libndr: Avoid assigning duplicate versions to symbols master
authorAmitay Isaacs <amitay@gmail.com>
Tue, 20 Oct 2020 06:27:14 +0000 (17:27 +1100)
committerAmitay Isaacs <amitay@gmail.com>
Tue, 20 Oct 2020 06:27:14 +0000 (17:27 +1100)
Symbols _ndr_push_error and _ndr_pull_error keep getting redefined as
they are included without wildcard in abi_match.  Apparently on linux ld
does not complain about duplicate symbols, but on freebsd ld fails to
link with following error:

  [ 918/3912] Linking bin/default/librpc/libndr.so
  ld: error: duplicate symbol '_ndr_pull_error' in version script
  ld: error: duplicate symbol '_ndr_push_error' in version script
  clang: error: linker command failed with exit code 1 (use -v to see invocation)

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
1225 files changed:
.gitlab-ci.yml
BUILD_SYSTEMS.txt [deleted file]
PFIF.txt
README.Coding.md [moved from README.Coding with 84% similarity]
README.contributing
README.md
SECURITY.md
VERSION
WHATSNEW.txt
auth/credentials/credentials.c
auth/credentials/credentials.h
auth/credentials/credentials_internal.h
auth/credentials/credentials_krb5.c
auth/credentials/credentials_secrets.c
auth/credentials/pycredentials.c
auth/credentials/wscript_build
auth/gensec/gensec.c
auth/gensec/gensec.h
auth/gensec/gensec_start.c
bootstrap/README.md [moved from bootstrap/READMD.md with 90% similarity]
bootstrap/config.py
bootstrap/generated-dists/centos7/bootstrap.sh
bootstrap/generated-dists/centos7/packages.yml
bootstrap/generated-dists/centos8/bootstrap.sh
bootstrap/generated-dists/centos8/packages.yml
bootstrap/generated-dists/fedora31/bootstrap.sh
bootstrap/generated-dists/fedora31/packages.yml
bootstrap/generated-dists/fedora32/bootstrap.sh
bootstrap/generated-dists/fedora32/packages.yml
bootstrap/generated-dists/opensuse150/bootstrap.sh
bootstrap/generated-dists/opensuse150/packages.yml
bootstrap/generated-dists/opensuse151/bootstrap.sh
bootstrap/generated-dists/opensuse151/packages.yml
bootstrap/sha1sum.txt
bootstrap/template.py
buildtools/bin/waf
buildtools/wafsamba/samba_autoconf.py
buildtools/wafsamba/samba_patterns.py
buildtools/wafsamba/samba_python.py
buildtools/wafsamba/samba_third_party.py
buildtools/wafsamba/samba_utils.py
buildtools/wafsamba/samba_waf18.py
buildtools/wafsamba/tests/test_abi.py
buildtools/wafsamba/wafsamba.py
ctdb/client/client_control_sync.c
ctdb/client/client_sync.h
ctdb/config/ctdb.service
ctdb/config/events/legacy/11.natgw.script
ctdb/config/events/legacy/91.lvs.script
ctdb/config/nfs-linux-kernel-callout
ctdb/config/statd-callout
ctdb/doc/ctdb-script.options.5.xml
ctdb/doc/ctdb.1.xml
ctdb/doc/ctdb.7.xml
ctdb/doc/ctdb_mutex_ceph_rados_helper.7.xml
ctdb/include/ctdb_client.h
ctdb/include/ctdb_private.h
ctdb/protocol/protocol.h
ctdb/protocol/protocol_api.h
ctdb/protocol/protocol_client.c
ctdb/protocol/protocol_control.c
ctdb/protocol/protocol_debug.c
ctdb/protocol/protocol_util.c
ctdb/server/ctdb_call.c
ctdb/server/ctdb_client.c
ctdb/server/ctdb_control.c
ctdb/server/ctdb_ltdb_server.c
ctdb/server/ctdb_mutex_fcntl_helper.c
ctdb/server/ctdb_recover.c
ctdb/server/ctdb_recoverd.c
ctdb/server/ctdb_recovery_helper.c
ctdb/tests/CLUSTER/complex/18_ctdb_reloadips.sh
ctdb/tests/CLUSTER/complex/31_nfs_tickle.sh
ctdb/tests/CLUSTER/complex/34_nfs_tickle_restart.sh
ctdb/tests/INTEGRATION/database/basics.001.attach.sh
ctdb/tests/INTEGRATION/database/basics.002.attach.sh
ctdb/tests/INTEGRATION/database/basics.003.detach.sh
ctdb/tests/INTEGRATION/database/basics.004.wipe.sh
ctdb/tests/INTEGRATION/database/basics.010.backup_restore.sh
ctdb/tests/INTEGRATION/database/fetch.001.ring.sh
ctdb/tests/INTEGRATION/database/fetch.002.ring-hotkeys.sh [new file with mode: 0755]
ctdb/tests/INTEGRATION/database/readonly.001.basic.sh
ctdb/tests/INTEGRATION/database/recovery.001.volatile.sh
ctdb/tests/INTEGRATION/database/recovery.002.large.sh
ctdb/tests/INTEGRATION/database/recovery.003.no_resurrect.sh
ctdb/tests/INTEGRATION/database/recovery.010.persistent.sh
ctdb/tests/INTEGRATION/database/recovery.011.continue.sh
ctdb/tests/INTEGRATION/database/transaction.001.ptrans.sh
ctdb/tests/INTEGRATION/database/transaction.002.loop.sh
ctdb/tests/INTEGRATION/database/transaction.003.loop_recovery.sh
ctdb/tests/INTEGRATION/database/transaction.004.update_record.sh
ctdb/tests/INTEGRATION/database/transaction.010.loop_recovery.sh
ctdb/tests/INTEGRATION/database/traverse.001.one.sh
ctdb/tests/INTEGRATION/database/traverse.002.many.sh
ctdb/tests/INTEGRATION/database/vacuum.001.fast.sh
ctdb/tests/INTEGRATION/database/vacuum.002.full.sh
ctdb/tests/INTEGRATION/database/vacuum.003.recreate.sh
ctdb/tests/INTEGRATION/database/vacuum.030.locked.sh
ctdb/tests/INTEGRATION/database/vacuum.031.locked.sh
ctdb/tests/INTEGRATION/database/vacuum.032.locked.sh
ctdb/tests/INTEGRATION/database/vacuum.033.locked.sh
ctdb/tests/INTEGRATION/database/vacuum.034.locked.sh
ctdb/tests/INTEGRATION/failover/pubips.001.list.sh
ctdb/tests/INTEGRATION/failover/pubips.010.addip.sh
ctdb/tests/INTEGRATION/failover/pubips.011.delip.sh
ctdb/tests/INTEGRATION/failover/pubips.012.reloadips.sh
ctdb/tests/INTEGRATION/failover/pubips.013.failover_noop.sh
ctdb/tests/INTEGRATION/failover/pubips.014.iface_gc.sh
ctdb/tests/INTEGRATION/failover/pubips.020.moveip.sh
ctdb/tests/INTEGRATION/failover/pubips.030.disable_enable.sh
ctdb/tests/INTEGRATION/failover/pubips.032.stop_continue.sh
ctdb/tests/INTEGRATION/failover/pubips.040.NoIPTakeover.sh
ctdb/tests/INTEGRATION/failover/pubips.050.missing_ip.sh
ctdb/tests/INTEGRATION/simple/basics.000.onnode.sh
ctdb/tests/INTEGRATION/simple/basics.001.listnodes.sh
ctdb/tests/INTEGRATION/simple/basics.002.tunables.sh
ctdb/tests/INTEGRATION/simple/basics.003.ping.sh
ctdb/tests/INTEGRATION/simple/basics.004.getpid.sh
ctdb/tests/INTEGRATION/simple/basics.005.process_exists.sh
ctdb/tests/INTEGRATION/simple/basics.010.statistics.sh
ctdb/tests/INTEGRATION/simple/basics.011.statistics_reset.sh
ctdb/tests/INTEGRATION/simple/cluster.001.isnotrecmaster.sh [deleted file]
ctdb/tests/INTEGRATION/simple/cluster.002.recmaster_yield.sh
ctdb/tests/INTEGRATION/simple/cluster.010.getrelock.sh
ctdb/tests/INTEGRATION/simple/cluster.012.reclock_command.sh
ctdb/tests/INTEGRATION/simple/cluster.015.reclock_remove_lock.sh
ctdb/tests/INTEGRATION/simple/cluster.016.reclock_move_lock_dir.sh
ctdb/tests/INTEGRATION/simple/cluster.020.message_ring.sh
ctdb/tests/INTEGRATION/simple/cluster.021.tunnel_ring.sh
ctdb/tests/INTEGRATION/simple/cluster.090.unreachable.sh
ctdb/tests/INTEGRATION/simple/cluster.091.version_check.sh
ctdb/tests/INTEGRATION/simple/debug.001.getdebug.sh
ctdb/tests/INTEGRATION/simple/debug.002.setdebug.sh
ctdb/tests/INTEGRATION/simple/debug.003.dumpmemory.sh
ctdb/tests/INTEGRATION/simple/eventscripts.001.zero_scripts.sh
ctdb/tests/INTEGRATION/simple/eventscripts.090.debug_hung.sh
ctdb/tests/UNIT/eventscripts/11.natgw.002.sh
ctdb/tests/UNIT/eventscripts/11.natgw.003.sh
ctdb/tests/UNIT/eventscripts/11.natgw.004.sh
ctdb/tests/UNIT/eventscripts/11.natgw.011.sh
ctdb/tests/UNIT/eventscripts/11.natgw.012.sh
ctdb/tests/UNIT/eventscripts/11.natgw.013.sh
ctdb/tests/UNIT/eventscripts/11.natgw.014.sh
ctdb/tests/UNIT/eventscripts/11.natgw.015.sh
ctdb/tests/UNIT/eventscripts/11.natgw.021.sh
ctdb/tests/UNIT/eventscripts/11.natgw.022.sh
ctdb/tests/UNIT/eventscripts/11.natgw.023.sh
ctdb/tests/UNIT/eventscripts/11.natgw.024.sh
ctdb/tests/UNIT/eventscripts/11.natgw.025.sh
ctdb/tests/UNIT/eventscripts/11.natgw.031.sh
ctdb/tests/UNIT/eventscripts/11.natgw.041.sh
ctdb/tests/UNIT/eventscripts/11.natgw.042.sh
ctdb/tests/UNIT/eventscripts/11.natgw.051.sh
ctdb/tests/UNIT/eventscripts/11.natgw.052.sh
ctdb/tests/UNIT/eventscripts/11.natgw.053.sh
ctdb/tests/UNIT/eventscripts/11.natgw.054.sh
ctdb/tests/UNIT/eventscripts/91.lvs.ipreallocated.012.sh
ctdb/tests/UNIT/eventscripts/91.lvs.ipreallocated.013.sh
ctdb/tests/UNIT/eventscripts/91.lvs.ipreallocated.014.sh
ctdb/tests/UNIT/eventscripts/scripts/11.natgw.sh
ctdb/tests/UNIT/eventscripts/scripts/91.lvs.sh
ctdb/tests/UNIT/eventscripts/stubs/ctdb_lvs
ctdb/tests/UNIT/eventscripts/stubs/ctdb_natgw
ctdb/tests/UNIT/eventscripts/stubs/nfsconf [new file with mode: 0755]
ctdb/tests/UNIT/shellcheck/scripts/local.sh
ctdb/tests/UNIT/shellcheck/tests.sh
ctdb/tests/UNIT/tool/ctdb.lvs.001.sh
ctdb/tests/UNIT/tool/ctdb.lvs.002.sh
ctdb/tests/UNIT/tool/ctdb.lvs.003.sh
ctdb/tests/UNIT/tool/ctdb.lvs.004.sh
ctdb/tests/UNIT/tool/ctdb.lvs.005.sh
ctdb/tests/UNIT/tool/ctdb.lvs.006.sh
ctdb/tests/UNIT/tool/ctdb.lvs.007.sh
ctdb/tests/UNIT/tool/ctdb.lvs.008.sh
ctdb/tests/UNIT/tool/ctdb.natgw.001.sh
ctdb/tests/UNIT/tool/ctdb.natgw.002.sh
ctdb/tests/UNIT/tool/ctdb.natgw.003.sh
ctdb/tests/UNIT/tool/ctdb.natgw.004.sh
ctdb/tests/UNIT/tool/ctdb.natgw.005.sh
ctdb/tests/UNIT/tool/ctdb.natgw.006.sh
ctdb/tests/UNIT/tool/ctdb.natgw.007.sh
ctdb/tests/UNIT/tool/ctdb.natgw.008.sh
ctdb/tests/local_daemons.sh
ctdb/tests/scripts/integration.bash
ctdb/tests/scripts/test_wrap
ctdb/tests/scripts/unit.sh
ctdb/tests/src/cluster_mutex_test.c
ctdb/tests/src/db_test_tool.c
ctdb/tests/src/fetch_ring.c
ctdb/tests/src/protocol_common_ctdb.c
ctdb/tools/ctdb.c
ctdb/tools/ctdb_lvs
ctdb/tools/ctdb_natgw
ctdb/tools/onnode
ctdb/utils/ceph/ctdb_mutex_ceph_rados_helper.c
ctdb/utils/ceph/test_ceph_rados_reclock.sh
ctdb/wscript
dfs_server/dfs_server_ad.c
docs-xml/.gitignore
docs-xml/Makefile
docs-xml/Makefile.settings.in
docs-xml/README
docs-xml/configure.ac
docs-xml/htmldocs.html
docs-xml/manpages/net.8.xml
docs-xml/manpages/pam_winbind.8.xml
docs-xml/manpages/pam_winbind.conf.5.xml
docs-xml/manpages/samba-tool.8.xml
docs-xml/manpages/smbcacls.1.xml
docs-xml/manpages/vfs_full_audit.8.xml
docs-xml/manpages/vfs_zfsacl.8.xml
docs-xml/manpages/winexe.1.xml [new file with mode: 0644]
docs-xml/smbdotconf/base/interfaces.xml
docs-xml/smbdotconf/ldap/ldapsslads.xml [deleted file]
docs-xml/smbdotconf/logon/domainlogons.xml
docs-xml/smbdotconf/printing/spoolssarchitecture.xml
docs-xml/smbdotconf/protocol/clientusespnego.xml
docs-xml/smbdotconf/protocol/mapaclinherit.xml
docs-xml/smbdotconf/protocol/servermultichannelsupport.xml
docs-xml/smbdotconf/protocol/smb2_disable_lock_sequence_checking.xml [new file with mode: 0644]
docs-xml/smbdotconf/protocol/smb2_disable_oplock_break_retry.xml [new file with mode: 0644]
docs-xml/smbdotconf/security/clientlanmanauth.xml
docs-xml/smbdotconf/security/clientntlmv2auth.xml
docs-xml/smbdotconf/security/clientplaintextauth.xml
docs-xml/smbdotconf/security/clientsmbencrypt.xml [new file with mode: 0644]
docs-xml/smbdotconf/security/rawntlmv2auth.xml
docs-xml/smbdotconf/security/serverschannel.xml
docs-xml/smbdotconf/security/serversmbencrypt.xml [new file with mode: 0644]
docs-xml/smbdotconf/security/smbencrypt.xml
docs-xml/smbdotconf/security/tlspriority.xml
docs-xml/smbdotconf/tuning/asyncdnstimeout.xml [new file with mode: 0644]
docs-xml/smbdotconf/tuning/socketoptions.xml
docs-xml/smbdotconf/tuning/usemmap.xml
docs-xml/wscript_build
docs-xml/xslt/extract-examples.xsl [deleted file]
examples/LDAP/samba.schema
examples/README
examples/VFS/skel_opaque.c
examples/VFS/skel_transparent.c
examples/fuse/clifuse.c
examples/fuse/smb2mount.c
examples/libsmbclient/testbrowse.c
examples/winexe/winexe.c
install_with_python.sh [deleted file]
lib/addns/dnsquery.c
lib/addns/dnsquery.h
lib/compression/lzxpress.c
lib/crypto/py_crypto.c
lib/dbwrap/dbwrap.c
lib/dbwrap/dbwrap.h
lib/dbwrap/dbwrap_rbt.c
lib/fuzzing/fuzz_cli_credentials_parse_string.c [new file with mode: 0644]
lib/fuzzing/fuzz_dcerpc_parse_binding.c [new file with mode: 0644]
lib/fuzzing/oss-fuzz/build_samba.sh
lib/fuzzing/wscript_build
lib/krb5_wrap/gss_samba.c
lib/ldb-samba/ldb_matching_rules.c
lib/ldb-samba/ldif_handlers.c
lib/ldb-samba/pyldb.c
lib/ldb-samba/samba_extensions.c
lib/ldb/common/ldb.c
lib/ldb/common/ldb_controls.c
lib/ldb/common/ldb_parse.c
lib/ldb/include/ldb.h
lib/ldb/ldb_ldap/ldb_ldap.c
lib/ldb/ldb_mdb/ldb_mdb.c
lib/ldb/modules/paged_searches.c
lib/ldb/pyldb.c
lib/ldb/tests/ldb_kv_ops_test.c
lib/ldb/tests/ldb_mod_op_test.c
lib/ldb/tests/ldb_parse_test.c
lib/ldb/tests/lldb_ldap.c [new file with mode: 0644]
lib/ldb/tools/cmdline.c
lib/ldb/tools/ldbmodify.c
lib/ldb/wscript
lib/messaging/messages_dgm.c [moved from source3/lib/messages_dgm.c with 99% similarity]
lib/messaging/messages_dgm.h [moved from source3/lib/messages_dgm.h with 100% similarity]
lib/messaging/messages_dgm_ref.c [moved from source3/lib/messages_dgm_ref.c with 100% similarity]
lib/messaging/messages_dgm_ref.h [moved from source3/lib/messages_dgm_ref.h with 100% similarity]
lib/messaging/wscript_build [new file with mode: 0644]
lib/param/loadparm.c
lib/param/loadparm.h
lib/param/param_table.c
lib/replace/replace.h
lib/replace/system/network.h
lib/replace/wscript
lib/socket/interfaces.c
lib/talloc/pytalloc.c
lib/talloc/talloc.c
lib/talloc/talloc.h
lib/talloc/test_pytalloc.c
lib/tdb/include/tdb.h
lib/tdb/pytdb.c
lib/tdb/python/tests/simple.py
lib/tdb/tools/tdbrestore.c
lib/tevent/pytevent.c
lib/tevent/testsuite.c
lib/tevent/tevent.h
lib/torture/subunit.c
lib/torture/torture.c
lib/torture/torture.h
lib/tsocket/tsocket_guide.txt
lib/util/access.c
lib/util/asn1.c
lib/util/attr.h
lib/util/charset/tests/charset.c
lib/util/charset/util_str.c
lib/util/debug.c
lib/util/genrand_util.c
lib/util/safe_string.h
lib/util/samba_util.h
lib/util/smb_strtox.c [new file with mode: 0644]
lib/util/smb_strtox.h [new file with mode: 0644]
lib/util/string_wrappers.h
lib/util/sys_rw.c
lib/util/sys_rw.h
lib/util/tests/test_util.c [new file with mode: 0644]
lib/util/tests/test_util_paths.c [new file with mode: 0644]
lib/util/tests/util.c
lib/util/time.c
lib/util/time.h
lib/util/util.c
lib/util/util.h
lib/util/util_net.c
lib/util/util_net.h
lib/util/util_paths.c
lib/util/util_paths.h
lib/util/util_str.c
lib/util/util_str_common.c
lib/util/wscript_build
libcli/auth/credentials.c
libcli/auth/netlogon_creds_cli.c
libcli/auth/proto.h
libcli/auth/wscript_build
libcli/http/gensec/generic.c
libcli/http/http.c
libcli/http/http_auth.c
libcli/ldap/ldap_message.c
libcli/ldap/ldap_ndr.c
libcli/ldap/tests/data/ldap-starttls-response.dat [new file with mode: 0644]
libcli/ldap/tests/ldap_message_test.c
libcli/nbt/libnbt.h
libcli/nbt/lmhosts.c
libcli/nbt/nbtsocket.c
libcli/nbt/pynbt.c
libcli/security/dom_sid.c
libcli/security/pysecurity.c
libcli/security/sddl.c
libcli/security/security_token.c
libcli/security/util_sid.c
libcli/smb/smb2_signing.c
libcli/smb/smb2cli_create.c
libcli/smb/smbXcli_base.c
libcli/smb/smb_constants.h
libcli/smb/smb_util.h
libcli/smb/test_util_translate.c [new file with mode: 0644]
libcli/smb/util.c
libcli/smb/wscript
libcli/util/nterr.c
libcli/util/ntstatus.h
libgpo/admx/en-US/samba.adml [new file with mode: 0755]
libgpo/admx/samba.admx [new file with mode: 0755]
libgpo/admx/wscript_build [new file with mode: 0644]
libgpo/gpext/gpext.c
libgpo/gpo.h
libgpo/gpo_fetch.c
libgpo/gpo_filesync.c
libgpo/gpo_util.c
libgpo/pygpo.c
libgpo/wscript_build
librpc/ABI/ndr-1.0.1.sigs [new file with mode: 0644]
librpc/idl/dnsp.idl
librpc/idl/spoolss.idl
librpc/ndr/libndr.h
librpc/ndr/ndr_dns.c
librpc/ndr/ndr_dns_utils.c [new file with mode: 0644]
librpc/ndr/ndr_dns_utils.h [new file with mode: 0644]
librpc/ndr/ndr_nbt.c
librpc/ndr/ndr_string.c
librpc/ndr/uuid.c
librpc/rpc/dcerpc_util.c
librpc/rpc/dcesrv_core.c
librpc/rpc/dcesrv_handles.c [moved from source4/rpc_server/handles.c with 99% similarity]
librpc/tests/test_ndr_dns_nbt.c [new file with mode: 0644]
librpc/tests/test_ndr_string.c
librpc/tools/ndrdump.c
librpc/wscript_build
nsswitch/krb5_plugin/async_dns_krb5_locator.c [new file with mode: 0644]
nsswitch/libwbclient/wbc_idmap.c
nsswitch/libwbclient/wbc_sid.c
nsswitch/libwbclient/wscript
nsswitch/nsstest.c
nsswitch/pam_winbind.c
nsswitch/tests/test_idmap_ad.sh
nsswitch/tests/test_ticket_expiry.sh [new file with mode: 0755]
nsswitch/wbinfo.c
nsswitch/wins.c
nsswitch/wscript_build
packaging/systemd/nmb.service.in
packaging/systemd/samba.service.in
packaging/systemd/smb.service.in
packaging/systemd/winbind.service.in
pidl/lib/Parse/Pidl/Samba4/NDR/ServerCompat.pm
pidl/lib/Parse/Pidl/Samba4/Python.pm
python/pyglue.c
python/samba/__init__.py
python/samba/auth_util.py
python/samba/common.py
python/samba/compat.py [deleted file]
python/samba/dbchecker.py
python/samba/emulate/traffic.py
python/samba/gp_msgs_ext.py [new file with mode: 0644]
python/samba/gp_parse/__init__.py
python/samba/gp_parse/gp_csv.py
python/samba/gp_parse/gp_ini.py
python/samba/gp_scripts_ext.py [new file with mode: 0644]
python/samba/gp_sec_ext.py
python/samba/gp_smb_conf_ext.py [new file with mode: 0644]
python/samba/gp_sudoers_ext.py [new file with mode: 0644]
python/samba/gpclass.py
python/samba/join.py
python/samba/kcc/__init__.py
python/samba/kcc/kcc_utils.py
python/samba/kcc/ldif_import_export.py
python/samba/ms_forest_updates_markdown.py
python/samba/ms_schema.py
python/samba/netcmd/computer.py
python/samba/netcmd/contact.py
python/samba/netcmd/dns.py
python/samba/netcmd/domain.py
python/samba/netcmd/domain_backup.py
python/samba/netcmd/drs.py
python/samba/netcmd/gpo.py
python/samba/netcmd/group.py
python/samba/netcmd/ntacl.py
python/samba/netcmd/ou.py
python/samba/netcmd/user.py
python/samba/netcmd/visualize.py
python/samba/provision/__init__.py
python/samba/provision/sambadns.py
python/samba/samba3/__init__.py
python/samba/samdb.py
python/samba/schema.py
python/samba/subunit/__init__.py
python/samba/tests/__init__.py
python/samba/tests/audit_log_base.py
python/samba/tests/auth_log_netlogon.py
python/samba/tests/auth_log_netlogon_bad_creds.py
python/samba/tests/auth_log_samlogon.py
python/samba/tests/auth_log_winbind.py
python/samba/tests/blackbox/ndrdump.py
python/samba/tests/blackbox/netads_json.py
python/samba/tests/blackbox/samba_dnsupdate.py
python/samba/tests/blackbox/smbcacls.py [new file with mode: 0644]
python/samba/tests/blackbox/smbcacls_basic.py [new file with mode: 0644]
python/samba/tests/blackbox/smbcacls_dfs_propagate_inherit.py [new file with mode: 0644]
python/samba/tests/blackbox/smbcacls_propagate_inhertance.py [new file with mode: 0644]
python/samba/tests/common.py
python/samba/tests/complex_expressions.py
python/samba/tests/credentials.py
python/samba/tests/dcerpc/binding.py [new file with mode: 0644]
python/samba/tests/dcerpc/misc.py
python/samba/tests/dcerpc/raw_protocol.py
python/samba/tests/dcerpc/raw_testcase.py
python/samba/tests/dcerpc/testrpc.py
python/samba/tests/dcerpc/unix.py
python/samba/tests/dckeytab.py
python/samba/tests/dns.py
python/samba/tests/dns_base.py
python/samba/tests/dns_forwarder_helpers/server.py
python/samba/tests/dns_packet.py [new file with mode: 0644]
python/samba/tests/docs.py
python/samba/tests/emulate/traffic.py
python/samba/tests/gpo.py
python/samba/tests/krb5/kcrypto.py
python/samba/tests/krb5/raw_testcase.py
python/samba/tests/krb5/rfc4120.asn1
python/samba/tests/krb5/rfc4120_pyasn1.py
python/samba/tests/krb5/s4u_tests.py [new file with mode: 0755]
python/samba/tests/krb5/simple_tests.py
python/samba/tests/krb5/xrealm_tests.py [new file with mode: 0755]
python/samba/tests/ldap_raw.py
python/samba/tests/libsmb.py
python/samba/tests/messaging.py
python/samba/tests/netcmd.py
python/samba/tests/ntlm_auth.py
python/samba/tests/password_hash.py
python/samba/tests/password_hash_ldap.py
python/samba/tests/posixacl.py
python/samba/tests/prefork_restart.py
python/samba/tests/py_credentials.py
python/samba/tests/samba_tool/base.py
python/samba/tests/samba_tool/computer.py
python/samba/tests/samba_tool/contact.py
python/samba/tests/samba_tool/gpo.py
python/samba/tests/samba_tool/group.py
python/samba/tests/samba_tool/help.py
python/samba/tests/samba_tool/ou.py
python/samba/tests/samba_tool/user.py
python/samba/tests/samba_tool/user_virtualCryptSHA_base.py [new file with mode: 0644]
python/samba/tests/samba_tool/user_virtualCryptSHA_gpg.py [new file with mode: 0644]
python/samba/tests/samba_tool/user_virtualCryptSHA_userPassword.py [new file with mode: 0644]
python/samba/tests/samba_tool/user_wdigest.py
python/samba/tests/usage.py
python/samba/upgradehelpers.py
python/wscript
script/autobuild.py
script/show_test_time
selftest/filter-subunit
selftest/knownfail
selftest/knownfail.d/dns
selftest/knownfail.d/dns_packet [new file with mode: 0644]
selftest/knownfail.d/quota1 [new file with mode: 0644]
selftest/knownfail.d/rpc-netlogon-zerologon [new file with mode: 0644]
selftest/knownfail.d/rw-invalid [new file with mode: 0644]
selftest/knownfail.d/smbcacls [new file with mode: 0644]
selftest/knownfail.d/vlv
selftest/quick
selftest/selftest.pl
selftest/skip
selftest/skip_mit_kdc
selftest/slow-none [new file with mode: 0644]
selftest/subunithelper.py
selftest/target/Samba.pm
selftest/target/Samba3.pm
selftest/target/Samba4.pm
selftest/target/dns_hub.py
selftest/tests.py
source3/auth/auth_builtin.c
source3/auth/pampass.c
source3/auth/server_info.c
source3/client/client.c
source3/client/client_proto.h
source3/client/clitar.c
source3/client/smbspool.c
source3/groupdb/mapping.c
source3/groupdb/mapping_tdb.c
source3/include/MacExtensions.h
source3/include/client.h
source3/include/ctdbd_conn.h
source3/include/g_lock.h
source3/include/includes.h
source3/include/libsmb_internal.h
source3/include/libsmbclient.h
source3/include/local.h
source3/include/locking.h
source3/include/nt_printing.h
source3/include/ntioctl.h
source3/include/proto.h
source3/include/safe_string.h [deleted file]
source3/include/smb.h
source3/include/smb_macros.h
source3/include/smbldap.h
source3/include/smbprofile.h
source3/include/vfs.h
source3/include/vfs_macros.h
source3/lib/ABI/smbldap-2.1.0.sigs [new file with mode: 0644]
source3/lib/adouble.c
source3/lib/ctdb_dummy.c
source3/lib/ctdbd_conn.c
source3/lib/dbwrap/dbwrap_open.c
source3/lib/dbwrap/dbwrap_watch.c
source3/lib/filename_util.c
source3/lib/g_lock.c
source3/lib/gencache.c
source3/lib/idmap_cache.c
source3/lib/interface.c
source3/lib/interface.h [new file with mode: 0644]
source3/lib/messages.c
source3/lib/namemap_cache.c
source3/lib/netapi/cm.c
source3/lib/privileges.c
source3/lib/serverid.c
source3/lib/sharesec.c
source3/lib/smbldap.c
source3/lib/string_replace.c
source3/lib/substitute.c
source3/lib/sysquotas.c
source3/lib/system.c
source3/lib/tldap.c
source3/lib/tldap_util.c
source3/lib/username.c
source3/lib/util.c
source3/lib/util_cmdline.c
source3/lib/util_procid.c
source3/lib/util_sd.c
source3/lib/util_sid.c
source3/lib/util_sock.c
source3/lib/util_str.c
source3/lib/wins_srv.c
source3/libads/ads_proto.h
source3/libads/ads_struct.c
source3/libads/kerberos.c
source3/libads/kerberos_keytab.c
source3/libads/ldap.c
source3/libads/sasl.c
source3/libnet/libnet_dssync_passdb.c
source3/libnet/libnet_join.c
source3/librpc/crypto/gse_krb5.c
source3/librpc/idl/libnet_join.idl
source3/librpc/idl/open_files.idl
source3/librpc/idl/smbXsrv.idl
source3/libsmb/ABI/smbclient-0.7.0.sigs [new file with mode: 0644]
source3/libsmb/cli_smb2_fnum.c
source3/libsmb/cli_smb2_fnum.h
source3/libsmb/cliconnect.c
source3/libsmb/clidfs.c
source3/libsmb/clidgram.c
source3/libsmb/clientgen.c
source3/libsmb/clierror.c
source3/libsmb/clifile.c
source3/libsmb/clifsinfo.c
source3/libsmb/clilist.c
source3/libsmb/cliprint.c
source3/libsmb/clirap.c
source3/libsmb/clirap.h
source3/libsmb/clistr.c
source3/libsmb/dsgetdcname.c
source3/libsmb/libsmb_context.c
source3/libsmb/libsmb_dir.c
source3/libsmb/libsmb_file.c
source3/libsmb/libsmb_misc.c
source3/libsmb/libsmb_server.c
source3/libsmb/libsmb_stat.c
source3/libsmb/libsmb_xattr.c
source3/libsmb/namecache.c
source3/libsmb/namequery.c
source3/libsmb/namequery.h
source3/libsmb/namequery_dc.c
source3/libsmb/nmblib.c
source3/libsmb/proto.h
source3/libsmb/pylibsmb.c
source3/libsmb/reparse_symlink.c
source3/libsmb/wscript
source3/locking/leases_db.c
source3/locking/leases_util.c
source3/locking/locking.c
source3/locking/posix.c
source3/locking/proto.h
source3/locking/share_mode_lock.c
source3/modules/test_vfs_gpfs.c [new file with mode: 0644]
source3/modules/test_vfs_posixacl.c [new file with mode: 0644]
source3/modules/util_reparse.c [new file with mode: 0644]
source3/modules/util_reparse.h [moved from source3/rpc_server/fss/srv_fss_agent.h with 51% similarity]
source3/modules/vfs_acl_common.c
source3/modules/vfs_acl_common.h
source3/modules/vfs_acl_tdb.c
source3/modules/vfs_acl_xattr.c
source3/modules/vfs_afsacl.c
source3/modules/vfs_aio_fork.c
source3/modules/vfs_aio_pthread.c
source3/modules/vfs_aixacl2.c
source3/modules/vfs_audit.c
source3/modules/vfs_cap.c
source3/modules/vfs_catia.c
source3/modules/vfs_ceph.c
source3/modules/vfs_ceph_snapshots.c
source3/modules/vfs_commit.c
source3/modules/vfs_default.c
source3/modules/vfs_error_inject.c
source3/modules/vfs_extd_audit.c
source3/modules/vfs_fileid.c
source3/modules/vfs_fruit.c
source3/modules/vfs_full_audit.c
source3/modules/vfs_glusterfs.c
source3/modules/vfs_glusterfs_fuse.c
source3/modules/vfs_gpfs.c
source3/modules/vfs_io_uring.c
source3/modules/vfs_media_harmony.c
source3/modules/vfs_nfs4acl_xattr.c
source3/modules/vfs_not_implemented.c
source3/modules/vfs_posixacl.c
source3/modules/vfs_posixacl.h
source3/modules/vfs_prealloc.c
source3/modules/vfs_preopen.c
source3/modules/vfs_recycle.c
source3/modules/vfs_shadow_copy.c
source3/modules/vfs_shadow_copy2.c
source3/modules/vfs_snapper.c
source3/modules/vfs_streams_depot.c
source3/modules/vfs_streams_xattr.c
source3/modules/vfs_syncops.c
source3/modules/vfs_time_audit.c
source3/modules/vfs_unityed_media.c
source3/modules/vfs_virusfilter.c
source3/modules/vfs_virusfilter_utils.c
source3/modules/vfs_vxfs.c
source3/modules/vfs_widelinks.c
source3/modules/vfs_worm.c
source3/modules/vfs_xattr_tdb.c
source3/modules/vfs_zfsacl.c
source3/modules/wscript_build
source3/nmbd/nmbd.h
source3/nmbd/nmbd_become_lmb.c
source3/nmbd/nmbd_browserdb.c
source3/nmbd/nmbd_browsesync.c
source3/nmbd/nmbd_elections.c
source3/nmbd/nmbd_incomingdgrams.c
source3/nmbd/nmbd_nameregister.c
source3/nmbd/nmbd_packets.c
source3/nmbd/nmbd_sendannounce.c
source3/nmbd/nmbd_serverlistdb.c
source3/nmbd/nmbd_synclists.c
source3/nmbd/nmbd_workgroupdb.c
source3/param/loadparm.c
source3/param/loadparm.h [new file with mode: 0644]
source3/param/pyparam.c
source3/passdb/account_pol.c
source3/passdb/machine_account_secrets.c
source3/passdb/passdb.c
source3/passdb/pdb_interface.c
source3/passdb/pdb_ldap.c
source3/passdb/pdb_ldap_schema.h
source3/passdb/pdb_ldap_util.c
source3/passdb/pdb_ldap_util.h
source3/passdb/pdb_nds.c
source3/passdb/pdb_nds.h
source3/passdb/pdb_samba_dsdb.c
source3/passdb/pdb_smbpasswd.c
source3/passdb/pdb_tdb.c
source3/passdb/py_passdb.c
source3/printing/lpq_parse.c
source3/printing/notify.c
source3/printing/nt_printing.c
source3/printing/nt_printing_ads.c
source3/printing/nt_printing_tdb.c
source3/printing/print_cups.c
source3/printing/print_iprint.c
source3/printing/printing.c
source3/printing/printing_db.c
source3/printing/printspoolss.c
source3/registry/reg_objects.c
source3/rpc_client/cli_pipe.c
source3/rpc_client/cli_pipe.h
source3/rpc_client/cli_winreg_spoolss.c
source3/rpc_client/py_mdscli.c
source3/rpc_server/epmapper/srv_epmapper.c
source3/rpc_server/eventlog/srv_eventlog_nt.c
source3/rpc_server/fss/srv_fss_agent.c
source3/rpc_server/fssd.c
source3/rpc_server/lsa/srv_lsa_nt.c
source3/rpc_server/mdssd.c
source3/rpc_server/mdssvc/dalloc.c
source3/rpc_server/mdssvc/es_parser.y
source3/rpc_server/mdssvc/mdssvc.c
source3/rpc_server/mdssvc/srv_mdssvc_nt.c
source3/rpc_server/netlogon/srv_netlog_nt.c
source3/rpc_server/rpc_contexts.c [deleted file]
source3/rpc_server/rpc_contexts.h [deleted file]
source3/rpc_server/rpc_handles.c
source3/rpc_server/rpc_ncacn_np.c
source3/rpc_server/rpc_pipes.h
source3/rpc_server/rpc_server.c
source3/rpc_server/samr/srv_samr_chgpasswd.c
source3/rpc_server/samr/srv_samr_nt.c
source3/rpc_server/spoolss/srv_iremotewinspool.c
source3/rpc_server/spoolss/srv_spoolss_nt.c
source3/rpc_server/srvsvc/srv_srvsvc_nt.c
source3/rpc_server/svcctl/srv_svcctl_nt.c
source3/rpc_server/winreg/srv_winreg_nt.c
source3/rpc_server/wscript_build
source3/rpcclient/cmd_samr.c
source3/rpcclient/cmd_spoolss.c
source3/rpcclient/cmd_spotlight.c
source3/rpcclient/cmd_srvsvc.c
source3/rpcclient/rpcclient.c
source3/script/tests/test_aio_outstanding.sh [new file with mode: 0755]
source3/script/tests/test_durable_handle_reconnect.sh
source3/script/tests/test_force_close_share.sh
source3/script/tests/test_netfileenum.sh [new file with mode: 0755]
source3/script/tests/test_open_eintr.sh
source3/script/tests/test_shadow_copy.sh
source3/script/tests/test_shadow_copy_torture.sh
source3/script/tests/test_smb1_shadow_copy_torture.sh [new file with mode: 0755]
source3/script/tests/test_smbclient_encryption.sh [new file with mode: 0755]
source3/script/tests/test_smbclient_iconv.sh [new file with mode: 0755]
source3/script/tests/test_smbclient_log_basename.sh [new file with mode: 0755]
source3/script/tests/test_smbclient_mget.sh [new file with mode: 0755]
source3/script/tests/test_smbclient_s3.sh
source3/script/tests/test_substitutions.sh
source3/script/tests/test_testparm_s3.sh
source3/script/tests/test_wbinfo_lookuprids_cache.sh [new file with mode: 0755]
source3/script/tests/test_wbinfo_sids2xids_int.py
source3/selftest/tests.py
source3/smbd/aio.c
source3/smbd/close.c
source3/smbd/conn.c
source3/smbd/dir.c
source3/smbd/dosmode.c
source3/smbd/durable.c
source3/smbd/file_access.c
source3/smbd/fileio.c
source3/smbd/filename.c
source3/smbd/files.c
source3/smbd/globals.h
source3/smbd/lanman.c
source3/smbd/msdfs.c
source3/smbd/negprot.c
source3/smbd/notify.c
source3/smbd/notifyd/notifydd.c
source3/smbd/ntquotas.c
source3/smbd/nttrans.c
source3/smbd/open.c
source3/smbd/oplock.c
source3/smbd/pipes.c
source3/smbd/posix_acls.c
source3/smbd/process.c
source3/smbd/proto.h
source3/smbd/pysmbd.c
source3/smbd/reply.c
source3/smbd/server.c
source3/smbd/server_exit.c
source3/smbd/service.c
source3/smbd/sesssetup.c
source3/smbd/share_access.c
source3/smbd/smb1_utils.c
source3/smbd/smb1_utils.h
source3/smbd/smb2_break.c
source3/smbd/smb2_create.c
source3/smbd/smb2_getinfo.c
source3/smbd/smb2_glue.c
source3/smbd/smb2_ioctl.c
source3/smbd/smb2_ioctl_network_fs.c
source3/smbd/smb2_lock.c
source3/smbd/smb2_negprot.c
source3/smbd/smb2_notify.c
source3/smbd/smb2_query_directory.c
source3/smbd/smb2_read.c
source3/smbd/smb2_server.c
source3/smbd/smb2_sesssetup.c
source3/smbd/smb2_tcon.c
source3/smbd/smbXsrv_client.c
source3/smbd/smbXsrv_open.c
source3/smbd/smbXsrv_session.c
source3/smbd/smbd.h
source3/smbd/srvstr.c
source3/smbd/statcache.c
source3/smbd/trans2.c
source3/smbd/uid.c
source3/smbd/vfs.c
source3/torture/cmd_vfs.c
source3/torture/locktest2.c
source3/torture/mangle_test.c
source3/torture/masktest.c
source3/torture/nbio.c
source3/torture/proto.h
source3/torture/test_g_lock.c
source3/torture/test_notify.c
source3/torture/test_posix_append.c
source3/torture/test_readdir_timestamp.c
source3/torture/test_smb2.c
source3/torture/torture.c
source3/torture/utable.c
source3/utils/clirap2.c
source3/utils/conn_tdb.c
source3/utils/eventlogadm.c
source3/utils/mdfind.c
source3/utils/net.c
source3/utils/net_ads.c
source3/utils/net_ads_gpo.c
source3/utils/net_conf.c
source3/utils/net_g_lock.c
source3/utils/net_groupmap.c
source3/utils/net_idmap.c
source3/utils/net_lookup.c
source3/utils/net_proto.h
source3/utils/net_registry.c
source3/utils/net_rpc.c
source3/utils/net_rpc_printer.c
source3/utils/net_rpc_registry.c
source3/utils/net_rpc_rights.c
source3/utils/net_rpc_service.c
source3/utils/net_rpc_trust.c
source3/utils/net_sam.c
source3/utils/net_usershare.c
source3/utils/net_util.c
source3/utils/net_vfs.c
source3/utils/netlookup.c
source3/utils/nmblookup.c
source3/utils/ntlm_auth.c
source3/utils/pdbedit.c
source3/utils/regedit_dialog.c
source3/utils/sharesec.c
source3/utils/smbcacls.c
source3/utils/smbcontrol.c
source3/utils/smbcquotas.c
source3/utils/smbpasswd.c
source3/utils/status.c
source3/winbindd/idmap_ad.c
source3/winbindd/idmap_autorid.c
source3/winbindd/idmap_autorid_tdb.c
source3/winbindd/idmap_ldap.c
source3/winbindd/idmap_tdb.c
source3/winbindd/wb_getpwsid.c
source3/winbindd/winbindd_ads.c
source3/winbindd/winbindd_cache.c
source3/winbindd/winbindd_cm.c
source3/winbindd/winbindd_domain_info.c
source3/winbindd/winbindd_dsgetdcname.c
source3/winbindd/winbindd_dual.c
source3/winbindd/winbindd_dual_srv.c
source3/winbindd/winbindd_getdcname.c
source3/winbindd/winbindd_getgrnam.c
source3/winbindd/winbindd_lookuprids.c
source3/winbindd/winbindd_lookupsid.c
source3/winbindd/winbindd_misc.c
source3/winbindd/winbindd_pam.c
source3/winbindd/winbindd_pam_auth.c
source3/winbindd/winbindd_pam_auth_crap.c
source3/winbindd/winbindd_pam_chauthtok.c
source3/winbindd/winbindd_samr.c
source3/winbindd/winbindd_util.c
source3/winbindd/winbindd_wins_byip.c
source3/winbindd/winbindd_wins_byname.c
source3/wscript
source3/wscript_build
source4/auth/gensec/gensec_gssapi.c
source4/auth/gensec/pygensec.c
source4/auth/kerberos/kerberos_util.c
source4/auth/ntlm/auth_developer.c
source4/auth/pyauth.c
source4/auth/tests/kerberos.c
source4/auth/unix_token.c
source4/client/cifsdd.c
source4/client/client.c
source4/dns_server/dlz_bind9.c
source4/dns_server/dlz_minimal.h
source4/dns_server/dnsserver_common.c
source4/dns_server/pydns.c
source4/dns_server/wscript_build
source4/dsdb/common/dsdb_dn.c
source4/dsdb/common/util.c
source4/dsdb/common/util_trusts.c
source4/dsdb/kcc/kcc_connection.h
source4/dsdb/kcc/kcc_periodic.c
source4/dsdb/kcc/kcc_service.c
source4/dsdb/kcc/kcc_service.h
source4/dsdb/pydsdb.c
source4/dsdb/repl/drepl_extended.c
source4/dsdb/repl/drepl_fsmo.c
source4/dsdb/repl/drepl_notify.c
source4/dsdb/repl/drepl_out_helpers.c
source4/dsdb/repl/drepl_out_helpers.h
source4/dsdb/repl/drepl_out_pull.c
source4/dsdb/repl/drepl_partitions.c
source4/dsdb/repl/drepl_periodic.c
source4/dsdb/repl/drepl_replica.c
source4/dsdb/repl/drepl_ridalloc.c
source4/dsdb/repl/drepl_secret.c
source4/dsdb/repl/drepl_service.c
source4/dsdb/repl/drepl_service.h
source4/dsdb/repl/replicated_objects.c
source4/dsdb/samdb/cracknames.c
source4/dsdb/samdb/ldb_modules/acl.c
source4/dsdb/samdb/ldb_modules/acl_read.c
source4/dsdb/samdb/ldb_modules/acl_util.c
source4/dsdb/samdb/ldb_modules/anr.c
source4/dsdb/samdb/ldb_modules/count_attrs.c
source4/dsdb/samdb/ldb_modules/dirsync.c
source4/dsdb/samdb/ldb_modules/dns_notify.c
source4/dsdb/samdb/ldb_modules/encrypted_secrets.c
source4/dsdb/samdb/ldb_modules/extended_dn_in.c
source4/dsdb/samdb/ldb_modules/extended_dn_out.c
source4/dsdb/samdb/ldb_modules/linked_attributes.c
source4/dsdb/samdb/ldb_modules/netlogon.c
source4/dsdb/samdb/ldb_modules/objectclass.c
source4/dsdb/samdb/ldb_modules/objectclass_attrs.c
source4/dsdb/samdb/ldb_modules/operational.c
source4/dsdb/samdb/ldb_modules/paged_results.c
source4/dsdb/samdb/ldb_modules/partition_metadata.c
source4/dsdb/samdb/ldb_modules/password_hash.c
source4/dsdb/samdb/ldb_modules/ranged_results.c
source4/dsdb/samdb/ldb_modules/repl_meta_data.c
source4/dsdb/samdb/ldb_modules/rootdse.c
source4/dsdb/samdb/ldb_modules/samldb.c
source4/dsdb/samdb/ldb_modules/schema_data.c
source4/dsdb/samdb/ldb_modules/schema_load.c
source4/dsdb/samdb/ldb_modules/util.c
source4/dsdb/samdb/ldb_modules/vlv_pagination.c
source4/dsdb/schema/schema.h
source4/dsdb/schema/schema_convert_to_ol.c
source4/dsdb/schema/schema_description.c
source4/dsdb/schema/schema_filtered.c
source4/dsdb/schema/schema_init.c
source4/dsdb/schema/schema_prefixmap.c
source4/dsdb/schema/schema_query.c
source4/dsdb/schema/schema_set.c
source4/dsdb/schema/schema_syntax.c
source4/dsdb/tests/python/acl.py
source4/dsdb/tests/python/asq.py
source4/dsdb/tests/python/deletetest.py
source4/dsdb/tests/python/ldap.py
source4/dsdb/tests/python/sam.py
source4/dsdb/tests/python/sort.py
source4/dsdb/tests/python/tombstone_reanimation.py
source4/dsdb/tests/python/vlv.py
source4/heimdal/kdc/krb5tgs.c
source4/heimdal/lib/asn1/lex.c [deleted file]
source4/heimdal/lib/com_err/lex.c [deleted file]
source4/heimdal/lib/gssapi/mech/gss_mech_switch.c
source4/heimdal/lib/hx509/sel-lex.c [deleted file]
source4/heimdal/lib/krb5/plugin.c
source4/heimdal/lib/krb5/version-script.map
source4/heimdal_build/include/krb5-types.h
source4/heimdal_build/kafs.h
source4/heimdal_build/lexyacc.sh
source4/heimdal_build/wscript_build
source4/heimdal_build/wscript_configure
source4/kdc/db-glue.c
source4/kdc/mit_samba.c
source4/kdc/sdb.h
source4/ldap_server/ldap_backend.c
source4/ldap_server/ldap_bind.c
source4/ldap_server/ldap_server.c
source4/ldap_server/ldap_server.h
source4/lib/com/dcom/main.c
source4/lib/messaging/messaging.c
source4/lib/messaging/messaging_send.c
source4/lib/policy/gp_filesys.c
source4/lib/policy/pypolicy.c
source4/lib/registry/interface.c
source4/lib/registry/ldb.c
source4/lib/registry/patchfile_preg.c
source4/lib/registry/pyregistry.c
source4/lib/registry/regf.c
source4/lib/registry/tools/regdiff.c
source4/lib/registry/tools/regpatch.c
source4/lib/registry/tools/regshell.c
source4/lib/registry/tools/regtree.c
source4/lib/socket/interface.c
source4/lib/socket/socket_ip.c
source4/lib/stream/packet.c
source4/lib/stream/packet.h
source4/lib/tls/tls_tstream.c
source4/libcli/dgram/mailslot.c
source4/libcli/ldap/ldap_client.c
source4/libcli/raw/libcliraw.h
source4/libcli/raw/rawrequest.c
source4/libcli/resolve/dns_ex.c
source4/libcli/resolve/lmhosts.c
source4/libcli/resolve/resolve.c
source4/libcli/smb2/connect.c
source4/libcli/smb2/create.c
source4/libcli/smb2/transport.c
source4/libcli/smb_composite/connect.c
source4/libcli/smb_composite/sesssetup.c
source4/librpc/ndr/py_security.c
source4/librpc/ndr/py_xattr.c
source4/librpc/rpc/dcerpc_connect.c
source4/librpc/rpc/dcerpc_smb.c
source4/nbt_server/wins/winsdb.c
source4/ntvfs/ipc/vfs_ipc.c
source4/ntvfs/ntvfs_generic.c
source4/ntvfs/posix/pvfs_fileinfo.c
source4/ntvfs/posix/pvfs_shortname.c
source4/ntvfs/posix/python/pyposix_eadb.c
source4/ntvfs/posix/python/pyxattr_native.c
source4/ntvfs/posix/python/pyxattr_tdb.c
source4/ntvfs/sysdep/sys_lease.c
source4/ntvfs/sysdep/sys_notify.c
source4/param/loadparm.c
source4/param/pyparam.c
source4/param/share_ldb.c
source4/rpc_server/backupkey/dcesrv_backupkey.c
source4/rpc_server/common/share_info.c
source4/rpc_server/dcerpc_server.c
source4/rpc_server/dnsserver/dcerpc_dnsserver.c
source4/rpc_server/dnsserver/dnsdata.c
source4/rpc_server/dnsserver/dnsdb.c
source4/rpc_server/dnsserver/dnsutils.c
source4/rpc_server/drsuapi/dcesrv_drsuapi.c
source4/rpc_server/drsuapi/writespn.c
source4/rpc_server/epmapper/rpc_epmapper.c
source4/rpc_server/lsa/dcesrv_lsa.c
source4/rpc_server/netlogon/dcerpc_netlogon.c
source4/rpc_server/samr/dcesrv_samr.c
source4/rpc_server/srvsvc/dcesrv_srvsvc.c
source4/rpc_server/wscript_build
source4/scripting/bin/samba-gpupdate
source4/scripting/bin/samba_dnsupdate
source4/scripting/bin/samba_spnupdate
source4/scripting/bin/samba_upgradeprovision
source4/scripting/devel/pfm_verify.py
source4/scripting/man/samba-gpupdate.8.xml
source4/selftest/tests.py
source4/setup/named.conf.dlz
source4/smb_server/smb/negprot.c
source4/smb_server/smb/service.c
source4/smb_server/smb2/negprot.c
source4/smb_server/smb2/receive.c
source4/smbd/process_standard.c
source4/smbd/service.c
source4/torture/basic/attr.c
source4/torture/basic/base.c
source4/torture/basic/mangle_test.c
source4/torture/drs/drs_util.c
source4/torture/drs/python/drs_base.py
source4/torture/drs/python/getnc_exop.py
source4/torture/drs/python/repl_rodc.py
source4/torture/drs/python/replica_sync_rodc.py
source4/torture/drs/python/samba_tool_drs_no_dns.py
source4/torture/drs/python/samba_tool_drs_showrepl.py
source4/torture/drs/rpc/dssync.c
source4/torture/drs/unit/schemainfo_tests.c
source4/torture/gentest.c
source4/torture/gpo/apply.c
source4/torture/krb5/kdc-canon-heimdal.c
source4/torture/ldap/basic.c
source4/torture/ldap/cldap.c
source4/torture/ldap/common.c
source4/torture/ldap/ldap_sort.c
source4/torture/ldap/nested_search.c
source4/torture/ldap/netlogon.c
source4/torture/ldap/schema.c
source4/torture/ldap/session_expiry.c [new file with mode: 0644]
source4/torture/ldap/uptodatevector.c
source4/torture/ldb/ldb.c
source4/torture/libnetapi/libnetapi_group.c
source4/torture/libnetapi/libnetapi_user.c
source4/torture/libsmbclient/libsmbclient.c
source4/torture/local/local.c
source4/torture/local/smbtorture_fullname.c [new file with mode: 0644]
source4/torture/local/wscript_build
source4/torture/locktest.c
source4/torture/masktest.c
source4/torture/nbench/nbench.c
source4/torture/ndr/dnsp.c
source4/torture/raw/raw.c
source4/torture/raw/samba3hide.c
source4/torture/raw/samba3misc.c
source4/torture/raw/search.c
source4/torture/rpc/drsuapi_cracknames.c
source4/torture/rpc/epmapper.c
source4/torture/rpc/eventlog.c
source4/torture/rpc/forest_trust.c
source4/torture/rpc/fsrvp.c
source4/torture/rpc/lsa.c
source4/torture/rpc/netlogon.c
source4/torture/rpc/rpc.c
source4/torture/rpc/samr.c
source4/torture/rpc/samr_handletype.c [new file with mode: 0644]
source4/torture/smb2/block.c
source4/torture/smb2/block.h
source4/torture/smb2/create.c
source4/torture/smb2/delete-on-close.c
source4/torture/smb2/deny.c [new file with mode: 0644]
source4/torture/smb2/durable_v2_open.c
source4/torture/smb2/lock.c
source4/torture/smb2/mangle.c
source4/torture/smb2/multichannel.c
source4/torture/smb2/notify.c
source4/torture/smb2/oplock.c
source4/torture/smb2/oplock_break_handler.c
source4/torture/smb2/oplock_break_handler.h
source4/torture/smb2/read.c
source4/torture/smb2/read_write.c
source4/torture/smb2/replay.c
source4/torture/smb2/secleak.c [new file with mode: 0644]
source4/torture/smb2/sessid.c [new file with mode: 0644]
source4/torture/smb2/sharemode.c
source4/torture/smb2/smb2.c
source4/torture/smb2/timestamps.c
source4/torture/smb2/wscript_build
source4/torture/smbtorture.c
source4/torture/unix/whoami.c
source4/torture/vfs/fruit.c
source4/torture/winbind/struct_based.c
source4/torture/wscript_build
source4/utils/oLschema2ldif/lib.c
source4/utils/oLschema2ldif/main.c
source4/winbind/idmap.c
testprogs/blackbox/test_net_ads.sh
testprogs/blackbox/test_net_ads_dns_async.sh [new file with mode: 0755]
testprogs/blackbox/test_net_ads_fips.sh [new file with mode: 0755]
testprogs/blackbox/test_old_enctypes.sh [new file with mode: 0755]
testprogs/blackbox/test_s4u_heimdal.sh
testprogs/blackbox/test_smbtorture_test_names.sh [new file with mode: 0755]
testprogs/blackbox/test_weak_crypto.sh
testsuite/smbd/se_access_check_utils.c
third_party/gpfs/gpfs.h
third_party/pyiso8601/.hgignore [deleted file]
third_party/pyiso8601/.hgtags [deleted file]
third_party/pyiso8601/LICENSE [deleted file]
third_party/pyiso8601/MANIFEST.in [deleted file]
third_party/pyiso8601/README.rst [deleted file]
third_party/pyiso8601/dev-requirements.txt [deleted file]
third_party/pyiso8601/docs/Makefile [deleted file]
third_party/pyiso8601/docs/conf.py [deleted file]
third_party/pyiso8601/docs/index.rst [deleted file]
third_party/pyiso8601/docs/make.bat [deleted file]
third_party/pyiso8601/iso8601/__init__.py [deleted file]
third_party/pyiso8601/iso8601/iso8601.py [deleted file]
third_party/pyiso8601/iso8601/test_iso8601.py [deleted file]
third_party/pyiso8601/setup.py [deleted file]
third_party/pyiso8601/tox.ini [deleted file]
third_party/resolv_wrapper/resolv_wrapper.c
third_party/resolv_wrapper/wscript
third_party/socket_wrapper/socket_wrapper.c
third_party/socket_wrapper/wscript
third_party/waf/waflib/Configure.py
third_party/waf/waflib/Context.py
third_party/waf/waflib/Options.py
third_party/waf/waflib/Scripting.py
third_party/waf/waflib/Tools/c_aliases.py
third_party/waf/waflib/Tools/c_config.py
third_party/waf/waflib/Tools/c_tests.py
third_party/waf/waflib/Tools/compiler_c.py
third_party/waf/waflib/Tools/compiler_cxx.py
third_party/waf/waflib/Tools/fc.py
third_party/waf/waflib/Tools/irixcc.py
third_party/waf/waflib/Tools/javaw.py
third_party/waf/waflib/Tools/python.py
third_party/waf/waflib/Tools/qt5.py
third_party/waf/waflib/Utils.py
third_party/waf/waflib/extras/clang_compilation_database.py
third_party/waf/waflib/extras/doxygen.py
third_party/waf/waflib/extras/gccdeps.py
third_party/waf/waflib/extras/javatest.py
third_party/waf/waflib/extras/msvc_pdb.py [new file with mode: 0644]
third_party/waf/waflib/extras/pytest.py
third_party/waf/waflib/extras/wafcache.py [new file with mode: 0644]
third_party/wscript
wscript
wscript_build
wscript_configure_system_gnutls

index 4e9a5284429b852de666689bbfb80101082cb32b..7555582e0052e24705f0a4234f9b86de39feff5b 100644 (file)
@@ -23,7 +23,7 @@ variables:
   # Set this to the contents of bootstrap/sha1sum.txt
   # which is generated by bootstrap/template.py --render
   #
-  SAMBA_CI_CONTAINER_TAG: c6ee634a9467e84ee8dd858b0b363f7a75973a66
+  SAMBA_CI_CONTAINER_TAG: 86279163d150fb95742f4b34fce0dfc1a639f5de
   #
   # We use the ubuntu1804 image as default as
   # it matches what we have on sn-devel-184.
@@ -52,6 +52,10 @@ include:
   - 'bootstrap/.gitlab-ci.yml'
 
 .shared_template:
+  # All Samba jobs are interruptible, this avoids burning CPU when a
+  # newer branch is pushed.
+  interruptible: true
+
   variables:
     AUTOBUILD_JOB_NAME: $CI_JOB_NAME
   image: ${SAMBA_CI_CONTAINER_REGISTRY}/samba-ci-${SAMBA_CI_CONTAINER_IMAGE}:${SAMBA_CI_CONTAINER_TAG}
@@ -108,8 +112,7 @@ include:
   script:
     # gitlab predefines CI_JOB_NAME for each job. The gitlab job usually matches the
     # autobuild name, which means we can define a default template that runs most autobuild jobs
-    - echo "Running cmd script/autobuild.py $AUTOBUILD_JOB_NAME $SAMBA_CI_AUTOBUILD_ENABLE_COVERAGE --verbose --nocleanup --keeplogs --tail --testbase /tmp/samba-testbase"
-    - script/autobuild.py $AUTOBUILD_JOB_NAME $SAMBA_CI_AUTOBUILD_ENABLE_COVERAGE  --verbose --nocleanup --keeplogs --tail --testbase /tmp/samba-testbase
+    - script/autobuild.py $AUTOBUILD_JOB_NAME $SAMBA_CI_AUTOBUILD_ENABLE_COVERAGE  --verbose --nocleanup --keeplogs --tail --full-testbase /tmp/samba-testbase
 
 # Ensure when adding a new job below that you also add it to
 # the dependencies for 'pages' below for the code coverage page
@@ -118,13 +121,14 @@ include:
 others:
   extends: .shared_template
   script:
-    - script/autobuild.py ldb      $SAMBA_CI_AUTOBUILD_ENABLE_COVERAGE --verbose --nocleanup --keeplogs --tail --testbase /tmp/samba-testbase
-    - script/autobuild.py pidl     $SAMBA_CI_AUTOBUILD_ENABLE_COVERAGE --verbose --nocleanup --keeplogs --tail --testbase /tmp/samba-testbase
-    - script/autobuild.py replace  $SAMBA_CI_AUTOBUILD_ENABLE_COVERAGE --verbose --nocleanup --keeplogs --tail --testbase /tmp/samba-testbase
-    - script/autobuild.py talloc   $SAMBA_CI_AUTOBUILD_ENABLE_COVERAGE --verbose --nocleanup --keeplogs --tail --testbase /tmp/samba-testbase
-    - script/autobuild.py tdb      $SAMBA_CI_AUTOBUILD_ENABLE_COVERAGE --verbose --nocleanup --keeplogs --tail --testbase /tmp/samba-testbase
-    - script/autobuild.py tevent   $SAMBA_CI_AUTOBUILD_ENABLE_COVERAGE --verbose --nocleanup --keeplogs --tail --testbase /tmp/samba-testbase
-    - script/autobuild.py samba-xc $SAMBA_CI_AUTOBUILD_ENABLE_COVERAGE --verbose --nocleanup --keeplogs --tail --testbase /tmp/samba-testbase
+    - script/autobuild.py ldb      $SAMBA_CI_AUTOBUILD_ENABLE_COVERAGE --verbose --nocleanup --keeplogs --tail --full-testbase /tmp/samba-testbase/ldb
+    - script/autobuild.py pidl     $SAMBA_CI_AUTOBUILD_ENABLE_COVERAGE --verbose --nocleanup --keeplogs --tail --full-testbase /tmp/samba-testbase/pidl
+    - script/autobuild.py replace  $SAMBA_CI_AUTOBUILD_ENABLE_COVERAGE --verbose --nocleanup --keeplogs --tail --full-testbase /tmp/samba-testbase/replace
+    - script/autobuild.py talloc   $SAMBA_CI_AUTOBUILD_ENABLE_COVERAGE --verbose --nocleanup --keeplogs --tail --full-testbase /tmp/samba-testbase/talloc
+    - script/autobuild.py tdb      $SAMBA_CI_AUTOBUILD_ENABLE_COVERAGE --verbose --nocleanup --keeplogs --tail --full-testbase /tmp/samba-testbase/tdb
+    - script/autobuild.py tevent   $SAMBA_CI_AUTOBUILD_ENABLE_COVERAGE --verbose --nocleanup --keeplogs --tail --full-testbase /tmp/samba-testbase/tevent
+    - script/autobuild.py samba-xc $SAMBA_CI_AUTOBUILD_ENABLE_COVERAGE --verbose --nocleanup --keeplogs --tail --full-testbase /tmp/samba-testbase/samba-xc
+    - script/autobuild.py docs-xml $SAMBA_CI_AUTOBUILD_ENABLE_COVERAGE --verbose --nocleanup --keeplogs --tail --full-testbase /tmp/samba-testbase/docs-xml
 
 samba:
   extends: .shared_template
@@ -132,10 +136,7 @@ samba:
 samba-mitkrb5:
   extends: .shared_template
 
-samba-nopython:
-  extends: .shared_template
-
-samba-nopython-py2:
+samba-minimal-smbd:
   extends: .shared_template
 
 samba-admem:
@@ -159,9 +160,6 @@ samba-ad-dc-6:
 samba-libs:
   extends: .shared_template
 
-samba-static:
-  extends: .shared_template
-
 samba-fuzz:
   extends: .shared_template
   image: ${SAMBA_CI_CONTAINER_REGISTRY}/samba-ci-ubuntu1604:${SAMBA_CI_CONTAINER_TAG}
@@ -181,9 +179,9 @@ samba-admem-mit:
 samba-ad-dc-4-mitkrb5:
   extends: .shared_template
 
-samba-ad-dc-fips:
+samba-fips:
   extends: .shared_template
-  image: $SAMBA_CI_CONTAINER_IMAGE_fedora31
+  image: $SAMBA_CI_CONTAINER_IMAGE_fedora32
 
 .private_template:
   extends: .shared_template
@@ -227,8 +225,6 @@ pages:
     - others
     - samba
     - samba-mitkrb5
-    - samba-nopython
-    - samba-nopython-py2
     - samba-admem
     - samba-ad-dc-2
     - samba-ad-dc-3
@@ -236,7 +232,7 @@ pages:
     - samba-ad-dc-5
     - samba-ad-dc-6
     - samba-libs
-    - samba-static
+    - samba-minimal-smbd
     - samba-fuzz
     # - ctdb  # TODO
     - samba-ctdb
@@ -249,7 +245,7 @@ pages:
     - samba-nt4
     - samba-schemaupgrade
     - samba-ad-dc-1-mitkrb5
-    - samba-ad-dc-fips
+    - samba-fips
   script:
     - ./configure.developer
     - make -j
diff --git a/BUILD_SYSTEMS.txt b/BUILD_SYSTEMS.txt
deleted file mode 100644 (file)
index f1d1ce3..0000000
+++ /dev/null
@@ -1,80 +0,0 @@
-BUILDING SAMBA 4.0
-===================================
-
-The waf build
--------------
-
-Samba 4.0 ships with a new build system, based on waf.  A background to
-this build system can be found at https://wiki.samba.org/index.php/Waf
-
-This is the build system that is used when you run ./configure && make
-in the top level of a Samba 4.0 release tree.
-
-For the vast majority of our users, this is the build system you should
-use.  It supports parallel and incremental builds, and builds the whole
-Samba suite, the file server, the print server, the NT4 domain
-controller, winbind, the AD Domain Controller, the client libraries and
-the python libraries.  
-
-A key feature for many of our distributors and OEMs is that despite the
-range of additional features, the resulting binaries and libraries are
-substantially smaller, because we use shared libraries extensively. 
-
-For distributions that have a requirement to use the system-supplied
-Kerberos library, we support building against a Heimdal or system MIT
-Kerberos library, provided the version is recent enough (otherwise we
-will use our internal version of Heimdal).  Please note that builds
-with MIT krb5 support will not have AD DC features.
-
-Where we provide a tool under a name that was used in Samba 3.x, it
-continues to behave in the same way it always has.  This will ensure
-that our change in build system does not impact on our user's ability
-to use Samba as they always have.
-
-For developers, this build system backs a comprehensive 'make test',
-which provides code coverage of around 48% of our code by line:
-https://build.samba.org/lcov/data/coverage/samba_4_0_test/
-
-This build system also implements important features such as ABI
-checking (which protects you as users from accidental changes to our
-published libraries), symbol versions and dependency checked incremental
-rebuilds after header-file changes. 
-
-The waf build also assists developers by providing fully-linked binaries
-that run from bin/ without needing to set LD_LIBRARY_PATH. 
-
-For users who do not have python installed on their systems, we provide
-a install_with_python.sh script, which will install a local copy of
-python sufficient to run the build system, without impacting on the rest
-of the system.  
-
-Within this requirement, we expect that this build will run on all our
-supported platforms, and will actively deal with any portability issues
-that users can bring to our attention. 
-
-For all these reasons, we highly recommend this new build system to all
-our users, for whatever purpose you want to put Samba to.
-
-The autoconf build
-------------------
-
-The autoconf build was removed in Samba 4.1.  If you have tried and
-failed to use our waf build system, you may wish to use the latest
-supported 4.0 release instead, while we address your use case.
-
-Optional Libraries
-------------------
-
-To assist users and distributors to build Samba with the full feature
-set, the build system will abort if our dependent libraries and their
-header files are not found on the target system.  This will mean for
-example, that xattr, acl and ldap headers must be installed for the
-default build to complete.  The configure system will check for these
-headers, and the error message will indicate the option (such as
---without-acl-support) that can be specified to skip this requirement.
-
-This will assist users and in particular distributors in building fully
-functional packages, while allowing those on systems truly without these
-facilities to continue to build Samba after careful consideration.
-
-This feature is not currently supported for xattr.
index 09f1458e441c2ce9bc5c89ca4e342289f3340aad..ab28c563332a6c6415ebcb52f6bd37ec6d4b833e 100644 (file)
--- a/PFIF.txt
+++ b/PFIF.txt
@@ -2,6 +2,5 @@ This code was developed in participation with the Protocol Freedom
 Information Foundation.
 
 Please see 
-  http://protocolfreedom.org/ and
-  http://samba.org/samba/PFIF/ 
+  https://www.samba.org/samba/PFIF/
 for more details.
similarity index 84%
rename from README.Coding
rename to README.Coding.md
index ac9bcd43065fea7246ecddafaeac389319087628..b87580f5f85e20240f5f715dd6534f8935edce32 100644 (file)
@@ -1,11 +1,6 @@
-Coding conventions in the Samba tree
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+# Coding conventions in the Samba tree
 
-.. contents::
-
-===========
-Quick Start
-===========
+## Quick Start
 
 Coding style guidelines are about reducing the number of unnecessary
 reformatting patches and making things easier for developers to work
@@ -21,10 +16,9 @@ Documentation/CodingStyle in the kernel source tree). This closely matches
 what most Samba developers use already anyways, with a few exceptions as
 mentioned below.
 
-The coding style for Python code is documented in PEP8,
-https://www.python.org/dev/peps/pep-0008/. New Python code should be compatible
-with Python 2.6, 2.7, and Python 3.4 onwards. This means using Python 3 syntax
-with the appropriate 'from __future__' imports.
+The coding style for Python code is documented in
+[PEP8](https://www.python.org/dev/peps/pep-0008/). New Python code
+should be compatible with Python 3.6 onwards.
 
 But to save you the trouble of reading the Linux kernel style guide, here
 are the highlights.
@@ -32,49 +26,52 @@ are the highlights.
 * Maximum Line Width is 80 Characters
   The reason is not about people with low-res screens but rather sticking
   to 80 columns prevents you from easily nesting more than one level of
-  if statements or other code blocks.  Use source3/script/count_80_col.pl
+  if statements or other code blocks.  Use [source3/script/count_80_col.pl](source3/script/count_80_col.pl)
   to check your changes.
 
 * Use 8 Space Tabs to Indent
   No whitespace fillers.
 
 * No Trailing Whitespace
-  Use source3/script/strip_trail_ws.pl to clean up your files before
+  Use [source3/script/strip_trail_ws.pl](source3/script/strip_trail_ws.pl) to clean up your files before
   committing.
 
 * Follow the K&R guidelines.  We won't go through all of them here. Do you
   have a copy of "The C Programming Language" anyways right? You can also use
-  the format_indent.sh script found in source3/script/ if all else fails.
+  the [format_indent.sh script found in source3/script/](source3/script/format_indent.sh) if all else fails.
+
 
 
+## Editor Hints
 
-============
-Editor Hints
-============
+### Emacs
 
-Emacs
------
 Add the follow to your $HOME/.emacs file:
 
+```
   (add-hook 'c-mode-hook
        (lambda ()
                (c-set-style "linux")
                (c-toggle-auto-state)))
+```
 
 
-Vi
---
+### Vi
+
 (Thanks to SATOH Fumiyasu <fumiyas@osstech.jp> for these hints):
 
 For the basic vi editor included with all variants of \*nix, add the
 following to $HOME/.exrc:
 
+```
   set tabstop=8
   set shiftwidth=8
+```
 
 For Vim, the following settings in $HOME/.vimrc will also deal with
 displaying trailing whitespace:
 
+```
   if has("syntax") && (&t_Co > 2 || has("gui_running"))
        syntax on
        function! ActivateInvisibleCharIndicator()
@@ -89,9 +86,11 @@ displaying trailing whitespace:
   " highlight overly long lines same as TODOs.
   set textwidth=80
   autocmd BufNewFile,BufRead *.c,*.h exec 'match Todo /\%>' . &textwidth . 'v.\+/'
+```
+
+### clang-format
 
-clang-format
-------------
+```
 BasedOnStyle: LLVM
 IndentWidth: 8
 UseTab: true
@@ -101,14 +100,12 @@ IndentCaseLabels: false
 BinPackParameters: false
 BinPackArguments: false
 SortIncludes: false
+```
 
 
-=========================
-FAQ & Statement Reference
-=========================
+## FAQ & Statement Reference
 
-Comments
---------
+### Comments
 
 Comments should always use the standard C syntax.  C++
 style comments are not currently allowed.
@@ -120,6 +117,7 @@ of multiple following code blocks.
 
 This is good:
 
+```
        ...
        int i;
 
@@ -155,9 +153,11 @@ This is good:
         * @return              0 on success and -1 on error.
         */
        int example(int param1, int *result1);
+```
 
 This is bad:
 
+```
        ...
        int i;
        /*
@@ -185,9 +185,9 @@ This is bad:
        /*
         * This is a multi line comment,
         * with some more words...*/
+```
 
-Indention & Whitespace & 80 columns
------------------------------------
+### Indention & Whitespace & 80 columns
 
 To avoid confusion, indentations have to be tabs with length 8 (not 8
 ' ' characters).  When wrapping parameters for function calls,
@@ -195,8 +195,10 @@ align the parameter list with the first parameter on the previous line.
 Use tabs to get as close as possible and then fill in the final 7
 characters or less with whitespace.  For example,
 
+```
        var1 = foo(arg1, arg2,
                   arg3);
+```
 
 The previous example is intended to illustrate alignment of function
 parameters across lines and not as encourage for gratuitous line
@@ -210,18 +212,21 @@ line. The rationale is that if there are many parameters, each one
 should be on its own line to make tracking interface changes easier.
 
 
-If, switch, & Code blocks
--------------------------
+## If, switch, & Code blocks
 
-Always follow an 'if' keyword with a space but don't include additional
+Always follow an `if` keyword with a space but don't include additional
 spaces following or preceding the parentheses in the conditional.
 This is good:
 
+```
        if (x == 1)
+```
 
 This is bad:
 
+```
        if ( x == 1 )
+```
 
 Yes we have a lot of code that uses the second form and we are trying
 to clean it up without being overly intrusive.
@@ -230,7 +235,7 @@ Note that this is a rule about parentheses following keywords and not
 functions.  Don't insert a space between the name and left parentheses when
 invoking functions.
 
-Braces for code blocks used by for, if, switch, while, do..while, etc.
+Braces for code blocks used by `for`, `if`, `switch`, `while`, `do..while`, etc.
 should begin on the same line as the statement keyword and end on a line
 of their own. You should always include braces, even if the block only
 contains one statement.  NOTE: Functions are different and the beginning left
@@ -240,11 +245,12 @@ If the beginning statement has to be broken across lines due to length,
 the beginning brace should be on a line of its own.
 
 The exception to the ending rule is when the closing brace is followed by
-another language keyword such as else or the closing while in a do..while
+another language keyword such as else or the closing while in a `do..while`
 loop.
 
 Good examples:
 
+```
        if (x == 1) {
                printf("good\n");
        }
@@ -263,9 +269,11 @@ Good examples:
        do {
                printf("also good\n");
        } while (1);
+```
 
 Bad examples:
 
+```
        while (1)
        {
                print("I'm in a loop!\n"); }
@@ -279,12 +287,12 @@ Bad examples:
 
        if (i < 10)
                print("I should be in braces.\n");
+```
 
 
-Goto
-----
+### Goto
 
-While many people have been academically taught that "goto"s are
+While many people have been academically taught that `goto`s are
 fundamentally evil, they can greatly enhance readability and reduce memory
 leaks when used as the single exit point from a function. But in no Samba
 world what so ever is a goto outside of a function or block of code a good
@@ -292,6 +300,7 @@ idea.
 
 Good Examples:
 
+```
        int function foo(int y)
        {
                int *z = NULL;
@@ -314,10 +323,10 @@ Good Examples:
 
                return ret;
        }
+```
 
 
-Primitive Data Types
---------------------
+### Primitive Data Types
 
 Samba has large amounts of historical code which makes use of data types
 commonly supported by the C99 standard. However, at the time such types
@@ -326,31 +335,31 @@ were forced to provide their own.  Now that these types are guaranteed to
 be available either as part of the compiler C99 support or from
 lib/replace/, new code should adhere to the following conventions:
 
-  * Booleans are of type "bool" (not BOOL)
-  * Boolean values are "true" and "false" (not True or False)
-  * Exact width integers are of type [u]int[8|16|32|64]_t
+  * Booleans are of type `bool` (not `BOOL`)
+  * Boolean values are `true` and `false` (not `True` or `False`)
+  * Exact width integers are of type `[u]int[8|16|32|64]_t`
 
 Most of the time a good name for a boolean variable is 'ok'. Here is an
 example we often use:
 
+```
        bool ok;
 
        ok = foo();
        if (!ok) {
                /* do something */
        }
+```
 
 It makes the code more readable and is easy to debug.
 
-Typedefs
---------
+### Typedefs
 
-Samba tries to avoid "typedef struct { .. } x_t;" so we do always try to use
-"struct x { .. };". We know there are still such typedefs in the code,
+Samba tries to avoid `typedef struct { .. } x_t;` so we do always try to use
+`struct x { .. };`. We know there are still such typedefs in the code,
 but for new code, please don't do that anymore.
 
-Initialize pointers
--------------------
+### Initialize pointers
 
 All pointer variables MUST be initialized to NULL. History has
 demonstrated that uninitialized pointer variables have lead to various
@@ -362,6 +371,7 @@ instructions sequence may change over time.
 
 Good Example:
 
+```
        char *pointer1 = NULL;
        char *pointer2 = NULL;
 
@@ -370,9 +380,11 @@ Good Example:
        ...
 
        pointer1 = some_func1();
+```
 
 Bad Example:
 
+```
        char *pointer1;
        char *pointer2;
 
@@ -381,9 +393,9 @@ Bad Example:
        ...
 
        pointer1 = some_func1();
+```
 
-Make use of helper variables
-----------------------------
+### Make use of helper variables
 
 Please try to avoid passing function calls as function parameters
 in new code. This makes the code much easier to read and
@@ -391,6 +403,7 @@ it's also easier to use the "step" command within gdb.
 
 Good Example:
 
+```
        char *name = NULL;
        int ret;
 
@@ -401,12 +414,15 @@ Good Example:
 
        ret = some_function_my_name(name);
        ...
+```
 
 
 Bad Example:
 
+```
        ret = some_function_my_name(get_some_name());
        ...
+```
 
 Please try to avoid passing function return values to if- or
 while-conditions. The reason for this is better handling of code under a
@@ -414,23 +430,29 @@ debugger.
 
 Good example:
 
+```
        x = malloc(sizeof(short)*10);
        if (x == NULL) {
                fprintf(stderr, "Unable to alloc memory!\n");
        }
+```
 
 Bad example:
 
+```
        if ((x = malloc(sizeof(short)*10)) == NULL ) {
                fprintf(stderr, "Unable to alloc memory!\n");
        }
+```
 
 There are exceptions to this rule. One example is walking a data structure in
 an iterator style:
 
+```
        while ((opt = poptGetNextOpt(pc)) != -1) {
                   ... do something with opt ...
        }
+```
 
 Another exception: DBG messages for example printing a SID or a GUID:
 Here we don't expect any surprise from the printing functions, and the
@@ -439,6 +461,7 @@ rarely exists for this particular use case, and we gain some
 efficiency because the DBG_ macros don't evaluate their arguments if
 the debuglevel is not high enough.
 
+```
        if (!NT_STATUS_IS_OK(status)) {
                struct dom_sid_buf sid_buf;
                struct GUID_txt_buf guid_buf;
@@ -447,27 +470,27 @@ the debuglevel is not high enough.
                    dom_sid_str_buf(objectsid, &sid_buf),
                    GUID_buf_string(&cache->entries[idx], &guid_buf));
        }
+```
 
 But in general, please try to avoid this pattern.
 
 
-Control-Flow changing macros
-----------------------------
+### Control-Flow changing macros
 
-Macros like NT_STATUS_NOT_OK_RETURN that change control flow
-(return/goto/etc) from within the macro are considered bad, because
+Macros like `NT_STATUS_NOT_OK_RETURN` that change control flow
+(`return`/`goto`/etc) from within the macro are considered bad, because
 they look like function calls that never change control flow. Please
 do not use them in new code.
 
 The only exception is the test code that depends repeated use of calls
-like CHECK_STATUS, CHECK_VAL and others.
+like `CHECK_STATUS`, `CHECK_VAL` and others.
 
 
-Error and out logic
--------------------
+### Error and out logic
 
 Don't do this:
 
+```
        frame = talloc_stackframe();
 
        if (ret == LDB_SUCCESS) {
@@ -486,9 +509,11 @@ Don't do this:
 
        TALLOC_FREE(frame);
        return ret;
+```
 
 It should be:
 
+```
        frame = talloc_stackframe();
 
        if (ret != LDB_SUCCESS) {
@@ -510,23 +535,27 @@ It should be:
        *msg = talloc_move(mem_ctx, &match);
        TALLOC_FREE(frame);
        return LDB_SUCCESS;
+```
 
 
-DEBUG statements
-----------------
+### DEBUG statements
 
 Use these following macros instead of DEBUG:
 
-DBG_ERR        log level 0             error conditions
-DBG_WARNING    log level 1             warning conditions
-DBG_NOTICE     log level 3             normal, but significant, condition
-DBG_INFO       log level 5             informational message
-DBG_DEBUG      log level 10            debug-level message
+```
+DBG_ERR         log level 0            error conditions
+DBG_WARNING     log level 1            warning conditions
+DBG_NOTICE      log level 3            normal, but significant, condition
+DBG_INFO        log level 5            informational message
+DBG_DEBUG       log level 10           debug-level message
+```
 
 Example usage:
 
+```
 DBG_ERR("Memory allocation failed\n");
 DBG_DEBUG("Received %d bytes\n", count);
+```
 
 The messages from these macros are automatically prefixed with the
 function name.
index 21678cd8140f578b3880008e4d3a1449cfcd874a..2a44e37f9e835de7e9382fa62c815cabe93d9a98 100644 (file)
@@ -1,16 +1,11 @@
 How to contribute a patch to Samba
 ----------------------------------
 
-Simple, just make the code change, and email it as either a "diff -u"
-change, or as a "git format-patch" change against the original source
-code to samba-technical@lists.samba.org, or attach it to a bug report at
-http://bugzilla.samba.org
-
-For larger code changes, breaking the changes up into a set of simple
-patches, each of which does a single thing, are much easier to review.
-Patch sets like that will most likely have an easier time being merged
-into the Samba code than large single patches that make lots of
-changes in one large diff.
+Please see https://wiki.samba.org/index.php/Contribute
+for detailed set-by-step instructions on how to submit a patch
+for Samba via GitLab.
+
+Samba's GitLab mirror is at https://gitlab.com/samba-team/samba
 
 Ownership of the contributed code
 ---------------------------------
index 15b0b46f8b0613ffcefc6faf383784d130df2d7c..cf55b03bdfdb44523808c5226707ec22769edf7e 100644 (file)
--- a/README.md
+++ b/README.md
@@ -13,10 +13,6 @@ Desktops into Active Directory environments. It can function both as a
 domain controller or as a regular domain member.
 
 
-NOTE: Installation instructions may be found
-      for the file/print server and domain member in:
-      docs/htmldocs/Samba3-HOWTO/install.html
-
 For the AD DC implementation a full HOWTO is provided at:
       https://wiki.samba.org/index.php/Samba4/HOWTO
 
@@ -32,31 +28,17 @@ called COPYING).
 CONTRIBUTIONS
 =============
 
-1. To contribute via GitLab
-  - fork the official Samba team repository on GitLab
-      * see https://gitlab.com/samba-team/samba
-  - become familiar with the coding standards as described in README.Coding
-  - make sure you read the Samba copyright policy
-      * see https://www.samba.org/samba/devel/copyright-policy.html
-  - create a feature branch
-  - make changes
-  - when committing, be sure to add signed-off-by tags
-      * see https://wiki.samba.org/index.php/CodeReview#commit_message_tags
-  - send a merge request for your branch through GitLab
-  - this will send an email to everyone registered on GitLab
-  - discussion happens on the samba-technical mailing list as described below
-  - more info on using Git for Samba development can be found on the Samba Wiki
-      * see https://wiki.samba.org/index.php/Using_Git_for_Samba_Development
-
-2. If you want to contribute to the development of the software then
-please join the mailing list. The Samba team accepts patches
-(preferably in "diff -u" format, see https://www.samba.org/samba/devel/
-for more details) and are always glad to receive feedback or
-suggestions to the address samba@lists.samba.org.  More information
-on the various Samba mailing lists can be found at https://lists.samba.org/.
-
-You can also get the Samba sourcecode straight from the git repository - see
-https://wiki.samba.org/index.php/Using_Git_for_Samba_Development.
+Please see https://wiki.samba.org/index.php/Contribute
+for detailed set-by-step instructions on how to submit a patch
+for Samba via GitLab.
+
+Samba's GitLab mirror is at https://gitlab.com/samba-team/samba
+
+OUR CONTRIBUTORS
+================
+
+See https://www.samba.org/samba/team/ for details of the Samba Team,
+as well as details of all those currently active in Samba development.
 
 If you like a particular feature then look through the git change-log
 (on the web at https://gitweb.samba.org/?p=samba.git;a=summary) and see
@@ -74,16 +56,11 @@ DOCUMENTATION
 -------------
 
 There is quite a bit of documentation included with the package,
-including man pages, and lots of .html files with hints and useful
-info. This is also available from the webpage. There is a growing
-collection of information under docs/.
-
-A list of Samba documentation in languages other than English is
-available on the webpage.
+including man pages and the wiki at https://wiki.samba.org
 
-If you would like to help with the documentation, please coordinate
-on the samba@lists.samba.org mailing list.  See the next section for details
-on subscribing to samba mailing lists.
+If you would like to help with our documentation, please contribute
+that improved content to the wiki, we are moving as much content there
+as possible.
 
 
 MAILING LIST
index 5d3c88c722b18b2345454b6a17ba48d0e20aab56..33dbd30357cd396edcecdeba902f577527c1b4b4 100644 (file)
@@ -13,3 +13,8 @@ Once reported and if warrented by the specific issue, the Samba Team
 will follow the process outlined in
 https://wiki.samba.org/index.php/Samba_Security_Process to produce a
 security release.
+
+## Security releases
+
+See https://www.samba.org/samba/security/ for a list of security patches,
+advisories and releases.
\ No newline at end of file
diff --git a/VERSION b/VERSION
index 9e1f19bc640553def50bb58e796d077c9bd5977a..0c96dc3bc7c48692353da7056426a2b91acb775c 100644 (file)
--- a/VERSION
+++ b/VERSION
@@ -24,7 +24,7 @@
 #  ->  "3.0.0"                                         #
 ########################################################
 SAMBA_VERSION_MAJOR=4
-SAMBA_VERSION_MINOR=13
+SAMBA_VERSION_MINOR=14
 SAMBA_VERSION_RELEASE=0
 
 ########################################################
index e47f0806332bae41b3827e3ede18531d9ad5b6e3..983dc4761fce49522edaed930bce8a7c8b4b0d9d 100644 (file)
@@ -1,7 +1,7 @@
 Release Announcements
 =====================
 
-This is the first preview release of Samba 4.13.  This is *not*
+This is the first pre release of Samba 4.14.  This is *not*
 intended for production environments and is designed for testing
 purposes only.  Please report any defects via the Samba bug reporting
 system at https://bugzilla.samba.org/.
@@ -16,57 +16,96 @@ UPGRADING
 NEW FEATURES/CHANGES
 ====================
 
-Python 3.6 Required
+
+Client Group Policy
 -------------------
+This release extends Samba to support Group Policy functionality for Winbind
+clients. Active Directory Administrators can set policies that apply Sudoers
+configuration, and cron jobs to run hourly, daily, weekly or monthly.
+
+To enable the application of Group Policies on a client, set the global
+smb.conf option 'apply group policies' to 'yes'. Policies are applied on an
+interval of every 90 minutes, plus a random offset between 0 and 30 minutes.
+
+Policies applied by Samba are 'non-tattooing', meaning that changes can be
+reverted by executing the `samba-gpupdate --unapply` command. Policies can be
+re-applied using the `samba-gpupdate --force` command.
+To view what policies have been or will be applied to a system, use the
+`samba-gpupdate --rsop` command.
+
+Administration of Samba policy requires that a Samba ADMX template be uploaded
+to the SYSVOL share. The samba-tool command `samba-tool gpo admxload` is
+provided as a convenient method for adding this policy. Once uploaded, policies
+can be modified in the Group Policy Management Editor under Computer
+Configuration/Policies/Administrative Templates.
+
+CTDB CHANGES
+============
+
+* The NAT gateway and LVS features now uses the term "leader" to refer
+  to the main node in a group through which traffic is routed and
+  "follower" for other members of a group.  The command for
+  determining the leader has changed to "ctdb natgw leader" (from
+  "ctdb natgw master").  The configuration keyword for indicating that
+  a node can not be the leader of a group has changed to
+  "follower-only" (from "slave-only").  Identical changes were made
+  for LVS.
+
+* Remove "ctdb isnotrecmaster" command.  It isn't used by CTDB's
+  scripts and can be checked by users with "ctdb pnn" and "ctdb
+  recmaster".
+
+Python 3.6 or later required
+----------------------------
 
 Samba's minimum runtime requirement for python was raised to Python
-3.5 with samba 4.12.  Samba 4.13 raises this minimum version to Python
-3.6 both to access new features and because this is the oldest version
-we test with in our CI infrastructure.
-
-(Build time support for the file server with Python 2.6 has not
-changed)
-
-wide links functionality
-------------------------
-
-For this release, the code implementing the insecure "wide links = yes"
-functionality has been moved out of the core smbd code and into a separate
-VFS module, vfs_widelinks. Currently this vfs module is implicitly loaded
-by smbd as the last but one module before vfs_default if "wide links = yes"
-is enabled on the share (note, the existing restrictions on enabling wide
-links around the SMB1 "unix extensions" and the "allow insecure wide links"
-parameters are still in force). The implicit loading was done to allow
-existing users of "wide links = yes" to keep this functionality without
-having to make a change to existing working smb.conf files.
-
-Please note that the Samba developers recommend changing any Samba
-installations that currently use "wide links = yes" to use bind mounts
-as soon as possible, as "wide links = yes" is an inherently insecure
-configuration which we would like to remove from Samba. Moving the
-feature into a VFS module allows this to be done in a cleaner way
-in future.
-
-A future release to be determined will remove this implicit linkage,
-causing administrators who need this functionality to have to explicitly
-add the vfs_widelinks module into the "vfs objects =" parameter lists.
-The release notes will be updated to note this change when it occurs.
+3.6 with samba 4.13.  Samba 4.14 raises this minimum version to Python
+3.6 also to build Samba. It is no longer possible to build Samba
+(even just the file server) with Python versions 2.6 and 2.7.
+
+As Python 2.7 has been End Of Life upstream since April 2020, Samba
+is dropping ALL Python 2.x support in this release.
+
+
+NT4-like 'classic' Samba domain controllers
+-------------------------------------------
+
+Samba 4.13 deprecates Samba's original domain controller mode.
+
+Sites using Samba as a Domain Controller should upgrade from the
+NT4-like 'classic' Domain Controller to a Samba Active Directory DC
+to ensure full operation with modern windows clients.
+
+SMBv1 only protocol options deprecated
+--------------------------------------
+
+A number of smb.conf parameters for less-secure authentication methods
+which are only possible over SMBv1 are deprecated in this release.
 
 REMOVED FEATURES
 ================
 
+The deprecated "ldap ssl ads" smb.conf option has been removed.
 
 smb.conf changes
 ================
 
   Parameter Name                     Description                Default
   --------------                     -----------                -------
+  ldap ssl ads                       removed
+  domain logons                      Deprecated                 no
+  raw NTLMv2 auth                    Deprecated                 no
+  client plaintext auth              Deprecated                 no
+  client NTLMv2 auth                 Deprecated                 yes
+  client lanman auth                 Deprecated                 no
+  client use spnego                  Deprecated                 yes
+
 
 
 KNOWN ISSUES
 ============
 
-https://wiki.samba.org/index.php/Release_Planning_for_Samba_4.13#Release_blocking_bugs
+https://wiki.samba.org/index.php/Release_Planning_for_Samba_4.14#Release_blocking_bugs
 
 
 #######################################
index 81f9dbb9eb3a6aafb70bf1c69bd80f0280e26899..77c35dd104b593113bcc58a9841e48bd54018c2f 100644 (file)
@@ -44,9 +44,43 @@ _PUBLIC_ struct cli_credentials *cli_credentials_init(TALLOC_CTX *mem_ctx)
 
        cred->winbind_separator = '\\';
 
+       cred->signing_state = SMB_SIGNING_DEFAULT;
+
+       /*
+        * The default value of lpcfg_client_ipc_signing() is REQUIRED, so use
+        * the same value here.
+        */
+       cred->ipc_signing_state = SMB_SIGNING_REQUIRED;
+       cred->encryption_state = SMB_ENCRYPTION_DEFAULT;
+
        return cred;
 }
 
+_PUBLIC_
+struct cli_credentials *cli_credentials_init_server(TALLOC_CTX *mem_ctx,
+                                                   struct loadparm_context *lp_ctx)
+{
+       struct cli_credentials *server_creds = NULL;
+       NTSTATUS status;
+
+       server_creds = cli_credentials_init(mem_ctx);
+       if (server_creds == NULL) {
+               return NULL;
+       }
+
+       cli_credentials_set_conf(server_creds, lp_ctx);
+
+       status = cli_credentials_set_machine_account(server_creds, lp_ctx);
+       if (!NT_STATUS_IS_OK(status)) {
+               DEBUG(1, ("Failed to obtain server credentials: %s\n",
+                         nt_errstr(status)));
+               TALLOC_FREE(server_creds);
+               return NULL;
+       }
+
+       return server_creds;
+}
+
 _PUBLIC_ void cli_credentials_set_callback_data(struct cli_credentials *cred,
                                                void *callback_data)
 {
@@ -902,12 +936,12 @@ _PUBLIC_ void cli_credentials_set_conf(struct cli_credentials *cred,
        if (lpcfg_parm_is_cmdline(lp_ctx, "workgroup")) {
                cli_credentials_set_domain(cred, lpcfg_workgroup(lp_ctx), CRED_SPECIFIED);
        } else {
-               cli_credentials_set_domain(cred, lpcfg_workgroup(lp_ctx), CRED_UNINITIALISED);
+               cli_credentials_set_domain(cred, lpcfg_workgroup(lp_ctx), CRED_SMB_CONF);
        }
        if (lpcfg_parm_is_cmdline(lp_ctx, "netbios name")) {
                cli_credentials_set_workstation(cred, lpcfg_netbios_name(lp_ctx), CRED_SPECIFIED);
        } else {
-               cli_credentials_set_workstation(cred, lpcfg_netbios_name(lp_ctx), CRED_UNINITIALISED);
+               cli_credentials_set_workstation(cred, lpcfg_netbios_name(lp_ctx), CRED_SMB_CONF);
        }
        if (realm != NULL && strlen(realm) == 0) {
                realm = NULL;
@@ -915,13 +949,31 @@ _PUBLIC_ void cli_credentials_set_conf(struct cli_credentials *cred,
        if (lpcfg_parm_is_cmdline(lp_ctx, "realm")) {
                cli_credentials_set_realm(cred, realm, CRED_SPECIFIED);
        } else {
-               cli_credentials_set_realm(cred, realm, CRED_UNINITIALISED);
+               cli_credentials_set_realm(cred, realm, CRED_SMB_CONF);
        }
 
        sep = lpcfg_winbind_separator(lp_ctx);
        if (sep != NULL && sep[0] != '\0') {
                cred->winbind_separator = *lpcfg_winbind_separator(lp_ctx);
        }
+
+       if (cred->signing_state_obtained <= CRED_SMB_CONF) {
+               /* Will be set to default for invalid smb.conf values */
+               cred->signing_state = lpcfg_client_signing(lp_ctx);
+               cred->signing_state_obtained = CRED_SMB_CONF;
+       }
+
+       if (cred->ipc_signing_state_obtained <= CRED_SMB_CONF) {
+               /* Will be set to required for invalid smb.conf values */
+               cred->ipc_signing_state = lpcfg_client_ipc_signing(lp_ctx);
+               cred->ipc_signing_state_obtained = CRED_SMB_CONF;
+       }
+
+       if (cred->encryption_state_obtained <= CRED_SMB_CONF) {
+               /* Will be set to default for invalid smb.conf values */
+               cred->encryption_state = lpcfg_client_smb_encrypt(lp_ctx);
+               cred->encryption_state_obtained = CRED_SMB_CONF;
+       }
 }
 
 /**
@@ -1304,6 +1356,120 @@ _PUBLIC_ bool cli_credentials_parse_password_fd(struct cli_credentials *credenti
        return true;
 }
 
+/**
+ * @brief Set the SMB signing state to request for a SMB connection.
+ *
+ * @param[in]  creds          The credentials structure to update.
+ *
+ * @param[in]  signing_state  The signing state to set.
+ *
+ * @param obtained            This way the described signing state was specified.
+ *
+ * @return true if we could set the signing state, false otherwise.
+ */
+_PUBLIC_ bool cli_credentials_set_smb_signing(struct cli_credentials *creds,
+                                             enum smb_signing_setting signing_state,
+                                             enum credentials_obtained obtained)
+{
+       if (obtained >= creds->signing_state_obtained) {
+               creds->signing_state_obtained = obtained;
+               creds->signing_state = signing_state;
+               return true;
+       }
+
+       return false;
+}
+
+/**
+ * @brief Obtain the SMB signing state from a credentials structure.
+ *
+ * @param[in]  creds  The credential structure to obtain the SMB signing state
+ *                    from.
+ *
+ * @return The SMB singing state.
+ */
+_PUBLIC_ enum smb_signing_setting
+cli_credentials_get_smb_signing(struct cli_credentials *creds)
+{
+       return creds->signing_state;
+}
+
+/**
+ * @brief Set the SMB IPC signing state to request for a SMB connection.
+ *
+ * @param[in]  creds          The credentials structure to update.
+ *
+ * @param[in]  signing_state  The signing state to set.
+ *
+ * @param obtained            This way the described signing state was specified.
+ *
+ * @return true if we could set the signing state, false otherwise.
+ */
+_PUBLIC_ bool
+cli_credentials_set_smb_ipc_signing(struct cli_credentials *creds,
+                                   enum smb_signing_setting ipc_signing_state,
+                                   enum credentials_obtained obtained)
+{
+       if (obtained >= creds->ipc_signing_state_obtained) {
+               creds->ipc_signing_state_obtained = obtained;
+               creds->ipc_signing_state = ipc_signing_state;
+               return true;
+       }
+
+       return false;
+}
+
+/**
+ * @brief Obtain the SMB IPC signing state from a credentials structure.
+ *
+ * @param[in]  creds  The credential structure to obtain the SMB IPC signing
+ *                    state from.
+ *
+ * @return The SMB singing state.
+ */
+_PUBLIC_ enum smb_signing_setting
+cli_credentials_get_smb_ipc_signing(struct cli_credentials *creds)
+{
+       return creds->ipc_signing_state;
+}
+
+/**
+ * @brief Set the SMB encryption state to request for a SMB connection.
+ *
+ * @param[in]  creds  The credentials structure to update.
+ *
+ * @param[in]  encryption_state  The encryption state to set.
+ *
+ * @param obtained  This way the described encryption state was specified.
+ *
+ * @return true if we could set the encryption state, false otherwise.
+ */
+_PUBLIC_ bool cli_credentials_set_smb_encryption(struct cli_credentials *creds,
+                                                enum smb_encryption_setting encryption_state,
+                                                enum credentials_obtained obtained)
+{
+       if (obtained >= creds->encryption_state_obtained) {
+               creds->encryption_state_obtained = obtained;
+               creds->encryption_state = encryption_state;
+               return true;
+       }
+
+       return false;
+}
+
+/**
+ * @brief Obtain the SMB encryption state from a credentials structure.
+ *
+ * @param[in]  creds  The credential structure to obtain the SMB encryption state
+ *                    from.
+ *
+ * @return The SMB singing state.
+ */
+_PUBLIC_ enum smb_encryption_setting
+cli_credentials_get_smb_encryption(struct cli_credentials *creds)
+{
+       return creds->encryption_state;
+}
 
 /**
  * Encrypt a data blob using the session key and the negotiated encryption
index 9fe6a82b1ead5a56f06d830a39c3023d6ac5a956..4c1406157513861afc8a06e0355462681c1f4ee6 100644 (file)
@@ -38,10 +38,13 @@ struct gssapi_creds_container;
 struct smb_krb5_context;
 struct keytab_container;
 struct db_context;
+enum smb_signing_setting;
+enum smb_encryption_setting;
 
 /* In order of priority */
 enum credentials_obtained { 
        CRED_UNINITIALISED = 0,  /* We don't even have a guess yet */
+       CRED_SMB_CONF,           /* Current value should be used, which comes from smb.conf */
        CRED_CALLBACK,           /* Callback should be used to obtain value */
        CRED_GUESS_ENV,          /* Current value should be used, which was guessed */
        CRED_GUESS_FILE,         /* A guess from a file (or file pointed at in env variable) */
@@ -52,7 +55,7 @@ enum credentials_obtained {
 enum credentials_use_kerberos {
        CRED_AUTO_USE_KERBEROS = 0, /* Default, we try kerberos if available */
        CRED_DONT_USE_KERBEROS,     /* Sometimes trying kerberos just does 'bad things', so don't */
-       CRED_MUST_USE_KERBEROS      /* Sometimes administrators are parinoid, so always do kerberos */
+       CRED_MUST_USE_KERBEROS      /* Sometimes administrators are paranoid, so always do kerberos */
 };
 
 enum credentials_krb_forwardable {
@@ -73,6 +76,8 @@ bool cli_credentials_set_workstation(struct cli_credentials *cred,
                                     enum credentials_obtained obtained);
 bool cli_credentials_is_anonymous(struct cli_credentials *cred);
 struct cli_credentials *cli_credentials_init(TALLOC_CTX *mem_ctx);
+struct cli_credentials *cli_credentials_init_server(TALLOC_CTX *mem_ctx,
+                                                   struct loadparm_context *lp_ctx);
 void cli_credentials_set_anonymous(struct cli_credentials *cred);
 bool cli_credentials_wrong_password(struct cli_credentials *cred);
 const char *cli_credentials_get_password(struct cli_credentials *cred);
@@ -289,6 +294,24 @@ void *_cli_credentials_callback_data(struct cli_credentials *cred);
 #define cli_credentials_callback_data_void(_cred) \
        _cli_credentials_callback_data(_cred)
 
+bool cli_credentials_set_smb_signing(struct cli_credentials *cred,
+                                    enum smb_signing_setting signing_state,
+                                    enum credentials_obtained obtained);
+enum smb_signing_setting
+cli_credentials_get_smb_signing(struct cli_credentials *cred);
+
+bool cli_credentials_set_smb_ipc_signing(struct cli_credentials *cred,
+                                        enum smb_signing_setting ipc_signing_state,
+                                        enum credentials_obtained obtained);
+enum smb_signing_setting
+cli_credentials_get_smb_ipc_signing(struct cli_credentials *cred);
+
+bool cli_credentials_set_smb_encryption(struct cli_credentials *cred,
+                                       enum smb_encryption_setting encryption_state,
+                                       enum credentials_obtained obtained);
+enum smb_encryption_setting
+cli_credentials_get_smb_encryption(struct cli_credentials *cred);
+
 /**
  * Return attached NETLOGON credentials 
  */
index 68f1f25dce1c7952f3e45a075461b2082755daf0..3b86b7424481c227e4a1a50a606bde69039b22ff 100644 (file)
@@ -24,6 +24,7 @@
 
 #include "../lib/util/data_blob.h"
 #include "librpc/gen_ndr/misc.h"
+#include "libcli/smb/smb_constants.h"
 
 struct cli_credentials {
        enum credentials_obtained workstation_obtained;
@@ -36,6 +37,9 @@ struct cli_credentials {
        enum credentials_obtained principal_obtained;
        enum credentials_obtained keytab_obtained;
        enum credentials_obtained server_gss_creds_obtained;
+       enum credentials_obtained signing_state_obtained;
+       enum credentials_obtained ipc_signing_state_obtained;
+       enum credentials_obtained encryption_state_obtained;
 
        /* Threshold values (essentially a MAX() over a number of the
         * above) for the ccache and GSS credentials, to ensure we
@@ -117,6 +121,12 @@ struct cli_credentials {
        char winbind_separator;
 
        bool password_will_be_nt_hash;
+
+       enum smb_signing_setting signing_state;
+
+       enum smb_signing_setting ipc_signing_state;
+
+       enum smb_encryption_setting encryption_state;
 };
 
 #endif /* __CREDENTIALS_INTERNAL_H__ */
index 20e677e521a867bbaf1db30ed26515e058ee1b7e..c321f7131302b5a0081b8149d54003ab5b5241b7 100644 (file)
@@ -27,7 +27,6 @@
 #include "auth/kerberos/kerberos.h"
 #include "auth/credentials/credentials.h"
 #include "auth/credentials/credentials_internal.h"
-#include "auth/credentials/credentials_proto.h"
 #include "auth/credentials/credentials_krb5.h"
 #include "auth/kerberos/kerberos_credentials.h"
 #include "auth/kerberos/kerberos_srv_keytab.h"
@@ -39,6 +38,8 @@
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_AUTH
 
+#undef strncasecmp
+
 static void cli_credentials_invalidate_client_gss_creds(
                                        struct cli_credentials *cred,
                                        enum credentials_obtained obtained);
index 54f3ce2d0780389f019e1168e3f943eef5bbe218..52a89d4d5b47c3da4b75c02dcd9ee6815e500c79 100644 (file)
@@ -29,7 +29,6 @@
 #include "system/filesys.h"
 #include "auth/credentials/credentials.h"
 #include "auth/credentials/credentials_internal.h"
-#include "auth/credentials/credentials_proto.h"
 #include "auth/credentials/credentials_krb5.h"
 #include "auth/kerberos/kerberos_util.h"
 #include "param/param.h"
index fad07b84ba7eae0e95f2dff125763ffb8230b050..17c90573f0902908ca1a2c5dc45f98aaf99f037b 100644 (file)
@@ -34,6 +34,7 @@
 #include "auth/credentials/credentials_internal.h"
 #include "system/kerberos.h"
 #include "auth/kerberos/kerberos.h"
+#include "libcli/smb/smb_constants.h"
 
 void initcredentials(void);
 
@@ -620,6 +621,42 @@ static PyObject *py_creds_set_forced_sasl_mech(PyObject *self, PyObject *args)
        Py_RETURN_NONE;
 }
 
+static PyObject *py_creds_set_conf(PyObject *self, PyObject *args)
+{
+       PyObject *py_lp_ctx = Py_None;
+       struct loadparm_context *lp_ctx;
+       TALLOC_CTX *mem_ctx;
+       struct cli_credentials *creds;
+
+       creds = PyCredentials_AsCliCredentials(self);
+       if (creds == NULL) {
+               PyErr_Format(PyExc_TypeError, "Credentials expected");
+               return NULL;
+       }
+
+       if (!PyArg_ParseTuple(args, "|O", &py_lp_ctx)) {
+               return NULL;
+       }
+
+       mem_ctx = talloc_new(NULL);
+       if (mem_ctx == NULL) {
+               PyErr_NoMemory();
+               return NULL;
+       }
+
+       lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
+       if (lp_ctx == NULL) {
+               talloc_free(mem_ctx);
+               return NULL;
+       }
+
+       cli_credentials_set_conf(creds, lp_ctx);
+
+       talloc_free(mem_ctx);
+
+       Py_RETURN_NONE;
+}
+
 static PyObject *py_creds_guess(PyObject *self, PyObject *args)
 {
        PyObject *py_lp_ctx = Py_None;
@@ -929,6 +966,144 @@ static PyObject *py_creds_encrypt_netr_crypt_password(PyObject *self,
        Py_RETURN_NONE;
 }
 
+static PyObject *py_creds_get_smb_signing(PyObject *self, PyObject *unused)
+{
+       enum smb_signing_setting signing_state;
+       struct cli_credentials *creds = NULL;
+
+       creds = PyCredentials_AsCliCredentials(self);
+       if (creds == NULL) {
+               PyErr_Format(PyExc_TypeError, "Credentials expected");
+               return NULL;
+       }
+
+       signing_state = cli_credentials_get_smb_signing(creds);
+       return PyLong_FromLong(signing_state);
+}
+
+static PyObject *py_creds_set_smb_signing(PyObject *self, PyObject *args)
+{
+       enum smb_signing_setting signing_state;
+       struct cli_credentials *creds = NULL;
+       enum credentials_obtained obt = CRED_SPECIFIED;
+
+       creds = PyCredentials_AsCliCredentials(self);
+       if (creds == NULL) {
+               PyErr_Format(PyExc_TypeError, "Credentials expected");
+               return NULL;
+       }
+       if (!PyArg_ParseTuple(args, "i|i", &signing_state, &obt)) {
+               return NULL;
+       }
+
+       switch (signing_state) {
+       case SMB_SIGNING_DEFAULT:
+       case SMB_SIGNING_OFF:
+       case SMB_SIGNING_IF_REQUIRED:
+       case SMB_SIGNING_DESIRED:
+       case SMB_SIGNING_REQUIRED:
+               break;
+       default:
+               PyErr_Format(PyExc_TypeError, "Invalid signing state value");
+               return NULL;
+       }
+
+       cli_credentials_set_smb_signing(creds, signing_state, obt);
+       Py_RETURN_NONE;
+}
+
+static PyObject *py_creds_get_smb_ipc_signing(PyObject *self, PyObject *unused)
+{
+       enum smb_signing_setting signing_state;
+       struct cli_credentials *creds = NULL;
+
+       creds = PyCredentials_AsCliCredentials(self);
+       if (creds == NULL) {
+               PyErr_Format(PyExc_TypeError, "Credentials expected");
+               return NULL;
+       }
+
+       signing_state = cli_credentials_get_smb_ipc_signing(creds);
+       return PyLong_FromLong(signing_state);
+}
+
+static PyObject *py_creds_set_smb_ipc_signing(PyObject *self, PyObject *args)
+{
+       enum smb_signing_setting signing_state;
+       struct cli_credentials *creds = NULL;
+       enum credentials_obtained obt = CRED_SPECIFIED;
+
+       creds = PyCredentials_AsCliCredentials(self);
+       if (creds == NULL) {
+               PyErr_Format(PyExc_TypeError, "Credentials expected");
+               return NULL;
+       }
+       if (!PyArg_ParseTuple(args, "i|i", &signing_state, &obt)) {
+               return NULL;
+       }
+
+       switch (signing_state) {
+       case SMB_SIGNING_DEFAULT:
+       case SMB_SIGNING_OFF:
+       case SMB_SIGNING_IF_REQUIRED:
+       case SMB_SIGNING_DESIRED:
+       case SMB_SIGNING_REQUIRED:
+               break;
+       default:
+               PyErr_Format(PyExc_TypeError, "Invalid signing state value");
+               return NULL;
+       }
+
+       cli_credentials_set_smb_ipc_signing(creds, signing_state, obt);
+       Py_RETURN_NONE;
+}
+
+static PyObject *py_creds_get_smb_encryption(PyObject *self, PyObject *unused)
+{
+       enum smb_encryption_setting encryption_state;
+       struct cli_credentials *creds = NULL;
+
+       creds = PyCredentials_AsCliCredentials(self);
+       if (creds == NULL) {
+               PyErr_Format(PyExc_TypeError, "Credentials expected");
+               return NULL;
+       }
+
+       encryption_state = cli_credentials_get_smb_encryption(creds);
+       return PyLong_FromLong(encryption_state);
+}
+
+static PyObject *py_creds_set_smb_encryption(PyObject *self, PyObject *args)
+{
+       enum smb_encryption_setting encryption_state;
+       struct cli_credentials *creds = NULL;
+       enum credentials_obtained obt = CRED_SPECIFIED;
+
+       creds = PyCredentials_AsCliCredentials(self);
+       if (creds == NULL) {
+               PyErr_Format(PyExc_TypeError, "Credentials expected");
+               return NULL;
+       }
+       if (!PyArg_ParseTuple(args, "i|i", &encryption_state, &obt)) {
+               return NULL;
+       }
+
+       switch (encryption_state) {
+       case SMB_ENCRYPTION_DEFAULT:
+       case SMB_ENCRYPTION_OFF:
+       case SMB_ENCRYPTION_IF_REQUIRED:
+       case SMB_ENCRYPTION_DESIRED:
+       case SMB_ENCRYPTION_REQUIRED:
+               break;
+       default:
+               PyErr_Format(PyExc_TypeError, "Invalid encryption state value");
+               return NULL;
+       }
+
+       cli_credentials_set_smb_encryption(creds, encryption_state, obt);
+       Py_RETURN_NONE;
+}
+
 static PyMethodDef py_creds_methods[] = {
        {
                .ml_name  = "get_username",
@@ -1140,6 +1315,11 @@ static PyMethodDef py_creds_methods[] = {
                .ml_meth  = py_creds_set_krb_forwardable,
                .ml_flags = METH_VARARGS,
        },
+       {
+               .ml_name  = "set_conf",
+               .ml_meth  = py_creds_set_conf,
+               .ml_flags = METH_VARARGS,
+       },
        {
                .ml_name  = "guess",
                .ml_meth  = py_creds_guess,
@@ -1209,6 +1389,36 @@ static PyMethodDef py_creds_methods[] = {
                            "Encrypt the supplied password using the session key and\n"
                            "the negotiated encryption algorithm in place\n"
                            "i.e. it overwrites the original data"},
+       {
+               .ml_name  = "get_smb_signing",
+               .ml_meth  = py_creds_get_smb_signing,
+               .ml_flags = METH_NOARGS,
+       },
+       {
+               .ml_name  = "set_smb_signing",
+               .ml_meth  = py_creds_set_smb_signing,
+               .ml_flags = METH_VARARGS,
+       },
+       {
+               .ml_name  = "get_smb_ipc_signing",
+               .ml_meth  = py_creds_get_smb_ipc_signing,
+               .ml_flags = METH_NOARGS,
+       },
+       {
+               .ml_name  = "set_smb_ipc_signing",
+               .ml_meth  = py_creds_set_smb_ipc_signing,
+               .ml_flags = METH_VARARGS,
+       },
+       {
+               .ml_name  = "get_smb_encryption",
+               .ml_meth  = py_creds_get_smb_encryption,
+               .ml_flags = METH_NOARGS,
+       },
+       {
+               .ml_name  = "set_smb_encryption",
+               .ml_meth  = py_creds_set_smb_encryption,
+               .ml_flags = METH_VARARGS,
+       },
        { .ml_name = NULL }
 };
 
@@ -1252,7 +1462,7 @@ static PyObject *py_ccache_name(PyObject *self, PyObject *unused)
 static PyMethodDef py_ccache_container_methods[] = {
        { "get_name", py_ccache_name, METH_NOARGS,
          "S.get_name() -> name\nObtain KRB5 credentials cache name." },
-       { NULL }
+       {0}
 };
 
 PyTypeObject PyCredentialCacheContainer = {
@@ -1275,6 +1485,7 @@ MODULE_INIT_FUNC(credentials)
                return NULL;
 
        PyModule_AddObject(m, "UNINITIALISED", PyLong_FromLong(CRED_UNINITIALISED));
+       PyModule_AddObject(m, "SMB_CONF", PyLong_FromLong(CRED_SMB_CONF));
        PyModule_AddObject(m, "CALLBACK", PyLong_FromLong(CRED_CALLBACK));
        PyModule_AddObject(m, "GUESS_ENV", PyLong_FromLong(CRED_GUESS_ENV));
        PyModule_AddObject(m, "GUESS_FILE", PyLong_FromLong(CRED_GUESS_FILE));
@@ -1294,6 +1505,18 @@ MODULE_INIT_FUNC(credentials)
        PyModule_AddObject(m, "CLI_CRED_NTLM_AUTH", PyLong_FromLong(CLI_CRED_NTLM_AUTH));
        PyModule_AddObject(m, "CLI_CRED_CLEAR_AUTH", PyLong_FromLong(CLI_CRED_CLEAR_AUTH));
 
+       PyModule_AddObject(m, "SMB_SIGNING_DEFAULT", PyLong_FromLong(SMB_SIGNING_DEFAULT));
+       PyModule_AddObject(m, "SMB_SIGNING_OFF", PyLong_FromLong(SMB_SIGNING_OFF));
+       PyModule_AddObject(m, "SMB_SIGNING_IF_REQUIRED", PyLong_FromLong(SMB_SIGNING_IF_REQUIRED));
+       PyModule_AddObject(m, "SMB_SIGNING_DESIRED", PyLong_FromLong(SMB_SIGNING_DESIRED));
+       PyModule_AddObject(m, "SMB_SIGNING_REQUIRED", PyLong_FromLong(SMB_SIGNING_REQUIRED));
+
+       PyModule_AddObject(m, "SMB_ENCRYPTION_DEFAULT", PyLong_FromLong(SMB_ENCRYPTION_DEFAULT));
+       PyModule_AddObject(m, "SMB_ENCRYPTION_OFF", PyLong_FromLong(SMB_ENCRYPTION_OFF));
+       PyModule_AddObject(m, "SMB_ENCRYPTION_IF_REQUIRED", PyLong_FromLong(SMB_ENCRYPTION_IF_REQUIRED));
+       PyModule_AddObject(m, "SMB_ENCRYPTION_DESIRED", PyLong_FromLong(SMB_ENCRYPTION_DESIRED));
+       PyModule_AddObject(m, "SMB_ENCRYPTION_REQUIRED", PyLong_FromLong(SMB_ENCRYPTION_REQUIRED));
+
        Py_INCREF(&PyCredentials);
        PyModule_AddObject(m, "Credentials", (PyObject *)&PyCredentials);
        Py_INCREF(&PyCredentialCacheContainer);
index f5aba1de248e4c58a300327cbd72b3998de5e23e..1e3302e3e487cd4f6ea0891b727d63b9b27cc51c 100644 (file)
@@ -2,11 +2,10 @@
 
 bld.SAMBA_LIBRARY('samba-credentials',
        source='credentials.c',
-       autoproto='credentials_proto.h',
        public_headers='credentials.h',
        pc_files='samba-credentials.pc',
        deps='LIBCRYPTO samba-errors events LIBCLI_AUTH samba-security CREDENTIALS_SECRETS CREDENTIALS_KRB5',
-       vnum='0.0.1'
+       vnum='0.1.0'
        )
 
 bld.SAMBA_SUBSYSTEM('CREDENTIALS_KRB5',
index becf4ce86857a24a6f4e1e0e0e01d3e54c0029e2..3641d4ba65e795edee1d114be7adefb19244929e 100644 (file)
@@ -627,7 +627,7 @@ _PUBLIC_ bool gensec_have_feature(struct gensec_security *gensec_security,
        }
 
        /* We might 'have' features that we don't 'want', because the
-        * other end demanded them, or we can't neotiate them off */
+        * other end demanded them, or we can't negotiate them off */
        return gensec_security->ops->have_feature(gensec_security, feature);
 }
 
index d424067d02c8fb25e08fdf36a3413d17aeb41ce0..8bece3c34585ee8fb8541e639b7f280a3e3a4e8b 100644 (file)
@@ -302,12 +302,11 @@ NTSTATUS gensec_wrap(struct gensec_security *gensec_security,
 
 const struct gensec_security_ops * const *gensec_security_all(void);
 bool gensec_security_ops_enabled(const struct gensec_security_ops *ops, struct gensec_security *security);
-const struct gensec_security_ops **gensec_use_kerberos_mechs(TALLOC_CTX *mem_ctx,
-                       const struct gensec_security_ops * const *old_gensec_list,
-                       struct cli_credentials *creds);
 
 NTSTATUS gensec_start_mech_by_sasl_name(struct gensec_security *gensec_security,
                                        const char *sasl_name);
+const char **gensec_security_sasl_names(struct gensec_security *gensec_security,
+                                       TALLOC_CTX *mem_ctx);
 
 int gensec_setting_int(struct gensec_settings *settings, const char *mechanism, const char *name, int default_value);
 bool gensec_setting_bool(struct gensec_settings *settings, const char *mechanism, const char *name, bool default_value);
index d2d62d6652e6071c15ed5bf5b8616ac492546722..4996e13e027a0eedaea17e5b3002ef4bb0eef027 100644 (file)
@@ -37,6 +37,8 @@
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_AUTH
 
+#undef strcasecmp
+
 /* the list of currently registered GENSEC backends */
 static const struct gensec_security_ops **generic_security_ops;
 static int gensec_num_backends;
@@ -83,21 +85,14 @@ bool gensec_security_ops_enabled(const struct gensec_security_ops *ops, struct g
  * more compplex.
  */
 
-_PUBLIC_ const struct gensec_security_ops **gensec_use_kerberos_mechs(TALLOC_CTX *mem_ctx,
-                       const struct gensec_security_ops * const *old_gensec_list,
-                       struct cli_credentials *creds)
+static const struct gensec_security_ops **gensec_use_kerberos_mechs(
+               TALLOC_CTX *mem_ctx,
+               const struct gensec_security_ops * const *old_gensec_list,
+               enum credentials_use_kerberos use_kerberos,
+               bool keep_schannel)
 {
        const struct gensec_security_ops **new_gensec_list;
        int i, j, num_mechs_in;
-       enum credentials_use_kerberos use_kerberos = CRED_AUTO_USE_KERBEROS;
-       bool keep_schannel = false;
-
-       if (creds) {
-               use_kerberos = cli_credentials_get_kerberos_state(creds);
-               if (cli_credentials_get_netlogon_creds(creds) != NULL) {
-                       keep_schannel = true;
-               }
-       }
 
        for (num_mechs_in=0; old_gensec_list && old_gensec_list[num_mechs_in]; num_mechs_in++) {
                /* noop */
@@ -162,18 +157,37 @@ _PUBLIC_ const struct gensec_security_ops **gensec_security_mechs(
                                struct gensec_security *gensec_security,
                                TALLOC_CTX *mem_ctx)
 {
-       struct cli_credentials *creds = NULL;
        const struct gensec_security_ops * const *backends = gensec_security_all();
+       enum credentials_use_kerberos use_kerberos = CRED_AUTO_USE_KERBEROS;
+       bool keep_schannel = false;
 
        if (gensec_security != NULL) {
+               struct cli_credentials *creds = NULL;
+
                creds = gensec_get_credentials(gensec_security);
+               if (creds != NULL) {
+                       use_kerberos = cli_credentials_get_kerberos_state(creds);
+                       if (cli_credentials_get_netlogon_creds(creds) != NULL) {
+                               keep_schannel = true;
+                       }
+
+                       /*
+                        * Even if Kerberos is set to REQUIRED, keep the
+                        * schannel auth mechanism that machine accounts are
+                        * able to authenticate via netlogon.
+                        */
+                       if (gensec_security->gensec_role == GENSEC_SERVER) {
+                               keep_schannel = true;
+                       }
+               }
 
                if (gensec_security->settings->backends) {
                        backends = gensec_security->settings->backends;
                }
        }
 
-       return gensec_use_kerberos_mechs(mem_ctx, backends, creds);
+       return gensec_use_kerberos_mechs(mem_ctx, backends,
+                                        use_kerberos, keep_schannel);
 
 }
 
@@ -299,6 +313,93 @@ const struct gensec_security_ops *gensec_security_by_name(struct gensec_security
        return NULL;
 }
 
+static const char **gensec_security_sasl_names_from_ops(
+       struct gensec_security *gensec_security,
+       TALLOC_CTX *mem_ctx,
+       const struct gensec_security_ops * const *ops)
+{
+       const char **sasl_names = NULL;
+       size_t i, sasl_names_count = 0;
+
+       if (ops == NULL) {
+               return NULL;
+       }
+
+       sasl_names = talloc_array(mem_ctx, const char *, 1);
+       if (sasl_names == NULL) {
+               return NULL;
+       }
+
+       for (i = 0; ops[i] != NULL; i++) {
+               enum gensec_role role = GENSEC_SERVER;
+               const char **tmp = NULL;
+
+               if (ops[i]->sasl_name == NULL) {
+                       continue;
+               }
+
+               if (gensec_security != NULL) {
+                       if (!gensec_security_ops_enabled(ops[i],
+                                                        gensec_security)) {
+                               continue;
+                       }
+
+                       role = gensec_security->gensec_role;
+               }
+
+               switch (role) {
+               case GENSEC_CLIENT:
+                       if (ops[i]->client_start == NULL) {
+                               continue;
+                       }
+                       break;
+               case GENSEC_SERVER:
+                       if (ops[i]->server_start == NULL) {
+                               continue;
+                       }
+                       break;
+               }
+
+               tmp = talloc_realloc(mem_ctx,
+                                    sasl_names,
+                                    const char *,
+                                    sasl_names_count + 2);
+               if (tmp == NULL) {
+                       TALLOC_FREE(sasl_names);
+                       return NULL;
+               }
+               sasl_names = tmp;
+
+               sasl_names[sasl_names_count] = ops[i]->sasl_name;
+               sasl_names_count++;
+       }
+       sasl_names[sasl_names_count] = NULL;
+
+       return sasl_names;
+}
+
+/**
+ * @brief Get the sasl names from the gensec security context.
+ *
+ * @param[in]  gensec_security The gensec security context.
+ *
+ * @param[in]  mem_ctx The memory context to allocate memory on.
+ *
+ * @return An allocated array with sasl names, NULL on error.
+ */
+_PUBLIC_
+const char **gensec_security_sasl_names(struct gensec_security *gensec_security,
+                                       TALLOC_CTX *mem_ctx)
+{
+       const struct gensec_security_ops **ops = NULL;
+
+       ops = gensec_security_mechs(gensec_security, mem_ctx);
+
+       return gensec_security_sasl_names_from_ops(gensec_security,
+                                                  mem_ctx,
+                                                  ops);
+}
+
 /**
  * Return a unique list of security subsystems from those specified in
  * the list of SASL names.
similarity index 90%
rename from bootstrap/READMD.md
rename to bootstrap/README.md
index 023686e20c4e440a1dca380015eef7e71877350d..d4f30955197c2b0f1cc5f4f106dc8c2a64b9e208 100644 (file)
@@ -39,17 +39,7 @@ the toplevel .gitlab-ci.yml file.
 As a gitlab-ci user, I can use this tool to build new CI docker images:
 
  After committing the result of calling `bootstrap/template.py --render`
- and updating `SAMBA_CI_CONTAINER_TAG` in .gitlab-ci.yml, you can push
- The branch to git@gitlab.com:samba-team/devel/samba.git using:
-
-  git push -o ci.skip git@gitlab.com:samba-team/devel/samba.git ...
-
- The `-o ci.skip` option means gitlab won't start a pipeline
- for the just pushed branch.
-
- Instead you would start a custom pipeline at:
-
-  https://gitlab.com/samba-team/devel/samba/pipelines/new
+ and updating `SAMBA_CI_CONTAINER_TAG` in .gitlab-ci.yml, you can push.
 
  But you need to pass `SAMBA_CI_REBUILD_IMAGES=yes` as environment
  variable. It means the pipeline runs the 'images' stage and builds
@@ -57,6 +47,11 @@ As a gitlab-ci user, I can use this tool to build new CI docker images:
  uploads the images into the registry.gitlab.com/samba-team/devel/samba
  container registry.
 
+ You can push by specifying the variable (note multiple -o options are allowed,
+ see https://docs.gitlab.com/ee/user/project/push_options.html):
+
+  `git push -o ci.variable='SAMBA_CI_REBUILD_IMAGES=yes' git@gitlab.com:samba-team/devel/samba.git ...`
+
  If you want to try to build images for the (currently) broken
  distributions, you would pass `SAMBA_CI_REBUILD_BROKEN_IMAGES=yes`
  in addition to the custom pipeline. Note the images for
index 62a59b5cc57121e01d236dc3e2aeb597f4c1feb7..43f89cf9efca7e953afb4b437a3b7e24417f466c 100644 (file)
@@ -134,7 +134,7 @@ PKGS = [
     ('python3-cryptography', 'python3-cryptography'), # for krb5 tests
     ('python3-dev', 'python3-devel'),
     ('python3-dbg', ''),
-    ('python3-iso8601', ''),
+    ('python3-iso8601', 'python3-iso8601'),
     ('python3-gpg', 'python3-gpg'),  # defaults to ubuntu/fedora latest
     ('python3-markdown', 'python3-markdown'),
     ('python3-matplotlib', ''),
@@ -147,7 +147,8 @@ PKGS = [
 
     # perl
     ('libparse-yapp-perl', 'perl-Parse-Yapp'),
-    ('libjson-perl', 'perl-JSON-Parse'),
+    ('libjson-perl', 'perl-JSON'),
+    ('', 'perl-JSON-Parse'),
     ('perl-modules', ''),
     ('', 'perl-Archive-Tar'),
     ('', 'perl-ExtUtils-MakeMaker'),
@@ -230,7 +231,10 @@ set -xueo pipefail
 yum update -y
 yum install -y dnf-plugins-core
 yum install -y epel-release
+
+yum -v repolist all
 yum config-manager --set-enabled PowerTools -y
+yum config-manager --set-enabled Devel -y
 yum update -y
 
 yum install -y \
@@ -390,7 +394,6 @@ DEB_DISTS = {
         'docker_image': 'ubuntu:16.04',
         'vagrant_box': 'ubuntu/xenial64',
         'replace': {
-            'python-gpg': 'python-gpgme',
             'python3-gpg': 'python3-gpgme',
             'glusterfs-common': '',
             'libcephfs-dev': '',
@@ -460,7 +463,6 @@ RPM_DISTS = {
             'perl-JSON-Parse': '', # does not exist?
             'perl-Test-Base': 'perl-Test-Simple',
             'policycoreutils-python': 'python3-policycoreutils',
-            'quota-devel': '', # FIXME: Add me back, once available!
             'liburing-devel': '', # not available yet, Add me back, once available!
         }
     },
@@ -506,7 +508,6 @@ RPM_DISTS = {
             'perl-generators': '',
             'perl-interpreter': '',
             'procps-ng': 'procps',
-            'python-dns': 'python2-dnspython',
             'python3-dns': 'python3-dnspython',
             'python3-markdown': 'python3-Markdown',
             'quota-devel': '',
@@ -538,7 +539,6 @@ RPM_DISTS = {
             'perl-generators': '',
             'perl-interpreter': '',
             'procps-ng': 'procps',
-            'python-dns': 'python2-dnspython',
             'python3-dns': 'python3-dnspython',
             'python3-markdown': 'python3-Markdown',
             'quota-devel': '',
index 9c81a1e1e686a16168066b236d5bfcddb46f6ae9..63746e248bca962cb834439a93dcd4d4c1ca751f 100755 (executable)
@@ -72,6 +72,7 @@ yum install -y \
     patch \
     perl-Archive-Tar \
     perl-ExtUtils-MakeMaker \
+    perl-JSON \
     perl-JSON-Parse \
     perl-Parse-Yapp \
     perl-Test-Base \
@@ -87,6 +88,7 @@ yum install -y \
     python36-cryptography \
     python36-devel \
     python36-dns \
+    python36-iso8601 \
     python36-markdown \
     python36-pyasn1 \
     quota-devel \
index 55502974829d4c35f55536d099d6aa6a00a2bed3..7fb9b81139769ed2bcbcee5bdbe645e31b7888b4 100644 (file)
@@ -58,6 +58,7 @@ packages:
   - patch
   - perl-Archive-Tar
   - perl-ExtUtils-MakeMaker
+  - perl-JSON
   - perl-JSON-Parse
   - perl-Parse-Yapp
   - perl-Test-Base
@@ -73,6 +74,7 @@ packages:
   - python36-cryptography
   - python36-devel
   - python36-dns
+  - python36-iso8601
   - python36-markdown
   - python36-pyasn1
   - quota-devel
index a211daf2162bb55ebb97b9fdf5cae65afbe3cf1b..342188e7fe55ef97f6e0920a155e464e8a269bed 100755 (executable)
@@ -10,7 +10,10 @@ set -xueo pipefail
 yum update -y
 yum install -y dnf-plugins-core
 yum install -y epel-release
+
+yum -v repolist all
 yum config-manager --set-enabled PowerTools -y
+yum config-manager --set-enabled Devel -y
 yum update -y
 
 yum install -y \
@@ -76,6 +79,7 @@ yum install -y \
     perl \
     perl-Archive-Tar \
     perl-ExtUtils-MakeMaker \
+    perl-JSON \
     perl-Parse-Yapp \
     perl-Test-Simple \
     perl-generators \
@@ -89,10 +93,12 @@ yum install -y \
     python3-devel \
     python3-dns \
     python3-gpg \
+    python3-iso8601 \
     python3-libsemanage \
     python3-markdown \
     python3-policycoreutils \
     python3-pyasn1 \
+    quota-devel \
     readline-devel \
     redhat-lsb \
     rng-tools \
index 4d87303bcc244a069ae8e72dc51f8c585c48cb15..d82a80e69577fc4cb40fbb4aa1e9742834162ae0 100644 (file)
@@ -61,6 +61,7 @@ packages:
   - perl
   - perl-Archive-Tar
   - perl-ExtUtils-MakeMaker
+  - perl-JSON
   - perl-Parse-Yapp
   - perl-Test-Simple
   - perl-generators
@@ -74,10 +75,12 @@ packages:
   - python3-devel
   - python3-dns
   - python3-gpg
+  - python3-iso8601
   - python3-libsemanage
   - python3-markdown
   - python3-policycoreutils
   - python3-pyasn1
+  - quota-devel
   - readline-devel
   - redhat-lsb
   - rng-tools
index 4bbda3ce3c83f6d6c63e224fd0bf6fd26856b08c..18fbfefedbc4a1416a1cb1e4503a56c68aa47e58 100755 (executable)
@@ -74,6 +74,7 @@ dnf install -y \
     perl \
     perl-Archive-Tar \
     perl-ExtUtils-MakeMaker \
+    perl-JSON \
     perl-JSON-Parse \
     perl-Parse-Yapp \
     perl-Test-Base \
@@ -88,6 +89,7 @@ dnf install -y \
     python3-devel \
     python3-dns \
     python3-gpg \
+    python3-iso8601 \
     python3-libsemanage \
     python3-markdown \
     python3-policycoreutils \
index 4a8356cddb31d6f9c3e521e190a898a1ab4dfe64..6cb2ce3841fb566d04790180b8ca85bb968f57cc 100644 (file)
@@ -63,6 +63,7 @@ packages:
   - perl
   - perl-Archive-Tar
   - perl-ExtUtils-MakeMaker
+  - perl-JSON
   - perl-JSON-Parse
   - perl-Parse-Yapp
   - perl-Test-Base
@@ -77,6 +78,7 @@ packages:
   - python3-devel
   - python3-dns
   - python3-gpg
+  - python3-iso8601
   - python3-libsemanage
   - python3-markdown
   - python3-policycoreutils
index 4bbda3ce3c83f6d6c63e224fd0bf6fd26856b08c..18fbfefedbc4a1416a1cb1e4503a56c68aa47e58 100755 (executable)
@@ -74,6 +74,7 @@ dnf install -y \
     perl \
     perl-Archive-Tar \
     perl-ExtUtils-MakeMaker \
+    perl-JSON \
     perl-JSON-Parse \
     perl-Parse-Yapp \
     perl-Test-Base \
@@ -88,6 +89,7 @@ dnf install -y \
     python3-devel \
     python3-dns \
     python3-gpg \
+    python3-iso8601 \
     python3-libsemanage \
     python3-markdown \
     python3-policycoreutils \
index 4a8356cddb31d6f9c3e521e190a898a1ab4dfe64..6cb2ce3841fb566d04790180b8ca85bb968f57cc 100644 (file)
@@ -63,6 +63,7 @@ packages:
   - perl
   - perl-Archive-Tar
   - perl-ExtUtils-MakeMaker
+  - perl-JSON
   - perl-JSON-Parse
   - perl-Parse-Yapp
   - perl-Test-Base
@@ -77,6 +78,7 @@ packages:
   - python3-devel
   - python3-dns
   - python3-gpg
+  - python3-iso8601
   - python3-libsemanage
   - python3-markdown
   - python3-policycoreutils
index 1a38fbdef22604093ca3622da96dfe5a56df5d5e..33c8aeb402197b0ef47fe46835d745f4b8a45601 100755 (executable)
@@ -70,6 +70,7 @@ zypper --non-interactive install \
     perl \
     perl-Archive-Tar-Wrapper \
     perl-ExtUtils-MakeMaker \
+    perl-JSON \
     perl-JSON-XS \
     perl-Parse-Yapp \
     perl-Test-Base \
@@ -85,6 +86,7 @@ zypper --non-interactive install \
     python3-devel \
     python3-dnspython \
     python3-gpg \
+    python3-iso8601 \
     python3-pyasn1 \
     readline-devel \
     rng-tools \
index bfb352f749efb2dd79762d2f1cd0df24c69166f4..5e7b1a11d7a7220cb0f9e60f0df145cfa2e3c160 100644 (file)
@@ -58,6 +58,7 @@ packages:
   - perl
   - perl-Archive-Tar-Wrapper
   - perl-ExtUtils-MakeMaker
+  - perl-JSON
   - perl-JSON-XS
   - perl-Parse-Yapp
   - perl-Test-Base
@@ -73,6 +74,7 @@ packages:
   - python3-devel
   - python3-dnspython
   - python3-gpg
+  - python3-iso8601
   - python3-pyasn1
   - readline-devel
   - rng-tools
index 1a38fbdef22604093ca3622da96dfe5a56df5d5e..33c8aeb402197b0ef47fe46835d745f4b8a45601 100755 (executable)
@@ -70,6 +70,7 @@ zypper --non-interactive install \
     perl \
     perl-Archive-Tar-Wrapper \
     perl-ExtUtils-MakeMaker \
+    perl-JSON \
     perl-JSON-XS \
     perl-Parse-Yapp \
     perl-Test-Base \
@@ -85,6 +86,7 @@ zypper --non-interactive install \
     python3-devel \
     python3-dnspython \
     python3-gpg \
+    python3-iso8601 \
     python3-pyasn1 \
     readline-devel \
     rng-tools \
index bfb352f749efb2dd79762d2f1cd0df24c69166f4..5e7b1a11d7a7220cb0f9e60f0df145cfa2e3c160 100644 (file)
@@ -58,6 +58,7 @@ packages:
   - perl
   - perl-Archive-Tar-Wrapper
   - perl-ExtUtils-MakeMaker
+  - perl-JSON
   - perl-JSON-XS
   - perl-Parse-Yapp
   - perl-Test-Base
@@ -73,6 +74,7 @@ packages:
   - python3-devel
   - python3-dnspython
   - python3-gpg
+  - python3-iso8601
   - python3-pyasn1
   - readline-devel
   - rng-tools
index 97c1408594b2d9600813b67dc0c177b8e5012139..7d4891b02e7ebda307ea0a394aed244b145e8ca3 100644 (file)
@@ -1 +1 @@
-c6ee634a9467e84ee8dd858b0b363f7a75973a66
+86279163d150fb95742f4b34fce0dfc1a639f5de
index e12e2e0dc828dacb6cb0927aa4759963ba975abb..0acfaa21e08d7ba724fa1f582bd7c61b65ea0941 100755 (executable)
@@ -32,7 +32,7 @@ from config import DISTS, VAGRANTFILE, OUT
 
 HERE = os.path.abspath(os.path.dirname(__file__))
 SHA1SUM_FILE_PATH = os.path.join(HERE, 'sha1sum.txt')
-README_FILE_PATH = os.path.join(HERE, 'READMD.md')
+README_FILE_PATH = os.path.join(HERE, 'README.md')
 
 logging.basicConfig(level='INFO')
 log = logging.getLogger(__file__)
index 11ce8e7480ace2402723adef1164d36346bd860b..feabe25d13122fba5489beb655c374c708318523 100755 (executable)
@@ -32,7 +32,7 @@ POSSIBILITY OF SUCH DAMAGE.
 
 import os, sys, inspect
 
-VERSION="2.0.18"
+VERSION="2.0.20"
 REVISION="x"
 GIT="x"
 INSTALL="x"
index 4615e201422b53ea4c5b9fea2b7220e0d11218cd..276b88780b84af17f27a10ce901e9812ee3f52d7 100644 (file)
@@ -790,6 +790,7 @@ int main(void) {
         if not Options.options.disable_warnings_as_errors:
             conf.ADD_NAMED_CFLAGS('PICKY_CFLAGS', '-Werror -Wno-error=deprecated-declarations', testflags=True)
             conf.ADD_NAMED_CFLAGS('PICKY_CFLAGS', '-Wno-error=tautological-compare', testflags=True)
+            conf.ADD_NAMED_CFLAGS('PICKY_CFLAGS', '-Wno-error=cast-align', testflags=True)
 
     if Options.options.fatal_errors:
         conf.ADD_CFLAGS('-Wfatal-errors', testflags=True)
index 43422a71f99595f4aca48404cbc033191609b890..bf62ee8807059ef9afa6dae09734232bb5c8ca87 100644 (file)
@@ -23,6 +23,7 @@ def SAMBA_MKVERSION(bld, target, source='VERSION'):
     # git revision) included in the version.
     t = bld.SAMBA_GENERATOR('VERSION',
                             rule=write_version_header,
+                            group='setup',
                             source=source,
                             target=target,
                             always=bld.is_install)
index d71ce47a8310d2a47c4d873eba4544d45d09c4d1..002357bb556da5f1674f2844642e01b38b14f2e7 100644 (file)
@@ -7,9 +7,6 @@ from waflib.Configure import conf
 @conf
 def SAMBA_CHECK_PYTHON(conf, version=(3,6,0)):
 
-    if conf.env.disable_python:
-        version=(2,6,0)
-
     if conf.env.enable_fuzzing:
         version=(3,5,0)
 
@@ -61,11 +58,8 @@ def SAMBA_CHECK_PYTHON_HEADERS(conf):
 def _check_python_headers(conf):
     conf.check_python_headers()
 
-    if conf.env['PYTHON_VERSION'] > '3':
-        abi_pattern = os.path.splitext(conf.env['pyext_PATTERN'])[0]
-        conf.env['PYTHON_SO_ABI_FLAG'] = abi_pattern % ''
-    else:
-        conf.env['PYTHON_SO_ABI_FLAG'] = ''
+    abi_pattern = os.path.splitext(conf.env['pyext_PATTERN'])[0]
+    conf.env['PYTHON_SO_ABI_FLAG'] = abi_pattern % ''
     conf.env['PYTHON_LIBNAME_SO_ABI_FLAG'] = (
         conf.env['PYTHON_SO_ABI_FLAG'].replace('_', '-'))
 
index fae9029002d3884a5562d75f292abb073c19589c..bc2b21f2a55908f4abd85481faf48cfdc71efd1b 100644 (file)
@@ -24,7 +24,7 @@ Build.BuildContext.CHECK_CMOCKA = CHECK_CMOCKA
 
 @conf
 def CHECK_SOCKET_WRAPPER(conf):
-    return conf.CHECK_BUNDLED_SYSTEM_PKG('socket_wrapper', minversion='1.2.4')
+    return conf.CHECK_BUNDLED_SYSTEM_PKG('socket_wrapper', minversion='1.2.5')
 Build.BuildContext.CHECK_SOCKET_WRAPPER = CHECK_SOCKET_WRAPPER
 
 @conf
@@ -34,7 +34,7 @@ Build.BuildContext.CHECK_NSS_WRAPPER = CHECK_NSS_WRAPPER
 
 @conf
 def CHECK_RESOLV_WRAPPER(conf):
-    return conf.CHECK_BUNDLED_SYSTEM_PKG('resolv_wrapper', minversion='1.1.6')
+    return conf.CHECK_BUNDLED_SYSTEM_PKG('resolv_wrapper', minversion='1.1.7')
 Build.BuildContext.CHECK_RESOLV_WRAPPER = CHECK_RESOLV_WRAPPER
 
 @conf
index f9eae73ae449833bc70a0a9836ec6e0bbe878857..0587f525aff376262e8f34b4f264c4e72617d0d3 100644 (file)
@@ -459,7 +459,7 @@ def RECURSE(ctx, directory):
         return
     visited_dirs.add(key)
     relpath = os.path.relpath(abspath, ctx.path.abspath())
-    if ctxclass in ['tmp', 'OptionsContext', 'ConfigurationContext', 'BuildContext']:
+    if ctxclass in ['tmp', 'OptionsContext', 'ConfigurationContext', 'BuildContext', 'ClangDbContext']:
         return ctx.recurse(relpath)
     if 'waflib.extras.compat15' in sys.modules:
         return ctx.recurse(relpath)
@@ -719,6 +719,9 @@ def samba_before_apply_obj_vars(self):
         if is_standard_libpath(v, i):
             v['LIBPATH'].remove(i)
 
+# Samba options are mostly on by default (administrators and packagers
+# specify features to remove, not add), which is why default=True
+
 def samba_add_onoff_option(opt, option, help=(), dest=None, default=True,
                            with_name="with", without_name="without"):
     if default is None:
index c0bb6bfcf55218aec0a2aaa1b24483f18d748489..ecf3891f175569d178a703f4bc48c39a47bc6d57 100644 (file)
@@ -5,6 +5,7 @@ from waflib import Build, Configure, Node, Utils, Options, Logs, TaskGen
 from waflib import ConfigSet
 from waflib.TaskGen import feature, after
 from waflib.Configure import conf, ConfigurationContext
+from waflib.extras import clang_compilation_database
 
 from waflib.Tools.flex import decide_ext
 
@@ -37,7 +38,7 @@ TaskGen.declare_chain(
 )
 
 
-for y in (Build.BuildContext, Build.CleanContext, Build.InstallContext, Build.UninstallContext, Build.ListContext):
+for y in (Build.BuildContext, Build.CleanContext, Build.InstallContext, Build.UninstallContext, Build.ListContext, clang_compilation_database.ClangDbContext):
     class tmp(y):
         variant = 'default'
 
index 8521c49d8e82b4b311863fb8b34884ecb7ef07fc..ffd5a568e1b5992391817bbd52eada271448f44c 100644 (file)
@@ -21,7 +21,7 @@ from wafsamba.samba_abi import (
     normalise_signature,
     )
 
-from samba.compat import StringIO
+from io import StringIO
 
 
 class NormaliseSignatureTests(TestCase):