The branch, v4-19-stable has been updated via 7bef2f7f1c8 VERSION: Disable GIT_SNAPSHOT for the 4.19.5 release. via 8ffa5ab1783 WHATSNEW: Add release notes for Samba 4.19.5. via 60514eb6836 python:gp: Fix logging with gp via d3061f5e940 gpo: Do not get templates list on first run via 90cf23e1cca gpo: Decode base64 root cert before importing via a50016bc7ae gpo: Test certificate policy without NDES via 41cd6b95d49 python: Fix invalid escape sequences via 84020efb1fe smbd: use dirfsp and atname in open_directory() via 4477e23de60 smbd: use safe_symlink_target_path() in symlink_target_below_conn() via cd4df6ae432 smbd: add a directory argument to safe_symlink_target_path() via 90ae1e8f625 smbd: pass symlink target path to safe_symlink_target_path() via 4c4f086dfdb CI: disable /proc/fds and RESOLVE_NO_SYMLINK in samba-no-opath-build runner via 1dff1340c12 vfs_default: allow disabling /proc/fds and RESOLVE_NO_SYMLINK at compile time via 445637d0f4c gp: Skip site GP list if no site is found via 283ff41ee92 s3:passdb: smbpasswd reset permissions only if not 0600 via 9c43625c47e system.c: fix fake directory create times via a86c1087681 time.c: fix ctime which was feeded with the mtime seconds via df025598884 python:gp: Print a nice message if cepces-submit can't be found via de32d94ca87 gp: Send list of keys instead of dict to remove via 93735e8a9b0 gp: Test disabled enrollment unapplies policy via 28b1fe5eac4 gp: Template changes should invalidate cache via dfbe7494683 gp: Test adding new cert templates enforces changes via 6dba94a3ab0 gp: Convert CA certificates to base64 via 9db01a2c729 gp: Test with binary content for certificate data via 0dd51b02e8f gp: Change root cert extension suffix via f9975df8414 gp: Support update-ca-trust helper via 9ab2eb21141 gp: Support more global trust directories via cfbaab5654c smbd: move access override for previous versions to the SMB layer via 0874d3ab3e1 smbd: check for previous versions in check_any_access_fsp() via f5eb449cac8 smbd: use check_any_access_fsp() for all access checks via 44396d7bade smbd: replace CHECK_WRITE() macro with calls to check_any_access_fsp() via bfa5f178099 smbd: set fsp->fsp_flags.can_write to false for access to previous-versions via 0352aae6ea1 smbd: return correct error when trying to create a hardlink to a VSS file via 8318428f3f8 smbd: fix check_any_access_fsp() for non-fsa fsps via 0f865a34f1a smbd: rename check_access_fsp() to check_any_access_fsp() via 9ee7991d97d smbd: set fsp_flags.is_fsa to true on printer file handles via b8383780249 smbd: return the correct error in can_rename() via a510fc46bcd smbtorture: expand smb2.twrp.write test via bb9aea6a7e6 s4/libcli/raw: implemement RAW_SFILEINFO_LINK_INFORMATION via b6c2c26e9ba selftest: remove error_inject from shadow_write share via b9f60718ccd VERSION: Bump version up to Samba 4.19.5... from 95474d8589e VERSION: Disable GIT_SNAPSHOT for the 4.19.4 release.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-19-stable - Log ----------------------------------------------------------------- ----------------------------------------------------------------------- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 66 ++++++- lib/util/time.c | 2 +- python/samba/gp/gp_cert_auto_enroll_ext.py | 79 +++++--- python/samba/gp/gpclass.py | 30 +-- python/samba/gp/util/logging.py | 5 +- python/samba/graph.py | 2 +- python/samba/tests/bin/cepces-submit | 3 +- python/samba/tests/gpo.py | 300 +++++++++++++++++++++++++---- python/samba/tests/samba_tool/gpo.py | 2 +- script/autobuild.py | 2 +- selftest/skip.opath-required | 4 + selftest/target/Samba3.pm | 4 +- source3/include/proto.h | 6 + source3/include/smb_macros.h | 5 - source3/lib/system.c | 1 + source3/modules/offload_token.c | 7 +- source3/modules/vfs_acl_common.c | 7 +- source3/modules/vfs_default.c | 6 + source3/modules/vfs_nfs4acl_xattr.c | 7 +- source3/modules/vfs_shadow_copy2.c | 30 +-- source3/passdb/pdb_smbpasswd.c | 36 +++- source3/printing/printspoolss.c | 1 + source3/smbd/dir.c | 5 +- source3/smbd/dosmode.c | 20 +- source3/smbd/file_access.c | 10 +- source3/smbd/filename.c | 85 ++++---- source3/smbd/files.c | 3 + source3/smbd/notify.c | 5 +- source3/smbd/open.c | 120 ++++++------ source3/smbd/proto.h | 4 +- source3/smbd/smb1_reply.c | 37 ++-- source3/smbd/smb2_flush.c | 7 +- source3/smbd/smb2_getinfo.c | 8 +- source3/smbd/smb2_ioctl_filesys.c | 6 +- source3/smbd/smb2_nttrans.c | 45 +++-- source3/smbd/smb2_reply.c | 15 +- source3/smbd/smb2_trans2.c | 80 ++++++-- source3/smbd/smb2_write.c | 6 +- source4/libcli/raw/rawsetfileinfo.c | 14 ++ source4/torture/smb2/create.c | 245 ++++++++++++++++++++++- 41 files changed, 997 insertions(+), 325 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index af4c5a922e2..9151d8de1ce 100644 --- a/VERSION +++ b/VERSION @@ -27,7 +27,7 @@ SAMBA_COPYRIGHT_STRING="Copyright Andrew Tridgell and the Samba Team 1992-2023" ######################################################## SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=19 -SAMBA_VERSION_RELEASE=4 +SAMBA_VERSION_RELEASE=5 ######################################################## # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 1f174e9be54..79abe2da103 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,66 @@ + ============================== + Release Notes for Samba 4.19.5 + February 19, 2024 + ============================== + + +This is the latest stable release of the Samba 4.19 release series. + + +Changes since 4.19.4 +-------------------- + +o Ralph Boehme <s...@samba.org> + * BUG 13688: Windows 2016 fails to restore previous version of a file from a + shadow_copy2 snapshot. + * BUG 15549: Symlinks on AIX are broken in 4.19 (and a few version before + that). + +o Bjoern Jacke <b...@sernet.de> + * BUG 12421: Fake directory create times has no effect. + +o Björn Jacke <bja...@samba.org> + * BUG 15550: ctime mixed up with mtime by smbd. + +o David Mulder <dmul...@samba.org> + * BUG 15548: samba-gpupdate --rsop fails if machine is not in a site. + +o Gabriel Nagy <gabriel.n...@canonical.com> + * BUG 15557: gpupdate: The root cert import when NDES is not available is + broken. + +o Andreas Schneider <a...@samba.org> + * BUG 15552: samba-gpupdate should print a useful message if cepces-submit + can't be found. + * BUG 15558: samba-gpupdate logging doesn't work. + +o Jones Syue <joness...@qnap.com> + * BUG 15555: smbpasswd reset permissions only if not 0600. + + +####################################### +Reporting bugs & Development Discussion +####################################### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical:matrix.org matrix room, or +#samba-technical IRC channel on irc.libera.chat. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 4.1 and newer product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +====================================================================== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +====================================================================== + + +Release notes for older releases follow: +---------------------------------------- ============================== Release Notes for Samba 4.19.4 January 08, 2024 @@ -78,8 +141,7 @@ database (https://bugzilla.samba.org/). ====================================================================== -Release notes for older releases follow: ----------------------------------------- +---------------------------------------------------------------------- ============================== Release Notes for Samba 4.19.3 November 27, 2023 diff --git a/lib/util/time.c b/lib/util/time.c index c2a77d664d3..9393a754d73 100644 --- a/lib/util/time.c +++ b/lib/util/time.c @@ -1450,7 +1450,7 @@ struct timespec get_ctimespec(const struct stat *pst) { struct timespec ret; - ret.tv_sec = pst->st_mtime; + ret.tv_sec = pst->st_ctime; ret.tv_nsec = get_ctimensec(pst); return ret; } diff --git a/python/samba/gp/gp_cert_auto_enroll_ext.py b/python/samba/gp/gp_cert_auto_enroll_ext.py index 312c8ddf467..df3b472f5a9 100644 --- a/python/samba/gp/gp_cert_auto_enroll_ext.py +++ b/python/samba/gp/gp_cert_auto_enroll_ext.py @@ -45,10 +45,12 @@ cert_wrap = b""" -----BEGIN CERTIFICATE----- %s -----END CERTIFICATE-----""" -global_trust_dir = '/etc/pki/trust/anchors' endpoint_re = '(https|HTTPS)://(?P<server>[a-zA-Z0-9.-]+)/ADPolicyProvider' + \ '_CEP_(?P<auth>[a-zA-Z]+)/service.svc/CEP' +global_trust_dirs = ['/etc/pki/trust/anchors', # SUSE + '/etc/pki/ca-trust/source/anchors', # RHEL/Fedora + '/usr/local/share/ca-certificates'] # Debian/Ubuntu def octet_string_to_objectGUID(data): """Convert an octet string to an objectGUID.""" @@ -156,7 +158,7 @@ def fetch_certification_authorities(ldb): for es in res: data = { 'name': get_string(es['cn'][0]), 'hostname': get_string(es['dNSHostName'][0]), - 'cACertificate': get_string(es['cACertificate'][0]) + 'cACertificate': get_string(base64.b64encode(es['cACertificate'][0])) } result.append(data) return result @@ -174,8 +176,7 @@ def fetch_template_attrs(ldb, name, attrs=None): return {'msPKI-Minimal-Key-Size': ['2048']} def format_root_cert(cert): - cert = base64.b64encode(cert.encode()) - return cert_wrap % re.sub(b"(.{64})", b"\\1\n", cert, 0, re.DOTALL) + return cert_wrap % re.sub(b"(.{64})", b"\\1\n", cert.encode(), 0, re.DOTALL) def find_cepces_submit(): certmonger_dirs = [os.environ.get("PATH"), '/usr/lib/certmonger', @@ -184,17 +185,19 @@ def find_cepces_submit(): def get_supported_templates(server): cepces_submit = find_cepces_submit() - if os.path.exists(cepces_submit): - env = os.environ - env['CERTMONGER_OPERATION'] = 'GET-SUPPORTED-TEMPLATES' - p = Popen([cepces_submit, '--server=%s' % server, '--auth=Kerberos'], - env=env, stdout=PIPE, stderr=PIPE) - out, err = p.communicate() - if p.returncode != 0: - data = { 'Error': err.decode() } - log.error('Failed to fetch the list of supported templates.', data) - return out.strip().split() - return [] + if not cepces_submit or not os.path.exists(cepces_submit): + log.error('Failed to find cepces-submit') + return [] + + env = os.environ + env['CERTMONGER_OPERATION'] = 'GET-SUPPORTED-TEMPLATES' + p = Popen([cepces_submit, '--server=%s' % server, '--auth=Kerberos'], + env=env, stdout=PIPE, stderr=PIPE) + out, err = p.communicate() + if p.returncode != 0: + data = {'Error': err.decode()} + log.error('Failed to fetch the list of supported templates.', data) + return out.strip().split() def getca(ca, url, trust_dir): @@ -214,10 +217,11 @@ def getca(ca, url, trust_dir): ' installed or not configured.') if 'cACertificate' in ca: log.warn('Installing the server certificate only.') + der_certificate = base64.b64decode(ca['cACertificate']) try: - cert = load_der_x509_certificate(ca['cACertificate']) + cert = load_der_x509_certificate(der_certificate) except TypeError: - cert = load_der_x509_certificate(ca['cACertificate'], + cert = load_der_x509_certificate(der_certificate, default_backend()) cert_data = cert.public_bytes(Encoding.PEM) with open(root_cert, 'wb') as w: @@ -239,7 +243,8 @@ def getca(ca, url, trust_dir): certs = load_der_pkcs7_certificates(r.content) for i in range(0, len(certs)): cert = certs[i].public_bytes(Encoding.PEM) - dest = '%s.%d' % (root_cert, i) + filename, extension = root_cert.rsplit('.', 1) + dest = '%s.%d.%s' % (filename, i, extension) with open(dest, 'wb') as w: w.write(cert) root_certs.append(dest) @@ -249,12 +254,29 @@ def getca(ca, url, trust_dir): return root_certs +def find_global_trust_dir(): + """Return the global trust dir using known paths from various Linux distros.""" + for trust_dir in global_trust_dirs: + if os.path.isdir(trust_dir): + return trust_dir + return global_trust_dirs[0] + +def update_ca_command(): + """Return the command to update the CA trust store.""" + return which('update-ca-certificates') or which('update-ca-trust') + +def changed(new_data, old_data): + """Return True if any key present in both dicts has changed.""" + return any((new_data[k] != old_data[k] if k in old_data else False) \ + for k in new_data.keys()) + def cert_enroll(ca, ldb, trust_dir, private_dir, auth='Kerberos'): """Install the root certificate chain.""" data = dict({'files': [], 'templates': []}, **ca) url = 'http://%s/CertSrv/mscep/mscep.dll/pkiclient.exe?' % ca['hostname'] root_certs = getca(ca, url, trust_dir) data['files'].extend(root_certs) + global_trust_dir = find_global_trust_dir() for src in root_certs: # Symlink the certs to global trust dir dst = os.path.join(global_trust_dir, os.path.basename(src)) @@ -273,7 +295,7 @@ def cert_enroll(ca, ldb, trust_dir, private_dir, auth='Kerberos'): # already exists. Ignore the FileExistsError. Preserve the # existing symlink in the unapply data. data['files'].append(dst) - update = which('update-ca-certificates') + update = update_ca_command() if update is not None: Popen([update]).wait() # Setup Certificate Auto Enrollment @@ -316,7 +338,7 @@ def cert_enroll(ca, ldb, trust_dir, private_dir, auth='Kerberos'): class gp_cert_auto_enroll_ext(gp_pol_ext, gp_applier): def __str__(self): - return 'Cryptography\AutoEnrollment' + return r'Cryptography\AutoEnrollment' def unapply(self, guid, attribute, value): ca_cn = base64.b64decode(attribute) @@ -337,12 +359,13 @@ class gp_cert_auto_enroll_ext(gp_pol_ext, gp_applier): # If the policy has changed, unapply, then apply new policy old_val = self.cache_get_attribute_value(guid, attribute) old_data = json.loads(old_val) if old_val is not None else {} - if all([(ca[k] == old_data[k] if k in old_data else False) \ - for k in ca.keys()]) or \ - self.cache_get_apply_state() == GPOSTATE.ENFORCE: + templates = ['%s.%s' % (ca['name'], t.decode()) for t in get_supported_templates(ca['hostname'])] \ + if old_val is not None else [] + new_data = { 'templates': templates, **ca } + if changed(new_data, old_data) or self.cache_get_apply_state() == GPOSTATE.ENFORCE: self.unapply(guid, attribute, old_val) - # If policy is already applied, skip application - if old_val is not None and \ + # If policy is already applied and unchanged, skip application + if old_val is not None and not changed(new_data, old_data) and \ self.cache_get_apply_state() != GPOSTATE.ENFORCE: return @@ -368,7 +391,7 @@ class gp_cert_auto_enroll_ext(gp_pol_ext, gp_applier): for gpo in changed_gpo_list: if gpo.file_sys_path: - section = 'Software\Policies\Microsoft\Cryptography\AutoEnrollment' + section = r'Software\Policies\Microsoft\Cryptography\AutoEnrollment' pol_file = 'MACHINE/Registry.pol' path = os.path.join(gpo.file_sys_path, pol_file) pol_conf = self.parse(path) @@ -396,7 +419,7 @@ class gp_cert_auto_enroll_ext(gp_pol_ext, gp_applier): # remove any existing policy ca_attrs = \ self.cache_get_all_attribute_values(gpo.name) - self.clean(gpo.name, remove=ca_attrs) + self.clean(gpo.name, remove=list(ca_attrs.keys())) def __read_cep_data(self, guid, ldb, end_point_information, trust_dir, private_dir): @@ -488,7 +511,7 @@ class gp_cert_auto_enroll_ext(gp_pol_ext, gp_applier): def rsop(self, gpo): output = {} pol_file = 'MACHINE/Registry.pol' - section = 'Software\Policies\Microsoft\Cryptography\AutoEnrollment' + section = r'Software\Policies\Microsoft\Cryptography\AutoEnrollment' if gpo.file_sys_path: path = os.path.join(gpo.file_sys_path, pol_file) pol_conf = self.parse(path) diff --git a/python/samba/gp/gpclass.py b/python/samba/gp/gpclass.py index 617ef79350c..babd8f90748 100644 --- a/python/samba/gp/gpclass.py +++ b/python/samba/gp/gpclass.py @@ -866,19 +866,25 @@ def get_gpo_list(dc_hostname, creds, lp, username): # (S)ite if gpo_list_machine: - site_dn = site_dn_for_machine(samdb, dc_hostname, lp, creds, username) - try: - log.debug("get_gpo_list: query SITE: [%s] for GPOs" % site_dn) - gp_link = get_gpo_link(samdb, site_dn) - except ldb.LdbError as e: - (enum, estr) = e.args - log.debug(estr) - else: - add_gplink_to_gpo_list(samdb, gpo_list, forced_gpo_list, - site_dn, gp_link, - gpo.GP_LINK_SITE, - add_only_forced_gpos, token) + site_dn = site_dn_for_machine(samdb, dc_hostname, lp, creds, username) + + try: + log.debug("get_gpo_list: query SITE: [%s] for GPOs" % site_dn) + gp_link = get_gpo_link(samdb, site_dn) + except ldb.LdbError as e: + (enum, estr) = e.args + log.debug(estr) + else: + add_gplink_to_gpo_list(samdb, gpo_list, forced_gpo_list, + site_dn, gp_link, + gpo.GP_LINK_SITE, + add_only_forced_gpos, token) + except ldb.LdbError: + # [MS-GPOL] 3.2.5.1.4 Site Search: If the method returns + # ERROR_NO_SITENAME, the remainder of this message MUST be skipped + # and the protocol sequence MUST continue at GPO Search + pass # (L)ocal gpo_list.insert(0, gpo.GROUP_POLICY_OBJECT("Local Policy", diff --git a/python/samba/gp/util/logging.py b/python/samba/gp/util/logging.py index a74a8707d50..c3de32825db 100644 --- a/python/samba/gp/util/logging.py +++ b/python/samba/gp/util/logging.py @@ -24,9 +24,10 @@ import gettext import random import sys -logger = logging.getLogger() +logger = logging.getLogger("gp") + + def logger_init(name, log_level): - logger = logging.getLogger(name) logger.addHandler(logging.StreamHandler(sys.stdout)) logger.setLevel(logging.CRITICAL) if log_level == 1: diff --git a/python/samba/graph.py b/python/samba/graph.py index 537dc661fb3..4c4a07f47ae 100644 --- a/python/samba/graph.py +++ b/python/samba/graph.py @@ -192,7 +192,7 @@ def compile_graph_key(key_items, nodes_above=None, elisions=None, short = short[1:] long = long[1:] elision_str += ('\nelision%d[shape=plaintext; style=solid; ' - 'label="\“%s” means “%s”\\r"]\n' + 'label="\\“%s” means “%s”\\r"]\n' % ((i, short, long))) above_lines = [] diff --git a/python/samba/tests/bin/cepces-submit b/python/samba/tests/bin/cepces-submit index 668682a9f58..de63164692b 100755 --- a/python/samba/tests/bin/cepces-submit +++ b/python/samba/tests/bin/cepces-submit @@ -14,4 +14,5 @@ if __name__ == "__main__": assert opts.auth == 'Kerberos' if 'CERTMONGER_OPERATION' in os.environ and \ os.environ['CERTMONGER_OPERATION'] == 'GET-SUPPORTED-TEMPLATES': - print('Machine') # Report a Machine template + templates = os.environ.get('CEPCES_SUBMIT_SUPPORTED_TEMPLATES', 'Machine').split(',') + print('\n'.join(templates)) # Report the requested templates diff --git a/python/samba/tests/gpo.py b/python/samba/tests/gpo.py index e4b75cc62a4..a6a33ea4ba1 100644 --- a/python/samba/tests/gpo.py +++ b/python/samba/tests/gpo.py @@ -102,17 +102,21 @@ def dummy_certificate(): # Dummy requests structure for Certificate Auto Enrollment class dummy_requests(object): - @staticmethod - def get(url=None, params=None): + class exceptions(object): + ConnectionError = Exception + + def __init__(self, want_exception=False): + self.want_exception = want_exception + + def get(self, url=None, params=None): + if self.want_exception: + raise self.exceptions.ConnectionError + dummy = requests.Response() dummy._content = dummy_certificate() dummy.headers = {'Content-Type': 'application/x-x509-ca-cert'} return dummy - class exceptions(object): - ConnectionError = Exception -cae.requests = dummy_requests - realm = os.environ.get('REALM') policies = realm + '/POLICIES' realm = realm.lower() @@ -123,7 +127,7 @@ dspath = 'CN=Policies,CN=System,' + base_dn gpt_data = '[General]\nVersion=%d' gnome_test_reg_pol = \ -b""" +br""" <?xml version="1.0" encoding="utf-8"?> <PolFile num_entries="26" signature="PReg" version="1"> <Entry type="4" type_name="REG_DWORD"> @@ -260,7 +264,7 @@ b""" """ auto_enroll_reg_pol = \ -b""" +br""" <?xml version="1.0" encoding="utf-8"?> <PolFile num_entries="3" signature="PReg" version="1"> <Entry type="4" type_name="REG_DWORD"> @@ -281,8 +285,30 @@ b""" </PolFile> """ +auto_enroll_unchecked_reg_pol = \ +br""" +<?xml version="1.0" encoding="utf-8"?> +<PolFile num_entries="3" signature="PReg" version="1"> + <Entry type="4" type_name="REG_DWORD"> + <Key>Software\Policies\Microsoft\Cryptography\AutoEnrollment</Key> + <ValueName>AEPolicy</ValueName> + <Value>0</Value> + </Entry> + <Entry type="4" type_name="REG_DWORD"> + <Key>Software\Policies\Microsoft\Cryptography\AutoEnrollment</Key> + <ValueName>OfflineExpirationPercent</ValueName> + <Value>10</Value> + </Entry> + <Entry type="1" type_name="REG_SZ"> + <Key>Software\Policies\Microsoft\Cryptography\AutoEnrollment</Key> + <ValueName>OfflineExpirationStoreNames</ValueName> + <Value>MY</Value> + </Entry> +</PolFile> +""" + advanced_enroll_reg_pol = \ -b""" +br""" <?xml version="1.0" encoding="utf-8"?> <PolFile num_entries="30" signature="PReg" version="1"> <Entry type="1" type_name="REG_SZ"> @@ -316,122 +342,122 @@ b""" <Value>0</Value> </Entry> <Entry type="1" type_name="REG_SZ"> - <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\37c9dc30f207f27f61a2f7c3aed598a6e2920b54</Key> + <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\37c9dc30f207f27f61a2f7c3aed598a6e2920b54</Key> <ValueName>URL</ValueName> <Value>LDAP:</Value> </Entry> <Entry type="1" type_name="REG_SZ"> - <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\37c9dc30f207f27f61a2f7c3aed598a6e2920b54</Key> + <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\37c9dc30f207f27f61a2f7c3aed598a6e2920b54</Key> <ValueName>PolicyID</ValueName> <Value>%s</Value> </Entry> <Entry type="1" type_name="REG_SZ"> - <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\37c9dc30f207f27f61a2f7c3aed598a6e2920b54</Key> + <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\37c9dc30f207f27f61a2f7c3aed598a6e2920b54</Key> <ValueName>FriendlyName</ValueName> <Value>Example</Value> </Entry> <Entry type="4" type_name="REG_DWORD"> - <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\37c9dc30f207f27f61a2f7c3aed598a6e2920b54</Key> + <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\37c9dc30f207f27f61a2f7c3aed598a6e2920b54</Key> <ValueName>Flags</ValueName> <Value>16</Value> </Entry> <Entry type="4" type_name="REG_DWORD"> - <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\37c9dc30f207f27f61a2f7c3aed598a6e2920b54</Key> + <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\37c9dc30f207f27f61a2f7c3aed598a6e2920b54</Key> <ValueName>AuthFlags</ValueName> <Value>2</Value> </Entry> <Entry type="4" type_name="REG_DWORD"> - <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\37c9dc30f207f27f61a2f7c3aed598a6e2920b54</Key> + <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\37c9dc30f207f27f61a2f7c3aed598a6e2920b54</Key> <ValueName>Cost</ValueName> <Value>2147483645</Value> </Entry> <Entry type="1" type_name="REG_SZ"> - <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\144bdbb8e4717c26e408f3c9a0cb8d6cfacbcbbe</Key> + <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\144bdbb8e4717c26e408f3c9a0cb8d6cfacbcbbe</Key> -- Samba Shared Repository