s4:kdc: honour "kdc require canonicalization = yes"

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

loadparm: add "kdc require canonicalization"

Has no effect yet.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

pytest:krb5 as_canonicalization checks no implicit $ return code

We check here instead of selftest/expectedfail.d/* in part because
on MIT some of these cases will fail to fail to ask for preauth.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

tests: run more kdc tests with no implicit $ without canonicalization

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

kdc: match implicit dollar without canon affects AS_REQ client only

The smb.conf option

  kdc name match implicit dollar without canonicalization = no

is supposed to avoid the dollar ticket attack by refusing to consider
"foo$" as a match for "foo" unless canonicalization is requested.

This was rather blunt however, as the only time we care about this is for
the client name in an AS_REQ, and we can easily check whether that is the
case.

This makes the option less intrusive, allowing the use of "SERVER" for a
server name rather than "SERVER$". A number of tests no longer fail.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

pytest:krb5:as_canonicalization debug formatting

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

samba-tool gpo: remove unused import

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

torture: do not zero members more than once

three lines up is `*suite = talloc_zero(...)`.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

selftest: we no longer use 'testscenarios' or 'subunit.tests.testsuite'

If 'python3-testscenarios' is installed, the test is bound to fail,
like this:

$ make test TESTS=subunit
[...]
[1(0)/2 at 0s] subunit.tests.test_suite
subunit.tests.test_suite.unittest.loader._FailedTest.subunit(none)
REASON: Exception: Exception: ImportError: Failed to import test module: subunit
Traceback (most recent call last):
  File "/usr/lib/python3.12/unittest/loader.py", line 137, in loadTestsFromName
    module = __import__(module_name)
             ^^^^^^^^^^^^^^^^^^^^^^^
     ModuleNotFoundError: No module named 'subunit'

I am not certain when "subunit.tests.test_suite" would have
successfully resolved.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

selftest: Disable ‘krb5 acceptor report canonical client name’ for fl2008r2dc environment

So that we test with and without the option enabled.

Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

s4:auth: Implement ‘krb5 acceptor report canonical client name’ option for Heimdal

Adjust tests to match the new behaviour.

The implementation is simply to set a flag that is already present
in upstream Heimdal.

Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

s4:torture:auth: Do not break client principal

Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

auth:kerberos: Do not fail if PAC account name doesn’t match ticket principal name

Andrew Bartlett says:

“These days, we can trust that the PAC has been validated by the library, and I
think also that nobody could have put in a false PAC anyway (the KDC should stop
clients setting pre-auth data of that type), so the validation step that fails
isn't doing as much as it did 20 years ago. So I think we could simply patch
[this] check to accept the canonical name and know that we just are working with
that option [‘krb5 acceptor report canonical client name’] having been set.”

Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

loadparm: Add ‘krb5 acceptor report canonical client name’ option

It is enabled by default, and does nothing as of yet.

Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

s4:selftest: Remove ‘extra_options’

These should always be an empty list.

Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

s4:torture: Fix code spelling

Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

s4:torture: Simplify booleans

Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

s4:torture:auth: Fix PAC checksum test

This test was supposed to corrupt the KDC signature and ensure that PAC
verification failed, but it corrupted a harmless padding byte instead. However,
PAC verification still failed as expected because the principal remained
corrupted from the previous test.

Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

WHATSNEW: update for policy hints

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

dsdb:password_hash: fix policy_hint controlled reset return codes

Resets are unwilling, not constrained.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12020

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

dsdb:password_hash: policy_hints control makes resets check history

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12020

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

dsdb:password_hash: "policy hints" resets honour minPwdAge

As always, a reset returns UNWILLING_TO_PERFORM even though it is
pretending to be a change due to the control.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12020

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

pytest:dsdb:password: test policy_hints oid

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12020

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

pytest:dsdb:passwords: guess ldaps and ldap hosts from each other

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12020

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

dsdb:password_hash: notice "policy hints" control

This still doesn't do anything, but it does mean we can set the control
in tests without hitting unhandled critical control errors.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12020

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

ldb: add "policy hints" controls to be used by password_hash module

These won't have any effect yet, but soon they will allow a privileged
account to perform a password reset that respects constraints on
password history, age, and length, as if the reset was an ordinary
password change (that is, where the user provides the old password).

A normal user can't reset their own password using this, if the
organisation is using a remote service (e.g. Entra ID or Keycloak) to
manage passwords, that service can use a policy hints control to
ensure it follows AD password policy.

Entra ID Self Service Password Reset (SSPR) uses the deprecated OID.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12020

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

dsdb:password_hash: reject password reset with UNWILLING_TO_PERFORM

This is what Windows does: where a password change would cause
CONSTRAINT_VIOLATION, a reset causes UNWILLING_TO_PERFORM.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12020

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

dsdb:password_hash: fix a typo

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

python subunit: add dummy addDuration methods

preventing this message:

/usr/lib/python3.12/unittest/case.py:580: RuntimeWarning: TestResult has no addDuration method
  warnings.warn("TestResult has no addDuration method",

as far as I can tell we have no real use for addDuration, since we
already measure time in other ways.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

s3:vfs_ceph_new: use #ifdef, not #if HAVE_CEPH_ASYNCIO

This is one of our half-bit flags; there is no way it can be defined
to zero. '#if' works because unknown identifiers are considered to be
zero, but it isn't how we do things.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

manpages:smb.conf:nt hash store: remove a stray word

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

lib: Fix the build on solaris

Solaris does not define HAVE_POSIX_CAPABILITIES and does not have
cap_value_t. Confirmed by the reporter.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Jan 14 15:25:00 UTC 2026 on atb-devel-224

vfs_btrfs: Log the correct fd value

Signed-off-by: SATOH Fumiyasu <fumiyas@osstech.co.jp>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Jan 14 14:07:38 UTC 2026 on atb-devel-224

s3:libsmb: Rework check_negative_conn_cache()

The name and results are confusing. Rename the function and use a bool that it
is easier to understand.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Jan 13 17:00:06 UTC 2026 on atb-devel-224

s3:winbindd fix race condition in terminate_child

Fixes:

winbindd[306061]:   Bad talloc magic value - unknown value
winbindd[306061]:   =========================================================
winbindd[306061]:   INTERNAL ERROR: Bad talloc magic value - unknown value in
                    winbindd () () pid

A race condition in source3/windbindd/winbindd_util.c::terminate_child
between the child socket closing, and the destructor de-registering the
child socket from epoll.

If the socket closes before it is de-registered from epoll, the event
is added to the epoll rdllink and will be retrieved when epoll_wait
is next called.  However monitor_fde has been deallocated and we get the
observed failure.

Moving the TALLOC_FREE before the kill ensures that the child socket has been
de-registered from epoll before it closes.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15937

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Jan 13 14:50:20 UTC 2026 on atb-devel-224

auth/ntlmssp: Zero memory in ntlmssp_client.c

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Tue Jan 13 12:34:02 UTC 2026 on atb-devel-224

auth/ntlmssp: Add missing memory allocation checks is ntlmssp_client.c

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

auth/ntlmssp: Zero sensitive memory in gensec_ntlmssp.c

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

source3/auth: Zero memory in auth_util.c

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

auth/credentials: Zero memory in credentials_ntlm.c

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

auth/kerberos: Zero sensitive memory in gssapi_pac.c

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

auth/kerberos: Check memory allocation in gssapi_get_session_key()

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

auth: Fix trailing whitespaces in gssapi_pac.c

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

lib/krb5_wrap: Check memory allocation in smb_krb5_get_smb_session_key()

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

lib/krb5_wrap: Zero sensitive memory in krb5_samba.c

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s4: Fix trailing whitespaces in sesssetup.c

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

auth: Fix typo "pass-though" ->  "pass-through"

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

libcli:auth: Fix trailing whitespaces in ntlm_check.c

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:lib/util_sock: allow {before,after}_connect hooks to be passed to open_socket_out_send()

async_connect_send() already has these hooks now open_socket_out_send()
callers can pass them through.

This will be useful for IPPROTO_SMBDIRECT sockets to setup things
between the socket() and connect() syscalls.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Jan 13 08:13:04 UTC 2026 on atb-devel-224

lib/async_req: let async_connect_send() pass the fd to {before,after}_connect hooks

This will be useful for IPPROTO_SMBDIRECT sockets to setup things
between the socket() and connect() syscalls.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

lib: Remove [set|drop]_effective_capability and enum smbd_capability

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Jan 12 10:39:38 UTC 2026 on atb-devel-224

lib: Replace calls to [set|drop]_effective_capability

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

lib: Add capability-specific functions

This makes the one-attempt logic for dac_override simpler to
understand.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

lib: Remove LEASE_CAPABILITY

This was only used via vfs_gpfs, and that removed its use in 2020.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

lib: Remove KERNEL_OPLOCK_CAPABILITY

This was only used in the IRIX oplock code, which was removed in 2018.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

lib: Remove explicitly dropping capabilities before exec

These calls are not necessary: When setting capabilities, we always
remove them from the inheritable set, so they will inevitably be
removed at exec-time. Also, these groups of calls were never updated
for DAC_OVERRIDE, which would have posed a pretty severe problem.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

vfs_ceph_new: Improve log entries in vfs_cephfs_load_lib()

Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Shweta Sodani <ssodani@redhat.com>
Reviewed-by: John Mulligan <jmulligan@redhat.com>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Thu Jan  8 14:33:36 UTC 2026 on atb-devel-224

vfs_ceph_new: Add explicit log entry for libcephfs proxy status

Other than the loadparm dump, the logs did not indicate whether the
libcephfs proxy was in use. Add an explicit log entry to make its
status clear.

Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Shweta Sodani <ssodani@redhat.com>
Reviewed-by: John Mulligan <jmulligan@redhat.com>

nsswitch/libwbclient: Zero memory in libwbclient

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Jan  8 12:59:02 UTC 2026 on atb-devel-224

release.sh: also replace "y acute" character with html entity

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Jule Anger <janger@samba.org>
Autobuild-User(master): Björn Jacke <bjacke@samba.org>
Autobuild-Date(master): Wed Jan  7 15:58:11 UTC 2026 on atb-devel-224

lib: Move a few smb-related constant #defines to common code

No need to have two copies in source3 and source4

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Jan  7 11:00:48 UTC 2026 on atb-devel-224

smbd: Simplify vfs_valid_pwrite_range()

Easier to read for me.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

smbd: Avoid an else in vfs_valid_pwrite_range()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

smbd: Remove an unneeded return;

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

smbd: Fix a typo

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

vfs_commit: Do initial eof calculation on demand

Avoid yet another fstat call at open time, we might never write to the
file

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

vfs_commit: Some README.Coding changes

Reduce indentation with early returns

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

vfs_commit: Reduce indentation with early returns

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

vfs_commit: Make dbytes and dthresh size_t

Those can never go negative, use "%zu" as printf modifier

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

librpc: Use a direct struct initialization

Don't reference data_blob_null without need

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

libndr: Fix two small error path memleaks

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

libcli: Initialize a variable at declaration time

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

lib: Remove unnecessary assignments

data_blob_free() already NULLs out its argument

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

librpc: Slightly simplify dcerpc_binding_build_tower()

Use the implicit NULLing out of the other struct elements

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

lib: Don't call a function to initialize an empty DATA_BLOB

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

smbd: Simplify callers of messaging_send()

It deals fine with a NULL argument

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

librpc: Directly initialize variables

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

smbd: Make arguments to open_file_ntcreate a bit easier to read

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

lib: Reduce indentation with an early return

Review with "git show -w"

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

lib: Remove some code #ifdef'ed out for more than 20 years

We have a git history if someone wants to dig this up

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

smbd: Use a direct struct initialization

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

smbd: Reduce indentation

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

smb: Modernize a few DEBUGs

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

smbd: Reduce indentation with an early return;

Review with "git show -w"

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

lib: Remove a few unused #defines

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

credentials: Remove duplicate prototypes

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

smbd: Move utok_string() into smbd

Only used in chdir_current_service()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

smbd: Remove the one-line conn_free() wrapper function

In case there's more things to do here we should put it into the
destructor.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

lib: Reduce indentation

Avoid a few "else" statements, review with "git show -w".

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

smbd: Modernize some very ugly DEBUGs

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

lib: Add timespec_equal()

I've just gotten the !=0 vs ==0 wrong. Make comparing timespecs for
equality more intuitive.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

smbd: Modernize DEBUGs

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

smbd: Remove unused posix_sys_acl_blob_get_file()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

smbd: Remove an unnecessary talloc_strdup()

talloc_string_sub() already makes a copy first

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

pysmbd: Silence a signed/unsigned warning

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

libcli: Add missing NULL checks

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

libcli: Fix error path memleaks

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

lib: Save lines with direct initialization

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

smbd: A TCP port is uint16, fix variable type

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

lib: Remove two unused functions

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>