The annotated tag, ldb-2.1.0 has been created at f5698d21c5e94186d82048b57512b907556069f8 (tag) tagging 79460b1b9f3452d6d68014b84f4a9dc3988bd916 (commit) replaces tevent-0.10.2 tagged by Stefan Metzmacher on Tue Jan 21 15:13:07 2020 +0100
- Log ----------------------------------------------------------------- ldb: tag release ldb-2.1.0 -----BEGIN PGP SIGNATURE----- iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAl4nBvMACgkQR5ORYRMI QCUtUAf/SqLyprEhEB9ZrmguuSezQaDvBr5GpK1ufOOd0iDQ5wwRqSPikhIc71kW V72bfy1yUjEQbYjtWiqAOhppAyZHxiPNmWxbZMdISMaZTn5viuh+S/F/Z5EvM8Pz Fd1z5ctSnIx+QbcdS9GVPDQnsupLk1vwWnotpLzL/TKREczOwJJktgmzMY7Tti9S fNVCw2uwqFU2Ptqs5XEneIafLf79XdeI+bfBBPIQ7t7W3pAkOadk9DPZuoN5oLes XqiQ+hKwS9BgCtkM/h7f5T/rLH4dWIA8+0RlOjdJfQwyItAhd72ZgWJHzwGpzQ3X B2kaARhXDlwLI91xk0nXPEhgEqqo1g== =kQMw -----END PGP SIGNATURE----- Alexander Bokovoy (1): s3-rpcserver: fix security level check for DsRGetForestTrustInformation Amitay Isaacs (1): build: add missing crypt dependency for auth4_unix Andreas Schneider (41): s3:rpc_server: Replace E_md5hash() with GnuTLS calls s3:winbindd: Replace E_md5hash() with GnuTLS calls s3:winbind: Replace E_md5hash() with GnuTLS calls libcli:auth: Remove unused E_md5hash() s4:lib:tls: Fix cert and privkey types s4:rpc_server: Return the status code from dcesrv_transport_session_key() s3:printing: Use httpConnect2 from CUPS gitignore: Add .build.log s3:winbind: Print priv pipe location ldb:tests: Avoid that the debug function overwrites memory ldb:tests: Allow test filtering in ldb_mod_op_test ldb: Avoid a possible NULL pointer dereference ldb:tests: Use assert_in_range() in test_get_size() ldb:tests: Add missing size check for tdb ldb:tests: Add missing null check for ldb_kv_private s3:tests: Remove the -I SERVER_IP so that Kerberos auth works s3:selfest: Do not print the env twice s3:smbspool: Map AUTH_INFO_REQUIRED=none to anonymous connection s3:smbspool_krb5_wrapper: Map AUTH_INFO_REQUIRED=none to anonymous s3:smbspool: Leave early if we print as root s4:lib: Make sure we close fd's in error path s3:rpc_server: Fix string compare for utmp entries s3:torture: Do not segfault if cli is NULL s3:smbd: Fix possible NULL deref in smbd_do_qfilepathinfo() s3:lib: Move NULL check before messaging_dgm_out_rearm_idle_timer() auth:tests: Improve debug output of test_gnutls auth:tests: Only enable torture_gnutls_aes_128_cfb() on GnuTLS >= 3.6.11 pidl: Remove Parse/Yapp/Driver.pm lib:crypto: Remove our implementation of AES CCM lib:crypto: Remove our implementation of AES GCM lib:crypto: Only build AES code if we need AES CMAC lib:crypto: Build intel aes-ni only if GnuTLS doesn't provide AES CMAC s3:script: Try to fix a Perl warning s3:libsmb: Generate the inode only based on the path component s3:libsmb: Add try_posixinfo to SMBSRV struct. Only enable for SMB1 with UNIX for now. s3:libsmb: Return a 'struct stat' buffer for SMBC_getatr() s3:libsmb: Add a setup_stat_from_stat_ex() function libsmbclient: If over SMB1 first try to do a posix stat on the file. librpc: Fix string length checking in ndr_pull_charset_to_null() librpc: Add test for ndr_string_length() docs-xml: 'mangled names = illegal' is the new default Andrew Bartlett (95): lib/fuzzing: Avoid NULL pointer de-ref from 0-length input lib/fuzzing: Free memory after successful load in fuzz_tiniparser witness.idl: Change array type in IDL for the print function ndr: Include the caller location in ndr_{pull,push}_error() messages librpc: Unify packet dumping on ndr_pull() failure ndrdump: Fix one more NTSTATUS rather than friendly ndr message ndrdump: print structure name when failing to setup ndrdump: TALLOC_FREE() on each exit path to allow running with leak detection ndrdump: Add const ndrdump: Check for input decode failures ndrdump: Allow for base64-encoded input in a file and on the command line ndrdump: Return a different error code for ndr_pull() failures ndrdump: Invert sense of --stop-on-parse-failure into --print-after-parse-failure ndrdump: Still print --dump bytes after parse failure python: Return the stdout when also checking error codes selftest: Confirm that --base64-input and --input work and a PIDL bug is fixed. selftest: Confirm that NDR bugs are fixed in DCOM code selftest: Test repushing an ntlmssp AUTHENTICATE_MESSAGE librpc: Check for NULL pointer in value() in ntlmssp_AUTHENTICATE lib/fuzzing: Use --fuzz-target-ldflags if specified lib/fuzzing/oss-fuzz: Add build_samba.sh for oss-fuzz lib/fuzzing/oss-fuzz: add stub build.sh that will not change often lib/fuzzing/oss-fuzz: Install chrpath as we use it in the build.sh script to set -rpath lib/fuzzing/oss-fuzz: copy required libraries to the build target lib/fuzzing: Add oss-fuzz info to README.md build: Do not build selftest binaries for builds without --enable-selftest librpc: Make CFDATA private to cab.idl and remove pull and push functions librpc/ndr: Remove unused ndr_cab_generate_checksum() ndrdump: Show the actual struct/function name in the print, not just what it was called ndrdump: Improve error message when the pipes fail to dump ndrdump: Do not run the validate step after a failure selftest: Test partial parse behaviour in ndrdump librpc: Avoid spinning on string_array elements with a short input selftest: Add ndrdump tests for malformed drsuapi traffic librpc/ndr: Do not follow a client-supplied NULL pointer in _print_drsuapi_DsAttributeValue_attid() librpc: Fill in full deps for NDR_* subsystems lib/fuzzing: Link only the required NDR_ subsystems into ndr_fuzz_X binaries lib/fuzzer: Remove rudundent install=False flag from fuzz_ndr_X build rule lib/fuzzer: Allow building a fuzz binary for just one interface lib/fuzzing: Tell the compiler we know we are ignoring errors in fuzz_reg_parse lib/fuzzing: Also confirm we can make a string filter from the parsed tree in fuzz_ldb_parse_tree lib/fuzzing: Add mode for the AFL fuzzer oss-fuzz: Align build.sh sh parameters with pattern from the oss-fuzz project lib/fuzzing: Remove oss-fuzz build.sh stub from the Samba repo lib/fuzzing: Support an oss-fuzz build with either address or undefined behaviour sanitizers lib/fuzzing Add comments to explain RUNPATH manipulation in build.sh lib/fuzzing Truncate the original files after RUNPATH manipulation in build.sh build: Skip build of python bindings when in fuzzing mode bootstrap: Add chrpath as a required package CVE-2019-14861: s4-rpc/dnsserver: Confirm sort behaviour in dcesrv_DnssrvEnumRecords CVE-2019-14861: s4-rpc_server: Remove special case for @ in dns_build_tree() CVE-2019-14861: s4-rpc/dnsserver: Avoid crash in ldb_qsort() via dcesrv_DnssrvEnumRecords) CVE-2019-14861: Test to demonstrate the bug selftest: Confirm that ndrdump struct mode is not available for enums pidl:NDR/Parser: only include structs in ndr_interface_public_struct .gitlab-ci.yml: Align tasks with "pages" dependency to get comprehensive code coverage autobuild.py: Add missing samba-simpleserver job autobuild.py: Avoid listing jobs twice autobuild: extend autobuild with samba-fuzz job to build the fuzzers in AFL mode using oss-fuzz scripts lib/fuzzing: Ensure mem_ctx is freed each time fuzz_ldb_parse_tree is run lib/fuzzing: Split up automatically build fuzzers into TYPE_{IN,OUT,STRUCT} lib/fuzzing: Fix argument order to ldb_filter_from_tree in fuzz_ldb_parse_tree lib/krb5_wrap: Remove unused smb_krb5_get_allowed_weak_crypto() librpc/idl/dnsserver.idl: Ensure DnsProperty id matches what is pulled from the stored buffer selftest: Add test for structure with NDR_BUFFERS only in a union selftest: Add example xattr_NTACL packets to demonstrate switch/union behaviour selftest: Add test for ndr_size_union() faulting on a NULL pointer selftest: Add test for ndr_size_struct() faulting on a NULL pointer libndr: Do not overwrite token list with NULL on allocation failure ndr: Restrict size of ndr_token lists to avoid memory abuse by malicious clients s4-libcli/rap: Set the switch_value before NDR_BUFFERS to prepare for new libndr behaviour negoex: Set the switch_value before NDR_BUFFERS to prepare for new libndr behaviour librpc: Set the switch_value before NDR_BUFFERS to prepare for new libndr behaviour pidl: Generate and consume the switch level token for both NDR_SCALARS and NDR_BUFFERS in ndr_pull() librpc/ndr: Add ndr_push_steal_switch_value() pidl: Add and use ndr_print_steal_switch_value(), removing ndr_print_get_switch_value() pidl: Mismatch between set and get of relative base pointers librpc: Do not follow a NULL pointer when calculating the size of a structure pidl: Mismatch between set and get of relative base pointers librpc: Do not follow a NULL pointer when calculating the size of a union librpc: Remove last callers of ndr_pull_get_switch_value() librpc: Remove last callers of ndr_push_get_switch_value() librpc/ndr: Remove ndr_{push,pull}_get_switch_value() libndr: Return enum ndr_err_code from ndr_{pull,push}_steal_switch_value() lib/fuzzing: Initialise st buffer in fuzz_ndr_X lib/fuzzing: Allow load of fuzz inputs as files on the command line sefltest: Demonstrate crash in manually written printer for drsuapi_DsAttributeValue librpc: Fix manually written printer for drsuapi_DsAttributeValue lib/fuzzer: Allow coverage build for oss-fuzz lib/fuzzing and librpc: Do not generate fuzzers for pointless targets librpc: Move winstation.idl to the top level and exclude from fuzzing s4-smbd: Also restart prefork children lost to SIGKILL (-9) WHATSNEW: Celebrate the end of smbdes and the almost-end of in-tree AES selftest: Confirm parse of dnsProperty records librpc: Do not access name[-1] trying to push "" into a dnsp_name Anoop C S (2): s3: VFS: glusterfs: Reset nlinks for symlink entries during readdir s3: lib: dbwrap: Set rec->value_valid to avoid backtrace in `smbstatus` Björn Baumbach (10): samba-tool group show: fix a copy-paste mistake samba-tool tests: remove duplicate definitions of test functions samba-tool tests: prepare tests for new samba-tool functionality samba-tool {user,group,computer,contact} show: avoid base64 encoded strings if possible samba-tool tests: re-add tests for attribute value verification using samba-tool samba_kcc: avoid ValueError when local connections are less than 2 samba-tool: implement user setprimary group command (set primaryGroupID) selftest: create working directory for blackbox test tests: Test samba-tool user getgroups command tests: Test samba-tool user setprimarygroup command Björn Jacke (8): python/loadparm: check for AD DC required VFS modules docs-xml/winbindnssinfo: clarify interaction with idmap_ad etc. tests/DNS: \n.COM shouldn't be a valid DNS record samba-tool: fix adding of dns SRV/MX/SOA records tests/DNS: add MX/SRV record tests with multiple spaces smbclient/tar: add verbose mode smbtar: adopt for new tar verbose option clitar: use modern DBG macros Christof Schmitt (37): gpfswrap: Add wrappers for gpfs_fstat_x and gpfs_stat_x vfs_gpfs: Use gpfs_stat_x in vfs_gpfs_get_dos_attributes vfs_gpfs: Use gpfs_fstat_x in vfs_gpfs_fget_dos_attributes vfs_gpfs: Create fileid from filesystem metadata vfs_gpfs: Use update_stat_ex_create_time sharesec: Return NTSTATUS from share_info_db_init sharesec: Return NTSTATUS from set_share_security sharesec: Return NTSTATUS from delete_share_security selftest: Make net command available in sharesec test selftest: Add test for 'net conf delshare' also removing share ACL net: Delete share ACL from 'net conf delshare' system: Rename argument for kernel_flock function vfs: Rename argument for kernel_flock function vfs_not_implemented: Rename argument for flock function vfs_catia: Rename argument for flock function vfs_ceph: Rename argument for flock function vfs_full_audit: Rename argument of flock function vfs_glusterfs: Rename argument of flock function vfs_gpfs: Rename argument of flock function vfs_streams_xattr: Rename argument of flock function vfs_time_audit: Rename argument of flock function vfs_gpfs: Remove check for open file in share mode function vfs_gpfs: Move mapping from access mask to sharemode allow to helper function vfs_gpfs: Move mapping to sharemode deny to helper function vfs_gpfs: Cleanup clearing file system share mode vfs_gpfs: Cleanup debug message file system share mode vfs_gpfs: Remove unncessary check from close function vfs_gpfs: Add comment explaining why sharemode is dropped in close call. vfs_gpfs: Log error if clearing of sharemode fails on close vfs_gpfs: Only clear sharemode on close when sharemode has been taken vfs_gpfs: Remove logging for unsupported file system vfs_gpfs: Switch share mode helper function to return int vfs_gpfs: Use early return in sharemode function vfs_gpfs: Explicitly log when share mode has been denied vfs_gpfs: Print message when share modes are disabled in file system vfs_gpfs: Log failed gpfs_set_share call as error vfs_gpfs: Update message for requesting sharemode on stream David Disseldorp (5): vfs_ceph_snapshots: fix root relative path handling loadparm: check for AD DC required VFS modules vfs_ceph: assert renameat() fsps match cwd vfs_ceph: drop support for building without statx vfs_ceph: drop support for pre-hammer libcephfs versions David Mulder (2): Convert samba4.base.*attr tests to smb2 Convert samba4.base.rw1 test to smb2 Douglas Bagnall (37): ndr_orpc: properly allocate empty DUALSTRINGARRAY pidl: check the size of pulled arrays of arrays build: Set fuzzer=True on fuzzer binaries lib/fuzzing/oss-fuzz: Add build_image.sh using Samba's bootstrap tools pygpo: use correct method flags pidl: add a base class for PIDL parsers pidl: optionally annotate output for debug purposes pidl Samba3::ClientNDR uses Pidl::Base pidl:: adjust s4::Python pidl_hdr() to be the same as others pidl s4::Python uses Pidl::Base pidl s4/NDR/Client: fix pidl_both() pidl s4/NDR/Client: use Pidl::Base pidl: s4/NDR/Parser uses Pidl::Base pidl s4/TDR: use conventional ->{res} name pidl s4/TDR: use Parse::Pidl::Base pidl: don't export parser class methods pidl: use perl warnings pidl s4::NDR::Parser: read hex numbers as numbers for ranges pidl s4::NDR::Parser: correct has_fast_array logic pidl s4::NDR::Parser: silence a warning pidl Parse::Pidl::NDR: warn of unknown scalar alignments pidl Parse::Pidl::NDR: add HRESULT alignment pidl Parse::Pidl::NDR: silence two warnings about undefined strings pidl s4::Python: silence warnings pidl/tests/samba-ndr.pl: remove duplicate import lib/fuzzing: add fuzz_ndr_X dcerpc: developer option to save ndr_fuzz_X seeds fuzzing: Add script decode_ndr_X_crash to decode crash results lib/fuzzing/decode_ndr_X: print less by default, avoid pipe fuzzing/decode_ndr_X: read crashes from a HONGGFUZZ report fuzz/decode_ndr_X_crash: -f to filter crashes by regex decode_ndr_X_crash: always find pipe in honggfuzz file fuzz_ldap_decode: do not print to stdout ldb controls: fix typo in bypassoperational message fuzz: add a fuzzer for parsing ldb controls libgpo: parse_gp_ext: do not crash upon no ext_strings net_ads_gpo: remove old '#if 0' blocks Fabrice Fontaine (2): lib/ldb/tests: include stdint.h before cmocka.h source4/utils/oLschema2ldif: include stdint.h before cmocka.h Gary Lockyer (8): librpc ndr: Infinite loop parsing Suplemental creds librpc ndr: Tests for ndr_pull_string librpc dnsp test: Ensure length matches union selector lib ldb: fix use after free test upgradedns: ensure lmdb lock files linked upgradedns: ensure lmdb lock files linked ndr basic: Check ndr_token_store return code lib ldb common: Fix memory leak Guenther Deschner (1): s3:winbind: Also set the cmd name for bool dispatch table Günther Deschner (16): s3-rpc_server: always print the full PDU. librpc: fix IDL for spoolss_GetCorePrinterDrivers() s3-rpcclient: add cmd_spoolss_get_core_printer_drivers librpc: add IDL for spoolss_EnumPerMachineConnections s3-rpcclient: properly check and initialize buffers in getdriverpackagepath s3-rpcclient: add enumpermachineconnections command s3-rpcclient: add addpermachineconnection command s3-rpcclient: add delpermachineconnection command s4-torture: add test for spoolss AddPerMachineConnection s4-torture: add test for spoolss_EnumPerMachineConnections librpc: better naming for NDR_SPOOLSS_{PUSH|PULL}_ENUM variants librpc/ndr: provide infrastructure for NDR_SPOOLSS_{PUSH|PULL}_ENUM macros librpc: pidlify spoolss_EnumPerMachineConnections s3-rpcclient: give slightly better descriptions to clusapi commands s3-rpcclient: add clusapi_pause_node command. s3-rpcclient: add clusapi_resume_node command. Isaac Boukris (44): selftest/remote_pac: remove test_PACVerify_workstation_des selftest: exclude msDS-SupportedEncryptionType in ldapcmp kerberos: remove single DES enctypes from ENC_ALL_TYPES kdc/db-glue: do not fetch single DES keys from db password_hash: do not generate single DES keys kerberos_keytab: do not add single DES keys to keytab machine_account_secrets: do not generate single DES keys selftest: mitm-s4u2self: use zlib for CRC32_checksum calc selftest: allow any kdc error in mitm-s4u2self test heimdal: do not compile weak crypto whatsnew: announce removal of DES encryption type in Kerberos heimdal: invoke gsskrb5_set_dns_canonicalize(false) in gse_context_init() Revert "selftest: system-heimdal: workaround upstream "host" canon bug" krb5: remove "set_dns_canonicalize" conf option krb5: move disabling dns-canon to lower level init calls libcli/auth: test des_crypt56() and add test_gnutls to selftest selftest: test E_P16 selftest: test sam_rid_crypt selftest: test E_P24 and SMBOWFencrypt selftest: test E_old_pw_hash selftest: test des_crypt128 selftest: test des_crypt112 and fix (unused) decryption selftest: test des_crypt112_16 selftest: test SMBsesskeygen_lm_sess_key selftest: test sess_crypt_blob smbdes: add des_crypt56_gnutls() using DES-CBC with zeroed IV netlogon_creds_des_encrypt/decrypt_LMKey: use gnutls and return NTSTATUS SMBsesskeygen_lm_sess_key: use gnutls and return NTSTATUS smbdes: convert sam_rid_crypt() to use gnutls smbdes: convert E_P16() to use gnutls smbdes: remove D_P16() (not used) smbdes: convert E_P24() and SMBOWFencrypt to use gnutls smbdes: convert des_crypt128() to use gnutls smbdes: convert E_old_pw_hash to use gnutls smbdes: convert des_crypt112 to use gnutls smbdes: convert des_crypt112_16 to use gnutls session: convert sess_crypt_blob to use gnutls sess_crypt_blob can only crypt blobs whose size divides by 8 smbdes: remove old unused DES builtin-crypto samba-tool: add user-sensitive command to set not-delegated flag CVE-2019-14870: heimdal: add S4U test for delegation_not_allowed CVE-2019-14870: heimdal: enforce delegation_not_allowed in S4U2Self CVE-2019-14870: mit-kdc: enforce delegation_not_allowed flag winbindd_pam.c: split winbindd_dual_pam_auth_samlogon Jeremy Allison (20): s3: smbd: Allow smbd_smb2_process_negprot() to return NTSTATUS as it can fail. s3: smbd: Ensure we exit on smbd_smb2_process_negprot() fail. s3: smbd: Change reply_smb20xx() to return NTSTATUS. s3: smbd: Change (*proto_reply_fn()) to return an NTSTATUS. s3: smbd: Ensure we exit if supported_protocols[protocol].proto_reply_fn() fails. python: tests. Add test for fuzzing smbd crash bug. s3: smbd: Only set xconn->smb1.negprot.done = true after supported_protocols[protocol].proto_reply_fn() succeeds. s3: smbd: msdfs: Cleanup, don't mix int and size_t types for a count variable. s3: smbd: cleanup. Change 'int referral_count' -> 'size_t referral_count' in struct junction_map. s3: smbd: msdfs: Factor out the code to create a msdfs:referral,list into a separate function. s3: VFS: Add SMB_VFS_CREATE_DFS_PATHAT(). s3: VFS: Implement create_dfs_pathat() in ceph. s3: VFS: Implement create_dfs_pathat() in gluster. s3: VFS: Implement create_dfs_pathat() in shadow_copy2. s3: VFS: Implement create_dfs_pathat() in snapper. s3: VFS: Implement create_dfs_pathat() in full_audit. s3: VFS: Implement create_dfs_pathat() in time_audit. s3: smbd: msdfs: Change create_msdfs_link() to call SMB_VFS_CREATE_DFS_PATHAT(). s3: lib: dbwrap_ctdb: Ensure value_valid is set true if we find the record in the marshall buffer. s3: lib: dbwrap. Cleanup. Add a couple of missing 'return NULL' statements on talloc fail. Martin Schwenke (2): ctdb-scripts: Strip square brackets when gathering connection info ctdb-tests: Skip some tests that don't work with IPv6 Michael Hanselmann (1): Split winbindd into library and binary Mikhail Novosyolov (2): s3:smbspool_krb5_wrapper: ignore unknown values of AUTH_INFO_REQUIRED s3:smbspool: print a hint about smbspool_krb5_wrapper Noel Power (11): s3/selftest: allow samba3.blackbox.dfree_command run NT1 & SMB3 tests s3/script/tests: Prepare to split samba3.blackbox.net.misc for SMB1/SMB2 s3/selftest: split SMB1 & SMB2 parts of samba3.blackbox.dfree_quota s3/script/tests: Allow test script to accept option protocol list s3/selftest: run samba3.blackbox.preserve_case with SMB1 & >=SMB2 s3/selftest: allow samba3.blackbox.smbclient_ntlm.plain run SMB1 & SMB3 s3/script/tests: Use protocol param passed to selectively run tests s3/utils: net time always hardcoded to use SMB1 s3/script/tests: Add simple test for net share list s3/utils: Make sure we can negotiate protocol based on smb.conf settings s4/smb_server: Fix handling of SMB2 messages after Netbios session setup Puran Chand (1): s3: smbclient doc fix Ralph Boehme (199): s3:param: rename lp_string() argument ctx to mem_ctx lib/param: introduce loadparm_substitution infrastructure smbdotconf: mark "dont descend" with substitution="1" smbdotconf: mark "force group" with substitution="1" smbdotconf: mark "force user" with substitution="1" smbdotconf: mark "hide files" with substitution="1" smbdotconf: mark "magic output" with substitution="1" smbdotconf: mark "magic script" with substitution="1" smbdotconf: mark "msdfs proxy" with substitution="1" smbdotconf: mark "path" with substitution="1" smbdotconf: mark "postexec" with substitution="1" smbdotconf: mark "preexec" with substitution="1" smbdotconf: mark "printername" with substitution="1" smbdotconf: mark "root postexec" with substitution="1" smbdotconf: mark "root preexec" with substitution="1" smbdotconf: mark "veto files" with substitution="1" smbdotconf: mark "veto oplock files" with substitution="1" smbdotconf: mark "volume" with substitution="1" smbdotconf: mark "abort shutdown script" with substitution="1" smbdotconf: mark "add group script" with substitution="1" smbdotconf: mark "add machine script" with substitution="1" smbdotconf: mark "addport command" with substitution="1" smbdotconf: mark "addprinter command" with substitution="1" smbdotconf: mark "add share command" with substitution="1" smbdotconf: mark "add user script" with substitution="1" smbdotconf: mark "add user to group script" with substitution="1" s3:param: let lp_add_auto_services() take a const char * smbdotconf: mark "auto services" with substitution="1" smbdotconf: mark "change share command" with substitution="1" smbdotconf: mark "check password script" with substitution="1" smbdotconf: mark "next configfile" with substitution="1" smbdotconf: mark "cups server" with substitution="1" smbdotconf: mark "defaultservice" with substitution="1" smbdotconf: mark "delete group script" with substitution="1" smbdotconf: mark "deleteprinter command" with substitution="1" smbdotconf: mark "delete share command" with substitution="1" smbdotconf: mark "delete user from group script" with substitution="1" smbdotconf: mark "delete user script" with substitution="1" smbdotconf: mark "enumports command" with substitution="1" smbdotconf: mark "get quota command" with substitution="1" s3:lib: add missing TALLOC_CTX parameter in call to lp_homedir_map() smbdotconf: mark "homedir map" with substitution="1" smbdotconf: mark "iprint server" with substitution="1" smbdotconf: mark "logfile" with substitution="1" smbdotconf: mark "logging" with substitution="1" smbdotconf: mark "log level" with substitution="1" smbdotconf: mark "log nt token command" with substitution="1" smbdotconf: mark "message command" with substitution="1" smbdotconf: mark "os2 driver map" with substitution="1" smbdotconf: mark "panic action" with substitution="1" smbdotconf: mark "passwd chat" with substitution="1" smbdotconf: mark "passwd program" with substitution="1" s3: remove a prototype that is generated by loadparm smbdotconf: mark "perfcount module" with substitution="1" smbdotconf: mark "remote announce" with substitution="1" smbdotconf: mark "remote browse sync" with substitution="1" smbdotconf: mark "rename user script" with substitution="1" smbdotconf: mark "root directory" with substitution="1" smbdotconf: mark "server string" with substitution="1" smbdotconf: mark "set primary group script" with substitution="1" smbdotconf: mark "set quota command" with substitution="1" smbdotconf: mark "shutdown script" with substitution="1" smbdotconf: mark "username map" with substitution="1" smbdotconf: mark "username map script" with substitution="1" smbdotconf: mark "usershare path" with substitution="1" smbdotconf: mark "wins hook" with substitution="1" smbdotconf: mark "ldap admin dn" with constant="1" smbdotconf: mark "ldap suffix" with constant="1" smbdotconf: mark "ldap group suffix" with constant="1" smbdotconf: mark "ldap idmap suffix" with constant="1" smbdotconf: mark "ldap machine suffix" with constant="1" smbdotconf: mark "ldap user suffix" with constant="1" smbdotconf: mark "mangling method" with constant="1" smbdotconf: mark "rpc server dynamic port range" with constant="1" smbdotconf: mark "usershare template share" with constant="1" docs-xml: remove SWAT specific flags param: remove now unused FN_GLOBAL_STRING macro docs-xml: remove explicit "constant" printing: use lpcfg_substituted_string() in print_run_command() s3:param: make "servicename" a substituted option param: remove FN_LOCAL_STRING param: remove now unused lp_string() selftest: fix a flapping test s3/selftest: Run samba3.blackbox.net.misc with smb1/smb2 s3:locking: simplify code in get_share_mode_lock() s3:lib: remove unused uint64s_nt_time_to_unix_abs() s3:tests: add a blackbox test that confirms broken timestamp behaviour replace: ensure UTIME_NOW and UTIME_OMIT are always available lib: provide UTIME_NOW|OMIT defines under our own namespace lib: add functions dealing with struct timespec UTIME_OMIT lib: add full_timespec_to_nt_time() torture: add a timestamps torture testsuite lib: add nt_time_to_full_timespec() lib: add full_timespec_to_time_t() lib: add nt_time_to_full_time_t() lib: use nt_time_to_unix_full() in nt_time_string() lib: add timespec_string_buf() lib: add time_t_to_full_timespec() lib: canonicalize pull_dos_date3() s3:lib: let round_timespec() handle SAMBA_UTIME_OMIT s3:lib: add put_long_date_full_timespec() smbd: use put_long_date_full_timespec() s3:lib: add pull_long_date_full_timespec() smbd: use pull_long_date_full_timespec() s3:lib: use nt_time_to_full_timespec() in interpret_long_date() smbclient: use full_timespec_to_nt_time() libsmb: add cli_setpathinfo_ext() smbclient: use cli_setpathinfo_ext() in utimes command s3: add init_smb_file_time() smbd: fix handling of sentinel timestamp values WHATSNEW: document SMB_VFS_NTIMES() interface change s4:smbtorture: also test for date >> UINT32_MAX in timestamps test lib: add NTTIME_MAX, NTTIME_MIN, NTTIME_OMIT and NTTIME_FREEZE definitions lib: harden full_timespec_to_nt_time() lib: add a comment to nt_time_to_full_timespec() lib: spelling fix lib/replace: work around an API conflict between ncurses and XFS xattr API lib/replace: prefer <sys/xattr.h> over <attr/xattr.h> selftest: use ad_dc_ntvfs env instead of ad_dc_default for samba4.ldb.ldaps selftest: make testenv name logic more flexible for the rpc testcases selftest: hardcode ad_dc_ntvfs for the rpc.netlogon testsuite selftest: run rpc.srvsvc and rpc.mgmt against ad_dc_ntvfs explicitly selftest: run samba.tests.dcerpc.srvsvc against ad_dc_ntvfs explicitly selftest: run samba4.ldap.dirsync.python against ad_dc_ntvfs explicitly selftest: run samba.ldap.referrals against ad_dc_ntvfs explicitly selftest: run samba.tests.samba_tool.user against ad_dc_ntvfs:local explicitly selftest: make ad_dc_default an alias for ad_dc, not ad_dc_ntvfs selftest: make ad_dc_slowtests an alias for ad_dc, not ad_dc_ntvfs selftest: make fl2008dc an alias for ad_dc, not ad_dc_ntvfs selftest: don't use NTVFS fileserver in promoted_dc selftest: don't use NTVFS fileserver in vampire_dc selftest: don't use NTVFS fileserver in fl2000dc selftest: don't use NTVFS fileserver in fl2003dc selftest: don't use NTVFS fileserver in fl2008r2dc selftest: don't use NTVFS fileserver in rodc selftest: don't use NTVFS fileserver in chgdcpass s3: pass session info to get_referred_path() s3: pass session_info to create_msdfs_link() s3: pass session_info to remove_msdfs_link() smbd: pass session_info to junction_to_local_path_tos() s3: pass session_info to enum_msdfs_links() smbd: pass session info to count_dfs_links() smbd: pass session_info to form_junctions() smbd: pass session info to create_conn_struct_tos_cwd() s3:rpc_server: pass session_info to elog_check_access() s3:rpc_server: pass session_info to get_nt_acl_no_snum() smbd: pass session_info to create_conn_struct_tos() python: move system_session_unix to new auth_util.py pysmbd: reformat py_smbd_set_simple_acl() kwnames and PyArg_ParseTupleAndKeywords() call pysmbd: reformat py_smbd_chown() kwnames and PyArg_ParseTupleAndKeywords() call pysmbd: reformat py_smbd_unlink() kwnames and PyArg_ParseTupleAndKeywords() call pysmbd: reformat py_smbd_have_posix_acls() kwnames and PyArg_ParseTupleAndKeywords() call pysmbd: reformat py_smbd_get_nt_acl() kwnames pysmbd: reformat py_smbd_set_sys_acl() kwnames and PyArg_ParseTupleAndKeywords() call pysmbd: reformat py_smbd_get_sys_acl() kwnames and PyArg_ParseTupleAndKeywords() call pysmbd: reformat py_smbd_mkdir() kwnames pysmbd: reformat py_smbd_create_file() kwnames python/tests: use a system session_info in posixacl.py pysmbd: add "session_info" arg to py_smbd_set_simple_acl() pysmbd: add "session_info" arg to py_smbd_chown() pysmbd: add "session_info" arg to py_smbd_unlink() pysmbd: make "session_info" arg to py_smbd_set_nt_acl() mandatory pysmbd: make "session_info" arg to py_smbd_get_nt_acl() mandatory pysmbd: add "session_info" arg to py_smbd_set_sys_acl() pysmbd: add "session_info" arg to py_smbd_get_sys_acl() pysmbd: add "session_info" arg to py_smbd_mkdir() pysmbd: add "session_info" arg tp py_smbd_create_file() s3: simplify create_conn_struct_as_root() s3: remove unused macro FSP_BELONGS_CONN() s3: remove unused session_keystr from struct user_struct vfs_zfsacl: pass nfs4_params to smb_set_nt_acl_nfs4() vfs_zfsacl: pass config to zfs_get_nt_acl_common() smbd: add session to struct smb_request smbd: move homes_snum from struct user_struct to struct smbXsrv_session smbd: pass smbXsrv_session to make_connection_snum() smbd: use session->global->session_wire_id instead of session->compat->vuid smbd: remove vuid from struct user_struct smbd: use session->global->auth_session_info in make_connection_snum() smbd: remove vuser arg from make_connection_snum() smbd: introduce smbXsrv_session_info_lookup() smbd: use smbXsrv_session_info_lookup() in change_to_user_and_service() smbd: share level security is long gone... smbd: use smbXsrv_session_info_lookup() in api_WWkstaUserLogon() smbd: use smbXsrv_session_info_lookup() in api_reply() smbd: remove dependency on session->compat in smbXsrv_session_logoff() smbd: use session->global->auth_session_info in switch_message() smbd: add get_valid_smbXsrv_session() smbd: use get_valid_smbXsrv_session() in invalidate_vuid() smbd: remove enum server_allocated_state magic from get_valid_user_struct() smbd: add smbXsrv_session_local_traverse() smbd: use smbXsrv_session_local_traverse() in id_in_use() smbd: remove use of user_struct from reply_ulogoffX() smbd: use req->session instead of vuser->session in make_connection_smb1() smbd: remove unused vuser arg from make_connection_smb1() smbd: remove unused vuser arg from make_connection_smb2() smbd: don't use vuser in make_connection() smbd: remove using vuser from smbd_smb2_tree_connect() smbd: use smbXsrv_session_info_lookup() in become_user_without_service() smbd: RIP user_struct Richard Sharpe (1): docs-xml/Samba-Developers-Guide/vfs.xml: Fix incorrect VFS func names. Robert Scott (1): utils: only compile test_oLschema2ldif if fmemopen exists Samuel Cabrero (6): librpc:core: Split dcesrv context init and endpoint servers init librpc:core: Add public functions to initialize endpoint servers librpc:core: Add a function to reinitialize the dcesrv_context pidl:NDR/Server: Allow to define endpoint server shutdown functions s4:torture/rpc: Fix torture comment in mdssvc.c selftest: Do not force the endpoint for fsrvp tests Simo Sorce (1): mit-kdb: Fix license on header file Stefan Metzmacher (20): s3:lib: remove unused str_list_sub_basic() s3:lib: remove unused str_list_substitute() s3:param: split out loadparm_s3_global_substitution from lp_string() s3:param: split out lp_parm_substituted_string() s3:mdssvc: make use of lp_parm_const_string() s3:vfs_tsmsm: make use of lp_parm_substituted_string() s3:vfs_streams_depot: make use of lp_parm_substituted_string() s3:vfs_nfs4acl_xattr: make use of lp_parm_substituted_string() s3:vfs_glusterfs: make use of lp_parm_substituted_string() s3:parm: remove unused lp_parm_talloc_string() param: add FN_{GLOBAL,LOCAL}_SUBSTITUTED_STRING support smbdotconf: mark "aio write behind" with substitution="1" smbdotconf: mark "comment" with substitution="1" smbdotconf: mark "dfree command" with substitution="1" smbdotconf: mark "cups options" with substitution="1" s4:heimdal_build: move krb5-types.h into include/krb5-types.h bootstrap: use runners with 'docker' and 'gce' tags for the image creation bootstrap: add debian10 support Happy New Year 2020! samba-tool: implement user getgroups command Torsten Fohrer (1): Avoiding bad call flags with python 3.8, using METH_NOARGS instead of zero. Uri Simchoni (1): heimdal-build: avoid hard-coded /usr/include/heimdal in asn1_compile-generated code. Volker Lendecke (121): librpc: Fix CID 1455913 Use after free winbind: Fix CID 1455915 Resource leak smbd: Fix CID 1455912 Logically dead code vfs: Fix CID 1455914 Unused value vfs: Fix a typo dbwrap_tdb: Avoid includes.h dbwrap_tdb: Return correct error from db_tdb_storev() dbwrap: Pass "value" to dbwrap_do_locked() callback g_lock: Pass "data" down to g_lock_trylock() vfs: Use dbwrap_parse_record() in vfs_offload_token_db_fetch_fsp() vfs: Use dbwrap_do_locked() in vfs_offload_token_db_store_fsp() dbwrap: Protect against invalid db_record->value locking: Remove a call to dbwrap_record_get_value() dbwrap: Don't set rec->value in dbwrap_do_locked() torture3: Consolidate dbwrap_watch test initialization torture3: Test the next patch: No two waiters in one do_locked() dbwrap_watch: Prevent two watchers per fetch_locked sequence dbwrap_watch: Encapsulate watchers in "struct dbwrap_watcher" dbwrap_watch: Add a uin64_t instance to watchers dbwrap_watch: Simplify the wakeup messages dbwrap_watch: Simplify struct dbwrap_watched_watch_state dbwrap_watch: Don't store in-RAM caches smbd: Add share_mode_watch_send/recv smbd: Use share_mode_watch_send() smbd: Pass the db_record down to share_mode_data_store() smbd: Remove share_mode_data->record g_lock: Change prototype of g_lock_dump lib: Make struct g_lock_rec private to g_lock.c torture: g_lock will allow duplicate READ locks soon lib: Add g_lock_ctx_init_backend() lib: Change the g_lock data model torture: Test g_lock deadlock detection g_lock: Factor out g_lock_cleanup_shared() g_lock: Move a variable inside the block were it's used g_lock: Speed up sync g_lock_lock() lib: Make stdin_new_passwd() static lib: Remove duplicate get_pass() prototypes lib: Remove a duplicate fdprintf() prototype winbind: Use vasprintf() in winbindd_cache lib: Remove unused smb_xvasprintf() smbd: Use share_mode_do_locked() in smbd_do_unlocking() smbd: Avoid leaking share_entries.tdb records libndr: Fix a talloc context leak smbd: Fix a typo auth3: Remove auth_script build: Multi-line a long list of deps build: messaging.c uses talloc_report_printf() build: libcli/http does not need samba3core, only gensec build: gencache.c in 'samba3core' needs crc32() build: Explicitly depend on samba-modules where needed smbd: Make lp_use_sendfile() static to reply.c build: secrets3 need E_md4hash and kerberos functions build: util_cmdline depends on cli_credentials build: Trim the deps of 'smbconf' smbd: Panic if there's a leak in share_entries.tdb selftest: Make durable_v2_delay more specific smbd: Test cleanup of disconnected durable handle records smbd: Fix a share_entries.tdb record leak smbd: Use NULL instead of 0 for a pointer type torture: Use sizeof() where appropriate smbd: Call reopen_logs() in the smbd scavenger smbd: Call reopen_logs() in the notifyd net: Extend some debug information smbd: Give a better error message for non-existing share modes build: Fix the build without system gssapi headers torture4: Use generate_random_u64() instead of random() torture: Run durable_v2_reconnect_delay_msec with leases smbd: Fix a leases.tdb record leak smbd: Avoid casts in open_directory() smbd: Fix a typo torture4: Fix a typo smbd: Explicitly state when modifying share_mode_data smbd: Use explicit share_mode_wakeup_waiters() smbd: Use explicit share_mode_wakeup_waiters() smbd: Add share_mode_count_entries() net: Use share_mode_count_entries() smbd: Pass num_share_modes to share_mode_entry_do() callback smbd: Avoid a reference to share_mode_data->num_share_modes smbd: Avoid a reference to share_mode_data->num_share_modes smbd: Introduce share_mode_have_entries() smbd: Avoid a direct access to share_mode_data->num_share_modes smbd: Use share_mode_data->num_share_modes as a boolean smbd: Don't store "num_share_modes" in locking.tdb smbd: Convert share_mode_data->num_share_modes into a boolean8 torture3: Introduce "key" helper variable torture3: Parametrize lock4_child()s locktype torture3: Add a test that contends with a READ, not a WRITE lock lib: Fix contending with a READ lock lib: Remove an unused variable from security_token_debug() ntlm_auth: Fix a DEBUG message audit_log: Align integer types dsdb: Align integer types lsasd: Align integer types smbd: Avoid a "? True : False" smbd: Remove an unused parameter from defer_open() tests: Fix a typo auth3: Check for talloc failure auth3: Simplify auth_get_ntlm_challenge() auth3: Avoid a casts in auth3_check_password() winbind: Fix CID 1456624 Uninitialized scalar variable auth: Remove the "typedef auth_methods" auth: Check for talloc failure in smb_pwd_check_ntlmv2() auth: Slightly simplify smb_pwd_check_ntlmv2() auth: Check for talloc failure in smb_pwd_check_ntlmv1() auth: Slightly simplify smb_pwd_check_ntlmv1() auth: Check for talloc failure in smb_sess_key_ntlmv2() auth: Avoid casts in ntlm_check.c auth3: Replace auth3_check_password() by _send and _recv ntlm_auth: Replace local_pw_check() by _send and _recv ntlm_auth: Replace winbind_pw_check() by _send and _recv auth: Simplify struct auth4_context printing: Align integer types printing: Avoid EBADF from EPOLL_CTL_DEL ntlm_auth: Add a NULL check ntlm_auth: Add type-safety instead of a simple cast nfs4acl: Align integer types lib: Use tevent version of timeval_current_ofs() lib: Remove "msg_ctx" from server_id_watch_send() lib: Avoid an unnecessary include test3: Fix usage check for test_sharesec.sh smbd: Protect against non-string "close-share" sharenames awalker (3): vfs_zfsacl: load parameters on connect vfs_zfsacl: add manpage entry for zfsacl:denymissingspecial vfs_zfsacl: fix issue with ACL inheritance in zfsacl ----------------------------------------------------------------------- -- Samba Shared Repository