pyldb: Remove unused and broken Python access to LDB module API These exposed the private LDB modules API to python, and was untested and broken since LDB was made async internally as it never called ldb_wait() on the result. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
WHATSNEW: Add information on LDB no longer available standalone Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri Mar 1 03:45:21 UTC 2024 on atb-devel-224
WHATSNEW: Start release notes for Samba 4.21.0pre1. Signed-off-by: Jule Anger <janger@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
WHATSNEW: Up to Samba 4.20.0rc1. Signed-off-by: Jule Anger <janger@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
WHATSNEW: Add entry for new save/restore options for smbcacls Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Fri Jan 26 11:30:07 UTC 2024 on atb-devel-224
WHATSNEW: Add entry for wspsearch client utility Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Ralph Boehme <slow@samba.org>
WHATSNEW: Add entry for "samba-tool user get-kerberos-ticket" Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org> Autobuild-Date(master): Thu Dec 21 03:04:12 UTC 2023 on atb-devel-224
WHATSNEW: Add entry for "samba-tool user getpassword" changes Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
samba-tool user getpassword: Prepare to support a ;previous=1 option, change behaviour for ;rounds= This will return the previous password, but the pattern is to include the option in the returned attribute name, so we need to use vatter["raw_attr"], not 'a'. This changes the behaviour for the ;rounds= option used when we hold the plaintext password (possibly under GPG encryption). This is now consistant with other parameters in the LDAP attribute, and is now included in the returned attribute name. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
smbd: bring back "smb3 unix extensions" option This basically reverts commit b3cae8dcf192f65031f143e5bb9135c895611d98 with a few important differences: * SMB3 UNIX extensions are always built, but disabled by default at runtime. * They are globally enabled in the fileserver test environment. * It's now a per-share option, so admins can selectively disable them on a per-share basis. This allows clients to detect early that a share doesn't support user mount requested POSIX and fail appropiately, passing the failure to the requesting application (mount command). Signed-off-by: Ralph Boehme <slow@samba.org>
WHATSNEW: Mention logged on users list removal Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Wed Nov 1 12:52:13 UTC 2023 on atb-devel-224
conf: Remove "smb3 unix extensions" parameter Always offer it, it's a client thing to ask for it or not. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Sep 21 17:43:23 UTC 2023 on atb-devel-224
krb5: Increase the minimum MIT Krb5 version to 1.21 This is the version we test with in CI after the image update in the next commit. This addresses the issues that were fixed in CVE-2022-37967 (KrbtgtFullPacSignature) and ensures that Samba builds against the MIT version that allows us to avoid that attack. The hooks to allow these expectations to be disabled in the tests are kept for now, to allow this to be reverted or to test older servers. With MIT 1.21 as the new test standard for the MIT KDC build we update the knownfail_mit_kdc - this was required regadless after the CI image update. Any update to the CI image, even an unrelated one, brings in a new MIT Krb5, version 1.21-3 in this case. This has new behaviour that needs to be noted in the knownfail files or else the tests, which haven't changed, will fail and pipelines won't pass. (The image generated by the earlier bootstrap commit brought in krb5-1.21-2 which was buggy with CVE-2023-39975) Further tweaks to tests or the server should reduce the number of knownfail entries, but this keeps the pipelines passing for now. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15231 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
bootstrap: Heimdal no longer requires perl-JSON Heimdal after lorikeet-heimdal-202307040259 (commit 33d117b8a9c11714ef709e63a005d87e34b9bfde) includes Heimdal master commit f62e2f278437ff6c03d2d09bd628381c795bba78. This has PR https://github.com/heimdal/heimdal/pull/1176 and no longer requires the external JSON module, as JSON::PP is builtin. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15394 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
WHATSNEW: Remove unusual box around 'REMOVED FEATURES' We do not normally put the ==== above the titles, per recent practice. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
WHATSNEW: Start release notes for Samba 4.20.0pre1. Signed-off-by: Jule Anger <janger@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
WHATSNEW: Up to Samba 4.19.0rc1. Signed-off-by: Jule Anger <janger@samba.org>
WHATSNEW: Add TLS cert reload feature Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Jul 25 21:02:35 UTC 2023 on atb-devel-224
WHATSNEW: Mention new unicodePwd only over encrypted LDAP restriction Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
WHATSNEW: mention KDC auditing Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>