import samba-4.15.2-3.el9

This commit is contained in:
CentOS Sources 2022-01-11 13:24:36 -05:00 committed by Stepan Oksanichenko
parent c96fd59038
commit 6009424a4f
12 changed files with 1537 additions and 149 deletions

2
.gitignore vendored
View File

@ -1,2 +1,2 @@
SOURCES/samba-4.14.5.tar.xz
SOURCES/samba-4.15.2.tar.xz
SOURCES/samba-pubkey_AA99442FB680B620.gpg

View File

@ -1,2 +1,2 @@
46925b3ed9f63b1b936f2271253fdccccbf1575f SOURCES/samba-4.14.5.tar.xz
4ab5db6dd0103af6dce93c5931729849774aa45e SOURCES/samba-4.15.2.tar.xz
971f563c447eda8d144d6c9e743cd0f0488c0d9e SOURCES/samba-pubkey_AA99442FB680B620.gpg

View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmC14EsACgkQqplEL7aA
tiDWUA//b0Dj/dJozZY/Q6OI9UjPNL9nvPGqpKF0Sl2sW5jO1KWdcq1OZk+H6eO5
gaX9nuH8Qo/IMxVRIPZVW6lXwsLzSdAOhwPAV02D/feSNfuld078v5yN1My2x6gH
tmfEVXZJjNkObhLDz0Wgq3mxxKvwxSM4+q2SI9p2/Yk32+oT1l/EWT3WZRNa/I1x
MF8nr8p5BktPw7tQoITG/JhkWudfkPpvVA3LJYl+F0rjubMA3C3btvDNquPaNXQ0
Jr0nOt8+OKpsrtBb6ED0su7CWqbHHjc7lTKLepruqnHzllk5/Tcsu6APVRb8qjim
B2ElieWYJKQ7vBchjuSw/3ufqOsJdvckO4znGM1bUFDnCV0DDOXPE/U5QmjcoQqE
kJ36m53WnGCHR3JbL+rSjrB1m0ip8tViNraV+Ch2sXNlNvKYPNNo3cgX62nnDWJz
aLlncx0W1LpZ8mhYVv0AvdoVKBDygzxheye8Fssz3Wz5RDzZ6Vm0AoJwBm+G8v1k
u0MXMyvBv1KLpBLL27PJm2m7r6KIDB0v9PuLK5iF107omkSWfY/lMLQR2UFph8oH
uCwV5PiEy/ecBhBfo3KzUG5yJLBBayYB2vGcXJh4yRpAByppFbpo3csr6UZSEsU8
iImmN97Tg3QVd/FTn9qRiQ15NxzWC0XCE1glY87KqqC5kl5Lk9Y=
=i6jp
-----END PGP SIGNATURE-----

View File

@ -0,0 +1,41 @@
From 2edaf32b4204b9fe363c441c25b6989fe76911a4 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Tue, 9 Nov 2021 20:50:20 +0100
Subject: [PATCH] s3:winbindd: fix "allow trusted domains = no" regression
add_trusted_domain() should only reject domains
based on is_allowed_domain(), which now also
checks "allow trusted domains = no", if we don't
have an explicit trust to the domain (SEC_CHAN_NULL).
We use at least SEC_CHAN_LOCAL for local domains like
BUILTIN.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14899
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Nov 10 11:21:31 UTC 2021 on sn-devel-184
(cherry picked from commit a7f6c60cb037b4bc9eee276236539b8282213935)
---
source3/winbindd/winbindd_util.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c
index 42ddbfd2f44..9d54e462c42 100644
--- a/source3/winbindd/winbindd_util.c
+++ b/source3/winbindd/winbindd_util.c
@@ -134,7 +134,7 @@ static NTSTATUS add_trusted_domain(const char *domain_name,
return NT_STATUS_INVALID_PARAMETER;
}
- if (!is_allowed_domain(domain_name)) {
+ if (secure_channel_type == SEC_CHAN_NULL && !is_allowed_domain(domain_name)) {
return NT_STATUS_NO_SUCH_DOMAIN;
}
--
2.33.1

View File

@ -0,0 +1,45 @@
From 3fc4d1d3998f3956a84c855cb60a9dcb335e1f59 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <ab@samba.org>
Date: Fri, 12 Nov 2021 19:06:01 +0200
Subject: [PATCH] IPA DC: add missing checks
When introducing FreeIPA support, two places were forgotten:
- schannel gensec module needs to be aware of IPA DC
- _lsa_QueryInfoPolicy should treat IPA DC as PDC
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14903
Signed-off-by: Alexander Bokovoy <ab@samba.org>
---
auth/gensec/schannel.c | 1 +
source3/rpc_server/lsa/srv_lsa_nt.c | 1 +
2 files changed, 2 insertions(+)
diff --git a/auth/gensec/schannel.c b/auth/gensec/schannel.c
index 0cdae141ead..6ebbe8f3179 100644
--- a/auth/gensec/schannel.c
+++ b/auth/gensec/schannel.c
@@ -1080,6 +1080,7 @@ static NTSTATUS schannel_server_start(struct gensec_security *gensec_security)
case ROLE_DOMAIN_BDC:
case ROLE_DOMAIN_PDC:
case ROLE_ACTIVE_DIRECTORY_DC:
+ case ROLE_IPA_DC:
return NT_STATUS_OK;
default:
return NT_STATUS_NOT_IMPLEMENTED;
diff --git a/source3/rpc_server/lsa/srv_lsa_nt.c b/source3/rpc_server/lsa/srv_lsa_nt.c
index 8d71b5252ab..ea92a22cbc9 100644
--- a/source3/rpc_server/lsa/srv_lsa_nt.c
+++ b/source3/rpc_server/lsa/srv_lsa_nt.c
@@ -683,6 +683,7 @@ NTSTATUS _lsa_QueryInfoPolicy(struct pipes_struct *p,
switch (lp_server_role()) {
case ROLE_DOMAIN_PDC:
case ROLE_DOMAIN_BDC:
+ case ROLE_IPA_DC:
name = get_global_sam_name();
sid = dom_sid_dup(p->mem_ctx, get_global_sam_sid());
if (!sid) {
--
2.33.1

View File

@ -0,0 +1,981 @@
From 96d6bd4feb27b9b003aac44ef2ab7ef0a288272d Mon Sep 17 00:00:00 2001
From: Ralph Boehme <slow@samba.org>
Date: Wed, 10 Nov 2021 20:18:07 +0100
Subject: [PATCH 1/8] source3: move lib/substitute.c functions out of proto.h
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14897
Signed-off-by: Ralph Boehme <slow@samba.org>
---
source3/auth/auth_generic.c | 1 +
source3/auth/auth_ntlmssp.c | 1 +
source3/auth/auth_util.c | 1 +
source3/include/proto.h | 33 -----------
source3/lib/substitute.c | 1 +
source3/lib/substitute.h | 63 +++++++++++++++++++++
source3/modules/vfs_expand_msdfs.c | 1 +
source3/modules/vfs_full_audit.c | 1 +
source3/modules/vfs_recycle.c | 1 +
source3/modules/vfs_unityed_media.c | 1 +
source3/modules/vfs_virusfilter_utils.c | 1 +
source3/nmbd/nmbd.c | 1 +
source3/nmbd/nmbd_synclists.c | 1 +
source3/param/loadparm.c | 1 +
source3/passdb/passdb.c | 1 +
source3/passdb/pdb_ldap.c | 1 +
source3/printing/print_generic.c | 1 +
source3/printing/printing.c | 1 +
source3/rpc_server/lsa/srv_lsa_nt.c | 1 +
source3/rpc_server/netlogon/srv_netlog_nt.c | 1 +
source3/rpc_server/srvsvc/srv_srvsvc_nt.c | 1 +
source3/smbd/ipc.c | 1 +
source3/smbd/lanman.c | 1 +
source3/smbd/message.c | 1 +
source3/smbd/msdfs.c | 1 +
source3/smbd/process.c | 1 +
source3/smbd/reply.c | 1 +
source3/smbd/server.c | 1 +
source3/smbd/service.c | 1 +
source3/smbd/sesssetup.c | 1 +
source3/smbd/share_access.c | 1 +
source3/smbd/smb2_server.c | 1 +
source3/smbd/smb2_sesssetup.c | 1 +
source3/smbd/trans2.c | 1 +
source3/smbd/uid.c | 1 +
source3/torture/torture.c | 1 +
source3/utils/net_sam.c | 1 +
source3/winbindd/wb_getpwsid.c | 1 +
source3/winbindd/winbindd.c | 1 +
39 files changed, 100 insertions(+), 33 deletions(-)
create mode 100644 source3/lib/substitute.h
diff --git a/source3/auth/auth_generic.c b/source3/auth/auth_generic.c
index fc7a7549e8e..ff51307e43a 100644
--- a/source3/auth/auth_generic.c
+++ b/source3/auth/auth_generic.c
@@ -36,6 +36,7 @@
#include "auth/credentials/credentials.h"
#include "lib/param/loadparm.h"
#include "librpc/gen_ndr/dcerpc.h"
+#include "source3/lib/substitute.h"
static NTSTATUS auth3_generate_session_info_pac(struct auth4_context *auth_ctx,
TALLOC_CTX *mem_ctx,
diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c
index 676aa9d892c..f2deca09aa6 100644
--- a/source3/auth/auth_ntlmssp.c
+++ b/source3/auth/auth_ntlmssp.c
@@ -25,6 +25,7 @@
#include "auth.h"
#include "libcli/security/security.h"
#include "lib/util/tevent_ntstatus.h"
+#include "source3/lib/substitute.h"
NTSTATUS auth3_generate_session_info(struct auth4_context *auth_context,
TALLOC_CTX *mem_ctx,
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index dec854d85c3..4527dedc49d 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -38,6 +38,7 @@
#include "rpc_client/util_netlogon.h"
#include "source4/auth/auth.h"
#include "auth/auth_util.h"
+#include "source3/lib/substitute.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_AUTH
diff --git a/source3/include/proto.h b/source3/include/proto.h
index eb45179aebb..a96c2c8d110 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -139,39 +139,6 @@ int smbrun_no_sanitize(const char *cmd, int *outfd, char * const *env);
int smbrun(const char *cmd, int *outfd, char * const *env);
int smbrunsecret(const char *cmd, const char *secret);
-/* The following definitions come from lib/substitute.c */
-
-bool set_local_machine_name(const char *local_name, bool perm);
-const char *get_local_machine_name(void);
-bool set_remote_machine_name(const char *remote_name, bool perm);
-const char *get_remote_machine_name(void);
-void sub_set_smb_name(const char *name);
-void set_current_user_info(const char *smb_name, const char *unix_name,
- const char *domain);
-void sub_set_socket_ids(const char *peeraddr, const char *peername,
- const char *sockaddr);
-const char *get_current_username(void);
-void standard_sub_basic(const char *smb_name, const char *domain_name,
- char *str, size_t len);
-char *talloc_sub_basic(TALLOC_CTX *mem_ctx, const char *smb_name,
- const char *domain_name, const char *str);
-char *talloc_sub_specified(TALLOC_CTX *mem_ctx,
- const char *input_string,
- const char *username,
- const char *grpname,
- const char *domain,
- uid_t uid,
- gid_t gid);
-char *talloc_sub_advanced(TALLOC_CTX *mem_ctx,
- const char *servicename, const char *user,
- const char *connectpath, gid_t gid,
- const char *str);
-char *talloc_sub_full(TALLOC_CTX *mem_ctx,
- const char *servicename, const char *user,
- const char *connectpath, gid_t gid,
- const char *smb_name, const char *domain_name,
- const char *str);
-
/* The following definitions come from lib/sysquotas.c */
int sys_get_quota(const char *path, enum SMB_QUOTA_TYPE qtype, unid_t id, SMB_DISK_QUOTA *dp);
diff --git a/source3/lib/substitute.c b/source3/lib/substitute.c
index b98a0acf1cb..a941b89f82a 100644
--- a/source3/lib/substitute.c
+++ b/source3/lib/substitute.c
@@ -20,6 +20,7 @@
#include "includes.h"
+#include "substitute.h"
#include "system/passwd.h"
#include "secrets.h"
#include "auth.h"
diff --git a/source3/lib/substitute.h b/source3/lib/substitute.h
new file mode 100644
index 00000000000..2056d163dd7
--- /dev/null
+++ b/source3/lib/substitute.h
@@ -0,0 +1,63 @@
+/*
+ Unix SMB/CIFS implementation.
+ string substitution functions
+ Copyright (C) Andrew Tridgell 1992-2000
+ Copyright (C) Gerald Carter 2006
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef SUBSTITUTE_H
+#define SUBSTITUTE_H
+
+bool set_local_machine_name(const char *local_name, bool perm);
+const char *get_local_machine_name(void);
+bool set_remote_machine_name(const char *remote_name, bool perm);
+const char *get_remote_machine_name(void);
+void sub_set_socket_ids(const char *peeraddr, const char *peername,
+ const char *sockaddr);
+void set_current_user_info(const char *smb_name,
+ const char *unix_name,
+ const char *domain);
+const char *get_current_username(void);
+void standard_sub_basic(const char *smb_name,
+ const char *domain_name,
+ char *str,
+ size_t len);
+char *talloc_sub_basic(TALLOC_CTX *mem_ctx,
+ const char *smb_name,
+ const char *domain_name,
+ const char *str);
+char *talloc_sub_specified(TALLOC_CTX *mem_ctx,
+ const char *input_string,
+ const char *username,
+ const char *grpname,
+ const char *domain,
+ uid_t uid,
+ gid_t gid);
+char *talloc_sub_advanced(TALLOC_CTX *ctx,
+ const char *servicename,
+ const char *user,
+ const char *connectpath,
+ gid_t gid,
+ const char *str);
+char *talloc_sub_full(TALLOC_CTX *ctx,
+ const char *servicename,
+ const char *user,
+ const char *connectpath,
+ gid_t gid,
+ const char *smb_name,
+ const char *domain_name,
+ const char *str);
+#endif
diff --git a/source3/modules/vfs_expand_msdfs.c b/source3/modules/vfs_expand_msdfs.c
index 34e7051dca5..fe3c6f47462 100644
--- a/source3/modules/vfs_expand_msdfs.c
+++ b/source3/modules/vfs_expand_msdfs.c
@@ -25,6 +25,7 @@
#include "auth.h"
#include "../lib/tsocket/tsocket.h"
#include "msdfs.h"
+#include "source3/lib/substitute.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_VFS
diff --git a/source3/modules/vfs_full_audit.c b/source3/modules/vfs_full_audit.c
index ceda99d4568..c8dbc8c07bb 100644
--- a/source3/modules/vfs_full_audit.c
+++ b/source3/modules/vfs_full_audit.c
@@ -73,6 +73,7 @@
#include "passdb/machine_sid.h"
#include "lib/util/tevent_ntstatus.h"
#include "lib/util/string_wrappers.h"
+#include "source3/lib/substitute.h"
static int vfs_full_audit_debug_level = DBGC_VFS;
diff --git a/source3/modules/vfs_recycle.c b/source3/modules/vfs_recycle.c
index 1c18f232c32..7cbc938a57c 100644
--- a/source3/modules/vfs_recycle.c
+++ b/source3/modules/vfs_recycle.c
@@ -27,6 +27,7 @@
#include "system/filesys.h"
#include "../librpc/gen_ndr/ndr_netlogon.h"
#include "auth.h"
+#include "source3/lib/substitute.h"
#define ALLOC_CHECK(ptr, label) do { if ((ptr) == NULL) { DEBUG(0, ("recycle.bin: out of memory!\n")); errno = ENOMEM; goto label; } } while(0)
diff --git a/source3/modules/vfs_unityed_media.c b/source3/modules/vfs_unityed_media.c
index 62a1456b996..fbd4d968172 100644
--- a/source3/modules/vfs_unityed_media.c
+++ b/source3/modules/vfs_unityed_media.c
@@ -62,6 +62,7 @@
#include "../lib/tsocket/tsocket.h"
#include "lib/util/smb_strtox.h"
#include <libgen.h>
+#include "source3/lib/substitute.h"
#define UM_PARAM_TYPE_NAME "unityed_media"
diff --git a/source3/modules/vfs_virusfilter_utils.c b/source3/modules/vfs_virusfilter_utils.c
index c7f8089ffc7..b8b44eb203b 100644
--- a/source3/modules/vfs_virusfilter_utils.c
+++ b/source3/modules/vfs_virusfilter_utils.c
@@ -25,6 +25,7 @@ struct iovec;
#include "lib/util/iov_buf.h"
#include <tevent.h>
#include "lib/tsocket/tsocket.h"
+#include "source3/lib/substitute.h"
int virusfilter_debug_class = DBGC_VFS;
diff --git a/source3/nmbd/nmbd.c b/source3/nmbd/nmbd.c
index 44121e9915c..7470897587e 100644
--- a/source3/nmbd/nmbd.c
+++ b/source3/nmbd/nmbd.c
@@ -29,6 +29,7 @@
#include "util_cluster.h"
#include "lib/gencache.h"
#include "lib/global_contexts.h"
+#include "source3/lib/substitute.h"
int ClientNMB = -1;
int ClientDGRAM = -1;
diff --git a/source3/nmbd/nmbd_synclists.c b/source3/nmbd/nmbd_synclists.c
index a65cbb87e0e..d291927fbc8 100644
--- a/source3/nmbd/nmbd_synclists.c
+++ b/source3/nmbd/nmbd_synclists.c
@@ -33,6 +33,7 @@
#include "libsmb/clirap.h"
#include "../libcli/smb/smbXcli_base.h"
#include "lib/util/string_wrappers.h"
+#include "source3/lib/substitute.h"
struct sync_record {
struct sync_record *next, *prev;
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index f54c08cc4a5..b56fd20e410 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -76,6 +76,7 @@
#include "lib/crypto/gnutls_helpers.h"
#include "lib/util/string_wrappers.h"
#include "auth/credentials/credentials.h"
+#include "source3/lib/substitute.h"
#ifdef HAVE_SYS_SYSCTL_H
#include <sys/sysctl.h>
diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index 068c5a5ea70..863f260ea90 100644
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -33,6 +33,7 @@
#include "auth/credentials/credentials.h"
#include "lib/param/param.h"
#include "lib/util/string_wrappers.h"
+#include "source3/lib/substitute.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_PASSDB
diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index e6d8a84c60f..93da28b1941 100644
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -56,6 +56,7 @@
#include "lib/util_sid_passdb.h"
#include "lib/util/smb_strtox.h"
#include "lib/util/string_wrappers.h"
+#include "source3/lib/substitute.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_PASSDB
diff --git a/source3/printing/print_generic.c b/source3/printing/print_generic.c
index 743c311bbd5..8798a4cf34a 100644
--- a/source3/printing/print_generic.c
+++ b/source3/printing/print_generic.c
@@ -20,6 +20,7 @@
#include "includes.h"
#include "printing.h"
#include "smbd/proto.h"
+#include "source3/lib/substitute.h"
extern userdom_struct current_user_info;
diff --git a/source3/printing/printing.c b/source3/printing/printing.c
index 499334df03f..67d798fbb21 100644
--- a/source3/printing/printing.c
+++ b/source3/printing/printing.c
@@ -40,6 +40,7 @@
#include "lib/util/string_wrappers.h"
#include "lib/global_contexts.h"
#include "source3/printing/rap_jobid.h"
+#include "source3/lib/substitute.h"
extern userdom_struct current_user_info;
diff --git a/source3/rpc_server/lsa/srv_lsa_nt.c b/source3/rpc_server/lsa/srv_lsa_nt.c
index d6d606ddeca..57f981cb358 100644
--- a/source3/rpc_server/lsa/srv_lsa_nt.c
+++ b/source3/rpc_server/lsa/srv_lsa_nt.c
@@ -53,6 +53,7 @@
#include "librpc/rpc/dcesrv_core.h"
#include "librpc/rpc/dcerpc_helper.h"
#include "lib/param/loadparm.h"
+#include "source3/lib/substitute.h"
#include "lib/crypto/gnutls_helpers.h"
#include <gnutls/gnutls.h>
diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c
index eaacd8dbc6a..2906fa3f30f 100644
--- a/source3/rpc_server/netlogon/srv_netlog_nt.c
+++ b/source3/rpc_server/netlogon/srv_netlog_nt.c
@@ -49,6 +49,7 @@
#include "lib/param/param.h"
#include "libsmb/dsgetdcname.h"
#include "lib/util/util_str_escape.h"
+#include "source3/lib/substitute.h"
extern userdom_struct current_user_info;
diff --git a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
index 8576e9d2ce2..fc27a459634 100644
--- a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
+++ b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
@@ -42,6 +42,7 @@
#include "messages.h"
#include "serverid.h"
#include "lib/global_contexts.h"
+#include "source3/lib/substitute.h"
extern const struct generic_mapping file_generic_mapping;
diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c
index f1c8ea0c2ed..cf3b7c91c22 100644
--- a/source3/smbd/ipc.c
+++ b/source3/smbd/ipc.c
@@ -29,6 +29,7 @@
#include "smbd/globals.h"
#include "smbprofile.h"
#include "rpc_server/srv_pipe_hnd.h"
+#include "source3/lib/substitute.h"
#define NERR_notsupported 50
diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c
index 9194113e768..eb8148753b9 100644
--- a/source3/smbd/lanman.c
+++ b/source3/smbd/lanman.c
@@ -45,6 +45,7 @@
#include "rpc_server/rpc_ncacn_np.h"
#include "lib/util/string_wrappers.h"
#include "source3/printing/rap_jobid.h"
+#include "source3/lib/substitute.h"
#ifdef CHECK_TYPES
#undef CHECK_TYPES
diff --git a/source3/smbd/message.c b/source3/smbd/message.c
index b9728946889..7185bec1289 100644
--- a/source3/smbd/message.c
+++ b/source3/smbd/message.c
@@ -27,6 +27,7 @@
#include "smbd/smbd.h"
#include "smbd/globals.h"
#include "smbprofile.h"
+#include "source3/lib/substitute.h"
extern userdom_struct current_user_info;
diff --git a/source3/smbd/msdfs.c b/source3/smbd/msdfs.c
index 995ed815d90..fd002e98071 100644
--- a/source3/smbd/msdfs.c
+++ b/source3/smbd/msdfs.c
@@ -34,6 +34,7 @@
#include "librpc/gen_ndr/ndr_dfsblobs.h"
#include "lib/tsocket/tsocket.h"
#include "lib/global_contexts.h"
+#include "source3/lib/substitute.h"
/**********************************************************************
Parse a DFS pathname of the form \hostname\service\reqpath
diff --git a/source3/smbd/process.c b/source3/smbd/process.c
index 03409742752..5015c143a04 100644
--- a/source3/smbd/process.c
+++ b/source3/smbd/process.c
@@ -46,6 +46,7 @@
#include "libcli/smb/smbXcli_base.h"
#include "lib/util/time_basic.h"
#include "smb1_utils.h"
+#include "source3/lib/substitute.h"
/* Internal message queue for deferred opens. */
struct pending_message_list {
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index 042e7f2329e..f85d1122a07 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -50,6 +50,7 @@
#include "libcli/smb/smb2_posix.h"
#include "lib/util/string_wrappers.h"
#include "source3/printing/rap_jobid.h"
+#include "source3/lib/substitute.h"
/****************************************************************************
Ensure we check the path in *exactly* the same way as W2K for a findfirst/findnext
diff --git a/source3/smbd/server.c b/source3/smbd/server.c
index d7f5b4b73c0..d02ff1bd883 100644
--- a/source3/smbd/server.c
+++ b/source3/smbd/server.c
@@ -60,6 +60,7 @@
#include "rpc_server/fssd.h"
#include "rpc_server/mdssd.h"
#include "lib/global_contexts.h"
+#include "source3/lib/substitute.h"
#ifdef CLUSTER_SUPPORT
#include "ctdb_protocol.h"
diff --git a/source3/smbd/service.c b/source3/smbd/service.c
index afdea38b016..ef7c14d92d0 100644
--- a/source3/smbd/service.c
+++ b/source3/smbd/service.c
@@ -34,6 +34,7 @@
#include "lib/afs/afs_funcs.h"
#include "lib/util_path.h"
#include "lib/util/string_wrappers.h"
+#include "source3/lib/substitute.h"
bool canonicalize_connect_path(connection_struct *conn)
{
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index 2bd527ce80e..1705b8920b6 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -34,6 +34,7 @@
#include "auth/gensec/gensec.h"
#include "../libcli/smb/smb_signing.h"
#include "lib/util/string_wrappers.h"
+#include "source3/lib/substitute.h"
/****************************************************************************
Add the standard 'Samba' signature to the end of the session setup.
diff --git a/source3/smbd/share_access.c b/source3/smbd/share_access.c
index debe4fc6385..c44c4bd8c69 100644
--- a/source3/smbd/share_access.c
+++ b/source3/smbd/share_access.c
@@ -23,6 +23,7 @@
#include "../libcli/security/security.h"
#include "passdb/lookup_sid.h"
#include "auth.h"
+#include "source3/lib/substitute.h"
/*
* We dropped NIS support in 2021, but need to keep configs working.
diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c
index f359db0729d..f6b376e5a07 100644
--- a/source3/smbd/smb2_server.c
+++ b/source3/smbd/smb2_server.c
@@ -33,6 +33,7 @@
#include "lib/util/iov_buf.h"
#include "auth.h"
#include "libcli/smb/smbXcli_base.h"
+#include "source3/lib/substitute.h"
#if defined(LINUX)
/* SIOCOUTQ TIOCOUTQ are the same */
diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index 38049e8535f..14b806bc007 100644
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -28,6 +28,7 @@
#include "../lib/tsocket/tsocket.h"
#include "../libcli/security/security.h"
#include "../lib/util/tevent_ntstatus.h"
+#include "source3/lib/substitute.h"
#include "lib/crypto/gnutls_helpers.h"
#include <gnutls/gnutls.h>
diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index cd6b61429c5..a86ac3228e3 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -45,6 +45,7 @@
#include "smb1_utils.h"
#include "libcli/smb/smb2_posix.h"
#include "lib/util/string_wrappers.h"
+#include "source3/lib/substitute.h"
#define DIR_ENTRY_SAFETY_MARGIN 4096
diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c
index b0d7f21c200..52918c4f181 100644
--- a/source3/smbd/uid.c
+++ b/source3/smbd/uid.c
@@ -26,6 +26,7 @@
#include "passdb/lookup_sid.h"
#include "auth.h"
#include "../auth/auth_util.h"
+#include "source3/lib/substitute.h"
/* what user is current? */
extern struct current_user current_user;
diff --git a/source3/torture/torture.c b/source3/torture/torture.c
index 79a9c65073c..d3e0e3cf095 100644
--- a/source3/torture/torture.c
+++ b/source3/torture/torture.c
@@ -51,6 +51,7 @@
#include "lib/param/param.h"
#include "auth/gensec/gensec.h"
#include "lib/util/string_wrappers.h"
+#include "source3/lib/substitute.h"
#include <gnutls/gnutls.h>
#include <gnutls/crypto.h>
diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c
index 6a2c6c861f9..17cc47b2ddd 100644
--- a/source3/utils/net_sam.c
+++ b/source3/utils/net_sam.c
@@ -33,6 +33,7 @@
#include "idmap.h"
#include "lib/util/smb_strtox.h"
#include "lib/util/string_wrappers.h"
+#include "source3/lib/substitute.h"
/*
* Set a user's data
diff --git a/source3/winbindd/wb_getpwsid.c b/source3/winbindd/wb_getpwsid.c
index fb0351ec201..7f168bdda7a 100644
--- a/source3/winbindd/wb_getpwsid.c
+++ b/source3/winbindd/wb_getpwsid.c
@@ -22,6 +22,7 @@
#include "librpc/gen_ndr/ndr_winbind_c.h"
#include "../libcli/security/security.h"
#include "lib/util/string_wrappers.h"
+#include "source3/lib/substitute.h"
struct wb_getpwsid_state {
struct tevent_context *ev;
diff --git a/source3/winbindd/winbindd.c b/source3/winbindd/winbindd.c
index 25d8b723010..290454619a4 100644
--- a/source3/winbindd/winbindd.c
+++ b/source3/winbindd/winbindd.c
@@ -51,6 +51,7 @@
#include "lib/gencache.h"
#include "rpc_server/rpc_config.h"
#include "lib/global_contexts.h"
+#include "source3/lib/substitute.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_WINBIND
--
2.33.1
From 1184733a1628c1187a215956195ca806419db16d Mon Sep 17 00:00:00 2001
From: Ralph Boehme <slow@samba.org>
Date: Thu, 11 Nov 2021 05:23:09 +0100
Subject: [PATCH 2/8] samba-bgqd: fix startup and logging
Let samba-bgqd use the new POPT_COMMON_DAEMON infrastructure.
The calls to setup_logging() can safely be removed as this is already taken care
of by samba_cmdline_init().
To avoid a logfile basename of ".log" when using "%m", we add a call to
set_remote_machine_name().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14897
Signed-off-by: Ralph Boehme <slow@samba.org>
---
source3/printing/samba-bgqd.c | 35 ++++++++++-------------------------
1 file changed, 10 insertions(+), 25 deletions(-)
diff --git a/source3/printing/samba-bgqd.c b/source3/printing/samba-bgqd.c
index 8ac6ec525b2..2cd6a8e007a 100644
--- a/source3/printing/samba-bgqd.c
+++ b/source3/printing/samba-bgqd.c
@@ -40,6 +40,7 @@
#include "source3/lib/util_procid.h"
#include "source3/auth/proto.h"
#include "source3/printing/queue_process.h"
+#include "source3/lib/substitute.h"
static void watch_handler(struct tevent_req *req)
{
@@ -235,6 +236,7 @@ static int closeall_except_fd_params(
int main(int argc, const char *argv[])
{
+ struct samba_cmdline_daemon_cfg *cmdline_daemon_cfg = NULL;
const struct loadparm_substitution *lp_sub =
loadparm_s3_global_substitution();
const char *progname = getprogname();
@@ -245,8 +247,6 @@ int main(int argc, const char *argv[])
struct tevent_req *watch_req = NULL;
struct tevent_signal *sigterm_handler = NULL;
struct bq_state *bq = NULL;
- int foreground = 0;
- int no_process_group = 0;
int log_stdout = 0;
int ready_signal_fd = -1;
int watch_fd = -1;
@@ -259,21 +259,7 @@ int main(int argc, const char *argv[])
struct poptOption long_options[] = {
POPT_AUTOHELP
POPT_COMMON_SAMBA
- {
- .longName = "foreground",
- .shortName = 'F',
- .argInfo = POPT_ARG_NONE,
- .arg = &foreground,
- .descrip = "Run daemon in foreground "
- "(for daemontools, etc.)",
- },
- {
- .longName = "no-process-group",
- .shortName = '\0',
- .argInfo = POPT_ARG_NONE,
- .arg = &no_process_group,
- .descrip = "Don't create a new process group" ,
- },
+ POPT_COMMON_DAEMON
/*
* File descriptor to write the PID of the helper
@@ -311,6 +297,7 @@ int main(int argc, const char *argv[])
frame = talloc_stackframe();
umask(0);
+ set_remote_machine_name("smbd-bgqd", true);
ok = samba_cmdline_init(frame,
SAMBA_CMDLINE_CONFIG_SERVER,
@@ -320,6 +307,8 @@ int main(int argc, const char *argv[])
exit(ENOMEM);
}
+ cmdline_daemon_cfg = samba_cmdline_get_daemon_cfg();
+
pc = samba_popt_get_context(progname,
argc,
argv,
@@ -340,16 +329,12 @@ int main(int argc, const char *argv[])
log_stdout = (debug_get_log_type() == DEBUG_STDOUT);
- if (foreground) {
+ if (!cmdline_daemon_cfg->fork) {
daemon_status(progname, "Starting process ... ");
} else {
- become_daemon(true, no_process_group, log_stdout);
- }
-
- if (log_stdout) {
- setup_logging(progname, DEBUG_STDOUT);
- } else {
- setup_logging(progname, DEBUG_FILE);
+ become_daemon(true,
+ cmdline_daemon_cfg->no_process_group,
+ log_stdout);
}
BlockSignals(true, SIGPIPE);
--
2.33.1
From 1a0a1ccbe888332ea134b16bfac0d0d011bf1f4c Mon Sep 17 00:00:00 2001
From: Ralph Boehme <slow@samba.org>
Date: Wed, 10 Nov 2021 18:27:08 +0100
Subject: [PATCH 3/8] winbindd: remove is_default_dyn_LOGFILEBASE() logic
Handling of -l commandline parameter is already implemented by lib/cmdline/.
is_default_dyn_LOGFILEBASE() == true is the default case and this causes us to
temporarily overwrite the configured logfile with LOGFILEBASE/log.winbindd until
winbindd_reload_services_file() restores it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14897
Signed-off-by: Ralph Boehme <slow@samba.org>
---
source3/winbindd/winbindd.c | 9 ---------
1 file changed, 9 deletions(-)
diff --git a/source3/winbindd/winbindd.c b/source3/winbindd/winbindd.c
index 290454619a4..58c5ffbced4 100644
--- a/source3/winbindd/winbindd.c
+++ b/source3/winbindd/winbindd.c
@@ -1717,15 +1717,6 @@ int main(int argc, const char **argv)
poptFreeContext(pc);
- if (is_default_dyn_LOGFILEBASE()) {
- char *lfile = NULL;
- if (asprintf(&lfile,"%s/log.winbindd",
- get_dyn_LOGFILEBASE()) > 0) {
- lp_set_logfile(lfile);
- SAFE_FREE(lfile);
- }
- }
-
reopen_logs();
DEBUG(0,("winbindd version %s started.\n", samba_version_string()));
--
2.33.1
From bcbf9fb6669933cc3dcf1f615d2885c542a08035 Mon Sep 17 00:00:00 2001
From: Ralph Boehme <slow@samba.org>
Date: Wed, 10 Nov 2021 14:13:11 +0100
Subject: [PATCH 4/8] lib/debug: fix fd check before dup'ing to stderr
Before I added per-class logfile and we had only one fd for the logfile the code
looked like this:
/* Take over stderr to catch output into logs */
if (state.fd > 0) {
if (dup2(state.fd, 2) == -1) {
/* Close stderr too, if dup2 can't point it -
at the logfile. There really isn't much
that can be done on such a fundamental
failure... */
close_low_fd(2);
}
}
In the current code the equivalent to state.fd is dbgc_config[DBGC_ALL].fd.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14897
Signed-off-by: Ralph Boehme <slow@samba.org>
---
lib/util/debug.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/lib/util/debug.c b/lib/util/debug.c
index 4fd17679227..b271608621a 100644
--- a/lib/util/debug.c
+++ b/lib/util/debug.c
@@ -1125,7 +1125,6 @@ bool reopen_logs_internal(void)
{
struct debug_backend *b = NULL;
mode_t oldumask;
- int new_fd = 0;
size_t i;
bool ok;
@@ -1190,7 +1189,7 @@ bool reopen_logs_internal(void)
* If log file was opened or created successfully, take over stderr to
* catch output into logs.
*/
- if (new_fd != -1) {
+ if (dbgc_config[DBGC_ALL].fd > 0) {
if (dup2(dbgc_config[DBGC_ALL].fd, 2) == -1) {
/* Close stderr too, if dup2 can't point it -
at the logfile. There really isn't much
--
2.33.1
From 9f76bd48d87eb03c66dfe942b4a84e997a8fe8ba Mon Sep 17 00:00:00 2001
From: Ralph Boehme <slow@samba.org>
Date: Mon, 8 Nov 2021 19:41:50 +0100
Subject: [PATCH 5/8] lib/debug: in debug_set_logfile() call
reopen_logs_internal()
This simplifies the logging API for callers that typically would want to set
logging by just setup_logging() once without bothering that typically
configuration is loaded (via some lpcfg_load*() or lp_load*() varient) which
will only then pick up the configured logfile from smb.conf without actually
applying the new logifle to the logging subsytem.
Therefor our daemons will additionally call reopen_logs() explicitly in their
startup code after config is loaded, eg
setup_logging(getprogname(), DEBUG_FILE);
...
lpcfg_load(lp_ctx, config_file);
...
reopen_logs();
By calling reopen_logs_internal() implicitly from debug_set_logfile() there's no
need to call reopen_logs() explicitly anymore to apply the logfile.
As reopen_logs() will also apply other logging configuration options, we have to
keep the explicit calls in the daemon code. But at least this allows consistent
logging setup wrt to the logfile in the new cmdline library.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14897
Signed-off-by: Ralph Boehme <slow@samba.org>
---
lib/util/debug.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/lib/util/debug.c b/lib/util/debug.c
index b271608621a..171b5e15008 100644
--- a/lib/util/debug.c
+++ b/lib/util/debug.c
@@ -1018,6 +1018,8 @@ void debug_set_logfile(const char *name)
}
TALLOC_FREE(dbgc_config[DBGC_ALL].logfile);
dbgc_config[DBGC_ALL].logfile = talloc_strdup(NULL, name);
+
+ reopen_logs_internal();
}
static void debug_close_fd(int fd)
--
2.33.1
From b80911bc1a306cac479ee3feabdcea124946cdde Mon Sep 17 00:00:00 2001
From: Ralph Boehme <slow@samba.org>
Date: Mon, 8 Nov 2021 12:08:47 +0100
Subject: [PATCH 6/8] lib/cmdline: fix indentation
s/whitespace/tab/
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14897
Signed-off-by: Ralph Boehme <slow@samba.org>
---
lib/cmdline/cmdline_s3.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/cmdline/cmdline_s3.c b/lib/cmdline/cmdline_s3.c
index 1f8d9ed5eb5..639d403aed3 100644
--- a/lib/cmdline/cmdline_s3.c
+++ b/lib/cmdline/cmdline_s3.c
@@ -55,7 +55,7 @@ static bool _samba_cmdline_load_config_s3(void)
case SAMBA_CMDLINE_CONFIG_CLIENT:
ok = lp_load_client(config_file);
break;
- case SAMBA_CMDLINE_CONFIG_SERVER:
+ case SAMBA_CMDLINE_CONFIG_SERVER:
{
const struct samba_cmdline_daemon_cfg *cmdline_daemon_cfg =
samba_cmdline_get_daemon_cfg();
--
2.33.1
From a6b6b0b6e6dfcd2c8e2c2085d20cd16c51e3b379 Mon Sep 17 00:00:00 2001
From: Ralph Boehme <slow@samba.org>
Date: Mon, 8 Nov 2021 12:09:16 +0100
Subject: [PATCH 7/8] lib/cmdline: remember config_type in samba_cmdline_init()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14897
Signed-off-by: Ralph Boehme <slow@samba.org>
---
lib/cmdline/cmdline_s4.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/lib/cmdline/cmdline_s4.c b/lib/cmdline/cmdline_s4.c
index 61c1b96ba8d..6ef6f59db49 100644
--- a/lib/cmdline/cmdline_s4.c
+++ b/lib/cmdline/cmdline_s4.c
@@ -25,6 +25,7 @@
#include "cmdline_private.h"
static bool _require_smbconf;
+static enum samba_cmdline_config_type _config_type;
static bool _samba_cmdline_load_config_s4(void)
{
@@ -81,6 +82,7 @@ bool samba_cmdline_init(TALLOC_CTX *mem_ctx,
return false;
}
_require_smbconf = require_smbconf;
+ _config_type = config_type;
creds = cli_credentials_init(mem_ctx);
if (creds == NULL) {
--
2.33.1
From e1d6ab1b0dbd8ff30019edf804c4766b066db4b7 Mon Sep 17 00:00:00 2001
From: Ralph Boehme <slow@samba.org>
Date: Mon, 8 Nov 2021 12:09:43 +0100
Subject: [PATCH 8/8] lib/cmdline: setup default file logging for servers
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14897
RN: samba process doesn't log to logfile
Signed-off-by: Ralph Boehme <slow@samba.org>
---
lib/cmdline/cmdline_s4.c | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/lib/cmdline/cmdline_s4.c b/lib/cmdline/cmdline_s4.c
index 6ef6f59db49..29e9f34bbe2 100644
--- a/lib/cmdline/cmdline_s4.c
+++ b/lib/cmdline/cmdline_s4.c
@@ -44,6 +44,20 @@ static bool _samba_cmdline_load_config_s4(void)
}
}
+ switch (_config_type) {
+ case SAMBA_CMDLINE_CONFIG_SERVER: {
+ const struct samba_cmdline_daemon_cfg *cmdline_daemon_cfg =
+ samba_cmdline_get_daemon_cfg();
+
+ if (!cmdline_daemon_cfg->interactive) {
+ setup_logging(getprogname(), DEBUG_FILE);
+ }
+ break;
+ }
+ default:
+ break;
+ }
+
config_file = get_dyn_CONFIGFILE();
ok = lpcfg_load(lp_ctx, config_file);
if (!ok) {
--
2.33.1

View File

@ -0,0 +1,61 @@
From 3d02bf10d7738fe604b524863764de3ca1faa081 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
Date: Thu, 4 Nov 2021 22:22:44 +0100
Subject: [PATCH] s3-winexe: Fix winexe core dump (use-after-free)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14893
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Fri Nov 5 11:43:57 UTC 2021 on sn-devel-184
(cherry picked from commit e9495d2ed28a26899dc3dd77bdfe56e284980218)
---
examples/winexe/winexe.c | 16 ++++++++++++----
1 file changed, 12 insertions(+), 4 deletions(-)
diff --git a/examples/winexe/winexe.c b/examples/winexe/winexe.c
index 3e0813a4091..59fb9dbdebb 100644
--- a/examples/winexe/winexe.c
+++ b/examples/winexe/winexe.c
@@ -220,8 +220,6 @@ static void parse_args(int argc, const char *argv[],
*port_str = '\0';
}
- poptFreeContext(pc);
-
if (options->runas == NULL && options->runas_file != NULL) {
struct cli_credentials *runas_cred;
const char *user;
@@ -253,9 +251,19 @@ static void parse_args(int argc, const char *argv[],
options->credentials = samba_cmdline_get_creds();
- options->hostname = argv_new[0] + 2;
+ options->hostname = talloc_strdup(mem_ctx, argv_new[0] + 2);
+ if (options->hostname == NULL) {
+ DBG_ERR("Out of memory\n");
+ exit(1);
+ }
options->port = port;
- options->cmd = argv_new[1];
+ options->cmd = talloc_strdup(mem_ctx, argv_new[1]);
+ if (options->cmd == NULL) {
+ DBG_ERR("Out of memory\n");
+ exit(1);
+ }
+
+ poptFreeContext(pc);
options->flags = flag_interactive;
if (flag_reinstall) {
--
2.33.1

View File

@ -0,0 +1,58 @@
From 61fd63d70578043de9f3bff1c3267c499dbf50a0 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Wed, 10 Nov 2021 12:06:51 +0100
Subject: [PATCH] auth:creds: Guess the username first via getpwuid(my_id)
If we have a container, we often don't have USER or LOGNAME set.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14883
Tested-by: Anoop C S <anoopcs@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit c28be4067463e582e378df402f812e510883d606)
---
auth/credentials/credentials.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c
index 02a3cf3b354..c5a6ba6940c 100644
--- a/auth/credentials/credentials.c
+++ b/auth/credentials/credentials.c
@@ -30,6 +30,7 @@
#include "tevent.h"
#include "param/param.h"
#include "system/filesys.h"
+#include "system/passwd.h"
/**
* Create a new credentials structure
@@ -1159,6 +1160,7 @@ _PUBLIC_ bool cli_credentials_guess(struct cli_credentials *cred,
{
const char *error_string;
const char *env = NULL;
+ struct passwd *pwd = NULL;
bool ok;
if (lp_ctx != NULL) {
@@ -1168,6 +1170,17 @@ _PUBLIC_ bool cli_credentials_guess(struct cli_credentials *cred,
}
}
+ pwd = getpwuid(getuid());
+ if (pwd != NULL) {
+ size_t len = strlen(pwd->pw_name);
+
+ if (len > 0 && len <= 1024) {
+ (void)cli_credentials_parse_string(cred,
+ pwd->pw_name,
+ CRED_GUESS_ENV);
+ }
+ }
+
env = getenv("LOGNAME");
if (env != NULL) {
size_t len = strlen(env);
--
2.33.1

View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmGJC1MACgkQqplEL7aA
tiCwkhAAgHQFzw/TiURShe+AAw9eE168VXPICTBPNSRRiYH2FBbqG4qSHxG/SSAr
Fq8tMAoGhVuPC+Rjie7wMYoF9R7wd3X+KQ2GzLismbHS6Cn2C1EJ0cX/UJqP+Qpu
vitKHTpczNqEtWbYiMO2NKuLz1pyGl8/i/HErlVmSVFrHUnyLDXkZn1R1+R8b4hg
9Nj27L41ndAqyws24MCKoWNuhkwCN3QLf/n4/b22wZwJyNmiwvJlH5nK0RF4gY1T
Ne09HHNovcBvIgtJCp+ABcSKVQXGj2L47XDLBEXU4AeM+dzbRP0dBOCzs50ZbYQ1
8JMq7+r/MWSKuiDf1ofW6EYZPcxRsKcFGhpnP7rlMucxNRN358CqTaVW8qmhBRDV
9mglTBX6ie+Jj8fYP7Ak5rc+LYxolfTZmniH+dk7HH4QUdXjL/P3SpSwhwNmxtmc
JCWP4Tszw0tpRwoGRdt3A+I1/YRRCftSL5/Nm8q+ERyW77uVH+IkWdAsjuZUHyod
sT1+YQGoPrBRmESpugqqKQKQ9/CgVL1PZLjfKAgFP2a5/gwTr12rjXXn7uEMShjq
WDduBZRH6873IcVYkV/TVmqd+AfHk31d4B4Djzy7itGqF4XNCpWFlmLj4kApNY99
IXPfzua5Owjc8LIZssRSmPE0BLa1ElCfPvk6q2IJnpWZ04EdCjo=
=sYeb
-----END PGP SIGNATURE-----

View File

@ -0,0 +1,30 @@
From 939aed0498269df3c1e012f3b68c314b583f25bd Mon Sep 17 00:00:00 2001
From: Martin Schwenke <martin@meltin.net>
Date: Tue, 27 Apr 2021 15:46:14 +1000
Subject: [PATCH] utils: Use Python 3
Due to the number of flake8 and pylint warnings it is unclear if the
source has Python 3 incompatibilities. These will be cleaned up in
subsequent commits.
Signed-off-by: "L.P.H. van Belle" <belle@bazuin.nl>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jose A. Rivera <jarrpa@samba.org>
---
ctdb/utils/etcd/ctdb_etcd_lock | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ctdb/utils/etcd/ctdb_etcd_lock b/ctdb/utils/etcd/ctdb_etcd_lock
index 000c6bb7208..7f5194eff0a 100755
--- a/ctdb/utils/etcd/ctdb_etcd_lock
+++ b/ctdb/utils/etcd/ctdb_etcd_lock
@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/env python3
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
--
2.31.1

View File

@ -1,22 +1,21 @@
From fe300549844509624d944b93fc64dc6d382e71c1 Mon Sep 17 00:00:00 2001
From 0b196043f08ea4c025f19c4519175a3a73e1d185 Mon Sep 17 00:00:00 2001
From: Isaac Boukris <iboukris@gmail.com>
Date: Fri, 27 Sep 2019 18:25:03 +0300
Subject: [PATCH 3/7] mit-kdc: add basic loacl realm S4U support
Subject: [PATCH 1/3] mit-kdc: add basic loacl realm S4U support
Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
---
source4/kdc/mit-kdb/kdb_samba_policies.c | 148 +++++++++---------
source4/kdc/mit_samba.c | 47 ++----
source4/kdc/mit_samba.h | 6 +-
wscript_configure_system_mitkrb5 | 3 +
6 files changed, 91 insertions(+), 115 deletions(-)
source4/kdc/mit-kdb/kdb_samba_policies.c | 124 +++++++++++------------
source4/kdc/mit_samba.c | 47 ++-------
source4/kdc/mit_samba.h | 6 +-
3 files changed, 71 insertions(+), 106 deletions(-)
diff --git a/source4/kdc/mit-kdb/kdb_samba_policies.c b/source4/kdc/mit-kdb/kdb_samba_policies.c
index 9197551ed61..944324d9a2f 100644
index f35210669c2..b1c7c5dcc5e 100644
--- a/source4/kdc/mit-kdb/kdb_samba_policies.c
+++ b/source4/kdc/mit-kdb/kdb_samba_policies.c
@@ -192,13 +192,17 @@ static krb5_error_code ks_verify_pac(krb5_context context,
@@ -195,13 +195,17 @@ static krb5_error_code ks_verify_pac(krb5_context context,
krb5_keyblock *krbtgt_key,
krb5_timestamp authtime,
krb5_authdata **tgt_auth_data,
@ -37,7 +36,7 @@ index 9197551ed61..944324d9a2f 100644
mit_ctx = ks_get_context(context);
if (mit_ctx == NULL) {
@@ -230,41 +234,43 @@ static krb5_error_code ks_verify_pac(krb5_context context,
@@ -233,41 +237,43 @@ static krb5_error_code ks_verify_pac(krb5_context context,
code = krb5_pac_parse(context,
authdata[0]->contents,
authdata[0]->length,
@ -107,7 +106,7 @@ index 9197551ed61..944324d9a2f 100644
if (code != 0) {
goto done;
}
@@ -272,17 +278,22 @@ static krb5_error_code ks_verify_pac(krb5_context context,
@@ -275,17 +281,22 @@ static krb5_error_code ks_verify_pac(krb5_context context,
code = mit_samba_reget_pac(mit_ctx,
context,
flags,
@ -134,31 +133,30 @@ index 9197551ed61..944324d9a2f 100644
return code;
}
@@ -324,7 +335,7 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
{
#endif
@@ -314,6 +325,7 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
krb5_authdata **pac_auth_data = NULL;
krb5_authdata **authdata = NULL;
- krb5_boolean is_as_req;
krb5_boolean is_as_req;
+ krb5_const_principal pac_client;
krb5_error_code code;
krb5_pac pac = NULL;
krb5_data pac_data;
@@ -334,24 +345,21 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
@@ -325,11 +337,6 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
krbtgt = krbtgt == NULL ? local_krbtgt : krbtgt;
krbtgt_key = krbtgt_key == NULL ? local_krbtgt_key : krbtgt_key;
#endif
- /* FIXME: We don't support S4U yet */
- if (flags & KRB5_KDB_FLAGS_S4U) {
- return KRB5_KDB_DBTYPE_NOSUP;
- }
-
- is_as_req = ((flags & KRB5_KDB_FLAG_CLIENT_REFERRALS_ONLY) != 0);
-
- if (is_as_req && (flags & KRB5_KDB_FLAG_INCLUDE_PAC)) {
- code = ks_get_pac(context, client, client_key, &pac);
- if (code != 0) {
- goto done;
- }
is_as_req = ((flags & KRB5_KDB_FLAG_CLIENT_REFERRALS_ONLY) != 0);
/*
@@ -390,6 +397,16 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
ks_client_princ = client->princ;
}
+ /* In protocol transition, we are currently not provided with the tgt
+ * client name to verify the PAC, we could probably skip the name
+ * verification and just verify the signatures, but since we don't
@ -166,59 +164,31 @@ index 9197551ed61..944324d9a2f 100644
+ if (flags & KRB5_KDB_FLAG_PROTOCOL_TRANSITION) {
+ pac_client = server->princ;
+ } else {
+ pac_client = client_princ;
}
- if (!is_as_req) {
+ /* TGS request */
+ if (!(flags & KRB5_KDB_FLAG_CLIENT_REFERRALS_ONLY)) {
code = ks_verify_pac(context,
flags,
- client_princ,
+ pac_client,
client,
server,
krbtgt,
@@ -363,14 +371,28 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
if (code != 0) {
goto done;
}
+
+ /* We require PAC as we don't support LSA_TRUST_TYPE_MIT */
+ if (pac == NULL) {
+ code = KRB5_KDB_DBTYPE_NOSUP;
+ goto done;
+ }
}
- if (pac == NULL && client != NULL) {
+ if (flags & KRB5_KDB_FLAG_PROTOCOL_TRANSITION) {
+ krb5_pac_free(context, pac);
+ pac = NULL;
+ pac_client = ks_client_princ;
+ }
+ /* AS request or local realm protocol transition */
+ if ((flags & KRB5_KDB_FLAG_CLIENT_REFERRALS_ONLY) ||
+ (client != NULL && (flags & KRB5_KDB_FLAG_PROTOCOL_TRANSITION))) {
code = ks_get_pac(context, client, client_key, &pac);
if (code != 0) {
goto done;
}
+ /* We require a pac! */
+ SMB_ASSERT(pac != NULL);
+
if (client_entry == NULL) {
client_entry = client;
}
@@ -454,7 +471,7 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
if (pac == NULL) {
@@ -379,7 +401,7 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
}
code = krb5_pac_sign(context, pac, authtime, client_princ,
code = ks_verify_pac(context,
flags,
- ks_client_princ,
+ pac_client,
client_entry,
server,
krbtgt,
@@ -494,7 +511,7 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
is_as_req ? "AS-REQ" : "TGS-REQ",
client_name);
code = krb5_pac_sign(context, pac, authtime, ks_client_princ,
- server_key, krbtgt_key, &pac_data);
+ server_key, krbtgt_key, &pac_data);
if (code != 0) {
DBG_ERR("krb5_pac_sign failed: %d\n", code);
goto done;
@@ -405,11 +427,6 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
@@ -520,12 +537,6 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
KRB5_AUTHDATA_IF_RELEVANT,
authdata,
signed_auth_data);
@ -227,10 +197,11 @@ index 9197551ed61..944324d9a2f 100644
- }
-
- code = 0;
-
done:
krb5_pac_free(context, pac);
@@ -432,32 +449,13 @@ krb5_error_code kdb_samba_db_check_allowed_to_delegate(krb5_context context,
if (client_entry != NULL && client_entry != client) {
ks_free_principal(context, client_entry);
@@ -551,32 +562,13 @@ krb5_error_code kdb_samba_db_check_allowed_to_delegate(krb5_context context,
* server; -> delegating service
* proxy; -> target principal
*/
@ -265,10 +236,10 @@ index 9197551ed61..944324d9a2f 100644
diff --git a/source4/kdc/mit_samba.c b/source4/kdc/mit_samba.c
index 54dcd545ea1..f23327c9613 100644
index 4239332f0d9..acc3cba6254 100644
--- a/source4/kdc/mit_samba.c
+++ b/source4/kdc/mit_samba.c
@@ -467,7 +467,6 @@ int mit_samba_get_pac(struct mit_samba_context *smb_ctx,
@@ -501,7 +501,6 @@ int mit_samba_get_pac(struct mit_samba_context *smb_ctx,
krb5_error_code mit_samba_reget_pac(struct mit_samba_context *ctx,
krb5_context context,
int flags,
@ -276,7 +247,7 @@ index 54dcd545ea1..f23327c9613 100644
krb5_db_entry *client,
krb5_db_entry *server,
krb5_db_entry *krbtgt,
@@ -615,7 +614,7 @@ krb5_error_code mit_samba_reget_pac(struct mit_samba_context *ctx,
@@ -665,7 +664,7 @@ krb5_error_code mit_samba_reget_pac(struct mit_samba_context *ctx,
context,
*pac,
server->princ,
@ -285,7 +256,7 @@ index 54dcd545ea1..f23327c9613 100644
deleg_blob);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(0, ("Update delegation info failed: %s\n",
@@ -937,41 +936,17 @@ int mit_samba_check_client_access(struct mit_samba_context *ctx,
@@ -987,41 +986,17 @@ int mit_samba_check_client_access(struct mit_samba_context *ctx,
}
int mit_samba_check_s4u2proxy(struct mit_samba_context *ctx,
@ -338,7 +309,7 @@ index 54dcd545ea1..f23327c9613 100644
static krb5_error_code mit_samba_change_pwd_error(krb5_context context,
diff --git a/source4/kdc/mit_samba.h b/source4/kdc/mit_samba.h
index ba824557bd5..5aadf206443 100644
index 636c77ec97c..9cb00c9610e 100644
--- a/source4/kdc/mit_samba.h
+++ b/source4/kdc/mit_samba.h
@@ -56,7 +56,6 @@ int mit_samba_get_pac(struct mit_samba_context *smb_ctx,
@ -362,12 +333,13 @@ index ba824557bd5..5aadf206443 100644
int mit_samba_kpasswd_change_password(struct mit_samba_context *ctx,
char *pwd,
--
2.25.4
2.33.1
From ff1b225493ede3d43cfad571770dacb73f75ec42 Mon Sep 17 00:00:00 2001
From 992d38fa35c01f2f0bdb39d387fa29e8eb8d3d37 Mon Sep 17 00:00:00 2001
From: Isaac Boukris <iboukris@gmail.com>
Date: Fri, 27 Sep 2019 18:35:30 +0300
Subject: [PATCH 5/7] krb5-mit: enable S4U client support for MIT build
Subject: [PATCH 2/3] krb5-mit: enable S4U client support for MIT build
Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
@ -375,13 +347,13 @@ Pair-Programmed-With: Andreas Schneider <asn@samba.org>
lib/krb5_wrap/krb5_samba.c | 185 ++++++++++++++++++++++++++
lib/krb5_wrap/krb5_samba.h | 2 -
source4/auth/kerberos/kerberos_util.c | 11 --
4 files changed, 185 insertions(+), 14 deletions(-)
3 files changed, 185 insertions(+), 13 deletions(-)
diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c
index 20ce86c708d..e72ab3c30f7 100644
index fff5b4e2a22..791b417d5ba 100644
--- a/lib/krb5_wrap/krb5_samba.c
+++ b/lib/krb5_wrap/krb5_samba.c
@@ -2568,6 +2568,191 @@ krb5_error_code smb_krb5_kinit_s4u2_ccache(krb5_context ctx,
@@ -2694,6 +2694,191 @@ krb5_error_code smb_krb5_kinit_s4u2_ccache(krb5_context ctx,
return 0;
}
@ -574,7 +546,7 @@ index 20ce86c708d..e72ab3c30f7 100644
#if !defined(HAVE_KRB5_MAKE_PRINCIPAL) && defined(HAVE_KRB5_BUILD_PRINCIPAL_ALLOC_VA)
diff --git a/lib/krb5_wrap/krb5_samba.h b/lib/krb5_wrap/krb5_samba.h
index ca9a893e4f7..3264ce5eb3b 100644
index eab67f6d969..b5385c69a33 100644
--- a/lib/krb5_wrap/krb5_samba.h
+++ b/lib/krb5_wrap/krb5_samba.h
@@ -252,7 +252,6 @@ krb5_error_code smb_krb5_kinit_password_ccache(krb5_context ctx,
@ -639,14 +611,13 @@ index 544d9d853cc..c14d8c72d8c 100644
ret = smb_krb5_kinit_password_ccache(smb_krb5_context->krb5_context,
ccache,
--
2.25.4
2.33.1
From cf1b9bdc09180d68e2b30258839d2f78b7af9c62 Mon Sep 17 00:00:00 2001
From f1951b501ca0fb3e613f04437c99dc1bbf204609 Mon Sep 17 00:00:00 2001
From: Isaac Boukris <iboukris@gmail.com>
Date: Sat, 19 Sep 2020 14:16:20 +0200
Subject: [PATCH 7/7] wip: for canonicalization with new MIT kdc code
Subject: [PATCH 3/3] wip: for canonicalization with new MIT kdc code
---
source4/heimdal/lib/hdb/hdb.h | 1 +
@ -656,7 +627,7 @@ Subject: [PATCH 7/7] wip: for canonicalization with new MIT kdc code
4 files changed, 11 insertions(+), 2 deletions(-)
diff --git a/source4/heimdal/lib/hdb/hdb.h b/source4/heimdal/lib/hdb/hdb.h
index 6a09ecb6fe1..bc5211fef35 100644
index 5ef9d9565f3..dafaffc6c2d 100644
--- a/source4/heimdal/lib/hdb/hdb.h
+++ b/source4/heimdal/lib/hdb/hdb.h
@@ -63,6 +63,7 @@ enum hdb_lockop{ HDB_RLOCK, HDB_WLOCK };
@ -668,7 +639,7 @@ index 6a09ecb6fe1..bc5211fef35 100644
/* hdb_capability_flags */
#define HDB_CAP_F_HANDLE_ENTERPRISE_PRINCIPAL 1
diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c
index a560a1cd84b..c27b6a8ef4c 100644
index aff74f2ee71..d16b4c3329a 100644
--- a/source4/kdc/db-glue.c
+++ b/source4/kdc/db-glue.c
@@ -916,17 +916,21 @@ static krb5_error_code samba_kdc_message2entry(krb5_context context,
@ -696,10 +667,10 @@ index a560a1cd84b..c27b6a8ef4c 100644
ret = smb_krb5_make_principal(context, &entry_ex->entry.principal, lpcfg_realm(lp_ctx), samAccountName, NULL);
if (ret) {
diff --git a/source4/kdc/mit_samba.c b/source4/kdc/mit_samba.c
index f23327c9613..4084e893cc2 100644
index acc3cba6254..f0b9df8b613 100644
--- a/source4/kdc/mit_samba.c
+++ b/source4/kdc/mit_samba.c
@@ -198,6 +198,9 @@ int mit_samba_get_principal(struct mit_samba_context *ctx,
@@ -224,6 +224,9 @@ int mit_samba_get_principal(struct mit_samba_context *ctx,
if (kflags & KRB5_KDB_FLAG_CANONICALIZE) {
sflags |= SDB_F_CANON;
}
@ -722,5 +693,5 @@ index c929acccce6..a9115ec23d7 100644
void sdb_free_entry(struct sdb_entry_ex *e);
void free_sdb_entry(struct sdb_entry *s);
--
2.25.4
2.33.1

View File

@ -15,6 +15,9 @@
# ctdb is enabled by default, you can disable it with: --without clustering
%bcond_without clustering
# Define _make_verbose if it doesn't exist (RHEL8)
%{!?_make_verbose:%define _make_verbose V=1 VERBOSE=1}
# Build with Active Directory Domain Controller support by default on Fedora
%if 0%{?fedora}
%bcond_without dc
@ -42,24 +45,27 @@
%bcond_without winexe
%endif
# Build vfs_ceph module by default on 64bit Fedora
# Build vfs_ceph module and ctdb cepth mutex helper by default on 64bit Fedora
%if 0%{?fedora}
%ifarch aarch64 ppc64le s390x x86_64
%bcond_without vfs_cephfs
%bcond_without ceph_mutex
%else
%bcond_with vfs_cephfs
%bcond_with ceph_mutex
#endifarch
%endif
%else
%bcond_with vfs_cephfs
%bcond_with ceph_mutex
#endif fedora
%endif
# Build vfs_gluster module by default on 64bit Fedora
%global is_rhgs 0
%if "%{dist}" == ".el8rhgs" || "%{dist}" == ".el9rhgs"
%if "%{dist}" == ".el8rhgs" || "%{dist}" == ".el9rhgs"
%global is_rhgs 1
%endif
@ -106,15 +112,29 @@
#endif fedora || rhel >= 8
%endif
# Build the ctdb-pcp-pmda package by default on Fedora
%if 0%{?fedora}
%bcond_without pcp_pmda
%else
%bcond_with pcp_pmda
%endif
# Build the etcd helpers by default on Fedora
%if 0%{?fedora}
%bcond_without etcd_mutex
%else
%bcond_with etcd_mutex
%endif
%define samba_requires_eq() %(LC_ALL="C" echo '%*' | xargs -r rpm -q --qf 'Requires: %%{name} = %%{epoch}:%%{version}\\n' | sed -e 's/ (none):/ /' -e 's/ 0:/ /' | grep -v "is not")
%global baserelease 103
%global baserelease 3
%global samba_version 4.14.5
%global talloc_version 2.3.2
%global tdb_version 1.4.3
%global tevent_version 0.10.2
%global ldb_version 2.3.0
%global samba_version 4.15.2
%global talloc_version 2.3.3
%global tdb_version 1.4.4
%global tevent_version 0.11.0
%global ldb_version 2.4.1
# This should be rc1 or nil
%global pre_release %nil
@ -178,6 +198,12 @@ Source14: samba.pamd
Source201: README.downgrade
Patch0: samba-s4u.patch
Patch1: samba-ctdb-etcd-reclock.patch
Patch2: samba-4.15.1-winexe.patch
Patch3: samba-4.15-fix-winbind-no-trusted-domain.patch
Patch4: samba-4.15-logfile.patch
Patch5: samba-4.15.2-smbclient_anonymous.patch
Patch6: samba-4.15-ipa-dc-schannel.patch
Requires(pre): /usr/sbin/groupadd
Requires(post): systemd
@ -285,6 +311,16 @@ BuildRequires: libcephfs-devel
BuildRequires: liburing-devel >= 0.4
%endif
%if %{with pcp_pmda}
BuildRequires: pcp-libs-devel
%endif
%if %{with ceph_mutex}
BuildRequires: librados-devel
%endif
%if %{with etcd_mutex}
BuildRequires: python3-etcd
%endif
%if %{with dc} || %{with testsuite}
# Add python3-iso8601 to avoid that the
# version in Samba is being packaged
@ -314,9 +350,13 @@ BuildRequires: python3-tdb >= %{tdb_version}
BuildRequires: libldb-devel >= %{ldb_version}
BuildRequires: python3-ldb >= %{ldb_version}
BuildRequires: python3-ldb-devel >= %{ldb_version}
%else
%endif
%if %{with includelibs} || %{with testsuite}
# lmdb-devel is required for the mdb ldb module, if samba is configured
# to build includelibs we need lmdb-devel for building that module on our own
BuildRequires: lmdb-devel
#endif without testsuite
#endif without includelibs
%endif
%if %{with dc} || %{with testsuite}
@ -326,6 +366,7 @@ BuildRequires: ldb-tools
BuildRequires: python3-gpg
BuildRequires: python3-markdown
BuildRequires: python3-setproctitle
BuildRequires: python3-cryptography
BuildRequires: tdb-tools
%endif
@ -423,7 +464,7 @@ Obsoletes: ctdb-tests-debuginfo < %{samba_depver}
# endif with clustering
%endif
# If only build glusterfs for RHGS and Fedora, so obsolete it on other version
# We only build glusterfs for RHGS and Fedora, so obsolete it on other versions
# of the distro
%if %{without vfs_glusterfs}
Obsoletes: samba-vfs-glusterfs < %{samba_depver}
@ -444,6 +485,15 @@ Requires: samba-libs = %{samba_depver}
Requires: libwbclient = %{samba_depver}
%endif
# samba-tool needs python3-samba
Requires: python3-%{name} = %{samba_depver}
# samba-tool needs tdbbackup
Requires: tdb-tools
%if %{with dc}
# samba-tool needs mdb_copy for domain backup or upgrade provision
Requires: lmdb
%endif
Provides: bundled(libreplace)
%description common-tools
@ -465,10 +515,6 @@ Requires(post): libwbclient = %{samba_depver}
Requires: libwbclient = %{samba_depver}
%endif
# samba-tool needs tdbbackup
Requires: tdb-tools
# samba-tool needs mdb_copy
Requires: lmdb
Requires: ldb-tools
Requires: python3-setproctitle
# Force using libldb version to be the same as build version
@ -704,7 +750,7 @@ Summary: Samba python devel files
Requires: python3-%{name} = %{samba_depver}
%description -n python3-%{name}-devel
The python3-%{name}-devel package contains the Python 3 defel files.
The python3-%{name}-devel package contains the Python 3 devel files.
%package -n python3-samba-test
Summary: Samba Python libraries
@ -806,7 +852,6 @@ Requires(post): %{name}-client-libs = %{samba_depver}
Requires: %{name}-libs = %{samba_depver}
Requires(post): %{name}-libs = %{samba_depver}
Requires: %{name}-winbind-modules = %{samba_depver}
Requires(post): %{name}-winbind-modules = %{samba_depver}
%if %{with libwbclient}
Requires(post): libwbclient = %{samba_depver}
@ -965,6 +1010,45 @@ and use CTDB instead.
#endif with testsuite
%endif
%if %{with pcp_pmda}
%package -n ctdb-pcp-pmda
Summary: CTDB PCP pmda support
Requires: ctdb = %{samba_depver}
Requires: pcp-libs
%description -n ctdb-pcp-pmda
Performance Co-Pilot (PCP) support for CTDB
#endif with pcp_pmda
%endif
%if %{with etcd_mutex}
%package -n ctdb-etcd-mutex
Summary: CTDB ETCD mutex helper
Requires: ctdb = %{samba_depver}
Requires: python3-etcd
%description -n ctdb-etcd-mutex
Support for using an existing ETCD cluster as a mutex helper for CTDB
#endif with etcd_mutex
%endif
%if %{with ceph_mutex}
%package -n ctdb-ceph-mutex
Summary: CTDB ceph mutex helper
Requires: ctdb = %{samba_depver}
%description -n ctdb-ceph-mutex
Support for using an existing CEPH cluster as a mutex helper for CTDB
#endif with ceph_mutex
%endif
#endif with clustering
%endif
@ -1054,9 +1138,19 @@ export LDFLAGS="%{__global_ldflags} -fuse-ld=gold"
%endif
%if %{with testsuite}
--enable-selftest \
%endif
%if %{with pcp_pmda}
--enable-pmda \
%endif
%if %{with ceph_mutex}
--enable-ceph-reclock \
%endif
%if %{with etcd_mutex}
--enable-etcd-reclock \
%endif
--with-profiling-data \
--with-systemd \
--with-quotas \
--systemd-install-services \
--with-systemddir=/usr/lib/systemd/system \
--systemd-smb-extra=%{_systemd_extra} \
@ -1074,7 +1168,8 @@ pushd pidl
popd
%install
%make_install
# Do not use %%make_install, make is just a wrapper around waf in Samba!
%{__make} %{?_smp_mflags} %{_make_verbose} install DESTDIR=%{buildroot}
install -d -m 0755 %{buildroot}/usr/{sbin,bin}
install -d -m 0755 %{buildroot}%{_libdir}/security
@ -1162,12 +1257,10 @@ touch %{buildroot}%{_libdir}/krb5/plugins/libkrb5/winbind_krb5_locator.so
%if %{without dc} && %{without testsuite}
for i in \
%{_libdir}/samba/libdfs-server-ad-samba4.so \
%{_libdir}/samba/libdnsserver-common-samba4.so \
%{_libdir}/samba/libdsdb-garbage-collect-tombstones-samba4.so \
%{_libdir}/samba/libscavenge-dns-records-samba4.so \
%{_mandir}/man8/samba.8 \
%{_mandir}/man8/samba_downgrade_db.8 \
%{_mandir}/man8/samba-tool.8 \
%{_mandir}/man8/samba-gpupdate.8 \
%{_libdir}/samba/ldb/ildap.so \
%{_libdir}/samba/ldb/ldbsamba_extensions.so \
@ -1518,6 +1611,8 @@ fi
%{_libdir}/samba/vfs/nfs4acl_xattr.so
%endif
%{_libexecdir}/samba/samba-bgqd
%dir %{_datadir}/samba
%dir %{_datadir}/samba/mdssvc
%{_datadir}/samba/mdssvc/elasticsearch_mappings.json
@ -1529,6 +1624,7 @@ fi
%config(noreplace) %{_sysconfdir}/pam.d/samba
%{_mandir}/man1/smbstatus.1*
%{_mandir}/man8/eventlogadm.8*
%{_mandir}/man8/samba-bgqd.8*
%{_mandir}/man8/smbd.8*
%{_mandir}/man8/nmbd.8*
%{_mandir}/man8/vfs_acl_tdb.8*
@ -1579,9 +1675,8 @@ fi
%{_bindir}/cifsdd
%{_bindir}/dbwrap_tool
%{_bindir}/dumpmscat
%exclude %{_bindir}/findsmb
%{_bindir}/mvxattr
%{_bindir}/mdfind
%{_bindir}/mdsearch
%{_bindir}/nmblookup
%{_bindir}/oLschema2ldif
%{_bindir}/regdiff
@ -1608,9 +1703,8 @@ fi
%{_mandir}/man1/regpatch.1*
%{_mandir}/man1/regshell.1*
%{_mandir}/man1/regtree.1*
%exclude %{_mandir}/man1/findsmb.1*
%{_mandir}/man1/log2pcap.1*
%{_mandir}/man1/mdfind.1*
%{_mandir}/man1/mdsearch.1*
%{_mandir}/man1/mvxattr.1*
%{_mandir}/man1/rpcclient.1*
%{_mandir}/man1/sharesec.1*
@ -1691,10 +1785,10 @@ fi
%{_libdir}/samba/libclidns-samba4.so
%{_libdir}/samba/libcluster-samba4.so
%{_libdir}/samba/libcmdline-contexts-samba4.so
%{_libdir}/samba/libcmdline-credentials-samba4.so
%{_libdir}/samba/libcommon-auth-samba4.so
%{_libdir}/samba/libctdb-event-client-samba4.so
%{_libdir}/samba/libdbwrap-samba4.so
%{_libdir}/samba/libdcerpc-pkt-auth-samba4.so
%{_libdir}/samba/libdcerpc-samba-samba4.so
%{_libdir}/samba/libevents-samba4.so
%{_libdir}/samba/libflag-mapping-samba4.so
@ -1749,7 +1843,6 @@ fi
%{_libdir}/samba/libtime-basic-samba4.so
%{_libdir}/samba/libtorture-samba4.so
%{_libdir}/samba/libtrusts-util-samba4.so
%{_libdir}/samba/libutil-cmdline-samba4.so
%{_libdir}/samba/libutil-reg-samba4.so
%{_libdir}/samba/libutil-setid-samba4.so
%{_libdir}/samba/libutil-tdb-samba4.so
@ -1775,7 +1868,7 @@ fi
%{_libdir}/samba/ldb/asq.so
%{_libdir}/samba/ldb/ldb.so
#%%{_libdir}/samba/ldb/mdb.so
%{_libdir}/samba/ldb/mdb.so
%{_libdir}/samba/ldb/paged_searches.so
%{_libdir}/samba/ldb/rdn_name.so
%{_libdir}/samba/ldb/sample.so
@ -1813,8 +1906,7 @@ fi
### COMMON-libs
%files common-libs
# common libraries
%{_libdir}/samba/libpopt-samba3-cmdline-samba4.so
%{_libdir}/samba/libpopt-samba3-samba4.so
%{_libdir}/samba/libcmdline-samba4.so
%dir %{_libdir}/samba/ldb
@ -1827,6 +1919,7 @@ fi
%{_bindir}/net
%{_bindir}/pdbedit
%{_bindir}/profiles
%{_bindir}/samba-tool
%{_bindir}/smbcontrol
%{_bindir}/smbpasswd
%{_bindir}/testparm
@ -1835,13 +1928,13 @@ fi
%{_mandir}/man1/testparm.1*
%{_mandir}/man8/net.8*
%{_mandir}/man8/pdbedit.8*
%{_mandir}/man8/samba-tool.8*
%{_mandir}/man8/smbpasswd.8*
### DC
%if %{with dc} || %{with testsuite}
%files dc
%{_unitdir}/samba.service
%{_bindir}/samba-tool
%{_sbindir}/samba
%{_sbindir}/samba_dnsupdate
%{_sbindir}/samba_downgrade_db
@ -1909,7 +2002,6 @@ fi
%{_mandir}/man8/samba.8*
%{_mandir}/man8/samba_downgrade_db.8*
%{_mandir}/man8/samba-gpupdate.8*
%{_mandir}/man8/samba-tool.8*
%dir %{_datadir}/samba/admx
%{_datadir}/samba/admx/samba.admx
%dir %{_datadir}/samba/admx/en-US
@ -1952,7 +2044,6 @@ fi
%endif
%{_libdir}/libdcerpc-server.so.*
%{_libdir}/samba/libdnsserver-common-samba4.so
%{_libdir}/samba/libdsdb-module-samba4.so
%{_libdir}/samba/libdsdb-garbage-collect-tombstones-samba4.so
%{_libdir}/samba/libscavenge-dns-records-samba4.so
@ -1961,8 +2052,6 @@ fi
%files dc-bind-dlz
%attr(770,root,named) %dir /var/lib/samba/bind-dns
%dir %{_libdir}/samba/bind9
%{_libdir}/samba/bind9/dlz_bind9.so
%{_libdir}/samba/bind9/dlz_bind9_9.so
%{_libdir}/samba/bind9/dlz_bind9_10.so
%{_libdir}/samba/bind9/dlz_bind9_11.so
%{_libdir}/samba/bind9/dlz_bind9_12.so
@ -2136,6 +2225,7 @@ fi
%{_libdir}/samba/libauth4-samba4.so
%{_libdir}/samba/libauth-unix-token-samba4.so
%{_libdir}/samba/libdcerpc-samba4.so
%{_libdir}/samba/libdnsserver-common-samba4.so
%{_libdir}/samba/libshares-samba4.so
%{_libdir}/samba/libsmbpasswdparser-samba4.so
%{_libdir}/samba/libxattr-tdb-samba4.so
@ -2230,6 +2320,7 @@ fi
%{python3_sitearch}/samba/__pycache__/getopt.*.pyc
%{python3_sitearch}/samba/__pycache__/gpclass.*.pyc
%{python3_sitearch}/samba/__pycache__/gp_ext_loader.*.pyc
%{python3_sitearch}/samba/__pycache__/gp_gnome_settings_ext.*.pyc
%{python3_sitearch}/samba/__pycache__/gp_msgs_ext.*.pyc
%{python3_sitearch}/samba/__pycache__/gp_scripts_ext.*.pyc
%{python3_sitearch}/samba/__pycache__/gp_sec_ext.*.pyc
@ -2252,7 +2343,14 @@ fi
%{python3_sitearch}/samba/__pycache__/trust_utils.*.pyc
%{python3_sitearch}/samba/__pycache__/upgrade.*.pyc
%{python3_sitearch}/samba/__pycache__/upgradehelpers.*.pyc
%{python3_sitearch}/samba/__pycache__/vgp_access_ext.*.pyc
%{python3_sitearch}/samba/__pycache__/vgp_files_ext.*.pyc
%{python3_sitearch}/samba/__pycache__/vgp_issue_ext.*.pyc
%{python3_sitearch}/samba/__pycache__/vgp_motd_ext.*.pyc
%{python3_sitearch}/samba/__pycache__/vgp_openssh_ext.*.pyc
%{python3_sitearch}/samba/__pycache__/vgp_startup_scripts_ext.*.pyc
%{python3_sitearch}/samba/__pycache__/vgp_sudoers_ext.*.pyc
%{python3_sitearch}/samba/__pycache__/vgp_symlink_ext.*.pyc
%{python3_sitearch}/samba/__pycache__/xattr.*.pyc
%{python3_sitearch}/samba/_glue.*.so
%{python3_sitearch}/samba/_ldb.*.so
@ -2281,6 +2379,7 @@ fi
%{python3_sitearch}/samba/dcerpc/idmap.*.so
%{python3_sitearch}/samba/dcerpc/initshutdown.*.so
%{python3_sitearch}/samba/dcerpc/irpc.*.so
%{python3_sitearch}/samba/dcerpc/krb5ccache.*.so
%{python3_sitearch}/samba/dcerpc/krb5pac.*.so
%{python3_sitearch}/samba/dcerpc/lsa.*.so
%{python3_sitearch}/samba/dcerpc/messaging.*.so
@ -2309,9 +2408,12 @@ fi
%{python3_sitearch}/samba/descriptor.py
%{python3_sitearch}/samba/dnsresolver.py
%{python3_sitearch}/samba/drs_utils.py
%{python3_sitearch}/samba/dsdb.*.so
%{python3_sitearch}/samba/dsdb_dns.*.so
%{python3_sitearch}/samba/gensec.*.so
%{python3_sitearch}/samba/getopt.py
%{python3_sitearch}/samba/gpclass.py
%{python3_sitearch}/samba/gp_gnome_settings_ext.py
%{python3_sitearch}/samba/gp_scripts_ext.py
%{python3_sitearch}/samba/gp_sec_ext.py
%{python3_sitearch}/samba/gpo.*.so
@ -2322,6 +2424,7 @@ fi
%{python3_sitearch}/samba/messaging.*.so
%{python3_sitearch}/samba/ndr.py
%{python3_sitearch}/samba/net.*.so
%{python3_sitearch}/samba/net_s3.*.so
%{python3_sitearch}/samba/ntstatus.*.so
%{python3_sitearch}/samba/posix_eadb.*.so
%dir %{python3_sitearch}/samba/emulate
@ -2444,7 +2547,14 @@ fi
%{python3_sitearch}/samba/trust_utils.py
%{python3_sitearch}/samba/upgrade.py
%{python3_sitearch}/samba/upgradehelpers.py
%{python3_sitearch}/samba/vgp_access_ext.py
%{python3_sitearch}/samba/vgp_files_ext.py
%{python3_sitearch}/samba/vgp_issue_ext.py
%{python3_sitearch}/samba/vgp_motd_ext.py
%{python3_sitearch}/samba/vgp_openssh_ext.py
%{python3_sitearch}/samba/vgp_startup_scripts_ext.py
%{python3_sitearch}/samba/vgp_sudoers_ext.py
%{python3_sitearch}/samba/vgp_symlink_ext.py
%{python3_sitearch}/samba/werror.*.so
%{python3_sitearch}/samba/xattr.py
%{python3_sitearch}/samba/xattr_native.*.so
@ -2491,8 +2601,6 @@ fi
%{python3_sitearch}/samba/dcerpc/dnsserver.*.so
%{python3_sitearch}/samba/dckeytab.*.so
%{python3_sitearch}/samba/dsdb.*.so
%{python3_sitearch}/samba/dsdb_dns.*.so
%{python3_sitearch}/samba/domain_update.py
%{python3_sitearch}/samba/forest_update.py
%{python3_sitearch}/samba/ms_forest_updates_markdown.py
@ -2559,6 +2667,7 @@ fi
%{python3_sitearch}/samba/tests/__pycache__/cred_opt.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/dckeytab.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/dns.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/dns_aging.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/dns_base.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/dns_forwarder.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/dns_invalid.*.pyc
@ -2566,6 +2675,8 @@ fi
%{python3_sitearch}/samba/tests/__pycache__/dns_tkey.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/dns_wildcard.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/dsdb.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/dsdb_api.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/dsdb_dns.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/dsdb_lock.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/dsdb_schema_attributes.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/docs.*.pyc
@ -2577,17 +2688,22 @@ fi
%{python3_sitearch}/samba/tests/__pycache__/getdcname.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/glue.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/gpo.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/gpo_member.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/graph.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/group_audit.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/hostconfig.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/imports.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/join.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/krb5_credentials.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/ldap_raw.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/ldap_referrals.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/ldap_spn.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/ldap_upn_sam_account.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/loadparm.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/libsmb.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/lsa_string.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/messaging.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/ndr.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/netbios.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/netcmd.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/net_join_no_spnego.*.pyc
@ -2623,10 +2739,12 @@ fi
%{python3_sitearch}/samba/tests/__pycache__/s3passdb.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/s3registry.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/s3windb.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/s3_net_join.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/samba_upgradedns_lmdb.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/samba3sam.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/samdb.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/samdb_api.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/sddl.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/security.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/segfault.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/smb.*.pyc
@ -2661,7 +2779,7 @@ fi
%{python3_sitearch}/samba/tests/blackbox/__pycache__/bug13653.*.pyc
%{python3_sitearch}/samba/tests/blackbox/__pycache__/check_output.*.pyc
%{python3_sitearch}/samba/tests/blackbox/__pycache__/downgradedatabase.*.pyc
%{python3_sitearch}/samba/tests/blackbox/__pycache__/mdfind.*.pyc
%{python3_sitearch}/samba/tests/blackbox/__pycache__/mdsearch.*.pyc
%{python3_sitearch}/samba/tests/blackbox/__pycache__/ndrdump.*.pyc
%{python3_sitearch}/samba/tests/blackbox/__pycache__/netads_json.*.pyc
%{python3_sitearch}/samba/tests/blackbox/__pycache__/samba_dnsupdate.*.pyc
@ -2677,7 +2795,7 @@ fi
%{python3_sitearch}/samba/tests/blackbox/bug13653.py
%{python3_sitearch}/samba/tests/blackbox/check_output.py
%{python3_sitearch}/samba/tests/blackbox/downgradedatabase.py
%{python3_sitearch}/samba/tests/blackbox/mdfind.py
%{python3_sitearch}/samba/tests/blackbox/mdsearch.py
%{python3_sitearch}/samba/tests/blackbox/ndrdump.py
%{python3_sitearch}/samba/tests/blackbox/netads_json.py
%{python3_sitearch}/samba/tests/blackbox/samba_dnsupdate.py
@ -2705,6 +2823,7 @@ fi
%{python3_sitearch}/samba/tests/dcerpc/__pycache__/binding.*.pyc
%{python3_sitearch}/samba/tests/dcerpc/__pycache__/dnsserver.*.pyc
%{python3_sitearch}/samba/tests/dcerpc/__pycache__/integer.*.pyc
%{python3_sitearch}/samba/tests/dcerpc/__pycache__/lsa.*.pyc
%{python3_sitearch}/samba/tests/dcerpc/__pycache__/mdssvc.*.pyc
%{python3_sitearch}/samba/tests/dcerpc/__pycache__/misc.*.pyc
%{python3_sitearch}/samba/tests/dcerpc/__pycache__/raw_protocol.*.pyc
@ -2724,6 +2843,7 @@ fi
%{python3_sitearch}/samba/tests/dcerpc/createtrustrelax.py
%{python3_sitearch}/samba/tests/dcerpc/dnsserver.py
%{python3_sitearch}/samba/tests/dcerpc/integer.py
%{python3_sitearch}/samba/tests/dcerpc/lsa.py
%{python3_sitearch}/samba/tests/dcerpc/mdssvc.py
%{python3_sitearch}/samba/tests/dcerpc/misc.py
%{python3_sitearch}/samba/tests/dcerpc/raw_protocol.py
@ -2739,6 +2859,7 @@ fi
%{python3_sitearch}/samba/tests/dcerpc/unix.py
%{python3_sitearch}/samba/tests/dckeytab.py
%{python3_sitearch}/samba/tests/dns.py
%{python3_sitearch}/samba/tests/dns_aging.py
%{python3_sitearch}/samba/tests/dns_base.py
%{python3_sitearch}/samba/tests/dns_forwarder.py
%dir %{python3_sitearch}/samba/tests/dns_forwarder_helpers
@ -2749,6 +2870,8 @@ fi
%{python3_sitearch}/samba/tests/dns_tkey.py
%{python3_sitearch}/samba/tests/dns_wildcard.py
%{python3_sitearch}/samba/tests/dsdb.py
%{python3_sitearch}/samba/tests/dsdb_api.py
%{python3_sitearch}/samba/tests/dsdb_dns.py
%{python3_sitearch}/samba/tests/dsdb_lock.py
%{python3_sitearch}/samba/tests/dsdb_schema_attributes.py
%{python3_sitearch}/samba/tests/docs.py
@ -2768,9 +2891,11 @@ fi
%{python3_sitearch}/samba/tests/get_opt.py
%{python3_sitearch}/samba/tests/glue.py
%{python3_sitearch}/samba/tests/gpo.py
%{python3_sitearch}/samba/tests/gpo_member.py
%{python3_sitearch}/samba/tests/graph.py
%{python3_sitearch}/samba/tests/group_audit.py
%{python3_sitearch}/samba/tests/hostconfig.py
%{python3_sitearch}/samba/tests/imports.py
%{python3_sitearch}/samba/tests/join.py
%dir %{python3_sitearch}/samba/tests/kcc
%{python3_sitearch}/samba/tests/kcc/__init__.py
@ -2786,37 +2911,64 @@ fi
%{python3_sitearch}/samba/tests/kcc/ldif_import_export.py
%dir %{python3_sitearch}/samba/tests/krb5
%dir %{python3_sitearch}/samba/tests/krb5/__pycache__
%{python3_sitearch}/samba/tests/krb5/__pycache__/alias_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/as_canonicalization_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/as_req_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/compatability_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/fast_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/kcrypto.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/kdc_base_test.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/kdc_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/kdc_tgs_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/ms_kile_client_principal_lookup_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/raw_testcase.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/rfc4120_constants.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/rfc4120_pyasn1.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/rodc_tests*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/salt_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/simple_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/spn_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/s4u_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/test_ccache.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/test_ldap.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/test_min_domain_uid.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/test_rpc.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/test_smb.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/xrealm_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/alias_tests.py
%{python3_sitearch}/samba/tests/krb5/as_canonicalization_tests.py
%{python3_sitearch}/samba/tests/krb5/as_req_tests.py
%{python3_sitearch}/samba/tests/krb5/compatability_tests.py
%{python3_sitearch}/samba/tests/krb5/fast_tests.py
%{python3_sitearch}/samba/tests/krb5/kcrypto.py
%{python3_sitearch}/samba/tests/krb5/kdc_base_test.py
%{python3_sitearch}/samba/tests/krb5/kdc_tests.py
%{python3_sitearch}/samba/tests/krb5/kdc_tgs_tests.py
%{python3_sitearch}/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py
%{python3_sitearch}/samba/tests/krb5/raw_testcase.py
%{python3_sitearch}/samba/tests/krb5/rfc4120_constants.py
%{python3_sitearch}/samba/tests/krb5/rfc4120_pyasn1.py
%{python3_sitearch}/samba/tests/krb5/rodc_tests.py
%{python3_sitearch}/samba/tests/krb5/salt_tests.py
%{python3_sitearch}/samba/tests/krb5/simple_tests.py
%{python3_sitearch}/samba/tests/krb5/spn_tests.py
%{python3_sitearch}/samba/tests/krb5/test_ccache.py
%{python3_sitearch}/samba/tests/krb5/test_ldap.py
%{python3_sitearch}/samba/tests/krb5/test_min_domain_uid.py
%{python3_sitearch}/samba/tests/krb5/test_rpc.py
%{python3_sitearch}/samba/tests/krb5/test_smb.py
%{python3_sitearch}/samba/tests/krb5/s4u_tests.py
%{python3_sitearch}/samba/tests/krb5/xrealm_tests.py
%{python3_sitearch}/samba/tests/krb5_credentials.py
%{python3_sitearch}/samba/tests/ldap_raw.py
%{python3_sitearch}/samba/tests/ldap_referrals.py
%{python3_sitearch}/samba/tests/ldap_spn.py
%{python3_sitearch}/samba/tests/ldap_upn_sam_account.py
%{python3_sitearch}/samba/tests/libsmb.py
%{python3_sitearch}/samba/tests/loadparm.py
%{python3_sitearch}/samba/tests/lsa_string.py
%{python3_sitearch}/samba/tests/messaging.py
%{python3_sitearch}/samba/tests/ndr.py
%{python3_sitearch}/samba/tests/netbios.py
%{python3_sitearch}/samba/tests/netcmd.py
%{python3_sitearch}/samba/tests/net_join_no_spnego.py
@ -2852,6 +3004,7 @@ fi
%{python3_sitearch}/samba/tests/s3passdb.py
%{python3_sitearch}/samba/tests/s3registry.py
%{python3_sitearch}/samba/tests/s3windb.py
%{python3_sitearch}/samba/tests/s3_net_join.py
%{python3_sitearch}/samba/tests/samba3sam.py
%{python3_sitearch}/samba/tests/samba_upgradedns_lmdb.py
%dir %{python3_sitearch}/samba/tests/samba_tool
@ -2868,6 +3021,7 @@ fi
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/forest.*.pyc
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/fsmo.*.pyc
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/gpo.*.pyc
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/gpo_exts.*.pyc
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/group.*.pyc
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/help.*.pyc
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/join.*.pyc
@ -2879,6 +3033,7 @@ fi
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/promote_dc_lmdb_size.*.pyc
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/provision_lmdb_size.*.pyc
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/provision_password_check.*.pyc
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/provision_userPassword_crypt.*.pyc
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/rodc.*.pyc
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/schema.*.pyc
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/sites.*.pyc
@ -2902,6 +3057,7 @@ fi
%{python3_sitearch}/samba/tests/samba_tool/forest.py
%{python3_sitearch}/samba/tests/samba_tool/fsmo.py
%{python3_sitearch}/samba/tests/samba_tool/gpo.py
%{python3_sitearch}/samba/tests/samba_tool/gpo_exts.py
%{python3_sitearch}/samba/tests/samba_tool/group.py
%{python3_sitearch}/samba/tests/samba_tool/help.py
%{python3_sitearch}/samba/tests/samba_tool/join.py
@ -2913,6 +3069,7 @@ fi
%{python3_sitearch}/samba/tests/samba_tool/promote_dc_lmdb_size.py
%{python3_sitearch}/samba/tests/samba_tool/provision_lmdb_size.py
%{python3_sitearch}/samba/tests/samba_tool/provision_password_check.py
%{python3_sitearch}/samba/tests/samba_tool/provision_userPassword_crypt.py
%{python3_sitearch}/samba/tests/samba_tool/rodc.py
%{python3_sitearch}/samba/tests/samba_tool/schema.py
%{python3_sitearch}/samba/tests/samba_tool/sites.py
@ -2928,6 +3085,7 @@ fi
%{python3_sitearch}/samba/tests/samba_tool/visualize_drs.py
%{python3_sitearch}/samba/tests/samdb.py
%{python3_sitearch}/samba/tests/samdb_api.py
%{python3_sitearch}/samba/tests/sddl.py
%{python3_sitearch}/samba/tests/security.py
%{python3_sitearch}/samba/tests/segfault.py
%{python3_sitearch}/samba/tests/smb.py
@ -3071,6 +3229,7 @@ fi
%{_libexecdir}/ctdb/ctdb_recovery_helper
%{_libexecdir}/ctdb/ctdb_takeover_helper
%{_libexecdir}/ctdb/smnotify
%{_libexecdir}/ctdb/tdb_mutex_check
%dir %{_localstatedir}/lib/ctdb/
%dir %{_localstatedir}/lib/ctdb/persistent
@ -3901,6 +4060,33 @@ fi
#endif with selftest
%endif
%if %{with pcp_pmda}
%files -n ctdb-pcp-pmda
%dir %{_localstatedir}/lib/pcp/pmdas/ctdb
%{_localstatedir}/lib/pcp/pmdas/ctdb/Install
%{_localstatedir}/lib/pcp/pmdas/ctdb/README
%{_localstatedir}/lib/pcp/pmdas/ctdb/Remove
%{_localstatedir}/lib/pcp/pmdas/ctdb/domain.h
%{_localstatedir}/lib/pcp/pmdas/ctdb/help
%{_localstatedir}/lib/pcp/pmdas/ctdb/pmdactdb
%{_localstatedir}/lib/pcp/pmdas/ctdb/pmns
#endif with pcp_pmda
%endif
%if %{with etcd_mutex}
%files -n ctdb-etcd-mutex
%{_libexecdir}/ctdb/ctdb_etcd_lock
%{_mandir}/man7/ctdb-etcd.7.gz
#endif with etcd_mutex
%endif
%if %{with ceph_mutex}
%files -n ctdb-ceph-mutex
%{_libexecdir}/ctdb/ctdb_mutex_ceph_rados_helper
%{_mandir}/man7/ctdb_mutex_ceph_rados_helper.7.gz
#endif with ceph_mutex
%endif
#endif with clustering
%endif
@ -3912,6 +4098,21 @@ fi
%endif
%changelog
* Fri Dec 03 2021 Andreas Schneider <asn@redhat.com> - 4.15.2-3
- related: rhbz#2013578 - Remove unneeded lmdb dependency
* Wed Dec 01 2021 Pavel Filipenský <pfilipen@redhat.com> - 4.15.2-2
- resolves: rhbz#2019675 - Fix CVE-2020-25717
* Wed Dec 01 2021 Pavel Filipenský <pfilipen@redhat.com> - 4.15.2-2
- resolves: rhbz#2019669 - Fix CVE-2021-23192
* Wed Dec 01 2021 Pavel Filipenský <pfilipen@redhat.com> - 4.15.2-2
- resolves: rhbz#2019663 - Fix CVE-2016-2124
* Mon Nov 29 2021 Pavel Filipenský <pfilipen@redhat.com> - 4.15.2-1
- resolves: rhbz#2013578 - Rebase to Samba 4.15.2
* Tue Aug 31 2021 Andreas Schneider <asn@redhat.com> - 4.14.5-103
- resolves: rhbz#1980356 - Fix winbind restart on package upgrade