The Samba-Bugzilla – Attachment 17215 Details for
Bug 15017
Update WHATSNEW for 4.16 to announce deprecated protocols and Heimdal 8.0pre import
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
WHATSNEW upate with rewritten wording
whatsnew.patch (text/plain), 8.42 KB, created by
Andrew Bartlett
on 2022-03-16 00:32:53 UTC
(
hide
)
Description:
WHATSNEW upate with rewritten wording
Filename:
MIME Type:
Creator:
Andrew Bartlett
Created:
2022-03-16 00:32:53 UTC
Size:
8.42 KB
patch
obsolete
>From ddd13e1f958eb1026783905c002726e897d72837 Mon Sep 17 00:00:00 2001 >From: Bjoern Jacke <bjacke@samba.org> >Date: Mon, 14 Mar 2022 15:10:03 +0000 >Subject: [PATCH 1/3] WHATSNEW: declare CORE and LANMAN protocol as unsupported > >Signed-off-by: Bjoern Jacke <bjacke@samba.org> >--- > WHATSNEW.txt | 11 ++++++++--- > 1 file changed, 8 insertions(+), 3 deletions(-) > >diff --git a/WHATSNEW.txt b/WHATSNEW.txt >index 83d77b5c028..5bce14b80a0 100644 >--- a/WHATSNEW.txt >+++ b/WHATSNEW.txt >@@ -135,10 +135,10 @@ CTDB changes > REMOVED FEATURES > ================ > >-SMB1 CORE and LANMAN1 protocol wildcard copy, unlink and rename removed >-======================================================================= >+SMB1 CORE and LANMAN1 protocol oficially unsupported >+==================================================== > >-In preparation for the removal of the SMB1 server, the unused >+While the CORE and LANMAN1 protocols have not been fully removed yet, the > SMB1 command SMB_COM_COPY (SMB1 command number 0x29) has been > removed from the Samba smbd server. In addition, the ability > to process file name wildcards in requests using the SMB1 commands >@@ -146,6 +146,11 @@ SMB_COM_COPY (SMB1 command number 0x2A), SMB_COM_RENAME (SMB1 command > number 0x7), SMB_COM_NT_RENAME (SMB1 command number 0xA5) and > SMB_COM_DELETE (SMB1 command number 0x6) have been removed. > >+Even if your CORE/LANMAN1 clients seem to keep working, you might run into >+problems at a later point due to the removal of above mentioned commands. >+For that reason we decided to officially declare those protocols as >+unsupported starting with Samba 4.16.0 >+ > This only affects clients using MS-DOS based versions of > SMB1, the last release of which was Windows 98. Users requiring > support for these features will need to use older versions >-- >2.25.1 > > >From 55bb4aa3781fa09dd0b3cdd8d94f3fb34f2867c0 Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Wed, 16 Mar 2022 12:15:21 +1300 >Subject: [PATCH 2/3] WHATSNEW: Rewrite older command removal/simpliciation and > deprecation > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >--- > WHATSNEW.txt | 77 +++++++++++++++++++++++++++++++++++++++------------- > 1 file changed, 58 insertions(+), 19 deletions(-) > >diff --git a/WHATSNEW.txt b/WHATSNEW.txt >index 5bce14b80a0..3475f3717b0 100644 >--- a/WHATSNEW.txt >+++ b/WHATSNEW.txt >@@ -135,26 +135,65 @@ CTDB changes > REMOVED FEATURES > ================ > >-SMB1 CORE and LANMAN1 protocol oficially unsupported >-==================================================== >+Older SMB1 protocol SMBCopy command removed >+------------------------------------------- >+ >+SMB is a nearly 30-year old protocol, and some protocol commands that >+while supported in all versions, have not seen widespread use. >+ >+One of those in SMBCopy, a feature for a server-side copy of a file. >+This feature has been so unmaintained that Samba has no testsuite for >+it. >+ >+The SMB1 command SMB_COM_COPY (SMB1 command number 0x29) was >+introduced in the LAN Manager 1.0 dialect and it was rendered obsolete >+in the NT LAN Manager dialect. >+ >+Therefore it has been removed from the Samba smbd server. >+ >+We do note that a fully supported and tested server-side copy is >+present in SMB2, and can be accessed with "scopy" subcommand in >+smbclient) >+ >+SMB1 server-side wildcard expansion removed >+------------------------------------------- >+ >+Server-side wildcard expansion is another feature that sounds useful, >+but is also rarely used and has become problematic - imposing extra >+work on the server (both in terms of code and CPU time). >+ >+In actual OS design, wildcard expansion is handled in the local shell, >+not at the remote server using SMB wildcard syntax (which is not shell >+syntax). >+ >+In Samba 4.16 the ability to process file name wildcards in requests >+using the SMB1 commands SMB_COM_RENAME (SMB1 command number 0x7), >+SMB_COM_NT_RENAME (SMB1 command number 0xA5) and SMB_COM_DELETE (SMB1 >+command number 0x6) has been removed. >+ >+SMB1 protocol has been deprecated, particularly older dialects >+-------------------------------------------------------------- >+ >+We take this opportunity to remind that we have deprecated and >+disabled by default, but not removed, the whole SMB1 protocol since >+Samba 4.11. We make a warning that we will continue to remove older >+protocol commands and dialects that are unused or replaced in more >+modern commands SMB1 versions. >+ >+We specifically deprecate the older dialects before NT LM 0.12, as >+used by software as old as Windows 95, Windows NT and Samba. >+ >+We do reassure that that 'simple' operation of older clients than >+these (eg DOS) will, while untested, continue for the near future, our >+purpose is not to cripple use of Samba in unique situations, but to >+reduce the maintaince burden. >+ >+Eventually SMB1 as a whole will be removed, but no broader change is >+announced for 4.16. > >-While the CORE and LANMAN1 protocols have not been fully removed yet, the >-SMB1 command SMB_COM_COPY (SMB1 command number 0x29) has been >-removed from the Samba smbd server. In addition, the ability >-to process file name wildcards in requests using the SMB1 commands >-SMB_COM_COPY (SMB1 command number 0x2A), SMB_COM_RENAME (SMB1 command >-number 0x7), SMB_COM_NT_RENAME (SMB1 command number 0xA5) and >-SMB_COM_DELETE (SMB1 command number 0x6) have been removed. >- >-Even if your CORE/LANMAN1 clients seem to keep working, you might run into >-problems at a later point due to the removal of above mentioned commands. >-For that reason we decided to officially declare those protocols as >-unsupported starting with Samba 4.16.0 >- >-This only affects clients using MS-DOS based versions of >-SMB1, the last release of which was Windows 98. Users requiring >-support for these features will need to use older versions >-of Samba. >+In the rare case where the above changes cause incompatibilities, >+users requiring support for these features will need to use older >+versions of Samba. > > No longer using Linux mandatory locks for sharemodes > ==================================================== >-- >2.25.1 > > >From c6a5779c78f17d3de52857a5b1972042fb31ce51 Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Wed, 16 Mar 2022 12:53:47 +1300 >Subject: [PATCH 3/3] WHATSNEW for Heimdal upgrade > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >--- > WHATSNEW.txt | 41 +++++++++++++++++++++++++++++++++++++++++ > 1 file changed, 41 insertions(+) > >diff --git a/WHATSNEW.txt b/WHATSNEW.txt >index 3475f3717b0..8bd47bfb66b 100644 >--- a/WHATSNEW.txt >+++ b/WHATSNEW.txt >@@ -52,6 +52,47 @@ samba-dcerpcd can also be useful for use outside of the Samba > framework, for example, use with the Linux kernel SMB2 server ksmbd or > possibly other SMB2 server implementations. > >+Heimdal-8.0pre used for Samba Internal Kerberos, adds FAST support >+------------------------------------------------------------------ >+ >+Samba has since Samba 4.0 included a snapshot of the Heimdal Kerberos >+implementation. This snapshot has now been updated and will closely >+match what will be released as Heimdal 8.0 shortly. >+ >+This is a major update, previously we used a snapshot of Heimdal from >+2011, and brings important new Kerberos security features such as >+Kerberos request armoring, known as FAST. This tunnels ticket >+requests and replies that might be encrypted with a weak password >+inside a wrapper built with a stronger password, say from a machine >+account. >+ >+In Heimdal and MIT modes Samba's KDC now supports FAST, for the >+support of non-Windows clients. Samba's winbindd will use it to >+protect logins from pam_winbind for example. >+ >+Windows clients will not use this feature however, as they do not >+attempt to do so against a server not advertising domain Functional >+Level 2012. Samba users are of course free to modify how Samba >+advertises itself, but use with Windows clients is not supported "out >+of the box". >+ >+Finally, Samba also uses a per-KDC, not per-realm 'cookie' to secure part of >+the FAST protocol. A future version will align this more closely with >+Microsoft AD behaviour. >+ >+If FAST needs to be disabled on your Samba KDC, set >+ >+ kdc enable fast = no >+ >+in the smb.conf. >+ >+The Samba project wishes to thank the numerous developers who have put >+in a massive effort to make this possible over many years. In >+particular we thank Stefan Metzmacher, Joseph Sutton, Gary Lockyer, >+Isaac Boukris and Andrew Bartlett. Samba's developers in turn thank >+their employers and in turn their customers who have supported this >+effort over many years. >+ > Certificate Auto Enrollment > --------------------------- > >-- >2.25.1 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=17215">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 15017
:
17214
|
17215
|
17218
|
17219
|
17221
|
17222