[Pkg-samba-maint] [samba] annotated tag upstream/4.6.5+dfsg created (now 86c6a5b)
Mathieu Parent
sathieu at moszumanska.debian.org
Wed Nov 8 20:15:17 UTC 2017
This is an automated email from the git hooks/post-receive script.
sathieu pushed a change to annotated tag upstream/4.6.5+dfsg
in repository samba.
at 86c6a5b (tag)
tagging d918138a85c1d6bb8dca88705a80e74ac05a73a8 (commit)
replaces talloc-2.1.6
tagged by Mathieu Parent
on Wed Jun 7 22:06:19 2017 +0200
- Log -----------------------------------------------------------------
Upstream version 4.6.5+dfsg
Abhidnya Joshi (1):
Efficient xattr handling for VxFS Signed-off-by: Abhidnya Joshi <Abhidnya.Joshi at veritas.com>
Alexander Bokovoy (16):
s4-libnet: only build python-dckeytab module for Heimdal in AD DC mode
s3-smbd: Support systemd 230
libnet_join: use sitename if it was set by pre-join detection
Wrap krb5_cc_copy_creds and krb5_cc_copy_cache
logon script: clarify usage for different Samba roles
smb.conf: add identity mapping section
gssapi: check for gss_acquire_cred_from
lib/krb5_wrap: add smb_gss_krb5_import_cred wrapper
credentials_krb5: convert to use smb_gss_krb5_import_cred
libads: convert to use smb_gss_krb5_import_cred
s3-gse: convert to use smb_gss_krb5_import_cred
s3-gse: move krb5 fallback to smb_gss_krb5_import_cred wrapper
lib/crypto: implement samba.crypto Python module for RC4
_netr_ServerPasswordSet2: use info level 26 to set plain text machine password
s3-tests: assignement in shell shall have no spaces around equal sign
systemd: fix detection of libsystemd
Alexis La Goutte (1):
Fix typo
Amitay Isaacs (396):
ctdb-doc: Sort the tunable variables in alphabetical order
ctdb-tunables: Add missing flags in the initializer
ctdb-tunables: Mark tunable MaxRedirectCount obsolete
ctdb-tunables: Mark tunable ReclockPingPeriod obsolete
ctdb-doc: Update tunables documentation
ctdb-doc: Add documentation for missing tunables
ctdb-recovery-helper: Get tunables first, so control timeout can be set
ctdb-tunables: Fix the implementation of LIST_TUNABLES control
ctdb-doc: Update ctdb man page
ctdb-doc: Update ctdb man page
ctdb-client: Increase the timeout for TRANS3_COMMIT control
ctdb-protocol: Check header is not null before copying
ctdb-protocol: Add protocol debug routines
ctdb-tests: Add a utility to parse ctdb packets
ctdb-client: Add client API for sending message to multiple nodes
ctdb-tunables: Add new tunable RecBufferSizeLimit
ctdb-protocol: Add new data type ctdb_pulldb_ext for new control
ctdb-protocol: Add new controls DB_PULL and DB_PUSH_START/DB_PUSH_CONFIRM
ctdb-daemon: Implement new controls DB_PULL and DB_PUSH_START/DB_PUSH_CONFIRM
ctdb-client: Add client API functions for new controls
ctdb-recovery-helper: Factor out generic recv function
ctdb-recovery-helper: Pass capabilities to database recovery functions
ctdb-recovery-helper: Rename pnn to dmaster in recdb_records()
ctdb-recovery-helper: Create accessors for recdb structure fields
ctdb-protocol: Add file IO functions for ctdb_rec_buffer
ctdb-recovery-helper: Re-factor function to retain records from recdb
ctdb-recovery-helper: Write recovery records to a recovery file
ctdb-protocol: Introduce variable for checking srvid prefix
ctdb-protocol: Add srvid for messages during recovery
ctdb-protocol: Add new capability
ctdb-recovery-helper: Introduce pull database abstraction
ctdb-recovery-helper: Introduce push database abstraction
ctdb-tests: Add a test for recovery of large databases
ctdb-recovery-helper: Improve log message
ctdb-recovery-helper: Introduce new #define variable
ctdb-protocol: Add srvid for assigning banning credits
ctdb-recoverd: Add message handler to assigning banning credits
ctdb-recovery-helper: Add banning to parallel recovery
ctdb-system: Add ctdb_parse_connections() function
ctdb-doc: Add sample LVS configuration
ctdb-system: Fix typo in ctdb_get_peer_pid
ctdb-protocol: Remove unused CTDB_SRVID_PREFIX
ctdb-protocol: Define a range of SRVIDs used by the ctdb tool
ctdb-daemon: Avoid memory leak
ctdb-tests: Update tests to include new controls
ctdb-tests: Fix flakey test complex/18_ctdb_reloadips.sh
ctdb-tests: Improve code coverage in tests
ctdb-daemon: Remove unused controls related to server_id
ctdb-tool: Remove commands related to server_id
ctdb-client: Remove client functions related to server_id
ctdb-protocol: Remove data structures for obsolete server_id controls
ctdb-client: Set control opcode in reply for one-way controls
ctdb-protocol: Consistency check for opcode in the reply structure
ctdb-client: Use correct TDB flags for opening database
ctdb-protocol: Fix marshalling of ctdb_string
ctdb-protocol: Use ctdb_string marshalling
ctdb-protocol: Fix marshalling of TDB_DATA
ctdb-protocol: Use TDB_DATA marshalling
ctdb-protocol: Fix marshalling of ctdb_req_header
ctdb-protocol: Use ctdb_req_header marshalling
ctdb-protocol: Add length routines for protocol elements
ctdb-protocol: Use length routines for protocol elements
ctdb-protocol: Fix marshalling of ctdb_reply_control
ctdb-protocol: Expose function to allocate a packet
ctdb-protocol: Check arguments in ctdb_allocate_pkt
ctdb-tests: Make sure the packet length matches the allocated size
ctdb-protocol: Drop buffer allocation from protocol push functions
ctdb-protocol: Use consistent names for function arguments
ctdb-client: Drop unnecessary discard_const
ctdb-protocol: Return required buffer size in push functions
ctdb-tests: Get rid of ctdb func tests
ctdb-lvs: Allow override of CTDB for testing
ctdb-natgw: Allow override of CTDB for testing
ctdb-protocol: Add function to compare ctdb_sock_addr
ctdb-tool: Remove xpnn command and related tests
ctdb-tests: Remove ctdb reloadips tests
ctdb-tool: Add test-hooks to enable testing of the tool
ctdb-tool: All errors should be logged via stderr
ctdb-tests: Add fake ctdb daemon implementation for testing
ctdb-tests: Use fake_ctdbd for ctdb tool tests instead of ctdb stub
ctdb-tests: Remove ctdb tool stub code
ctdb-tests: Fix output for ctdb getcapabilities test
ctdb-tests: Fix output for ctdb lvs test
ctdb-tests: Fix output for ctdb reloadnodes tests
ctdb-tests: rename tests from stubby.* to ctdb.*
ctdb-recoverd: Freeze databases whenever the node is INACTIVE
ctdb-recovery: Update timeout and number of retries during recovery
lib/util: Avoid splitting tevent-unix-util as public library
ctdb-packaging: Remove tevent-unix-util public library
lib/poll_funcs: Build as SAMBA_SUBSYSTEM
lib/util: Expose few more subsystems for standalone ctdb build
ctdb-cluster-mutex: Fix #endif decoration
ctdb-tests: Re-use async accept wrapper from async_req
ctdb-tests: Re-use set_blocking instead of re-definition
lib/util: Add a generic definition for set_close_on_exec
ctdb-daemon: Use lib/util functions instead of redefinitions
ctdb-system: Remove duplicate functions
ctdb-recoverd: Avoid duplicate recoverd event in parallel recovery
ctdb-daemon: Reset push_started flag once DB_PUSH_CONFIRM is done
ctdb-protocol: Fix marshaling of uint arrays
ctdb-protocol: Add checks to validate data on wire before unmarshaling
ctdb-protocol: Add checks to validate data on wire before unmarshaling
ctdb-tests: Improve ctdb protocol tests
ctdb-daemon: Do explicit check for integer values
ctdb-daemon: Explicitly assign boolean values
ctdb-locking: Conditionally set real-time priority in lock helper
ctdb-locking: Avoid real-time in lock helper if nosetsched option is set
ctdb-scripts: Add new configuration variable CTDB_NOSETSCHED
ctdb-tests: Update local daemons tests to use CTDB_NOSETSCHED
s3-ctdb: Fail CTDB connection only on INACTIVE state
ctdb-recovery-helper: Fix a comment
ctdb-recovery: Terminate if recovery fails without any banning credits
s3-ctdb: Return an error when unexpected reply is received
ctdb-recoverd: Improve election win messages
ctdb-daemon: Improve log message
ctdb-client: Add sync version of sending multiple messages
ctdb-client: Fix ctdb_rec_buffer traversal routine
ctdb-client: Add async version of delete_record
ctdb-client: Fix implementation of delete_record
ctdb-client: Use async version of delete_record in g_lock unlock
ctdb-client: Factor out ctdb_client_get_server_id function
ctdb-client: If g_lock lock conflicts, try again sooner
ctdb-client: Fix g_lock implementation
ctdb-client: Release g_lock lock before retrying
ctdb-client: Remove commented old g_lock implemention code
ctdb-client: Release the g_lock record once the update is done
ctdb-client: During transaction commit fetch seqnum locally
ctdb-client: Fix implementation of transaction start
ctdb-client: Fix implementation of transaction commit
ctdb-client: Add async version of transaction cancel
ctdb-client: Fix implementation of transaction cancel
ctdb-client: Add debug messages to client db api
ctdb-client: Expose ctdb_ltdb_fetch in client API
ctdb-ib: Include system/wait.h for signal
ctdb-daemon: Check if method is initialized before calling
ctdb-pmda: CTDB client code does not require ctdb->methods
ctdb-daemon: Log ctdb socket in the main daemon
ctdb-build: Exit if requested feature cannot be built
swrap: Build socket_wrapper path relative to blddir
ctdb-tests: Common code to wait for synchronization across cluster
ctdb-tests: Common code to process commandline options
ctdb-tests: Add torture test for g_lock functions
ctdb-tests: Replace ctdb_bench with message_ring using new client API
ctdb-tests: Replace ctdb_fetch with fetch_ring using new client API
ctdb-tests: Replace ctdb_fetch_one with fetch_loop using new client API
ctdb-tests: Replace ctdb_fetch_readonly_once with fetch_readonly using new client API
ctdb-tests: Replace ctdb_fetch_readonly_loop with fetch_readonly_loop using new client API
ctdb-tests: Replace ctdb_transaction with transaction_loop using new client API
ctdb-tests: Replace ctdb_update_record with update_record using new client API
ctdb-tests: Replace ctdb_update_record_persistent with update_record_persistent
ctdb-tests: Convert rb_test into a unit test
ctdb-tests: Rename ctdb_lock_tdb to lock_tdb
ctdb-tests: Rename ctdb_porting_tests to porting_tests
ctdb-tests: Remove unused tests code
ctdb-tests: Add torture test for fetch functions
ctdb-pcp-pmda: Reimplement using new client API
ctdb-web: Remove ctdb webpages from source
ctdb-locking: Drop code for Samba 3.x compatibility
ctdb-tool: Remove ctdb thaw command
ctdb-client: Remove functions ctdb_ctrl_thaw_priority() and ctdb_ctrl_thaw()
ctdb-client: Remove function ctdb_ctrl_thaw() from new client API
ctdb-protocol: Drop marshalling code for THAW control
ctdb-client: Reimplement ctdb_ctrl_freeze_priority() using ctdb_control()
ctdb-client: Drop unused functions ctdb_ctrl_freeze_send/recv
ctdb-client: Mark ctdb_ctrl_freeze_priority static
ctdb-vacuum: Do not use freeze_mode outside freeze code
ctdb-recovery: Remove serial database recovery code
ctdb-daemon: Drop priorites from freeze/thaw code
ctdb-freeze: Drop function thaw_priority()
ctdb-client: Remove ctdb_ctrl_freeze_priority() function
ctdb-protocol: Remove CTDB_NUM_DB_PRIORITIES
ctdb-recoverd: Remove code that updates database priorities during recovery
dbwrap_ctdb: Remove setting of database priority from samba
ctdb-tool: Remove setdbprio and getdbprio commands
ctdb-daemon: Remove implementation of SET/GET_DB_PRIORITY
ctdb-client: Remove client code for set/get_db_priority
ctdb-client: Remove code to set/get_db_priority from new client code
ctdb-protocol: Drop marshalling code for set/get_db_priority
ctdb-protocol: Deprecate controls SET/GET_DB_PRIORITY
ctdb-daemon: Remove priority field from ctdb_db_context
ctdb-locking: Remove API for locking all databases
ctdb-locking: Remove API for locking databases with priority
ctdb-freeze: Remove ctdb_db_prio_frozen() function
ctdb-locking: Remove ctdb_db_prio_iterator function
ctdb-build: Add missing dependency on samba-util
ctdb-tool: Log a message at INFO level
ctdb-tests: Drop ctdb tool debug level to NOTICE
ctdb-tool: Drop arbitrary exit codes
ctdb-tool: Exit with 1 on failure instead of -1
ctdb-tool: Fix a log message in "ctdb reloadnodes"
ctdb-tests: Fix "ctdb status" test
ctdb-tool: Improve "ctdb uptime" output format
ctdb-tool: Simplify "ctdb process-exists"
ctdb-tool: Improve error output in "ctdb setdebug"
ctdb-tests: Implement GET_DEBUG and SET_DEBUG controls in fake_ctdbd
ctdb-tests: Implement GET_RUNSTATE control in fake_ctdbd
ctdb-common: Refactor tunable related functions
ctdb-daemon: Use refactored tunable code
ctdb-tests: Implement controls related to tunables in fake_ctdbd
ctdb-tests: Implement SET_IFACE_LINK_STATE control in fake_ctdbd
ctdb-tests: Add monitoring related controls in fake_ctdbd
ctdb-common: Fix CID 1363227 (Resource leak)
ctdb-tests: Fix CID 1364521 (Argument cannot be negative)
ctdb-tests: Fix CID 1364522 (Argument cannot be negative)
ctdb-tests: Fix CID 1364523 (Argument cannot be negative)
ctdb-tests: Fix CID 1364524 (Argument cannot be negative)
ctdb-tests: Fix CID 1364525 (Argument cannot be negative)
ctdb-tests: Fix CID 1364526 (Argument cannot be negative)
ctdb-doc: Drop documentation for obsolete tunable
ctdb-daemon: Fix statistics update macro
ctdb-tests: Clean database before the test
ctdb-tests: Fix typo
ctdb-tests: Improve test to match exact output
ctdb-tests: Add tests for idempotence
ctdb-tests: Add more tests for ctdb setdbsticky and setdbreadonly
ctdb-tests: Add machinereadable output tests
ctdb-common: Fix parsing of debug level
ctdb-protocol: Add function ctdb_sock_addr_same_ip
ctdb-daemon: Add QueueBufferSize tunable
ctdb-daemon: Reduce QueueBufferSize from 16k to 1k
ctdb-daemon: Use consistent naming for monitoring mode
ctdb-tool: Remove old ctdb tool
ctdb-tool: Add replacement ctdb tool using new client API
ctdb-tests: Adjust unit test output matching new ctdb
ctdb-daemon: Drop the implementation of THAW control
ctdb-protocol: Deprecate THAW control
ctdb-daemon: Drop implementation of global transaction controls
ctdb-client: Drop client code for global transaction controls
ctdb-protocol: Drop marshalling for global transaction controls
ctdb-protocol: Deprecate global transaction controls
ctdb-packaging: Move ctdb configuration to ctdbd.conf
WHATSNEW: ctdb updates
ctdb-tests: Fix valgrind unintialized error
ctdb-tests: Do not add $VALGRIND to ctdb command
ctdb-tests: Removing sleep from porting_tests
ctdb-tests: Add explicit wait to the fork_helper()
ctdb-tools: Fix CID 1364699 - dereference after null check
ctdb-tools: Fix CID 1364701 - resource leak
ctdb-tools: Fix CID 1364702 - resource leak
ctdb-tools: Fix CID 1364703 - resource leak
ctdb-tools: Fix CID 1364704 - resource leak
ctdb-tools: Fix CID 1364705 - resource leak
ctdb-tools: Fix CID 1364706 - resource leak
ctdb-tools: Free record if it does not contain valid data
ctdb-tools: Free tickle list before exiting
ctdb-tools: Free connection list after processing it
ctdb-tools: Close tdb database on error
ctdb-tools: Free temporary memory context before exiting
ctdb-client: transaction_cancel must free transaction handle
ctdb-tools: Cancel transaction on error or if commit fails
ctdb-tools: Use INVALID_GENERATION macro instead of value
dbwrap: Fix structure initialization
nss_wrapper: Add missing check for printf format validation
resolv_wrapper: Update config variable name to match the code
ctdb-tests: Log errors if the test fails
ctdb-common: Fix format-nonliteral warning
ctdb-daemon: Fix format-nonliteral warning
ctdb-daemon: Fix format-nonliteral warning
ctdb-daemon: Fix format-nonliteral warning
ctdb-recovery-helper: Fix format-nonliteral warning
ctdb-ib: Fix DEBUG log messages
ctdb-pmda: Use 1s timeout for fetching statistics
ctdb-tools: Addition of IPs is deferred until the next takeover run
ctdb-tools: Drop "ctdb rebalanceip"
ctdb-tools: Drop "ctdb rebalancenode"
s3-lib: Pass missing argument for format string
s3-libnet: Add missing format element
s3-lib: Remove unused function sprintf_append
talloc: Fix format-nonliteral warning
tdb: Fix format-nonliteral warning
lib/util: Fix format-nonliteral warning
ldb: Fix format-nonliteral warning
s3-lib: Fix format-nonliteral warning
s3-include: Fix format-nonliteral warning
s3-netapi: Fix format-nonliteral warning
s3-libnet: Fix format-nonliteral warning
regedit: Fix format-nonliteral warning
wibindd: Fix format-nonliteral warning
passdb: Fix format-nonliteral warning
torture: Fix format-nonliteral warning
lib/util: Fix format strings and argument data types
ctdb-protocol: Fix marshalling for GET_DB_SEQNUM control request
ctdb-common: Use correct db_id size in marshalling record buffer
s3-ctdb: Use correct db_id size in marshalling record buffer
ctdb-recoverd: Drop code to freeze databases from set_recovery_mode()
ctdb-daemon: Remove NUM_DB_PRIORITIES
ctdb-recovery-helper: Add missing initialisation of ban_credits
ctdb-daemon: Avoid extra condition in tevent trace callback
ctdb-daemon: Log a message when fork() takes long time
ctdb-daemon: Log a message when vfork() takes long time
ctdb-locking: Log if ctdb is unable to take db locks in INACTIVE state
ctdb-locking: Restrict lock debugging to once per second
ctdb-common: Add routines to manage PID file
Revert "ctdb-common: Use SCHED_RESET_ON_FORK when setting SCHED_FIFO"
ctdb-common: Simplify code using local variables
ctdb-daemon: Simplify code using local variable
ctdb-common: Simplify code using tdb_storev
ctdb-daemon: Simplify code using tdb_storev
ctdb-client: Simplify using a local variable
ctdb-client: Simplify using tdb_storev
ctdb-tool: Simplify using tdb_storev
ctdb-tools: Simplify using tdb_storev
ctdb-tools: Simplify using a local variable
ctdb-packaging: Update required tdb version for tdb_storev()
dlz-bind: Fix preprocessor checks for BIND versions
dlz-bind: Fix initialization of DLZ_DLOPEN_AGE
dlz-bind: Set DNS_CLIENTINFO_VERSION based on BIND version
dlz-bind: Add support for BIND 9.11.x
provision: Add support for BIND 9.11.x
ctdb-scripts: Fix calculation of CTDB_BASE
ctdb-locking: Reset real-time priority in lock helper
ctdb-recovery: Avoid NULL dereference in failure case
ctdb-tests: Remove unused test code
ctdb-daemon: Consolidate command line options to ctdbd
ctdb-daemon: Remove unused code cmdline.[ch]
ctdb-daemon: Mark RecoverPDBBySeqNum tunable deprecated
replace: Include libgen.h if available
ctdb-daemon: Remove tevent debug logging
ctdb-logging: Refactor logging code
ctdb-logging: Remove duplicate logging code
ctdb-daemon: Consolidate initialization of logging and debug level
ctdb-daemon: Fix debug messages
ctdb-daemon: Don't depend on debug_extra in exit handler
ctdb-daemon: Remove setting of debug_extra via ctdb_set_child_info()
ctdb-daemon: Remove setting of debug_extra from switch_from_server_to_client()
ctdb-daemon: Remove setting of debug_extra
ctdb-logging: Get rid of debug_extra
ctdb-recoverd: Log a message when terminating
ctdb-daemon: Initialize logging in recovery daemon
ctdb-daemon: Log to stderr when running in interactive mode
ctdb-daemon: Add ctdb_vfork_exec()
ctdb-locking: Start locking helper using ctdb_vfork_exec
ctdb-recovery: Start recovery helper with ctdb_vfork_exec
ctdb-build: Avoid duplicate list of man pages
ctdb-build: Generate pre-built documentation in wscript itself
ctdb-scripts: Add explicit check for service reconfiguration
ctdb-scripts: Drop ctdb_check_service_reconfigure
ctdb-daemon: Move function typedef to where it's used
ctdb-tests: Display filtered output when the test fails
ctdb-tests: Do not remove event script dir before shutting down ctdb
ctdb-build: Remove unnecessary intermediate build target
ctdb-tool: Allow passing multiple command-line arguments to helper
ctdb-tool: Improve error reporting if helper execution fails
ctdb-protocol: Fix marshalling of string with length
ctdb-protocol: Add marshalling for int32_t
ctdb-common: Add run_proc abstraction
ctdb-common: Add generic socket I/O
ctdb-common: Add sock_daemon abstraction
ctdb-protocol: Add data types for eventd communication
ctdb-protocol: Add marshalling for eventd protocol
ctdb-eventd: Add event script handling daemon
ctdb-client: Add client api for eventd communication
ctdb-tool: Add helper for talking to event daemon
ctdb-tests: Add tests for event daemon
ctdb-tool: Add new command "event" to ctdb tool
ctdb-tool: Drop disablescript, enablescript and eventscript commands
ctdb-daemon: Drop implementation of eventscript controls
ctdb-client: Drop client code for eventscript controls
ctdb-protocol: Drop marshaling for eventscript controls
ctdb-protocol: Deprecate eventscript controls
ctdb-daemon: Refactor check for valid events during recovery
ctdb-daemon: Add functions to talk to event daemon
ctdb-daemon: Switch to using event daemon
ctdb-daemon: Remove ctdb_event_helper
ctdb-common: Simplify async computation for sock_socket_write_send/recv
ctdb-tests: Add another test for sock_daemon
ctdb-common: Fix a bug in packet reading code for generic socket I/O
ctdb-tests: Add tests for generic socket I/O
ctdb-tests: Do not attempt to unregister the join handler multiple times
ctdb-locking: Remove support for locking multiple databases
ctdb-locking: Explicitly unlock record/db in lock helper
ctdb-tests: Add robust mutex test
ctdb-common: Correct name of sock_daemon_run_send/recv state structure
ctdb-common: Use consistent naming for sock_daemon_run computation functions
ctdb-common: Pass tevent_req to the computation sub-functions
ctdb-common: Avoid any processing after finishing tevent_req
ctdb-common: Add wait_send/wait_recv to sock_daemon_funcs
ctdb-takeover: Known and available IP lists should be the same size as nodemap
ctdb-daemon: Remove stale eventd socket
ctdb-common: ioctl(.. FIONREAD ..) returns an int value
ctdb-tests: Do not build mutex test if robust mutexes are not supported
ctdb-tests: Use replace headers instead of system headers
ctdb-build: Install CTDB tests correctly from toplevel
ctdb-common: Fix use-after-free error in comm_fd_handler()
ctdb-tests: Add more comm tests
ctdb-build: Split dist() target to generate manpages separately
ctdb-build: Add make target for generating manpages
build: Fix generation of CTDB manpages while creating tarball
ctdb-readonly: Avoid a tight loop waiting for revoke to complete
ctdb-tools: Avoid deferencing argv[0] if argc == 0
ctdb-docs: Fix documentation of -n option to ctdb tool
ctdb-logging: Initialize DEBUGLEVEL before changing the value
ctdb-tests: Explicitly search for the specific log entry
ctdb-tests: Use tighter pattern for matching expected output
Revert "ctdb-readonly: Avoid a tight loop waiting for revoke to complete"
ctdb-readonly: Avoid a tight loop waiting for revoke to complete
Andreas Schneider (401):
s3-libads: Pass down the salt principal in smb_krb5_kt_add_entry()
s3-libads: Call smb_krb5_create_key_from_string() directly
s3-libads: Use the C99 boolean false
krb5_wrap: Move smb_krb5_kt_add_entry() to krb5_wrap
krb5_wrap: Add smb_krb5_open_keytab_relative() function
s3-libnet: Allow the keytab function to use a relative path
s4-libnet: Implement export_keytab without HDB
s4-selftest: Make export keytab test heimdal specific
krb5-wrap: Use the principal returned by the KDC to create the ccache
mit_samba: Make mit_samba a shim layer between Samba and KDB
mit_samba: Directly pass the principal and kflags
mit_samba: Add ks_is_tgs_principal()
mit_samba: Add function to change the password
mit_samba: Add functions to generate random password and salt.
mit_samba: Add function for handling bad password count
mit_samba: Setup logging to stdout
wscript: Build the KDC code if we have the AD DC build enabled
mit-kdb: Add initial MIT KDB Samba driver
mit-kdb: Add more ks_is_kadmin* functions.
mit-kdb: Do not allow to get a kadmin ticket as a client.
mit-kdb: Add ks_create_principal().
mit-kdb: Add ks_get_admin_principal() and use it for kadmin users.
mit-kdb: Implement KDB function to change passwords
mit-kdb: Add support for bad password count
mit-kdb: Add support for KDB version 8
mit-kdb: Fix segfault in krb5kdc dereferencing an invalid pointer
mit-kdb: Add missing SDB_F_FOR_AS_REQ for AS requests
lib: Update socket_wrapper to version 1.1.6
lib: Update uid_wrapper to version 1.2.1
lib: Update nss_wrapper to version 1.1.3
s4-libnet: Link dckeytab.so correctly when is AD DC enabled
pam_winbind: Use the correct type to check the pam_parse() return code
pam_winbind: Create and use a wbclient context
util: Add memcmp_const_time()
libcli:smb2: Use constant time memcmp() to verify the signature
s4:libcli:smb2: Use constant time memcmp() to verify the signature
s3-libads: Fix compilation with MIT Kerberos
s3-net: Convert the key_name to UTF8 during migration
s3-net: Cleanup the code of printing migration
swrap: Update to version 1.1.7
s3-smbspool: Log to stderr
rwrap: Update resolve_wrapper to version 1.1.4
torture: Fix trailing whitespaces in krb5 tests
torture: Add a dummy test for MIT Kerberos case
sdb: Do not set disallow if we do not have ticket info in the DB
kdb: Do not allocate memory with size 0
sdb: Fix NULL pointer deference if we return early
sdb: Do not create kmod information if we return early
mit_samba: Return 0 in case of a wrong realm
mit_samba: Fix flags that we get a referral tickets
mit_samba: Allow to use SPNs for AS-REQ
selftest: Set the correct hostname
s3-script: Install the findsmb script
s3-libnetapi: Correctly check for lp_realm.
samba_dnsupdate: Work around a bug in nsupdate
selftest: Use the correct smb.conf for ldbsearch
selftest: Remove unneeded sleep before first ldbsearch execution
selftest: Consistently check for provision return code
selftest: Fix indentation in wait_for_start()
selftest: Add newlines for info output
selftest: Remove nbt wait time
s4-kdc: Rename heimdal KDC files
krb5_wrap: Add smb_krb5_mk_error()
s4-kdc: Use smb_krb5_mk_error() in kdc implemenation
s4-kdc: Use smb_krb5_mk_error() in kpasswd implementation
s4-kdc: Put the heimdal kdc config into a private data pointer
s4-kdc: Use better and simpler names for the kdc_process_ret enum
s4-kdc: Move definitions to kdc-server.h
s4-kdc: Move kdc_process_fn_t declaration to kdc-server.h
s4-kdc: Move KDC socket structs to krb5-server.h
s4-kdc: Rename proxy-heimdal.c to kdc-proxy.c
s4-kdc: Create a kdc-proxy.h header file
s4-kdc: Move KDC packet handling functions to kdc-server.c
util: Fix a possible null pointer dereference
librpc: Check for negative return value of socket_get_fd()
s3-torture: Do some code hygiene in the ldb test
s4-dsdb: Fix a possible NULL pointer dereference
s4-ntlm: Fix a NULL pointer dereference in error path
smbget: Fix a memory leak
nsswitch: Fix wbclient torture_assert_wbc_ok_goto_fail macro
nsswitch: Fix memory leak in test_wbc_pingdc()
nsswitch: Fix memory leak in test_wbc_get_sidaliases()
nsswitch: Fix memory leak in test_wbc_pingdc2()
nsswitch: Fix memory leak in test_wbc_domain_info()
nsswitch: Fix memory leak in test_wbc_users()
nsswitch: Fix memory leak in test_wbc_groups()
nsswitch: Fix memory leak in test_wbc_trusts()
s3-libnet: Add a comment to make cleaŕ we want to fall through
libutil: Support systemd 230
selftest: Skip smbtorture_s3 tests against ntvfs
selftest: Skip the Samba4 rap tests
selftest: Skip s4 smb2 rename tests
selftest: Remove samba4 delaywrite tests we skip
selftest: Remove samba4.smb2.compound tests we skip
selftest: Skip also s4 base.createx_sharemodes_dir
selftest: Skip the samba4.raw.eas tests
s3-winbind: Fix memory leak with each cached credential login
tsocket: Do not dereference a NULL pointer
s4-torture: Add torture_check_krb5_error() function
s4-torture: Add AES and RC4 enctype checks
s4-dsdb: Add missing header file for write() and close()
selftest: Do not use the deprecated samba-tool user add
testprogs: Do not use the deprecated samba-tool user add
ctdb-waf: Move ctdb tests to libexec directory
s3-spoolss: Support for adding printer drivers with info level 8
s4-torture: Enable tests for printer driver info level 8
s3-util: Fix asking for username and password in smbget.
mit_samba: Add missing argument passed to authsam_make_user_info_dc()
mit_samba: Add missing copyright
s4-kdc: pac-glue: Add support for MIT pkinit
gensec_krb5: Rename gensec_krb5_util to gensec_krb5_heimdal
gensec_krb5: Rename smb_rd_req_return_stuff()
gensec_krb5: Use krb5_wrap setup_kaddr() to convert address
gensec_krb5: Only set the event context with Heimdal
gensec_krb5: Use kerberos_free_data_contents() to free krb5 data
gensec_krb5: Use implementation idependent krb5_mk_req_extended()
gensec_krb5: Use get_krb5_smb_session_key() in gensec_krb5_session_key()
krb5_wrap: Rename setup_kaddr()
krb5_wrap: Rename get_kerberos_allowed_etypes()
krb5_wrap: Rename kerberos_free_data_contents()
krb5_wrap: Rename krb5_copy_data_contents()
krb5_wrap: Move krb5_auth_con_setuseruserkey() to the top
krb5_wrap: Move all ads function to the end
krb5_wrap: Use consistent naming for setup_auth_context()
krb5_wrap: Use consistent naming for create_gss_checksum()
krb5_wrap: Fix formatting issues in ads_krb5_mk_req()
krb5_wrap: Improve return value checks and debug messsages
krb5_wrap: Rename cli_krb5_get_ticket()
krb5_wrap: Fix ads_krb5_cli_get_ticket() return checks and debug messages
krb5_wrap: Cleanup some code in ads_krb5_cli_get_ticket()
krb5_wrap: Move krb5_free_unparsed_name() to the top
krb5_wrap: Rename get_krb5_smb_session_key()
krb5_wrap: Move krb5_princ_component() to the top
krb5_wrap: Remove redundant comment
krb5_wrap: Document smb_krb5_renew_ticket()
krb5_wrap: Document smb_krb5_free_addresses()
krb5_wrap: Document smb_krb5_gen_netbios_krb5_address()
krb5_wrap: Remove unneded smb_krb5_free_error()
krb5_wrap: Remove unused handle_krberror_packet()
krb5_wrap: Remove unneeded smb_krb5_get_init_creds_opt_alloc()
krb5_wrap: Remove unneeded smb_krb5_get_init_creds_opt_free()
krb5_wrap: Rename smb_get_enctype_from_kt_entry()
krb5_wrap: Document smb_krb5_kt_get_enctype_from_entry()
krb5_wrap: Document smb_krb5_kt_free_entry()
krb5_wrap: Document smb_krb5_enctype_to_string()
krb5_wrap: Rename smb_krb5_open_keytab_relative()
krb5_wrap: Document smb_krb5_kt_open_relative()
krb5_wrap: Fix whitespace issues in smb_krb5_kt_open_relative()
krb5_wrap: Rename smb_krb5_open_keytab()
krb5_wrap: Document smb_krb5_kt_open()
krb5_wrap: Rename smb_krb5_keytab_name()
krb5_wrap: Document smb_krb5_kt_get_name()
krb5_wrap: Document smb_krb5_keyblock_init_contents()
waf: Check for the correct function name
krb5_wrap: Add MIT implmentation of smb_krb5_keyblock_init_contents()
krb5_wrap: Rename kerberos_kinit_keyblock_cc()
krb5_wrap: Improve smb_krb5_kinit_keyblock_cache() documentation
krb5_wrap: Rename kerberos_kinit_password_cc()
krb5_wrap: Document smb_krb5_kinit_password_ccache()
krb5_wrap: Rename kerberos_kinit_s4u2_cc()
krb5_wrap: Improve smb_krb5_kinit_s4u2_ccache() documentation
krb5_wrap: Document smb_krb5_make_principal()
krb5_wrap: Document smb_krb5_make_pac_checksum()
krb5_wrap: Fix documentation of smb_krb5_principal_get_realm()
krb5_wrap: Improve smb_krb5_principal_set_realm() documentation
krb5_wrap: Rename kerberos_get_principal_from_service_hostname()
krb5_wrap: Document smb_krb5_get_principal_from_service_hostname()
krb5_wrap: Document smb_get_krb5_error_message()
krb5_wrap: Improve smb_krb5_get_allowed_weak_crypto() documentation
krb5_wrap: Improve smb_krb5_principal_get_type() documentation
krb5_wrap: Improve smb_krb5_principal_set_type() documentation
krb5_wrap: Improve krb5_warnx() documentation
krb5_wrap: Use 'samba-kdc' for com_err whoami in krb5_warnx()
krb5_wrap: Document smb_krb5_cc_copy_creds()
krb5_wrap: Improve smb_krb5_parse_name() documentation
krb5_wrap: Improve smb_krb5_unparse_name() documentation
krb5_wrap: Remove unused smb_krb5_parse_name_norealm()
krb5_wrap: Remove unused smb_krb5_principal_compare_any_realm()
krb5_wrap: Move unwrap_edata_ntstatus() and make it static
s3-libads: Rename smb_krb5_get_ntstatus_from_krb5_error_init_creds_opt()
s4-heimdal: Export krb5_init_creds_* functions
s3-libads: Use non-deprecated function to get the error
s3-libads: Support for MIT Kerberos ntstatus from init_creds
s3-libads: Do not use deprecated krb5_get_init_creds_opt_init()
s3-libads: Do not use deprecated krb5_change_password()
s4-dsdb: Change debug level for replication
util: Fix the documentation of push_utf8_talloc()
dsdb: Do not use free'd memory.
Revert "krb5_wrap: Add MIT implmentation of smb_krb5_keyblock_init_contents()"
gensec_krb5: Do not leak memory of target_principal
heimdal: Fix reauthentication after password change
testprogs: Add a common test_smbclient_expect_failure() function
testprogs: Add a new test_password_settings.sh script
testprogs: Make test_passwords.sh a Heimdal kpasswd test
testprogs: Test only what the Heimdal kpasswd test should test
krb5_wrap: Fix smb_krb5_mk_error() with MIT Kerberos
s4-kdc: Move kpasswd_make_error_reply() to a helper file
s4-kdc: Move kpasswd_make_pwchange_reply() to a helper file
s4-kdc: Add a kpasswd_samdb_set_password() helper function
s4-kdc: Allow to set the keytab_name in the kdc_server structure
s4-kdc: Add a new kpasswd service implementation
s4-kdc: Add new kpasswd service Heimdal backend
s4-kdc: Switch to the new kpasswd service implementation
s4-kdc: Do not leak memory on error in kpasswd_make_error_reply()
nsswitch: Add missing arguments to wins gethostbyname*
waf: Explicitly link against libnss_wins.so
nsswitch: Also set h_errnop for nss_wins functions
s3-selftest: Rename samba3.ntlm_auth.krb5 old ccache test
s3-script: Use unique krb5ccache name
testprogs: Use better KRB5CCNAME in test_password_settings.sh
testprogs: Use own credential cache for test_client_etypes.sh
nsswitch: Use own credential cache for wbinfo tests
s3-lib: Do not create 'MACHINE$@' usernames
s3-lib: Parse WORKGROUP\username in set_cmdline_auth_info_username()
s3-lib: Do not set an empty string in split_domain_user()
s4-kdc: Sort encrytion keys in descending order of strength
s4-sdb: Generate etypes list out of keys list
s4-kdc: Remove unused etypes from sdb structure
selftest: Fix variable name for krb5.conf
selftest: Do not use a central credential cache
gensec_krb5: Create a MIT Kerberos gensec_krb5_session_info()
gensec_krb5: Implement smb_krb5_rd_req_decoded() with MIT Kerberos
s4-libnet: Use SetUserInfo2 to set the account flags
s3-libnet: Pass enum value names to dcerpc_samr_SetUserInfo2()
s3-utils: Fix loading smb.conf in smbcquotas
s3-param: Add comment to call lp_load_global() after popt processing
s3-rpcclient: Fix initializing rpcclient
selftest: Create AD users alice and bob
s3-lib: Fix %G substitution in AD member environment
selftest: Create a share with %D %U and %G substituion
s3-selftest: Add a substituions testcase
waf: Cleanup deps list for smbregistry
waf: Cleanup deps list for smbd
s4-rpc_server: Use DCERPC_NCA_S_UNKNOWN_IF for fault code
idl: Remove unused DCERPC_FAULT_UNK_IF
s3-winbind: Do not return NO_MEMORY if we have an empty user list
s3-printing: Improve debug message
s3-spoolss: Remove printer from registry if it is unpublished
s3-client: Sync in tool cmdline help with smbclient manpage
s3-printing: Correctly encode CUPS printer URIs
s3-printing: Allow printer names longer than 16 chars
s3-epmapper: Ignore epm_Map object guid
libcli/smb: add smb1cli_session_setup_lm21_send/recv()
s3:libsmb: handle the spnego as a first action in cli_session_setup_send()
s3:libsmb: split out a cli_session_creds_init() function
s3-winbind: Directly pass creds with cli_session_setup_creds()
s3:tests: Set missing directories for test_registry_upgrade.sh
lib:util: Don't print lstat warning on ERROR debug level
s3:rpcclient: Print a new line on exit
s3:messaging: Create an messaging_init_internal() returning NTSTATUS
s3:messaging: Add messaging_init_client() function
s3:rpcclient: Use messaging_init_client()
s3:net: Use messaging_init_client()
nss_wins: Fix errno values for HOST_NOT_FOUND
s4:torture: Strip trailing whitespaces in session_key.c
s4:torture: Normalizes names in session_key test
s4:torture: Fix cleanup of the secrets object in session_key test
Update .ycm_extra_conf.py
s3:spoolss: Set default OS Version to Windows Server 2003 R2 SP2
s3:spoolss: Return error when there is no driver assigned
s3:spoolss: Improve debug messages in construct_printer_driver
s3:spoolss: Add support for COPY_FROM_DIRECTORY in AddPrinterDriverEx
s3:spoolss: Add some useful debug messages on error
lib:torture: Make variables const
s4:torture: Add tortue test for AddPrinterDriverEx with COPY_FROM_DIRECTORY
s3-libads: Fix canonicalization support with MIT Kerberos
s3:param: Add an 'include system krb5 conf' option
s3:libads: Include system /etc/krb5.conf if we use MIT Kerberos
selftest: Do not include system krb5.conf in selftest
util: Initialize pointer
libsocket: Make sure ifr.ifr_name is null-terminated
s3:waf: Reformat msrpc3
s3:waf: Reformat gpo
s3:waf: Reformat AVAHI
s3:waf: Reformat GROUPDB
s3:waf: Reformat TLDAP
s3:waf: Reformat samba-passdb
s3:waf: Reformat pdb
s3:waf: Reformat smbldaphelper
s3:waf: Reformat param
s3:waf: Reformat smbregistry
s3:waf: Reformat REG_SMBCONF
s3:waf: Reformat REG_FULL
s3:waf: Reformat samba3-util
s3:waf: Reformat TDB_LIB
s3:waf: Reformat messages_dgm
s3:waf: Reformat samba3core
s3:waf: Reformat libsmb
s3:waf: Reformat secrets3
s3:waf: Reformat ads
s3:waf: Reformat smbconf
s3:waf: Reformat smbd_base
s3:waf: Reformat LOCKING
s3:waf: Reformat PRINTBASE
s3:waf: Reformat PRINTBACKEND
s3:waf: Reformat printing_migrate
s3:waf: Reformat PRINTING
s3:waf: Reformat LIBNET_DSSYNC
s3:waf: Reformat LIBNET_SAMSYNC
s3:waf: Reformat LIBNMB
s3:waf: Reformat SERVICES
s3:waf: Reformat PLAINTEXT_AUTH
s3:waf: Reformat PASSCHANGE
s3:waf: Reformat SLCACHE
s3:waf: Reformat DCUTIL
s3:waf: Reformat trusts_util
s3:waf: Reformat samba3-util
s3:waf: Reformat CHARSET3
s3:waf: Reformat errors3
s3:waf: Reformat libcli_netlogon3
s3:waf: Reformat cli_spoolss
s3:waf: Reformat smbclient
s3:waf: Reformat smbspool
s3:waf: Reformat smbspool_krb5_wrapper
s3:waf: Reformat locktest2
s3:waf: Reformat smbstatus
s3:waf: Reformat smbtorture3
s3:waf: Reformat smbconftort
s3:waf: Reformat msgtest
s3:waf: Reformat msg_sink
s3:waf: Reformat msg_source
s3:waf: Reformat pdbtest
s3:waf: Reformat vfstest
s3:waf: Reformat versiontest
s3:waf: Reformat rpc_open_tcp
s3:waf: Reformat vlp
s3:waf: Move popt_samba3 up in the stack
s3:waf: Move cbuf functions to samba3-util
s3:waf samba3util requires CHARSET3
s4:waf: Remove unneded dependency to s3 param
s3:waf: Make PARAM and SMBREGISTRY a subsystem of smbconf only
s3:waf: Remove unneeded CHARSET3 dependency
printing: Fix building with CUPS version older than 1.7
s3-testparm: Fix trailing whitespaces
s3-testparm: Print error if the default backend is incorrect
s3-testparm: Print an error if we have overlapping idmap config
s3:winbind: Do not start with an invalid default idmap backend
s3:crypto: Use smb_krb5_kt_open_relative() for MEMORY keytab
krb5_wrap: More checks for absolute path in smb_krb5_kt_open()
krb5_wrap: Remove incorrect absolute path checks in smb_krb5_kt_open_relative()
docs: Update doc to use absolute path for 'dedicated keytab file'
testsuite: Add cmocka unit test for smb_krb5_kt_open()
WHATSNEW: Use capital K for Kerberos
WHATSNEW: Add Printing changes
WHATSNEW: Add some information about ID mapping
auth/credentials: Add talloc NULL check in cli_credentials_set_principal()
auth/credentials: Move function to free ccaches to the top
auth/credentials: Add NULL check in free_mccache()
auth/credentials: Add NULL check to free_dccache()
s3-rpc_client: Pass NULL as no password
testprogs: Use better KRB5CCNAME in test_password_settings.sh
auth/gensec: Fix typo in log message
auth/credentials: Add missing error code check for MIT Kerberos
waf: Do not install the unit test binary for krb5samba
s3-vfs: Only walk the directory once in open_and_sort_dir()
s4-torture: Use the correct variable type in torture_smb2_maxfid()
s4-kcc: Do not dereference a NULL pointer
s3-vfs: Do not deref a NULL pointer in shadow_copy2_snapshot_to_gmt()
ndrdump: Fix a possible NULL pointer dereference
s4:torture: Make sure handles are initialized
s3:torture: Fix uint64_t comparsion in if-clause
s3:lib: Do not segfault if username is NULL
pam_winbind: Return if we do not have a domain
s3:librpc: Make sure kt_curser and kt_entry are initialized
s3:librpc: Fix OM_uint32 comparsion in if-clause
ctdb: Fix posible NULL deref in logging_init()
s3:librpc: Handle gss_min in gse_get_client_auth_token() correctly
docs: Improve the idmap_hash manpage
idmap_hash: Add a deprecation message
WHATSNEW: Add idmap_hash deprecation warning
replace: Include sysmacros.h
testprogs: Use smbclient by default in test_kinit_trusts
testprogs: Add kinit_trusts tests with smbclient4
krb5_wrap: Do not return an empty realm from smb_krb5_get_realm_from_hostname()
krb5_wrap: Try to guess the correct realm from the service hostname
krb5_wrap: pass client_realm to smb_krb5_get_realm_from_hostname()
krb5_wrap: Make smb_krb5_get_realm_from_hostname() public
s4:gensec-gssapi: Create a helper function to setup server_principal
s4:gensec_gssapi: Move setup of service_principal to update function
s4:gensec_gssapi: Use smb_krb5_get_realm_from_hostname()
s4:gensec_gssapi: Correctly handle external trusts with MIT
s3:gse: Use smb_krb5_get_realm_from_hostname()
krb5_wrap: Remove obsolete smb_krb5_get_principal_from_service_hostname()
s3:gse: Pass down the gensec_security pointer
s3:gse: Move setup of service_principal to update function
s3:gse: Check if we have a target_princpal set we should use
s3:gse: Correctly handle external trusts with MIT
auth/credentials: Always set the the realm if we set the principal from the ccache
testprogs: Correctly expand shell parameters
krb5_wrap: Print a warning for an invalid keytab name
s3:libads: Correctly handle the keytab kerberos methods
param: Allow to specify kerberos method on the commandline
testprogs: Test 'net ads join' with a dedicated keytab
s3:vfs_expand_msdfs: Do not open the remote address as a file
s3:libsmb: Only print error message if kerberos use is forced
s3:libads: Remove obsolete smb_krb5_get_ntstatus_from_init_creds()
nsswtich: Add negative tests for authentication with wbinfo
s3:tests: Add a subsitution test for %D %u %g
selftest: Define template homedir for 'ad_member' env
s3:smbd: Pass down remote and local address to get_referred_path()
s3:smbd: Set up local and remote address for fake connection
Andrew Bartlett (274):
selftest: Avoid sorting issues on Ubuntu 10.04 vs 14.04
dsdb: Introduce LDB_SYNTAX_SAMBA_OCTET_STRING
smbd: Only check dev/inode in open_directory, not the full stat()
dsdb/repl: Ensure we use the LOCAL attid value, not the remote one
dsdb: Only re-query dSHeuristics for userPassword support on modifies
libndr: Add ndr_pull_struct_blob_all_noalloc
ldb-samba: Use ndr_pull_struct_blob_all_noalloc
selftest: Print a message when RID allocation fails
selftest: Wait 60 seconds for a RID alloc
dsdb: Clarify rename handling as to which record is being renamed
dsdb: Improve debug messages in operational module
ldb: Fix error string when renaming to an DN that already exists
repl_meta_data: Explain why time(NULL) is good enough here
selftest: Include a few more details in selftest and samba startup.
join.py: Fetch the remote DC NTDS GUID early
pidl: Correct string handling to use talloc and be in common
classicupgrade: Avoid needing to quote CN values in an DN, use dn.set_component()
ldb-samba: Add "secret" as a value to hide in LDIF files
rpc_server/drsuapi: Return the correct 3 objects for DRSUAPI_EXOP_FSMO_RID_ALLOC
getncchanges: Give the correct error when RID_ALLOC fails on an invalid destination_dsa_guid
getncchanges: Use the talloc_stackframe() for tempory memory
getncchanges: Fill in ctr6.linked_attributes with a pointer to a zero-length array
dsdb/subtree_rename: Rename the base before we rename children
repl_meta_data: Do rename before deleted object cleanup
dsdb: Use DRSUAPI_ATTID_isDeleted constant in repl_meta_data
dsdb: Improve syntax clarity
selftest: Mark LDAPNotificationTest.test_max_search flapping
samba-tool domain demote: Fix error handling and error messages
torture: Only walk over objects actually converted in drs.dssync
repl: Do not consider userPassword differences to matter in rpc.dssync
build: Build less of Samba when building --without-ntvfs-fileserver
selftest: Use random OIDs from under the Samba OID arc
dsdb: Remove incorrect RDN attid check in replmd_replPropertyMetaDataCtr1_verify
repl: Allow GetNCChanges DRSUAPI_EXOP_REPL_OBJ to succeed against a deleted object
repl: Pass in the full partition DN to dsdb_replicated_objects_convert()
dsdb: Only search the provided partition for the object GUID
samba-tool domain join: Set drsuapi.DRSUAPI_DRS_GET_ANC during initial repl
selftest: Make replica_sync test pass against Windows 2012R2
dsdb: Allow "cn" to be missing on schema import
repl: Remove duplicated delete of sAMAccountType
selftest: Only mark runtime dbcheck as flapping
dbcheck: Find and fix a missing Deleted Objects container
repl: Retry replication of the schema on WERR_DS_DRA_SCHEMA_MISMATCH
dsdb: Cache our local invocation_id at the start of each request
dsdb: Move operational below repl_meta_data so we can query parentGUID
repl: Enforce that we have parent objects for all replicated objects
dsdb: Clearly fail to replicate objects not NC_HEAD with a all-zero parentGUID
dsdb: Give more errors in operational module when building the parentGUID
repl_meta_data: Fail to replicate over local objects not NC_HEAD with a all-zero parentGUID
repl_meta_data: Give more information on replication rename behaviour
dsdb: Split rename case out of replmd_op_possible_conflict_callback
dsdb: Simplify replmd_op_possible_conflict_callback behaviour
dsdb: Give the objectGUID ahead of LDIF dump of replicated changes
selftest: initial version of new repl_move test
selftest/drs: Show we return the correct 3 objects for DRSUAPI_EXOP_FSMO_RID_ALLOC
repl: Do not report all replication failures at level 0
selftest: Add another test case to replica_sync test
selftest: Assert that name, the RDN attribute and actual RDN are in sync
Remove the try/catch from urgent_replication.py
samldb: Make checks for schema attributes much more strict
selftest: Add tests to show that we can not create duplicate schema entries
selftest: These replication tests are now OK after we fixed all the replication bugs
selftest: Run the krb5.kdc test on a more selective basis
selftest: Do not scan the full DB to confirm a specific DN in dbcheck
dsdb: Add new helper function replmd_replPropertyMetaData1_new_should_be_taken()
dsdb: Use replmd_replPropertyMetaData1_new_should_be_taken in replmd_op_possible_conflict_callback()
dsdb: Use replmd_replPropertyMetaData1_new_should_be_taken in replmd_replicated_handle_rename()
dsdb: Use replmd_replPropertyMetaData1_new_should_be_taken in replmd_replicated_apply_merge()
dsdb: Use replmd_replPropertyMetaData1_new_should_be_taken in replmd_replicated_apply_search_callback()
selftest: Add more tests to cover attribute changes vs DN renames
dsdb: Show initial replicated modify as well as resolved modify in repl_meta_data
dsdb: Fix incorrect sorting of replPropertyMetaData with RDN last
dsdb: Fix rename and RDN handling for replPropertyMetaData
selftest: Assert replPropertyMetaData values before and after replication
selftest: Add a reverse variation to ReplicateMoveObject3
repl: Avoid use-after-free when working with the working_schema
build: Try to work around strict aliasing rules on Ubuntu 10.04
build: Address may be used uninitialized in this function on Ubuntu 10.04
selftest: Rebase DrsBaseTestCase on SambaToolCmdTest
samba-tool: Improve fsmo handling
samba-tool domain join: Refuse to re-join a DC with a still-valid password
s4-samr: Fix samr.QueryUserInfo level 1 primary group
selftest: Expand tokenGroups test to also build nested groups
selftest: Expand tokenGroups test to also compare with samr.GetGroupsForUser
libcli/smb: Fix compiler errors when building with --address-sanitizer
libgpo: Fix compiler errors when building with --address-sanitizer
s3-client: Fix compiler errors when building with --address-sanitizer
s3-libnet: Fix compiler errors when building with --address-sanitizer
s3-vfs/snapper: Fix compiler errors when building with --address-sanitizer
s4-kcc: Fix compiler errors when building with --address-sanitizer
s4-libcli/raw: Fix compiler errors when building with --address-sanitizer
s4-samr: Rework GetGroupsForUser to use memberOf
selftest: Add alias membership to the tokengroups test
selftest: Test that primaryGroupID is first in samr.GetUserGroups() reply
selftest: Check a user with only primaryGroupID is correct in samr.GetUserGroups() reply
samba_dnsupdate: Add a mode that calls samba-tool dns, rather than nsupdate
dns_update_list: Add in NS records
samba_dnsupdate: Allow admin to force a particular IP into samba_dnsupdate
samba_dnsupdate: Simplify logic and add more verbose debugging
samba_dnsupdate: Implement RPC <ZONE> prefix in dns_update_list
samba_dnsupdate: Give the administrator more detail when DNS lookups fail
selftest: Ensure we write 127. addresses into DNS
selftest: Always set up a resolv.conf and use it in samba_dnsupdate
selftest: confirm samba_dnsupdate works in both nsupdate and samba_tool mode
selftest: Add a DNS test matching Windows
selftest: Remove print attribute from getnc_exop test
repl: Avoid excessive stack use and instead sort the links in the heap
selftest: Do not run local.ndr 3 times
lib/ldb-samba: We can confirm a GUID is a GUID by length
selftest: Avoid running local.nss test against ad_dc_ntvfs
selftest: Do not run winbind tests against ad_dc_ntvfs
dsdb: Provide shortcuut for repl_meta_data avoiding search of link targets
dsdb: Fix use-after-free of parent_dn in operational module
dsdb: Only fetch changed attributes in replmd_update_rpmd
librpc: Avoid talloc in GUID_from_data_blob()
ldb: Allow repl_meta_data to override the O(^2) loop checking for duplciates
ldb: Do not allocate the extended DN name
dsdb: Apply linked attribute backlinks as we apply the forward links
dsdb: Avoid talloc() calls in dsdb_get_extended_dn_*()
dsdb: Make less talloc() for parsed_dn.guid
Revert "source4/scripting: add an option to samba_dnsupdate to add ns records."
lib: talloc: Change __talloc_with_prefix() to return a struct talloc_chunk *.
lib: talloc: Change __talloc() to return a struct talloc_chunk *.
lib: talloc: Change _talloc_set_name_const() to _tc_set_name_const()
lib: talloc: Add _vasprintf_tc() which returns the struct talloc_chunk *, not the talloc'ed pointer.
lib: talloc: Rename talloc_set_name_v() to tc_set_name_v(). Make it take a struct talloc_chunk *tc as the first argument.
lib: talloc: Call talloc_chunk_from_ptr() less often in __talloc_with_prefix()
lib: talloc: Rename the internals of _talloc_free_internal() to _tc_free_internal().
lib: talloc: As _tc_free_internal() takes a struct talloc_chunk *, add an extra paranoia check against destructor overwrite.
lib: talloc: As we have a struct talloc_chunk * in _talloc_free_children_internal(), use it to call _tc_free_internal() directly.
lib: talloc: Add check for destructor protection.
ldb: Avoid use-after-free when one error message is printed into another
schema: Make the fetch of the schema version fast
dsdb: Remove use of schema USN in samldb_add_handle_msDS_IntId
dsdb: Remove 120 second delay and USN from schema refresh check
schema: Reorder dsdb_set_schema() to unlink the old schema last
samba-tool: Add success message to samba-tool drs replicate --local
samba-tool: Add --local-online mode to samba-tool drs replicate
selftest: Add more tests for samba-tool drs replicate
Revert "dsdb: Disable tombstone_reanimation module until we isolate what causes flaky tests"
Revert selftest: Add knownfail entry required to disable tombstone_reanimation
pyrpc: Allow control of RPC timeout for IRPC
samba-tool drs replicate: Allow replication call to take as long as required
dsdb: Avoid search on * in replmd_replicated_apply_next()
dsdb: Improve debugging during SD recursion failure
build: Always build eventlog6. This is not a duplicate of eventlog
param: Correct the defaults for "dcerpc endpoint services"
Remove unused and untested source4 ntptr and spoolss systems
repl: Remove check for parentGUID being NULL in dsdb_convert_object_ex()
ldb: Add better debugging to ldb_wait()
samba-tool: Put full command and subcommand in informative name when testing samba-tool
selftest: Make repl_schema more robust by disabling replication before the test
selftest: Make repl_move more robust by disabling replication before the test
selftest: Disable replication before doing forced pre-test replicate
drs: pass the forced-replication flag from DsReplicaSync to GetNCChanges
selftest: Ensure we can call DRSUAPI_EXOP_REPL_OBJ with replication disabled
selftest: Disable all replication during most replication tests
WHATSNEW: Add features added for Samba 4.5
s4:torture/ndr: Add supplementalCredentials blobs from alpha13 and release_4_1_0rc3
s4:torture/ndr: Add supplementalCredentials blob from Win2012R2
torture: Add another sample of a PAC that broke the old PAC_UPN_DNS_INFO handling
s4:torture/ndr: Add supplementalCredentials blob from Samba with the new SambaGPG blob
build: Add hints on what libraries to install for gpgme support on failure
ldb_ldb: Do not re-scan the index list for new DNs
librpc: Add ndr_push_struct_into_fixed_blob() and use it in GUID_to_ndr_blob()
lib/ldb-samba: Use ndr_push_struct_into_fixed_blob() in ldif_handlers.c
lib/ldb-samba: Avoid talloc() in ldif_read_objectSid() by parsing the SID string on the stack
dsdb: Limit potential stack use when parsing extended DNs
torture: Add tests for ndr_push_struct_into_fixed_blob()
ldb: Free empty index lists as talloc_realloc() fails in this case
ldb: Add ldb_unpack_data_only_attr_list_flags()
ldb: Prepare for adding flags to ltdb_search_dn1() to control memory allocation
ldb: Add flags to ltdb_search_dn1() to control memory allocation
ldb: Use ldb_unpack_data_only_attr_list_flags in re_index()
torture/backupkey: Allow WERR_INVALID_ACCESS, WERR_INVALID_PARAM or WERR_INVALID_DATA
selftest: Merge alternate error codes into backupkey from backupkey_heimdal
s4:dsdb/repl: Improve memory handling in replicated schema code
s4:dsdb/schema: Remove unused old schema from memory
s4:dsdb/repl_meta_data: Add more info on which DN we failed to find an attid on
selftest: Move repl_schema test to a distinct OID prefix
dsdb: Allow missing a mandatory attribute from a dbcheck fix
dbcheck: Abandon dbcheck if we get an error during a transaction
docs: Explain that "reset on zero vc" is an SMB1 feature
ldb: Avoid cost of talloc_free() for unmatched messages
ldb: Avoid multiple tiny allocations during full DB scan
selftest: Correct name of samba4.blackbox.dbcheck.release-4-5-0-pre1
pydsdb: Raise TypeError for type errors, rather than incorrectly raising an LdbError
ldb-samba: Add new extended match rule DSDB_MATCH_FOR_EXPUNGE
ldb: Fix comment on ldb_register_extended_match_rule
kcc: Move kcc/kcc_deleted.c into kcc/garbage_collect_tombstones.c
dsdb: Rework kcc_deleted() into dsdb_garbage_collect_tombstones()
dsdb: Rework more KCC service-specific details out of dsdb_garbage_collect_tombstones()
dsdb: move tombstone lifetime calculation out of dsdb_garbage_collect_tombstones()
dsdb: Expand garbage_collect_tombstones to expunge links also
python: Add binding for dsdb_garbage_collect_tombstones()
samba-tool: Add command-line tool to trigger tombstone expunge
dsdb: Expose ldb error string to dsdb_garbage_collect_tombstones() callers
dsdb: Use a date comparison in the search to avoid returning all deleted objects
selftest: Add test for 'samba-tool tombstones expunge'
samba-tool: Run samba-tool domain tombstones expunge in a transaction
dsdb: Add comments to dsdb_garbage_collect_tombstones()
lib/ldb-samba: Add test for DSDB_MATCH_FOR_EXPUNGE match rule
dsdb: Do not check isDeleted as a possible link
samba-tool: Remove --use-xattrs support without --use-ntvfs
dsdb: Avoid ldb_dn_validate() call on trusted input when not required
build: Fix build with perl on debian sid.
dsdb: Add python hooks to allocate a RID set and allocate a RID pool
dbcheck: Correctly initialise keep_transaction in missing_parent test
dsdb: Create RID Set as SYSTEM
dsdb: Rework DSDB code to use WERROR
dsdb: Catch errors in extended operations (like allocating a RID Set)
python: create NTSTATUSError, HRESULTError and WERRORError
pyerrors: Add PyErr_Set{WERROR,HRESULT,NTSTATUS}_and_string()
python: Add DsExtendedError Exception
python-libnet: Use new NTSTATUSError, WERRORError and DsExtendedError exceptions
pycredentials: Add bindings for {get,set}_principal, get_ntlm_username_domain
credentials: Add test for credentials behaviour
python/provision: Remove unused parameter schema
selftest: Add test for link and deleted link behaviour in dbcheck
dbcheck: Be more careful with link checks
dbcheck: Correct message for orphaned backlinks
selftest: Ensure we catch errors from samba-tool domain tombstones expunge
selftest: Rework child process cleanup
selftest: Ensure vampiredc has a full copy of localdc before we start
join.py: Attempt to allocate a RID Set during the join
talloc: add ASCII art to describe parent/child arrangement
talloc: clarify that talloc_magic never includes the bits in TALLOC_FLAG_MASK
talloc: Add tests for talloc_parent() after realloc() of the parent
s4/rpc_server: Show what RPC interfaces are listening on which TCP port
torture: Remove access to LSARPC via \\pipe\netlogon in rpc.netlogon for ManyGetDCName test
pidl: Use a static const initialised struct in dcerpc_server_$name_init(void)
s4-rpc_server: Use a type-safe struct signature in dcerpc_register_ep_server
s4-rpc_server: Use an initialised static const struct in dcerpc_server_remote_init
pidl: Change *_get_pipe_fns() to return const struct api_struct *
pidl: Make static struct api_struct also const
dsdb: specify attributes when loading schema
ldb: Avoid individual memory allocations when searching for indexlist
ldb: Add helper function ldb_schema_attribute_remove_flagged()
ldb: Reduce scope of allocation and de-allocation of @ATTRIBUTES
ldb: Reduce per-attribute memory allocation during @ATTRIBUTES load
ldb: Add helper function ldb_schema_attribute_fill_with_syntax()
ldb: load @ATTRIBUTES faster by sorting once, not at each insertion
ldb: Cope with a->name being *
ldb: Add test for behaviour of rdn_name
ldb: new ldb version 1.1.29
perf: Add simple tests for the open/close a database case
s4-rpc_server: Avoid extern reference to dcesrv_mgmt_interface and memcpy()
pidl: Make dcesrv\_$name\_interface "static const"
selftest: Print the POSIX ACL we got when the posixacl test fails
talloc: Add tests for talloc destructor behaviour after talloc_realloc()
torture: Add credentials downgrade and challenge reuse test to rpc.netlogon
torture: Use DCERPC_SCHANNEL_AUTO in rpc.schannel.schannel2 test
torture/samba3rpc: Use NETLOGON_NEG_AUTH2_ADS_FLAGS
torture: Add new test ServerReqChallengeReuseGlobal to rpc.netlogon
torture: Add ServerReqChallengeReuse to rpc.netlogon
torture: Add ServerReqChallengeReuseGlobal2 to rpc.netlogon
idl: Do not listen for lsarpc on \\pipe\netlogon
s4-rpc_server: Add back support for lsa over \\pipe\\netlogon optionally
selftest: test new "lsa over netlogon" smb.conf option
s4-rpc_server: Add comments explaining the control flow around dcesrv_bind()
s4-rpc_server: Allow each interface to declare if it uses handles
s4-rpc_server: Allow listener for RPC servers to use multiple processes
s4-rpc_server: Do not check association groups for NETLOGON
selftest: Use 'rpc server port:netlogon' and 'rpc server port' smb.conf option
s4-netlogon: Push the netlogon server in the AD DC into multiple processes
s4-rpc_server: Add braces to better follow coding style
dsdb: Parse linked attributes using their DN+Binary or DN+String syntax, if needed
WHATSNEW: Add text for AD DC changes
python/schema: fix tests flapping due to oid collision
samba-tool: Correct handling of default value for use_ntvfs and use_xattrs
samba_dsdb: Use and maintain compatibleFeatures and requiredFeatures in @SAMBA_DSDB
dbcheck: Do not regard old one-way-links as errors
WHATSNEW: Clarify and extend the the AD DC performance improvement text
WHATSNEW: Fix spelling of Messages
Anoop C S (10):
packaging: Remove ulimit usage for setting core file size limit
packaging: Set default limit for core file size in init scripts
packaging: Set default limit for core file size in service files
Fix a typo in smb.conf man page
krb5_wrap: Remove extra parentheses causing compile error
vfs_glusterfs: Fix a memory leak in connect path
s3/dump_core: Honour pipe symbol (|) in system-wide core_pattern under linux
lib/util: Fix input arguments description for dbghdrclass() routine
lib/util: Fix indentation within routine description for dbghdrclass
docs-xml: Remove duplicate listing of configfile option in man pages
Anubhav Rakshit (1):
torture:smb2: Add test replay6 to verify Error Codes for DurableHandleReqV2 replay
Aurelien Aptel (30):
s3/utils/regedit.c: typo
s4/auth/ntlm/auth_unix.c: add parens
s4/client/cifsdd.c: typo
s4/heimdal/lib/gssapi/mech/gss_compare_name.c: typo
s4/heimdal/lib/krb5/pac.c: typo
examples/perfcounter/perf_writer.c: fix memset
s3/client/clitar.c: NULL-check correct variable
s3/client/clitar.c: always close fd
pidl/ws: Fix Dead Store (Dead assignement/Dead increment) warning found by Clang
pidl/ws: fix -Wmissing-prototype
pidl/ws: enhance dissector
pidl/ws: Fix Dead Store (Dead assignement/Dead increment) warning found by Clang
pidl/ws: fix indent (use 4 tabs) and remove trailing whitespace
pidl/ws: fix Assigned value is garbage or undefined found by Clang Analyzer
pidl/ws: Remove #pragma warning (MSVC)
pidl/ws: Eliminate e_uuid_t in favor of e_guid_t
pidl: use https urls and update dead msdn link
pidl/ws: avoid trailing tabs
pidl/ws: remove any starting _ in WS field names
pidl/ws: Remove pinfo->private_data from DCERPC dissectors.
pidl/ws: dereference pointers when passing name param.
pidl/ws: Add HEADER START/HEADER END in ws dissector
pidl/ws: whitespace cleanup
pidl/ws: Document CODE_START and HEADER_START
pidl/ws: directly use `di` param instead of casting `private_data` member.
pidl/s4/python: typo in comment
pidl/ws: fix failing tests
pidl/ws: fix missing $name when generating MAPI dissector
s3/winbindd: use == -1 instead of < 0 for error checking uid_t
s3/winbindd: fix invalid free
Björn Baumbach (2):
idmap_script: add missing "IDTOSID" argument to the script command line.
s3-printing: fix migrate printer code (bug 8618)
Björn Jacke (10):
testsuit/manage-ca.sh: specify key size in CSRs
docs-xml: change http://samba.org to https://www.samba.org
man pages: change http://samba.org to https://www.samba.org
ad/provision: change http://samba.org to https://www.samba.org
replace: make sure we have a SCOPE_DELIMITER define
util: use SCOPE_DELIMITER for the IPv6 scope delimiter
pam: map more NT password errors to PAM errors
pam: strip trailing whitespaces in pam_winbind.c
pam_winbind: Fix compiler warnings
vfs_default: unlock the right file in copy chunk
Bob Campbell (26):
samba_dnsupdate: do not interpret failure count as unix error code
samba_spnupdate: do not interpret failure count as unix error code
tdb: avoid many fcntl calls when incrementing seqnum
selftest: add check password script test
check_password_script: Add a DEBUG message for timeouts
password_hash: Make an error message clearer
provision_fill: move most db accesses into transactions
provision_fill: move GPO into transaction
provision: Ignore duplicate attid and governsID check
getncchanges: Fix some whitespace
tests/getnc_exop: Ensure we do the fallback if not given a PAS
tests/getnc_exop: Ensure that attribute list sorting is correct
dsdb: refactor part of garbage_collect_tombstones into new function
copyright: Add the missing notices for garbage collect tombstones
tests/getnc_exop: Improve the ridalloc test by performing an alloc against a new master
python/netcmd: print traceback through self.errf
python/tests: add tests for samba-tool dns
python/tests: expand tests for dns server over rpc
samba-tool/dns: reword error messages and make error catching specific
samba-tool/dns: remove use of dns_record_match from add and delete
dnsserver: add dns name checking
python/tests: expand samba-tool dns tests
dnsserver_common: Add name check in name2dn
torture/drs: move ExopBaseTest into DrsBaseTest and extend
torture/drs: test link replication with hwm and utdv
torture/drs: expand test for DRSUAPI_DRS_GET_ANC
Bryan Mason (1):
Modify smbspool_krb5_wrapper to just fall through to smbspool if AUTH_INFO_REQUIRED is not set or is not "negotiate".
Chris Davis (2):
s4-registry: implement set value and delete value for RPC
s4-registry: properly initialize registry key to be added via RPC
Christian Ambach (18):
s3:smbd/service disable case-sensitivity for SMB2/3 connections
s3:smbd/service apply some code formatting
s3:smbd/filename remove smelly code
selftest: test for case insensitivity over SMB2/SMB3
s3:smbd remove todo comments
s3:libsmb/clifile use correct value for MaxParameterCount for setting EAs
s3:rpcclient make --pw-nt-hash option work
s3:selftest add a test for rpcclient --pw-nt-hash option
s3:rpcclient add -m option
s3:modules/vfs_snapper squelch -O3 compile warning
s4:repl_meta_data: squelch compile warning with -O3
s3:libsmb fix a typo
s4:param add log_level function to retrieve log level in Python code
tests/param add a test for LoadParm.log_level
python/drs_utils: do not attempt to parse log level, use parsed value
python/join: do not attempt to parse log level, use parsed value
s4:samba_spnupdate: do not attempt to parse log level, use parsed value
s3:smbcacls add prompt for password
Christof Schmitt (33):
gpfswrap: Add wrapper for gpfs_set_winattrs
vfs_gpfs: Implement new dos_attributes vfs functions
vfs_gpfs: Remove xattr functions
vfs: Add helper to check for missing VFS functions
vfs_full_audit: Assert that all VFS functions are implemented
vfs_time_audit: Assert that all VFS functions are implemented
selftest: Load time_audit and full_audit
winbindd: Remove unused prototypes for winbindd_group.c
gensec: Change log level of message when no PAC is found
smbcacls: Do not read old ACL for 'set' operation
ctdb/ltdbtool: Fix static declarations
gensec: Change log level for message when obtaining PAC from gss_get_name_attribute failed
selftest: Disable full audit logging in selftest
smbtorture: Add smb2.maxfid
selftest: Add tunable for smb2.maxfid limit
smbtorture: Correctly initialize notify request in smb2.notify.tree
smbd: Allow passing notify filter from inotify and fam
notify_inotify: Move mapping table to top of file
notify_inotify: Map inotify mask back to filter
vfs_gpfs: Retry getacl with DAC capability if necessary
smbd: Fix snapshot query on shares with DFS enabled
docs: Clarify description for cache, lock and state directory settings
winbindd: Introduce helper function for winbindd_cache.tdb directory
smbd: Adjust debug level of "No protocol supported" message
winbindd: Remove unused enum ent_type
nfs4acl: Fix owner mapping with ID_TYPE_BOTH
idmap_ad: Fix retrieving credentials from clustered secrets.tdb
winbind: Fix passing idmap failure from wb_sids2xids back to callers
winbindd: Make functions in cache_methods non-static
winbindd: Replace calls to domain->methods
winbindd: Remove now unused domain->methods
winbindd: Remove now unused cache_methods
winbindd: Fix password policy for pam authentication
Clive Ferreira (5):
objectclass_attrs: correctly indent a comment
typo: supprise -> surprise
objectclass_attrs: Only abort on a missing attribute when an attribute is both MUST and replicated
dbcheck: confirm RID Set presence and consistency
KCC: unconnected graph test
David Disseldorp (16):
printing: use housekeeping period that matches cache time
printing: handle "printcap cache time" change on HUP
torture/ioctl: make sparse file support check generic
idl/ioctl: fix DUPLICATE_EXTENTS_TO_FILE fid field
libcli: add FILE_SUPPORTS_BLOCK_REFCOUNTING
torture/ioctl: add FSCTL_DUP_EXTENTS_TO_FILE tests
torture/smb2/ioctl: don't check for untruncated dest failure
torture/ioctl: switch sparse src/dest dup ext behaviour
smbd/ioctl: match WS2016 ReFS get compression behaviour
torture/ioctl: test compression responses when unsupported
libsmb: fix leak in opendir error path
ctdb-build: move ctdb_etcd_lock to utils/etcd
ctdb-build: configure time switch for etcd support
ctdb: cluster mutex helper using Ceph RADOS
ctdb/doc: man page for Ceph RADOS cluster mutex helper
ctdb: add test script for ctdb_mutex_ceph_rados_helper
David Mulder (1):
auth/gensec: Remove unneeded cli_credentials_set_conf() call
Dirk Godau (2):
drsuapi tests for DsBind with w2k8
Extend DsBind and DsGetDomainControllerInfo to work with w2k8.
Doug Nazar (1):
s3: smbd: inotify_map_mask_to_filter incorrectly indexes an array.
Douglas Bagnall (96):
util/binsearch: macro for greater than or equal search
util/tests: add test for BINARY_ARRAY_SEARCH_V macro
ldb paged_results: quieten a warning.
ldb controls: better error string for VLV control
ldap VLV: memdup, not strdup VLV context_id
vlv: better syntax for parsing greater than or equal strings
ASN1: use a talloc context in read_contextSimple
ldb controls: use uint8_t* for contextID binary blob
asn1: make readContextSimple() add a NUL byte
ldb_controls: add base64 option to VLV
Add python server sort tests
ldb sort: allow sorting on attributes not returned in search
torture_ldap_sort: avoid segfault
configure: set HAVE___ATTRIBUTE__ for heimdal
ldb client controls: avoid talloc_memdup(x, y, (size_t)-1);
ndr: avoid unnecessary searches of token list
librpc ndr: add ndr_pull_steal_switch_value()
ndr: Use ndr_steal to avoid long lists
ndr: inline search for ndr_token_peek()
ndrdump: add quiet flag
Implement Virtual List View (VLV)
ldb controls: don't ignore memory allocation failure
ldb sort tests: point out a known fails against Windows
dsdb sort test: avoid exception with fewer elements
dsdb python tests: fix several usage strings
ldb client controls: don't ignore failed memdup
ldb controls: allow paged_search to use a cookie
ldb_controls: avoid unnecessary unchecked talloc_asprintf()s
util/attr.h: use HAVE___ATTRIBUTE__, not __GNUC__ comparisons
libreplace: use HAVE___ATTRIBUTE__ instead of __GNUC__
tevent.h: use HAVE___ATTRIBUTE__ instead of __GNUC__
s3/modules/getdate: use HAVE___ATTRIBUTE__ instead of __GNUC__
mdssvc/sparql_parser.c: use HAVE___ATTRIBUTE__ instead of __GNUC__
s4/lib/wmi_wrap: use HAVE___ATTRIBUTE__ instead of __GNUC__
third_party/zlib/zlib.h: use HAVE___ATTRIBUTE__ instead of __GNUC__
VLV: avoid name conflict with string.h's index()
VLV: initialise struct using names for clarity
VLV: handle empty results correctly
VLV: test using restrictive expressions
.gitignore: don;t accidentally ignore some files
Fix formatting issue on 32bit with _FILE_OFFSET_BITS == 64
python/join.py: Avoid unchecked print in error path
source4/param/pyparam.c: fix strange indentation
dsdb/common/util: remove some unnecessary str_list_length()s
dsdb/common/util: be careful about zero length string lists
dsdb schema_query: reduce calls to str_list_length
source4/registry/local: avoid str_list_length() to check first element
pytalloc: avoid double 0x0x in repr strings
Python pidl: avoid segfault with "del obj->attr"
tests/dcerpc/array.py: test deletion of arrays
selftest: Enable samba.tests.dcerpc.array test
tests/dcerpc: add tests for string allocation and deletion
gitignore: ignore library bin directories
python/tests/dns_forwarder: fix for python 2.6
Remove unused stf directory
s4/dsdb/repl_meta_data: use local bool version of flag
replmd_modify_delete: check talloc_new()
repl_meta_data: free context on error in replmd_modify_la_delete()
dsdb: add vanish links control
dsdb tests: add linked attribute tests
drs tests: querying linked attribute over DRS
dbcheck: cache linkIDs and reverse attribute names
dbcheck: check for linked atributes that should not exist
s4/selftest/provisions/dump.sh: dump to target dir if supplied
blackbox/dbcheck-oldrelease: more accurate temp filename
dbcheck linked attribute tests: save environment with bad links
VLV tests: reduce test duplication hence elapsed time
VLV tests: comment typo
VLV: fix handling with show_deleted and similar controls
VLV tests: add tests with show_deleted control
VLV tests: remove vestigial pdb stub
ldb_tdb index: fix whitespace
KCC: Fix misnamed variable in DSA object
Remove hopelessly out of date Roadmap
vlv tests: remove uninteresting debug message
netcmd/domain: improve error message grammar
autobuild: remove unused argument
autobuild --restrict-tests to test a restricted set
blackbox tests: add timestamps for subunit tests
selftest: allow tests.py scripts to run independently
subunithelper: use set for efficient inclusion test
filter-subunit: default to empty affixes, saving verbose checks
Add AD DC performance tests
make perftest: for performance testing
selftest: add an option to specify the test list
selftest/wscript: format perftest as json
autobuild: disable abi check on O3 build
Remove unused python selftest
lib/registry/regf: better initialise nk_block
smbd/service_stream: connection processing flag is not really bool
smbclient: fix string formatting in print command
KCC: Graphnode.add_edge_from expects dn strings, not objects
KCC: avoid infinite recursion when edgelist contains self
s4-torture: better, failing, tests for GUID_from_string
librpc/ndr/uuid.c: improve speed and accuracy of GUID string parsing
rpc_server:netlogon Move from memcache to a tdb cache
Evgeny Sinelnikov (1):
rpc_server/drsuapi: Set msDS_IntId as attid for linked attributes if exists
Garming (1):
drs: Send DRSUAPI_DRS_GET_ALL_GROUP_MEMBERSHIP by default
Garming Sam (161):
tests: Allow alternative error code for backupkey test
ldb controls: base64 encode VLV response context strings
ldap VLV: use correct ASN.1 encoding for requests
ldap: fix search control rule identifiers ASN.1 type
ldap VLV: correct ASN1 parsing of VLV requests
CVE-2016-0771: tests/dns: Modify dns tests to match new IDL
CVE-2016-0771: tests/dns: prepare script for further testing
CVE-2016-0771: tests/dns: FORMERR can simply timeout against Windows
CVE-2016-0771: tests/dns: Add a comment regarding odd Windows behaviour
CVE-2016-0771: tests/dns: restore formerly segfaulting test
CVE-2016-0771: tests/dns: Correct error code for formerly unrun test
CVE-2016-0771: tests/dns: Add some more test cases for TXT records
CVE-2016-0771: tests/dns: modify tests to check via RPC
CVE-2016-0771: dnsserver: don't force UTF-8 for TXT
CVE-2016-0771: tests/dns: RPC => DNS roundtrip test
CVE-2016-0771: tests: rename test getopt to get_opt
CVE-2016-0771: tests/dns: change samba.tests.dns from being a unittest
CVE-2016-0771: tests/dns: Remove dependencies on env variables
tests: Allow alternative error code for backupkey test
build: mark explicit dependencies on pytalloc-util
sort: enable custom behaviour on critical control
autobuild: Return the last 50 log lines
rodc: Allow RODC preload to continue with invalid users
tests/rodc: Check that preload will skip broken users
tests/dsdb: Verify that only a new ldb affects reads of userPassword
tests/passwords: fix a typo
dbcheck: Avoid pathological behaviour in operational module
dns: remove double talloc for strings
dnsserver: Remove C++ style comment
selftest: Remove an early return in the fl2003dc provision
dns: modify dns forwarder param to be multi-valued
tests/dns_forwarder: Add testing for DNS forwarding
tests/dns: Add additional testing of CNAME handling
tests/dns_forwarder: remove statically defined IPs
tests/dns_forwarder: Add an extra test for inactive forwarders
tests/dns_forwarder: Add additional testing for no flag recursive
autobuild: Return the last 50 log lines
autobuild: fix typo in autobuild success subject line
manpages: Markup led to missing space
typo: mplementation => implementation
examples/crackcheck: allow compilation with current builds
samr4: Remove talloc_asprintf leak onto mem_ctx
drsuapi.idl: Add attid used in testing in idl
tests/drs: cleanup some whitespace
samba_dnsupdate: Fix typo in -no-substitutions name
dns_server: Fix typo in dns_authoritative_for_zone() name.
flapping: temporarily add samba_dnsupdate test
tests/drs: extend getnc_exop test to check linked attributes
tests/drs: make cleanup more robust
tests/drs: assert sorted identifier GUIDs across getncchanges
tests/drs: change sort order in tests to match Windows
getncchanges: remove some whitespace
getncchanges: sort with precalculated target guid array
getncchanges: Match Windows on linked attribute sort
flapping: remove samba_dnsupdate from flapping
check-password-script: Allow AD to execute these scripts
param: fix a typo emtpy -> empty
tevent: typo in documentation
typo: componemt => component
typo: mandetory -> mandatory
kerberos: Return enc data on PREAUTH_FAILED
schema: Remove unnecessary schema reload code
schema: raise debug level
tests/dns_update: Add error message for diagnosis
tests: Allow alternative error code for backupkey test
dbcheck: Script swallows input when given a carriage return
match_rules: Fix a duplicated check
match_rules: Make cleanup faster and more efficient
link_attrs: Add tests for one way links (and pseudo one-way)
extended_dn_out: Force showing of one-way links if they exist
flapping: Add dbcheck to flapping
dbcheck: change argument to specify a partial --yes
tests/dbcheck: One way links are expected to be stale
dbcheck.sh: Fix the arguments supplied as $@
dbcheck: Split out valid stale DN links and invalid ones
dbcheck.sh: Remove all the plausible stale links
flapping: Remove dbcheck from flapping
renamedc: Make a more targeted dbcheck
pytalloc: Add a warning about enable_null_tracking
join.py: Remove talloc enable_null_tracking
samba-tool: Speed up all samba-tool commands
WHATSNEW: Samba-tool speed-up
drepl: Fix a typo
kcc: Make debug more scarce
selftest: Add more information when KCC fails
kcc: Prevent the KCC from doing work on the RODC
samba_kcc: match translate connection from old KCC for RODC
samba_kcc: match translate connection from old KCC for RWDC
kcc: Make more fault tolerant on DC demotion
dbcheck: Replica locations can now be leftover
join.py: Ensure that all expressions are escaped
join.py: Add Replica-Locations for DomainDNS and ForestDNS
join.py: Don't add replica locations without the backend
dbcheck/release-4-1-0rc3: Add a check regarding replica locations
dbcheck: Add a rule regarding replica locations
kcc: correct a typo in the debug messages
samba_kcc: Enable the python samba_kcc
WHATSNEW: Add the update for the samba kcc
AddressSanitizer: Initialize for kcc_topology.c
AddressSanitizer: Initialize for smbd/oplock.c
AddressSanitizer: Initialize for vfs_fruit.c
kcc: typo fix tupple => tuple
kcc: fix a typo
kcc: Add corresponding methods for repsTo
kcc: Add a TODO for msDS[-RO]-Replica-Locations
kcc: Clean up repsTo attribute for old DCs
replmd: Check dsdb_dn for syntax errors
valgrind: Avoid a warning about uninitialized memory
msds_intid: Add test for (non-schema) linked attributes
replmd: Remove data field on DSDB_CONTROL_REPLICATED_UPDATE_OID
replmd: Send replicated update OID for forward links
msds_intid: Add test for schema linked attributes
getncchanges: Set is_schema_nc when EXOP_OBJ
rpc_server/drsuapi: Don't set msDS_IntId as attid for linked attributes if schema
tests/schemainfo: run dsdb schema info tests with proper URI
replicated_objects: Add missing newline for debug
drepl_out: Send the prefix map alongside the RODC partial attribute set
drepl_out: Send the prefix map alongside the global catalog partial attribute set
tests/getnc_exop: Ensure that all attids are valid in a given PAS
tests/getnc_exop: Ensure the remote prefixmap is always used (secret attrs)
tests/getnc_exop: Ensure the remote prefixmap is always used (name attr)
tests/getnc_exop: PartialAttrSetEx test (passes Windows, fails us)
getncchanges: Compute the partial attribute set from the remote schema
samba_upgradedns: Check for both accounts in BIND_DLZ upgrade
gc_tombstones: Typo fix
tests/dns_forwarder: Wait for port for 15 seconds
tests/dns_forwarder: Check that the subprocess is still living
tests/dns_forwarder: Fail out with an assertion instead OOB error
torture: Remove unnecessary whitespace
rpmd: Add the ldb error string to a debug
rpmd: Remove the seq_num check for skipping additional work
rpmd: Add a TODO regarding the additional work performed
rpmd: Skip bump of USN when vanishing forward links
tests: Assert vanishing links doesn't bump USN
tombstone-expunge: Assert than an expunge does not bump the USN
dbcheck: Make it clearer about temporary output
tests: Check that USN bumps when modifying a linked attr
tests: Skip a test for reveal internals for passing Windows
dbcheck: assert uSNChanged values in release-4-5-0-pre1
kcc: Don't check schedule if None
tests/getnc_exop: Finish a comment in getnc_exop.py
tombstones-expunge: Add a test for deleting links to recycled objects
collect_tombstones: Allow links to recycled objects to be deleted
tests/ridalloc_exop: Add a new suite of tests for RID allocation
samba_tool/fsmo: Allocate RID Set when seizing RID manager
upgradeprovision: Remove objectCategory from constructed attrs
s4-auth: Don't check for NULL saltPrincipal if it doesn't need it
doc: Add doxygen for functions in srv_keytab.c
samba_dnsupdate: cmd._run doesn't have Exceptions
samba_dnsupdate: Raise after the error count is incremented
tests/dnsserver: Check security descriptors
python/tests: fix typo to use correct var
tests/dns: Check you cannot add empty CNAME
getncchanges: use the uptodateness_vector to filter links to replicate
ldbdump: Parse the -i option
ldb_tdb: avoid erroneous error messages
dbcheck-links: Test that dbcheck against one-way links does not error
getncchanges: do not replicate links for non critical objects if DRSUAPI_DRS_CRITICAL_ONLY is set
tests/dbcheck: Add a test for two live objects, with a dangling backlink
tests/dbcheck: Add a test for two live objects, with a dangling forward link
dbchecker: Stop ignoring linked cases where both objects are alive
Günther Deschner (350):
auth/ntlmssp: use ndr_push_AV_PAIR_LIST in gensec_ntlmssp_server_negotiate().
lib/socket/interfaces: Fix some uninitialied bytes.
Partly revert "s3:libads: setup the msDS-SupportedEncryptionTypes attribute on ldap_add"
s3:libnet:libnet_join: prepare to allow connecting with machine creds.
s3:libads:ldap: print LDAP error message with log level 10.
s3:libads:ndr: add ADS_AUTH_USER_CREDS to ndr_print_ads_auth_flags()
s3:libads:ldap: fix ads_check_ou_dn to deal with account_ou not being initialized
s3:libnet:libnet_join: always try to create machineaccount via LDAP first.
s3:librpc:idl:libnet_join: add encryption types to libnet_JoinCtx.
s3:libnet:libnet_join: define list of desired encryption types only once.
s3:libnet:libnet_join: fill in output enctypes and only modify when necessary.
s3:libnet:libnet_join: update msDS-SupportedEncryptionTypes (if required) with machine creds.
param: add parameter "server multi channel support", defaults to off.
s3:winbindd:idmap_hash: skip domains that already have their own idmap configuration.
s3:winbindd:idmap: check loadparm in domain_has_idmap_config() helper as well.
wscript: detect if we have libkdb5 and kdb.h.
s4-kdc: Introduce a simple sdb_kdb shim layer
mit_samba: Use sdb in the mit_samba plugin
mit_samba: Use talloc_zero in mit_samba_context_init().
mit-kdb: Do not overwrite the error code in failure case.
mit-kdb: Use calloc so both authdata elements are zeroed
mit-kdb: Use calloc to initialize master keylists.
mit-kdb: Return 0 in kdb_samba_db_put_principal()
mit-kdb: Restrict admin/changepw principal db_entry with some flags
s4-smb_server: check for return code of cli_credentials_set_machine_account().
s3-auth: check for return code of cli_credentials_set_machine_account().
s3:smbXsrv.idl: add 8 byte channel_sequence number and request counters to IDL.
libcli:smb:smbXcli_base: add smb2cli_session_current_channel_sequence() call.
torture:smb2: add test for checking sequence number wrap around.
lib/torture: add torture_assert_u64_not_equal_goto macro
s4:torture:smb2:rename.c: Fix file permissions.
CVE-2016-2111: s3:rpc_server/netlogon: always go through netr_creds_server_step_check()
lib:krb5_wrap:krb5_samba: increase debug level for smb_krb5_get_default_realm_from_ccache().
s3:librpc:crypto:gse: increase debug level for gse_init_client().
libcli/smb: fix NULL pointer derreference in smbXcli_session_is_authenticated().
s3:client:smbspool_krb5_wrapper: fix the non clearenv build.
s3-winbind: Fix schannel connections against trusted domain DCs
s3-libnet: Print error string even on successfuly completion of libnetjoin.
s3:libnet: accept empty realm for AD domains when only security=domain is set.
librpc: add decode_netlogon_samlogon_response_packet for mailslot debugging.
torture: show the first differing byte and a dump in torture_assert_data_blob_equal().
s4-torture: rename torture_suite_add_ndr_pullpush_test to torture_suite_add_ndr_pull_validate_test.
krb5pac: no need for a noprint PAC_BUFFER.
s4-torture: add ndr krb5pac testsuite.
s4-torture: add another krb5pac buffer to the ndr test.
s4-torture: add new torture_assert_krb5_error_equal macro.
s4-torture: fix compile of new NDR PAC tests with MIT Kerberos.
s4-scripting: let gen_hresult.py tolerate empty lines.
hresult: create enough space for the hresult_errstr message.
spoolss: add various well known core printer driver file GUIDs to IDL.
librpc: fix spoolss_GetCorePrinterDrivers IDL.
s4-torture: add test for spoolss_CorePrinterDriver().
librpc: fix IDL for spoolss_GetPrinterDriverPackagePath()
s4-torture: add test for spoolss_GetPrinterDriverPackagePath().
librpc/tools: support ndr64 in the validate path of ndrdump
pidl: support HRESULT as return code in wireshark autogenerated dissectors.
s4-torture: test GetPrinterData with server handle and 0 keylength.
s3-spoolss: fix _spoolss_GetPrinterDataEx by moving the keyname lengthcheck.
s4-torture: cleanup torture_suite_add_ndr_pull_validate_test API.
s4:torture:smb2:connect: prefer torture_comment() to printf().
source4/torture/rpc/testjoin.c: prefer torture_comment() over printf().
s4:torture:smb2:maxwrite: prefer torture_comment() to printf().
s4-torture: reformat TORTURE_SMB2 wscript_build list.
s4:torture:smb2:maxwrite: compile maxwrite test at least.
s4:torture:smb2:getinfo: prefer torture_comment() to printf().
s4:torture:smb2:scan: prefer torture_comment() to printf().
s4:torture:smb2:acls: prefer torture_comment() to printf().
s4:torture:smb2 prefer torture_comment() to printf().
pidl: Keep case from fieldnames.
pidl: fix field2name wireshark dissector test.
s4-torture: test multiple different cluster control codes.
librpc: add clusapi_ResourceTypeControlCode enum.
s4-torture: Fix logic errors in node and group control clusapi tests.
s4-torture: add new tests for clusapi resourcetypes.
librpc: add ClusterGroupEnumType enum to IDL.
s4-torture: add test for clusapi_CreateGroupResourceEnum
librpc: add CLUS_RESOURCE_CLASS_INFO to IDL
s4-torture: test CLUSCTL_GROUP_GET_FLAGS GroupControl.
s4-torture: add test for CreateResTypeEnum().
librpc: add ClusterResTypeEnumType to IDL.
s4-torture: add test for CreateGroupEnum.
s4-torture: also test CLUSCTL_CLUSTER_CHECK_VOTER_DOWN.
librpc: add clusapi_ResourceControlCode to IDL.
pidl: in s3 server templates, support default HRESULT error returns.
spoolss: add IDL for spoolss_LogJobInfoForBranchOffice.
s4-torture: add test for spoolss_LogJobInfoForBranchOffice
s3-spoolss: add missing newline in debug message of _spoolss_OpenPrinterEx.
s4-torture: use torture_comment in torture_rpc_connection()
s3-waf: give rpcclient its own wscript_build.
s3-rpcclient: add getdriverpackagepath command.
s3-spoolss: avoid referencing p->opnum in _spoolss_AddPrinterDriverEx
s4-torture: also test NULL servername in spoolss_GetPrinterDriverPackagePath
s3-rpc_client: make it more clear printer driver version is a QWORD not a DWORD.
libgpo: accept more boolean matches in gp_inifile_getbool().
s3-registry: create winprint print processor entry for x64 as well.
s3-spoolss: fix winreg_printer_ver_to_qword
spoolss: rename spoolss_EnumPrintProcDataTypes to spoolss_EnumPrintProcessorDataTypes
spoolss: rename spoolss_RpcGetJobNamedPropertyValue to spoolss_GetJobNamedPropertyValue
spoolss: rename spoolss_RpcSetJobNamedProperty to spoolss_SetJobNamedProperty
spoolss: rename spoolss_RpcDeleteJobNamedProperty to spoolss_DeleteJobNamedProperty
spoolss: rename spoolss_RpcEnumJobNamedProperties to spoolss_EnumJobNamedProperties
spoolss: rename spoolss_RpcSendRecvBidiData to spoolss_SendRecvBidiData
spoolss: rename RPC_PrintNamedProperty to spoolss_PrintNamedProperty
s4-torture: test GetPrinter level 3 on server handle (security descriptor query)
s3-spoolss: Fix _spoolss_GetPrinter behaviour for server handles.
s3-rpc_client: add winreg_get_printserver_secdesc.
s3-rpc_client: add winreg_set_printserver_secdesc.
s4-torture: test spoolss_SetPrinter level 3 on server handle.
s3-spoolss: use server sd stored in the backend in _spoolss_GetPrinter level 3
s3-spoolss: allow SetPrinter level 3 for server handles as well.
s3-spoolss: in _spoolss_OpenPrinterEx map max_allowed for the print server
s4-torture: add new test to compare "ServerSecurityDescriptor" and GetPrinter level 3.
librpc: add IRemoteWinspool idl
idl: compile iremotewinspool.idl.
s4-torture: add IRemoteWinspool ndr testsuite.
s4-torture: parse spoolss ndr packets using iremotewinspool calls
s3-modules: fix build warning in vfs shadow copy2 module
hresult: add new HRESULT_FROM_WERROR macro
hresult: re-generate hresult error code definitions from MS-ERREF.
librpc: fix some variable names in winspool protocol IDL
s3-rpc_client: add spoolss_timestr_to_NTTIME()
s3-rpc_client: add spoolss_driver_version_to_qword()
s3-rpc_client: use spoolss_timestr_to_NTTIME in winreg_printer_date_to_NTTIME
s3-rpc_client: use spoolss_driver_version_to_qword in winreg_printer_ver_to_qword
s4-scripting: make w32err_code.py work with recent html table changes.
werror: add new DS error codes.
werror: use WERR_NOT_ENOUGH_MEMORY in WERROR macros.
werror: use (generated) WERR_GEN_FAILURE as alias for WERR_FOOBAR
werror: replace WERR_BADFUNC with WERR_INVALID_FUNCTION in source3/rpc_server/spoolss/srv_spoolss_nt.c
werror: replace WERR_BADFUNC with WERR_INVALID_FUNCTION in source4/lib/wmi/
werror: removed WERR_BADFUNC
werror: replace WERR_BADFILE with WERR_FILE_NOT_FOUND in source3/lib/smbconf/smbconf_reg.c
werror: replace WERR_BADFILE with WERR_FILE_NOT_FOUND in source3/libgpo/gpo_reg.c
werror: replace WERR_BADFILE with WERR_FILE_NOT_FOUND in source3/printing/
werror: replace WERR_BADFILE with WERR_FILE_NOT_FOUND in source3/registry/
werror: replace WERR_BADFILE with WERR_FILE_NOT_FOUND in source3/rpc_client/
werror: replace WERR_BADFILE with WERR_FILE_NOT_FOUND in source3/services/svc_winreg_glue.c
werror: replace WERR_BADFILE with WERR_FILE_NOT_FOUND in source3/utils/
werror: replace WERR_BADFILE with WERR_FILE_NOT_FOUND in source4/lib/registry/
werror: replace WERR_BADFILE with WERR_FILE_NOT_FOUND in source4/torture/ndr/winreg.c
werror: replace WERR_BADFILE with WERR_FILE_NOT_FOUND in source4/torture/rpc/
werror: removed WERR_BADFILE
werror: replace WERR_BADFID with WERR_INVALID_HANDLE in source3/rpc_server/spoolss/
werror: replace WERR_BADFID with WERR_INVALID_HANDLE in source4/torture/rpc/spoolss.c
werror: removed WERR_BADFID
werror: replace WERR_NOMEM with WERR_NOT_ENOUGH_MEMORY in lib/util/tevent_werror.c
werror: replace WERR_NOMEM with WERR_NOT_ENOUGH_MEMORY in libcli/drsuapi/repl_decrypt.c
werror: replace WERR_NOMEM with WERR_NOT_ENOUGH_MEMORY in source3/lib/netapi/
werror: replace WERR_NOMEM with WERR_NOT_ENOUGH_MEMORY in source3/libads/ldap_printer.c
werror: replace WERR_NOMEM with WERR_NOT_ENOUGH_MEMORY in source3/libgpo/gpo_reg.c
werror: replace WERR_NOMEM with WERR_NOT_ENOUGH_MEMORY in source3/libnet/libnet_join.c
werror: replace WERR_NOMEM with WERR_NOT_ENOUGH_MEMORY in source3/printing/
werror: replace WERR_NOMEM with WERR_NOT_ENOUGH_MEMORY in source3/registry/
werror: replace WERR_NOMEM with WERR_NOT_ENOUGH_MEMORY in source3/rpc_client/
werror: replace WERR_NOMEM with WERR_NOT_ENOUGH_MEMORY in source3/rpc_server/
werror: replace WERR_NOMEM with WERR_NOT_ENOUGH_MEMORY in source3/rpcclient/
werror: replace WERR_NOMEM with WERR_NOT_ENOUGH_MEMORY in source3/services/
werror: replace WERR_NOMEM with WERR_NOT_ENOUGH_MEMORY in source3/smbd/lanman.c
werror: replace WERR_NOMEM with WERR_NOT_ENOUGH_MEMORY in source3/utils/
werror: replace WERR_NOMEM with WERR_NOT_ENOUGH_MEMORY in source3/utils/
werror: replace WERR_NOMEM with WERR_NOT_ENOUGH_MEMORY in source3/winbindd/
werror: replace WERR_NOMEM with WERR_NOT_ENOUGH_MEMORY in source4/dns_server/
werror: replace WERR_NOMEM with WERR_NOT_ENOUGH_MEMORY in source4/dsdb/
werror: replace WERR_NOMEM with WERR_NOT_ENOUGH_MEMORY in source4/lib/registry/
werror: replace WERR_NOMEM with WERR_NOT_ENOUGH_MEMORY in source4/rpc_server/backupkey/
werror: replace WERR_NOMEM with WERR_NOT_ENOUGH_MEMORY in source4/rpc_server/
werror: replace WERR_NOMEM with WERR_NOT_ENOUGH_MEMORY in source4/torture/drs/unit/prefixmap_tests.c
werror: replace WERR_NOMEM with WERR_NOT_ENOUGH_MEMORY in source4/torture/rpc/spoolss.c
werror: removed WERR_NOMEM
werror: replace WERR_GENERAL_FAILURE with WERR_GEN_FAILURE in source3/lib/netapi/
werror: replace WERR_GENERAL_FAILURE with WERR_GEN_FAILURE in source3/libgpo/gpo_reg.c
werror: replace WERR_GENERAL_FAILURE with WERR_GEN_FAILURE in source3/libnet/libnet_join.c
werror: replace WERR_GENERAL_FAILURE with WERR_GEN_FAILURE in source3/libsmb/libsmb_dir.c
werror: replace WERR_GENERAL_FAILURE with WERR_GEN_FAILURE in source3/registry/reg_api_regf.c
werror: replace WERR_GENERAL_FAILURE with WERR_GEN_FAILURE in source3/rpc_client/init_spoolss.c
werror: replace WERR_GENERAL_FAILURE with WERR_GEN_FAILURE in source3/rpc_server/
werror: replace WERR_GENERAL_FAILURE with WERR_GEN_FAILURE in source3/rpcclient/
werror: replace WERR_GENERAL_FAILURE with WERR_GEN_FAILURE in source3/utils/
werror: replace WERR_GENERAL_FAILURE with WERR_GEN_FAILURE in source4/dsdb/common/util.c
werror: replace WERR_GENERAL_FAILURE with WERR_GEN_FAILURE in source4/lib/com/
werror: replace WERR_GENERAL_FAILURE with WERR_GEN_FAILURE in source4/lib/registry/
werror: replace WERR_GENERAL_FAILURE with WERR_GEN_FAILURE in source4/rpc_server/
werror: replace WERR_GENERAL_FAILURE with WERR_GEN_FAILURE in source4/torture/libnetapi/libnetapi.c
werror: removed WERR_GENERAL_FAILURE
werror: removed WERR_DEVICE_NOT_EXIST (unused, already known as WERR_DEV_NOT_EXIST 0x00000037)
werror: replace WERR_NO_SUCH_SHARE with WERR_BAD_NET_NAME in source3/printing/nt_printing.c
werror: replace WERR_NO_SUCH_SHARE with WERR_BAD_NET_NAME in source3/rpc_server/srvsvc/srv_srvsvc_nt.c
werror: removed WERR_NO_SUCH_SHARE
werror: replace WERR_INVALID_PARAM with WERR_INVALID_PARAMETER in libgpo/gpext/gpext.c
werror: replace WERR_INVALID_PARAM with WERR_INVALID_PARAMETER in librpc/idl/
werror: replace WERR_INVALID_PARAM with WERR_INVALID_PARAMETER in source3/lib/netapi/
werror: replace WERR_INVALID_PARAM with WERR_INVALID_PARAMETER in source3/libgpo/
werror: replace WERR_INVALID_PARAM with WERR_INVALID_PARAMETER in source3/libnet/libnet_join.c
werror: replace WERR_INVALID_PARAM with WERR_INVALID_PARAMETER in source3/printing/
werror: replace WERR_INVALID_PARAM with WERR_INVALID_PARAMETER in source3/registry/
werror: replace WERR_INVALID_PARAM with WERR_INVALID_PARAMETER in source3/rpc_client/
werror: replace WERR_INVALID_PARAM with WERR_INVALID_PARAMETER in source3/rpc_server/
werror: replace WERR_INVALID_PARAM with WERR_INVALID_PARAMETER in source3/rpcclient/
werror: replace WERR_INVALID_PARAM with WERR_INVALID_PARAMETER in source3/smbd/lanman.c
werror: replace WERR_INVALID_PARAM with WERR_INVALID_PARAMETER in source3/utils/
werror: replace WERR_INVALID_PARAM with WERR_INVALID_PARAMETER in source4/dns_server/
werror: replace WERR_INVALID_PARAM with WERR_INVALID_PARAMETER in source4/dsdb/
werror: replace WERR_INVALID_PARAM with WERR_INVALID_PARAMETER in source4/lib/registry/
werror: replace WERR_INVALID_PARAM with WERR_INVALID_PARAMETER in source4/lib/wmi/wbemdata.c
werror: replace WERR_INVALID_PARAM with WERR_INVALID_PARAMETER in source4/rpc_server/
werror: replace WERR_INVALID_PARAM with WERR_INVALID_PARAMETER in source4/torture/
werror: removed WERR_INVALID_PARAM
werror: replace WERR_REG_CORRUPT with WERR_REGISTRY_CORRUPT in source3/printing/nt_printing_ads.c
werror: replace WERR_REG_CORRUPT with WERR_REGISTRY_CORRUPT in source3/registry/reg_backend_db.c
werror: removed WERR_REG_CORRUPT
werror: replace WERR_REG_IO_FAILURE with WERR_REGISTRY_IO_FAILED in source3/registry/
werror: removed WERR_REG_IO_FAILURE
werror: replace WERR_REG_FILE_INVALID with WERR_NOT_REGISTRY_FILE in source3/registry/reg_api_regf.c
werror: removed WERR_REG_FILE_INVALID
werror: replace WERR_OBJECT_PATH_INVALID with WERR_BAD_PATHNAME in source3/registry/reg_api_regf.c
werror: replace WERR_OBJECT_PATH_INVALID with WERR_BAD_PATHNAME in source3/rpc_server/
werror: removed WERR_OBJECT_PATH_INVALID
werror: replace WERR_NO_SUCH_SERVICE with WERR_SERVICE_DOES_NOT_EXIST in source3/lib/netapi/serverinfo.c
werror: replace WERR_NO_SUCH_SERVICE with WERR_SERVICE_DOES_NOT_EXIST in source3/libnet/libnet_join.c
werror: replace WERR_NO_SUCH_SERVICE with WERR_SERVICE_DOES_NOT_EXIST in source3/rpc_server/svcctl/srv_svcctl_nt.c
werror: removed WERR_NO_SUCH_SERVICE
werror: removed WERR_USER_ALREADY_EXISTS (unused, already known as WERR_USER_EXISTS)
werror: removed WERR_USER_NOT_IN_GROUP (unused, already known as WERR_MEMBER_NOT_IN_GROUP)
werror: removed WERR_INVALID_SECURITY_DESCRIPTOR (unused, already known as WERR_INVALID_SECURITY_DESCR)
werror: replace WERR_SERVER_UNAVAILABLE with WERR_RPC_S_SERVER_UNAVAILABLE in source3/printing/nt_printing_ads.c
werror: replace WERR_SERVER_UNAVAILABLE with WERR_RPC_S_SERVER_UNAVAILABLE in source3/rpc_server/spoolss/srv_spoolss_nt.c
werror: removed WERR_SERVER_UNAVAILABLE
werror: removed WERR_BUF_TOO_SMALL (unused, already known as WERR_NERR_BUFTOOSMALL)
werror: removed WERR_ALREADY_SHARED (unused, already known as WERR_NERR_DUPLICATESHARE)
werror: removed WERR_JOB_NOT_FOUND (unused, already known as WERR_NERR_JOBNOTFOUND)
werror: replace WERR_DEST_NOT_FOUND with WERR_NERR_DESTNOTFOUND in source3/lib/netapi/cm.c
werror: removed WERR_DEST_NOT_FOUND
werror: replace WERR_GROUPNOTFOUND with WERR_NERR_GROUPNOTFOUND in source3/lib/netapi/group.c
werror: removed WERR_GROUPNOTFOUND
werror: replace WERR_USER_NOT_FOUND with WERR_NERR_USERNOTFOUND in source3/lib/netapi/group.c
werror: replace WERR_USER_NOT_FOUND with WERR_NERR_USERNOTFOUND in source3/smbd/lanman.c
werror: replace WERR_USER_NOT_FOUND with WERR_NERR_USERNOTFOUND in source4/torture/rap/sam.c
werror: removed WERR_USER_NOT_FOUND
werror: replace WERR_USEREXISTS with WERR_NERR_USEREXISTS in source4/torture/rap/sam.c
werror: removed WERR_USEREXISTS
werror: replace WERR_NOT_CONNECTED with WERR_NERR_USENOTFOUND in source4/torture/rpc/wkssvc.c
werror: removed WERR_NOT_CONNECTED
werror: removed WERR_NAME_NOT_FOUND (unused, already known as WERR_NERR_NAMENOTFOUND)
werror: replace WERR_NET_NAME_NOT_FOUND with WERR_NERR_NETNAMENOTFOUND in source3/rpc_server/srvsvc/srv_srvsvc_nt.c
werror: removed WERR_NET_NAME_NOT_FOUND
werror: removed WERR_SESSION_NOT_FOUND (unused, already known as WERR_NERR_CLIENTNAMENOTFOUND)
werror: replace WERR_DEVICE_NOT_SHARED with WERR_NERR_DEVICENOTSHARED in source4/rpc_server/srvsvc/dcesrv_srvsvc.c
werror: removed WERR_DEVICE_NOT_SHARED
werror: removed WERR_FID_NOT_FOUND (unused, already known as WERR_NERR_FILEIDNOTFOUND)
werror: removed WERR_NOT_LOCAL_DOMAIN (unused, already known as WERR_NERR_NOTLOCALDOMAIN)
werror: replace WERR_DCNOTFOUND with WERR_NERR_DCNOTFOUND in source3/libnet/libnet_join.c
werror: replace WERR_DCNOTFOUND with WERR_NERR_DCNOTFOUND in source3/utils/net_ads.c
werror: replace WERR_DCNOTFOUND with WERR_NERR_DCNOTFOUND in source4/rpc_server/netlogon/dcerpc_netlogon.c
werror: removed WERR_DCNOTFOUND
werror: removed WERR_TIME_DIFF_AT_DC (unused, already known as WERR_NERR_TIMEDIFFATDC)
werror: replace WERR_DFS_NO_SUCH_VOL with WERR_NERR_DFSNOSUCHVOLUME in source3/rpc_server/dfs/srv_dfs_nt.c
werror: removed WERR_DFS_NO_SUCH_VOL
werror: replace WERR_DFS_NO_SUCH_SHARE with WERR_NERR_DFSNOSUCHSHARE in source3/rpc_server/dfs/srv_dfs_nt.c
werror: removed WERR_DFS_NO_SUCH_SHARE
werror: replace WERR_DFS_NO_SUCH_SERVER with WERR_NERR_DFSNOSUCHSERVER in source3/rpc_server/dfs/srv_dfs_nt.c
werror: removed WERR_DFS_NO_SUCH_SERVER
werror: replace WERR_DFS_INTERNAL_ERROR with WERR_NERR_DFSINTERNALERROR in source3/rpc_server/dfs/srv_dfs_nt.c
werror: removed WERR_DFS_INTERNAL_ERROR
werror: replace WERR_DFS_CANT_CREATE_JUNCT with WERR_NERR_DFSCANTCREATEJUNCTIONPOINT in source3/rpc_server/dfs/srv_dfs_nt.c
werror: removed WERR_DFS_CANT_CREATE_JUNCT
werror: replace WERR_SETUP_ALREADY_JOINED with WERR_NERR_SETUPALREADYJOINED in source3/libnet/libnet_join.c
werror: replace WERR_SETUP_ALREADY_JOINED with WERR_NERR_SETUPALREADYJOINED in source4/torture/rpc/wkssvc.c
werror: removed WERR_SETUP_ALREADY_JOINED
werror: replace WERR_SETUP_NOT_JOINED with WERR_NERR_SETUPNOTJOINED in source3/lib/netapi/joindomain.c
werror: replace WERR_SETUP_NOT_JOINED with WERR_NERR_SETUPNOTJOINED in source3/libnet/libnet_join.c
werror: replace WERR_SETUP_NOT_JOINED with WERR_NERR_SETUPNOTJOINED in source3/utils/
werror: replace WERR_SETUP_NOT_JOINED with WERR_NERR_SETUPNOTJOINED in source4/torture/rpc/wkssvc.c
werror: removed WERR_SETUP_NOT_JOINED
werror: replace WERR_SETUP_DOMAIN_CONTROLLER with WERR_NERR_SETUPDOMAINCONTROLLER in source3/lib/netapi/joindomain.c
werror: replace WERR_SETUP_DOMAIN_CONTROLLER with WERR_NERR_SETUPDOMAINCONTROLLER in source3/libnet/libnet_join.c
werror: replace WERR_SETUP_DOMAIN_CONTROLLER with WERR_NERR_SETUPDOMAINCONTROLLER in source4/torture/rpc/wkssvc.c
werror: removed WERR_SETUP_DOMAIN_CONTROLLER
werror: replace WERR_DEFAULT_JOIN_REQUIRED with WERR_NERR_DEFAULTJOINREQUIRED in source3/lib/netapi/joindomain.c
werror: replace WERR_DEFAULT_JOIN_REQUIRED with WERR_NERR_DEFAULTJOINREQUIRED in source3/libnet/libnet_join.c
werror: removed WERR_DEFAULT_JOIN_REQUIRED
werror: removed WERR_FRS_INSUFFICIENT_PRIV (unused, already known as WERR_FRS_ERR_INSUFFICIENT_PRIV)
werror: removed WERR_FRS_SYSVOL_IS_BUSY (unused, already known as WERR_FRS_ERR_SYSVOL_IS_BUSY)
werror: replace WERR_FRS_INVALID_SERVICE_PARAMETER with WERR_FRS_ERR_INVALID_SERVICE_PARAMETER in source4/torture/rpc/frsapi.c
werror: removed WERR_FRS_INVALID_SERVICE_PARAMETER
werror: replace WERR_UNKNOWN_LEVEL with WERR_INVALID_LEVEL in source3/lib/netapi/
werror: replace WERR_UNKNOWN_LEVEL with WERR_INVALID_LEVEL in source3/printing/nt_printing.c
werror: replace WERR_UNKNOWN_LEVEL with WERR_INVALID_LEVEL in source3/rpc_server/
werror: replace WERR_UNKNOWN_LEVEL with WERR_INVALID_LEVEL in source3/rpcclient/cmd_spoolss.c
werror: replace WERR_UNKNOWN_LEVEL with WERR_INVALID_LEVEL in source4/rpc_server/
werror: replace WERR_UNKNOWN_LEVEL with WERR_INVALID_LEVEL in source4/torture/rpc/
werror: removed WERR_UNKNOWN_LEVEL
werror: removed WERR_SHUTDOWN_ALREADY_IN_PROGRESS (unused, already known as WERR_SHUTDOWN_IN_PROGRESS)
werror: use autogenerated error codes.
werror: remove two duplicate error mappings.
werror: replace WERR_CLASS_NOT_REGISTERED with HRES_REGDB_E_CLASSNOTREG
werror: remove WERR_SEC_E_ENCRYPT_FAILURE (there is HRES_SEC_E_ENCRYPT_FAILURE)
werror: replace WERR_SEC_E_DECRYPT_FAILURE with HRES_SEC_E_DECRYPT_FAILURE
werror: removed WERR_SEC_E_ALGORITHM_MISMATCH (unused, already known as HRES_SEC_E_ALGORITHM_MISMATCH)
werror: replace WERR_RPC_E_REMOTE_DISABLED with HRES_RPC_E_REMOTE_DISABLED
werror: removed WERR_RPC_E_REMOTE_DISABLED (replaced with HRES_RPC_E_REMOTE_DISABLED)
werror: removed WERR_RPC_E_INVALID_HEADER (unused, already known as HRES_RPC_E_INVALID_HEADER)
mit: make it possible to build with MIT kerberos and --picky-developer
autobuild: add system-mitkrb5 build environment.
s4-kdc: Fix Coverity ID #1373386 (Resource Leak)
s4-kdc: Fix Coverity ID #1373385 (OVERRUN)
librpc: support "packet" for packet level authentication in binding strings
s4-torture: test support for [packet] binding string option.
s4:librpc/rpc: add support for DCERPC_AUTH_LEVEL_PACKET
s3:cli_pipe: add support for DCERPC_AUTH_LEVEL_PACKET
s3-rpcclient: support [packet] in rpcclient binding strings.
s3-rpcclient: add packet auth level command
s3-waf: Create a wscript_build for the utils subdir
s3-waf: Add wscript_build for nmbd
s3-waf: Add winbindd to its own wscript_build file (already exists)
s3-rpcclient: allow to pass down interface and transport to epmmap command
s3-waf: Move spoolssd into its own subsystem
spoolss: Use correct values for secdesc and devmode pointers
s4-torture: add spoolss_SetPrinter ndr test to validate secdesc_ptr
s3-rpcclient: add object_uuid argument to cmd_epmapper_map()
s4-torture: Fix test_EnumPrinterDrivers for level 8 printer drivers.
s4-torture: add torture_rpc_connection_with_binding()
s4-torture: add IRemoteWinspool rpc testsuite.
s4-torture: add test for winspool_SyncRegisterForRemoteNotifications.
s4-torture: add test for winspool_SyncUnRegisterForRemoteNotifications.
s4-torture: add test for winspool_AsyncUploadPrinterDriverPackage
s4-torture: add test for winspool_AsyncEnumPrinters
s4-torture: add test for winspool_AsyncGetPrinterData
s4-torture: add test for spoolss vs. iremotewinspool context handles
s4-torture: add test for winspool_AsyncCorePrinterDriverInstalled
s4-torture: add test for winspool_AsyncDeletePrintDriverPackage
s4-torture: add test for winspool_AsyncGetPrinterDriverDirectory()
s3-spoolss: also set new os_major,minor,build values in printer info 0
s3-spoolss: set the defaults for os_version defines globally.
s4-torture: add test to compare PRINTER_INFO_STRESS version and OSVersion
s3-spoolss: use architecture in spoolss_MonitorInfo calls consistently
s4-torture: test valid environment in spoolss_EnumMonitors level 2.
s3-net: use SMB_SIGNING_DEFAULT in connect_to_service()
docs: fix funny typo in smb.conf manpage wrt Samba's FSRVP server.
s3-rpc_cli: Support the use of the object_uuid in rpc_cli interfaces
s3-rpcclient: Add rpcclient IRemoteWinspool commands
s3-rpcclient: Add AsyncCorePrinterDriverInstalled command
librpc: Introduce cab.idl
librpc: Add autogenerated checksum calculation for Cabinet files
librpc: Add autogenerated total cabinet size for Cabinet files
librpc: Add autogenerated file offset calculation for Cabinet files
librpc: Add ndr_cab_get_compression() for Cabinet compression evaluation
s4-torture: Introduce Cabinet ndr testsuite
s4-torture: Add a validation test for uncompressed Cabinet files
s4-torture: Add MSZIP compressed cabinet test
s4-torture: Add LZX compressed cabinet test
Hanno Böck (1):
cleanupdb: Fix a memory read error
Hemanth Thummala (2):
Mask general purpose signals for notifyd.
Fix memory leak in share mode locking.
Herwin Weststrate (1):
Added MSV1_0_ALLOW_MSVCHAPV2 flag to ntlm_auth
Ira Cooper (4):
lib:dlinklist: avoid -Wtautological-compare errors with gcc6
ldb:dlinklist: avoid -Wtautological-compare errors with gcc6
source3/wscript: Add support for disabling vfs_cephfs
buildscripts: Fix the regression with --without-acl-support.
Ivo De Decker (1):
Add build option for default smbpasswd location
Jeff Layton (2):
VFS: convert to using ceph_statx structures and functions, when available
vfs: ceph: convert to new DBG_* macros
Jeremy Allison (264):
CVE-2015-7560: s3: smbd: Add refuse_symlink() function that can be used to prevent operations on a symlink.
CVE-2015-7560: s3: smbd: Refuse to get an ACL from a POSIX file handle on a symlink.
CVE-2015-7560: s3: smbd: Refuse to set an ACL from a POSIX file handle on a symlink.
CVE-2015-7560: s3: smbd: Refuse to set a POSIX ACL on a symlink.
CVE-2015-7560: s3: smbd: Refuse to get a POSIX ACL on a symlink.
CVE-2015-7560: s3: smbd: Set return values early, allows removal of code duplication.
CVE-2015-7560: s3: smbd: Silently return no EA's available on a symlink.
CVE-2015-7560: s3: smbd: Refuse to set EA's on a symlink.
CVE-2015-7560: s3: libsmb: Rename cli_posix_getfaclXX() functions to cli_posix_getacl() as they operate on pathnames.
CVE-2015-7560: s3: libsmb: Add SMB1-only POSIX cli_posix_setacl() functions. Needed for tests.
CVE-2015-7560: s3: torture3: Add new POSIX-SYMLINK-ACL test.
CVE-2015-7560: s3: torture3: Add new POSIX-SYMLINK-EA test.
s3:lib. Add split_stream_filename() Not yet used.
s3:lib: Rewrite synthetic_smb_fname_split() to use split_stream_filename().
s3:lib: Remove the const SMB_STRUCT_STAT * parameter from synthetic_smb_fname_split().
s3:lib: Move internal lp_posix_pathnames() call out of utility function synthetic_smb_fname_split().
s3: smbd: Simplify logic inside rename_internals_fsp() part 1.
s3: smbd: Simplify logic inside rename_internals_fsp() part 2
s3: smbd: Remove the last lp_posix_pathnames() in the rename path.
s3:smbd: Fix build for vfs_aixacl2.c.
s3:smbd:vfs: Change smb_get_nt_acl_nfs4() to take a const struct smb_filename *.
s3:smbd:vfs: Change posix_get_nt_acl() from const char * to const struct smb_filename *.
s3:vfs: Change smbacl4_GetFileOwner() to take const struct smb_filename * from const char *.
s3: vfs: vfs_hpuxacl. refuse_symlink() means we can always use STAT here.
s3: vfs: vfs_solarisacl. refuse_symlink() means we can always use STAT here.
s3:vfs: vfs_streams_xattr.c - Remove duplicate code. This is exactly vfs_stat_smb_basename().
s3:vfs: vfs_streams_xattr.c: Change walk_xattr_streams() to const struct smb_filename * from const char *.
s3: smbd: Reformatting - remove unneeded const char *fname variable.
s3: smbd: Change canonicalize_ea_name() to take a const smb_filename * parameter from const char *.
s3:smbd: Change get_ea_list_from_file_path() to take a const smb_filename * parameter from const char *.
s3:smbd: Change get_ea_names_from_file() to take a const smb_filename * parameter from const char *.
s3:smbd: Change refuse_symlink() to take a const smb_filename * parameter from const char *.
s3:vfs: Change get_acl_blob() to take a const smb_filename * parameter from const char *.
s3: vfs: vfs_xattr_tdb - cleanup. Remove unneeded variable "path".
nsswitch: linux: Remove use of strcpy().
examples: Remove all uses of strcpy in examples (except for validchr.c).
lib:tdb: Remove use of strcpy in tdb test.
nsswitch: winbind_nss_aix: Remove all uses of strcpy.
nsswitch: winbind_nss_solaris.c: Remove unused macro containing strcpy.
s3:smbd: Fix build for vfs_afsacl.c.
s3: vfs: vfs_afsacl. refuse_symlink() means we can always use STAT here.
s3:smbd: Move lp_posix_pathnames() out of ea_list_has_invalid_name().
s3: smbd: Add uint32_t flags field to struct smb_filename.
s3: Filenames: Add uint32_t flags parameter to synthetic_smb_fname().
s3: vfs: Remove use of lp_posix_pathnames() below the VFS.
s3: posix_acls. Always use STAT, not LSTAT here.
s3: smbd: Remove unneeded lp_posix_pathnames() check in SMB2 create.
s3: smbd: Remove many common uses of lp_posix_pathnames().
s3: vfs: recycle. Remove use of vfs_stat_smb_basename().
s3: vfs: vfs_acl_tdb. Remove use of vfs_stat_smb_basename().
s3: smbd: Modify vfs_stat_smb_basename() to take a const struct smb_filename * instead of const char *.
s3: torture. Remove spurious lp_posix_pathnames() included by cut-and-paste error.
s3: smbd: DFS - Remove the last lp_posix_pathnames() from the SMB2/3 code paths.
s3: smbd: DFS: Pass uint32_t ucf_flags through into resolve_dfspath_wcard().
s3: smbd: DFS: Pass uint32_t ucf_flags through into dfs_redirect().
s3: smbd: DFS: Pass uint32_t ucf_flags through into unix_convert().
s3: vfs: Use the new VFS functions for setting and getting DOS attributes.
lib:replace: Missing semicolon on function definition.
s3: vfs: full_audit. Sort vfs fn list and add comments on missing entries.
s3: vfs: full_audit. Add missing get_dfs_referrals_fn().
s3: vfs: full_audit. Add missing fsctl_fn().
s3: vfs: full_audit. Add audit_file_fn().
s3: vfs: full_audit. Implement missing durable_XXX functions.
s3: vfs: Sort vfs function entries in vfs_time_audit.
s3: vfs: time_audit. Add missing get_dfs_referrals().
s3: vfs: time_audit. Add missing fsctl().
s3: vfs: time_audit: Add get/fget/set/fset dos_attributes functions.
s3: vfs: time_audit. Add missing audit_file().
s3: libsmb: Fix error where short name length was read as 2 bytes, should be 1.
CVE-2015-5370: s3:rpc_server: ensure that the message ordering doesn't violate the spec
lib: dns: Clean up allocated structure on error exit.
s3: locking: Rename xxx_windows_lock_ref_count to xxx_lock_ref_count.
s3: locking: Add some const.
s3: locking: Add a const struct lock_context * paramter to set_posix_lock_posix_flavour()
s3: locking: Convert on the wire behavior of POSIX (UNIX extensions) locks from process-associated locks to open file description locks.
s3: torture: Add POSIX-OFD-LOCK test.
s3: lib: Add 'int op' parameter to fcntl_getlock().
s3: VFS: Add bool use_ofd_locks member to struct files_struct.
s3: lib: util: Add map_process_lock_to_ofd_lock() utility function.
s3: VFS: Map process-associated lock operation to open file description lock operation.
s3: wscript: Add checks for open file description locks.
s3: libsmb: Add sync and async cli_posix_whoami().
s3: smbclient: Add posix_whoami command.
s3: docs: Add documentation for posix_whoami command in smbclient.
s3: auth: Move the declaration of struct dom_sid tmp_sid to function level scope.
s3: lib: ldap: Use struct sockaddr_storage to cope with IPv6.
lib: tevent: Use struct sockaddr_storage to cope with IPv6.
lib: Fix uninitialized read in msghdr_copy
s3: krb5: keytab - The done label can be jumped to with context == NULL.
s4: dns: Correctly check for talloc failure.
s4: libcli: Internal SMB1 pid is already stored as and uses 32-bits. Correct getpid() cast.
s3: libsmb: Widen the internal client smb1.pid to 32-bits as is used on the wire and in libcli/smb/smb1*.c
s3: torture: Add test that proves Win2k12 correctly returns pidlow and pidhigh in SMB1 requests.
s3: smbd: Remove unused 'req' argument from setup_readX_header()
s3: smbd: Make setup_readX_header() externally accessible
s3: smbd: Use common function setup_readX_header() in aio read code.
s3: smbd: In reply_read_and_X() SMB1 server is overwriting part of the 'reserved' zero fields with reply data length.
s4: torture: Added raw readX test to ensure 'reserved' fields are zero.
s3: libsmb: Correctly trim a trailing \\ character in cli_smb2_create_fnum_send() when passing a pathname to SMB2 create.
s3: tldap: Remove asynchronous calls to gensec_update_send()/_recv() as for the spnego backend they're synchronous anyway.
s3: tldap: Make tldap_gensec_bind_send()/tldap_gensec_bind_recv() static.
s3: tdb: On some platforms pthread_mutex_trylock() returns EBUSY not EDEADLK.
s4: ldb: Ignore case of "range" in sscanf as we've already checked for its presence.
lib: talloc: Rename talloc_XXX() internal functions that take a 'struct talloc_chunk *' to tc_XXX().
s3: smbd: Fix delete operations enumerating streams inside a file. This must always be done as a Windows operation.
s3: torture: Regression test case to specify exactly how UNIX extensions should act on files with streams.
s4: torture: Don't crash if connections fail and treeXX variables are left as NULL.
WHATSNEW. Add text for Open File Description (OFD) locks.
s3: smbd: vfs: Remove any stale xattr values during file/directory create in vfs_xattr_tdb()
s4: messaging: Remove bool auto_remove parameter from imessaging_init().
s4: tests: Skip drs tests.
s4: repl: Ensure all error paths in dreplsrv_op_pull_source_get_changes_trigger() are protected with tevent returns.
s3: libsmb: Protect cli_connect_nb_send() from being passed a NULL hostname and dest_ss.
libgpo: Correctly use the 'server' parameter after parsing it out of the GPO path.
smbd: oplock: Fixup debug messages inside remove_oplock().
smbd: oplock: Factor out internals of remove_oplock() into new remove_oplock_under_lock().
s3: oplock: Fix race condition when closing an oplocked file.
s3: vfs: shadow_copy2: Re-use an existing variable already set to the right value (p - name).
s3: vfs: shadow_copy2. Remove any trailing slash when stripping @GMT-YYYY... from the end of a path.
s3: vfs: shadow_copy2: Replace all uses of (p-name) with len_before_gmt.
s3: vfs: snapper: Add and use len_before_gmt, calculated as (p-name).
s3: vfs: snapper: Fix snapper_gmt_strip_snapshot() function to strip @GMT token identically to shadow_copy2.c:shadow_copy2_strip_snapshot()
s3: SMB1: Add missing FLAGS2 definitions from MS-SMB.
s3: libsmb: Add uint16_t additional_flags2 arg to cli_smb_send().
s3: libsmb: Add uint16_t addtional_flags2 to cli_trans_send().
s3: libsmb: Add uint16_t addtional_flags2 to cli_smb_req_create().
s3: libsmb: Add clistr_is_previous_version_path()
s3: libsmb: Plumb in additional_flags2 = FLAGS2_REPARSE_PATH to cli_setpathinfo_send().
s3: libsmb: Plumb in additional_flags2 = FLAGS2_REPARSE_PATH to cli_qpathinfo_send()
s3: libsmb: s3: libsmb: Plumb in additional_flags2 = FLAGS2_REPARSE_PATH to cli_rename_send().
s3: libsmb: s3: libsmb: Plumb in additional_flags2 = FLAGS2_REPARSE_PATH to cli_ntrename_internal_send().
s3: libsmb: s3: libsmb: Plumb in additional_flags2 = FLAGS2_REPARSE_PATH to cli_unlink_send().
s3: libsmb: s3: libsmb: Plumb in additional_flags2 = FLAGS2_REPARSE_PATH to cli_mkdir_send().
s3: libsmb: Plumb in additional_flags2 = FLAGS2_REPARSE_PATH to cli_rmdir_send()
s3: libsmb: Plumb in additional_flags2 = FLAGS2_REPARSE_PATH to cli_ntcreate1_send().
s3: libsmb: Plumb in additional_flags2 = FLAGS2_REPARSE_PATH to cli_nttrans_create_send().
s3: libsmb: Plumb in additional_flags2 = FLAGS2_REPARSE_PATH to cli_openx_create().
s3: libsmb: Plumb in additional_flags2 = FLAGS2_REPARSE_PATH to cli_getatr_send().
s3: libsmb: Plumb in additional_flags2 = FLAGS2_REPARSE_PATH to cli_setatr_send().
s3: libsmb: Plumb in additional_flags2 = FLAGS2_REPARSE_PATH to cli_chkpath_send().
s3: libsmb: Plumb in additional_flags2 = FLAGS2_REPARSE_PATH to cli_ctemp_send().
s3: libsmb: Make a comment note that cli_set_ea() needs some internal changes before cli_set_ea_path() can use previous path versions.
s3: libsmb: Plumb in additional_flags2 = FLAGS2_REPARSE_PATH to cli_list_trans_send().
s3: libsmb: Correctly set max_setup_size in FSCTL_GET_SHADOW_COPY_DATA nttrans ioctl.
s3: libsmb: Do some hardening in the receive processing of cli_shadow_copy_data_recv().
s3: smbclient: In order to get shadow copy data over SMB1 we must call cli_shadow_copy_data() twice.
s3: smbclient. Ensure we don't crash by freeing uninitialized *snapshots.
s3: libsmb: Correctly align create contexts in a create call.
s3: libsmb: Add return args to clistr_is_previous_version_path().
s3: libsmb: Add cli_smb2_shadow_copy_data() function that gets shadow copy info over SMB2.
s3: libsmb: Plumb new SMB2 shadow copy call into cli_shadow_copy_data().
s3: libsmb: Add the capability to find a @GMT- path in an SMB2 create and transform to a timewarp token.
s3: vfs: Fix compilation error on Solaris.
s3: modules: vfs_acl_common - Add Ralph's copyright.
s4-kdc: Remove obsolete kpasswdd heimdal implementation
lib: poll_funcs : poll_funcs_context_slot_find can select the wrong slot to replace.
s3: nmbd: Add fd, triggered elements to struct socket_attributes.
s3: nmbd: Ensure attrs array mirrors fd's array for dns.
s3: nmbd: Now attrs array mirrors fd's array use it in preference.
s3: nmbd: Add (currently unused) timeout and fd handlers.
s3: nmbd: Add a talloc_stackframe().
s3: nmbd: Change over to using tevent functions from direct poll.
s3: nmbd: Final changeover to stock tevent for nmbd.
s3: winbind: Remove dump_event_list() calls.
s3: server: s3_tevent_context_init() -> samba_tevent_context_init()
s3: events. Move events.c to util_event.c
s3: tidyup - move struct idle_event to util_event.h
s3: winbind: Make WBC_AUTH_USER_LEVEL_PAC prime the name2sid cache.
s3: auth: Use wbcAuthenticateUserEx to prime the caches.
s3: winbind: refresh_sequence_number is only ever called with 'false'.
s3: winbind: Trust name2sid mappings from the PAC.
s3: lib: messaging. Add function comments I needed to understand this code.
s3: winbind: Ensure we store name2sid with the correct cache sequence number.
s3: cldap: cldap_multi_netlogon_send() fails with one bad IPv6 address.
s3: libsmb: Fix cut and paste error using the wrong structure type.
s3: torture: vfstest. unlink cmd must be stream aware.
s3: vfs: Remove files/directories after the streams are deleted.
s3: selftest: Add test for orphan 'lost-XXX' directories in streams_depot.
s3: vfs: streams_depot. Use conn->connectpath not conn->cwd.
s3: lib - Fix formatting of unix_wild_match() sub-function to README.Coding standards.
s3: util: Remove unneeded strequal() call. Convert to simple character check.
s3: lib: Move from talloc_strdup then lower to strlower_talloc()
lib/util: Move unix_wild_match() from source3/lib/util to lib/util/
s3: lib: Change masked_match() from SMB_STRDUP macro to underlying smb_xstrdup function.
s3: lib: Use top level function strequal_m not the s3 strequal
s3: lib: Replace s3 strnequal with top level strncasecmp_m.
Move source3/lib/access.c to toplevel lib/util/access.c
lib: util: Add allow_access_nolog().
source4: Change to use lib/util/access functions.
s3/smbd: fix the last resort check that sets the file type attribute
librpc: cab: Integer wrap protection for ndr_count_cfdata().
librpc: cab: Fix ndr_size_cab_file() to detect integer wrap.
s3: libsmb: Setting the LIBSMBCLIENT_NO_CCACHE environment variable doesn't turn off credential cache use.
s3: smbd: rename - missing early error exit if source and destination prefixes are different.
s3: smbd: Make check_parent_access() available to rename code.
s3: smbd: Add missing permissions check on destination folder.
s3: torture: Regression test case for permissions check on rename.
lib: security: se_access_check() incorrectly processes owner rights (S-1-3-4) DENY ace entries
s3: torture: Adds regression test case for se_access_check() owner rights issue.
s3: ntlm_auth: Don't corrupt the output stream with debug messages.
s3: libsmb: Ensure SMB2 operations correctly set cli->raw_status.
s3: libsmb: Add cli_smb2_ftruncate(), plumb into cli_ftruncate().
s3: torture: Add test for cli_ftruncate calling cli_smb2_ftruncate.
winbind: Fix CID 1398534 Dereference before null check
s3: vfs: dirsort doesn't handle opendir of "." correctly.
s3: VFS: vfs_streams_xattr.c: Make streams_xattr_open() store the same path as streams_xattr_recheck().
s3: smbd: Correctly canonicalize any incoming shadow copy path.
s3: lib: Add canonicalize_absolute_path().
s3: lib: Fix two old, old bugs in set_conn_connectpath(), now in canonicalize_absolute_path().
s3: smbtorture: Add new local test LOCAL-CANONICALIZE-PATH
s3: smbd: Make set_conn_connectpath() call canonicalize_absolute_path().
s3: VFS: shadow_copy2: Correctly initialize timestamp and stripped variables.
s3: VFS: shadow_copy2: Ensure pathnames for parameters are correctly relative and terminated.
s3: VFS: shadow_copy2: Fix length comparison to ensure we don't overstep a length.
s3: VFS: shadow_copy2: Add two new variables to the private data. Not yet used.
s3: VFS: shadow_copy2: Add a wrapper function to call the original shadow_copy2_strip_snapshot().
s3: VFS: shadow_copy2: Change a parameter name.
s3: VFS: shadow_copy2: Add two currently unused functions to make pathnames absolute or relative to $cwd.
s3: VFS: shadow_copy2: Fix chdir to store off the needed private variables.
s3: VFS: Allow shadow_copy2_connectpath() to return the cached path derived from $cwd.
s3: VFS: Ensure shadow:format cannot contain a / path separator.
s3: VFS: Add utility function check_for_converted_path().
s3: VFS: shadow_copy2: Fix module to work with variable current working directory.
s3: VFS: shadow_copy2: Fix a memory leak in the connectpath function.
s3: VFS: shadow_copy2: Fix usage of saved_errno to only set errno on error.
s3: VFS: Don't allow symlink, link or rename on already converted paths.
s3: smbd: Don't loop infinitely on bad-symlink resolution.
s3: torture: Regression test for smbd trying to open an invalid symlink.
lib: talloc: Make it clear that talloc_get_size(NULL) returns 0.
s3:winbind: work around coverity false positive.
s3: smbd: Restart reading the incoming SMB2 fd when the send queue is drained.
CVE-2017-2619: s3: smbd: Create wrapper function for OpenDir in preparation for making robust.
CVE-2017-2619: s3: smbd: Opendir_internal() early return if SMB_VFS_OPENDIR failed.
CVE-2017-2619: s3: smbd: Create and use open_dir_safely(). Use from OpenDir().
CVE-2017-2619: s3: smbd: OpenDir_fsp() use early returns.
CVE-2017-2619: s3: smbd: OpenDir_fsp() - Fix memory leak on error.
CVE-2017-2619: s3: smbd: Move the reference counting and destructor setup to just before retuning success.
CVE-2017-2619: s3: smbd: Correctly fallback to open_dir_safely if FDOPENDIR not supported on system.
CVE-2017-2619: s3: smbd: Remove O_NOFOLLOW guards. We insist on O_NOFOLLOW existing.
CVE-2017-2619: s3: smbd: Move special handling of symlink errno's into a utility function.
CVE-2017-2619: s3: smbd: Add the core functions to prevent symlink open races.
CVE-2017-2619: s3: smbd: Use the new non_widelink_open() function.
s3: libgpo: Allow skipping GPO objects that don't have the expected LDAP attributes.
Fix for Solaris C compiler.
Changes to make the Solaris C compiler happy.
s3: locking: Move two leases functions into a new file.
s3: locking: Update oplock optimization for the leases era !
s3: smbd: Fix incorrect logic exposed by fix for the security bug 12496 (CVE-2017-2619).
s3: Test for CVE-2017-2619 regression with "follow symlinks = no".
s3: Fixup test for CVE-2017-2619 regression with "follow symlinks = no"
s3: smbd: Fix "follow symlink = no" regression part 2.
s3: smbd: Fix "follow symlink = no" regression part 2.
s3: Test for CVE-2017-2619 regression with "follow symlinks = no" - part 2
s3: smbd: Fix incorrect logic exposed by fix for the security bug 12496 (CVE-2017-2619).
s3: Test for CVE-2017-2619 regression with "follow symlinks = no".
s3: Fixup test for CVE-2017-2619 regression with "follow symlinks = no"
s3: smbd: Fix "follow symlink = no" regression part 2.
s3: smbd: Fix "follow symlink = no" regression part 2.
s3: Test for CVE-2017-2619 regression with "follow symlinks = no" - part 2
lib: debug: Avoid negative array access.
s3:lib: Fix incorrect logic in sys_broken_getgroups()
s3:smbd: Fix incorrect use of sys_getgroups()
s3: smbd: Fix open_files.idl to correctly ignore share_mode_lease *lease in share_mode_entry.
s3: VFS: Catia: Ensure path name is also converted.
Jim McDonough (1):
winbind: honor 'socket options' in winbind
John Mulligan (1):
docs: Improve description of "unix_primary_group" parameter in idmap_ad manpage
Jorge Schrauwen (1):
configure: Don't check for inotify on illumos
Jose A. Rivera (12):
ctdb-scripts: Avoid dividing by zero in memory calculation
ctdb-scripts: Various small fixes to example nfs-ganesha-callout
ctdb-scripts: Organize global variables in nfs_ganesha_callout
ctdb-scripts: Add register action to nfs-ganesha-callout
ctdb-scripts: Use D-Bus messages to trigger grace in nfs-ganesha-callout
ctdb-scripts: Cleanup service_check() in nfs-ganesha-callout
ctdb-scripts: Parametize symlink checking in nfs-ganesha-callout
ctdb-scripts: Add config options for use by clustered NFS
ctdb-scripts: Section off GPFS-specific functionality in nfs-ganesha-callout
ctdb-scripts: Add GlusterFS support to nfs-ganesha-callout
krb5_wrap: Fix build error when not using heimdal.
ctdb: Add new helper ctdb_etcd_lock
Jérémie Courrèges-Anglas (2):
Fix CHECK_CODE usage in atomics builtin detection
Provide fallback code for non-portable clearenv(3)
Karolin Seeger (40):
docs: Bump version up to 4.6.
WHATSNEW: Some small formal fixes.
VERSION: Bump version up to 4.6.0rc1.
VERSION: Diable git snapshots for the 4.6.0rc1 release.
WHATSNEW: Add release notes for Samba 4.6.0rc2.
VERSION: Disable git snapshots for the 4.2.0rc2 release.
VERSION: Bump version up to 4.6.0rc3...
WHATSNEW: Add release notes for Samba 4.6.0rc3.
VERSION: Disable git snapshots for the 4.6.0rc3 release.
VERSION: Bump version up to 4.6.0rc4...
WHATSNEW: Add link to known issues.
WHATSNEW: Fix obvious typo.
WHATSNEW: Add release notes for Samba 4.6.0rc4.
VERSION: Disable git snapshots for the 4.6.0rc4 release.
VERSION: Bump version up to 4.6.0rc5...
WHATSNEW: Add release notes for Samba 4.6.0.
WHATSNEW: Update release notes for Samba 4.6.0.
VERSION: Disable GIT_SNAPSHOTS for the 4.6.0 release.
VERSION: Bump version up to 4.6.1...
VERSION: Bump version up to 4.6.1...
WHATSNEW: Add release notes for Samba 4.6.1.
VERSION: Disable GIT_SNAPSHOTS for the 4.6.1 release.
Merge tag 'samba-4.6.1' into v4-6-test
VERSION: Bump version up to 4.6.2.
VERSION: Bump version up to 4.6.2.
VERSION: Re-enable GIT_SNAPSHOTS.
WHATSNEW: Add release notes for 4.6.2.
VERSION: Disable GIT_SNAPSHOTS for the 4.6.2 release.
Merge tag 'samba-4.6.2' into v4-6-test
VERSION: Bump version up to 4.6.3.
WHATSNEW: Add release notes for Samba 4.6.3.
VERSION: Bump version up to 4.6.4...
VERSION: Disable GIT_SNAPSHOTS for the 4.6.3 release.
VERSION: Bump version up to 4.6.4...
WHATSNEW: Add release notes for Samba 4.6.4.
VERSION: Disable GIT_SNAPSHOTS for the 4.6.4 release.
Merge tag 'samba-4.6.4' into v4-6-test
VERSION: Bump version up to 4.6.5.
WHATSNEW: Add release notes for Samba 4.6.5.
VERSION: Disable GIT_SNAPSHOTS for the 4.6.5 release.
Lorinczy Zsigmond (1):
lib: replace: snprintf - Fix length calculation for hex/octal 64-bit values.
Lukas Slebodnik (6):
tls: Fix warning Wunused-variable
tevent: remove shebang from tevent.py
lib replace: Fix detection of features
WAF: Fix detection of linker features
WAF: Fix detection os sysname ...
WAF: Fix detection of IPv6
Lumir Balhar (5):
python: samba.tests.credentials: Fix DeprecationWarning
python: samba.tests.credentials: Add tests
python: wscript_build: Prepare build environment for Python 3 porting
python: selftesthelpers: Add possibility for planning tests for
python: samba.subunit.run: Fix Python 3 compatibility.
Mantas Mikulėnas (1):
samr4: Use <SID=%s> in GetAliasMembership
Marc Muehlfeld (3):
man: Wrong option for parameter ldap ssl in smb.conf man page
Removed upgrading-samba4.txt
Replaced string "Samba 4" with "Samba AD"
Martin Schwenke (476):
ctdb-tests: Fix description of NFS tickle test
ctdb-tests: Fix CIFS tickle test
ctdb-tests: Re-indent and re-format some functions
ctdb-tests: Allow tcptickle_sniff_wait_show() to filter by MAC address
ctdb-tests: Add a new NFS tickle test for the releasing node
ctdb-doc: Drop outdated NEWS file
ctdb-tools: Drop "ctdb rebalanceip"
ctdb-tools: Drop "ctdb rebalancenode"
ctdb-recoverd: Drop use of DeferredRebalanceOnNodeAdd tunable
ctdb-tunables: Mark tunable DeferredRebalanceOnNodeAdd obsolete
ctdb-daemon: Validate length of new interface names
ctdb-daemon: Replace an unsafe strcpy(3) call
ctdb-util: Move rb_tree.c to ctdb-util
ctdb-tests: Link ctdb-util instead of including
ctdb-killtcp: Use the given event context directly
ctdb-killtcp: Determine the interface as soon as vnn is known
ctdb-killtcp: Avoid CTDB_NO_MEMORY()
ctdb-killtcp: Change struct ctdb_tcp_kill to store arbitrary destructor data
ctdb-killtcp: Factor out ctdb_killtcp()
ctdb-killtcp: Factor out killtcp code into separate file.
ctdb-killtcp: Avoid unnecessary dependency on lib/util/time.h
ctdb-killtcp: Simplify includes by using ctdb_sock_addr_to_string()
ctdb-killtcp: New helper ctdb_killtcp
ctdb-scripts: Add interface argument to kill_tcp_connections()
ctdb-scripts: Use ctdb_killtcp helper to kill connections
ctdb-tools: Drop "ctdb killtcp" command
ctdb-client: Drop killtcp client functions
ctdb-daemon: Remove implementation of CTDB_CONTROL_KILL_TCP
ctdb-protocol: Drop killtcp protocol support
ctdb-killtcp: Merge "common" killtcp code into helper
ctdb-killtcp: Drop check to see if capture socket can be read
ctdb-killtcp: Drop unnecessary casts
ctdb-killtcp: Don't send initial tickle ACK during setup
ctdb-killtcp: Set debug level via environment variable CTDB_DEBUGLEVEL
ctdb-killtcp: Clarify a debug message
ctdb-system: Return window size and RST bit when reading TCP packets
ctdb-killtcp: Filter out sent packets
ctdb-killtcp: Keep track of number of kill attempts and maximum allowed
ctdb-killtcp: Don't count attempts for individual connections
ctdb-killtcp: Store retry interval in killtcp structure
ctdb-killtcp: Send tickle ACKs in batches
ctdb-killtcp: Change default retry interval, batch size and attempts
ctdb-scripts: die() should output to stderr
ctdb-scripts: Drop hardcoded /sbin and /proc paths in LVS eventscript
ctdb-scripts: LVS eventscript error redirection improvements
ctdb-scripts: Drop "recovered" event from 91.lvs
ctdb-tests: Allow scope to be specified in "ip addr add" stub
ctdb-tests: Add loopback support for "ip link show" stub
ctdb-tests: Add 32-bit netmask support to "ip addr show" stub
ctdb-tests: Add ipvsadm test stub
ctdb-tests: LVS support for ctdb tool stub
ctdb-tests: Add unit tests for LVS eventscript
ctdb-scripts: LVS eventscript cleanups
ctdb-tools: Add new ctdb_lvs helper
ctdb-scripts: Move ctdb_get_ip_address() to functions file
ctdb-scripts: Call out to ctdb_lvs helper from 91.lvs
ctdb-scripts: Add monitoring of CTDB_LVS_PUBLIC_IFACE
ctdb-tool: Change ctdb lvs/lvsmaster CLI commands to use ctdb_lvs helper
ctdb-tools: Change ctdb CLI to have a single "lvs" command
ctdb-scripts: Simplify "ctdb lvs ..." output
ctdb-daemon: Drop --single-public-ip option and related code
ctdb-daemon: Drop --lvs option and support for CTDB_CAP_LVS
ctdb-daemon: Log a message when fork(2) fails
ctdb-scripts: Missing NFS thread count file should just produce warning
ctdb-scripts: Use ss instead of netstat for finding TCP connections
ctdb-tools: Remove simple uses of strcpy(3)
ctdb-tools: Fix a dangling reference to the LVS capability
ctdb-scripts: Improve error messages when using NFS service_check_cmd
ctdb-daemon: Move port filtering to server side when getting tickles
ctdb-ipalloc: Do ipreallocated even if no IP addresses can be allocated
ctdb-scripts: Fix incorrect comment
ctdb-scripts: Tweak NAT gateway list output format
ctdb-scripts: Drop node count from "ctdb natgw status" output
ctdb-tools: Add top-level "ctdb natgw" command
ctdb-tests: Make ctdb natgw tool tests cover all the desired outputs
ctdb-tools: Drop "ctdb natgwlist"
ctdb-tools: Drop onnode node specifications for recmaster/lvs/natgw
ctdb-build: ctdb-system depends on samba-util for debug
ctdb-recovery: Rename recovery lock functions and struct
ctdb-recovery: Use single char ASCII numbers for status from child
ctdb-recovery: Factor out new function set_recmode_handler()
ctdb-recovery: Use a configurable handler when testing cluster mutex
ctdb-recovery: Factor out reclock testing into ctdb_cluster_mutex()
ctdb-recovery: Add optional timeout argument to ctdb_cluster_mutex()
ctdb-tools: Simplify "ctdb getreclock" output
ctdb: Add new helper ctdb_mutex_fcntl_helper
ctdb-recovery: Switch ctdb_cluster_mutex() to use helper
ctdb-recovery: Kill cluster mutex helper with a signal that can be caught
ctdb-recovery: Reimplement ctdb_recovery_lock() using ctdb_cluster_mutex()
ctdb-recovery: Parse recovery lock setting
ctdb-recovery: Recovery lock setting can now include helper command
ctdb_recovery: ctdb_cluster_mutex() now takes an argstring argument
ctdb-recovery: Factor out setting of cluster mutex handler
ctdb-cluster-mutex: Factor out cluster mutex code
ctdb-recovery: Move recovery lock functions to recovery daemon code
ctdb-recovery: Move recovery lock latency updating to handler
ctdb-doc: Document cluster mutex helper API
ctdb-doc: Fix example NFS Ganesha recovery directory maintenance logic
ctdb-recover: Avoid duplicate deferred attach processing
ctdb-daemon: Don't use CTDB_SRVID_TAKEOVER_RUN_RESPONSE
ctdb-protocol: Drop unused CTDB_SRVID_TAKEOVER_RUN_RESPONSE
ctdb-recoverd: Drop unreachable code
ctdb-recoverd: Simplify return values when updating local flags
ctdb-recoverd: Call election when necessary in recovery master validation
ctdb-recoverd: Check that IP failover is active in IP verification
ctdb-recoverd: Skip known IP address checking when it is disabled
ctdb-recoverd: Clean up local IP verification
ctdb-recoverd: Fold IP allocation house-keeping into IP verification
ctdb-takeover: Drop ipreallocated fallback code
ctdb-takeover: PNN can be used to index into node map
ctdb-takeover: Takeover callback data doesn't need a node map
ctdb-takeover: New function takeover_callback_data_init()
ctdb-takeover: Use the takeover_run_fail_callback() in more cases
ctdb-takeover: Have the takeover fail callback log a message
ctdb-takeover: Send banning credit messages from fail callback
ctdb-takeover: Count takeover run failures
ctdb-takeover: Only apply banning credits to the worst offender
ctdb-takeover: Recovery daemon no longer passes fail callback
ctdb-takeover: Do not set node unhealthy when "takeip" fails
ctdb-recoverd: Drop explicit check to flag takeover run needed
ctdb-recoverd: Move takeover run checks after recover checks
ctdb-recoverd: Drop an unnecessary log message
ctdb-recoverd: Add early return in srvid_requests_reply()
ctdb-recoverd: Unify takeover run triggering code in main loop
ctdb-scripts: Support systemctl directly
ctdb-scripts: Drop unnecessary detect_init_style() call
ctdb-scripts: New functions ip_block() and ip_unblock()
ctdb-scripts: Rename get_iface_ip_maskbits_family() to get_iface_ip_maskbits()
ctdb-tests: Drop no-op functions and add an ip6tables stub
ctdb-scripts: Simplify ip_maskbits_iface()
ctdb-tests: Allow local daemons to be run under valgrind
ctdb-tests: Make sure empty override values are properly quoted
ctdb-common: Use correct macro for checking Ethernet hardware family
ctdb-tests: Replace "ctdb setrelock" test with "ctdb getreclock" test
ctdb-tool: Drop support for "ctdb setreclock" command
ctdb-recovery: Consistency check reclock in start recovery control
ctdb-recovery: Don't sync recovery lock across cluster
ctdb-recovery: Don't update recovery lock from daemon
ctdb-client: Remove support for SET_RECLOCK
ctdb-protocol: Drop support for SET_RECLOCK
ctdb-protocol: CTDB_CONTROL_SET_RECLOCK_FILE is obsolete
ctdb-daemon: Drop function ctdb_set_recovery_lock_file()
ctdb-daemon: Rename recovery lock file to just recovery lock
ctdb-recoverd: Don't expose internal cluster mutex status
ctdb-recoverd: Fix buggy function return on memory allocation failure
ctdb-cluster-mutex: Don't call the supplied hander more than once
ctdb-recoverd: No need to reset reclock handler
ctdb-cluster-mutex: Pass a talloc context to allocate the handle off
ctdb-recoverd: Recovery lock handle should be in recovery deamon context
ctdb-recoverd: Simplify reclock handler
ctdb-recovery: Wrap private data for reclock test callback
ctdb-cluster-mutex: Drop cluster_mutex_handler() ctdb and handle arguments
ctdb-cluster-mutex: ctdb_cluster_mutex() registers handler and private data
ctdb-cluster-mutex: Register an extra handler for when mutex is lost
ctdb-recoverd: Add handler for lost recovery lock
ctdb-recoverd: Release recovery lock on exit
ctdb-scripts: Move NFS callout-related code to functions file
ctdb-scripts: Add eventscript 06.nfs
torture: Add tests for trim_string()
lib/util: Optimise trim_string() to use a single memmove(3)
ctdb-tests: Remove unused tests from IP takeover test harness
ctdb-tests: Simplify read_ctdb_public_ip_info() using new function add_ip()
ctdb-tests: Don't bother setting all_ips
ctdb-tests: Drop all_ips argument from read_ctdb_public_ip_info()
ctdb-tests: Drop CTDB_TEST_MAX_IPS
ctdb-tests: read_ctdb_public_ip_info() reads all test input
ctdb-tests: Assign known and available arrays via pointers.
ctdb-tests: Build a node map instead of a hacky node flags array
ctdb-tests: Drop CTDB_TEST_MAX_NODES
ctdb-ipalloc: Move if-statement with broken condition
ctdb-ipalloc: Drop an unnecessary check
ctdb-ipalloc: Do not use node count or PNNs from CTDB context
ctdb-ipalloc: Drop a use of CTDB_NO_MEMORY_NULL()
ctdb-ipalloc: Drop remote IP verification
ctdb-recoverd: Drop code to change the IP assignment tree
ctdb-tools: Don't bother sending CTDB_SRVID_RECD_UPDATE_IP
ctdb-ipalloc: Drop code to update IP assignment tree
ctdb-ipalloc: Don't build a global IP tree
ctdb-ipalloc: Clean up reloading of remote public IPs
ctdb-ipalloc: Remove function ctdb_reload_remote_public_ips()
ctdb-ipalloc: New function ipalloc_set_public_ips()
ctdb-ipalloc: Move create_merged_ip_list() into ipalloc
ctdb-ipalloc: Drop known public IPs from IP allocation state
ctdb-ipalloc: New function ipalloc_can_host_ips()
ctdb-ipalloc: Fix buggy short-circuit when no IPs are available
ctdb-ipalloc: Make no_ip_failback a boolean
ctdb-ipalloc: Pass extra data to IP allocation state initialisation
ctdb-ipalloc: Move ipalloc state initialisation to ipalloc.c
ctdb-ipalloc: Switch set_ipflags_internal() to use a new-style node map
ctdb-ipalloc: Move set_ipflags_internal() to ipalloc
ctdb-ipalloc: ipalloc() returns public IP list
ctdb-ipalloc: IP allocation state is now an opaque structure
ctdb-tests: Drop use of CTDB context from takeover test
ctdb-tests: Allow takeover tests to be run under valgrind
ctdb-ipalloc: Drop implicit dependency on ctdb-common
ctdb-tests: Link to ctdb-ipalloc instead of using ctdbd_test.c
ctdb-scripts: Drop optional argument to nfs_check_services()
ctdb-scripts: Export CTDB_BASE in functions file
ctdb-scripts: Update script boilerplate to avoid shellcheck warnings
ctdb-scripts: Fix incorrect variable reference
ctdb-scripts: Fix incorrect variable reference
ctdb-scripts: Use globs instead of ls to list files
ctdb-scripts: Fix incorrect variable reference
ctdb-scripts: Quote some variable expansions
ctdb-client: Fix incorrect variable reference
ctdb-client: Fix access after free error
ctdb-tools: Avoid uninitialised memory access
ctdb-scripts: Fix a bug in counter checking
ctdb-tests: Add reclock event script tests
ctdb-tests: Add new vsftpd event script test
ctdb-tests: Add new httpd event script test
ctdb-tests: New event script test for corrupt TDB checking
ctdb-scripts: Drop use of ctdb_standard_event_handler()
ctdb-scripts: Event script indentation and whitespace cleanups
ctdb-scripts: Drop use of service_tcp_ports
ctdb-scripts: Drop use of ctdb_check_counter from httpd event script
ctdb-scripts: Drop use of ctdb_check_counter from reclock event script
ctdb-scripts: Drop use of ctdb_check_counter from vsftpd event script
ctdb-scripts: Drop function ctdb_check_counter()
ctdb-scripts: Avoid shellcheck warning SC2016 ($ in single quotes)
ctdb-scripts: Avoid shellcheck warnings SC2030, SC2031 (subshell variables)
ctdb-scripts: Avoid shellcheck warning SC2004 ($ in arithmetic)
ctdb-scripts: Avoid shellcheck warning SC2034 (unused variables)
ctdb-scripts: Avoid shellcheck warnings SC2046, SC2086 (double-quoting)
ctdb-scripts: Avoid shellcheck warning SC2154 (unassigned variables)
ctdb-scripts: Avoid shellcheck warning SC1004 (backslash in quotes)
ctdb-scripts: Avoid shellcheck warning SC2017 (arithmetic precision)
ctdb-scripts: Avoid shellcheck warning SC2002 (useless cat)
ctdb-scripts: Avoid shellcheck warnings SC2119, SC2120 (function arguments)
ctdb-scripts: Avoid shellcheck warning SC2015 (A && B || C)
ctdb-scripts: Avoid shellcheck warning SC2039 (type command)
ctdb-scripts: Avoid shellcheck warning SC2039 (echo -n)
ctdb-scripts: Avoid shellcheck warning SC2094 (read/write same file)
ctdb-scripts: Avoid shellcheck warning SC2039 (test -nt operator)
ctdb-scripts: Avoid shellcheck warning SC2039 (non-portable ulimit options)
ctdb-scripts: Avoid shellcheck warning SC2038 (find without -print0)
ctdb-scripts: Avoid shellcheck warning SC2012 (ls for file list)
ctdb-scripts: Avoid chellcheck warning SC2012 (ls for file list)
ctdb-scripts: Avoid shellcheck warning SC2059 ($ in printf format)
ctdb-scripts: Avoid shellcheck warning SC2155 (declare, assign)
ctdb-scripts: Avoid shellcheck warning SC2124 (string=array)
ctdb-scripts: Avoid shellcheck warning SC2006 (legacy `..`)
ctdb-tests: Add new test support script for script install paths
ctdb-tests: Add shellcheck test suite
ctdb-doc: Drop documentation for "ctdb setmonmode"
ctdb-doc: Drop documentation for "ctdb xpnn"
ctdb-doc: Update allowed debug levels to include "ERROR"
ctdb-doc: Document limitation of "ctdb reloadips"
ctdb-tests: Require setup_ctdbd() call in tool tests
ctdb-tests: Clean up temporary files in tool tests
ctdb-tests: Allow fake_ctdbd and tool to be run under valgrind in tool tests
ctdb-tests: Allow secondary tool commands to be tested
ctdb-tests: Have fake_ctdbd log request IDs
ctdb-tests: Error on invalid destnode in fake_ctdbd
ctdb-tests: Drop a "ctdb reloadnodes" tool test
ctdb-tests: Add "ctdb ifaces" tool test
ctdb-tests: Add "ctdb ping" tool test
ctdb-tests: Add "ctdb recmaster" tool tests
ctdb-tests: Add "ctdb uptime" tool test
ctdb-tests: Add "ctdb process-exists" tool test
ctdb-tools: Simplify "ctdb getpid" output format
ctdb-tests: Add "ctdb getpid" tool test
ctdb-tools: Simplify "ctdb pnn" output format
ctdb-tests: Add "ctdb pnn" tool test
ctdb-tools: Simplify "ctdb getdebug" output format
ctdb-tests: Add "ctdb setdebug" tool tests
ctdb-tests: Add "ctdb runstate" tool tests
ctdb-tests: Add "ctdb listvars/getvar/setvar" tool tests
ctdb-tests: Add "ctdb setifacelink" tool tests
ctdb-tools: Simplify "ctdb getmonmode" output format
ctdb-tests: Add "ctdb getmonmode/disablemonitor/enablemonitor" tool tests
ctdb-tests: Implement GET_RECLOCK_FILE control in fake_ctdbd
ctdb-tests: Add "ctdb getreclock" tool tests
ctdb-tests: Implement STOP_NODE and CONTINUE_NODE controls in fake_ctdbd
ctdb-tests: Implement TAKEOVER_RUN message in fake_ctdbd
ctdb-tests: Add "ctdb stop/continue" tool tests
ctdb-tests: Implement SET_BAN_STATE control in fake_ctdbd
ctdb-tests: Add "ctdb ban/unban" tool tests
ctdb-tests: Implement MODIFY_FLAGS control in fake_ctdbd
ctdb-tests: Add "ctdb disable/enable" tool tests
ctdb-tools: Simplify "ctdb getdbseqnum" output format
ctdb-tests: Implement database related controls in fake_ctdbd
ctdb-tests: Add database related tool tests
WHATSNEW: CTDB updates
ctdb-doc: Integrate ctdb_diagnostics man page into build
ctdb-doc: ctdb_diagnostics(1) tweaks and cross-references
ctdb-ipalloc: Use a cumulative timeout for takeover run stages
ctdb-daemon: Move CTDB VNN structure to IP takeover code
ctdb-daemon: Deletion of IPs is deferred until the next takeover run
ctdb-tests: Avoid division by zero in NFS eventscript unit test
ctdb-tests: Remove duplicate EOF terminators in some tool unit tests
ctdb-tests: Avoid portability issue in porting tests
ctdb-tests: Pretend not to ignore return from fgets()
ctdb-daemon: Fix CID 1364527/8/9: Null pointer dereferences (NULL_RETURNS)
ctdb-tests: Stop cross-talk between reclock tests
ctdb-common: Fix CID 1125553 Buffer not null terminated (BUFFER_SIZE_WARNING)
ctdb-common: Consistently use strlcpy() on interface names
ctdb-utils: Fix CID 1297451 Explicit null dereferenced (FORWARD_NULL)
ctdb-daemon: Fix CID 1363233 Resource leak (RESOURCE_LEAK)
ctdb-daemon: Fix CID 1363067 Resource leak (RESOURCE_LEAK)
ctdb-mutex: Fix CID 1359217 Resource leak (RESOURCE_LEAK)
ctdb-packaging: Move ctdb tests to libexec directory
ctdb-tests: Add --interactive/-i option to test options parsing code
ctdb-tests: Implement --interactive/-i option in message_ring
ctdb-tests: Clean up and rename simple message_ring test
ctdb-tests: Implement --interactive/-i option in fetch ring
ctdb-tests: Clean up and rename simple fetch_ring test
ctdb-tests: Implement --interactive/-i option in transaction_loop
ctdb-tests: Clean up and rename simple transaction_loop test
ctdb-tests: Clean up and rename simple transaction_loop recovery test
ctdb-tools: Add early return for empty connection list
ctdb-tools: "ctdb tickle" command should run without daemon
ctdb-doc: Document that "ctdb tickle" can now read from stdin
ctdb-mutex: Avoid corner case where helper is already reparented to init
ctdb-common: Fix CID 1363227 Resource leak (RESOURCE_LEAK)
ctdb-tests: Fix CID 1361816 Buffer not null terminated (BUFFER_SIZE_WARNING)
ctdb-common: Fix CID 1125581 Dereference after null check (FORWARD_NULL)
ctdb-common: Fix CID 1125583 Dereference after null check (FORWARD_NULL)
ctdb-common: Fix CID 1125585 Dereference after null check (FORWARD_NULL)
ctdb-daemon: Fix CID 1125627 Resource leak (RESOURCE_LEAK)
ctdb-daemon: Clean up SET_DB_PRIORITY/GET_DB_PRIORITY deprecation
ctdb-packaging: Stop RPM from renaming working config to ctdb.rpmsave
ctdb-daemon: Fix CID 1272855 Operands don't affect result
ctdb-daemon: Fix CID 1125575 Operands don't affect result
ctdb-daemon: Fix CID 1125574 Operands don't affect result
ctdb-tests: Update porting test to be more flexible about line numbers
ctdb-common: Fix CID 1362729 Unchecked return value from library
ctdb-common: Fix CID 1362728 Unchecked return value from library
ctdb-tcp: Fix CID 1362727 Unchecked return value from library
ctdb-tcp: Set file descriptor to -1 after close.
ctdb-daemon: Fix CID 1362726 Unchecked return value from library
ctdb-client: Fix CID 1362725 Unchecked return value from library
ctdb-client: Print error message before next syscall to avoid losing errno
ctdb-tcp: Fix CID 1362724 Unchecked return value from library
ctdb-daemon: Fix CID 1362723 Unchecked return value from library
ctdb-logging: Fix CID 1272823 Unchecked return value from library
ctdb-tools: Fix CID 1125618 String not null terminated (STRING_NULL)
ctdb-tools: Consistently use db_name
ctdb-common: Save errno before closing file to keep debug accurate
ctdb-daemon: Try to release IP address even if interface is unknown
ctdb-daemon: Do not update the VNN state on RELEASE_IP failure
ctdb-daemon: Do not copy address for RELEASE_IP message
ctdb-daemon: Factor out new function release_ip_post()
ctdb-daemon: Use release_ip_post() when releasing all IP addresses
ctdb-daemon: Drop special case handling for new IP already on interface
ctdb-scripts: Add early exit for redundant updateip
Revert "When adding an ip at runtime, it might not yet have an iface assigned to it, so ensure that the next takover_ip call will fall through to accept the ip and add it."
ctdb-daemon: Avoid referencing NULL pointer due to unknown old interface
ctdb-daemon: Fix takeover of incorrectly assigned public IP address
ctdb-recoverd: Don't directly release rogue IP addresses
ctdb-tests: Validate that unexpected IP on interface is properly released
ctdb-tests: Validate that TAKE_IP works with IP already on an interface
ctdb-ipalloc: Fix cumulative takeover timeout
ctdb-daemon: Rename takeover_callback_state -> release_ip_callback_state
ctdb-daemon: When releasing an IP, update PNN in callback
ctdb-tests: Drop function _ctdb_hack_options()
ctdb-tests: Drop attempts to pass arguments to ctdbd on (re)start
ctdb-tests: Move local daemon configuration creation into setup_ctdb()
ctdb-tests: Remove function daemons_start_1()
ctdb-tests: Reimplement daemons_stop() using ctdbd_wrapper
ctdb-daemon: Schedule running of callback if there are no event scripts
ctdb-daemon: Handle failure immediately, do housekeeping later
ctdb-daemon: Don't steal control structure before synchronous reply
ctdb-tests: Factor out function config_from_environment()
ctdb-tests: Conditionally use temporary config file for local daemons
ctdb-tests: Add a test to ensure that CTDB works with no eventscripts
ctdb-daemon: Drop use of strdup(3) and free(3) when releasing IP
ctdb-daemon: Move and improve public IP duplicate checking
ctdb-daemon: Replace some uses of CTDB_NO_MEMORY_FATAL()
ctdb-daemon: Consolidate interface checking with interface parsing
ctdb-daemon: Drop some uses of CTDB_NO_MEMORY{,_FATAL}()
ctdb-daemon: Move interface addition into interface parsing
ctdb-daemon: Change ctdb_add_local_iface() to return struct ctdb_interface
ctdb-daemon: Make vnn->iface a list of new struct vnn_interface
ctdb-daemon: Drop redundant uses of ctdb_find_iface()
ctdb-deamon: Rename vnn_has_interface_with_name() to vnn_has_interface()
ctdb-daemon: Use ctdb_find_iface() instead of duplicating logic
ctdb-daemon: Compare interface pointers instead of using strcmp(3)
ctdb-tools: CID 1125617 String not null terminated (STRING_NULL)
ctdb-tests: CID 1125635 Dereference null return value (NULL_RETURNS)
ctdb-tests: Allow "addtickle" and "deltickle" stubs to read from stdin
ctdb-scripts: Optimise update_tickles()
ctdb-scripts: Optimise tickle_tcp_connections()
ctdb-packaging: Fix systemd network dependency
ctdb-ipalloc: Store known public IPs in IP allocation state
ctdb-ipalloc: Whether IPs can be hosted need not depend on merged IP list
ctdb-ipalloc: Optimise check to see if IPs can be hosted
ctdb-ipalloc: Drop known_ips argument from merged IP list creation
ctdb-ipalloc: Move merged IP list creation to ipalloc()
ctdb-ipalloc: ipalloc_set_public_ips() can't fail
ctdb-tests: Factor out new local daemons functions ps_ctdbd
ctdb-tests: Add new public IP takeover no-op test
ctdb-tests: Fix typo in local daemons IPv6 setup
ctdb-tests: Produce clear errors for missing IPv6 node IP addresses
ctdb-daemon: Use PID file abstraction
ctdb-daemon: Bind to Unix domain socket after PID file creation
ctdb-daemon: Don't try to reopen TDB files
ctdb-daemon: Drop attempt to connect to Unix domain socket
ctdb-daemon: Log when removing stale Unix domain socket
ctdb-scripts: Dump stack traces of smbd processes after shutdown
ctdb-scripts: ctdbd_wrapper should never remove the PID file
ctdb-scripts: Drop backward compatibility from ctdbd_is_running()
ctdb-tests: Use bash locals for readability
ctdb-tests: Add a missing assert()
ctdb-packaging: Move CTDB tests to /usr/local/share/ctdb/tests/
ctdb-scripts: Strengthen check to see if ctdbd is running
ctdb-tests: Add tests for updated Debian style Samba start/stop
lib/util: Make sys_rw available to CTDB
ctdb-lock-helper: Drop include of ctdb_private.h
ctdb-common: Drop CTDB's copy of sys_read() and sys_write()
ctdb-daemon: Don't call ctdb_local_node_got_banned() on flag changes
ctdb-daemon: Exit early if there are trailing command-line arguments
ctdb-ipalloc: Optimise check to see if IP is available on a node
ctdb-tests: Use a separate directory for each local daemon
debug: Add minimalist D_* macros
ctdb-logging: Drop enum debug_level
ctdb-doc: Don't advertise numeric debug levels
ctdb-tests: Support symbolic debug level in takeover tests
ctdb-tests: Use symbolic debug levels in takeover tests
ctdb-tests: Use symbolic debug level for local daemons
ctdb-tests: Use symbolic debug levels in eventscript tests
ctdb-tests: Use symbolic debug levels in tool tests
ctdb-scripts: Update CTDB_SCRIPT_DEBUGLEVEL to be symbolic
ctdb-logging: Use Samba's debug levels
ctdb-scripts: Drop some tests for "reconfigure" event and monitor replay
ctdb-tests: Fix "ctdb reloadips" simple test
ctdb-protocol: Add generalised socket address comparison
ctdb-tests: Add unit test for protocol utilities
ctdb-tools: Fix sort order of "ctdb ip" output
ctdb-tools: Fix memory corruption in "ctdb ip -v"
ctdb-tools: Skip GET_PUBLIC_IP_INFO for unassigned addresses
ctdb-tools: Print PNN as int in "ctdb ip -v"
ctdb-tools: Don't trust non-hosting nodes in "ctdb ip all"
ctdb-protocol: Move CTDB_PUBLIC_IP_FLAGS_ONLY_AVAILABLE to protocol.h
ctdb-client: Add available-only option public IP fetching
ctdb-tests: Make fake_ctdbd use logging_init()
ctdb-tests: Allow FAKE_CTDBD_DEBUGLEVEL to be specified
ctdb-tests: Factor out reading of known public IP addresses
ctdb-tests: Add public IP state to fake_ctdbd
ctdb-tests: Factor out get_ctdb_iface_list()
ctdb-tests: Implement GET_PUBLIC_IP_INFO control in fake_ctdbd
ctdb-tests: Add tool tests for "ctdb ipinfo"
ctdb-tests: Implement GET_PUBLIC_IPS control in fake_ctdbd
ctdb-tests: Add tool tests for "ctdb ip"
ctdb-tests: Add RELEASE_IP control to fake_ctdbd
ctdb-tests: Add TAKEOVER_IP control to fake_ctdbd
ctdb-tests: Add IPREALLOCATED control to fake_ctdbd
ctdb-tests: Add faking of control failures/timeouts to fake_ctdbd
ctdb-docs: Document that tunables should be set the same on all nodes
ctdb-takeover: NoIPTakeover is global across cluster
ctdb-takeover: NoIPHostOnAllDisabled is global across cluster
ctdb-takeover: IPAllocAlgorithm replaces LCP2PublicIPs, DeterministicIPs
ctdb-takeover: Add takeover helper
ctdb-tests: New function unit_test_notrace()
ctdb-tests: Add tests for takeover helper
ctdb-recoverd: Generalise helper state, handler and launching
ctdb-recoverd: Integrate takeover helper
ctdb-takeover: Drop unused ctdb_takeover_run() and related code
ctdb-tests: Remove the python LCP2 simulation
WHATSNEW: CTDB updates
ctdb-takeover: Fix CID 1398169 Unchecked return value
ctdb-takeover: Clean up when exiting on error
ctdb-takeover: Handle case where there are no RELEASE_IPs to send
ctdb-tests: Add takeover helper tests with banned/disconnected nodes
ctdb-scripts: Fix remaining uses of "ctdb gratiousarp"
ctdb-scripts: Fix regression when cleaning up routing table IDs
ctdb-tests: Add "13.per_ip_routing shutdown" test
ctdb-scripts: Initialise CTDB_NFS_CALLOUT in statd-callout
ctdb-build: Add WAFLOCK magic to manpages target
ctdb-build: Fix RPM build
ctdb-logging: CID 1396883 Dereference null return value (NULL_RETURNS)
autobuild: Stop waf uninstall from removing test_tmpdir
ctdb-tools: Stop "ctdb nodestatus" from always showing all nodes
ctdb-tools: "ctdb nodestatus" should only display header for "all"
ctdb-tests: Add some extra tests for "ctdb nodestatus"
ctdb-common: Fix crash in logging initialisation
Mathieu Parent (2):
ctdb-scripts: Fix Debian init in samba eventscript
New upstream version 4.6.5+dfsg
Matthieu Patou (1):
s4:librpc/rpc: do not use stack allocated variables for async requests
Michael Adam (118):
smbd:smb2: remove an unnecessary !! cast.
smbd: enable multi-channel if 'server multi channel support = yes' in the config
s3:winbindd:idmap: add domain_has_idmap_config() helper function.
idmap_hash: rename be_init() --> idmap_hash_initialize()
idmap_hash: only allow the hash module for default idmap config.
smbd: fix use after free via conn->fsp_fi_cache
smbd:smb2: add a modify flag to dispatch table
smbd:smb2: add request_counters_updated to the smbd_smb2_request struct
smbd:smb2: implement channel sequence checks and request counters in dispatch
smbd:smb2: update outstanding request counters before sending a reply
smbd:smb2: add some asserts before decrementing the counters
torture:smb2: use assert, not warning in error case in durable-open.reopen1a
torture:smb2: fix crashes in smb2.durable-open.reopen1a test
torture:smb2: durable-open.reopen1a only needs one io struct
torture:smb2: for oplocks, durable reconnect works with different client guid
torture:smb2: add durable-open.reopen1a-lease
torture:smb2: use assert, not warning in error case in durable-v2-open.reopen1a
torture:smb2: fix crashes in smb2.durable-v2-open.reopen1a test
torture:smb2: get rid of supefluous io2 var in durable-v2-open.reopen1a
torture:smb2: for oplocks, durable reconnect works with different client-guid
torture:smb2: add durable-v2-open.reopen1a-lease
tevent:threads: fix -O3 error unused result of write
tevent:signal: fix -O3 error unused result of write
tevent:signal: fix -O3 error unused result of read
tevent:testsuite: fix O3 errors unused result for read
tevent:testsuite: fix O3 errors unused result of write
tdb:torture: fix -O3 error unused result code of read
tdb:torture: fix -O3 error unused result of write
debug: fix -O3 warning - unused return code of write()
lib: add sys_read_v - void variant of sys_read
lib: add sys_write_v - void variant of sys_write
s4:libcli:resolve: fix O3 error unused result of write
s4:registry:patchfile: fix O3 error unused result of write
s4:ntvfs: fix O3 error unused result of asprintf
s4:ntvfs: fix O3 error unused result of asprintf in svfs_file_utime
s4:ntvfs: fix O3 error unused result of asprintf in cifspsx_map_fileinfo
s4:ntvfs: fix O3 error unused result of asprintf in cifspsx_list_unix
s4:ntvfs: fix O3 error unused result of asprintf in cifspsx_file_utime()
s4:ntvfs: fix O3 error unused result of write error in nbench_log()
s4:regshell: fix O3 error unused result of asprintf in reg_complete_key()
s4:torture:basic: fix O3 error unused result of asprintf
s4:torture:basic:misc: fix O3 error unused result of asprintf
s4:torture:basic: fix O3 error unused result of write
s4:torture:basic:dir: fix O3 error unused result of asprintf
s4:torture:basic:delete: fix O3 error unused result of asprintf
s4:torture:rpc:samlogon: fix O3 error unused result of asprintf
s4:torture:nbench: fix O3 error unused result of asprintf
s4:client: fix O3 error unused result of of chdir and system
s3:samlogon_cache: fix O3 error unused result of truncate
s3:utils:log2pcaphex: fix O3 error unused result of fgets
s3:utils:log2pcaphex: fix O3 error uninitialized variable
s3:smbfilter: fix O3 error unused result of system()
s3:vfs:aio_fork: fix O3 error unused result of write
s3:vfs:preopen: fix O3 error unused result of write
examples:smbclient:testacl3: fix O3 error unused result from fgets
examples:smbclient:notify: fix O3 error unused result from fgets
examples:smbclient:statvfs: fix O3 error unused result of fgets
examples:smbclient:fstatvfs: fix O3 error unused result of fgets
examples:smbclient:read: fix O3 error unused result of fgets
examples:smbclient:write: fix O3 error unused result of fgets
autobuild: add a target samba-o3 that is built with -O3
autobuild: run the samba-o3 target by default
travis: run the samba-o3 target
s3:vfs: add 'kernel_share_modes_taken' to files_struct
smbd:close: only remove kernel share modes if they had been taken at open
notifyd: prevent NULL deref segfault in notifyd_peer_destructor
selftest: fix printf in cleanup_child()
selftest: improve misleading indentation in cleanup_child()
selftest: improve logic in cleanup_child() with early return
selftest: systematize formatting of if/elseif/else indentation in cleanup_child
ctdb:tcp: add missing spaces in debug message in ctdb_tcp_node_connect()
ctdb:banning: timedout->timed out in dbg messages in ctdb_ban_node_event()
ctdb:eventscript: timedout->timed out in ctdb_event_script_args()
ctdb:tests: timedout->timed out in 60.nfs.multi.004 test
ctdb:banning: Improve a debug message
ctdb:banning: Improve debug message in ctdb_ban_node_event()
ctdb: set the path to 'ctdb' in 'functions' in CTDB
ctdb: make sure scripts using $CTDB called by test find ctdb
ctdb: use properly configured ctdb in functions
ctdb: use properly configured ctdb in ctdbd_wrapper
ctdb: use properly configured ctdb in 00.ctdb
ctdb: use properly configured ctdb in 01.reclock
ctdb: use properly configured ctdb in 10.external
ctdb: use properly configured ctdb in 13.per_ip_routing
ctdb: use properly configured ctdb in 10.interfaces
ctdb: use properly configured ctdb in 70.iscsi
ctdb: use properly configured ctdb in 91.lvs
ctdb: use properly configured ctdb in 99.timeout
ctdb: use properly configured ctdb in statd-callout
ctdb: use properly configured ctdb in debug-hung-script.sh
libnet: only create local private krb5.conf if joining an AD domain
ctdb-daemon: make bool assignment more obvious
Revert "s3:libnet: accept empty realm for AD domains when only security=domain is set."
libnet: ignore realm setting for domain security joins to AD domains if 'winbind rpc only = true'
autobuild: Don't compare socket wrapper so_path for xc check
ctdb: fix autotest with socket-wrapper installed in the system
libsmb:namequery: fix typo in comment in get_dc_list()
selftest: check for winbind on 1-second basis
selftest: check for smbd on a 1-second basis.
libads: improve debug messages in sitename_fetch()
rpc_server: add mssing '#pragma GCC diagnostic push'
tevent: avoid -Wtautological-compare errors with gcc6
Revert "ldb:dlinklist: avoid -Wtautological-compare errors with gcc6"
Revert "tevent: avoid -Wtautological-compare errors with gcc6"
Revert "lib:dlinklist: avoid -Wtautological-compare errors with gcc6"
build: avoid -Wtautological-compare errors from gcc6+ by disabling it globally
passdb: remove a misleading comment from lookup_name_smbconf()
smbd: remove redundant comment (with typo) from token_contains_name()
s3:lib: fix a typo in comment for talloc_sub_basic()
idmap: don't generally forbid id==0 from idmap_unix_id_is_in_range()
idmap: centrally check that unix IDs returned by the idmap backends are in range
tevent: fix confused documentation
vfs:glusterfs: preallocate result for glfs_realpath
param: use early return in lp_canonicalize_parameter_with_value()
param: validate value in lp_canonicalize_parameter_with_value()
s3:vfs:shadow_copy2: fix quoting in debug messages
s3:vfs:shadow_copy2: fix the corner case if cwd=/ in make_relative_path
s3:vfs:shadow_copy2: fix corner case of "/@GMT-token" in shadow_copy2_strip_snapshot
Moritz Beller (1):
libcli: Remove code clone
Nikolai Kondrashov (1):
tevent: Clarify apparently useless conditions
Noel Power (37):
s3:libsmb: Fix illegal memory access after memory has been deleted.
s4:libnet: fix 'Syscall param writev(vector[...])' valgrind error
s4:torture:rpc: fix valgrind Syscall param writev(vector[...]) error
s4:torture:rpc: fix valgrind 'Syscall param writev(vector[...])' error
s4:torture:rpc: fix valgrind 'Syscall param writev(vector[...])' valgrind error
s4:lib:registry: fix 'Conditional jump or move' valgrind error.
s4:torture:basic fix 'Syscall param writev(vector[...])' valgrind error
s4:torture:basic: fix valgrind 'Syscall param writev(vector[...])' error
s4:torture:basic: fix valgrind 'Syscall param writev(vector[...])' error
s4:torture:basic: fix valgrind 'Syscall param writev(vector[...])' error.
s4:libcli: fix 'Conditional jump or move' valgrind error
s4:torture:basic: fix 'Syscall param writev(vector[...])' valgrind error
s4:torture:basic: fix 'Conditional jump or move ' valgrind error
s4:torture:raw: fix 'Syscall param writev(vector[...])' valgrind error
s4:torture:raw: fix 'Syscall param writev(vector[...])' valgrind error
s4:torture:raw: fix 'Syscall param writev(vector[...])' valgrind error
s4:torture:raw: fix 'use of uninitialised value of size 8' valgrind errors
s4:torture:raw: fix 'Conditional jump or move' valgrind error.
s4:torture:raw: fix 'Invalid read of size 1 & Conditional jump or move' errors.
s4:torture:smb2: fix Use of 'uninitialised value of size 8' valgrind error.
s4:torture:smb2: fix 'Use of uninitialised value of size 8' valgrind error.
s4:torture:smb2 fix 'Use of uninitialised value of size 8' valgrind error.
s4:torture:smb2: fix 'Use of uninitialised value of size 8' valgrind error.
s4:torture:smb2 fix 'Use of uninitialised value of size 8' valgrind error.
s4:torture:smb2: fix 'Use of uninitialised value of size 8' valgrind error
s4:torture:smb2: fix 'Use of uninitialised value of size 8' valgrind error.
s4:torture:smb2: fix 'Use of uninitialised value of size 8' valgrind error.
s4:torture:smb2: fix 'Use of uninitialised value of size 8' valgrind error.
s4:torture:smb2: fix 'Use of uninitialised value of size 8' valgrind error.
s4:torture:smb2: fix 'Use of uninitialised value of size 8' valgrind error.
s4:torture:libnet: fix 'Conditional jump or move' valgrind error
s4:torture:libnet: fix 'Syscall param writev(vector[...])' valgrind error
s4:torture:vfs: fix Invalid read of size 8 valgrind valgrind error (and segv)
fix Invalid read of size 8
Add a blackbox tests for id & getent to test domain at realm type credentials
s3/winbindd: using default domain with user at domain.com format fails
s3/client: obey 'disable netbios' smb.conf param, don't connect via NBT port.
Partha Sarathi (1):
Fix the smb2_setinfo to handle FS info types and FSQUOTA infolevel
Per Forlin (1):
s3: smbd: Correctly reflect back SMB_PIDHIGH to a client.
Peter C. Kelly (1):
Improve help wording for samba-tool domain provision as per https://lists.samba.org/archive/samba-technical/2016-April/113740.html
Peter Somogyi (1):
Add yet another error code when forking an smbd and ctdb is not there. We can see NT_STATUS_CONNECTION_REFUSED in the logs upon such a rare case.
Petr Cech (1):
LDB: Redudant test on NULL context remove
Petr Viktorin (1):
python: Add py3compat.h
Raghavendra Talur (2):
init: set core file size to unlimited by default
support volfile fetch from multiple glusterd nodes
Rajesh Joseph (7):
shadow_copy2: Fix shadow_copy2_posix_gmt_string return type
shadow_copy2: Add test cases to cover shadow:format
shadow_copy2: create structure to store module specific information
shadow_copy2: allow configurable prefix for snapshot name
shadow_copy2: Add test case for snapprefix and delimiter
shadow_copy2: update man pages for the newly introduced options
shadow_copy2: Fix error handling in shadow_copy2_get_shadow_copy_data
Ralph Boehme (244):
testparm: vfs_fruit checks
docs: update vfs_fruit manpage
s3:mdssvc: older glib2 versions require g_type_init()
tdb: avoid a race condition when checking for robust mutexes
CVE-2016-2114: libcli/smb: let mandatory signing imply allowed signing
CVE-2016-2114: s3:smbd: enforce "server signing = mandatory"
CVE-2016-2115: s3:libsmb: add signing constant SMB_SIGNING_IPC_DEFAULT
CVE-2016-2115: net: use SMB_SIGNING_IPC_DEFAULT
CVE-2016-2115: s3:lib/netapi: use SMB_SIGNING_IPC_DEFAULT
CVE-2016-2115: s3:auth_domain: use SMB_SIGNING_IPC_DEFAULT
CVE-2016-2115: s3:libnet: use SMB_SIGNING_IPC_DEFAULT
CVE-2016-2115: s3:libsmb: use SMB_SIGNING_IPC_DEFAULT and lp_client_ipc_{min,max}_protocol()
cleanupd: restart as needed
krb5_wrap: add enctype arg to smb_krb5_kt_seek_and_delete_old_entries()
krb5_wrap: fix keep_old_entries logic in smb_krb5_kt_seek_and_delete_old_entries()
s4/libnet: fix exporting to keytab by SPN
s4: add a minimal ktutil for selftest
selftest/samba4.blackbox.export.keytab: use spn based on fqdn
selftest/samba4.blackbox.export.keytab: check exported keytabs
s4/heimdal: allow SPNs in AS-REQ
selftest/samba4.blackbox.export.keytab: check AS-REQ with SPN
s3/rpc_server: mdssvc: suppress compiler warnings from glib headers
winbindd: check if dcinfo from genache is expired
s3/lib: rework get_remote_arch_str() to use an array
s3/lib: add get_remote_arch_from_str()
s3/lib: add remote arch caching
smbd: use remote arch caching
s3:libnet:libnet_join: add netbios aliases as SPNs
vfs_fruit: add an option that allows disabling POSIX rename behaviour
talloc: rename local timeval function copies
winbindd: log domain name of failures to get trustdoms
winbindd: prevent log spam when enumerating users
librpc/ndr: add flag LIBNDR_FLAG_NO_COMPRESSION
librpc/dns: don't compress strings in TKEY and TSIG responses
librpc/dns: remove original_id from dns_fake_tsig_rec
s4/dns_server: include request MAC in TSIG response MAC calculation
s4/dns_server: split out function that does the MAC computation
s4/dns_server: not finding the key here is a fatal error
s4/dns_server: ensure we store the key name in error code paths
s4/dns_server: error codes for failing MAC verification in TSIG requests
s4/dns_server: don't compute TSIG MAC in TSIG error records
s4/dns_server: prepare sending correct error responses for dns_verify_tsig() errors
s4/dns_server: enable sending of TSIG error records
selftest: add test for DNS updates with TKEY/TSIG
selftest: Kerberos auth with netbios alias SPNs
selftest: make samba3.blackbox.smbclient_tar as flapping
s3/smbd: add helper func dos_mode_from_name()
s3/smbd: call dos_mode_from_name after SMB_VFS_GET_DOS_ATTRIBUTES()
s3/smbd: move check for "hide files" to dos_mode_from_name()
s3/smbd: only use stored dos attributes for open_match_attributes() check
s4/torture: add a test for dosmode and hidden files
winbindd/idmap_rfc2307: fix a crash
winbindd: in wb_lookupsids return domain name if we have it
selftest: make autorid the default idmap backend in admember_rfc2307
selftest: test idmap backend id allocation for unknown SIDS
smbd/cleanupd: use smbd_reinit_after_fork()
smbd/notifyd: use smbd_reinit_after_fork()
s3-rpc_server/mdssd: use smbd_reinit_after_fork()
ctdbd_conn: split ctdbd_init_connection()
ctdbd_conn: add ctdbd_reinit_connection()
s3-messaging/ctdb: split messaging_ctdbd_init()
s3-messaging/ctdb: add messaging_ctdbd_reinit()
s3-messaging: use messaging_ctdbd_reinit() in messaging_reinit()
s3/smbd: move make_default_filesystem_acl() to vfs_acl_common.c
vfs_acl_xattr: objects without NT ACL xattr
WHATSNEW: SMB 2.1 leases enabled by default
s3/lib: add smbd_cleanupd.tdb
s3/smbd: add cleanupd_init_send()/recv()
s3/cleanupd: use smbd_cleanupd.tdb
s3/notifyd: add async send/recv functions
async_req: make async_connect_send() "reentrant"
smbd: ignore ctdb tombstone records in fetch_share_mode_unlocked_parser()
s4/torture: add a test for ctdb-tombstrone-record deadlock
dbwrap_ctdb: treat empty records in ltdb as non-existing
s3/rpc_server: shared rpc modules directory may not exist
Revert "vfs_acl_xattr: objects without NT ACL xattr"
vfs_acl_common: rename psd to psd_blob in get_nt_acl_internal()
vfs_acl_common: rename pdesc_next to psd_fs
vfs_acl_common: remove redundant NULL assignment
vfs_acl_common: simplify ACL logic, cleanup and talloc hierarchy
vfs_acl_common: move the ACL blob validation to a helper function
vfs_acl_tdb|xattr: use a config handle
vfs_acl_common: move stat stuff to a helper function
vfs_acl_common: check for ignore_system_acls before fetching filesystem ACL
vfs_acl_xattr|tdb: add option to control default ACL style
vfs_acl_common: Windows style default ACL
s4/torture: tests for vfs_acl_xattr default ACL styles
vfs_acl_common: use DBG_LEVEL and remove function prefixes in DEBUG statements
docs: document vfs_acl_xattr|tdb enforced settings
vfs_acl_xattr|tdb: enforced settings when ignore system acls=yes
s3/smbd: in call_trans2qfilepathinfo call lstat when dealing with posix pathnames
s3/smbd: use stat from smb_fname if valid in refuse_symlink()
s4/messaging: messaging_dgm_ref talloc hierarchy fix
unix_msg: modify find_send_queue() to take a struct sockaddr_un
unix_msg: Return errno from find_send_queue
messaging: Call messaging_dgm_send under become_root only if necessary
unix_msg: add flag to prepare_socket_nonblock()
unix_msg: introduce send queue caching
unix_msg: always create a send queue for a peer
unix_msg: add a test for dgram socket caching
s3/smbd: set FILE_ATTRIBUTE_DIRECTORY as necessary
s3/smbd: remove a misleading error message
lib/poll_funcs: free timers in poll_funcs_state_destructor()
lib/poll_funcs: free contexts in poll_funcs_state_destructor()
s4/messaging: let the imessaging ctx destructor free msg_dgm_ref
s3/smbd: use correct talloc memory context for tevent subrequests
docs/vfs_fruit: explain when to use vfs_catia
s3/vfs/nfs4_acls: avoid a stat
s3/vfs: merge offline functionality into DOS attributes handling
s3/vfs: remove now unused is_offline/set_offline VFS functions
s3/vfs: tsmsm: add missing ;
s3/vfs: gpfs: adapt vfs_gpfs_is_offline() to changes from 3031815f982e365be50148564d47d7d5afab46e0
vfs_fruit: fix fruit:resource option spelling
WHATSNEW: document fruit:resource option spelling issue
manpages/vfs_fruit: add warning to fruit:resoure=stream
vfs_gpfs: update btime in vfs_gpfs_(f)get_dos_attributes
vfs_gpfs: remove updating btime from stat VFS calls
vfs_gpfs: simplify stat_with_capability() ifdef
ctdbd_conn: fix a resource leak
ctdbd_conn: remove unused fde from struct ctdbd_connection
s3/rpc_server: shared rpc modules loading
s3/smbd: ensure global "smb encrypt = off" is effective for SMB 1 clients
s3/smbd: ensure global "smb encrypt = off" is effective for SMB 3.1.1 clients
s3/smbd: ensure global "smb encrypt = off" is effective for share with "smb encrypt = desired"
docs: impact of a global "smb encrypt=off" on a share with "smb encrypt=required"
selftest: disable SMB encryption in simpleserver environment
selftest: add test for global "smb encrypt=off"
s3/rpc_server: move rpc_modules.c to its own subsystem
vfs_fruit: checks wrong AAPL config state and so always uses readdirattr
vfs_fruit: correct Netatalk metadata xattr on FreeBSD
vfs_fruit: cleanup metadata and resource xattr name defines
vfs_fruit: fix resource fork xattr name
lib/replace: validate xattr namespace prefix on FreeBSD
s3/util: mvxattr, a tool to rename extended attributes
WHATSNEW: vfs_fruit metadata xattr name on *BSD and mvxattr
selftest: also run test base.createx_access against ad_dc
s3/smbd: check for invalid access_mask smbd_calculate_access_mask()
s3/rpc_server/mdssvc: add attribute "kMDItemContentType"
vfs_streams_xattr: use fsp, not base_fsp
selftest: don't run vfs_fruit tests against ad_dc env
s3/includes: add FinderInfo offset define to MacExtensions.h
vfs_streams_xattr: call SMB_VFS_OPEN with smb_fname_base
vfs_streams_xattr: use SMB_VFS_NEXT_OPEN and CLOSE
vfs_catia: run translation on all handle based VFS functions
vfs_catia: add catia_readdir_attr
vfs_catia: add catia_(g|s)et_dos_attributes
vfs_fruit: fix fruit_pread with metadata=stream
vfs_fruit: fix fruit_ftruncate with metadata=stream
vfs_fruit: rename empty_finderinfo() and make it more robust
vfs_fruit: fix fruit_pwrite() with metadata=stream
vfs_fruit: replace unsafe ad_entry macro with a function
vfs_fruit: refactor fruit_open_meta()
vfs_fruit: correct fruit_open_meta_stream() implementation
vfs_fruit: refactor fruit_stat_meta()
vfs_fruit: correct fruit_stat_meta_stream() implementation
vfs_fruit: update_btime() is only needed for metadata=netatalk
vfs_fruit: refactor readdir_attr_meta()
vfs_fruit: correct readdir_attr_meta_finderi_stream() implementation
vfs_fruit: fix fruit_rename() for the fruit:resource!=file case
vfs_fruit: refactor fruit_unlink()
vfs_fruit: fix fruit_chmod() for the fruit:resource!=file case
vfs_fruit: fix fruit_chown() for the fruit:resource!=file case
vfs_fruit: fix fruit_rmdir() for the fruit:resource!=file case
vfs_fruit: in fruit_rmdir() check ._ files before deleting them
vfs_fruit: refactor fruit_open_rsrc()
vfs_fruit: refactor fruit_stat_rsrc()
vfs_fruit: add fruit_stat_rsrc_stream() implementation
vfs_fruit: add fruit_stat_rsrc_xattr() implementation
vfs_fruit: refactor fruit_streaminfo()
vfs_fruit: fix fruit_ntimes() for the fruit:metadata!=netatalk case
vfs_fruit: refactor fruit_ftruncate() and fix stream case
vfs_fruit: refactor readdir_attr_macmeta() resource fork size
vfs_fruit: use SMB_VFS_NEXT_OPEN in two places
vfs_fruit: remove base_fsp name translation
vfs_fruit: fix fruit_check_access()
selftest: disable vfs_fruit tests
vfs_fruit: rework struct adouble API
vfs_fruit: refactor fruit_open and use new adouble API
vfs_fruit: refactor fruit_pread and fruit_pwrite and use new adouble API
vfs_fruit: refactor fruit_fstat and use new adouble API
vfs_fruit: use fio in fruit_fallocate
vfs_fruit: refactor fruit_ftruncate and use new adouble API
selftest: reenable vfs_fruit tests
selftest: move vfs_fruit tests that require "fruit:metadata=netatalk" to vfs.fruit_netatalk
selftest: run vfs_fruit tests against share with fruit:metadata=stream
selftest: also run vfs_fruit tests with streams_depot
selftest: add description to vfs_fruit testsuites
s4/torture: vfs_fruit: add test_null_afpinfo test
s4/torture: vfs_fruit: test deleting a file with resource fork
s4/torture: add a vfs_fruit renaming test with open rsrc fork
lib/torture: add torture_assert_mem_equal_goto
s4/torture: add test for AAPL find with name with illegal NTFS characters
docs/vfs_fruit: document known limitations with fruit:encoding=native
s4/torture: change shares in used torture_suite_add_2ns_smb2_test()
selftest: add shares without vfs_fruit for the vfs_fruit tests
vfs_fruit: ignore or delete invalid AFP_AfpInfo streams
s4/torture: vfs_fruit: test invalid AFPINFO_STREAM_NAME
vfs_fruit: use stat info from base_fsp
s4/torture: vfs_fruit: add stream with illegal ntfs characters to copyile test
vfs_fruit: only veto AppleDouble files with fruit:resource=file
vfs_fruit: enabling AAPL extensions must be a global switch
lib/pthreadpool: fix a memory leak
s3/wscript: fix Linux kernel oplock detection
s3/smbd: add const to get_lease_type() args
s3/smbd: add comments and some reformatting to open_file_ntcreate()
s3/smbd: req is already validated at the beginning of open_file_ntcreate()
s3/smbd: simplify defer_open()
s3/smbd: add and use retry_open() instead of defer_open() in two places
s3/smbd: fix schedule_async_open() timer
s3/smbd: remove async_open arg from defer_open()
s3/smbd: all callers of defer_open() pass a lck
s3/smbd: fix deferred open with streams and kernel oplocks
s3/selftest: adopt config.h check from source4
s4/torture: some tests for kernel oplocks
manpages/vfs_fruit: document global options
CVE-2017-2619: s3/smbd: re-open directory after dptr_CloseDir()
CVE-2017-2619: s4/torture: add SMB2_FIND tests with SMB2_CONTINUE_FLAG_REOPEN flag
vfs_fruit: resource fork open request with flags=O_CREAT|O_RDONLY
s4/torture: vfs_fruit: test for bug 12565
winbindd: use correct domain name for failed lookupsids
winbindd: remove unused single_domains array
selftest: new environment "ad_member_idmap_rid"
selftest: tests idmap mapping with idmap_rid
winbindd: use passdb backend for well-known SIDs
selftest: wbinfo -s tests for wellknown SIDs
selftest: wbinfo --sids-to-unix-ids tests for wellknown SIDs
winbindd: explicit check for well-known SIDs in wb_lookupsids_bulk()
selftest: fix for wbinfo -s tests for wellknown SIDs
s3/include: add NT_STATUS_LOOKUP_ERR
s3/rpc_client: use NT_STATUS_LOOKUP_ERR
s3/rpc_client: lookupsids error handling of NT_STATUS_NONE_MAPPED
winbindd: error handling in rpc_lookup_sids()
winbindd: trigger possible passdb_dsdb initialisation
vfs_acl_xattr|tdb: ensure create mask is at least 0666 if ignore_system_acls is set
winbindd: handling of SIDs without domain reference in wb_sids2xids_lookupsids_done()
winbindd: only use the domain name from lookup sids if the domain matches
vfs_fruit: lp_case_sensitive() does not return a bool
s3/locking: add const to fsp_lease_type
s3/locking: helper functions for lease types
s3/smbd: update exclusive oplock optimisation to the lease area
s3/smbd: update exclusive oplock optimisation to the lease area
s3/locking: make find_share_mode_entry public
s3/smbd: fix exclusive lease optimisation
s4/torture: test for bug 12798
Ralph Wuerthner (4):
ctdb-conn: add missing variable initialization
net conf: fix error message
param: add lp_parameter_value_is_valid() function
param: fix lp_parameter_value_is_valid() for parametric options
Richard Sharpe (10):
Fix an obvious error where we were converting a UNIX error to an NT STATUS but not returning it.
s3: vfs: Add VFS functions for setting and getting DOS attributes.
Fixes an obvious copy-paste error in source3/utils/net_dns.c
Refactor the dns_open_connection code so that duplicate code is removed and ensure that EINTR is handled in the UDP path.
selfttest: add common_test_fns.inc
s3: net: Return an error when no name servers were returned by the lookup so that we see an error in self test.
s3/net: print returned addresses in dns gethostbyname
source4/scripting: add an option to samba_dnsupdate to add ns records.
s4/selftests: test net ads dns register/unregister.
testprogs/blackbox: Improve the net ads dns register tests.
Robin Hack (7):
samba3.blackbox.smbclient_auth.plain: Add new regression test case.
ctdb-tests: Fix CID 1358704 use of "=" where "==" may have been intended
talloc/testsuite: Fix CID 1291641 - Logically dead code
lib/http/http_auth: Fix CID 1273428 - Unchecked return value
dcesrv_backupkey_heimdal: Fix CID 1321647 - Unchecked return value
ldb-samba/ldb_matching_rules: Fix CID 1349424 - Uninitialized pointer read
winbindd/idmap_rfc2307: Fix CID 1273424 - Read from pointer after free
Robin McCorkell (1):
Correctly set cli->raw_status for libsmbclient in SMB2 code
Rowland Penny (7):
Bug 11818 : obvious missing word When trying to demote a dc, 'remove_dc.remove_sysvol_references' is sent 'remote_samdb, dc_name' , it expects 'remote_samdb, logger, dc_name'
samba-too: Allow 'samba-tool fsmo' to cope with empty or missing fsmo roles
Fix typo in python/samba/provision/__init__.py
tests/samba-tool/user.py: replace deprecated 'add' subcommand with 'create'
remove duplicate lines from 'man smb.conf'
bug 12292: stop user.py throwing errors if user is unknown
bug 12293: stop group.py throwing errors if group is unknown
Saji VR (1):
lib:talloc. Fix memory leak when destructors reparent children.
Santiago Vila (1):
examples/smb.conf.default: Fix typo in comment line: sever -> server
Shilpa Krishnareddy (1):
notify: Fix ordering of events in notifyd
Shyamsunder Rathi (2):
s3/vfs:stream_depots: Parse substitutions in streams-depot-directory path
s3:utils/net: Add new option 'unregister' in 'net ads dns' command.
Stefan Metzmacher (925):
CVE-2016-0771: s4:librpc: python_dns and python_dcerpc_dnsp doesn't require client bindings
CVE-2016-0771: librpc: add RPC_NDR_DNSSERVER to dcerpc-samba library
CVE-2016-0771: librpc: add ndr_dnsp_string_list_copy() helper function
CVE-2016-0771: s4:dns_server: fix idl for dns_txt_record
CVE-2016-0771: dns.idl: make use of dnsp_hinfo
lib/util_net: move ipv6 linklocal handling into interpret_string_addr_internal()
lib/util_net: add support for .ipv6-literal.net
s3:test_smbclient_auth.sh: test using the ip address in the unc path (incl. ipv6-literal.net)
s3:selftest: run samba3.blackbox.smbclient_auth.plain also with $SERVER_IPV6
epmapper.idl: make epm_twr_t available in python bindings
dcerpc.idl: make WERROR RPC faults available in ndr_print output
librpc/rpc: add error mappings for NO_CALL_ACTIVE, OUT_OF_RESOURCES and BAD_STUB_DATA
s4:librpc/rpc: map alter context SEC_PKG_ERROR to NT_STATUS_LOGON_FAILURE
s3:libads: remove unused ads_connect_gc()
wscript_configure_system_mitkrb5: add configure checks for GSS_KRB5_CRED_NO_CI_FLAGS_X
s3:librpc/gse: make use of GSS_C_EMPTY_BUFFER in gse_init_client
s3:librpc/gse: fix debug message in gse_init_client()
s3:librpc/gse: set GSS_KRB5_CRED_NO_CI_FLAGS_X in gse_init_client() if available
s3:librpc/gse: correctly support GENSEC_FEATURE_SESSION_KEY
s3:librpc/gse: don't log gss_acquire_creds failed at level 0
s3:librpc/gse: implement gensec_gse_max_{input,wrapped}_size()
s4:pygensec: make sig_size() and sign/check_packet() available
auth/gensec: keep a pointer to a possible child/sub gensec_security context
auth/gensec: handle gensec_security_by_sasl_name(NULL, ...)
auth/gensec: make gensec_security_by_name() public
s3:auth_generic: add auth_generic_client_start_by_name()
s3:auth_generic: add auth_generic_client_start_by_sasl()
auth/ntlmssp: keep ntlmssp_state->server.netbios_domain on the correct talloc context
auth/ntlmssp: add gensec_ntlmssp_server_domain()
s3:ntlm_auth: fix --use-cached-creds with ntlmssp-client-1
s3:torture/test_ntlm_auth.py: replace tabs with whitespaces
s3:torture/test_ntlm_auth.py: add --client-use-cached-creds option
s3:tests/test_ntlm_auth_s3: test ntlmssp-client-1 with cached credentials
winbindd: pass an memory context to do_ntlm_auth_with_stored_pw()
s3:auth_generic: make use of the top level NTLMSSP client code
s3:ntlmssp: remove unused libsmb/ntlmssp_wrap.c
auth/ntlmssp: provide a "ntlmssp_resume_ccache" backend
auth/gensec: add GENSEC_FEATURE_NTLM_CCACHE define
auth/ntlmssp: implement GENSEC_FEATURE_NTLM_CCACHE
s3:auth_generic: add "ntlmssp_resume_ccache" backend in auth_generic_client_prepare()
winbindd: make use of ntlmssp_resume_ccache backend for WINBINDD_CCACHE_NTLMAUTH
s3:ntlm_auth: also use gensec for "ntlmssp-client-1" and "gss-spnego-client"
auth/ntlmssp: split out a debug_ntlmssp_flags_raw() that's more complete
auth/ntlmssp: NTLMSSP_NEGOTIATE_VERSION is not a negotiated option
auth/ntlmssp: define all client neg_flags in gensec_ntlmssp_client_start()
auth/ntlmssp: set NTLMSSP_ANONYMOUS for anonymous authentication
auth/ntlmssp: don't send domain and workstation in the NEGOTIATE_MESSAGE
auth/ntlmssp: add ntlmssp_version_blob()
auth/ntlmssp: let the client always include NTLMSSP_NEGOTIATE_VERSION
auth/ntlmssp: use ntlmssp_version_blob() in the server
security.idl: add LSAP_TOKEN_INFO_INTEGRITY
ntlmssp.idl: MsAvRestrictions is MsvAvSingleHost now
ntlmssp.idl: make AV_PAIR_LIST public
librpc/ndr: add ndr_ntlmssp_find_av() helper function
auth/gensec: add GENSEC_FEATURE_LDAP_STYLE define
auth/ntlmssp: implement GENSEC_FEATURE_LDAP_STYLE
auth/ntlmssp: add more compat for GENSEC_FEATURE_LDAP_STYLE
auth/ntlmssp: remove ntlmssp_unwrap() fallback for LDAP
s4:libcli/ldap: make use of GENSEC_FEATURE_LDAP_STYLE
s4:libcli/ldap: fix retry authentication after a bad password
s4:selftest: we don't need to run ldap test with --option=socket:testnonblock=true
s4:selftest: simplify the loops over samba4.ldb.ldap
s4:ldap_server: make use of GENSEC_FEATURE_LDAP_STYLE
s3:libads: add missing TALLOC_FREE(frame) in error path
s3:libads: make use of GENSEC_FEATURE_LDAP_STYLE
s3:libads: make use of GENSEC_OID_SPNEGO in ads_sasl_spnego_ntlmssp_bind()
s3:libads: provide a generic ads_sasl_spnego_gensec_bind() function
s3:libads: don't pass given_principal to ads_generate_service_principal() anymore.
s3:libads: keep service and hostname separately in ads_service_principal
s3:libads: make use of ads_sasl_spnego_gensec_bind() for GSS-SPNEGO with Kerberos
s3:libsmb: make use gensec based SPNEGO/NTLMSSP
s3:libsmb: unused ntlmssp.c
s3:libsmb: let cli_session_setup_ntlmssp*() use gensec_update_send/recv()
s3:libsmb: provide generic cli_session_setup_gensec_send/recv() pair
s3:libsmb: call cli_state_remote_realm() within cli_session_setup_spnego_send()
s3:libsmb: make use of cli_session_setup_gensec*() for Kerberos
s3:libsmb: remove unused cli_session_setup_kerberos*() functions
s3:libsmb: remove unused functions in clispnego.c
s4:torture/rpc: do testjoin only via ncalrpc or ncacn_np
s4:torture: the backupkey tests need to use ncacn_np: for LSA calls
s4:selftest: run rpc.samr over ncacn_np instead of ncacn_ip_tcp
s4:torture:samba3rpc: use an authenticated SMB connection and an anonymous DCERPC connection on top
s4:librpc/rpc: dcerpc_generic_session_key() should only be available on local transports
s4:rpc_server/samr: hide a possible NO_USER_SESSION_KEY error
s4:rpc_server: dcesrv_generic_session_key should only work on local transports
s4:dsdb/test/notification: make test_invalid_filter more resilient against ordering races
s4:dsdb/test/sort: avoid 'from collections import Counter'
selftest: mark samba4.winbind.struct.domain_info.ad_member as flapping
s3:winbindd: don't unclude two '\0' at the end of the domain list
s4:torture/lsa: improve debug message
s3:wscript: pylibsmb depends on pycredentials
ldb-samba:wscript: python_samba__ldb depends on pyauth
selftest: s!addc.samba.example.com!addom.samba.example.com!
selftest: add some helper scripts to mange a CA
selftest: add config and script to create a samba.example.com CA
selftest: add CA-samba.example.com (non-binary) files
selftest: add CA-samba.example.com binary files (currently unused by Samba)
selftest: mark commands in manage-CA-samba.example.com.sh as DONE
selftest: add Samba::prepare_keyblobs() helper function
selftest: use Samba::prepare_keyblobs() and use the certs from the new CA
selftest: set tls crlfile if it exist
selftest: setup information of new samba.example.com CA in the client environment
s3:selftest: rpc.samr.passwords.validate should run with [seal] in order to be realistic
s3:test_rpcclient_samlogon.sh: test samlogon with schannel
s4:torture/netlogon: add/use test_SetupCredentialsPipe() helper function
s4:torture/rpc/samr: use DCERPC_SEAL in setup_schannel_netlogon_pipe()
s4:torture/rpc/samlogon: use DCERPC_SEAL for netr_LogonSamLogonEx and validation level 6
s4:torture/rpc: correctly use torture_skip() for test_ManyGetDCName() without NCACN_NP
s4:torture/rpc/schannel: don't use validation level 6 without privacy
auth/gensec: make sure gensec_security_by_auth_type() returns NULL for AUTH_TYPE_NONE
auth/gensec: split out a gensec_verify_dcerpc_auth_level() function
s4:rpc_server: require access to the machine account credentials
s4:selftest: run rpc.netlogon.admin also over ncalrpc and ncacn_ip_tcp
s3:rpc_server/samr: correctly handle session_extract_session_key() failures
s3:ntlm_auth: pass manage_squid_request() needs a valid struct ntlm_auth_state from within get_password()
Revert "autobuild: Return the last 50 log lines"
selftest/Samba3: use the correct "SELFTEST_WINBINDD_SOCKET_DIR" for "net join"
tdb: version 1.3.9
Revert "selftest: dbcheck should not be marked flapping"
CVE-2016-2110: auth/ntlmssp: let ntlmssp_handle_neg_flags() return NTSTATUS
CVE-2016-2110: auth/ntlmssp: maintain conf_flags and required_flags variables
CVE-2016-2110: auth/ntlmssp: split allow_lm_response from allow_lm_key
CVE-2016-2110: auth/ntlmssp: don't allow a downgrade from NTLMv2 to LM_AUTH
CVE-2016-2110: auth/ntlmssp: don't let ntlmssp_handle_neg_flags() change ntlmssp_state->use_ntlmv2
CVE-2016-2110: auth/ntlmssp: let gensec_ntlmssp_client_start require flags depending on the requested features
CVE-2016-2110: auth/ntlmssp: let gensec_ntlmssp_client_start require NTLM2 (EXTENDED_SESSIONSECURITY) when using ntlmv2
CVE-2016-2110: winbindd: add new_spnego to the WINBINDD_CCACHE_NTLMAUTH response
CVE-2016-2110: libcli/auth: use enum spnego_negResult instead of uint8_t
CVE-2016-2110: libcli/auth: add SPNEGO_REQUEST_MIC to enum spnego_negResult
CVE-2016-2110: auth/gensec: fix the client side of a new_spnego exchange
CVE-2016-2110: auth/gensec: fix the client side of a spnego downgrade
CVE-2016-2110: auth/gensec: require spnego mechListMIC exchange for new_spnego backends
CVE-2016-2110: auth/gensec: add gensec_may_reset_crypto() infrastructure
CVE-2016-2110: auth/ntlmssp: call ntlmssp_sign_init if we provide GENSEC_FEATURE_SIGN
CVE-2016-2110: auth/ntlmssp: implement gensec_ntlmssp_may_reset_crypto()
CVE-2016-2110: auth/credentials: clear the LMv2 key for NTLMv2 in cli_credentials_get_ntlm_response()
CVE-2016-2110: auth/credentials: pass server_timestamp to cli_credentials_get_ntlm_response()
CVE-2016-2110: libcli/auth: pass server_timestamp to SMBNTLMv2encrypt_hash()
CVE-2016-2110: ntlmssp.idl: add NTLMSSP_MIC_{OFFSET,SIZE}
CVE-2016-2110: auth/ntlmssp: implement new_spnego support including MIC checking (as server)
CVE-2016-2110: auth/ntlmssp: implement new_spnego support including MIC generation (as client)
CVE-2016-2111: auth/gensec: require DCERPC_AUTH_LEVEL_INTEGRITY or higher in schannel_update()
CVE-2016-2111: auth/gensec: correctly report GENSEC_FEATURE_{SIGN,SEAL} in schannel_have_feature()
CVE-2016-2111: s4:rpc_server: implement 'server schannel = yes' restriction
CVE-2016-2111: s4:rpc_server/netlogon: require DCERPC_AUTH_LEVEL_PRIVACY for validation level 6
CVE-2016-2111: s3:rpc_server/netlogon: require DCERPC_AUTH_LEVEL_PRIVACY for validation level 6
CVE-2016-2111: s4:torture/rpc: fix rpc.samba3.netlogon ntlmv2 test
CVE-2016-2111: s4:torture/rpc: fix rpc.pac ntlmv2 test
CVE-2016-2111: libcli/auth: add NTLMv2_RESPONSE_verify_netlogon_creds() helper function
CVE-2016-2111: s4:rpc_server/netlogon: check NTLMv2_RESPONSE values for SEC_CHAN_WKSTA
CVE-2016-2111: s3:rpc_server/netlogon: check NTLMv2_RESPONSE values for SEC_CHAN_WKSTA
CVE-2016-2111: s4:torture/raw: don't use ntlmv2 for dos connection in raw.samba3badpath
CVE-2016-2111: s4:torture/base: don't use ntlmv2 for dos connection in base.samba3error
CVE-2016-2111: s4:libcli: don't allow the LANMAN2 session setup without "client lanman auth = yes"
CVE-2016-2111: s4:param: use "client use spnego" to initialize options->use_spnego
CVE-2016-2111: s4:libcli: don't send a raw NTLMv2 response when we want to use spnego
CVE-2016-2111: s3:libsmb: don't send a raw NTLMv2 response when we want to use spnego
CVE-2016-2111: docs-xml: document the new "client NTLMv2 auth" and "client use spnego" interaction
CVE-2016-2111: docs-xml: add "raw NTLMv2 auth" defaulting to "yes"
CVE-2016-2111: s3:auth: implement "raw NTLMv2 auth" checks
CVE-2016-2111: s4:smb_server: implement "raw NTLMv2 auth" checks
CVE-2016-2111: selftest:Samba3: use "raw NTLMv2 auth = yes" for nt4_dc
CVE-2016-2111: docs-xml/smbdotconf: default "raw NTLMv2 auth" to "no"
CVE-2016-2112: s3:libads: make sure we detect downgrade attacks
CVE-2016-2112: s4:libcli/ldap: honour "client ldap sasl wrapping" option
CVE-2016-2112: s4:libcli/ldap: make sure we detect downgrade attacks
CVE-2016-2112: s4:libcli/ldap: auto upgrade to SIGN after STRONG_AUTH_REQUIRED
CVE-2016-2112: s4:selftest: use --option=clientldapsaslwrapping=plain for plain connections
CVE-2016-2112: s4:ldap_server: reduce scope of old_session_info variable
CVE-2016-2112: docs-xml: add "ldap server require strong auth" option
CVE-2016-2112: s4:ldap_server: implement "ldap server require strong auth" option
CVE-2016-2112: s4:selftest: run samba4.ldap.bind against fl2008r2dc
CVE-2016-2112: selftest: servers with explicit "ldap server require strong auth" options
CVE-2016-2112: s4:selftest: run some ldap test against ad_dc_ntvfs, fl2008r2dc and fl2003dc
CVE-2016-2112: docs-xml: change the default of "ldap server require strong auth" to "yes"
CVE-2016-2113: s4:lib/tls: create better certificates and sign the host cert with the ca cert
CVE-2016-2113: s4:lib/tls: implement infrastructure to do peer verification
CVE-2016-2113: docs-xml: add "tls verify peer" option defaulting to "no_check"
CVE-2016-2113: s4:selftest: explicitly use '--option="tlsverifypeer=no_check" for some ldaps tests
CVE-2016-2113: s4:libcli/ldap: verify the server certificate and hostname if configured
CVE-2016-2113: s4:librpc/rpc: verify the rpc_proxy certificate and hostname if configured
CVE-2016-2113: selftest: test all "tls verify peer" combinations with ldaps
CVE-2016-2113: selftest: use "tls verify peer = no_check"
CVE-2016-2113: docs-xml: let "tls verify peer" default to "as_strict_as_possible"
CVE-2016-2114: s4:smb2_server: fix session setup with required signing
CVE-2016-2114: s3:smbd: use the correct default values for "smb signing"
CVE-2016-2114: docs-xml: let the "smb signing" documentation reflect the reality
CVE-2016-2115: docs-xml: add "client ipc min protocol" and "client ipc max protocol" options
CVE-2016-2115: docs-xml: add "client ipc signing" option
CVE-2016-2115: s4:libcli/raw: add smbcli_options.min_protocol
CVE-2016-2115: s4:libcli/smb2: use the configured min_protocol
CVE-2016-2115: s4:libcli/raw: limit maxprotocol to NT1 in smb_raw_negotiate*()
CVE-2016-2115: s4:libcli/raw: pass the minprotocol to smb_raw_negotiate*()
CVE-2016-2115: s4:librpc/rpc: make use of "client ipc *" options for ncacn_np
CVE-2016-2115: s3:winbindd: use lp_client_ipc_{min,max}_protocol()
CVE-2016-2115: s3:winbindd: use lp_client_ipc_signing()
CVE-2016-2115: s3:libsmb: let SMB_SIGNING_IPC_DEFAULT use "client ipc min/max protocol"
CVE-2016-2115: docs-xml: always default "client ipc signing" to "mandatory"
CVE-2016-2118: s4:rpc_server: make it possible to define a min_auth_level on a presentation context
CVE-2016-2118: s4:rpc_server/drsuapi: require DCERPC_AUTH_LEVEL_PRIVACY
CVE-2016-2118: s4:rpc_server/backupkey: require DCERPC_AUTH_LEVEL_PRIVACY
CVE-2016-2118: python:tests/dcerpc: use [sign] for dnsserver tests
CVE-2016-2118: s4:rpc_server/dnsserver: require at least DCERPC_AUTH_LEVEL_INTEGRITY
CVE-2016-2118: s3: rpcclient: change the default auth level from DCERPC_AUTH_LEVEL_CONNECT to DCERPC_AUTH_LEVEL_INTEGRITY
CVE-2016-2118: librpc: change the default auth level from DCERPC_AUTH_LEVEL_CONNECT to DCERPC_AUTH_LEVEL_INTEGRITY
CVE-2016-2118: s4:librpc: use integrity by default for authenticated binds
CVE-2016-2118: docs-xml: add "allow dcerpc auth level connect" defaulting to "yes"
CVE-2016-2118: s4:rpc_server: make use of "allow dcerpc auth level connect"
CVE-2016-2118: s4:rpc_server/lsa: reject DCERPC_AUTH_LEVEL_CONNECT by default
CVE-2016-2118: s4:rpc_server/samr: reject DCERPC_AUTH_LEVEL_CONNECT by default
CVE-2016-2118: s4:rpc_server/netlogon: reject DCERPC_AUTH_LEVEL_CONNECT by default
CVE-2016-2118: s4:rpc_server/epmapper: allow DCERPC_AUTH_LEVEL_CONNECT by default
CVE-2016-2118: s4:rpc_server/mgmt: allow DCERPC_AUTH_LEVEL_CONNECT by default
CVE-2016-2118: s4:rpc_server/rpcecho: allow DCERPC_AUTH_LEVEL_CONNECT by default
CVE-2016-2118: s3:rpc_server: make use of "allow dcerpc auth level connect"
CVE-2016-2118: s3:rpc_server/{samr,lsa,netlogon}: reject DCERPC_AUTH_LEVEL_CONNECT by default
CVE-2016-2118: s3:rpc_server/{epmapper,echo}: allow DCERPC_AUTH_LEVEL_CONNECT by default
CVE-2016-2118: docs-xml: default "allow dcerpc auth level connect" to "no"
CVE-2016-2118: s4:rpc_server/samr: allow _samr_ValidatePassword only with PRIVACY...
CVE-2016-2118: s3:rpc_server/samr: allow _samr_ValidatePassword only with PRIVACY...
CVE-2015-5370: dcerpc.idl: add DCERPC_{NCACN_PAYLOAD,FRAG}_MAX_SIZE defines
CVE-2015-5370: librpc/rpc: simplify and harden dcerpc_pull_auth_trailer()
CVE-2015-5370: s3:librpc/rpc: don't call dcerpc_pull_auth_trailer() if auth_length is 0
CVE-2015-5370: s4:librpc/rpc: send a dcerpc_sec_verification_trailer if needed
CVE-2015-5370: s4:librpc/rpc: maintain dcecli_security->auth_{type,level,context_id}
CVE-2015-5370: s4:librpc/rpc: use auth_context_id = 1
CVE-2015-5370: s4:librpc/rpc: use a local auth_info variable in ncacn_push_request_sign()
CVE-2015-5370: s4:librpc/rpc: avoid using hs->p->conn->security_state.auth_info in dcerpc_bh_auth_info()
CVE-2015-5370: s4:librpc/rpc: avoid using c->security_state.auth_info in ncacn_pull_request_auth()
CVE-2015-5370: s4:librpc/rpc: always use ncacn_pull_request_auth() for DCERPC_PKT_RESPONSE pdus
CVE-2015-5370: s4:librpc/rpc: avoid dereferencing sec->auth_info in dcerpc_request_prepare_vt()
CVE-2015-5370: s4:librpc/rpc: simplify checks if gensec is used in dcerpc_ship_next_request()
CVE-2015-5370: s4:librpc/rpc: avoid using dcecli_security->auth_info and use per request values
CVE-2015-5370: s4:librpc/rpc: finally verify the server uses the expected auth_{type,level,context_id} values
CVE-2015-5370: librpc/rpc: add a dcerpc_verify_ncacn_packet_header() helper function
CVE-2015-5370: s3:rpc_client: move AS/U hack to the top of cli_pipe_validate_current_pdu()
CVE-2015-5370: s3:rpc_client: remove useless frag_length check in rpc_api_pipe_got_pdu()
CVE-2015-5370: s4:librpc/rpc: make use of dcerpc_map_ack_reason() in dcerpc_bind_recv_handler()
CVE-2015-5370: s4:librpc/rpc: handle DCERPC_PKT_FAULT before anything else in dcerpc_alter_context_recv_handler()
CVE-2015-5370: s4:librpc/rpc: use dcerpc_verify_ncacn_packet_header() to verify BIND_ACK,ALTER_RESP,RESPONSE pdus
CVE-2015-5370: s4:librpc/rpc: protect dcerpc_request_recv_data() against too large payloads
CVE-2015-5370: s4:rpc_server: make use of talloc_zero()
CVE-2015-5370: s4:rpc_server: no authentication is indicated by pkt->auth_length == 0
CVE-2015-5370: s4:rpc_server: check the result of dcerpc_pull_auth_trailer() in dcesrv_auth_bind()
CVE-2015-5370: s4:rpc_server: maintain dcesrv_auth->auth_{type,level,context_id}
CVE-2015-5370: s4:rpc_server: make use of dce_call->conn->auth_state.auth_* in dcesrv_request()
CVE-2015-5370: s4:rpc_server/lsa: make use of dce_call->conn->auth_state.auth_{level,type}
CVE-2015-5370: s4:rpc_server/samr: make use of dce_call->conn->auth_state.auth_level
CVE-2015-5370: s4:rpc_server/netlogon: make use of dce_call->conn->auth_state.auth_{level,type}
CVE-2015-5370: s4:rpc_server: correctly maintain dcesrv_connection->max_{recv,xmit}_frag
CVE-2015-5370: s4:rpc_server: avoid ZERO_STRUCT() in dcesrv_fault()
CVE-2015-5370: s4:rpc_server: set alloc_hint = 24 in dcesrv_fault()
CVE-2015-5370: s4:rpc_server: fill context_id in dcesrv_fault()
CVE-2015-5370: s4:rpc_server: split out a dcesrv_fault_with_flags() helper function
CVE-2015-5370: s4:rpc_server: add some padding to dcesrv_bind_nak() responses
CVE-2015-5370: s4:rpc_server: return the correct secondary_address in dcesrv_bind()
CVE-2015-5370: s4:rpc_server: make dcesrv_process_ncacn_packet() static
CVE-2015-5370: s4:rpc_server: add infrastructure to terminate a connection after a response
CVE-2015-5370: s4:rpc_server: verify the protocol headers before processing pdus
CVE-2015-5370: s4:rpc_server: ensure that the message ordering doesn't violate the spec
CVE-2015-5370: s4:rpc_server: maintain in and out struct dcerpc_auth per dcesrv_call_state
CVE-2015-5370: s4:rpc_server: make sure alter_context and auth3 can't change auth_{type,level,context_id}
CVE-2015-5370: s4:rpc_server: let invalid request fragments disconnect the connection with a protocol error
CVE-2015-5370: s4:rpc_server: remove pointless dcesrv_find_context() from dcesrv_bind()
CVE-2015-5370: s4:rpc_server: don't derefence an empty ctx_list array in dcesrv_alter()
CVE-2015-5370: s4:rpc_server: changing an existing presentation context via alter_context is a protocol error
CVE-2015-5370: s4:rpc_server: fix the order of error checking in dcesrv_alter()
CVE-2015-5370: s4:rpc_server: failing authentication should generate a SEC_PKG_ERROR
CVE-2015-5370: s4:rpc_server: let a failing auth3 mark the authentication as invalid
CVE-2015-5370: s4:rpc_server: disconnect after a failing dcesrv_auth_request()
CVE-2015-5370: s4:rpc_server: give the correct reject reasons for invalid auth_level values
CVE-2015-5370: s4:rpc_server: check frag_length for requests
CVE-2015-5370: s4:rpc_server: limit allocation and alloc_hint to 4 MByte
CVE-2015-5370: s4:rpc_server: only allow one fragmented call_id at a time
CVE-2015-5370: s4:rpc_server: the assoc_group is relative to the connection (association)
CVE-2015-5370: s4:rpc_server: reject DCERPC_PFC_FLAG_PENDING_CANCEL with DCERPC_FAULT_NO_CALL_ACTIVE
CVE-2015-5370: librpc/rpc: don't allow pkt->auth_length == 0 in dcerpc_pull_auth_trailer()
CVE-2015-5370: s3:librpc/rpc: remove auth trailer and possible padding within dcerpc_check_auth()
CVE-2015-5370: s3:librpc/rpc: let dcerpc_check_auth() auth_{type,level} against the expected values.
CVE-2015-5370: s3:rpc_client: make use of dcerpc_pull_auth_trailer()
CVE-2015-5370: s3:rpc_client: make use of dcerpc_verify_ncacn_packet_header() in cli_pipe_validate_current_pdu()
CVE-2015-5370: s3:rpc_client: protect rpc_api_pipe_got_pdu() against too large payloads
CVE-2015-5370: s3:rpc_client: verify auth_{type,level} in rpc_pipe_bind_step_one_done()
CVE-2015-5370: s3:rpc_server: make use of dcerpc_pull_auth_trailer() in api_pipe_{bind_req,alter_context,bind_auth3}()
CVE-2015-5370: s3:rpc_server: let a failing sec_verification_trailer mark the connection as broken
CVE-2015-5370: s3:rpc_server: just call pipe_auth_generic_bind() in api_pipe_bind_req()
CVE-2015-5370: s3:rpc_server: don't ignore failures of dcerpc_push_ncacn_packet()
CVE-2015-5370: s3:rpc_server: don't allow auth3 if the authentication was already finished
CVE-2015-5370: s3:rpc_server: let a failing auth3 mark the authentication as invalid
CVE-2015-5370: s3:rpc_server: make sure auth_level isn't changed by alter_context or auth3
CVE-2015-5370: s3:rpc_server: use 'alter' instead of 'bind' for variables in api_pipe_alter_context()
CVE-2015-5370: s3:rpc_server: verify presentation context arrays
CVE-2015-5370: s3:rpc_server: make use of dcerpc_verify_ncacn_packet_header() to verify incoming pdus
CVE-2015-5370: s3:rpc_server: disconnect the connection after a fatal FAULT pdu
CVE-2015-5370: s3:rpc_server: let a failing BIND mark the connection as broken
CVE-2015-5370: s3:rpc_server: use DCERPC_NCA_S_PROTO_ERROR FAULTs for protocol errors
CVE-2015-5370: s3:librpc/rpc: remove unused dcerpc_pull_dcerpc_auth()
CVE-2015-5370: s3:rpc_server: check the transfer syntax in check_bind_req() first
CVE-2015-5370: s3:rpc_server: don't allow an existing context to be changed in check_bind_req()
CVE-2015-5370: s3:rpc_client: pass struct pipe_auth_data to create_rpc_{bind_auth3,alter_context}()
CVE-2015-5370: s3:librpc/rpc: add auth_context_id to struct pipe_auth_data
CVE-2015-5370: s3:rpc_client: make use of pipe_auth_data->auth_context_id
CVE-2015-5370: s3:rpc_server: make use of pipe_auth_data->auth_context_id
CVE-2015-5370: s3:librpc/rpc: make use of auth->auth_context_id in dcerpc_add_auth_footer()
CVE-2015-5370: s3:librpc/rpc: verify auth_context_id in dcerpc_check_auth()
CVE-2015-5370: s3:rpc_client: verify auth_context_id in rpc_pipe_bind_step_one_done()
CVE-2015-5370: s3:rpc_server: verify auth_context_id in api_pipe_{bind_auth3,alter_context}
CVE-2015-5370: libcli/smb: use a max timeout of 1 second in tstream_smbXcli_np_destructor()
CVE-2015-5370: s3:rpc_client: disconnect connection on protocol errors
CVE-2015-5370: s4:librpc/rpc: call dcerpc_connection_dead() on protocol errors
CVE-2015-5370: python/samba/tests: add infrastructure to do raw protocol tests for DCERPC
CVE-2015-5370: python/samba/tests: add some dcerpc raw_protocol tests
CVE-2015-5370: s4:selftest: run samba.tests.dcerpc.raw_protocol against ad_dc
s3:libads: sasl wrapped LDAP connections against with kerberos and arcfour-hmac-md5
s4:gensec_tstream: allow wrapped messages up to a size of 0xfffffff
s3:libads/sasl: allow wrapped messages up to a size of 0xfffffff
auth/spnego: change log level for 'Failed to setup SPNEGO negTokenInit request: NT_STATUS_INTERNAL_ERROR'
auth/spnego: handle broken mechListMIC response from Windows 2000
auth/ntlmssp: don't require any flags in the ccache_resume code
auth/ntlmssp: don't require NTLMSSP_SIGN for smb connections
s3:libsmb: use password = NULL for anonymous connections
libcli/smb: add smb1cli_session_set_action() helper function
libcli/smb: add SMB1 session setup action flags
libcli/smb: add smbXcli_session_is_guest() helper function
s3:libsmb: record the session setup action flags
s3:libsmb: don't finish the gensec handshake for guest logins
s3:libsmb: use anonymous authentication via spnego if possible
auth/spnego: only try to verify the mechListMic if signing was negotiated.
s4:auth_anonymous: anonymous authentication doesn't allow a password
s3:auth_builtin: anonymous authentication doesn't allow a password
libcli/security: implement SECURITY_GUEST
s3:smbd: make use SMB_SETUP_GUEST constant
s3:smbd: only mark real guest sessions with the GUEST flag
auth/ntlmssp: do map to guest checking after the authentication
auth/spnego: add spnego:simulate_w2k option for testing
auth/ntlmssp: add ntlmssp_{client,server}:force_old_spnego option for testing
selftest:Samba4: provide DC_* variables for fl2000dc and fl2008r2dc
s3:test_smbclient_auth.sh: this script reqiures 5 arguments
selftest:Samba4: let fl2000dc use Windows2000 supported_enctypes
selftest:Samba4: let fl2000dc use Windows2000 style SPNEGO/NTLMSSP
s3:selftest: add smbclient_ntlm tests
talloc: version 2.1.7
libcli/auth: let msrpc_parse() return talloc'ed empty strings
s3:rpc_server/samr: simplify the logic in get_user_info_18()
s3:ntlm_auth: make ntlm_auth_generate_session_info() more complete
s3:smbd: fix anonymous authentication if signing is mandatory
WHATSNEW: Clear release notes for Samba 4.5.0pre1.
WHATSNEW: add 'Support for LDAP_SERVER_NOTIFICATION_OID'
python:samba: move netcmd/time.py to python/samba/netcmd/nettime.py
Revert "s3:rpcclient add -m option"
s3:rpcclient: make use of SMB_SIGNING_IPC_DEFAULT
s3:selftest: run test_smbclient_ntlm also against ad_dc
selftest: use the default values for "server signing"
dcerpc.idl: add DCERPC_NCACN_{REQUEST,RESPONSE}_DEFAULT_MAX_SIZE
s4:librpc/rpc: allow a total reassembled response payload of 240 MBytes
s4:rpc_server: use a variable for the max total reassembled request payload
dcerpc.idl: remove unused DCERPC_NCACN_PAYLOAD_MAX_SIZE
s4:server_named_pipe: make sure we use lower case pipe name
s4:rpc_server: context_id fields of presentation contexts are just 16bit
s4:rpc_server: remove unused '_unused_auth_state'
s4:rpc_server: remove unused dcesrv_connection_context->assoc_group
s3:rpc_client: remove unused rpc_pipe_client->max_recv_frag
s4:rpc_server: parse auth data only for BIND,ALTER_REQ,AUTH3
s4:librpc/rpc: don't ask for auth_length if we ask for auth data only
librpc/rpc: let dcerpc_pull_auth_trailer() only accept auth_length!=NULL or auth_data_only=true
librpc/rpc: let dcerpc_pull_auth_trailer() check that auth_pad_length fits within the whole pdu.
librpc/rpc: ignore invalid auth_pad_length values in BIND, ALTER and AUTH3 pdus
s4:rpc_server: generate the correct error when we got an invalid auth_pad_length on BIND,ALTER,AUTH3
python/tests: add auth_pad test for the dcerpc raw_protocol test
selftest: add save.env.sh helper script.
librpc/tools: correctly validate relative pointers in ndrdump
librpc/ndr: add support for NDR_ALIGN* to ndr_push_short_relative_ptr2()
samba-tool: really deprecate 'samba-tool user add'
s4:dsdb/tests: make user_account_control.py executable
s4:dsdb/tests: use ncacn_ip_tcp:server[seal] for samr connections
s4:dsdb/tests: use GENSEC_SEAL for ldap connections in sam.py
s4:dsdb/tests: let the user_account_control.py test recover from a previous failure
s4:dsdb/tests: improve error message in test_new_user_default_attributes()
s4:dsdb/repl_meta_data: pass now to replmd_add_fix_la
s4:selftest: run samba4.ldap.password_lockout.python only against ad_dc_ntvfs
s4:dsdb/tests: use more useful userAccountControl/pwdLastSet values in the urgent_replication test
s3:pdb_samba_dsdb: fix calucating of dsdb_flags
s4:dsdb/samdb: allocate DSDB_CONTROL_PASSWORD_DEFAULT_LAST_SET_OID
s4:dsdb/samldb: add DSDB_CONTROL_PASSWORD_DEFAULT_LAST_SET_OID when defaulting pwdLastSet=0
s4:dsdb/samdb: allocate DSDB_CONTROL_PASSWORD_USER_ACCOUNT_CONTROL_OID
s4:samldb: pass down DSDB_CONTROL_PASSWORD_USER_ACCOUNT_CONTROL_OID with changed userAccountControl details
s4:dsdb/common: add some const to helper functions
s4:dsdb/password_hash: use full NTTIME resolution for pwdLastSet
s4:dsdb/password_hash: split out a password_hash_needed() function
s4:dsdb/password_hash: split out a update_final_msg() function
s4:dsdb/password_hash: make the variable names in setup_io() more clear
s4:dsdb/password_hash: leave the current value of pwdLastSet as 0 an add
s4:dsdb/password_hash: move the check for old passwords into setup_io()
s4:dsdb/password_hash: call ndr_pull_supplementalCredentialsBlob in setup_io()
s4:dsdb/password_hash: remember if we need to update the passwords and/or pwdLastSet
s4:dsdb/password_hash: move ldb_msg_add_empty() calls to update_final_msg()
s4:dsdb/password_hash: create a shallow copy of the client message for the final update
s4:dsdb/password_hash: only set pwdLastSet if required
s4:dsdb/password_hash: make the DSDB_CONTROL_PASSWORD_BYPASS_LAST_SET code path more robust
s4:dsdb/password_hash: handle the DSDB_CONTROL_PASSWORD_DEFAULT_LAST_SET control
s4:dsdb/password_hash: make it possible to specify pwdLastSet together with a password change
s4:dsdb/password_hash: allow pwdLastSet only changes
s4:rpc_server/samr: only set pwdLastSet to "0" or "-1"
s4:dsdb/password_hash: only allow pwdLastSet as "0" or "-1"
s4:dsdb/samldb: fix comment "lockoutTime" reset as per MS-SAMR 3.1.1.8.10
s4:dsdb/samldb: pwdLastSet = -1 requires Unexpire-Password right
s4:dsdb/tests: add pwdLastSet tests
auth/auth_sam_reply: add some const to input parameters
s4:kdc: add some const to samba_get_logon_info_pac_blob()
krb5pac.idl: add PAC_CREDENTIAL related structures
s4:auth/sam: use "msDS-UserPasswordExpiryTimeComputed" instead of samdb_result_force_password_change()
s4:rpc_server/samr: use "msDS-UserPasswordExpiryTimeComputed" instead of samdb_result_force_password_change()
s4:kdc: use "msDS-UserPasswordExpiryTimeComputed" instead of samdb_result_force_password_change()
s4:dsdb/common: remove unused samdb_result_force_password_change()
s3:winbindd: pass 'interactive' down through winbindd_dual_auth_passdb()
s4:auth_sam: don't allow interactive logons with UF_SMARTCARD_REQUIRED
s4:kdc: don't allow interactive password logons with UF_SMARTCARD_REQUIRED
samdb.py: add smartcard_required option to newuser()
samba-tool: add --smartcard-required option to 'samba-tool user create'
samba-tool: do a password retype validation check for 'samba-tool user setpassword'
samba-tool: add 'samba-tool user setpassword --smartcard-required/--clear-smartcard-required'
test_pkinit_heimdal.sh: add a helper VARIABLE to store the certificate paths
test_pkinit_heimdal.sh: add a FILE: prefix to the KRB5CCNAME variable
s4:dsdb: add some const to {samdb_result,dsdb}_effective_badPwdCount()
s4:auth/sam: only reset badPwdCount when the effetive value is not 0 already
s4:auth/sam: don't update lastLogon just because it's 0 currently
s4:auth/sam: update the logonCount for interactive logons
s4:dsdb/tests: let password_lockout.py reduce the values for lockoutDuration and lockOutObservationWindow
s4:dsdb/tests: let password_lockout.py cross-check the lastLogon value with samr
s4:dsdb/tests: let password_lockout.py make the LDAP error string checks more useful
s4:dsdb/tests: let password_lockout.py add a _readd_user() helper function
s4:dsdb/tests: let password_lockout.py make use of the _readd_user() helper function
s4:dsdb/tests: let password_lockout.py let _readd_user() return the ldb connection as user
s4:dsdb/tests: let password_lockout.py pass username,userpass optionally to insta_creds()
s4:dsdb/tests: let password_lockout.py use user{name,pass,dn} variables in _readd_user()
s4:dsdb/tests: let password_lockout.py pass creds as argument to _readd_user()
s4:dsdb/tests: let password_lockout.py use _readd_user() for testuser3 too
s4:dsdb/tests: let password_lockout.py make use of self.addCleanup() to cleanup objects
s4:dsdb/tests: let password_lockout.py use userdn variables in all functions
s4:dsdb/tests: let password_lockout.py use other_ldb variables instead of self.ldb3
s4:dsdb/tests: let password_lockout.py use userpass variables in all functions
s4:dsdb/tests: let password_lockout.py use creds and other_ldb as function arguments
s4:dsdb/tests: let password_lockout.py copy user{name,pass} from the template in insta_creds()
s4:dsdb/tests: let password_lockout.py verify more fields in _readd_user()
s4:dsdb/tests: let password_lockout.py test with all combinations of krb5, ntlmssp and lockOutObservationWindow
s4:dsdb/tests: let password_lockout.py validate the lastLogon and lastLogonTimestamp interaction
s4:dsdb/tests: let password_lockout.py verify the logonCount values
lib/param: add lpcfg_sam_dnsname() helper function
auth.idl: add user_principal_* and dns_domain_name to auth_user_info
s4:auth: make use of lpcfg_sam_name() in authsam_get_user_info_dc_principal()
s4:auth: fill user_principal_* and dns_domain_name in authsam_make_user_info_dc()
s4:auth/kerberos: improve error message in kerberos_pac_to_user_info_dc()
auth/auth_sam_reply: let make_user_info_dc_netlogon_validation() correctly handle level 6
auth/wbc_auth_util: fill in base.logon_domain in wbcAuthUserInfo_to_netr_SamInfo3()
auth/wbc_auth_util: change wbcAuthUserInfo_to_netr_SamInfo* from level 3 to 6
auth/auth_sam_reply: add auth_convert_user_info_dc_saminfo6() and implement level 3 as wrapper
auth/auth_sam_reply: add auth_convert_user_info_dc_saminfo2() helper function
auth/auth_sam_reply: do a real copy of strings in auth_convert_user_info_dc_sambaseinfo()
s4:rpc_server/netlogon: initialize pointer to NULL in dcesrv_netr_LogonSamLogon_base()
s4:rpc_server/netlogon: make use of auth_convert_user_info_dc_saminfo{2,6}()
auth/auth_sam_reply: make auth_convert_user_info_dc_sambaseinfo() a private helper
netlogon.idl: make netr_SidAttr public
krb5pac.idl: introduce PAC_DOMAIN_GROUP_MEMBERSHIP to handle the resource groups
security.idl: add SID_NT_NFS S-1-5-88* sids
libcli/auth: remove unused variable in msrpc_parse()
s3:libsmb/clirap: remove unused cli_get_server_*() functions
CVE-2016-2019: libcli/smb: don't allow guest sessions if we require signing
CVE-2016-2019: s3:libsmb: add comment regarding smbXcli_session_is_guest() with mandatory signing
CVE-2016-2019: s3:selftest: add regression tests for guest logins and mandatory signing
s4:dsdb/samdb: add DSDB_FLAG_INTERNAL_FORCE_META_DATA
s4:samba_dsdb: add "dsdb_flags_ignore" module
tests:samba3sam: make use of the dsdb_flags_ignore module
selftest/flapping: mark samba4.drs.repl_move.python as temporary flapping
s4:dsdb/common: add a replication metadata stamp for an empty logonHours attribute
s4:dsdb/password_hash: force replication meta data for empty password attributes
Revert "selftest/flapping: mark samba4.drs.repl_move.python as temporary flapping"
s4:torture/drs: verify the whole metadata array to be the same in the repl_move tests
drsuapi.idl: add DRSUAPI_ATTID_operatorCount and DRSUAPI_ATTID_adminCount
s4:dsdb/samdb: add const to dsdb_make_object_category()
s4:password_hash: correctly update pwdLastSet on deleted objects.
s4:dsdb/repl_meta_data: sort preserved_attrs and add "msDS-PortLDAP"
s4:dsdb/repl_meta_data: remove secret attributes on delete
s4:dsdb/common: prepare dsdb_user_obj_set_defaults() for tombstone reanimation
s4:dsdb/tombstone_reanimate: restructure the module logic
s4:dsdb/tests: make use assertAttributesEqual() in RestoreUserObjectTestCase()
s4:dsdb/tests: make tombstone_reanimation.py executable
s4:dsdb/tests: improve tombstone_reanimation varifications
s4:dsdb/tests: improve the RestoreUserObjectTestCase test
s4:dsdb/tests: add RestoreUserPwdObjectTestCase test
libads: ensure the right ccache is used during gssapi bind
libads: ensure the right ccache is used during spnego bind
python/remove_dc: handle dnsNode objects without dnsRecord attribute
s4:kdc: ignore empty supplementalCredentialsBlob structures
s3:libnet_dssync_keytab: ignore empty supplementalCredentialsBlob structures
s4:dsdb/password_hash: explicitly set SUPPLEMENTAL_CREDENTIALS_SIGNATURE
drsblobs.idl: mark supplementalCredentialsSubBlob as nopull,nopush
drsblobs.idl: supplementalCredentialsSubBlob make it possible to parse strange blobs
s4:torture/ndr: add validation checks for strange supplementalCredentials blobs
krb5pac: fix push/pull of subcontexts in PAC_BUFFER
krb5pac.idl: implement PAC_UPN_DNS_INFO correct
krb5pac/netlogon: add a comment regarding PAC_LOGON_INFO unique pointers on push
krb5_wrap: provide CKSUMTYPE_HMAC_SHA1_96_AES_*
s4:torture/ndr: make use of torture_suite_add_ndr_pull_validate_test() in krb5pac when possible
s4:torture/ndr: add more krb5pac tests with PAC blobs from pkinit
s3:ntlm_auth: call fault_setup() in order to get usefull backtraces
s3:tests: add 'as user' to the test names in test_smbclient_auth.sh
s3:selftest: run smbclient_auth with a few more combinations
selftest: set "ntlm auth = yes" for now as a lot of tests rely on it
docs-xml:smbdotconf: default "ntlm auth" to "no"
selftest: don't allow ntlmv1 for 'nt4_member' and 'ad_member'
WHATNEW: the default for "ntlm auth" is "no"
pycredentials: add {get,set}_old_password()
pycredentials: add set_utf16_[old_]password()
samba-tool: add 'user getpassword' command
python:samba/tests: add simple 'samba-tool user getpassword' test
python:samba/tests: verify the packages order in supplementalCredentials
docs-xml:samba-tool.8: document "user getpassword" command
samba-tool: add 'user syncpasswords' command
python:samba/tests: add simple 'samba-tool user syncpasswords' test
docs-xml:samba-tool.8: document "user syncpasswords" command
docs-xml/smbdotconf: reference "unix password sync" with "samba-tool user syncpasswords"
.travis.yml: install libgpgme11-dev python[3]-gpgme
docs-xml/smbdotconf: add "password hash gpg key ids" option
docs-xml/smbdotconf: reference "unix password sync" with "password hash gpg key ids"
s4:dsdb/samdb: add configure checks for libgpgme
drsblobs.idl: add package_PrimarySambaGPGBlob
s4:dsdb/samdb: optionally store package_PrimarySambaGPGBlob in supplementalCredentials
samba-tool: add --decrypt-samba-gpg support to 'user getpasswords' and 'user syncpasswords'
selftest:gnupg: add a gpg key for Samba Selftest <selftest at samba.example.com>
s4:selftest: run samba.tests.samba_tool.user also against ad_dc:local
selftest:Samba4: configure "password hash gpg key ids" for ad_dc (if available)
python:samba/tests: use 'samba-tool user {getpassword,syncpasswords}' with --decrypt-samba-gpg
WHATSNEW: add 'Password sync as active directory domain controller'
WHATSNEW: recomment python-crypto and python-m2crypto
auth/credentials: also do a shallow copy of the krb5_ccache.
s4:torture/remote_pac: verify the order of PAC elements
HEIMDAL:lib/krb5: allow predefined PAC_{LOGON_NAME,PRIVSVR_CHECKSUM,SERVER_CHECKSUM} elements in _krb5_pac_sign()
HEIMDAL:kdc: reset e_text after successful pre-auth verification
HEIMDAL:kdc: add krb5plugin_windc_pac_pk_generate() hook
s4:kdc: hook into heimdal's windc.pac_pk_generate hook
s4:kdc: correctly update the PAC in samba_wdc_reget_pac()
s4:kdc: provide a PAC_CREDENTIAL_INFO element for PKINIT logons
s4:dsdb/password_hash: add the UF_SMARTCARD_REQUIRED password reset magic
s4:dsdb/tests: add UF_SMARTCARD_REQUIRED tests
selftest/Samba: remove compat admincert* files
selftest/manage-ca: add certificates for pkinit@[addom.]samba.example.com
selftest/manage-ca: update manage-CA-samba.example.com.sh
selftest/Samba: copy pkinit@$DOMAIN certificates to the environment
test_pkinit_heimdal.sh: add some more tests regarding the UF_SMARTCARD_REQUIRED behavior
testprogs/blackbox: add test_pkinit_pac_heimdal.sh
s4:selftest: run test_pkinit_pac_heimdal.sh test
s4:selftest: run the pkinit test in the ad_dc and ad_dc_ntvfs environment
WHATSNEW: add SmartCard/PKINIT improvements
auth/auth_sam_reply: fill user_principal_* and dns_domain_name in make_user_info_dc_pac()
s4:kdc: provide a PAC_UPN_DNS_INFO element for logons
s4:dsdb/repl_meta_data: remember originating updates when applying replicated changes
s4:dsdb/replicated_objects: don't skip notifications on resolved conflicts
tdb: version 1.3.10
talloc: version 2.1.8
tevent: version 0.9.28
s4:pyrpc: correctly implement .request_timeout
samba-tool: use a timeout of 5 minutes in 'samba-tool drs replicate'
samba-tool: add --async-rep option to 'samba-tool drs replicate'
tests:samba_tool_drs: test samba-tool drs replicate with implicit machine credentials
tests:samba_tool_drs: test samba-tool drs replicate with --async-op
WHATSNEW: document new samba-tool drs replicate options
ldb: fix compiler warnings on ldb_unpack_data() arguments
ldb: version 1.1.27
WHATSNEW: add shadow:snapprefix and shadow:delimiter
VERSION: Set version to 4.5.0rc1...
VERSION: Bump version up to 4.6.0pre1
tests:samba_tool: pass stdout and stderr to assertCmdSuccess()
tests:samba_tool: make use of assertCmdFail() in gpo.py
script/autobuild.py: check for AUTOBUILD_SKIP_SAMBA_O3 environment variable
tests:blackbox: let samba_dnsupdate.py provide more details
samba-tool/ldapcmp: ignore differences of whenChanged
s4:dsdb/schema: don't change schema->schema_info on originating schema changes.
s4:dsdb/repl: avoid recursion after fetching schema changes.
s4:dsdb/schema: store struct dsdb_schema_info instead of a hexstring
s4:dsdb/schema: don't treat an older remote schema as SCHEMA_MISMATCH
s4:dsdb/schema: make dsdb_schema_pfm_add_entry() public and more useful
s4:dsdb/repl: make sure the working_schema prefix map is populated with the remote prefix map
s4:dsdb/objectclass_attrs: call dsdb_attribute_from_ldb() without a prefixmap
s4:dsdb/schema: avoid an implicit prefix map creation in lookup functions
s4:dsdb/schema: don't update the in memory schema->prefixmap without reloading the schema!
s4:dsdb/schema: split out a dsdb_attribute_drsuapi_remote_to_local() function
s4:dsdb/schema: move messages for unknown attids to higher debug levels during resolving
s4:dsdb/repl: set working_schema->resolving_in_progress during schema creation
s4:dsdb/repl: let dsdb_replicated_objects_convert() change remote to local attid for linked attributes
Revert "s4: tests: Skip drs tests."
selftest/flapping: add some samba3.blackbox.smbclient_s3 tests
script/autobuild.py: include the branch name in the output
s3:lib/pthreadpool: fix the build on older systems
WHATSNEW: clear the sections for 4.6
tevent: version 0.9.30
gensec/spnego: work around missing server mechListMIC in SMB servers
script/release.sh: use 8 byte gpg key ids
wafsamba: add -Werror=format-security to the developer build
s3:nmbd: fix talloc_zero_array() check in nmbd_packets.c
tevent: version 0.9.31
HEIMDAL:lib/krb5: destroy a memory ccache on reinit
s3:libads: don't use MEMORY:ads_sasl_gssapi_do_bind nor set "KRB5CCNAME"
s3:libads: don't use MEMORY:ads_sasl_spnego_bind nor set "KRB5CCNAME"
nfs4acl.idl: rename interface to nfs4acl.idl to avoid naming clash in the python bindings
spoolss.idl: use access mask defines from security.idl
ntlmssp.idl: don't generate python bindings for ntlmssp_NTLM_RESPONSE and ntlmssp_LM_RESPONSE
s3:util_cmdline: add set_cmdline_auth_info_signing_state_raw() helper function
s3:lib/netapi: make use of set_cmdline_auth_info_signing_state_raw()
s3:libsmb: make use of get_cmdline_auth_info_* helper functions in get_ipc_connect()
s3:libsmb: make use of proper allocated struct user_auth_info in SMBC_opendir_ctx()
s3:util_cmdline: make struct user_auth_info private to util_cmdline.c
s3:smbd: only pass UCF_PREP_CREATEFILE to filename_convert() if we may create a new file
lib/async_req: add writev_cancel()
libcli/smb: handle a talloc_free() on an unsent smb1 request
gensec/spnego: remember the wanted features also on the main gensec context
s4:gensec_krb5: also report support for GENSEC_FEATURE_SIGN as krb5_mk_priv() provides sign and seal
s4:gensec_gssapi: pass gss_got_flags to gssapi_get_sig_size()
s3:gse: pass gss_got_flags to gssapi_get_sig_size()
auth/ntlmssp: always allow NTLMSSP_NEGOTIATE_{SIGN,SEAL} in gensec_ntlmssp_server_start()
s3:ntlm_auth: don't use gensec_want_feature(gensec_security, GENSEC_FEATURE_{SIGN,SEAL}) as server
s4:ldap_server: don't use gensec_want_feature(gensec_security, GENSEC_FEATURE_{SIGN,SEAL}) as server
auth/gensec: always verify the wanted SIGN/SEAL flags
auth/gensec: only require GENSEC_FEATURE_SIGN for DCERPC_AUTH_LEVEL_INTEGRITY as client
auth/gensec: handle DCERPC_AUTH_LEVEL_PACKET similar to DCERPC_AUTH_LEVEL_INTEGRITY
dcerpc.idl: remove unused DCERPC_AUTH_LEVEL_DEFAULT
dcerpc.idl: split the padding from a possible fault buffer in dcerpc_fault
dcerpc.idl: add dcerpc_fault_flags bitmap
s4:rpc_server: skip setting of dcerpc_request._pad
dcerpc.idl: replace dcerpc_response._pad with a uint8 reserved
dcerpc.idl: remove unused dcerpc_request._pad
dcerpc.idl: add DCERPC_FAULT_SERVER_UNAVAILABLE
s3:librpc: remove bigendian argument from dcerpc_pull_ncacn_packet()
s3:librpc: move NDR_PRINT_DEBUG() into the caller of dcerpc_pull_ncacn_packet()
librpc/rpc: move dcerpc_pull_ncacn_packet() from source3/librpc/rpc/ to the toplevel
librpc/rpc: make use of dcerpc_pull_ncacn_packet() in dcerpc_read_ncacn_packet_done()
s4:librpc/rpc: make use of dcerpc_pull_ncacn_packet()
s4:librpc/rpc: force printing in dcerpc_bh_do_ndr_print() log level >= 11
s4:librpc/rpc: implement bind_time_feature negotiation
s4:rpc_server: a fault with UNKNOWN_IF should have DID_NOT_EXECUTE set
s4:rpc_server: set DCERPC_PFC_FLAG_DID_NOT_EXECUTE for DCERPC_FAULT_OP_RNG_ERROR
s4:rpc_server: set the full DCERPC_BIND_NAK_REASON_* in dcesrv_bind()
s4:rpc_server: let dcesrv_auth_request() set a fault_code
s4:rpc_server: check the auth_pad_length overflow before calling gensec_[check,unseal]_packet()
s4:rpc_server: add DCERPC_AUTH_LEVEL_PACKET support
s4:rpc_server: move dcesrv_alter_resp
s4:rpc_server: use call->conn instead of call->context->conn
s4:rpc_server: split out a dcesrv_check_or_create_context() function
s4:rpc_server: it's not a protocol error to do an alter context with an unknown transfer syntax
s4:rpc_server: process all provided presentation contexts
python/tests: remove unused code in _test_auth_none_level_bind()
python/tests: add presentation context related tests to dcerpc raw protocol tests
s4:rpc_server: implement bind time feature negotiation
python/tests: add bind time feature related tests to dcerpc raw protocol tests
python/tests: do tests to verify spnego various auth_levels
librpc: add dcerpc_ncacn_pull_pkt_auth() helper function
librpc: add dcerpc_ncacn_push_pkt_auth() helper function
s4:librpc/rpc: make use of dcerpc_ncacn_pull_pkt_auth() in ncacn_pull_request_auth()
s4:librpc/rpc: convert ncacn_pull_request_auth() into a generic ncacn_pull_pkt_auth()
s4:librpc/rpc: make use of dcerpc_ncacn_push_pkt_auth() in ncacn_push_request_sign()
s4:rpc_server: make use of dcerpc_ncacn_pull_pkt_auth() in dcesrv_auth_request()
s4:rpc_server: convert dcesrv_auth_request() into a generic dcesrv_auth_pkt_pull()
s4:rpc_server: make use of dcerpc_ncacn_push_pkt_auth() in dcesrv_auth_response()
s4:rpc_server: convert dcesrv_auth_response() into a generic dcesrv_auth_pkt_push()
s3:dcerpc_helpers: correctly support DCERPC_AUTH_LEVEL_PACKET
s3:rpc_server: add support for DCERPC_AUTH_LEVEL_PACKET
s4:selftest: run some tests with "packet"
s3:selftest: run some rpcclient tests with "packet"
s4:rpc_server: list all connection oriented pdu types explicitly
s4:rpc_server: ignore CO_CANCEL and ORPHANED PDUs
s4:rpc_server: implement DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN support
python/tests: add DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN tests to dcerpc raw protocol tests
s4:rpc_server: fill call->context on the first fragment
s4:rpc_server: return the context_id of a FAULT in a same way as windows
s4:rpc_server: return the context_id of a RESPONSE in the same way as windows
s4:torture/rpc: add extra_flags to torture_rpc_connection_transport()
s4:torture/rpc: concurrent dcerpc_echo_TestSleep requests require a connection with DCERPC_CONCURRENT_MULTIPLEX
s4:librpc/rpc: make sure the DCERPC_CONCURRENT_MULTIPLEX and DCERPC_PFC_FLAG_CONC_MPX are in sync
s4:rpc_server: support DCESRV_CALL_STATE_FLAG_MULTIPLEXED by default
s4:rpc_server/remote: pass through DCERPC_PFC_FLAG_CONC_MPX if it was used by the client
s4:rpc_server: implement DCERPC_PFC_FLAG_CONC_MPX ordering restrictions
dcerpc.idl: set LIBNDR_FLAG_* flags based on DCERPC_PFC_FLAG_OBJECT_UUID and DCERPC_DREP_LE
librpc/rpc: no longer set FLAG_OBJECT_PRESENT and FLAG_BIGENDIAN for ndr_{pull,push}_ncacn_packet()
s4:librpc/rpc: no longer set FLAG_OBJECT_PRESENT and FLAG_BIGENDIAN for ndr_push_ncacn_packet()
s3:rpc_server: pass the full ndr_interface_table to rpc_pipe_open_internal()
librpc/rpc: make sure we use the object from the handle in dcerpc_binding_handle_raw_call_send()
librpc/rpc: verify the passed table against the table on the handle
s4:librpc/rpc: pass the object guid to the binding handle if required
s4:selftest: run rpc.echo with an object based binding string
pidl:Python: check the return values of talloc_ptrtype()
pidl:Python: __ndr_print__ functions don't get arguments and need METH_NOARGS
pidl:Python: make use of NDR_ERR_CODE_IS_SUCCESS()
pidl:Python: improve the .doc string for the get/set elements
pidl:NDR: keep interface->{ORIGINAL}
pidl:Python: prettify names of constants
pidl:Python: provide the abstract syntax as <module>.<interface>_abstract_syntax
s4:pyrpc: add pyrpc_{im,ex}port_union() helper functions
pidl:Python: provide a PyTypeObject with METH_CLASS __import__() and __export__() hooks
pidl:Python: make use of the pyrpc_{import,export}_union() functions
s4:pyrpc: remove unused py_{import,export}_netr_* prototypes
pidl:Python: the py_{import,export}_*() functions can be static now.
python:ndr: verify the object type ndr_print() and ndr_unpack()
python:ndr: add ndr_{pack,unpack,print}_{in,out} helper functions
pidl:NDR: add ReturnTypeElement() helper function
pidl:Python: split out a PythonElementGetSet() helper function
pidl:Python: add PyTypeObject objects for function structs
python/tests: we now pass test_no_auth_request_bind_pfc_CONC_MPX()
python:tests: add more helper functions to RawDCERPCTest
python/tests: make it possible to specific TARGET_HOSTNAME to raw_protocol.py
python/tests: make use of prepare_presentation() in _get_netlogon_ctx()
python/tests: make use of get_auth_context_creds() in _test_auth_type_level_bind_nak()
python/tests: make use of self.get_anon_creds() and self.get_user_creds()
python/tests: make use of self.get_auth_context_creds() and self.do_generic_bind() in _test_spnego_bind_auth_level()
python/tests: check context_id values of responses correctly
python/tests: add a second_connection() helper function
python/tests: add simple dcerpc association group tests
python/tests: add simple dcerpc co_cancel tests
python/tests: add simple dcerpc orphaned tests
auth/credentials: anonymous should not have a user principal
auth/credentials: make cli_credentials_get_ntlm_response() more robust
s4:gensec_gssapi: We need to use the users realm in the target_principal
s3:gse: We need to use the users realm in the target_principal
s3:popt_common: simplify popt_common_credentials handling
s3:libsmb: let the callers only pass the password string to cli_session_setup[_send]()
libcli/smb: move {smb,trans2}_bytes_push_{str,bytes}() to common code
libcli/smb: Add smb_bytes_pull_str() helper function
libcli/smb: reformat wscript
libcli/smb: add smb1cli_session_setup_nt1_send/recv()
libcli/smb: add smb1cli_session_setup_ext_send/recv()
s3:libsmb: add some comments to the noop case for < PROTOCOL_LANMAN1 in cli_session_setup_send()
s3:libsmb: make use of smb1cli_session_setup_ext_send/recv()
s3:libsmb: make use of smb1cli_session_setup_{nt1,lm21}_send/recv()
s3:libsmb: remove unused cli_session_setup_{lanman2,plain,nt1}*
s3:libsmb: always pass the servers gss blob to gensec
s3:libsmb: remove target_principal argument from cli_session_setup_gensec_send()
s3:libsmb: let gensec handle the fallback from krb5 to ntlmssp
s3:libsmb: pass the optional dest_realm via the cli_credentials
s3:libsmb: pass cli_credentials to cli_session_setup_gensec_send()
s3:libsmb: move cli_session_setup_get_account into cli_session_creds_init()
s3:libsmb: move cli_session_creds_init() to cli_session_setup_send()
s3:libsmb: get the plaintext and NTLM authentication details out of cli_credentials
s3:libsmb: move domain\\username magic to cli_session_creds_init()
s3:libsmb: change cli_session_setup_send/recv into cli_session_setup_creds_send/recv
s3:libsmb: add cli_session_setup_anon()
s3:libsmb: make cli_session_creds_init() non-static
s3:libsmb: make use of cli_session_setup_anon()
s3:nmbd: make use of cli_session_setup_anon()
s3:torture: make use of cli_session_setup_anon()
s3:torture: make use of cli_session_creds_init() in masktest.c
s3:torture: create a global 'torture_creds' cli_credentials structure
s3:torture: make use of cli_session_setup_creds() in torture.c
s3:torture: make use of cli_session_setup_creds() in test_smb2.c
s3:torture: make use of auth_generic_set_creds() in test_smb2.c
s3:client: use cli_session_setup_creds() in client.c cmd_logon()
s3:client: use cli_session_setup_creds() in smbspool.c
s3:libsmb: make use of cli_{session_setup,rpc_pipe_open_with}_creds() in passchange.c
pyldb: protect PyErr_LDB_ERROR_IS_ERR_RAISE() with do {} while(0)
tdb: version 1.3.12
selftest/gdb_*: make use of 'mktemp'
ldb:controls: add LDB_CONTROL_RECALCULATE_RDN_OID
ldb:rdn_name: normalize rdn_name in rdn_rename_callback()
ldb:rdn_name: add support for LDB_CONTROL_RECALCULATE_RDN_OID on ldb_modify()
tests/libsmb_samba_internal.py: fully setup the Credentials by creds.guess(lp)
s3:winbindd: always use saf_store(domain->alt_name, controller) for ad domains
s3:libsmb: change cli_full_connection_send/recv into cli_full_connection_creds_send/recv
s3:libnet_join: make use of cli_full_connection_creds()
s3:libsmb: restructure cli_full_connection_creds* flow
s4:repl_meta_data: normalize rdn attribute name via the schema
auth/credentials: let cli_credentials_parse_string() handle the "winbind separator"
auth/credentials: fix cut'n'paste error in cli_credentials_get_principal_and_obtained()
auth/credentials: clear all unused blobs in cli_credentials_get_ntlm_response()
s3:torture: make use of cli_full_connection_creds() in torture.c
s3:libsmb: fix memory leak in cli_raw_ntlm_smb_encryption_start()
s3:libsmb: fix 'client lanman auth = no' DEBUG message in cli_session_setup_creds_send()
s3:libsmb: add cli_tree_connect_creds()
s3:client: make use of cli_tree_connect_creds() in smbspool.c
s3:client: avoid using cli->{use_kerberos,...} for cli_session_creds_init() in smbspool.c
s3:libsmb: avoid using cli->{use_kerberos,...} in remote_password_change()
s3:libsmb: don't pass 'passlen' to cli_tree_connect[_send]() and allow pass=NULL
script/autobuild.py: don't add subdirs of testbase to cleanup_list
script/autobuild.py: remove pointless mkdir/rmdir commands
script/autobuild.py: cleanup testbase/prefix before each retry
script/autobuild.py: create tmpdir for each try and export it as TMPDIR
selftest: also export TMPDIR
selftest: make sure we always export KRB5CCNAME
s3:lib/netapi: Use lp_client_ipc_max_protocol() in libnetapi_open_ipc_connection()
s3:torture: Use cli_tree_connect_creds() where we may use share level auth
s3:torture/masktest: Use cli_tree_connect_creds()
s3:torture/masktest: masktest only works with SMB1 currently
s3:libsmb: split out a cli_session_creds_prepare_krb5() function
s3:libsmb: don't let cli_session_creds_init() overwrite the default domain with ""
s3:libsmb: Use cli_cm_force_encryption() instead of cli_force_encryption()
s3:utils: Use cli_cm_force_encryption() instead of cli_force_encryption()
auth/credentials: make use of talloc_zero() in cli_credentials_init()
auth/credentials: let cli_credentials_set_password() fail if talloc_strdup() fails
auth/credentials: add cli_credentials_set_password_will_be_nt_hash() and the related logic
tests/credentials.py: add test for cli_credentials_set_password_will_be_nt_hash()
tests/credentials.py: verify the difference of parse_string("someone") and parse_string("someone%")
auth/credentials: add py_creds_parse_file()
tests/credentials.py: add very simple test for py_creds_parse_file
auth/credentials: add python bindings for enum credentials_obtained
auth/credentials: handle situations without a configured (default) realm
tests/credentials.py: add tests with a realm from smb.conf
auth/credentials: let cli_credentials_parse_string() always reset username and domain
auth/credentials: let cli_credentials_parse_string() always reset principal and realm
tests/credentials.py: add tests to verify realm/principal behaviour of cli_credentials_parse_string()
auth/credentials: let cli_credentials_parse_file() handle 'username' with cli_credentials_parse_string()
tests/credentials.py: verify the new cli_credentials_parse_file() 'username' parsing
auth/credentials: change the parsing order of cli_credentials_parse_file()
tests/credentials.py: demonstrate the last 'username' line of creds.parse_file() beats other lines
s3:popt_common: let POPT_COMMON_CREDENTIALS imply logfile and conffile loading
s3:user_auth_info: let struct user_auth_info use struct cli_credentials internally
CVE-2016-2125: s4:scripting: don't use GSS_C_DELEG_FLAG in nsupdate-gss
CVE-2016-2125: s3:gse: avoid using GSS_C_DELEG_FLAG
CVE-2016-2125: s4:gensec_gssapi: don't use GSS_C_DELEG_FLAG by default
CVE-2016-2126: auth/kerberos: only allow known checksum types in check_pac_checksum()
HEIMDAL:lib/krb5: move checksum vs. enctype checks into get_checksum_key()
HEIMDAL:lib/krb5: use krb5_verify_checksum() in krb5_c_verify_checksum()
s3:printing: remove double PRINT_SPOOL_PREFIX define
s3:libsmb: add cli_smb1_setup_encryption*() functions
s3:torture: make use of cli_smb1_setup_encryption() in force_cli_encryption()
s3:client: make use of cli_smb1_setup_encryption() in cmd_posix_encrypt()
s3:libsmb: make use of cli_smb1_setup_encryption() in cli_cm_force_encryption()
s3:libsmb: remove unused cli_*_encryption* functions
s3:libsmb: make use of get_cmdline_auth_info_creds() in clidfs.c:do_connect()
s3:libsmb: avoid using cli_session_setup() in SMBC_server_internal()
s3:libsmb: remove now unused cli_session_setup()
s3:libsmb: make use of cli_tree_connect_creds() in clidfs.c:do_connect()
s3:libsmb: make use of cli_tree_connect_creds() in SMBC_server_internal()
s3:libsmb: split out cli_cm_force_encryption_creds()
s3:libsmb: make use of cli_cm_force_encryption_creds() where we already have creds
s3:client: use cli_cm_force_encryption_creds in smbspool.c (in a #if 0 section)
s3:libsmb: pass cli_credentials to cli_check_msdfs_proxy()
s3:libsmb: Always use GENSEC_OID_SPNEGO in cli_smb1_setup_encryption_send()
krb5_wrap: fix smb_krb5_cc_copy_creds() for MIT krb5
Happy New Year 2017!
s4:librpc/rpc: don't do an anonymous bind over ncacn_np:server[packet]
s4:librpc/rpc: make sure we handle DCERPC_PACKET before DCERPC_CONNECT
s3:librpc/gse: include ccache_name in DEBUG message if krb5_cc_resolve() fails
s3:librpc/gse: remove unused #ifdef HAVE_GSS_KRB5_IMPORT_CRED
s3:librpc/gse: make use of gss_krb5_import_cred() instead of gss_acquire_cred()
VERSION: Bump version up to 4.6.0rc2...
s3:winbindd: talloc_steal the extra_data in winbindd_list_users_recv()
script/release.sh: fix off by 1 error in announce.${tagname}.mail.txt creation
s3:smbd: allow "server min protocol = SMB3_00" to go via "SMB 2.???" negprot
selftest/Samba3: use "server min protocol = SMB3_00" for "ktest"
s4:dsdb/repl: s/highestCommitedUsn/highestCommittedUSN
s4:libnet: s/highestCommitedUSN/highestCommittedUSN
drsuapi.idl: add drsuapi_DrsMoreOptions with DRSUAPI_DRS_GET_TGT
drsuapi.idl: make drsuapi_DsGetNCChangesRequest10 [public]
python/join: set common replica_flags in dc_join.__init__()
python/join: use DRSUAPI_DRS_GET_NC_SIZE for the initial replication
torture/drs: remove pointless nc_object_count replication checks in test_link_utdv_hwm()
getncchanges: only set nc_{object,linked_attributes}_count with DRSUAPI_DRS_GET_NC_SIZE
getncchanges: pass struct ldb_message as const
getncchanges: remember the ncRoot_guid on the getncchanges state
getncchanges: don't process DRSUAPI_DRS_CRITICAL_ONLY for EXOPs
getncchanges: remove unused c++ comments/code in getncchanges_collect_objects()
getncchanges: fix highest_usn off by one calculation in get_nc_changes_add_links()
getncchanges: improve get_nc_changes_build_object() by checking uSNChanged
getncchanges: improve get_nc_changes_add_links() by checking uSNChanged
getncchanges: calculate getnc_state->min_usn calculation based on the uptodateness vector
getncchanges: implement DRSUAPI_DRS_GET_ANC more correctly
s4:tests/sec_descriptor: use more unique oid values
libcli/auth: check E_md4hash() result in netlogon_creds_cli_ServerPasswordSet_send()
libcli/auth: add netlogon_creds_cli_debug_string()
lib/util: add generate_random_machine_password() function
s3:libsmb: let trust_pw_change() debug more verbose information
s3:libsmb: let trust_pw_change() verify the new password at the end.
s3:libsmb: add trust_pw_new_value() helper function
s3:libsmb: use trust_pw_new_value() in trust_pw_change()
s3:libads: use trust_pw_new_value() for krb5 machine passwords
s3:libnet_join: make use of trust_pw_new_value()
s3:net_rpc_trust: make use of trust_pw_new_value()
s3:include: remove unused DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH
s4:libcli/raw: remove unused DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH
s4:libnet: make use of generate_random_machine_password()
s4:dsdb: autogenerate a random utf16 buffer for krbtgt password resets.
python/samba: provision_dns_add_samba.ldif expects utf-16-le passwords
python/samba: use an explicit .encode('utf-8') where we expect utf8 passwords
pyglue: add generate_random_machine_password() wrapper
samba-tool:domain: use generate_random_machine_password() for trusted domains
samba-tool:domain: use generate_random_machine_password() for machine passwords
samba-tool:provision: use generate_random_machine_password() for machine passwords
s4:scripting: use generate_random_machine_password() for machine passwords
krb5_wrap: use our own code to calculate the ENCTYPE_ARCFOUR_HMAC key
librpc/rpc: fix regression in NT_STATUS_RPC_ENUM_VALUE_OUT_OF_RANGE error mapping
libcli/auth: use the correct creds value against servers without LogonSamLogonEx
s3:winbindd: make sure cm_prepare_connection() only returns OK with a valid tree connect
Revert "s3-winbind: Fix schannel connections against trusted domain DCs"
s3:winbindd: try a NETLOGON connection with noauth over NCACN_NP against trusted domains.
auth/credentials: try to use kerberos with the machine account unless we're in an AD domain
s3:winbindd: fix the valid usage anonymous smb authentication
s3:passdb: use cli_credentials_set_kerberos_state() for trusts in pdb_get_trust_credentials()
s3:winbindd: add more debugging to cm_prepare_connection()
s3:winbindd: rely on the kerberos_state from pdb_get_trust_credentials()
s3:libads: add more debugging to ads_sasl_spnego_bind()
s3:winbindd: allow a fallback to NTLMSSP for LDAP connections
s3:idmap_ad: make use of pdb_get_trust_credentials() to get the machine account creds
talloc/wscript: avoid passing pointless enabled=True to SAMBA_PYTHON()
talloc: fix TALLOC_VERSION_* mismatch detection
pytalloc: add pytalloc_GenericObject_{steal,reference}[_ex]()
talloc: version 2.1.9
py_net: make use of pytalloc_GenericObject_steal()
pidl:Python: make sure print HASH references for STRUCT types
pidl:Python: replace pytalloc_CObject_FromTallocPtr() with pytalloc_GenericObject_reference_ex()
pidl:Python: use of pytalloc_GenericObject_reference*() for pyrpc_{ex,im}port_union() wrapping
gensec:spnego: Add debug message for the failed principal
s3:winbindd: fix endless forest trust scan
ldb-samba: remember the error string of a failing bind in ildb_connect()
s4:ldap_server: match windows in the error messages of failing LDAP Bind requests
winbindd: find the domain based on the sid within wb_lookupusergroups_send()
idmap_autorid: allocate new domain range if the callers knows the sid is valid
s4:gensec_gssapi: the value gensec_get_target_principal() should overwrite gensec_get_target_hostname()
s4:gensec_gssapi: require a realm in gensec_gssapi_client_start()
HEIMDAL:kdc: make it possible to disable the principal based referral detection
s4:kdc: disable principal based autodetected referral detection
wafsamba: move -L/some/path from LINKFLAGS_PYEMBED to LIBPATH_PYEMBED
script/autobuild.py: cleanup the task subdirs when they're done.
script/autobuild.py: export PYTHONUNBUFFERED=1
script/autobuild.py: add a do_print() wrapper function that flushes after each message
script/autobuild.py: try to make TMPDIR handling more verbose
script/autobuild.py: ignore missing test_tmpdir
rpcclient: allow -U'OTHERDOMAIN\user' again
pam_winbind: no longer use wbcUserPasswordPolicyInfo when authenticating
samba-tool: let 'samba-tool user syncpasswords' report deletions immediately
Steve French (1):
lib: Annotate well known SID names
Tom Mortensen (2):
nss_wins: ip_pton expects the raw IP address
nss_wins: Fix the hostent setup
Trever L. Adams (2):
Update smbrun to allow for settings environment variables.
strv.c: add strv_to_env for use with execle, etc.
Uri Simchoni (116):
selftest: run net ads join test in a private client env
selftest: add some test cases to net ads join
build: fix disk-free quota support on Solaris 10
build: improve comments in tests/oldquotas.c
smbd: remove quota support for some ancient OSs
build: fix build when --without-quota specified
vfs_acl_common: avoid setting POSIX ACLs if "ignore system acls" is set
seltest: add test for "ignore system acls" in vfs_acl_xattr.
lib/util: fix function comment
s3-profile: reduce dependencies of smbprofile.h
s3-profile: add PROFILE_TIMESTAMP macro
asys: call clock_gettime_mono() only on profile-enabled build
vfs_aio_linux: call clock_gettime_mono() only on profile-enabled build
vfs_aio_fork: call clock_gettime_mono() only on profile-enabled build
vfs_glusterfs: call clock_gettime_mono() only on profile-enabled build
nt-quotas: vfs_get_ntquota() return NTSTATUS
nt-quotas: return 0 as indication of no quota
ntquotas - skip entry if the quota is zero
sys-quotas: do not fail if user has no quota
xfs-quota: do not fail if user has no quota
nfs-quota: do not fail on ECONNREFUSED
smbd: do not cover up VFS failures to get quota
smbcquotas: print "NO LIMIT" only if returned quota value is 0.
tdb: rework cleanup logic in tdb_runtime_check_for_robust_mutexes()
libads: record session expiry for spnego sasl binds
nt-quotas: fixup failure case for TRANSACT_GET_USER_QUOTA_FOR_SID
xfs quotas - fix case of no quota for user
Reset WHATSNEW.txt for 4.5.x series
smbd: remove "only user" and "username" parameters
WHATSNEW: Document "only user" removal
heimdal: encode/decode kvno as signed integer
s3-quotas: fix sysquotas_4B quota fetching for BSD
heimdal make kvno unisgned internally
s3-sysquotas-linux: remove support for old interfaces
s3-sysquotas-linux: remove check for EDQUOT on getting user quota
s3-sysquotas-linux - cleanup
vfs_fake_dfq: add more mocking options
selftest: add disk-free quota tests
smbd: dfree - ignore quota if not enforced
s3-sysquotas-linux: do not check for EDQUOT
selftest: remove test for EDQUOT returned from quota backend
vfs_fake_dfq - remove support for generating EDQUOT
s3-sysquotas: remove special handling of EDQUOT
s3-dfree-quota: remove special handling of EDQUOT
selftest: Add test for domain join + kerberos-only auth
s3-libads: fix a memory leak in ads_sasl_spnego_bind()
auth: fix a memory leak in gssapi_get_session_key()
s3-param: add kerberos encryption types parameter
libads: use "kerberos encryption types" parameter
heimdal: honor conf enctypes when obtaining a service ticket
selftest: tests for kerberos encryption types
selftest: add a test for "inherit owner" parameter
smbd: add an option to inherit only the UNIX owner
selftest: add a test for new "inherit owner" option
quotas: small cleanup
smbd: get a valid file stat to disk_quotas
smbd: use owner uid for free disk calculation if owner is inherited
selftest: refactor test_dfree_quota.sh - add share parameter
selftest: add tests for dfree with inherit owner enabled
s4-smbtorture: use standard macros in smb2.read test
s4-selftest: add functions which create with desired access
s4-selftest: add test for read access check
seltest: implicit FILE_READ_DATA non-reporting
seltest: allow opening files with arbitrary rights in smb2.ioctl tests
s4-smbtorture: pin copychunk exec right behavior
smbd: look only at handle readability for COPYCHUNK dest
smbd: allow reading files based on FILE_EXECUTE access right
s2-selftest: run shadow_copy2 test both in NT1 and SMB3 modes
selftest: add content to files created during shadow_copy2 test
selftest: check file readability in shadow_copy2 test
selftest: test listing directories inside snapshots
vfs_shadow_copy: handle non-existant files and wildcards
selftest: skip client_etypes tests if tshark or sha1sum is not installed
selftest: detect older tshark version
heimdal-lib/krb5: keep a copy of config etypes in the context
heimdal: revert 1f90983324b9f5804dc57f87c5f7695b0e53db8d
s3-cliquota: correctly handle no-more-entries
smbcquotas: fix error message listing quotas
ntquotas: support "freeing" an empty quota list
cliquota: fix param count when setting fs quota
smbd: free talloc context if no quota records are available
s3-libsmb: Support getting fs attributes via SMB2
s3-libsmb: make parse_user_quota_record() public
s3-libsmb: support getting user's quota in SMB2
cliquota: refactor and cleanup listing of user quotas
cliquota: some security hardening
cliquota: factor out parsing of a quota record buffer
cliquota: implement quota listing in SMB2
cliquota: factor out fs quota parsing
cliquota: support getting fs quota by SMB2
cliquota: factor out building of FILE_QUOTA_INFORMATION
cliquota: support setting user quota via SMB2
cliquota: factor out building of FILE_FS_CONTROL_INFORMATION
cliquota: support setting file system quota via SMB2
smbcquotas: add -m option
README.Coding: Remove an extra space
README.Coding: Add rule about function declaration indentation
README.Coding: Add clang-format style file
s3-sysquotas: correctly restore path when finding mount point
selftest: test NTLM user at realm authentication
winbindd: do not modify credentials in NTLM passthrough
smbd: in ntlm auth, do not map empty domain in case of \user at realm
WHATSNEW: document kerberos encryption types
WHATSNEW: document new inherit owner option
smbd: avoid extra churn on a debug print
cli-quotas: fix potential memory leak
waf: backport finding of pkg-config
smbd: add zero_file_id flag
vfs_fruit: enable zero file id
vfs_fruit: document added zero_file_id parameter
torture: add torture_assert_mem_not_equal_goto()
selftest: tests for vfs_fruite file-id behavior
selftest: test fetching a large ACL from vfs_acl_xattr
vfs_xattr_tdb: handle case of zero size.
vfs_acl_xattr: factor out fetching of an extended attribute
vfs_acl_xattr: avoid needlessly supplying a large buffer to getxattr()
Volker Lendecke (470):
vfs_united_media: Fix CID 1355492 Uninitialized scalar variable
smbd: Avoid an "else"
smbd: Prevent a crash
libads: Fix CID 1356316 Uninitialized pointer read
crypto: Fix CID 1356314 Resource leak
lib: Fix CID 1356315 Dereference before null check
ctdb: Fix CID 1356313 Explicit null dereferenced
libsmb: Fix CID 1356312 Explicit null dereferenced
winbind: Fix CID 1357100 Unchecked return value
torture: Fix the O3 developer build
idmap: Factor out lp_scan_idmap_domains()
winbind: Introduce id_map_ptrs_init
winbind: Do per-domain xids2sids calls
winbind: Add idmap_backend_unixids_to_sids
winbind: Pass down the domain name to xids2sids
winbind: Use plural xids2sids in _wbint_UnixIDs2Sids
winbind: Remove unused idmap_[ug]id_to_sid
winbind: Remove unused idmap_backends_unixid_to_sid
winbind: Fix a typo in a wrong comment...
pam_winbind: Avoid a use of sprintf
docs: build idmap_script.8 by default
docs: Mention _NO_WINBINDD in idmap_script.8
nwrap: Fix the build on Solaris
vfs_catia: Align loop index with terminator
vfs_catia: Fix bug 11827, memleak
tdb mutex check: Fix CID 1358473 Uninitialized scalar variable
idmap_ad: Separate out the nss functions
tldap: Add tldap_get/set_stream
tldap: Add tldap_gensec_bind
winbind: Add wb_dsgetdcname_gencache_[gs]et
winbind: handle DC_NOT_FOUND in wb_sids2xids
winbind: handle DC_NOT_FOUND in wb_xids2sids
winbind: Base idmap_ad on tldap
pdb_ldap: Don't use autofree if "mods" still changes
ctdbd_conn: Adapt loop counter's type to the loop limit
ctdbd_conn: Use sys_poll_intr
ctdbd_conn: Use ctdbd_init_connection in ctdbd_probe
ctdbd_conn: Make ctdbd_init_connection public
lib: Use ctdbd_init_connection in messaging_ctdbd_init
ctdbd_conn: Remove unused ctdbd_messaging_connection
lib: Move ctdbd_init_connection out of ctdbd_traverse()
lib: serverid.h references struct server_id
ctdbd_conn: Avoid "includes.h"
ctdbd_conn: Use ctdbd_control_local where possible
ctdbd: Use talloc_memdup where appropriate
ctdbd_conn: Add some more debug info
ctdbd_conn: Make "cstatus" int32_t
dbwrap_ctdb: Fix ENOENT->NT_STATUS_NOT_FOUND
smbd: Avoid large reads beyond EOF
docs: Fix an outdated remark, tdbsam is default
lib: The base64 chars are by definition single-byte :-)
lib: =0 and |= is equivalent to =
lib: Make callers of base64_encode_data_blob check for success
lib: Remove SMB_ASSERT from base64_encode_data_blob
lib: Give base64.c its own .h
lib: Avoid includes.h in base64.c
smbd: Remove an unused #define
smbd: Fix an assert
ctdb: Improve debug in case of set_runstate failure
ctdb: Fix the O3 developer build
lib: Fix a signed/unsigned mixup
lib: Fix some whitespace
torture: Remove a use of get_my_vnn()
ctdbd_conn: remove ctdb_processes_exist
ctdbd_conn: Simplify two DEBUGs
ctdbd_conn: "sockname" is not needed anymore
ctdbd_conn: Expose ctdb socket readability handler
lib: Move async message handling out of ctdbd_conn
dbwrap_ctdb: Align loop index with terminator
dbwrap_ctdb: Add "conn" to db_ctdb_ctx
dbwrap_ctdb: Pass in ctdbd_connection
dbwrap: Add "msg_ctx" to db_open_ctdb
ctdbd_conn: Remove messages.h dependency
dbwrap_ctdb: Fix some 32-bit hickups
dbwrap_ctdb: Remove get_my_vnn dependency
ctdb: Fix CID 1361817 Dereference after null check
ctdb: Fix CID 1327222 Copy into fixed size buffer
vfs_fileid: Fix a signed/unsigned mixup
vfs_fruit: Fix a few signed/unsigned mixups
samdb: Improve debugging in acl_validate_spn_value()
drsuapi: Improve debug in DsWriteAccountSpn
dsdb: Simplify acl_validate_spn_value
lib: Move msghdr to lib/util/
lib: Move poll_funcs to lib/
lib: Add accept_send/recv
lib: Fix CID 1362566 Dereference null return value
rpc_server: Fix CID 1362565 Improper use of negative value
libsmb: Fix two CIDs for NULL dereference
lib: Fix a signed/unsigned mixup
libreplace: Add a closefrom() implementation
lib: Add a little closefrom() test
smbd: Fix a signed/unsigned hickup
smbd: Fix a valgrind error
libnet: Fix CID 1362934: CHECKED_RETURN
ldb: Fix CID 1362935: CHECKED_RETURN
dsdb: Fix CID 1363810: Null pointer dereferences
lib: Print own pid in messaging_init
lib: Avoid a "procid_is_local" call
lib: Allow NULL blob for messaging_send()
tdb: Don't malloc for every record in traverse
lib: Add server_id_watch_send
dbwrap: Add "blocker" to record_watch_send
g_lock: Use "blocker" argument to dbwrap_record_watch_send
dbwrap: Add overflow protection to dbwrap_record_watchers_key()
dbwrap: Add an alternative implementation of dbwrap_watch_record_send
lib: Convert g_lock to new dbwrap_watch
smbd: Convert locking.tdb to new dbwrap_watch
smbd: Convert smbXsrv_open_global.tdb to new dbwrap_watch
smbd: Remove a reference to dbwrap_watch_db()
dbwrap: Remove dbwrap_watchers.tdb based code
lib: Fix a signed/unsigned mixup
smbd: Don't stop sending to children when one send fails
smbd: sconn->sys_notify_ctx is not used
smbd: Factor out notify_init
smbd: Add fsp_fullbasepath
smbd: Avoid a talloc_asprintf
smbd: Add "path" to notify_remove
smbd: "path" is no longer needed in notify_list
smbd: Make notify_callback() public
smbd: There's only one notify_callback
smbd: Pass "sconn" via notify to notify_callback()
smbd: Protect notify_callback from stray pointers
smbd: Remove "listel" from notify_msg
notify_msg: Deregister handler upon talloc_free
smbd: Remember notifyd's serverid
smbd: Log which notifyd was found
smbd: Store notify filters in fsp->notify
smbd: Restart notifyd
smbd: Re-register notify requests
notifyd: Move BlockSignals calls to server.c
smbd: Enable leases by default
tevent: Save 32 bytes of .text in tevent_req_create
tevent: Save 140 bytes of .text in tevent_req_create
tevent: Add overflow protection to tevent_req_create
dsdb: Fix CID 1364520 Incorrect expression (EVALUATION_ORDER)
lib: Move "message_send_all" to serverid.c
fss_agent: Fix a signed/unsigned mixup
pyrpc: Fix CID 1364169 Explicit null dereferenced
ctdb: Fix uninitialized variable warnings
lib: Fix a pointless error check
ldb: Fix two signed/unsigned hickups
ldb: Fix some signed/unsigned hickups
lib: Use replace.h properly in pthreadpool
nfs4acls: Remove a typedef
nfs4acls: Add some const
nfs4acls: Add "smbacl4_vfs_params" parameter to smb_fget_nt_acl_nfs4
nfs4acls: Add "smbacl4_vfs_params" parameter to smb_get_nt_acl_nfs4
nfs4acls: Add "smbacl4_vfs_params" parameter to smb_set_nt_acl_nfs4
nfs4acls: Make smbacl4_vfs_params public
nfs4acls: Allow nfs4 acl params to be set by callers
vfs_gpfs: Load nfs4 acl params at tcon time
ctdb: Fix the O3 developer build on RHEL7
tevent: Fix a typo
lib: Cleanup includes in messages_dgm
lib: Fix poll_func_timeout prototypes
lib: Change poll_funcs to take direct timevals
lib: Remove "num_watches" from poll_funcs_state
lib: Remove "num_contexts" from poll_funcs_state
lib: Implement poll_timeout
messaging_dgm: Fix signed/unsigned hickups
libreplace: Ask for eventfd(2)
tevent: Fix a typo
tevent: Move the async wakeup pipe to common
tevent: Add threaded immediate activation
lib: enable threaded immediates in source3
tevent: reorder tevent_context for cache locality
tevent: Simple test for threaded immediates
tevent: Move rundown of the event pipe
tevent: Move a variable declaration into a while block
tevent: Use eventfd for signal/thread wakeup
lib: Add pthreadpool_pipe
lib: Use pthreadpool_pipe instead of pthreadpool
lib: Move pipe signalling to pthreadpool_pipe.c
lib: add job data to to callback
lib: Add pthreadpool_tevent
smbtorture3: Add LOCAL-PTHREADPOOL-TEVENT
smbd: Add pthreadpool_tevent to smbd_server_connection
vfs: Convert vfs_pread_send to pthreadpool_tevent
vfs: Convert vfs_write_send to pthreadpool_tevent
vfs: Convert vfs_fsync_send to pthreadpool_tevent
vfs: Remove link to asys_
lib: Remove unused source3/lib/asys
rpc_server: Fix a typo
docs: Fix a typo
dbwrap_watch: Add dsize to DEBUG, avoid casts
tdb: Fix a signed/unsigned hickup
tdb: Do an overflow check
tdb: Remove unnecessary checks
tdb: Allow _v variant in tdb_update_hash_cmp
tdb: Vectorize tdb_update_hash
tdb: Vectorize _tdb_store
tdb: Add tdb_trace_1plusn_rec_flag_ret
tdb: Add tdb_storev
tdb: Use tdb_storev in tdb_append
dbwrap: Use tdb_storev in dbwrap_ctdb
lib: Use tdb_storev in gencache
pthreadpool: Fix formatting
pthreadpool: We always want asserts to abort()
pthreadpool: Signal job completion without the pool mutex
ldb: Fix a signed/unsigned hickup
tevent: Fix some typos
kcc: Fix a -Werror,-Wformat-security error
lib: call_backtrace() is no more
notifyd: Fix bad comment wording
notifyd: Avoid "includes.h"
notifyd: Trim down the noncluster case
notifyd: Don't trust remote pointers
lib: Avoid a few casts
auth: One const is enough...
unix_msg: Fix CID 1372875 Double close
unix_msg: Fix unix_dgram_send_queue_init
smbd: Reset O_NONBLOCK on open files
tevent_tutorial: Fix typos
tevent_tutorial: Fix tevent_thread referencing
gencache: Bail out of stabilize if we can not get the allrecord lock
glusterfs: Avoid tevent_internal.h
lib: Only return "rec" on demand in messaging_filtered_read_recv
wbclient: "ev" is no longer used in wbc_sids_to_xids
wbclient: "ev" is no longer used in wbc_xids_to_sids
messaging: Add wrap check to messaging_rec_dup
lib: Fix CID 1373389 Uninitialized scalar variable
lib: Fix CID 1373388 Uninitialized scalar variable
lib: Fix bug 12291
dbwrap_watch: Improve a debug message
messaging4: Fix signed/unsigned hickups
tevent: Factor out tevent_common_insert_timer
tevent: Add tevent_update_timer()
tevent: Rename wakeup fds
tevent: Add tevent_common_wakeup_fd()
tevent: Make talloc_free safe when threaded_contexts exist
pthreadpool: Make "shutdown" a bool
pthreadpool: Use detached threads
pthreadpool_pipe: Implement EBUSY for _destroy
pthreadpool_tevent: Move the pthreadpool_tevent_job_state declaration
pthreadpool_tevent: Drop running jobs on talloc_free
pthreadpool: Add a small test for pthreadpool_tevent
messages_dgm: Convert to pthreadpool_tevent
lib: Remove unix_msg
lib: Remove poll_funcs
messaging: add an overflow test
lib: Add messaging_rec_create
messaging: Optimize self-sends
tevent: Add tevent_req_reset_endtime
messages_dgm: Drop a segment if we can't ship it for 60 seconds
messages_dgm: Pass down event_ctx one level
messages_dgm: Pass receiving "ev" to recv_cb
messages_dgm_ref: Pass receiving "ev" to recv_cb
messaging: Pass "ev" to messaging_dispatch_rec
messaging: Act on messages within the right context
messaging4: Postpone messages to the right tevent context
messaging: Make messaging_dgm_register_tevent_context return a tevent_fd
messaging: Disable the correct fde on error
messaging: Avoid a default tevent_fd
messaging: Avoid crashes
messages_dgm: Avoid an unnecessary declaration
messaging: Add an indirection for messaging_dgm_register_tevent_context
nfs4acls: Fix SMB_ACE4_MAX_TYPE define
lib: Fix CID 1373623 Dereference after null check
messaging: add an overflow check
spoolss: Fix caching of printername->sharename
debug: Fix a few signed/unsigned hickups
smbd: Fix a comment
examples: Add smb2mount
pthreadpool: Rearrange locks a bit
talloc: Fix CID 1373621 Unchecked return value
pthreadpool: Fix CID 1373620 Unchecked return value from library
messaging: Fix CID 1373625 Unused value
messaging: Fix CID 1373622 Extra high-order bits
talloc: Fix CID 1373619 Unchecked return value
ctdb: Fix format errors for time_t!=long
ctdb: Add a required include
lib: Fix a pthreadpool race condition
vfs: Fix warnings for time_t != long
ldb: Fix a signed/unsigned mixup
lib: Fix an uninitialized variable
loadparm: Fix a warning for increased alignment
lib: Fix a signed/unsigned hickup
torture: Fix clang errors
torture: Fix uninitialized variables
libcli: Increase the debug level for expired tickets
wbinfo: Use ntlmv2 by default for wbinfo -a
lib: memcache.h needs some includes
lib: Avoid includes.h in access.c
lib: Rename fgets_slash to x_fgets_slash
lib: Reformat x_fgets_slash
lib: Apply an overflow check
lib: Move x_fgets_slash to xfile.c
lib: Remove global xfile.h includes
ntlm_auth: Avoid some statics
ldb: version 1.1.28
selftest: Fix timestamps on FreeBSD 11
ntlm_auth4: Remove it
tdb: NULL out tdb->mutexes in tdb_mutex_munmap
tdb: Only mmap the mutex area if not already mmap'ed
tdb: Fix mutexes on FreeBSD
ldb: Fix typos
ldb: Fix an unused variable warning
lib: Avoid includes.h in bitmap.c
lib: Delete an orphaned piece of code in samlogon_cache.c
lib: Delete unused netsamlogon_cache_shutdown
lib: Fix netsamlogon_cache_have for README.Coding
lib: Add samlogon_cache.h
lib: Avoid fstring in samlogon_cache.c
lib: Replace use of deprecated talloc_destroy
lib: Avoid includes.h in samlogon_cache.c
lib: Fix a comment
lib: Remove a used-once variable
winbind: lookup_usergroups_cached doesn't use the "domain" parameter
idmap_hash: Make lw_map_file static
idmap_hash: stdio.h comes with replace.h
idmap_autorid: Add a {} pair in an if-statement
lib: Make dom_sid_parse_endp init "endp" on all "ok" paths
idmap_autorid: dom_sid_parse_endp always initializes "endp" when ok
winbind: dom_sid_parse_endp always initializes "endp" when ok
smbclient4: xfile->stdio
smbclient: xfile->stdio
idmap_hash: xfile->stdio
lib: popt_common xfile->stdio
lib: Add fgets_slash
smbd: username map file handling xfile->stdio
torture: upload_printer_driver_file xfile->stdio
ntlm_auth3: xfile->stdio
vfs: expand_msdfs xfile->stdio
rpc_server: svcctl xfile->stdio
printing: std_pcap_cache_reload xfile->stdio
printing: Convert aix_cache_reload to stdio
libnbt: lmhosts xfile->stdio
lib: smbreadline xfile->stdio
nmbd: xfile->stdio
lib: Remove xfile
libsmb: Correctly report error for rename failure
samlogon_cache: Simplify netsamlogon_cache_have
samlogon_cache: Add the user's domain sid into the samlogon_cache
samlogon_cache: Rename "user_sid" to "sid"
idmap_autorid: Slightly simplify idmap_autorid_unixids_to_sids
idmap_tdb: Harden idmap_tdb_common_unixid_to_sid
idmap_autorid: Protect against dsize==0
idmap_autorid: Fix a comment
idmap_autorid: Tighten idmap_autorid_id_to_sid a bit
idmap_autorid: idmap_autorid_sid_to_id_rid only uses low_id from "range"
idmap_autorid: idmap_autorid_sid_to_id_rid only uses rangesize from "global"
idmap_autorid: Do a readonly attempt before looking at the tdc cache
idmap_autorid: Only look at the tdc cache when allocating ranges
idmap_autorid: Add ntstatus to a debug message
idmap_autorid: Fix checks for valid domains to allocate ranges for
idmap_autorid: Make idmap_autorid_acquire_range public
idmap_autorid: Use acquire_range directly
idmap_autorid: Fix a race condition when acquiring ranges
idmap_autorid: Fix a small memleak
idmap_autorid: Simplify idmap_autorid_loadconfig
CVE-2016-2123: Fix DNS vuln ZDI-CAN-3995
HEIMDAL:lib/krb5: Harden ARCFOUR_sub{en,de}crypt()
HEIMDAL:lib/krb5: Harden _krb5_derive_key()
idl: Fix a comment typo
lib: Fix whitespace in lmhosts.c
lib: Fix a comment in idmap_cache.c
ctdb: Fix CID 1398179 Argument cannot be negative
ctdb: Fix CID 1398178 Argument cannot be negative
ctdb: Fix CID 1398175 Dereference after null check
idmap_autorid: Add the error string in a debug
idmap_rid: Add the error string in a debug
idmap: Pass up the xid2sids unix-ids from the idmap child
idmap: Prime gencache after xids2sids calls
winbindd: Use idmap cache in xids2sids
idmap4: Fix idmap_ctx talloc hierarchy
idmap4: Fix error path memleaks in idmap_init
idmap4: Slightly simplify idmap_xid_to_sid
lib: Add lib/util_unixsids.h
passdb: Move lookup_unix_[user|group]_name to lookup_sid.c
lib: Add required prerequisites for librpc/gen_ndr/security.h
lib: Avoid an includes.h
idmap4: Use sid_check_is_in_unix_users()
idmap4: Use sid_check_is_in_unix_groups()
winbind: Initialize user list info to 0
winbind4: Remove unused code
winbind: Fix wb_lookupsids for AD DCs
idmap: Simplify idmap_ad_nss_init()
winbind: It's legitmate to have 0 groups in info3
winbind: Make "idmap_find_domain" public
winbind: Add a GetNssInfo parent/child call
winbind: Adapt cache to extended wbint_userinfo
winbind: Restructure wb_getpwsid
idmap_ad: Restore querying SFU nss info
winbind: Don't do supplementary group lookup manually
winbind: Simplify wb_gettoken
winbind: Fix a confusing indentation
winbind: Add wbint_QueryUserRidList
winbind: Go throught wb_getpwsid for listing users
winbind: Remove wb_fill_pwent
winbind: Remove find_builtin_domain helper function
libsmb: Add name_status_lmhosts
lib: Remove a duplicate prototype
libcli: Use "all_zero" where appropriate
auth3: Use "all_zero" where appropriate
libcli: Use "all_zero" where appropriate
libcli: Use "all_zero" where appropriate
ntlm_auth: Use "all_zero" where appropriate
auth3: Avoid some zeros footprint
passdb: Use "all_zero" where appropriate
libcli: Use "all_zero" where appropriate
librpc: Use "all_zero" where appropriate
auth: Use "all_zero" where appropriate
libnet: Use "all_zero" where appropriate
librpc: Use "all_zero" where appropriate
lib: Use "all_zero" where appropriate
libads: Use "all_zero" where appropriate
samr3: Use "all_zero" where appropriate
kdc: Use "all_zero" where appropriate
auth4: Use "all_zero" where appropriate
torture-dfs: Use "all_zero" where appropriate
torture-samlogon: Use "all_zero" where appropriate
torture-samlogon: Avoid static zeros
torture-netlogon: Use "all_zero" where appropriate
winbind: Remove wbint_QueryUser
winbind: Remove unused wb_cache_query_user
winbind: Remove "query_user" backend function
winbind: Remove rpc_query_user
winbind: Add "expand_local_aliases" to wb_gettoken
winbind: Use wb_gettoken in getuserdomgroups
winbind: Remove wb_lookupusergroups
winbind: Remove wbint_LookupUserGroups
winbind: Remove wb_cache_lookup_usergroups
winbind: Remove wcache_lookup_usergroups
winbind: Remove validate_ug
winbind: Remove "lookup_usergroups" winbind method
winbind: Remove rpc_lookup_usergroups
winbind: Make wb_query_user_list just return names
winbind: Make list_users use wb_query_user_list
winbind: Remove wbint_QueryUserList
winbind: Simplify query_user_list to only return rids
winbind: Remove unused nss_get_info_cached
winbind: Remove nss_get_info()
winbind: remove nss_get_info backend functions
winbind: Avoid a few explicit ZERO_STRUCT calls
winbind: Fix a typo
messaging: Fix dead but not cleaned-up-yet destination sockets
WHATSNEW: document winbind changes
winbind: Fix CID 1398533 Resource leak
winbind: Fix CID 1398533 Resource leak
winbind: Fix CID 1398531 Resource leak
winbind: Fix CID 1398530 Resource leak
winbind: Fix CID 1398530 Resource leak
winbind: Fix a typo
winbind: Don't add duplicate IDs in wbinfo -r
smbd: Fix "map acl inherit" = yes
Revert "winbind: Remove rpc_lookup_usergroups"
Revert "winbind: Remove "lookup_usergroups" winbind method"
Revert "winbind: Remove validate_ug"
Revert "winbind: Remove wcache_lookup_usergroups"
Revert "winbind: Remove wb_cache_lookup_usergroups"
Revert "winbind: Remove wbint_LookupUserGroups"
Revert "winbind: Remove wb_lookupusergroups"
Re-enable token groups fallback
smbd: Do an early exit on negprot failure
torture3: Add test for smbd crash
s3:winbind: Use the correct talloc context for user information
smbd: Fix smb1 findfirst with DFS
selftest: Test for bug 12558
idmap_rfc2307: Don't stop after 30 entries
idmap_rfc2307: "ldap_next_entry" needs the previous entry, not the start
test_idmap_rfc2307: Remove the correct file
test_idmap_rfc2307: Avoid a tmpfile
test_idmap_rfc2307: Correct usage
test_idmap_rfc2307: Do a recursive delete in ou=idmap
test_idmap_rfc2307: Test wbinfo -r for 35 supplementary group memberships
idmap_rfc2307: Don't stop after 30 entries
idmap_rfc2307: "ldap_next_entry" needs the previous entry, not the start
selftest: Avoid idmap caching when testing idmap_rfc2307
idmap_rfc2307: Test unix-ids-to-sids with 35 groups
CVE-2017-7494: rpc_server3: Refuse to open pipe names with / inside
Yan, Zheng (2):
s3: vfs: generalize functions that set/get posix acl through xattr
s3: vfs: ceph: Add posix acl support
martijn van brummelen (1):
ctdb-doc: Add ctdb_diagnostics man page
ouyang.xu (1):
pvfs_open win10 fix, need return SMB2_CREATE_TAG_QFID
-----------------------------------------------------------------------
No new revisions were added by this update.
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-samba/samba.git
More information about the Pkg-samba-maint
mailing list