The annotated tag, ldb-2.9.2 has been created
at df5b48e267c2a293f4a055a2ae6d0497d5a94970 (tag)
tagging 42bfbb012f9c1c9054cdfb510ae4a50a3f12b384 (commit)
replaces samba-4.20.5
tagged by Jule Anger
on Tue Nov 19 15:43:10 2024 +0100
- Log -----------------------------------------------------------------
ldb: tag release ldb-2.9.2
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAmc8o/4ACgkQR5ORYRMI
QCWBJQf+OIa3SBSYMDYhde1m1GbW4V6cTmbqYW3//D45VU4KWvspWDuLbeMVLGmS
vfYSyNDbARzgU4TW5yg05F670FPVuNr9XZ1wJjFGiwBPZehWTVNuR8+sH1FSiaEj
Tc2SeJHdJdUczTBBAw6UFMmgjzXwV285Qa7twJWApGSwnOMQGNU44hZ06SN+4P5h
AczAlSsJ7PnvpDPN81Zh2YnItUhU8MEhI0Pw355vz6cR6zJ2+3uZZaX92ysCJtwu
ZdC+04rRlgBshRwtJ5PhOcwYzTJUfEkK8w8WHx6B5pn6V1X2V3OBrFWBzg4PVEjG
B8PZqS0uhwQ2cg0XYQiWYWe90sNF0g==
=ITgM
-----END PGP SIGNATURE-----
Andréas Leroux (1):
netcmd:domain:policy: Fix missing conversion from tgt_lifetime minutes to
10^(-7) seconds
Christof Schmitt (1):
shadow_copy2: Ignore VFS_OPEN_HOW_WITH_BACKUP_INTENT
Douglas Bagnall (3):
ldb_kv_index: dn_list load sub transaction can re-use keys
ldb:kv_index: realloc away old dn list
ldb:kv_index: help static analysers to not worry (CID 1615192)
Jo Sutton (1):
s4:rpc_server: Make some arrays static
Jones Syue (1):
s3: SIGHUP handlers use consistent log level 3
Jule Anger (2):
VERSION: Bump version up to Samba 4.20.6...
BUG 15590 ldb: Release LDB 2.9.2
Ralph Boehme (14):
s3/lib: add next helper variable in server_id_watch_*
s3/lib: add option "serverid watch:debug = yes" to print kernel stack of
hanging process
s3/lib: add option "serverid watch:debug script"
smbd: log share_mode_watch_recv() errors as errors
smbd: add option "smbd lease break:debug hung procs"
smbd: move trace_state variable behind tv variable
smbd: add option "smbd:debug events" for tevent handling duration
threshold warnings
smbd: consolidate DH reconnect failure code
smbd: remove just created sharemode entry in the error codepaths
smbtorture: prepare test_overwrite_read_only_file() for more subtests
smbtorture: fix smb2.notify.mask test
smbtorture: add subtests for overwrite dispositions vs sharemodes
smbd: fix share access check for overwrite dispostions
smbd: fix sharing access check for directories
Stefan Metzmacher (114):
vfs_error_inject: add 'error_inject:durable_reconnect = st_ex_nlink'
s4:torture/smb2: add
smb2.durable-v2-regressions.durable_v2_reconnect_bug15624
s3:tests: let test_durable_handle_reconnect.sh run
smb2.durable-v2-regressions.durable_v2_reconnect_bug15624
s4:lib/messaging: fix interaction between imessaging_reinit and
irpc_destructor
s4:torture/smb2: improve error handling in durable_open.c
s4:torture/smb2: improve error handling in durable_v2_open.c
s4:torture/smb2: add smb2.durable-open.lock-noW-lease
s4:torture/smb2: add smb2.durable-v2-open.lock-{oplock,lease,noW-lease}
s3:smbd: only store durable handles with byte range locks when having
WRITE lease
s4:torture/smb2: add
smb2.durable-v2-open.{[non]stat[RH]-and,two-same,two-different}-lease
s4:torture/smb2: add smb2.durable-v2-open.{keep,purge}-disconnected-*
tests
s3:smbd: let durable_reconnect_fn already check for a disconnected handle
with the correct file_id
s3:smbd: allow reset_share_mode_entry() to handle more than one durable
handle
s3:smbd: avoid false positives for got_oplock and have_other_lease in
delay_for_oplock_fn
s4:tortore/rpc: let rpc.backupkey without privacy pass against Windows
2022
RawDCERPCTest: ignore errors in smb_pipe_socket.close()
tests/dcerpc/raw_protocol: pass against Windows 2022 and require special
env vars for legacy servers
s4:selftest: only run ad_member with AUTH_LEVEL_CONNECT_LSA=1
dcesrv_core: disconnect after a fault with non AUTH_LEVEL_CONNECT bind
dcesrv_core: return NAK_REASON_PROTOCOL_VERSION_NOT_SUPPORTED for binds
without contexts
tests/dcerpc/raw_protocol: add more test for auth padding during
ALTER_CONTEXT/AUTH3
dcerpc_util: don't allow auth_padding for BIND, ALTER_CONTEXT and AUTH3
pdus
s4:librpc: provide py_schannel bindings
RawDCERPCTest: split prepare_pdu() and send_pdu_blob() out of send_pdu()
RawDCERPCTest: add some more auth_length related asserts
dcesrv_core: add more verbose debugging for missing association groups
tests/dcerpc/raw_protocol: run test_neg_xmit_ffff_ffff over tcp and smb
dcesrv_core: introduce dcesrv_connection->transport_max_recv_frag
tests/dcerpc/raw_protocol: test_no_auth_ctx_request
tests/dcerpc/raw_protocol: fix comment in test_spnego_change_auth_type1
tests/dcerpc/raw_protocol: add tests for max auth_padding, auth_len or
auth_offset
tests/dcerpc/raw_protocol: add more tests for auth_pad alignment
tests/dcerpc/raw_protocol: test invalid schannel binds
dcerpc_util: let dcerpc_pull_auth_trailer() check that auth_offset is 4
bytes aligned
dcerpc_util: let dcerpc_pull_auth_trailer() expose the reject reason
dcerpc_util: let dcerpc_pull_auth_trailer() ignore data_and_pad for bind,
alter, auth3
dcesrv_core: a failure from gensec_update results in
NAK_REASON_INVALID_CHECKSUM
dcesrv_core: alter_context logon failures should result in
DCERPC_FAULT_ACCESS_DENIED
gensec:ntlmssp: only allow messages up to 2888 bytes
gensec:spnego: ignore trailing bytes in SPNEGO_SERVER_START state
dcesrv_core: fix the auth3 for large ntlmssp messages
dcesrv_core: better fault codes dcesrv_auth_prepare_auth3()
third_party/heimdal: Import lorikeet-heimdal-202410161454 (commit
0d61538a16b5051c820702f0711102112cd01a83)
s3:winbindd: call process_set_title() for locator child
s4:torture/rpc: check that DOWNGRADE_DETECTED has no bits negotiated
s4:torture/rpc: without weak crypto we should require AES
s3:rpc_server/netlogon: correctly negotiate flags in ServerAuthenticate2/3
s3:rpc_server/netlogon: if we require AES there's no need to remove the
ARCFOUR flag
s4:rpc_server/netlogon: if we require AES there's no need to remove the
ARCFOUR flag
netlogon.idl: the capabilities in query_level=2 are the ones send by the
client
libcli/auth: remove unused netlogon_creds_client_init_session_key()
libcli/auth: make use of netlogon_creds_cli_store_internal() in
netlogon_creds_cli_auth_srvauth_done()
libcli/auth: don't allow any unexpected upgrades of negotiate_flags
libcli/auth: if we require aes we don't need to require arcfour nor
strong key
libcli/auth: use a LogonControl after a LogonGetCapabilities downgrade
libcli/auth: use netr_LogonGetCapabilities query_level=2 to verify the
proposed capabilities
s4:librpc/rpc: do LogonControl after LogonGetCapabilities downgrade
s4:librpc/rpc: don't allow any unexpected upgrades of negotiate_flags
s4:librpc/rpc: define required schannel flags and enforce them
s4:librpc/rpc: use netr_LogonGetCapabilities query_level=2 to verify the
proposed capabilities
s4:torture/rpc/netlogon: adjust test_netlogon_capabilities query_level=2
to request_flags
s3:cli_netlogon: let rpccli_connect_netlogon() use force_reauth = true on
retry
s4:dsdb/common: samdb_confirm_rodc_allowed_to_repl_to() only needs a
const sid
s3:rpc_server/netlogon: add client_sid helper variables
s4:rpc_server/netlogon: add client_sid helper variables
libcli/auth: pass client_sid to netlogon_creds_server_init()
libcli/auth: split out netlogon_creds_CredentialState_extra_info
librpc/rpc: make use of creds->ex->client_sid in
dcesrv_netr_check_schannel_get_state()
s3:rpc_server/netlogon: make use of creds->ex->client_sid
s4:rpc_server/netlogon: make use of creds->ex->client_sid
libcli/auth: remove unused creds->sid
libcli/auth: remember client_requested_flags and auth_time in
netlogon_creds_server_init()
s3:rpc_server/netlogon: implement netr_LogonGetCapabilities query_level=2
s4:rpc_server/netlogon: implement netr_LogonGetCapabilities query_level=2
s4:torture/rpc: let test_netlogon_capabilities() fail on legacy servers
libcli/auth: also use netlogon_creds_CredentialState_extra_info for the
client
libcli/auth: let netlogon_creds_cli_store_internal() use
talloc_stackframe()
libcli/auth: let netlogon_creds_cli_store_internal check
netlogon_creds_CredentialState_legacy
libcli/auth: split out netlogon_creds_alloc()
s4:dsdb/common: dsdb_trust_get_incoming_passwords only needs a const
ldb_message
s4:rpc_server/netlogon: split out dcesrv_netr_ServerAuthenticateGeneric()
dcesrv_core: add DCESRV_NOT_USED_ON_WIRE() helper macro
s3:rpc_server: add DCESRV_COMPAT_NOT_USED_ON_WIRE() helper macro
netlogon.idl: add netr_ServerAuthenticateKerberos() and related stuff
libcli/auth: pass auth_{type,level} to
netlogon_creds_{de,en}crypt_samlogon_validation()
libcli/auth: pass auth_{type,level} to
netlogon_creds_{de,en}crypt_samlogon_logon()
libcli/auth: add netlogon_creds_{de,en}crypt_samr_Password()
libcli/auth: add netlogon_creds_{de,en}crypt_samr_CryptPassword()
libcli/auth: add netlogon_creds_{de,en}crypt_SendToSam()
pycredentials: make use of netlogon_creds_encrypt_samr_CryptPassword in
py_creds_encrypt_netr_crypt_password
pycredentials: add py_creds_encrypt_netr_PasswordInfo helper
python/tests: use encrypt_netr_PasswordInfo in
KDCBaseTest._test_samlogon()
libcli/auth: make netlogon_creds_des_{de,en}crypt_LMKey() static
libcli/auth: make use of netlogon_creds_encrypt_samr_CryptPassword
libcli/auth: make use of netlogon_creds_encrypt_SendToSam
libcli/auth: make use of netlogon_creds_{de,en}crypt_samr_Password
s4:torture/rpc: make use of netlogon_creds_encrypt_samlogon_logon()
s4:torture/rpc: make use of netlogon_creds_decrypt_samlogon_validation()
s4:torture/rpc: make use of netlogon_creds_encrypt_samr_CryptPassword()
s4:torture/rpc: make use of netlogon_creds_{de,en}crypt_samr_Password
s3:rpc_server/netlogon: make use of
netlogon_creds_{de,en}crypt_samr_Password
s3:rpc_server/netlogon: make use of
netlogon_creds_decrypt_samr_CryptPassword()
s4:rpc_server/netlogon: make use of
netlogon_creds_{de,en}crypt_samr_Password()
s4:rpc_server/netlogon: make use of
netlogon_creds_decrypt_samr_CryptPassword
s4:rpc_server/netlogon: make use of netlogon_creds_decrypt_SendToSam
libcli/auth: return INVALID_PARAMETER for DES in
netlogon_creds_{de,en}crypt_samlogon_logon
libcli/auth: pass auth_{type,level} to schannel_check_creds_state()
libcli/auth: pass auth_{type,level} to netlogon_creds_server_step_check()
libcli/auth: split out netlogon_creds_client_verify() that takes
auth_{type,level}
libcli/auth: make use of netlogon_creds_client_verify()
s4:librpc/rpc: make use of netlogon_creds_client_verify()
libcli/auth: let netlogon_creds_copy() copy all scalar elements
libcli/auth: split out netlogon_creds_cli_check_transport()
libcli/auth: make use of netlogon_creds_cli_check_transport() in more
places
-----------------------------------------------------------------------
--
Samba Shared Repository
