15424 – (CVE-2023-4154) CVE-2023-4154 [SECURITY] dirsync allows SYSTEM access with only "GUID_DRS_GET_CHANGES" right, not "GUID_DRS_GET_ALL_CHANGES"

Bug 15424 (CVE-2023-4154) - CVE-2023-4154 [SECURITY] dirsync allows SYSTEM access with only "GUID_DRS_GET_CHANGES" right, not "GUID_DRS_GET_ALL_CHANGES"

Summary: CVE-2023-4154 [SECURITY] dirsync allows SYSTEM access with only "GUID_DRS_GET...

Status:	RESOLVED FIXED

Alias:	CVE-2023-4154

Product:	Samba 4.1 and newer
Classification:	Unclassified
Component:	AD: LDB/DSDB/SAMDB (show other bugs)
Version:	4.18.4
Hardware:	All All

Importance:	P5 normal (vote)
Target Milestone:	---
Assignee:	Jule Anger
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:	15483
	Show dependency tree / graph

Reported:	2023-07-19 05:18 UTC by Andrew Bartlett
Modified:	2023-10-20 09:14 UTC (History)
CC List:	3 users (show)

See Also:

Attachments
initial advisory without CVE number (2.89 KB, text/plain) 2023-08-04 09:15 UTC, Andrew Bartlett	no flags	Details
Updated advisory without CVE (3.20 KB, text/plain) 2023-08-04 09:31 UTC, Andrew Bartlett	no flags	Details
Updated advisory without CVE (v3) (3.33 KB, text/plain) 2023-08-04 09:38 UTC, Andrew Bartlett	no flags	Details
draft patch for this issue (16.80 KB, patch) 2023-08-10 22:20 UTC, Andrew Bartlett	no flags	Details
Patch for master v1 (47.66 KB, patch) 2023-09-03 21:56 UTC, Andrew Bartlett	no flags	Details
Patch for master v2 (50.37 KB, patch) 2023-09-03 23:05 UTC, Andrew Bartlett	no flags	Details
Patch for master v5 (52.29 KB, patch) 2023-09-08 03:25 UTC, Andrew Bartlett	metze: review+ abartlet: ci-passed+	Details
patch in master backported to Samba 4.19 v5 (75.34 KB, patch) 2023-09-08 03:26 UTC, Andrew Bartlett	metze: review+ abartlet: ci-passed+	Details
patch in master backported to Samba 4.18 v5 (118.67 KB, patch) 2023-09-08 03:27 UTC, Andrew Bartlett	metze: review+ abartlet: ci-passed+	Details
patch in master backported to Samba 4.17 v5 (125.25 KB, patch) 2023-09-08 03:28 UTC, Andrew Bartlett	metze: review- abartlet: ci-passed+	Details
Advisory v4 (3.35 KB, text/plain) 2023-09-08 03:30 UTC, Andrew Bartlett	metze: review-	Details
patch in master backported to Samba 4.16 v5 (124.20 KB, patch) 2023-09-11 04:04 UTC, Andrew Bartlett	metze: review-	Details
Patch in master backported to Samba 4.16 (v5.1) (124.23 KB, patch) 2023-09-11 20:36 UTC, Andrew Bartlett	metze: review- abartlet: ci-passed+	Details
Patch in master backported to Samba 4.17 (v5.1) (125.39 KB, patch) 2023-09-11 20:48 UTC, Andrew Bartlett	metze: review+ abartlet: ci-passed+	Details
Updated advisory with CVE (v5) (3.56 KB, text/plain) 2023-09-11 21:03 UTC, Andrew Bartlett	metze: review+	Details
Patch in master backported to Samba 4.16 (v5.2) (124.36 KB, patch) 2023-09-12 20:30 UTC, Andrew Bartlett	metze: review+ abartlet: ci-passed+	Details
Show Obsolete (10) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Andrew Bartlett 2023-07-19 05:18:59 UTC

As foreshadowed in https://bugzilla.samba.org/show_bug.cgi?id=13556 dirsync has multiple potential and real issues.

A recent review shows that a user having GUID_DRS_GET_CHANGES rights, like an RODC, is still given full system privileges, as per GUID_DRS_GET_ALL_CHANGES.

We need to confirm if this really does allow such a user to read passwords. 

Also, the access check looks for a specific error code of LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS, any other error code, such as LDB_ERR_OPERATIONS_ERROR, appears to allow access.

We need to carefully examine, in particular around the intersection of this, bug 13556 and MR https://gitlab.com/samba-team/samba/-/merge_requests/3146

Comment 1 Andrew Bartlett 2023-08-03 21:09:03 UTC

I have shown that Administrators and RODCs can trivially read the krbtgt key. 

CVSS 3.1: AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H (7.2)

Comment 2 Andrew Bartlett 2023-08-04 09:15:10 UTC

Created attachment 18025 [details]
initial advisory without CVE number

Comment 3 Andrew Bartlett 2023-08-04 09:29:58 UTC

In terms of a fix for this, I've looked into a few different options.

One is to have a new control 'dirsync ACL checked', and to check this bypassing the ACL rules, distinct from AS_SYSTEM.

The problem with this is finding and setting all the special cases.

The other option would be to have the attribute redaction happen for all 'untrusted' requests.  However the private/ldapi socket is expected to show passwords and secrets, but is 'untrusted', being LDAP and not being trusted regarding our internal controls (mostly as there is no ABI to their behaviour at all). 

So we can't make the encrypted_secrets module fail to decrypt these, for example, or always redact in acl_read for 'untrusted' searches.

I think the best and simplest solution is to instead create an 'administrator' token in dirsync, as the 'bypass all restrictions' token, this will still see (essentially) all objects but still be limited by the redaction of secrets because it won't shortcut out the top of acl_search().

The main effort remaining this is to write a clear set of tests, particularly to confirm expected behaviour around confidential attributes and attribute filters, just to be very sure we don't have any more trouble here.

Comment 4 Andrew Bartlett 2023-08-04 09:31:06 UTC

Created attachment 18026 [details]
Updated advisory without CVE

I update the advisory to mention the fail-open on the access check.

Comment 5 Andrew Bartlett 2023-08-04 09:38:26 UTC

Created attachment 18027 [details]
Updated advisory without CVE (v3)

Updated to give both CVSS lines for both variants of the issue.

Comment 6 Andrew Bartlett 2023-08-07 04:50:05 UTC

I'm thinking to only implement LDAP_DIRSYNC_OBJECT_SECURITY and not the windows 2000 variant without that.

The reason is, even if we do all the work to check if the account is not reading an object in the filtered attribute set (things an RODC should not send), we still have to redact the filter or else end up back where we started.

We have already seen the difficulty in filtering filters, and chose a safe and well tested approach for those.  We should not be trying to pre-sanitise them in a special case for DirSync. 

Therefore we could ignore the absence of this flag, and most things would work just as they always had.

The DirSync sub-protocol is for the most part about public information, so the full ACL bypass was always a poor design, so it will be much safer and more internally consistent without AS_SYSTEM floating around.  

If a use case exists that needs access to all objects via GUID_DRS_GET_CHANGES they can be given a broad inherited right, or just Administrator access, via the normal (and not a special override) permission.

Comment 9 Andrew Bartlett 2023-08-10 22:20:40 UTC

Created attachment 18040 [details]
draft patch for this issue

Comment 12 Andrew Bartlett 2023-09-03 21:56:05 UTC

Created attachment 18075 [details]
Patch for master v1

This is the patch for master, including extensive tests that show how we match MS behaviour, and where we differ.

In particular we choose only to implement the ACL semantics of OBJECT_SECURITY, we ignore any GET_CHANGES and similar rights at the per-object level (we retain support of the Windows 2000 mode only to match error codes at the start). 

I do this because our ACL handling is just not set up to securely implement the original DirSync semantics, and these are quite unexpected in any case.

(This also matches our restrictive behaviour on GetNCChanges)

Comment 13 Andrew Bartlett 2023-09-03 23:05:49 UTC

Created attachment 18076 [details]
Patch for master v2

Comment 14 Andrew Bartlett 2023-09-03 23:06:56 UTC

Comment on attachment 18076 [details]
Patch for master v2

CI passes on this except for the samba-fips job, which has a persistent unrelated failure.

Comment 15 Jo Sutton 2023-09-03 23:39:08 UTC

Comment on attachment 18076 [details]
Patch for master v2

The first commit disables two tests, namely SimpleDirsyncTests.test_dirsync_deleted_items
and SimpleDirsyncTests.test_dirsync_linkedattributes, by moving into SimpleDirsyncTests two tests with names identical to those mentioned. I suggest renaming one or the other of each conflicting pair.

Comment 16 Andrew Bartlett 2023-09-08 03:25:44 UTC

Created attachment 18084 [details]
Patch for master v5

Comment 17 Andrew Bartlett 2023-09-08 03:26:49 UTC

Created attachment 18085 [details]
patch in master backported to Samba 4.19 v5

Comment 18 Andrew Bartlett 2023-09-08 03:27:20 UTC

Created attachment 18086 [details]
patch in master backported to Samba 4.18 v5

Comment 19 Andrew Bartlett 2023-09-08 03:28:18 UTC

Created attachment 18087 [details]
patch in master backported to Samba 4.17 v5

Comment 20 Andrew Bartlett 2023-09-08 03:30:13 UTC

Created attachment 18088 [details]
Advisory v4

Comment 21 Andrew Bartlett 2023-09-11 04:04:03 UTC

Created attachment 18089 [details]
patch in master backported to Samba 4.16 v5

Comment 22 Stefan Metzmacher 2023-09-11 13:56:01 UTC

Comment on attachment 18087 [details]
patch in master backported to Samba 4.17 v5

The first two commits should also be prefixed with 'CVE-2023-4154: '

Comment 23 Stefan Metzmacher 2023-09-11 13:58:53 UTC

Comment on attachment 18089 [details]
patch in master backported to Samba 4.16 v5

The first two commits should be prefixed with 'CVE-2023-4154: '
and please upload patches matching the commit hash used for the ci-run,
that makes it easier to review via git tools, but just fetching the related
repo

Comment 24 Stefan Metzmacher 2023-09-11 14:03:45 UTC

Comment on attachment 18088 [details]
Advisory v4

This sounds very strange...

..., the access check for this functionality will fail open on error conditions, ...

"will fail open"???

Comment 25 Andrew Bartlett 2023-09-11 19:12:36 UTC

(In reply to Stefan Metzmacher from comment #24)
I'll see if can improve the wording, but yes, an out of memory is considered success in this (now deleted) codepath.  It only restricted on the access denied error.

Comment 26 Andrew Bartlett 2023-09-11 20:36:23 UTC

Created attachment 18090 [details]
Patch in master backported to Samba 4.16 (v5.1)

This patch matches what was in the CI pipeline, the commit messages have been updated.

Comment 27 Andrew Bartlett 2023-09-11 20:48:05 UTC

Created attachment 18091 [details]
Patch in master backported to Samba 4.17 (v5.1)

Comment 28 Andrew Bartlett 2023-09-11 21:03:45 UTC

Created attachment 18092 [details]
Updated advisory with CVE (v5)

I hope this advisory is clearer. 

The one remaining thing I've considered is to have a script like was use in https://bugzilla.samba.org/show_bug.cgi?id=13272 to remove this right.  It might help folks who have no RODCs sleep better. 

I don't know if it is worthwhile or just cause alarm to give info on how to reset secrets etc - if a domain is impacted everything would need to be reset.

Comment 29 Stefan Metzmacher 2023-09-12 10:11:33 UTC

Comment on attachment 18090 [details]
Patch in master backported to Samba 4.16 (v5.1)

You need to upload b5310cff753e8bcbc703dd4900b4fb9349d11d74 instead of a2f53d6c3b3e8878ca0609ad2921102078ff9642 ...

Comment 30 Andrew Bartlett 2023-09-12 20:30:28 UTC

Created attachment 18098 [details]
Patch in master backported to Samba 4.16 (v5.2)

Thank you for your continued vigilance. 

I've confirmed that v5.2 is the same as v5.1 except for extra CVE makers.  5.1 is a2f53d6c3b3e8878ca0609ad2921102078ff9642 and passed CI.

Comment 31 Andrew Bartlett 2023-09-29 03:24:22 UTC

Assigning to Jule for the security release.

Comment 32 Jule Anger 2023-10-02 07:21:57 UTC

Opening security bugs to vendors. Release date is currently proposed to be October 10.

Comment 33 Jule Anger 2023-10-10 14:42:07 UTC

Removing vendor CC (so that any public comments don't need to be broadcast so widely) and opening these bugs to the public.
If you wish to continue to be informed about any changes here please CC individually.

Comment 34 Samba QA Contact 2023-10-10 14:46:56 UTC

This bug was referenced in samba v4-17-stable:

25585fda53fd2b6c2d7e21e7829945b51e984d07
bd5213a918edef9397ef41c1fe93d3d03264a396
e8b68aa5c9ad4ad6fbe11cdfe67d313b41326625
119ff0ef75212d21fea5147cf197ef3e53cca33d
5313a30714889ba96c68a8809a16697f99febb55
d221d0a79022b65df7eecc7b47a859b003345a0f
b4849183a68c35e06f06f5b1ee2539fbfa990b29
10c4b6ea09f70aebf7cc7381e947ac49c559b27a
4cfec08d7ee7dae1bf42528b31b7c65cdd4600d4
22904d2b9dc4c0db5b7642b3dd3f44ac2fbf4247
b59a4266f1b17d9aaf1485b09db15b911b470228
8b1f1c9f90fd66c333ce1effab8ab78165266bd5
68eda471b8f4aeb64bb0e6f2dd72201e47949be7
8de964597772cbbdef8b0fd7cb0d3e71aacd698c
649bccf87ef1ad90c2a7219c59285af30ae7ba03
8a9dac9d4e52713152a085730c5d12462322f760
92a4df11b2dd696f5ba1c283602a6b3435d082ea
4c1f1fe39c6e75a377f46d2f9a60749244c1247a
4e5f060cdc3ca03cc1d6509ee9b9cdc0b24b5ca9
c0d6e6db657135f772fc2b4d1ee8b57bd50a1d54
cbd68f39d5255336ddf1559e46c841f14598d2a8

Comment 35 Samba QA Contact 2023-10-10 14:48:57 UTC

This bug was referenced in samba v4-19-stable:

05c370c4698fc7773bceeaa97595fc0ba131c3b3
937e50b1d67a49ae7cb7ea2216b9264a5c5f53f5
c284a9229c07874a2a24d2b36061945eaef3e8e7
e46a30aa1d2c27eca57a87dfb3195abf98d00b39
e9cbf161261e7818e988c1b391dd31a5dd5e10f8
1eca806c13f250b21e6a3dd4579903d84c608b3f
f70bdb46f85b5c721e0835766d2ce4a56175b3cb
56c13448d21555fde2d7e6e2903e4ef1c487f352
72248a51335d24d715fd31cf19e3de194a60ece1

Comment 36 Samba QA Contact 2023-10-10 14:49:07 UTC

This bug was referenced in samba v4-18-stable:

fbc27662712aba02c8c99346f21d26df05d16232
d1e0ee0ba7f4ab76d8a438f9fd862474f2c970c6
13eac83bc6ef57172dc6fefbb89fafdb55791af4
563b7a566721ba4a4355b4915133c1b042ae76dc
39707a06cc562c154788328cdd60834a6920016f
f29255affdfed72916114da6200d0ab517d25bf2
b56849aa64b64d1991a60ee50bae53e5569d1ceb
571d3bf48ee095dd3aca6dfd19d52854688827fc
c896afcaf2f0027bc495155317666bd3bfe0a84d
939f243222e45f37f27db96bdd1502958b6e9c6c
9dade2ab67fedacf047047d2a7634945b8ee83d3
2cff332edb5516656c047483245cc14e836c68ab
ee3ac4fb9af7fd9007a4bca30977a89fc2b6de45
029c47f2a4002a25a8a1f93698f3675f3d06df78
5dc5062ba28037a0a67de7887925da4726112b04
9499526ba8e3f96843bc378ba52d4adf18dbaf3a
84dcfc3b40fe9bdda61aea9942bffbd48b681643
6925e6b6051bc3e1bbac9f17fa3e29c66b956883
23c5300d0990129edd29328bfbbd86b9e24deb86

Comment 37 Samba QA Contact 2023-10-10 15:01:21 UTC

This bug was referenced in samba v4-17-stable:

8c0be1d17a5f4e700fe38b5f58d1caa359e8c383
d7034c4194a2cec0a88870ea3c7709d2a323653a
bea7fd5eadccb670d3cfc233fd5cbc6c80d5cf95
38d62aa3b2b202d2080b8814f6d9acd8bf99f226
76091f35016bd6e642237973981b1c88a9e44062
c7fba7218cd2c271e53268fc857e206aec4f98d7
60baeea804aeaf9a2ea618d14985a9b7560e03a7
d038ac36c13b5eb8f17491c9c066d3111a8f7d79
ebd421306e7b1ec37e7a477937d04a27de838cff
92cf3328a00cacb07fe7c6b7abf5335dc8235e86
2c7710bd5bc979d5fa601d2ee841592694bb14df
3c34a51da12c4b1fb446f9a384ff57cdc6019632
3de5d8a01163bfa70464d7532069ed467e4ffd10
d7ab8d4c2ea390d4d4f9be55f7072fa875457721
23b867c70bd995ca6eedcf0b72a24c043e8e7fb0
c18f819f8ce285e014cfb51279e144eb4d141d9e
e0cec7f7908ecbdd6a2d9785352279416cae1ece
d30349ac4cfa27c5950c54b7c083cb2c53300a0f
b586f8cc9c797b3dd89d32d12921e2820dbcf1ce
4c897f5b8542ad29b51ffc9eb219fcb9eaf7754b
8f87277b4e926035d825e81c4f8381d917e9d229

Comment 38 Samba QA Contact 2023-10-10 15:07:44 UTC

This bug was referenced in samba v4-19-stable:

52c633afa885388094e97b90d782db232f939b2f
c04ec1a2f7c7f32b8eefcbd2b81786406cc52e05
b398d8af51b208cdf4c10eaae754e3e6b2a7432f
ad11a8718066542593d246d3f03c1008290dc2f3
f7d30cf9df499aa4cef0f8575f97116186e357e0
93424793e594fe34ad36ab58ae2ef878798e085c
c443a222ba7eb8ca7d633ff9104b0586faa85cb3
b55e2c328cdd8de9ba6044ddb25d2a5ebcafb800
1b321f4424ab677a812bf0953bbdae6bebc3c377

Comment 39 Samba QA Contact 2023-10-10 15:08:20 UTC

This bug was referenced in samba v4-18-stable:

582f4f2e844d95e48444d2b98c7397cac32ad6d4
5ca0ee6f111e63ef92bbb8fc94b81a08b490854f
e8df1a60866651678ce99d730f6a5e4bcc671b1d
704fadfb60e74bbaee41f0e37415c1f31734fb34
b65b141ed7572503fc896b5efd46b3a48ef847d1
8ebcfe5599c5540da2fdd161d5108275d22c959e
8a2b11fda30eef3883bbe9ea538dae6f68216fd9
217b30b05e24b66a427d9cc605141f917b88745c
da9bdf36c357826f4dd25cf1121dfdbba3ed1dd2
7ebf51dd8b57b5932bb6f923d513e3f84c653567
570e892a0e811b1c90b7fe6b065b16591d38f7ee
8ad21108f88be4fcabc1919757eed2ed06c06fba
87ff4f57bf7a1980f2f6299115e35ab12483a150
23031057e8626e61994bf833226c196e0d966e63
3e7bdcd0e488fe0788ca537ca9894f0c4fda6be6
ebc2796a029b4dbe803457db0de9e999d1203460
9d249db44c7c8feb1c4e8719739a5cee60b25842
e691257c61813f2cf9513d149ba82b021ec824ee
4b3da3a97d1cbfd17a4eef466eb3bc1fc4887a34

Comment 40 Samba QA Contact 2023-10-10 15:18:22 UTC

This bug was referenced in samba v4-17-test:

25585fda53fd2b6c2d7e21e7829945b51e984d07
bd5213a918edef9397ef41c1fe93d3d03264a396
e8b68aa5c9ad4ad6fbe11cdfe67d313b41326625
119ff0ef75212d21fea5147cf197ef3e53cca33d
5313a30714889ba96c68a8809a16697f99febb55
d221d0a79022b65df7eecc7b47a859b003345a0f
b4849183a68c35e06f06f5b1ee2539fbfa990b29
10c4b6ea09f70aebf7cc7381e947ac49c559b27a
4cfec08d7ee7dae1bf42528b31b7c65cdd4600d4
22904d2b9dc4c0db5b7642b3dd3f44ac2fbf4247
b59a4266f1b17d9aaf1485b09db15b911b470228
8b1f1c9f90fd66c333ce1effab8ab78165266bd5
68eda471b8f4aeb64bb0e6f2dd72201e47949be7
8de964597772cbbdef8b0fd7cb0d3e71aacd698c
649bccf87ef1ad90c2a7219c59285af30ae7ba03
8a9dac9d4e52713152a085730c5d12462322f760
92a4df11b2dd696f5ba1c283602a6b3435d082ea
4c1f1fe39c6e75a377f46d2f9a60749244c1247a
4e5f060cdc3ca03cc1d6509ee9b9cdc0b24b5ca9
c0d6e6db657135f772fc2b4d1ee8b57bd50a1d54
cbd68f39d5255336ddf1559e46c841f14598d2a8
8c0be1d17a5f4e700fe38b5f58d1caa359e8c383
d7034c4194a2cec0a88870ea3c7709d2a323653a
bea7fd5eadccb670d3cfc233fd5cbc6c80d5cf95
38d62aa3b2b202d2080b8814f6d9acd8bf99f226
76091f35016bd6e642237973981b1c88a9e44062
c7fba7218cd2c271e53268fc857e206aec4f98d7
60baeea804aeaf9a2ea618d14985a9b7560e03a7
d038ac36c13b5eb8f17491c9c066d3111a8f7d79
ebd421306e7b1ec37e7a477937d04a27de838cff
92cf3328a00cacb07fe7c6b7abf5335dc8235e86
2c7710bd5bc979d5fa601d2ee841592694bb14df
3c34a51da12c4b1fb446f9a384ff57cdc6019632
3de5d8a01163bfa70464d7532069ed467e4ffd10
d7ab8d4c2ea390d4d4f9be55f7072fa875457721
23b867c70bd995ca6eedcf0b72a24c043e8e7fb0
c18f819f8ce285e014cfb51279e144eb4d141d9e
e0cec7f7908ecbdd6a2d9785352279416cae1ece
d30349ac4cfa27c5950c54b7c083cb2c53300a0f
b586f8cc9c797b3dd89d32d12921e2820dbcf1ce
4c897f5b8542ad29b51ffc9eb219fcb9eaf7754b
8f87277b4e926035d825e81c4f8381d917e9d229

Comment 41 Samba QA Contact 2023-10-10 15:28:29 UTC

This bug was referenced in samba v4-18-test:

fbc27662712aba02c8c99346f21d26df05d16232
d1e0ee0ba7f4ab76d8a438f9fd862474f2c970c6
13eac83bc6ef57172dc6fefbb89fafdb55791af4
563b7a566721ba4a4355b4915133c1b042ae76dc
39707a06cc562c154788328cdd60834a6920016f
f29255affdfed72916114da6200d0ab517d25bf2
b56849aa64b64d1991a60ee50bae53e5569d1ceb
571d3bf48ee095dd3aca6dfd19d52854688827fc
c896afcaf2f0027bc495155317666bd3bfe0a84d
939f243222e45f37f27db96bdd1502958b6e9c6c
9dade2ab67fedacf047047d2a7634945b8ee83d3
2cff332edb5516656c047483245cc14e836c68ab
ee3ac4fb9af7fd9007a4bca30977a89fc2b6de45
029c47f2a4002a25a8a1f93698f3675f3d06df78
5dc5062ba28037a0a67de7887925da4726112b04
9499526ba8e3f96843bc378ba52d4adf18dbaf3a
84dcfc3b40fe9bdda61aea9942bffbd48b681643
6925e6b6051bc3e1bbac9f17fa3e29c66b956883
23c5300d0990129edd29328bfbbd86b9e24deb86
582f4f2e844d95e48444d2b98c7397cac32ad6d4
5ca0ee6f111e63ef92bbb8fc94b81a08b490854f
e8df1a60866651678ce99d730f6a5e4bcc671b1d
704fadfb60e74bbaee41f0e37415c1f31734fb34
b65b141ed7572503fc896b5efd46b3a48ef847d1
8ebcfe5599c5540da2fdd161d5108275d22c959e
8a2b11fda30eef3883bbe9ea538dae6f68216fd9
217b30b05e24b66a427d9cc605141f917b88745c
da9bdf36c357826f4dd25cf1121dfdbba3ed1dd2
7ebf51dd8b57b5932bb6f923d513e3f84c653567
570e892a0e811b1c90b7fe6b065b16591d38f7ee
8ad21108f88be4fcabc1919757eed2ed06c06fba
87ff4f57bf7a1980f2f6299115e35ab12483a150
23031057e8626e61994bf833226c196e0d966e63
3e7bdcd0e488fe0788ca537ca9894f0c4fda6be6
ebc2796a029b4dbe803457db0de9e999d1203460
9d249db44c7c8feb1c4e8719739a5cee60b25842
e691257c61813f2cf9513d149ba82b021ec824ee
4b3da3a97d1cbfd17a4eef466eb3bc1fc4887a34

Comment 42 Samba QA Contact 2023-10-10 15:48:04 UTC

This bug was referenced in samba master:

6578a65ed7bb8740671a10e2fcf36c48fd524c07
07d2b28fb3585c4d5366b0a8ddac9cd299aadf92
b644bb066509b4890b6e1db48160960835f53bac
76b8d3edce1f4e1a3da725b72ebc5b9508d9a120
d4a71fbece8693c8522c429f462cecfb18b607a4
0a79ed2c0b1315986b33cf3dac81f9206d4b6e1e
d3d83a8f2e5367c7cb6cbb0c04ccd6e6e6d24236
cfeb9fe50e4b76063a3cddebd4190f420f1c4aca

Comment 43 Samba QA Contact 2023-10-10 15:59:35 UTC

This bug was referenced in samba v4-19-test:

05c370c4698fc7773bceeaa97595fc0ba131c3b3
937e50b1d67a49ae7cb7ea2216b9264a5c5f53f5
c284a9229c07874a2a24d2b36061945eaef3e8e7
e46a30aa1d2c27eca57a87dfb3195abf98d00b39
e9cbf161261e7818e988c1b391dd31a5dd5e10f8
1eca806c13f250b21e6a3dd4579903d84c608b3f
f70bdb46f85b5c721e0835766d2ce4a56175b3cb
56c13448d21555fde2d7e6e2903e4ef1c487f352
72248a51335d24d715fd31cf19e3de194a60ece1
52c633afa885388094e97b90d782db232f939b2f
c04ec1a2f7c7f32b8eefcbd2b81786406cc52e05
b398d8af51b208cdf4c10eaae754e3e6b2a7432f
ad11a8718066542593d246d3f03c1008290dc2f3
f7d30cf9df499aa4cef0f8575f97116186e357e0
93424793e594fe34ad36ab58ae2ef878798e085c
c443a222ba7eb8ca7d633ff9104b0586faa85cb3
b55e2c328cdd8de9ba6044ddb25d2a5ebcafb800
1b321f4424ab677a812bf0953bbdae6bebc3c377

Comment 44 Jule Anger 2023-10-20 09:14:24 UTC

Pushed to all branches.
Closing out bug report.
Thanks!