAP.
      Add const.
      Add the beginings of sam_ads to the tree.
      Second stab at Volker's 'make shadow passwords work' patch.
      Back out one of the API changes, now I recall how it was meant to work.
      Forgot to commit this in the patch changing back the create_user API.
      Try to compile as much as possible with only ldap, but not kerberos.
      Updates for sam_ads by metze - add the start of domain policy searching, and a
      Remove sam/api.c.
      Fix the compile issue in bin/samtest, and make the 'system' token just have the
      Updates from Samba HEAD:
      We are going to need to track the SAM sequence number too.
      Patch from Steve Langasek <vorlon at netexpress.net> to use nice big integers when
      Another patch from Steve Langasek <vorlon at netexpress.net>, again from the
      Patch from Steve Langasek <vorlon at netexpress.net>:
      VFStest uses all of smbd's .o files, so needs -lpam and crypt.
      We already set LDAPv3 at connect time, no need to set it again.
      Nice *big* patch from metze.
      It seems that I'm meant to be using the helper function here, not the struct
      Updates to winbind's PAM client and server - make the debug logs
      Make sure that we always return False if the password change never returns.
      One more step towards to better PDC.
      Try to catch up on the code I've put into HEAD that should be in 3.0:
      Fix a nice little memory leak in our uid changing code.
      Merges from HEAD:
      Fixes for pdb_ldap:
      Return the result code, not false (0 == success) on error...
      Merge passdb from HEAD -> 3.0
      Add a 'ldap trust ids' option that lets pdb_ldap check for posixAccount
      Clean up this a little - add comments describing a bit of what is going on
      Fix typo
      Merge of my 'ldap trust ids' patch from HEAD.
      Extra little fix to vl's patch.  Make sure the passdb and testparm messages
      Any conversion to POPT must *always* add @BUILD_POPT@ or it just won't work on
      Try to fix popt dependencies - we were linking to popt before we built with it.
      Move to the use of the 'initialised' flag, rather than the fact the pointer is
      Fix debug
      Allow 'normal' accounts in the non-unix-account range for smbpasswd - I hope
      Becouse lib/popt_common.c uses POPT, we must not include it in LIB, we must
      VFStest already has pop_common via smbd, so don't link it twice.
      Merge vl's 'algorithmic rid base' patch, and my changes to pdb_smbpasswd's NUA
      Make smbpasswd tell people to use 'net join', not 'net rpc join' now we have
      Make it easier to track things down here - add some debugs on failure.
      Make smbpasswd use the group mapping, and fix spelling in ldapsam.
      Compleatly remove support for logfile truncation.  All logs are opened for
      Merge from HEAD:
      Fix bug where not specifying '-S PDC' in 'net join' would cause it to attempt
      Merge fix for uninitialised IP variable from HEAD
      Kill append_log from smbmount (thanks vance for reminding me).
      Merge append_log fix from HEAD
      - Add some more warning flags for --enable-developer.
      Undo the new --enable-developer flags that caused breakage on gcc != 3.2, and
      Try to bring libsmbclient in line with the new global_myname stuff
      Merge from HEAD
      Updates to the build farm tests:
      Add const to DEBUG() macro.
      When testing for /usr/include/heimdal, don't include /usr/heimdal/include
      Rerun autoconf
      Merge from HEAD:
      Add the rename torture test.
      patch from aedil at alchar.org to correctly detect solaris workshop CC's ability
      Small auth updates:
      Include the hostname we are trying to match with $@, to allow easier debugging.
      Add const to PACKS()
      Add samdump and vampire to 'net rpc help'
      Updates from HEAD:
      Remove the assumption that all Solaris has -lsendfile.
      /bin/sh on solaris swallows the failure code, so exec this directly.
      Merge from HEAD:  Remove assumption that all solaris has -lsendfile
      Merge from HEAD - updates to the build farm, /bin/sh can swallow return values,
      Add support for 'restrict anonymous=2' and make the doco give a slight hint
      Restrict anonymous=2 support merged from HEAD
      Add ntlm_auth, a new program to provide a stable interface to winbind's
      No need to #include smb.h, when we already #include include.h
      Remove silly ideas about taking the LM or NT hash as a password in pam_smbpass.
      Try to twiddle with the makefile to avoid having a trailing \ when we
      Move from NT_STATUS_UNSUCCESSFUL to NT_STATUS_NO_SUCH_USER, and other slightly
      Add support to switch between Squid 2.4 and 2.5 protocols - squid doesn't
      Instead of walking the entire group database, grabbing all members of each
      Having waited for *way* too long, this is mimir's namecache and trusted domain
      After consultation with tpot, remove the 'winbind_domain' environment
      Merge tridge's fixes to pdb_ldap (don't look for number of results in a
      Patch from Paul Green to detect exe extensions, needed for Stratus VOS.
      POSIX indicates that this is always in network byte order, so we don't need the
      Merge from HEAD - Patch from Paul Green to detect exe suffix for Stratus VOS.
      Merge from HEAD, struct in_addr is always in network byte order, so we don't
      Make it clear that we might not be talking to a PDC here.
      Dereference the correct thing here, so we don't segfault
      Remove extra headers, and ensure that we correctly bail out of winbindd if we
      No need for fstring manipulation here (Tcon&X), just use string pointers.
      Link less with smbmnt and smbumount.  Also change from a pstrcpy() to a
      As per Jeremy's request back this out, so as to re-gain the implicit length
      Add a new VFS module, that just fiddles the file permissions.  Still need to
      Move our password change code along a little - use NTSTATUS, and implmenet
      BIG patch...
      Add a dash of static.
      Call me parinoid, but I don't like the idea that we could ever have dbf point
      Add PRINTF_ATTRIBUTE() to a few more printf() style functions.  Aids in
      debugparse is a seperate utility, no need to include it in the main ubiqx
      Becouse these functions return a size_t, they can't return negitive numbers.
      We already have one function to move unistr2 -> multibyte-static, so we
      Merge from HEAD - remove silly 'NT or LM# as password' stuff from pam_smbpass.
      Merge from HEAD - tridge's new timegm() that actually works on solaris.
      Merge from HEAD - add PRINTF_ATTRIBUTE to a few more functions.
      Merge from HEAD - make Samba compile with -Wwrite-strings without additional
      Fix another pstring/fstring typo
      Merge from HEAD - idra's fix for the fact that the shutdown command takes two 1
      Missed from previous commit - merge from HEAD the changes to the remote
      Merge from HEAD - move user password changes into the NTSTATUS era, and add
      Merge from HEAD - mimir's new gencache based namecache code.
      Merge from HEAD - baseless parinoia about never having a closed dbf (the debug
      Merge from HEAD - don't base RID on a name being the lp_guest_account(), let
      Merge from HEAD - extract user's list of SIDs from their NT_TOKEN and return
      Merge from HEAD - we already have one function for converting a unistr2 to a
      Make it clear that the credentials are being setup on the NETLOGON channel, and
      Merge from HEAD - do an nt_errstr(nt_status) *after* assiging nt_status with
      The winbind in Samba 3.0 doesn't use the 'proof' for ntlm_auth_crap, so don't
      Merge from HEAD - vl's fix to my const patch.  Also update the 'not have_krb5'
      Merge from HEAD - whitespace :-)
      The last of the merge of idra's shutdown changes from head...
      Even when I can't manage to do QA, at least the build farm will catch some of
      Merge from HEAD - get the test the right way around, so that we can change
      Clear up the auth_sam password checking code (the core of our password checking
      Merge from HEAD - updates to correctly recognise LMv2, and NT# in LM feild.
      Fix a segfault when we don't correctly load a VFS module (don't keep it in
      Merge from HEAD - handle VFS module load failures, change some error returns to
      No point having this for both parts of the 'if' statement.
      Return the 'freindly' NT error message if at all possible.
      Patch from Nik Conwell <nik at bu.edu>.  Don't reference free()ed data when trying
      Fix a number of client-side fstring/pstring mixups.
      Remove an unused paramter for our old LM-only password change code, and fix a
      A couple more fstring/pstring issues - and move from sizeof(fstring) to
      Use size_t for the counter vars, to match the type they are assigned from
      While the usage is most bisarre, this fixes up another fstring/pstring mixup.
      Make the 'service' in make_connection() use an fstrcpy(), and an fstring,
      Oops, this is the change to use an fstring for the incoming service buffer -
      Keep all the const warnings in one place, by adding a utility function to
      Ensure we do not pass uninitialised data to the kernel.  (Picked up by
      Don't force the DOS password into a 14 char space, as this would imply null
      Fix to debian bug #171071 - we had the wrong dereference on the pointer to be
      Accessing data after it's been free()ed really is a no-no...
      Updates to our NTLMSSP code:
      Patch from ab, to make findsmb omit -r most of the time.
      Patch from metze to to make testparm show values for 'workgroup', 'netbios
      Patch from metze to add what he feels is the correct semantics for a Domain
      Fix typo, and the build.
      Always initialise this variable - and don't set the 'must change now' if it was
      A couple more pstcpy/fstrcpy mixups - doing an fstrcpy into a pstring is
      The last of the fstring/pstring mixups, and an extra 'static'.
      Commit my (disabled) fstring/pstring mixup detection code.
      Merge indirection, signed/unsigned and uninitialiased-value fixes from HEAD.
      Merge from HEAD - eliminated unused arguments.
      Merge from HEAD:
      Merge from HEAD:
      Merge from HEAD:
      Merge from HEAD - patch by metze to fill in 'workgroup' etc in testparm output,
      Fix some debug lines, and add a bit more info to help track down ldap
      Crash fixes:
      Fix warnings by getting the function into a shape the autoprototyper will
      Doing a malloc(strlen(s)) then a pstrpcp(y, s) is just silly, make it a strdup
      Refactor the NTLMSSP code again - this time we use function pointers to
      Missed auth_ntlmssp.c in last night's checkin.  Also keep track of the current
      Fix a signed/unsigned warning.
      Updates to the NTLMSSP code again - moving the base64 decode fuctionality out
      Add LIBSMB_OBJ for the new ntlm_auth functionality.
      (missed in last commit)
      Factor out common code in the NTLMSSP/SPNEGO code.
      The previous patch (NTLMSSP common code factoring) was missing a minor detail -
      Make this an fstrcat(), as this seems to fix some weird issue with the server
      As per a comment by herb a little while back, this should be >=, not == to keep
      Merge from HEAD:
      Make the vampire code use just pdb calls - allowing better operation on systems
      Fix to findsmb by Waider
      Merge from HEAD - fix to findsmb by Waider
      Clear up the winbind doco on ADS support, and specify 'net join' not 'net rpc
      Clarifications for the ADS docs.
      Minor doco updates - with a slightly bigger change to the
      A couple more signed/unsigned issues.
      Make it clear that the magic value is (size_t)-1.
      Clarify that 'use spnego = yes' is fine in all known situations.
      More doco updates, in particular the fact that you must configure the smb.conf
      Always escape ldap filter strings.  Escaping code was from pam_ldap, but I'm to
      More ldap parinoia - if we ever get more than one result, bail.  The order we
      Prompted by RedHat bugzilla bug #77999, convert the user's username and
      Non-error connection numbers are always positive
      One more signed/unsigned fix
      Makefile.in change for ldap escaping fixes
      Bitmap offsets and counts are always positive.
      Merge of signed/unsigned fixes from HEAD.
      Merge from HEAD - convert username/password to unix before checking them in
      Merge LDAP filter parinoia from HEAD, a few other pdb_ldap updates and some
      We now have client-side SMB signing support!
      More signing updates - start checking that the server isn't being spoofed.
      Send the user's session key in the SAMLOGON reply, so that a member server can
      Merge from HEAD: Send the session key to the client, allowing it to perform SMB
      Add some return values, and don't attempt signing for NTLMSSP yet (it uses a
      Patch from Edmund Lam <epl at unimelb.edu.au> to fix braindead Tru64 behaviour:
      Merge from HEAD: avoid braindead #define on Tru64.
      Actually checking both the account and password tests would be a good idea...
      Merge HEAD: check both the account and password...
      Add autogen.sh from distcc via mbp.
      Merge autogen.sh from HEAD - to allow removal of configure.
      Remove configure and config.h.in from CVS.
      (merge from HEAD)
      .cvsignore for configure and config.h.in
      Ensure we don't get problems between FILE and X_FILE buffers - always use the
      Merge from HEAD - don't mix FILE and X_FILE - fixes debian bug
      One more fix for the difference between FILE and X_FILE.
      merge from HEAD - x_fileno, not fileno on an XFILE
      (only for HEAD at the moment).
      Some cleanups:
      Failure to find a CUPS printer, when auto-adding printers is not a level 0 error.
      Use safe_strcpy() instead of pstrcpy() for malloced strings.
      perl might not be in /usr/bin/perl, so try and find it in the path.
      As metze mentioned, this is the proper way to find perl...
      Cleanups:  (merge from HEAD)
      Clean up our NTLMv2 code by moving the grunt work into a helper function.
      Patch from Anthony Liguori <aliguor at us.ibm.com> to remove scandir() portability
      Merge from HEAD: Patch by Anthony Liguori <aliguor at us.ibm.com> to replace scandir() with portable readdir() calls.
      Prevent NULL-pointer induced segfaults.
      Merge from HEAD: Fix NULL pointer de-reference in arguments to tdb_pack.
      Match Samba 2.2 by chosing the correct desired access, and getting cupsaddsmb
      merge desired_access for open_printer_ex from HEAD, allowing cupsaddsmb to
      Further extract our NTLMv2 code into smbencrypt.c, prior to merge into our
      NTLMSSP parinoia - we really don't want to run over the end of our blob,
      Oops, forgot the header file changes.
      Move our NTLMSSP code into easily seperated peices, not relying on the whole
      Antti Andreimann <Antti.Andreimann at mail.ee> has done some changes to enable
      Move our NTLMSSP client code into ntlmssp.c.  The intention is to provide a
      Don't return NULL pointers for now.
      Add the 'session key' output of the NTLMSSP exchange to the cli struct, so
      Merge from HEAD - allow "" as a domain in the NLTMv2 hash calculations.  Fixes
      People were being tripped up by the fact that we havn't updated acconfig.h
      People were being tripped up by the fact that we havn't updated acconfig.h
      If we didn't make the server_info correctly, then don't segfault trying to
      Try to make our getgrouplist replacement better match the 'real' implemenations.
      Set the length back to zero when we free the data_blob.
      Don't leak a session_key worth of memory at the end of the NTLMSSP auth.
      This patch fixes one of my longest-standing pet hates with Samba :-).
      This is a very nice way to detect pstrcpy() into a malloc()ed string, but
      The cli_send_tconX code already determines to send \\server\share to port 139
      Patch from vorlon at debian.org to split out our -lacl dependency to only smbd
      Only do a kinit if we got told to use kerberos.
      Fix logfile formatting, we were missing a "\n"
      After a talloc_zero(), we don't need to ZERO_STRUCTP too..
      Move to a in-memory ccache for winbind, and replace setenv() properly.
      Check return values of various join-related functions, and ensure we always
      Now we have setenv() in replace.c, we don't need a seperate copy here.
      Missed one use of SETENV.  (Compat macro no longer needed, as we have a
      Merge minor library fixes from HEAD to 3.0.
      Merge from HEAD: We don't need this any more, setenv() is in replace.c now
      for some (very weird) reason, the domain I was testing aginst would not
      Like for NTLM logins, lookup the 'winbind' user first, then the 'local' user.
      For a number of months now, support for being a domain member without also
      Fix a DEBUG() formatting, add some more debug to our SID pulling code and
      First check if the user is in the passdb, then check Get_Pwnam().
      Remove 'unixsam' from the default passdb backends.
      With assuptions about unixsam gone, we can forget about looking up
      Add static
      Fix comment - the other bits of code don't call this any more.
      Fixes from Paul Green and vorlon at debian.org for building shared libraries
      More signed/unsigned fixes (yes, I run with funny compiler options) and
      See if I can make this look slightly like C.  It compiled locally, honest...
      Make sure we set the error code to indicate failure...
      Fix 2 off-by-one bugs in the use of malloc()ed strings and safe_strcpy().
      Add const
      Merge of server-side authentication changes to 3.0:
      Missed one in the previous merge - user_ok() and user_in_group() now take
      Merge from HEAD client-side authentication changes:
      Merge off-by-one fix from HEAD (caused crash with --enable-developer)
      Missed a couple of files from the client-side kerberos merge
      Makefile updates for the client-side auth/kerberos merge.
      Merge doxygen, signed/unsigned, const and other small fixes from HEAD to 3.0.
      Fix a small stuffup in the HEAD -> 3.0 merge
      Merge paramaters for client-side-auth updates.
      Merge crypt(), ACL lib and shared lib changes from HEAD.
      Signed/unsigned fix from HEAD
      Iconv as seperate library fixes from HEAD
      Cleint-side-auth/kerberos fixes from HEAD, and don't connect to a share
      Make sure these values are never uninitialsised.
      Always initialise
      Fix off-by-one bugs, and move to strdup() rather than malloc()/strcpy().
      If it's a pstring, use pstrcpy().
      setenv takes 3 arguments...
      Patch from Luke Howard to add mutual kerberos authentication, and SMB session
      Move off-by-one buggy malloc()/safe_strcpy() combination to strdup() instead.
      Finish removing setenv replacements from smbwrapper.
      Clean up non-krb5 breakages from my modifications to luke howard's patch.
      Whenever we have a password, use the in-memory ccache.  This fixes a bug where
      Fix a really nasty bug where some users in AD domains (particularly child
      tokenGroups are SIDs, so dump them as such.
      For some reason some attributes in ADS do not appear (and are not available)
      After some comments from tridge, clean the new usergroups code into a helper
      Kill RID-only and domain+RID madness from winbind.
      Netlogon-unigroup changes needed for the winbind RID-to-SID conversion.
      Add -Wwrite-strings to our --enable-developer settings.
      Merge adding -Wwrite-strings to our CFLAGS when --enable-developer is set
      Fix possible memory leak on failure.
      Add const
      Fixes to the vfs_fake_perms modules - we only need to specify the VFS
      Try the PASSWD environment variable if we don't have one from the command line.
      Another pstrcpy() into malloc()ed buffer fix.
      Fix another 'off by one' bug with safe_strcpy().  It is unclear if the intent
      This file has not been maintained for a while - if we really want this
      also ignore the autom4te-2.53.cache
      Add a test for a useful property of the compiler - we can get link-time
      A couple more fixes for fstrcpy() into a malloced region.  In this case it's
      Use new configure test to turn on this automated test for correct string
      More safe_strcpy() off-by-one bug fixes. (mostly moves to pstrcpy()/fstrcpy())
      more off-by-one safe_strcpy()
      Make smbtorture use the same cli_full_connection() framework as the rest of
      safe_strcpy() -> fstrcpy() fix, and a cleanup to how rpcclient calls the
      Limit the number of SIDs that may be looked up, in line with existing code
      Make it clear that this is a fstrcpy().
      Make sure that the 'remote' machine name can only be set once.  For some weird
      Testparm needs the extra arg to set_local_machine_name() too.
      This is C, not C++
      Don't fault on error returns (ptr == 0) for this LSA query.
      Change the way we sign SMB packets, to a function pointer interface.
      Try not to clobber the session request.
      Further work on NTLMSSP-based SMB signing.  Current status is that I cannnot
      Makefile.in for NTLMSSP singing update
      Don't segfault on make_server_info_guest() failure - instead return the
      After 'consultation' with idra, this is how I think the server roles should work...
      Some further tought on the server role issue - try not to break it compeatly.
      security=domain and domain logons = yes should be a BDC (of sorts).
      This patch attemptes to clean up winbindd's mutex locking.
      Patch from Ken Cross <kcross at nssolutions.com> to take a username in the form
      - Fix a double-free (I can't say I understand the code, but it matches the other
      Add const
      Found by metze with the clobber-region check - if it's a pstring, use pstrcpy().
      Now that mimir has done the grunt work, I'll fix up the comment
      strictly, you can't #if on somthing that may or may not be defined.
      Found by my new checking code (yet to be commited):
      Clean up the VFS module loading logic by making the parameter an P_LIST,
      If it's an fstring, use fstrcpy().
      Add const, and a signed/unsigned fix.
      client-side smbpasswd fixes - use pstrcpy_base to avoid clobber_region bugs
      Be parinoid, malloc an extra SAFETY_MARGIN on the client's inbuf and outbuf.
      Specify buffer sizes
      If the server went away, don't segfault by attempting to FD_SET -1.
      specify the size of these buffers
      Truncate the machinename manually, so as not to generate level 0 debugs for
      Fix off-by-one bug in safe_strcpy size paramater.
      String handling parinoia fixes.
      signed/unsigned fix
      Fix signed/unsigned issues - mostly 'i' counters.
      Remove an unused function and fix the build.
      Minor fixes.
      Fix the non-DEVELOPER case of my macro madness...
      Fix the 'non-optomizing compiler' case...
      Fix non-gmake syntax error.
      A hack to get us building on a slightly older heimdal kerberos.  It appears
      More work on my macro mess - we need function prototypes of different types,
      Changes to help the kerberos change password code work on systems that
      Fix nmbd under -DDEVELOPER (pstrcpy on not-pstring).
      New statcache internals - this time it's actually possible to follow what's
      Try to avoid dereferencing a null pointer.
      - Make ReadDirName return a const char*.
      Add const.
      Make sure we mark the assumption of a fstring parameter for 'devicetype'
      Missed one when I move 'share_sanity_checks' to use an fstring for 'dev'.
      Fix memory leaks and add parinoioa code to our stat() cache.
      Fix a memory leak - 'smbcontrol smbd pool-usage' is your freind!
      More statcache fixes - and add a bit more doco.
      Add const.
      Fix const warnings.
      Brain fart - make sure we truncate the right string...
      Fix invalid SAFE_FREE() of talloc()ed memory.
      Add copyright.
      Merge new statcache.c from HEAD.
      Merge from HEAD:
      pstrcpy_base merges for client-side smbpasswd.
      merge from HEAD - dump tokenGroups as sids.
      Merge from (earlier) HEAD - doxygen.
      Mege from HEAD - doxygen.
      Merge from HEAD - doxygen
      Merge from HEAD - sync up SessionSetup code to HEAD, including Luke Howard's
      The kerberos_verify compoenent of the SessionSetup sync with HEAD.
      Merge from HEAD:
      Merge from HEAD:
      Merge from HEAD:
      Merge from HEAD - make winbindd locking sane again:
      Add const.
      Add an extra parameter to our 'set_remote_machine_name' and
      Merge whitespace to match HEAD.
      Fix segfault on FD_SET() when we have an fd of -1
      One more on set_local_machine_name() taking a new 'perm' argument.
      Merge signed/unsigned fix from HEAD.
      Jeremy merged across my string parinoia fixes, but forgot to enable them! :-)
      NTLMSSP updates from HEAD.
      NMBD string parinoia and memcpy() parinoia fixes from HEAD.
      Merge from HEAD:
      Parinoia fixes from HEAD - malloc() some extra room after the allocated
      Makefile updates for new SMB signing code.
      Add const.
      Give volker a hand, and let domain joins with existing user accounts work
      (merge from HEAD)
      Patch from colo (on IRC) to get libsmbclient building due to pstring/fstring
      Clobber our SMB buffers between packets.  I hope this will help find bugs
      Clobber the 'SAFETY_MARGIN' in libsmb.
      Patch from Jianliang Lu <j.lu at tiesse.com> to set the 'minimum password age'
      Merge from HEAD - patch from Jianliang Lu <j.lu at tiesse.com> to set the
      Thanks to volker, merge passdb changes from HEAD:
      Merge fixes to libsmbclient (fstring/pstring) from HEAD.
      It seems that this causes some problems on some linux platforms - it's a
      This caused problems on the build farm.
      Fix compile on IA64 by noting that this should be the integer, not a pointer
      Fix compile on IA64 by noting that this should be the integer, not a pointer
      Small clenaup patches:
      Revert bogus part of previous patch.
      (merge from HEAD)
      Valgrind found a few memory leaks!
      (merge from HEAD) Valgrind found some memory leaks!
      Patch from waider to update our samsync (net rpc vampire) code:
      Merge of patch by waider to our samsync code.
      NTLM Authentication:
      Fix compile.
      (merge from HEAD)
      Make these functions static, keep them out of proto.
      Fix debug (thanks metze)
      local_gid_to_sid() could use pdb_ldap, which for now requires ROOT.
      pdb_ldap may require ROOT privilages to access the group mapping. (yes, it's ugly :-)
      Allow the new modules system to function with builtin vfs modules.
      Try to get meaningful errors out of ldap more often - get the error string
      Merge from HEAD - get better error strings from the ldap server in pdb_ldap.
      Don't modify the incoming packet when checking the signiture.
      Merge from HEAD - leave the SMB buffer untouched when checking it's SMB sig.
      smbpasswd -> net
      Don't try and dlsym or dlclose a NULL pointer.
      Success is not a level-0 issue...
      NT4 is particularly fussy about getting this right.
      Fix a botched merge from appliance-head...
      OHKAWA Yuichi (kuri at makino.ecei.tohoku.ac.jp) points out that using
      Don't set zero length for the base64 decoded string (fixes swat auth).
      Fix a crash bug if LDAP doesn't fill in ld_error.
      Clean up ntlm_auth a bit, and add a --diagnositics swtich, to check that
      error_string, not error_message...
      Update ntlm_auth and winbind manpages.
      Print out the 'freindly' error message from winbind.  Also print useful
      Map a useless error code to a useful one...
      Ensure we don't segfault if ldap doesn't fill in the ld_error string (merge from HEAD).
      Fix bigballofmud.so, and add a test to show a bug I'm having with push_ucs2.
      If the string does not convert back, print the buggy result.
      Don't bail if we have a badly formed record, just move on to the next one.
      Fix memory leak of the key.
      SMB signing updates - this gets NTLMSSP signing workin to the point where I
      Fix the interface of pull_ucs2_charcnv() to take a (char **) arg, not a (void **)
      Clean up error messages on cli pipe disconnection, including adding the message
      Restore previous behaviour to update on pdb_unix (auto-upgrade to new account)
      Merge from HEAD - restore previous behaviour of pdb_unix (auto upgrade to
      Merge the ntlm_auth updates (refactor, add --diagnostics) into Samba 3.0
      Winbind merges from HEAD:
      Make this match head.
      Only warn about short packets if we are already 'doing signing'.
      We never actually got an 'ads' auth module, so don't send the auth subsystem
      Cause the winbind auth module to call the ntdomain module if winbind is not
      Make this code actually compile (--with-ldapsam).
      Store the type of 'sec channel' that we establish to the DC.  If we are a
      NTSTATUS strings are much more use than raw numbers...
      Put this comment in a better place...
      Add some static and #ifdef DEVELOPER
      Expand this magic number into the #defines it is made up of.
      This code is no longer referenced - moved to the new libsmb/ldap.c
      Adjust comment to respect change to no longer use unixsam by default...
      Merge valgrind header usage from HEAD.
      We changed 'net' so change the torture tests that use it.
      Up the debug level for the second run of the test (client side)
      Fix segfault by getting this the right way around
      I've changed 'net rpc join', so I should doco it...
      Use fstrcpy/pstrcpy when that's what we really mean...
      Remove unused (#ifdef'ed) code.
      For NTLM2 (not yet even close to real implementation) we must use the
      Merge SMB signing, cli buffer clobber and NTLMSSP signing tweaks from HEAD.
      Header updates for smb signing merge
      Merge whitespace and const from HEAD
      Add const, static and fix a double free() (merge from HEAD).
      Merge from HEAD - save the type of channel used to contact the DC.
      The 'net' syntax has changed, so update the testsuite.
      Make it easier to select which domain to show the sid for.
      Use the -W domain option to select the SID to show
      Fix up bugs in the new 'store sec_channel type' code - we were always joining
      Merge from 3.0 - fix domain joins not to always join as BDC.
      Make our 'get DNS domain name' code try a bit harder - if gethostname() doesn't
      Bail out early when we fail on the rw_torture test.
      Merge from 3.0 - try harder to get our real DNS domain name, and send this
      Start merging mimir's trusted domain code from HEAD to 3.0.  (for HEAD trusting
      Merge comment with HEAD
      Make the mangleing code actually use a common prefix, not just the same
      Always initialise this, to assist callers doing loops over this call.
      Merge mimir's trusted domain code from HEAD -> 3.0, plus some memory
      Merge (HEAD->3.0) mbp's fixes to our charcnv code - don't use a staic buffer,
      Make pdb_ldap use a random factor in deciding how long we need to sleep.
      Add configure test for previous ldap modifications - we now check if the
      This is meant to be initialised to the size of the buffer.
      Remove ldapsam_search_one_user_by_uid from pdb_ldap.
      Merge idra's fix for pdb_tdb segfaults from HEAD to 3.0 - sombody changed
      - Merge a memory leak fix from HEAD
      Now that Volker fixed the real issues with ldapsam and adding null attributes
      Don't leak the session identifier string when we shut down a vuid.
      Try to avoid setting *SMBSERVER as a 'local name'.
      Fix this for both *SMBSERVER and *SMBSERV as per comments in loadparm.c.
      Try to keep existing behaviour for our printing code - never return
      Merge torture tests from HEAD - it looks like we had rather an incomplete
      Start testing a few more things out of smbtorture in the build farm.
      Add a check to ensure that the server returns the correct device type, not
      add test file for FDSESS
      This const isn't quite vaild C.
      Make this safe for -DDEVELOPER checks.
      Parinoia for compleatly broken SMB servers that don't send back the right
      Add some more info to the diags output.
      Fix up non-constant initialisers for Sun's CC.
      This define does not always seem to be present, so define it if need be.
      Make the variable name match the comment.
      Don't try to continue if initialisation fails (merge from HEAD)
      Merge case handling table changes from 3.0 to HEAD.
      Merge HEAD's winbind into 3.0.
      We don't have IDMAP in 3.0 yet.
      Merge the 'safe' parts of my StrnCpy patch - many of the users really wanted
      StrnCpy -> safe_strcpy() on a over-malloced struct.
      More fun with Sun CC needing constant initializers
      Patch by Metze to ensure that we always at least initialize our output string
      Patch by Vance Lankhaar <vlankhaar at linux.ca> to automaticly regenerate the
      Thanks to a reminder from vance - delete build_options.c from CVS, now
      This is really trying to be a StrnCpy (most names will overflow the 10 char
      When possible, store the IP address of the connecting client, not just the
      Add vfs_fake_perms to Samba 3.0
      Make sure that we don't compile pdb_ldap on systems with ldap.h, but without
      Irix CC reminds us that this is non-standard.
      Merge auth changes from HEAD:
      Merge from HEAD - always initailise this to zero - helps callers in loops.
      Use the kerberos error from ads_kinit_password() in the return value from
      Revert patch - we need to try the NTLMSSP code below...
      This function is a duplicate.
      Based on a patch by Alex Deiter <tiamat at komi.mts.ru>, make sure that we convert
      After a quick run with the 'weird' charset, squash a few bugs in our new
      Remove the unpopular pdb_unix, which has served it's time well.
      Merge compile and other fixes from 3.0 to HEAD.
      Merge compile warning fixes from 3.0
      Merge memory leak fixes in our trusted domain list from 3.0 to HEAD
      inet_pton isn't portable, so use interpret_addr2.
      A new pdb_ldap!
      Guenther Deschner <gd at suse.de> notes that I missed out setting the default
      The RID must be 'SET', not 'DEFAULT' or we won't set it into LDAP, and try
      The caller must always set the RID on the SAM_ACCOUNT, so don't try and guess
      We don't use 'non unix account range' any more
      In HEAD, idra removed _nua and renamed it to 'idmap uid'
      Add cast for compiler
      Use current 3.0 paramater names
      Remove extra file
      Fix for format string warning from vance
      Use a common function to create the SAM_ACCOUNT being used to add accounts
      Merge 3.0's change to how we add users onto HEAD, including a few other bits
      Merge Samba 3.0 pdb_ldap from 3.0 into HEAD, so as to allow idra to continue
      Some passdb backends really don't like having no primary group - so always
      Sun CC requires constant initialisers, so use a static here.
      Get pam_smbpass to compile again (it probably won't link or run, but at least
      pam_smbpass will need at least IDMAP.
      Fix for AIX - you can't qualify a return type as const, when it's not a
      Trailing , is non-standard (warning from IRIX)
      Try to fix IRIX build - add quotes and never call libns_winbind by name - we
      Merge from HEAD - the usual popt-needs-static for Sun CC.
      Turn down some DEBUG()s and remove some duplicate code spotted by dfenwick.
      Fix use of uninitialised value in TCONDEV test - found by sun1 on the build farm
      Add a comment about the use of string functions in the modules code, and
      configure.in updates:
      Fix up the setting up of the build_farm smb.conf from the templates in their
      Add doco to our SMB signing code.
      Patch from Ken Cross to allow an ADS domain join with a username of the form
      Add some more tests to the ntlm_auth diagnositics package.
      Allow the NTLMv2 functions to spit out both possible varients on the session
      Add some comments.
      We also get back the LM session key on pure 'NTLM' logins.
      Domain Controller -> Domain Member Server.
      Set our 'global sam name' in one place.  For domain controllers, this is
      SMB Signing with NTLMv2 works!
      Fix the spinning bug for 'net rpc user' as well - there are more errors in
      Always initialise this - it helps callers who use this in a loop...
      When checking if a SID is in a domain, make sure that indeed the user RID is
      Elsewhere, we use a #define for this environment variable name, so do the
      Make sure we always have some client data, not just the hash.  An NTLMv2 or
      Fix comment - we now have 5 types of error...
      Finally get NTLMv2 working on the client!
      Cleanups.  My NTLMv2 changes also changed the preference from using an implicit
      Makefile changes to allow new NTLMv2 patch to work.
      Using /dev/urandom for determining an ldap server backoff is a waste of system
      As discussed on samba-technical - move to 'primaryGroupSid' insted of
      Fix compile.
      Make it possible to actually use --user-SID and --group-SID on a standard command line.
      Give up on the idea of avoiding lp_load() in ntlm_auth....
      Fix up a bit of my sloppy C.
      Fix up the build-farm testsuite again - I forgot to move some files into the
      Try to fix up some code in pdb_smbpasswd that assumed we still had a 'uid'.
      Fix non-constant initialiser for Sun CC.
      Restore a number of fixes that idra removed when he merged his
      David Lee <t.d.lee at durham.ac.uk> provides some corrections to the comments
      Well spotted typo by Marco Berger <MARCOB at voelcker.com>
      Get 'add user script' working again for Samba 3.0.
      Add samstrict_dc from metze (been sitting in HEAD for way to long waiting for
      Update the doco on 'restrict anonymous' (note that 'guest ok' kills off the
      No matter how special this session key is, it's not worth a level 0.
      Don't assume that the SAM knows the unix home directory - look it up by
      Try to fix memory leaks found by valgrind in pdb_ldap code.
      Rework our smb signing code again, this factors out some of the common
      Make sure that we use schannel (if configured) when checking for a valid
      Enforce 'client plaintext auth', 'client lanman auth' and 'client ntlmv2 auth'.
      Fix some memory leaks and extra cache startups/shutdowns from the trusted
      This patch modifies 'net rpc vampire' to add new and existing users to both
      This patch works towards to goal of common code shared between idmap_ldap
      Always initialize.
      This patch fixes some issues with idmap_tdb as raised by bug #181
      This removes the StrCaseCmp() stuff from 'net idmap' and 'net
      (fixing bug in my last commit)
      Fix pdb_ldap segfaults, and wrong default values for ldapsam_compat.
      Patch to move functions directly from pdb_ldap.c into lib/smbldap.c
      Make smbpasswd use the higher log level for the second run - this should
      Grr, the order of these arguments matters
      This patch takes the work the jerry did for beta2, and generalises it:
      Missed this in the previous patch - we now have a seperate idea of the
      This patch cleans up some of our ldap code, for better behaviour:
      Update WHATSNEW with the further LDAP schema changes in previous commit.
      Don't allow RIDs (in our domain) below  1000 (or algorithmic rid base) to be
      Clear up the difference between 'smb signing' and 'sign&seal' - which has to
      Allow modification of an existing entry.
      PAM should operate on the Unix username, not the NT username (which might not
      Fixes to our LDAP/vampire codepaths:
      Add some debug statments to our vampire code - try to make it easier to track
      Fix comment
      This parameter is unused.
      This changes our Unix primary GID behaviour back to what most people expect:
      Fix ldapsam_getsampwsid to correctly only say 'no such user' when indeed there
      Jeremy requested that I get my NTLMSSP patch into CVS.  He didn't request
      Fix SMB signing when using NTLMSSP...
      Fix compile error noticed by Ken Cross, use the utility function instead
      SPNEGO SMB signing is now fixed for NTLMSSP, with kerberos to follow shortly.
      Fix up our auth_pipe code to always cope with fragmented datagrams,
      In the presense of RPC fragments, schannel is not strictly request/reply,
      Fix StrCaseCmp() to avoid calling smb_panic() on invalid multibyte strings.
      Schannel, once setup, may be used on *ANY* TCP/IP connection until the
      Some small fixes to our charset conversion code:
      Use push_ucs2_allocate(), rather than convert_string_allocate() directly.
      When removing an 'unused' function, it helps to remove the 'unused' callers...
      If we strupper_m after the alpha_strcpy() we know that it is less likaly
      Try again to fix up 'session request' name exchange.  This time we actualy
      Allow the stat cache to better handle invalid multibyte strings, by using
      Use the specified workgroup in 'net ads'.  (Defaults to lp_workgroup()).
      the testsuite lib needs dummyroot too.
      Fix comment
      Fix comment
      As described in http://davenport.sourceforge.net/ntlm.html add NTLM2
      Change Samba to always use extended security for it's guest logins, (ie,
      Win2k never returns 'no such user' here, so when we do it, the clients freak
      Break up 'cli_full_connection' to allow for the session setups to be done
      - Fix the kerberos downgrade problem:
      - Make 'net' use a single funciton for setting the 'use machine account' code.
      We now know a lot more about SMB signing, and this comment no longer applies
      Start to put some real 'meat' into the ntlm_auth docs.
      Remove duplicate function (now in rpc_parse/parse_prs.c) and fix a RPC debug
      Match Samba 2.2, and make ACB_NORMAL the default ACB value.
      Match Samba 2.2, and make ACB_NORMAL the default ACB value.
      Add newline to debug message
      Remove compleatly wrong comments.  (There were correct, 2 years ago...)
      I agree with vl's #if 0 here, and am not quite sure what I was
      Merge from 3.0:
      Changes all over the shop, but all towards:
      (merge from 3.0)
      Add support for variable-length session keys in our client code.
      Add server-side support for variable-length session keys (as used by
      Patch by emil at disksites.com <Emil Rasamat> to ensure we always always
      Merge from 3.0:
      (Merge from 3.0)
      Do not add NTLM2 to the NTLMSSP flags unconditionally - allow the
      Add a comment, and a useful debug message.
      Merge from 3.0:
      Match Win2k and return 'invalid parameter' for creating of a new account with
      My first stab at Samba4 IDL!
      Without 'non unix accounts' we can't test security=domain on the build farm.
      Picked up by the build farm - despite all my efforts, security=server was
      Merge from 3.0:
      Thanks to Serassio Guido for noticing issues in our Squid NTLMSSP
      (merge from 3.0)
      Fix bug 916 - do not perform a + -> space substitution for squid URL encoded
      (merge from 3.0)
      ldap rebind sleep -> ldap replication sleep
      (merge from 3.0)
      Based on patch by Petri Asikainen <paca at sci.fi> fix bug #387 and #330.
      Show the error message for failure to set the ldap password.
      Check the return value of string_to_sid in a few more places.  (But
      This patch corrects some errors in the NTLMSSP implementation, that
      Shutting down the connection closes outstanding sessions, so we don't need
      Add the alignment required before all 2-byte quantities in NDR.  Allows us
      Refactor our authentication and authentication testing code.
      Move our basic password checking code from inside the authentication
      Remove testing hack
      Make the name of the NTLMSSP client more consistant before we lock it in stone.
      Try to gain a bit more consistancy in the output of usernames from ntlm_auth:
      Get the DOMAIN\username around the right way (I had username\domain...)
      Jerry rightly complained that we can't assume that the first domain is
      Forgot to commit this for the 'get our primary domain' change.
      Changes to our PAM code to cope with the fact that we can't handle some
      JHT came up with a nasty (broken) torture case in preparing examples for
      Having no members of a group is a perfectly valid (if unusual) situation.
      Under certain error conditions (a talloc() failure above) this would cause
      Match Win2k, and return NT_STATUS_INVALID_PARAMETER
      There is not a particularly good excuse for complaining to the *client* that
      Even if the 'device type' is always an ascii string, use push_string to get
      Automaticly initialise the signing engine, if we have a session key.
      Make it clear that we cannot sign if we don't have a session key.
      Add a utilty function for converting a sid to a DN.
      Make arbitary binary data unsigned char.
      We can't possilby get 'ok' here, as the if statement above just checked for it.
      I'm not quite sure what happened here - but replace the ads_sid_to_dn
      Fix for bug 707, getent group for huge ads groups (>1500 members)
      Change (unused) structure parameter for cli_ds_enum_domain_trusts() cleanup.
      There is some memory corruption hidden somewhere in our winbind code.  If I
      Add const.
      Change our Domain controller lookup routines to more carefully seperate
      Correctly handle per-pipe NTLMSSP inside a NULL session.  Previously we
      Always call the auto-init funciton - this avoids tdb segfaulting under
      Show the sid type in name->sid translatons in a way that can be easily
      Grumble... grumble... fix the build...
      Try to keep vl happy - shorten some of these lines.
      shorten some more lines.
      Don't free the encrypted_session_key early - that causes the subsequent
      Fix more cases to ensure that as a server, we don't complain to the client
      (merge from 3.0)
      (merge from 3.0)
      (merge from 3.0)
      (merge from 3.0)
      (merge from 3.0)
      (merge from 3.0)
      (merge from 3.0)
      (merge from 3.0)
      (merge from 3.0)
      (merge from 3.0)
      (merge from 3.0)
      (merge from 3.0)
      (merge from 3.0)
      (merge from 3.0)
      (merge from 3.0)
      (merge from 3.0)
      (merge from 3.0)
      (merge from 3.0)
      (merge from 3.0)
      (merge from 3.0)
      (merge from 3.0)
      Ensure that for wbinfo --set-auth-user, we actually use the domain.
      (merge from 3.0)
      (merge from 3.0)
      (merge from 3.0)
      Merge winbind from Samba 3.0 onto HEAD.
      (merge from 3.0)
      GUID is struct uuid in HEAD.
      Merge NTLMSSP fixes from 3.0 to HEAD.
      merge torture changes from Samba 3.0 -> HEAD
      Patch by Stefan Metzmacher <metze at metzemix.de>:
      Fix segfualt caused by incorrect configuration.  If lp_realm() was not set,
      (merge from 3.0)
      Don't duplicate pulling the 'IPC' username from secrets.tdb, instead
      Machines are people too!
      The correct test for 'is our primary domain' is domain->primary
      Move more of winbind to use 'find_our_domain()' rather than the dangerous
      Make it clearer that the domain here is the domain of the user for
      In tdb_allocate(), we would create a new record by writing a local variable
      This merges in my 'always use ADS' patch.  Tested on a mix of NT and ADS
      use SAFE_FREE(), not free().
      We might not have the 'samba' directory in the samba_3_0 build.
      Add a new type of name lookup 'ads'.  This seperates this from normal
      Romve debugging assertions (oops...)
      First stab at cracklib support (password quality checking) in Samba 3.0
      On systems without a working cracklib, ensure we don't include the header
      Finish adding cracklib support - this adds the configure test to enable
      Remove duplicate comment.
      Fix for debian Bug#225328 by LaMont Jones <lamont at debian.org>, where
      (merge from 3.0)
      (merge from 3.0)
      A Samba DC is nothing special these days - so every domain controller
      (merge from 3.0)
      Fix removal of attributes in LDAP - we would not actually remove the old
      If we are providing strndup(), ensure we provide a prototype too.
      Fix the initialisation vectors for NTLM2, so that they at least make sense,
      (merge from 3.0)
      (merge from 3.0)
      (merge from 3.0)
      Patch by Luca Bolcioni <Luca.Bolcioni at yacme.com>.  Ensure we always
      (merge from 3.0)
      Add a few more NTSTATUS <=> PAM error mappings.
      This adds client-side support for the unicode/SAMR password change scheme.
      (merge from 3.0)
      Revise our server-side password change code to cope with the various
      (merge from 3.0)
      Clarify comment on set_effective_uid()
      (merge from 3.0)
      If we are setting the NT or LM password to NULL, remove the attribute
      (merge from 3.0)
      Merge the 'use cracklib' parameter from HEAD back to 3.0
      Always at least try to compile in cracklib support.
      (merge from 3.0)
      This would appear to restore smbtorture to be able to use the syntax
      This should be the correct fix for the lack of a prototype for
      (merge from 3.0)
      Fix const warning
      I should have done this years ago...
      Bug found by gd - the new range-reterival code did still had 'member'
      Make get_dc_list static - we only ask for a sorted list externally.
      Remove unused utility function.
      Make this table static const.
      Another static function.
      Remove more unused functions - this time parts of the 'password cache'.
      Remove more unused portions of the 'password cache'.
      Samba hasn't used this function for ages - it's now handled deep in the
      Make more functions static, and remove duplication in the use of functions
      Add some help for 'net rpc password'.
      Make it possible to 'net rpc samdump' of any domain you are currently joined
      More 'static' work.
      Add static, and assert that we will never overflow the static fstring
      When we set a domain sid, force get_global_sam_sid() to do it's work again.
      Add more static...
      (merge from 3.0)
      (merge from 3.0)
      (merge from 3.0)
      (merge from 3.0)
      (merge from 3.0)
      (merge from 3.0)
      (merge from 3.0)
      (merge from 3.0)
      (merge from 3.0)
      (merge from 3.0)
      (merge from 3.0)
      (merge from 3.0)
      (merge from 3.0)
      (merge from 3.0)
      (merge from 3.0)
      (merge from 3.0)
      (merge from 3.0)
      Actually remove this (now empty) file from the repository.
      Found by Fabien Chevalier <fabien.chevalier at supelec.fr> and
      (merge from 3.0)
      I *hate* global variables...
      (merge from 3.0)
      Fix bug in previous global_sam_sid() commit.  I broke the 'read from
      (merge from 3.0)
      JRA's recent strstr_m work really badly broke our string_sub code.
      Given how core this code is, I figure it should have it's own testsuite.
      Merge fixes and tests for jra's broken strstr_m() function from 3.0
      Commit to HEAD the updates to smb signing code that I was propsing for 3.0.
      Given how often a panic has to do with malloc() problems, don't tempt
      As I raised (without objection) on the mailing list a while back, this
      Ensure we correctly set cli->nt_pipe_fnum on failure to correctly open the
      Merge from HEAD the SMB signing patch that I developed a couple of weeks
      Make it clearer that this error refers to the peer, as this code is in both
      Based on the detective work of Jianliang Lu <j.lu at tiesse.com>, allow yet
      Add a few comments explaining KEY_EXCH
      Revert bogus part of smb signing commit - when Win2k supports singing/SPNEGO,
      Let the comment match the function...
      Fix most of bug #169.
      r21: Ensure 'net' follows the behaviour of all other samba client tools,
      r49: Support SMB signing on connections using only the
      r69: Global rename of 'nt_session_key' -> 'user_session_key'.  The session key could
      r84: Implement --required-membership-of=, an ntlm_auth option that restricts
      r85: Update the winbind interface version, as I just extended the struct.
      r86: This function was moved to lib/nterr.h
      r104: Fix ntlm_auth by adding the new strhex_to_data_blob() call.
      r148: Ensure we do not dereference a null pointer when we return the user
      r171: Continue the 'rename nt_session_key' work.  This attempts to rename
      r175: Move this comment to the right place...
      r176: Improve our fallback code for password changes - this would be better
      r177: Split ntlm_auth --diagnostics into a seperate file, so as not to clutter
      r188: Add a new 'helper protocol' to ntlm_auth.
      r191: Only send the ntlm_auth 'ntlm-server-1' helper client a '.' after the
      r201: Fix bugs in the --helper-protocol=ntlm-server-1 implementation.
      r240: I'm pretty happy with the 'ntlm-server-1' helper protocol now, and as
      r780: Fix segfault in ntlm_auth --diagnostics
      r936: Fix a rather weird error that crippled my site, when we upgraded to
      r1121: Fix memory leak in the trans2 signing code.
      r1122: As spotted by lha at stacken.kth.se we don't actually use this variable any more.
      r1124: ntlm_auth memory leak fixes by James Wilkinson - jwilk at alumni.cse.ucsc.edu
      r1125: Remove bougus comments. (The real fix was to the sealed pipe padding)
      r1126: Allow more flexible GSS-SPENGO client and server operation.  The
      r1127: Finding trusted domains is not so important as to require a DEBUG(1).
      r1128: The end-of-file is not the end of the world, so don't make a load DEBUG() about it.
      r1428: Remove *completly bogus* memset.  (No doubt my bug, too...).
      r1487: Remove unused parameter for the client-side signing functions.
      r1492: Rework our random number generation system.
      r1581: 'NULL' NTLMSSP is both a pain to get right, and compleatly and utterly
      r1582: On failure, print the length of the right variable.
      r1583: Patch by Fabien Chevalier <fabien.chevalier at supelec.fr>
      r1612: Fix bug #1571 found by Guenter Kukkukk <guenter.kukkukk at kukkukk.com>
      r2137: This is a patch I've been running at Hawker for a while.
      r2147: Fix utility name in error message (pre-emptivly merged to trunk ;-)
      r2157: This parameter in loadparm appears compleatly unused.
      r2755: Fix NTLMv2 for use with pam_winbind, the plaintext ntlm_auth modes,
      r2761: Print the decrypted, not encrypted key.
      r2762: Remove silly conversion to and from UTF8 on the winbind pipe.  Fix the
      r2779: Some fixes to pam_winbind.c.:
      r2865: Add static and remove unused functions that only cload the blame-game
      r2868: Well, I'm not quite sure what I'm doing back in Samba 3.0, but anyway...
      r3616: Merge for 3.0.8.
      r4337: Produce a slightly different error message is lanman authentication is
      r4976: Try to scare people off from trying to write authentication modules
      r5455: Remove bogus DEBUG messages (dump for a failure to parse NTLMSSP,
      r5536: Avoid intermediate copy of NT and LM responses in NETLOGON client.
      r8912: Samba 3.0 was failing from a Vista client, because it was using 'raw'
      r8913: Fix memory leak in -r 8912: Free the right thing, rather than blob1 'twice'.
      r15492: Without this patch, the LDAP client libs will call abort() in
      r17005: Add a new helper mode to ntlm_auth: ntlm-change-password-1
      r17007: Increment winbind protocol version number.
      r17216: From Kai Blin <kai.blin at gmail.com>:
      r17487: Allocate some OID space for Samba4, so we don't trip on each other.
      r20402: Fix spelling: samba bug #4292 debian #402392
      r20403: Cleaning out my Samba 3.0 tree:
      r20996: Build fix from Kai Blin
      r22020: Make it more clear that both the vuser struct and it's contents are
      r22022: - Clarify the comments
      r22023: I don't like this cache, but I think Jeremy is right, the consequences
      r22024: Don't leak, actually use the provided memory context...
      r22026: Missed in my last commit, another case where we need to copy, not reference.
      r22071: Make the error message for incorrect use of '-c' show the parameter as used.
      r25049: Set new, more secure defaults for Samba 3.2.
      r443: Update Samba4 to the auth and NTLMSSP code from Samba3.
      r448: Fix 'auth' in Samba4, by making 'auth methods' a normal smb.conf
      r451: More NTLMSSP work.
      r607: When our code is looking for an 'empty' data blob
      r610:  - Merge the Samba3 'ntlm_auth --diagnostics' testsuite to Samba4.
      r611: Fix breakage from my last commit:
      r613: Fix the RPC-SAMR torture test, for my session_key changes.
      r614: Clean out the POSIX assumptions from the Samba4 auth subsystem.
      r619: Remove more code that is no longer called.
      r620: Remove more ununsed code.
      r683: Remove the trailing ; from this macro, so it can be used in an 'if' expression.
      r684: Note the fact that NTLMv2 provides a weath of futher testcases...
      r685: The SAM is dead!  Long live the new SAM!  ;-)
      r707: Chainsaw work - SAM_ACCOUNT can die, along with passdb
      r708: Clean up copyright headers, to reflect code that has come and gone
      r715: Finish the ldb conversion for the auth_sam module.
      r719: Follow the trend - remove more unused functions.
      r743: Start on a NETLOGON server in Samba4.
      r745: Move netr_ServerPasswordSet up with the other secure channel
      r751: Fix debug message to print the right variable.
      r752: Remove debugging hack (make sure the cleanup test account after we
      r754: Implement the SetPassword operation on the netlogon pipe.
      r816:  - Make use of tridge's new samdb_result_sid_prefix() helper function.
      r831: These functions duplicate the push/pull charcnv interfaces that we use
      r874: This patch is a pile of work on NTLMSSP:
      r877: This attempt at IDL was accidently included in the pervious commit.
      r892: Actually add the NTLMSSP self-check torture code this time...
      r929: Remove more unused code from util_sid.c (the old-style sid code is
      r1009: Make all users of NT and LM passwords use the samr_Password structure.
      r1019: Push the auth subsystem away from using typedef, and over to the 'all
      r1020: Add an (untested, until the other end is hooked in) method for
      r1021: Because auth_serversupplied_info is not reference counted, this may
      r1023: Prepare the auth subsystem interfaces for netlogon SamLogon to use.
      r1024: Use samr_Password for the machine password here - this ensures we can
      r1025: Rename (across the samr and netlogon pipes, so far)
      r1027: More rename:
      r1028: More consistancy fixes, which should also fix the build.
      r1031: Move more code dealing with passwords to struct samr_Password.
      r1058: The start of work on the SamLogon call for NETLOGON.
      r1061: The start of the SamLogon call for the NETLOGON pipe.
      r1063: userdom_struct dies!
      r1064: Remove the unused userdom_struct from the user_context struct
      r1080: Make sure to initialise all the returned elements in the SamLogon
      r1123: Make all lp_ string functions return 'const char *'.
      r1129: Remove unused function.
      r1142: I think this should fix the interactive logins for tridge - don't take
      r1161: Include a few more self-check NTLMSSP examples.
      r1163: Add const.
      r1169: Some more updates to the NTLMSSP NTLM2 code:
      r1170: Remove bogus part of previous commit - session keys, even in NTLMSSP
      r1173: A quick little test to show that we cannot bind twice to a single endpoint.
      r1186: Clarify why this is a 'bogus' negitive test.  If we pass it, we may
      r1187: * Remove testing hack (actually check signatures on NTLM2).
      r1189: Now that we use a common 'base' return structure for the SamLogon
      r1196: Remove unused pstring/fstring functions.
      r1197: Fix my build breakage, variables at the top of a block only...
      r1198: Merge the Samba 3.0 ntlm_auth, including the kerberos and SPENGO parts.
      r1199: Make talloc_asprintf_append() work on a NULL source string as if it were
      r1200: Add 'gensec', our generic security layer.
      r1250: We no longer use these #defines
      r1292: Add const to the subsystem/module registration code.
      r1293: Indent
      r1294: A nice, large, commit...
      r1305: Grrr, fix my build breakage...
      r1352: Add a 'peek' function to our ASN1 code, so we can safely perform the
      r1353: Fix compile with new ASN1 peek code.
      r1354: Make it clear that the first gensec_update takes a NULL data_blob.
      r1355: Add const (I missed this when I changed the function prototype earlier)
      r1356: Fix logic bugs in ntlm_auth.
      r1357: Work on GENSEC:
      r1358: Re-indent the SPENGO implementation, and work on the basis of a
      r1372: Remove the 'default' case from the SPENGO state machine, and fix up
      r1418: Merge Samba 3.0's recent kerberos changes into Samba4.  None of this
      r1422: StrnCaseCmp now needs to be non-static.
      r1423: Make sure to destory the mem_ctx.
      r1426: Fix some of my silly compile errors...
      r1434: Merge this function in from Samba 3.0, but use a mem_ctx rather than
      r1435: talloc_steal is very useful - add a function to do it with a DATA_BLOB
      r1436: Move GENSEC across to config.mk
      r1437: Intermediate commit of krb5 for GENSEC.
      r1438: Record the principal name we are sent in the SPENGO mechListMIC in a
      r1439: Once we are authenticated, always return NT_STATUS_OK. (Makes SPENGO
      r1440: GENSEC improvements:
      r1441: Indentation and comment fixes.
      r1442: I was going to rename kerberos.c -> kerberos_kinit.c, but didn't.
      r1443: More changes towards Kerberos in Samba4's GENSEC.
      r1445: Ensure get_auth_data_from_tkt doesn't get into proto.h
      r1446: Another funciton to avoid in proto.h
      r1447: Fix compile.
      r1448: Indent this so proto doesn't pick it up.
      r1452: Thanks to Volker for spotting that this code was certainly not tested...
      r1456: Rename this parameter to avoid shadowing a badly-named GTK global.
      r1457: Add the GSSAPI layer to our gensec_krb5 code.
      r1458: Add a new configure option, to make it possible to both find errors,
      r1460: Avoid a compile warning.
      r1461: ntlm_check.c is a server-side peice of code, so it belongs in AUTH.
      r1462: GENSEC Kerberos and SPENGO work:
      r1474: It is useful if talloc_strdup() behaves like strdup()
      r1475: More kerberos work
      r1476: Don't print messages about the CCACHE not being found - this is normal.
      r1498: (merge from 3.0)
      r1521: Updates to our SMB signing code.
      r1522: Oops - I forgot this file in the prvevious commit.
      r1604: Samba4 avoids memcpy() as much as possible - we don't need to make a copy here.
      r1605: GENSEC krb5 updates - fix a valgrind found uninitialised variable, and
      r1685: Add the ability to lookup RPC auth types for the RPC-MGMT torture test.
      r1686: Don't use a void* for the context inside the SMB signing code.
      r1687: Fix bogus requirement for SMB signing on guest connections.
      r1723: Make sure we bail out on error in reading a OID.
      r1724: Add a new function to return the list of available OIDs.
      r1725: Remove a silly 'utility' function.
      r1726: Fix up the comments and indenting.
      r1727: SPNEGO session setup replies need to include the blob, even on error
      r1729: Make the SMB signing code more generic (to share more between client and servers).
      r1730: We cannot dereference c->tree here, as there is not a tree yet.
      r1731: Add server-side SPNEGO support to Samba (disabled, until SMB signing
      r1735: Clean up SMB signing - we don't have more than one 'real' way to sign
      r1745: More work on cleaning up SMB signing.
      r1746: Remove more cruft from the SMB signing code.
      r1752: Fix compile bugs on C (rather than C++) tolerant compilers.
      r1762: Ensure that a user (as opposed to guest) cannot login without SPNEGO,
      r1768: Add some debugs to assist in SMB signing debugging.
      r1769: Add a new torture test to check vuid properties, and SPNEGO/non-SPNEGO games.
      r1795: Fix the multiple session setup torture tests.
      r1796: Enable server-side SPNEGO, now that I have fixed the server-side SMB
      r1990: Fix breakage caused by the recent talloc changes.  (Failure to process
      r1991: After finding a talloc inconsistancy is a very good time to smb_panic(),
      r1992: Make the NTLMSSP torture test show more detail, and return failure etc.
      r1993: Allow WinXP domain logon to progress a bit further (it seems broken for me).
      r2035: Fix spelling.
      r2041: Fix NTLMSSP RPC sealing, client -> win2k3 server.
      r2047: Warn on 'declaration after statement' (breaks non-gcc).
      r2053: All RPC sessions 'want' a session key.  Of course, the key they
      r2054: Fix compile warnings/build failures on non-gcc.
      r2055: Add PRINTF_ATTRIBUTE to many more parts of the code, and a new
      r2056: Allow the compiler to check this format string.
      r2062: Fix a couple more of the printf warnings (real bugs).
      r2063: Ensure the first argument to a printf() like function (talloc_init()
      r2096: Enable use of NTLM2 for connections that do not got on to be NTLMSSP
      r2098: The first 8 bytes of this sig is not used in the 'is it correct' calculation.
      r2099: Get rid of another private ARCFOUR implementation from the codebase.
      r2119: Noticed by jra:
      r2220: Updates to the NETLOGON torture test.  This copes with 'long'
      r2281: Add a few comments.
      r2282: Remove one more magic constant from the source, replace with sizeof().
      r2283: Change from tridge (in his ntlm2 patch).
      r2284: Thanks to some great detective work by tridge, NTLM2 signing now works.
      r2285: Remove more static data, fix spelling in a comment.
      r2286: Fixes towards krb5 logins into Samba's CIFS server.
      r2287: Add static.
      r2288: Remove the claim/yield connection code - this will need to be redone
      r2290: Fix 'lsakey' for the server-side, it is static for
      r2307: Fix the use of 'raw' NTLMSSP to hosts that support extended security,
      r2313: Make these attributes case insensitive in the default provision.ldif
      r2504: Add printf attribute, for format argument checking.
      r2505: Remove unused function.  If/when we implement plaintext authenticaton
      r2506: Add more printf attributes for format checking.
      r2507: Allow a case-insensitive lookup when converting strings into NTSTATUS
      r2512: Remove unused stub functions.
      r2513: Avoid strupper/strlower when you can.  This developers module
      r2514: Remove unused funcions, and add static.
      r2515: Fixes from smbtorture - these session keys are not individually encrypted.
      r2534: Change NTLMSSP parsing to avoid a seperate str_chrnum() call - storing
      r2535: Make certain, that even if we have invalid ASN.1 here, and the caller does not check the return value, that we don't return uninitialised memory here.
      r2536: This is a classic case for the use of our new talloc code, and
      r2537: Add static and use strlen_m instead of str_charnum().
      r2541: Add a TODO:  This is one place we can grab the remote netbios name.
      r2542: I really don't like the 'substitute' code, and I particularly don't
      r2543: Catch one more use of sub_get_remote_machine().
      r2544: (missed from the last commit)
      r2545: str_charnum -> strlen_m.
      r2546: Remove another strupper_m() that we don't need.
      r2547: Another place to use convert_string_talloc().
      r2550: survive our own BASE-NEGNOWAIT torture test.
      r2551: Add const.
      r2552: Character set conversion and string handling updates.
      r2611: Try to make Samba4's ntlm_auth more consistant with Samba 3.0.
      r2612: Ensure ntlm_auth always logs to stderr.
      r2859: It seems useful to allow the seal/unseal functions in gensec to pass
      r3073: Fix bug in the handling of null-terminated ASCII strings in RPC.
      r3074: Add in a new 'field present' flag samr.idl for the Account Flags
      r3075: Initialise (and check for intialisation) of the private pointer to
      r3076: Fix memory leak.
      r3077: Add initial handling of Account Flags in SAMR user info level 21 and 25.
      r3078: Allow more things to be set as command line options to provision.
      r3079: make code more pretty :-)
      r3080: Make the Samba4 SAMR server pass the new, nasty torture test (now that
      r3104: My Win2k3 server, with current updates, still sends the LM key for level 6.
      r3109: Give krbtgt and our machine account a random password in provision.
      r3110: Fix the krb5 client and server, so that it doesn't segfault.  There
      r3115: Bugfixes and extra debug in our kerberos verify code.
      r3128: Return the correct error code for a secrets/kerberos login, but
      r3170: Add winbind client support back into Samba4.  This is to allow
      r3175: Add winbind back into includes.h (spotted by tpot)
      r3185: Machines can login with krb5, so we need to allow them to map to a unix account.
      r3186: Use the properties of the new talloc() system to handle the auth
      r3187: This 'optional' part of the ASN.1 in SPNEGO is required by Samba3 (but
      r3190: When we don't have a PAC, do a lookup in the local ldb instead.
      r3358: Try to put all the basic struct dom_sid manipulation functions in one
      r3359: Add magic auto-initialisation hooks here, to match the rest of
      r3361: Allow Samba4 (I'm interested in ntlm_auth in particular) to use
      r3362: Change netlogon.idl so we can parse the 'info3' seperate from it's surroundings, and rename user_id -> rid, as it could be a user or group id.
      r3364: Add parameter to fix the compile.
      r3365: Fill in the user and primary group SIDs into the 'server info' before
      r3394: Give the user a clue why we are blasting them with the usage brick.
      r3519: Include time headers to fix the build.
      r3524: Remove unused variable.
      r3541: Add support (to be verified with the squid team) for the Squid 3.0
      r3542: Re-indent, and fix a use-after-free by doing the talloc_destroy just a
      r3553: Allow talloc_reference to take a NULL pointer for the "ptr" argument.
      r3554: Use the new talloc_reference changes to simply the conversion of
      r3555: Fix auth_winbind to work with the new auth_util conversion code.
      r3556: Remove --enable-krb5developer and --enable-gtkdeveloper, as the new
      r3557: Use a switch, not a series of if/else if statements.
      r3558: We don't seem to need these as [public] any more.
      r3565: Move PAC parsing into the session_info generation, and out of the
      r3570: Export the user's group list from ntlm_auth, via a new command 'UG'
      r3572: Thanks to tridge for his patience with my build breakage.
      r3609: Lets spew out a few less error messages for tridge, and hope to get
      r3612: This appears to be the 'offical' way to initialise this struct.
      r3651: Add a new configure option --with-eparserdir
      r3652: Fix malloc-history dependent failures in smbtorture.
      r3653: Move Interactive login tests up with the rest of the logon tests.
      r3654: Add static and fix indentation.
      r3655: As required by the new torture test, add the LM session key output
      r3657: More netlogon torture.  We now test both function calls (SamLogon and SamLogonWithFlags).
      r3676: Add a negitive test for NTLM2 session security (which should not
      r3677: Seperate the SamLogon tests from the main RPC-NETLOGON test into a
      r3678: Remove testing code accidentily commited.
      r3679: We now know a few more of the Netlogon negotiate flags.
      r3680: Move the multiple runs of this test into a loop.  Also check that no
      r3686: The results of some work on the NETLOGON pipe:
      r3687: Gaah - I forgot to add the new file for the RPC-SAMSYNC test...
      r3716: Improvements in the RPC-SAMSYNC tests:
      r3721: We cracked the NTLM2 puzzle long ago, and set the flags elsewhere.
      r3723: Now that timestring() always returns talloc'ed memory, we don't need
      r3724: Rename a number of structures, for better consistance between SAMR and
      r3725: The new RPC-SAMSYNC test, complete with SAMR comparisons.  This is
      r3804: Add more comparison tests in RPC-SAMSYNC.
      r3805: Fix the LSA portions of the RPC-SAMSYNC test - I was not using the LSA
      r3807: Cross-check the basic attributes for groups and aliases in RPC-SAMSYNC.
      r3808: Put these in the same order as the IDL, to make it easier to spot what's unimplemetned (tests of the group members)
      r3885: Add security descriptor comparison to our RPC-SAMSYNC test.  We now
      r3904: * Add new LSA calls to open trusted domains
      r3905: (oops, missing file: samsync.c)
      r3907: * Rename lsa_Name to lsa_String
      r3908: We know that this field is a flag of some kind, and matches the output on LSA.
      r3909: Fix cross-reference test for trusted domains.
      r3917: A few more LSA RPCs found in my wanderings (for trusted domains, these
      r3919: Add more info levels to the QueryTrustedDomainInfo structures, with
      r3921: Cross-test SIDs in RPC-SAMSYNC, fix the build.
      r3922: Add yet another NETLOGON RPC.  This is another varient of SamLogon,
      r4342: Fix a memory leak in init_globals().
      r4349: Start to fix the long-standing pain that --with-krb5 would be ignored if krb5-config was in the path.
      r4354: The ldb databases do not go in lib/private, but in private/ under PREFIX
      r4355: More work from the elves on Christmas eve:
      r4356: Allow anonymous connections to use NTLMSSP.  The silly bugs that
      r4357: Return a more sensible error code if a NULL (as opposed to the valid
      r4358: At metze's request, the Christmas elves have removed gensec_end in
      r4379: Merge more Kerberos related configure checks (by jra, gd and Lars
      r4384: Try again to fix compiling against a specified KRB5 library.
      r4385: Set the correct target service.
      r4386: Grr, fix copy-and-paste bug.
      r4400: Pass rootdse.ldif past the subst code.
      r4441: gensec_krb5 update:
      r4459: GENSEC refinements:
      r4460: Add a new GENSEC module: gensec_gssapi
      r4470: Try not to have GSSAPI built unless we detected krb5.  We should split
      r4494: Allow gensec_gssapi to use the SPNEGO mech provided by Heimdal (off by
      r4499: Almost make our Samba4 server pass the RPC-SAMLOGON torture test.
      r4500: Allow GENSEC modules to be disabled by setting a flag on their module
      r4504: Setting
      r4510: Some more tests for RPC-NETLOGON, checking the idea that we could
      r4530: Start adding a bit of Doxygen compatible documentation comments to GENSEC.
      r4531: Include the OID locally, as it seems to be hard to get the includes
      r4565: Make the order of the initialisation more sensible.
      r4566: Fix Samba4 to pass it's own RPC-SAMLOGON torture test.
      r4567: Fix the build for metze.
      r4590: Make RPC-SAMSYNC pass againt Win2k3.
      r4594: Add more testes to the standard 'passes against win2k3' script.
      r4603: Test creating local and global secrets over LSA.
      r4610: You can't join as a BDC and test against trusted domains.  This test
      r4614: Fix RPC-SAMLOGON, to use the workstation context (forgot to globally replace).
      r4635: Fix NTLMSSP to return NT_STATUS_OK when it has constructed the auth
      r4636: Per tridge's wish (and probably correct behaviour), don't key off a
      r4641: Push a few more details into the schannel ldb, and into the
      r4657: This really should be made a structure, so we can't get it wrong, but
      r4658: (grr, commited wrong file last time).
      r4659: Revert -r 4657 committed by mistake, until I review and test the
      r4660: Test what we should return for a secret that does not exist.
      r4667: Don't follow a NULL pointer for an idle event handler.
      r4671: Expand the RPC-LSA test to set secret values twice.
      r4673: Fix the IDL for the QuerySecret LSA call.
      r4674: Test SetSecret behaviour for local and global secrets, when setting
      r4675: Prevent global warming, and save tridge's sainity by short-cutting the
      r4678: Add some const to LDB.
      r4679: Remove the void* from samdb.  We now use structures without full
      r4680: Make more efficient use of memory in SAMR:
      r4681: Another entry for structs.h
      r4682: A LDB-based secrets implementation in Samba4.
      r4691: Make the DCE-RPC bind code compleatly generic to the number of passes
      r4692: Make the client SPNEGO code bail out in a couple more cases.
      r4693: Add another test (RPC-MULTIBIND) that should always pass.
      r4694: 'fix' the behaviour for setting only the old, but not the new secret.
      r4695: Leave less memory handing around on long-term TALLOC_CTX.
      r4698:  - Initial implementation of trusted domains in LSA.
      r4699: Move the test_EnumTrustDom() test into the test_CreateTrustedDomain
      r4703: Add support for EnumTrustDomain, and expand the testsuite.
      r4706: Fix the build, after I renamed these elements in the IDL.
      r4708: Comparing with LDAP, it is clear that these 'flags' are in fact the
      r4713: Add initial support for QueryTrustedDomainInfo on LSA.
      r4720: Reformat, rename, and convert to enums parts of the LSA IDL specification.
      r4721: Changes to libnet_passwd to take advantage of the new easier to call
      r4722: Start to add 'net join' to Samba4.
      r4762: Store the results of a 'net join' in the LDB.
      r4763: Join Samba4 to itself during the provision process.
      r4764: Add some more structs to keep the proto.h compile happy.
      r4766: Add another useful helper function: samdb_msg_set_value()
      r4768: Until I can prove it, we should not have these elements marked as
      r4774: It appears the SensitiveData contains the password history, as the
      r4776: Add more debugs to SamSync test.
      r4890: Try to cope with mechanism mismatch in the client speaks first version
      r4893: Move to using secrets.ldb for the Kerberos verify, instead of
      r4895: I missed this in my previous 'use secrets.ldb' commit.
      r4897: Unbreak the LDAP server.  Somehow the generic service structures
      r4914: Fill in the realm for the self-join.
      r4923: Avoid using krb5-config in the path if a krb5 prefix was already set.
      r5086: Fix list of binaries to install:
      r5088: Push some of the heimdal tests into a 'if we didn't have krb5-config' block.
      r5089: Fix indentation.
      r5090: Fix up the IDL for LogonGetDomainInfo in NETLOGON.
      r5091: The Kerberos secrets are queried by realm
      r5092: Add a bit more const - moving it further into the LDB layer.
      r5093: Make debugs less confusing when a 0 NTTIME is printed.
      r5330: Remove #include <sys/time.h> from includes.h.
      r5334: Bah, it's all to hard...
      r5667: Move schannel state into libcli/auth (as it belongs with schannel,
      r5668: Add tests to RPC-SAMLOGON to test for user at REALM style logins.  These
      r5783: Test renaming of accounts in the RPC-SAMR test, and add support into
      r5876: Add a test account for the duration of the samsync - to ensure we have
      r5877: It is not an error to have a zero-length secret, after decryption.
      r5878: Be clear which machine name (We have one worksation, and one BDC) we
      r5879: Rename SAMR_FIELD_WORKSTATION to SAMR_FIELD_WORKSTATIONS - it is a list.
      r5895: Remove old auth_domain code - to be replaced with entirely new implementation.
      r5898: Handle errors in the 'sync' name and IP address handling code.
      r5899: Fix spelling.
      r5900: Use flatname to specify the netbios domain name (matches what win2k3
      r5901: Add another option to the test script - the realm, which must match
      r5902: A rather large change...
      r5903: While I can't test IPv6, metze asked me to commit a matching change
      r5941: Commit this patch much earlier than I would normally prefer, but metze needs a working tree...
      r5942: A couple of small changes to fix things up with the new credentials
      r5983: Start support for being a domain member in Samba4.
      r5984: Add index and attributes to default ldif for secrets.ldb
      r5985: Actually adding auth_domain.c in -r 5983 would probably have been a
      r5988: Fix the -P option (use machine account credentials) to use the Samba4
      r5992: Rename schannel.c -> schannel_sign.c.  The rest of the schannel code
      r6010: Change the testing order, so we test all transports for each binding
      r6024: Some of the ordering constraints on the popt callbacks were getting
      r6025: Remove unused variables.  This code will be modified again for the new
      r6026: Update the kerberos keytab code to match Samba3 again.
      r6027: Add copyright, and add a useful debug message.
      r6028: A MAJOR update to intergrate the new credentails system fully with
      r6030: Missing from previous commit, a small header file to link
      r6032: Fix up SetServerPassword2 on NETLOGON for [bigendian].  Clearly nobody
      r6033: Patch from 'lifeless' to clarify behaviour with NULL pointers.
      r6078: Correctly fix the failures for NT1 (not SPNEGO) session setups in the
      r6079: Add inline documentation on the credentials context API.
      r6094: Work on the Kerberos code recently merged from Samba 3.0.  This fixes
      r6113: Move GENSEC and the kerberos code out of libcli/auth, and into
      r6270: Move the VUID handling to a IDR tree.  This should avoid O(n)
      r6271: Don't zero the cli_credentials structure - instead allow valgrind to
      r6272: For 'programmed' use of an anonymous account, we should use
      r6286: Add back metze's test of setting a trust password to ''.  I removed
      r6309: Remove this file it is empty and unreferenced.  (In preperation for
      r6310: Rename password.c to session.c, and remove the linked list of all
      r6312: Metze reminds me this header is no longer required.
      r6313: Much better handling of LogoffAndX when the vuid is invalid (ie, don't
      r6314: A more complete RAW-CONTEXT test.  This Samba4 currently fails, but it
      r6315: Allow sane session setup behaviour on SPNEGO regarding VUIDs.
      r6451: Ensure we correctly initialise the credentials structure in the schannel test.
      r6452: This particular credentials feature needs to be NULL by default.
      r6453: Move verbose errors for the schannel 'not in the DB, or DB corrupt' error cases.
      r6454: Start to migrate NTLMSSP away from it's own API to just use GENSEC.
      r6455: Remove wrapper functions, and ntlmssp_end (which is well handed by talloc() now).
      r6456: The RPC-SCHANNEL test is an important test that passes against Win2k3 (well, not SP1, but we are working on that detail).
      r6457: Simply the RPC server code for the choice of GENSEC mech - it's just
      r6458: Split up NTLMSSP into a new directory, and into seperate files for the
      r6460: Push the client credentials into NTLMSSP, allowing logins of the form
      r6462: Move the arcfour sbox state into it's own structure, and allocate it
      r6463: Move NTLM2 and NTLM (v1) specific variables into a union for DCE/RPC.
      r6464: Remove the last of the Samba3 NTLMSSP API.  This removes the rudundent
      r6465: Use talloc_zero for the gensec_ntlmssp_state structure, as the history
      r6467: keep the compiler quiet with another entry in structs.h
      r6468: Fix LOCAL-NTLMSSP test with new NTLMSSP structure.
      r6498: Add comments in line with those I already added to 3.0.
      r6522: I have no idea why this change was made, but it not only breaks
      r6523: Another string that isn't filled in.  I wonder why this is, but for
      r6524: Fix the error we print when the RPC-ECHO test fails.
      r6525: Remove incorrect comment.
      r6526: Rename this RPC fault.  Everybody else calls this ACCESS_DENIED, and
      r6534: Patch from lieschen to fix our vital user creation tools :-)
      r6544: Use common structures between SAMR, NETLGON and the Krb5 PAC.
      r6565: Cludge, cludge, cludge...
      r6573: Start on my project to implement an NT4 compatible BDC in Samba4.
      r6582: Remove the hack that metze needed because Samba4 didn't have a samdump
      r6598: Make it easy to point the test_echo.sh at remote servers, without
      r6603: More work on the samdump puzzle.  This implements a function pointer
      r6698: Our domain join code requires that the secureChannelType be set.  Type
      r6699: Windows clients seem to ask for CIFS/, ie in upper case, so match it.
      r6700: Upper case realms in kerberos-specific parts of the code, as this is
      r6701: Updates to our server-side ticket verification code, we now use the
      r6702: Revert -r 6699, as I think this is a win2k v win2k3 issue.
      r6711: Clarify that we are dealing with a salting principal in the kerberos
      r6714: We can only ask GENSEC questions if we are authenticated.
      r6727: One more step down the long march to the 'Kerberos domain join'.
      r6728: Microsoft relies very strongly on getting the OIDs it expects, so we
      r6729: Fix silly copy-paste bug spotted by metze.
      r6736: Revert metze's -r 6734, as metze and I made the same changes at the
      r6737: Explain these error returns a bit better.
      r6738: My version of the patch by metze that I just reverted (-r 6734).
      r6791: My early notes on the particular things I have discovered as I learn
      r6792: Allow a mech to fail on the first pass at the packet, and still fall
      r6793: Move auth_sam to use the dnsDomain rather than the
      r6796: Remove the gensec_gsskrb5 module, which had had all of it's special
      r6798: Valgrind pain is not something I look forward to - if we ever fall
      r6799: Remove a rudundent variable from the context structure - we can figure
      r6800: A big GENSEC update:
      r6801: It appears that krb5_make_principal, while convenient, is not portable.
      r6803: Try to bring in the correct GSSAPI headers for the krb5 mech.  This
      r6806: Try again to fix the build on various kerberos libs.
      r6811: Another attempt at better kerberos/gssapi headers.
      r6819: More notes on krb5 requirements
      r6879: Another attempt at including the 'right' kerberos headers on
      r6882: Put in configure tests and #ifdef to keep Samba building on older Heimdal.
      r6883: Move to what simo assures me is the 'correct' way to find the NetBIOS
      r6902: Turn the LDAP server on by default.  It is no worse than the others...
      r6927: Make it easier to program with the SamSync callback interface, perform
      r6928: Add support for printing trusted domain names, sids and passwords in
      r7043: Patch from Julien Kerihuel <j.kerihuel at openchange.org> to reenable
      r7203: Fill in the error message and fail if we can't open the secrets database.
      r7204: Also fall back to different password set methods on WRITE_FAULT, as
      r7218: Don't use an uninitialised variable in an error message.
      r7219: Don't allow 'binding' to be used uninitilaised.
      r7220: Fix comment
      r7221: Add the start of a KDC service (to be built on a 'libkdc' from a to be
      r7226: Forgot file to disable building the new kdc
      r7240: Don't call our fancy error message routines on a null context.
      r7241: The KDC almost links...
      r7257: Ensure the error message can never be uninitialised.
      r7258: Fix the final linking error with libkdc - we need to link libhdb as well.
      r7259: Move the recv handler out into a seperate function (suggestion from
      r7269: talloc_steal() is preferred where possible, as it can't fail and does
      r7270: A big revamp to the way we handle kerberos errors in Samba4.  We now
      r7285: It appears that MIT Kerberos does not have the log redirection
      r7291: Additional notes on what we require from a kerberos implementation.
      r7292: Fix up the build system support for derrell's sqlite3 ldb backend.
      r7293: Turn sqlite3 support off by default, use --with-sqlite3 to re-enable.
      r7304: Make the libkdc actually work:
      r7306: Use a consistant #define for detecting support for the Heimdal krb5
      r7367: Replace the list of what our internal heimdal can do with data from a
      r7378: Lowercase netbios name when forming the DNS name of the DC in the
      r7508: Fix memory leak of outgoing packets in the KDC.
      r7509: With the update to Heimdal 20050612 we no longer need krb5_freelog(),
      r7520: Fix memory leak in hdb-ldb.c
      r7521: Remove useless loops from SAMLOGON test, which speeds it up a lot.
      r7525: Unify lp_load(), load_interfaces and logging setup into popt().
      r7530: Simply calling convention of lp_load().
      r7531: Finally fix lp_load().  I had left hooks in place which restricted us
      r7637: Another useful Heimdal feature we need.
      r7651: Only convert SERVER requests to KRBTGT requests.
      r7673: With current Heimdal we don't need this (correct) fix.
      r7674: Fix the printf() attribute suggestion by correctly prototyping, then
      r7675: Use correct memory context for anonymous session setup auth context
      r7676: Make VUID and TID choice random, as this gives us protection against
      r7680: Move to using our own private enum for the principal type inside the
      r7681: This #define is unused.
      r7682: Move the properties of our heimdal build from heimdal_build/config.h
      r7683: The other file from the last commit.  And it's include/system/kerberos.h that I'm putting the #defines in...
      r7684: Add a test aimed at checking we have agreement between client and
      r7685: Simply the test for session key logic, so we pass against NT4.
      r7686: Check for a type of invalid account name.
      r7687: Some more tests that must be done only when krb5_config is absent.
      r7688: Fix the internal heimdal build - push one #define back to
      r7689: Add new file from previous commit (seperate file for session key test).
      r7690: Move the NT hash generation into the credentials system, rather than
      r7756: Don't segfault by trying to search for the NULL DN, if the wrong
      r7757: Add NTLMv2 support to the NT1 Session setup (ie, not SPNEGO/NTLMSSP)
      r7758: When not running on the build farm, print out the failed command line again.
      r7765: Thanks to Maurice Massar <massar at unix-ag.uni-kl.de> for spotting that
      r7827: Add in-memory keytab to Samba4, using the new MEMORY_WILDCARD keytab
      r7843: Use the new Heimdal gsskrb_acquire_creds API.  This has the right
      r7862: Updates to the Kerberos notes, based on recent changes and discoveries.
      r7935: auth_unix now uses crypt(), so depend on -lcrypt.
      r7965: Remove the GENSEC password callback structure members, as these are no
      r7966: We need a better way to do this, but enable the KDC by default, if we
      r7967: We don't have the ms_krb5 stuff any more.
      r7968: Pull the PAC from within GSSAPI, rather than only when using our own
      r7969: It seems reasonable that our tickets be marked renewable, in the
      r7970: This SMB signing code (merged from 3.0) turned out to be bogus.
      r7971: structs.h update
      r7978: A start again on PAC verification.  I have noticed that the kerberos
      r7979: Metze reminded me to try one more combination, and we can now verify
      r7980: Forgot to add kerberos_pac.c to this config.mk file.
      r7986: Fix the compile, thanks to HotaruT.
      r7988: Store the KVNO for the machine account, and set it up in the provision.
      r7989: Allow the use of hashed passwords in the kerberos client and server,
      r7990: An attempt at documenting the current state of cludges required to get
      r7991: I forgot to free the keyblock once we are done with it.
      r7993: Further work on the Krb5 PAC.
      r8000: It seems make proto is required, for reasons I can't explain.
      r8001: Also fill in the krbtgt checksum, and make sure to put the right
      r8013: Remember to add the header containing the prototype for the pac
      r8016: Get the keyblock arguments correct.  (the context struct changed, but
      r8108: Fix indentation, and remove a discard_const_p() that we don't need any more.
      r8109: Try to print out more helpful debug messages on DCERPC server-side
      r8110: More PAC work.  I still can't get WinXP to accept the PAC, but we are
      r8112: Remove extra headers, and add #ifdef to allow the 'not yet using
      r8161: Update Samba4 for the new Heimdal update.
      r8162: Revert my pad8 hack.
      r8181: Allow host/foo.realm/realm at REALM requests, assuming that the realm
      r8245: Add const.
      r8246: Don't try and set the element after the end off the array to NULL.
      r8248: Make these comments more accurate.
      r8249: Clarify (with a comment) why we are playing these games here.
      r8250: More PAC work.  We now sucessfully verify the KDC signature from my DC
      r8252: Steal metze's thunder, and prove that with a few small tweaks, we can
      r8511: This 'can't happen', but GCC gives warnings because it thinks it can.
      r8644: This is a more useful error than unsuccesful.
      r8650: Use the timestamps and a new objectguid module rather than placing
      r8660: Use templates for the initial provision of user and computer accounts.
      r8662: Revert change to CN=Cert Publishers, this group still needs to
      r8663: Since simo constructed the samdb module, he and tridge have worked on
      r8664: I got caught out not testing...
      r8666: The same fix as the last commit, I was caught out on a move from a
      r8667: Further simply the provision script, by removing the 'name' attribute.
      r8669: The objectguid module belongs in Samba's ldb module collection, not in
      r8670: Remove GUID code from SAMR, it is handled lower down now.  I notice
      r8674: With the rdn_name module, we don't need this duplication in the samdb
      r8677: The first part of the domain name may not be equal to the netbios domain name.
      r8699: removed invalid comment
      r8700: Propmted by tridge's need to do plaintext auth in ejs, rework the
      r8701: Fix up auth_developer for recent changes.
      r8706: My previous patch oversimplied the previous change to session setup -
      r8738: Test (using ejs!) the basic operation of the ldb modules.
      r8740: Extend the rdn_name module to handle adding the rdn as an attribute.  ie:
      r8741: Kill warnings about enums not fully enumerated, as we will never use
      r8744: Split 'net samdump' out into a separate file
      r8752: With all the infrustructure done, details like a SamSync migration
      r8771: Extend the SamSync code out to groups and aliases, as well as deleting.
      r8772: Include the ldap ejs test in the standard 'make test'
      r8775: More SamSync work.  This is really just mechanical...
      r8790: Finish the migration of aliases and privilages with SamSync, by adding
      r8791: (missing from previous commit)
      r8792: Clarify comments
      r8820: Push this common block of code into the caller.
      r8823: I don't know why I added this test, it appears bogus.
      r8824: Fix indentation, and don't send 'invalid' LM password.
      r8844: Actually, both types of provision wipe the DB.  But we do need a way
      r8846: Test yet more NTLMv2 combinations.
      r8847: Rework the Samba4 'net join' code.  I'm trying to get this closer to
      r8854: #if 0 out the right things this time.  (Sorry about the build breakage)
      r8855: Share this enum (describing the SamSync databases) between nbt and netlogon.
      r8901: Fix ntlm_auth segfault (invalid free()).  We have moved to talloc
      r8939: Do an open domain in the schannel SAMR test.  This should test some of
      r8952: Partial work commit to find the DN of the new machine account - we
      r8970: Add 'ADS' join support to Samba4.
      r8980: Make Samba4 honour account control flags (we were asking for a
      r8981: Add comments, fix typos (in attribute names) and check for errors in
      r8982: "name" is not the netbios name, but the RDN.  Return the correct
      r8983: The KVNO (Kerberos key version number) should be incremented with
      r8984: Use the correct cross-reference search in DRSUAPI, rather than making
      r8986: As far as I can tell, given the ldif I get from behind this, we have a
      r8998: More work on the RPC server code to avoid abusing the name attribute
      r8999: Use the timestamps module to ensure we update times.
      r9011: Remove more references to "name" as a netbios name, using the
      r9015: Fix access to BUILTIN again.
      r9016: More work to avoid abuse of the "name" attribute, this time on
      r9022: One more step in the game of whack-a-mole with the PAC.
      r9084: 'resign' the sample PAC for the validation of the signature algorithms.
      r9085: Missing structs.h entry.
      r9165: Fix inverted error check in untested code path.  (My untested code...)
      r9166: This checks more of auth subsystem in the PAC test.
      r9167: Further PAC parionia:  ensure the checksum fails if we modify it.
      r9217: Add 'make clean' hooks to the ans1 depedency generator.
      r9221: Try to merge Heimdal across from lorikeet-heimdal to samba4.
      r9233: Ensure that the output variable is initialised in this conversion from
      r9234: Ensure we always change the end of the PAC, no matter what it is.  Fix
      r9235: Remove attribute search we no longer reference.
      r9305: Use the check-var.m4 from roken to really, really detect h_errno correctly.
      r9396: ntlm_auth updates, including again support for the NTLMSSP client
      r9406: Add const.
      r9411: Ensure we don't send a challenge without first getting a negotiate in
      r9412: Simplfy this NTLM authentication code by requiring the caller to
      r9413: Bring Samba4 back up to date with lorikeet-heimdal.
      r9414: Fix failure to find own domain info due to recent ldb_dn upgrade - we
      r9415: Remove old kerberos code (including salt guessing code) that has only
      r9416: Cleanups inspired by jra's work to migrate Samba4's NTLMSSP code back
      r9417: Ask for the ASYNC_REPLIES feature, as will want that.
      r9418: SPNEGO fixes:
      r9419: Silly, silly, untested mistake...
      r9420: Fix the SPNEGO system again: Update the state position after
      r9421: Move arcfour code into it's own file, in lib/crypto.
      r9422: Include crypto.h header.
      r9490: Fix typo
      r9505: Work on GENSEC and the code that calls it, for tighter interface
      r9516: Try a full-on matrix test of all the combinations in DRSUAPI
      r9547: A pile more completeness testing for DsCrackNames.
      r9678: Remove unused variables.
      r9680: Update Heimdal to current lorikeet-heimdal (which was itself updated
      r9681: We don't need the full smb_krb5_context here, so just pass the krb5_context.
      r9693: Move the smb_krb5_context setup code to use the new pattern of
      r9696: Update prototypes for new name of short parsing function.
      r9701: Provide correct parameters.
      r9727: A simplier test I can aim at passing when I get the cracknames code done.
      r9728: A *major* update to the credentials system, to incorporate the
      r9731: Fix typo
      r9733: Test conversion from known sids in CrackNames.
      r9772: Make credentials callbacks more consistant with the abstraction
      r9778: Test for particular error returns, rather than just OK/not OK.
      r9859: Enable (blocking) KDC resolution with DNS.
      r9861: I need to convert this to table-driven, but anyway...
      r9877: Merge from lorikeet-heimdal, to try and fix build failures.
      r9878: This is getting a bit out of control, but a few more tests.
      r9927: Extend copyright for all the hard work I've done this year.
      r9928: ncName is a DN, and needs to use DN matching rules.
      r9929: Fix indentation
      r9930: Use a single samdb_base_dn() function rather than lots of silly
      r9931: Make use of new 'norealm' parsing functions rather than strchr(p '@').
      r9940: When guessing, don't make DEBUG(1,... errors.
      r9941: Update the CrackNames test, and provide a much improved server-side
      r9942: CN=Configuration is always under the database-wide base dn, so don't
      r10021: More kerberos notes.
      r10022: Merge tpot's fix for IRIX and AIX_rea build problems from lorikeet-heimdal
      r10035: This patch removes the need for the special case hack
      r10044: Microsoft has defined this bit:
      r10045: metze reminded me to use the correct enum entry, rather than 0 for the
      r10066: This is the second in my patches to work on Samba4's kerberos support,
      r10072: Fix mismerge weridness in error handling.
      r10145: Allow a variable length signature, so we can support signing with
      r10146: Clarify which test is failing in error messages.
      r10148: Use samdb_base_dn() to find the local domain.
      r10149: Update Samba4 to current lorikeet-heimdal.
      r10153: This patch adds a new parameter to gensec_sig_size(), the size of the
      r10155: Add more notes on required gsskrb5 functions.
      r10171: This seems to work for encoding/decoding a PAC at the buffers only
      r10174: This patch implements generic PAC verification, without assumptions
      r10286: This patch is ugly and disgusting, but for now it works better than the other
      r10291: The patch optionally (off by default, not available in all cases) allows
      r10292: This is set below from lp_server_role().
      r10314: Apply the controvertial 'server role =' patch after discussion on the list:
      r10337: This grubby little hack is the implementation of a concept discussed
      r10345: Add more add-hock tests.
      r10364: Turn gensec:gssapi on by default, except for a login of the form
      r10372: Having gone to all the effort to uppercase the realm, actually set the
      r10373: Fix segfault in LookupSids.
      r10382: In the absence of client support for the full KDC-side
      r10383: This patch is on the road to implementing servers (such as kpasswd) that
      r10386: Merge current lorikeet-heimdal into Samba4.
      r10387: By exporting KRB5_CONFIG pointing at a file of our choosing, we can
      r10398: Don't do DNS lookups on short names (no .).
      r10402: Make the RPC-SAMLOGON test pass against Win2k3 SP0 again.
      r10440: Start passing against Win2k3 SP1 again, with the NTLMv2 changes
      r10464: Use more consistant names.
      r10486: This is a merge of Brad Henry's 'net join' rework, to better perform
      r10488: (Missing file from previous commit, adding a new RPC-JOIN test)
      r10520: The join is a nice quick RPC test.
      r10561: This patch takes over KDC socket routines in Heimdal, and directs them
      r10562: Ensure we initalise the error table with hdb errors.  This ensures we
      r10563: a null 'join' is a no-op.
      r10564: Make the RPC-SCHANNEL test use the libnet_join code via torture_join_domain
      r10565: Try to make Kerberos authentication a bit more friendly.
      r10566: Clean up error messages to provide more accurate info.
      r10593: Add printf attribute
      r10595: Use a server name of 'localtest' not 'localhost', so we can move to
      r10596: Move the credentials code into it's own subsystem, and push it under auth/
      r10597: And add the .mk files for the new credentials subsystem.
      r10598: Factor out common code, in preperation for a move elsewhere.
      r10599: Use localhost again for now, until I trace where we are leaking name lookups.
      r10670: Add notes on things that are TODO in Samba4 kerberos land.
      r10695: strupper() of NULL should be NULL, not panic.
      r10696: Return the realm to the caller, not NULL...
      r10697: Change the torture join code to return a credentials structure, as
      r10701: Ensure we return the right user handle.
      r10702: Fix a silly error that caused a rejoin/delete in the torture code to fault...
      r10703: Add a new user account, change the password and test it in the SAMLOGON test.
      r10711: An error of 'user exists' is not an error, just an indication of how
      r10712: Use data_blob_talloc, thanks to valgrind for finding the errors.
      r10763: PROOF of the single, easily understood cause of all of our schannel PAIN!
      r10764: To match Win2k3 SP1, we need to set an anonymous user token for
      r10791: Add copyright, fix comments (this isn't the timestamps module any more)
      r10796: Make getting an anonymous session info a utility function.
      r10800: Indent
      r10803: Remove a duplicate krbtgt test, and add a test looking for the
      r10804: Move the DRSUAPI cracknames test into a seperate file, and collapse
      r10805: Move RPC-SAMLOGON to C99 initialisation
      r10806: Add missing file.
      r10807: Make the split-out files actually compile...
      r10809: Add struct decl
      r10810: This adds the hooks required to communicate the current user from the
      r10811: Revert accidental commit, I still need to finish the displayName and
      r10812: Fix capitalisation (thanks tridge).
      r10820: Use talloc_get_type as suggested by tridge.
      r10844: Add challenge-response authentication to Samba4's winbindd for VL.
      r10845: Add new function to decrypt the session keys in samlogon responses.
      r10847: Fix up new 'decrypt samlogon reply' routine to be more robust, and use
      r10855: Put the domain SID in secrets.ldb by default, and add http as a
      r10945: Free the salt after we are done with it.  May need a merge to similar
      r10946: Use the right name for the remote workstation, and always initialise it.
      r10950: More cracknames variations (including expected values) than you can
      r10953: Add a new function to form a canonicalName out of a DN to ldb_dn.c
      r10956: Tridge thought some comments might be a good idea :-)
      r10980: Use ldb_attr_cmp and ldb_dn_escape_value
      r10981: Pull code to decide between and implement NTLMv2, NTLM and LM
      r10982: Move credentials.h into auth/credentials, and add flags needed by
      r10983: Another case were we want to avoid DNS for unqualified names.
      r10985: To aid in testing, this allows us to easily force kerberos to use UDP or TCP.
      r11106: Make the KDC handler plugable, as I want to drop kpasswdd into exactly
      r11194: Use the special ldb attribute "canonicalName" (therefore testing that
      r11195: Add a new helper function (needed by my kpasswdd work, but hooked in
      r11196: Clean up memory leaks (pointed out by vl), and handle the case where
      r11197: indent
      r11198: The recent changes to netlogon changed this from a RID to a SID.
      r11199: Push an objectSid into the schannel state database, to match the new header.
      r11200: Reposition the creation of the kerberos keytab for GSSAPI and Krb5
      r11201: New filters for searching in secrets.ldb
      r11202: Add more structs to structs.h
      r11203: Use different variable names to make it easier to tell which assert fired.
      r11204: Allow us to read credentials from secrets.ldb without a
      r11205: Another test for cracknames.
      r11206: It appears to me that any account may operate as a server.
      r11207: Correct principal search define
      r11208: Add DNS entries for finding the kpasswd server to the default zone.
      r11209: We can't read the priorSecret unless we ask for it.
      r11212: Enable sealing of data with raw krb5, consolidate some code into the
      r11215: Remove no-op prompter intended to work around bugs in old kerberos libs.
      r11216: Upgrade to gd's PAC extraction code from Samba3.  While I still want
      r11217: Ensure the realm is substituted in UPPER case.
      r11218: Always return the mutual authentication reply (needed for kpasswd),
      r11219: Now that we have the credentials hooked in here, we have a much more
      r11220: Add the ability to handle the salt prinicpal as part of the
      r11221: I don't quite know how I tested this before, but clearly I didn't.
      r11222: Small provision fixes: canonicalName is now generated, and the DC=
      r11223: Only pass around the ldb handle (make this code easier to seperate
      r11225: Remove pointless goto.
      r11226: Cope with Samba3's behaviour on LDAP with GSS-SPNEGO.
      r11239: Use ${REALM} for the realm in rootdse.ldif
      r11270: Move the core CrackNames code from rpc_server/drsuapi to dsdb/samdb.
      r11272: In trying to track down why Win2k3 is again rejecting our PAC, ensure
      r11273: Initialise the new server_info->logon_server element.
      r11282: Fix memory leak in LOCAL-PAC test.
      r11287: Understand the new behaviour of the LSA pipe on ncacn_ip_tcp in Win2k3 SP1.
      r11288: Fill out LSA LookupNames4 and LookupSids3, including a server-side
      r11289: Fix comment.
      r11290: Make it clear that Heimdal is always included, no need for the test
      r11291: Fix implementation of LookupNames4.
      r11293: Use the right search when forming the data for the PAC.
      r11294: Update Heimdal in Samba4 to lorikeet-heimdal (which is in turn updated
      r11297: Move the RPC-SCHANNEL test to using the credentials system for
      r11298: Consolidate the 'short' samlogon tests, and move to using the
      r11310: Free the 'if_relevent' portion of the PAC when we build it.
      r11312: Make it clear we are looking at the 'domain ref', not the domain
      r11313: Typo
      r11314: Use a patch from lha to have the kerberos libs extract the PAC, rather
      r11315: Sorry gd, I just removed all of your code that I just merged...
      r11316: Kill off a bit more of the old secrets system...
      r11317: An ugly hack to setup the global gssapi_krb5_context early, when we
      r11321: Fix typos in warnings.
      r11322: Start moving towards using the cracknames code in the KDC.
      r11325: Fix up some kerberos notes.
      r11333: Push service principal lookups into the cracknames code, rather than
      r11334: Print error status in debug.
      r11339: Fix the build by adding the serviceprincial name cracknames helper.
      r11342: Remove unused variables.
      r11348: Fixes for 'net join':
      r11349: Actually add all the new spns...
      r11350: Add some debugs to assist tracking down kerberos issues in future.
      r11351: Another add-hoc test.
      r11352: Add newly discovered (via the radiator lists) flags for controlling
      r11355: Test for error returns when we don't specify the newly discovered
      r11356: More cracknames work. This copes with a lookup for a
      r11357: Add more standard 'servicePrincaipalName' entries to our host account
      r11358: Ensure domains are always upper-case as well.  Helps NTLMv2.
      r11359: More lovely cracknames tests...
      r11360: Pass down a flag indicating that this is an 'old password', and to
      r11361: Test user at DOMAIN userPrincipalNames
      r11366: Pass around the flags which indicate if we should support plaintext
      r11367: Ensure to intialise the new logon_parameters (0 for session setups).
      r11370: Samba4 now passes it's own RPC-SAMLOGON test again.
      r11371: Fix the ntlm_auth build.
      r11372: Now RPC-SAMLOGON works, place it into the default 'make test'.
      r11373: Handle an apparent alias in NBT ntlogin replies.
      r11374: On request from VL, put the plaintext auth patch in.
      r11393: Avoid error messages and get more correctness with long plaintext passwords.
      r11394: Allow KDC unreachable as another 'forget about gssapi' error on SPNEGO.
      r11399: Add another case where we need to fallback, if the KDC isn't there.
      r11401: A simple hack to have our central credentials system deny sending LM
      r11402: In response to comments by volker, expand our Netlogon DsRGetDCName
      r11404: Another torture test and a new WERR.
      r11405: Ensure we can never have secret4 be uninitialised.  Found after
      r11406: Clean up uninitialised value warnings found by -01.
      r11407: Push 'recreate account' logic into libnet/libnet_join.c.  We don't
      r11409: The use of 'password server = ' here is still bogus, but for now at
      r11410: Fix rejoin as a BDC by modifying, rather than trying to recreate, the
      r11411: Add to Samba4 the Samba3 patch I just posted for machine account
      r11412: These comments may not be much, but my eyes scan code with even
      r11413: More comments, plus always check (and update) the credentials chain,
      r11414: Add passing around of logon_parameters to Samba4 auth_winbind
      r11437: Fix (valid!) use of uninitialised value warnings.
      r11438: Move enum samr_RejectReason into misc.idl so I can use it in a global
      r11439: Make presedence on strcmp comparison clear, and fill in
      r11440: Actually check the right thing for 'is this a machine account' (thanks metze).
      r11441: Remove the auth_domain module from Samba4, as we will only do things
      r11442: Don't use BASE-NEGNOWAIT any more.  It is a mostly meaningless test.
      r11452: Update Heimdal to current lorikeet, including removing the ccache side
      r11453: Fix warning, for a case that just can't happen.
      r11462: Fix the build:  somehow I lost the header for this samba-specific hack.
      r11466: Clear up some memory leaks in smbclient.
      r11468: Merge a bit more of init_sec_context from Heimdal CVS into our
      r11469: Fix typo, and use the correct (RFC4120) session key for delegating
      r11470: To a server trusted for delegation (checked for in the gss libs),
      r11471: Describe how kerberos forwarding works with the ntvfs.
      r11477: This seems really nasty, but as I understand it an attacker cannot
      r11497: Don't name parameters 'floor'.  Rename fl and floor to epm_floor for
      r11512: fix typo
      r11513: Add the ability to use the local machine account instead of a static
      r11514: Fixup debug message
      r11520: indent
      r11521: Add in client support for checking supportedSASLmechanisms, and then
      r11522: Add support for delegated credentials and machine account credentials
      r11523: Working towards having Samba3 join Samba4, this allows the SASL
      r11524: More work on our hdb backend in the KDC.
      r11525: Move lookups (including the attribute search) for users from
      r11529: Disable DNS lookups for forwarded credentials, unless really, really
      r11536: Add a hook for client-principal access control to hdb-ldb, re-using
      r11537: Make the authsam_account_ok routine callable by external users (the KDC).
      r11538: More notes on things we need.
      r11540: Some notes to myself on RFC complience.
      r11541: More logical (I think...) delegation semantics.
      r11542: Add the netbios name type.  We will need it when we start to handle
      r11543: A major upgrade to our KDC and PAC handling.
      r11544: Allow delegation in a Samba4 realm.
      r11545: Remove old #define.
      r11568: Debuging aids: Let the administrator know when a key/entry expired,
      r11572: Add support for accountExpires and password expiry (should cause the
      r11928: More Kerberos musings...
      r11929: Add static, comments.
      r11930: Add socket/packet handling code for kpasswdd
      r11931: Add a short README explaining what this directory is all about.
      r11940: Love has clarified why this code does what it does.
      r11987: Clarify the accountExpires behaviour in the KDC.
      r11988: Setup the sessionInfo just before the connect, rather than earlier
      r11989: Rather than grabbing the machine account details at this point, grab
      r11990: Set the password set time as 'now', so it isn't expired back in 2004.
      r11991: Null termainte the list of backends.  (Makes it easier to walk the list).
      r11992: Potentially allow SPNEGO to be disabled (as occours on WinXP
      r11993: As well as making an in-MEMORY keytab, allow a file-based keytab to be updated.
      r11994: This function no longer needs a special declaration.
      r11995: A big kerberos-related update.
      r12000: Update to current lorikeet-heimdal, including in particular support
      r12035: Fix memory leaks in the KDC.
      r12036: Fix more KDC memory leaks (and there are probably still more...).
      r12037: Fix malloc corruption caused by double-free(), where realloc(ptr, 0)
      r12056: Some clarification fixes for the keytab code, and use the right
      r12058: Set an anonymous fallback, if the machine account isn't available.
      r12059: Use random keytab names (so we get different keytabs, rather than
      r12060: Work towards allowing the credentials system to allow/deny certain
      r12061: Add missing file to previous commit.  This provides a hook on which to
      r12062: SASL negotiation now requires a gensec_security context, so that we
      r12178: Make ldb_ildap work against localhost again, by setting the event
      r12179: Allow our KDC to use LDAP to get to the backend database.
      r12227: I realised that I wasn't yet seeing authenticated LDAP for the ldb
      r12232: I hate SWAT code being outside 'source'.  Add in code to push the
      r12252: With this change (hack) we can now do an provision onto Samba4's LDAP
      r12267: Try to avoid segfault in kerberos libs, because we talloc_free()'ed
      r12268: Use transactions to ensure that the schannel db is consistant.
      r12269: Update to current lorikeet-heimdal.  This changed the way the hdb
      r12310: Link simple bind support in our internal LDAP libs to LDB and the
      r12320: Add command-line processing hooks for simple bind DN, and password callback.
      r12327: ENT_TYPE_ANY isn't used anywhere in Samba4, so don't implement it in hdb-ldb.
      r12360: Add simple bind support into our LDAP server.
      r12361: Add a new function: ldb_binary_encode_string()
      r12362: Along with a cracknames change in the previous commit, this should
      r12373: Add RPC-JOIN as a test to always run.
      r12381: Try not to segfault on an anonymous LDAP bind, and map to a guest login.
      r12382: Ensure to return OK on anonymous mapping.
      r12383: Fixes for Apple's AD client.  Don't segfualt in the KDC, and they
      r12384: I can't spell...
      r12411: Add 'net samdump keytab <keytab>'.
      r12421: Handle the case where we are a joining as different account types far better.
      r12422: Some kerberos comments and clarifications.
      r12423: Remove DEBUG(0) printouts in favor of more information to the caller.
      r12427: Move SAMR CreateUser2 to transactions, and re-add support for
      r12430: Clarify libnet_join code. Add/fix comments.
      r12432: Re-indent and consistantly cancel the transaction.
      r12433: Add comment describing this function.
      r12436: Fix Samba4 as a server to Win2000 for the domain join.
      r12439: No need to keep walking this list if we find the match.
      r12502: A bit of work on the RPC-SAMR torture test.  Prove that ridToSid is
      r12503: This function was just too simple to leave unimplemented.
      r12504: Fix one more transaction cancel bail-out path, and correct comments.
      r12505: Cope better with NT_STATUS_PASSWORD_RESTRICTION (due to minimum
      r12506: Fix up issues shown up by the expanded RPC-SAMR testsuite, and add ldb
      r12507: This file has had my grubby paws all over it ;-)
      r12533: Get the ldb.errstring() out to the user on failure.  It helps a lot
      r12534: Make the transaction code fill the error string on failure.
      r12538: Clarify why we are doing the delete here.
      r12540: Provide more information in the ldb error string.
      r12553: Steal the error string onto this context, so that the caller doesn't
      r12594: Jelmer pushed some proposed header reductions to the list today.  This
      r12595: There was no comment on the mailing list, so kill the 'ldapsrv:samdb'
      r12596: This variable is unused.
      r12597: One less void *
      r12598: Make the 'objectClass' part of the templating process actually work.
      r12599: This new LDB module (and associated changes) allows Samba4 to operate
      r12600: Add a new module to sort the objectclass attribute on store.  The
      r12601: Syncronise both copies of dlinklist.h.
      r12625: More 'useful' names for the DNS zone.
      r12627: This magic comment keeps minimal_includes.pl from suggesting the
      r12629: Add a comment so minimal_includes.pl doesn't try and remove this.
      r12630: Remove attributes which should be automaticly generated.
      r12631: Now we have fixed the provision script, we don't need to work around
      r12632: Build fixes from Brad Hards <bradh at frogmouth.net>
      r12681: Allow an entry to have no kerberos keys.  This occours when an entry
      r12682: This patch finally fixes our kpasswdd implementation to be compatible
      r12683: Fix declaration and initialisation placement.
      r12684: A better error code for SAMR transaction failures.
      r12685: Add comments on builtin LDAP and KDC.
      r12686: Push the real SASL list into the rootdse.
      r12687: Push the real list of supported GENSEC mechanisms out on
      r12708: This is equivilant, but doesn't cause a warning.
      r12710: Fix socket_wrapper: Make sure to fill in the socket family on the
      r12716: Tridge points out that the request argument to ldb_next_request must
      r12717: Always compile the skel module, so we know when we break it.
      r12718: We don't use unicodePwd directly any more.
      r12719: Rename unicodePwd -> sambaPassword.
      r12720: By metze's request, rename the ntPwdHistory attribute to
      r12728: Revive testparm.
      r12729: Implement the --section-name option, for dumping only one section.
      r12730: Reimplement --parameter-name, and bring in common samba options.
      r12731: Simplify and re-implemenet support for --parameter-name=foo
      r12732: This option does nothing.
      r12738: Use a talloc_reference to ensure this doesn't get free()'ed too early.
      r12739: Add support for using credentials in the provision process.
      r12744: For correctly written scripts, we don't need this anymore.  Only use
      r12746: An initial version of the kludge_acls module.
      r12747: Add a couple more token tests, used by the kludge ACL module.
      r12749: Fix the newuser script.
      r12750: Clean up more asn1 generated files (pointed out by <HotaruT>).
      r12751: Another make clean fix.
      r12752: Clean up compile_et and asn1_compile as well.
      r12753: Try to fix the build after a 'make clean'.  (the wildcards will not
      r12762: Simo correctly asked that the policy logic (which attributes contain
      r12763: Oops.  If you call ldb_search from within an ldb module's search
      r12782: Don't segfault if we cannot setup messaging.
      r12804: This patch reworks the Samba4 sockets layer to use a socket_address
      r12807: I'm wondering if this might fix AIX on the build farm...
      r12808: Actually, with that we can avoid roken compleatly.
      r12813: Remove unused file to avoid confusion.  We now go via the auth
      r12816: Ugly hacks to the auth_unix code to make a SYSTEM token for root.  If
      r12817: Create a ESP variable with the struct socket_address * in it, so we
      r12818: When denying an operation, include what we think the username is in
      r12819: Fix swat authentication again.  We need to pass the socket_address
      r12820: Remove duplicate entry caused by merge.
      r12821: Fix typos.
      r12822: Given that talloc gives us this extra level of safety, use it.
      r12823: Fix up the provison and newuser code in SWAT.  This also cleans up the
      r12824: Another typo.
      r12826: The base DN is very tied to the realm.  Allowing it to be changed here
      r12858: This moves the libnet_LookupPdc code to use a GetDC request to find
      r12859: Make Samba4 match the Samba3 winbindd interface.  trunk has moved too
      r12860: Remove unused function.  (we handle this in the password_hash module).
      r12861: Cope when we are not supplied the messaging context.  This is just
      r12862: Need to trim spaces off the end of the node status reply.
      r12863: As lha suggested to me a while back, it appears that the
      r12864: Fix valgrind errors in NET-API-LOOKUP* tests.
      r12865: Upgrade the librpc and libnet code.
      r12866: This removes the abstraction layer in winbindd intended to deal with
      r12867: Remove deleted header.
      r12868: Remove unused code.  This has moved to libcli/finddcs.c.
      r12869: I have removed this hack.  We now just do the lookups (netbios for now).
      r12872: Add some more detail to debug message.
      r12873: Fix valgrind-found uninitialised value.
      r12874: Try to give the startup a few more seconds, so that hosts with
      r12881: Hard-coded defaults are silly.  We have smb.conf for a reason.
      r12882: Allow the netbios name to be specified at all times.
      r12883: Fix the build...
      r12886: Rename 'secure_channel_type' parameter to domain join as 'join_type'.
      r12887: Add the icon from samba.org to SWAT.
      r12891: We no longer manually set the 'name' attribute.
      r12892: Add a 'Migrate from Windows' page to our installation section in SWAT.
      r12893: Filling in *error_string is critical for SWAT, as the errors otherwise
      r12894: Add more detail to error messages.
      r12895: Error strings save lives.
      r12902: Fix 'make quicktest'.
      r12903: Factor out a new routine libnet_RpcConnectDCInfo, to both connect to
      r12918: Don't tell the user the difference between 'no such user' and 'wrong
      r12919: Ensure we never 'extend' the session key length, or fill in past the
      r12926: Syncronsise GUIDs on users and domains from the server.  These also
      r12927: Fix typo.
      r12928: This patch improves the interaction between the vampire and provsion code.
      r12929: Fix more implict global and shadowing variables.
      r12930: Fix ADS join:  I wasn't filling in the flag 'realm' variable any more.
      r12931: Remove some prefixes.  We have:
      r12943: Generate a SID for the domain join account using the modules, rather
      r12944: Update scripts in setup to match changes in the provision.js
      r12945: Try to move closer to getting Samba3 import working again.
      r12976: Patch from Brad Henry <j0j0 at riod.ca>:
      r12979: Grr, I forgot to commit this file (from Brad Henry's libnet_site
      r12995: Don't allow overrides on "name" from above, as it can't be correct.
      r12996: Restrict this search to domain objects.
      r12997: Feed the right event context to libnet in ejsnet and the auth code.
      r12998: A big update to samldb.c
      r13018: Fix (correct) warning about mixing C/js interface function types.  I
      r13019: Again protect us against format string mismatches, with the new split
      r13031: A first stab at some release notes.  Much work needed.
      r13033: Thankyou very much to Brad Henry for fixing up many aspects of the
      r13034: A couple of clarifications on the release notes.
      r13103: Walk the names in the node status request, so I can find a server
      r13104: Migrate and set secrets keytab values in the 'net join' code.  This
      r13107: Follow the lead of Heimdal's kpasswdd and use the HDB (hdb-ldb in our
      r13144: This seems to be required for Samba4 to talk to Samba4, and to get the
      r13149: DEBUG is a bad choice for 'net', it should print to stderr
      r13150: Correct comment.
      r13152: Jelmer assures me that this won't break anything, but does make it
      r13153: Try to move closer to FHS.  This probably breaks everything...
      r13203: Make this comment clearer.
      r13204: Remove extra newline we don't need.
      r13205: Add another useful comment.
      r13206: This patch finally re-adds a -k option that works reasonably.
      r13207: Use the new API for using/not using kerbeors in hdb-ldb.c
      r13239: Silly little patch:  make the order of declaration match the order of use.
      r13240: Make the test scripts use the new smb.conf location (in PREFIX/etc).
      r13244: Allow control of the location of the Samba3-compatible winbindd pipe
      r13245: Don't segfault if we don't have a credentials structure on this gensec
      r13246: Print winbindd pipe location correctly.
      r13247: Try to make better use of talloc in the auth/ and auth/gensec code.
      r13250: I missed a couple of talloc_free()'s
      r13252: Cleanup, both in code, comments and talloc use:
      r13253: More work to ensure that we don't keep data on long-term contexts.
      r13256: Free temporary memory on error cases, and try to clean up what's left
      r13258: Fix the talloc heirachy for ldb_tdb.
      r13265: Clarify how delegation works with the remote RPC backend.
      r13269: ${prefix} is a special case in the autoconf/build system, and should
      r13281: Use TALLOC_CTX * not a void *, and use tmp_ctx as the name for consistancy.
      r13282: Indentation, and ensure we handle the talloc_free in the right place
      r13317: Create a new function messaging_client_init() which can be used when
      r13320: Fix kpasswd's use of the local HDB.  /dev/null was a bad idea, we want
      r13321: Bind to each interface and to the interface on the KDC.  This
      r13334: Add comments describing what these functions do.
      r13339: Propogate more error infomation into the error packet and reformat the
      r13340: The gensec_init() needs to be after the popt processing, as it
      r13341: Trivial.
      r13342: Make the GSSAPI SASL mech actually work, by (shock horror) reading the spec.
      r13344: Trust SASL to have subtle distinctions between NULL and zero-length
      r13380: Drop the socket, then try SAMR operations secured with netlogon on the new socket.
      r13381: Test the SamLogonEx SamLogon call in the schannel test.  This is only
      r13402: Make Samba4 pass a nastier RPC-SCHANNEL test.
      r13403: Try to better handle a case where SPNEGO isn't available (allow us to
      r13404: Comments, whitespace.
      r13405: Allow a fallback if SPNEGO is somehow disabled in the client, to just NTLMSSP.
      r13466: Make it easier to understand what this function actually does.
      r13467: Add new parametric options (for testing) controlling LM_KEY and 56-bit
      r13470: Thanks to a report from VL:
      r13471: With more 'try all options' testing, I found this 'simple' but in the
      r13472: After Volker's advise, try every combination of parameters.  This
      r13479: Return the joined domain SID and user SID as structures, not strings.
      r13480: Explain a little about how these credentials structures should be used.
      r13481: As far as I can tell, my changes in -r 12863 were dangerously untested.
      r13516: We can't bind to both and specific network interfaces at the
      r13551: Add an accessor function for the user sid.
      r13582: Indent
      r13583: Realise that the member server name appears in all calls that use the
      r13584: Another try at SPNEGO stuff.  I need to write a better testsuite for this.
      r13605: Use $BASEDN to ensure this works outside of the 'make test' rig.
      r13606: An attempt to fix #3525.
      r13616: Add new ldb functions: ldb_msg_add_steal_string() and
      r13850: Test (and fix) not using SPNEGO at all, but instead using raw NTLMSSP.
      r13907: By ordering things this way, we allow the password_hash module to set
      r13908: Improve the RPC-SAMSYNC test to cross-check some attributes I wasn't
      r13909: Make this code clearer.
      r13910: Fix the 'your password has expired' on every login.  We now consider
      r13911: Make these debug messages clearer.
      r14058: Try to make the continuation on the list of password set mechs clearer.
      r14180: The PAC isn't so special that it deserves a level 0 debug any more.
      r14181: This doesn't need level 1 debug, it happens whenever the DNS name is looked up.
      r14198: Update Samba4 to current lorikeet-heimdal.
      r14199: This isn't pretty, but it makes the network interface detection work again.
      r14200: Now we have real USN support, don't force the values in the provision
      r14201: I don't think including roken is going to be a good solution.  Let's
      r14202: Oops.  When removing a header, we need to replace it.
      r14203: Include less private heimdal headers.
      r14312: Formatting and comments.
      r14313: Add comments describing some of the dependencies here.
      r14494: Add comments to clarify that we deliberatly fall though here
      r14502: Supply both needed arguments for the backend logoff processing.
      r14589: This morning, I think I can spell...
      r14598: 'logfile' may be a poor choice for a global variable name, but for now
      r14635: - Remove lex.c from SVN (it is built anyway, and having it in SVN
      r14636: Print an error on torture connect failure.  (Helps with debugging).
      r14637: Extend the ACB -> userParameters flag mapping based on the ovbious connections.
      r14662: To allow the RPC-SAMR test to pass, we need to look for both domains
      r14665: More testing in RPC-SAMR.  It looks like we will probably need another
      r14671: We don't really need this in our releases...
      r14673: Don't double-free conn, it is below 'c' free'ed by
      r14700: Fix spelling, and change these informational messages to debug level 5.
      r14701: Allow, with non-default options, NTLMSSP to access the LM session key,
      r14702: Accept our netbios aliases as valid names in the SPOOLSS server.
      r14707: Initialise default value (the rest of this function sets it to 1 if
      r14708: Add a (bogus) UUID and a comment to the PAC defintion.
      r14712: Do not proceed in event of failure to obtain a policy handle.
      r14713: For testing, it is sometimes useful to specify a hostname for kerberos
      r14714: On DCE/RPC, we need the name of the remote server used on the socket,
      r14715: Correct the definition of the DCE/RPC bind_nak, per the OpenGroup spec.
      r14716: Remove username from debug message, it just causes valgrind assertions.
      r14717: Don't provision the system as 'localhost', but instead list localhost
      r15176: Ensure we don't segfault when we try and delete @FOO records.
      r15192: Update Samba4 to use current lorikeet-heimdal.
      r15199: Try to make these prototypes match, to get the build on S390 linux going.
      r15219: Look for gai_strerror in more places, so we don't conflict with the
      r15221: We don't need to have these rcsid strings in Samba's use of Heimdal.
      r15222: Use more standard UUIDs.  Should help AIX build.
      r15225: Use talloc_zero() to avoid use of uninitialised values later on.
      r15316: I don't understand quite why this function was ever like this, but we
      r15317: Because LDB is now async, there are more places were we might run the
      r15329: I'm sick of this patch being in my local tree...
      r15330: Add comment for IBM checker.
      r15356: Remove unused 'flags' argument from socket_send() and friends.
      r15357: Fix the build on systems without GNUTLS.
      r15372: Don't look at possibly undefined controls in failure cases.
      r15400: Move the TLS code behind the socket interface.
      r15415: Use Jelmer's new credentials 'wrong password' code to give the user 3
      r15416: Point out that this doesn't work, but for servers this old, I just
      r15420: Add a new function to print a the 'unparsed' string format for usernames.
      r15421: Correct function comments.
      r15426: Implement SPNEGO as the default RPC authentication mechanism.  Where
      r15433: Add a todo.
      r15480: Patch from lha, to ensure we don't leave a free()'ed element in the
      r15481: Update heimdal/ to match current lorikeet-heimdal.
      r15482: Don't shadow the global function pipe() with a local variable name.
      r15484: Make accept_security_context() more compatible with how Samba3 (and
      r15485: This 'fake' GSSAPI doesn't do the extra SASL negotiation correctly, so
      r15486: Ensure that our Samba3-like implementation of fake-GSSAPI is tested.
      r15491: Always initialise is_cfx (found by Valgrind)
      r15497: I'm not really sure this is correct in terms of how we should be responding to
      r15498: Initialise the callback_running field, and get the flag set/clear the
      r15499: This test can't run if the remote server won't let us open a policy handle.
      r15500: Add support for interactive prompting on bad passwords to the RPC libraries.
      r15501: Allow interactive password prompting on kerberos as well.
      r15503: I may shortly have to revert all of this, but be clearer about how we
      r15504: Revert -r 15500 and -r 15503 until I'm awake, and can get my head
      r15510: As discussed on samba-technical, move the VERSION system back to a
      r15511: Using this name causes less warnings on the IBM checker, due to using
      r15515: Syncronsise with current lorikeet-heimdal.
      r15999: password_hash module changes:
      r16007: If no error string was setup by the backend, ensure that we always get
      r16028: Re-add the objectclass module, in the new async scheme.
      r16051: Move the XATTR compatability code into a new file, so I can use it for
      r16052: Add .m4 file for XATTR detection (from ntvfs/posix/config.m4)
      r16053: Allow entries without an objectClass.  We need this to permit the
      r16056: Fix errors found by trying to use our kpasswd server and the Apple client.
      r16061: Prove that removing the objectClass list in the samldb module breaks things.
      r16062: objectCategory is a DN, and needs to be matched as such.
      r16063: Make is clearer when we can't write to the smb.conf
      r16066: The OSX AD plugin uses objectCategory searches a lot, and uses them
      r16067: Remove const, it isn't required and just causes a warning.
      r16068: Check against the correct result in the ldap.js test
      r16069: Remove unused destructor and an unused variable.
      r16072: Do basic wildcard searching in the ejs LDAP test.
      r16073: On an incoming wildcard search, it is critical that the size be
      r16082: Index objectCategory like objectClass, as it is searched on a lot.
      r16083: Make it possible to initialise a backend module, without it setting up
      r16084: Add private prototype for new ldb_connect_backend() function.
      r16085: Set the error string if we fail to find a valid op to execute.  Helps
      r16086: Ensure we can never dereference NULL pointers, and that describe what
      r16087: Fix silly cut-and-paste typo that cost me much of my afternoon...
      r16108: Fixes from working with the partition module.
      r16109: Make this module simpiler, don't intercept operations we are not going
      r16110: Start some simple rootDSE LDAP tests in ejs.
      r16125: Add another helpful utility function: samdb_msg_add_int()
      r16129: Further clean up the samldb module.
      r16159: Even more work on samldb error reporting.  Make sure to get the
      r16166: Remove hexidecimal constants from the Samba4 provision files.
      r16167: Add tests for the changes to use hex digits, including some tests
      r16168: Make the example match the actual function.
      r16172: Translate the ldb error codes into appropriate messages for the
      r16218: If a connection is forced as 'anonymous', don't treat it as
      r16226: Fixes for various segfault bugs found against a buggy Samba4.  With
      r16227: Don't segfault if the ldb_search() fails.
      r16232: Avoid searching on domainDns, as it is not an AD attribute in the
      r16234: Set the request timeout from the LDAP search.  Without this, the
      r16235: Don't update minor_status when cleaning up on error.  This restores
      r16236: Add a proper baseDN to a large number of queries.  Searching the NULL
      r16237: Use an appropriate basedn for these searches, so they occour into the
      r16238: Use a baseDN for the auth_sam searches, to allow continued function
      r16239: Search for the domain in the correct partition, so this will work with
      r16240: Add better error reporting in the password_hash module
      r16262: Another basedn fix.
      r16263: A number of these searches need to be under the partitions DN, and the
      r16264: Add, but do not yet enable, the partitions module.
      r16265: Fix 'newuser' command.
      r16489: Because the torture/ui.h file isn't automaticly generated, the
      r16768: Add a simple script to set a user's password.  This should grow into a
      r16769: Working on fixing the RPC-SAMR test against Samba4.  This fixes
      r16770: Get closer to having Samba4 pass some of the RPC-SAMR test, by
      r16771: Add const and some better debug messages.
      r16772: Clarify comment.
      r16773: Fix one more RPC-SAMR test (an alias level), and make it clear that
      r16774: This patch modifies the tdb API to allow the logging function to be used
      r16794: Make Samba4 pass it's own RPC-SAMR test, at least in part.  There are
      r16795: Fix crash found by Dave Fenwick <djf at samba.org>.
      r16825: Make ldb_sainity_check() set an error string.  This makes it much
      r16826: Ensure we don't segfault if the remote server fails to set a password
      r16827: Factor out some code into common samdb functions:
      r16828: Add RPC-LSA as a test that passes, and remove RAW-ACLs until someone
      r16829: Fix a number of issues raised by the IBM checker, or gcc warnings.
      r16830: Fix IBM checker and GCC warnings.
      r16831: Use a valid memory context (found by the IBM checker).
      r16832: I should be more careful (and test!) when trying to make compilers and
      r16833: Add a base DN to more search calls, we need to look for an ID over the
      r16835: Remove RPC-SAMR from the test, until I can clear up the unexplained failure.
      r16846: Try not to segfault if the domain SID isn't there, or the search
      r16847: Add the parts of the SAMR test that pass back into 'make test'.
      r16850: Disable NBT-WINSREPLICATION-OWNED until it always passes (currently it still has intermittant failures).
      r16851: Put a clue in as to which domain might have failed, due to the length
      r16852: I thought we passed RPC-SAMR-PASSWORDS, but we don't.  Disable that
      r16854: Fix the RPC-SAMR-PASSWORDS test.  It failed because we allocated users
      r16858: The RPC-SAMR-PASSWORDS test now passes.
      r16860: Fix (and reactivate) the RPC-SAMR test.  We need to allow these sids
      r16908: Set an error string if we can't find a backend for an operation.
      r16914: Add more tests for the partition module.
      r16916: Implement metze's proposed changes to the tdb logging API.
      r16917: Fix compile errors found by the testing of tdb on the build farm.
      r16932: Consistanly use the macro for these DNs and attributes.
      r16933: Sort the partitions in order from most, to least specific.
      r16934: Expand the ldb test to demonstrate partition behaviour, including the
      r16936: Correct comment in this comparison function
      r16937: Add const, to make it clear that it is invalid to talloc_free() the DN
      r16938: Fix breakage of TDB on VOS (declaration after statement)
      r16961: Merge 'seperate policy from logic' changes from Samba3.  The 56-bit
      r16964: Remove extra debugs no longer required in a working KDC
      r16965: Take a better stab at comparison functions between string and binary
      r16966: Fix compile warnings.
      r16967: Test another NTLMSSP flags combination.
      r16972: Replace the sequence_number function pointer in ldb with the ldb flags.
      r17031: When I first revived the objectclass sorting module, simo complained
      r17103: Big updates to the not-yet-enabled partitions module.  It now services
      r17104: Rename function parameters and variables to avoid shadowing global
      r17167: indent
      r17168: Now that TLS (and soon SASL) is below the socket layer, we need to
      r17169: Test LDAP with testnonblock.
      r17170: Catch some more out-of-memory cases, and provide some clues when
      r17171: Add a gensec function to determine the maximum negotiated buffer size,
      r17173: Check for oversize output, not oversize input, and fix the GSSAPI mech
      r17174: Enable gnutls code, which requires the HAVE_GNUTLS CPP macro.
      r17196: Clarify that SSL is used for LDAP as well as SWAT.
      r17197: This patch moves the encryption of bulk data on SASL negotiated security
      r17215: Prepare the SASL socket before actually settting it.  This allows
      r17221: Add some integer wrap parinoia to data_blob_append().
      r17222: Change the function prototypes for the GENSEc and TLS socket creation
      r17223: In some protocols it is not possible to negoitate off some features,
      r17224: Accept the start-tls extended request.  Getting OpenLDAP to recognise
      r17225: Fix the build by fixing the spelling of START-TLS.
      r17250: Fix comment, the Samba3 winbind protocol uses the host byte order here.
      r17286: Simply fail the tls_initialise if we don't have TLS compiled in.
      r17287: Add the local_password module to the tree, so it doesn't get lost in
      r17288: Don't mess with entries in the local password prefix, and fix const
      r17289: Fix the build: I havn't commited this module yet.
      r17297: Some compilers don't seem to like the ;;
      r17298: Fix up the local_password module to the current LDB API, and build it by default.
      r17299: Improve the partition module to replicate attribute records into all
      r17300: Try to fix some segfaults in ldb_ildap module, when the remote server
      r17301: Add a new function to copy a list of attributes, while adding one to
      r17302: Testing!
      r17303: More testing results: Don't try and call a NULL callback, and use the
      r17304: Improve ldb_tdb error strings a bit more.
      r17330: Enable the partitions module.
      r17331: Oops, how did I commit this empty file...
      r17332: May as well make this a round number
      r17349: We can't just return sucess here, modules below us expect the async
      r17351: Remove extra LDB partition we don't actually use (these are in the
      r17352: Don't do a modify on the objectClasses, as OpenLDAP doesn't like
      r17368: Add 'const' to ldb_match_msg().
      r17377: This attribute is maintained by the modules, don't override it.
      r17379: Pre-generate DH parameters, to avoid doing this at runtime in our testsuite.
      r17380: An expanded test, cross-referencing the global catalog to the main port.
      r17394: Pregenerate all the files for TLS.  Make the 'make test' startup *much* faster.
      r17395: Add some more time to the default runtime.   Now 7.5 mins.
      r17396: Bump the time up again.  RPC-SAMR can slow, I probably need to break
      r17397: Add const, and use a more local memory context.
      r17411: Try and compile on older versions of GnuTLS.
      r17473: Split loading a list of modules and initialising them into a seperate
      r17474: Allow the partitions module to load modules for specific backends.
      r17499: Open the main database only the minimum times during a provision.
      r17517: Fix declaration after statement, which breaks the build on older GCC.
      r17520: If the blkid library fails, I don't see any reason to return more of
      r17522: Fix another declaration after statement.
      r17523: FIXME is a macro (I think) on some platforms (AIX), and this caused pain.
      r17524: Lets see if we can try and get the socket_wapper includes to be
      r17525: This is a merge from the Google Summer of Code 2006 project by Martin Kühl
      r17526: Move timestamp generation into the objectGUID module.  It probably
      r17527: Don't duplicate the entire test setup just to allow testing of the new
      r17528: This is an additional item of schema we require.
      r17529: Simo doesn't like the use of the internal ldb_errstring in functions
      r17530: Watching the build farm mails carefully pays off...
      r17534: Try another group for 'wheel' on True64.
      r17542: In using ldb_map, I ran across some very odd behaviours when we search
      r17543: Patch from Martin Kühl <martin.kuehl at gmail.com> to extend the
      r17544: Add execute bit to js script.
      r17545: I forgot to commit this file, a source file for the the samba3sam
      r17546: Test the loading of per-partition modules.
      r17547: Add test by mkhl for some of our variable substituion behaviour.
      r17548: It is a good idea to commit the fix (from mkhl) before the test that
      r17553: Actually enable the samba3sam module.  Should help 'make test'.
      r17577: Patch from Kai Blin <kai.blin at gmail.com>:
      r17580: Add a new tools to convert back from AD-like schema to OpenLDAP.
      r17581: Add tool to convert AD schema back to OpenLDAP's schema formatting.
      r17582: Fix dependenies for oLschema2ldif.
      r17598: Patch from Martin Kühl <mkhl at samba.org> to update the samba3sam test
      r17599: Improvements to the AD-like to OpenLDAP format schema conversion utility.
      r17600: Finish the schema conversion tool, and add a mapping file, used to map
      r17601: Fix declaration after statement.
      r17609: Kill one more use of the fake dnsDomain attribute.
      r17633: Return NULL at the end of the file, or else we can't tell the
      r17634: Kill off another case where we used dnsDomain, and point it again at
      r17639: Martin Kuhl noticed that we loaded an incorrect value for
      r17646: Use authentication if specified.
      r17661: A patch from Martin Kuehl:
      r17682: Add newline to end of file
      r17690: Demonstrate how we can read the schema to find out details needed for
      r17691: Make the structure more public, so we have somewhere for calling
      r17694: Don't use printf() in a module...
      r17698: The original code assumed that &data->context was a valid talloc
      r17699: Remove more printf calls.
      r17700: Despite our best hopes, the way module initialisation tends to happen,
      r17703: Fixes to enable the entryUUID module to work for it's objectClass ->
      r17704: Add comments suggesting how to get the LDAP backend working.
      r17705: Use the paged_searches module by default against the LDAP backend, if
      r17707: Match the output (aside from dividers) the output of
      r17870: This module (for the moment) handles the modifyTimestamp generation.  For that, it needs to hook into the modify operation.
      r17871: Add an option to make the system account behave as anonymous on the
      r17876: Require one less patch for the LDAP backend to work.
      r17925: Another class we need.
      r17954: Avoid including \n in error strings (left over from DEBUG() conversion).
      r17955: Don't search for the dnsDomain attribute, it is invented (not in the
      r17956: LSA Cleanup!
      r17967: Somewhere along the line we lost unixName here, and so lost the
      r17968: Consolidate the DSSETUP and LSA pipes into a single file, as DSSETUP
      r17982: One final hack...
      r17983: Use the UTF8-correct strcasecmp_m call for sorting these entries,
      r17986: Add a copy of the Heimdal licence to our source tree, to make it very
      r17987: Make the LSA pipe listen on the \pipe\netlogon interface.
      r17988: Add 'not for Samba4' hacks into the RPC-NETLOGON torture test.
      r17989: Add RPC-NETLOGON as a test we now run against Samba4.
      r17991: Implement a few more calls (with not implemented :-).
      r18021: Add ldapi support to our LDAP client.  To be used for testing an
      r18022: Increment number of records converted, and print number of records skipped.
      r18023: Add support infrusructure for testing against an OpenLDAP server.
      r18024: The %c sscanf format I'm using doesn't null terminate.
      r18025: Don't try to set a target host if there isn't one (such as with ldapi://).
      r18068: This splits the handling of multiple SASL packets between the GENSEC
      r18072: Really delete things in the base partition, after we changed where the
      r18155: Add my work in progress, a module to link with Cyrus-SASL, for a
      r18198: Fix callbacks to use allocated or constant memory, not the stack.
      r18240: Make it clearer when we store the plaintext password.
      r18242: The cyrus-sasl encode/decode routines process the entire input.
      r18245: Ensure we don't keep the rootdse record around (steal it onto the
      r18246: Let our openldap slapd.conf include the magic to have DIGEST-MD5 on
      r18248: Bail out with a error message if this search fails for some reason.
      r18249: Keep trying to start an GENSEC mech from the list until one actually
      r18250: Add an ordering of GENSEC modules, so we do preferred modules first.
      r18252: Make sure to NULL terminate these lists of attributes.
      r18253: Turn Cyrus-SASL DIGEST-MD5 off by default for now.
      r18255: Remove the SMB_ASSERT(), as these are not talloc()'ed structures.
      r18257: Order the GENSEC modules, with unknown modules last.
      r18354: It seems safe to enable the DIGEST-MD5 module now.
      r18357: Convert more crypto tests from using function results as initialisers.
      r18361: Invert the way we handle LookupSids2/LookupSids3 and LookupNames3/LookupNames4
      r18362: Make LookupSids map onto LookupSids2, as they both take a policy
      r18363: Found a rather nasty bug in our fragment handling.
      r18364: Get us closer to schema compliance.  The corrent names for "secret"
      r18365: When adding a new structure member, always remember to fragment it.
      r18367: When converting to entryUUID, ensure we don't double-convert a
      r18368: Don't list GENSEC mechs that only have client implementations in our
      r18408: Only output a message if the async request fails.
      r18409: Make sure to print a DEBUG message if this LDB search fails.
      r18410: Reduce noise in the ldb_ildap backend.  We regularly search for things
      r18416: We need to look for both builtinDomain and domain, in the OpenDomain call.
      r18433: Make sure to search below the partitions baseDN for the netbios name.
      r18434: Fix typo...
      r18441: Allow searching for the high bit in these bitfields, when the client
      r18459: Set access to test LDAP server as system to anonymous, but also note
      r18495: More work on the LDAP backend (which now passes a lot of our tests!)
      r18498: While passing stack values into torture_tcase_add_test is bad, values
      r18504: Handle mappings for RENAME and KEEP attributes better.  We don't need
      r18770: Avoid crashes and fix up other issues in the client-side paged_searches module.
      r18774: This allows an automated way to setup the test environment in a shell,
      r18775: Performing an ldb op of 'do nothing' is pointless, and breaks against
      r18779: Not simo's fault, this is actually a bug I introduced a week ago, when I fixed the previous bug in this code.
      r18781: Move the usnCreated and usnChanged handling around again.
      r18786: I moved the usnChanged code around, and it now loaded in a different
      r18826: Allow 'enterprise' principal names to log in.
      r18827: I forgot to commit this:
      r18828: Export some more useful environment varibles, particularly for use in
      r18829: Print a nice welcome message when we enter the test environment.
      r18933: Add helpful emacs marker
      r18977: Seperate these asserts, so we know which fired.
      r18978: Fix bug found by:
      r18979: With these extra indexes (also added for the normal case) and a
      r18989: Fixes found by these two LDAP testsuites:
      r19115: Add the mapping required between Samba4's AD schema OIDs and what
      r19216: Merge from SAMBA_4_0_RELEASE:
      r19217: Merge from SAMBA_4_0_RELEASE:
      r19225: 30 seconds is too short for a Samba4 provision to finish.  Make the
      r19258: Don't delete the contents of the partitions twice, and in particular
      r19261: Fix use of unitialised variables.  (The binding string is used, if not
      r19262: Don't DEBUG() an unitialised variable
      r19264: Clarify behaviour in ldb_search_callback() and provide more
      r19265: It is not an error to set the target hostname to NULL.
      r19266: Add a target_hostname element to the binding struct.  This allows us
      r19308: Merge samsync fixes from SAMBA_4_0_RELEASE
      r19309: Split out checks for LDB_SUCCESS from checks for the expected number
      r19310: Add another conflicting oid
      r19311: Try to keep the schema map files fairly similar (hope for less weird bugs).
      r19315: Record some OID allocations.
      r19318: Because we don't test the vampire code in SWAT very regularly, it bit-rotted.
      r19321: Merge from release branch:
      r19336: Merge from release branch: new Mapped OIDs, in own subtree.
      r19462: This isn't an encrypted attribute.
      r19463: Make it clear what argument is incorrect
      r19464: Reject passwords that cannot be converted into UCS2.
      r19465: Rather than use the non-standard API for determining the signature
      r19478: Remove unused functions, and make static functions used only in this
      r19479: Remove more unused functions.  These are handled via authentication
      r19520: Try not to read past the end of the ldb buffer.
      r19521: Fix memory leak.
      r19522: Remove gensec and credentials dependency from the rootdse module (less
      r19523: Remove unused functions.
      r19538: This is getting silly, but I needed an easy way to run 'make testenv'
      r19566: Predeclare some useful structures.
      r19567: Make it easier to control the debug level in the test scripts, by not
      r19568: When we get back a skew error, try with no skew.  This allows us to
      r19589: Because we what we really wanted was coverage of seal and non-seal,
      r19590: Make it less noisy to run the session_key test outside 'make test',
      r19595: Seperate debug messages between database failure and simple lack of
      r19597: Ahead of the merge to current lorikeet-heimdal:
      r19598: Ahead of a merge to current lorikeet-heimdal:
      r19603: Make it easier to control the debug level of smbd.
      r19604: This is a massive commit, and I appologise in advance for it's size.
      r19606: Remove generated files
      r19628: This hint via Love at the IETF meeting:
      r19629: No need to special case use of DCE_STYLE sign and seal away any more...
      r19632: This got missed in the heimdal merge.  Without this, we don't keep the
      r19633: Merge to lorikeet-heimdal, removing krb5_rd_req_return_keyblock in favour of a more tasteful replacement.
      r19635: It appears that under CFX, different keys are used in each direction
      r19644: Merge up to current lorikeet-heimdal, incling adding
      r19649: Fix indentation.
      r19650: Allow Samba to use Heimdal's SPNEGO code.  Currently this can only
      r19660: Forgot to tell gsskrb5 not to canonicalize hostnames.  Shoudl fix
      r19681: Update to current lorikeet-heimdal.  I'm looking at using the realm
      r19682: Fix comments.
      r19683: Guard GUID_from_string from walking off the end.
      r19731: Modify the ldb_map infrustructure to always map from requested
      r19732: The 'res' from ldb_search is only valid if the call returns LDB_SUCCESS.
      r19733: More work to fix ldb_map.  With the wildcard present,
      r19757: Don't do the strrchr twice.  Pointed out by Martin Kuhl.
      r19759: Allow a join to occour against ncacn_ip_tcp again (useful for torture
      r19760: Create a DC account for the drsuapi tests to work on, rather than
      r19761: This may need work, but here is an initial implementation of
      r19805: Add the (harmless, but apparently default)
      r20099: Add some comments, and correct others.
      r20102: Do not reference remote_ldb before we initialise it.  This should fix
      r20113: Update the DRSUAPI CrackNames test to explore a few more cases, and in
      r20134: The IBM Checker correctly notes that *p cannot be \0 and still satisfy
      r20149: Remove the smb.conf distinction between PDC and BDC.  Now the correct
      r20152: Commit missing files from last night's commit.  We no longer maintain
      r20294: Without this we don't do the ADS join against Win2k3 SP1
      r20295: Add a couple more tests to the CrackNames test.
      r20297: Finally got to the bottom of why we were failing the RPC-CRACKNAMES
      r20314: I think some hosts need this to get the right ASN1 header deps
      r20315: Implement the server side of DsGetDomainControllerInfo.  This is a
      r20352: Use the common function to find the DN for a domain.
      r20353: Restructure the DRSUAPI DsGetDomainControllerInfo test, because as
      r20354: Trusted domains don't have a surname, I think we want 'cn' here.
      r20369: Remember to break if we find a match.
      r20373: When adding a base to a "" DN, don't precede it with a comma (,)
      r20374: It's still 2006 (just...).   Add copyright.
      r20375: Work to improve our CrackNames implementation.
      r20377: Rework the CrackNames implementation to handle some of the BUILTIN sid
      r20395: Decode more unknowns in the IDL.  These are language and codepage IDs!
      r20396: Missed one user of the renamed elements.
      r20397: Another user of the DsCrackNames call needs a rename following IDL clarification.
      r20398: Revert this patch, which caused failures in the samba3sam.js build farm test.
      r20406: Metze's change in -r 19662 broke Kerberos logins from Win2k3.
      r20455: Apply some of the patches from Martin Kuehl <kuehl at univention.de> to
      r20456: Rename variables to avoid shadowing global function names.
      r20457: Print more information before asserting
      r20458: This data is invalid, and causes the samba3sam test to fail, because
      r20459: LDB map cleanup:
      r20460: Simplfy the handling of password hashes in the samba3sam module.
      r20464: Make it clear what does the process group stuff
      r20467: Don't segfault if we don't have an OID map
      r20468: Patch from Martin Kuehl <kuehl at univention.de> to make it easier to load
      r20492: Add in instructions/sample LDIF to setup Fedora DS as a backend.
      r20493: Add support for the 'Netscape' varient of GUID formatting, used in the
      r20494: Dave CB <davecb at spamcop.net> found some stray characters in the docs,
      r20495: Further notes on joining with fedora DS.
      r20505: I had the wrong ldif name here.
      r20622: Add in a hack to avoid permitting searches on the value of protected
      r20639: Commit part 1 of 2.
      r20640: Commit part 2/2
      r20642: This bit of autoconf causes us pain.  Revert back to how we had things
      r20643: Remove generated files accidentilly committed.
      r20645: Commit the build system changes to allow scripts in config.mk files.
      r20648: Closer to a build...  Add missing header file.
      r20949: Looking over some lcov output, try and walk some error paths.
      r20958: Inspired by the lcov output, check the PASSWD_FILE and
      r20964: Show the domain name we figured out, rather than a null pointer (in
      r20984: Try to ensure we can't have sig_state dissapear before se.
      r20988: Call out to Heimdal's krb5.conf processing to configure many aspects
      r20997: Add in more certificate and key blobs, to enable PKINIT.
      r21008: We added a new argument to the provision() function, but I forgot to
      r21022: Trying out a new style for some of our WHATSNEW and README
      r21023: Brad Henry pointed out some typos.
      r21026: Add a helpful script to do the things we need to do to make a release
      r21027: Print the name we fail on.  I need to fix Samba4 to pass this.
      r21039: Test some more failure paths (trying to increase the lcov score).
      r21043: Work towards allowing Fedora DS to backend Samba4 in 'make test'.
      r21068: Code to configure, start and stop Fedora DS.
      r21069: Try to split up the mktestsetup.sh script into parts to deal with each
      r21071: Move some of the key path variables into the mk-keyblobs.sh script.
      r21103: This seems to do the 'right thing' in applying the correct access
      r21135: Instead of having hooks to update keytabs as an explicit thing, update
      r21175: Fix the kerberos keytab update code to handle deletes.
      r21179: Anything more complex than this causes the keytab never to be updated...
      r21255: Add a debugging option to avoid rid decryption in the samsync output.
      r21305: Change the skel module a little, so make it names clearer.
      r21491: Verify that the DNS domain name is filled in on GUID searches in the
      r21496: A number of ldb control and LDAP changes, surrounding the
      r21497: Pass more of the RPC-CRACKNAMES test by using the new search_options control.
      r21513: I don't know how long this has been wrong, but fix this up so we can
      r21553: Remove bogus comment.
      r21554: Use a snippet from tridge's junkcode to cause us to wait for smbd to
      r21649: Update self test scripts to start Fedora DS.  This requires current
      r21686: Do enable TLS, as we have solved the key setup problems, and we need
      r21687: Always test LDAP and LDAPS
      r21689: Try to walk a bit more of the param/loadparm.c functions, as well as
      r21692: Test with LDAP, but without the non-block testing.  This is not
      r21693: Fix the RPC-SCANNER test.  Share some code with the RPC-MGMT test to
      r21696: Run the RPC-COUNTCALLS test to try and walk some of the NDR layer for
      r21697: Try to cover the 'bad session key' codepaths too.
      r21698: Check for talloc failures.
      r21699: Because TALLOC_CTX is a void*, I didn't get a compiler warning about
      r21719: Try to cover more of the server-side password processing.
      r21720: Try to make 'TEST_LDAP=yes make test' work again.  These recent
      r21721: Push the 'Success!  Your new directory server instance was created'
      r21727: Walk some more of the error branches in the ChangePasswordUser server.
      r21728: Perhaps we don't need this on recent OpenLDAP servers.  This overlay
      r21736: Fix the smbclient test to do something more interesting with the last
      r21737: Print the error strings in the ejs ldb test.
      r21739: Make it easy to change the log level for the slapd processes, and have
      r21741: Like starting smbd, ensure we have acutally started slapd, and it is
      r21743: Always use the 'escaped' LDAPI path.
      r21744: Test more talloc failure cases.
      r21745: indent
      r21746: We don't link in this file any more.
      r21751: These 2 tests pass for me, so add them to the standard test script.
      r21760: Try to pin down were some errors are coming from.  Ensure we at least
      r21761: - Give more detail on LDAP client library failures (make it clear
      r21771: We just don't need to test this on more than one transport.
      r21789: We do actually need this, to get a contextCSN attribute, which we need
      r21790: Setup the socket_wrapper_dir when we set the environment variable.
      r21791: This test is still just as valid without as much CPU time wasted.
      r21806: I've been working over the last week to fix up the LDAP backend for
      r21836: Assume that if an OpenLDAP system is 'modular' then everything is a
      r21970: Ensure that Fedora DS can be shut down correctly with the stop script:
      r21971: Fill in some more values in config files from variables, so we can
      r22075: Configure the bitwise match plugin, until it becomes accepted upstream.
      r22076: Fill in short and long domain names into the generated krb5.conf
      r22086: Bail out early on some of these failures.
      r22088: export PIDDIR to make the smbd pid show in 'make testenv' again.
      r22115: I don't like the DOMAIN environment variable.  It really isn't a good
      r22116: Only query by SID if we have a SID
      r22118: Add another RPC-CRACKNAMES test, but allow a way to skip sub-parts of
      r22119: Where we get a request to 'crack' a user principal name from a
      r22120: Expand the RPC-CRACKNAMES test, to test more values and expose patterns.
      r22121: The RPC-CRACKNAMES test now passes against Samba4.  This should help
      r22160: Only use test environment names that actually exist (get make
      r22161: Clarify exactly where the socket_wrapper should be handled (early),
      r22162: get the TEST_LDAP mode working again
      r22166: Stop heimdal from trying to prototype innetgr in roken, now we don't
      r22167: This seems to get Fedora DS to run the tests again.
      r22168: Ensure we actually run all the transports for the slow tests
      r22170: To get the smbclient blackbox test to pass again, we need to get the
      r22171: At least walk over the test_SetupCredentials2 before bailing as 'we
      r22176: Make the LOCAL-MESSAGING test pass again.  Messaging sockets are in
      r22177: Restore the PIDDIR mapping for the client 'pid directory', as this is
      r22180: Re-add testing of the CIFS backend.
      r22182: Skip a few tests that will not pass against the ntvfs/posix layer,
      r22183: Perl might not be in /usr/bin/perl, so use $(PERL) from the makefile
      r22184: On some hosts, parsing a compleatly invalid principal causes heimadal
      r22187: Test kerberos logins in the smbclient blackbox tests, including with a
      r22191: Add a samba4kinit binary to the build, so I can test using an existing
      r22208: Print the target principal name, to help with kdc unreachable errors.
      r22233: Allow 'REALM' as a global environment variable in the tests.
      r22235: Test kinit, and PKINIT functionality by means of a new blackbox test.
      r22236: Update to Heimdal's socket_wrapper, which supports IPv6.
      r22238: Because these utilities compile in socket_wrapper.ho, they may need
      r22284: Make this script executable
      r22288: Somehow, Jelmer lost a few capital letters.  I'll send him a new batch.
      r22290: Fedora DS is incredibly picky about newlines...
      r22292: Start the LDAP server inside the same fifo as smbd, as OpenLDAP (like
      r22293: Try to make it more clear what failed to parse.
      r22294: Lock the delegated credentials to being kerberos only, we just don't
      r22295: Use delegated credentials and kerberos to test the pass-though
      r22322: Cut timelimits for BENCH tests run in quicktest.
      r22333: Use kerberos and the ntvfs/cifs backend for just one test, in the
      r22427: Abort in a few more cases of failure to provision.
      r22443: It isn't fatal to get the case wrong on this stuff.
      r22474: If ldb does not return sucess, then the res variable may not be valid.
      r22475: Rather than segfault, show the name of the malformed entry.
      r22476: The OID match is used very oddly in AD, as it is often used for fields
      r22477: When an invaild base is specified to ldb_search, it should return
      r22478: Update the LDAP backend code to handle initialisation of multiple
      r22494: Skip subSchema again, but we will need to remap this objectClass.
      r22497: Support renaming objectclasses and attributes for the LDAP backend.
      r22498: The initial LDIF import into Fedora DS didn't work, so just push this
      r22521: Don't fail the module load just because we don't have a schema yet.
      r22522: Print why we can't find these entries.
      r22523: Give a hint why this test fails (helped debugging backend issues).
      r22531: Fix up OpenLDAP schema map to almost pass 'make test'.
      r22556: Make the slapd command valid.
      r22557: Simo has long bugged me that the paths in the sam.ldb partitions were
      r22558: Move to a static list of enctypes to put into our keytab.  In future,
      r22559: Make the ad2OLschema tool case insensitive.
      r22572: Don't manually set objectGUID values
      r22582: Cleanups towards making winbind work again.  We still have a long way to go, as this has bitrotted over the past months.
      r22594: This helped coax out valgrind errors last night, but we don't need it any more.
      r22612: Fix more cases where we have uninitialised values in the
      r22756: Make it easier to setup an LDAP replica.  Provision with
      r22838: Add in an explority test for what QFSINFO operations are valid on IPC$
      r22873: Make the RAW-QFILEINFO-IPC test pass against Win2k3.
      r22874: Expand the RPC-QFILEINFO-IPC test, and add a server implementation to match.
      r22875: We want to skip this test, it will fail unless run against IPC$ (which the pattern does not).
      r22877: Remove stray 'l'
      r22882: It seems entirly reasonable to follow metze's suggestion and check for
      r22883: Indentation.
      r22884: Be consistant with the case of these constants.
      r22921: This index saves another 7 seconds off a 'make quicktest', and is a common search operator.
      r22966: Make sure to return LOGON_FAILURE if the user's kerberos password is
      r22967: Move to the TCP packet interface for the krb5_send_to_kdc plugin.
      r22983: This should ensure that torture_create_testuser() can be called,
      r22987: Clarify how the events are handled in the kerberos code, and
      r23026: Add groupPolicyContainer, as we now require this schema element.
      r23027: Make sure the parent object always exists.
      r23028: I've now got a patch to Fedora DS to make it only install the very base schema.
      r23032: Remove calls to println(), and ensure we print the ldb errstring().
      r23034: Thanks to metze for providing some vital clues in the 'kerberos ccache
      r23035: We don't need to add this entry, and I hope to figure out how to avoid
      r23063: Make sure to invalidate the ccache when we set a
      r23064: Clarify comment and indent
      r23089: This is upstream now, so we don't need to add it manually.
      r23132: Resolve an issue where we would use the ccache after we free()ed it.
      r23133: I felt pity on Kai, as he starts work on winbind in Samba4, so I
      r23134: Set the event context onto the cli_credentials.
      r23136: Set the event context onto the credentials in more places.
      r23141: Use the finddcs() library call rather than a winbind-specific version.
      r23149: Fix up the trusted domain lookup code to use the new structures.
      r23176: Note that we only return one DC from this call at the moment.
      r23177: Add in a new provision-backend script.  This helps set up the OpenLDAP or Fedora DS backend.
      r23189: Work towards a totally scripted setup of LDAP backends, so others can
      r23191: Use the new provision-backend script to setup Fedora DS for make test.
      r23232: Add in some extra files required by the new provision-backend.
      r23233: Use the schema and basedn files generated by the provision-backend script.
      r23235: Don't do a seperate LDAP provision step.  Instead, everything we need
      r23257: Newer OpenLDAP versions don't seem to need this, so simplfy.
      r23261: Merge WHATSNEW back into the main branch.  Comments/omissions greatly
      r23262: Fix mkrelease.sh to work in the right directories
      r23264: Make it more clear what this is actually setting up
      r23281: Ensure we wipe all the right things in distclean.
      r23286: In SWAT, it was not possible to use a domain name other than the default.
      r23325: Remove items from menu that have been removed from SVN long ago, with
      r23351: Merge from SAMBA_4_0_RELEASE:
      r23361: Merge from SAMBA_4_0_RELEASE:
      r23365: Try to make Windows Vista join again.  On my new test environment, it
      r23373: Fix spelling...
      r23412: We don't need hdb.h here any more
      r23455: These buffers may not be null terminated. Ensure we don't run past the
      r23456: Update Samba4 to current lorikeet-heimdal.
      r23503: use hdb_dbc not hdb_openp.
      r23551: Change data_blob_equal to data_blob_cmp, suitable for sorting with qsort().
      r23557: Ensure that we don't reorder the objectClass list, if we don't have
      r23558: MMC seems to ask for this, so I think we need to include it in our schema.
      r23560: - Activate metze's schema modules (from metze's schema-loading-13 patch).
      r23677: When I removed data_blob_equal, I clearly didn't test the PIDL code.
      r23678: Update to current lorikeet-heimdal (-r 767), which should fix the
      r23679: invocationID is a GUID too.
      r23680: Make it easier to setup a domain member server - the 'server role'
      r23693: Give the process a chance to write out it's coverage data, before we
      r23695: By not using the NULL context for these large structures, we don't
      r23703: Start to get Samba4 to again work with LDAP backends, after I turned
      r23715: Make the provision-backend script print out the exact commands to run,
      r23716: Clarify LDAP Manager DN and fix slapd startup syntax.
      r23717: We need to remove the _ in LDAP_MANAGERPASS for the
      r23718: Make Samba4 work against the LDAP backend again.
      r23719: ejs being case sensitive, while LDAP is not is a real pain when
      r23720: Allow the member server to work against an LDAP Backend.  Another case
      r23737: Validate that we object to duplicate values in an add or replace.
      r23754: Make sure to check the status return before we de-reference the
      r23762: Fix DN renames over LDAP, and instrument the partition module.  Add a
      r23809: Don't give users the fantasy that we can control choice of GENSEC
      r23810: Make things static, and remove unsued code.
      r23811: Try to ensure struct nbt_name is always pre-declared.  Might fix the
      r23812: Remove more code found as dead by the find_static script, and make
      r23815: Thanks to Matthias Wallnoefer <mwallnoefer at yahoo.de> for pointing out
      r23816: A little more static, but leave the dead code testjoin.c as documentation.
      r23848: Thanks to derrell for pointing out that I had not finished my patch to
      r23849: ldap_server:  Provide more info in debug traces
      r23852: Merge Samba 3.2's wbinfo into Samba4, so Kai can use it for testing.
      r23859: Work to have Group Policy work 'out of the box' in Samba4.
      r23875: As pointed out by mwallnoefer at yahoo.de:
      r23880: Don't crash when we run wbinfo -a against our own winbind when we are a DC.
      r23881: A quick fix from davecb at spamcop.net to be more portable to non-GNU
      r23890: Allow wbinfo -a to work against Samba4's winbind.
      r23905: SATOH Fumiyasu <fumiyas at osstech.jp> points out that we want &&, not ; here...
      r23907: Fix bug 4790 reported by mwallnoefer at yahoo.de:
      r23912: We always accept / as a seperator, and it is far less confusing
      r23960: Don't destory the 'reason' for terminating the service before printing it.
      r23961: Allow SWAT to operate on x86_64 machines.
      r23964: Update blackbox selftest scripts to cover more code, and to more
      r23965: Add testing the 'net time' command to the script.
      r23966: It isn't great, but at least now we have some access control in SWAT
      r23982: Fix use-after-realloc() found by valgrind and mwallnoefer at yahoo.de.
      r23993: Attempt to fix bug #4808, reported by mwallnoefer at yahoo.de.  The issue
      r23994: Finish my work to ensure that non-root and non-administrator users
      r23995: Work to allow mimir's libnet code to be called from winbind.
      r24010: Fix warning for the function paramter to qsort().
      r24011: Keep the connect handle around in libnet, in case we want it.
      r24012: Remove duplicate code block (from bad merge).
      r24052: Fix some of the NT4 usrmgr.exe portions of bug 4815.
      r24053: Ensure we filter EnumDomainUsers with the supplied mask.
      r24059: Fix bug 4822 reported by Matthias Wallnöfer <mwallnoefer at yahoo.de>.
      r24060: Fix bug #4806 by Matthias Wallnöfer <mwallnoefer at yahoo.de>: We need to
      r24061: Anther part of bug #4823, which is that until now Samba4 didn't parse
      r24074: Test both permitted logon hours and permitted workstations in the
      r24075: As suggested by metze, match the behaviour of ntvfs_posix, and remove
      r24076: Make ldap.js pass against Win2k3 again (looks like we don't match AD
      r24080: Set the primary group (matching windows) when creating new users in
      r24081: Domain Controllers are also shown in this enumeration.
      r24082: Following the removal of a fanstsy condition from the SAMR testsuite,
      r24083: Don't fail the test (looking for the user in the enum) if we didn't
      r24110: I hate seeing callers manually filling in the composite context.  Use
      r24111: Untested code is broken code, untested code is broken code...
      r24112: Complete initialistion of the libnet_ctx when setting up the domain.
      r24118: Start fixing #4842 (usrmgr polcies menu not working) by removing range
      r24127: Set the Domain SID into the libnet context, and have libnet_UserInfo
      r24146: It is not an error for a Win2k3-only server not to support the NT4
      r24245: Fix bug #4828 - we need to set the samba LDB debug handler early, so
      r24246: Avoid the annoying 'probable memory leak in ldb' messages, by fixing
      r24247: Remove extra newlines from ldb_debug() calls - it already adds one.
      r24248: Attempt to fix bug #4830 by <mwallnoefer at yahoo.de>.  If there is no
      r24249: Thse generated attributes should not be pushed this far down the stack
      r24259: Rework the objectclass module to use the new schema, rather than the
      r24260: Ensure we always override any existing values for these generated
      r24261: Fix the standalone ldb build after I moved the objectclass module out.
      r24262: Set the objectCategory by default in the objectclass module, rather than using templates.
      r24263: Fix bug 4846 (unable to copy users in MMC Active Directory Users and
      r24273: Fix bug #4817 by <mwallnoefer at yahoo.de>.  (Unable to add a computer
      r24277: Tidyup as requested by metze.
      r24282: Try to fix the occasional Samba4 crash in BASE-BENCH-READWRITE, as
      r24285: A number of machines on the build farm fail because while they use
      r24286: (missed from previous commit)
      r24300: Try to get the LOCAL-EVENT test to pass on hosts with epoll() in
      r24301: The less escape characters the better.  This changes the winbind
      r24390: Another attempt to find out why we fail the LOCAL-EVENT test on some build farm hosts.
      r24459: Fix up ldap.js and test_ldb.sh to test the domain_scope control, and
      r24479: Typo fix - this makes 'make test' pass against OpenLDAP again.
      r24502: More work to get LOCAL-EVENT passing on all platforms:
      r24503: Make 'make test TEST_LDAP=yes' pass on Fedora 7, by trying more
      r24504: Try to return more useful error information on why a bind failed.
      r24566: Remove trailing newlines in ldb_debug(), these are not required.
      r24567: Try much harder not to leak memory when comparing objectCategory entires.
      r24568: Fix the build, caused by a conflict betwen mimir's work and metze's bulk rename.
      r24611: Following up on the re-opening of bug 4817 is it pretty clear that
      r24612: Revert this part of -r 24611.  This isn't related to my SAMR password
      r24613: Missed this in my recent commit -r 24611.  We don't discriminate on
      r24614: Merge with current lorikeet-heimdal.  This brings us one step closer
      r24631: Fix up format warnings, found on my Fedora 7 x86_64 workstation.
      r24633: Try to start on a set of release notes for Samba4 alpha1.
      r24640: Add a suggested BIND configuration snippit, to help with DNS configuration.
      r24648: Found out the meaning of a few more flags.
      r24655: Fix bug 4919 reported by Matthias Wallnöfer <mwallnoefer at yahoo.de>:
      r24690: Further fix to bug 4919: Ensure we don't supply a NULL URL argument to
      r24693: Test search options in ldb blackbox testing.
      r24694: Remove objectCategory entries from the setup templates.  These can be
      r24695: Now the Samba4 passes this test, remove the skip...
      r24696: Fix bug 4918 reported by Matthias Wallnöfer <mwallnoefer at yahoo.de>
      r24697: Excelent patch and detective work by Matthias Wallnöfer
      r24698: Patch from Andrew Kroeger <andrew at sprocks.gotdns.com> to fix Bug
      r24729: First try and publishing a DNS service account, for folks to play with.
      r24730: Allow secrets entries to be for service principals.
      r24731: Remove unused code - if we hit these error conditions, then we are
      r24760: Ensure we base64 encode any password being put into LDIF, to avoid
      r24761: Permit subtree renames in Samba4.
      r24793: The subtree_rename module is a work of fiction.  An resemblance to a
      r24822: Merge from SAMBA_4_0_RELEASE:
      r24819: We are preparing for alpha1, so update the mkversion script to cope with that.
      r24859: Merge from SAMBA_4_0_RELEASE:
      r24909: Patch from Andrew Kroeger <andrew at sprocks.gotdns.com> on the slow road
      r24911: Make better use of substituted variables in example named.conf
      r24913: Fix typo
      r24914: In response to bug #4892 by Matthias Wallnöfer <mwallnoefer at yahoo.de>,
      r24915: Try to quiet down this warning - the 'classic' share code doesn't
      r24918: Fix the build (forgot to include dcesrv_lsa.c in the previous commit)
      r24941: Simplify samdb_result_nttime(), and remove nttime_from_string()
      r24942: Patch from Matthias Wallnöfer <mwallnoefer at yahoo.de> and a testsuite
      r24945: The behaviour of the SAMR server on a member server is worth testing
      r24959: Merge back changes from release branch, and set new VERSION on main tree.
      r24971: Test more combinations for resetting the account expiry.
      r24972: Try to rat out this SAMR failure with some more cross-tests, and
      r24973: Try to make it really clear we are dealing with 64 bit numbers here.
      r24985: Start to revert us back to the old-style SWAT, while trying not to
      r24986: LDB has a function for comparing things that must meet the rules of
      r24987: Clarify error conditions in secrets handling, before I add ACLs to
      r25048: From the archives (patch found in one of my old working trees):
      r25051: Move SWAT back to the old-style form-submit modal.
      r25052: This missing 'break' caused problems on 32 bit platforms only, due to
      r25053: Show the user class alongside the username.
      r25071: Add some more testcases for RPC-DRSUAPI-CRACKNAMES, proving I can't
      r25073: Correct test name so make test can pass again.
      r25194: A major rework of the Samba4 LSA LookupNames and LookupSids code, with
      r25196: Thanks to id10ts on IRC for finding some typos in my well-known names
      r25203: Don't use subclasses in Samba4, as we always fill out the full
      r25204: Patch by Andrew Kroeger <andrew at sprocks.gotdns.com> fixing bug #4958 -
      r25218: After discussion with Simo, remove the subclass support from LDB.
      r25249: Thanks to Andrew Kroeger for pointing out this silly typo (calling
      r25268: Thanks to Andrew Kroeger for pointing out on IRC that this is
      r25299: Modify the provision script to take an additional argument:  --server-role
      r25300: Update howto.txt with modified provision syntax.
      r25303: Print out the options the provision script generated.  This should
      r25304: Thankyou to Amin Azez <azez at ufomechanic.net> for pointing out that I
      r25354: Thanks to Amin Azez <azez at ufomechanic.net> for finally getting me to
      r25383: Patch from Amin Azez <azez at ufomechanic.net> to give better message
      r25450: Make it easier to test with a particular version of OpenLDAP, by
      r25451: Rework the display of provision options to use printf syntax, and
      r25452: Move the creation of the server entry to the self join, as this makes
      r25596: It isn't valid to take the address of an array on the stack, and this
      r24821: Update the mkrelease.sh script and mkversion.sh to make releasing correct
      r24823: Without any better ideas as to how to fill out the WHATSNEW, I've
      r24858: Make the 'vampire' code work again - clearly nobody uses this...
      r24910: Merge named.conf patch by Andrew Kroeger <andrew at sprocks.gotdns.com>
      r24912: Merge 'use more substituted variables' patch to release branch.
      r24916: (merge to release branch)
      r24917: More thoughts on Samba4 release notes, readme etc.
      r24919: Merge build fix and improved error strings to release branch.
      r24944: Merge acct_expiry fix to release branch.
      r24947: Forgot to merge this to release branch, so we got weird subs in
      r24958: This is the final text, and the final version. I'll send the release
      r25616: Fedora DS now has a way to install the schema and extra configuration
      r25618: I'm sick of the fstring warnings turning up here. Let's see how much
      r25619: As perhaps could have been expected, the CFLAGS hack broke all non-gcc
      r25660: Add a new interface 'generate_secret_buffer()', to be used when we
      r25661: We don't actually need to know with DEBUG(0, ... every time we ask for
      r25693: Implement the rest of subtree renames, now that tridge waved his magic
      r25694: Move subtree_rename above the partitions module. The next step is to
      r25701: Clarify comment
      r25702: Clarify comments and make this module more strict on objectclasses.
      r25703: Use less entropy by using the pointer value as a process-unique token.
      r25704: Handle the chicken-and-egg problem of setting up the LDB before we get
      r25705: Ensure we return the out value to the caller.
      r25710: Finally fix subtree renames. Untested code is broken code and in this
      r25723: Add a check to prevent deletion of entries with children. Sadly MMC
      r25729: Fix silly regression in the subtree_rename - I broke normal renames.
      r25747: Implement linked attributes, for add operations.
      r25748: Don't segfault if we don't have a schema yet.
      r25749: Add function required by linked_attributes module.
      r25750: Update the objectclass module to improve consistency in Samba4.
      r25753: Move cn=rootdse to @ROOTDSE to avoid being caught up in schema restrictions.
      r25754: More work on normal forms for ldb input.
      r25755: Fix a couple of memory leaks, in particular a new leak onto the NULL
      r25759: catch up the samba3sam tests with the change from cn=rootdse to @ROOTDSE
      r25760: Test out relative distinguished name behaviour under renames.
      r25761: Rename to be a DN to be a child of itself wasn't being checked for.
      r25762: This test belongs best with the other checks for a valid parent, in
      r25763: Handle modifies, in the easy case (add/delete of elements), for the
      r25781: Handle and test linked attribute renames.
      r25786: Add function required by linked_attributes module (We need a list of
      r25787: Assert that we handle the group membership updating correctly,
      r25788: Use a single routine to handle the creation of modify requests in the
      r25825: Don't print the user's password hash at level 0.
      r25826: Prove that adding a user or computer via LDAP doesn't magicly give
      r25856: If the search fails, it is not valid to steal 'res'.
      r25857: Indent
      r25891: Test that we get the correct return value when we attempt to reference
      r25921: Now also listen on ldapi by default in the LDAP server
      r25922: Make it easier to bind to a unix domain socket, without messing with
      r25923: Make sure to install phpldapadmin-config.php
      r25933: LDB: Don't free errstring until after the printf, in case it is one of
      r25934: Handle a LDB_ERR_NO_SUCH_OBJECT return value when looking for the
      r25938: We don't need the CLDAP server unless we are a DC.
      r25939: Rework the CLDAP server not to use gendb_search but to call ldb_search
      r25940: Rework the samldb and templates handling.
      r25941: Use samdb_relative_path() (new function in samdb.c) in the partitions
      r25942: Make various ldb modules handle an LDB backend that enforces validity
      r25948: Fix up the samba3sam test (which is very fragile) to work with the new
      r25949: Make error messages clearer and more correct.
      r25950: Enable seperate module to prevent subtree deletes.
      r25952: Add in new data file required by samba3sam test.
      r25957: Rework the cracknames code to use less gendb_search() and instead call
      r25958: Callers of gendb_search_dn() don't expect to get
      r25959: Add a new special DN to LDB: @OPTIONS
      r25960: Enable checks on the validity of the search base on sam.ldb in Samba4.
      r25961: Add new tests to verify basedn validation in LDAP searches.
      r25962: Move to more modern ldb functions loading module list.
      r25964: Fix comment and use talloc hirachy in ldb_tdb initialisation.
      r25965: Remove duplicate block - thanks metze!
      r25966: Don't force an 8 byte width to generated SIDs, as this can actually
      r25981: Don't create an ldb_request on NULL.
      r26131: Ensure we show the right errors in the NULL base DN case. Based on
      r26135: Remove samdb_add(), samdb_delete() and samdb_modify(), which were just
      r26137: Rename the entryUUID module to better match it's purpose: being a
      r26138: Don't talloc_free() res if an error occoured.
      r26139: Based on a report by Theodor Chirana, don't assert() on invalid
      r26140: Add a new test for searches by distinguieshedName and dn, and
      r26182: Extend our linked attribute testsuite to cover many more possible
      r26183: The idea of a self-seeding secrets.ldb is nice, but in practice we do
      r26192: Handle, test and implement the style of extended_dn requiest that MMC uses.
      r26193: In the LDAP server, use the new 'controls_decoded' element to
      r26244: Add a module (sans tests for the moment) that implements ranged
      r26245: Make it easier to handle the LDAP backend, with it's differing needs,
      r26246: Make it easier to debug assert()s in the provision, if messages are
      r26282: These modules expect errors, but if we don't wipe the error string, we
      r26283: fix typo
      r26284: Rather than just debug, push the error back up the stack as the error
      r26297: Correct error message. This function verifies attributes, not
      r26298: Use metze's schema loading code to pre-initialise the schema into the
      r26299: Print out which module failed to initialise.
      r26300: Don't segfault when called from the ntptr libs.
      r26301: Collapose ldb_next_init() into being a caller of ldb_init_module_chain
      r26302: Print the error string for failed rootdse searches.
      r26303: Fix up error reporting during the delete of previous entries in the
      r26304: More work to remove silly error printouts.
      r26305: Update template files and testsuite to try and work with current
      r26324: Fix includes for Jelmer.
      r26354: In trying to chase down why we have reports that WinXP won't join
      r26361: Ensure this test cannot proceed if the pipe connection failed.
      r26362: Fix segfault in NET-API-DELSHARE torture test.
      r26365: This will now be the alpha3 tree (once I release alpha2).
      r26386: We need to test in more than just 'interactive' mode...
      r26389: Merge SWAT changes from alpha2 back into main Samba4 tree.
      r26412: Add comments and refactor to reuse common code.
      r26419: Add a module to implement 'ambigious name resolution' by munging the
      r26420: Don't print a blow-by-blow description of every search we do, just the
      r26424: Patch and hits from Howard Chu <hyc at symas.com> for our automated setup
      r26479: Further test behaviour of 'attribute or value exists'.
      r26485: Fix indent, remove left-over debug.
      r26488: Implement tests for the ranged_results module.
      r26529: Indeed, this belongs in the schema module. Ranged results need to use
      r26364: Branch Samba 4.0 for an alpha2 release.
      r26387: Merge logfile segfault into alpha2 branch.
      r26388: Fix up SWAT provision (again...), after changes I made to the
      r26390: Start on a WHATSNEW for the alpah2 release.
      r26489: Merge fixed ranged results module to release branch.
      r26490: Update WHATSNEW. Unless some fancy new words arive soon, this is what
      r26501: Merge kblin's updated README
      r26541: Mark this as the release
      r26556: Make Fedora DS consistant use FEDORA_DS_ROOT, now we use OPENLDAP_ROOT.
      r26557: sync WHATSNEW with release branch of Samba4
      r26609: Try a few more variatations to get the selftest to run against
      r26610: Write out a memberof.conf, to run the memberof plugin on all linked
      r26611: Tridge didn't write this...
      r26612: Tests show that we don't need to use a callback.
      r26613: Add a function to write a DATA_BLOB into an LDAPString.
      r26635: The OpenLDAP folks have been very accommodating, and their memberof plugin allows the error being returned to be adjusted.
      r26636: Remove useless 'backend' parameter, and make the memberof overlay use global.
      r26647: Mark 'valgrind_run' as executable
      r26648: Move detection of global catalog captability to a central function, so
      r26649: Only claim to be a PDC if we are a PDC.
      r26679: It is very bad to free the ldb handle when you didn't create it...
      r26680: Don't always advertise GC functionality.
      r26681: Use fewer magic numbers.
      r26682: Move CLDAP to the modern torture system, and add value checking.
      r26683: Add another testcase. I still don't know what's wrong here.
      r26684: Trivial cleanup from Matthias Dieter Wallnöfer, from bug 5090
      r26685: Fix bug 5137 by Mark Ridley. The RPC-ATSVC test is not tested, so was
      r26686: Fix bug 5143 by Jason Tarbet. This prevented an easy cut-and-paste of
      r26697: Leak less memory into the ldb context.
      Native move servers will refuse these SamSync operations, so don't
      Return 'not implemented' on more RPCs.  (easy way to 'pass' the
      Merge commit 'origin/v4-0-test' into 4-0-local
      Make Samba4 and Fedora DS happier
      Merge branch 'v4-0-test' of git://git.samba.org/samba into 4-0-local
      Add in new module to normalise DNs being returned from OpenLDAP.  This
      Fix segfault when sorting LDAP replies on the client.
      Rework ldbsearch to avoid segfault when remote LDAP server returns
      Merge branch 'v4-0-test' of git://git.samba.org/samba into 4-0-local
      Remove 'dn' from mapping, it isn't a valid attribute in AD, and causes
      Use 'dn' less, as this is not a valid attribute in AD, and I want to
      Merge branch 'v4-0-test' of git://git.samba.org/samba into 4-0-local
      Rework control handling to remove the 'domain_scope' control
      Make ldap.js test easier to re-run in failure cases, by deleting more
      Test the behaviour of mixed domain_scope and search_options controls.
      Make the Fedora DS LDAP backend 'aci' actually work, with better quoting.
      Merge branch 'v4-0-test' of git://git.samba.org/samba into 4-0-local
      Start generating a configuration for the refint overlay.  This
      Merge branch 'v4-0-test' of git://git.samba.org/samba into 4-0-abartlet
      Allow the 'extra' objectclass added to objectClass attributes by
      Rework linked_attributes module for the REPLACE case.
      Print out the reason we can't delete the user in SAMR.
      ldb_map objectClass munging: Don't hard-code 'extensibleObject'.
      Merge branch 'v4-0-test' of git://git.samba.org/samba into 4-0-local
      OpenLDAP backend: Place the refint overlay after the memberof overlay
      provision: simplfy by removing old code to manually create baseDNs.
      Add in a new module to handle instanceType
      Correct authorship of instanceType module
      Remove --ldap-base from the python provision script
      Search for memberOf when clients ask for a wildcard against OpenLDAP
      Use syncrepl on all OpenLDAP databases (creates contextCSN attribute)
      Don't manually specify instanceID in the template files.
      Add showInAdvancedViewOnly to every new object
      Merge commit 'origin/v4-0-test' into 4-0-local
      Don't set 'name' in the LDIF, this is handled by the rdn_name module.
      Only set showOnlyInAdvancedView: TRUE when adding default values.
      Remove default 'showInAdvancedViewOnly' values.
      Be sure to pass iconv handle down to compression subcontexts (fixes
      Merge branch 'v4-0-test' of git://git.samba.org/samba into 4-0-local
      Merge branch 'v4-0-test' of git://git.samba.org/samba into 4-0-abartlet
      ranged_results: fix use of uninitialised variable (end)
      Make ranged results tests in ldap.js easier to debug.
      Merge branch 'v4-0-test' of git://git.samba.org/samba into 4-0-local
      Fix segfaults in codepaths only tested by the NET-API-BECOME-DC test.
      Fix DRSUAPI replication test - NET-API-BECOME-DC.
      Get more information from ldb when reporting a failed replication.
      Remove useless subs from the ejs provision
      Kill another sub that the modules will handle for us.
      Use the repl_meta_data module by default.
      Make the repl_meta_data module the default for domain controllers.
      Ensure we set subobj.BACKEND_MOD for the 'partitions only' case.
      Tidy up the last regresesions on the python smbscript, from my work
      Merge branch 'v4-0-test' of git://git.samba.org/samba into 4-0-abartlet
      Merge branch 'v4-0-test' of git://git.samba.org/samba into 4-0-abartlet
      Merge branch 'v4-0-test' of git://git.samba.org/samba into 4-0-abartlet
      Merge branch 'v4-0-test' of git://git.samba.org/samba into 4-0-abartlet
      Rework service init functions to pass down service name.  This is
      Rework cluster_id() to take an additional argument, as we need
      Rework process_single.c to take advantage of cluster_id() now taking an additional argument.
      Remaining changes to implement the prefork process model
      Remove useless layer of indirection, where every service called
      Fix a few more breakages from our recent changes to the server_id
      Merge branch 'v4-0-test' of git://git.samba.org/samba into 4-0-abartlet
      Clarify nomaclature of socket names in process_single and process_prefork
      Merge branch 'v4-0-test' of git://git.samba.org/samba into 4-0-abartlet
      Ensure expected errors do not leak up to the application.
      Fix LDAP backend with python provision
      Remove unused ldap_backend argument from provision.py
      LDAP backend provision now works with python.
      Remove unused argument to provision().
      Revert to ejs for 'provision'
      Fix syntax in LDAP test
      Reset error strings
      Fix LDAP backend with python
      LDAP now works with the python provision!
      Remove unused parameter from provision()
      Merge branch 'v4-0-test' of git://git.samba.org/samba into 4-0-local
      From a request from Peter Huang, include IPsec sechema.
      Merge branch 'v4-0-test' of git://git.samba.org/samba into 4-0-local
      Make the provision test more real, use a foo.example.com for the realm.
      Give a more useful error when the templates.ldb can't be found.
      Merge branch 'v4-0-test' of git://git.samba.org/samba into 4-0-local
      Remove the forced 'krb5' from the NET-API-BECOME-DC test.
      Merge branch 'v4-0-test' of git://git.samba.org/samba into 4-0-local
      A couple more ipsec classes for the schema.
      Explain that these OIDs are DNs
      To partially simplfy our gcov handling, move to the new --coverage option.
      Merge branch 'v4-0-test' of git://git.samba.org/samba into 4-0-abartlet
      Simpler specification of CFLAGS and LDFLAGS
      Until the new ldb changes land, make ldb_wait set the error string.
      Merge branch 'v4-0-test' of git://git.samba.org/samba into 4-0-local
      Be consistant about --ldap-backend-type
      Make use of smbpython clear.
      Merge branch 'v4-0-test' of git://git.samba.org/samba into 4-0-local
      Remove more cruft about smbscript.
      Do not re-randomise in an individual test.
      Extend the ldap.js test
      Fix rdn_name errors.
      Reorder modules to have rdn_name before objectclass.
      Users and computers now share the same template.
      Generate ACB_PW_EXPIRED correctly
      Check for and reject invalid account flags.
      Fix up the libnet tests.
      Merge branch 'v4-0-test' of git://git.samba.org/samba into 4-0-local
      Ensure we don't try and set the acct_flags if they are 0 (meaning
      Simplify the 'password must change' logic
      Merge branch 'v4-0-test' of git://git.samba.org/samba into 4-0-local
      Merge branch 'v4-0-test' of git://git.samba.org/samba into 4-0-local
      Prove that not supporting ldapi is a bit problem.
      Merge branch 'v4-0-test' of git://git.samba.org/samba into 4-0-local
      fix typo
      Merge branch 'v4-0-test' of git://git.samba.org/samba into 4-0-local
      Fix failure to re-provision.
      Don't hardcode objectCategory into the schema, even in the schema.
      The DN in objectCategory should, if possible, be returned pretty...
      Try to return sane ldb error strings
      Make Samba4 pass the NET-API-BECOMEDC test against Win2k3 (again).
      Merge branch 'v4-0-test' of git://git.samba.org/samba into 4-0-abartlet
      Ensure we get this option from the command line, not the internal
      Fix typo
      Start to rework provision for LDAP backends
      Merge branch 'v4-0-test' of git://git.samba.org/samba into 4-0-local
      Fixup the NET-API-USERMOD test.
      Rework provision scripts for more testing
      Try to fix up part of the upgrade test.
      Make error handling in ldb more consistant.
      Extend testsuite to cover specifying a domain SID.
      Fix provision script to work without smb.conf location specified.
      Upgrade provision-backend to python.
      Don't talloc_free() the UUID before we return.
      Update the provision scripts and selftest for LDAP
      Merge branch 'v4-0-test' of git://git.samba.org/samba into 4-0-local
      Don't segfault on invalid objectClass input.
      Rework to have member server 'domains' be CN=NETBIOSNAME
      Don't search the whole tree for the domains's sid
      Correctly normalise records against OpenLDAP.
      Bail out, rather than segfault on no domain sid.
      Report binding in libnet failure message.
      Show why a LookupName fails (help debugging)
      Don't use 'dn', this attribute does not exist with the LDAP backend,
      Rework SAMR functions to avoid gendb_search()
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
      Check for Administrator as a Alias (copy&paste bug)
      Rework our SAMR test and SAMR server.
      Allow more 'domain' objects when looking for a unqiue SID.
      Rework memberof handling in slapd.conf (used for OpenLDAP backend)
      Don't require users of credentials.h to have krb5.h and gssapi.h
      Merge lorikeet-heimdal -r 787 into Samba4 tree.
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
      Merge branch 'v4-0-logon' of git://git.id10ts.net/samba into 4-0-local
      Supply HDB_DB_DIR macro
      More safety around ldb_dn C functions in python bindings.
      Remove unused variable.
      Extend the ldap.js test to prove faults with the LDAP backend.
      More kludge ACLs!
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
      Explain why this attribute should be skipped.
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
      Remove useless extra argument to samdb_result_account_expires().
      Remove pointless cast
      Clean up the ldb python bindings to be 64 bit safe.
      Remove old js versions of newuser and provision.
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
      Prepare for Samba4 alpha3.
      Make oplocks a per-share option.
      Merge with metze's change for oplocks to be on by default
      Fix references to ntvfs share config
      Actually call into lp_oplocks() in share_classic backend.
      Fix how we initialise the oplocks parameter.
      Add change about account expiry
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
      Make the setup/newuser and setup/setpassword scripts actually work...
      Merge branch 'v4-0-local' of git://git.id10ts.net/samba into 4-0-local
      Remove references to the new SWAT.
      Add tool for enabling accounts
      Fix 'oplocks' in loadparm.
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
      Don't specify what should be a default option in the generated smb.conf
      No longer install SWAT files
      Fix and test python scripts and kerberos
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
      Finally found the magic string to skip the python registry tests.
      Fix some valgrind issues.
      Fix more valgrind issues.
      Merge branch 'v4-0-test' of git://git.id10ts.net/samba into 4-0-local
      Don't leave release trees hanging around
      Add a few more safety catches to the mkrelease.sh script.
      Rework 'compleated' message in provision to be more useful.
      Merge branch 'v4-0-local' of git://git.id10ts.net/samba into 4-0-local
      This is Samba4 alpha3!
      Mark as GIT snapshots again
      On our way to alpha4...
      Remove references to setting the host GUID, as the repl_meta_data
      Fix merge of my host GUID removal and the IPv6 addition to provision
      Fix conflicts in setup/provision script.
      Clean up provision and rootdse module to hard-code less stuff.
      Pass discovered server DN down to provision.
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
      Extend credentials python API to include set_machine_account.
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
      Rework talloc hirarchy for C provision setup.
      Re-add support for the --ldap-backend-port option to provision-backend
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
      Start implementation of real 'net vampire' code.
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
      Be consistant in using ${SEVERDN}.
      Remove dns_name element
      Factor out filling in the secrets database.
      Don't fill in the secrets DB unless we make the entries.
      Link the new vampire code togeather.
      Fix up provision to specify SERVERDN in more places.
      Set a netbios name into provision, and zero the rest.
      Fix merge errors on C provision interface after jelmer's good work.
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
      Far less cryptic traceback when you have an existing smb.conf
      Use the python-provided ldb and lp_ctx pointers in libnet_vampire.c
      Don't reopen the sam.ldb again
      Don't specify the ntds_guid to the C -> python provision interface
      Reuse the lp_ctx and samdb returned by the python provision.
      Actually test the different 'fill levels' in the provision process.
      Add in a way to get at the private_path() function from python
      Fix newuser and setpassword scripts, and port to idmap.
      Re-run SWIG
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
      Include the smbconf parameter to the provision
      Ensure we initialise s->lp_ctx for the way into the provision.
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
      Add blackbox test for ndrdump, to ensure it at least does not
      Test a few more bits of smbclient
      Test password change with 'net password change'.
      Fix provision-backend script
      Fix winbind to check machine account.
      Fix some of the winbind tests.
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
      Re-add 'db' subdirectory for LDAP backend provision
      Now that we don't create a new event context, don't free it.
      Fix wbinfo --trusted-domains.
      Fix struct_based winbind test for 'check machine account'.
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
      Adjust the expectations of the struct based winbind test.
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
      Use the struct based winbind tests, but mark as known fail.
      Skip strcmp() on 2 NULL pointers.
      Run more tests that were previously skipped.
      Fix the expectations on the unixinfo test.
      Fix build not to always use code coverage.
      Run samba3sam.js with bin/smbscript explicitly.
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
      Fix samba3sam test.
      Don't exclude all tests mentioning 'samba3', but only those actually
      Fix bug in registry test on big-endian machines.
      More work to avoid endian bugs in registry tests.
      Fix typo
      More endian fixes in the registry
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
      Fix samba3 protocol to correctly include the NULL terminator
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
      Add in a nice big comment explaining why SamLogonEx matters.
      Having killed it from Samba 3.0 and trunk, kill 'unicode' from samba-docs.
      The whole point of the 'privileged' pipe is that it is not world accessible...
      See, I really can write documentation when I put my mind to it...
      It appears that <program> isn't valid here, but <command> is.
      Add links to squid, and mod_ntlm_winbind.
      Add a note warning against the use of wbinfo -a for authenticacation
      Explain that winbind does not cache authentication requests.
      Remove bogus comment from 'client use spnego'.
      Clarify that turning off lanman authentiation applies to password
      Address some inaccracies (such as BDC solutions that might have
      Fix debian bug #404702 and clarify some points about 'net rpc vampire'
      Clarify that you don't want to use %m in 'add machine script'.
      Update docs to match the new defaults in Samba 3.2.0 and later.
      Remove unused KANJI and terminal code options.
      Add documentation to session token functions.
      Add comment explaining why io.in.workgroup isn't important.
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
      Remove vampire.py as the 'net' binary is the right interface.
      When a test harness program fails, make the testsuite fail.
      Don't compile files twice when the compilation fails.
      Make the composite 'connect to server' code useful for security=server
      Revert to using the old CIFS connection API.
      Fix dependencies on gensec_krb5 and the NTLMSSP code.
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
      Reorder this function in the file, so it reads bottom-up.
      Allow an NTLM response to be specified into the auth subsystem.
      Add a new implementation of security=server.
      Move NTLM authentication details into auth/ntlm
      Fix the build after the auth/ -> auth/ntlm/ rename
      Cope with an empty mapping file in ad2oLschema
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
      Remove JavaScript provision-backend script
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
      Rework the CLDAP and NBT netlogon requests and responses.
      Put back the old netlogn parsing code - for the request only
      Test the use of the domain SID on the NETLOGON mailslot
      Convert the CLDAP server to use the new netlogon structures.
      Make the IRPC GetDC request use SAM_LOGON packets.
      Explain that the sid must be absent on the NTLOGON mailslot.
      Show that the NTLOGON and NETLOGON mailslots are *very* similar.
      Modify the LDAP-CLDAP test for better coverage.
      Handle netbios domains in the CLDAP server too.
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
      Ensure we don't send a reply if we couldn't push the CLDAP blob
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
      Don't regenerate pam_errors.h any more.
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
      Add the core of the new CLDAP/NBT 'netlogon' parsing library.
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
      Fix prototype generation in new syntax for netlogon.c
      Revert addition of 'mailslot' parameter.
      Fix number of arguments to IRPC getdc callback.
      Fix irpc GetDC requests.
      Further tests show NTLOGON and NETLOGON to be identical.
      Re-add alignment removed by metze in 0e2f6d481b3e35ed392b2b3340b244c77593819c
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
      Extend the 'netlogon' CLDAP and NBT implementation.
      Manually handle the NETLOGON_SAM_LOGON_REQUEST too.
      Extend the NBT-DGRAM torture test again.
      Include flags.h into samdb.h
      Fix creation of sockaddr in netlogon datagram generator.
      Merge branch 'v4-0-local' of git://git.id10ts.net/samba into 4-0-local
      Correct an assertion in the testsuite.
      Start an 'NTP signing server' in Samba4.
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
      Bring up the ntp signing deamon
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
      Fix dependency list for NDR_TABLE
      Try adding a stub to fix the build
      Install the ntp_signd NDR headers...
      Another (useless) header to install
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
      Don't make the NTP signd headers public.
      Final fixes to for a functional NTP signing deamon.
      Allow the ntp_signd socket to be set from configure.
      Add in an enum for two future NTP signing ops.
      Merge branch 'v4-0-local' of git://git.id10ts.net/samba into 4-0-local
      Print prefixMap in a human-readable format.
      Finish the LDIF parsers for the prefixMap attribute.
      Remove extra spaces on prefixMap input and output.
      Remove test from samba4-skip, it is avoided in samba4_tests.sh
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
      Fix up provision and samdb tests.
      Don't pass an smb.conf to provision tests.
      Reorder the linking of objects into a binary.
      Fix rpcecho test.
      Place the NTP signd socket in the selftest area
      Fix the samba4.dcerpc.bare.python test.
      Skip the samba4.samdb.python test.
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
      Revert Jelmer's CFLAGS commit e2b71a0ecbf10a78a59a8ec6371bdee57b1bfa6c
      First draft of a WHATSNEW for a new release.
      Fix WHATSNEW.
      Clarify that our build farm status really sucks at the moment...
      Mark as the real Samba4 alpha4 release.
      I probably should warn about GnuTLS bad mojo...
      Remove outdated README
      Merge branch 'v4-0-stable' of ssh://git.samba.org/data/git/samba into 4-0-local
      On the road to alpha5...
      Align the Python and EJS ldap tests.
      Tone down the warnings in the WHATSNEW.
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
      Without stdlib.h we don't get a prototype for free().
      Merge branch 'v3-3-test' of ssh://git.samba.org/data/git/samba into 3-3-abartlet
      Don't sign NTP packets to disabled accounts
      Add a blackbox test for the provision-backend script.
      Remove old ldap.js test, we have replicated it in python now.
      Fix segfault caused by talloc_free() being called while still processing
      Change detection of objectCategory short fomm
      Depend on NDR_DRSBLOBS explicity.
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
      Fix installation of Samba4 into an empty tree.
      Fix the wbinfo test on the LDAP backend.
      Tone down the language in BUGS.txt
      Place the Fedroa package into Samba4's GIT tree
      Update WHATSNEW towards an alpha5 release.
      More work to use %{name} rather than 'samba'
      Use a configure-specified directory for the winbind priv pipe
      dynconfig changes for 'winbind privileged dir' changes.
      selftest changes for 'winbind privileged dir' change.
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
      Loosen ldap.py tests on the LDAP backend.
      Relax the ldap.py tests so that they pass against OpenLDAP CVS.
      Rework samdb handling for 'netlogon' packets.
      Update Fedora packaging per feedback on review ticket.
      Fix small formatting details in WHATSNET for an alpha5 release.
      Mark as alpha5 release
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
      Prepare for alpha5 tarball.
      Mark as 'not a git snapshot'.
      Ensure we install smbd as well...
      More updates for spec file, for alpha5
      Merge branch '4-0-local' into v4-0-stable
      Merge branch '4-0-stable' into 4-0-local
      On the way to alpha6!
      A couple more package updates
      Create PREFIX/var/lib and PREFIX/var/run in 'make install'.
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
      Collapse auxillary classes in LDAP schema conversion.
      Fill in the auxiliary classes into the dsdb_schema.
      Move ad2oLschema and oLschema2ldif into Samba4, out of LDB
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
      Make ad2oLschema even simpler, by moving the heavy work into dsdb.
      Avoid the use of extensibleObject in ldap mapping backend.
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
      Use common code to fill in allowedAttributes in kludge_acl.
      rename sambaPassword -> userPassword.
      Remove C++ keywords from events.h header.
      Fix 'make gdbtest-enb' and the GDB_PROVISION option.
      Try to make NTLMSSP less fussy for unimportant messages.
      Allow ldap credentials to be (optionally) stored in secrets.ldb
      Use secrets.ldb to store credentials to contact LDAP backend.
      Cleanup ldap_bind_sasl.
      Add a standard filter for finding the LDAP secrets.
      Make up a full hostname for ldapi connections.
      Connect to the LDAP backend with SASL credentials.
      Rework provision to handle both simple and SASL binds.
      Fix asking for credentials for non-LDAP provisions.
      Kill of some bogus debugs for the world who does not use the LDAP backend
      Revert Fedrora DS backend to use extensibleObject.
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
      Lock down the LDAP backend - only samba may read or write
      Simplify the contextCSN determination.
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
      Don't keep an extra ldb around forever.
      Ignore and handle more NT Create & X options.
      Reorder whitespace in generated slapd.conf
      Fix the build - this element was renamed.
      Another kludge to let the OpenLDAP backend catch up.
      More 'must be ignored' options from the MS-SMB doc.
      Put the memberof template into a seperate setup/ file.
      Make a seperate template for the refint configuration too
      Make invalid 'member' detection work again.
      Fix ldb_map to add/remove the same 'extra' objectclass
      Sleep longer in the hope that the OpenLDAP backend might catch up
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
      Remove bogus test in 'enum trusted domains' LSA server.
      Rename structures to better match the names in the WSPP IDL.
      Fix winbindd not to sit in a busy loop...
      Install'named.txt' to private/ as documentation.
      Explain where some other OIDs are allocated.
      Remove the 'accoc_group_id' check in the RPC server.
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
      The SMB session key must not be more than 16 bytes in SAMR (and
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
      Clarify how we are doing the 'this is a rootdse query' check.
      Complain if we are told to use an ldap backend, without the type
      Try to avoid a memory leak if we re-set the global schema
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
      Make a new define to ensure the accoc_group_id we use is always in common.
      Per feedback, remove epoch and ldconfig requires.
      Fix warnings in new prefixMap code
      Remove unused function and make sensitive directories private.
      Remove unused variable
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
      Always print the slapd startup command
      Make it even clearer what to do next in the LDAP backend setup
      We don't use EXTENSIBLEOBJECT any more.
      Update trustAuthInOutBlob in line with MS-ADTS
      Start implementind domain trusts in our KDC.
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
      Don't fail if the domain has a trust already.
      Use the cldap reply to avoid segfaulting in RPC-DSSYNC
      Print trustAuthOutgoing and trustAuthIncoming in RPC-DSSYNC
      Update to a working trustAuthIncoming and trustAuthOutgoing parser.
      Start implementind domain trusts in our KDC.
      We can't use ndr_pull_struct_blob_all in combinatin with relative pointers
      More work towards trusted domain support in the KDC.
      We can't use ndr_pull_struct_blob_all in combinatin with relative pointers
      Clarify comment
      Always set a session key, even for the 'no password' case.
      Clarify comment
      Always set a session key, even for the 'no password' case.
      Merge branch '4-0-abartlet' into pac-verify
      Only allow trust accounts access to the NTP signing service.
      Add GenericInfo level for SamLogon calls from the WSPP IDL.
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
      Rework the trustAuthInOutBlob with the help of a hand parser.
      Assert on failure to join domain in NBT-DGRAM
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
      Don't segfault in RPC-ATSVC.
      Paramaterise the seperator in ad2OLschema
      Rework generation of the objectClass and attributeType lines.
      Generate the subSchema in cn=Aggregate
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
      Trusted domains implementation for the KDC.
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
      Fix the build, after the ad2oLschema changes.
      Merge the two attribute syntax tables.
      Remove references to the unused @SUBCLASS feature.
      Ensure we fail to proceed if the schema won't load.
      Fix segfaults when loading the schema fails.
      Allow attributes to be overwritten, not just added to
      Note the ldb syntax for attribute syntaxes in the table.
      Fix templates.ldb reprovision handling.
      Fix up new OpenLDAP MMR code.
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
      Update OpenLDAP MMR configuration per comments by Oliver Liebel
      Remove last traces of the old 'subclass' feature
      Split schema_init.c into smaller bits.
      Add schema search flags from MS-ADTS
      Apply attributes (and their syntax) from the schema into ldb
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
      Use the new SEARCH_FLAG_ANR define
      Don't maniplate control entries in samldb
      Don't allow a NULL syntax
      Correct anr search commants and error messages in ldap.js
      Don't hardcode attributes to be treated as a DN
      All these syntaxes are now handled by the schema.
      Set both attributes and indexes into the database on schema load.
      The index handling is now configured from the schema load, not by a
      Handle error cases in attribute handlers better.
      Validate input in the CLDAP and DGRAM 'netlogon' responder.
      Stop every ldb startup doing a write to the database.
      Push loading the objectGUID and objectSID handlers earlier.
      Don't walk past the end of ldb values.
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
      Update RPC-LSA to (almost) pass against Windows 2008.
      Only allow the trust in the correct direction (per the flags).
      Fix LSA server to pass more of RPC-LSA and match Windows 2008
      Implement matching logic to Windows 2008 on handling of secrets.
      Make RPC-LSA test deterministic with an msleep(200).
      More LSA server and testuite work.
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into pac-verify
      Don't use lsa_Delete any more, as smbd now refuses it.
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into pac-verify
      Add definition for NT_STATUS_DOWNGRADE_DETECTED
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into pac-verify
      Fix the build on Win32, and use NEGOTIATE security (to allow kerberos)
      Put the internal gensec_gssapi state into a header.
      Add a test to explore Netlogon PAC validation
      Add missing file - netlogon.h
      Don't wipe the PAC checksums, the caller may actually need them.
      Heimdal provides Kerberos PAC parsing routines.  Use them.
      Further rework the RPC-PAC test.
      Update packaging per suggestions on the review
      It turns out that the Netlogon PAC verification is encrypted.
      Start implementing the server-sde NETLOGON PAC verification.
      Follow MS-LSAD and set defaults when creating a trust.
      Share IDL between the LSA and drsblob representations of trusts
      Start testing CreateTrustedDomainEx2
      Test a few more error cases in RPC-PAC
      Merge krb5_cksumtype_to_enctype from Heimdal svn -r 23719
      Implement NETLOGON PAC verfication on the server-side
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
      Merge commit 'origin/v4-0-test' into trusted-domains
      More work to implement LSA CreateTrustedDomainEx2
      With a windows 2008 client, even anonymous requires signing...
      Move our DC to implement mandetory signing.
      Update copyright, I've been working here many long years...
      Update copyright
      Add a new error code
      Make SMB signing work with Windows 2008 and kerberos.
      More work towards trusted domains support in Samba4's LSA
      Don't expose passwords, even to the administrator.
      Try to implement the right logic for systemFlags
      Simplfy SetSecrets behaviour in line with RPC-LSA and Win2008.
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into trusted-domains
      Move blackbox.smbclient to test against the member server.
      Add definition for SYSTEM_FLAG_ATTR_IS_RDN
      Make it clear that the MMR password can differ from the admin passsword
      Fix bug #5713 by correcting the generated schema.
      Fix reversed test trying to fix bug #5713
      Return the same privilaged winbindd socket as we actually use.
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
      Fix failures in the winbind struct-based test.
      Make cn=aggregate output less pretty, by more like Win2008.
      Remove the complexity of transactions from the attributes-setting code.
      Fix failure to load the schema on read-only DB.
      Skip strcmp() on 2 NULL pointers.
      This torture test and skipping of the server-side check was bogus.
      Merge branch 'master' of ssh://git.samba.org/data/git/samba into abartlet-devel
      Test re-setting the challenge after an auth3 in RPC-NETLOGON
      Explain why we use signing for DCs, but not file servers
      Remove unused variable
      Remove unused parameter from decode_pw_buffer and fail on invalid
      Merge branch 'master' of ssh://git.samba.org/data/git/samba into abartlet-devel
      NetApp found that we never set the smb signing flags2.
      Rename hdb_ldb to hdb_samba4 and load as a plugin into the kdc.
      Use the new 'samba4' name for our internal hdb plugin.
      Fix parsing of the trust passwords in LSA CreateTrustedDomainEx*
      Rework to match new trustDomainPasswords IDL
      Fix Domain Trust creation with Windows 2008 (and many other tools)
      Remove DESCRIPTION from generated schema lines.
      Remove compleatly bogus rename test in partitions module.
      Implement 'type unknown' names in the CrackNames code.
      Clarify use of manual parsers in trustInOutBlob (drsblobs.idl)
      Add in secure channel type used by AD trusts
      Make RPC-LSA test for enumeration conditions more strict
      Store trusted domain passwords in the LSA server
      Start implementing AD-style trusted domains in Samba4's NETLOGON server
      Use the trust password version as kvno for trusts in Kerberos.
      Allow the PAC to be passed along during cross-realm authentication
      Fix cross-realm authentication in Samba4's KDC.
      Set default trust kvno to -1
      Merge branch 'master' of ssh://git.samba.org/data/git/samba into abartlet-devel
      Assert that the server provides allowedAttributes (etc) on each entry
      Move the password_hash module up the module stack.
      Create a 'straight paper path' for UTF16 passwords.
      Fix errrors in new password handling code found by RPC-SAMR.
      Improve RPC-SAMR tests to check random passwords
      Add a test to RPC-NETLOGON for random machine account passwords.
      Merge branch 'master' of ssh://git.samba.org/data/git/samba into master-devel
      Add samba4kpasswd and rkpty binaries
      Ensure the hdb_method structure is not on the stack.
      Actually test the kpasswd server
      Mark clearTextPassword as a privilaged attribute
      Make the updated RPC-LSA pass against Win2008, and Samba4 to match
      Rework mkrelease.sh to exclude Samba3 files
      Clarify the linked attribute module behaviour with comments
      Merge branch 'master' of ssh://git.samba.org/data/git/samba into master-devel
      Fix use of wrong union arm in linked_attributes module
      Use ldb_dn_from_ldb_val to avoid possible over-run of the value.
      Give a better error when ldb_dn_from_ldb_val fails
      Re-add support for supporting the PAC over domain trusts.
      Use ldb_dn_from_ldb_val() to create a DN in the SAMR server
      It is not valid to talloc_free() ldb_dn_get_linearized()
      Add a new function to parse a DATA_BLOB into a GUID
      Always validate a DN when constructing from a string in python
      Remove restrictions on number of DN components in LDAP server
      Use new GUID_from_data_blob
      The samba3sam test does not really need the extended_dn module
      Print unconvertable ldb element values as base64.
      Improve debug when SASL search fails
      Remove timeout event once we are calling the callback.
      Add helpful function for comparison of DATA_BLOB elements
      Run the original operation before we update linked attrs
      Use the direct pointer to the syntax
      Don't treat the DN+binary syntax as a DN.
      Add AD schema from Microsoft's WSPP documentation.
      A more-commented version of rpc_server crash fix, matching closer the
      Merge branch 'master' of ssh://git.samba.org/data/git/samba into abartlet-devel
      Fix sequence number generation against OpenLDAP
      Make greater use of 'GUID_from_data_blob'
      Add hint to use passwordAttributes in @KLUDGE_ACL in future
      s4:ldb: add infrastructure for extended dn handlers
      s4:ldb_ildap: try to pass extended DNs to the server
      s4:libcli/ldap: split out a ldap_decode_attribs_bare() function
      s4:dsdb: add support for DSDB_OPENLDAP_DEREFERENCE_CONTROL
      s4:ldb: use try to print the extended dn in the ldif output
      s4:ldb.i: hang the dn on the NULL context as the python destructor will free it
      s4:samldb: improve error strings
      s4:samldb: make use of dom_sid_split_rid()
      s4:ldb-samba: register samba specific extended dn handlers
      s4:ldap_server: return the extended dn to the LDAP client if available
      s4:torture: add ldb tests
      s4:setup: don't set objectCategory: CN=Domain-DNS,${SCHEMADN}
      s4:setup: fix cut-n-paste error Builtin-Domain => Samba4-Local-Domain
      s4:selftest: lower debug level for slapd
      s4:ldb: make it possible to return per entry controls
      s4:rootdse: fix the logic to indentify a rootdse search
      s4:dsdb: Make the linked_attributes module set an extended dn
      s4:dsdb: split extended_dn into extended_dn_in, extended_dn_out and extended_dn_store.
      s4:provision: use extended_dn_out_ldb or extended_dn_out_dereference depending on the backend
      s4:dsdb: remove normalise module
      s4:ldb: add some python tests for extended dns
      s4:testprogs: improve extended dn testing of the ldb blackbox tests
      Rename ldb index pointer wrapper function
      Print error strings when transactions fail in ldb tools
      Parse options (and open the database) before starting transactions
      Handle different failure modes when we wipe the db in provision
      Fix failures setting a random password
      Move aggregate schema stub to it's own file
      Merge branch 'master' of ssh://git.samba.org/data/git/samba into master-devel
      Fix compiler warning when parsing a SID in a data blob
      Now store the GUID and SID from a DN over DRSUAPI into ldb.
      Don't trust sscanf not to run off the end of the string
      Treat DN+STring as a binary string for now
      Corrections to Microsoft's schema and the OpenLDAP mapping file
      More work to have OpenLDAP accept the full AD schema
      Initialise 'flags' in new python ldb binding for ldb_connect
      Ensure libreplace is included into the tevent python bindings
      Raise a python exception when the ldb search fails
      Use new error constant (missing from 6efb7ff9)
      Only do special DN tracking for normal DNs in OpenLDAP backend.
      Fix error message in mkrelease to refer to source4, not source
      Don't give fatal python errors when guessing the realm
      Delete more Samba3-specific files
      Print more useful suggestion for the main provision command line
      Merge branch 'master' of ssh://git.samba.org/data/git/samba into abartlet-devel
      Remove auth/ntlm as a dependency of GENSEC by means of function pointers.
      Push sam_get_server_info_principal into the auth subsystem
      Merge branch 'master' of ssh://git.samba.org/data/git/samba into master-devel
      Remove useless invocation of messaging_init() in RPC-PAC test
      paper over failure to reprovision with os.unlink()
      Merge branch 'master' of ssh://git.samba.org/data/git/samba into master-devel
      Make the 'modules.conf' generation in the LDAP selftest simpler
      Tolerate more whitespace errors
      Don't parse the schema data twice
      Add the new, updated AD schema file from Microsoft
      Prepare for a quick alpha7 release to help simo meet Fedora deadlines
      Merge branch 'master' of ssh://git.samba.org/data/git/samba into master-devel
      Work around ndr_unpack failing on structures with relative pointers.
      Credit tridge's work on fixing GnuTLS
      Merge branch 'master' of ssh://git.samba.org/data/git/samba into master-devel
      A simple hack to avoid the segfault in #6138
      Mark as the Samba 4.0 alpha7 release
      Allow 'net vampire' to work without an existing smb.conf
      Don't print the admin password if we don't set one.
      Pull in all the schema information during DRS schema fetch
      Merge branch 'master' of ssh://git.samba.org/data/git/samba into abartlet-devel
      Update talloc version so we don't fail on system talloc 1.2.0
      Remove parse_control from header, long after the function was removed
      Merge branch 'master' of ssh://git.samba.org/data/git/samba into master-devel
      Merge branch 'master' of ssh://git.samba.org/data/git/samba into wspp-schema
      Remove ad2oLschema, insted call it directly from provision-backend
      Sort output of schema for OpenLDAP during conversion
      Load the schema for provision-backend in a transaction
      Load the schema with a more efficient single search
      Merge branch 'master' of ssh://git.samba.org/data/git/samba into wspp-schema
      Merge branch 'master' of ssh://git.samba.org/data/git/samba into wspp-schema
      Merge branch 'master' of ssh://git.samba.org/data/git/samba into wspp-schema
      s4:provision  load_schema in provision.py no longer takes a hostname
      s4:schema Don't rely on objectCategory 'magic' when loading the schema
      s4:password_hash Only store the LM hash if 'lanman auth = yes'
      Merge branch 'master' of ssh://git.samba.org/data/git/samba into wspp-schema
      s4:ldb Fix the paged_searches module
      s4:ldb Ensure to pass down options to LDB from python
      s4:minschma Fix aggregate schema generation in minschema
      Add minschema like tool to extract and dump the full schema from AD
      s4: Remove autogenerated attributes from minschema and fullschema output
      s4:ldb Allow paged_searches to be mixed with other controls
      s4:fullschema Use server-side sort to make the output deterministic
      s4:schema Remove 'cn' from the final output of ms_schema.py
      Merge branch 'master' of ssh://git.samba.org/data/git/samba into wspp-schema
      Add parentGUID as an allowed attribute in samba4Top
      Remove minschema generated schema - we now generate from setup/ad-schema/
      s4:schema Update Windows 2008 schema from Microsoft to latest version
      Merge branch 'master' of ssh://git.samba.org/data/git/samba into wspp-schema
      s4:schema Don't free mem_ctx before it is initilised
      s3:smbldap Remove smbldap_get_dn
      s3:printing Convert nt_printer_publish_ads() to use talloc better
      s3:libads Make ads_get_dn() take a talloc context
      s3:smbtorture Convert charcnv torture suite to use push_ucs2_talloc()
      s3:kerberos Rework smb_krb5_unparse_name() to take a talloc context
      s3:smbldap convert the easy cases to push_utf8_talloc()
      s3:charcnv Remove unused ucs2_to_unistr2()
      s3:charcnv Remove unused unistr2 functions
      s3:rpc_parse remove unused prs_unistr2()
      s3:charcnv Remove unused unistrcpy() and unistrlen()
      s3:lib Use push_ucs2_talloc() in ms_fnmatch()
      Rework util_strlist prototypes to use a bit more and less const
      Make the schema_inferiors generation code to compile
      s4:ldb Make it possible to re-run ldap.py again
      Merge branch 'master' of ssh://git.samba.org/data/git/samba into master-devel
      Solve some of the conflict between Samba3 and Samba4 push_string
      Convert Samba3 to use the common lib/util/charset API
      Add some harmless use of talloc_tos() in ntlm_auth
      s3:charcnv remove now unused malloc() based conversion functions
      Move libcli/auth to the top level
      Move DRSUAPI per-attribute decryption into a common file
      Move MSRPC-PARSE into the common libcli/auth
      Rework trivial msrpc parser to use convert_string_talloc()
      Merge smbencrypt.c between Samba3 and Samba4
      Rework Samba3 to use new libcli/auth code (partial)
      Move ntlm_check.h into the common libcli/auth
      Port Samba4 to the new combined libcli/auth functions
      libcli/auth Don't compile against un-needed Samba4 headers
      Adapt to common crypto functions: sam_pwd_hash() -> sam_rid_crypt()
      More work to adapt to merged libcli/auth function prototypes
      Use common samsync delta decryption functions in libnet_samsync.c
      Push schannel_state.c into the top level.
      Rework netlogon credentials for the top level
      Rework Samba4 to use the new common libcli/auth code
      Make Samba3 use the new common libcli/auth code
      libcli/auth Push schannel check into common libcli/auth
      Link in the common samsync decryption code
      Rework to use new API for common netlogon credential chaining
      s3: Fix ntlm_auth and winbindd to use new common libcli/auth APIs
      common:libcli/auth Add missing samsync config.mk
      Add missing header, remove generated header
      Merge branch 'master' of ssh://git.samba.org/data/git/samba into libcli-auth-merge-without-netlogond
      Fix Samba4 build errors with common libcli/samsync
      Fix building the common libcli/samsync code
      Fix building the now common msrpc_parse code
      Use an absolute path to ensure that we can always regenerate tables.c
      Fix crash bug in NTLMSSP caused by msrpc_parse() moving to talloc
      s3:ntlmssp Fix segfault: msrpc_gen now uses talloc()
      s3:auth Fix segfault: Always initialise returned session keys
      Remove unused headers
      libcli/auth: Don't pass back lm_sess_key as the same pointer as user_sess_key
      s3:ntlmssp Remove use of talloc(NULL) in NTLMSSP code
      libcli/auth Ensure we cancel the transaction when schannel not detected
      Remove use of talloc_reference in cli_rpc_pipe_open_schannel_with_key()
      Merge commit 'origin/master' into libcli-auth-merge-without-netlogond
      Fix to use modified cli_rpc_pipe_open_schannel_with_key API
      Merge branch 'master' of ssh://git.samba.org/data/git/samba into libcli-auth-merge-without-netlogond
      python/rpc: Add custom GUID.__str__, GUID.__repr__, GUID.__init__ and GUID.__cmp__.
      python/dcerpc: Custom implementations of policy_handle.__init__ and policy_handle.__repr__
      Add str() for policy_handles.
      Merge branch 'master' of ssh://git.samba.org/data/git/samba into abartlet-devel
      Revert "pidl/python: Add explicit casts, fixing implicit cast warnings."
      Add the implicit [ref] to the connect_handle in EnumDomains
      Merge branch 'master' of ssh://git.samba.org/data/git/samba into abartlet-devel
      s4:samr Use ldb_context * rather than void *
      s4:test Fix 'make lcov' in Samba4
      Merge branch 'master' of ssh://git.samba.org/data/git/samba into abartlet-devel
      s4:test Include 'source4' in directories to find lcov in
      Merge branch 'master' of ssh://git.samba.org/data/git/samba into abartlet-devel
      s4:torture use common libcli/auth crypto code
      More lcov code coverage generation work
      Merge branch 'master' of ssh://git.samba.org/data/git/samba into abartlet-devel
      s4:torture Add tests for prefixMap custom attribute handler
      s4:torture Fix segfault in RPC-SAMSYNC
      Add new functions and tests: str_list_make_empty(), str_list_make_single()
      s4:torture Use str_list_make_single where appropriate
      dsdb:schema Use str_list_make_empty() to create an empty list
      s4:libnet Use str_list_make_single() in resolv code
      s4:nbtd Use str_list_make_single() to turn iname->wins_server into a list
      Add extensive tests for str_list function behaviour
      Add support for sendmsg() in socket_wrapper
      Don't use crossRef records to find our own domain
      Add DOMAIN_RID_KRBTGT define to security.idl
      Handle the krbtgt special case by looking for RID -514
      Detect missing 'witch' before detecting missing autoconf
      Fix incorrect RID for KRBTGT.  (was incorectly 514, should be 502)
      Fix incorrect RID for KRBTGT.  (was incorectly 514, should be 502)
      s4:torture Make the RPC-SAMR-PWDLASTET more efficient
      s4:client Match Samba3 and remove smbmount from the distribution
      s4:torture Half the repeditive tests run by RPC-SAMR-PASSWORDS-PWDLASTSET
      s4:torture Clean up users and groups added in RPC-SAMR-LARGE-DC
      s4:torture Don't run QueryDisplayInfo test for SAMR-USERS-PRIVILEGES
      s4:setup Remove generated attributes from provision_configuration
      s4:torture Don't try to Close a Deleted handle
      Win2k3 don't allow creating of domain trust accounts over SAMR
      s4:torture Make Samba4 build on hosts with an older libnetapi
      Don't run the RPC-SAMR-LARGE-DC test multiple times
      socket_wrapper Cope with SOCK_CLOEXEC and SOCK_NONBLOCK flags
      s4:torture assert that we get a Mailslot allocated before we dereference
      s4:torture Cut the RPC-SAMR-LARGE-DC test down to size
      pidl Fix samba4.pidl.typelist test after addition of 'double'
      Update WHATSNEW for an alpha8 release this week.
      Remove copy of kerberos-notes.txt added in incorrect location
      Don't recurse in reopen_logs().
      Fix build of recurusion fix in reopen_logs()
      s4:heimdal: import lorikeet-heimdal-200906080040 (commit 904d0124b46eed7a8ad6e5b73e892ff34b6865ba)
      Add supportedCapabilities to our rootDSE
      Add const to cast, to fix warning
      Require the new tdb 1.1.5 (for performance reasons)
      s4:gensec Print GSSAPI error message when unable to find PAC
      s4:setup Add an option to 'setpassword' to force password change at next login
      s4:kdc Allow a password change when the password is expired
      s4:libnet Allow 'net password change' to work on expired passwords
      s4:testprogs Don't specify a username/password when checking the ccache
      s4: Add tests and 'must change password' flags in setpassword and newuser
      Bump the ldb version and the version Samba4 requires.
      Remove unused variable
      s3:netlogon Cope with recent rename in netlogon.idl
      s4:ldb Add test for integer normalisation behaviour
      Partially revert restriction of socket_wrapper to 1500 byte writes
      s4:ldapsrv Place the 'privilaged' ldapi socket under an #ifdef
      Partially revert restriction of socket_wrapper to 1500 byte writes
      Mark as release version
      On our way to alpha9!
      Allow developers access the the privilaged ldapi socket for the moment
      Merge branch 'master' of ssh://git.samba.org/data/git/samba into master-devel
      Revert "s4:debug: make setup_logging() a bit more compatible with samba3"
      Fix ndrdump to use a common setup_logging() API
      s4:dsdb Explain the parsing steps for userPrincipalName cracknames calls
      Rework hdb-samba4 to remove useless abstractions.
      s4:kdc Only get the lp_ctx once for a LDB_fetch()
      s4:heimdal Allow KRB5_NT_ENTERPRISE names in all DB lookups
      s4: dsdb Avoid using the internal ldb_private.h header
      s4:ldb Allow rootdse module to build without ldb_private.h
      s4:param use talloc_unlink() to free iconv context holding references
      s4:ldb Fix talloc hirarchy in LDIF parsing code
      s4:ldb Rework use of talloc and ldif objects in python wrapper
      s4:net Move net_vampire() to net_vampire.c
      s4:auth It is easier to copy the session key than get talloc right.
      Add const
      s4:dsdb Allow unicodePwd to be set when adding a user
      Add a way to set an opaque integer onto a samdb
      s4:dsdb Handle dc/domain/forest functional levels properly
      s4:gensec Allow mutual auth to be turned off in 'fake_gssapi_krb5'
      s4:heimdal The implied GSS_C_MUTUAL_FLAG depends on AP_OPTS_MUTUAL_REQUIRED
      s4:gensec Rework gensec_krb5 mutual authentication defaults
      s4:heimdal: import lorikeet-heimdal-200907152325 (commit 2bef9cd5378c01e9c2a74d6221761883bd11a5c5)
      s4:kdc Initialise new hdb function pointers.
      s4:kdc rename functions from LDB_ to hdb_samba4
      s4:kdc Rework KDC to pull in less attributes for krbtgt lookups
      s4:heimdal: import lorikeet-heimdal-200907162216 (commit d09910d6803aad96b52ee626327ee55b14ea0de8)
      Revert "s4:heimdal_build: predefine GSSAPI_DEPRECATED depending on the compiler version"
      s4:kdc Add in a simple check for constrained delegation to self
      s4:provision Fix provision on FreeBSD
      s4:kdc Tidy up hdb_samba4 some more
      s4:heimdal Extend the 'hdb as a keytab' code
      s4:setup add 'cn' attribute to Samba4 local schema
      s4:kdc Push context to hdb_samba4 by way of the 'name' of the DB
      s4:kerberos Add 'net export keytab' command for wireshark decryption
      s4:kerberos Add test to show that we actually export the keytab
      s4:kerberos Add 'net export keytab' command for wireshark decryption
      s4:kerberos Add support for user principal names in certificates
      s4:tls Enable GnuTLS back to version 1.4 (an into the future)
      s4:libnet Add in a 'credentials' parameter for python libnet_Join
      Fix compile of py_net.c
      s4:provision We no longer add krbtgt or kpasswd account into secrets.ldb
      s4:samba3sam Remove extra newlines that broke samba3sam test
      Use smbclient binary for the test file in smbclient test
      s4:torture rework LDAP sort test
      s4:netlogon Fix warnings and segfault in GetDomainInfo call
      s4:ldif_handlers Allow a binary nTsecurityDescriptor when parsing LDIF
      Add const
      s4:torture Make RPC-NETLOGON pass against ncaclrpc servers
      s4:dsdb Don't cast an ldb_val into a const char * for schema lookups
      s4:ldb initialise e->values[i].length before use in python bindings
      s4:heimdal: import lorikeet-heimdal-200908050050 (commit 8714779fa7376fd9f7761587639e68b48afc8c9c)
      s4:heimdal: import lorikeet-heimdal-200908052208 (commit 370a73a74199a5a55188340906e15fd795f67a74)
      Merge branch 'master' of ssh://git.samba.org/data/git/samba into master-devel
      s4:ldb Make error message in rnd_name more useful
      s4:torture Add test for the NTP signd server
      s4:provision Assume the OpenLDAP backend can find it's own modules
      s4:provision Make the --ol-slapd paramter take the full path to slapd
      s4:selftest Make OpenLDAP guess it's own modules from now on
      s4:selftest Don't start the slapd for the provision, only for the run
      s4:provision Allow provision-backend to not run slapd for 'make test'
      s4:ldap_server Don't talloc_steal (with references) in ldap_backend
      s4:ldap_server Remove another talloc_steal (with references)
      s4:ldap_server Correct removal of talloc_steal()
      s4:schema Provide a way to reference a loaded schema between ldbs
      s4:provision  Remove the ACI element from the provision templates
      s4:schema Allow a schema load on an unconnected database
      s4:python Push some helper functions from SamDB into samba.Ldb
      s4:setup Don't manually set @ATTRIBUTES any more
      s4:provision Move helper functions back to provision
      s4:provision Rework provision-backend into provision
      s4:provision A crude update of the OpenLDAP backend HOWTO
      s4:provision Keep a single transaction for the erase and rebuild
      s4:python Allow 'no such object' on the delete of the DN
      s4: Re-add --ldapadminpass as an option to provision
      s4:selftest Confirm that there isn't a listener on the ldapi:// socket
      s4:provison Print the LDAP backend admin username/password
      s4:provision Make sure that we don't use Kerberos to our LDAP backend
      s4:install Remove provision-backend script from 'make install'
      s4:provision Fix existing ldapi:// backend detection exception
      s4:libcli/ldap Explain why we set a hostname for ldapi:// connections
      s4:selftest Remove the 'subunit filter' from make testenv etc
      s4:ldb Remove obsolete comment about ldb_tdb's sequence num
      s4:provision Avoid one more call to ltdb_reindex
      s4:provision Add comments to the provision script
      s4:kerberos Use MIT compatible names for these enc types
      s4:ldb Use length-limited printf to avoid walking off end of strings
      s4:ldb Python requires that a 'compare' handler return -1, 0 or 1
      s4:ntp_signd Fix bug 6656 - Set protocol version to 0, as used by ntpd
      s4:dsdb use talloc_strndup() in GET_STRING_LDB() rather than walk off the end
      s4:dsdb remove unused variable
      s4:dsdb Add const
      s4:ldb Add python binding and test for ldb_msg_diff()
      s4:dsdb Use talloc_strndup() to ensure OIDs are null terminated
      s4:dsdb Rework show_deleted module not to liniearise the LDAP filter
      s4:python Fix the reprovision test by deleting 'deleted' objects too.
      s4:dsdb Use helper function to add 'show deleted' control
      s4:dsdb Rework dsdb_write_prefixes_to_ldb() to take a schema
      s4:scheam quiet a 'const' warning
      s4:provision Only create references to our server DN after the self join
      s4:provison Add prefixes to ldb using same code a later modify will use
      s4:schema Rework dsdb_write_prefixes_from_schema_to_ldb() to use talloc
      s4:ldb Add hooks to get/set the flags on a ldb_message_element
      s4:ldb Add ldb_ldif_write_string() and python wrappers
      s4:provision Ensure that @OPTIONS is mirrored into each partition
      s4:python Add helper to get at the domain SID
      s4:ldb Don't sleep(100) in this error case, but debug the LDIF
      s4:setup Add DisplaySpecifiers from Microsoft.
      s4:selftest Fix 'make testenv-gdb' and 'make valgrindtest' etc
      s4:idl Add generated code for netlogon.idl changes
      s4:provision Don't reference provision_backend when using LDB
      libcli:drsuapi Add function to encrypt data for transport over DRSUAPI
      s4:provision Only delete SASL mappings with Fedora DS, not OpenLDAP
      s4:setup Updated Display Specifiers from Microsoft (with #s)
      s4:rpc_server netgotiate max xmit size with RPC client
      s4:kdc In the kpasswd server, don't use the client address in mk_priv
      s4:heimdal_build Love pointed me at the --one-code-file option to asn1_compile
      s4:heimdal_build Fix build breakages caused by asn1compile change
      s4:provision Prevent some invalid combinations of realm and domain
      libcli:nbt make the lmhosts parsing code and dependicies common
      s4:schema Add code to provide an index into the subClass tree
      libcli:nbt put util_net.c protos in new header file
      s4:utils Explian fix for testparm -v
      libcli:nbt move prototypes of lmhosts functions to libnbt.h
      s4:dsdb Print the partition we failed to suggest replication for
      s4:utils Remove typo...
      s4:provision split provision of DNS zone and self join keytab
      s4:ldb print out which LDB the transaction is still active on.
      s4:provision Use code to store domain join in 'net join' as well
      s4:py_security Add missing header
      s4:provision Make us Windows 2008 level by defualt again
      s4:provision Make our default salt match our server behaviour
      s4:kerberos Fix the salt to match Windows 2008.
      s4:dsdb Run the new 'descriptor' module by default.
      s4:ldb Add 'single-value' support to LDB.
      s4:ldif_handlers Fix memory leak in objectCategory LDIF handler
      s4:Ensure the selected RDN is the right one per the schema
      s4:ntvfs Don't attempt to follow NULL in unixuid_setup_security()
      s4:ldb-samba Use temp talloc contexts and talloc_steal avoid leaks.
      s4:ldb Fix ldb_list_find() folowing the change from char * to TDB_DATA
      s4:ldb always talloc_free() the ldb_ldif_write context, even on success
      s4:ldb Remove LTDB_PACKING_FORMAT_NODN
      s4-ldb: merged with master
      s4:provision Ensure we add the schema with the 'relax' control
      s4:ldap_server Ensure we don't segfault when sent a NULL new RDN
      s4:dsdb Add 'lazy_commit' module to swallow the 'lazy commit' OID
      s4:dsdb Don't allow creating of new objects with an isDefunct schema class
      s4:dsdb rework instanceType module - put instanceType in provision
      s4:dsdb Fix crash from LDAP login of DOM\\
      s4:dsdb Pass down the exact error code on failure in repl_meta_data
      s4:dsdb Return correct error on invalid attribute
      s4:ldb Don't allow modifcation of distinguishedName
      s4:ldb Don't allow RDN to be modified with an LDB modify message
      s4:dsdb Add objectClass and RDN constraints to objectClass module
      s4:dsdb add systemPossibleInferiors to schema code
      s4:dsdb Use possibleInferiors to restrict creation of child objects
      s4:provision Remove unused parameters from provision scripts
      s4:param Remove duplicate argument to python provision
      s4:drs-development Scripts to assist testing of DRS replication with AD
      s4:provision Clarify that we set, rather than modify, objectGUID values
      s4:provision Remove all references to samba4LocalDomain
      s4:dsdb Add new functions to help modules do an ldb_search()
      s4:dsdb Search for the schema with dsdb_module_search(), in schema_fsmo
      s4:ldb Allow a module string of ""
      s4:ldb Reload the 'ltdb_cache' when @OPTIONS changes
      s4:dsdb Make dsdb_read_prefixes_from_ldb static
      s4:schema Add some error checking to the schema load
      Allow (and ignore) distinguishedName on special records
      s4:ldb Allow a NULL module list
      s4:heimdal A real fix for bug 6801
      Revert "s4:hdb-samba4 - Don't double-free "db""
      s4:dsdb Rework modules create new partitions at runtime
      s4:provision Set @OPTIONS in the provision_init.ldif
      s4:dsdb Set 'notification' after the success of a change.
      s4:dsdb Be strict in selecting on-disk names for partitions
      s4:dsdb Fix tests for samba3sam to pass after partitions module changes
      s4:dsdb Fix partition_create not to return early
      s4:dsdb Don't try and casefold DNs during startup for partition load
      s4:Handle reprovision with existing partitions
      s4:dsdb Split 'set per-partition metadata' into it's own function
      s4:provison Allow the NTDS guid on the command line (for testing)
      s4:provision Test ability to set GUIDs from provision command line
      s4:dsdb Reload partition metadata if the main db updates
      s4:dsdb Only reload partition metadata on search and transaction start
      s4:dsdb Load new partitions in a running LDB if metadata changes
      s4:ldb Add function to add controls to an LDB reply
      s4:dsdb In partitions module, tell the caller what partition was used.
      s4:repl Pass schema as argument to replmd_update_rpmd()
      s4:dsdb Use 'partition modified' information to update @REPLCHANGED
      s4:dsdb Remove workaround for two partition head records
      s4:dsdb Remove default instanceType from repl_meta_data
      s4:provision Use schema to casefold partitions on 'upgrade'.
      s4:dsdb Allow creation of new partitions
      s4:epmapper Create a proper talloc tree of endpoint floors
      librpc Make talloc tree in binding tower match the floors
      s4:samr Don't leak the whole user onto the long-term handle
      s4:ldb Add new function to create a cut down list of controls
      s4:dsdb Remove potentially confusing 'partition' control from result
      s4:rpc_server Ensure we talloc_free handles when we delete objects
      s4:ldb Put ltdb_private under the 'module'
      s4:dsdb talloc_steal the backend module to under the partition
      s4:ldb_map Fix use-after-free of memory in ldb_map
      s4:dsdb Make the 'relative path' code in partitions handle tdb://
      s4:dsdb Allow loading of old-style partition records
      s4:dsdb Add note explaining about the partition format upgrade
      s4:dsdb Add default modules list to samba3sam
      s4:dsdb Use the 'correct' case for the namingContext values in rootDSE
      s4:torture Silence const warning by use of data_blob_const()
      s4:dsdb Set partitions metadata as soon as it is set up.
      s4:dsdb Split schema loading and schema data management
      util:ldb Allow multiple entries to be added in one LDIF snippit
      s4:gensec Use an index on computerName in schannel.ldb
      s4:secrets Look for LDAP secret with a name that is indexed
      s4:setup Mark 'cn' in secrets as case insensitive
      s4:dsdb Do less allocation when searching for partitions modules
      s4:dsdb Remove unused variables
      s4:dsdb Add error string in 'no such object' because of 0 replies case
      s4:dsdb Fix samba3sam test again.
      s4:dsdb 'attrs' must be static (otherwise segv with async)
      s4:dsdb Remove partition_extended_schema_update_now
      s4:ldb Add additional tracing of the ldb API
      s4:dsdb Rework partitions module for better tracing
      s4:ldb Add detail to failures in the indexing code
      s4:ldb Remove debug traces duplicated by the new generic trace code
      s4:credentials Put the 'secrets.keytab' in the same directory as secrets.ldb
      lib/util Add rfc1738 escape/unescape code from Squid
      lib/util Use rfc1738.c from Squid for all our URL encode/decode needs.
      s4:dsdb Revert back to using DN:filename in the partitions record
      Remove special case logic in 'samdb_relative_path'.
      s4:provision Rework provision to always have a ProvisionBackend
      s4:provision Make 'linked_attributes' and 'dnsyntax_attributes' a property of the Schema
      s4:provision Move 'Schema' into it's own file
      s4:provision Fix samdb test with new provision code
      s4:provision Inline 'ldap_backend_shutdown' for clarity
      s4:provision Split ProvisionBackend out of the main provision script
      s4:provision Remove LDB backend files in provision
      s4:dsdb Fix up after the MAP_ constants became LDB_MAP_
      lib/util Fix comments in rfc1738.c.
      libcli/nbt Move more of lmhosts lookup into common code
      lib/util Split data_blob_hex_string() into upper and lower
      s4:ldb Add a helper function for 'canonicalise' both strings base compares
      s4:dsdb Add new dsdb_dn to handle DN+Binary and DN+String
      s4:ldb-samba Use new ldb_any_comparison helper function in ldb-samba
      s4:dsdb Use new dsdb_dn code in LDB modules and Samba4 schema
      s4:ldb Remove DN+Binary code from the core ldb_dn
      s4:dsdb Add extensive tests for the behaviour of dsdb_dn
      s4:ldb Add Well Known GUID (WKGUID) tests to ldap.py
      s4:dsdb Ensure we allow 'odd' lengths for DN+String
      s4:dsdb Cosmetic fixes found by metze in review of dsdb_dn changes
      s4:vampire Print error message when we fail on the CLDAP ping
      s4:dsdb/schema Simplify schema loading from ldb messages
      s4:dsdb/repl Split the 'convert' or 'commit' stages in the DRS import
      s4:provision Remove unused 'sambadn' parameter
      s4:provision Add C binding to get at the generate schema
      s4:Fix regression in dsdb_dn code - all parses of the DN would be rejected
      s4:dsdb Add expected value tests for most DRS syntax conversions
      s4:torture Convert RPC-DSSYNC test to use LDB rather than raw LDAP
      s4:ldb Change ldb_request_add_control to the normal 'for loop' pattern
      s4:ldb Don't segfault if we somehow get an unknown extended dn element
      s4:dsdb/schema Allow a schema set when bound against a remote LDAP server
      s4:ldb Allow ldb_msg_canonicalize to handle empty elements
      s4:torture Add const
      s4:torture/dsdb Add verification of the push-to-LDB functions in RPC-DSSYNC
      s4:torture Remove _drs_util_verify_attids() from RPC-DSSYNC
      s4:dsdb Improve debug message in extended_dn_out
      s4:torture Use (some) torture_assert() calls in RPC-DSSYNC test
      s4:dsdb/schema Add more unit tests for DN+Binary syntaxes
      s4:repl_meta_data Parse linked attributes with schema syntaxes
      s4:libcli/ldap Add 'relax' OID to known network representations
      s4:selftest Mark the RPC-DSSYNC test as knownfail for now
      s4:dsdb Make callbacks in extended_dn_out clearer to follow
      s4:heimdal: import lorikeet-heimdal-200909210500 (commit 290db8d23647a27c39b97c189a0b2ef6ec21ca69)
      s4:heimdal: import lorikeet-heimdal-200911122202 (commit 9291fd2d101f3eecec550178634faa94ead3e9a1)
      s4:heimdal Import generated files from heimdal tree
      s4:SAMLDB module - Add support for required and generated schema attributes
      s4:dsdb LDB attribute lists must always be a static const char **.
      s4:dsdb Add 'dsdb_flags' to dsdb_module_search() to enable often-used features
      s4:dsdb Break up 'parse a DN from DRSUAPI' into a subfunction
      s4:dsdb Use the new flags to dsdb_module_search in schema_load
      s4:dsdb Load objectGUID and extended DN defaultObjectCategory into the schema
      s4:provision Generate a random objectGUID for each schema record
      s4:dsdb Rework samdb code to use 'storage format' DNs for defaultObjectCategory
      s4:schema Add the GUID to each defaultObjectCategory when loading from LDIF
      s4:provision Split up reference creation, load schema earlier in the stack
      s4:dsdb With these workarounds, we now pass the RPC-DSSYNC test
      s4:heimdal: import lorikeet-heimdal-200911170333 (commit b532c294d974cead40a1183c71be644c6ccc2832)
      s4:provision Simplify the module list
      s4:dsdb Move module configuration from each ldb into samba_dsdb.c
      s4:provision Remove 'operational' from secrets.ldb module list
      s4:dsdb Add function to return the CN=Aggregate schema DN
      s4:dsdb Return the subSchemaSubEntry operational attribute on every object
      s4:dsdb Use new helper function to obtain CN=Aggregate schema DN in schema_data
      s4:ldap.py Add tests for subSchemaSubEntry
      s4:operational LDB module - Prevent the modification of operational attributes
      s4:provision Move secrets.ldb over to .c file module lists, like sam.ldb
      s4:provision Don't bother with a template for the LDAP backend startup script.
      s4:provision Move exceptions into a new file
      s4:dsdb Handle LDAP backends correctly with new samba_dsdb system
      heimdal Fix invalid format string
      s4: update valgrind suppressions for use on build farm
      s4:dsdb Make samba_dsdb easier to use in upgrades - assume default values
      The start of a WHATSNEW for Samba4 alpha9
      Fix path to upgradeprovision
      s4:provision Make setting the domain SID in the self join optional
      s4:ldb Provide bindings for ldb_transaction_prepare_commit()
      s4:upgradeprovision Rework script, and reset machine account pw
      s4:selftest Add tests for upgradeprovision
      s4:upgradeprovision Use mkdtemp to create unique tempoary directory names
      s4:upgradeprovision add 'exit $failed' to blackbox test
      s4:dsdb Don't segfault with ldb_transaction_prepare_commit() without begin()
      s4:upgradeprovision Rework update_machine_account_password() tranactions
      s4:WHATSNEW Nadezhda's acl module handles modifies
      s4:ldap.py Add test of namingContext behaviour after tridge found a bug
      s4:setup Adjust upgradeprovision blackbox test now we don't have --targetdir
      This is alpha9
      Improve upgrade instructions
      Fix build of Samba4 from tarball generated by mkrelease.sh
      On our way to Samba4 alpha10!
      Merge commit 'origin/master' into abartlet-devel
      s4:dsdb Hide the LM password by default too
      s4:build torturedir and -DTORTUREDIR is unused
      s4:dsdb Make parentGUID handler use dsdb_module_search_dn()
      s4:dsdb Make primaryGroupToken calculation more efficient and correct
      s4:ldap.py Improve testsuite for primaryGroupToken behaviour
      s4:ldb Add a function to match a message against an objectClass
      s4:dsdb Use ldb_match_msg_objectclass in operational.c
      s4:build Bump ldb and tdb required versions.
      A WHATSNEW for alpha10
      This is alpha10
      s4: On the way to alpha11
      Merge commit 'origin/master' into abartlet-devel
      s4:provision Give a more useful error message in guess_names
      Samba4 and LDB requires talloc 2.0.1
      s4:auth generate the prototype file in the right place
      s4:auth Change 'get_challenge' API to be more like Samba3
      s4:gensec Don't give a warning when Windows client connects with NTLM
      libcli/auth Make gd's NDR NTLMSSP parsers helpers common
      s3:ntlmssp: rename enum NTLMSSP_ROLE into enum ntlmssp_role
      s3:ntlmssp: move to C99 integer types in ntlmssp.h
      s3:ntlmssp: remove the typedef NTLMSSP_STATE
      s3:ntlmssp: only include ntlmssp.h where actually needed
      release notes for Samba4 alpha11 (to be released this week)
      This is Samba4 alpha11!
      more WHATSNEW4
      and we move on towards Samba4 alpha12!
      Merge remote branch 'origin/master' into alpha11release
      s4:provision Just 'do the right thing' with empty smb.conf files
      s4:provision Be more polite to long-suffering Samba testers.
      s4:param Modify secrets_get_domain_sid to give more useful errors
      s4:winbind Make the 'no SID found' message even more detailed
      s4:rpc_server Record the remote connections association group ID
      misc.idl:  Add reference to the slightly odd representation of if_version
      s4:selftest Add infrastructure for testing against an RPC proxy
      s4:selftest Add test for the RPC proxy
      librpc When sending endpoint mapper requests, include the minor if_version
      s4:rpc_server Add a 'if_version' parameter to the bind operation.
      s4:credentials Add hooks to extract a named Kerberos credentials cache
      librpc/ndr Remove unused macros
      s4:scripting/devel Allow tmpfs script to be re-run
      s4:install Fix bug #7149 reported by JHT.
      s4:ldb Fix segfault in ldbsearch store_referral callback
      s4:python Add bindings to set GENSEC flags on credentials in python
      s4/rpc_server Don't segfault over replPropertyMetaData contents
      Move prototype to header of common code for set_sockaddr_port
      s4:lib/socket Add function to set a port on the socket address
      s4:libcli/resolve Use a more robust way to return the string address
      s4:lib/socket Don't go via a string when resolving addresses in connect_multi
      s4:samba_dnsupdate Add a 'file based' mode to samba_dnsupdate
      libcli/nbt Add parser for a 'hosts' file that takes DNS record types
      s4:libcli/resovle File based lookup module for DNS name types
      s4:libcli Use integrated name resolution when connecting SMB
      s4:provision Improve the handling of provision errors
      Explain why we don't use certain characters in the generated pw
      selftest: Remove dns_host_file every time we start
      s4:selftest Add file based DNS resolver to selftest environment
      s4:dsdb Don't error out if we can't get the Aggregate schema DN yet
      s4:dsdb Add a memory context for dsdb_get_schema()
      s4:dsdb/acl Reduce calls to dsdb_get_schema() and add memory context
      s4:dsdb Fix warnings in DEBUG() by casting to unsigned long int
      s4:dsdb Change dsdb_get_schema() callers to use new talloc argument
      s4:dsdb Show more detail in failure to compute the aggregate DN.
      s4:dsdb Move rdn_name down the stack
      s4:dsdb Don't load the schema unconditionally
      s4:dsdb Add 'const' to some struct dsdb_schema variables
      s4:dsdb Remove unused 'dsdb_make_schema_global' call from pyglue
      s4:schema Expand the schema structure
      s4:dsdb Move dsdb_save_partition_usn() to be a module helper function
      s4:dsdb Rework schema loading and add schema reloading
      s4:dsdb Add a shortcut sequence number for schema reloads
      s4:ntlmssp Ensure that we always negotiate signing if we negotiate sealing.
      s4:cmdline Add --sign and --encrypt options to our common command line
      s4:selftest Test --sign and --encrypt options to ldbsearch
      s4:kdc Add support for changing password of a servicePrincipalName
      s4:selftest Add testing of kpasswd password set on servicePrincipalName
      s4:heimdal: import lorikeet-heimdal-201001120029 (commit a5e675fed7c5db8a7370b77ed0bfa724196aa84d)
      s4:heimdal New files and supporting logic for heimdal update
      s4:testprogs Fix kinit test for updated Heimdal
      s4:heimdal: import lorikeet-heimdal-201003262338 (commit f4e0dc17709829235f057e0e100d34802d3929ff)
      s4:testprogs Update test to match current Heimdal
      s4:heimal Update generated files (cp from Heimdal)
      s4:heimdal_build Remove forced HAVE_STRERROR_R
      s4:heimdal Use correct variable to advance past -- options in kpasswd
      tsocket_bsd: Always use a real length for the sa_socklen, and keep it around
      pidl:python Allow 'nopython' to work
      librpc/idl Use [nopython] on some drsblobs.idl 'functions' as an example
      s4:credentials talloc_free() any previous salt_principal
      s4:credentials Add the functions needed to do S4U2Self with cli_credentials
      s4:heimdal Add hooks to check with the DB before we allow s4u2self
      s4:kdc Add functions to hdb-samba4 for the new s4u2self callback.
      s4:heimdal Create a new PAC when impersonating a user with S4U2Self
      s4:schema Try to fix OpenLDAP backend after schema reload support.
      s4:rpc_server Add all SIDs into the netlogon SamLogon reply
      s4:provision Don't make the 'slaptest' call produce errors
      s4:rpc_server Fix segfault in modified SamLogon handling
      s4:ldif_handlers tokenGroups are SIDs
      s4:dsdb Improve error message in extended_dn_in
      s4:rootdse Implement "tokenGroups" in the rootDSE
      s4:dsdb Don't return operational attributes on special DNs
      s4:dsdb Don't use the permissive modify control on schemaInfo updates
      s4:auth Remove event context from anonymous_session()
      s4:auth Allow the simple 'struct auth_session_info' generator for all users
      s4:auth Change auth_generate_session_info to take an auth context
      s4:provision Pass in the invoication ID and NTDS Settings DN to Schema()
      s4:provisionbackend Print the command we failed to start slapd with
      s4:provision Use more reasonable values for DB_CONFIG
      s4:dsdb Revert accidentilly commited change for LDAP backends
      s4:OpenLDAP-backend Use the new rdnval module in OpenLDAP
      s4:selftest Ensure we don't fsync() all day in the LDAP backend test
      s4:provison Pass nosync in for the OpenLDAP cn=config too
      s4:ldap-backend Fix LSA test failures with OpenLDAP backend - convert SIDs
      s4:provision Make OpenLDAP backend more robust
      s4:provision Remove moduleload for 'hdb' (wrong name).
      s4:kerberos Give a better error message than "Could not allocate memory"
      s4:gensec Use a different form of 'name' in GSSAPI import_name()
      s4:provisionbackend Don't loop forever waiting for OpenLDAP
      s4:howto Improve OpenLDAP backend instructions
      s4:libnet Make 'net vampire' more robust to command line arguments
      s4:dsdb Fix use of memory after free in repl_meta_data
      s4:credentials Make the CCACHE in credentials depend on the things that built it
      s4:dsdb Use replPropertyMetaData as the basis for msDS-KeyVersionNumber
      buildtools: Add 'make testenv' to Samba4 make targets
      s4:dsdb Provide an intelegent fallback if not CN=Subnets is found
      s3:kerberos Return PAC_LOGON_INFO rather than the full PAC_DATA
      s3:auth Make get_ntlm_challenge more like Samba4
      s3:winbindd Remove call to namecache_enable().
      s3:smbd Remove calls to namecache_enable()
      s3:libsmb/namecache Remove namecache_enable()
      s3:winbindd Rename 'children' to 'winbindd_children' and make static
      s3:Winbindd Move winbindd_event_context to a different file
      s3:winbindd Split helper functions to allow s3compat to call them
      s3:winbindd Provide a winbindd_register_handlers() helper function for s3compat
      Revert "s4: remove unused references to swat"
      waf: Make waf handle IDL files from Samba3
      s4:ntvfs Prepare for a possible future sharing of notify.idl
      s4:credentials Allow setting of an empty Kerberos CCACHE
      s4:process_modals Add another process modal - 'onefork'
      s4:process_model Fix process_standard and process_onefork not to use
      s4:winbindd Rework some winbind structures to make s3compat easier
      s4:gensec expose gensec_set_target_principal for use outside GENSEC
      s4:auth Make it clear to the callers the talloc lifetime.
      s4:provision Remove unused 'account_name' parameter
      s4:credentials Add in tracking of the password last set time
      s4:winbindd Record the privilaged pipe dir
      s4:ntvfs Prepare for a possible future sharing of notify.idl
      pidl: Allow new property 'no_srv_register'.
      s3:winbind use no_srv_register to avoid needing rpc_srv_register
      s3:split secrets.c to put machine account secrets in a new file
      s4:dsdb disable tokenGroups until end of rewrite
      s4:auth Move BUILTIN group addition into session.c
      s4:torture Add tests to demonstrate S2U4Self in the RPC-PAC test
      s4:auth Allow the operational module to get a user's tokenGroups from auth
      s4:auth Add dependency from the operational module onto auth
      s4:auth Push check for messaging context into winbind backend
      s4:auth Change auth_generate_session_info to take flags
      s4:auth handle addition of nested aliases of domain groups.
      s4:auth Error out when a memberOf DN does not have a SID
      Revert "Make -k a simple non-bool option."
      s4:auth Fix previous commit - segfault in determinging a user's groups
      s4:auth Remove un-needed headers.
      s4:libcli/ldap Rename ldap.h to libcli_ldap.h
      s3:passdb Remove use of uint8 uint16 and uint32 in favour of C99 types
      s3:dom_sid Global replace of DOM_SID with struct dom_sid
      s4:libcli/ldap Update headermap.txt (autotools build) and wscript_build for libcli_ldap.h
      s4:ntvfs rename notify.idl to s4_notify.idl until we can merge this IDL
      s4:dsdb Allow a NULL search expression in dsdb_search()
      s4:samr Split the guts of samr_CreateUser2 into a helper function
      s4:samr Split most of samr_CreateDomainGroup into a helper function
      s4:samr Move most of samr_CreateDomAlias into a helper function
      s4:samr Push most of samr_QueryGroupMember into a helper function
      s4:samr Push most of samr_LookupRids into a helper function
      s4:idmap Seperate idmap structures from winbind.idl and match to source3/ idmap
      s4:idmap Adjust code to new idmap structure names and layout.
      s4:winbind Fix up includes after seperation of idmap.idl from winbind.idl
      s4:winbind Change include guard so as not to conflict with idmap.h in source3
      s4:winbind Change idmap API to match that used by the source3/ idmap subsystem
      s4:winbind Give more detail on the parameters when reporting idmap failure
      waf Read VERSION file inside WAF to set package version
      s4:kdc Remove special talloc_free of the ldb context
      waf Add DIST_BLACKLIST to list files that we cannot include in a release
      s4:waf Exclude the autotools based build environment from a Samba4 release
      waf Provide release signing capability in 'waf dist'
      s4:build use autotools for mkrelease.sh
      s4:build Don't automatically mark as 'not a git snapshot'.
      s3:smbd split smbd/server.c into smbd/server.c and smbd/server_exit.c
      s3:smbd split reload services/printers functions from server.c
      s3:smbd move messaging_context and memcache into globals.c
      s3:lib split out global workgroup and netbios name functions.
      s3:lib s3:lib move get_global_sam_name to util_names.c
      s3:winbind Kill amusing but un-used winbindd_kill_all_clients
      s3:auth Fix segfault when the user cannot be found by getpwnam()
      s3:auth Make AUTH_NTLMSSP_STATE a private structure.
      s3:auth Remove AUTH_NTLMSSP_STATE typedef.
      s3:ntlmssp Add two unused variables to match the Samba4 ntlmssp.h
      ntlmssp: Make the ntlmssp.h from source3/ a common header
      s3:ntlmssp Use a TALLOC_CTX for ntlmssp_sign_packet() and ntlmssp_seal_packet()
      s3:ntlmssp Move ntlmssp_sign.c from source3 to common code.
      Revert "s3:winbindd Split helper functions to allow s3compat to call them"
      s3:winbind tidy up connecting the winbind sockets.
      s3:winbind Make state->mem_ctx a talloc child of state
      s3:winbindd move reinit_after_fork() back out of winbindd_register_handlers
      s3:param Add helper function to get at Gobals.iDomainMaster
      s3:param Put 'server_role' functions in another file.
      s4:ntlmssp Merge ntlmssp structures with version from source3/
      s4:ntlmssp Use the new common ntlmssp.h
      s4:ntlmssp Use common code for ntlmssp_sign.c
      s3:auth Rename wksta_name -> workstation_name in auth_usersupplied_info
      s3:idmap Use idmap.idl defined structures and constants
      s3:winbind Ensure we always init idmap_passdb before we use it
      s3:auth Rename user_info->smb_name -> user_info->client.account_name
      s3:auth Rename user_info->internal_username -> user_info->mapped.account_name
      s3:auth fix header comment for internal_username -> mapped.account_name
      s3:auth Rename user_info->client_domain -> user_info->client.domain_name
      s3:auth Rename user_info->domain -> user_info->mapped.domain_name
      s3:smbd Fix segfault if register_existing_vuid() fails
      named_pipe_auth Always lower case the incoming pipe name
      s3:smbd Give the kerberos session key a parent
      s3:named pipe proxy Improve error messages when named pipes fail to forward
      s3:auth Change auth_ntlmssp_server_info API to return NTSTATUS
      s3:auth add hooks to indicate if signing or sealing is desired with NTLMSSP
      s4:dsdb Put back the reference and set_attributes in dsdb_reference_schema
      s4:dsdb Add more debugs to help track down failures to parse the prefixmap
      s4:dsdb Provide a function to convert from DRS prefix maps to the LDB prefixmap
      s4:dsdb Allow a binary prefix map to be specified in the LDIF
      s4:provision Allow both additional and override prefixmaps in Schema
      s4:dsdb Simplfy match of objectclass in dsdb_schema_set_el_from_ldb_msg
      s4:dsdb Add debug
      s4:dsdb Allow calling dsdb_convert_object_ex() directly
      s4:libnet Make the libnet_vampire default callbacks non-static
      s4:libnet Steal ldb and lp_ctx from python result into correct structures.
      s4:torture Rework NET-API-BECOMEDC test to use libnet_vampire callbacks.
      s4:dsdb Use the schema from our local provision to decode the schema
      s4:dsdb Allow the setting an override on the schema
      s4:dsdb Keep the DRS-based prefix map for use in provision-based schema
      s4:provision Allow a specific prefix map to be loaded into a new schema provision
      s4:dsdb Rework the vampire schema handling to convert 3 times.
      s4:selftest Remove becomedc tests from knownfail, these should now pass
      s4:selftest Remove unused basedn specification in selftest env setup
      s4:dsdb Add const to dsdb_dn functions that operate on an ldb_val.
      s4:dsdb Move linked attribute restrictions to objectclass_attrs
      s4:dsdb Add control for signaling between repl_meta_data and linked_attributes
      s4:dsdb Handle backlinks for Windows 2000 level linked attributes
      s4:dsdb use dsdb_module_modify() rather than ldb_next_request()
      s4:selftest Add vampire_dc test environment
      s4:provision Allow functional level 2000 to be chosen
      s4:provision Add import for DS_DOMAIN_FUNCTION_2000
      s4:selftest Add test environment for functional level 2000
      s4:dsdb Assert that we can't get backlinks as input in linked_attributes
      s4:dsdb Fix linked_attributes to cope with the Feb 2010 changes to DLIST
      s4:libnet Remove 'ads min function level' checks.
      s4:selftest Change domain name for functional level 2000 DC
      s4:dsdb Allow renames with (now removed) linked attributes
      s4:ldif-handlers Add a custom handler for DNs that knows about deleted values
      s4:kdc Use msDS-SupportedEncTypes in our KDC
      libds:common Remove DS_DC_* domain functionality flags
      s4:libnet When joining a domain, update msDS-SupportedEncryptionTypes
      s4:provision Remove am_rodc from Schema
      s4:provision Raise default max functional level to 2008R2
      s4:net Remove warnings for 2000 native mode and Samba4.
      s4:selftest Add 2003 and 2008R2 test environments and tests
      s4:selftest Change netbios aliases to shorter names.
      s4:selftest For the moment the server role '2008_R2' is case sensitive
      s4:selftest Fix up netbios names for rpc_echo test
      libcli/auth make open_schannel_session_store() public
      s4:schannel Open the schannel_store.tdb at startup
      s3:schannel Open the schannel_state.tdb at startup
      schannel Change to TDB_CLEAR_IF_FIRST to reduce fsync()
      s4:provision Add an msDS-SupportedEncryptionTypes entry to our DC
      s4:libnet_join Fix typo in msDS-SupportedEncryptionTypes
      s4:kerberos Add functions to convert msDS-SupportedEncryptionTypes
      s4:auth Query LDB for msds-SupportedEncryptionTypes for the KDC
      s4:kdc Rework the 'allowed enc types' calculation
      s4:selftest Split out PKINIT tests from test_kinit.sh and test enc types
      s4:secrets Ensure secrets.ldb uses the same hooks as the rest of Samba
      s4:dsdb Fix possible schema segfaults for DRS-replication based schema
      s4:dsdb Ensure we free old schema copies
      s3:smbd Fix segfault if register_existing_vuid() fails
      s3:smbd Give the kerberos session key a parent
      s3:auth Change auth_ntlmssp_server_info API to return NTSTATUS
      s4:testprogs Prove kerberos still works after a password change
      s4:pyldb Fix memory handling for ldb_message_element
      s4:pyldb whitespace fix
      s4:provision Handle machine account password changes while keeping keytab
      s4:testprogs Show that we no longer delete the old keytab entries
      s4:testprogs Operate the blackbox kinit and net tests using the :local config
      s4:ntlmssp Adjust Samba4 ntlmssp code to look more like the code in Samba3.
      s4:ntlmssp Always setup the session keys and signing state
      s4:ntlmssp Re-add gensec_ntlmssp wrapper to allow merge with source3/
      s4:ntlmssp Merge more aspects of the source3/ NTLMSSP layer
      libcli/auth Move some source3/ NTLMSSP functions to the common code.
      s3:ntlmssp Redirect lp_lanman_auth() via 'allow_lm_key'
      s3:ntlmssp Add extra DEBUG() message for auth system failures
      s3:ntlmssp Don't use the lm key if the user didn't supply one.
      s3:ntlmssp Don't reply with the LM_KEY negotiation flag when not available
      s3:ntlmssp Don't permit LM_KEY in combination with NTLMv2
      s3:ntlmssp Don't use talloc_tos() for NTLMSSP blobs for now
      s3:ntlmssp Always call ntlmssp_sign_init()
      s3:ntlmssp Split the NTLMSSP server into before and after authentication
      libcli/auth Make the source3/ implementation of the NTLMSSP server common
      s3:libnet Add other required headers for libnet_samsync_keytab.c
      s3-krb5 Only build ADS support if arcfour-hmac-md5 is available
      s4:auth Move struct auth_usersupplied_info to a common location
      s3:auth Make Samba3 use the new common struct auth_usersupplied_info
      s3:auth Whitespace fixes after auth merge
      s3:auth Change 'make_user_info' to be talloc based
      s3:auth Change winbindd -> auth interface to more standard structures
      s3:auth Add error paths for invalid password_state values
      s4:security Bring in #defines for the user and primary group token location
      s4:ntvfs Don't treat the user SID and primary group SID special for idmap
      s4:security Remove use of user_sid and group_sid from struct security_token
      s4:auth Remove special case constructor for admin_session()
      s4:auth Remove the system:anonymous parameter used for the LDAP backend
      s4:auth Remove system_session_anon() from python bindings
      s4:auth Avoid doing database lookups for NT AUTHORITY users
      s4:auth Change {anonymous,system}_session to use common session_info generation
      s4:ldap_server use talloc_unlink() to avoid talloc_free() with references
      s3:selftest This test does not fail anymore (Samba4's smbtorture has been fixed)
      s3:param Clarify parameter name on init_globals()
      s3:pdbtest Fix command name of pdbtest
      s4:security Change struct security_token->sids from struct dom_sid * to struct dom_sid
      s3-auth Rename NT_USER_TOKEN user_sids -> sids
      s3-auth Rename NT_USER_TOKEN privileges -> privilege_mask
      s4:provision Allow OpenLDAP backend to provision again
      s4:dsdb Don't reload the schema against OpenLDAP backend
      s4:dsdb Make the dereference control critical if input is critical
      s4:dsdb Fix attribute being searched for in dereference against Fedora DS
      s4-setup Make krb5.conf use DNS by default
      s4-dsdb Change debug levels for startup messages
      s3:privileges Change SE_PRIV to be just a uint64_t
      s3:Change SE_PRIV to uint64_t
      s3:privs Change to new host endian neutral privilages tdb format
      privs Move privilege bitmasks to security.idl
      s3-privs Further changes to remove SE_PRIV
      s4-privs Remove link between enum sec_privilege and the privilege bitmap
      s3-privs Use constants from security.idl
      s3-privs Remove comment already moved to security.idl
      security.idl clarify which privilages are LUID and bitmap values
      privs Add my Copyright
      s4-privs Add a lookup by index of privilages
      s3-privs Only store low bits of luid in privileges table
      security.idl Update Windows privileges list to Win2008R2
      security.idl Add comments
      s3-auth Change type of num_sids to uint32_t
      s3-auth Change struct nt_user_token -> struct security_token
      s3:auth Remove NT_USER_TOKEN
      s3-privs Rename mask -> privilege_mask to be more clear
      s3-privs More clarity in variable names
      s3-privs Rename structure elements for greater clarity
      s3-privs Move source3/ privileges implmentation into common
      libcli/security Use true and false, not True and False
      libcli/security Use C99 types
      libcli/security Use talloc_realloc() not TALLOC_REALLOC_ARRAY()
      s3-privs Inline dump_se_priv into callers now that it's just a uint64_t
      s3-privs Move manual prototypes to common privileges.h
      libcli/security Move source4/ privileges code into the common libcli/security
      libcli/security Make the two privileges tables share a common struct definition
      libcli/security Fix and clarify privilege manipulation function comments
      libcli/security Use ARRAY_SIZE() consistantly.
      libcli/security Don't memcpy a uint64_t value, just assign it.
      libcli/privileges Simplify get_privilege_luid() to return just the enum
      libcli/security Return number of entries in the old source3 list
      libcli/security Merge privilege lists from source3 and source4
      s3-lsa Use sec_privilege_id() to lookup name to LUID
      libcli/security Don't export privs[] as a global variable
      s3-privs Remove a pointer indirection from revoke_privilege()
      s3-privs Call security_token_set_privilege() rather than manual assignment
      s3-privs Remove pointer indirection from se_priv_to_privilege_set()
      s3-privs Remove a pointer from grant_privilege()
      s3-privs Convert from user_has_privileges() -> security_token_has_privilege()
      libcli/security Improve dump of privileges:  Just walk the table
      libcli/security Add an invalid LUID privilege value
      s3-privs Directly manipulate the privileges bitmap.
      libcli/security Remove luid_to_se_priv() and luid_to_privilege_name()
      s3-privs Rework privilege enumeration to also use new DB format
      libcli/security Rename all privilege bitmaps constants
      s3-privs Rework access_check_object() to take two privileges
      libcli/security Remove unused functions and constants.
      libcli/security make sec_privilege_id() return SEC_PRIV_INVALID on failure.
      libcli/security Expose sec_privilege_mask()
      s3-privs Make privilege_enum_sids() take an LUID, not a bitmap
      s3-privs Hide the bitmap-based grant_privilege and revoke_privilege
      s3-privs Overhaul PRIVILEGE_SET handling, avoid dealing with the bitmap
      s3-privs Remove unused function
      libcli/security Remove unused declarations from privileges.h
      libcli/security Make sec_privilege_from_index() return SEC_PRIV_INVALID on failure
      s3-privs Remove extra pointer on privilege mask
      s3-privs Add const
      libcli/auth Failure to find the cached session key for SCHANNEL isn't level 0
      s4-rpc_server Put all 'logon failure' messages at the same debug level 4
      s3-util_sid Tidy up global struct security_token
      libcli/security Remove 'always true' return from se_priv_put_all_privileges
      s3-samr Explian better the use of two privileges in this call
      libcli/security Move 'private' privileges functions to another header
      libcli/security Remove unused SE_NONE define
      s3-krb5 Fix Kerberos on FreeBSD with Samba4 DCs
      s4-privs Seperate rights and privileges
      libcli/privileges Fix comment
      libcli/security Use talloc_zero when making a struct security_token
      security.idl Clarify that this is not a network structure
      s4:gensec Put the "NTLM" string for NTLMSSP's SASL name in a header
      s3-auth Fix typo in comment
      s4-privs Fix enum privileges in LSARPC server
      s3-dom_sid Use C99 types in dom_sid handling
      s3-util_sid Accept S-1-5 as a SID
      s3-util_sid use ARRAY_SIZE() to ensure we never overflow the dom_sid
      libcli/security Merge source3/ string_to_sid() to common code
      libcli/security Use sid_append_rid() in dom_sid_append_rid()
      s3-util_sid Use the NDR parser to parse struct dom_sid
      s3-torture Add tests to show that the dom_sid parsing was faulty.
      libcli/auth/ntlmssp Be clear about talloc parents for session keys
      s4-torture assert that we get a temp datagram socket.
      torture/raw Allow one more 'not implemented' status return as a valid response
      s4-winbind Add a proxy method to update DNS records with a read-write DC
      libcli/ldap Add const to ldap_encode_ndr_dom_sid()
      s3: Replace sid_binstring and sid_guidstring with PIDL-based alternatives
      s3-uuid Remove unused smb_uuid_pack()
      s3-libads call common GUID_from_ndr_blob()
      s3-lib/util Remove unused smb_uuid_unpack()
      s4-kerberos Fix kerberos_enctype_bitmap_to_enctypes()
      s4-libnet Remove libnet_samdump_keytab() and net samdump keytab
      s4-kerberos Move 'set key into keytab' code out of credentials.
      s4-libnet_join Use header constant for 'all encryption types' in msDS-SupportedEncryptionTypes
      s4-selftest Run slow tests less often
      selftest Don't run 'speed' tests for very long
      s4-kerberos Rework keytab handling to export servicePrincipalName entries
      s4-kerberos Don't segfault if the password isn't specified in keytab generation
      s4-dsdb Fix segfault in error case in rootdse module
      s4-kdc Use msDS-SecondaryKrbTgtNumber to fill in the full KVNO
      s4-kdc Add function to determine if a hdb entry is a RODC
      s4-dsdb Make samdb_reference_dn() use dsdb_search() and DSDB_SEARCH_ONE_ONLY
      s4-dsdb Add ldb_reset_err_string() when we set error codes.
      s4-kdc Add common setup, handle RODC setup case
      heimdal Add support for extracting a particular KVNO from the database
      heimdal Add an error code for use in the RODC
      s4-kdc Handle the case where we may be given a ticket from an RODC in db layer
      heimdal Fix DNS name qualification to not mangle IP addresses
      heimdal Use a seperate krb5_auth_context for the delegated credentials
      s4-kdc Ensure that an RODC may act as a server (needed to fill
      heimdal: added verbose logging of hemimdal crypto errors
      heimdal use returned server entry from HDB to compare realms
      s4-auth Allocate domain SIDs under the sids array, not server_info
      s4-auth Add make_server_info_pac() to include 'resource domain' groups
      s4-kdc Rework 'allowed encryption types' handling in the KDC
      s4-kerberos Don't regenerate key values for each alias in keytab
      s4-gensec Always honour the set server principal
      s4-heimdal_build fix up build after heimdal import
      s4-heimdal We don't need HDBDIR any more
      s4:heimdal: import lorikeet-heimdal-201010022046 (commit 1bea031b9404b14114b0272ecbe56e60c567af5c)
      Add new files for sha512 support
      s4-kdc Fix up after import of new lorikeet-heimdal
      s4-kdc Remove special case kerberos restriction in the KDC
      s4-libnet_vampire use a linked list to handle schema objects pending conversion
      s4-kerberos Remove unsued variable
      s4-kerberos Remove unused parameter
      s4-param Refactor secrets code to not require an event context.
      s4-credentials Add explicit event context handling to Kerberos calls (only)
      s4-smbd Remove event_context_set_default()
      s4-tevent Remove event_contex_find() and event_context_set_default()
      s4-ldb Don't use talloc_autofree_context() in ldb
      s4-ldb Allow a NULL event context in samba_ldb_init()
      ldb The use of a private event context isn't a hack
      lib/torture:  Add function to clean up the output directory
      s4:smbtorture Create a new random output directory each time, and delete it
      libcli/security Move most of security_token.c to common code.
      lib/debug Add DEBUGC and DEBUGADDC as dummies
      libcli/security Add debug class to security_token_debug() et al
      s4-libcli/security Use seperate subsystem for session related functions
      s4-credentials Allocate ldb result on correct memory context
      libcli/security Use common security.h
      libcli/security Provide a common, top level libcli/security/security.h
      s3 Replace is_sid_in_token() with security_token_has_sid() from common code
      s3-auth use security_token_has_sid() from the common code
      s3-auth Use security_token_debug() from common code
      s3-util_nttoken.c Also copy the rights_mask when copying a security_token
      s3-acl Merge source4-supported privileges into se_access_check
      s3-acl Use uint32_t for counting the ACEs
      s4-acl Merge sec_access_check() with se_access_check() from source3/
      libcli/security Move source3/lib/util_seaccess.c into the common code
      libcli/security Define traditional constants in terms of IDL macros
      libcli/auth Merge source4/libcli/security and util_sid.c into the common code
      libcli/security Use static SIDs rather than parsing from strings
      Revert "s4:dsdb - make the RELAX control private"
      dsdb simple_ldap_map depends on LDBSAMBA
      s4-provision Use --ldap-backend-nosync rather than just --nosync
      s4-openldap-backend Don't set 'dbnosync' on cn=config
      ldb Ensure we mark ongoing LDAP requests as PENDING
      s4-selftest Make GDB_PROVISION work again
      s4-ldb Add LDB_REQ_SET_LOCATION to help track handler use
      s4-provision Remove serverdn parameter from Schema()
      s4-provisionbackend Allow a fixed URI to be specified for LDAP backend
      s4-gensec Don't upgrade all DIGEST-MD5 connections to seal
      s4-gensec Don't give more to sasl_encode() than it will permit
      s4-auth Add DEBUG() for invalid DNs and errors expanding user groups.
      s4-dsdb Allow LDB_ERR_INVALID_DN_SYNTAX in dsdb_load_partition_usn
      s4-dsdb Add module to send only 'simple' DNs to OpenLDAP backends
      s4-dsdb Reset the error string after 'expected' errors.
      s3-waf Use LIBSECRUITY subsystem from the common wscript_build
      libcli/ldap Don't try and encode a control with a NULL OID
      s4-dsdb extended_dn_out: Move lazy dereference control creation to lazy-init
      libcli/security Remove unused sec_acl_equal()
      s3-smbd Remove manual override of DEBUGELVEL during exit
      librpc Make ndrdump use printf() rather than having to mess with DEBUG()
      auth/credentials Give a sensible behaviour for resetting the krb5 context
      lib/util Remove setup_logging_stdout()
      s4-torture Remove torture/locktest2.c (no longer compiled and unused)
      lib/debug Use vdprintf rather than manually allocate
      s3-debug Impove setup_logging() to specify logging to stderr
      s3-debug Remove 'AllowDebugChange' and use lp_set_cmdline() instead
      s3-debug Remove last direct assignements to DEBUGLEVEL
      s3-debug Convert from x_file to real file descriptors.
      s3-debug Move 'load_case_tables()' before lp_set_cmdline() and popt calls
      s3-debug Clarify the handling of invalid state.fd values in debug.c
      debug Explain the behaviour of setup_logging() more clearly
      s3-libsmbclient-examples Add tests for debug behaviour.
      s3-libsmbclient Add comments to describe the behaviour of DEBUG()
      s3-libsmbclient Don't store 'debug_stderr' on the libsmbclient context
      s3-param Fix up lp_set_cmdline() not to re-store cmdline options on each reload
      heimdal Add handling for PAC signatures over all encryption types
      s4-selftest Allow weak crypto so we can test DES-only behaviour.
      s4-torture Add tests for DES-only accounts PAC behaviour/validation.
      s4-process_model Fix valgrind-found use of un-initialised variable
      s4-selftest Run RPC-PAC against all the DC environments.
      s4-dsdb Fix urgent_replication test not to set an invalid userAccountControl
      s4-ldap_server Don't DEBUG() at level 2 every time a caller disconnects
      s4-kerberos Mention the remote address we fail to contact the KDC on
      s4-selftest fix indentation
      s4-dsdb Explain why we may not use the GC name in some situations.
      s4-auth Supply more useful error messages on Kerberos failure
      heimdal Add clock-skew handling to DCE-style GSSAPI
      s4-dsdb Return an error if we can't convert UTF16MUNGED -> UTF8
      s4-dsdb Convert new krbtgt_xxx password into UTF16
      s4-dsdb Remove incorrectly declared ** variable used as *.
      s4-provision UTF16 encode the password in sam.ldb, not secrets.ldb
      heimdal Don't dereference NULL in error verify_checksum error path
      heimdal Return HDB_ERR_NOT_FOUND_HERE to the caller
      s4-kdc Return HDB_ERR_NOT_FOUND_HERE on un-revealed accounts on an RODC
      s4:heimdal: import lorikeet-heimdal-201011102149 (commit 5734d03c20e104c8f45533d07f2a2cbbd3224f29)
      Add attribute macros for Heimdal to use
      heimdal regenate lex and yacc files
      heimdal Extra files required for merge up to current heimdal
      s4-kdc Remove use of heimdal private headers in kpasswd server.
      s4-kdc update startup routines after heimdal update
      auth/gensec Handle incorrect username or password in Kerberos client code
      s4-kdc Fix realm handling in our KDC
      heimdal Fix handling of backwards cross-realm detection for Samba4
      s4-gensec Indicate if GENSEC is in client or server mode in the debug
      heimdal Fetch the client before the PAC check, but after obtaining krbtgt_out
      s4-kdc Don't always regenerate the PAC
      s4-kdc Don't regenerate the PAC for cross-realm tickets
      s4-kdc Add 'flags' parameter to db fetch calls
      s4-kdc use 'flags' to only create the 'admin data' elements when requested
      s4-kdc Fix the realm handling again, this time pay attention to the flags
      heimdal Build ticket with the canonical server name
      s4-test_kinit Add tests for lowercase realm combinations
      s4-ldif_handlers Add handler for printing supplementalCredentials
      samba-tool pwsettings Allow setting 'store cleartext'
      samba-tool Add test for --store-plaintext
      s4-kdc Rework supported encryption type logic to match Microsoft
      wintest Force krb5.conf for BIND so we use the one generated for this test
      wintest Set the virtual machine IP to match it's dynamic IP, but don't use DHCP
      wintest Allow substitute to cope with objects like pexpect.EOF
      wintest example configuration file for a KVM based wintest
      wintest Explian that this is my KVM/libvirt configuration
      wintest Improve wintest's handling of IP addresses and add more auto-setup
      wintest Evolve wintest to handle it's own BIND nameserver
      s4-setup correct the require BIND version for Dynamic DNS
      wintest Don't connect to localhost or unqualified hostname, bind interface only
      lib/debug Add clarifying comments
      s3-netapi Add libnetapi_net_init(), don't double-init common Samba subsystems
      s3-libnetapi Add function header comments
      s3-libnetapi Load case tables earlier
      s4-dsdb Remove mem_ctx argument from dsdb_module_find_dsheuristics().
      s4-dsdb Add 'block anonymous' checks to the rootdse module
      s4-dsdb Remove rootDSE and anonymous checks from acl_read
      s4-objectclass Use a specific local variable name, not 'value'
      s4-dsdb Reorganise and clarify the LSA objectClass check (forbidden on LDAP)
      s3-param Fix lp_set_cmdline() to set the flag on alias values too
      s4-librpc Handle all types of GUID in the GUID() initialiser
      s4-smb_server Return why the ntvfs_connect() failed.
      wintest Add more VMs and correct titles
      wintest Add automatic dcpromo is the host isn't a DC yet
      wintest Fix case of BASEDN variables
      wintest Add a function to shut down all the managed VMs at the start
      wintest Set WIN_LCREALM and WIN_BASEDN automatically
      wintest Make the new --vms option default to running all tests.
      s4-samba-tool Show when we have created the user successfully
      wintest Allow 'samba-tool newuser' to run a few times waiting for the RID Set
      wintest Add more retries and fix up RODC handling after auto-dcpromo
      wintest Another way to work out if a Windows machine is a DC
      wintest Wipe the BIND data directory just before we restart bind
      s4:heimdal: import lorikeet-heimdal-201012010201 (commit 81fe27bcc0148d410ca4617f8759b9df1a5e935c)
      wintest Move stopping of BIND into a new step
      s4-provision Add an invalid names check for 'domain == netbiosname'
      s4-provision Always run slaptest to convert the config file
      libcli/auth bring ADS_IGNORE_PRINCIPAL in common
      s4-spnego use "not_defined_in_RFC4178 at please_ignore" if no principal specified
      s4-param Allow +foo syntax in smb.conf list parsing
      s4-client Use NTLMv2 by default in the Samba4 client.
      s4-tests Workaround new default of 'client ntlmv2 auth = yes' in tests
      s4-lsa Implement kerberos ticket life policy
      s4-spnego Match Windows 2008, and no longer supply a name in the CIFS Negprot
      wintest Remove the password expiry as the first step
      s3-libads Default to NOT using the server-supplied principal from SPNEGO
      s3-smbd Don't send SPNEGO principal (rfc4178 hint) by default
      s3-client Use NTLMv2 by default in the Samba client
      s3-docs Explain change to NTLMv2 by default in the client
      s3-docs Add docs for 'client use spnego principal' and 'send spengo principal'
      s3-libsmb Don't ever ask for machine$ principals as a target.
      s3-winbind Don't send the LM password to the server, ever
      s3-winbind Improve memory handling in NTLMv2-backend plaintext authentication
      wintest Share more of the S4 test code with the s3 test
      s3-net Allow 'net ads dns register' to take an optional hostname argument
      wintest More work to make test-s3.py work
      s3-dns Don't use SEQUENCE_FLAG in DNS update, Windows 2008R2 does not like it
      s3-dns Don't use DELEG_FLAG in DNS update, Windows 2008R2 does not like it
      wintest flush DNS on Windows clients to improve reliablity
      s3-libsmb Improve error message when denying LM encryption
      wintest Add testing of kerberos connections to Windows members of an AD domain
      libcli/security Add sid_blob_parse() to directly parse a binary SID blob
      s4-dsdb Use sid_blob_parse()
      s4-dsdb Don't talloc_free() ares on failure, as LDB might free it later
      lib/ldb Remove talloc_free() that causes double-free in callbacks.
      Revert "s4-dsdb Don't talloc_free() ares on failure, as LDB might free it later"
      s4-auth Remove obsolete comment
      s4-auth Remove event context from privilage database handling
      s4-auth rework session_info handling not to require an auth context
      s4-auth Remove duplicate copies of session_info creation code
      s4-auth Ensure that we always copy across domain groups
      s4-heimdal_build Remove talloc dependency from hdb-glue.c
      s4-heimdal_build Remove talloc dep for krb5-glue.c
      nsswitch Add talloc depencency for nsstest
      s4-ldap_server Allow multiple binds on LDAP server
      s4-dsdb Implement tokenGroups expansion directly in ldb operational module
      s4-auth use new dsdb_expand_nested_groups()
      s4-auth Add function to obtain any user's session_info from a given LDB
      s4-auth Add get and set methods for auth_session_info python wrapper
      pyldb Simplify python wrappers for struct ldb_val (LdbValue)
      libcli/security Add python bindings for se_access_check
      s4-samba_tool Added ACL checking to python GPO management tool
      s4-gensec Don't steal the auth_context, reference it.
      s4-pyauth Use py_talloc_get_type() for greater talloc binding safety
      s4-pyauth Add bindings for auth_context_create() as AuthContext()
      s4-pygensec Add bindings for server_start() and update()
      s4-pyldb Fix tp_basicsize for PyLdbDn
      s4-torture Remove unused temp dirs from the RPC-PAC test.
      s4-pygensec Fix indentation of py_gensec_start_mech_by_name()
      s4-auth Extend python bindings to allow ldb and message to be specified
      s4-gensec Extend python bindings for GENSEC and the associated test
      s4-gensec Remove special case 'for SASL' that is not required any more.
      s4-dsdb Add a test of the tokenGroups behaviour on the user's DN.
      s4-auth Allow NULL methods to be specified to auth_context_create_methods()
      s4-pyauth Fix AuthContext wrapper
      s4-dsdb Add PAC validation test to tokengroups test.
      s4-dsdb Don't use None as the input to the GENSEC loop in tokengroups test
      s4-selftest Remove knownfail for tokengroups test
      libcli/auth move ntlmssp_wrap() and ntlmssp_unwrap() into common code.
      s4-gensec Add prototype for gensec_ntlmssp_init()
      s4-auth Remove special case for account_sid from auth_serversupplied_info
      s4:heimdal: import lorikeet-heimdal-201101310455 (commit aa88eb1a05c4985cc23fb65fc1bad75bdce01c1f)
      Remove unused installmisc.sh script, from old build system
      s4-python Remove unused missing.py (used by old build system)
      waf: Replace python installation rule to allow PYTHONARCHDIR and PYTHONDIR
      s4-python Ensure we add the Samba python path first.
      s4-python Remove manipuation of python path from samba module
      s4-waf Don't install any Samba packages into PYTHONDIR
      wintest Return debug info when dcpromo fails from the log
      s4-dsdb Fix generation of rootDSE domainControllerFunctionality
      s4-dsdb Add tests to ensure we don't break the rootDSE function levels again
      s4-waf Don't include ../librpc in paths
      s4-provision Remove setup_path, setup_dir and find_setup_dir
      s4-waf Add PYTHONDIR and PYTHONARCHDIR to the 'different on install' list
      s4-python Don't force "bin" into the python sys.path
      s4-wintest Use top level build for wintest
      s4-auth Add auth.idl to encode auth subsystem structures in IDL
      s4-auth Rework auth subsystem to remove struct auth_serversupplied_info
      s4-selftest Fix valgrind and gdb options for top level build
      s4-auth Fix setting of bad_password_count in auth_convert_user_info_dc_sambaseinfo()
      s4-waf Remove source4 build system.
      waf Remove debugging hacks left in the top level build
      auth Move auth_sam_reply into the top level.
      libcli/named_pipe_auth Remove support for unused levels 0-2.
      auth.idl fix size_is() reference in IDL
      libcli/named_pipe_auth Change from 'info3' to auth_session_info_transport
      s3-auth Rename cryptic 'ptok' to security_token
      s3-auth Remove unused pam_handle
      waf Fix dependencies for .pc (pkg-config) files
      s3-auth Fix memory leak in security=share and force user =
      wintest upper case the --vms paramter arguments to wintest.py
      Add support for testing a Win2k3 domain member
      heimdal Pass F_CANON down to the hdb layer for servers in AS-REP as well
      s3-cluster Always fill in the clustering vnn element
      s3-cluster remove more CLUSTER_SUPPORT #ifdef stuff
      lib/util/charset add functions isupper_m and islower_m
      lib/util/charset use a path to dynconfig.h that works in s3 and s4
      lib/util/charset split codepoints.c into it's own subsystem
      lib/util/charset use get_dyn_CODEPAGEDIR(), which is in common
      lib/util Make UTIL_LDB conditional on an s4 build
      s3-waf use lib/util/wscript_build, and avoid duplicate subsystems
      s3-libads Remove MIT-specific krb5_princ_realm macro calls.
      charset Remove use of {isupper,islower,toupper,tolower}_w functions
      librpc push NDR_SECURITY and NDR_DCERPC to the top level wscript files
      librpc make ndr-standard a common library
      lib/util/charset Use top level iconv.c in source3
      lib/util Remove #if _SAMBA_BUILD_ == 4 that isn't required any more
      s3-charcnv Don't genreate valid_table on the fly, rely on valid.dat
      lib/util/charcnv Move iconv handle setup in common
      lib/util/charset Add back setlocale(), but only when called from binaries
      Add tests for various s3 auth modes
      s3-tests use $PREFIX to ensure tests don't work outside the test area
      selftest move selftesthelpers to a top level helper script
      selftest split $PERL into multiple arguments for Test::More check
      s3-selftest convert tests.sh to python
      smbtorture Remove random file name before we start RW2
      selftest pass in srcdir into Samba3 target module
      selftest: Improve gdb_backtrace to run in batch mode
      s3-auth Rename auth_serversupplied_info varaiables: server_info -> session_info
      s4-auth Move libcli/security/session.c to the top level
      selftest the raw.mux test is flaky:
      heimdal_build omit #line statments to allow valgrind to work again
      lib/util/time: Merge time functions from source3/lib/time.c
      s3-build __FUNCTION__ is always available, always use it
      s3-debug Always use C99 true/false rather than True and False
      lib/util move debug.[ch] out of the way
      lib/util: new merged debug system
      s3-rpc_server Handle session key as a constant buffer
      pidl Add support for uid_t and gid_t types
      librpc/idl Add helper structures for use by samba3 in auth_session_info
      s3-auth struct security_unix_token replaces UNIX_USER_TOKEN
      libcli/security Add unix_token and unix_info to auth_session_info too
      s4-dsdb: Ensure we permit multi-valued backlinks on single-valued attributes
      librpc/ndr use hyper for uid_t/gid_t rather than udlong
      s3-lib Remove the clobber_region() code.
      s3-safe_str: Futher simplify the macros by removing indirection
      s3-safe_string: Add checked_strlcpy()
      s3-lib prepare Samba3 to use common codepoint based string functions
      lib/util: Merge basic string length and comparison functions
      s3-charcnv Add convert_string_error()
      lib/util/charset rename iconv_convenience to iconv_handle
      wintest New snapshot for my wintest VMs
      s3-selftest unconditionaly include subunit.sh
      s3-selftest Add tests for security=server
      s3-selftest Allow LM passwords and turn of NTLMv2 for security=share test
      s3-selftest Fix test_smbclient_auth.sh
      lib/util/charset Remove pointless static bool initialised
      s3:lib make lazy_initialize_conv() static
      lib/util Move base64 functions into lib/util/base64.c
      lib/util/charset Add tests for convert_string_talloc_handle()
      lib/util/charset correct calculation of UTF8 character sizes
      lib/util/charset Add wrapper to allow testing of strlen_m_ext()
      lib/util/charset Add tests for strlen_m_ext() and convert_string_talloc()
      lib/util/charset smb_panic() on incorrect use of strlen_m_ext
      lib/util/charset Add tests for strcasecmp_m(), talloc_strupper() et al
      s3-selftest Disable log rotation in 'make test'
      s4-credentials Add a command line hook to set the kerberos credentials cache
      s3-selftest Add testing of kerberos login
      s3-selftest Remove more instances of /tmp in test_smbclient_s3.sh
      s3-auth consolidate create_local_token() into make_server_info_krb5()
      s3-rpc_server Remove comment, yes the key is correct.
      s3-auth use create_local_token() to transform server_info -> session_info
      s3-auth Rename user_session_key -> session_key to match auth_session_info
      s3-selftest Look only under source3 for smb.conf files
      librpc/idl Add [nopython] to krb5pac ndrdump functions
      pidl: Add support for the [ignore] property
      s4-auth: Always talloc_zero() the struct auth_session_info
      auth: Move auth_session_info into IDL
      kdc: always ldb escape the realm
      s3-auth: Make server_info const in create_local_token()
      libcli/nbt Cope with blank lines in DNS hosts file
      s3-selftest names into DNS hosts file to avoid NBT lookups
      s3-librpc Fix creation of in-memory keytab for previous password
      s3-selftest Add tests to show kerberos works across a password change
      samba_dnsupdate: Don't use subprocess.check_call, it isn't in python 2.4
      wintest Allow changing the telnet settings to fail, we might not be admin
      s3-wintest Add test of 'net use' against the Samba3 member
      wintest Allow setting of the firewall to fail
      s3-selftest Fix use of the 'fake DNS' file
      s3-selftest actually wait for smbclient to connect
      Revert "s3-test: disable ktest for now"
      s4-samba_dnsupate Fix syntax error
      s3/selftest Tear down the environment if we fail to connect
      libcli/ldap pull LIBCLI_LDAP_MESSAGE and LIBCLI_LDAP_NDR into a library
      lib/util make UTIL_TDB a library
      libds: Make flag_mapping a library
      s3-lib: Remove unused pull_ucs2_fstring()
      s3-charcnv: make pull_ucs2 static
      s3-lib Remove more unused fstring.c functions
      s3-lib Correct comment in strlen_w()
      s3-lib: Remove unused _w functions.
      s3-lib Remove unused skip_unibuf()
      s3-lib Remove unused #define
      s3-lib make static and remove more _w functions
      s3-lib Move isvalid83_w to mangle_hash.c
      s3-lib Move strdup_w to it's only user in mangle_hash.c
      lib/util/charset Move source3/lib/util_unistr.c to the common code.
      lib/util Move simple string routines into common code.
      lib/util ucs2_align is identical, put it in common
      lib/util: Make string_replace from s3 common
      s4/torture Fix calls to charcnv functions to always supply converted_size
      lib/util/charset Fix and add public interface for convert_string_error_handle
      lib/util/charset Add expected values for upper/lower case tests
      lib/util/charset Add tests for convert_string_error_handle
      lib/util/charset Preserve 'pull' errors even when converting via UTF16
      lib/util/charset Add more tests for convert_string_error_handle()
      lib/util/charset Rename convert_string test to allow a 'non_handle' test
      s3-selftest Add workaround for RAP test failure
      lib/util/charset Make ASCII conversion validate it's input
      lib/util/charset Add convert_string_error()
      lib/util/charset Add many more charset tests
      libcli/auth Use convert_string_error to check LM hash calculation.
      s3-charcnv: Move convert_string() et al to lib/util/charset
      s3-build Remove distinct LOCALEDIR subsystem
      build: Bring DYNCONFIG into samba-util library to avoid symbol duplication
      libcli/ldap Re-add ldap_ndr.h as a public header
      s3-lib Move strisnormal to it's only user in mangle_hash.c
      s3-lib Remove unused str_ascii_charnum()
      s3-lib Move unix_strlower and unix_strupper to their only users.
      s3-lib Remove unused string_append
      s3-lib Remove very unused (#if 0) strncpyn
      libcli/auth Move krb5 wrapper functions from s3 into common
      s3-auth Rename smb_krb5_open_keytab to avoid a conflict with s3
      lib/util Move alpha_strcpy() from s3 into common code
      libcli/auth Fix compile on hosts without krb5
      s3-krb5 Move #ifdef HAVE_KRB5 above #include of libcli/auth/krb5_wrap.h
      selftest: Provide a single bindir_path function across all targets
      selftest: Remove unused BUILDDIR_ABS environment variable
      selftest: Remove duplication between BUILDIR and BINDIR
      selftest: Start using the binary mapping at the python layer as well
      selftest Add binary mappings for samba3 selftest
      selftest: Move Samba4 selftest wscript to the top level
      selftest Remove selftest of the test subsystem
      s4-heimdal_build: Add extra HAVE defines needed for the source3 krb5 code
      selftest: Allow the top level build to run the samba4 or samba3 tests
      s3-gse Allow GSSAPI wrapper to compile against Heimdal
      s4-heimdal: Allow any kvno to match when searching the keytab.
      lib/socket_wrapper: allow up to 32 interfaces for a bigger 'make test'
      selftest: put the target on the environment
      s4-selftest: Stop creating netbios aliases everywhere
      s3-selftest Rename s3 DC environment to s3dc
      s4-selftest: Avoid duplicating the servers IP in the provision() sub arguments.
      selftest Add combined 'Samba' target module
      s3-selftest Fix interface localktest6 listens on.
      s4-selftest: Move Samba4 test interfaces out of the way of the Samba3 tests.
      s4-selftest Rename Samba4 'member' test environment to s4member
      selftest: Add hooks to enable a combined selftest run.
      selftest Test for socket_wrapper support in combined samba target as well
      selftest: Don't specify SELFTEST_TARGET as an env variable
      selftest: move warning about invalid environments up to selftest.pl
      selftest Consolidate server wall clock time limits
      build: Move Heimdal/MIT compat build rules to heimdal_build
      lib/util Define samba-util-common only for s3-waf
      build: Invert --enable-s3build into --disable-s3build
      libcli/dns Improve dns_hosts_file, using Samba3's struct dns_rr_srv
      s3-libads Remove KRB5_DNS_HACK
      libcli/auth Allow parsing of a PAC that is already verified.
      libcli/auth Move Samba4's gssapi_error_string from GENSEC to libcli/auth
      selftest: Make bindir_path much less complex
      s3-libads Don't start a DEBUG with 'time'
      s3-libsmb Use 'resolv:hosts file' as a DNS emulation when specified.
      auth/kerberos: Create common helper to get the verified PAC from GSSAPI
      auth/kerberos Move all the PAC handling functions to auth/kerberos
      s3-gse: Don't release the mech OID from gss_accept_security_context
      s4-gensec: Use new common 'obtain the PAC' functions.
      auth/kerberos Add check for gss_inquire_sec_context_by_oid
      build: Add lib/replace as a default include path
      s3-waf Don't enable profiling by default
      s3-test Make samba3.blackbox.net.local.registry.roundtrip reliable
      dynconfig: Have only one dynconfig.o in the common code.
      s3-winbind Use get_dyn_WINBINDD_SOCKET_DIR() to get the winbind pipe dir
      Remove outdated S4 OpenLDAP backend HOWTO.
      s3-rpc_server Fix compile without kerberos
      lib/util/charset Fix string termination conditions for UTF16 strings
      lib/util/charset use convert_string.c in common
      lib/util/charset Add tests for srclen=-1 behaviour.
      lib/util/charset Add copyright headers
      lib/util/charset Merge talloc-based pull and push charset functions
      s3-selftest: Use default name resolution methods (now that dns is emulated)
      s3-libads Pass a struct sockaddr_storage to cldap routines
      selftest: Make overwrite of $env->{target} optional
      s3-libads: Use ldap_init_fd() to connect to AD server in socket_wrapper
      selftest: s3member admember test to confirm s3/s4 interopability
      selftest: Don't die() when the join fails
      selftest: Print a better warning warning message when smbcacls fails.
      selftest: Fix combination of Samba3 and Samba4 test lists
      selftest: Make combined test the default when s3build is enabled
      s4-selftest: Don't use a hardcoded target DC name
      s3-ldap Move ldap prototypes to inside #ifdef HAVE_LDAP_H
      build: Fix kerberos build issues in top level build
      s3-libads Move variables into if (socket_wrapper_dir()) where they are used.
      libcli/smb Move FILE_ATTRIBUTE defines to the top level
      s3-smb Use FILE_ATTRIBUTE_READONLY intead of aRONLY
      s3-smb Use FILE_ATTRIBUTE_HIDDEN intead of aHIDDEN
      s3-smb Use FILE_ATTRIBUTE_SYSTEM intead of aSYSTEM
      s3-smb Use FILE_ATTRIBUTE_VOLUME intead of aVOLID
      s3-smb Use FILE_ATTRIBUTE_DIRECTORY intead of aDIR
      s3-smb Use FILE_ATTRIBUTE_ARCHIVE intead of aARCH
      s3-client Add TALLOC_CTX argument to attrib_string().
      libcli/smb Move attrib_string in common
      s4-param Rename lock_path() -> lpcfg_lock_path()
      s4-param Remove config_path() -> lpcfg_config_path()
      s4-param Rename private_path() -> lpcfg_private_path()
      lib/util/charset Move strstr_m() to the top level
      lib/util Re-merge the string_sub() and all_string_sub() from source3
      s4-param Rename volume_label() -> lpcfg_volume_label()
      s4-param Rename unused lp_ functions to match param.h
      s4-param Rename lp_destructor() -> lpcfg_destructor() for consistency
      selftest: Restore the s3member environment by avoiding smbcacls
      build: put doserr.c into it's own subsystem, so it's no longer a duplicate
      s3-ldap Only prototype ldap_init_fd() when we have found it in the libraries
      s3-waf: Add dependency on popt to fix build on FreeBSD
      kerberos: Only include gssapi/gssapi_krb5.h when available
      s3-lib: Rely on uint64_t in conv_str_size()
      lib/util Rename conv_str_size() -> conv_str_size_error()
      s3-build Add popt dep to fix build on FreeBSD
      s4:cluster Rename .id to .pid in server_id
      s4-cluster: Remove const from cluster_id_string()
      Remove reference to Samba4 LDAP backends
      selftest: Update README
      s4:Remove outdated doc on Samba4 upgrade
      s4-cluster Rename server_id.node -> vnn to match Samba3
      s3-ctdb Rename packet file and files to ctdb_packet
      lib/util Move more network utility functions from source3 into lib/util
      s4-lib/socket Merge updated set_socket_options from Samba3 -> Samba4
      lib/util Move set_socket_options() into common code.
      s4-torture Remove unused and uncompleated test
      s4-libcli Remove resolve_name() as it conflicts with Samba3.
      s4-messaging Rename messaging -> imessaging
      Remove strlower_m() and strupper_m() from source4 and common code.
      s3-lib make push_ucs2() static
      lib/util/charset Use push_string and talloc_strupper/strlower from common code
      s4: fix arguments to safe_strcpy()
      lib/util Use compiler-checked safe string macros in top level code.
      lib/util Use lib/util/util_str.c in common, including strequal()
      s4-param Rename secrets_init() -> randseed_init()
      lib/util make string_wrappers.h a public header
      s3-ctdb Fix duplicate function name due to packet -> ctdb_packet rename.
      lib/util Move source3 tdb_wrap_open() into the common code.
      s3-lib Remove unused dos error codes from errmap_unix
      errors: Merge ntstatus -> DOS error table between Samba3 and Samba4.
      errors: Merge source3/ werror_to_ntstatus() code to source4/
      libcli/util Merge ntstatus_to_dos() ntstatus_to_werror() to the top level
      s3-smbd ntstatus_to_dos() pulls the DOS error codes out internally
      nterr: Add mem_ctx for return string from get_nt_error_c_code()
      libcli/util Move NTSTATUS table to the top level
      errors: Remove unused unix_to_werror()
      lib/util Rename ms_fnmatch() to ms_fnmatch_protocol() to avoid dup symbol
      lib/util Use lib/util/ms_fnmatch.c in common for gen_fnmatch()
      libcli/smb Move cifs posix helper functions and headers in common
      lib/util don't use enum protocol_types in ms_fnmatch_protocol
      s4-ntvfs: Rename brl_*() -> brlock_*() to avoid conflict with brlock_init in s3
      s4-auth Rename auth -> auth4 to avoid conflict with s3 auth
      auth: allow auth_common.h to be included multiple times without error
      selftest Use die() less often, as it fails to allow cleanup
      s3-utils Set dyn_CONFIGFILE from -c on smbpasswd command line
      Improve debug messages when creating socket directories
      s4-param Don't set variables such as the debuglevel unless global
      s4-lib merge get_interfaces() from Samba3 to Samba4
      s4-lib/socket Samba4 is not IPv6 compatible
      lib/socket move interfaces code to the top level
      s3-lib Use common lib/socket code for get_interfaces() et al
      s4-interfaces Rename interfaces code so not to conflict with source3/
      lib/socket: Remove outdated comment
      build: Allow the C code to know if this is a waf build
      s4-param cope with doulbe-parsing of -foo and +foo lists
      s4-samr Remove incorrect transaction_cancel() in error path
      s4-dsdb Add transactions to dsdb modify helpers
      s3-passdb Redirect domain GUID and SID queries to the passdb stack
      s3-passdb: added pdb_samba4
      s3-auth Add auth_samba4 module
      selftest: Add plugin_s4_dc environment
      ncalrpc: Force ncalrpc dir to be mode 755 in all users
      selftest: Make the ncalrpc dir common between Samba4 and Samba3.
      s4-selftest Add tests for proxy_samba4_dc
      selftest: don't override just-added username in plugin_s4_dc test
      selftest: Test both users created in plugin_s4_dc environment
      s3-build: Move generated config.h and config.h.in to include/autoconf
      build: Remove --disable-s3build so we can rely on these subsystems
      s3-gse: Allow the GSSAPI wrapper to load a keytab using gss_krb5_import_cred()
      libcli/auth: Move more kerberos wrapping in common
      libcli/auth Move PAC parsing and verification in common.
      lib/util/charset create _handle functions for convert_string() et al
      lib/util/charset Always set *converted_size even on failure
      lib/util/ Fix crash bug caused by gfree_debug()
      s3-libnetapi Don't create a talloc_stackframe() in a global variable
      s3-netapi Initialise global variables in libnetapi
      lib/util/charset Move built-in charset modules to the top level
      build: Move NDR_DSSETUP and NDR_SPOOLSS into ndr-standard
      s3-build: use ndr-standard in msrpc3
      s3-param Deprecate a number of security parameters for 3.6
      selftest: Don't skip Samba3 tests in the top level build
      s4-selftest: gensec test is finished, don't skip
      waf-build: Add more libraries to avoid duplicate symbols
      build: Expand dcerpc-samba grouping library
      build: Make msrpc3 a library
      build: Make auth_sam_reply a library
      build: Add depenencies needed by Samba3 subsystems
      build: Add rpc_client grouping library
      build: Make util_reg subsystem in libcli/registry a library
      librpc/ndr Merge ndr_print_sockaddr_storage() into common code
      build: Make POPT_SAMBA3 a library
      build: Add 'cap' as a dependency of samba3core
      s4-libnet: Remove libnet_Join and create libnet_Join_member
      s3-param: remove unused share_iterator functions
      s3-param: Remove unused snum2params_static
      s3-lib Replace StrCaseCmp() with strcasecmp_m()
      s3-lib Replace StrnCaseCmp() with strncasecmp_m()
      s3-selftest Remove unused sambalib.py from comfychair test system
      lib/util/charset Don't allow invalid 'dos charset = utf8'
      s3-testparm Warn more on incorrect use of 'password server'
      selftest: Re-enable strings.py from source3/stf as a python subunit test
      lib/util/charset use talloc_stackframe() rather than talloc_tos()
      s3-selftest Remove unused and unimplemented info3cache test
      lib/util/charset: Remove unused strcasecmp_w and strncasecmp_w
      lib/util Add Volker's asn1_Integer test into code that runs in 'make test'
      selftest: Make knowfail/skip files consistent, always use ^prefix
      docs: Clarify the 'security=server' fails for NTLMv2
      s4-provision Use correct tkey-gssapi-credential
      docs: Rewrite 'password server' documentation
      s3-param Depricate 'password server = foo:12389' syntax
      s3-testparm Warn about incorrect use of 'password server'
      s3-smbd provide struct smbd_server_connection * to conn_snum_used
      s3-lib Move string_init functions into their own file
      s3-build: Move user_util.c into it's own subsystem
      s3-smbd Split conn.c into 3 files
      s3-param split service.c into param and smbd components
      heimdal_build: Don't use heimdal's getprogname() and setprogname()
      heimdal: Remove getprogname and setprogname from the heimdal import
      s3-globals Remove smbd_event_context() (use server_event_context())
      libcli/security: move secdesc.c to the top level libcli/security
      s3-param Move init_iconv() to loadparm.c
      s3-lib Move sstring_sub() to it's only user and make static
      s3-lib Move realloc based string substitution functions out of util_str.c
      s3-lib Move free_namearray() into it's own file
      s3-build Add dependency on 'ldap' and 'ber'
      s3-build: Rearrange build system to seperate out simple libraries
      s3-build Create dbwrap_util subsystem
      s3-build Move dbwrap_rbt into dbwrap_util subsystem
      s3-build Add util_sec subsystem
      s3-build Make smbregistry depend on more of the subsystems it needs
      s3-build Specify more of the smbconf dependencies
      s3-lib: Use ARRAY_SIZE() to walk the error mapping tables
      s4-libcli Merge error map order with source3 errmap_unix.c
      s3-lib Improve indentation of errmap_unix
      s3-smbd Fix conn_msg.c:  Cannot return in a void function
      lib/util Move sys_memalign into lib/util/system.c
      s3-lib Move source3-specific malloc replacements into a seperate file
      s3-build Put memcache in a standalone library
      libcli/util Remove ntstatus_check_dos_mapping
      s3-build Don't allow undefined symbols in pam_smbpass.so
      s3-libsmb remove ldap_err2string() as common nterrs[] has the constants
      librpc/ndr: Use converted_size to determine if NULL termination was sent
      s3-param prepare for some lp_ functions to return const
      s3-param Make lp_passwordserver() const.
      s3-param Make charset parameters const
      s3-param Make lp_smb_ports() const
      s3-param Make lp_smb_passwd_file() and lp_private_dir() const
      s3-param Make lp_lockdir() const
      s3-param Make lp_statedir() const
      s3-param Make lp_cachedir() const
      s3-param Make lp_piddir() const
      s3-param Make lp_utmpdir() and lp_wtmpdir const
      s3-param Make lp_name_resolv_order() const
      s3-param Make lp_realm() const
      s3-param Make lp_dedicated_keytab_file() const
      s3-param Make lp_ncalrpc_dir() const
      libcli/util Remove prototype for ntstatus_dos_equal()
      s4-param Remove 'sam database' parameter
      s4-param Remove 'secrets database' parameter
      s4-param Remove 'idmap database'
      s4-param Remove 'sid generator'
      s3-param always allow the realm parameter
      s4-param make lpcfg_sam_name() cope with PDC and BDC roles
      s4-param Add hook between Samba3 and Samba4 loadparm systems.
      s3-lib Remove unused lib_path()
      lib/util use modules_path(), data_path() and shlib_ext() from source3
      s4-param Remove 'modules dir'
      s4-modules Remove lp_ctx from init functions that no longer need it
      s3-passdb use new loadparm_init_s3 rather than reloading the smb.conf
      s3-s4-param: Add hooks for parametric options in the s3/s4 glue layer
      s4-auth Move default auth methods back into auth.c
      s3-auth Use loadparm_init_s3() to get an lp_ctx for auth_samba4
      s3-docs Add documentation for ncalrpc dir
      selftest: Fix 'make quicktest' on systems without LDAP development support
      s4-credentials Allow use of file-based credentials caches for debugging.
      s4-credentials Don't use expired Kerberos or GSSAPI credentials
      s4-gensec bring GSS_S_CONTEXT_EXPIRED into it's own error handler
      s3-talloc Remove unused TALLOC zeronull functions and macro definitions
      s3-talloc Change TALLOC_REALLOC_ARRAY() to talloc_realloc()
      s3-talloc Change TALLOC_ARRAY() to talloc_array()
      s3-talloc Change TALLOC_P() to talloc()
      s3-talloc Change TALLOC_ZERO_P() to talloc_zero()
      s3-talloc Change TALLOC_ZERO_ARRAY() to talloc_zero_array()
      s3-talloc Change TALLOC_MEMDUP() to talloc_memdup()
      s4-cluster Use task_id instead of id2 to clarify server_id structure
      s3-server_id Add task_id to server_id to match Samba4
      s3-server_id change pid to hyper
      server_id.idl: Bring server_id.idl in common
      librpc/idr Use the Samba3 notify.idl in common.
      s3-lib Read and write the full struct server_id (except the unique_id)
      lib/util Bring procid_str() into lib/util as server_id_string()
      s4-param add const to loadparm_init_s3 s3_fns
      s3-lib Use domain in credentials file for domain in credentials
      s3-libsmbclient Use workgroup from libsmbclient caller for domain in credentials
      s3-param Remove special case for lp_workgroup()
      s3-param Remove special case for global_scope()
      server_id: Change format to vnn:pid.task_id, pid.task_id or pid
      s3-selftest Add a test for 'message command'
      s3-lib Add myhostname_upper()
      s3-param Remove special case for global_myname(), rename to lp_netbios_name()
      s3-selftest Add test for smbclient --authentication-file
      s4-librpc Remove unsued server_id4.idl
      s3-param Avoid strupper_m() where possible.
      s3-param Remove 'time offset' from smb.conf
      libclu/util: Move get_friendly_nt_error_msg() in common.
      errors: reorder error codes for easier s3/s4 comparison
      s4-errors: Import error maps from the source3/ unix -> ntstatus mapping
      s4-build Change default paths and --with flags for a 4.0 release
      build: Put lockdir and cachedir in FHS-like locations by default
      s3-winbind Move winbind privileged socket dir into state_path()
      s3-libcli Remove unused error mapping tables
      libcli/util Bring samba4 unix -> nt_status code in common.
      libcli/util Rename common map_nt_error_from_unix to avoid duplicate symbol
      lib/util Make unused d_vfprintf() static
      s4-param Add my authorship to this script
      s3-param Put &Globals in the FN_ macros, rather than in each entry
      lib/util: Use common d_printf() in the whole codebase
      lib/util: allow parmlist.c to compile under s3 includes.h
      lib/util Remove samba-util-common!
      s4-cmdline: Rename popt tables to avoid symbol conflicts
      build: disable -Wl,--as-needed to try and fix the build
      s4-torture Enable libnetapi and libsmbclient tests using combined build
      selftest: Run tests for libsmbclient and libnetapi
      s4-param Autogenerate the loadparm_globals and loadparm_service tables
      build: move dynconfig for top level build up
      lib/util Remove display_cd from d_printf()
      lib/util: Restore CH_UNIX as source charset for d_printf()
      s3-build: Provide a run-time shim to work around duplicate symbols
      lib/util/charset: Remove 'display charset'
      lib/util/charset: Remove autodetection of charset from LOCALE
      s3-swat Remove d_printf() calls
      s3-net: Bind our gettext results to 'unix charset'
      param: Remove "announce as" parameter
      s3-param Remove 'announce version' parameter
      build: Add a script to install python and Samba with one command
      s3-param Remove %(DomainSID) support
      s3-build: Remove SECRETS3 as a samba3core dep
      s3-build: Require fully defined symbols for all public libraries
      s3-build Require fully defined symbols in ALL libraries by default
      param: Remove remaining references to announce as and announce version
      s3-selftest Remove unused gdb_backtrace
      selftest: Remove %PROG% argument from 'panic action'
      selftest: Cope with no binary argument being supplied to gdb_backtrace
      build: Remove blacklist now we have a common build
      s3-build Add dep on popt to fix FreeBSD build
      Update WHATSNEW.txt with news for Samba 4.0 alpha16
      release Samba 4.0 alpha16
      build: Remove blacklist now we have a common build
      Update WHATSNEW.txt with news for Samba 4.0 alpha16
      release Samba 4.0 alpha16
      VERSION: on the road to alpha17
      Merge 2610c05b5b95cc7036b3d6dfb894c6cfbdb68483 as Samba-4.0alpha16
      s3-buildoptions Show compiled-in location of the new ncaclrpc and nmbd sockets
      s3-autconf Move nmbd socket directory to PREFIX/var/nmbd
      s3-param make lp_passdb_backend() a normal lp_ function again
      s3-param Remove lp_parm_string
      s3-param Rename struct service and struct globals
      s3-smbd Remove set but unused variables
      s3-param use lp_parm_ptr() rather than parm.ptr directly
      s3-param use .offset rather than .ptr (renames)
      s3-param Remove .offset == 0 checks as 'valid' will have offset 0
      s3-param Use .offset rather than .ptr when defining parameters
      param: Merge struct parm_struct definitions
      s3-param Remove unused FLAG_DOS_STRING
      s4-param Merge struct parm_struct with version from source3/
      s4-param Match source3's param: use C99 initialisers
      s3-param Convert sDefault to C99 initialisers
      s3-param use C99 boolean for true
      s3-param use C99 boolean for false
      param: Merge param headers into lib/param/loadparm.h
      s4-param Handle BOOLREV parameters
      s4-dsdb Allow a servicePrincipalName of machine$
      s4-dsdb guard principalName parse for invalid inputs
      s3-param Remove unused bUpdateEncrypt
      s3-param remove unused bIdmapReadOnly
      param: Finish conversion from lp_wins_support() -> lp_we_are_a_wins_server()
      s3-param Generate parameter tables
      s3-param Remove #defines already in common loadparm.h
      s4-param Remove unused 'announce version'
      s3-build Prepare to require fully defined modules
      s3-build Require fully defined modules by default
      s3-samr Send IP address only to PAM remote hostname hook on password set
      s3-lib Move event_add_idle() to source3/lib/events.c
      s3-auth libauth no longer requires undefined symbols
      s3-build allow_undefined_symbols=False is the default now
      s3-build link passdb modules against libpassdb
      s3-build add tevent depencency on libsmb
      build: Add missing dep on UTIL_TEVENT
      build: Add missing depencency on NDR_NBT
      build: remove mktowscript
      ldb: make ldb a top level library for Samba 4.0
      ldb: set -Wl,-no-undefined only on standalone build
      build: Re-enable the -Wl,--as-needed flag
      librpc/ndr remove _SAMBA_BUILD_ conditionals
      build: Remove _SAMBA_BUILD == 4 from libgpo
      libcli/smb move enum protocol_types to a common header
      libcli/smb move FILE_TYPE constants in common
      s3-build We no longer require to redefine _SAMBA_BUILD_
      build: we no longer put #if _SAMBA_BUILD_ == 4 in public headers
      s3-param Remove lp_set_passdb_backend()
      s3-param: calculate default_server_announce at runtime
      s3-lib use True and False in bitmap.c
      param: Add hooks to s3 parm_struct and the parameters void * pointer
      lib/util Move bitmap.c to lib/util
      s3-param check for aliases with both p_class and offset
      s4-param Also check the p_class matches when comparing offset
      s4-param change to struct bitmap to match s3-param
      s4-param Remove offset != -1 checks
      param: Move per-share parameters into a seperate file, to share with s3
      s3-param use common struct parmlist_entry to hold parametric options
      lib/param: Merge struct loadparm_service into common
      s4-dsdb Don't process deletion of member attributes here.
      s3-param Plug 'netbios aliases' via the parameter bridge
      s4-param cope with parameters of type char
      s4-param finish services hooks for s4->s3 loadparm context
      s3-lib Remove unused get_cmdline_auth_info_copy
      s4-winbind handle all values for server role
      lib/util Change debug priority order: DEBUG_STDOUT now overrides DEBUG_FILE
      debug: log early messages to stdout, and keep it open
      s4-param Handle P_CHAR and P_BOOLREV in pyparam
      Add my copyright
      s3-auth Restore nss_token behaviour by reading from server_info
      auth: Preserve guest flag on transition via netr_SamInfo3
      s3-auth Add const to indicate input elements
      s3-auth Add struct auth3_session_info to aid transition to auth_session info
      s3-auth Use struct auth3_session_info outside the auth subsystem
      s3-auth Use *unix_token rather than utok in struct auth3_session_info
      auth: include auth.idl structures into common_auth.h
      s3-auth Use struct auth_user_info_unix for unix_name and sanitized_username
      auth: Put 'guest' and 'system' booleans into auth_user_info_unix
      s3-auth Use guest boolean in auth_user_info_unix
      s3-auth Use system boolean in auth_user_info_unix
      s3-auth remove unused copy_serverinfo
      s3-auth: Remove unused lm_session_key from auth3_session_info
      s3-auth Remove unused nss_token variable
      s3-auth assert that security_token is present in the copy, and explain why nss_token can be skipped
      s3-auth Clarify inputs and ouptuts by using elements from server_info
      s3-auth remove extra from auth3_session_info
      s3-auth use a cached auth_serversupplied_info in make_server_info_guest()
      s3-auth inline copy_serverinfo_session_info into only caller
      s3-auth Add comments to copy_session_info_serverinfo_guest()
      s3-auth Avoid redundant copies in create_local_token()
      s3-auth import auth3_session_info into IDL
      s3-auth Remove pointless destructor
      auth: use char * pointers in auth.idl
      s3-auth reimplement copy_session_info via NDR pull/push
      s3-rpc_server read and write the unix_token and unix_info across named_pipe_auth
      s3-auth use auth_user_info not netr_SamInfo3 in auth3_session_info
      s3-auth Use the common auth_session_info
      s3-rpc_server remove per-element copies of auth_session_info
      auth: Split out make_user_info_SamBaseInfo and add authenticated argument
      auth: Move make_user_info_SamBaseInfo() to talloc_strdup and out of memory checking
      auth: remove now unused auth3_session_info from auth.idl
      selftest: Pass lsass and epmapper across the named pipe proxy to the AD server
      selftest: Add tests to verify that the named pipe proxy works.
      auth: Set NETLOGON_GUEST and use it to determine guest status
      s3-auth Remove seperate guest boolean
      security.idl: Use gid_t for gid in security_unix_token
      s3-auth inline make_auth_session_info into only caller
      s3-auth Remove pointless destructor in make_server_info
      s3-auth Fix spelling
      s3-auth Replace True with true in auth_util.c
      s3-auth Replace False with false in auth_util.c
      s3-auth fix dummy function in the not-with-kerberos case
      s3-gse Allow printing the partial error string
      s3-gse Work around the MIT 1.9 gss_krb5_import_cred
      nbt: fix WinXP S3 domain join: alignment of nbt_netlogon_response_from_pdc
      s4-debug: Start with DEBUG_DEFAULT_STDOUT, so we can log to a file in deamons
      s4-lsa Use the supplied handle in LsaLookupNames2
      selftest: explain how the message command test works
      nbt: Add comment explaining that these responses are manually encoded
      selftest: Avoid being run over by armies of the undead
      s3-selftest Add tests for 'map to guest = bad user'
      ntvfs: Use security_unix_token from auth.idl
      gensec: Add a way to request a unix token from GENSEC
      s4-auth Move conversion of security_token to unix_token to auth
      s4-auth Fill in the remainder of the unix info in auth_session_info
      gensec: split GENSEC into mechanism-dependent and runtime functions
      gensec: Remove mem_ctx from calls that do not return memory
      gensec: clarify memory ownership for gensec_session_info() and gensec_session_key()
      s3-auth Move map to guest to directly after the check_password calls
      s3-auth Use else if in do_map_to_guest_server_info
      s3-rpc_server use session_info to print user details
      s3-ntlmssp Remove unused auth_ntlmssp_get_client
      s3-ntlmssp Remove unused auth_ntlmssp_get_domain()
      s3-ntlmssp Use auth_ntlmssp_*() functions in more places
      s3-auth Allow auth modules to provide an initialised GENSEC context
      s3-ntlmssp Add mem_ctx argument to auth_ntlmssp_get_session_key()
      s3-ntlmssp Add hooks to optionally call into GENSEC in auth_ntlmssp
      s3-ntlmssp NTLMSSP sealing implies signing, so set both flags
      s3-ntlmssp Add mem_ctx argument to auth_ntlmssp_update
      s3-ntlmssp Remove calls to auth_ntlmssp_and_flags from the server
      s3-ntlmssp Remove auth_ntlmssp_or_flags
      s3-auth Add hook to start a GENSEC mech to auth_samba4
      selftest: use the s4 winbindd in plugin_s4_dc test
      selftest: Test encrypted RPC pipes against plugin_s4_dc
      s3-ntlmssp Remove rpccli_get_pwd_hash and auth_ntlmssp_get_nt_hash
      s3-ntlmssp Remove auth_ntlmssp_and_flags()
      gensec: Don't keep a second copy of the auth4_context in gensec_ntlmssp_state
      s3-ntlmssp Split calls to gensec plugin into prepare and start
      s3-ntlmssp Split auth_ntlmssp_start into two functions
      s3-auth set session_info->sanitized_username in create_local_token()
      s3-auth remove sanitized_username from auth_serversupplied_info
      s3-auth clarify the role of these session keys
      s3-smbd Ensure we do not read past the end of a possible NTLMSSP blob
      s3-smbd clarify behaviour by not passing an OID that will not be used
      s3-auth Add function to start any GENSEC mech by OID
      s3-auth use auth_generic_start to get full GENSEC in Samba3 session setup
      selftest: Add kerberos tests to plugin_s4_dc tests
      s3-smbd Be consistent with %U subs on guest logins
      selftest: print %U in smbclient -L output to allow testing
      s3-auth rename auth_ntlmssp_steal_session_info()
      s3-auth directly return the result of make_server_info_guest()
      ldb-samba: Explain the current behaviour of ldif_canonicalise_objectCategory
      s3-ntlmssp Remove auth_ntlmssp_state_destructor, use the talloc tree instead
      s3-ntlmssp clarify session key behaviour after create_local_token() changes
      selftest: test plugin_s4_dc against all ncacn_np tests
      s3-ntlmssp Remove a level of nesting in if/else statement
      s3-ntlmssp Remove rudundent comment
      ntlmssp: Add ntlmssp_blob_matches_magic()
      s3-ntlmssp void function cannot return value
      s3-waf: Fix build on FreeBSD when sunacl.h is found
      build: provide tevent-util as a public library
      build: rename rpcommon to dcerpc-binding an make a public library
      build: Make credentials a public library for OpenChange to use
      s4-dsdb Remove unused schema function
      move schema_fill_constructed() call to dsdb_setup_sorted_accessors()
      s4-dsdb clarify that failure to load the schema items from DRS is expected
      s4-dsdb Add flag to set DSDB_BYPASS_PASSWORD_HASH control
      s3-passdb Make pdb_element_is_changed available to all passdb modules
      s4-dsdb Add ability to force a particular SID in the upgrade case
      s3-passdb Add support for pdb_add_sam_account() and password hashes to pdb_samba4
      s4-scripting Rename passdb upgrade routine to avoid conflict with upgradeprovision
      s4-dsdb Give a less worrying error message on failure to get a transaction
      s4-dsdb ensure we honour the hash_values control, even for really odd hashes
      param: Add smb.conf loading support to s3/s4 loadparm bridge
      s4-param Set szConfigFile even for s3 loadparm contexts
      s3-smbd Avoid races creating 'ncaclrpc dir' with epmd in a child process
      s4-provision Add support for fixing the DC rid to a particular value
      ldb: Remove use after free in error case
      s3-passdb: Fix python < 2.6 build errors in passdb python wrapper
      s3-passdb Use supplied pdb_methods in default passdb search handlers
      build: link pys3param against pytalloc-util not pytalloc
      s3-passdb pdb_samba4 handles PDB_PWHISTORY already
      s4-provision set passdb backend to 'samba4' in template smb.conf files
      selftest: skip all plugin_s4_dc tests if we do not have LDAP libs
      set passdb backend in Samba4 make test environments too
      s4-provision Use samba.dns_name_to_dn
      s4-dsdb Return ACL errors as ldb_errstring()
      build: Add dcerpc-binding to dcerpc.pc
      selftest: Allow a krb5.conf to be generated that covers multiple realms
      s4-messaging ensure we do not segfault on a NULL msg context in cleanup
      s4-drsuapi Allow DsAddEntry of normal objects
      wintest: update snapshots
      s4-provision cope with SID_NAME_WKN_GRP mappings in upgrade.py
      s4-provision Allow a missing idmap DB in upgrade.py
      s4-provision Add realm to DC configuration in upgrade_from_s3 test
      s4-provision Use ProvisioningError and the eadb
      s4-dsdb Print clearer error messages when invalid account flags are specified on add
      s4-provision Fix type error on existing idmap entries in s3 upgrade
      s4-provision handle a number of invalid but real-world upgrade cases
      s4-schema consolidate schema handling
      s4-s3-upgrade Fix error handling in add_users_to_group
      heimdal: Try to handle the PAC checking when we are in a cross-realm environment
      s4-s3-upgrade Fix group member addition
      s4-s3-upgrade Handle expected errors, error out on unexpected ones
      lib/addns: Remove unused TALLOC_ macros
      s4-s3-upgrade: convert password age policies to the negative NTTIME format
      libgpo: call security_token_has_sid() directly
      librpc: put NDR_NTPRINTING into ndr-samba grouping library
      build: make LIBWBCLIENT_OLD and auth_unix_token libraries
      build: netapi does not depend on TOKEN_UTIL
      build: Add duplicate symbol checking as part of make test
      s4-param void function cannot return value
      s4-s3-upgrade do not convert min password length as a time
      build: a more robust zlib test
      s4-s3-upgrade Do not use python 2.6 style exceptions
      lib/util/charset: add back loading of charset modules
      lib/util/charset Run charset sets with and without the system iconv
      lib/util/charset: Improve toture assertions in iconv test
      lib/util/charset Use name of ISO-8859-1 that matches our internal implementation
      lib/util/charset: the comparsion must be against our charset modules
      s3-selftest: Set path to bin/net and bin/wbinfo in command line to test scripts
      start Samba 4.0alpha17 release notes
      s4-s3-upgrade Remove upgrade_from_s3 script, use samba-tool domain samba3upgrade
      doc: suggest samba-tool dbcheck in upgrading-samba4.txt
      Release Samba 4.0 alpha17
      start work on Samba 4.0 alpha18
      s4-provision Add initial support for joining as a new subdomain
      s4-provision Split addition of users and well known principals
      s4-join supply the NTDS GUID to the provision
      s4-provision Perform 'modify' operations as system
      s4-join Add a partitions DN when we join a subdomain
      selftest: add test for subdomain support
      s4: add createtrust tool for testing
      s4-subdomain more work on sub-domain join
      script/librelease.sh: automate Samba4 alpha releases
      s3-selftest use a more portable shell syntax
      s4-s3-upgrade Improve samba-tool domain samba3upgrade behaviour
      s4-provision Add initial support for joining as a new subdomain
      lib/util/charcnv: Remove broken internal CP850 and CP464 modules
      lib/util/charset: remove charset module loading
      build: avoid util.h as a public header name due to conflict with MacOS
      build: Fix waf build on MacOS X
      s3-pdb_samba4: Remove unused attribute from domain search
      s4-ldap_server: Fix segfault on startup failure of ldap server
      s3-messaging Ensure that the message is of the correct legnth
      s3-messaging Do not ever send a kill to -1
      build: Add dep on tdb-wrap3 to get tdb headers
      s4-dsdb Allow repl server to start even when no master NCs are present
      dsdb: fix double-free in replication failure case on RODC
      dsdb: Do not attempt to resolve conflicts on an RODC
      s4-dsdb: Do not assume that all deleted objects have an objectCategory and sAMAccountType
      s3-module allow libreplace to provide dlopen replacement
      lib/util: consolidate module loading into common code
      lib/util: Remove unused module loading functions
      lib/util: Use only init_module_fn typedef in module loading
      modules: standardise on samba_init_module as the hook symbol to resolve
      lib/util: consolidate module loading
      build: Reduce build systems to just top level waf and autoconf
      autobuild: Remove s3-waf from autobuild
      build: Remove _SAMBA_WAF_BUILD_
      build: Remove obsolete --enable/disable-merged-build
      build: ndrdump is only built with waf
      ldb: use ldb directly rather than via a copy
      s3-param use Auto define for lm_announce default
      param: Use a bool to hold boolean parameters
      s3-param: inline octal_string into caller to allow code merge
      s3-param Remove odd formatting to allow code merge
      s4-param copy print_parameter and equal_parameter in from source3
      build: s3 public headers appear to be correct now
      build: remove double-setting of build_public_headers
      build: build wbinfo only once in the waf build
      lib/param move source4 param code to the top level
      libcli/smb Move CSC_POLICY_* definition to smb_constants.h
      lib/param: Remove unused #include of lib/socket/socket.h
      lib/param Avoid the use of the name service_ok() which is used in the s3 param code
      lib/param Avoid the name string_set as this is already used in the s3 param code
      lib/param Use talloc_strdup rather than strdup as strdup is banned in the s3 includes.h
      lib/param Use strcasecmp_m rather than strcasecmp as this is banned in the s3 includes.h
      lib/param Avoid dyn_ defines that are not provided by the autoconf build
      s4-s3-upgrade: Allow import (just without a uid mapping) where getpwnam fails
      auth: move credentials layer to the top level
      auth: move gensec_start.c to the top level
      auth/credentials Declare remaining functions are public interfaces and put into credentials.h
      gensec: trim header includes back to what is actually required
      build: use lib/param loadparm code in source3 to get at lpcfg_ functions
      lib/param Add 'use mmap' parameter to control tdb use of mmap
      lib/param Print error when mkdir of lock path fails
      libcli/auth: Provide a struct loadparm_context to schannel calls
      s4-messaging: Pass the loadparm context, not just the messaging path
      lib/util: Add back control of mmap and hash size in tdb for top level build
      lib/param reduce the cost of loadparm_init_s3()
      build: only regenerate param files when required
      build: clean new generated param headers
      build: run perl generators at autogen.sh time
      add lib/param files to .gitignore
      Revert "s4:selftest: skip flakey samba4.nbt.winsreplication for now"
      Revert "s4: Mark the winsreplication test as knownfail"
      s4-selftest When testing for a credentials cache, do not specify a domain
      credentials: Prioritise command-line specified options above defaults from smb.conf
      s3-auth Add my copyright
      s4-s3-upgrade: Give a better clue when we cannot open secrets.tdb
      build: compile gensec_start.c and credentials.c in the autoconf build
      ntlmssp: Move ntlmssp code to auth/ntlmssp
      ntlmssp: Prepare gensec_ntlmssp_start() for broader use
      ntlmssp: Put members from auth_ntlmssp_state into gensec_ntlmssp_state
      gensec: an event context is no longer mandetory
      s3-ntlmssp Implement the server-side auth_ntlmssp code as a GENSEC module
      s3-smbd Give the nt error string when failing to set up encrypted transport
      gensec: Assert that we have not been subject to a downgrade attack in DCE/RPC clients
      s4-auth: match the new s3 gensec client and always negotiate SIGN with SEAL
      gensec: Refuse to seal if we did not negotiate to sign
      ntlmssp: Refuse to seal if we did not negotiate to sign
      gensec: move event-using code to gensec_update() hooks out of gensec_start*()
      s3-auth fix comment after s3 ntlmssp gensec module
      gensec: move event context from gensec_*_init() to gensec_update()
      s3-auth: use typedefs in auth.h
      ldb: Output more error information when a connect fails
      lib/param: Remove parameters for wins and spoolss databases
      s3-rpc_client remove cli_auth_ntlmssp_data_destructor
      s3-ntlmssp split auth_ntlmssp_client_start() into two parts
      s3-libsmb Use a gensec module to provide the ntlmssp client in ntlmssp_wrap.c
      s3-auth move the s3 auth context onto gensec_ntlmssp once we start
      s4-smb_server do not set credentials on gensec twice
      s4-s3-upgrade Fix samba3upgrade code to cope with a missing wins.dat
      s4-s3-upgrade test upgrade without a wins.dat
      s4-s3-upgrade fix format string for secrets.tdb exception
      s4-s3-upgrade rename samba-tool domain samba3upgrade --libdir to --dbdir for clarity
      Revert "selftest: Avoid being run over by armies of the undead"
      examples: compile libsmbclient tests using just SAMBA_BINARY
      s3-netapi Compile (but do not install) netapi tests
      build: compile (but do not install) all the libsmbclient tests
      build: compile (but do not install) netapi examples
      s3-auth remove auth_ntlmssp_session_info()
      s3-ntlmssp Remove auth_ntlmssp_update wrapper
      s3-ntlmssp Remove auth_ntlmssp_negotiated_sign() and auth_ntlmssp_negotiated_seal()
      s3-ntlmssp use gensec_{seal,unseal,sign,check}_packet
      s3-seal use gensec_[un]wrap() instead of gensec_[un]seal_packet()
      s3-ntlmssp Remove auth_ntlmssp_want_feature()
      s3-ntlmssp Remove auth_ntlmssp_session_key()
      s3-ntlmssp Remove references to auth_ntlmssp_context from the smb sealing code
      s3-seal Remove struct smb_srv_trans_enc_ctx
      s3-ntlmssp Remove references to auth_ntlmssp_context from the rpc code
      lib/util/charset Remove unused header smb_common.h
      libcli/smb Move smb_seal.h include to files that use it.
      torture: Remove unused smbiconv
      build: always include talloc with <talloc.h>
      build: always include tevent with <tevent.h>
      examples: rework wscript to use a loop
      s3-torture remove unused t_asn1.c
      s3-torture remove unused t_push_ucs2.c t_strcmp.c t_strstr.c
      selftest: Remove --target option and the ability to run 'samba4 only' tests
      selftest: Have only one set of selftest knownfail and skip files
      s3-torture Fix t_strappend test
      s3-torture Run t_strappend test for less time
      s3-torture run t_strappend tests as LOCAL-sprintf_append
      s3-selftest: Add LOCAL-sprintf_append
      s3-torture Remove t_stringoverflow as fstrcpy now uses strlcpy
      s3-build: Remove libbigballofmud.so
      s3-selftest Add all the LOCAL-* smbtorture tests to make test
      gensec: Add parinoia about integer wrapping
      lib/util Rename init_module_fn to samba_init_module_fn
      lib/util Rename run_init_functions -> samba_init_module_fns_run
      lib/util Rename load_samba_modules -> samba_modules_load
      lib/util Split samba-modules library into public and private parts
      lib/util Rename samba_init_module_fn -> samba_module_init_fn
      lib/util Rename samba_init_module_fns_run -> samba_module_init_fns_run
      lib/util Rename samba_init_module -> samba_module_init
      lib/util Rename samba_modules_load -> samba_module_init_fns_for_subsystem
      lib/util Add ABI to the samba-module library
      s4-dsdb Remove LDAP backend credentials support
      selftest: Remove the 'all' environment as it is just too slow to start up
      s4-smb_server No longer follow the security=share smb.conf directive
      s4-s3-upgrade Add my copyright
      s4-provision Remove options for LDAP backend to reduce user confusion
      s3-passdb Initialise the correct level of pointer dereference
      s3-py_passdb Ensure that group mapping list input is initailised
      s4-setup Remove servicePrincipalName: DNS/${DNSDOMAIN} from new installations
      param: make server role list common and include auto (for the new default)
      s3-param remove lp_domain_logons(), always use IS_DC
      param: calculate server role from security, and security from server role
      s4-s3-upgrade Add test of net getlocalsid after the upgrade
      param: move server role helpers into loadparm.h
      param: Move enum values into a common (included) .c file
      param: Add tests for automatic server role guessing
      s4-provision permit server role to be the ROLE_ strings from s3
      param: Connect lp_security to the lib/param code to allow tests
      lib/param: Add tests for security= behaviour now it operates with server role
      param: use lp_is_security_and_server_role_valid()
      libds: Make server role values explicit for easier debugging
      docs: Add documentation for server role
      lib/param simplify server role values specified in smb.conf
      s3-net Do not look for a local SID when we are a DC
      s4-s3-upgrade Test getdomainsid as well
      s3-nmbd Remove AD netlogon response from s3 nmbd server
      s4-s3-upgrade now look for -1 as the special 'not set' value
      s4-auth log details about any token we fail to convert to a unix token
      s4-samba-tool: Add --principal argument to samba-tool domain exportkeytab
      build: TDB_ERR_NESTING is used unconditionally
      s4-kdc: Add hdb plugin for samba4, to allow kadmin to work
      auth: Allow a NULL principal to be obtained from the credentials
      s4-dns Use match-by-key in GSSAPI server if principal is not specified
      pydsdb: provide a am_pdc hook like am_rodc to python scripts
      s4-dnsupdate: Do not attempt to add the PDC names if we are not a PDC
      Remove outdated information from the README
      clarify Roadmap, as the shape of Samba 4.0 is much clearer now
      s4-kdc: only build hdb plugin if we build against system Heimdal
      s4-selftest re-enable nsstest on libnss_winbind.so
      selftest: samba4.samba-tool.domopen now passes, so do not skip
      s4-lsarpc Fix segfaults found by the samba4.rpc.lsa.forest test
      torture: do not reuse bindings between pipes
      s4-lsarpc handle more info levels in SetInfoTrustedDomain calls
      testsuite: Remove unused and unlikely to be revived DejaGNU tests
      s4-torture: Fix comment
      s4-torture Modify rpc.lsa.forest.trust test to progress further FL Win2003 R2
      s4-torture cope with servers earlier than Windows 2008
      s4-torture Do not use a fixed password for forest trust tests
      HEIMDAL: Supply krb5_context to _krb5_internal_hmac to allow logging
      s4-selftest Give local.resolve a real name to look up
      s4-selftest: Add test of RPC to a netbios alias
      s4-resolv: fix dns_ex so as to fail correctly when a name does not exist
      lib/param: Set s4 "host msdfs = true" by default
      s3-rpc_server: Remove old comment
      s3-rpc_server: Add my copyright for my previous work here
      s3-auth Restore shortcut for guest security token
      s3-rpc_server request the DCE_STYLE feature in ntlmssp_server_auth_start
      s3-auth rename auth_ntlmssp_state -> auth_generic_state
      s3-auth rename auth_ntlmssp_prepare() -> auth_generic_prepare()
      s3-auth remove auth_ntlmssp_start(), call auth_generic_start() directly
      s3-rpc_server request both sign and seal for clarity
      s3-auth split the auth_generic functions into a seperate file
      s3-rpc_server remove unused header
      s3-rpc_server rename ntlmssp_server_auth_start() -> auth_generic_server_start()
      s3-rpc_server rename NTLMSSP functions to auth_generic..()
      s3-rpc_server: Rename dcesrv_ntlmssp.[ch] to dcesrv_auth_generic.[ch]
      s3-rpc_server: rename pipe_ntlmssp_verify_final() to pipe_auth_generic_verify_final()
      s3-rpc_server: Allow gensec mechanisms to return NT_STATUS_OK
      s3-rpc_server: Rework pipe_ntlmssp_auth_bind() to be generic
      s3-librpc Use gensec_sig_size() instead of a fixed NTLMSSP_SIG_SIZE
      gensec: Allow an alternate set of modules to be specified
      s3-auth: Remove protype for already-removed auth_ntlmssp_start
      s3-auth Fix talloc parent for s4 event context in auth_samba4
      s4-ntlmssp Do not allow LM key without a LM password
      credentials: Always honour the return value of E_deshash()
      auth/kerberos: Move gssapi_parse.c to the top level
      s4-gensec: Allow a PAC to be obtained from any GSS mech
      s4-auth Remove unused auth_context_create_from_ldb()
      auth/kerberos: Make pac_data_out in kerberos_decode_pac() optional
      s4-gensec: fix cyrus sasl module after update() protype change
      s4-gensec: Move parsing of the PAC blob and creating the session_info into auth
      s4-pyauth: Make sure event context allows nesting
      s4-gensec: Pass the auth context in during gensec test
      s4-torture: Demonstrate handling of the PAC in a custom auth_context
      s4-gensec Remove fallback for simple privileges
      s4-gensec remove auth_session dep from gensec_gssapi.c
      auth/kerberos: Rename memory contexts for greater clarity
      s4-auth: Rename memory contexts for greater clarity
      s4-gensec: Rename memory contexts in gensec_gssapi for greater clarity
      s4-gensec: Rename memory contexts in gensec_krb5 for greater clarity
      s4-gensec: Rename memory contexts in gensec_util for greater clarity
      s4-toture: Rename memory contexts in rpc.pac for greater clarity
      s3-librpc Use gsskrb5_get_subkey() where available to get the session key
      s3-libads Factor out a new routine kerberos_get_principal_from_service_hostname()
      s3-librpc store the sign/seal flags we got in the gssapi client
      s3-selftest: Add test for rpcclient, including kerberos authentication
      s3-auth supply s3 ntlmssp module via gensec_settings
      s3-auth Add TALLOC_CTX * to auth_generic_prepare()
      s3-auth re-create the auth context in the s3 ntlmssp server module
      s3-auth Set remote address for both AD and s3 gensec modes
      s3-auth use gensec directly rather than via auth_generic_state
      s3-auth Remove ntlmssp_wrap.h which is no longer required
      s3-auth remove unused ntlmssp.h
      s3-auth Remove more unused headers
      s3-librpc remove unused headers
      s3-auth remove outdated comment
      s3-auth Rename make_auth_ntlmssp() -> make_auth_gensec()
      s3-libsmb Use gensec_settings to set s3 ntlmssp client backend
      s3-libsmb Make auth_ntlmssp client more generic
      s3-libads Use NTLMSSP via auth_generic/gensec
      s3-torture convert smb2 test to use auth_generic/gensec for NTLMSSP
      s3-winbindd: convert cached credentials to use auth_generic/gensec for NTLMSSP
      ntlmssp: merge initial packet implementations
      s3-ntlmssp Remove unused ntlmssp_set_hashes() and do not set an invalid LM hash
      s3-selftest Hide smb4torture_possible inside plansmbtorturetestsuite()
      s3-selftest: remove smb4torture_possible and add have_ads_support
      s3-build: smbtorture4 can be built regardless of use_ads
      s3-build SAMBA4SHAREDIR is unused in make test
      s3-build SMBTORTRUE4 variable is unused in make test
      s3-selftest: Add test for smbclient kerberos support
      s3-libsmb: match the rest of Samba3 in kerberos name selection in smb sealing
      s3-selftst Add encrypted CIFS testing with kerberos
      s3-sefltest Make krb5 tests contain the word krb5
      s3-libsmb: Do not look up FQDN or use host/ for krb5 encrypted CIFS
      auth/credentials Remove debug that prints in normal operation
      s3-build: Remove unused hooks to set smbtorture4 and test args
      krb5: Require krb5_c_enctype_compare is available to build with krb5
      krb5: Require krb5_c_verify_checksum is available to build with krb5
      krb5: Require krb5_get_host_realm and krb5_free_host_realm be available to build with krb5
      krb5: Require krb5_fwd_tgt_creds to be available to build with krb5
      krb5: Require krb5_get_init_creds_opt_alloc/free for build with krb5
      krb5: Remove now unused checks for krb5_verify_checksum
      krb5: Require krb5_get_renewed_creds be available to build with krb5
      krb5: Require krb5_principal_compare_any_realm be available to build with krb5
      krb5: Require krb5_set_real_time is available to build with krb5
      krb5: Require krb5_string_to_key be available to build with krb5
      krb5: Require gss_get_name_attribute or Heimdal's PAC parsing to build with krb5
      s3-librpc Return user principal name on supplied mem_ctx
      auth/kerberos: Remove unused headers from gssapi_parse.c
      auth: make auth4_context common to provide access to generate_session_info_pac()
      gensec: move gensec_util.c to the top level
      s3-librpc Rename create_ntlmssp_auth_rpc_bind_req() to be more generic
      s3-librpc Rename and rework cli_rpc_pipe_open_ntlmssp() to be generic
      s3-librpc Set target service and server into gensec
      s3-librpc: rename get_ntlmssp_auth_footer to be more generic
      s3-libsmb: split out auth_generic client functions into auth_generic.c
      s3-librpc: Rename spnego_ntlmssp_init_client and make generic
      s3-librpc Supply target service and server to spnego_generic_init_client()
      gensec: make gensec_gssapi.h common
      gensec: Rename want_flags and got_flags in gensec_gssapi
      gensec: Make sure to check the optional auth_context hooks before using them
      s4:auth: Make sure to check the optional auth_context hooks before using them
      s4-kdc: use IDL constant NETLOGON_GENERIC_KRB5_PAC_VALIDATE
      s4-kdc Do the KDC PAC checksum validation in the Samba plugin
      auth/kerberos: Remove unused TALLOC_CTX argument to check_pac_checksum
      heimdal: remove checking of KDC PAC signature, delegate to wdc plugin
      use ETYPE_DES3_CBC_SHA1 for the verify step in verify_mic_des3
      make hmac-md5 the keyed checksum type for arcfour-hmac-md5
      Revert "make paranoia check less paranoid" - check that key types strictly match
      s3-selftest The krb5 encrypted CIFS test was wrong
      s3-auth Add auth hook for PAC parsing
      s3-auth Match session setup handling of krb5, store the PAC
      s3-gse: Add gensec wrapper for gse GSSAPI client
      s3-build: Rework object lists to allow gse gensec module
      s3-gse Make gse available as a gensec client module
      s3-libsmb Use the gse_krb5 gensec module as client
      s3-librpc Call GSSAPI via the auth_generic layer and gensec
      s3-librpc Allow spnego_generic_init_client to handle kerberos too
      s3-librpc Call SPENGO/GSSAPI via the auth_generic layer and gensec
      s3-librpc: Simplify SPNEGO code now that all mechs use a struct gensec_security
      s3-librpc Remove layer around struct gensec_security
      s3-librpc Remove unused dcesrv_gssapi.[ch] functions
      s3-gse Remove or make static unused/local-only GSE functions
      s3-gse Add const
      s3-gse Move GSS_C_DCE_STYLE backup definition to gse.c
      s3-librpc Remove special case for spnego dcerpc sign/seal
      s3-librpc Remove special case for spnego session key
      s3-gse Make seal parameter a boolean for clarity
      s3-librpc Make cli_rpc_pipe_open_spnego_ntlmssp() generic
      s3-rpcclient: pass struct ndr_interface_table down
      s3-utils/net: pass struct ndr_interface_table down
      s3-librpc: pass struct ndr_interface_table down to cli_pipe_open_generic/spnego()
      s3-gse Rename delegated_creds to match gensec_gssapi_context
      s3-gse Rename gss_ctx to match gensec_gssapi_context
      s3-gse Rename gss_c_flags and ret_flags in gse
      s3-gse remove special more_processing hook from gse
      s3-gse Remove authenticated flag from gse
      s3-gse: Make gensec_gse cope with non-DCE GSSAPI
      s3-gensec: Add hook to allow gensec to know if kerberos is permitted
      s3-gse: align common elements between gse_context and gensec_gssapi_state
      auth/gensec: align common elements between gse_context and gensec_gssapi_state
      build: Add -lz to wbinfo to fix build on some hosts
      s3-libcli Change krb5 smb sealing to call via gensec and gensec_gse
      s3-libsmb: use struct gensec_security directly
      s3-libsmb: Remove unused smb_tran_enc_state_gss and gssapi headers
      s3-libsmb: Always allow SMB_TRANS_ENC_GSS to be defined
      param: handle P_BYTES in more places
      dsdb: Allow DSDB_CONTROL_PASSWORD_BYPASS_LAST_SET_OID to be specified as a flag
      s3-passdb: Use DSDB_PASSWORD_BYPASS_LAST_SET flags in pdb_samba4
      s3-passdb: Fix pdb_samba4 setting of plaintext passwords
      selftest: Add test for smbpasswd against pdb_samba4
      s3-build: Remove FIXME, bigballofmud is no more
      s4-rpc_server: Fix search for existing trust to actually look for the dns name
      s3-libsmb Do not limit read replies to NBT packet sizes
      s3-selftest: Add test for posix large reads and writes
      auth: provide private pointer and do not return original PAC signatures
      auth: Make check_password and generate_session_info hook generic
      s4-auth: Return NT_STATUS_NOT_IMPLEMENTED if the challenge cannot be obtained
      gensec: inline gensec_generate_session_info() into only caller
      s3-auth: Remove duplicate check for NT_STATUS_IS_OK(nt_status)
      s3-smbd: Use gensec_spnego in smb seal server
      s3-libsmb: Use gensec_spnego in smb seal client
      s3-libsmb: Remove unused enum smb_trans_enc_type
      libcli/smb: Convert struct smb_trans_enc_state to talloc
      selftest: Remove unused support for --exeext
      s3-auth Remove unused nt_status_squash from auth_context
      s3-build use common VERSION file for all builds
      s4-messaging: fix pymessaging docstring
      s3-auth Add const to make_user_info_map
      auth: rename ntlmssp.c to ntlmssp_util.c
      s3-docs: Remove references to long-gone smbmount utilities
      s3-passdb: Remove #if _SAMBA_BUILD_ == 4 from pdb_samba4
      s3-build: remove EXEEXT from Makefiles
      smbwrapper: Remove smbwrapper
      credentials: Show returned error_string in debug message
      heimdal: Re-run lexyacc.sh
      heimdal_build: omit #line statments
      heimdal: Re-run lexyacc.sh to remove #line statements
      build: Add --enable-coverage option to build with gcov support
      charset: Remove unused iconv_talloc()
      s3-charcnv: Remove unused pull_string_fn
      s3-registry: Remove unused prs_uint8()
      s3-lib: Remove unused pid_path()
      s4-cmdline: Remove unused popt_common_dont_ask()
      s4-lib/tls: remove unused tls_support()
      charset: Remove unused strcmp_w()
      lib/util: Remove unused str_format_nbt_domain()
      s4-lib/samba3: Remove unused smbpasswd_decode_acb_info()
      s3-param: Remove unused share_defined()
      s3-libsmb: Remove unused smb_krb5_mk_error()
      s3-charcnv: Remove unused rpcstr_push()
      s3-lib: Remove unused is_myworkgroup()
      s3-libsmb: Remove unused kerberos_compatible_enctypes
      s3-libsmb: Remove unused kerberos_set_creds_enctype()
      s4-nbt_server: remove unused winsdb_get_seqnumber()
      Revert "gensec: Fix a memory corruption in gensec_use_kerberos_mechs"
      gensec: set flag to continue in outer for loop in gensec_use_kerberos_mechs
      gensec: explain gensec_use_kerberos_mechs() logic
      auth: Pass in the SMB username (for %U) into generate_session_info
      s3-lib/addns: Move to system/kerberos.h and HAVE_KRB5
      s3-libads: Move to using only the HAVE_KRB5 define
      s3-build: expliticly require gssapi for HAVE_KRB5 and remove HAVE_GSSAPI
      selftest: Allow setup_env() to signal that an environment name is unknown
      s3-selftest: Do not assume $USERNAME is the same as $DC_USERNAME
      s3-nmbd: Initialise newly non-static variables
      wintest: connect to correct hostname in test_net_use
      wintest: Retry joining the domain a few times
      wintest: Allow access denied when turning off the firewall
      wintest: Update VM used for W2K8R2A
      wintest: s3 moved smb.conf to /etc
      wintest: Cope with nc not timing out even when -w 1 is specified
      wintest: Samba is now all version 4.0
      wintest: Give the Windows VM a little more time to start back up
      wintest: Change Windows 7 VM
      wintest: update WinXP-1 snapshot
      selftest: Make plugin_s4_dc set the cached environment correctly
      selftest: Do not start up an already-running test environment
      s3-selftest: Require SMB signing for ktest environment
      selftest: skip targets that are not compiled in if we do not have ADS
      selftest: Run nsstest against more environments
      selftest: skip plugin_s4_dc if we do not have ADS
      s3-smbd: Avoid starting log lines with the word 'error'
      selftest: Remove 'if have_ads_support:' from tests.py
      s3-selftest: Remove .posix_s3 from s3 test names
      s3-librpc: make gensec result handling more generic
      s3-librpc: Remove unused bool gensec_hook
      s3-gse: Use the session key type, not the lucid context to set NEW_SPNEGO
      s3-librpc: Use gensec_spnego for DCE/RPC authentication
      s3-smbd Remove unused code now we always have SPNEGO via gensec
      s3-param Remove off-by-default and unused "send spnego principal"
      s3-librpc: Remove gse_verify_server_auth_flags
      lib/util: Remove unused sys_select_signal()
      lib/util: Remove sys_poll as it is no longer needed
      wintest: Allow Windows VM to have no default route
      wintest: use net rpc to put authenticated users into TelentClients if we need to
      wintest: give host longer to register the SRV record
      s3-gse: Remove unused OID declaration
      s3-librpc: Remove backup declaration of GSS_C_DCE_STYLE
      s3-gse: Fix OID to read for kerberos key type
      s3-gse: Allow kerberos key type OID to be optional
      auth/kerberos: Move gse_get_session_key() to common code and use in gensec_gssapi
      wintest: Update Win2003 VM
      build: Add exceptions for callcatcher unused function detection
      s3-build: Use credentials_ntlm.c in the autoconf build as well
      s3-auth Hook checking passwords and generating session_info via the auth4_context
      auth: Move the rest of the source4 gensec_ntlmssp code to the top level
      auth: Cope with NO_USER_SESSION_KEY from security=server
      s3-auth: Add extra error messages on authentication or authorization failure
      s3-auth: Use common gensec_ntlmssp server functions for more of gensec_ntlmssp3_server
      s3-auth Use the common gensec_ntlmssp_update in gensec_ntlmssp3_server
      s3-auth: Inline ntlmssp_server_start() into gensec_ntlmssp3_server_start()
      s3-auth: Only allow LM_KEY cryptography when extra options are set
      auth: Set NTLMSSP_NEGOTIATE_SIGN when session key support is required
      s3-auth: Remove a layer of indirection and reorder to match gensec_ntlmssp_server_start()
      s3-auth: Use the lpcfg_ wrapper calls to set some variables
      auth: Rearrange ntlmssp code for clarity
      s3-auth: Allow NTLMSSP features to be disabled with smb.conf options for testing
      auth: Provide a way to specify the NTLMSSP server name to GENSEC
      s3-auth: Use the gensec-supplied DNS domain name and hostname.
      s3-auth: Use common gensec_ntlmssp_server_start
      s3-auth: Use common gensec_ntlmssp
      auth: Make more of the ntlmssp code private or static
      auth: Allow the netbios name and domain to be set from winbindd in ntlm_auth3
      s3-registry Remove unused dup_registry_value() and free_registry_value()
      s3-lib Remove unused sys_fseek()
      s3-lib Remove unused sys_fcntl_long()
      s3-lib: Remove unused standard_sub_conn()
      lib/util: Remove unused sys_gethostbyname()
      lib/util: Remove unused sys_inet_makeaddr()
      lib/util: Remove unused sys_recv()
      lib/util: Remove unused sys_sendto()
      selftest: Fix selftest to check ADS functionalty again
      auth: Reorder arguments to generate_session_info
      s3-build: allow gcov testing by linking timelimit with --coverage
      s3-secrets: Remove unused secrets_delete_machine_password()
      s3-secrets: Remove unused secrets_delete_generic()
      s4-selftest: Avoid running kinit for each new connection
      s3-winbindd: pass logon parmeters down to check_sam_security()
      s3-ntlm_auth: allow ntlm_auth --diagnostics to pass again
      s3-selftest: Add test for ntlm_auth --diagnostics
      s4-smbd: Show time event was expected to run, as well as the current wall clock time
      build: Add libbsd as a dep for LIBREPLACE_HOSTCC
      selftest: test member server tests in security=ads
      nsstest: Allocate the correct sized buffer for initgroups
      s3-rpc_server Remove unused function auth_generic_server_start()
      s3-libsmb: Remove unused spnego functions
      wintest: Change to a new Win2008R2 VM
      s3-utils: Remove unused connect_to_ipc_krb5()
      s3-libads: Remove unused ads_pull_sids_from_extendeddn()
      s3-libads: Remove unused ads_set_machine_password()
      s4-provision: Fix typo in 9b9fdeefb47f2657c9bb4c2f48318550da510209
      selftest: Do not skip environments that fail to start up
      s3-auth: Add a way to get an auth4_context from the auth stack
      auth: Rename some elements of auth4_context
      s3-auth: Provide helper routine to check password and return session_info
      s3-ntlm_auth: Convert ntlm_auth to use gensec_ntlmssp server-side
      s3-libsmb: Remove unused ntlmssp_server_start()
      auth: consolidate gensec_ntlmssp_server wrapper functions
      auth: Remove plugable password-check functions from gensec_ntlmssp
      s3-selftest: run ntlm_auth against winbindd in make test
      s3-selftest: Verify GK and GF flag behaviour
      s3-libsmb: Remove unused spnego_parse_auth_and_mic
      prepare WHATSNEW for Samba 4.0alpha18 release and mark as release.
      on our way with Samba 4.0alpha19
      s3-auth rename vuid_serverinfo to session_info
      s4-netlogond: Fix use of uninitialised value dns_name
      selftest: plugin_s4_dc can now handle kerberos properly
      s3-param: Align lp_{max,min}protocol with lib/param names
      s3-selftest: avoid running LOCAL- tests twice
      selftest: up the default log level in s3
      s4-smb_server Remove inetd-mode samba3 hook
      s4-winbindd: Do not ask for a tree that we will not use
      selftest: Do not run chgdcpass test on the main DC
      selftest: skip the troublesome samba4.rpc.unixinfo test
      selftest: change plugin_dc to test using s3fs
      selftest: add more tests for plugin_s4_dc
      build: link heimdal krb5 against execinfo if found
      build: look for backtrace_symbols in libexec
      s3-ntlm_auth: Add --target-service and --target-hostname options
      s3-ntlm_auth: Wrap kerberos token in GSSAPI
      s3-ntlm_auth fix up gss-spnego-client so as to work with gss-spnego
      s3-selftest: Add more tests for ntlm_auth
      s3-selftest: make ntlm_auth test more robust to bad input
      s4-libnet: Move to talloc_get_type_abort()
      s4-libnet: Remove set but unused variables
      s3-libsmb: Initialise ticket to ensure we do not invalid memory
      selftest: Establish a registry of socket wrapper IPs
      s3-rpcclient: Ensure interfaces are loaded after smb.conf
      s3-selftest: Add tests for ntlm_auth gss-spnego client and server
      selftest: Put stdin pipe on the environment
      selftest: close stdin and wait with waitpid() for a safer exit
      selftest: Rework samba4.blackbox.bogusdomain to use a temporary user
      change low FDs are handled in Samba
      s3-nmbd: Add stdin handler for nmbd
      s3-winbindd: Add stdin handler for winbind
      selftest: Use fork()/exec() rather than system()
      selftest: Fix waitpid termination test
      selftest: Rework Samba4.pm process termination.
      selftest: Rework Samba3.pm process termination
      s3-auth: Remove security=share (depricated since 3.6).
      s3-auth Add make_session_info_from_pw to avoid multiple getpwnam() calls
      s3-rpc_server: consolidate rpc server init routines
      s3-smbd: vuser and session_info cannot be NULL here
      selftest: remove unused config.h check
      selftest: forward rpcecho to Samba4 in plugin_s4_dc
      selftest: start to run more dcerpc tests against plugin_s4_dc
      selftest: Reduce time in cleanup loop, try waitpid on all 3 children
      selftest: run smbtorture_s3 tests against the ntvfs file server
      selftest: Reduce declarations of smbclient_auth tests by moving into a loop
      s3-lsasd: Fix debug messages on registration failure
      s3-rpc_server: Only init and register embedded RPC services in dcesrv_ep_setup()
      s3-rpc_server: Remove remaining code for embedded endpoint mapper
      s3-smbd make change_to_user_by_session static
      selftest: Only run s3dc with a forked lsasd
      s3-rpc_server: Do not setup ncalrpc pipes and TCP for embedded rpc servers
      s4-smb_server: Put error from share_get_config() into the logs
      s3-rpc_server: Register embedded RPC services after starting lsasd and spoolssd
      s3-rpc_server: Do not register embedded ncacn_np endpoints by default
      selftest: add more tests for different authentication codepaths
      s3-auth: Follow auth_ntlmssp and use auth4_context for Session Setup
      s3-auth: Remove single-implementation plugin layer
      lib/util: Add a callback facility for debug messages
      dlz_bind9: Log Samba DEBUG() messages to the bind9 logs
      wintest: continue turning over VMs...
      auth/kerberos: Ensure we do not print invalid memory in failure case
      auth/kerberos: Fall back to gsskrb5_get_subkey if we did not get the key type
      auth/ntlmssp: Remove gensec_security element from gensec_ntlmssp_state
      auth/ntlmssp: Remove reference to struct ntlmssp_state
      s4-librpc: Remove unused new_ev
      selftest: fix running additional smbclient test for non-spnego session setup
      s3-spoolss: Consistently fail OpenPrinterEx with "" printername
      build: Ensure that we clean build objects from auth/ as well
      selftest: test wbinfo --authenticate and --krb5auth
      wintest: test wbinfo --krb5auth
      s3-krb5: Remove GSS_WRAP_IOV conditional
      build: param must require cups to get the cups headers path in -I
      build: Do not build with utmp when we do not have utmp.h
      s3-winbindd Only use SamLogonEx when we can get unencrypted session keys
      wintest: test demote of DC
      s3-build: gss_krb5_export_lucid_sec_context is no longer used in the s3 build
      s4-dsdb: use constant-time search for descriptor -> get_last_structural_class()
      lib/util: Add smb_load_module that returns DEBUG(0) errors on failure
      s3-smbd: Inline init_modules() into only caller
      s3-vfs: Use new smb_load_module for better diagnostics
      s4-ntvfs: Rename xattr_tdb.c to posix_eadb.c and make more generally useful
      s3-vfs: initial work on posix:eadb module
      file_server: Move vfs objects initialisation into file_server.c smb.conf wrapper
      lib/util: charset modules do not exist any more
      s3-ntlm_auth Use GENSEC for gss-spnego server
      s3-ntlm_auth: add ntlm_auth_generate_session_info_pac()
      s3-auth: Order GENSEC mechs by priority, krb5 before NTLMSSP
      s3-ntlm_auth: use manage_gensec_request for squid-2.5-ntlmssp
      build: Reduce deps of ntlm_auth
      s3-libsmb: Remove unused spnego_parse_krb5_wrap()
      s3-libads: Rework kerberos_return_pac() to use GENSEC for the server-side
      s3-libads: Remove ads_verify_ticket() as it is now unused
      s3-krb5: Remove unused get_principal_from_tkt
      s3-krb5: Remove unused krb5_rd_req_return_keyblock_from_keytab
      s3-krb5: Remove unused get_authtime_from_tkt
      s3-krb5: remove unused get_auth_data_from_tkt
      s3-krb5: remove unused unwrap_pac()
      s3-krb5: Remove unused get_key_from_keytab
      s3-krb5: Remove unused smb_krb5_get_keyinfo_from_ap_req()
      s3-krb5 Remove unused get_enctype_from_ap_req
      s3-krb5 Remove unused get_kvno_from_ap_req()
      build: Remove unused check for HAVE_KRB5_TKT_ENC_PART2
      build: Remove checks for krb5_decode_ap_req, free_AP_REQ and KRB5_TICKET_HAS_KEYINFO
      lib/replace: Add getconf LFS_CFLAGS support to autoconf build
      build: use only standard _FILE_OFFSET_BITS=64 macro for large files
      build: Add getconf LFS_CFLAGS support to waf build
      build: Require 64-bit files support and do not define HAVE_EXPLICIT_LARGEFILE_SUPPORT
      build: Remove configure tests for *64 functions and types
      build: do not use HAVE_EXPLICIT_LARGEFILE_SUPPORT and *64() fucntions any more
      build: Fix configure test that was declaring an off64_t
      Remove off64_t declarations
      build: #ifdef LARGE_SMB_OFF_T as off_t is now always 64 bits
      vfs: Remove -D_LARGEFILE64_SOURCE from vfs examples Makefile
      build: combine off_t 64 bit and largefile test
      build: Remove sys_ftruncate wrapper
      build: Remove sys_lseek wrapper
      build: Remove sys_ftell wrapper
      build: Remove fallback call to sys_open as HAVE_CREAT is not actually checked for
      build: Remove sys_creat wrapper
      build: Remove sys_open wrapper
      build: Remove sys_fopen wrapper
      build: Remove sys_opendir wrapper
      build: Remove sys_readdir wrapper
      build: Remove sys_seekdir wrapper
      build: Remove sys_telldir wrapper
      build: Remove sys_closedir wrapper
      build: Remove sys_rewinddir wrapper
      build: Remove SMB_STRUCT_DIRENT define
      build: Remove SMB_STRUCT_DIR define
      build: Remove SMB_STRUCT_FLOCK define
      build: Remove SMB_F* locking defines
      build: Fix sys_open() removal by including system/filesys.h
      build: Remove unused GLIBC_HACK_FCNTL64
      build: Add more assertions that fcntl locking works 64-bit
      build: Restore configure summary checking
      build: Fix bitrotted configure summary, we now also test HAVE_IFACE_GETIFADDRS
      build: Add configure summary checking to waf build
      s3-vfs: Remove unused lgetxattr call from VFS modules, system.c and configure
      s3-vfs: Remove unused llistxattr call from VFS modules, system.c and configure
      s3-vfs: Remove unused lsetxattr call from VFS modules, system.c and configure
      s3-build: Remove unused configure checks for xattr functions
      s3-vfs: Remove unused lremovexattr call from VFS modules, system.c and configure
      s3-build: Remove unused configure checks for xattr functions
      build: Remove SMB_OFF_T, replace with off_t
      autobuild: Also test a distribution-style build with external libs
      Revert "ldb: Permit desactivation of autocomit for every ldb_xxx_ctrl function"
      ldb: Detect failures in ldb.base again
      ldb: Allow access to the line number while reading ldif from a file
      ldb-tools: Place the whole of an ldif file in a transaction
      build: Add tevent deps for users of tevent calls
      build: search for talloc, tdb, tevent in non-standard system locations
      .gitignore: ignore MYMETA.yml
      buildtools: Add --enable-debug option
      remove --enable-developer from recursive waf build in autoconf build
      remove --enable-developer from samba4-libs autobuild
      ccan: Fix failtest on Fedora 16 as stdlib.h does not imply malloc.h
      prepare WHATSNEW for Samba 4.0alpha19 release and mark as release.
      on our way with Samba 4.0alpha20
      lib/tdb_compat: Do not define BUILD_TDB2 if we are not building tdb2
      build: use include paths for pkg-config found libraries
      build: Fix spelling of tevent
      param: Merge common param elements by adding .flags
      param: harmonsise logfile parameter
      make _lp_readraw() and _lp_writeraw() static
      param: Change from _lp to lp__ as the prefix for internal parameter wrappers
      s3-param: make FN_GLOBAL macros consistent, add lp_ using the macro
      param: Merge common param elements by adding .flags
      lib/param: swap preferred name for 'lock dir' to match s3
      param: harmonise wins parameters
      param: leave realm as a normal string, handle upper/lower case in handle_realm
      build: Remove more of the s3 special cases in waf: only pidfile.c needs -DCONFIGFILE
      s3-dbwrap: Add talloc_stackframe() calls
      s3-dbwrap: push lp_ctx up another layer in the stack
      lib/util: Move map_nt_error_from_tdb to the top level
      s3-build: Add missing samba3-util dep to tdb-wrap3
      dbwrap: Add dbwrap_tdb to private dbwrap library
      s3-build: move file_id.c into samba3-util and create a private header
      s3-lib: Add file_id_string()
      s3-xattr_tdb: make xattr_tdb a private library, for use outside vfs_xattr_tdb
      s3-xattr_tdb: Be nice to xattr_tdb_getxattr callers, return the full blob
      s3-xattr_tdb: Use talloc_stackframe() more to allow calling from common code
      s4-python: Add python wrapper for xattr_tdb format xattr storage
      s3fs: Use xattr_tdb format for xattr storage
      s4-s3upgrade: Ignore (with warning) groups that are listed but we cannot list members for
      s4-s3upgrade: Do not ever set a domain-wide maxPwdAge of 0
      s4-samba-tool: Fix samba-tool fsmo seize
      dbcheck: Add a check that every FSMO role has a valid owner
      s3-passdb: Remove unused sampass->pass_must_change_time
      s3-dbwrap: Remove dead code: talloc_stackframe() cannot fail
      s3-xattr_tdb: Remove dead code: talloc_stackframe() cannot fail
      s4-provision: Always give the warning if we are using eadb.  It really should be for testing only
      s4-python: Ensure we handle the no-eadb case for system xattrs in get/setntacl
      libwbclient: bump version to 0.9, and add this version to .pc file
      wafsamba: allow certain public libraries to be forced to be private
      selftest: Add extra info on what is failing in wbclient tests
      dlz_bind9: Also produce and install binary plugin for bind 9.9
      s3-dbwrap: A void function can not return a value
      s4-libnet: Fix segfault shown by wbinfo --group-info=administrator
      s4-libnet: Fix continue_groupinfo_opengroup to check correct state info
      selftest: Add test for bug #8884: wbinfo --group-info=administrator segfaults s4-winbindd
      build: Remove support for system libwbclient
      build: Remove support for a system libsmbclient
      s4-libnet: Fix continue_groupinfo_openuser to check correct state info
      s4-libnet Always return after composite_error()
      s4-libnet Always return after composite_error()
      s4-s3upgrade: print the error message from passdb.error exceptions
      s4-torture: enable raw.composite test again, and convert to new style test
      s4-messaging: Use generate_random() to get a unique ID for messaging clients
      selftest: push --target selection into plansmbtorturetestsuite
      s4-torture: never return false in the raw.composite torture test
      selftest: Remove silly space before unit test name
      selftest: Place the test environment at the end of the failure lines
      selftest: Add test to ensure that bug #8872 does not come back
      s4-torture: Move various samba3 tests to the torture_suite_add_1smb_test wrapper
      s4-torture: move samba3 tests to use torture helper functions
      s4-torture: convert samba3misc tests to use torture_failure and torture_assert
      s4-messaging: Fill in the whole server_id in all use cases
      s3-lib Add a way to allocate the task_id value in server_id
      s3-auth_samba4: use new_server_id_task() to allocate server id values
      s4-libnet: Add mem_ctx to libnet_Lookup calls (bug #8889)
      s4-libnet: Add mem_ctx to libnet_DomainOpen calls (bug #8889)
      s4-libnet: Add mem_ctx to libnet_DomainClose calls (bug #8889)
      s4-libnet: Add mem_ctx to libnet_rpc_groupinfo calls (bug #8889)
      s4-libnet: Add mem_ctx to libnet_rpc_useradd calls (bug #8889)
      s4-libnet: Add mem_ctx to libnet_rpc_userdel calls (bug #8889)
      s4-libnet: Add mem_ctx to libnet_rpc_usermod calls (bug #8889)
      s4-libnet: Add mem_ctx to libnet_rpc_groupadd calls (bug #8889)
      s4-libnet: Add mem_ctx to libnet_rpc_groupdel calls (bug #8889)
      prepare WHATSNEW for alpha20 and mark as release
      move VERSION to alpha21
      s3-smbd: Use security_session_user_level() rather than nt_token_check_sid()
      selftest: Enable ACL testing against the s3dc environment
      selftest: attempt to test samba3hide in a different environment
      selftest: prepare to run smbtorture tests against plugin_s4_dc
      selftest: run plugin_s4_dc with 'acl_xattr xattr_tdb streams_depot' VFS modules
      selftest: Add hideunread share to plugin_s4_dc
      selftest: Use same pattern for path to share as Samba3.pm
      file_server: forward dssetup, but use embedded svcctl for s3fs
      file_server: use embedded eventlog server
      file_server: use embedded ntsvcs server
      file_server: Use the embedded winreg server
      file_server: use embedded srvsvc
      selftest: change knownfail to cope with running plugin_s4_dc as well
      selftest: add knownfail entries for plugin_s4_dc tests
      selftest: mark samba3.raw.acls.inheritance(plugin_s4_dc) as flapping
      selftest: mark samba3.raw.samba3checkfsp as flapping on plugin_s4_dc
      selftest: add hooks required for printing to Samba4.pm
      selftest: Do not start samba4 srvsvc in plugin_s4_dc mode
      selftest: Run smbtorture tests being run against s3dc against plugin_s4_dc as well
      selftest: run more raw.samba3 against secshare simple file server
      file_server: set 'store dos attributes = yes'
      s4-provision: set 'dcerpc endpoint servers' but not 'vfs objects'
      selftest: 'store dos attributes = yes' is now set in fileserver.conf
      testsuite/libsmbclient: Remove unused and expensive-to-link testsuite
      s4-provision: Fix --use-s3fs to parse correctly
      s4-wintest: --use-s3fs in wintest
      s4-provision: Fix up --use-s3fs to create the directory for xattr.tdb
      s3-passdb: Change pdb_sid_to_id() to return struct unixid
      s3-passdb: Rename legacy_sid_to_id -> legacy_sid_to_unixid for clarity
      s3-passdb: Use struct unixid in sids_to_unix_ids
      s3-winbindd: Do not use WBC_ types internally in winbindd
      s3-idmap: Rework idmap_cache to store ID_TYPE_BOTH values
      s3-idmap: convert most idmap_cache callers to unixid API
      s3-idmap: remove (now) unused function idmap_cache_set_sid2both()
      s3-passdb: Add extra debug on ID mapping failures
      s3-pypassdb: remove unused variable
      s3-pypassdb: add wrapper for enum_group_memberships
      s4-s3upgrade: Try harder to get group memberships on upgrade
      s4-s3upgrade: Force ldapsam:trusted = yes
      s4-samba-tool: make new samba-tool group listmembers use samAccountName
      s4-dsdb: Use strcasecmp_m() to compare possibly multibyte strings in samldb
      s4-dsdb: Use data_blob_string_const and add explaination for open-coded function in samldb
      s4-s3-upgrade: Max/min password age policy is in seconds, not days
      s3-python: Add python bindings for posix ACL layer
      s4-provision Ensure we have posix ACLs before we permit a s3fs-based Samba4 to be configured
      lib/util: Map 0x7fffffffffffffffLL as 0x7fffffffffffffffLL in time conversion
      s3-lib: Fix indentation in sys_acl_to_text()
      s3-vfs: Show the invalid ACL when we say it is invalid for set
      s3-lib: Add const to sys_acl_to_text
      s3-lib/sysacls: Do not include an embedded \0 between ACL entries in sys_acl_to_text()
      s3-smbd: Fix the creation of duplicate SMB_ACL_GROUP entries
      build:ignore solaris _GLOBAL_OFFSET_TABLE_ in duplicate symbol checker
      build: Avoid printing the ABI signature normalisation during the default build
      lib/socket_wrapper only enable python_socket and socket.py with socket_wrapper
      selftest: Remove tests for security=server
      build: Add explicit mention of --abi-check-disable to ABI checker
      s3-smbd: Do not merge UID ACE values with GID ACE values for posix ACL
      We need to split things up into a new helper function add_current_ace_to_acl() in order for there to be more posix ACL elements than NT ACL elements (so a group SID can own a file, but also get the group permissions that will be honoured)
      s3-smbd: Handle ID_TYPE_BOTH by mapping to both a group ACL entry and file ownership This will allow groups, such as domain administrators, to own files while correctly handling the rest of the ACL permissions.
      s3-smbd: Consider a group with the same SID as sufficient duplication
      s3-smbd: Avoid creating a UID ACL entry for SIDs that are mapped as ID_TYPE_BOTH The GID ACL entry is what will be mapped in most cases, and so is sufficient.
      build: Move generated version.h to a waf-invisible location
      build: Move generated files out of the normal build tree
      autobuild: Run ABI check on samba4-libs as well.
      s4-torture: Fix rpc.samr.priv test to use torture_assert() macros
      build: Also look for iconv in /usr/local by default
      s4-torture: provide correct torture failures for failure to connect
      s4-torture: Always use torture_assert() to handle failures
      s4-torture: Improve torture test boilerplate, use torture_assert()
      s4-selftest: Always delete the user at the end of test_passwords.sh
      s4-provision: Make s3fs the default way to install a new Samba4 DC
      WHATSNEW: Move to document changes for beta1
      selftest: Run only the samba3 tests on builds without the AD DC
      s4-selftest: Demonstrate the correct behaviour between specified usernames and kerberos ccache
      doc: Explain our build systems for Samba 4.0
      wintest: s3fs is now the default in provision
      WHATSNEW: update for alpha21, and mark as release
      move VERSION to alpha22
      s3-winbindd: Always map the LDAP error code to an NTSTATUS
      s3-libads: Use a reducing page size to try and cope with a slow LDAP server
      s3-utils: Use ads_do_search_retry in net ads search
      s3-build: Remove build of libaddns.a from the autoconf build
      build: Remove all references to libuuid
      build: Remove unused release scripts for talloc
      build: Remove unused release scripts for tdb
      build: Remove unused release scripts for tevent
      build: Provide .pc file for libnetapi
      build: Provide .pc file for libsmbsharemodes
      s3-iconv: Remove unused script/gen-8bit-gap.sh
      s3-build: Remove build of libtalloc.so from the autoconf build
      s3-build: Remove build of libtdb.so from the autoconf build
      lib/param: Harmonise 'password server' parameter between s3 and s4
      lib/param: Add .flags to wins parameters to match s3
      lib/param: Add .flags to max/min protocol to match s3
      param: Sort global param functions macros to ease the s3/s4 merge
      param: mark realm parameter as const
      lib/param: Mark a few more parameters const (matching s3)
      lib/param: Import s3 parameters into lib/param to allow the parameter lists merge
      s3-param: Rename lp_dns_proxy() -> lp_wins_dns_proxy() for clarity
      s3-param: Import parameters from lib/param to make this list common
      s3-param: Use same variable names as lib/param
      s3-param: Use same function name for "max xmit" as lib/param
      lib/param: Add a few more s3 parameters
      lib/param: Put common FN_ macros into param_functions.c
      s3-build: We do not have CHARSET modules any more
      s3-loadparm: Swap synonyms of max/min protocol to server max/min protocol
      lib/krb5_wrap: Move krb5_princ_size helper to source4 as it is only used there
      build: Make gss_wrap_iov mandatory for krb5 build
      s3-build: Fix configure checks for Heimdal
      s4-provision: Use the s3fs file server by default in migrations
      build: Add automatic compare of config.h files to recursive waf build
      .gitignore: remove already-gone gen-8bit-gap.sh
      lib/replace: Copy lib/system.c xattr wrappers to lib/replace
      lib/replace: DEBUG is not acceptable here, as this may not be linked into Samba
      lib/replace: We cannot use strchr_m in lib/replace
      lib/replace: xattr wrappers in lib/replace rather than source3/lib/system.c
      s4-xattr: Use libreplace xattr functions directly
      lib/replace: Merge remaining xattr test details from lib/util
      build: Always attempt to build posix ACLs
      lib/replace: Relicence xattr.c to LGPLv3
      build: Check correctly for sendfile (missing .h in header)
      libreplace: Fix autoconf build on platforms needing xattrs
      libreplace: Add missing tests for HAVE_MREMAP and HAVE_SHARED_MMAP
      ccan: fix autoconf test for isblank()
      build: Show extra configure results found by WAF as well
      build: Remove check for res_ninit (Revert "s3: Check for res_ninit")
      libreplace: Solaris needs system/dir.h for that xattr wrapper implementation
      libreplace: Fix build on MacOS where we have the same fn name but more arguments
      libreplace: Use true rather than True in xattr.c
      libreplace: Link libreplace against attr when required
      s3-build: Remove finddead
      libreplace: Fix up MacOS xattr functions
      s3-libnetapi: Cope with popt versions without POPT_TABLEEND
      lib/replace: Undo change of 0 -> NULL
      librepace: put #defines after #include "sys/xattr.h"
      lib/krb5_wrap: Remove unused smb_krb5_get_creds
      build: Match autoconf build and disable ACLs on MacOS (darwin)
      libreplace: Ensure we link xattr.c on MacOS
      libreplace: Remove autoconf build system
      libreplace: Add copyrights to ease tracking of this file in future
      Remove Manifest.  The information here was outdated
      s3-smbd: Remove support for protocols before LANMAN1
      VERSION: prepare for beta1 by setting and parsing the beta version
      WHATSNEW: Update for beta1
      s4-provision: Place xattr.tdb in the actual state directory
      s4-provision: Test for posix ACLs in the actual sysvol path
      WHATSNEW: Note FreeBSD improvements
      WHATSNEW: Mention trouble with DNS replication
      WHATSNEW: mention FreeBSD getaddrinfo() issue
      wintest: Fix test-s3.py to use smbclient3 under the name smbclient
      WHATSNEW: Add details on NTP and DNS as new protocols we cover
      Roadmap: Clarify that 4.0 is our next release
      build: Remove unused check for HAVE_UNSIGNED_CHAR
      build: Add test for HAVE_BROKEN_POSIX_FALLOCATE to waf build
      build: Add newlines for clarity
      VERSION: Mark release as beta1
      VERSION: mark as beta2 as we move on to the next release
      lib/replace: Fix snprintf() override for systems with a broken snprintf()
      build: Rationalise AIO support in configure, ensure on by default
      s3-libsmb: Fix error messages to correctly mention PLAINTEXT not LM
      build: Add missing deps and make MESSAGING a private library
      s4-libcli: Remove unused finddcs_nbt
      build: Tidy up broken posix_fallocate tests
      ccan: Only build ccan-failtest when we are in developer mode
      s4-selftest: Test samba-tool drs replicate --local --full-sync
      s3-smbd: Remove unused branches in negprot since security=share was removed
      pyldb: Ensure that the ldb argument is really an ldb before we dereference
      lib/param: simplfy lp_find_security()
      file_server: Use samba4 auth module for guest logins as well
      debug: Do not constantly rename logs when max log size = 0
      s3-auth: Give the SYSTEM token all privileges
      s3-auth: Fix system token generation not to dereference pointer as an integer
      s3-auth: Fix system info3 return to be just SID_NT_SYSTEM
      s3-auth: Merge SEC_DOMAIN and SEC_ADS cases in creating the default auth module list
      lib/param: Create a seperate server role for "active directory domain controller"
      lib/param: make security=domain and security=ads conflict with being a DC
      lib/param: Use server role = 'standalone server' to be consistant with member server
      s3-auth: rework default auth methods around the lp_server_role() parameter
      docs: document new server role values
      s3-lib: Convert lib/events.c to modern tevent names
      s3-build: Do not write loadparm generated files into the build tree
      s3-lib: Fix conversion of lib/events.c to modern tevent names
      build: Remove support for non-64bit sendfile()
      selftest: Add targetdir and tdbrestore parameters to undump.sh
      s4-dbcheck: Always specify the dhcheck control
      s4-selftest: Add tests for dbcheck on an old database that needs repair
      s4-idmap: Add mapping using uidNumber and gidNumber like idmap_ad
      s4-s3upgrade: improve idmap import to use posixAccount and posixGroup entries
      s4-s3upgrade: Add my wins.dat and fix the parsing error
      s4-s3upgrade: Assert that administrator has a SID of -500, and only skip root if it is -500
      s4-lib/param: FLAG DAY for the default FILE SERVER
      s4-classicupgrade: Use "samba classic" description for samba3 NT4-like domains in samba3upgrade
      WHATSNEW: Bump the version and announce the s3fs default
      s4-classicupgrade: Also ask testparm for 'smb passwd file'
      s3-passdb: Remove pdb_ads
      s3-auth: Remove auth_netlogond
      s3-auth: Fix system token as just being SID_NT_SYSTEM
      auth: Use only security_token_is_system to determine that a user is SYSTEM
      s3-auth: inline make_session_info functions into only callers
      s3-auth: make_new_system_info_session() not query passdb
      s3-auth: make_new_system_info_session() now does not query nss
      Revert "s4-libcli: Remove unused finddcs_nbt"
      s4-provision: Remove last unused remenants of the 'sid generator' configuration
      s4-provision: Remove --slapd-path option
      s4-idmap: Add parameter 'idmap_ldb:use rfc2307' and correct implementation errors
      WHATNEW: Update for the beta2 release
      VERSION: Mark as the beta2 release
      VERSION: Move on to beta3!
      s4-torture: Change the unix.whoami test to use torture_assert()
      s4-torture: Expand whoami test to confirm the user token.
      s4-provision: Give better clues on what Samba needs for s3fs ACL support
      s4-drepl: Ensure that the op->source does not get deallocated too early
      s4-classicupgrade: Allow DNS backend to be specified
      selftest: Test unix.whoami with kerberos on plugin_s4_dc
      s4-join: Import DNS zones in AD DC join
      s4-samba_upgradedns: Do not set DNS account for internal server
      s4-join: Setup correct DNS configuration
      s3-pdb_samba4: Allocate and free a talloc_stackframe() in pdb_samba4_replace_by_sam()
      s3-pdbtest: Report and handle errors in pdb->getsampwnam()
      s4-samldb: do not talloc_steal() the elements of the original request
      s3-pdbtest: Fix pdbtest to compare the same fields
      s3-pdbtest: show mis-matching times
      selftest: Add extra users to nss_wrapper
      selftest: allow NSS_WRAPPER_* vars to be exported to the environment
      s4-dsdb: Remove hooks for non-directory password handling
      s4-dsdb when setting DSDB_CONTROL_PASSWORD_BYPASS_LAST_SET_OID make it non-critical
      s4-selftest: Test login with a password expired user
      lib/ldb: Print trace messages for modify correctly
      s3-pdb_samba4: Fix time handling, use nt_time_to_unix()
      s3-pdb_samba4: Add support for lastLogon and lastLogoff
      s3-pdbtest: Initialise more elements for testing
      s4-selftest: expand passdb testing
      s3-pdb_samba4: Remove dupliate profilePath handling
      s3-param: Rename loadparm_s3_context -> loadparm_s3_helpers
      librpc/ndr: Initilaise the remainder of struct dom_sid after a pull
      selftest: use a loop rather than declare tests for both dc and s3dc
      selftest: run pdbtest against s3dc as well
      file_server: add [globals] to generated smb.conf
      selftest: Give Samba4 processes a little longer to clean up
      auth/gensec: Remove unused gensec_security parameter
      auth: Remove .get_challenge (only used for security=server)
      s4-dns: Remove dynamic DNS instructions for bind 9.7
      s4-bind: Remove patches now incorporated into bind9
      s4-dns: Remove refernece to BIND 9.7 supporting GSS-TSIG
      WHATSNEW: Update with fix for smbd-fileserver.conf.pid startup failures
      WHATSNEW: Mention Exchange 2010 support
      VERSION: Mark as the beta3 release
      VERSION: Move on to beta4!
      build: Run distcheck in the correct directory
      WHATSNEW: Spell out version, avoid samba4 except to refer to the past
      ldb: bump version due to header and internal implementation changes
      s4-dsdb: Use parent_object_guid to find the correct parent for new objects
      s4-dsdb: Give a much better error message when parentGUID generation fails
      s4-samba-tool: Provide a samba-tool domain dcpromo that upgrades a member to a DC
      s4-selftest: Test samba-tool domain dcpromo
      s4-classicupgrade: Demote any other 'BDC' accounts back to a member server during upgrade
      pyldb: Fix dn concat operation to be the other way around
      s4-pydsdb: Improve PyErr_LDB_{DN,}_OR_RAISE to use py_check_dcerpc_type
      s4-pydsdb: Add bindings for dsdb_find_nc_root()
      pyldb: Add bindings for ldb_dn_remove_base_components
      pydsdb: Add bindings for dsdb_wellknown_dn()
      s4-dsdb: Remove unused variables in py_dsdb_get_partitions_dn
      s4-dbcheck: Check for an object without a parent
      s4-selftest: do a dbcheck on our two vampire DCs
      lib/ldb: Bump ldb release due to pyldb changes
      s3-auth Remove confusing reference to global_machine_password_needs_changing
      s3-auth Remove unused global_machine_account_needs_changing
      lib/util: Allocate enough space to reference blob->data[len]
      s3-auth_samba4: Explain that check_samba4_security is actually unused
      s3-secrets: Use C99 types
      s4-param: Use a unique header name
      auth/credentials: Look in the secrets.tdb for the machine account
      pytdb: Check for errors parsing strings into TDB_DATA
      pytdb: Check if the database is closed before we touch it
      WHATSNEW: prepare for 4.0 beta4
      VERSION: Mark as the beta4 release
      VERSION: Move on to beta5!
      s4-dsdb: Ensure we never write read-only objects onto a read-write replica
      s4-dsdb: Allow dbcheck to correct an incorrect instanceType
      dsdb: Allocate new OID to allow updates of a read-only replica
      s4-dbcheck: Check for and correct incorrect instanceType values
      s4-librpc: Ensure we do not call call the decrpc timeout handler during gensec_update()
      s4-lib/tls: Try socket_send() multiple times to send partial packets
      s4-torture: Also print GID values in whoami test
      s4-torture: Allow unix.whoami to test against a member server
      s4-torture: Move check of map-to-guest above SID list check
      Revert "s3:auth make sure the primary group sid is usable"
      selftest: Run unix.whomai against the machine acccount as well
      auth/credentials: Remove extra newline
      s3-rpc_server: Remove make_server_info_info3() call from make_server_pipes_struct()
      s3-auth Use correct RID for domain guests primary group
      lib/param: bring lp_time_server() into common
      lib/param: Add my copyright
      s4-param: Remove unused "idmap trusted only"
      s3-param: Make lp_name_resolve_order() return a list
      lib/param: bring lp_smb_ports() into common by making it a list everywhere
      s3-param: Remove special case for lp_ctdbd_socket(), set CTDB_PATH as default
      build: Add -Werror=address to the developer build
      param: Make the 'unicode' parameter common
      param: Make internal handler for 'server role' common
      s3-param: Merge a number of s4 parameters from lib/param to make this table common
      s3-param: fix indent on cups encrypt
      s3-param: Merge parameter varaibles with lib/param
      lib/param: Remove "ntptr providor" and hard-code in s4 spoolss server
      lib/param: Remove 'case insensitive filesystem'
      lib/param: Rename param_enums.c to param_table.c
      lib/param: Move all enum declarations to lib/param
      lib/param: Make lp_usershare_max_shares() a common parameter
      lib/param: Merge handling of security/domain master/domain logons/server role
      lib/param: Add handler overrides
      lib/param: Re-arrange TLS parameters into their own section
      lib/param: Rearrange AD DC options to make a merge with the source3 table easier
      lib/param: Merge DNS parameters with source3 param
      lib/param: Merge Winbind parameters from source3 into lib/param
      lib/param: Merge VFS and MSDFS parameters from source3 into lib/param
      waf: Update to newer upstream snapshot.
      lib/param: Merge "Miscellaneous Options" section from source3/param
      lib/param: Merge "EventLog Options" section from source3/param
      lib/param: Merge "Ldap Options" section from source3/param
      lib/param: Merge "Locking Options" section from source3/param
      lib/param: Merge "WINS Options" section from source3/param
      lib/param: Merge "Browse Options" section from source3/param
      lib/param: Merge "Logon Options" section from source3/param
      lib/param: Merge "Domain Options" section from source3/param
      lib/param: Merge "Filename Handling" section from source3/param
      s3-build: Make recursive waf build a developer build again (to build developer test facilities)
      lib/param: Merge "Printing Options" section from source3/param
      lib/param: Merge "Tuning Options" section from source3/param
      lib/param: Merge "Protocol Options" section from source3/param
      s3-param: Merge "log file" parameter with lib/param
      lib/param: Merge "Logging Options" section from source3/param
      lib/param: Merge "Security Options" section from source3/param
      lib/param: Merge in source3 parameters into parmeter table
      lib/param: Merge parameter tables into a common file
      param: Make socket_address common, Revert 611ef42053eb99f4c29d4efa86eaea9f1ca06286
      docs: Mark "socket address" as deprecated
      lib/param: Remove unused "paranoid server security"
      lib/param: Mark lpcfg_cachedir and lpcfg_statedir as const char *
      lib/param: Remove use of lp{cfg,}_socket_address outside the NBT client and server
      lib/param: Rename "socket address" to "nbt client socket address" to clarify role
      s4-dbcheck: Add lastKnownParent when moving an object to lostAndFound
      s3-libsmbclient: Add missing talloc_stackframe() calls
      s4-repl: Use NULL for pointer test when checking for ldb_msg_new() failure
      s4-repl: Use ldb_dn_new() to create the rootDSE DN
      s4-librpc: Fix private context for dcerpc_connect_timeout_handler
      s4-dsdb: Provide a way to handle conflicts due to rename
      s4-dsdb: Provide a way to force incoming renames to take priority
      s4-dsdb: Change move to lostAndFound to use container in this partiion and add debugging
      s4-dsdb: Do not strip base components off DN before searching for NC root
      s4-dsdb: Fill in lastKnownParent when moving to lostAndFound
      s4-samba-tool ldapcmp: Add ridNextRID and rIDPreviousAllocationPool as per-DC attributes
      s4-samba-tool ldapcmp: Fix synopsis
      auth/kerberos: Do not do pointer arithmatic on a void *
      lib/ccan: Fix format string errors found by -Werror=format in ccan failtest
      lib/ntdb: Fix format string errors found by -Werror=format in ntdb tests
      lib/tdb: Fix format string errors found by -Werror=format in tdb tests
      s4-torture: Fix format string errors found by -Werror=format
      build: Add more -Werror flags now the tree is clean of these errors
      s3-utils: Add cast to fix error found by -Werror=format
      ldb: Add parameter to avoid NULL format string flagged by -Werror=format
      s4-dsdb: Request extended DN and show deleted when searching for a possible parent
      lib/ldb: Ensure rename target does not exist before deleting old record
      s4-dsdb: Handle rename conflicts in both directions
      s4-dsdb: Improve tracing in repl_meta_data
      s4-dsdb: Replace any existing lastKnownParent attribute during delete
      s4-repl: Add tests for add replication conflicts and use of LostAndFound
      WHATSNEW: prepare for 4.0 beta5
      VERSION: Mark as the beta5 release
      VERSION: Move on to beta6!
      s3-pypassdb: Fix wrapper for pdb_domain_info to return correct dns_{domain,forest}
      s3-pysmbd: Add set_nt_acl() function based on parts of vfstest
      s3-pysmbd: Add my copyright
      s3-pysmbd: fix DEBUG
      s3-pysmbd: Add hook for get_nt_acl()
      build: fix typo
      lib/param: Also enable vlp when --enable-selftest is specified
      build: Remove duplicate declaration of --enable-selftest
      Rework recursive waf build to be a selftest-enabled not a developer build
      build: Make -Werror=format check only run where NULL is still accepted
      Revert "ldb: Add parameter to avoid NULL format string flagged by -Werror=format"
      s3-pysmbd: Add talloc_stackframe() to smbd_set_simple_acl wrapper
      s3-passdb: Simplify idmap wrapper in pdb_samba4
      s3-pysmbd: Use talloc_zero()
      s3-pysmbd: Try opening as a file, then as a directory
      s4-smbd: Check for failure of irpc_add_name
      s4-scripting: Remove unused variables from ntacl tests
      s3-param: Remove never-reached condition for opt_list == NULL
      s3-param: Remove never-reached condition for popts == NULL
      build: Remove pdbtest from the autoconf build
      s3-torture: Extend pdbtest to also run an authentication unit-test
      selftest: Rename samba4.blackbox.pdbtest to samba.blackbox.pdbtest
      s4-dsdb: Reduce calls to the ldb layer by reloading less often
      s4-dsdb: simplify migration of old-style seqence numbers to metadata.tdb
      s4-dsdb: Remove ldb_sequence_type argument from partition_primary_sequence_number
      s4-dsdb: Change talloc parent
      s4-pydsdb: Provide control of if we should write index attributes when reloading a schema
      s4-dsdb: Ensure we have indexing enabled during the provision
      s4-dsdb: Do not reload partition metadata except on transaction start
      s4-dsdb: Remove strcasecmp() fallback in replmd_ldb_message_element_attid_sort
      lib/ldb: Use tdb_exists() rather than tdb_fetch()/talloc_free()
      s3-events: Do not vasprintf() the tevent debug messages that will not be shown
      s4-events: Do not vasprintf() the tevent debug messages that will not be shown
      lib/ldb: Do not vasprintf() the tevent debug messages that will not be shown
      s4-ldb_wrap: Do not vasprintf() the ldb debug messages that will not be shown
      lib/ldb: Use tdb_parse_record and a callback rather than tdb_fetch()
      s4-dsdb: Explain better what records are written during schema set
      nsswitch: add ABI checking and symbol versions to libwbclient
      s3-smbd: Create a shortcut for building the token of a user by SID for posix_acls
      s3-smbd: Convert posix_acls.c to use struct unixid internally
      s3-smbd: Merge ACE entries based on mapped UID/GID not SID
      s3-nfs4acls: Remove lookup_sid and sidmap from NFSv4 ACL mapping and check gid first
      s4-dsdb: Use only the replication USN for schema reload.
      s4-dsdb: Remove support for per-partition sequence numbers
      s4-dsdb: Take more care in handling of global schema memory
      s3-vfs: Put vfs_aixacl_util.c helper functions into a header file
      WHATSNEW: prepare for 4.0 beta6
      VERSION: Mark as the beta6 release
      VERSION: Move on to beta6!
      s4-dsdb: Add const
      s4-dsdb: Improve memory handling in kccsrv_find_connections() by adding a tmp_ctx
      s4-dsdb: Improve memory handling in kccsrv_add_connection()
      s4-dsdb: Improve memory handling in dsdb_schema_from_ldb_results() by adding a tmp_ctx
      s4-dsdb: Add mem_ctx argument to samdb_ntds_settings_dn
      s4-libnet: Improve debugging of libnet_BecomeDC LDAP errors
      s4-libnet: Prepare libnet_BecomeDC for samdb_reference_dn() returning an extended DN
      s4-dsdb: Use ldb_dn_copy() rather than talloc_reference()
      s4-dsdb: Add helper function samdb_reference_dn_is_our_ntdsa()
      s4-repl: Use samdb_reference_dn_is_our_ntdsa()
      s4-dsdb: Use samdb_reference_dn_is_our_ntdsa()
      s4-dsdb: Add samdb_dn_is_our_ntdsa()
      s4-dsdb: Use samdb_dn_is_our_ntdsa()
      s3-passdb: Silence scary DEBUG(0) message on first use of secrets.tdb databases
      selftest: Add knownfail for samba3.winbind.wbclient.wbcPingDc2
      s3-smbd: Change allocation of smb_acl_t to talloc()
      pidl: Add mode_t as an alias so we can marshall posix ACL structures
      s3-smbd: Move smb_acl_t declaration to smb_acl.idl
      s3-smbd: Call sys_acl_get_perm() directly rather than via the VFS
      s3-smbd: Call sys_acl_get_permset() directly rather than via the VFS
      s3-smbd: Call sys_acl_get_tagtype() directly rather than via the VFS
      s3-smbd: Call sys_acl_get_qualifier() directly rather than via the VFS
      s3-smbd: Call sys_acl_free_qualifier() directly rather than via the VFS
      s3-smbd: Call sys_acl_get_entry() directly rather than via the VFS
      s3-smbd: Call sys_acl_free_qualifier() directly rather than via the VFS
      s3-smbd: Call sys_acl_free_acl() directly rather than via the VFS
      s3-smbd: Call sys_acl_init() directly rather than via the VFS
      s3-smbd: Call sys_acl_clear_perms() directly rather than via the VFS
      s3-smbd: Call sys_acl_add_perm() directly rather than via the VFS
      s3-smbd: Call sys_acl_create_entry() directly rather than via the VFS
      s3-smbd: Call sys_acl_set_tag_type() directly rather than via the VFS
      s3-smbd: Call sys_acl_set_qualifier() directly rather than via the VFS
      s3-smbd: Call sys_acl_set_permset() directly rather than via the VFS
      s3-smbd: Remove unused conn argument from convert_permset_to_mode_t()
      s3-smbd: Remove sys_acl_*() VFS wrapper functions
      s3-sysacls: Remove sys_acl_free_acl() and replace with TALLOC_FREE()
      s3-sysacls: Remove sys_acl_free_qualifier() as it is a no-op
      librpc/idl: Make smb_acl_t public so we can pull/push it as a blob
      s4-selftest: Fix test name for samba.tests.dcerpc.bare
      s3-vfs: ensure we strictly free the talloc_stackframe
      s3-vfs: Avoid loops in VFS modules: call _NEXT functions in xattr emulation
      s3-vfs: Set errno in xattr emulation
      fix printf warning in net connections
      s3-selftest: convert stream_depot vfstest driver into a subunit test
      s3-selftest: convert xattr-tdb-1 vfstest driver into a subunit test
      librpc/idl: Fix acl array definition in smb_acl_t
      s3-vfs: Add new VFS module to fake setting an ACL
      s3-vfs: Continue to make vfs_xattr_tdb non-recursive
      selftest: Extend xattr-tdb-1 vfstest to call stat
      s3-smbd: Do not check no_acl_syscall_error(errno) after sys_acl_init()
      s3-torture: Initialise fsp fully in vfstest open
      s3-torture: Use talloc more in vfstest
      s3-torture: Add ACL commands to vfstest
      s3-selftest: Add a seperate test for ACL tests using vfstest
      s3-torture: Allow vfstest to set ACLs on a directory
      s4-dsdb: Ensure we always free tmp_ctx in schema refresh check
      build: Ensure -Werror=format works with -Wformat=2 on NULL format strings
      s4-kcc: Avoid use-after-free of dn and add tmp_ctx
      s4-dsdb: Use tmp_ctx in kccsrv_check_deleted to avoid leaking memory onto part->dn
      s3-vfs: Allow vfs_xattr_tdb to work without a connected share
      s4-ntvfs: Ensure we do not attempt to write EAs on streams
      s4-ntvfs: Add TODO on ea_size
      s3-smbd: Push smb_fname into estimate_ea_size
      s3-smbd: Do not look for EA information on a stream
      s3-smbd: ensure we give appropriate errors for EA requests on streams
      s3-vfs: Use the system. namespace for fake ACLs
      s3-vfs: Correct the implementation of fake_acls_sys_acl_delete_def_file()
      s3-vfs: Add lstat and lchown hooks to the vfs_fake_acls module
      s3-build: Enable vfs_fake_acls when in developer mode or on the build farm
      build: Do not put a .distversion file into the GIT tree
      WHATSNEW: Remove over-caution on s3fs and explain browsing better
      doc-BUILD_SYSTEMS.txt: The grand rename is complete
      s4-torture: Improve raw.streams test to cover EAs and to use torture_assert()
      s4-torture: Show that we cannot have extended attributes on streams
      s4-torture: Show that we cannot list extended attributes on streams
      selftest: Use new fake_acls module
      s4-torture: Use torture_fail() in the unix.unix_info2 test
      build: Remove accidentily added line in samba_version.py
      build: Remove special case for the build farm
      s3-pysmbd: Add hook for a VFS chown()
      s3-passdb: Allow pdb_sid_to_id to work on any SID
      s3-pysmbd: Correct comments in python VFS bindings
      s3-pysmbd: Add get/set functions for the posix ACL layer
      build: Create bin/ when doing 'waf dist' from a fresh checkout
      s3-vfs: Make vfs_aio_fork erratic timing behaviour a run-time option
      selftest: Add tests for vfs_aio_fork
      s4-provision: pass use_ntvfs from C wrappers and set to true in tests/vampire
      s4-classicupgrade: Add --use-ntvfs option
      selftest: Specify --use-ntvfs to provision in test scripts
      selftest: Pass --use-ntvfs to provison in renamedc test
      s3-vfs: Remove extra calls to SMB_VFS_HANDLE_GET_DATA
      s4-python: complete python bindigns for smb_acls.idl
      s3-pysmbd: Correct the python type for smb_acl_t
      s4-python: Complete python bindings for idmap.idl
      selftest: Specify --use-ntvfs for the chdcpass environment
      selftest: Specify --use-ntvfs when testing the LDAP backend init code
      selftest: Specify --use-ntvfs when testing the newuser code
      selftest: Specify --use-ntvfs when testing the group code
      selftest: Set --use-ntvfs for rodc, vampire_dc, promoted_vampire_dc and subdom_dc
      s4-upgradeprovision: Use ntvfs in reference provision
      s4-dsdb: Do not use a possibly-old loadparm context in schema reload
      s4-dsdb: Remove unused variables
      file_server: Move default VFS module settings to loadparm.c
      s4-provision: set POSIX ACLs to for use with the smbd file server (s3fs)
      s4-scripting: Redefine getntacl() as accessing via the smbd VFS or directly
      selftest: Add a test of the NT ACL -> posix ACL mapping layer
      selftest: Extend posixacl test to check the actual ACL
      selftest: Cope with the multiple possible representations of -1 in posixacl.py
      selftest: Add a test of the NT ACL -> posix ACL mapping layer to selftest
      s4-samba-tool: Add 'samba-tool ntacl sysvolreset' tool
      s3-pysmbd: Allow a mode to be specified for the simple ACL
      s4-provision: Fix internal documentation
      s3-pysmbd: Fix error message
      param: Add startup checks for valid server role/binary combinations
      s4-selftest: Add testing of samba-tool ntacl sysvolreset
      s3-smbd: Add talloc_stackframe() to get_nt_acl_no_snum()
      s3-pysmbd: Fix return type of smbd.get_nt_acl
      s3-smbd: Add security_info_wanted argument to get_nt_acl_no_snum
      s4-samba-tool: Add samba-tool ntacl sysvolcheck command
      s4-selftest: Add test for samba-tool ntacl sysvolcheck
      s4-selftest: Always set vfs objects in selftest smb.conf
      s3-param: Avoid assert on use of talloc_tos() without stackframe
      examples: Remove security=share and security=server from example smb.conf
      s4-libnet: Ensure termination of enctype array in libnet_export_keytab()
      lib/krb5_wrap: Bring list of all enc types into krb5_wrap
      lib/krb5_wrap: Move kerberos_enctype_to_bitmap() into krb5_wrap
      s4-classicupgrade: Use s3param.get_context() instead of result.lp
      s4-classicupgrade: Do all the queries of data before the provision()
      s4-classicupgrade: Read WINS DB before the provision
      lib/krb5_wrap: Move enctype conversion functions into a simple helper file
      s3-secrets: Add helper function to set machine account password from secrets_tdb_sync
      s3-secrets: Handle all valid ROLE_ values in get_default_sec_channel()
      s3-secrets: Use talloc_stackframe() in secrets_init_path()
      s4-dsdb: Add secrets_tdb_sync - an ldb module to keep secrets.tdb in sync
      s4-dsdb: Remove double-free in update_keytab module
      auth/credentials: Expand secrets.tdb fetch of secrets to preserve workstation and realm
      selftest: Add test of smbclient --machine-pass against and using both s3 and s4
      auth/credentials: Rework credentials handling to try and find the most recent machine pw
      s3-passdb: Allow reload of the static passdb from python
      s4-classicupgrade: Do the setting of the sysvol ACLs last, after idmap is configured
      selftest: Fix comment in blackbox_s3upgrade.sh
      WHATSNEW: prepare for 4.0 beta7
      VERSION: Mark as the beta7 release
      VERSION: Move on to beta8
      s3-vfs_shadow_copy2: Also accept a sscanf result
      s3-vfs: Try to be consistent about localtime vs GMT handling in vfs_shadow_copy2
      s3-vfs: Indicate the symlink destination when failing check_reduced_name
      lib/ldb: Bump ldb version to 1.1.11
      s3-classicupgrade: Fix import from ldap
      auth/credentials: Avoid double-free in the failure case
      selftest: Add a test for smbclient --machine-pass without secrets.tdb
      auth/credentials: Improve memory handling in cli_credentials_set_machine_account
      auth/credentials: Better integrate fetch of secrets.tdb and secrets.ldb records
      auth/credentials: Remove unused, and un-declared cli_credentials_set_krbtgt()
      lib/ldb: Avoid printing secret attributes in ldb trace logs
      s4-dsdb: Avoid printing secret attributes in ldb trace logs
      s4-libnet: Fix passing samba_all_enctypes as a fn rather than the encrypt array it returns
      lib/krb4_wrap: Add const to kt_copy_one_principal
      s4-torture: Add start of a test to confirm winbindd PAC parsing
      auth/credentials: Support match-by-key in cli_credentials_get_server_gss_creds()
      WHATSNEW: prepare for 4.0 beta8
      VERSION: Mark as the beta8 release
      VERSION: Move on to beta9
      auth/credentials: Do not print passwords in a talloc memory dump
      s4-libnet: Fix memory leak of lsa_RefDomainList and lsa_String onto libnet_ctx
      s4-kdc: Give information on how long the password history is
      s4-dsdb: Remove unused tmp_ctx leaked onto long-term ldb_context
      s4-kdc: Improve grammer and clarity of password change failure messages.
      s4-dsdb: Remove unused variables
      selftest: skip tests if the tarball did not include the alpha13 provision
      build: Only make bin/ if it does not exist
      s4-classicupgrade: Show more clearly what is wrong with the Adminstrator SID
      build: skip shipping the alpha13 provision in the release tarballs
      docs: Remove docs for removed parameter 'parinoid server security'
      docs: Remove references to security=share and security=server from the smb.conf docs
      docs: Fix undocumented target to find smb.conf directives in the right place
      remove extra tab from Makefile
      docs: Remove docs for removed parameter 'display charset'
      docs: Remove merged-branches.txt
      docs: Update Roadmap
      docs: Move Samba4 HOWTO link into README
      s3-passdb: Rename pdb_samba4 to samba_dsdb and autoconfigure when we are a AD DC
      s4-samba-tool: Ensure we also sync the SACL as well as the DACL during sysvolreset
      file_server: Clarify code by avoiding a goto
      s4-selftest: Try to make ntacl unit tests better match their names
      s4-selftest: Try a more complex ACL - this example from a GPO
      build: remove unused HAVE_NO_ACLS define
      file_server: Run task_server_terminate when smbd exists
      build: vfs_fake_acls does not need the acl lib
      build: Remove references to charset modules - we no longer have these
      build: sync the waf ACL checks with configure.in
      file_server: Remove explicit set of passdb backend in fileserver.conf
      build: Remove unused deps from vfs modules
      s4-provision: Fix error message to contain the string SSDL of the failed-to-match ACL
      samba_tool: Fix ntacl get to correctly output in sddl
      samba_tool: Improve samba-tool ntacl get/set to use the local sam.ldb SID
      selftest: Add python blackbox tests for samba-tool ntacl get/set
      s3-printing: Restrict printing=cups to systems with cups development headers at build time
      join.py: Only replicate DNS zones if the source DC had DNS zones
      selftest: Add tests for the dlz_bind9 module
      selftest: Test configure stage of dlz_bind9
      build: Do not compile lib/sysquotas*.c files as part of configure
      build: Remove Unicos support (quota in particular)
      s3-configure: Only use sysquotas by default
      s3-smbd: Remove Linux support from old (pre-sysquotas) code
      s3-smbd: Remove BSD support from old (pre-sysquotas) code
      s3-smbd: Remove HPUX support from old (pre-sysquotas) code
      s3-smbd: Remove IRIX support from old (pre-sysquotas) code
      s3-smbd: Remove remaining references to removed OS support in old-style quota code
      torture: Add discard_const_p() to work around dlz_create prototype
      provision: Only give the "no posix ACLs" exception if we could not set the SD
      smbd: Print ACL used to create hash in vfs_xattr_common
      smbd-posix_acls: Use a IDL union to store the ACL entry
      smbd: Remove pre-allocation of ACL array in sys_acl_init()
      smbd: Add extra VFS hooks to get the posix ACL as a blob
      dns_server: Attempt to SET and UNSET the sessionInfo to match the incoming user
      dns_server: Remove parameter 'dns recursive queries' and base this on 'dns forwarder'
      wintest: Rework support for the internal DNS server
      wintest: Fix --use-ntvfs handling
      docs: Update docs to the modern age of Samba 4.0
      docs: Remove distinction between server and domain accounts
      docs: remove references to security=server
      docs: update for modern kerberos libs
      build: Fix build on systems without ldap development headers
      docs: Remove confusing reference to smb signing and client use spnego
      docs: Remove references to old kerberos behaviour
      docs: Remove references to Subversion, replace with wiki link
      docs: Remove out of date links to pserver.samba.org and old tarballs
      docs: Remove referenece to autogen.sh and document waf build instead
      docs: Remove referenece to old Red Hat Linux habits on winbindd
      docs: Update BDC docs to recognise the AD DC and to exclusivly recommend LDAP
      docs: Remove reference to inetd startup, it is not recommended
      docs: Clarify TOSHARG-Bugs for 2012
      docs: Update FastStart: remove security=share, avoid disable spoolss
      docs: Remove very outdated TOSHARG-Portability section
      docs: Remove very outdated TOSHARG-Other-Clients section
      docs: Remove references to sysv-style CUPS from TOSHARG-CUPS-printing
      docs: Remove references to mulitple passdb backends
      docs: Remove references to specific windows versions, instead mention Home/Professional/Server
      docs: Remove another reference to security=share
      ldb: bump version to 1.1.13 so the 4.0 release can get the isprint fix
      libwbclient: bump ABI to 0.11 as wbcAuthenticateUserEx now provides PAC parsing
      auth/kerberos: add HAVE_KRB5 guard to fix non-krb5 build after winbindd pac changes
      build: Try not build with LDAP if we do not have ldap.h
      build: Fix enabled handling for HAVE_LDAP, we need to use bld.CONFIG_SET
      ntdb: Try to fix the build on Solaris which does not have err
      lib/replace: Try to fix build on HP-UX for os2_delete test
      build: Remove unused IRIX and IRIX6 defines
      lib/util: Remove unbuilt file util_getent.c and BROKEN_GETGRNAM
      build: Rework waf STAT_ST_BLOCKSIZE to match autoconf, with 512 as the default
      build: Make waf configure match autoconf for HPUX ACLs
      lib/replace: Remove unused nap and therefore the SCO define
      build: Remove unused define UNIXWARE
      lib/replace: Improve mkstemp test in autoconf and waf
      lib/replace: Look for special flags needed for c99
      build: Add missing dep on tdb_compat
      torture: tidy up rpc.lsa OpenPolicy2 test to more clearly use torture_fail()
      torture: use torture_assert rather than return false in rpc.lsa
      torture: More torture_assert() calls in rpc.lsa
      build: Fix detection of quotas on macos
      client: Fix talloc_stackframe() free order assertion in developer mode
      docs: Update TOSHARG-Install
      docs: Remove references to default paramters in TOSHARG-PDC
      docs: Explain the no-domain-logons restriction applies to all HOME editions
      docs: Add mention of AD DC support in TOSHARG-PDC
      docs: Remove Win9X/WinMe mentions from TOSHARG-PDC
      docs: Fix typo in TOSHARG-Passdb
      docs: Remove mention of auth methods in TOSHARG-Passdb
      docs: Change TOSHARG-VFS to avoid suggesting VFS modules are Linux/IRIX only
      lib/util/charset: Try to find iconv on HP-UX
      lib/util/charset: We do not use fucntions from wchar.h any more
      selftest: Remove invalid security=share and rename secshare to simpleserver
      samba_dnsupdate: Move to using tmpfile/rename to keep the dns_hosts_file consistent
      samba_dnsupdate: Safely update/create names for Samba3 targets as well
      build: Add waf configure support for non-linux quotas
      build: Remove unused samba_cv_sysquotas_file variable from autoconf configure
      build: Set HAVE_SYS_QUOTAS and WITH_QUOTAS if we have any supported sysquota backend
      build: Remove unused --with-sys-quotas option
      nsswitch: Add waf tests for solaris special cases
      lib/replace: Add test for what flag we need for -Werror behaviour
      build: Fix quota tests, including move of sysquotas.c to the top level
      build: Remove duplicate check for struct getquota_rslt member getquota_rslt_u
      selftest: use an array when starting testenv with system()
      selftest: Always build a linux-style nss_winbind for nss_wrapper
      nsswitch: Build nss_winbind on all supported platforms
      wintest: bump version to 4.1
      wintest: Add config file for a second host
      wintest: Give netdom join more time to complete
      wintest: Give dcpromo more time
      samba-tool: skip chown in sysvolreset when it would fail on a GID
      posixacls: Add IDL changes for vfs_acl_xattr using hash of the sys acl
      build: Add vfs_media_harmony to the waf build
      smbd: Add mem_ctx to sys_acl_init() and all callers
      smbd: Add mem_ctx to {f,}get_nt_acl VFS call
      vfs: Remove type parameter from sys_acl_blob_get_{fd,file}
      vfs: Implement a sys_acl_blob_get_{fd,file} for POSIX ACL backends
      vfs: Use a blocking function in vfs_afsacl for system ACL blobs
      vfs: Use posix_sys_acl_blob_get_file in vfs_aixacl
      vfs: Use posix_sys_acl_blob_get_file in vfs_aixacl2 for posix ACLs
      vfs: Use posix_sys_acl_blob_get_file in vfs_default for posix ACLs
      vfs: Use posix_sys_acl_blob_get_file in vfs_fake_acls for posix ACLs
      vfs: Use posix_sys_acl_blob_get_file in vfs_gpfs for posix ACLs
      vfs: Use posix_sys_acl_blob_get_file in vfs_hpux for posix ACLs
      vfs: Use posix_sys_acl_blob_get_file in vfs_irix for posix ACLs
      vfs: Use posix_sys_acl_blob_get_file in vfs_posixacl for posix ACLs
      vfs: Use posix_sys_acl_blob_get_file in vfs_solarisacl for posix ACLs
      vfs: Use posix_sys_acl_blob_get_file in vfs_tru64acl for posix ACLs
      vfs: Use a blocking function in vfs_zfsacl for system ACL blobs
      examples: Re-indent and reformat skel VFS modules
      vfs: Improve formatting of vfs_default
      vfs: Improve formatting of vfs_fake_acls
      vfs: Fix alternative posix and no-op sys acl implementations to take a mem_ctx
      vfs: Remove irixacl module (all the fucntions in it are unimplemented)
      build: Remove --disable-shared
      rpc_server:srvsvc Remove psd variable that was no longer set by SMB_VFS_FGET_NT_ACL
      smbd: Always free the talloc_stackframe() before leaving smbd_do_query_security_desc
      dns_server: Try and use the dns-SERVER account if we were configured with it
      provision: No longer use the wheel group in new AD Domains
      build: Assert that auth_domain, auth_builtin, auth_sam, auth_winbind are builtin
      vfs: Fix compilation of ACL support on solaris
      lib/replace: Fix detection of rpcsrv/yp_prot.h on FreeBSD
      lib/replace: Fix detection of prctl
      lib/replace: Fix configure on FreeBSD: define_ret is not correct here
      build: Add #define FREEBSD on FreeBSD
      dsdb-cracknames: Always use talloc_zero()
      dsdb-cracknames: Return DRSUAPI_DS_NAME_STATUS_NO_MAPPING when there is no SID
      pysmbd: Fix pysmbd octal mode handling
      selftest: Add many more tests for our posix ACL handling
      selftest: Cover one more NT ACL invalidation case and improve comments
      selftest: Cover the important non-Samba invalidation of the NT ACL
      selftest: Always unlink the tempf in posixacl test
      dbwrap: use talloc_stackframe() in db_tdb_log_key()
      python-ntacls: Cope with ACL revision 4
      pysmbd: Add hook for unlink() so python scripts can remove xattr.tdb entries
      pysmbd: Remember to close files after setting the NT ACL
      pysmbd: Set umask to 0 during smbd operations
      vfstest: set umask(0) in vfstest
      provision: Fix comments in checksysvolacl
      sefltest: use TestCaseInTempDir and setUp/tearDown for posixacl.py temp file
      lib/replace: Return size of xattr if size argument is 0
      build: Remove support for IDL-generated files in git tree
      pidl: Remove depends_on=PIDL_MISC as it sets -I/ into CFLAGS
      imessaging: Add irpc_all_servers() to list all available servers
      pymessaging: Use the server_id IDL structure rather than a tuple
      pymessaging: Add irpc_servers_byname() and irpc_all_servers()
      samba-tool: Add samba-tool processes subcommand
      ldb: Change ltdb_unpack_data to take an ldb_context
      ldb: Remove no-longer-existing ltdb_unpack_data_free from ldb_tdb.h
      ldb: Add ldbdump, based on tdbdump
      file_server: put set create mask and directory mask in fileserver.conf
      s3-param: Move the options needed for running smbd in the AD DC to loadparm
      vfs_acl_common: In add_directory_inheritable_components allocate on psd as parent
      selftest: Add skip for DIR1 test which loops on 64 bit ext4
      libads: Always free the talloc_stackframe() on error path
      buildtools: Remove extra space from global: line
      selftest: check that samba-tool gpo works for basic operations
      wintest: Try harder to recover from apparent failure to dcpromo
      provision: Also walk directories checking ACLs
      provision: Make dsacl2fsacl() take a security.dom_sid, not str
      samba-tool: Rework ldap attribute fetch in classicupgrade for missing attributes
      selftest: Make samba.tests.ntacl also use TestCaseInTempDir
      pysmbd: Add SMB_ACL_EXECUTE to the mask set by make_simple_acl()
      selftest: Add tests for expected behaviour on directories as well as files
      selftest: Avoid test cross-contamination in samba.tests.posixacl
      ntp_signd: move socket directory to var/lib not var/run for permissions change
      ntp_signd: Only allow group access to the ntp signd directory.
      selftest: Avoid returning errors (rather than failures) in gpo test
      Revert "selftest/skip: add samba.tests.samba_tool.gpo until it's stable"
      selftest: Add --tmpdir to 'samba-tool gpo create' test
      Ensure we Correctly set fsp->is_directory before dealing with ACLs.
      smbd: Correctly set fsp->is_directory before dealing with ACLs
      Change get_nt_acl_no_snum() to return an NTSTATUS, not a struct security_descriptor *.
      smbd: Remove NT4 compatability handling in posix -> NT ACL conversion
      ntvfs: Fill in sd->type based on the new ACL being added
      scripting ntacls: Do not place a SACL in the GPO filesystem ACL
      samba-tool: Add new samba-tool gpo aclcheck and test
      s3-param: Handle setting default AD DC per-share settings in init_locals()
      dsdb: Make secrets_tdb_sync cope with -H secrets.ldb
      lib/replace: Do not use STRERROR_R_PROTO_COMPATIBLE as only roken.h sets this
      build: Use ntlm_auth from source3 as the only ntlm_auth installed on the system
      torture: remove source3 locktest and masktest
      build: Be consistent with the name of smbtorture binaries
      build: Remove --enable-smbtorture, require bin/smbtorture (from waf) for make test
      packaging: Remove long-gone --disable-merged-build from RHEL-CTDB packaging
      build: Do not install testing binaries
      scripting: Handle missing LDAP entries in samba-tool domain classicupgrade
      build: Install .po files for SWAT intl support
      smbd: Split create_conn_struct into a fn that does not change the working dir
      smbd: Fix calls to create_conn_struct_cwd to be correctly indented.
      pysmbd: Convert pysmbd to take an optional service to connect to
      scripting-ntacls: Optionally allow the service to be specified.
      scripting-provision: Set sysvol ACLs on the sysvol share
      pysmbd: Change to keyword based arguments
      samba-tool Add --service argument to samba-tool ntacl get/set
      smbd: Rework create_conn_struct to use conn_new()
      selftest: show that Samba honours "write list" and valid users
      build: Remove bashism from SAMBAMANPAGES rule
      vfs: Fix compilation of solaris ACL module
      passdb: Add discard_const_p() to pdb_samba_dsdb
      swat: move russian swat files alongside ja and tr
      build: Make install_with_python.sh executable
      build: In install_with_python.sh force using the python from the install we just made
      build: Make install_with_python.sh more portable
      build: Set LD_LIBRARY_PATH in install_with_python.sh
      s4-dbcheck: Allow forcing an override of an old @MODULES record
      dsdb-acl: give error string if we can not obtain the schema
      selftest: Add test for rfc2307 mapping handling
      s4-idmap: Remove requirement that posixAccount or posixGroup be set for rfc2307
      samba-tool classicupgrade: Do not print the admin password during upgrade
      scripting/samba_upgradedns: Only look for IPv4/IPv6 addresses if we actually them
      selftest: skip base.dir2 tests as they just spin on modern ext4
      dsdb: Make linked_attributes module GUID based for renames
      libcli/security: Ensure to fill in remaining_access for the initial case (bug #9554 - CVE-2013-0172)
      dsdb-acl: Run sec_access_check_ds on each attribute proposed to modify (bug #9554 - CVE-2013-0172)
      dsdb: Add test for modification of two attributes, one permitted, one denied (bug #9554 - CVE-2013-0172)
      drs-fsmo: Improve handling of FSMO role takeover.
      selftest: also skip raw.search as it also spins
      dsdb: Do not hold the transaction over the IRPC call to perform a role transfer
      torture: Fix fsmo test to use correct -H samba-tool syntax
      printing: Free talloc_stackframe() on all exit paths
      heimdal_build: Try again to sort out the strerror_r mess
      dsdb-acl: Add helper function dsdb_get_structural_oc_from_msg()
      dsdb-acl: Use dsdb_get_structural_oc_from_msg() in acl_modify()
      dsdb-acl: Use dsdb_get_structural_oc_from_msg() in acl_rename()
      dsdb-acl: use dsdb_get_structural_oc_from_msg() rather than class_schemaid_guid_by_lDAPDisplayName
      dsdb-acl: ask for the objectClass attribute if it's not in the scope of the clients search
      dsdb-acl: Remove unused get_oc_guid_from_message()
      dsdb-acl: Pass the structural objectClass into acl_check_access_on_attribute
      dsdb-acl: Use the structural objectClass in acl_check_access_on_attribute()
      libcli/security: handle node initialisation in one spot in insert_in_object_tree()
      libcli/security: remove useless if (root->num_of_children > 0) statements
      dsdb: Ensure "authenticated users" is processed for group memberships
      dsdb: Explain ordering constraints on the ACL module as well.
      libcli/auth: fix void function cannot return value error
      gensec: Allow login without a PAC by default (bug #9581)
      bug9598: s4-process_single: Use pid,fd as cluster_id in process_single just like process_prefork
      ldb: Ensure to decrement the transaction_active whenever we delete a transaction
      pymessaging: Use correct unsigned types for server ID tuple elememnts
      pymessaging: Pass around the server_id struct to python callbacks rather than the tuple
      s4-process_single: Use pid,task_id as cluster_id in process_single just like process_prefork
      selftest: Add test of upgradeprovision using the old alpha13 tree
      vfs: Add helper function hash_blob_sha256 to vfs_acl_common.c
      vfs: Implement an improved vfs_acl_common that uses the hash of the system ACL
      vfs: Whitespace fix only to get_nt_acl_internal indentation
      vfs_acl_common: Do not fetch the underlying NT ACL unless we need it
      idl: Provide a common wrapper for the data to hash for a non-POSIX ACL
      vfs: Add helper function for non posix ACL modules
      s4-nbt: Ensure source4/ nbt client and server honour 'disable netbios'
      samba_upgradeprovision: Remove options to fix FS ACLs
      scripting: Make tdb_copy use the python subprocess module
      scripting: Make tdb_copy a common util function in samba.tdb_util
      samba_upgradeprovision: Do not update privileges.ldb any more (unchanged since 2009)
      samba_upgradeprovision: Use tdb_util.tdb_copy not shutil.copy2
      build: Remove unused includes.h reference to avoid build-time talloc dep
      build: Remove includes.h dep in winbind client libraries
      ldb: Add missing dependency on replace for ldb
      torture-drs: Make the samba4.drs.repl_schema.python emit failures, not errors on add failure
      torture-drs: Fix comment in replica_sync test
      dsdb-descriptor: Spell out security descriptor flags as constants
      dsdb-descriptor: Avoid segfault copying an SD without an owner or group
      build: Do not force a specific perl from ${PERL} when running pod2man
      build: Rename samba_python waf node to avoid duplicate name
      build: Change bin/default/python -> bin/python symlink to bin/default/python_modules
      samba-tool dbcheck: fix comment on err_wrong_sd
      samba-tool domain classicupgrade: Print a better error when the ldap backend PW was not found
      samba-tool domain classicupgrade: Fix typo in error path for multiple account flags
      samba-tool ldapcmp: Add --skip-missing-dn to not error on DNs present in one DB but not the other
      subunit: Add a sh macro for skipping a test
      scripting: Correct parsing of binary DN
      samba-tool dbcheck: fix msDS-HasInstantiatedNCs attributes to match instanceType on our ntdsDSA
      samba-tool ldapcmp: Add support for checking DNSDOMAIN and DNSFOREST by default
      selftest: Do an ldapcmp run against the upgraded domain
      selftest: Add in a provision from 4.0.0 to run tests against
      selftest: Add ldapcmp to ensure upgradeprovision of a fresh DB is a no-op
      selftest: Run dbcheck and improved upgrdeprovision tests against release-4-0-0
      selftest: Rename samba4.blackbox.upgradeprovision.py to samba4.blackbox.upgradeprovision.current
      samba_upgradeprovision: Remove auto-detection of pre-alpha9 databases
      scripting: Rework samba.upgradehelpers.get_diff_sddls to be get_diff_sds
      samba_upgradeprovision: Remove inherited ACEs before comparing the SDs
      samba_upgradeprovision: Remove unused checkKeepAttributeOldMtd
      samba_upgradeprovision: Remove alwaysRecalculate, this is too dangerous
      samba_upgradeprovision: only run rebuild_sd in --full mode
      samba_upgradeprovision: do not maintain dnNotToRecalculate as a list
      samba_upgradeprovision: Do not reset every DN when changing an SD
      selftest: Remove output directories to save disk space
      s4-lib/socket: Return the original EMSGSIZE when sendto() and setsockopt() both fail
      tsocket_bsd: Attempt to increase the SO_SNDBUF if we get EMSGSIZE in sendto()
      selftest: Fix specification of --machinepass to actually set a unique password
      net ads join: Add support for specifying the machine account password
      docs: Add documentation for osName and osVer
      param: Remove incorrectly added defaults in AD DC allowing WORLD WRITABLE files
      smbd:posix_acls Remove incorrectly added lp_create_mask() and lp_dir_mask() calls
      Revert "Ensure the masks don't conflict with the ACL checks."
      scripting: No longer install samba_upgradeprovision
      ccan: Cast getpid() result to unsigned int for GNU/Solaris build
      ntdb: Cast getpid() result to unsigned int for GNU/Solaris build
      lib/util: Cast mode_t result to unsigned int for GNU/Solaris build
      s4-ntvfs: Cast getpid() result to unsigned int for GNU/Solaris build
      s3-lib/server_prefork: Cast pid_t result to unsigned int for GNU/Solaris build
      s3-smbd/process.c: Cast pid_t result to int for GNU/Solaris build
      spoolssd: Cast getpid() result to unsigned int for GNU/Solaris build
      dbwrap: Cast getpid() result to unsigned int for GNU/Solaris build
      vfs_smb_traffic_analyzer: Cast mode_t to unsigned int for GNU/Solaris build
      s3-epmd: Cast getpid() result to unsigned int for GNU/Solaris build
      s3-lsad: Cast getpid() result to unsigned int for GNU/Solaris build
      examples/libsmbclient: Cast mode_t to unsigned int for GNU/Solaris build
      vfs-btrfs: Fix build on 32 bit platforms by using long long types
      build: Remove the forced use of only the first part of the compiler string
      build: Do not pass CPP="" to pidl, skip the env variable entirely
      scripting: Move the list of well known SDs to samba.provision.descriptor
      scripting: Fix documentation comment on upgradehelpers.py:get_clean_sd
      scripting: Make samba.provision.descriptor.get_wellknown_sds() return ldb.Dn objects
      scripting: Move samba.provision.descriptor to samba.descriptor
      scripting: Modify samba.descriptor.get_wellknown_sds() use samdb calls only
      scripting: Move get_diff_sds from samba.upgradehelpers to samba.descriptor
      samba-tool dbcheck: Add --reset-well-known-acls
      samba-tool dbcheck: Allow dbcheck to correct an nTSecurityDescriptor without an owner or group
      scripting: Modify samba.descriptor.get_diff_sds() to cope with a missing reference owner
      selftest: Add tests for samba-tool dbcheck --reset-well-known-acls
      samba-tool ldapcmp: Remove the GUID -> name mappings
      scripting: Fill the ProvisionNames hash with strings, not ldb.MessageElement or Dn
      auth/ntlmssp: Avoid use-after-free of user_info after logon failure at log level 5
      build: Replace #!/usr/bin/env python with passed in PYTHON=
      build: Remove extra space in shebang
      python-samba-tool domain classicupgrade: Make failure to connect directly to the LDAP backend fatal
      build: Raise minimum python version to 2.5.0 for samba build
      scripting-provision: Do not enforce domain != realm if we are joining an existing domain
      build: Move nfs4acl to the top level
      vfs: Add vfs_handle_struct argument to smb_set_nt_acl_nfs4 and the callback
      vfs: Allocate SMB4ACL_T on an explict memory context
      vfs: Remove unused security_info argument in vfz_zfsacl.c
      vfs: Add new VFS module vfs_nfs4acl_xattr to use nfs4acl.idl
      build: Add vfs_nfs4acl to the autoconf build
      librpc: Add special owner/group/other constants to nfs4acl.idl
      selftest: Run raw.acls test against the nfs4acl_xattr module
      vfs: Allow CREATOR GROUP to be used with vfs_zfsacl
      build: Add missing dep from vfs_nfs4acl_xattr to NDR_NFS4ACL
      build: Blacklist the release-4-0-0 provision as well
      gensec: Make the no-hostname status message much less scary
      s3-rpc_server: Ensure we are root when starting and usiing gensec
      build: Do not set PATH in install_with_python now we set $PYTHON
      python-samba-tool domain classicupgrade: Skip machine accounts that do not end in $
      python-samba-tool domain classicupgrade: Actually Skip domain trust accounts
      pdb_ldap: Do not skip accounts without a sambaAcctFlags value
      python-samba-tool domain classicupgrade: Correct message about re-promoting BDCs
      samba-tool dbcheck: Use dsdb.DS_GUID_DELETED_OBJECTS_CONTAINER rather than the literal value
      python-samba-tool domain classicupgrade: Use transactions when adding users/groups/members
      dsdb-repl: Allow the name attribute (and name-based schema lookups) to be skipped in dsdb_repl_make_working_schema()
      dsdb-schema: Print clear debug message when we find a OID in our local DB we cannot convert
      rpc_server-drsuapi: Include the failing DN when unable to convert DB objects to DRS
      autobuild.py add ntdb to the samba-libs task, to ensure it works as an external library
      dsdb: Expand on what the error finding the ntSecurityDescriptor was in acl_read
      auth: Ensure auth_sam is not used on the AD DC
      build: Update md5.h detection in waf and autoconf to use sys/md5.h and -lmd
      docs: Remove out of date and unmaintained Speed page from the HOWTO
      docs: Remove TOSHARG-HighAvailability which is made obsolete by CTDB
      docs: Fix small errors in TOSHARG-Compiling
      lib/replace: Set BROKEN_STRNLEN and BROKEN_STRNDUP on all AIX
      build: Build all of samba in autoconf make test
      build: Remove binaries and libraries build groups
      build: Rework BSD_STYLE_STATVFS check to match autoconf build
      examples: Move example smb.conf over to "server role"
      examples: Remove default printing form example smb.conf
      examples: Remove password server from example smb.conf
      examples: Remove browser and DC settings from example smb.conf
      smbd: Fix build on platforms that will not support var = {} initialisation
      build: Do not always regenerate the version.h file
      build: Remove old create-tarball release script
      build: Remove unused expand-includes.pl
      lib/replace: Remove unused install-sh
      build: Remove mkinstalldirs
      build: Remove duplicate call to bld.SYMBOL_CHECK()
      docs: Remove all references to testprns
      build: Install smbtar in waf build
      autobuild: Remove samba3 and samba3-ctdb targets to allow autoconf removal for 4.1
      build: No longer run autogen.sh during tarball creation
      build: Remove autoconf build system
      build: Remove unused install-sh
      build: Remove unused script/mkversion.sh
      build: Remove autoconf directory no longer needed
      Remove stub ldb_version.h and source3/include/autoconf as no longer needed
      Remove now-unused s3-selftest.sh wrapper
      build: Remove unused build_idl.sh
      Remove lib/netapi autoconf build system, this is now build with waf
      build: Remove unused build_idl.sh
      build: Remove unused install*.sh scripts
      build: Remove unused uninstall*.sh scripts
      build: Remove unused revert.sh script
      build: Remove unused linkmodules.sh script
      build: Remove unused preproc-dummy.c
      docs: Document removal of the autoconf build system
      param: Remove _SAMBA_BUILD_ checks from now the autoconf build is gone
      lib/util/modules.c: Remove #if SAMBA_BUILD_ == 3 now we only have the waf build
      nsswitch: Remove #if SAMBA_BUILD_ >= 4 now we only have the waf build
      passdb-machine_account_secrets: Remove #if SAMBA_BUILD_ == 4 now we only have the waf build
      build: Remove autoconf build system from examples/VFS
      selftest: VFSLIBDIR is not needed, the waf build knows where to find modules automatically
      build: Remove unused credentials_samba3.c
      build: Remove feature tests for variables now always provided
      build: Remove unused tool for config.h comparison
      build: Remove unused mkbuildoptions.awk
      dsdb-linked_attributes: Do not crash if the target GUID can not be found
      dsdb-repl_meta_data: Handle renames better, considering only the RDN as given, and then the parent as given
      torture: Add tests of rename behaviour to replica_sync.py
      dsdb-repl_meta_data: Move TODO comment about conflicts and missing parents
      .gitignore: Tidy up after removal of the autoconf build
      Revert "s4-dsdb: Remove strcasecmp() fallback in replmd_ldb_message_element_attid_sort"
      auth: Remove "password level"
      docs: Do not encourage unix passwords, and remove reference to password level
      Remove remaining references to "password level" in the tree
      python samba-tool drs: Correctly print KCC references to deleted servers
      dsdb: Allow dsdb_find_dn_by_guid to show deleted DNs
      dsdb: Fix behaviour for when to update the USN when there is no change
      dsdb-tests ldap.py: Fix quoting of print statements
      dsdb-tests ldap.py: Add test for usn behaviour on certain changes
      dsdb repl_meta_data: Use dsdb_request_add_controls()
      build: Build with system md5.h on OpenIndiana
      s4-winbind: Add special case for BUILTIN domain
      ldb: Ensure not to segfault on a filter such as (mail=)
      build: Remove the struct MD5Context conf file check.
      ldb: Cope with substring match with no chunks in ldb_filter_from_tree
      ldb: bump version to allow a depencency on the substring crash fix
      libcli/ldap: Cope with substring match with no chunks in ldap_push_filter
      torture: Add tests for LDAP substring search with no strings provided
      heimdal_build: Add missing dep on samba4kgetcred
      dsdb-ridalloc: Fix RID pools - RID numbers increase too quickly
      s4-lib/socket: Allocate a the larger sockaddr_un and not just a sockaddr_in in unixdom_get_peer_addr()
      dsdb-descriptor: Do not do a subtree search unless we have child entries
      dsdb: Rework subtree_rename module to use recursive LDB_SCOPE_ONELEVEL searches
      dsdb-ridalloc: Rework ridalloc to return error strings where RID allocation fails
      selftest: Ensure the DC has started and and got a RID set before we proceed
      dsdb: Add assert in drepl_take_FSMO_role
      rpc_server-drsuapi: Improve comments and DEBUG lines
      selftest: ensure samba4.rpc.samr.large-dc.two.samr.many is always tested
      torture/drs: Expand an error message to aid debugging
      dsdb: Prune deleted objects of links and extra attributes of replicated deletes
      dsdb: Ensure we always force deleted objects back under the deleted objects DN
      dsdb: Improve DRS deleted link source/target handing in repl_meta_data
      dsdb tests: Add member/memberOf checking to delete_objects testing
      dsdb: Include MS-ADTS doc references on deleted object contstraints
      samba-tool dbcheck: Correctly remove deleted DNs in dbcheck
      service_stream: Log if the connection termination is deferred or not (bug #9820)
      s4-winbindd: Do not terminate a connection that is still pending (bug #9820)
      scripting/join.py: Handle creating the dns-NAME account during a DC join
      scripting/samba_upgradedns: Tighten up exception and attribute list handling
      selftest: Test creation of the dns-SERVER account during selftest
      selftest: Start internal DNS server on domain provisioned for BIND9_DLZ
      selftest: Add a basic test of samba_upgradedns
      torture: Ensure that GSSAPI and SPNEGO packets are accepted by dlz_bind9
      python-samba-tool fsmo: Do not give an error on a successful role transfer
      python/drs: Ensure to pass in the local invocationID during the domain join
      dsdb-repl_meta_data: Check for a NULL invocationID and do not proceed
      dsdb: Refuse to return an all-zero invocationID
      dsdb-repl_meta_data: Do not re-delete the Deleted Objects DN during replication
      dsdb-repl_meta_data: Make handling of Deleted Objects DN clearer in delete
      dsdb: Use WERR_DS_ATT_NOT_DEF_IN_SCHEMA for failed schema lookups
      Remove confusing TODO file
      Remove NEWS file containing confusing information
      smb.conf: Fill out the ntvfs handler smb.conf page from source4/NEWS
      dsdb: Refuse to replicate an all-zero invocationID GUID in replPropertyMetaData
      dbcheck: Look for and fix the all-zero invocationID in replPropertyMetaData
      selftest: Add script to assist in writing out a tree undump.sh can restore
      selftest: Only run referenceprovision and ldapcmp for the 4.0.0 test
      selftest: Add release-4-1-0rc3 saved provision
      selftst: add tests based on 4.1.0rc3 to check for zero invocationID in replPropertyMetaData
      dbcheck: Ensure to always increase the error_count
      pydsdb: Give KeyError when we fail a schema lookup in python
      pydsdb: Raise a more useful exception when dsdb_wellknown_dn fails.
      dbcheck: Add back the elements that were wrongly removed from CN=Deleted Objects
      dsdb: Convert the full string from UTF16 to UTF8, including embedded NULLs
      dfs_server: Use dsdb_search_one to catch 0 results as well as NO_SUCH_OBJECT errors

Andrew Klaassen (1):
      media_harmony VFS module: Add and build by default.

Andrew Klosterman (1):
      s3:smbd: Fix bug 6690, wrong error check

Andrew Kroeger (77):
      registry: Properly check return values from ldb_*() functions.
      When Windows initially creates a new value, the value name is "New Value #1".
      When Windows attempts to create a new key, it looks for an available key name
      registry: Implement recursive deletes for ldb-backed registry.
      registry: Implement recursive deletes for dir-backed registry.
      registry: Implement recursive deletes for regf-backed registry.
      registry: Add an explicit test for recursive deletion.
      torture/rpc-winreg: General fixes for a number of tests.
      torture/rpc-winreg: Modify test cases to work with recursive key deletion.
      torture/rpc-winreg: Split out the security descriptor tests.
      samba4-knownfail: Only the "*-security" rpc-winreg tests are expected to fail.
      Fix blackbox.kinit test by issuing new certificates good for 25 years.
      ldb_wrap: Debug at derived samba_level, not the level of the ldb debug enum.
      accountExpires: Windows default is 9223372036854775807, not -1.
      Add samdb_result_account_expires() function.
      Update account expiration to use new samdb_result_account_expires() function.
      Enhance mappings of NTSTATUS to KRB5KDC errors.
      Treat maxPwdAge == 0 as passwords never expire.
      heimdal: Add parameter to windc_plugin to allow extended return codes.
      kdc: Provide extended error information in AS-REP error replies.
      WHATSNEW: Update information in preparation of Alpha3.
      provision: Increase max NetBIOS name length from 13 to 15.
      Convert some more files to GPLv3.
      Merge branch 'v4-0-test' of git://git.samba.org/samba into v4-0-local
      mkrelease: Update to work with Git instead of SVN.
      mkrelease: Add checks to ensure run from top-level directory of repository.
      howto: Clarify differences when working from a tarball instead of Git.
      Makefile: Allow "make" with no arguments to build all that will be installed.
      howto: Simplify the commands needed and remove reference to removed script.
      provision: Add support for IPv6 (bz #4593).
      howto: Update git clone command to something that actually works.
      provision: Allow DNS GSS-TSIG updates to work.
      provision: Create instructions for enabling DNS GSS-TSIG updates.
      subunit.sh: Properly capture and pass on the command output.
      gitignore: Ignore some output files from make test.
      provision: Generate krb5.conf template separate from named.conf template.
      enableaccount: Use correct command name in usage output.
      GPO: Do not provision Default Domain Policy as initially enforced. (bz #5480)
      provision: Add missing string parameter token when assigning ldap_backend.
      howto: Remove smbpython.
      s4:provision: Update DisplaySpecifiers (#5139).
      s4:Added Extended-Rights and subentries.
      s4:provision: Added ComPartitionSets entry.
      gitignore: Ignore additional auto-generated files.
      s4:ldb:modules: Correct typos.
      s4:ldb_modules: Correct typos.
      s4:tevent: Increase trace debug level to 50.
      s4: Add additional well-known SID's/RID's.
      s4: Add additional 2-letter SID/RID mappings.
      gitignore: Ignore additional auto-generated file
      s4:mkproto: Add NET_API_STATUS return type.
      s3: Call va_end() after all va_start()/va_copy() calls.
      s4: Call va_end() after all va_start()/va_copy() calls.
      ldb: Properly handle NULL when copying attr lists.
      selftest: Account for 0-based months in date parsing and printing.
      util:tests: Correct time tests for negative UTC offsets.
      s4:setup: Change license headers to LDIF comments.
      s4:setup: Added script to parse Microsoft DisplaySpecifiers document.
      s4:setup: Use ms_display_specifiers script for provision.
      s4:setup: Updated comment to reflect new DisplaySpecifiers location.
      s4:setup: Remove display_specifiers.ldif.
      gitignore: Ignore additional auto-generated files.
      s4:pwsettings: Correct off by factor of 10 for ticks.
      s4:pwsettings: Added --quiet option.
      s4:pwsettings: Run all updates as a single modify() operation.
      s4:pwsettings: Don't assume a value for pwdProperties.
      s4:pwsettings: Added validation.
      s4:pwsettings: Add 'default' option for password complexity.
      s4:pwsettings: Show default values in help messages.
      testprogs:subunit.sh: Add function for expected failures.
      s4:pwsettings: Added blackbox tests.
      s4:srvsvc: Fix logic on error checking.
      s4:ldb_map: Don't free ares too early.
      s4:provision: Update schema version number to W2K8.
      s4:provision: Show domains and forests are W2K8 DC capable.
      s4:torture: data_blob_hex_string() output is now lowercase.
      s4:provision: Make gc._msdcs DNS entries A/AAAA records

Andrew Tridgell (10241):
      updated README for new samba.anu.edu.u alias
      use the new issafe() macro instead of isalnum() and strchr()
      move the dot_pos calculation down a bit
      fix a netgroup bug (innetgr() was being called with the args in the
      - use issafe()
      fix a dst bug, we had a sign wrong in the calculation :-(
      updates to wall.perl from michal at ellpspace.math.ualberta.ca
      removed obscene comment added by Dan
      - close the listening socket in the child process when running as a daemon
      change version number to 1.9.16p2
      removed old -S option from nmbd manpage
      documented -W option
      ignore some files
      - handle CORE protocol better
      handle being passed a dptr of -1 to mean "close all open dir handles".
      turn on KEEP_PASSWORD_SERVER_OPEN by default
      move quotas support out of server.c
      - fix a bug hanlding very log filenames
      - added hostname support to smbstatus
      made dptr_num signed to handle -1 from OS/2
      fixed version number (again!)
      cleaned up the way the max log size stuff works and fixed a potential
      added comments about trapdoor uids
      cleanups to make thinsg compile cleanly
      fixed a typo
      handle errors from receive_smb better, and print error string
      - added an entry on WinDD to samba.faq
      comment out the code that tries to handle the NT bug where the 2nd
      add my private makefile to the ignore list
      Lots of changes!
      - moved the uid handling to uid.c
      a huge pile of changes :-)
      add dummy quotas fn
      Did more integration of Lukes code ready for the first release.
      - changed some debug levels in clientutil.c
      - remove some incorrect prototypes from server.c
      add sunos private makefile to .ignore
      fix a bug that meant alpha6 couldn't compile.
      added some notes on the new "interfaces" option
      - added interface.c and removed all the references to myip, bcast_ip
      - added predict.c, moving the routines from util.c
      - added comments to byteorder.h explaining how it works.
      patches fromk Luke putting in symbolic names for time constants
      moved MSBROWSE into nameserv.h
      changes from Luke
      fixed the apana MIRRORS entry
      more changes from Luke
      updates from Luke to rename "domains" more accurately to "subnets"
      moved some more locking routines to locking.c, and moved replacement
      documented the "max disk size" option.
      got rid of a lot of redundent header files as we now globally generate
      a cleanup of the receive_smb() usage, adding timeouts in some places
      minor patch to allow host announcements to remote subnets
      demo of cvs - ignore
      - change date as a demo for john
      - moved the protocol defs in the client to keep sill C compilers happy
      fix Makefile - remove Lukes private stuff :-)
      fixed conflict with global variable updatecount
      fixed conflict between two variables called d
      generated new proto.h
      removed some debug stuff from luke
      minor cleanups ready for another release
      fix up problems with "smbclient -L". It now uses a generic
      minor debug output fix
      added a bunch of comments to Lukes docs.
      added lots of comments to the docs that Luke wrote on the internals of
      removed the remote interfaces stuff.
      the client now loads the smb.conf config file so it can get the
      minor cleanups
      fix a bug that we've had for a long time where we don't handle EOF
      minor fix to write_data() for EOF handling
      new docs for japanses extensions from Fujita
      - added docs on new "printer driver" option
      - sequent-ptx support from bressler at iftccu.ca.boeing.com (Rick
      don't allow newlines in printer status messages
      - add the 0x1c name for all interfaces if we are a logon server
      doc updates
      added the validchars package written by tino at augsburg.net. This
      minor cleanups
      disabled SETFS (which was only enabled for Linux) until we resolve a
      fixed an obvious bug that meant that DosPrintQEnum could never
      changed "unsigned long" to "uint32" in several places (for IP
      added notes on the new FAST_SHARE_MODES code
      - added FAST_SHARE_MODES code
      change email address
      added Printing.txt and Tracing.txt
      SVR4 startup scripts from Timo Knuutila (knuutila at cs.utu.fi)
      added support for the Bull Operating System (BOS)
      - document the "remote announce" option
      documented the new syntax of lmhosts
      - added the "remote announce" option
      fixed installscripts.sh so it no longer creates ] and [ directories
      - added support for Amiga-unix (based on BSD I think)
      added a note about the homes share and WinDD
      - made FAST_SHARE_MODES standard for Linux
      a bunch of man page cleanups from a kind contributor
      - added "netbios name" option in smb.conf to make controlling the name
      fix a bug in the new chaining code
      add a bit more about the "trapdoor uid" messsage
      - fix a bug in NetServerEnum where counted and total were not counted
      - add NMB_REG_REFRESH capability to initiate_netbios_packet(). I think
      - removed ServerComment and instead set the comment string in nmbd
      update "server string" docs
      give names more time when refreshing
      - new faxing doc from Gerhard Zuber <zuber at berlin.snafu.de
      - new handling of ST_TYPE bits, they are now consolidated much more in
      - remove the date markers from the man pages. I never keep them uptodate
      - bit a bit manipulation bug in find_name_search()
      fix compiler warning
      handle sigpipe better for server security
      update the docs ready for a new release
      - fix a bug handling readraw packets that caused the timeout to be 30
      minor fixes to docs
      - add timeouts to connect() for password server connections. This
      minor doc fix
      - fix client for pathworks 4 access
      added debug info
      - accept either NT or lanman passwords in tconX
      - a huge pile of changes from Luke which implement the browse.conf
      backout all the changes to nmbd.
      - fix the EALREADY bug so connections to slow hosts with smbclient get
      - changed the umask handling. We now set the umask to 0 and explicitly
      - added a new support entry
      - use workgroup from smb.conf in smbclient
      - added docs on the new "fake oplocks" option.
      I have fixed quite a few important bugs in this commit.
      - added a mirror entry and added a new Support.txt entry
      - replace the base36 function with one that works on more systems
      - use waitpid for ultrix
      add DEBUGLEVEL to replace.c
      - added an entry to the MIRRORS list
      - changed the default nmbd loop timout to 10 seconds (2 seconds was much
      - continue when failing to load config file in nmblookup and smbclient
      - revert to old idle dir code (marty pointed out a problem with the
      - updated the ENCRYPTION.txt stuff to point to the newer des
      - correctly handle non-encrypted share mode session-setup. We were
      - set default printer driver string to "NULL"
      - fixed listproc mail address in faq
      - added support for TMPDIR env variable
      added a new type to mkproto.awk so it can handle shmem.c
      fixed a bug in the printjob encoding/decoding. We weren't doing it for
      cgi.c is a simple set of CGI manipulation routines
      some minor modifications to loadparm.c to support the necessary
      add the stdout parameter to lp_dump()
      prototype updates for new functions
      fix a couple of "declaration shadows previous local" warnings.
      This is a written from scratch DES implementation. I couldn't find a
      This commit does 3 main things:
      no longer needed
      rewrote md4.c from scratch. This implementation should be portable and
      - change a lot of occurances of errno to use strerror(errno). We can't
      - if the user already exists then ignore the -add command
      bug fix in the new des code.
      - change generate_challenge() to use md4 instead of des
      add a cast
      change the encryption instructions to reflect the fact that the code
      John asked the other day about using the tar feature in smbclient to
      added some debug stuff
      add error string reporting to clitar
      change the semantics of hosts allow/hosts deny so that a global
      change a debug level in reply.c
      add "static" to a couple of functions that are only used locally.
      This is all the NT error codes less than 1000. I extracted them using
      a little hack to smbclient to support extracting NT error codes
      a bit of bounds checking
      fix some "shadows global" errors.
      get rid of SIGCLD_IGNORE for HPUX. A user reported it causing lots
      increase the debug level in the "added interface" debug line
      bracket some macros
      an implementation of the NT domain credentials protocol
      fixed the log wrapping bug.
      remove { and } from the list of illegal characters in filenames. The
      updated the "comment =" entry a bit
      reverted a change made by Luke at his request.
      force the salt to be a maximum of 2 characters long in calls
      fixed a stack overflow bug in api_lsa_req_chal()
      fixed the freeze on logout bug. The fix has several parts:
      added loopback_ip. This is used to detect packets from ourselves
      add the port number to a debug statement
      the usual proto.h update
      fixed the problem that browsing breaks if you put quote marks around
      add ERRDOS/67 ERRnosuchshare to the client.c list of error strings
      added -a "append log" option
      document -a "append log" option
      fix the handling of negative name query responses and the handling of
      remove a spurious error message from nmbd. The message was:
      put the new example config file in here as well
      add a note about running testparm after modifying smb.conf
      add a section on encryption and change the formatting a bit
      update the timestamp on config files in our linked list when we notice
      move calls to smbhash() inside smbdes.c (for legal reasons)
      I am removing these from the source code in preparation for an
      casting cleanups
      a major share modes reorganisation.
      add some debug info
      get rid of the KEEP_PASSWORD_SERVER_OPEN define
      This is a set of generic SMB client routines. I needed this in a hurry
      rewrote the password server code using the new clientgen.c client
      some cleanups in the clientutil.c code.
      prototype updates
      added a note about which netbios name is use in server level security
      add a note on how to map usernames with spaces in them
      fix the order of become_uid() and become_gid() in become_root(). This
      don't check lp_alternate_permissions() in the new utime workaround
      check for EPERM or EACCESS in file_utime()
      damn, I spelt EACCES wrong.
      don't send any statistics in the node status reply
      Implemented asynchronous DNS lookups in nmbd.
      shared memory code cleanups (partly preparing for a possible sysV
      The browse synchronisation code in nmbsync.c now uses the clientgen.c
      fix some casting errors in smbencrypt and some multiply-defined errors
      added -U option to nmblookup. This is similar to -B except that it
      Fixed 2 oplock bugs:
      also disable read prediction in 1.9.18
      change the default file permissions on the SHARE_MEM_FILE* to
      refuse pathworks type R connect (patch from Stephen Tweedie)
      SYSV IPC implementation of fast share modes.
      define USE_SYSV_IPC on a bunch more systems.
      define USE_SYSV_IPC on sunos4
      lower the default hash size if SEMMSL isn't defined
      define semun for broken solaris sysvipc
      fix cast
      fix for broken sunos4 includes (doesn't have SHM_R)
      need includes.h to compile on some systems (eg. sunos4)
      enable sysv ipc and fast share modes on OSF1
      clean up the hash entry code a bit. Got rid of lp_shmem_hash_size()
      - don't allow locking to initialise twice
      damn. We need root privilages to do semaphore operations even if we
      moved ubi_ modules back into the ubiqx directory.
      Chris will be pleased to know that mkproto.awk no longer runs on the
      - cleanup some warnings
      removing the files that are now in rpc_pipes
      this is now in the rpc_pipes directory
      no Makefile needed here either
      pm_process() never closed the file (a memory and file descriptor leak)
      OSF1 doesn't define union semun either.
      define NO_SEMUN for svr4
      change from * to ^ in hashing of device/inode. Using * meant that if
      re-initialise the timezone on each new connection. This means you
      some locking code cleanups
      don't use SEM_UNDO because of ridiculously small undo limits on some
      change a debug level
      a simple SMB torture tester. This will allow us to evaluate locking
      set O_CREAT on lock file
      minor async DNS cleanups
      don't print the progress so often - it slows down the client too much
      to avoid any possibility of the pipe getting full and blocking we now
      fix comments
      got rid of redundent rpc_pipes/rpc_proto.h
      convert the credentials code back to uchar[8] from uint32[2]
      fix some uchar/char conflicts
      add NO_SEMUN for HP
      no asm/signal.h for linux as this is not portable
      change from %D to %m/%d/%Y in timestring(). This doesn't really matter
      added two more sets of tests to the smbtorture test. The tests I added
      a few more tests added, including one that tests whether the server
      auto-create the locks directory on startup
      fixed a bug which caused nmbd to core dump.  The problem was incorrect
      added code to test the cli_NetServerEnum() function in clientgen.c
      don't do the mapping for group names if the name type
      fixed typo
      changed nmblookup to only set recursion_desired in queries if the -R
      added some debug lines to the rename code
      use LocTimeDiff() not TimeDiff() to ensure that longdate conversion is
      added true enumerated types in loadparm.c. Now we don't need all those
      the usual :-)
      fixed some typecasts of (char *) to (unsigned char *)
      this new cgi code includes the ability to act as a mini web server,
      added a test for the NT SMBgetatr bug in smbtorture
      minor wsmbconf and cgi changes
      test SMBsetatr as well
      added some QPATHINFO and QFILEINFO tests into smbtorture.
      added a SMB_QUERY_FILE_ALL_INFO test into smbtorture
      added cli_rmdir and cli_mkdir
      get rid of stat command (it is a hangover from an old experiment)
      oh no! my favourite hack is broken. You can't do:
      fixed a very nasty oplock bug. We could send oplock break requests on
      there was a bug in my oplock bugfix :-)
      get_entries is an int not a bool
      pass the mailslot name to process_logon_packet()
      added a sent_oplock_break element to Files[] as a paranoia check so we
      use -1 not 0xffffffff in SIVALS() macros
      don't display locks for dead processes in smbstatus
      the logon script example should use %U.bat not %u.bat
      dont try getpeername() when Client isn't initialised
      get rid of some things out of smb.h that are already in local.h
      HPUX trusted systems need to use bigcrypt() not crypt()
      the default GUEST_ACCOUNT should be here not in smb.h
      changing the comment in find_new_file() to say why a base of 1 is used
      add the null string to SMBsetatr calls
      fixed the help message for -p (someone complained!)
      fix toupper(c) on a already uppercase char and tolower(c) on an
      hopefully handle "ready and waiting" messages in print queue output a
      I'm slowly getting though the todo list :-)
      make the "printing" option a per share option rather than global. When
      allow users to disable the NetWkstaUserLogon call in server level
      add a warning if the timezone is not a multiple of 1 minute. This
      allow local_machine and remote_machine (%L and %m macros) to contain
      change the "username map" option to allow the user to stop the
      applied a patch from Norm Jacobs to allow "printcap name = lpstat"
      put the default PRINTCAP_NAME def in includes.h not local.h so that
      slight cleanup to the linked list handling
      Makefile.lib does nothing, so remove it
      don't use free and alloc as structure elements
      added optonal MEM_MAN code
      got rid of the WRAP_MALLOC code - mem_man does it better
      allow for zero size reads in asyncdns. These can happen after a signal
      catch signals in the async dns daemon and allow it to auto-restart if
      fix a bug that sometimes prevented smbclient from connecting with
      allow name_type 0x20 as well as name_type 0x0 in dns proxying
      give out file handles differently on each new connection because of a
      - handle ENOSPC in shmem init.
      use _exit to exit a child
      fixed a couple of illegal uses of scanf() in the nmbd wins code. They
      fixed another couple of minor type errors (they could cause incorrect
      a dummy change to shmem_sysv.c to try and break CVS out of a problem
      avoid the ~ operator in netmask operations as apparently it causes
      *** empty log message ***
      *** empty log message ***
      *** empty log message ***
      propogate my cgi changes to the main branch
      always align both the parameter and data bytes on a 4 byte boundary in
      fixed typo
      make the initial logfile names consistent. This should mean that smbd
      Jeremy is going to hate me ...
      allow for non-authenticated SWAT for demo purposes
      - remove redundent strstr()
      added Date and Expires headers in the mini web server so clients know
      added a "home" icon
      added status page to SWAT. Similar to smbstatus output but in a HTML
      report the max size of raw reads as 65536 not 65535 (this now matches
      use FSTYPE_STRING not "SAMBA" for filesystem type
      add FLAG_HIDE to "config file" option (so it can't be set in swat)
      these have been replaced by swat
      add swat to .cvsignore
      use password_ok() instead of calling crypt()
      move setup_groups() into password.c so that swat can link without
      moved cgi.c and swat.c into a source/web/ directory. Note that you
      some initial help and images files for swat
      added an install target for SWAT
      a brief description of how to install and run SWAT
      remove an unnecessary #ifdef
      fixed instructions in installswat.sh (thanks to Herb again!)
      removed a redundent return statement
      fixed support for running swat via cgi-bin
      another fix for running under cgi-bin
      updated to give instructions on running via cgi-bin
      another makeover of loadparm to support new stuff in swat and
      - added separators
      added another pathetic looking icon
      prototype updates
      if a local parameter is changed at the global level then propogate the
      added the ability to start/stop the server from SWAT.
      new files to support starting/stopping the server
      put in the longer welcome blurb
      updated blurb
      updated blurb some more
      added a background image based on Pauls SAMBA logo but manipulated a
      a smaller background
      install jpeg files
      - added the ability to kill off individual connections from SWAT (from
      safer killing of connections - it ensures the process is still a valid
      - claim the null connection after the session request to mak sure we
      updated the images
      changed the date formatting
      changed the default "keepalive" value to 300 seconds.
      changed the default MAXSTATUS from 1000 to 100000
      fixed call to execl() to get argv[0] right (thanks to Herb)
      show full path in ps by setting it in argv[0]
      - added "Full View"/"Normal View" on the "view config" page
      this isn't a big commit, it just looks like it :-)
      when CGI_LOGGING is on log the host name and IP
      oops, I got the sense of the show_defaults parameter to lp_dump()
      changed the method used for auto-reload on the status page to use
      moved the refresh script to the end of the page so that silly things
      don't set the Expires header on any page generated from a POST. This
      - added a check for broken RH5 include files. With the standard RH5
      a pointless commit to check on a problem Luke reported with CVS
      the default for old style accounts should be workstation trust
      support O_SYNC in opens for smbtorture
      if the resolve order is blank then assume "host"
      support O_SYNC at open time in files (previously we only supported it
      some hacks to the torture code
      minor reformatting of debug messages (so people don't think there is a
      fixed a memory leak in close_file(). Each time a file was opened
      improved the secret buffer generation a bit. It now uses /etc/shadow
      many systems don't have /etc/shadow but do have another system for
      much faster pstrcpy() and fstrcpy()
      changed to use slprintf() instead of sprintf() just about
      changed to use slprintf() instead of sprintf() just about
      include includes.h in all the ubiqx files. I know Chris won't like
      don't use system functions as arguments to qsort() as otherwise you
      a new slprintf() function. This one is totally portable but a bit of a
      we don't need a typedef for string
      initialise a variable
      test for overflow in nmb name parsing code
      initialise some variables (stops warning)
      fix slprintf for sunos4 in head branch
      point people at the main web site for a up to date list of mirrors
      merge from the autoconf2 branch to the main branch
      some merge cleanups
      checkin configure again in order to get permissions right
      still trying to get permissions right - CVS doesn't commit permissions changes it seems
      hopefully permissions are right now
      updated the UNIX install instructions to include ./configure
      removed some feedback request comments - we get enough email :)
      get rid of the runtime test for broken getgroups() and add a compile
      added Makefile to .cvsignore in the hope that this will prevent people
      ignore the auto-generated dummy file
      test for a broken inet_ntoa and replace it if necessary (for
      fixed a bug in the replacement inet_ntoa
      updated prototypes
      fixed a make proto bug pointed out by Chris.
      fixed sin_len test for FreeBSD
      added HAVE_FUNCTION_MACRO test
      added test for getpwanam().
      added --with-nisplus-home option
      we have to have the test for -lsocket before the test for some
      new directory structure in configure.in
      the autoconf scripts are now converted to the new directory structure
      these dummy files are needed for autoconf processing
      added ignore rules for the dummy files
      another dummy file
      removed the if statements from the DEBUG() macro definitions.
      this gets smbd compiling and linking correctly with the new layout.
      close to having nmbd linking (just a bit of repository hacking to go)
      nmbd compiles and links. I had to do some ugly stuff, putting files in
      swat compiles, with some even uglier hacks. we really have to do
      a few more things compile.
      the rest of the binaries now compile and link
      fixed the installation scripts for the new layout
      smbtorture now compiles
      moved username.c into lib/ so we no longer $(PASSDB_OBJ) in most
      split the system password checking routines out of smbd/password.c and
      moved access.c into lib/ from smbd/ as it is needed by testparm. I
      make sure that a fault cannot occur twice. The new Debug1() code is
      fixed a nasty bug in debug.c
      fixed the nested comment - Jeremy, do you want that unbecome_user() or
      define INADDR_NONE if not already defined
      remove an unused variable
      this is the bug change to using connection_struct* instead of cnum.
      moved the printing related files to a separate printing/ directory.
      some more dummy files to ignore
      use user instead of this_user to prevent global shadowing
      this checkin gets rid of the global Files[] array and makes it local
      changed find_free_file() to file_new().
      server.c: fixed a bug in close_file() with the new files.c handling code
      got rid of the Files[] array completely (previously I'd just made it
      added include of sys/resource.h
      fixed some bugs in the locking_slow code caused by the recent changes.
      - some tidying up in files.c
      I think it is pretty much decided that the next major version will be
      some cleanups from the conversion of Pipes[] to a linked list. I also
      much cleaner chain pointer handling for both files and pipes.
      converted the policy code to use a linked list and bitmap. This saves
      moved connection_struct handling code into smbd/conn.c and changed it
      reduced the memory footprint a bit by changing some large static int
      added some optimisation for the case where the number of open files is
      now that we have no global arrays we can start to split up the monster
      more splitting of server.c
      this completes the splitup of server.c.
      move soem variables from server.c that don't belong there.
      removed some of the rough edges from the splitup
      added a test for a working setresuid
      testparm now prints a warning if the lock directory doesn't have 0644
      fixed a bug in trans2_qfilepathinfo() where we used the length of the
      silly me.
      and get the message right ...
      added a macro ZERO_STRUCT() which is useful for initialising
      use ZERO_STRUCT() to initialise lots of structures.
      added new smb.conf option "panic action". see my samba-technical
      don't attempt to answer QFILEINFO/SMB_QUERY_FILE_STREAM_INFO queries -
      expanded MAX_LOOKUP_SIDS to 30 (I saw 21 in a packet)
      added ASSERT() and ASSERT_ARRAY() macros and sprinkled them liberally
      changed the default permissions code to do this:
      some smbtorture hacks (random IPC calls)
      proto changes
      note that "alternate permissions" is deprecated in man page
      added a warning when loading a parameter that is deprecated
      took all the rpc includes back out until we can work out _why_ freebsd
      get includes right for systems that use getpwanam()
      use a separate ZERO_ARRAY() macro instead of ZERO_STRUCT() for
      nmbd would core dump if a large number of netbios aliases is set. The
      don't exit on a SIGPIPE
      got rid of calls to update_protected_database(). It was causing core
      added some defensive programming to nmbd. This mostly means zeroing
      changed the size of a char array in the userdata_struct from 1 to 16
      added a function zero_free(void *, int size) that zeros an area of
      - zero shared memory before freeing it
      allow smbclient to connect to IPC$ as an IPC service
      changed the format of the wins.dat file slightly.
      don't put two spaces at the start of lines if logging to stdout
      include our netbios names list and our workgroup in the wins.dat hash
      changed the way that name query records are sorted in replies. They
      we we have successfully done a query on *<1b> from a wins server and
      This should fix the zombie problem that luke noticed.
      finished the asynchronous browse synchronisation code. It even seems
      a couple of debug lines
      added a dest_port parameter to send_mailslot() so we send replies to
      bounds check next_token() to prevent possible buffer overflows
      cast the qsort to prevent warnings
      set a maximum name refresh time of 20 minutes.
      updated the WHATSNEW in preparation for an alpha release
      fixed a comment
      I realised that my DMB<->DMB sync code has the property that the
      if an address is ipzero in cli_connect() then do a name query
      minor fixes to the DMB<->DMB sync code. We now get the dmb name from
      I looked at the refresh issue a bit more and discovered that Samba
      check that a valid pipe is passed before doing a pipe close.
      fixed a bug in the base64 hanlding that led to auth failures for some
      spruced up SWAT a bit - it now uses the new Samba logo at the top and
      need to istall new files
      Matthew is no longer wokring on SWAT
      use /swat/ prefix in both inetd and cgi modes, to enable a static header.html
      changed ref to samba.gif to use /swat/ prefix
      we are never interested in SIGPIPE so just ignore (block) it
      fixed a bug in the name mangling code. It implicitly assumed that
      we were setting the strings 1 too long in make_srv_share_info1_str()
      changed the SMBtrans reply code to align at the same alignment as
      got rid of interpret_security(). Thanks to Jean-Francois for pointing
      tridge the destroyer returns!
      ahh, the joy of deleting large chunks of code that someone else has
      some people are foolishly running ./configure from other than the
      some cleanups to use ZERO_STRUCT() and friends
      expand the sysv shmem test to look for semaphores as well as shared
      added a configuration summary at the end of ./configure. It also
      fixed a stat cache bug (the one found by Matthew Geier).
      add a "stat cache" boolean smb.conf option. (defaults to on)
      fixed a bug in the wins database writer that caused the database to be
      fixed a potential problem with wins_write_database() child processes.
      fixed a typo in my last commit
      fixed the nmbd fork bomb. It was a silly mistake, as
      fixed another potential fork bomb where the wins file becomes
      got rid of some #ifdef LARGE_XXXX stuff and got rid of non-portable LL
      fixed a usage of off_t that should have been SMB_OFF_T
      removed another use of the LL suffix. Hopefully this is the last one
      fixed a typo (LLARGE_SMB_OFF_T instead of LARGE_SMB_OFF_T)
      added a SMB_OFF_T_BITS define, allowing us to get rid of most of the
      gto ri of a bunch more #ifdef LARGE_SMB_OFF_T checks by introducing a
      got rid of SMB_STRUCT_STATVFS. I don't think we should be defining
      oops ... I got the filenames wrong in my cleanup of the wins database
      add a define for SMB_SEARCH_BITS and change comment on FSTYPE_STRING
      added a per-share parameter "fstype" that allows you to select the
      3 changes:
      lp_fstype() proto
      look at the CAP_NT_SMBS bit in the client capabilities to determine if
      some changes to the autoconf support
      automatically detect changes in the system type and exit, telling
      I've disabled the conversion of null filenames to "." until we solve
      changed the default filesystem type to NTFS (from Samba)
      fixed the docs for "domain controller" parameter.
      made bad boolean values stand out a little better
      got rid of the memcpy() prototype and used includes.h instead.
      set the default fstype for IPC$ to "IPC". I'm not sure if this will
      got rid of USE_FILES_ARRAY code (it was unused)
      makefile support for smbwrapper
      a couple of mode for smbwrapper
      use sys_stat() not file_exist() for codepages. (we don't want dos
      added sys_getwd()
      several clientgen mods to support smbwrapper. In particular added
      the guts of the smbwrapper code. I may change the layout of this at
      some changes in smbtorture as a result of clientgen interface changes
      added capabilities ab win95 fields to client structure. Used for
      - remove .p files in make clean
      updated prototypes
      - ignore *.p files
      - ignore *.p files
      - ignore *.p files
      lots of improvements to smbwrapper. It now works with Samba, Win95 and
      ignore *.p files
      added unlink() and rename() support to smbwrapper
      added basic chmod(), chown() and utime() support (not fully
      added lseek
      define O_ACCMODE if not defined
      updated prototypes
      - always open for reading (otherwise getattrE won't work).
      use O_ACCMODE
      added lseek() to smbwrapper
      fixed a bug in name_len() (thanks to kooros at kooros.netrack.net)
      added lseek() support for directories
      added a bit more to the docs
      added simple device/inode number support based on a checksum of the
      added mkdir() and rmdir() support
      support getcwd() in smbwrapper
      fixed wrapper for access(). This gets xedit working.
      fixed vi on smbwrappper (it was a problem in cli_read())
      added fchdir() support
      don't call functions that aren't there yet. (Luke had the code
      fixed initialisation bug in rpcclient (stdout is not a constant)
      fixed a authentication problem with non-encrypting servers
      use __XXXdir() instead of __libc_XXXdir()
      we need to do a load_interfaces() at startup to support broadcast
      simplied the layout of the smbwrapper code. All those 3 line files
      use const char
      support a few more function types (like ino_t and off_t)
      - split smbw directory code into smbw_dir.c
      more smbw cleanups.
      use dummy file descriptors opened on /dev/null to ensure that the smbw
      modified cli_read() and cli_write() to issue multiple outstanding
      fix an error code in cli_error()
      refuse symlinks to or from a smb path
      set a default 16k client buffer size
      use CLI_BUFFER_SIZE instead of BUFFER_SIZE
      add support for dup() and dup2()
      added support for printing via smbwrapper
      add support for unlink() on printer shares in smbwrapper. unlink()
      use *SMBSERVER convention in smbwrapper to allow us to connect to
      support using #xx at end of netbios name to connect to the specified name type
      support NetServerEnum in smbwrapper. You can now do a ls in /smb/ and
      - modified resolve_name() to take a name_type
      started basic support for solaris 2.5 in smbwrapper.
      don't list the IPC$ share in directory listings (it causes infinite
      fixed some stuff for Linux that porting to Solaris broke
      warn user if LIBDIR isn't set right
      ignore .po files
      more solaris 2.5 fixups. It now seems to be working pretty well.
      drat. We can't include sys/fcntl.h because that gives
      we need to use __readdir() in preference to SYS_readdir for systems
      don't define creat() under linux until we get the CREAT_BITS stuff
      some tests for stat64() and friends
      reran autoconf
      tests for readdir64
      this gets smbwrapper working under Solaris 2.6. Not tested much yet.
      added a function set_maxfiles() to set our file rlimit to the max
      added pread pread64 pwrite pwrite64 and open64
      - added pread pread64 pwrite pwrite64 and open64
      handle ENOTDIR errno in cli_error()
      removed requirement of having a smb.conf for smbwrapper to work.
      it's a bit dangerous to use rm -rf
      test for loff_t and offset_t to support llseek() on Solaris and Linux.
      get type of callback right
      updated README
      got rid of all assembly code and gcc special features. I'm hoping to
      need to use SYS_open64 not _open64 for solaris 2.6 or stdio doesn't
      IRIX uses -shared for shared libray creation.
      new file realcalls.c
      fixed typo in getgroups code
      ported smbwrapper to SunOS4. It seems to work. pity so many binaries on
      handle systems that are missing either SYS_utime or SYS_utimes
      test for creat64()
      this gets it compiling under IRIX 6.4. Doesn't work yet though.
      fixed Makefile for IRIX make (it doesn't know %.o=%.po, leaving off
      got smbwrapper working on IRIX 6.4. Things got a bit tricky,
      reran autoconf for IRIX changes
      fixed a cast warning
      new prototypes
      - fixed cast warnings
      fixed some cast warnings from "cc -64" on IRIX
      ignore *.po32 files
      - keep IRIX cc -64 happy
      - fixed errno return in smbw_open()
      the IRIX make is very fussy amount comment lines. If a comment line
      tell the user we are producing -32 code for the .32.so library
      clean needs to delete po32 and .so files
      set HOST_OS after canonical system test
      use smbw_errno() not smbw_error()
      remove unused arguments from some static functions.
      removed unused variable
      added SMBW_PREFIX environment variable (allowing you to specify root
      implemented attribute mapping and chmod. file attributes are mapped in
      fixed a bug in time setting (utime() call)
      added a wrapper for fork()
      implemented unix semantics for rename in smbwrapper
      fixed rename error code from NT servers
      do an anonymous login if the username/password is rejected.
      put #if BROKEN_CODE around all the bits of code in rpc_parse.c that
      somehow "in_client" got included twice in two places.
      added some comments
      added a document on how to port smbwrapper to a new system
      some changes for OSF1 support in smbwrapper (just preliminary changes,
      fixed a bug in real_seekdir()
      fix typo
      reran autoconf
      - no getdents on OSF1
      test whether seekdir() returns void or not
      more OSF1 changes as well as changes to allow us to use the standard
      won't need wrapper.h anymore
      possibly use __sys_llseek()
      detect __sys_llseek()
      fix the SEEKDIR_RETURNS_VOID test
      not needed any more
      yet another attempt at making this stuff portable. This time I use
      return type cleanups for IRIX
      remoevd a misplaced comma
      fixed __xstat() under linux
      fixed facl() bug for solaris
      - updated docs to say OSF1 works
      more solaris acl fixes
      fixed fork() on SunOS4
      use double for dummy arrays to ensure alignment
      fixed a warning on SunOS
      SunOS doesn't need any ld flags
      we need realcalls.h in realcalls.c
      restore errno after smbw initialisation
      compile to .po.o first then mv to .po in order to make the sun
      don't prototype the acl() functions
      removed lukes acl check in configure (not needed)
      added some comments
      fixed a problem with fchdir() that broke "cvs -d" in smbsh
      use 1 second resolution calls if possible
      auto-detect the right flag for the compiler to produce PIC code
      removed extra comma (some compilers don't like it).
      add "smbtorture" alias for building smbtorture
      - fixed a bunch of warnings and minor errors
      - don't generate 0 params in torture
      fixed a warning
      really fixed the warning this time :)
      fixed a bug in the readline support
      fixed bug pointed out by Herb.
      made smbsh a standard binary
      smbsh launch program is now in C
      use level 0 for DEBUG() of malformed password entry in smbpasswd
      set recursion desired for bcast name query
      use the username GUEST if no other username is available
      - use large buffers for netshareenum
      only do the MAC extensions if we are a NTFS filesystem
      changed some debug levels
      added maxfid test
      add an option to enable/disable nt pipes
      check for lp_nt_pipe_support() in open calls
      redid proto.h
      - added smbrapper/shared.o
      - don't use env variables for passwords and usernames (yeah!)
      removed an incorrect comment
      return the resolved IP on a cli_connect() call so it can be cached
      prototype new functions
      improved session reestablishment
      added command line options to smbsh
      removed my badly-done attempt at handling compilers that don't handle
      add -Bshareable for *bsd*
      fixes for solaris
      new prorotypes
      removed setenv(), replaced with smbw_setenv()
      fixed a connection bug in torture test
      use putenv() more portably
      oops, I ot the return type of putenv() wrong
      at the interop Isaac (at least I _think_ it was Isaac) said that if a
      make the shared variable stuff slightly more sophisticated
      fixed problems with PWD - we no longer use the PWD env variable
      don't use SMBW_PWD_ENV any more
      don't enable smbsh/smbwrapper on systems where we can't work out how
      make sure that apps can't close one of the internal smbw file
      volker was concerned about unique inode numbers and smbsh. This set of
      handle the case of an intermediate binary not loading smbwrapper.so
      fix for John.
      added a couple more error codes to cli_error()
      report ourselves as HTTP/1.0 not HTTP/1.1
      added a vsnprintf() implementation from cvslock. See the notes on the
      add ifdef for "long double"
      fixed handling of %.0f in replacement snprintf.c
      use abort() instead of exit() in smb_panic()
      fixed problem with snprintf.c and mkproto
      yet another person asked me where the name Samba came from, so I put
      added copyright notice from Patrick Powell
      took out Lukes change as it breaks domain logons for Win95 clients
      don't core dump in smbstatus if we can't open the shmem system
      check return value of locking_init()
      don't bother trying QFILEINFO/QUERY_FILE_ALL_INFO with win95 as it
      converted smbclient to use clientgen.c rather than clientutil.c
      I talked to Dave Miller and he thinks that we should have TCP_NODELAY
      changed is_root() to am_root() to prevent clash with variable names.
      largely rewrote smbpasswd so that the code is understandable. This
      char -> uchar fix
      extracted the password change code from smbpasswd and used it in swat
      fixed demo mode
      show all buttons in demo mode
      handle null usernames
      remove my name from welcome page so I don't get mail about it.
      please remember to check that code compiles before checkin!
      changed the fonts in the images a bit to be readable at a higher
      no longer needed
      we don't have any jpeg images any more
      %\ is an interesting printf argument, but I prefer %s
      fixed compile for FreeBSD
      fixes for OSF1 compilation
      reverted includes change for FreeBSD as it breaks IRIX
      removed information on installing via cgi
      remove code that allows installation via cgi
      allow all user to view the config
      - new prototypes
      prompt for password on smbclient -L
      - handle servers that don't support getattrE (ie. NT)
      fixed setmode in smbclient
      automatically uppercase server and share names (win95 won't handle
      support.txt is now maintained solely on the web pages
      compile with optimisation by default on all compilers
      change ROUNDUP to SMB_ROUNDUP to prevent conflicts with system macros
      fixed lmhosts parsing. We were using sizeof(name) where name was char*
      use bindir not sbindir in Makefile to ensure that we don't break
      formatting change
      add a error code when failed to get lock
      try to use *SMBSERVER to connect to password server if the first
      make SWAT obey the global "hosts allow" and "hosts deny" settings.
      global change from samba.anu.edu.au to samba.org
      use http://samba.org/ not http://samba.org/samba/
      deleted some old DEBUG() code that wasn't used
      changed string_sub() to replace " ; and ` in the inserted string with _
      replace ' with _ as well
      updated SWAT README to remove cgi-bin instructions
      got rid of a dangerous message command example
      re-ran yodl
      install all html docs in yodl help directory
      better layout of password options.
      - removed smb.conf.5.html as it now comes as part of htmldocs
      make the help links appear in a separate window, so you can read the
      don't allow ".." in service name when doing "default service"
      removed include of net/route.h because it prevents compilation under
      replaced the icons in SWAT with real icons
      fixed pidfile handling to check for a lock on the file, so we can be
      oops - lock test was the wrong way around
      fixed a link to testparm.1.html
      fixed warnings (and potential errors) due to integer overflow when
      removed the SID stuff from the head branch as well.
      on Linux force fcntl/mmap based shared memory and on other systems
      and in head branch:
      Ken McDonell from SGI was interested in adding some profiling
      new files needed by profiling code
      damn, new files need to be added to the head branch first, I've told
      fixed a typo
      open_socket_in() takes a different number of parameters in the head
      use /dev/urandom not /dev/random in head branch.
      first pass at updating head branch to be to be the same as the SAMBA_2_0 branch
      2nd phase of head branch sync with SAMBA_2_0 - this delets all the files that were in the head branch but weren't in SAMBA_2_0
      util_sec.c from 2.0.6
      interfaces.c from 2.0.6
      interfaces.h from 2.0.6
      printing/print_cups.c from 2.0.6
      lib/fnmatch.c from 2.0.6
      client/smbspool.c from 2.0.6
      update version to pre-3.0.0
      more files from 2.0.6
      added basic nsswitch support - this allows you to use a "wins" entry
      first pass at the database code for Samba. This also includes a test
      this was left out from the 2.0.6 merge
      first cut at using the tdb code for the connections structure, the
      converted all our existing shared memory code to use a tdb database
      changed message is connections.tdb doesn't exist
      changed %g to %3.1f to be friendly to our poor snprintf() code
      expanded the tdb documentation
      when no shares are returned the *shares pointer must be set to null
      added some paranoia code
      fixed a bug in the handling of tdb version number upgrade
      improved error message in case the lock list is truncated
      fixed locking code
      fixed more locking bugs - all seems OK now
      a useful locking tester - it uses lots of simultaneous writers
      - optimise tdb_store() a little
      show test result in ops/sec
      - added tdb_flags option to tdb_open()
      updated docs
      don't close the database after each claim_connection()
      fixed active shares display
      drop the alignment to 4 bytes - this makes tdb more space efficient
      added the unexpected packet database (unexpected.tdb)
      the bulk of the unexpected packet handling code is in here
      got rid of mem_man
      ignore a few files
      added suppport for unexpected udp/138 packets
      use a minimal hash size in the unexpected packet database. A large
      lower the default hash size a bit
      implemented talloc() as described on samba-technical. This fixes the
      - patch from Rusty to neaten up the code a bit
      don't require readline
      don't use strcpy
      this looks like a big commit, but it isn't really :)
      added "netbios scope" docs
      remove scope parameter here too
      always restart nmbd and smbd when asked, even if they appear not to be
      netbios scope is a DOS_STRING
      the -i options are gone from nmbd and smbd - use the smb.conf
      fixed a comment
      improved the error checking
      added a DENY test that tests deny mode handling. It produces a matrix
      cli_open() wasn't handling DENY_FCB or O_WRONLY correctly.
      fix a error in access_table revealed by the new deny test in smbtorture. We now exactly match NT for normal files. We still don't match for *.exe files though
      extent smbtorture to test with both an exe file and a dat file
      don't treat a packet as a oplock break unless it is a request, not a
      I'm currently designing a new locking system (using a tdb database!)
      added locking/brlock.c, a byte range locking system
      defined br_off as a type for byte range offsets. For now I've set it
      new prototypes
      added Enosuchshare and a lock_type enum
      the lock routines now take a enumerated type for read/write locks, and
      the bulk of the new byte range locking coode
      changes to reflect the new syntax of the locking calls.
      greatly expanded the lock4 locking test. we now pass all but one test
      some more work on the byte range locking
      we now pass all byte range locking tests
      damn, Solaris already has a "enum lock_type"
      casts and defines to make solaris happy
      make a br_off a SMB_BIG_UINT
      make string_init() static
      fixed a formatting error
      added code to allow traversal of the byte range lock database
      use string_set() instead of string_init()
      rewrote the access_table() code to get it right for *.exe, *.dll,
      a consequence of the access_table() fixes is that we can't treat
      proto update
      use GET_DENY_MODE() macro instead of the bit shift
      as obelix would say "these romans are crazy"
      use GET_DENY_MODE() macro
      renamed DENY to DENY1
      made access_table() a pure logic function - makes it simpler to apply
      fixed some typos in access_table() which, amaziingly enough, make no
      we need -lc when making shared objects or glibc doesn't do its magic
      added masktest to head branch, in preparation for another assault on
      update masktest for new make_nmb_name() syntax
      the beginnings of a fnmatch() based wildcard matching routine
      damn, masktest now needs the mangle code from smbd
      load smb.conf and interfaces in masktest (to allow for netbios name
      merge from tng ...
      when doing a "secure nbns" wack response and check with owner for a
      fixed the hanlding of recursion desired when sending packets from
      the final part of the nmbd merge between head and tng - this gets the
      changed the definition of dos_PutUniCode
      damn, the test was the wrong way around for short_resuest
      I finally got sick of configure being run automaticaly when I run make
      utmp compile fix from peter at cadcamlab.org
      don't echo warning messages twice
      split out the lpq parsing code into a separate file
      removed the read prediction code from the head branch. I think the
      got rid of the file_fd_struct structure completely.
      the first of a bunch of changes to code with getting rid of the fd_ptr
      rather than doing print file open processing in open.c we now handle
      the bulk of the changes to get rid of fd_ptr and move print open
      new prototypes
      initialise fsp->fd to -1
      two minor bugfixes for SCO UnixWare. The first is to catch SIGPIPE so that putmsg() inside their send() doesn't kill swat and the scond is to open /dev/null to replace stdin after we close that
      added a cheap and nasty skip_unibuf() fn to allow easier merging from
      finally got sick of the "extern int Client" code and the stupid
      new prototypes
      some updates to the process logon code to reflect lukes latest
      add an align4() function
      add a comment
      use interpret_addr2() instead of inet_aton()
      use open() not fopen() on codepage files.
      a quick hack to reduce the size of the unicode map table headers from
      don't need this monster any more
      use macros for table boundaries
      added standard_sub_snum() function for modules that don't have
      The following series of commits are for the new tdb based printing
      the fsp needs a jobid in it now
      the new file_lines_load() and file_lines_free() routines. Very useful!
      the bulk of the changes. Also split the loadparm related code into printing/load.c
      JF and Jeremy - please have a look at what I did to the spoolss
      the changes to the main smb code
      added tdb_get_int() and tdb_store_int()
      - put the job status in english not french!
      added helper fns to change from internal status codes to nt spoolss codes
      use some symbolic names for print queue status
      improved the error handling and added queue pause and resume
      removed old comments
      added fdprintf()
      got rid of all the FILE* calls in the NT print system.
      got rid of FILE* in the unix name mapping code
      converted a bunch more functions to use a fd instead of a FILE*
      converted a couple more functions to use a fd instead of a FILE*
      moved standard_sub() and friends into a separate module
      removed some obsolete configure tests (sysv ipc etc)
      got rid of some more old configure tests and includes
      fixed some crash bugs in the nt forms parsing
      don't parse blank lines
      updates from the TNG branch
      - got rid of the "passive" option
      patch from luke to split out lanman code from ipc.c into lanman.c
      split fsusage() into a separate module (to fix linking problems with
      use sys_fsusage() not disk_free() in printing.c
      fixed uninitialised snum
      fixed overlapping strcpy() found by insure
      don't copy a null groups list
      return NULL for a zero size memdup
      if using insure then don't close fd 2
      fixed a prs memory leak (weren't freeing input buffer)
      avoided a memory leak in the ubi code by deleting a mangled cache
      insure caught an uninitialised memory reference - ensure it starts as
      trick to get full stack trace when using the free version of insure
      fixed two uninitialised memory references
      split fsp specific routines out of printing.c to fix linking problem
      Makefile.in change for split of printfsp.c
      check for a valid snum when running a printing command
      we can't pass a fstring to a routine expecting a pstring
      split out standard_sub_basic() again to fix a bug where %p was being
      fixed a memory leak I caused last week with my lines[] changes
      fixed another spoolss memory leak
      another fstring/pstring fix
      don't close high fd's in smbrun when using insure (prevents closing
      fixed a locking database bug - it was actually harmless except that
      more pstring/fstring errors found by insure
      moved the INSURE hook into util.c
      fixed a parameter bug found by insure
      fixed another memory leak
      moved INSURE hook into util.c
      use an size_t not a ssize_t when checking for out of bounds errors
      dump in a binary format
      don't qsort a list less than 2 entries
      fixed a memory leak of devmode in spoolss
      fixed a memory leak in nmblookup
      added TDB_MODIFY flag - patch from from luke
      split clientgen.c into several parts
      moved trans2.h and nterr.h into includes.h with all our other includes
      quick hack to get smbtorture working again
      put tdb utility functions in a separate file
      - removed all our old wildcard matching code and replaced it with a
      changed masktest to test the internal algorithm against one server,
      we don't need fnmatch.c any more
      some cleanups
      added cli_list_old() to allow for old style directory listing from
      - get the findclose code right
      fix handing of ascii_to_unistr
      fixed our smbsearch code. We now store the mask with the dptr, this
      go back to ascii in SMB_FIND_FILE_BOTH_DIRECTORY_INFO
      removed more cruft from our old wildcard matching code
      handle the special rule of *.* for old style listings when old_list is
      fixed parsing of broken NT short name
      fixed dptr_wcard handling (need to use strdup)
      - added some error checking
      added TDB_INTERNAL, TDB_NOLOCK and TDB_NOMMAP flags.
      fixed typo
      allow a DEFAULT_PRINTING to be specified in CFLAGS
      handle tabs in printcap files
      fixed a memory leak
      fixed a memory leak (calling hash_table_init twice)
      and yet another memory leak - this one in the client
      split the username in the vuser structure into a separate
      added support for deleting printers into the spoolss system
      added a nasty lock testing program
      - clear dead locks at startup
      improved the lock test program
      added ability to present lock tests
      fixed a uninit memory read that insure found
      found a much simpler case that kills the posix locking
      added -A analyze mode to locktest - it can now automatically prune
      if the stat cache is off then don't initialise it
      fixed message text
      more locktest improvements
      need LOCKING_OBJ in locktest now
      - use full_name instead of real_name
      an even simpler example of NT gettings its locking code wrong. This
      added a test for the NT byte range lock into smbtorture
      parameterize the lock timeout
      a minimal change to get appliance mode to work with winbindd
      example of broken posix lock behaviour
      nasty hack to print posix locks
      make debug easier to read
      make debug easier to read
      signed/unsigned fixes so we can handle a lock base close to 2^32
      fixed a vfs crash bug
      added winbindd options in head branch, so it is possible to combine
      added secrets.tdb and changed storage of trust account password to use
      the beginnings of a description of how to setup a Samba appliance
      added some rules for winbindd and pam_winbind
      brought the winbindd code into head
      brought across some rpc header files from tng
      don't attempt to build rpcclient in the head branch
      the beginnings of a new scheme I've working on to allow an easier
      fixed some winbind cache bugs
      - use smb_gwtpwnam() in another couple of places
      - add some reserved space to every tdb, this will be
      more merging
      more merging voodoo
      patch from Dominik Kubla <dominik.kubla at uni-mainz.de>
      remove autoloaded printers that are no longer in /etc/printcap when we
      formatting fix
      I found a better way of handling deleted auto printers
      fail a print start on a deleted auto printer
      check for sighup on each packet - otherwise it can take a _long_ time
      proto rebuild
      when creating the database zero the reserved space
      treat a blank "password server =" line as a "*" if in domain security
      in head as well ...
      updated appliance Makefile
      - changed smb_getpwnam() to use winbind style usernames
      an imcompatible tdb format change (sorry!)
      updated the appliance README
      use our primary domain trust account for trusted domain authentication
      add winbind manual in SWAT welcome page
      use gcc not insure by default in tdb build
      fixed a problem with appliance operation
      fixed a typo
      added winbindd man page to spec file
      don't install winbind man page twice
      fixed error code for buffer_too_large in trans reply
      exclude CVS files from rpm build
      fixed tar command line
      added packaging section to README
      updated appliance Makefile
      build in /usr/src/redhat
      use "winbind separator" in tng as well
      compile with -O2
      use "winbind separator" option for domain/user separator character
      fixed two uninitialised variables
      - added example config section to winbindd man page
      added spool_io_printer_driver_info_level_6()
      changed uniarray_2_ascarray to uniarray_2_dosarray
      rebuilt proto
      this is a awk based code generator. Very primitive at the moment, but
      preliminary support for unions
      renamed the harness program to vluke (for "virtual luke")
      removed old files ready for new awk parser
      vastly improved awk based code generator
      moved *.tpl templates into templates/ subdirectory
      add uint16 support, start to parse more of spoolss
      make prs_dump() store up to 100 variants of each msg type
      add prs_dump() at the top level rpc switch
      added grow_size to prs structure
      use grow_size to determine size of dump
      align at the end of every structure parser
      need to allocate the union pointer
      addd grow_size to prs_struct so we know how much data is actually in
      update grow_size in prs_grow
      don't call prs_dump() here
      call prs_dump() on every input and output packet so we have plenty of
      started update to handle arbitrary arrays
      another awk parser update
      added the ".trailer" type, to mark where a packet turns into a trailer
      take the sructure name to run through vluke on the command line
      the vluke program now takes a structure name on the command line
      a useful script, just go "./build foo.struct" and you get a full
      minor parse updates
      - added typedefs
      added primitive define macros
      started converting matty's srvsvc.idl to a .struct file
      error check in vluke.c
      more aparser stuff - we now handle everything but the idl headers in srvsvc.idl
      use lp_workgroup()
      use lp_workgroup()
      use \\ in front of filenames
      a fairly big change in spoolss.
      a fairly big change in spoolss.
      a fairly big change in spoolss.
      got rid of lp_revalidate()
      added tdb_pack() and tdb_unpack()
      added -u hide_unlock_fails option
      we don't do "revalidate = yes" any more
      new prototypes
      removed lp_revalidate()
      minor fixes
      move srandom to after connect so random stuff in clientgen doesn't
      fixed bugs in fdpass tests
      fixed call of firstkey/nextkey to traverse driver database
      fixed return from nt_printing_init()
      getting and setting security descriptors on printers now works
      fixed a couple of bugs in the driver return code
      fixed return error code that had 0xC with not enough zeros
      don't free a driver structure from the stack!
      don't build cli_reg in rpc client library until we merge that from tng
      init_unistr takes a const 2nd arg
      updated proto.h
      don't return a passwd struct for usernames that don't
      fixed some more crashes
      if the tdb stored driver isn't formatted right then return a default
      moved secrets handling into secrets.c
      added %J and %T to run_print_command()
      moved secrets fns into secrets.c
      moved secrets fns into secrets.c
      fixed some ptr declarations
      new protos
      someone forgot a !
      added a MANGLE_DRIVER_PATH define to chooose whether we stuff with the
      fixed the pack/unpack of the devicemode
      added some debug code to track down pack/unpack problems
      some printer parameters are getting corrupted, possibly by the client
      sec_desc_size() needs to handle a null secdesc
      no space was being reserved for the security descriptor in the parse
      we no longer need the code to cope with setprinter having corrupted
      added -O (use oplocks) option to locktest
      fixed a off by one bug in ntforms read from the database
      added locktest2
      don't ue nasty /proc/locks hack by default
      simple increment bug in uniarray_2_dosarray
      fixed sizeof() typo
      started adding support for relative, plus options for autoalignment
      split some of the irix kernel oplocks code into a function
      some templates needed for the new aparser stuff
      the Linux F_GETLEASE value has changed
      clean up oplock capability code ready for Linux code
      continued the split of the kernel level oplocks code into a more
      continued the split of the kernel level oplocks code into a more
      a first pass at Linux kernel oplocks support
      Linux kernel oplocks now seem to work, but need a _lot_ of testing
      fixed Linux capabilities handling
      a better test for oplocks being enabled in this kernel
      split all the change notify code out into a separate module
      fixed comments at top of module
      fixed a bug in BlockSignals() for systems that don't have
      totally rewrote the async signal, notification and oplock notification
      enable the Linux change notify code and change some notify debug code
      forgot to checkin select.c
      always use the DN_CREATE mask (NT expects file creation always to
      fixed the change notify bit definitions
      use DN_ATTRIB kernel change notify attribute
      added -L switch to tell smbtorture to use oplocks
      add some brackets
      allow posix locking database to be opened read-only (for smbstatus)
      allow for lots of connections per server
      argv parsing fixes
      proto update
      fixed autoconf test for kernel change notify support
      allow the notify implementation to choose the select timeout change
      add -d debuglevel option
      added support for kernel level share modes. These are a (small) hack,
      open files with O_NONBLOCK when available. This is necessary to
      use the right MMAP flag
      - use read locks when possible
      support both read and write locks inside the tdb
      reverted lukes changes in param/
      fixed two minor bugs in new sys_select()
      fixed size alignment in talloc
      slightly saner defaults
      simpler configure test
      got smbw to compile again on Linux
      added -L option
      wrote a little sample smbw program
      don't need shmem any more
      the smbw sample prog
      new protos
      if the sids are not the same pointer and either of the sids are NULL
      fixed help string
      added printer admin option
      add printer admin docs
      got error code right for printer update/add failure
      - fixed the %U macro so that the old (and documented) semantics work
      made reopen_logs() always re-open logs, not try and be smart about not
      fixed "admin users" option with new security code
      make sure a couple of variables are initialised
      the first cut of the internal messaging system.
      a simple test program I use to test the debug message system
      debug messages now work for nmbd
      much nicer message interface. We now register dispatch functions,
      we should not lowercase the username we receive in
      - changed the msg_type to be an int instead of an enum so that it is
      - fixed some memory leaks in the messages code
      fixed a race in the pipe() setup in sys_select()
      first cut at smbcontrol program. It currently allows syntax like:
      don't show equivalent enum options in swat
      added cli_lock64() and cli_unlock64()
      fixed a harmess mixup of bitops and a boolean
      use the 64 bit locking interface in locktest
      added a hack to get 64 bit locking working with the broken fcntl()
      new prototypes
      don't use gets() !
      added tdb_lock_bystring() and tdb_unlock_bystring()
      got rid of tdb_writelock() and instead lock a chain. tdb_writelock()
      an attempt to get the handling of fields in printer info structures
      use process_exists() not kill(pid, 0)
      the duplicate checking code will cause unaligned accesses on non-intel
      save and restore errno in select
      support smbcontrol sending messages to itself (for testing purposes)
      fixed the problem with messages not getting through
      we don't need the separate lp_status() connection records any more
      fixed a potential locking deadlock in tdb
      fixed messaging bug - use strlen() instead of sizeof() in key length
      change the split threahold for the free list to prevent freelist
      split the RPC_PARSE object into two pieces. The first is included as
      - added client support for nttrans calls
      a prootype program for querying/setting a security decsriptor on a
      new proto
      make sure we don't duplicate object files
      added basic ability to dump remote file acls
      getting/setting acls now works. The SIDs are still numeric, the next
      - better parsing
      changed an error message
      cleaner parsing and default handling
      new protos
      - added help
      - with -D only delete first match
      fixed SACL bug
      no longer pass the type to make_sec_desc(), instead the type is
      new proto
      fixed acls set bug
      c++ style comments are NOT allowed
      signed/unsigned warning fixed
      in cli_session_setup() accept usernames of the form DOMAIN/USER or
      document -U change
      removed SACL support (as it doesn't work with w2k if you ask for
      fixed indentation
      fixed setting ACLs on directories
      pass the desired access into cli_nt_create()
      fixed the parsing again and got setting acls working with w2k
      added a comment
      fixed a typo
      exposed the broadcast name resolution routine outside namequery.c
      added support for browsing the list of workgroups at the top level in
      new prototypes
      first version
      This commit was generated by cvs2svn to compensate for changes in r2,
      - fixed FlattenHash bug
      added a comment
      fixed help
      added header generation
      beginnings of the C parser generator
      changed auto-generated comment for headers
      implemented a much nicer name_status() interface. It now returns a
      removed unnecessary process_exists() call in message_send_pid()
      fixed pipe in smb.conf description
      reverted *.* patch until someone explains to me what the test case is
      initial client side unicode support (needed for netapp filer)
      pipe opening now works with unicode
      playing with CAP_NT_SMBS
      optimise by default
      setup workgroup when found
      up the debug level of the debug level change msg
      converted cli_mkdir()
      converted cli_list()
      converted cli_chkpath()
      converted cli_open()
      - neater setting of bcc
      converted nt_create and setatr
      converted a bunch more fns
      yipee! client unicode now works well with nt
      don't need _uni hack now
      added support for a CLISTR_ASCII flag so we can use a uniform
      reverted richards cli_NetServerEnum changes - they broke lots of things
      the unicode conversion of our client code is complete enough to be
      fixed a crash bug in smbpasswd
      converted the last couple of functions in libsmb to be unicode
      make ascii_to_unistr always use little-endian. This fn is never used
      rpc_parse_samr.c doesn't exist in head ...
      but it is needed for linking ...
      cope better with broken filer expectations
      make sure we don't free non-allocated data
      cope with filer/NT/samba all in one binary. yeah.
      - workaround filer lsa lookup bug for unknown sids
      fixed character set init in smbw_sample
      don't crash on null acl sort
      - fixed the sort_acl bug, sorting now works right
      cast the qsort
      make sure denied aces are first
      the -m option to the client is back
      neater negprot code using the new cli_setup_bcc() call
      use cli_list_old() when negotiating the older protocols
      a snapshot of my attempts to get wildcard matching right for LANMAN1
      add cli_list_new() for forced new protocol listing
      fixed a bug in non-terminated unicode strings with clistr_pull()
      made some progress in masktest
      updated prototypes
      made some LANMAN1 wildcard progress
      I have now found that despite initial appearences the lanman1 wildcard
      almost there with lanman1 wildcards. We now seem to correctly handle
      remove some test code
      better handling of '.'
      to use the same macros in the client and server rename the CLISTR_
      started support for unicode on the wire in smbd. Using a very similar
      converted reply_open, reply_open_and_x and reply_fclose
      this patch does a number of things:
      converted findnext to unicode
      - convert chkpath
      added STR_ASCII flag to srvstr_pull()
      converted a bunch more server functions to unicode
      converted reply_tcon()
      simpler and more correct srvstr_push()
      converted a bunch more fns to unicode
      fixed srvstr_push() call
      converted a bunch more trans2 calls for unicode. This got quite tricky :(
      converted the smb messaging code to unicode
      simpler clistr interface which handles individual packets having
      don't need srvstr_push_size or srvstr_pull_size
      enable unicode on the wire by default in smbd
      added STR_ASCII support to clistr_pull()
      converted reply_search
      converted reply_printqueue
      converted the nttrans code to unicode on the wire
      finished the conversion to unicode of the last of the trans2 fns
      fixed volume_name(). It used dos_to_unix() which uses a static buffer,
      don't need to force unicode strings in flg2 anymore
      removed useless debug msg
      ADMIN$ is an IPC share, not a disk share
      fix this in rpc calls as well
      much better readline support from Simo Sorce, with some mods from me
      fixed some compilation errors with IRIX cc
      much simpler readline code
      fixed unused variable
      added basic command completion support
      fixed rpcclient readline code
      added option "enhanced browsing"
      added "enhanced browsing" option docs
      latest attempt at lanman1 wildcard matching
      added -E option (for exit on errors)
      a much simpler talloc() implementation. This version has the following
      started converting some of the only-ascii code to use srvstr_*
      test commit for jeremy
      hide unreadable patch from idra
      merge from 2.2
      new files for head
      merge from 2_2
      merging from 2.2 to head
      a couple of minor merges from 2_2
      merge from 2_2
      merge some of the nsswitch code from tng to head
      added solaris wrapper from tng
      fixed typo
      added test for C99 compliant vsnprintf
      added much better snprintf code, plus new function asprintf
      C99 test for snprintf
      got asprintf defn right
      added asprintf test
      use asprintf for hideunreadable option
      - added test for vasprintf
      don't need slprintf.c any more
      - fixed some compiler warnings
      fixed %u/%U example
      make clean should remove PROGS
      fixed comment-in-comment
      fixed some uninitialised variables
      added more complete C99 snprintf test
      added error msgs to fcntl_lock test
      added sys/wait.h to fcntl_lock test
      use O_EXCL for fcntl_lock.c test in case some fool runs on /tmp
      merge from 2.2
      clearer tdb_mmap code
      add an alarm to fcntl test to stop tru64 from freezing on the test
      allow env variable TESTDIR for directory for fcntl_lock test
      replace modf so we don't need the math library
      new mput code from idra that doesn't need a call to find
      fix interfaces.c for aix 3.2.5
      merge some fixes from 2.2
      rebuild proto.h
      removed need for scandir in client.c
      latest config.guess and config.sub from gnu.org
      statcache initialisation fix
      make the max_connections code less horrendously inefficient
      remember to close tdb after use
      make sure that when a tdb expands we fill the expanded area, otherwise ENOSPC could be very bad
      ran make proto
      - added ability for swat to run under CGI. This needs
      return an error code on password attack, rather than exiting.
      try to make the tailer code much more robust. When a record
      make sure the umask is set in swat
      more portable TDB_LOG macro
      added a tdb_open_log() function that opens a tdb and enables logging
      - fixed an off-by-1 bug in the delayed deletion code that I believe
      use the new tdb_open_log() fn on connections database
      make swat recover from previously bad umask from xinetd
      new proto.h
      added list function to tdbtool
      merged fix for tdb_unpack from 2_2
      - added AC_HAVE_DECL() macro to aclocal.m4, so we can easily add
      fixed asprintf declaration
      removed SHLIBS until someone has time to get it to compile on more platforms (Richard?)
      use LDSHFLAGS not -shared in several places
      fixed solaris compilation error (don't add to a void*)
      don't use c++ style comments
      added a oplock break handler hook to the client code, this allows for more complete testing of oplocks from smbtorture and would also be essential if a client app ever really did want to use oplocks properly
      torture code is moving to its own directory
      moved all our torture code to a separate directory
      added a torture target for building all torture progs. Fixed a typo in locktest
      added a close-share smbcontrol message that forcibly closes a share in smbd (to allow unmount)
      Added STR_NOALIGN flags to clistr and srvstr fns. Yes, NT actually does
      next_token() was supposed to be a reentrant replacement for strtok(),
      added some comments to make the cli read code clearer
      the BAD_PTR idea in talloc.h is actually a bad idea - it means callers have no way of telling if the call really failed
      auto-build proto.h if its not there, but don't make it depend
      add an ignore on proto.h
      added the ability to test smbd safely as an ordinary user. The way it works is
      - make the regresison test mode code build in by default. This should
      added a -L option to smbpasswd to force it to run locally so we can test smbpasswd as non-root
      make sure we have BOOL in autoconf usage of util_sec.c
      fixed usage of socklen_t and also tidied up SIG_ATOMIC_T, using a typedef instead of a define
      got rid of the date headers off all text docs
      fall back to "unsigned" for uint32 on systems that don't have one
      fixed build
      handle EISCONN in socketpair_tcp
      on sco2 socketpair_tcp needs a bind
      temporarily made smbclient a non-error target so that builds will succeed when it fails. This will give richard a chance to fix problems without breaking the tree
      fixed guest account for build farm boxes
      cli_read() was reading too many bytes.
      fixed socketpair_tcp for OpenBSD
      check for bad usernames early in session setup
      removed some debug code
      The big character set handling changeover!
      strchr and strrchr are macros when compiling with optimisation in gcc, so we can't redefine them. damn.
      missed a couple of strchr calls
      we don't need the codepages any more
      we don't need the codepage sources any more
      fixed uninitialised variable
      got rid of __FUNCTION__ debug
      portability fixes
      more portability fixes
      added builtin support for UTF8
      make sure we reset the shift state on error for charsets like SJIS
      optimised the 7 bit case for utf8 conversion
      use alpha_strcpy on the domain as it comes off the wire
      use alpha_strcpy on DNS names
      fixed compilation of masktest on AIX
      fixed a bug in the parameters SMBctemp uses in open_file_shared()
      added line-feed at end of templates
      this fixes the failure of MS office on VFAT partitions on Linux
      removed an unreachable statement
      added some comments and removed an unnecessary check
      fixed inetd operation as non-root
      got rid of insanely verbose debug messages on startup
      fixed bug where we looked at the first byte of a password to determine
      fixed a silly bug in the internal UTF8 implementation
      check for initialisation in convert_string()
      formatting fixes
      fixed strrchr_m
      fixed some unicode and LANMAN2 bugs in trans2 find first
      fixed some unicode and LANMAN2 bugs in trans2 find first/next
      fixed the auto-initialisation of the iconv descriptors
      added sec_initial_uid() function so we can ask if a file is owned by
      formatting fix
      allow winbindd to run as non-root so we can test it more easily
      improved the command line parsing of rpcclient
      removed remnants of libtool
      fixed anonymous login in rpcclient
      added winbind_exclude_domain() so smbd can tell the winbind client
      much better handling of broken DNS servers
      removed some unnecessary code
      the nss and pam modules in winbind don't have strchr_m() yet, so use
      switch from UCS2 to UCS-2LE
      changed the iconv interface to go via ucs2 for all conversions. This
      if EILSEQ doesn't exist then use EIO. It doesn't really matter what
      build smbtree by default. It's a very useful utility.
      added a --with-libiconv=BASEDIR/ option to allow easier use of an
      a better test for unix domain sockets
      ucs2 is always a multiple of 2 bytes
      nicer smbtree output
      got rid of INFO: msgs at debug level 1
      - don't try to print pointers
      need to push smb_search strings in client charset
      we need to pull passwords in client charset for crypto to work
      removed unused file
      removed unused file
      a bunch of fixes from the sflight to seattle
      added -b option
      allow for the NULL in make_nmb_name()
      two fixes for NT clients -> share level Samba server
      string terminate in mkdir
      a fix for directory listing with the dave/thursby client
      minor bug fixes to smbtorture
      added ERRbadmcb
      added port 445 support to our client code
      the beginnings of a TRANS2 scanner
      better error reporting for servers that don't do port 445
      use 32 bit locking if client doesn't do 64 bit
      more minor torture updates
      fixed shortname length in trans2 list
      0 byte lock ranges ARE valid
      flush on a invalid fsp should give an error
      allow for 0 range locks in locktest
      tests for 0 length locks
      fixed handling of 139/445 in clients
      fixed level2 find first for unisys clients
      we now have all but the dreaded 0/0 lock working
      converted smbd to use NTSTATUS by default
      started converting NTSTATUS to be a structure on systems with gcc in order to make it type incompatible with BOOL so we catch errors sooner. This has already found a number of bugs
      forgot to commit the scanner code
      converted another bunch of stuff to NTSTATUS
      fixed typo
      more NTSTATUS changes
      use a name not a number for ERRinsufficientbuffer
      updated copyright for Michael Sweet
      the next step in our error code handling change
      tidied up some unused vars in JFs new fns
      more NTSTATUS/WERROR conversion
      the next stage in the NTSTATUS/WERROR change. smbd and nmbd now compile, but the client code still needs some work
      it now all compiles - so try enabling it by default and see what explodes on the build farm
      a fix for fussy compilers
      cope with pam being off
      fixed compilation of torture
      don't do pointer arithmetic on void* (some compilers can't do it)
      fixed a bunch of compilation errors on Solaris, mostly people getting NSS_STATUS and WINBINDD error codes mixed up
      more warning fixes on solaris
      fixed some compilation errors in cli_netlogon.c - tim, you need to rerun configure to get the new NTSTATUS stuff right
      added filename to error_packet()
      use cli_is_error() instead of looking in smb_rcls, otherwise NT status
      fixed formatting to make the code vaguely readable. It's still a dogs
      when you update the share mode in the db you must also update
      2nd DELETE_ON_CLOSE_FLAG fix ...
      use NTSTATUS not BOOL in do_lock()
      it turns out that XP agrees with the samba head branch over the right
      enable strict locking by default. This will be slow, so now we just
      actually obey the "use mmap" smb.conf option
      use a different test tdb name for tdbtest and tdbtorture
      flush stdout in test logging fns
      - fixed proto.h build on systems using a parallel make
      got rid of USE_TDB_MMAP_FLAG as its not needed any more
      added "display charset" option in smb.conf, along with d_printf()
      convert more code to using d_printf
      fixed missing const on d_printf declaration
      removed pointless parameter from readfile()
      fixed typo
      replaced stdio in many parts of samba with a XFILE. XFILE is a cut-down
      added xfile
      passdb/smbpassfile ain't needed any more - it only provided migration from an ancient file format, not relevant for Samba 3.0
      made a couple of local fns static
      kill a dead fn and make a local one static
      more static/dead fns
      declare dbf in one spot
      convert more code to use XFILE
      convert more code to use XFILE
      - enable MSDFS by default, there seems no reason not to have it enabled
      added a new global option "hostname lookups = yes/no"
      fixed compilation error in smbw
      fixed compilation of groupdb
      fixed ctemp in server and client. It turns out that ctemp on NT is completely broken, and it's pointless to emulate their brokenness completely in this case, but at least this makes us use approximately the same packet format. The spec is complelet wrong in this case
      don't try to initgroups in non root mode
      got rid of bogus write list substitution error messages
      *llist being NULL is not an error
      added a hook to reopen all tdb's after the server fork
      removed anti-race code that could cause a classic ABBA deadlock
      fixed character set for user name pull
      fixed the error code handling in can_delete() by converting it to
      fixed the Makefile so we don't rebuild libsmbclient and build_env.h
      convert all POST variables from display to unix charset
      tdbtorture updates from when I was trying to track down the hp tdb bug
      fixed bug in POST var handling
      fixed a silly off by 1 bug
      added cli_qpathinfo_alt_name() for fetching the 8.3 name of a file
      allow all ucs2 chars in utf8, rather than mapping some to a single
      added a little smbtorture test for dumping the unicode table of a
      fixed a typo
      fixed the really awful performance problem with the stat cache when it
      fixed compilation of tdbtorture
      make strupper() and strlower() not modify the string if it doesn't
      - fix handling of 0 last_change_time and must_change_time
      honor the ACB_PWNOEXP flag in smbpasswd
      the CASETABLE torture target now generates the complete unicode
      better method of generating the case equivalence table
      switched over to a new method of handling uppercase/lowercase mappings
      removed old unused files
      set ACB_PWNOEXP by default on new accounts.
      fixed basic ucs2 operation on big endian boxes. Still a bit more to
      fixed lame valid table
      initial kerberos/ADS/SPNEGO support in libsmb and smbclient. To
      profile.h is now known as smbprofile.h due to a conflict with badly
      first step in converting the head branch to use lang_tdb.c instead
      fixed some memory leaks, started adding asn1 decoder for server side
      added a ASN.1 parser, so now I can properly parse the negTokenInit
      improve the error handling in the ASN1 code a bit
      added NTLMSSP authentication to libsmb. It seems to work well so I have enabled it by default if the server supports it. Let me know if this breaks anything. Choose kerberos with the -k flag to smbclient, otherwise it will use SPNEGO/NTLMSSP/NTLM
      moved some OIDs to the ASN.1 header
      fixed two bugs in the NTLMSSP code
      fixed NTLMSSP with XP servers (who don't send the duplicate challenge
      minor Realloc() fix - pedantic
      bit neater talloc_asprintf() implementation
      the next step in the intl changeover. This should get us compiling agian,
      return of vsnprintf doesn't include termination
      forgot to add intl.h
      fixed typo
      fixed the --with-krb5=dir option.
      include more libs needed for kerberos5 on some systems (eg. solaris)
      removed unused gettext code
      always install swat language files
      split session setup code out of reply.c in preparation for adding
      - renamed *.po message files to *.msg
      updated copyright notices
      fixed finding the resolv library
      fix linking of k5crypto library on openbsd
      fix heimdal compilation
      added basic NTLMSSP support in smbd. This is still quite rough, and
      removed some debug code
      the beginnings of kerberos support in smbd. It doesn't work yet, but
      got rid of start_background_queue()
      quick fix for krb5 compilation. I've told vance how to fix this module
      fixed LDSHFLAGS when using non-standard lib locations
      don't need KRB5_DIR define
      removed an unused variable
      add non_root_mode() check
      finished auth when we get a valid kerberos ticket
      better krb5 error handling (thanks andrewb!)
      crude fix for anonymous session setup with extended security
      fixed the spnego detection code in session setup
      support both old and new kerberos OIDs
      made smbclient cope better with arbitrary principle forms
      change smbd to use HOST/hostname principle form until I work out how
      change smbd to use HOST/hostname principle form until I work out how
      patch for neater output() function from vance
      - fixed link order of krb5 libs
      a quick fix to get rpcclient working again. This just disables
      zero the data, not a pointer to the data ...
      remove {} from default valid char list
      get the string lengths right in domain logons
      free the negTokenInit structure
      fix the tree so it compiles again
      - make sure we use a non-zero session id so we can have multiple conns
      add asn1 integer handling ready for the ldap netjoin code
      fix locktest default parameters
      fix maxfd test to start deleting at right file
      add a hook to save the krb5 PAC
      added strlcpy() and strlcat()
      added ANS1 integer define
      added the beginnings of ADS support in smbd
      forgot this file
      forgot a file
      rewrote net.c
      removed unused function
      added "net join" command
      better auto-selection of realm and ldap server
      stop popt from doing its own intl stuff
      made a "net ads" command, currently with "net ads join" and "net ads leave"
      added "net ads status" command
      added "net ads user" and "net ads group" commands
      use generate_random_str()
      better help
      check for liblber separately
      added HAVE_LDAP_H check
      move popt out of proto objs
      add popt build dependency
      fixed typo
      portability fixes
      added 'security=ADS'
      fixed spnego, non-kerberos negprot
      use DEBUG() not d_printf() in libraries
      we can safely give NO_SUCH_USER if the ticket decodes but the local
      updated server_role for ADS
      add SEC_ADS auth method
      basic ADS HOWTO
      increment the value not the pointer
      don't die with a FPE if there are no DCs
      automatically look for /usr/kerberos to make redhat happy
      don't try to auto-change the trust password unless we are in domain
      fix sense of lp_allow_trusted_domains()
      prevent a memory leak of cli structures
      unable to open smbpasswd on initial create should only be a warning
      more memory leak fixes
      added -i option to nmbd, giving interactive mode (like winbindd)
      prevent a bogus insure wild ptr message
      fixed another memory leak
      another memory leak bites the dust
      fixed leak in free_user_info()
      reverted incorrect patch
      fixed the panics on basicsmb-sharelist on sun1
      allow printing of NULL pointers with internal snprintf
      added test for krb5.h
      don't use /dev/null for a smbpasswd file
      up the log level for server level security to try to track down the
      always send an OID list until we handle raw (unwrapped) NTLMSSP
      fix a bunch of places where we can double-free a cli structure
      turn off the insure xterm hack for now
      fixed a core dump in server level security
      minor update
      fixed some krb5 ifdefs
      fixed lame char tables on big endian machines
      2nd attempt at fixing lame char tables on big endian machines
      fixed toupper_w() and friends on big-endian
      fixed typo
      define LDAP_PORT when not available
      ads->realm must not be NULL
      we need to look for liblber before libldap
      more specific DNS instructions
      not used any more
      The beginnings of alternative backends for winbindd
      init group db before use
      re-enabled insure backtrace, calling /usr/bin/backtrace
      split winbindd_enum_dom_groups into the new backend structure
      fixed the nsswitch initgroups code
      fixed default location of libnss_winbind.so
      added nsstest target
      added a basic ADS backend to winbind. More work needed, but at
      make proto should build winbindd_proto.h as well
      added another ATYPE_
      const religion
      added name_to_sid to the backend
      put sid_to_name behind the winbindd backend interface
      changed query_dispinfo to query_user_list
      when using non-encrypted password ignore the ntpass variable to
      const religion in talloc calls
      typo fix
      added a query_user backend
      moved init_account_policy() to the right place
      moved lookup_usergroups() into the backend structure
      allow for passwords other than "samba2"
      added ads_search_dn() and ads_pull_sids()
      added lookup_groups() to the ads backend
      fixed an off by 1 bug in talloc_asprintf()
      added functions that convert a ads binary blob to a string (for
      finally worked out how to do ldap lookups by binary blobs, so I can
      added the last winbindd/ads backend function
      plugged most of the memory leaks
      more memory leak fixes
      added very basic ads connection cacheing
      fixed another leak - memory usage now seems to be quite small
      paranoia fixes in based ldap routines for potential memory leaks
      don't double free ldap message lists
      moved the sequence number fetch into the backend, and fetch the
      added timeouts and retries to ldap operations
      auto-init secrets.tdb
      added a REALLY gross hack into kerberos_kinit_password so that
      handle ldap server down better
      fix link error
      fixed a memory leak
      fixed a minor password memory leak
      fixed a return value
      added a propoer kerberos_kinit_password call
      allow a MAX_DEBUG_LEVEL setting in local.h (or the Makefile)
      put the winbindd krb5 credentials cache in the lock directory
      allow nsstest to test any nss module
      added a "use spnego" option
      added internal sasl/gssapi code. This means we are no longer dependent on cyrus-sasl which makes the code much less fragile. Also added code to auto-determine the server name or realm
      fix a DEBUG() line
      check for gssapi_generic.h
      fixed used of string after free
      fixed type passed to ads_search
      - use accountype not accountcontrol
      - check for correct error codes
      better error checking in nsstest
      set return value to total errors
      added a simple tdbdump utility
      add smb_xvasprintf() panic wrapper around vasprintf
      completely new winbindd cache infrastructure
      removed a debug line
      explicitly encode NULL strings in the cache
      make sid_binstring available without HAVE_ADS
      added some comments
      moved the domain sid lookup and enumeration of trusted domains into
      added some comments
      switch off level 100 debug for server security
      cleanup a little namespace pollution
      shrank the winbindd_cache.tdb somewhat
      winbindd backends can now be marked "consistent" or "inconsistent"
      use objectCategory instead of objectClass for faster searching
      robustness fixes and moved ccache location into winbindd_ads code
      moved ccache location change into winbindd code
      reinstated all the rap commands as top level commands until we get the
      got rid of start_ndx from query_user_list()
      removed the start_ndx parameter from group enumeration
      allow overriding the local time in kerberos_kinit_password()
      detect attempts to connect to names of the type NAME#xx and do a
      added a net time command. Allow display or set of system time based on
      added a comment about /bin/date
      better error handling
      handle a NULL hostname in cli_connect()
      handle systems without setenv()
      prevent double free
      allow join of already joined domain
      ads howto update
      pam_smbpass updates from a.bokovoy at sam-solutions.net
      added "net time zone" command to show the timezone on a computer
      improved error message from failed connect
      try the PDC for our workgroup if we can't find the ldap server
      better error handling
      make sure we find NSS_STATUS struct
      added "net ads info" to fetch basic ADS info without any auth
      -Insswitch/ breaks the build by preventing include of <nss.h> from working
      don't use -u switch to /bin/date - too many systems don't honor it
      removed unused variable
      obey "use mmap" on case tables
      allow selection of the organisational unit when joining a realm
      fixed handling of empty or dead domain in wbinfo -g
      fixed sid_compare_domain()
      better nsstest error checking
      - added initial support for trusted domains in winbindd_ads
      added trusted realm support to ADS authentication
      we only have gss_ fns on a krb5 capable box
      much better ADS error handling system
      add support for mixtures of ADS/NT4 domains, as long as the primary
      use "ads server" option if set for primary domain
      net ads password and net ads chostpass commands from Remus Koos
      mark '.' as a valid character
      much better auto-init of valid_table[]. This should just about remove
      fixed long filenames on win98
      net now sends its debug to stderr so its output can be relied upon in
      added net lookup command
      forgot to commit this file from remus
      support "map to guest" with spnego
      don't use server_info after its been freed
      fixed sscanf() of gid_t values
      fixed warnings on irix and crash bug on big endian machines
      fixed more warnings on irix
      added ads_domain_sid() function
      make sure we store the domain sid when joining a ADS domain
      check for a winbindd username when doing a kerberos auth
      lp_setup_logfile() doesn't exist any more
      fixed a typo in vsyslog()
      updated ldap test to test for less common function
      try to handle end of packet for not null terminated domain strings
      - handle kerberos session setup reply with broken null termination
      - portablitity fixes for cc -64 on irix
      more irix -64 portability fixes
      cope with systems that don't have full gssapi libs
      added a simple test to see whether building shared libraries actually
      renamed ans1.h to asn_1.h to prevent conflict caused by krb5 headers
      try to handle broken const in headers on cray unicos
      fixed ERRMAPEXTRACT torture to work with win2k
      added nTSecurityDescriptor field to host acct dump
      print the timezone in the same format as 'date +%z' - much better for scripting
      simple fix for creating blank data blobs
      fixed another DATA_BLOB constructor
      - use CFLAGS when linking shared libs (for things like -64 on irix)
      - fixed my breakage of CPPFLAGS
      make sure resolve_name() only returns valid IP addresses
      cope with direct IP addresses in resolve_name()
      make the winbind sequence number code more robust
      force the time difference in cache comparisons to be unsigned to cope
      fixed a crash in merge_aces()
      fixed a crash bug in domain auth caused by an uninitialised nt_status
      don't try to allocate zero bytes
      much better support for organisational units in ADS join
      don't use O_NONBLOCK in open(). This was added erroneously for kernel
      fixed a typo in the error map for WRONG_PASSWORD
      handle filenames like .bashrc better in the new mangling code
      this fixes the problem of not being able to add a SD to a file on a
      added 'wbinfo --sequence' to show sequence numbers of all domains
      reduced memory usage in winbindd with a rpc backend by using a
      fixed a bug in qpathinfo client code
      support double functions
      check for empty parameters in qpathinfo
      rewrote smbtorture to use the new dbench 2 format and methods
      fixed the directory removal for when the dir doesn't exit
      - only show 1 cleanup msg per client
      got rid of a silly '*' in printout
      when a trusted domain is down an ADS server will return a success on a
      reverted tims patch that broke configure
      serialise all domain auth requests
      fixed a memory leak thanks to dleducq at arkoon.net
      we definately don't want RCS $id tags in Samba. They make merging much
      fixed the gssapi lib configure test to not do the test twice
      enable large readwrite by default
      added cli_qfilename(), used in trans2 torture test
      this fixes the security tab on mapped drives for unicode clients.
      added a cli_qfilename() test to the trans2 tests
      don't do an ADS init when not in ADS mode
      made the domain secret key in secrets.tdb domain specific. This allows
      added a "XCOPY" test that simulates the open calls made by xcopy /O
      This fixes 4 info levels in a trans2 find_first that should not be null
      This is a nasty hack to fix "xcopy /o" from win2000 on a Samba share
      this allows us to support foreign SIDs in winbindd and smbd
      enable locking on the idmap database to make it safe to dump/restore
      fixed -c option to NBENCH test
      handle clock skew in getatr test
      make default unix charset UTF8
      added -k options for kerberos to smbtorture and locktest
      allow setting of lock range and base in locktest
      fixed NBENCH code for NT4 server ntcreatex semantics
      added -M option for minimum lock size
      show a progress bar during the deny tests
      accept the 0/0 lock but don't treat it in any sort of special way
      nicer message for --sequence when the server is disconnected
      get the right return code for batch vs exclusive oplocks
      added a tdb backup utility
      added -v and -s options
      build tdbbackup by default
      don't use -pg by default when building standalone
      added a bunch of explanation about tdbbackup
      better detection of dead ADS connections, so we have some chance of
      prevent a segv when a trusted domain is unavailable at startup
      a more informitive debug message when a SID can't be validated
      removed bogus prepend_domain() call which was screwing up getpwuid()
      make sure we use consistent keys in secrets.tdb by uppercasing domain
      rewrote the machine sid storage code to store the SID in secrets.tdb
      return the correct SID and domain name for the samr enum_domain and
      prevent bogus compiler complaints about comments in comments
      remove an unused variable
      add a note about the meaning of global_sam_sid
      try to use our workstation account password for ADS leave
      yipee! Finally put in the patch from Alexey Kotovich
      forgotten file, oops
      make tdbbackup more portable
      better handling of a zero timeout in cli_lock
      this attempts to handle the rather bizarre lock cache semantics in
      added -E and -Z options, and allow for the 2 servers to have different
      failed timed locks always give LOCK_CONFLICT not LOCK_NOT_GRANTED
      a bit more portability for tdbbackup
      added cli_locktype() for testing different lockingX lock types
      make sure we give an error for unknown lockingX locktype bits
      added a LOCK6 test for weird lockingX lock type bits
      expanded the lock6 test a bit to try lsarpc as well
      put in the ADS DNS hack, but commented out
      only try an ordinary file in lock6
      always make winbindd try for the PDC first before trying for a BDC
      get the test for disconnection the right way around!
      fixed 2 reconnection bugs in the ADS backend support
      fixed mapping of SIDs for local users
      if we know that the SID is local then don't try via winbindd
      detect SIZELIMIT_EXCEEDED in ldap queries and truncate
      lower the debug level of failing to map a file
      this tdb was being opened without locking, which is unsafe for shared
      added a -h usage option to winbindd
      enable locking on the winbindd cache tdb so it can be backed up and
      nicer output from "net rpc user add"
      the SEC_DOMAIN tests also apply to SEC_ADS
      if our lock spin code fails then return the first error code, not the
      fixed paged controls on my box. The problem seems to be incorrect
      added a ads_do_search_all() call, which is a more convenient interface
      updated winbindd to used paged ldap searches for all ldap queries
      make "net ads user" and "net ads group" also use the new paged interface
      the beginning of a test to determine and display a servers properties
      fixed the secondary group mappings for ADS users
      make net ads info work with -S
      a dodgy fix for a dodgy race condition in smbtorture child startup
      reverted Herbs smbpasswd commit as it completely broke setting a
      cope with a missing PAM define
      try to get the summary test working on OpenBSD
      not all versions of gcc support -rdynamic
      fixed a return value for a help function
      This split the mangling code up to allow for the possibility of multiple
      this adds a completely new hash based mangling scheme
      some optimisations to the new mangling system
      added some more comments
      - tidier flag checking code
      don't treat '.' as FLAG_ASCII, instead handle it separately
      a few debug statements (disabled)
      - the 36^6 hash space gives 31 bits, not 32 bits. We need to mask the
      possibly fix the 15000 user problem
      don't try to return a void
      added strndup() for systems that don't have it
      - added a mangling test suite that measures the collision rate on
      better mangling test. We now test that we can create by long name and
      nicer measurement of failures and collisions
      set the default hashing scheme in head to "hash2"
      merged the mangling test and passdb bugfixes into SAMBA_3_0
      fixed the display of the 'size on disk' property of files from w2k.
      when background printing wasn't enabled printing was completely broken
      two time handling bugfixes
      modified the ADS backend to accept either the long or short versions
      hanle the case where the win2000 username is completely different from
      pull_username() is a local function
      win2000 does not check the permissions on the share directory on
      it looks like it is possible for a w2k client to send a spnego auth without sending the negotiate - try to cope
      by using a prompter function we can avoid the bug in the MIT kerberos
      better handling of DOS LANMAN2.1 protocol
      this fixes the displaying of free disk space for DOS6 clients. Win2000
      make sure that we leave the tree unused after disconnecting
      make sure we don't walk past the end of the current SMB buffer when
      i forgot to commit these parts of the string handling patch earlier. Sorry.
      fixed the handling of STR_TERMINATE
      reran configure after adding a test for strnlen()
      ignore a few more files
      fixed a problem with the smb_buf() macro on some compilers
      stricter conditions on termination in strings
      make suure we get the return value from the pull_*() functions right
      disabled the traversal of the brlock database at startup and
      - fixed the is_mangled() interface to handle multiple components
      nicer strndup() function
      fixed the fallback to a BDC for ADS connections
      fixed a namequery bug caused by my recent string length patches
      fixed trust relationships in ADS winbindd after breaking them with my BDC changes ...
      try to cope better with the take ownership operation for foreign SIDs
      prototypes for some systems that don't have them
      a new "dual daemon" operating mode for winbindd
      made a couple of variables static
      main() needs to be indented to make sure it doesn't generate a
      damn! I forgot to commit winbindd_dual.c
      patch from Alexander Bokovoy needed for dlopen on bsd systems
      auto-recover from the fairly common case of a non-clean tdb shutdown
      added a 'net ads search' command, similar to 'ldapsearch' but using the
      fixed a spelling mistake
      fixed some debug messages
      put the ifdef for HAVE_VA_COPY in one place rather than in lots of
      a useful script for finding global variables or functions that could
      when nmbd starts up it is possible that dhcp hasn't started the local
      much better findstatic script
      fixed a bug in handling select in the main daemon - this stops the daemon spinning if a signal is received at an inconvenient moment
      reverted some bogus test code that jeremy accidentally committed
      fixed 3 bugs in jeremys trans2 merge. Hopefully it now works.
      - completely rewrote the wins_srv.c code. It is now much simpler, and
      fixed we_are_multihomed() to cope with dynamic interfaces (ie. don't
      mumble ... fix typo ... mumble
      made the wins list handling a littler clearer
      removed the wins name registration code from libsmbclient
      we never pass any userdata when doing name registrations on the
      This commit finally gives us multiple wins server groups. We now
      resolve_wins() now needs to be a public function
      The next phase in the WINS rewrite!
      fixed a link problem with global_in_nmbd
      don't warn on the loading of zero length files. This fixes the
      don't warn on non-existant files in map_file(), let the caller handle any warning
      make net join a bit less verbose
      don't backup to a newer file
      fixed a makefile syntax error that was breaking the build on some
      fixed a bug handling startup when the ads server is not contactable
      sort name query responses by how far they are from our interface
      bias the lookup sorting towards directly reachable IPs
      don't start the async dns process unless we actually need it!
      fixed multi-homed re-registration of names when we are a WINS
      ads_mod_ber should be static, not public
      used findstatic.pl to make some variables static and remove some dead
      fixed a prototype problem in client.c
      fixed our winreg parsing to handle a diifferent form given to us by
      the last WINS update broke self registration when we are a WINS
      fix declaration of global_in_nmbd
      make sure we disable referrals in all ldap searches - they are badly
      this fixes the ads dump code
      this implements a completely new strategy for fetching group
      fix setting machine passwords in the case where a user account of the
      - fixed a crash bug for 'print -'
      fixed a stdin bug in XFILE that prevented 'print -' from working
      fix directory listing on win9x.
      added --machine-pass option to net. This allows you to authenticate as
      added useful 'net rpc info' command
      move opt_machine_pass to keep some compilers happy
      removed some meaningless const casts that were causing thousands of
      this is a trick to work around the fact that posix does not supply
      after thinking about the env variable hack for avoiding group membership
      don't report the faiilure of non-blocking locks. They are supposed to
      fixed a problem with getgroups() where it could include our current
      don't use C++ comments in C - it doesn't work on many compilers
      fixed a call to get_current_groups()
      updated the 3.0 branch from the head branch - ready for alpha18
      checking for NULL really is counter-productive, and this one was also
      enum_group_mapping takes an enum not an int
      fixed a number of real bugs found by warnings on the 64 bit irix compiler
      more bug updates from head
      new files from HEAD
      fixed line buffer mode in XFILE
      fixed a segv in net time when the host is unavailable
      removed the freebsd getgroups check now that we don't use it
      added LDAP_SET_REBIND_PROC_ARGS in acconfig.h
      reran configure
      implemented getgrouplist() for systems that don't have it and use it
      reran configure
      I had forgotten to commit this after running configure
      fixed typo
      fixed logfile location to honor configure
      fixed man install
      partial apply of samba-patches 960
      good security patch from Timothy.Sell at unisys.com
      fix minor nits in nmbd from adtam at cup.hp.com
      make sure async dns nmbd child dies
      this is an interim fix for nmbd not registering DOMAIN#1b with WINS
      fix for smbtar filename matching
      minor portability fix
      an initial fix for handling sparse files in smbd
      introduced a get_file_size() macro in trans2.c to make it easier to
      - if we are in ADS mode then avoid an expensive netbios lookup to find
      removed a gratuitous standard_sub_basic() on the 'password server'
      2nd try at a fix for netbiosless connections to a ADS DC. This also
      a couple more minor tweaks. This now allows us to operate in ADS mode
      always include the (void) for void fns ...
      this fixes plaintext passwords with win2000
      net ads info now reports the IP of the LDAP server as well as its name - very useful in scripts
      make sure that 'net ads info' gives info on the server we specify, not
      the ads_connect() here doesn't need to actually succeed, as its only
      added support for smbd listening on port 445 and 139. It now listens
      fixed a net crash bug if we can't find a DC in a 'net rpc' command
      added 'disable netbios = yes/no' option, default is no
      make sure we zero the unusued elements in a SID when parsing
      fixed multi-line strings for portability
      support netbiosless search for the DC using ADS in the winbindd AUTH
      fixed the length checking for plaintext passwords (thanks to andrewb
      make sure we null terminate plaintext passwords
      fixed a bug where we were truncating the returned names in a netbios
      This fixes a number of ADS problems, particularly with netbiosless
      fixed wbinfo -t for netbiosless domains
      added 'net rpc testjoin' and 'net ads testjoin' commands
      fixed a memory corruption bug in the wins code
      fixed a memory corruption bug in ads_try_dns()
      when using netbios lookup methods make sure we try any BDCs even if
      fixed 'net ads chostpass' for new ads structures
      amazing! we've had a reversed comparison in our blocking lock code
      get the error code right in case of a blocking lock timeout.
      be a bit more paranoid about not getting duplicate domain names (can
      make the LOCK1 test randomise the time for the blocking lock test
      nicer locking timeout test
      added exact timing semantics on blocking locks
      round lock timeouts in lockingX upwards to multiples of 1 second, so a
      added a 'net ads lookup' command that does a CLDAP NetLogon query to a
      we now receive and parse the main cldap netlogon reply.
      we now parse the cldap reply and print its contents. There are a
      added a generic print_guid utility, and get the byte order handing
      make rpcclient use print_guid()
      print out the GUID in the CLDAP reply
      the SMBD_SELECT_TIMEOUT_WITH_PENDING_LOCKS macro isn't needed any more
      fixed memory corruption in cli_full_connection()
      added a useful unistr2 display function
      added a 'net rpc samdump' command for dumping the whole sam via
      a few minor cleanups in the cldap request
      made the CAP_UNIX test a bit cleaner
      don't use spnego in the client unless enabled in smb.conf
      a ASN.1 fix from anthony
      added smb_xstrndup()
      slprintf() takes a size argument
      show builtin groups in samdump
      fix connecting to a BDC when the PDC is down but in WINS and no bcast
      fix connecting to a BDC when the PDC is down but in WINS and no bcast
      removed a debug line
      ensure that we unlock in case we hit a tdb error
      convert the LDAP/SASL code to use GSS-SPNEGO if possible
      don't use ENCTYPE_ARCFOUR_HMAC unless the kerberos lib supports it
      initial mem_ctx to NULL
      added gencache implementation from mimir - thanks!
      another const cleanup
      more const cleanups
      disable stat cache when case sensitive
      Add clock skew handling to our kerberos code. This allows us to cope with
      allow --with-krb5 to override the location of the kerberos libs on
      change ADS negprot to match more closely the options used by w2k. This
      enable 'map hidden' and 'create mask' to allow the new OPEN test to
      fixed 3 bugs in the wins server code related to precedence of ! and &
      .NET likes both forms of servicePrincipalName in the machine account
      support all permitted encoding types in tickets. This allows us to
      only set UF_USE_DES_KEY_ONLY if we are using krb5 libraries that can't
      fixed a crash bug on 64 bit systems. Thanks to Anton Blanchard for
      - we need to rescan the trusted domain list regularly to cope with
      a space is a standard valid character in a filename
      reverted an incorrect fix. What I was trying to do was fix a problem
      add a 'mangle prefix' option to allow people to tune the number of
      fixed a possible segv when dealing with a blank password
      if trusted domains are disabled then we should not try to connect to
      much simpler code to choose a DC to contact in winbindd. We now always
      added a timegm() function for systems that don't have it
      make_server_info_guest() can need root for the ldapsam backend
      when doing a 'net rpc vampire' a pdb_init_sam_pw() is used to create a
      fixed some formatting errors and improved some debug statements in
      make sure that if kerberos fails we can fall back on NTLMSSP for SASL
      make sure we don't try to decode any null password buffers during a
      the change in the way %U is handled to use current_user has broken
      a better for for using %U in smb.conf
      more %U fixes for head
      merged the %U changes to 3.0
      fixed a number of places where we can try to free a wild pointer or
      a working timegm() function for systems that don't have it
      the 'padding' field in the query domain info reply is not a padding
      add help text for 'net ads lookup'
      clearer debug message when the user is already in the ldap db
      query_alt_name takes a forced unicode string in win2000. It is not
      merge alt_name patch from head
      added cli_lsa_enum_account_rights() call. Note that this is in
      allow a couple of LSA functions to take a username instead of a SID,
      fix some undefined behaviour with increments in C. In theory a
      the 'static' keyword here is useless as we are not declaring a
      This removes the 3rd argument from init_unistr2(). There were 240
      reverted this patch till I sort out the craziness with UNIHDR
      cleaned up the lsa_enum_acct_rights function and added a
      added LsaRemoveAccountRights
      added the LSA privileges server backend stubs. Right now they just log
      ignore configure in cvs
      ignore config.h.in in cvs as generated by autoheader
      make sure we don't run over the end of 'name' in unix_convert()
      merge from head
      added the 'lsaenumacctwithright' command to rpcclient. This allows you
      added server stubs for lsa_enum_acct_with_right
      removed a duplicate copy of smb_io_sid_array()
      pull_ucs2_talloc() should pull to a char**, not a void**
      add a note about a better method for finding netbios name of workgroup
      add a note about relative opens with blank paths - its a re-open!
      setup the %U substitution in winbindd for the homedir template
      initial server side privileges implementation, using a tdb. This needs to be hooked into pdb, and we need some access control on changing privileges. That's next
      - added help on -P option
      fixed a crash bug in the new winbindd 'sids rule!' code
      the new DEVELOPER checks for string overflows have (as expected)
      i forgot to commit the privilege db init call
      added -i option for ignoring dot errors in masktest
      fixed use_oplocks and the timeout in smbtorture startup
      make sure we have an empty directory when we start the utable test
      fixed the MANGLE smbtorture test with the new paranoid string code
      having sticky create times is not a bug
      fixed a strcat noticed by metze
      fixed a strcat noticed by metze
      win2000 can take much longer than the specified time to respond to a
      fixed the unmarshalling of the queryaliasmem SAMR call
      show which files we fail to create in the casetable test
      removed a duplicate lump of module stuff in configure.in
      it is possible for some of the real time signals to be used by glibc,
      merged real time signal fixes from head
      added a simple test for the old SMBtcon interface
      updated the TCON test so that win2000 passes. Samba now fails this
      fixed the -U option in nmblookup
      fixed the -B option as well
      added simple tests for SMBchkpath and SMBioctl
      reversed the sense of the TCON test, now that we know that win2003
      changed the order of checking whether a SID is a UID or a GID in posix
      don't rely on realloc() working on NULL
      strequal() returns True for equal, not an int
      fixed the popt option handling in nmbd, so that -i now works
      we weren't filling in the keylength in LANMAN1 and LANMAN2.1 negprot
      merge LANMAN1/LANMAN2.1 fixes from head
      installman needs to depend on installdirs, to fix parallel
      installman needs to depend on installdirs, to fix parallel
      fixed the ALL_INFO and ALL_INFORMATION trans2 QFILEINFO levels. The
      added the COMPRESSION_INFO trans2 QFILEINFO level and fixed the
      fixed the arbitrary 256 limit on the size of aliases in parse_samr
      shouldn't null terminate trans2 qfileinfo all_info/name
      fixed the termination of several trans2 strings
      removed the 'valgrind fix' that (although it may well remove a
      fixed the layout of the FULL_DIRECTORY_INFO trans2 findfirst level
      fixed the string alignment of the QUERY_EA_SIZE trans2 findfirst level
      - the 8.3 name in BOTH_DIRECTORY_INFO is supposed to be always unicode
      fixed a pstrcpy() that is not on a pstring
      make the allocation_size consistent between trans2 QFILEINFO and SMBgetattrE
      - the ALL_INFO trans2 QFILEINFO level uses a forced UCS2 name
      2 more places where win2003 forces UCS2
      SMBlockingX timeouts are in units of 2 milliseconds, not 1
      changed 'winbind uid' to 'idmap uid' in build farm tests
      mark the HEAD branch as deprecated. Nothing that a determined
      applied patch from bug#140
      when creating aliased parameters in loadparm.c you *must* place the
      don't call a function error_message() as that conflicts with a
      added an auth flag that indicates if we should be allowed to fallback
      use ZERO_STRUCT() instead of memset
      - fixed the bug that forced us not to use the winbindd cache when we
      use lp_realm() to find the default realm for 'net ads password'
      fixed smbtorture LOCK1 test to know about the correct multiplier for
      fixed libsmb code to set correct timeout in cli_state when waiting for
      removed editreg from standard build until it is portable. Right now it
      on AIX FD_ZERO() is defined in terms of bzero(), so we can't have
      i'm getting rather sick of this
      several places in client.c rely in commands[i].name == NULL being a
      made a debug statement more useful
      another improved debug statement
      reverted locale patch put in by jht (originally from vorlon).
      we need to call ads_first_entry() before using a ldap result,
      fixed a bug found by volker
      lp_security() is a function not an integer
      - added LOCALE patch from vorlon at debian.org (Steve Langasek) (bug #122)
      fixed the pstrcpy() bug in directory recursion properly
      this fixes a bug where Samba would under some circumstances return
      make sure we don't allow the creation of directories containing
      fixed segv in calls to pstrcpy() in cliprint.c
      This is a critical bug fix for a data corruption bug. If you
      CVAL_NC() doesn't need the (unsigned) fix and breaks the IRIX build
      first public release of samba4 code
      This commit was generated by cvs2svn to compensate for changes in r30,
      use the \\server\share form of tconx to work with servers that don't
      add support for 32 bit pid using the PIDHIGH field. This allows the
      check for an invalid TID in reply_exit()
      make sure we give the chosen workgroup in gentest
      - cope with servers that don't properly implement SMBexit
      added config.guess
      put config.guess in the right place!
      - added SMBntrename test suite
      disabled autoconf 2.53 requirement until we know exactly why it is
      process_model.h is not used at all - hangover from earlier design
      - expanded the ntrename test
      - added test for position_information via paths
      - added a raw smb scanner
      added read/write seek testing
      added seek to gentest
      added SMBopen to gentest
      added the ancient SMBcreate operation to the testsuite and client lib
      fixed allinfo bug reported by metze
      test resume by name before resume by flags
      don't give detailed errors for levels that fail
      nicer formatting in getattre
      fixed a comment typo
      some servers don't return a fs_type and dev_type
      try to cope with servers that return a blank alt_name field
      a few build fixes to try to get irix building
      fixed some places where we don't brace (flags & STR_UNICODE)
      fixed an enumerated type error found on irix
      more fixes from the IRIX compiler (thanks herb!)
      more fixes from the IRIX compiler (thanks herb!)
      fix handling of parametric smb.conf parms with embedded spaces
      - patch to fix a memory leak from metze
      ascii/unicode fixes in ascii mode found by smbtorture
      fix a segv when server doesn't support ATTRIBUTE_TAG_INFORMATION
      expanded the RAW-READ test to make it clearer that all locks conflict
      I think I've finally got the ascii/unicode issues right in trans2 find
      thanks to ntfsd and some google searches I worked out what the unknown
      - use deltree to setup base directory
      better child synchronisation at startup in NBENCH
      when we don't have a working iconv library we must default to using only builtin charsets. Defaulting to CP850 when we have just determined that it doesn't work just guarantees that Samba won't work at all (in fact it just seg faults at startup). This fixes Samba on AIX, and I expect on a bunch of other platforms.
      fixed snprintf.c for systems that have only some of the *printf() family of functions
      fixed spinlocks in tdb
      fixed a number of bugs and memory leaks in the AIX winbind shim
      the beginnings of a samba4 programming guide
      added some NTVFS info, and started the process model section
      much better synchronised startup in smbtorture - this allows us to run
      parameterise the listen backlog in smbd and make it larger by default. A backlog of 5 is way too small these days.
      - a few portability fixes from Jim Myers
      a major revamp of the low level dcerpc code in samba4, We can now do a
      we only want the per-call stub data
      started adding RPC-ECHO torture cases
      added a helper function to make building rpc functions a bit easier
      actually use the passed parameters!
      added rpcecho EchoData test
      added SinkData and SourceData tests for rpcecho
      added fragmentation support on receive for dcerpc packets. I have
      added support for fragmented sends
      yipee! we can now do lsaOpenPolicy() via the new interfaces, without
      lsa_OpenPolicy2 now works
      lsa_EnumSids() now works
      fixed some error found by valgrind
      fixed another error found by valgrind
      finished off the ndr_sec.c module
      allow qfsinfo to continue with just 10 levels supported in the server
      updated pidl to auto-generate the ndr_push_*() functions for the
      another major bit of restructuring of rpc in Samba4. Mostly moving
      a bit of a tidy up before I add the ndr_pull_*() side of things
      - generate both the pull and push side
      - corrected some lsa idl
      - more generation fixes
      - include includes.h
      added fixes for the pushing of arrays and handling non-ref pointers in
      added idl, generated code and test code for lsa_LookupSids
      check for pidl.pl in path, not $HOME/pidl/
      added support for arrays as function arguments and for unistr_noterm
      lsa_LookupNames now works
      get rid of some prototypes that aren't needed any more
      use a more consistent style for the client stubs
      - handle void functions
      converted the rpcecho pipe to use IDL
      added a module for auto-generating the client calls. We can now go
      - added the rest of the LSA calls as stubs
      i forgot to commit the rpcecho idl file
      added a test for lsa_Close()
      added lsa_EnumPrivs idl and test code
      added lsa_EnumTrustDom
      - fixed lsa_EnumTrustDom
      much cleaner handling of the different types of variables
      added IDL and test for lsa_EnumPrivsAccount()
      added IDL and test for lsa_EnumAccountRights()
      added idl and test code for lsa_LookupPrivName()
      - added support for the pull side of unions
      started adding support for lsa_QueryInfoPolicy
      automatically generate ndr_print_*() functions for every IDL
      automatic printing of unions
      start using automatic union printing
      fixed handling on pointers to arrays of structures in unions
      support lsa_AuditEventsInfo
      fixed the NDR structure alignment rules
      added QueryPolicyInfo/PrimaryDomainInfo idl and test code
      added support for 8 byte aligned HYPER_T
      added 9 more info levels to lsa_QueryInfoPolicy
      added support for "make pch" to build a precompiled header. Note that
      a small include file rearrangement that doesn't affect normal
      handle constant sized arrays
      lsa_PrivilegeSet seems to be a very strange beast indeed. It has a
      I think we now handle conformant arrays in structures correctly - the
      * fixed conformant arrays in structures
      more dfs work
      removed a bunch of the old rpc code in preparation for replacing it all with auto-generated code
      removed some obsolete .cvsignore files
      fixed rpcecho EchoData debug code
      * differentiate between pointers and non-pointers in switch_is union
      fixed the handling of unions of pointers
      we can now do a level1 NetDfsEnum()
      fixed another problem with pointers to arrays in structures
      * fixed lsa_LookupPrivName
      * added levels 4, 200 and 300 to NetDfsEnum. 200 and 300 don't work
      * make pidl.pl exit with an error on a parse error
      added the dfs_GetInfo all - all levels
      it turns out that all MS servers ignore the artifact struct_len fields
      added lsa_QuerySecObj() and the necessary sec_desc_buf supporting code
      added the first couple of calls from samr as IDL
      support a new value() attribute that allows us to auto-fill certain
      run LookupDomain on each domain returned from EnumDomains in samr
      added samr_OpenDomain() and samr_QueryDomainInfo() level 1
      fixed alignment of the buffers part structures
      added another 11 levels of QueryDomainInfo
      added samr_EnumDomainGroups and samr_EnumDomainUsers
      added samr_OpenUser, samr_EnumDomainAliases and samr_QueryUserInfo level 1
      added support for varying conformant arrays (needed for samr
      added samr_UserInfo2 and samr_UserInfo3
      added samr UserInfo levels 4 to 20
      added UserInfo level 21
      don't encode my own servers name in the test :)
      added OpenGroup and QueryGroupInfo levels 1 to 4
      added OpenAlias and QueryAliasInfo levels 1 to 3
      remember to samr_Close() policy handles after use
      the returned policy handle in spoolss_OpenPrinterEx() is pass by
      simple method for auto-building rpc files if idl changes, and
      run the basic build tests on sub-builds like "make torture" as well
      fixed the handling of much more general C expressions in value()
      slightly more efficient strlen setting in lsa and samr strings (calls
      added the "subcontext" attribute for auto-handling of user-marshalled
      use the "subcontext" magic flag for sec_desc_buf
      ignore .pidl files
      added support for "relstr", structure and union properties and public
      added support for level1 of EnumPrinters in spoolss. This uses a
      * the beginnings of non-constant fixed arrays
      use nstring and [relative] to support levels 1 and 2 of EnumPrinters
      better [relative] handling, allowing for nested relative structures
      nicer method of handling spoolss EnumPrinters
      handle non-NTSTATUS return types
      * more info levels for EnumPrinter
      added OpenPrinter and a test function. Note that the Samba3 structure
      call OpenPrinterEx on each printer on the server, and then call
      * support inline arrays
      security descriptors are no longer a "special" type, they are handled
      started documenting the extension to IDL that pidl implements
      use [subcontext] to make GetPrinter a bit easier in smbtorture
      auto-generate functions for printing top-level function
      * add another WERR err code
      added wkssvc.idl and test code
      remove an unused variable
      auto-generate top-level debug print functions when a flag is set on
      * use the new auto-generated debug code method.
      ignore c and h files in the idl dir. This makes it easier to
      support the 'default' case in IDL unions
      fill in skeletons for the rest of the function calls in wkssvc (based
      auto-generate the pipe UUID version and name
      remove some old junk from the Makefile
      use the auto-generated UUID, version and name rather than listing them
      added samr_QuerySecurity() call that displays the ACL for any handle.
      changed wks to wkssvc (suggestion from metze). Started adding samr_CreateUser().
      cope with no printers returned from EnumPrinters
      get rid of the old rpcclient code - it needs to be rewritten to use the new rpc infrastructure
      added samr_CreateUser() samr_DeleteUser(). The test suite creates a
      added another wkssvc info level
      added a thanks to Todd Sabin (with his permission)
      separate the reason and result codes in a bind_ack. This is needed for
      init samr and lsa names so the debug display looks right
      possibly better handling of NULL secdesc (thanks to lukeh)
      fixed country code field in samr_UserInfo5
      change to AuditEventsInfo struct from lukeh
      removed an unused structure
      slightly more accurate structure alignment code - I need to do proper
      after discussions with lukeh, I think we found a alignment bug in old
      as discussed on irc, this is a small patch that allows a few more
      added a wbtest program that shows how to access winbindd extended nss
      srvsvc IDL and test code from metze. Thanks!
      started to expand the echo tests to include more interesting test
      switched to a new way of handling unions, so that we can handle
      switched to a new way of handling unions, so that we can handle
      updated copyright year
      fixed wkssvc idl and test code for TransportEnum
      make the socket send code a little clearer
      * added support for empty case elements (including default cases)
      * changed to midl syntax using [case(x)] instead of case(x)
      some errors are expected in SAMR and LSA tests - don't fail the test
      * added a 'lstring' type for spoolss
      EnumPrinterData in spoolss now works
      make the echo idl match the win32 IDL again
      use strict perl package everywhere for error checking
      damn, "use strict;" in util.pm breaks pidl - but why?
      its LoadStructure() in util.pm that doesn't like strict perl - any
      avoid compiler warnings for unused variables with [relative] pointers
      added samr_LookupNames() and test code
      added samr_LookupRids() and test code
      use a precompiled grammer in pidl. This speeds up pidl by about a
      fixed srvsvc_NetShareEnumAll()
      * cope with pidl not being in $HOME/pidl
      fixed a comment
      a bit neater way of emitting code
      fixed pushing structures containing pointers inside unions
      started on samr_SetUserInfo()
      make sure we don't try to use c++ style variable declaration
      * fixed level2 of QueryUserInfo
      extensive samr_SetUserInfo/samr_QueryUserInfo testing, with
      moved the pidl auto-generated files out of CVS
      * fixed libndr.h header
      added samr_QueryDisplayInfo() (only level 1 so far)
      we now use a copy of pidl inside the samba4 source tree at
      Todd Sabin pointed out that a couple of the values I marked as hyper_t
      ignore generated idl.pm
      added support for 'ascstr', a ascii string in MSRPC !
      added 4 more levels to samr_QueryDisplayInfo()
      only display really verbose packet dumps when smbtorture is run at
      avoid calling the print routines completely if debug level < 2
      * changed the way strings are handled in pidl to a much more general
      print out the UUIDs from the end point mapper
      forgot to commit this, sorry
      don't ignore .h files here
      cleaner handling of relative pointers to strings
      fix a smbtorture memory leak
      fixed a bug with pushing non-pointer unions
      added some explanations for epmapper IDL and dom_sid2
      added Parse::RecDescent module into pidl to ensure we all use the same
      * you can't have two parameters with the same name (pidl doesn't enforce
      a fairly major upgrade to the dcerpc system
      * enable RPC/NDR validation in all smbtorture code
      * fixed NDR flag inheritance across push subcontexts
      dfs torture test now passes
      * fixed handling of relative subcontext unions
      * fixed null terminated string handling
      added the beginnings of an IDL validator, to give clearer errors when
      added support for 'const' in IDL files. This makes it easy to define
      added support for enumerated types in IDL files. This makes unions
      changed to perl for mkproto, patch from vance
      get rid of our awk scripts
      we don't need awk now
      reduced the number of magic types we need in mkproto.pl
      nicer base type handling
      fixed loadparm handling properly
      much faster inner loop and neater code
      final bit of tidyup and speedup
      by using a single proto.h we gain another factor of 4 in the speed of
      get rid of some more unused headers
      save about 35% of the time for "make idl" by processing multiple IDL
      ooh, this is fun!
      fixed the handling of value() attributes on scalars in IDL that
      added a tool called 'ndrdump' that allows you to dump NDR data
      * better diagnostics in ndrdump
      added the dcerpc remote management interfaces as mgmt.idl, and wrote a
      added tests for the remaining calls on the rpc management interface
      make sure we don't try to update a constant
      give far more detail in the EPMAPPER results
      added tests for epm_Map endpointer map calls
      removed the STFS specific flags in the Makefile.
      * prepared the dcerpc subsystem for adding the RPC over TCP transport
      initial implementation of dcerpc over tcp. RPC-EPMAPPER works, now to
      * fixed byte order in epmapper parsing
      added some paranoid checking for enums
      signed DCERPC over TCP now works !
      fixed some memory leaks in the dcerpc use of ntlmssp signing
      added auto-determination of the DCERPC over TCP port number by asking
      use the IDL defined NDR version number
      transfer syntax V2 isn't as magic as I thought
      show an error when the epmapper fails to find an interface
      added a link to opengroup PDU definitions
      by default sign RPC over TCP but not RPC over SMB. I will add command line control soon
      fixed default port handling pointed out by Tom Jansen
      added -m for 'max protocol' as a standard option
      switched to WERROR return codes in the management IDL
      a couple of tidyups
      use EPMAPPER_PORT constant instead of 135
      added an rpc scanner. This prints messages like this:
      more epmapper and mgmt magic
      added auto-generation of the IDL interface tables. This makes two less
      * support multiple interfaces in one IDL file in pidl
      * added a bunch of placeholder IDL files
      make sure there is at least one valid interface in an IDL file
      the beginnings of an automated tool for working out IDL properties of
      fixed some warnings
      got rid of a bunch of unused header files (now replaced with IDL
      more unused headers
      * removed a bunch of unused code
      * got rid of UNISTR2 and everything that depends on it
      got rid of more group mapping code
      removed more old code
      started adding netlogon IDL and test suite
      added netr_ServerReqChallenge and cleaned up byte array printing
      added netr_ServerAuthenticate() and test code
      added netr_LogonSamLogon() and test code
      fixed NTLMSSP_SIGN_VERSION (which I broke earlier today)
      neater credentials handling in netlogon client code
      * another small API change in the credentials code
      * netr_ServerPasswordSet() now works - the test suite changes the
      another big improvement in the credentials API. I think it now
      added netr_DatabaseSync(). It doesn't work as I haven't done schannel
      initial netlogon database sync partly works - needs some IDL tweaks
      netr_DatabaseSync() now works fully for database 0
      netr_DatabaseSync() now works fully for databases 0, 1 and 2
      don't pollute the structure name space so much
      * made some field names more consistent, and worked out that
      netr_DatabaseDeltas() now works. We ask for the deltas associated with
      make sure we can expand the critical versions structure without
      added netr_AccountDeltas(), which w2k3 gives
      added netr_AccountSync(), another NT_STATUS_NOT_IMPLEMENTED call
      added netr_GetDcName() - quite a useful call
      added netr_LogonControl() and netr_GetAnyDCName()
      added netr_LogonControl2() and netr_ServerAuthenticate2()
      added netr_DatabaseSync2()
      added netr_LogonControl2Ex()
      my debian unstable box uses "autoconf2.50" - i wish there were a
      some OSes already have a uint_t
      don't use c++ style comments
      we can't have two functions with the same name
      don't use c++ comments
      * patch based on work by Jim Myers to unify the ioctl handling to be
      * added a debug thread id hook from jim myers
      merged more updates from Jim Myers
      removed an unused file
      fixed a problem with "net rpc vampire" mis-parsing the alias member
      re-wrote pidl to use Parse::Yapp instead of Parse::RecDescent, This
      make pidl a little less verbose
      a bit more speed and better line matching in errors
      don't save the intermediate form to disk unless we need to
      * reduced the number of grammer conflicts a lot using (arbitrary)
      commit idl.pm now, as many build farm machines don't have 'yapp'
      "make proto" now depends on "make idl_test"
      cope with yapp not being installed
      fixed shell scripting error
      some systems don't have "which" and some systems don't have the "-nt"
      remove the tdbsam code for now. I have other plans for SAM backends :)
      * removed some unused code
      initial rpc server side infrastructure
      the rest of the initial rpc server side infrastructure
      more portable array of endpoints code from pidl
      the next step in the dcerpc server code. Added the link between the
      * the RPC-ECHO pipe now works in smbd, as long as the data sizes
      handle the auto-allocation of [ref] output arrays in pidl. This
      added handling of fragmented requests in the rpc server
      we now support pdu fragmentation on both input and output in the rpc
      added the echo pipe test calls
      added support for sending bind_nak replies in the rpc server
      after chatting with jeremy I decided to use a separate directory for
      added a basic dcerpc endpoint mapper to Samba4. Currently only
      added the epm_Map() call.
      rpcdump.exe now works fine against a Samba4 server
      dcerpc over tcp in the samba4 server now works to some extent. It
      make the IO in the dcerpc over TCP server completely async, handling
      completed the linkage between the endpoint mapper and the dcerpc
      add the ntlmssp calls back into smbtorture on rpc over tcp. The samba4
      fixed a bug handling multiple PDUs being read from a socket at one
      fixed some memory leaks in the rpc server code
      fix _ptr_ declaration
      ntlmssp over rpc over tcp now fully works
      fixed fragmented signed connections to our rpc server over SMB
      added auto-generation of the server side boilerplate code for each
      fixed the transfer syntax in the dcerpc bind reply
      zero length echo is not an error
      fixed the handling of zero-length top level arrays in pidl
      switch off the default of ntlmssp on rpc on smb as some windows pipes
      allow the specification of full dcerpc endpoint binding strings on the
      added some ncacn_* binding string examples
      more flexible handling of [] in binding strings
      don't try and build the libclient stuff in samba4 yet
      disable pam in samba4 until someone fixes it (hi andrew!)
      a script fix for the build farm
      "make idl" is now incremental and "make idl_full" is a full idl build
      fixed a typo in the m4 file
      make pidl no longer dependent on Data::Dumper, which isn't installed
      make sure we allow clients to negotiate ntlmssp seal if they want it
      patch from metze with updates to srvsvc and changes to pidl to allow
      fixed srvsvc DiskEnum call
      added "pidl.pl --template" to dump a rough template to save typing
      lots of shells don't have the -nt test, so use hackish find command
      lets see if "cc -E" keeps more of the build farm happy then "cpp"
      use the @CPP@ value from configure if possible when determining cpp in
      cope with different cpp formatting on some systems, and make sure we
      remove a redundent second check for PAM
      make sure we have a value for DEFAULT_PRINTING on all platforms
      don't rely on the ability of perl 5.6.x to remove elements from arrays
      use smb_rwlock_t instead of rwlock_t to avoid conflicts with system
      more portability fixes. We now almost compile on solaris
      some compilers can't handle structures with no elements. Generate
      more mutex portability.
      enable rep_inet_ntoa() for non-pthread builds
      the out substructure is not empty if there is a return from the
      a fairly large commit!
      added support for big-endian ucs2 strings (as used by big-endian
      it turns out that a wire policy handle isn't a blob either, its a
      much better docs on the smbtorture ncacn syntax, including how to
      use bigendian mode to fix the idl for samr_LogonHours
      no longer require the pipe name or tcp port number to be the first
      fixed the RPC-MGMT and RPC-SCANNER tests to work with the new
      added a define for the DCERPC little-endian data representation flag
      fixed formatting of uuids in debug output
      removed some unused functions
      added a smb.conf flag "rpc big endian" that tells our rpc server to
      fixed a bug in the acct_flags checking on CreateUser2 in the RPC-SAMR test
      fixed a segv in RPC-* when debug level > 2
      added code to the IDL validator to check for common errors with
      added a bunch of alias functions in samr.idl based on work by Kai.
      fixed the AddAliasMem test code
      fixed removal of moe than one ncacn_* option from option list
      addition of samr_SetSecurity() from kai
      tim, I'm guessing you really didn't want to add this :)
      latest srvsvc and wkssvc IDL from metze
      wkssvc test updates from metze
      minor updates to make the srvsvc test compile
      remove some unused files
      "subsystems" should be static
      the endpoint mapper now works in bigendian mode
      fixed the rpc epmapper server. This fixes rpc over tcp.
      added dom_sid_string() function
      * fixed a segv when -U is not used in smbtorture.
      make sure we initialise r.out.handle in openeventlog
      avoid a copy of the data being input to the dcerpc server in the most
      dcerpc server output now copes with the client blocking part way
      added code to the RPC-SPOOLSS test that demonstrates that policy
      check for the correct fault code when the server fails a use of a
      cope with a wider range of broken servers in the RAW-QFILEINFO test
      added a little bit of const magic to get rid of the data in librpc/gen_ndr/*.o
      completely rewrote the AIX UESS backend (UESS is the AIX equivalent of
      updated the head branch as well
      the conversion from int to size_t in charcnv did not take into account
      there are places in the samba3 code that don't check properly for
      - modified the dcerpc client security code to be generic, so ntlmssp
      don't always use the same schannel context number
      we can close the netlogon pipe used to setup the schannel session key
      don't force debug in the RPC-MGMT test
      fixed a couple of uninitialised returns spotted by valgrind
      fixed a void return spotted by metze
      fixed a problem with the smb client code spinning when the connection
      added the simple HOLDCON torture test. This is used to establish
      split up the schannel rpc client code into separate key establishment
      fixed compilation with --enable-dmalloc
      fixed two writex client bugs
      in the async socket handling routines in the cifs backend don't assume
      added the "nbench" ntvfs backend. This is used to capture NBENCH load
      fixed a typo
      fixed the label for search requests
      greatly improved NBENCH netbench simulator
      handle incomplete load files
      don't check return fields (like search count) on an expected failure
      make sure the tags in the NBENCH test match the tags in the generated
      added the -C option to smbtorture
      added a 5% warmup time to NBENCH to make the results more consistent
      add config hints for cifs backend
      make the warmup and execute phases clearer
      as a special case don't check the status of the create of \clients -
      nicer way of handling \clients
      readx reply packets can be over-sized
      put the "max xmit" option back into Samba4
      fixed the handling of level II oplocks in samba4, especially when
      use client1, client2 not client0, client1 to better match netbench
      - use a linked list for the ftable in the nbench load generator. This
      - moved some of the base tests into torture/basic/
      copy with a null volume name in a trans2 QFSINFO call
      removed the state parameter to tdb_traverse and the TDB_MODIFY flag
      added a private pointer to tdb_traverse() to allow callers to supply
      added a TDB_MODIFY flag to tdb_store() that says "if the record
      after discussion with the copyright holders tdb is now under the LGPL
      switch from SIG_ATOMIC_T to sig_atomic_t
      merge some recent tdb changed from samba3
      merge tdb changes from samba4 - this means tdb is now under the LGPL, as discussed and agreed previously
      make a more recent snapshot of ldb available to interested
      building with Makefile.ldb now works
      added lsaCreateAccount() and a test in the RPC-LSA test suite
      allow "struct TDB_DATA" as well as just "TDB_DATA"
      added the rest of the ldb_modify() code, which required a fairly large
      added idl and test suite for lsa_CreateTrustedDomain()
      added IDL and test suite for lsa_CreateSecret()
      added IDL and test for lsa_OpenSecret()
      r59: revert session key problem
      r426: fixed bug noticed by wim.delvaux at adaptiveplanet.com in handling of timeout in socket connections
      r2160: fixed the uuid pack/unpack routines (they could go past the end of the UUID structure)
      r2163: converted samba3 to use the new utf-16 aware iconv code. Also changed
      r2233: fixed 3 places where == is mistakenly used instead of = in bourne
      r2778: merged the new samba4 ms_fnmatch code to Samba3. Thanks to Rusty
      r2824: restored the is_case_sensitive option to ms_fnmatch() in Samba3. It is
      r3008: when checking for the existance of a lock we are only doing a single
      r3954: bring Samba3 into line with the Samba4 password change code
      r8673: merged from samba4
      r15007: fixed usage of cli_list() in smbwrapper so it compiles. This doesn't get smbwrapper really working again, but at least it will help Timur Bakeyev in his question to make it work
      r17124: fixed a bug which caused resolve_ads() to spin forever if one of the
      r18856: fixed HAVE_IMMEDIATE_STRUCTURES and thus checking of NTSTATUS/BOOL
      r18858: arrgh! - since HAVE_IMMEDIATE_STRUCTURES were last enabled the code
      r18863: the test for immediate structures has moved to lib/replace/
      r18864: merge lib/replace changes from samba4
      r18865: fixed some of the most obvious NTSTATUS/WERROR mixups in Samba3. It
      r18866: Jeremy and Volker have given the go-ahead on the group mapping ldb
      r18867: change the group mapping code to use ldb instead of tdb
      r18868: just in case there is a disaster (with our code? never ...) use a
      r18869: two build fixes for systems without ldap
      r18870: - enable the ldb ldap backend properly based on configure tests for
      r18910: Change ldb_msg_add_string() to not actually add an attribute if the
      r18912: we don't need the special case for comments now in the
      r18938: fixed a group map bug reported by Jerry. The caller in mapping.c
      r18939: don't rely on the umask being right in ldb creation. Both Samba3 and
      r18966: this bug affects Samba3 too. I'm actually surprised nobody has
      r19125: merge from samba4
      r19426: merge nearly all the differences between Samba3 tdb and Samba4
      r19429: moved tdb/common/tdbutil.c into lib/util_tdb.c
      r19430: merge recent ldb changes from Samba4. This includes memory leak fixes
      r19431: merge recent talloc performance improvements from Samba4
      r20690: fix a bug that causes smbd to 'hang' intermittently.
      r21176: merged va_end() changes from Samba4
      r21813: fixed an integer overflow error in the ndr push code.
      r21814: use ndr_push_error in the ndr layer, not just a NTSTATUS failure
      r22784: fixed change notify for delete on close
      r23323: merged ldb changes from 3.0.26
      r23367: check the "use mmap" option for ldb too
      r23783: Processing the UAS change message was causing problems on ppc64 Linux
      r23784: use the GPLv3 boilerplate as recommended by the FSF and the license text
      r23785: use the GPLv3 boilerplate as recommended by the FSF and the license text
      r23786: Use linux/dqblk_xfs.h rather than a private copy of this header in the
      r23787: Remove the pcp example code until SGI have given us approval to use it
      r23788: the pcp Makefile is also GPLv2 only.
      r23789: more pcp files under v2-only
      r23790: LGPLv3+ conversion for our LGPLv2+ library code
      r23791: found some more v2->v3 conversions
      r23793: fixed incorrect v2-only licensing template for debian packaging files
      r23794: convert more code from LGPLv2+ to LGPLv3+
      r23795: more v2->v3 conversion
      r23797: started fixing old FSF addresses. Fixed pcap2nbench COPYING file
      r23798: updated old Temple Place FSF addresses to new URL
      r23799: updated old Franklin Street FSF addresses to new URL
      r23800: LGPL is now called GNU Lesser General Public License
      r23801: The FSF has moved around a lot. This fixes their Mass Ave address.
      r23802: fixed URL in XML
      r23804: here too
      r23: get rid of def_finfo
      r34: a test commit
      r35: a test commit - 2
      r65: added support for file streams in the simple NTVFS backend
      r66: fixed a segv when printing an error from a session setup failure. This
      r67: added a destroy hook in the policy handle -> wire handle code to allow backends
      r99: make sure we reap child processes in the standard process model
      r100: remember the user session key during session setup so it can be used in various crypto
      r101: added lsa_SetSecret() and lsa_QuerySecret()
      r106: add an idea about SMB UNC names
      r107: a test commit
      r108: a test commit
      r109: a test commit 2
      r112: the simple backend now registers as both "simple" and "default"
      r113: added support for "read only = yes" in simple backend
      r114: - remember to initialise open_files
      r130: added DCERPC_COMMON_OBJS to Makefile.in
      r131: mark some scripts executable
      r132: fill in the correct default case for the WKSSVC GetInfo call
      r133: don't try to do a database deltas with a -1 seq num
      r134:  - added ldb to the build of smbd
      r135: some test ldif for an idea I am playing with to replace smb.conf with a ldb
      r136: I forgot to add config.m4 for ldb in my ldb commit
      r152: a quick airport commit ....
      r157: cope with or without LDAP in ldb sample Makefile
      r158: cope with or without LDAP in samba build of ldb
      r159: nicer usage messages when no URL is given
      r163:  - enable ldap in the sample makefile, and use /usr prefix
      r194: fixed compile with ldap
      r218: added a comment regarding the %c strftime() warning
      r255: added samr_SetDomainInfo IDL and test code
      r256: added samr_CreateDomainGroup() and samr_DeleteDomainGroup() IDL and test code
      r257: added samr_SetGroupInfo() IDL and test code
      r258: added samr_AddGroupMember() IDL and test code
      r259: added samr_DeleteGroupMember() IDL and test code
      r265: fixed a bug in the string to sid conversion code
      r266: modified autoidl to deal with policy handles (this helped me work out
      r267: added IDL and test code for samr_ChangePasswordUser(),
      r268: added IDL and test code for samr_QueryDomainInfo2(),
      r275: added IDL and test code for samr_QueryDisplayInfo3(),
      r287: patch from Richard Renard to add AcctLockStr and the delete user and
      r295: more correct IDL for the netr_AcctLock structure (I hope)
      r305: - added IDL and test code for samr_RidToSid()
      r306: added another define for a DCERPC fault code
      r307: added IDL and test code for samr_GetDomPwInfo(), samr_SetUserInfo2(),
      r322: use the -C option to configure for developers (makes a huge speed difference)
      r323: added rough password quality checking in generate_random_str(), so we generate passwords
      r324:  - don't reseed on every password generate
      r325: added IDL and test code for samr_ChangePasswordUser3().
      r326: tweaks to the RPC-SAMR test code to allow win2003 to pass the test (for example, not filling in extra
      r327: fixed an uninitialised variable found by valgrind
      r335: added much better handling of servers that die unexpectedly during a
      r336: added a -X command line option to smbtorture to enable dangerous or
      r343: added automatic reindexing of the database when the index list changes
      r344: fixed deletion of index records
      r357: added share browsing to smbclient using the SRVSVC MSRPC pipe
      r358: added some more annotation on the samr unknown attributes
      r359: moved the share type definitions to srvsvc.idl
      r360: use the STYPE_* definitions from srvsvc.idl
      r361: allow anonymous browsing
      r362: after setting domain info query it again so we can see what attributes stick
      r363: nicer error handling in pidl
      r364: finally worked out the ancient samr_ChangePasswordUser() interface
      r365: improved the IDL for samr_Connect5()
      r372: automatically create a fake BDC machine account and delete it
      r373: use a much larger default tdb hash size in ldb
      r374: allow for a policy_handle fetch using a handle type of
      r380: make sure that ldbedit -a works with all tdb and LDAP backends
      r381: make the code more C++ friendly
      r387: more C++ friendly changes
      r388: added IDL for 3 more set user info levels (all of which set the
      r389: added a test for set user info level 26 (set password extended)
      r390: added my best guess for how session keys are supposed to work when you
      r392: added IDL for 3 more netlogon Delta levels, thanks to a dump from Richard Renard
      r420: added nicer names for the field bits in userinfo21
      r435: a major upgrade for ldb
      r436: fixed indexing of objectclass with subclasses
      r437: fixed handling of a corner case with multi-valued indexing
      r441: added an example of how to use the remote rpc interface
      r442: fixed some uninitialised variables pointed out by gcc -O3
      r444:  - added the beginnings of a ldb test suite and benchmark
      r445: fixed the bind_nak code
      r452: move from first-fit to best-fit in tdb record allocation. For a
      r453: added a comment about indexing on objectclass
      r454: allow a non-URL form of a filename to be used in ldb_connect(). This
      r456:  - added -i option to ldbsearch
      r457: added some more samr tests to help me work out the right error codes
      r458: this is the (very primitive) beginnings of a SAMR server for
      r459: added an initial provision.ldif - this is temporary, and needs to be
      r462: added an explanation about the rather complex ltdb_key() function
      r463: build ldb with debugging when standalone
      r464: a big improvement to the API for writing server-side RPC
      r465: we need common.h in two more rpc server pipes
      r466: implemented samr_OpenDomain() and samr_GetDomPwInfo() server side calls
      r468: fixed timegm() on broken systems
      r469: considerably improved the ChangePasswordUser3() IDL thanks to an idea from abartlet
      r476: i forgot the argument to get_time_zone()
      r490: - expanded the test suite to test modify and delete operations
      r502: modified ldb to allow the use of an external pool memory
      r503: we don't need to include ldb_parse.h any more
      r504: fixed a bad call to list_union()
      r506: got rid of unused function secrets_get_trusted_domains()
      r507: the new ldb code will use talloc_free() a lot, so I have made
      r508: fixed a place where we used free() on memory from a talloc(). The new
      r509: fixed a memory handling bug that affects ldb with memory pools that
      r510: converted the samdb code to give ldb a talloc context rather than letting ldb use malloc
      r511: fix some const handling
      r513: added a generic ldb debug system to allow the Samba debug functions to
      r514: added a context pointer to the samdb interface, as suggested by
      r549: added support for DOS error codes in NTSTATUS returns. This uses a
      r574:  - another attempt at const cleanliness in ldb
      r575: moved the SID_NAME_USE enum into samr.idl
      r576: added a ldap_timestring() function (needed for fields like whenChanged in SAM db)
      r577: extended the LookupNames test to check for correct handling of unmapped names
      r578: initial server side implementation of samr_CreateUser(),
      r582: added the LMSessKey in SamInfo and SamInfo2, thanks to work by abartlet
      r583: fixed two bugs in the handling of index entry deletion
      r586: removed --clientfns from build_idl.sh (tim removed that code from pidl)
      r587: added server code for samr_EnumDomainUsers, and started adding
      r591: don't need to init non-ref out ptrs (thanks to abartlet for spotting this)
      r593: add a constant for the records size multiplier for max_size in samr_EnumDomainUsers
      r594:  - make sure all users in the domain have the same base sid!
      r595: nicer handling on max_size multiplier
      r596: log all ldb searches at level 4 in samdb
      r601: added the server code for all the samr_SetUserInfo and samr_QueryUserInfo levels except for the password
      r606: added a HIDDEN attribute on fields in ldb (in @ATTRIBUTES). This allows you to mark
      r608: - a couple of very minor fixes to the CreateGroup code
      r609: allow ldbedit to take a list of attributes to edit, just like
      r612: fixed a timezone call typo noticed by abartlet
      r622: removed some unused functions to make smbd compile again after
      r623: setUserInfo level 24 (password set) now works in the SAMR server. This includes all
      r624: all templates should be in class Template
      r625:  - handle passwords longer than length 14 (thanks to abartlet for pointing out the bug)
      r711: don't hide attributes inside the special ldb_tdb records (so the fact
      r712: fixed a bug in the NetShareGetInfo idl, and added another info level
      r713: added a NetShareGetInfo torture test (thanks to abartlet for pointing
      r714: make sure ldb formats are portable between big/little endian machines
      r718: removed some more unused code, and two source files
      r781: added level6 for logon level in SamLogon netlogon.idl
      r782: added torture test for level 6 logon level in netr_LogonSamLogon
      r790: started working on some documentation (manual pages) for ldb
      r791: added ldb man page build to ldb makefile
      r792:  - changed the ldb ldif_* functions to be in the ldb_ namespace
      r793:  - don't make templates members of any class that would make them show
      r796: fixed samr_OemChangePasswordUser2() to replace attributes, not add
      r811: make the ldb_modify REPLACE semantics better match LDAP (ie. no error
      r812: added a new samdb_replace() call that simplifies the code in the main samr server a bit.
      r813: gcc has fixed its huge debug sizes with -g now, so drop the -gstabs,
      r815: include our netbios name in the negprot response (this matches win2003)
      r818: added server side SMB signing to Samba4
      r826: removed a pile of old code, in preparation for a new ACL handling system. I'd like to get rid of DOM_SID completely soon
      r827: remove a few more unused functions that we are unlikely to use again
      r836: get rid of SEC_DESC and related structure definitions
      r837: get rid of some more old rpc headers, and the genparser headers
      r838: got rid of rpc_misc.h
      r839: password set/change in the samr server is complex enough that it
      r867: removed a couple of unused structures
      r868: we should issue a rpc fault OP_RANGE_ERROR not a WERR_NOT_SUPPORTED for
      r870: we should issue a rpc fault OP_RANGE_ERROR not a WERR_NOT_SUPPORTED for
      r871: add a comment about how samdb_set_password() works
      r873: converted samba4 to use real 64 bit integers instead of
      r879: fixed a typo in the password fetch wrapper
      r893: a few more _t conversions
      r894: use _t in generated pidl code
      r895: use _t in base ndr fns
      r896: - use andrews samdb_result_passwords() for the remaining password change mechanisms
      r897: - user/group creation needs to create unique names across both the
      r898: - remove some unused macros
      r900: when DEBUGLEVEL > 10 print the full deocde of all RPC calls in the server
      r901: w2k3 completely ignores the domain name argument to GetDomPwInfo,
      r902: added torture tests for sending rubbish in the domain name field of GetDomPwInfo
      r903: used samdb_result_passwords() in samr_ChangePasswordUser2() and fix the error handling on a bad change.
      r904: - fixed account expiry testing in auth_sam
      r917: - added the start of a LSA server to samba4.
      r918:  - dcerpc endpoint name are case insensitive
      r919: - added lsa_QueryInfoPolicy2() to IDL, test suite and server
      r920: a placeholder lsads.idl file (lack of this is why the build farm is unhappy for samba4)
      r924: got rid of the global well-known SIDs, instead using const defines in misc.idl
      r934: on ascii strings STR_TERMINATE_ASCII should trigger STR_TERMINATE behaviour
      r935: remove unused variable
      r937:  - added a simple QuerySecurity implementation in samr server
      r950: - added netr_ServerAuthenticate3(). This is used by WinXP clients who try to login to Samba4, as
      r951: from w2k3 behaviour, the netlogon server is supposed to give back the negotiate flags it can support.
      r952: fixed schannel from my last commit
      r975: slight improvemet to nt_errstr(), still needs to be fixed properly
      r976:  - added -W for workgroup to locktest
      r995: - renamed many of our crypto routines to use the industry standard
      r1014: change the handling of r->out to auto-zero the structure, and auto-copy
      r1015: commit the schannel session key handling code now, so abartlet and
      r1016: - store the schannel session key after it is established
      r1017: - move to a centralised way of handling talloc/ldb interaction
      r1018: fix a const and unsigned int problem in ldb
      r1029: cope wiith samdb_result_passwords() returning a null machine password
      r1030: added server side schannel support
      r1040: make sure main() doesn't get auto-prototyped
      r1041: - pulled the domain join code out of the netlogon test and made it a separate utility function, to allow
      r1042: added testing of 128 bit schannel session keys
      r1043: allocate signature from the right mem_ctx. Samba4 now passes the schannel torture test.
      r1044: don't use sub_get_remote_machine()
      r1046: initialise a structure element caught by valgrind
      r1048: - moved the schannel definitions into a separate schannel.idl
      r1056: fixed a comment on handling of the initial challenge in the ntlmssp rpc server backend
      r1057: added rpc packet logging for packets that generate rpc faults. This
      r1060: check for an invalid session key in samr_set_password()
      r1130: remove some pointless debug messages
      r1131: remove an error msg for failing to open unexpected.tdb
      r1132: add a PRINTF_ATTRIBUTE to ndr_pull_error() to catch printf style coding errors
      r1133: - add ndr_pull_ptr() as a separate call instead of ndr_pull_uint32()
      r1134: added a TODO regarding schannel credentials
      r1135:  - allow integer function numbers in ndrdump
      r1136: - added IDL for netr_LogonGetDomainInfo()
      r1137: - added torture test for netr_LogonGetDomainInfo() call
      r1138: allow for a user in no groups
      r1139: added IDL and server code for netr_LogonSamLogonWithFlags()
      r1140: added IDL and test code for validation level 6 in sam logon
      r1141: - consolidated the netr_SamInfo structures using a netr_SamBaseInfo
      r1143: fixed spelling of sAMAccountName
      r1144: added logon level 5 for sam logon
      r1145: added server support for logon level 5 in sam logon
      r1146: initially zero server info
      r1148: fixed a minor formatting error in generated code
      r1149: fixed the handling of NDR_SET_VALUES in the debug print of rpc structures in the generated rpc server code
      r1150: - fixed interactive sam logon in the rpc server
      r1151: fixed fill-in of force_password_change field in auth_sam
      r1165: fixed handling of SMBtrans replies that should return STATUS_BUFFER_OVERFLOW when more data is present.
      r1168: fixed a little-endian/big-endian mixup in the rpc server code
      r1464: the recent build changes completely lost the speed advantage of using
      r1465: always do a full C prototype, even if its only (void).
      r1466: the name "oid" is taken by some silly system headers - avoid it in our code
      r1507: fixed the handling of SMB chaining with the new server structure. You
      r1508: simple fix for broken server side signing. This may need more work for
      r1509: in order to interoperate with NT3.1 we need to ignore extra data at the end of RPC PDUs.
      r1510: add a commented out routine I used to test password change on NT3.
      r1511: fixed a free() that should be ldb_free()
      r1512: fixed a bug where we could reference the timer event handler after destruction
      r1517: change event_remove_timed() to remove by structure not by handler.
      r1518: check for ldb_search giving -1 (indicating db corruption)
      r1519: show the ldb_errstring() value in the log for failed ldb calls
      r1520: only call write handler or read handler, not both. This copes with the
      r1523: declaring variables "in" and "out" in every C module is a bad idea!
      r1578: the first stage of the async client rewrite.
      r1602: make sure we honor the use_spnego flag
      r1603: fixed in.size to not overstate the packet size by 4 bytes
      r1606: make the low level socket read/write routines cope properly with non-blocking sockets
      r1618: fixed the receipt of multi-part replies to SMBtrans2
      r1619:  - add support for older systems to cli_list*()
      r1627: make sure we initialise write_time in the deprecated function cli_ctemp()
      r1628:  - fixed the comment on run_deferopen. (I also think that the
      r1629: server_zone needs to be "int" not "int16_t" as it can hold values
      r1630: - fixed the replacement timegm() function to work correctly for DST changes
      r1631: don't use req->transport after req has been destroyed
      r1632: in case of error don't send uninitialised fnums on the wire
      r1633: fixed a couple of async oplock handling errors
      r1634: to get signing right for async requests we must send requests in
      r1635: when a transport dies, setup errors for all pending sends and recvs, plus disalllow any more sends
      r1636: improved the negnowait test so it is standalone (taking advantage of the async APIs)
      r1637: - w2k3 can't handle more than 1000 names in a LookupNames request
      r1644: changed the way [relative] pointers work in pidl, making them much
      r1645: added a debug when a RPC fault is received
      r1646: disable testing of group rename in the RPC-SAMR test, as it leaves the
      r1657: fixed the string types of two strings in svcctl.
      r1662: add a copy of the GPL text to the samba4 svn tree
      r1671: make [relative] pointers in idl much more generic, treating them just
      r1673: using the new [relative] pidl handling, the PAC decode is now much closer
      r1674: fixed a bug in the handling of STR_LEN8BIT flagged strings
      r1675: netlogon deltas IDL update from Richard Renard
      r1676: - improved the handling of username/password in locktest and gentest
      r1677: security descriptors are always little-endian, regardless of DCE/RPC
      r1712: this should fix a bug with a spinning client when a server dies
      r1738: honor the "unicode=yes/no" option in the SMB client library
      r1739: fixed the padding in setpathinfo, noticed when forcing negotiated ascii strings
      r1740: fixed the torture suite for ASCII-only servers
      r1741: fixed padding of setpathinfo in server
      r1749: added some random stuff that captures some discussions volker and I
      r1757: much simpler (and smaller, faster etc) way of doing relative pointers
      r1817: fixed fault code generation for unimplemented functions in epmapper
      r1818: _really_ fixed epmapper this time, it was using more than one old rpc interface method.
      r1819: changed "smb ports" to be a LIST parameter type in loadparm (its a classic case for a list)
      r1820: added a strcmp_safe() that handles NULL pointers. Needed for the
      r1821: fixed reference to "status" that should be "result"
      r1824: nicer handling of NBT session replies, and handling of bad packets
      r1892: this adds talloc_get_context(), which is something I discussed at the
      r1893: add a commented out lump of code to implement the "by the SPEC"
      r1895: added a note about OPEN_BY_FILE_ID to the ntcreatex interface definition
      r1896: stricter check on packet parsing for NBT session replies
      r1897: added a choose_called_name() function that allows us to more sanely
      r1941: - fixed an allocation error with querying security descriptors remotely
      r1972: cmdline_auth_info does not need to be declared global
      r1973: for systems that don't have strtoull() try strtouq(). This should fix
      r1982: i is not initialised or used
      r1983: a completely new implementation of talloc
      r1984: this change is what you should read to understand the new talloc()
      r1985: take advantage of the new talloc in a few more places
      r1989: fixed a couple of bugs in code that assumes sizeof(time_t) == sizeof(int)
      r2003: got rid of next_token_nr(), which involved some horrible globals
      r2029: changed our client side dcerpc padding to match what w2k3 does - a 16
      r2030: quick hack to allow the simple NTVFS backend to handler base directories with mixed case names
      r2031: add a check for a blank secret return in lsa secret tests
      r2036: switched the spnego code to use talloc
      r2037: switched the asn.1 code to use talloc
      r2038: get rid of the optimisation in the dcerpc server that tries to avoid a
      r2039: got rid of the free() ptr in DATA_BLOB
      r2040: fixed a memory handling error in clisocket (caught with valgrind)
      r2042: missed a couple of places that should be talloc_free()
      r2043: data_blob() now returns a talloc'd pointer. If everyone has been
      r2044: fixed two unin
      r2045: fixed a date format push in SMBsearch
      r2046: fixed two server packet format errors found with the RAW-* tests
      r2049: talloc now has destructors and reference counts
      r2050: fixed a case where code assumed you could Realloc the result of a data_blob()
      r2051: switched the samdb over to using the new destructor and reference
      r2052: rewrote the talloc section of the programming guide
      r2074: fixed a typo
      r2100: rework the dcerpc client side library so that it is async. We now
      r2101: fixed a signed/unsigned char warning
      r2102: fixed a race condition when handling dos errors that are in our
      r2103: in the conversion to async rpc I simplified the smb backend to only
      r2104: fixed typo that causes a segv
      r2105: added a TestSleep() operation to the echo pipe and extended the
      r2106: try to cope with a wider range of UTF-16 characters when we are using
      r2107: added a SAMR async test - this one seems to work
      r2118: fixed the receipt of bigendian rpc packets with the new async code.
      r2125: the lp_use_mmap() in map_file() is inappropriate for 2 reasons, so I have removed it.
      r2126: two more lsa functions worked out by richard renard
      r2127: more lsa IDL updates from Richard Renard
      r2128: netlogon DELTA_POLICY fix from rrenard
      r2158: removed a misleading comment (the extra uint16 is just padding)
      r2159: converted samba4 over to UTF-16.
      r2164: put the latest "accept either form" utf-16 iconv code in samba4
      r2165: generalise the charset torture test to add testing of CP850
      r2169: switch core iconv code to use talloc
      r2170: if we don't have a native iconv library then we can't build this test
      r2179: two more lsa torture tests from Richard Renard. Thanks!
      r2180: added RPC flags "padcheck" which enables checking of all received pad
      r2181: an rpc async test on the netlogon pipe
      r2182: force the torture test domain join to happen on SMB to prevent the
      r2184: use the smb.conf socket options for client code too
      r2185: add a callback function to the dcerpc async API
      r2186: setting [ref] output pointers in dcerpc calls is pointless. Removed it
      r2192: removed an erroneous free() call on an error path
      r2199: the unknown 16 bit number in lsa_LookupPrivDisplayName() is a language
      r2200: solved another piece of the lsakey puzzle - the session key for lsa
      r2201: removed an exit I accidentially left in
      r2202: don't close the smb pipe after the puzzle test
      r2203: delete the key after testing, so as not to clutter the server with random keys
      r2204: added [flag(RELATIVE_CURRENT)] to change [relative] pointer behaviour
      r2205: fixed an incorrect cast that broke relative strings in spoolss
      r2206: another (untested) attempt to make RELATIVE_CURRENT work for volker,
      r2207: this bug caued valgrind to consume infinite memory till the kernel killed it :(
      r2209: patch from volker to add EnumPorts spoolss IDL and test code
      r2238: the tdb_debug() function was totally bogus - remove it (you can't
      r2242: some older versions of gcc don't properly handle the
      r2249: got rid of some more mem_ctx elements in structures
      r2250: removed unnecessary mem_ctx
      r2251: forgot to add vfs_posix.h in my last commit
      r2252: don't register the same name twice
      r2266: yay! LSA session keys on TCP now work!
      r2267: we no longer need to force the domain join to happen on NCACN_NP - it
      r2271: fixed the popt argument array for smbtorture, getting rid of some
      r2272: fixed another couple of errors in the popt option arrays
      r2273: disable the async samr tests unless -X option is used, as windows
      r2274: fixed some popt option clashes between smbtorture and the standard options
      r2275: don't crash on a rpc BIND_NAK response ...
      r2280: fixed the session key choice for ncacn_np and ncacn_ip_tcp in the rpc server
      r2293: fixed older NTLM sign/seal in the server
      r2294: this fixes the NTLM2 sign+seal combination. I have now tested:
      r2301: add a server side warning when we receive more RPC data than we
      r2302: added a '--option' option, allowing any global or default option in
      r2303: allow setting of many ntlmssp options from smb.conf or the command
      r2304: fixed a bug in old style NTLM signing
      r2305: a useful test script for trying a wide variety of DCE/RPC options with the echo pipe
      r2306: in lp_set_cmdline(), also set any aliases as having been set by the commandline
      r2308: make talloc_vasprintf() available outside talloc.c
      r2309: make loadparm handling much more consistent, by using do_parameter()
      r2310: fixed some broken if statements in handling --with-krb5
      r2339: my first python commit!
      r2376: added a way to disable krb5 on the command line. Just use
      r2377: added a more generic way of disabling gensec subsystems. For example,
      r2380: nicer error reporting in convert_string()
      r2381: added a -v debugging option to ldbedit
      r2382: considerably improved the Bind and Unbind IDL and test code. We can
      r2383: fixed the handling of sending zero length dcerpc packets (I broke this
      r2384: i missed "nt status support" in my change to the new globals init code
      r2385: the gensec:krb5 test is not needed here any more, as we do it in the registration code
      r2386: fixed some indentation
      r2400: make ms_fnmatch() case insensitive. This is much more efficient than
      r2402: to make ms_fnmatch() case-insensitive we need toupper_w() exposed
      r2403: got rid of a unnecessary mem_ctx in the simple backend
      r2404: the first large lump of posix vfs stuff.
      r2405: expose unix_perms_to_wire() for use by the posix backend, in supporting the UNIX extensions
      r2406: fixed a couple of typos
      r2407: extend mkproto.pl to handle smb_ucs2_t for toupper_w()
      r2430: got rid of StrnCaseCmp and added an accelerated version of StrCaseCmp()
      r2431: got rid of strnequal() in a couple of places
      r2432: more string function updates.
      r2433: attrib_string() is now a generally available library function (it will be used by the new RAW-SEARCH test)
      r2434: separate "attrib" and "ex_attrib" elements for DOS attributes is pointless
      r2435: got rid of another pointless strnequal()
      r2436: the second big lump of posix vfs code.
      r2437: implemented a suggestion from abartlet that if we cannot convert
      r2438: compile on systems without O_DIRECTORY (probably won't work, but I'll get to that later)
      r2454: fixed the accelerated StrCaseCmp() so it compares in the right order
      r2455: don't use the uninitialised sess structure when auth fails
      r2456: got rid of some outdated global macros
      r2457: expanded the RAW-SEARCH test to test for what happens when a directory
      r2459: added STATUS_NO_MORE_FILES nt status code
      r2460: fixed the spnego code that I recently broke
      r2462: added a test for the error code for no matching filename
      r2463: make sure we don't send the password in a tconx unless we really have to
      r2465: modify the autoidl hack to work for DRSUAPI
      r2469: complete overhaul of the old-style RAW_SEARCH_ calls (the OS/2 and
      r2484: allow ldb to build standalone again
      r2485: - add a test case in ldbtest for a bug pointed out by Jon Haswell.
      r2493: allow tdb to build standalone
      r2494: fixed connecting to a share mode server (tested and really works now)
      r2495: cope properly with STATUS_NO_MORE_FILES in old search client code
      r2497: fixed an uninitialised 4 bytes in old style session setup (found with valgrind)
      r2498: added STATUS_NO_MORE_FILES to nt status codes that we can map to a string
      r2499: - use more efficient wildcard delete in smbclient
      r2500: disable the sleep test in echo until we have a win32 echo server that
      r2503: the RAW-SEARCH test now mostly passes against the posix backend
      r2520: - finished implementing the server side of the old style search requests
      r2521: fixed two uninitialised data errors found with valgrind when
      r2524: a simple pvfs rename implementation to make testing easier
      r2553: fixed ldbtest so it passes the ldap schema restrictions and thus can be used on the ldap backend
      r2554: added a test for a bug that jelmer pointed out (handling of -s one)
      r2556: fixed the -s one bug that jelmer pointed out
      r2561: completely redid the ntvfs module chaining code, You can now do something like:
      r2562: got rid of the "reference" backend that never happened - the code is
      r2572: fixed two places where status is not initialised in the nbench backend
      r2573: - added a configure test for nanosecond time resolution in struct stat
      r2577: - I recently found out that charaters below 0x3F are guaranteed not to
      r2580: fixed an uninitialised byte found by valgrind
      r2581: added "hosts allow" and "hosts deny" checking in smbd. I needed this
      r2583: mkproto.pl now treats "int main" as a special case and avoids it.
      r2586: updated the nbench example in the README to reflect the new chaining syntax
      r2587: fixed a couple of authentication memory leaks. There are more to be
      r2588: connect/disconnect is common enough that I don't think a level 0 DEBUG
      r2589: a simple test to help find security related memory leaks. Run valgrind on smbd with
      r2590: fixed one of the server security memory leaks. There are more :(
      r2591: fixed two errors in simple backend found with valgrind
      r2592: this fixes one of the security memory leaks in the server
      r2593: don't crash if the server doesn't know that 0 count searches mean 1
      r2613: use a talloc destructor to ensure that file descriptors are not leaked
      r2614: support CONNECT level DCE/RPC security in both client and
      r2615: fixed a bug in the server side support for CONNECT level security
      r2616: the cascading nature of talloc_free() can lead to some surprises. In
      r2617: add connect testing to the rpc test suite
      r2618: before we had refererence counts in talloc I added a hack in the
      r2621: - now that the client code is non-blocking, we no longer need
      r2622: to implement the SOCKET_FLAG_BLOCK option in the socket library we
      r2623: don't do pointer arithmetic on void*, as it doesn't work with non-GNU compilers
      r2624: - save some system calls by only trying read/write operations that select has indicated are possible
      r2625: use talloc_p, not talloc when possible (when allocating a structure in particular), as it gives us type checking.
      r2626: the symbol gai_error is defined in /usr/include, so don't use that name in our code
      r2627: use the new talloc capabilities in a bunch more places in the rpc
      r2628: got rid of some warnings and converted a few more places to use hierarchical memory allocation
      r2629: convert gensec to the new talloc model
      r2630: I missed a couple of places in the gensec talloc conversion
      r2631: the strchr family of functions should not return const strings.
      r2632: a new approach to handling const errors. We have had huge numbers of
      r2633: fixed some function types in the (unused) print backend
      r2634: use discard_const_p() in a few places
      r2635: mem_ctx cleanups on the lsa and netlogon pipes in the rpc server
      r2638: do lazy initialisation of iconv handles, so we don't initialise a
      r2639: we doon't need the valid_table code, so get rid of it
      r2640: valgrind does a great job on some types of memory leaks, but is slow
      r2641: talloc_p() now produces a named talloc pointer, with the name
      r2642: smb_iconv_t is a pointer, so checks against -1 errors should use a cast
      r2643: convert more of the auth subsyystem to the new talloc methods. This
      r2644: removed an unused function
      r2645: converted the NTLMSSP code to the new style of talloc
      r2646: - use a talloc destructor to ensure that sockets from the new socket
      r2648: - use a destructor on struct server_connection to simplify the
      r2649: - used some cpp tricks to make users of talloc() and talloc_realloc()
      r2650: fixed a memory leak in make_server_info()
      r2653: - data_blob() and data_blob_talloc() now get automatic names
      r2654: fixed some more server memory leaks. We are now down to a single leak
      r2655: fixed an error in the shutdown of the sock->transport->session->tree
      r2656: moved the seteuid configure tests into the posix backend (these tests
      r2657: if we are already fully authenticated in session setup then the vuid is ignored
      r2658: fixed a couple of error codes found with RAW-CONTEXT
      r2659: removed some extraneous debug msgs
      r2660: - converted the libcli/raw/ library to use talloc_increase_ref_count()
      r2661: fixed a client side memory leak in the clilist code.
      r2662: make --leak-check completely silent if not blocks are allocated
      r2663: fix an epmapper server leak - another talloc_realloc(NULL, ) leak
      r2664: fixed the final server leak for normal operation. We now get a clean report from --leak-check
      r2668: steal the cli pointer into the pipe context so a single free destroys the cli context too
      r2669: convert make_user_info() and associated functions from malloc to talloc
      r2670: use a destructor to auto-close the samr ldb when the last user
      r2671: we're getting too many errors caused by the talloc_realloc() API not
      r2672: don't call a variable "dup" as that conflicts with a standard system call name
      r2673: in the rpc server, free up the old call when we decide to extend an
      r2674: I have realised that talloc() should have its context marked const, as
      r2675: added a convenience function
      r2676: add a test of the reference counting logic in the SAMR server into the
      r2677: - fixed a bug in the recursive logic talloc_free() when there are
      r2678: from_name and to_name aren't needed in smb_iconv_t
      r2679: fixed an uninitialised variable found with valgrind
      r2680: switched the libcli/raw/ code over to use talloc_reference(), which simplifies things quite a bit
      r2709: finally solved the talloc reference problem.
      r2710: continue with the new style of providing a parent context whenever
      r2711: added a simple talloc speed tester. I get the following on my laptop:
      r2712: fixed a bug in ldbtest to make it cope with an existing index
      r2713: better handling of binary values in index key creation
      r2716: created a separate detailed talloc_guide.txt document, after volker
      r2717: added talloc_p() docs
      r2718: - added a talloc_unreference() function as requested by metze.
      r2719: an additional note on talloc_unreference()
      r2721: added a -b option to ldbtest so it can be used with the new smbd ldap server
      r2725: fixed ldbtest to give the basedn to ldb_search()
      r2726: added a -r option to ldbdel to allow easy delete of a whole
      r2733: added a note on performance
      r2734: the samdb_destructor can be static
      r2737: fixed up a corner case where talloc_unreference() and talloc_free()
      r2738: free up the session information as soon as it is invalidated in the
      r2742: - fixed a bug in talloc_unreference()
      r2743: fixed some errors in the description of talloc_reference(). Volker
      r2744: ben elliston taught me about gcov today, which allows you to measure
      r2745: added some example talloc reports
      r2763: use no-auth bind on ncacn_np unless we specify at least one of "sign", "seal" or "connect"
      r2773: allow zero sized array talloc
      r2774: get rid of the lanman specific code in masktest, and add a -l option
      r2775: rewrote our ms_fnmatch code to be much more efficient, and to exactly
      r2776: if there are no wildcard characters then use StrCaseCmp()
      r2783: got rid of the unused remote architecture detection code
      r2784: - fixed alignment of ascii directory listings
      r2785: call init_iconv() in smbtorture to ensure we have no memory allocated
      r2786: - match on both long and short name for search posix backend
      r2787: force masktest to use RAW_SEARCH_BOTH_DIRECTORY_INFO so it can obtain the short name
      r2788: prevent a memory leak in the pvfs search backend
      r2791: got rid of talloc_unreference() and instead created talloc_unlink(),
      r2792: got rid of talloc_ldb_alloc() and instead created talloc_realloc_fn(),
      r2793: fixed the handling of primaryGroupID in auth_sam. There were two bugs,
      r2794: a very simple version of the unixuid NTVFS pass-thru module. In
      r2796: - changed ldap attributes "UnixID" to "unixID" and "UnixName" to "unixName" to be more ldap traditional
      r2797: don't free the server_info before using it for anonymous connections
      r2798: get rid of a unnecessary static
      r2799: removed one last occurance of torture_ldb_alloc()
      r2800: removed the warning about using the posix ntvfs handler, as it is now
      r2802: a better provisioning script
      r2803: allow unixuid module to work with foreign security principles
      r2804: - setup some reasonable default SAM to unixName mappings in the provisioning.
      r2808: added auto-detection of unix user and groups names during provision.
      r2833: - added a call to SamrQueryGroupMember for every group, and fix the
      r2836: removed a couple of unused variables
      r2854: added a RPC-COUNTCALLS torture test - a useful varient on the full scanner in RPC-SCANNER
      r2856: fixed a minor memory leak in the auth code
      r2857: this commit gets rid of smb_ucs2_t, wpstring and fpstring, plus lots of associated functions.
      r2871: - got rid of the last bits of non-threadsafe data in util_str.o
      r2872: got rid of a couple of unused (and horrible) functions
      r2893: added very primitive name mangling support to pvfs
      r2900: rusty pointed out to me that discard_const() can be done via a macro
      r2901: if we can't load upcase.dat or lowcase.dat then don't waste 256k
      r2902: make toupper_w() and tolower_w() slightly faster by putting the most common
      r2903: a considerably more efficient (both in terms of CPU and memory)
      r2904: - fixed the old style SMBsearch to return the pvfs shortname, not a truncated long name.
      r2906: fixed a memory leak in the smbclient -L code
      r2907: auto destroy iconv memory handles on exit, to make valgrind leak
      r2909: fix some RAW-SEARCH torture mem leaks
      r2910: I noticed that the samr torture test was doing its own DOS->UNIX
      r2916: longhorn client doesn't bother setting the directory bit in ntcreatex
      r2925: added the definition for a new rpc fault code I am seeing on epmapper from lhorn
      r2926: name->dos.attrib is not valid unless name->exists is true
      r2927: imported the hash2 name mangling code from Samba3 into Samba4, but
      r2928: - fixed the handling of reserved names (rejecting them with ACCESS_DENIED)
      r2929: longhorn does not produce sorted directory listings! This is
      r2930: added a security context cache to the unixuid module. The module
      r2931: use next_codepoint() to ensure we properly handle multi-byte characters in pvfs_unix_path()
      r2932: character expansion in strlower_m or strupper_m is considered fatal
      r2934: - changed the unixuid module to use the nt_user_token instead of the server supplied info structure.
      r2941: added pvfs_flush() implementation to the posix backend
      r2948: added support for the [range(low,high)] attribute in pidl. This allows
      r2949: added some range checks in samr.idl
      r2950: 0x40000 is clearer than 262144
      r2951: fixed the intptr_t test for discard_const()
      r2958: the warnings from the swig code in pidl were totally swamping valid
      r2960: during a lunchtime discussion I found out that all powerpc processors
      r2961: fixed a silly typo
      r2968: fixed the byte order problem with the new RHS parsing on ncacn_ip_tcp
      r2969: inet_ntoa() takes an address in network byte order, so now that we
      r2982: added a test that shows the amount of time a server takes to update
      r2983: report a failure if a server doesn't update the write time at all
      r2984: fixed the error code for a non-terminal component of a path name not existing
      r2985: got rid of the unused tdb_lockkeys() and tdb_unlockkeys() functions
      r2987: added support for signed 32 bit integers in pidl
      r2988: this should fix support for negative switch levels in PIDL
      r2989: fix the printing of unions with negative cases when :print is used
      r3004: removed some unused functions
      r3005: added talloc wrappers around tdb_open() and ldb_connect(), so that the
      r3011: separated the locktest code into a separate module in smbtorture
      r3012: added initial support for byte range locking in the posix vfs. This is
      r3013: added support for unix domain sockets in the generic socket library. I
      r3014: got rid of the old intra-smbd messaging system in preparation for the new one
      r3015: fixed typo noticed by abartlett
      r3016: - converted the events code to talloc
      r3017: nicer memory handling for event_context_merge()
      r3018: handle STATUS_MORE_ENTRIES from socket_recv() in the messaging code
      r3019: make the LOCAL-MESSAGING test a 2 process test
      r3020: better error handling in socket_unix
      r3021: under heavy load the listen queue for messaging unix domain socket can fill up, leading to refused
      r3023: added immediate send of messages when they are first queued. This makes things a bit more efficient
      r3024: run the *_connect() NTVFS initialisation operation as root, to allow
      r3025: don't warn about no path in a service, as some backends (like cifs) don't need a path
      r3026: - added automatic retry to messages when the servers listen queue is
      r3027: got rid of some configure checks we don't need any more
      r3028: use talloc_free() instead of talloc_unlink(), as the
      r3029: implemented byte range lock timeouts.
      r3030: added testing of lock cancel, and some more special offsets (locks
      r3031: added support for lock cancelation, which effectively just triggers an early lock timeout
      r3034:  - fixed a bug in message dispatch, when the dispatch function called messaging_deregister()
      r3035: if the ntvfs layers prior to us have said that we can't perform an
      r3039: This solves the problem of async handlers in ntvfs backends not being
      r3052: added talloc_zero_p() and talloc_zero_array_p() calls, for allocating zeroed memory
      r3053: make the maxfid test use subdirectories, so it doesn't create 64k
      r3054: use talloc_zero_array_p() in a couple of places
      r3055: use talloc_zero_p()
      r3056: added a id -> pointer data structure (a type of radix tree). This is
      r3057: - moved the idtree.c code into lib/
      r3058: we don't use the bitmap code any more, delete it
      r3059: completely get rid of the MAX_CONNECTIONS limit, as a idle tree
      r3061: change a debug to help track down a charset problem
      r3062: handle spaces at the start of options in lp_set_cmdline()
      r3063: our default dos charset is CP850, but some systems don't have that, so
      r3064:  - use UINT8_MAX and UINT16_MAX instead of hex values for idr_get_new() limits
      r3081: several updates to ntvfs and server side async request handling in
      r3082: added a "cifs:mapgeneric" option, which tells the cifs backend to use
      r3083: fixed a couple of generic mapping errors found with RAW-* and cifs:mapgeneric
      r3084: mincnt and maxcnt were the wrong way around in readbraw server code
      r3085: make the RAW-WRITE tests more robust to errors in previous parts of the test
      r3086: fixed smbpid handling in the cifs backend
      r3087: fixed a typo
      r3103: use a destructor to ensure that on abnormnal rpc request termination
      r3105: using __location__ instead of __LINE__ to give info on error locations is more useful
      r3106: don't call a tree disconnect in the cifs backend, as during a smbd
      r3107: slight tweak to the openx -> ntcreatex mapping routine. This mapping
      r3108: try to cope with servers that put FILE_ATTRIBUTE_NONINDEXED on files in the RAW-OPEN test
      r3126: in the brlock code I had used a void* for the brl context as I didn't
      r3127: added the initial code for the open files database. Doesn't do
      r3130: - added a LOCAL-IDTREE test suite
      r3131: - make map_nt_error_from_unix() return NT_STATUS_UNSUCCESSFUL if errno is 0
      r3132: - fixed a type conflict found by talloc_array_p()
      r3133: - more consistent error checking in rename and setfileinfo
      r3134: use struct idr_context * in tid allocation
      r3135: split the "create new" logic out from the "open existing" logic in
      r3142: fill in all the ntcreatex response fields explicitly, rather than
      r3147: added basic share modes support for pvfs (or more precisely, ntcreatex
      r3148: make --failures work for the BASE-DENY1 and BASE-DENY2 tests
      r3149: separate the delete on close test into torture/basic/delete.c
      r3150: printing __location__ is more useful than a operation number
      r3152: reformatted some of the delete test code
      r3153: pvfs now passes the first 9 of the BASE-DELETE tests
      r3154: pvfs now passes all of BASE-DELETE
      r3155: reformat a delete test
      r3159: use easy to recognise file handle numbers for new file, old file and directory
      r3160: recognise RAW_SFILEINFO_DISPOSITION_INFORMATION (fixes temporary files from excel)
      r3161: pvfs now passes the RAW-SEEK test
      r3171: in qfileinfo getattre and standard have identical structures, so
      r3172: much better qfileinfo implementation in pvfs. We now pass RAW-QFILEINFO
      r3173: make the RAW-QFILEINFO test cope better with null strings from the server
      r3174: added pvfs_is_open() to allow us to check for open files on unlink. We
      r3176: added a script to run all the filesystem torture tests that are
      r3177: check for open files on rename
      r3178: honor the write_time on pvfs_close()
      r3179: - fixed error return on utime failure
      r3180: - basic support for SEC_RIGHT_MAXIMUM_ALLOWED in pvfs
      r3181: shutdown the secrets db on exit so we don't constantly get talloc leak warnings
      r3182: separate out the BASE-RENAME test into torture/basic/rename.c
      r3183: moved the unlink of the messaging unixdom socket to the messaging destructor
      r3184: don't setup socket options on unix domain sockets (our smb.conf socket options are really meant for tcp)
      r3188: tidy up the rename test a bit more
      r3189: improved the share_conflict() logic (both in terms of readability and
      r3191: use __location__ in RAW-UNLINK test
      r3192: make sure we don't call pvfs_can_delete() until after we have confirmed that name->exists
      r3193: improved the initial permissions choice for file create, based upon dos attribute
      r3194: fixed an uninitialised variable
      r3195: fill in more of the fsinfo fields, and avoid calling the potentially
      r3197: fixed error code mapping for ENOTDIR
      r3198: check for too many .. components in filenames
      r3199: added a couple more test paths to RAW-CHKPATH
      r3200: - improved the accuracy of openx emulation. We now nearly pass the openx portion of RAW-OPEN
      r3201: we now pass the BASE-OPEN test
      r3202: return a old DOS error code ERRSRV:ERRbaduid for a bad vuid. This means we now pass the BASE-VUID test.
      r3203: moved more test functions into torture/basic/*.c
      r3206: - added the reverse map for ERRbaduid to NT_STATUS_INVALID_HANDLE
      r3207: - reformat error msgs in BASE-DIR* tests
      r3208: fixed permissions of ncalrpc directory creation
      r3210: split lib/replace.o into a separate build subsystem LIBREPLACE, and
      r3223: continue the effort on LIBREPLACE to try to get the ldb tools to
      r3224: add the LOCAL-* tests to test_posix.sh
      r3227: added a per-share option "case insensitive filesystem", that tells the
      r3234: in SMBreadx, if the client asks for exactly 65535 bytes then don't try
      r3235: try readx beyond 64k in RAW-READ
      r3236: test a few more combinations in RAW-UNLINK
      r3237: - allow for readx calls larger than 64k
      r3238: rename null_mtime() to the more accurate name "null_time()", and
      r3239: reads of more than UINT16_MAX bytes should return 0 bytes
      r3240: - update the rules for what error codes should be given on the
      r3241: don't skip the read completely for a zero-length read, as it could give a lock conflict
      r3242: make the RAW-READ test not exercise the 0-0 lock, which is not deterministic
      r3243: read the high offset count in SMBreadx in the server
      r3244: pvfs now passes the RAW-UNLINK and RAW-READ tests
      r3245: use __location__ in RAW-SEARCH
      r3246: new files should get created with FILE_ATTRIBUTE_ARCHIVE
      r3247: FILE_ATTRIBUTE_NORMAL is only a null-op for setattr and setattre, not basic_info
      r3248: don't stop searches on failed fill_search_info()
      r3249: - change_time is closer to ctime than mtime
      r3251: - move the openattr test code into basic/attr.c
      r3252: pvfs now passes BASE-TRANS2
      r3253: - added rudimentary support for ntioctl in pvfs
      r3254: - expanded the RAW-IOCTL test
      r3255: - fixed 2 uninitialised data errors found with valgrind
      r3256: get rid of the unused session_claim() and session_yield() calls
      r3257: make the RAW-SEARCH test less sensitive to the servers directory ordering
      r3258: fixed "don't change" attribute for RAW_SFILEINFO_BASIC_INFO
      r3259: expanded the RAW-SEARCH test some more
      r3260: redid the pvfs_dirlist() interface in preparation for a "keep
      r3261: added seek to RAW-SEARCH test
      r3262: - new pvfs_dirlist code that reopens the directory between search
      r3263: - pvfs now passes RAW-SEARCH
      r3267: make LIBTDB depend on LIBREPLACE. This is needed for building the tdb tools on Solaris.
      r3268: - fixed wildcard handling in new dirlist code
      r3269: fixed return value
      r3270: - added another unlink test
      r3271: use "struct messaging_context *" instead of "void *" in messaging API
      r3276: - allow for more than 256 open old style searches (limit currently set at an arbitrary 5000)
      r3277: don't use the non-portable getaddrinfo() function, instead use
      r3278: - rewrote the client side rpc connection code to use lib/socket/
      r3279: Removed MSG_DONTWAIT flags as many platform don't have it.
      r3280: fixed byte order of rhs IP
      r3281: some compilers can't handle empty structures, so for empty IDL
      r3282: some C pre-processors don't like expressions like
      r3283: converted to quoted uuid() defines in all our IDL. This should help
      r3284: - don't use a enum for bit-fields. It isn't legal C (as C is limited to
      r3285: fixed another IDL typo
      r3286: filled in more missing SV_TYPE_* defines
      r3288: - updated the path processing in pvfs to pass the RAW-CHKPATH test. This
      r3300: initialise *sendlen on failure, to allow for callers to check only for
      r3304: changed the API to lib/socket/ a little.
      r3305: added ncalrpc to the list of rpc transports tested by test_echo.sh, so
      r3306: the main smb server code now handles non-blocking socket receives. I
      r3307: fixed the send side of the smb_server code to be non-blocking. This
      r3312: in the brlock code, we prevent lock stampedes by attempting to not
      r3313: in socket_accept() make the new socket non-blocking unless SOCKET_FLAG_BLOCK is set.
      r3314: added a option "socket:testnonblock" to the generic socket code. If
      r3315: converted the libcli/raw/ code to use the generic socket library. This
      r3316: give the LDAP server a chance of operating correctly non-blocking (it
      r3318: generate random STATUS_MORE_ENTRIES errors (1 in 10 packets) as well
      r3319: fixed a bug in the client library found by the new non-block testing code
      r3320: fixed bugs in the rpc_server code in handling partial packet receives and sends
      r3321: make the test_echo.sh test suite test non-blocking on all rpc transports
      r3322: fixed a bunch of warnings in the build, including one case where it was a real bug
      r3323: more warning reductions
      r3324: made the smbtorture code completely warning free
      r3325: missed one of the torture changes ...
      r3327: fixed another warning
      r3333: added configure tests for ipv6 support
      r3335: better configure support for ipv6 - thanks to a quick tutorial from metze
      r3341: - don't zero the async structure (makes valgrind more useful)
      r3346: - simplified vfs_nbench.c a bit, by using req->async_state->ntvfs inside
      r3347: fixed an uninitialised variable bug. Surprisingly hard to track down,
      r3349: fixed more uninitialised variable problems with the nbench module
      r3350: fixed a bug with sending multiple replies for the one request, as
      r3351: handle far more operations on open directory handles. pvfs was failing
      r3352: make smbcli_read() and smbcli_write() work with very small negotiated SMB buffer sizes
      r3353: don't reference dos.attrib unless its initialised
      r3354: honor "max xmit" and "max mux" from smb.conf in our client code. This
      r3355: fixed the old style search code in smb_server to correctly handle
      r3356: in the standard process model we need to make sure we close all
      r3357: removed the need to use TDB_CLEAR_IF_FIRST in Samba4.
      r3360: improved the deletion of tmp files. smbd now puts all tmp files in var/locks/smbd.tmp/
      r3363: added basic support for SA_RIGHT_FILE_EXECUTE, needed for opening .dll files
      r3366: updates from the junkcode version of talloc.
      r3371: fixed endpoint for browser.idl
      r3372: fixed the initial directory permissions for pvfs_mkdir()
      r3373: added better error reporting in pvfs_open
      r3375: changed the default max xmit until I fix a problem with the SMBtrans multi-part code
      r3380: - changed the default behaviour of server signing. We now have a default
      r3383: avoid multi-part SMBtrans and SMBtrans2 replies until our client library can handle
      r3384: added SA_RIGHT_FILE_WRITE_APPEND, which is a combination of write and append
      r3385: when discarding a unmatched reply print the command type to help debugging
      r3386: - fixed --seed option in smbtorture
      r3387: fixed pvfs to pass the NTDENY tests. The tricky bit was
      r3388: when doing schannel use a anonymous session setup (as the machine acct
      r3389: fixed schannel client side code. RPC-SCHANNEL now works against w2k3
      r3390: fixed schannel server side support. RPC-SCHANNEL now works against Samba4.
      r3391: fixed some memory leaks in the schannel code
      r3392: fixed schannel over ncalrpc
      r3393: added test_rpc.sh. The idea is that this script will test all the
      r3395: added support for "string32" type, to fix the fixed width string
      r3400: - allow callers to control the flags2 field in raw packets
      r3418: added BASE-NTDENY1 and BASE-NTDENY2 to the lists of tests that pvfs passes
      r3419: moved the libcli/raw structures into libcli/raw/libcliraw.h
      r3421: got rid of some unused code
      r3422: allow for subsystems that don't get included in the list of auto-prototype objects, using
      r3423: auto-generate prototypes for all external functions in pidl
      r3424: don't run mkproto.pl on pidl generated code, instead rely on pidl generating the
      r3425: got rid of a bunch of cruft from rewrite.h
      r3426: removed 2 unused files, and some unused variables
      r3427: split the openx logic out from the other open mapping code
      r3428: switched to using minimal includes for the auto-generated RPC code.
      r3441: some include file cleanups and general housekeeping
      r3443: the next stage in the include files re-organisation.
      r3445: made the gtk tooks use minimal includes. This approximately halves the
      r3446: created include/system/iconv.h and include/system/shmem.h
      r3447: more include/system/XXX.h include files
      r3448: some systems don't have stdint.h
      r3449: more include file reduction
      r3450: portability fixes
      r3453: - split out the auth and popt includes
      r3454: moved a few more things out if includes.h into the include/system/ include files.
      r3455: some more portability fixes. We nearly compile on solaris again now.
      r3457: s_addr is a macro on solaris, so we can't use it in structure names. arrgh.
      r3458: more solaris portability fixes, the main one being that we can't use a
      r3461: another place where "open" was used as a structure element
      r3462: separate out the crypto includes
      r3463: separated out some more headers (asn_1.h, messages.h, dlinklist.h and ioctl.h)
      r3464: split out registry.h, rap.h and ldap_server.h
      r3466: split out request.h, signing.h, and smb_server.h
      r3468: split out dcerpc_server.h
      r3470: removed some unused functions (should fix the build on IRIX 6.4)
      r3471: split out capabilities code from lib/system.c - should fix IRIX 6.5 build
      r3472: fixed build of reg_backend_gconf
      r3475: don't pass a ptr to an enum as a ptr to an int (bug found by tcc)
      r3476: fixed some const warnings
      r3478: split out some more pieces of includes.h
      r3480: moved some signal defines into include/system
      r3481: split out client.h and events.h
      r3482: fixed a warning and an error from the IRIX 6.4 build
      r3483: IRIX 6.4 now builds
      r3493: fixed a bug in readx reply where the client specifies an invalid high
      r3494: got rid of include/rewrite.h, and split out the dynconfig.h header
      r3497: removed some include cruft, and split out librpc/gen_ndr/tables.h
      r3499: setting an out param for a non-pointer doesn't do anything (and
      r3500: cleaned up the AS_USER/AS_GUEST stuff in the core smb packet processing
      r3507: - added deferred replies on sharing violation in pvfs open. The
      r3518: fixed some includes to be consistent.
      r3520: minor portability fix (for struct timeval)
      r3522: added async support to most of the ntvfs_map_*() functions, allowing functions like
      r3523: removed a useless level 0 DEBUG()
      r3528: added support for the SMBntcancel() operation, which cancels any
      r3529: fixed signing support for SMBntcancel requests (no reply means seq
      r3530: make sure we match ntvfs_async_state_pop() with ntvfs_async_state_push()
      r3531: add support for RAW_OPEN_MKNEW, RAW_OPEN_CREATE and RAW_OPEN_CTEMP in pvfs
      r3532: make sharing violation delay in pvfs configurable with "posix:sharedelay = usecs"
      r3539: much nicer async open delay code.
      r3540: added testing of SMBntcancel in the open/open/close mux
      r3543: fixed some #include lines to make them more consistent, and fixed
      r3544: fixed some #include lines to make them more consistent
      r3545: initial support for using extended attributes to hold extended dos attributes of files.
      r3546: including includes.h twice causes gcc 3.4 to crash with pch
      r3547: fixed waitpid in fcntl_lock.c (thanks to jbm for pointing this out)
      r3548: removed extra net/if.h include
      r3549: added support for DOS extended attribute lists (name/value pairs)
      r3550: fixed initial attribute on file create (inlusion of FILE_ATTRIBUTE_ARCHIVE)
      r3551: these utils need system/filesys.h
      r3552: fixed sense of ACL test
      r3571: rough guesses at what abartlet really wanted to do in his last commit
      r3573: added trans2open support to smbd and pvfs, and fine-tuned the open->generic ntvfs mapping code.
      r3574: the RAW-OPEN test changes broke a couple of the other tests. This
      r3575: fixed attribute normalisation in xattr code. RAW-SEARCH now passes again.
      r3576: don't consider short share delay timeouts to be an error, so we can
      r3578: a couple of include changes that should help with FreeBSD
      r3579: with the gcc warning flag from abartlet we don't need sys_strftime()
      r3580: - on file overwrite in ntcreatex we need to replace the file permissions.
      r3591: to get a bit more useful info from valgrind I'm disabling the
      r3592: auto-cleanup the test.$$ log files in these test scripts on control-C
      r3593: fixed the trans2 t2open reply to initialise all bytes (bug found by valgrind)
      r3594: continue conversion to __location__ from __LINE__ for error reporting
      r3595: - fixed a talloc_free ordering problem on cleanup with pending requests
      r3596: MODE_INFORMATION tests now pass. Only RENAME_INFORMATION level left to
      r3597: implement a suggestion from abartlet. By taking a refernce to the
      r3598: hopefully fix the build on stratos
      r3599: fixed a couple of memory errors in the rpc netlogon server
      r3600: fixed two debug typos
      r3608: added BASE-DENYDOS test
      r3610: prevent segv with heimdal and password krb5 init
      r3613: fixed a typo
      r3615: split out struct pvfs_file_handle from struct pvfs_file. This is in
      r3618: - this adds the special case for DENY_DOS semantics, as shown by the BASE-DENYDOS test.
      r3631: a couple of tweaks to the talloc hierarchy for async requests in
      r3632: added an index on "member" in default provision. This speeds up my
      r3633: - moved module init functions to after smb.conf and command line
      r3634: - fixed BASE-DISCONNECT test to force the async packets to be sent by
      r3635: fixed the crash from the BASE-DISCONNECT test
      r3656: allow easy testing of the "realloc changes the pointer" type of problem that abartlet
      r3658: use handle->fd == -1 as the primary indicator of a directory. This
      r3694: added support for the RENAME_INFORMATION level of setfileinfo and
      r3698: mark RAW-SFILEINFO as working
      r3699: - split the delayed write testing out of RAW-WRITE, as it is not yet
      r3700: pvfs passes RAW-WRITE but not BASE-DELAYWRITE
      r3717: - expanded the RAW-RENAME test a little
      r3718: added support for the ntrename level in pvfs_rename().
      r3719: pvfs now passes the RAW-RENAME test
      r3720: fixed the pulling of zero length ucs2 strings in smbd. I found this
      r3729: permission changes on directories always include the FILE_ATTRIBUTE_DIRECTORY bit
      r3741: FILE_ATTRIBUTE_DIRECTORY is illegal in open of a file
      r3742: make test-ldap give a sane error message when the openldap schema files are missing
      r3743: auto-support the RH schema location as well
      r3745: fixed the posix backend after the recent build changes (it had lost
      r3746: added RAW-STREAMS and RAW-EAS tests to smbtorture
      r3747: - added some of the infrastructure needed for streams support in pvfs
      r3748: pvfs passes RAW-EAS but not RAW-STREAMS yet
      r3749: don't consider it a failure if we fail to re-encode a codepoint above
      r3791: fixed declaration of torture_rpc_login
      r3792: improved the posix -> nt error mapping, so we get things like
      r3793: add some streams tests that show how the :$DATA suffix is handled
      r3798: added support for alternate data streams in xattrs into pvfs.
      r3799: - added the bit for FS_ATTR_NAMED_STREAMS support into qfsinfo filesystem attribute reply
      r3800: - fixed delete-on-close behaviour for streams
      r3801: added allocation size rounding. This is needed for ifstest.
      r3803: fixed detection of xattr support
      r3806: added support to smb_server and pvfs for the NTTRANS Create call. This
      r3821: added client side code and test code for NTTRANS_CREATE
      r3826: - added testing of ea lists in NTTRANS CREATE
      r3827: fixed copyright notices to remove simo and lkcl who have no code left in this file
      r3828: added testing of opening an existing file with EAs (the EAs are ignored)
      r3829: added a RAW-ACLS test suite that tests query/set of ACLs on a file
      r3830: unified the query/set security descriptor code with the rest of the
      r3831: added nttrans server code for query/set security descriptor. This
      r3832: added NT ACL query/set to the posix NTVFS backend. The default ACL is
      r3833: NTACL is a better xattr name than DosAcl (tpot suggested this)
      r3834: - fixed XATTR_NTACL_NAME
      r3835: - added testing of setting an initial ACL on a file using NTTRANS create
      r3836: - fixed the handling of NT_STATUS_BUFFER_TOO_SMALL in nttrans server
      r3837: added support for LsaLookupSids in the LSA rpc server. This allows the GUI ACL editor on w2k to
      r3838: use "security.NTACL" instead of "security.NTAcl" for the xattr name for ACLs
      r3916: w2k3 does not check the max_setup count in nttrans requests
      r3938: cleaned some old stuff out of loadparm
      r3939: - added "posix:fakeoplocks" option for testing with oplocks forced on
      r3941: make sure we don't keep pounding on a ncacn_ip_tcp connection after it is dead
      r3945: expanded the BASE-PROPERTIES test to print a nicely formatted list of
      r3952: added validation of the lm and nt verifiers to our server side password change code.
      r3953: the lm verifier key in passwoed ChangePasswordUser3 is based on the nt
      r3975: added LFN filesystem attribute bit definition from ethereal
      r3976: changed NBENCH to use the same recording method as the latest dbench,
      r3977: fixed the lmPwdHash change in the rpc server (we were not fetching the
      r3978: added IDL and test code for lsa_LookupSids2() and lsa_LookupNames2()
      r3979: added server side code for lsa_LookupSids2() and fixed authority_name
      r3980: added server side support for lsa_LookupNames() and lsa_LookupNames2()
      r3982: split out the sid -> uid/gid mapping routines into a ntvfs_sidmap
      r3983: posix:fakeoplocks should default to False, not True !
      r3988: made dom_sid_add_rid() allocate the new sid with proper parent/child talloc
      r3989: added a linear algorithmic mapping for uid->sid and gid->sid within
      r3990: take advantage of the uid->sid and gid->sid code to create a much
      r3991: for uid->sid and gid->sid to be efficient we need to index on unixID
      r3992: provide hooks for lsa to lookup sids allocated using the linear id->sid mapping
      r3993: use distinctive fnums in the ipc backend, to make monitoring sniffs easier
      r3994: - removed the unused reference count code in lsa server
      r3995: improved the default ACL mapping from unix perms
      r4010: fixed parsing of null attributes in the ldb ldif parser
      r4011: get rid of rpc_secdes.h and replace it with a single sane set of
      r4012: split out the lsa lookup single name logic into a separate function
      r4013: got rid of a bunch of unused or unmaintained code
      r4014: removed unused MacExtension.h header
      r4015: correct copyright attributions
      r4025: added a sec_access_check() function for checking security descriptors
      r4026: added NT ACL checking on pvfs_open() for existing files. I need to
      r4033: removed a pointless comment
      r4034: add a function security_descriptor_create() which can be used to
      r4035: more effort on consistent naming of the access mask bits.
      r4036: expanded the RAW-ACLS torture test to include tests for the
      r4037: fixed a bunch of "might be uninitialised" warnings after enabling -O1 in my compile
      r4039: added a test for an element > 128 bytes in length, to ensure we test
      r4048: a very simple howto for new developers to tell them how to build and install samba4
      r4049: a simple perl script to add a new user to Samba4 ldb
      r4050: make sure we add objectClass and sAMAccountName
      r4051: use talloc_array() instead of talloc() when allocating arrays in auto-generated ndr code
      r4052: fixed a bunch of code to use the type safe _p allocation macros
      r4053: expanded and fixed a bug in the RAW-ACLS test
      r4054: got rid of Realloc(), replacing it with the type safe macro realloc_p()
      r4055: fixed more places to use type safe allocation macros
      r4056: modified the access check code based on results from RAW-ACLS
      r4058: added a type safe version of smb_xmalloc()
      r4059: moved the ldb -o option parsing to a common routine
      r4060: removed an unused file
      r4061: more additions to the RAW-ACLS test, to help me work out some details for pvfs
      r4062: the RAW-ACLS test now passes. The SEC_STD_DELETE bit is rather strange
      r4065: fixed ntstatus->dos error code for NT_STATUS_NO_SUCH_FILE
      r4066: add a mapping for NT_STATUS_NO_MORE_ENTRIES
      r4067: no matches in findnext is not an error
      r4068: added LANMAN2.1 to list of supported protocols (for OS/2)
      r4069: better error code for SMBwriteBMPX
      r4071: - ldap does allow adding additional attribute values with a modify
      r4072: - changed the names of some of the well known sids to be more consistent
      r4073: - added a set of lsa helper routines to make lsa lookups that are
      r4074: make the RAW-ACLS test use the new lsa helper functions to determine
      r4095: smbsrv_terminate_connection() doesn't exit() in single processor mode, so after we
      r4098: catch null guid string so RPC-DRSUAPI works against my server
      r4101: ignore secondary session requests to cope with a OS/2 bug reported by
      r4109: fixed an uninitialised socket write found by kukks
      r4110: fixed pidl to allow arrays to have size_is() and length_is() elements
      r4111: fixed winreg to use much simpler (and I believe correct) IDL for QueryValue
      r4112: when a pointer is NULL on the wire ensure it is null in the structure
      r4113: modified EnumValue in winreg to take advantage of the new pidl handling
      r4114: added have_features bits to gensec schannel code. This fixes our
      r4115: check for gensec errors before calling memcpy on a set of credentials,
      r4116: fixed compilation of EnumValue code in winreg rpc backend
      r4117: fixed EnumValue in winreg server
      r4118: don't assume that "unsigned int" is the same type as uint32_t
      r4123: set locale to C to ensure ascii string functions work
      r4124: include locale.h to get LC_ALL in include/system/iconv.h
      r4135: improve a debug message
      r4136: when we have a size or switch variable that is a pointer we need to check that the server
      r4138: initialise 'type' in RPC-WINREG EnumValue test
      r4139: 2nd attempt at fixing the null ptr in size_is() problem.
      r4145: make sure we don't set the 32-bit error codes flag unless the client
      r4146: an attempted fix for a OS/2 rename problem found by kukks - seems OS/2
      r4147: converted from NT_USER_TOKEN to struct security_token
      r4148: add a default set of privileges to the core builtin accounts in the
      r4150: - add fns for manipulating the privilege_mask in a security_token
      r4151: added privilege attribute handling on samdb.
      r4159: fixed error return for writebraw
      r4160: fixed the file_type in ntcreatex reply on a named pipe. NT4 requires this to be right.
      r4161: two more fixes for NT4 clients. Bugs found by kukks.
      r4162: this should fix the delete/findnext problem from OS/2 clients. Thanks
      r4163: 2nd attempt at fixing the OS/2 "del *" problem
      r4164: added a test that simulates a OS/2 file delete. This includes seek by
      r4165: added a 100 element name cache to cope with some amount of seeking
      r4170: don't check array size for conformant arrays (they are checked separately)
      r4171: an attempt at better IDL for DsReplicaSync
      r4173: - new t2open code, that can cope with "create with EAs". Many thanks
      r4182: fixed trans2 mkdir, allowing mkdir with an initial EA list
      r4183: expanded the RAW-MKDIR torture test to test creation of EA lists
      r4192: added server side implementation of lsa_EnumAccountRights
      r4193: added server side implementation of lsa_EnumAccountsWithUserRight
      r4194: added server side implementation of lsa_EnumPrivs
      r4195: added IDL, test suite and server side code for lsa_LookupPrivValue
      r4196: - added server side code for lsa_LookupPrivDisplayName
      r4198: - added server side code for lsa_AddAccountRights
      r4199: - added server side code for lsa_RemoveAccountRights (sharing code
      r4202: added smbclient commands "addprivileges" and "delprivileges" for
      r4205: fixed the default acl mapping from posix permissions to use the mapped
      r4206: fixed a status code check in lsa_LookupNames2 that could cause a segv
      r4207: remove "lookupname" and "lookupsid", and instead have a single "lookup" command that
      r4214: possibly fix the "no-EAs" bug from OS/2
      r4227: index the privilege attribute to make lsa privilege calls efficient
      r4228: make sure the caller knows the packet is in error when a signing error occurs
      r4229: - added support for multi-part SMBtrans and SMBtrans2 requests in the
      r4230: now that we set the FLAGS2_EXTENDED_ATTRIBUTES flag, we should mark
      r4232: added server support for multi-part SMBtrans requests, while
      r4242: added support for storing xattrs in a tdb. This allows all advanced NT
      r4243: a sniff from kukks showed that the ea_set interface in trans2 setfileinfo allows
      r4244: add more calls to pvfs_xattr_unlink_hook() on file/dir create, to try to beat race
      r4245: add a note about using a tdb to store xattr information, so you can
      r4246: some very brief notes to myself on solving the case insensitivity
      r4247: two more places that need the unlink hook
      r4261: added the RAW_FILEINFO_EA_LIST trans2 qfileinfo and qpathinfo
      r4262: a sniff from kukks showed that the FILE_ATTRIBUTE_NORMAL handling in
      r4263: added support for the trans2 RAW_SEARCH_EA_LIST information
      r4264: fix acl handling on systems without xattr support
      r4267: fixed the charset code to use the builtin_functions.
      r4269: expanded the note about what you need on linux for xattr support
      r4274: make the prototype RAP netshareenum call return something a bit more sensible.
      r4275: improve the share type info
      r4276: added server side support for lsa_OpenAccount()
      r4277: - added server support for lsa_EnumAccounts()
      r4278: - added server support for lsa_EnumPrivsAccount()
      r4279: added IDL and test code for lsa_AddPrivilegesToAccount() and lsa_RemovePrivilegesFromAccount()
      r4280: added server side support for lsa_AddPrivilegesToAccount() and lsa_RemovePrivilegesFromAccount()
      r4281: fixed an ldb indexing bug in ldb found by volker.
      r4282: removed a spurious error message now we remove index entries in the modify call
      r4283: adding a privilege that an account already has is not an error
      r4284: fixed a problem with very large EA lists and OS/2 clients. These
      r4302: fixed all of the annoying gtk warnings. The code all seems to still work, but
      r4303: a bit more consistent help on privileges commands in smbclient
      r4310: fixed the authority_name field in lsa_GetUserName()
      r4313: fixed a bug in handling new xattrs in the tdb xattr backend
      r4314: added ACL checking on unlink
      r4315: use the remote hosts max_xmit, not the local hosts, in calculating max trans2 data sizes
      r4316: - now that the trans2 code properly supports multi-part requests, we can set
      r4317: check the count of replies in the os2 ea_list torture test
      r4319: make it easy to use valgrind in the test_posix.sh test suite
      r4364: - added support for testing of chained SMB operations in smbtorture
      r4365: added command 'eainfo' to smbclient for displaying binary EA contents
      r4382: check for bad tid in SMBtdis
      r4383: in order to cope with overfilled buffers on trans2 findfirst we need to use 32 bit offsets and lengths
      r4387: added a TODO about the NTCREATEX_FLAGS_OPEN_DIRECTORY flag - it seems to open
      r4388: - allow ACE flags to be specified in security_descriptor_create()
      r4389: added checking for the default inherited ACL, which is used when no ACEs
      r4391: bring the default ACL inline with what w2k3 uses
      r4401: stricter test for correct ACL inheritance in RAW-ACLS
      r4402: use __location__ instead of __LINE__ in the RAW-RENAME test
      r4403: - added ACL inheritance in the pvfs backend. ACLs are now inherited on
      r4404: check for SEC_ACE_FLAG_INHERIT_ONLY in the "maximum allowed" logic
      r4405: added acl inheritance to the mkdir and t2mkdir backends.
      r4406: - don't call the xattr unlink hook on unlink unless the link count is 1, otherwise
      r4407: stricter checking of parameters on hard link creation in the RAW-RENAME test
      r4408: added the remaining access check hooks into pvfs. All calls should now have acl checking,
      r4409: fixed handling of zero access masks for the POSITION_INFORMATION query/set levels
      r4410: pvfs_rename_one() should not check for create permissions, as the rename
      r4411: when checking for create permissions, we need to check the parent, not the child!
      r4412: SEC_FILE_READ_ATTRIBUTE is always granted, even if not requested. This was being done
      r4413: login failure doesn't warrant a level 1 debug (its filling my logs during torture tests)
      r4424: fixed a simple bug in the '|' handling in indexed ldb searches. I'm
      r4427: - added ldb_msg_*() functions for sorting, comparing and copying messages
      r4428: use minimum open permissions in the 'acl' command in smbclient, so the user is
      r4429: the owner of a file always gets SEC_STD_DELETE
      r4430: - fixed the BASE-LOCK* tests to use a subdirectory, and properly setup the directory before each test,
      r4433: added the boilerplate for the new w2k3 LSA functions in preparation
      r4437: added IDL and test code for lsa_LookupSids3() and lsa_LookupNames3().
      r4442: fix lsa_TranslatedSid3 (its a dom_sid2 not a dom_sid)
      r4443: test lsa_LookupNames3() even when lsa_LookupSids3() fails
      r4444: - initialise registry:HKEY_LOCAL_MACHINE to a reasonable default (where
      r4445: put the unlink test in a subdirectory, and ensure it cleans up
      r4446: attempt to fix the build - andrew, can you check I've done this right?
      r4447: implement server side of lsa_LookupSids3() and lsa_LookupNames3()
      r4448: - fixed access_mask checking on acl set
      r4449: fixed the helpstring for LSA IDL
      r4450: the beginnings of IDL for the dssetup pipe. I need this pipe for ACL editing from w2k3
      r4451: added initial RPC-DSSETUP torture test. It works for level1 of
      r4452: the beginnings of a dssetup rpc server.
      r4453: use lp_server_role(), which currently returns 3, for the dssetup
      r4454: This is the patch I use to Samba3 nmbd to allow a WinXP box
      r4455: LSADS was a duplicate of DSSETUP, and is now gone
      r4461: finished the remaining information levels in the DSSETUP pipe. The pipe is now complete!
      r4462: - enable DSSETUP on ncalrpc
      r4463: added testing of the special SID_CREATOR_OWNER inheritance rules
      r4464: added pvfs backend support for the special CREATOR_OWNER and CREATOR_GROUP inheritance rules
      r4465: remove unused file
      r4466: rather than defining "STANDALONE" for building tdb, ldb and talloc
      r4467: - tdb standalone build doesn't need -DSTANDALONE any more
      r4472: improve the discard_const() macro for standalone build of talloc
      r4473: - moved talloc into its own lib/talloc/ area
      r4474: - converted ldb to use talloc internally
      r4475: fixed smbd to work with the small changes in the ldb API (the most important
      r4476: added a little gcov howto for ldb
      r4477: expanded the test suite to increase code coverage a lot
      r4479: added the function talloc_autofree_context() which returns a talloc context that
      r4480: autofree the dcom proxy tables
      r4481: get rid of the last leak
      r4486: fixed some memory leaks in the new ldb code, by ensuring that memory is always
      r4487: fixed the use of ldb_msg_add_*() in the samr password backend
      r4488: removed an unused variable
      r4490: when implementing one rpc server call in terms of another call, you
      r4491: don't dereference q1.out.sam unless we know it is not NULL
      r4492: r.in.info is a pointer that needs to be allocated before use
      r4493: change name of README.gcov so it doesn't get deleted by "make clean" :-)
      r4496: expanded info on testing your filesystem for xattr support
      r4497: fixed a typo
      r4498: arrgh, really fix the typo this time
      r4501: when copying files it is common for clients to copy the ACL. When the
      r4518: added proper support for "typedef enum" in pidl. We can now use enums as types in switch
      r4519: added the enum print function in ndr_basic.c
      r4520: added a enum test function to the echo pipe
      r4521: fixed up the handling of PROPERTIES elements after the change to support enum
      r4522: PROPERTIES are now handled at the typedef level
      r4523: the PROPERTIES change for typedef was not quite as simple as I thought. This puts in a workaround
      r4524: converted a few bits of samr.idl to use enum properly
      r4526: - much simpler (and more accurate!) ndr_size_*() code generation. It
      r4547: - added talloc_new(ctx) macro that is a neater form of the common talloc(ctx, 0) call.
      r4549: got rid of a lot more uses of plain talloc(), instead using
      r4550: talloc() is now typesafe. It is exactly equivalent to the old talloc_p() macro. Use
      r4556: neater (and faster) way of doing alignments and scalars
      r4559: prevent the RPC-EPMAPPER test from looping forever against w2k3
      r4560: - fixed crash bugs in the RPC-SCHANNEL and RPC-NETLOGON tests
      r4563: fixed lsa_EnumAccounts() server side to return all accounts that have privileges, as
      r4564: added a comment on lsa_EnumAccounts IDL
      r4582: finally worked out what is going on with the inherited ACLs test and win2003. It is a
      r4583: print which bit failed in the owner bits check
      r4584: fix pvfs backend to pass the new enhanced RAW-ACLS test. Easy once I really the
      r4585: don't consider LookupSids3 failing with NT_STATUS_ACCESS_DENIED (as w2k3 does) or
      r4586: RPC-LSA now passes against w2k3
      r4587: fixed dcerpc_secondary_connection() for ncacn_ip_tcp
      r4588: fixed the double bind in ncalrpc with dcerpc_secondary_connection()
      r4589: forgot to commit the new NT_STATUS_RPC_PROTSEQ_NOT_SUPPORTED error code
      r4591: - converted the other _p talloc functions to not need _p
      r4592: fixed typo from talloc testsuite fixup for the new syntax
      r4593: don't use the _p function in the testsuite, as when built standalone it doesn't
      r4595: on create check access against parent not child ...
      r4596: added a dynamic inheritance ACLs test. As far as I can tell w2k3 does not do
      r4611: - renamed add_socket() to smb_add_socket() as that is less confusing
      r4612: make the output for the w2k3 acl bug a bit clearer
      r4615: added acl checking on directory search in pvfs
      r4616: the first phase in the addition of proper support for
      r4617: basic alter_context requests now work in our client library. The test
      r4618: - tidied up the alter_context client code a bit
      r4625: added a test that demonstrates that once a context_id is established,
      r4626: Jelmer, can you look at why this init is failing? It is preventing all tools from working
      r4627: - simplified the dcerpc auth code using a common function
      r4630: for ncacn_np if we don't have an explicit request for one of the
      r4631: don't consider an epmapper insert as a failure for the moment
      r4632: added spnego testing and no-auth testing in test_w2k3.sh
      r4638: expose lsa and drsuapi on ncalrpc
      r4640: first stage in the server side support for multiple context_ids on one pipe
      r4642: added support for alter_context in the server for adding new interfaces to an existing pipe
      r4643: RPC-ALTERCONTEXT now passes
      r4644: allow DSSETUP on ncacn_ip_tcp
      r4663: fixed SPNEGO auth in the rpc server
      r4664: SPNEGO auth in our rpc server now works, so add it to the battery of
      r4669: a timeval_to_nttime() function as requested by abartlet. Andrew, its
      r4670: abartlet was worried about floating point precision with my first
      r4672: added the "spnego" flag to the binding string docs
      r4700: first attempt at a composite async function, smb_composite_loadfile(),
      r4710: added a smb_composite_savefile() function, and expanded the test suite a little
      r4711: - deprecate talloc_destroy()
      r4712: slight tidy up in alter_context server
      r4717: fixed our usage of VA_COPY to be more standards compliant
      r4718: don't use the deprecated __va_copy() unless va_copy() is unavailable
      r4719: snprintf.c is used outside of samba, so don't use our special types
      r4744: until we decide what to do about attribute aliasing (see my recent
      r4745: remove the distinguishedName attribute adds from samr. See the
      r4748: removed unnecessary distinguishedName from provisioning
      r4753: added the ability for the generic socket library to handle async
      r4754: tidied up the composite function infrastructure to make it easier to
      r4755: the recent change in the definition of lp_passwordserver() breaks this
      r4756: a slight tidy up in the events code
      r4757: added the ability of the clisocket level of libcli to handle async
      r4758: - added async support to the session request code
      r4765: simplify the async socket code to always go via the event handler
      r4767: handle the different NBT session request refusals, and map them to
      r4769: added a smb_composite_connect() function that provides a simple async
      r4772: fixed checking of the conformant size for dom_sid2
      r4777: added a smb_composite_sesssetup() async composite function. This
      r4778: I forgot to set the session key for the spnego path. Fixed.
      r4779: demonstrate doing 50 parallel loadfile operations, with a callback for completion
      r4781: the tolower() in schema.c is a premature optimisation. I suspect the
      r4782: volker quite rightly pointed out that there is too much of a
      r4783: got rid of another void* in the composite code. This brings us down to
      r4790: added type checking helper macros in talloc. These take advantage of
      r4791: used the new talloc type safety macros to make the "void *private"
      r4792: use type safety int the test suite too
      r4793: minor doc updates
      r4794: - disabled the ntacl command line utilities until they are rewritten to use the same
      r4795: stronget type checking in composite connect function
      r4800: proper fix for the _GNU_SOURCE problem with comparison_fn_t
      r4801: remove the two bogus ctype.h includes
      r4810: fixed anonymous connections with smbclient. Thanks to jbm for pointing this out.
      r4811: now that the event context is at the socket level, the event cleanup
      r4812: removed dependence on Data::Dumper
      r4813: this is a temporary solution to a link problem we have on some
      r4814: cope with perl not being in /usr/bin for idl building
      r4817: ccache was being made ineffective on all the build farm machines
      r4818: missed version.h here
      r4819: its just not my day today ....
      r4828: don't apply the schema until we get it working properly
      r4831: added udp support to our generic sockets library.
      r4832: added simple testing of tcp sockets to LOCAL-SOCKET test
      r4833: added LOCAL-SOCKET to the list of tests that are expected to pass
      r4843: fixed the alignment handling of enumerated types
      r4858: a better fix for alignment of enumerated types (I'm not even sure why
      r4863: schema_find_attribute() should be static
      r4883: support ndr_size_ generation on unions as well as structures
      r4884: - 2nd part of support ndr_size_ generation on unions as well as structures
      r4885: added a new NBT client library. Features include:
      r4886: fixed two places where we process the send side of a socket after the
      r4887: removed a bogus cast
      r4888: use the neater calling convention
      r4889: make sure ndr print flags are initialised in ndrdump
      r4891:  - added a generic resolve_name() async interface in libcli/resolve/,
      r4892: we don't need nameserv.h any more
      r4894: namecache.c is not used any more either
      r4896: make sure the event context doesn't go away while waiting for event completion
      r4898: - removed the unused wins_srv_*() code
      r4899: fixed build
      r4900: build fix for IRIX 6.5
      r4901: a bit more info on nbt packets under high debug level
      r4909: fixed name_trn_id generation (thanks to metze for spotting the bug!)
      r4911: make sure we fill in the transport called name on port 445 as well
      r4915: free temp context _before_ the async callback, as the async callback might destroy our top level context
      r4916: added "host" name resolution using fork() per gethostbyname()
      r4919: if a caller doesn't provide an event context to the resolver library,
      r4922: fixed an infinite loop in the name resolve code when handling a method
      r4924: continue the effort to simplify and generalise the composite
      r4927: parse the NBT session request in the smb server. This gets rid of that
      r4935: fixed a bug where "c->status = xxx_handler(x);" could write to c after
      r4936: moved to a convention where the completion function is only called in
      r4937: simplify the connect code in the same way
      r4938: allow the caller to supply an existing event_context if they want to
      r4939: make a few more private pointers type safe (this might help abartlet
      r4942: converted the cifs backend to not use event_context_merge(). Instead,
      r4943: Smplified the events handling code a lot. The first source of
      r4944: every event_add_*() caller was having to call talloc_steal() to take
      r4945: the te element isn't needed any more
      r4950: removed some excessive debugging messages
      r4951: some of the code dealing with libcli was getting too complex trying to
      r4952: removed a bogus talloc_steal() that was trying to cope with the
      r4953: - enable easy valgrind use in all our test scripts
      r4954: we don't need the separate event_remove_*() calls any more, as you now
      r4955: fixed a couple of minor memory leaks in the auth_sam code
      r4956: - moved the definition of the mangle context structure into a pvfs_shortname
      r4957: the fetchfile _recv() function was neglecting to steal the data and
      r5003: delete old nmblookup.c code
      r5004: add current samba3 nmblookup.c ready for updating to new nbt lib
      r5027: added the IDL license to the IDL directory
      r5032: get rid of the init fns in eparser
      r5034: - added a type mapping function in pidl, so the type names in our IDL
      r5035: fixed composite test to use --num-ops command line option
      r5036: changed HYPER_T to the more standard "hyper"
      r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for the
      r5038: we don't need these defines any more
      r5039: fixed eparser not to generate talloc_p()
      r5040: attempt to get solaris10 building by defining _XOPEN_SOURCE
      r5042: another attempt to get solaris10 building
      r5043: this broke more systems than it helped. Remove it and try to work
      r5048: made the provision.pl script much less error prone (you don't need to
      r5049: updated howto.txt with new provisioning instructions
      r5050: make sure we translate the generic to the specific bits before doing a
      r5051: initialise all elements of an array (thanks to Mike Allan for pointing
      r5052: minor formatting fix
      r5053: - fix up the library dependencies so that tools that need nbt don't
      r5054: added a nmblookup tool, based on the new nbt library
      r5079: don't look for gss_display_status() in libgssapi_krb5 unless we
      r5080: patch from ronnie to make our samr IDL a little more consistent
      r5083: removed the libcrypto test that is forcing the pull in of the MIT krb5 libs when you
      r5084: - handle arbitrary data in the NULL record reply type for nbt name queries
      r5085: add net and nmblookup to installed binaries
      r5102: This is a major simplification of the logic for controlling top level
      r5103: forgot to add two new files
      r5104: - added support for task based servers. These are servers that within
      r5105: removed some unused events functions. These are no longer needed as
      r5106: removed a bunch of unused socket functions. We still need
      r5107: moved the horrible ldap socket code, and the even worse
      r5108: the beginnings of a nbtd server for Samba4. Currently just displays
      r5109: - fixed handling of zero-length subcontexts in the ndr library
      r5114: the nbtd task can now act as a basic B-node server. It registers its
      r5115: enable the nbt daemon by default
      r5116: fixed build of the nbtlist code
      r5117: used a composite function to add 4 stage name registration. We send 3
      r5118: added support for node status replies in nbtd. nmblookup -S now works against Samba4.
      r5119: fflush after talloc reports to ensure they are fully on disk when using tee
      r5120: encode outgoing nbt packets when queueing them rather than in the send
      r5121: added periodic name refresh requests for all our registered names, reporting any
      r5122: fixed name of winbind stream ops
      r5123: fixed a bug in the timed events handling. It was possible for a timed
      r5126: the composite code is no longer client specific or smb specific, so
      r5129: make sure we don't spin chewing CPU time due to my last change
      r5130: added a single NBT name query benchmark. It keeps 10 queries in flight at a time.
      r5155: define ipv4address as a based IDL type, mapped to a "const char *" in
      r5156: started on test driven development of the nbt server. This adds a
      r5170: fixed a bug handling events that have already timed out - they were
      r5171: added support for "bind interfaces only" in nbtd. The solution was to
      r5172: actually bind to the right address for the wildcard interface ....
      r5185: make all the events data structures private to events.c. This will
      r5187: ordered the timed events in the events code, which makes processing
      r5189: fixed a double free bug in the ltdb indexing code
      r5193: make sure we mark the event dead when we free it on a dead connection
      r5194: added support for using epoll instead of select() on systems that have
      r5195: most events don't need the time of the event, so save a gettimeofday() call
      r5196: fixed sily bug (that metze found)
      r5197: moved events code to lib/events/ (suggestion from metze)
      r5198: don't consider failure to remove an epoll event as enough reason to
      r5210: changed server side nbt functions to be prefixed with nbtd_ instead of
      r5211: added broadcast name defense against both registration and refresh
      r5212: added checking for receiving our own packets as broadcasts
      r5213: do our name broadcast refresh requests as register packets not refresh
      r5214: added support for "netbios aliases" in smb.conf
      r5215: register aliases as both client and server node types, so nmblookup can see them
      r5216: don't defend group names against incoming name registration requests
      r5217: avoid epoll_ctl() if the event flags are already set correctly
      r5221: replace the str_list_*() code with new code based on talloc(). This is
      r5222: made the nbtd_self_packet() code more efficient
      r5248: fixed a silly bug in DLIST_ADD_AFTER()
      r5249: don't include ';' in the default list separators for parsing
      r5250: - added low level support for retrying nbt name queries, rather than
      r5251: - renamed the nbtd server side structures to have a nbtd_ prefix, to
      r5252: - fixed nmblookup for the nbt api changes
      r5253: need to pre-declare some structures
      r5259: make sure we give the ip of the interface that a name query comes in
      r5260: - show an error message on nmblookup failure
      r5261: translate nbt rcode errors to NTSTATUS codes
      r5273: fixed another bug in the code that keeps timed events
      r5274: fixed some const warnings by making the str_list_ functions return "const char **"
      r5275: - added support for NBT_OPCODE_MULTI_HOME_REG (opcode 0xf) for WINS name registrations
      r5276: - added support for NBT_OPCODE_REFRESH2 (type 0x9)
      r5277: initialise the multi_homed flag in the name registration test
      r5291: fixed ncacn_ip_tcp against windows
      r5292: ensure we cleanup the epoll_fd on event context destruction
      r5294: - added a separate NBT-WINS test for WINS operations (register, refresh, release and query)
      r5296: - only include the tdb headers where they are needed
      r5297: ensure pstring is not in the generated prototypes
      r5298:  - got rid of pstring.h from includes.h. This at least makes it a bit
      r5299: fixed an include ordering problem
      r5300: more uint32 and system/filesys.h build fixes when developer mode is enabled
      r5301: fixed pthreads build
      r5302: fixed a compilation problem on solaris caused by the recent include
      r5303: fixed build of gconf registry backend
      r5304: removed lib/socket/socket.h from includes.h
      r5305: removed libcli/ldap/ldap.h from includes.h
      r5306: removed all the unused mutex functions from mutex.c. When (if?) we
      r5307: removed db_wrap.h from includes.h
      r5308: trimmed back a lot of the old macros from smb_macros.h
      r5309: removed ads.h from includes.h
      r5310: allow for rounding errors in the sleep test
      r5321: added a program that works out the minimal set of #include lines
      r5322: removed a whole bunch of #include lines that minimal_includes.pl
      r5325: - expanded the NBT-WINS test to include scopes
      r5326: removed the charset conversion from the nbtname code, so we no longer
      r5328:  - allow case sensitive nbt name lookups
      r5329: made the nbt server case sensitive
      r5333: weird, w2k3 always sends a positive name release response, even for names that
      r5346: - a bit more preparation for the WINS server going in
      r5347: fixed the NBT-REGISTER test now that the nbt layer is case sensitive
      r5352: added a function nbt_name_string() that formats a nbt_name structure
      r5356: fixed the hex coding for nbt names
      r5357: added ldb_msg_add_fmt(), for creating formatted ldb record values
      r5358: - added initial WINS server code. It passes most of the NBT-WINS test, but doesn't yet
      r5370: epoll gives more precise event bits like EPOLLHUP instead of just EPOLLIN. We need to map
      r5371: on port 139 the called name needs to be in uppercase
      r5372: fixed the build
      r5374: - changed the dn key code in the ldb tdb backend to correctly honor
      r5375: use a real DN in the WINS database. We now pass the NBT-WINS test.
      r5382: another place where we need to uppercase the called name for port 139 connects
      r5384: for RPC-NETLOGON to pass we need to set the realm as well as the domain to the target
      r5386: added testing of registration of group names
      r5387: - added automatic WINS server record expiry
      r5388: uppercase the server name on ncacn_ip_tcp
      r5389: initialise the WINS ttl max/min values to something sensible
      r5390: use __location__ to make tracking down errors in RPC-SAMSYNC easier
      r5391: cope with w2k3 getting the timeout wrong in wack replies
      r5392: added "secure" WINS server processing. Send a WACK on name
      r5395: fixed some loadparm memory leaks
      r5396: fixed parsing of NBT type 0xc0 compressed name pointers
      r5397: added testing and server support for the special handling required for the 0x1d local master browser name
      r5398: fixed encoding of *SMBSERVER name (thanks to Karl Melcher for spotting this)
      r5401: using talloc_array() is neater here
      r5402: a initial attempt at a IDL definition of the WINS replication protocol
      r5403: a simple WINS benchmarking program
      r5404: allow spaces in the string representation of nbt names
      r5405: try to use NBT name pointers when a netbios name is repeated in a NBT
      r5406: fixed dependencies for the WREPL subsystem
      r5408: - added testing for the behaviour of the special 0x1c name
      r5411: make network interface selection a bit saner
      r5412: don't force initial debug level up in ndrdump
      r5413: enable standard samba command line options in ndrdump (so -d works)
      r5414: - added libcli/wins/, a basic client library for WINS replication
      r5415: added a NBT-WINSREPLICATION torture test. It asks the server for the
      r5416: nicer output when trying to replicate with a server that hasn't been setup as
      r5418: - added version numbers to WINS database records in preparation for adding server side
      r5448: another portability fix for solaris
      r5451: - added separate wrepl_associate(), wrepl_pull_table() and wrepl_pull_names() functions, with reasonable
      r5454: moved the WINS server code into its own directory
      r5664: simo, please look into this. It is possible for the number of elements
      r5665: the data within el2->values can still be used at this point, so don't free
      r5666: winxp will use a NTTIME of -1 to mean "don't change" in setfileinfo
      r5937: - performance improvement to talloc_asprintf_append()
      r5938: - allow NULL string argument to talloc_vasprintf_append()
      r5939: improve talloc_realloc() docs after feedback from lifeless
      r6031: don't try to send errors when the socket has been destroyed
      r6074: fixed non-spnego connections for new credentials code
      r6075: added talloc_enable_null_tracking() (asked for by lifeless)
      r6086: default to stderr for error messages in ldb, so we get errors in ldb_connect()
      r6087: - remove the dlopen code for now (before it goes back, it needs to be
      r6147: The maxfd was being recalculated on every event loop, which made us
      r6150: fixed a few socket_wrapper bugs.
      r6165: fixed up the userinfo composite code. Fixes include:
      r6184: the beginnings of the libcli/dgram/ library, and the dgram
      r6185: added LIBCLI_DGRAM to the list of libs to be built as part of LIBCLI
      r6209: started added code to support mailslot requests over UDP/138
      r6222: fixed the socket wrapper code for getsockname()
      r6223: added a bit more datagram infrastructure and the beginnings of a test
      r6245: receive and parse the GETDC response in the NBT-DGRAM test. The test
      r6246: stop waiting when we get a reply
      r6247: added the server side code for receiving mailslot requests, and
      r6248: added parsing of type 10 UAS announce netlogon packets
      r6287: sorted out a small but surprisingly tricky dependency problem with the
      r6288: the nbt dgram server now responds to GETDC requests. It works with our
      r6320: some minor netlogon datagram fixes - NT4 can now join a Samba4 domain without
      r6321: added IDL and test suite for NBT dgram 'sam logon' request (sent by
      r6323: added server side support for dgram NTLOGON requests. NT4 workstations can now login
      r6331: added IDL and test suite for the ADS style response to a datagram netlogon query.
      r6333: removed an extraneous line (pointed out by metze)
      r6335: at debug level 10, save netlogon and ntlogon packets that fail to parse
      r6338: ADS style GETDC response now works well enough that WinXP can join
      r6339: set the NBT_SERVER_LDAP and NBT_SERVER_KDC bits based on config
      r6340: - added an easy to use function to initialise a temporary ldb with some ldif
      r6341: fixed the schannel idl to handle dotted names correctly
      r6342: fixed a bad union assumption that caused ACLs to fail on 64 bit machines
      r6474: - added a simple talloc web page at http://talloc.samba.org/
      r6479: - added a simple web page
      r6480: fixed whitespace typo
      r6481: change download instructions to include tdb and talloc
      r6509: fixed a crash bug found by a-jutley at microsoft.com in RPC-RAP test
      r6528: - in tdb_fetch() we effectively disallowed zero length records by
      r6529: fixed locktest with new credentials code
      r6530: the server ID of a connection in the single process model should be
      r6531: fixed gentest with new credentials code
      r6541: added double pointer test to win32 echo client
      r6545: some notes and experiments on ref ptrs, testing with midl
      r6549: a simple ldap test script
      r6556: added BENCH-RPC test, useful for simple rpc load testing
      r6557: make srvsvc available on ncalrpc and ncacn_ip_tcp so we can do each
      r6560: added a tdb_chainlock_read() call in ldb_search(). This guarantees
      r6561: re-did the internal message system based on DGRAM unix domain
      r6562: added support for datagram unix domain sockets in the socket library
      r6563: - fixed the local messaging torture test not to fork, as this causes
      r6578: brown paper bag time with the new messaging code ....
      r6579: improved the handling of lock timeouts and cancels in the pvfs locking
      r6580: fixed the bug that caused the truncation of the main file on a stream
      r6581: improved the error message for RAW-LOCK timeouts
      r6604: solved a memory hierarchy ordering problem that led to crashes on
      r6618: only print the netlogon packets we receive if it is an unknown packet type
      r6619: realm should not be forced uppercase
      r6620: the type 23 schannel bind uses a workstation name, not an account name
      r6661: fix up talloc autoconf to have a chance of working on the build farm
      r6662: add an installcheck target for talloc
      r6663: only use -Wall for gcc
      r6687: added a idr helper function for creating random IDs
      r6688: removed unused binary_string() function
      r6689: minor ldap client library work
      r6690: added ndr_pull_struct_blob_all(), which is like ndr_pull_struct_blob() but checks
      r6691: fixed a comment
      r6692: used idr_get_new_random() in the nbt client library
      r6693: first version of cldap client library, with async interface
      r6694: a simple CLDAP torture test
      r6719: pidl need to be told that the external type netr_SchannelType is an enum, otherwise
      r6720: added support for the remaining 2 types of CLDAP netlogon
      r6724: added "cldap port" smb.conf parameter
      r6725: the beginnings of a cldap server
      r6726: support binary search elements in ldap_decode()
      r6740: make gensec_gssapi.c compile again
      r6741: prevent talloc_strndup() from reading one byte past the end of a buffer,
      r6744: added support for reply packets in libcli/cldap/
      r6745: - escape spaces in binary ldap blobs
      r6746: added ndr_push_union_blob() for pushing IDL unions into a DATA_BLOB
      r6747: first working version of cldapd server. It is missing 'sites' support, and
      r6750: some minor tweaks to the cldapd server
      r6751: dnsDomain should be CASE_INSENSITIVE (winxp will sometimes do a cldap query with this
      r6761: - not everyone is in my domain :-)
      r6762: with the zone right we don't need a fully qualified site name at all
      r6763: added functions in libcli/ldap/ to binary encode some NDR structures into
      r6764: added support for DomainGuid, DomainSid, AAC, and User attributes in
      r6765: expanded the cldap test suite to test the usage of the DomainGuid,
      r6766: some more cldap tests ...
      r6776: make the cldap torture test not dependent on the realm being set
      r6802: - fixed CFLAGS
      r6808: - test for gcov not needed
      r6809: ifeq is not portable in make - jelmer, you'll need to find some other way of doing
      r6812: more talloc portability tweaks
      r6814: fill in two more unknown values in cldap responses
      r6815: fill in values in cldap server as well
      r6816: - fixed debug display of ndr netlogon union
      r6817: - fixed empty ldap search elements in filters
      r6829: include the talloc autoconf tests when building ldb standalone
      r6830: put header checks in config.m4 so when it is included by other projects the right
      r6831: talloc now requires config.h (this fixes ldb build)
      r6833: split out the routine that calculates the diff between two ldb messages from ldbedit,
      r6845: make the talloc header align to 40 bytes, which costs us an extra 4
      r6846: make smbd terminate immediately on EOF from stdin
      r6852: implement an idea from kinkie to make the 'make test' target automatically kill smbd
      r6853: again fixed SOCKET_WRAPPER_DIR in 'make test'
      r6869: removed completely bogus BASE-RW2 test
      r6873: fixed exec bit
      r6875: added a BENCH-CLDAP test. Speed of the cldap server isn't all that important, but it does
      r6876: - fixed a memory leak in the cldap server
      r6877: added CLDAP testing to test_ldap.sh
      r6967: fixed the new multi-value dn=@ATTRIBUTES so it actually works :-)
      r6968: fixed a typo in the event macros. I'm surprised this one didn't show up earlier!
      r6980: added data_blob_append(), which I use in the web server
      r6981: first version of the builtin web server for Samba4
      r6982: install the swat pages with 'make installswat'
      r6983: add some sample esp pages to demonstrate the use of some of the features of the server
      r6985: rearranged the directory structure so as to make it possible to support esp include() call
      r6986: added support for <% include("somefile.ejs") %> for including common scripts
      r6987: - make sure esp pages cannot read data outside of the swat directory
      r6988: added a test of esp include() calls
      r6989: - added support for esp style includes (which include a esp file, instead of a ejs file)
      r6990: apparently some systems define UNUSED :-)
      r6997: added a private pointer to the task structure. This is needed by the session data
      r6998: - added support for application[] data, which is global to all clients using the web server.
      r6999: - renamed our html files to esp
      r7000: only keep session data if not empty - this saves us using lots of memory needlessly
      r7001: make sure we install the esp files
      r7002: added support for getting at loadparm config parameters via lpGet() in esp scripts
      r7003: added an example script for fetching smb.conf parameters from esp scripts
      r7004: added support for exceptions generated in the esp library. If the OS
      r7005: added a esp page to demonstrate exception handling
      r7007: try to get ejs compiling again
      r7008: - split out the loadparm type definitions so loadparm internals can be accessed externally
      r7011: when using macros, the parameters should be specified unless its a
      r7012: added smb.conf parameters
      r7013: added tls support to the builtin web server. It auto-detects if the client
      r7014: added Content-Length header to both esp and non-esp output
      r7015: use a scripting trick to force images to be sent with http instead of https, which
      r7016: - added smb.conf parm 'web tls = true/false'
      r7017: added a esp variable server['TLS_SUPPORT'] which tells the script if the server
      r7018: take advantage of the server[TLS_SUPPORT] variable to auto-redirect the home
      r7019: - added esp call lpServices() which returns a list of services in smb.conf.
      r7023: reduced the number of warnings in building ejs and esp
      r7044: vance is right that mixing http and https elements gives a warning in IE
      r7047: rearranged the tls code a bit, and improved the error messages when it fails
      r7048: added auto-generation of TLS self-signed certificates if none exist already
      r7049: auto-create the private/tls/ directory on install
      r7051: remove an unused file
      r7052: added a case insensitive str_list_check_ci() version of str_list_check()
      r7053: added a ldbSearch() call to esp
      r7054: added a example script showing ldbSearch() usage
      r7055: automatically add the dn to all ldbSearch results
      r7056: added links to ejs and esp info pages
      r7067: older versions of gnutls don't have GNUTLS_KP_TLS_WWW_SERVER
      r7071: allow access to the current mpr memory context from ejs calls
      r7072: moved the esp hooks calls to the ejs level, so we can call them from
      r7073: added some simple example scripts for use with smbscript
      r7074: we should load all shares in smbscript
      r7075: added support for ARGV[] in ejs scripts
      r7076: added demos of using ARGV[]
      r7077: pull in a bunch more libs for smbscript. I plan on making a whole lot
      r7078: - fix an uninitialised variable in smbscript
      r7079: remember to register the esp calls
      r7085: fixed a bug in ejs with setting up the arguments[] array
      r7086: make include() recognise the ".esp" extension and include the file as
      r7087: always run the /scripting/preauth.esp page before processing any
      r7088: start on some real structure for the SWAT web pages
      r7089: ensure that headers['HOST'] is setup
      r7090: added back in the showvars test
      r7091: added some more useful links
      r7092: added some js for formatting table results in a nicer fashion
      r7093: - added a new Form() ejs object for producing simple forms.
      r7094: use the Form() object in a few more places
      r7095: more html tidying
      r7096: added support for select lists in forms
      r7097: removed a debug line
      r7101: moved favicon into images/
      r7104: add support into the web server for session[] variables without cookies by using
      r7105: fixed a typo
      r7106: the web interface now works completely with or without cookies. If you have cookies
      r7107: detect when a users session has expired and set request['SESSION_EXPIRED']
      r7108: display a session expired message
      r7124: fixed a bug in array construction (see ECMA standard section
      r7125: demonstrate some bugs in ejs
      r7127: allow for recursive ejs functions
      r7128: added recursion to bugs list
      r7131: support sub-object arrays when displaying objects. This allows the ldb test to
      r7132: - start a convention of making object constructors end in Obj, so we
      r7134: a number of small changes to make the pages HTML compliant. The
      r7135: make typeof() complient with ECMA 11.4.3
      r7136: fixed a typo
      r7162: a test commit to trigger anon update with new svn fsfs backend
      r7163: a 2nd test commit to trigger anon update with new svn fsfs backend
      r7205: added support for sendto() on unix domain sockets
      r7206: changed the messaging library to use sendto instead of a connected
      r7211: - use ioctl(FIONREAD) to remove the artificial limit on messaging size
      r7227: added a socket_pending() call to abstract away the FIONREAD ioctl. It
      r7228: use socket_pending() instead of the direct ioctl in the messaging code
      r7229: use socket_pending() to get rid of the max packet size limits in the
      r7230: use socket_pending() to get rid of the max packet size limits in the
      r7264: fix up the socket handling for abartlet. Still only udp, but it won't
      r7265: fixed d_printf() so it works again.
      r7271: added the ability to specify a target specific set of CFLAGS for
      r7272: this is a sample mk file for building a heimdal library using the
      r7289: split out the list of *.mk files for the build, so you don't need to modify the perl
      r7290: comment out heimdal config for now
      r7294: implemented the irpc messaging system. This is the core of the
      r7295: added an irpc benchmark. It gets about 16k messages/sec on my laptop,
      r7296: avoid two stat() calls per message. This increases the raw message
      r7298: ensure messages are sent in order even when under extreme load. This
      r7309: started adding IDL for nbt management calls. This adds a
      r7320: added support for a private pointer in irpc registered handlers
      r7321: add nbtd statistics serving over irpc
      r7322: the beginnings of a in-tree heimdal
      r7352: the internal heimdal build change. This changes quite a few things:
      r7355: this should fix the link problem metze hit with smbscript
      r7356: fixed the problem mkaplan reported with not being able to run without -i
      r7358: make the irpc test use two messaging contexts, not one, so it better
      r7359: add configure test for strsep (might helps abartlets build of heimdal)
      r7360: added a few more heimdal configure tests
      r7361: fixed the 'file becomes a directory' bug that marc kapland found.
      r7419: when we have both --enable-developer and --enable-debug we don't need -g twice in the
      r7431: this should fix the bug that mkaplan and I noticed which is that
      r7459: fixed pvfs for the RAW-MUX test
      r7460: fixed several problems with the socket wrapper code and unbound sockets
      r7461: this is the start of some code for mapping IDL onto ejs. This is hand
      r7475: removed RPC-SAMLOGON test until we get a lighter version of it. It is
      r7476: ensure dgram sockets are created non-blocking. As they usually skip
      r7478: fixed a problem with a backgrounded smbd looping to handle continuous
      r7483: ensure we try reading from a socket if epoll says we can, and don't
      r7484: the previous bug can also affect the kdc
      r7485: - allow test_xxx.sh to run outside of 'make test' by ensuring $PREFIX is setup
      r7493: add a --maximum-runtime option to smbd. If this time is exceeeded then it exits.
      r7494: added --maximum-runtime to smbtorture as well. I have seen smbtorture
      r7495: used --maximum-runtime=300 for each smbtorture call, to prevent it
      r7496: removed an unused variable
      r7497: add timeouts to all rpc requests. The default timeout is 60
      r7499: ensure that the account we run tests as ("Administrator") maps to the
      r7502: the sleep test in echo is already run on the main rpc test, so no need to run it with every combination in
      r7503: turn off the sleep test here too
      r7504: missed one
      r7506: handle the case where cron does not setup $USER
      r7507: fixed the problem with users being shown too many times in acl
      r7510: fixed error code for using a bad tid.
      r7513: don't try to write to the smbd log file between tests. zeroing a file
      r7514: make the ldb_parse code not depend on a ldb_context, so we can now potentially use
      r7515: merge in the binary encode/decode enhancements from the libcli/ldap/
      r7516: make sure binary decoding gives us something we can run string functions on
      r7517: handle zero length equality tests
      r7518: don't use an uninitialised ldb debug function when failing to load modules in the ldap
      r7519: rip the copy of the ldap expression parser out of libcli/ldap/ and use
      r7522: added a ldb_filter_from_tree() function that takes a ldb_parse_tree
      r7523: blergh
      r7524: make the ldap ASN.1 filter parse code go via a struct
      r7526: make test should depend on the bins
      r7527: - added a ldb_search_bytree() interface, which takes a ldb_parse_tree
      r7528: cleaned up the QueryDisplayInfo_continue test
      r7533: don't show compile flags for each file
      r7557: trigger a probe at tconx time to see if xattrs are really supported by
      r7558: added support in ldb for extended ldap search requests. These are
      r7559: support 64 bit matching in bitops
      r7560: added tests for extended bitop search functions
      r7564: added a test showing the search expression that w2k is actually giving
      r7565: fixed handling of sasl data in ldap server
      r7566: added support for LDAPString types in the asn.1 library
      r7567: added wire parsing of NOT and extended ldap search requests. This
      r7568: enable the NTLMSSP bulk data sign/seal code for out ldap server. This
      r7571: fixed the generation of the filter string for extended filters
      r7572: fixed filter in test suite
      r7593: simplified the memory management in the ldap code. Having a mem_ctx
      r7594: abartlet is right that this hack is not actually necessary, it just
      r7596: next step in ldap cleanup. I'm aiming to get rid of the cut&pasted
      r7597: removed the bogus get_myfullname() and get_mydomname() calls, and put
      r7598: take advantage of struct data_blob and struct ldb_val being the same
      r7599: it turns out we were not using the ldif code in libcli/ldap/ at all,
      r7626: a new ldap client library. Main features are:
      r7633: this patch started as an attempt to make the dcerpc code use a given
      r7650: fixed a typo
      r7652: use event friendly connect in dcerpc socket code
      r7653: when a dcerpc request times out, we need to ensure that if the server
      r7654:  - add a timeout to all smb requests (default 60 seconds)
      r7655: test the evnt friendly socket_connect() in the LOCAL-SOCKET test
      r7656: added testing of rpc request timeouts and destruction
      r7657: test addone again after request timeout and destruction to ensure the pipe is still OK
      r7658: don't timeout at the smb level for rpc requests as otherwise some rpc
      r7659: fixup the ordering of socket destruction for ncacn_ip_tcp so we don't try and
      r7660: improved error handling in socket_connect_ev() (it matters when name
      r7661: patch from tburdi1 at uic.edu to fix autogen.sh on freebsd
      r7665: - added a ildap_*() interface to our internal ldap library. This
      r7666: fixed a memory leak in the ldap ldb backend
      r7667: added a ldb ildap backend, using our internal ldap client library. Next step is to
      r7668: - setup HAVE_ILDAP to enable the ildap backend in ldb
      r7669: removed ldap from our configure tests
      r7670: fixed rootDSE search in ldap server
      r7671: added ldap testing to the set of standard tests
      r7672: this should fix the crypt dependency problem (I hope!)
      r7677: fixed ldap server to honor 'private path'
      r7678: fixed typo
      r7704: - fixed open_nbt_connection() to return NULL when the connection failed
      r7705: prevent SIGPIPE. this is what causes BASE-NEGNOWAIT to sometimes fail
      r7709: - convert ldb to use popt, so that it can interact with the samba
      r7710: new command line handling code for ldb
      r7711: update callers of ldb_connect() for new syntax
      r7712: ldb/common/util.c is gone
      r7713: fixed error display in ildap_search()
      r7714: enable samba credentials handling in ldb tools. So you can now do a
      r7715: ensure we don't print null strings in ldap_errstr()
      r7716: a single wrapped ldap blob can contain multiple ldap messages
      r7717: fixed some typos
      r7719: make the ildap ldb backend use the defaultNamingContext if the basedn
      r7720: - simplify the asn1 decode of ldap_search() a lot, taking advantage of
      r7721: solve a problem with null arguments to testit()
      r7722: when we get a zero read, the connection is dead
      r7723: - fix a mismatched asn1 push/pop on bind
      r7724: added encoding of LDB_OP_NOT search components
      r7725: fixed a bug with partial asn1 frames in the ldap client
      r7726: - removed some unused variables
      r7727: we need to mark some attributes as INTEGER, so that the standard searches
      r7728: handle 64 bit integers in INTEGER match
      r7739: fixed an off by one bug in the base64 decoder for ldb ldif
      r7740: get rid of our duplicate base64 routines
      r7741: fixed the verbose option in ldbedit
      r7742: abstracted out the tls code from the web server, so that our other servers
      r7743: be consistent in how stdin is supported for ldbadd and ldbmodify
      r7744: converted the web server to use the lib/tls/ generic tls code
      r7745: better handling of recv errors in tls library
      r7746: - added TLS support to our ldap server
      r7747: - simplified the ldap server buffer handling
      r7749: some bug fixes from testing with socket:testnonblock
      r7750: handle STATUS_MORE_ENTRIES on send in tls
      r7751: only enable tls on the ldaps port in ldap server, and reject non-tls
      r7753: removed debugging code :-)
      r7754: fixed the local port of accepted sockets in socket_wrapper. This fixes
      r7755: fixed an uninitialised event_ctx found by abartlet
      r7759: allow ldb_errstring() to be used when not connected
      r7760: make client tools get the right config file in 'make test'
      r7763: fixed some circular dependencies
      r7767: fixed ldb dependencies
      r7768: use _ALL_OBJS in clean target
      r7769: added client support in the tls library api
      r7770: added ldaps support to our ldap client library
      r7771: - added ldaps and NTLMSSP testing to ldap tests
      r7772: actually give the auth options to ldbsearch ....
      r7773: fixed the tls code for the non-GNUTLS case
      r7774: put $CONFIGURATION in one more place
      r7775: solaris uses 'lo0' for loopback network, so by using lo* we should cover both
      r7776: add a method for getting arbitrary opaque data into a ldb context, for use by backends.
      r7777: allow for overriding the location of the sam databasein the ldap server, using
      r7778: added talloc_find_parent_bytype() and talloc_find_parent_byname()
      r7779: use the parent event context in ldb_wrap_connect(). See the comment in
      r7780: fixed a bug in talloc_find_parent_byname()
      r7781: finding the parent of a talloc ptr is trickier than it looks due to the two-way
      r7782: fixed an ordering problem with smb requests. I found this when I had "sam database"
      r7783: the whenChanged attribute is now handled by the timestamps module, and
      r7784: give an error in ldb_tdb for invalid modify flags. The "whenChanged"
      r7792: make the allocation size rounding in pvfs configurable
      r7793: allow integers in smb.conf to be specified in octal or hex
      r7795: use a share specific allocation rounding
      r7800: added the same request serialisation logic to our socket based rpc
      r7801: the ldap server needs this logic too
      r7803: added support in ldb for callers to setup ldif read/write functions,
      r7804: added the samba specific ldif handlers into the tree, but don't enable
      r7808: fixed the build of ldb after the binary file support in ldif was added
      r7810: don't give errors when the ldap server sends us reference replies
      r7831: use cn=TEST as base of test DNs so we don't interfere with potentially real records
      r7832: missed one
      r7833: changed ldbsearch and ldbedit to have command line syntax closer to
      r7834: added comment about the "((" search test
      r7854: only enable wrapping in the ldap server if it was negotiated by gensec
      r7855: fixed a typo
      r7856: fixed warning of 'methods' shadowed variable
      r7857: improved the handling of end-of-file on sockets in the smb server
      r7858: removed some unused variables
      r7860: switch our ldb storage format to use a NDR encoded objectSid. This is
      r7863: removed an unused variable
      r7864: fixed some const bugs
      r7865: changed pidl to take a "const void *" instead of a "void *" for the
      r7867: a couple of bug fixes for newuser.pl from kukks
      r7868: canonicalise the message before using ldb_add() in the ldbadd utility.
      r7869: revert the configure changes from jelmers commit for heimdal_build
      r7870: fixed the RPC-SCHANNEL test. It turned out it was my const changes, as
      r7871: setup spoolss, wins and hklm dbs correctly in selftest
      r7872: another place we were relying on the old behaviour of value()
      r7873: hopefully fixed build of ldb_explode_dn() on AIX
      r7874: reverted metzes patch svn 7837 as it is not portable to make on
      r7894: remove portability experiments until its working in the smb-build test project
      r7895: hopefully this will fix the popt build on solaris
      r7896: don't output null rules for blank targets (caued make failure on irix)
      r7898: don't die on bad iconv libs in LOCAL-ICONV test
      r7899: fixed a crash bug in the RAW-CONTEXT test
      r7900: the existing ltdb indexing code does in fact cope with binary fields, so re-enable
      r7901: check if system supports UTF-16LE at all in LOCAL-ICONV test
      r7905: this should fix installswat on FreeBSD. Thanks to nodie for testing this for me
      r7906: some portability fixes for ldap testing on solaris (solaris grep doesn't handle ^)
      r7907: the old solaris perl doesn't handle mkdir() without a mode
      r7909: don't consider not finding a list of network interfaces from the kernel a fatal error,
      r7910: fixed typo in _SAMBA_BUILD_ macro
      r7911: task_terminate() is defined in the macosx headers, so change the name
      r7912: make private_path() recognise a non-relative filename, so we can have
      r7913: prevent recursion in the socket wrapper code
      r7914: - we don't need to override the database locations in selftest any more
      r7915: report the number of failed tests so far when running 'make test' interactively
      r7916: - got rid of the in_client global
      r7917: macosx doesn't have a group called 'users'
      r7918: fixed a crash bug in the ldap server
      r7919: use more portable shell syntax for MALLOC_CHECK_
      r7920: another attempt at making installswat.sh portable
      r7921: fixed newuser script (letting samldb module allocate the sid)
      r7923: removed dependence on Data::Dumper
      r7925: small tidyup (please keep lines at a reasonable length)
      r7926: poptGetNextOpt() returns int, not char
      r7927: fixed an error on partial socket writes in the rpc server
      r7929: yet another attempt at fixing installswat on freebsd 5
      r7930: - added testing of the cifs passthru backend
      r7931: fixed a bug in the cifs backend found with the new test code
      r7933: darn, forgot to add this
      r7939: fix default hostname in provision
      r7940: use local path first for ldbadd in provisioning
      r7941: fixed handling of ASN.1 objects bigger than 64k
      r7977: split up 'make clean' a little more as it is overflowing the command line size limits
      r8002: favor addresses on our local interfaces in NBT name resolution if
      r8003: ensure that we don't try to send a trans request with more than 64k data or params
      r8004: added a maximum EAs size test from Kukks.
      r8005: escape '"' characters in ldap expressions. Makes scripting easier.
      r8006: I have seen w2k3 send multiple encoding syntaxes in rpc bind
      r8009: expanded the ldb test suite. It worried me that some changes I have
      r8010: added testing of wildcard attributes
      r8011: arrgh, commit the right version this time
      r8032: added loop detection into talloc. Robert Collins found a way to make a
      r8033: - add easier valgrind testing
      r8035: added indexing tests. current ldb fails the integer indexing, will be fixed shortly
      r8037: a fairly major update to the internals of ldb. Changes are:
      r8038: - fixed indexing on binary values that need base64 encoding and canonicalisation
      r8039: allow ldb test suite to be run outside of the ldb directory
      r8040: run ldb test suite as part of samba 'make test'
      r8041: remove a mis-spelled debug message :-)
      r8043: increase shell compatibility of ldb tests
      r8051: separate out the MAX EAs test, as it fills disk too much to be run regularly
      r8053: requests from mmc show that the auth info for a bind should be 4 byte aligned, not
      r8055: added canonicalName to our domainDns record
      r8056: make the realm lowercase in our ldb (better matches w2k3)
      r8057: use our defined push/pull types in the validate code (fixes a warning)
      r8058: added testing of delete on close for files and directories
      r8059: fixed handling of delete on close fir directories
      r8065: don't run the LOCAL-ICONV test in selftest. It does cross-checking of
      r8067: added a method for disabling the password prompt in programs that want
      r8068: reduced the verbosity of the EPM code
      r8069: the beginnings of code to allow rpc calls to be made from ejs
      r8070: a (as yet not working) example of how rpc calls might be made from js scripts
      r8071: reduce the size of the default ldb tests. We run on some pretty low powered machines
      r8073: a successful rpc call from ejs!
      r8074: demonstrate calling echo_AddOne() from ejs
      r8104: - added support for our client library to not negotiate nt status codes, controlled
      r8106: the use of a static string for dos error codes was causing problems in
      r8107: now that we properly separate DOS and NT status codes all the places
      r8111: fixed the client library to work against w2k3 with nt status codes
      r8113: this should fix the build on systems without heimdal
      r8114: fixed the build after tpots ejs commit ....
      r8115: added support for 2 more dos error codes found during testing
      r8116: demonstrate a little trick that can be used to track down where an
      r8117: fixed a bunch more dos error code handing.
      r8118: remove a debugging hack that should not have been in the last commit
      r8119: fixed two error code returns in the smb server now that we have
      r8120: added in the newly found DOS locking error codes into the pvfs backend
      r8121: yuck. w2k3 seems to choose ERRDOS:ERRbaduid or
      r8122: more fixes from testing dos error code handling against w2k3
      r8123: fixed the RAW-NOTIFY and RAW-QFSINFO tests against w2k3
      r8124: added a set of file sharing tests that pass against w2k3
      r8125: fixed an error code mapping based on the updated torture tests
      r8126: - moved to 16 byte alignment for talloc. This is in response to a bug
      r8127: fixed code in function error
      r8191: updated the ejs code generator in pidl to generate enough code for
      r8192: updated the glue code for the generated ejs functions from pidl
      r8193: fixed the echo.js example code to work with the new syntax for rpc
      r8194: delete the old hand-written ejs code for echo_AddOne. This is now
      r8195: - fixed handling of simple arrays. To keep the logic simple, I moved to making all push
      r8196: - added testing of the EchoData interface in the echo test script
      r8197: added testing of echo_SinkData() and echo_SourceData()
      r8198: - handled push/pull of simple strings in ejs
      r8199: - we don't need to pre-declare 'var status;' everywhere
      r8200: - added stub functions for union pull/push
      r8213: I've started to understand the LEVELS stuff in pidl much better now,
      r8214: added testing of echo_TestCall2(), which tests the union push code
      r8215: switched the pull side of the ejs generator over to the recursive LEVELS based approach.
      r8216: - handle union pull in ejs pidl generation
      r8217: added testing of echo_TestSleep() and echo_TestEnum() in echo js code
      r8218: added testing of echo_TestSurrounding() and
      r8220: added auto-generation of ENUM constants in ejs wrapper. So we can now use the enum name
      r8230: prevent authentication dying on a NULL domain
      r8233: - added support for more base types in pidl ejs
      r8234: started on testing samr calls from ejs. So far it only does samr_Connect()
      r8236: fixed support for arrays of structures
      r8237: expanded the samr.js test to do a samr_Connect(), samr_EnumDomains() and samr_Close()
      r8238: - fixed handling of NULL pointers from ejs
      r8239: - added testing of LookupDomain, OpenDomain and EnumDomainUsers
      r8240: support comparing pointers in ejs. This allows for
      r8241: - take advantage of pointer comparison
      r8242: support bitmap constants from ejs calls
      r8243: fixed indentation of generated ejs interface code
      r8244: need to be careful about local vs global variables in js
      r8247: remove the free of fullname in nbtname.c for now.
      r8251: fixed a couple of valgrind errors in the unix auth code. Simo, can you
      r8253: fixed two crash bugs in ejs. I will send these fixes off to the appweb guys soon.
      r8254: fixed a valgrind error in the unix auth code
      r8255: enable access to the ejs constants generated by pidl from the web server esp pages
      r8256: - allow rpc calls from non-command line ejs contexts by creating a set
      r8257: add a samr rpc test page in the web server. It lists all level3
      r8260: added an init based registration system for the generated ejs rpc code, so
      r8261: charset style strings in pidl should be const, just like old style ndr strings
      r8262: - simplify the dependency handling for ejs modules
      r8267: re-generated the yapp parser with correct paths
      r8268: added the 'needed' logic to ehs generation, so we don't generate
      r8269: added automatic testing of rpc calls from ejs in 'make test'
      r8271: make the ejs test scripts directly executable scripts using:
      r8272: added the hooks for adding a name to a messaging context, so we will
      r8273: fixed some memory leaks in smbscript. This required converting
      r8275: possibly a more portable way to export symbols in perl?
      r8276: fixed the remaining memory leaks in smbscript. We can now loop doing
      r8277: filled in the code for finding irpc server ids by name, storing the
      r8278: this should fix the heimdal h_errno warnings
      r8279: make sure we hold a lock when manipulating the irpc names db
      r8280: - added irpc_connect() for connecting to a irpc server by name
      r8281: pass the callnum and rpc interface table directly from the generated
      r8282: make the deletion of the smbd.tmp directory recursive. This cleans up the messaging
      r8283: make sure we build constant variables for both pull and push side of enums
      r8284: - fixed some uninitialised variables in the irpc code
      r8285: generate some real stats in the nbt server for the irpc client code to look at
      r8286: it makes more sense to combine the refresh count with the register count, as they
      r8287: yay! finally irpc calls from ejs are all working.
      r8289: fallback to the group 'other' for users
      r8295: turn off the delete on close test in the build farm until someone gets
      r8296: - split out the ejs auth functions into a separate file
      r8297: add libinclude() function in ejs, which is like include() but searches a js library
      r8298: - started building a library of js routines in scripting/libjs/
      r8299: make the samr swat test use the samr.js lib
      r8300: get the js include path right in selftest
      r8301: use ncalrpc: for ejs tests, to avoid name resolution timeouts as smbd is just starting up
      r8303: a workaround for forcing HEIMDAL_EXTERNAL to build.
      r8305: another attempt at getting heimdal building in the farm
      r8306: some more heimdal configure checks
      r8307: try to cope with flex and bison not being installed, in a similar fashion to yapp for pidl
      r8308: use the configured C compiler, instead of forcing gcc in external heimdal tool build
      r8309: more heimdal configure checks needed for FreeBSD
      r8310: replace the heimdal networking interface scanning code with glue code that uses the Samba
      r8311: krb5 uses ENOMEM for out of memory
      r8312: fixed some heimdal header checks from watching the build farm failures
      r8313: moved PRINTF_ATTRIBUTE to replace.h to try to get irix building with heimdal
      r8314: - added an 'installmisc' target for installing miscellaneous files.
      r8315: fixed the generation of the serial number in the dns zone file (bind9
      r8316: give full access to the popt command line parsing in ejs scripts, including
      r8317: convert the example scripts over to the new GetOptions() call
      r8318: added a bunch more ejs calls.
      r8319: the start of a provision script in ejs. This is why I've been adding
      r8320: make sure all our returned objects are full objects, which means they
      r8331: added split(), join() and FileLoad() functions to ejs.
      r8332: not done yet, but a lot closer
      r8333: merged with latest upstream ejs sources
      r8334: fixed a ejs bug that prevented functions variables from being called in local context
      r8335: removed some duplicated code
      r8336: enable 64 bit integer support in ejs
      r8337: - use 64 bit access functions in ejs calls
      r8338: - added a substitute_var() js library function for doing hash driven
      r8339: added ldbAdd(), ldbModify(), ldbDelete() and ldbRename() to ejs ldb functions
      r8340: - added sys_gmtime()
      r8341: enable floating point support in ejs
      r8342: allow ldb_ldif_read_string() to continue in the string, so you can
      r8343: removed a debugging message
      r8344: added a "setup directory" smb.conf parameter, pointing at the setup template files
      r8345: make the dn on the hklm ldif valid
      r8346: added a sprintf test suite for ejs
      r8347: replace the perl provision script with a ejs script
      r8348: switch selftest to use the new provision script
      r8349: as we don't use standard dirs, we need to create smb.conf before we run provision
      r8350: fixed the --root option to provision
      r8352: we need to override "setup directory" for the build farm hosts
      r8354: work around a js bug found by tpot
      r8355: - added a vsprintf() function
      r8364: fixed a valgrind bug spotted by simo
      r8365: fixed a problem on netbsd
      r8367: another configure test needed by netbsd for heimdal
      r8369: update the configure script I use
      r8372: - split out provisioning logic into a separate ejs library
      r8374: avoid running flex and bison unless needed
      r8397: merged an upstream fix for the expression bug tpot found yesterday
      r8399: move the ejs and esp code closer to the directory layout used by the
      r8400: separate out the mpr code, as it is in the upstream appweb sources
      r8401: add a readme pointing to the upstream sources
      r8404: small upstream merges of appweb code
      r8405: update var.c from upstream
      r8406: make sure we give an error in ldbAdd() if any record fails
      r8407: fixed a bug left over from our old socket code.
      r8408: its quite common in our code to free up a connection when we get an
      r8409: fixed another error found on netbsd.
      r8410: converted the newuser script to js
      r8411: we need to use mprVarToNumber() instead of var->integer now, to cope with
      r8412: cope with some lost messages in the ping test (netbsd gets this)
      r8413: mark exprbug() as fixed, and add a new bug
      r8415: get rid of the last 2 runtime perl scripts
      r8416: added the extra_cflags.txt system from smb-build
      r8417: fixed handling of PRINTF_ATTRIBUTE for heimdal portion of build
      r8418: PRINTF_ATTRIBUTE declaration has to come before it is used :-)
      r8419: in order to use our replace.h, heimdal needs stdarg.h
      r8420: slowly getting my way through some more heimdal portability fixes
      r8421: needed for build on solaris10
      r8422: needed on irix 6.4
      r8423: remove the dependency on the full roken lib for asn1_compile
      r8424: bring in some more of heimdals m4 macros, and remove the hard-coding of several test
      r8425: add err() and errx() functions needed by for compile_et on some systems
      r8439: removed an accidential commit
      r8440: - several build farm hosts were failing 'make clean' as the list of
      r8441: don't build tdbtest by default as there are too many systems that
      r8442: remove tdbtest from our build. If you want it, then do
      r8443: added talloc.3 to the tree to try to allow talloc to build on systems without xsltproc
      r8445: if a system doesn't have "nogroup" then try "nobody"
      r8446: if provisioning fails then don't try to run the test suite!
      r8447: fixed make install in the farm
      r8448: - added a test target for tdb
      r8449: - search for lex and yacc properly
      r8450: more configure tests for solaris. It now builds some binaries, but
      r8451: samba4 finally builds on solaris 8 sparc with heimdal and ejs
      r8452: allow for the ugly hack:
      r8453: my solaris10 box doesn't have math.h
      r8456: avoid double inclusion of roken.h (this was breaking the build on irix 6.4)
      r8458: next target is irix - this gets the socket wrapper code building
      r8459: move to the more portable script execution method
      r8460: removed the unused function krb5_locate_kdc(). It causes a build failure on irix.
      r8461: fixed integer64 handling on bit endian platforms. The ejs code used
      r8462: added a test for %lld support to our snprintf() configure test.
      r8463: more irix fixes. This one adds some missing addrinfo functions
      r8464: the last few functions needed by irix 6.4.
      r8465: once we define socklen_t, then tell other include files we have it. This prevents roken
      r8466: it is not portable to assert() a va_list (it breaks on alpha for example)
      r8467: using both math.h and float.h breaks popt on freebsd 5.4
      r8469: the extra pidl args need to be normal args, not after a --, otherwise pidl tries to compile
      r8470: looks like popt portability is going to be a bit of a fight :(
      r8471: --ejs taking an optional arguments interferes with the pidl extra args
      r8480: fixed a typo
      r8481: switched ldb ejs called over to an OO interface, so you do:
      r8482: gnutls_x509_crt_set_subject_key_id is not available in some versions
      r8483: switched our generated ejs rpc code over to the new OO interface. This
      r8484: switched the sys_*() calls to the OO interface
      r8485: - be friendly to shells other than bash
      r8486: switched to a separate connection operation in ldb interface
      r8487: kfixed a typo
      r8488: after discussions with simo, moved to a full OO interface, so you don't need to keep
      r8489: neaten up the object handling
      r8490: make the ldb tests more portable
      r8491: lower the offset limit that filesystems need to support to pass RAW-WRITE to 2^33
      r8494: fixed a bug in RAW-SFILEINFO that caused inconsistent results on different platforms
      r8495: allow for up 10% change in allocated disk space during QFSINFO tests
      r8496: speed up the test_echo.sh test a lot, while still providing good coverage
      r8497: prevent a fd leak in RAW-SEARCH test
      r8498: more test suite speedups. It's down to 5 minutes on my box now
      r8500: greatly reduce the number of build warnings on x86-64 (every NDR macro
      r8517: fixed a crash bug in ldb_dn_compare_base()
      r8518: ensure all constructed NDR packets are null terminated. This is needed
      r8519: better method of ensuring null termination
      r8520: fixed a pile of warnings from the build farm gcc -Wall output on
      r8522: fixed another couple of size_t warnings
      r8523: match a zero message id in ldap replies to the last request sent. Thanks to simo
      r8525: added two more test targets:
      r8527: found an uninitialised variable in 'make valgrindtest'
      r8532: this miight fix cross compilation for reactos
      r8533: improve --help output
      r8535: no longer rely on seekdir working after a closedir. Instead, keep
      r8536: - use smbd pid file to kill at end of selftest
      r8537: cope better with the small file handle limit on some systems in the build farm
      r8539: $LOGNAME is a common varient of $USER on some systems
      r8540: fixed network interface detection on several hosts
      r8541: this might take a few tries ...
      r8557: expose ldb_errstring() in ldb ejs code
      r8558: move newuser logic into the provision.js lib
      r8560: added a newuser page in swat
      r8561: as with the other ejs subsystems, make nss into a object
      r8562: small merge with upstream
      r8565: put the docs menu on the right
      r8567: fixed the build after the com idl changes
      r8568: change missing templates to warnings, so that provisioning with an existing db
      r8569: delete is a js reserved word, so use del instead
      r8570: delete all records in the old db when provisioning, rather than using
      r8574: added server side irpc calls for listing the current sessions
      r8575: the beginnings of a smbstatus command
      r8576: install scripts from scripting/bin/
      r8577: added management calls to list current tree connects
      r8579: recognise the name 'localhost' as This solves a problem
      r8580: try to fix the build on stratus
      r8581: fixed handling of 64 bit integers in rpc calls from ejs
      r8582: added sys.httptime() call, to display a NTTIME as a http time string
      r8583: nicer smbstatus output
      r8584: added --nbt option to smbstatus for nbt server statistics
      r8586: register the kdc with irpc so we can tell that it is up
      r8587: - fixed ref allocation in irpc replies
      r8588: register wins server with irpc
      r8589: - support --version option to smbstatus
      r8590: added server status utility functions for checking on the status of a task via irpc
      r8591: - added a simple 2 level menu structure to swat. Deryck, I know this
      r8593: register the rpc server with irpc
      r8594: more placeholder pages for server status
      r8598: move provisioning to /install/ directory from /esptest/
      r8599: null terminate the argv list in string C functions
      r8600: fixed null termination on some error messages in ldb
      r8601: fixed null termination in ltdb connect error
      r8602: allow options in ldb connect calls
      r8603: we have to use the same db name as the rest of smbd uses so the ldb connect
      r8624: removed valgrind comment on tdb that no longer applies
      r8625: move the ldb_wrap logic into the ldb code. This logic is meant to
      r8626: fixed a typo
      r8627: fixed a big memory leak in the spnego gensec code in session
      r8628: add retries to the normal paths of nbt name resolution. UDP broadcasts are not 100% reliable :)
      r8629: - moved the getDomainList() call out of smbcalls_auth.c and into libjs/auth.js
      r8630: give a much nicer backtrace on assert() failures in ejs
      r8631: give an error on incorrect argument count
      r8632: use <pre> around displayed exceptions
      r8633: check for valid input to ejs_userAuth()
      r8634: we are still getting occasional test failures due to disk space
      r8635: make object inheritance with the builtin objects easy by allowing
      r8636: fixed the ejs ldb test to work with the new ldb.search() syntax, and
      r8637: added sys.stat() and sys.lstat() calls
      r8638: continue the trend of maknig our C functions true ejs objects by making the string functions
      r8639: moved loadparm calls into an ejs object
      r8640: continue the trend by moving the ejs random calls into an object
      r8642: - fixed install of new swat files
      r8643: - make lp_configfile() work again
      r8645: updated the ldb esp test for the new ldb ejs syntax
      r8646: update install howto for new provision code
      r8648: automatically redirect to provisioning if not yet provisioned when the
      r8649: added smbscript to the list of binaries to install
      r8651: fixed a boolean expression bug (submitted upstream)
      r8652: added a test for the boolean bug just fixed
      r8658: move use of lp_security() and lp_nt_status_support() into the connection structure.
      r8659: return ldif formatted attributes in the ejs ldb search call, so sids show up as strings
      r8661: added strstr() ejs function in string lib
      r8665: fixed a segv at high debug level in the web server
      r8668: fixed a segv during upgrade of a very old ldb.
      r8671: use much shorter names for the selftest directory and socket wrapper
      r8676: attribute lists in ldb searches must be NULL terminated
      r8678: setup for gdb backtrace in 'make test'
      r8679: only call fault setup once (thanks to andrew for pointing this out)
      r8680: try harder to find the binary for gdb in the backtrace
      r8681: if SOCKET_WRAPPER_DIR starts with ./ then strip it internally. This saves us 2 more chars
      r8684: this should fix the panic on x86_64, and possibly alpha
      r8685: an alpha in the build farm is dying with a floating point
      r8696: fixed ejs to more strictly follow the va_list rules. Might fix that
      r8698: attempt to cope with lack of strtoull() on HPUX
      r8702: fixed ntlm_auth build. Andrew, can you check I got this right?
      r8703: cope with null string in interpret_addr()
      r8707: this typedef isn't used, and breaks the build on HPUX, so I've removed it
      r8708: fixed an assert that abartlet found
      r8709: fixed the assumption in RAW-SEARCH that directories are returned in sorted order
      r8710: another attempt at fixing HPUX
      r8711: add m4 for finding return type for signal handlers
      r8712: cleanup old search test code to use talloc
      r8715: - revert the %PRIi64 stuff. Tim, we explicitly check for %llu support
      r8718: try to improve the 2 level menu a bit.
      r8720: split form object out to separate include file, and make it a real
      r8722: make the menu handling considerably saner and easier to follow. The whole
      r8723: fix esptest menu
      r8724: some boilerplate installation text
      r8725: redirect to the base install page not the provisioning page on first
      r8726: increase default session timeout to 15 minutes to be less painful for developers
      r8729: make the RAW-SEARCH test more robust to servers with hash based directory ordering
      r8734: fixed the wins server for the new ldb DN restrictions.
      r8735: added NBT and WINS testing to 'make test' so we will know if it breaks again
      r8736: this fixes the ldb speed (raises BENCH-WINS from 15 ops/sec to over 4000)
      r8742: fixed handling of zero length names in mprObject()
      r8743: automatically find the basedn in ldap.js
      r8745: make ldap.js cleanup after itself
      r8746: replace opendir/readdir/telldir/seekdir/closedir on systems where they
      r8747: remove unused code
      r8748: fixed build. Andrew, please check.
      r8749: for completeness, add rewinddir() and dirfd()
      r8750: drat, on some systems dirfd() is a macro
      r8753: fixed directory handling on systems that do not return . and .. as the
      r8773: fixed another dependency on directory ordering in RAW-SEARCH
      r8774: make some gensec errors a bit less verbose
      r8776: fixed SMB connections for IP addresses, even when name resolve order
      r8777: make sure that the tree connect is a child of the return cli state structure.
      r8778: index on nCName in sam.ldb. This was costing us about 75% of the time in each smb login
      r8780: make numops controllable in BASE-DISCONNECT
      r8781: - fixed a memory leak in BASE-SECLEAK (ironic, isn't it). There is
      r8817: - fixed return result from LOCAL-MESSAGING test
      r8818: - fix LOCAL-IRPC test for new ref-alloc semantics of irpc
      r8819: fixed a memory leak in irpc_call()
      r8821: continue the trend to move to a more OO style of interface for our js
      r8822: fixed number of arguments in samr lib
      r8852: fixed the build
      r8853: fixed path to smb.conf
      r8857: please don't get fancy with embedded boolean statements in js
      r8858: just to make sure it works on the main trees, deliberately break the samba4 build
      r8859: having been successfully mailbombed by build at samba.org, fix the build again
      r8879: more expansion of the irpc test to try to uncover the ia64 mystery
      r8882: - enable the domain master
      r8884: valgrind error logs only matter if non-zero in size
      r8885: fixed shell syntax
      r8887: fixed the irpc error that caused ia64 to fail the LOCAL-IRPC test
      r8893: fixed the valgrind error on stream termination due to prototol errors
      r8895: work around broken glibc strrchr function that gives valgrind errors on some boxes
      r8905: don't try to do DNS lookups on interface names with wildcards
      r8923: put the IRPC default timeout back to 10s (I didn't mean to commit this, it was
      r9002: a workaround for the current build problems. I hope this will allow
      r9003: add testing for non-empty directory delete on close
      r9006: expanded RAW-UNLINK test to test directory delete on close with non-empty directory,
      r9007: fixed error code for setting delete on close on a non-empty directory
      r9008: check the return status for the directory handle creations
      r9009: directory not empty is not an error on failure to delete directory in delete on close
      r9010: forgot to commit the change to create_directory_handle()
      r9042: fixed the valgrind error in the RAW-SFILEINFO test
      r9043: fixed return code in RAW-STREAMS test
      r9044: added a comment so you can see what this test does :-)
      r9045: be friendly towards servers that don't understand the 'share' form for tconx, instead of the \\server\share
      r9046: fixed display of privileges in RAW-ACLS test
      r9047: show the order of the server/correct output to make it easier to demo this test ;)
      r9048: added a new DOS error code (thanks to EMC)
      r9054: removed incorrect paranoia check on opening streams (this caused RAW-STREAMS to fail)
      r9059: add a basic credentials object for mimir
      r9074: cope with a null ntvfs context in disconnect, so the destructor that
      r9082: added the ECMA functions encodeURIComponent() and
      r9119: added a lp.categories() call in the loadparm js object, to allow
      r9120: added the BASE-DISCONNECT test to our set of standard tests
      r9121: use the older non-passthru level for setting delete on close
      r9122: cope with trailing garbage in POST contents in the web server
      r9131: started adding the server side code for "AJAJ" (asynchronous javascript and javascript)
      r9132: 'pointer' is better for typedef than 'C pointer'
      r9133: a huge import of the qooxdoo infrastructure. I decided to import all the widgets to make experimenting easy during development. We can trim this back later to only the pieces we use
      r9134: added the client side js library code for handling remote 'AJAJ' calls
      r9135: added a sample page that demonstrates using AJAJ to make remote calls
      r9136: made the 'AJAJ' code portable to IE and Opera
      r9137: fixed installswat to handle the deep directory structure of qooxdoo
      r9139: cleanup the layout a bit
      r9140: fixed a typo
      r9146: - enable winreg pipe from ejs
      r9153: added a sample program for enumerating winreg via js
      r9159: abstract the winreg js functions into a nice library interface
      r9160: use the winreg lib in the test program
      r9171: - support putting a credentials object in a rpc pipe object to allow authentication
      r9172: - fixed a nasty bug in the 'deep copy' mpr code that caused variables
      r9173: catch ep->local being NULL
      r9174: ejs does not include the special variable 'length' in for loops over objects,
      r9175: simplify the example code a bit
      r9176: added a much neater method of calling printf on the server from client side js. Just
      r9177: setup a credentials object in authinfo on login
      r9178: remove the old server printf code
      r9179: cope with simultaneous web requests using the same session variable
      r9183: more workarounds for the global variables in ejs. I will discuss getting rid of these
      r9209: - fixed the ldb registry backend to work with the new provision ldif
      r9210: fixed support for a credentials element in a rpc object in ejs to not
      r9211: don't try to encode functions in the AJAJ object encoder
      r9212: the beginnings of a registry editor in SWAT, using client side javascript and AJAJ
      r9213: some improvements to the registry editor code
      r9218: make the winreg library code handle arbitrary paths more efficiently
      r9219: by default be a DC, as the provisioning scripts assume that in other parts
      r9226: make sure we catch rpc faults in the ejs rpc wrappers
      r9227: cleanup and simplify the AJAJ code
      r9228: cleanup and simplify the AJAJ code - part 2
      r9298: pull non-array elements before array elements to overcome the problem
      r9299: fixed the evaluation of pointer expressions that evaluate to boolean
      r9300: cope with zero length in ndr_pull_charset()
      r9319: updated newuser script for new OO style for nss object
      r9335: only copy the in side of an array to the out side of an array when the
      r9337: defer the checking of array sizes until the end of the
      r9338: fixed the winreg IDL to be correct for the EnumKey and EnumValue
      r9339: treat arrays of uint8 values as a special DATA_BLOB type in the ejs
      r9340: print the [in] contents when debugging even if the marshalling
      r9341: updated the winreg test program to take advantage of the new EnumValue
      r9342: removed extra libinclude of base.js
      r9344: started adding calls for manipulation of data blobs in ejs
      r9345: used the data blob functions in the echo.js test code
      r9346: allow test_ldap.sh to be called when $CONFFILE is not set
      r9347: this array bounds checking is harder than it looks ...
      r9355: return the EnumKey and EnumValue list we have so far when we get a rpc fault
      r9356: a better way of coping with NULL arrays in the array bounds checking. This copes with the
      r9358: - opening a winreg key of "" is the same as re-opening the hive. The
      r9359: don't check for size overflow if value is NULL
      r9360: fixed the IDL for winreg_SetValue()
      r9369: an attempt to fix the build on HPUX. This is based on work by Don
      r9370: need a configure test for setresuid()
      r9374: HPUX is also missing setegid()
      r9377: made winreg a user tool (I find it quite useful). I expect it to get the ability
      r9378: initialise the last_mod attribute in the ldb backend. Better to return
      r9379: the valgrind test box is now just going past the max 30 minute smbd
      r9383: remove unused file
      r9384: added a debug to show the dcerpc fault code for any calls we fault
      r9386: OpenKey with a bad name must return WERR_BADFILE (w2k3 regedit relies on this)
      r9387: regedit uses "New Key #nn" for newly created keys, which conflicts with the stricter
      r9388: we should fault bad handles given to winreg_GetVersion()
      r9389: handle errors reading from files in web server
      r9390: fixed mixing of code and data
      r9409: fix a problem that volker noticed with web page timeouts causing smbd
      r9410: - a winreg_CloseKey() should return a zero key on success (zeroing the
      r9434: moved the registry editor into a common js library. Deryck, does this
      r9464: fixed a problem with child pointers copied into non-allocated mpr variables. We
      r9465: handle encoding and decoding of pointers, representing them as a
      r9466: add display of values as well as keys in the registry editor
      r9470: non-working attempt to add a little table for values to the reg editor
      r9491: fixed up a few scripts that need to be updated for the new GetOptions syntax. Mimir, its
      r9492: it is more usual to return 'undefined' instead of 'false' on a call failing (unless the
      r9493: our test scripts need to use testok at the end or the errors don't annumulate between scripts
      r9495: - added an enum for winreg key types, making it easier to read the debug logs
      r9496: added a regToVar() function that converts a registry blob variable to a ejs variable.
      r9497: - converted the winreg library to a more OO style of interface
      r9498: converted the SWAT regedit backend code to use the OO calls
      r9499: added error checking to the userAuth() call. SWAT is still failing, but at least it now
      r9500: userAuth() takes a creds object, not a general object now ...
      r9501: fixed the SWAT login page for the changes to the userAuth() function that Mimir made
      r9503: removed duplicate REG_* defines from registry.h now that they are
      r9504: use some low level ejs hackery to give much better exception error messages in both
      r9566: fix an uninitialised variable
      r9567: fixed the winreg IDL for CreateKey, including a security
      r9568: updated the winreg js library for CreateKey, and add a --createkey
      r9569: fixed an uninitialised variable
      r9573: fixed a comment
      r9574: - made the sec_info fields in lsa and samr use a IDL bitmap
      r9575: more automatic cleanup code in winreg test
      r9578: fixed an endless loop and memory leak in the QueryMultipleValues test
      r9580: put the libinclude() after the GetOptions so the smb.conf is loaded to
      r9599: fix formatting of echo output
      r9600: fixed the intermittent failures we were getting with ejs in the build
      r9603: allow the LOCAL-PAC test to use keys and pac data from the command line
      r9608: don't validate the hard-coded sid for an external pac file
      r9610: use a list of allowable extensions for unauthenticated access rather than
      r9643: fixed samsync code for the new dn explode semantics
      r9644: add LOCAL-PAC to the list of 'make test' tests
      r9645: fixed the ejs GetOptions() call to look at the first option passed (this is what broke --help)
      r9646: fixed error message
      r9647: saved_pac is binary data, so prevent any possible portability problems with signed chars
      r9648: this fixes the krb5 based login with the pac. The key to this whole saga was
      r9649: missed a spot .....
      r9671: patch from Kai Blin fixing a bug in our base64 encoder
      r9674:  r9678 at blu:  tridge | 2005-08-27 16:32:30 +1000
      r9702:  r9680 at blu:  tridge | 2005-08-27 18:45:08 +1000
      r9703:  r9683 at blu:  tridge | 2005-08-27 18:56:05 +1000
      r9704:  r9684 at blu:  tridge | 2005-08-27 19:38:31 +1000
      r9705:  r9685 at blu:  tridge | 2005-08-27 19:43:44 +1000
      r9706:  r11042 at blu:  tridge | 2005-08-28 12:40:09 +1000
      r9707:  r11080 at blu:  tridge | 2005-08-28 12:41:12 +1000
      r9769:  r11592 at blu:  tridge | 2005-08-30 10:40:19 +1000
      r9773:  r11599 at blu:  tridge | 2005-08-30 11:55:57 +1000
      r9774:  r11605 at blu:  tridge | 2005-08-30 12:02:19 +1000
      r9775:  r11607 at blu:  tridge | 2005-08-30 12:16:19 +1000
      r9776:  r11609 at blu:  tridge | 2005-08-30 12:20:11 +1000
      r9791:  r11611 at blu:  tridge | 2005-08-30 21:48:22 +1000
      r9794:  r11627 at blu:  tridge | 2005-08-30 22:55:27 +1000
      r10192:  r11631 at blu:  tridge | 2005-08-30 23:06:37 +1000
      r10193:  r11632 at blu:  tridge | 2005-08-30 23:08:27 +1000
      r10199: added a LOCAL-RESOLVE torture test, useful for measuring the overhead of
      r10200: added a composite_trigger_done() call that allows a composite function
      r10213: fixed a memory leak in the ldap client and server code spotted by Karl
      r10216: Chris Samuel pointed out that we should note the need to run provision
      r10252: a recent checkin from simo changed the handling of BASE and SUBTREE
      r10253: a fairly large tdb cleanup and re-organise. Nearly all of this change
      r10368: when building the epm tower, don't put host names in the ip address
      r10370: only validate the re-generated binding string for hostnames with IPs
      r10384: add _GNU_SOURCE in tdb configure
      r10385: removed obsolete comment
      r10403: fixed the basedn for testing, and add a debug showing the size of the test in ldbtest
      r10404: make sure we use the right smb.conf in the ldap testing
      r10405: added transactions into tdb, and hook them into ldb. See my
      r10406: added --nosync option to all ldb tools, so that you can control if
      r10407: the schannel database does not need to be synchronous (and thus crash
      r10408: now that we are using tdb transactions we don't need any additional
      r10409: allow smb.conf override of ldb synchronous transactions with "ldb:nosync = yes/no"
      r10410: blindly update the scons file for tdb. I'm not sure how this works,
      r10411: we don't need the 10 times retry on rid allocation now, as
      r10421: following on discussions with simo, I have worked out a way of
      r10422: ldb_search() can now use tdb_traverse_read() to ensure it can run in
      r10423: minor changes to the ldb test suite to allow it to work correctly with
      r10424: for caller convenience, automatically turn a tdb_traverse() into a
      r10459: fixed some portability problems
      r10460: fixed portability of transaction code to systems with integer
      r10461: fixed tdb build on systems without stdint.h
      r10462: cope better with compilers that don't put the object file in the same directory
      r10463: consider it an error if tdbtorture produces any log messages
      r10465: separate out a read_only db from a read-only traversal to ensure we
      r10466: work around missing pread/pwrite declaration on openbsd
      r10467: aix doesn't like zero length malloc :(
      r10468: - terminate tdbtorture quickly when an error is detected
      r10469: use the older style of structure initialisation for tdb to make it
      r10470: solaris8 has a problem with tdbtorture with 3 processes. To see if
      r10471: stratos doesn't have getpagesize(), so guess 8k on systems that don't
      r10475: make sure we report failures in tdbtorture (ie. get the exit status right)
      r10483: fixed some uninitialised variables warnings
      r10484: try to fix the pread/pwrite declaration problems
      r10485: run autoheader before autoconf
      r10489: added the ability for irpc server to defer replies instead of replying
      r10490: - allow deferred irpc replies to set the status
      r10492: work around a bug in solaris which cases lock upgrades to fail with
      r10493: we need sys/select.h to enable select() in the solaris workaround
      r10494: - don't generate a tdb log message for any type of failed lock probe
      r10495: older redhat boxes need sys/time.h for select()
      r10496: - added configure test for sys/time.h
      r10522: finally got the locking working on solaris10. This adds a read lock on
      r10523: fixed timegm() to not depend on get_time_zone(), so it works in lib/replace/
      r10524: SAFE_FREE() in tdb does not need the discard_const_p()
      r10525: change from AC_CHECK_TYPES() to AC_CHECK_TYPE() for intptr_t, so the
      r10526: BASEDIR must be set or we end up installing most of the binaries into lib/
      r10527: don't attempt self gdb attach if running under valgrind. This was
      r10535: fixed the pidfile code (it didn't survive the recent pstring changes)
      r10603: neaten up the ldb module initialisation code
      r10641: fixed the error handling on search errors in the ildap backend
      r10643: increase smbd max runtime when using valgrind
      r10665: fixed some crash errors and an error encoding AND and OR operations in the expression parsing code
      r10666: - reverse the ildap ldb backend so tree based searches go through
      r10667: cope with a NULL tree for base searches in ldb_search()
      r10668: added a ildap_search_bytree() function
      r10669: reverted jelmers commit 10663 as it was causing lots of panics in 'make test'
      r10682: force the free of the fd event first when a stream terminates. That ensures
      r10699: fixed the dcerpc code so that you can shutdown the pipe safely from
      r10700: removed volkers temporary timer hack now that freeing the netlogon
      r10704: don't try to free the netlogon pipe twice
      r10705: fixed a crash bug in the getdcname irpc server for winbind. The
      r10706: split out the irpc server functions in the NBT server, so the mainline
      r10708: a bit more error checking in the idap ldb backend
      r10709: fixed a crash bug rather similar to the one volker found in the dcerpc
      r10726: fix to talloc_parent() from Michael O'Brien
      r10752: make sure we set the exist status correctly for the tdb tests
      r10753: don't require every ldb module to implement both a search_bytree() and
      r10754: fixed a valgrind error for unmatched SMB replies
      r10755: fixed the construction of expressions from subtrees for SUBSTRING searches
      r10756: another fix for the construction of expressions from subtrees for
      r10757: remove the proxy module (it is not complete yet)
      r10759: make modules easier to write by allowing modules to only implement the
      r10790: allow updating of existing ldb opaque values (thanks to abartlet for
      r10856: we need aclocal.m4 in ldb for standalone configure
      r10889: make searches for dn's less of a special case, and much faster when
      r10891: I noticed that the secrets.db was not being backed up on my system due
      r10892: - improved the handling of the special distinguishedName attribute
      r10893: add configure test for utime (needed for the previous utime patch)
      r10894: make the handling of dn/distinguishedName much closer to real
      r10895: allow 'dn=string' searches to work again. Windows doesn't allow these,
      r10896: added a strcasestr() replacement function
      r10897: added in a hackish ldb proxy module that I am using to experiment with
      r10912: added a test for supporting batch oplock upgrades
      r10913: This patch isn't as big as it looks ...
      r10914: moved the ldap time string functions into ldb so they can be used by
      r10915: added a standard attribute handler for a ldap UTC time string
      r10916: - finished the 'operational' ldb module
      r10917: copy the element name in a ldb_msg_rename_attr() and ldb_msg_copy_attr() to ensure
      r10918: - fixed standalone ldb build
      r10919: fixed the ldb test for the new operational module
      r10920: in case of a accept() failure just failing and trying again is no
      r10954: added support for canonicalName in the operational module, using the
      r10955: finally worked out why our computer accounts were being identified as users in mmc.
      r10957: make a comment clearer
      r10990: the beginnings of a program designed to work out the minimal schema
      r11109: fixed the error code return from most ldb functions (the change to use
      r11110: make ldb_oom() also set the ldb error string
      r11111: fixed a talloc error in the dn shortcut code
      r11112: listen on the global catalog ldap server port as well if we are a
      r11113: fixed two small bugs in newuser
      r11114: - fixed error handling on bad bind in ildap client
      r11285: fixed winreg.js for the recent change to winreg.idl
      r11353: a bit of an improvement to the ldb_tdb error handling
      r11354: - generate a ejs error on bad ldif to add/modify
      r11363: fixed a problem with provisioning when hklm already exists (the
      r11364: added a ldb_attr_dn() function for testing if an attribute name is
      r11365: fixed a comment typo
      r11403: improved the error handling in the ildap ldb backend. Now passes
      r11408: fixed the mapping of ldb errors to ldap errors in the ldap server
      r11436: this is work in progress for generating the schema we need for our ADS
      r11447: fixed a problem with the ldap server spinning using CPU time
      r11456: fixed a ejs parser bug for delete() statements
      r11457: fixed the winreg IDL and torture code so key and value enumerations
      r11458: fixed our ejs smbscript interfaces to use arrays where appropriate. In
      r11459: display a schemaIDGUID as a guid in ldif, making it easier to work
      r11463: more progress on the schema generator. mmc now accepts all parts
      r11467: yay! mmc now accepts our schema. The trick was to get all the OID
      r11472: use talloc_get_type() to try to catch an intermittent failure I'm seeing in the ldb winreg backend
      r11474: - enable ldb transactions from ejs
      r11475: removed a extraneous ldb_delete() call (i had it there for debugging)
      r11476: finally fixed the intermittent registry server bug! This has been
      r11496: add a minimal ads-compatible schema into our sam.ldb setup. This is
      r11498: added an optional extra argument to split to limit the number of
      r11499: added a minimal set of display specifiers for mmc to use to display
      r11500: fixed a bug in the variable substition code using the new limit argument to split()
      r11501: change provision code to use the new display specifiers
      r11592: fixed a crash bug from the ldb_result changes (res was being used after being freed)
      r11593: added a data_blob_realloc() function
      r11594: ensure ldb_search() sets *res to NULL on failure (some of the updated
      r11595: added a helper layer to parse streams into individual packets. This is
      r11596: switched the libcli/raw/ code over to using the lib/stream/ generic
      r11598: fixed strhaslower() and strhasupper() to not falsely recognise
      r11602: added packet_set_serialise() to allow the generic packet layer to
      r11603: converted the smb server to use the new generic packet code
      r11604: converted the kdc code to use the new packet lib. Andrew, I'm not sure
      r11605: added handling of the send queue to the generic packet handling code
      r11606: use the generic packet send code in libcli/raw/
      r11607: switched the smb server to use the generic packet send code
      r11608: switched the kdc to use the generic packet send code
      r11609: fixed handling of one way requests with new send code
      r11618: added a generic '32 bit length prefix' full packet helper to the packet code
      r11619: use the 32 bit length helper in the kdc.
      r11620: switch the ldap client code over to using the generic packet code
      r11621: some minor fixes from comments by metze
      r11622: convert the ldap server to the generic packet code
      r11623: convert the dcerpc socket layer to the generic packet code
      r11627: give the caller much more control over the stream to packet process,
      r11628: fixed a valgrind error in the rpc echo test
      r11629: fixed a bug found with the socket:testnonblock code. With randomised
      r11630: another fix for over-reading in the packet code. This time get the
      r11631: fixed a signed/unsigned warning
      r11632: removed 2 unused functions
      r11636: a bit neater solution to the nt_cancel problem
      r11638: fixed handling of null volume name in RAW-QFSINFO test
      r11639: fixed some create_time tests that should be change_time tests
      r11659: allow the max runtime for smbtorture and smbd to be controlled on a
      r11660: - the libcli/raw/ lib no longer uses the SMBCLI_REQUEST_SEND state, or
      r11662: the beginnings of a SMB2 client library. Very hackish, meant for experimentation
      r11663: start of a SMB2 torture test. Just does a negprot and prints some fields for now.
      r11664: forgot to commit the structs.h change
      r11665: started to put some meat on the structure used for the SMB2 library
      r11666: filled in the basic session setup. Vista happily accepts the first
      r11668: yay! we get a successful session setup with SMB2, and get back a 64bit uid
      r11674: SMB2 tree connect now works. We do 2 session setups and 2 tree
      r11679: opening/creating files in SMB2 now works. Lots of unknown parameters
      r11680: added smb2_close(). This also demonstrates that file handles are 16
      r11681: filled in a few more smb2_create() fields
      r11682: filled in access_mask in tcon reply
      r11683: fixed create call
      r11687: filled in 3 more fields in the close reply
      r11691: added reply buffer code checks and oplock flags for create request/reply
      r11692: added a full composite (async) spnego session setup for SMB2. This
      r11693: added a full async composite function for SMB2 that does:
      r11694: fixed 2 valgrind errors
      r11695: added SMB2-SCAN torture test for scanning for active SMB2 opcodes
      r11696: added a few more opcode names
      r11697: - added a generic SMB2 getinfo call
      r11698: added some more level names
      r11699: use create_complex_file() to setup a file with a wide range of
      r11700: added structure definitions for many of the getinfo structures
      r11710: added function iface_same_net()
      r11711: fixed the nbt server to use the right interface for outgoing requests
      r11712: avoid changing the fde flags unless really needed
      r11713: separate out the setting of the fde in the packet context from the
      r11714: put in a workaround for a winbind problem volker asked me about. The
      r11715: added SMB2 read and write requests
      r11716: added a read/write test
      r11730: added parsing and tests for a bunch more SMB2 getinfo levels
      r11731: fixed typo noticed by metze
      r11735: fixed the ALL_EAS smb2 level parsing
      r11736: display EAs and streams in smb2 torture tests
      r11737: use _smb_setlen2() to allow for 24 bit lengths in SMB2 packets
      r11738: test larger read/write calls. If you run smbtorture with -X (to enable
      r11751: fixed the req->out.size calculation (it needs to be the complete
      r11752: setup the dynamic pointer for incoming packets too
      r11753: change the getinfo scanner to scan with both a file and a directory, and to use files
      r11754: make the SMB2 blob push routines take offsets, so they fit better with
      r11755: added names for all of the SMB2 qfs info levels (they all map exactly
      r11756: split out the parsers for the pass-through levels of QFSINFO and
      r11758: unified the parse code for the SMB and SMB2 qfsinfo and qfileinfo calls
      r11771: - split out the setinfo blob construction in the libcli/raw code
      r11772: - setfileinfo needs a smb2_handle for SMB2 support
      r11773: added a SMB2-SETINFO test suite. This tests the following levels:
      r11775: added support for creating files on SMB2 with initial EA lists and an ACL
      r11776: no need to call out to SMB to setup test files for SMB2 any more
      r11777: display the security_descriptor in torture_smb2_all_info()
      r11780: it turns out that the MxAc tag isn't a security descriptor, its a
      r11791: simplify the SMB2 connect code following some suggestions from volker
      r11794: - fixed a valgrind error in libnet, caused by using a stack variable
      r11795: used a couple more of volkers composite helper functions. They
      r11800: - filled in unknown fields in SMB2 all_info level
      r11801: - added basic SMB2 find support
      r11816: this fixes some of the problems with the recent async rpc changes and
      r11817: fixed the problem with the RPC join tests. The problem was that
      r11818: - changed the option torture:echo_TestSleep=yes/no to the more generic
      r11819: simplified the async rpc bind code a little.
      r11820: fixed some problems with the socket socket.c code.
      r11821: got rid of two more unnecessary variables and made the variable names
      r11822: reworked the socket_connect_multi() code so it is built on top of
      r11823: make the socket_connect_send() context a child of the local state
      r11824: fixed a valgrind error in the dcerpc_smb code
      r11838: lower the default numops in smbtorture. When people want lots of
      r11843: fixed a valgrind error in the RPC-SAMLOGON test
      r11848: separate out the info levels common to SMB and SMB2 for raw_search
      r11849: added mapping between SMB2 and SMB find/search levels
      r11850: added a test suite for the SMB2 find calls
      r11870: fixed the problem volker reported with the RPX-XPLOGIN test. The
      r11871: fixed a problem volker found with the async bind code, and a callback
      r11872: another attempt at fixing the data_blob_free in async dcerpc bind,
      r11888: - added SMB2 trans support
      r11889: added support for dcerpc ncacn_np over SMB2. You use it by giving the
      r11890: added tests for the last few fields in SMB2 find requests
      r11891: - added pipe_flags field in smb2_trans
      r11892: forgot to commit these changes
      r11893: fixed a dependency problem
      r11894: fixed SMB2 trans code for pipe_flags
      r11901: added smb2_logoff() support (metze correctly guessed opcode 2 was
      r11902: added smb2_logoff() testing
      r11903: added smb2_tdis() (opcode 4)
      r11904: added smb2_tdis() testing
      r11905: added SMB2_FLUSH as opcode 7. Thanks to metze and volker for help
      r11906: opcode 13 appears to be keepalive. Metze guessed this one :-)
      r11907: added testing of SMB2 keepalive
      r11949: make sure we ask gensec to give us a session key
      r11952: added a rootdse module. This will replace the existing rootdse code in
      r11953: enabled the rootdse module in the ldb modules code
      r11954: add the static rootdse content to the sam ldb,and enable the rootdse
      r11955: got rid of the old rootDSE code in the ldap server.
      r11956: removed the old rootdse.ldif, and the provision.js code that uses it
      r11957: fixed up code meant for debugging
      r11958: - fixed memory leaks in the ldb_result handling in ldb operations
      r11969: got rid of the very annoying 'failed to open /secrets.tdb'
      r11970: fixed a valgrind error. The auth info from the alter_context reply was
      r11980: ronnie worked out that opcode 0xb in SMB2 is in fact ioctl, and that
      r11981: we should allocate request specific memory in ldb modules off the
      r11982: ensure the fde event gets freed before the socket itself, as otherwise
      r11983: make talloc LGPL. This makes more sense given that ldb depends on
      r11984: LGPL on header and testsuite as well
      r12004: added some SEC_ADS_* security flags. Needed for a SDDL parser.
      r12005: added a SDDL (Security Descriptor Description Language) parser. Not
      r12006: don't require callers to fill in pad bytes in SMB2 calls
      r12007: fixed a valgrind error in the SMB2-SETINFO test
      r12008: added a simple LOCAL-SDDL test suite. Only one example so far. Will be
      r12009: made the LOCAL-SDDL test less verbose by default, and add it to the
      r12010: - added support for domain specific SID codes in SDDL strings
      r12011: fixed another 'mixed code and declarations' bug
      r12016: fixed a valgrind error
      r12057: fixed authentication in ldb client tools
      r12063: fixed the krb5 client code to handle ICMP port unreachable errors, and
      r12064: pass back the socket level error correctly (so we get
      r12082: fixed a valgrind error found by kukks in the transs server handling
      r12084: added a comment on what is appropriate for parameter_control
      r12085: wkssvc.idl updated based on work by Ronnie Sahlberg to bring the
      r12086: reverted the utf8string change in xattr.idl. See the discussion on
      r12116: got rid of composite_trigger_done() and composite_trigger_error(), and
      r12136: fixed a bug in NetWkstaTransportEnum() from the recent merge with ethereal idl
      r12137: added sddl_encode(), the reverse of the sddl_decode() function added a
      r12138: added use of 2 letter SID codes in sddl_encode_sid()
      r12139: - fixed up the ace object flags checking
      r12156: added samdb_domain_sid(), a routine to get the domain sid by looking
      r12157: ldb_dump_results() is useful to call from within gdb, so you can see a
      r12158: added ldif handlers for the ntSecurityDescriptor attribute, so when
      r12322: automatically use cmdline_credentials if the ldb object doesn't have
      r12323: fixeed the use of options.get_credentials() for ldb
      r12324: use command line credentials if available in ldap.js
      r12363: minor fixes for win2000 join/login
      r12531: 'make quicktest' was taking 15 minutes on my system due to failing DNS
      r12532: log a message giving the IPs of non-partner clients trying WINS replication
      r12535: - simplify string list handling in a couple of places using str_list_add()
      r12536: kerberos is on port 88, not port 389
      r12537: finally found the difference between us and w2k3 that caused w2k
      r12549: fixed the problem with serialisation and the RAW-OPLOCK test
      r12550: - fixed 'make pch' to always rebuild the gch file. The dependencies
      r12551: fixed oplock serialisation problem in gentest as well
      r12554: get rid of the pesky NTLMSSP warnings about being called after processing is finished
      r12556: added 'make gdbtest'
      r12626: some systems need time.h here (for asctime())
      r12633: expose talloc_vasprintf_append()
      r12634: make the [validate] binding string switch also check to see if the
      r12635: use the new [validate] value() checking to fix the string types for
      r12636: fixed some torture code for the changed lsa string types
      r12637: test CLDAP with both NULL and non-NULL user
      r12783: add a comment about matching more than 1 handler per message (andrew
      r12785: make the iface_*() functions return strings which do not get
      r12811: valgrind on RPC-ECHO with validate is extremely slow - speed it up if
      r12812: speed up RPC-ECHO with validate some more, and re-enable it under
      r12947: added some error checking that I stumbled across while testing domain migration
      r13069: adding a hack on instructions from andrew
      r13075: tell the admin what needs to be done to finish the install
      r13076: catch a easy to make error during vampire install
      r13078: fixed the ldb comparison function for objectSids
      r13096: explain what YOURDOM and YOUR.REALM are (in case people confuse the
      r13097: move the creation of the default sam name -> unix name mappings into
      r13098: make check for workgroup and realm case insensitive
      r13099: allow shares that point to /
      r13100: removed unused menu item
      r13102: fixed the vampire code to correctly setup foreign sids and default
      r13268: fixed typo noticed by Aaron Seigo
      r13276: start to work towards the BASE-DELETE test passing. This change
      r13277: print a useful error message when test 17 fails
      r13278: remove a silly strcasecmp() replacement
      r13283: added two optimisations to the tdb transactions code. The first is to
      r13358: removed some unused functions and make some local functions static
      r13401: remove the rename of the snprintf functions that simo accidentially
      r13504: add back in a comment noting fred as the contributor of the address
      r13505: allow servers to bind to non-broadcast interfaces. Servers now
      r13699: restore the system/select.h include, as otherwise we don't detect
      r13700: added highestCommittedUSN, uSNChanged and uSNCreated support, using
      r13701: removed some unnecessary casts
      r13707: expanded the delete on close test some more, and make it easier to
      r13738: added support for a "pointer" type in pidl. This will be used in the
      r13739: a fairly major overhaul of the opendb code to allow the BASE-DELETE
      r13740: the BASE-DELETE test now passes, and is a quick test
      r13741: make the pointer type in pidl handle any size pointer, just in case we
      r13745: remove some code I was experimenting with and forgot was there when I
      r13803: fixed