[SCM] Samba Shared Repository - branch v4-11-test updated
Karolin Seeger
kseeger at samba.org
Fri Sep 6 08:20:02 UTC 2019
The branch, v4-11-test has been updated
via 11c2b21b97d ctdb: fix compilation on systems with glibc robust mutexes
via 04867f4c513 WHATSNEW: Add entry for deprecation of "lanman auth" and "encrypt passwords = no"
via f1d2b5eba72 docs: Deprecate "encrypt passwords = no"
via 116f8cfe304 docs: Deprecate "lanman auth = yes"
from bc0d16c9d8e ldb: Release ldb 2.0.7
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test
- Log -----------------------------------------------------------------
commit 11c2b21b97d2d8fcd46c7e3ac8005e940869bc51
Author: Ralph Boehme <slow at samba.org>
Date: Fri Jul 12 10:49:13 2019 +0200
ctdb: fix compilation on systems with glibc robust mutexes
On older systems like SLES 11 without POSIX robust mutexes, but with glib robust
mutexes where all the functions are available but have a "_np" suffix,
compilation fails in:
ctdb/tests/src/test_mutex_raw.c.239.o: In function `worker':
/root/samba-4.10.6/bin/default/../../ctdb/tests/src/test_mutex_raw.c:129: undefined reference to `pthread_mutex_consistent'
ctdb/tests/src/test_mutex_raw.c.239.o: In function `main':
/root/samba-4.10.6/bin/default/../../ctdb/tests/src/test_mutex_raw.c:285: undefined reference to `pthread_mutex_consistent'
/root/samba-4.10.6/bin/default/../../ctdb/tests/src/test_mutex_raw.c:332: undefined reference to `pthread_mutexattr_setrobust'
/root/samba-4.10.6/bin/default/../../ctdb/tests/src/test_mutex_raw.c:363: undefined reference to `pthread_mutex_consistent'
collect2: ld returned 1 exit status
This could be fixed by using libreplace system/threads.h instead of pthreads.h
directly, but as there has been a desire to keep test_mutex_raw.c standalone and
compilable without other external depenencies then libc and libpthread, make the
tool developer build only. This should get the average user over the cliff.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14038
RN: Fix compiling ctdb on older systems lacking POSIX robust mutexes
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
(cherry picked from commit f5388f97792ac2d7962950dad91aaf8ad49bceaa)
Autobuild-User(v4-11-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-11-test): Fri Sep 6 08:19:44 UTC 2019 on sn-devel-184
commit 04867f4c513c70313f71c59ed3131307c0d1c4dc
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Sep 5 16:12:10 2019 +1200
WHATSNEW: Add entry for deprecation of "lanman auth" and "encrypt passwords = no"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14117
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
commit f1d2b5eba72df50f98860557e3d3523b1e82f625
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Sep 5 11:19:10 2019 +1200
docs: Deprecate "encrypt passwords = no"
This feature is only available for SMB1 and we need to warn users that this
is going away soon, and allow the removal in a future release under our rules
for parameter deprecation.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14117
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
(cherry picked from commit 8d0d99a4d78ba408bb45e2d693049025e60e277a)
commit 116f8cfe3041676264f2bfa2ca43d6266cb326ab
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Sep 5 11:23:22 2019 +1200
docs: Deprecate "lanman auth = yes"
This feature is only available for SMB1 and we need to warn users that this
is going away soon, and allow the removal in a future release under our rules
for parameter deprecation.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14117
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Sep 5 04:04:18 UTC 2019 on sn-devel-184
(cherry picked from commit 1006f7abe8980d2c01c181db93225353ce494b3a)
-----------------------------------------------------------------------
Summary of changes:
WHATSNEW.txt | 14 ++++++++++++++
ctdb/wscript | 2 +-
docs-xml/smbdotconf/security/encryptpasswords.xml | 8 ++++++++
docs-xml/smbdotconf/security/lanmanauth.xml | 9 +++++++++
4 files changed, 32 insertions(+), 1 deletion(-)
Changeset truncated at 500 lines:
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index eece43fcd9e..904db5fefc3 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -68,6 +68,18 @@ in the following years. If you have a strong requirement for SMB1
(except for supporting old Linux Kernels), please file a bug
at https://bugzilla.samba.org and let us know about the details.
+LanMan and plaintext authentication deprecated
+----------------------------------------------
+
+The "lanman auth" and "encrypt passwords" parameters are deprecated
+with this release as both are only applicable to SMB1 and are quite
+insecure. NTLM, NTLMv2 and Kerberos authentication are unaffected, as
+"encrypt passwords = yes" has been the default since Samba 3.0.0.
+
+If you have a strong requirement for these authentication protocols,
+please file a bug at https://bugzilla.samba.org and let us know about
+the details.
+
BIND9_FLATFILE deprecated
-------------------------
@@ -357,6 +369,8 @@ smb.conf changes
fruit:zero_file_id Changed default False
debug encryption New: dump encryption keys False
rndc command Deprecated
+ lanman auth Deprecated
+ encrypt passwords Deprecated
CHANGES SINCE 4.11.0rc2
diff --git a/ctdb/wscript b/ctdb/wscript
index 51a09fdc63d..9663213a2a8 100644
--- a/ctdb/wscript
+++ b/ctdb/wscript
@@ -1040,7 +1040,7 @@ def build(bld):
ib_deps,
install_path='${CTDB_TEST_LIBEXECDIR}')
- if bld.env.HAVE_ROBUST_MUTEXES and sys.platform.startswith('linux'):
+ if bld.env.HAVE_ROBUST_MUTEXES and sys.platform.startswith('linux') and bld.env.DEVELOPER:
bld.SAMBA_BINARY('test_mutex_raw',
source='tests/src/test_mutex_raw.c',
deps='pthread',
diff --git a/docs-xml/smbdotconf/security/encryptpasswords.xml b/docs-xml/smbdotconf/security/encryptpasswords.xml
index 4bd97809d86..4fdfa898501 100644
--- a/docs-xml/smbdotconf/security/encryptpasswords.xml
+++ b/docs-xml/smbdotconf/security/encryptpasswords.xml
@@ -1,8 +1,16 @@
<samba:parameter name="encrypt passwords"
context="G"
type="boolean"
+ deprecated="1"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
+ <para>This parameter has been deprecated since Samba 4.11 and
+ support for plaintext (as distinct from NTLM, NTLMv2
+ or Kerberos authentication)
+ will be removed in a future Samba release.</para>
+ <para>That is, in the future, the current default of
+ <command>encrypt passwords = yes</command>
+ will be the enforced behaviour.</para>
<para>This boolean controls whether encrypted passwords
will be negotiated with the client. Note that Windows NT 4.0 SP3 and
above and also Windows 98 will by default expect encrypted passwords
diff --git a/docs-xml/smbdotconf/security/lanmanauth.xml b/docs-xml/smbdotconf/security/lanmanauth.xml
index 97f2fb04dcb..e5e63e43076 100644
--- a/docs-xml/smbdotconf/security/lanmanauth.xml
+++ b/docs-xml/smbdotconf/security/lanmanauth.xml
@@ -2,8 +2,17 @@
context="G"
type="boolean"
function="_lanman_auth"
+ deprecated="1"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
+ <para>This parameter has been deprecated since Samba 4.11 and
+ support for LanMan (as distinct from NTLM, NTLMv2 or
+ Kerberos authentication)
+ will be removed in a future Samba release.</para>
+ <para>That is, in the future, the current default of
+ <command>lanman auth = no</command>
+ will be the enforced behaviour.</para>
+
<para>This parameter determines whether or not <citerefentry><refentrytitle>smbd</refentrytitle>
<manvolnum>8</manvolnum></citerefentry> will attempt to
authenticate users or permit password changes
--
Samba Shared Repository
More information about the samba-cvs
mailing list