[SCM] Samba Shared Repository - branch master updated

Volker Lendecke Mon, 24 Feb 2025 00:44:27 -0800

The branch, master has been updated
       via  154875244c5 s3:testparm: make it clear that 'client use krb5 
netlogon' is experimental
       via  5fc5f90dee1 samba-tool/testparm: make it clear that 'client use 
krb5 netlogon' is experimental
       via  54514ad809e docs-xml/smbdotconf: make it clear that 'client use 
krb5 netlogon' is experimental
      from  4926da69771 s4:kdc: split access check preparation from the actual 
check in samba_kdc_update_pac()


https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 154875244c5a349e04605cad1f66cb26aeaf86d7
Author: Stefan Metzmacher <me...@samba.org>
Date:   Sat Feb 22 15:58:51 2025 +0100

    s3:testparm: make it clear that 'client use krb5 netlogon' is experimental
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15815
    
    Signed-off-by: Stefan Metzmacher <me...@samba.org>
    Reviewed-by: Volker Lendecke <v...@samba.org>
    
    Autobuild-User(master): Volker Lendecke <v...@samba.org>
    Autobuild-Date(master): Mon Feb 24 08:43:55 UTC 2025 on atb-devel-224

commit 5fc5f90dee13ab5168c22fd53b89c582f3d582e9
Author: Stefan Metzmacher <me...@samba.org>
Date:   Sat Feb 22 15:58:51 2025 +0100

    samba-tool/testparm: make it clear that 'client use krb5 netlogon' is 
experimental
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15815
    
    Signed-off-by: Stefan Metzmacher <me...@samba.org>
    Reviewed-by: Volker Lendecke <v...@samba.org>

commit 54514ad809ef2e70b772906a815b27a0950a5341
Author: Stefan Metzmacher <me...@samba.org>
Date:   Sat Feb 22 15:58:51 2025 +0100

    docs-xml/smbdotconf: make it clear that 'client use krb5 netlogon' is 
experimental
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15815
    
    Signed-off-by: Stefan Metzmacher <me...@samba.org>
    Reviewed-by: Volker Lendecke <v...@samba.org>

-----------------------------------------------------------------------

Summary of changes:
 docs-xml/smbdotconf/winbind/clientusekrb5netlogon.xml |  5 +++++
 python/samba/netcmd/testparm.py                       | 10 ++++++++++
 source3/utils/testparm.c                              | 13 +++++++++++++
 3 files changed, 28 insertions(+)


Changeset truncated at 500 lines:

diff --git a/docs-xml/smbdotconf/winbind/clientusekrb5netlogon.xml 
b/docs-xml/smbdotconf/winbind/clientusekrb5netlogon.xml
index ad0fc907903..e65941eb901 100644
--- a/docs-xml/smbdotconf/winbind/clientusekrb5netlogon.xml
+++ b/docs-xml/smbdotconf/winbind/clientusekrb5netlogon.xml
@@ -39,6 +39,11 @@
        is detected as active directory domain, e.g.
        with 'SECURITY = ADS' or on an active directory domain controller.
        </para>
+
+       <para><emphasis>
+       WARNING: This option is experimental in this Samba version
+       (see VERSION section below) and should not be used in production!
+       </emphasis></para>
 </description>
 
 <value type="default">default</value>
diff --git a/python/samba/netcmd/testparm.py b/python/samba/netcmd/testparm.py
index 6fbde635a7d..cd854feee9c 100644
--- a/python/samba/netcmd/testparm.py
+++ b/python/samba/netcmd/testparm.py
@@ -191,6 +191,16 @@ class cmd_testparm(Command):
                 "'allow_sasl_without_tls_channel_bindings' "
                 "(if really needed).")
 
+        cli_krb5_netlogon = lp.get("client use krb5 netlogon")
+        if cli_krb5_netlogon not in ["no", "default"]:
+            logger.error(
+                "You have configured "
+                "'client use krb5 netlogon = %s'.\n"
+                "This is experimental in Samba %s "
+                "and should not be used in production!\n\n" %
+                (cli_krb5_netlogon, samba.version))
+            valid = False
+
         return valid
 
     def allow_access(self, deny_list, allow_list, cname, caddr):
diff --git a/source3/utils/testparm.c b/source3/utils/testparm.c
index 2bc41244a27..306924ac7c8 100644
--- a/source3/utils/testparm.c
+++ b/source3/utils/testparm.c
@@ -359,6 +359,7 @@ static int do_global_checks(void)
        const char **lp_ptr = NULL;
        const struct loadparm_substitution *lp_sub =
                loadparm_s3_global_substitution();
+       int ival;
 
        fprintf(stderr, "\n");
 
@@ -784,6 +785,18 @@ static int do_global_checks(void)
                        "options\n\n");
        }
 
+       ival = lp__client_use_krb5_netlogon();
+       if (ival > 0) {
+               fprintf(stderr,
+                       "ERROR: You have configured "
+                       "'client use krb5 netlogon = %s'.\n"
+                       "This is experimental in Samba %s "
+                       "and should not be used in production!\n\n",
+                       ival == Auto ? "auto" : "yes",
+                       samba_version_string());
+               ret = 1;
+       }
+
        if (lp_kerberos_encryption_types() == KERBEROS_ETYPES_LEGACY) {
                fprintf(stderr,
                        "WARNING: You have configured "


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch master updated

Reply via email to