Fix Samba AD DC operations on F33 or later
- Report 'samba' daemon status back to systemd - Support dnspython 2.0.0 or later in samba_dnsupdate
This commit is contained in:
parent
1e29c417eb
commit
92693f66e9
143
samba-dnspython-2.0.0-v4.13.patch
Normal file
143
samba-dnspython-2.0.0-v4.13.patch
Normal file
@ -0,0 +1,143 @@
|
|||||||
|
From 12b51be8633689763080f2eb1e0b13487e3e71e1 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Alexander Bokovoy <ab@samba.org>
|
||||||
|
Date: Sat, 24 Oct 2020 12:17:44 +0300
|
||||||
|
Subject: [PATCH] DNS Resolver: support both dnspython before and after 2.0.0
|
||||||
|
|
||||||
|
`dnspython` 2.0.0 has many changes and several deprecations like:
|
||||||
|
|
||||||
|
```
|
||||||
|
> dns.resolver.resolve() has been added, allowing control of whether
|
||||||
|
search lists are used. dns.resolver.query() is retained for backwards
|
||||||
|
compatibility, but deprecated. The default for search list behavior can
|
||||||
|
be set at in the resolver object with the use_search_by_default
|
||||||
|
parameter. The default is False.
|
||||||
|
|
||||||
|
> dns.resolver.resolve_address() has been added, allowing easy
|
||||||
|
address-to-name lookups.
|
||||||
|
```
|
||||||
|
|
||||||
|
The new class `DNSResolver`:
|
||||||
|
- provides the compatibility layer
|
||||||
|
- defaults the previous behavior (the search list configured in the
|
||||||
|
system's resolver configuration is used for relative names)
|
||||||
|
- defaults lifetime to 15sec (determines the number of seconds
|
||||||
|
to spend trying to get an answer to the question)
|
||||||
|
|
||||||
|
The compatibility shim was developed by Stanislav Levin for FreeIPA and
|
||||||
|
adopted for Samba by Alexander Bokovoy.
|
||||||
|
|
||||||
|
Signed-off-by: Stanislav Levin <slev@altlinux.org>
|
||||||
|
Signed-off-by: Alexander Bokovoy <ab@samba.org>
|
||||||
|
---
|
||||||
|
python/samba/dnsresolver.py | 68 +++++++++++++++++++++++++++
|
||||||
|
source4/scripting/bin/samba_dnsupdate | 5 +-
|
||||||
|
2 files changed, 71 insertions(+), 2 deletions(-)
|
||||||
|
create mode 100644 python/samba/dnsresolver.py
|
||||||
|
|
||||||
|
diff --git a/python/samba/dnsresolver.py b/python/samba/dnsresolver.py
|
||||||
|
new file mode 100644
|
||||||
|
index 00000000000..a627555a855
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/python/samba/dnsresolver.py
|
||||||
|
@@ -0,0 +1,68 @@
|
||||||
|
+# Samba wrapper for DNS resolvers
|
||||||
|
+#
|
||||||
|
+# Copyright (C) Stanislav Levin <slev@altlinux.org>
|
||||||
|
+# Copyright (C) Alexander Bokovoy <ab@samba.org>
|
||||||
|
+#
|
||||||
|
+# This program is free software; you can redistribute it and/or modify
|
||||||
|
+# it under the terms of the GNU General Public License as published by
|
||||||
|
+# the Free Software Foundation; either version 3 of the License, or
|
||||||
|
+# (at your option) any later version.
|
||||||
|
+#
|
||||||
|
+# This program is distributed in the hope that it will be useful,
|
||||||
|
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
+# GNU General Public License for more details.
|
||||||
|
+#
|
||||||
|
+# You should have received a copy of the GNU General Public License
|
||||||
|
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
+#
|
||||||
|
+
|
||||||
|
+import dns.resolver
|
||||||
|
+import dns.rdatatype
|
||||||
|
+import dns.reversename
|
||||||
|
+
|
||||||
|
+class DNSResolver(dns.resolver.Resolver):
|
||||||
|
+ """DNS stub resolver compatible with both dnspython < 2.0.0
|
||||||
|
+ and dnspython >= 2.0.0.
|
||||||
|
+
|
||||||
|
+ Set `use_search_by_default` attribute to `True`, which
|
||||||
|
+ determines the default for whether the search list configured
|
||||||
|
+ in the system's resolver configuration is used for relative
|
||||||
|
+ names, and whether the resolver's domain may be added to relative
|
||||||
|
+ names.
|
||||||
|
+
|
||||||
|
+ Increase the default lifetime which determines the number of seconds
|
||||||
|
+ to spend trying to get an answer to the question. dnspython 2.0.0
|
||||||
|
+ changes this to 5sec, while the previous one was 30sec.
|
||||||
|
+ """
|
||||||
|
+ def __init__(self, *args, **kwargs):
|
||||||
|
+ super().__init__(*args, **kwargs)
|
||||||
|
+ self.reset_defaults()
|
||||||
|
+ self.resolve = getattr(super(), "resolve", self.query)
|
||||||
|
+ self.resolve_address = getattr(
|
||||||
|
+ super(),
|
||||||
|
+ "resolve_address",
|
||||||
|
+ self._resolve_address
|
||||||
|
+ )
|
||||||
|
+
|
||||||
|
+ def reset_defaults(self):
|
||||||
|
+ self.use_search_by_default = True
|
||||||
|
+ # the default is 5sec
|
||||||
|
+ self.lifetime = 15
|
||||||
|
+
|
||||||
|
+ def reset(self):
|
||||||
|
+ super().reset()
|
||||||
|
+ self.reset_defaults()
|
||||||
|
+
|
||||||
|
+ def _resolve_address(self, ip_address, *args, **kwargs):
|
||||||
|
+ """Query nameservers for PTR records.
|
||||||
|
+
|
||||||
|
+ :param ip_address: IPv4 or IPv6 address
|
||||||
|
+ :type ip_address: str
|
||||||
|
+ """
|
||||||
|
+ return self.resolve(
|
||||||
|
+ dns.reversename.from_address(ip_address),
|
||||||
|
+ rdtype=dns.rdatatype.PTR,
|
||||||
|
+ *args,
|
||||||
|
+ **kwargs,
|
||||||
|
+ )
|
||||||
|
diff --git a/source4/scripting/bin/samba_dnsupdate b/source4/scripting/bin/samba_dnsupdate
|
||||||
|
index 44eb1cadd27..fe04ce71338 100755
|
||||||
|
--- a/source4/scripting/bin/samba_dnsupdate
|
||||||
|
+++ b/source4/scripting/bin/samba_dnsupdate
|
||||||
|
@@ -53,6 +53,7 @@ from samba.compat import get_string
|
||||||
|
from samba.compat import text_type
|
||||||
|
import ldb
|
||||||
|
|
||||||
|
+from samba.dnsresolver import DNSResolver
|
||||||
|
import dns.resolver
|
||||||
|
import dns.exception
|
||||||
|
|
||||||
|
@@ -259,7 +260,7 @@ def hostname_match(h1, h2):
|
||||||
|
|
||||||
|
def get_resolver(d=None):
|
||||||
|
resolv_conf = os.getenv('RESOLV_CONF', default='/etc/resolv.conf')
|
||||||
|
- resolver = dns.resolver.Resolver(filename=resolv_conf, configure=True)
|
||||||
|
+ resolver = DNSResolver(filename=resolv_conf, configure=True)
|
||||||
|
|
||||||
|
if d is not None and d.nameservers != []:
|
||||||
|
resolver.nameservers = d.nameservers
|
||||||
|
@@ -271,7 +272,7 @@ def check_one_dns_name(name, name_type, d=None):
|
||||||
|
if d and not d.nameservers:
|
||||||
|
d.nameservers = resolver.nameservers
|
||||||
|
# dns.resolver.Answer
|
||||||
|
- return resolver.query(name, name_type)
|
||||||
|
+ return resolver.resolve(name, name_type)
|
||||||
|
|
||||||
|
def check_dns_name(d):
|
||||||
|
"""check that a DNS entry exists."""
|
||||||
|
--
|
||||||
|
2.28.0
|
||||||
|
|
118
samba-systemd-notification.patch
Normal file
118
samba-systemd-notification.patch
Normal file
@ -0,0 +1,118 @@
|
|||||||
|
From 9dd1a4809b1b6d65bfb2258b443b0fe36e0a32f7 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Alexander Bokovoy <ab@samba.org>
|
||||||
|
Date: Sat, 24 Oct 2020 16:52:43 +0300
|
||||||
|
Subject: [PATCH] daemons: report status to systemd even when running in
|
||||||
|
foreground
|
||||||
|
|
||||||
|
When systemd launches samba services, the configuration we have in
|
||||||
|
systemd service files expects that the main process (/usr/sbin/*)
|
||||||
|
would use sd_notify() to report back its status. However, we only use
|
||||||
|
sd_notify() when running become_daemon().
|
||||||
|
|
||||||
|
As a result, samba/smbd/winbindd/nmbd processes never report back its
|
||||||
|
status and the status updates from other childs (smbd, winbindd, etc)
|
||||||
|
are not accepted as we now have implied NotifyAccess=main since commit
|
||||||
|
d1740fb3d5a72cb49e30b330bb0b01e7ef3e09cc
|
||||||
|
|
||||||
|
This leads to a timeout and killing samba process by systemd. Situation
|
||||||
|
is reproducible in Fedora 33, for example.
|
||||||
|
|
||||||
|
Make sure that we have required status updates for all daemons in case
|
||||||
|
we aren't runnning in interactive mode.
|
||||||
|
|
||||||
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14552
|
||||||
|
|
||||||
|
Signed-off-by: Alexander Bokovoy <ab@samba.org>
|
||||||
|
---
|
||||||
|
source3/nmbd/nmbd.c | 4 +++-
|
||||||
|
source3/smbd/server.c | 4 +++-
|
||||||
|
source3/winbindd/winbindd.c | 5 ++++-
|
||||||
|
source4/smbd/server.c | 4 +++-
|
||||||
|
4 files changed, 13 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/source3/nmbd/nmbd.c b/source3/nmbd/nmbd.c
|
||||||
|
index 0b881d13f7b..f6aeba1f714 100644
|
||||||
|
--- a/source3/nmbd/nmbd.c
|
||||||
|
+++ b/source3/nmbd/nmbd.c
|
||||||
|
@@ -1009,6 +1009,8 @@ static bool open_sockets(bool isdaemon, int port)
|
||||||
|
if (is_daemon && !opt_interactive) {
|
||||||
|
DEBUG(3, ("Becoming a daemon.\n"));
|
||||||
|
become_daemon(Fork, no_process_group, log_stdout);
|
||||||
|
+ } else if (!opt_interactive) {
|
||||||
|
+ daemon_status("nmbd", "Starting process...");
|
||||||
|
}
|
||||||
|
|
||||||
|
#ifdef HAVE_SETPGID
|
||||||
|
@@ -1135,7 +1137,7 @@ static bool open_sockets(bool isdaemon, int port)
|
||||||
|
exit_daemon( "NMBD failed to setup packet server.", EACCES);
|
||||||
|
}
|
||||||
|
|
||||||
|
- if (is_daemon && !opt_interactive) {
|
||||||
|
+ if (!opt_interactive) {
|
||||||
|
daemon_ready("nmbd");
|
||||||
|
}
|
||||||
|
|
||||||
|
diff --git a/source3/smbd/server.c b/source3/smbd/server.c
|
||||||
|
index 153dd3c9323..3d9db5d8407 100644
|
||||||
|
--- a/source3/smbd/server.c
|
||||||
|
+++ b/source3/smbd/server.c
|
||||||
|
@@ -1893,6 +1893,8 @@ extern void build_options(bool screen);
|
||||||
|
if (is_daemon && !interactive) {
|
||||||
|
DEBUG(3, ("Becoming a daemon.\n"));
|
||||||
|
become_daemon(Fork, no_process_group, log_stdout);
|
||||||
|
+ } else {
|
||||||
|
+ daemon_status("smbd", "Starting process ...");
|
||||||
|
}
|
||||||
|
|
||||||
|
#ifdef HAVE_SETPGID
|
||||||
|
@@ -2100,7 +2102,7 @@ extern void build_options(bool screen);
|
||||||
|
exit_daemon("Samba cannot setup ep pipe", EACCES);
|
||||||
|
}
|
||||||
|
|
||||||
|
- if (is_daemon && !interactive) {
|
||||||
|
+ if (!interactive) {
|
||||||
|
daemon_ready("smbd");
|
||||||
|
}
|
||||||
|
|
||||||
|
diff --git a/source3/winbindd/winbindd.c b/source3/winbindd/winbindd.c
|
||||||
|
index 4397a1bc0d1..1e08237905a 100644
|
||||||
|
--- a/source3/winbindd/winbindd.c
|
||||||
|
+++ b/source3/winbindd/winbindd.c
|
||||||
|
@@ -1880,8 +1880,11 @@ int main(int argc, const char **argv)
|
||||||
|
BlockSignals(False, SIGHUP);
|
||||||
|
BlockSignals(False, SIGCHLD);
|
||||||
|
|
||||||
|
- if (!interactive)
|
||||||
|
+ if (!interactive) {
|
||||||
|
become_daemon(Fork, no_process_group, log_stdout);
|
||||||
|
+ } else {
|
||||||
|
+ daemon_status("winbindd", "Starting process ...");
|
||||||
|
+ }
|
||||||
|
|
||||||
|
pidfile_create(lp_pid_directory(), "winbindd");
|
||||||
|
|
||||||
|
diff --git a/source4/smbd/server.c b/source4/smbd/server.c
|
||||||
|
index 95acb99b86c..ee2e7508bb3 100644
|
||||||
|
--- a/source4/smbd/server.c
|
||||||
|
+++ b/source4/smbd/server.c
|
||||||
|
@@ -648,6 +648,8 @@ static int binary_smbd_main(const char *binary_name,
|
||||||
|
if (opt_daemon) {
|
||||||
|
DBG_NOTICE("Becoming a daemon.\n");
|
||||||
|
become_daemon(opt_fork, opt_no_process_group, false);
|
||||||
|
+ } else if (!opt_interactive) {
|
||||||
|
+ daemon_status("samba", "Starting process...");
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Create the memory context to hang everything off. */
|
||||||
|
@@ -931,7 +933,7 @@ static int binary_smbd_main(const char *binary_name,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
- if (opt_daemon) {
|
||||||
|
+ if (!opt_interactive) {
|
||||||
|
daemon_ready("samba");
|
||||||
|
}
|
||||||
|
|
||||||
|
--
|
||||||
|
2.28.0
|
||||||
|
|
10
samba.spec
10
samba.spec
@ -8,7 +8,7 @@
|
|||||||
|
|
||||||
%define samba_requires_eq() %(LC_ALL="C" echo '%*' | xargs -r rpm -q --qf 'Requires: %%{name} = %%{epoch}:%%{version}\\n' | sed -e 's/ (none):/ /' -e 's/ 0:/ /' | grep -v "is not")
|
%define samba_requires_eq() %(LC_ALL="C" echo '%*' | xargs -r rpm -q --qf 'Requires: %%{name} = %%{epoch}:%%{version}\\n' | sed -e 's/ (none):/ /' -e 's/ 0:/ /' | grep -v "is not")
|
||||||
|
|
||||||
%define main_release 12
|
%define main_release 13
|
||||||
|
|
||||||
%define samba_version 4.13.0
|
%define samba_version 4.13.0
|
||||||
%define talloc_version 2.3.1
|
%define talloc_version 2.3.1
|
||||||
@ -132,6 +132,8 @@ Source14: samba.pamd
|
|||||||
Source201: README.downgrade
|
Source201: README.downgrade
|
||||||
Patch1: samba-s4u.patch
|
Patch1: samba-s4u.patch
|
||||||
Patch2: samba-gc-lookup_unix_user_name-allow-lookup-for-own-realm.patch
|
Patch2: samba-gc-lookup_unix_user_name-allow-lookup-for-own-realm.patch
|
||||||
|
Patch3: samba-dnspython-2.0.0-v4.13.patch
|
||||||
|
Patch4: samba-systemd-notification.patch
|
||||||
|
|
||||||
Requires(pre): /usr/sbin/groupadd
|
Requires(pre): /usr/sbin/groupadd
|
||||||
Requires(post): systemd
|
Requires(post): systemd
|
||||||
@ -1984,6 +1986,7 @@ fi
|
|||||||
%{python3_sitearch}/samba/__pycache__/compat.*.pyc
|
%{python3_sitearch}/samba/__pycache__/compat.*.pyc
|
||||||
%{python3_sitearch}/samba/__pycache__/dbchecker.*.pyc
|
%{python3_sitearch}/samba/__pycache__/dbchecker.*.pyc
|
||||||
%{python3_sitearch}/samba/__pycache__/descriptor.*.pyc
|
%{python3_sitearch}/samba/__pycache__/descriptor.*.pyc
|
||||||
|
%{python3_sitearch}/samba/__pycache__/dnsresolver.*.pyc
|
||||||
%{python3_sitearch}/samba/__pycache__/drs_utils.*.pyc
|
%{python3_sitearch}/samba/__pycache__/drs_utils.*.pyc
|
||||||
%{python3_sitearch}/samba/__pycache__/getopt.*.pyc
|
%{python3_sitearch}/samba/__pycache__/getopt.*.pyc
|
||||||
%{python3_sitearch}/samba/__pycache__/gpclass.*.pyc
|
%{python3_sitearch}/samba/__pycache__/gpclass.*.pyc
|
||||||
@ -2061,6 +2064,7 @@ fi
|
|||||||
%{python3_sitearch}/samba/dcerpc/wkssvc.*.so
|
%{python3_sitearch}/samba/dcerpc/wkssvc.*.so
|
||||||
%{python3_sitearch}/samba/dcerpc/xattr.*.so
|
%{python3_sitearch}/samba/dcerpc/xattr.*.so
|
||||||
%{python3_sitearch}/samba/descriptor.py
|
%{python3_sitearch}/samba/descriptor.py
|
||||||
|
%{python3_sitearch}/samba/dnsresolver.py
|
||||||
%{python3_sitearch}/samba/drs_utils.py
|
%{python3_sitearch}/samba/drs_utils.py
|
||||||
%{python3_sitearch}/samba/gensec.*.so
|
%{python3_sitearch}/samba/gensec.*.so
|
||||||
%{python3_sitearch}/samba/getopt.py
|
%{python3_sitearch}/samba/getopt.py
|
||||||
@ -3621,6 +3625,10 @@ fi
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Sun Oct 25 2020 Alexander Bokovoy <abokovoy@redhat.com> - 4.13.0-13
|
||||||
|
- Report 'samba' daemon status back to systemd
|
||||||
|
- Support dnspython 2.0.0 or later in samba_dnsupdate
|
||||||
|
|
||||||
* Thu Oct 22 2020 Alexander Bokovoy <abokovoy@redhat.com> - 4.13.0-12
|
* Thu Oct 22 2020 Alexander Bokovoy <abokovoy@redhat.com> - 4.13.0-12
|
||||||
- Add preliminary support for S4U operations in Samba AD DC
|
- Add preliminary support for S4U operations in Samba AD DC
|
||||||
resolves: #1836630 - Samba DC: Remote Desktop cannot access files
|
resolves: #1836630 - Samba DC: Remote Desktop cannot access files
|
||||||
|
Loading…
Reference in New Issue
Block a user