diff --git a/.gitignore b/.gitignore index 540320d..7709fe6 100644 --- a/.gitignore +++ b/.gitignore @@ -249,3 +249,5 @@ samba-3.6.0pre1.tar.gz /samba-4.14.4.tar.asc /samba-4.14.5.tar.asc /samba-4.14.5.tar.xz +/samba-4.15.2.tar.asc +/samba-4.15.2.tar.xz diff --git a/samba-4.15-fix-winbind-no-trusted-domain.patch b/samba-4.15-fix-winbind-no-trusted-domain.patch new file mode 100644 index 0000000..4924872 --- /dev/null +++ b/samba-4.15-fix-winbind-no-trusted-domain.patch @@ -0,0 +1,41 @@ +From 2edaf32b4204b9fe363c441c25b6989fe76911a4 Mon Sep 17 00:00:00 2001 +From: Stefan Metzmacher +Date: Tue, 9 Nov 2021 20:50:20 +0100 +Subject: [PATCH] s3:winbindd: fix "allow trusted domains = no" regression + +add_trusted_domain() should only reject domains +based on is_allowed_domain(), which now also +checks "allow trusted domains = no", if we don't +have an explicit trust to the domain (SEC_CHAN_NULL). + +We use at least SEC_CHAN_LOCAL for local domains like +BUILTIN. + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=14899 + +Signed-off-by: Stefan Metzmacher + +Autobuild-User(master): Stefan Metzmacher +Autobuild-Date(master): Wed Nov 10 11:21:31 UTC 2021 on sn-devel-184 + +(cherry picked from commit a7f6c60cb037b4bc9eee276236539b8282213935) +--- + source3/winbindd/winbindd_util.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c +index 42ddbfd2f44..9d54e462c42 100644 +--- a/source3/winbindd/winbindd_util.c ++++ b/source3/winbindd/winbindd_util.c +@@ -134,7 +134,7 @@ static NTSTATUS add_trusted_domain(const char *domain_name, + return NT_STATUS_INVALID_PARAMETER; + } + +- if (!is_allowed_domain(domain_name)) { ++ if (secure_channel_type == SEC_CHAN_NULL && !is_allowed_domain(domain_name)) { + return NT_STATUS_NO_SUCH_DOMAIN; + } + +-- +2.33.1 + diff --git a/samba-4.15-ipa-dc-schannel.patch b/samba-4.15-ipa-dc-schannel.patch new file mode 100644 index 0000000..d315a5d --- /dev/null +++ b/samba-4.15-ipa-dc-schannel.patch @@ -0,0 +1,45 @@ +From 3fc4d1d3998f3956a84c855cb60a9dcb335e1f59 Mon Sep 17 00:00:00 2001 +From: Alexander Bokovoy +Date: Fri, 12 Nov 2021 19:06:01 +0200 +Subject: [PATCH] IPA DC: add missing checks + +When introducing FreeIPA support, two places were forgotten: + + - schannel gensec module needs to be aware of IPA DC + - _lsa_QueryInfoPolicy should treat IPA DC as PDC + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=14903 + +Signed-off-by: Alexander Bokovoy +--- + auth/gensec/schannel.c | 1 + + source3/rpc_server/lsa/srv_lsa_nt.c | 1 + + 2 files changed, 2 insertions(+) + +diff --git a/auth/gensec/schannel.c b/auth/gensec/schannel.c +index 0cdae141ead..6ebbe8f3179 100644 +--- a/auth/gensec/schannel.c ++++ b/auth/gensec/schannel.c +@@ -1080,6 +1080,7 @@ static NTSTATUS schannel_server_start(struct gensec_security *gensec_security) + case ROLE_DOMAIN_BDC: + case ROLE_DOMAIN_PDC: + case ROLE_ACTIVE_DIRECTORY_DC: ++ case ROLE_IPA_DC: + return NT_STATUS_OK; + default: + return NT_STATUS_NOT_IMPLEMENTED; +diff --git a/source3/rpc_server/lsa/srv_lsa_nt.c b/source3/rpc_server/lsa/srv_lsa_nt.c +index 8d71b5252ab..ea92a22cbc9 100644 +--- a/source3/rpc_server/lsa/srv_lsa_nt.c ++++ b/source3/rpc_server/lsa/srv_lsa_nt.c +@@ -683,6 +683,7 @@ NTSTATUS _lsa_QueryInfoPolicy(struct pipes_struct *p, + switch (lp_server_role()) { + case ROLE_DOMAIN_PDC: + case ROLE_DOMAIN_BDC: ++ case ROLE_IPA_DC: + name = get_global_sam_name(); + sid = dom_sid_dup(p->mem_ctx, get_global_sam_sid()); + if (!sid) { +-- +2.33.1 + diff --git a/samba-4.15-logfile.patch b/samba-4.15-logfile.patch new file mode 100644 index 0000000..6300639 --- /dev/null +++ b/samba-4.15-logfile.patch @@ -0,0 +1,981 @@ +From 96d6bd4feb27b9b003aac44ef2ab7ef0a288272d Mon Sep 17 00:00:00 2001 +From: Ralph Boehme +Date: Wed, 10 Nov 2021 20:18:07 +0100 +Subject: [PATCH 1/8] source3: move lib/substitute.c functions out of proto.h + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=14897 + +Signed-off-by: Ralph Boehme +--- + source3/auth/auth_generic.c | 1 + + source3/auth/auth_ntlmssp.c | 1 + + source3/auth/auth_util.c | 1 + + source3/include/proto.h | 33 ----------- + source3/lib/substitute.c | 1 + + source3/lib/substitute.h | 63 +++++++++++++++++++++ + source3/modules/vfs_expand_msdfs.c | 1 + + source3/modules/vfs_full_audit.c | 1 + + source3/modules/vfs_recycle.c | 1 + + source3/modules/vfs_unityed_media.c | 1 + + source3/modules/vfs_virusfilter_utils.c | 1 + + source3/nmbd/nmbd.c | 1 + + source3/nmbd/nmbd_synclists.c | 1 + + source3/param/loadparm.c | 1 + + source3/passdb/passdb.c | 1 + + source3/passdb/pdb_ldap.c | 1 + + source3/printing/print_generic.c | 1 + + source3/printing/printing.c | 1 + + source3/rpc_server/lsa/srv_lsa_nt.c | 1 + + source3/rpc_server/netlogon/srv_netlog_nt.c | 1 + + source3/rpc_server/srvsvc/srv_srvsvc_nt.c | 1 + + source3/smbd/ipc.c | 1 + + source3/smbd/lanman.c | 1 + + source3/smbd/message.c | 1 + + source3/smbd/msdfs.c | 1 + + source3/smbd/process.c | 1 + + source3/smbd/reply.c | 1 + + source3/smbd/server.c | 1 + + source3/smbd/service.c | 1 + + source3/smbd/sesssetup.c | 1 + + source3/smbd/share_access.c | 1 + + source3/smbd/smb2_server.c | 1 + + source3/smbd/smb2_sesssetup.c | 1 + + source3/smbd/trans2.c | 1 + + source3/smbd/uid.c | 1 + + source3/torture/torture.c | 1 + + source3/utils/net_sam.c | 1 + + source3/winbindd/wb_getpwsid.c | 1 + + source3/winbindd/winbindd.c | 1 + + 39 files changed, 100 insertions(+), 33 deletions(-) + create mode 100644 source3/lib/substitute.h + +diff --git a/source3/auth/auth_generic.c b/source3/auth/auth_generic.c +index fc7a7549e8e..ff51307e43a 100644 +--- a/source3/auth/auth_generic.c ++++ b/source3/auth/auth_generic.c +@@ -36,6 +36,7 @@ + #include "auth/credentials/credentials.h" + #include "lib/param/loadparm.h" + #include "librpc/gen_ndr/dcerpc.h" ++#include "source3/lib/substitute.h" + + static NTSTATUS auth3_generate_session_info_pac(struct auth4_context *auth_ctx, + TALLOC_CTX *mem_ctx, +diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c +index 676aa9d892c..f2deca09aa6 100644 +--- a/source3/auth/auth_ntlmssp.c ++++ b/source3/auth/auth_ntlmssp.c +@@ -25,6 +25,7 @@ + #include "auth.h" + #include "libcli/security/security.h" + #include "lib/util/tevent_ntstatus.h" ++#include "source3/lib/substitute.h" + + NTSTATUS auth3_generate_session_info(struct auth4_context *auth_context, + TALLOC_CTX *mem_ctx, +diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c +index dec854d85c3..4527dedc49d 100644 +--- a/source3/auth/auth_util.c ++++ b/source3/auth/auth_util.c +@@ -38,6 +38,7 @@ + #include "rpc_client/util_netlogon.h" + #include "source4/auth/auth.h" + #include "auth/auth_util.h" ++#include "source3/lib/substitute.h" + + #undef DBGC_CLASS + #define DBGC_CLASS DBGC_AUTH +diff --git a/source3/include/proto.h b/source3/include/proto.h +index eb45179aebb..a96c2c8d110 100644 +--- a/source3/include/proto.h ++++ b/source3/include/proto.h +@@ -139,39 +139,6 @@ int smbrun_no_sanitize(const char *cmd, int *outfd, char * const *env); + int smbrun(const char *cmd, int *outfd, char * const *env); + int smbrunsecret(const char *cmd, const char *secret); + +-/* The following definitions come from lib/substitute.c */ +- +-bool set_local_machine_name(const char *local_name, bool perm); +-const char *get_local_machine_name(void); +-bool set_remote_machine_name(const char *remote_name, bool perm); +-const char *get_remote_machine_name(void); +-void sub_set_smb_name(const char *name); +-void set_current_user_info(const char *smb_name, const char *unix_name, +- const char *domain); +-void sub_set_socket_ids(const char *peeraddr, const char *peername, +- const char *sockaddr); +-const char *get_current_username(void); +-void standard_sub_basic(const char *smb_name, const char *domain_name, +- char *str, size_t len); +-char *talloc_sub_basic(TALLOC_CTX *mem_ctx, const char *smb_name, +- const char *domain_name, const char *str); +-char *talloc_sub_specified(TALLOC_CTX *mem_ctx, +- const char *input_string, +- const char *username, +- const char *grpname, +- const char *domain, +- uid_t uid, +- gid_t gid); +-char *talloc_sub_advanced(TALLOC_CTX *mem_ctx, +- const char *servicename, const char *user, +- const char *connectpath, gid_t gid, +- const char *str); +-char *talloc_sub_full(TALLOC_CTX *mem_ctx, +- const char *servicename, const char *user, +- const char *connectpath, gid_t gid, +- const char *smb_name, const char *domain_name, +- const char *str); +- + /* The following definitions come from lib/sysquotas.c */ + + int sys_get_quota(const char *path, enum SMB_QUOTA_TYPE qtype, unid_t id, SMB_DISK_QUOTA *dp); +diff --git a/source3/lib/substitute.c b/source3/lib/substitute.c +index b98a0acf1cb..a941b89f82a 100644 +--- a/source3/lib/substitute.c ++++ b/source3/lib/substitute.c +@@ -20,6 +20,7 @@ + + + #include "includes.h" ++#include "substitute.h" + #include "system/passwd.h" + #include "secrets.h" + #include "auth.h" +diff --git a/source3/lib/substitute.h b/source3/lib/substitute.h +new file mode 100644 +index 00000000000..2056d163dd7 +--- /dev/null ++++ b/source3/lib/substitute.h +@@ -0,0 +1,63 @@ ++/* ++ Unix SMB/CIFS implementation. ++ string substitution functions ++ Copyright (C) Andrew Tridgell 1992-2000 ++ Copyright (C) Gerald Carter 2006 ++ ++ This program is free software; you can redistribute it and/or modify ++ it under the terms of the GNU General Public License as published by ++ the Free Software Foundation; either version 3 of the License, or ++ (at your option) any later version. ++ ++ This program is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ GNU General Public License for more details. ++ ++ You should have received a copy of the GNU General Public License ++ along with this program. If not, see . ++*/ ++ ++#ifndef SUBSTITUTE_H ++#define SUBSTITUTE_H ++ ++bool set_local_machine_name(const char *local_name, bool perm); ++const char *get_local_machine_name(void); ++bool set_remote_machine_name(const char *remote_name, bool perm); ++const char *get_remote_machine_name(void); ++void sub_set_socket_ids(const char *peeraddr, const char *peername, ++ const char *sockaddr); ++void set_current_user_info(const char *smb_name, ++ const char *unix_name, ++ const char *domain); ++const char *get_current_username(void); ++void standard_sub_basic(const char *smb_name, ++ const char *domain_name, ++ char *str, ++ size_t len); ++char *talloc_sub_basic(TALLOC_CTX *mem_ctx, ++ const char *smb_name, ++ const char *domain_name, ++ const char *str); ++char *talloc_sub_specified(TALLOC_CTX *mem_ctx, ++ const char *input_string, ++ const char *username, ++ const char *grpname, ++ const char *domain, ++ uid_t uid, ++ gid_t gid); ++char *talloc_sub_advanced(TALLOC_CTX *ctx, ++ const char *servicename, ++ const char *user, ++ const char *connectpath, ++ gid_t gid, ++ const char *str); ++char *talloc_sub_full(TALLOC_CTX *ctx, ++ const char *servicename, ++ const char *user, ++ const char *connectpath, ++ gid_t gid, ++ const char *smb_name, ++ const char *domain_name, ++ const char *str); ++#endif +diff --git a/source3/modules/vfs_expand_msdfs.c b/source3/modules/vfs_expand_msdfs.c +index 34e7051dca5..fe3c6f47462 100644 +--- a/source3/modules/vfs_expand_msdfs.c ++++ b/source3/modules/vfs_expand_msdfs.c +@@ -25,6 +25,7 @@ + #include "auth.h" + #include "../lib/tsocket/tsocket.h" + #include "msdfs.h" ++#include "source3/lib/substitute.h" + + #undef DBGC_CLASS + #define DBGC_CLASS DBGC_VFS +diff --git a/source3/modules/vfs_full_audit.c b/source3/modules/vfs_full_audit.c +index ceda99d4568..c8dbc8c07bb 100644 +--- a/source3/modules/vfs_full_audit.c ++++ b/source3/modules/vfs_full_audit.c +@@ -73,6 +73,7 @@ + #include "passdb/machine_sid.h" + #include "lib/util/tevent_ntstatus.h" + #include "lib/util/string_wrappers.h" ++#include "source3/lib/substitute.h" + + static int vfs_full_audit_debug_level = DBGC_VFS; + +diff --git a/source3/modules/vfs_recycle.c b/source3/modules/vfs_recycle.c +index 1c18f232c32..7cbc938a57c 100644 +--- a/source3/modules/vfs_recycle.c ++++ b/source3/modules/vfs_recycle.c +@@ -27,6 +27,7 @@ + #include "system/filesys.h" + #include "../librpc/gen_ndr/ndr_netlogon.h" + #include "auth.h" ++#include "source3/lib/substitute.h" + + #define ALLOC_CHECK(ptr, label) do { if ((ptr) == NULL) { DEBUG(0, ("recycle.bin: out of memory!\n")); errno = ENOMEM; goto label; } } while(0) + +diff --git a/source3/modules/vfs_unityed_media.c b/source3/modules/vfs_unityed_media.c +index 62a1456b996..fbd4d968172 100644 +--- a/source3/modules/vfs_unityed_media.c ++++ b/source3/modules/vfs_unityed_media.c +@@ -62,6 +62,7 @@ + #include "../lib/tsocket/tsocket.h" + #include "lib/util/smb_strtox.h" + #include ++#include "source3/lib/substitute.h" + + #define UM_PARAM_TYPE_NAME "unityed_media" + +diff --git a/source3/modules/vfs_virusfilter_utils.c b/source3/modules/vfs_virusfilter_utils.c +index c7f8089ffc7..b8b44eb203b 100644 +--- a/source3/modules/vfs_virusfilter_utils.c ++++ b/source3/modules/vfs_virusfilter_utils.c +@@ -25,6 +25,7 @@ struct iovec; + #include "lib/util/iov_buf.h" + #include + #include "lib/tsocket/tsocket.h" ++#include "source3/lib/substitute.h" + + int virusfilter_debug_class = DBGC_VFS; + +diff --git a/source3/nmbd/nmbd.c b/source3/nmbd/nmbd.c +index 44121e9915c..7470897587e 100644 +--- a/source3/nmbd/nmbd.c ++++ b/source3/nmbd/nmbd.c +@@ -29,6 +29,7 @@ + #include "util_cluster.h" + #include "lib/gencache.h" + #include "lib/global_contexts.h" ++#include "source3/lib/substitute.h" + + int ClientNMB = -1; + int ClientDGRAM = -1; +diff --git a/source3/nmbd/nmbd_synclists.c b/source3/nmbd/nmbd_synclists.c +index a65cbb87e0e..d291927fbc8 100644 +--- a/source3/nmbd/nmbd_synclists.c ++++ b/source3/nmbd/nmbd_synclists.c +@@ -33,6 +33,7 @@ + #include "libsmb/clirap.h" + #include "../libcli/smb/smbXcli_base.h" + #include "lib/util/string_wrappers.h" ++#include "source3/lib/substitute.h" + + struct sync_record { + struct sync_record *next, *prev; +diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c +index f54c08cc4a5..b56fd20e410 100644 +--- a/source3/param/loadparm.c ++++ b/source3/param/loadparm.c +@@ -76,6 +76,7 @@ + #include "lib/crypto/gnutls_helpers.h" + #include "lib/util/string_wrappers.h" + #include "auth/credentials/credentials.h" ++#include "source3/lib/substitute.h" + + #ifdef HAVE_SYS_SYSCTL_H + #include +diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c +index 068c5a5ea70..863f260ea90 100644 +--- a/source3/passdb/passdb.c ++++ b/source3/passdb/passdb.c +@@ -33,6 +33,7 @@ + #include "auth/credentials/credentials.h" + #include "lib/param/param.h" + #include "lib/util/string_wrappers.h" ++#include "source3/lib/substitute.h" + + #undef DBGC_CLASS + #define DBGC_CLASS DBGC_PASSDB +diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c +index e6d8a84c60f..93da28b1941 100644 +--- a/source3/passdb/pdb_ldap.c ++++ b/source3/passdb/pdb_ldap.c +@@ -56,6 +56,7 @@ + #include "lib/util_sid_passdb.h" + #include "lib/util/smb_strtox.h" + #include "lib/util/string_wrappers.h" ++#include "source3/lib/substitute.h" + + #undef DBGC_CLASS + #define DBGC_CLASS DBGC_PASSDB +diff --git a/source3/printing/print_generic.c b/source3/printing/print_generic.c +index 743c311bbd5..8798a4cf34a 100644 +--- a/source3/printing/print_generic.c ++++ b/source3/printing/print_generic.c +@@ -20,6 +20,7 @@ + #include "includes.h" + #include "printing.h" + #include "smbd/proto.h" ++#include "source3/lib/substitute.h" + + extern userdom_struct current_user_info; + +diff --git a/source3/printing/printing.c b/source3/printing/printing.c +index 499334df03f..67d798fbb21 100644 +--- a/source3/printing/printing.c ++++ b/source3/printing/printing.c +@@ -40,6 +40,7 @@ + #include "lib/util/string_wrappers.h" + #include "lib/global_contexts.h" + #include "source3/printing/rap_jobid.h" ++#include "source3/lib/substitute.h" + + extern userdom_struct current_user_info; + +diff --git a/source3/rpc_server/lsa/srv_lsa_nt.c b/source3/rpc_server/lsa/srv_lsa_nt.c +index d6d606ddeca..57f981cb358 100644 +--- a/source3/rpc_server/lsa/srv_lsa_nt.c ++++ b/source3/rpc_server/lsa/srv_lsa_nt.c +@@ -53,6 +53,7 @@ + #include "librpc/rpc/dcesrv_core.h" + #include "librpc/rpc/dcerpc_helper.h" + #include "lib/param/loadparm.h" ++#include "source3/lib/substitute.h" + + #include "lib/crypto/gnutls_helpers.h" + #include +diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c +index eaacd8dbc6a..2906fa3f30f 100644 +--- a/source3/rpc_server/netlogon/srv_netlog_nt.c ++++ b/source3/rpc_server/netlogon/srv_netlog_nt.c +@@ -49,6 +49,7 @@ + #include "lib/param/param.h" + #include "libsmb/dsgetdcname.h" + #include "lib/util/util_str_escape.h" ++#include "source3/lib/substitute.h" + + extern userdom_struct current_user_info; + +diff --git a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c +index 8576e9d2ce2..fc27a459634 100644 +--- a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c ++++ b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c +@@ -42,6 +42,7 @@ + #include "messages.h" + #include "serverid.h" + #include "lib/global_contexts.h" ++#include "source3/lib/substitute.h" + + extern const struct generic_mapping file_generic_mapping; + +diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c +index f1c8ea0c2ed..cf3b7c91c22 100644 +--- a/source3/smbd/ipc.c ++++ b/source3/smbd/ipc.c +@@ -29,6 +29,7 @@ + #include "smbd/globals.h" + #include "smbprofile.h" + #include "rpc_server/srv_pipe_hnd.h" ++#include "source3/lib/substitute.h" + + #define NERR_notsupported 50 + +diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c +index 9194113e768..eb8148753b9 100644 +--- a/source3/smbd/lanman.c ++++ b/source3/smbd/lanman.c +@@ -45,6 +45,7 @@ + #include "rpc_server/rpc_ncacn_np.h" + #include "lib/util/string_wrappers.h" + #include "source3/printing/rap_jobid.h" ++#include "source3/lib/substitute.h" + + #ifdef CHECK_TYPES + #undef CHECK_TYPES +diff --git a/source3/smbd/message.c b/source3/smbd/message.c +index b9728946889..7185bec1289 100644 +--- a/source3/smbd/message.c ++++ b/source3/smbd/message.c +@@ -27,6 +27,7 @@ + #include "smbd/smbd.h" + #include "smbd/globals.h" + #include "smbprofile.h" ++#include "source3/lib/substitute.h" + + extern userdom_struct current_user_info; + +diff --git a/source3/smbd/msdfs.c b/source3/smbd/msdfs.c +index 995ed815d90..fd002e98071 100644 +--- a/source3/smbd/msdfs.c ++++ b/source3/smbd/msdfs.c +@@ -34,6 +34,7 @@ + #include "librpc/gen_ndr/ndr_dfsblobs.h" + #include "lib/tsocket/tsocket.h" + #include "lib/global_contexts.h" ++#include "source3/lib/substitute.h" + + /********************************************************************** + Parse a DFS pathname of the form \hostname\service\reqpath +diff --git a/source3/smbd/process.c b/source3/smbd/process.c +index 03409742752..5015c143a04 100644 +--- a/source3/smbd/process.c ++++ b/source3/smbd/process.c +@@ -46,6 +46,7 @@ + #include "libcli/smb/smbXcli_base.h" + #include "lib/util/time_basic.h" + #include "smb1_utils.h" ++#include "source3/lib/substitute.h" + + /* Internal message queue for deferred opens. */ + struct pending_message_list { +diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c +index 042e7f2329e..f85d1122a07 100644 +--- a/source3/smbd/reply.c ++++ b/source3/smbd/reply.c +@@ -50,6 +50,7 @@ + #include "libcli/smb/smb2_posix.h" + #include "lib/util/string_wrappers.h" + #include "source3/printing/rap_jobid.h" ++#include "source3/lib/substitute.h" + + /**************************************************************************** + Ensure we check the path in *exactly* the same way as W2K for a findfirst/findnext +diff --git a/source3/smbd/server.c b/source3/smbd/server.c +index d7f5b4b73c0..d02ff1bd883 100644 +--- a/source3/smbd/server.c ++++ b/source3/smbd/server.c +@@ -60,6 +60,7 @@ + #include "rpc_server/fssd.h" + #include "rpc_server/mdssd.h" + #include "lib/global_contexts.h" ++#include "source3/lib/substitute.h" + + #ifdef CLUSTER_SUPPORT + #include "ctdb_protocol.h" +diff --git a/source3/smbd/service.c b/source3/smbd/service.c +index afdea38b016..ef7c14d92d0 100644 +--- a/source3/smbd/service.c ++++ b/source3/smbd/service.c +@@ -34,6 +34,7 @@ + #include "lib/afs/afs_funcs.h" + #include "lib/util_path.h" + #include "lib/util/string_wrappers.h" ++#include "source3/lib/substitute.h" + + bool canonicalize_connect_path(connection_struct *conn) + { +diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c +index 2bd527ce80e..1705b8920b6 100644 +--- a/source3/smbd/sesssetup.c ++++ b/source3/smbd/sesssetup.c +@@ -34,6 +34,7 @@ + #include "auth/gensec/gensec.h" + #include "../libcli/smb/smb_signing.h" + #include "lib/util/string_wrappers.h" ++#include "source3/lib/substitute.h" + + /**************************************************************************** + Add the standard 'Samba' signature to the end of the session setup. +diff --git a/source3/smbd/share_access.c b/source3/smbd/share_access.c +index debe4fc6385..c44c4bd8c69 100644 +--- a/source3/smbd/share_access.c ++++ b/source3/smbd/share_access.c +@@ -23,6 +23,7 @@ + #include "../libcli/security/security.h" + #include "passdb/lookup_sid.h" + #include "auth.h" ++#include "source3/lib/substitute.h" + + /* + * We dropped NIS support in 2021, but need to keep configs working. +diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c +index f359db0729d..f6b376e5a07 100644 +--- a/source3/smbd/smb2_server.c ++++ b/source3/smbd/smb2_server.c +@@ -33,6 +33,7 @@ + #include "lib/util/iov_buf.h" + #include "auth.h" + #include "libcli/smb/smbXcli_base.h" ++#include "source3/lib/substitute.h" + + #if defined(LINUX) + /* SIOCOUTQ TIOCOUTQ are the same */ +diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c +index 38049e8535f..14b806bc007 100644 +--- a/source3/smbd/smb2_sesssetup.c ++++ b/source3/smbd/smb2_sesssetup.c +@@ -28,6 +28,7 @@ + #include "../lib/tsocket/tsocket.h" + #include "../libcli/security/security.h" + #include "../lib/util/tevent_ntstatus.h" ++#include "source3/lib/substitute.h" + + #include "lib/crypto/gnutls_helpers.h" + #include +diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c +index cd6b61429c5..a86ac3228e3 100644 +--- a/source3/smbd/trans2.c ++++ b/source3/smbd/trans2.c +@@ -45,6 +45,7 @@ + #include "smb1_utils.h" + #include "libcli/smb/smb2_posix.h" + #include "lib/util/string_wrappers.h" ++#include "source3/lib/substitute.h" + + #define DIR_ENTRY_SAFETY_MARGIN 4096 + +diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c +index b0d7f21c200..52918c4f181 100644 +--- a/source3/smbd/uid.c ++++ b/source3/smbd/uid.c +@@ -26,6 +26,7 @@ + #include "passdb/lookup_sid.h" + #include "auth.h" + #include "../auth/auth_util.h" ++#include "source3/lib/substitute.h" + + /* what user is current? */ + extern struct current_user current_user; +diff --git a/source3/torture/torture.c b/source3/torture/torture.c +index 79a9c65073c..d3e0e3cf095 100644 +--- a/source3/torture/torture.c ++++ b/source3/torture/torture.c +@@ -51,6 +51,7 @@ + #include "lib/param/param.h" + #include "auth/gensec/gensec.h" + #include "lib/util/string_wrappers.h" ++#include "source3/lib/substitute.h" + + #include + #include +diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c +index 6a2c6c861f9..17cc47b2ddd 100644 +--- a/source3/utils/net_sam.c ++++ b/source3/utils/net_sam.c +@@ -33,6 +33,7 @@ + #include "idmap.h" + #include "lib/util/smb_strtox.h" + #include "lib/util/string_wrappers.h" ++#include "source3/lib/substitute.h" + + /* + * Set a user's data +diff --git a/source3/winbindd/wb_getpwsid.c b/source3/winbindd/wb_getpwsid.c +index fb0351ec201..7f168bdda7a 100644 +--- a/source3/winbindd/wb_getpwsid.c ++++ b/source3/winbindd/wb_getpwsid.c +@@ -22,6 +22,7 @@ + #include "librpc/gen_ndr/ndr_winbind_c.h" + #include "../libcli/security/security.h" + #include "lib/util/string_wrappers.h" ++#include "source3/lib/substitute.h" + + struct wb_getpwsid_state { + struct tevent_context *ev; +diff --git a/source3/winbindd/winbindd.c b/source3/winbindd/winbindd.c +index 25d8b723010..290454619a4 100644 +--- a/source3/winbindd/winbindd.c ++++ b/source3/winbindd/winbindd.c +@@ -51,6 +51,7 @@ + #include "lib/gencache.h" + #include "rpc_server/rpc_config.h" + #include "lib/global_contexts.h" ++#include "source3/lib/substitute.h" + + #undef DBGC_CLASS + #define DBGC_CLASS DBGC_WINBIND +-- +2.33.1 + + +From 1184733a1628c1187a215956195ca806419db16d Mon Sep 17 00:00:00 2001 +From: Ralph Boehme +Date: Thu, 11 Nov 2021 05:23:09 +0100 +Subject: [PATCH 2/8] samba-bgqd: fix startup and logging + +Let samba-bgqd use the new POPT_COMMON_DAEMON infrastructure. + +The calls to setup_logging() can safely be removed as this is already taken care +of by samba_cmdline_init(). + +To avoid a logfile basename of ".log" when using "%m", we add a call to +set_remote_machine_name(). + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=14897 + +Signed-off-by: Ralph Boehme +--- + source3/printing/samba-bgqd.c | 35 ++++++++++------------------------- + 1 file changed, 10 insertions(+), 25 deletions(-) + +diff --git a/source3/printing/samba-bgqd.c b/source3/printing/samba-bgqd.c +index 8ac6ec525b2..2cd6a8e007a 100644 +--- a/source3/printing/samba-bgqd.c ++++ b/source3/printing/samba-bgqd.c +@@ -40,6 +40,7 @@ + #include "source3/lib/util_procid.h" + #include "source3/auth/proto.h" + #include "source3/printing/queue_process.h" ++#include "source3/lib/substitute.h" + + static void watch_handler(struct tevent_req *req) + { +@@ -235,6 +236,7 @@ static int closeall_except_fd_params( + + int main(int argc, const char *argv[]) + { ++ struct samba_cmdline_daemon_cfg *cmdline_daemon_cfg = NULL; + const struct loadparm_substitution *lp_sub = + loadparm_s3_global_substitution(); + const char *progname = getprogname(); +@@ -245,8 +247,6 @@ int main(int argc, const char *argv[]) + struct tevent_req *watch_req = NULL; + struct tevent_signal *sigterm_handler = NULL; + struct bq_state *bq = NULL; +- int foreground = 0; +- int no_process_group = 0; + int log_stdout = 0; + int ready_signal_fd = -1; + int watch_fd = -1; +@@ -259,21 +259,7 @@ int main(int argc, const char *argv[]) + struct poptOption long_options[] = { + POPT_AUTOHELP + POPT_COMMON_SAMBA +- { +- .longName = "foreground", +- .shortName = 'F', +- .argInfo = POPT_ARG_NONE, +- .arg = &foreground, +- .descrip = "Run daemon in foreground " +- "(for daemontools, etc.)", +- }, +- { +- .longName = "no-process-group", +- .shortName = '\0', +- .argInfo = POPT_ARG_NONE, +- .arg = &no_process_group, +- .descrip = "Don't create a new process group" , +- }, ++ POPT_COMMON_DAEMON + + /* + * File descriptor to write the PID of the helper +@@ -311,6 +297,7 @@ int main(int argc, const char *argv[]) + frame = talloc_stackframe(); + + umask(0); ++ set_remote_machine_name("smbd-bgqd", true); + + ok = samba_cmdline_init(frame, + SAMBA_CMDLINE_CONFIG_SERVER, +@@ -320,6 +307,8 @@ int main(int argc, const char *argv[]) + exit(ENOMEM); + } + ++ cmdline_daemon_cfg = samba_cmdline_get_daemon_cfg(); ++ + pc = samba_popt_get_context(progname, + argc, + argv, +@@ -340,16 +329,12 @@ int main(int argc, const char *argv[]) + + log_stdout = (debug_get_log_type() == DEBUG_STDOUT); + +- if (foreground) { ++ if (!cmdline_daemon_cfg->fork) { + daemon_status(progname, "Starting process ... "); + } else { +- become_daemon(true, no_process_group, log_stdout); +- } +- +- if (log_stdout) { +- setup_logging(progname, DEBUG_STDOUT); +- } else { +- setup_logging(progname, DEBUG_FILE); ++ become_daemon(true, ++ cmdline_daemon_cfg->no_process_group, ++ log_stdout); + } + + BlockSignals(true, SIGPIPE); +-- +2.33.1 + + +From 1a0a1ccbe888332ea134b16bfac0d0d011bf1f4c Mon Sep 17 00:00:00 2001 +From: Ralph Boehme +Date: Wed, 10 Nov 2021 18:27:08 +0100 +Subject: [PATCH 3/8] winbindd: remove is_default_dyn_LOGFILEBASE() logic + +Handling of -l commandline parameter is already implemented by lib/cmdline/. + +is_default_dyn_LOGFILEBASE() == true is the default case and this causes us to +temporarily overwrite the configured logfile with LOGFILEBASE/log.winbindd until +winbindd_reload_services_file() restores it. + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=14897 + +Signed-off-by: Ralph Boehme +--- + source3/winbindd/winbindd.c | 9 --------- + 1 file changed, 9 deletions(-) + +diff --git a/source3/winbindd/winbindd.c b/source3/winbindd/winbindd.c +index 290454619a4..58c5ffbced4 100644 +--- a/source3/winbindd/winbindd.c ++++ b/source3/winbindd/winbindd.c +@@ -1717,15 +1717,6 @@ int main(int argc, const char **argv) + + poptFreeContext(pc); + +- if (is_default_dyn_LOGFILEBASE()) { +- char *lfile = NULL; +- if (asprintf(&lfile,"%s/log.winbindd", +- get_dyn_LOGFILEBASE()) > 0) { +- lp_set_logfile(lfile); +- SAFE_FREE(lfile); +- } +- } +- + reopen_logs(); + + DEBUG(0,("winbindd version %s started.\n", samba_version_string())); +-- +2.33.1 + + +From bcbf9fb6669933cc3dcf1f615d2885c542a08035 Mon Sep 17 00:00:00 2001 +From: Ralph Boehme +Date: Wed, 10 Nov 2021 14:13:11 +0100 +Subject: [PATCH 4/8] lib/debug: fix fd check before dup'ing to stderr + +Before I added per-class logfile and we had only one fd for the logfile the code +looked like this: + + /* Take over stderr to catch output into logs */ + if (state.fd > 0) { + if (dup2(state.fd, 2) == -1) { + /* Close stderr too, if dup2 can't point it - + at the logfile. There really isn't much + that can be done on such a fundamental + failure... */ + close_low_fd(2); + } + } + +In the current code the equivalent to state.fd is dbgc_config[DBGC_ALL].fd. + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=14897 + +Signed-off-by: Ralph Boehme +--- + lib/util/debug.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/lib/util/debug.c b/lib/util/debug.c +index 4fd17679227..b271608621a 100644 +--- a/lib/util/debug.c ++++ b/lib/util/debug.c +@@ -1125,7 +1125,6 @@ bool reopen_logs_internal(void) + { + struct debug_backend *b = NULL; + mode_t oldumask; +- int new_fd = 0; + size_t i; + bool ok; + +@@ -1190,7 +1189,7 @@ bool reopen_logs_internal(void) + * If log file was opened or created successfully, take over stderr to + * catch output into logs. + */ +- if (new_fd != -1) { ++ if (dbgc_config[DBGC_ALL].fd > 0) { + if (dup2(dbgc_config[DBGC_ALL].fd, 2) == -1) { + /* Close stderr too, if dup2 can't point it - + at the logfile. There really isn't much +-- +2.33.1 + + +From 9f76bd48d87eb03c66dfe942b4a84e997a8fe8ba Mon Sep 17 00:00:00 2001 +From: Ralph Boehme +Date: Mon, 8 Nov 2021 19:41:50 +0100 +Subject: [PATCH 5/8] lib/debug: in debug_set_logfile() call + reopen_logs_internal() + +This simplifies the logging API for callers that typically would want to set +logging by just setup_logging() once without bothering that typically +configuration is loaded (via some lpcfg_load*() or lp_load*() varient) which +will only then pick up the configured logfile from smb.conf without actually +applying the new logifle to the logging subsytem. + +Therefor our daemons will additionally call reopen_logs() explicitly in their +startup code after config is loaded, eg + + setup_logging(getprogname(), DEBUG_FILE); + ... + lpcfg_load(lp_ctx, config_file); + ... + reopen_logs(); + +By calling reopen_logs_internal() implicitly from debug_set_logfile() there's no +need to call reopen_logs() explicitly anymore to apply the logfile. + +As reopen_logs() will also apply other logging configuration options, we have to +keep the explicit calls in the daemon code. But at least this allows consistent +logging setup wrt to the logfile in the new cmdline library. + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=14897 + +Signed-off-by: Ralph Boehme +--- + lib/util/debug.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/lib/util/debug.c b/lib/util/debug.c +index b271608621a..171b5e15008 100644 +--- a/lib/util/debug.c ++++ b/lib/util/debug.c +@@ -1018,6 +1018,8 @@ void debug_set_logfile(const char *name) + } + TALLOC_FREE(dbgc_config[DBGC_ALL].logfile); + dbgc_config[DBGC_ALL].logfile = talloc_strdup(NULL, name); ++ ++ reopen_logs_internal(); + } + + static void debug_close_fd(int fd) +-- +2.33.1 + + +From b80911bc1a306cac479ee3feabdcea124946cdde Mon Sep 17 00:00:00 2001 +From: Ralph Boehme +Date: Mon, 8 Nov 2021 12:08:47 +0100 +Subject: [PATCH 6/8] lib/cmdline: fix indentation + +s/whitespace/tab/ + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=14897 + +Signed-off-by: Ralph Boehme +--- + lib/cmdline/cmdline_s3.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/cmdline/cmdline_s3.c b/lib/cmdline/cmdline_s3.c +index 1f8d9ed5eb5..639d403aed3 100644 +--- a/lib/cmdline/cmdline_s3.c ++++ b/lib/cmdline/cmdline_s3.c +@@ -55,7 +55,7 @@ static bool _samba_cmdline_load_config_s3(void) + case SAMBA_CMDLINE_CONFIG_CLIENT: + ok = lp_load_client(config_file); + break; +- case SAMBA_CMDLINE_CONFIG_SERVER: ++ case SAMBA_CMDLINE_CONFIG_SERVER: + { + const struct samba_cmdline_daemon_cfg *cmdline_daemon_cfg = + samba_cmdline_get_daemon_cfg(); +-- +2.33.1 + + +From a6b6b0b6e6dfcd2c8e2c2085d20cd16c51e3b379 Mon Sep 17 00:00:00 2001 +From: Ralph Boehme +Date: Mon, 8 Nov 2021 12:09:16 +0100 +Subject: [PATCH 7/8] lib/cmdline: remember config_type in samba_cmdline_init() + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=14897 + +Signed-off-by: Ralph Boehme +--- + lib/cmdline/cmdline_s4.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/lib/cmdline/cmdline_s4.c b/lib/cmdline/cmdline_s4.c +index 61c1b96ba8d..6ef6f59db49 100644 +--- a/lib/cmdline/cmdline_s4.c ++++ b/lib/cmdline/cmdline_s4.c +@@ -25,6 +25,7 @@ + #include "cmdline_private.h" + + static bool _require_smbconf; ++static enum samba_cmdline_config_type _config_type; + + static bool _samba_cmdline_load_config_s4(void) + { +@@ -81,6 +82,7 @@ bool samba_cmdline_init(TALLOC_CTX *mem_ctx, + return false; + } + _require_smbconf = require_smbconf; ++ _config_type = config_type; + + creds = cli_credentials_init(mem_ctx); + if (creds == NULL) { +-- +2.33.1 + + +From e1d6ab1b0dbd8ff30019edf804c4766b066db4b7 Mon Sep 17 00:00:00 2001 +From: Ralph Boehme +Date: Mon, 8 Nov 2021 12:09:43 +0100 +Subject: [PATCH 8/8] lib/cmdline: setup default file logging for servers + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=14897 +RN: samba process doesn't log to logfile + +Signed-off-by: Ralph Boehme +--- + lib/cmdline/cmdline_s4.c | 14 ++++++++++++++ + 1 file changed, 14 insertions(+) + +diff --git a/lib/cmdline/cmdline_s4.c b/lib/cmdline/cmdline_s4.c +index 6ef6f59db49..29e9f34bbe2 100644 +--- a/lib/cmdline/cmdline_s4.c ++++ b/lib/cmdline/cmdline_s4.c +@@ -44,6 +44,20 @@ static bool _samba_cmdline_load_config_s4(void) + } + } + ++ switch (_config_type) { ++ case SAMBA_CMDLINE_CONFIG_SERVER: { ++ const struct samba_cmdline_daemon_cfg *cmdline_daemon_cfg = ++ samba_cmdline_get_daemon_cfg(); ++ ++ if (!cmdline_daemon_cfg->interactive) { ++ setup_logging(getprogname(), DEBUG_FILE); ++ } ++ break; ++ } ++ default: ++ break; ++ } ++ + config_file = get_dyn_CONFIGFILE(); + ok = lpcfg_load(lp_ctx, config_file); + if (!ok) { +-- +2.33.1 + diff --git a/samba-4.15.1-winexe.patch b/samba-4.15.1-winexe.patch new file mode 100644 index 0000000..38460b3 --- /dev/null +++ b/samba-4.15.1-winexe.patch @@ -0,0 +1,61 @@ +From 3d02bf10d7738fe604b524863764de3ca1faa081 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?G=C3=BCnther=20Deschner?= +Date: Thu, 4 Nov 2021 22:22:44 +0100 +Subject: [PATCH] s3-winexe: Fix winexe core dump (use-after-free) +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=14893 + +Guenther + +Signed-off-by: Guenther Deschner +Reviewed-by: Andreas Schneider + +Autobuild-User(master): Günther Deschner +Autobuild-Date(master): Fri Nov 5 11:43:57 UTC 2021 on sn-devel-184 + +(cherry picked from commit e9495d2ed28a26899dc3dd77bdfe56e284980218) +--- + examples/winexe/winexe.c | 16 ++++++++++++---- + 1 file changed, 12 insertions(+), 4 deletions(-) + +diff --git a/examples/winexe/winexe.c b/examples/winexe/winexe.c +index 3e0813a4091..59fb9dbdebb 100644 +--- a/examples/winexe/winexe.c ++++ b/examples/winexe/winexe.c +@@ -220,8 +220,6 @@ static void parse_args(int argc, const char *argv[], + *port_str = '\0'; + } + +- poptFreeContext(pc); +- + if (options->runas == NULL && options->runas_file != NULL) { + struct cli_credentials *runas_cred; + const char *user; +@@ -253,9 +251,19 @@ static void parse_args(int argc, const char *argv[], + + options->credentials = samba_cmdline_get_creds(); + +- options->hostname = argv_new[0] + 2; ++ options->hostname = talloc_strdup(mem_ctx, argv_new[0] + 2); ++ if (options->hostname == NULL) { ++ DBG_ERR("Out of memory\n"); ++ exit(1); ++ } + options->port = port; +- options->cmd = argv_new[1]; ++ options->cmd = talloc_strdup(mem_ctx, argv_new[1]); ++ if (options->cmd == NULL) { ++ DBG_ERR("Out of memory\n"); ++ exit(1); ++ } ++ ++ poptFreeContext(pc); + + options->flags = flag_interactive; + if (flag_reinstall) { +-- +2.33.1 + diff --git a/samba-4.15.2-smbclient_anonymous.patch b/samba-4.15.2-smbclient_anonymous.patch new file mode 100644 index 0000000..477ddef --- /dev/null +++ b/samba-4.15.2-smbclient_anonymous.patch @@ -0,0 +1,58 @@ +From 61fd63d70578043de9f3bff1c3267c499dbf50a0 Mon Sep 17 00:00:00 2001 +From: Andreas Schneider +Date: Wed, 10 Nov 2021 12:06:51 +0100 +Subject: [PATCH] auth:creds: Guess the username first via getpwuid(my_id) + +If we have a container, we often don't have USER or LOGNAME set. + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=14883 + +Tested-by: Anoop C S +Signed-off-by: Andreas Schneider +Reviewed-by: Stefan Metzmacher +(cherry picked from commit c28be4067463e582e378df402f812e510883d606) +--- + auth/credentials/credentials.c | 13 +++++++++++++ + 1 file changed, 13 insertions(+) + +diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c +index 02a3cf3b354..c5a6ba6940c 100644 +--- a/auth/credentials/credentials.c ++++ b/auth/credentials/credentials.c +@@ -30,6 +30,7 @@ + #include "tevent.h" + #include "param/param.h" + #include "system/filesys.h" ++#include "system/passwd.h" + + /** + * Create a new credentials structure +@@ -1159,6 +1160,7 @@ _PUBLIC_ bool cli_credentials_guess(struct cli_credentials *cred, + { + const char *error_string; + const char *env = NULL; ++ struct passwd *pwd = NULL; + bool ok; + + if (lp_ctx != NULL) { +@@ -1168,6 +1170,17 @@ _PUBLIC_ bool cli_credentials_guess(struct cli_credentials *cred, + } + } + ++ pwd = getpwuid(getuid()); ++ if (pwd != NULL) { ++ size_t len = strlen(pwd->pw_name); ++ ++ if (len > 0 && len <= 1024) { ++ (void)cli_credentials_parse_string(cred, ++ pwd->pw_name, ++ CRED_GUESS_ENV); ++ } ++ } ++ + env = getenv("LOGNAME"); + if (env != NULL) { + size_t len = strlen(env); +-- +2.33.1 + diff --git a/samba-ctdb-etcd-reclock.patch b/samba-ctdb-etcd-reclock.patch new file mode 100644 index 0000000..2a55408 --- /dev/null +++ b/samba-ctdb-etcd-reclock.patch @@ -0,0 +1,30 @@ +From 939aed0498269df3c1e012f3b68c314b583f25bd Mon Sep 17 00:00:00 2001 +From: Martin Schwenke +Date: Tue, 27 Apr 2021 15:46:14 +1000 +Subject: [PATCH] utils: Use Python 3 + +Due to the number of flake8 and pylint warnings it is unclear if the +source has Python 3 incompatibilities. These will be cleaned up in +subsequent commits. + +Signed-off-by: "L.P.H. van Belle" +Reviewed-by: Martin Schwenke +Reviewed-by: David Disseldorp +Reviewed-by: Jose A. Rivera +--- + ctdb/utils/etcd/ctdb_etcd_lock | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/ctdb/utils/etcd/ctdb_etcd_lock b/ctdb/utils/etcd/ctdb_etcd_lock +index 000c6bb7208..7f5194eff0a 100755 +--- a/ctdb/utils/etcd/ctdb_etcd_lock ++++ b/ctdb/utils/etcd/ctdb_etcd_lock +@@ -1,4 +1,4 @@ +-#!/usr/bin/python ++#!/usr/bin/env python3 + # + # This program is free software: you can redistribute it and/or modify + # it under the terms of the GNU General Public License as published by +-- +2.31.1 + diff --git a/samba-s4u.patch b/samba-s4u.patch index 83ed873..8e84d96 100644 --- a/samba-s4u.patch +++ b/samba-s4u.patch @@ -1,22 +1,21 @@ -From fe300549844509624d944b93fc64dc6d382e71c1 Mon Sep 17 00:00:00 2001 +From 0b196043f08ea4c025f19c4519175a3a73e1d185 Mon Sep 17 00:00:00 2001 From: Isaac Boukris Date: Fri, 27 Sep 2019 18:25:03 +0300 -Subject: [PATCH 3/7] mit-kdc: add basic loacl realm S4U support +Subject: [PATCH 1/3] mit-kdc: add basic loacl realm S4U support Signed-off-by: Isaac Boukris Pair-Programmed-With: Andreas Schneider --- - source4/kdc/mit-kdb/kdb_samba_policies.c | 148 +++++++++--------- - source4/kdc/mit_samba.c | 47 ++---- - source4/kdc/mit_samba.h | 6 +- - wscript_configure_system_mitkrb5 | 3 + - 6 files changed, 91 insertions(+), 115 deletions(-) + source4/kdc/mit-kdb/kdb_samba_policies.c | 124 +++++++++++------------ + source4/kdc/mit_samba.c | 47 ++------- + source4/kdc/mit_samba.h | 6 +- + 3 files changed, 71 insertions(+), 106 deletions(-) diff --git a/source4/kdc/mit-kdb/kdb_samba_policies.c b/source4/kdc/mit-kdb/kdb_samba_policies.c -index 9197551ed61..944324d9a2f 100644 +index f35210669c2..b1c7c5dcc5e 100644 --- a/source4/kdc/mit-kdb/kdb_samba_policies.c +++ b/source4/kdc/mit-kdb/kdb_samba_policies.c -@@ -192,13 +192,17 @@ static krb5_error_code ks_verify_pac(krb5_context context, +@@ -195,13 +195,17 @@ static krb5_error_code ks_verify_pac(krb5_context context, krb5_keyblock *krbtgt_key, krb5_timestamp authtime, krb5_authdata **tgt_auth_data, @@ -37,7 +36,7 @@ index 9197551ed61..944324d9a2f 100644 mit_ctx = ks_get_context(context); if (mit_ctx == NULL) { -@@ -230,41 +234,43 @@ static krb5_error_code ks_verify_pac(krb5_context context, +@@ -233,41 +237,43 @@ static krb5_error_code ks_verify_pac(krb5_context context, code = krb5_pac_parse(context, authdata[0]->contents, authdata[0]->length, @@ -107,7 +106,7 @@ index 9197551ed61..944324d9a2f 100644 if (code != 0) { goto done; } -@@ -272,17 +278,22 @@ static krb5_error_code ks_verify_pac(krb5_context context, +@@ -275,17 +281,22 @@ static krb5_error_code ks_verify_pac(krb5_context context, code = mit_samba_reget_pac(mit_ctx, context, flags, @@ -134,31 +133,30 @@ index 9197551ed61..944324d9a2f 100644 return code; } -@@ -324,7 +335,7 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context, - { - #endif +@@ -314,6 +325,7 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context, + krb5_authdata **pac_auth_data = NULL; krb5_authdata **authdata = NULL; -- krb5_boolean is_as_req; + krb5_boolean is_as_req; + krb5_const_principal pac_client; krb5_error_code code; krb5_pac pac = NULL; krb5_data pac_data; -@@ -334,24 +345,21 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context, +@@ -325,11 +337,6 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context, + krbtgt = krbtgt == NULL ? local_krbtgt : krbtgt; krbtgt_key = krbtgt_key == NULL ? local_krbtgt_key : krbtgt_key; - #endif - /* FIXME: We don't support S4U yet */ - if (flags & KRB5_KDB_FLAGS_S4U) { - return KRB5_KDB_DBTYPE_NOSUP; - } - -- is_as_req = ((flags & KRB5_KDB_FLAG_CLIENT_REFERRALS_ONLY) != 0); -- -- if (is_as_req && (flags & KRB5_KDB_FLAG_INCLUDE_PAC)) { -- code = ks_get_pac(context, client, client_key, &pac); -- if (code != 0) { -- goto done; -- } + is_as_req = ((flags & KRB5_KDB_FLAG_CLIENT_REFERRALS_ONLY) != 0); + + /* +@@ -390,6 +397,16 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context, + ks_client_princ = client->princ; + } + + /* In protocol transition, we are currently not provided with the tgt + * client name to verify the PAC, we could probably skip the name + * verification and just verify the signatures, but since we don't @@ -166,59 +164,31 @@ index 9197551ed61..944324d9a2f 100644 + if (flags & KRB5_KDB_FLAG_PROTOCOL_TRANSITION) { + pac_client = server->princ; + } else { -+ pac_client = client_princ; - } - -- if (!is_as_req) { -+ /* TGS request */ -+ if (!(flags & KRB5_KDB_FLAG_CLIENT_REFERRALS_ONLY)) { - code = ks_verify_pac(context, - flags, -- client_princ, -+ pac_client, - client, - server, - krbtgt, -@@ -363,14 +371,28 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context, - if (code != 0) { - goto done; - } -+ -+ /* We require PAC as we don't support LSA_TRUST_TYPE_MIT */ -+ if (pac == NULL) { -+ code = KRB5_KDB_DBTYPE_NOSUP; -+ goto done; -+ } - } - -- if (pac == NULL && client != NULL) { -+ if (flags & KRB5_KDB_FLAG_PROTOCOL_TRANSITION) { -+ krb5_pac_free(context, pac); -+ pac = NULL; ++ pac_client = ks_client_princ; + } - -+ /* AS request or local realm protocol transition */ -+ if ((flags & KRB5_KDB_FLAG_CLIENT_REFERRALS_ONLY) || -+ (client != NULL && (flags & KRB5_KDB_FLAG_PROTOCOL_TRANSITION))) { - code = ks_get_pac(context, client, client_key, &pac); - if (code != 0) { - goto done; - } -+ /* We require a pac! */ -+ SMB_ASSERT(pac != NULL); ++ + if (client_entry == NULL) { + client_entry = client; } +@@ -454,7 +471,7 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context, - if (pac == NULL) { -@@ -379,7 +401,7 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context, - } - - code = krb5_pac_sign(context, pac, authtime, client_princ, + code = ks_verify_pac(context, + flags, +- ks_client_princ, ++ pac_client, + client_entry, + server, + krbtgt, +@@ -494,7 +511,7 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context, + is_as_req ? "AS-REQ" : "TGS-REQ", + client_name); + code = krb5_pac_sign(context, pac, authtime, ks_client_princ, - server_key, krbtgt_key, &pac_data); + server_key, krbtgt_key, &pac_data); if (code != 0) { DBG_ERR("krb5_pac_sign failed: %d\n", code); goto done; -@@ -405,11 +427,6 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context, +@@ -520,12 +537,6 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context, KRB5_AUTHDATA_IF_RELEVANT, authdata, signed_auth_data); @@ -227,10 +197,11 @@ index 9197551ed61..944324d9a2f 100644 - } - - code = 0; - +- done: - krb5_pac_free(context, pac); -@@ -432,32 +449,13 @@ krb5_error_code kdb_samba_db_check_allowed_to_delegate(krb5_context context, + if (client_entry != NULL && client_entry != client) { + ks_free_principal(context, client_entry); +@@ -551,32 +562,13 @@ krb5_error_code kdb_samba_db_check_allowed_to_delegate(krb5_context context, * server; -> delegating service * proxy; -> target principal */ @@ -265,10 +236,10 @@ index 9197551ed61..944324d9a2f 100644 diff --git a/source4/kdc/mit_samba.c b/source4/kdc/mit_samba.c -index 54dcd545ea1..f23327c9613 100644 +index 4239332f0d9..acc3cba6254 100644 --- a/source4/kdc/mit_samba.c +++ b/source4/kdc/mit_samba.c -@@ -467,7 +467,6 @@ int mit_samba_get_pac(struct mit_samba_context *smb_ctx, +@@ -501,7 +501,6 @@ int mit_samba_get_pac(struct mit_samba_context *smb_ctx, krb5_error_code mit_samba_reget_pac(struct mit_samba_context *ctx, krb5_context context, int flags, @@ -276,7 +247,7 @@ index 54dcd545ea1..f23327c9613 100644 krb5_db_entry *client, krb5_db_entry *server, krb5_db_entry *krbtgt, -@@ -615,7 +614,7 @@ krb5_error_code mit_samba_reget_pac(struct mit_samba_context *ctx, +@@ -665,7 +664,7 @@ krb5_error_code mit_samba_reget_pac(struct mit_samba_context *ctx, context, *pac, server->princ, @@ -285,7 +256,7 @@ index 54dcd545ea1..f23327c9613 100644 deleg_blob); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(0, ("Update delegation info failed: %s\n", -@@ -937,41 +936,17 @@ int mit_samba_check_client_access(struct mit_samba_context *ctx, +@@ -987,41 +986,17 @@ int mit_samba_check_client_access(struct mit_samba_context *ctx, } int mit_samba_check_s4u2proxy(struct mit_samba_context *ctx, @@ -338,7 +309,7 @@ index 54dcd545ea1..f23327c9613 100644 static krb5_error_code mit_samba_change_pwd_error(krb5_context context, diff --git a/source4/kdc/mit_samba.h b/source4/kdc/mit_samba.h -index ba824557bd5..5aadf206443 100644 +index 636c77ec97c..9cb00c9610e 100644 --- a/source4/kdc/mit_samba.h +++ b/source4/kdc/mit_samba.h @@ -56,7 +56,6 @@ int mit_samba_get_pac(struct mit_samba_context *smb_ctx, @@ -362,12 +333,13 @@ index ba824557bd5..5aadf206443 100644 int mit_samba_kpasswd_change_password(struct mit_samba_context *ctx, char *pwd, -- -2.25.4 +2.33.1 -From ff1b225493ede3d43cfad571770dacb73f75ec42 Mon Sep 17 00:00:00 2001 + +From 992d38fa35c01f2f0bdb39d387fa29e8eb8d3d37 Mon Sep 17 00:00:00 2001 From: Isaac Boukris Date: Fri, 27 Sep 2019 18:35:30 +0300 -Subject: [PATCH 5/7] krb5-mit: enable S4U client support for MIT build +Subject: [PATCH 2/3] krb5-mit: enable S4U client support for MIT build Signed-off-by: Isaac Boukris Pair-Programmed-With: Andreas Schneider @@ -375,13 +347,13 @@ Pair-Programmed-With: Andreas Schneider lib/krb5_wrap/krb5_samba.c | 185 ++++++++++++++++++++++++++ lib/krb5_wrap/krb5_samba.h | 2 - source4/auth/kerberos/kerberos_util.c | 11 -- - 4 files changed, 185 insertions(+), 14 deletions(-) + 3 files changed, 185 insertions(+), 13 deletions(-) diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c -index 20ce86c708d..e72ab3c30f7 100644 +index fff5b4e2a22..791b417d5ba 100644 --- a/lib/krb5_wrap/krb5_samba.c +++ b/lib/krb5_wrap/krb5_samba.c -@@ -2568,6 +2568,191 @@ krb5_error_code smb_krb5_kinit_s4u2_ccache(krb5_context ctx, +@@ -2694,6 +2694,191 @@ krb5_error_code smb_krb5_kinit_s4u2_ccache(krb5_context ctx, return 0; } @@ -574,7 +546,7 @@ index 20ce86c708d..e72ab3c30f7 100644 #if !defined(HAVE_KRB5_MAKE_PRINCIPAL) && defined(HAVE_KRB5_BUILD_PRINCIPAL_ALLOC_VA) diff --git a/lib/krb5_wrap/krb5_samba.h b/lib/krb5_wrap/krb5_samba.h -index ca9a893e4f7..3264ce5eb3b 100644 +index eab67f6d969..b5385c69a33 100644 --- a/lib/krb5_wrap/krb5_samba.h +++ b/lib/krb5_wrap/krb5_samba.h @@ -252,7 +252,6 @@ krb5_error_code smb_krb5_kinit_password_ccache(krb5_context ctx, @@ -639,14 +611,13 @@ index 544d9d853cc..c14d8c72d8c 100644 ret = smb_krb5_kinit_password_ccache(smb_krb5_context->krb5_context, ccache, -- -2.25.4 +2.33.1 - -From cf1b9bdc09180d68e2b30258839d2f78b7af9c62 Mon Sep 17 00:00:00 2001 +From f1951b501ca0fb3e613f04437c99dc1bbf204609 Mon Sep 17 00:00:00 2001 From: Isaac Boukris Date: Sat, 19 Sep 2020 14:16:20 +0200 -Subject: [PATCH 7/7] wip: for canonicalization with new MIT kdc code +Subject: [PATCH 3/3] wip: for canonicalization with new MIT kdc code --- source4/heimdal/lib/hdb/hdb.h | 1 + @@ -656,7 +627,7 @@ Subject: [PATCH 7/7] wip: for canonicalization with new MIT kdc code 4 files changed, 11 insertions(+), 2 deletions(-) diff --git a/source4/heimdal/lib/hdb/hdb.h b/source4/heimdal/lib/hdb/hdb.h -index 6a09ecb6fe1..bc5211fef35 100644 +index 5ef9d9565f3..dafaffc6c2d 100644 --- a/source4/heimdal/lib/hdb/hdb.h +++ b/source4/heimdal/lib/hdb/hdb.h @@ -63,6 +63,7 @@ enum hdb_lockop{ HDB_RLOCK, HDB_WLOCK }; @@ -668,7 +639,7 @@ index 6a09ecb6fe1..bc5211fef35 100644 /* hdb_capability_flags */ #define HDB_CAP_F_HANDLE_ENTERPRISE_PRINCIPAL 1 diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c -index a560a1cd84b..c27b6a8ef4c 100644 +index aff74f2ee71..d16b4c3329a 100644 --- a/source4/kdc/db-glue.c +++ b/source4/kdc/db-glue.c @@ -916,17 +916,21 @@ static krb5_error_code samba_kdc_message2entry(krb5_context context, @@ -696,10 +667,10 @@ index a560a1cd84b..c27b6a8ef4c 100644 ret = smb_krb5_make_principal(context, &entry_ex->entry.principal, lpcfg_realm(lp_ctx), samAccountName, NULL); if (ret) { diff --git a/source4/kdc/mit_samba.c b/source4/kdc/mit_samba.c -index f23327c9613..4084e893cc2 100644 +index acc3cba6254..f0b9df8b613 100644 --- a/source4/kdc/mit_samba.c +++ b/source4/kdc/mit_samba.c -@@ -198,6 +198,9 @@ int mit_samba_get_principal(struct mit_samba_context *ctx, +@@ -224,6 +224,9 @@ int mit_samba_get_principal(struct mit_samba_context *ctx, if (kflags & KRB5_KDB_FLAG_CANONICALIZE) { sflags |= SDB_F_CANON; } @@ -722,5 +693,5 @@ index c929acccce6..a9115ec23d7 100644 void sdb_free_entry(struct sdb_entry_ex *e); void free_sdb_entry(struct sdb_entry *s); -- -2.25.4 +2.33.1 diff --git a/samba.spec b/samba.spec index d09116a..58737e6 100644 --- a/samba.spec +++ b/samba.spec @@ -15,6 +15,9 @@ # ctdb is enabled by default, you can disable it with: --without clustering %bcond_without clustering +# Define _make_verbose if it doesn't exist (RHEL8) +%{!?_make_verbose:%define _make_verbose V=1 VERBOSE=1} + # Build with Active Directory Domain Controller support by default on Fedora %if 0%{?fedora} %bcond_without dc @@ -42,24 +45,27 @@ %bcond_without winexe %endif -# Build vfs_ceph module by default on 64bit Fedora +# Build vfs_ceph module and ctdb cepth mutex helper by default on 64bit Fedora %if 0%{?fedora} %ifarch aarch64 ppc64le s390x x86_64 %bcond_without vfs_cephfs +%bcond_without ceph_mutex %else %bcond_with vfs_cephfs +%bcond_with ceph_mutex #endifarch %endif %else %bcond_with vfs_cephfs +%bcond_with ceph_mutex #endif fedora %endif # Build vfs_gluster module by default on 64bit Fedora %global is_rhgs 0 -%if "%{dist}" == ".el8rhgs" || "%{dist}" == ".el9rhgs" +%if "%{dist}" == ".el8rhgs" || "%{dist}" == ".el9rhgs" %global is_rhgs 1 %endif @@ -106,15 +112,29 @@ #endif fedora || rhel >= 8 %endif +# Build the ctdb-pcp-pmda package by default on Fedora +%if 0%{?fedora} +%bcond_without pcp_pmda +%else +%bcond_with pcp_pmda +%endif + +# Build the etcd helpers by default on Fedora +%if 0%{?fedora} +%bcond_without etcd_mutex +%else +%bcond_with etcd_mutex +%endif + %define samba_requires_eq() %(LC_ALL="C" echo '%*' | xargs -r rpm -q --qf 'Requires: %%{name} = %%{epoch}:%%{version}\\n' | sed -e 's/ (none):/ /' -e 's/ 0:/ /' | grep -v "is not") -%global baserelease 103 +%global baserelease 1 -%global samba_version 4.14.5 -%global talloc_version 2.3.2 -%global tdb_version 1.4.3 -%global tevent_version 0.10.2 -%global ldb_version 2.3.0 +%global samba_version 4.15.2 +%global talloc_version 2.3.3 +%global tdb_version 1.4.4 +%global tevent_version 0.11.0 +%global ldb_version 2.4.1 # This should be rc1 or nil %global pre_release %nil @@ -178,6 +198,12 @@ Source14: samba.pamd Source201: README.downgrade Patch0: samba-s4u.patch +Patch1: samba-ctdb-etcd-reclock.patch +Patch2: samba-4.15.1-winexe.patch +Patch3: samba-4.15-fix-winbind-no-trusted-domain.patch +Patch4: samba-4.15-logfile.patch +Patch5: samba-4.15.2-smbclient_anonymous.patch +Patch6: samba-4.15-ipa-dc-schannel.patch Requires(pre): /usr/sbin/groupadd Requires(post): systemd @@ -285,6 +311,16 @@ BuildRequires: libcephfs-devel BuildRequires: liburing-devel >= 0.4 %endif +%if %{with pcp_pmda} +BuildRequires: pcp-libs-devel +%endif +%if %{with ceph_mutex} +BuildRequires: librados-devel +%endif +%if %{with etcd_mutex} +BuildRequires: python3-etcd +%endif + %if %{with dc} || %{with testsuite} # Add python3-iso8601 to avoid that the # version in Samba is being packaged @@ -314,9 +350,13 @@ BuildRequires: python3-tdb >= %{tdb_version} BuildRequires: libldb-devel >= %{ldb_version} BuildRequires: python3-ldb >= %{ldb_version} BuildRequires: python3-ldb-devel >= %{ldb_version} -%else +%endif + +%if %{with includelibs} || %{with testsuite} +# lmdb-devel is required for the mdb ldb module, if samba is configured +# to build includelibs we need lmdb-devel for building that module on our own BuildRequires: lmdb-devel -#endif without testsuite +#endif without includelibs %endif %if %{with dc} || %{with testsuite} @@ -326,6 +366,7 @@ BuildRequires: ldb-tools BuildRequires: python3-gpg BuildRequires: python3-markdown BuildRequires: python3-setproctitle +BuildRequires: python3-cryptography BuildRequires: tdb-tools %endif @@ -423,7 +464,7 @@ Obsoletes: ctdb-tests-debuginfo < %{samba_depver} # endif with clustering %endif -# If only build glusterfs for RHGS and Fedora, so obsolete it on other version +# We only build glusterfs for RHGS and Fedora, so obsolete it on other versions # of the distro %if %{without vfs_glusterfs} Obsoletes: samba-vfs-glusterfs < %{samba_depver} @@ -444,6 +485,13 @@ Requires: samba-libs = %{samba_depver} Requires: libwbclient = %{samba_depver} %endif +# samba-tool needs python3-samba +Requires: python3-%{name} = %{samba_depver} +# samba-tool needs tdbbackup +Requires: tdb-tools +# samba-tool needs mdb_copy +Requires: lmdb + Provides: bundled(libreplace) %description common-tools @@ -465,10 +513,6 @@ Requires(post): libwbclient = %{samba_depver} Requires: libwbclient = %{samba_depver} %endif -# samba-tool needs tdbbackup -Requires: tdb-tools -# samba-tool needs mdb_copy -Requires: lmdb Requires: ldb-tools Requires: python3-setproctitle # Force using libldb version to be the same as build version @@ -704,7 +748,7 @@ Summary: Samba python devel files Requires: python3-%{name} = %{samba_depver} %description -n python3-%{name}-devel -The python3-%{name}-devel package contains the Python 3 defel files. +The python3-%{name}-devel package contains the Python 3 devel files. %package -n python3-samba-test Summary: Samba Python libraries @@ -806,7 +850,6 @@ Requires(post): %{name}-client-libs = %{samba_depver} Requires: %{name}-libs = %{samba_depver} Requires(post): %{name}-libs = %{samba_depver} Requires: %{name}-winbind-modules = %{samba_depver} -Requires(post): %{name}-winbind-modules = %{samba_depver} %if %{with libwbclient} Requires(post): libwbclient = %{samba_depver} @@ -965,6 +1008,45 @@ and use CTDB instead. #endif with testsuite %endif + +%if %{with pcp_pmda} + +%package -n ctdb-pcp-pmda +Summary: CTDB PCP pmda support +Requires: ctdb = %{samba_depver} +Requires: pcp-libs + +%description -n ctdb-pcp-pmda +Performance Co-Pilot (PCP) support for CTDB + +#endif with pcp_pmda +%endif + +%if %{with etcd_mutex} + +%package -n ctdb-etcd-mutex +Summary: CTDB ETCD mutex helper +Requires: ctdb = %{samba_depver} +Requires: python3-etcd + +%description -n ctdb-etcd-mutex +Support for using an existing ETCD cluster as a mutex helper for CTDB + +#endif with etcd_mutex +%endif + +%if %{with ceph_mutex} + +%package -n ctdb-ceph-mutex +Summary: CTDB ceph mutex helper +Requires: ctdb = %{samba_depver} + +%description -n ctdb-ceph-mutex +Support for using an existing CEPH cluster as a mutex helper for CTDB + +#endif with ceph_mutex +%endif + #endif with clustering %endif @@ -1054,9 +1136,19 @@ export LDFLAGS="%{__global_ldflags} -fuse-ld=gold" %endif %if %{with testsuite} --enable-selftest \ +%endif +%if %{with pcp_pmda} + --enable-pmda \ +%endif +%if %{with ceph_mutex} + --enable-ceph-reclock \ +%endif +%if %{with etcd_mutex} + --enable-etcd-reclock \ %endif --with-profiling-data \ --with-systemd \ + --with-quotas \ --systemd-install-services \ --with-systemddir=/usr/lib/systemd/system \ --systemd-smb-extra=%{_systemd_extra} \ @@ -1074,7 +1166,8 @@ pushd pidl popd %install -%make_install +# Do not use %%make_install, make is just a wrapper around waf in Samba! +%{__make} %{?_smp_mflags} %{_make_verbose} install DESTDIR=%{buildroot} install -d -m 0755 %{buildroot}/usr/{sbin,bin} install -d -m 0755 %{buildroot}%{_libdir}/security @@ -1162,12 +1255,10 @@ touch %{buildroot}%{_libdir}/krb5/plugins/libkrb5/winbind_krb5_locator.so %if %{without dc} && %{without testsuite} for i in \ %{_libdir}/samba/libdfs-server-ad-samba4.so \ - %{_libdir}/samba/libdnsserver-common-samba4.so \ %{_libdir}/samba/libdsdb-garbage-collect-tombstones-samba4.so \ %{_libdir}/samba/libscavenge-dns-records-samba4.so \ %{_mandir}/man8/samba.8 \ %{_mandir}/man8/samba_downgrade_db.8 \ - %{_mandir}/man8/samba-tool.8 \ %{_mandir}/man8/samba-gpupdate.8 \ %{_libdir}/samba/ldb/ildap.so \ %{_libdir}/samba/ldb/ldbsamba_extensions.so \ @@ -1518,6 +1609,8 @@ fi %{_libdir}/samba/vfs/nfs4acl_xattr.so %endif +%{_libexecdir}/samba/samba-bgqd + %dir %{_datadir}/samba %dir %{_datadir}/samba/mdssvc %{_datadir}/samba/mdssvc/elasticsearch_mappings.json @@ -1529,6 +1622,7 @@ fi %config(noreplace) %{_sysconfdir}/pam.d/samba %{_mandir}/man1/smbstatus.1* %{_mandir}/man8/eventlogadm.8* +%{_mandir}/man8/samba-bgqd.8* %{_mandir}/man8/smbd.8* %{_mandir}/man8/nmbd.8* %{_mandir}/man8/vfs_acl_tdb.8* @@ -1579,9 +1673,8 @@ fi %{_bindir}/cifsdd %{_bindir}/dbwrap_tool %{_bindir}/dumpmscat -%exclude %{_bindir}/findsmb %{_bindir}/mvxattr -%{_bindir}/mdfind +%{_bindir}/mdsearch %{_bindir}/nmblookup %{_bindir}/oLschema2ldif %{_bindir}/regdiff @@ -1608,9 +1701,8 @@ fi %{_mandir}/man1/regpatch.1* %{_mandir}/man1/regshell.1* %{_mandir}/man1/regtree.1* -%exclude %{_mandir}/man1/findsmb.1* %{_mandir}/man1/log2pcap.1* -%{_mandir}/man1/mdfind.1* +%{_mandir}/man1/mdsearch.1* %{_mandir}/man1/mvxattr.1* %{_mandir}/man1/rpcclient.1* %{_mandir}/man1/sharesec.1* @@ -1691,10 +1783,10 @@ fi %{_libdir}/samba/libclidns-samba4.so %{_libdir}/samba/libcluster-samba4.so %{_libdir}/samba/libcmdline-contexts-samba4.so -%{_libdir}/samba/libcmdline-credentials-samba4.so %{_libdir}/samba/libcommon-auth-samba4.so %{_libdir}/samba/libctdb-event-client-samba4.so %{_libdir}/samba/libdbwrap-samba4.so +%{_libdir}/samba/libdcerpc-pkt-auth-samba4.so %{_libdir}/samba/libdcerpc-samba-samba4.so %{_libdir}/samba/libevents-samba4.so %{_libdir}/samba/libflag-mapping-samba4.so @@ -1749,7 +1841,6 @@ fi %{_libdir}/samba/libtime-basic-samba4.so %{_libdir}/samba/libtorture-samba4.so %{_libdir}/samba/libtrusts-util-samba4.so -%{_libdir}/samba/libutil-cmdline-samba4.so %{_libdir}/samba/libutil-reg-samba4.so %{_libdir}/samba/libutil-setid-samba4.so %{_libdir}/samba/libutil-tdb-samba4.so @@ -1775,7 +1866,7 @@ fi %{_libdir}/samba/ldb/asq.so %{_libdir}/samba/ldb/ldb.so -#%%{_libdir}/samba/ldb/mdb.so +%{_libdir}/samba/ldb/mdb.so %{_libdir}/samba/ldb/paged_searches.so %{_libdir}/samba/ldb/rdn_name.so %{_libdir}/samba/ldb/sample.so @@ -1813,8 +1904,7 @@ fi ### COMMON-libs %files common-libs # common libraries -%{_libdir}/samba/libpopt-samba3-cmdline-samba4.so -%{_libdir}/samba/libpopt-samba3-samba4.so +%{_libdir}/samba/libcmdline-samba4.so %dir %{_libdir}/samba/ldb @@ -1827,6 +1917,7 @@ fi %{_bindir}/net %{_bindir}/pdbedit %{_bindir}/profiles +%{_bindir}/samba-tool %{_bindir}/smbcontrol %{_bindir}/smbpasswd %{_bindir}/testparm @@ -1835,13 +1926,13 @@ fi %{_mandir}/man1/testparm.1* %{_mandir}/man8/net.8* %{_mandir}/man8/pdbedit.8* +%{_mandir}/man8/samba-tool.8* %{_mandir}/man8/smbpasswd.8* ### DC %if %{with dc} || %{with testsuite} %files dc %{_unitdir}/samba.service -%{_bindir}/samba-tool %{_sbindir}/samba %{_sbindir}/samba_dnsupdate %{_sbindir}/samba_downgrade_db @@ -1909,7 +2000,6 @@ fi %{_mandir}/man8/samba.8* %{_mandir}/man8/samba_downgrade_db.8* %{_mandir}/man8/samba-gpupdate.8* -%{_mandir}/man8/samba-tool.8* %dir %{_datadir}/samba/admx %{_datadir}/samba/admx/samba.admx %dir %{_datadir}/samba/admx/en-US @@ -1952,7 +2042,6 @@ fi %endif %{_libdir}/libdcerpc-server.so.* -%{_libdir}/samba/libdnsserver-common-samba4.so %{_libdir}/samba/libdsdb-module-samba4.so %{_libdir}/samba/libdsdb-garbage-collect-tombstones-samba4.so %{_libdir}/samba/libscavenge-dns-records-samba4.so @@ -1961,8 +2050,6 @@ fi %files dc-bind-dlz %attr(770,root,named) %dir /var/lib/samba/bind-dns %dir %{_libdir}/samba/bind9 -%{_libdir}/samba/bind9/dlz_bind9.so -%{_libdir}/samba/bind9/dlz_bind9_9.so %{_libdir}/samba/bind9/dlz_bind9_10.so %{_libdir}/samba/bind9/dlz_bind9_11.so %{_libdir}/samba/bind9/dlz_bind9_12.so @@ -2136,6 +2223,7 @@ fi %{_libdir}/samba/libauth4-samba4.so %{_libdir}/samba/libauth-unix-token-samba4.so %{_libdir}/samba/libdcerpc-samba4.so +%{_libdir}/samba/libdnsserver-common-samba4.so %{_libdir}/samba/libshares-samba4.so %{_libdir}/samba/libsmbpasswdparser-samba4.so %{_libdir}/samba/libxattr-tdb-samba4.so @@ -2230,6 +2318,7 @@ fi %{python3_sitearch}/samba/__pycache__/getopt.*.pyc %{python3_sitearch}/samba/__pycache__/gpclass.*.pyc %{python3_sitearch}/samba/__pycache__/gp_ext_loader.*.pyc +%{python3_sitearch}/samba/__pycache__/gp_gnome_settings_ext.*.pyc %{python3_sitearch}/samba/__pycache__/gp_msgs_ext.*.pyc %{python3_sitearch}/samba/__pycache__/gp_scripts_ext.*.pyc %{python3_sitearch}/samba/__pycache__/gp_sec_ext.*.pyc @@ -2252,7 +2341,14 @@ fi %{python3_sitearch}/samba/__pycache__/trust_utils.*.pyc %{python3_sitearch}/samba/__pycache__/upgrade.*.pyc %{python3_sitearch}/samba/__pycache__/upgradehelpers.*.pyc +%{python3_sitearch}/samba/__pycache__/vgp_access_ext.*.pyc +%{python3_sitearch}/samba/__pycache__/vgp_files_ext.*.pyc +%{python3_sitearch}/samba/__pycache__/vgp_issue_ext.*.pyc +%{python3_sitearch}/samba/__pycache__/vgp_motd_ext.*.pyc +%{python3_sitearch}/samba/__pycache__/vgp_openssh_ext.*.pyc +%{python3_sitearch}/samba/__pycache__/vgp_startup_scripts_ext.*.pyc %{python3_sitearch}/samba/__pycache__/vgp_sudoers_ext.*.pyc +%{python3_sitearch}/samba/__pycache__/vgp_symlink_ext.*.pyc %{python3_sitearch}/samba/__pycache__/xattr.*.pyc %{python3_sitearch}/samba/_glue.*.so %{python3_sitearch}/samba/_ldb.*.so @@ -2281,6 +2377,7 @@ fi %{python3_sitearch}/samba/dcerpc/idmap.*.so %{python3_sitearch}/samba/dcerpc/initshutdown.*.so %{python3_sitearch}/samba/dcerpc/irpc.*.so +%{python3_sitearch}/samba/dcerpc/krb5ccache.*.so %{python3_sitearch}/samba/dcerpc/krb5pac.*.so %{python3_sitearch}/samba/dcerpc/lsa.*.so %{python3_sitearch}/samba/dcerpc/messaging.*.so @@ -2309,9 +2406,12 @@ fi %{python3_sitearch}/samba/descriptor.py %{python3_sitearch}/samba/dnsresolver.py %{python3_sitearch}/samba/drs_utils.py +%{python3_sitearch}/samba/dsdb.*.so +%{python3_sitearch}/samba/dsdb_dns.*.so %{python3_sitearch}/samba/gensec.*.so %{python3_sitearch}/samba/getopt.py %{python3_sitearch}/samba/gpclass.py +%{python3_sitearch}/samba/gp_gnome_settings_ext.py %{python3_sitearch}/samba/gp_scripts_ext.py %{python3_sitearch}/samba/gp_sec_ext.py %{python3_sitearch}/samba/gpo.*.so @@ -2322,6 +2422,7 @@ fi %{python3_sitearch}/samba/messaging.*.so %{python3_sitearch}/samba/ndr.py %{python3_sitearch}/samba/net.*.so +%{python3_sitearch}/samba/net_s3.*.so %{python3_sitearch}/samba/ntstatus.*.so %{python3_sitearch}/samba/posix_eadb.*.so %dir %{python3_sitearch}/samba/emulate @@ -2444,7 +2545,14 @@ fi %{python3_sitearch}/samba/trust_utils.py %{python3_sitearch}/samba/upgrade.py %{python3_sitearch}/samba/upgradehelpers.py +%{python3_sitearch}/samba/vgp_access_ext.py +%{python3_sitearch}/samba/vgp_files_ext.py +%{python3_sitearch}/samba/vgp_issue_ext.py +%{python3_sitearch}/samba/vgp_motd_ext.py +%{python3_sitearch}/samba/vgp_openssh_ext.py +%{python3_sitearch}/samba/vgp_startup_scripts_ext.py %{python3_sitearch}/samba/vgp_sudoers_ext.py +%{python3_sitearch}/samba/vgp_symlink_ext.py %{python3_sitearch}/samba/werror.*.so %{python3_sitearch}/samba/xattr.py %{python3_sitearch}/samba/xattr_native.*.so @@ -2491,8 +2599,6 @@ fi %{python3_sitearch}/samba/dcerpc/dnsserver.*.so %{python3_sitearch}/samba/dckeytab.*.so -%{python3_sitearch}/samba/dsdb.*.so -%{python3_sitearch}/samba/dsdb_dns.*.so %{python3_sitearch}/samba/domain_update.py %{python3_sitearch}/samba/forest_update.py %{python3_sitearch}/samba/ms_forest_updates_markdown.py @@ -2559,6 +2665,7 @@ fi %{python3_sitearch}/samba/tests/__pycache__/cred_opt.*.pyc %{python3_sitearch}/samba/tests/__pycache__/dckeytab.*.pyc %{python3_sitearch}/samba/tests/__pycache__/dns.*.pyc +%{python3_sitearch}/samba/tests/__pycache__/dns_aging.*.pyc %{python3_sitearch}/samba/tests/__pycache__/dns_base.*.pyc %{python3_sitearch}/samba/tests/__pycache__/dns_forwarder.*.pyc %{python3_sitearch}/samba/tests/__pycache__/dns_invalid.*.pyc @@ -2566,6 +2673,8 @@ fi %{python3_sitearch}/samba/tests/__pycache__/dns_tkey.*.pyc %{python3_sitearch}/samba/tests/__pycache__/dns_wildcard.*.pyc %{python3_sitearch}/samba/tests/__pycache__/dsdb.*.pyc +%{python3_sitearch}/samba/tests/__pycache__/dsdb_api.*.pyc +%{python3_sitearch}/samba/tests/__pycache__/dsdb_dns.*.pyc %{python3_sitearch}/samba/tests/__pycache__/dsdb_lock.*.pyc %{python3_sitearch}/samba/tests/__pycache__/dsdb_schema_attributes.*.pyc %{python3_sitearch}/samba/tests/__pycache__/docs.*.pyc @@ -2577,17 +2686,22 @@ fi %{python3_sitearch}/samba/tests/__pycache__/getdcname.*.pyc %{python3_sitearch}/samba/tests/__pycache__/glue.*.pyc %{python3_sitearch}/samba/tests/__pycache__/gpo.*.pyc +%{python3_sitearch}/samba/tests/__pycache__/gpo_member.*.pyc %{python3_sitearch}/samba/tests/__pycache__/graph.*.pyc %{python3_sitearch}/samba/tests/__pycache__/group_audit.*.pyc %{python3_sitearch}/samba/tests/__pycache__/hostconfig.*.pyc +%{python3_sitearch}/samba/tests/__pycache__/imports.*.pyc %{python3_sitearch}/samba/tests/__pycache__/join.*.pyc %{python3_sitearch}/samba/tests/__pycache__/krb5_credentials.*.pyc %{python3_sitearch}/samba/tests/__pycache__/ldap_raw.*.pyc %{python3_sitearch}/samba/tests/__pycache__/ldap_referrals.*.pyc +%{python3_sitearch}/samba/tests/__pycache__/ldap_spn.*.pyc +%{python3_sitearch}/samba/tests/__pycache__/ldap_upn_sam_account.*.pyc %{python3_sitearch}/samba/tests/__pycache__/loadparm.*.pyc %{python3_sitearch}/samba/tests/__pycache__/libsmb.*.pyc %{python3_sitearch}/samba/tests/__pycache__/lsa_string.*.pyc %{python3_sitearch}/samba/tests/__pycache__/messaging.*.pyc +%{python3_sitearch}/samba/tests/__pycache__/ndr.*.pyc %{python3_sitearch}/samba/tests/__pycache__/netbios.*.pyc %{python3_sitearch}/samba/tests/__pycache__/netcmd.*.pyc %{python3_sitearch}/samba/tests/__pycache__/net_join_no_spnego.*.pyc @@ -2623,10 +2737,12 @@ fi %{python3_sitearch}/samba/tests/__pycache__/s3passdb.*.pyc %{python3_sitearch}/samba/tests/__pycache__/s3registry.*.pyc %{python3_sitearch}/samba/tests/__pycache__/s3windb.*.pyc +%{python3_sitearch}/samba/tests/__pycache__/s3_net_join.*.pyc %{python3_sitearch}/samba/tests/__pycache__/samba_upgradedns_lmdb.*.pyc %{python3_sitearch}/samba/tests/__pycache__/samba3sam.*.pyc %{python3_sitearch}/samba/tests/__pycache__/samdb.*.pyc %{python3_sitearch}/samba/tests/__pycache__/samdb_api.*.pyc +%{python3_sitearch}/samba/tests/__pycache__/sddl.*.pyc %{python3_sitearch}/samba/tests/__pycache__/security.*.pyc %{python3_sitearch}/samba/tests/__pycache__/segfault.*.pyc %{python3_sitearch}/samba/tests/__pycache__/smb.*.pyc @@ -2661,7 +2777,7 @@ fi %{python3_sitearch}/samba/tests/blackbox/__pycache__/bug13653.*.pyc %{python3_sitearch}/samba/tests/blackbox/__pycache__/check_output.*.pyc %{python3_sitearch}/samba/tests/blackbox/__pycache__/downgradedatabase.*.pyc -%{python3_sitearch}/samba/tests/blackbox/__pycache__/mdfind.*.pyc +%{python3_sitearch}/samba/tests/blackbox/__pycache__/mdsearch.*.pyc %{python3_sitearch}/samba/tests/blackbox/__pycache__/ndrdump.*.pyc %{python3_sitearch}/samba/tests/blackbox/__pycache__/netads_json.*.pyc %{python3_sitearch}/samba/tests/blackbox/__pycache__/samba_dnsupdate.*.pyc @@ -2677,7 +2793,7 @@ fi %{python3_sitearch}/samba/tests/blackbox/bug13653.py %{python3_sitearch}/samba/tests/blackbox/check_output.py %{python3_sitearch}/samba/tests/blackbox/downgradedatabase.py -%{python3_sitearch}/samba/tests/blackbox/mdfind.py +%{python3_sitearch}/samba/tests/blackbox/mdsearch.py %{python3_sitearch}/samba/tests/blackbox/ndrdump.py %{python3_sitearch}/samba/tests/blackbox/netads_json.py %{python3_sitearch}/samba/tests/blackbox/samba_dnsupdate.py @@ -2705,6 +2821,7 @@ fi %{python3_sitearch}/samba/tests/dcerpc/__pycache__/binding.*.pyc %{python3_sitearch}/samba/tests/dcerpc/__pycache__/dnsserver.*.pyc %{python3_sitearch}/samba/tests/dcerpc/__pycache__/integer.*.pyc +%{python3_sitearch}/samba/tests/dcerpc/__pycache__/lsa.*.pyc %{python3_sitearch}/samba/tests/dcerpc/__pycache__/mdssvc.*.pyc %{python3_sitearch}/samba/tests/dcerpc/__pycache__/misc.*.pyc %{python3_sitearch}/samba/tests/dcerpc/__pycache__/raw_protocol.*.pyc @@ -2724,6 +2841,7 @@ fi %{python3_sitearch}/samba/tests/dcerpc/createtrustrelax.py %{python3_sitearch}/samba/tests/dcerpc/dnsserver.py %{python3_sitearch}/samba/tests/dcerpc/integer.py +%{python3_sitearch}/samba/tests/dcerpc/lsa.py %{python3_sitearch}/samba/tests/dcerpc/mdssvc.py %{python3_sitearch}/samba/tests/dcerpc/misc.py %{python3_sitearch}/samba/tests/dcerpc/raw_protocol.py @@ -2739,6 +2857,7 @@ fi %{python3_sitearch}/samba/tests/dcerpc/unix.py %{python3_sitearch}/samba/tests/dckeytab.py %{python3_sitearch}/samba/tests/dns.py +%{python3_sitearch}/samba/tests/dns_aging.py %{python3_sitearch}/samba/tests/dns_base.py %{python3_sitearch}/samba/tests/dns_forwarder.py %dir %{python3_sitearch}/samba/tests/dns_forwarder_helpers @@ -2749,6 +2868,8 @@ fi %{python3_sitearch}/samba/tests/dns_tkey.py %{python3_sitearch}/samba/tests/dns_wildcard.py %{python3_sitearch}/samba/tests/dsdb.py +%{python3_sitearch}/samba/tests/dsdb_api.py +%{python3_sitearch}/samba/tests/dsdb_dns.py %{python3_sitearch}/samba/tests/dsdb_lock.py %{python3_sitearch}/samba/tests/dsdb_schema_attributes.py %{python3_sitearch}/samba/tests/docs.py @@ -2768,9 +2889,11 @@ fi %{python3_sitearch}/samba/tests/get_opt.py %{python3_sitearch}/samba/tests/glue.py %{python3_sitearch}/samba/tests/gpo.py +%{python3_sitearch}/samba/tests/gpo_member.py %{python3_sitearch}/samba/tests/graph.py %{python3_sitearch}/samba/tests/group_audit.py %{python3_sitearch}/samba/tests/hostconfig.py +%{python3_sitearch}/samba/tests/imports.py %{python3_sitearch}/samba/tests/join.py %dir %{python3_sitearch}/samba/tests/kcc %{python3_sitearch}/samba/tests/kcc/__init__.py @@ -2786,37 +2909,64 @@ fi %{python3_sitearch}/samba/tests/kcc/ldif_import_export.py %dir %{python3_sitearch}/samba/tests/krb5 %dir %{python3_sitearch}/samba/tests/krb5/__pycache__ +%{python3_sitearch}/samba/tests/krb5/__pycache__/alias_tests.*.pyc %{python3_sitearch}/samba/tests/krb5/__pycache__/as_canonicalization_tests.*.pyc +%{python3_sitearch}/samba/tests/krb5/__pycache__/as_req_tests.*.pyc %{python3_sitearch}/samba/tests/krb5/__pycache__/compatability_tests.*.pyc +%{python3_sitearch}/samba/tests/krb5/__pycache__/fast_tests.*.pyc %{python3_sitearch}/samba/tests/krb5/__pycache__/kcrypto.*.pyc %{python3_sitearch}/samba/tests/krb5/__pycache__/kdc_base_test.*.pyc %{python3_sitearch}/samba/tests/krb5/__pycache__/kdc_tests.*.pyc %{python3_sitearch}/samba/tests/krb5/__pycache__/kdc_tgs_tests.*.pyc +%{python3_sitearch}/samba/tests/krb5/__pycache__/ms_kile_client_principal_lookup_tests.*.pyc %{python3_sitearch}/samba/tests/krb5/__pycache__/raw_testcase.*.pyc %{python3_sitearch}/samba/tests/krb5/__pycache__/rfc4120_constants.*.pyc %{python3_sitearch}/samba/tests/krb5/__pycache__/rfc4120_pyasn1.*.pyc +%{python3_sitearch}/samba/tests/krb5/__pycache__/rodc_tests*.pyc +%{python3_sitearch}/samba/tests/krb5/__pycache__/salt_tests.*.pyc %{python3_sitearch}/samba/tests/krb5/__pycache__/simple_tests.*.pyc +%{python3_sitearch}/samba/tests/krb5/__pycache__/spn_tests.*.pyc %{python3_sitearch}/samba/tests/krb5/__pycache__/s4u_tests.*.pyc +%{python3_sitearch}/samba/tests/krb5/__pycache__/test_ccache.*.pyc +%{python3_sitearch}/samba/tests/krb5/__pycache__/test_ldap.*.pyc +%{python3_sitearch}/samba/tests/krb5/__pycache__/test_min_domain_uid.*.pyc +%{python3_sitearch}/samba/tests/krb5/__pycache__/test_rpc.*.pyc +%{python3_sitearch}/samba/tests/krb5/__pycache__/test_smb.*.pyc %{python3_sitearch}/samba/tests/krb5/__pycache__/xrealm_tests.*.pyc +%{python3_sitearch}/samba/tests/krb5/alias_tests.py %{python3_sitearch}/samba/tests/krb5/as_canonicalization_tests.py +%{python3_sitearch}/samba/tests/krb5/as_req_tests.py %{python3_sitearch}/samba/tests/krb5/compatability_tests.py +%{python3_sitearch}/samba/tests/krb5/fast_tests.py %{python3_sitearch}/samba/tests/krb5/kcrypto.py %{python3_sitearch}/samba/tests/krb5/kdc_base_test.py %{python3_sitearch}/samba/tests/krb5/kdc_tests.py %{python3_sitearch}/samba/tests/krb5/kdc_tgs_tests.py +%{python3_sitearch}/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py %{python3_sitearch}/samba/tests/krb5/raw_testcase.py %{python3_sitearch}/samba/tests/krb5/rfc4120_constants.py %{python3_sitearch}/samba/tests/krb5/rfc4120_pyasn1.py +%{python3_sitearch}/samba/tests/krb5/rodc_tests.py +%{python3_sitearch}/samba/tests/krb5/salt_tests.py %{python3_sitearch}/samba/tests/krb5/simple_tests.py +%{python3_sitearch}/samba/tests/krb5/spn_tests.py +%{python3_sitearch}/samba/tests/krb5/test_ccache.py +%{python3_sitearch}/samba/tests/krb5/test_ldap.py +%{python3_sitearch}/samba/tests/krb5/test_min_domain_uid.py +%{python3_sitearch}/samba/tests/krb5/test_rpc.py +%{python3_sitearch}/samba/tests/krb5/test_smb.py %{python3_sitearch}/samba/tests/krb5/s4u_tests.py %{python3_sitearch}/samba/tests/krb5/xrealm_tests.py %{python3_sitearch}/samba/tests/krb5_credentials.py %{python3_sitearch}/samba/tests/ldap_raw.py %{python3_sitearch}/samba/tests/ldap_referrals.py +%{python3_sitearch}/samba/tests/ldap_spn.py +%{python3_sitearch}/samba/tests/ldap_upn_sam_account.py %{python3_sitearch}/samba/tests/libsmb.py %{python3_sitearch}/samba/tests/loadparm.py %{python3_sitearch}/samba/tests/lsa_string.py %{python3_sitearch}/samba/tests/messaging.py +%{python3_sitearch}/samba/tests/ndr.py %{python3_sitearch}/samba/tests/netbios.py %{python3_sitearch}/samba/tests/netcmd.py %{python3_sitearch}/samba/tests/net_join_no_spnego.py @@ -2852,6 +3002,7 @@ fi %{python3_sitearch}/samba/tests/s3passdb.py %{python3_sitearch}/samba/tests/s3registry.py %{python3_sitearch}/samba/tests/s3windb.py +%{python3_sitearch}/samba/tests/s3_net_join.py %{python3_sitearch}/samba/tests/samba3sam.py %{python3_sitearch}/samba/tests/samba_upgradedns_lmdb.py %dir %{python3_sitearch}/samba/tests/samba_tool @@ -2868,6 +3019,7 @@ fi %{python3_sitearch}/samba/tests/samba_tool/__pycache__/forest.*.pyc %{python3_sitearch}/samba/tests/samba_tool/__pycache__/fsmo.*.pyc %{python3_sitearch}/samba/tests/samba_tool/__pycache__/gpo.*.pyc +%{python3_sitearch}/samba/tests/samba_tool/__pycache__/gpo_exts.*.pyc %{python3_sitearch}/samba/tests/samba_tool/__pycache__/group.*.pyc %{python3_sitearch}/samba/tests/samba_tool/__pycache__/help.*.pyc %{python3_sitearch}/samba/tests/samba_tool/__pycache__/join.*.pyc @@ -2879,6 +3031,7 @@ fi %{python3_sitearch}/samba/tests/samba_tool/__pycache__/promote_dc_lmdb_size.*.pyc %{python3_sitearch}/samba/tests/samba_tool/__pycache__/provision_lmdb_size.*.pyc %{python3_sitearch}/samba/tests/samba_tool/__pycache__/provision_password_check.*.pyc +%{python3_sitearch}/samba/tests/samba_tool/__pycache__/provision_userPassword_crypt.*.pyc %{python3_sitearch}/samba/tests/samba_tool/__pycache__/rodc.*.pyc %{python3_sitearch}/samba/tests/samba_tool/__pycache__/schema.*.pyc %{python3_sitearch}/samba/tests/samba_tool/__pycache__/sites.*.pyc @@ -2902,6 +3055,7 @@ fi %{python3_sitearch}/samba/tests/samba_tool/forest.py %{python3_sitearch}/samba/tests/samba_tool/fsmo.py %{python3_sitearch}/samba/tests/samba_tool/gpo.py +%{python3_sitearch}/samba/tests/samba_tool/gpo_exts.py %{python3_sitearch}/samba/tests/samba_tool/group.py %{python3_sitearch}/samba/tests/samba_tool/help.py %{python3_sitearch}/samba/tests/samba_tool/join.py @@ -2913,6 +3067,7 @@ fi %{python3_sitearch}/samba/tests/samba_tool/promote_dc_lmdb_size.py %{python3_sitearch}/samba/tests/samba_tool/provision_lmdb_size.py %{python3_sitearch}/samba/tests/samba_tool/provision_password_check.py +%{python3_sitearch}/samba/tests/samba_tool/provision_userPassword_crypt.py %{python3_sitearch}/samba/tests/samba_tool/rodc.py %{python3_sitearch}/samba/tests/samba_tool/schema.py %{python3_sitearch}/samba/tests/samba_tool/sites.py @@ -2928,6 +3083,7 @@ fi %{python3_sitearch}/samba/tests/samba_tool/visualize_drs.py %{python3_sitearch}/samba/tests/samdb.py %{python3_sitearch}/samba/tests/samdb_api.py +%{python3_sitearch}/samba/tests/sddl.py %{python3_sitearch}/samba/tests/security.py %{python3_sitearch}/samba/tests/segfault.py %{python3_sitearch}/samba/tests/smb.py @@ -3071,6 +3227,7 @@ fi %{_libexecdir}/ctdb/ctdb_recovery_helper %{_libexecdir}/ctdb/ctdb_takeover_helper %{_libexecdir}/ctdb/smnotify +%{_libexecdir}/ctdb/tdb_mutex_check %dir %{_localstatedir}/lib/ctdb/ %dir %{_localstatedir}/lib/ctdb/persistent @@ -3901,6 +4058,33 @@ fi #endif with selftest %endif +%if %{with pcp_pmda} +%files -n ctdb-pcp-pmda +%dir %{_localstatedir}/lib/pcp/pmdas/ctdb +%{_localstatedir}/lib/pcp/pmdas/ctdb/Install +%{_localstatedir}/lib/pcp/pmdas/ctdb/README +%{_localstatedir}/lib/pcp/pmdas/ctdb/Remove +%{_localstatedir}/lib/pcp/pmdas/ctdb/domain.h +%{_localstatedir}/lib/pcp/pmdas/ctdb/help +%{_localstatedir}/lib/pcp/pmdas/ctdb/pmdactdb +%{_localstatedir}/lib/pcp/pmdas/ctdb/pmns +#endif with pcp_pmda +%endif + +%if %{with etcd_mutex} +%files -n ctdb-etcd-mutex +%{_libexecdir}/ctdb/ctdb_etcd_lock +%{_mandir}/man7/ctdb-etcd.7.gz +#endif with etcd_mutex +%endif + +%if %{with ceph_mutex} +%files -n ctdb-ceph-mutex +%{_libexecdir}/ctdb/ctdb_mutex_ceph_rados_helper +%{_mandir}/man7/ctdb_mutex_ceph_rados_helper.7.gz +#endif with ceph_mutex +%endif + #endif with clustering %endif @@ -3912,6 +4096,9 @@ fi %endif %changelog +* Mon Nov 29 2021 Pavel Filipenský - 4.15.2-1 +- resolves: rhbz#2013578 - Rebase to Samba 4.15.2 + * Tue Aug 31 2021 Andreas Schneider - 4.14.5-103 - resolves: rhbz#1980356 - Fix winbind restart on package upgrade diff --git a/sources b/sources index 04d946e..a28ea4b 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (samba-4.14.5.tar.asc) = 8c4efa05d47d647031bbca24341b1e2e793a05339c9abcdf28e05d6a8eada7dddc827d5d939bc578ecbcf38ba66374cd852414a8499f79c4ff5888bfd0363463 -SHA512 (samba-4.14.5.tar.xz) = 39952770676b7f74c94ffeb84c91ee0fef29e7d043a916b88ad7547f74d3d10a328722c361f82be49906c4361d4f4d97d06dbdc9119147a617297f126ae3ac12 +SHA512 (samba-4.15.2.tar.asc) = 732cc215c047988d4bce3d2ea981474f0cca44dd5a22030f49343aa3a37f6003bb84b116f7cdb0c8c4fd492354c107350f78101d7186fcb6027906ab1c92cf31 +SHA512 (samba-4.15.2.tar.xz) = d9aaabbf45ba0293dbda137a21f04d5fa533be07c3826de816513d8e2ae0ef6e6109ce4045dd74bcd5375364f6de5fa8ace6ae4b3c419bfffe55fa2bfeeb0d5d