KB5028166 has caused some disruption in the Samba community, and we are assured that an updated MS-NRPC will be published soon. The new level 2 will document the exact behaviour, but for this to have been rushed out in a security release it will have mattered. (The failure against Samba was clearly not intentional).
Created attachment 17989 [details] WIP patches for master
I like the fact that you check for NT_STATUS_EQUAL(status, NT_STATUS_RPC_BAD_STUB_DATA) and set the result to NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE (is that the same as INVALID?) but as you noted later, the sequence will be out of sync since a patched server will not call dcesrv_netr_creds_server_step_check whereas a not patched will (but is unable to return return_authenticator). Don't know if there is a way to make this compatible with both patched/windows and not patched samba..
(In reply to Michael Saxl from comment #3) It is compatible with patched/unpatched Windows/Samba. notice the state->tmp_creds = *state->creds and *state->creds = state->tmp_creds, which allows us rollback when step function was not called on the server.
(In reply to Michael Saxl from comment #3) NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE is mapped from DCERPC_NCA_S_FAULT_INVALID_TAG
(In reply to Stefan Metzmacher from comment #5) Oh, NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE is wrong, it should be NT_STATUS_RPC_ENUM_VALUE_OUT_OF_RANGE
Comment on attachment 17989 [details] WIP patches for master See https://gitlab.com/samba-team/samba/-/merge_requests/3189 for the latest version of patches
(In reply to Stefan Metzmacher from comment #4) but how do you decide if you rollback? The intended way is to rollback since a patched samba/windows will not step, but samba unpatched will. I'm quite dumb at the specifics but as far as I read you make the step if all succeeds with *state->creds = state->tmp_creds; else a rollback is done. What happens if the server side does the step (as far as I understood the unpatched server will)?
For reference: https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-winerrata/69ffd0ac-a0dd-49f2-96ad-6720441b0a93
I will work on this, unless someone else is well underway.
(In reply to Douglas Bagnall from comment #10) I'm working on it again
(In reply to Stefan Metzmacher from comment #11) good, thanks.
This bug was referenced in samba master: 36310650ee7a64603128139f512d3a4e039f8822 3dcbc8eea5bc53a8332b3ad93ea4c3df99af7830 b27661f832cc4c56cc582cf7041d90f178736ef7 e5bc5ee3e04138b10c0630640469a08fad847e56 a0bc372dee68ad255da005d2e2078da754bbef2a 86176598eee4c83dc63a9dac163f32c886477129 cf0e07a3d2a085d31f7d682633af9ec57c155e57 69cb9aea67de0613f467f7ce2d460364ff2be241 a9040c8ce76cb9911c4c0c5d623cc479e49f460d 3da40f1c6818550eb08a6d7d680c213c3f1d0649 276137e950696fbf36450dceebd6c0250c6242d0 25a2105ca7816c47a9c4a7fded88a922e4ccf88b 24de5d1cbd25fabae6b01565907b53f5e51ea06d 69b0cbd13d06fa640a900acab6757425b5b77cac 25294685b1c2c8652f0ca0220e8f3729e0b347e2 0b6ac4b082ddec5dae1392537727f3a7123ec279 d174b6595a962230bf71cc5c2f512a2c93a4cc1b 7f478656dcf08619bc3a7ad390c7db3bfdef924e c9eaf5e22de730f1e7575f6697f32dbb377eae06 eda3728a4079c5399f693b1d68e64e5660647c72 2e8949495f601d3fd117cceccd1b464a6ae43251 c2ef866fca296c8f3eb1620fdd2bb9bf289d96fc 518f57b93bdb84900d3b58cd94bdf1046f82a5a6 453587fbc1ef74a3b997235e84040553261fa13e 88a84d9330d2bb03176f888a0d8e5066e1e21bf6 4533afc9e12c4dbbc7d11c13e775888c113d497c a9308c490cb5ec8908a3e4c13e2ce8a08b9027e9 dfbc5e5a19420311eac3db5ede1c665a9198395d 484a046d8e179a3b21ead8b5bc3660095314e816 fd4b027511b18615e215b66183f95b54bcab683e 498fc88c155b57a0de6150c3b1e3cfcac181d45b 8b972fea0978101575f847eac33b09d2fd8d02e7 17394ed7bbf8fa50570a5732f1ce84ccd5e69393 3792fe372884aad6ea2893f2e62629dd1cddc129 e9767315cf06bcb257b40014441dd4cd9aad0fb0 f92def2f943917d8946b03f71fcf676998701815 e4132c492ded7cadc60371b524e72e41f71f75e9 01577b93cbb0a26aba3209cde69475be2e1c5fb8 62afadb3ebac49a684fb0e5a1beb6d7db6f5e515 de8de55a5fee573d0718fa8dd13168a4f0a14614 a56356e399339d5bce2e699431cd3e6186229170 3d4ea276bdf44202250246cd6edae2bc17e92c74 851a9b18eccece64c3ae0cedd7c7b26a44f0eec6 8eb95a155de396981375c7f11221695fd3c7f9d5 b8681c165731666bb5eed073ab862490c33ea095 ea792fa342deebefa75b77832c9057924cdcb6f6 fac378485f5f15ac0a11c3d82207c4bc780bfb80 e7d57fc6e992ca212b834d5dd4d381244bca55c6 0ff7f41248f485cbc7685840f0698b490c241860 730dcc6dec75049e5f76b170911f46d44fb4adb8 1edcd5df80bdbc4d4da5bdd5e534d7a17ec61f77 285ec9ecde712e40e6f0981bcb379ee911bfe9d8 2bd77ff7314932dc4116773731a810fe0f7ce4b7 e92d0509d6b4d7f86e8626ba8c5efc5b786823f1 1666d1d74dec3978837ab49f8749d59c0abcf595 a177d15c875030dfc6c11ead3ec3a3ec851261cb 2d7a47a175337729f4c671d7a6223f6e0ea23ebe 172ce406d48916c57f0742b6a0e064ac170ec8ff 550d20fd3dd04397b3a38f8b9e0cfa574453eea1 a359b4139c8043ee3c3277b7559cb6d4f58f4044 7a7cb0d0426a891185f5acf825573d98360e98e1 f1c1b8661a9121e1ff02784955c98d9f33bca8bd 834197dafef0f3779ba69c8e350cbd7bb9333284 d43dc47eb1481796d1c5f1e0a02235be3b33e6ad 131f5c0b251e456c466eaca744525504e1d69492 7b02fb50143ba5044605ec67ed41180391835dcb 2956c7eb3c9fc2161fd2748e5aac1fc94478e8c7 45faf6c35a033ec46a546dfb9d5d6aeb2fb2b83c 1a5984ac6312b204b51590057b8327cf4698383b 132629ee3a9b73d0888d1110e4d0a45ded778e5a 8edbdd65ef78e3f26357d0254b58db3120a32880 7a5ad9f64a905f5744430c6e0796c646baf9432e
Created attachment 18491 [details] Patches for v4-21-test (without removing unused stuff)
Created attachment 18492 [details] Patches for v4-20-test (without removing unused stuff)
Comment on attachment 18492 [details] Patches for v4-20-test (without removing unused stuff) I can't get the 4.20 patch to apply. $ git am -3 ~/Downloads/bfixes-tmp420.txt Applying: s4:torture/rpc: check that DOWNGRADE_DETECTED has no bits negotiated Applying: s4:torture/rpc: without weak crypto we should require AES Applying: s3:rpc_server/netlogon: correctly negotiate flags in ServerAuthenticate2/3 Applying: s3:rpc_server/netlogon: if we require AES there's no need to remove the ARCFOUR flag Applying: s4:rpc_server/netlogon: if we require AES there's no need to remove the ARCFOUR flag Applying: netlogon.idl: the capabilities in query_level=2 are the ones send by the client Applying: libcli/auth: remove unused netlogon_creds_client_init_session_key() Applying: libcli/auth: make use of netlogon_creds_cli_store_internal() in netlogon_creds_cli_auth_srvauth_done() Applying: libcli/auth: don't allow any unexpected upgrades of negotiate_flags Applying: libcli/auth: if we require aes we don't need to require arcfour nor strong key Applying: libcli/auth: use a LogonControl after a LogonGetCapabilities downgrade Applying: libcli/auth: use netr_LogonGetCapabilities query_level=2 to verify the proposed capabilities Applying: s4:librpc/rpc: do LogonControl after LogonGetCapabilities downgrade Applying: s4:librpc/rpc: don't allow any unexpected upgrades of negotiate_flags Applying: s4:librpc/rpc: define required schannel flags and enforce them Applying: s4:librpc/rpc: use netr_LogonGetCapabilities query_level=2 to verify the proposed capabilities Applying: s4:torture/rpc/netlogon: adjust test_netlogon_capabilities query_level=2 to request_flags Applying: s3:cli_netlogon: let rpccli_connect_netlogon() use force_reauth = true on retry Applying: s4:dsdb/common: samdb_confirm_rodc_allowed_to_repl_to() only needs a const sid Applying: s3:rpc_server/netlogon: add client_sid helper variables Applying: s4:rpc_server/netlogon: add client_sid helper variables error: sha1 information is lacking or useless (source4/rpc_server/netlogon/dcerpc_netlogon.c). error: could not build fake ancestor Patch failed at 0021 s4:rpc_server/netlogon: add client_sid helper variables hint: Use 'git am --show-current-patch=diff' to see the failed patch I think it's because of the formatting of trusts_attrs[] here: --- source4/rpc_server/netlogon/dcerpc_netlogon.c +++ source4/rpc_server/netlogon/dcerpc_netlogon.c @@ -2628,6 +2632,7 @@ static NTSTATUS dcesrv_netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_cal TALLOC_CTX *mem_ctx, struct netr_LogonGetDomainInfo *r) { struct netlogon_creds_CredentialState *creds; + const struct dom_sid *client_sid = NULL; static const char *const trusts_attrs[] = {"securityIdentifier", "flatName", "trustPartner",
Created attachment 18493 [details] Patches for v4-20-test (without removing unused stuff) Sorry, I forgot to change -69 into -70 for 4.20 as beaeeaff501b22fdfb3928d788597398fcbbbe29 is needed there
I'll upload new backports once https://gitlab.com/samba-team/samba/-/merge_requests/3856 is merged...
This bug was referenced in samba master: f340dce6546a22d857cad440f8afaee9815dbdb1
Created attachment 18494 [details] Patches for v4-21-test (without removing unused stuff)
Created attachment 18495 [details] Patches for v4-20-test (without removing unused stuff)
Pushed to autobuild-v4-{21,20}-test.
This bug was referenced in samba v4-21-test: a65ca95d4d27c31a3610da237618f30dc7567922 0267772cdf222541950b5d66924ecf24976c0bf3 a442241004eb88c3cbe9089430b2bba580cd829f 6916bf43d3f3e37f875f828002bcf443bc9f2fae 349f31448831467e47140f0a01ff8385cb3ebda5 8cf7bf9f615e0bbd63bdecd7674d3c849d2593ae ced6cbfa6b10e36f19a9c42266bf13d0a134773e 6f1d556b40773e7bc541eb23e37d620f28269d03 48acce5da8ff6b945a0bc3b00fe3775b4e155131 d73e6c7ab087b93436d1419f804e865dbbe6bc34 ea1bb195859d30e1b183fcbf6a52bf8602c422ae 9265852ec701fb67119220c418b2703f99f87496 59d8a8715de4d4547f97eab6b1809f03adb80cdb 41be718d655e53f7f7a1219f434d47063b6e7239 5c7301f799fb40c0e74ef5449fd4557f3d9c6ed3 83e9f281ca4dc7befa97b35e6db33a4e4e7933ea c2796abfdc2e3539c0d67a4ffe8ebafe389fde08 b5bf7bc38101c84488fa2f2c80ad1b2618f24895 f4edcf3d0ea8fa745d8b2859cea4598c110a5fa4 d197dd522f38c2206c97049713409e0a3b0f201e e03e2f7639f1459f96d3e82efa9711329d3f7ab2 1a6928892a96521fbba35bc4194f298d5672b85b 58f657baf0989ed7057a983feaa240d3eeddfd69 114e369122c20cbf5ba5bd6451e4f827960b0619 39399a49d3620f5d0570a558beaa24d540f3530a 72be93b62f3f7e25df210dcaf59b0402647e5c54 a0ad07e82f08d6362cc6de1a0ec48285d76f391f c6bfa4dbb257ab261acad6f5d0c811378701ac73 47e5aa1e36e3ee1bfd3e0fdecdbb0656d4b552bb 1fecabddeb658e441fb93794770120a8769ab9e6 ef69f5555668c8ece1b608d015cabe947719bca5 46b7eb7737b5ce7e0f6b9d03a502baf051a7f3cf dcd3c2b9d2b15d6b6711c5a82db76e2facdbe9ef 57c1fb9048c761810f7ddbe3bd62f71e94141dd6 d7b7db05fd2b43ca157adc16bb8b1ad16d296f76 769588b25a71c560f753fbe5058a8b3ba077b7ca 30d744d0a6a44cf70a95fb60dc5f52b46260dc26 c7166d2d612ce971a50f08ac49d8c276fc12da4d 2a210ec5c400f790464f5efce174a84cb33804f8 553db707b5710687c3cf3383a0fa6ce1fdf1dfa8 44109378880578f16c09b75bdb10fce57f84d8c6 4da8ed66be98c4d7af2ebc0f82dbde2ab67da4d8 ee30900ecef094029683464b61d54fcf232fb0fd a67f23403d5c29c45f468c8a2417de190844ec42 1942021a04bf2dfa6a2a7c6dd11419f5f761d217 63cd352ce46596613b9829f11a2b453b7efbb35d 16486fc89e98e8ef4f0c4b8c9fe9ce72b99e8359 986e85311b1ca77972022a53c67236d3ab394296 104dd940b80ef79d9c251c4e1c27c90529bddfa8 44803568fceace50c2a65590739808c430c90630 c39ab113afd402439d21f775983fd097653f0dd4 423ee427b2d2814349c1c46fe970dfb932a7c54b 7664466f8be58200ad780d86781d4c39ef1275e5 c944d1fc372aa8324183cbcdc1c5217ed623e20b a8e5bbb268993beb9429a2a483c703776160371c fea3d0c58104fc82640ff26bd3d4440a7291859c cedcfa310b9aecc327b3911478a61b5a31179590 9b2c2de4bf90872f544c336274e5bfb9b2c8b78c 51dca749dd5b3d1c25ac24444a2558d58a65a18a 9f36351814a7fb34c019cd54baa364c4beb63036 f93fc1e65cbea0cf4cb750a2e9ed325fa1a7f0d1 57b897276ca6818afb161c54723fae3e4b5e2851 15fad537ca56cd444d7c5054b417a8b093ae7a6b 1edb984810b3c0f80c7050bd2c34e49895b3dc4d bd5058538ccceb8d25e7712fd1afcee4e46f3d75 4fb7226f7769eeba95c41ea76466fbfabae1efbf 10e8e230e7be01b30c25bf3c38275951c7bb8853 97c1456157ac6c5cd796721a1527c02ff8874448 f444707208ca8ea4abed75054a4aaddc619d89e3 193dc02471b623d757a7a3de4178c0d7b31c4496
This bug was referenced in samba v4-20-test: e463774b7cc1b60a9b61e3d7951250eeb88a4018 f467f83fbda136269e47733b21e1919d185f8a7a e39ca0ed85e43da19ad3345d367ace7f5324ec71 41a60326a3d5df174225318e5b0eb1f7ee8235bf 92fc4f2b6832cdaced71bf3e3afb33cae6f71a44 e476b15d1bd01ba4acc2d0d6d9f64ef316d2c611 1dcb72dcac27dff8ad999bada4a053460db88034 b3fd6d36e990c1be611e2c449d027c9b91981772 84f4313aa9b86b4ceada42d6a3d80821d6fc7d0b 28a7372c58d35a1d9e4b7bbcac14549b637e36bd 3a33457f23c7b9bfc8d9affd0f7b1fdc7f40542e 560aa3e3db142a184183c92fe2bdbf94839b5ac1 20661a24ff2b6abc9288fce32d6900bb645593b2 a73571c0747c7531824478ed9d4439cb08d176d8 620065e13dfc24464ee9806e36bf37f5fcf828ac d0b2469385fbee91c6753cf7496f8d1eee6422e8 adcd2436bf0a770d2f0c7a584d0ecec377e6262a 8d4d6fc8d21dac9600995826fc0eb23dc03faa73 a3b8c49a9982da45fe1e4a1f32848c4e554fd165 ca97536d7d224a4569ef16ae79623b881b8c08a5 dcb07d4504c80cc6c1a172168836673177497f39 878482663eb75b914155ed6b225778a0c2ae39a3 02bc35458be666330cde1ebbd1eaa38858dd0bc9 9ff331f9b9cda45109677b07ab153040f8a3780b 6d117ea4c8b3c6c142acd2a5b11d9b4be7171978 0b85452df0f7546dd6935ec4bfbef9655e87919c 71c0e187665bc17c4d8b3d1d6e7b6fd3aeb30185 5c74014ae821d8de9fad54a632498a91f8003815 1acd16876bb99ff59231122dba70c4d1f9d86ac2 fa49a8ad2b0cb74f7c7252f5f8b9a40b99789384 4aa40fd5be03db4430ed82c84f589fdb13bfbca3 1debb3d3743e583020cca91c1292717164df47c2 bc8dcaa109e4a1ddd04bdb3d4aaf9841fbac8673 4419fc6c48f388c5110eac0d7a6ddb22e10b1bde c3b5697dd2e64c07852d2f2864d04d538f5024c1 6bd5d4d204a468982bf19f8baa494eb412991427 6a50b1aea3a497495047adefd649255f4a746bc9 447a9c782b9509ad8a4ab0f148629d3212cef62d 86ebe5e4e6d23979a679187c6d2eef2d94dbd5ee 1637e23c35dab542a10a855f7648fede2633fc39 91154188e28e63b19b9d2b9180b8e72145790ffd 838e5257d2a5cca576549b52b19c3015ec17fdb2 1aa11e2af6e6fd2cdb71d06bf2dc14d45c216846 536080d084e1abd088e064c098f8f9807e690387 a616dcc89d97a62d870a5e3b50f39659da916ca8 7f1db18b44680e5f91d005db557b20cb081abf13 254440c71a845542dd66d42c162792c2d62864fa 10da7c803b1e18163ea16737e23ce5222537b7de a03fb78413465bfd4f35adcce8fd3137eaa567ad b85a1d526ca491c9a7ceab35c421a1c61f515d86 8f035b802236f9276c6edc3c38d0b122ce1d893a 856aaaf881f40f05644f6cee63653dbb0186e457 c9c23c1a96bf07f11f9ed41c7d04c183d085fc8f 78ff2be8592fa48f3889e5aae934b7acb7fa08f3 3768134cae889f39065515a3393ef5cfd187572d 5792c2ce9d45a5e2f0b454776ebadcad6aaf466a 27ae047ba552650e780ec0c1c9c077b26ecccab3 cb5ed3bf75bf7967a49f5fbfa5832c27dffe393a 3aefe6a54a7020b266b390f6e53a9c95efada750 dc7ab826ef37d46d0bb852e049c0ab03a704e439 6b32dcf6ea2af0949fd283dd497b08e3a1ca6b26 270499b1c9ed4a010da265954314bfb5ffcd9eca 200fc14fb8ee59b89abc41985f6c7ee721003dc2 0c61920c887d14f7f83df70c543b95b5ff7f4d64 1de6cffa6836a70d3bcbdf57bd6ce93d59417c0c 77a02d6e79b077fc0b88172ae6d7832c43fefd1c 75e62cc19bed300696ddcbd7617ff86283032ef0 21e9355630016bac79c4260bdaa371e5142c814f aa4add0053b55f506a34e329293d37b094d093f7 7b4629ef84a8e9ce80d1740720928309a0f9d565
Closing out bug report. Thanks!
This bug was referenced in samba v4-20-stable (Release samba-4.20.6): e463774b7cc1b60a9b61e3d7951250eeb88a4018 f467f83fbda136269e47733b21e1919d185f8a7a e39ca0ed85e43da19ad3345d367ace7f5324ec71 41a60326a3d5df174225318e5b0eb1f7ee8235bf 92fc4f2b6832cdaced71bf3e3afb33cae6f71a44 e476b15d1bd01ba4acc2d0d6d9f64ef316d2c611 1dcb72dcac27dff8ad999bada4a053460db88034 b3fd6d36e990c1be611e2c449d027c9b91981772 84f4313aa9b86b4ceada42d6a3d80821d6fc7d0b 28a7372c58d35a1d9e4b7bbcac14549b637e36bd 3a33457f23c7b9bfc8d9affd0f7b1fdc7f40542e 560aa3e3db142a184183c92fe2bdbf94839b5ac1 20661a24ff2b6abc9288fce32d6900bb645593b2 a73571c0747c7531824478ed9d4439cb08d176d8 620065e13dfc24464ee9806e36bf37f5fcf828ac d0b2469385fbee91c6753cf7496f8d1eee6422e8 adcd2436bf0a770d2f0c7a584d0ecec377e6262a 8d4d6fc8d21dac9600995826fc0eb23dc03faa73 a3b8c49a9982da45fe1e4a1f32848c4e554fd165 ca97536d7d224a4569ef16ae79623b881b8c08a5 dcb07d4504c80cc6c1a172168836673177497f39 878482663eb75b914155ed6b225778a0c2ae39a3 02bc35458be666330cde1ebbd1eaa38858dd0bc9 9ff331f9b9cda45109677b07ab153040f8a3780b 6d117ea4c8b3c6c142acd2a5b11d9b4be7171978 0b85452df0f7546dd6935ec4bfbef9655e87919c 71c0e187665bc17c4d8b3d1d6e7b6fd3aeb30185 5c74014ae821d8de9fad54a632498a91f8003815 1acd16876bb99ff59231122dba70c4d1f9d86ac2 fa49a8ad2b0cb74f7c7252f5f8b9a40b99789384 4aa40fd5be03db4430ed82c84f589fdb13bfbca3 1debb3d3743e583020cca91c1292717164df47c2 bc8dcaa109e4a1ddd04bdb3d4aaf9841fbac8673 4419fc6c48f388c5110eac0d7a6ddb22e10b1bde c3b5697dd2e64c07852d2f2864d04d538f5024c1 6bd5d4d204a468982bf19f8baa494eb412991427 6a50b1aea3a497495047adefd649255f4a746bc9 447a9c782b9509ad8a4ab0f148629d3212cef62d 86ebe5e4e6d23979a679187c6d2eef2d94dbd5ee 1637e23c35dab542a10a855f7648fede2633fc39 91154188e28e63b19b9d2b9180b8e72145790ffd 838e5257d2a5cca576549b52b19c3015ec17fdb2 1aa11e2af6e6fd2cdb71d06bf2dc14d45c216846 536080d084e1abd088e064c098f8f9807e690387 a616dcc89d97a62d870a5e3b50f39659da916ca8 7f1db18b44680e5f91d005db557b20cb081abf13 254440c71a845542dd66d42c162792c2d62864fa 10da7c803b1e18163ea16737e23ce5222537b7de a03fb78413465bfd4f35adcce8fd3137eaa567ad b85a1d526ca491c9a7ceab35c421a1c61f515d86 8f035b802236f9276c6edc3c38d0b122ce1d893a 856aaaf881f40f05644f6cee63653dbb0186e457 c9c23c1a96bf07f11f9ed41c7d04c183d085fc8f 78ff2be8592fa48f3889e5aae934b7acb7fa08f3 3768134cae889f39065515a3393ef5cfd187572d 5792c2ce9d45a5e2f0b454776ebadcad6aaf466a 27ae047ba552650e780ec0c1c9c077b26ecccab3 cb5ed3bf75bf7967a49f5fbfa5832c27dffe393a 3aefe6a54a7020b266b390f6e53a9c95efada750 dc7ab826ef37d46d0bb852e049c0ab03a704e439 6b32dcf6ea2af0949fd283dd497b08e3a1ca6b26 270499b1c9ed4a010da265954314bfb5ffcd9eca 200fc14fb8ee59b89abc41985f6c7ee721003dc2 0c61920c887d14f7f83df70c543b95b5ff7f4d64 1de6cffa6836a70d3bcbdf57bd6ce93d59417c0c 77a02d6e79b077fc0b88172ae6d7832c43fefd1c 75e62cc19bed300696ddcbd7617ff86283032ef0 21e9355630016bac79c4260bdaa371e5142c814f aa4add0053b55f506a34e329293d37b094d093f7 7b4629ef84a8e9ce80d1740720928309a0f9d565
This bug was referenced in samba v4-21-stable (Release samba-4.21.2): a65ca95d4d27c31a3610da237618f30dc7567922 0267772cdf222541950b5d66924ecf24976c0bf3 a442241004eb88c3cbe9089430b2bba580cd829f 6916bf43d3f3e37f875f828002bcf443bc9f2fae 349f31448831467e47140f0a01ff8385cb3ebda5 8cf7bf9f615e0bbd63bdecd7674d3c849d2593ae ced6cbfa6b10e36f19a9c42266bf13d0a134773e 6f1d556b40773e7bc541eb23e37d620f28269d03 48acce5da8ff6b945a0bc3b00fe3775b4e155131 d73e6c7ab087b93436d1419f804e865dbbe6bc34 ea1bb195859d30e1b183fcbf6a52bf8602c422ae 9265852ec701fb67119220c418b2703f99f87496 59d8a8715de4d4547f97eab6b1809f03adb80cdb 41be718d655e53f7f7a1219f434d47063b6e7239 5c7301f799fb40c0e74ef5449fd4557f3d9c6ed3 83e9f281ca4dc7befa97b35e6db33a4e4e7933ea c2796abfdc2e3539c0d67a4ffe8ebafe389fde08 b5bf7bc38101c84488fa2f2c80ad1b2618f24895 f4edcf3d0ea8fa745d8b2859cea4598c110a5fa4 d197dd522f38c2206c97049713409e0a3b0f201e e03e2f7639f1459f96d3e82efa9711329d3f7ab2 1a6928892a96521fbba35bc4194f298d5672b85b 58f657baf0989ed7057a983feaa240d3eeddfd69 114e369122c20cbf5ba5bd6451e4f827960b0619 39399a49d3620f5d0570a558beaa24d540f3530a 72be93b62f3f7e25df210dcaf59b0402647e5c54 a0ad07e82f08d6362cc6de1a0ec48285d76f391f c6bfa4dbb257ab261acad6f5d0c811378701ac73 47e5aa1e36e3ee1bfd3e0fdecdbb0656d4b552bb 1fecabddeb658e441fb93794770120a8769ab9e6 ef69f5555668c8ece1b608d015cabe947719bca5 46b7eb7737b5ce7e0f6b9d03a502baf051a7f3cf dcd3c2b9d2b15d6b6711c5a82db76e2facdbe9ef 57c1fb9048c761810f7ddbe3bd62f71e94141dd6 d7b7db05fd2b43ca157adc16bb8b1ad16d296f76 769588b25a71c560f753fbe5058a8b3ba077b7ca 30d744d0a6a44cf70a95fb60dc5f52b46260dc26 c7166d2d612ce971a50f08ac49d8c276fc12da4d 2a210ec5c400f790464f5efce174a84cb33804f8 553db707b5710687c3cf3383a0fa6ce1fdf1dfa8 44109378880578f16c09b75bdb10fce57f84d8c6 4da8ed66be98c4d7af2ebc0f82dbde2ab67da4d8 ee30900ecef094029683464b61d54fcf232fb0fd a67f23403d5c29c45f468c8a2417de190844ec42 1942021a04bf2dfa6a2a7c6dd11419f5f761d217 63cd352ce46596613b9829f11a2b453b7efbb35d 16486fc89e98e8ef4f0c4b8c9fe9ce72b99e8359 986e85311b1ca77972022a53c67236d3ab394296 104dd940b80ef79d9c251c4e1c27c90529bddfa8 44803568fceace50c2a65590739808c430c90630 c39ab113afd402439d21f775983fd097653f0dd4 423ee427b2d2814349c1c46fe970dfb932a7c54b 7664466f8be58200ad780d86781d4c39ef1275e5 c944d1fc372aa8324183cbcdc1c5217ed623e20b a8e5bbb268993beb9429a2a483c703776160371c fea3d0c58104fc82640ff26bd3d4440a7291859c cedcfa310b9aecc327b3911478a61b5a31179590 9b2c2de4bf90872f544c336274e5bfb9b2c8b78c 51dca749dd5b3d1c25ac24444a2558d58a65a18a 9f36351814a7fb34c019cd54baa364c4beb63036 f93fc1e65cbea0cf4cb750a2e9ed325fa1a7f0d1 57b897276ca6818afb161c54723fae3e4b5e2851 15fad537ca56cd444d7c5054b417a8b093ae7a6b 1edb984810b3c0f80c7050bd2c34e49895b3dc4d bd5058538ccceb8d25e7712fd1afcee4e46f3d75 4fb7226f7769eeba95c41ea76466fbfabae1efbf 10e8e230e7be01b30c25bf3c38275951c7bb8853 97c1456157ac6c5cd796721a1527c02ff8874448 f444707208ca8ea4abed75054a4aaddc619d89e3 193dc02471b623d757a7a3de4178c0d7b31c4496
This bug was referenced in samba master: 63a5269a77aae1b157fe3c7ac31b2980f6ba71ff