[SCM] Samba Shared Repository - annotated tag samba-4.13.12 created
Jule Anger
janger at samba.org
Wed Sep 22 07:01:47 UTC 2021
The annotated tag, samba-4.13.12 has been created
at 7727e31fcfdbf4cb58c6f7aea139dd2e5d40e5b6 (tag)
tagging aa756f3f9fc88bbd10c6a3a7c1827ca09a669714 (commit)
replaces samba-4.13.11
tagged by Jule Anger
on Wed Sep 22 09:00:48 2021 +0200
- Log -----------------------------------------------------------------
samba: tag release samba-4.13.12
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmFK1KAACgkQqplEL7aA
tiAtsQ/9FuBEokyBUKG9EHraPw4No7iulxfaqHl7W3pHxRekvOmMx1LET81QxG46
XHfNNcluv6ALSlg7Ui/P5dDd8w9tejM4jlLTqwtXKNa4m6pOrT4xFoJp0WyzoW2u
ItHXEkybk+GVztTBI7Tne6QEkBi5j6PqaOnJvExxBpmrfJRs2sUeo2xXHoDFjnaS
tmiaZ9yoVhixTWv8e4nJewfKHC18cYlab6WrQBJRdXIN0olL8rL01wk7uVUDI1E+
CvrMNQWa7PFQLrqRH563LsanuRlGjJEiWwo0+ATc0c8aL1fhwXD2lJyLjrcPjPlo
uOWEKZPMXiY4v2GFaT8ugbCGgEc1qeZ+jEBXY7hCLF5SrhCyJ8Ro0Y1DLxrZ3YK/
xmmyqJ1UHgPH612WTMxPHZqw8cQkMWytnxnwPUs7WM1Ax2DW9yR89NvDqlYrjEXu
xBryJ6JvzMM+fhmexHFTospu8YPiq1mGcJE1b0K1LkkZkADly0IJOzh2astaSkhZ
/JFVQ8RzmE2qnCu+kNgqEZNB1HGqrk3UXG5c1Ldg/1hs0z4tOvc/GMFO32qIfyNR
pMqmA+ulxSXoLC8vztsY0rtNUEG83Su5Sb1uWxOgKPEZ05oBWBbQPZ5CDwbakqSv
9XlFzTSNTkEJOdaNuA5kFw+tif0+rnEwWOyaY0SEfiQM1jviZHE=
=qOpb
-----END PGP SIGNATURE-----
Andreas Schneider (3):
selftest: Re-format long lines in selftesthelpers.py
selftest: Add support for setting ENV variables in plansmbtorture4testsuite()
selftest: Add support for setting ENV variables in plantestsuite()
Andrew Bartlett (18):
selftest: Split up targets for samba_tool_drs from samba_tool_drs_showrepl
selftest: Only run samba_tool_drs_showrepl test once
dsdb: Be careful to avoid use of the expensive talloc_is_parent()
selftest: Add a test for LookupSids3 and LookupNames4 in python
s4-lsa: Cache sam.ldb handle in lsa_LookupSids3/LookupNames4
selftest: Add prefix to new schema attributes to avoid flapping dsdb_schema_attributes
selftest: Send enterprise principals tagged as such
selftest: Fix flipped machine and user constants
selftest: Make as_canonicalization_tests.py easier to run outside "make test"
samdb: Add samdb.domain_netbios_name()
selftest: Make as_canonicalization_tests.py auto-detect the NT4 domain name
selftest: Fix formatting of failure (traceback and options swapped in format string)
selftest: Add in encrypted-pa-data from RFC 6806
selftest: Windows 2019 implements the RemoveDollar behaviour for Enterprise principals
selftest: add space after --list in output of selftesthelpers.py
selftest: Remove knownfail for no_etypes FAST tests
tests/krb5: Remove harmful and a-typical return in as_req testcase
tests/krb5: Allow KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN for a missing sname
Björn Baumbach (1):
selftest: add option to pass args to tests to planpythontestsuite()
Gary Lockyer (22):
selftest: add mit kdc specific known fail
tests python krb5: Make PrincipalName_create a class method
tests python krb5: Add canonicalize flag to ASN1
tests python krb5: Add python kerberos canonicalization tests
selftest: add heimdal kdc specific known fail
tests python krb5: Add python kerberos compatability tests
tests python krb5: Add constants module
tests python krb5: Refactor canonicalization test constants
tests python krb5: Refactor compatability test constants
tests python krb5: raw_testcase permit RC4 salts
tests python krb5: Convert kdc-heimdal to python
tests python krb5: refactor compatability tests
tests python krb5: add arcfour salt tests
tests python krb5: Extra canonicalization tests
tests python krb5: Add Authorization data ad-type constants
tests python krb5: add test base class
tests python krb5: initial TGS tests
tests python krb5: Add key usage constants
tests python krb5: use key usage constants
tests python krb5: PEP8 cleanups
tests python krb5: MS-KILE client principal look-up
initial FAST tests
Joseph Sutton (120):
auth:creds: Remove unused variable
auth:creds: Fix parameter in creds.set_named_ccache()
pygensec: Fix method documentation
Revert "s4-test: fixed ndrdump test for top level build"
krb5ccache.idl: Add definition for a Kerberos credentials cache
librpc: Test parsing a Kerberos 5 credentials cache with ndrdump
krb5: Add Python functions to create a credentials cache containing a service ticket
python: Add credentials cache test
python: Add LDAP credentials cache test
python: Add RPC credentials cache test
Revert "libsmb: Use sid_parse()"
libsmb: Remove overflow check
libsmb: Avoid undefined behaviour when parsing whoami state
libsmb: Check to see that whoami is not receiving more data than it requested
libsmb: Ensure that whoami parses all the data provided to it
pylibsmb: Add posix_whoami()
python: Add SMB credentials cache test
python: Ensure reference counts are properly incremented
python: Fix erroneous increments of reference counts
python: Fix ticket timestamp conversion when local timezone is not UTC
python: Make credentials cache test run against Windows
tests/krb5/kdc_base_test.py: Defer account deletion until tearDownClass() is called
tests/krb5/raw_testcase.py: Add get_admin_creds()
tests/krb5/kdc_base_test.py: Create database connection only when needed
tests/krb5/kdc_base_test.py: Remove 'credentials' class attribute
tests/krb5/kdc_base_test.py: Create loadparm only when needed
tests/krb5/kdc_base_test.py: Add methods to determine supported encryption types
tests/krb5/raw_testcase.py: Add method to obtain Kerberos keys over DRS
tests/krb5/raw_testcase.py: Make env_get_var() a standalone method
tests/krb5/raw_testcase.py: Add allow_missing_keys parameter for getting creds
tests/krb5/raw_testcase.py: Cache obtained credentials
tests/krb5/raw_testcase.py: Allow specifying a fallback credentials function
tests/krb5/raw_testcase.py: Simplify conditionals
tests/krb5/kdc_base_test.py: Add fallback methods to obtain client and krbtgt credentials
tests/krb5/as_req_tests.py: Automatically obtain credentials
tests/krb5/as_req_tests.py: Check the client kvno
tests/krb5/raw_testcase.py: Check for an explicit 'unspecified kvno' value
tests/krb5: Deduplicate 'host' attribute initialisation
tests/krb5/as_canonicalization_tests.py: Refactor account creation
tests/krb5: Use admin creds for SamDB rather than user creds
s4:torture/krb5/kdc-heimdal: Automatically determine AS-REP enctype to check against
pygensec: Fix memory leaks
pygensec: Don't modify Python bytes objects
tests/krb5: Fix ms_kile_client_principal_lookup_test errors
tests/krb5: Fix comment typo
tests/krb5: Fix method name typo
tests/krb5: formatting
tests/krb5: Remove unneeded statements
tests/krb5: Use more compact dict lookup
tests/krb5: Simplify Python syntax
tests/krb5: Remove magic constants
tests/krb5: Fix including enc-authorization-data
tests/krb5: Fix callback_dict parameter
tests/krb5: Fix encpart_decryption_key with MIT KDC
tests/krb5: Expect e-data except when the error code is KDC_ERR_GENERIC
tests/krb5: Check Kerberos protocol version number
tests/krb5: Use credentials kvno when creating password key
tests/krb5: Allow cf2 to automatically use the enctype of the first key
tests/krb5: Refactor get_pa_data()
tests/krb5: Add get_enc_timestamp_pa_data_from_key()
tests/krb5: Add method to return dict containing padata elements
tests/krb5: Make _test_as_exchange() return value more consistent
tests/krb5: Add get_EpochFromKerberosTime()
tests/krb5: Use encryption with admin credentials
tests/krb5: Allow specifying additional details when creating an account
tests/krb5: Add more methods for obtaining machine and service credentials
tests/krb5: Add method to calculate account salt
tests/krb5: Add check_reply() method to check for AS or TGS reply
tests/krb5: Always specify expected error code
tests/krb5: Include kdc_options in kdc_exchange_dict
tests/krb5: Only allow specifying one of check_rep_fn and check_error_fn
tests/krb5: Ensure in assertElementPresent() that container elements are not empty
tests/krb5: Assert that more variables are not None
tests/krb5: Check version number of obtained ticket
tests/krb5: Make checking less strict
tests/krb5: Check nonce in EncKDCRepPart
tests/krb5: Add generate_ap_req() method
tests/krb5: Ensure generated padata is not None
tests/krb5: Generate AP-REQ for TGS request in _generic_kdc_exchange()
tests/krb5: Add more ASN1 definitions for FAST
tests/krb5: Add more methods to create ASN1 objects for FAST
tests/krb5: Add method to generate FAST encrypted challenge padata
tests/krb5: Add methods to calculate keys for FAST
tests/krb5: Rename generic_check_as_error() to generic_check_kdc_error()
tests/krb5: Include authenticator_subkey in AS-REQ exchange dict
tests/krb5: Modify generate_ap_req() to also generate FAST armor AP-REQ
tests/krb5: Add FAST armor generation to _generic_kdc_exchange()
tests/krb5: Allow specifying parameters specific to the outer request body
tests/krb5: Add method to check PA-FX-FAST-REPLY
tests/krb5: Add method to verify ticket checksum for FAST
tests/krb5: Check FAST response
tests/krb5: Add functions to get dicts of request padata
tests/krb5: Add methods to determine whether elements were included in the request
tests/krb5: Check encrypted-pa-data
tests/krb5: Add expected_cname_private parameter to kdc_exchange_dict
tests/krb5: Include authdata in kdc_exchange_dict
tests/krb5: Add generate_simple_fast() method to generate FX-FAST padata
tests/krb5: Add check_rep_padata() method to check padata in reply
tests/krb5: Don't expect RC4 in ETYPE-INFO2 for a non-error reply
tests/krb5: Remove unused variables
tests/krb5: Add get_krbtgt_sname() method
tests/krb5: Check sname is krbtgt for FAST generic error
tests/krb5: Check reply FAST padata if request included FAST
tests/krb5: Adjust reply padata checking depending on whether FAST was sent
tests/krb5: Check PADATA-ENCRYPTED-CHALLENGE in reply
tests/krb5: Check PADATA-FX-COOKIE in reply
tests/krb5: Make check_rep_padata() also work for checking TGS replies
tests/krb5: Make generic_check_kdc_error() also work for checking TGS replies
tests/krb5: Check PADATA-PAC-OPTIONS in reply
tests/krb5: Allow generic_check_kdc_error() to check inner FAST errors
tests/krb5: Check PADATA-FX-ERROR in reply
tests/krb5: Add FAST tests
tests/krb5: Make e-data checking less strict
tests/krb5: Make cname checking less strict
CVE-2021-3671 tests/krb5: Add tests for omitting sname in outer request
tests/krb5: Check e-data element for TGS-REP errors without FAST
tests/krb5: Check PADATA-PW-SALT element in e-data
tests/krb5: Add tests for omitting sname in request
tests/krb5: Allow specifying parameters specific to the inner FAST request body
tests/krb5: Allow expected_error_mode to be a container type
Jule Anger (3):
VERSION: Bump version up to Samba 4.13.12...
WHATSNEW: Add release notes for Samba 4.13.12.
VERSION: Disable GIT_SNAPSHOT for the 4.13.12 release.
Luke Howard (2):
CVE-2021-3671 HEIMDAL kdc: validate sname in TGS-REQ
kdc: KRB5KDC_ERR_{C,S}_PRINCIPAL_UNKNOWN if missing field
Martin Schwenke (19):
ctdb-recoverd: Add a helper variable
ctdb-recoverd: Update the local node map before pushing out flags
ctdb-recoverd: Push flags for a node if any remote node disagrees
ctdb-protocol: Add new controls to disable and enable nodes
ctdb-protocol: Add marshalling for controls DISABLE_NODE/ENABLE_NODE
ctdb-daemon: Add a helper variable
ctdb-daemon: Factor out a function to get node structure from PNN
ctdb-daemon: Start as disabled means PERMANENTLY_DISABLED
ctdb_daemon: Implement controls DISABLE_NODE/ENABLE_NODE
ctdb-client: Add client code for disable/enable controls
ctdb-tools: Use disable and enable controls in tool
ctdb-daemon: Correct the condition for logging unchanged flags
ctdb-daemon: Update logging for flag changes
ctdb-daemon: Modernise remaining debug macro in this function
ctdb-daemon: Don't bother sending CTDB_SRVID_SET_NODE_FLAGS
ctdb-recoverd: Mark CTDB_SRVID_SET_NODE_FLAGS obsolete
ctdb-daemon: Simplify ctdb_control_modflags()
ctdb-daemon: Ignore flag changes for disconnected nodes
ctdb-daemon: Don't mark a node as unhealthy when connecting to it
Stefan Metzmacher (16):
auth/credentials: allow credentials.Credentials to act as base class
Rename python/samba/tests/krb5/{rfc4120_pyasn1_regen.sh => pyasn1_regen.sh}
tests/krb5/rfc4120.asn1: Improve definitions to allow expanded testing
tests/krb5/raw_testcase.py: Add get_{client,server,krbtgt}_creds()
tests/krb5/raw_testcase.py: introduce STRICT_CHECKING=0 in order to relax the checks in future
tests/krb5/raw_testcase.py: add assertElement*()
tests/krb5/raw_testcase.py: Allow prettyPrint of more RFC-defined values
tests/krb5/raw_testcase.py: Allow prettyPrint of more MS-KILE-defined values
tests/krb5/raw_testcase.py: split KDC_REQ_BODY_create() from KDC_REQ_create()
tests/krb5/raw_testcase.py: add KERB_PA_PAC_REQUEST_create()
tests/krb5/raw_testcase.py: add methods to iterate over etype permutations
tests/krb5/raw_testcase.py: Add TicketDecryptionKey_from_creds()
tests/krb5/raw_testcase.py: introduce a _generic_kdc_exchange() infrastructure
tests/krb5/as_req_tests.py: add new tests to cover more of the AS-REQ protocol
selftest: run new as_req_tests against fl2008r2dc and fl2003dc
tests/krb5/as_req_tests.py: add simple test_as_req_enc_timestamp test
Volker Lendecke (1):
librpc: Add py_descriptor_richcmp() equality function
-----------------------------------------------------------------------
--
Samba Shared Repository
More information about the samba-cvs
mailing list