The Samba-Bugzilla – Attachment 17222 Details for
Bug 15017
Update WHATSNEW for 4.16 to announce deprecated protocols and Heimdal 8.0pre import
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
WHATSNEW upate with rewritten wording (squashed) v5
whatsnew.patch (text/plain), 6.61 KB, created by
Andrew Bartlett
on 2022-03-16 22:21:11 UTC
(
hide
)
Description:
WHATSNEW upate with rewritten wording (squashed) v5
Filename:
MIME Type:
Creator:
Andrew Bartlett
Created:
2022-03-16 22:21:11 UTC
Size:
6.61 KB
patch
obsolete
>From 21773451724bf3d4a5a522672b605ffa90245933 Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Thu, 17 Mar 2022 07:53:37 +1300 >Subject: [PATCH 1/2] WHATSNEW: older SMB1 command removal/simpliciation and > deprecation > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >--- > WHATSNEW.txt | 78 ++++++++++++++++++++++++++++++++++++++++++---------- > 1 file changed, 63 insertions(+), 15 deletions(-) > >diff --git a/WHATSNEW.txt b/WHATSNEW.txt >index 83d77b5c028..c29001f0bb2 100644 >--- a/WHATSNEW.txt >+++ b/WHATSNEW.txt >@@ -135,21 +135,69 @@ CTDB changes > REMOVED FEATURES > ================ > >-SMB1 CORE and LANMAN1 protocol wildcard copy, unlink and rename removed >-======================================================================= >- >-In preparation for the removal of the SMB1 server, the unused >-SMB1 command SMB_COM_COPY (SMB1 command number 0x29) has been >-removed from the Samba smbd server. In addition, the ability >-to process file name wildcards in requests using the SMB1 commands >-SMB_COM_COPY (SMB1 command number 0x2A), SMB_COM_RENAME (SMB1 command >-number 0x7), SMB_COM_NT_RENAME (SMB1 command number 0xA5) and >-SMB_COM_DELETE (SMB1 command number 0x6) have been removed. >- >-This only affects clients using MS-DOS based versions of >-SMB1, the last release of which was Windows 98. Users requiring >-support for these features will need to use older versions >-of Samba. >+Older SMB1 protocol SMBCopy command removed >+------------------------------------------- >+ >+SMB is a nearly 30-year old protocol, and some protocol commands that >+while supported in all versions, have not seen widespread use. >+ >+One of those is SMBCopy, a feature for a server-side copy of a file. >+This feature has been so unmaintained that Samba has no testsuite for >+it. >+ >+The SMB1 command SMB_COM_COPY (SMB1 command number 0x29) was >+introduced in the LAN Manager 1.0 dialect and it was rendered obsolete >+in the NT LAN Manager dialect. >+ >+Therefore it has been removed from the Samba smbd server. >+ >+We do note that a fully supported and tested server-side copy is >+present in SMB2, and can be accessed with "scopy" subcommand in >+smbclient) >+ >+SMB1 server-side wildcard expansion removed >+------------------------------------------- >+ >+Server-side wildcard expansion is another feature that sounds useful, >+but is also rarely used and has become problematic - imposing extra >+work on the server (both in terms of code and CPU time). >+ >+In actual OS design, wildcard expansion is handled in the local shell, >+not at the remote server using SMB wildcard syntax (which is not shell >+syntax). >+ >+In Samba 4.16 the ability to process file name wildcards in requests >+using the SMB1 commands SMB_COM_RENAME (SMB1 command number 0x7), >+SMB_COM_NT_RENAME (SMB1 command number 0xA5) and SMB_COM_DELETE (SMB1 >+command number 0x6) has been removed. >+ >+SMB1 protocol has been deprecated, particularly older dialects >+-------------------------------------------------------------- >+ >+We take this opportunity to remind that we have deprecated and >+disabled by default, but not removed, the whole SMB1 protocol since >+Samba 4.11. If needed for security purposes or code maintenance we >+will continue to remove older protocol commands and dialects that are >+unused or have been replaced in more modern SMB1 versions. >+ >+We specifically deprecate the older dialects older than "NT LM 0.12" >+(also known as "NT LANMAN 1.0" and "NT1"). >+ >+Please note that "NT LM 0.12" is the dialect used by software as old >+as Windows 95, Windows NT and Samba 2.0, so this deprecation applies >+to DOS and similar era clients. >+ >+We do reassure that that 'simple' operation of older clients than >+these (eg DOS) will, while untested, continue for the near future, our >+purpose is not to cripple use of Samba in unique situations, but to >+reduce the maintaince burden. >+ >+Eventually SMB1 as a whole will be removed, but no broader change is >+announced for 4.16. >+ >+In the rare case where the above changes cause incompatibilities, >+users requiring support for these features will need to use older >+versions of Samba. > > No longer using Linux mandatory locks for sharemodes > ==================================================== >-- >2.25.1 > > >From 1a386762d5be7c39be798275feed8d5d0b45b24b Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Wed, 16 Mar 2022 12:53:47 +1300 >Subject: [PATCH 2/2] WHATSNEW for Heimdal upgrade > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >--- > WHATSNEW.txt | 41 +++++++++++++++++++++++++++++++++++++++++ > 1 file changed, 41 insertions(+) > >diff --git a/WHATSNEW.txt b/WHATSNEW.txt >index c29001f0bb2..e540ad81aeb 100644 >--- a/WHATSNEW.txt >+++ b/WHATSNEW.txt >@@ -52,6 +52,47 @@ samba-dcerpcd can also be useful for use outside of the Samba > framework, for example, use with the Linux kernel SMB2 server ksmbd or > possibly other SMB2 server implementations. > >+Heimdal-8.0pre used for Samba Internal Kerberos, adds FAST support >+------------------------------------------------------------------ >+ >+Samba has since Samba 4.0 included a snapshot of the Heimdal Kerberos >+implementation. This snapshot has now been updated and will closely >+match what will be released as Heimdal 8.0 shortly. >+ >+This is a major update, previously we used a snapshot of Heimdal from >+2011, and brings important new Kerberos security features such as >+Kerberos request armoring, known as FAST. This tunnels ticket >+requests and replies that might be encrypted with a weak password >+inside a wrapper built with a stronger password, say from a machine >+account. >+ >+In Heimdal and MIT modes Samba's KDC now supports FAST, for the >+support of non-Windows clients. Samba's winbindd will use it to >+protect logins from pam_winbind for example. >+ >+Windows clients will not use this feature however, as they do not >+attempt to do so against a server not advertising domain Functional >+Level 2012. Samba users are of course free to modify how Samba >+advertises itself, but use with Windows clients is not supported "out >+of the box". >+ >+Finally, Samba also uses a per-KDC, not per-realm 'cookie' to secure part of >+the FAST protocol. A future version will align this more closely with >+Microsoft AD behaviour. >+ >+If FAST needs to be disabled on your Samba KDC, set >+ >+ kdc enable fast = no >+ >+in the smb.conf. >+ >+The Samba project wishes to thank the numerous developers who have put >+in a massive effort to make this possible over many years. In >+particular we thank Stefan Metzmacher, Joseph Sutton, Gary Lockyer, >+Isaac Boukris and Andrew Bartlett. Samba's developers in turn thank >+their employers and in turn their customers who have supported this >+effort over many years. >+ > Certificate Auto Enrollment > --------------------------- > >-- >2.25.1 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=17222">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Flags:
jra
:
review+
metze
:
review-
Actions:
View
Attachments on
bug 15017
:
17214
|
17215
|
17218
|
17219
|
17221
| 17222