Karolin Seeger [Tue, 22 Sep 2020 13:33:16 +0000 (15:33 +0200)]
VERSION: Disable GIT_SNAPSHOT for the 4.13.0 release.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Tue, 22 Sep 2020 13:31:49 +0000 (15:31 +0200)]
WHATSNEW: Add release notes for Samba 4.13.0.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Stefan Metzmacher [Fri, 18 Sep 2020 12:05:27 +0000 (14:05 +0200)]
VERSION: Bump version up to 4.13.0rc7...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Fri, 18 Sep 2020 12:04:45 +0000 (14:04 +0200)]
VERSION: Disable GIT_SNAPSHOT for the 4.13.0rc6 release.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Fri, 18 Sep 2020 12:03:37 +0000 (14:03 +0200)]
WHATSNEW: Add release notes for Samba 4.13.0rc6.
CVE-2020-1472: Samba impact of "ZeroLogon".
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Fri, 18 Sep 2020 12:01:29 +0000 (14:01 +0200)]
WHATSNEW: document the planed removal of "server schannel"
Also add "server require schannel:COMPUTER"
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Fri, 18 Sep 2020 11:59:26 +0000 (13:59 +0200)]
WHATSNEW: document the 'smb2 disable oplock break retry' option
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Gary Lockyer [Fri, 18 Sep 2020 03:57:34 +0000 (15:57 +1200)]
CVE-2020-1472(ZeroLogon): s4 torture rpc: repeated bytes in client challenge
Ensure that client challenges with the first 5 bytes identical are
rejected.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
[abartlet@samba.org: backported from master as test order was flipped]
Gary Lockyer [Fri, 18 Sep 2020 00:39:54 +0000 (12:39 +1200)]
CVE-2020-1472(ZeroLogon): s4 torture rpc: Test empty machine acct pwd
Ensure that an empty machine account password can't be set by
netr_ServerPasswordSet2
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Stefan Metzmacher [Thu, 17 Sep 2020 15:27:54 +0000 (17:27 +0200)]
CVE-2020-1472(ZeroLogon): docs-xml: document 'server require schannel:COMPUTERACCOUNT'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Thu, 17 Sep 2020 12:42:52 +0000 (14:42 +0200)]
CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: log warnings about unsecure configurations
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Thu, 17 Sep 2020 12:23:16 +0000 (14:23 +0200)]
CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: support "server require schannel:WORKSTATION$ = no"
This allows to add expections for individual workstations, when using "server schannel = yes".
"server schannel = auto" is very insecure and will be removed soon.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Thu, 17 Sep 2020 12:57:22 +0000 (14:57 +0200)]
CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: refactor dcesrv_netr_creds_server_step_check()
We should debug more details about the failing request.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Thu, 17 Sep 2020 11:37:26 +0000 (13:37 +0200)]
CVE-2020-1472(ZeroLogon): s4:rpc_server/netlogon: log warnings about unsecure configurations
This should give admins wawrnings until they have a secure
configuration.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Wed, 16 Sep 2020 08:56:53 +0000 (10:56 +0200)]
CVE-2020-1472(ZeroLogon): s4:rpc_server/netlogon: support "server require schannel:WORKSTATION$ = no"
This allows to add expections for individual workstations, when using "server schannel = yes".
"server schannel = auto" is very insecure and will be removed soon.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Wed, 16 Sep 2020 08:18:45 +0000 (10:18 +0200)]
CVE-2020-1472(ZeroLogon): s4:rpc_server/netlogon: refactor dcesrv_netr_creds_server_step_check()
We should debug more details about the failing request.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Jeremy Allison [Wed, 16 Sep 2020 19:53:50 +0000 (12:53 -0700)]
CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: protect netr_ServerPasswordSet2 against unencrypted passwords
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Jeremy Allison [Wed, 16 Sep 2020 19:48:21 +0000 (12:48 -0700)]
CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: Fix mem leak onto p->mem_ctx in error path of _netr_ServerPasswordSet2().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Signed-off-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 16 Sep 2020 17:20:25 +0000 (19:20 +0200)]
CVE-2020-1472(ZeroLogon): s4:rpc_server/netlogon: protect netr_ServerPasswordSet2 against unencrypted passwords
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Wed, 16 Sep 2020 14:17:29 +0000 (16:17 +0200)]
CVE-2020-1472(ZeroLogon): libcli/auth: reject weak client challenges in netlogon_creds_server_init()
This implements the note from MS-NRPC 3.1.4.1 Session-Key Negotiation:
7. If none of the first 5 bytes of the client challenge is unique, the
server MUST fail session-key negotiation without further processing of
the following steps.
It lets ./zerologon_tester.py from
https://github.com/SecuraBV/CVE-2020-1472.git
report: "Attack failed. Target is probably patched."
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Wed, 16 Sep 2020 14:15:26 +0000 (16:15 +0200)]
CVE-2020-1472(ZeroLogon): libcli/auth: add netlogon_creds_is_random_challenge() to avoid weak values
This is the check Windows is using, so we won't generate challenges,
which are rejected by Windows DCs (and future Samba DCs).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Wed, 16 Sep 2020 14:10:53 +0000 (16:10 +0200)]
CVE-2020-1472(ZeroLogon): s4:rpc_server:netlogon: make use of netlogon_creds_random_challenge()
This is not strictly needed, but makes things more clear.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Wed, 16 Sep 2020 14:10:53 +0000 (16:10 +0200)]
CVE-2020-1472(ZeroLogon): s3:rpc_server:netlogon: make use of netlogon_creds_random_challenge()
This is not strictly needed, but makes things more clear.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Wed, 16 Sep 2020 14:08:38 +0000 (16:08 +0200)]
CVE-2020-1472(ZeroLogon): libcli/auth: make use of netlogon_creds_random_challenge() in netlogon_creds_cli.c
This will avoid getting rejected by the server if we generate
a weak challenge.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Wed, 16 Sep 2020 14:07:30 +0000 (16:07 +0200)]
CVE-2020-1472(ZeroLogon): s4:torture/rpc: make use of netlogon_creds_random_challenge()
This will avoid getting flakey tests once our server starts to
reject weak challenges.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Wed, 16 Sep 2020 14:04:57 +0000 (16:04 +0200)]
CVE-2020-1472(ZeroLogon): libcli/auth: add netlogon_creds_random_challenge()
It's good to have just a single isolated function that will generate
random challenges, in future we can add some logic in order to
avoid weak values, which are likely to be rejected by a server.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Karolin Seeger [Tue, 15 Sep 2020 10:23:47 +0000 (12:23 +0200)]
VERSION: Bump version up to 4.13.0rc5...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Tue, 15 Sep 2020 10:21:10 +0000 (12:21 +0200)]
VERSION: Disable GIT_SNAPSHOT for the 4.13.0rc5 release.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Tue, 15 Sep 2020 10:20:26 +0000 (12:20 +0200)]
WHATSNEW: Add release notes for Samba 4.13.0rc5.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Andreas Schneider [Thu, 10 Sep 2020 09:34:50 +0000 (11:34 +0200)]
waf: Only use gnutls_aead_cipher_encryptv2() for GnuTLS > 3.6.14
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14399
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
94808cc50e4350a8c3bc250a886e8d4e7802dd12)
Andreas Schneider [Mon, 17 Aug 2020 12:12:48 +0000 (14:12 +0200)]
s3:smbd: Fix %U substitutions if it contains a domain name
'valid users = DOMAIN\%U' worked with Samba 3.6 and broke in a newer
version.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14467
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
5de7c91e6d4e98f438157a7675c8582cabdd828d)
Andreas Schneider [Mon, 17 Aug 2020 11:39:58 +0000 (13:39 +0200)]
s3:tests: Add test for 'valid users = DOMAIN\%U'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14467
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
53b6dd951249052772e1ffcf651b7efd0963b931)
Karolin Seeger [Mon, 14 Sep 2020 09:47:47 +0000 (11:47 +0200)]
Revert "Add vfs_ring."
This reverts commit
b29103ef46a9f80a0184d4d999f22512b7fdcd89.
Karolin Seeger [Mon, 14 Sep 2020 09:47:44 +0000 (11:47 +0200)]
Revert "vfs_ring: Adapt to 4.13 VFS"
This reverts commit
191c2cd7b93524fc1ee119c0f995171fb38dc210.
Andrew Bartlett [Sun, 6 Sep 2020 06:07:29 +0000 (18:07 +1200)]
WHATSNEW: Announce the end of Python 2.6/2.7 support to build Samba
This is a warning for 4.14, to give users the normal deprecation
notice.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14488
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(v4-13-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-13-test): Fri Sep 11 09:59:57 UTC 2020 on sn-devel-184
Andreas Schneider [Thu, 3 Sep 2020 11:49:33 +0000 (13:49 +0200)]
s3:libads: Also add a realm entry for the domain name
This is required if we try to authenticate as Administrator@DOMAIN so it
can find the KDC. This fixes 'net ads join' for ad_member_fips if we
require Kerberos auth.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14479
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
(cherry picked from commit
6444a743525532c70634e2dd4cacadce54ba2eab)
Autobuild-User(v4-13-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-13-test): Thu Sep 10 09:42:31 UTC 2020 on sn-devel-184
Andreas Schneider [Thu, 3 Sep 2020 09:45:33 +0000 (11:45 +0200)]
s3:libads: Only add RC4 if weak crypto is allowed
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
(cherry picked from commit
a5303967287cef0c3d0b653e2aca73d25d438cf7)
Andreas Schneider [Thu, 3 Sep 2020 09:11:14 +0000 (11:11 +0200)]
s3:libads: Remove DES legacy types for Kerberos
We already removed DES support for Kerberos in Samba 4.12.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
(cherry picked from commit
9cf1aecd73e011ad03ddb072760454379b3f0a32)
Stefan Metzmacher [Tue, 8 Sep 2020 10:13:20 +0000 (10:13 +0000)]
lib/replace: move lib/replace/closefrom.c from ROKEN_HOSTCC_SOURCE to REPLACE_HOSTCC_SOURCE
This is where it really belongs and we avoid the strange interaction
with source4/heimdal_build/config.h. This a follow up for commit
f31333d40e6fa38daa32a3ebb32d5a317c06fc62.
This fixes a build problem if libbsd-dev is not installed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14482
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Sep 8 13:59:58 UTC 2020 on sn-devel-184
(cherry picked from commit
0022cd94587b805a525b0b9ef71ff0f15780424a)
Volker Lendecke [Mon, 10 Aug 2020 10:12:30 +0000 (12:12 +0200)]
vfs_ring: Adapt to 4.13 VFS
Jean-Marc Saffroy [Wed, 11 Sep 2019 10:44:59 +0000 (12:44 +0200)]
Add vfs_ring.
Karolin Seeger [Mon, 7 Sep 2020 10:47:09 +0000 (12:47 +0200)]
VERSION: Bump version up to 4.13.0rc5...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Mon, 7 Sep 2020 10:46:21 +0000 (12:46 +0200)]
VERSION: Disable GIT_SNAPSHOT for the 4.13.0rc4 release.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Mon, 7 Sep 2020 10:45:48 +0000 (12:45 +0200)]
WHATSNEW: Add release notes for Samba 4.13.0rc4.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
David Disseldorp [Wed, 2 Sep 2020 08:50:04 +0000 (10:50 +0200)]
build: toggle vfs_snapper using --with-shared-modules
7ae03a19b3c ("build: add configure option to control vfs_snapper build")
added new --enable-snapper and --disable-snapper configure parameters to
control whether the vfs_snapper module was built.
The new parameters conflicted with existing
--with-shared-modules=[!]vfs_snapper behaviour.
This change reinstates working --with-shared-modules=[!]vfs_snapper
functionality. vfs_snapper stays enabled by default, but only on Linux.
Linux systems lacking the dbus library and header files should
explicitly disable the module via --with-shared-modules=!vfs_snapper as
documented.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14437
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Wed Sep 2 16:24:50 UTC 2020 on sn-devel-184
(cherry picked from commit
b6805d5e0bcf1716f87e84bcbb2fd8f93c38a8a3)
Autobuild-User(v4-13-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-13-test): Fri Sep 4 12:37:35 UTC 2020 on sn-devel-184
Stefan Metzmacher [Fri, 28 Aug 2020 14:28:41 +0000 (16:28 +0200)]
s3:share_mode_lock: remove unused reproducer for bug #14428
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14428
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Aug 31 13:34:17 UTC 2020 on sn-devel-184
(cherry picked from commit
b02f1d676f6e62a0a4b33b9b08f8f51a68b561ca)
Autobuild-User(v4-13-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-13-test): Thu Sep 3 14:55:14 UTC 2020 on sn-devel-184
Stefan Metzmacher [Fri, 28 Aug 2020 14:28:41 +0000 (16:28 +0200)]
s3:share_mode_lock: make sure share_mode_cleanup_disconnected() removes the record
This fixes one possible trigger for "PANIC: assert failed in get_lease_type()"
https://bugzilla.samba.org/show_bug.cgi?id=14428
This is no longer enough to remove the record:
d->have_share_modes = false;
d->modified = true;
Note that we can remove it completely from
share_mode_cleanup_disconnected() as
share_mode_forall_entries() already sets it
when there are no entries left.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14428
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
b5c0874fd5d31e252cf9ac8b84bde5c536b1e8ef)
Stefan Metzmacher [Fri, 28 Aug 2020 13:56:35 +0000 (15:56 +0200)]
s3:share_mode_lock: add missing 'goto done' in share_mode_cleanup_disconnected()
When cleanup_disconnected_lease() fails we should stop,
at least we do that if brl_cleanup_disconnected() fails.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14428
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
1aa1ac97082f81f6dc62f345823d2dd345e0afd7)
Stefan Metzmacher [Fri, 28 Aug 2020 13:56:35 +0000 (15:56 +0200)]
s3:share_mode_lock: consistently debug share_mode_entry records
share_mode_entry_do(), share_mode_forall_entries() and
share_entry_forall() print the record before the callback is called
and when it was modified or deleted.
This makes it much easier to debug problems.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14428
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
4d740ac2084a68c6d4836cd83ea5d5f1ee9d37a2)
Stefan Metzmacher [Fri, 28 Aug 2020 13:56:35 +0000 (15:56 +0200)]
s3:share_mode_lock: let share_mode_forall_entries/share_entry_forall evaluate e.stale first
It's not really clear why e.stale would be ignored if *modified is set
to true.
This matches the behavior of share_mode_entry_do()
This also makes sure we see the removed entry in level 10 logs again.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14428
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
deb2f782c95a5e59a0a5da4272239c2d31bc2b6d)
Stefan Metzmacher [Fri, 28 Aug 2020 12:37:59 +0000 (14:37 +0200)]
s3:share_mode_lock: reproduce problem with stale disconnected share mode entries
This reproduces the origin of "PANIC: assert failed in get_lease_type()"
(https://bugzilla.samba.org/show_bug.cgi?id=14428).
share_mode_cleanup_disconnected() removes disconnected entries from
leases.tdb and brlock.tdb but not from locking.tdb.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14428
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
444f2bedf723b89bb9f493c47812bff2154c4113)
Stefan Metzmacher [Fri, 28 Aug 2020 13:33:43 +0000 (15:33 +0200)]
s3:selftest: also run durable_v2_reconnect_delay_msec in samba3.blackbox.durable_v2_delay
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14428
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
560fe7b38f0c8d53079fabf3f984b11748270035)
Volker Lendecke [Tue, 11 Aug 2020 16:09:14 +0000 (18:09 +0200)]
tldap: Receiving "msgid == 0" means the connection is dead
We never use msgid=0, see tldap_next_msgid(). RFC4511 section 4.4.1
says that the unsolicited disconnect response uses msgid 0. We don't
parse this message, which supposedly is an extended response: Windows
up to 2019 sends an extended response in an ASN.1 encoding that does
not match RFC4511.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14465
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Aug 21 20:37:25 UTC 2020 on sn-devel-184
(cherry picked from commit
ccaf661f7c75717341140e3fbfb2a48f96ea952c)
Volker Lendecke [Thu, 13 Aug 2020 12:59:58 +0000 (14:59 +0200)]
test: Test winbind idmap_ad ticket expiry behaviour
We need to make sure that winbind's idmap_ad deals fine with an
expired krb ticket used to connect to AD via LDAP. In a customer
situation we have seen the RFC4511 section 4.4.1 unsolicited ldap exop
response coming through, but the TCP disconnect that Windows seems to
do after that did not make it. Winbind deals fine with a TCP
disconnect, but right now it does not handle just the section 4.4.1
response properly: It completely hangs.
This test requests a ticket valid for 5 seconds and makes the LDAP
server postpone the TCP disconnect after the ticket expiry for 10
seconds. The tests that winbind reacts to the ticket expiry exop
response by making sure in this situation the wbinfo call running into
the issue takes less than 8 seconds. If it did not look at the expiry
exop response, it would take more than 10 seconds.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14465
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
a4ecd112e7754ab25bcae749594952a28c4c8905)
Stefan Metzmacher [Tue, 11 Aug 2020 16:24:39 +0000 (18:24 +0200)]
idmap_ad: Pass tldap debug messages on to DEBUG()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14465
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
7af2df01dff62d6d9ca572f320ef60dea41d6064)
Volker Lendecke [Wed, 12 Aug 2020 11:26:18 +0000 (13:26 +0200)]
tldap: Add PRINTF_ATTRIBUTE declaration to tldap_debug()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14465
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
a2b281bed022c04427ef478529462ff84fe42908)
Volker Lendecke [Tue, 11 Aug 2020 15:44:42 +0000 (17:44 +0200)]
tldap: Make sure all requests are cancelled on rundown
Put messages into the ld->pending array before sending them out, not
after they have been sent.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14465
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
2a2a6b27cccb2409d321c7e03feb8baa047d1bf4)
Volker Lendecke [Tue, 11 Aug 2020 15:30:22 +0000 (17:30 +0200)]
tldap: Centralize connection rundown on error
Whenever send or recv return -1, we have to cancel all pending
requests and our transport stream is no longer usable: Discard it upon
such an error.
To avoid duplicate state, tldap_connection_ok() now looks at whether
we have a tstream_context around.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14465
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
f745f5b12560dbcb7be6f3ffb3bc10704c87149c)
Volker Lendecke [Tue, 11 Aug 2020 15:14:14 +0000 (17:14 +0200)]
tldap: Maintain the ldap read request in tldap_context
Required for proper connection rundown, we need to TALLOC_FREE() the
read request before shutting down the tstream
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14465
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
cb852c9dc0d0fa1d3e7473082ad6b460106b314b)
Volker Lendecke [Mon, 17 Aug 2020 19:59:48 +0000 (21:59 +0200)]
tldap: Always remove ourselves from ld->pending at cleanup time
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14465
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
14f6d1996ec38620b1c05a3b6c0e26dd21801fac)
Volker Lendecke [Tue, 11 Aug 2020 14:54:34 +0000 (16:54 +0200)]
tldap: Fix tldap_msg_received()
The callback of "req" might have destroyed "ld", we can't reference
this anymore after calling tevent_req_done(req). Defer calling the
callbacks, which also means that the callbacks can't have added
anything to ld->pending.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14465
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
f816ccb8f4d212fe7f6bf36f90cbb9297c899786)
Volker Lendecke [Tue, 11 Aug 2020 14:16:12 +0000 (16:16 +0200)]
tldap: Only free() ld->pending if "req" is part of it
Best reviewed with "git show -U10". We need to check that "req" is
actually the last request that is being freed before freeing the whole
array.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14465
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
b85dbc9ccf80d8c19aff33c1da83954e5d6a37ef)
Volker Lendecke [Mon, 10 Aug 2020 14:24:04 +0000 (16:24 +0200)]
ldap_server: Terminate LDAP connections on krb ticket expiry
See RFC4511 section 4.4.1 and
https://lists.samba.org/archive/cifs-protocol/2020-August/003515.html
for details: Windows terminates LDAP connections when the krb5 ticket
expires, Samba should do the same. This patch slightly deviates from
Windows behaviour by sending a LDAP exop response with msgid 0 that is
ASN1-encoded conforming to RFC4511.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14465
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
eb72f887b0bf91c050fd5d911f58a1b3ff9b8bcc)
Volker Lendecke [Fri, 7 Aug 2020 11:40:58 +0000 (13:40 +0200)]
ldap_server: Add the krb5 expiry to conn->limits
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14465
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
77f72fb01faba45babfe6080f805361492ce49e5)
Volker Lendecke [Wed, 12 Aug 2020 13:50:58 +0000 (15:50 +0200)]
torture: Test ldap session expiry
LDAP connections should time out when the kerberos ticket used to authenticate
expires. Windows does this with a RFC4511 section 4.4.1 message (that as of
August 2020 is encoded not according to the RFC) followed by a TCP disconnect.
ldb sees the section 4.4.1 as a protocol violation and returns
LDB_ERR_PROTOCOL_ERROR.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14465
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
35c4bb0b0c55a65490fe199edb1a534548104e95)
Volker Lendecke [Wed, 12 Aug 2020 13:48:01 +0000 (15:48 +0200)]
build: Wrap a long line
There will be another entry in the next commit
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14465
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
c8c2f8ba73324ba43ccef9f6d1c0c726d7ec0d25)
Karolin Seeger [Fri, 28 Aug 2020 09:19:18 +0000 (11:19 +0200)]
VERSION: Bump version up to 4.13.0rc4...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Fri, 28 Aug 2020 09:18:15 +0000 (11:18 +0200)]
VERSION: Disable GIT_SNAPSHOT for the 4.13.0rc3 release.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Thu, 27 Aug 2020 09:21:12 +0000 (11:21 +0200)]
WHATSNEW: Add release notes for Samba 4.13.0rc3.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Martin Schwenke [Tue, 23 Jan 2018 23:21:37 +0000 (10:21 +1100)]
ctdb-recoverd: Rename update_local_flags() -> update_flags()
This also updates remote flags so the name is misleading.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14466
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
4aa8e72d60e92951b35190d2ffcfdb1bfb756609)
Autobuild-User(v4-13-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-13-test): Thu Aug 27 12:11:01 UTC 2020 on sn-devel-184
Martin Schwenke [Thu, 18 Jan 2018 09:35:55 +0000 (20:35 +1100)]
ctdb-recoverd: Change update_local_flags() to use already retrieved nodemaps
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14466
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
702c7c4934e79a9161fdc59df70df30ae492d89f)
Martin Schwenke [Thu, 13 Jun 2019 17:51:01 +0000 (03:51 +1000)]
ctdb-recoverd: Get remote nodemaps earlier
update_local_flags() will be changed to use these nodemaps.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14466
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
910a0b3b747a987ba69b6a0b6256e964b7d85dfe)
Martin Schwenke [Thu, 13 Jun 2019 14:23:22 +0000 (00:23 +1000)]
ctdb-recoverd: Do not fetch the nodemap from the recovery master
The nodemap has already been fetched from the local node and is
actually passed to this function. Care must be taken to avoid
referencing the "remote" nodemap for the recovery master. It also
isn't useful to do so, since it would be the same nodemap.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14466
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
d50919b0cb28f299c9b6985271b29d4f27c5f619)
Martin Schwenke [Thu, 18 Jan 2018 09:02:42 +0000 (20:02 +1100)]
ctdb-recoverd: Change get_remote_nodemaps() to use connected nodes
The plan here is to use the nodemaps retrieved by get_remote_nodes()
in update_local_flags(). This will improve efficiency, since
get_remote_nodes() fetches flags from nodes in parallel. It also
means that get_remote_nodes() can be used exactly once early on in
main_loop() to retrieve remote nodemaps. Retrieving nodemaps multiple
times is unnecessary and racy - a single monitoring iteration should
not fetch flags multiple times and compare them.
This introduces a temporary behaviour change but it will be of no
consequence when the above changes are made.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14466
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
762d1d8a9605f97973a2c1176de5d29fcc61d15a)
Martin Schwenke [Thu, 30 Jul 2020 01:57:51 +0000 (11:57 +1000)]
ctdb-recoverd: Fix node_pnn check and assignment of nodemap into array
This array is indexed by the same index as nodemap, not the PNN.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14466
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
368c83bfe3bbfff568d14f65e7b1ffa41d5349ac)
Martin Schwenke [Thu, 18 Jan 2018 08:58:15 +0000 (19:58 +1100)]
ctdb-recoverd: Add fail callback to assign banning credits
Also drop error handling in main_loop() that is replaced by this
change.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14466
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
10ce0dbf1c11eaaab7b28b6bbd014235a36d1962)
Martin Schwenke [Thu, 18 Jan 2018 08:52:22 +0000 (19:52 +1100)]
ctdb-recoverd: Add an intermediate state struct for nodemap fetching
This will allow an error callback to be added.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14466
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
a079ee31690cf7110f46b41989ffcfb83b7626d6)
Martin Schwenke [Thu, 18 Jan 2018 05:31:39 +0000 (16:31 +1100)]
ctdb-recoverd: Move memory allocation into get_remote_nodemaps()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14466
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
2eaa0af6160588b6e3364b181d0976477d12b51b)
Martin Schwenke [Thu, 18 Jan 2018 05:41:19 +0000 (16:41 +1100)]
ctdb-recoverd: Change signature of get_remote_nodemaps()
Change 1st argument to a rec context, since this will be needed later.
Drop the nodemap argument and access it via rec->nodemap instead.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14466
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
3324dd272c7dafa92cd9c3fd0af8f50084bcdaaa)
Martin Schwenke [Mon, 17 Aug 2020 10:27:18 +0000 (20:27 +1000)]
ctdb-recoverd: Fix a local memory leak
The memory is allocated off the memory context used by the current
iteration of main loop. It is freed when main loop completes the fix
doesn't require backporting to stable branches. However, it is sloppy
so it is worth fixing.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14466
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
d2d90f250214582d7124b8137aa2cf5032b2f285)
Martin Schwenke [Thu, 18 Jan 2018 05:19:36 +0000 (16:19 +1100)]
ctdb-recoverd: Basic cleanups for get_remote_nodemaps()
Don't log an error on failure - let the caller can do this. Apart
from this: fix up coding style and modernise the remaining error
message.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14466
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
52f520d39cd92e1cf2413fd7e0dd362debd6f463)
Martin Schwenke [Tue, 14 Jul 2020 04:29:09 +0000 (14:29 +1000)]
ctdb-recoverd: Simplify calculation of new flags
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Fri Jul 24 06:03:23 UTC 2020 on sn-devel-184
(cherry picked from commit
5ce6133a75107abdcb9fcfd93bc7594812dc5055)
Martin Schwenke [Tue, 14 Jul 2020 04:22:15 +0000 (14:22 +1000)]
ctdb-recoverd: Correctly find nodemap entry for pnn
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
3654e416770cc7521dcc3c15976daeba37023304)
Martin Schwenke [Tue, 5 May 2020 13:49:05 +0000 (23:49 +1000)]
ctdb-recoverd: Do not retrieve nodemap from recovery master
It is already in rec->nodemap.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
9475ab044161e687b9ced3a477746393565b49b1)
Martin Schwenke [Fri, 28 Sep 2018 00:46:17 +0000 (10:46 +1000)]
ctdb-recoverd: Flatten update_flags_on_all_nodes()
The logic currently in ctdb_ctrl_modflags() will be optimised so that
it no longer matches the pattern for a control function. So, remove
this function and squash its functionality into the only caller.
Although there are some superficial changes, the behaviour is
unchanged.
Flattening the 2 functions produces some seriously weird logic for
setting the new flags, to the point where using ctdb_ctrl_modflags()
for this purpose now looks very strange. The weirdness will be
cleaned up in a subsequent commit.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
0c6a7db3ba84b8355359b0a8c52690b234bb866d)
Martin Schwenke [Tue, 5 May 2020 13:37:57 +0000 (23:37 +1000)]
ctdb-recoverd: Move ctdb_ctrl_modflags() to ctdb_recoverd.c
This file is the only user of this function.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
a88c10c5a9afcf0a3dcadef07dd95af498bfa47a)
Martin Schwenke [Tue, 14 Jul 2020 04:43:04 +0000 (14:43 +1000)]
ctdb-recoverd: Improve a call to update_flags_on_all_nodes()
This should take a PNN, not an array index.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
b1e631ff929fd87392a80895d1c8d265d9df42dc)
Martin Schwenke [Fri, 14 Jun 2019 21:20:19 +0000 (07:20 +1000)]
ctdb-recoverd: Use update_flags_on_all_nodes()
This is clearer than using the MODFLAGS control directly.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
915d24ac12d27c21649d9e64d201d9df9d583129)
Martin Schwenke [Fri, 14 Jun 2019 21:19:26 +0000 (07:19 +1000)]
ctdb-recoverd: Introduce some local variables to improve readability
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
f681c0e947741151f8fb95d88edddfd732166dc1)
Martin Schwenke [Tue, 5 May 2020 13:45:15 +0000 (23:45 +1000)]
ctdb-recoverd: Change update_flags_on_all_nodes() to take rec argument
This makes fields such as recmaster and nodemap easily available if
required.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
cb3a3147b7a3a29d7806733791e1fa6ba2e46680)
Martin Schwenke [Thu, 18 Jan 2018 09:25:07 +0000 (20:25 +1100)]
ctdb-recoverd: Drop unused nodemap argument from update_flags_on_all_nodes()
An unused argument needlessly extends the length of function calls. A
subsequent change will allow rec->nodemap to be used if necessary.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
6982fcb3e6c940d0047aac3b6bfbc9dfdc8d7214)
Günther Deschner [Tue, 10 Mar 2020 17:18:10 +0000 (18:18 +0100)]
docs: Add missing winexe manpage
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14318
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Aug 20 12:55:23 UTC 2020 on sn-devel-184
(cherry picked from commit
a9b6a8378e5db19d5d5ecd42f08ec3abd49ad5b8)
Andrew Bartlett [Tue, 16 Jun 2020 10:23:32 +0000 (22:23 +1200)]
WHATSNEW: list deprecated parameters
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14460
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Aug 18 01:32:21 UTC 2020 on sn-devel-184
(cherry picked from commit
20606fd0a4c4697ff99da59f748af6908d929901)
Autobuild-User(v4-13-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-13-test): Mon Aug 24 15:13:30 UTC 2020 on sn-devel-184
Andrew Bartlett [Thu, 5 Sep 2019 04:55:35 +0000 (16:55 +1200)]
docs: deprecate "raw NTLMv2 auth"
This parameter is appicable only to SMBv1 and we are deprecating SMBv1 specific
authentication options for possible removal.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14460
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
8c9d9441edce2e8d7f0428d0ec5e209ed8a55dbc)
Andrew Bartlett [Thu, 5 Sep 2019 04:55:23 +0000 (16:55 +1200)]
docs: deprecate "client plaintext auth"
This parameter is appicable only to SMBv1 and we are deprecating SMBv1 specific
authentication options for possible removal.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14460
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
37583b19d2c3dbf3e9d0498a39b8b9d9c727e1d4)
Andrew Bartlett [Thu, 5 Sep 2019 04:54:01 +0000 (16:54 +1200)]
docs: deprecate "client NTLMv2 auth"
This parameter is appicable only to SMBv1 and we are deprecating SMBv1 specific
authentication options for possible removal.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14460
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
5543c11c8b007b49641758428af7ba3976683438)
Andrew Bartlett [Thu, 5 Sep 2019 04:53:46 +0000 (16:53 +1200)]
docs: deprecate "client lanman auth"
This parameter is appicable only to SMBv1 and we are deprecating SMBv1 specific
authentication options for possible removal.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14460
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
ac8e5ea22d9f9b16a79f519f69852b46ac798541)
Andrew Bartlett [Thu, 5 Sep 2019 04:53:20 +0000 (16:53 +1200)]
docs: deprecate "client use spnego"
This parameter is appicable only to SMBv1 and we are deprecating SMBv1 specific
authentication options for possible removal.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14460
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
1b85db57e53533ce14beb79f6d949a08f6ef9f91)
Andrew Bartlett [Tue, 16 Jun 2020 09:46:33 +0000 (21:46 +1200)]
docs: Deprecate NT4-like domains and SMBv1-only protocol options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14460
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
c6aa710f8da9ef92b388f1c0c59b2dd3c602ad2d)
Andrew Bartlett [Mon, 10 Aug 2020 08:36:53 +0000 (20:36 +1200)]
selftest: Do not let deprecated option warnings muck this test up
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14460
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
9e212dd15e6c484d69f236f3c6d7186f0e6353b4)