[Pkg-samba-maint] [Git][samba-team/samba][master] 136 commits: VERSION: Bump version up to Samba 4.21.2...
Michael Tokarev (@mjt)
gitlab at salsa.debian.org
Mon Nov 25 16:22:49 GMT 2024
Michael Tokarev pushed to branch master at Debian Samba Team / samba
Commits:
53cf535b by Jule Anger at 2024-10-14T13:26:18+02:00
VERSION: Bump version up to Samba 4.21.2...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
189e4e8b by Stefan Metzmacher at 2024-11-07T09:15:13+00:00
s4:tortore/rpc: let rpc.backupkey without privacy pass against Windows 2022
The server disconnects after the first fault.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 8c6b5b87434e96d4cb695c0a5cf8aa0a0472c6a4)
- - - - -
9e35e26e by Stefan Metzmacher at 2024-11-07T09:15:13+00:00
RawDCERPCTest: ignore errors in smb_pipe_socket.close()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit b51ab42284211981a1ee6c8865845c7dfc985cb4)
- - - - -
c0f40a78 by Stefan Metzmacher at 2024-11-07T09:15:13+00:00
tests/dcerpc/raw_protocol: pass against Windows 2022 and require special env vars for legacy servers
Test works against Windows 2022 and works like this:
SMB_CONF_PATH=/dev/null SERVER=172.31.9.118 \
TARGET_HOSTNAME=w2022-118.w2022-l7.base IGNORE_RANDOM_PAD=1 \
DOMAIN=W2022-L7 REALM=W2022-L7.BASE \
USERNAME=administrator PASSWORD=A1b2C3d4 \
python/samba/tests/dcerpc/raw_protocol.py -v -f TestDCERPC_BIND
Against a legacy Windows2012R2 server this still works:
SMB_CONF_PATH=/dev/null SERVER=172.31.9.188 \
TARGET_HOSTNAME=w2012r2-188.w2012r2-l6.base ALLOW_BIND_AUTH_PAD=1 \
LEGACY_BIND_NACK_NO_REASON=1 AUTH_LEVEL_CONNECT_LSA=1 \
IGNORE_RANDOM_PAD=1 DOMAIN=W2012R2-L6 REALM=W2012R2-L6.BASE \
USERNAME=administrator PASSWORD=A1b2C3d4 \
python/samba/tests/dcerpc/raw_protocol.py -v -f TestDCERPC_BIND
Currently Samba behaves like 2012R2, but the next commits
will change that...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 98d908bfd07283878a7a6a630c2bfe5d27b5ffd8)
- - - - -
b56c35c3 by Stefan Metzmacher at 2024-11-07T09:15:13+00:00
s4:selftest: only run ad_member with AUTH_LEVEL_CONNECT_LSA=1
We only want to test against
'allow dcerpc auth level connect:lsarpc = yes' once
in order to have the related code tests.
We use the ad_memeber for that special test and
use the default on the tested ADDC.
This reveals some knownfails, which will be fixed in
the next commit...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 93bd5ba609f93ce8298f12f2a7b0ad333e0f48bf)
- - - - -
346dab39 by Stefan Metzmacher at 2024-11-07T09:15:13+00:00
dcesrv_core: disconnect after a fault with non AUTH_LEVEL_CONNECT bind
Without an auth context using DCERPC_AUTH_LEVEL_PACKET or higher
the fault to reject requests with an invalid auth level
should trigger a disconnect after sending the fault to
the client.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 31c2f35bba003daee39756e83def0f3d45c19c6b)
- - - - -
cbcd11f2 by Stefan Metzmacher at 2024-11-07T09:15:13+00:00
dcesrv_core: return NAK_REASON_PROTOCOL_VERSION_NOT_SUPPORTED for binds without contexts
This is the error Windows 2022 (and 2025 preview) return.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 8e6696b2ac6990f3d6bac804c9a0f1a2b8f0ada0)
- - - - -
79d8431c by Stefan Metzmacher at 2024-11-07T09:15:13+00:00
tests/dcerpc/raw_protocol: add more test for auth padding during ALTER_CONTEXT/AUTH3
The aim is to keep testing the code paths, which are no longer
testing because allow_bind_auth_pad is false now, which
means the existing tests fail directly at the BIND,
but we also want to test the error handling on
ALTER_CONTEXT (and AUTH3).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 9309283ddbcc60cb8dac8ecd3f4bcecfbf8ac732)
- - - - -
bea355c2 by Stefan Metzmacher at 2024-11-07T09:15:13+00:00
dcerpc_util: don't allow auth_padding for BIND, ALTER_CONTEXT and AUTH3 pdus
This is how Windows 2022 (and 2025 preview) behaves...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit be02d4077db1d6c35b2e480937a04b5e70545a6d)
- - - - -
82ce8984 by Stefan Metzmacher at 2024-11-07T09:15:13+00:00
s4:librpc: provide py_schannel bindings
This will be used in the dcerpc.raw_protocol test.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 0acbbeab4db0c8bc8ff655d652e249fecb3c4ef9)
- - - - -
fcbb5243 by Stefan Metzmacher at 2024-11-07T09:15:13+00:00
RawDCERPCTest: split prepare_pdu() and send_pdu_blob() out of send_pdu()
This will make it possible to alter pdus before sending them to the
server.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 444f9c6624f5c997dfdc4ae0bfb8823a56fbef70)
- - - - -
465bcb60 by Stefan Metzmacher at 2024-11-07T09:15:13+00:00
RawDCERPCTest: add some more auth_length related asserts
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit bb8ad1f22924b581bfb66555713e98efa91372b2)
- - - - -
2553c9ae by Stefan Metzmacher at 2024-11-07T09:15:13+00:00
dcesrv_core: add more verbose debugging for missing association groups
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit ac5818f2dd348e61b4be35505bee00b330ec4450)
- - - - -
80129a9b by Stefan Metzmacher at 2024-11-07T09:15:13+00:00
tests/dcerpc/raw_protocol: run test_neg_xmit_ffff_ffff over tcp and smb
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit a2d894fd37aaa9bce64ad95e01412681a08790ea)
- - - - -
05832885 by Stefan Metzmacher at 2024-11-07T09:15:13+00:00
dcesrv_core: introduce dcesrv_connection->transport_max_recv_frag
The max fragment size depends on the transport.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 09e8dd23ce0c08c5c04bd74121f3664f420af877)
- - - - -
5fbb57e0 by Stefan Metzmacher at 2024-11-07T09:15:13+00:00
tests/dcerpc/raw_protocol: test_no_auth_ctx_request
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 57fb07f5a3369d679f8918f853303b56e58dfb3d)
- - - - -
b019eb56 by Stefan Metzmacher at 2024-11-07T09:15:13+00:00
tests/dcerpc/raw_protocol: fix comment in test_spnego_change_auth_type1
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 7b5c3f9b1f334eb9d7906338e2e64196a6530068)
- - - - -
68ade991 by Stefan Metzmacher at 2024-11-07T09:15:13+00:00
tests/dcerpc/raw_protocol: add tests for max auth_padding, auth_len or auth_offset
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 0da9e4d7430c7dbb37783e6152f7672bf29498e9)
- - - - -
8add039c by Stefan Metzmacher at 2024-11-07T09:15:13+00:00
tests/dcerpc/raw_protocol: add more tests for auth_pad alignment
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 0bc562eb26cad3a5cb8da2da54db86932791f3de)
- - - - -
a91d040b by Stefan Metzmacher at 2024-11-07T09:15:13+00:00
tests/dcerpc/raw_protocol: test invalid schannel binds
Note the ad_member will keep these as expected failures,
as it doesn't provide the netlogon service,
while the knownfail for the ADDC is only temporary.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit f7a3827010a859839a3ae7d0cdf297a15610d286)
- - - - -
5740e9da by Stefan Metzmacher at 2024-11-07T09:15:13+00:00
dcerpc_util: let dcerpc_pull_auth_trailer() check that auth_offset is 4 bytes aligned
That what Windows also asserts.
It also makes sure that ndr_pull_dcerpc_auth() will
start with ndr->offset = 0 and don't tries to eat
possible padding.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 890fff1ca0c4e1eb8ef26c4f88aa18aeda3afc4f)
- - - - -
178e654e by Stefan Metzmacher at 2024-11-07T09:15:13+00:00
dcerpc_util: let dcerpc_pull_auth_trailer() expose the reject reason
If dcerpc_pull_auth_trailer() returns NT_STATUS_RPC_PROTOCOL_ERROR
it will return the BIND reject code in auth->auth_context_id.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 7a6a1aae6fa74ab0f55c1160aedd2d79c9a44a90)
- - - - -
f27161ef by Stefan Metzmacher at 2024-11-07T09:15:13+00:00
dcerpc_util: let dcerpc_pull_auth_trailer() ignore data_and_pad for bind, alter, auth3
Sometimes Windows sends 3 presentation contexts (NDR32, NDR64,
BindTimeFeatureNegotiation) in the first BIND of an association.
Binding an additional connection to the association seems to
reuse the BIND buffer and just changes the num_contexts field from
3 to 2 and leaves the BindTimeFeatureNegotiation context as padding
in places.
Note, the auth_pad_length field is send as 0 in that case,
which means we need to ignore it completely, as well as any
padding before the auth header.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 85b2dcd93848a590727dac243e8eb3614be75fad)
- - - - -
aa0e6895 by Stefan Metzmacher at 2024-11-07T09:15:13+00:00
dcesrv_core: a failure from gensec_update results in NAK_REASON_INVALID_CHECKSUM
We already report that for gensec_start_mech_by_authtype() failures,
but we also need to do that for any invalid authentication.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 97545873ebc2daf9c3daee914a90687625a08225)
- - - - -
657953d8 by Stefan Metzmacher at 2024-11-07T09:15:13+00:00
dcesrv_core: alter_context logon failures should result in DCERPC_FAULT_ACCESS_DENIED
We should use DCERPC_FAULT_ACCESS_DENIED as default for
gensec status results of e.g. NT_STATUS_LOGON_FAILURE or
NT_STATUS_INVALID_PARAMTER.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 31a422b7e58d7a670ebedb7c91f240a3134a9624)
- - - - -
f18b4948 by Stefan Metzmacher at 2024-11-07T09:15:13+00:00
gensec:ntlmssp: only allow messages up to 2888 bytes
This matches Windows (at least Server 2012_R2).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 55dd8bdb05b4e814beb50d11a6f12c94e5f6e9d5)
- - - - -
dae81f45 by Stefan Metzmacher at 2024-11-07T09:15:13+00:00
gensec:spnego: ignore trailing bytes in SPNEGO_SERVER_START state
This matches Windows (at least Server 2012_R2).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 86808d66f30136850f857b749e768c88de3a079f)
- - - - -
4b60c66a by Stefan Metzmacher at 2024-11-07T09:15:13+00:00
dcesrv_core: fix the auth3 for large ntlmssp messages
I know finding any real logic in reading the patch,
doesn't really show what's going on. I tried hard
to simplify it, but this is the only way I found
that fixed the test_auth_pad_ntlm_2889_auth3 test
without breaking other tests...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 8b8e4ff1b19ba06821d774d0e1a8b1cad7f06120)
- - - - -
27e364a4 by Stefan Metzmacher at 2024-11-07T09:15:13+00:00
dcesrv_core: better fault codes dcesrv_auth_prepare_auth3()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Thu Oct 10 15:17:46 UTC 2024 on atb-devel-224
(cherry picked from commit 9263ce5752063235836d5f77220b0151df6c9408)
- - - - -
a2ee15f5 by Ralph Boehme at 2024-11-07T09:15:13+00:00
smbtorture: prepare test_overwrite_read_only_file() for more subtests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15732
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit f88e52a6f487a216dbb805fabc08e862abb9b643)
- - - - -
88caf2c0 by Ralph Boehme at 2024-11-07T09:15:13+00:00
smbtorture: fix smb2.notify.mask test
The strange function custom_smb2_create() was somehow causing
NT_STATUS_DELETE_PENDING failures:
failure: mask [
(../../source4/torture/smb2/notify.c:490) Incorrect status NT_STATUS_DELETE_PENDING - should be NT_STATUS_OK
]
I couldn't figure out what was causing this exactly, but after doing these
cleanups the error went away.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15732
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 4591f27ca81dff997ef7474565fc9c373abfa4a9)
- - - - -
66c09de1 by Ralph Boehme at 2024-11-07T09:15:13+00:00
smbtorture: add subtests for overwrite dispositions vs sharemodes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15732
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 849afe05ade140898b1eab9b28d46edc8357c844)
- - - - -
5c3e5377 by Ralph Boehme at 2024-11-07T09:15:13+00:00
smbd: fix share access check for overwrite dispostions
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15732
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Mon Oct 14 12:23:04 UTC 2024 on atb-devel-224
(cherry picked from commit 6140c3177a0330f42411618c3fca28930ea02a21)
- - - - -
a7ea9b50 by Ralph Boehme at 2024-11-07T09:15:13+00:00
smbd: fix sharing access check for directories
This was missing from commit 6140c3177a0330f42411618c3fca28930ea02a21 and causes
all opens of directories to be handled as stat opens, bypassing the sharemode
check.
Not adding a test at this time, as my (hopefully) soon to be merged Directory
Leases branch has a test which actually detected this problem.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15732
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 20206a335a6af71b99f6441df145feea6563cf5a)
- - - - -
00e1c97f by Stefan Metzmacher at 2024-11-07T10:27:56+00:00
third_party/heimdal: Import lorikeet-heimdal-202410161454 (commit 0d61538a16b5051c820702f0711102112cd01a83)
gsskrb5: let GSS_C_DCE_STYLE imply GSS_C_MUTUAL_FLAG as acceptor
Windows clients forget GSS_C_MUTUAL_FLAG in some situations where they
use GSS_C_DCE_STYLE, in the assumption that GSS_C_MUTUAL_FLAG is
implied.
Both Windows and MIT as server already imply GSS_C_MUTUAL_FLAG
when GSS_C_DCE_STYLE is used.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15740
PR: https://github.com/heimdal/heimdal/pull/1266
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Wed Oct 16 19:05:15 UTC 2024 on atb-devel-224
(cherry picked from commit ce10b28566eb7b3e26a1e404b278d3d761ac183e)
Autobuild-User(v4-21-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-21-test): Thu Nov 7 10:27:56 UTC 2024 on atb-devel-224
- - - - -
d41a1dbc by Stefan Metzmacher at 2024-11-07T13:37:16+00:00
s3:winbindd: call process_set_title() for locator child
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15749
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Thu Oct 31 14:02:39 UTC 2024 on atb-devel-224
(cherry picked from commit e4e3f05cd7d6fdc98a24f592a099f7d24136788d)
Autobuild-User(v4-21-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-21-test): Thu Nov 7 13:37:16 UTC 2024 on atb-devel-224
- - - - -
9b801467 by Michael Tokarev at 2024-11-13T08:19:36+03:00
d/control: add python3-cryptography to python3-samba Depends (#1086768)
because most subcommands now import cryptography module, and,
for example, samba-tool fails to run any command
- - - - -
3a074d81 by Michael Tokarev at 2024-11-13T08:19:41+03:00
d/control: move python3-gpg recommends from python3-samba to samba-ad-dc
- - - - -
15c80314 by Michael Tokarev at 2024-11-13T08:20:53+03:00
d/control: extend libpcap-dev from hurd-i386 to hurd-any (#1087409)
And while at it, remove kfreebsd from this line
- - - - -
a65ca95d by Stefan Metzmacher at 2024-11-13T08:41:11+00:00
s4:torture/rpc: check that DOWNGRADE_DETECTED has no bits negotiated
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 36310650ee7a64603128139f512d3a4e039f8822)
- - - - -
0267772c by Stefan Metzmacher at 2024-11-13T08:41:11+00:00
s4:torture/rpc: without weak crypto we should require AES
We should check that we can actually negotiated the strong AES
crypto instead of just checking that NETLOGON_NEG_ARCFOUR is not
there...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 3dcbc8eea5bc53a8332b3ad93ea4c3df99af7830)
- - - - -
a4422410 by Stefan Metzmacher at 2024-11-13T08:41:11+00:00
s3:rpc_server/netlogon: correctly negotiate flags in ServerAuthenticate2/3
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit b27661f832cc4c56cc582cf7041d90f178736ef7)
- - - - -
6916bf43 by Stefan Metzmacher at 2024-11-13T08:41:11+00:00
s3:rpc_server/netlogon: if we require AES there's no need to remove the ARCFOUR flag
With SAMBA_WEAK_CRYPTO_DISALLOWED we will return DOWNGRADE_DETECTED with negotiate_flags = 0,
if AES was not negotiated...
And if AES was negotiated there's no harm in returning the ARCFOUR
flag...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit e5bc5ee3e04138b10c0630640469a08fad847e56)
- - - - -
349f3144 by Stefan Metzmacher at 2024-11-13T08:41:11+00:00
s4:rpc_server/netlogon: if we require AES there's no need to remove the ARCFOUR flag
With SAMBA_WEAK_CRYPTO_DISALLOWED dcesrv_netr_ServerAuthenticate3_check_downgrade()
will return DOWNGRADE_DETECTED with negotiate_flags = 0, if AES was not
negotiated...
And if AES was negotiated there's no harm in returning the ARCFOUR
flag...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit a0bc372dee68ad255da005d2e2078da754bbef2a)
- - - - -
8cf7bf9f by Stefan Metzmacher at 2024-11-13T08:41:11+00:00
netlogon.idl: the capabilities in query_level=2 are the ones send by the client
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 86176598eee4c83dc63a9dac163f32c886477129)
- - - - -
ced6cbfa by Stefan Metzmacher at 2024-11-13T08:41:11+00:00
libcli/auth: remove unused netlogon_creds_client_init_session_key()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit cf0e07a3d2a085d31f7d682633af9ec57c155e57)
- - - - -
6f1d556b by Stefan Metzmacher at 2024-11-13T08:41:11+00:00
libcli/auth: make use of netlogon_creds_cli_store_internal() in netlogon_creds_cli_auth_srvauth_done()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 69cb9aea67de0613f467f7ce2d460364ff2be241)
- - - - -
48acce5d by Stefan Metzmacher at 2024-11-13T08:41:11+00:00
libcli/auth: don't allow any unexpected upgrades of negotiate_flags
Only remove the unsupported flags from state->current_flags for
the next try...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit a9040c8ce76cb9911c4c0c5d623cc479e49f460d)
- - - - -
d73e6c7a by Stefan Metzmacher at 2024-11-13T08:41:11+00:00
libcli/auth: if we require aes we don't need to require arcfour nor strong key
But we can send arcfour and strong key on the wire and don't need to
remove them from the proposed flags.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 3da40f1c6818550eb08a6d7d680c213c3f1d0649)
- - - - -
ea1bb195 by Stefan Metzmacher at 2024-11-13T08:41:11+00:00
libcli/auth: use a LogonControl after a LogonGetCapabilities downgrade
If LogonGetCapabilities was downgraded by an DCERPC Fault, we
rely on the schannel message ordering to detect failures.
Instead of letting any real winbindd request trigger this,
we do it directly in netlogon_creds_cli_check() with
a LogonControl that is also used for 'wbinfo --ping-dc'.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 276137e950696fbf36450dceebd6c0250c6242d0)
- - - - -
9265852e by Stefan Metzmacher at 2024-11-13T08:41:11+00:00
libcli/auth: use netr_LogonGetCapabilities query_level=2 to verify the proposed capabilities
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 25a2105ca7816c47a9c4a7fded88a922e4ccf88b)
- - - - -
59d8a871 by Stefan Metzmacher at 2024-11-13T08:41:11+00:00
s4:librpc/rpc: do LogonControl after LogonGetCapabilities downgrade
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 24de5d1cbd25fabae6b01565907b53f5e51ea06d)
- - - - -
41be718d by Stefan Metzmacher at 2024-11-13T08:41:11+00:00
s4:librpc/rpc: don't allow any unexpected upgrades of negotiate_flags
Only remove the unsupported flags from local_negotiate_flags for
the next try...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 69b0cbd13d06fa640a900acab6757425b5b77cac)
- - - - -
5c7301f7 by Stefan Metzmacher at 2024-11-13T08:41:11+00:00
s4:librpc/rpc: define required schannel flags and enforce them
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 25294685b1c2c8652f0ca0220e8f3729e0b347e2)
- - - - -
83e9f281 by Stefan Metzmacher at 2024-11-13T08:41:11+00:00
s4:librpc/rpc: use netr_LogonGetCapabilities query_level=2 to verify the proposed capabilities
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 0b6ac4b082ddec5dae1392537727f3a7123ec279)
- - - - -
c2796abf by Stefan Metzmacher at 2024-11-13T08:41:11+00:00
s4:torture/rpc/netlogon: adjust test_netlogon_capabilities query_level=2 to request_flags
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit d174b6595a962230bf71cc5c2f512a2c93a4cc1b)
- - - - -
b5bf7bc3 by Stefan Metzmacher at 2024-11-13T08:41:12+00:00
s3:cli_netlogon: let rpccli_connect_netlogon() use force_reauth = true on retry
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 7f478656dcf08619bc3a7ad390c7db3bfdef924e)
- - - - -
f4edcf3d by Stefan Metzmacher at 2024-11-13T08:41:12+00:00
s4:dsdb/common: samdb_confirm_rodc_allowed_to_repl_to() only needs a const sid
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit c9eaf5e22de730f1e7575f6697f32dbb377eae06)
- - - - -
d197dd52 by Stefan Metzmacher at 2024-11-13T08:41:12+00:00
s3:rpc_server/netlogon: add client_sid helper variables
This will make the following changes simpler...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit eda3728a4079c5399f693b1d68e64e5660647c72)
- - - - -
e03e2f76 by Stefan Metzmacher at 2024-11-13T08:41:12+00:00
s4:rpc_server/netlogon: add client_sid helper variables
This will make the following changes simpler...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 2e8949495f601d3fd117cceccd1b464a6ae43251)
- - - - -
1a692889 by Stefan Metzmacher at 2024-11-13T08:41:12+00:00
libcli/auth: pass client_sid to netlogon_creds_server_init()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit c2ef866fca296c8f3eb1620fdd2bb9bf289d96fc)
- - - - -
58f657ba by Stefan Metzmacher at 2024-11-13T08:41:12+00:00
libcli/auth: split out netlogon_creds_CredentialState_extra_info
As server we are free to change the netlogon_creds_CredentialState
database record format at will as it uses CLEAR_IF_FIRST.
For now that format doesn't really changes, because we
only move dom_sid into a wrapper structure.
In order to avoid changing all callers in this commit,
we maintain creds->sid as in memory pointer.
In the following patches we'll also use it in order
to store client related information...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 518f57b93bdb84900d3b58cd94bdf1046f82a5a6)
- - - - -
114e3691 by Stefan Metzmacher at 2024-11-13T08:41:12+00:00
librpc/rpc: make use of creds->ex->client_sid in dcesrv_netr_check_schannel_get_state()
creds->sid will be removed soon.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 453587fbc1ef74a3b997235e84040553261fa13e)
- - - - -
39399a49 by Stefan Metzmacher at 2024-11-13T08:41:12+00:00
s3:rpc_server/netlogon: make use of creds->ex->client_sid
creds->sid will be removed soon...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 88a84d9330d2bb03176f888a0d8e5066e1e21bf6)
- - - - -
72be93b6 by Stefan Metzmacher at 2024-11-13T08:41:12+00:00
s4:rpc_server/netlogon: make use of creds->ex->client_sid
creds->sid will be removed soon...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 4533afc9e12c4dbbc7d11c13e775888c113d497c)
- - - - -
a0ad07e8 by Stefan Metzmacher at 2024-11-13T08:41:12+00:00
libcli/auth: remove unused creds->sid
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit a9308c490cb5ec8908a3e4c13e2ce8a08b9027e9)
- - - - -
c6bfa4db by Stefan Metzmacher at 2024-11-13T08:41:12+00:00
libcli/auth: remember client_requested_flags and auth_time in netlogon_creds_server_init()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit dfbc5e5a19420311eac3db5ede1c665a9198395d)
- - - - -
47e5aa1e by Stefan Metzmacher at 2024-11-13T08:41:12+00:00
s3:rpc_server/netlogon: implement netr_LogonGetCapabilities query_level=2
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 484a046d8e179a3b21ead8b5bc3660095314e816)
- - - - -
1fecabdd by Stefan Metzmacher at 2024-11-13T08:41:12+00:00
s4:rpc_server/netlogon: implement netr_LogonGetCapabilities query_level=2
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit fd4b027511b18615e215b66183f95b54bcab683e)
- - - - -
ef69f555 by Stefan Metzmacher at 2024-11-13T08:41:12+00:00
s4:torture/rpc: let test_netlogon_capabilities() fail on legacy servers
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 498fc88c155b57a0de6150c3b1e3cfcac181d45b)
- - - - -
46b7eb77 by Stefan Metzmacher at 2024-11-13T08:41:12+00:00
libcli/auth: also use netlogon_creds_CredentialState_extra_info for the client
In order to allow backports and cluster updates we simulate a
dom_sid, so that the old code is able to parse the blob.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 8b972fea0978101575f847eac33b09d2fd8d02e7)
- - - - -
dcd3c2b9 by Stefan Metzmacher at 2024-11-13T08:41:12+00:00
libcli/auth: let netlogon_creds_cli_store_internal() use talloc_stackframe()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 17394ed7bbf8fa50570a5732f1ce84ccd5e69393)
- - - - -
57c1fb90 by Stefan Metzmacher at 2024-11-13T08:41:12+00:00
libcli/auth: let netlogon_creds_cli_store_internal check netlogon_creds_CredentialState_legacy
Before storing the structure into a ctdb managed volatile database
we check against netlogon_creds_CredentialState_legacy (the structure
used before recent changes). This makes sure unpatched cluster nodes
would not get a parsing error.
We'll remove this again in master when we try to implement
netr_ServerAuthenticateKerberos() and the related changes
to netlogon_creds_CredentialState, which will break the compat...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 3792fe372884aad6ea2893f2e62629dd1cddc129)
- - - - -
d7b7db05 by Stefan Metzmacher at 2024-11-13T08:41:12+00:00
libcli/auth: split out netlogon_creds_alloc()
Review with: git show --patience
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit e9767315cf06bcb257b40014441dd4cd9aad0fb0)
- - - - -
769588b2 by Stefan Metzmacher at 2024-11-13T08:41:12+00:00
s4:dsdb/common: dsdb_trust_get_incoming_passwords only needs a const ldb_message
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit f92def2f943917d8946b03f71fcf676998701815)
- - - - -
30d744d0 by Stefan Metzmacher at 2024-11-13T08:41:12+00:00
s4:rpc_server/netlogon: split out dcesrv_netr_ServerAuthenticateGeneric()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit e4132c492ded7cadc60371b524e72e41f71f75e9)
- - - - -
c7166d2d by Stefan Metzmacher at 2024-11-13T08:41:12+00:00
dcesrv_core: add DCESRV_NOT_USED_ON_WIRE() helper macro
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 01577b93cbb0a26aba3209cde69475be2e1c5fb8)
- - - - -
2a210ec5 by Stefan Metzmacher at 2024-11-13T08:41:12+00:00
s3:rpc_server: add DCESRV_COMPAT_NOT_USED_ON_WIRE() helper macro
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 62afadb3ebac49a684fb0e5a1beb6d7db6f5e515)
- - - - -
553db707 by Stefan Metzmacher at 2024-11-13T08:41:12+00:00
netlogon.idl: add netr_ServerAuthenticateKerberos() and related stuff
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit de8de55a5fee573d0718fa8dd13168a4f0a14614)
- - - - -
44109378 by Stefan Metzmacher at 2024-11-13T08:41:12+00:00
libcli/auth: pass auth_{type,level} to netlogon_creds_{de,en}crypt_samlogon_validation()
This will be needed when we implement netr_ServerAuthenticateKerberos...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit a56356e399339d5bce2e699431cd3e6186229170)
- - - - -
4da8ed66 by Stefan Metzmacher at 2024-11-13T08:41:12+00:00
libcli/auth: pass auth_{type,level} to netlogon_creds_{de,en}crypt_samlogon_logon()
This will be needed when we implement netr_ServerAuthenticateKerberos...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 3d4ea276bdf44202250246cd6edae2bc17e92c74)
- - - - -
ee30900e by Stefan Metzmacher at 2024-11-13T08:41:12+00:00
libcli/auth: add netlogon_creds_{de,en}crypt_samr_Password()
These will simplify adding the logic for netr_ServerAuthenticateKerberos...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 851a9b18eccece64c3ae0cedd7c7b26a44f0eec6)
- - - - -
a67f2340 by Stefan Metzmacher at 2024-11-13T08:41:12+00:00
libcli/auth: add netlogon_creds_{de,en}crypt_samr_CryptPassword()
These will simplify adding the logic for netr_ServerAuthenticateKerberos...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 8eb95a155de396981375c7f11221695fd3c7f9d5)
- - - - -
1942021a by Stefan Metzmacher at 2024-11-13T08:41:12+00:00
libcli/auth: add netlogon_creds_{de,en}crypt_SendToSam()
These will simplify adding the logic for netr_ServerAuthenticateKerberos...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit b8681c165731666bb5eed073ab862490c33ea095)
- - - - -
63cd352c by Stefan Metzmacher at 2024-11-13T08:41:12+00:00
pycredentials: make use of netlogon_creds_encrypt_samr_CryptPassword in py_creds_encrypt_netr_crypt_password
These will simplify adding the logic for netr_ServerAuthenticateKerberos...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit ea792fa342deebefa75b77832c9057924cdcb6f6)
- - - - -
16486fc8 by Stefan Metzmacher at 2024-11-13T08:41:12+00:00
pycredentials: add py_creds_encrypt_netr_PasswordInfo helper
This will replace py_creds_encrypt_samr_password in the next steps
and prepares the introduction of netr_ServerAuthenticateKerberos().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit fac378485f5f15ac0a11c3d82207c4bc780bfb80)
- - - - -
986e8531 by Stefan Metzmacher at 2024-11-13T08:41:12+00:00
python/tests: use encrypt_netr_PasswordInfo in KDCBaseTest._test_samlogon()
This will make it easier to implement netr_ServerAuthenticateKerberos()
later...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit e7d57fc6e992ca212b834d5dd4d381244bca55c6)
- - - - -
104dd940 by Stefan Metzmacher at 2024-11-13T08:41:12+00:00
libcli/auth: make netlogon_creds_des_{de,en}crypt_LMKey() static
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 1edcd5df80bdbc4d4da5bdd5e534d7a17ec61f77)
- - - - -
44803568 by Stefan Metzmacher at 2024-11-13T08:41:12+00:00
libcli/auth: make use of netlogon_creds_encrypt_samr_CryptPassword
This will help when implementing netr_ServerAuthenticateKerberos()...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 285ec9ecde712e40e6f0981bcb379ee911bfe9d8)
- - - - -
c39ab113 by Stefan Metzmacher at 2024-11-13T08:41:12+00:00
libcli/auth: make use of netlogon_creds_encrypt_SendToSam
This will help when implementing netr_ServerAuthenticateKerberos()...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 2bd77ff7314932dc4116773731a810fe0f7ce4b7)
- - - - -
423ee427 by Stefan Metzmacher at 2024-11-13T08:41:12+00:00
libcli/auth: make use of netlogon_creds_{de,en}crypt_samr_Password
This will make it easier to implement netr_ServerAuthenticateKerberos() later...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit e92d0509d6b4d7f86e8626ba8c5efc5b786823f1)
- - - - -
7664466f by Stefan Metzmacher at 2024-11-13T08:41:12+00:00
s4:torture/rpc: make use of netlogon_creds_encrypt_samlogon_logon()
This will make it easier to catch all places where we need to
implement the logic for netr_ServerAuthenticateKerberos...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 1666d1d74dec3978837ab49f8749d59c0abcf595)
- - - - -
c944d1fc by Stefan Metzmacher at 2024-11-13T08:41:12+00:00
s4:torture/rpc: make use of netlogon_creds_decrypt_samlogon_validation()
This will make it easier to implement netr_ServerAuthenticateKerberos() later...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit a177d15c875030dfc6c11ead3ec3a3ec851261cb)
- - - - -
a8e5bbb2 by Stefan Metzmacher at 2024-11-13T08:41:12+00:00
s4:torture/rpc: make use of netlogon_creds_encrypt_samr_CryptPassword()
This will make it easier to implement netr_ServerAuthenticateKerberos() later...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 2d7a47a175337729f4c671d7a6223f6e0ea23ebe)
- - - - -
fea3d0c5 by Stefan Metzmacher at 2024-11-13T08:41:12+00:00
s4:torture/rpc: make use of netlogon_creds_{de,en}crypt_samr_Password
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 172ce406d48916c57f0742b6a0e064ac170ec8ff)
- - - - -
cedcfa31 by Stefan Metzmacher at 2024-11-13T08:41:12+00:00
s3:rpc_server/netlogon: make use of netlogon_creds_{de,en}crypt_samr_Password
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 550d20fd3dd04397b3a38f8b9e0cfa574453eea1)
- - - - -
9b2c2de4 by Stefan Metzmacher at 2024-11-13T08:41:12+00:00
s3:rpc_server/netlogon: make use of netlogon_creds_decrypt_samr_CryptPassword()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit a359b4139c8043ee3c3277b7559cb6d4f58f4044)
- - - - -
51dca749 by Stefan Metzmacher at 2024-11-13T08:41:12+00:00
s4:rpc_server/netlogon: make use of netlogon_creds_{de,en}crypt_samr_Password()
This will make it easier to implement netr_ServerAuthenticateKerberos() later...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 7a7cb0d0426a891185f5acf825573d98360e98e1)
- - - - -
9f363518 by Stefan Metzmacher at 2024-11-13T08:41:12+00:00
s4:rpc_server/netlogon: make use of netlogon_creds_decrypt_samr_CryptPassword
This will make it easier to implement netr_ServerAuthenticateKerberos() later...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit f1c1b8661a9121e1ff02784955c98d9f33bca8bd)
- - - - -
f93fc1e6 by Stefan Metzmacher at 2024-11-13T08:41:12+00:00
s4:rpc_server/netlogon: make use of netlogon_creds_decrypt_SendToSam
This will make it easier to implement netr_ServerAuthenticateKerberos() later...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 834197dafef0f3779ba69c8e350cbd7bb9333284)
- - - - -
57b89727 by Stefan Metzmacher at 2024-11-13T08:41:12+00:00
libcli/auth: return INVALID_PARAMETER for DES in netlogon_creds_{de,en}crypt_samlogon_logon
For the NetlogonGenericInformation case we want an error instead of no
encryption if only DES was negotiated...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 131f5c0b251e456c466eaca744525504e1d69492)
- - - - -
15fad537 by Stefan Metzmacher at 2024-11-13T08:41:12+00:00
libcli/auth: pass auth_{type,level} to schannel_check_creds_state()
This will make it easier to implement netr_ServerAuthenticateKerberos() later...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 7b02fb50143ba5044605ec67ed41180391835dcb)
- - - - -
1edb9848 by Stefan Metzmacher at 2024-11-13T08:41:12+00:00
libcli/auth: pass auth_{type,level} to netlogon_creds_server_step_check()
This will make it easier to implement netr_ServerAuthenticateKerberos() later...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 2956c7eb3c9fc2161fd2748e5aac1fc94478e8c7)
- - - - -
bd505853 by Stefan Metzmacher at 2024-11-13T08:41:12+00:00
libcli/auth: split out netlogon_creds_client_verify() that takes auth_{type,level}
This will make it easier to implement netr_ServerAuthenticateKerberos()
later...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 45faf6c35a033ec46a546dfb9d5d6aeb2fb2b83c)
- - - - -
4fb7226f by Stefan Metzmacher at 2024-11-13T08:41:12+00:00
libcli/auth: make use of netlogon_creds_client_verify()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 1a5984ac6312b204b51590057b8327cf4698383b)
- - - - -
10e8e230 by Stefan Metzmacher at 2024-11-13T08:41:12+00:00
s4:librpc/rpc: make use of netlogon_creds_client_verify()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 132629ee3a9b73d0888d1110e4d0a45ded778e5a)
- - - - -
97c14561 by Stefan Metzmacher at 2024-11-13T08:41:12+00:00
libcli/auth: let netlogon_creds_copy() copy all scalar elements
This version is good for now, as we want it to be backportable.
For master we'll add a ndr_deepcopy_struct() helper in order
to avoid future problems.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 8edbdd65ef78e3f26357d0254b58db3120a32880)
- - - - -
f4447072 by Stefan Metzmacher at 2024-11-13T08:41:12+00:00
libcli/auth: split out netlogon_creds_cli_check_transport()
This will make it easier to implement netr_ServerAuthenticateKerberos()
later...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 7a5ad9f64a905f5744430c6e0796c646baf9432e)
- - - - -
193dc024 by Stefan Metzmacher at 2024-11-13T10:05:15+00:00
libcli/auth: make use of netlogon_creds_cli_check_transport() in more places
This was somehow missing in commit
7a5ad9f64a905f5744430c6e0796c646baf9432e
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Thu Nov 7 09:14:33 UTC 2024 on atb-devel-224
(cherry picked from commit f340dce6546a22d857cad440f8afaee9815dbdb1)
Autobuild-User(v4-21-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-21-test): Wed Nov 13 10:05:15 UTC 2024 on atb-devel-224
- - - - -
0c3379c5 by Pavel Filipenský at 2024-11-14T14:06:52+00:00
examples:winexe: Initialize Trustee.ptstrName at the right time
This is a regression of a39cb60 examples:winexe: Fully initialize EXPLICIT_ACCESS
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15752
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky at samba.org>
Autobuild-Date(master): Wed Nov 13 15:47:40 UTC 2024 on atb-devel-224
(cherry picked from commit 50f3273e8283c9dabeca3c899b90ad831657b12a)
Autobuild-User(v4-21-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-21-test): Thu Nov 14 14:06:52 UTC 2024 on atb-devel-224
- - - - -
60887603 by Michael Tokarev at 2024-11-16T19:47:36+03:00
enable winexe binary (#1081269)
- - - - -
10eb6e30 by Michael Tokarev at 2024-11-18T10:06:14+03:00
d/control: provide Breaks/Replaces for winexe in kali linux (#1081269)
- - - - -
6afa2ce5 by Ralph Boehme at 2024-11-20T09:55:08+00:00
smbd: avoid a panic in close_directory()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15754
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Mon Nov 18 12:43:28 UTC 2024 on atb-devel-224
(backported from commit f86d1a35917cdcc07b2fa741c6a369aaad24abaf)
[slow at samba.org: context changes from Directory Leases]
Autobuild-User(v4-21-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-21-test): Wed Nov 20 09:55:08 UTC 2024 on atb-devel-224
- - - - -
56818428 by Michael Tokarev at 2024-11-25T15:31:47+03:00
swallow python3-ldb by python3-samba (and remove python3-ldb-dev)
python3-ldb contains python3 bindings for libldb, used internally
by samba. Move the bindings into python3-samba package and drop
python3-ldb. Also remove (former) python3-ldb-dev since nothing
actually depends on it.
Align Replaces: field of python3-samba.
- - - - -
55a584e9 by Michael Tokarev at 2024-11-25T15:32:17+03:00
d/rules: drop mis-using --bundled-libraries configure option
- - - - -
c08eda58 by Michael Tokarev at 2024-11-25T15:32:17+03:00
d/samba.postinst: replace test for /usr/bin/deb-systemd-helper file with command -v (lintian)
- - - - -
650ce39d by Martin Schwenke at 2024-11-25T12:38:16+00:00
ctdb-scripts: Don't list connections when not hosting IPs
With an empty IP filter, all incoming connections to port 2049 will be
listed, not just those to public IP addresses. This causes error
messages like the following to be logged:
ctdb-eventd[...]: 60.nfs: Failed to add 1 tickles
since the connection being added seems to be for a random NFS mount
that doesn't use a public IP addresses.
This has been a problem for a long time (probably since commit
04fe9e20749985c71fef1bce7f6e4c439fe11c81 in 2015). It isn't currently
a huge deal because it only affects NFS connections. However, this
code will soon be used to track connections to public IP addresses on
all ports. This would result in a constant stream of log messages,
since there will always be some active connections.
The theory behind the fix is that if a node hosts no public IPs then
it should have no relevant connections and has no business changing
the list of registered tickles.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15320
RN: Update CTDB to track all TCP connections to public IP addresses
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jerry Heyman <jheyman at ddn.com>
(cherry picked from commit 1a4a6c46f1cdabfea67c264d6576a597a70c3007)
- - - - -
0a571a6d by Martin Schwenke at 2024-11-25T12:38:16+00:00
ctdb-scripts: update_tickles() should use the public IPs cache
This avoids duplicating logic.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15320
RN: Update CTDB to track all TCP connections to public IP addresses
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jerry Heyman <jheyman at ddn.com>
(cherry picked from commit b3e2c69ad92c0d20bb10146d2dd6d0d475455298)
- - - - -
5920d471 by Martin Schwenke at 2024-11-25T12:38:16+00:00
ctdb-scripts: Remove superseded compatibility code
Since commit 224e99804efef960ef4ce2ff2f4f6dced1e74146, square brackets
have been parsed by daemon and tool code, so drop the compatibility
code from here.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15320
RN: Update CTDB to track all TCP connections to public IP addresses
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jerry Heyman <jheyman at ddn.com>
(cherry picked from commit 32e4f786601712e57992ce4c8f46e5d38620a5dd)
- - - - -
84deecc5 by Martin Schwenke at 2024-11-25T12:38:16+00:00
ctdb-scripts: Use ss -H option to simplify
This option has been available since ~2018 and has been implemented in
the stub since then. I guess we didn't use it because CentOS 7?
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15320
RN: Update CTDB to track all TCP connections to public IP addresses
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jerry Heyman <jheyman at ddn.com>
(cherry picked from commit 0505d06b12a04a5c5e813fb3f4799278f9e5b7eb)
- - - - -
7791375c by Martin Schwenke at 2024-11-25T12:38:16+00:00
ctdb-server: Clean up connection tracking functions
Apply README.Coding, modernise logging, pre-render connection as a
string for logging, switch terminology from "tickle" to "connection",
tidy up comments.
No changes in functionality.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15320
RN: Update CTDB to track all TCP connections to public IP addresses
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jerry Heyman <jheyman at ddn.com>
(cherry picked from commit 3c19c8df778070705485b3c993e695ca1636bfa7)
- - - - -
c6c0722c by Martin Schwenke at 2024-11-25T12:38:16+00:00
ctdb-server: Drop a log message to DEBUG level
This is harmless, so it doesn't generally need to be logged.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15320
RN: Update CTDB to track all TCP connections to public IP addresses
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jerry Heyman <jheyman at ddn.com>
(cherry picked from commit f4a8f84328c5e692ce63bec05bb71fcb469a3e9c)
- - - - -
f5fc8aa7 by Martin Schwenke at 2024-11-25T12:38:16+00:00
ctdb-scripts: Move connection tracking to 10.interface
This should really be done for all connections to public IP addresses.
Leave the port number there for now - this is just the first step.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15320
RN: Update CTDB to track all TCP connections to public IP addresses
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jerry Heyman <jheyman at ddn.com>
(cherry picked from commit 9683bb3ac2bbdf0e83c3be3681f9d1c8ee7cc327)
- - - - -
53df2b78 by Martin Schwenke at 2024-11-25T12:38:16+00:00
ctdb-scripts: Get connections after tickle list
Running ss to get current connections before running ctdb gettickles
means the ss output might be out of date when the 2 lists are
compared. Some tickles might have been added after ss was run by some
other means (e.g. SMB tickles, added internally) and they would be
deleted according to the stale ss output.
This isn't currently a problem because update_tickles() is currently
only called with port 2049, so all tickles are managed by this code.
That will change in a subsequent commit.
Changing the order means the reverse problem can occur, where
update_tickles() attempts to delete an already deleted tickle. That
may happen occasionally but is harmless because it doesn't result in
missing information. It (currently) just causes a message to be
logged at DEBUG level.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15320
RN: Update CTDB to track all TCP connections to public IP addresses
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jerry Heyman <jheyman at ddn.com>
(cherry picked from commit c3695722b6316b624aa6c44cad4f44279303d1b1)
- - - - -
3331452f by Michael Tokarev at 2024-11-25T16:15:21+03:00
d/libldb2.lintian-overrides: remove overrides which were needed for compat symlink with older ldb in separate source
- - - - -
95a33820 by Michael Tokarev at 2024-11-25T16:29:21+03:00
d/samba.install: stop shipping log2pcap.1 (the tool is not installed)
- - - - -
8da34956 by Martin Schwenke at 2024-11-25T14:09:18+00:00
ctdb-scripts: Track connections for all ports for public IPs
Currently TCP ports like NFS lock manager are not tracked. It is
easier to track all connections than to add a configuration system to
try to track specified ports, so do that.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15320
RN: Update CTDB to track all TCP connections to public IP addresses
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jerry Heyman <jheyman at ddn.com>
(cherry picked from commit 590a86dbe4adf45ac8d15497934e25ea98148034)
Autobuild-User(v4-21-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-21-test): Mon Nov 25 14:09:18 UTC 2024 on atb-devel-224
- - - - -
c8e1d816 by Jule Anger at 2024-11-25T16:01:01+01:00
WHATSNEW: Add release notes for Samba 4.21.2.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
d6715276 by Jule Anger at 2024-11-25T16:01:38+01:00
VERSION: Disable GIT_SNAPSHOT for the 4.21.2 release.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
8b9d9241 by Michael Tokarev at 2024-11-25T18:23:57+03:00
d/rules: rename LDB_* vars to ldb-, and use common var for -Vldb:Version
rename:
LDB_VERSION => ldb-upstream-version
LDB_DEB_VERSION => ldb-version (to match ldb:Version variable)
LDB_PACKAGES => ldb-packages
set ldb-upstream-checked to the last version of upstream libldb
to verify it later
use extra-version-vars to hold -Vldb:Version= assignment (used in 2 places)
also move before-trixie assignment a bit earlier
- - - - -
0877613f by Michael Tokarev at 2024-11-25T18:31:08+03:00
move-msg.sock-from-var-lib-samba-to-run-samba.patch: update to cover failing tests
- - - - -
bee218ee by Michael Tokarev at 2024-11-25T18:33:51+03:00
New upstream version 4.21.2+dfsg
- - - - -
150211f5 by Michael Tokarev at 2024-11-25T18:34:10+03:00
Update upstream source from tag 'upstream/4.21.2+dfsg'
Update to upstream version '4.21.2+dfsg'
with Debian dir 417647ecf057e324a36bfe0f7c0cbce2971563cc
- - - - -
22a25ac4 by Michael Tokarev at 2024-11-25T19:09:32+03:00
d/control: also list python3-ldb-dev in Replaces: for python3-samba (avoids lintian warning)
- - - - -
aba4e49f by Michael Tokarev at 2024-11-25T19:14:24+03:00
d/control: s/gcc-mingw-w64/gcc-mingw-w64-i686-win32, gcc-mingw-w64-x86-64-win32/ - only 2 compilers instead of 4
- - - - -
f9e20350 by Michael Tokarev at 2024-11-25T19:21:58+03:00
update changelog; upload version 4.21.2+dfsg-1 to unstable
- - - - -
30 changed files:
- VERSION
- WHATSNEW.txt
- auth/credentials/pycredentials.c
- auth/gensec/spnego.c
- auth/ntlmssp/ntlmssp.c
- auth/ntlmssp/ntlmssp_client.c
- auth/ntlmssp/ntlmssp_server.c
- ctdb/config/events/legacy/10.interface.script
- ctdb/config/events/legacy/60.nfs.script
- ctdb/config/functions
- ctdb/server/ctdb_takeover.c
- debian/changelog
- debian/control
- debian/libldb2.lintian-overrides
- debian/not-installed
- debian/patches/move-msg.sock-from-var-lib-samba-to-run-samba.patch
- − debian/python3-ldb.install
- debian/python3-samba.install
- debian/rules
- debian/samba-common-bin.install
- debian/samba.install
- debian/samba.postinst
- examples/winexe/winexesvc.c
- libcli/auth/credentials.c
- libcli/auth/libcli_auth.h
- libcli/auth/netlogon_creds_cli.c
- libcli/auth/proto.h
- libcli/auth/schannel_state.h
- libcli/auth/schannel_state_tdb.c
- librpc/idl/netlogon.idl
The diff was not included because it is too large.
View it on GitLab: https://salsa.debian.org/samba-team/samba/-/compare/1a10b0b82953755e53eb3888357f345cc8a38c71...f9e203504ab75d3a601373811e4014b042db4ed4
--
View it on GitLab: https://salsa.debian.org/samba-team/samba/-/compare/1a10b0b82953755e53eb3888357f345cc8a38c71...f9e203504ab75d3a601373811e4014b042db4ed4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-samba-maint/attachments/20241125/15cfda59/attachment-0001.htm>
More information about the Pkg-samba-maint
mailing list