Update to Samba 4.8.0rc4

Guenther

.gitignore

@@ -117,3 +117,5 @@ samba-3.6.0pre1.tar.gz
 /samba-4.8.0rc2.tar.asc
 /samba-4.8.0rc3.tar.xz
 /samba-4.8.0rc3.tar.asc
+/samba-4.8.0rc4.tar.xz
+/samba-4.8.0rc4.tar.asc

samba-4.7.0-support-krb5-1.16.patch

@@ -1,135 +0,0 @@
-From f503bac8ac07b58a8377059922e3e56e28fc3e01 Mon Sep 17 00:00:00 2001
-From: Alexander Bokovoy <ab@samba.org>
-Date: Tue, 24 Oct 2017 12:01:39 +0300
-Subject: [PATCH] mit-kdb: support MIT Kerberos 1.16 KDB API changes
-
-MIT Kerberos 1.16 adds ability to audit local and remote addresses
-during AS_REQ processing. As result, audit_as_req callback signature
-was changed to include the addresses and KDB API version was increased.
-
-Change mit-kdb code to properly expose audit_as_req signature KDC
-expects in 1.16 version. Also update #ifdefs to account for the new
-KDB API version.
-
-This commit does not add actual audit of the local and remote IP
-addresses, it only makes it possible to compile against MIT Kerberos
-1.16.
-
-Signed-off-by: Alexander Bokovoy <ab@samba.org>
----
- source4/kdc/mit-kdb/kdb_samba.h            | 13 ++++++++-
- source4/kdc/mit-kdb/kdb_samba_policies.c   | 42 +++++++++++++++++++++---------
- source4/kdc/mit-kdb/kdb_samba_principals.c |  2 +-
- 3 files changed, 42 insertions(+), 15 deletions(-)
-
-diff --git a/source4/kdc/mit-kdb/kdb_samba.h b/source4/kdc/mit-kdb/kdb_samba.h
-index abca2c166ae..b9c571f26cb 100644
---- a/source4/kdc/mit-kdb/kdb_samba.h
-+++ b/source4/kdc/mit-kdb/kdb_samba.h
-@@ -78,7 +78,7 @@ krb5_error_code kdb_samba_db_put_principal(krb5_context context,
- krb5_error_code kdb_samba_db_delete_principal(krb5_context context,
- 					      krb5_const_principal princ);
- 
--#if KRB5_KDB_API_VERSION == 8
-+#if KRB5_KDB_API_VERSION >= 8
- krb5_error_code kdb_samba_db_iterate(krb5_context context,
- 				     char *match_entry,
- 				     int (*func)(krb5_pointer, krb5_db_entry *),
-@@ -148,12 +148,23 @@ krb5_error_code kdb_samba_db_check_allowed_to_delegate(krb5_context context,
- 						       const krb5_db_entry *server,
- 						       krb5_const_principal proxy);
- 
-+#if KRB5_KDB_API_VERSION >= 9
- void kdb_samba_db_audit_as_req(krb5_context kcontext,
- 			       krb5_kdc_req *request,
-+			       const krb5_address *local_addr,
-+			       const krb5_address *remote_addr,
- 			       krb5_db_entry *client,
- 			       krb5_db_entry *server,
- 			       krb5_timestamp authtime,
- 			       krb5_error_code error_code);
-+#else
-+void kdb_samba_db_audit_as_req(krb5_context kcontext,
-+			       krb5_kdc_req *request,
-+			       krb5_db_entry *client,
-+			       krb5_db_entry *server,
-+			       krb5_timestamp authtime,
-+			       krb5_error_code error_code);
-+#endif
- 
- /* from kdb_samba_change_pwd.c */
- 
-diff --git a/source4/kdc/mit-kdb/kdb_samba_policies.c b/source4/kdc/mit-kdb/kdb_samba_policies.c
-index 81140abfd50..de5813bde2f 100644
---- a/source4/kdc/mit-kdb/kdb_samba_policies.c
-+++ b/source4/kdc/mit-kdb/kdb_samba_policies.c
-@@ -432,20 +432,10 @@ done:
- 	return code;
- }
- 
--void kdb_samba_db_audit_as_req(krb5_context context,
--			       krb5_kdc_req *request,
--			       krb5_db_entry *client,
--			       krb5_db_entry *server,
--			       krb5_timestamp authtime,
--			       krb5_error_code error_code)
--{
--	struct mit_samba_context *mit_ctx;
--
--	mit_ctx = ks_get_context(context);
--	if (mit_ctx == NULL) {
--		return;
--	}
- 
-+static void samba_bad_password_count(krb5_db_entry *client,
-+				     krb5_error_code error_code)
-+{
- 	switch (error_code) {
- 	case 0:
- 		mit_samba_zero_bad_password_count(client);
-@@ -456,3 +446,29 @@ void kdb_samba_db_audit_as_req(krb5_context context,
- 		break;
- 	}
- }
-+
-+#if KRB5_KDB_API_VERSION >= 9
-+void kdb_samba_db_audit_as_req(krb5_context context,
-+			       krb5_kdc_req *request,
-+			       const krb5_address *local_addr,
-+			       const krb5_address *remote_addr,
-+			       krb5_db_entry *client,
-+			       krb5_db_entry *server,
-+			       krb5_timestamp authtime,
-+			       krb5_error_code error_code)
-+{
-+	samba_bad_password_count(client, error_code);
-+
-+	/* TODO: perform proper audit logging for addresses */
-+}
-+#else
-+void kdb_samba_db_audit_as_req(krb5_context context,
-+			       krb5_kdc_req *request,
-+			       krb5_db_entry *client,
-+			       krb5_db_entry *server,
-+			       krb5_timestamp authtime,
-+			       krb5_error_code error_code)
-+{
-+	samba_bad_password_count(client, error_code);
-+}
-+#endif
-diff --git a/source4/kdc/mit-kdb/kdb_samba_principals.c b/source4/kdc/mit-kdb/kdb_samba_principals.c
-index 1dbb69b561d..8b67436dc47 100644
---- a/source4/kdc/mit-kdb/kdb_samba_principals.c
-+++ b/source4/kdc/mit-kdb/kdb_samba_principals.c
-@@ -308,7 +308,7 @@ krb5_error_code kdb_samba_db_delete_principal(krb5_context context,
- 	return KRB5_KDB_DB_INUSE;
- }
- 
--#if KRB5_KDB_API_VERSION == 8
-+#if KRB5_KDB_API_VERSION >= 8
- krb5_error_code kdb_samba_db_iterate(krb5_context context,
- 				     char *match_entry,
- 				     int (*func)(krb5_pointer, krb5_db_entry *),
--- 
-2.13.6
-

samba-4.8.0-ceph.patch

@@ -1,28 +0,0 @@
-From ebae8df5e4b955f235cdeb629e99d32d35766d65 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
-Date: Mon, 15 Jan 2018 23:20:39 +0100
-Subject: [PATCH] FIXME: build: fix libceph-common detection
-
-Guenther
-
-Signed-off-by: Guenther Deschner <gd@samba.org>
----
- source3/wscript | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/source3/wscript b/source3/wscript
-index 0f8fe5452da..4eba0103be8 100644
---- a/source3/wscript
-+++ b/source3/wscript
-@@ -1540,6 +1540,8 @@ main() {
-         conf.env['CPPPATH_CEPHFS'] = Options.options.libcephfs_dir + '/include'
-         conf.env['LIBPATH_CEPHFS'] = Options.options.libcephfs_dir + '/lib'
-         conf.env['LIBPATH_CEPH-COMMON'] = Options.options.libcephfs_dir + '/lib/ceph'
-+    else:
-+        conf.env['LIBPATH_CEPH-COMMON'] = Options.options.LIBDIR + '/ceph'
- 
-     if (Options.options.with_cephfs and
-         conf.CHECK_HEADERS('cephfs/libcephfs.h', False, False, 'cephfs') and
--- 
-2.14.3
-

samba.spec

@@ -6,15 +6,15 @@
 # ctdb is enabled by default, you can disable it with: --without clustering
 %bcond_without clustering
 
-%define main_release 4
+%define main_release 5
 
 %define samba_version 4.8.0
 %define talloc_version 2.1.11
 %define tdb_version 1.3.15
-%define tevent_version 0.9.35
+%define tevent_version 0.9.36
-%define ldb_version 1.3.1
+%define ldb_version 1.3.2
 # This should be rc1 or nil
-%define pre_release rc3
+%define pre_release rc4
 
 %if "x%{?pre_release}" != "x"
 %define samba_release 0.%{main_release}.%{pre_release}%{?dist}
@@ -122,9 +122,6 @@ Source14: samba.pamd
 Source200: README.dc
 Source201: README.downgrade
 
-Patch1: samba-4.7.0-support-krb5-1.16.patch
-Patch3: samba-4.8.0-ceph.patch
-
 Requires(pre): /usr/sbin/groupadd
 Requires(post): systemd
 Requires(preun): systemd
@@ -3553,6 +3550,9 @@ fi
 %endif # with_clustering_support
 
 %changelog
+* Fri Mar 02 2018 Guenther Deschner <gdeschner@redhat.com> - 4.8.0rc4-5
+- Update to Samba 4.8.0rc4
+
 * Mon Feb 12 2018 Guenther Deschner <gdeschner@redhat.com> - 4.8.0rc3-4
 - Update to Samba 4.8.0rc3
 

sources

@@ -1,2 +1,2 @@
-SHA512 (samba-4.8.0rc3.tar.xz) = 41c1e1d991316f6b8b53a94129554f7831259ce02cbd21f558d580e6565c4ff27bc63d580f9c58f452ceeb533f5c9e62ec8b194addd94a3190f3c617e456a99e
+SHA512 (samba-4.8.0rc4.tar.xz) = c4116a3997b874f94b31faae75f543f36d2ae44a9638acb5e8e3b757160ec8cacecc4c1db67c5aa8fc61da2989b05ca1ddfb335d4886ce22cf82d90c1bb4c58a
-SHA512 (samba-4.8.0rc3.tar.asc) = c4b89b367438ba85e862881aafcbca263c56e6ef9055239c084b229f9092f99b465acbab928f8c3a1cb4aabef3070346dc59eda11b6769b7408c58508597d583
+SHA512 (samba-4.8.0rc4.tar.asc) = 74bcb2c37330be53ad5ad83017b3f548afdebc7ecefbc38944b117776b11968d816a339b7840ba2b54d13fc3ef832faf3dd435f76e6293cc7a83204ba497f5d1