The annotated tag, tevent-0.16.0 has been created at af9580411a92603c958fe83245780fb645bb8172 (tag) tagging acd9248b13cba06d5b748f17aa9bc5d62079d9cc (commit) replaces samba-4.19.0rc1 tagged by Stefan Metzmacher on Mon Oct 16 10:16:27 2023 +0200
- Log ----------------------------------------------------------------- tevent: tag release tevent-0.16.0 -----BEGIN PGP SIGNATURE----- iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAmUs8VsACgkQR5ORYRMI QCVwuAgArQ9DCWIxmeG3AZ/U6HhadH9FbzmTMen821xZ8bM9MqzRjlqPCd309r3+ SpvdjQc3J5/AGVWJOm4VNMCuUHdKw4/+BNmDDr5Q3P8SNqQYiW+h8NYmj9h5UHZy yJY+zK6kfGqZeuxii98Jo9CdE+tq9K1qnvNq82Gw7u5k/GBoVUZXh+WYEUvooPGD /Vi1n67FpqnWkpayT1vs8z2w+aoZC819V7v8j8+9iNGX7hDapdKOsIzM0SUbB1tO O0h4b0m/uko7+S1LPNiucUH7+JzPLiGZ3ne5ZTU0tkg/S4i987pmG5XRaWvCRhjK 85sddxP8GcrpsR1oXqFKssMKwirBcw== =UhV/ -----END PGP SIGNATURE----- Andreas Schneider (58): lib:fuzzing: Fix code spelling lib:tevent: Fix code spelling s3:utils: Fix code spelling s3:spoolss: Remove dead code s4:auth: Fix code spelling s4:cldap_server: Fix code spelling s4:client: Fix code spelling s4:dns_server: Fix code spelling s4:dsdb:common: Fix code spelling s4:dsdb:kcc: Fix code spelling s4:dsdb:repl: Fix code spelling s4:dsdb:samdb: Fix code spelling s4:dsdb:schema: Fix trailing white spaces s4:dsdb:schema: Fix code spelling s4:dsdb:tests: Fix code spelling s4:kdc: Fix code spelling bootstrap: Install codespell s4:lib: Fix code spelling s4:libcli: Remove tailing white spaces s4:libcli: Fix code spelling s4:libnet: Fix code spelling s4:librpc: Fix code spelling s4:ntvfs: Fix code spelling s4:rpc_server: Fix code spelling s4:samba: Fix code spelling s4:scripting: Fix code spelling s4:selftest: Fix code spelling s3:ldap_server: Fix code spelling s4:setup: Fix code spelling s4:smb_server: Fix code spelling s4:torture:auth: Fix code spelling s4:torture:dfs: Fix code spelling s4:torture:drs: Fix code spelling s4:torture:basic: Fix code spelling s4:torture:dns: Fix code spelling s4:torture:krb5: Fix code spelling s4:torture:ldap: Remove trailing white spaces s4:torture:ldap: Fix code spelling s4:torture:ldb: Fix code spelling s4:torture:libnetapi: Fix code spelling s4:torture:nbench: Fix code spelling s4:torture:nbt: Fix code spelling s4:torture:raw: Fix code spelling s4:torture:rpc: Fix code spelling s4:torture:smb2: Fix code spelling s4:torture: Fix code spelling s4:wrepl_server: Remove trailing white spaces s4:wrepl_server: Fix code spelling testprogs: Fix code spelling tests: Fix code spelling wintest: Fix code spelling scripts: Add codespell check gitlab-ci: Add running codespell waf: Build nmbd with -Wno-error=stringop-overflow s3:torture: Remove masktest.c s4:samdb: Avoid memory leaks in partition_metadata_get_uint64() s3:client: Use lpcfg_set_cmdline() s3:param: Remove unused lp_set_cmdline() Andrew Bartlett (82): dsdb: Add new function samdb_system_container_dn() dsdb: Use samdb_system_container_dn() in samldb.c dsdb: Use samdb_get_system_container_dn() to get Password Settings Container s4-rpc_server/lsa: Use samdb_system_container_dn() in dcesrv_lsa_get_policy_state() s4-rpc_server/netlogon: Use samdb_system_container_dn() in fill_trusted_domains_array() s4-rpc_server/backupkey: Use samdb_system_container_dn() in set_lsa_secret() s4-rpc_server/backupkey: Use samdb_system_container_dn() in get_lsa_secret() dsdb: Use samdb_system_container_dn() in dsdb_trust_*() dsdb: Use samdb_system_container_dn() in pdb_samba_dsdb_*() lib/util: Move DEBUG() calls in gendb_search_v to common levels and new DBG_*() pattern dsdb: Add dsdb_search_scope_as_string() and use in ldap_backend.c dsdb: Add tracing to dsdb_search() similar to gendb_search_v() dsdb: Add tracing to dsdb_search_dn() similar to gendb_search_v() selftest: Add test for combination of anr and paged_results dsdb: Replace talloc_steal() with a shallow copy and reference in dsdb_paged_results dsdb: Make a shallow copy of ldb_parse_tree in operational module s4-rpc_server/drsuapi: Add tmp_highest_usn tracking to replication log s4-rpc_server/drsuapi: Improve debugging of invalid DNs s4-rpc_server/drsuapi: Improve debug message for drs_ObjectIdentifier_to_dn_and_nc_root() failure s4-dsdb: Improve logging for drs_ObjectIdentifier_to_dn_and_nc_root() s4-rpc_server/drsuapi: Remove rudundant check for valid and non-NULL ncRoot_dn s4-torture/drs: Save the server dnsname on the DcConnection object s4-torture/drs: Create temp OU with a unique name per test s4-torture/drs: Use addCleanup() in getchanges.py for OU handling s4-torture/drs: Add a test matching Azure AD Connect REPL_OBJ behaviour s4-torture/drs: Add test demonstrating that a GetNCChanges REPL_OBJ will not reset the replication cookie s4-torture/drs: Add test showing that if present in the set the NC root leads and tmp_highest_usn moves s4-rpc_server/drsuapi: Only keep and invalidate replication cycle state for normal replication s4-rpc_server/drsuapi: Fix indentation in GetNCChanges() s4-rpc_server/drsuapi: Avoid modification to ncRoot input variable in GetNCChanges s4-rpc_server/drsuapi: Rename ncRoot -> untrusted_ncRoot to avoid misuse s4-rpc_server/drsuapi: Update getnc_state to be != NULL s4-rpc_server/drsuapi: Ensure logs show DN for replicated objects, not (null) s4-rpc_server/drsupai: Avoid looping with Azure AD Connect by not incrementing temp_highest_usn for the NC root WHATSNEW: Remove unusual box around 'REMOVED FEATURES' bootstrap: Heimdal no longer requires perl-JSON selftest: Allow MIT Krb5 1.21 to still start to fl2000dc krb5: Increase the minimum MIT Krb5 version to 1.21 .gitlab-ci: Do builds under /builds as this is never an overlayfs .gitlab-ci.yml: Move coverity build to internal Heimdal .gitlab-ci: Allow ext4 jobs to run on shared runners build: Remove -Wno-error=missing-field-initializers from Heimdal build build: Reduce heimdal_no_error_flags to a more minimal set s3-lib/util_nttoken: Reimplement dup_nt_token() with NDR pull/push librpc: Add context as to if this token should be used for claims evaluation docs-xml: Add new parameter "acl claims evaluation" s4-auth: pass lp_ctx to auth_generate_session_info() where possible libcli/security: Pass in claims evaluation state when building any security token s3-net_rpc: Use security_token_initialise() to create struct security_token s3-net_rpc: Make the struct user_token array the parent talloc context s3-winbind: Use token as parent for token->sids in check_info3_in_group() libcli/security: Move dup_nt_token() to libcli/security libcli/security: Rename dup_nt_token() -> security_token_duplicate() libgpo: Reimplmeent registry_create_system_token() using get_system_token() python: Change the generic merge_nt_token() to being specific to the system_token s3-lib: Modify merge_nt_token() into a GPO-specifc merge with SYSTEM libcli/security: Hook in ability to disable conditional ACE evaluation conditional_aces: Avoid manual parsing for ace_condition_sid conditional_aces: Avoid manual parsing for ace_condition_bytes, use DATA_BLOB Make blob->data pointer in ace_sid_to_claim_v1_sid() a child of the DATA_BLOB libcli/security: Make failure parsing where consumed == -1 clear libcli/security: Check for sddl_from_conditional_ace() failure in test_sddl_conditional_ace conditional_aces: Avoid manual parsing for ace_condition_int libndr: Add support for pulling strings with LIBNDR_FLAG_STR_SIZE4|LIBNDR_FLAG_STR_NOTERM|LIBNDR_FLAG_STR_BYTESIZE conditional_aces: Avoid manual parsing for ace_condition_unicode add comment that ace_condition_composite is not representative of the wire format CVE-2023-4154 dsdb/tests: Do not run SimpleDirsyncTests twice CVE-2023-4154 dsdb/tests: Use self.addCleanup() and delete_force() CVE-2023-4154 dsdb/tests: Force the test attribute to be not-confidential at the start CVE-2023-4154 dsdb/tests: Check that secret attributes are not visible with DirSync ever. CVE-2023-4154 dsdb/tests: Speed up DirSync test by only checking positive matches once CVE-2023-4154 dsdb/tests: Add test for SEARCH_FLAG_RODC_ATTRIBUTE behaviour CVE-2023-4154 dsdb/tests: Extend attribute read DirSync tests CVE-2023-4154: Unimplement the original DirSync behaviour without LDAP_DIRSYNC_OBJECT_SECURITY CVE-2023-42669 s4-rpc_server: Disable rpcecho server by default CVE-2023-42669 s3-rpc_server: Disable rpcecho for consistency with the AD DC s4-echo: Remove the "echo" server (port 7, RFC 862) in production builds CVE-2023-42670 s3-rpc_server: Strictly refuse to start RPC servers in conflict with AD DC CVE-2023-42670 s3-rpc_server: Remove cross-check with "samba" EPM lookup s4-kdc: Do not modify the returned user_info_dc from samba_kdc_get_user_info_dc() s4:kdc: Change the type of ‘compounded_auth’ to boolean third_party/heimdal: import lorikeet-heimdal-202310092248 (commit cd12cddd8058d9fe627b5b203e471b8d761dcfbb) Arvid Requate (2): For Bug #9959: local talloc frame for next commit Bug #9959: Don't search for CN=System David Mulder (19): gp: Ensure Firewalld tests don't flop gp: Test modifying firewalld policy enforces changes gp: Test modifying firefox policy enforces changes gp: Test modifying MOTD policy enforces changes gp: Test modifying Messages policy enforces changes gp: Test modifying Issue policy enforces changes gp: Test modifying smb.conf policy enforces changes gp: Test modifying script user policy enforces changes gp: Test modifying centrify crontab user policy enforces changes gp: Ensure Firewalld preforms proper cleanup gp: Add a misc applier, to assist some gp exts gp: Ensure Firefox policy preforms proper cleanup gp: Ensure Messages policy preforms proper cleanup gp: Ensure Issue policy preforms proper cleanup gp: Ensure MOTD policy preforms proper cleanup gp: Ensure smb.conf policy preforms proper cleanup gp: Ensure script user policy performs proper cleanup gp: Ensure centrify crontab user policy performs proper cleanup gp: Cleanup some unused code Douglas Bagnall (119): lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* lib/fuzzing:fuzz_sddl_access_check fix nul-term check util/base64: add a note about zero length strings libcli:auth:sess_crypt_blob: ensure key has 7 bytes fuzz: add fuzzer for sess_crypt_blob fuzz: add fuzzer for ldb_comparison_fold tldap: avoid infinite loop when filter contains "\)" lib/replace: fix strlcat/strlcpy compile for Honggfuzz lib/util: strhex_to_data_blob checks talloc libcli/security/pysecurity: use NULL to mean NULL in C pytests: add helper to grab a directory from environment pytest/sddl: replace/export tests based on environment vars pytest/sddl: environment option for exporting as fuzz seeds pytest/sddl: add option for case-insensitive tests pytest/sddl: tests for more invalid or weird cases s4/torture: initialise ACE structs to zero s4/ntfvfs/pvfs_acl: initialise ACEs to zeroes libcli/security: sddl ACL decode avoids early splitting on parenthesis librpc/security.idl: adjust size calculations for upcoming ace types libcli/security: used sec_ace_object() in sddl encoding libcli/security: avoid leak in calculate_inherited_from_parent() libcli/security: remove unused tmp_ctx in calculate_inherited_from_parent() libcli/security: script to turn token/descriptor pairs into sddl libcli/security: add some test more Windows SDDL test strings python/colour: add a colour diff helper libcli/security: rewrite SDDL tests for running on Windows libcli/security: move Windows test script to windows subdir libcli/security: test helper script extracts fuzz SDDL pytest: compare Samba vs Windows SDDL security descriptors libcli/security: rm unused sec_ace_copy() selftest:ndrdump: adjust xattr_NTACL test for ACE coda pytests:security: don't use invalid domain SID S-2-0-0 libcli/security: make sddl_encode_sid an external function librpc/idl: add conditional ACE structures and constants libcli/security: create_descriptor handles unknown ACE types librpc:security.idl: add more ACE enum types, with annotations libcli:sec:display: print callback ace types libcli:sec:display: use macro for more ace types librpc:security.idl: add enums for resource attribute aces librpc:security.idl: add Resource Attribute claim types security.idl: extend security token for claims s3:rpc: bump named_pipe_auth_req_info version number security.idl: extend security token with device SIDs security.idl: use sec_ace_object() in object switch libcli/security: helper to find callback/conditional aces libcli/security: helper to find resource attribute ACEs libcli/security: helper to find ACEs with meaningful codas libcli/security: use tabs in sec_ace_object() libcli/security: callback object aces are object aces librpc:security.idl: ace->coda can be resource attribute libcli/sec: reformat long line in wscript_build librpc:security.idl: add conditional ace coda ndr_sec_helper: ndr_size_security_ace: do less work ndr_sec_helper: ace length should be multiple of 4 libcli/security: whitespace repair in sddl.c libcli/security: find SDDL coda for RA and conditional ACEs libcli/security: add stub of conditional ACE code. libcli:security: outline for sddl_conditional_ace.c libcli:security: helpers for converting claim types libcli/security: add conditional ACE SDDL functions libcli:security: add functions to decode and decode RA ACEs libcli:security: add code to interpret conditional ACES libcli/security: add conditional ace files to samba-security libcli/security: sdd_decode_ace handles callback types libcli/security: sdd_decode_ace handles resource attribute types libcli/security: sddl_encode_ace encodes conditional ACEs libcli/security: sddl_encode_ace encodes resource attribute ACEs libcli/security: SDDL: add callback and resource ace type flags libcli/security/create_descriptor: calc_inherited handles new types lbcli/security: callback object ACES fall back with no GUID libcli/security: test SDDL compilation in cmocka lib/fuzzing: fuzz SDDL conditional ACEs s4/librpc: build conditional ace Python bindings pytest: security_descriptors comparison is quieter pytest: security_descriptors test for repetitive ACLs librpc/ndr:ndr_sec_helper: fix a typo libcli/security: use sec_object_ace() in size_security_ace pytest: security_descriptors: tests without revision number hack pytest: security descriptors: test some conditional and RA ACEs pytest:security descriptors: hack to capture results as json pytest:security_descriptors: test collected conditional ACEs libcli/security: windows-sddl-test: fix typo in --help libcli/security: windows-sddl-test: fix read of text examples pytest: sddl tests can be only externally defined pytest: sddl strings dir can be defined in class libcli/security/tests: add some test strings pytest: sddl tests with conditional ACEs security.idl: drop claim v1 reserved field libcli/security/conditional ACEs: compare composites as sets libcli/security: cmocka test for running conditional ACEs pytest: tools for creating security tokens pytest: tests for conditional ACEs with security tokens pytest:conditional_ace_claims: ease export of failing tests to C libcli/security: conditional ace access checks for AD libcli/security: conditional ace access checks for file server lib/fuzzing: adapt fuzz_sddl_access_check for claims lib/fuzzing: fuzz_conditional_ace_blob lib/fuzzing: adjust access-check seed patch pytest: assembler for conditional ACEs libcli/security: beginning of tests for conditional ACE bytes pytest: conditional_ace assembler assembles full descriptor librpc/ndr_claims: avoid 'bin/default' in #include libcli/security: adjust tests for evaluate_claims flag libcli/security: access_check with MAXIMUM_ALLOWED checks callbacks libcli/security: sec_access_check_ds uses new callback ACE checks libcli/security: se_access_check uses new callback checks libcli/security: access_check handles CALLBACK_OBJECT types lib/fuzzing: fuzz_sddl_parse: allow non-round-trip with long strings libcli/security/sddl_conditional_ace: ban empty expressions in SDDL libcl/security: conditional ACE sddl >= ops take literal parens only libcli/security: conditional ACE sddl doesn't have string escapes util/str: helper to check for utf-8 validity fuzzing: fuzz_sddl_parse forgives bad utf-8 libcli/security: conditional ace sddl: do not write nested composites libcli/security: conditional ace sddl: do not read nested composites libcli/security: condtional ACE recursive composites are not supported libcli/security: conditional ACEs check again for NULL/empty claims libcli/security: test_run_condtional_ace: va_end() on errors libcli/security: fix talloc context for integer values (CID 1545156) Gabriel Nagy (9): gp: Support more global trust directories gp: Support update-ca-trust helper gp: Change root cert extension suffix gp: Test with binary content for certificate data gp: Convert CA certificates to base64 gp: Test adding new cert templates enforces changes gp: Template changes should invalidate cache gp: Test disabled enrollment unapplies policy gp: Send list of keys instead of dict to remove Günther Deschner (5): s3-iremotewinspool: add PAR->RPRN mapping table s3-iremotewinspool: properly map incoming PAR to RPRN requests. s4-torture: add testcase to iremotewinspool suite to explore object_uuid handling s3-iremotewinspool: check for correct object_uuid in dispatch fn. s4-torture: add another test to demonstrate identical functions Jeremy Allison (25): s3: smbd: Deliberately currupt an uninitialized pointer. s3: torture: Add SMB1-TRUNCATED-SESSSETUP test. s3: smbd: Ensure srvstr_pull_req_talloc() always NULLs out *dest. s3: smbd: Uncorrupt the pointer we were using to prove a crash. s3: smbd: Ensure all callers to srvstr_pull_req_talloc() pass a zeroed-out dest pointer. s3: torture: Add a test doing an SMB1 negotiate+exit. s3: smbd: Add missing 'return;'s in exit paths in reply_exit_done(). s3: smbd: init_smb1_request() isn't being passed zero'ed memory from any codepath. s3: torture: Add SMB1-NEGOTIATE-TCON that shows the SMB1 server crashes on the uninitialized req->session. s3: smbd: Ensure init_smb1_request() zeros out what the incoming pointer points to. s3: libsmb: Add a missing return statement in the timeout case. s3: smbd: rename_internals_fsp() has to reopen the parent directory of the target as a pathref to check permissions. s3: smbd: Now we've proved dst_dirfsp parameter is always NULL, remove the parameter from rename_internals_fsp(). s3: smbd: As rename_internals() calls rename_internals_fsp(), show we can pass dst_dirfsp as NULL here too. s3: smbd: Now we have shown dst_dirfsp is always NULL, remove the parameter from rename_internals(). s3: smbd: hardlink_internals() never looks at src_dirfsp or dst_dirfsp. s3: smbd: Now we have proved hardlink_internals() doesn't use src_dirfsp and dst_dirfsp, remove the parameters. s3: smbd: Add some DEVELOPER-only code to panic if the destructor for an aio_lnk is called and the associated fsp doesn't exist. s3: smbd: named pipe reads are async. Use the same logic as for named pipe transacts to avoid crashes on shutdown. s3: smbd: named pipe writes are async. Use the same logic as for named pipe transacts to avoid crashes on shutdown. s3: torture: Add a new SMB2 test: SMB2-PIPE-READ-ASYNC-DISCONNECT s3: smbd: Ensure we remove any pending aio values for named pipes on forced shutdown. CVE-2023-3961:s3:smbd: Catch any incoming pipe path that could exit socket_dir. CVE-2023-3961:s3:torture: Add test SMB2-INVALID-PIPENAME to show we allow bad pipenames with unix separators through to the UNIX domain socket code. CVE-2023-3961:s3: smbd: Remove the SMB_ASSERT() that crashes on bad pipenames. Jones Syue (2): vfs_aio_pthread: fix segfault if samba-tool ntacl get mdssvc: Do an early talloc_free() in _mdssvc_open() Joseph Sutton (701): third_party/heimdal: Import lorikeet-heimdal-202308030152 (commit 2a036a6fd80833799316b8a85623cdea3a1135df) lib:dbwrap: Remove unneeded space in debug message lib/replace: Const-qualify sys_errlist auth: Add missing newlines to logging messages auth: Fix code spelling ctdb: Add missing newlines to logging messages lib/util: Add missing newlines to logging messages lib/ldb-samba: Add missing newline to logging message s4:auth: Add missing newlines to logging messages libcli: Add missing newlines to logging messages libcli/auth: Fix code spelling libcli/security: Remove unnecessary code libcli/security: Cast isupper() argument to ‘unsigned char’ librpc/rpc: Add missing newline to logging message librpc/ndr: Remove unneeded casts ndr_string: Add overflow check in ndr_pull_charset_to_null() ndr_string: Fix typo ndr_string: Remove dodgy-looking casts ndr/dns-utils: Make error message slightly more readable librpc/ndr: Format NDR pull sizes as ‘size_t’ librpc/py_security: Don’t pass a NULL pointer to PyUnicode_FromString() librpc/ndr: Fix code spelling pidl: Remove unneeded semicolon s3:eventlog: Fix code spelling s3:utils: Fix debug message formatting nmbd_become_lmb.c: Fix debug message formatting s4:dsdb: Add missing newlines to logging messages s4:dsdb: Move comment to more appropriate place s4:dsdb: Fix code spelling s4:kdc: Add missing newlines to logging messages s4:kdc: Check that client and server are not NULL (CID 1534695) s4:kdc: Fix code spelling s4:kdc: Remove unused variable s4:kdc: Remove redundant comment s4:kdc: Remove casts in debug messages s4:kdc: Use portable format specifiers s4:kdc: Use newer debugging macros s4:kdc: Inline some variables s4:kdc: Fix comment s4:kdc: Avoid operator precedence issues s4:libcli/ldap: Fix code spelling s4:libcli/smb_composite: Fix code spelling s4:librpc: Fix code spelling s4:rpc_server: Add missing newlines to debugging messages s4:rpc_server/backupkey: Fix code spelling selftest: Fix code spelling selftest: Add missing import testprogs: Fix code spelling samba-tool/ntacl: Remove unused and unnecessary return samba-tool/ntacl: Remove unused variable samba-tool/ntacl: Remove unused imports python: Use correct function signatures python:samba:kcc: Fix log message formatting python: Fix leak python: Check return value of talloc_strndup() pyglue: Fix leak pyglue: Add missing whitespace in docstrings python:tests: Remove references to now-gone files tests/krb5: Correct comment libgpo:admx: Fix code spelling libcli/ldap: Don’t try to encode NULL name ldb: Don’t pass NULL pointer into strcasecmp() ldb: Account for ‘name’ possibly being NULL ldb: Fix leaks ldb: Don’t decrement reference count until object is no longer needed ldb: Check talloc_strdup() return value ldb: Don’t leak ‘msg’ ldb: Check talloc_zero_array() return value ldb: Don’t leak ‘el’ ldb: Clarify documentation for PyObject_AsMessageElement() ldb: Work around inconsistent behaviour in PyObject_AsMessageElement() smbXcli: Remove call to utf16_len_n() ndr_string: Move string length calculation fallback into default case lib:charset: Update NUM_CHARSETS to reflect true value nsswitch:libwbclient: Fix memory leak auth: Add missing newlines to logging messages ctdb: Add missing newline to logging message talloc: Fix typo lib:mscat: Add missing newlines to logging messages lib:socket: Add missing newlines to logging messages lib/util: Fix code spelling libcli/auth: Add missing newline to logging message libcli/security: Call dom_sid_compare_domain() instead of sid_compare_domain() s3:modules: Call dom_sid_compare_domain() instead of sid_compare_domain() libcli/security: Remove unused function sid_compare_domain() libcli/security: Fix integer overflow libcli/security: Use portable format specifiers libcli/security: Remove unnecessary cast librpc:ndr: Fix leaks librpc: Fix typo s3:auth: Add missing newlines to logging messages s3:client: Add missing newlines to logging messages s3:lib: Consistently return a string with a trailing newline s3:client: Remove unnecessary newline from logging message s3:groupdb: Add missing newline to logging message s3:lib: Add missing newlines to logging messages s3:lib: Use portable format specifiers tldap: Use portable integer constant s3:libads: Add missing newlines to logging messages s3:libnet: Add missing newline to logging message s3:librpc: Add missing newline to logging message s3:libsmb: Add missing newlines to logging messages s3:libsmb: Add missing parenthesis to logging message s3:modules: Add missing newlines to logging messages s3:modules: Remove redundant newlines in logging messages s3:modules: Correct escape sequence s3:modules: Fix error message s3:nmbd: Add missing newlines to logging messages s3:passdb: Add missing newlines to logging messages s3:passdb: Fix typo s3:printing: Add missing newlines to logging messages s3:printing: Add missing spaces to error messages s3:printing: Fix code spelling s3:registry: Add missing newlines to logging messages s3:rpc_client: Add missing newlines to logging messages s3:rpc_server: Add missing newlines to logging messages s3:rpc_server: Fix incomplete logging messages s3:rpc_server: Add missing space to debug message s3:rpc_server: Fix typo s3:smbd: Add missing newlines to logging messages s3:smbd Remove unnecessary newlines from logging messages s3:smbd: Fix code spelling s3:smbd: Add missing space to warning message s3:utils: Add missing newlines to logging messages s3:utils: Fix code spelling s3:vfs: Add missing space in debug message s3:winbindd: Add missing newlines to logging messages s3:winbindd: Fix debug messages s4:auth: Fix leaks s4:auth: Check return value of talloc_reference() s4:auth: Correct condition and remove redundant check s4:cldap_server: Add missing newline to logging message s4:client: Add missing newlines to logging messages s4:dns_server: Add missing newline to logging message s4:dsdb: Add missing newlines to logging messages s4:dsdb: Improve grammar s4:dsdb: Remove unnecessary parentheses s4:dsdb: Fix leaks s4:dsdb: Correct error messages s4:dsdb: Check result of talloc functions s4:dsdb: Do not dereference a NULL pointer s4:dsdb:tests: Use control that was (presumably) intended s4:dsdb:tests: Remove unused variables s4:ldap_server: Add missing newlines to logging messages s4:lib: Add missing newlines to logging messages s4:libnet: Add missing newlines to logging messages s4:librpc: Add missing newline to logging message s4:ntvfs: Add missing newline to logging message s4:param: Add missing newlines to logging messages s4:policy: Fix leak s4:rpc_server: Add missing newlines to logging messages s4:rpc_server/backupkey: Fix leaks s4:rpc_server: Remove unnecessary parentheses s4:rpc_server: Fix typo s4:samba: Add missing newline to logging message s4:smb_server: Add missing newlines to logging messages s4:smb_server: Fix code spelling s4:torture: Fix code spelling auth: Remove unnecessary casts auth: Use portable format specifier docs-xml: Fix code spelling ldb: Fix code spelling ldb:ldb_sqlite3: Access correct member of union lib:krb5_wrap: Remove unnecessary cast lib/replace: Ensure that __STDC_WANT_LIB_EXT1__ is set to 1 tsocket: Fix code spelling librpc:ndr: Format sizes as ‘size_t’ s3:lib: Use portable format specifiers s3:registry: Fix code spelling s4:auth: Fix code spelling s4:dsdb: Remove unnecessary casts s4:dsdb: Access correct member of union s4:kdc: Remove unnecessary casts s4:kdc: Correct comments mentioning Heimdal s4:rpc_server: Fix code spelling s4:torture: Fix code spelling s4:kdc: Refer to correct function in error messages tests/krb5: Allow cached=True with an assigned silo or policy tests/krb5: Rename compatability_tests class tests/krb5: Keep claim types for subsequent tests tests/krb5: Move some functions round to prepare for splitting the class tests/krb5: Split out new AuthnPolicyBaseTests class tests/krb5: Allow specifying additional details for a test account tests/krb5: Allow specifying KDC options when requesting a TGT tests/krb5: Test that neither forwardable nor proxiable tickets are issued to Protected Users s4:kdc: Don’t issue forwardable or proxiable tickets to Protected Users s4:kdc: Don’t log secret keys s4:kdc: Initialize entry->modified_by s4:kdc: Check result of samdb_result_dom_sid() s4:kdc: Ensure we don’t increase the value of entry->etypes->len s4:kdc: Fix leak of sdb_entry s4:kdc: Check return value from ldb_dn_get_linearized() s4:kdc: Free samba_kdc_seq context on failure to allocate memory s4:kdc: Call krb5_free_principal() directly after to-be-freed principal is used s4:kdc: Remove unnecessary talloc context s4:kdc: Move calls to talloc_steal() out of the ‘out’ paths s4:kdc: Fix leaks s4:kdc: Fix code spelling s4:kdc: Return an error code if sdb_entry_to_hdb_entry() fails s4:kdc: Correct error message s4:kdc: Use portable format specifier s4:kdc: Correctly report length of KDC packet s4:kdc: Fail PAC checksum verification if the krbtgt entry has no keys s4:kdc: Fix leaks of sdb_entry’s members s4:kdc: Consistently zero HDB structures s4:kdc: Ensure the value of h->len is accurate s4:kdc: Erase key data s4:kdc: Use type bool for ‘is_tgs’ s4:auth: Add missing space to error message s4:auth: Fix leaks s4:auth: Check return value of talloc_new() s4:kdc: Return (possibly) more appropriate error codes s4:kdc: Make some functions static s4:kdc: Return krb5_error_code s4:kdc: Switch to using samdb_result_dom_sid_buf() s4:kdc: Don’t enforce a server authentication policy for the krbtgt s4:kdc: Inline samba_get_claims_blob() s4:kdc: Use common out path in mit_samba_kpasswd_change_password() s4:kdc: Free error message returned by krb5_get_error_message() s4:dsdb: Use uint32_t for ‘num_sids’ s4:dsdb: Make ‘sids’ parameter const s4:dsdb: Check for overflow in security_token_create() s4:kdc: Have encode_claims_set return NTSTATUS s4:kdc: Remove ldb_context parameter as being no longer needed s4:kdc: Properly allocate claims set on a talloc context s4:kdc: Ensure that we don’t dereference a NULL pointer s4:kdc: Rename get_claims_for_principal() to get_claims_blob_for_principal() s4:kdc: Rename ‘claims_blob’ parameter to ‘claims_blob_out’ s4:kdc: Add get_claims_set_for_principal() tests/krb5: Remove unused import tests/krb5: Shorten long lines tests/krb5: Add a test decoding INT64 PAC claims issued by Windows librpc:ndr: Add ‘int64’ type claims.idl: Use ‘int64’ instead of ‘dlong’ for INT64 claims tests/krb5: Remove incorrect comments lib:krb5_wrap: Fix code spelling lib:krb5_wrap: Fix references to incorrect function names libcli/auth: Remove unnecessary casts librpc:ndr: Use portable integer types pidl: Use non-existent function dissect_ndr_int64() python:netcmd: Add missing newlines to error messages python:netcmd: Remove semicolon python:subunit: Fix docstring python:subunit: Use ‘is’ to compare variables with singletons python:tests: Make getSamDB() a static method python:tests: Reuse claims created by setUp() across all tests python:tests: Reuse policies and silos created by setUp() across all tests python:tests: Fix spelling python:tests: Save files with intended contents s3:libnet: Remove unnecessary cast s3:libnet: Fix reference to incorrect function names s3:rpc_server: Remove unnecessary cast s4:kdc: Do not panic if authsam_logon_success_accounting() fails s4:kdc: Remove support code for older versions of MIT Kerberos s4:kdc: Set SAMBA_KDC_FLAG_PROTOCOL_TRANSITION flag for MIT Kerberos s4:kdc: Use ‘krb5_error_code’ for return types s4:kdc: Use smb_krb5_make_data() s4:smb_server: Fix code spelling s4:torture: Fix code spelling selftest: Remove semicolon selftest: Remove unused variable selftest: Remove leftover from debugging selftest: Fix subunit reporting the time incorrectly selftest: Report time at which testsuite starts samba-tool: Allow LDB URL to be None pyldb: Check whether Python object is a list pyldb: Check return values of talloc functions pyldb: Check return values of Python functions pyldb: Fix leaks buildtools: Fix comments and documentation buildtools: Use ‘is’ to compare with singletons buildtools: Prefer ‘x not in y’ to ‘not x in y’ buildtools: Properly set global variable lib:ldb:tests: Remove explicit comparison with False ldb: Remove unused import ldb: Heed return code from Python testsuite python: Fix spelling python: Remove unused imports python: Remove redundant backslashes python: Fix invalid escape sequences python:join: Fix references to undefined variables samba-tool: Remove useless return python: Fix reference to undefined name ‘samba’ python:tests: Fix usage line python:tests: Complete assertion messages python:tests: Rename test method so as not to mask previously-defined method pytest/dns_aging: Check value of ‘dtime’ pytest/dns_aging: Correctly check that record is tombstoned pytest/dns_aging: Assert that the name of the node to search for is a string gp: Add missing import gp: Don’t shadow imports gp: Prefer ‘x not in y’ to ‘not x in y’ gp: Check correct variables gp: Use assertEqual() instead of assertEquals() gp: Fix resource leaks gp: Use read_file() instead of readfp() tests/krb5: Remove test of pre-1.20 MIT Kerberos behaviour tests/krb5: Move KDC TGT tests to new file tests/krb5: Remove local variable tests/krb5: Correctly assert that we found a LOGON_INFO PAC buffer tests/krb5: Re-raise any LdbError other than ERR_ENTRY_ALREADY_EXISTS tests/krb5: Add KerberosCredentials.get_rid() tests/krb5: Have modified_ticket() not modify its arguments s4:dsdb:tests: Fix spelling s4:dsdb:tests: Remove unused imports s4:dsdb:tests: Fix usage lines selftest: Remove unused imports selftest: Remove star imports selftest: Don’t use invalid escape sequences third_party/heimdal_build: Remove unused imports third_party/heimdal_build: Remove semicolons third_party/heimdal_build: Use ‘is’ to compare with singletons wscript: Remove unused variable wscript: Use ‘is’ to compare with singletons wscript: Remove unused imports wscript: Remove semicolons wscript: Refer to correct ConfigSet variable libcli/security: make sddl_decode_sid an external function Makefile: Fix spelling auth: Fix code spelling ctdb: Fix code spelling docs-xml: Fix spelling lib:compression: Fix code spelling lib:crypto: Fix code spelling lib:krb5_wrap: Fix spelling in documentation ldb: Fix code spelling lib:printer_driver: Fix code spelling tdb: Fix code spelling tevent: Fix code spelling lib:charset: Fix code spelling libcli: Fix code spelling libgpo: Fix code spelling librpc: Fix code spelling pidl: Fix code spelling python:tests: Fix code spelling selftest: Fix code spelling s3:auth: Fix code spelling s3:lib: Fix code spelling s3:libads: Fix code spelling s3:libnet: Fix code spelling s3:librpc: Fix code spelling s3:nmbd: Fix code spelling s3:registry: Fix code spelling s3:rpc_client: Fix code spelling s3:rpc_server: Fix code spelling s3:smbd: Fix code spelling s3:utils: Fix code spelling s3:winbindd: Fix code spelling s4:auth: Fix code spelling s4:client: Fix code spelling s4:dns_server: Fix code spelling s4:dsdb: Fix code spelling s4:kdc: Fix code spelling s4:libcli: Fix code spelling s4:libnet: Fix code spelling s4:ntvfs: Fix code spelling s4:rpc_server: Fix code spelling s4:samba: Fix code spelling s4:torture: Fix code spelling s4:wrepl_server: Fix code spelling lib:mscat: Remove unnecessary casts lib:tdr: Remove unnecessary cast libgpo: Remove unnecessary cast librpc:ndr: Avoid overflow in size calculation python:tests: Remove unused imports s4:scripting: Remove unused imports libcli:security: Prefer explicit initialization to ZERO_STRUCTP() s4:kdc: Prefer explicit initialization to ZERO_STRUCT() s4:kdc: Remove duplicate function signature s4:kdc: Use smb_krb5_data_from_blob() s4:kdc: Remove unused flags s4:kdc: Check result of dom_sid_parse() s4:kdc: Handle invalid enum values s4:kdc: Check result of talloc_realloc() s4:kdc: Make functions to add special SIDs non‐static claims.idl: Allow empty claim value buffers claims.idl: Be more lenient in our expectations for the compression of claims s4:kdc: Check return value of samdb_result_dom_sid() s4:kdc: Remove unused talloc context s4:kdc: Check return value of smb_krb5_principal_get_comp_string() s4:kdc: Correct error message s4:kdc: Initialize pointers to NULL s4:kdc: Fix error message s4:kdc: Inline samba_get_requester_sid_pac_blob() s4:kdc: Allocate contents of PAC blobs on blob talloc contexts s4:kdc: Don’t operate directly on caller‐owned pointer s4:kdc: Fix leaks docs-xml: Add missing paragraph section python:tests: Remove unused variables python:tests: Fix invalid escape sequence s3:rpc_server: Fix inverted error messages s4:kdc: Inline samba_get_pac_attrs_blob() s4:scripting: Fix comments s4:scripting: Prefer ‘x not in y’ to ‘not x in y’ s4:dsdb: Parenthesize macro expression s4:dsdb: Prefer explicit initialization to ZERO_STRUCT() s4:auth: Check return values of talloc functions s4:auth: Fix leaks s4:kdc: Add correct Asserted Identity SID in response to an S4U2Self request s4:kdc: Fix leaks s4:kdc: Use common exit point for functions s4:kdc: Fix leak s4:kdc: Avoid potential use‐after‐free s4:kdc: Check for overflow when adding a domain group SID s4:kdc: Don’t corrupt domain groups structure if talloc_realloc() fails s4:kdc: Assign RID and attribute together s4:kdc: Directly zero‐initialize PAC_DOMAIN_GROUP_MEMBERSHIP structure s4:kdc: Increment PAC_DEVICE_INFO::domain_group_count only after SID has been successfully added s4:kdc: Allocate variables on to more suitable memory context s4:kdc: Fix leak s4:kdc: Use temporary memory context in samba_kdc_verify_pac() s4:kdc: Introduce a temporary talloc context in samba_kdc_update_pac() s4:kdc: Add common out path to pac_blobs_from_krb5_pac() s4:kdc: Don’t corrupt pac_blobs structure if talloc_realloc() fails s4:kdc: Make ‘struct pac_blobs’ memory handling safer and more consistent s4:kdc: Make pac_blobs_remove_blob() never fail s4:kdc: Have samba_krbtgt_is_in_db() return a krb5_error_code s4:kdc: Have samba_krbtgt_is_in_db() take a const KDC entry s4:kdc: Rename ‘status’ variables to ‘reply_status’ s4:kdc: Make RODC ID checks easier to understand with more clearly‐named variables s4:kdc: Prefer explicit initialization to ZERO_STRUCTP() s4:kdc: Be sure not to pass a NULL pointer into strcmp() s4:kdc: Fix leaks lib:krb5_wrap: Eliminate redundant code from smb_krb5_sockaddr_to_kaddr() lib:krb5_wrap: Have smb_krb5_principal_get_realm() check the return values of intermediate functions lib:krb5_wrap: Add smb_krb5_princ_component() lib:krb5_wrap: Add Heimdal‐specific smb_krb5_princ_component() implementation s4:dsdb: Switch to using smb_krb5_princ_component() s4:kdc: Switch to using smb_krb5_princ_component() s4:rpc_server: Switch to using smb_krb5_princ_component() lib:krb5_wrap: Remove Heimdal‐only krb5_princ_component() implementation nsswitch: Fix script usage s3:script: Fix script usage lines s4:selftest: Fix script usage lines s4:setup: Fix script usage line testprogs: Fix script usage lines s4:kdc: Remove ks_is_tgs_principal() ldb: Prefer explicit initialization to ZERO_STRUCT() s4:wrepl_server: Correctly read ‘type’ element s4:kdc: Don’t prepend useless colon to MIT KDC logging messages s3:net: Check return value of data_blob_talloc() tests/krb5: Rename ‘client_claims’ to ‘claims_metadata’ fsrvp.idl: Remove excess zero digit from literal dsgetdcname: Remove excess zero digits from literals s3:winbindd: Add zero digit to literal s4:dsdb: Fix comment libcli/security: Add header guard libcli/security: Use correct union member libcli/security: Remove bool_value member libcli/security: Const‐qualify function parameters libcli/security: Add some missing declarations libcli/security: Add function to convert token claims to security attribute claims libcli/security: Emit error message if program is too large tests/krb5: Match filter after transforming test name python:tests: Fix invalid escape sequences libcli:security: Add SELF SID constant libcli:security: Use SELF SID constant libcli:security: Correct Asserted Identity SID definitions s4:dsdb: Use NULL SID constant s4:kdc: Use Asserted Identity SID constants libcli:security: Add Compounded Authentication and Claims Valid SID constants s4:kdc: Use Compounded Authentication and Claims Valid SID constants s4:auth: Use Anonymous and System SID constants s4:dsdb: Use Builtin SID constant s4:ntvfs: Use World and System SID constants s4:rpc_server: Use Builtin SID constant s4:torture: Use SID constants s4:auth: Correct error message python:tests: Remove unused import libcli/security: Remove unused macro libcli/security: Remove unused flag SDDL_FLAG_EXPECTING_END libcli/security: Remove unused flag SDDL_FLAG_IS_ATTR libcli/security: Remove unused flag SDDL_FLAG_IS_LITERAL libcli/security: Remove unused flag SDDL_FLAG_IS_FAKE_OP libcli/security: Refer to UTF‐16 code units rather than to codepoints libcli/security: Use ACL revision constants libcli/security: Fix code formatting libcli/security: Test hex‐escapes that should be literals lib/krb5_wrap: Make use of smb_krb5_make_data() lib/krb5_wrap: Simplify assignments lib:audit_logging: Initialize ‘tm’ structure s3:lib: Initialize ‘tm’ structure s3:modules: Initialize ‘tm’ structure s3:passdb: Initialize ‘tm’ structure s3:rpc_server: Initialize ‘tm’ structure s3:smbd: Initialize ‘tm’ structure s4:kdc: Initialize ‘tm’ structure s4:kdc: Fix ldb_msg_find_krb5time_ldap_time() s4:torture: Initialize ‘tm’ structure s4:auth: Make returning resource groups the last thing we do s4:auth: Introduce helper variable ‘resource_groups_in’ s4:auth: Return a talloc‐allocated resource groups structure s4:auth: Fix ‘user_info_dc_out’ leak s4:kdc: Move encode_claims_set() into the auth_session subsystem s4:auth: Include missing headers s4:auth: Add functions to convert between different claims formats testdata: Mark compression test data as binary ndr: Display values for failed range checks pidl: Use portable format specifiers librpc/ndr: Use portable format specifiers librpc: Use portable format specifiers pidl: Use INT_MAX as enum constant for portability librpc: Fix typos in error messages tests/krb5: Sort imports tests/krb5: Allow variation in PADATA_PW_SALT tests/krb5: Allow filter for tests that crash Windows tests/krb5: Allow multiple ticket modification functions tests/krb5: Don’t bother regenerating the PAC if modify_pac_fn or update_pac_checksums are false tests/krb5: Allow passing mapping=None to map_to_sid() tests/krb5: Make set_pac_sids() parameters keyword‐only tests/krb5: Make optional ‘user_rid’ parameter to set_pac_sids() tests/krb5: Make optional ‘domain_sid’ parameter to set_pac_sids() tests/krb5: Have set_pac_sids() accept lone RIDs as well as full SIDs tests/krb5: Add method to replace the device SIDs in a PAC tests/krb5: Add method to replace client or device claims in a PAC tests/krb5: Add samba.tests.krb5.conditional_ace_tests lib:compression: Fix building with FORTIFY_SOURCE=2 lib/ldb-samba: Fix building with FORTIFY_SOURCE=2 ldb: Fix building with FORTIFY_SOURCE=2 lib/util: Fix building with FORTIFY_SOURCE=2 s3:libads: Don’t do first loop iteration if ‘attr’ is NULL s3:libads: Fix building with FORTIFY_SOURCE=2 s3:rpc_server: Fix building with FORTIFY_SOURCE=2 s3:smbd: Fix building with FORTIFY_SOURCE=2 s4:ntvfs: Fix building with FORTIFY_SOURCE=2 s4:torture: Fix building with FORTIFY_SOURCE=2 libcli/security: Conform to Samba’s brace style libcli/security: Parenthesize macro parameter libcli/security: Have security_ace_equal() handle callback and resource ACEs libcli/security: Handle new ACE types with sec_ace_object() s4:auth: Ensure that some parameters are not NULL lib:krb5_wrap: Include missing headers .gitattributes: Mark large data file as binary s4:kdc: Prefer explicit initialization to ZERO_STRUCTP() s4:kdc: Check that principal being copied is not NULL s4:kdc: Remove unnecessary assignments s4:kdc: Initialize pointer to NULL ndr: Parenthesize expressions to be cast pidl: Parenthesize expression to be cast s4:dsdb: Add parameters for claims and device SIDs to security_token_create() s4:dsdb: Add session info flag to indicate authentication with a device s4:auth: Rename parameter to match function implementation s4:auth: Reformat function calls s4:kdc: Reformat function call s4:auth: Add parameters for claims and device info to auth_generate_security_token() s4:kdc: Add parameters for claims and device info to authn_policy_access_check() s4:kdc: Add claims parameter to authn_policy_authenticate_from_device() s4:kdc: Add parameters for claims and device info to authn_policy_authenticate_to_service() s4:kdc: Remove unused memory context from samba_kdc_lookup_realm() s4:kdc: Remove ‘compounded_auth’ parameter from samba_kdc_get_user_info_dc() s4:kdc: Have callers of samba_kdc_get_user_info_dc() themselves add the Claims Valid SID s4:kdc: Remove ‘claims_valid’ parameter from samba_kdc_get_user_info_dc() s4:kdc: Have callers of samba_kdc_get_user_info_dc() themselves add an Asserted Identity SID s4:kdc: Remove ‘asserted_identity’ parameter from samba_kdc_get_user_info_dc() tests/krb5: Initialize variable tests/krb5: Add method to perform an armored AS‐REQ tests/krb5: Add tests performing AS‐REQs armored with unacceptable tickets s4:kdc: Remove device PAC validation s4:kdc: Remove unused parameters from samba_kdc_verify_pac() tests/krb5: Add Device Restriction tests for silos and authentication policies in the KDC third_party/heimdal_build: Define HAVE_KRB5_PAC_IS_TRUSTED when using embedded Heimdal s4:kdc: Add ‘samba_kdc_entry_pac’ wrapper type s4:kdc: Remove unused declaration s4:kdc: Fix indentation s4:kdc: Add function to determine whether a KDC entry represents a trust s4:kdc: Add function to get device PAC entry from Heimdal request structure s4:kdc: Make use of ‘samba_kdc_entry_pac’ wrapper type tests/krb5: Test that the correct Asserted Identity SID is added when inner FX‐FAST padata is used libcli/security: Initialize conditional ACE token s4:kdc: Rename ‘skdc_entry’ parameter of samba_kdc_get_user_info_from_db() to ‘entry’ s4:kdc: Rename ‘user_info_dc’ parameter of samba_kdc_get_user_info_from_db() to ‘info_out’ s4:kdc: Rename ‘skdc_entry’ parameter of samba_kdc_get_user_info_dc() to ‘entry’ s4:kdc: Rename ‘user_info_dc_out’ parameter of samba_kdc_get_user_info_dc() to ‘info_out’ s4:kdc: Add ‘msg’ parameter to samba_kdc_get_user_info_dc() s4:kdc: Replace calls to samba_kdc_get_user_info_from_db() with calls to samba_kdc_get_user_info_dc() s4:kdc: Inline samba_kdc_get_user_info_from_db() into its only caller s4:kdc: Rename samba_kdc_get_user_info_dc() to samba_kdc_get_user_info_from_db() s4:kdc: Rename samba_kdc_entry::user_info_dc to samba_kdc_entry::info_from_db s4:kdc: Pass Kerberos context into samba_kdc_get_device_info_blob() s4:kdc: Modify samba_kdc_get_user_info_from_db() to return a Kerberos error code s4:kdc: Make boolean members into bit‐fields s4:kdc: Add ‘samdb’ parameter to samba_kdc_verify_pac() s4:kdc: Add ‘samdb’ parameter to samba_kdc_get_device_info_blob() s4:kdc: Pass ‘samdb’ into samba_kdc_get_user_info_from_db() s4:kdc: Rename local variable ‘user_info_dc’ to ‘info’ s4:kdc: Check parameters of samba_kdc_get_user_info_from_db() s4:kdc: Initialize out parameter of samba_kdc_get_user_info_from_db() s4:kdc: Introduce intermediate variable ‘resource_groups’ s4:kdc: Fix leak s4:kdc: Rename parameter ‘user_info_dc_out’ to ‘info_out’ s4:kdc: Rename variable ‘user_info_dc’ to ‘info’ s4:kdc: Split samba_kdc_get_user_info_from_pac() out of samba_kdc_obtain_user_info_dc() s4:kdc: Remove common out path from samba_kdc_obtain_user_info_dc() s4:kdc: Simplify memory management with talloc stackframe s4:kdc: Check parameters of samba_kdc_get_user_info_from_pac() s4:kdc: Make ‘resource_groups_out’ parameter const s4:kdc: Pass resource groups parameter only if we are creating a TGT s4:kdc: Pass AUTH_EXCLUDE_RESOURCE_GROUPS into samba_kdc_obtain_user_info_dc() s4:kdc: Remove ‘group_inclusion’ parameter from samba_kdc_obtain_user_info_dc() s4:kdc: Label ‘resource_groups_out’ parameter s4:kdc: Always fetch resource groups s4:kdc: Cache user info and resource groups from PACs s4:kdc: Rename samba_kdc_obtain_user_info_dc() to samba_kdc_get_user_info_dc() s4:kdc: Declare ‘auth_entry’ to be of type ‘samba_kdc_entry_pac’ s4:auth: Have claims_data_encoded_claims_set() return a reference to the encoded claims s4:auth: Explicitly initialize claims structures s4:kdc: Add functions to fetch claims from the DB or from the PAC s4:kdc: Modify samba_kdc_get_claims_blob() to use claims_data functions s4:kdc: Remove unused function get_claims_blob_for_principal() s4:kdc: Create the Requester SID blob only if we actually need it s4:kdc: Simplify samba_kdc_check_device() by calling samba_kdc_get_user_info_dc() s4:kdc: Note use of parent memory context s4:kdc: Simplify creation of device claims blob s4:kdc: Introduce helper variable ‘server_restrictions_present’ s4:kdc: Remove ‘claims_valid’ parameter from samba_kdc_add_claims_valid() s4:kdc: Remove ‘compounded_auth’ parameter from samba_kdc_add_compounded_auth() s4:kdc: Make samba_kdc_add_compounded_auth() static tests/krb5: Correctly test services that do not support Compound Identity s4:kdc: Do not perform compound authentication for services without Compound Identity support s4:kdc: Fetch device claims for server restrictions s4:kdc: Have samba_kdc_allowed_to_authenticate_to() take claims and device info s4:kdc: Use claims and device info to evaluate server authentication policy s4:kdc: Use device claims to evaluate client authentication policy s4:kdc: Use ‘claims_data’ functions to create client claims blob s4:kdc: Make samba_kdc_get_user_info_dc() non‐static s4:kdc: Use claims and device info to evaluate server authentication policy third_party/heimdal: Fix PKINIT freshness token memory handling (Import lorikeet-heimdal-202310092148 (commit 38aa80e35b6b1e16b081fa9c005c03b1e6994204)) s4:kdc: Adapt interface to new Heimdal revision s4:kdc: Factor creation of user_info_dc out of samba_kdc_check_s4u2proxy_rbcd() into its callers s4:kdc: Add comment regarding RODC‐issued evidence tickets for constrained delegation s4:kdc: Call samba_kdc_get_user_info_dc() to get client information s4:kdc: Rename ‘user_info_dc’ to ‘client_info’ s4:kdc: Pass claims and device info into samba_kdc_check_s4u2proxy_rbcd() s4:kdc: Use device info to evaluate RBCD conditions s4:kdc: Use claims to evaluate RBCD conditions s4:dsdb: Skip allocation of empty device SIDs array s4:kdc: Always regard device info when checking a server authentication policy lib:compression: Correctly fix sign extension of long matches (CID 1517275) lib:printer_driver: Check return value of gp_inifile_enum_section() (CID 1444835) lib:replace: Properly check result of write() and read() (CID 1034925) tdb: Do not pass non–null‐terminated strings to strcmp() (CID 1449485) util: Remove redundant assertion (CID 1497841) lib:util: Remove always‐false comparison (CID 242193) smbXcli: Remove unreachable code (CID 1444978) s3:client: Correctly call setgroups() (CID 1449449) s3:lib: Rearrange preprocessor directives to avoid structurally dead code (CID 242032) Revert "s3:libads: Don’t do first loop iteration if ‘attr’ is NULL" s3:libnet: Remove always‐false comparison (CID 241309) s3:libsmb: Fix array traversal (CID 1034683) s3:modules: Remove unreachable code (CID 1508998) s3:modules: Initialize mask_permset (CID 1435850) s3:nmbd: Remove redundant code (CID 1414756) s3:rpcclient: Do not pass uninitialized pointer to printf() (CID 1476170) s3:smbd: Avoid integer overflow (CID 1035487) Revert "smbd: Fix CID 1504457 Resource leak" smb2_server: Remove unreachable code (CID 1444981) smb2_server: Check status codes (CID 1474441) s3:utils: Avoid integer overflow (CID 1035488) s3:utils: Check return value of cli_RNetServiceEnum() (CID 1273313) s4:auth: Fix resource leak (CID 1107222) s4:auth: Remove event context on failure s4:dns_server: Merge similar code paths s4:dns_server: Check return value of ldb_transaction_commit() (CID 1034631) s4:dsdb: Check whether ‘p’ is NULL before dereferencing it (CID 240875) s4:dsdb: Permit forward link to be missing in linked_attributes_fix_forward_link() s4:dsdb: Check return code (CID 1444824/1444844) s4:dsdb: Remove unreachable code (CID 1034686) s4:dsdb: Fix unreachable code (CID 1435967) s4:dsdb: Check return value of ldb_msg_add_empty() (CID 1272827) s4:dsdb: Replace early ‘continue’ with ‘if’ statement (CID 1414738) s4:dsdb: Log correct ldb error s4:dsdb: Don’t overwrite existing error code (CID 1445263) s4:libcli: Remove unnecessary casts s4:libcli: Check return value of convert_string_talloc() (CID 1272839) s4:messaging: Remove redundant code s4:ntvfs: Remove unneeded NULL check (CID 240771) s4:ntvfs: Remove dead code path s4:ntvfs: Correctly acknowledge PVFS_FLAG_STRICT_SYNC flag (CID 241154) s4:rpc_server: Check mkdir() return value (CID 1034649) s4:rpc_server: Check return values of gnutls functions (CID 1452111) buildtools: Remove semicolons examples: Don’t use deprecated method ‘has_key()’ examples: Fix invalid escape sequences python:colour: Fix exception message python:subunit: Use now() instead of utcnow() python:tests: Use assertEqual() instead of assertEquals() python:tests: Fix exception message python:tests: Fix comment python:tests: Correct search expression python:tests: Remove semicolons python:tests: Use now() instead of utcnow() tests/krb5: Use assertEqual() instead of assertEquals() tests/krb5: Fix assertion messages s3:script: Remove semicolons s4:dsdb:tests: Remove unused imports s4:dsdb:tests: Remove unused variables s4:dsdb:tests: Fix assertion messages s4:dsdb:tests: Use loadTestsFromTestCase() instead of makeSuite() s4:torture: Use assertEqual() instead of assertEquals() selftest: Use now() instead of utcnow() wintest: Fix invalid escape sequences Jule Anger (1): ldb: change the version to 2.9.0 for Samba 4.20 Kacper (1): samba-tool: Fix for gpo restore not working without --tmpdir Martin Schwenke (12): ctdb-tools: Fix CID 1539212 - signed/unsigned issue ctdb-doc: Fix documentation for ctdb event status ctdb-common: Improve error handling ctdb-common: Replace pcap_open_live() by lower level calls ctdb-common: Set immediate mode for pcap capture util: Avoid logging to multiple backends for stdout/stderr ctdb-daemon: Call setproctitle_init() ctdb-doc: Update CTDB manual pages to UTF-8 ctdb-doc: Add some subsection names in description ctdb-scripts: Avoid errors for uninitialised counters ctdb-scripts: Implement failcount handling with thresholds ctdb-scripts: Convert 40.vsftpd to use threshold-based fail counting Michael Tokarev (1): python/samba/netcmd/domain/schemaupgrade.py: fix missing newline MikeLiu (2): vfs_aio_pthread: use SMB_VFS_NEXT_OPENAT() in aio_pthread_openat_fn() streams_depot: Goto done if FSETXATTR SAMBA_XATTR_MARKER failed Noel Power (6): selftest: Add new dfs share (with widelinks enabled) sefltest: Add new regression test dfs with widelinks = yes s3/modules: Add flag indicating if connected share is a dfs share s3/modules: Fix DFS links when widelinks = yes pidl/lib: Add recursion detection logic to prevent looping. pidl/tests: Add tests for hang with nested struct. Pavel Filipenský (16): s4:auth: Fix trailing whitespaces in kerberos_util.c auth:kerberos: Fix resource leak in parse_principal() auth:kerberos: Fix resource leak in smb_krb5_get_keytab_container() auth:kerberos: Fix resource leak in smb_krb5_update_keytab() auth:credentials: Fix resource leak in cli_credentials_set_from_ccache() lib:krb5_wrap: Fix resource leak in smb_krb5_kt_seek_and_delete_old_entries s3:winbindd: Avoid doing the same assignment twice s3:winbindd: Use a correct value for the length of domain children docs:smbdotconf: Inform that changing 'winbind max domain connections' needs a restart s3:tests: Fix smbspool_argv_wrapper.c s3:tests: test_smbspool.sh should be calling smbspool_argv_wrapper s3:tests: Fix init of samba_kdestroy in test_smbclient_kerberos.sh s3:tests: Fix syntax error in test_smbclient_kerberos.sh s3:tests: Check if test_smbclient_kerberos.sh was successful s3:winbindd: Skip check_negative_conn_cache() if saf_servername == NULL s3:winbindd: Call winbind_add_failed_connection_entry() for the correct dc name Pavel Kalugin (27): s3:param: Use lpcfg_set_cmdline() examples: Use lpcfg_set_cmdline() s3:rpcclient: Use lpcfg_set_cmdline() s3:rpc_server: Use lpcfg_set_cmdline() in test_mdsparser_es s3:utils: Use lpcfg_set_cmdline() in dbwrap_tool s3:utils: Use lpcfg_set_cmdline() in dbwrap_torture s3:utils: Use lpcfg_set_cmdline() in mdsearch s3:utils: Use lpcfg_set_cmdline() in net s3:utils: Remove trailing spaces in pdbedit; no changes s3:utils: Use lpcfg_set_cmdline() in pdbedit s3:utils: Use lpcfg_set_cmdline() in regedit s3:utils: Use lpcfg_set_cmdline() in sharesec s3:utils: Use lpcfg_set_cmdline() in smbcacls s3:utils: Remove trailing spaces in smbcacls; no changes s3:utils: Use lpcfg_set_cmdline() in smbcontrol s3:utils: Remove trailing spaces in smbcontrol; no changes s3:utils: Use lpcfg_set_cmdline() in smbcquotas s3:utils: Remove trailing spaces in smbcquotas; no changes s3:utils: Use lpcfg_set_cmdline() in smbstatus s3:utils: Use lpcfg_set_cmdline() in testparm s3:utils: Use lpcfg_set_cmdline() in vfstest s3:notifyd: Use lpcfg_set_cmdline() s3:torture: Use lpcfg_set_cmdline() s3:utils: Use lpcfg_set_cmdline() in smbpasswd libnetapi: Use lpcfg_set_cmdline() s3:netapi: Fix a leak in libnetapi_net_init() s3:libsmb: Use lpcfg_set_cmdline() Ralph Boehme (6): mdssvc: better support for search with mdfind from Macs smbd: make vfs_stat_fsp() a no-op on fake file-handles s3: smbd: Ignore fstat() error on deleted stream in fd_close(). CVE-2023-4091: smbtorture: test overwrite dispositions on read-only file CVE-2023-4091: smbd: use open_access_mask for access check in open_file() s4:torture/smb2: fix typo in acls.c Rob van der Linde (41): netcmd: user: turn user.py into module netcmd.user netcmd: user: move user add command netcmd: user: move user delete command netcmd: user: move user enable command netcmd: user: move user disable command netcmd: user: move user list command netcmd: user: move user setexpiry command netcmd: user: move common code used by various password commands netcmd: user: move user password command netcmd: user: move user getgroups command netcmd: user: move user setprimarygroup command netcmd: user: move user setpassword command netcmd: user: move user getpassword and syncpasswords commands netcmd: user: move user edit command netcmd: user: move user show command netcmd: user: move user move command netcmd: user: move user rename command netcmd: user: move user unlock command netcmd: user: move user add_unix_attrs command netcmd: user: move user sensitive command netcmd: user: readpasswords: turn getpassword.py into readpasswords module netcmd: user: readpasswords: move show command to readpasswords netcmd: user: readpasswords: move common.py to readpasswords netcmd: user: readpasswords: move getpassword command to readpasswords netcmd: user: readpasswords: move syncpasswords command to readpasswords netcmd: tests: avoid the need to create a random command in GetSamDB netcmd: tests: bugfix: argument -U was already in creds so listed twice python: tests: implement setUpTestData overridable class method netcmd: tests: make _run a classmethod in SambaToolCmdTest netcmd: tests: tests tidyup and make use of setUpTestData netcmd: tests: test that create objects make use of addCleanup netcmd: tests: modify claim cli tests setup their own test data netcmd: tests: modify auth policy cli tests setup their own test data netcmd: tests: modify auth silo cli tests setup their own test data netcmd: models: field to_db_value needs ldb param netcmd: models: add FieldError subclass which stores the field netcmd: models: add SDDL model field netcmd: models: add SDDL fields to AuthenticationPolicy model netcmd: auth: add new SDDL fields to create and modify auth policy commands netcmd: tests: add some tests for valid and invalid SDDL in cli commands netcmd: auth: manpage documentation for conditional ace fields Samuel Cabrero (15): s3:libnetapi: Return error from RequestOfflineJoin s3:libnetapi: Add some comments to document ODJ blob charset conversions s3:libnetapi: Add NetComposeOfflineDomainJoin() to IDL s3:libnetapi: Add NetComposeOfflineDomainJoin() boilerplate s3:libnetapi: Add NetComposeOfflineDomainJoin() to API. s3:libnetapi: Implement NetComposeOfflineDomainJoin_l() s3:net: Add "net offlinejoin composeodj" command s3:net: Load ODJ blob from file only if "loadfile" parameter is present s3:net: Allow to load ODJ blob from stdin testprogs: Cleanup machine account in net offlinejoin tests testprogs: Add net offlinejoin composeodj tests netapi: Pass loadparm_context to libnetapi_net_init() netapi: Pass net's cmdline credentials to libnetapi_net_init() auth:credentials: Check if password_obtained > obtained testparm: Allow idmap ranges overlap for idmap_nss Stefan Metzmacher (43): VERSION: Bump version up to 4.20.0pre1... WHATSNEW: Start release notes for Samba 4.20.0pre1. paged_results: add no memory checks in paged_search() s4:torture/ndr: add tests for DCERPC_PKT_CO_CANCEL and DCERPC_PKT_ORPHANED librpc/rpc: let dcerpc_read_ncacn_packet_next_vector() handle fragments without any payload dcerpc.idl: fix definitions for DCERPC_PKT_CO_CANCEL and DCERPC_PKT_ORPHANED payload s4:torture/smb2: let torture_smb2_con_sopt() use smb2_connect() s4:torture/smb2: let us have a common torture_smb2_con_share() s4:torture/smb2: make it possible to pass existing_conn to smb2_connect_ext() s4:torture/smb2: add smb2.multichannel.bugs.bug_15346 s3:smbd: always clear filter_subreq in smb2srv_client_mc_negprot_next() s3:smbd: fix multichannel connection passing race smb2_server: avoid ZERO_STRUCT*() in the core code smb2_server: move struct msghdr to smbd_smb2_request_read_state smb2_server: remove state->hdr.done and always set state->vector first smb2_server: split smbd_smb2_advance_incoming() out of smbd_smb2_io_handler() lib/util: inline iov_{buflen,buf,advance}() smb2_server: change smbd_smb2_advance_incoming() to use iov_advance() smb2_server: simplify smbd_smb2_advance_incoming() recvfile logic smb2_server: split out smbd_smb2_advance_send_queue() out of smbd_smb2_flush_send_queue() smb2_server: split out smbd_smb2_flush_with_sendmsg() out of smbd_smb2_flush_send_queue() smb2_server: move struct msghdr to smbd_smb2_send_queue .gitlab-ci: restore starting ubuntu2204-samba-o3 for the default pipeline .gitlab-ci: make it explicit that some tests require ext4/5.15 kernel nsswitch: add test for pthread_key_delete missuse (bug 15464) nsswitch/wb_common.c: fix build without HAVE_PTHREAD nsswitch/wb_common.c: winbind_destructor can always use get_wb_global_ctx() nsswitch/wb_common.c: don't operate on a stale wb_global_ctx.key nsswitch/wb_common.c: fix socket fd and memory leaks of global state selftest: add some basic testing for the io_uring vfs module .codespellignore: adjust in order to pass on ubuntu 22.04 bootstrap: install codespell, shfmt and shellcheck also on debian/ubuntu gitlab-ci: run samba-codecheck on ubuntu22.04 tevent: introduce DLIST_DEMOTE_SHORT() lib/util: sync DLIST_DEMOTE_SHORT() changes to dlinklist.h ldb: sync DLIST_DEMOTE_SHORT() changes to include/dlinklist.h tevent: split out a tevent_common_fd_disarm() helper tevent: add tevent_common_fd_mpx infrastructure tevent: let tevent_epoll.c use new generic mpx infrastructure tevent: add test_fd_speed3 tevent: add test_event_fd3 tevent: add support for TEVENT_FD_ERROR tevent: version 0.16.0 Volker Lendecke (152): smbd: Don't crash in cli_fsctl_send() libcli: Make symlink_reparse_buffer_parse() more flexible libcli: Add general reparse point data parsing libsmb: Use reparse_data_buffer_parse() in cli_readlink() libsmb: Use reparse_data_buffer_parse() to get symlink error resp pylibsmb: Use reparse_data_buffer_parse() libsmb: Some README.Coding for symlink_reparse_buffer_parse() libsmb: Move symlink_reparse_buffer_parse() to reparse.c libsmb: Factor out cli_get_reparse_data() from cli_readlink() libsmb: Retry with OPEN_REPARSE_POINT on IO_REPARSE_TAG_NOT_HANDLED smbclient3: Get all reparse data for allinfo passdb: Fix a DBG message passdb: Fix whitespace passdb: Fix a DBG statement idmap: Fix whitespace idmap_tdb: Remove a variable never used idmap:fix whitespace lib: Move few bytes of R/W data to R/O text smbd: Use struct initialization smbd: Fix DBG macro dbwrap: Simplify dbwrap_change_uint32_atomic_action() dbwrap: Simplify dbwrap_change_int32_atomic_action() smbstatus: Fix CID 1507870 Uninitialized pointer read smbstatus: Fix CID 1507865 Uninitialized pointer read smbd: Use "dirfsp" in smb_posix_open() smbd: Use "dirfsp" in smb_posix_unlink() smbd: Pass down "dirfsp" to smb_unix_mknod() libsmb: A bit README.Coding for cli_qpathinfo2() tevent: Fix a typo audit_logging: Simplify json_add_stringn() with json_stringn() libsmb: Add cli_smb2_qpathinfo_send/recv() libsmb: Use cli_smb2_qpathinfo() for streams libsmb: Use cli_smb2_qpathinfo() in cli_qpathinfo2() libsmb: Use cli_smb2_qpathinfo_basic() in cli_getatr() smbclient: Don't give up in allinfo if getting advanced info fails torture3: Avoid unused variables libsmb: Move cli_qpathinfo1() to torture3 libsmb: Move cli_raw_ioctl() to torture3 libsmb: Use tevent_req_oom() where appropriate libsmb: Remove a duplicate TALLOC_FREE() libsmb: Use tevent_req_nterror() properly clifuse: Use direct FSCC info level libcli: Add required #includes to smbXcli_base.h tests: Create symlinks using posix extensions tests: Add test_symlink_reparse_data_buffer_parse libsmb: Fix parsing symlink reparse points tests: Add reproducer for BZ15481 smbd: Fix BZ15481 conf: Remove "smb3 unix extensions" parameter libsmb: Add sync cli_mknod() for smbclient3's use smbclient: Add mkfifo command libsmb: Add reparse_data_buffer_marshall() libsmb: Use reparse_data_buffer_marshall() in py_reparse_symlink_put() libsmb: Factor out cli_create_reparse_point() from cli_symlink() libsmb: Use reparse_data_buffer_marshall() in cli_symlink_send() libsmb: Use reparse_data_buffer_marshall() in py_reparse_put() libsmb: Remove reparse_symlink.c libsmb: Extend cli_mknod to create NFS reparse points smbclient: Save lines with talloc_asprintf_addbuf() libsmb: Remove unused cli_is_nt_error() libsmb: Remove a call to SMBC_errno() libsmb: Remove a call to SMBC_errno() libsmb: Remove a call to SMBC_errno() libsmb: Remove SMBC_errno() libsmb: Eliminate a reader of cli->raw_status libsmb: Remove unused cli_dos_error() libsmb: Remove unused cli_is_dos_error() lib: Modernize tdb_fetch_lifetime() lib: Avoid a tdb handle leak examples: Use explicit SMBCCTX smbd: Modernize a few DBG statements libsmb: Remove two #defines just used once examples: Slightly modernize printfs in teststat clifuse: Use an empty array for holding the inode path clifuse: Start implementing forget() libcli: Correct guard #define libsmb: Make libsmb/clispnego.c static to libads/ libsmb: Pass neg contexts through sync smbXcli_negprot_recv() tests: We always do smb3 unix extensions tests: Run smb3unix tests with SMB1 pylibsmb: Py_BuildValue can build tuples directly libsmb: Allow NULL print_name in reparse_data_buffer_marshall() idl: Add smb3posix.idl smbd: Use smb3posix marshalling in smbd_smb2_create_after_exec() smbd: Add smb3_file_posix_information_init() smbd: Modernize a DEBUG statement smbd: Use Use smb3posix marshalling in in smbd_marshall_dir_entry() smbd: Use Use smb3posix marshalling in in smbd_do_qfilepathinfo() smbd: Remove unused marshalling of smb3posix file information libndr: Factor out ndr_pull_struct_blob_noalloc() libsmb: Pass NTTIME to interpret_long_date() libsmb: Use pidl generated parsing for posix file info smbd: Pass "struct vfs_open_how" to reopen_from_procfd() smbd: Pass "struct vfs_open_how" to fd_open_atomic() smbd: Pass "struct vfs_open_how" to reopen_from_fsp() smbd: Slightly simplify open_file() smbd: Remove variable "accmode" from open_file() smbd: Don't change incoming flags in open_file() smbd: Simplify open_file() smbd: Simplify an if-condition in open_file() smbd: Simplify open_file() smbd: Simplify open_file() smbd: Simplify open_file() smbd: Make open_file() a bit safer smbd: Remove "local_flags" from open_file() smbd: Pass struct vfs_open_how to open_file() smbd: Remove "flags2" from open_file_ntcreate() vfs: Add VFS_OPEN_HOW_WITH_BACKUP_INTENT libsmb: Add "flags" to cli_smb2_close_fnum_send() libsmb: Pass "flags" through cli_close_send() and pylibsmb pylibsmb: Add SMB2_CLOSE_FLAGS_FULL_INFORMATION constant tests: Add reproducer for bug 15487 ctdb: Fix whitespace ctdb: Reduce indentation in get_tunable_values() ctdb: Align variable signedness ctdb: setup $CTDB_BASE for deterministic ip alloc tests ctdb: Add "home_nodes" file to deterministic IP allocation smbd: Expand IS_DOS_* macros libsmb: Expand IS_DOS_* macros smbd: Expand IS_DOS_ARCHIVE() macros smbd: Expand IS_DOS_READONLY() macros examples: Expand IS_DOS_DIR() macros libsmb: Expand IS_DOS_DIR() macro Remove IS_DOS_*() macros pdb: Slightly simplify pdb_samba_dsdb_set_trusteddom_pw() lsa_srv4: Fix a typo dsdb: Slightly simplify dsdb_trust_get_incoming_passwords() rpc_netlogon4: Simplify dcesrv_netr_ServerAuthenticate3_helper() rpc_server3: Remove a duplicate comment rpc_server3: Avoid a pointless DEBUGADD smbd: Avoid casts in a DBG statement libsmb: Remove unused smb2_create_blob_remove() smbd: Reduce indentation, remove a nested if-statement smbd: Modernize two DBG statements vfs: Fix a typo smbd: Fix a typo smbd: Use SMB_VFS_FSTATAT() instead of SMB_LSTAT() smbd: Remove a pointless NULL check smbd: is_in_path() deals with a NULL namelist libcli: Convert security_token_debug_privileges() to talloc_asprintf libcli: Make security_token_debug() use just one DEBUG statement libcli: Make debug_unix_user_token() use just one DEBUG statement smbclient: Always ask for SMB311 posix in negprot libsmb: Ask for posix semantics if requested examples: Print file type as part of teststat libsmb: Add placeholder "mode" parameter to cli_qpathinfo2() libsmb: Query reparse tag in cli_qpathinfo2 libsmb: Parse reparse tag in query_directory response libsmbclient: Add smbc_[gs]etOptionPosixExtensions() libsmbclient: Read the file type from the server with posix enabled examples: Enable posix for teststat libsmb: Use cli_smb2_qpathinfo_send() for SMB_QUERY_FILE_ALT_NAME_INFO ----------------------------------------------------------------------- -- Samba Shared Repository