From 1776246f0ef2ed85fa42f30d40ee52dfb303f1c8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20Filipensk=C3=BD?= Date: Sat, 13 Sep 2025 10:51:05 +0200 Subject: [PATCH] Update to version 4.23.0 - resolves: RHEL-114545 --- .gitignore | 2 + redhat-4.22.patch | 492 ---------------------------------------------- samba.spec | 89 ++++++++- sources | 4 +- 4 files changed, 86 insertions(+), 501 deletions(-) delete mode 100644 redhat-4.22.patch diff --git a/.gitignore b/.gitignore index 7837124..0fe538d 100644 --- a/.gitignore +++ b/.gitignore @@ -377,3 +377,5 @@ samba-3.6.0pre1.tar.gz /samba-4.22.3.tar.xz /samba-4.22.4.tar.asc /samba-4.22.4.tar.xz +/samba-4.23.0.tar.asc +/samba-4.23.0.tar.xz diff --git a/redhat-4.22.patch b/redhat-4.22.patch deleted file mode 100644 index ae37fbd..0000000 --- a/redhat-4.22.patch +++ /dev/null @@ -1,492 +0,0 @@ -From b0ff8644c06b01252bdbac6a31c77c5781d4b5a0 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Pavel=20Filipensk=C3=BD?= -Date: Tue, 29 Jul 2025 11:19:07 +0200 -Subject: [PATCH 1/3] selftest: Add the short name for localvampiredc to hosts - file -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=15905 - -Signed-off-by: Pavel Filipenský -Reviewed-by: Alexander Bokovoy -(cherry picked from commit 5d2f60ae5aa96751b74901ae5384291ef338b152) ---- - selftest/target/Samba4.pm | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm -index 9da339f6239..af0434a8e6b 100755 ---- a/selftest/target/Samba4.pm -+++ b/selftest/target/Samba4.pm -@@ -878,7 +878,7 @@ nogroup:x:65534:nobody - - my $hostname = lc($ctx->{hostname}); - open(HOSTS, ">>$ctx->{nsswrap_hosts}"); -- if ($hostname eq "localdc") { -+ if ($hostname eq "localdc" || $hostname eq "localvampiredc") { - print HOSTS "$ctx->{ipv4} ${hostname}.$ctx->{dnsname} $ctx->{dnsname} ${hostname}\n"; - print HOSTS "$ctx->{ipv6} ${hostname}.$ctx->{dnsname} $ctx->{dnsname} ${hostname}\n"; - } else { --- -2.51.0 - - -From 03431792b4707e50afc8f9e356f08a91f4fb67c3 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Pavel=20Filipensk=C3=BD?= -Date: Mon, 4 Aug 2025 11:20:54 +0200 -Subject: [PATCH 2/3] tests: Add test for 'net ads join' to a preferred DC -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=15905 - -Signed-off-by: Pavel Filipenský -Reviewed-by: Alexander Bokovoy -(cherry picked from commit 36f6ac547c09f492d1dcab11570e8bcbd377cf26) ---- - selftest/knownfail | 1 + - source4/selftest/tests.py | 1 + - .../test_net_ads_join_to_preferred_dc.sh | 61 +++++++++++++++++++ - 3 files changed, 63 insertions(+) - create mode 100755 testprogs/blackbox/test_net_ads_join_to_preferred_dc.sh - -diff --git a/selftest/knownfail b/selftest/knownfail -index ab2d79d7114..7c0e9dd00e7 100644 ---- a/selftest/knownfail -+++ b/selftest/knownfail -@@ -335,6 +335,7 @@ - ^samba.tests.dcerpc.dnsserver.samba.tests.dcerpc.dnsserver.DnsserverTests.test_security_descriptor.* - ^samba4.blackbox.dbcheck-links.release-4-5-0-pre1.dbcheck_dangling_multi_valued_clean - ^samba4.blackbox.dbcheck-links.release-4-5-0-pre1.dangling_multi_valued_check_missing -+^samba4.blackbox.net_ads_join.join - - # We currently don't send referrals for LDAP modify of non-replicated attrs - ^samba4.ldap.rodc.python\(rodc\).__main__.RodcTests.test_modify_nonreplicated.* -diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py -index 9c5e85e428a..14a41ba77ed 100755 ---- a/source4/selftest/tests.py -+++ b/source4/selftest/tests.py -@@ -902,6 +902,7 @@ plantestsuite("samba4.blackbox.rfc2307_mapping", - plantestsuite("samba4.blackbox.chgdcpass", "chgdcpass", [os.path.join(bbdir, "test_chgdcpass.sh"), '$SERVER', r"CHGDCPASS\$", '$REALM', '$DOMAIN', '$PREFIX/chgdcpass', "aes256-cts-hmac-sha1-96", '$PREFIX/chgdcpass', smbclient3]) - plantestsuite("samba4.blackbox.samba_upgradedns(chgdcpass:local)", "chgdcpass:local", [os.path.join(bbdir, "test_samba_upgradedns.sh"), '$SERVER', '$REALM', '$PREFIX', '$SELFTEST_PREFIX/chgdcpass']) - plantestsuite("samba4.blackbox.net_ads", "ad_dc:client", [os.path.join(bbdir, "test_net_ads.sh"), '$DC_SERVER', '$DC_USERNAME', '$DC_PASSWORD', '$PREFIX_ABS']) -+plantestsuite("samba4.blackbox.net_ads_join", "vampire_dc:client", [os.path.join(bbdir, "test_net_ads_join_to_preferred_dc.sh"), '$DC_SERVER', '$DC_USERNAME', '$DC_PASSWORD', '$PREFIX']) - plantestsuite("samba4.blackbox.net_offlinejoin", "ad_dc:client", [os.path.join(bbdir, "test_net_offline.sh"), '$DC_SERVER', '$DC_USERNAME', '$DC_PASSWORD', '$PREFIX_ABS']) - plantestsuite("samba4.blackbox.client_etypes_all(ad_dc:client)", "ad_dc:client", [os.path.join(bbdir, "test_client_etypes.sh"), '$DC_SERVER', '$DC_USERNAME', '$DC_PASSWORD', '$PREFIX_ABS', 'all', '17_18_23']) - plantestsuite("samba4.blackbox.client_etypes_legacy(ad_dc:client)", "ad_dc:client", [os.path.join(bbdir, "test_client_etypes.sh"), '$DC_SERVER', '$DC_USERNAME', '$DC_PASSWORD', '$PREFIX_ABS', 'legacy', '23']) -diff --git a/testprogs/blackbox/test_net_ads_join_to_preferred_dc.sh b/testprogs/blackbox/test_net_ads_join_to_preferred_dc.sh -new file mode 100755 -index 00000000000..1bebc2f4dbe ---- /dev/null -+++ b/testprogs/blackbox/test_net_ads_join_to_preferred_dc.sh -@@ -0,0 +1,61 @@ -+if [ $# -lt 4 ]; then -+ cat </dev/null | sha1sum | cut -b 1-10) -+ -+RUNDIR=$(pwd) -+cd $BASEDIR -+WORKDIR=$(mktemp -d -p .) -+WORKDIR=$(basename $WORKDIR) -+cp -a client/* $WORKDIR/ -+sed -ri "s@(dir|directory) = (.*)/client/@\1 = \2/$WORKDIR/@" $WORKDIR/client.conf -+sed -ri "s/netbios name = .*/netbios name = $HOSTNAME/" $WORKDIR/client.conf -+rm -f $WORKDIR/private/secrets.tdb -+cd $RUNDIR -+ -+failed=0 -+ -+net_tool="$BINDIR/net --configfile=$BASEDIR/$WORKDIR/client.conf --option=security=ads" -+ -+# Load test functions -+. $(dirname $0)/subunit.sh -+. "$(dirname "${0}")/common_test_fns.inc" -+ -+# This test is run in environment with two DCs ('localdc' and 'localvampiredc') -+# The 'net ads join' has these two steps: -+# 1. create machine account at DC ('-S' points to 'localvampiredc') -+# 2. create keytab and sync the KVNO from a DC -+# -+# It must be ensured that in step #2 the keytab code contacts the same DC -+# ('localvampiredc'). The configuration below tries to break it. -+# We disable [SAF/DOMAIN/...] and [SAFJOIN/DOMAIN/...] by setting TTL to '-1' -+# And via setting 'password server' to 'localdc' we manage that -+# get_dc_list() returns 'localdc' instead of 'localvampiredc' -+# -+# As long as the keytab code is not explicitly told to use the same DC as join, -+# we get failure: -+# gensec_gse_client_prepare_ccache: Kinit for F0D26C71F6$@SAMBA.EXAMPLE.COM to access ldap/localdc.samba.example.com failed: Client not found in Kerberos database: NT_STATUS_LOGON_FAILURE -+ -+cat <>$BASEDIR/$WORKDIR/client.conf -+sync machine password to keytab = $BASEDIR/keytab:account_name:machine_password:sync_kvno -+password server = $DC_SERVER -+saf: join ttl = -1 -+saf: ttl = -1 -+EOF -+ -+testit "join" $VALGRIND $net_tool ads join -S$SERVER -U$DC_USERNAME%$DC_PASSWORD || failed=$(expr $failed + 1) -+ -+testit "leave" $VALGRIND $net_tool ads leave -U$DC_USERNAME%$DC_PASSWORD || failed=$(expr $failed + 1) -+ -+rm -rf $BASEDIR/$WORKDIR -+ -+exit $failed --- -2.51.0 - - -From 5cff37091161976a979752351003c9c1deb0d39f Mon Sep 17 00:00:00 2001 -From: Andreas Schneider -Date: Mon, 28 Jul 2025 10:43:36 +0200 -Subject: [PATCH 3/3] s3:net: Pass down the server from cmdline to - sync_pw2keytabs() -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This makes sure that during 'net ads join' the keytab create code -- sync_pw2keytabs() talks to the same DC at what the machine account -was created. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=15905 - -Signed-off-by: Andreas Schneider -Signed-off-by: Pavel Filipenský -Pair-Programmed-With: Pavel Filipenský - -Reviewed-by: Alexander Bokovoy - -Autobuild-User(master): Pavel Filipensky -Autobuild-Date(master): Fri Sep 5 13:38:33 UTC 2025 on atb-devel-224 - -(cherry picked from commit 5d1d3a8b568b5a07ed1ed537d20aa93820cecc14) ---- - selftest/knownfail | 1 - - source3/include/secrets.h | 25 ++++++++++++++---------- - source3/libads/ads_proto.h | 2 +- - source3/libads/kerberos_keytab.c | 24 ++++++++++++++++++++--- - source3/libads/trusts_util.c | 15 ++++++++------ - source3/libads/util.c | 10 ++++++---- - source3/libnet/libnet_join.c | 2 +- - source3/passdb/machine_account_secrets.c | 10 ++++++---- - source3/utils/net.c | 10 ++++++---- - source3/utils/net_ads.c | 2 +- - 10 files changed, 66 insertions(+), 35 deletions(-) - -diff --git a/selftest/knownfail b/selftest/knownfail -index 7c0e9dd00e7..ab2d79d7114 100644 ---- a/selftest/knownfail -+++ b/selftest/knownfail -@@ -335,7 +335,6 @@ - ^samba.tests.dcerpc.dnsserver.samba.tests.dcerpc.dnsserver.DnsserverTests.test_security_descriptor.* - ^samba4.blackbox.dbcheck-links.release-4-5-0-pre1.dbcheck_dangling_multi_valued_clean - ^samba4.blackbox.dbcheck-links.release-4-5-0-pre1.dangling_multi_valued_check_missing --^samba4.blackbox.net_ads_join.join - - # We currently don't send referrals for LDAP modify of non-replicated attrs - ^samba4.ldap.rodc.python\(rodc\).__main__.RodcTests.test_modify_nonreplicated.* -diff --git a/source3/include/secrets.h b/source3/include/secrets.h -index a454c8bb8ff..061b9c6ef34 100644 ---- a/source3/include/secrets.h -+++ b/source3/include/secrets.h -@@ -125,12 +125,15 @@ char *secrets_domain_info_string(TALLOC_CTX *mem_ctx, const struct secrets_domai - NTSTATUS secrets_fetch_or_upgrade_domain_info(const char *domain, - TALLOC_CTX *mem_ctx, - struct secrets_domain_info1 **pinfo); --NTSTATUS secrets_prepare_password_change(const char *domain, const char *dcname, -- const char *cleartext_unix, -- TALLOC_CTX *mem_ctx, -- struct secrets_domain_info1 **pinfo, -- struct secrets_domain_info1_change **pprev, -- NTSTATUS (*sync_pw2keytabs_fn)(void)); -+NTSTATUS secrets_prepare_password_change( -+ const char *domain, -+ const char *dcname, -+ const char *cleartext_unix, -+ TALLOC_CTX *mem_ctx, -+ struct secrets_domain_info1 **pinfo, -+ struct secrets_domain_info1_change **pprev, -+ NTSTATUS (*sync_pw2keytabs_fn)(const char *), -+ const char *opt_host); - NTSTATUS secrets_failed_password_change(const char *change_server, - NTSTATUS local_status, - NTSTATUS remote_status, -@@ -139,10 +142,12 @@ NTSTATUS secrets_defer_password_change(const char *change_server, - NTSTATUS local_status, - NTSTATUS remote_status, - const struct secrets_domain_info1 *info); --NTSTATUS secrets_finish_password_change(const char *change_server, -- NTTIME change_time, -- const struct secrets_domain_info1 *info, -- NTSTATUS (*sync_pw2keytabs_fn)(void)); -+NTSTATUS secrets_finish_password_change( -+ const char *change_server, -+ NTTIME change_time, -+ const struct secrets_domain_info1 *info, -+ NTSTATUS (*sync_pw2keytabs_fn)(const char *), -+ const char *prefer_dc); - bool secrets_delete_machine_password_ex(const char *domain, const char *realm); - bool secrets_delete_domain_sid(const char *domain); - char *secrets_fetch_prev_machine_password(const char *domain); -diff --git a/source3/libads/ads_proto.h b/source3/libads/ads_proto.h -index 8440c35e46d..2e67eef155c 100644 ---- a/source3/libads/ads_proto.h -+++ b/source3/libads/ads_proto.h -@@ -230,6 +230,6 @@ struct spn_struct { - /* parse a windows style SPN, returns NULL if parsing fails */ - struct spn_struct *parse_spn(TALLOC_CTX *ctx, const char *srvprinc); - --NTSTATUS sync_pw2keytabs(void); -+NTSTATUS sync_pw2keytabs(const char *prefer_dc); - - #endif /* _LIBADS_ADS_PROTO_H_ */ -diff --git a/source3/libads/kerberos_keytab.c b/source3/libads/kerberos_keytab.c -index 49a892e5a55..1d4f9c12e1d 100644 ---- a/source3/libads/kerberos_keytab.c -+++ b/source3/libads/kerberos_keytab.c -@@ -84,6 +84,7 @@ struct pw2kt_global_state { - char *ad_upn; - char *ad_sam_account; - char **ad_spn_array; -+ const char *prefer_dc; - size_t ad_num_spns; - /* This is from secrets.db */ - struct secrets_domain_info1 *info; -@@ -869,8 +870,11 @@ static ADS_STATUS pw2kt_get_dc_info(struct pw2kt_global_state *state) - int count; - bool ok; - TALLOC_CTX *tmp_ctx = talloc_stackframe(); -- ADS_STRUCT *ads = ads_init( -- tmp_ctx, lp_realm(), lp_workgroup(), NULL, ADS_SASL_SIGN); -+ ADS_STRUCT *ads = ads_init(tmp_ctx, -+ lp_realm(), -+ lp_workgroup(), -+ state->prefer_dc, -+ ADS_SASL_SIGN); - - if (ads == NULL) { - DBG_ERR("ads_init() failed\n"); -@@ -1029,7 +1033,20 @@ static bool pw2kt_default_keytab_name(char *name_str, size_t name_size) - return true; - } - --NTSTATUS sync_pw2keytabs(void) -+/** -+ * @internal -+ * -+ * @brief Sync machine password from secrets to keytab -+ * -+ * @param prefer_dc The DC we should talk to. This is especially important -+ * during domain join. Pass NULL if we should pick a random -+ * one. -+ * -+ * @return An NTSTATUS error code. -+ * -+ * @see NT_STATUS_IS_OK() -+ */ -+NTSTATUS sync_pw2keytabs(const char *prefer_dc) - { - TALLOC_CTX *frame = talloc_stackframe(); - const struct loadparm_substitution *lp_sub = -@@ -1055,6 +1072,7 @@ NTSTATUS sync_pw2keytabs(void) - TALLOC_FREE(frame); - return NT_STATUS_NO_MEMORY; - } -+ state->prefer_dc = prefer_dc; - - lp_ptr = lp_sync_machine_password_to_keytab(); - if (lp_ptr == NULL) { -diff --git a/source3/libads/trusts_util.c b/source3/libads/trusts_util.c -index 6a39f32f350..c51c556e86b 100644 ---- a/source3/libads/trusts_util.c -+++ b/source3/libads/trusts_util.c -@@ -360,10 +360,11 @@ NTSTATUS trust_pw_change(struct netlogon_creds_cli_context *context, - &info, - &prev, - #ifdef HAVE_ADS -- sync_pw2keytabs); -+ sync_pw2keytabs, - #else -- NULL); -+ NULL, - #endif -+ NULL /* opt_host */); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(0, ("secrets_prepare_password_change() failed for domain %s!\n", - domain)); -@@ -610,10 +611,11 @@ NTSTATUS trust_pw_change(struct netlogon_creds_cli_context *context, - prev->password->change_time, - info, - #ifdef HAVE_ADS -- sync_pw2keytabs); -+ sync_pw2keytabs, - #else -- NULL); -+ NULL, - #endif -+ prev->password->change_server); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(0, ("secrets_prepare_password_change() failed for domain %s!\n", - domain)); -@@ -759,10 +761,11 @@ NTSTATUS trust_pw_change(struct netlogon_creds_cli_context *context, - info->next_change->change_time, - info, - #ifdef HAVE_ADS -- sync_pw2keytabs); -+ sync_pw2keytabs, - #else -- NULL); -+ NULL, - #endif -+ info->next_change->change_server); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(0, ("secrets_finish_password_change() failed for domain %s!\n", - domain)); -diff --git a/source3/libads/util.c b/source3/libads/util.c -index 243dd09f3d0..360e556ab9b 100644 ---- a/source3/libads/util.c -+++ b/source3/libads/util.c -@@ -59,10 +59,11 @@ ADS_STATUS ads_change_trust_account_password(ADS_STRUCT *ads, char *host_princip - &info, - &prev, - #ifdef HAVE_ADS -- sync_pw2keytabs); -+ sync_pw2keytabs, - #else -- NULL); -+ NULL, - #endif -+ ads->auth.kdc_server); - if (!NT_STATUS_IS_OK(status)) { - return ADS_ERROR_NT(status); - } -@@ -138,10 +139,11 @@ ADS_STATUS ads_change_trust_account_password(ADS_STRUCT *ads, char *host_princip - now, - info, - #ifdef HAVE_ADS -- sync_pw2keytabs); -+ sync_pw2keytabs, - #else -- NULL); -+ NULL, - #endif -+ ads->auth.kdc_server); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(1,("Failed to save machine password\n")); - return ADS_ERROR_NT(status); -diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c -index 5796c68e2e0..cb997dcbe23 100644 ---- a/source3/libnet/libnet_join.c -+++ b/source3/libnet/libnet_join.c -@@ -867,7 +867,7 @@ static ADS_STATUS libnet_join_set_etypes(TALLOC_CTX *mem_ctx, - static bool libnet_join_create_keytab(TALLOC_CTX *mem_ctx, - struct libnet_JoinCtx *r) - { -- NTSTATUS ntstatus = sync_pw2keytabs(); -+ NTSTATUS ntstatus = sync_pw2keytabs(r->in.dc_name); - - return NT_STATUS_IS_OK(ntstatus); - } -diff --git a/source3/passdb/machine_account_secrets.c b/source3/passdb/machine_account_secrets.c -index 0679535f026..568d77a3892 100644 ---- a/source3/passdb/machine_account_secrets.c -+++ b/source3/passdb/machine_account_secrets.c -@@ -1674,7 +1674,8 @@ NTSTATUS secrets_prepare_password_change(const char *domain, const char *dcname, - TALLOC_CTX *mem_ctx, - struct secrets_domain_info1 **pinfo, - struct secrets_domain_info1_change **pprev, -- NTSTATUS (*sync_pw2keytabs_fn)(void)) -+ NTSTATUS (*sync_pw2keytabs_fn)(const char *), -+ const char *opt_host) - { - TALLOC_CTX *frame = talloc_stackframe(); - struct db_context *db = NULL; -@@ -1770,7 +1771,7 @@ NTSTATUS secrets_prepare_password_change(const char *domain, const char *dcname, - } - - if (prev == NULL && sync_pw2keytabs_fn != NULL) { -- status = sync_pw2keytabs_fn(); -+ status = sync_pw2keytabs_fn(opt_host); - if (!NT_STATUS_IS_OK(status)) { - DBG_ERR("Sync of machine password failed.\n"); - dbwrap_transaction_cancel(db); -@@ -2023,7 +2024,8 @@ NTSTATUS secrets_defer_password_change(const char *change_server, - NTSTATUS secrets_finish_password_change(const char *change_server, - NTTIME change_time, - const struct secrets_domain_info1 *cookie, -- NTSTATUS (*sync_pw2keytabs_fn)(void)) -+ NTSTATUS (*sync_pw2keytabs_fn)(const char *), -+ const char *prefer_dc) - { - const char *domain = cookie->domain_info.name.string; - TALLOC_CTX *frame = talloc_stackframe(); -@@ -2102,7 +2104,7 @@ NTSTATUS secrets_finish_password_change(const char *change_server, - } - - if (sync_pw2keytabs_fn != NULL) { -- status = sync_pw2keytabs_fn(); -+ status = sync_pw2keytabs_fn(prefer_dc); - if (!NT_STATUS_IS_OK(status)) { - DBG_ERR("Sync of machine password failed.\n"); - TALLOC_FREE(frame); -diff --git a/source3/utils/net.c b/source3/utils/net.c -index 7ce93ced79e..ecabd980d0c 100644 ---- a/source3/utils/net.c -+++ b/source3/utils/net.c -@@ -235,10 +235,11 @@ static int net_changesecretpw(struct net_context *c, int argc, - &info, - &prev, - #ifdef HAVE_ADS -- sync_pw2keytabs); -+ sync_pw2keytabs, - #else -- NULL); -+ NULL, - #endif -+ c->opt_host); - if (!NT_STATUS_IS_OK(status)) { - d_fprintf(stderr, - _("Unable to write the machine account password in the secrets database")); -@@ -261,10 +262,11 @@ static int net_changesecretpw(struct net_context *c, int argc, - now, - info, - #ifdef HAVE_ADS -- sync_pw2keytabs); -+ sync_pw2keytabs, - #else -- NULL); -+ NULL, - #endif -+ c->opt_host); - if (!NT_STATUS_IS_OK(status)) { - d_fprintf(stderr, - _("Unable to write the machine account password in the secrets database")); -diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c -index 46531210411..753b957e43f 100644 ---- a/source3/utils/net_ads.c -+++ b/source3/utils/net_ads.c -@@ -2965,7 +2965,7 @@ static int net_ads_keytab_create(struct net_context *c, int argc, const char **a - net_use_krb_machine_account(c); - } - -- ntstatus = sync_pw2keytabs(); -+ ntstatus = sync_pw2keytabs(c->opt_host); - ret = NT_STATUS_IS_OK(ntstatus) ? 0 : 1; - return ret; - } --- -2.51.0 - diff --git a/samba.spec b/samba.spec index 803beb3..7ce0709 100644 --- a/samba.spec +++ b/samba.spec @@ -107,13 +107,20 @@ %bcond etcd_mutex 0 %endif +# Build the prometheus exporter by default on Fedora +%if 0%{?fedora} +%bcond prometheus 1 +%else +%bcond prometheus 0 +%endif + %ifarch aarch64 ppc64le s390x x86_64 riscv64 %bcond lmdb 1 %else %bcond lmdb 0 %endif -%global samba_version 4.22.4 +%global samba_version 4.23.0 # The release field is extended: # [.][.]%%{?dist}[.] @@ -159,8 +166,8 @@ %global libwbclient_so_version 0 %global talloc_version 2.4.3 -%global tdb_version 1.4.13 -%global tevent_version 0.16.2 +%global tdb_version 1.4.14 +%global tevent_version 0.17.1 %global required_mit_krb5 1.20.1 @@ -219,11 +226,11 @@ Source202: samba.abignore # # git clone git@gitlab.com:samba-redhat/samba.git # cd samba -# git checkout v4-22-redhat -# git format-patch --stdout -l1 --no-renames -N > redhat-4.22.patch +# git checkout v4-23-redhat +# git format-patch --stdout -l1 --no-renames -N > redhat-4.23.patch # where N is number of commits -Patch0: redhat-4.22.patch +# Patch0: redhat-4.23.patch Requires(pre): %{name}-common = %{samba_depver} Requires: %{name}-common = %{samba_depver} @@ -324,6 +331,11 @@ BuildRequires: xz BuildRequires: zlib-devel >= 1.2.3 BuildRequires: pkgconfig(libsystemd) +# TODO FIXME This is not in RHEL yet +%if 0%{?fedora} >= 43 +BuildRequires: pkgconfig(libngtcp2) +BuildRequires: pkgconfig(libngtcp2_crypto_gnutls) +%endif %ifnarch i686 %if 0%{?fedora} >= 37 @@ -353,6 +365,9 @@ BuildRequires: librados-devel %if %{with etcd_mutex} BuildRequires: python3-etcd %endif +%if %{with prometheus} +BuildRequires: libevent-devel +%endif BuildRequires: cepces-certmonger >= 0.3.8 @@ -1214,6 +1229,18 @@ Support for using an existing CEPH cluster as a mutex helper for CTDB #endif with clustering %endif +%if %{with prometheus} + +%package prometheus +Summary: SMB Prometheus exporter +Requires: samba = %{samba_depver} + +%description prometheus +Support for exporting metrics via Prometheus + +#endif with prometheus +%endif + ### LIBLDB %package -n libldb Summary: A schema-less, ldap like, API and database @@ -1365,6 +1392,8 @@ if [ -n "${CCACHE}" ]; then fi %endif +# workaround https://gitlab.com/ita1024/waf/-/issues/2472 +export PYTHONARCHDIR=%{python3_sitearch} %configure \ --enable-fhs \ --with-piddir=/run \ @@ -1404,6 +1433,9 @@ fi %endif %if %{with etcd_mutex} --enable-etcd-reclock \ +%endif +%if %{with prometheus} + --with-prometheus-exporter \ %endif --with-profiling-data \ --with-systemd \ @@ -2003,22 +2035,27 @@ fi %{_libdir}/samba/libndr-samba4-private-samba.so %{_libdir}/samba/libnet-keytab-private-samba.so %{_libdir}/samba/libnetif-private-samba.so +%if 0%{?rhel} +%{_libdir}/samba/libngtcp2-crypto-gnutls-private-samba.so +%{_libdir}/samba/libngtcp2-private-samba.so +%endif %{_libdir}/samba/libnpa-tstream-private-samba.so %{_libdir}/samba/libposix-eadb-private-samba.so %{_libdir}/samba/libprinter-driver-private-samba.so %{_libdir}/samba/libprinting-migrate-private-samba.so +%{_libdir}/samba/libquic-private-samba.so %{_libdir}/samba/libregistry-private-samba.so %{_libdir}/samba/libsamba-cluster-support-private-samba.so %{_libdir}/samba/libsamba-debug-private-samba.so %{_libdir}/samba/libsamba-modules-private-samba.so %{_libdir}/samba/libsamba-security-private-samba.so +%{_libdir}/samba/libsamba-security-trusts-private-samba.so %{_libdir}/samba/libsamba-sockets-private-samba.so %{_libdir}/samba/libsamba3-util-private-samba.so %{_libdir}/samba/libsamdb-common-private-samba.so %{_libdir}/samba/libsecrets3-private-samba.so %{_libdir}/samba/libserver-id-db-private-samba.so %{_libdir}/samba/libserver-role-private-samba.so -%{_libdir}/samba/libsmb-transport-private-samba.so %{_libdir}/samba/libsmbclient-raw-private-samba.so %{_libdir}/samba/libsmbd-base-private-samba.so %{_libdir}/samba/libsmbd-shim-private-samba.so @@ -2114,6 +2151,7 @@ fi %{_mandir}/man8/net.8* %{_mandir}/man8/pdbedit.8* %{_mandir}/man8/smbpasswd.8* +%{_datadir}/locale/*/LC_MESSAGES/net.mo ### TOOLS %files tools @@ -2191,6 +2229,7 @@ fi %{_libdir}/samba/ldb/subtree_delete.so %{_libdir}/samba/ldb/subtree_rename.so %{_libdir}/samba/ldb/tombstone_reanimate.so +%{_libdir}/samba/ldb/trust_notify.so %{_libdir}/samba/ldb/unique_object_sids.so %{_libdir}/samba/ldb/update_keytab.so %{_libdir}/samba/ldb/vlv.so @@ -2236,6 +2275,7 @@ fi %{_libdir}/samba/service/dns.so %{_libdir}/samba/service/dns_update.so %{_libdir}/samba/service/drepl.so +%{_libdir}/samba/service/ft_scanner.so %{_libdir}/samba/service/kcc.so %{_libdir}/samba/service/kdc.so %{_libdir}/samba/service/ldap.so @@ -2588,6 +2628,7 @@ fi %{python3_sitearch}/samba/dcerpc/atsvc.*.so %{python3_sitearch}/samba/dcerpc/auth.*.so %{python3_sitearch}/samba/dcerpc/base.*.so +%{python3_sitearch}/samba/dcerpc/bcrypt_rsakey_blob.*.so %{python3_sitearch}/samba/dcerpc/claims.*.so %{python3_sitearch}/samba/dcerpc/conditional_ace.*.so %{python3_sitearch}/samba/dcerpc/dcerpc.*.so @@ -2603,6 +2644,7 @@ fi %{python3_sitearch}/samba/dcerpc/idmap.*.so %{python3_sitearch}/samba/dcerpc/initshutdown.*.so %{python3_sitearch}/samba/dcerpc/irpc.*.so +%{python3_sitearch}/samba/dcerpc/keycredlink.*.so %{python3_sitearch}/samba/dcerpc/krb5ccache.*.so %{python3_sitearch}/samba/dcerpc/krb5pac.*.so %{python3_sitearch}/samba/dcerpc/lsa.*.so @@ -2624,6 +2666,7 @@ fi %{python3_sitearch}/samba/dcerpc/spoolss.*.so %{python3_sitearch}/samba/dcerpc/srvsvc.*.so %{python3_sitearch}/samba/dcerpc/svcctl.*.so +%{python3_sitearch}/samba/dcerpc/tpm20_rsakey_blob.*.so %{python3_sitearch}/samba/dcerpc/unixinfo.*.so %{python3_sitearch}/samba/dcerpc/winbind.*.so %{python3_sitearch}/samba/dcerpc/windows_event_ids.*.so @@ -3127,6 +3170,7 @@ fi %{python3_sitearch}/samba/tests/__pycache__/auth_log_netlogon_bad_creds.*.pyc %{python3_sitearch}/samba/tests/__pycache__/auth_log_samlogon.*.pyc %{python3_sitearch}/samba/tests/__pycache__/auth_log_winbind.*.pyc +%{python3_sitearch}/samba/tests/__pycache__/bcrypt_rsakey_blob.*.pyc %{python3_sitearch}/samba/tests/__pycache__/common.*.pyc %{python3_sitearch}/samba/tests/__pycache__/complex_expressions.*.pyc %{python3_sitearch}/samba/tests/__pycache__/compression.*.pyc @@ -3168,6 +3212,7 @@ fi %{python3_sitearch}/samba/tests/__pycache__/hostconfig.*.pyc %{python3_sitearch}/samba/tests/__pycache__/imports.*.pyc %{python3_sitearch}/samba/tests/__pycache__/join.*.pyc +%{python3_sitearch}/samba/tests/__pycache__/key_credential_link.*.pyc %{python3_sitearch}/samba/tests/__pycache__/krb5_credentials.*.pyc %{python3_sitearch}/samba/tests/__pycache__/ldap_raw.*.pyc %{python3_sitearch}/samba/tests/__pycache__/ldap_referrals.*.pyc @@ -3245,6 +3290,7 @@ fi %{python3_sitearch}/samba/tests/__pycache__/subunitrun.*.pyc %{python3_sitearch}/samba/tests/__pycache__/tdb_util.*.pyc %{python3_sitearch}/samba/tests/__pycache__/token_factory.*.pyc +%{python3_sitearch}/samba/tests/__pycache__/tpm20_rsakey_blob.*.pyc %{python3_sitearch}/samba/tests/__pycache__/upgrade.*.pyc %{python3_sitearch}/samba/tests/__pycache__/upgradeprovision.*.pyc %{python3_sitearch}/samba/tests/__pycache__/upgradeprovisionneeddc.*.pyc @@ -3262,6 +3308,7 @@ fi %{python3_sitearch}/samba/tests/auth_log_pass_change.py %{python3_sitearch}/samba/tests/auth_log_samlogon.py %{python3_sitearch}/samba/tests/auth_log_winbind.py +%{python3_sitearch}/samba/tests/bcrypt_rsakey_blob.py %dir %{python3_sitearch}/samba/tests/blackbox %{python3_sitearch}/samba/tests/blackbox/__init__.py %dir %{python3_sitearch}/samba/tests/blackbox/__pycache__ @@ -3330,6 +3377,7 @@ fi %{python3_sitearch}/samba/tests/dcerpc/__pycache__/array.*.pyc %{python3_sitearch}/samba/tests/dcerpc/__pycache__/bare.*.pyc %{python3_sitearch}/samba/tests/dcerpc/__pycache__/binding.*.pyc +%{python3_sitearch}/samba/tests/dcerpc/__pycache__/dfs.*.pyc %{python3_sitearch}/samba/tests/dcerpc/__pycache__/dnsserver.*.pyc %{python3_sitearch}/samba/tests/dcerpc/__pycache__/integer.*.pyc %{python3_sitearch}/samba/tests/dcerpc/__pycache__/lsa.*.pyc @@ -3350,6 +3398,7 @@ fi %{python3_sitearch}/samba/tests/dcerpc/array.py %{python3_sitearch}/samba/tests/dcerpc/bare.py %{python3_sitearch}/samba/tests/dcerpc/binding.py +%{python3_sitearch}/samba/tests/dcerpc/dfs.py %{python3_sitearch}/samba/tests/dcerpc/dnsserver.py %{python3_sitearch}/samba/tests/dcerpc/integer.py %{python3_sitearch}/samba/tests/dcerpc/lsa.py @@ -3422,6 +3471,7 @@ fi %{python3_sitearch}/samba/tests/kcc/graph_utils.py %{python3_sitearch}/samba/tests/kcc/kcc_utils.py %{python3_sitearch}/samba/tests/kcc/ldif_import_export.py +%{python3_sitearch}/samba/tests/key_credential_link.py %dir %{python3_sitearch}/samba/tests/krb5 %dir %{python3_sitearch}/samba/tests/krb5/__pycache__ %{python3_sitearch}/samba/tests/krb5/__pycache__/alias_tests.*.pyc @@ -3537,6 +3587,12 @@ fi %{python3_sitearch}/samba/tests/net_join_no_spnego.py %{python3_sitearch}/samba/tests/net_join.py %{python3_sitearch}/samba/tests/netlogonsvc.py +%dir %{python3_sitearch}/samba/tests/nss +%dir %{python3_sitearch}/samba/tests/nss/__pycache__ +%{python3_sitearch}/samba/tests/nss/__pycache__/base.*.pyc +%{python3_sitearch}/samba/tests/nss/__pycache__/group.*.pyc +%{python3_sitearch}/samba/tests/nss/base.py +%{python3_sitearch}/samba/tests/nss/group.py %{python3_sitearch}/samba/tests/ntacls.py %{python3_sitearch}/samba/tests/ntacls_backup.py %{python3_sitearch}/samba/tests/ntlmdisabled.py @@ -3697,10 +3753,21 @@ fi %{python3_sitearch}/samba/tests/subunitrun.py %{python3_sitearch}/samba/tests/tdb_util.py %{python3_sitearch}/samba/tests/token_factory.py +%{python3_sitearch}/samba/tests/tpm20_rsakey_blob.py %{python3_sitearch}/samba/tests/upgrade.py %{python3_sitearch}/samba/tests/upgradeprovision.py %{python3_sitearch}/samba/tests/upgradeprovisionneeddc.py %{python3_sitearch}/samba/tests/usage.py +%dir %{python3_sitearch}/samba/tests/varlink +%dir %{python3_sitearch}/samba/tests/varlink/__pycache__ +%{python3_sitearch}/samba/tests/varlink/__pycache__/base.*.pyc +%{python3_sitearch}/samba/tests/varlink/__pycache__/getgrouprecord.*.pyc +%{python3_sitearch}/samba/tests/varlink/__pycache__/getmemberships.*.pyc +%{python3_sitearch}/samba/tests/varlink/__pycache__/getuserrecord.*.pyc +%{python3_sitearch}/samba/tests/varlink/base.py +%{python3_sitearch}/samba/tests/varlink/getgrouprecord.py +%{python3_sitearch}/samba/tests/varlink/getmemberships.py +%{python3_sitearch}/samba/tests/varlink/getuserrecord.py %{python3_sitearch}/samba/tests/xattr.py ### TEST @@ -3769,6 +3836,7 @@ fi %config(noreplace) %{_sysconfdir}/security/pam_winbind.conf %{_mandir}/man5/pam_winbind.conf.5* %{_mandir}/man8/pam_winbind.8* +%{_datadir}/locale/*/LC_MESSAGES/pam_winbind.mo %if %{with clustering} %files -n ctdb @@ -3918,6 +3986,13 @@ fi %{_mandir}/man1/winexe.1.gz %endif +%if %{with prometheus} +%files prometheus +%{_bindir}/smb_prometheus_endpoint +%{_mandir}/man8/smb_prometheus_endpoint.8.gz +#endif with prometheus + +%endif %files -n libldb %license lib/ldb/LICENSE %{_libdir}/libldb.so.* diff --git a/sources b/sources index b660a4f..9c54049 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (samba-4.22.4.tar.asc) = ee1b66c6094f6c44954470432676034afc557db84f28a6ef37ea770d987cd5dddf6f6e8c179f3344cf04abc1c6696bbaa5ae031119edc58ea533b464d77641d9 -SHA512 (samba-4.22.4.tar.xz) = d04db845227ace43642ba69da4ded80d576db01d2e6a7e3e3161c05ce20ff77bd944d39aaf35adab59bed607e0037713969cb9a855a367ab65d021c5aef7ea46 +SHA512 (samba-4.23.0.tar.asc) = 508587816e941cd8dc9f65b7f05c828ce859fb7f74a01a200f685c5188c79c916b4d5b167b71298c53cc8a01d6e17a272ea773980488af532a85308fd1142156 +SHA512 (samba-4.23.0.tar.xz) = 660b35a99544a868b11b24ea3c2ed58de5f68c7fc12d3ea71bc84724285eee4375d13ccf357f0248352fab344d76303660e09598f5f1988f3d0f8e76c535a781