[Pkg-samba-maint] [samba] annotated tag upstream/4.7.0+dfsg created (now f68d384)
Mathieu Parent
sathieu at moszumanska.debian.org
Wed Nov 8 20:12:59 UTC 2017
This is an automated email from the git hooks/post-receive script.
sathieu pushed a change to annotated tag upstream/4.7.0+dfsg
in repository samba.
at f68d384 (tag)
tagging aaa7d4dae53bb9a22feef9c2a361693db6a1c991 (commit)
replaces talloc-2.1.6
tagged by Mathieu Parent
on Thu Sep 28 11:24:58 2017 +0200
- Log -----------------------------------------------------------------
Upstream version 4.7.0+dfsg
Abhidnya Joshi (1):
Efficient xattr handling for VxFS Signed-off-by: Abhidnya Joshi <Abhidnya.Joshi at veritas.com>
Alexander Bokovoy (21):
s4-libnet: only build python-dckeytab module for Heimdal in AD DC mode
s3-smbd: Support systemd 230
libnet_join: use sitename if it was set by pre-join detection
Wrap krb5_cc_copy_creds and krb5_cc_copy_cache
logon script: clarify usage for different Samba roles
smb.conf: add identity mapping section
gssapi: check for gss_acquire_cred_from
lib/krb5_wrap: add smb_gss_krb5_import_cred wrapper
credentials_krb5: convert to use smb_gss_krb5_import_cred
libads: convert to use smb_gss_krb5_import_cred
s3-gse: convert to use smb_gss_krb5_import_cred
s3-gse: move krb5 fallback to smb_gss_krb5_import_cred wrapper
lib/crypto: implement samba.crypto Python module for RC4
_netr_ServerPasswordSet2: use info level 26 to set plain text machine password
s3-tests: assignement in shell shall have no spaces around equal sign
systemd: fix detection of libsystemd
libads: abstract out SASL wrapping code
smbldap: expose bind callback via API and increase smbldap ABI version
py3: Make sure to specify METH_VARARGS together with METH_KEYWORDS
Build py3 versions of other rpc modules
Install dcerpc/__init__.py for all Python environments
Alexis La Goutte (1):
Fix typo
Amitay Isaacs (507):
ctdb-doc: Sort the tunable variables in alphabetical order
ctdb-tunables: Add missing flags in the initializer
ctdb-tunables: Mark tunable MaxRedirectCount obsolete
ctdb-tunables: Mark tunable ReclockPingPeriod obsolete
ctdb-doc: Update tunables documentation
ctdb-doc: Add documentation for missing tunables
ctdb-recovery-helper: Get tunables first, so control timeout can be set
ctdb-tunables: Fix the implementation of LIST_TUNABLES control
ctdb-doc: Update ctdb man page
ctdb-doc: Update ctdb man page
ctdb-client: Increase the timeout for TRANS3_COMMIT control
ctdb-protocol: Check header is not null before copying
ctdb-protocol: Add protocol debug routines
ctdb-tests: Add a utility to parse ctdb packets
ctdb-client: Add client API for sending message to multiple nodes
ctdb-tunables: Add new tunable RecBufferSizeLimit
ctdb-protocol: Add new data type ctdb_pulldb_ext for new control
ctdb-protocol: Add new controls DB_PULL and DB_PUSH_START/DB_PUSH_CONFIRM
ctdb-daemon: Implement new controls DB_PULL and DB_PUSH_START/DB_PUSH_CONFIRM
ctdb-client: Add client API functions for new controls
ctdb-recovery-helper: Factor out generic recv function
ctdb-recovery-helper: Pass capabilities to database recovery functions
ctdb-recovery-helper: Rename pnn to dmaster in recdb_records()
ctdb-recovery-helper: Create accessors for recdb structure fields
ctdb-protocol: Add file IO functions for ctdb_rec_buffer
ctdb-recovery-helper: Re-factor function to retain records from recdb
ctdb-recovery-helper: Write recovery records to a recovery file
ctdb-protocol: Introduce variable for checking srvid prefix
ctdb-protocol: Add srvid for messages during recovery
ctdb-protocol: Add new capability
ctdb-recovery-helper: Introduce pull database abstraction
ctdb-recovery-helper: Introduce push database abstraction
ctdb-tests: Add a test for recovery of large databases
ctdb-recovery-helper: Improve log message
ctdb-recovery-helper: Introduce new #define variable
ctdb-protocol: Add srvid for assigning banning credits
ctdb-recoverd: Add message handler to assigning banning credits
ctdb-recovery-helper: Add banning to parallel recovery
ctdb-system: Add ctdb_parse_connections() function
ctdb-doc: Add sample LVS configuration
ctdb-system: Fix typo in ctdb_get_peer_pid
ctdb-protocol: Remove unused CTDB_SRVID_PREFIX
ctdb-protocol: Define a range of SRVIDs used by the ctdb tool
ctdb-daemon: Avoid memory leak
ctdb-tests: Update tests to include new controls
ctdb-tests: Fix flakey test complex/18_ctdb_reloadips.sh
ctdb-tests: Improve code coverage in tests
ctdb-daemon: Remove unused controls related to server_id
ctdb-tool: Remove commands related to server_id
ctdb-client: Remove client functions related to server_id
ctdb-protocol: Remove data structures for obsolete server_id controls
ctdb-client: Set control opcode in reply for one-way controls
ctdb-protocol: Consistency check for opcode in the reply structure
ctdb-client: Use correct TDB flags for opening database
ctdb-protocol: Fix marshalling of ctdb_string
ctdb-protocol: Use ctdb_string marshalling
ctdb-protocol: Fix marshalling of TDB_DATA
ctdb-protocol: Use TDB_DATA marshalling
ctdb-protocol: Fix marshalling of ctdb_req_header
ctdb-protocol: Use ctdb_req_header marshalling
ctdb-protocol: Add length routines for protocol elements
ctdb-protocol: Use length routines for protocol elements
ctdb-protocol: Fix marshalling of ctdb_reply_control
ctdb-protocol: Expose function to allocate a packet
ctdb-protocol: Check arguments in ctdb_allocate_pkt
ctdb-tests: Make sure the packet length matches the allocated size
ctdb-protocol: Drop buffer allocation from protocol push functions
ctdb-protocol: Use consistent names for function arguments
ctdb-client: Drop unnecessary discard_const
ctdb-protocol: Return required buffer size in push functions
ctdb-tests: Get rid of ctdb func tests
ctdb-lvs: Allow override of CTDB for testing
ctdb-natgw: Allow override of CTDB for testing
ctdb-protocol: Add function to compare ctdb_sock_addr
ctdb-tool: Remove xpnn command and related tests
ctdb-tests: Remove ctdb reloadips tests
ctdb-tool: Add test-hooks to enable testing of the tool
ctdb-tool: All errors should be logged via stderr
ctdb-tests: Add fake ctdb daemon implementation for testing
ctdb-tests: Use fake_ctdbd for ctdb tool tests instead of ctdb stub
ctdb-tests: Remove ctdb tool stub code
ctdb-tests: Fix output for ctdb getcapabilities test
ctdb-tests: Fix output for ctdb lvs test
ctdb-tests: Fix output for ctdb reloadnodes tests
ctdb-tests: rename tests from stubby.* to ctdb.*
ctdb-recoverd: Freeze databases whenever the node is INACTIVE
ctdb-recovery: Update timeout and number of retries during recovery
lib/util: Avoid splitting tevent-unix-util as public library
ctdb-packaging: Remove tevent-unix-util public library
lib/poll_funcs: Build as SAMBA_SUBSYSTEM
lib/util: Expose few more subsystems for standalone ctdb build
ctdb-cluster-mutex: Fix #endif decoration
ctdb-tests: Re-use async accept wrapper from async_req
ctdb-tests: Re-use set_blocking instead of re-definition
lib/util: Add a generic definition for set_close_on_exec
ctdb-daemon: Use lib/util functions instead of redefinitions
ctdb-system: Remove duplicate functions
ctdb-recoverd: Avoid duplicate recoverd event in parallel recovery
ctdb-daemon: Reset push_started flag once DB_PUSH_CONFIRM is done
ctdb-protocol: Fix marshaling of uint arrays
ctdb-protocol: Add checks to validate data on wire before unmarshaling
ctdb-protocol: Add checks to validate data on wire before unmarshaling
ctdb-tests: Improve ctdb protocol tests
ctdb-daemon: Do explicit check for integer values
ctdb-daemon: Explicitly assign boolean values
ctdb-locking: Conditionally set real-time priority in lock helper
ctdb-locking: Avoid real-time in lock helper if nosetsched option is set
ctdb-scripts: Add new configuration variable CTDB_NOSETSCHED
ctdb-tests: Update local daemons tests to use CTDB_NOSETSCHED
s3-ctdb: Fail CTDB connection only on INACTIVE state
ctdb-recovery-helper: Fix a comment
ctdb-recovery: Terminate if recovery fails without any banning credits
s3-ctdb: Return an error when unexpected reply is received
ctdb-recoverd: Improve election win messages
ctdb-daemon: Improve log message
ctdb-client: Add sync version of sending multiple messages
ctdb-client: Fix ctdb_rec_buffer traversal routine
ctdb-client: Add async version of delete_record
ctdb-client: Fix implementation of delete_record
ctdb-client: Use async version of delete_record in g_lock unlock
ctdb-client: Factor out ctdb_client_get_server_id function
ctdb-client: If g_lock lock conflicts, try again sooner
ctdb-client: Fix g_lock implementation
ctdb-client: Release g_lock lock before retrying
ctdb-client: Remove commented old g_lock implemention code
ctdb-client: Release the g_lock record once the update is done
ctdb-client: During transaction commit fetch seqnum locally
ctdb-client: Fix implementation of transaction start
ctdb-client: Fix implementation of transaction commit
ctdb-client: Add async version of transaction cancel
ctdb-client: Fix implementation of transaction cancel
ctdb-client: Add debug messages to client db api
ctdb-client: Expose ctdb_ltdb_fetch in client API
ctdb-ib: Include system/wait.h for signal
ctdb-daemon: Check if method is initialized before calling
ctdb-pmda: CTDB client code does not require ctdb->methods
ctdb-daemon: Log ctdb socket in the main daemon
ctdb-build: Exit if requested feature cannot be built
swrap: Build socket_wrapper path relative to blddir
ctdb-tests: Common code to wait for synchronization across cluster
ctdb-tests: Common code to process commandline options
ctdb-tests: Add torture test for g_lock functions
ctdb-tests: Replace ctdb_bench with message_ring using new client API
ctdb-tests: Replace ctdb_fetch with fetch_ring using new client API
ctdb-tests: Replace ctdb_fetch_one with fetch_loop using new client API
ctdb-tests: Replace ctdb_fetch_readonly_once with fetch_readonly using new client API
ctdb-tests: Replace ctdb_fetch_readonly_loop with fetch_readonly_loop using new client API
ctdb-tests: Replace ctdb_transaction with transaction_loop using new client API
ctdb-tests: Replace ctdb_update_record with update_record using new client API
ctdb-tests: Replace ctdb_update_record_persistent with update_record_persistent
ctdb-tests: Convert rb_test into a unit test
ctdb-tests: Rename ctdb_lock_tdb to lock_tdb
ctdb-tests: Rename ctdb_porting_tests to porting_tests
ctdb-tests: Remove unused tests code
ctdb-tests: Add torture test for fetch functions
ctdb-pcp-pmda: Reimplement using new client API
ctdb-web: Remove ctdb webpages from source
ctdb-locking: Drop code for Samba 3.x compatibility
ctdb-tool: Remove ctdb thaw command
ctdb-client: Remove functions ctdb_ctrl_thaw_priority() and ctdb_ctrl_thaw()
ctdb-client: Remove function ctdb_ctrl_thaw() from new client API
ctdb-protocol: Drop marshalling code for THAW control
ctdb-client: Reimplement ctdb_ctrl_freeze_priority() using ctdb_control()
ctdb-client: Drop unused functions ctdb_ctrl_freeze_send/recv
ctdb-client: Mark ctdb_ctrl_freeze_priority static
ctdb-vacuum: Do not use freeze_mode outside freeze code
ctdb-recovery: Remove serial database recovery code
ctdb-daemon: Drop priorites from freeze/thaw code
ctdb-freeze: Drop function thaw_priority()
ctdb-client: Remove ctdb_ctrl_freeze_priority() function
ctdb-protocol: Remove CTDB_NUM_DB_PRIORITIES
ctdb-recoverd: Remove code that updates database priorities during recovery
dbwrap_ctdb: Remove setting of database priority from samba
ctdb-tool: Remove setdbprio and getdbprio commands
ctdb-daemon: Remove implementation of SET/GET_DB_PRIORITY
ctdb-client: Remove client code for set/get_db_priority
ctdb-client: Remove code to set/get_db_priority from new client code
ctdb-protocol: Drop marshalling code for set/get_db_priority
ctdb-protocol: Deprecate controls SET/GET_DB_PRIORITY
ctdb-daemon: Remove priority field from ctdb_db_context
ctdb-locking: Remove API for locking all databases
ctdb-locking: Remove API for locking databases with priority
ctdb-freeze: Remove ctdb_db_prio_frozen() function
ctdb-locking: Remove ctdb_db_prio_iterator function
ctdb-build: Add missing dependency on samba-util
ctdb-tool: Log a message at INFO level
ctdb-tests: Drop ctdb tool debug level to NOTICE
ctdb-tool: Drop arbitrary exit codes
ctdb-tool: Exit with 1 on failure instead of -1
ctdb-tool: Fix a log message in "ctdb reloadnodes"
ctdb-tests: Fix "ctdb status" test
ctdb-tool: Improve "ctdb uptime" output format
ctdb-tool: Simplify "ctdb process-exists"
ctdb-tool: Improve error output in "ctdb setdebug"
ctdb-tests: Implement GET_DEBUG and SET_DEBUG controls in fake_ctdbd
ctdb-tests: Implement GET_RUNSTATE control in fake_ctdbd
ctdb-common: Refactor tunable related functions
ctdb-daemon: Use refactored tunable code
ctdb-tests: Implement controls related to tunables in fake_ctdbd
ctdb-tests: Implement SET_IFACE_LINK_STATE control in fake_ctdbd
ctdb-tests: Add monitoring related controls in fake_ctdbd
ctdb-common: Fix CID 1363227 (Resource leak)
ctdb-tests: Fix CID 1364521 (Argument cannot be negative)
ctdb-tests: Fix CID 1364522 (Argument cannot be negative)
ctdb-tests: Fix CID 1364523 (Argument cannot be negative)
ctdb-tests: Fix CID 1364524 (Argument cannot be negative)
ctdb-tests: Fix CID 1364525 (Argument cannot be negative)
ctdb-tests: Fix CID 1364526 (Argument cannot be negative)
ctdb-doc: Drop documentation for obsolete tunable
ctdb-daemon: Fix statistics update macro
ctdb-tests: Clean database before the test
ctdb-tests: Fix typo
ctdb-tests: Improve test to match exact output
ctdb-tests: Add tests for idempotence
ctdb-tests: Add more tests for ctdb setdbsticky and setdbreadonly
ctdb-tests: Add machinereadable output tests
ctdb-common: Fix parsing of debug level
ctdb-protocol: Add function ctdb_sock_addr_same_ip
ctdb-daemon: Add QueueBufferSize tunable
ctdb-daemon: Reduce QueueBufferSize from 16k to 1k
ctdb-daemon: Use consistent naming for monitoring mode
ctdb-tool: Remove old ctdb tool
ctdb-tool: Add replacement ctdb tool using new client API
ctdb-tests: Adjust unit test output matching new ctdb
ctdb-daemon: Drop the implementation of THAW control
ctdb-protocol: Deprecate THAW control
ctdb-daemon: Drop implementation of global transaction controls
ctdb-client: Drop client code for global transaction controls
ctdb-protocol: Drop marshalling for global transaction controls
ctdb-protocol: Deprecate global transaction controls
ctdb-packaging: Move ctdb configuration to ctdbd.conf
WHATSNEW: ctdb updates
ctdb-tests: Fix valgrind unintialized error
ctdb-tests: Do not add $VALGRIND to ctdb command
ctdb-tests: Removing sleep from porting_tests
ctdb-tests: Add explicit wait to the fork_helper()
ctdb-tools: Fix CID 1364699 - dereference after null check
ctdb-tools: Fix CID 1364701 - resource leak
ctdb-tools: Fix CID 1364702 - resource leak
ctdb-tools: Fix CID 1364703 - resource leak
ctdb-tools: Fix CID 1364704 - resource leak
ctdb-tools: Fix CID 1364705 - resource leak
ctdb-tools: Fix CID 1364706 - resource leak
ctdb-tools: Free record if it does not contain valid data
ctdb-tools: Free tickle list before exiting
ctdb-tools: Free connection list after processing it
ctdb-tools: Close tdb database on error
ctdb-tools: Free temporary memory context before exiting
ctdb-client: transaction_cancel must free transaction handle
ctdb-tools: Cancel transaction on error or if commit fails
ctdb-tools: Use INVALID_GENERATION macro instead of value
dbwrap: Fix structure initialization
nss_wrapper: Add missing check for printf format validation
resolv_wrapper: Update config variable name to match the code
ctdb-tests: Log errors if the test fails
ctdb-common: Fix format-nonliteral warning
ctdb-daemon: Fix format-nonliteral warning
ctdb-daemon: Fix format-nonliteral warning
ctdb-daemon: Fix format-nonliteral warning
ctdb-recovery-helper: Fix format-nonliteral warning
ctdb-ib: Fix DEBUG log messages
ctdb-pmda: Use 1s timeout for fetching statistics
ctdb-tools: Addition of IPs is deferred until the next takeover run
ctdb-tools: Drop "ctdb rebalanceip"
ctdb-tools: Drop "ctdb rebalancenode"
s3-lib: Pass missing argument for format string
s3-libnet: Add missing format element
s3-lib: Remove unused function sprintf_append
talloc: Fix format-nonliteral warning
tdb: Fix format-nonliteral warning
lib/util: Fix format-nonliteral warning
ldb: Fix format-nonliteral warning
s3-lib: Fix format-nonliteral warning
s3-include: Fix format-nonliteral warning
s3-netapi: Fix format-nonliteral warning
s3-libnet: Fix format-nonliteral warning
regedit: Fix format-nonliteral warning
wibindd: Fix format-nonliteral warning
passdb: Fix format-nonliteral warning
torture: Fix format-nonliteral warning
lib/util: Fix format strings and argument data types
ctdb-protocol: Fix marshalling for GET_DB_SEQNUM control request
ctdb-common: Use correct db_id size in marshalling record buffer
s3-ctdb: Use correct db_id size in marshalling record buffer
ctdb-recoverd: Drop code to freeze databases from set_recovery_mode()
ctdb-daemon: Remove NUM_DB_PRIORITIES
ctdb-recovery-helper: Add missing initialisation of ban_credits
ctdb-daemon: Avoid extra condition in tevent trace callback
ctdb-daemon: Log a message when fork() takes long time
ctdb-daemon: Log a message when vfork() takes long time
ctdb-locking: Log if ctdb is unable to take db locks in INACTIVE state
ctdb-locking: Restrict lock debugging to once per second
ctdb-common: Add routines to manage PID file
Revert "ctdb-common: Use SCHED_RESET_ON_FORK when setting SCHED_FIFO"
ctdb-common: Simplify code using local variables
ctdb-daemon: Simplify code using local variable
ctdb-common: Simplify code using tdb_storev
ctdb-daemon: Simplify code using tdb_storev
ctdb-client: Simplify using a local variable
ctdb-client: Simplify using tdb_storev
ctdb-tool: Simplify using tdb_storev
ctdb-tools: Simplify using tdb_storev
ctdb-tools: Simplify using a local variable
ctdb-packaging: Update required tdb version for tdb_storev()
dlz-bind: Fix preprocessor checks for BIND versions
dlz-bind: Fix initialization of DLZ_DLOPEN_AGE
dlz-bind: Set DNS_CLIENTINFO_VERSION based on BIND version
dlz-bind: Add support for BIND 9.11.x
provision: Add support for BIND 9.11.x
ctdb-scripts: Fix calculation of CTDB_BASE
ctdb-locking: Reset real-time priority in lock helper
ctdb-recovery: Avoid NULL dereference in failure case
ctdb-tests: Remove unused test code
ctdb-daemon: Consolidate command line options to ctdbd
ctdb-daemon: Remove unused code cmdline.[ch]
ctdb-daemon: Mark RecoverPDBBySeqNum tunable deprecated
replace: Include libgen.h if available
ctdb-daemon: Remove tevent debug logging
ctdb-logging: Refactor logging code
ctdb-logging: Remove duplicate logging code
ctdb-daemon: Consolidate initialization of logging and debug level
ctdb-daemon: Fix debug messages
ctdb-daemon: Don't depend on debug_extra in exit handler
ctdb-daemon: Remove setting of debug_extra via ctdb_set_child_info()
ctdb-daemon: Remove setting of debug_extra from switch_from_server_to_client()
ctdb-daemon: Remove setting of debug_extra
ctdb-logging: Get rid of debug_extra
ctdb-recoverd: Log a message when terminating
ctdb-daemon: Initialize logging in recovery daemon
ctdb-daemon: Log to stderr when running in interactive mode
ctdb-daemon: Add ctdb_vfork_exec()
ctdb-locking: Start locking helper using ctdb_vfork_exec
ctdb-recovery: Start recovery helper with ctdb_vfork_exec
ctdb-build: Avoid duplicate list of man pages
ctdb-build: Generate pre-built documentation in wscript itself
ctdb-scripts: Add explicit check for service reconfiguration
ctdb-scripts: Drop ctdb_check_service_reconfigure
ctdb-daemon: Move function typedef to where it's used
ctdb-tests: Display filtered output when the test fails
ctdb-tests: Do not remove event script dir before shutting down ctdb
ctdb-build: Remove unnecessary intermediate build target
ctdb-tool: Allow passing multiple command-line arguments to helper
ctdb-tool: Improve error reporting if helper execution fails
ctdb-protocol: Fix marshalling of string with length
ctdb-protocol: Add marshalling for int32_t
ctdb-common: Add run_proc abstraction
ctdb-common: Add generic socket I/O
ctdb-common: Add sock_daemon abstraction
ctdb-protocol: Add data types for eventd communication
ctdb-protocol: Add marshalling for eventd protocol
ctdb-eventd: Add event script handling daemon
ctdb-client: Add client api for eventd communication
ctdb-tool: Add helper for talking to event daemon
ctdb-tests: Add tests for event daemon
ctdb-tool: Add new command "event" to ctdb tool
ctdb-tool: Drop disablescript, enablescript and eventscript commands
ctdb-daemon: Drop implementation of eventscript controls
ctdb-client: Drop client code for eventscript controls
ctdb-protocol: Drop marshaling for eventscript controls
ctdb-protocol: Deprecate eventscript controls
ctdb-daemon: Refactor check for valid events during recovery
ctdb-daemon: Add functions to talk to event daemon
ctdb-daemon: Switch to using event daemon
ctdb-daemon: Remove ctdb_event_helper
ctdb-common: Simplify async computation for sock_socket_write_send/recv
ctdb-tests: Add another test for sock_daemon
ctdb-common: Fix a bug in packet reading code for generic socket I/O
ctdb-tests: Add tests for generic socket I/O
ctdb-tests: Do not attempt to unregister the join handler multiple times
ctdb-locking: Remove support for locking multiple databases
ctdb-locking: Explicitly unlock record/db in lock helper
ctdb-tests: Add robust mutex test
ctdb-takeover: Known and available IP lists should be the same size as nodemap
ctdb-tests: Fix name of the variable representing init script
ctdb-common: Correct name of sock_daemon_run_send/recv state structure
ctdb-common: Use consistent naming for sock_daemon_run computation functions
ctdb-common: Pass tevent_req to the computation sub-functions
ctdb-common: Avoid any processing after finishing tevent_req
ctdb-common: Add wait_send/wait_recv to sock_daemon_funcs
ctdb-daemon: Remove stale eventd socket
ctdb-tests: Drop calls to ctdb_service_managed and ctdb_service_unmanaged
ctdb-tests: Do not build mutex test if robust mutexes are not supported
ctdb-tests: Use replace headers instead of system headers
ctdb-common: ioctl(.. FIONREAD ..) returns an int value
ctdb-build: Install CTDB tests correctly from toplevel
ctdb-common: Fix use-after-free error in comm_fd_handler()
ctdb-tests: Add more comm tests
ctdb-locking: Remove unnecessary global variable
ctdb-common: Refactor code to remove a stale socket
ctdb-daemon: Use sock_clean() to remove stale sockets
ctdb-build: Split dist() target to generate manpages separately
ctdb-build: Add make target for generating manpages
build: Fix generation of CTDB manpages while creating tarball
replace: Fix compiler warning flag
lib/util: Fix initializer
ctdb-readonly: Avoid a tight loop waiting for revoke to complete
ctdb-tools: Avoid deferencing argv[0] if argc == 0
ctdb-common: Add traverse_update function to db_hash abstraction
ctdb-common: Add hash_count abstraction
ctdb-daemon: For hot records, use count instead of hopcount
ctdb-daemon: Add tracking of migration records
ctdb-docs: Fix documentation of -n option to ctdb tool
ctdb-logging: Initialize DEBUGLEVEL before changing the value
ctdb-tests: Explicitly search for the specific log entry
ctdb-tests: Use tighter pattern for matching expected output
Revert "ctdb-readonly: Avoid a tight loop waiting for revoke to complete"
ctdb-readonly: Avoid a tight loop waiting for revoke to complete
wafsamba: Allow to specify VERSION file path
ctdb-build: Simplify generation of version header files
ctdb-packaging: Remove mkversion.sh script
ctdb-keepalive: Move ctdb_send_keepalive() to ctdb_keepalive.c
ctdb-daemon: Do not allow mixed ctdb versions in a cluster
ctdb-daemon: Add AllowMixedVersions tunable
ctdb-common: Update run_proc api to re-assign stdin
ctdb-common: Add run_event abstraction
ctdb-eventd: Use run_event abstraction
ctdb-eventd: Avoid passing NULL pointer to printf( %s )
ctdb-tools: Always exit with positive return value
ctdb-client: Rename ctdb_db_travese to ctdb_db_traverse_local
ctdb-protocol: Allocate SRVID range for ctdb client
ctdb-client: Refactor cluster-wide database traverse api
ctdb-tools: Use traverse api to re-implement ctdb catdb command
ctdb-client: Create sync wrappers for managing message handlers
ctdb-client: Add async api for detaching a database
ctdb-client: Move ctdb_ctrl_modflags() to ctdb tool
ctdb-client: Move sync API to a separate header
ctdb-client: Move eventd API to a separate header
ctdb-client: Document ctdb client API
provision: Update root DNS servers list
ctdb-recovery: Log messages at various debug levels
ctdb-daemon: Delete empty records from persistent database
ctdb-recovery: Delete empty records during recovery
ctdb-tests: Fix function names in protocol test
ctdb-client: Add correct control names to log messages
ctdb-locking: There are no ALLDB locks any more
ctdb-locking: Reduce logging in case of contention
ctdb-locking: If a record could not be locked, log the key
ctdb-recovery: Assign banning credits if database fails to freeze
ctdb-recovery: Setting up of recmode should be idempotent
ctdb-recovery: Simplify logging of recovery mode setting
ctdb-recovery: Finish processing for recovery mode ACTIVE first
ctdb-recovery: Get recmode unconditionally in the main_loop
ctdb-recovery: Do not run local ip verification when in recovery
ctdb-scripts: Don't send empty argument string to logger
ctdb-daemon: Once database is attached, do not modify tdb flags
ctdb-daemon: Store tdb flags just after tdb is opened in ctdb_local_attach()
ctdb-locking: Get tdb open flags from tdb instead of re-calculating
ctdb-daemon: Refactor calculation of tdb open flags based on database type
ctdb-daemon: Ignore tdb open flags passed to DB attach controls
ctdb-client: Stop sending tdb_flags with DB_ATTACH controls
ctdb-client: Drop tdb_flags argument to ctdb_attach()
ctdb-daemon: Drop extra boolean arguments to ctdb_local_attach()
ctdb-protocol: Add new control to get database open flags
ctdb-daemon: Implement DB_OPEN_FLAGS control
ctdb-protocol: Add protocol marshalling for control DB_OPEN_FLAGS
ctdb-client: Add sync api for control DB_OPEN_FLAGS
ctdb-client: Add a function to get db open flags
ctdb-client: Ask daemon for db open flags
ctdb-client: Ask daemon for db open flags
ctdb-client: Remove calaculation of tdb flags
ctdb-client: Do not pass tdb open flags to db attach api
ctdb-protocol: Do not pass tdb open flags to DB attach controls
ctdb-tests: Fix control reply data for DB_ATTACH_PERSISTENT control
ctdb-protocol: Add DB_OPEN_FLAGS control to debug
ctdb-daemon: Add accessors for CTDB_DB_FLAGS_PERSISTENT flag
ctdb-daemon: Add accessors for CTDB_DB_FLAGS_READONLY flag
ctdb-daemon: Add accessors for CTDB_DB_FLAGS_STICKY flag
ctdb-daemon: Store db_flags instead of individual boolean flags
ctdb-daemon: Pass db_flags instead of passing persistent flag
ctdb-recovery: Use db_flags instead of a boolean persistent flag
ctdb-client: Store db_flags instead of a boolean persistent flag
ctdb-protocol: Add CTDB_DB_FLAGS_REPLICATED for new type of database
ctdb-daemon: Calculate tdb flags for replicated databases
ctdb-daemon: Add accessors for CTDB_DB_FLAGS_REPLICATED flag
ctdb-protocol: Add new control CTDB_CONTROL_DB_ATTACH_REPLICATED
ctdb-daemon: Add implementation for CTDB_CONTROL_DB_ATTACH_REPLICATED control
ctdb-protocol: Add marshalling for CTDB_CONTROL_DB_ATTACH_REPLICATED control
ctdb-client: Add sync api for DB_ATTACH_REPLICATED control
ctdb-client: Add db support for CTDB_DB_FLAGS_REPLICATED
ctdb-tools: Allow attach for replicated databases
ctdb-tests: Add database type option for tests
ctdb-tests: Support replicated db in tool tests
ctdb-tests: Generalize transaction_loop test
ctdb-tests: Add transaction/recovery test for replicated database
ctdb-daemon: Increase priority of logs for node connect/disconnect
ctdb-daemon: Increase priority of logs for recmaster changes
ctdb-daemon: Increase priority of logs when node is stopped/continued
ctdb-daemon: Increase priority of logs when ctdb starts up disabled/stopped
ctdb-daemon: Increase priority of logs when shutting down
ctdb-daemon: Increase priority of logs when recovery happens
dbwrap: CTDB ignores tdb_flags passed to db attach controls
dbwrap_ctdb: Fix calculation of persistent flag
ctdb-tests: Add functions to start/stop/restart ctdb on single node
ctdb-tests: Add functions to start/stop/restart a single local daemon
ctdb-tests: Add a test to check databases are attached with correct flags
ctdb-client: Fix ctdb_ctrl_createdb() to use database flags
ctdb-client: Optionally return database id from ctdb_ctrl_createdb()
ctdb-client: Fix ctdb_attach() to use database flags
ctdb-daemon: Fix implementation of process_exists control
ctdb-tests: Fix the implementation of process-exists in fake daemon
ctdb-tests: Add a dummy ctdb client for testing
ctdb-tests: Fix ctdb process-exist tests
ctdb-tests: Fix ctdb test binary name in path testing
ctdb-daemon: Add a function to check if db access is allowed
ctdb-daemon: GET_DB_SEQNUM should read database conditionally
ctdb-daemon: Free up record data if a call request is deferred
ctdb-client: Initialize ctdb_ltdb_header completely for empty record
Andreas Schneider (556):
s3-libads: Pass down the salt principal in smb_krb5_kt_add_entry()
s3-libads: Call smb_krb5_create_key_from_string() directly
s3-libads: Use the C99 boolean false
krb5_wrap: Move smb_krb5_kt_add_entry() to krb5_wrap
krb5_wrap: Add smb_krb5_open_keytab_relative() function
s3-libnet: Allow the keytab function to use a relative path
s4-libnet: Implement export_keytab without HDB
s4-selftest: Make export keytab test heimdal specific
krb5-wrap: Use the principal returned by the KDC to create the ccache
mit_samba: Make mit_samba a shim layer between Samba and KDB
mit_samba: Directly pass the principal and kflags
mit_samba: Add ks_is_tgs_principal()
mit_samba: Add function to change the password
mit_samba: Add functions to generate random password and salt.
mit_samba: Add function for handling bad password count
mit_samba: Setup logging to stdout
wscript: Build the KDC code if we have the AD DC build enabled
mit-kdb: Add initial MIT KDB Samba driver
mit-kdb: Add more ks_is_kadmin* functions.
mit-kdb: Do not allow to get a kadmin ticket as a client.
mit-kdb: Add ks_create_principal().
mit-kdb: Add ks_get_admin_principal() and use it for kadmin users.
mit-kdb: Implement KDB function to change passwords
mit-kdb: Add support for bad password count
mit-kdb: Add support for KDB version 8
mit-kdb: Fix segfault in krb5kdc dereferencing an invalid pointer
mit-kdb: Add missing SDB_F_FOR_AS_REQ for AS requests
lib: Update socket_wrapper to version 1.1.6
lib: Update uid_wrapper to version 1.2.1
lib: Update nss_wrapper to version 1.1.3
s4-libnet: Link dckeytab.so correctly when is AD DC enabled
pam_winbind: Use the correct type to check the pam_parse() return code
pam_winbind: Create and use a wbclient context
util: Add memcmp_const_time()
libcli:smb2: Use constant time memcmp() to verify the signature
s4:libcli:smb2: Use constant time memcmp() to verify the signature
s3-libads: Fix compilation with MIT Kerberos
s3-net: Convert the key_name to UTF8 during migration
s3-net: Cleanup the code of printing migration
swrap: Update to version 1.1.7
s3-smbspool: Log to stderr
rwrap: Update resolve_wrapper to version 1.1.4
torture: Fix trailing whitespaces in krb5 tests
torture: Add a dummy test for MIT Kerberos case
sdb: Do not set disallow if we do not have ticket info in the DB
kdb: Do not allocate memory with size 0
sdb: Fix NULL pointer deference if we return early
sdb: Do not create kmod information if we return early
mit_samba: Return 0 in case of a wrong realm
mit_samba: Fix flags that we get a referral tickets
mit_samba: Allow to use SPNs for AS-REQ
selftest: Set the correct hostname
s3-script: Install the findsmb script
s3-libnetapi: Correctly check for lp_realm.
samba_dnsupdate: Work around a bug in nsupdate
selftest: Use the correct smb.conf for ldbsearch
selftest: Remove unneeded sleep before first ldbsearch execution
selftest: Consistently check for provision return code
selftest: Fix indentation in wait_for_start()
selftest: Add newlines for info output
selftest: Remove nbt wait time
s4-kdc: Rename heimdal KDC files
krb5_wrap: Add smb_krb5_mk_error()
s4-kdc: Use smb_krb5_mk_error() in kdc implemenation
s4-kdc: Use smb_krb5_mk_error() in kpasswd implementation
s4-kdc: Put the heimdal kdc config into a private data pointer
s4-kdc: Use better and simpler names for the kdc_process_ret enum
s4-kdc: Move definitions to kdc-server.h
s4-kdc: Move kdc_process_fn_t declaration to kdc-server.h
s4-kdc: Move KDC socket structs to krb5-server.h
s4-kdc: Rename proxy-heimdal.c to kdc-proxy.c
s4-kdc: Create a kdc-proxy.h header file
s4-kdc: Move KDC packet handling functions to kdc-server.c
util: Fix a possible null pointer dereference
librpc: Check for negative return value of socket_get_fd()
s3-torture: Do some code hygiene in the ldb test
s4-dsdb: Fix a possible NULL pointer dereference
s4-ntlm: Fix a NULL pointer dereference in error path
smbget: Fix a memory leak
nsswitch: Fix wbclient torture_assert_wbc_ok_goto_fail macro
nsswitch: Fix memory leak in test_wbc_pingdc()
nsswitch: Fix memory leak in test_wbc_get_sidaliases()
nsswitch: Fix memory leak in test_wbc_pingdc2()
nsswitch: Fix memory leak in test_wbc_domain_info()
nsswitch: Fix memory leak in test_wbc_users()
nsswitch: Fix memory leak in test_wbc_groups()
nsswitch: Fix memory leak in test_wbc_trusts()
s3-libnet: Add a comment to make cleaŕ we want to fall through
libutil: Support systemd 230
selftest: Skip smbtorture_s3 tests against ntvfs
selftest: Skip the Samba4 rap tests
selftest: Skip s4 smb2 rename tests
selftest: Remove samba4 delaywrite tests we skip
selftest: Remove samba4.smb2.compound tests we skip
selftest: Skip also s4 base.createx_sharemodes_dir
selftest: Skip the samba4.raw.eas tests
s3-winbind: Fix memory leak with each cached credential login
tsocket: Do not dereference a NULL pointer
s4-torture: Add torture_check_krb5_error() function
s4-torture: Add AES and RC4 enctype checks
s4-dsdb: Add missing header file for write() and close()
selftest: Do not use the deprecated samba-tool user add
testprogs: Do not use the deprecated samba-tool user add
ctdb-waf: Move ctdb tests to libexec directory
s3-spoolss: Support for adding printer drivers with info level 8
s4-torture: Enable tests for printer driver info level 8
s3-util: Fix asking for username and password in smbget.
mit_samba: Add missing argument passed to authsam_make_user_info_dc()
mit_samba: Add missing copyright
s4-kdc: pac-glue: Add support for MIT pkinit
gensec_krb5: Rename gensec_krb5_util to gensec_krb5_heimdal
gensec_krb5: Rename smb_rd_req_return_stuff()
gensec_krb5: Use krb5_wrap setup_kaddr() to convert address
gensec_krb5: Only set the event context with Heimdal
gensec_krb5: Use kerberos_free_data_contents() to free krb5 data
gensec_krb5: Use implementation idependent krb5_mk_req_extended()
gensec_krb5: Use get_krb5_smb_session_key() in gensec_krb5_session_key()
krb5_wrap: Rename setup_kaddr()
krb5_wrap: Rename get_kerberos_allowed_etypes()
krb5_wrap: Rename kerberos_free_data_contents()
krb5_wrap: Rename krb5_copy_data_contents()
krb5_wrap: Move krb5_auth_con_setuseruserkey() to the top
krb5_wrap: Move all ads function to the end
krb5_wrap: Use consistent naming for setup_auth_context()
krb5_wrap: Use consistent naming for create_gss_checksum()
krb5_wrap: Fix formatting issues in ads_krb5_mk_req()
krb5_wrap: Improve return value checks and debug messsages
krb5_wrap: Rename cli_krb5_get_ticket()
krb5_wrap: Fix ads_krb5_cli_get_ticket() return checks and debug messages
krb5_wrap: Cleanup some code in ads_krb5_cli_get_ticket()
krb5_wrap: Move krb5_free_unparsed_name() to the top
krb5_wrap: Rename get_krb5_smb_session_key()
krb5_wrap: Move krb5_princ_component() to the top
krb5_wrap: Remove redundant comment
krb5_wrap: Document smb_krb5_renew_ticket()
krb5_wrap: Document smb_krb5_free_addresses()
krb5_wrap: Document smb_krb5_gen_netbios_krb5_address()
krb5_wrap: Remove unneded smb_krb5_free_error()
krb5_wrap: Remove unused handle_krberror_packet()
krb5_wrap: Remove unneeded smb_krb5_get_init_creds_opt_alloc()
krb5_wrap: Remove unneeded smb_krb5_get_init_creds_opt_free()
krb5_wrap: Rename smb_get_enctype_from_kt_entry()
krb5_wrap: Document smb_krb5_kt_get_enctype_from_entry()
krb5_wrap: Document smb_krb5_kt_free_entry()
krb5_wrap: Document smb_krb5_enctype_to_string()
krb5_wrap: Rename smb_krb5_open_keytab_relative()
krb5_wrap: Document smb_krb5_kt_open_relative()
krb5_wrap: Fix whitespace issues in smb_krb5_kt_open_relative()
krb5_wrap: Rename smb_krb5_open_keytab()
krb5_wrap: Document smb_krb5_kt_open()
krb5_wrap: Rename smb_krb5_keytab_name()
krb5_wrap: Document smb_krb5_kt_get_name()
krb5_wrap: Document smb_krb5_keyblock_init_contents()
waf: Check for the correct function name
krb5_wrap: Add MIT implmentation of smb_krb5_keyblock_init_contents()
krb5_wrap: Rename kerberos_kinit_keyblock_cc()
krb5_wrap: Improve smb_krb5_kinit_keyblock_cache() documentation
krb5_wrap: Rename kerberos_kinit_password_cc()
krb5_wrap: Document smb_krb5_kinit_password_ccache()
krb5_wrap: Rename kerberos_kinit_s4u2_cc()
krb5_wrap: Improve smb_krb5_kinit_s4u2_ccache() documentation
krb5_wrap: Document smb_krb5_make_principal()
krb5_wrap: Document smb_krb5_make_pac_checksum()
krb5_wrap: Fix documentation of smb_krb5_principal_get_realm()
krb5_wrap: Improve smb_krb5_principal_set_realm() documentation
krb5_wrap: Rename kerberos_get_principal_from_service_hostname()
krb5_wrap: Document smb_krb5_get_principal_from_service_hostname()
krb5_wrap: Document smb_get_krb5_error_message()
krb5_wrap: Improve smb_krb5_get_allowed_weak_crypto() documentation
krb5_wrap: Improve smb_krb5_principal_get_type() documentation
krb5_wrap: Improve smb_krb5_principal_set_type() documentation
krb5_wrap: Improve krb5_warnx() documentation
krb5_wrap: Use 'samba-kdc' for com_err whoami in krb5_warnx()
krb5_wrap: Document smb_krb5_cc_copy_creds()
krb5_wrap: Improve smb_krb5_parse_name() documentation
krb5_wrap: Improve smb_krb5_unparse_name() documentation
krb5_wrap: Remove unused smb_krb5_parse_name_norealm()
krb5_wrap: Remove unused smb_krb5_principal_compare_any_realm()
krb5_wrap: Move unwrap_edata_ntstatus() and make it static
s3-libads: Rename smb_krb5_get_ntstatus_from_krb5_error_init_creds_opt()
s4-heimdal: Export krb5_init_creds_* functions
s3-libads: Use non-deprecated function to get the error
s3-libads: Support for MIT Kerberos ntstatus from init_creds
s3-libads: Do not use deprecated krb5_get_init_creds_opt_init()
s3-libads: Do not use deprecated krb5_change_password()
s4-dsdb: Change debug level for replication
util: Fix the documentation of push_utf8_talloc()
dsdb: Do not use free'd memory.
Revert "krb5_wrap: Add MIT implmentation of smb_krb5_keyblock_init_contents()"
gensec_krb5: Do not leak memory of target_principal
heimdal: Fix reauthentication after password change
testprogs: Add a common test_smbclient_expect_failure() function
testprogs: Add a new test_password_settings.sh script
testprogs: Make test_passwords.sh a Heimdal kpasswd test
testprogs: Test only what the Heimdal kpasswd test should test
krb5_wrap: Fix smb_krb5_mk_error() with MIT Kerberos
s4-kdc: Move kpasswd_make_error_reply() to a helper file
s4-kdc: Move kpasswd_make_pwchange_reply() to a helper file
s4-kdc: Add a kpasswd_samdb_set_password() helper function
s4-kdc: Allow to set the keytab_name in the kdc_server structure
s4-kdc: Add a new kpasswd service implementation
s4-kdc: Add new kpasswd service Heimdal backend
s4-kdc: Switch to the new kpasswd service implementation
s4-kdc: Do not leak memory on error in kpasswd_make_error_reply()
nsswitch: Add missing arguments to wins gethostbyname*
waf: Explicitly link against libnss_wins.so
nsswitch: Also set h_errnop for nss_wins functions
s3-selftest: Rename samba3.ntlm_auth.krb5 old ccache test
s3-script: Use unique krb5ccache name
testprogs: Use better KRB5CCNAME in test_password_settings.sh
testprogs: Use own credential cache for test_client_etypes.sh
nsswitch: Use own credential cache for wbinfo tests
s3-lib: Do not create 'MACHINE$@' usernames
s3-lib: Parse WORKGROUP\username in set_cmdline_auth_info_username()
s3-lib: Do not set an empty string in split_domain_user()
s4-kdc: Sort encrytion keys in descending order of strength
s4-sdb: Generate etypes list out of keys list
s4-kdc: Remove unused etypes from sdb structure
selftest: Fix variable name for krb5.conf
selftest: Do not use a central credential cache
gensec_krb5: Create a MIT Kerberos gensec_krb5_session_info()
gensec_krb5: Implement smb_krb5_rd_req_decoded() with MIT Kerberos
s4-libnet: Use SetUserInfo2 to set the account flags
s3-libnet: Pass enum value names to dcerpc_samr_SetUserInfo2()
s3-utils: Fix loading smb.conf in smbcquotas
s3-param: Add comment to call lp_load_global() after popt processing
s3-rpcclient: Fix initializing rpcclient
selftest: Create AD users alice and bob
s3-lib: Fix %G substitution in AD member environment
selftest: Create a share with %D %U and %G substituion
s3-selftest: Add a substituions testcase
waf: Cleanup deps list for smbregistry
waf: Cleanup deps list for smbd
s4-rpc_server: Use DCERPC_NCA_S_UNKNOWN_IF for fault code
idl: Remove unused DCERPC_FAULT_UNK_IF
s3-winbind: Do not return NO_MEMORY if we have an empty user list
s3-printing: Improve debug message
s3-spoolss: Remove printer from registry if it is unpublished
s3-client: Sync in tool cmdline help with smbclient manpage
s3-printing: Correctly encode CUPS printer URIs
s3-printing: Allow printer names longer than 16 chars
s3-epmapper: Ignore epm_Map object guid
libcli/smb: add smb1cli_session_setup_lm21_send/recv()
s3:libsmb: handle the spnego as a first action in cli_session_setup_send()
s3:libsmb: split out a cli_session_creds_init() function
s3-winbind: Directly pass creds with cli_session_setup_creds()
s3:tests: Set missing directories for test_registry_upgrade.sh
lib:util: Don't print lstat warning on ERROR debug level
s3:rpcclient: Print a new line on exit
s3:messaging: Create an messaging_init_internal() returning NTSTATUS
s3:messaging: Add messaging_init_client() function
s3:rpcclient: Use messaging_init_client()
s3:net: Use messaging_init_client()
nss_wins: Fix errno values for HOST_NOT_FOUND
s4:torture: Strip trailing whitespaces in session_key.c
s4:torture: Normalizes names in session_key test
s4:torture: Fix cleanup of the secrets object in session_key test
Update .ycm_extra_conf.py
s3:spoolss: Set default OS Version to Windows Server 2003 R2 SP2
s3:spoolss: Return error when there is no driver assigned
s3:spoolss: Improve debug messages in construct_printer_driver
s3:spoolss: Add support for COPY_FROM_DIRECTORY in AddPrinterDriverEx
s3:spoolss: Add some useful debug messages on error
lib:torture: Make variables const
s4:torture: Add tortue test for AddPrinterDriverEx with COPY_FROM_DIRECTORY
s3-libads: Fix canonicalization support with MIT Kerberos
s3:param: Add an 'include system krb5 conf' option
s3:libads: Include system /etc/krb5.conf if we use MIT Kerberos
selftest: Do not include system krb5.conf in selftest
util: Initialize pointer
libsocket: Make sure ifr.ifr_name is null-terminated
s3:waf: Reformat msrpc3
s3:waf: Reformat gpo
s3:waf: Reformat AVAHI
s3:waf: Reformat GROUPDB
s3:waf: Reformat TLDAP
s3:waf: Reformat samba-passdb
s3:waf: Reformat pdb
s3:waf: Reformat smbldaphelper
s3:waf: Reformat param
s3:waf: Reformat smbregistry
s3:waf: Reformat REG_SMBCONF
s3:waf: Reformat REG_FULL
s3:waf: Reformat samba3-util
s3:waf: Reformat TDB_LIB
s3:waf: Reformat messages_dgm
s3:waf: Reformat samba3core
s3:waf: Reformat libsmb
s3:waf: Reformat secrets3
s3:waf: Reformat ads
s3:waf: Reformat smbconf
s3:waf: Reformat smbd_base
s3:waf: Reformat LOCKING
s3:waf: Reformat PRINTBASE
s3:waf: Reformat PRINTBACKEND
s3:waf: Reformat printing_migrate
s3:waf: Reformat PRINTING
s3:waf: Reformat LIBNET_DSSYNC
s3:waf: Reformat LIBNET_SAMSYNC
s3:waf: Reformat LIBNMB
s3:waf: Reformat SERVICES
s3:waf: Reformat PLAINTEXT_AUTH
s3:waf: Reformat PASSCHANGE
s3:waf: Reformat SLCACHE
s3:waf: Reformat DCUTIL
s3:waf: Reformat trusts_util
s3:waf: Reformat samba3-util
s3:waf: Reformat CHARSET3
s3:waf: Reformat errors3
s3:waf: Reformat libcli_netlogon3
s3:waf: Reformat cli_spoolss
s3:waf: Reformat smbclient
s3:waf: Reformat smbspool
s3:waf: Reformat smbspool_krb5_wrapper
s3:waf: Reformat locktest2
s3:waf: Reformat smbstatus
s3:waf: Reformat smbtorture3
s3:waf: Reformat smbconftort
s3:waf: Reformat msgtest
s3:waf: Reformat msg_sink
s3:waf: Reformat msg_source
s3:waf: Reformat pdbtest
s3:waf: Reformat vfstest
s3:waf: Reformat versiontest
s3:waf: Reformat rpc_open_tcp
s3:waf: Reformat vlp
s3:waf: Move popt_samba3 up in the stack
s3:waf: Move cbuf functions to samba3-util
s3:waf samba3util requires CHARSET3
s4:waf: Remove unneded dependency to s3 param
s3:waf: Make PARAM and SMBREGISTRY a subsystem of smbconf only
s3:waf: Remove unneeded CHARSET3 dependency
printing: Fix building with CUPS version older than 1.7
s3-testparm: Fix trailing whitespaces
s3-testparm: Print error if the default backend is incorrect
s3-testparm: Print an error if we have overlapping idmap config
s3:winbind: Do not start with an invalid default idmap backend
s3:crypto: Use smb_krb5_kt_open_relative() for MEMORY keytab
krb5_wrap: More checks for absolute path in smb_krb5_kt_open()
krb5_wrap: Remove incorrect absolute path checks in smb_krb5_kt_open_relative()
docs: Update doc to use absolute path for 'dedicated keytab file'
testsuite: Add cmocka unit test for smb_krb5_kt_open()
WHATSNEW: Use capital K for Kerberos
WHATSNEW: Add Printing changes
WHATSNEW: Add some information about ID mapping
auth/credentials: Add talloc NULL check in cli_credentials_set_principal()
auth/credentials: Move function to free ccaches to the top
auth/credentials: Add NULL check in free_mccache()
auth/credentials: Add NULL check to free_dccache()
s3-rpc_client: Pass NULL as no password
testprogs: Use better KRB5CCNAME in test_password_settings.sh
auth/gensec: Fix typo in log message
auth/credentials: Add missing error code check for MIT Kerberos
replace: Include sysmacros.h
auth/credentials: Always set the the realm if we set the principal from the ccache
gensec: Fix picky developer with MIT Kerberos
gensec: Cast data for MIT Kerberos correctly
mit-kdb: Use calloc() to allocate memory
mit-kdb: Remove unneeded memset()
credentials: Create a smb_gss_krb5_copy_ccache() function
s4-torture: cleanup architecture handling in spoolss driver tests.
s3-spoolss: Fix architecture handling in spoolss_DeletePrinterDriverEx call
rpc_server: Use the RPC TCPIP ports of Windows
rpc_server: Allow to configure the port range for RPC services
util:charset: Return EILSEQ in smb_iconv() if newer libc is detected
s3-vfs: Only walk the directory once in open_and_sort_dir()
waf: Do not install the unit test binary for krb5samba
ctdb: Do not leak fd handle in control_restoredb()
s4-torture: Use the correct variable type in torture_smb2_maxfid()
s4-kcc: Do not dereference a NULL pointer
s3-vfs: Do not deref a NULL pointer in shadow_copy2_snapshot_to_gmt()
ndrdump: Fix a possible NULL pointer dereference
s4:torture: Make sure handles are initialized
s3:torture: Fix uint64_t comparsion in if-clause
s3:lib: Do not segfault if username is NULL
pam_winbind: Return if we do not have a domain
s3:librpc: Make sure kt_curser and kt_entry are initialized
s3:librpc: Fix OM_uint32 comparsion in if-clause
coverity: Add modeling file for Coverity scan
ctdb: Fix posible NULL deref in logging_init()
s3:librpc: Handle gss_min in gse_get_client_auth_token() correctly
docs: Improve the idmap_hash manpage
idmap_hash: Add a deprecation message
s3-libads: Do not leak the msg on error
testprogs: Use smbclient by default in test_kinit_trusts
testprogs: Add kinit_trusts tests with smbclient4
krb5_wrap: Do not return an empty realm from smb_krb5_get_realm_from_hostname()
krb5_wrap: Try to guess the correct realm from the service hostname
krb5_wrap: pass client_realm to smb_krb5_get_realm_from_hostname()
krb5_wrap: Make smb_krb5_get_realm_from_hostname() public
s4:gensec-gssapi: Create a helper function to setup server_principal
s4:gensec_gssapi: Move setup of service_principal to update function
s4:gensec_gssapi: Use smb_krb5_get_realm_from_hostname()
s4:gensec_gssapi: Correctly handle external trusts with MIT
s3:gse: Use smb_krb5_get_realm_from_hostname()
krb5_wrap: Remove obsolete smb_krb5_get_principal_from_service_hostname()
s3:gse: Pass down the gensec_security pointer
s3:gse: Move setup of service_principal to update function
s3:gse: Check if we have a target_princpal set we should use
s3:gse: Correctly handle external trusts with MIT
selftest: Do not plan samba3.base.delaywrite twice
krb5_wrap: Print a warning for an invalid keytab name
s3:libads: Correctly handle the keytab kerberos methods
param: Allow to specify kerberos method on the commandline
testprogs: Test 'net ads join' with a dedicated keytab
krb5_wrap: Fix smb_gss_krb5_import_cred() picky-developer build
s3:vfs_expand_msdfs: Do not open the remote address as a file
testprogs: Correctly expand shell parameters
s3:winbind: Use correct struct member for size calculation
s3:winbind: Remove unused struct getpwent_user
s3:libsmb: Only print error message if kerberos use is forced
s3:libads: Remove obsolete smb_krb5_get_ntstatus_from_init_creds()
nsswtich: Add negative tests for authentication with wbinfo
s3:tests: Add a subsitution test for %D %u %g
selftest: Define template homedir for 'ad_member' env
lib: Add pam_wrapper 1.0.3
python: Add a simple pam_winbind test
s3:tests: Create a test directory for a clean test
wafsamba: Add CHECK_CMOCKA function
third_party: Add cmocka 1.1.1
waf: Only build pam_wrapper if we build with pam
docs: Update idmap_rid manpage
ldb:tests: Build a ldb test for the tdb backend
s4:selftest: Only run auth_log tests with Heimdal
s4:torture: Fix the remote_pac test
testprogs: Add common kinit function
s3-tests: Use common functions in test_smbclient_netbios_aliases.sh
samba_dnsupdate: Do not rewrite krb5.conf in selftest
mit-kdb: Zero the db principal when we allocate it
waf: Require MIT Kerberos 1.15.1 for Samba AD
mit-kdb: Update KDB vtable for DAL version 6
waf: Check for MIT KDC binary
param: Add 'mit kdc command' to change the default.
s4-kdc: Add a MIT Kerberos KDC service
s4-kdc: Add MIT KRB5 based irpc service for PAC validation
s4-kdc: Register the MIT irpc PAC validation service
param: Add 'mit kdc config' option to smb.conf
waf: Do not disable the ntvfs fileserver when we have MIT DC build
selftest: Start MIT KDC if Kerberos is from MIT
selftest: Disable RODC tests with MIT KDC
selftest: Setup configs for MIT KDC
selftest: Set clockskew grace time to 5 seconds
testprogs: Fix test_chgdcpass blackbox test with MIT
testprogs: Fix usage printout of bogus blackbox test
s4-torture: Fix kinit of samba4.blackbox.locktest
testprogs: Add test_kinit_mit.sh test
testprogs: Add a kinit trust test for MIT KDC
testprogs: Add test with exported keytab from samba-tool
waf: Only build KRB5 KDC tests when AD_DC build is enabled
s4-torture: Add KDC test harness and first test
s4-torture: Add TORTURE_KRB5_TEST_PAC_REQUEST test
s4-torture: Add TORTURE_KRB5_TEST_BREAK_PW test
s4-torture: Add TORTURE_KRB5_TEST_CLOCK_SKEW test
s4-torture: Add AES and RC4 enctype checks
s4-kdc: Add MIT Kerberos specific kpasswd code
waf: Search for MIT kadm-server library
s4-kdc: Start the kpasswd service with MIT KDC
testprogs: Add MIT Kerberos specific kpasswd blackbox test
selftest: Skip s4u2proxy tests, no support yet
waf: Create kerberos_implementation.py for provisioning
selftest: Add a variable to indicate that selftest is running
python: Add py_is_heimdal_built() to pyglue
python: Add provisioning support for MIT KDC in samba-tool
waf: Move python build instructions to wscript
s4-torture: Fix reauth tests with smaller clockskew grace time
s4-kdc: Fix logging with the KDB driver
s4-kdc: Implement mit_samba_get_pac()
s4-kdc: Use mit_samba_get_pac() in ks_get_pac()
mit-samba: Remove unused mit_samba_get_pac_data()
s4-pac-glue: Do not add an empty PAC_TYPE_LOGON_NAME with MIT
s4-kdc: Implement mit_samba_reget_pac()
s4-kdc: Use mit_samba_reget_pac() in ks_verify_pac()
mit-samba: Remove obsolete mit_samba_update_pac_data()
mit_samba: Fix principal lookup for cross domain referral
WHATSNEW: Give the 'strict sync' change a header line
WHATSNEW: Add Samba AD with MIT Kerberos
s3:printing: Change to GUID dir if we deal with COPY_FROM_DIRECTORY
smbtorture:spoolss: Rename the copy_from_directory test for 64bit
smbtorture:spoolss: Add a 32bit test for copy_from_directory
samba-tool: Rename Samba4 to Samba AD
s4:tls: Do not use deprecated GnuTLS types
packaging: Remove setup script for SWAT
packaging: Remove LSB packaging
packaging: Remove SWAT references from RHEL-CTDB
packaging: Remove SWAT references from RHEL
packaging: Remove SWAT references from Solaris
testprogs: Add 'net rpc user' test against AD DC
librpc:ndr: Set the length to 1 if we assign and empty string
s3:winbind: Use a talloc stackframe for rpc_query_user_list
ldb-samba: Fix a possible NULL pointer dereference
lib: Update pam_wrapper to 1.0.4
python: Do not use the glue code directly
python: Create the kdc.conf in the Samba private directory
Revert "param: Add 'mit kdc config' option to smb.conf"
s3:smbd: Pass down remote and local address to get_referred_path()
s3:smbd: Set up local and remote address for fake connection
mit_samba: Fix the MIT KDC build with the latest changes
replace: Use the same size as d_name member of struct dirent
waf: Do not trhow a format-truncation error for test/snprintf.c
s4:torture: Fix comparison between pointer and zero character constant
wafsamba: Pass down the install argument for samba modules
unittest: Add testsuite for is_known_pipename()
lib:util: Add new function to load modules from absolute path
lib:util: Rename smb_load_modules()
lib:util: Make probing of modules more secure
lib:util: Make loading of modules more secure
unittest: Add testsuite for smb_probe_module()
libcli:util: Update werror table
libcli:smb: Fix pulling strings from the wire
s3:libsmb: Fix printing the session setup information
s3:tests: Add a test which checks that the smbclient session setup works
WHATSNEW: Add Dynamic RPC port range
Revert "s3:libsmb: Fix printing the session setup information"
Revert "libcli:smb: Fix pulling strings from the wire"
libcli:smb: Add unit test for smb_bytes_pull_str()
libcli:smb2: Gracefully handle not supported for FSCTL_VALIDATE_NEGOTIATE_INFO
selftest: Use 'ad_dc' as the default for testenv
s3:popt_common: Reparse the username in popt_common_credentials_post()
s3:tests: Add test for smbclient -UDOMAIN+username
s3:winbind: Fix 'winbind normalize names' in wb_getpwsid()
s4:torture: Do not segfault in torture_rpc_spoolss_printer_teardown_common()
s3:tests: Do not delete the contets of LOCAL_PATH with tarmode test
s3:param: Allow to add usershare if uid_wrapper is loaded
s3:tests: Add blackbox test for 'net usershare'
selftest: Do *NOT* flush the complete gencache!
s3:tests: Do *NOT* flush the complete gencache!
s3:winbind: Move debug statement into the error handling
nsswitch: Add ad_member tests for wbinfo --domain-info and --dc-info
waf: Do not install _ldb_text.py if we have system libldb
unittests: Do not install the test_dummy rpc module
waf: Only build unit tests with selftest enabled
unittests: Add missing stdint.h include
s3:tests: Fix directory creation and deletion of test_local_symlinks()
s3:tests: Fix directory creation and deletion of test_nosymlinks()
s3:client: The smbspool krb5 wrapper needs negotiate for authentication
s4:kcc: Add a NULL check before qsort()
mit-kdb: Fix NULL pointer check after malloc
WHATSNEW: Update doc for Samba AD with MIT Kerberos
s4:samdb: Fix building Samba with -O3
s3:torture: Fix spoolss test to build with -O3
s3:utils: Fix buffer size for snprintf and format string
heimdal: Fix printing a short int into a string
s3:utils: Do not report an invalid range for AD DC role
s3:libsmb: Print the kinit failed message with DBGLVL_NOTICE
s3:script: Untaint user supplied data in modprinter.pl
s3:libads: Fix changing passwords with Kerberos
blackbox: Add test for 'net ads changetrustpw'
s3:libsmb: Pass domain to remote_password_change()
s3:libsmb: Move prototye of remote_password_change()
s3:utils: Make strings const passed to password_change() in smbpasswd
s3:utils: Pass domain to password_change() in smbpasswd
s3:utils: Make sure we authenticate against our SAM name in smbpasswd
s3:utils: Remove pointless if-clause for remote_machine
s4:torture: Use a different driver name for add_driver tests
s4:torture: Delete printer before we remove the driver
s4:torture: The teardown function should just return
Andrej (1):
Add missing import of sys in ms_schema.py
Andrew Bartlett (538):
selftest: Avoid sorting issues on Ubuntu 10.04 vs 14.04
dsdb: Introduce LDB_SYNTAX_SAMBA_OCTET_STRING
smbd: Only check dev/inode in open_directory, not the full stat()
dsdb/repl: Ensure we use the LOCAL attid value, not the remote one
dsdb: Only re-query dSHeuristics for userPassword support on modifies
libndr: Add ndr_pull_struct_blob_all_noalloc
ldb-samba: Use ndr_pull_struct_blob_all_noalloc
selftest: Print a message when RID allocation fails
selftest: Wait 60 seconds for a RID alloc
dsdb: Clarify rename handling as to which record is being renamed
dsdb: Improve debug messages in operational module
ldb: Fix error string when renaming to an DN that already exists
repl_meta_data: Explain why time(NULL) is good enough here
selftest: Include a few more details in selftest and samba startup.
join.py: Fetch the remote DC NTDS GUID early
pidl: Correct string handling to use talloc and be in common
classicupgrade: Avoid needing to quote CN values in an DN, use dn.set_component()
ldb-samba: Add "secret" as a value to hide in LDIF files
rpc_server/drsuapi: Return the correct 3 objects for DRSUAPI_EXOP_FSMO_RID_ALLOC
getncchanges: Give the correct error when RID_ALLOC fails on an invalid destination_dsa_guid
getncchanges: Use the talloc_stackframe() for tempory memory
getncchanges: Fill in ctr6.linked_attributes with a pointer to a zero-length array
dsdb/subtree_rename: Rename the base before we rename children
repl_meta_data: Do rename before deleted object cleanup
dsdb: Use DRSUAPI_ATTID_isDeleted constant in repl_meta_data
dsdb: Improve syntax clarity
selftest: Mark LDAPNotificationTest.test_max_search flapping
samba-tool domain demote: Fix error handling and error messages
torture: Only walk over objects actually converted in drs.dssync
repl: Do not consider userPassword differences to matter in rpc.dssync
build: Build less of Samba when building --without-ntvfs-fileserver
selftest: Use random OIDs from under the Samba OID arc
dsdb: Remove incorrect RDN attid check in replmd_replPropertyMetaDataCtr1_verify
repl: Allow GetNCChanges DRSUAPI_EXOP_REPL_OBJ to succeed against a deleted object
repl: Pass in the full partition DN to dsdb_replicated_objects_convert()
dsdb: Only search the provided partition for the object GUID
samba-tool domain join: Set drsuapi.DRSUAPI_DRS_GET_ANC during initial repl
selftest: Make replica_sync test pass against Windows 2012R2
dsdb: Allow "cn" to be missing on schema import
repl: Remove duplicated delete of sAMAccountType
selftest: Only mark runtime dbcheck as flapping
dbcheck: Find and fix a missing Deleted Objects container
repl: Retry replication of the schema on WERR_DS_DRA_SCHEMA_MISMATCH
dsdb: Cache our local invocation_id at the start of each request
dsdb: Move operational below repl_meta_data so we can query parentGUID
repl: Enforce that we have parent objects for all replicated objects
dsdb: Clearly fail to replicate objects not NC_HEAD with a all-zero parentGUID
dsdb: Give more errors in operational module when building the parentGUID
repl_meta_data: Fail to replicate over local objects not NC_HEAD with a all-zero parentGUID
repl_meta_data: Give more information on replication rename behaviour
dsdb: Split rename case out of replmd_op_possible_conflict_callback
dsdb: Simplify replmd_op_possible_conflict_callback behaviour
dsdb: Give the objectGUID ahead of LDIF dump of replicated changes
selftest: initial version of new repl_move test
selftest/drs: Show we return the correct 3 objects for DRSUAPI_EXOP_FSMO_RID_ALLOC
repl: Do not report all replication failures at level 0
selftest: Add another test case to replica_sync test
selftest: Assert that name, the RDN attribute and actual RDN are in sync
Remove the try/catch from urgent_replication.py
samldb: Make checks for schema attributes much more strict
selftest: Add tests to show that we can not create duplicate schema entries
selftest: These replication tests are now OK after we fixed all the replication bugs
selftest: Run the krb5.kdc test on a more selective basis
selftest: Do not scan the full DB to confirm a specific DN in dbcheck
dsdb: Add new helper function replmd_replPropertyMetaData1_new_should_be_taken()
dsdb: Use replmd_replPropertyMetaData1_new_should_be_taken in replmd_op_possible_conflict_callback()
dsdb: Use replmd_replPropertyMetaData1_new_should_be_taken in replmd_replicated_handle_rename()
dsdb: Use replmd_replPropertyMetaData1_new_should_be_taken in replmd_replicated_apply_merge()
dsdb: Use replmd_replPropertyMetaData1_new_should_be_taken in replmd_replicated_apply_search_callback()
selftest: Add more tests to cover attribute changes vs DN renames
dsdb: Show initial replicated modify as well as resolved modify in repl_meta_data
dsdb: Fix incorrect sorting of replPropertyMetaData with RDN last
dsdb: Fix rename and RDN handling for replPropertyMetaData
selftest: Assert replPropertyMetaData values before and after replication
selftest: Add a reverse variation to ReplicateMoveObject3
repl: Avoid use-after-free when working with the working_schema
build: Try to work around strict aliasing rules on Ubuntu 10.04
build: Address may be used uninitialized in this function on Ubuntu 10.04
selftest: Rebase DrsBaseTestCase on SambaToolCmdTest
samba-tool: Improve fsmo handling
samba-tool domain join: Refuse to re-join a DC with a still-valid password
s4-samr: Fix samr.QueryUserInfo level 1 primary group
selftest: Expand tokenGroups test to also build nested groups
selftest: Expand tokenGroups test to also compare with samr.GetGroupsForUser
libcli/smb: Fix compiler errors when building with --address-sanitizer
libgpo: Fix compiler errors when building with --address-sanitizer
s3-client: Fix compiler errors when building with --address-sanitizer
s3-libnet: Fix compiler errors when building with --address-sanitizer
s3-vfs/snapper: Fix compiler errors when building with --address-sanitizer
s4-kcc: Fix compiler errors when building with --address-sanitizer
s4-libcli/raw: Fix compiler errors when building with --address-sanitizer
s4-samr: Rework GetGroupsForUser to use memberOf
selftest: Add alias membership to the tokengroups test
selftest: Test that primaryGroupID is first in samr.GetUserGroups() reply
selftest: Check a user with only primaryGroupID is correct in samr.GetUserGroups() reply
samba_dnsupdate: Add a mode that calls samba-tool dns, rather than nsupdate
dns_update_list: Add in NS records
samba_dnsupdate: Allow admin to force a particular IP into samba_dnsupdate
samba_dnsupdate: Simplify logic and add more verbose debugging
samba_dnsupdate: Implement RPC <ZONE> prefix in dns_update_list
samba_dnsupdate: Give the administrator more detail when DNS lookups fail
selftest: Ensure we write 127. addresses into DNS
selftest: Always set up a resolv.conf and use it in samba_dnsupdate
selftest: confirm samba_dnsupdate works in both nsupdate and samba_tool mode
selftest: Add a DNS test matching Windows
selftest: Remove print attribute from getnc_exop test
repl: Avoid excessive stack use and instead sort the links in the heap
selftest: Do not run local.ndr 3 times
lib/ldb-samba: We can confirm a GUID is a GUID by length
selftest: Avoid running local.nss test against ad_dc_ntvfs
selftest: Do not run winbind tests against ad_dc_ntvfs
dsdb: Provide shortcuut for repl_meta_data avoiding search of link targets
dsdb: Fix use-after-free of parent_dn in operational module
dsdb: Only fetch changed attributes in replmd_update_rpmd
librpc: Avoid talloc in GUID_from_data_blob()
ldb: Allow repl_meta_data to override the O(^2) loop checking for duplciates
ldb: Do not allocate the extended DN name
dsdb: Apply linked attribute backlinks as we apply the forward links
dsdb: Avoid talloc() calls in dsdb_get_extended_dn_*()
dsdb: Make less talloc() for parsed_dn.guid
Revert "source4/scripting: add an option to samba_dnsupdate to add ns records."
lib: talloc: Change __talloc_with_prefix() to return a struct talloc_chunk *.
lib: talloc: Change __talloc() to return a struct talloc_chunk *.
lib: talloc: Change _talloc_set_name_const() to _tc_set_name_const()
lib: talloc: Add _vasprintf_tc() which returns the struct talloc_chunk *, not the talloc'ed pointer.
lib: talloc: Rename talloc_set_name_v() to tc_set_name_v(). Make it take a struct talloc_chunk *tc as the first argument.
lib: talloc: Call talloc_chunk_from_ptr() less often in __talloc_with_prefix()
lib: talloc: Rename the internals of _talloc_free_internal() to _tc_free_internal().
lib: talloc: As _tc_free_internal() takes a struct talloc_chunk *, add an extra paranoia check against destructor overwrite.
lib: talloc: As we have a struct talloc_chunk * in _talloc_free_children_internal(), use it to call _tc_free_internal() directly.
lib: talloc: Add check for destructor protection.
ldb: Avoid use-after-free when one error message is printed into another
schema: Make the fetch of the schema version fast
dsdb: Remove use of schema USN in samldb_add_handle_msDS_IntId
dsdb: Remove 120 second delay and USN from schema refresh check
schema: Reorder dsdb_set_schema() to unlink the old schema last
samba-tool: Add success message to samba-tool drs replicate --local
samba-tool: Add --local-online mode to samba-tool drs replicate
selftest: Add more tests for samba-tool drs replicate
Revert "dsdb: Disable tombstone_reanimation module until we isolate what causes flaky tests"
Revert selftest: Add knownfail entry required to disable tombstone_reanimation
pyrpc: Allow control of RPC timeout for IRPC
samba-tool drs replicate: Allow replication call to take as long as required
dsdb: Avoid search on * in replmd_replicated_apply_next()
dsdb: Improve debugging during SD recursion failure
build: Always build eventlog6. This is not a duplicate of eventlog
param: Correct the defaults for "dcerpc endpoint services"
Remove unused and untested source4 ntptr and spoolss systems
repl: Remove check for parentGUID being NULL in dsdb_convert_object_ex()
ldb: Add better debugging to ldb_wait()
samba-tool: Put full command and subcommand in informative name when testing samba-tool
selftest: Make repl_schema more robust by disabling replication before the test
selftest: Make repl_move more robust by disabling replication before the test
selftest: Disable replication before doing forced pre-test replicate
drs: pass the forced-replication flag from DsReplicaSync to GetNCChanges
selftest: Ensure we can call DRSUAPI_EXOP_REPL_OBJ with replication disabled
selftest: Disable all replication during most replication tests
WHATSNEW: Add features added for Samba 4.5
s4:torture/ndr: Add supplementalCredentials blobs from alpha13 and release_4_1_0rc3
s4:torture/ndr: Add supplementalCredentials blob from Win2012R2
torture: Add another sample of a PAC that broke the old PAC_UPN_DNS_INFO handling
s4:torture/ndr: Add supplementalCredentials blob from Samba with the new SambaGPG blob
build: Add hints on what libraries to install for gpgme support on failure
ldb_ldb: Do not re-scan the index list for new DNs
librpc: Add ndr_push_struct_into_fixed_blob() and use it in GUID_to_ndr_blob()
lib/ldb-samba: Use ndr_push_struct_into_fixed_blob() in ldif_handlers.c
lib/ldb-samba: Avoid talloc() in ldif_read_objectSid() by parsing the SID string on the stack
dsdb: Limit potential stack use when parsing extended DNs
torture: Add tests for ndr_push_struct_into_fixed_blob()
ldb: Free empty index lists as talloc_realloc() fails in this case
ldb: Add ldb_unpack_data_only_attr_list_flags()
ldb: Prepare for adding flags to ltdb_search_dn1() to control memory allocation
ldb: Add flags to ltdb_search_dn1() to control memory allocation
ldb: Use ldb_unpack_data_only_attr_list_flags in re_index()
torture/backupkey: Allow WERR_INVALID_ACCESS, WERR_INVALID_PARAM or WERR_INVALID_DATA
selftest: Merge alternate error codes into backupkey from backupkey_heimdal
s4:dsdb/repl: Improve memory handling in replicated schema code
s4:dsdb/schema: Remove unused old schema from memory
s4:dsdb/repl_meta_data: Add more info on which DN we failed to find an attid on
selftest: Move repl_schema test to a distinct OID prefix
dsdb: Allow missing a mandatory attribute from a dbcheck fix
dbcheck: Abandon dbcheck if we get an error during a transaction
docs: Explain that "reset on zero vc" is an SMB1 feature
ldb: Avoid cost of talloc_free() for unmatched messages
ldb: Avoid multiple tiny allocations during full DB scan
selftest: Correct name of samba4.blackbox.dbcheck.release-4-5-0-pre1
pydsdb: Raise TypeError for type errors, rather than incorrectly raising an LdbError
ldb-samba: Add new extended match rule DSDB_MATCH_FOR_EXPUNGE
ldb: Fix comment on ldb_register_extended_match_rule
kcc: Move kcc/kcc_deleted.c into kcc/garbage_collect_tombstones.c
dsdb: Rework kcc_deleted() into dsdb_garbage_collect_tombstones()
dsdb: Rework more KCC service-specific details out of dsdb_garbage_collect_tombstones()
dsdb: move tombstone lifetime calculation out of dsdb_garbage_collect_tombstones()
dsdb: Expand garbage_collect_tombstones to expunge links also
python: Add binding for dsdb_garbage_collect_tombstones()
samba-tool: Add command-line tool to trigger tombstone expunge
dsdb: Expose ldb error string to dsdb_garbage_collect_tombstones() callers
dsdb: Use a date comparison in the search to avoid returning all deleted objects
selftest: Add test for 'samba-tool tombstones expunge'
samba-tool: Run samba-tool domain tombstones expunge in a transaction
dsdb: Add comments to dsdb_garbage_collect_tombstones()
lib/ldb-samba: Add test for DSDB_MATCH_FOR_EXPUNGE match rule
dsdb: Do not check isDeleted as a possible link
samba-tool: Remove --use-xattrs support without --use-ntvfs
dsdb: Avoid ldb_dn_validate() call on trusted input when not required
build: Fix build with perl on debian sid.
dsdb: Add python hooks to allocate a RID set and allocate a RID pool
dbcheck: Correctly initialise keep_transaction in missing_parent test
dsdb: Create RID Set as SYSTEM
dsdb: Rework DSDB code to use WERROR
dsdb: Catch errors in extended operations (like allocating a RID Set)
python: create NTSTATUSError, HRESULTError and WERRORError
pyerrors: Add PyErr_Set{WERROR,HRESULT,NTSTATUS}_and_string()
python: Add DsExtendedError Exception
python-libnet: Use new NTSTATUSError, WERRORError and DsExtendedError exceptions
pycredentials: Add bindings for {get,set}_principal, get_ntlm_username_domain
credentials: Add test for credentials behaviour
python/provision: Remove unused parameter schema
selftest: Add test for link and deleted link behaviour in dbcheck
dbcheck: Be more careful with link checks
dbcheck: Correct message for orphaned backlinks
selftest: Ensure we catch errors from samba-tool domain tombstones expunge
selftest: Rework child process cleanup
selftest: Ensure vampiredc has a full copy of localdc before we start
join.py: Attempt to allocate a RID Set during the join
talloc: add ASCII art to describe parent/child arrangement
talloc: clarify that talloc_magic never includes the bits in TALLOC_FLAG_MASK
talloc: Add tests for talloc_parent() after realloc() of the parent
s4/rpc_server: Show what RPC interfaces are listening on which TCP port
torture: Remove access to LSARPC via \\pipe\netlogon in rpc.netlogon for ManyGetDCName test
pidl: Use a static const initialised struct in dcerpc_server_$name_init(void)
s4-rpc_server: Use a type-safe struct signature in dcerpc_register_ep_server
s4-rpc_server: Use an initialised static const struct in dcerpc_server_remote_init
pidl: Change *_get_pipe_fns() to return const struct api_struct *
pidl: Make static struct api_struct also const
dsdb: specify attributes when loading schema
ldb: Avoid individual memory allocations when searching for indexlist
ldb: Add helper function ldb_schema_attribute_remove_flagged()
ldb: Reduce scope of allocation and de-allocation of @ATTRIBUTES
ldb: Reduce per-attribute memory allocation during @ATTRIBUTES load
ldb: Add helper function ldb_schema_attribute_fill_with_syntax()
ldb: load @ATTRIBUTES faster by sorting once, not at each insertion
ldb: Cope with a->name being *
ldb: Add test for behaviour of rdn_name
ldb: new ldb version 1.1.29
perf: Add simple tests for the open/close a database case
s4-rpc_server: Avoid extern reference to dcesrv_mgmt_interface and memcpy()
pidl: Make dcesrv\_$name\_interface "static const"
selftest: Print the POSIX ACL we got when the posixacl test fails
talloc: Add tests for talloc destructor behaviour after talloc_realloc()
torture: Add credentials downgrade and challenge reuse test to rpc.netlogon
torture: Use DCERPC_SCHANNEL_AUTO in rpc.schannel.schannel2 test
torture/samba3rpc: Use NETLOGON_NEG_AUTH2_ADS_FLAGS
torture: Add new test ServerReqChallengeReuseGlobal to rpc.netlogon
torture: Add ServerReqChallengeReuse to rpc.netlogon
torture: Add ServerReqChallengeReuseGlobal2 to rpc.netlogon
idl: Do not listen for lsarpc on \\pipe\netlogon
s4-rpc_server: Add back support for lsa over \\pipe\\netlogon optionally
selftest: test new "lsa over netlogon" smb.conf option
s4-rpc_server: Add comments explaining the control flow around dcesrv_bind()
s4-rpc_server: Allow each interface to declare if it uses handles
s4-rpc_server: Allow listener for RPC servers to use multiple processes
s4-rpc_server: Do not check association groups for NETLOGON
selftest: Use 'rpc server port:netlogon' and 'rpc server port' smb.conf option
s4-netlogon: Push the netlogon server in the AD DC into multiple processes
s4-rpc_server: Add braces to better follow coding style
dsdb: Parse linked attributes using their DN+Binary or DN+String syntax, if needed
WHATSNEW: Add text for AD DC changes
python/schema: fix tests flapping due to oid collision
param: Remove winbindd privileged socket directory option
selftest: Remove unsued variables WINBINDD_PRIV_PIPE_DIR and wbsockprivdir
build: vfs_posix_eadb is only built with the AD DC enabled
selftest: Do not test for link ordering in tombstones_expunge test
replmd: pass replmd_private down to replmd_add_backlink()
replmd: Add placeholder sorted_links to struct replmd_private
replmd linked attributes: lazy parsing for trusted DNs
replmd linked attrs: fully parse dn for upgrade check
repl_meta_data: linked attributes use DRS sort order
samba_dsdb: Use and maintain compatibleFeatures and requiredFeatures in @SAMBA_DSDB
schema: Set flag into @INDEXLIST to indicate we support feature flags
dsdb: Honour @SAMBA_FEATURES_SUPPORTED flag in @IDXATTR
replmd: check for the sortedLinks feature flag
Switch on the sortedLinks Flag on new databases
messaging_dgm: avoid GCC snprintf warnings in messaging_dgm_out_create
samba-tool: Correct handling of default value for use_ntvfs and use_xattrs
debug: Do not depend on the whole of samba_util.h
lib/util: Remove ntstatus.h and string_wrappers.h include from samba_util.h
dbcheck: Do not regard old one-way-links as errors
repl_meta_data: Bring replmd_check_upgrade_links() into get_parsed_dns_trusted()
repl_meta_data: Always sort the links when upgrading them
repl_meta_data: Add comment with some future improvements
repl_meta_data: Remove the correct forward link for dn+binary attributes
gen_ntstatus.py: Add prototype to generated py_ntstatus.c
join.py: Correctly print an error in DsAddEntry when .info is None
python: Move dnsserver helper functions into samba.dnsserver
python: Move partial replication logic into drs_utils.py
samba-tool drs replicate: Add --single-object
repl_meta_data: Clarify that replmd_private->la_list is only for DRS for replication
repl_meta_data: Remove handling of backlinks from replmd_prepare_commit()
talloc: use the system pytalloc-util for python3 as well
lib/ldb: Enable use of a python3 pyldb-util system library
buildtools: Work around a . being in the target name when building python3 helpers
python: Remove unused import PY3
autobuild: Add nopython environment to test --disable-python builds (but without tests)
auth: Add SID_NT_NTLM_AUTHENTICATION / S-1-5-64-10 to the token during NTLM auth
heimdal: Add initializer for stack pointers
selftest: Add more RODC tests to avoid regressions here
selftest: Add more tests for "samba-tool processes"
samba-tool: Ensure that samba-tool processes --name=not-existing does not error
pymessaging: Add support for irpc_add_name
pymessaging: Add irpc_remove_name
selftest: Test server_id database add and removal
pymessaging: Add a hook to run the event loop, make callbacks practical
messaging.idl: Register a message type for authentication log messages
messaging: Declare well known server name auth_events as AUTH_EVENT_NAME in IDL
python: Provide Python bindings for messaging.idl
pysmb: Extend py_smb_new to allow use_ntlmv2 and use_spnego to be set by callers
auth_log: Add tests by listening for JSON messages over the message bus
s4-smbd: Remember the original client and server IPs from the SMB connection
s4-netlogon: Remember many more details in the auth_usersupplied info for future logs
gensec: Add gensec_{get,set}_target_service_description()
gensec: Pass service_description into auth_usersuppliedinfo during NTLMSSP
s3-auth: Pass service_description into gensec via auth_generic_prepare()
ntlm_auth: Set ntlm_auth as the service_description into gensec
auth: Fill in user_info->service_description from all callers
s4-ldap_server: Split gensec setup into a helper function
s4-ldap_server: Set remote and local address values into GENSEC
s4-ldap_server: Do not set conn->session_info to NULL, keep valid at all times
auth: Add a reminder about the strings currently used for auditing
ldap_server: Move code into authenticate_ldap_simple_bind()
auth: Add "auth_description" to allow logs to distinguish simple bind (etc)
winbindd: Clarify that we do not pre-hash the password for rpccli_netlogon_password_logon()
s4-rpc_server: Correct comment about where the current iface can be found
s3-auth: Split out get_user_sid_info3_and_extra() from create_local_nt_token_from_info3()
debug: Add debug class for auth_audit
s3-auth: Clarify the role and purpose of the auth_serversupplied_info->security_token
auth: Always supply both the remote and local address to the auth subsystem
auth: Add logging of service authorization
dns: Provide local and remote socket address to GENSEC
auth_log: Expand to include the type of password used (eg ntlmv2)
auth_log: Also log the final type of authentication (ntlmssp,krb5)
s3-auth: Log SMB authorization for bare NTLM (NTLMSSP/krb5 already done)
s4-auth: Log SMB authorization for bare NTLM (NTLMSSP/krb5 already done)
ldap_server: Log authorization for simple binds
s4-rpc_server: Log authorization to DCE/RPC for anonymous and ncacn_np pass-though
s3-rpc_server: Log authorization to DCE/RPC for anonymous and ncacn_np pass-though
auth_log: Split up auth/authz logging levels and handle anonymous better
ldap_server: Log access without a bind
auth: Log the transport connection for the authorization
s4-messaging: split up messaging into a smaller library for send only
auth_log: Prepared to allow logging JSON events to a server over the message bus
auth_log: Improve comment
auth: Add hooks for notification of authentication events over the message bus
selftest: Turn on auth event notification and so allow tests to pass
s3-rpc_server: pass remote and local address to rpc_pipe_open_external
s3-rpc_server: Re-order and rename remote and local address in make_external_rpc_pipe{,_p}()
s3-rpc_server: Provide hooks required for JSON message logging for the no-auth case
heimdal: Pass extra information to hdb_auth_status() to log success and failures
samr: Add logging of password change success and failure
dsdb: Add authentication audit logging for LDAP password change
pycredentials: Add bindings for get_ntlm_response()
python: Add bindings for NTLMSSP
WHATSNEW: Add entry for auth audit
autobuild: Do not require cmocka to be installed for samba-libs to build
selftest: Do not enable inbound replication during replica_sync
process_standard: clean up messaging for children after exit()
s4-messaging: Add helpful comments
tdb: Improve debugging when the allrecord lock fails to upgrade
tdb: Improve debugging in _tdb_transaction_start
ldb: Add some tests to clarify the current iterator behaviour
ldb: Add test for transaction deadlock detected when waiting for a search
ldb: Do not use mktemp() nor leak files into /tmp during api.py test
selftest: Actually run python3 tests during the selftest
tdb: Improve debugging when the allrecord lock fails to upgrade
ldb_tdb: Provide better debugging on prepare_commit failures
ldb_tdb: Provide better debugging on end_trans failures
ldb_tdb: Call talloc_free(options_dn) as soon as we are done with options_dn
dsdb: Take out the transaction and prepare_commit locks in the same order
dsdb: Do not write the @INDEXLIST or @ATTRIBUTES records during schema refresh
dsdb: Do not search the sam.ldb file when trying to search all partitions
pynet: Add a hook to decrypt one attribute
ldb_tdb: Split index load out into a sub-funciton: ltdb_index_load
ldb_tdb: change the arguments to ldb_is_indexed() to provide the ltdb_private
ldb_tdb: consistently use ltdb->cache->attribute_indexes to determine if we have indexes
ldb: Allow a caller (in particular Samba) to handle the list of attributes with an index
ldb_tdb: Avoid reading the index list from the DB if we are already set to override it
ldb: Move test_ldb_attrs_case_insensitive closer to setup/teardown functions
ldb: Add tests for the schema and index override hooks
ldb: Add ldb_build_req_common() helper function
ldb: Add ldb_handle_get_event_context()
ldb: Add ldb_set_require_private_event_context()
ldb: Create private event contexts in top level requests, chain to children
ldb: Force use of a private event context in ldb_tdb
ldb: Use the private event context in ldb_tdb and ldb_wait()
ldb: Add ldb_handle_use_global_event_context()
ldb: Add tests for new ldb handle and event context behaviour
ldb: Add test for ldb_build_search_req()
ldb: Add Doxygen comments for ldb_req_*trusted() functions
ldb: Add Doxygen docs for ldb_schema_attribute_set_override_handler
ldb: Add Doxygen docs for ldb_schema_set_override_indexlist()
ldb: Add Doxygen docs for ldb_handle_get_event_context()
ldb: Add Doxygen docs for ldb_set_require_private_event_context()
ldb: Add Doxygen documentation for ldb_handle_use_global_event_context()
ldb: Version 1.1.30
schema: Use ldb_schema_set_override_indexlist for faster index selection
dsdb: Use ldb_handle_use_global_event_context for rootdse modifies
dsdb: Improve error messages when dsdb_set_schema_from_ldif() fails
samba_dnsupdate: Ensure we only force "server" under resolv_wrapper
pydns: Fix leak of talloc_stackframe() in python bindings
pydns: Also return the DN of the LDB object when finding a DNS record
python: Allow sd_utils to take a Dn object, not just a string DN
pydsdb_dns: Use TypeError not LdbError for mismatched types
pydsdb_dns: Allow the partition DN to be specified into py_dsdb_dns_lookup
join.py: Do not expose the old machine password over NTLM if -k yes was set
samba_dnsupdate: Make nsupdate use the server given by the SOA record
samba_dnsupate: Try to get ticket to the SOA, not the NS servers
selftest: confirm we clobber the MNAME in the SOA query in the DNS server
selftest: run dns tests in multiple envs
dns_server: clobber MNAME in the SOA
samba_dnsupdate: Extend possible server list to all NS servers for the zone
samba_dnsupdate: fix "samba-tool" fallback error handling
selftest: move make_txt_record() onto self in samba.tests.dns
selftest: merge DNSTest boilerplate
selftest: Create new common base class for dns.py and dns_tkey.py
selftest: Use TestCaseInTempDir as base class in dns tests
provision: Move default handler for site=None down into dc_join object creation
provision: Allow removing an existing account when force=True is set
selftest: Test join.py and confirm that the DNS record is created
selftest: Add test confirming join-created DNS entries can be modified as the DC
join.py Add DNS records at domain join time
dsdb: Provide proper errors when dsdb_schema_set_indices_and_attributes fails
ldb_tdb: Check for memory allocation failure in ltdb_index_transaction_start()
ldb_tdb: Remove the idxptr DB before we re-index
ldb_tdb: Improve logging on unique index violation
dsdb: Correctly call ldb_module_done in dsdb_notification
ldb: Rename module -> next_module for clarity
selftest: Add a test for @ATTRIBUTES and @INDEXLIST generation
selftest: Add pygensec tests for GSS-SPNEGO and Win2000 emulated SPNEGO
selftest: Add test for gss_krb5/ntlmssp -> SPNEGO
selftest: Pass the dcerpc binding object to self.waitForMessages in auth_log
dsdb: Ensure replication of renames works in schema partition
dsdb: Improve debug messages
dsdb: Cache the result of checking the parent ACL
dsdb: Remember the last ACL we read during a search and what it expanded to
selftest: Correctly print message when nbt is not up in 20 seconds
selftest: Also wait for winbindd to start
selftest: Fix failure message in dsdb_schema_info
selftest: confirm that two attributes are also correctly set in the @ records
dsdb: Do not run dsdb_replace() on the calculated difference between old and new schema
dsdb: Do not prevent searches for @ATTRIBUTES because the DB is not set up yet
dsdb: Add comment explaining requirements on DSDB_EXTENDED_SCHEMA_UPDATE_NOW_OID
dsdb: Rework schema_init module to always use valid memory
smbtorture: Add more tests around NETLOGON challenge reuse
s4-netlogon: Provide logs for machine account success and failures
s4-netlogon: Escape user-supplied computer name in Bad credentials log line
debug: new debug class for kerberos
selftest: Allow selftest.pl to run just some environments
autobuild: Use new selftest.pl feature to run only some environments
travis-ci: Also build samba-systemkrb5
dsdb: Add a dummy module to replace show_deleted
drsuapi: Improve debugging in DsAddEntry()
tdb: Remove locking from tdb_traverse_read()
tdb: Improve documentation for tdb_transaction_start()
tdb: Add new function tdb_transaction_active()
ldb_pack: use ldb_dn_from_ldb_val() and avoid a duplicate strlen() call
ldb:tests: don't assert the results before doing the final search finished
ldb:tests: Show that writes do not appear during an ldb_search()
ldb:tests: Add test encoding current locking behaviour during ldb_search()
ldb: Add read_lock and read_unlock to ldb_module_ops
ldb_tdb: Implement read_lock and read_unlock module operations
ldb: Lock the whole backend database for the duration of a search
ldb:tests: Correct comment about version numbers
ldb:tests: Add test to show that locks are released on TALLOC_FREE(req)
ldb:tests: Extend api.py testsuite to show transaction contents can not be seen outside the transaction
ldb:tests: Extend api.py testsuite to show transaction_commit() blocks against the whole-db read lock
dsdb: Add test showing a search can't start while a transaction is already repared
dsdb: Add test showing a search can't start while a transaction is already repared in a backend partition
dsdb: Add new test adding a record to the top level sam.ldb file
dsdb: Add tests showing that the CN=CONFIGURATION partition is also locked
dsdb: Teach the Samba partition module how to lock all the DB backends
dsdb: Improve debugging on start transacton failure
ldap: Run the LDAP server with the default (typically standard) process model
WHATSNEW: Add an entry for the LDB whole DB locking issue
WHATSNEW: Add entry for Multi-process LDAP Server
selftest: Use tree_delete control in idmap_rfc2307 test
selftest: Bind rfc2307 tests to exactly one server
selftest: Prime the netlogon cache during test_idmap_rfc2307
dns_server: Only install common library if AD DC is enabled.
auth: Disable SChannel authentication if we are not a DC
s3-rpc_server: Disable the NETLOGON server by default
selftest: Add test for support for MSCHAPv2 and NTLMv1 on a server
auth: Allow NTLMv1 if MSV1_0_ALLOW_MSVCHAPV2 is given and re-factor 'ntlm auth ='
selftest: Use new ntlmv2-only and mschapv2-and-ntlmv2-only options
param: Disable LanMan authentication unless NTLMv1 is also enabled
param: Add new "disabled" value to "ntlm auth" to disable NTLM totally
samr: Disable NTLM-based password changes on the server if NTLM is disabled
WHATSNEW: Add docs for ntlm auth changes
WHATSNEW: Fix typo
s4-rpc_server: ensure we get a new endpoint for netlogon
s4-rpc_server: Improve debug of new endpoints
s4-netlogon: Extend ServerAuthenticate3 logging to split up username forms
s4-netlogon: Use log_escape to protect against un-validated strings
selftest: Use NETLOGON_NEG_STRONG_KEYS constant in AuthLogTestsNetLogonBadCreds
selftest: Make --include-env and --exclude-env use the base env name
s4-cldap/netlogon: Match Windows 2012R2 and return NETLOGON_NT_VERSION_5 when version unspecified
dsdb: Fix dsdb_next_callback to correctly use ldb_module_done() etc
dsdb: Do not force a re-index of sam.ldb on upgrade to 4.7
smb.conf: Explain that "ntlm auth" is a per-passdb setting
s4/lib/tls: Use SHA256 to sign the TLS certificates
s4-drsuapi: Avoid segfault when replicating as a non-admin with GUID_DRS_GET_CHANGES
WHATSNEW: fix spelling
WHATSNEW: explain that we may use much more RAM and SWAP with multi-process LDAP
WHATSNEW: warn against using the RODC on older Samba versions
WHATSNEW: We generate SHA265 certificates now
ldb: Add LDB_UNPACK_DATA_FLAG_NO_ATTRS
ldb_tdb: Rework ltdb_modify_internal() to use ltdb_search_dn1() internally
ldb: Fix tests to call the parent tearDown(), not setUp in tearDown
ldb: Add tests for indexed and unindexed search expressions
ldb_tdb: Use memcmp() to compare TDB keys in re_index()
ldb_tdb: Do not trigger the unique index check during a re-index, use another pass
ldb_tdb: Create a common ltdb_key_is_record() allowing multiple key forms
ldb_tdb: Use memcmp rather than strncmp() in ltdb_key_is_record(), re_key() and re_index()
ldb_tdb: Check for errors during tdb operations in ltdb_reindex()
ldb_tdb: Check for talloc_strdup() failure in ltdb_index_add1()
ldb_tdb: Use braces in ltdb_dn_list_find_val()
ldb_tdb: Refuse to re-index very old database with no DN in the record
ldb: Add new ldb_ldif_message_redacted_string() with tests
ldb: version 1.2.2
repl_meta_data: Use ldb_ldif_message_redacted_string() to avoid printing secrets in logs
linked_attributes: Use ldb_ldif_message_redacted_string() for consistency
repl_meta_data: Re-work printing of replicated entries
debug: Add new debug class "drs_repl" for DRS replication processing
drs repl: Only print raw DRS replication traffic at level 9
dsdb: Add missing \n to debug
libcli/security: Move debug message to DBG_DEBUG()
librpc/dceprc_util.c: Move debug message to DBG_DEBUG()
python: Allow debug classes to be specified on the command line for python tools
schema: Rework dsdb_schema_set_indices_and_attributes() db operations
Anoop C S (13):
packaging: Remove ulimit usage for setting core file size limit
packaging: Set default limit for core file size in init scripts
packaging: Set default limit for core file size in service files
Fix a typo in smb.conf man page
krb5_wrap: Remove extra parentheses causing compile error
vfs_glusterfs: Fix a memory leak in connect path
s3/dump_core: Honour pipe symbol (|) in system-wide core_pattern under linux
lib/util: Fix input arguments description for dbghdrclass() routine
lib/util: Fix indentation within routine description for dbghdrclass
docs-xml: Remove duplicate listing of configfile option in man pages
s3/smb2_read: Better fallback for incorrectly configured sendfile setups
wscript: Fix some typos
source3/client: Fix typo in help message displayed by default
Anubhav Rakshit (1):
torture:smb2: Add test replay6 to verify Error Codes for DurableHandleReqV2 replay
Arvid Requate (2):
s4:torture/ldap: Test netlogon without NtVer
s4-dsdb/netlogon: allow missing ntver in cldap ping
Aurelien Aptel (36):
s3/utils/regedit.c: typo
s4/auth/ntlm/auth_unix.c: add parens
s4/client/cifsdd.c: typo
s4/heimdal/lib/gssapi/mech/gss_compare_name.c: typo
s4/heimdal/lib/krb5/pac.c: typo
examples/perfcounter/perf_writer.c: fix memset
s3/client/clitar.c: NULL-check correct variable
s3/client/clitar.c: always close fd
pidl/ws: Fix Dead Store (Dead assignement/Dead increment) warning found by Clang
pidl/ws: fix -Wmissing-prototype
pidl/ws: enhance dissector
pidl/ws: Fix Dead Store (Dead assignement/Dead increment) warning found by Clang
pidl/ws: fix indent (use 4 tabs) and remove trailing whitespace
pidl/ws: fix Assigned value is garbage or undefined found by Clang Analyzer
pidl/ws: Remove #pragma warning (MSVC)
pidl/ws: Eliminate e_uuid_t in favor of e_guid_t
pidl: use https urls and update dead msdn link
pidl/ws: avoid trailing tabs
pidl/ws: remove any starting _ in WS field names
pidl/ws: Remove pinfo->private_data from DCERPC dissectors.
pidl/ws: dereference pointers when passing name param.
pidl/ws: Add HEADER START/HEADER END in ws dissector
pidl/ws: whitespace cleanup
pidl/ws: Document CODE_START and HEADER_START
pidl/ws: directly use `di` param instead of casting `private_data` member.
pidl/s4/python: typo in comment
pidl/ws: fix failing tests
pidl/ws: fix missing $name when generating MAPI dissector
s3/winbindd: use == -1 instead of < 0 for error checking uid_t
s3/winbindd: fix invalid free
auth: fix mem leak & use appropriate free function
s3/smbd: allow GET_DFS_REFERRAL fsctl on any smb2 connexion
s3:smbd: exit early if srv_send_smb fails
vfs: add parameter to copy chunk VFS function to handle dup_extents
smbd/smb2_ioctl: add support for FSCTL_DUPLICATE_EXTENTS_TO_FILE
vfs_btrfs: report FILE_SUPPORTS_BLOCK_REFCOUNTING capability
Bernhard M. Wiedemann (1):
s3: drop build_env
Bernhard M. Wiedemann via samba-technical (1):
docs-xml: Sort input file list
Björn Baumbach (5):
idmap_script: add missing "IDTOSID" argument to the script command line.
s3-printing: fix migrate printer code (bug 8618)
tdb/tools: add documentation for the tdbbackup -n option
waf:lib/replace: Fix building with older GCC versions
build: fix build of vfs_posix_eadb module
Björn Jacke (13):
testsuit/manage-ca.sh: specify key size in CSRs
docs-xml: change http://samba.org to https://www.samba.org
man pages: change http://samba.org to https://www.samba.org
ad/provision: change http://samba.org to https://www.samba.org
replace: make sure we have a SCOPE_DELIMITER define
util: use SCOPE_DELIMITER for the IPv6 scope delimiter
pam: map more NT password errors to PAM errors
pam: strip trailing whitespaces in pam_winbind.c
pam_winbind: Fix compiler warnings
WHATSNEW: fix typo
vfs_fruit: fix a typo
replace: fix some trailing whitespaces
vfs_default: unlock the right file in copy chunk
Bob Campbell (61):
samba_dnsupdate: do not interpret failure count as unix error code
samba_spnupdate: do not interpret failure count as unix error code
tdb: avoid many fcntl calls when incrementing seqnum
selftest: add check password script test
check_password_script: Add a DEBUG message for timeouts
password_hash: Make an error message clearer
provision_fill: move most db accesses into transactions
provision_fill: move GPO into transaction
provision: Ignore duplicate attid and governsID check
getncchanges: Fix some whitespace
tests/getnc_exop: Ensure we do the fallback if not given a PAS
tests/getnc_exop: Ensure that attribute list sorting is correct
dsdb: refactor part of garbage_collect_tombstones into new function
copyright: Add the missing notices for garbage collect tombstones
tests/getnc_exop: Improve the ridalloc test by performing an alloc against a new master
python/netcmd: print traceback through self.errf
python/tests: add tests for samba-tool dns
python/tests: expand tests for dns server over rpc
samba-tool/dns: reword error messages and make error catching specific
samba-tool/dns: remove use of dns_record_match from add and delete
dnsserver: add dns name checking
python/tests: expand samba-tool dns tests
dnsserver_common: Add name check in name2dn
torture/drs: move ExopBaseTest into DrsBaseTest and extend
torture/drs: test link replication with hwm and utdv
torture/drs: expand test for DRSUAPI_DRS_GET_ANC
torture/ntlm_auth: do not assume a line is less than 2047 bytes
samldb: Allow automatic generation of linkIDs and prevent duplicates
torture/drs: generate linkID for test rather than specifying
python/tests: add test for generated and duplicate linkIDs
selftest: add vampire_2000_dc environment
torture/drs: run repl_schema in vampire_2000_dc environment as well
torture/drs: Add a test for dn+binary linked attributes
samldb: Allow automatic generation of mAPIIDs
python/tests: Add test for generated and duplicate mAPIIDs
errors: fix "generate python error codes for NTSTATUS"
errors/gen_ntstatus: generate error codes in specified files
errors/gen_ntstatus: add error table for generation script
errors: add gen_ntstatus.py to build system
python: Add python module with NTSTATUS constants
samba-tool/domain: change incorrect NT_STATUS to WERR
samba-tool/domain: use generated ntstatus rather than from local file
samba-tool/domain: catch NTSTATUSError rather than RuntimeError
errors: pull out code into common file
errors: generate error codes for WERROR
errors: add table to generate WERRORs from
errors: add WERROR generation to build system
python: Use generated WERROR definitions
drs_utils: return number of replicated objects and links in replicate()
drs_utils: use a given highwatermark and uptodateness_vector in replicate()
pydsdb: Add python binding for dsdb_load_udv_v2
samba-tool/drs: do partial replication when --local is given by default
python/tests: move samba_tool_drs test to proper place
python/tests: improve samba-tool replicate --local test
python/tests: Add repl_rodc test
drsblobs: Add decode for replPropertyMetaData1
getncchanges: Do not filter secrets by PAS in EXOP_REPL_SECRET
selftest: Do not force run of kcc at start of selftest
python/tests: add python test for cracknames
samdb/cracknames: do not show recycled when a guid is desired
samdb/cracknames: support user and service principal as desired format
Bryan Mason (1):
Modify smbspool_krb5_wrapper to just fall through to smbspool if AUTH_INFO_REQUIRED is not set or is not "negotiate".
Chris Davis (2):
s4-registry: implement set value and delete value for RPC
s4-registry: properly initialize registry key to be added via RPC
Chris Lamb (42):
Correct "doesnt" typos.
Correct "emty" typo.
Correct "progess" typo.
Correct "recived" typo.
Correct "supressed" typo.
Correct "occured" typos.
Correct "overriden" typos.
Correct "paramter" typos.
Correct "acheive" typos.
Correct "Controler" typos.
Correct "extention" typos.
Correct "enought" typo.
Correct "successfuly" typos.
Correct "errror" typos.
Correct "coult" typo.
Correct "perfom" typos.
Correct "descriptior" typos.
Correct "formated" typos.
Correct "existence" typos.
Correct "follwing" typos.
Correct "seperate" typos.
Correct "notifiying" typos.
Correct "specifiy" typos.
Correct "defered" typos.
Correct "somthing" typos.
Correct "cleint" typos.
Correct "intialise" typos.
Correct "relase" typos.
Correct "encyption" typos.
Correct "explicity" typos.
Correct "paramaters" typos.
Correct "allignment" typos.
Correct "unavaible" typos.
Correct "updateing" typos.
Correct "hexidecimal" typos.
Correct "succeded" typos.
Correct "initialze" typos.
Correct "incluing" typos.
Correct "heirarchy" typos.
Correct "allready" typos.
Correct "Openened" typos.
Correct "ommited" typos.
Christian Ambach (20):
s3:smbd/service disable case-sensitivity for SMB2/3 connections
s3:smbd/service apply some code formatting
s3:smbd/filename remove smelly code
selftest: test for case insensitivity over SMB2/SMB3
s3:smbd remove todo comments
s3:libsmb/clifile use correct value for MaxParameterCount for setting EAs
s3:rpcclient make --pw-nt-hash option work
s3:selftest add a test for rpcclient --pw-nt-hash option
s3:rpcclient add -m option
s3:modules/vfs_snapper squelch -O3 compile warning
s4:repl_meta_data: squelch compile warning with -O3
s3:libsmb fix a typo
s4:param add log_level function to retrieve log level in Python code
tests/param add a test for LoadParm.log_level
python/drs_utils: do not attempt to parse log level, use parsed value
python/join: do not attempt to parse log level, use parsed value
s4:samba_spnupdate: do not attempt to parse log level, use parsed value
waf: Improve log errors for MIT build
s3:winbindd:idmap_autorid remove a stray comment
s3:smbcacls add prompt for password
Christof Schmitt (43):
gpfswrap: Add wrapper for gpfs_set_winattrs
vfs_gpfs: Implement new dos_attributes vfs functions
vfs_gpfs: Remove xattr functions
vfs: Add helper to check for missing VFS functions
vfs_full_audit: Assert that all VFS functions are implemented
vfs_time_audit: Assert that all VFS functions are implemented
selftest: Load time_audit and full_audit
winbindd: Remove unused prototypes for winbindd_group.c
gensec: Change log level of message when no PAC is found
smbcacls: Do not read old ACL for 'set' operation
ctdb/ltdbtool: Fix static declarations
gensec: Change log level for message when obtaining PAC from gss_get_name_attribute failed
selftest: Disable full audit logging in selftest
smbtorture: Add smb2.maxfid
selftest: Add tunable for smb2.maxfid limit
smbtorture: Correctly initialize notify request in smb2.notify.tree
smbd: Allow passing notify filter from inotify and fam
notify_inotify: Move mapping table to top of file
notify_inotify: Map inotify mask back to filter
vfs_gpfs: Retry getacl with DAC capability if necessary
smbd: Fix snapshot query on shares with DFS enabled
docs: Clarify description for cache, lock and state directory settings
winbindd: Introduce helper function for winbindd_cache.tdb directory
smbd: Adjust debug level of "No protocol supported" message
winbindd: Remove unused enum ent_type
nfs4acl: Fix owner mapping with ID_TYPE_BOTH
idmap_ad: Fix retrieving credentials from clustered secrets.tdb
winbind: Fix passing idmap failure from wb_sids2xids back to callers
winbindd: Make functions in cache_methods non-static
winbindd: Replace calls to domain->methods
winbindd: Remove now unused domain->methods
winbindd: Remove now unused cache_methods
winbindd: Fix password policy for pam authentication
testprogs: Ignore escape characters when printing test name
ctdb: Print key as hex string instead of just the hash in hot record message
net: Add net tdb command to print information from tdb records
docs-xml: Document net tdb command
selftest: Make lockdir available in test environment
selftest: Add test for 'net tdb' command
WHATSNEW: Add new 'net tdb locking' command
vfs_gpfs: Fix compile error in gpfsacl_sys_acl_set_fd
vfs_default: Fix passing of errno from async calls
vfs_streams_xattr: Fix segfault when running with log level 10
Clive Ferreira (5):
objectclass_attrs: correctly indent a comment
typo: supprise -> surprise
objectclass_attrs: Only abort on a missing attribute when an attribute is both MUST and replicated
dbcheck: confirm RID Set presence and consistency
KCC: unconnected graph test
Cody Harrington (1):
ndrdump: Add the option --hex-input for hexdump parsing
Daniel Kobras (1):
s3: smbd: fix regression with non-wide symlinks to directories over SMB3.
David Disseldorp (32):
printing: use housekeeping period that matches cache time
printing: handle "printcap cache time" change on HUP
torture/ioctl: make sparse file support check generic
idl/ioctl: fix DUPLICATE_EXTENTS_TO_FILE fid field
libcli: add FILE_SUPPORTS_BLOCK_REFCOUNTING
torture/ioctl: add FSCTL_DUP_EXTENTS_TO_FILE tests
torture/smb2/ioctl: don't check for untruncated dest failure
torture/ioctl: switch sparse src/dest dup ext behaviour
smbd/ioctl: match WS2016 ReFS get compression behaviour
torture/ioctl: test compression responses when unsupported
libsmb: fix leak in opendir error path
ctdb-build: move ctdb_etcd_lock to utils/etcd
ctdb-build: configure time switch for etcd support
ctdb: cluster mutex helper using Ceph RADOS
ctdb/doc: man page for Ceph RADOS cluster mutex helper
ctdb: add test script for ctdb_mutex_ceph_rados_helper
torture/ioctl: test set_compression(format_none)
smbd/ioctl: match WS2016 ReFS set compression behaviour
vfs_ceph: cleanup mount handle on failure
vfs_ceph: replace deprecated ceph_shutdown() call
vfs_ceph: add user_id smb.conf parameter
docs/vfs_ceph: document user_id parameter
packaging: Remove Mandrake
torture/ioctl: fix dup_extents destination truncate
torture/ioctl: expect dup_extents(dest=compressed) to pass
smbd/smb2_ioctl: check for for overlap of dup extent ranges
smbd/smb2_ioctl: check sparseness for dup extents
smbd/smb2_ioctl: validate dup_extent request lengths
vfs: add VFS_COPY_CHUNK_FL_IGNORE_LOCKS for dup extents
smbd/smb2_ioctl: instruct VFS to ignore locks for dup extents
selftest: enable alternate streams for fs_specific share
vfs_ceph: fix cephwrap_chdir()
David Disseldorp via samba-technical (2):
smbd/smb2_ioctl: check for NULL dst_fsp before use
tests/fake_snap: sanitize paths
David Mulder (2):
auth/gensec: Remove unneeded cli_credentials_set_conf() call
s3:winbindd: document "winbind:ignore domains"
David Mulder via samba-technical (1):
messaging: fix net command failure due to unhandled return code
Dirk Godau (2):
drsuapi tests for DsBind with w2k8
Extend DsBind and DsGetDomainControllerInfo to work with w2k8.
Doug Nazar (1):
s3: smbd: inotify_map_mask_to_filter incorrectly indexes an array.
Douglas Bagnall (174):
util/binsearch: macro for greater than or equal search
util/tests: add test for BINARY_ARRAY_SEARCH_V macro
ldb paged_results: quieten a warning.
ldb controls: better error string for VLV control
ldap VLV: memdup, not strdup VLV context_id
vlv: better syntax for parsing greater than or equal strings
ASN1: use a talloc context in read_contextSimple
ldb controls: use uint8_t* for contextID binary blob
asn1: make readContextSimple() add a NUL byte
ldb_controls: add base64 option to VLV
Add python server sort tests
ldb sort: allow sorting on attributes not returned in search
torture_ldap_sort: avoid segfault
configure: set HAVE___ATTRIBUTE__ for heimdal
ldb client controls: avoid talloc_memdup(x, y, (size_t)-1);
ndr: avoid unnecessary searches of token list
librpc ndr: add ndr_pull_steal_switch_value()
ndr: Use ndr_steal to avoid long lists
ndr: inline search for ndr_token_peek()
ndrdump: add quiet flag
Implement Virtual List View (VLV)
ldb controls: don't ignore memory allocation failure
ldb sort tests: point out a known fails against Windows
dsdb sort test: avoid exception with fewer elements
dsdb python tests: fix several usage strings
ldb client controls: don't ignore failed memdup
ldb controls: allow paged_search to use a cookie
ldb_controls: avoid unnecessary unchecked talloc_asprintf()s
util/attr.h: use HAVE___ATTRIBUTE__, not __GNUC__ comparisons
libreplace: use HAVE___ATTRIBUTE__ instead of __GNUC__
tevent.h: use HAVE___ATTRIBUTE__ instead of __GNUC__
s3/modules/getdate: use HAVE___ATTRIBUTE__ instead of __GNUC__
mdssvc/sparql_parser.c: use HAVE___ATTRIBUTE__ instead of __GNUC__
s4/lib/wmi_wrap: use HAVE___ATTRIBUTE__ instead of __GNUC__
third_party/zlib/zlib.h: use HAVE___ATTRIBUTE__ instead of __GNUC__
VLV: avoid name conflict with string.h's index()
VLV: initialise struct using names for clarity
VLV: handle empty results correctly
VLV: test using restrictive expressions
.gitignore: don;t accidentally ignore some files
Fix formatting issue on 32bit with _FILE_OFFSET_BITS == 64
python/join.py: Avoid unchecked print in error path
source4/param/pyparam.c: fix strange indentation
dsdb/common/util: remove some unnecessary str_list_length()s
dsdb/common/util: be careful about zero length string lists
dsdb schema_query: reduce calls to str_list_length
source4/registry/local: avoid str_list_length() to check first element
pytalloc: avoid double 0x0x in repr strings
Python pidl: avoid segfault with "del obj->attr"
tests/dcerpc/array.py: test deletion of arrays
selftest: Enable samba.tests.dcerpc.array test
tests/dcerpc: add tests for string allocation and deletion
gitignore: ignore library bin directories
python/tests/dns_forwarder: fix for python 2.6
Remove unused stf directory
s4/dsdb/repl_meta_data: use local bool version of flag
replmd_modify_delete: check talloc_new()
repl_meta_data: free context on error in replmd_modify_la_delete()
dsdb: add vanish links control
dsdb tests: add linked attribute tests
drs tests: querying linked attribute over DRS
dbcheck: cache linkIDs and reverse attribute names
dbcheck: check for linked atributes that should not exist
s4/selftest/provisions/dump.sh: dump to target dir if supplied
blackbox/dbcheck-oldrelease: more accurate temp filename
dbcheck linked attribute tests: save environment with bad links
VLV tests: reduce test duplication hence elapsed time
VLV tests: comment typo
VLV: fix handling with show_deleted and similar controls
VLV tests: add tests with show_deleted control
VLV tests: remove vestigial pdb stub
ldb_tdb index: fix whitespace
KCC: Fix misnamed variable in DSA object
Remove hopelessly out of date Roadmap
vlv tests: remove uninteresting debug message
netcmd/domain: improve error message grammar
autobuild: remove unused argument
autobuild --restrict-tests to test a restricted set
blackbox tests: add timestamps for subunit tests
selftest: allow tests.py scripts to run independently
subunithelper: use set for efficient inclusion test
filter-subunit: default to empty affixes, saving verbose checks
Add AD DC performance tests
make perftest: for performance testing
selftest: add an option to specify the test list
selftest/wscript: format perftest as json
autobuild: disable abi check on O3 build
Remove unused python selftest
lib/registry/regf: better initialise nk_block
smbd/service_stream: connection processing flag is not really bool
smbclient: fix string formatting in print command
KCC: Graphnode.add_edge_from expects dn strings, not objects
KCC: avoid infinite recursion when edgelist contains self
s4-torture: better, failing, tests for GUID_from_string
librpc/ndr/uuid.c: improve speed and accuracy of GUID string parsing
rpc_server:netlogon Move from memcache to a tdb cache
s4/linked_attributes test: pep8 tidy-up, remove unused imports
s4/linked_attribute tests: add multiple links and replace tests
s4/linked_attribute tests: remove unused code
s4/linked_attribute tests: compare link lists in sorted order
s4/linked_attribute tests: test with the relax control
s4/linked_attribute tests: try adding linked attributes directly
s4/linked_attribute tests: remove helper function unused parameter
replmd: check whether list is already sorted in get_parsed_dns()
replmd: Fix some whitespace in repl_meta_data.c
replmd: replmd_check_upgrade_links() only checks the first DN
replmd: fix variable names in replmd_check_upgrade_links
binsearch: clarify variable name in greater-than-or-equal search
binsearch: make BINARY_ARRAY_SEARCH_GTE compare against a pointer
replmd: parsed_dn_find() finds insertion point as well as exact hit
replmd: replmd_check_upgrade_links() needs to first parses DNs
replmd: rework replmd_modify_la_add to merge efficiently
replmd: rearrange nothing-to-delete logic
replmd: simplify and optimise replmd_modify_la_delete
replmd linked attributes: use really_parse_trusted_dn everywhere
replmd linked_attributes: maintain sorted links in replace
replmd: keep links sorted in replmd_process_linked_attribute
replmd: treat a zero GUID as not present in get_parsed_dns
repl_md: get links in sorted order in replmd_add_fix_la
waf --test-list takes a filename argument
selftest: show multiple arguments for --help
docs/smbconf: update log level list in man page
fix blackbox_supported_features: mkdir -p its directory
lib/replace tests: prevent GCC fretting over snprintf sizes
getncchanges script: use library code, not copied functions.
ntlmssp: fix compilation with -O2 -fno-inline
python provision: fix indenting of doc string
shadow_copy_get_shadow_copy_data: fix GCC snprintf warning
ndr tests: silence a harmless warning
selftest: ndr_pack/unpack performance test
selftest: add search performance tests
ndr: fix whitespace in libndr.h, ndr.c
ndr: Use resizing array instead of linked lists (breaking ABI)
pyldb: p3k readiness: allow single unicode string in msg element
perftests/ad_dc_search: do less work in expensive member searches
gitignore: add some hidden files
selftest: remove unused broken client.py
python/join: correct spelling of "ctx.del_noerror"
samba-tool domain: correctly spell variable name
python/remove_dc: avoid using non-existent variable
python provision: FDSBackend takes forced uri
python sites/subnets: correctly spell variable name
python/examples/winreg: two variable name typos on a single line
./examples/scripts/SambaConfig.py: fix typo in "continue"
scripts/traffic_summary: documentation typo
dcerpc/misc tests: asset GUID ordering in python 2 and 3
getncchanges: remove whitespace
selftest/target/Samba.pm: Remove whitespace
whitespace: remove in rootdse
selftest: use an additional directory of knownfail/flapping files
ldb: fix whitespace in ldb_msg.c
ldb: fix a typo
ldb tests/ldb_mod_op_test: don't double include cmocka.h
ldb.h whitespace
python/test: delete_force() passes on command line args
dsdb/tests/ldap: multivalued attributes
s4/linked_attribute tests: test duplicate values
dsdb/tests/ldap: test single valued linked attributes
ldb: relatively efficient functions for finding duplicate values
ldb: 1.1.31
replmd: check duplicate linked attributes
replmd: special-case member return value in replmd_add_fix_la()
repl_meta_data: single valued error codes depend on change type
gitignore: ignore .gpg-* generated files (for ubuntu 16.04)
perftest: add a new medley test
add provision performance tests
python/getopt: -d/--debuglevel saves value in options for scripts
waf/wafadmin/3rdparty: fix paranoid.py variable names
samba_kcc: avoid crash on odd networks with --dot-file-dir
third_party/dnspython: fix variable name in dnssec
samba_kcc: comment typo
samba_kcc: drop all connections from non-existent DSAs
ldb: avoid searching empty lists in ldb_msg_find_common_values
ldb/tests: more thoroughly test empty ldb_msg elements
Dustin L. Howett via samba-technical (1):
idmap_ad: Retry query_user exactly once if we get TLDAP_SERVER_DOWN
Edward Betts (1):
fix spelling of 'unchangeable'
Evgeny Sinelnikov (1):
rpc_server/drsuapi: Set msDS_IntId as attid for linked attributes if exists
Garming (1):
drs: Send DRSUAPI_DRS_GET_ALL_GROUP_MEMBERSHIP by default
Garming Sam (275):
tests: Allow alternative error code for backupkey test
ldb controls: base64 encode VLV response context strings
ldap VLV: use correct ASN.1 encoding for requests
ldap: fix search control rule identifiers ASN.1 type
ldap VLV: correct ASN1 parsing of VLV requests
CVE-2016-0771: tests/dns: Modify dns tests to match new IDL
CVE-2016-0771: tests/dns: prepare script for further testing
CVE-2016-0771: tests/dns: FORMERR can simply timeout against Windows
CVE-2016-0771: tests/dns: Add a comment regarding odd Windows behaviour
CVE-2016-0771: tests/dns: restore formerly segfaulting test
CVE-2016-0771: tests/dns: Correct error code for formerly unrun test
CVE-2016-0771: tests/dns: Add some more test cases for TXT records
CVE-2016-0771: tests/dns: modify tests to check via RPC
CVE-2016-0771: dnsserver: don't force UTF-8 for TXT
CVE-2016-0771: tests/dns: RPC => DNS roundtrip test
CVE-2016-0771: tests: rename test getopt to get_opt
CVE-2016-0771: tests/dns: change samba.tests.dns from being a unittest
CVE-2016-0771: tests/dns: Remove dependencies on env variables
tests: Allow alternative error code for backupkey test
build: mark explicit dependencies on pytalloc-util
sort: enable custom behaviour on critical control
autobuild: Return the last 50 log lines
rodc: Allow RODC preload to continue with invalid users
tests/rodc: Check that preload will skip broken users
tests/dsdb: Verify that only a new ldb affects reads of userPassword
tests/passwords: fix a typo
dbcheck: Avoid pathological behaviour in operational module
dns: remove double talloc for strings
dnsserver: Remove C++ style comment
selftest: Remove an early return in the fl2003dc provision
dns: modify dns forwarder param to be multi-valued
tests/dns_forwarder: Add testing for DNS forwarding
tests/dns: Add additional testing of CNAME handling
tests/dns_forwarder: remove statically defined IPs
tests/dns_forwarder: Add an extra test for inactive forwarders
tests/dns_forwarder: Add additional testing for no flag recursive
autobuild: Return the last 50 log lines
autobuild: fix typo in autobuild success subject line
manpages: Markup led to missing space
typo: mplementation => implementation
examples/crackcheck: allow compilation with current builds
samr4: Remove talloc_asprintf leak onto mem_ctx
drsuapi.idl: Add attid used in testing in idl
tests/drs: cleanup some whitespace
samba_dnsupdate: Fix typo in -no-substitutions name
dns_server: Fix typo in dns_authoritative_for_zone() name.
flapping: temporarily add samba_dnsupdate test
tests/drs: extend getnc_exop test to check linked attributes
tests/drs: make cleanup more robust
tests/drs: assert sorted identifier GUIDs across getncchanges
tests/drs: change sort order in tests to match Windows
getncchanges: remove some whitespace
getncchanges: sort with precalculated target guid array
getncchanges: Match Windows on linked attribute sort
flapping: remove samba_dnsupdate from flapping
check-password-script: Allow AD to execute these scripts
param: fix a typo emtpy -> empty
tevent: typo in documentation
typo: componemt => component
typo: mandetory -> mandatory
kerberos: Return enc data on PREAUTH_FAILED
schema: Remove unnecessary schema reload code
schema: raise debug level
tests/dns_update: Add error message for diagnosis
tests: Allow alternative error code for backupkey test
dbcheck: Script swallows input when given a carriage return
match_rules: Fix a duplicated check
match_rules: Make cleanup faster and more efficient
link_attrs: Add tests for one way links (and pseudo one-way)
extended_dn_out: Force showing of one-way links if they exist
flapping: Add dbcheck to flapping
dbcheck: change argument to specify a partial --yes
tests/dbcheck: One way links are expected to be stale
dbcheck.sh: Fix the arguments supplied as $@
dbcheck: Split out valid stale DN links and invalid ones
dbcheck.sh: Remove all the plausible stale links
flapping: Remove dbcheck from flapping
renamedc: Make a more targeted dbcheck
pytalloc: Add a warning about enable_null_tracking
join.py: Remove talloc enable_null_tracking
samba-tool: Speed up all samba-tool commands
WHATSNEW: Samba-tool speed-up
drepl: Fix a typo
kcc: Make debug more scarce
selftest: Add more information when KCC fails
kcc: Prevent the KCC from doing work on the RODC
samba_kcc: match translate connection from old KCC for RODC
samba_kcc: match translate connection from old KCC for RWDC
kcc: Make more fault tolerant on DC demotion
dbcheck: Replica locations can now be leftover
join.py: Ensure that all expressions are escaped
join.py: Add Replica-Locations for DomainDNS and ForestDNS
join.py: Don't add replica locations without the backend
dbcheck/release-4-1-0rc3: Add a check regarding replica locations
dbcheck: Add a rule regarding replica locations
kcc: correct a typo in the debug messages
samba_kcc: Enable the python samba_kcc
WHATSNEW: Add the update for the samba kcc
AddressSanitizer: Initialize for kcc_topology.c
AddressSanitizer: Initialize for smbd/oplock.c
AddressSanitizer: Initialize for vfs_fruit.c
kcc: typo fix tupple => tuple
kcc: fix a typo
kcc: Add corresponding methods for repsTo
kcc: Add a TODO for msDS[-RO]-Replica-Locations
kcc: Clean up repsTo attribute for old DCs
replmd: Check dsdb_dn for syntax errors
valgrind: Avoid a warning about uninitialized memory
msds_intid: Add test for (non-schema) linked attributes
replmd: Remove data field on DSDB_CONTROL_REPLICATED_UPDATE_OID
replmd: Send replicated update OID for forward links
msds_intid: Add test for schema linked attributes
getncchanges: Set is_schema_nc when EXOP_OBJ
rpc_server/drsuapi: Don't set msDS_IntId as attid for linked attributes if schema
tests/schemainfo: run dsdb schema info tests with proper URI
replicated_objects: Add missing newline for debug
drepl_out: Send the prefix map alongside the RODC partial attribute set
drepl_out: Send the prefix map alongside the global catalog partial attribute set
tests/getnc_exop: Ensure that all attids are valid in a given PAS
tests/getnc_exop: Ensure the remote prefixmap is always used (secret attrs)
tests/getnc_exop: Ensure the remote prefixmap is always used (name attr)
tests/getnc_exop: PartialAttrSetEx test (passes Windows, fails us)
getncchanges: Compute the partial attribute set from the remote schema
samba_upgradedns: Check for both accounts in BIND_DLZ upgrade
gc_tombstones: Typo fix
tests/dns_forwarder: Wait for port for 15 seconds
tests/dns_forwarder: Check that the subprocess is still living
tests/dns_forwarder: Fail out with an assertion instead OOB error
torture: Remove unnecessary whitespace
rpmd: Add the ldb error string to a debug
rpmd: Remove the seq_num check for skipping additional work
rpmd: Add a TODO regarding the additional work performed
rpmd: Skip bump of USN when vanishing forward links
tests: Assert vanishing links doesn't bump USN
tombstone-expunge: Assert than an expunge does not bump the USN
dbcheck: Make it clearer about temporary output
tests: Check that USN bumps when modifying a linked attr
tests: Skip a test for reveal internals for passing Windows
dbcheck: assert uSNChanged values in release-4-5-0-pre1
kcc: Don't check schedule if None
tests/getnc_exop: Finish a comment in getnc_exop.py
tombstones-expunge: Add a test for deleting links to recycled objects
collect_tombstones: Allow links to recycled objects to be deleted
tests/ridalloc_exop: Add a new suite of tests for RID allocation
samba_tool/fsmo: Allocate RID Set when seizing RID manager
upgradeprovision: Remove objectCategory from constructed attrs
s4-auth: Don't check for NULL saltPrincipal if it doesn't need it
doc: Add doxygen for functions in srv_keytab.c
samba_dnsupdate: cmd._run doesn't have Exceptions
samba_dnsupdate: Raise after the error count is incremented
tests/dnsserver: Check security descriptors
python/tests: fix typo to use correct var
tests/dns: Check you cannot add empty CNAME
getncchanges: use the uptodateness_vector to filter links to replicate
ldbdump: Parse the -i option
ldb_tdb: avoid erroneous error messages
getncchanges: do not replicate links for non critical objects if DRSUAPI_DRS_CRITICAL_ONLY is set
dbcheck-links: Test that dbcheck against one-way links does not error
tests/ndrdump: Add a test for --hex-input
ldbedit: Prevent the use of the reveal internals control
tests/dbcheck: Add a test for two live objects, with a dangling backlink
tests/dbcheck: Add a test for two live objects, with a dangling forward link
dbchecker: Stop ignoring linked cases where both objects are alive
objectclass_attrs: Remove schema copy shallow from attr_handler2
typo: uppon -> upon
werror: Correct the error code checking
samba-tool/domain: Correctly re-enable replication
ldb_tdb: Do not care about duplicates if single value check disabled
ldb_tdb: Do not check for duplicate values during a rename
ldb_tdb: Add better comments for duplicate attr values
python/dsdb_dn: Add a generic get_bytes method on DNs
drsbase: use credentials if supplied
getncchanges: Return correct denied REPL_SECRET error code
tests/repl_rodc: Duplicate msDS-RevealedUsers test for RODC machine acct
getncchanges: Let security of RWDC+ manually replicate secrets to RODCs
replmd: Ensure that binary blobs in links are ordered in the database
replmd: Include extra data on DN in search if it exists
getncchanges: Implement functionality for msDS-RevealedUsers
tests/repl_rodc: Ensure that the machine account is tied to the destination DSA
getncchanges: Tie destination DSA GUID to authenticating RODC for REPL_SECRET
getncchanges: Refactor filter_attrs from build_object
getncchanges: Prevent a small, but possible race condition in build_object
getncchanges: Reorder and comment code for clarity
tests/repl_rodc: Test the direct allow/deny attribute works
getncchanges: include object SID in tokenGroups calculation for repl secret
dbcheck: Improve dbcheck to find (and may fix) dangling msDS-RevealedUsers
tests/match_rules: Use system privilege for msDS-RevealedUsers
objectclass_attrs: Restrict systemOnly attributes
getncchanges: Add a comment regarding sIDHistory for allow/deny in repl_secret
getncchanges: generalize samdb_result_sid_array_ndr a little
tests/dbcheck-links: remove spurious sleeping
dsdb: Move parsed_dn_find into a common location
dsdb: Allow parsed_dn_find to have a prefixed blob match
getncchanges: Remove O(n) loop in link parsing
auth/sam: Remove lastLogonTimestamp from RODC success accounting
repl_secret: Prevent null deref on DEBUG
repl_secret: Error condition should sound harmless
selftest: Check that LDAP is available during RODC startup
wbinfo: Prevent client segfault with given EOF
samba_dnsupdate: Add additional debugging
whitespace: auth_log.py python conventions
whitespace: auth_log.c C code conventions
ldap_server: Move a variable into a smaller scope
whitespace: auth_log_pass_change.py python conventions
whitespace: Remove some whitespace
winbindd: Make some debugging clearer
samba_dnsupdate: Remove extra argument from debug
drsuapi.idl: Expose GetNCChanges req8 like req10
replmd: Send RODC referrals preferably to the PDC
selftest: Add ldap rodc python test
rodc: Force all RODC add and delete to cause a referral
selftest: Make some assertions about RODC referrals
password_lockout: Begin moving helper methods to a base class
password_lockout: Move more helper methods to a base class
password_lockout: Move more helper methods to a base class
password_lockout: Remove use of global lp and host vars
password_lockout: Remove use of global creds variables
password_lockout: Factor out a base testcase
password_lockout: Move lockoutObservationWindow tests from setUp
password_lockout: Move some unnecessary methods from base
sam.c: Make NTLM login set logonCount when unset
tests/rodc: Add a number of tests for RODC-RWDC interaction
password_lockout: Tests against RODC (once preloaded)
drepl: Add partial attribute set in the case of repl secret
rodc: Allow local RODC changes with version 0
replmd: Reduce calls to ldb_request_get_control
password-lockout: Allow RODC to ensure lockout and lockout reset
join.py: Allow RODC to have push replication at join
rodc/dns: Do not put a trailing dot at end of a DNS record
dns_update: RODC updates should use lower case realm
drepl_server: Allow refresh of partitions on UpdateRef
updaterefs: Do not open transaction even when unnecessary
samba-tool/spn: Add a missing newline to error message
tests/password_lockout: Remove unused users from base
libads: Check cldap flags in libads/ldap
winbindd_cm: Add new parameter for dcip_to_name
winbindd_cm: Add new parameter to getdc and find_new_dc calls
winbindd_cm: Rename dcip_to_name to the more accurate dcip_check_name
winbindd_cm: Call dcip_check_name even when fetching from cache
winbindd_cm: Pass cm_open_connection the need_rw_dc flag
libads: Decide to have no fallback option
auth4: Add authoritative flag to check_password
winbindd: Do not run SAM auth stack in winbind SamLogon
auth_winbind: Allow badPwdCount to be set to 0 with this auth method
tests/rodc: Test for NTLM wrong password forwarding
rodc: Set non-authoritative for RODC bad passwords
auth_sam: Make auth_sam_trigger_repl_secret more generic
hdb: Dupe a copy of repl secrets into the KDC
kdc: Send bad password via NETLOGON in RODC
netlogon_creds_cli: Do not corrupt authenticator state on application level errors
netlogon: Implement SendToSam along with its winbind forwarding
selftest: Ensure rodc environment uses localdc as winbind partner
tests/rodc: Add password lockout tests with RODC-auth, RWDC-check
tests/rodc: Check SID restriction for SendToSam
netlogon: Add necessary security checks for SendToSam
rpc_server: Move SID helpers into common
getncchanges: Do not filter EXOPs using highwatermark
tests/rodc: Check that new passwords trigger wiping on RODC
dnsserver: Stop dns_name_equal doing OOB read
selftest/rodc: Do not run in single mode, this causes deadlocks
stream_terminate_connection: Prevent use-after-free
repl: Set GET_ALL_GROUP_MEMBERSHIP flag in the drepl server
replmd: check single values in replmd_add_fix_la
dsdb: Add a samdb_dns_host_name which avoids searching
dnsserver/common: Use cached dnsHostName to reduce database reads
samba_kcc: debugging: say intrasite when we mean intrasite
show-deleted: Do not indicate an error if an object is missing.
show-deleted: Remove an unnecessary search during connect
show-deleted: Simplify the code to require as little logic as needed
show-deleted: Rename attr_filter to exclude_filter for clarity
ldb:tdb: Ensure we correctly decrement ltdb->read_lock_count
WHATSNEW: Improved RODC support
WHATSNEW: Additional hashes introduced with WDigest
WHATSNEW: DNS at domain join improvements
WHATSNEW: Improved AD performance (particularly linked attributes)
Gary Lockyer (67):
script: Add test data for traffic_summary.pl
script: Add script to provide an anonymous summary from tshark
script: Add test script for traffic_summary.pl
pymessaging: add single element tupple form of the server_id
pysmb: Check for credentials using same method as pyrpc
python net: add username, oldpassword and domain to change_password
TestBase: move insta_creds from password_lockout.py
lib/util: Add functions to escape log lines but not break all non-ascii
auth: Generate a human readable Authentication log message.
rpc: Always supply both the remote and local address to the auth subsystem
auth_log: Add JSON logging of Authorisation and Authentications
named_pipe_auth: Rename client -> remote_client and server -> local_server
s4-named_pipe_auth: Rename client -> remote_client and server -> local_server
s3-named_pipe_auth: Rename client -> remote_client and server -> local_server
s3-rpc_server: Re-order local and remote address in make_server_pipes_struct()
s3-rpc_server: Rename client -> remote_client and server -> local_server
s4-ntvfs: Correct mixup between local/remote addresses
auth log tests: password change tests
ldap_server: Log failures to find a valid user in the simple bind
rpc_server: Re-order and rename remote and local address in np_open()
auth log: Add tests for anonymous bind and SamLogon
TestBase: restore setting FEATURE_SEAL in insta_creds
password_hash: Add tests to allow refactoring
password_hash: refactor setup_supplemental_field
tests dsdb: load paramaters from test environment
pyrpc: Fix segfault in ClientConnection
source3 smbd: tests for null pointer dereference
source3 smdb: fix null pointer dereference
samba-tool user: Tests for virtualWDigest attributes
samba-tool user: Support for virtualWDigest attributes
samba-tool tests: Tests for virtualCryptSHAxxx rounds
samba-tool user: add rounds option to virtualCryptSHAxxx
idl drsblobs: add the blobs required for Primary:userPassword
tests password_hash: remove unused import
tests password_hash: fix white space issues
docs: configuration options for extra password hashes
tests password_hash: add tests for Primary:userPassword
password_hash: generate and store Primary:userPassword
samba-tool tests: add tests for userPassword
samba-tool add support for userPassword
tests password_hash: update array indexes for readabliity
tests password_hash: Add ldap based tests for WDigest
auth_log: Add test that execises the SamLogon python bindings
auth pycredentials: correct docstring of get_ntlm_response method
auth pycredentials: incorrect PyArg_ParseTupleAndKeywords call
source4 rpc: binding.c enable DCERPC_SCHANNEL_AUTO for schannel connections
tests net_join: use private secrets database.
source4/provision: fix talloc_steal on unallocated memory
libnet join: Fix error handling on provision_store_self_join failure
password_hash: conditional compilation for crypt_r
samba tool - tests: Fix shell metacharacters in generated password
strerror_r: provide XSI-compliant strerror_r
Tests lsa.String: add String constructor, str and repr
lsa.String: add String constructor, str and repr
pycredentials: add function to return the netr_Authenticator
s4/dcerpc_netlogon: Logging for dcesrv_netr_LogonGetDomainInfo
pycredentials: Add support for netr_crypt_password
tests py_credentials: Fix encrypt_netr_crypt_password test
dcerpc.idl Add symbolic constant for /root/ncalrpc_as_system
rpc: use symbolic constant to replace /root/ncalrpc_as_system
auth_log: use symbolic constant to replace /root/ncalrpc_as_system
tests auth_log: Modify existing tests to handle NETLOGON messages
tests auth_log: Add new tests for NETLOGON
source4 netlogon: Add authentication logging for ServerAuthenticate3
tests util/tfork: Tests for status and event fd
util/tfork: Write to the status pipe
util_runcmd: Free the fde in event handler.
Guillaume Xavier Taillon (1):
libbreplace: compatibility fix for AIX
Günther Deschner (410):
auth/ntlmssp: use ndr_push_AV_PAIR_LIST in gensec_ntlmssp_server_negotiate().
lib/socket/interfaces: Fix some uninitialied bytes.
Partly revert "s3:libads: setup the msDS-SupportedEncryptionTypes attribute on ldap_add"
s3:libnet:libnet_join: prepare to allow connecting with machine creds.
s3:libads:ldap: print LDAP error message with log level 10.
s3:libads:ndr: add ADS_AUTH_USER_CREDS to ndr_print_ads_auth_flags()
s3:libads:ldap: fix ads_check_ou_dn to deal with account_ou not being initialized
s3:libnet:libnet_join: always try to create machineaccount via LDAP first.
s3:librpc:idl:libnet_join: add encryption types to libnet_JoinCtx.
s3:libnet:libnet_join: define list of desired encryption types only once.
s3:libnet:libnet_join: fill in output enctypes and only modify when necessary.
s3:libnet:libnet_join: update msDS-SupportedEncryptionTypes (if required) with machine creds.
param: add parameter "server multi channel support", defaults to off.
s3:winbindd:idmap_hash: skip domains that already have their own idmap configuration.
s3:winbindd:idmap: check loadparm in domain_has_idmap_config() helper as well.
wscript: detect if we have libkdb5 and kdb.h.
s4-kdc: Introduce a simple sdb_kdb shim layer
mit_samba: Use sdb in the mit_samba plugin
mit_samba: Use talloc_zero in mit_samba_context_init().
mit-kdb: Do not overwrite the error code in failure case.
mit-kdb: Use calloc so both authdata elements are zeroed
mit-kdb: Use calloc to initialize master keylists.
mit-kdb: Return 0 in kdb_samba_db_put_principal()
mit-kdb: Restrict admin/changepw principal db_entry with some flags
s4-smb_server: check for return code of cli_credentials_set_machine_account().
s3-auth: check for return code of cli_credentials_set_machine_account().
s3:smbXsrv.idl: add 8 byte channel_sequence number and request counters to IDL.
libcli:smb:smbXcli_base: add smb2cli_session_current_channel_sequence() call.
torture:smb2: add test for checking sequence number wrap around.
lib/torture: add torture_assert_u64_not_equal_goto macro
s4:torture:smb2:rename.c: Fix file permissions.
CVE-2016-2111: s3:rpc_server/netlogon: always go through netr_creds_server_step_check()
lib:krb5_wrap:krb5_samba: increase debug level for smb_krb5_get_default_realm_from_ccache().
s3:librpc:crypto:gse: increase debug level for gse_init_client().
libcli/smb: fix NULL pointer derreference in smbXcli_session_is_authenticated().
s3:client:smbspool_krb5_wrapper: fix the non clearenv build.
s3-winbind: Fix schannel connections against trusted domain DCs
s3-libnet: Print error string even on successfuly completion of libnetjoin.
s3:libnet: accept empty realm for AD domains when only security=domain is set.
librpc: add decode_netlogon_samlogon_response_packet for mailslot debugging.
torture: show the first differing byte and a dump in torture_assert_data_blob_equal().
s4-torture: rename torture_suite_add_ndr_pullpush_test to torture_suite_add_ndr_pull_validate_test.
krb5pac: no need for a noprint PAC_BUFFER.
s4-torture: add ndr krb5pac testsuite.
s4-torture: add another krb5pac buffer to the ndr test.
s4-torture: add new torture_assert_krb5_error_equal macro.
s4-torture: fix compile of new NDR PAC tests with MIT Kerberos.
s4-scripting: let gen_hresult.py tolerate empty lines.
hresult: create enough space for the hresult_errstr message.
spoolss: add various well known core printer driver file GUIDs to IDL.
librpc: fix spoolss_GetCorePrinterDrivers IDL.
s4-torture: add test for spoolss_CorePrinterDriver().
librpc: fix IDL for spoolss_GetPrinterDriverPackagePath()
s4-torture: add test for spoolss_GetPrinterDriverPackagePath().
librpc/tools: support ndr64 in the validate path of ndrdump
pidl: support HRESULT as return code in wireshark autogenerated dissectors.
s4-torture: test GetPrinterData with server handle and 0 keylength.
s3-spoolss: fix _spoolss_GetPrinterDataEx by moving the keyname lengthcheck.
s4-torture: cleanup torture_suite_add_ndr_pull_validate_test API.
s4:torture:smb2:connect: prefer torture_comment() to printf().
source4/torture/rpc/testjoin.c: prefer torture_comment() over printf().
s4:torture:smb2:maxwrite: prefer torture_comment() to printf().
s4-torture: reformat TORTURE_SMB2 wscript_build list.
s4:torture:smb2:maxwrite: compile maxwrite test at least.
s4:torture:smb2:getinfo: prefer torture_comment() to printf().
s4:torture:smb2:scan: prefer torture_comment() to printf().
s4:torture:smb2:acls: prefer torture_comment() to printf().
s4:torture:smb2 prefer torture_comment() to printf().
pidl: Keep case from fieldnames.
pidl: fix field2name wireshark dissector test.
s4-torture: test multiple different cluster control codes.
librpc: add clusapi_ResourceTypeControlCode enum.
s4-torture: Fix logic errors in node and group control clusapi tests.
s4-torture: add new tests for clusapi resourcetypes.
librpc: add ClusterGroupEnumType enum to IDL.
s4-torture: add test for clusapi_CreateGroupResourceEnum
librpc: add CLUS_RESOURCE_CLASS_INFO to IDL
s4-torture: test CLUSCTL_GROUP_GET_FLAGS GroupControl.
s4-torture: add test for CreateResTypeEnum().
librpc: add ClusterResTypeEnumType to IDL.
s4-torture: add test for CreateGroupEnum.
s4-torture: also test CLUSCTL_CLUSTER_CHECK_VOTER_DOWN.
librpc: add clusapi_ResourceControlCode to IDL.
pidl: in s3 server templates, support default HRESULT error returns.
spoolss: add IDL for spoolss_LogJobInfoForBranchOffice.
s4-torture: add test for spoolss_LogJobInfoForBranchOffice
s3-spoolss: add missing newline in debug message of _spoolss_OpenPrinterEx.
s4-torture: use torture_comment in torture_rpc_connection()
s3-waf: give rpcclient its own wscript_build.
s3-rpcclient: add getdriverpackagepath command.
s3-spoolss: avoid referencing p->opnum in _spoolss_AddPrinterDriverEx
s4-torture: also test NULL servername in spoolss_GetPrinterDriverPackagePath
s3-rpc_client: make it more clear printer driver version is a QWORD not a DWORD.
libgpo: accept more boolean matches in gp_inifile_getbool().
s3-registry: create winprint print processor entry for x64 as well.
s3-spoolss: fix winreg_printer_ver_to_qword
spoolss: rename spoolss_EnumPrintProcDataTypes to spoolss_EnumPrintProcessorDataTypes
spoolss: rename spoolss_RpcGetJobNamedPropertyValue to spoolss_GetJobNamedPropertyValue
spoolss: rename spoolss_RpcSetJobNamedProperty to spoolss_SetJobNamedProperty
spoolss: rename spoolss_RpcDeleteJobNamedProperty to spoolss_DeleteJobNamedProperty
spoolss: rename spoolss_RpcEnumJobNamedProperties to spoolss_EnumJobNamedProperties
spoolss: rename spoolss_RpcSendRecvBidiData to spoolss_SendRecvBidiData
spoolss: rename RPC_PrintNamedProperty to spoolss_PrintNamedProperty
s4-torture: test GetPrinter level 3 on server handle (security descriptor query)
s3-spoolss: Fix _spoolss_GetPrinter behaviour for server handles.
s3-rpc_client: add winreg_get_printserver_secdesc.
s3-rpc_client: add winreg_set_printserver_secdesc.
s4-torture: test spoolss_SetPrinter level 3 on server handle.
s3-spoolss: use server sd stored in the backend in _spoolss_GetPrinter level 3
s3-spoolss: allow SetPrinter level 3 for server handles as well.
s3-spoolss: in _spoolss_OpenPrinterEx map max_allowed for the print server
s4-torture: add new test to compare "ServerSecurityDescriptor" and GetPrinter level 3.
librpc: add IRemoteWinspool idl
idl: compile iremotewinspool.idl.
s4-torture: add IRemoteWinspool ndr testsuite.
s4-torture: parse spoolss ndr packets using iremotewinspool calls
s3-modules: fix build warning in vfs shadow copy2 module
hresult: add new HRESULT_FROM_WERROR macro
hresult: re-generate hresult error code definitions from MS-ERREF.
librpc: fix some variable names in winspool protocol IDL
s3-rpc_client: add spoolss_timestr_to_NTTIME()
s3-rpc_client: add spoolss_driver_version_to_qword()
s3-rpc_client: use spoolss_timestr_to_NTTIME in winreg_printer_date_to_NTTIME
s3-rpc_client: use spoolss_driver_version_to_qword in winreg_printer_ver_to_qword
s4-scripting: make w32err_code.py work with recent html table changes.
werror: add new DS error codes.
werror: use WERR_NOT_ENOUGH_MEMORY in WERROR macros.
werror: use (generated) WERR_GEN_FAILURE as alias for WERR_FOOBAR
werror: replace WERR_BADFUNC with WERR_INVALID_FUNCTION in source3/rpc_server/spoolss/srv_spoolss_nt.c
werror: replace WERR_BADFUNC with WERR_INVALID_FUNCTION in source4/lib/wmi/
werror: removed WERR_BADFUNC
werror: replace WERR_BADFILE with WERR_FILE_NOT_FOUND in source3/lib/smbconf/smbconf_reg.c
werror: replace WERR_BADFILE with WERR_FILE_NOT_FOUND in source3/libgpo/gpo_reg.c
werror: replace WERR_BADFILE with WERR_FILE_NOT_FOUND in source3/printing/
werror: replace WERR_BADFILE with WERR_FILE_NOT_FOUND in source3/registry/
werror: replace WERR_BADFILE with WERR_FILE_NOT_FOUND in source3/rpc_client/
werror: replace WERR_BADFILE with WERR_FILE_NOT_FOUND in source3/services/svc_winreg_glue.c
werror: replace WERR_BADFILE with WERR_FILE_NOT_FOUND in source3/utils/
werror: replace WERR_BADFILE with WERR_FILE_NOT_FOUND in source4/lib/registry/
werror: replace WERR_BADFILE with WERR_FILE_NOT_FOUND in source4/torture/ndr/winreg.c
werror: replace WERR_BADFILE with WERR_FILE_NOT_FOUND in source4/torture/rpc/
werror: removed WERR_BADFILE
werror: replace WERR_BADFID with WERR_INVALID_HANDLE in source3/rpc_server/spoolss/
werror: replace WERR_BADFID with WERR_INVALID_HANDLE in source4/torture/rpc/spoolss.c
werror: removed WERR_BADFID
werror: replace WERR_NOMEM with WERR_NOT_ENOUGH_MEMORY in lib/util/tevent_werror.c
werror: replace WERR_NOMEM with WERR_NOT_ENOUGH_MEMORY in libcli/drsuapi/repl_decrypt.c
werror: replace WERR_NOMEM with WERR_NOT_ENOUGH_MEMORY in source3/lib/netapi/
werror: replace WERR_NOMEM with WERR_NOT_ENOUGH_MEMORY in source3/libads/ldap_printer.c
werror: replace WERR_NOMEM with WERR_NOT_ENOUGH_MEMORY in source3/libgpo/gpo_reg.c
werror: replace WERR_NOMEM with WERR_NOT_ENOUGH_MEMORY in source3/libnet/libnet_join.c
werror: replace WERR_NOMEM with WERR_NOT_ENOUGH_MEMORY in source3/printing/
werror: replace WERR_NOMEM with WERR_NOT_ENOUGH_MEMORY in source3/registry/
werror: replace WERR_NOMEM with WERR_NOT_ENOUGH_MEMORY in source3/rpc_client/
werror: replace WERR_NOMEM with WERR_NOT_ENOUGH_MEMORY in source3/rpc_server/
werror: replace WERR_NOMEM with WERR_NOT_ENOUGH_MEMORY in source3/rpcclient/
werror: replace WERR_NOMEM with WERR_NOT_ENOUGH_MEMORY in source3/services/
werror: replace WERR_NOMEM with WERR_NOT_ENOUGH_MEMORY in source3/smbd/lanman.c
werror: replace WERR_NOMEM with WERR_NOT_ENOUGH_MEMORY in source3/utils/
werror: replace WERR_NOMEM with WERR_NOT_ENOUGH_MEMORY in source3/utils/
werror: replace WERR_NOMEM with WERR_NOT_ENOUGH_MEMORY in source3/winbindd/
werror: replace WERR_NOMEM with WERR_NOT_ENOUGH_MEMORY in source4/dns_server/
werror: replace WERR_NOMEM with WERR_NOT_ENOUGH_MEMORY in source4/dsdb/
werror: replace WERR_NOMEM with WERR_NOT_ENOUGH_MEMORY in source4/lib/registry/
werror: replace WERR_NOMEM with WERR_NOT_ENOUGH_MEMORY in source4/rpc_server/backupkey/
werror: replace WERR_NOMEM with WERR_NOT_ENOUGH_MEMORY in source4/rpc_server/
werror: replace WERR_NOMEM with WERR_NOT_ENOUGH_MEMORY in source4/torture/drs/unit/prefixmap_tests.c
werror: replace WERR_NOMEM with WERR_NOT_ENOUGH_MEMORY in source4/torture/rpc/spoolss.c
werror: removed WERR_NOMEM
werror: replace WERR_GENERAL_FAILURE with WERR_GEN_FAILURE in source3/lib/netapi/
werror: replace WERR_GENERAL_FAILURE with WERR_GEN_FAILURE in source3/libgpo/gpo_reg.c
werror: replace WERR_GENERAL_FAILURE with WERR_GEN_FAILURE in source3/libnet/libnet_join.c
werror: replace WERR_GENERAL_FAILURE with WERR_GEN_FAILURE in source3/libsmb/libsmb_dir.c
werror: replace WERR_GENERAL_FAILURE with WERR_GEN_FAILURE in source3/registry/reg_api_regf.c
werror: replace WERR_GENERAL_FAILURE with WERR_GEN_FAILURE in source3/rpc_client/init_spoolss.c
werror: replace WERR_GENERAL_FAILURE with WERR_GEN_FAILURE in source3/rpc_server/
werror: replace WERR_GENERAL_FAILURE with WERR_GEN_FAILURE in source3/rpcclient/
werror: replace WERR_GENERAL_FAILURE with WERR_GEN_FAILURE in source3/utils/
werror: replace WERR_GENERAL_FAILURE with WERR_GEN_FAILURE in source4/dsdb/common/util.c
werror: replace WERR_GENERAL_FAILURE with WERR_GEN_FAILURE in source4/lib/com/
werror: replace WERR_GENERAL_FAILURE with WERR_GEN_FAILURE in source4/lib/registry/
werror: replace WERR_GENERAL_FAILURE with WERR_GEN_FAILURE in source4/rpc_server/
werror: replace WERR_GENERAL_FAILURE with WERR_GEN_FAILURE in source4/torture/libnetapi/libnetapi.c
werror: removed WERR_GENERAL_FAILURE
werror: removed WERR_DEVICE_NOT_EXIST (unused, already known as WERR_DEV_NOT_EXIST 0x00000037)
werror: replace WERR_NO_SUCH_SHARE with WERR_BAD_NET_NAME in source3/printing/nt_printing.c
werror: replace WERR_NO_SUCH_SHARE with WERR_BAD_NET_NAME in source3/rpc_server/srvsvc/srv_srvsvc_nt.c
werror: removed WERR_NO_SUCH_SHARE
werror: replace WERR_INVALID_PARAM with WERR_INVALID_PARAMETER in libgpo/gpext/gpext.c
werror: replace WERR_INVALID_PARAM with WERR_INVALID_PARAMETER in librpc/idl/
werror: replace WERR_INVALID_PARAM with WERR_INVALID_PARAMETER in source3/lib/netapi/
werror: replace WERR_INVALID_PARAM with WERR_INVALID_PARAMETER in source3/libgpo/
werror: replace WERR_INVALID_PARAM with WERR_INVALID_PARAMETER in source3/libnet/libnet_join.c
werror: replace WERR_INVALID_PARAM with WERR_INVALID_PARAMETER in source3/printing/
werror: replace WERR_INVALID_PARAM with WERR_INVALID_PARAMETER in source3/registry/
werror: replace WERR_INVALID_PARAM with WERR_INVALID_PARAMETER in source3/rpc_client/
werror: replace WERR_INVALID_PARAM with WERR_INVALID_PARAMETER in source3/rpc_server/
werror: replace WERR_INVALID_PARAM with WERR_INVALID_PARAMETER in source3/rpcclient/
werror: replace WERR_INVALID_PARAM with WERR_INVALID_PARAMETER in source3/smbd/lanman.c
werror: replace WERR_INVALID_PARAM with WERR_INVALID_PARAMETER in source3/utils/
werror: replace WERR_INVALID_PARAM with WERR_INVALID_PARAMETER in source4/dns_server/
werror: replace WERR_INVALID_PARAM with WERR_INVALID_PARAMETER in source4/dsdb/
werror: replace WERR_INVALID_PARAM with WERR_INVALID_PARAMETER in source4/lib/registry/
werror: replace WERR_INVALID_PARAM with WERR_INVALID_PARAMETER in source4/lib/wmi/wbemdata.c
werror: replace WERR_INVALID_PARAM with WERR_INVALID_PARAMETER in source4/rpc_server/
werror: replace WERR_INVALID_PARAM with WERR_INVALID_PARAMETER in source4/torture/
werror: removed WERR_INVALID_PARAM
werror: replace WERR_REG_CORRUPT with WERR_REGISTRY_CORRUPT in source3/printing/nt_printing_ads.c
werror: replace WERR_REG_CORRUPT with WERR_REGISTRY_CORRUPT in source3/registry/reg_backend_db.c
werror: removed WERR_REG_CORRUPT
werror: replace WERR_REG_IO_FAILURE with WERR_REGISTRY_IO_FAILED in source3/registry/
werror: removed WERR_REG_IO_FAILURE
werror: replace WERR_REG_FILE_INVALID with WERR_NOT_REGISTRY_FILE in source3/registry/reg_api_regf.c
werror: removed WERR_REG_FILE_INVALID
werror: replace WERR_OBJECT_PATH_INVALID with WERR_BAD_PATHNAME in source3/registry/reg_api_regf.c
werror: replace WERR_OBJECT_PATH_INVALID with WERR_BAD_PATHNAME in source3/rpc_server/
werror: removed WERR_OBJECT_PATH_INVALID
werror: replace WERR_NO_SUCH_SERVICE with WERR_SERVICE_DOES_NOT_EXIST in source3/lib/netapi/serverinfo.c
werror: replace WERR_NO_SUCH_SERVICE with WERR_SERVICE_DOES_NOT_EXIST in source3/libnet/libnet_join.c
werror: replace WERR_NO_SUCH_SERVICE with WERR_SERVICE_DOES_NOT_EXIST in source3/rpc_server/svcctl/srv_svcctl_nt.c
werror: removed WERR_NO_SUCH_SERVICE
werror: removed WERR_USER_ALREADY_EXISTS (unused, already known as WERR_USER_EXISTS)
werror: removed WERR_USER_NOT_IN_GROUP (unused, already known as WERR_MEMBER_NOT_IN_GROUP)
werror: removed WERR_INVALID_SECURITY_DESCRIPTOR (unused, already known as WERR_INVALID_SECURITY_DESCR)
werror: replace WERR_SERVER_UNAVAILABLE with WERR_RPC_S_SERVER_UNAVAILABLE in source3/printing/nt_printing_ads.c
werror: replace WERR_SERVER_UNAVAILABLE with WERR_RPC_S_SERVER_UNAVAILABLE in source3/rpc_server/spoolss/srv_spoolss_nt.c
werror: removed WERR_SERVER_UNAVAILABLE
werror: removed WERR_BUF_TOO_SMALL (unused, already known as WERR_NERR_BUFTOOSMALL)
werror: removed WERR_ALREADY_SHARED (unused, already known as WERR_NERR_DUPLICATESHARE)
werror: removed WERR_JOB_NOT_FOUND (unused, already known as WERR_NERR_JOBNOTFOUND)
werror: replace WERR_DEST_NOT_FOUND with WERR_NERR_DESTNOTFOUND in source3/lib/netapi/cm.c
werror: removed WERR_DEST_NOT_FOUND
werror: replace WERR_GROUPNOTFOUND with WERR_NERR_GROUPNOTFOUND in source3/lib/netapi/group.c
werror: removed WERR_GROUPNOTFOUND
werror: replace WERR_USER_NOT_FOUND with WERR_NERR_USERNOTFOUND in source3/lib/netapi/group.c
werror: replace WERR_USER_NOT_FOUND with WERR_NERR_USERNOTFOUND in source3/smbd/lanman.c
werror: replace WERR_USER_NOT_FOUND with WERR_NERR_USERNOTFOUND in source4/torture/rap/sam.c
werror: removed WERR_USER_NOT_FOUND
werror: replace WERR_USEREXISTS with WERR_NERR_USEREXISTS in source4/torture/rap/sam.c
werror: removed WERR_USEREXISTS
werror: replace WERR_NOT_CONNECTED with WERR_NERR_USENOTFOUND in source4/torture/rpc/wkssvc.c
werror: removed WERR_NOT_CONNECTED
werror: removed WERR_NAME_NOT_FOUND (unused, already known as WERR_NERR_NAMENOTFOUND)
werror: replace WERR_NET_NAME_NOT_FOUND with WERR_NERR_NETNAMENOTFOUND in source3/rpc_server/srvsvc/srv_srvsvc_nt.c
werror: removed WERR_NET_NAME_NOT_FOUND
werror: removed WERR_SESSION_NOT_FOUND (unused, already known as WERR_NERR_CLIENTNAMENOTFOUND)
werror: replace WERR_DEVICE_NOT_SHARED with WERR_NERR_DEVICENOTSHARED in source4/rpc_server/srvsvc/dcesrv_srvsvc.c
werror: removed WERR_DEVICE_NOT_SHARED
werror: removed WERR_FID_NOT_FOUND (unused, already known as WERR_NERR_FILEIDNOTFOUND)
werror: removed WERR_NOT_LOCAL_DOMAIN (unused, already known as WERR_NERR_NOTLOCALDOMAIN)
werror: replace WERR_DCNOTFOUND with WERR_NERR_DCNOTFOUND in source3/libnet/libnet_join.c
werror: replace WERR_DCNOTFOUND with WERR_NERR_DCNOTFOUND in source3/utils/net_ads.c
werror: replace WERR_DCNOTFOUND with WERR_NERR_DCNOTFOUND in source4/rpc_server/netlogon/dcerpc_netlogon.c
werror: removed WERR_DCNOTFOUND
werror: removed WERR_TIME_DIFF_AT_DC (unused, already known as WERR_NERR_TIMEDIFFATDC)
werror: replace WERR_DFS_NO_SUCH_VOL with WERR_NERR_DFSNOSUCHVOLUME in source3/rpc_server/dfs/srv_dfs_nt.c
werror: removed WERR_DFS_NO_SUCH_VOL
werror: replace WERR_DFS_NO_SUCH_SHARE with WERR_NERR_DFSNOSUCHSHARE in source3/rpc_server/dfs/srv_dfs_nt.c
werror: removed WERR_DFS_NO_SUCH_SHARE
werror: replace WERR_DFS_NO_SUCH_SERVER with WERR_NERR_DFSNOSUCHSERVER in source3/rpc_server/dfs/srv_dfs_nt.c
werror: removed WERR_DFS_NO_SUCH_SERVER
werror: replace WERR_DFS_INTERNAL_ERROR with WERR_NERR_DFSINTERNALERROR in source3/rpc_server/dfs/srv_dfs_nt.c
werror: removed WERR_DFS_INTERNAL_ERROR
werror: replace WERR_DFS_CANT_CREATE_JUNCT with WERR_NERR_DFSCANTCREATEJUNCTIONPOINT in source3/rpc_server/dfs/srv_dfs_nt.c
werror: removed WERR_DFS_CANT_CREATE_JUNCT
werror: replace WERR_SETUP_ALREADY_JOINED with WERR_NERR_SETUPALREADYJOINED in source3/libnet/libnet_join.c
werror: replace WERR_SETUP_ALREADY_JOINED with WERR_NERR_SETUPALREADYJOINED in source4/torture/rpc/wkssvc.c
werror: removed WERR_SETUP_ALREADY_JOINED
werror: replace WERR_SETUP_NOT_JOINED with WERR_NERR_SETUPNOTJOINED in source3/lib/netapi/joindomain.c
werror: replace WERR_SETUP_NOT_JOINED with WERR_NERR_SETUPNOTJOINED in source3/libnet/libnet_join.c
werror: replace WERR_SETUP_NOT_JOINED with WERR_NERR_SETUPNOTJOINED in source3/utils/
werror: replace WERR_SETUP_NOT_JOINED with WERR_NERR_SETUPNOTJOINED in source4/torture/rpc/wkssvc.c
werror: removed WERR_SETUP_NOT_JOINED
werror: replace WERR_SETUP_DOMAIN_CONTROLLER with WERR_NERR_SETUPDOMAINCONTROLLER in source3/lib/netapi/joindomain.c
werror: replace WERR_SETUP_DOMAIN_CONTROLLER with WERR_NERR_SETUPDOMAINCONTROLLER in source3/libnet/libnet_join.c
werror: replace WERR_SETUP_DOMAIN_CONTROLLER with WERR_NERR_SETUPDOMAINCONTROLLER in source4/torture/rpc/wkssvc.c
werror: removed WERR_SETUP_DOMAIN_CONTROLLER
werror: replace WERR_DEFAULT_JOIN_REQUIRED with WERR_NERR_DEFAULTJOINREQUIRED in source3/lib/netapi/joindomain.c
werror: replace WERR_DEFAULT_JOIN_REQUIRED with WERR_NERR_DEFAULTJOINREQUIRED in source3/libnet/libnet_join.c
werror: removed WERR_DEFAULT_JOIN_REQUIRED
werror: removed WERR_FRS_INSUFFICIENT_PRIV (unused, already known as WERR_FRS_ERR_INSUFFICIENT_PRIV)
werror: removed WERR_FRS_SYSVOL_IS_BUSY (unused, already known as WERR_FRS_ERR_SYSVOL_IS_BUSY)
werror: replace WERR_FRS_INVALID_SERVICE_PARAMETER with WERR_FRS_ERR_INVALID_SERVICE_PARAMETER in source4/torture/rpc/frsapi.c
werror: removed WERR_FRS_INVALID_SERVICE_PARAMETER
werror: replace WERR_UNKNOWN_LEVEL with WERR_INVALID_LEVEL in source3/lib/netapi/
werror: replace WERR_UNKNOWN_LEVEL with WERR_INVALID_LEVEL in source3/printing/nt_printing.c
werror: replace WERR_UNKNOWN_LEVEL with WERR_INVALID_LEVEL in source3/rpc_server/
werror: replace WERR_UNKNOWN_LEVEL with WERR_INVALID_LEVEL in source3/rpcclient/cmd_spoolss.c
werror: replace WERR_UNKNOWN_LEVEL with WERR_INVALID_LEVEL in source4/rpc_server/
werror: replace WERR_UNKNOWN_LEVEL with WERR_INVALID_LEVEL in source4/torture/rpc/
werror: removed WERR_UNKNOWN_LEVEL
werror: removed WERR_SHUTDOWN_ALREADY_IN_PROGRESS (unused, already known as WERR_SHUTDOWN_IN_PROGRESS)
werror: use autogenerated error codes.
werror: remove two duplicate error mappings.
werror: replace WERR_CLASS_NOT_REGISTERED with HRES_REGDB_E_CLASSNOTREG
werror: remove WERR_SEC_E_ENCRYPT_FAILURE (there is HRES_SEC_E_ENCRYPT_FAILURE)
werror: replace WERR_SEC_E_DECRYPT_FAILURE with HRES_SEC_E_DECRYPT_FAILURE
werror: removed WERR_SEC_E_ALGORITHM_MISMATCH (unused, already known as HRES_SEC_E_ALGORITHM_MISMATCH)
werror: replace WERR_RPC_E_REMOTE_DISABLED with HRES_RPC_E_REMOTE_DISABLED
werror: removed WERR_RPC_E_REMOTE_DISABLED (replaced with HRES_RPC_E_REMOTE_DISABLED)
werror: removed WERR_RPC_E_INVALID_HEADER (unused, already known as HRES_RPC_E_INVALID_HEADER)
mit: make it possible to build with MIT kerberos and --picky-developer
autobuild: add system-mitkrb5 build environment.
s4-kdc: Fix Coverity ID #1373386 (Resource Leak)
s4-kdc: Fix Coverity ID #1373385 (OVERRUN)
librpc: support "packet" for packet level authentication in binding strings
s4-torture: test support for [packet] binding string option.
s4:librpc/rpc: add support for DCERPC_AUTH_LEVEL_PACKET
s3:cli_pipe: add support for DCERPC_AUTH_LEVEL_PACKET
s3-rpcclient: support [packet] in rpcclient binding strings.
s3-rpcclient: add packet auth level command
s3-waf: Create a wscript_build for the utils subdir
s3-waf: Add wscript_build for nmbd
s3-waf: Add winbindd to its own wscript_build file (already exists)
s3-rpcclient: allow to pass down interface and transport to epmmap command
s3-waf: Move spoolssd into its own subsystem
spoolss: Use correct values for secdesc and devmode pointers
s4-torture: add spoolss_SetPrinter ndr test to validate secdesc_ptr
s3-rpcclient: add object_uuid argument to cmd_epmapper_map()
s4-torture: Fix test_EnumPrinterDrivers for level 8 printer drivers.
s4-torture: add torture_rpc_connection_with_binding()
s4-torture: add IRemoteWinspool rpc testsuite.
s4-torture: add test for winspool_SyncRegisterForRemoteNotifications.
s4-torture: add test for winspool_SyncUnRegisterForRemoteNotifications.
s4-torture: add test for winspool_AsyncUploadPrinterDriverPackage
s4-torture: add test for winspool_AsyncEnumPrinters
s4-torture: add test for winspool_AsyncGetPrinterData
s4-torture: add test for spoolss vs. iremotewinspool context handles
s4-torture: add test for winspool_AsyncCorePrinterDriverInstalled
s4-torture: add test for winspool_AsyncDeletePrintDriverPackage
s4-torture: add test for winspool_AsyncGetPrinterDriverDirectory()
s3-spoolss: also set new os_major,minor,build values in printer info 0
s3-spoolss: set the defaults for os_version defines globally.
s4-torture: add test to compare PRINTER_INFO_STRESS version and OSVersion
s3-spoolss: use architecture in spoolss_MonitorInfo calls consistently
s4-torture: test valid environment in spoolss_EnumMonitors level 2.
s3-net: use SMB_SIGNING_DEFAULT in connect_to_service()
docs: fix funny typo in smb.conf manpage wrt Samba's FSRVP server.
s3-rpc_cli: Support the use of the object_uuid in rpc_cli interfaces
s3-rpcclient: Add rpcclient IRemoteWinspool commands
s3-rpcclient: Add AsyncCorePrinterDriverInstalled command
librpc: Introduce cab.idl
librpc: Add autogenerated checksum calculation for Cabinet files
librpc: Add autogenerated total cabinet size for Cabinet files
librpc: Add autogenerated file offset calculation for Cabinet files
librpc: Add ndr_cab_get_compression() for Cabinet compression evaluation
s4-torture: Introduce Cabinet ndr testsuite
s4-torture: Add a validation test for uncompressed Cabinet files
s4-torture: Add MSZIP compressed cabinet test
s4-torture: Add LZX compressed cabinet test
s3-rpc_server: allow to set minimal auth level for a DCE/RPC service
s3-rpc_server: enforce packet level authentication for iremotewinspool server
s3-rpc_server: setup secondary address for tcp transport in bind_ack packet.
s3-iremotewinspool: add generated srv_iremotewinspool_nt.c file
s3-iremotewinspool: add generated server stubs and no longer compile autogenerated ones
s3-iremotewinspool: update api struct map so we only end up implementing 8 calls
s3-spoolss: remove unused type field in printer handle
s3-spoolss: Create a sperate header file for 'struct printer_handle'
libgpo: add gp_inifile_init_context_direct()
libgpo: add gp_inifile_enum_section()
libgpo: apply some const.
libgpo: deal with non utf16-le ini files.
libgpo: default to empty values if none are there
lib/util: add pm_process_with_flags to allow parsing ini files with empty values
libgpo: allow empty values in gp inifile parsing code.
s4-torture: cleanup after printing tests that had to add a driver
spoolss: allow truncated driver version in spoolss_driver_version_to_qword()
s3-spoolss: Use a more accurate DefaultSpoolDirectory
spoolss: Fix PROCESSOR_AMD_X8664 value in IDL
s3-spoolss: make us appear as a 64bit print server.
s3-spoolss: globally set print server environment/architecture.
libgpo: Fix error check in gp_inifile_init_context_direct()
librpc/ndr: add ndr_push_charset_to_null and increase library version (abi change)
pidl: use ndr_push_charset_to_null() when [to_null] keyword is used in IDL
s4-torture: add some NDR tests for validating ndr_push_charset behavior.
librpc/ndr: add [to_null] keyword to szPackageId in spoolss_CorePrinterDriver.
s4-torture: add more NDR tests for GetCorePrinterDrivers
errors: generate python error codes for NTSTATUS
s3-waf: remove duplicate ctags definition
s3-libgpo: Fix the build of the group policy CSEs
s4-torture: disable s4u2self/proxy remote pac tests for MIT build for now.
s3-rpcclient: Fix enumdata spoolss display of REG_DWORD
s3-gpo: Fix build of scripts CSE
s3-gpo: Build scripts, security and registry CSE with --enable-developer
s3-rpc_cli: add winreg_get_core_driver()
s3-spoolss: add winreg_get_core_driver_internal()
s3-rpc_cli: add winreg_add_core_driver()
s3-spoolss: add winreg_add_core_driver_internal()
s3-rpc_cli: add winreg_add_driver_package()
s3-spoolss: add winreg_add_driver_package_internal()
s3-rpc_cli: add winreg_get_driver_package()
s3-spoolss: add winreg_get_driver_package_internal()
s3-rpc_cli: add winreg_del_driver_package()
s3-spoolss: add winreg_del_driver_package_internal()
s3-gpo: Fix CID #1405972 Resource leak
s3-auth: remove some dead prototypes
s3-passdb: remove some dead prototypes
lib/krb5_samba: remove some dead prototypes
s3-smbd: remove some dead prototypes
s3-winbindd: remove some dead prototypes
s3-lib: remove some dead prototypes
s3-libsmb: remove some dead prototype
s3-proto: remove some dead prototypes
s3-rpc_server: remove some dead prototypes
s4-rpc_server: remove some dead prototypes
s4-auth: remove some dead prototypes
s4-libcli: remove some dead prototypes
s4-lib/policy: remove some dead prototypes
s3-lib/idmap_cache: remove some dead prototypes
vfs_fruit: add fruit:model = <modelname> parametric option
Hanno Böck (1):
cleanupdb: Fix a memory read error
Hemanth Thummala (2):
Mask general purpose signals for notifyd.
Fix memory leak in share mode locking.
Herwin Weststrate (1):
Added MSV1_0_ALLOW_MSVCHAPV2 flag to ntlm_auth
Ian Stakenvicius (14):
waf: disable-python - fix ctdb configuration
waf: disable-python - add option globally to build system
waf: disable-python - configuration adjustments
waf: disable-python - align talloc's wscript
waf: disable-python - align ldb's wscript
waf: disable-python - align tevent wscript
waf: disable-python - align tdb's wscript
waf: disable-python - don't build python/
waf: disable-python - don't build PROVISION, pyparam_util
waf: disable-python - don't build pyrpc_util, dcerpc.py
waf: disable-python - don't build samba-net
waf: disable-python - don't build samba-policy
waf: disable-python - don't build torture bits
waf: disable-python - don't include python.h in test_headers.c
Ira Cooper (4):
lib:dlinklist: avoid -Wtautological-compare errors with gcc6
ldb:dlinklist: avoid -Wtautological-compare errors with gcc6
source3/wscript: Add support for disabling vfs_cephfs
buildscripts: Fix the regression with --without-acl-support.
Ivo De Decker (1):
Add build option for default smbpasswd location
Jakub Hrozek (13):
ldb_tdb: Remove unused function ltdb_add_attr_results
ldb_tdb: Remove unused function parameter
ldb_tdb: Remove unused function parameter
ldb: Clarify LDB_MODULES_PATH is used
ldb:tests: Add a simple cmocka test for ldb_connect()
ldb:tests: A rudimentary ldb_add() test
ldb:tests: Add a basic search test
ldb:tests: Add a basic delete test
ldb:tests: Add a test for ldb transactions
ldb:tests: Add a modify test
ldb:tests: unit test for ldb_search()
ldb:tests: Add tests for case insensitive searches
ldb:tests: Unit test the ldb_rename() operation
Jan Engelhardt (1):
build: correct package dependencies
Jeff Layton (2):
VFS: convert to using ceph_statx structures and functions, when available
vfs: ceph: convert to new DBG_* macros
Jeffrey Altman (1):
CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation
Jeremy Allison (428):
CVE-2015-7560: s3: smbd: Add refuse_symlink() function that can be used to prevent operations on a symlink.
CVE-2015-7560: s3: smbd: Refuse to get an ACL from a POSIX file handle on a symlink.
CVE-2015-7560: s3: smbd: Refuse to set an ACL from a POSIX file handle on a symlink.
CVE-2015-7560: s3: smbd: Refuse to set a POSIX ACL on a symlink.
CVE-2015-7560: s3: smbd: Refuse to get a POSIX ACL on a symlink.
CVE-2015-7560: s3: smbd: Set return values early, allows removal of code duplication.
CVE-2015-7560: s3: smbd: Silently return no EA's available on a symlink.
CVE-2015-7560: s3: smbd: Refuse to set EA's on a symlink.
CVE-2015-7560: s3: libsmb: Rename cli_posix_getfaclXX() functions to cli_posix_getacl() as they operate on pathnames.
CVE-2015-7560: s3: libsmb: Add SMB1-only POSIX cli_posix_setacl() functions. Needed for tests.
CVE-2015-7560: s3: torture3: Add new POSIX-SYMLINK-ACL test.
CVE-2015-7560: s3: torture3: Add new POSIX-SYMLINK-EA test.
s3:lib. Add split_stream_filename() Not yet used.
s3:lib: Rewrite synthetic_smb_fname_split() to use split_stream_filename().
s3:lib: Remove the const SMB_STRUCT_STAT * parameter from synthetic_smb_fname_split().
s3:lib: Move internal lp_posix_pathnames() call out of utility function synthetic_smb_fname_split().
s3: smbd: Simplify logic inside rename_internals_fsp() part 1.
s3: smbd: Simplify logic inside rename_internals_fsp() part 2
s3: smbd: Remove the last lp_posix_pathnames() in the rename path.
s3:smbd: Fix build for vfs_aixacl2.c.
s3:smbd:vfs: Change smb_get_nt_acl_nfs4() to take a const struct smb_filename *.
s3:smbd:vfs: Change posix_get_nt_acl() from const char * to const struct smb_filename *.
s3:vfs: Change smbacl4_GetFileOwner() to take const struct smb_filename * from const char *.
s3: vfs: vfs_hpuxacl. refuse_symlink() means we can always use STAT here.
s3: vfs: vfs_solarisacl. refuse_symlink() means we can always use STAT here.
s3:vfs: vfs_streams_xattr.c - Remove duplicate code. This is exactly vfs_stat_smb_basename().
s3:vfs: vfs_streams_xattr.c: Change walk_xattr_streams() to const struct smb_filename * from const char *.
s3: smbd: Reformatting - remove unneeded const char *fname variable.
s3: smbd: Change canonicalize_ea_name() to take a const smb_filename * parameter from const char *.
s3:smbd: Change get_ea_list_from_file_path() to take a const smb_filename * parameter from const char *.
s3:smbd: Change get_ea_names_from_file() to take a const smb_filename * parameter from const char *.
s3:smbd: Change refuse_symlink() to take a const smb_filename * parameter from const char *.
s3:vfs: Change get_acl_blob() to take a const smb_filename * parameter from const char *.
s3: vfs: vfs_xattr_tdb - cleanup. Remove unneeded variable "path".
nsswitch: linux: Remove use of strcpy().
examples: Remove all uses of strcpy in examples (except for validchr.c).
lib:tdb: Remove use of strcpy in tdb test.
nsswitch: winbind_nss_aix: Remove all uses of strcpy.
nsswitch: winbind_nss_solaris.c: Remove unused macro containing strcpy.
s3:smbd: Fix build for vfs_afsacl.c.
s3: vfs: vfs_afsacl. refuse_symlink() means we can always use STAT here.
s3:smbd: Move lp_posix_pathnames() out of ea_list_has_invalid_name().
s3: smbd: Add uint32_t flags field to struct smb_filename.
s3: Filenames: Add uint32_t flags parameter to synthetic_smb_fname().
s3: vfs: Remove use of lp_posix_pathnames() below the VFS.
s3: posix_acls. Always use STAT, not LSTAT here.
s3: smbd: Remove unneeded lp_posix_pathnames() check in SMB2 create.
s3: smbd: Remove many common uses of lp_posix_pathnames().
s3: vfs: recycle. Remove use of vfs_stat_smb_basename().
s3: vfs: vfs_acl_tdb. Remove use of vfs_stat_smb_basename().
s3: smbd: Modify vfs_stat_smb_basename() to take a const struct smb_filename * instead of const char *.
s3: torture. Remove spurious lp_posix_pathnames() included by cut-and-paste error.
s3: smbd: DFS - Remove the last lp_posix_pathnames() from the SMB2/3 code paths.
s3: smbd: DFS: Pass uint32_t ucf_flags through into resolve_dfspath_wcard().
s3: smbd: DFS: Pass uint32_t ucf_flags through into dfs_redirect().
s3: smbd: DFS: Pass uint32_t ucf_flags through into unix_convert().
s3: vfs: Use the new VFS functions for setting and getting DOS attributes.
lib:replace: Missing semicolon on function definition.
s3: vfs: full_audit. Sort vfs fn list and add comments on missing entries.
s3: vfs: full_audit. Add missing get_dfs_referrals_fn().
s3: vfs: full_audit. Add missing fsctl_fn().
s3: vfs: full_audit. Add audit_file_fn().
s3: vfs: full_audit. Implement missing durable_XXX functions.
s3: vfs: Sort vfs function entries in vfs_time_audit.
s3: vfs: time_audit. Add missing get_dfs_referrals().
s3: vfs: time_audit. Add missing fsctl().
s3: vfs: time_audit: Add get/fget/set/fset dos_attributes functions.
s3: vfs: time_audit. Add missing audit_file().
s3: libsmb: Fix error where short name length was read as 2 bytes, should be 1.
CVE-2015-5370: s3:rpc_server: ensure that the message ordering doesn't violate the spec
lib: dns: Clean up allocated structure on error exit.
s3: locking: Rename xxx_windows_lock_ref_count to xxx_lock_ref_count.
s3: locking: Add some const.
s3: locking: Add a const struct lock_context * paramter to set_posix_lock_posix_flavour()
s3: locking: Convert on the wire behavior of POSIX (UNIX extensions) locks from process-associated locks to open file description locks.
s3: torture: Add POSIX-OFD-LOCK test.
s3: lib: Add 'int op' parameter to fcntl_getlock().
s3: VFS: Add bool use_ofd_locks member to struct files_struct.
s3: lib: util: Add map_process_lock_to_ofd_lock() utility function.
s3: VFS: Map process-associated lock operation to open file description lock operation.
s3: wscript: Add checks for open file description locks.
s3: libsmb: Add sync and async cli_posix_whoami().
s3: smbclient: Add posix_whoami command.
s3: docs: Add documentation for posix_whoami command in smbclient.
s3: auth: Move the declaration of struct dom_sid tmp_sid to function level scope.
s3: lib: ldap: Use struct sockaddr_storage to cope with IPv6.
lib: tevent: Use struct sockaddr_storage to cope with IPv6.
lib: Fix uninitialized read in msghdr_copy
s3: krb5: keytab - The done label can be jumped to with context == NULL.
s4: dns: Correctly check for talloc failure.
s4: libcli: Internal SMB1 pid is already stored as and uses 32-bits. Correct getpid() cast.
s3: libsmb: Widen the internal client smb1.pid to 32-bits as is used on the wire and in libcli/smb/smb1*.c
s3: torture: Add test that proves Win2k12 correctly returns pidlow and pidhigh in SMB1 requests.
s3: smbd: Remove unused 'req' argument from setup_readX_header()
s3: smbd: Make setup_readX_header() externally accessible
s3: smbd: Use common function setup_readX_header() in aio read code.
s3: smbd: In reply_read_and_X() SMB1 server is overwriting part of the 'reserved' zero fields with reply data length.
s4: torture: Added raw readX test to ensure 'reserved' fields are zero.
s3: libsmb: Correctly trim a trailing \\ character in cli_smb2_create_fnum_send() when passing a pathname to SMB2 create.
s3: tldap: Remove asynchronous calls to gensec_update_send()/_recv() as for the spnego backend they're synchronous anyway.
s3: tldap: Make tldap_gensec_bind_send()/tldap_gensec_bind_recv() static.
s3: tdb: On some platforms pthread_mutex_trylock() returns EBUSY not EDEADLK.
s4: ldb: Ignore case of "range" in sscanf as we've already checked for its presence.
lib: talloc: Rename talloc_XXX() internal functions that take a 'struct talloc_chunk *' to tc_XXX().
s3: smbd: Fix delete operations enumerating streams inside a file. This must always be done as a Windows operation.
s3: torture: Regression test case to specify exactly how UNIX extensions should act on files with streams.
s4: torture: Don't crash if connections fail and treeXX variables are left as NULL.
WHATSNEW. Add text for Open File Description (OFD) locks.
s3: smbd: vfs: Remove any stale xattr values during file/directory create in vfs_xattr_tdb()
s4: messaging: Remove bool auto_remove parameter from imessaging_init().
s4: tests: Skip drs tests.
s4: repl: Ensure all error paths in dreplsrv_op_pull_source_get_changes_trigger() are protected with tevent returns.
s3: libsmb: Protect cli_connect_nb_send() from being passed a NULL hostname and dest_ss.
libgpo: Correctly use the 'server' parameter after parsing it out of the GPO path.
smbd: oplock: Fixup debug messages inside remove_oplock().
smbd: oplock: Factor out internals of remove_oplock() into new remove_oplock_under_lock().
s3: oplock: Fix race condition when closing an oplocked file.
s3: vfs: shadow_copy2: Re-use an existing variable already set to the right value (p - name).
s3: vfs: shadow_copy2. Remove any trailing slash when stripping @GMT-YYYY... from the end of a path.
s3: vfs: shadow_copy2: Replace all uses of (p-name) with len_before_gmt.
s3: vfs: snapper: Add and use len_before_gmt, calculated as (p-name).
s3: vfs: snapper: Fix snapper_gmt_strip_snapshot() function to strip @GMT token identically to shadow_copy2.c:shadow_copy2_strip_snapshot()
s3: SMB1: Add missing FLAGS2 definitions from MS-SMB.
s3: libsmb: Add uint16_t additional_flags2 arg to cli_smb_send().
s3: libsmb: Add uint16_t addtional_flags2 to cli_trans_send().
s3: libsmb: Add uint16_t addtional_flags2 to cli_smb_req_create().
s3: libsmb: Add clistr_is_previous_version_path()
s3: libsmb: Plumb in additional_flags2 = FLAGS2_REPARSE_PATH to cli_setpathinfo_send().
s3: libsmb: Plumb in additional_flags2 = FLAGS2_REPARSE_PATH to cli_qpathinfo_send()
s3: libsmb: s3: libsmb: Plumb in additional_flags2 = FLAGS2_REPARSE_PATH to cli_rename_send().
s3: libsmb: s3: libsmb: Plumb in additional_flags2 = FLAGS2_REPARSE_PATH to cli_ntrename_internal_send().
s3: libsmb: s3: libsmb: Plumb in additional_flags2 = FLAGS2_REPARSE_PATH to cli_unlink_send().
s3: libsmb: s3: libsmb: Plumb in additional_flags2 = FLAGS2_REPARSE_PATH to cli_mkdir_send().
s3: libsmb: Plumb in additional_flags2 = FLAGS2_REPARSE_PATH to cli_rmdir_send()
s3: libsmb: Plumb in additional_flags2 = FLAGS2_REPARSE_PATH to cli_ntcreate1_send().
s3: libsmb: Plumb in additional_flags2 = FLAGS2_REPARSE_PATH to cli_nttrans_create_send().
s3: libsmb: Plumb in additional_flags2 = FLAGS2_REPARSE_PATH to cli_openx_create().
s3: libsmb: Plumb in additional_flags2 = FLAGS2_REPARSE_PATH to cli_getatr_send().
s3: libsmb: Plumb in additional_flags2 = FLAGS2_REPARSE_PATH to cli_setatr_send().
s3: libsmb: Plumb in additional_flags2 = FLAGS2_REPARSE_PATH to cli_chkpath_send().
s3: libsmb: Plumb in additional_flags2 = FLAGS2_REPARSE_PATH to cli_ctemp_send().
s3: libsmb: Make a comment note that cli_set_ea() needs some internal changes before cli_set_ea_path() can use previous path versions.
s3: libsmb: Plumb in additional_flags2 = FLAGS2_REPARSE_PATH to cli_list_trans_send().
s3: libsmb: Correctly set max_setup_size in FSCTL_GET_SHADOW_COPY_DATA nttrans ioctl.
s3: libsmb: Do some hardening in the receive processing of cli_shadow_copy_data_recv().
s3: smbclient: In order to get shadow copy data over SMB1 we must call cli_shadow_copy_data() twice.
s3: smbclient. Ensure we don't crash by freeing uninitialized *snapshots.
s3: libsmb: Correctly align create contexts in a create call.
s3: libsmb: Add return args to clistr_is_previous_version_path().
s3: libsmb: Add cli_smb2_shadow_copy_data() function that gets shadow copy info over SMB2.
s3: libsmb: Plumb new SMB2 shadow copy call into cli_shadow_copy_data().
s3: libsmb: Add the capability to find a @GMT- path in an SMB2 create and transform to a timewarp token.
s3: vfs: Fix compilation error on Solaris.
s3: modules: vfs_acl_common - Add Ralph's copyright.
s4-kdc: Remove obsolete kpasswdd heimdal implementation
lib: poll_funcs : poll_funcs_context_slot_find can select the wrong slot to replace.
s3: nmbd: Add fd, triggered elements to struct socket_attributes.
s3: nmbd: Ensure attrs array mirrors fd's array for dns.
s3: nmbd: Now attrs array mirrors fd's array use it in preference.
s3: nmbd: Add (currently unused) timeout and fd handlers.
s3: nmbd: Add a talloc_stackframe().
s3: nmbd: Change over to using tevent functions from direct poll.
s3: nmbd: Final changeover to stock tevent for nmbd.
s3: winbind: Remove dump_event_list() calls.
s3: server: s3_tevent_context_init() -> samba_tevent_context_init()
s3: events. Move events.c to util_event.c
s3: tidyup - move struct idle_event to util_event.h
s3: winbind: Make WBC_AUTH_USER_LEVEL_PAC prime the name2sid cache.
s3: auth: Use wbcAuthenticateUserEx to prime the caches.
s3: winbind: refresh_sequence_number is only ever called with 'false'.
s3: winbind: Trust name2sid mappings from the PAC.
s3: lib: messaging. Add function comments I needed to understand this code.
s3: winbind: Ensure we store name2sid with the correct cache sequence number.
s3: cldap: cldap_multi_netlogon_send() fails with one bad IPv6 address.
s3: libsmb: Fix cut and paste error using the wrong structure type.
s3: torture: vfstest. unlink cmd must be stream aware.
s3: vfs: Remove files/directories after the streams are deleted.
s3: selftest: Add test for orphan 'lost-XXX' directories in streams_depot.
s3: vfs: streams_depot. Use conn->connectpath not conn->cwd.
s3: lib - Fix formatting of unix_wild_match() sub-function to README.Coding standards.
s3: util: Remove unneeded strequal() call. Convert to simple character check.
s3: lib: Move from talloc_strdup then lower to strlower_talloc()
lib/util: Move unix_wild_match() from source3/lib/util to lib/util/
s3: lib: Change masked_match() from SMB_STRDUP macro to underlying smb_xstrdup function.
s3: lib: Use top level function strequal_m not the s3 strequal
s3: lib: Replace s3 strnequal with top level strncasecmp_m.
Move source3/lib/access.c to toplevel lib/util/access.c
lib: util: Add allow_access_nolog().
source4: Change to use lib/util/access functions.
s3/smbd: fix the last resort check that sets the file type attribute
librpc: cab: Integer wrap protection for ndr_count_cfdata().
librpc: cab: Fix ndr_size_cab_file() to detect integer wrap.
s3: libsmb: Setting the LIBSMBCLIENT_NO_CCACHE environment variable doesn't turn off credential cache use.
s3: smbd: rename - missing early error exit if source and destination prefixes are different.
s3: smbd: Make check_parent_access() available to rename code.
s3: smbd: Add missing permissions check on destination folder.
s3: torture: Regression test case for permissions check on rename.
lib: security: se_access_check() incorrectly processes owner rights (S-1-3-4) DENY ace entries
s3: torture: Adds regression test case for se_access_check() owner rights issue.
s3: ntlm_auth: Don't corrupt the output stream with debug messages.
s3: libsmb: Ensure SMB2 operations correctly set cli->raw_status.
s3: libsmb: Add cli_smb2_ftruncate(), plumb into cli_ftruncate().
s3: torture: Add test for cli_ftruncate calling cli_smb2_ftruncate.
s3: vfs: dirsort doesn't handle opendir of "." correctly.
lib: talloc: Make it clear that talloc_get_size(NULL) returns 0.
winbind: Fix CID 1398534 Dereference before null check
s3: smbd: Correctly canonicalize any incoming shadow copy path.
s3: lib: Add canonicalize_absolute_path().
s3: lib: Fix two old, old bugs in set_conn_connectpath(), now in canonicalize_absolute_path().
s3: smbtorture: Add new local test LOCAL-CANONICALIZE-PATH
s3: smbd: Make set_conn_connectpath() call canonicalize_absolute_path().
s3: VFS: shadow_copy2: Correctly initialize timestamp and stripped variables.
s3: VFS: shadow_copy2: Ensure pathnames for parameters are correctly relative and terminated.
s3: VFS: shadow_copy2: Fix length comparison to ensure we don't overstep a length.
s3: VFS: shadow_copy2: Add two new variables to the private data. Not yet used.
s3: VFS: shadow_copy2: Add a wrapper function to call the original shadow_copy2_strip_snapshot().
s3: VFS: shadow_copy2: Change a parameter name.
s3: VFS: shadow_copy2: Add two currently unused functions to make pathnames absolute or relative to $cwd.
s3: VFS: shadow_copy2: Fix chdir to store off the needed private variables.
s3: VFS: Allow shadow_copy2_connectpath() to return the cached path derived from $cwd.
s3: VFS: Ensure shadow:format cannot contain a / path separator.
s3: VFS: Add utility function check_for_converted_path().
s3: VFS: shadow_copy2: Fix module to work with variable current working directory.
s3: VFS: shadow_copy2: Fix a memory leak in the connectpath function.
s3: VFS: shadow_copy2: Fix usage of saved_errno to only set errno on error.
s3: VFS: Don't allow symlink, link or rename on already converted paths.
s3: VFS: vfs_streams_xattr.c: Make streams_xattr_open() store the same path as streams_xattr_recheck().
s3: smbd: Don't loop infinitely on bad-symlink resolution.
s3: torture: Regression test for smbd trying to open an invalid symlink.
s3:winbind: work around coverity false positive.
s3: smbd: Restart reading the incoming SMB2 fd when the send queue is drained.
s3: locking: Move two leases functions into a new file.
s3: locking: Update oplock optimization for the leases era !
Fix for Solaris C compiler.
s3: libgpo: Allow skipping GPO objects that don't have the expected LDAP attributes.
Changes to make the Solaris C compiler happy.
CVE-2017-2619: s3: smbd: Create wrapper function for OpenDir in preparation for making robust.
CVE-2017-2619: s3: smbd: Opendir_internal() early return if SMB_VFS_OPENDIR failed.
CVE-2017-2619: s3: smbd: Create and use open_dir_safely(). Use from OpenDir().
CVE-2017-2619: s3: smbd: OpenDir_fsp() use early returns.
CVE-2017-2619: s3: smbd: OpenDir_fsp() - Fix memory leak on error.
CVE-2017-2619: s3: smbd: Move the reference counting and destructor setup to just before retuning success.
CVE-2017-2619: s3: smbd: Correctly fallback to open_dir_safely if FDOPENDIR not supported on system.
CVE-2017-2619: s3: smbd: Remove O_NOFOLLOW guards. We insist on O_NOFOLLOW existing.
CVE-2017-2619: s3: smbd: Move special handling of symlink errno's into a utility function.
CVE-2017-2619: s3: smbd: Add the core functions to prevent symlink open races.
CVE-2017-2619: s3: smbd: Use the new non_widelink_open() function.
s3: smbd: Change "strict sync" paramter from "no" to "yes" for 4.7.0.
WHATSNEW: Document "strict sync" default change.
s3: smbd: Fix incorrect logic exposed by fix for the security bug 12496 (CVE-2017-2619).
s3: Test for CVE-2017-2619 regression with "follow symlinks = no".
s3: Fixup test for CVE-2017-2619 regression with "follow symlinks = no"
s3: smbd: Fix "follow symlink = no" regression part 2.
s3: smbd: Fix "follow symlink = no" regression part 2.
s3: Test for CVE-2017-2619 regression with "follow symlinks = no" - part 2
s4: messaging. Add imessaging_reinit_all() function.
s4: server: Fix crash in NTVFS server caused by ordering of destructor calls.
s4: process_standard: Move talloc_free of event context so it is last thing freed before exit().
s4: process_standard: Always free tevent_context before exit().
s4: process_standard: Add return checking for tevent_add_fd() to standard_accept_connection() and standard_new_task().
s4: process_standard: Add tevent SIGHUP signal handler to standard_accept_connection() and standard_new_task().
s4: process_standard: Add a simplified SIGTERM handler based on code from source4/smbd/server.c. Use from a tevent handler added to standard_accept_connection() and standard_new_task()
s4: messaging. Minor cleanup. Check for error returns on imessaging_register calls.
s4: server. Whitespace and 80+ column cleanup.
s4: server: Create a server 'state' struct.
s4: server: Use server_state as a parameter to stdin handler, not just name.
s4: server: Use server_state as a parameter to max_runtime_handler, not just name.
s4: server: Plumb server_state through the irpc messaging for samba_terminate().
s4: server: Add error return checks for tevent_add_fde, tevent_add_timer.
s4: server: Add a tevent signal handler for SIGTERM.
s4: messaging: When talloc_free()'ing an event context, only remove msg_dgm_ref's that point to *that* context.
s4: server: Remove use of talloc_autofree_context as the parent of event_ctx.
s4: server: Use state as the talloc context for open_schannel_session_store.
lib: Remove smb_iconv_handle_reinit_lp()
lib:charset: Add utility functions reinit_iconv_handle() and free_iconv_handle(void)
s3:lib:charcnv: Remove use of global global_iconv_handle
s3:param: Use new utility function to hide use of global_iconv_handle
lib: param: Use utility functions to get rid of two more uses of global_iconv_handle.
lib: param: Remove the last external use of global_iconv_handle by calling the utility function reinit_iconv_handle().
lib:charset: Make global_iconv_handle private
lib:charset: Remove use of talloc_autofree_context() for global_iconv_handle
lib: debug: Avoid negative array access.
s3:lib: Fix incorrect logic in sys_broken_getgroups()
s3:smbd: Fix incorrect use of sys_getgroups()
lib: param: Remove lpcfg_register_defaults_hook().
lib: modules: Change XXX_init interface from XXX_init(void) to XXX_init(TALLOC_CTX *)
s4: torture: samr: Add test for dcesrc_lsa_valid_AccountRight change.
s4: torture: Create a top level talloc contxt.
s4: torture: Add a TALLOC_CTX * to torture_parse_target().
s4: torture: Pass the new talloc context into torture_init().
s4: torture: Change torture_register_suite() to add a TALLOC_CTX *.
s4: torture: Pass TALLOC_CTX * to torture_delay_write().
s4: torture: Add TALLOC_CTX * to torture_winbind_init().
s4: torture: Add TALLOC_CTX * to torture_smb2_acls_init().
s4: torture: Add TALLOC_CTX * to torture_smb2_compound_find_init() and torture_smb2_compound_init().
s4: torture: Add a TALLOC_CTX * to torture_smb2_create_init().
s4: torture: Add a TALLOC_CTX * to torture_smb2_crediting_init().
s4: torture: Add a TALLOC_CTX * to torture_smb2_doc_init().
s4: torture: Add a TALLOC_CTX * to torture_smb2_dir_init().
s4: torture: Add TALLOC_CTX * to torture_smb2_durable_open_disconnect_init(), torture_smb2_durable_open_init()
s4: torture: Add TALLOC_CTX * to torture_smb2_durable_v2_open_init().
s4: tortute: Add a TALLOC_CTX * to torture_smb2_ioctl_init().
s4: torture: Add a TALLOC_CTX * to torture_smb2_lease_init().
s4: torture: Add a TALLOC_CTX * to torture_smb2_lock_init().
s4: torture: Add a TALLOC_CTX * to torture_smb2_notify_init().
s4: torture: Add a TALLOC_CTX * to torture_smb2_notify_disabled_init().
s4: torture: Add a TALLOC_CTX * to torture_smb2_oplocks_init(), torture_smb2_kernel_oplocks_init().
s4: torture: Add a TALLOC_CTX * to torture_smb2_read_init().
s4: torture: Add a TALLOC_CTX * to torture_smb2_rename_init().
s4: torture: Add a TALLOC_CTX * to torture_smb2_replay_init().
s4: torture: Add a TALLOC_CTX * to torture_smb2_scan_init().
s4: torture: Add a TALLOC_CTX * to torture_smb2_session_init().
s4: torture: Add a TALLOC_CTX * to torture_smb2_streams_init().
s4: torture: Add a TALLOC_CTX * to torture_acl_xattr().
s4: torture: Add a TALLOC_CTX * to torture_vfs_fruit(), torture_vfs_fruit_netatalk(), torture_vfs_fruit_file_id()
s4: torture: Add a TALLOC_CTX * to torture_winbind_struct_init().
s4: torture: Add a TALLOC_CTX * to torture_test_delete().
s4: torture: Add a TALLOC_CTX * to torture_smb2_getinfo_init().
s4: torture: Use a named TALLOC_CTX in masktest instead of talloc_autofree_context().
s4: torture: Remove talloc_autofree_context() from locktest.
s4: torture: Remove talloc_autofree_context() from gentest.
s4: torture: Remove the last talloc_autofree_context() from source4/torture/*.c
pidl: Fix Coverity warnings from duplicate NULL checks.
s3: popt: When using a global variable, don't hide it by helper locals.
s3: popt: Add utility functions popt_get_cmdline_auth_info(), popt_free_cmdline_auth_info().
s3: client tools. Remove direct access to struct user_auth_info *cmdline_auth_info.
s3: client tools: Call popt_free_cmdline_auth_info() on all normal exits.
s3: popt: Change to NULL from talloc_autofree_context() now we correctly free on exit.
s4: auth: Add TALLOC_CTX * to auth_register()
s4: auth: Remove a talloc_autofree_context() use.
s4: Add TALLOC_CTX * to register_server_service().
s4: popt: Add set/get/free functions for cmdline_credentials.
s4: popt: Global replace of cmdline_credentials -> popt_get_cmdline_credentials().
s4: popt: Make cmdline_credentials static.
s4: popt: Change from talloc_autofree_context() to NULL context.
s4: torture: Remove use of local variables that are simply mirroring popt_get_cmdline_credentials().
s4: ntvfs: Add a TALLOC_CTX * paramter to pvfs_acl_register()
s4: ntvfs: Add a TALLOC_CTX * to sys_lease_register().
s4: ntvfs: Add a TALLOC_CTX * to sys_notify_register().
gensec: Add a TALLOC_CTX * to gensec_register().
s4: client: Allocate event context off struct smbclient_context *, not talloc_autofree_context().
s4: cifsdd: Allocate the event context off NULL, not talloc_autofree_context().
s4: nmblookup: Allocate event context off NULL instead of talloc_autofree_context().
s3: smbd: Fix open_files.idl to correctly ignore share_mode_lease *lease in share_mode_entry.
s3: smbd: Remove bool dfs_pathnames paramter from resolve_dfspath_wcard().
s3: smbd: Remove ugly use of discard_const that previously was hidden in resolve_dfspath_wcard().
s3: smbd: Make it clear we only overwrite *ppath_contains_wcard if resolve_dfspath_wcard() detected a wildcard.
s3: smbd: Split out ucf_flags_from_smb_request() from filename_create_ucf_flags().
s3: smbd: Always use ucf_flags_from_smb_request() in place of checking by hand (in most cases).
s3: smbd: In ntrename OR in ucf_flags, don't overwrite.
s3: smbd: Add UCF_DFS_PATHNAME which tracks the flags2 FLAGS2_DFS_PATHNAMES bit.
s3: smbd: We can now remove the 'bool dfs_path' parameter from filename_convert().
s3: smbd: Fix up the ucf_flags correctly in smb_file_rename_information().
s3: smbd: Add UCF_GMT_PATHNAME, which represents FLAGS2_REPARSE_PATH.
s3: smbd: Correctly identify a snapshot path using UCF_GMT_PATHNAME.
s3: VFS: Catia: Ensure path name is also converted.
s3: VFS: Fruit. Move to using struct smb_filename instead of char * paths.
s3: lib: Add new utility function cp_smb_filename_nostream().
s3: VFS: Change SMB_VFS_SYS_ACL_DELETE_DEF_FILE to use const struct smb_filename * instead of const char *.
s3: VFS: Change SMB_VFS_SYS_ACL_GET_FILE to use const struct smb_filename * instead of const char *.
s3: VFS: Change SMB_VFS_SYS_ACL_BLOB_GET_FILE to use const struct smb_filename * instead of const char *.
s3: VFS: Change SMB_VFS_SYS_ACL_SET_FILE to use const struct smb_filename * instead of const char *.
s3: VFS: Change SMB_VFS_LISTXATTR to use const struct smb_filename * instead of const char *.
s3: VFS: Change SMB_VFS_REMOVEXATTR to use const struct smb_filename * instead of const char *.
s3: VFS: Change SMB_VFS_SETXATTR to use const struct smb_filename * instead of const char *.
s3: VFS: Change SMB_VFS_GETXATTR to use const struct smb_filename * instead of const char *.
libcli: smb: Add smbXcli_tcon_copy().
libcli: smb: Add smb2cli_tcon_set_id().
s3: libsmb: Add cli_state_save_tcon() / cli_state_restore_tcon().
s3: smbtorture: Show correct use of cli_state_save_tcon() / cli_state_restore_tcon().
s3: libsmb: Widen cli_state_get_tid() / cli_state_set_tid() to 32-bits.
s3: libsmb: Fix cli_state_has_tcon() to cope with SMB2 connections.
s3: libsmb: Correctly do lifecycle management on cli->smb1.tcon and cli->smb2.tcon.
s3: libsmb: Correctly save and restore connection tcon in smbclient, smbcacls and smbtorture3.
s3: VFS: Remove old traces of smb_vfs_call_llistxattr().
s3: VFS: Change SMB_VFS_MKNOD to use const struct smb_filename * instead of const char *.
s3: VFS: Change SMB_VFS_CHFLAGS to use const struct smb_filename * instead of const char *.
s3: VFS: Change SMB_VFS_DISK_FREE to use const struct smb_filename * instead of const char *.
s3: VFS: Change SMB_VFS_GET_QUOTA to use const struct smb_filename * instead of const char *.
s3: VFS: Change SMB_VFS_LINK to use const struct smb_filename * instead of const char *.
s3: VFS: Change SMB_VFS_STATVFS to use const struct smb_filename * instead of const char *.
s3: VFS: Change SMB_VFS_READLINK to use const struct smb_filename * instead of const char *.
s3: VFS: Change SMB_VFS_SYMLINK to use const struct smb_filename * instead of const char *.
s3: smbd: When deleting an fsp pointer ensure we don't keep any references to it around.
s3: smbd: Add regression test for non-wide symlinks to directories fail over SMB3.
s3: VFS: Change SMB_VFS_CHDIR to use const struct smb_filename * instead of const char *.
s3: VFS: Change SMB_VFS_GETWD to return struct smb_filename * instead of char *.
s3: VFS: Change SMB_VFS_REALPATH to take and return struct smb_filename * instead of char *.
s3: smbd: Add missing out of memory check.
S3: smbd: Finish plumbing struct smb_filename * through the check_name() stack.
s3: VFS: Change SMB_VFS_CONNECTPATH to take const struct smb_filename * instead of const char *.
s3: client: Move struct file_list code to using talloc from malloc.
s3: smbclient: Add new command deltree.
docs: Document new smbclient deltree command.
s3: tests: Add test for new smbclient "deltree" command.
s3: libsmb: Reverse sense of 'clear all attributes', ignore attribute change in SMB2 to match SMB1.
s3: smbclient: Add a test for the setmode command.
s3: smbd: Fix a read after free if a chained SMB1 call goes async.
s3: libsmbclient: Fix cli_setpathinfo_basic() to treat mode == -1 as no change.
s3: libsmb: Add cli_smb2_setpathinfo(), to be called by cli_setpathinfo_basic().
s3: libsmb: Implement cli_smb2_setatr() by calling cli_smb2_setpathinfo().
s3: torture: Add a test for cli_setpathinfo_basic() to smbtorture3.
s4: modules. Fix missing TALLOC_CTX in module init function.
lib: rpc: The registered interfaces are a lists of singletons that are never removed.
s4: COM: Remove talloc_autofree_context() from (unused) COM code.
lib: ldb: Use NULL to allocate modules not talloc_autofree_context().
lib: ldb: Python. Take care of freeing the passed in module description if ldb_register_module() fails.
s4: schema: Allocate global_schema off the NULL context, not the talloc_autofree_context().
lib: cli: fname is a local variable already freed in the function scope, doesn't need to be on talloc_autofree_context()
s3: rpc_client: Allocate struct db_context * off the local frame, as all other variables in this function.
s3: rpcclient: Split out initialization and free of event context.
s3: rpcclient: Use event context as the talloc parent of the rpcclient_msg_ctx.
s3: rpcclient: Use rpcclient_msg_ctx as the long-lived talloc context for rpcclient_netlogon_creds.
lib: auth: Add a shutdown function for netlogon_creds_cli_global_db.
s3: clients: Use netlogon_creds_cli_close_global_db() in all normal exit paths.
lib: auth: Store the netlogon_creds_cli_global_db pointer on the NULL context.
s4: com: Replace erroneous inclusion of internal talloc.h header with external.
s3: libsmb: Add cli_smb2_chkpath() and use from cli_chkpath().
third_party: Add the Intel Add support for AES-NI acceleration.
third_party: Add build capability to aesni-intel.
lib: crypt: Prepare the existing code to switch to Intel AES hardware instructions.
lib: crypto: Plumb in the Intel AES instructions.
lib: crypto: Add the ability to select Intel AESNI instruction set at configure time.
WHATSNEW: Add Using x86_64 Accelerated AES Crypto Instructions section.
libcli: SMB2: NetApps negotiate SMB3_11 but also set the SMB2_CAP_ENCRYPTION flag.
s3: VFS: streams_xattr: Compression is only set/get on base filenames.
s3: vfs: catia: compression get/set must act only on base file, and must cope with fsp==NULL.
CVE-2017-12163: s3:smbd: Prevent client short SMB1 write from writing server memory to file.
Jim McDonough (1):
winbind: honor 'socket options' in winbind
John Mulligan (1):
docs: Improve description of "unix_primary_group" parameter in idmap_ad manpage
Jorge Schrauwen (1):
configure: Don't check for inotify on illumos
Jose A. Rivera (12):
ctdb-scripts: Avoid dividing by zero in memory calculation
ctdb-scripts: Various small fixes to example nfs-ganesha-callout
ctdb-scripts: Organize global variables in nfs_ganesha_callout
ctdb-scripts: Add register action to nfs-ganesha-callout
ctdb-scripts: Use D-Bus messages to trigger grace in nfs-ganesha-callout
ctdb-scripts: Cleanup service_check() in nfs-ganesha-callout
ctdb-scripts: Parametize symlink checking in nfs-ganesha-callout
ctdb-scripts: Add config options for use by clustered NFS
ctdb-scripts: Section off GPFS-specific functionality in nfs-ganesha-callout
ctdb-scripts: Add GlusterFS support to nfs-ganesha-callout
krb5_wrap: Fix build error when not using heimdal.
ctdb: Add new helper ctdb_etcd_lock
Jérémie Courrèges-Anglas (2):
Fix CHECK_CODE usage in atomics builtin detection
Provide fallback code for non-portable clearenv(3)
Karolin Seeger (34):
docs: Bump version up to 4.6.
WHATSNEW: Some small formal fixes.
VERSION: Bump version up to 4.6.0rc1.
VERSION: Diable git snapshots for the 4.6.0rc1 release.
VERSION: Bump version up to 4.7.0pre1...
WHATSNEW: Start release notes for Samba 4.7.0pre1.
docs: Bump version up to 4.7.
docs: Add missing spaces in man smb.conf.
WHATSNEW: Add link to known issues.
docs: Fix typo in man smb.conf.
docs: Rename Samba3-Developers-Guide to Samba-Developers-Guide
docs: Remove old docs.
WHATSNEW: Fix typo...
WHATSNEW: Prepare release notes for Samba 4.7.0rc1.
VERSION: Bump version up to 4.7.0rc1
VERSION: Disable GIT_SNAPSHOTS for the 4.7.0rc1 release
WHATSNEW: Add release notes for Samba 4.7.0rc3.
VERSION: Disable GIT_SNAPSHOTS for the 4.7.0rc3 release.
VERSION: Bump version up to 4.7.0rc4...
WHATSNEW: Fix typo.
WHATSNEW: Add release notes for Samba 4.7.0rc4.
VERSION: Disable GIT_SNAPSHOT for the 4.7.0rc4 release.
VERSION: Bump version up to 4.7.0rc5...
WHATSNEW: Fix some typos.
WHATSNEW: Add release notes for Samba 4.7.0rc5.
VERSION: Disable GIT_SNAPSHOTS for the 4.7.0rc5 release.
VERSION: Bump version up to 4.7.0rc6...
WHATSNEW: Unify usage of "''".
WHATSNEW: Prepare changes since 4.7.0rc5.
WHATSNEW: Prepare release notes for Samba 4.7.0rc6.
VERSION: Disable GIT_SNAPSHOT for the 4.7.0rc6 release.
VERSION: Bump version up to 4.7.0rc7...
WHATSNEW: Add release notes for Samba 4.7.0.
VERSION: Disable GIT_SNAPSHOTS for the 4.7.0 release.
Lorinczy Zsigmond (1):
lib: replace: snprintf - Fix length calculation for hex/octal 64-bit values.
Lukas Slebodnik (8):
tls: Fix warning Wunused-variable
tevent: remove shebang from tevent.py
lib replace: Fix detection of features
WAF: Fix detection of linker features
WAF: Fix detection os sysname ...
WAF: Fix detection of IPv6
ldb: Use libraries from build dir for testsuite
ldb: Fix index out of bound in ldb_msg_find_common_values
Lumir Balhar (31):
python: samba.tests.credentials: Fix DeprecationWarning
python: samba.tests.credentials: Add tests
python: wscript_build: Prepare build environment for Python 3 porting
python: selftesthelpers: Add possibility for planning tests for
python: samba.subunit.run: Fix Python 3 compatibility.
python: samba.credentials: Port pycredentials.c to Python3-compatible form.
python: samba.tests.credentials: Python 3 compatible tests
python: samba.param: Port param module to Python 3
python: samba.tests.param: Add missing tests
python: samba._glue: Port samba._glue module to Python 3.
python: samba.tests.glue: Add new tests for samba._glue.
python: samba.tests.dcerpc: Move Class RawDCERPCTest to separated file.
python: Make top-level samba modules Python 3 compatible
python: wscript_build: Build some modules for Python 3
python: samba.tests: Enable Python 3 tests for ported modules
python: pidl: Port Python interface generator
python: samba.dcerpc: Port RPC related stuff to Python 3
python: samba.tests.dcerpc.misc: Port and enable tests
python: samba.dcerpc: Port security module to Python 3 comp. form
python: wscript_build: Build some DCE/RPC modules with Python 3
python: samba.auth: Port samba.auth to Python 3 compatible form
python: samba.tests.auth: Add tests for samba.auth module
python: samba._ldb: Port of samba._ldb to Python 3 compatible form
python: samba.tests: Move import of ported modules out of PY3 condition
python: samba.tests.core: Port and enable core tests in Python 3
python: samba.getopt: Port module to Python 3 compatible form
python: selftests: Enable samba.getopt tests execution with Python 3
python: samba.gensec: Fix error handling in set_credentials() function
python: samba.gensec: Port module to Python 3 compatible form
python: selftest: Add possibility to run old Python test suites with Python 3
python: Port simple libpython module to Python 3 compatible form
Mantas Mikulėnas (1):
samr4: Use <SID=%s> in GetAliasMembership
Marc Muehlfeld (5):
man: Wrong option for parameter ldap ssl in smb.conf man page
Removed upgrading-samba4.txt
Replaced string "Samba 4" with "Samba AD"
python: Fix incorrect kdc.conf parameter name in kerberos.py
WHATSNEW: Added links to Wiki documentation
Martin Schwenke (514):
ctdb-tests: Fix description of NFS tickle test
ctdb-tests: Fix CIFS tickle test
ctdb-tests: Re-indent and re-format some functions
ctdb-tests: Allow tcptickle_sniff_wait_show() to filter by MAC address
ctdb-tests: Add a new NFS tickle test for the releasing node
ctdb-doc: Drop outdated NEWS file
ctdb-tools: Drop "ctdb rebalanceip"
ctdb-tools: Drop "ctdb rebalancenode"
ctdb-recoverd: Drop use of DeferredRebalanceOnNodeAdd tunable
ctdb-tunables: Mark tunable DeferredRebalanceOnNodeAdd obsolete
ctdb-daemon: Validate length of new interface names
ctdb-daemon: Replace an unsafe strcpy(3) call
ctdb-util: Move rb_tree.c to ctdb-util
ctdb-tests: Link ctdb-util instead of including
ctdb-killtcp: Use the given event context directly
ctdb-killtcp: Determine the interface as soon as vnn is known
ctdb-killtcp: Avoid CTDB_NO_MEMORY()
ctdb-killtcp: Change struct ctdb_tcp_kill to store arbitrary destructor data
ctdb-killtcp: Factor out ctdb_killtcp()
ctdb-killtcp: Factor out killtcp code into separate file.
ctdb-killtcp: Avoid unnecessary dependency on lib/util/time.h
ctdb-killtcp: Simplify includes by using ctdb_sock_addr_to_string()
ctdb-killtcp: New helper ctdb_killtcp
ctdb-scripts: Add interface argument to kill_tcp_connections()
ctdb-scripts: Use ctdb_killtcp helper to kill connections
ctdb-tools: Drop "ctdb killtcp" command
ctdb-client: Drop killtcp client functions
ctdb-daemon: Remove implementation of CTDB_CONTROL_KILL_TCP
ctdb-protocol: Drop killtcp protocol support
ctdb-killtcp: Merge "common" killtcp code into helper
ctdb-killtcp: Drop check to see if capture socket can be read
ctdb-killtcp: Drop unnecessary casts
ctdb-killtcp: Don't send initial tickle ACK during setup
ctdb-killtcp: Set debug level via environment variable CTDB_DEBUGLEVEL
ctdb-killtcp: Clarify a debug message
ctdb-system: Return window size and RST bit when reading TCP packets
ctdb-killtcp: Filter out sent packets
ctdb-killtcp: Keep track of number of kill attempts and maximum allowed
ctdb-killtcp: Don't count attempts for individual connections
ctdb-killtcp: Store retry interval in killtcp structure
ctdb-killtcp: Send tickle ACKs in batches
ctdb-killtcp: Change default retry interval, batch size and attempts
ctdb-scripts: die() should output to stderr
ctdb-scripts: Drop hardcoded /sbin and /proc paths in LVS eventscript
ctdb-scripts: LVS eventscript error redirection improvements
ctdb-scripts: Drop "recovered" event from 91.lvs
ctdb-tests: Allow scope to be specified in "ip addr add" stub
ctdb-tests: Add loopback support for "ip link show" stub
ctdb-tests: Add 32-bit netmask support to "ip addr show" stub
ctdb-tests: Add ipvsadm test stub
ctdb-tests: LVS support for ctdb tool stub
ctdb-tests: Add unit tests for LVS eventscript
ctdb-scripts: LVS eventscript cleanups
ctdb-tools: Add new ctdb_lvs helper
ctdb-scripts: Move ctdb_get_ip_address() to functions file
ctdb-scripts: Call out to ctdb_lvs helper from 91.lvs
ctdb-scripts: Add monitoring of CTDB_LVS_PUBLIC_IFACE
ctdb-tool: Change ctdb lvs/lvsmaster CLI commands to use ctdb_lvs helper
ctdb-tools: Change ctdb CLI to have a single "lvs" command
ctdb-scripts: Simplify "ctdb lvs ..." output
ctdb-daemon: Drop --single-public-ip option and related code
ctdb-daemon: Drop --lvs option and support for CTDB_CAP_LVS
ctdb-daemon: Log a message when fork(2) fails
ctdb-scripts: Missing NFS thread count file should just produce warning
ctdb-scripts: Use ss instead of netstat for finding TCP connections
ctdb-tools: Remove simple uses of strcpy(3)
ctdb-tools: Fix a dangling reference to the LVS capability
ctdb-scripts: Improve error messages when using NFS service_check_cmd
ctdb-daemon: Move port filtering to server side when getting tickles
ctdb-ipalloc: Do ipreallocated even if no IP addresses can be allocated
ctdb-scripts: Fix incorrect comment
ctdb-scripts: Tweak NAT gateway list output format
ctdb-scripts: Drop node count from "ctdb natgw status" output
ctdb-tools: Add top-level "ctdb natgw" command
ctdb-tests: Make ctdb natgw tool tests cover all the desired outputs
ctdb-tools: Drop "ctdb natgwlist"
ctdb-tools: Drop onnode node specifications for recmaster/lvs/natgw
ctdb-build: ctdb-system depends on samba-util for debug
ctdb-recovery: Rename recovery lock functions and struct
ctdb-recovery: Use single char ASCII numbers for status from child
ctdb-recovery: Factor out new function set_recmode_handler()
ctdb-recovery: Use a configurable handler when testing cluster mutex
ctdb-recovery: Factor out reclock testing into ctdb_cluster_mutex()
ctdb-recovery: Add optional timeout argument to ctdb_cluster_mutex()
ctdb-tools: Simplify "ctdb getreclock" output
ctdb: Add new helper ctdb_mutex_fcntl_helper
ctdb-recovery: Switch ctdb_cluster_mutex() to use helper
ctdb-recovery: Kill cluster mutex helper with a signal that can be caught
ctdb-recovery: Reimplement ctdb_recovery_lock() using ctdb_cluster_mutex()
ctdb-recovery: Parse recovery lock setting
ctdb-recovery: Recovery lock setting can now include helper command
ctdb_recovery: ctdb_cluster_mutex() now takes an argstring argument
ctdb-recovery: Factor out setting of cluster mutex handler
ctdb-cluster-mutex: Factor out cluster mutex code
ctdb-recovery: Move recovery lock functions to recovery daemon code
ctdb-recovery: Move recovery lock latency updating to handler
ctdb-doc: Document cluster mutex helper API
ctdb-doc: Fix example NFS Ganesha recovery directory maintenance logic
ctdb-recover: Avoid duplicate deferred attach processing
ctdb-daemon: Don't use CTDB_SRVID_TAKEOVER_RUN_RESPONSE
ctdb-protocol: Drop unused CTDB_SRVID_TAKEOVER_RUN_RESPONSE
ctdb-recoverd: Drop unreachable code
ctdb-recoverd: Simplify return values when updating local flags
ctdb-recoverd: Call election when necessary in recovery master validation
ctdb-recoverd: Check that IP failover is active in IP verification
ctdb-recoverd: Skip known IP address checking when it is disabled
ctdb-recoverd: Clean up local IP verification
ctdb-recoverd: Fold IP allocation house-keeping into IP verification
ctdb-takeover: Drop ipreallocated fallback code
ctdb-takeover: PNN can be used to index into node map
ctdb-takeover: Takeover callback data doesn't need a node map
ctdb-takeover: New function takeover_callback_data_init()
ctdb-takeover: Use the takeover_run_fail_callback() in more cases
ctdb-takeover: Have the takeover fail callback log a message
ctdb-takeover: Send banning credit messages from fail callback
ctdb-takeover: Count takeover run failures
ctdb-takeover: Only apply banning credits to the worst offender
ctdb-takeover: Recovery daemon no longer passes fail callback
ctdb-takeover: Do not set node unhealthy when "takeip" fails
ctdb-recoverd: Drop explicit check to flag takeover run needed
ctdb-recoverd: Move takeover run checks after recover checks
ctdb-recoverd: Drop an unnecessary log message
ctdb-recoverd: Add early return in srvid_requests_reply()
ctdb-recoverd: Unify takeover run triggering code in main loop
ctdb-scripts: Support systemctl directly
ctdb-scripts: Drop unnecessary detect_init_style() call
ctdb-scripts: New functions ip_block() and ip_unblock()
ctdb-scripts: Rename get_iface_ip_maskbits_family() to get_iface_ip_maskbits()
ctdb-tests: Drop no-op functions and add an ip6tables stub
ctdb-scripts: Simplify ip_maskbits_iface()
ctdb-tests: Allow local daemons to be run under valgrind
ctdb-tests: Make sure empty override values are properly quoted
ctdb-common: Use correct macro for checking Ethernet hardware family
ctdb-tests: Replace "ctdb setrelock" test with "ctdb getreclock" test
ctdb-tool: Drop support for "ctdb setreclock" command
ctdb-recovery: Consistency check reclock in start recovery control
ctdb-recovery: Don't sync recovery lock across cluster
ctdb-recovery: Don't update recovery lock from daemon
ctdb-client: Remove support for SET_RECLOCK
ctdb-protocol: Drop support for SET_RECLOCK
ctdb-protocol: CTDB_CONTROL_SET_RECLOCK_FILE is obsolete
ctdb-daemon: Drop function ctdb_set_recovery_lock_file()
ctdb-daemon: Rename recovery lock file to just recovery lock
ctdb-recoverd: Don't expose internal cluster mutex status
ctdb-recoverd: Fix buggy function return on memory allocation failure
ctdb-cluster-mutex: Don't call the supplied hander more than once
ctdb-recoverd: No need to reset reclock handler
ctdb-cluster-mutex: Pass a talloc context to allocate the handle off
ctdb-recoverd: Recovery lock handle should be in recovery deamon context
ctdb-recoverd: Simplify reclock handler
ctdb-recovery: Wrap private data for reclock test callback
ctdb-cluster-mutex: Drop cluster_mutex_handler() ctdb and handle arguments
ctdb-cluster-mutex: ctdb_cluster_mutex() registers handler and private data
ctdb-cluster-mutex: Register an extra handler for when mutex is lost
ctdb-recoverd: Add handler for lost recovery lock
ctdb-recoverd: Release recovery lock on exit
ctdb-scripts: Move NFS callout-related code to functions file
ctdb-scripts: Add eventscript 06.nfs
torture: Add tests for trim_string()
lib/util: Optimise trim_string() to use a single memmove(3)
ctdb-tests: Remove unused tests from IP takeover test harness
ctdb-tests: Simplify read_ctdb_public_ip_info() using new function add_ip()
ctdb-tests: Don't bother setting all_ips
ctdb-tests: Drop all_ips argument from read_ctdb_public_ip_info()
ctdb-tests: Drop CTDB_TEST_MAX_IPS
ctdb-tests: read_ctdb_public_ip_info() reads all test input
ctdb-tests: Assign known and available arrays via pointers.
ctdb-tests: Build a node map instead of a hacky node flags array
ctdb-tests: Drop CTDB_TEST_MAX_NODES
ctdb-ipalloc: Move if-statement with broken condition
ctdb-ipalloc: Drop an unnecessary check
ctdb-ipalloc: Do not use node count or PNNs from CTDB context
ctdb-ipalloc: Drop a use of CTDB_NO_MEMORY_NULL()
ctdb-ipalloc: Drop remote IP verification
ctdb-recoverd: Drop code to change the IP assignment tree
ctdb-tools: Don't bother sending CTDB_SRVID_RECD_UPDATE_IP
ctdb-ipalloc: Drop code to update IP assignment tree
ctdb-ipalloc: Don't build a global IP tree
ctdb-ipalloc: Clean up reloading of remote public IPs
ctdb-ipalloc: Remove function ctdb_reload_remote_public_ips()
ctdb-ipalloc: New function ipalloc_set_public_ips()
ctdb-ipalloc: Move create_merged_ip_list() into ipalloc
ctdb-ipalloc: Drop known public IPs from IP allocation state
ctdb-ipalloc: New function ipalloc_can_host_ips()
ctdb-ipalloc: Fix buggy short-circuit when no IPs are available
ctdb-ipalloc: Make no_ip_failback a boolean
ctdb-ipalloc: Pass extra data to IP allocation state initialisation
ctdb-ipalloc: Move ipalloc state initialisation to ipalloc.c
ctdb-ipalloc: Switch set_ipflags_internal() to use a new-style node map
ctdb-ipalloc: Move set_ipflags_internal() to ipalloc
ctdb-ipalloc: ipalloc() returns public IP list
ctdb-ipalloc: IP allocation state is now an opaque structure
ctdb-tests: Drop use of CTDB context from takeover test
ctdb-tests: Allow takeover tests to be run under valgrind
ctdb-ipalloc: Drop implicit dependency on ctdb-common
ctdb-tests: Link to ctdb-ipalloc instead of using ctdbd_test.c
ctdb-scripts: Drop optional argument to nfs_check_services()
ctdb-scripts: Export CTDB_BASE in functions file
ctdb-scripts: Update script boilerplate to avoid shellcheck warnings
ctdb-scripts: Fix incorrect variable reference
ctdb-scripts: Fix incorrect variable reference
ctdb-scripts: Use globs instead of ls to list files
ctdb-scripts: Fix incorrect variable reference
ctdb-scripts: Quote some variable expansions
ctdb-client: Fix incorrect variable reference
ctdb-client: Fix access after free error
ctdb-tools: Avoid uninitialised memory access
ctdb-scripts: Fix a bug in counter checking
ctdb-tests: Add reclock event script tests
ctdb-tests: Add new vsftpd event script test
ctdb-tests: Add new httpd event script test
ctdb-tests: New event script test for corrupt TDB checking
ctdb-scripts: Drop use of ctdb_standard_event_handler()
ctdb-scripts: Event script indentation and whitespace cleanups
ctdb-scripts: Drop use of service_tcp_ports
ctdb-scripts: Drop use of ctdb_check_counter from httpd event script
ctdb-scripts: Drop use of ctdb_check_counter from reclock event script
ctdb-scripts: Drop use of ctdb_check_counter from vsftpd event script
ctdb-scripts: Drop function ctdb_check_counter()
ctdb-scripts: Avoid shellcheck warning SC2016 ($ in single quotes)
ctdb-scripts: Avoid shellcheck warnings SC2030, SC2031 (subshell variables)
ctdb-scripts: Avoid shellcheck warning SC2004 ($ in arithmetic)
ctdb-scripts: Avoid shellcheck warning SC2034 (unused variables)
ctdb-scripts: Avoid shellcheck warnings SC2046, SC2086 (double-quoting)
ctdb-scripts: Avoid shellcheck warning SC2154 (unassigned variables)
ctdb-scripts: Avoid shellcheck warning SC1004 (backslash in quotes)
ctdb-scripts: Avoid shellcheck warning SC2017 (arithmetic precision)
ctdb-scripts: Avoid shellcheck warning SC2002 (useless cat)
ctdb-scripts: Avoid shellcheck warnings SC2119, SC2120 (function arguments)
ctdb-scripts: Avoid shellcheck warning SC2015 (A && B || C)
ctdb-scripts: Avoid shellcheck warning SC2039 (type command)
ctdb-scripts: Avoid shellcheck warning SC2039 (echo -n)
ctdb-scripts: Avoid shellcheck warning SC2094 (read/write same file)
ctdb-scripts: Avoid shellcheck warning SC2039 (test -nt operator)
ctdb-scripts: Avoid shellcheck warning SC2039 (non-portable ulimit options)
ctdb-scripts: Avoid shellcheck warning SC2038 (find without -print0)
ctdb-scripts: Avoid shellcheck warning SC2012 (ls for file list)
ctdb-scripts: Avoid chellcheck warning SC2012 (ls for file list)
ctdb-scripts: Avoid shellcheck warning SC2059 ($ in printf format)
ctdb-scripts: Avoid shellcheck warning SC2155 (declare, assign)
ctdb-scripts: Avoid shellcheck warning SC2124 (string=array)
ctdb-scripts: Avoid shellcheck warning SC2006 (legacy `..`)
ctdb-tests: Add new test support script for script install paths
ctdb-tests: Add shellcheck test suite
ctdb-doc: Drop documentation for "ctdb setmonmode"
ctdb-doc: Drop documentation for "ctdb xpnn"
ctdb-doc: Update allowed debug levels to include "ERROR"
ctdb-doc: Document limitation of "ctdb reloadips"
ctdb-tests: Require setup_ctdbd() call in tool tests
ctdb-tests: Clean up temporary files in tool tests
ctdb-tests: Allow fake_ctdbd and tool to be run under valgrind in tool tests
ctdb-tests: Allow secondary tool commands to be tested
ctdb-tests: Have fake_ctdbd log request IDs
ctdb-tests: Error on invalid destnode in fake_ctdbd
ctdb-tests: Drop a "ctdb reloadnodes" tool test
ctdb-tests: Add "ctdb ifaces" tool test
ctdb-tests: Add "ctdb ping" tool test
ctdb-tests: Add "ctdb recmaster" tool tests
ctdb-tests: Add "ctdb uptime" tool test
ctdb-tests: Add "ctdb process-exists" tool test
ctdb-tools: Simplify "ctdb getpid" output format
ctdb-tests: Add "ctdb getpid" tool test
ctdb-tools: Simplify "ctdb pnn" output format
ctdb-tests: Add "ctdb pnn" tool test
ctdb-tools: Simplify "ctdb getdebug" output format
ctdb-tests: Add "ctdb setdebug" tool tests
ctdb-tests: Add "ctdb runstate" tool tests
ctdb-tests: Add "ctdb listvars/getvar/setvar" tool tests
ctdb-tests: Add "ctdb setifacelink" tool tests
ctdb-tools: Simplify "ctdb getmonmode" output format
ctdb-tests: Add "ctdb getmonmode/disablemonitor/enablemonitor" tool tests
ctdb-tests: Implement GET_RECLOCK_FILE control in fake_ctdbd
ctdb-tests: Add "ctdb getreclock" tool tests
ctdb-tests: Implement STOP_NODE and CONTINUE_NODE controls in fake_ctdbd
ctdb-tests: Implement TAKEOVER_RUN message in fake_ctdbd
ctdb-tests: Add "ctdb stop/continue" tool tests
ctdb-tests: Implement SET_BAN_STATE control in fake_ctdbd
ctdb-tests: Add "ctdb ban/unban" tool tests
ctdb-tests: Implement MODIFY_FLAGS control in fake_ctdbd
ctdb-tests: Add "ctdb disable/enable" tool tests
ctdb-tools: Simplify "ctdb getdbseqnum" output format
ctdb-tests: Implement database related controls in fake_ctdbd
ctdb-tests: Add database related tool tests
WHATSNEW: CTDB updates
ctdb-doc: Integrate ctdb_diagnostics man page into build
ctdb-doc: ctdb_diagnostics(1) tweaks and cross-references
ctdb-ipalloc: Use a cumulative timeout for takeover run stages
ctdb-daemon: Move CTDB VNN structure to IP takeover code
ctdb-daemon: Deletion of IPs is deferred until the next takeover run
ctdb-tests: Avoid division by zero in NFS eventscript unit test
ctdb-tests: Remove duplicate EOF terminators in some tool unit tests
ctdb-tests: Avoid portability issue in porting tests
ctdb-tests: Pretend not to ignore return from fgets()
ctdb-daemon: Fix CID 1364527/8/9: Null pointer dereferences (NULL_RETURNS)
ctdb-tests: Stop cross-talk between reclock tests
ctdb-common: Fix CID 1125553 Buffer not null terminated (BUFFER_SIZE_WARNING)
ctdb-common: Consistently use strlcpy() on interface names
ctdb-utils: Fix CID 1297451 Explicit null dereferenced (FORWARD_NULL)
ctdb-daemon: Fix CID 1363233 Resource leak (RESOURCE_LEAK)
ctdb-daemon: Fix CID 1363067 Resource leak (RESOURCE_LEAK)
ctdb-mutex: Fix CID 1359217 Resource leak (RESOURCE_LEAK)
ctdb-packaging: Move ctdb tests to libexec directory
ctdb-tests: Add --interactive/-i option to test options parsing code
ctdb-tests: Implement --interactive/-i option in message_ring
ctdb-tests: Clean up and rename simple message_ring test
ctdb-tests: Implement --interactive/-i option in fetch ring
ctdb-tests: Clean up and rename simple fetch_ring test
ctdb-tests: Implement --interactive/-i option in transaction_loop
ctdb-tests: Clean up and rename simple transaction_loop test
ctdb-tests: Clean up and rename simple transaction_loop recovery test
ctdb-tools: Add early return for empty connection list
ctdb-tools: "ctdb tickle" command should run without daemon
ctdb-doc: Document that "ctdb tickle" can now read from stdin
ctdb-mutex: Avoid corner case where helper is already reparented to init
ctdb-common: Fix CID 1363227 Resource leak (RESOURCE_LEAK)
ctdb-tests: Fix CID 1361816 Buffer not null terminated (BUFFER_SIZE_WARNING)
ctdb-common: Fix CID 1125581 Dereference after null check (FORWARD_NULL)
ctdb-common: Fix CID 1125583 Dereference after null check (FORWARD_NULL)
ctdb-common: Fix CID 1125585 Dereference after null check (FORWARD_NULL)
ctdb-daemon: Fix CID 1125627 Resource leak (RESOURCE_LEAK)
ctdb-daemon: Clean up SET_DB_PRIORITY/GET_DB_PRIORITY deprecation
ctdb-packaging: Stop RPM from renaming working config to ctdb.rpmsave
ctdb-daemon: Fix CID 1272855 Operands don't affect result
ctdb-daemon: Fix CID 1125575 Operands don't affect result
ctdb-daemon: Fix CID 1125574 Operands don't affect result
ctdb-tests: Update porting test to be more flexible about line numbers
ctdb-common: Fix CID 1362729 Unchecked return value from library
ctdb-common: Fix CID 1362728 Unchecked return value from library
ctdb-tcp: Fix CID 1362727 Unchecked return value from library
ctdb-tcp: Set file descriptor to -1 after close.
ctdb-daemon: Fix CID 1362726 Unchecked return value from library
ctdb-client: Fix CID 1362725 Unchecked return value from library
ctdb-client: Print error message before next syscall to avoid losing errno
ctdb-tcp: Fix CID 1362724 Unchecked return value from library
ctdb-daemon: Fix CID 1362723 Unchecked return value from library
ctdb-logging: Fix CID 1272823 Unchecked return value from library
ctdb-tools: Fix CID 1125618 String not null terminated (STRING_NULL)
ctdb-tools: Consistently use db_name
ctdb-common: Save errno before closing file to keep debug accurate
ctdb-daemon: Try to release IP address even if interface is unknown
ctdb-daemon: Do not update the VNN state on RELEASE_IP failure
ctdb-daemon: Do not copy address for RELEASE_IP message
ctdb-daemon: Factor out new function release_ip_post()
ctdb-daemon: Use release_ip_post() when releasing all IP addresses
ctdb-daemon: Drop special case handling for new IP already on interface
ctdb-scripts: Add early exit for redundant updateip
Revert "When adding an ip at runtime, it might not yet have an iface assigned to it, so ensure that the next takover_ip call will fall through to accept the ip and add it."
ctdb-daemon: Avoid referencing NULL pointer due to unknown old interface
ctdb-daemon: Fix takeover of incorrectly assigned public IP address
ctdb-recoverd: Don't directly release rogue IP addresses
ctdb-tests: Validate that unexpected IP on interface is properly released
ctdb-tests: Validate that TAKE_IP works with IP already on an interface
ctdb-ipalloc: Fix cumulative takeover timeout
ctdb-daemon: Rename takeover_callback_state -> release_ip_callback_state
ctdb-daemon: When releasing an IP, update PNN in callback
ctdb-tests: Drop function _ctdb_hack_options()
ctdb-tests: Drop attempts to pass arguments to ctdbd on (re)start
ctdb-tests: Move local daemon configuration creation into setup_ctdb()
ctdb-tests: Remove function daemons_start_1()
ctdb-tests: Reimplement daemons_stop() using ctdbd_wrapper
ctdb-daemon: Schedule running of callback if there are no event scripts
ctdb-daemon: Handle failure immediately, do housekeeping later
ctdb-daemon: Don't steal control structure before synchronous reply
ctdb-tests: Factor out function config_from_environment()
ctdb-tests: Conditionally use temporary config file for local daemons
ctdb-tests: Add a test to ensure that CTDB works with no eventscripts
ctdb-daemon: Drop use of strdup(3) and free(3) when releasing IP
ctdb-daemon: Move and improve public IP duplicate checking
ctdb-daemon: Replace some uses of CTDB_NO_MEMORY_FATAL()
ctdb-daemon: Consolidate interface checking with interface parsing
ctdb-daemon: Drop some uses of CTDB_NO_MEMORY{,_FATAL}()
ctdb-daemon: Move interface addition into interface parsing
ctdb-daemon: Change ctdb_add_local_iface() to return struct ctdb_interface
ctdb-daemon: Make vnn->iface a list of new struct vnn_interface
ctdb-daemon: Drop redundant uses of ctdb_find_iface()
ctdb-deamon: Rename vnn_has_interface_with_name() to vnn_has_interface()
ctdb-daemon: Use ctdb_find_iface() instead of duplicating logic
ctdb-daemon: Compare interface pointers instead of using strcmp(3)
ctdb-tools: CID 1125617 String not null terminated (STRING_NULL)
ctdb-tests: CID 1125635 Dereference null return value (NULL_RETURNS)
ctdb-tests: Allow "addtickle" and "deltickle" stubs to read from stdin
ctdb-scripts: Optimise update_tickles()
ctdb-scripts: Optimise tickle_tcp_connections()
ctdb-packaging: Fix systemd network dependency
ctdb-ipalloc: Store known public IPs in IP allocation state
ctdb-ipalloc: Whether IPs can be hosted need not depend on merged IP list
ctdb-ipalloc: Optimise check to see if IPs can be hosted
ctdb-ipalloc: Drop known_ips argument from merged IP list creation
ctdb-ipalloc: Move merged IP list creation to ipalloc()
ctdb-ipalloc: ipalloc_set_public_ips() can't fail
ctdb-tests: Factor out new local daemons functions ps_ctdbd
ctdb-tests: Add new public IP takeover no-op test
ctdb-tests: Fix typo in local daemons IPv6 setup
ctdb-tests: Produce clear errors for missing IPv6 node IP addresses
ctdb-daemon: Use PID file abstraction
ctdb-daemon: Bind to Unix domain socket after PID file creation
ctdb-daemon: Don't try to reopen TDB files
ctdb-daemon: Drop attempt to connect to Unix domain socket
ctdb-daemon: Log when removing stale Unix domain socket
ctdb-scripts: Dump stack traces of smbd processes after shutdown
ctdb-scripts: ctdbd_wrapper should never remove the PID file
ctdb-scripts: Drop backward compatibility from ctdbd_is_running()
ctdb-tests: Use bash locals for readability
ctdb-tests: Add a missing assert()
ctdb-packaging: Move CTDB tests to /usr/local/share/ctdb/tests/
ctdb-scripts: Strengthen check to see if ctdbd is running
ctdb-tests: Add tests for updated Debian style Samba start/stop
lib/util: Make sys_rw available to CTDB
ctdb-lock-helper: Drop include of ctdb_private.h
ctdb-common: Drop CTDB's copy of sys_read() and sys_write()
ctdb-daemon: Don't call ctdb_local_node_got_banned() on flag changes
ctdb-daemon: Exit early if there are trailing command-line arguments
ctdb-ipalloc: Optimise check to see if IP is available on a node
ctdb-tests: Use a separate directory for each local daemon
debug: Add minimalist D_* macros
ctdb-logging: Drop enum debug_level
ctdb-doc: Don't advertise numeric debug levels
ctdb-tests: Support symbolic debug level in takeover tests
ctdb-tests: Use symbolic debug levels in takeover tests
ctdb-tests: Use symbolic debug level for local daemons
ctdb-tests: Use symbolic debug levels in eventscript tests
ctdb-tests: Use symbolic debug levels in tool tests
ctdb-scripts: Update CTDB_SCRIPT_DEBUGLEVEL to be symbolic
ctdb-logging: Use Samba's debug levels
ctdb-scripts: Drop some tests for "reconfigure" event and monitor replay
ctdb-tests: Fix "ctdb reloadips" simple test
ctdb-protocol: Add generalised socket address comparison
ctdb-tests: Add unit test for protocol utilities
ctdb-tools: Fix sort order of "ctdb ip" output
ctdb-tools: Fix memory corruption in "ctdb ip -v"
ctdb-tools: Skip GET_PUBLIC_IP_INFO for unassigned addresses
ctdb-tools: Print PNN as int in "ctdb ip -v"
ctdb-tools: Don't trust non-hosting nodes in "ctdb ip all"
ctdb-protocol: Move CTDB_PUBLIC_IP_FLAGS_ONLY_AVAILABLE to protocol.h
ctdb-client: Add available-only option public IP fetching
ctdb-tests: Make fake_ctdbd use logging_init()
ctdb-tests: Allow FAKE_CTDBD_DEBUGLEVEL to be specified
ctdb-tests: Factor out reading of known public IP addresses
ctdb-tests: Add public IP state to fake_ctdbd
ctdb-tests: Factor out get_ctdb_iface_list()
ctdb-tests: Implement GET_PUBLIC_IP_INFO control in fake_ctdbd
ctdb-tests: Add tool tests for "ctdb ipinfo"
ctdb-tests: Implement GET_PUBLIC_IPS control in fake_ctdbd
ctdb-tests: Add tool tests for "ctdb ip"
ctdb-tests: Add RELEASE_IP control to fake_ctdbd
ctdb-tests: Add TAKEOVER_IP control to fake_ctdbd
ctdb-tests: Add IPREALLOCATED control to fake_ctdbd
ctdb-tests: Add faking of control failures/timeouts to fake_ctdbd
ctdb-docs: Document that tunables should be set the same on all nodes
ctdb-takeover: NoIPTakeover is global across cluster
ctdb-takeover: NoIPHostOnAllDisabled is global across cluster
ctdb-takeover: IPAllocAlgorithm replaces LCP2PublicIPs, DeterministicIPs
ctdb-takeover: Add takeover helper
ctdb-tests: New function unit_test_notrace()
ctdb-tests: Add tests for takeover helper
ctdb-recoverd: Generalise helper state, handler and launching
ctdb-recoverd: Integrate takeover helper
ctdb-takeover: Drop unused ctdb_takeover_run() and related code
ctdb-tests: Remove the python LCP2 simulation
WHATSNEW: CTDB updates
ctdb-takeover: Fix CID 1398169 Unchecked return value
ctdb-takeover: Clean up when exiting on error
ctdb-takeover: Handle case where there are no RELEASE_IPs to send
ctdb-tests: Add takeover helper tests with banned/disconnected nodes
ctdb-scripts: Drop configuration variable CTDB_SERVICE_AUTOSTARTSTOP
ctdb-scripts: Simplify TCP port checking
ctdb-scripts: Drop unnecessary function ctdb_check_tcp_init()
ctdb-scripts: Remove ctdb_service_start() and ctdb_service_stop()
ctdb-scripts: Inline simple uses of service_start() and service_stop()
ctdb-scripts: Drop function ctdb_check_command()
ctdb-scripts: Drop configuration variable CTDB_SCRIPT_DEBUGLEVEL
ctdb-scripts: Fix remaining uses of "ctdb gratiousarp"
ctdb-scripts: Fix regression when cleaning up routing table IDs
ctdb-tests: Add "13.per_ip_routing shutdown" test
ctdb-scripts: Avoid log noise when NFS checks directory is empty
ctdb-docs: Document configuration variable CTDB_NFS_CHECKS_DIR
ctdb-scripts: Initialise CTDB_NFS_CALLOUT in statd-callout
ctdb-logging: CID 1396883 Dereference null return value (NULL_RETURNS)
ctdb-utils: CID 1343331 Unchecked return value from library (CHECKED_RETURN)
ctdb-doc: Whitespace fixes in example NFS ganesha callout
ctdb-doc: Make example NFS Ganesha call-out almost pass shellcheck
ctdb-doc: Fix shellcheck warning in example NFS ganesha call-out
ctdb-doc: Fix monitoring bug in example NFS Ganesha call-out
ctdb-doc: Update instructions in example NFS Ganesha call-out
ctdb-tests: Add synchronisation points in reload IPs tests
ctdb-takeover: Allocate IP list unconditionally in send function
ctdb-takeover: Short circuit if fetching IPs from no nodes
lib/util: Put bitmap.c into samba-util-core so it is available to CTDB
ctdb-ipalloc: Switch available_on to struct bitmap
ctdb-ipalloc: Switch noiphost to struct bitmap
ctdb-tests: Populate per-node known IPs inline
ctdb-takeover: Add debug message confirming fetching of public IPs
ctdb-takeover: Only fetch available IPs from nodes with known IPs
ctdb-takeover: Generalise error handling for GET_PUBLIC_IPS
ctdb-takeover: Use takeover_failed() when fetching public IPs fails
ctdb-takeover: Assign banning credits on failure to fetch public IPs
ctdb-takeover: Fetch public IP addresses from all connected nodes
ctdb-ipalloc: Add per-IP known_on bitmap
ctdb-takeover: Don't release IPs from nodes where they are not known
ctdb-build: Add WAFLOCK magic to manpages target
ctdb-build: Fix RPM build
ctdb-tests: Catch cases where mktemp fails due to missing TMPDIR
autobuild: Stop waf uninstall from removing test_tmpdir
ctdb-tools: Stop "ctdb nodestatus" from always showing all nodes
ctdb-tools: "ctdb nodestatus" should only display header for "all"
ctdb-tests: Add some extra tests for "ctdb nodestatus"
ctdb-common: Fix crash in logging initialisation
ctdb-scripts: NFS call-out failures should cause event failure
ctdb-tests: Add more NFS eventscript tests for call-out failures
ctdb-common: Log a count of dropped messages with non-blocking logging
ctdb-scripts: Compact server-end TCP connection killing output
WHATSNEW: CTDB changes for 4.7
ctdb-common: Set close-on-exec when creating PID file
ctdb-tests: Wait up to 30 seconds for process to be registered in ctdbd
Mathieu Parent (2):
ctdb-scripts: Fix Debian init in samba eventscript
New upstream version 4.7.0+dfsg
Matthieu Patou (4):
s4:librpc/rpc: do not use stack allocated variables for async requests
wafsamba: Move command line option function labelled as 'samba3' to the common set of functions
wafsamba: Remove 2010 comments that seems not accurate anymore
Move pthreadpool to top of the tree.
Michael Adam (119):
smbd:smb2: remove an unnecessary !! cast.
smbd: enable multi-channel if 'server multi channel support = yes' in the config
s3:winbindd:idmap: add domain_has_idmap_config() helper function.
idmap_hash: rename be_init() --> idmap_hash_initialize()
idmap_hash: only allow the hash module for default idmap config.
smbd: fix use after free via conn->fsp_fi_cache
smbd:smb2: add a modify flag to dispatch table
smbd:smb2: add request_counters_updated to the smbd_smb2_request struct
smbd:smb2: implement channel sequence checks and request counters in dispatch
smbd:smb2: update outstanding request counters before sending a reply
smbd:smb2: add some asserts before decrementing the counters
torture:smb2: use assert, not warning in error case in durable-open.reopen1a
torture:smb2: fix crashes in smb2.durable-open.reopen1a test
torture:smb2: durable-open.reopen1a only needs one io struct
torture:smb2: for oplocks, durable reconnect works with different client guid
torture:smb2: add durable-open.reopen1a-lease
torture:smb2: use assert, not warning in error case in durable-v2-open.reopen1a
torture:smb2: fix crashes in smb2.durable-v2-open.reopen1a test
torture:smb2: get rid of supefluous io2 var in durable-v2-open.reopen1a
torture:smb2: for oplocks, durable reconnect works with different client-guid
torture:smb2: add durable-v2-open.reopen1a-lease
tevent:threads: fix -O3 error unused result of write
tevent:signal: fix -O3 error unused result of write
tevent:signal: fix -O3 error unused result of read
tevent:testsuite: fix O3 errors unused result for read
tevent:testsuite: fix O3 errors unused result of write
tdb:torture: fix -O3 error unused result code of read
tdb:torture: fix -O3 error unused result of write
debug: fix -O3 warning - unused return code of write()
lib: add sys_read_v - void variant of sys_read
lib: add sys_write_v - void variant of sys_write
s4:libcli:resolve: fix O3 error unused result of write
s4:registry:patchfile: fix O3 error unused result of write
s4:ntvfs: fix O3 error unused result of asprintf
s4:ntvfs: fix O3 error unused result of asprintf in svfs_file_utime
s4:ntvfs: fix O3 error unused result of asprintf in cifspsx_map_fileinfo
s4:ntvfs: fix O3 error unused result of asprintf in cifspsx_list_unix
s4:ntvfs: fix O3 error unused result of asprintf in cifspsx_file_utime()
s4:ntvfs: fix O3 error unused result of write error in nbench_log()
s4:regshell: fix O3 error unused result of asprintf in reg_complete_key()
s4:torture:basic: fix O3 error unused result of asprintf
s4:torture:basic:misc: fix O3 error unused result of asprintf
s4:torture:basic: fix O3 error unused result of write
s4:torture:basic:dir: fix O3 error unused result of asprintf
s4:torture:basic:delete: fix O3 error unused result of asprintf
s4:torture:rpc:samlogon: fix O3 error unused result of asprintf
s4:torture:nbench: fix O3 error unused result of asprintf
s4:client: fix O3 error unused result of of chdir and system
s3:samlogon_cache: fix O3 error unused result of truncate
s3:utils:log2pcaphex: fix O3 error unused result of fgets
s3:utils:log2pcaphex: fix O3 error uninitialized variable
s3:smbfilter: fix O3 error unused result of system()
s3:vfs:aio_fork: fix O3 error unused result of write
s3:vfs:preopen: fix O3 error unused result of write
examples:smbclient:testacl3: fix O3 error unused result from fgets
examples:smbclient:notify: fix O3 error unused result from fgets
examples:smbclient:statvfs: fix O3 error unused result of fgets
examples:smbclient:fstatvfs: fix O3 error unused result of fgets
examples:smbclient:read: fix O3 error unused result of fgets
examples:smbclient:write: fix O3 error unused result of fgets
autobuild: add a target samba-o3 that is built with -O3
autobuild: run the samba-o3 target by default
travis: run the samba-o3 target
s3:vfs: add 'kernel_share_modes_taken' to files_struct
smbd:close: only remove kernel share modes if they had been taken at open
notifyd: prevent NULL deref segfault in notifyd_peer_destructor
selftest: fix printf in cleanup_child()
selftest: improve misleading indentation in cleanup_child()
selftest: improve logic in cleanup_child() with early return
selftest: systematize formatting of if/elseif/else indentation in cleanup_child
ctdb:tcp: add missing spaces in debug message in ctdb_tcp_node_connect()
ctdb:banning: timedout->timed out in dbg messages in ctdb_ban_node_event()
ctdb:eventscript: timedout->timed out in ctdb_event_script_args()
ctdb:tests: timedout->timed out in 60.nfs.multi.004 test
ctdb:banning: Improve a debug message
ctdb:banning: Improve debug message in ctdb_ban_node_event()
ctdb: set the path to 'ctdb' in 'functions' in CTDB
ctdb: make sure scripts using $CTDB called by test find ctdb
ctdb: use properly configured ctdb in functions
ctdb: use properly configured ctdb in ctdbd_wrapper
ctdb: use properly configured ctdb in 00.ctdb
ctdb: use properly configured ctdb in 01.reclock
ctdb: use properly configured ctdb in 10.external
ctdb: use properly configured ctdb in 13.per_ip_routing
ctdb: use properly configured ctdb in 10.interfaces
ctdb: use properly configured ctdb in 70.iscsi
ctdb: use properly configured ctdb in 91.lvs
ctdb: use properly configured ctdb in 99.timeout
ctdb: use properly configured ctdb in statd-callout
ctdb: use properly configured ctdb in debug-hung-script.sh
libnet: only create local private krb5.conf if joining an AD domain
ctdb-daemon: make bool assignment more obvious
Revert "s3:libnet: accept empty realm for AD domains when only security=domain is set."
libnet: ignore realm setting for domain security joins to AD domains if 'winbind rpc only = true'
autobuild: Don't compare socket wrapper so_path for xc check
ctdb: fix autotest with socket-wrapper installed in the system
libsmb:namequery: fix typo in comment in get_dc_list()
selftest: check for winbind on 1-second basis
selftest: check for smbd on a 1-second basis.
libads: improve debug messages in sitename_fetch()
rpc_server: add mssing '#pragma GCC diagnostic push'
tevent: avoid -Wtautological-compare errors with gcc6
Revert "ldb:dlinklist: avoid -Wtautological-compare errors with gcc6"
Revert "tevent: avoid -Wtautological-compare errors with gcc6"
Revert "lib:dlinklist: avoid -Wtautological-compare errors with gcc6"
build: avoid -Wtautological-compare errors from gcc6+ by disabling it globally
passdb: remove a misleading comment from lookup_name_smbconf()
smbd: remove redundant comment (with typo) from token_contains_name()
s3:lib: fix a typo in comment for talloc_sub_basic()
idmap: don't generally forbid id==0 from idmap_unix_id_is_in_range()
idmap: centrally check that unix IDs returned by the idmap backends are in range
tevent: fix confused documentation
vfs:glusterfs: preallocate result for glfs_realpath
param: use early return in lp_canonicalize_parameter_with_value()
param: validate value in lp_canonicalize_parameter_with_value()
s3:vfs:shadow_copy2: fix quoting in debug messages
s3:vfs:shadow_copy2: fix the corner case if cwd=/ in make_relative_path
s3:vfs:shadow_copy2: fix corner case of "/@GMT-token" in shadow_copy2_strip_snapshot
s3:tests: fix commment typo in the offline test
Michael Saxl (1):
s3:gse_krb5: fix a possible crash in fill_mem_keytab_from_system_keytab()
Moritz Beller (1):
libcli: Remove code clone
Nikolai Kondrashov (1):
tevent: Clarify apparently useless conditions
Noel Power (42):
s3:libsmb: Fix illegal memory access after memory has been deleted.
s4:libnet: fix 'Syscall param writev(vector[...])' valgrind error
s4:torture:rpc: fix valgrind Syscall param writev(vector[...]) error
s4:torture:rpc: fix valgrind 'Syscall param writev(vector[...])' error
s4:torture:rpc: fix valgrind 'Syscall param writev(vector[...])' valgrind error
s4:lib:registry: fix 'Conditional jump or move' valgrind error.
s4:torture:basic fix 'Syscall param writev(vector[...])' valgrind error
s4:torture:basic: fix valgrind 'Syscall param writev(vector[...])' error
s4:torture:basic: fix valgrind 'Syscall param writev(vector[...])' error
s4:torture:basic: fix valgrind 'Syscall param writev(vector[...])' error.
s4:libcli: fix 'Conditional jump or move' valgrind error
s4:torture:basic: fix 'Syscall param writev(vector[...])' valgrind error
s4:torture:basic: fix 'Conditional jump or move ' valgrind error
s4:torture:raw: fix 'Syscall param writev(vector[...])' valgrind error
s4:torture:raw: fix 'Syscall param writev(vector[...])' valgrind error
s4:torture:raw: fix 'Syscall param writev(vector[...])' valgrind error
s4:torture:raw: fix 'use of uninitialised value of size 8' valgrind errors
s4:torture:raw: fix 'Conditional jump or move' valgrind error.
s4:torture:raw: fix 'Invalid read of size 1 & Conditional jump or move' errors.
s4:torture:smb2: fix Use of 'uninitialised value of size 8' valgrind error.
s4:torture:smb2: fix 'Use of uninitialised value of size 8' valgrind error.
s4:torture:smb2 fix 'Use of uninitialised value of size 8' valgrind error.
s4:torture:smb2: fix 'Use of uninitialised value of size 8' valgrind error.
s4:torture:smb2 fix 'Use of uninitialised value of size 8' valgrind error.
s4:torture:smb2: fix 'Use of uninitialised value of size 8' valgrind error
s4:torture:smb2: fix 'Use of uninitialised value of size 8' valgrind error.
s4:torture:smb2: fix 'Use of uninitialised value of size 8' valgrind error.
s4:torture:smb2: fix 'Use of uninitialised value of size 8' valgrind error.
s4:torture:smb2: fix 'Use of uninitialised value of size 8' valgrind error.
s4:torture:smb2: fix 'Use of uninitialised value of size 8' valgrind error.
s4:torture:libnet: fix 'Conditional jump or move' valgrind error
s4:torture:libnet: fix 'Syscall param writev(vector[...])' valgrind error
s4:torture:vfs: fix Invalid read of size 8 valgrind valgrind error (and segv)
fix Invalid read of size 8
Add a blackbox tests for id & getent to test domain at realm type credentials
s3/winbindd: using default domain with user at domain.com format fails
s3/client: obey 'disable netbios' smb.conf param, don't connect via NBT port.
s3/rpc_server/mdssvc: Generate flex/bison files in build
param: Check for valid values of 'name resolve order' option
s3:tests: Add test for illegal value detection for 'name resolve order'
s3/utils: Add warning to testparm for "client ipc signing" param values
s3/utils: smbcacls failed to detect DIRECTORIES using SMB2 (windows only)
Partha Sarathi (1):
Fix the smb2_setinfo to handle FS info types and FSQUOTA infolevel
Per Forlin (1):
s3: smbd: Correctly reflect back SMB_PIDHIGH to a client.
Peter C. Kelly (1):
Improve help wording for samba-tool domain provision as per https://lists.samba.org/archive/samba-technical/2016-April/113740.html
Peter Somogyi (2):
Add yet another error code when forking an smbd and ctdb is not there. We can see NT_STATUS_CONNECTION_REFUSED in the logs upon such a rare case.
SMB_INFO_ALLOCATION: return with UINT32_MAX rather than cutting at 4 bytes
Petr Cech (1):
LDB: Redudant test on NULL context remove
Petr Viktorin (4):
python: Add py3compat.h
python: Port the samba.net module to Python 3
python3: Use "y#" instead of "s#" for binary data in PyArg_ParseTuple
python3:tests: Fix Python 3 test issues
Raghavendra Talur (2):
init: set core file size to unlimited by default
support volfile fetch from multiple glusterd nodes
Rajesh Joseph (7):
shadow_copy2: Fix shadow_copy2_posix_gmt_string return type
shadow_copy2: Add test cases to cover shadow:format
shadow_copy2: create structure to store module specific information
shadow_copy2: allow configurable prefix for snapshot name
shadow_copy2: Add test case for snapprefix and delimiter
shadow_copy2: update man pages for the newly introduced options
shadow_copy2: Fix error handling in shadow_copy2_get_shadow_copy_data
Ralph Boehme (369):
testparm: vfs_fruit checks
docs: update vfs_fruit manpage
s3:mdssvc: older glib2 versions require g_type_init()
tdb: avoid a race condition when checking for robust mutexes
CVE-2016-2114: libcli/smb: let mandatory signing imply allowed signing
CVE-2016-2114: s3:smbd: enforce "server signing = mandatory"
CVE-2016-2115: s3:libsmb: add signing constant SMB_SIGNING_IPC_DEFAULT
CVE-2016-2115: net: use SMB_SIGNING_IPC_DEFAULT
CVE-2016-2115: s3:lib/netapi: use SMB_SIGNING_IPC_DEFAULT
CVE-2016-2115: s3:auth_domain: use SMB_SIGNING_IPC_DEFAULT
CVE-2016-2115: s3:libnet: use SMB_SIGNING_IPC_DEFAULT
CVE-2016-2115: s3:libsmb: use SMB_SIGNING_IPC_DEFAULT and lp_client_ipc_{min,max}_protocol()
cleanupd: restart as needed
krb5_wrap: add enctype arg to smb_krb5_kt_seek_and_delete_old_entries()
krb5_wrap: fix keep_old_entries logic in smb_krb5_kt_seek_and_delete_old_entries()
s4/libnet: fix exporting to keytab by SPN
s4: add a minimal ktutil for selftest
selftest/samba4.blackbox.export.keytab: use spn based on fqdn
selftest/samba4.blackbox.export.keytab: check exported keytabs
s4/heimdal: allow SPNs in AS-REQ
selftest/samba4.blackbox.export.keytab: check AS-REQ with SPN
s3/rpc_server: mdssvc: suppress compiler warnings from glib headers
winbindd: check if dcinfo from genache is expired
s3/lib: rework get_remote_arch_str() to use an array
s3/lib: add get_remote_arch_from_str()
s3/lib: add remote arch caching
smbd: use remote arch caching
s3:libnet:libnet_join: add netbios aliases as SPNs
vfs_fruit: add an option that allows disabling POSIX rename behaviour
talloc: rename local timeval function copies
winbindd: log domain name of failures to get trustdoms
winbindd: prevent log spam when enumerating users
librpc/ndr: add flag LIBNDR_FLAG_NO_COMPRESSION
librpc/dns: don't compress strings in TKEY and TSIG responses
librpc/dns: remove original_id from dns_fake_tsig_rec
s4/dns_server: include request MAC in TSIG response MAC calculation
s4/dns_server: split out function that does the MAC computation
s4/dns_server: not finding the key here is a fatal error
s4/dns_server: ensure we store the key name in error code paths
s4/dns_server: error codes for failing MAC verification in TSIG requests
s4/dns_server: don't compute TSIG MAC in TSIG error records
s4/dns_server: prepare sending correct error responses for dns_verify_tsig() errors
s4/dns_server: enable sending of TSIG error records
selftest: add test for DNS updates with TKEY/TSIG
selftest: Kerberos auth with netbios alias SPNs
selftest: make samba3.blackbox.smbclient_tar as flapping
s3/smbd: add helper func dos_mode_from_name()
s3/smbd: call dos_mode_from_name after SMB_VFS_GET_DOS_ATTRIBUTES()
s3/smbd: move check for "hide files" to dos_mode_from_name()
s3/smbd: only use stored dos attributes for open_match_attributes() check
s4/torture: add a test for dosmode and hidden files
winbindd/idmap_rfc2307: fix a crash
winbindd: in wb_lookupsids return domain name if we have it
selftest: make autorid the default idmap backend in admember_rfc2307
selftest: test idmap backend id allocation for unknown SIDS
smbd/cleanupd: use smbd_reinit_after_fork()
smbd/notifyd: use smbd_reinit_after_fork()
s3-rpc_server/mdssd: use smbd_reinit_after_fork()
ctdbd_conn: split ctdbd_init_connection()
ctdbd_conn: add ctdbd_reinit_connection()
s3-messaging/ctdb: split messaging_ctdbd_init()
s3-messaging/ctdb: add messaging_ctdbd_reinit()
s3-messaging: use messaging_ctdbd_reinit() in messaging_reinit()
s3/smbd: move make_default_filesystem_acl() to vfs_acl_common.c
vfs_acl_xattr: objects without NT ACL xattr
WHATSNEW: SMB 2.1 leases enabled by default
s3/lib: add smbd_cleanupd.tdb
s3/smbd: add cleanupd_init_send()/recv()
s3/cleanupd: use smbd_cleanupd.tdb
s3/notifyd: add async send/recv functions
async_req: make async_connect_send() "reentrant"
smbd: ignore ctdb tombstone records in fetch_share_mode_unlocked_parser()
s4/torture: add a test for ctdb-tombstrone-record deadlock
dbwrap_ctdb: treat empty records in ltdb as non-existing
s3/rpc_server: shared rpc modules directory may not exist
Revert "vfs_acl_xattr: objects without NT ACL xattr"
vfs_acl_common: rename psd to psd_blob in get_nt_acl_internal()
vfs_acl_common: rename pdesc_next to psd_fs
vfs_acl_common: remove redundant NULL assignment
vfs_acl_common: simplify ACL logic, cleanup and talloc hierarchy
vfs_acl_common: move the ACL blob validation to a helper function
vfs_acl_tdb|xattr: use a config handle
vfs_acl_common: move stat stuff to a helper function
vfs_acl_common: check for ignore_system_acls before fetching filesystem ACL
vfs_acl_xattr|tdb: add option to control default ACL style
vfs_acl_common: Windows style default ACL
s4/torture: tests for vfs_acl_xattr default ACL styles
vfs_acl_common: use DBG_LEVEL and remove function prefixes in DEBUG statements
docs: document vfs_acl_xattr|tdb enforced settings
vfs_acl_xattr|tdb: enforced settings when ignore system acls=yes
s3/smbd: in call_trans2qfilepathinfo call lstat when dealing with posix pathnames
s3/smbd: use stat from smb_fname if valid in refuse_symlink()
s4/messaging: messaging_dgm_ref talloc hierarchy fix
unix_msg: modify find_send_queue() to take a struct sockaddr_un
unix_msg: Return errno from find_send_queue
messaging: Call messaging_dgm_send under become_root only if necessary
unix_msg: add flag to prepare_socket_nonblock()
unix_msg: introduce send queue caching
unix_msg: always create a send queue for a peer
unix_msg: add a test for dgram socket caching
s3/smbd: set FILE_ATTRIBUTE_DIRECTORY as necessary
s3/smbd: remove a misleading error message
lib/poll_funcs: free timers in poll_funcs_state_destructor()
lib/poll_funcs: free contexts in poll_funcs_state_destructor()
s4/messaging: let the imessaging ctx destructor free msg_dgm_ref
s3/smbd: use correct talloc memory context for tevent subrequests
docs/vfs_fruit: explain when to use vfs_catia
s3/vfs/nfs4_acls: avoid a stat
s3/vfs: merge offline functionality into DOS attributes handling
s3/vfs: remove now unused is_offline/set_offline VFS functions
s3/vfs: tsmsm: add missing ;
s3/vfs: gpfs: adapt vfs_gpfs_is_offline() to changes from 3031815f982e365be50148564d47d7d5afab46e0
vfs_fruit: fix fruit:resource option spelling
WHATSNEW: document fruit:resource option spelling issue
manpages/vfs_fruit: add warning to fruit:resoure=stream
vfs_gpfs: update btime in vfs_gpfs_(f)get_dos_attributes
vfs_gpfs: remove updating btime from stat VFS calls
vfs_gpfs: simplify stat_with_capability() ifdef
ctdbd_conn: fix a resource leak
ctdbd_conn: remove unused fde from struct ctdbd_connection
s3/smbd: convert "mangled names" option to an enum
s3/smbd: new "mangled names" setting "illegal"
s3/torture: add a test for "mangled names = invalid"
s3/rpc_server: move rpc_modules.c to its own subsystem
debug: parse, store and pass backend option
debug: add "ringbuf" backend logging to a ringbuffer
messaging.idl: add ringbuf message types
s3/debug: listen for MSG_REQ_RINGBUF_LOG
s4/messaging: register for MSG_REQ_RINGBUF_LOG
smbcontrol: add ringbuf-log
s3/rpc_server/mdssvc: use flex noyyalloc noyyrealloc
s3/rpc_server/mdssvc: prefix public flex and bison global symbols
selftest: also run test base.createx_access against ad_dc
s3/smbd: check for invalid access_mask smbd_calculate_access_mask()
s3/smbd: ensure global "smb encrypt = off" is effective for SMB 1 clients
s3/smbd: ensure global "smb encrypt = off" is effective for SMB 3.1.1 clients
s3/smbd: ensure global "smb encrypt = off" is effective for share with "smb encrypt = desired"
docs: impact of a global "smb encrypt=off" on a share with "smb encrypt=required"
selftest: disable SMB encryption in simpleserver environment
selftest: add test for global "smb encrypt=off"
vfs_fruit: checks wrong AAPL config state and so always uses readdirattr
s3/rpc_server: shared rpc modules loading
libcli/smb: outbuf length is a IVAL ie a uint32_t
vfs_fruit: correct Netatalk metadata xattr on FreeBSD
vfs_fruit: cleanup metadata and resource xattr name defines
lib/replace: validate xattr namespace prefix on FreeBSD
s3/util: mvxattr, a tool to rename extended attributes
vfs_fruit: fix resource fork xattr name
s3/rpc_server/mdssvc: add attribute "kMDItemContentType"
vfs_streams_xattr: use fsp, not base_fsp
selftest: don't run vfs_fruit tests against ad_dc env
s3/includes: add FinderInfo offset define to MacExtensions.h
vfs_streams_xattr: call SMB_VFS_OPEN with smb_fname_base
vfs_streams_xattr: use SMB_VFS_NEXT_OPEN and CLOSE
vfs_catia: run translation on all handle based VFS functions
vfs_catia: add catia_readdir_attr
vfs_catia: add catia_(g|s)et_dos_attributes
vfs_fruit: fix fruit_pread with metadata=stream
vfs_fruit: fix fruit_ftruncate with metadata=stream
vfs_fruit: rename empty_finderinfo() and make it more robust
vfs_fruit: fix fruit_pwrite() with metadata=stream
vfs_fruit: replace unsafe ad_entry macro with a function
vfs_fruit: refactor fruit_open_meta()
vfs_fruit: correct fruit_open_meta_stream() implementation
vfs_fruit: refactor fruit_stat_meta()
vfs_fruit: correct fruit_stat_meta_stream() implementation
vfs_fruit: update_btime() is only needed for metadata=netatalk
vfs_fruit: refactor readdir_attr_meta()
vfs_fruit: correct readdir_attr_meta_finderi_stream() implementation
vfs_fruit: fix fruit_rename() for the fruit:resource!=file case
vfs_fruit: refactor fruit_unlink()
vfs_fruit: fix fruit_chmod() for the fruit:resource!=file case
vfs_fruit: fix fruit_chown() for the fruit:resource!=file case
vfs_fruit: fix fruit_rmdir() for the fruit:resource!=file case
vfs_fruit: in fruit_rmdir() check ._ files before deleting them
vfs_fruit: refactor fruit_open_rsrc()
vfs_fruit: refactor fruit_stat_rsrc()
vfs_fruit: add fruit_stat_rsrc_stream() implementation
vfs_fruit: add fruit_stat_rsrc_xattr() implementation
vfs_fruit: refactor fruit_streaminfo()
vfs_fruit: fix fruit_ntimes() for the fruit:metadata!=netatalk case
vfs_fruit: refactor fruit_ftruncate() and fix stream case
vfs_fruit: refactor readdir_attr_macmeta() resource fork size
vfs_fruit: use SMB_VFS_NEXT_OPEN in two places
vfs_fruit: remove base_fsp name translation
vfs_fruit: fix fruit_check_access()
selftest: disable vfs_fruit tests
vfs_fruit: rework struct adouble API
vfs_fruit: refactor fruit_open and use new adouble API
vfs_fruit: refactor fruit_pread and fruit_pwrite and use new adouble API
vfs_fruit: refactor fruit_fstat and use new adouble API
vfs_fruit: use fio in fruit_fallocate
vfs_fruit: refactor fruit_ftruncate and use new adouble API
selftest: reenable vfs_fruit tests
selftest: move vfs_fruit tests that require "fruit:metadata=netatalk" to vfs.fruit_netatalk
selftest: run vfs_fruit tests against share with fruit:metadata=stream
selftest: also run vfs_fruit tests with streams_depot
selftest: add description to vfs_fruit testsuites
s4/torture: vfs_fruit: add test_null_afpinfo test
s4/torture: vfs_fruit: test deleting a file with resource fork
s4/torture: add a vfs_fruit renaming test with open rsrc fork
lib/torture: add torture_assert_mem_equal_goto
s4/torture: add test for AAPL find with name with illegal NTFS characters
docs/vfs_fruit: document known limitations with fruit:encoding=native
s4/torture: change shares in used torture_suite_add_2ns_smb2_test()
selftest: add shares without vfs_fruit for the vfs_fruit tests
vfs_fruit: ignore or delete invalid AFP_AfpInfo streams
s4/torture: vfs_fruit: test invalid AFPINFO_STREAM_NAME
vfs_fruit: use stat info from base_fsp
s4/torture: vfs_fruit: add stream with illegal ntfs characters to copyile test
vfs_fruit: only veto AppleDouble files with fruit:resource=file
vfs_fruit: enabling AAPL extensions must be a global switch
libcli/smb: add max_credits arg to smbXcli_negprot_send()
libcli/smb: add smb2cli_conn_get_cur_credits
s4/torture: add some SMB2 crediting tests
libcli/smb: add smb2cli_conn_get_mid and smb2cli_conn_set_mid
s4/torture: add a creditting test skipping a SMB2 MID
manpages/vfs_fruit: document global options
s3/wscript: fix Linux kernel oplock detection
s3/smbd: add const to get_lease_type() args
s3/smbd: add comments and some reformatting to open_file_ntcreate()
s3/smbd: req is already validated at the beginning of open_file_ntcreate()
s3/smbd: simplify defer_open()
s3/smbd: add and use retry_open() instead of defer_open() in two places
s3/smbd: fix schedule_async_open() timer
s3/smbd: remove async_open arg from defer_open()
s3/smbd: all callers of defer_open() pass a lck
s3/smbd: fix deferred open with streams and kernel oplocks
s3/selftest: adopt config.h check from source4
s4/torture: some tests for kernel oplocks
s3/smbd: add my copyright to open.c
lib/pthreadpool: fix a memory leak
winbindd: use NULL for pointer check in get_cache()
winbindd: untangle reconnect_methods vs reconnect_ads_methods
winbindd: fix long lines in get_cache()
winbindd: README.Coding fixes for get_cache()
winbindd: remove trailing spaces in get_cache()
CVE-2017-2619: s3/smbd: re-open directory after dptr_CloseDir()
CVE-2017-2619: s4/torture: add SMB2_FIND tests with SMB2_CONTINUE_FLAG_REOPEN flag
s3/smbd: move copychunk ioctl limits to IDL
vfs_default: let copy_chunk_send use const from IDL
s3/smbd: move cc_copy into fsctl_srv_copychunk_state
s3/smbd: implement a serializing async copy-chunk loop
s3/smbd: optimize copy-chunk by merging chunks if possible
vfs_default: move check for fsp->op validity
s3/smbd: make copy chunk asynchronous
winbindd: use passdb backend for well-known SIDs
selftest: wbinfo -s tests for wellknown SIDs
selftest: wbinfo --sids-to-unix-ids tests for wellknown SIDs
winbindd: trigger possible passdb_dsdb initialisation
selftest: fix SID composition in a test script
winbindd: explicit check for well-known SIDs in wb_lookupsids_bulk()
selftest: fix for wbinfo -s tests for wellknown SIDs
winbindd: use correct domain name for failed lookupsids
winbindd: remove unused single_domains array
selftest: new environment "ad_member_idmap_rid"
selftest: tests idmap mapping with idmap_rid
vfs_fruit: resource fork open request with flags=O_CREAT|O_RDONLY
s4/torture: vfs_fruit: test for bug 12565
s3/include: add NT_STATUS_LOOKUP_ERR
s3/rpc_client: use NT_STATUS_LOOKUP_ERR
s3/rpc_client: lookupsids error handling of NT_STATUS_NONE_MAPPED
winbindd: error handling in rpc_lookup_sids()
libcli/security: fix dom_sid_in_domain()
winbindd: handling of SIDs without domain reference in wb_sids2xids_lookupsids_done()
winbindd: let wb_lookupsids_move_name() handle domain_index UINT32_MAX
winbindd: handling of failed lookupsids in wb_lookupsids_single_done()
winbindd: remove fallback to lookupsid for unknown SIDs
winbindd: remove lookupsid() fallback for a failed lookupsids()
winbindd: remove fallback from lookuprids
winbindd: only use the domain name from lookup sids if the domain matches
lib/util: add and use iov_concat
dbwrap: add enum dbwrap_req_state
dbwrap: add parse_record_send/recv to struct db_context
ctdb_conn: add ctdbd_parse_send/recv
dbwrap_ctdb: factor out a db_ctdb_try_parse_local_record() function
dbwrap_ctdb: implement parse_record_send()/recv()
dbwrap: add dbwrap_parse_record_send/recv
dbwrap_watch: add parse_record_send/recv wrappers
s3/locking: add fetch_share_mode_send/recv
s3/smbd: add file_id return arg to smbd_dirptr_lanman2_entry
s3/smbd: ask_sharemode is not needed for info_level SMB_FIND_FILE_NAMES_INFO
s3/smbd: enable processing SMB2 requests async internally
s3/smbd: make write time fetching async
s3/smbd: add "smbd:find async delay usec" to SMB2 FIND
s4/torture: add a test for compound SMB2 FIND requests
selftest: also run smb2.compound_find against share with async delay set
lib/util: add a test for tfork()
lib/util: make use of tfork in samba_runcmd_send()
wafsamba: add source directory define SRCDIR to config.h
lib/util: add a test for samba_runcmd_send()
vfs_acl_xattr|tdb: ensure create mask is at least 0666 if ignore_system_acls is set
vfs_fruit: lp_case_sensitive() does not return a bool
lib/util: fix a Coverity finding in tfork
tdb: runtime check for robust mutexes may hang in threaded programs
Revert "lib/util: make use of tfork in samba_runcmd_send()"
s3/locking: add const to fsp_lease_type
s3/locking: helper functions for lease types
s3/smbd: update exclusive oplock optimisation to the lease area
s3/smbd: update exclusive oplock optimisation to the lease area
s3/dbwrap_ctdb: set async_ctx to initialized
s3/dbwrap_ctdb: free resources in an error code path
vfs_streams_xattr: add pread_send/recv and pwrite_send/recv
vfs_fruit: add pread_send/recv and pwrite_send/recv
lib/torture: add two more ndr assert macros
s4/torture: smb2.ioctl: add src and dst path args to test_setup_copy_chunk
s4/torture: smb2.ioctl: add copy-chunk test with stream to smb2.ioctl
s4/torture: vfs_fruit: add src and dst path args to test_setup_copy_chunk
s4/torture: vfs_fruit: test copy-chunk on streams
s3/locking: make find_share_mode_entry public
s3/smbd: fix exclusive lease optimisation
s4/torture: test for bug 12798
s4/torture: add a leases test with stat open
s4:auth_winbind: remove a block nesting level and fix indentation
lib/util: enhanced tfork()
lib/util: make use of tfork in samba_runcmd_send()
lib/util: adjust loglevel in tfork test with samba_runcmd_send()
lib/util: add more tfork tests
librpc/idl: convert offload flags to a bitmap
librpc/idl: fix STORAGE_OFFLOAD_TOKEN_TYPE_ZERO_DATA definition
librpc/idl: make use storage_offload_token
s4/torture: pass destination tree to test_setup_copy_chunk
s3/vfs: add SMB_VFS_OFFLOAD_READ_SEND/RECV
s3/smbd: use SMB_VFS_OFFLOAD_READ_SEND/RECV
s3/vfs: rename SMB_VFS_COPY_CHUNK_SEND/RECV to SMB_VFS_OFFLOAD_WRITE_SEND/RECV
s3/smbd: remove ununsed req arg from CHECK_READ_IOCTL macro
s3/smbd: remove flags2 FLAGS2_READ_PERMIT_EXECUTE hack in the SMB2 code
s3/smbd: remove unused arg smb1req from copychunk_check_handles()
s3/smbd: remove copy-chunk chunk merging optimisation
s3/smbd: redesign macOS copyfile copy-chunk
s4/torture: add a test for copy-chunk across shares
s3/vfs: make SMB_VFS_OFFLOAD_WRITE_SEND offload token based
s4/torture: more tests for copy-chunk across shares
s3/smbd: get rid of files_struct.aapl_copyfile_supported
s3/smbd: remove unneeded flags argument from SMB_VFS_OFFLOAD_WRITE_SEND
s4/torture: test fetching a resume key twice
netlogon.idl: mark session keys with NDR_SECRET
samlogon_cache: add netsamlog_cache_for_all()
net: add net cache samlogon list|show|ndrdump|delete
net: fix net cache samlogon list output
s3/tests: add a net cache samlogon test
s3/smbd: let non_widelink_open() chdir() to directories directly
selftest: add a test for accessing previous version of directories with snapdirseverywhere
s3/vfs: remove SMB_VFS_STRICT_UNLOCK
s3/vfs: rename SMB_VFS_STRICT_LOCK to SMB_VFS_STRICT_LOCK_CHECK
ctdb: enable mutexes for volatile TDBs by default
dbwrap: enable mutexes by default for volatile TDBs
ctdbd_conn: move CTDB_CONTROL_ENABLE_SEQNUM control to db_open_ctdb
ctdbd_conn: pass persistent bool instead of tdb_flags
dbwrap: Ask CTDB for local tdb open flags
vfs_fruit: don't use MS NFS ACEs with Windows clients
s3/notifyd: ensure notifyd doesn't return from smbd_notifyd_init
s3/smbd: handling of failed DOS attributes reading
s3/smbd: handle EACCES when fetching DOS attributes from xattr
vfs_gpfs: handle EACCES when fetching DOS attributes from xattr
vfs_streams_xattr: invalidate stat info if xattr was not found
vfs_streams_xattr: remove all uses of fd, use name based functions
vfs_streams_xattr: remove fsp argument from get_xattr_size()
vfs_streams_xattr: always pass NULL as fsp arg to get_ea_value()
vfs_streams_xattr: implement all missing handle based VFS functions
vfs_streams_xattr: return a fake fd in streams_xattr_open()
s4/torture: reproducer for kernel oplocks issue with streams
s4/torture: additional tests for kernel-oplocks
vfs_fruit: use path based setxattr call in ad_fset()
vfs_fruit: don't open basefile in ad_open() and simplify API
vfs_fruit: return fake pipe fd in fruit_open_meta_netatalk()
vfs_fruit: factor out common code from ad_get() and ad_fget()
s3/smbd: sticky write time offset miscalculation causes broken timestamps
lib/util: only close the event_fd in tfork if the caller didn't call tfork_event_fd()
Ralph Wuerthner (4):
ctdb-conn: add missing variable initialization
net conf: fix error message
param: add lp_parameter_value_is_valid() function
param: fix lp_parameter_value_is_valid() for parametric options
Richard Sharpe (12):
Fix an obvious error where we were converting a UNIX error to an NT STATUS but not returning it.
s3: vfs: Add VFS functions for setting and getting DOS attributes.
Fixes an obvious copy-paste error in source3/utils/net_dns.c
Refactor the dns_open_connection code so that duplicate code is removed and ensure that EINTR is handled in the UDP path.
selfttest: add common_test_fns.inc
s3: net: Return an error when no name servers were returned by the lookup so that we see an error in self test.
s3/net: print returned addresses in dns gethostbyname
source4/scripting: add an option to samba_dnsupdate to add ns records.
s4/selftests: test net ads dns register/unregister.
testprogs/blackbox: Improve the net ads dns register tests.
Log the actual error returned when creating a pipe for client logging in CTDB fails. Helps with debugging issues.
Bug 15852. There are valid paths where conn->lsa_pipe_tcp->transport is NULL. Protect against this.
Robin Hack (7):
samba3.blackbox.smbclient_auth.plain: Add new regression test case.
ctdb-tests: Fix CID 1358704 use of "=" where "==" may have been intended
talloc/testsuite: Fix CID 1291641 - Logically dead code
lib/http/http_auth: Fix CID 1273428 - Unchecked return value
dcesrv_backupkey_heimdal: Fix CID 1321647 - Unchecked return value
ldb-samba/ldb_matching_rules: Fix CID 1349424 - Uninitialized pointer read
winbindd/idmap_rfc2307: Fix CID 1273424 - Read from pointer after free
Robin McCorkell (1):
Correctly set cli->raw_status for libsmbclient in SMB2 code
Rowland Penny (11):
Bug 11818 : obvious missing word When trying to demote a dc, 'remove_dc.remove_sysvol_references' is sent 'remote_samdb, dc_name' , it expects 'remote_samdb, logger, dc_name'
samba-too: Allow 'samba-tool fsmo' to cope with empty or missing fsmo roles
Fix typo in python/samba/provision/__init__.py
tests/samba-tool/user.py: replace deprecated 'add' subcommand with 'create'
remove duplicate lines from 'man smb.conf'
bug 12292: stop user.py throwing errors if user is unknown
bug 12293: stop group.py throwing errors if group is unknown
samba-tool: You cannot add members to a group if the member exists as a sAMAccountName and a CN.
Easily edit a users object in AD, as if using ldbedit.
Add test for 'samba-tool user edit'
Add code to run the tests for 'samba-tool user edit'
Saji VR (1):
lib:talloc. Fix memory leak when destructors reparent children.
Santiago Vila (1):
examples/smb.conf.default: Fix typo in comment line: sever -> server
Shilpa Krishnareddy (1):
notify: Fix ordering of events in notifyd
Shyamsunder Rathi (2):
s3/vfs:stream_depots: Parse substitutions in streams-depot-directory path
s3:utils/net: Add new option 'unregister' in 'net ads dns' command.
Stefan Metzmacher (1330):
CVE-2016-0771: s4:librpc: python_dns and python_dcerpc_dnsp doesn't require client bindings
CVE-2016-0771: librpc: add RPC_NDR_DNSSERVER to dcerpc-samba library
CVE-2016-0771: librpc: add ndr_dnsp_string_list_copy() helper function
CVE-2016-0771: s4:dns_server: fix idl for dns_txt_record
CVE-2016-0771: dns.idl: make use of dnsp_hinfo
lib/util_net: move ipv6 linklocal handling into interpret_string_addr_internal()
lib/util_net: add support for .ipv6-literal.net
s3:test_smbclient_auth.sh: test using the ip address in the unc path (incl. ipv6-literal.net)
s3:selftest: run samba3.blackbox.smbclient_auth.plain also with $SERVER_IPV6
epmapper.idl: make epm_twr_t available in python bindings
dcerpc.idl: make WERROR RPC faults available in ndr_print output
librpc/rpc: add error mappings for NO_CALL_ACTIVE, OUT_OF_RESOURCES and BAD_STUB_DATA
s4:librpc/rpc: map alter context SEC_PKG_ERROR to NT_STATUS_LOGON_FAILURE
s3:libads: remove unused ads_connect_gc()
wscript_configure_system_mitkrb5: add configure checks for GSS_KRB5_CRED_NO_CI_FLAGS_X
s3:librpc/gse: make use of GSS_C_EMPTY_BUFFER in gse_init_client
s3:librpc/gse: fix debug message in gse_init_client()
s3:librpc/gse: set GSS_KRB5_CRED_NO_CI_FLAGS_X in gse_init_client() if available
s3:librpc/gse: correctly support GENSEC_FEATURE_SESSION_KEY
s3:librpc/gse: don't log gss_acquire_creds failed at level 0
s3:librpc/gse: implement gensec_gse_max_{input,wrapped}_size()
s4:pygensec: make sig_size() and sign/check_packet() available
auth/gensec: keep a pointer to a possible child/sub gensec_security context
auth/gensec: handle gensec_security_by_sasl_name(NULL, ...)
auth/gensec: make gensec_security_by_name() public
s3:auth_generic: add auth_generic_client_start_by_name()
s3:auth_generic: add auth_generic_client_start_by_sasl()
auth/ntlmssp: keep ntlmssp_state->server.netbios_domain on the correct talloc context
auth/ntlmssp: add gensec_ntlmssp_server_domain()
s3:ntlm_auth: fix --use-cached-creds with ntlmssp-client-1
s3:torture/test_ntlm_auth.py: replace tabs with whitespaces
s3:torture/test_ntlm_auth.py: add --client-use-cached-creds option
s3:tests/test_ntlm_auth_s3: test ntlmssp-client-1 with cached credentials
winbindd: pass an memory context to do_ntlm_auth_with_stored_pw()
s3:auth_generic: make use of the top level NTLMSSP client code
s3:ntlmssp: remove unused libsmb/ntlmssp_wrap.c
auth/ntlmssp: provide a "ntlmssp_resume_ccache" backend
auth/gensec: add GENSEC_FEATURE_NTLM_CCACHE define
auth/ntlmssp: implement GENSEC_FEATURE_NTLM_CCACHE
s3:auth_generic: add "ntlmssp_resume_ccache" backend in auth_generic_client_prepare()
winbindd: make use of ntlmssp_resume_ccache backend for WINBINDD_CCACHE_NTLMAUTH
s3:ntlm_auth: also use gensec for "ntlmssp-client-1" and "gss-spnego-client"
auth/ntlmssp: split out a debug_ntlmssp_flags_raw() that's more complete
auth/ntlmssp: NTLMSSP_NEGOTIATE_VERSION is not a negotiated option
auth/ntlmssp: define all client neg_flags in gensec_ntlmssp_client_start()
auth/ntlmssp: set NTLMSSP_ANONYMOUS for anonymous authentication
auth/ntlmssp: don't send domain and workstation in the NEGOTIATE_MESSAGE
auth/ntlmssp: add ntlmssp_version_blob()
auth/ntlmssp: let the client always include NTLMSSP_NEGOTIATE_VERSION
auth/ntlmssp: use ntlmssp_version_blob() in the server
security.idl: add LSAP_TOKEN_INFO_INTEGRITY
ntlmssp.idl: MsAvRestrictions is MsvAvSingleHost now
ntlmssp.idl: make AV_PAIR_LIST public
librpc/ndr: add ndr_ntlmssp_find_av() helper function
auth/gensec: add GENSEC_FEATURE_LDAP_STYLE define
auth/ntlmssp: implement GENSEC_FEATURE_LDAP_STYLE
auth/ntlmssp: add more compat for GENSEC_FEATURE_LDAP_STYLE
auth/ntlmssp: remove ntlmssp_unwrap() fallback for LDAP
s4:libcli/ldap: make use of GENSEC_FEATURE_LDAP_STYLE
s4:libcli/ldap: fix retry authentication after a bad password
s4:selftest: we don't need to run ldap test with --option=socket:testnonblock=true
s4:selftest: simplify the loops over samba4.ldb.ldap
s4:ldap_server: make use of GENSEC_FEATURE_LDAP_STYLE
s3:libads: add missing TALLOC_FREE(frame) in error path
s3:libads: make use of GENSEC_FEATURE_LDAP_STYLE
s3:libads: make use of GENSEC_OID_SPNEGO in ads_sasl_spnego_ntlmssp_bind()
s3:libads: provide a generic ads_sasl_spnego_gensec_bind() function
s3:libads: don't pass given_principal to ads_generate_service_principal() anymore.
s3:libads: keep service and hostname separately in ads_service_principal
s3:libads: make use of ads_sasl_spnego_gensec_bind() for GSS-SPNEGO with Kerberos
s3:libsmb: make use gensec based SPNEGO/NTLMSSP
s3:libsmb: unused ntlmssp.c
s3:libsmb: let cli_session_setup_ntlmssp*() use gensec_update_send/recv()
s3:libsmb: provide generic cli_session_setup_gensec_send/recv() pair
s3:libsmb: call cli_state_remote_realm() within cli_session_setup_spnego_send()
s3:libsmb: make use of cli_session_setup_gensec*() for Kerberos
s3:libsmb: remove unused cli_session_setup_kerberos*() functions
s3:libsmb: remove unused functions in clispnego.c
s4:torture/rpc: do testjoin only via ncalrpc or ncacn_np
s4:torture: the backupkey tests need to use ncacn_np: for LSA calls
s4:selftest: run rpc.samr over ncacn_np instead of ncacn_ip_tcp
s4:torture:samba3rpc: use an authenticated SMB connection and an anonymous DCERPC connection on top
s4:librpc/rpc: dcerpc_generic_session_key() should only be available on local transports
s4:rpc_server/samr: hide a possible NO_USER_SESSION_KEY error
s4:rpc_server: dcesrv_generic_session_key should only work on local transports
s4:dsdb/test/notification: make test_invalid_filter more resilient against ordering races
s4:dsdb/test/sort: avoid 'from collections import Counter'
selftest: mark samba4.winbind.struct.domain_info.ad_member as flapping
s3:winbindd: don't unclude two '\0' at the end of the domain list
s4:torture/lsa: improve debug message
s3:wscript: pylibsmb depends on pycredentials
ldb-samba:wscript: python_samba__ldb depends on pyauth
selftest: s!addc.samba.example.com!addom.samba.example.com!
selftest: add some helper scripts to mange a CA
selftest: add config and script to create a samba.example.com CA
selftest: add CA-samba.example.com (non-binary) files
selftest: add CA-samba.example.com binary files (currently unused by Samba)
selftest: mark commands in manage-CA-samba.example.com.sh as DONE
selftest: add Samba::prepare_keyblobs() helper function
selftest: use Samba::prepare_keyblobs() and use the certs from the new CA
selftest: set tls crlfile if it exist
selftest: setup information of new samba.example.com CA in the client environment
s3:selftest: rpc.samr.passwords.validate should run with [seal] in order to be realistic
s3:test_rpcclient_samlogon.sh: test samlogon with schannel
s4:torture/netlogon: add/use test_SetupCredentialsPipe() helper function
s4:torture/rpc/samr: use DCERPC_SEAL in setup_schannel_netlogon_pipe()
s4:torture/rpc/samlogon: use DCERPC_SEAL for netr_LogonSamLogonEx and validation level 6
s4:torture/rpc: correctly use torture_skip() for test_ManyGetDCName() without NCACN_NP
s4:torture/rpc/schannel: don't use validation level 6 without privacy
auth/gensec: make sure gensec_security_by_auth_type() returns NULL for AUTH_TYPE_NONE
auth/gensec: split out a gensec_verify_dcerpc_auth_level() function
s4:rpc_server: require access to the machine account credentials
s4:selftest: run rpc.netlogon.admin also over ncalrpc and ncacn_ip_tcp
s3:rpc_server/samr: correctly handle session_extract_session_key() failures
s3:ntlm_auth: pass manage_squid_request() needs a valid struct ntlm_auth_state from within get_password()
Revert "autobuild: Return the last 50 log lines"
selftest/Samba3: use the correct "SELFTEST_WINBINDD_SOCKET_DIR" for "net join"
tdb: version 1.3.9
Revert "selftest: dbcheck should not be marked flapping"
CVE-2016-2110: auth/ntlmssp: let ntlmssp_handle_neg_flags() return NTSTATUS
CVE-2016-2110: auth/ntlmssp: maintain conf_flags and required_flags variables
CVE-2016-2110: auth/ntlmssp: split allow_lm_response from allow_lm_key
CVE-2016-2110: auth/ntlmssp: don't allow a downgrade from NTLMv2 to LM_AUTH
CVE-2016-2110: auth/ntlmssp: don't let ntlmssp_handle_neg_flags() change ntlmssp_state->use_ntlmv2
CVE-2016-2110: auth/ntlmssp: let gensec_ntlmssp_client_start require flags depending on the requested features
CVE-2016-2110: auth/ntlmssp: let gensec_ntlmssp_client_start require NTLM2 (EXTENDED_SESSIONSECURITY) when using ntlmv2
CVE-2016-2110: winbindd: add new_spnego to the WINBINDD_CCACHE_NTLMAUTH response
CVE-2016-2110: libcli/auth: use enum spnego_negResult instead of uint8_t
CVE-2016-2110: libcli/auth: add SPNEGO_REQUEST_MIC to enum spnego_negResult
CVE-2016-2110: auth/gensec: fix the client side of a new_spnego exchange
CVE-2016-2110: auth/gensec: fix the client side of a spnego downgrade
CVE-2016-2110: auth/gensec: require spnego mechListMIC exchange for new_spnego backends
CVE-2016-2110: auth/gensec: add gensec_may_reset_crypto() infrastructure
CVE-2016-2110: auth/ntlmssp: call ntlmssp_sign_init if we provide GENSEC_FEATURE_SIGN
CVE-2016-2110: auth/ntlmssp: implement gensec_ntlmssp_may_reset_crypto()
CVE-2016-2110: auth/credentials: clear the LMv2 key for NTLMv2 in cli_credentials_get_ntlm_response()
CVE-2016-2110: auth/credentials: pass server_timestamp to cli_credentials_get_ntlm_response()
CVE-2016-2110: libcli/auth: pass server_timestamp to SMBNTLMv2encrypt_hash()
CVE-2016-2110: ntlmssp.idl: add NTLMSSP_MIC_{OFFSET,SIZE}
CVE-2016-2110: auth/ntlmssp: implement new_spnego support including MIC checking (as server)
CVE-2016-2110: auth/ntlmssp: implement new_spnego support including MIC generation (as client)
CVE-2016-2111: auth/gensec: require DCERPC_AUTH_LEVEL_INTEGRITY or higher in schannel_update()
CVE-2016-2111: auth/gensec: correctly report GENSEC_FEATURE_{SIGN,SEAL} in schannel_have_feature()
CVE-2016-2111: s4:rpc_server: implement 'server schannel = yes' restriction
CVE-2016-2111: s4:rpc_server/netlogon: require DCERPC_AUTH_LEVEL_PRIVACY for validation level 6
CVE-2016-2111: s3:rpc_server/netlogon: require DCERPC_AUTH_LEVEL_PRIVACY for validation level 6
CVE-2016-2111: s4:torture/rpc: fix rpc.samba3.netlogon ntlmv2 test
CVE-2016-2111: s4:torture/rpc: fix rpc.pac ntlmv2 test
CVE-2016-2111: libcli/auth: add NTLMv2_RESPONSE_verify_netlogon_creds() helper function
CVE-2016-2111: s4:rpc_server/netlogon: check NTLMv2_RESPONSE values for SEC_CHAN_WKSTA
CVE-2016-2111: s3:rpc_server/netlogon: check NTLMv2_RESPONSE values for SEC_CHAN_WKSTA
CVE-2016-2111: s4:torture/raw: don't use ntlmv2 for dos connection in raw.samba3badpath
CVE-2016-2111: s4:torture/base: don't use ntlmv2 for dos connection in base.samba3error
CVE-2016-2111: s4:libcli: don't allow the LANMAN2 session setup without "client lanman auth = yes"
CVE-2016-2111: s4:param: use "client use spnego" to initialize options->use_spnego
CVE-2016-2111: s4:libcli: don't send a raw NTLMv2 response when we want to use spnego
CVE-2016-2111: s3:libsmb: don't send a raw NTLMv2 response when we want to use spnego
CVE-2016-2111: docs-xml: document the new "client NTLMv2 auth" and "client use spnego" interaction
CVE-2016-2111: docs-xml: add "raw NTLMv2 auth" defaulting to "yes"
CVE-2016-2111: s3:auth: implement "raw NTLMv2 auth" checks
CVE-2016-2111: s4:smb_server: implement "raw NTLMv2 auth" checks
CVE-2016-2111: selftest:Samba3: use "raw NTLMv2 auth = yes" for nt4_dc
CVE-2016-2111: docs-xml/smbdotconf: default "raw NTLMv2 auth" to "no"
CVE-2016-2112: s3:libads: make sure we detect downgrade attacks
CVE-2016-2112: s4:libcli/ldap: honour "client ldap sasl wrapping" option
CVE-2016-2112: s4:libcli/ldap: make sure we detect downgrade attacks
CVE-2016-2112: s4:libcli/ldap: auto upgrade to SIGN after STRONG_AUTH_REQUIRED
CVE-2016-2112: s4:selftest: use --option=clientldapsaslwrapping=plain for plain connections
CVE-2016-2112: s4:ldap_server: reduce scope of old_session_info variable
CVE-2016-2112: docs-xml: add "ldap server require strong auth" option
CVE-2016-2112: s4:ldap_server: implement "ldap server require strong auth" option
CVE-2016-2112: s4:selftest: run samba4.ldap.bind against fl2008r2dc
CVE-2016-2112: selftest: servers with explicit "ldap server require strong auth" options
CVE-2016-2112: s4:selftest: run some ldap test against ad_dc_ntvfs, fl2008r2dc and fl2003dc
CVE-2016-2112: docs-xml: change the default of "ldap server require strong auth" to "yes"
CVE-2016-2113: s4:lib/tls: create better certificates and sign the host cert with the ca cert
CVE-2016-2113: s4:lib/tls: implement infrastructure to do peer verification
CVE-2016-2113: docs-xml: add "tls verify peer" option defaulting to "no_check"
CVE-2016-2113: s4:selftest: explicitly use '--option="tlsverifypeer=no_check" for some ldaps tests
CVE-2016-2113: s4:libcli/ldap: verify the server certificate and hostname if configured
CVE-2016-2113: s4:librpc/rpc: verify the rpc_proxy certificate and hostname if configured
CVE-2016-2113: selftest: test all "tls verify peer" combinations with ldaps
CVE-2016-2113: selftest: use "tls verify peer = no_check"
CVE-2016-2113: docs-xml: let "tls verify peer" default to "as_strict_as_possible"
CVE-2016-2114: s4:smb2_server: fix session setup with required signing
CVE-2016-2114: s3:smbd: use the correct default values for "smb signing"
CVE-2016-2114: docs-xml: let the "smb signing" documentation reflect the reality
CVE-2016-2115: docs-xml: add "client ipc min protocol" and "client ipc max protocol" options
CVE-2016-2115: docs-xml: add "client ipc signing" option
CVE-2016-2115: s4:libcli/raw: add smbcli_options.min_protocol
CVE-2016-2115: s4:libcli/smb2: use the configured min_protocol
CVE-2016-2115: s4:libcli/raw: limit maxprotocol to NT1 in smb_raw_negotiate*()
CVE-2016-2115: s4:libcli/raw: pass the minprotocol to smb_raw_negotiate*()
CVE-2016-2115: s4:librpc/rpc: make use of "client ipc *" options for ncacn_np
CVE-2016-2115: s3:winbindd: use lp_client_ipc_{min,max}_protocol()
CVE-2016-2115: s3:winbindd: use lp_client_ipc_signing()
CVE-2016-2115: s3:libsmb: let SMB_SIGNING_IPC_DEFAULT use "client ipc min/max protocol"
CVE-2016-2115: docs-xml: always default "client ipc signing" to "mandatory"
CVE-2016-2118: s4:rpc_server: make it possible to define a min_auth_level on a presentation context
CVE-2016-2118: s4:rpc_server/drsuapi: require DCERPC_AUTH_LEVEL_PRIVACY
CVE-2016-2118: s4:rpc_server/backupkey: require DCERPC_AUTH_LEVEL_PRIVACY
CVE-2016-2118: python:tests/dcerpc: use [sign] for dnsserver tests
CVE-2016-2118: s4:rpc_server/dnsserver: require at least DCERPC_AUTH_LEVEL_INTEGRITY
CVE-2016-2118: s3: rpcclient: change the default auth level from DCERPC_AUTH_LEVEL_CONNECT to DCERPC_AUTH_LEVEL_INTEGRITY
CVE-2016-2118: librpc: change the default auth level from DCERPC_AUTH_LEVEL_CONNECT to DCERPC_AUTH_LEVEL_INTEGRITY
CVE-2016-2118: s4:librpc: use integrity by default for authenticated binds
CVE-2016-2118: docs-xml: add "allow dcerpc auth level connect" defaulting to "yes"
CVE-2016-2118: s4:rpc_server: make use of "allow dcerpc auth level connect"
CVE-2016-2118: s4:rpc_server/lsa: reject DCERPC_AUTH_LEVEL_CONNECT by default
CVE-2016-2118: s4:rpc_server/samr: reject DCERPC_AUTH_LEVEL_CONNECT by default
CVE-2016-2118: s4:rpc_server/netlogon: reject DCERPC_AUTH_LEVEL_CONNECT by default
CVE-2016-2118: s4:rpc_server/epmapper: allow DCERPC_AUTH_LEVEL_CONNECT by default
CVE-2016-2118: s4:rpc_server/mgmt: allow DCERPC_AUTH_LEVEL_CONNECT by default
CVE-2016-2118: s4:rpc_server/rpcecho: allow DCERPC_AUTH_LEVEL_CONNECT by default
CVE-2016-2118: s3:rpc_server: make use of "allow dcerpc auth level connect"
CVE-2016-2118: s3:rpc_server/{samr,lsa,netlogon}: reject DCERPC_AUTH_LEVEL_CONNECT by default
CVE-2016-2118: s3:rpc_server/{epmapper,echo}: allow DCERPC_AUTH_LEVEL_CONNECT by default
CVE-2016-2118: docs-xml: default "allow dcerpc auth level connect" to "no"
CVE-2016-2118: s4:rpc_server/samr: allow _samr_ValidatePassword only with PRIVACY...
CVE-2016-2118: s3:rpc_server/samr: allow _samr_ValidatePassword only with PRIVACY...
CVE-2015-5370: dcerpc.idl: add DCERPC_{NCACN_PAYLOAD,FRAG}_MAX_SIZE defines
CVE-2015-5370: librpc/rpc: simplify and harden dcerpc_pull_auth_trailer()
CVE-2015-5370: s3:librpc/rpc: don't call dcerpc_pull_auth_trailer() if auth_length is 0
CVE-2015-5370: s4:librpc/rpc: send a dcerpc_sec_verification_trailer if needed
CVE-2015-5370: s4:librpc/rpc: maintain dcecli_security->auth_{type,level,context_id}
CVE-2015-5370: s4:librpc/rpc: use auth_context_id = 1
CVE-2015-5370: s4:librpc/rpc: use a local auth_info variable in ncacn_push_request_sign()
CVE-2015-5370: s4:librpc/rpc: avoid using hs->p->conn->security_state.auth_info in dcerpc_bh_auth_info()
CVE-2015-5370: s4:librpc/rpc: avoid using c->security_state.auth_info in ncacn_pull_request_auth()
CVE-2015-5370: s4:librpc/rpc: always use ncacn_pull_request_auth() for DCERPC_PKT_RESPONSE pdus
CVE-2015-5370: s4:librpc/rpc: avoid dereferencing sec->auth_info in dcerpc_request_prepare_vt()
CVE-2015-5370: s4:librpc/rpc: simplify checks if gensec is used in dcerpc_ship_next_request()
CVE-2015-5370: s4:librpc/rpc: avoid using dcecli_security->auth_info and use per request values
CVE-2015-5370: s4:librpc/rpc: finally verify the server uses the expected auth_{type,level,context_id} values
CVE-2015-5370: librpc/rpc: add a dcerpc_verify_ncacn_packet_header() helper function
CVE-2015-5370: s3:rpc_client: move AS/U hack to the top of cli_pipe_validate_current_pdu()
CVE-2015-5370: s3:rpc_client: remove useless frag_length check in rpc_api_pipe_got_pdu()
CVE-2015-5370: s4:librpc/rpc: make use of dcerpc_map_ack_reason() in dcerpc_bind_recv_handler()
CVE-2015-5370: s4:librpc/rpc: handle DCERPC_PKT_FAULT before anything else in dcerpc_alter_context_recv_handler()
CVE-2015-5370: s4:librpc/rpc: use dcerpc_verify_ncacn_packet_header() to verify BIND_ACK,ALTER_RESP,RESPONSE pdus
CVE-2015-5370: s4:librpc/rpc: protect dcerpc_request_recv_data() against too large payloads
CVE-2015-5370: s4:rpc_server: make use of talloc_zero()
CVE-2015-5370: s4:rpc_server: no authentication is indicated by pkt->auth_length == 0
CVE-2015-5370: s4:rpc_server: check the result of dcerpc_pull_auth_trailer() in dcesrv_auth_bind()
CVE-2015-5370: s4:rpc_server: maintain dcesrv_auth->auth_{type,level,context_id}
CVE-2015-5370: s4:rpc_server: make use of dce_call->conn->auth_state.auth_* in dcesrv_request()
CVE-2015-5370: s4:rpc_server/lsa: make use of dce_call->conn->auth_state.auth_{level,type}
CVE-2015-5370: s4:rpc_server/samr: make use of dce_call->conn->auth_state.auth_level
CVE-2015-5370: s4:rpc_server/netlogon: make use of dce_call->conn->auth_state.auth_{level,type}
CVE-2015-5370: s4:rpc_server: correctly maintain dcesrv_connection->max_{recv,xmit}_frag
CVE-2015-5370: s4:rpc_server: avoid ZERO_STRUCT() in dcesrv_fault()
CVE-2015-5370: s4:rpc_server: set alloc_hint = 24 in dcesrv_fault()
CVE-2015-5370: s4:rpc_server: fill context_id in dcesrv_fault()
CVE-2015-5370: s4:rpc_server: split out a dcesrv_fault_with_flags() helper function
CVE-2015-5370: s4:rpc_server: add some padding to dcesrv_bind_nak() responses
CVE-2015-5370: s4:rpc_server: return the correct secondary_address in dcesrv_bind()
CVE-2015-5370: s4:rpc_server: make dcesrv_process_ncacn_packet() static
CVE-2015-5370: s4:rpc_server: add infrastructure to terminate a connection after a response
CVE-2015-5370: s4:rpc_server: verify the protocol headers before processing pdus
CVE-2015-5370: s4:rpc_server: ensure that the message ordering doesn't violate the spec
CVE-2015-5370: s4:rpc_server: maintain in and out struct dcerpc_auth per dcesrv_call_state
CVE-2015-5370: s4:rpc_server: make sure alter_context and auth3 can't change auth_{type,level,context_id}
CVE-2015-5370: s4:rpc_server: let invalid request fragments disconnect the connection with a protocol error
CVE-2015-5370: s4:rpc_server: remove pointless dcesrv_find_context() from dcesrv_bind()
CVE-2015-5370: s4:rpc_server: don't derefence an empty ctx_list array in dcesrv_alter()
CVE-2015-5370: s4:rpc_server: changing an existing presentation context via alter_context is a protocol error
CVE-2015-5370: s4:rpc_server: fix the order of error checking in dcesrv_alter()
CVE-2015-5370: s4:rpc_server: failing authentication should generate a SEC_PKG_ERROR
CVE-2015-5370: s4:rpc_server: let a failing auth3 mark the authentication as invalid
CVE-2015-5370: s4:rpc_server: disconnect after a failing dcesrv_auth_request()
CVE-2015-5370: s4:rpc_server: give the correct reject reasons for invalid auth_level values
CVE-2015-5370: s4:rpc_server: check frag_length for requests
CVE-2015-5370: s4:rpc_server: limit allocation and alloc_hint to 4 MByte
CVE-2015-5370: s4:rpc_server: only allow one fragmented call_id at a time
CVE-2015-5370: s4:rpc_server: the assoc_group is relative to the connection (association)
CVE-2015-5370: s4:rpc_server: reject DCERPC_PFC_FLAG_PENDING_CANCEL with DCERPC_FAULT_NO_CALL_ACTIVE
CVE-2015-5370: librpc/rpc: don't allow pkt->auth_length == 0 in dcerpc_pull_auth_trailer()
CVE-2015-5370: s3:librpc/rpc: remove auth trailer and possible padding within dcerpc_check_auth()
CVE-2015-5370: s3:librpc/rpc: let dcerpc_check_auth() auth_{type,level} against the expected values.
CVE-2015-5370: s3:rpc_client: make use of dcerpc_pull_auth_trailer()
CVE-2015-5370: s3:rpc_client: make use of dcerpc_verify_ncacn_packet_header() in cli_pipe_validate_current_pdu()
CVE-2015-5370: s3:rpc_client: protect rpc_api_pipe_got_pdu() against too large payloads
CVE-2015-5370: s3:rpc_client: verify auth_{type,level} in rpc_pipe_bind_step_one_done()
CVE-2015-5370: s3:rpc_server: make use of dcerpc_pull_auth_trailer() in api_pipe_{bind_req,alter_context,bind_auth3}()
CVE-2015-5370: s3:rpc_server: let a failing sec_verification_trailer mark the connection as broken
CVE-2015-5370: s3:rpc_server: just call pipe_auth_generic_bind() in api_pipe_bind_req()
CVE-2015-5370: s3:rpc_server: don't ignore failures of dcerpc_push_ncacn_packet()
CVE-2015-5370: s3:rpc_server: don't allow auth3 if the authentication was already finished
CVE-2015-5370: s3:rpc_server: let a failing auth3 mark the authentication as invalid
CVE-2015-5370: s3:rpc_server: make sure auth_level isn't changed by alter_context or auth3
CVE-2015-5370: s3:rpc_server: use 'alter' instead of 'bind' for variables in api_pipe_alter_context()
CVE-2015-5370: s3:rpc_server: verify presentation context arrays
CVE-2015-5370: s3:rpc_server: make use of dcerpc_verify_ncacn_packet_header() to verify incoming pdus
CVE-2015-5370: s3:rpc_server: disconnect the connection after a fatal FAULT pdu
CVE-2015-5370: s3:rpc_server: let a failing BIND mark the connection as broken
CVE-2015-5370: s3:rpc_server: use DCERPC_NCA_S_PROTO_ERROR FAULTs for protocol errors
CVE-2015-5370: s3:librpc/rpc: remove unused dcerpc_pull_dcerpc_auth()
CVE-2015-5370: s3:rpc_server: check the transfer syntax in check_bind_req() first
CVE-2015-5370: s3:rpc_server: don't allow an existing context to be changed in check_bind_req()
CVE-2015-5370: s3:rpc_client: pass struct pipe_auth_data to create_rpc_{bind_auth3,alter_context}()
CVE-2015-5370: s3:librpc/rpc: add auth_context_id to struct pipe_auth_data
CVE-2015-5370: s3:rpc_client: make use of pipe_auth_data->auth_context_id
CVE-2015-5370: s3:rpc_server: make use of pipe_auth_data->auth_context_id
CVE-2015-5370: s3:librpc/rpc: make use of auth->auth_context_id in dcerpc_add_auth_footer()
CVE-2015-5370: s3:librpc/rpc: verify auth_context_id in dcerpc_check_auth()
CVE-2015-5370: s3:rpc_client: verify auth_context_id in rpc_pipe_bind_step_one_done()
CVE-2015-5370: s3:rpc_server: verify auth_context_id in api_pipe_{bind_auth3,alter_context}
CVE-2015-5370: libcli/smb: use a max timeout of 1 second in tstream_smbXcli_np_destructor()
CVE-2015-5370: s3:rpc_client: disconnect connection on protocol errors
CVE-2015-5370: s4:librpc/rpc: call dcerpc_connection_dead() on protocol errors
CVE-2015-5370: python/samba/tests: add infrastructure to do raw protocol tests for DCERPC
CVE-2015-5370: python/samba/tests: add some dcerpc raw_protocol tests
CVE-2015-5370: s4:selftest: run samba.tests.dcerpc.raw_protocol against ad_dc
s3:libads: sasl wrapped LDAP connections against with kerberos and arcfour-hmac-md5
s4:gensec_tstream: allow wrapped messages up to a size of 0xfffffff
s3:libads/sasl: allow wrapped messages up to a size of 0xfffffff
auth/spnego: change log level for 'Failed to setup SPNEGO negTokenInit request: NT_STATUS_INTERNAL_ERROR'
auth/spnego: handle broken mechListMIC response from Windows 2000
auth/ntlmssp: don't require any flags in the ccache_resume code
auth/ntlmssp: don't require NTLMSSP_SIGN for smb connections
s3:libsmb: use password = NULL for anonymous connections
libcli/smb: add smb1cli_session_set_action() helper function
libcli/smb: add SMB1 session setup action flags
libcli/smb: add smbXcli_session_is_guest() helper function
s3:libsmb: record the session setup action flags
s3:libsmb: don't finish the gensec handshake for guest logins
s3:libsmb: use anonymous authentication via spnego if possible
auth/spnego: only try to verify the mechListMic if signing was negotiated.
s4:auth_anonymous: anonymous authentication doesn't allow a password
s3:auth_builtin: anonymous authentication doesn't allow a password
libcli/security: implement SECURITY_GUEST
s3:smbd: make use SMB_SETUP_GUEST constant
s3:smbd: only mark real guest sessions with the GUEST flag
auth/ntlmssp: do map to guest checking after the authentication
auth/spnego: add spnego:simulate_w2k option for testing
auth/ntlmssp: add ntlmssp_{client,server}:force_old_spnego option for testing
selftest:Samba4: provide DC_* variables for fl2000dc and fl2008r2dc
s3:test_smbclient_auth.sh: this script reqiures 5 arguments
selftest:Samba4: let fl2000dc use Windows2000 supported_enctypes
selftest:Samba4: let fl2000dc use Windows2000 style SPNEGO/NTLMSSP
s3:selftest: add smbclient_ntlm tests
talloc: version 2.1.7
libcli/auth: let msrpc_parse() return talloc'ed empty strings
s3:rpc_server/samr: simplify the logic in get_user_info_18()
s3:ntlm_auth: make ntlm_auth_generate_session_info() more complete
s3:smbd: fix anonymous authentication if signing is mandatory
WHATSNEW: Clear release notes for Samba 4.5.0pre1.
WHATSNEW: add 'Support for LDAP_SERVER_NOTIFICATION_OID'
python:samba: move netcmd/time.py to python/samba/netcmd/nettime.py
Revert "s3:rpcclient add -m option"
s3:rpcclient: make use of SMB_SIGNING_IPC_DEFAULT
s3:selftest: run test_smbclient_ntlm also against ad_dc
selftest: use the default values for "server signing"
dcerpc.idl: add DCERPC_NCACN_{REQUEST,RESPONSE}_DEFAULT_MAX_SIZE
s4:librpc/rpc: allow a total reassembled response payload of 240 MBytes
s4:rpc_server: use a variable for the max total reassembled request payload
dcerpc.idl: remove unused DCERPC_NCACN_PAYLOAD_MAX_SIZE
s4:server_named_pipe: make sure we use lower case pipe name
s4:rpc_server: context_id fields of presentation contexts are just 16bit
s4:rpc_server: remove unused '_unused_auth_state'
s4:rpc_server: remove unused dcesrv_connection_context->assoc_group
s3:rpc_client: remove unused rpc_pipe_client->max_recv_frag
s4:rpc_server: parse auth data only for BIND,ALTER_REQ,AUTH3
s4:librpc/rpc: don't ask for auth_length if we ask for auth data only
librpc/rpc: let dcerpc_pull_auth_trailer() only accept auth_length!=NULL or auth_data_only=true
librpc/rpc: let dcerpc_pull_auth_trailer() check that auth_pad_length fits within the whole pdu.
librpc/rpc: ignore invalid auth_pad_length values in BIND, ALTER and AUTH3 pdus
s4:rpc_server: generate the correct error when we got an invalid auth_pad_length on BIND,ALTER,AUTH3
python/tests: add auth_pad test for the dcerpc raw_protocol test
selftest: add save.env.sh helper script.
librpc/tools: correctly validate relative pointers in ndrdump
librpc/ndr: add support for NDR_ALIGN* to ndr_push_short_relative_ptr2()
samba-tool: really deprecate 'samba-tool user add'
s4:dsdb/tests: make user_account_control.py executable
s4:dsdb/tests: use ncacn_ip_tcp:server[seal] for samr connections
s4:dsdb/tests: use GENSEC_SEAL for ldap connections in sam.py
s4:dsdb/tests: let the user_account_control.py test recover from a previous failure
s4:dsdb/tests: improve error message in test_new_user_default_attributes()
s4:dsdb/repl_meta_data: pass now to replmd_add_fix_la
s4:selftest: run samba4.ldap.password_lockout.python only against ad_dc_ntvfs
s4:dsdb/tests: use more useful userAccountControl/pwdLastSet values in the urgent_replication test
s3:pdb_samba_dsdb: fix calucating of dsdb_flags
s4:dsdb/samdb: allocate DSDB_CONTROL_PASSWORD_DEFAULT_LAST_SET_OID
s4:dsdb/samldb: add DSDB_CONTROL_PASSWORD_DEFAULT_LAST_SET_OID when defaulting pwdLastSet=0
s4:dsdb/samdb: allocate DSDB_CONTROL_PASSWORD_USER_ACCOUNT_CONTROL_OID
s4:samldb: pass down DSDB_CONTROL_PASSWORD_USER_ACCOUNT_CONTROL_OID with changed userAccountControl details
s4:dsdb/common: add some const to helper functions
s4:dsdb/password_hash: use full NTTIME resolution for pwdLastSet
s4:dsdb/password_hash: split out a password_hash_needed() function
s4:dsdb/password_hash: split out a update_final_msg() function
s4:dsdb/password_hash: make the variable names in setup_io() more clear
s4:dsdb/password_hash: leave the current value of pwdLastSet as 0 an add
s4:dsdb/password_hash: move the check for old passwords into setup_io()
s4:dsdb/password_hash: call ndr_pull_supplementalCredentialsBlob in setup_io()
s4:dsdb/password_hash: remember if we need to update the passwords and/or pwdLastSet
s4:dsdb/password_hash: move ldb_msg_add_empty() calls to update_final_msg()
s4:dsdb/password_hash: create a shallow copy of the client message for the final update
s4:dsdb/password_hash: only set pwdLastSet if required
s4:dsdb/password_hash: make the DSDB_CONTROL_PASSWORD_BYPASS_LAST_SET code path more robust
s4:dsdb/password_hash: handle the DSDB_CONTROL_PASSWORD_DEFAULT_LAST_SET control
s4:dsdb/password_hash: make it possible to specify pwdLastSet together with a password change
s4:dsdb/password_hash: allow pwdLastSet only changes
s4:rpc_server/samr: only set pwdLastSet to "0" or "-1"
s4:dsdb/password_hash: only allow pwdLastSet as "0" or "-1"
s4:dsdb/samldb: fix comment "lockoutTime" reset as per MS-SAMR 3.1.1.8.10
s4:dsdb/samldb: pwdLastSet = -1 requires Unexpire-Password right
s4:dsdb/tests: add pwdLastSet tests
auth/auth_sam_reply: add some const to input parameters
s4:kdc: add some const to samba_get_logon_info_pac_blob()
krb5pac.idl: add PAC_CREDENTIAL related structures
s4:auth/sam: use "msDS-UserPasswordExpiryTimeComputed" instead of samdb_result_force_password_change()
s4:rpc_server/samr: use "msDS-UserPasswordExpiryTimeComputed" instead of samdb_result_force_password_change()
s4:kdc: use "msDS-UserPasswordExpiryTimeComputed" instead of samdb_result_force_password_change()
s4:dsdb/common: remove unused samdb_result_force_password_change()
s3:winbindd: pass 'interactive' down through winbindd_dual_auth_passdb()
s4:auth_sam: don't allow interactive logons with UF_SMARTCARD_REQUIRED
s4:kdc: don't allow interactive password logons with UF_SMARTCARD_REQUIRED
samdb.py: add smartcard_required option to newuser()
samba-tool: add --smartcard-required option to 'samba-tool user create'
samba-tool: do a password retype validation check for 'samba-tool user setpassword'
samba-tool: add 'samba-tool user setpassword --smartcard-required/--clear-smartcard-required'
test_pkinit_heimdal.sh: add a helper VARIABLE to store the certificate paths
test_pkinit_heimdal.sh: add a FILE: prefix to the KRB5CCNAME variable
s4:dsdb: add some const to {samdb_result,dsdb}_effective_badPwdCount()
s4:auth/sam: only reset badPwdCount when the effetive value is not 0 already
s4:auth/sam: don't update lastLogon just because it's 0 currently
s4:auth/sam: update the logonCount for interactive logons
s4:dsdb/tests: let password_lockout.py reduce the values for lockoutDuration and lockOutObservationWindow
s4:dsdb/tests: let password_lockout.py cross-check the lastLogon value with samr
s4:dsdb/tests: let password_lockout.py make the LDAP error string checks more useful
s4:dsdb/tests: let password_lockout.py add a _readd_user() helper function
s4:dsdb/tests: let password_lockout.py make use of the _readd_user() helper function
s4:dsdb/tests: let password_lockout.py let _readd_user() return the ldb connection as user
s4:dsdb/tests: let password_lockout.py pass username,userpass optionally to insta_creds()
s4:dsdb/tests: let password_lockout.py use user{name,pass,dn} variables in _readd_user()
s4:dsdb/tests: let password_lockout.py pass creds as argument to _readd_user()
s4:dsdb/tests: let password_lockout.py use _readd_user() for testuser3 too
s4:dsdb/tests: let password_lockout.py make use of self.addCleanup() to cleanup objects
s4:dsdb/tests: let password_lockout.py use userdn variables in all functions
s4:dsdb/tests: let password_lockout.py use other_ldb variables instead of self.ldb3
s4:dsdb/tests: let password_lockout.py use userpass variables in all functions
s4:dsdb/tests: let password_lockout.py use creds and other_ldb as function arguments
s4:dsdb/tests: let password_lockout.py copy user{name,pass} from the template in insta_creds()
s4:dsdb/tests: let password_lockout.py verify more fields in _readd_user()
s4:dsdb/tests: let password_lockout.py test with all combinations of krb5, ntlmssp and lockOutObservationWindow
s4:dsdb/tests: let password_lockout.py validate the lastLogon and lastLogonTimestamp interaction
s4:dsdb/tests: let password_lockout.py verify the logonCount values
lib/param: add lpcfg_sam_dnsname() helper function
auth.idl: add user_principal_* and dns_domain_name to auth_user_info
s4:auth: make use of lpcfg_sam_name() in authsam_get_user_info_dc_principal()
s4:auth: fill user_principal_* and dns_domain_name in authsam_make_user_info_dc()
s4:auth/kerberos: improve error message in kerberos_pac_to_user_info_dc()
auth/auth_sam_reply: let make_user_info_dc_netlogon_validation() correctly handle level 6
auth/wbc_auth_util: fill in base.logon_domain in wbcAuthUserInfo_to_netr_SamInfo3()
auth/wbc_auth_util: change wbcAuthUserInfo_to_netr_SamInfo* from level 3 to 6
auth/auth_sam_reply: add auth_convert_user_info_dc_saminfo6() and implement level 3 as wrapper
auth/auth_sam_reply: add auth_convert_user_info_dc_saminfo2() helper function
auth/auth_sam_reply: do a real copy of strings in auth_convert_user_info_dc_sambaseinfo()
s4:rpc_server/netlogon: initialize pointer to NULL in dcesrv_netr_LogonSamLogon_base()
s4:rpc_server/netlogon: make use of auth_convert_user_info_dc_saminfo{2,6}()
auth/auth_sam_reply: make auth_convert_user_info_dc_sambaseinfo() a private helper
netlogon.idl: make netr_SidAttr public
krb5pac.idl: introduce PAC_DOMAIN_GROUP_MEMBERSHIP to handle the resource groups
security.idl: add SID_NT_NFS S-1-5-88* sids
libcli/auth: remove unused variable in msrpc_parse()
s3:libsmb/clirap: remove unused cli_get_server_*() functions
CVE-2016-2019: libcli/smb: don't allow guest sessions if we require signing
CVE-2016-2019: s3:libsmb: add comment regarding smbXcli_session_is_guest() with mandatory signing
CVE-2016-2019: s3:selftest: add regression tests for guest logins and mandatory signing
s4:dsdb/samdb: add DSDB_FLAG_INTERNAL_FORCE_META_DATA
s4:samba_dsdb: add "dsdb_flags_ignore" module
tests:samba3sam: make use of the dsdb_flags_ignore module
selftest/flapping: mark samba4.drs.repl_move.python as temporary flapping
s4:dsdb/common: add a replication metadata stamp for an empty logonHours attribute
s4:dsdb/password_hash: force replication meta data for empty password attributes
Revert "selftest/flapping: mark samba4.drs.repl_move.python as temporary flapping"
s4:torture/drs: verify the whole metadata array to be the same in the repl_move tests
drsuapi.idl: add DRSUAPI_ATTID_operatorCount and DRSUAPI_ATTID_adminCount
s4:dsdb/samdb: add const to dsdb_make_object_category()
s4:password_hash: correctly update pwdLastSet on deleted objects.
s4:dsdb/repl_meta_data: sort preserved_attrs and add "msDS-PortLDAP"
s4:dsdb/repl_meta_data: remove secret attributes on delete
s4:dsdb/common: prepare dsdb_user_obj_set_defaults() for tombstone reanimation
s4:dsdb/tombstone_reanimate: restructure the module logic
s4:dsdb/tests: make use assertAttributesEqual() in RestoreUserObjectTestCase()
s4:dsdb/tests: make tombstone_reanimation.py executable
s4:dsdb/tests: improve tombstone_reanimation varifications
s4:dsdb/tests: improve the RestoreUserObjectTestCase test
s4:dsdb/tests: add RestoreUserPwdObjectTestCase test
libads: ensure the right ccache is used during gssapi bind
libads: ensure the right ccache is used during spnego bind
python/remove_dc: handle dnsNode objects without dnsRecord attribute
s4:kdc: ignore empty supplementalCredentialsBlob structures
s3:libnet_dssync_keytab: ignore empty supplementalCredentialsBlob structures
s4:dsdb/password_hash: explicitly set SUPPLEMENTAL_CREDENTIALS_SIGNATURE
drsblobs.idl: mark supplementalCredentialsSubBlob as nopull,nopush
drsblobs.idl: supplementalCredentialsSubBlob make it possible to parse strange blobs
s4:torture/ndr: add validation checks for strange supplementalCredentials blobs
krb5pac: fix push/pull of subcontexts in PAC_BUFFER
krb5pac.idl: implement PAC_UPN_DNS_INFO correct
krb5pac/netlogon: add a comment regarding PAC_LOGON_INFO unique pointers on push
krb5_wrap: provide CKSUMTYPE_HMAC_SHA1_96_AES_*
s4:torture/ndr: make use of torture_suite_add_ndr_pull_validate_test() in krb5pac when possible
s4:torture/ndr: add more krb5pac tests with PAC blobs from pkinit
s3:ntlm_auth: call fault_setup() in order to get usefull backtraces
s3:tests: add 'as user' to the test names in test_smbclient_auth.sh
s3:selftest: run smbclient_auth with a few more combinations
selftest: set "ntlm auth = yes" for now as a lot of tests rely on it
docs-xml:smbdotconf: default "ntlm auth" to "no"
selftest: don't allow ntlmv1 for 'nt4_member' and 'ad_member'
WHATNEW: the default for "ntlm auth" is "no"
pycredentials: add {get,set}_old_password()
pycredentials: add set_utf16_[old_]password()
samba-tool: add 'user getpassword' command
python:samba/tests: add simple 'samba-tool user getpassword' test
python:samba/tests: verify the packages order in supplementalCredentials
docs-xml:samba-tool.8: document "user getpassword" command
samba-tool: add 'user syncpasswords' command
python:samba/tests: add simple 'samba-tool user syncpasswords' test
docs-xml:samba-tool.8: document "user syncpasswords" command
docs-xml/smbdotconf: reference "unix password sync" with "samba-tool user syncpasswords"
.travis.yml: install libgpgme11-dev python[3]-gpgme
docs-xml/smbdotconf: add "password hash gpg key ids" option
docs-xml/smbdotconf: reference "unix password sync" with "password hash gpg key ids"
s4:dsdb/samdb: add configure checks for libgpgme
drsblobs.idl: add package_PrimarySambaGPGBlob
s4:dsdb/samdb: optionally store package_PrimarySambaGPGBlob in supplementalCredentials
samba-tool: add --decrypt-samba-gpg support to 'user getpasswords' and 'user syncpasswords'
selftest:gnupg: add a gpg key for Samba Selftest <selftest at samba.example.com>
s4:selftest: run samba.tests.samba_tool.user also against ad_dc:local
selftest:Samba4: configure "password hash gpg key ids" for ad_dc (if available)
python:samba/tests: use 'samba-tool user {getpassword,syncpasswords}' with --decrypt-samba-gpg
WHATSNEW: add 'Password sync as active directory domain controller'
WHATSNEW: recomment python-crypto and python-m2crypto
auth/credentials: also do a shallow copy of the krb5_ccache.
s4:torture/remote_pac: verify the order of PAC elements
HEIMDAL:lib/krb5: allow predefined PAC_{LOGON_NAME,PRIVSVR_CHECKSUM,SERVER_CHECKSUM} elements in _krb5_pac_sign()
HEIMDAL:kdc: reset e_text after successful pre-auth verification
HEIMDAL:kdc: add krb5plugin_windc_pac_pk_generate() hook
s4:kdc: hook into heimdal's windc.pac_pk_generate hook
s4:kdc: correctly update the PAC in samba_wdc_reget_pac()
s4:kdc: provide a PAC_CREDENTIAL_INFO element for PKINIT logons
s4:dsdb/password_hash: add the UF_SMARTCARD_REQUIRED password reset magic
s4:dsdb/tests: add UF_SMARTCARD_REQUIRED tests
selftest/Samba: remove compat admincert* files
selftest/manage-ca: add certificates for pkinit@[addom.]samba.example.com
selftest/manage-ca: update manage-CA-samba.example.com.sh
selftest/Samba: copy pkinit@$DOMAIN certificates to the environment
test_pkinit_heimdal.sh: add some more tests regarding the UF_SMARTCARD_REQUIRED behavior
testprogs/blackbox: add test_pkinit_pac_heimdal.sh
s4:selftest: run test_pkinit_pac_heimdal.sh test
s4:selftest: run the pkinit test in the ad_dc and ad_dc_ntvfs environment
WHATSNEW: add SmartCard/PKINIT improvements
auth/auth_sam_reply: fill user_principal_* and dns_domain_name in make_user_info_dc_pac()
s4:kdc: provide a PAC_UPN_DNS_INFO element for logons
s4:dsdb/repl_meta_data: remember originating updates when applying replicated changes
s4:dsdb/replicated_objects: don't skip notifications on resolved conflicts
tdb: version 1.3.10
talloc: version 2.1.8
tevent: version 0.9.28
s4:pyrpc: correctly implement .request_timeout
samba-tool: use a timeout of 5 minutes in 'samba-tool drs replicate'
samba-tool: add --async-rep option to 'samba-tool drs replicate'
tests:samba_tool_drs: test samba-tool drs replicate with implicit machine credentials
tests:samba_tool_drs: test samba-tool drs replicate with --async-op
WHATSNEW: document new samba-tool drs replicate options
ldb: fix compiler warnings on ldb_unpack_data() arguments
ldb: version 1.1.27
WHATSNEW: add shadow:snapprefix and shadow:delimiter
VERSION: Set version to 4.5.0rc1...
VERSION: Bump version up to 4.6.0pre1
tests:samba_tool: pass stdout and stderr to assertCmdSuccess()
tests:samba_tool: make use of assertCmdFail() in gpo.py
script/autobuild.py: check for AUTOBUILD_SKIP_SAMBA_O3 environment variable
tests:blackbox: let samba_dnsupdate.py provide more details
samba-tool/ldapcmp: ignore differences of whenChanged
s4:dsdb/schema: don't change schema->schema_info on originating schema changes.
s4:dsdb/repl: avoid recursion after fetching schema changes.
s4:dsdb/schema: store struct dsdb_schema_info instead of a hexstring
s4:dsdb/schema: don't treat an older remote schema as SCHEMA_MISMATCH
s4:dsdb/schema: make dsdb_schema_pfm_add_entry() public and more useful
s4:dsdb/repl: make sure the working_schema prefix map is populated with the remote prefix map
s4:dsdb/objectclass_attrs: call dsdb_attribute_from_ldb() without a prefixmap
s4:dsdb/schema: avoid an implicit prefix map creation in lookup functions
s4:dsdb/schema: don't update the in memory schema->prefixmap without reloading the schema!
s4:dsdb/schema: split out a dsdb_attribute_drsuapi_remote_to_local() function
s4:dsdb/schema: move messages for unknown attids to higher debug levels during resolving
s4:dsdb/repl: set working_schema->resolving_in_progress during schema creation
s4:dsdb/repl: let dsdb_replicated_objects_convert() change remote to local attid for linked attributes
Revert "s4: tests: Skip drs tests."
selftest/flapping: add some samba3.blackbox.smbclient_s3 tests
script/autobuild.py: include the branch name in the output
s3:lib/pthreadpool: fix the build on older systems
WHATSNEW: clear the sections for 4.6
tevent: version 0.9.30
gensec/spnego: work around missing server mechListMIC in SMB servers
script/release.sh: use 8 byte gpg key ids
wafsamba: add -Werror=format-security to the developer build
s3:nmbd: fix talloc_zero_array() check in nmbd_packets.c
tevent: version 0.9.31
HEIMDAL:lib/krb5: destroy a memory ccache on reinit
s3:libads: don't use MEMORY:ads_sasl_gssapi_do_bind nor set "KRB5CCNAME"
s3:libads: don't use MEMORY:ads_sasl_spnego_bind nor set "KRB5CCNAME"
nfs4acl.idl: rename interface to nfs4acl.idl to avoid naming clash in the python bindings
spoolss.idl: use access mask defines from security.idl
ntlmssp.idl: don't generate python bindings for ntlmssp_NTLM_RESPONSE and ntlmssp_LM_RESPONSE
s3:util_cmdline: add set_cmdline_auth_info_signing_state_raw() helper function
s3:lib/netapi: make use of set_cmdline_auth_info_signing_state_raw()
s3:libsmb: make use of get_cmdline_auth_info_* helper functions in get_ipc_connect()
s3:libsmb: make use of proper allocated struct user_auth_info in SMBC_opendir_ctx()
s3:util_cmdline: make struct user_auth_info private to util_cmdline.c
s3:smbd: only pass UCF_PREP_CREATEFILE to filename_convert() if we may create a new file
lib/async_req: add writev_cancel()
libcli/smb: handle a talloc_free() on an unsent smb1 request
gensec/spnego: remember the wanted features also on the main gensec context
s4:gensec_krb5: also report support for GENSEC_FEATURE_SIGN as krb5_mk_priv() provides sign and seal
s4:gensec_gssapi: pass gss_got_flags to gssapi_get_sig_size()
s3:gse: pass gss_got_flags to gssapi_get_sig_size()
auth/ntlmssp: always allow NTLMSSP_NEGOTIATE_{SIGN,SEAL} in gensec_ntlmssp_server_start()
s3:ntlm_auth: don't use gensec_want_feature(gensec_security, GENSEC_FEATURE_{SIGN,SEAL}) as server
s4:ldap_server: don't use gensec_want_feature(gensec_security, GENSEC_FEATURE_{SIGN,SEAL}) as server
auth/gensec: always verify the wanted SIGN/SEAL flags
auth/gensec: only require GENSEC_FEATURE_SIGN for DCERPC_AUTH_LEVEL_INTEGRITY as client
auth/gensec: handle DCERPC_AUTH_LEVEL_PACKET similar to DCERPC_AUTH_LEVEL_INTEGRITY
dcerpc.idl: remove unused DCERPC_AUTH_LEVEL_DEFAULT
dcerpc.idl: split the padding from a possible fault buffer in dcerpc_fault
dcerpc.idl: add dcerpc_fault_flags bitmap
s4:rpc_server: skip setting of dcerpc_request._pad
dcerpc.idl: replace dcerpc_response._pad with a uint8 reserved
dcerpc.idl: remove unused dcerpc_request._pad
dcerpc.idl: add DCERPC_FAULT_SERVER_UNAVAILABLE
s3:librpc: remove bigendian argument from dcerpc_pull_ncacn_packet()
s3:librpc: move NDR_PRINT_DEBUG() into the caller of dcerpc_pull_ncacn_packet()
librpc/rpc: move dcerpc_pull_ncacn_packet() from source3/librpc/rpc/ to the toplevel
librpc/rpc: make use of dcerpc_pull_ncacn_packet() in dcerpc_read_ncacn_packet_done()
s4:librpc/rpc: make use of dcerpc_pull_ncacn_packet()
s4:librpc/rpc: force printing in dcerpc_bh_do_ndr_print() log level >= 11
s4:librpc/rpc: implement bind_time_feature negotiation
s4:rpc_server: a fault with UNKNOWN_IF should have DID_NOT_EXECUTE set
s4:rpc_server: set DCERPC_PFC_FLAG_DID_NOT_EXECUTE for DCERPC_FAULT_OP_RNG_ERROR
s4:rpc_server: set the full DCERPC_BIND_NAK_REASON_* in dcesrv_bind()
s4:rpc_server: let dcesrv_auth_request() set a fault_code
s4:rpc_server: check the auth_pad_length overflow before calling gensec_[check,unseal]_packet()
s4:rpc_server: add DCERPC_AUTH_LEVEL_PACKET support
s4:rpc_server: move dcesrv_alter_resp
s4:rpc_server: use call->conn instead of call->context->conn
s4:rpc_server: split out a dcesrv_check_or_create_context() function
s4:rpc_server: it's not a protocol error to do an alter context with an unknown transfer syntax
s4:rpc_server: process all provided presentation contexts
python/tests: remove unused code in _test_auth_none_level_bind()
python/tests: add presentation context related tests to dcerpc raw protocol tests
s4:rpc_server: implement bind time feature negotiation
python/tests: add bind time feature related tests to dcerpc raw protocol tests
python/tests: do tests to verify spnego various auth_levels
librpc: add dcerpc_ncacn_pull_pkt_auth() helper function
librpc: add dcerpc_ncacn_push_pkt_auth() helper function
s4:librpc/rpc: make use of dcerpc_ncacn_pull_pkt_auth() in ncacn_pull_request_auth()
s4:librpc/rpc: convert ncacn_pull_request_auth() into a generic ncacn_pull_pkt_auth()
s4:librpc/rpc: make use of dcerpc_ncacn_push_pkt_auth() in ncacn_push_request_sign()
s4:rpc_server: make use of dcerpc_ncacn_pull_pkt_auth() in dcesrv_auth_request()
s4:rpc_server: convert dcesrv_auth_request() into a generic dcesrv_auth_pkt_pull()
s4:rpc_server: make use of dcerpc_ncacn_push_pkt_auth() in dcesrv_auth_response()
s4:rpc_server: convert dcesrv_auth_response() into a generic dcesrv_auth_pkt_push()
s3:dcerpc_helpers: correctly support DCERPC_AUTH_LEVEL_PACKET
s3:rpc_server: add support for DCERPC_AUTH_LEVEL_PACKET
s4:selftest: run some tests with "packet"
s3:selftest: run some rpcclient tests with "packet"
s4:rpc_server: list all connection oriented pdu types explicitly
s4:rpc_server: ignore CO_CANCEL and ORPHANED PDUs
s4:rpc_server: implement DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN support
python/tests: add DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN tests to dcerpc raw protocol tests
s4:rpc_server: fill call->context on the first fragment
s4:rpc_server: return the context_id of a FAULT in a same way as windows
s4:rpc_server: return the context_id of a RESPONSE in the same way as windows
s4:torture/rpc: add extra_flags to torture_rpc_connection_transport()
s4:torture/rpc: concurrent dcerpc_echo_TestSleep requests require a connection with DCERPC_CONCURRENT_MULTIPLEX
s4:librpc/rpc: make sure the DCERPC_CONCURRENT_MULTIPLEX and DCERPC_PFC_FLAG_CONC_MPX are in sync
s4:rpc_server: support DCESRV_CALL_STATE_FLAG_MULTIPLEXED by default
s4:rpc_server/remote: pass through DCERPC_PFC_FLAG_CONC_MPX if it was used by the client
s4:rpc_server: implement DCERPC_PFC_FLAG_CONC_MPX ordering restrictions
dcerpc.idl: set LIBNDR_FLAG_* flags based on DCERPC_PFC_FLAG_OBJECT_UUID and DCERPC_DREP_LE
librpc/rpc: no longer set FLAG_OBJECT_PRESENT and FLAG_BIGENDIAN for ndr_{pull,push}_ncacn_packet()
s4:librpc/rpc: no longer set FLAG_OBJECT_PRESENT and FLAG_BIGENDIAN for ndr_push_ncacn_packet()
s3:rpc_server: pass the full ndr_interface_table to rpc_pipe_open_internal()
librpc/rpc: make sure we use the object from the handle in dcerpc_binding_handle_raw_call_send()
librpc/rpc: verify the passed table against the table on the handle
s4:librpc/rpc: pass the object guid to the binding handle if required
s4:selftest: run rpc.echo with an object based binding string
pidl:Python: check the return values of talloc_ptrtype()
pidl:Python: __ndr_print__ functions don't get arguments and need METH_NOARGS
pidl:Python: make use of NDR_ERR_CODE_IS_SUCCESS()
pidl:Python: improve the .doc string for the get/set elements
pidl:NDR: keep interface->{ORIGINAL}
pidl:Python: prettify names of constants
pidl:Python: provide the abstract syntax as <module>.<interface>_abstract_syntax
s4:pyrpc: add pyrpc_{im,ex}port_union() helper functions
pidl:Python: provide a PyTypeObject with METH_CLASS __import__() and __export__() hooks
pidl:Python: make use of the pyrpc_{import,export}_union() functions
s4:pyrpc: remove unused py_{import,export}_netr_* prototypes
pidl:Python: the py_{import,export}_*() functions can be static now.
python:ndr: verify the object type ndr_print() and ndr_unpack()
python:ndr: add ndr_{pack,unpack,print}_{in,out} helper functions
pidl:NDR: add ReturnTypeElement() helper function
pidl:Python: split out a PythonElementGetSet() helper function
pidl:Python: add PyTypeObject objects for function structs
python/tests: we now pass test_no_auth_request_bind_pfc_CONC_MPX()
python:tests: add more helper functions to RawDCERPCTest
python/tests: make it possible to specific TARGET_HOSTNAME to raw_protocol.py
python/tests: make use of prepare_presentation() in _get_netlogon_ctx()
python/tests: make use of get_auth_context_creds() in _test_auth_type_level_bind_nak()
python/tests: make use of self.get_anon_creds() and self.get_user_creds()
python/tests: make use of self.get_auth_context_creds() and self.do_generic_bind() in _test_spnego_bind_auth_level()
python/tests: check context_id values of responses correctly
python/tests: add a second_connection() helper function
python/tests: add simple dcerpc association group tests
python/tests: add simple dcerpc co_cancel tests
python/tests: add simple dcerpc orphaned tests
auth/credentials: anonymous should not have a user principal
auth/credentials: make cli_credentials_get_ntlm_response() more robust
s4:gensec_gssapi: We need to use the users realm in the target_principal
s3:gse: We need to use the users realm in the target_principal
s3:popt_common: simplify popt_common_credentials handling
s3:libsmb: let the callers only pass the password string to cli_session_setup[_send]()
libcli/smb: move {smb,trans2}_bytes_push_{str,bytes}() to common code
libcli/smb: Add smb_bytes_pull_str() helper function
libcli/smb: reformat wscript
libcli/smb: add smb1cli_session_setup_nt1_send/recv()
libcli/smb: add smb1cli_session_setup_ext_send/recv()
s3:libsmb: add some comments to the noop case for < PROTOCOL_LANMAN1 in cli_session_setup_send()
s3:libsmb: make use of smb1cli_session_setup_ext_send/recv()
s3:libsmb: make use of smb1cli_session_setup_{nt1,lm21}_send/recv()
s3:libsmb: remove unused cli_session_setup_{lanman2,plain,nt1}*
s3:libsmb: always pass the servers gss blob to gensec
s3:libsmb: remove target_principal argument from cli_session_setup_gensec_send()
s3:libsmb: let gensec handle the fallback from krb5 to ntlmssp
s3:libsmb: pass the optional dest_realm via the cli_credentials
s3:libsmb: pass cli_credentials to cli_session_setup_gensec_send()
s3:libsmb: move cli_session_setup_get_account into cli_session_creds_init()
s3:libsmb: move cli_session_creds_init() to cli_session_setup_send()
s3:libsmb: get the plaintext and NTLM authentication details out of cli_credentials
s3:libsmb: move domain\\username magic to cli_session_creds_init()
s3:libsmb: change cli_session_setup_send/recv into cli_session_setup_creds_send/recv
s3:libsmb: add cli_session_setup_anon()
s3:libsmb: make cli_session_creds_init() non-static
s3:libsmb: make use of cli_session_setup_anon()
s3:nmbd: make use of cli_session_setup_anon()
s3:torture: make use of cli_session_setup_anon()
s3:torture: make use of cli_session_creds_init() in masktest.c
s3:torture: create a global 'torture_creds' cli_credentials structure
s3:torture: make use of cli_session_setup_creds() in torture.c
s3:torture: make use of cli_session_setup_creds() in test_smb2.c
s3:torture: make use of auth_generic_set_creds() in test_smb2.c
s3:client: use cli_session_setup_creds() in client.c cmd_logon()
s3:client: use cli_session_setup_creds() in smbspool.c
s3:libsmb: make use of cli_{session_setup,rpc_pipe_open_with}_creds() in passchange.c
pyldb: protect PyErr_LDB_ERROR_IS_ERR_RAISE() with do {} while(0)
tdb: version 1.3.12
selftest/gdb_*: make use of 'mktemp'
ldb:controls: add LDB_CONTROL_RECALCULATE_RDN_OID
ldb:rdn_name: normalize rdn_name in rdn_rename_callback()
ldb:rdn_name: add support for LDB_CONTROL_RECALCULATE_RDN_OID on ldb_modify()
tests/libsmb_samba_internal.py: fully setup the Credentials by creds.guess(lp)
s3:winbindd: always use saf_store(domain->alt_name, controller) for ad domains
s3:libsmb: change cli_full_connection_send/recv into cli_full_connection_creds_send/recv
s3:libnet_join: make use of cli_full_connection_creds()
s3:libsmb: restructure cli_full_connection_creds* flow
s4:repl_meta_data: normalize rdn attribute name via the schema
auth/credentials: let cli_credentials_parse_string() handle the "winbind separator"
auth/credentials: fix cut'n'paste error in cli_credentials_get_principal_and_obtained()
auth/credentials: clear all unused blobs in cli_credentials_get_ntlm_response()
s3:torture: make use of cli_full_connection_creds() in torture.c
s3:libsmb: fix memory leak in cli_raw_ntlm_smb_encryption_start()
s3:libsmb: fix 'client lanman auth = no' DEBUG message in cli_session_setup_creds_send()
s3:libsmb: add cli_tree_connect_creds()
s3:client: make use of cli_tree_connect_creds() in smbspool.c
s3:client: avoid using cli->{use_kerberos,...} for cli_session_creds_init() in smbspool.c
s3:libsmb: avoid using cli->{use_kerberos,...} in remote_password_change()
s3:libsmb: don't pass 'passlen' to cli_tree_connect[_send]() and allow pass=NULL
script/autobuild.py: don't add subdirs of testbase to cleanup_list
script/autobuild.py: remove pointless mkdir/rmdir commands
script/autobuild.py: cleanup testbase/prefix before each retry
script/autobuild.py: create tmpdir for each try and export it as TMPDIR
selftest: also export TMPDIR
selftest: make sure we always export KRB5CCNAME
s3:lib/netapi: Use lp_client_ipc_max_protocol() in libnetapi_open_ipc_connection()
s3:torture: Use cli_tree_connect_creds() where we may use share level auth
s3:torture/masktest: Use cli_tree_connect_creds()
s3:torture/masktest: masktest only works with SMB1 currently
s3:libsmb: split out a cli_session_creds_prepare_krb5() function
s3:libsmb: don't let cli_session_creds_init() overwrite the default domain with ""
s3:libsmb: Use cli_cm_force_encryption() instead of cli_force_encryption()
s3:utils: Use cli_cm_force_encryption() instead of cli_force_encryption()
auth/credentials: make use of talloc_zero() in cli_credentials_init()
auth/credentials: let cli_credentials_set_password() fail if talloc_strdup() fails
auth/credentials: add cli_credentials_set_password_will_be_nt_hash() and the related logic
tests/credentials.py: add test for cli_credentials_set_password_will_be_nt_hash()
tests/credentials.py: verify the difference of parse_string("someone") and parse_string("someone%")
auth/credentials: add py_creds_parse_file()
tests/credentials.py: add very simple test for py_creds_parse_file
auth/credentials: add python bindings for enum credentials_obtained
auth/credentials: handle situations without a configured (default) realm
tests/credentials.py: add tests with a realm from smb.conf
auth/credentials: let cli_credentials_parse_string() always reset username and domain
auth/credentials: let cli_credentials_parse_string() always reset principal and realm
tests/credentials.py: add tests to verify realm/principal behaviour of cli_credentials_parse_string()
auth/credentials: let cli_credentials_parse_file() handle 'username' with cli_credentials_parse_string()
tests/credentials.py: verify the new cli_credentials_parse_file() 'username' parsing
auth/credentials: change the parsing order of cli_credentials_parse_file()
tests/credentials.py: demonstrate the last 'username' line of creds.parse_file() beats other lines
s3:popt_common: let POPT_COMMON_CREDENTIALS imply logfile and conffile loading
s3:user_auth_info: let struct user_auth_info use struct cli_credentials internally
CVE-2016-2125: s4:scripting: don't use GSS_C_DELEG_FLAG in nsupdate-gss
CVE-2016-2125: s3:gse: avoid using GSS_C_DELEG_FLAG
CVE-2016-2125: s4:gensec_gssapi: don't use GSS_C_DELEG_FLAG by default
CVE-2016-2126: auth/kerberos: only allow known checksum types in check_pac_checksum()
HEIMDAL:lib/krb5: move checksum vs. enctype checks into get_checksum_key()
HEIMDAL:lib/krb5: use krb5_verify_checksum() in krb5_c_verify_checksum()
s3:printing: remove double PRINT_SPOOL_PREFIX define
s3:libsmb: add cli_smb1_setup_encryption*() functions
s3:torture: make use of cli_smb1_setup_encryption() in force_cli_encryption()
s3:client: make use of cli_smb1_setup_encryption() in cmd_posix_encrypt()
s3:libsmb: make use of cli_smb1_setup_encryption() in cli_cm_force_encryption()
s3:libsmb: remove unused cli_*_encryption* functions
s3:libsmb: make use of get_cmdline_auth_info_creds() in clidfs.c:do_connect()
s3:libsmb: avoid using cli_session_setup() in SMBC_server_internal()
s3:libsmb: remove now unused cli_session_setup()
s3:libsmb: make use of cli_tree_connect_creds() in clidfs.c:do_connect()
s3:libsmb: make use of cli_tree_connect_creds() in SMBC_server_internal()
s3:libsmb: split out cli_cm_force_encryption_creds()
s3:libsmb: make use of cli_cm_force_encryption_creds() where we already have creds
s3:client: use cli_cm_force_encryption_creds in smbspool.c (in a #if 0 section)
s3:libsmb: pass cli_credentials to cli_check_msdfs_proxy()
s3:libsmb: Always use GENSEC_OID_SPNEGO in cli_smb1_setup_encryption_send()
krb5_wrap: fix smb_krb5_cc_copy_creds() for MIT krb5
Happy New Year 2017!
s4:librpc/rpc: don't do an anonymous bind over ncacn_np:server[packet]
s4:librpc/rpc: make sure we handle DCERPC_PACKET before DCERPC_CONNECT
s3:librpc/gse: include ccache_name in DEBUG message if krb5_cc_resolve() fails
s3:librpc/gse: remove unused #ifdef HAVE_GSS_KRB5_IMPORT_CRED
s3:librpc/gse: make use of gss_krb5_import_cred() instead of gss_acquire_cred()
s3:winbindd: talloc_steal the extra_data in winbindd_list_users_recv()
s4:auth/gensec: remove unused dependencies to gensec_util
krb5_wrap: let smb_krb5_kinit_s4u2_ccache() work if store_creds.client and server have different realms
auth/credentials: remove const where we always return a talloc string
s4:gensec_gssapi: the value gensec_get_target_principal() should overwrite gensec_get_target_hostname()
s4:gensec_gssapi: require a realm in gensec_gssapi_client_start()
selftest/selftesthelpers.py: let plantestsuite() use the env name in the test name
selftest/selftest.pl: we don't need to call Subunit::progress_pop() twice on error
selftest/selftest.pl: print out '[expanded] command: ' in all error cases
script/autobuild.py: try make test TESTS=samba3.*ktest for samba-systemkrb5
nsswitch: remove unused TALLOC_* defines in pam_winbind.h
lib/tevent: remove unused release-script.sh
wscript: remove executable bits for all wscript* files
s4:tests/sec_descriptor: use more unique oid values
script/release.sh: fix off by 1 error in announce.${tagname}.mail.txt creation
script/autobuild.py: use --enable-developer and --picky-developer for the ctdb build
script/autobuild.py: cleanup the task subdirs when they're done.
script/autobuild.py: export PYTHONUNBUFFERED=1
script/autobuild.py: add a do_print() wrapper function that flushes after each message
script/autobuild.py: try to make TMPDIR handling more verbose
auth/gensec: remove unused prototype headers
auth/gensec: convert schannel.c to provide update_send/recv
auth/gensec: convert ncalrpc.c to provide update_send/recv
auth/gensec: convert external.c to provide update_send/recv
s3:client: don't use cli->use_kerberos && cli->got_kerberos_mechanism in smbspool.c
s3:libsmb: use a local got_kerberos_mechanism variable in cli_session_creds_prepare_krb5()
s3:smbd: allow "server min protocol = SMB3_00" to go via "SMB 2.???" negprot
selftest/Samba3: use "server min protocol = SMB3_00" for "ktest"
talloc/wscript: avoid passing pointless enabled=True to SAMBA_PYTHON()
s4:dsdb/repl: s/highestCommitedUsn/highestCommittedUSN
s4:libnet: s/highestCommitedUSN/highestCommittedUSN
drsuapi.idl: add drsuapi_DrsMoreOptions with DRSUAPI_DRS_GET_TGT
drsuapi.idl: make drsuapi_DsGetNCChangesRequest10 [public]
python/join: set common replica_flags in dc_join.__init__()
python/join: use DRSUAPI_DRS_GET_NC_SIZE for the initial replication
torture/drs: remove pointless nc_object_count replication checks in test_link_utdv_hwm()
getncchanges: only set nc_{object,linked_attributes}_count with DRSUAPI_DRS_GET_NC_SIZE
getncchanges: pass struct ldb_message as const
getncchanges: remember the ncRoot_guid on the getncchanges state
getncchanges: don't process DRSUAPI_DRS_CRITICAL_ONLY for EXOPs
getncchanges: remove unused c++ comments/code in getncchanges_collect_objects()
getncchanges: fix highest_usn off by one calculation in get_nc_changes_add_links()
getncchanges: improve get_nc_changes_build_object() by checking uSNChanged
getncchanges: improve get_nc_changes_add_links() by checking uSNChanged
getncchanges: calculate getnc_state->min_usn calculation based on the uptodateness vector
getncchanges: implement DRSUAPI_DRS_GET_ANC more correctly
librpc/rpc: fix regression in NT_STATUS_RPC_ENUM_VALUE_OUT_OF_RANGE error mapping
s3:winbindd: make sure cm_prepare_connection() only returns OK with a valid tree connect
libcli/auth: use the correct creds value against servers without LogonSamLogonEx
libcli/auth: check E_md4hash() result in netlogon_creds_cli_ServerPasswordSet_send()
libcli/auth: add netlogon_creds_cli_debug_string()
lib/util: add generate_random_machine_password() function
s3:libsmb: let trust_pw_change() debug more verbose information
s3:libsmb: let trust_pw_change() verify the new password at the end.
s3:libsmb: add trust_pw_new_value() helper function
s3:libsmb: use trust_pw_new_value() in trust_pw_change()
s3:libads: use trust_pw_new_value() for krb5 machine passwords
s3:libnet_join: make use of trust_pw_new_value()
s3:net_rpc_trust: make use of trust_pw_new_value()
s3:include: remove unused DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH
s4:libcli/raw: remove unused DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH
s4:libnet: make use of generate_random_machine_password()
s4:dsdb: autogenerate a random utf16 buffer for krbtgt password resets.
python/samba: provision_dns_add_samba.ldif expects utf-16-le passwords
python/samba: use an explicit .encode('utf-8') where we expect utf8 passwords
pyglue: add generate_random_machine_password() wrapper
samba-tool:domain: use generate_random_machine_password() for trusted domains
samba-tool:domain: use generate_random_machine_password() for machine passwords
samba-tool:provision: use generate_random_machine_password() for machine passwords
s4:scripting: use generate_random_machine_password() for machine passwords
krb5_wrap: use our own code to calculate the ENCTYPE_ARCFOUR_HMAC key
script/autobuild.py: ignore missing test_tmpdir
talloc: fix TALLOC_VERSION_* mismatch detection
s3:wscript_build: remove unused bld.RECURSE('lib/pthreadpool')
ldb/tools: only use LDB_FLG_SHOW_BINARY for 'ldbsearch'
Revert "s3-winbind: Fix schannel connections against trusted domain DCs"
s3:winbindd: try a NETLOGON connection with noauth over NCACN_NP against trusted domains.
auth/credentials: try to use kerberos with the machine account unless we're in an AD domain
s3:winbindd: fix the valid usage anonymous smb authentication
s3:passdb: use cli_credentials_set_kerberos_state() for trusts in pdb_get_trust_credentials()
s3:winbindd: add more debugging to cm_prepare_connection()
s3:winbindd: rely on the kerberos_state from pdb_get_trust_credentials()
s3:libads: add more debugging to ads_sasl_spnego_bind()
s3:winbindd: allow a fallback to NTLMSSP for LDAP connections
s3:idmap_ad: make use of pdb_get_trust_credentials() to get the machine account creds
pytalloc: add pytalloc_GenericObject_{steal,reference}[_ex]()
talloc: version 2.1.9
py_net: make use of pytalloc_GenericObject_steal()
pidl:Python: make sure print HASH references for STRUCT types
pidl:Python: replace pytalloc_CObject_FromTallocPtr() with pytalloc_GenericObject_reference_ex()
pidl:Python: use of pytalloc_GenericObject_reference*() for pyrpc_{ex,im}port_union() wrapping
gensec:spnego: Add debug message for the failed principal
s3:winbindd: fix endless forest trust scan
dsdb/tests: remove duplicate test_smartcard_required3() from sam.py
ldb-samba: remember the error string of a failing bind in ildb_connect()
s4:ldap_server: match windows in the error messages of failing LDAP Bind requests
dsdb/tests: add test_ldap_bind_must_change_pwd()
s4:selftest: run samba4.sam.python also against fl2008r2dc
s3:libads: remove unused fallback to gss_acquire_cred()
winbindd: find the domain based on the sid within wb_lookupusergroups_send()
idmap_autorid: allocate new domain range if the callers knows the sid is valid
ldb: add LDB_FLG_DONT_CREATE_DB
HEIMDAL:kdc: make it possible to disable the principal based referral detection
s4:kdc: disable principal based autodetected referral detection
winbindd: remove bogus fallback to the forest root in wb_lookupname*()
winbindd: remove bogus fallback to the forest root in wb_lookupsid*()
winbindd: remove unused find_root_domain()
winbindd: avoid multiple wbint_LookupSids/lsa_LookupSids calls to the same domain
remove historic source3/change-log
netlogon.idl: make netr_LogonInfoClass public
lsa.idl: add SID_NAME_LABEL
libcli/security: add SID_NAME_LABEL to sid_type_lookup()
libwbclient: add WBC_SID_NAME_LABEL
auth4: add TODO comment on the auth_sam_trigger_repl_secret msDS-NeverRevealGroup interaction
netlogond3: only call make_auth_context_subsystem() in one place
auth3: add make_auth3_context_for_{ntlm,netlogon,winbind}
auth3: make use of make_auth3_context_for_ntlm()
pdbtest: make use of make_auth3_context_for_ntlm()
netlogond3: make use of make_auth3_context_for_netlogon()
winbindd: make use of make_auth3_context_for_winbind()
auth3: make make_auth_context_subsystem() static
auth4: make auth_check_password_wrapper() static
auth4: add auth_context_create_for_netlogon()
netlogon4: make use of auth_context_create_for_netlogon()
winbindd: let winbindd_dual_auth_passdb() return pauthoritative
auth3: let auth_check_ntlm_password() return pauthoritative
auth4: let auth_check_password* return pauthoritative
ntlm_auth3: let contact_winbind_auth_crap() return pauthoritative
auth: let auth4_context->check_ntlm_password() return pauthoritative
auth4: debug if method->ops->check_password() gives NOT_IMPLEMENTED
auth3: only use "[samba4:]sam" in make_auth3_context_for_winbind()
winbindd: no longer use USER_INFO_LOCAL_SAM_ONLY
auth3: remove unused USER_INFO_LOCAL_SAM_ONLY/AUTH_METHOD_LOCAL_SAM handling
auth4: remove unused USER_INFO_LOCAL_SAM_ONLY/AUTH_METHOD_LOCAL_SAM handling
auth: remove unused USER_INFO_LOCAL_SAM_ONLY/AUTH_METHOD_LOCAL_SAM defines
auth4: add a "winbind_rodc" backend
auth4: reflect the reality and use "winbind_rodc" instead of "winbind" for the auth methods as AD_DC
selftest: temporary skip samba.blackbox.pdbtest.s4winbind
auth3: handle ROLE_ACTIVE_DIRECTORY_DC before lp_auth_methods() in make_auth_context_subsystem()
auth4: implement the deprecated 'auth methods' in auth_methods_from_lp()
s4:selftest: specify auth methods of pdbtests without 'samba4:' prefix
Revert "selftest: temporary skip samba.blackbox.pdbtest.s4winbind"
wafsamba: move -L/some/path from LINKFLAGS_PYEMBED to LIBPATH_PYEMBED
rpcclient: allow -U'OTHERDOMAIN\user' again
pam_winbind: no longer use wbcUserPasswordPolicyInfo when authenticating
winbindd: let WBFLAG_PAM_GET_PWD_POLICY only fake the password policy
script/compare_cc_results.py: ignore all LIB*_WRAPPER_SO_PATH values
nss_wrapper: use conf.blddir to construct libnss_wrapper_so_path
resolv_wrapper: use conf.blddir to construct libnss_wrapper_so_path
uid_wrapper: use conf.blddir to construct libnss_wrapper_so_path
s3:ntlm_auth: fix memory leak in manage_gensec_request()
WHATSNEW: Deprecate "auth methods" and "map untrusted to domain"
selftest: make sure we don't have any umask limitations for selftest
testprogs/blackbox: use subunit_ helper functions in test_smbclient_*
testprogs/blackbox: add test_rpcclient_*_grep helper functions
auth4: use lpcfg_is_my_domain_or_realm() in authsam_want_check()
winbindd: allow wbinfo -a REALM\\user to work on a DC
testprogs/blackbox: add test_trust_ntlm.sh
s4:selftest: run test_trust_ntlm.sh against various environments
auth4: add a "sam_failtrusts" module
auth4: use "anonymous sam winbind_rodc sam_failtrusts sam_ignoredomain" as AD_DC
auth4: use "anonymous sam winbind sam_ignoredomain" with ROLE_DOMAIN_MEMBER
auth4: let authsam_check_password_internals use crack_name_to_nt4_name() for upn's
auth4: improve authsam_want_check for upn authentication
auth4: avoid map_user_info() in auth_check_password_send()
auth4: remove unused map_user_info[_cracknames]()
auth4: use "sam winbind_rodc sam_failtrusts" for the netlogon authentication
auth3: add "sam_netlogon3" which only reacts on lp_workgroup() as NT4 PDC/BDC
auth3: only use "sam_netlogon3 winbind:trustdomain" in make_auth3_context_for_netlogon
auth3: merge make_auth_context_subsystem() into make_auth3_context_for_ntlm()
lib/util: add tfork()
tdb: version 1.3.13
samba-tool: let 'samba-tool user syncpasswords' report deletions immediately
samba-tool: fix log message of 'samba-tool user syncpasswords'
auth/spnego: fix gensec_update_ev() argument order for the SPNEGO_FALLBACK case
auth/gensec: call gensec_verify_features() also after update_recv() in gensec_update_ev()
s3:libsmb: don't rely on gensec_session_key() to work on an unfinished authentication
s4:smb_server: avoid using gensec_update_ev() for the negotiate blob
selftest: let fl2003dc use "dcesrv:header signing = no"
s3:gse: always announce GENSEC_FEATURE_SIGN_PKT_HEADER support.
s4:gensec_gssapi: always announce GENSEC_FEATURE_SIGN_PKT_HEADER
auth/spnego: always announce GENSEC_FEATURE_SIGN_PKT_HEADER support.
auth/gensec: add some basic doxygen comments for gensec_{want,have}_feature()
s3:cli_pipe: ask for GENSEC_FEATURE_SIGN_PKT_HEADER after the gensec_update() dance
s3:rpc_server: move gensec_update() out of auth_generic_server_authtype_start*()
s4:librpc: ask for GENSEC_FEATURE_SIGN_PKT_HEADER after the gensec_update() dance
s4:rpc_server: simplify the GENSEC_FEATURE_SIGN_PKT_HEADER logic
auth/gensec: make gensec_start_mech() static
auth/gensec: reset existing context on gensec_start_mech()
auth/gensec: add gensec_child_* helper functions
auth/spnego: let spnego.c use the new gensec_child_* helper functions
auth/spnego: make sure a fatal error or the final success make the state as SPNEGO_DONE
s4:gensec/http_ntlm: add implement gensec_http_ntlm_update_send/recv()
s4:gensec/http_basic: add simple gensec_http_basic_update_send/recv() wrapper functions
s3:gse: add simple gensec_gse_update_send/recv() wrapper functions
s4:gensec_gssapi: add simple gensec_gssapi_update_send/recv() wrapper functions
s4:gensec_krb5: add simple gensec_krb5_update_send/recv() wrapper functions
auth/ntlmssp: remove mem_ctx=NULL handling from gensec_ntlmssp_update()
auth/ntlmssp: avoid using NT_STATUS_NOT_OK_RETURN() in gensec_ntlmssp_update()
auth/ntlmssp: remove unused variable from gensec_ntlmssp_update()
auth/ntlmssp: rename 'input' to 'in' in gensec_ntlmssp_update()
auth/ntlmssp: make gensec_ntlmssp_update() static
auth/ntlmssp: add implement gensec_ntlmssp_update_send/recv()
auth/spnego: add simple gensec_spnego_update_send/recv() wrapper functions
auth/gensec: remove the sync update() hook from gensec_security_ops
auth/gensec: avoid using a state->subreq pointer
auth/gensec: improve NT_STATUS_MORE_PROCESSING_REQUIRED logic in gensec_update_*()
auth/gensec: make sure there's only one pending gensec_update_send() per context
s4:auth: split out a samba_server_gensec_start_settings() helper function
s4:auth: add samba_server_gensec_krb5_start()
s4:dns_server: use samba_server_gensec_krb5_start() and gensec_update() in dns_query.c
s4:dlz_bind9: assert SPNEGO/KRB5 and use gensec_update()
s4:kdc: make use of gensec_update() in kpasswd_process()
s4:rpc_server: introduce call->ack_pkt and avoid pkt variable for the response on the stack
s4:rpc_server: add wait_send/recv infrastructure
s4:rpc_server: split out dcesrv_auth_complete() from dcesrv_auth_bind_ack()
s4:rpc_server: make use of dcesrv_auth_complete() in dcesrv_auth_alter_ack()
s4:rpc_server: prepare dcesrv_auth_complete() for AUTH3
s4:rpc_server: make use of dcesrv_auth_complete() in dcesrv_auth_auth3()
s4:rpc_server: split out dcesrv_auth_prepare_bind_ack()
s4:rpc_server: split out dcesrv_auth_prepare_auth3()
s4:rpc_server: split out dcesrv_auth_prepare_alter_ack()
s4:rpc_server: remove useless TALLOC_FREE(call->context) from dcesrv_bind()
s4:rpc_server: split out dcesrv_auth_reply() from dcesrv_bind()
s4:rpc_server: make use of dcesrv_auth_reply() in dcesrv_alter()
s4:rpc_server: make use of dcesrv_auth_prepare_bind_ack() in dcesrv_bind()
s4:rpc_server: make use of dcesrv_auth_prepare_alter_ack() in dcesrv_alter()
s4:rpc_server: make use of dcesrv_auth_prepare_auth3() in dcesrv_auth3()
s4:rpc_server: remove unused dcesrv_auth_{bind_ack,auth3,alter_ack}()
s4:rpc_server: implement async BIND using gensec_update_send/recv
s4:rpc_server: implement async ALTER_CONTEXT using gensec_update_send/recv
s4:rpc_server: implement async AUTH3 using gensec_update_send/recv
s4:librpc: use gensec_update_send() in dcerpc_bind_auth_send()
s4:librpc: make use of gensec_update_send() in bind_auth_next_step()
s4:librpc: simplify dcerpc_connect_timeout_handler() logic
s4:libcli/smb2: make smb2_session_setup_spnego_* completely async
s4:libcli/ldap: just use gensec_update() in ldap_bind_sasl()
s4:auth: use talloc_reparent() in samba_server_gensec_krb5_start()
Revert "s4:librpc: simplify dcerpc_connect_timeout_handler() logic"
s4:librpc: restore inhibit_timeout_processing = true during gensec_update_send/recv()
s4:lib/com: remove unused pycom binding
libcli/smb: Fix alignment problems of smb_bytes_pull_str()
s3:libsmb: add cli_state_update_after_sesssetup() helper function
netlogon.idl: Add netr_LogonSamLogon_flags bitmap
s3:winbindd: Send flags=0 in netr_LogonSamLogon{WithFlags,Ex}()
s4:rpc_server: Do some checks of LogonSamLogon flags
docs-xml/smbdotconf: deprecated "profile acls"
WHATSNEW: deprecated "profile acls"
python/samba/tests: don't use hardcoded names in *pam_winbind* tests
selftest: use "$DC_USERNAME" and "$DC_PASSWORD" for the pam_winbind test
selftest: test pam_winbind with a local user on ad_member
selftest: don't use hardcoded domain names in Samba3::setup_admember()
s3:script/tests: don't use hardcoded Domain Name in test_smbclient_s3.sh
testprogs/blackbox: don't use hardcoded values in test_net_ads_dns.sh
selftest: pass the workgroup name to Samba3::provision()
tdb: add run-fcntl-deadlock test
s4:auth/gensec: let GENSEC_FEATURE_SESSION_KEY result in GSS_C_INTEG_FLAG
s4:ldap_server: use talloc_zero() in ldapsrv_init_reply()
s4:ldap_server: introduce a ldapsrv_call_destructor()
s4:ldap_server: don't log Unbind and Abandon requests.
s4:ldap_server: add call->wait_send/recv infrastructure
s4:ldap_server: improve ldapsrv_UnbindRequest implementation
s4:auth: add authenticate_ldap_simple_bind_send/recv
s4:ldap_server: implement async BindSimple
s4:auth: make authenticate_ldap_simple_bind*() use auth_check_password_send/recv
s4:ldap_server: add use goto do_reply; to make the logic in ldapsrv_BindSASL() more sane
s4:ldap_server: always allocate resp->SASL.secblob
s4:ldap_server: remove an useless indentation level from gensec_update_ev()
s4:ldap_server: move invalid credential handling before the success handling.
s4:ldap_server: avoid pointless check arround LDAP_INVALID_CREDENTIALS
s4:ldap_server: make sure we destroy the gensec context on error
s4:ldap_server: remove indentation level for the valid credential case
s4:ldap_server: only set *resp->SASL.secblob = output for OK or MORE_PROCESSING_REQUIRED
s4:ldap_server: drop the connection if we fail to allocate ldapsrv_sasl_postprocess_context
s4:ldap_server: use talloc_zero for ldapsrv_sasl_postprocess_context
s4:ldap_server: do the transport validation before calling gensec_create_tstream()
s4:ldap_server: remove pointless (result != LDAP_SUCCESS) check
s4:ldap_server: terminate the connection if talloc_reference fails
s4:ldap_server: only touch conn->session_info on success in ldapsrv_BindSASL()
s4:ldap_server: make the gensec_create_tstream() error checking more clear
s4:ldap_server: remove useless indentation level arround gensec_session_info()
s4:ldap_server: remove useless indentation level arround ldapsrv_backend_Init()
s4:ldap_server: remove useless NT_STATUS_IS_OK(status) check
s4:ldap_server: avoid using talloc_reference()
s4:ldap_server: set result = LDAP_SUCCESS at the end, when we're really done
s4:ldap_server: implement async BindSASL
auth3: call is_trusted_domain() as the last condition make_user_info_map()
auth3: prepare the logic for "map untrusted to domain = auto"
docs-xml: improve documentation of "map untrusted to domain"
docs-xml: document "map untrusted to domain = auto"
docs-xml: change the default for "map untrusted to domain" to "auto"
WHATSNEW: change the default for "map untrusted to domain" to "auto"
s4:gensec_gssapi: fix CID 1409781: Possible Control flow issues (DEADCODE)
krb5_wrap: handle KRB5_ERR_HOST_REALM_UNKNOWN in smb_krb5_get_realm_from_hostname()
s3:smb2_tcon: allow a compound request after a TreeConnect
s3:smb2_sesssetup: allow a compound request after a SessionSetup
auth/gensec: clear the update_busy_ptr in gensec_subcontext_start()
auth/gensec: add GENSEC_UPDATE_IS_NTERROR() helper macro
s4:libcli/smb_composite: simplify gensec_update_ev() handling in session_setup_spnego()
s4:libcli/smb_composite: move chosen_oid to state->chosen_oid
s4:libcli/smb_composite: split out session_setup_spnego_restart() from session_setup_spnego()
s4:libcli/smb_composite: move session_setup_spnego_restart() to the callers of session_setup_spnego()
s4:libcli/smb_composite: move gensec_update_ev() out of session_setup_spnego()
s4:libcli/smb_composite: make the first round to gensec async
s4:libcli/smb_composite: add early returns to sesssetup.c:request_handler()
s4:libcli/smb_composite: make the additional gensec_update steps async
python/tests: test SMB1 and SMB2/3 in auth_log.py
s3:rpc_server/spoolss: allow spoolss_connect_to_client() to use SMB2
s3:libsmb: remove unused cli_state_remote_realm()
s3:libsmb: no longer pass remote_realm to cli_state_create()
s3:libsmb: normalize leading slashes in cli_resolve_path()
s3:libsmb: add cli_smb2_delete_on_close*()
s3:libsmb: add support for SMB2 to cli_nt_delete_on_close*()
libcli/smb: add smb_protocol_types_string()
s3:torture: make use of smb_protocol_types_string() in run_smb2_negprot()
s3:libsmb: add CLI_FULL_CONNECTION_FORCE_SMB1
s3:torture: use CLI_FULL_CONNECTION_FORCE_SMB1 in torture_open_connection_share()
s3:client: smbclient -L can't do workgroup listing over SMB2/3
s3:torture pass flags to torture_open_connection_share()
s3:torture: use CLI_FULL_CONNECTION_FORCE_SMB1 in run_tcon_devtype_test()
s3:torture: use CLI_FULL_CONNECTION_FORCE_SMB1 in run_chain2()
s3:pylibsmb: use CLI_FULL_CONNECTION_FORCE_SMB1 in py_cli_state_init()
s3:libsmb: add CLI_FULL_CONNECTION_DISABLE_SMB1
s3:torture: add torture_open_connection_flags()
s3:torture: use CLI_FULL_CONNECTION_DISABLE_SMB1 in run_oplock_cancel()
s3:test_acl_xattr.sh: use -mNT1 for the 'getfacl' commands
s3:test_smbclient_s3.sh: make it explizit where we want to force SMB1 or SMB3
s3:test_smbclient_s3.sh: pass the protocol (NT1) to the script
tevent: include the finish location in tevent_req_default_print()
tevent: version 0.9.32
pidl:NDR/Parser: fix "skip" for pointers
pidl:NDR/Parser: add "skip_noinit" element
ntprinting.idl: make use of [skip_noinit] for string_flags
pidl:NDR/Parser: initialize [skip] values in ndr_pull_*
s3:smbd: only set user_info->auth_description on success
s3:smbd: inline check_guest_password() into reply_sesssetup_and_X()
s3:smbd: introduce a reply_sesssetup_and_X_state
s3:smbd: call auth_check_password_session_info() only in one central place
s4:auth/unix_token: remove unused tevent_context from security_token_to_unix_token()
s4:auth/unix_token: remove unused tevent_context from auth_session_info_fill_unix()
s4:dsdb/samdb: pass an existing 'struct ldb_context' to crack_name_to_nt4_name()
s4:dsdb/samdb: pass an existing 'struct ldb_context' to crack_auto_name_to_nt4_name()
auth/ntlmssp: remove useless talloc_steal calls in ntlmssp_server_check_password()
auth/ntlmssp: make ntlmssp_server_check_password() shorter
auth/ntlmssp: enforce NTLMSSP_NEGOTIATE_NTLM2 for the NTLMv2 client case
s3:test_smbclient_basic.sh: make use of $ADDARGS
s3:test_smbclient_basic.sh: make use of $incdir/common_test_fns.inc
s3:selftest: run test_smbclient_basic.sh against nt4_dc_schannel with various protocols
selftest: run nt4_dc_schannel with 'server max protocol = SMB2_02'
s3:smbd: unimplement FSCTL_VALIDATE_NEGOTIATE_INFO with "server max protocol = SMB2_02"
pidl:NDR/Parser: add missing {start,end}_flags() to ParseElementPrint()
librpc/ndr: align the definition of LIBNDR_STRING_FLAGS with currently defined flags
librpc/ndr: add LIBNDR_FLAG_IS_SECRET handling
idl_types.h: add NDR_SECRET shortcut
s3:librpc: let NDR_SECRETS depend on NDR_SECURITY
s3:libads: remove unused kerberos_secrets_store_salting_principal()
krb5_wrap: add smb_krb5_salt_principal()
krb5_wrap: add smb_krb5_salt_principal2data()
s3:libnet_join: remove dead code from libnet_join_connect_ads()
s3:libnet_join: calculate r->out.account_name in libnet_join_pre_processing()
s3:libnet_join.idl: return the domain_guid in libnet_JoinCtx
s3:libnet_join: remember the domain_guid for AD domains
s3:libnet_join.idl: add krb5_salt to libnet_JoinCtx
s3:libnet_join: remember r->out.krb5_salt in libnet_join_derive_salting_principal()
s3:libnet_join: move kerberos_secrets_store_des_salt() out of libnet_join_derive_salting_principal()
s3:libnet_join: split libnet_join_post_processing_ads() into modify/sync
s3:libnet_join: call do_JoinConfig() after we did remote changes on the server
s3:libnet_join: move libnet_join_joindomain_store_secrets() to libnet_join_post_processing()
s3:libnet_join: move kerberos_secrets_store_des_salt() to libnet_join_joindomain_store_secrets()
s3:libads: remove kerberos_secrets_fetch_salting_principal() fallback
s3:libads: provide a simpler kerberos_fetch_salt_princ() function
s3:gse_krb5: simplify fill_keytab_from_password() by using kerberos_fetch_salt_princ()
s3:libnet: make use of kerberos_secrets_fetch_salt_princ()
s3:libads: make use of kerberos_secrets_fetch_salt_princ() in ads_keytab_add_entry()
s3:libads: remove unused kerberos_fetch_salt_princ_for_host_princ()
s3:secrets: move kerberos_secrets_*salt related functions to machine_account_secrets.c
s3:secrets: rework des_salt_key() to take the realm as argument
s3:secrets: split out a domain_guid_keystr() function
s3:secrets: add some const to secrets_store_domain_guid()
s3:secrets: make use of des_salt_key() in secrets_store_machine_pw_sync()
s3:secrets: rename secrets_delete() to secrets_delete_entry()
s3:secrets: re-add secrets_delete() helper to simplify deleting optional keys
s3:secrets: make use of secrets_delete() in secrets_store_machine_pw_sync()
s3:secrets: let secrets_store_machine_pw_sync() delete the des_salt_key when there's no value
s3:secrets: replace secrets_delete_prev_machine_password() by secrets_delete()
s3:secrets: rewrite secrets_delete_machine_password_ex() using helper variables
s3:secrets: let secrets_delete_machine_password_ex() remove SID and GUID too
s3:secrets: let secrets_delete_machine_password_ex() also remove the des_salt key
s3:secrets: use secrets_delete for all keys in secrets_delete_machine_password_ex()
s3:trusts_util: pass dcname to trust_pw_change()
libcli/auth: pass an array of nt_hashes to netlogon_creds_cli_auth*()
libcli/auth: add const to set_pw_in_buffer()
libcli/auth: pass the cleartext blob to netlogon_creds_cli_ServerPasswordSet*()
s3:trusts_util: also pass the previous_nt_hash to netlogon_creds_cli_auth()
lsa.idl: make lsa_DnsDomainInfo [public]
netlogon.idl: make netr_TrustFlags [public]
netlogon.idl: use lsa_TrustType and lsa_TrustAttributes in netr_trust_extension
secrets.idl: add secrets_domain_info that will be used in secrets.tdb for machine account trusts
s3:secrets: add infrastructure to use secrets_domain_infoB to store credentials
net: add "net primarytrust dumpinfo" command that dumps the details of the workstation trust
s3:libnet: make use of secrets_store_JoinCtx()
s3:trusts_util: make use the workstation password change more robust
net: make use of secrets_*_password_change() for "net changesecretpw"
s3:libads: make use of secrets_*_password_change() in ads_change_trust_account_password()
s3:secrets: remove unused secrets_store_[prev_]machine_password()
selftest:Samba3: call "net primarytrust dumpinfo" setup_nt4_member() after the join
s4:password_hash: make use of smb_krb5_salt_principal() and smb_krb5_salt_principal2data()
auth/credentials: make use of smb_krb5_salt_principal() in cli_credentials_get_keytab()
auth/credentials: remove unused smb_krb5_create_salt_principal()
s3:smb2_create: avoid reusing the 'tevent_req' within smbd_smb2_create_send()
s3:smb2_create: remove unused timer pointer from smbd_smb2_create_state
s3:test_smbclient_s3.sh: improve the error handling
s3:smbclient: remove unreliable Domain=[...] OS=[Windows 6.1] Server=[...] banner
s3:libsmb: remove unused show_sessetup handling from do_connect()
s3:libsmb: remove unused 'bool show_hdr' from cli_cm_connect()
s3:libsmb: remove unused 'bool show_hdr' from cli_cm_open()
WHATSNEW: document the new smbclient banner
s3:selftest: also run test_smbclient_s3.sh with PROTO=SMB3
s3:test_acl_xattr.sh: allow passing additional arguments for smbclient and smbcacls
Revert "s3:test_acl_xattr.sh: use -mNT1 for the 'getfacl' commands"
s3:test_acl_xattr.sh: add more assertion about the expected output.
s3:selftest: run samba3.blackbox.acl_xattr with NT1 and SMB3
s3:selftest: run samba3.blackbox.inherit_owner tests with NT1 and SMB3
s3:selftest: run samba3.blackbox.large_acl tests with NT1 and SMB3
s3:selftest: run samba3.blackbox.smbclient_tar* tests with NT1 and SMB3
s3:selftest: also run samba3.blackbox.smbclient_krb5 with the new ccache
s3:test_smbclient_posix_large.sh: there's no posix test to rename to test_smbclient_large_file.sh
s3:selftest: run samba3.blackbox.smbclient_large_file (NTLM) with NT1 and SMB3
param: change the effective default for "client max protocol" to the latest supported protocol
WHATSNEW: document "client max protocol" change to SMB3_11
s4:auth_winbind: fix error checking in winbind_check_password()
s4:auth_winbind: rename 's' to 'state' in winbind_check_password()
s4:auth/ntlm: move auth_check_password_wrapper() further down
s4:auth/ntlm: introduce auth_check_password_next()
s4:auth/ntlm: allow auth_operations to specify check_password_send/recv()
auth/spnego: make use of data_blob_null instead of using data_blob(NULL, 0)
auth/spnego: move gensec_spnego_update_wrapper() into gensec_spnego_update_send()
auth/spnego: set state_position = SPNEGO_DONE in gensec_spnego_update_cleanup()
auth/spnego: move gensec_spnego_update_in() after gensec_spnego_update_send()
auth/spnego: move some more logic to gensec_spnego_update_in()
auth/spnego: move gensec_spnego_update_out() behind gensec_spnego_update_in()
auth/spnego: rename spnego_state->no_response_expected to ->sub_sec_ready
auth/spnego: consitently set spnego_state->sub_sec_ready = true after gensec_update_ev()
auth/spnego: remove useless spnego_state->sub_sec_ready check
auth/spnego: add gensec_spnego_update_sub_abort() helper function
auth/spnego: remove unused out_mem_ctx = spnego_state fallback in gensec_spnego_update()
auth/spnego: split out gensec_spnego_update_{client,server}() functions
auth/spnego: move gensec_spnego_update() into gensec_spnego_update_send()
auth/spnego: do basic state_position checking in gensec_spnego_update_in()
wafsamba: add maxversion and version_blacklist to CHECK_BUNDLED_SYSTEM[_PKG]()
tdb: version 1.3.14
ldb:wscript: provide LDB_VERSION_{MAJOR,MINOR,RELEASE} in ldb_version.h
ldb:wscript: define EXPECTED_SYSTEM_LDB_VERSION_{MAJOR,MINOR,RELEASE}
ldb:includes: protect ldb_modules.h from being used by Samba < 4.7
ldb: version 1.2.0
dsdb: Add more locking more tests, confirming blocking locks in both directions
s3:rpc_server: wrap make_auth4_context() into {become,unbecome}_root()
VERSION: Bump version up to 4.7.0rc2...
WHATSNEW: Add release notes for Samba 4.7.0rc2
VERSION: Disable GIT_SNAPSHOTS for the 4.7.0rc2 release
VERSION: Bump version up to 4.6.0rc3...
s3:smbd: consistently use talloc_tos() memory for rpc_pipe_open_interface()
WHATSNEW: move the CTDB changes section before the Parameter changes
WHATSNEW: add a note about the new 'smbclient deltree' command.
ldb: version 1.2.1
tevent: avoid calling talloc_get_name(NULL) in tevent_req_default_print()
tevent: handle passing req = NULL to tevent_req_print()
tevent: version 0.9.33
s3:libsmb: let get_ipc_connect() use CLI_FULL_CONNECTION_FORCE_SMB1
s3:smbclient: improve the error messages for smbclient -L
s3:smbclient: don't try any workgroup listing with "client min protocol = SMB2"
s3:libsmb: don't call cli_NetServerEnum() on SMB2/3 connections in SMBC_opendir_ctx()
s3:libsmb: let do_connect() debug the negotiation result similar to "session request ok"
s4:http/gensec: add missing tevent_req_done() to gensec_http_ntlm_update_done()
libcli/smb: debug an error if smb1cli_req_writev_submit() is called for SMB2/3
s3:secrets: allow secrets_fetch_or_upgrade_domain_info() on an AD DC
s3:gse_krb5: make use of precalculated krb5 keys in fill_mem_keytab_from_secrets()
charset/tests: assert the exact values of str[n]casecmp_m()
charset/tests: add more str[n]casecmp_m() tests to demonstrate the bug
charset/tests: also tests the system str[n]casecmp()
charset: fix str[n]casecmp_m() by comparing lower case values
CVE-2017-12150: s3:popt_common: don't turn a guessed username into a specified one
CVE-2017-12150: s3:lib: get_cmdline_auth_info_signing_state smb_encrypt SMB_SIGNING_REQUIRED
CVE-2017-12150: s3:pylibsmb: make use of SMB_SIGNING_DEFAULT for 'samba.samba3.libsmb_samba_internal'
CVE-2017-12150: libgpo: make use of SMB_SIGNING_REQUIRED in gpo_connect_server()
CVE-2017-12150: auth/credentials: cli_credentials_authentication_requested() should check for NTLM_CCACHE/SIGN/SEAL
CVE-2017-12150: libcli/smb: add smbXcli_conn_signing_mandatory()
CVE-2017-12150: s3:libsmb: only fallback to anonymous if authentication was not requested
CVE-2017-12151: s3:libsmb: add cli_state_is_encryption_on() helper function
CVE-2017-12151: s3:libsmb: make use of cli_state_is_encryption_on()
Steve French (1):
lib: Annotate well known SID names
Thomas Jarosch (1):
s3: libsmb: Fix use-after-free when accessing pointer *p.
Thomas Nagy (1):
build:wafsamba: Remove ambiguous 'if x in conf.env' constructs
Tim Beale (4):
tests: Add simple check whether netlogon server is running
selftest: Add test to confirm NTLM authentication is enabled
selftest: Disable NTLM authentication in ktest environment
selftest: Add test for password change when NTLM is disabled
Tom Mortensen (2):
nss_wins: ip_pton expects the raw IP address
nss_wins: Fix the hostent setup
Trever L. Adams (2):
Update smbrun to allow for settings environment variables.
strv.c: add strv_to_env for use with execle, etc.
Uri Simchoni (134):
selftest: run net ads join test in a private client env
selftest: add some test cases to net ads join
build: fix disk-free quota support on Solaris 10
build: improve comments in tests/oldquotas.c
smbd: remove quota support for some ancient OSs
build: fix build when --without-quota specified
vfs_acl_common: avoid setting POSIX ACLs if "ignore system acls" is set
seltest: add test for "ignore system acls" in vfs_acl_xattr.
lib/util: fix function comment
s3-profile: reduce dependencies of smbprofile.h
s3-profile: add PROFILE_TIMESTAMP macro
asys: call clock_gettime_mono() only on profile-enabled build
vfs_aio_linux: call clock_gettime_mono() only on profile-enabled build
vfs_aio_fork: call clock_gettime_mono() only on profile-enabled build
vfs_glusterfs: call clock_gettime_mono() only on profile-enabled build
nt-quotas: vfs_get_ntquota() return NTSTATUS
nt-quotas: return 0 as indication of no quota
ntquotas - skip entry if the quota is zero
sys-quotas: do not fail if user has no quota
xfs-quota: do not fail if user has no quota
nfs-quota: do not fail on ECONNREFUSED
smbd: do not cover up VFS failures to get quota
smbcquotas: print "NO LIMIT" only if returned quota value is 0.
tdb: rework cleanup logic in tdb_runtime_check_for_robust_mutexes()
libads: record session expiry for spnego sasl binds
nt-quotas: fixup failure case for TRANSACT_GET_USER_QUOTA_FOR_SID
xfs quotas - fix case of no quota for user
Reset WHATSNEW.txt for 4.5.x series
smbd: remove "only user" and "username" parameters
WHATSNEW: Document "only user" removal
heimdal: encode/decode kvno as signed integer
s3-quotas: fix sysquotas_4B quota fetching for BSD
heimdal make kvno unisgned internally
s3-sysquotas-linux: remove support for old interfaces
s3-sysquotas-linux: remove check for EDQUOT on getting user quota
s3-sysquotas-linux - cleanup
vfs_fake_dfq: add more mocking options
selftest: add disk-free quota tests
smbd: dfree - ignore quota if not enforced
s3-sysquotas-linux: do not check for EDQUOT
selftest: remove test for EDQUOT returned from quota backend
vfs_fake_dfq - remove support for generating EDQUOT
s3-sysquotas: remove special handling of EDQUOT
s3-dfree-quota: remove special handling of EDQUOT
selftest: Add test for domain join + kerberos-only auth
s3-libads: fix a memory leak in ads_sasl_spnego_bind()
auth: fix a memory leak in gssapi_get_session_key()
s3-param: add kerberos encryption types parameter
libads: use "kerberos encryption types" parameter
heimdal: honor conf enctypes when obtaining a service ticket
selftest: tests for kerberos encryption types
selftest: add a test for "inherit owner" parameter
smbd: add an option to inherit only the UNIX owner
selftest: add a test for new "inherit owner" option
quotas: small cleanup
smbd: get a valid file stat to disk_quotas
smbd: use owner uid for free disk calculation if owner is inherited
selftest: refactor test_dfree_quota.sh - add share parameter
selftest: add tests for dfree with inherit owner enabled
s4-smbtorture: use standard macros in smb2.read test
s4-selftest: add functions which create with desired access
s4-selftest: add test for read access check
seltest: implicit FILE_READ_DATA non-reporting
seltest: allow opening files with arbitrary rights in smb2.ioctl tests
s4-smbtorture: pin copychunk exec right behavior
smbd: look only at handle readability for COPYCHUNK dest
smbd: allow reading files based on FILE_EXECUTE access right
s2-selftest: run shadow_copy2 test both in NT1 and SMB3 modes
selftest: add content to files created during shadow_copy2 test
selftest: check file readability in shadow_copy2 test
selftest: test listing directories inside snapshots
vfs_shadow_copy: handle non-existant files and wildcards
selftest: skip client_etypes tests if tshark or sha1sum is not installed
selftest: detect older tshark version
heimdal-lib/krb5: keep a copy of config etypes in the context
heimdal: revert 1f90983324b9f5804dc57f87c5f7695b0e53db8d
s3-cliquota: correctly handle no-more-entries
smbcquotas: fix error message listing quotas
ntquotas: support "freeing" an empty quota list
cliquota: fix param count when setting fs quota
smbd: free talloc context if no quota records are available
s3-libsmb: Support getting fs attributes via SMB2
s3-libsmb: make parse_user_quota_record() public
s3-libsmb: support getting user's quota in SMB2
cliquota: refactor and cleanup listing of user quotas
cliquota: some security hardening
cliquota: factor out parsing of a quota record buffer
cliquota: implement quota listing in SMB2
cliquota: factor out fs quota parsing
cliquota: support getting fs quota by SMB2
cliquota: factor out building of FILE_QUOTA_INFORMATION
cliquota: support setting user quota via SMB2
cliquota: factor out building of FILE_FS_CONTROL_INFORMATION
cliquota: support setting file system quota via SMB2
smbcquotas: add -m option
README.Coding: Remove an extra space
README.Coding: Add rule about function declaration indentation
README.Coding: Add clang-format style file
s3-sysquotas: correctly restore path when finding mount point
selftest: test NTLM user at realm authentication
winbindd: do not modify credentials in NTLM passthrough
smbd: in ntlm auth, do not map empty domain in case of \user at realm
WHATSNEW: document kerberos encryption types
WHATSNEW: document new inherit owner option
smbd: avoid extra churn on a debug print
cli-quotas: fix potential memory leak
waf: backport finding of pkg-config
smbd: refuse_symlink() - do not fail if the file does not exist
smbd: get_ea_list_from_file_path() - remove a duplicate statement
smbd: remove coupling between get_ea_names_from_file() and "ea support"
testparm: remove check for "ea support" in fruit shares
vfs_fruit: drop "ea support" from the manpage
selftest: remove "ea support" from vfs_fruit-related setups.
talloc: fix doxygen of talloc_move
doc: update "ea support" section of the smb.conf manpage
smbd: add zero_file_id flag
vfs_fruit: enable zero file id
vfs_fruit: document added zero_file_id parameter
torture: add torture_assert_mem_not_equal_goto()
selftest: tests for vfs_fruite file-id behavior
s3: libsmb: add replace support to SMB2 rename
s3: libsmb: add replace support to cli_rename()
smbclient: add -f option to rename command
manpages: update smbclient manpage with rename -f option
libcli: introduce smbXcli_conn_support_passthrough()
s3-libsmb: cli_cifs_rename_send()
s3-libsmb: fail rename and replace inside cifs variant
s3-libsmb: support rename and replace for SMB1
docs: fixup smbclient rename -f option
build: refuse to build without PAM support if enabled
selftest: test fetching a large ACL from vfs_acl_xattr
vfs_xattr_tdb: handle case of zero size.
vfs_acl_xattr: factor out fetching of an extended attribute
vfs_acl_xattr: avoid needlessly supplying a large buffer to getxattr()
Volker Lendecke (684):
vfs_united_media: Fix CID 1355492 Uninitialized scalar variable
smbd: Avoid an "else"
smbd: Prevent a crash
libads: Fix CID 1356316 Uninitialized pointer read
crypto: Fix CID 1356314 Resource leak
lib: Fix CID 1356315 Dereference before null check
ctdb: Fix CID 1356313 Explicit null dereferenced
libsmb: Fix CID 1356312 Explicit null dereferenced
winbind: Fix CID 1357100 Unchecked return value
torture: Fix the O3 developer build
idmap: Factor out lp_scan_idmap_domains()
winbind: Introduce id_map_ptrs_init
winbind: Do per-domain xids2sids calls
winbind: Add idmap_backend_unixids_to_sids
winbind: Pass down the domain name to xids2sids
winbind: Use plural xids2sids in _wbint_UnixIDs2Sids
winbind: Remove unused idmap_[ug]id_to_sid
winbind: Remove unused idmap_backends_unixid_to_sid
winbind: Fix a typo in a wrong comment...
pam_winbind: Avoid a use of sprintf
docs: build idmap_script.8 by default
docs: Mention _NO_WINBINDD in idmap_script.8
nwrap: Fix the build on Solaris
vfs_catia: Align loop index with terminator
vfs_catia: Fix bug 11827, memleak
tdb mutex check: Fix CID 1358473 Uninitialized scalar variable
idmap_ad: Separate out the nss functions
tldap: Add tldap_get/set_stream
tldap: Add tldap_gensec_bind
winbind: Add wb_dsgetdcname_gencache_[gs]et
winbind: handle DC_NOT_FOUND in wb_sids2xids
winbind: handle DC_NOT_FOUND in wb_xids2sids
winbind: Base idmap_ad on tldap
pdb_ldap: Don't use autofree if "mods" still changes
ctdbd_conn: Adapt loop counter's type to the loop limit
ctdbd_conn: Use sys_poll_intr
ctdbd_conn: Use ctdbd_init_connection in ctdbd_probe
ctdbd_conn: Make ctdbd_init_connection public
lib: Use ctdbd_init_connection in messaging_ctdbd_init
ctdbd_conn: Remove unused ctdbd_messaging_connection
lib: Move ctdbd_init_connection out of ctdbd_traverse()
lib: serverid.h references struct server_id
ctdbd_conn: Avoid "includes.h"
ctdbd_conn: Use ctdbd_control_local where possible
ctdbd: Use talloc_memdup where appropriate
ctdbd_conn: Add some more debug info
ctdbd_conn: Make "cstatus" int32_t
dbwrap_ctdb: Fix ENOENT->NT_STATUS_NOT_FOUND
smbd: Avoid large reads beyond EOF
docs: Fix an outdated remark, tdbsam is default
lib: The base64 chars are by definition single-byte :-)
lib: =0 and |= is equivalent to =
lib: Make callers of base64_encode_data_blob check for success
lib: Remove SMB_ASSERT from base64_encode_data_blob
lib: Give base64.c its own .h
lib: Avoid includes.h in base64.c
smbd: Remove an unused #define
smbd: Fix an assert
ctdb: Improve debug in case of set_runstate failure
ctdb: Fix the O3 developer build
lib: Fix a signed/unsigned mixup
lib: Fix some whitespace
torture: Remove a use of get_my_vnn()
ctdbd_conn: remove ctdb_processes_exist
ctdbd_conn: Simplify two DEBUGs
ctdbd_conn: "sockname" is not needed anymore
ctdbd_conn: Expose ctdb socket readability handler
lib: Move async message handling out of ctdbd_conn
dbwrap_ctdb: Align loop index with terminator
dbwrap_ctdb: Add "conn" to db_ctdb_ctx
dbwrap_ctdb: Pass in ctdbd_connection
dbwrap: Add "msg_ctx" to db_open_ctdb
ctdbd_conn: Remove messages.h dependency
dbwrap_ctdb: Fix some 32-bit hickups
dbwrap_ctdb: Remove get_my_vnn dependency
ctdb: Fix CID 1361817 Dereference after null check
ctdb: Fix CID 1327222 Copy into fixed size buffer
vfs_fileid: Fix a signed/unsigned mixup
vfs_fruit: Fix a few signed/unsigned mixups
samdb: Improve debugging in acl_validate_spn_value()
drsuapi: Improve debug in DsWriteAccountSpn
dsdb: Simplify acl_validate_spn_value
lib: Move msghdr to lib/util/
lib: Move poll_funcs to lib/
lib: Add accept_send/recv
lib: Fix CID 1362566 Dereference null return value
rpc_server: Fix CID 1362565 Improper use of negative value
libsmb: Fix two CIDs for NULL dereference
lib: Fix a signed/unsigned mixup
libreplace: Add a closefrom() implementation
lib: Add a little closefrom() test
smbd: Fix a signed/unsigned hickup
smbd: Fix a valgrind error
libnet: Fix CID 1362934: CHECKED_RETURN
ldb: Fix CID 1362935: CHECKED_RETURN
dsdb: Fix CID 1363810: Null pointer dereferences
lib: Print own pid in messaging_init
lib: Avoid a "procid_is_local" call
lib: Allow NULL blob for messaging_send()
tdb: Don't malloc for every record in traverse
lib: Add server_id_watch_send
dbwrap: Add "blocker" to record_watch_send
g_lock: Use "blocker" argument to dbwrap_record_watch_send
dbwrap: Add overflow protection to dbwrap_record_watchers_key()
dbwrap: Add an alternative implementation of dbwrap_watch_record_send
lib: Convert g_lock to new dbwrap_watch
smbd: Convert locking.tdb to new dbwrap_watch
smbd: Convert smbXsrv_open_global.tdb to new dbwrap_watch
smbd: Remove a reference to dbwrap_watch_db()
dbwrap: Remove dbwrap_watchers.tdb based code
lib: Fix a signed/unsigned mixup
smbd: Don't stop sending to children when one send fails
smbd: sconn->sys_notify_ctx is not used
smbd: Factor out notify_init
smbd: Add fsp_fullbasepath
smbd: Avoid a talloc_asprintf
smbd: Add "path" to notify_remove
smbd: "path" is no longer needed in notify_list
smbd: Make notify_callback() public
smbd: There's only one notify_callback
smbd: Pass "sconn" via notify to notify_callback()
smbd: Protect notify_callback from stray pointers
smbd: Remove "listel" from notify_msg
notify_msg: Deregister handler upon talloc_free
smbd: Remember notifyd's serverid
smbd: Log which notifyd was found
smbd: Store notify filters in fsp->notify
smbd: Restart notifyd
smbd: Re-register notify requests
notifyd: Move BlockSignals calls to server.c
smbd: Enable leases by default
tevent: Save 32 bytes of .text in tevent_req_create
tevent: Save 140 bytes of .text in tevent_req_create
tevent: Add overflow protection to tevent_req_create
dsdb: Fix CID 1364520 Incorrect expression (EVALUATION_ORDER)
lib: Move "message_send_all" to serverid.c
fss_agent: Fix a signed/unsigned mixup
pyrpc: Fix CID 1364169 Explicit null dereferenced
ctdb: Fix uninitialized variable warnings
lib: Fix a pointless error check
ldb: Fix two signed/unsigned hickups
ldb: Fix some signed/unsigned hickups
lib: Use replace.h properly in pthreadpool
nfs4acls: Remove a typedef
nfs4acls: Add some const
nfs4acls: Add "smbacl4_vfs_params" parameter to smb_fget_nt_acl_nfs4
nfs4acls: Add "smbacl4_vfs_params" parameter to smb_get_nt_acl_nfs4
nfs4acls: Add "smbacl4_vfs_params" parameter to smb_set_nt_acl_nfs4
nfs4acls: Make smbacl4_vfs_params public
nfs4acls: Allow nfs4 acl params to be set by callers
vfs_gpfs: Load nfs4 acl params at tcon time
ctdb: Fix the O3 developer build on RHEL7
tevent: Fix a typo
lib: Cleanup includes in messages_dgm
lib: Fix poll_func_timeout prototypes
lib: Change poll_funcs to take direct timevals
lib: Remove "num_watches" from poll_funcs_state
lib: Remove "num_contexts" from poll_funcs_state
lib: Implement poll_timeout
messaging_dgm: Fix signed/unsigned hickups
libreplace: Ask for eventfd(2)
tevent: Fix a typo
tevent: Move the async wakeup pipe to common
tevent: Add threaded immediate activation
lib: enable threaded immediates in source3
tevent: reorder tevent_context for cache locality
tevent: Simple test for threaded immediates
tevent: Move rundown of the event pipe
tevent: Move a variable declaration into a while block
tevent: Use eventfd for signal/thread wakeup
lib: Add pthreadpool_pipe
lib: Use pthreadpool_pipe instead of pthreadpool
lib: Move pipe signalling to pthreadpool_pipe.c
lib: add job data to to callback
lib: Add pthreadpool_tevent
smbtorture3: Add LOCAL-PTHREADPOOL-TEVENT
smbd: Add pthreadpool_tevent to smbd_server_connection
vfs: Convert vfs_pread_send to pthreadpool_tevent
vfs: Convert vfs_write_send to pthreadpool_tevent
vfs: Convert vfs_fsync_send to pthreadpool_tevent
vfs: Remove link to asys_
lib: Remove unused source3/lib/asys
rpc_server: Fix a typo
docs: Fix a typo
dbwrap_watch: Add dsize to DEBUG, avoid casts
tdb: Fix a signed/unsigned hickup
tdb: Do an overflow check
tdb: Remove unnecessary checks
tdb: Allow _v variant in tdb_update_hash_cmp
tdb: Vectorize tdb_update_hash
tdb: Vectorize _tdb_store
tdb: Add tdb_trace_1plusn_rec_flag_ret
tdb: Add tdb_storev
tdb: Use tdb_storev in tdb_append
dbwrap: Use tdb_storev in dbwrap_ctdb
lib: Use tdb_storev in gencache
pthreadpool: Fix formatting
pthreadpool: We always want asserts to abort()
pthreadpool: Signal job completion without the pool mutex
ldb: Fix a signed/unsigned hickup
tevent: Fix some typos
kcc: Fix a -Werror,-Wformat-security error
lib: call_backtrace() is no more
notifyd: Fix bad comment wording
notifyd: Avoid "includes.h"
notifyd: Trim down the noncluster case
notifyd: Don't trust remote pointers
lib: Avoid a few casts
auth: One const is enough...
unix_msg: Fix CID 1372875 Double close
unix_msg: Fix unix_dgram_send_queue_init
smbd: Reset O_NONBLOCK on open files
tevent_tutorial: Fix typos
tevent_tutorial: Fix tevent_thread referencing
gencache: Bail out of stabilize if we can not get the allrecord lock
glusterfs: Avoid tevent_internal.h
lib: Only return "rec" on demand in messaging_filtered_read_recv
wbclient: "ev" is no longer used in wbc_sids_to_xids
wbclient: "ev" is no longer used in wbc_xids_to_sids
messaging: Add wrap check to messaging_rec_dup
lib: Fix CID 1373389 Uninitialized scalar variable
lib: Fix CID 1373388 Uninitialized scalar variable
lib: Fix bug 12291
dbwrap_watch: Improve a debug message
messaging4: Fix signed/unsigned hickups
tevent: Factor out tevent_common_insert_timer
tevent: Add tevent_update_timer()
tevent: Rename wakeup fds
tevent: Add tevent_common_wakeup_fd()
tevent: Make talloc_free safe when threaded_contexts exist
pthreadpool: Make "shutdown" a bool
pthreadpool: Use detached threads
pthreadpool_pipe: Implement EBUSY for _destroy
pthreadpool_tevent: Move the pthreadpool_tevent_job_state declaration
pthreadpool_tevent: Drop running jobs on talloc_free
pthreadpool: Add a small test for pthreadpool_tevent
messages_dgm: Convert to pthreadpool_tevent
lib: Remove unix_msg
lib: Remove poll_funcs
messaging: add an overflow test
lib: Add messaging_rec_create
messaging: Optimize self-sends
tevent: Add tevent_req_reset_endtime
messages_dgm: Drop a segment if we can't ship it for 60 seconds
messages_dgm: Pass down event_ctx one level
messages_dgm: Pass receiving "ev" to recv_cb
messages_dgm_ref: Pass receiving "ev" to recv_cb
messaging: Pass "ev" to messaging_dispatch_rec
messaging: Act on messages within the right context
messaging4: Postpone messages to the right tevent context
messaging: Make messaging_dgm_register_tevent_context return a tevent_fd
messaging: Disable the correct fde on error
messaging: Avoid a default tevent_fd
messaging: Avoid crashes
messages_dgm: Avoid an unnecessary declaration
messaging: Add an indirection for messaging_dgm_register_tevent_context
nfs4acls: Fix SMB_ACE4_MAX_TYPE define
lib: Fix CID 1373623 Dereference after null check
messaging: add an overflow check
spoolss: Fix caching of printername->sharename
debug: Fix a few signed/unsigned hickups
smbd: Fix a comment
examples: Add smb2mount
pthreadpool: Rearrange locks a bit
talloc: Fix CID 1373621 Unchecked return value
pthreadpool: Fix CID 1373620 Unchecked return value from library
messaging: Fix CID 1373625 Unused value
messaging: Fix CID 1373622 Extra high-order bits
talloc: Fix CID 1373619 Unchecked return value
ctdb: Fix format errors for time_t!=long
ctdb: Add a required include
lib: Fix a pthreadpool race condition
vfs: Fix warnings for time_t != long
ldb: Fix a signed/unsigned mixup
lib: Fix an uninitialized variable
loadparm: Fix a warning for increased alignment
lib: Fix a signed/unsigned hickup
torture: Fix clang errors
torture: Fix uninitialized variables
libcli: Increase the debug level for expired tickets
wbinfo: Use ntlmv2 by default for wbinfo -a
lib: memcache.h needs some includes
lib: Avoid includes.h in access.c
lib: Rename fgets_slash to x_fgets_slash
lib: Reformat x_fgets_slash
lib: Apply an overflow check
lib: Move x_fgets_slash to xfile.c
lib: Remove global xfile.h includes
ntlm_auth: Avoid some statics
ldb: version 1.1.28
selftest: Fix timestamps on FreeBSD 11
ntlm_auth4: Remove it
tdb: NULL out tdb->mutexes in tdb_mutex_munmap
tdb: Only mmap the mutex area if not already mmap'ed
tdb: Fix mutexes on FreeBSD
ldb: Fix typos
ldb: Fix an unused variable warning
lib: Avoid includes.h in bitmap.c
lib: Delete an orphaned piece of code in samlogon_cache.c
lib: Delete unused netsamlogon_cache_shutdown
lib: Fix netsamlogon_cache_have for README.Coding
lib: Add samlogon_cache.h
lib: Avoid fstring in samlogon_cache.c
lib: Replace use of deprecated talloc_destroy
lib: Avoid includes.h in samlogon_cache.c
lib: Fix a comment
lib: Remove a used-once variable
winbind: lookup_usergroups_cached doesn't use the "domain" parameter
idmap_hash: Make lw_map_file static
idmap_hash: stdio.h comes with replace.h
idmap_autorid: Add a {} pair in an if-statement
lib: Make dom_sid_parse_endp init "endp" on all "ok" paths
idmap_autorid: dom_sid_parse_endp always initializes "endp" when ok
winbind: dom_sid_parse_endp always initializes "endp" when ok
smbclient4: xfile->stdio
smbclient: xfile->stdio
idmap_hash: xfile->stdio
lib: popt_common xfile->stdio
lib: Add fgets_slash
smbd: username map file handling xfile->stdio
torture: upload_printer_driver_file xfile->stdio
ntlm_auth3: xfile->stdio
vfs: expand_msdfs xfile->stdio
rpc_server: svcctl xfile->stdio
printing: std_pcap_cache_reload xfile->stdio
printing: Convert aix_cache_reload to stdio
libnbt: lmhosts xfile->stdio
lib: smbreadline xfile->stdio
nmbd: xfile->stdio
lib: Remove xfile
libsmb: Correctly report error for rename failure
samlogon_cache: Simplify netsamlogon_cache_have
samlogon_cache: Add the user's domain sid into the samlogon_cache
samlogon_cache: Rename "user_sid" to "sid"
idmap_autorid: Slightly simplify idmap_autorid_unixids_to_sids
idmap_tdb: Harden idmap_tdb_common_unixid_to_sid
idmap_autorid: Protect against dsize==0
idmap_autorid: Fix a comment
idmap_autorid: Tighten idmap_autorid_id_to_sid a bit
idmap_autorid: idmap_autorid_sid_to_id_rid only uses low_id from "range"
idmap_autorid: idmap_autorid_sid_to_id_rid only uses rangesize from "global"
idmap_autorid: Do a readonly attempt before looking at the tdc cache
idmap_autorid: Only look at the tdc cache when allocating ranges
idmap_autorid: Add ntstatus to a debug message
idmap_autorid: Fix checks for valid domains to allocate ranges for
idmap_autorid: Make idmap_autorid_acquire_range public
idmap_autorid: Use acquire_range directly
idmap_autorid: Fix a race condition when acquiring ranges
idmap_autorid: Fix a small memleak
idmap_autorid: Simplify idmap_autorid_loadconfig
CVE-2016-2123: Fix DNS vuln ZDI-CAN-3995
HEIMDAL:lib/krb5: Harden ARCFOUR_sub{en,de}crypt()
HEIMDAL:lib/krb5: Harden _krb5_derive_key()
idl: Fix a comment typo
lib: Fix whitespace in lmhosts.c
lib: Fix a comment in idmap_cache.c
ctdb: Fix CID 1398179 Argument cannot be negative
ctdb: Fix CID 1398178 Argument cannot be negative
ctdb: Fix CID 1398175 Dereference after null check
idmap_autorid: Add the error string in a debug
idmap_rid: Add the error string in a debug
idmap: Pass up the xid2sids unix-ids from the idmap child
idmap: Prime gencache after xids2sids calls
winbindd: Use idmap cache in xids2sids
idmap4: Fix idmap_ctx talloc hierarchy
idmap4: Fix error path memleaks in idmap_init
idmap4: Slightly simplify idmap_xid_to_sid
lib: Add lib/util_unixsids.h
passdb: Move lookup_unix_[user|group]_name to lookup_sid.c
lib: Add required prerequisites for librpc/gen_ndr/security.h
lib: Avoid an includes.h
idmap4: Use sid_check_is_in_unix_users()
idmap4: Use sid_check_is_in_unix_groups()
winbind: Initialize user list info to 0
winbind4: Remove unused code
winbind: Fix wb_lookupsids for AD DCs
idmap: Simplify idmap_ad_nss_init()
winbind: It's legitmate to have 0 groups in info3
winbind: Make "idmap_find_domain" public
winbind: Add a GetNssInfo parent/child call
winbind: Adapt cache to extended wbint_userinfo
winbind: Restructure wb_getpwsid
idmap_ad: Restore querying SFU nss info
winbind: Don't do supplementary group lookup manually
winbind: Simplify wb_gettoken
winbind: Fix a confusing indentation
winbind: Add wbint_QueryUserRidList
winbind: Go throught wb_getpwsid for listing users
winbind: Remove wb_fill_pwent
winbind: Remove find_builtin_domain helper function
libsmb: Add name_status_lmhosts
lib: Remove a duplicate prototype
libcli: Use "all_zero" where appropriate
auth3: Use "all_zero" where appropriate
libcli: Use "all_zero" where appropriate
libcli: Use "all_zero" where appropriate
ntlm_auth: Use "all_zero" where appropriate
auth3: Avoid some zeros footprint
passdb: Use "all_zero" where appropriate
libcli: Use "all_zero" where appropriate
librpc: Use "all_zero" where appropriate
auth: Use "all_zero" where appropriate
libnet: Use "all_zero" where appropriate
librpc: Use "all_zero" where appropriate
lib: Use "all_zero" where appropriate
libads: Use "all_zero" where appropriate
samr3: Use "all_zero" where appropriate
kdc: Use "all_zero" where appropriate
auth4: Use "all_zero" where appropriate
torture-dfs: Use "all_zero" where appropriate
torture-samlogon: Use "all_zero" where appropriate
torture-samlogon: Avoid static zeros
torture-netlogon: Use "all_zero" where appropriate
winbind: Remove wbint_QueryUser
winbind: Remove unused wb_cache_query_user
winbind: Remove "query_user" backend function
winbind: Remove rpc_query_user
winbind: Add "expand_local_aliases" to wb_gettoken
winbind: Use wb_gettoken in getuserdomgroups
winbind: Remove wb_lookupusergroups
winbind: Remove wbint_LookupUserGroups
winbind: Remove wb_cache_lookup_usergroups
winbind: Remove wcache_lookup_usergroups
winbind: Remove validate_ug
winbind: Remove "lookup_usergroups" winbind method
winbind: Remove rpc_lookup_usergroups
winbind: Make wb_query_user_list just return names
winbind: Make list_users use wb_query_user_list
winbind: Remove wbint_QueryUserList
winbind: Simplify query_user_list to only return rids
winbind: Remove unused nss_get_info_cached
winbind: Remove nss_get_info()
winbind: remove nss_get_info backend functions
winbind: Avoid a few explicit ZERO_STRUCT calls
winbind: Fix a typo
selftest: Don't test auth_wbc anymore
auth: Remove auth_wbc
passdb: Remove pdb_wbc_sam
messaging: Fix dead but not cleaned-up-yet destination sockets
winbind: Fix CID 1398533 Resource leak
winbind: Fix CID 1398533 Resource leak
winbind: Fix CID 1398531 Resource leak
winbind: Fix CID 1398530 Resource leak
winbind: Fix CID 1398530 Resource leak
lib: Add lib/util/server_id.h
lib: Avoid an includes.h
smbd: Fix a typo
lib: Avoid a "includes.h"
smbd: Fix a few signed/unsigned hickups
smbd: Fix an indentation
smbd: Streamline get_ea_names_from_file
s3/locking: Avoid a talloc for nonexisting fetch_share_mode_unlocked
lib/util/charset: Optimize next_codepoint for the ascii case
lib: Add "is_case_sensitive" to ms_fnmatch_protocol
s3/lib: Use ms_fnmatch_protocol in mask_match
lib/util: Avoid a talloc in ms_fnmatch_protocol
winbind: Fix a typo
libcli: Do not overwrite pointer on realloc failure
libcli: Add an overflow check
winbind: Don't add duplicate IDs in wbinfo -r
smbd: Fix "map acl inherit" = yes
rpc_server: Fix a typo
smbd: Make "create_file_sids" static
smbd: Fix some whitespace
ctdb: Only build test_mutex_raw.c on Linux
winbind: Fix a typo
auth3: Use NT_STATUS_EQUAL
smbd: Fix some whitespace
lib: Fix some whitespace
libsmb: Fix whitespace
winbind: Fix a signed/unsigned mixup
lib: Avoid an "includes.h"
lib: Fix "is_case_sensitive" in "ms_fnmatch_protocol"' callers
winbind: Use EnumDomainUsers in rpc_query_user_list
auth3: Fix some whitespace
auth3: Simplify get_system_info3
auth4: Fix map_user_info_cracknames for domain==NULL
auth4: Only use CrackNames if we're a DC
auth4: Reduce indentation level by an early error return
samdb: Fix a typo
posix_acls: Do a *bit* of reformatting
posix_acls: Use talloc_zero_array
waf: Fix a typo
winbind: Fix a cut&paste debug typo
smbd: Do an early exit on negprot failure
torture3: Add test for smbd crash
lib: Make gencache hash size configurable, default to 10000
Revert "winbind: Remove rpc_lookup_usergroups"
Revert "winbind: Remove "lookup_usergroups" winbind method"
Revert "winbind: Remove validate_ug"
Revert "winbind: Remove wcache_lookup_usergroups"
Revert "winbind: Remove wb_cache_lookup_usergroups"
Revert "winbind: Remove wbint_LookupUserGroups"
Revert "winbind: Remove wb_lookupusergroups"
Re-enable token groups fallback
auth4: Move a variable closer to its use
auth4: Remove an unused struct declaration
winbind: Fix a debug message
cli_netlogon: Remove a fallback for authoritative=NULL
cli_netlogon: Remove a fallback for flags=NULL
cli_netlogon: Add return parms to rpccli_netlogon_password_logon
winbind: Pass up args from winbind_samlogon_retry_loop
winbind: Pass up args from winbind_dual_SamLogon
winbind: Add "authoritative" to winbindd_response
winbind: Set "authoritative" in response to auth_crap
libwbclient: Add "authoritative" to wbcAuthErrorInfo
winbind: Correcly pass !authoritative from wb_irpc_SamLogon
winbind: Remove unused wcache_tdc_fetch_domainbysid
winbind: Add a debug message for out-of-range IDs
auth3: Centralize auth_check_ntlm_password failure handling
auth3: Use talloc_move instead of _steal
auth3: Simplify auth_check_ntlm_password talloc handling
auth3: Simplify auth_check_ntlm_password server_info handling
auth3: Simplify auth_check_ntlm_password logic with a "goto fail"
auth3: Simplify auth_check_ntlm_password logic with a "goto fail"
winbind: Fix a typo
ldap_server: Fix a typo
winbind: Use talloc_strdup_upper where appropriate
winbindd: Remove an unused #define
auth_winbind3: Correctly handle !authoritative
auth_winbind4: Correctly handle !authoritative
auth_ntdomain3: Correctly handle !authoritative
libsmb: Remove some stale code
libsmb: Make a few functions static
libsmb: Simplify trustdom_cache_store
libsmb: Use talloc in trustdom_cache_key
libsmb: Slightly simplify trustdom_cache_fetch
examples: Add '-p', '--port' to smb2mount
examples:clifuse: Add a stub for getattr
passdb: Remove pdb_ipa
lib: Fix an uninitialized variable warning
docs: Deprecate "map untrusted to domain"
docs: Deprecate "auth methods"
tldap: Allow dropping messages in tldap_search()
s3:winbind: Use the correct talloc context for user information
lib: Avoid an includes.h
lib: Make sys_poll_intr available to ctdb
lib: Simplify smb_nanosleep
winbind: Add idmap_config_const_string
winbind: Use idmap_config_const_string in domain_has_idmap_config
winbind: Use idmap_config_const_string in idmap_init_named_domain
winbind: Use idmap_config_const_string in wb_xids2sids_add_dom
winbind: Use idmap_config_const_string in idmap_tdb2_db_init
winbind: Use idmap_config_const_string in idmap_script_db_init
winbind: Use idmap_config_const_string in idmap_init_domain
idmap_ldap: Use idmap_config_const_string
idmap_ldap: Use idmap_config_const_string
idmap_rfc2307: Use idmap_config_const_string
idmap_ad: Use idmap_config_const_string
winbind: Add idmap_config_bool()
idmap: Use idmap_config_bool in idmap_init_domain
idmap_rfc2307: Use idmap_config_bool
idmap_ad: Use idmap_config_bool
idmap_autorid: Use idmap_config_bool
winbind: Add idmap_config_int
idmap_rid: Use idmap_config_int
idmap_autorid: Use idmap_config_int
idmap_tdb: Avoid a few casts
idmap_rfc2307: Slightly simplify idmap_rfc2307_initialize()
idmap_rfc2307: Clarify the documentation a bit
net: Don't crash if lsa_LookupPrivDisplayName returns NULL
wbinfo: Add "authoritative" to wbinfo -a output
auth3: Slightly simplify make_auth_context_subsystem() step1
auth3: Slightly simplify make_auth_context_subsystem() step2
auth3: Introduce make_auth_context_specific
auth3: Don't try other auth modules on any error
auth3: Simplify the logic in auth_check_ntlm_password
auth3: Introduce auth3_context_set_challenge
winbindd: Call make_auth_context_subsystem directly
netlogond3: "authorititative" is a uint8
netlogond3: Call make_auth_context_subsystem directly
pdbtest: Call make_auth_context_subsystem directly
auth3: Remove unused make_auth_context_fixed
winbindd: NT_STATUS_CANT_ACCESS_DOMAIN_INFO means "Dunno"
server_id_db: Protect against non-0-terminated data records
lib: Remove unused winbind_get_groups and _get_sid_aliases
lib: Remove an unnecessary include
lib: Avoid an includes.h
lib: Avoid an includes.h
lib: Avoid an includes.h
lib: Avoid an includes.h
lib: Avoid an includes.h
lib: Avoid an includes.h
idmap_ldap: Fix CID 1404836 Dereference before null check
smbd: Fix smb1 findfirst with DFS
auth3: fallback to "sam_ignoredomain" in make_auth3_context_for_ntlm()
selftest: Test for bug 12558
tdb: Fix some signed/unsigned hickups
tdb: Do lock upgrades properly
tdb: Test for readonly lock upgrade bug
winbind: Simplify a logic expression
winbind: Avoid a "ok==false"
winbind: Slightly simplify remove_timed_out_clients
winbind_pam: Use any_nt_status_not_ok in map_auth_samlogon
winbind_msrpc: Use any_nt_status_not_ok
smbldap: pdb_ipa is gone
smbldap: Move ldapsam_privates to pdb_ldap.h
smbldap: Fix a typo
smbldap: Introduce "smbldap_get_ldap"
smbldap: Introduce "smbldap_get_paged_results"
smbldap: Introduce "smbldap_get_paged_results"
smbldap: Privatize struct smbldap_state
smbldap: Bump version number
secrets: Protect against a non-0-terminated ldap password
tdbtool: Add "storehex" command
lib: Fix CID 1405493 Error handling issues (CHECKED_RETURN)
lsa4_srv: Factor out dcesrc_lsa_valid_AccountRight()
torture3: In LOCAL-DBWRAP-WATCH1, open tdb with CLEAR_IF_FIRST
selftest: Make sure that LOCAL-DBWRAP-WATCH1 is run in make test
dbwrap_watch: Protect against corrupt records
torture3: Make sure dbwrap_parse_record returns NOT_FOUND for invalid watchers data
smbd: Fix a 32-bit problem
lib: FreeBSD needs sys/wait.h for WIFEXITED
lib: Fix whitespace
lib: Fix a comment
pam_wrapper: Add PAM_STRERROR_CONST configure check
vfs_fruit: Fix the 32-bit build
idmap_rfc2307: Don't stop after 30 entries
idmap_rfc2307: "ldap_next_entry" needs the previous entry, not the start
test_idmap_rfc2307: Remove the correct file
test_idmap_rfc2307: Avoid a tmpfile
test_idmap_rfc2307: Correct usage
test_idmap_rfc2307: Do a recursive delete in ou=idmap
test_idmap_rfc2307: Test wbinfo -r for 35 supplementary group memberships
idmap_rfc2307: Don't stop after 30 entries
idmap_rfc2307: "ldap_next_entry" needs the previous entry, not the start
selftest: Avoid idmap caching when testing idmap_rfc2307
idmap_rfc2307: Test unix-ids-to-sids with 35 groups
dbwrap_ctdb: Fix a typo
libsmb: proto.h does not need ads.h
winbindd: Give winbindd_ads.c its own header
CVE-2017-7494: rpc_server3: Refuse to open pipe names with / inside
lib: Remove use of MSG_NOSIGNAL
lib: Fix illegal use of 0-length arrays
tevent: Fix a typo
tevent: Factor out context initialization
tevent: Re-init threading in tevent_re_initialise
tevent: Add tevent_re_initialise to threaded test
tevent: Fix a memleak on FreeBSD
tevent: Fix a race condition in tevent context rundown
ctdbd_conn: Fix a copy&paste error
ctdbd_conn: Fix ctdbd_connection_destructor
password_hash: Fix the build on FreeBSD
g_lock: Fix two typos
torture3: Initial test g_lock
g_lock: More correct error msg
g_lock: Make it endian-neutral
g_lock: Remove unused g_lock_get
g_lock: Remove a pointless "else"
g_lock: parse->get
g_lock: unparse->put
g_lock: Move parsing routines together
g_lock: Reformat to allow userdata
g_lock: Make g_lock_record_store also store userdata
g_lock: Add g_lock_write_data
g_lock: Make g_lock_dump return a complete list of locks
torture3: Test g_lock_write_data
g_lock: Allow lock upgrade/downgrade
torture3: Test lock upgrade/downgrade
torture3: Test lock conflict and cleanup
g_lock: Heuristically check for server existence
torture3: Test heuristic cleanup
smbd: Claim version in g_lock
g_lock: open with LOCK_ORDER_3
tevent_threads: Fix a rundown race introduced with 1828011317b
pidl: Fix array range checks in python output
ldb: Fix CID 1412926 Unchecked return value
messaging: Fix queueing on FreeBSD
selftest: Give tmux a bit of time to establish
messaging: Use size_t for array sizes
lib: Give messages_ctdbd.c its own header
tevent: Simplify create_immediate
ctdb: Fix typos
lib: Fix typos
dbwrap: Remove unused dbwrap_cache
dbwrap: Remove unused dbwrap_file
messaging: Deliver messages only once
net: Dump data for net_g_lock dump
lib: Give util_paths.c its own header
lib: Use ctdb_protocol instead of ctdb_private
smbd: Fix a connection run-down race condition
pthreadpool: Fix fork behaviour
pthreadpool: Test fork with an active thread
messaging: Avoid a socket leak after fork
Yan, Zheng (2):
s3: vfs: generalize functions that set/get posix acl through xattr
s3: vfs: ceph: Add posix acl support
Zentaro Kavanagh (1):
Add explicit dependency on samba-debug from libinterfaces and libserverrole.
martijn van brummelen (1):
ctdb-doc: Add ctdb_diagnostics man page
ouyang.xu (1):
pvfs_open win10 fix, need return SMB2_CREATE_TAG_QFID
-----------------------------------------------------------------------
No new revisions were added by this update.
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-samba/samba.git
More information about the Pkg-samba-maint
mailing list