[Pkg-samba-maint] [samba] annotated tag upstream/4.5.2+dfsg created (now 8227669)
Mathieu Parent
sathieu at moszumanska.debian.org
Thu Dec 8 08:56:50 UTC 2016
This is an automated email from the git hooks/post-receive script.
sathieu pushed a change to annotated tag upstream/4.5.2+dfsg
in repository samba.
at 8227669 (tag)
tagging fb5e626875ad09aa809417b7c753d21a0da3b766 (commit)
replaces talloc-2.1.6
tagged by Mathieu Parent
on Thu Dec 8 09:07:13 2016 +0100
- Log -----------------------------------------------------------------
Upstream version 4.5.2+dfsg
Abhidnya Joshi (1):
Efficient xattr handling for VxFS Signed-off-by: Abhidnya Joshi <Abhidnya.Joshi at veritas.com>
Alexander Bokovoy (4):
s4-libnet: only build python-dckeytab module for Heimdal in AD DC mode
s3-smbd: Support systemd 230
libnet_join: use sitename if it was set by pre-join detection
Wrap krb5_cc_copy_creds and krb5_cc_copy_cache
Amitay Isaacs (289):
ctdb-doc: Sort the tunable variables in alphabetical order
ctdb-tunables: Add missing flags in the initializer
ctdb-tunables: Mark tunable MaxRedirectCount obsolete
ctdb-tunables: Mark tunable ReclockPingPeriod obsolete
ctdb-doc: Update tunables documentation
ctdb-doc: Add documentation for missing tunables
ctdb-recovery-helper: Get tunables first, so control timeout can be set
ctdb-tunables: Fix the implementation of LIST_TUNABLES control
ctdb-doc: Update ctdb man page
ctdb-doc: Update ctdb man page
ctdb-client: Increase the timeout for TRANS3_COMMIT control
ctdb-protocol: Check header is not null before copying
ctdb-protocol: Add protocol debug routines
ctdb-tests: Add a utility to parse ctdb packets
ctdb-client: Add client API for sending message to multiple nodes
ctdb-tunables: Add new tunable RecBufferSizeLimit
ctdb-protocol: Add new data type ctdb_pulldb_ext for new control
ctdb-protocol: Add new controls DB_PULL and DB_PUSH_START/DB_PUSH_CONFIRM
ctdb-daemon: Implement new controls DB_PULL and DB_PUSH_START/DB_PUSH_CONFIRM
ctdb-client: Add client API functions for new controls
ctdb-recovery-helper: Factor out generic recv function
ctdb-recovery-helper: Pass capabilities to database recovery functions
ctdb-recovery-helper: Rename pnn to dmaster in recdb_records()
ctdb-recovery-helper: Create accessors for recdb structure fields
ctdb-protocol: Add file IO functions for ctdb_rec_buffer
ctdb-recovery-helper: Re-factor function to retain records from recdb
ctdb-recovery-helper: Write recovery records to a recovery file
ctdb-protocol: Introduce variable for checking srvid prefix
ctdb-protocol: Add srvid for messages during recovery
ctdb-protocol: Add new capability
ctdb-recovery-helper: Introduce pull database abstraction
ctdb-recovery-helper: Introduce push database abstraction
ctdb-tests: Add a test for recovery of large databases
ctdb-recovery-helper: Improve log message
ctdb-recovery-helper: Introduce new #define variable
ctdb-protocol: Add srvid for assigning banning credits
ctdb-recoverd: Add message handler to assigning banning credits
ctdb-recovery-helper: Add banning to parallel recovery
ctdb-system: Add ctdb_parse_connections() function
ctdb-doc: Add sample LVS configuration
ctdb-system: Fix typo in ctdb_get_peer_pid
ctdb-protocol: Remove unused CTDB_SRVID_PREFIX
ctdb-protocol: Define a range of SRVIDs used by the ctdb tool
ctdb-daemon: Avoid memory leak
ctdb-tests: Update tests to include new controls
ctdb-tests: Fix flakey test complex/18_ctdb_reloadips.sh
ctdb-tests: Improve code coverage in tests
ctdb-daemon: Remove unused controls related to server_id
ctdb-tool: Remove commands related to server_id
ctdb-client: Remove client functions related to server_id
ctdb-protocol: Remove data structures for obsolete server_id controls
ctdb-client: Set control opcode in reply for one-way controls
ctdb-protocol: Consistency check for opcode in the reply structure
ctdb-client: Use correct TDB flags for opening database
ctdb-protocol: Fix marshalling of ctdb_string
ctdb-protocol: Use ctdb_string marshalling
ctdb-protocol: Fix marshalling of TDB_DATA
ctdb-protocol: Use TDB_DATA marshalling
ctdb-protocol: Fix marshalling of ctdb_req_header
ctdb-protocol: Use ctdb_req_header marshalling
ctdb-protocol: Add length routines for protocol elements
ctdb-protocol: Use length routines for protocol elements
ctdb-protocol: Fix marshalling of ctdb_reply_control
ctdb-protocol: Expose function to allocate a packet
ctdb-protocol: Check arguments in ctdb_allocate_pkt
ctdb-tests: Make sure the packet length matches the allocated size
ctdb-protocol: Drop buffer allocation from protocol push functions
ctdb-protocol: Use consistent names for function arguments
ctdb-client: Drop unnecessary discard_const
ctdb-protocol: Return required buffer size in push functions
ctdb-tests: Get rid of ctdb func tests
ctdb-lvs: Allow override of CTDB for testing
ctdb-natgw: Allow override of CTDB for testing
ctdb-protocol: Add function to compare ctdb_sock_addr
ctdb-tool: Remove xpnn command and related tests
ctdb-tests: Remove ctdb reloadips tests
ctdb-tool: Add test-hooks to enable testing of the tool
ctdb-tool: All errors should be logged via stderr
ctdb-tests: Add fake ctdb daemon implementation for testing
ctdb-tests: Use fake_ctdbd for ctdb tool tests instead of ctdb stub
ctdb-tests: Remove ctdb tool stub code
ctdb-tests: Fix output for ctdb getcapabilities test
ctdb-tests: Fix output for ctdb lvs test
ctdb-tests: Fix output for ctdb reloadnodes tests
ctdb-tests: rename tests from stubby.* to ctdb.*
ctdb-recoverd: Freeze databases whenever the node is INACTIVE
ctdb-recovery: Update timeout and number of retries during recovery
lib/util: Avoid splitting tevent-unix-util as public library
ctdb-packaging: Remove tevent-unix-util public library
lib/poll_funcs: Build as SAMBA_SUBSYSTEM
lib/util: Expose few more subsystems for standalone ctdb build
ctdb-cluster-mutex: Fix #endif decoration
ctdb-tests: Re-use async accept wrapper from async_req
ctdb-tests: Re-use set_blocking instead of re-definition
lib/util: Add a generic definition for set_close_on_exec
ctdb-daemon: Use lib/util functions instead of redefinitions
ctdb-system: Remove duplicate functions
ctdb-recoverd: Avoid duplicate recoverd event in parallel recovery
ctdb-daemon: Reset push_started flag once DB_PUSH_CONFIRM is done
ctdb-protocol: Fix marshaling of uint arrays
ctdb-protocol: Add checks to validate data on wire before unmarshaling
ctdb-protocol: Add checks to validate data on wire before unmarshaling
ctdb-tests: Improve ctdb protocol tests
ctdb-daemon: Do explicit check for integer values
ctdb-daemon: Explicitly assign boolean values
ctdb-locking: Conditionally set real-time priority in lock helper
ctdb-locking: Avoid real-time in lock helper if nosetsched option is set
ctdb-scripts: Add new configuration variable CTDB_NOSETSCHED
ctdb-tests: Update local daemons tests to use CTDB_NOSETSCHED
s3-ctdb: Fail CTDB connection only on INACTIVE state
ctdb-recovery-helper: Fix a comment
ctdb-recovery: Terminate if recovery fails without any banning credits
s3-ctdb: Return an error when unexpected reply is received
ctdb-recoverd: Improve election win messages
ctdb-daemon: Improve log message
ctdb-client: Add sync version of sending multiple messages
ctdb-client: Fix ctdb_rec_buffer traversal routine
ctdb-client: Add async version of delete_record
ctdb-client: Fix implementation of delete_record
ctdb-client: Use async version of delete_record in g_lock unlock
ctdb-client: Factor out ctdb_client_get_server_id function
ctdb-client: If g_lock lock conflicts, try again sooner
ctdb-client: Fix g_lock implementation
ctdb-client: Release g_lock lock before retrying
ctdb-client: Remove commented old g_lock implemention code
ctdb-client: Release the g_lock record once the update is done
ctdb-client: During transaction commit fetch seqnum locally
ctdb-client: Fix implementation of transaction start
ctdb-client: Fix implementation of transaction commit
ctdb-client: Add async version of transaction cancel
ctdb-client: Fix implementation of transaction cancel
ctdb-client: Add debug messages to client db api
ctdb-client: Expose ctdb_ltdb_fetch in client API
ctdb-ib: Include system/wait.h for signal
ctdb-daemon: Check if method is initialized before calling
ctdb-pmda: CTDB client code does not require ctdb->methods
ctdb-daemon: Log ctdb socket in the main daemon
ctdb-build: Exit if requested feature cannot be built
swrap: Build socket_wrapper path relative to blddir
ctdb-tests: Common code to wait for synchronization across cluster
ctdb-tests: Common code to process commandline options
ctdb-tests: Add torture test for g_lock functions
ctdb-tests: Replace ctdb_bench with message_ring using new client API
ctdb-tests: Replace ctdb_fetch with fetch_ring using new client API
ctdb-tests: Replace ctdb_fetch_one with fetch_loop using new client API
ctdb-tests: Replace ctdb_fetch_readonly_once with fetch_readonly using new client API
ctdb-tests: Replace ctdb_fetch_readonly_loop with fetch_readonly_loop using new client API
ctdb-tests: Replace ctdb_transaction with transaction_loop using new client API
ctdb-tests: Replace ctdb_update_record with update_record using new client API
ctdb-tests: Replace ctdb_update_record_persistent with update_record_persistent
ctdb-tests: Convert rb_test into a unit test
ctdb-tests: Rename ctdb_lock_tdb to lock_tdb
ctdb-tests: Rename ctdb_porting_tests to porting_tests
ctdb-tests: Remove unused tests code
ctdb-tests: Add torture test for fetch functions
ctdb-pcp-pmda: Reimplement using new client API
ctdb-web: Remove ctdb webpages from source
ctdb-locking: Drop code for Samba 3.x compatibility
ctdb-tool: Remove ctdb thaw command
ctdb-client: Remove functions ctdb_ctrl_thaw_priority() and ctdb_ctrl_thaw()
ctdb-client: Remove function ctdb_ctrl_thaw() from new client API
ctdb-protocol: Drop marshalling code for THAW control
ctdb-client: Reimplement ctdb_ctrl_freeze_priority() using ctdb_control()
ctdb-client: Drop unused functions ctdb_ctrl_freeze_send/recv
ctdb-client: Mark ctdb_ctrl_freeze_priority static
ctdb-vacuum: Do not use freeze_mode outside freeze code
ctdb-recovery: Remove serial database recovery code
ctdb-daemon: Drop priorites from freeze/thaw code
ctdb-freeze: Drop function thaw_priority()
ctdb-client: Remove ctdb_ctrl_freeze_priority() function
ctdb-protocol: Remove CTDB_NUM_DB_PRIORITIES
ctdb-recoverd: Remove code that updates database priorities during recovery
dbwrap_ctdb: Remove setting of database priority from samba
ctdb-tool: Remove setdbprio and getdbprio commands
ctdb-daemon: Remove implementation of SET/GET_DB_PRIORITY
ctdb-client: Remove client code for set/get_db_priority
ctdb-client: Remove code to set/get_db_priority from new client code
ctdb-protocol: Drop marshalling code for set/get_db_priority
ctdb-protocol: Deprecate controls SET/GET_DB_PRIORITY
ctdb-daemon: Remove priority field from ctdb_db_context
ctdb-locking: Remove API for locking all databases
ctdb-locking: Remove API for locking databases with priority
ctdb-freeze: Remove ctdb_db_prio_frozen() function
ctdb-locking: Remove ctdb_db_prio_iterator function
ctdb-build: Add missing dependency on samba-util
ctdb-tool: Log a message at INFO level
ctdb-tests: Drop ctdb tool debug level to NOTICE
ctdb-tool: Drop arbitrary exit codes
ctdb-tool: Exit with 1 on failure instead of -1
ctdb-tool: Fix a log message in "ctdb reloadnodes"
ctdb-tests: Fix "ctdb status" test
ctdb-tool: Improve "ctdb uptime" output format
ctdb-tool: Simplify "ctdb process-exists"
ctdb-tool: Improve error output in "ctdb setdebug"
ctdb-tests: Implement GET_DEBUG and SET_DEBUG controls in fake_ctdbd
ctdb-tests: Implement GET_RUNSTATE control in fake_ctdbd
ctdb-common: Refactor tunable related functions
ctdb-daemon: Use refactored tunable code
ctdb-tests: Implement controls related to tunables in fake_ctdbd
ctdb-tests: Implement SET_IFACE_LINK_STATE control in fake_ctdbd
ctdb-tests: Add monitoring related controls in fake_ctdbd
ctdb-common: Fix CID 1363227 (Resource leak)
ctdb-tests: Fix CID 1364521 (Argument cannot be negative)
ctdb-tests: Fix CID 1364522 (Argument cannot be negative)
ctdb-tests: Fix CID 1364523 (Argument cannot be negative)
ctdb-tests: Fix CID 1364524 (Argument cannot be negative)
ctdb-tests: Fix CID 1364525 (Argument cannot be negative)
ctdb-tests: Fix CID 1364526 (Argument cannot be negative)
ctdb-doc: Drop documentation for obsolete tunable
ctdb-daemon: Fix statistics update macro
ctdb-tests: Clean database before the test
ctdb-tests: Fix typo
ctdb-tests: Improve test to match exact output
ctdb-tests: Add tests for idempotence
ctdb-tests: Add more tests for ctdb setdbsticky and setdbreadonly
ctdb-tests: Add machinereadable output tests
ctdb-common: Fix parsing of debug level
ctdb-protocol: Add function ctdb_sock_addr_same_ip
ctdb-daemon: Add QueueBufferSize tunable
ctdb-daemon: Reduce QueueBufferSize from 16k to 1k
ctdb-daemon: Use consistent naming for monitoring mode
ctdb-tool: Remove old ctdb tool
ctdb-tool: Add replacement ctdb tool using new client API
ctdb-tests: Adjust unit test output matching new ctdb
ctdb-daemon: Drop the implementation of THAW control
ctdb-protocol: Deprecate THAW control
ctdb-daemon: Drop implementation of global transaction controls
ctdb-client: Drop client code for global transaction controls
ctdb-protocol: Drop marshalling for global transaction controls
ctdb-protocol: Deprecate global transaction controls
ctdb-packaging: Move ctdb configuration to ctdbd.conf
WHATSNEW: ctdb updates
ctdb-tests: Fix valgrind unintialized error
ctdb-tests: Do not add $VALGRIND to ctdb command
ctdb-tests: Removing sleep from porting_tests
ctdb-tests: Add explicit wait to the fork_helper()
ctdb-tools: Fix CID 1364699 - dereference after null check
ctdb-tools: Fix CID 1364701 - resource leak
ctdb-tools: Fix CID 1364702 - resource leak
ctdb-tools: Fix CID 1364703 - resource leak
ctdb-tools: Fix CID 1364704 - resource leak
ctdb-tools: Fix CID 1364705 - resource leak
ctdb-tools: Fix CID 1364706 - resource leak
ctdb-tools: Free record if it does not contain valid data
ctdb-tools: Free tickle list before exiting
ctdb-tools: Free connection list after processing it
ctdb-tools: Close tdb database on error
ctdb-tools: Free temporary memory context before exiting
ctdb-client: transaction_cancel must free transaction handle
ctdb-tools: Cancel transaction on error or if commit fails
dbwrap: Fix structure initialization
s3-lib: Pass missing argument for format string
s3-libnet: Add missing format element
s3-lib: Remove unused function sprintf_append
talloc: Fix format-nonliteral warning
tdb: Fix format-nonliteral warning
lib/util: Fix format-nonliteral warning
ldb: Fix format-nonliteral warning
s3-lib: Fix format-nonliteral warning
s3-include: Fix format-nonliteral warning
s3-netapi: Fix format-nonliteral warning
s3-libnet: Fix format-nonliteral warning
regedit: Fix format-nonliteral warning
wibindd: Fix format-nonliteral warning
passdb: Fix format-nonliteral warning
torture: Fix format-nonliteral warning
lib/util: Fix format strings and argument data types
ctdb-common: Fix format-nonliteral warning
ctdb-daemon: Fix format-nonliteral warning
ctdb-daemon: Fix format-nonliteral warning
ctdb-daemon: Fix format-nonliteral warning
ctdb-recovery-helper: Fix format-nonliteral warning
ctdb-ib: Fix DEBUG log messages
ctdb-pmda: Use 1s timeout for fetching statistics
ctdb-tools: Drop "ctdb rebalanceip"
ctdb-tools: Drop "ctdb rebalancenode"
ctdb-tools: Addition of IPs is deferred until the next takeover run
ctdb-protocol: Fix marshalling for GET_DB_SEQNUM control request
ctdb-recovery-helper: Add missing initialisation of ban_credits
ctdb-common: Add routines to manage PID file
Revert "ctdb-common: Use SCHED_RESET_ON_FORK when setting SCHED_FIFO"
dlz-bind: Fix preprocessor checks for BIND versions
dlz-bind: Fix initialization of DLZ_DLOPEN_AGE
dlz-bind: Set DNS_CLIENTINFO_VERSION based on BIND version
dlz-bind: Add support for BIND 9.11.x
provision: Add support for BIND 9.11.x
ctdb-scripts: Fix calculation of CTDB_BASE
ctdb-locking: Reset real-time priority in lock helper
ctdb-recovery: Avoid NULL dereference in failure case
Andreas Schneider (120):
s3-libads: Pass down the salt principal in smb_krb5_kt_add_entry()
s3-libads: Call smb_krb5_create_key_from_string() directly
s3-libads: Use the C99 boolean false
krb5_wrap: Move smb_krb5_kt_add_entry() to krb5_wrap
krb5_wrap: Add smb_krb5_open_keytab_relative() function
s3-libnet: Allow the keytab function to use a relative path
s4-libnet: Implement export_keytab without HDB
s4-selftest: Make export keytab test heimdal specific
krb5-wrap: Use the principal returned by the KDC to create the ccache
mit_samba: Make mit_samba a shim layer between Samba and KDB
mit_samba: Directly pass the principal and kflags
mit_samba: Add ks_is_tgs_principal()
mit_samba: Add function to change the password
mit_samba: Add functions to generate random password and salt.
mit_samba: Add function for handling bad password count
mit_samba: Setup logging to stdout
wscript: Build the KDC code if we have the AD DC build enabled
mit-kdb: Add initial MIT KDB Samba driver
mit-kdb: Add more ks_is_kadmin* functions.
mit-kdb: Do not allow to get a kadmin ticket as a client.
mit-kdb: Add ks_create_principal().
mit-kdb: Add ks_get_admin_principal() and use it for kadmin users.
mit-kdb: Implement KDB function to change passwords
mit-kdb: Add support for bad password count
mit-kdb: Add support for KDB version 8
mit-kdb: Fix segfault in krb5kdc dereferencing an invalid pointer
mit-kdb: Add missing SDB_F_FOR_AS_REQ for AS requests
lib: Update socket_wrapper to version 1.1.6
lib: Update uid_wrapper to version 1.2.1
lib: Update nss_wrapper to version 1.1.3
s4-libnet: Link dckeytab.so correctly when is AD DC enabled
pam_winbind: Use the correct type to check the pam_parse() return code
pam_winbind: Create and use a wbclient context
util: Add memcmp_const_time()
libcli:smb2: Use constant time memcmp() to verify the signature
s4:libcli:smb2: Use constant time memcmp() to verify the signature
s3-libads: Fix compilation with MIT Kerberos
s3-net: Convert the key_name to UTF8 during migration
s3-net: Cleanup the code of printing migration
swrap: Update to version 1.1.7
s3-smbspool: Log to stderr
rwrap: Update resolve_wrapper to version 1.1.4
torture: Fix trailing whitespaces in krb5 tests
torture: Add a dummy test for MIT Kerberos case
sdb: Do not set disallow if we do not have ticket info in the DB
kdb: Do not allocate memory with size 0
sdb: Fix NULL pointer deference if we return early
sdb: Do not create kmod information if we return early
mit_samba: Return 0 in case of a wrong realm
mit_samba: Fix flags that we get a referral tickets
mit_samba: Allow to use SPNs for AS-REQ
selftest: Set the correct hostname
s3-script: Install the findsmb script
s3-libnetapi: Correctly check for lp_realm.
samba_dnsupdate: Work around a bug in nsupdate
selftest: Use the correct smb.conf for ldbsearch
selftest: Remove unneeded sleep before first ldbsearch execution
selftest: Consistently check for provision return code
selftest: Fix indentation in wait_for_start()
selftest: Add newlines for info output
selftest: Remove nbt wait time
s4-kdc: Rename heimdal KDC files
krb5_wrap: Add smb_krb5_mk_error()
s4-kdc: Use smb_krb5_mk_error() in kdc implemenation
s4-kdc: Use smb_krb5_mk_error() in kpasswd implementation
s4-kdc: Put the heimdal kdc config into a private data pointer
s4-kdc: Use better and simpler names for the kdc_process_ret enum
s4-kdc: Move definitions to kdc-server.h
s4-kdc: Move kdc_process_fn_t declaration to kdc-server.h
s4-kdc: Move KDC socket structs to krb5-server.h
s4-kdc: Rename proxy-heimdal.c to kdc-proxy.c
s4-kdc: Create a kdc-proxy.h header file
s4-kdc: Move KDC packet handling functions to kdc-server.c
util: Fix a possible null pointer dereference
librpc: Check for negative return value of socket_get_fd()
s3-torture: Do some code hygiene in the ldb test
s4-dsdb: Fix a possible NULL pointer dereference
s4-ntlm: Fix a NULL pointer dereference in error path
smbget: Fix a memory leak
nsswitch: Fix wbclient torture_assert_wbc_ok_goto_fail macro
nsswitch: Fix memory leak in test_wbc_pingdc()
nsswitch: Fix memory leak in test_wbc_get_sidaliases()
nsswitch: Fix memory leak in test_wbc_pingdc2()
nsswitch: Fix memory leak in test_wbc_domain_info()
nsswitch: Fix memory leak in test_wbc_users()
nsswitch: Fix memory leak in test_wbc_groups()
nsswitch: Fix memory leak in test_wbc_trusts()
s3-libnet: Add a comment to make cleaŕ we want to fall through
libutil: Support systemd 230
selftest: Skip smbtorture_s3 tests against ntvfs
selftest: Skip the Samba4 rap tests
selftest: Skip s4 smb2 rename tests
selftest: Remove samba4 delaywrite tests we skip
selftest: Remove samba4.smb2.compound tests we skip
selftest: Skip also s4 base.createx_sharemodes_dir
selftest: Skip the samba4.raw.eas tests
s3-winbind: Fix memory leak with each cached credential login
tsocket: Do not dereference a NULL pointer
s4-torture: Add torture_check_krb5_error() function
s4-torture: Add AES and RC4 enctype checks
s4-dsdb: Add missing header file for write() and close()
selftest: Do not use the deprecated samba-tool user add
testprogs: Do not use the deprecated samba-tool user add
ctdb-waf: Move ctdb tests to libexec directory
s3-util: Fix asking for username and password in smbget.
nsswitch: Add missing arguments to wins gethostbyname*
nsswitch: Also set h_errnop for nss_wins functions
s3-lib: Fix %G substitution in AD member environment
s3-utils: Fix loading smb.conf in smbcquotas
s3-winbind: Do not return NO_MEMORY if we have an empty user list
s3-printing: Correctly encode CUPS printer URIs
s3-printing: Allow printer names longer than 16 chars
s3:spoolss: Add support for COPY_FROM_DIRECTORY in AddPrinterDriverEx
lib:torture: Make variables const
s4:torture: Add tortue test for AddPrinterDriverEx with COPY_FROM_DIRECTORY
s4:torture: Strip trailing whitespaces in session_key.c
s4:torture: Normalizes names in session_key test
s4:torture: Fix cleanup of the secrets object in session_key test
nss_wins: Fix errno values for HOST_NOT_FOUND
printing: Fix building with CUPS version older than 1.7
Andrew Bartlett (213):
selftest: Avoid sorting issues on Ubuntu 10.04 vs 14.04
dsdb: Introduce LDB_SYNTAX_SAMBA_OCTET_STRING
smbd: Only check dev/inode in open_directory, not the full stat()
dsdb/repl: Ensure we use the LOCAL attid value, not the remote one
dsdb: Only re-query dSHeuristics for userPassword support on modifies
libndr: Add ndr_pull_struct_blob_all_noalloc
ldb-samba: Use ndr_pull_struct_blob_all_noalloc
selftest: Print a message when RID allocation fails
selftest: Wait 60 seconds for a RID alloc
dsdb: Clarify rename handling as to which record is being renamed
dsdb: Improve debug messages in operational module
ldb: Fix error string when renaming to an DN that already exists
repl_meta_data: Explain why time(NULL) is good enough here
selftest: Include a few more details in selftest and samba startup.
join.py: Fetch the remote DC NTDS GUID early
pidl: Correct string handling to use talloc and be in common
classicupgrade: Avoid needing to quote CN values in an DN, use dn.set_component()
ldb-samba: Add "secret" as a value to hide in LDIF files
rpc_server/drsuapi: Return the correct 3 objects for DRSUAPI_EXOP_FSMO_RID_ALLOC
getncchanges: Give the correct error when RID_ALLOC fails on an invalid destination_dsa_guid
getncchanges: Use the talloc_stackframe() for tempory memory
getncchanges: Fill in ctr6.linked_attributes with a pointer to a zero-length array
dsdb/subtree_rename: Rename the base before we rename children
repl_meta_data: Do rename before deleted object cleanup
dsdb: Use DRSUAPI_ATTID_isDeleted constant in repl_meta_data
dsdb: Improve syntax clarity
selftest: Mark LDAPNotificationTest.test_max_search flapping
samba-tool domain demote: Fix error handling and error messages
torture: Only walk over objects actually converted in drs.dssync
repl: Do not consider userPassword differences to matter in rpc.dssync
build: Build less of Samba when building --without-ntvfs-fileserver
selftest: Use random OIDs from under the Samba OID arc
dsdb: Remove incorrect RDN attid check in replmd_replPropertyMetaDataCtr1_verify
repl: Allow GetNCChanges DRSUAPI_EXOP_REPL_OBJ to succeed against a deleted object
repl: Pass in the full partition DN to dsdb_replicated_objects_convert()
dsdb: Only search the provided partition for the object GUID
samba-tool domain join: Set drsuapi.DRSUAPI_DRS_GET_ANC during initial repl
selftest: Make replica_sync test pass against Windows 2012R2
dsdb: Allow "cn" to be missing on schema import
repl: Remove duplicated delete of sAMAccountType
selftest: Only mark runtime dbcheck as flapping
dbcheck: Find and fix a missing Deleted Objects container
repl: Retry replication of the schema on WERR_DS_DRA_SCHEMA_MISMATCH
dsdb: Cache our local invocation_id at the start of each request
dsdb: Move operational below repl_meta_data so we can query parentGUID
repl: Enforce that we have parent objects for all replicated objects
dsdb: Clearly fail to replicate objects not NC_HEAD with a all-zero parentGUID
dsdb: Give more errors in operational module when building the parentGUID
repl_meta_data: Fail to replicate over local objects not NC_HEAD with a all-zero parentGUID
repl_meta_data: Give more information on replication rename behaviour
dsdb: Split rename case out of replmd_op_possible_conflict_callback
dsdb: Simplify replmd_op_possible_conflict_callback behaviour
dsdb: Give the objectGUID ahead of LDIF dump of replicated changes
selftest: initial version of new repl_move test
selftest/drs: Show we return the correct 3 objects for DRSUAPI_EXOP_FSMO_RID_ALLOC
repl: Do not report all replication failures at level 0
selftest: Add another test case to replica_sync test
selftest: Assert that name, the RDN attribute and actual RDN are in sync
Remove the try/catch from urgent_replication.py
samldb: Make checks for schema attributes much more strict
selftest: Add tests to show that we can not create duplicate schema entries
selftest: These replication tests are now OK after we fixed all the replication bugs
selftest: Run the krb5.kdc test on a more selective basis
selftest: Do not scan the full DB to confirm a specific DN in dbcheck
dsdb: Add new helper function replmd_replPropertyMetaData1_new_should_be_taken()
dsdb: Use replmd_replPropertyMetaData1_new_should_be_taken in replmd_op_possible_conflict_callback()
dsdb: Use replmd_replPropertyMetaData1_new_should_be_taken in replmd_replicated_handle_rename()
dsdb: Use replmd_replPropertyMetaData1_new_should_be_taken in replmd_replicated_apply_merge()
dsdb: Use replmd_replPropertyMetaData1_new_should_be_taken in replmd_replicated_apply_search_callback()
selftest: Add more tests to cover attribute changes vs DN renames
dsdb: Show initial replicated modify as well as resolved modify in repl_meta_data
dsdb: Fix incorrect sorting of replPropertyMetaData with RDN last
dsdb: Fix rename and RDN handling for replPropertyMetaData
selftest: Assert replPropertyMetaData values before and after replication
selftest: Add a reverse variation to ReplicateMoveObject3
repl: Avoid use-after-free when working with the working_schema
build: Try to work around strict aliasing rules on Ubuntu 10.04
build: Address may be used uninitialized in this function on Ubuntu 10.04
selftest: Rebase DrsBaseTestCase on SambaToolCmdTest
samba-tool: Improve fsmo handling
samba-tool domain join: Refuse to re-join a DC with a still-valid password
s4-samr: Fix samr.QueryUserInfo level 1 primary group
selftest: Expand tokenGroups test to also build nested groups
selftest: Expand tokenGroups test to also compare with samr.GetGroupsForUser
libcli/smb: Fix compiler errors when building with --address-sanitizer
libgpo: Fix compiler errors when building with --address-sanitizer
s3-client: Fix compiler errors when building with --address-sanitizer
s3-libnet: Fix compiler errors when building with --address-sanitizer
s3-vfs/snapper: Fix compiler errors when building with --address-sanitizer
s4-kcc: Fix compiler errors when building with --address-sanitizer
s4-libcli/raw: Fix compiler errors when building with --address-sanitizer
s4-samr: Rework GetGroupsForUser to use memberOf
selftest: Add alias membership to the tokengroups test
selftest: Test that primaryGroupID is first in samr.GetUserGroups() reply
selftest: Check a user with only primaryGroupID is correct in samr.GetUserGroups() reply
samba_dnsupdate: Add a mode that calls samba-tool dns, rather than nsupdate
dns_update_list: Add in NS records
samba_dnsupdate: Allow admin to force a particular IP into samba_dnsupdate
samba_dnsupdate: Simplify logic and add more verbose debugging
samba_dnsupdate: Implement RPC <ZONE> prefix in dns_update_list
samba_dnsupdate: Give the administrator more detail when DNS lookups fail
selftest: Ensure we write 127. addresses into DNS
selftest: Always set up a resolv.conf and use it in samba_dnsupdate
selftest: confirm samba_dnsupdate works in both nsupdate and samba_tool mode
selftest: Add a DNS test matching Windows
selftest: Remove print attribute from getnc_exop test
repl: Avoid excessive stack use and instead sort the links in the heap
selftest: Do not run local.ndr 3 times
lib/ldb-samba: We can confirm a GUID is a GUID by length
selftest: Avoid running local.nss test against ad_dc_ntvfs
selftest: Do not run winbind tests against ad_dc_ntvfs
dsdb: Provide shortcuut for repl_meta_data avoiding search of link targets
dsdb: Fix use-after-free of parent_dn in operational module
dsdb: Only fetch changed attributes in replmd_update_rpmd
librpc: Avoid talloc in GUID_from_data_blob()
ldb: Allow repl_meta_data to override the O(^2) loop checking for duplciates
ldb: Do not allocate the extended DN name
dsdb: Apply linked attribute backlinks as we apply the forward links
dsdb: Avoid talloc() calls in dsdb_get_extended_dn_*()
dsdb: Make less talloc() for parsed_dn.guid
Revert "source4/scripting: add an option to samba_dnsupdate to add ns records."
lib: talloc: Change __talloc_with_prefix() to return a struct talloc_chunk *.
lib: talloc: Change __talloc() to return a struct talloc_chunk *.
lib: talloc: Change _talloc_set_name_const() to _tc_set_name_const()
lib: talloc: Add _vasprintf_tc() which returns the struct talloc_chunk *, not the talloc'ed pointer.
lib: talloc: Rename talloc_set_name_v() to tc_set_name_v(). Make it take a struct talloc_chunk *tc as the first argument.
lib: talloc: Call talloc_chunk_from_ptr() less often in __talloc_with_prefix()
lib: talloc: Rename the internals of _talloc_free_internal() to _tc_free_internal().
lib: talloc: As _tc_free_internal() takes a struct talloc_chunk *, add an extra paranoia check against destructor overwrite.
lib: talloc: As we have a struct talloc_chunk * in _talloc_free_children_internal(), use it to call _tc_free_internal() directly.
lib: talloc: Add check for destructor protection.
ldb: Avoid use-after-free when one error message is printed into another
schema: Make the fetch of the schema version fast
dsdb: Remove use of schema USN in samldb_add_handle_msDS_IntId
dsdb: Remove 120 second delay and USN from schema refresh check
schema: Reorder dsdb_set_schema() to unlink the old schema last
samba-tool: Add success message to samba-tool drs replicate --local
samba-tool: Add --local-online mode to samba-tool drs replicate
selftest: Add more tests for samba-tool drs replicate
Revert "dsdb: Disable tombstone_reanimation module until we isolate what causes flaky tests"
Revert selftest: Add knownfail entry required to disable tombstone_reanimation
pyrpc: Allow control of RPC timeout for IRPC
samba-tool drs replicate: Allow replication call to take as long as required
dsdb: Avoid search on * in replmd_replicated_apply_next()
dsdb: Improve debugging during SD recursion failure
build: Always build eventlog6. This is not a duplicate of eventlog
param: Correct the defaults for "dcerpc endpoint services"
Remove unused and untested source4 ntptr and spoolss systems
repl: Remove check for parentGUID being NULL in dsdb_convert_object_ex()
ldb: Add better debugging to ldb_wait()
samba-tool: Put full command and subcommand in informative name when testing samba-tool
selftest: Make repl_schema more robust by disabling replication before the test
selftest: Make repl_move more robust by disabling replication before the test
selftest: Disable replication before doing forced pre-test replicate
drs: pass the forced-replication flag from DsReplicaSync to GetNCChanges
selftest: Ensure we can call DRSUAPI_EXOP_REPL_OBJ with replication disabled
selftest: Disable all replication during most replication tests
WHATSNEW: Add features added for Samba 4.5
s4:torture/ndr: Add supplementalCredentials blobs from alpha13 and release_4_1_0rc3
s4:torture/ndr: Add supplementalCredentials blob from Win2012R2
torture: Add another sample of a PAC that broke the old PAC_UPN_DNS_INFO handling
s4:torture/ndr: Add supplementalCredentials blob from Samba with the new SambaGPG blob
build: Add hints on what libraries to install for gpgme support on failure
ldb_ldb: Do not re-scan the index list for new DNs
librpc: Add ndr_push_struct_into_fixed_blob() and use it in GUID_to_ndr_blob()
lib/ldb-samba: Use ndr_push_struct_into_fixed_blob() in ldif_handlers.c
lib/ldb-samba: Avoid talloc() in ldif_read_objectSid() by parsing the SID string on the stack
dsdb: Limit potential stack use when parsing extended DNs
torture: Add tests for ndr_push_struct_into_fixed_blob()
ldb: Free empty index lists as talloc_realloc() fails in this case
ldb: Add ldb_unpack_data_only_attr_list_flags()
ldb: Prepare for adding flags to ltdb_search_dn1() to control memory allocation
ldb: Add flags to ltdb_search_dn1() to control memory allocation
ldb: Use ldb_unpack_data_only_attr_list_flags in re_index()
torture/backupkey: Allow WERR_INVALID_ACCESS, WERR_INVALID_PARAM or WERR_INVALID_DATA
selftest: Merge alternate error codes into backupkey from backupkey_heimdal
s4:dsdb/repl: Improve memory handling in replicated schema code
s4:dsdb/schema: Remove unused old schema from memory
s4:dsdb/repl_meta_data: Add more info on which DN we failed to find an attid on
selftest: Move repl_schema test to a distinct OID prefix
dsdb: Allow missing a mandatory attribute from a dbcheck fix
dbcheck: Abandon dbcheck if we get an error during a transaction
selftest: Correct name of samba4.blackbox.dbcheck.release-4-5-0-pre1
pydsdb: Raise TypeError for type errors, rather than incorrectly raising an LdbError
ldb-samba: Add new extended match rule DSDB_MATCH_FOR_EXPUNGE
kcc: Move kcc/kcc_deleted.c into kcc/garbage_collect_tombstones.c
dsdb: Rework kcc_deleted() into dsdb_garbage_collect_tombstones()
dsdb: Rework more KCC service-specific details out of dsdb_garbage_collect_tombstones()
dsdb: move tombstone lifetime calculation out of dsdb_garbage_collect_tombstones()
dsdb: Expand garbage_collect_tombstones to expunge links also
python: Add binding for dsdb_garbage_collect_tombstones()
samba-tool: Add command-line tool to trigger tombstone expunge
dsdb: Expose ldb error string to dsdb_garbage_collect_tombstones() callers
dsdb: Use a date comparison in the search to avoid returning all deleted objects
selftest: Add test for 'samba-tool tombstones expunge'
samba-tool: Run samba-tool domain tombstones expunge in a transaction
dsdb: Add comments to dsdb_garbage_collect_tombstones()
lib/ldb-samba: Add test for DSDB_MATCH_FOR_EXPUNGE match rule
dsdb: Do not check isDeleted as a possible link
build: Fix build with perl on debian sid.
selftest: Add test for link and deleted link behaviour in dbcheck
dbcheck: Be more careful with link checks
dbcheck: Correct message for orphaned backlinks
selftest: Ensure we catch errors from samba-tool domain tombstones expunge
dsdb: Add python hooks to allocate a RID set and allocate a RID pool
dbcheck: Correctly initialise keep_transaction in missing_parent test
dsdb: Create RID Set as SYSTEM
dsdb: Rework DSDB code to use WERROR
dsdb: Catch errors in extended operations (like allocating a RID Set)
python: create NTSTATUSError, HRESULTError and WERRORError
pyerrors: Add PyErr_Set{WERROR,HRESULT,NTSTATUS}_and_string()
python: Add DsExtendedError Exception
python-libnet: Use new NTSTATUSError, WERRORError and DsExtendedError exceptions
Anoop C S (4):
packaging: Remove ulimit usage for setting core file size limit
packaging: Set default limit for core file size in init scripts
packaging: Set default limit for core file size in service files
vfs_glusterfs: Fix a memory leak in connect path
Anubhav Rakshit (1):
torture:smb2: Add test replay6 to verify Error Codes for DurableHandleReqV2 replay
Aurelien Aptel (29):
s3/utils/regedit.c: typo
s4/auth/ntlm/auth_unix.c: add parens
s4/client/cifsdd.c: typo
s4/heimdal/lib/gssapi/mech/gss_compare_name.c: typo
s4/heimdal/lib/krb5/pac.c: typo
examples/perfcounter/perf_writer.c: fix memset
s3/client/clitar.c: NULL-check correct variable
s3/client/clitar.c: always close fd
pidl/ws: Fix Dead Store (Dead assignement/Dead increment) warning found by Clang
pidl/ws: fix -Wmissing-prototype
pidl/ws: enhance dissector
pidl/ws: Fix Dead Store (Dead assignement/Dead increment) warning found by Clang
pidl/ws: fix indent (use 4 tabs) and remove trailing whitespace
pidl/ws: fix Assigned value is garbage or undefined found by Clang Analyzer
pidl/ws: Remove #pragma warning (MSVC)
pidl/ws: Eliminate e_uuid_t in favor of e_guid_t
pidl: use https urls and update dead msdn link
pidl/ws: avoid trailing tabs
pidl/ws: remove any starting _ in WS field names
pidl/ws: Remove pinfo->private_data from DCERPC dissectors.
pidl/ws: dereference pointers when passing name param.
pidl/ws: Add HEADER START/HEADER END in ws dissector
pidl/ws: whitespace cleanup
pidl/ws: Document CODE_START and HEADER_START
pidl/ws: directly use `di` param instead of casting `private_data` member.
pidl/s4/python: typo in comment
pidl/ws: fix failing tests
pidl/ws: fix missing $name when generating MAPI dissector
s3/winbindd: use == -1 instead of < 0 for error checking uid_t
Björn Baumbach (2):
idmap_script: add missing "IDTOSID" argument to the script command line.
s3-printing: fix migrate printer code (bug 8618)
Björn Jacke (1):
testsuit/manage-ca.sh: specify key size in CSRs
Bob Campbell (18):
samba_dnsupdate: do not interpret failure count as unix error code
samba_spnupdate: do not interpret failure count as unix error code
tdb: avoid many fcntl calls when incrementing seqnum
selftest: add check password script test
check_password_script: Add a DEBUG message for timeouts
password_hash: Make an error message clearer
provision_fill: move most db accesses into transactions
provision_fill: move GPO into transaction
provision: Ignore duplicate attid and governsID check
getncchanges: Fix some whitespace
tests/getnc_exop: Ensure we do the fallback if not given a PAS
tests/getnc_exop: Ensure that attribute list sorting is correct
getncchanges: Fix some whitespace
tests/getnc_exop: Ensure we do the fallback if not given a PAS
tests/getnc_exop: Ensure that attribute list sorting is correct
dsdb: refactor part of garbage_collect_tombstones into new function
copyright: Add the missing notices for garbage collect tombstones
tests/getnc_exop: Improve the ridalloc test by performing an alloc against a new master
Christian Ambach (16):
s3:smbd/service disable case-sensitivity for SMB2/3 connections
s3:smbd/service apply some code formatting
s3:smbd/filename remove smelly code
selftest: test for case insensitivity over SMB2/SMB3
s3:smbd remove todo comments
s3:libsmb/clifile use correct value for MaxParameterCount for setting EAs
s3:rpcclient make --pw-nt-hash option work
s3:selftest add a test for rpcclient --pw-nt-hash option
s3:rpcclient add -m option
s3:modules/vfs_snapper squelch -O3 compile warning
s4:repl_meta_data: squelch compile warning with -O3
s4:param add log_level function to retrieve log level in Python code
tests/param add a test for LoadParm.log_level
python/drs_utils: do not attempt to parse log level, use parsed value
python/join: do not attempt to parse log level, use parsed value
s4:samba_spnupdate: do not attempt to parse log level, use parsed value
Christof Schmitt (23):
gpfswrap: Add wrapper for gpfs_set_winattrs
vfs_gpfs: Implement new dos_attributes vfs functions
vfs_gpfs: Remove xattr functions
vfs: Add helper to check for missing VFS functions
vfs_full_audit: Assert that all VFS functions are implemented
vfs_time_audit: Assert that all VFS functions are implemented
selftest: Load time_audit and full_audit
winbindd: Remove unused prototypes for winbindd_group.c
gensec: Change log level of message when no PAC is found
smbcacls: Do not read old ACL for 'set' operation
ctdb/ltdbtool: Fix static declarations
gensec: Change log level for message when obtaining PAC from gss_get_name_attribute failed
selftest: Disable full audit logging in selftest
smbtorture: Add smb2.maxfid
selftest: Add tunable for smb2.maxfid limit
smbtorture: Correctly initialize notify request in smb2.notify.tree
smbd: Allow passing notify filter from inotify and fam
notify_inotify: Move mapping table to top of file
notify_inotify: Map inotify mask back to filter
vfs_gpfs: Retry getacl with DAC capability if necessary
smbd: Fix snapshot query on shares with DFS enabled
idmap_ad: Fix retrieving credentials from clustered secrets.tdb
winbind: Fix passing idmap failure from wb_sids2xids back to callers
Clive Ferreira (4):
objectclass_attrs: correctly indent a comment
typo: supprise -> surprise
objectclass_attrs: Only abort on a missing attribute when an attribute is both MUST and replicated
dbcheck: confirm RID Set presence and consistency
David Disseldorp (4):
printing: use housekeeping period that matches cache time
printing: handle "printcap cache time" change on HUP
smbd/ioctl: match WS2016 ReFS get compression behaviour
torture/ioctl: test compression responses when unsupported
Dirk Godau (2):
drsuapi tests for DsBind with w2k8
Extend DsBind and DsGetDomainControllerInfo to work with w2k8.
Douglas Bagnall (73):
util/binsearch: macro for greater than or equal search
util/tests: add test for BINARY_ARRAY_SEARCH_V macro
ldb paged_results: quieten a warning.
ldb controls: better error string for VLV control
ldap VLV: memdup, not strdup VLV context_id
vlv: better syntax for parsing greater than or equal strings
ASN1: use a talloc context in read_contextSimple
ldb controls: use uint8_t* for contextID binary blob
asn1: make readContextSimple() add a NUL byte
ldb_controls: add base64 option to VLV
Add python server sort tests
ldb sort: allow sorting on attributes not returned in search
torture_ldap_sort: avoid segfault
configure: set HAVE___ATTRIBUTE__ for heimdal
ldb client controls: avoid talloc_memdup(x, y, (size_t)-1);
ndr: avoid unnecessary searches of token list
librpc ndr: add ndr_pull_steal_switch_value()
ndr: Use ndr_steal to avoid long lists
ndr: inline search for ndr_token_peek()
ndrdump: add quiet flag
Implement Virtual List View (VLV)
ldb controls: don't ignore memory allocation failure
ldb sort tests: point out a known fails against Windows
dsdb sort test: avoid exception with fewer elements
dsdb python tests: fix several usage strings
ldb client controls: don't ignore failed memdup
ldb controls: allow paged_search to use a cookie
ldb_controls: avoid unnecessary unchecked talloc_asprintf()s
util/attr.h: use HAVE___ATTRIBUTE__, not __GNUC__ comparisons
libreplace: use HAVE___ATTRIBUTE__ instead of __GNUC__
tevent.h: use HAVE___ATTRIBUTE__ instead of __GNUC__
s3/modules/getdate: use HAVE___ATTRIBUTE__ instead of __GNUC__
mdssvc/sparql_parser.c: use HAVE___ATTRIBUTE__ instead of __GNUC__
s4/lib/wmi_wrap: use HAVE___ATTRIBUTE__ instead of __GNUC__
third_party/zlib/zlib.h: use HAVE___ATTRIBUTE__ instead of __GNUC__
VLV: avoid name conflict with string.h's index()
VLV: initialise struct using names for clarity
VLV: handle empty results correctly
VLV: test using restrictive expressions
.gitignore: don;t accidentally ignore some files
Fix formatting issue on 32bit with _FILE_OFFSET_BITS == 64
python/join.py: Avoid unchecked print in error path
source4/param/pyparam.c: fix strange indentation
dsdb/common/util: remove some unnecessary str_list_length()s
dsdb/common/util: be careful about zero length string lists
dsdb schema_query: reduce calls to str_list_length
source4/registry/local: avoid str_list_length() to check first element
pytalloc: avoid double 0x0x in repr strings
Python pidl: avoid segfault with "del obj->attr"
tests/dcerpc/array.py: test deletion of arrays
selftest: Enable samba.tests.dcerpc.array test
tests/dcerpc: add tests for string allocation and deletion
gitignore: ignore library bin directories
python/tests/dns_forwarder: fix for python 2.6
Remove unused stf directory
s4/dsdb/repl_meta_data: use local bool version of flag
replmd_modify_delete: check talloc_new()
repl_meta_data: free context on error in replmd_modify_la_delete()
dsdb: add vanish links control
dsdb tests: add linked attribute tests
drs tests: querying linked attribute over DRS
dbcheck: cache linkIDs and reverse attribute names
dbcheck: check for linked atributes that should not exist
s4/selftest/provisions/dump.sh: dump to target dir if supplied
blackbox/dbcheck-oldrelease: more accurate temp filename
dbcheck linked attribute tests: save environment with bad links
VLV tests: reduce test duplication hence elapsed time
VLV tests: comment typo
VLV: fix handling with show_deleted and similar controls
VLV tests: add tests with show_deleted control
VLV tests: remove vestigial pdb stub
ldb_tdb index: fix whitespace
KCC: Fix misnamed variable in DSA object
Evgeny Sinelnikov (1):
rpc_server/drsuapi: Set msDS_IntId as attid for linked attributes if exists
Garming (1):
drs: Send DRSUAPI_DRS_GET_ALL_GROUP_MEMBERSHIP by default
Garming Sam (153):
tests: Allow alternative error code for backupkey test
ldb controls: base64 encode VLV response context strings
ldap VLV: use correct ASN.1 encoding for requests
ldap: fix search control rule identifiers ASN.1 type
ldap VLV: correct ASN1 parsing of VLV requests
CVE-2016-0771: tests/dns: Modify dns tests to match new IDL
CVE-2016-0771: tests/dns: prepare script for further testing
CVE-2016-0771: tests/dns: FORMERR can simply timeout against Windows
CVE-2016-0771: tests/dns: Add a comment regarding odd Windows behaviour
CVE-2016-0771: tests/dns: restore formerly segfaulting test
CVE-2016-0771: tests/dns: Correct error code for formerly unrun test
CVE-2016-0771: tests/dns: Add some more test cases for TXT records
CVE-2016-0771: tests/dns: modify tests to check via RPC
CVE-2016-0771: dnsserver: don't force UTF-8 for TXT
CVE-2016-0771: tests/dns: RPC => DNS roundtrip test
CVE-2016-0771: tests: rename test getopt to get_opt
CVE-2016-0771: tests/dns: change samba.tests.dns from being a unittest
CVE-2016-0771: tests/dns: Remove dependencies on env variables
tests: Allow alternative error code for backupkey test
build: mark explicit dependencies on pytalloc-util
sort: enable custom behaviour on critical control
autobuild: Return the last 50 log lines
rodc: Allow RODC preload to continue with invalid users
tests/rodc: Check that preload will skip broken users
tests/dsdb: Verify that only a new ldb affects reads of userPassword
tests/passwords: fix a typo
dbcheck: Avoid pathological behaviour in operational module
dns: remove double talloc for strings
dnsserver: Remove C++ style comment
selftest: Remove an early return in the fl2003dc provision
dns: modify dns forwarder param to be multi-valued
tests/dns_forwarder: Add testing for DNS forwarding
tests/dns: Add additional testing of CNAME handling
tests/dns_forwarder: remove statically defined IPs
tests/dns_forwarder: Add an extra test for inactive forwarders
tests/dns_forwarder: Add additional testing for no flag recursive
autobuild: Return the last 50 log lines
autobuild: fix typo in autobuild success subject line
manpages: Markup led to missing space
typo: mplementation => implementation
examples/crackcheck: allow compilation with current builds
samr4: Remove talloc_asprintf leak onto mem_ctx
drsuapi.idl: Add attid used in testing in idl
tests/drs: cleanup some whitespace
samba_dnsupdate: Fix typo in -no-substitutions name
dns_server: Fix typo in dns_authoritative_for_zone() name.
flapping: temporarily add samba_dnsupdate test
tests/drs: extend getnc_exop test to check linked attributes
tests/drs: make cleanup more robust
tests/drs: assert sorted identifier GUIDs across getncchanges
tests/drs: change sort order in tests to match Windows
getncchanges: remove some whitespace
getncchanges: sort with precalculated target guid array
getncchanges: Match Windows on linked attribute sort
flapping: remove samba_dnsupdate from flapping
check-password-script: Allow AD to execute these scripts
param: fix a typo emtpy -> empty
tevent: typo in documentation
typo: componemt => component
typo: mandetory -> mandatory
kerberos: Return enc data on PREAUTH_FAILED
schema: Remove unnecessary schema reload code
schema: raise debug level
tests/dns_update: Add error message for diagnosis
tests: Allow alternative error code for backupkey test
dbcheck: Script swallows input when given a carriage return
match_rules: Fix a duplicated check
match_rules: Make cleanup faster and more efficient
link_attrs: Add tests for one way links (and pseudo one-way)
extended_dn_out: Force showing of one-way links if they exist
flapping: Add dbcheck to flapping
dbcheck: change argument to specify a partial --yes
tests/dbcheck: One way links are expected to be stale
dbcheck.sh: Fix the arguments supplied as $@
dbcheck: Split out valid stale DN links and invalid ones
dbcheck.sh: Remove all the plausible stale links
flapping: Remove dbcheck from flapping
renamedc: Make a more targeted dbcheck
pytalloc: Add a warning about enable_null_tracking
join.py: Remove talloc enable_null_tracking
samba-tool: Speed up all samba-tool commands
WHATSNEW: Samba-tool speed-up
drepl: Fix a typo
kcc: Make debug more scarce
selftest: Add more information when KCC fails
kcc: Prevent the KCC from doing work on the RODC
samba_kcc: match translate connection from old KCC for RODC
samba_kcc: match translate connection from old KCC for RWDC
kcc: Make more fault tolerant on DC demotion
dbcheck: Replica locations can now be leftover
join.py: Ensure that all expressions are escaped
join.py: Add Replica-Locations for DomainDNS and ForestDNS
join.py: Don't add replica locations without the backend
dbcheck/release-4-1-0rc3: Add a check regarding replica locations
dbcheck: Add a rule regarding replica locations
kcc: correct a typo in the debug messages
samba_kcc: Enable the python samba_kcc
WHATSNEW: Add the update for the samba kcc
AddressSanitizer: Initialize for kcc_topology.c
AddressSanitizer: Initialize for smbd/oplock.c
AddressSanitizer: Initialize for vfs_fruit.c
kcc: typo fix tupple => tuple
kcc: fix a typo
kcc: Add corresponding methods for repsTo
kcc: Add a TODO for msDS[-RO]-Replica-Locations
kcc: Clean up repsTo attribute for old DCs
replmd: Check dsdb_dn for syntax errors
valgrind: Avoid a warning about uninitialized memory
msds_intid: Add test for (non-schema) linked attributes
replmd: Remove data field on DSDB_CONTROL_REPLICATED_UPDATE_OID
replmd: Send replicated update OID for forward links
msds_intid: Add test for schema linked attributes
getncchanges: Set is_schema_nc when EXOP_OBJ
rpc_server/drsuapi: Don't set msDS_IntId as attid for linked attributes if schema
tests/schemainfo: run dsdb schema info tests with proper URI
replicated_objects: Add missing newline for debug
drepl_out: Send the prefix map alongside the RODC partial attribute set
drepl_out: Send the prefix map alongside the global catalog partial attribute set
tests/getnc_exop: Ensure that all attids are valid in a given PAS
tests/getnc_exop: Ensure the remote prefixmap is always used (secret attrs)
tests/getnc_exop: Ensure the remote prefixmap is always used (name attr)
tests/getnc_exop: PartialAttrSetEx test (passes Windows, fails us)
getncchanges: Compute the partial attribute set from the remote schema
tests/schemainfo: run dsdb schema info tests with proper URI
replicated_objects: Add missing newline for debug
drepl_out: Send the prefix map alongside the RODC partial attribute set
drepl_out: Send the prefix map alongside the global catalog partial attribute set
tests/getnc_exop: Ensure that all attids are valid in a given PAS
tests/getnc_exop: Ensure the remote prefixmap is always used (secret attrs)
tests/getnc_exop: Ensure the remote prefixmap is always used (name attr)
tests/getnc_exop: PartialAttrSetEx test (passes Windows, fails us)
getncchanges: Compute the partial attribute set from the remote schema
kcc: Don't check schedule if None
gc_tombstones: Typo fix
torture: Remove unnecessary whitespace
rpmd: Add the ldb error string to a debug
rpmd: Remove the seq_num check for skipping additional work
rpmd: Add a TODO regarding the additional work performed
rpmd: Skip bump of USN when vanishing forward links
tests: Assert vanishing links doesn't bump USN
tombstone-expunge: Assert than an expunge does not bump the USN
dbcheck: Make it clearer about temporary output
tests: Check that USN bumps when modifying a linked attr
tests: Skip a test for reveal internals for passing Windows
dbcheck: assert uSNChanged values in release-4-5-0-pre1
s4-auth: Don't check for NULL saltPrincipal if it doesn't need it
doc: Add doxygen for functions in srv_keytab.c
tombstones-expunge: Add a test for deleting links to recycled objects
collect_tombstones: Allow links to recycled objects to be deleted
upgradeprovision: Remove objectCategory from constructed attrs
tests/getnc_exop: Finish a comment in getnc_exop.py
tests/ridalloc_exop: Add a new suite of tests for RID allocation
samba_tool/fsmo: Allocate RID Set when seizing RID manager
Günther Deschner (52):
auth/ntlmssp: use ndr_push_AV_PAIR_LIST in gensec_ntlmssp_server_negotiate().
lib/socket/interfaces: Fix some uninitialied bytes.
Partly revert "s3:libads: setup the msDS-SupportedEncryptionTypes attribute on ldap_add"
s3:libnet:libnet_join: prepare to allow connecting with machine creds.
s3:libads:ldap: print LDAP error message with log level 10.
s3:libads:ndr: add ADS_AUTH_USER_CREDS to ndr_print_ads_auth_flags()
s3:libads:ldap: fix ads_check_ou_dn to deal with account_ou not being initialized
s3:libnet:libnet_join: always try to create machineaccount via LDAP first.
s3:librpc:idl:libnet_join: add encryption types to libnet_JoinCtx.
s3:libnet:libnet_join: define list of desired encryption types only once.
s3:libnet:libnet_join: fill in output enctypes and only modify when necessary.
s3:libnet:libnet_join: update msDS-SupportedEncryptionTypes (if required) with machine creds.
param: add parameter "server multi channel support", defaults to off.
s3:winbindd:idmap_hash: skip domains that already have their own idmap configuration.
s3:winbindd:idmap: check loadparm in domain_has_idmap_config() helper as well.
wscript: detect if we have libkdb5 and kdb.h.
s4-kdc: Introduce a simple sdb_kdb shim layer
mit_samba: Use sdb in the mit_samba plugin
mit_samba: Use talloc_zero in mit_samba_context_init().
mit-kdb: Do not overwrite the error code in failure case.
mit-kdb: Use calloc so both authdata elements are zeroed
mit-kdb: Use calloc to initialize master keylists.
mit-kdb: Return 0 in kdb_samba_db_put_principal()
mit-kdb: Restrict admin/changepw principal db_entry with some flags
s4-smb_server: check for return code of cli_credentials_set_machine_account().
s3-auth: check for return code of cli_credentials_set_machine_account().
s3:smbXsrv.idl: add 8 byte channel_sequence number and request counters to IDL.
libcli:smb:smbXcli_base: add smb2cli_session_current_channel_sequence() call.
torture:smb2: add test for checking sequence number wrap around.
lib/torture: add torture_assert_u64_not_equal_goto macro
s4:torture:smb2:rename.c: Fix file permissions.
CVE-2016-2111: s3:rpc_server/netlogon: always go through netr_creds_server_step_check()
lib:krb5_wrap:krb5_samba: increase debug level for smb_krb5_get_default_realm_from_ccache().
s3:librpc:crypto:gse: increase debug level for gse_init_client().
libcli/smb: fix NULL pointer derreference in smbXcli_session_is_authenticated().
s3:client:smbspool_krb5_wrapper: fix the non clearenv build.
s3-winbind: Fix schannel connections against trusted domain DCs
s3-libnet: Print error string even on successfuly completion of libnetjoin.
s3:libnet: accept empty realm for AD domains when only security=domain is set.
librpc: add decode_netlogon_samlogon_response_packet for mailslot debugging.
torture: show the first differing byte and a dump in torture_assert_data_blob_equal().
s4-torture: rename torture_suite_add_ndr_pullpush_test to torture_suite_add_ndr_pull_validate_test.
krb5pac: no need for a noprint PAC_BUFFER.
s4-torture: add ndr krb5pac testsuite.
s4-torture: add another krb5pac buffer to the ndr test.
s4-torture: add new torture_assert_krb5_error_equal macro.
s4-torture: fix compile of new NDR PAC tests with MIT Kerberos.
s4-torture: test GetPrinterData with server handle and 0 keylength.
s3-spoolss: fix _spoolss_GetPrinterDataEx by moving the keyname lengthcheck.
s3-spoolss: fix winreg_printer_ver_to_qword
spoolss: Use correct values for secdesc and devmode pointers
s4-torture: add spoolss_SetPrinter ndr test to validate secdesc_ptr
Hemanth Thummala (2):
Mask general purpose signals for notifyd.
Fix memory leak in share mode locking.
Herwin Weststrate (1):
Added MSV1_0_ALLOW_MSVCHAPV2 flag to ntlm_auth
Ira Cooper (4):
lib:dlinklist: avoid -Wtautological-compare errors with gcc6
ldb:dlinklist: avoid -Wtautological-compare errors with gcc6
source3/wscript: Add support for disabling vfs_cephfs
buildscripts: Fix the regression with --without-acl-support.
Ivo De Decker (1):
Add build option for default smbpasswd location
Jeremy Allison (176):
CVE-2015-7560: s3: smbd: Add refuse_symlink() function that can be used to prevent operations on a symlink.
CVE-2015-7560: s3: smbd: Refuse to get an ACL from a POSIX file handle on a symlink.
CVE-2015-7560: s3: smbd: Refuse to set an ACL from a POSIX file handle on a symlink.
CVE-2015-7560: s3: smbd: Refuse to set a POSIX ACL on a symlink.
CVE-2015-7560: s3: smbd: Refuse to get a POSIX ACL on a symlink.
CVE-2015-7560: s3: smbd: Set return values early, allows removal of code duplication.
CVE-2015-7560: s3: smbd: Silently return no EA's available on a symlink.
CVE-2015-7560: s3: smbd: Refuse to set EA's on a symlink.
CVE-2015-7560: s3: libsmb: Rename cli_posix_getfaclXX() functions to cli_posix_getacl() as they operate on pathnames.
CVE-2015-7560: s3: libsmb: Add SMB1-only POSIX cli_posix_setacl() functions. Needed for tests.
CVE-2015-7560: s3: torture3: Add new POSIX-SYMLINK-ACL test.
CVE-2015-7560: s3: torture3: Add new POSIX-SYMLINK-EA test.
s3:lib. Add split_stream_filename() Not yet used.
s3:lib: Rewrite synthetic_smb_fname_split() to use split_stream_filename().
s3:lib: Remove the const SMB_STRUCT_STAT * parameter from synthetic_smb_fname_split().
s3:lib: Move internal lp_posix_pathnames() call out of utility function synthetic_smb_fname_split().
s3: smbd: Simplify logic inside rename_internals_fsp() part 1.
s3: smbd: Simplify logic inside rename_internals_fsp() part 2
s3: smbd: Remove the last lp_posix_pathnames() in the rename path.
s3:smbd: Fix build for vfs_aixacl2.c.
s3:smbd:vfs: Change smb_get_nt_acl_nfs4() to take a const struct smb_filename *.
s3:smbd:vfs: Change posix_get_nt_acl() from const char * to const struct smb_filename *.
s3:vfs: Change smbacl4_GetFileOwner() to take const struct smb_filename * from const char *.
s3: vfs: vfs_hpuxacl. refuse_symlink() means we can always use STAT here.
s3: vfs: vfs_solarisacl. refuse_symlink() means we can always use STAT here.
s3:vfs: vfs_streams_xattr.c - Remove duplicate code. This is exactly vfs_stat_smb_basename().
s3:vfs: vfs_streams_xattr.c: Change walk_xattr_streams() to const struct smb_filename * from const char *.
s3: smbd: Reformatting - remove unneeded const char *fname variable.
s3: smbd: Change canonicalize_ea_name() to take a const smb_filename * parameter from const char *.
s3:smbd: Change get_ea_list_from_file_path() to take a const smb_filename * parameter from const char *.
s3:smbd: Change get_ea_names_from_file() to take a const smb_filename * parameter from const char *.
s3:smbd: Change refuse_symlink() to take a const smb_filename * parameter from const char *.
s3:vfs: Change get_acl_blob() to take a const smb_filename * parameter from const char *.
s3: vfs: vfs_xattr_tdb - cleanup. Remove unneeded variable "path".
nsswitch: linux: Remove use of strcpy().
examples: Remove all uses of strcpy in examples (except for validchr.c).
lib:tdb: Remove use of strcpy in tdb test.
nsswitch: winbind_nss_aix: Remove all uses of strcpy.
nsswitch: winbind_nss_solaris.c: Remove unused macro containing strcpy.
s3:smbd: Fix build for vfs_afsacl.c.
s3: vfs: vfs_afsacl. refuse_symlink() means we can always use STAT here.
s3:smbd: Move lp_posix_pathnames() out of ea_list_has_invalid_name().
s3: smbd: Add uint32_t flags field to struct smb_filename.
s3: Filenames: Add uint32_t flags parameter to synthetic_smb_fname().
s3: vfs: Remove use of lp_posix_pathnames() below the VFS.
s3: posix_acls. Always use STAT, not LSTAT here.
s3: smbd: Remove unneeded lp_posix_pathnames() check in SMB2 create.
s3: smbd: Remove many common uses of lp_posix_pathnames().
s3: vfs: recycle. Remove use of vfs_stat_smb_basename().
s3: vfs: vfs_acl_tdb. Remove use of vfs_stat_smb_basename().
s3: smbd: Modify vfs_stat_smb_basename() to take a const struct smb_filename * instead of const char *.
s3: torture. Remove spurious lp_posix_pathnames() included by cut-and-paste error.
s3: smbd: DFS - Remove the last lp_posix_pathnames() from the SMB2/3 code paths.
s3: smbd: DFS: Pass uint32_t ucf_flags through into resolve_dfspath_wcard().
s3: smbd: DFS: Pass uint32_t ucf_flags through into dfs_redirect().
s3: smbd: DFS: Pass uint32_t ucf_flags through into unix_convert().
s3: vfs: Use the new VFS functions for setting and getting DOS attributes.
lib:replace: Missing semicolon on function definition.
s3: vfs: full_audit. Sort vfs fn list and add comments on missing entries.
s3: vfs: full_audit. Add missing get_dfs_referrals_fn().
s3: vfs: full_audit. Add missing fsctl_fn().
s3: vfs: full_audit. Add audit_file_fn().
s3: vfs: full_audit. Implement missing durable_XXX functions.
s3: vfs: Sort vfs function entries in vfs_time_audit.
s3: vfs: time_audit. Add missing get_dfs_referrals().
s3: vfs: time_audit. Add missing fsctl().
s3: vfs: time_audit: Add get/fget/set/fset dos_attributes functions.
s3: vfs: time_audit. Add missing audit_file().
s3: libsmb: Fix error where short name length was read as 2 bytes, should be 1.
CVE-2015-5370: s3:rpc_server: ensure that the message ordering doesn't violate the spec
lib: dns: Clean up allocated structure on error exit.
s3: locking: Rename xxx_windows_lock_ref_count to xxx_lock_ref_count.
s3: locking: Add some const.
s3: locking: Add a const struct lock_context * paramter to set_posix_lock_posix_flavour()
s3: locking: Convert on the wire behavior of POSIX (UNIX extensions) locks from process-associated locks to open file description locks.
s3: torture: Add POSIX-OFD-LOCK test.
s3: lib: Add 'int op' parameter to fcntl_getlock().
s3: VFS: Add bool use_ofd_locks member to struct files_struct.
s3: lib: util: Add map_process_lock_to_ofd_lock() utility function.
s3: VFS: Map process-associated lock operation to open file description lock operation.
s3: wscript: Add checks for open file description locks.
s3: libsmb: Add sync and async cli_posix_whoami().
s3: smbclient: Add posix_whoami command.
s3: docs: Add documentation for posix_whoami command in smbclient.
s3: auth: Move the declaration of struct dom_sid tmp_sid to function level scope.
s3: lib: ldap: Use struct sockaddr_storage to cope with IPv6.
lib: tevent: Use struct sockaddr_storage to cope with IPv6.
lib: Fix uninitialized read in msghdr_copy
s3: krb5: keytab - The done label can be jumped to with context == NULL.
s4: dns: Correctly check for talloc failure.
s4: libcli: Internal SMB1 pid is already stored as and uses 32-bits. Correct getpid() cast.
s3: libsmb: Widen the internal client smb1.pid to 32-bits as is used on the wire and in libcli/smb/smb1*.c
s3: torture: Add test that proves Win2k12 correctly returns pidlow and pidhigh in SMB1 requests.
s3: smbd: Remove unused 'req' argument from setup_readX_header()
s3: smbd: Make setup_readX_header() externally accessible
s3: smbd: Use common function setup_readX_header() in aio read code.
s3: smbd: In reply_read_and_X() SMB1 server is overwriting part of the 'reserved' zero fields with reply data length.
s4: torture: Added raw readX test to ensure 'reserved' fields are zero.
s3: libsmb: Correctly trim a trailing \\ character in cli_smb2_create_fnum_send() when passing a pathname to SMB2 create.
s3: tldap: Remove asynchronous calls to gensec_update_send()/_recv() as for the spnego backend they're synchronous anyway.
s3: tldap: Make tldap_gensec_bind_send()/tldap_gensec_bind_recv() static.
s3: tdb: On some platforms pthread_mutex_trylock() returns EBUSY not EDEADLK.
s4: ldb: Ignore case of "range" in sscanf as we've already checked for its presence.
lib: talloc: Rename talloc_XXX() internal functions that take a 'struct talloc_chunk *' to tc_XXX().
s3: smbd: Fix delete operations enumerating streams inside a file. This must always be done as a Windows operation.
s3: torture: Regression test case to specify exactly how UNIX extensions should act on files with streams.
s4: torture: Don't crash if connections fail and treeXX variables are left as NULL.
WHATSNEW. Add text for Open File Description (OFD) locks.
s3: smbd: vfs: Remove any stale xattr values during file/directory create in vfs_xattr_tdb()
s4: messaging: Remove bool auto_remove parameter from imessaging_init().
s4: repl: Ensure all error paths in dreplsrv_op_pull_source_get_changes_trigger() are protected with tevent returns.
smbd: oplock: Fixup debug messages inside remove_oplock().
smbd: oplock: Factor out internals of remove_oplock() into new remove_oplock_under_lock().
s3: oplock: Fix race condition when closing an oplocked file.
s3: libsmb: Protect cli_connect_nb_send() from being passed a NULL hostname and dest_ss.
libgpo: Correctly use the 'server' parameter after parsing it out of the GPO path.
s3: vfs: shadow_copy2: Re-use an existing variable already set to the right value (p - name).
s3: vfs: shadow_copy2. Remove any trailing slash when stripping @GMT-YYYY... from the end of a path.
s3: vfs: shadow_copy2: Replace all uses of (p-name) with len_before_gmt.
s3: vfs: snapper: Add and use len_before_gmt, calculated as (p-name).
s3: vfs: snapper: Fix snapper_gmt_strip_snapshot() function to strip @GMT token identically to shadow_copy2.c:shadow_copy2_strip_snapshot()
s3: SMB1: Add missing FLAGS2 definitions from MS-SMB.
s3: libsmb: Add uint16_t additional_flags2 arg to cli_smb_send().
s3: libsmb: Add uint16_t addtional_flags2 to cli_trans_send().
s3: libsmb: Add uint16_t addtional_flags2 to cli_smb_req_create().
s3: libsmb: Add clistr_is_previous_version_path()
s3: libsmb: Plumb in additional_flags2 = FLAGS2_REPARSE_PATH to cli_setpathinfo_send().
s3: libsmb: Plumb in additional_flags2 = FLAGS2_REPARSE_PATH to cli_qpathinfo_send()
s3: libsmb: s3: libsmb: Plumb in additional_flags2 = FLAGS2_REPARSE_PATH to cli_rename_send().
s3: libsmb: s3: libsmb: Plumb in additional_flags2 = FLAGS2_REPARSE_PATH to cli_ntrename_internal_send().
s3: libsmb: s3: libsmb: Plumb in additional_flags2 = FLAGS2_REPARSE_PATH to cli_unlink_send().
s3: libsmb: s3: libsmb: Plumb in additional_flags2 = FLAGS2_REPARSE_PATH to cli_mkdir_send().
s3: libsmb: Plumb in additional_flags2 = FLAGS2_REPARSE_PATH to cli_rmdir_send()
s3: libsmb: Plumb in additional_flags2 = FLAGS2_REPARSE_PATH to cli_ntcreate1_send().
s3: libsmb: Plumb in additional_flags2 = FLAGS2_REPARSE_PATH to cli_nttrans_create_send().
s3: libsmb: Plumb in additional_flags2 = FLAGS2_REPARSE_PATH to cli_openx_create().
s3: libsmb: Plumb in additional_flags2 = FLAGS2_REPARSE_PATH to cli_getatr_send().
s3: libsmb: Plumb in additional_flags2 = FLAGS2_REPARSE_PATH to cli_setatr_send().
s3: libsmb: Plumb in additional_flags2 = FLAGS2_REPARSE_PATH to cli_chkpath_send().
s3: libsmb: Plumb in additional_flags2 = FLAGS2_REPARSE_PATH to cli_ctemp_send().
s3: libsmb: Make a comment note that cli_set_ea() needs some internal changes before cli_set_ea_path() can use previous path versions.
s3: libsmb: Plumb in additional_flags2 = FLAGS2_REPARSE_PATH to cli_list_trans_send().
s3: libsmb: Correctly set max_setup_size in FSCTL_GET_SHADOW_COPY_DATA nttrans ioctl.
s3: libsmb: Do some hardening in the receive processing of cli_shadow_copy_data_recv().
s3: smbclient: In order to get shadow copy data over SMB1 we must call cli_shadow_copy_data() twice.
s3: smbclient. Ensure we don't crash by freeing uninitialized *snapshots.
s3: libsmb: Correctly align create contexts in a create call.
s3: libsmb: Add return args to clistr_is_previous_version_path().
s3: libsmb: Add cli_smb2_shadow_copy_data() function that gets shadow copy info over SMB2.
s3: libsmb: Plumb new SMB2 shadow copy call into cli_shadow_copy_data().
s3: libsmb: Add the capability to find a @GMT- path in an SMB2 create and transform to a timewarp token.
s3: vfs: Fix compilation error on Solaris.
lib/poll_funcs: free contexts in poll_funcs_state_destructor()
lib: poll_funcs : poll_funcs_context_slot_find can select the wrong slot to replace.
s3: winbind: Make WBC_AUTH_USER_LEVEL_PAC prime the name2sid cache.
s3: auth: Use wbcAuthenticateUserEx to prime the caches.
s3: winbind: refresh_sequence_number is only ever called with 'false'.
s3: winbind: Trust name2sid mappings from the PAC.
s3: winbind: Ensure we store name2sid with the correct cache sequence number.
s3: nmbd: Add fd, triggered elements to struct socket_attributes.
s3: nmbd: Ensure attrs array mirrors fd's array for dns.
s3: nmbd: Now attrs array mirrors fd's array use it in preference.
s3: nmbd: Add (currently unused) timeout and fd handlers.
s3: nmbd: Add a talloc_stackframe().
s3: nmbd: Change over to using tevent functions from direct poll.
s3: nmbd: Final changeover to stock tevent for nmbd.
s3: winbind: Remove dump_event_list() calls.
s3: server: s3_tevent_context_init() -> samba_tevent_context_init()
s3: events. Move events.c to util_event.c
s3: cldap: cldap_multi_netlogon_send() fails with one bad IPv6 address.
s3: libsmb: Fix cut and paste error using the wrong structure type.
s3: torture: vfstest. unlink cmd must be stream aware.
s3: vfs: Remove files/directories after the streams are deleted.
s3: selftest: Add test for orphan 'lost-XXX' directories in streams_depot.
s3: vfs: streams_depot. Use conn->connectpath not conn->cwd.
s3/smbd: fix the last resort check that sets the file type attribute
Jim McDonough (1):
winbind: honor 'socket options' in winbind
Jorge Schrauwen (1):
configure: Don't check for inotify on illumos
Jose A. Rivera (11):
ctdb-scripts: Avoid dividing by zero in memory calculation
ctdb-scripts: Various small fixes to example nfs-ganesha-callout
ctdb-scripts: Organize global variables in nfs_ganesha_callout
ctdb-scripts: Add register action to nfs-ganesha-callout
ctdb-scripts: Use D-Bus messages to trigger grace in nfs-ganesha-callout
ctdb-scripts: Cleanup service_check() in nfs-ganesha-callout
ctdb-scripts: Parametize symlink checking in nfs-ganesha-callout
ctdb-scripts: Add config options for use by clustered NFS
ctdb-scripts: Section off GPFS-specific functionality in nfs-ganesha-callout
ctdb-scripts: Add GlusterFS support to nfs-ganesha-callout
krb5_wrap: Fix build error when not using heimdal.
Jérémie Courrèges-Anglas (2):
Fix CHECK_CODE usage in atomics builtin detection
Provide fallback code for non-portable clearenv(3)
Karolin Seeger (11):
WHATSNEW: Start release notes for Samba 4.5.0rc2.
docs: Bump version up to 4.5.
WHATSNEW: Add changes since rc1.
VERSION: Disable git snapshots for the 4.5.0rc2 release.
VERSION: Bump version up to 4.5.0rc3...
WHATSNEW: Add release notes for Samba 4.5.1.
VERSION: Disable git snapshots for the 4.5.1 release.
VERSION: Bump version up to 4.5.2...
Revert "script/release.sh: use 8 byte gpg key ids"
WHATSNEW: Add release notes for Samba 4.5.2.
VERSION: Disable git snapshots for the 4.5.2 release.
Lorinczy Zsigmond (1):
lib: replace: snprintf - Fix length calculation for hex/octal 64-bit values.
Mantas Mikulėnas (1):
samr4: Use <SID=%s> in GetAliasMembership
Marc Muehlfeld (6):
man: Wrong option for parameter ldap ssl in smb.conf man page
WHATSNEW.txt: Added more details about multiple DNS forwarders
Added Wiki link to replPropertyMetaData Changes section
Removed upgrading-samba4.txt
Added Wiki link to replPropertyMetaData Changes section
Removed upgrading-samba4.txt
Martin Schwenke (377):
ctdb-tests: Fix description of NFS tickle test
ctdb-tests: Fix CIFS tickle test
ctdb-tests: Re-indent and re-format some functions
ctdb-tests: Allow tcptickle_sniff_wait_show() to filter by MAC address
ctdb-tests: Add a new NFS tickle test for the releasing node
ctdb-doc: Drop outdated NEWS file
ctdb-tools: Drop "ctdb rebalanceip"
ctdb-tools: Drop "ctdb rebalancenode"
ctdb-recoverd: Drop use of DeferredRebalanceOnNodeAdd tunable
ctdb-tunables: Mark tunable DeferredRebalanceOnNodeAdd obsolete
ctdb-daemon: Validate length of new interface names
ctdb-daemon: Replace an unsafe strcpy(3) call
ctdb-util: Move rb_tree.c to ctdb-util
ctdb-tests: Link ctdb-util instead of including
ctdb-killtcp: Use the given event context directly
ctdb-killtcp: Determine the interface as soon as vnn is known
ctdb-killtcp: Avoid CTDB_NO_MEMORY()
ctdb-killtcp: Change struct ctdb_tcp_kill to store arbitrary destructor data
ctdb-killtcp: Factor out ctdb_killtcp()
ctdb-killtcp: Factor out killtcp code into separate file.
ctdb-killtcp: Avoid unnecessary dependency on lib/util/time.h
ctdb-killtcp: Simplify includes by using ctdb_sock_addr_to_string()
ctdb-killtcp: New helper ctdb_killtcp
ctdb-scripts: Add interface argument to kill_tcp_connections()
ctdb-scripts: Use ctdb_killtcp helper to kill connections
ctdb-tools: Drop "ctdb killtcp" command
ctdb-client: Drop killtcp client functions
ctdb-daemon: Remove implementation of CTDB_CONTROL_KILL_TCP
ctdb-protocol: Drop killtcp protocol support
ctdb-killtcp: Merge "common" killtcp code into helper
ctdb-killtcp: Drop check to see if capture socket can be read
ctdb-killtcp: Drop unnecessary casts
ctdb-killtcp: Don't send initial tickle ACK during setup
ctdb-killtcp: Set debug level via environment variable CTDB_DEBUGLEVEL
ctdb-killtcp: Clarify a debug message
ctdb-system: Return window size and RST bit when reading TCP packets
ctdb-killtcp: Filter out sent packets
ctdb-killtcp: Keep track of number of kill attempts and maximum allowed
ctdb-killtcp: Don't count attempts for individual connections
ctdb-killtcp: Store retry interval in killtcp structure
ctdb-killtcp: Send tickle ACKs in batches
ctdb-killtcp: Change default retry interval, batch size and attempts
ctdb-scripts: die() should output to stderr
ctdb-scripts: Drop hardcoded /sbin and /proc paths in LVS eventscript
ctdb-scripts: LVS eventscript error redirection improvements
ctdb-scripts: Drop "recovered" event from 91.lvs
ctdb-tests: Allow scope to be specified in "ip addr add" stub
ctdb-tests: Add loopback support for "ip link show" stub
ctdb-tests: Add 32-bit netmask support to "ip addr show" stub
ctdb-tests: Add ipvsadm test stub
ctdb-tests: LVS support for ctdb tool stub
ctdb-tests: Add unit tests for LVS eventscript
ctdb-scripts: LVS eventscript cleanups
ctdb-tools: Add new ctdb_lvs helper
ctdb-scripts: Move ctdb_get_ip_address() to functions file
ctdb-scripts: Call out to ctdb_lvs helper from 91.lvs
ctdb-scripts: Add monitoring of CTDB_LVS_PUBLIC_IFACE
ctdb-tool: Change ctdb lvs/lvsmaster CLI commands to use ctdb_lvs helper
ctdb-tools: Change ctdb CLI to have a single "lvs" command
ctdb-scripts: Simplify "ctdb lvs ..." output
ctdb-daemon: Drop --single-public-ip option and related code
ctdb-daemon: Drop --lvs option and support for CTDB_CAP_LVS
ctdb-daemon: Log a message when fork(2) fails
ctdb-scripts: Missing NFS thread count file should just produce warning
ctdb-scripts: Use ss instead of netstat for finding TCP connections
ctdb-tools: Remove simple uses of strcpy(3)
ctdb-tools: Fix a dangling reference to the LVS capability
ctdb-scripts: Improve error messages when using NFS service_check_cmd
ctdb-daemon: Move port filtering to server side when getting tickles
ctdb-ipalloc: Do ipreallocated even if no IP addresses can be allocated
ctdb-scripts: Fix incorrect comment
ctdb-scripts: Tweak NAT gateway list output format
ctdb-scripts: Drop node count from "ctdb natgw status" output
ctdb-tools: Add top-level "ctdb natgw" command
ctdb-tests: Make ctdb natgw tool tests cover all the desired outputs
ctdb-tools: Drop "ctdb natgwlist"
ctdb-tools: Drop onnode node specifications for recmaster/lvs/natgw
ctdb-build: ctdb-system depends on samba-util for debug
ctdb-recovery: Rename recovery lock functions and struct
ctdb-recovery: Use single char ASCII numbers for status from child
ctdb-recovery: Factor out new function set_recmode_handler()
ctdb-recovery: Use a configurable handler when testing cluster mutex
ctdb-recovery: Factor out reclock testing into ctdb_cluster_mutex()
ctdb-recovery: Add optional timeout argument to ctdb_cluster_mutex()
ctdb-tools: Simplify "ctdb getreclock" output
ctdb: Add new helper ctdb_mutex_fcntl_helper
ctdb-recovery: Switch ctdb_cluster_mutex() to use helper
ctdb-recovery: Kill cluster mutex helper with a signal that can be caught
ctdb-recovery: Reimplement ctdb_recovery_lock() using ctdb_cluster_mutex()
ctdb-recovery: Parse recovery lock setting
ctdb-recovery: Recovery lock setting can now include helper command
ctdb_recovery: ctdb_cluster_mutex() now takes an argstring argument
ctdb-recovery: Factor out setting of cluster mutex handler
ctdb-cluster-mutex: Factor out cluster mutex code
ctdb-recovery: Move recovery lock functions to recovery daemon code
ctdb-recovery: Move recovery lock latency updating to handler
ctdb-doc: Document cluster mutex helper API
ctdb-doc: Fix example NFS Ganesha recovery directory maintenance logic
ctdb-recover: Avoid duplicate deferred attach processing
ctdb-daemon: Don't use CTDB_SRVID_TAKEOVER_RUN_RESPONSE
ctdb-protocol: Drop unused CTDB_SRVID_TAKEOVER_RUN_RESPONSE
ctdb-recoverd: Drop unreachable code
ctdb-recoverd: Simplify return values when updating local flags
ctdb-recoverd: Call election when necessary in recovery master validation
ctdb-recoverd: Check that IP failover is active in IP verification
ctdb-recoverd: Skip known IP address checking when it is disabled
ctdb-recoverd: Clean up local IP verification
ctdb-recoverd: Fold IP allocation house-keeping into IP verification
ctdb-takeover: Drop ipreallocated fallback code
ctdb-takeover: PNN can be used to index into node map
ctdb-takeover: Takeover callback data doesn't need a node map
ctdb-takeover: New function takeover_callback_data_init()
ctdb-takeover: Use the takeover_run_fail_callback() in more cases
ctdb-takeover: Have the takeover fail callback log a message
ctdb-takeover: Send banning credit messages from fail callback
ctdb-takeover: Count takeover run failures
ctdb-takeover: Only apply banning credits to the worst offender
ctdb-takeover: Recovery daemon no longer passes fail callback
ctdb-takeover: Do not set node unhealthy when "takeip" fails
ctdb-recoverd: Drop explicit check to flag takeover run needed
ctdb-recoverd: Move takeover run checks after recover checks
ctdb-recoverd: Drop an unnecessary log message
ctdb-recoverd: Add early return in srvid_requests_reply()
ctdb-recoverd: Unify takeover run triggering code in main loop
ctdb-scripts: Support systemctl directly
ctdb-scripts: Drop unnecessary detect_init_style() call
ctdb-scripts: New functions ip_block() and ip_unblock()
ctdb-scripts: Rename get_iface_ip_maskbits_family() to get_iface_ip_maskbits()
ctdb-tests: Drop no-op functions and add an ip6tables stub
ctdb-scripts: Simplify ip_maskbits_iface()
ctdb-tests: Allow local daemons to be run under valgrind
ctdb-tests: Make sure empty override values are properly quoted
ctdb-common: Use correct macro for checking Ethernet hardware family
ctdb-tests: Replace "ctdb setrelock" test with "ctdb getreclock" test
ctdb-tool: Drop support for "ctdb setreclock" command
ctdb-recovery: Consistency check reclock in start recovery control
ctdb-recovery: Don't sync recovery lock across cluster
ctdb-recovery: Don't update recovery lock from daemon
ctdb-client: Remove support for SET_RECLOCK
ctdb-protocol: Drop support for SET_RECLOCK
ctdb-protocol: CTDB_CONTROL_SET_RECLOCK_FILE is obsolete
ctdb-daemon: Drop function ctdb_set_recovery_lock_file()
ctdb-daemon: Rename recovery lock file to just recovery lock
ctdb-recoverd: Don't expose internal cluster mutex status
ctdb-recoverd: Fix buggy function return on memory allocation failure
ctdb-cluster-mutex: Don't call the supplied hander more than once
ctdb-recoverd: No need to reset reclock handler
ctdb-cluster-mutex: Pass a talloc context to allocate the handle off
ctdb-recoverd: Recovery lock handle should be in recovery deamon context
ctdb-recoverd: Simplify reclock handler
ctdb-recovery: Wrap private data for reclock test callback
ctdb-cluster-mutex: Drop cluster_mutex_handler() ctdb and handle arguments
ctdb-cluster-mutex: ctdb_cluster_mutex() registers handler and private data
ctdb-cluster-mutex: Register an extra handler for when mutex is lost
ctdb-recoverd: Add handler for lost recovery lock
ctdb-recoverd: Release recovery lock on exit
ctdb-scripts: Move NFS callout-related code to functions file
ctdb-scripts: Add eventscript 06.nfs
torture: Add tests for trim_string()
lib/util: Optimise trim_string() to use a single memmove(3)
ctdb-tests: Remove unused tests from IP takeover test harness
ctdb-tests: Simplify read_ctdb_public_ip_info() using new function add_ip()
ctdb-tests: Don't bother setting all_ips
ctdb-tests: Drop all_ips argument from read_ctdb_public_ip_info()
ctdb-tests: Drop CTDB_TEST_MAX_IPS
ctdb-tests: read_ctdb_public_ip_info() reads all test input
ctdb-tests: Assign known and available arrays via pointers.
ctdb-tests: Build a node map instead of a hacky node flags array
ctdb-tests: Drop CTDB_TEST_MAX_NODES
ctdb-ipalloc: Move if-statement with broken condition
ctdb-ipalloc: Drop an unnecessary check
ctdb-ipalloc: Do not use node count or PNNs from CTDB context
ctdb-ipalloc: Drop a use of CTDB_NO_MEMORY_NULL()
ctdb-ipalloc: Drop remote IP verification
ctdb-recoverd: Drop code to change the IP assignment tree
ctdb-tools: Don't bother sending CTDB_SRVID_RECD_UPDATE_IP
ctdb-ipalloc: Drop code to update IP assignment tree
ctdb-ipalloc: Don't build a global IP tree
ctdb-ipalloc: Clean up reloading of remote public IPs
ctdb-ipalloc: Remove function ctdb_reload_remote_public_ips()
ctdb-ipalloc: New function ipalloc_set_public_ips()
ctdb-ipalloc: Move create_merged_ip_list() into ipalloc
ctdb-ipalloc: Drop known public IPs from IP allocation state
ctdb-ipalloc: New function ipalloc_can_host_ips()
ctdb-ipalloc: Fix buggy short-circuit when no IPs are available
ctdb-ipalloc: Make no_ip_failback a boolean
ctdb-ipalloc: Pass extra data to IP allocation state initialisation
ctdb-ipalloc: Move ipalloc state initialisation to ipalloc.c
ctdb-ipalloc: Switch set_ipflags_internal() to use a new-style node map
ctdb-ipalloc: Move set_ipflags_internal() to ipalloc
ctdb-ipalloc: ipalloc() returns public IP list
ctdb-ipalloc: IP allocation state is now an opaque structure
ctdb-tests: Drop use of CTDB context from takeover test
ctdb-tests: Allow takeover tests to be run under valgrind
ctdb-ipalloc: Drop implicit dependency on ctdb-common
ctdb-tests: Link to ctdb-ipalloc instead of using ctdbd_test.c
ctdb-scripts: Drop optional argument to nfs_check_services()
ctdb-scripts: Export CTDB_BASE in functions file
ctdb-scripts: Update script boilerplate to avoid shellcheck warnings
ctdb-scripts: Fix incorrect variable reference
ctdb-scripts: Fix incorrect variable reference
ctdb-scripts: Use globs instead of ls to list files
ctdb-scripts: Fix incorrect variable reference
ctdb-scripts: Quote some variable expansions
ctdb-client: Fix incorrect variable reference
ctdb-client: Fix access after free error
ctdb-tools: Avoid uninitialised memory access
ctdb-scripts: Fix a bug in counter checking
ctdb-tests: Add reclock event script tests
ctdb-tests: Add new vsftpd event script test
ctdb-tests: Add new httpd event script test
ctdb-tests: New event script test for corrupt TDB checking
ctdb-scripts: Drop use of ctdb_standard_event_handler()
ctdb-scripts: Event script indentation and whitespace cleanups
ctdb-scripts: Drop use of service_tcp_ports
ctdb-scripts: Drop use of ctdb_check_counter from httpd event script
ctdb-scripts: Drop use of ctdb_check_counter from reclock event script
ctdb-scripts: Drop use of ctdb_check_counter from vsftpd event script
ctdb-scripts: Drop function ctdb_check_counter()
ctdb-scripts: Avoid shellcheck warning SC2016 ($ in single quotes)
ctdb-scripts: Avoid shellcheck warnings SC2030, SC2031 (subshell variables)
ctdb-scripts: Avoid shellcheck warning SC2004 ($ in arithmetic)
ctdb-scripts: Avoid shellcheck warning SC2034 (unused variables)
ctdb-scripts: Avoid shellcheck warnings SC2046, SC2086 (double-quoting)
ctdb-scripts: Avoid shellcheck warning SC2154 (unassigned variables)
ctdb-scripts: Avoid shellcheck warning SC1004 (backslash in quotes)
ctdb-scripts: Avoid shellcheck warning SC2017 (arithmetic precision)
ctdb-scripts: Avoid shellcheck warning SC2002 (useless cat)
ctdb-scripts: Avoid shellcheck warnings SC2119, SC2120 (function arguments)
ctdb-scripts: Avoid shellcheck warning SC2015 (A && B || C)
ctdb-scripts: Avoid shellcheck warning SC2039 (type command)
ctdb-scripts: Avoid shellcheck warning SC2039 (echo -n)
ctdb-scripts: Avoid shellcheck warning SC2094 (read/write same file)
ctdb-scripts: Avoid shellcheck warning SC2039 (test -nt operator)
ctdb-scripts: Avoid shellcheck warning SC2039 (non-portable ulimit options)
ctdb-scripts: Avoid shellcheck warning SC2038 (find without -print0)
ctdb-scripts: Avoid shellcheck warning SC2012 (ls for file list)
ctdb-scripts: Avoid chellcheck warning SC2012 (ls for file list)
ctdb-scripts: Avoid shellcheck warning SC2059 ($ in printf format)
ctdb-scripts: Avoid shellcheck warning SC2155 (declare, assign)
ctdb-scripts: Avoid shellcheck warning SC2124 (string=array)
ctdb-scripts: Avoid shellcheck warning SC2006 (legacy `..`)
ctdb-tests: Add new test support script for script install paths
ctdb-tests: Add shellcheck test suite
ctdb-doc: Drop documentation for "ctdb setmonmode"
ctdb-doc: Drop documentation for "ctdb xpnn"
ctdb-doc: Update allowed debug levels to include "ERROR"
ctdb-doc: Document limitation of "ctdb reloadips"
ctdb-tests: Require setup_ctdbd() call in tool tests
ctdb-tests: Clean up temporary files in tool tests
ctdb-tests: Allow fake_ctdbd and tool to be run under valgrind in tool tests
ctdb-tests: Allow secondary tool commands to be tested
ctdb-tests: Have fake_ctdbd log request IDs
ctdb-tests: Error on invalid destnode in fake_ctdbd
ctdb-tests: Drop a "ctdb reloadnodes" tool test
ctdb-tests: Add "ctdb ifaces" tool test
ctdb-tests: Add "ctdb ping" tool test
ctdb-tests: Add "ctdb recmaster" tool tests
ctdb-tests: Add "ctdb uptime" tool test
ctdb-tests: Add "ctdb process-exists" tool test
ctdb-tools: Simplify "ctdb getpid" output format
ctdb-tests: Add "ctdb getpid" tool test
ctdb-tools: Simplify "ctdb pnn" output format
ctdb-tests: Add "ctdb pnn" tool test
ctdb-tools: Simplify "ctdb getdebug" output format
ctdb-tests: Add "ctdb setdebug" tool tests
ctdb-tests: Add "ctdb runstate" tool tests
ctdb-tests: Add "ctdb listvars/getvar/setvar" tool tests
ctdb-tests: Add "ctdb setifacelink" tool tests
ctdb-tools: Simplify "ctdb getmonmode" output format
ctdb-tests: Add "ctdb getmonmode/disablemonitor/enablemonitor" tool tests
ctdb-tests: Implement GET_RECLOCK_FILE control in fake_ctdbd
ctdb-tests: Add "ctdb getreclock" tool tests
ctdb-tests: Implement STOP_NODE and CONTINUE_NODE controls in fake_ctdbd
ctdb-tests: Implement TAKEOVER_RUN message in fake_ctdbd
ctdb-tests: Add "ctdb stop/continue" tool tests
ctdb-tests: Implement SET_BAN_STATE control in fake_ctdbd
ctdb-tests: Add "ctdb ban/unban" tool tests
ctdb-tests: Implement MODIFY_FLAGS control in fake_ctdbd
ctdb-tests: Add "ctdb disable/enable" tool tests
ctdb-tools: Simplify "ctdb getdbseqnum" output format
ctdb-tests: Implement database related controls in fake_ctdbd
ctdb-tests: Add database related tool tests
WHATSNEW: CTDB updates
ctdb-doc: Integrate ctdb_diagnostics man page into build
ctdb-doc: ctdb_diagnostics(1) tweaks and cross-references
ctdb-ipalloc: Use a cumulative timeout for takeover run stages
ctdb-daemon: Move CTDB VNN structure to IP takeover code
ctdb-daemon: Deletion of IPs is deferred until the next takeover run
ctdb-tests: Avoid division by zero in NFS eventscript unit test
ctdb-tests: Remove duplicate EOF terminators in some tool unit tests
ctdb-tests: Avoid portability issue in porting tests
ctdb-tests: Pretend not to ignore return from fgets()
ctdb-daemon: Fix CID 1364527/8/9: Null pointer dereferences (NULL_RETURNS)
ctdb-packaging: Move ctdb tests to libexec directory
ctdb-tests: Stop cross-talk between reclock tests
ctdb-tests: Add --interactive/-i option to test options parsing code
ctdb-tests: Implement --interactive/-i option in message_ring
ctdb-tests: Clean up and rename simple message_ring test
ctdb-tests: Implement --interactive/-i option in fetch ring
ctdb-tests: Clean up and rename simple fetch_ring test
ctdb-tests: Implement --interactive/-i option in transaction_loop
ctdb-tests: Clean up and rename simple transaction_loop test
ctdb-tests: Clean up and rename simple transaction_loop recovery test
ctdb-common: Fix CID 1125553 Buffer not null terminated (BUFFER_SIZE_WARNING)
ctdb-common: Consistently use strlcpy() on interface names
ctdb-utils: Fix CID 1297451 Explicit null dereferenced (FORWARD_NULL)
ctdb-daemon: Fix CID 1363233 Resource leak (RESOURCE_LEAK)
ctdb-daemon: Fix CID 1363067 Resource leak (RESOURCE_LEAK)
ctdb-mutex: Fix CID 1359217 Resource leak (RESOURCE_LEAK)
ctdb-common: Fix CID 1363227 Resource leak (RESOURCE_LEAK)
ctdb-tests: Fix CID 1361816 Buffer not null terminated (BUFFER_SIZE_WARNING)
ctdb-common: Fix CID 1125581 Dereference after null check (FORWARD_NULL)
ctdb-common: Fix CID 1125583 Dereference after null check (FORWARD_NULL)
ctdb-common: Fix CID 1125585 Dereference after null check (FORWARD_NULL)
ctdb-daemon: Fix CID 1125627 Resource leak (RESOURCE_LEAK)
ctdb-mutex: Avoid corner case where helper is already reparented to init
ctdb-tools: Add early return for empty connection list
ctdb-tools: "ctdb tickle" command should run without daemon
ctdb-doc: Document that "ctdb tickle" can now read from stdin
ctdb-packaging: Stop RPM from renaming working config to ctdb.rpmsave
ctdb-daemon: Clean up SET_DB_PRIORITY/GET_DB_PRIORITY deprecation
ctdb-daemon: Fix CID 1272855 Operands don't affect result
ctdb-daemon: Fix CID 1125575 Operands don't affect result
ctdb-daemon: Fix CID 1125574 Operands don't affect result
ctdb-tests: Update porting test to be more flexible about line numbers
ctdb-common: Fix CID 1362729 Unchecked return value from library
ctdb-common: Fix CID 1362728 Unchecked return value from library
ctdb-tcp: Fix CID 1362727 Unchecked return value from library
ctdb-tcp: Set file descriptor to -1 after close.
ctdb-daemon: Fix CID 1362726 Unchecked return value from library
ctdb-client: Fix CID 1362725 Unchecked return value from library
ctdb-client: Print error message before next syscall to avoid losing errno
ctdb-tcp: Fix CID 1362724 Unchecked return value from library
ctdb-daemon: Fix CID 1362723 Unchecked return value from library
ctdb-logging: Fix CID 1272823 Unchecked return value from library
ctdb-tools: Fix CID 1125618 String not null terminated (STRING_NULL)
ctdb-tools: Consistently use db_name
ctdb-common: Save errno before closing file to keep debug accurate
ctdb-daemon: Try to release IP address even if interface is unknown
ctdb-daemon: Do not update the VNN state on RELEASE_IP failure
ctdb-daemon: Do not copy address for RELEASE_IP message
ctdb-daemon: Factor out new function release_ip_post()
ctdb-daemon: Use release_ip_post() when releasing all IP addresses
ctdb-daemon: Rename takeover_callback_state -> release_ip_callback_state
ctdb-daemon: When releasing an IP, update PNN in callback
ctdb-ipalloc: Fix cumulative takeover timeout
ctdb-tests: Drop function _ctdb_hack_options()
ctdb-tests: Drop attempts to pass arguments to ctdbd on (re)start
ctdb-tests: Move local daemon configuration creation into setup_ctdb()
ctdb-tests: Remove function daemons_start_1()
ctdb-tests: Reimplement daemons_stop() using ctdbd_wrapper
ctdb-daemon: Schedule running of callback if there are no event scripts
ctdb-daemon: Handle failure immediately, do housekeeping later
ctdb-daemon: Don't steal control structure before synchronous reply
ctdb-tests: Factor out function config_from_environment()
ctdb-tests: Conditionally use temporary config file for local daemons
ctdb-tests: Add a test to ensure that CTDB works with no eventscripts
ctdb-tools: CID 1125617 String not null terminated (STRING_NULL)
ctdb-tests: CID 1125635 Dereference null return value (NULL_RETURNS)
ctdb-ipalloc: Store known public IPs in IP allocation state
ctdb-ipalloc: Whether IPs can be hosted need not depend on merged IP list
ctdb-ipalloc: Optimise check to see if IPs can be hosted
ctdb-ipalloc: Drop known_ips argument from merged IP list creation
ctdb-ipalloc: Move merged IP list creation to ipalloc()
ctdb-ipalloc: ipalloc_set_public_ips() can't fail
ctdb-tests: Factor out new local daemons functions ps_ctdbd
ctdb-tests: Add new public IP takeover no-op test
ctdb-packaging: Fix systemd network dependency
ctdb-daemon: Use PID file abstraction
ctdb-daemon: Bind to Unix domain socket after PID file creation
ctdb-daemon: Don't try to reopen TDB files
ctdb-daemon: Drop attempt to connect to Unix domain socket
ctdb-daemon: Log when removing stale Unix domain socket
ctdb-scripts: ctdbd_wrapper should never remove the PID file
ctdb-packaging: Move CTDB tests to /usr/local/share/ctdb/tests/
ctdb-tests: Add tests for updated Debian style Samba start/stop
Mathieu Parent (4):
New upstream version 4.5.0+dfsg
New upstream version 4.5.1+dfsg
ctdb-scripts: Fix Debian init in samba eventscript
New upstream version 4.5.2+dfsg
Michael Adam (109):
smbd:smb2: remove an unnecessary !! cast.
smbd: enable multi-channel if 'server multi channel support = yes' in the config
s3:winbindd:idmap: add domain_has_idmap_config() helper function.
idmap_hash: rename be_init() --> idmap_hash_initialize()
idmap_hash: only allow the hash module for default idmap config.
smbd: fix use after free via conn->fsp_fi_cache
smbd:smb2: add a modify flag to dispatch table
smbd:smb2: add request_counters_updated to the smbd_smb2_request struct
smbd:smb2: implement channel sequence checks and request counters in dispatch
smbd:smb2: update outstanding request counters before sending a reply
smbd:smb2: add some asserts before decrementing the counters
torture:smb2: use assert, not warning in error case in durable-open.reopen1a
torture:smb2: fix crashes in smb2.durable-open.reopen1a test
torture:smb2: durable-open.reopen1a only needs one io struct
torture:smb2: for oplocks, durable reconnect works with different client guid
torture:smb2: add durable-open.reopen1a-lease
torture:smb2: use assert, not warning in error case in durable-v2-open.reopen1a
torture:smb2: fix crashes in smb2.durable-v2-open.reopen1a test
torture:smb2: get rid of supefluous io2 var in durable-v2-open.reopen1a
torture:smb2: for oplocks, durable reconnect works with different client-guid
torture:smb2: add durable-v2-open.reopen1a-lease
tevent:threads: fix -O3 error unused result of write
tevent:signal: fix -O3 error unused result of write
tevent:signal: fix -O3 error unused result of read
tevent:testsuite: fix O3 errors unused result for read
tevent:testsuite: fix O3 errors unused result of write
tdb:torture: fix -O3 error unused result code of read
tdb:torture: fix -O3 error unused result of write
debug: fix -O3 warning - unused return code of write()
lib: add sys_read_v - void variant of sys_read
lib: add sys_write_v - void variant of sys_write
s4:libcli:resolve: fix O3 error unused result of write
s4:registry:patchfile: fix O3 error unused result of write
s4:ntvfs: fix O3 error unused result of asprintf
s4:ntvfs: fix O3 error unused result of asprintf in svfs_file_utime
s4:ntvfs: fix O3 error unused result of asprintf in cifspsx_map_fileinfo
s4:ntvfs: fix O3 error unused result of asprintf in cifspsx_list_unix
s4:ntvfs: fix O3 error unused result of asprintf in cifspsx_file_utime()
s4:ntvfs: fix O3 error unused result of write error in nbench_log()
s4:regshell: fix O3 error unused result of asprintf in reg_complete_key()
s4:torture:basic: fix O3 error unused result of asprintf
s4:torture:basic:misc: fix O3 error unused result of asprintf
s4:torture:basic: fix O3 error unused result of write
s4:torture:basic:dir: fix O3 error unused result of asprintf
s4:torture:basic:delete: fix O3 error unused result of asprintf
s4:torture:rpc:samlogon: fix O3 error unused result of asprintf
s4:torture:nbench: fix O3 error unused result of asprintf
s4:client: fix O3 error unused result of of chdir and system
s3:samlogon_cache: fix O3 error unused result of truncate
s3:utils:log2pcaphex: fix O3 error unused result of fgets
s3:utils:log2pcaphex: fix O3 error uninitialized variable
s3:smbfilter: fix O3 error unused result of system()
s3:vfs:aio_fork: fix O3 error unused result of write
s3:vfs:preopen: fix O3 error unused result of write
examples:smbclient:testacl3: fix O3 error unused result from fgets
examples:smbclient:notify: fix O3 error unused result from fgets
examples:smbclient:statvfs: fix O3 error unused result of fgets
examples:smbclient:fstatvfs: fix O3 error unused result of fgets
examples:smbclient:read: fix O3 error unused result of fgets
examples:smbclient:write: fix O3 error unused result of fgets
autobuild: add a target samba-o3 that is built with -O3
autobuild: run the samba-o3 target by default
travis: run the samba-o3 target
s3:vfs: add 'kernel_share_modes_taken' to files_struct
smbd:close: only remove kernel share modes if they had been taken at open
notifyd: prevent NULL deref segfault in notifyd_peer_destructor
selftest: fix printf in cleanup_child()
selftest: improve misleading indentation in cleanup_child()
selftest: improve logic in cleanup_child() with early return
selftest: systematize formatting of if/elseif/else indentation in cleanup_child
ctdb:tcp: add missing spaces in debug message in ctdb_tcp_node_connect()
ctdb:banning: timedout->timed out in dbg messages in ctdb_ban_node_event()
ctdb:eventscript: timedout->timed out in ctdb_event_script_args()
ctdb:tests: timedout->timed out in 60.nfs.multi.004 test
ctdb:banning: Improve a debug message
ctdb:banning: Improve debug message in ctdb_ban_node_event()
ctdb: set the path to 'ctdb' in 'functions' in CTDB
ctdb: make sure scripts using $CTDB called by test find ctdb
ctdb: use properly configured ctdb in functions
ctdb: use properly configured ctdb in ctdbd_wrapper
ctdb: use properly configured ctdb in 00.ctdb
ctdb: use properly configured ctdb in 01.reclock
ctdb: use properly configured ctdb in 10.external
ctdb: use properly configured ctdb in 13.per_ip_routing
ctdb: use properly configured ctdb in 10.interfaces
ctdb: use properly configured ctdb in 70.iscsi
ctdb: use properly configured ctdb in 91.lvs
ctdb: use properly configured ctdb in 99.timeout
ctdb: use properly configured ctdb in statd-callout
ctdb: use properly configured ctdb in debug-hung-script.sh
libnet: only create local private krb5.conf if joining an AD domain
ctdb-daemon: make bool assignment more obvious
Revert "s3:libnet: accept empty realm for AD domains when only security=domain is set."
libnet: ignore realm setting for domain security joins to AD domains if 'winbind rpc only = true'
autobuild: Don't compare socket wrapper so_path for xc check
ctdb: fix autotest with socket-wrapper installed in the system
libsmb:namequery: fix typo in comment in get_dc_list()
selftest: check for winbind on 1-second basis
selftest: check for smbd on a 1-second basis.
libads: improve debug messages in sitename_fetch()
rpc_server: add mssing '#pragma GCC diagnostic push'
tevent: avoid -Wtautological-compare errors with gcc6
Revert "ldb:dlinklist: avoid -Wtautological-compare errors with gcc6"
Revert "tevent: avoid -Wtautological-compare errors with gcc6"
Revert "lib:dlinklist: avoid -Wtautological-compare errors with gcc6"
build: avoid -Wtautological-compare errors from gcc6+ by disabling it globally
idmap: don't generally forbid id==0 from idmap_unix_id_is_in_range()
idmap: centrally check that unix IDs returned by the idmap backends are in range
vfs:glusterfs: preallocate result for glfs_realpath
Nikolai Kondrashov (1):
tevent: Clarify apparently useless conditions
Noel Power (36):
s3:libsmb: Fix illegal memory access after memory has been deleted.
s4:libnet: fix 'Syscall param writev(vector[...])' valgrind error
s4:torture:rpc: fix valgrind Syscall param writev(vector[...]) error
s4:torture:rpc: fix valgrind 'Syscall param writev(vector[...])' error
s4:torture:rpc: fix valgrind 'Syscall param writev(vector[...])' valgrind error
s4:lib:registry: fix 'Conditional jump or move' valgrind error.
s4:torture:basic fix 'Syscall param writev(vector[...])' valgrind error
s4:torture:basic: fix valgrind 'Syscall param writev(vector[...])' error
s4:torture:basic: fix valgrind 'Syscall param writev(vector[...])' error
s4:torture:basic: fix valgrind 'Syscall param writev(vector[...])' error.
s4:libcli: fix 'Conditional jump or move' valgrind error
s4:torture:basic: fix 'Syscall param writev(vector[...])' valgrind error
s4:torture:basic: fix 'Conditional jump or move ' valgrind error
s4:torture:raw: fix 'Syscall param writev(vector[...])' valgrind error
s4:torture:raw: fix 'Syscall param writev(vector[...])' valgrind error
s4:torture:raw: fix 'Syscall param writev(vector[...])' valgrind error
s4:torture:raw: fix 'use of uninitialised value of size 8' valgrind errors
s4:torture:raw: fix 'Conditional jump or move' valgrind error.
s4:torture:raw: fix 'Invalid read of size 1 & Conditional jump or move' errors.
s4:torture:smb2: fix Use of 'uninitialised value of size 8' valgrind error.
s4:torture:smb2: fix 'Use of uninitialised value of size 8' valgrind error.
s4:torture:smb2 fix 'Use of uninitialised value of size 8' valgrind error.
s4:torture:smb2: fix 'Use of uninitialised value of size 8' valgrind error.
s4:torture:smb2 fix 'Use of uninitialised value of size 8' valgrind error.
s4:torture:smb2: fix 'Use of uninitialised value of size 8' valgrind error
s4:torture:smb2: fix 'Use of uninitialised value of size 8' valgrind error.
s4:torture:smb2: fix 'Use of uninitialised value of size 8' valgrind error.
s4:torture:smb2: fix 'Use of uninitialised value of size 8' valgrind error.
s4:torture:smb2: fix 'Use of uninitialised value of size 8' valgrind error.
s4:torture:smb2: fix 'Use of uninitialised value of size 8' valgrind error.
s4:torture:libnet: fix 'Conditional jump or move' valgrind error
s4:torture:libnet: fix 'Syscall param writev(vector[...])' valgrind error
s4:torture:vfs: fix Invalid read of size 8 valgrind valgrind error (and segv)
fix Invalid read of size 8
Add a blackbox tests for id & getent to test domain at realm type credentials
s3/winbindd: using default domain with user at domain.com format fails
Partha Sarathi (1):
Fix the smb2_setinfo to handle FS info types and FSQUOTA infolevel
Per Forlin (1):
s3: smbd: Correctly reflect back SMB_PIDHIGH to a client.
Peter C. Kelly (1):
Improve help wording for samba-tool domain provision as per https://lists.samba.org/archive/samba-technical/2016-April/113740.html
Peter Somogyi (1):
Add yet another error code when forking an smbd and ctdb is not there. We can see NT_STATUS_CONNECTION_REFUSED in the logs upon such a rare case.
Petr Cech (1):
LDB: Redudant test on NULL context remove
Raghavendra Talur (1):
init: set core file size to unlimited by default
Rajesh Joseph (7):
shadow_copy2: Fix shadow_copy2_posix_gmt_string return type
shadow_copy2: Add test cases to cover shadow:format
shadow_copy2: create structure to store module specific information
shadow_copy2: allow configurable prefix for snapshot name
shadow_copy2: Add test case for snapprefix and delimiter
shadow_copy2: update man pages for the newly introduced options
shadow_copy2: Fix error handling in shadow_copy2_get_shadow_copy_data
Ralph Boehme (92):
testparm: vfs_fruit checks
docs: update vfs_fruit manpage
s3:mdssvc: older glib2 versions require g_type_init()
tdb: avoid a race condition when checking for robust mutexes
CVE-2016-2114: libcli/smb: let mandatory signing imply allowed signing
CVE-2016-2114: s3:smbd: enforce "server signing = mandatory"
CVE-2016-2115: s3:libsmb: add signing constant SMB_SIGNING_IPC_DEFAULT
CVE-2016-2115: net: use SMB_SIGNING_IPC_DEFAULT
CVE-2016-2115: s3:lib/netapi: use SMB_SIGNING_IPC_DEFAULT
CVE-2016-2115: s3:auth_domain: use SMB_SIGNING_IPC_DEFAULT
CVE-2016-2115: s3:libnet: use SMB_SIGNING_IPC_DEFAULT
CVE-2016-2115: s3:libsmb: use SMB_SIGNING_IPC_DEFAULT and lp_client_ipc_{min,max}_protocol()
cleanupd: restart as needed
krb5_wrap: add enctype arg to smb_krb5_kt_seek_and_delete_old_entries()
krb5_wrap: fix keep_old_entries logic in smb_krb5_kt_seek_and_delete_old_entries()
s4/libnet: fix exporting to keytab by SPN
s4: add a minimal ktutil for selftest
selftest/samba4.blackbox.export.keytab: use spn based on fqdn
selftest/samba4.blackbox.export.keytab: check exported keytabs
s4/heimdal: allow SPNs in AS-REQ
selftest/samba4.blackbox.export.keytab: check AS-REQ with SPN
s3/rpc_server: mdssvc: suppress compiler warnings from glib headers
winbindd: check if dcinfo from genache is expired
s3/lib: rework get_remote_arch_str() to use an array
s3/lib: add get_remote_arch_from_str()
s3/lib: add remote arch caching
smbd: use remote arch caching
s3:libnet:libnet_join: add netbios aliases as SPNs
vfs_fruit: add an option that allows disabling POSIX rename behaviour
talloc: rename local timeval function copies
winbindd: log domain name of failures to get trustdoms
winbindd: prevent log spam when enumerating users
librpc/ndr: add flag LIBNDR_FLAG_NO_COMPRESSION
librpc/dns: don't compress strings in TKEY and TSIG responses
librpc/dns: remove original_id from dns_fake_tsig_rec
s4/dns_server: include request MAC in TSIG response MAC calculation
s4/dns_server: split out function that does the MAC computation
s4/dns_server: not finding the key here is a fatal error
s4/dns_server: ensure we store the key name in error code paths
s4/dns_server: error codes for failing MAC verification in TSIG requests
s4/dns_server: don't compute TSIG MAC in TSIG error records
s4/dns_server: prepare sending correct error responses for dns_verify_tsig() errors
s4/dns_server: enable sending of TSIG error records
selftest: add test for DNS updates with TKEY/TSIG
selftest: Kerberos auth with netbios alias SPNs
selftest: make samba3.blackbox.smbclient_tar as flapping
s3/smbd: add helper func dos_mode_from_name()
s3/smbd: call dos_mode_from_name after SMB_VFS_GET_DOS_ATTRIBUTES()
s3/smbd: move check for "hide files" to dos_mode_from_name()
s3/smbd: only use stored dos attributes for open_match_attributes() check
s4/torture: add a test for dosmode and hidden files
winbindd/idmap_rfc2307: fix a crash
winbindd: in wb_lookupsids return domain name if we have it
selftest: make autorid the default idmap backend in admember_rfc2307
selftest: test idmap backend id allocation for unknown SIDS
smbd/cleanupd: use smbd_reinit_after_fork()
smbd/notifyd: use smbd_reinit_after_fork()
s3-rpc_server/mdssd: use smbd_reinit_after_fork()
ctdbd_conn: split ctdbd_init_connection()
ctdbd_conn: add ctdbd_reinit_connection()
s3-messaging/ctdb: split messaging_ctdbd_init()
s3-messaging/ctdb: add messaging_ctdbd_reinit()
s3-messaging: use messaging_ctdbd_reinit() in messaging_reinit()
s3/smbd: move make_default_filesystem_acl() to vfs_acl_common.c
vfs_acl_xattr: objects without NT ACL xattr
WHATSNEW: SMB 2.1 leases enabled by default
s3/lib: add smbd_cleanupd.tdb
s3/smbd: add cleanupd_init_send()/recv()
s3/cleanupd: use smbd_cleanupd.tdb
s3/notifyd: add async send/recv functions
async_req: make async_connect_send() "reentrant"
smbd: ignore ctdb tombstone records in fetch_share_mode_unlocked_parser()
s4/torture: add a test for ctdb-tombstrone-record deadlock
dbwrap_ctdb: treat empty records in ltdb as non-existing
s3/rpc_server: shared rpc modules directory may not exist
Revert "vfs_acl_xattr: objects without NT ACL xattr"
vfs_acl_common: rename psd to psd_blob in get_nt_acl_internal()
vfs_acl_common: rename pdesc_next to psd_fs
vfs_acl_common: remove redundant NULL assignment
vfs_acl_common: simplify ACL logic, cleanup and talloc hierarchy
vfs_acl_common: move the ACL blob validation to a helper function
vfs_acl_tdb|xattr: use a config handle
vfs_acl_common: move stat stuff to a helper function
vfs_acl_common: check for ignore_system_acls before fetching filesystem ACL
vfs_acl_xattr|tdb: add option to control default ACL style
vfs_acl_common: Windows style default ACL
s4/torture: tests for vfs_acl_xattr default ACL styles
vfs_acl_common: use DBG_LEVEL and remove function prefixes in DEBUG statements
docs: document vfs_acl_xattr|tdb enforced settings
vfs_acl_xattr|tdb: enforced settings when ignore system acls=yes
s3/smbd: in call_trans2qfilepathinfo call lstat when dealing with posix pathnames
s3/smbd: set FILE_ATTRIBUTE_DIRECTORY as necessary
Ralph Wuerthner (1):
ctdb-conn: add missing variable initialization
Richard Sharpe (10):
Fix an obvious error where we were converting a UNIX error to an NT STATUS but not returning it.
s3: vfs: Add VFS functions for setting and getting DOS attributes.
Fixes an obvious copy-paste error in source3/utils/net_dns.c
Refactor the dns_open_connection code so that duplicate code is removed and ensure that EINTR is handled in the UDP path.
selfttest: add common_test_fns.inc
s3: net: Return an error when no name servers were returned by the lookup so that we see an error in self test.
s3/net: print returned addresses in dns gethostbyname
source4/scripting: add an option to samba_dnsupdate to add ns records.
s4/selftests: test net ads dns register/unregister.
testprogs/blackbox: Improve the net ads dns register tests.
Robin Hack (7):
samba3.blackbox.smbclient_auth.plain: Add new regression test case.
ctdb-tests: Fix CID 1358704 use of "=" where "==" may have been intended
talloc/testsuite: Fix CID 1291641 - Logically dead code
lib/http/http_auth: Fix CID 1273428 - Unchecked return value
dcesrv_backupkey_heimdal: Fix CID 1321647 - Unchecked return value
ldb-samba/ldb_matching_rules: Fix CID 1349424 - Uninitialized pointer read
winbindd/idmap_rfc2307: Fix CID 1273424 - Read from pointer after free
Robin McCorkell (1):
Correctly set cli->raw_status for libsmbclient in SMB2 code
Rowland Penny (3):
Bug 11818 : obvious missing word When trying to demote a dc, 'remove_dc.remove_sysvol_references' is sent 'remote_samdb, dc_name' , it expects 'remote_samdb, logger, dc_name'
samba-too: Allow 'samba-tool fsmo' to cope with empty or missing fsmo roles
Fix typo in python/samba/provision/__init__.py
Saji VR (1):
lib:talloc. Fix memory leak when destructors reparent children.
Santiago Vila (1):
examples/smb.conf.default: Fix typo in comment line: sever -> server
Shyamsunder Rathi (2):
s3/vfs:stream_depots: Parse substitutions in streams-depot-directory path
s3:utils/net: Add new option 'unregister' in 'net ads dns' command.
Stefan Metzmacher (609):
CVE-2016-0771: s4:librpc: python_dns and python_dcerpc_dnsp doesn't require client bindings
CVE-2016-0771: librpc: add RPC_NDR_DNSSERVER to dcerpc-samba library
CVE-2016-0771: librpc: add ndr_dnsp_string_list_copy() helper function
CVE-2016-0771: s4:dns_server: fix idl for dns_txt_record
CVE-2016-0771: dns.idl: make use of dnsp_hinfo
lib/util_net: move ipv6 linklocal handling into interpret_string_addr_internal()
lib/util_net: add support for .ipv6-literal.net
s3:test_smbclient_auth.sh: test using the ip address in the unc path (incl. ipv6-literal.net)
s3:selftest: run samba3.blackbox.smbclient_auth.plain also with $SERVER_IPV6
epmapper.idl: make epm_twr_t available in python bindings
dcerpc.idl: make WERROR RPC faults available in ndr_print output
librpc/rpc: add error mappings for NO_CALL_ACTIVE, OUT_OF_RESOURCES and BAD_STUB_DATA
s4:librpc/rpc: map alter context SEC_PKG_ERROR to NT_STATUS_LOGON_FAILURE
s3:libads: remove unused ads_connect_gc()
wscript_configure_system_mitkrb5: add configure checks for GSS_KRB5_CRED_NO_CI_FLAGS_X
s3:librpc/gse: make use of GSS_C_EMPTY_BUFFER in gse_init_client
s3:librpc/gse: fix debug message in gse_init_client()
s3:librpc/gse: set GSS_KRB5_CRED_NO_CI_FLAGS_X in gse_init_client() if available
s3:librpc/gse: correctly support GENSEC_FEATURE_SESSION_KEY
s3:librpc/gse: don't log gss_acquire_creds failed at level 0
s3:librpc/gse: implement gensec_gse_max_{input,wrapped}_size()
s4:pygensec: make sig_size() and sign/check_packet() available
auth/gensec: keep a pointer to a possible child/sub gensec_security context
auth/gensec: handle gensec_security_by_sasl_name(NULL, ...)
auth/gensec: make gensec_security_by_name() public
s3:auth_generic: add auth_generic_client_start_by_name()
s3:auth_generic: add auth_generic_client_start_by_sasl()
auth/ntlmssp: keep ntlmssp_state->server.netbios_domain on the correct talloc context
auth/ntlmssp: add gensec_ntlmssp_server_domain()
s3:ntlm_auth: fix --use-cached-creds with ntlmssp-client-1
s3:torture/test_ntlm_auth.py: replace tabs with whitespaces
s3:torture/test_ntlm_auth.py: add --client-use-cached-creds option
s3:tests/test_ntlm_auth_s3: test ntlmssp-client-1 with cached credentials
winbindd: pass an memory context to do_ntlm_auth_with_stored_pw()
s3:auth_generic: make use of the top level NTLMSSP client code
s3:ntlmssp: remove unused libsmb/ntlmssp_wrap.c
auth/ntlmssp: provide a "ntlmssp_resume_ccache" backend
auth/gensec: add GENSEC_FEATURE_NTLM_CCACHE define
auth/ntlmssp: implement GENSEC_FEATURE_NTLM_CCACHE
s3:auth_generic: add "ntlmssp_resume_ccache" backend in auth_generic_client_prepare()
winbindd: make use of ntlmssp_resume_ccache backend for WINBINDD_CCACHE_NTLMAUTH
s3:ntlm_auth: also use gensec for "ntlmssp-client-1" and "gss-spnego-client"
auth/ntlmssp: split out a debug_ntlmssp_flags_raw() that's more complete
auth/ntlmssp: NTLMSSP_NEGOTIATE_VERSION is not a negotiated option
auth/ntlmssp: define all client neg_flags in gensec_ntlmssp_client_start()
auth/ntlmssp: set NTLMSSP_ANONYMOUS for anonymous authentication
auth/ntlmssp: don't send domain and workstation in the NEGOTIATE_MESSAGE
auth/ntlmssp: add ntlmssp_version_blob()
auth/ntlmssp: let the client always include NTLMSSP_NEGOTIATE_VERSION
auth/ntlmssp: use ntlmssp_version_blob() in the server
security.idl: add LSAP_TOKEN_INFO_INTEGRITY
ntlmssp.idl: MsAvRestrictions is MsvAvSingleHost now
ntlmssp.idl: make AV_PAIR_LIST public
librpc/ndr: add ndr_ntlmssp_find_av() helper function
auth/gensec: add GENSEC_FEATURE_LDAP_STYLE define
auth/ntlmssp: implement GENSEC_FEATURE_LDAP_STYLE
auth/ntlmssp: add more compat for GENSEC_FEATURE_LDAP_STYLE
auth/ntlmssp: remove ntlmssp_unwrap() fallback for LDAP
s4:libcli/ldap: make use of GENSEC_FEATURE_LDAP_STYLE
s4:libcli/ldap: fix retry authentication after a bad password
s4:selftest: we don't need to run ldap test with --option=socket:testnonblock=true
s4:selftest: simplify the loops over samba4.ldb.ldap
s4:ldap_server: make use of GENSEC_FEATURE_LDAP_STYLE
s3:libads: add missing TALLOC_FREE(frame) in error path
s3:libads: make use of GENSEC_FEATURE_LDAP_STYLE
s3:libads: make use of GENSEC_OID_SPNEGO in ads_sasl_spnego_ntlmssp_bind()
s3:libads: provide a generic ads_sasl_spnego_gensec_bind() function
s3:libads: don't pass given_principal to ads_generate_service_principal() anymore.
s3:libads: keep service and hostname separately in ads_service_principal
s3:libads: make use of ads_sasl_spnego_gensec_bind() for GSS-SPNEGO with Kerberos
s3:libsmb: make use gensec based SPNEGO/NTLMSSP
s3:libsmb: unused ntlmssp.c
s3:libsmb: let cli_session_setup_ntlmssp*() use gensec_update_send/recv()
s3:libsmb: provide generic cli_session_setup_gensec_send/recv() pair
s3:libsmb: call cli_state_remote_realm() within cli_session_setup_spnego_send()
s3:libsmb: make use of cli_session_setup_gensec*() for Kerberos
s3:libsmb: remove unused cli_session_setup_kerberos*() functions
s3:libsmb: remove unused functions in clispnego.c
s4:torture/rpc: do testjoin only via ncalrpc or ncacn_np
s4:torture: the backupkey tests need to use ncacn_np: for LSA calls
s4:selftest: run rpc.samr over ncacn_np instead of ncacn_ip_tcp
s4:torture:samba3rpc: use an authenticated SMB connection and an anonymous DCERPC connection on top
s4:librpc/rpc: dcerpc_generic_session_key() should only be available on local transports
s4:rpc_server/samr: hide a possible NO_USER_SESSION_KEY error
s4:rpc_server: dcesrv_generic_session_key should only work on local transports
s4:dsdb/test/notification: make test_invalid_filter more resilient against ordering races
s4:dsdb/test/sort: avoid 'from collections import Counter'
selftest: mark samba4.winbind.struct.domain_info.ad_member as flapping
s3:winbindd: don't unclude two '\0' at the end of the domain list
s4:torture/lsa: improve debug message
s3:wscript: pylibsmb depends on pycredentials
ldb-samba:wscript: python_samba__ldb depends on pyauth
selftest: s!addc.samba.example.com!addom.samba.example.com!
selftest: add some helper scripts to mange a CA
selftest: add config and script to create a samba.example.com CA
selftest: add CA-samba.example.com (non-binary) files
selftest: add CA-samba.example.com binary files (currently unused by Samba)
selftest: mark commands in manage-CA-samba.example.com.sh as DONE
selftest: add Samba::prepare_keyblobs() helper function
selftest: use Samba::prepare_keyblobs() and use the certs from the new CA
selftest: set tls crlfile if it exist
selftest: setup information of new samba.example.com CA in the client environment
s3:selftest: rpc.samr.passwords.validate should run with [seal] in order to be realistic
s3:test_rpcclient_samlogon.sh: test samlogon with schannel
s4:torture/netlogon: add/use test_SetupCredentialsPipe() helper function
s4:torture/rpc/samr: use DCERPC_SEAL in setup_schannel_netlogon_pipe()
s4:torture/rpc/samlogon: use DCERPC_SEAL for netr_LogonSamLogonEx and validation level 6
s4:torture/rpc: correctly use torture_skip() for test_ManyGetDCName() without NCACN_NP
s4:torture/rpc/schannel: don't use validation level 6 without privacy
auth/gensec: make sure gensec_security_by_auth_type() returns NULL for AUTH_TYPE_NONE
auth/gensec: split out a gensec_verify_dcerpc_auth_level() function
s4:rpc_server: require access to the machine account credentials
s4:selftest: run rpc.netlogon.admin also over ncalrpc and ncacn_ip_tcp
s3:rpc_server/samr: correctly handle session_extract_session_key() failures
s3:ntlm_auth: pass manage_squid_request() needs a valid struct ntlm_auth_state from within get_password()
Revert "autobuild: Return the last 50 log lines"
selftest/Samba3: use the correct "SELFTEST_WINBINDD_SOCKET_DIR" for "net join"
tdb: version 1.3.9
Revert "selftest: dbcheck should not be marked flapping"
CVE-2016-2110: auth/ntlmssp: let ntlmssp_handle_neg_flags() return NTSTATUS
CVE-2016-2110: auth/ntlmssp: maintain conf_flags and required_flags variables
CVE-2016-2110: auth/ntlmssp: split allow_lm_response from allow_lm_key
CVE-2016-2110: auth/ntlmssp: don't allow a downgrade from NTLMv2 to LM_AUTH
CVE-2016-2110: auth/ntlmssp: don't let ntlmssp_handle_neg_flags() change ntlmssp_state->use_ntlmv2
CVE-2016-2110: auth/ntlmssp: let gensec_ntlmssp_client_start require flags depending on the requested features
CVE-2016-2110: auth/ntlmssp: let gensec_ntlmssp_client_start require NTLM2 (EXTENDED_SESSIONSECURITY) when using ntlmv2
CVE-2016-2110: winbindd: add new_spnego to the WINBINDD_CCACHE_NTLMAUTH response
CVE-2016-2110: libcli/auth: use enum spnego_negResult instead of uint8_t
CVE-2016-2110: libcli/auth: add SPNEGO_REQUEST_MIC to enum spnego_negResult
CVE-2016-2110: auth/gensec: fix the client side of a new_spnego exchange
CVE-2016-2110: auth/gensec: fix the client side of a spnego downgrade
CVE-2016-2110: auth/gensec: require spnego mechListMIC exchange for new_spnego backends
CVE-2016-2110: auth/gensec: add gensec_may_reset_crypto() infrastructure
CVE-2016-2110: auth/ntlmssp: call ntlmssp_sign_init if we provide GENSEC_FEATURE_SIGN
CVE-2016-2110: auth/ntlmssp: implement gensec_ntlmssp_may_reset_crypto()
CVE-2016-2110: auth/credentials: clear the LMv2 key for NTLMv2 in cli_credentials_get_ntlm_response()
CVE-2016-2110: auth/credentials: pass server_timestamp to cli_credentials_get_ntlm_response()
CVE-2016-2110: libcli/auth: pass server_timestamp to SMBNTLMv2encrypt_hash()
CVE-2016-2110: ntlmssp.idl: add NTLMSSP_MIC_{OFFSET,SIZE}
CVE-2016-2110: auth/ntlmssp: implement new_spnego support including MIC checking (as server)
CVE-2016-2110: auth/ntlmssp: implement new_spnego support including MIC generation (as client)
CVE-2016-2111: auth/gensec: require DCERPC_AUTH_LEVEL_INTEGRITY or higher in schannel_update()
CVE-2016-2111: auth/gensec: correctly report GENSEC_FEATURE_{SIGN,SEAL} in schannel_have_feature()
CVE-2016-2111: s4:rpc_server: implement 'server schannel = yes' restriction
CVE-2016-2111: s4:rpc_server/netlogon: require DCERPC_AUTH_LEVEL_PRIVACY for validation level 6
CVE-2016-2111: s3:rpc_server/netlogon: require DCERPC_AUTH_LEVEL_PRIVACY for validation level 6
CVE-2016-2111: s4:torture/rpc: fix rpc.samba3.netlogon ntlmv2 test
CVE-2016-2111: s4:torture/rpc: fix rpc.pac ntlmv2 test
CVE-2016-2111: libcli/auth: add NTLMv2_RESPONSE_verify_netlogon_creds() helper function
CVE-2016-2111: s4:rpc_server/netlogon: check NTLMv2_RESPONSE values for SEC_CHAN_WKSTA
CVE-2016-2111: s3:rpc_server/netlogon: check NTLMv2_RESPONSE values for SEC_CHAN_WKSTA
CVE-2016-2111: s4:torture/raw: don't use ntlmv2 for dos connection in raw.samba3badpath
CVE-2016-2111: s4:torture/base: don't use ntlmv2 for dos connection in base.samba3error
CVE-2016-2111: s4:libcli: don't allow the LANMAN2 session setup without "client lanman auth = yes"
CVE-2016-2111: s4:param: use "client use spnego" to initialize options->use_spnego
CVE-2016-2111: s4:libcli: don't send a raw NTLMv2 response when we want to use spnego
CVE-2016-2111: s3:libsmb: don't send a raw NTLMv2 response when we want to use spnego
CVE-2016-2111: docs-xml: document the new "client NTLMv2 auth" and "client use spnego" interaction
CVE-2016-2111: docs-xml: add "raw NTLMv2 auth" defaulting to "yes"
CVE-2016-2111: s3:auth: implement "raw NTLMv2 auth" checks
CVE-2016-2111: s4:smb_server: implement "raw NTLMv2 auth" checks
CVE-2016-2111: selftest:Samba3: use "raw NTLMv2 auth = yes" for nt4_dc
CVE-2016-2111: docs-xml/smbdotconf: default "raw NTLMv2 auth" to "no"
CVE-2016-2112: s3:libads: make sure we detect downgrade attacks
CVE-2016-2112: s4:libcli/ldap: honour "client ldap sasl wrapping" option
CVE-2016-2112: s4:libcli/ldap: make sure we detect downgrade attacks
CVE-2016-2112: s4:libcli/ldap: auto upgrade to SIGN after STRONG_AUTH_REQUIRED
CVE-2016-2112: s4:selftest: use --option=clientldapsaslwrapping=plain for plain connections
CVE-2016-2112: s4:ldap_server: reduce scope of old_session_info variable
CVE-2016-2112: docs-xml: add "ldap server require strong auth" option
CVE-2016-2112: s4:ldap_server: implement "ldap server require strong auth" option
CVE-2016-2112: s4:selftest: run samba4.ldap.bind against fl2008r2dc
CVE-2016-2112: selftest: servers with explicit "ldap server require strong auth" options
CVE-2016-2112: s4:selftest: run some ldap test against ad_dc_ntvfs, fl2008r2dc and fl2003dc
CVE-2016-2112: docs-xml: change the default of "ldap server require strong auth" to "yes"
CVE-2016-2113: s4:lib/tls: create better certificates and sign the host cert with the ca cert
CVE-2016-2113: s4:lib/tls: implement infrastructure to do peer verification
CVE-2016-2113: docs-xml: add "tls verify peer" option defaulting to "no_check"
CVE-2016-2113: s4:selftest: explicitly use '--option="tlsverifypeer=no_check" for some ldaps tests
CVE-2016-2113: s4:libcli/ldap: verify the server certificate and hostname if configured
CVE-2016-2113: s4:librpc/rpc: verify the rpc_proxy certificate and hostname if configured
CVE-2016-2113: selftest: test all "tls verify peer" combinations with ldaps
CVE-2016-2113: selftest: use "tls verify peer = no_check"
CVE-2016-2113: docs-xml: let "tls verify peer" default to "as_strict_as_possible"
CVE-2016-2114: s4:smb2_server: fix session setup with required signing
CVE-2016-2114: s3:smbd: use the correct default values for "smb signing"
CVE-2016-2114: docs-xml: let the "smb signing" documentation reflect the reality
CVE-2016-2115: docs-xml: add "client ipc min protocol" and "client ipc max protocol" options
CVE-2016-2115: docs-xml: add "client ipc signing" option
CVE-2016-2115: s4:libcli/raw: add smbcli_options.min_protocol
CVE-2016-2115: s4:libcli/smb2: use the configured min_protocol
CVE-2016-2115: s4:libcli/raw: limit maxprotocol to NT1 in smb_raw_negotiate*()
CVE-2016-2115: s4:libcli/raw: pass the minprotocol to smb_raw_negotiate*()
CVE-2016-2115: s4:librpc/rpc: make use of "client ipc *" options for ncacn_np
CVE-2016-2115: s3:winbindd: use lp_client_ipc_{min,max}_protocol()
CVE-2016-2115: s3:winbindd: use lp_client_ipc_signing()
CVE-2016-2115: s3:libsmb: let SMB_SIGNING_IPC_DEFAULT use "client ipc min/max protocol"
CVE-2016-2115: docs-xml: always default "client ipc signing" to "mandatory"
CVE-2016-2118: s4:rpc_server: make it possible to define a min_auth_level on a presentation context
CVE-2016-2118: s4:rpc_server/drsuapi: require DCERPC_AUTH_LEVEL_PRIVACY
CVE-2016-2118: s4:rpc_server/backupkey: require DCERPC_AUTH_LEVEL_PRIVACY
CVE-2016-2118: python:tests/dcerpc: use [sign] for dnsserver tests
CVE-2016-2118: s4:rpc_server/dnsserver: require at least DCERPC_AUTH_LEVEL_INTEGRITY
CVE-2016-2118: s3: rpcclient: change the default auth level from DCERPC_AUTH_LEVEL_CONNECT to DCERPC_AUTH_LEVEL_INTEGRITY
CVE-2016-2118: librpc: change the default auth level from DCERPC_AUTH_LEVEL_CONNECT to DCERPC_AUTH_LEVEL_INTEGRITY
CVE-2016-2118: s4:librpc: use integrity by default for authenticated binds
CVE-2016-2118: docs-xml: add "allow dcerpc auth level connect" defaulting to "yes"
CVE-2016-2118: s4:rpc_server: make use of "allow dcerpc auth level connect"
CVE-2016-2118: s4:rpc_server/lsa: reject DCERPC_AUTH_LEVEL_CONNECT by default
CVE-2016-2118: s4:rpc_server/samr: reject DCERPC_AUTH_LEVEL_CONNECT by default
CVE-2016-2118: s4:rpc_server/netlogon: reject DCERPC_AUTH_LEVEL_CONNECT by default
CVE-2016-2118: s4:rpc_server/epmapper: allow DCERPC_AUTH_LEVEL_CONNECT by default
CVE-2016-2118: s4:rpc_server/mgmt: allow DCERPC_AUTH_LEVEL_CONNECT by default
CVE-2016-2118: s4:rpc_server/rpcecho: allow DCERPC_AUTH_LEVEL_CONNECT by default
CVE-2016-2118: s3:rpc_server: make use of "allow dcerpc auth level connect"
CVE-2016-2118: s3:rpc_server/{samr,lsa,netlogon}: reject DCERPC_AUTH_LEVEL_CONNECT by default
CVE-2016-2118: s3:rpc_server/{epmapper,echo}: allow DCERPC_AUTH_LEVEL_CONNECT by default
CVE-2016-2118: docs-xml: default "allow dcerpc auth level connect" to "no"
CVE-2016-2118: s4:rpc_server/samr: allow _samr_ValidatePassword only with PRIVACY...
CVE-2016-2118: s3:rpc_server/samr: allow _samr_ValidatePassword only with PRIVACY...
CVE-2015-5370: dcerpc.idl: add DCERPC_{NCACN_PAYLOAD,FRAG}_MAX_SIZE defines
CVE-2015-5370: librpc/rpc: simplify and harden dcerpc_pull_auth_trailer()
CVE-2015-5370: s3:librpc/rpc: don't call dcerpc_pull_auth_trailer() if auth_length is 0
CVE-2015-5370: s4:librpc/rpc: send a dcerpc_sec_verification_trailer if needed
CVE-2015-5370: s4:librpc/rpc: maintain dcecli_security->auth_{type,level,context_id}
CVE-2015-5370: s4:librpc/rpc: use auth_context_id = 1
CVE-2015-5370: s4:librpc/rpc: use a local auth_info variable in ncacn_push_request_sign()
CVE-2015-5370: s4:librpc/rpc: avoid using hs->p->conn->security_state.auth_info in dcerpc_bh_auth_info()
CVE-2015-5370: s4:librpc/rpc: avoid using c->security_state.auth_info in ncacn_pull_request_auth()
CVE-2015-5370: s4:librpc/rpc: always use ncacn_pull_request_auth() for DCERPC_PKT_RESPONSE pdus
CVE-2015-5370: s4:librpc/rpc: avoid dereferencing sec->auth_info in dcerpc_request_prepare_vt()
CVE-2015-5370: s4:librpc/rpc: simplify checks if gensec is used in dcerpc_ship_next_request()
CVE-2015-5370: s4:librpc/rpc: avoid using dcecli_security->auth_info and use per request values
CVE-2015-5370: s4:librpc/rpc: finally verify the server uses the expected auth_{type,level,context_id} values
CVE-2015-5370: librpc/rpc: add a dcerpc_verify_ncacn_packet_header() helper function
CVE-2015-5370: s3:rpc_client: move AS/U hack to the top of cli_pipe_validate_current_pdu()
CVE-2015-5370: s3:rpc_client: remove useless frag_length check in rpc_api_pipe_got_pdu()
CVE-2015-5370: s4:librpc/rpc: make use of dcerpc_map_ack_reason() in dcerpc_bind_recv_handler()
CVE-2015-5370: s4:librpc/rpc: handle DCERPC_PKT_FAULT before anything else in dcerpc_alter_context_recv_handler()
CVE-2015-5370: s4:librpc/rpc: use dcerpc_verify_ncacn_packet_header() to verify BIND_ACK,ALTER_RESP,RESPONSE pdus
CVE-2015-5370: s4:librpc/rpc: protect dcerpc_request_recv_data() against too large payloads
CVE-2015-5370: s4:rpc_server: make use of talloc_zero()
CVE-2015-5370: s4:rpc_server: no authentication is indicated by pkt->auth_length == 0
CVE-2015-5370: s4:rpc_server: check the result of dcerpc_pull_auth_trailer() in dcesrv_auth_bind()
CVE-2015-5370: s4:rpc_server: maintain dcesrv_auth->auth_{type,level,context_id}
CVE-2015-5370: s4:rpc_server: make use of dce_call->conn->auth_state.auth_* in dcesrv_request()
CVE-2015-5370: s4:rpc_server/lsa: make use of dce_call->conn->auth_state.auth_{level,type}
CVE-2015-5370: s4:rpc_server/samr: make use of dce_call->conn->auth_state.auth_level
CVE-2015-5370: s4:rpc_server/netlogon: make use of dce_call->conn->auth_state.auth_{level,type}
CVE-2015-5370: s4:rpc_server: correctly maintain dcesrv_connection->max_{recv,xmit}_frag
CVE-2015-5370: s4:rpc_server: avoid ZERO_STRUCT() in dcesrv_fault()
CVE-2015-5370: s4:rpc_server: set alloc_hint = 24 in dcesrv_fault()
CVE-2015-5370: s4:rpc_server: fill context_id in dcesrv_fault()
CVE-2015-5370: s4:rpc_server: split out a dcesrv_fault_with_flags() helper function
CVE-2015-5370: s4:rpc_server: add some padding to dcesrv_bind_nak() responses
CVE-2015-5370: s4:rpc_server: return the correct secondary_address in dcesrv_bind()
CVE-2015-5370: s4:rpc_server: make dcesrv_process_ncacn_packet() static
CVE-2015-5370: s4:rpc_server: add infrastructure to terminate a connection after a response
CVE-2015-5370: s4:rpc_server: verify the protocol headers before processing pdus
CVE-2015-5370: s4:rpc_server: ensure that the message ordering doesn't violate the spec
CVE-2015-5370: s4:rpc_server: maintain in and out struct dcerpc_auth per dcesrv_call_state
CVE-2015-5370: s4:rpc_server: make sure alter_context and auth3 can't change auth_{type,level,context_id}
CVE-2015-5370: s4:rpc_server: let invalid request fragments disconnect the connection with a protocol error
CVE-2015-5370: s4:rpc_server: remove pointless dcesrv_find_context() from dcesrv_bind()
CVE-2015-5370: s4:rpc_server: don't derefence an empty ctx_list array in dcesrv_alter()
CVE-2015-5370: s4:rpc_server: changing an existing presentation context via alter_context is a protocol error
CVE-2015-5370: s4:rpc_server: fix the order of error checking in dcesrv_alter()
CVE-2015-5370: s4:rpc_server: failing authentication should generate a SEC_PKG_ERROR
CVE-2015-5370: s4:rpc_server: let a failing auth3 mark the authentication as invalid
CVE-2015-5370: s4:rpc_server: disconnect after a failing dcesrv_auth_request()
CVE-2015-5370: s4:rpc_server: give the correct reject reasons for invalid auth_level values
CVE-2015-5370: s4:rpc_server: check frag_length for requests
CVE-2015-5370: s4:rpc_server: limit allocation and alloc_hint to 4 MByte
CVE-2015-5370: s4:rpc_server: only allow one fragmented call_id at a time
CVE-2015-5370: s4:rpc_server: the assoc_group is relative to the connection (association)
CVE-2015-5370: s4:rpc_server: reject DCERPC_PFC_FLAG_PENDING_CANCEL with DCERPC_FAULT_NO_CALL_ACTIVE
CVE-2015-5370: librpc/rpc: don't allow pkt->auth_length == 0 in dcerpc_pull_auth_trailer()
CVE-2015-5370: s3:librpc/rpc: remove auth trailer and possible padding within dcerpc_check_auth()
CVE-2015-5370: s3:librpc/rpc: let dcerpc_check_auth() auth_{type,level} against the expected values.
CVE-2015-5370: s3:rpc_client: make use of dcerpc_pull_auth_trailer()
CVE-2015-5370: s3:rpc_client: make use of dcerpc_verify_ncacn_packet_header() in cli_pipe_validate_current_pdu()
CVE-2015-5370: s3:rpc_client: protect rpc_api_pipe_got_pdu() against too large payloads
CVE-2015-5370: s3:rpc_client: verify auth_{type,level} in rpc_pipe_bind_step_one_done()
CVE-2015-5370: s3:rpc_server: make use of dcerpc_pull_auth_trailer() in api_pipe_{bind_req,alter_context,bind_auth3}()
CVE-2015-5370: s3:rpc_server: let a failing sec_verification_trailer mark the connection as broken
CVE-2015-5370: s3:rpc_server: just call pipe_auth_generic_bind() in api_pipe_bind_req()
CVE-2015-5370: s3:rpc_server: don't ignore failures of dcerpc_push_ncacn_packet()
CVE-2015-5370: s3:rpc_server: don't allow auth3 if the authentication was already finished
CVE-2015-5370: s3:rpc_server: let a failing auth3 mark the authentication as invalid
CVE-2015-5370: s3:rpc_server: make sure auth_level isn't changed by alter_context or auth3
CVE-2015-5370: s3:rpc_server: use 'alter' instead of 'bind' for variables in api_pipe_alter_context()
CVE-2015-5370: s3:rpc_server: verify presentation context arrays
CVE-2015-5370: s3:rpc_server: make use of dcerpc_verify_ncacn_packet_header() to verify incoming pdus
CVE-2015-5370: s3:rpc_server: disconnect the connection after a fatal FAULT pdu
CVE-2015-5370: s3:rpc_server: let a failing BIND mark the connection as broken
CVE-2015-5370: s3:rpc_server: use DCERPC_NCA_S_PROTO_ERROR FAULTs for protocol errors
CVE-2015-5370: s3:librpc/rpc: remove unused dcerpc_pull_dcerpc_auth()
CVE-2015-5370: s3:rpc_server: check the transfer syntax in check_bind_req() first
CVE-2015-5370: s3:rpc_server: don't allow an existing context to be changed in check_bind_req()
CVE-2015-5370: s3:rpc_client: pass struct pipe_auth_data to create_rpc_{bind_auth3,alter_context}()
CVE-2015-5370: s3:librpc/rpc: add auth_context_id to struct pipe_auth_data
CVE-2015-5370: s3:rpc_client: make use of pipe_auth_data->auth_context_id
CVE-2015-5370: s3:rpc_server: make use of pipe_auth_data->auth_context_id
CVE-2015-5370: s3:librpc/rpc: make use of auth->auth_context_id in dcerpc_add_auth_footer()
CVE-2015-5370: s3:librpc/rpc: verify auth_context_id in dcerpc_check_auth()
CVE-2015-5370: s3:rpc_client: verify auth_context_id in rpc_pipe_bind_step_one_done()
CVE-2015-5370: s3:rpc_server: verify auth_context_id in api_pipe_{bind_auth3,alter_context}
CVE-2015-5370: libcli/smb: use a max timeout of 1 second in tstream_smbXcli_np_destructor()
CVE-2015-5370: s3:rpc_client: disconnect connection on protocol errors
CVE-2015-5370: s4:librpc/rpc: call dcerpc_connection_dead() on protocol errors
CVE-2015-5370: python/samba/tests: add infrastructure to do raw protocol tests for DCERPC
CVE-2015-5370: python/samba/tests: add some dcerpc raw_protocol tests
CVE-2015-5370: s4:selftest: run samba.tests.dcerpc.raw_protocol against ad_dc
s3:libads: sasl wrapped LDAP connections against with kerberos and arcfour-hmac-md5
s4:gensec_tstream: allow wrapped messages up to a size of 0xfffffff
s3:libads/sasl: allow wrapped messages up to a size of 0xfffffff
auth/spnego: change log level for 'Failed to setup SPNEGO negTokenInit request: NT_STATUS_INTERNAL_ERROR'
auth/spnego: handle broken mechListMIC response from Windows 2000
auth/ntlmssp: don't require any flags in the ccache_resume code
auth/ntlmssp: don't require NTLMSSP_SIGN for smb connections
s3:libsmb: use password = NULL for anonymous connections
libcli/smb: add smb1cli_session_set_action() helper function
libcli/smb: add SMB1 session setup action flags
libcli/smb: add smbXcli_session_is_guest() helper function
s3:libsmb: record the session setup action flags
s3:libsmb: don't finish the gensec handshake for guest logins
s3:libsmb: use anonymous authentication via spnego if possible
auth/spnego: only try to verify the mechListMic if signing was negotiated.
s4:auth_anonymous: anonymous authentication doesn't allow a password
s3:auth_builtin: anonymous authentication doesn't allow a password
libcli/security: implement SECURITY_GUEST
s3:smbd: make use SMB_SETUP_GUEST constant
s3:smbd: only mark real guest sessions with the GUEST flag
auth/ntlmssp: do map to guest checking after the authentication
auth/spnego: add spnego:simulate_w2k option for testing
auth/ntlmssp: add ntlmssp_{client,server}:force_old_spnego option for testing
selftest:Samba4: provide DC_* variables for fl2000dc and fl2008r2dc
s3:test_smbclient_auth.sh: this script reqiures 5 arguments
selftest:Samba4: let fl2000dc use Windows2000 supported_enctypes
selftest:Samba4: let fl2000dc use Windows2000 style SPNEGO/NTLMSSP
s3:selftest: add smbclient_ntlm tests
talloc: version 2.1.7
libcli/auth: let msrpc_parse() return talloc'ed empty strings
s3:rpc_server/samr: simplify the logic in get_user_info_18()
s3:ntlm_auth: make ntlm_auth_generate_session_info() more complete
s3:smbd: fix anonymous authentication if signing is mandatory
WHATSNEW: Clear release notes for Samba 4.5.0pre1.
WHATSNEW: add 'Support for LDAP_SERVER_NOTIFICATION_OID'
python:samba: move netcmd/time.py to python/samba/netcmd/nettime.py
Revert "s3:rpcclient add -m option"
s3:rpcclient: make use of SMB_SIGNING_IPC_DEFAULT
s3:selftest: run test_smbclient_ntlm also against ad_dc
selftest: use the default values for "server signing"
dcerpc.idl: add DCERPC_NCACN_{REQUEST,RESPONSE}_DEFAULT_MAX_SIZE
s4:librpc/rpc: allow a total reassembled response payload of 240 MBytes
s4:rpc_server: use a variable for the max total reassembled request payload
dcerpc.idl: remove unused DCERPC_NCACN_PAYLOAD_MAX_SIZE
s4:server_named_pipe: make sure we use lower case pipe name
s4:rpc_server: context_id fields of presentation contexts are just 16bit
s4:rpc_server: remove unused '_unused_auth_state'
s4:rpc_server: remove unused dcesrv_connection_context->assoc_group
s3:rpc_client: remove unused rpc_pipe_client->max_recv_frag
s4:rpc_server: parse auth data only for BIND,ALTER_REQ,AUTH3
s4:librpc/rpc: don't ask for auth_length if we ask for auth data only
librpc/rpc: let dcerpc_pull_auth_trailer() only accept auth_length!=NULL or auth_data_only=true
librpc/rpc: let dcerpc_pull_auth_trailer() check that auth_pad_length fits within the whole pdu.
librpc/rpc: ignore invalid auth_pad_length values in BIND, ALTER and AUTH3 pdus
s4:rpc_server: generate the correct error when we got an invalid auth_pad_length on BIND,ALTER,AUTH3
python/tests: add auth_pad test for the dcerpc raw_protocol test
selftest: add save.env.sh helper script.
librpc/tools: correctly validate relative pointers in ndrdump
librpc/ndr: add support for NDR_ALIGN* to ndr_push_short_relative_ptr2()
samba-tool: really deprecate 'samba-tool user add'
s4:dsdb/tests: make user_account_control.py executable
s4:dsdb/tests: use ncacn_ip_tcp:server[seal] for samr connections
s4:dsdb/tests: use GENSEC_SEAL for ldap connections in sam.py
s4:dsdb/tests: let the user_account_control.py test recover from a previous failure
s4:dsdb/tests: improve error message in test_new_user_default_attributes()
s4:dsdb/repl_meta_data: pass now to replmd_add_fix_la
s4:selftest: run samba4.ldap.password_lockout.python only against ad_dc_ntvfs
s4:dsdb/tests: use more useful userAccountControl/pwdLastSet values in the urgent_replication test
s3:pdb_samba_dsdb: fix calucating of dsdb_flags
s4:dsdb/samdb: allocate DSDB_CONTROL_PASSWORD_DEFAULT_LAST_SET_OID
s4:dsdb/samldb: add DSDB_CONTROL_PASSWORD_DEFAULT_LAST_SET_OID when defaulting pwdLastSet=0
s4:dsdb/samdb: allocate DSDB_CONTROL_PASSWORD_USER_ACCOUNT_CONTROL_OID
s4:samldb: pass down DSDB_CONTROL_PASSWORD_USER_ACCOUNT_CONTROL_OID with changed userAccountControl details
s4:dsdb/common: add some const to helper functions
s4:dsdb/password_hash: use full NTTIME resolution for pwdLastSet
s4:dsdb/password_hash: split out a password_hash_needed() function
s4:dsdb/password_hash: split out a update_final_msg() function
s4:dsdb/password_hash: make the variable names in setup_io() more clear
s4:dsdb/password_hash: leave the current value of pwdLastSet as 0 an add
s4:dsdb/password_hash: move the check for old passwords into setup_io()
s4:dsdb/password_hash: call ndr_pull_supplementalCredentialsBlob in setup_io()
s4:dsdb/password_hash: remember if we need to update the passwords and/or pwdLastSet
s4:dsdb/password_hash: move ldb_msg_add_empty() calls to update_final_msg()
s4:dsdb/password_hash: create a shallow copy of the client message for the final update
s4:dsdb/password_hash: only set pwdLastSet if required
s4:dsdb/password_hash: make the DSDB_CONTROL_PASSWORD_BYPASS_LAST_SET code path more robust
s4:dsdb/password_hash: handle the DSDB_CONTROL_PASSWORD_DEFAULT_LAST_SET control
s4:dsdb/password_hash: make it possible to specify pwdLastSet together with a password change
s4:dsdb/password_hash: allow pwdLastSet only changes
s4:rpc_server/samr: only set pwdLastSet to "0" or "-1"
s4:dsdb/password_hash: only allow pwdLastSet as "0" or "-1"
s4:dsdb/samldb: fix comment "lockoutTime" reset as per MS-SAMR 3.1.1.8.10
s4:dsdb/samldb: pwdLastSet = -1 requires Unexpire-Password right
s4:dsdb/tests: add pwdLastSet tests
auth/auth_sam_reply: add some const to input parameters
s4:kdc: add some const to samba_get_logon_info_pac_blob()
krb5pac.idl: add PAC_CREDENTIAL related structures
s4:auth/sam: use "msDS-UserPasswordExpiryTimeComputed" instead of samdb_result_force_password_change()
s4:rpc_server/samr: use "msDS-UserPasswordExpiryTimeComputed" instead of samdb_result_force_password_change()
s4:kdc: use "msDS-UserPasswordExpiryTimeComputed" instead of samdb_result_force_password_change()
s4:dsdb/common: remove unused samdb_result_force_password_change()
s3:winbindd: pass 'interactive' down through winbindd_dual_auth_passdb()
s4:auth_sam: don't allow interactive logons with UF_SMARTCARD_REQUIRED
s4:kdc: don't allow interactive password logons with UF_SMARTCARD_REQUIRED
samdb.py: add smartcard_required option to newuser()
samba-tool: add --smartcard-required option to 'samba-tool user create'
samba-tool: do a password retype validation check for 'samba-tool user setpassword'
samba-tool: add 'samba-tool user setpassword --smartcard-required/--clear-smartcard-required'
test_pkinit_heimdal.sh: add a helper VARIABLE to store the certificate paths
test_pkinit_heimdal.sh: add a FILE: prefix to the KRB5CCNAME variable
s4:dsdb: add some const to {samdb_result,dsdb}_effective_badPwdCount()
s4:auth/sam: only reset badPwdCount when the effetive value is not 0 already
s4:auth/sam: don't update lastLogon just because it's 0 currently
s4:auth/sam: update the logonCount for interactive logons
s4:dsdb/tests: let password_lockout.py reduce the values for lockoutDuration and lockOutObservationWindow
s4:dsdb/tests: let password_lockout.py cross-check the lastLogon value with samr
s4:dsdb/tests: let password_lockout.py make the LDAP error string checks more useful
s4:dsdb/tests: let password_lockout.py add a _readd_user() helper function
s4:dsdb/tests: let password_lockout.py make use of the _readd_user() helper function
s4:dsdb/tests: let password_lockout.py let _readd_user() return the ldb connection as user
s4:dsdb/tests: let password_lockout.py pass username,userpass optionally to insta_creds()
s4:dsdb/tests: let password_lockout.py use user{name,pass,dn} variables in _readd_user()
s4:dsdb/tests: let password_lockout.py pass creds as argument to _readd_user()
s4:dsdb/tests: let password_lockout.py use _readd_user() for testuser3 too
s4:dsdb/tests: let password_lockout.py make use of self.addCleanup() to cleanup objects
s4:dsdb/tests: let password_lockout.py use userdn variables in all functions
s4:dsdb/tests: let password_lockout.py use other_ldb variables instead of self.ldb3
s4:dsdb/tests: let password_lockout.py use userpass variables in all functions
s4:dsdb/tests: let password_lockout.py use creds and other_ldb as function arguments
s4:dsdb/tests: let password_lockout.py copy user{name,pass} from the template in insta_creds()
s4:dsdb/tests: let password_lockout.py verify more fields in _readd_user()
s4:dsdb/tests: let password_lockout.py test with all combinations of krb5, ntlmssp and lockOutObservationWindow
s4:dsdb/tests: let password_lockout.py validate the lastLogon and lastLogonTimestamp interaction
s4:dsdb/tests: let password_lockout.py verify the logonCount values
lib/param: add lpcfg_sam_dnsname() helper function
auth.idl: add user_principal_* and dns_domain_name to auth_user_info
s4:auth: make use of lpcfg_sam_name() in authsam_get_user_info_dc_principal()
s4:auth: fill user_principal_* and dns_domain_name in authsam_make_user_info_dc()
s4:auth/kerberos: improve error message in kerberos_pac_to_user_info_dc()
auth/auth_sam_reply: let make_user_info_dc_netlogon_validation() correctly handle level 6
auth/wbc_auth_util: fill in base.logon_domain in wbcAuthUserInfo_to_netr_SamInfo3()
auth/wbc_auth_util: change wbcAuthUserInfo_to_netr_SamInfo* from level 3 to 6
auth/auth_sam_reply: add auth_convert_user_info_dc_saminfo6() and implement level 3 as wrapper
auth/auth_sam_reply: add auth_convert_user_info_dc_saminfo2() helper function
auth/auth_sam_reply: do a real copy of strings in auth_convert_user_info_dc_sambaseinfo()
s4:rpc_server/netlogon: initialize pointer to NULL in dcesrv_netr_LogonSamLogon_base()
s4:rpc_server/netlogon: make use of auth_convert_user_info_dc_saminfo{2,6}()
auth/auth_sam_reply: make auth_convert_user_info_dc_sambaseinfo() a private helper
netlogon.idl: make netr_SidAttr public
krb5pac.idl: introduce PAC_DOMAIN_GROUP_MEMBERSHIP to handle the resource groups
security.idl: add SID_NT_NFS S-1-5-88* sids
libcli/auth: remove unused variable in msrpc_parse()
s3:libsmb/clirap: remove unused cli_get_server_*() functions
CVE-2016-2019: libcli/smb: don't allow guest sessions if we require signing
CVE-2016-2019: s3:libsmb: add comment regarding smbXcli_session_is_guest() with mandatory signing
CVE-2016-2019: s3:selftest: add regression tests for guest logins and mandatory signing
s4:dsdb/samdb: add DSDB_FLAG_INTERNAL_FORCE_META_DATA
s4:samba_dsdb: add "dsdb_flags_ignore" module
tests:samba3sam: make use of the dsdb_flags_ignore module
selftest/flapping: mark samba4.drs.repl_move.python as temporary flapping
s4:dsdb/common: add a replication metadata stamp for an empty logonHours attribute
s4:dsdb/password_hash: force replication meta data for empty password attributes
Revert "selftest/flapping: mark samba4.drs.repl_move.python as temporary flapping"
s4:torture/drs: verify the whole metadata array to be the same in the repl_move tests
drsuapi.idl: add DRSUAPI_ATTID_operatorCount and DRSUAPI_ATTID_adminCount
s4:dsdb/samdb: add const to dsdb_make_object_category()
s4:password_hash: correctly update pwdLastSet on deleted objects.
s4:dsdb/repl_meta_data: sort preserved_attrs and add "msDS-PortLDAP"
s4:dsdb/repl_meta_data: remove secret attributes on delete
s4:dsdb/common: prepare dsdb_user_obj_set_defaults() for tombstone reanimation
s4:dsdb/tombstone_reanimate: restructure the module logic
s4:dsdb/tests: make use assertAttributesEqual() in RestoreUserObjectTestCase()
s4:dsdb/tests: make tombstone_reanimation.py executable
s4:dsdb/tests: improve tombstone_reanimation varifications
s4:dsdb/tests: improve the RestoreUserObjectTestCase test
s4:dsdb/tests: add RestoreUserPwdObjectTestCase test
libads: ensure the right ccache is used during gssapi bind
libads: ensure the right ccache is used during spnego bind
python/remove_dc: handle dnsNode objects without dnsRecord attribute
s4:kdc: ignore empty supplementalCredentialsBlob structures
s3:libnet_dssync_keytab: ignore empty supplementalCredentialsBlob structures
s4:dsdb/password_hash: explicitly set SUPPLEMENTAL_CREDENTIALS_SIGNATURE
drsblobs.idl: mark supplementalCredentialsSubBlob as nopull,nopush
drsblobs.idl: supplementalCredentialsSubBlob make it possible to parse strange blobs
s4:torture/ndr: add validation checks for strange supplementalCredentials blobs
krb5pac: fix push/pull of subcontexts in PAC_BUFFER
krb5pac.idl: implement PAC_UPN_DNS_INFO correct
krb5pac/netlogon: add a comment regarding PAC_LOGON_INFO unique pointers on push
krb5_wrap: provide CKSUMTYPE_HMAC_SHA1_96_AES_*
s4:torture/ndr: make use of torture_suite_add_ndr_pull_validate_test() in krb5pac when possible
s4:torture/ndr: add more krb5pac tests with PAC blobs from pkinit
s3:ntlm_auth: call fault_setup() in order to get usefull backtraces
s3:tests: add 'as user' to the test names in test_smbclient_auth.sh
s3:selftest: run smbclient_auth with a few more combinations
selftest: set "ntlm auth = yes" for now as a lot of tests rely on it
docs-xml:smbdotconf: default "ntlm auth" to "no"
selftest: don't allow ntlmv1 for 'nt4_member' and 'ad_member'
WHATNEW: the default for "ntlm auth" is "no"
pycredentials: add {get,set}_old_password()
pycredentials: add set_utf16_[old_]password()
samba-tool: add 'user getpassword' command
python:samba/tests: add simple 'samba-tool user getpassword' test
python:samba/tests: verify the packages order in supplementalCredentials
docs-xml:samba-tool.8: document "user getpassword" command
samba-tool: add 'user syncpasswords' command
python:samba/tests: add simple 'samba-tool user syncpasswords' test
docs-xml:samba-tool.8: document "user syncpasswords" command
docs-xml/smbdotconf: reference "unix password sync" with "samba-tool user syncpasswords"
.travis.yml: install libgpgme11-dev python[3]-gpgme
docs-xml/smbdotconf: add "password hash gpg key ids" option
docs-xml/smbdotconf: reference "unix password sync" with "password hash gpg key ids"
s4:dsdb/samdb: add configure checks for libgpgme
drsblobs.idl: add package_PrimarySambaGPGBlob
s4:dsdb/samdb: optionally store package_PrimarySambaGPGBlob in supplementalCredentials
samba-tool: add --decrypt-samba-gpg support to 'user getpasswords' and 'user syncpasswords'
selftest:gnupg: add a gpg key for Samba Selftest <selftest at samba.example.com>
s4:selftest: run samba.tests.samba_tool.user also against ad_dc:local
selftest:Samba4: configure "password hash gpg key ids" for ad_dc (if available)
python:samba/tests: use 'samba-tool user {getpassword,syncpasswords}' with --decrypt-samba-gpg
WHATSNEW: add 'Password sync as active directory domain controller'
WHATSNEW: recomment python-crypto and python-m2crypto
auth/credentials: also do a shallow copy of the krb5_ccache.
s4:torture/remote_pac: verify the order of PAC elements
HEIMDAL:lib/krb5: allow predefined PAC_{LOGON_NAME,PRIVSVR_CHECKSUM,SERVER_CHECKSUM} elements in _krb5_pac_sign()
HEIMDAL:kdc: reset e_text after successful pre-auth verification
HEIMDAL:kdc: add krb5plugin_windc_pac_pk_generate() hook
s4:kdc: hook into heimdal's windc.pac_pk_generate hook
s4:kdc: correctly update the PAC in samba_wdc_reget_pac()
s4:kdc: provide a PAC_CREDENTIAL_INFO element for PKINIT logons
s4:dsdb/password_hash: add the UF_SMARTCARD_REQUIRED password reset magic
s4:dsdb/tests: add UF_SMARTCARD_REQUIRED tests
selftest/Samba: remove compat admincert* files
selftest/manage-ca: add certificates for pkinit@[addom.]samba.example.com
selftest/manage-ca: update manage-CA-samba.example.com.sh
selftest/Samba: copy pkinit@$DOMAIN certificates to the environment
test_pkinit_heimdal.sh: add some more tests regarding the UF_SMARTCARD_REQUIRED behavior
testprogs/blackbox: add test_pkinit_pac_heimdal.sh
s4:selftest: run test_pkinit_pac_heimdal.sh test
s4:selftest: run the pkinit test in the ad_dc and ad_dc_ntvfs environment
WHATSNEW: add SmartCard/PKINIT improvements
auth/auth_sam_reply: fill user_principal_* and dns_domain_name in make_user_info_dc_pac()
s4:kdc: provide a PAC_UPN_DNS_INFO element for logons
s4:dsdb/repl_meta_data: remember originating updates when applying replicated changes
s4:dsdb/replicated_objects: don't skip notifications on resolved conflicts
tdb: version 1.3.10
talloc: version 2.1.8
tevent: version 0.9.28
s4:pyrpc: correctly implement .request_timeout
samba-tool: use a timeout of 5 minutes in 'samba-tool drs replicate'
samba-tool: add --async-rep option to 'samba-tool drs replicate'
tests:samba_tool_drs: test samba-tool drs replicate with implicit machine credentials
tests:samba_tool_drs: test samba-tool drs replicate with --async-op
WHATSNEW: document new samba-tool drs replicate options
ldb: fix compiler warnings on ldb_unpack_data() arguments
ldb: version 1.1.27
WHATSNEW: add shadow:snapprefix and shadow:delimiter
VERSION: Set version to 4.5.0rc1...
VERSION: Bump version up to 4.5.0rc2...
samba-tool/ldapcmp: ignore differences of whenChanged
tests:samba_tool: pass stdout and stderr to assertCmdSuccess()
tests:samba_tool: make use of assertCmdFail() in gpo.py
script/autobuild.py: check for AUTOBUILD_SKIP_SAMBA_O3 environment variable
tests:blackbox: let samba_dnsupdate.py provide more details
s4:dsdb/schema: don't change schema->schema_info on originating schema changes.
s4:dsdb/repl: avoid recursion after fetching schema changes.
s4:dsdb/schema: store struct dsdb_schema_info instead of a hexstring
s4:dsdb/schema: don't treat an older remote schema as SCHEMA_MISMATCH
s4:dsdb/schema: make dsdb_schema_pfm_add_entry() public and more useful
s4:dsdb/repl: make sure the working_schema prefix map is populated with the remote prefix map
s4:dsdb/objectclass_attrs: call dsdb_attribute_from_ldb() without a prefixmap
s4:dsdb/schema: avoid an implicit prefix map creation in lookup functions
s4:dsdb/schema: don't update the in memory schema->prefixmap without reloading the schema!
s4:dsdb/schema: split out a dsdb_attribute_drsuapi_remote_to_local() function
s4:dsdb/schema: move messages for unknown attids to higher debug levels during resolving
s4:dsdb/repl: set working_schema->resolving_in_progress during schema creation
s4:dsdb/repl: let dsdb_replicated_objects_convert() change remote to local attid for linked attributes
selftest/flapping: add some samba3.blackbox.smbclient_s3 tests
script/autobuild.py: include the branch name in the output
WHATSNEW: Release notes for Samba 4.5.0rc3.
VERSION: Disable git snapshots for the 4.5.0rc3 release.
WHATSNEW: Release notes for Samba 4.5.0rc3.
VERSION: Disable git snapshots for the 4.5.0rc3 release.
VERSION: Bump version up to 4.5.0rc4...
WHATSNEW: Start release notes for Samba 4.5.0rc4.
script/release.sh: use 8 byte gpg key ids
Merge tag 'samba-4.5.0rc3' into v4-5-test
gensec/spnego: work around missing server mechListMIC in SMB servers
WHATSNEW: Add release notes for Samba 4.5.0.
VERSION: Set version to 4.5.0...
VERSION: Bump version up to 4.5.1...
s3:nmbd: fix talloc_zero_array() check in nmbd_packets.c
HEIMDAL:lib/krb5: destroy a memory ccache on reinit
s3:libads: don't use MEMORY:ads_sasl_gssapi_do_bind nor set "KRB5CCNAME"
s3:libads: don't use MEMORY:ads_sasl_spnego_bind nor set "KRB5CCNAME"
Merge tag 'samba-4.5.1' into v4-5-test
s3:smbd: only pass UCF_PREP_CREATEFILE to filename_convert() if we may create a new file
Tom Mortensen (2):
nss_wins: ip_pton expects the raw IP address
nss_wins: Fix the hostent setup
Uri Simchoni (74):
selftest: run net ads join test in a private client env
selftest: add some test cases to net ads join
build: fix disk-free quota support on Solaris 10
build: improve comments in tests/oldquotas.c
smbd: remove quota support for some ancient OSs
build: fix build when --without-quota specified
vfs_acl_common: avoid setting POSIX ACLs if "ignore system acls" is set
seltest: add test for "ignore system acls" in vfs_acl_xattr.
lib/util: fix function comment
s3-profile: reduce dependencies of smbprofile.h
s3-profile: add PROFILE_TIMESTAMP macro
asys: call clock_gettime_mono() only on profile-enabled build
vfs_aio_linux: call clock_gettime_mono() only on profile-enabled build
vfs_aio_fork: call clock_gettime_mono() only on profile-enabled build
vfs_glusterfs: call clock_gettime_mono() only on profile-enabled build
nt-quotas: vfs_get_ntquota() return NTSTATUS
nt-quotas: return 0 as indication of no quota
ntquotas - skip entry if the quota is zero
sys-quotas: do not fail if user has no quota
xfs-quota: do not fail if user has no quota
nfs-quota: do not fail on ECONNREFUSED
smbd: do not cover up VFS failures to get quota
smbcquotas: print "NO LIMIT" only if returned quota value is 0.
tdb: rework cleanup logic in tdb_runtime_check_for_robust_mutexes()
libads: record session expiry for spnego sasl binds
nt-quotas: fixup failure case for TRANSACT_GET_USER_QUOTA_FOR_SID
xfs quotas - fix case of no quota for user
Reset WHATSNEW.txt for 4.5.x series
smbd: remove "only user" and "username" parameters
WHATSNEW: Document "only user" removal
heimdal: encode/decode kvno as signed integer
s3-quotas: fix sysquotas_4B quota fetching for BSD
heimdal make kvno unisgned internally
s3-sysquotas-linux: remove support for old interfaces
s3-sysquotas-linux: remove check for EDQUOT on getting user quota
s3-sysquotas-linux - cleanup
vfs_fake_dfq: add more mocking options
selftest: add disk-free quota tests
smbd: dfree - ignore quota if not enforced
s3-sysquotas-linux: do not check for EDQUOT
selftest: remove test for EDQUOT returned from quota backend
vfs_fake_dfq - remove support for generating EDQUOT
s3-sysquotas: remove special handling of EDQUOT
s3-dfree-quota: remove special handling of EDQUOT
selftest: Add test for domain join + kerberos-only auth
s3-libads: fix a memory leak in ads_sasl_spnego_bind()
auth: fix a memory leak in gssapi_get_session_key()
quotas: small cleanup
smbd: get a valid file stat to disk_quotas
smbd: use owner uid for free disk calculation if owner is inherited
selftest: refactor test_dfree_quota.sh - add share parameter
selftest: add tests for dfree with inherit owner enabled
s4-smbtorture: use standard macros in smb2.read test
s4-selftest: add functions which create with desired access
s4-selftest: add test for read access check
seltest: implicit FILE_READ_DATA non-reporting
seltest: allow opening files with arbitrary rights in smb2.ioctl tests
s4-smbtorture: pin copychunk exec right behavior
smbd: look only at handle readability for COPYCHUNK dest
smbd: allow reading files based on FILE_EXECUTE access right
s2-selftest: run shadow_copy2 test both in NT1 and SMB3 modes
selftest: add content to files created during shadow_copy2 test
selftest: check file readability in shadow_copy2 test
selftest: test listing directories inside snapshots
vfs_shadow_copy: handle non-existant files and wildcards
s3-sysquotas: correctly restore path when finding mount point
s3-cliquota: correctly handle no-more-entries
smbcquotas: fix error message listing quotas
cliquota: fix param count when setting fs quota
smbd: free talloc context if no quota records are available
ntquotas: support "freeing" an empty quota list
selftest: test NTLM user at realm authentication
winbindd: do not modify credentials in NTLM passthrough
smbd: in ntlm auth, do not map empty domain in case of \user at realm
Volker Lendecke (143):
vfs_united_media: Fix CID 1355492 Uninitialized scalar variable
smbd: Avoid an "else"
smbd: Prevent a crash
libads: Fix CID 1356316 Uninitialized pointer read
crypto: Fix CID 1356314 Resource leak
lib: Fix CID 1356315 Dereference before null check
ctdb: Fix CID 1356313 Explicit null dereferenced
libsmb: Fix CID 1356312 Explicit null dereferenced
winbind: Fix CID 1357100 Unchecked return value
torture: Fix the O3 developer build
idmap: Factor out lp_scan_idmap_domains()
winbind: Introduce id_map_ptrs_init
winbind: Do per-domain xids2sids calls
winbind: Add idmap_backend_unixids_to_sids
winbind: Pass down the domain name to xids2sids
winbind: Use plural xids2sids in _wbint_UnixIDs2Sids
winbind: Remove unused idmap_[ug]id_to_sid
winbind: Remove unused idmap_backends_unixid_to_sid
winbind: Fix a typo in a wrong comment...
pam_winbind: Avoid a use of sprintf
docs: build idmap_script.8 by default
docs: Mention _NO_WINBINDD in idmap_script.8
nwrap: Fix the build on Solaris
vfs_catia: Align loop index with terminator
vfs_catia: Fix bug 11827, memleak
tdb mutex check: Fix CID 1358473 Uninitialized scalar variable
idmap_ad: Separate out the nss functions
tldap: Add tldap_get/set_stream
tldap: Add tldap_gensec_bind
winbind: Add wb_dsgetdcname_gencache_[gs]et
winbind: handle DC_NOT_FOUND in wb_sids2xids
winbind: handle DC_NOT_FOUND in wb_xids2sids
winbind: Base idmap_ad on tldap
pdb_ldap: Don't use autofree if "mods" still changes
ctdbd_conn: Adapt loop counter's type to the loop limit
ctdbd_conn: Use sys_poll_intr
ctdbd_conn: Use ctdbd_init_connection in ctdbd_probe
ctdbd_conn: Make ctdbd_init_connection public
lib: Use ctdbd_init_connection in messaging_ctdbd_init
ctdbd_conn: Remove unused ctdbd_messaging_connection
lib: Move ctdbd_init_connection out of ctdbd_traverse()
lib: serverid.h references struct server_id
ctdbd_conn: Avoid "includes.h"
ctdbd_conn: Use ctdbd_control_local where possible
ctdbd: Use talloc_memdup where appropriate
ctdbd_conn: Add some more debug info
ctdbd_conn: Make "cstatus" int32_t
dbwrap_ctdb: Fix ENOENT->NT_STATUS_NOT_FOUND
smbd: Avoid large reads beyond EOF
docs: Fix an outdated remark, tdbsam is default
lib: The base64 chars are by definition single-byte :-)
lib: =0 and |= is equivalent to =
lib: Make callers of base64_encode_data_blob check for success
lib: Remove SMB_ASSERT from base64_encode_data_blob
lib: Give base64.c its own .h
lib: Avoid includes.h in base64.c
smbd: Remove an unused #define
smbd: Fix an assert
ctdb: Improve debug in case of set_runstate failure
ctdb: Fix the O3 developer build
lib: Fix a signed/unsigned mixup
lib: Fix some whitespace
torture: Remove a use of get_my_vnn()
ctdbd_conn: remove ctdb_processes_exist
ctdbd_conn: Simplify two DEBUGs
ctdbd_conn: "sockname" is not needed anymore
ctdbd_conn: Expose ctdb socket readability handler
lib: Move async message handling out of ctdbd_conn
dbwrap_ctdb: Align loop index with terminator
dbwrap_ctdb: Add "conn" to db_ctdb_ctx
dbwrap_ctdb: Pass in ctdbd_connection
dbwrap: Add "msg_ctx" to db_open_ctdb
ctdbd_conn: Remove messages.h dependency
dbwrap_ctdb: Fix some 32-bit hickups
dbwrap_ctdb: Remove get_my_vnn dependency
ctdb: Fix CID 1361817 Dereference after null check
ctdb: Fix CID 1327222 Copy into fixed size buffer
vfs_fileid: Fix a signed/unsigned mixup
vfs_fruit: Fix a few signed/unsigned mixups
samdb: Improve debugging in acl_validate_spn_value()
drsuapi: Improve debug in DsWriteAccountSpn
dsdb: Simplify acl_validate_spn_value
lib: Move msghdr to lib/util/
lib: Move poll_funcs to lib/
lib: Add accept_send/recv
lib: Fix CID 1362566 Dereference null return value
rpc_server: Fix CID 1362565 Improper use of negative value
libsmb: Fix two CIDs for NULL dereference
lib: Fix a signed/unsigned mixup
libreplace: Add a closefrom() implementation
lib: Add a little closefrom() test
smbd: Fix a signed/unsigned hickup
smbd: Fix a valgrind error
libnet: Fix CID 1362934: CHECKED_RETURN
ldb: Fix CID 1362935: CHECKED_RETURN
dsdb: Fix CID 1363810: Null pointer dereferences
lib: Print own pid in messaging_init
lib: Avoid a "procid_is_local" call
lib: Allow NULL blob for messaging_send()
tdb: Don't malloc for every record in traverse
lib: Add server_id_watch_send
dbwrap: Add "blocker" to record_watch_send
g_lock: Use "blocker" argument to dbwrap_record_watch_send
dbwrap: Add overflow protection to dbwrap_record_watchers_key()
dbwrap: Add an alternative implementation of dbwrap_watch_record_send
lib: Convert g_lock to new dbwrap_watch
smbd: Convert locking.tdb to new dbwrap_watch
smbd: Convert smbXsrv_open_global.tdb to new dbwrap_watch
smbd: Remove a reference to dbwrap_watch_db()
dbwrap: Remove dbwrap_watchers.tdb based code
lib: Fix a signed/unsigned mixup
smbd: Don't stop sending to children when one send fails
smbd: sconn->sys_notify_ctx is not used
smbd: Factor out notify_init
smbd: Add fsp_fullbasepath
smbd: Avoid a talloc_asprintf
smbd: Add "path" to notify_remove
smbd: "path" is no longer needed in notify_list
smbd: Make notify_callback() public
smbd: There's only one notify_callback
smbd: Pass "sconn" via notify to notify_callback()
smbd: Protect notify_callback from stray pointers
smbd: Remove "listel" from notify_msg
notify_msg: Deregister handler upon talloc_free
smbd: Remember notifyd's serverid
smbd: Log which notifyd was found
smbd: Store notify filters in fsp->notify
smbd: Restart notifyd
smbd: Re-register notify requests
notifyd: Move BlockSignals calls to server.c
smbd: Enable leases by default
tevent: Save 32 bytes of .text in tevent_req_create
tevent: Save 140 bytes of .text in tevent_req_create
tevent: Add overflow protection to tevent_req_create
dsdb: Fix CID 1364520 Incorrect expression (EVALUATION_ORDER)
lib: Move "message_send_all" to serverid.c
fss_agent: Fix a signed/unsigned mixup
smbd: Reset O_NONBLOCK on open files
gencache: Bail out of stabilize if we can not get the allrecord lock
glusterfs: Avoid tevent_internal.h
spoolss: Fix caching of printername->sharename
lib: Fix bug 12291
kcc: Fix a -Werror,-Wformat-security error
Yan, Zheng (2):
s3: vfs: generalize functions that set/get posix acl through xattr
s3: vfs: ceph: Add posix acl support
martijn van brummelen (1):
ctdb-doc: Add ctdb_diagnostics man page
-----------------------------------------------------------------------
No new revisions were added by this update.
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-samba/samba.git
More information about the Pkg-samba-maint
mailing list