The annotated tag, samba-4.21.2 has been created
at 1ed1de3d92c9ca347c69d83ea181a2c0600f5a0b (tag)
tagging d67152765b3a631c59f8b2ed8bbfd5f52a68e46a (commit)
replaces samba-4.21.1
tagged by Jule Anger
on Mon Nov 25 16:09:22 2024 +0100
- Log -----------------------------------------------------------------
samba: tag release samba-4.21.2
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmdEkyIACgkQqplEL7aA
tiA2TBAAjE/aYK2y/Fig9S1uAj9aHxTHsOgZiNkcGlLlih8lAhZWdz0wCR07WiqP
aGkb0sWzkOZxHVo95AqX4jvY6pmPdOJcEdzWGgdCfKL2wkKuppwfGUITMZQN7V6n
d+4YzHwlPWwhARK8WPlru5TfM9aVkLff6B1xKphfU2sdirVLLC9rbH9KK1yRrJWs
afYAAhRFUEo1GM4JwrrQcYccZRnTOPS+7trViRboGSpRpW2W4B9pIQaUBFR8nuRh
6j0z3i2ykc1VK1pi/xrTpgatYeLtKPcxo4h2V+u/B8P/0huSQCtwBvyeoRecuTtT
n5lu56wGomvwly2f0ALSy+s0+seTfAt64vOxTSRxzX1jMbedEt64RKrPlxzvWKUF
1wIDq3w6PRmuFzx5Rn4ijYXNXMrVhD7KvRp7UdK/BhKCCG8hLjPH6jAo2sx/RGdu
ahkurLvBD109l6Kp8P+dPGcsmESb0/9emUYDmyNkd+rupTJfA8rcx9wRGcYWXdPa
l6Lh+Omw0BYPO3mQtYDccC39gxBvQ9kA2284/fciHVxaO+sv4KuvswxIneMPb8kW
DDR79oV6uqB+3z03mIuB7MLBT0znROx6WcZMi1fr4aSkUKHnLFi34JM8zw4fTGlV
pYTOzo8hRq1UjMOygU5mVmPxBZaG/cylDB49Ac9dbrLM2X9RUZk=
=+tv4
-----END PGP SIGNATURE-----
Jule Anger (3):
VERSION: Bump version up to Samba 4.21.2...
WHATSNEW: Add release notes for Samba 4.21.2.
VERSION: Disable GIT_SNAPSHOT for the 4.21.2 release.
Martin Schwenke (9):
ctdb-scripts: Don't list connections when not hosting IPs
ctdb-scripts: update_tickles() should use the public IPs cache
ctdb-scripts: Remove superseded compatibility code
ctdb-scripts: Use ss -H option to simplify
ctdb-server: Clean up connection tracking functions
ctdb-server: Drop a log message to DEBUG level
ctdb-scripts: Move connection tracking to 10.interface
ctdb-scripts: Get connections after tickle list
ctdb-scripts: Track connections for all ports for public IPs
Pavel Filipenský (1):
examples:winexe: Initialize Trustee.ptstrName at the right time
Ralph Boehme (6):
smbtorture: prepare test_overwrite_read_only_file() for more subtests
smbtorture: fix smb2.notify.mask test
smbtorture: add subtests for overwrite dispositions vs sharemodes
smbd: fix share access check for overwrite dispostions
smbd: fix sharing access check for directories
smbd: avoid a panic in close_directory()
Stefan Metzmacher (100):
s4:tortore/rpc: let rpc.backupkey without privacy pass against Windows
2022
RawDCERPCTest: ignore errors in smb_pipe_socket.close()
tests/dcerpc/raw_protocol: pass against Windows 2022 and require special
env vars for legacy servers
s4:selftest: only run ad_member with AUTH_LEVEL_CONNECT_LSA=1
dcesrv_core: disconnect after a fault with non AUTH_LEVEL_CONNECT bind
dcesrv_core: return NAK_REASON_PROTOCOL_VERSION_NOT_SUPPORTED for binds
without contexts
tests/dcerpc/raw_protocol: add more test for auth padding during
ALTER_CONTEXT/AUTH3
dcerpc_util: don't allow auth_padding for BIND, ALTER_CONTEXT and AUTH3
pdus
s4:librpc: provide py_schannel bindings
RawDCERPCTest: split prepare_pdu() and send_pdu_blob() out of send_pdu()
RawDCERPCTest: add some more auth_length related asserts
dcesrv_core: add more verbose debugging for missing association groups
tests/dcerpc/raw_protocol: run test_neg_xmit_ffff_ffff over tcp and smb
dcesrv_core: introduce dcesrv_connection->transport_max_recv_frag
tests/dcerpc/raw_protocol: test_no_auth_ctx_request
tests/dcerpc/raw_protocol: fix comment in test_spnego_change_auth_type1
tests/dcerpc/raw_protocol: add tests for max auth_padding, auth_len or
auth_offset
tests/dcerpc/raw_protocol: add more tests for auth_pad alignment
tests/dcerpc/raw_protocol: test invalid schannel binds
dcerpc_util: let dcerpc_pull_auth_trailer() check that auth_offset is 4
bytes aligned
dcerpc_util: let dcerpc_pull_auth_trailer() expose the reject reason
dcerpc_util: let dcerpc_pull_auth_trailer() ignore data_and_pad for bind,
alter, auth3
dcesrv_core: a failure from gensec_update results in
NAK_REASON_INVALID_CHECKSUM
dcesrv_core: alter_context logon failures should result in
DCERPC_FAULT_ACCESS_DENIED
gensec:ntlmssp: only allow messages up to 2888 bytes
gensec:spnego: ignore trailing bytes in SPNEGO_SERVER_START state
dcesrv_core: fix the auth3 for large ntlmssp messages
dcesrv_core: better fault codes dcesrv_auth_prepare_auth3()
third_party/heimdal: Import lorikeet-heimdal-202410161454 (commit
0d61538a16b5051c820702f0711102112cd01a83)
s3:winbindd: call process_set_title() for locator child
s4:torture/rpc: check that DOWNGRADE_DETECTED has no bits negotiated
s4:torture/rpc: without weak crypto we should require AES
s3:rpc_server/netlogon: correctly negotiate flags in ServerAuthenticate2/3
s3:rpc_server/netlogon: if we require AES there's no need to remove the
ARCFOUR flag
s4:rpc_server/netlogon: if we require AES there's no need to remove the
ARCFOUR flag
netlogon.idl: the capabilities in query_level=2 are the ones send by the
client
libcli/auth: remove unused netlogon_creds_client_init_session_key()
libcli/auth: make use of netlogon_creds_cli_store_internal() in
netlogon_creds_cli_auth_srvauth_done()
libcli/auth: don't allow any unexpected upgrades of negotiate_flags
libcli/auth: if we require aes we don't need to require arcfour nor
strong key
libcli/auth: use a LogonControl after a LogonGetCapabilities downgrade
libcli/auth: use netr_LogonGetCapabilities query_level=2 to verify the
proposed capabilities
s4:librpc/rpc: do LogonControl after LogonGetCapabilities downgrade
s4:librpc/rpc: don't allow any unexpected upgrades of negotiate_flags
s4:librpc/rpc: define required schannel flags and enforce them
s4:librpc/rpc: use netr_LogonGetCapabilities query_level=2 to verify the
proposed capabilities
s4:torture/rpc/netlogon: adjust test_netlogon_capabilities query_level=2
to request_flags
s3:cli_netlogon: let rpccli_connect_netlogon() use force_reauth = true on
retry
s4:dsdb/common: samdb_confirm_rodc_allowed_to_repl_to() only needs a
const sid
s3:rpc_server/netlogon: add client_sid helper variables
s4:rpc_server/netlogon: add client_sid helper variables
libcli/auth: pass client_sid to netlogon_creds_server_init()
libcli/auth: split out netlogon_creds_CredentialState_extra_info
librpc/rpc: make use of creds->ex->client_sid in
dcesrv_netr_check_schannel_get_state()
s3:rpc_server/netlogon: make use of creds->ex->client_sid
s4:rpc_server/netlogon: make use of creds->ex->client_sid
libcli/auth: remove unused creds->sid
libcli/auth: remember client_requested_flags and auth_time in
netlogon_creds_server_init()
s3:rpc_server/netlogon: implement netr_LogonGetCapabilities query_level=2
s4:rpc_server/netlogon: implement netr_LogonGetCapabilities query_level=2
s4:torture/rpc: let test_netlogon_capabilities() fail on legacy servers
libcli/auth: also use netlogon_creds_CredentialState_extra_info for the
client
libcli/auth: let netlogon_creds_cli_store_internal() use
talloc_stackframe()
libcli/auth: let netlogon_creds_cli_store_internal check
netlogon_creds_CredentialState_legacy
libcli/auth: split out netlogon_creds_alloc()
s4:dsdb/common: dsdb_trust_get_incoming_passwords only needs a const
ldb_message
s4:rpc_server/netlogon: split out dcesrv_netr_ServerAuthenticateGeneric()
dcesrv_core: add DCESRV_NOT_USED_ON_WIRE() helper macro
s3:rpc_server: add DCESRV_COMPAT_NOT_USED_ON_WIRE() helper macro
netlogon.idl: add netr_ServerAuthenticateKerberos() and related stuff
libcli/auth: pass auth_{type,level} to
netlogon_creds_{de,en}crypt_samlogon_validation()
libcli/auth: pass auth_{type,level} to
netlogon_creds_{de,en}crypt_samlogon_logon()
libcli/auth: add netlogon_creds_{de,en}crypt_samr_Password()
libcli/auth: add netlogon_creds_{de,en}crypt_samr_CryptPassword()
libcli/auth: add netlogon_creds_{de,en}crypt_SendToSam()
pycredentials: make use of netlogon_creds_encrypt_samr_CryptPassword in
py_creds_encrypt_netr_crypt_password
pycredentials: add py_creds_encrypt_netr_PasswordInfo helper
python/tests: use encrypt_netr_PasswordInfo in
KDCBaseTest._test_samlogon()
libcli/auth: make netlogon_creds_des_{de,en}crypt_LMKey() static
libcli/auth: make use of netlogon_creds_encrypt_samr_CryptPassword
libcli/auth: make use of netlogon_creds_encrypt_SendToSam
libcli/auth: make use of netlogon_creds_{de,en}crypt_samr_Password
s4:torture/rpc: make use of netlogon_creds_encrypt_samlogon_logon()
s4:torture/rpc: make use of netlogon_creds_decrypt_samlogon_validation()
s4:torture/rpc: make use of netlogon_creds_encrypt_samr_CryptPassword()
s4:torture/rpc: make use of netlogon_creds_{de,en}crypt_samr_Password
s3:rpc_server/netlogon: make use of
netlogon_creds_{de,en}crypt_samr_Password
s3:rpc_server/netlogon: make use of
netlogon_creds_decrypt_samr_CryptPassword()
s4:rpc_server/netlogon: make use of
netlogon_creds_{de,en}crypt_samr_Password()
s4:rpc_server/netlogon: make use of
netlogon_creds_decrypt_samr_CryptPassword
s4:rpc_server/netlogon: make use of netlogon_creds_decrypt_SendToSam
libcli/auth: return INVALID_PARAMETER for DES in
netlogon_creds_{de,en}crypt_samlogon_logon
libcli/auth: pass auth_{type,level} to schannel_check_creds_state()
libcli/auth: pass auth_{type,level} to netlogon_creds_server_step_check()
libcli/auth: split out netlogon_creds_client_verify() that takes
auth_{type,level}
libcli/auth: make use of netlogon_creds_client_verify()
s4:librpc/rpc: make use of netlogon_creds_client_verify()
libcli/auth: let netlogon_creds_copy() copy all scalar elements
libcli/auth: split out netlogon_creds_cli_check_transport()
libcli/auth: make use of netlogon_creds_cli_check_transport() in more
places
-----------------------------------------------------------------------
--
Samba Shared Repository
