Bug 15425 - NetrGetLogonCapabilities QueryLevel 2 needs to be implemented
Summary: NetrGetLogonCapabilities QueryLevel 2 needs to be implemented
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: AD: LDB/DSDB/SAMDB (show other bugs)
Version: 4.18.4
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Jule Anger
QA Contact: Samba QA Contact
URL: https://gitlab.com/samba-team/samba/-...
Keywords:
Depends on:
Blocks:
 
Reported: 2023-07-19 05:36 UTC by Andrew Bartlett
Modified: 2024-11-28 13:54 UTC (History)
10 users (show)

See Also:


Attachments
WIP patches for master (38.42 KB, text/plain)
2023-07-19 19:21 UTC, Stefan Metzmacher
no flags Details
Patches for v4-21-test (without removing unused stuff) (260.38 KB, text/plain)
2024-11-04 11:11 UTC, Stefan Metzmacher
metze: review-
Details
Patches for v4-20-test (without removing unused stuff) (260.44 KB, text/plain)
2024-11-04 11:12 UTC, Stefan Metzmacher
dbagnall: review-
Details
Patches for v4-20-test (without removing unused stuff) (264.48 KB, text/plain)
2024-11-06 11:58 UTC, Stefan Metzmacher
no flags Details
Patches for v4-21-test (without removing unused stuff) (264.55 KB, text/plain)
2024-11-07 09:30 UTC, Stefan Metzmacher
dbagnall: review+
metze: review? (slow)
Details
Patches for v4-20-test (without removing unused stuff) (268.64 KB, text/plain)
2024-11-07 09:33 UTC, Stefan Metzmacher
dbagnall: review+
metze: review? (slow)
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Andrew Bartlett 2023-07-19 05:36:53 UTC
KB5028166 has caused some disruption in the Samba community, and we are assured that an updated MS-NRPC will be published soon.

The new level 2 will document the exact behaviour, but for this to have been rushed out in a security release it will have mattered.  (The failure against Samba was clearly not intentional).
Comment 2 Stefan Metzmacher 2023-07-19 19:21:10 UTC
Created attachment 17989 [details]
WIP patches for master
Comment 3 Michael Saxl 2023-07-20 08:09:46 UTC
I like the fact that you check for 
NT_STATUS_EQUAL(status, NT_STATUS_RPC_BAD_STUB_DATA) 
and set the result to NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE (is that the same as INVALID?)

but as you noted later, the sequence will be out of sync since a patched server will not call dcesrv_netr_creds_server_step_check whereas a not patched will (but is unable to return return_authenticator).

Don't know if there is a way to make this compatible with both patched/windows and not patched samba..
Comment 4 Stefan Metzmacher 2023-07-20 08:17:41 UTC
(In reply to Michael Saxl from comment #3)

It is compatible with patched/unpatched Windows/Samba.

notice the state->tmp_creds = *state->creds and *state->creds = state->tmp_creds, which allows us rollback when step function
was not called on the server.
Comment 5 Stefan Metzmacher 2023-07-20 08:18:29 UTC
(In reply to Michael Saxl from comment #3)

NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE is mapped from DCERPC_NCA_S_FAULT_INVALID_TAG
Comment 6 Stefan Metzmacher 2023-07-20 08:19:34 UTC
(In reply to Stefan Metzmacher from comment #5)

Oh, NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE is wrong, it
should be NT_STATUS_RPC_ENUM_VALUE_OUT_OF_RANGE
Comment 7 Stefan Metzmacher 2023-07-20 08:28:36 UTC
Comment on attachment 17989 [details]
WIP patches for master

See https://gitlab.com/samba-team/samba/-/merge_requests/3189 for the latest version of patches
Comment 8 Michael Saxl 2023-07-20 08:41:51 UTC
(In reply to Stefan Metzmacher from comment #4)

but how do you decide if you rollback?
The intended way is to rollback since a patched samba/windows will not step, but samba unpatched will.

I'm quite dumb at the specifics but as far as I read you make the step if all succeeds with
*state->creds = state->tmp_creds;

else a rollback is done.

What happens if the server side does the step (as far as I understood the unpatched server will)?
Comment 10 Douglas Bagnall 2023-11-28 23:38:32 UTC
I will work on this, unless someone else is well underway.
Comment 11 Stefan Metzmacher 2024-09-06 16:04:28 UTC
(In reply to Douglas Bagnall from comment #10)

I'm working on it again
Comment 12 Douglas Bagnall 2024-09-07 01:07:20 UTC
(In reply to Stefan Metzmacher from comment #11)
good, thanks.
Comment 13 Samba QA Contact 2024-10-31 00:24:04 UTC
This bug was referenced in samba master:

36310650ee7a64603128139f512d3a4e039f8822
3dcbc8eea5bc53a8332b3ad93ea4c3df99af7830
b27661f832cc4c56cc582cf7041d90f178736ef7
e5bc5ee3e04138b10c0630640469a08fad847e56
a0bc372dee68ad255da005d2e2078da754bbef2a
86176598eee4c83dc63a9dac163f32c886477129
cf0e07a3d2a085d31f7d682633af9ec57c155e57
69cb9aea67de0613f467f7ce2d460364ff2be241
a9040c8ce76cb9911c4c0c5d623cc479e49f460d
3da40f1c6818550eb08a6d7d680c213c3f1d0649
276137e950696fbf36450dceebd6c0250c6242d0
25a2105ca7816c47a9c4a7fded88a922e4ccf88b
24de5d1cbd25fabae6b01565907b53f5e51ea06d
69b0cbd13d06fa640a900acab6757425b5b77cac
25294685b1c2c8652f0ca0220e8f3729e0b347e2
0b6ac4b082ddec5dae1392537727f3a7123ec279
d174b6595a962230bf71cc5c2f512a2c93a4cc1b
7f478656dcf08619bc3a7ad390c7db3bfdef924e
c9eaf5e22de730f1e7575f6697f32dbb377eae06
eda3728a4079c5399f693b1d68e64e5660647c72
2e8949495f601d3fd117cceccd1b464a6ae43251
c2ef866fca296c8f3eb1620fdd2bb9bf289d96fc
518f57b93bdb84900d3b58cd94bdf1046f82a5a6
453587fbc1ef74a3b997235e84040553261fa13e
88a84d9330d2bb03176f888a0d8e5066e1e21bf6
4533afc9e12c4dbbc7d11c13e775888c113d497c
a9308c490cb5ec8908a3e4c13e2ce8a08b9027e9
dfbc5e5a19420311eac3db5ede1c665a9198395d
484a046d8e179a3b21ead8b5bc3660095314e816
fd4b027511b18615e215b66183f95b54bcab683e
498fc88c155b57a0de6150c3b1e3cfcac181d45b
8b972fea0978101575f847eac33b09d2fd8d02e7
17394ed7bbf8fa50570a5732f1ce84ccd5e69393
3792fe372884aad6ea2893f2e62629dd1cddc129
e9767315cf06bcb257b40014441dd4cd9aad0fb0
f92def2f943917d8946b03f71fcf676998701815
e4132c492ded7cadc60371b524e72e41f71f75e9
01577b93cbb0a26aba3209cde69475be2e1c5fb8
62afadb3ebac49a684fb0e5a1beb6d7db6f5e515
de8de55a5fee573d0718fa8dd13168a4f0a14614
a56356e399339d5bce2e699431cd3e6186229170
3d4ea276bdf44202250246cd6edae2bc17e92c74
851a9b18eccece64c3ae0cedd7c7b26a44f0eec6
8eb95a155de396981375c7f11221695fd3c7f9d5
b8681c165731666bb5eed073ab862490c33ea095
ea792fa342deebefa75b77832c9057924cdcb6f6
fac378485f5f15ac0a11c3d82207c4bc780bfb80
e7d57fc6e992ca212b834d5dd4d381244bca55c6
0ff7f41248f485cbc7685840f0698b490c241860
730dcc6dec75049e5f76b170911f46d44fb4adb8
1edcd5df80bdbc4d4da5bdd5e534d7a17ec61f77
285ec9ecde712e40e6f0981bcb379ee911bfe9d8
2bd77ff7314932dc4116773731a810fe0f7ce4b7
e92d0509d6b4d7f86e8626ba8c5efc5b786823f1
1666d1d74dec3978837ab49f8749d59c0abcf595
a177d15c875030dfc6c11ead3ec3a3ec851261cb
2d7a47a175337729f4c671d7a6223f6e0ea23ebe
172ce406d48916c57f0742b6a0e064ac170ec8ff
550d20fd3dd04397b3a38f8b9e0cfa574453eea1
a359b4139c8043ee3c3277b7559cb6d4f58f4044
7a7cb0d0426a891185f5acf825573d98360e98e1
f1c1b8661a9121e1ff02784955c98d9f33bca8bd
834197dafef0f3779ba69c8e350cbd7bb9333284
d43dc47eb1481796d1c5f1e0a02235be3b33e6ad
131f5c0b251e456c466eaca744525504e1d69492
7b02fb50143ba5044605ec67ed41180391835dcb
2956c7eb3c9fc2161fd2748e5aac1fc94478e8c7
45faf6c35a033ec46a546dfb9d5d6aeb2fb2b83c
1a5984ac6312b204b51590057b8327cf4698383b
132629ee3a9b73d0888d1110e4d0a45ded778e5a
8edbdd65ef78e3f26357d0254b58db3120a32880
7a5ad9f64a905f5744430c6e0796c646baf9432e
Comment 14 Stefan Metzmacher 2024-11-04 11:11:21 UTC
Created attachment 18491 [details]
Patches for v4-21-test (without removing unused stuff)
Comment 15 Stefan Metzmacher 2024-11-04 11:12:04 UTC
Created attachment 18492 [details]
Patches for v4-20-test (without removing unused stuff)
Comment 16 Douglas Bagnall 2024-11-06 02:46:39 UTC
Comment on attachment 18492 [details]
Patches for v4-20-test (without removing unused stuff)

I can't get the 4.20 patch to apply.


$ git am -3 ~/Downloads/bfixes-tmp420.txt
Applying: s4:torture/rpc: check that DOWNGRADE_DETECTED has no bits negotiated
Applying: s4:torture/rpc: without weak crypto we should require AES
Applying: s3:rpc_server/netlogon: correctly negotiate flags in ServerAuthenticate2/3
Applying: s3:rpc_server/netlogon: if we require AES there's no need to remove the ARCFOUR flag
Applying: s4:rpc_server/netlogon: if we require AES there's no need to remove the ARCFOUR flag
Applying: netlogon.idl: the capabilities in query_level=2 are the ones send by the client
Applying: libcli/auth: remove unused netlogon_creds_client_init_session_key()
Applying: libcli/auth: make use of netlogon_creds_cli_store_internal() in netlogon_creds_cli_auth_srvauth_done()
Applying: libcli/auth: don't allow any unexpected upgrades of negotiate_flags
Applying: libcli/auth: if we require aes we don't need to require arcfour nor strong key
Applying: libcli/auth: use a LogonControl after a LogonGetCapabilities downgrade
Applying: libcli/auth: use netr_LogonGetCapabilities query_level=2 to verify the proposed capabilities
Applying: s4:librpc/rpc: do LogonControl after LogonGetCapabilities downgrade
Applying: s4:librpc/rpc: don't allow any unexpected upgrades of negotiate_flags
Applying: s4:librpc/rpc: define required schannel flags and enforce them
Applying: s4:librpc/rpc: use netr_LogonGetCapabilities query_level=2 to verify the proposed capabilities
Applying: s4:torture/rpc/netlogon: adjust test_netlogon_capabilities query_level=2 to request_flags
Applying: s3:cli_netlogon: let rpccli_connect_netlogon() use force_reauth = true on retry
Applying: s4:dsdb/common: samdb_confirm_rodc_allowed_to_repl_to() only needs a const sid
Applying: s3:rpc_server/netlogon: add client_sid helper variables
Applying: s4:rpc_server/netlogon: add client_sid helper variables
error: sha1 information is lacking or useless (source4/rpc_server/netlogon/dcerpc_netlogon.c).
error: could not build fake ancestor
Patch failed at 0021 s4:rpc_server/netlogon: add client_sid helper variables
hint: Use 'git am --show-current-patch=diff' to see the failed patch


I think it's because of the formatting of trusts_attrs[] here:

--- source4/rpc_server/netlogon/dcerpc_netlogon.c                                                                              
+++ source4/rpc_server/netlogon/dcerpc_netlogon.c                                                                              
@@ -2628,6 +2632,7 @@ static NTSTATUS dcesrv_netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_cal                         
        TALLOC_CTX *mem_ctx, struct netr_LogonGetDomainInfo *r)                                                                
 {                                                                                                                             
        struct netlogon_creds_CredentialState *creds;                                                                          
+       const struct dom_sid *client_sid = NULL;                                                                               
        static const char *const trusts_attrs[] = {"securityIdentifier",                                                       
                                                   "flatName",                                                                 
                                                   "trustPartner",
Comment 17 Stefan Metzmacher 2024-11-06 11:58:34 UTC
Created attachment 18493 [details]
Patches for v4-20-test (without removing unused stuff)

Sorry, I forgot to change -69 into -70 for 4.20 as beaeeaff501b22fdfb3928d788597398fcbbbe29 is needed there
Comment 18 Stefan Metzmacher 2024-11-06 16:30:54 UTC
I'll upload new backports once https://gitlab.com/samba-team/samba/-/merge_requests/3856 is merged...
Comment 19 Samba QA Contact 2024-11-07 09:15:04 UTC
This bug was referenced in samba master:

f340dce6546a22d857cad440f8afaee9815dbdb1
Comment 20 Stefan Metzmacher 2024-11-07 09:30:47 UTC
Created attachment 18494 [details]
Patches for v4-21-test (without removing unused stuff)
Comment 21 Stefan Metzmacher 2024-11-07 09:33:44 UTC
Created attachment 18495 [details]
Patches for v4-20-test (without removing unused stuff)
Comment 22 Jule Anger 2024-11-13 08:57:18 UTC
Pushed to autobuild-v4-{21,20}-test.
Comment 23 Samba QA Contact 2024-11-13 10:06:04 UTC
This bug was referenced in samba v4-21-test:

a65ca95d4d27c31a3610da237618f30dc7567922
0267772cdf222541950b5d66924ecf24976c0bf3
a442241004eb88c3cbe9089430b2bba580cd829f
6916bf43d3f3e37f875f828002bcf443bc9f2fae
349f31448831467e47140f0a01ff8385cb3ebda5
8cf7bf9f615e0bbd63bdecd7674d3c849d2593ae
ced6cbfa6b10e36f19a9c42266bf13d0a134773e
6f1d556b40773e7bc541eb23e37d620f28269d03
48acce5da8ff6b945a0bc3b00fe3775b4e155131
d73e6c7ab087b93436d1419f804e865dbbe6bc34
ea1bb195859d30e1b183fcbf6a52bf8602c422ae
9265852ec701fb67119220c418b2703f99f87496
59d8a8715de4d4547f97eab6b1809f03adb80cdb
41be718d655e53f7f7a1219f434d47063b6e7239
5c7301f799fb40c0e74ef5449fd4557f3d9c6ed3
83e9f281ca4dc7befa97b35e6db33a4e4e7933ea
c2796abfdc2e3539c0d67a4ffe8ebafe389fde08
b5bf7bc38101c84488fa2f2c80ad1b2618f24895
f4edcf3d0ea8fa745d8b2859cea4598c110a5fa4
d197dd522f38c2206c97049713409e0a3b0f201e
e03e2f7639f1459f96d3e82efa9711329d3f7ab2
1a6928892a96521fbba35bc4194f298d5672b85b
58f657baf0989ed7057a983feaa240d3eeddfd69
114e369122c20cbf5ba5bd6451e4f827960b0619
39399a49d3620f5d0570a558beaa24d540f3530a
72be93b62f3f7e25df210dcaf59b0402647e5c54
a0ad07e82f08d6362cc6de1a0ec48285d76f391f
c6bfa4dbb257ab261acad6f5d0c811378701ac73
47e5aa1e36e3ee1bfd3e0fdecdbb0656d4b552bb
1fecabddeb658e441fb93794770120a8769ab9e6
ef69f5555668c8ece1b608d015cabe947719bca5
46b7eb7737b5ce7e0f6b9d03a502baf051a7f3cf
dcd3c2b9d2b15d6b6711c5a82db76e2facdbe9ef
57c1fb9048c761810f7ddbe3bd62f71e94141dd6
d7b7db05fd2b43ca157adc16bb8b1ad16d296f76
769588b25a71c560f753fbe5058a8b3ba077b7ca
30d744d0a6a44cf70a95fb60dc5f52b46260dc26
c7166d2d612ce971a50f08ac49d8c276fc12da4d
2a210ec5c400f790464f5efce174a84cb33804f8
553db707b5710687c3cf3383a0fa6ce1fdf1dfa8
44109378880578f16c09b75bdb10fce57f84d8c6
4da8ed66be98c4d7af2ebc0f82dbde2ab67da4d8
ee30900ecef094029683464b61d54fcf232fb0fd
a67f23403d5c29c45f468c8a2417de190844ec42
1942021a04bf2dfa6a2a7c6dd11419f5f761d217
63cd352ce46596613b9829f11a2b453b7efbb35d
16486fc89e98e8ef4f0c4b8c9fe9ce72b99e8359
986e85311b1ca77972022a53c67236d3ab394296
104dd940b80ef79d9c251c4e1c27c90529bddfa8
44803568fceace50c2a65590739808c430c90630
c39ab113afd402439d21f775983fd097653f0dd4
423ee427b2d2814349c1c46fe970dfb932a7c54b
7664466f8be58200ad780d86781d4c39ef1275e5
c944d1fc372aa8324183cbcdc1c5217ed623e20b
a8e5bbb268993beb9429a2a483c703776160371c
fea3d0c58104fc82640ff26bd3d4440a7291859c
cedcfa310b9aecc327b3911478a61b5a31179590
9b2c2de4bf90872f544c336274e5bfb9b2c8b78c
51dca749dd5b3d1c25ac24444a2558d58a65a18a
9f36351814a7fb34c019cd54baa364c4beb63036
f93fc1e65cbea0cf4cb750a2e9ed325fa1a7f0d1
57b897276ca6818afb161c54723fae3e4b5e2851
15fad537ca56cd444d7c5054b417a8b093ae7a6b
1edb984810b3c0f80c7050bd2c34e49895b3dc4d
bd5058538ccceb8d25e7712fd1afcee4e46f3d75
4fb7226f7769eeba95c41ea76466fbfabae1efbf
10e8e230e7be01b30c25bf3c38275951c7bb8853
97c1456157ac6c5cd796721a1527c02ff8874448
f444707208ca8ea4abed75054a4aaddc619d89e3
193dc02471b623d757a7a3de4178c0d7b31c4496
Comment 24 Samba QA Contact 2024-11-13 11:37:04 UTC
This bug was referenced in samba v4-20-test:

e463774b7cc1b60a9b61e3d7951250eeb88a4018
f467f83fbda136269e47733b21e1919d185f8a7a
e39ca0ed85e43da19ad3345d367ace7f5324ec71
41a60326a3d5df174225318e5b0eb1f7ee8235bf
92fc4f2b6832cdaced71bf3e3afb33cae6f71a44
e476b15d1bd01ba4acc2d0d6d9f64ef316d2c611
1dcb72dcac27dff8ad999bada4a053460db88034
b3fd6d36e990c1be611e2c449d027c9b91981772
84f4313aa9b86b4ceada42d6a3d80821d6fc7d0b
28a7372c58d35a1d9e4b7bbcac14549b637e36bd
3a33457f23c7b9bfc8d9affd0f7b1fdc7f40542e
560aa3e3db142a184183c92fe2bdbf94839b5ac1
20661a24ff2b6abc9288fce32d6900bb645593b2
a73571c0747c7531824478ed9d4439cb08d176d8
620065e13dfc24464ee9806e36bf37f5fcf828ac
d0b2469385fbee91c6753cf7496f8d1eee6422e8
adcd2436bf0a770d2f0c7a584d0ecec377e6262a
8d4d6fc8d21dac9600995826fc0eb23dc03faa73
a3b8c49a9982da45fe1e4a1f32848c4e554fd165
ca97536d7d224a4569ef16ae79623b881b8c08a5
dcb07d4504c80cc6c1a172168836673177497f39
878482663eb75b914155ed6b225778a0c2ae39a3
02bc35458be666330cde1ebbd1eaa38858dd0bc9
9ff331f9b9cda45109677b07ab153040f8a3780b
6d117ea4c8b3c6c142acd2a5b11d9b4be7171978
0b85452df0f7546dd6935ec4bfbef9655e87919c
71c0e187665bc17c4d8b3d1d6e7b6fd3aeb30185
5c74014ae821d8de9fad54a632498a91f8003815
1acd16876bb99ff59231122dba70c4d1f9d86ac2
fa49a8ad2b0cb74f7c7252f5f8b9a40b99789384
4aa40fd5be03db4430ed82c84f589fdb13bfbca3
1debb3d3743e583020cca91c1292717164df47c2
bc8dcaa109e4a1ddd04bdb3d4aaf9841fbac8673
4419fc6c48f388c5110eac0d7a6ddb22e10b1bde
c3b5697dd2e64c07852d2f2864d04d538f5024c1
6bd5d4d204a468982bf19f8baa494eb412991427
6a50b1aea3a497495047adefd649255f4a746bc9
447a9c782b9509ad8a4ab0f148629d3212cef62d
86ebe5e4e6d23979a679187c6d2eef2d94dbd5ee
1637e23c35dab542a10a855f7648fede2633fc39
91154188e28e63b19b9d2b9180b8e72145790ffd
838e5257d2a5cca576549b52b19c3015ec17fdb2
1aa11e2af6e6fd2cdb71d06bf2dc14d45c216846
536080d084e1abd088e064c098f8f9807e690387
a616dcc89d97a62d870a5e3b50f39659da916ca8
7f1db18b44680e5f91d005db557b20cb081abf13
254440c71a845542dd66d42c162792c2d62864fa
10da7c803b1e18163ea16737e23ce5222537b7de
a03fb78413465bfd4f35adcce8fd3137eaa567ad
b85a1d526ca491c9a7ceab35c421a1c61f515d86
8f035b802236f9276c6edc3c38d0b122ce1d893a
856aaaf881f40f05644f6cee63653dbb0186e457
c9c23c1a96bf07f11f9ed41c7d04c183d085fc8f
78ff2be8592fa48f3889e5aae934b7acb7fa08f3
3768134cae889f39065515a3393ef5cfd187572d
5792c2ce9d45a5e2f0b454776ebadcad6aaf466a
27ae047ba552650e780ec0c1c9c077b26ecccab3
cb5ed3bf75bf7967a49f5fbfa5832c27dffe393a
3aefe6a54a7020b266b390f6e53a9c95efada750
dc7ab826ef37d46d0bb852e049c0ab03a704e439
6b32dcf6ea2af0949fd283dd497b08e3a1ca6b26
270499b1c9ed4a010da265954314bfb5ffcd9eca
200fc14fb8ee59b89abc41985f6c7ee721003dc2
0c61920c887d14f7f83df70c543b95b5ff7f4d64
1de6cffa6836a70d3bcbdf57bd6ce93d59417c0c
77a02d6e79b077fc0b88172ae6d7832c43fefd1c
75e62cc19bed300696ddcbd7617ff86283032ef0
21e9355630016bac79c4260bdaa371e5142c814f
aa4add0053b55f506a34e329293d37b094d093f7
7b4629ef84a8e9ce80d1740720928309a0f9d565
Comment 25 Jule Anger 2024-11-13 12:03:31 UTC
Closing out bug report.

Thanks!
Comment 26 Samba QA Contact 2024-11-19 14:48:41 UTC
This bug was referenced in samba v4-20-stable (Release samba-4.20.6):

e463774b7cc1b60a9b61e3d7951250eeb88a4018
f467f83fbda136269e47733b21e1919d185f8a7a
e39ca0ed85e43da19ad3345d367ace7f5324ec71
41a60326a3d5df174225318e5b0eb1f7ee8235bf
92fc4f2b6832cdaced71bf3e3afb33cae6f71a44
e476b15d1bd01ba4acc2d0d6d9f64ef316d2c611
1dcb72dcac27dff8ad999bada4a053460db88034
b3fd6d36e990c1be611e2c449d027c9b91981772
84f4313aa9b86b4ceada42d6a3d80821d6fc7d0b
28a7372c58d35a1d9e4b7bbcac14549b637e36bd
3a33457f23c7b9bfc8d9affd0f7b1fdc7f40542e
560aa3e3db142a184183c92fe2bdbf94839b5ac1
20661a24ff2b6abc9288fce32d6900bb645593b2
a73571c0747c7531824478ed9d4439cb08d176d8
620065e13dfc24464ee9806e36bf37f5fcf828ac
d0b2469385fbee91c6753cf7496f8d1eee6422e8
adcd2436bf0a770d2f0c7a584d0ecec377e6262a
8d4d6fc8d21dac9600995826fc0eb23dc03faa73
a3b8c49a9982da45fe1e4a1f32848c4e554fd165
ca97536d7d224a4569ef16ae79623b881b8c08a5
dcb07d4504c80cc6c1a172168836673177497f39
878482663eb75b914155ed6b225778a0c2ae39a3
02bc35458be666330cde1ebbd1eaa38858dd0bc9
9ff331f9b9cda45109677b07ab153040f8a3780b
6d117ea4c8b3c6c142acd2a5b11d9b4be7171978
0b85452df0f7546dd6935ec4bfbef9655e87919c
71c0e187665bc17c4d8b3d1d6e7b6fd3aeb30185
5c74014ae821d8de9fad54a632498a91f8003815
1acd16876bb99ff59231122dba70c4d1f9d86ac2
fa49a8ad2b0cb74f7c7252f5f8b9a40b99789384
4aa40fd5be03db4430ed82c84f589fdb13bfbca3
1debb3d3743e583020cca91c1292717164df47c2
bc8dcaa109e4a1ddd04bdb3d4aaf9841fbac8673
4419fc6c48f388c5110eac0d7a6ddb22e10b1bde
c3b5697dd2e64c07852d2f2864d04d538f5024c1
6bd5d4d204a468982bf19f8baa494eb412991427
6a50b1aea3a497495047adefd649255f4a746bc9
447a9c782b9509ad8a4ab0f148629d3212cef62d
86ebe5e4e6d23979a679187c6d2eef2d94dbd5ee
1637e23c35dab542a10a855f7648fede2633fc39
91154188e28e63b19b9d2b9180b8e72145790ffd
838e5257d2a5cca576549b52b19c3015ec17fdb2
1aa11e2af6e6fd2cdb71d06bf2dc14d45c216846
536080d084e1abd088e064c098f8f9807e690387
a616dcc89d97a62d870a5e3b50f39659da916ca8
7f1db18b44680e5f91d005db557b20cb081abf13
254440c71a845542dd66d42c162792c2d62864fa
10da7c803b1e18163ea16737e23ce5222537b7de
a03fb78413465bfd4f35adcce8fd3137eaa567ad
b85a1d526ca491c9a7ceab35c421a1c61f515d86
8f035b802236f9276c6edc3c38d0b122ce1d893a
856aaaf881f40f05644f6cee63653dbb0186e457
c9c23c1a96bf07f11f9ed41c7d04c183d085fc8f
78ff2be8592fa48f3889e5aae934b7acb7fa08f3
3768134cae889f39065515a3393ef5cfd187572d
5792c2ce9d45a5e2f0b454776ebadcad6aaf466a
27ae047ba552650e780ec0c1c9c077b26ecccab3
cb5ed3bf75bf7967a49f5fbfa5832c27dffe393a
3aefe6a54a7020b266b390f6e53a9c95efada750
dc7ab826ef37d46d0bb852e049c0ab03a704e439
6b32dcf6ea2af0949fd283dd497b08e3a1ca6b26
270499b1c9ed4a010da265954314bfb5ffcd9eca
200fc14fb8ee59b89abc41985f6c7ee721003dc2
0c61920c887d14f7f83df70c543b95b5ff7f4d64
1de6cffa6836a70d3bcbdf57bd6ce93d59417c0c
77a02d6e79b077fc0b88172ae6d7832c43fefd1c
75e62cc19bed300696ddcbd7617ff86283032ef0
21e9355630016bac79c4260bdaa371e5142c814f
aa4add0053b55f506a34e329293d37b094d093f7
7b4629ef84a8e9ce80d1740720928309a0f9d565
Comment 27 Samba QA Contact 2024-11-25 15:11:05 UTC
This bug was referenced in samba v4-21-stable (Release samba-4.21.2):

a65ca95d4d27c31a3610da237618f30dc7567922
0267772cdf222541950b5d66924ecf24976c0bf3
a442241004eb88c3cbe9089430b2bba580cd829f
6916bf43d3f3e37f875f828002bcf443bc9f2fae
349f31448831467e47140f0a01ff8385cb3ebda5
8cf7bf9f615e0bbd63bdecd7674d3c849d2593ae
ced6cbfa6b10e36f19a9c42266bf13d0a134773e
6f1d556b40773e7bc541eb23e37d620f28269d03
48acce5da8ff6b945a0bc3b00fe3775b4e155131
d73e6c7ab087b93436d1419f804e865dbbe6bc34
ea1bb195859d30e1b183fcbf6a52bf8602c422ae
9265852ec701fb67119220c418b2703f99f87496
59d8a8715de4d4547f97eab6b1809f03adb80cdb
41be718d655e53f7f7a1219f434d47063b6e7239
5c7301f799fb40c0e74ef5449fd4557f3d9c6ed3
83e9f281ca4dc7befa97b35e6db33a4e4e7933ea
c2796abfdc2e3539c0d67a4ffe8ebafe389fde08
b5bf7bc38101c84488fa2f2c80ad1b2618f24895
f4edcf3d0ea8fa745d8b2859cea4598c110a5fa4
d197dd522f38c2206c97049713409e0a3b0f201e
e03e2f7639f1459f96d3e82efa9711329d3f7ab2
1a6928892a96521fbba35bc4194f298d5672b85b
58f657baf0989ed7057a983feaa240d3eeddfd69
114e369122c20cbf5ba5bd6451e4f827960b0619
39399a49d3620f5d0570a558beaa24d540f3530a
72be93b62f3f7e25df210dcaf59b0402647e5c54
a0ad07e82f08d6362cc6de1a0ec48285d76f391f
c6bfa4dbb257ab261acad6f5d0c811378701ac73
47e5aa1e36e3ee1bfd3e0fdecdbb0656d4b552bb
1fecabddeb658e441fb93794770120a8769ab9e6
ef69f5555668c8ece1b608d015cabe947719bca5
46b7eb7737b5ce7e0f6b9d03a502baf051a7f3cf
dcd3c2b9d2b15d6b6711c5a82db76e2facdbe9ef
57c1fb9048c761810f7ddbe3bd62f71e94141dd6
d7b7db05fd2b43ca157adc16bb8b1ad16d296f76
769588b25a71c560f753fbe5058a8b3ba077b7ca
30d744d0a6a44cf70a95fb60dc5f52b46260dc26
c7166d2d612ce971a50f08ac49d8c276fc12da4d
2a210ec5c400f790464f5efce174a84cb33804f8
553db707b5710687c3cf3383a0fa6ce1fdf1dfa8
44109378880578f16c09b75bdb10fce57f84d8c6
4da8ed66be98c4d7af2ebc0f82dbde2ab67da4d8
ee30900ecef094029683464b61d54fcf232fb0fd
a67f23403d5c29c45f468c8a2417de190844ec42
1942021a04bf2dfa6a2a7c6dd11419f5f761d217
63cd352ce46596613b9829f11a2b453b7efbb35d
16486fc89e98e8ef4f0c4b8c9fe9ce72b99e8359
986e85311b1ca77972022a53c67236d3ab394296
104dd940b80ef79d9c251c4e1c27c90529bddfa8
44803568fceace50c2a65590739808c430c90630
c39ab113afd402439d21f775983fd097653f0dd4
423ee427b2d2814349c1c46fe970dfb932a7c54b
7664466f8be58200ad780d86781d4c39ef1275e5
c944d1fc372aa8324183cbcdc1c5217ed623e20b
a8e5bbb268993beb9429a2a483c703776160371c
fea3d0c58104fc82640ff26bd3d4440a7291859c
cedcfa310b9aecc327b3911478a61b5a31179590
9b2c2de4bf90872f544c336274e5bfb9b2c8b78c
51dca749dd5b3d1c25ac24444a2558d58a65a18a
9f36351814a7fb34c019cd54baa364c4beb63036
f93fc1e65cbea0cf4cb750a2e9ed325fa1a7f0d1
57b897276ca6818afb161c54723fae3e4b5e2851
15fad537ca56cd444d7c5054b417a8b093ae7a6b
1edb984810b3c0f80c7050bd2c34e49895b3dc4d
bd5058538ccceb8d25e7712fd1afcee4e46f3d75
4fb7226f7769eeba95c41ea76466fbfabae1efbf
10e8e230e7be01b30c25bf3c38275951c7bb8853
97c1456157ac6c5cd796721a1527c02ff8874448
f444707208ca8ea4abed75054a4aaddc619d89e3
193dc02471b623d757a7a3de4178c0d7b31c4496
Comment 28 Samba QA Contact 2024-11-28 13:54:04 UTC
This bug was referenced in samba master:

63a5269a77aae1b157fe3c7ac31b2980f6ba71ff