ProHoster > Блог > izindaba ze-inthanethi > Ukukhishwa kwe-Samba 4.17.0

Ukukhishwa kwe-Samba 4.17.0

I-Samba 4.17.0 ikhishwe, iqhubeka nokuthuthukiswa kwegatsha le-Samba 4 ngokusetshenziswa okugcwele kwesilawuli sesizinda kanye nensizakalo ye-Active Directory ehambisana nokusetshenziswa. Windows 2008 futhi iyakwazi ukuphatha zonke izinhlobo ezisekelwa yiMicrosoft Windows-amaklayenti, kufaka phakathi Windows 11. I-Samba 4 iwumkhiqizo weseva osebenza ngezindlela eziningi ophinde unikeze iseva yefayela, isevisi yokuphrinta, kanye neseva yokuqinisekisa (i-winbind).

Izinguquko ezibalulekile ku-Samba 4.17:

  • Umsebenzi wenziwe ukuze kuqedwe ukuhlehla ekusebenzeni kwamaseva e-SMB amatasa avele ngenxa yokwengeza isivikelo ezingozini zokukhohlisa i-symlink. Phakathi kokuthuthukiswa okwenziwayo, kukhulunywa ngokunciphisa amakholi wesistimu lapho kuhlolwa igama lohla lwemibhalo futhi kungasebenzisi imicimbi yokuvuka lapho kucutshungulwa imisebenzi eqhudelanayo eholela ekubambezelekeni.
  • Ikhono lokwakha i-Samba ngaphandle kokusekelwa kwephrothokholi ye-SMB1 ku-smbd linikeziwe. Ukuze ukhubaze i-SMB1, inketho ethi “-without-smb1-server” isetshenziswa kusikripthi sokumisa sokwakha (sithinta i-smbd kuphela; usekelo lwe-SMB1 lugcinwa kulabhulali yeklayenti).
  • Uma usebenzisa i-MIT Kerberos 1.20, amandla okulwa nokuhlasela kwe-Bronze Bit (CVE-2020-17049) asetshenziswa ngokudlulisela ulwazi olwengeziwe phakathi kwezingxenye ze-KDC ne-KDB. Ku-KDC esekelwe ku-Heimdal Kerberos, inkinga yalungiswa ngo-2021.
  • Uma wakha nge-MIT Kerberos 1.20 kusilawuli isizinda Ukusekelwa kwezandiso ze-S4U2Self kanye ne-S4U2Proxy Kerberos kuye kwasetshenziswa i-Samba, kanye ne-resource-based constrained delegation (RBCD). Ukuphatha i-RBCD, imiyalo engezansi ethi 'add-principal' kanye ne-'del-principal' ingeziwe kumyalo we-"samba-tool delegation". I-RBCD ayikasekelwa okwamanje ku-KDC ezenzakalelayo esekelwe ku-Heimdal Kerberos.
  • Isevisi ye-DNS eyakhelwe ngaphakathi inikeza amandla okushintsha imbobo yenethiwekhi ethola izicelo (isibonelo, ukusebenzisa enye iseva ye-DNS kusistimu efanayo eqondisa kabusha izicelo ezithile ku-Samba).
  • Engxenyeni ye-CTDB, enesibopho sokusebenza kokucushwa kweqoqo, izimfuneko ze-syntax yefayela le-ctdb.tunables zehlisiwe. Lapho wakha i-Samba ngezinketho ze-“--with-cluster-support” kanye “--systemd-install-services”, ukufakwa kwesevisi ye-systemd ye-CTDB kuyaqinisekiswa. Iskripthi se-ctdbd_wrapper sinqanyuliwe - inqubo ye-ctdbd manje yethulwa ngokuqondile kusevisi ye-systemd noma kuskripthi se-init.
  • Isilungiselelo esithi 'nt hash store = never' senziwe, esivimbela ukugcinwa kwamahashi “nqunu” (ngaphandle kukasawoti) wamaphasiwedi omsebenzisi we-Active Directory. Enguqulweni elandelayo, isilungiselelo esizenzakalelayo se-'nt hash store' sizosethwa ukuze sithi "okuzenzakalelayo", lapho kuzosetshenziswa imodi ethi "ungalokothi" uma ukulungiselelwa kwe-'ntlm auth = disabled' kukhona.
  • Kuphakanyiswe isibopho sokufinyelela i-API yelabhulali ye-smbconf kusuka kukhodi yePython.
  • Uhlelo lwe-smbstatus lisebenzisa ikhono lokukhipha ulwazi ngefomethi ye-JSON (enikwe amandla ngenketho ethi "-json").
  • Isilawuli sesizinda manje sisekela iqembu lokuphepha le-Protected Users, elasungulwa ngo- Windows Server 2012 R2 futhi ayivumeli ukusetshenziswa kwezinhlobo zokubethela ezibuthakathaka (ukusekelwa kokuqinisekiswa kwe-NTLM, ama-Kerberos TGT asekelwe ku-RC4, ukudluliselwa okuvinjelwe nokungavinjelwe kukhutshaziwe kubasebenzisi eqenjini).
  • Ukusekelwa kwesitolo sephasiwedi esisekelwe ku-LanMan nendlela yokuqinisekisa kunqanyuliwe (ukulungiselelwa kokuthi "lanman auth=yebo" akunawo umthelela).

    Source: opennet.ru
Thenga ukusingathwa okuthembekile kwamasayithi anokuvikelwa kwe-DDoS, amaseva e-VPS VDS 🔥 Thenga ukusingathwa kwewebhusayithi okuthembekile ngokuvikelwa kwe-DDoS, amaseva e-VPS VDS | ProHoster