1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

529 Commits

Author SHA1 Message Date
Jule Anger
d01b50ec4f WHATSNEW: Add release notes for Samba 4.20.1.
Signed-off-by: Jule Anger <janger@samba.org>
2024-05-08 09:59:43 +02:00
Jule Anger
797464b762 WHATSNEW: Add release notes for Samba 4.20.0.
Signed-off-by: Jule Anger <janger@samba.org>
2024-03-27 18:07:29 +01:00
Stefan Metzmacher
99b6feac93 WHATSNEW: announce Service Witness Protocol [MS-SWN] and related options
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

Autobuild-User(v4-20-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-20-test): Tue Mar 19 13:30:31 UTC 2024 on atb-devel-224
2024-03-19 13:30:31 +00:00
Jule Anger
f485def810 WHATSNEW: Add release notes for Samba 4.20.0rc4.
Signed-off-by: Jule Anger <janger@samba.org>
2024-03-11 15:53:16 +01:00
Jule Anger
f3da62a2bb WHATSNEW: Add release notes for Samba 4.20.0rc3.
Signed-off-by: Jule Anger <janger@samba.org>
2024-02-26 12:35:56 +01:00
Jule Anger
f06a06b713 WHATSNEW: Add release notes for Samba 4.20.0rc2.
Signed-off-by: Jule Anger <janger@samba.org>
2024-02-12 14:01:59 +01:00
Andrew Bartlett
f8dfce9482 WHATSNEW: Explain new AD DC Claims, authentication policies and Silos
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15566

Signed-off-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(v4-20-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-20-test): Mon Feb 12 11:55:51 UTC 2024 on atb-devel-224
2024-02-12 11:55:51 +00:00
Douglas Bagnall
4872b0abf6 WHATSNEW: Add some information about new conditional aces feature
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15566

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-02-12 10:53:13 +00:00
Douglas Bagnall
8e8b8fc054 WHATSNEW: note "acl_claims evaluation" smb.conf option
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15566

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-02-12 10:53:13 +00:00
Jule Anger
8e31cb2007 WHATSNEW: Up to Samba 4.20.0rc1.
Signed-off-by: Jule Anger <janger@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2024-01-29 14:39:32 +00:00
Noel Power
d63e972aa0 WHATSNEW: Add entry for new save/restore options for smbcacls
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Jan 26 11:30:07 UTC 2024 on atb-devel-224
2024-01-26 11:30:07 +00:00
Noel Power
a9028f25e6 WHATSNEW: Add entry for wspsearch client utility
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
2024-01-26 10:26:30 +00:00
Andrew Bartlett
31637d4037 WHATSNEW: Add entry for "samba-tool user get-kerberos-ticket"
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Thu Dec 21 03:04:12 UTC 2023 on atb-devel-224
2023-12-21 03:04:12 +00:00
Andrew Bartlett
a39e19dfa7 WHATSNEW: Add entry for "samba-tool user getpassword" changes
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-12-21 02:05:38 +00:00
Andrew Bartlett
2c54a75484 samba-tool user getpassword: Prepare to support a ;previous=1 option, change behaviour for ;rounds=
This will return the previous password, but the pattern is to include
the option in the returned attribute name, so we need to use
vatter["raw_attr"], not 'a'.

This changes the behaviour for the ;rounds= option used when we hold
the plaintext password (possibly under GPG encryption).

This is now consistant with other parameters in the LDAP attribute,
and is now included in the returned attribute name.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-12-21 02:05:38 +00:00
Ralph Boehme
631e6aa0d0 smbd: bring back "smb3 unix extensions" option
This basically reverts commit b3cae8dcf1
with a few important differences:

* SMB3 UNIX extensions are always built, but disabled by default at runtime.

* They are globally enabled in the fileserver test environment.

* It's now a per-share option, so admins can selectively disable them
  on a per-share basis. This allows clients to detect early that a share
  doesn't support user mount requested POSIX and fail appropiately, passing
  the failure to the requesting application (mount command).

Signed-off-by: Ralph Boehme <slow@samba.org>
2023-11-27 18:31:35 +00:00
Samuel Cabrero
de20ee1ada WHATSNEW: Mention logged on users list removal
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Nov  1 12:52:13 UTC 2023 on atb-devel-224
2023-11-01 12:52:13 +00:00
Volker Lendecke
b3cae8dcf1 conf: Remove "smb3 unix extensions" parameter
Always offer it, it's a client thing to ask for it or not.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Sep 21 17:43:23 UTC 2023 on atb-devel-224
2023-09-21 17:43:23 +00:00
Andrew Bartlett
b896da351c krb5: Increase the minimum MIT Krb5 version to 1.21
This is the version we test with in CI after the image update
in the next commit.  This addresses the issues that were
fixed in CVE-2022-37967 (KrbtgtFullPacSignature) and ensures
that Samba builds against the MIT version that allows us to
avoid that attack.

The hooks to allow these expectations to be disabled in the tests
are kept for now, to allow this to be reverted or to test
older servers.

With MIT 1.21 as the new test standard for the MIT KDC build
we update the knownfail_mit_kdc - this was required regadless
after the CI image update.

Any update to the CI image, even an unrelated one, brings in
a new MIT Krb5, version 1.21-3 in this case.  This has new
behaviour that needs to be noted in the knownfail files or
else the tests, which haven't changed, will fail and
pipelines won't pass.

(The image generated by the earlier bootstrap commit brought
in krb5-1.21-2 which was buggy with CVE-2023-39975)

Further tweaks to tests or the server should reduce the number
of knownfail entries, but this keeps the pipelines passing for now.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15231

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-08-14 03:46:35 +00:00
Andrew Bartlett
8744e5df77 bootstrap: Heimdal no longer requires perl-JSON
Heimdal after lorikeet-heimdal-202307040259
(commit 33d117b8a9c11714ef709e63a005d87e34b9bfde)
includes Heimdal master commit f62e2f278437ff6c03d2d09bd628381c795bba78.

This has PR https://github.com/heimdal/heimdal/pull/1176 and no
longer requires the external JSON module, as JSON::PP is builtin.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15394

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-08-14 03:46:35 +00:00
Andrew Bartlett
26329a69cd WHATSNEW: Remove unusual box around 'REMOVED FEATURES'
We do not normally put the ==== above the titles, per recent practice.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-08-14 03:46:35 +00:00
Stefan Metzmacher
1771ee694f WHATSNEW: Start release notes for Samba 4.20.0pre1.
Signed-off-by: Jule Anger <janger@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2023-07-28 10:48:33 +00:00
Jule Anger
6943c1e3cd WHATSNEW: Up to Samba 4.19.0rc1.
Signed-off-by: Jule Anger <janger@samba.org>
2023-07-28 10:48:33 +00:00
Andrew Bartlett
e86e0da9de WHATSNEW: Add TLS cert reload feature
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Jul 25 21:02:35 UTC 2023 on atb-devel-224
2023-07-25 21:02:35 +00:00
Andrew Bartlett
5e473cba0d WHATSNEW: Mention new unicodePwd only over encrypted LDAP restriction
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-07-21 01:25:37 +00:00
Andrew Bartlett
3f25300228 WHATSNEW: mention KDC auditing
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-07-21 01:25:37 +00:00
Andrew Bartlett
b9667bc29a WHATSNEW: FAST support, Claims compression, SID compression
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-07-21 01:25:37 +00:00
Andrew Bartlett
6844def667 WHATSNEW: Mention Heimdal updates
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-07-21 01:25:37 +00:00
Andrew Bartlett
fbed6d80b1 WHATSNEW: Expand detail on what of 2012, 2012R2 and 2016 support is implemented
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-07-21 01:25:37 +00:00
Andrew Bartlett
29310f27d4 WHATSNEW: PKINIT testing
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-07-21 01:25:36 +00:00
Andrew Bartlett
fb27e01b36 WHATSNEW: Include info on new samba-tool features
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-07-21 01:25:36 +00:00
Andrew Bartlett
0ee8c263f6 WHATSNEW: Add text on PKINIT Certificate Revocation
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9612
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-07-21 01:25:36 +00:00
Andrew Bartlett
5f69220f0a WHATSNEW: Update minimum GnuTLS version
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-07-19 03:31:30 +00:00
Andrew Bartlett
0ef8083cca WHATSNEW: Mention new default schema and Functional Level prep
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jun 21 20:01:06 UTC 2023 on atb-devel-224
2023-06-21 20:01:06 +00:00
Joseph Sutton
a9d543cdfc s4:kdc: Gate claims, auth policies and NTLM restrctions behind 2012/2016 FLs
Samba security features like AD claims, Authentication Policies and
Authentication Silos are enabled once the DC is at the required functional level.

We comment at the callers of of dsdb_dc_functional_level() to explain
why we do this.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-06-21 19:08:37 +00:00
Volker Lendecke
18070a2d65 WHATSNEW: Mention removed "directory name cache size" parameter
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-06-16 16:14:30 +00:00
Pavel Filipenský
dc6edc4881 WHATSNEW.txt: Improved winbind logging and samba-log-parser
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Jun  7 15:06:07 UTC 2023 on atb-devel-224
2023-06-07 15:06:07 +00:00
David Mulder
c80affe0f1 Add a WHATSNEW entry indicating libgpo py deprecation
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15225

Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Andreas Schneider
d0d588558d Update WHATSNEW.txt
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-05 01:06:29 +00:00
Jule Anger
6c4775021b WHATSNEW: Start release notes for Samba 4.19.0pre1.
Signed-off-by: Jule Anger <janger@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2023-01-18 16:26:36 +00:00
Jule Anger
0c9b310e23 WHATSNEW: Up to Samba 4.18.0rc1.
Signed-off-by: Jule Anger <janger@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2023-01-18 16:26:36 +00:00
Ralph Boehme
52cdf1d93a wbinfo: Add --change-secret-at=dcname
Add WHATSNEW.txt entry and update wbinfo man page.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-12-21 19:10:35 +00:00
Douglas Bagnall
063976fca3 WHATSNEW: samba-tool: fewer tracebacks, more colour
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Sep 19 07:14:31 UTC 2022 on sn-devel-184
2022-09-19 07:14:31 +00:00
Jule Anger
4292cfa4c8 WHATSNEW: Start release notes for Samba 4.18.0pre1.
Signed-off-by: Jule Anger <janger@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2022-08-08 16:24:21 +02:00
Jule Anger
459107e6ef WHATSNEW: Up to Samba 4.17.0rc1.
Signed-off-by: Jule Anger <janger@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2022-08-08 16:21:26 +02:00
Andrew Bartlett
e8517ee7c7 WHATSNEW: Announce support for dropping the NT hash
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-06-26 22:10:29 +00:00
Jeremy Allison
efcaeff2c3 WHATSNEW.txt: Add explaination of --without-smb1-server and --with-smb1-server configure options.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Mulder <dmulder@suse.com>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Apr  7 18:33:31 UTC 2022 on sn-devel-184
2022-04-07 18:33:31 +00:00
Martin Schwenke
39f70481bb WHATSNEW: Document some CTDB changes
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Wed Apr  6 07:32:04 UTC 2022 on sn-devel-184
2022-04-06 07:32:04 +00:00
Andrew Bartlett
d7a91a855c s4-auth: Remove last traces of LanMan authentiation support in the AD DC.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Mar 29 03:32:57 UTC 2022 on sn-devel-184
2022-03-29 03:32:57 +00:00
Thomas Debesse
206909d52b s4: dns: Add customizable dns port option
Signed-off-by: Thomas Debesse <dev@illwieckz.net>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Mar 25 20:25:28 UTC 2022 on sn-devel-184
2022-03-25 20:25:28 +00:00