[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 0837d0b python: Provide Python bindings for messaging.idl via a3c9ad5 messaging: Declare well known server name auth_events as AUTH_EVENT_NAME in IDL via 6e87aa3 messaging.idl: Register a message type for authentication log messages via 16e9448 pymessaging: add single element tupple form of the server_id via 8c75d9f pymessaging: Add a hook to run the event loop, make callbacks practical via e92a207 server_id_db: Protect against non-0-terminated data records via 0c25c40 selftest: Test server_id database add and removal via e77c180 pymessaging: Add irpc_remove_name via 3bd9e5f pymessaging: Add support for irpc_add_name via a47a8e4 samba-tool: Ensure that samba-tool processes --name=not-existing does not error via f21c17c selftest: Add more tests for "samba-tool processes" from 782172a s3: Test for CVE-2017-2619 regression with "follow symlinks = no". https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 0837d0b9dca5efe8f9cade28fc2ed8b695d6f4c2 Author: Andrew Bartlett Date: Tue Mar 14 13:09:02 2017 +1300 python: Provide Python bindings for messaging.idl This will allow AUTH_EVENT_NAME and MSG_AUTH_LOG to be accessed from python Signed-off-by: Andrew Bartlett Reviewed-by: Garming Sam Autobuild-User(master): Andrew Bartlett Autobuild-Date(master): Tue Mar 28 13:19:03 CEST 2017 on sn-devel-144 commit a3c9ad53a2543525092e78697af9816b94281960 Author: Andrew Bartlett Date: Tue Mar 14 12:37:15 2017 +1300 messaging: Declare well known server name auth_events as AUTH_EVENT_NAME in IDL This makes it easy to ensure we use the same name in the python and the C Signed-off-by: Andrew Bartlett Reviewed-by: Garming Sam commit 6e87aa38c4daf40f089915fd5e40e97076d35aa2 Author: Andrew Bartlett Date: Tue Mar 7 15:09:38 2017 +1300 messaging.idl: Register a message type for authentication log messages Signed-off-by: Andrew Bartlett Reviewed-by: Garming Sam Pair-Programmed-by: Gary Lockyer Signed-off-by: Gary Lockyer commit 16e9448174a7cb7ece90a7a68b7f0fd8ffa4de91 Author: Gary Lockyer Date: Thu Mar 16 16:26:01 2017 +1300 pymessaging: add single element tupple form of the server_id This avoids the python code needing to call getpid() internally, while declaring a stable task_id. Signed-off-by: Gary Lockyer Reviewed-by: Andrew Bartlett Reviewed-by: Garming Sam commit 8c75d9fc73614fad29a998d08c4b11034ab2aebb Author: Andrew Bartlett Date: Tue Mar 14 12:39:13 2017 +1300 pymessaging: Add a hook to run the event loop, make callbacks practical These change allow us to write a messaging server in python. The previous ping_speed test did not actually test anything, so we use .loop_once() to make it actually work. To enable practial use a context is supplied in the tuple with the callback, and the server_id for the reply is not placed inside an additional tuple. In order to get at the internal event context on which to loop, we expose imessaging_context in messaging_internal.h and allow the python bindings to use that header. Signed-off-by: Andrew Bartlett Reviewed-by: Garming Sam commit e92a20781ca45b8696397cdef424fe8b92bee66b Author: Volker Lendecke Date: Thu Mar 23 15:48:25 2017 +0100 server_id_db: Protect against non-0-terminated data records Remove the failing test from knownfail. Signed-off-by: Andrew Bartlett Signed-off-by: Volker Lendecke Reviewed-by: Jeremy Allison Reviewed-by: Garming Sam BUG: https://bugzilla.samba.org/show_bug.cgi?id=12705 commit 0c25c40315a8255362780486d2f2e27ea0dbbff4 Author: Andrew Bartlett Date: Tue Mar 14 16:07:46 2017 +1300 selftest: Test server_id database add and removal This tests indirectly server_id_db_lookup() and server_id_db_prune_name(), as well as the imessaging and the imessaging python bindings. Signed-off-by: Andrew Bartlett Reviewed-by: Garming Sam BUG: https://bugzilla.samba.org/show_bug.cgi?id=12705 commit e77c18019aef9c98caa0b66cb2e9da5a6f58e600 Author: Andrew Bartlett Date: Tue Mar 14 13:39:00 2017 +1300 pymessaging: Add irpc_remove_name This allows tests to be indirectly added for server_id_db_lookup() and server_id_db_prune_name() Signed-off-by: Andrew Bartlett Reviewed-by: Garming Sam BUG: https://bugzilla.samba.org/show_bug.cgi?id=12705 commit 3bd9e5f4ed2362f5006144433295cde2276272c5 Author: Andrew Bartlett Date: Wed Mar 8 14:53:26 2017 +1300 pymessaging: Add support for irpc_add_name This allows tests to be indirectly added for server_id_db_lookup() Signed-off-by: Andrew Bartlett Re
[SCM] Samba Shared Repository - branch v4-6-test updated
The branch, v4-6-test has been updated via 07437b0 selftest: tests for vfs_fruite file-id behavior via 6b3cc69 torture: add torture_assert_mem_not_equal_goto() via cdf3f57 vfs_fruit: document added zero_file_id parameter via 9e7cfc4 vfs_fruit: enable zero file id via 2732b0c smbd: add zero_file_id flag via 2e9450a nsswtich: Add negative tests for authentication with wbinfo via 4a6c2da s3:libads: Remove obsolete smb_krb5_get_ntstatus_from_init_creds() from 705149d s3: locking: Update oplock optimization for the leases era ! https://git.samba.org/?p=samba.git;a=shortlog;h=v4-6-test - Log - commit 07437b080d292af086e6db7e739ff8f65f1a9be6 Author: Uri Simchoni Date: Thu Mar 23 21:32:04 2017 +0200 selftest: tests for vfs_fruite file-id behavior The test is in its own suite because it validates our hackish workaround rather than some reference implementation behavior. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12715 Signed-off-by: Uri Simchoni Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Sun Mar 26 23:31:08 CEST 2017 on sn-devel-144 (cherry picked from commit b6baf35ebde68db75515910ede26e74bb8313284) Autobuild-User(v4-6-test): Karolin Seeger Autobuild-Date(v4-6-test): Tue Mar 28 16:14:58 CEST 2017 on sn-devel-144 commit 6b3cc693907731591b8a9e2492efbaa483522558 Author: Uri Simchoni Date: Thu Mar 23 21:30:50 2017 +0200 torture: add torture_assert_mem_not_equal_goto() BUG: https://bugzilla.samba.org/show_bug.cgi?id=12715 Signed-off-by: Uri Simchoni Reviewed-by: Ralph Boehme (cherry picked from commit f31fd41ca728d664ded940a7309ef1e32383bb66) commit cdf3f5717605e7b3ef9cccd53fad08390b6a2c84 Author: Uri Simchoni Date: Thu Mar 23 14:51:32 2017 +0200 vfs_fruit: document added zero_file_id parameter BUG: https://bugzilla.samba.org/show_bug.cgi?id=12715 Signed-off-by: Uri Simchoni Reviewed-by: Ralph Boehme (cherry picked from commit e11d4eb4d5c6cfc6daa3dbdcc301a4fa83298f0e) commit 9e7cfc4384620b4f1587895613b73c19c0025670 Author: Uri Simchoni Date: Thu Mar 23 14:08:45 2017 +0200 vfs_fruit: enable zero file id Enable zero_file_id if both conditions are met: - AAPL negotiated - fruit:zero_file_id is set BUG: https://bugzilla.samba.org/show_bug.cgi?id=12715 Signed-off-by: Uri Simchoni Reviewed-by: Ralph Boehme (cherry picked from commit 245a325532c9a46ec3e459ceca38e903b203f691) commit 2732b0cb29a9182abc6473748c71d7eb6a044b49 Author: Uri Simchoni Date: Thu Mar 23 14:08:26 2017 +0200 smbd: add zero_file_id flag This flag instructs the SMB layer to report a zero on-disk file identifier. According to [MS-SMB2] 3.3.5.9.9, the reported on-disk file ID SHOULD be unique. However, macOS clients seem to expect it to be unique over time as well, like the HFS+ CNID. Reporting a file ID of 0 seems to instruct the Mac client not to trust the server-reported file ID. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12715 Signed-off-by: Uri Simchoni Reviewed-by: Ralph Boehme (cherry picked from commit 6711522e1e57980e50e245f43167d0daf5a705ad) commit 2e9450af90b48ab1f9b5db079a47ce49b43dd811 Author: Andreas Schneider Date: Mon Mar 20 12:22:44 2017 +0100 nsswtich: Add negative tests for authentication with wbinfo BUG: https://bugzilla.samba.org/show_bug.cgi?id=12708 Signed-off-by: Andreas Schneider Reviewed-by: Uri Simchoni Autobuild-User(master): Uri Simchoni Autobuild-Date(master): Wed Mar 22 10:58:58 CET 2017 on sn-devel-144 (cherry picked from commit e7d1d8c49322a131e7ca1993f9956f0bddcaff3c) commit 4a6c2da1228173dd2e3a8e13f7ce283d6ea9143b Author: Andreas Schneider Date: Tue Mar 21 09:57:30 2017 +0100 s3:libads: Remove obsolete smb_krb5_get_ntstatus_from_init_creds() There is no way we can get a better error code out of this. The original function called was krb5_get_init_creds_opt_get_error() which has been deprecated in 2008. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12708 Signed-off-by: Andreas Schneider Reviewed-by: Uri Simchoni (cherry picked from commit e2028837b958618a66449a77ee628e4e176e521e) --- Summary of changes: docs-xml/manpages/vfs_fruit.8.xml | 17 lib/torture/torture.h | 10 +++ nsswitch/tests/test_wbinfo.sh | 4 + source3/libads/kerberos.c | 169 -- source3/modules/vfs_fruit.c | 7 ++ source3/selftest/tests.py | 4 +- source3/smbd/globals.h| 1 + source3/smbd/proto.h | 1 +
[SCM] Samba Shared Repository - branch v4-5-test updated
The branch, v4-5-test has been updated via 78b188d selftest: tests for vfs_fruite file-id behavior via d89cfae torture: add torture_assert_mem_not_equal_goto() via 42b77e9 vfs_fruit: document added zero_file_id parameter via 3722b06 vfs_fruit: enable zero file id via a5c92d8 smbd: add zero_file_id flag from cecab32 s3: libgpo: Allow skipping GPO objects that don't have the expected LDAP attributes. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-5-test - Log - commit 78b188d50c13e52cd46bc1de53ca8e3638335923 Author: Uri Simchoni Date: Thu Mar 23 21:32:04 2017 +0200 selftest: tests for vfs_fruite file-id behavior The test is in its own suite because it validates our hackish workaround rather than some reference implementation behavior. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12715 Signed-off-by: Uri Simchoni Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Sun Mar 26 23:31:08 CEST 2017 on sn-devel-144 (cherry picked from commit b6baf35ebde68db75515910ede26e74bb8313284) Autobuild-User(v4-5-test): Karolin Seeger Autobuild-Date(v4-5-test): Tue Mar 28 16:23:23 CEST 2017 on sn-devel-144 commit d89cfae311e6a65249ba0ac2c44724a05ba24a65 Author: Uri Simchoni Date: Thu Mar 23 21:30:50 2017 +0200 torture: add torture_assert_mem_not_equal_goto() BUG: https://bugzilla.samba.org/show_bug.cgi?id=12715 Signed-off-by: Uri Simchoni Reviewed-by: Ralph Boehme (cherry picked from commit f31fd41ca728d664ded940a7309ef1e32383bb66) commit 42b77e93e2e9376dca1e11541d9565d417c8e4eb Author: Uri Simchoni Date: Thu Mar 23 14:51:32 2017 +0200 vfs_fruit: document added zero_file_id parameter BUG: https://bugzilla.samba.org/show_bug.cgi?id=12715 Signed-off-by: Uri Simchoni Reviewed-by: Ralph Boehme (cherry picked from commit e11d4eb4d5c6cfc6daa3dbdcc301a4fa83298f0e) commit 3722b06f12b6ab8c81411704d3fe30b33aeac696 Author: Uri Simchoni Date: Thu Mar 23 14:08:45 2017 +0200 vfs_fruit: enable zero file id Enable zero_file_id if both conditions are met: - AAPL negotiated - fruit:zero_file_id is set BUG: https://bugzilla.samba.org/show_bug.cgi?id=12715 Signed-off-by: Uri Simchoni Reviewed-by: Ralph Boehme (cherry picked from commit 245a325532c9a46ec3e459ceca38e903b203f691) commit a5c92d855d462f726f59dde42ec6a3a021eb2ab4 Author: Uri Simchoni Date: Thu Mar 23 14:08:26 2017 +0200 smbd: add zero_file_id flag This flag instructs the SMB layer to report a zero on-disk file identifier. According to [MS-SMB2] 3.3.5.9.9, the reported on-disk file ID SHOULD be unique. However, macOS clients seem to expect it to be unique over time as well, like the HFS+ CNID. Reporting a file ID of 0 seems to instruct the Mac client not to trust the server-reported file ID. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12715 Signed-off-by: Uri Simchoni Reviewed-by: Ralph Boehme (cherry picked from commit 6711522e1e57980e50e245f43167d0daf5a705ad) --- Summary of changes: docs-xml/manpages/vfs_fruit.8.xml | 17 + lib/torture/torture.h | 10 ++ source3/modules/vfs_fruit.c | 7 source3/selftest/tests.py | 4 ++- source3/smbd/globals.h| 1 + source3/smbd/proto.h | 1 + source3/smbd/trans2.c | 14 source4/torture/vfs/fruit.c | 72 +++ source4/torture/vfs/vfs.c | 1 + 9 files changed, 126 insertions(+), 1 deletion(-) Changeset truncated at 500 lines: diff --git a/docs-xml/manpages/vfs_fruit.8.xml b/docs-xml/manpages/vfs_fruit.8.xml index ea3d84a..e2e696c 100644 --- a/docs-xml/manpages/vfs_fruit.8.xml +++ b/docs-xml/manpages/vfs_fruit.8.xml @@ -145,6 +145,23 @@ + + fruit:zero_file_id = yes | no + + A global option whether to return + zero to queries of on-disk file identifier, if the client + has negotiated AAPL. + Mac applications and / or the Mac SMB + client code expect the on-disk file identifier to have the + semantics of HFS+ Catalog Node Identifier (CNID). Samba + doesn't provide those semantics, and that occasionally cause + usability issues or even data loss. Returning a file identifier + of zero causes the Mac client to stop using and trusting the + file id returned from the server. + The default is yes. + + + diff --git a/lib/torture/torture.h b/lib/torture/torture.h index b6d1301..668458a 100644
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 4e734fc s3: Test for CVE-2017-2619 regression with "follow symlinks = no" - part 2 via e182a4d s3: smbd: Fix "follow symlink = no" regression part 2. via 83e30cb s3: smbd: Fix "follow symlink = no" regression part 2. via 037297a s3: Fixup test for CVE-2017-2619 regression with "follow symlinks = no" from 0837d0b python: Provide Python bindings for messaging.idl https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 4e734fcd1bf82c08aa303ce44e9735acccffcf06 Author: Jeremy Allison Date: Mon Mar 27 22:10:29 2017 -0700 s3: Test for CVE-2017-2619 regression with "follow symlinks = no" - part 2 Add tests for regular access. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12721 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Tue Mar 28 17:05:27 CEST 2017 on sn-devel-144 commit e182a4d39e86c9694e255efdf6ee2ea3ccb9af4a Author: Jeremy Allison Date: Mon Mar 27 17:09:38 2017 -0700 s3: smbd: Fix "follow symlink = no" regression part 2. Use the cwd_name parameter to reconstruct the original client name for symlink testing. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12721 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme commit 83e30cb48859b412b76572b6a3ba84d8fde167af Author: Jeremy Allison Date: Mon Mar 27 17:04:58 2017 -0700 s3: smbd: Fix "follow symlink = no" regression part 2. Add an extra paramter to cwd_name to check_reduced_name(). If cwd_name == NULL then fname is a client given path relative to the root path of the share. If cwd_name != NULL then fname is a client given path relative to cwd_name. cwd_name is relative to the root path of the share. Not yet used, logic added in the next commit. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12721 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme commit 037297a1c50e90a0092e3b94f472623f41ccc015 Author: Jeremy Allison Date: Mon Mar 27 22:07:50 2017 -0700 s3: Fixup test for CVE-2017-2619 regression with "follow symlinks = no" Use correct bash operators (not string operators). Add missing "return". BUG: https://bugzilla.samba.org/show_bug.cgi?id=12721 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme --- Summary of changes: source3/script/tests/test_smbclient_s3.sh | 46 --- source3/smbd/filename.c | 2 +- source3/smbd/open.c | 2 +- source3/smbd/proto.h | 4 ++- source3/smbd/vfs.c| 33 +- 5 files changed, 79 insertions(+), 8 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/script/tests/test_smbclient_s3.sh b/source3/script/tests/test_smbclient_s3.sh index 7d86a61..9bff883 100755 --- a/source3/script/tests/test_smbclient_s3.sh +++ b/source3/script/tests/test_smbclient_s3.sh @@ -1103,14 +1103,22 @@ test_nosymlinks() slink_name="$LOCAL_PATH/nosymlinks/source" slink_target="$LOCAL_PATH/nosymlinks/target" mkdir_target="$LOCAL_PATH/nosymlinks/a" +dir1="$LOCAL_PATH/nosymlinks/foo" +dir2="$LOCAL_PATH/nosymlinks/foo/bar" +get_target="$LOCAL_PATH/nosymlinks/foo/bar/testfile" rm -f $slink_target rm -f $slink_name rm -rf $mkdir_target +rm -rf $dir1 touch $slink_target ln -s $slink_target $slink_name +mkdir $dir1 +mkdir $dir2 +touch $get_target + # Getting a file through a symlink name should fail. tmpfile=$PREFIX/smbclient_interactive_prompt_commands cat > $tmpfile < $tmpfile <
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 60e45a2 s3/smbd: make copy chunk asynchronous via a849a12 vfs_default: move check for fsp->op validity via 0622811 s3/smbd: optimize copy-chunk by merging chunks if possible via 8bc94a9 s3/smbd: implement a serializing async copy-chunk loop via 6314dda s3/smbd: move cc_copy into fsctl_srv_copychunk_state via f8ef3a5 vfs_default: let copy_chunk_send use const from IDL via dc4bd3f s3/smbd: move copychunk ioctl limits to IDL via 0558715 tdb/tools: add documentation for the tdbbackup -n option via 26dbe68 s3-libsmb: support rename and replace for SMB1 via 057aa39 s3-libsmb: fail rename and replace inside cifs variant via 3154c4c s3-libsmb: cli_cifs_rename_send() via ae17989 libcli: introduce smbXcli_conn_support_passthrough() via 401be64 manpages: update smbclient manpage with rename -f option via 3ccb427 smbclient: add -f option to rename command via 200dbca s3: libsmb: add replace support to cli_rename() via a67802f s3: libsmb: add replace support to SMB2 rename via b224b20 lib: Avoid an includes.h via 2ad26a6 lib: Avoid an includes.h via 0865fea lib: Avoid an includes.h via aea4e4c lib: Avoid an includes.h via d13496f lib: Avoid an includes.h via d98c726 lib: Avoid an includes.h via 6e9d3b0 lib: Remove an unnecessary include via 7459289 lib: Remove unused winbind_get_groups and _get_sid_aliases from 4e734fc s3: Test for CVE-2017-2619 regression with "follow symlinks = no" - part 2 https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 60e45a2d25401eaf9a15a86d19114670ccfde259 Author: Ralph Boehme Date: Sun Mar 12 18:13:48 2017 +0100 s3/smbd: make copy chunk asynchronous Just use SMB_VFS_PREAD_SEND/RECV and SMB_VFS_PWRITE_SEND/RECV in a sensible loop. Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Tue Mar 28 21:36:18 CEST 2017 on sn-devel-144 commit a849a124388ae511d1f7b3cdafb2fa52a395d284 Author: Ralph Boehme Date: Sun Mar 12 17:23:09 2017 +0100 vfs_default: move check for fsp->op validity Move the check whether fsp->of is valid out of the copy loop in vfswrap_copy_chunk_send(). It's sufficient to check src_fsp->op and dest_fsp->op once before the copy loop. fsp->op can only be NULL for internal opens (cf file_new()), it's not expected to become NULL behind our backs. Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison commit 0622811faba117372e24854c09c3568ebdb6b2f9 Author: Ralph Boehme Date: Tue Mar 21 18:34:22 2017 +0100 s3/smbd: optimize copy-chunk by merging chunks if possible Merge chunks with adjacent ranges. This results in fewer IO requests for the typical server-side file copy usecase: just one 16 MB copy instead of sixteen 1 MB. Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison commit 8bc94a9f9d54134489bf4c98ced8e60e2712ddf4 Author: Ralph Boehme Date: Tue Mar 21 09:17:03 2017 +0100 s3/smbd: implement a serializing async copy-chunk loop Later commits will make the low level copy-chunk implementation async using a thread pool. That means the individual chunks may be scheduled and copied out-of-order at the low level. According to conversation with MS Dochelp, a server implementation must process individual chunks in order. Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison commit 6314dda7fe0a83a3e16fe59d87232782817daadc Author: Ralph Boehme Date: Tue Mar 21 08:26:37 2017 +0100 s3/smbd: move cc_copy into fsctl_srv_copychunk_state No change, in behaviour, just preperational stuff to unroll the core copy loop. Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison commit f8ef3a579b092d1647a38ea184659c2c675e6e83 Author: Ralph Boehme Date: Sun Mar 12 17:18:39 2017 +0100 vfs_default: let copy_chunk_send use const from IDL This also increases the buffer size from 8 MB to the current value of COPYCHUNK_MAX_TOTAL_LEN which is 16 MB. For the typical case when vfswrap_copy_chunk_send is called from the SMB layer for an copy_chunk ioctl() the parameter "num" is guaranteed to be at most 1 MB though. It will only be larger for special callers like vfs_fruit for their special implementation of copyfile where num will be the size of a file to copy. Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison commit dc4bd3f7515bef6f1cd6b51468d1b7642e763d6f Author: Ralph Boehme Date: Wed Mar 8 15:07:06 2017 +0100 s3/smbd: move copychunk ioctl limits to IDL This will be needed in the next commit in vfs_
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 12cd7ab WHATSNEW: Add entry for auth audit
via 49f3a92 whitespace: auth_log_pass_change.py python conventions
via 81f8749 ldap_server: Move a variable into a smaller scope
via 49eb475 whitespace: auth_log.c C code conventions
via 3e0a08a whitespace: auth_log.py python conventions
via 67cd3e6 auth log: Add tests for anonymous bind and SamLogon
via 493d886 python: Add bindings for NTLMSSP
via 43f52fc pycredentials: Add bindings for get_ntlm_response()
via f160359 rpc_server: Re-order and rename remote and local address in
np_open()
via 8aff845 ldap_server: Log failures to find a valid user in the
simple bind
via 638b10a dsdb: Add authentication audit logging for LDAP password
change
via 0088434 samr: Add logging of password change success and failure
via a70e944 auth log tests: password change tests
via f498ba7 heimdal: Pass extra information to hdb_auth_status() to log
success and failures
via 7cbe1c8 s3-rpc_server: Provide hooks required for JSON message
logging for the no-auth case
via e9611b4 s3-rpc_server: Re-order and rename remote and local address
in make_external_rpc_pipe{,_p}()
via 7505ae0 s3-rpc_server: pass remote and local address to
rpc_pipe_open_external
via 4c9d69f s4-ntvfs: Correct mixup between local/remote addresses
via 3d99831 s3-rpc_server: Rename client -> remote_client and server ->
local_server
via 7bb21df s3-rpc_server: Re-order local and remote address in
make_server_pipes_struct()
via 689e251 s3-named_pipe_auth: Rename client -> remote_client and
server -> local_server
via 3b72863 s4-named_pipe_auth: Rename client -> remote_client and
server -> local_server
via 68200d0 named_pipe_auth: Rename client -> remote_client and server
-> local_server
via b661e81 selftest: Turn on auth event notification and so allow
tests to pass
via d004196 auth: Add hooks for notification of authentication events
over the message bus
via 631f1bc auth_log: Improve comment
via a70cde0 auth_log: Prepared to allow logging JSON events to a server
over the message bus
via c008687 s4-messaging: split up messaging into a smaller library for
send only
via 387eb18 auth_log: Add JSON logging of Authorisation and
Authentications
via 366f8cf auth: Log the transport connection for the authorization
via f4a4522 ldap_server: Log access without a bind
via 9a96f90 auth_log: Split up auth/authz logging levels and handle
anonymous better
via 2028b84 s3-rpc_server: Log authorization to DCE/RPC for anonymous
and ncacn_np pass-though
via f6dd784 s4-rpc_server: Log authorization to DCE/RPC for anonymous
and ncacn_np pass-though
via 70a115b ldap_server: Log authorization for simple binds
via 9ab02f8 s4-auth: Log SMB authorization for bare NTLM (NTLMSSP/krb5
already done)
via d017e2e s3-auth: Log SMB authorization for bare NTLM (NTLMSSP/krb5
already done)
via 0e50885 auth_log: Also log the final type of authentication
(ntlmssp,krb5)
via 46a800f auth_log: Expand to include the type of password used (eg
ntlmv2)
via 59ed188 dns: Provide local and remote socket address to GENSEC
via a0ab86d auth: Add logging of service authorization
via 3bc5685 rpc: Always supply both the remote and local address to the
auth subsystem
via 85536c1 auth: Always supply both the remote and local address to
the auth subsystem
via dc43000 s3-auth: Clarify the role and purpose of the
auth_serversupplied_info->security_token
via 8154acf auth: Generate a human readable Authentication log message.
via 0db7719 debug: Add debug class for auth_audit
via 4a99143 s3-auth: Split out get_user_sid_info3_and_extra() from
create_local_nt_token_from_info3()
via eacb5ae lib/util: Add functions to escape log lines but not break
all non-ascii
via 6adcaf1 s4-rpc_server: Correct comment about where the current
iface can be found
via d69187c winbindd: Clarify that we do not pre-hash the password for
rpccli_netlogon_password_logon()
via ea3f00f auth: Add "auth_description" to allow logs to distinguish
simple bind (etc)
via 5f5756d ldap_server: Move code into authenticate_ldap_simple_bind()
via 7609c57 auth: Add a reminder about the strings currently used for
auditing
via 9ffdb84 s4-ldap_server: Do not set conn->session_info to NULL, keep
valid at all times
via 1cca9d6 s4-ldap_server: Set remote and local address values into
GENSEC
via 28e0c8d s4-ldap_server: Split gensec setup into a helper function
via c048918 auth: Fill in user_info->service_description from all
callers
via 2235982 ntlm_auth: Set ntlm_auth as the service_description into
gensec
