[SCM] Samba Shared Repository - branch v4-20-test updated
The branch, v4-20-test has been updated via f8dfce94822 WHATSNEW: Explain new AD DC Claims, authentication policies and Silos via 4872b0abf6b WHATSNEW: Add some information about new conditional aces feature via 8e8b8fc0548 WHATSNEW: note "acl_claims evaluation" smb.conf option via 7f338d6119a ndr: ignore trailing bytes in ndr_pull_security_ace() via 0f81aec9a19 ndr: ndr_push_security_ace: calculate coda size once via 4808478685c ndr: avoid object ACE push overhead for non-object ACE via 276e67fe174 ndr: avoid object ACE pull overhead for non-object ACE via 5c0f6a20745 ndr: do not push ACE->coda.ignored blob via d4547daf5ee ndr: mark invalid pull ndr_flags as unlikely via 5d0d17a92db ndr: skip talloc when pulling empty DATA_BLOB via e61d447690f ndr: ACE push avoids no-op coda pushes via e4cf11b1b39 ndr: make security_ace push manual via c9974e622bf ndr: short-circuit ace coda if no bytes left via 8787185a6ca ndr: shift ndr_pull_security_ace to manual code via f8014cae2eb pidl: calculate subcontext_size only once per pull via b5289d66e9e perftest: ndr_pack runs in none environment via fb49ce47609 perftest:ndr_pack: spin in do_nothing for a while via 14edd0fd1ef perftest:ndr_pack: use a valid dummy SID via 1287f182167 perftest:ndr_pack_performance: remove irrelevant imports, options via 7f0bdf2b99e perftest:ndr_pack: slightly reduce python overhead via 66fa6885551 perftest: ndr_pack_performance gets more SD types via daf5b5f5eb2 perftest:ndr_pack: rename SD tests with object ACEs from 59365287486 docs-xml: Build and install man page for wspsearch https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-test - Log - commit f8dfce94822f043d27de2d92a3f0b3d0f27c5de4 Author: Andrew Bartlett Date: Thu Feb 1 11:33:27 2024 +1300 WHATSNEW: Explain new AD DC Claims, authentication policies and Silos BUG: https://bugzilla.samba.org/show_bug.cgi?id=15566 Signed-off-by: Andrew Bartlett Autobuild-User(v4-20-test): Jule Anger Autobuild-Date(v4-20-test): Mon Feb 12 11:55:51 UTC 2024 on atb-devel-224 commit 4872b0abf6b085f7e7ae14524be6fe99887468fe Author: Douglas Bagnall Date: Mon Jan 15 15:21:11 2024 +1300 WHATSNEW: Add some information about new conditional aces feature BUG: https://bugzilla.samba.org/show_bug.cgi?id=15566 Signed-off-by: Douglas Bagnall commit 8e8b8fc0548fc497473aad09e6f0f0a55e572da8 Author: Douglas Bagnall Date: Mon Jan 15 15:22:27 2024 +1300 WHATSNEW: note "acl_claims evaluation" smb.conf option BUG: https://bugzilla.samba.org/show_bug.cgi?id=15566 Signed-off-by: Douglas Bagnall commit 7f338d6119acd5a3129248d4e61df626f4087560 Author: Douglas Bagnall Date: Mon Jan 8 15:05:35 2024 +1300 ndr: ignore trailing bytes in ndr_pull_security_ace() This returns the behaviour with ordinary ACEs to where it was with 4.19. Signed-off-by: Douglas Bagnall Reviewed-by: Andrew Bartlett BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574 (cherry picked from commit 0c1f421c107be3156b3f1db75aced24a1bca3d2f) commit 0f81aec9a19fe3f0c7d1bcc26c2d354a22747903 Author: Douglas Bagnall Date: Mon Jan 8 14:50:30 2024 +1300 ndr: ndr_push_security_ace: calculate coda size once Signed-off-by: Douglas Bagnall Reviewed-by: Andrew Bartlett BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574 (cherry picked from commit a72c198921f64f2502f543c7158762c64cb3074e) commit 4808478685caea32b5d5580a940b314f785000c3 Author: Douglas Bagnall Date: Mon Jan 1 10:21:55 2024 +1300 ndr: avoid object ACE push overhead for non-object ACE Signed-off-by: Douglas Bagnall Reviewed-by: Andrew Bartlett BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574 (cherry picked from commit ecb5da3e49283ca3a03dea81d22db4a081e192e4) commit 276e67fe174caab58d9a020a9357ca0d04631f13 Author: Douglas Bagnall Date: Mon Jan 1 10:21:33 2024 +1300 ndr: avoid object ACE pull overhead for non-object ACE When an ACE is not an object ACE, which is common, setting the switch value and attempting the object ACE GUID pull is just going to do nothing, and we know that ahead of time. By noticing that we can save a bit of time on a common operation. Signed-off-by: Douglas Bagnall Reviewed-by: Andrew Bartlett BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574 (cherry picked from commit fce4d51eb492a6fc807c6849cd4bd65ca7714509) commit 5c0f6a207453c1ef11fc8cef42ab0a6b02abf99b Author: Douglas Bagnall Date: Sun Dec 31 17:45:36 2023 +1300 ndr: do not push ACE->coda.ignored blob From 1e80221b2340de5ef5e2a17f10511bbc2c041163 (2008) until c73034cf7c4392f5d3505319948bc84634c20fa5
[SCM] Samba Shared Repository - branch v4-20-test updated
The branch, v4-20-test has been updated via d998b68af68 VERSION: Bump version up to Samba 4.20.0rc3... via 0167b75a5b2 VERSION: Disable GIT_SNAPSHOT for the 4.20.0rc2 release. via f06a06b7132 WHATSNEW: Add release notes for Samba 4.20.0rc2. from f8dfce94822 WHATSNEW: Explain new AD DC Claims, authentication policies and Silos https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-test - Log - commit d998b68af68b4d06c7b3518b8e18861bbb2535e3 Author: Jule Anger Date: Mon Feb 12 14:05:12 2024 +0100 VERSION: Bump version up to Samba 4.20.0rc3... and re-enable GIT_SNAPSHOT. Signed-off-by: Jule Anger commit 0167b75a5b2a24942d2d93dfee3cb20284c32d38 Author: Jule Anger Date: Mon Feb 12 14:04:39 2024 +0100 VERSION: Disable GIT_SNAPSHOT for the 4.20.0rc2 release. Signed-off-by: Jule Anger commit f06a06b7132668af8ed3ba48a3b5caf003f4cb12 Author: Jule Anger Date: Mon Feb 12 14:01:59 2024 +0100 WHATSNEW: Add release notes for Samba 4.20.0rc2. Signed-off-by: Jule Anger --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 15 ++- 2 files changed, 15 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index c90ef06f13e..486a47b8f52 100644 --- a/VERSION +++ b/VERSION @@ -89,7 +89,7 @@ SAMBA_VERSION_PRE_RELEASE= # e.g. SAMBA_VERSION_RC_RELEASE=1 # # -> "3.0.0rc1" # -SAMBA_VERSION_RC_RELEASE=2 +SAMBA_VERSION_RC_RELEASE=3 # To mark SVN snapshots this should be set to 'yes'# diff --git a/WHATSNEW.txt b/WHATSNEW.txt index f7c38dc9f0e..de3b0f03d49 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,7 +1,7 @@ Release Announcements = -This is the first release candidate of Samba 4.20. This is *not* +This is the second release candidate of Samba 4.20. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. @@ -214,6 +214,19 @@ smb.conf changes acl claims evaluation new AD DC only +CHANGES SINCE 4.20.0rc1 +=== + +o Douglas Bagnall + * BUG 15574: Performance regression for NDR parsing of security descriptors. + +o Anoop C S + * BUG 15565: Build and install man page for wspsearch client utility. + +o Andreas Schneider + * BUG 15558: samba-gpupdate logging doesn't work. + + KNOWN ISSUES -- Samba Shared Repository
[SCM] Samba Shared Repository - annotated tag samba-4.20.0rc2 created
The annotated tag, samba-4.20.0rc2 has been created at 45d0186d21dd6e25b3a3b5afd5795b46afcb2e00 (tag) tagging 0167b75a5b2a24942d2d93dfee3cb20284c32d38 (commit) replaces samba-4.20.0rc1 tagged by Jule Anger on Mon Feb 12 14:08:59 2024 +0100 - Log - samba: tag release samba-4.20.0rc2 -BEGIN PGP SIGNATURE- iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmXKGGsACgkQqplEL7aA tiDPDRAAlUot6EOH4Oq+PH8ocpO0r2nJIcp7PeWOyK1kfB6lA6+U/fnd1PSuVdTV X4H9+yLGZBE8BWv86DXbwBxgcKqbBoF0umvoh43Lig2xrOhq24yyPXtNk+W7PreI G+Bbt6/CAN2OXu6CPkEpGbwIC+7eDeBoZz9cz1+uSUx8n7LlGp1BsvrlVbrwmMAm qUFaz8eCE4toklUCibHTLjuL2TsaaTn8Z3qDJIoSNfUqLMUP0KiBlI7zNy/kr4Y/ 49K9XapuUXxCJQMQZuvbxQUGNH/m1dLl07UMSoxI4GLKSI88JOe/x0MKmWpVDWE4 plietnfhGr3LTfW+DculKE8pjx2HDpBg8nZKt8HOFZTXiRHKc+YpmpPFuDdeDze/ 3Au/Fx8TB9Yj/IRK78Xw1L2YHDPqIqKuWa+JEhX32VEJUHLWWuGwTEgD2E7Z6Mpp tJnrPm+S3OOI+FIyS1LX/OmRfWzKytfhWZIyItgC3OVXj3bVXSenCZnXkIagNmIM PR+3r0UBBboayBMfeLLyKYfwli3mDMVsKtj8/doztaoTgdWakKgHf70c0zYn5fsy crgH5tZvbp5THHuQtugEeqDV9ejFODII0Qz4jW3wNWwU31KyAe8JZqkvh7cjv51w 924ARSY7LW8dvz1ZUv66gN1KHUcqJq8WlqiWfhJS53Aob9/M31s= =kjip -END PGP SIGNATURE- Andreas Schneider (1): python:gp: Fix logging with gp Andrew Bartlett (1): WHATSNEW: Explain new AD DC Claims, authentication policies and Silos Anoop C S (1): docs-xml: Build and install man page for wspsearch Douglas Bagnall (21): perftest:ndr_pack: rename SD tests with object ACEs perftest: ndr_pack_performance gets more SD types perftest:ndr_pack: slightly reduce python overhead perftest:ndr_pack_performance: remove irrelevant imports, options perftest:ndr_pack: use a valid dummy SID perftest:ndr_pack: spin in do_nothing for a while perftest: ndr_pack runs in none environment pidl: calculate subcontext_size only once per pull ndr: shift ndr_pull_security_ace to manual code ndr: short-circuit ace coda if no bytes left ndr: make security_ace push manual ndr: ACE push avoids no-op coda pushes ndr: skip talloc when pulling empty DATA_BLOB ndr: mark invalid pull ndr_flags as unlikely ndr: do not push ACE->coda.ignored blob ndr: avoid object ACE pull overhead for non-object ACE ndr: avoid object ACE push overhead for non-object ACE ndr: ndr_push_security_ace: calculate coda size once ndr: ignore trailing bytes in ndr_pull_security_ace() WHATSNEW: note "acl_claims evaluation" smb.conf option WHATSNEW: Add some information about new conditional aces feature Jule Anger (3): VERSION: Bump version up to Samba 4.20.0rc2... WHATSNEW: Add release notes for Samba 4.20.0rc2. VERSION: Disable GIT_SNAPSHOT for the 4.20.0rc2 release. --- -- Samba Shared Repository
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 8ba3015 NEWS[4.20.0rc2]: Samba 4.20.0rc2 Available for Download from 66fbcfa NEWS[4.18.10]: Samba 4.18.10 Available for Download https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 8ba30159304a3836359adcac6ee8c396367305d8 Author: Jule Anger Date: Mon Feb 12 14:09:34 2024 +0100 NEWS[4.20.0rc2]: Samba 4.20.0rc2 Available for Download Signed-off-by: Jule Anger --- Summary of changes: posted_news/20240212-131029.4.20.0rc2.body.html | 12 posted_news/20240212-131029.4.20.0rc2.headline.html | 3 +++ 2 files changed, 15 insertions(+) create mode 100644 posted_news/20240212-131029.4.20.0rc2.body.html create mode 100644 posted_news/20240212-131029.4.20.0rc2.headline.html Changeset truncated at 500 lines: diff --git a/posted_news/20240212-131029.4.20.0rc2.body.html b/posted_news/20240212-131029.4.20.0rc2.body.html new file mode 100644 index 000..b1e6737 --- /dev/null +++ b/posted_news/20240212-131029.4.20.0rc2.body.html @@ -0,0 +1,12 @@ + +12 February 2024 +Samba 4.20.0rc2 Available for Download + +This is the second release candidate of the upcoming Samba 4.20 release series. + + +The uncompressed tarball has been signed using GnuPG (ID AA99442FB680B620). +The source code can be https://download.samba.org/pub/samba/rc/samba-4.20.0rc2.tar.gz";>downloaded now. +See https://download.samba.org/pub/samba/rc/samba-4.20.0rc2.WHATSNEW.txt";>the release notes for more info. + + diff --git a/posted_news/20240212-131029.4.20.0rc2.headline.html b/posted_news/20240212-131029.4.20.0rc2.headline.html new file mode 100644 index 000..4f8d98c --- /dev/null +++ b/posted_news/20240212-131029.4.20.0rc2.headline.html @@ -0,0 +1,3 @@ + + 12 February 2024 Samba 4.20.0rc2 Available for Download + -- Samba Website Repository
[SCM] Samba Shared Repository - branch v4-20-stable updated
The branch, v4-20-stable has been updated via 0167b75a5b2 VERSION: Disable GIT_SNAPSHOT for the 4.20.0rc2 release. via f06a06b7132 WHATSNEW: Add release notes for Samba 4.20.0rc2. via f8dfce94822 WHATSNEW: Explain new AD DC Claims, authentication policies and Silos via 4872b0abf6b WHATSNEW: Add some information about new conditional aces feature via 8e8b8fc0548 WHATSNEW: note "acl_claims evaluation" smb.conf option via 7f338d6119a ndr: ignore trailing bytes in ndr_pull_security_ace() via 0f81aec9a19 ndr: ndr_push_security_ace: calculate coda size once via 4808478685c ndr: avoid object ACE push overhead for non-object ACE via 276e67fe174 ndr: avoid object ACE pull overhead for non-object ACE via 5c0f6a20745 ndr: do not push ACE->coda.ignored blob via d4547daf5ee ndr: mark invalid pull ndr_flags as unlikely via 5d0d17a92db ndr: skip talloc when pulling empty DATA_BLOB via e61d447690f ndr: ACE push avoids no-op coda pushes via e4cf11b1b39 ndr: make security_ace push manual via c9974e622bf ndr: short-circuit ace coda if no bytes left via 8787185a6ca ndr: shift ndr_pull_security_ace to manual code via f8014cae2eb pidl: calculate subcontext_size only once per pull via b5289d66e9e perftest: ndr_pack runs in none environment via fb49ce47609 perftest:ndr_pack: spin in do_nothing for a while via 14edd0fd1ef perftest:ndr_pack: use a valid dummy SID via 1287f182167 perftest:ndr_pack_performance: remove irrelevant imports, options via 7f0bdf2b99e perftest:ndr_pack: slightly reduce python overhead via 66fa6885551 perftest: ndr_pack_performance gets more SD types via daf5b5f5eb2 perftest:ndr_pack: rename SD tests with object ACEs via 59365287486 docs-xml: Build and install man page for wspsearch via 9e946a8ddd3 python:gp: Fix logging with gp via 7908c00dec2 VERSION: Bump version up to Samba 4.20.0rc2... from d05af785057 VERSION: Disable GIT_SNAPSHOT for the Samba 4.20.0rc1 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-stable - Log - --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 100 +- docs-xml/wscript_build| 1 + librpc/idl/security.idl | 2 +- librpc/ndr/libndr.h | 2 +- librpc/ndr/ndr_basic.c| 6 ++ librpc/ndr/ndr_sec_helper.c | 107 ++- pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm | 5 +- python/samba/gp/util/logging.py | 5 +- selftest/perf_tests.py| 4 +- source4/dsdb/tests/python/ndr_pack_performance.py | 121 ++ 11 files changed, 280 insertions(+), 75 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 3fe7a037533..12917e08428 100644 --- a/VERSION +++ b/VERSION @@ -89,7 +89,7 @@ SAMBA_VERSION_PRE_RELEASE= # e.g. SAMBA_VERSION_RC_RELEASE=1 # # -> "3.0.0rc1" # -SAMBA_VERSION_RC_RELEASE=1 +SAMBA_VERSION_RC_RELEASE=2 # To mark SVN snapshots this should be set to 'yes'# diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 8158a80288c..de3b0f03d49 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,7 +1,7 @@ Release Announcements = -This is the first release candidate of Samba 4.20. This is *not* +This is the second release candidate of Samba 4.20. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. @@ -108,6 +108,90 @@ New options added are: and all files/directories below. - '--restore savefile' Restores the stored DACLS to files in directory +Samba-tool extensions for AD Claims, Authentication Policies and Silos +-- + +samba-tool now allows users to be associated with claims. In the +Samba AD DC, claims derive from Active Directory attributes mapped +into specific names. These claims can be used in rules, which are +conditional ACEs in a security descriptor, that decide if a user is +restricted by an authentication policy. + +samba-tool also allows the creation and management of authentication +policies, which are rules about where a user may authenticate from, +if NTLM is permitted, and what services a user may authenticate to. + +Finally,
