rpms/samba
6
0
Fork 0
Code Issues Pull Requests Releases Activity

import samba-4.15.2-2.el8

Browse Source
This commit is contained in:
CentOS Sources 2021-12-13 10:18:37 +00:00 committed by Stepan Oksanichenko
parent 756267da85
commit ac96d2f4b6
15 changed files with 3208 additions and 104 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -1,2 +1,2 @@
SOURCES/samba-4.14.5.tar.xz SOURCES/samba-4.15.2.tar.xz
SOURCES/samba-pubkey_AA99442FB680B620.gpg SOURCES/samba-pubkey_AA99442FB680B620.gpg

2
.samba.metadata
View File

@ -1,2 +1,2 @@
46925b3ed9f63b1b936f2271253fdccccbf1575f SOURCES/samba-4.14.5.tar.xz 4ab5db6dd0103af6dce93c5931729849774aa45e SOURCES/samba-4.15.2.tar.xz
971f563c447eda8d144d6c9e743cd0f0488c0d9e SOURCES/samba-pubkey_AA99442FB680B620.gpg 971f563c447eda8d144d6c9e743cd0f0488c0d9e SOURCES/samba-pubkey_AA99442FB680B620.gpg

49
SOURCES/samba-4.14-raise-dfs-enoent-debug-level.patch
View File

@ -1,49 +0,0 @@
From 4b192aaf503ea7f5eba27b6e43edcfe54ac6c5a6 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Wed, 26 May 2021 15:04:08 +0200
Subject: [PATCH] s3:modules: Reduce debug level if file doesn't exists on dfs
share
There is software out there trying to open desktop.ini in every
directory. Avoid spamming the logs with error messages.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jun 18 18:14:11 UTC 2021 on sn-devel-184
(cherry picked from commit 4079efae76718a84a4cf24b6613cdc53cdb2dd39)
---
source3/modules/vfs_default.c | 15 +++++++++++----
1 file changed, 11 insertions(+), 4 deletions(-)
diff --git a/source3/modules/vfs_default.c b/source3/modules/vfs_default.c
index 8d592bbad64..ea036b24ddf 100644
--- a/source3/modules/vfs_default.c
+++ b/source3/modules/vfs_default.c
@@ -476,10 +476,17 @@ static NTSTATUS vfswrap_read_dfs_pathat(struct vfs_handle_struct *handle,
status = NT_STATUS_OBJECT_TYPE_MISMATCH;
} else {
status = map_nt_error_from_unix(errno);
- DBG_ERR("Error reading "
- "msdfs link %s: %s\n",
- smb_fname->base_name,
- strerror(errno));
+ if (errno == ENOENT) {
+ DBG_NOTICE("Error reading "
+ "msdfs link %s: %s\n",
+ smb_fname->base_name,
+ strerror(errno));
+ } else {
+ DBG_ERR("Error reading "
+ "msdfs link %s: %s\n",
+ smb_fname->base_name,
+ strerror(errno));
+ }
}
goto err;
}
--
2.31.1

16
SOURCES/samba-4.14.5.tar.asc
View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmC14EsACgkQqplEL7aA
tiDWUA//b0Dj/dJozZY/Q6OI9UjPNL9nvPGqpKF0Sl2sW5jO1KWdcq1OZk+H6eO5
gaX9nuH8Qo/IMxVRIPZVW6lXwsLzSdAOhwPAV02D/feSNfuld078v5yN1My2x6gH
tmfEVXZJjNkObhLDz0Wgq3mxxKvwxSM4+q2SI9p2/Yk32+oT1l/EWT3WZRNa/I1x
MF8nr8p5BktPw7tQoITG/JhkWudfkPpvVA3LJYl+F0rjubMA3C3btvDNquPaNXQ0
Jr0nOt8+OKpsrtBb6ED0su7CWqbHHjc7lTKLepruqnHzllk5/Tcsu6APVRb8qjim
B2ElieWYJKQ7vBchjuSw/3ufqOsJdvckO4znGM1bUFDnCV0DDOXPE/U5QmjcoQqE
kJ36m53WnGCHR3JbL+rSjrB1m0ip8tViNraV+Ch2sXNlNvKYPNNo3cgX62nnDWJz
aLlncx0W1LpZ8mhYVv0AvdoVKBDygzxheye8Fssz3Wz5RDzZ6Vm0AoJwBm+G8v1k
u0MXMyvBv1KLpBLL27PJm2m7r6KIDB0v9PuLK5iF107omkSWfY/lMLQR2UFph8oH
uCwV5PiEy/ecBhBfo3KzUG5yJLBBayYB2vGcXJh4yRpAByppFbpo3csr6UZSEsU8
iImmN97Tg3QVd/FTn9qRiQ15NxzWC0XCE1glY87KqqC5kl5Lk9Y=
=i6jp
-----END PGP SIGNATURE-----

668
SOURCES/samba-4.15-fix-recursive-dir-delete-symlinks.patch Normal file
View File

@ -0,0 +1,668 @@
From 05cbf6e66f6989e383904ac582dae9515ac3a838 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Thu, 21 Oct 2021 16:37:27 -0700
Subject: [PATCH 1/7] s3: smbd: Add two tests showing the ability to delete a
directory containing a dangling symlink over SMB2 depends on "delete veto
files" setting.
Add knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14879
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 942123b95923f35a32df4196a072a3ed3468396a)
---
selftest/knownfail.d/rmdir_dangle_symlink | 1 +
selftest/target/Samba3.pm | 4 +
.../test_delete_veto_files_only_rmdir.sh | 183 ++++++++++++++++++
source3/selftest/tests.py | 3 +
4 files changed, 191 insertions(+)
create mode 100644 selftest/knownfail.d/rmdir_dangle_symlink
create mode 100755 source3/script/tests/test_delete_veto_files_only_rmdir.sh
diff --git a/selftest/knownfail.d/rmdir_dangle_symlink b/selftest/knownfail.d/rmdir_dangle_symlink
new file mode 100644
index 00000000000..c775dc5fe15
--- /dev/null
+++ b/selftest/knownfail.d/rmdir_dangle_symlink
@@ -0,0 +1 @@
+^samba3.blackbox.test_dangle_rmdir.rmdir can delete directory containing dangling symlink\(fileserver\)
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index 2fdab781fda..8ecfc1aaf82 100755
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -1738,6 +1738,10 @@ sub setup_fileserver
veto files = /veto_name*/
delete veto files = yes
+[delete_veto_files_only]
+ path = $veto_sharedir
+ delete veto files = yes
+
[homes]
comment = Home directories
browseable = No
diff --git a/source3/script/tests/test_delete_veto_files_only_rmdir.sh b/source3/script/tests/test_delete_veto_files_only_rmdir.sh
new file mode 100755
index 00000000000..d2c3b2198f7
--- /dev/null
+++ b/source3/script/tests/test_delete_veto_files_only_rmdir.sh
@@ -0,0 +1,183 @@
+#!/bin/sh
+#
+# Check smbclient can (or cannot) delete a directory containing dangling symlinks.
+# BUG: https://bugzilla.samba.org/show_bug.cgi?id=14879
+#
+
+if [ $# -lt 6 ]; then
+cat <<EOF
+Usage: $0 SERVER SERVER_IP USERNAME PASSWORD SHAREPATH SMBCLIENT
+EOF
+exit 1;
+fi
+
+SERVER=${1}
+SERVER_IP=${2}
+USERNAME=${3}
+PASSWORD=${4}
+SHAREPATH=${5}
+SMBCLIENT=${6}
+shift 6
+SMBCLIENT="$VALGRIND ${SMBCLIENT}"
+ADDARGS="$@"
+
+incdir=$(dirname "$0")/../../../testprogs/blackbox
+. $incdir/subunit.sh
+
+failed=0
+
+rmdir_path="$SHAREPATH/dir"
+
+#
+# Using the share "[delete_veto_files_only]" we CAN delete
+# a directory containing only a dangling symlink.
+#
+test_dangle_symlink_delete_veto_rmdir()
+{
+ local dangle_symlink_path="$rmdir_path/bad_link"
+ local tmpfile=$PREFIX/smbclient.in.$$
+
+ # Create rmdir directory.
+ mkdir -p "$rmdir_path"
+ # Create dangling symlink underneath.
+ ln -s "nowhere-foo" "$dangle_symlink_path"
+
+ cat > "$tmpfile" <<EOF
+cd dir
+ls
+quit
+EOF
+
+ local cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT //$SERVER/delete_veto_files_only -U$USERNAME%$PASSWORD $ADDARGS < $tmpfile 2>&1'
+ eval echo "$cmd"
+ out=$(eval "$cmd")
+ ret=$?
+
+ # Check for smbclient error.
+ if [ $ret != 0 ] ; then
+ echo "Failed accessing share delete_veto_files_only - $ret"
+ echo "$out"
+ return 1
+ fi
+
+ # We should NOT see the dangling symlink file.
+ echo "$out" | grep bad_link
+ ret=$?
+ if [ $ret -eq 0 ] ; then
+ echo "Saw dangling symlink bad_link in share delete_veto_files_only"
+ echo "$out"
+ return 1
+ fi
+
+ # Try and remove the directory, should succeed.
+ cat > "$tmpfile" <<EOF
+rd dir
+quit
+EOF
+
+ local cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT //$SERVER/delete_veto_files_only -U$USERNAME%$PASSWORD $ADDARGS < $tmpfile 2>&1'
+ eval echo "$cmd"
+ out=$(eval "$cmd")
+ ret=$?
+
+ # Check for smbclient error.
+ if [ $ret != 0 ] ; then
+ echo "Failed accessing share delete_veto_files_only - $ret"
+ echo "$out"
+ return 1
+ fi
+
+ # We should get no NT_STATUS_ errors.
+ echo "$out" | grep NT_STATUS_
+ ret=$?
+ if [ $ret -eq 0 ] ; then
+ echo "Got error NT_STATUS_ in share delete_veto_files_only"
+ echo "$out"
+ return 1
+ fi
+
+ return 0
+}
+
+#
+# Using the share "[veto_files_nodelete]" we CANNOT delete
+# a directory containing only a dangling symlink.
+#
+test_dangle_symlink_veto_files_nodelete()
+{
+ local dangle_symlink_path="$rmdir_path/bad_link"
+ local tmpfile=$PREFIX/smbclient.in.$$
+
+ # Create rmdir directory.
+ mkdir -p "$rmdir_path"
+ # Create dangling symlink underneath.
+ ln -s "nowhere-foo" "$dangle_symlink_path"
+
+ cat > "$tmpfile" <<EOF
+cd dir
+ls
+quit
+EOF
+
+ local cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT //$SERVER/veto_files_nodelete -U$USERNAME%$PASSWORD $ADDARGS < $tmpfile 2>&1'
+ eval echo "$cmd"
+ out=$(eval "$cmd")
+ ret=$?
+
+ # Check for smbclient error.
+ if [ $ret != 0 ] ; then
+ echo "Failed accessing share veto_files_nodelete - $ret"
+ echo "$out"
+ return 1
+ fi
+
+ # We should NOT see the dangling symlink file.
+ echo "$out" | grep bad_link
+ ret=$?
+ if [ $ret -eq 0 ] ; then
+ echo "Saw dangling symlink bad_link in share veto_files_nodelete"
+ echo "$out"
+ return 1
+ fi
+
+ # Try and remove the directory, should fail with DIRECTORY_NOT_EMPTY.
+ cat > "$tmpfile" <<EOF
+rd dir
+quit
+EOF
+
+ local cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT //$SERVER/veto_files_nodelete -U$USERNAME%$PASSWORD $ADDARGS < $tmpfile 2>&1'
+ eval echo "$cmd"
+ out=$(eval "$cmd")
+ ret=$?
+
+ # Check for smbclient error.
+ if [ $ret != 0 ] ; then
+ echo "Failed accessing share veto_files_nodelete - $ret"
+ echo "$out"
+ return 1
+ fi
+
+ # We should get NT_STATUS_DIRECTORY_NOT_EMPTY errors.
+ echo "$out" | grep NT_STATUS_DIRECTORY_NOT_EMPTY
+ ret=$?
+ if [ $ret -ne 0 ] ; then
+ echo "Should get NT_STATUS_DIRECTORY_NOT_EMPTY in share veto_files_nodelete"
+ echo "$out"
+ return 1
+ fi
+
+ return 0
+}
+
+
+testit "rmdir can delete directory containing dangling symlink" \
+ test_dangle_symlink_delete_veto_rmdir || failed=$(expr "$failed" + 1)
+
+rm -rf "$rmdir_path"
+
+testit "rmdir cannot delete directory delete_veto_files_no containing dangling symlink" \
+ test_dangle_symlink_veto_files_nodelete || failed=$(expr "$failed" + 1)
+
+rm -rf "$rmdir_path"
+exit "$failed"
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index 24c8e0a1960..e39009635a6 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -542,6 +542,9 @@ for env in ["fileserver"]:
plantestsuite("samba3.blackbox.test_veto_rmdir", env,
[os.path.join(samba3srcdir, "script/tests/test_veto_rmdir.sh"),
'$SERVER', '$SERVER_IP', '$USERNAME', '$PASSWORD', '$LOCAL_PATH/veto', smbclient3])
+ plantestsuite("samba3.blackbox.test_dangle_rmdir", env,
+ [os.path.join(samba3srcdir, "script/tests/test_delete_veto_files_only_rmdir.sh"),
+ '$SERVER', '$SERVER_IP', '$USERNAME', '$PASSWORD', '$LOCAL_PATH/veto', smbclient3])
#
# tar command tests
--
2.30.2
From 5530e76aa6255c2b210978c07dd4b859373ded64 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Mon, 25 Oct 2021 12:01:58 -0700
Subject: [PATCH 2/7] s3: VFS: streams_depot. Allow unlinkat to cope with
dangling symlinks.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14879
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 295d7d026babe3cd5123d0f53adcb16868907f05)
---
source3/modules/vfs_streams_depot.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/source3/modules/vfs_streams_depot.c b/source3/modules/vfs_streams_depot.c
index 973edeeda24..ae73ba965a5 100644
--- a/source3/modules/vfs_streams_depot.c
+++ b/source3/modules/vfs_streams_depot.c
@@ -823,6 +823,16 @@ static int streams_depot_unlink_internal(vfs_handle_struct *handle,
ret = SMB_VFS_NEXT_LSTAT(handle, full_fname);
} else {
ret = SMB_VFS_NEXT_STAT(handle, full_fname);
+ if (ret == -1 && (errno == ENOENT || errno == ELOOP)) {
+ if (VALID_STAT(smb_fname->st) &&
+ S_ISLNK(smb_fname->st.st_ex_mode)) {
+ /*
+ * Original name was a link - Could be
+ * trying to remove a dangling symlink.
+ */
+ ret = SMB_VFS_NEXT_LSTAT(handle, full_fname);
+ }
+ }
}
if (ret == -1) {
TALLOC_FREE(full_fname);
--
2.30.2
From 9938ef02b42f1578e758010b9c4b7a149a9d39c8 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Mon, 25 Oct 2021 12:02:43 -0700
Subject: [PATCH 3/7] s3: VFS: xattr_tdb. Allow unlinkat to cope with dangling
symlinks.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14879
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit f254be19d6501a4f573843af97963e350a9ee2ed)
---
source3/modules/vfs_xattr_tdb.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/source3/modules/vfs_xattr_tdb.c b/source3/modules/vfs_xattr_tdb.c
index daa99b2cc3e..42c570b54b3 100644
--- a/source3/modules/vfs_xattr_tdb.c
+++ b/source3/modules/vfs_xattr_tdb.c
@@ -520,6 +520,16 @@ static int xattr_tdb_unlinkat(vfs_handle_struct *handle,
ret = SMB_VFS_NEXT_LSTAT(handle, full_fname);
} else {
ret = SMB_VFS_NEXT_STAT(handle, full_fname);
+ if (ret == -1 && (errno == ENOENT || errno == ELOOP)) {
+ if (VALID_STAT(smb_fname->st) &&
+ S_ISLNK(smb_fname->st.st_ex_mode)) {
+ /*
+ * Original name was a link - Could be
+ * trying to remove a dangling symlink.
+ */
+ ret = SMB_VFS_NEXT_LSTAT(handle, full_fname);
+ }
+ }
}
if (ret == -1) {
goto out;
--
2.30.2
From 38ca6d51a07b2ff26e6447846d62c72aabee3606 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Mon, 25 Oct 2021 12:21:37 -0700
Subject: [PATCH 4/7] s3: smbd: Fix rmdir_internals() to do an early return if
lp_delete_veto_files() is not set.
Fix the comments to match what the code actually does. The
exit at the end of the scan directory loop if we find a client
visible filename is a change in behavior, but the previous
behavior (not exist on visible filename, but delete it) was
a bug and in non-tested code. Now it's testd.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14879
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit a37d16e7c55f85e3f2c9c8614755ea6307092d5f)
---
source3/smbd/close.c | 36 ++++++++++++++++++++++--------------
1 file changed, 22 insertions(+), 14 deletions(-)
diff --git a/source3/smbd/close.c b/source3/smbd/close.c
index 470ca7f1b6d..484442ddc17 100644
--- a/source3/smbd/close.c
+++ b/source3/smbd/close.c
@@ -965,8 +965,6 @@ static NTSTATUS rmdir_internals(TALLOC_CTX *ctx, struct files_struct *fsp)
struct smb_filename *smb_dname = fsp->fsp_name;
struct smb_filename *parent_fname = NULL;
struct smb_filename *at_fname = NULL;
- const struct loadparm_substitution *lp_sub =
- loadparm_s3_global_substitution();
SMB_STRUCT_STAT st;
const char *dname = NULL;
char *talloced = NULL;
@@ -1026,9 +1024,7 @@ static NTSTATUS rmdir_internals(TALLOC_CTX *ctx, struct files_struct *fsp)
return NT_STATUS_OK;
}
- if (!((errno == ENOTEMPTY) || (errno == EEXIST)) ||
- !*lp_veto_files(talloc_tos(), lp_sub, SNUM(conn)))
- {
+ if (!((errno == ENOTEMPTY) || (errno == EEXIST))) {
DEBUG(3,("rmdir_internals: couldn't remove directory %s : "
"%s\n", smb_fname_str_dbg(smb_dname),
strerror(errno)));
@@ -1036,11 +1032,21 @@ static NTSTATUS rmdir_internals(TALLOC_CTX *ctx, struct files_struct *fsp)
return map_nt_error_from_unix(errno);
}
+ /*
+ * Here we know the initial directory unlink failed with
+ * ENOTEMPTY or EEXIST so we know there are objects within.
+ * If we don't have permission to delete files non
+ * visible to the client just fail the directory delete.
+ */
+
+ if (!lp_delete_veto_files(SNUM(conn))) {
+ errno = ENOTEMPTY;
+ goto err;
+ }
+
/*
* Check to see if the only thing in this directory are
- * vetoed files/directories. If so then delete them and
- * retry. If we fail to delete any of them (and we *don't*
- * do a recursive delete) then fail the rmdir.
+ * files non-visible to the client. If not, fail the delete.
*/
dir_hnd = OpenDir(talloc_tos(), conn, smb_dname, NULL, 0);
@@ -1133,16 +1139,18 @@ static NTSTATUS rmdir_internals(TALLOC_CTX *ctx, struct files_struct *fsp)
continue;
}
+ /*
+ * We found a client visible name.
+ * We cannot delete this directory.
+ */
+ DBG_DEBUG("got name %s - "
+ "can't delete directory %s\n",
+ dname,
+ fsp_str_dbg(fsp));
TALLOC_FREE(talloced);
TALLOC_FREE(fullname);
TALLOC_FREE(smb_dname_full);
TALLOC_FREE(direntry_fname);
- }
-
- /* We only have veto files/directories.
- * Are we allowed to delete them ? */
-
- if (!lp_delete_veto_files(SNUM(conn))) {
errno = ENOTEMPTY;
goto err;
}
--
2.30.2
From a8bc5af4ded62d80dca97622f5c90b0ebab5c130 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Mon, 25 Oct 2021 12:32:29 -0700
Subject: [PATCH 5/7] s3: smbd: Fix logic in rmdir_internals() to cope with
dangling symlinks.
Still need to add the same logic in can_delete_directory_fsp()
before we can delete the knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14879
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 26fecad2e66e91a3913d88ee2e0889f266e91d89)
---
source3/smbd/close.c | 56 ++++++++++++++++++++++++++++++++++++++++----
1 file changed, 51 insertions(+), 5 deletions(-)
diff --git a/source3/smbd/close.c b/source3/smbd/close.c
index 484442ddc17..7178257efcc 100644
--- a/source3/smbd/close.c
+++ b/source3/smbd/close.c
@@ -1103,15 +1103,61 @@ static NTSTATUS rmdir_internals(TALLOC_CTX *ctx, struct files_struct *fsp)
goto err;
}
- /*
- * is_visible_fsp() always returns true
- * for the symlink/MSDFS case.
- */
if (S_ISLNK(smb_dname_full->st.st_ex_mode)) {
+ /* Could it be an msdfs link ? */
+ if (lp_host_msdfs() &&
+ lp_msdfs_root(SNUM(conn))) {
+ struct smb_filename *smb_atname;
+ smb_atname = synthetic_smb_fname(talloc_tos(),
+ dname,
+ NULL,
+ &smb_dname_full->st,
+ fsp->fsp_name->twrp,
+ fsp->fsp_name->flags);
+ if (smb_atname == NULL) {
+ TALLOC_FREE(talloced);
+ TALLOC_FREE(fullname);
+ TALLOC_FREE(smb_dname_full);
+ errno = ENOMEM;
+ goto err;
+ }
+ if (is_msdfs_link(fsp, smb_atname)) {
+ TALLOC_FREE(talloced);
+ TALLOC_FREE(fullname);
+ TALLOC_FREE(smb_dname_full);
+ TALLOC_FREE(smb_atname);
+ DBG_DEBUG("got msdfs link name %s "
+ "- can't delete directory %s\n",
+ dname,
+ fsp_str_dbg(fsp));
+ errno = ENOTEMPTY;
+ goto err;
+ }
+ TALLOC_FREE(smb_atname);
+ }
+
+ /* Not a DFS link - could it be a dangling symlink ? */
+ ret = SMB_VFS_STAT(conn, smb_dname_full);
+ if (ret == -1 && (errno == ENOENT || errno == ELOOP)) {
+ /*
+ * Dangling symlink.
+ * Allow delete as "delete veto files = yes"
+ */
+ TALLOC_FREE(talloced);
+ TALLOC_FREE(fullname);
+ TALLOC_FREE(smb_dname_full);
+ continue;
+ }
+
+ DBG_DEBUG("got symlink name %s - "
+ "can't delete directory %s\n",
+ dname,
+ fsp_str_dbg(fsp));
TALLOC_FREE(talloced);
TALLOC_FREE(fullname);
TALLOC_FREE(smb_dname_full);
- continue;
+ errno = ENOTEMPTY;
+ goto err;
}
/* Not a symlink, get a pathref. */
--
2.30.2
From a1fb0d7bcf0791066b23e909c4f3a7a89bab6034 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Mon, 25 Oct 2021 12:36:57 -0700
Subject: [PATCH 6/7] s3: smbd: Fix logic in can_delete_directory_fsp() to cope
with dangling symlinks.
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14879
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit e9ef970eee5eca8ab3720279c54098e91d2dfda9)
---
selftest/knownfail.d/rmdir_dangle_symlink | 1 -
source3/smbd/dir.c | 55 ++++++++++++++++++++---
2 files changed, 49 insertions(+), 7 deletions(-)
delete mode 100644 selftest/knownfail.d/rmdir_dangle_symlink
diff --git a/selftest/knownfail.d/rmdir_dangle_symlink b/selftest/knownfail.d/rmdir_dangle_symlink
deleted file mode 100644
index c775dc5fe15..00000000000
--- a/selftest/knownfail.d/rmdir_dangle_symlink
+++ /dev/null
@@ -1 +0,0 @@
-^samba3.blackbox.test_dangle_rmdir.rmdir can delete directory containing dangling symlink\(fileserver\)
diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c
index 174f07b1159..4d61bb0d56d 100644
--- a/source3/smbd/dir.c
+++ b/source3/smbd/dir.c
@@ -1922,16 +1922,59 @@ NTSTATUS can_delete_directory_fsp(files_struct *fsp)
break;
}
- /*
- * is_visible_fsp() always returns true
- * for the symlink/MSDFS case.
- */
-
if (S_ISLNK(smb_dname_full->st.st_ex_mode)) {
+ /* Could it be an msdfs link ? */
+ if (lp_host_msdfs() &&
+ lp_msdfs_root(SNUM(conn))) {
+ struct smb_filename *smb_dname;
+ smb_dname = synthetic_smb_fname(talloc_tos(),
+ dname,
+ NULL,
+ &smb_dname_full->st,
+ fsp->fsp_name->twrp,
+ fsp->fsp_name->flags);
+ if (smb_dname == NULL) {
+ TALLOC_FREE(talloced);
+ TALLOC_FREE(fullname);
+ TALLOC_FREE(smb_dname_full);
+ status = NT_STATUS_NO_MEMORY;
+ break;
+ }
+ if (is_msdfs_link(fsp, smb_dname)) {
+ TALLOC_FREE(talloced);
+ TALLOC_FREE(fullname);
+ TALLOC_FREE(smb_dname_full);
+ TALLOC_FREE(smb_dname);
+ DBG_DEBUG("got msdfs link name %s "
+ "- can't delete directory %s\n",
+ dname,
+ fsp_str_dbg(fsp));
+ status = NT_STATUS_DIRECTORY_NOT_EMPTY;
+ break;
+ }
+ TALLOC_FREE(smb_dname);
+ }
+ /* Not a DFS link - could it be a dangling symlink ? */
+ ret = SMB_VFS_STAT(conn, smb_dname_full);
+ if (ret == -1 && (errno == ENOENT || errno == ELOOP)) {
+ /*
+ * Dangling symlink.
+ * Allow if "delete veto files = yes"
+ */
+ if (lp_delete_veto_files(SNUM(conn))) {
+ TALLOC_FREE(talloced);
+ TALLOC_FREE(fullname);
+ TALLOC_FREE(smb_dname_full);
+ continue;
+ }
+ }
+ DBG_DEBUG("got symlink name %s - "
+ "can't delete directory %s\n",
+ dname,
+ fsp_str_dbg(fsp));
TALLOC_FREE(talloced);
TALLOC_FREE(fullname);
TALLOC_FREE(smb_dname_full);
- DBG_DEBUG("got name %s - can't delete\n", dname);
status = NT_STATUS_DIRECTORY_NOT_EMPTY;
break;
}
--
2.30.2
From 2a6f19df3f1588dbf60b86b520798b88861d2179 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Mon, 25 Oct 2021 12:42:02 -0700
Subject: [PATCH 7/7] s3: docs-xml: Clarify the "delete veto files" paramter.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14879
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Oct 29 14:57:14 UTC 2021 on sn-devel-184
(cherry picked from commit 0b818c6b77e972626d0b071bebcf4ce55619fb84)
---
docs-xml/smbdotconf/filename/deletevetofiles.xml | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/docs-xml/smbdotconf/filename/deletevetofiles.xml b/docs-xml/smbdotconf/filename/deletevetofiles.xml
index 581dc05396d..570d4ac60a0 100644
--- a/docs-xml/smbdotconf/filename/deletevetofiles.xml
+++ b/docs-xml/smbdotconf/filename/deletevetofiles.xml
@@ -4,9 +4,12 @@
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
<para>This option is used when Samba is attempting to
- delete a directory that contains one or more vetoed directories
- (see the <smbconfoption name="veto files"/>
- option). If this option is set to <constant>no</constant> (the default) then if a vetoed
+ delete a directory that contains one or more vetoed files
+ or directories or non-visible files or directories (such
+ as dangling symlinks that point nowhere).
+ (see the <smbconfoption name="veto files"/>, <smbconfoption name="hide special files"/>,
+ <smbconfoption name="hide unreadable"/>, <smbconfoption name="hide unwriteable files"/>
+ options). If this option is set to <constant>no</constant> (the default) then if a vetoed
directory contains any non-vetoed files or directories then the
directory delete will fail. This is usually what you want.</para>
--
2.30.2

346
SOURCES/samba-4.15-fix-recursive-dir-delete.patch Normal file
View File

@ -0,0 +1,346 @@
From 83499424ab011da66ded2df441277c2b89844c7b Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Thu, 21 Oct 2021 15:06:20 -0700
Subject: [PATCH 1/2] s3: smbd: Add two tests showing recursive directory
delete of a directory containing veto file and msdfs links over SMB2.
Add knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14878
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit ad0082d79a681b981154747dcde5713e1933b88f)
---
selftest/knownfail.d/veto_rmdir | 1 +
selftest/target/Samba3.pm | 16 ++
source3/script/tests/test_veto_rmdir.sh | 217 ++++++++++++++++++++++++
source3/selftest/tests.py | 3 +
4 files changed, 237 insertions(+)
create mode 100644 selftest/knownfail.d/veto_rmdir
create mode 100755 source3/script/tests/test_veto_rmdir.sh
diff --git a/selftest/knownfail.d/veto_rmdir b/selftest/knownfail.d/veto_rmdir
new file mode 100644
index 00000000000..ecced55d794
--- /dev/null
+++ b/selftest/knownfail.d/veto_rmdir
@@ -0,0 +1 @@
+^samba3.blackbox.test_veto_rmdir.rmdir can delete directory containing a veto file\(fileserver\)
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index fdbba8411bc..2fdab781fda 100755
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -1614,6 +1614,9 @@ sub setup_fileserver
my $bad_iconv_sharedir="$share_dir/bad_iconv";
push(@dirs, $bad_iconv_sharedir);
+ my $veto_sharedir="$share_dir/veto";
+ push(@dirs,$veto_sharedir);
+
my $ip4 = Samba::get_ipv4_addr("FILESERVER");
my $fileserver_options = "
kernel change notify = yes
@@ -1722,6 +1725,19 @@ sub setup_fileserver
comment = smb username is [%U]
vfs objects =
+[veto_files_nodelete]
+ path = $veto_sharedir
+ read only = no
+ msdfs root = yes
+ veto files = /veto_name*/
+ delete veto files = no
+
+[veto_files_delete]
+ path = $veto_sharedir
+ msdfs root = yes
+ veto files = /veto_name*/
+ delete veto files = yes
+
[homes]
comment = Home directories
browseable = No
diff --git a/source3/script/tests/test_veto_rmdir.sh b/source3/script/tests/test_veto_rmdir.sh
new file mode 100755
index 00000000000..d3df8f1bba0
--- /dev/null
+++ b/source3/script/tests/test_veto_rmdir.sh
@@ -0,0 +1,217 @@
+#!/bin/sh
+#
+# Check smbclient can (or cannot) delete a directory containing veto files.
+# BUG: https://bugzilla.samba.org/show_bug.cgi?id=14878
+#
+
+if [ $# -lt 6 ]; then
+cat <<EOF
+Usage: $0 SERVER SERVER_IP USERNAME PASSWORD SHAREPATH SMBCLIENT
+EOF
+exit 1;
+fi
+
+SERVER=${1}
+SERVER_IP=${2}
+USERNAME=${3}
+PASSWORD=${4}
+SHAREPATH=${5}
+SMBCLIENT=${6}
+shift 6
+SMBCLIENT="$VALGRIND ${SMBCLIENT}"
+ADDARGS="$@"
+
+incdir=$(dirname "$0")/../../../testprogs/blackbox
+. "$incdir"/subunit.sh
+
+failed=0
+
+rmdir_path="$SHAREPATH/dir"
+
+test_veto_nodelete_rmdir()
+{
+ local veto_path="$rmdir_path/veto_name1"
+ local msdfs_link_path="$rmdir_path/dfs_link"
+ local tmpfile=$PREFIX/smbclient.in.$$
+
+ # Create rmdir directory.
+ mkdir -p "$rmdir_path"
+ # Create veto file underneath.
+ touch "$veto_path"
+ # Create msdfs link underneath.
+ ln -s "msdfs:$SERVER_IP\\ro-tmp" "$msdfs_link_path"
+
+ cat > "$tmpfile" <<EOF
+cd dir
+ls
+quit
+EOF
+
+ local cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT //$SERVER/veto_files_nodelete -U$USERNAME%$PASSWORD $ADDARGS < $tmpfile 2>&1'
+ eval echo "$cmd"
+ out=$(eval "$cmd")
+ ret=$?
+
+ # Check for smbclient error.
+ if [ $ret != 0 ] ; then
+ echo "Failed accessing share veto_files_nodelete - $ret"
+ echo "$out"
+ return 1
+ fi
+
+ # We should only see the dfs_link file.
+ echo "$out" | grep dfs_link
+ ret=$?
+ if [ $ret -ne 0 ] ; then
+ echo "Failed to see dfs_link in share veto_files_nodelete"
+ echo "$out"
+ return 1
+ fi
+
+ # Now remove the dfs_link file.
+ rm -rf "$msdfs_link_path"
+
+ # Try and remove the directory, should fail with NT_STATUS_DIRECTORY_NOT_EMPTY.
+ cat > "$tmpfile" <<EOF
+rd dir
+quit
+EOF
+
+ local cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT //$SERVER/veto_files_nodelete -U$USERNAME%$PASSWORD $ADDARGS < $tmpfile 2>&1'
+ eval echo "$cmd"
+ out=$(eval "$cmd")
+ ret=$?
+
+ # Check for smbclient error.
+ if [ $ret != 0 ] ; then
+ echo "Failed accessing share veto_files_nodelete - $ret"
+ echo "$out"
+ return 1
+ fi
+
+ # We should get NT_STATUS_DIRECTORY_NOT_EMPTY.
+ echo "$out" | grep NT_STATUS_DIRECTORY_NOT_EMPTY
+ ret=$?
+ if [ $ret -ne 0 ] ; then
+ echo "Failed to get error NT_STATUS_DIRECTORY_NOT_EMPTY in share veto_files_nodelete"
+ echo "$out"
+ return 1
+ fi
+
+ # remove the veto file - directory should now be empty.
+ rm -rf "$veto_path"
+
+ # Try and remove the directory, should now succeed.
+ cat > "$tmpfile" <<EOF
+rd dir
+quit
+EOF
+
+ local cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT //$SERVER/veto_files_nodelete -U$USERNAME%$PASSWORD $ADDARGS < $tmpfile 2>&1'
+ eval echo "$cmd"
+ out=$(eval "$cmd")
+ ret=$?
+
+ # Check for smbclient error.
+ if [ $ret != 0 ] ; then
+ echo "Failed accessing share veto_files_nodelete - $ret"
+ echo "$out"
+ return 1
+ fi
+
+ # We should get no NT_STATUS_ errors.
+ echo "$out" | grep NT_STATUS_
+ ret=$?
+ if [ $ret -eq 0 ] ; then
+ echo "Got error NT_STATUS_ in share veto_files_nodelete"
+ echo "$out"
+ return 1
+ fi
+
+ return 0
+}
+
+test_veto_delete_rmdir()
+{
+ local veto_path="$rmdir_path/veto_name1"
+ local msdfs_link_path="$rmdir_path/dfs_link"
+ local tmpfile=$PREFIX/smbclient.in.$$
+
+ # Create rmdir directory.
+ mkdir -p "$rmdir_path"
+ # Create veto file underneath.
+ touch "$veto_path"
+ # Create msdfs link underneath.
+ ln -s "msdfs:$SERVER_IP\\ro-tmp" "$msdfs_link_path"
+
+ cat > "$tmpfile" <<EOF
+cd dir
+ls
+quit
+EOF
+
+ local cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT //$SERVER/veto_files_delete -U$USERNAME%$PASSWORD $ADDARGS < $tmpfile 2>&1'
+ eval echo "$cmd"
+ out=$(eval "$cmd")
+ ret=$?
+
+ # Check for smbclient error.
+ if [ $ret != 0 ] ; then
+ echo "Failed accessing share veto_files_delete - $ret"
+ echo "$out"
+ return 1
+ fi
+
+ # We should only see the dfs_link file.
+ echo "$out" | grep dfs_link
+ ret=$?
+ if [ $ret -ne 0 ] ; then
+ echo "Failed to see dfs_link in share veto_files_delete"
+ echo "$out"
+ return 1
+ fi
+
+ # Now remove the dfs_link file.
+ rm -rf "$msdfs_link_path"
+
+ # Try and remove the directory, should now succeed.
+ cat > "$tmpfile" <<EOF
+rd dir
+quit
+EOF
+
+ local cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT //$SERVER/veto_files_delete -U$USERNAME%$PASSWORD $ADDARGS < $tmpfile 2>&1'
+ eval echo "$cmd"
+ out=$(eval "$cmd")
+ ret=$?
+
+ # Check for smbclient error.
+ if [ $ret != 0 ] ; then
+ echo "Failed accessing share veto_files_delete - $ret"
+ echo "$out"
+ return 1
+ fi
+
+ # We should get no NT_STATUS_ errors.
+ echo "$out" | grep NT_STATUS_
+ ret=$?
+ if [ $ret -eq 0 ] ; then
+ echo "Got error NT_STATUS_ in share veto_files_delete"
+ echo "$out"
+ return 1
+ fi
+
+ return 0
+}
+
+testit "rmdir cannot delete directory containing a veto file" \
+ test_veto_nodelete_rmdir || failed=$(expr "$failed" + 1)
+
+rm -rf "$rmdir_path"
+
+testit "rmdir can delete directory containing a veto file" \
+ test_veto_delete_rmdir || failed=$(expr "$failed" + 1)
+
+rm -rf "$rmdir_path"
+
+exit "$failed"
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index d8f0db69b8c..24c8e0a1960 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -539,6 +539,9 @@ for env in ["fileserver"]:
plantestsuite("samba3.blackbox.smbclient_iconv.CORE", env + "_smb1_done",
[os.path.join(samba3srcdir, "script/tests/test_smbclient_iconv.sh"),
'$SERVER', '$SERVER_IP', 'bad_iconv', '$USERNAME', '$PASSWORD', smbclient3, '-mCORE'])
+ plantestsuite("samba3.blackbox.test_veto_rmdir", env,
+ [os.path.join(samba3srcdir, "script/tests/test_veto_rmdir.sh"),
+ '$SERVER', '$SERVER_IP', '$USERNAME', '$PASSWORD', '$LOCAL_PATH/veto', smbclient3])
#
# tar command tests
--
2.30.2
From d2d8a5b8df68a8adc0d7deb27f14f63e0ec7ae85 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Thu, 21 Oct 2021 16:18:24 -0700
Subject: [PATCH 2/2] s3: smbd: Fix recursive directory delete of a directory
containing veto file and msdfs links.
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14878
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 73de1194c3c429ab93d722a852aa4f54213b112a)
---
selftest/knownfail.d/veto_rmdir | 1 -
source3/smbd/close.c | 2 +-
2 files changed, 1 insertion(+), 2 deletions(-)
delete mode 100644 selftest/knownfail.d/veto_rmdir
diff --git a/selftest/knownfail.d/veto_rmdir b/selftest/knownfail.d/veto_rmdir
deleted file mode 100644
index ecced55d794..00000000000
--- a/selftest/knownfail.d/veto_rmdir
+++ /dev/null
@@ -1 +0,0 @@
-^samba3.blackbox.test_veto_rmdir.rmdir can delete directory containing a veto file\(fileserver\)
diff --git a/source3/smbd/close.c b/source3/smbd/close.c
index 191626557dc..470ca7f1b6d 100644
--- a/source3/smbd/close.c
+++ b/source3/smbd/close.c
@@ -1267,7 +1267,7 @@ static NTSTATUS rmdir_internals(TALLOC_CTX *ctx, struct files_struct *fsp)
/* Retry the rmdir */
ret = SMB_VFS_UNLINKAT(conn,
- dirfsp,
+ parent_fname->fsp,
at_fname,
AT_REMOVEDIR);
--
2.30.2

41
SOURCES/samba-4.15-fix-winbind-no-trusted-domain.patch Normal file
View File

@ -0,0 +1,41 @@
From 2edaf32b4204b9fe363c441c25b6989fe76911a4 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Tue, 9 Nov 2021 20:50:20 +0100
Subject: [PATCH] s3:winbindd: fix "allow trusted domains = no" regression
add_trusted_domain() should only reject domains
based on is_allowed_domain(), which now also
checks "allow trusted domains = no", if we don't
have an explicit trust to the domain (SEC_CHAN_NULL).
We use at least SEC_CHAN_LOCAL for local domains like
BUILTIN.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14899
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Nov 10 11:21:31 UTC 2021 on sn-devel-184
(cherry picked from commit a7f6c60cb037b4bc9eee276236539b8282213935)
---
source3/winbindd/winbindd_util.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c
index 42ddbfd2f44..9d54e462c42 100644
--- a/source3/winbindd/winbindd_util.c
+++ b/source3/winbindd/winbindd_util.c
@@ -134,7 +134,7 @@ static NTSTATUS add_trusted_domain(const char *domain_name,
return NT_STATUS_INVALID_PARAMETER;
}
- if (!is_allowed_domain(domain_name)) {
+ if (secure_channel_type == SEC_CHAN_NULL && !is_allowed_domain(domain_name)) {
return NT_STATUS_NO_SUCH_DOMAIN;
}
--
2.33.1

45
SOURCES/samba-4.15-ipa-dc-schannel.patch Normal file
View File

@ -0,0 +1,45 @@
From 3fc4d1d3998f3956a84c855cb60a9dcb335e1f59 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <ab@samba.org>
Date: Fri, 12 Nov 2021 19:06:01 +0200
Subject: [PATCH] IPA DC: add missing checks
When introducing FreeIPA support, two places were forgotten:
- schannel gensec module needs to be aware of IPA DC
- _lsa_QueryInfoPolicy should treat IPA DC as PDC
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14903
Signed-off-by: Alexander Bokovoy <ab@samba.org>
---
auth/gensec/schannel.c | 1 +
source3/rpc_server/lsa/srv_lsa_nt.c | 1 +
2 files changed, 2 insertions(+)
diff --git a/auth/gensec/schannel.c b/auth/gensec/schannel.c
index 0cdae141ead..6ebbe8f3179 100644
--- a/auth/gensec/schannel.c
+++ b/auth/gensec/schannel.c
@@ -1080,6 +1080,7 @@ static NTSTATUS schannel_server_start(struct gensec_security *gensec_security)
case ROLE_DOMAIN_BDC:
case ROLE_DOMAIN_PDC:
case ROLE_ACTIVE_DIRECTORY_DC:
+ case ROLE_IPA_DC:
return NT_STATUS_OK;
default:
return NT_STATUS_NOT_IMPLEMENTED;
diff --git a/source3/rpc_server/lsa/srv_lsa_nt.c b/source3/rpc_server/lsa/srv_lsa_nt.c
index 8d71b5252ab..ea92a22cbc9 100644
--- a/source3/rpc_server/lsa/srv_lsa_nt.c
+++ b/source3/rpc_server/lsa/srv_lsa_nt.c
@@ -683,6 +683,7 @@ NTSTATUS _lsa_QueryInfoPolicy(struct pipes_struct *p,
switch (lp_server_role()) {
case ROLE_DOMAIN_PDC:
case ROLE_DOMAIN_BDC:
+ case ROLE_IPA_DC:
name = get_global_sam_name();
sid = dom_sid_dup(p->mem_ctx, get_global_sam_sid());
if (!sid) {
--
2.33.1

981
SOURCES/samba-4.15-logfile.patch Normal file
View File

@ -0,0 +1,981 @@
From 96d6bd4feb27b9b003aac44ef2ab7ef0a288272d Mon Sep 17 00:00:00 2001
From: Ralph Boehme <slow@samba.org>
Date: Wed, 10 Nov 2021 20:18:07 +0100
Subject: [PATCH 1/8] source3: move lib/substitute.c functions out of proto.h
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14897
Signed-off-by: Ralph Boehme <slow@samba.org>
---
source3/auth/auth_generic.c | 1 +
source3/auth/auth_ntlmssp.c | 1 +
source3/auth/auth_util.c | 1 +
source3/include/proto.h | 33 -----------
source3/lib/substitute.c | 1 +
source3/lib/substitute.h | 63 +++++++++++++++++++++
source3/modules/vfs_expand_msdfs.c | 1 +
source3/modules/vfs_full_audit.c | 1 +
source3/modules/vfs_recycle.c | 1 +
source3/modules/vfs_unityed_media.c | 1 +
source3/modules/vfs_virusfilter_utils.c | 1 +
source3/nmbd/nmbd.c | 1 +
source3/nmbd/nmbd_synclists.c | 1 +
source3/param/loadparm.c | 1 +
source3/passdb/passdb.c | 1 +
source3/passdb/pdb_ldap.c | 1 +
source3/printing/print_generic.c | 1 +
source3/printing/printing.c | 1 +
source3/rpc_server/lsa/srv_lsa_nt.c | 1 +
source3/rpc_server/netlogon/srv_netlog_nt.c | 1 +
source3/rpc_server/srvsvc/srv_srvsvc_nt.c | 1 +
source3/smbd/ipc.c | 1 +
source3/smbd/lanman.c | 1 +
source3/smbd/message.c | 1 +
source3/smbd/msdfs.c | 1 +
source3/smbd/process.c | 1 +
source3/smbd/reply.c | 1 +
source3/smbd/server.c | 1 +
source3/smbd/service.c | 1 +
source3/smbd/sesssetup.c | 1 +
source3/smbd/share_access.c | 1 +
source3/smbd/smb2_server.c | 1 +
source3/smbd/smb2_sesssetup.c | 1 +
source3/smbd/trans2.c | 1 +
source3/smbd/uid.c | 1 +
source3/torture/torture.c | 1 +
source3/utils/net_sam.c | 1 +
source3/winbindd/wb_getpwsid.c | 1 +
source3/winbindd/winbindd.c | 1 +
39 files changed, 100 insertions(+), 33 deletions(-)
create mode 100644 source3/lib/substitute.h
diff --git a/source3/auth/auth_generic.c b/source3/auth/auth_generic.c
index fc7a7549e8e..ff51307e43a 100644
--- a/source3/auth/auth_generic.c
+++ b/source3/auth/auth_generic.c
@@ -36,6 +36,7 @@
#include "auth/credentials/credentials.h"
#include "lib/param/loadparm.h"
#include "librpc/gen_ndr/dcerpc.h"
+#include "source3/lib/substitute.h"
static NTSTATUS auth3_generate_session_info_pac(struct auth4_context *auth_ctx,
TALLOC_CTX *mem_ctx,
diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c
index 676aa9d892c..f2deca09aa6 100644
--- a/source3/auth/auth_ntlmssp.c
+++ b/source3/auth/auth_ntlmssp.c
@@ -25,6 +25,7 @@
#include "auth.h"
#include "libcli/security/security.h"
#include "lib/util/tevent_ntstatus.h"
+#include "source3/lib/substitute.h"
NTSTATUS auth3_generate_session_info(struct auth4_context *auth_context,
TALLOC_CTX *mem_ctx,
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index dec854d85c3..4527dedc49d 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -38,6 +38,7 @@
#include "rpc_client/util_netlogon.h"
#include "source4/auth/auth.h"
#include "auth/auth_util.h"
+#include "source3/lib/substitute.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_AUTH
diff --git a/source3/include/proto.h b/source3/include/proto.h
index eb45179aebb..a96c2c8d110 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -139,39 +139,6 @@ int smbrun_no_sanitize(const char *cmd, int *outfd, char * const *env);
int smbrun(const char *cmd, int *outfd, char * const *env);
int smbrunsecret(const char *cmd, const char *secret);
-/* The following definitions come from lib/substitute.c */
-
-bool set_local_machine_name(const char *local_name, bool perm);
-const char *get_local_machine_name(void);
-bool set_remote_machine_name(const char *remote_name, bool perm);
-const char *get_remote_machine_name(void);
-void sub_set_smb_name(const char *name);
-void set_current_user_info(const char *smb_name, const char *unix_name,
- const char *domain);
-void sub_set_socket_ids(const char *peeraddr, const char *peername,
- const char *sockaddr);
-const char *get_current_username(void);
-void standard_sub_basic(const char *smb_name, const char *domain_name,
- char *str, size_t len);
-char *talloc_sub_basic(TALLOC_CTX *mem_ctx, const char *smb_name,
- const char *domain_name, const char *str);
-char *talloc_sub_specified(TALLOC_CTX *mem_ctx,
- const char *input_string,
- const char *username,
- const char *grpname,
- const char *domain,
- uid_t uid,
- gid_t gid);
-char *talloc_sub_advanced(TALLOC_CTX *mem_ctx,
- const char *servicename, const char *user,
- const char *connectpath, gid_t gid,
- const char *str);
-char *talloc_sub_full(TALLOC_CTX *mem_ctx,
- const char *servicename, const char *user,
- const char *connectpath, gid_t gid,
- const char *smb_name, const char *domain_name,
- const char *str);
-
/* The following definitions come from lib/sysquotas.c */
int sys_get_quota(const char *path, enum SMB_QUOTA_TYPE qtype, unid_t id, SMB_DISK_QUOTA *dp);
diff --git a/source3/lib/substitute.c b/source3/lib/substitute.c
index b98a0acf1cb..a941b89f82a 100644
--- a/source3/lib/substitute.c
+++ b/source3/lib/substitute.c
@@ -20,6 +20,7 @@
#include "includes.h"
+#include "substitute.h"
#include "system/passwd.h"
#include "secrets.h"
#include "auth.h"
diff --git a/source3/lib/substitute.h b/source3/lib/substitute.h
new file mode 100644
index 00000000000..2056d163dd7
--- /dev/null
+++ b/source3/lib/substitute.h
@@ -0,0 +1,63 @@
+/*
+ Unix SMB/CIFS implementation.
+ string substitution functions
+ Copyright (C) Andrew Tridgell 1992-2000
+ Copyright (C) Gerald Carter 2006
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef SUBSTITUTE_H
+#define SUBSTITUTE_H
+
+bool set_local_machine_name(const char *local_name, bool perm);
+const char *get_local_machine_name(void);
+bool set_remote_machine_name(const char *remote_name, bool perm);
+const char *get_remote_machine_name(void);
+void sub_set_socket_ids(const char *peeraddr, const char *peername,
+ const char *sockaddr);
+void set_current_user_info(const char *smb_name,
+ const char *unix_name,
+ const char *domain);
+const char *get_current_username(void);
+void standard_sub_basic(const char *smb_name,
+ const char *domain_name,
+ char *str,
+ size_t len);
+char *talloc_sub_basic(TALLOC_CTX *mem_ctx,
+ const char *smb_name,
+ const char *domain_name,
+ const char *str);
+char *talloc_sub_specified(TALLOC_CTX *mem_ctx,
+ const char *input_string,
+ const char *username,
+ const char *grpname,
+ const char *domain,
+ uid_t uid,
+ gid_t gid);
+char *talloc_sub_advanced(TALLOC_CTX *ctx,
+ const char *servicename,
+ const char *user,
+ const char *connectpath,
+ gid_t gid,
+ const char *str);
+char *talloc_sub_full(TALLOC_CTX *ctx,
+ const char *servicename,
+ const char *user,
+ const char *connectpath,
+ gid_t gid,
+ const char *smb_name,
+ const char *domain_name,
+ const char *str);
+#endif
diff --git a/source3/modules/vfs_expand_msdfs.c b/source3/modules/vfs_expand_msdfs.c
index 34e7051dca5..fe3c6f47462 100644
--- a/source3/modules/vfs_expand_msdfs.c
+++ b/source3/modules/vfs_expand_msdfs.c
@@ -25,6 +25,7 @@
#include "auth.h"
#include "../lib/tsocket/tsocket.h"
#include "msdfs.h"
+#include "source3/lib/substitute.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_VFS
diff --git a/source3/modules/vfs_full_audit.c b/source3/modules/vfs_full_audit.c
index ceda99d4568..c8dbc8c07bb 100644
--- a/source3/modules/vfs_full_audit.c
+++ b/source3/modules/vfs_full_audit.c
@@ -73,6 +73,7 @@
#include "passdb/machine_sid.h"
#include "lib/util/tevent_ntstatus.h"
#include "lib/util/string_wrappers.h"
+#include "source3/lib/substitute.h"
static int vfs_full_audit_debug_level = DBGC_VFS;
diff --git a/source3/modules/vfs_recycle.c b/source3/modules/vfs_recycle.c
index 1c18f232c32..7cbc938a57c 100644
--- a/source3/modules/vfs_recycle.c
+++ b/source3/modules/vfs_recycle.c
@@ -27,6 +27,7 @@
#include "system/filesys.h"
#include "../librpc/gen_ndr/ndr_netlogon.h"
#include "auth.h"
+#include "source3/lib/substitute.h"
#define ALLOC_CHECK(ptr, label) do { if ((ptr) == NULL) { DEBUG(0, ("recycle.bin: out of memory!\n")); errno = ENOMEM; goto label; } } while(0)
diff --git a/source3/modules/vfs_unityed_media.c b/source3/modules/vfs_unityed_media.c
index 62a1456b996..fbd4d968172 100644
--- a/source3/modules/vfs_unityed_media.c
+++ b/source3/modules/vfs_unityed_media.c
@@ -62,6 +62,7 @@
#include "../lib/tsocket/tsocket.h"
#include "lib/util/smb_strtox.h"
#include <libgen.h>
+#include "source3/lib/substitute.h"
#define UM_PARAM_TYPE_NAME "unityed_media"
diff --git a/source3/modules/vfs_virusfilter_utils.c b/source3/modules/vfs_virusfilter_utils.c
index c7f8089ffc7..b8b44eb203b 100644
--- a/source3/modules/vfs_virusfilter_utils.c
+++ b/source3/modules/vfs_virusfilter_utils.c
@@ -25,6 +25,7 @@ struct iovec;
#include "lib/util/iov_buf.h"
#include <tevent.h>
#include "lib/tsocket/tsocket.h"
+#include "source3/lib/substitute.h"
int virusfilter_debug_class = DBGC_VFS;
diff --git a/source3/nmbd/nmbd.c b/source3/nmbd/nmbd.c
index 44121e9915c..7470897587e 100644
--- a/source3/nmbd/nmbd.c
+++ b/source3/nmbd/nmbd.c
@@ -29,6 +29,7 @@
#include "util_cluster.h"
#include "lib/gencache.h"
#include "lib/global_contexts.h"
+#include "source3/lib/substitute.h"
int ClientNMB = -1;
int ClientDGRAM = -1;
diff --git a/source3/nmbd/nmbd_synclists.c b/source3/nmbd/nmbd_synclists.c
index a65cbb87e0e..d291927fbc8 100644
--- a/source3/nmbd/nmbd_synclists.c
+++ b/source3/nmbd/nmbd_synclists.c
@@ -33,6 +33,7 @@
#include "libsmb/clirap.h"
#include "../libcli/smb/smbXcli_base.h"
#include "lib/util/string_wrappers.h"
+#include "source3/lib/substitute.h"
struct sync_record {
struct sync_record *next, *prev;
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index f54c08cc4a5..b56fd20e410 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -76,6 +76,7 @@
#include "lib/crypto/gnutls_helpers.h"
#include "lib/util/string_wrappers.h"
#include "auth/credentials/credentials.h"
+#include "source3/lib/substitute.h"
#ifdef HAVE_SYS_SYSCTL_H
#include <sys/sysctl.h>
diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index 068c5a5ea70..863f260ea90 100644
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -33,6 +33,7 @@
#include "auth/credentials/credentials.h"
#include "lib/param/param.h"
#include "lib/util/string_wrappers.h"
+#include "source3/lib/substitute.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_PASSDB
diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index e6d8a84c60f..93da28b1941 100644
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -56,6 +56,7 @@
#include "lib/util_sid_passdb.h"
#include "lib/util/smb_strtox.h"
#include "lib/util/string_wrappers.h"
+#include "source3/lib/substitute.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_PASSDB
diff --git a/source3/printing/print_generic.c b/source3/printing/print_generic.c
index 743c311bbd5..8798a4cf34a 100644
--- a/source3/printing/print_generic.c
+++ b/source3/printing/print_generic.c
@@ -20,6 +20,7 @@
#include "includes.h"
#include "printing.h"
#include "smbd/proto.h"
+#include "source3/lib/substitute.h"
extern userdom_struct current_user_info;
diff --git a/source3/printing/printing.c b/source3/printing/printing.c
index 499334df03f..67d798fbb21 100644
--- a/source3/printing/printing.c
+++ b/source3/printing/printing.c
@@ -40,6 +40,7 @@
#include "lib/util/string_wrappers.h"
#include "lib/global_contexts.h"
#include "source3/printing/rap_jobid.h"
+#include "source3/lib/substitute.h"
extern userdom_struct current_user_info;
diff --git a/source3/rpc_server/lsa/srv_lsa_nt.c b/source3/rpc_server/lsa/srv_lsa_nt.c
index d6d606ddeca..57f981cb358 100644
--- a/source3/rpc_server/lsa/srv_lsa_nt.c
+++ b/source3/rpc_server/lsa/srv_lsa_nt.c
@@ -53,6 +53,7 @@
#include "librpc/rpc/dcesrv_core.h"
#include "librpc/rpc/dcerpc_helper.h"
#include "lib/param/loadparm.h"
+#include "source3/lib/substitute.h"
#include "lib/crypto/gnutls_helpers.h"
#include <gnutls/gnutls.h>
diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c
index eaacd8dbc6a..2906fa3f30f 100644
--- a/source3/rpc_server/netlogon/srv_netlog_nt.c
+++ b/source3/rpc_server/netlogon/srv_netlog_nt.c
@@ -49,6 +49,7 @@
#include "lib/param/param.h"
#include "libsmb/dsgetdcname.h"
#include "lib/util/util_str_escape.h"
+#include "source3/lib/substitute.h"
extern userdom_struct current_user_info;
diff --git a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
index 8576e9d2ce2..fc27a459634 100644
--- a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
+++ b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
@@ -42,6 +42,7 @@
#include "messages.h"
#include "serverid.h"
#include "lib/global_contexts.h"
+#include "source3/lib/substitute.h"
extern const struct generic_mapping file_generic_mapping;
diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c
index f1c8ea0c2ed..cf3b7c91c22 100644
--- a/source3/smbd/ipc.c
+++ b/source3/smbd/ipc.c
@@ -29,6 +29,7 @@
#include "smbd/globals.h"
#include "smbprofile.h"
#include "rpc_server/srv_pipe_hnd.h"
+#include "source3/lib/substitute.h"
#define NERR_notsupported 50
diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c
index 9194113e768..eb8148753b9 100644
--- a/source3/smbd/lanman.c
+++ b/source3/smbd/lanman.c
@@ -45,6 +45,7 @@
#include "rpc_server/rpc_ncacn_np.h"
#include "lib/util/string_wrappers.h"
#include "source3/printing/rap_jobid.h"
+#include "source3/lib/substitute.h"
#ifdef CHECK_TYPES
#undef CHECK_TYPES
diff --git a/source3/smbd/message.c b/source3/smbd/message.c
index b9728946889..7185bec1289 100644
--- a/source3/smbd/message.c
+++ b/source3/smbd/message.c
@@ -27,6 +27,7 @@
#include "smbd/smbd.h"
#include "smbd/globals.h"
#include "smbprofile.h"
+#include "source3/lib/substitute.h"
extern userdom_struct current_user_info;
diff --git a/source3/smbd/msdfs.c b/source3/smbd/msdfs.c
index 995ed815d90..fd002e98071 100644
--- a/source3/smbd/msdfs.c
+++ b/source3/smbd/msdfs.c
@@ -34,6 +34,7 @@
#include "librpc/gen_ndr/ndr_dfsblobs.h"
#include "lib/tsocket/tsocket.h"
#include "lib/global_contexts.h"
+#include "source3/lib/substitute.h"
/**********************************************************************
Parse a DFS pathname of the form \hostname\service\reqpath
diff --git a/source3/smbd/process.c b/source3/smbd/process.c
index 03409742752..5015c143a04 100644
--- a/source3/smbd/process.c
+++ b/source3/smbd/process.c
@@ -46,6 +46,7 @@
#include "libcli/smb/smbXcli_base.h"
#include "lib/util/time_basic.h"
#include "smb1_utils.h"
+#include "source3/lib/substitute.h"
/* Internal message queue for deferred opens. */
struct pending_message_list {
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index 042e7f2329e..f85d1122a07 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -50,6 +50,7 @@
#include "libcli/smb/smb2_posix.h"
#include "lib/util/string_wrappers.h"
#include "source3/printing/rap_jobid.h"
+#include "source3/lib/substitute.h"
/****************************************************************************
Ensure we check the path in *exactly* the same way as W2K for a findfirst/findnext
diff --git a/source3/smbd/server.c b/source3/smbd/server.c
index d7f5b4b73c0..d02ff1bd883 100644
--- a/source3/smbd/server.c
+++ b/source3/smbd/server.c
@@ -60,6 +60,7 @@
#include "rpc_server/fssd.h"
#include "rpc_server/mdssd.h"
#include "lib/global_contexts.h"
+#include "source3/lib/substitute.h"
#ifdef CLUSTER_SUPPORT
#include "ctdb_protocol.h"
diff --git a/source3/smbd/service.c b/source3/smbd/service.c
index afdea38b016..ef7c14d92d0 100644
--- a/source3/smbd/service.c
+++ b/source3/smbd/service.c
@@ -34,6 +34,7 @@
#include "lib/afs/afs_funcs.h"
#include "lib/util_path.h"
#include "lib/util/string_wrappers.h"
+#include "source3/lib/substitute.h"
bool canonicalize_connect_path(connection_struct *conn)
{
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index 2bd527ce80e..1705b8920b6 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -34,6 +34,7 @@
#include "auth/gensec/gensec.h"
#include "../libcli/smb/smb_signing.h"
#include "lib/util/string_wrappers.h"
+#include "source3/lib/substitute.h"
/****************************************************************************
Add the standard 'Samba' signature to the end of the session setup.
diff --git a/source3/smbd/share_access.c b/source3/smbd/share_access.c
index debe4fc6385..c44c4bd8c69 100644
--- a/source3/smbd/share_access.c
+++ b/source3/smbd/share_access.c
@@ -23,6 +23,7 @@
#include "../libcli/security/security.h"
#include "passdb/lookup_sid.h"
#include "auth.h"
+#include "source3/lib/substitute.h"
/*
* We dropped NIS support in 2021, but need to keep configs working.
diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c
index f359db0729d..f6b376e5a07 100644
--- a/source3/smbd/smb2_server.c
+++ b/source3/smbd/smb2_server.c
@@ -33,6 +33,7 @@
#include "lib/util/iov_buf.h"
#include "auth.h"
#include "libcli/smb/smbXcli_base.h"
+#include "source3/lib/substitute.h"
#if defined(LINUX)
/* SIOCOUTQ TIOCOUTQ are the same */
diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index 38049e8535f..14b806bc007 100644
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -28,6 +28,7 @@
#include "../lib/tsocket/tsocket.h"
#include "../libcli/security/security.h"
#include "../lib/util/tevent_ntstatus.h"
+#include "source3/lib/substitute.h"
#include "lib/crypto/gnutls_helpers.h"
#include <gnutls/gnutls.h>
diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index cd6b61429c5..a86ac3228e3 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -45,6 +45,7 @@
#include "smb1_utils.h"
#include "libcli/smb/smb2_posix.h"
#include "lib/util/string_wrappers.h"
+#include "source3/lib/substitute.h"
#define DIR_ENTRY_SAFETY_MARGIN 4096
diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c
index b0d7f21c200..52918c4f181 100644
--- a/source3/smbd/uid.c
+++ b/source3/smbd/uid.c
@@ -26,6 +26,7 @@
#include "passdb/lookup_sid.h"
#include "auth.h"
#include "../auth/auth_util.h"
+#include "source3/lib/substitute.h"
/* what user is current? */
extern struct current_user current_user;
diff --git a/source3/torture/torture.c b/source3/torture/torture.c
index 79a9c65073c..d3e0e3cf095 100644
--- a/source3/torture/torture.c
+++ b/source3/torture/torture.c
@@ -51,6 +51,7 @@
#include "lib/param/param.h"
#include "auth/gensec/gensec.h"
#include "lib/util/string_wrappers.h"
+#include "source3/lib/substitute.h"
#include <gnutls/gnutls.h>
#include <gnutls/crypto.h>
diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c
index 6a2c6c861f9..17cc47b2ddd 100644
--- a/source3/utils/net_sam.c
+++ b/source3/utils/net_sam.c
@@ -33,6 +33,7 @@
#include "idmap.h"
#include "lib/util/smb_strtox.h"
#include "lib/util/string_wrappers.h"
+#include "source3/lib/substitute.h"
/*
* Set a user's data
diff --git a/source3/winbindd/wb_getpwsid.c b/source3/winbindd/wb_getpwsid.c
index fb0351ec201..7f168bdda7a 100644
--- a/source3/winbindd/wb_getpwsid.c
+++ b/source3/winbindd/wb_getpwsid.c
@@ -22,6 +22,7 @@
#include "librpc/gen_ndr/ndr_winbind_c.h"
#include "../libcli/security/security.h"
#include "lib/util/string_wrappers.h"
+#include "source3/lib/substitute.h"
struct wb_getpwsid_state {
struct tevent_context *ev;
diff --git a/source3/winbindd/winbindd.c b/source3/winbindd/winbindd.c
index 25d8b723010..290454619a4 100644
--- a/source3/winbindd/winbindd.c
+++ b/source3/winbindd/winbindd.c
@@ -51,6 +51,7 @@
#include "lib/gencache.h"
#include "rpc_server/rpc_config.h"
#include "lib/global_contexts.h"
+#include "source3/lib/substitute.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_WINBIND
--
2.33.1
From 1184733a1628c1187a215956195ca806419db16d Mon Sep 17 00:00:00 2001
From: Ralph Boehme <slow@samba.org>
Date: Thu, 11 Nov 2021 05:23:09 +0100
Subject: [PATCH 2/8] samba-bgqd: fix startup and logging
Let samba-bgqd use the new POPT_COMMON_DAEMON infrastructure.
The calls to setup_logging() can safely be removed as this is already taken care
of by samba_cmdline_init().
To avoid a logfile basename of ".log" when using "%m", we add a call to
set_remote_machine_name().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14897
Signed-off-by: Ralph Boehme <slow@samba.org>
---
source3/printing/samba-bgqd.c | 35 ++++++++++-------------------------
1 file changed, 10 insertions(+), 25 deletions(-)
diff --git a/source3/printing/samba-bgqd.c b/source3/printing/samba-bgqd.c
index 8ac6ec525b2..2cd6a8e007a 100644
--- a/source3/printing/samba-bgqd.c
+++ b/source3/printing/samba-bgqd.c
@@ -40,6 +40,7 @@
#include "source3/lib/util_procid.h"
#include "source3/auth/proto.h"
#include "source3/printing/queue_process.h"
+#include "source3/lib/substitute.h"
static void watch_handler(struct tevent_req *req)
{
@@ -235,6 +236,7 @@ static int closeall_except_fd_params(
int main(int argc, const char *argv[])
{
+ struct samba_cmdline_daemon_cfg *cmdline_daemon_cfg = NULL;
const struct loadparm_substitution *lp_sub =
loadparm_s3_global_substitution();
const char *progname = getprogname();
@@ -245,8 +247,6 @@ int main(int argc, const char *argv[])
struct tevent_req *watch_req = NULL;
struct tevent_signal *sigterm_handler = NULL;
struct bq_state *bq = NULL;
- int foreground = 0;
- int no_process_group = 0;
int log_stdout = 0;
int ready_signal_fd = -1;
int watch_fd = -1;
@@ -259,21 +259,7 @@ int main(int argc, const char *argv[])
struct poptOption long_options[] = {
POPT_AUTOHELP
POPT_COMMON_SAMBA
- {
- .longName = "foreground",
- .shortName = 'F',
- .argInfo = POPT_ARG_NONE,
- .arg = &foreground,
- .descrip = "Run daemon in foreground "
- "(for daemontools, etc.)",
- },
- {
- .longName = "no-process-group",
- .shortName = '\0',
- .argInfo = POPT_ARG_NONE,
- .arg = &no_process_group,
- .descrip = "Don't create a new process group" ,
- },
+ POPT_COMMON_DAEMON
/*
* File descriptor to write the PID of the helper
@@ -311,6 +297,7 @@ int main(int argc, const char *argv[])
frame = talloc_stackframe();
umask(0);
+ set_remote_machine_name("smbd-bgqd", true);
ok = samba_cmdline_init(frame,
SAMBA_CMDLINE_CONFIG_SERVER,
@@ -320,6 +307,8 @@ int main(int argc, const char *argv[])
exit(ENOMEM);
}
+ cmdline_daemon_cfg = samba_cmdline_get_daemon_cfg();
+
pc = samba_popt_get_context(progname,
argc,
argv,
@@ -340,16 +329,12 @@ int main(int argc, const char *argv[])
log_stdout = (debug_get_log_type() == DEBUG_STDOUT);
- if (foreground) {
+ if (!cmdline_daemon_cfg->fork) {
daemon_status(progname, "Starting process ... ");
} else {
- become_daemon(true, no_process_group, log_stdout);
- }
-
- if (log_stdout) {
- setup_logging(progname, DEBUG_STDOUT);
- } else {
- setup_logging(progname, DEBUG_FILE);
+ become_daemon(true,
+ cmdline_daemon_cfg->no_process_group,
+ log_stdout);
}
BlockSignals(true, SIGPIPE);
--
2.33.1
From 1a0a1ccbe888332ea134b16bfac0d0d011bf1f4c Mon Sep 17 00:00:00 2001
From: Ralph Boehme <slow@samba.org>
Date: Wed, 10 Nov 2021 18:27:08 +0100
Subject: [PATCH 3/8] winbindd: remove is_default_dyn_LOGFILEBASE() logic
Handling of -l commandline parameter is already implemented by lib/cmdline/.
is_default_dyn_LOGFILEBASE() == true is the default case and this causes us to
temporarily overwrite the configured logfile with LOGFILEBASE/log.winbindd until
winbindd_reload_services_file() restores it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14897
Signed-off-by: Ralph Boehme <slow@samba.org>
---
source3/winbindd/winbindd.c | 9 ---------
1 file changed, 9 deletions(-)
diff --git a/source3/winbindd/winbindd.c b/source3/winbindd/winbindd.c
index 290454619a4..58c5ffbced4 100644
--- a/source3/winbindd/winbindd.c
+++ b/source3/winbindd/winbindd.c
@@ -1717,15 +1717,6 @@ int main(int argc, const char **argv)
poptFreeContext(pc);
- if (is_default_dyn_LOGFILEBASE()) {
- char *lfile = NULL;
- if (asprintf(&lfile,"%s/log.winbindd",
- get_dyn_LOGFILEBASE()) > 0) {
- lp_set_logfile(lfile);
- SAFE_FREE(lfile);
- }
- }
-
reopen_logs();
DEBUG(0,("winbindd version %s started.\n", samba_version_string()));
--
2.33.1
From bcbf9fb6669933cc3dcf1f615d2885c542a08035 Mon Sep 17 00:00:00 2001
From: Ralph Boehme <slow@samba.org>
Date: Wed, 10 Nov 2021 14:13:11 +0100
Subject: [PATCH 4/8] lib/debug: fix fd check before dup'ing to stderr
Before I added per-class logfile and we had only one fd for the logfile the code
looked like this:
/* Take over stderr to catch output into logs */
if (state.fd > 0) {
if (dup2(state.fd, 2) == -1) {
/* Close stderr too, if dup2 can't point it -
at the logfile. There really isn't much
that can be done on such a fundamental
failure... */
close_low_fd(2);
}
}
In the current code the equivalent to state.fd is dbgc_config[DBGC_ALL].fd.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14897
Signed-off-by: Ralph Boehme <slow@samba.org>
---
lib/util/debug.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/lib/util/debug.c b/lib/util/debug.c
index 4fd17679227..b271608621a 100644
--- a/lib/util/debug.c
+++ b/lib/util/debug.c
@@ -1125,7 +1125,6 @@ bool reopen_logs_internal(void)
{
struct debug_backend *b = NULL;
mode_t oldumask;
- int new_fd = 0;
size_t i;
bool ok;
@@ -1190,7 +1189,7 @@ bool reopen_logs_internal(void)
* If log file was opened or created successfully, take over stderr to
* catch output into logs.
*/
- if (new_fd != -1) {
+ if (dbgc_config[DBGC_ALL].fd > 0) {
if (dup2(dbgc_config[DBGC_ALL].fd, 2) == -1) {
/* Close stderr too, if dup2 can't point it -
at the logfile. There really isn't much
--
2.33.1
From 9f76bd48d87eb03c66dfe942b4a84e997a8fe8ba Mon Sep 17 00:00:00 2001
From: Ralph Boehme <slow@samba.org>
Date: Mon, 8 Nov 2021 19:41:50 +0100
Subject: [PATCH 5/8] lib/debug: in debug_set_logfile() call
reopen_logs_internal()
This simplifies the logging API for callers that typically would want to set
logging by just setup_logging() once without bothering that typically
configuration is loaded (via some lpcfg_load*() or lp_load*() varient) which
will only then pick up the configured logfile from smb.conf without actually
applying the new logifle to the logging subsytem.
Therefor our daemons will additionally call reopen_logs() explicitly in their
startup code after config is loaded, eg
setup_logging(getprogname(), DEBUG_FILE);
...
lpcfg_load(lp_ctx, config_file);
...
reopen_logs();
By calling reopen_logs_internal() implicitly from debug_set_logfile() there's no
need to call reopen_logs() explicitly anymore to apply the logfile.
As reopen_logs() will also apply other logging configuration options, we have to
keep the explicit calls in the daemon code. But at least this allows consistent
logging setup wrt to the logfile in the new cmdline library.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14897
Signed-off-by: Ralph Boehme <slow@samba.org>
---
lib/util/debug.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/lib/util/debug.c b/lib/util/debug.c
index b271608621a..171b5e15008 100644
--- a/lib/util/debug.c
+++ b/lib/util/debug.c
@@ -1018,6 +1018,8 @@ void debug_set_logfile(const char *name)
}
TALLOC_FREE(dbgc_config[DBGC_ALL].logfile);
dbgc_config[DBGC_ALL].logfile = talloc_strdup(NULL, name);
+
+ reopen_logs_internal();
}
static void debug_close_fd(int fd)
--
2.33.1
From b80911bc1a306cac479ee3feabdcea124946cdde Mon Sep 17 00:00:00 2001
From: Ralph Boehme <slow@samba.org>
Date: Mon, 8 Nov 2021 12:08:47 +0100
Subject: [PATCH 6/8] lib/cmdline: fix indentation
s/whitespace/tab/
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14897
Signed-off-by: Ralph Boehme <slow@samba.org>
---
lib/cmdline/cmdline_s3.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/cmdline/cmdline_s3.c b/lib/cmdline/cmdline_s3.c
index 1f8d9ed5eb5..639d403aed3 100644
--- a/lib/cmdline/cmdline_s3.c
+++ b/lib/cmdline/cmdline_s3.c
@@ -55,7 +55,7 @@ static bool _samba_cmdline_load_config_s3(void)
case SAMBA_CMDLINE_CONFIG_CLIENT:
ok = lp_load_client(config_file);
break;
- case SAMBA_CMDLINE_CONFIG_SERVER:
+ case SAMBA_CMDLINE_CONFIG_SERVER:
{
const struct samba_cmdline_daemon_cfg *cmdline_daemon_cfg =
samba_cmdline_get_daemon_cfg();
--
2.33.1
From a6b6b0b6e6dfcd2c8e2c2085d20cd16c51e3b379 Mon Sep 17 00:00:00 2001
From: Ralph Boehme <slow@samba.org>
Date: Mon, 8 Nov 2021 12:09:16 +0100
Subject: [PATCH 7/8] lib/cmdline: remember config_type in samba_cmdline_init()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14897
Signed-off-by: Ralph Boehme <slow@samba.org>
---
lib/cmdline/cmdline_s4.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/lib/cmdline/cmdline_s4.c b/lib/cmdline/cmdline_s4.c
index 61c1b96ba8d..6ef6f59db49 100644
--- a/lib/cmdline/cmdline_s4.c
+++ b/lib/cmdline/cmdline_s4.c
@@ -25,6 +25,7 @@
#include "cmdline_private.h"
static bool _require_smbconf;
+static enum samba_cmdline_config_type _config_type;
static bool _samba_cmdline_load_config_s4(void)
{
@@ -81,6 +82,7 @@ bool samba_cmdline_init(TALLOC_CTX *mem_ctx,
return false;
}
_require_smbconf = require_smbconf;
+ _config_type = config_type;
creds = cli_credentials_init(mem_ctx);
if (creds == NULL) {
--
2.33.1
From e1d6ab1b0dbd8ff30019edf804c4766b066db4b7 Mon Sep 17 00:00:00 2001
From: Ralph Boehme <slow@samba.org>
Date: Mon, 8 Nov 2021 12:09:43 +0100
Subject: [PATCH 8/8] lib/cmdline: setup default file logging for servers
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14897
RN: samba process doesn't log to logfile
Signed-off-by: Ralph Boehme <slow@samba.org>
---
lib/cmdline/cmdline_s4.c | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/lib/cmdline/cmdline_s4.c b/lib/cmdline/cmdline_s4.c
index 6ef6f59db49..29e9f34bbe2 100644
--- a/lib/cmdline/cmdline_s4.c
+++ b/lib/cmdline/cmdline_s4.c
@@ -44,6 +44,20 @@ static bool _samba_cmdline_load_config_s4(void)
}
}
+ switch (_config_type) {
+ case SAMBA_CMDLINE_CONFIG_SERVER: {
+ const struct samba_cmdline_daemon_cfg *cmdline_daemon_cfg =
+ samba_cmdline_get_daemon_cfg();
+
+ if (!cmdline_daemon_cfg->interactive) {
+ setup_logging(getprogname(), DEBUG_FILE);
+ }
+ break;
+ }
+ default:
+ break;
+ }
+
config_file = get_dyn_CONFIGFILE();
ok = lpcfg_load(lp_ctx, config_file);
if (!ok) {
--
2.33.1

61
SOURCES/samba-4.15.1-winexe.patch Normal file
View File

@ -0,0 +1,61 @@
From 3d02bf10d7738fe604b524863764de3ca1faa081 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
Date: Thu, 4 Nov 2021 22:22:44 +0100
Subject: [PATCH] s3-winexe: Fix winexe core dump (use-after-free)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14893
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Fri Nov 5 11:43:57 UTC 2021 on sn-devel-184
(cherry picked from commit e9495d2ed28a26899dc3dd77bdfe56e284980218)
---
examples/winexe/winexe.c | 16 ++++++++++++----
1 file changed, 12 insertions(+), 4 deletions(-)
diff --git a/examples/winexe/winexe.c b/examples/winexe/winexe.c
index 3e0813a4091..59fb9dbdebb 100644
--- a/examples/winexe/winexe.c
+++ b/examples/winexe/winexe.c
@@ -220,8 +220,6 @@ static void parse_args(int argc, const char *argv[],
*port_str = '\0';
}
- poptFreeContext(pc);
-
if (options->runas == NULL && options->runas_file != NULL) {
struct cli_credentials *runas_cred;
const char *user;
@@ -253,9 +251,19 @@ static void parse_args(int argc, const char *argv[],
options->credentials = samba_cmdline_get_creds();
- options->hostname = argv_new[0] + 2;
+ options->hostname = talloc_strdup(mem_ctx, argv_new[0] + 2);
+ if (options->hostname == NULL) {
+ DBG_ERR("Out of memory\n");
+ exit(1);
+ }
options->port = port;
- options->cmd = argv_new[1];
+ options->cmd = talloc_strdup(mem_ctx, argv_new[1]);
+ if (options->cmd == NULL) {
+ DBG_ERR("Out of memory\n");
+ exit(1);
+ }
+
+ poptFreeContext(pc);
options->flags = flag_interactive;
if (flag_reinstall) {
--
2.33.1

58
SOURCES/samba-4.15.2-smbclient_anonymous.patch Normal file
View File

@ -0,0 +1,58 @@
From 61fd63d70578043de9f3bff1c3267c499dbf50a0 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Wed, 10 Nov 2021 12:06:51 +0100
Subject: [PATCH] auth:creds: Guess the username first via getpwuid(my_id)
If we have a container, we often don't have USER or LOGNAME set.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14883
Tested-by: Anoop C S <anoopcs@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit c28be4067463e582e378df402f812e510883d606)
---
auth/credentials/credentials.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c
index 02a3cf3b354..c5a6ba6940c 100644
--- a/auth/credentials/credentials.c
+++ b/auth/credentials/credentials.c
@@ -30,6 +30,7 @@
#include "tevent.h"
#include "param/param.h"
#include "system/filesys.h"
+#include "system/passwd.h"
/**
* Create a new credentials structure
@@ -1159,6 +1160,7 @@ _PUBLIC_ bool cli_credentials_guess(struct cli_credentials *cred,
{
const char *error_string;
const char *env = NULL;
+ struct passwd *pwd = NULL;
bool ok;
if (lp_ctx != NULL) {
@@ -1168,6 +1170,17 @@ _PUBLIC_ bool cli_credentials_guess(struct cli_credentials *cred,
}
}
+ pwd = getpwuid(getuid());
+ if (pwd != NULL) {
+ size_t len = strlen(pwd->pw_name);
+
+ if (len > 0 && len <= 1024) {
+ (void)cli_credentials_parse_string(cred,
+ pwd->pw_name,
+ CRED_GUESS_ENV);
+ }
+ }
+
env = getenv("LOGNAME");
if (env != NULL) {
size_t len = strlen(env);
--
2.33.1

16
SOURCES/samba-4.15.2.tar.asc Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmGJC1MACgkQqplEL7aA
tiCwkhAAgHQFzw/TiURShe+AAw9eE168VXPICTBPNSRRiYH2FBbqG4qSHxG/SSAr
Fq8tMAoGhVuPC+Rjie7wMYoF9R7wd3X+KQ2GzLismbHS6Cn2C1EJ0cX/UJqP+Qpu
vitKHTpczNqEtWbYiMO2NKuLz1pyGl8/i/HErlVmSVFrHUnyLDXkZn1R1+R8b4hg
9Nj27L41ndAqyws24MCKoWNuhkwCN3QLf/n4/b22wZwJyNmiwvJlH5nK0RF4gY1T
Ne09HHNovcBvIgtJCp+ABcSKVQXGj2L47XDLBEXU4AeM+dzbRP0dBOCzs50ZbYQ1
8JMq7+r/MWSKuiDf1ofW6EYZPcxRsKcFGhpnP7rlMucxNRN358CqTaVW8qmhBRDV
9mglTBX6ie+Jj8fYP7Ak5rc+LYxolfTZmniH+dk7HH4QUdXjL/P3SpSwhwNmxtmc
JCWP4Tszw0tpRwoGRdt3A+I1/YRRCftSL5/Nm8q+ERyW77uVH+IkWdAsjuZUHyod
sT1+YQGoPrBRmESpugqqKQKQ9/CgVL1PZLjfKAgFP2a5/gwTr12rjXXn7uEMShjq
WDduBZRH6873IcVYkV/TVmqd+AfHk31d4B4Djzy7itGqF4XNCpWFlmLj4kApNY99
IXPfzua5Owjc8LIZssRSmPE0BLa1ElCfPvk6q2IJnpWZ04EdCjo=
=sYeb
-----END PGP SIGNATURE-----

30
SOURCES/samba-ctdb-etcd-reclock.patch Normal file
View File

@ -0,0 +1,30 @@
From 939aed0498269df3c1e012f3b68c314b583f25bd Mon Sep 17 00:00:00 2001
From: Martin Schwenke <martin@meltin.net>
Date: Tue, 27 Apr 2021 15:46:14 +1000
Subject: [PATCH] utils: Use Python 3
Due to the number of flake8 and pylint warnings it is unclear if the
source has Python 3 incompatibilities. These will be cleaned up in
subsequent commits.
Signed-off-by: "L.P.H. van Belle" <belle@bazuin.nl>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jose A. Rivera <jarrpa@samba.org>
---
ctdb/utils/etcd/ctdb_etcd_lock | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ctdb/utils/etcd/ctdb_etcd_lock b/ctdb/utils/etcd/ctdb_etcd_lock
index 000c6bb7208..7f5194eff0a 100755
--- a/ctdb/utils/etcd/ctdb_etcd_lock
+++ b/ctdb/utils/etcd/ctdb_etcd_lock
@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/env python3
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
--
2.31.1

697
SOURCES/samba-s4u.patch Normal file
View File

@ -0,0 +1,697 @@
From 0b196043f08ea4c025f19c4519175a3a73e1d185 Mon Sep 17 00:00:00 2001
From: Isaac Boukris <iboukris@gmail.com>
Date: Fri, 27 Sep 2019 18:25:03 +0300
Subject: [PATCH 1/3] mit-kdc: add basic loacl realm S4U support
Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
---
source4/kdc/mit-kdb/kdb_samba_policies.c | 124 +++++++++++------------
source4/kdc/mit_samba.c | 47 ++-------
source4/kdc/mit_samba.h | 6 +-
3 files changed, 71 insertions(+), 106 deletions(-)
diff --git a/source4/kdc/mit-kdb/kdb_samba_policies.c b/source4/kdc/mit-kdb/kdb_samba_policies.c
index f35210669c2..b1c7c5dcc5e 100644
--- a/source4/kdc/mit-kdb/kdb_samba_policies.c
+++ b/source4/kdc/mit-kdb/kdb_samba_policies.c
@@ -195,13 +195,17 @@ static krb5_error_code ks_verify_pac(krb5_context context,
krb5_keyblock *krbtgt_key,
krb5_timestamp authtime,
krb5_authdata **tgt_auth_data,
- krb5_pac *pac)
+ krb5_pac *out_pac)
{
struct mit_samba_context *mit_ctx;
krb5_authdata **authdata = NULL;
- krb5_pac ipac = NULL;
- DATA_BLOB logon_data = { NULL, 0 };
+ krb5_keyblock *header_server_key = NULL;
+ krb5_key_data *impersonator_kd = NULL;
+ krb5_keyblock impersonator_key = {0};
krb5_error_code code;
+ krb5_pac pac;
+
+ *out_pac = NULL;
mit_ctx = ks_get_context(context);
if (mit_ctx == NULL) {
@@ -233,41 +237,43 @@ static krb5_error_code ks_verify_pac(krb5_context context,
code = krb5_pac_parse(context,
authdata[0]->contents,
authdata[0]->length,
- &ipac);
+ &pac);
if (code != 0) {
goto done;
}
- /* TODO: verify this is correct
- *
- * In the constrained delegation case, the PAC is from a service
- * ticket rather than a TGT; we must verify the server and KDC
- * signatures to assert that the server did not forge the PAC.
+ /*
+ * For constrained delegation in MIT version < 1.18 we aren't provided
+ * with the 2nd ticket server key to verify the PAC.
+ * We can workaround that by fetching the key from the client db entry,
+ * which is the impersonator account in that version.
+ * TODO: use the provided entry in the new 1.18 version.
*/
if (flags & KRB5_KDB_FLAG_CONSTRAINED_DELEGATION) {
- code = krb5_pac_verify(context,
- ipac,
- authtime,
- client_princ,
- server_key,
- krbtgt_key);
+ /* The impersonator must be local. */
+ if (client == NULL) {
+ code = KRB5KDC_ERR_BADOPTION;
+ goto done;
+ }
+ /* Fetch and decrypt 2nd ticket server's current key. */
+ code = krb5_dbe_find_enctype(context, client, -1, -1, 0,
+ &impersonator_kd);
+ if (code != 0) {
+ goto done;
+ }
+ code = krb5_dbe_decrypt_key_data(context, NULL,
+ impersonator_kd,
+ &impersonator_key, NULL);
+ if (code != 0) {
+ goto done;
+ }
+ header_server_key = &impersonator_key;
} else {
- code = krb5_pac_verify(context,
- ipac,
- authtime,
- client_princ,
- krbtgt_key,
- NULL);
- }
- if (code != 0) {
- goto done;
+ header_server_key = krbtgt_key;
}
- /* check and update PAC */
- code = krb5_pac_parse(context,
- authdata[0]->contents,
- authdata[0]->length,
- pac);
+ code = krb5_pac_verify(context, pac, authtime, client_princ,
+ header_server_key, NULL);
if (code != 0) {
goto done;
}
@@ -275,17 +281,22 @@ static krb5_error_code ks_verify_pac(krb5_context context,
code = mit_samba_reget_pac(mit_ctx,
context,
flags,
- client_princ,
client,
server,
krbtgt,
krbtgt_key,
- pac);
+ &pac);
+ if (code != 0) {
+ goto done;
+ }
+
+ *out_pac = pac;
+ pac = NULL;
done:
+ krb5_free_keyblock_contents(context, &impersonator_key);
krb5_free_authdata(context, authdata);
- krb5_pac_free(context, ipac);
- free(logon_data.data);
+ krb5_pac_free(context, pac);
return code;
}
@@ -314,6 +325,7 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
krb5_authdata **pac_auth_data = NULL;
krb5_authdata **authdata = NULL;
krb5_boolean is_as_req;
+ krb5_const_principal pac_client;
krb5_error_code code;
krb5_pac pac = NULL;
krb5_data pac_data;
@@ -325,11 +337,6 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
krbtgt = krbtgt == NULL ? local_krbtgt : krbtgt;
krbtgt_key = krbtgt_key == NULL ? local_krbtgt_key : krbtgt_key;
- /* FIXME: We don't support S4U yet */
- if (flags & KRB5_KDB_FLAGS_S4U) {
- return KRB5_KDB_DBTYPE_NOSUP;
- }
-
is_as_req = ((flags & KRB5_KDB_FLAG_CLIENT_REFERRALS_ONLY) != 0);
/*
@@ -390,6 +397,16 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
ks_client_princ = client->princ;
}
+ /* In protocol transition, we are currently not provided with the tgt
+ * client name to verify the PAC, we could probably skip the name
+ * verification and just verify the signatures, but since we don't
+ * support cross-realm nor aliases, we can just use server->princ */
+ if (flags & KRB5_KDB_FLAG_PROTOCOL_TRANSITION) {
+ pac_client = server->princ;
+ } else {
+ pac_client = ks_client_princ;
+ }
+
if (client_entry == NULL) {
client_entry = client;
}
@@ -454,7 +471,7 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
code = ks_verify_pac(context,
flags,
- ks_client_princ,
+ pac_client,
client_entry,
server,
krbtgt,
@@ -494,7 +511,7 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
is_as_req ? "AS-REQ" : "TGS-REQ",
client_name);
code = krb5_pac_sign(context, pac, authtime, ks_client_princ,
- server_key, krbtgt_key, &pac_data);
+ server_key, krbtgt_key, &pac_data);
if (code != 0) {
DBG_ERR("krb5_pac_sign failed: %d\n", code);
goto done;
@@ -520,12 +537,6 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
KRB5_AUTHDATA_IF_RELEVANT,
authdata,
signed_auth_data);
- if (code != 0) {
- goto done;
- }
-
- code = 0;
-
done:
if (client_entry != NULL && client_entry != client) {
ks_free_principal(context, client_entry);
@@ -551,32 +562,13 @@ krb5_error_code kdb_samba_db_check_allowed_to_delegate(krb5_context context,
* server; -> delegating service
* proxy; -> target principal
*/
- krb5_db_entry *delegating_service = discard_const_p(krb5_db_entry, server);
-
- char *target_name = NULL;
- bool is_enterprise;
- krb5_error_code code;
mit_ctx = ks_get_context(context);
if (mit_ctx == NULL) {
return KRB5_KDB_DBNOTINITED;
}
- code = krb5_unparse_name(context, proxy, &target_name);
- if (code) {
- goto done;
- }
-
- is_enterprise = (proxy->type == KRB5_NT_ENTERPRISE_PRINCIPAL);
-
- code = mit_samba_check_s4u2proxy(mit_ctx,
- delegating_service,
- target_name,
- is_enterprise);
-
-done:
- free(target_name);
- return code;
+ return mit_samba_check_s4u2proxy(mit_ctx, server, proxy);
}
diff --git a/source4/kdc/mit_samba.c b/source4/kdc/mit_samba.c
index 4239332f0d9..acc3cba6254 100644
--- a/source4/kdc/mit_samba.c
+++ b/source4/kdc/mit_samba.c
@@ -501,7 +501,6 @@ int mit_samba_get_pac(struct mit_samba_context *smb_ctx,
krb5_error_code mit_samba_reget_pac(struct mit_samba_context *ctx,
krb5_context context,
int flags,
- krb5_const_principal client_principal,
krb5_db_entry *client,
krb5_db_entry *server,
krb5_db_entry *krbtgt,
@@ -665,7 +664,7 @@ krb5_error_code mit_samba_reget_pac(struct mit_samba_context *ctx,
context,
*pac,
server->princ,
- discard_const(client_principal),
+ client->princ,
deleg_blob);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(0, ("Update delegation info failed: %s\n",
@@ -987,41 +986,17 @@ int mit_samba_check_client_access(struct mit_samba_context *ctx,
}
int mit_samba_check_s4u2proxy(struct mit_samba_context *ctx,
- krb5_db_entry *kentry,
- const char *target_name,
- bool is_nt_enterprise_name)
+ const krb5_db_entry *server,
+ krb5_const_principal target_principal)
{
-#if 1
- /*
- * This is disabled because mit_samba_update_pac_data() does not handle
- * S4U_DELEGATION_INFO
- */
-
- return KRB5KDC_ERR_BADOPTION;
-#else
- krb5_principal target_principal;
- int flags = 0;
- int ret;
-
- if (is_nt_enterprise_name) {
- flags = KRB5_PRINCIPAL_PARSE_ENTERPRISE;
- }
-
- ret = krb5_parse_name_flags(ctx->context, target_name,
- flags, &target_principal);
- if (ret) {
- return ret;
- }
-
- ret = samba_kdc_check_s4u2proxy(ctx->context,
- ctx->db_ctx,
- skdc_entry,
- target_principal);
-
- krb5_free_principal(ctx->context, target_principal);
-
- return ret;
-#endif
+ struct samba_kdc_entry *server_skdc_entry =
+ talloc_get_type_abort(server->e_data,
+ struct samba_kdc_entry);
+
+ return samba_kdc_check_s4u2proxy(ctx->context,
+ ctx->db_ctx,
+ server_skdc_entry,
+ target_principal);
}
static krb5_error_code mit_samba_change_pwd_error(krb5_context context,
diff --git a/source4/kdc/mit_samba.h b/source4/kdc/mit_samba.h
index 636c77ec97c..9cb00c9610e 100644
--- a/source4/kdc/mit_samba.h
+++ b/source4/kdc/mit_samba.h
@@ -56,7 +56,6 @@ int mit_samba_get_pac(struct mit_samba_context *smb_ctx,
krb5_error_code mit_samba_reget_pac(struct mit_samba_context *ctx,
krb5_context context,
int flags,
- krb5_const_principal client_principal,
krb5_db_entry *client,
krb5_db_entry *server,
krb5_db_entry *krbtgt,
@@ -73,9 +72,8 @@ int mit_samba_check_client_access(struct mit_samba_context *ctx,
DATA_BLOB *e_data);
int mit_samba_check_s4u2proxy(struct mit_samba_context *ctx,
- krb5_db_entry *kentry,
- const char *target_name,
- bool is_nt_enterprise_name);
+ const krb5_db_entry *server,
+ krb5_const_principal target_principal);
int mit_samba_kpasswd_change_password(struct mit_samba_context *ctx,
char *pwd,
--
2.33.1
From 992d38fa35c01f2f0bdb39d387fa29e8eb8d3d37 Mon Sep 17 00:00:00 2001
From: Isaac Boukris <iboukris@gmail.com>
Date: Fri, 27 Sep 2019 18:35:30 +0300
Subject: [PATCH 2/3] krb5-mit: enable S4U client support for MIT build
Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
---
lib/krb5_wrap/krb5_samba.c | 185 ++++++++++++++++++++++++++
lib/krb5_wrap/krb5_samba.h | 2 -
source4/auth/kerberos/kerberos_util.c | 11 --
3 files changed, 185 insertions(+), 13 deletions(-)
diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c
index fff5b4e2a22..791b417d5ba 100644
--- a/lib/krb5_wrap/krb5_samba.c
+++ b/lib/krb5_wrap/krb5_samba.c
@@ -2694,6 +2694,191 @@ krb5_error_code smb_krb5_kinit_s4u2_ccache(krb5_context ctx,
return 0;
}
+
+#else /* MIT */
+
+static bool princ_compare_no_dollar(krb5_context ctx,
+ krb5_principal a,
+ krb5_principal b)
+{
+ bool cmp;
+ krb5_principal mod = NULL;
+
+ if (a->length == 1 && b->length == 1 &&
+ a->data[0].length != 0 && b->data[0].length != 0 &&
+ a->data[0].data[a->data[0].length -1] !=
+ b->data[0].data[b->data[0].length -1]) {
+ if (a->data[0].data[a->data[0].length -1] == '$') {
+ mod = a;
+ mod->data[0].length--;
+ } else if (b->data[0].data[b->data[0].length -1] == '$') {
+ mod = b;
+ mod->data[0].length--;
+ }
+ }
+
+ cmp = krb5_principal_compare_flags(ctx, a, b,
+ KRB5_PRINCIPAL_COMPARE_CASEFOLD);
+
+ if (mod != NULL) {
+ mod->data[0].length++;
+ }
+
+ return cmp;
+}
+
+krb5_error_code smb_krb5_kinit_s4u2_ccache(krb5_context ctx,
+ krb5_ccache store_cc,
+ krb5_principal init_principal,
+ const char *init_password,
+ krb5_principal impersonate_principal,
+ const char *self_service,
+ const char *target_service,
+ krb5_get_init_creds_opt *krb_options,
+ time_t *expire_time,
+ time_t *kdc_time)
+{
+ krb5_error_code code;
+ krb5_principal self_princ = NULL;
+ krb5_principal target_princ = NULL;
+ krb5_creds *store_creds;
+ krb5_creds *s4u2self_creds = NULL;
+ krb5_creds *s4u2proxy_creds = NULL;
+ krb5_creds init_creds = {0};
+ krb5_creds mcreds = {0};
+ krb5_flags options = KRB5_GC_NO_STORE;
+ krb5_ccache tmp_cc;
+ bool s4u2proxy;
+
+ code = krb5_cc_new_unique(ctx, "MEMORY", NULL, &tmp_cc);
+ if (code != 0) {
+ return code;
+ }
+
+ code = krb5_get_init_creds_password(ctx, &init_creds,
+ init_principal,
+ init_password,
+ NULL, NULL,
+ 0,
+ NULL,
+ krb_options);
+ if (code != 0) {
+ goto done;
+ }
+
+ code = krb5_cc_initialize(ctx, tmp_cc, init_creds.client);
+ if (code != 0) {
+ goto done;
+ }
+
+ code = krb5_cc_store_cred(ctx, tmp_cc, &init_creds);
+ if (code != 0) {
+ goto done;
+ }
+
+ /*
+ * Check if we also need S4U2Proxy or if S4U2Self is
+ * enough in order to get a ticket for the target.
+ */
+ if (target_service == NULL) {
+ s4u2proxy = false;
+ } else if (strcmp(target_service, self_service) == 0) {
+ s4u2proxy = false;
+ } else {
+ s4u2proxy = true;
+ }
+
+ code = krb5_parse_name(ctx, self_service, &self_princ);
+ if (code != 0) {
+ goto done;
+ }
+
+ /* MIT lacks aliases support in S4U, for S4U2Self we require the tgt
+ * client and the request server to be the same principal name. */
+ if (!princ_compare_no_dollar(ctx, init_creds.client, self_princ)) {
+ code = KRB5KDC_ERR_PADATA_TYPE_NOSUPP;
+ goto done;
+ }
+
+ mcreds.client = impersonate_principal;
+ mcreds.server = init_creds.client;
+
+ code = krb5_get_credentials_for_user(ctx, options, tmp_cc, &mcreds,
+ NULL, &s4u2self_creds);
+ if (code != 0) {
+ goto done;
+ }
+
+ if (s4u2proxy) {
+ code = krb5_parse_name(ctx, target_service, &target_princ);
+ if (code != 0) {
+ goto done;
+ }
+
+ mcreds.client = init_creds.client;
+ mcreds.server = target_princ;
+ mcreds.second_ticket = s4u2self_creds->ticket;
+
+ code = krb5_get_credentials(ctx, options |
+ KRB5_GC_CONSTRAINED_DELEGATION,
+ tmp_cc, &mcreds, &s4u2proxy_creds);
+ if (code != 0) {
+ goto done;
+ }
+
+ /* Check KDC support of S4U2Proxy extension */
+ if (!krb5_principal_compare(ctx, s4u2self_creds->client,
+ s4u2proxy_creds->client)) {
+ code = KRB5KDC_ERR_PADATA_TYPE_NOSUPP;
+ goto done;
+ }
+
+ store_creds = s4u2proxy_creds;
+ } else {
+ store_creds = s4u2self_creds;;
+
+ /* We need to save the ticket with the requested server name
+ * or the caller won't be able to find it in cache. */
+ if (!krb5_principal_compare(ctx, self_princ,
+ store_creds->server)) {
+ krb5_free_principal(ctx, store_creds->server);
+ store_creds->server = NULL;
+ code = krb5_copy_principal(ctx, self_princ,
+ &store_creds->server);
+ if (code != 0) {
+ goto done;
+ }
+ }
+ }
+
+ code = krb5_cc_initialize(ctx, store_cc, store_creds->client);
+ if (code != 0) {
+ goto done;
+ }
+
+ code = krb5_cc_store_cred(ctx, store_cc, store_creds);
+ if (code != 0) {
+ goto done;
+ }
+
+ if (expire_time) {
+ *expire_time = (time_t) store_creds->times.endtime;
+ }
+
+ if (kdc_time) {
+ *kdc_time = (time_t) store_creds->times.starttime;
+ }
+
+done:
+ krb5_cc_destroy(ctx, tmp_cc);
+ krb5_free_cred_contents(ctx, &init_creds);
+ krb5_free_creds(ctx, s4u2self_creds);
+ krb5_free_creds(ctx, s4u2proxy_creds);
+ krb5_free_principal(ctx, self_princ);
+ krb5_free_principal(ctx, target_princ);
+
+ return code;
+}
#endif
#if !defined(HAVE_KRB5_MAKE_PRINCIPAL) && defined(HAVE_KRB5_BUILD_PRINCIPAL_ALLOC_VA)
diff --git a/lib/krb5_wrap/krb5_samba.h b/lib/krb5_wrap/krb5_samba.h
index eab67f6d969..b5385c69a33 100644
--- a/lib/krb5_wrap/krb5_samba.h
+++ b/lib/krb5_wrap/krb5_samba.h
@@ -252,7 +252,6 @@ krb5_error_code smb_krb5_kinit_password_ccache(krb5_context ctx,
krb5_get_init_creds_opt *krb_options,
time_t *expire_time,
time_t *kdc_time);
-#ifdef SAMBA4_USES_HEIMDAL
krb5_error_code smb_krb5_kinit_s4u2_ccache(krb5_context ctx,
krb5_ccache store_cc,
krb5_principal init_principal,
@@ -263,7 +262,6 @@ krb5_error_code smb_krb5_kinit_s4u2_ccache(krb5_context ctx,
krb5_get_init_creds_opt *krb_options,
time_t *expire_time,
time_t *kdc_time);
-#endif
#if defined(HAVE_KRB5_MAKE_PRINCIPAL)
#define smb_krb5_make_principal krb5_make_principal
diff --git a/source4/auth/kerberos/kerberos_util.c b/source4/auth/kerberos/kerberos_util.c
index 544d9d853cc..c14d8c72d8c 100644
--- a/source4/auth/kerberos/kerberos_util.c
+++ b/source4/auth/kerberos/kerberos_util.c
@@ -234,9 +234,7 @@ done:
{
krb5_error_code ret;
const char *password;
-#ifdef SAMBA4_USES_HEIMDAL
const char *self_service;
-#endif
const char *target_service;
time_t kdc_time = 0;
krb5_principal princ;
@@ -268,9 +266,7 @@ done:
return ret;
}
-#ifdef SAMBA4_USES_HEIMDAL
self_service = cli_credentials_get_self_service(credentials);
-#endif
target_service = cli_credentials_get_target_service(credentials);
password = cli_credentials_get_password(credentials);
@@ -331,7 +327,6 @@ done:
#endif
if (password) {
if (impersonate_principal) {
-#ifdef SAMBA4_USES_HEIMDAL
ret = smb_krb5_kinit_s4u2_ccache(smb_krb5_context->krb5_context,
ccache,
princ,
@@ -342,12 +337,6 @@ done:
krb_options,
NULL,
&kdc_time);
-#else
- talloc_free(mem_ctx);
- (*error_string) = "INTERNAL error: s4u2 ops "
- "are not supported with MIT build yet";
- return EINVAL;
-#endif
} else {
ret = smb_krb5_kinit_password_ccache(smb_krb5_context->krb5_context,
ccache,
--
2.33.1
From f1951b501ca0fb3e613f04437c99dc1bbf204609 Mon Sep 17 00:00:00 2001
From: Isaac Boukris <iboukris@gmail.com>
Date: Sat, 19 Sep 2020 14:16:20 +0200
Subject: [PATCH 3/3] wip: for canonicalization with new MIT kdc code
---
source4/heimdal/lib/hdb/hdb.h | 1 +
source4/kdc/db-glue.c | 8 ++++++--
source4/kdc/mit_samba.c | 3 +++
source4/kdc/sdb.h | 1 +
4 files changed, 11 insertions(+), 2 deletions(-)
diff --git a/source4/heimdal/lib/hdb/hdb.h b/source4/heimdal/lib/hdb/hdb.h
index 5ef9d9565f3..dafaffc6c2d 100644
--- a/source4/heimdal/lib/hdb/hdb.h
+++ b/source4/heimdal/lib/hdb/hdb.h
@@ -63,6 +63,7 @@ enum hdb_lockop{ HDB_RLOCK, HDB_WLOCK };
#define HDB_F_ALL_KVNOS 2048 /* we want all the keys, live or not */
#define HDB_F_FOR_AS_REQ 4096 /* fetch is for a AS REQ */
#define HDB_F_FOR_TGS_REQ 8192 /* fetch is for a TGS REQ */
+#define HDB_F_FORCE_CANON 16384 /* force canonicalition */
/* hdb_capability_flags */
#define HDB_CAP_F_HANDLE_ENTERPRISE_PRINCIPAL 1
diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c
index aff74f2ee71..d16b4c3329a 100644
--- a/source4/kdc/db-glue.c
+++ b/source4/kdc/db-glue.c
@@ -916,17 +916,21 @@ static krb5_error_code samba_kdc_message2entry(krb5_context context,
}
}
- } else if (ent_type == SAMBA_KDC_ENT_TYPE_ANY && principal == NULL) {
+ } else if (ent_type == SAMBA_KDC_ENT_TYPE_ANY && principal == NULL) { // was this supposed to be || ?
ret = smb_krb5_make_principal(context, &entry_ex->entry.principal, lpcfg_realm(lp_ctx), samAccountName, NULL);
if (ret) {
krb5_clear_error_message(context);
goto out;
}
- } else if ((flags & SDB_F_CANON) && (flags & SDB_F_FOR_AS_REQ)) {
+ } else if (((flags & SDB_F_CANON) && (flags & SDB_F_FOR_AS_REQ)) || (flags & SDB_F_FORCE_CANON)){
/*
* SDB_F_CANON maps from the canonicalize flag in the
* packet, and has a different meaning between AS-REQ
* and TGS-REQ. We only change the principal in the AS-REQ case
+ *
+ * The SDB_F_FORCE_CANON if for the new MIT kdc code that wants
+ * the canonical name in all lookups, and takes care to canonicalize
+ * only when appropriate.
*/
ret = smb_krb5_make_principal(context, &entry_ex->entry.principal, lpcfg_realm(lp_ctx), samAccountName, NULL);
if (ret) {
diff --git a/source4/kdc/mit_samba.c b/source4/kdc/mit_samba.c
index acc3cba6254..f0b9df8b613 100644
--- a/source4/kdc/mit_samba.c
+++ b/source4/kdc/mit_samba.c
@@ -224,6 +224,9 @@ int mit_samba_get_principal(struct mit_samba_context *ctx,
if (kflags & KRB5_KDB_FLAG_CANONICALIZE) {
sflags |= SDB_F_CANON;
}
+#if KRB5_KDB_API_VERSION >= 10
+ sflags |= SDB_F_FORCE_CANON;
+#endif
if (kflags & (KRB5_KDB_FLAG_CLIENT_REFERRALS_ONLY |
KRB5_KDB_FLAG_INCLUDE_PAC)) {
/*
diff --git a/source4/kdc/sdb.h b/source4/kdc/sdb.h
index c929acccce6..a9115ec23d7 100644
--- a/source4/kdc/sdb.h
+++ b/source4/kdc/sdb.h
@@ -116,6 +116,7 @@ struct sdb_entry_ex {
#define SDB_F_KVNO_SPECIFIED 128 /* we want a particular KVNO */
#define SDB_F_FOR_AS_REQ 4096 /* fetch is for a AS REQ */
#define SDB_F_FOR_TGS_REQ 8192 /* fetch is for a TGS REQ */
+#define SDB_F_FORCE_CANON 16384 /* force canonicalition */
void sdb_free_entry(struct sdb_entry_ex *e);
void free_sdb_entry(struct sdb_entry *s);
--
2.33.1

300
SPECS/samba.spec
View File

@ -1,13 +1,20 @@
# Define _make_verbose if it doesn't exist (RHEL8)
%{!?_make_verbose:%define _make_verbose V=1 VERBOSE=1}
# The testsuite is disabled by default. # The testsuite is disabled by default.
# #
# To build and run the tests use: # To build and run the tests use:
# #
# fedpkg local --with testsuite
# or
# rpmbuild --rebuild --with testsuite samba.src.rpm # rpmbuild --rebuild --with testsuite samba.src.rpm
# #
%bcond_with testsuite %bcond_with testsuite
# Build with internal talloc, tevent, tdb and ldb. # Build with internal talloc, tevent, tdb and ldb.
# #
# fedpkg local --with=testsuite --with=includelibs
# or
# rpmbuild --rebuild --with=testsuite --with=includelibs samba.src.rpm # rpmbuild --rebuild --with=testsuite --with=includelibs samba.src.rpm
# #
%bcond_with includelibs %bcond_with includelibs
@ -42,18 +49,21 @@
%bcond_without winexe %bcond_without winexe
%endif %endif
# Build vfs_ceph module by default on 64bit Fedora # Build vfs_ceph module and ctdb cepth mutex helper by default on 64bit Fedora
%if 0%{?fedora} %if 0%{?fedora}
%ifarch aarch64 ppc64le s390x x86_64 %ifarch aarch64 ppc64le s390x x86_64
%bcond_without vfs_cephfs %bcond_without vfs_cephfs
%bcond_without ceph_mutex
%else %else
%bcond_with vfs_cephfs %bcond_with vfs_cephfs
%bcond_with ceph_mutex
#endifarch #endifarch
%endif %endif
%else %else
%bcond_with vfs_cephfs %bcond_with vfs_cephfs
%bcond_with ceph_mutex
#endif fedora #endif fedora
%endif %endif
@ -106,15 +116,29 @@
#endif fedora || rhel >= 8 #endif fedora || rhel >= 8
%endif %endif
# Build the ctdb-pcp-pmda package by default on Fedora
%if 0%{?fedora}
%bcond_without pcp_pmda
%else
%bcond_with pcp_pmda
%endif
# Build the etcd helpers by default on Fedora
%if 0%{?fedora}
%bcond_without etcd_mutex
%else
%bcond_with etcd_mutex
%endif
%define samba_requires_eq() %(LC_ALL="C" echo '%*' | xargs -r rpm -q --qf 'Requires: %%{name} = %%{epoch}:%%{version}\\n' | sed -e 's/ (none):/ /' -e 's/ 0:/ /' | grep -v "is not") %define samba_requires_eq() %(LC_ALL="C" echo '%*' | xargs -r rpm -q --qf 'Requires: %%{name} = %%{epoch}:%%{version}\\n' | sed -e 's/ (none):/ /' -e 's/ 0:/ /' | grep -v "is not")
%global baserelease 2 %global baserelease 2
%global samba_version 4.14.5 %global samba_version 4.15.2
%global talloc_version 2.3.2 %global talloc_version 2.3.3
%global tdb_version 1.4.3 %global tdb_version 1.4.4
%global tevent_version 0.10.2 %global tevent_version 0.11.0
%global ldb_version 2.3.0 %global ldb_version 2.4.1
# This should be rc1 or nil # This should be rc1 or nil
%global pre_release %nil %global pre_release %nil
@ -177,7 +201,15 @@ Source14: samba.pamd
Source201: README.downgrade Source201: README.downgrade
Patch0: samba-4.14-raise-dfs-enoent-debug-level.patch Patch0: samba-s4u.patch
Patch1: samba-ctdb-etcd-reclock.patch
Patch2: samba-4.15.1-winexe.patch
Patch3: samba-4.15-fix-winbind-no-trusted-domain.patch
Patch4: samba-4.15-logfile.patch
Patch5: samba-4.15.2-smbclient_anonymous.patch
Patch6: samba-4.15-ipa-dc-schannel.patch
Patch7: samba-4.15-fix-recursive-dir-delete.patch
Patch8: samba-4.15-fix-recursive-dir-delete-symlinks.patch
Requires(pre): /usr/sbin/groupadd Requires(pre): /usr/sbin/groupadd
Requires(post): systemd Requires(post): systemd
@ -285,6 +317,16 @@ BuildRequires: libcephfs-devel
BuildRequires: liburing-devel >= 0.4 BuildRequires: liburing-devel >= 0.4
%endif %endif
%if %{with pcp_pmda}
BuildRequires: pcp-libs-devel
%endif
%if %{with ceph_mutex}
BuildRequires: librados-devel
%endif
%if %{with etcd_mutex}
BuildRequires: python3-etcd
%endif
%if %{with dc} || %{with testsuite} %if %{with dc} || %{with testsuite}
# Add python3-iso8601 to avoid that the # Add python3-iso8601 to avoid that the
# version in Samba is being packaged # version in Samba is being packaged
@ -314,9 +356,13 @@ BuildRequires: python3-tdb >= %{tdb_version}
BuildRequires: libldb-devel >= %{ldb_version} BuildRequires: libldb-devel >= %{ldb_version}
BuildRequires: python3-ldb >= %{ldb_version} BuildRequires: python3-ldb >= %{ldb_version}
BuildRequires: python3-ldb-devel >= %{ldb_version} BuildRequires: python3-ldb-devel >= %{ldb_version}
%else %endif
%if %{with includelibs} || %{with testsuite}
# lmdb-devel is required for the mdb ldb module, if samba is configured
# to build includelibs we need lmdb-devel for building that module on our own
BuildRequires: lmdb-devel BuildRequires: lmdb-devel
#endif without testsuite #endif without includelibs
%endif %endif
%if %{with dc} || %{with testsuite} %if %{with dc} || %{with testsuite}
@ -326,6 +372,7 @@ BuildRequires: ldb-tools
BuildRequires: python3-gpg BuildRequires: python3-gpg
BuildRequires: python3-markdown BuildRequires: python3-markdown
BuildRequires: python3-setproctitle BuildRequires: python3-setproctitle
BuildRequires: python3-cryptography
BuildRequires: tdb-tools BuildRequires: tdb-tools
%endif %endif
@ -423,7 +470,7 @@ Obsoletes: ctdb-tests-debuginfo < %{samba_depver}
# endif with clustering # endif with clustering
%endif %endif
# If only build glusterfs for RHGS and Fedora, so obsolete it on other version # We only build glusterfs for RHGS and Fedora, so obsolete it on other versions
# of the distro # of the distro
%if %{without vfs_glusterfs} %if %{without vfs_glusterfs}
Obsoletes: samba-vfs-glusterfs < %{samba_depver} Obsoletes: samba-vfs-glusterfs < %{samba_depver}
@ -444,6 +491,15 @@ Requires: samba-libs = %{samba_depver}
Requires: libwbclient = %{samba_depver} Requires: libwbclient = %{samba_depver}
%endif %endif
# samba-tool needs python3-samba
Requires: python3-%{name} = %{samba_depver}
# samba-tool needs tdbbackup
Requires: tdb-tools
%if %{with dc}
# samba-tool needs mdb_copy for domain backup or upgrade provision
Requires: lmdb
%endif
Provides: bundled(libreplace) Provides: bundled(libreplace)
%description common-tools %description common-tools
@ -465,10 +521,6 @@ Requires(post): libwbclient = %{samba_depver}
Requires: libwbclient = %{samba_depver} Requires: libwbclient = %{samba_depver}
%endif %endif
# samba-tool needs tdbbackup
Requires: tdb-tools
# samba-tool needs mdb_copy
Requires: lmdb
Requires: ldb-tools Requires: ldb-tools
Requires: python3-setproctitle Requires: python3-setproctitle
# Force using libldb version to be the same as build version # Force using libldb version to be the same as build version
@ -704,7 +756,7 @@ Summary: Samba python devel files
Requires: python3-%{name} = %{samba_depver} Requires: python3-%{name} = %{samba_depver}
%description -n python3-%{name}-devel %description -n python3-%{name}-devel
The python3-%{name}-devel package contains the Python 3 defel files. The python3-%{name}-devel package contains the Python 3 devel files.
%package -n python3-samba-test %package -n python3-samba-test
Summary: Samba Python libraries Summary: Samba Python libraries
@ -799,9 +851,12 @@ Summary: Samba winbind
Requires(pre): %{name}-common = %{samba_depver} Requires(pre): %{name}-common = %{samba_depver}
Requires: %{name}-common = %{samba_depver} Requires: %{name}-common = %{samba_depver}
Requires: %{name}-common-libs = %{samba_depver} Requires: %{name}-common-libs = %{samba_depver}
Requires(post): %{name}-common-libs = %{samba_depver}
Requires: %{name}-common-tools = %{samba_depver} Requires: %{name}-common-tools = %{samba_depver}
Requires: %{name}-client-libs = %{samba_depver} Requires: %{name}-client-libs = %{samba_depver}
Requires(post): %{name}-client-libs = %{samba_depver}
Requires: %{name}-libs = %{samba_depver} Requires: %{name}-libs = %{samba_depver}
Requires(post): %{name}-libs = %{samba_depver}
Requires: %{name}-winbind-modules = %{samba_depver} Requires: %{name}-winbind-modules = %{samba_depver}
%if %{with libwbclient} %if %{with libwbclient}
@ -961,6 +1016,45 @@ and use CTDB instead.
#endif with testsuite #endif with testsuite
%endif %endif
%if %{with pcp_pmda}
%package -n ctdb-pcp-pmda
Summary: CTDB PCP pmda support
Requires: ctdb = %{samba_depver}
Requires: pcp-libs
%description -n ctdb-pcp-pmda
Performance Co-Pilot (PCP) support for CTDB
#endif with pcp_pmda
%endif
%if %{with etcd_mutex}
%package -n ctdb-etcd-mutex
Summary: CTDB ETCD mutex helper
Requires: ctdb = %{samba_depver}
Requires: python3-etcd
%description -n ctdb-etcd-mutex
Support for using an existing ETCD cluster as a mutex helper for CTDB
#endif with etcd_mutex
%endif
%if %{with ceph_mutex}
%package -n ctdb-ceph-mutex
Summary: CTDB ceph mutex helper
Requires: ctdb = %{samba_depver}
%description -n ctdb-ceph-mutex
Support for using an existing CEPH cluster as a mutex helper for CTDB
#endif with ceph_mutex
%endif
#endif with clustering #endif with clustering
%endif %endif
@ -1050,9 +1144,19 @@ export LDFLAGS="%{__global_ldflags} -fuse-ld=gold"
%endif %endif
%if %{with testsuite} %if %{with testsuite}
--enable-selftest \ --enable-selftest \
%endif
%if %{with pcp_pmda}
--enable-pmda \
%endif
%if %{with ceph_mutex}
--enable-ceph-reclock \
%endif
%if %{with etcd_mutex}
--enable-etcd-reclock \
%endif %endif
--with-profiling-data \ --with-profiling-data \
--with-systemd \ --with-systemd \
--with-quotas \
--systemd-install-services \ --systemd-install-services \
--with-systemddir=/usr/lib/systemd/system \ --with-systemddir=/usr/lib/systemd/system \
--systemd-smb-extra=%{_systemd_extra} \ --systemd-smb-extra=%{_systemd_extra} \
@ -1061,7 +1165,7 @@ export LDFLAGS="%{__global_ldflags} -fuse-ld=gold"
--systemd-samba-extra=%{_systemd_extra} --systemd-samba-extra=%{_systemd_extra}
# Do not use %%make_build, make is just a wrapper around waf in Samba! # Do not use %%make_build, make is just a wrapper around waf in Samba!
%{__make} %{?_smp_mflags} V=1 %{__make} %{?_smp_mflags} %{_make_verbose}
pushd pidl pushd pidl
%__perl Makefile.PL PREFIX=%{_prefix} %__perl Makefile.PL PREFIX=%{_prefix}
@ -1070,7 +1174,8 @@ pushd pidl
popd popd
%install %install
%make_install # Do not use %%make_install, make is just a wrapper around waf in Samba!
%{__make} %{?_smp_mflags} %{_make_verbose} install DESTDIR=%{buildroot}
install -d -m 0755 %{buildroot}/usr/{sbin,bin} install -d -m 0755 %{buildroot}/usr/{sbin,bin}
install -d -m 0755 %{buildroot}%{_libdir}/security install -d -m 0755 %{buildroot}%{_libdir}/security
@ -1158,12 +1263,10 @@ touch %{buildroot}%{_libdir}/krb5/plugins/libkrb5/winbind_krb5_locator.so
%if %{without dc} && %{without testsuite} %if %{without dc} && %{without testsuite}
for i in \ for i in \
%{_libdir}/samba/libdfs-server-ad-samba4.so \ %{_libdir}/samba/libdfs-server-ad-samba4.so \
%{_libdir}/samba/libdnsserver-common-samba4.so \
%{_libdir}/samba/libdsdb-garbage-collect-tombstones-samba4.so \ %{_libdir}/samba/libdsdb-garbage-collect-tombstones-samba4.so \
%{_libdir}/samba/libscavenge-dns-records-samba4.so \ %{_libdir}/samba/libscavenge-dns-records-samba4.so \
%{_mandir}/man8/samba.8 \ %{_mandir}/man8/samba.8 \
%{_mandir}/man8/samba_downgrade_db.8 \ %{_mandir}/man8/samba_downgrade_db.8 \
%{_mandir}/man8/samba-tool.8 \
%{_mandir}/man8/samba-gpupdate.8 \ %{_mandir}/man8/samba-gpupdate.8 \
%{_libdir}/samba/ldb/ildap.so \ %{_libdir}/samba/ldb/ildap.so \
%{_libdir}/samba/ldb/ldbsamba_extensions.so \ %{_libdir}/samba/ldb/ldbsamba_extensions.so \
@ -1514,6 +1617,8 @@ fi
%{_libdir}/samba/vfs/nfs4acl_xattr.so %{_libdir}/samba/vfs/nfs4acl_xattr.so
%endif %endif
%{_libexecdir}/samba/samba-bgqd
%dir %{_datadir}/samba %dir %{_datadir}/samba
%dir %{_datadir}/samba/mdssvc %dir %{_datadir}/samba/mdssvc
%{_datadir}/samba/mdssvc/elasticsearch_mappings.json %{_datadir}/samba/mdssvc/elasticsearch_mappings.json
@ -1525,6 +1630,7 @@ fi
%config(noreplace) %{_sysconfdir}/pam.d/samba %config(noreplace) %{_sysconfdir}/pam.d/samba
%{_mandir}/man1/smbstatus.1* %{_mandir}/man1/smbstatus.1*
%{_mandir}/man8/eventlogadm.8* %{_mandir}/man8/eventlogadm.8*
%{_mandir}/man8/samba-bgqd.8*
%{_mandir}/man8/smbd.8* %{_mandir}/man8/smbd.8*
%{_mandir}/man8/nmbd.8* %{_mandir}/man8/nmbd.8*
%{_mandir}/man8/vfs_acl_tdb.8* %{_mandir}/man8/vfs_acl_tdb.8*
@ -1575,9 +1681,8 @@ fi
%{_bindir}/cifsdd %{_bindir}/cifsdd
%{_bindir}/dbwrap_tool %{_bindir}/dbwrap_tool
%{_bindir}/dumpmscat %{_bindir}/dumpmscat
%exclude %{_bindir}/findsmb
%{_bindir}/mvxattr %{_bindir}/mvxattr
%{_bindir}/mdfind %{_bindir}/mdsearch
%{_bindir}/nmblookup %{_bindir}/nmblookup
%{_bindir}/oLschema2ldif %{_bindir}/oLschema2ldif
%{_bindir}/regdiff %{_bindir}/regdiff
@ -1604,9 +1709,8 @@ fi
%{_mandir}/man1/regpatch.1* %{_mandir}/man1/regpatch.1*
%{_mandir}/man1/regshell.1* %{_mandir}/man1/regshell.1*
%{_mandir}/man1/regtree.1* %{_mandir}/man1/regtree.1*
%exclude %{_mandir}/man1/findsmb.1*
%{_mandir}/man1/log2pcap.1* %{_mandir}/man1/log2pcap.1*
%{_mandir}/man1/mdfind.1* %{_mandir}/man1/mdsearch.1*
%{_mandir}/man1/mvxattr.1* %{_mandir}/man1/mvxattr.1*
%{_mandir}/man1/rpcclient.1* %{_mandir}/man1/rpcclient.1*
%{_mandir}/man1/sharesec.1* %{_mandir}/man1/sharesec.1*
@ -1687,11 +1791,12 @@ fi
%{_libdir}/samba/libclidns-samba4.so %{_libdir}/samba/libclidns-samba4.so
%{_libdir}/samba/libcluster-samba4.so %{_libdir}/samba/libcluster-samba4.so
%{_libdir}/samba/libcmdline-contexts-samba4.so %{_libdir}/samba/libcmdline-contexts-samba4.so
%{_libdir}/samba/libcmdline-credentials-samba4.so
%{_libdir}/samba/libcommon-auth-samba4.so %{_libdir}/samba/libcommon-auth-samba4.so
%{_libdir}/samba/libctdb-event-client-samba4.so %{_libdir}/samba/libctdb-event-client-samba4.so
%{_libdir}/samba/libdbwrap-samba4.so %{_libdir}/samba/libdbwrap-samba4.so
%{_libdir}/samba/libdcerpc-pkt-auth-samba4.so
%{_libdir}/samba/libdcerpc-samba-samba4.so %{_libdir}/samba/libdcerpc-samba-samba4.so
%{_libdir}/samba/libdcerpc-pkt-auth-samba4.so
%{_libdir}/samba/libevents-samba4.so %{_libdir}/samba/libevents-samba4.so
%{_libdir}/samba/libflag-mapping-samba4.so %{_libdir}/samba/libflag-mapping-samba4.so
%{_libdir}/samba/libgenrand-samba4.so %{_libdir}/samba/libgenrand-samba4.so
@ -1745,7 +1850,6 @@ fi
%{_libdir}/samba/libtime-basic-samba4.so %{_libdir}/samba/libtime-basic-samba4.so
%{_libdir}/samba/libtorture-samba4.so %{_libdir}/samba/libtorture-samba4.so
%{_libdir}/samba/libtrusts-util-samba4.so %{_libdir}/samba/libtrusts-util-samba4.so
%{_libdir}/samba/libutil-cmdline-samba4.so
%{_libdir}/samba/libutil-reg-samba4.so %{_libdir}/samba/libutil-reg-samba4.so
%{_libdir}/samba/libutil-setid-samba4.so %{_libdir}/samba/libutil-setid-samba4.so
%{_libdir}/samba/libutil-tdb-samba4.so %{_libdir}/samba/libutil-tdb-samba4.so
@ -1771,7 +1875,7 @@ fi
%{_libdir}/samba/ldb/asq.so %{_libdir}/samba/ldb/asq.so
%{_libdir}/samba/ldb/ldb.so %{_libdir}/samba/ldb/ldb.so
#%%{_libdir}/samba/ldb/mdb.so %{_libdir}/samba/ldb/mdb.so
%{_libdir}/samba/ldb/paged_searches.so %{_libdir}/samba/ldb/paged_searches.so
%{_libdir}/samba/ldb/rdn_name.so %{_libdir}/samba/ldb/rdn_name.so
%{_libdir}/samba/ldb/sample.so %{_libdir}/samba/ldb/sample.so
@ -1809,8 +1913,7 @@ fi
### COMMON-libs ### COMMON-libs
%files common-libs %files common-libs
# common libraries # common libraries
%{_libdir}/samba/libpopt-samba3-cmdline-samba4.so %{_libdir}/samba/libcmdline-samba4.so
%{_libdir}/samba/libpopt-samba3-samba4.so
%dir %{_libdir}/samba/ldb %dir %{_libdir}/samba/ldb
@ -1823,6 +1926,7 @@ fi
%{_bindir}/net %{_bindir}/net
%{_bindir}/pdbedit %{_bindir}/pdbedit
%{_bindir}/profiles %{_bindir}/profiles
%{_bindir}/samba-tool
%{_bindir}/smbcontrol %{_bindir}/smbcontrol
%{_bindir}/smbpasswd %{_bindir}/smbpasswd
%{_bindir}/testparm %{_bindir}/testparm
@ -1831,13 +1935,13 @@ fi
%{_mandir}/man1/testparm.1* %{_mandir}/man1/testparm.1*
%{_mandir}/man8/net.8* %{_mandir}/man8/net.8*
%{_mandir}/man8/pdbedit.8* %{_mandir}/man8/pdbedit.8*
%{_mandir}/man8/samba-tool.8*
%{_mandir}/man8/smbpasswd.8* %{_mandir}/man8/smbpasswd.8*
### DC ### DC
%if %{with dc} || %{with testsuite} %if %{with dc} || %{with testsuite}
%files dc %files dc
%{_unitdir}/samba.service %{_unitdir}/samba.service
%{_bindir}/samba-tool
%{_sbindir}/samba %{_sbindir}/samba
%{_sbindir}/samba_dnsupdate %{_sbindir}/samba_dnsupdate
%{_sbindir}/samba_downgrade_db %{_sbindir}/samba_downgrade_db
@ -1905,7 +2009,6 @@ fi
%{_mandir}/man8/samba.8* %{_mandir}/man8/samba.8*
%{_mandir}/man8/samba_downgrade_db.8* %{_mandir}/man8/samba_downgrade_db.8*
%{_mandir}/man8/samba-gpupdate.8* %{_mandir}/man8/samba-gpupdate.8*
%{_mandir}/man8/samba-tool.8*
%dir %{_datadir}/samba/admx %dir %{_datadir}/samba/admx
%{_datadir}/samba/admx/samba.admx %{_datadir}/samba/admx/samba.admx
%dir %{_datadir}/samba/admx/en-US %dir %{_datadir}/samba/admx/en-US
@ -1948,7 +2051,6 @@ fi
%endif %endif
%{_libdir}/libdcerpc-server.so.* %{_libdir}/libdcerpc-server.so.*
%{_libdir}/samba/libdnsserver-common-samba4.so
%{_libdir}/samba/libdsdb-module-samba4.so %{_libdir}/samba/libdsdb-module-samba4.so
%{_libdir}/samba/libdsdb-garbage-collect-tombstones-samba4.so %{_libdir}/samba/libdsdb-garbage-collect-tombstones-samba4.so
%{_libdir}/samba/libscavenge-dns-records-samba4.so %{_libdir}/samba/libscavenge-dns-records-samba4.so
@ -1957,8 +2059,6 @@ fi
%files dc-bind-dlz %files dc-bind-dlz
%attr(770,root,named) %dir /var/lib/samba/bind-dns %attr(770,root,named) %dir /var/lib/samba/bind-dns
%dir %{_libdir}/samba/bind9 %dir %{_libdir}/samba/bind9
%{_libdir}/samba/bind9/dlz_bind9.so
%{_libdir}/samba/bind9/dlz_bind9_9.so
%{_libdir}/samba/bind9/dlz_bind9_10.so %{_libdir}/samba/bind9/dlz_bind9_10.so
%{_libdir}/samba/bind9/dlz_bind9_11.so %{_libdir}/samba/bind9/dlz_bind9_11.so
%{_libdir}/samba/bind9/dlz_bind9_12.so %{_libdir}/samba/bind9/dlz_bind9_12.so
@ -2132,6 +2232,7 @@ fi
%{_libdir}/samba/libauth4-samba4.so %{_libdir}/samba/libauth4-samba4.so
%{_libdir}/samba/libauth-unix-token-samba4.so %{_libdir}/samba/libauth-unix-token-samba4.so
%{_libdir}/samba/libdcerpc-samba4.so %{_libdir}/samba/libdcerpc-samba4.so
%{_libdir}/samba/libdnsserver-common-samba4.so
%{_libdir}/samba/libshares-samba4.so %{_libdir}/samba/libshares-samba4.so
%{_libdir}/samba/libsmbpasswdparser-samba4.so %{_libdir}/samba/libsmbpasswdparser-samba4.so
%{_libdir}/samba/libxattr-tdb-samba4.so %{_libdir}/samba/libxattr-tdb-samba4.so
@ -2226,6 +2327,7 @@ fi
%{python3_sitearch}/samba/__pycache__/getopt.*.pyc %{python3_sitearch}/samba/__pycache__/getopt.*.pyc
%{python3_sitearch}/samba/__pycache__/gpclass.*.pyc %{python3_sitearch}/samba/__pycache__/gpclass.*.pyc
%{python3_sitearch}/samba/__pycache__/gp_ext_loader.*.pyc %{python3_sitearch}/samba/__pycache__/gp_ext_loader.*.pyc
%{python3_sitearch}/samba/__pycache__/gp_gnome_settings_ext.*.pyc
%{python3_sitearch}/samba/__pycache__/gp_msgs_ext.*.pyc %{python3_sitearch}/samba/__pycache__/gp_msgs_ext.*.pyc
%{python3_sitearch}/samba/__pycache__/gp_scripts_ext.*.pyc %{python3_sitearch}/samba/__pycache__/gp_scripts_ext.*.pyc
%{python3_sitearch}/samba/__pycache__/gp_sec_ext.*.pyc %{python3_sitearch}/samba/__pycache__/gp_sec_ext.*.pyc
@ -2248,7 +2350,14 @@ fi
%{python3_sitearch}/samba/__pycache__/trust_utils.*.pyc %{python3_sitearch}/samba/__pycache__/trust_utils.*.pyc
%{python3_sitearch}/samba/__pycache__/upgrade.*.pyc %{python3_sitearch}/samba/__pycache__/upgrade.*.pyc
%{python3_sitearch}/samba/__pycache__/upgradehelpers.*.pyc %{python3_sitearch}/samba/__pycache__/upgradehelpers.*.pyc
%{python3_sitearch}/samba/__pycache__/vgp_access_ext.*.pyc
%{python3_sitearch}/samba/__pycache__/vgp_files_ext.*.pyc
%{python3_sitearch}/samba/__pycache__/vgp_issue_ext.*.pyc
%{python3_sitearch}/samba/__pycache__/vgp_motd_ext.*.pyc
%{python3_sitearch}/samba/__pycache__/vgp_openssh_ext.*.pyc
%{python3_sitearch}/samba/__pycache__/vgp_startup_scripts_ext.*.pyc
%{python3_sitearch}/samba/__pycache__/vgp_sudoers_ext.*.pyc %{python3_sitearch}/samba/__pycache__/vgp_sudoers_ext.*.pyc
%{python3_sitearch}/samba/__pycache__/vgp_symlink_ext.*.pyc
%{python3_sitearch}/samba/__pycache__/xattr.*.pyc %{python3_sitearch}/samba/__pycache__/xattr.*.pyc
%{python3_sitearch}/samba/_glue.*.so %{python3_sitearch}/samba/_glue.*.so
%{python3_sitearch}/samba/_ldb.*.so %{python3_sitearch}/samba/_ldb.*.so
@ -2277,6 +2386,7 @@ fi
%{python3_sitearch}/samba/dcerpc/idmap.*.so %{python3_sitearch}/samba/dcerpc/idmap.*.so
%{python3_sitearch}/samba/dcerpc/initshutdown.*.so %{python3_sitearch}/samba/dcerpc/initshutdown.*.so
%{python3_sitearch}/samba/dcerpc/irpc.*.so %{python3_sitearch}/samba/dcerpc/irpc.*.so
%{python3_sitearch}/samba/dcerpc/krb5ccache.*.so
%{python3_sitearch}/samba/dcerpc/krb5pac.*.so %{python3_sitearch}/samba/dcerpc/krb5pac.*.so
%{python3_sitearch}/samba/dcerpc/lsa.*.so %{python3_sitearch}/samba/dcerpc/lsa.*.so
%{python3_sitearch}/samba/dcerpc/messaging.*.so %{python3_sitearch}/samba/dcerpc/messaging.*.so
@ -2305,9 +2415,12 @@ fi
%{python3_sitearch}/samba/descriptor.py %{python3_sitearch}/samba/descriptor.py
%{python3_sitearch}/samba/dnsresolver.py %{python3_sitearch}/samba/dnsresolver.py
%{python3_sitearch}/samba/drs_utils.py %{python3_sitearch}/samba/drs_utils.py
%{python3_sitearch}/samba/dsdb.*.so
%{python3_sitearch}/samba/dsdb_dns.*.so
%{python3_sitearch}/samba/gensec.*.so %{python3_sitearch}/samba/gensec.*.so
%{python3_sitearch}/samba/getopt.py %{python3_sitearch}/samba/getopt.py
%{python3_sitearch}/samba/gpclass.py %{python3_sitearch}/samba/gpclass.py
%{python3_sitearch}/samba/gp_gnome_settings_ext.py
%{python3_sitearch}/samba/gp_scripts_ext.py %{python3_sitearch}/samba/gp_scripts_ext.py
%{python3_sitearch}/samba/gp_sec_ext.py %{python3_sitearch}/samba/gp_sec_ext.py
%{python3_sitearch}/samba/gpo.*.so %{python3_sitearch}/samba/gpo.*.so
@ -2318,6 +2431,7 @@ fi
%{python3_sitearch}/samba/messaging.*.so %{python3_sitearch}/samba/messaging.*.so
%{python3_sitearch}/samba/ndr.py %{python3_sitearch}/samba/ndr.py
%{python3_sitearch}/samba/net.*.so %{python3_sitearch}/samba/net.*.so
%{python3_sitearch}/samba/net_s3.*.so
%{python3_sitearch}/samba/ntstatus.*.so %{python3_sitearch}/samba/ntstatus.*.so
%{python3_sitearch}/samba/posix_eadb.*.so %{python3_sitearch}/samba/posix_eadb.*.so
%dir %{python3_sitearch}/samba/emulate %dir %{python3_sitearch}/samba/emulate
@ -2440,7 +2554,14 @@ fi
%{python3_sitearch}/samba/trust_utils.py %{python3_sitearch}/samba/trust_utils.py
%{python3_sitearch}/samba/upgrade.py %{python3_sitearch}/samba/upgrade.py
%{python3_sitearch}/samba/upgradehelpers.py %{python3_sitearch}/samba/upgradehelpers.py
%{python3_sitearch}/samba/vgp_access_ext.py
%{python3_sitearch}/samba/vgp_files_ext.py
%{python3_sitearch}/samba/vgp_issue_ext.py
%{python3_sitearch}/samba/vgp_motd_ext.py
%{python3_sitearch}/samba/vgp_openssh_ext.py
%{python3_sitearch}/samba/vgp_startup_scripts_ext.py
%{python3_sitearch}/samba/vgp_sudoers_ext.py %{python3_sitearch}/samba/vgp_sudoers_ext.py
%{python3_sitearch}/samba/vgp_symlink_ext.py
%{python3_sitearch}/samba/werror.*.so %{python3_sitearch}/samba/werror.*.so
%{python3_sitearch}/samba/xattr.py %{python3_sitearch}/samba/xattr.py
%{python3_sitearch}/samba/xattr_native.*.so %{python3_sitearch}/samba/xattr_native.*.so
@ -2487,8 +2608,6 @@ fi
%{python3_sitearch}/samba/dcerpc/dnsserver.*.so %{python3_sitearch}/samba/dcerpc/dnsserver.*.so
%{python3_sitearch}/samba/dckeytab.*.so %{python3_sitearch}/samba/dckeytab.*.so
%{python3_sitearch}/samba/dsdb.*.so
%{python3_sitearch}/samba/dsdb_dns.*.so
%{python3_sitearch}/samba/domain_update.py %{python3_sitearch}/samba/domain_update.py
%{python3_sitearch}/samba/forest_update.py %{python3_sitearch}/samba/forest_update.py
%{python3_sitearch}/samba/ms_forest_updates_markdown.py %{python3_sitearch}/samba/ms_forest_updates_markdown.py
@ -2555,6 +2674,7 @@ fi
%{python3_sitearch}/samba/tests/__pycache__/cred_opt.*.pyc %{python3_sitearch}/samba/tests/__pycache__/cred_opt.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/dckeytab.*.pyc %{python3_sitearch}/samba/tests/__pycache__/dckeytab.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/dns.*.pyc %{python3_sitearch}/samba/tests/__pycache__/dns.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/dns_aging.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/dns_base.*.pyc %{python3_sitearch}/samba/tests/__pycache__/dns_base.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/dns_forwarder.*.pyc %{python3_sitearch}/samba/tests/__pycache__/dns_forwarder.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/dns_invalid.*.pyc %{python3_sitearch}/samba/tests/__pycache__/dns_invalid.*.pyc
@ -2562,6 +2682,8 @@ fi
%{python3_sitearch}/samba/tests/__pycache__/dns_tkey.*.pyc %{python3_sitearch}/samba/tests/__pycache__/dns_tkey.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/dns_wildcard.*.pyc %{python3_sitearch}/samba/tests/__pycache__/dns_wildcard.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/dsdb.*.pyc %{python3_sitearch}/samba/tests/__pycache__/dsdb.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/dsdb_api.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/dsdb_dns.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/dsdb_lock.*.pyc %{python3_sitearch}/samba/tests/__pycache__/dsdb_lock.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/dsdb_schema_attributes.*.pyc %{python3_sitearch}/samba/tests/__pycache__/dsdb_schema_attributes.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/docs.*.pyc %{python3_sitearch}/samba/tests/__pycache__/docs.*.pyc
@ -2573,17 +2695,22 @@ fi
%{python3_sitearch}/samba/tests/__pycache__/getdcname.*.pyc %{python3_sitearch}/samba/tests/__pycache__/getdcname.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/glue.*.pyc %{python3_sitearch}/samba/tests/__pycache__/glue.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/gpo.*.pyc %{python3_sitearch}/samba/tests/__pycache__/gpo.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/gpo_member.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/graph.*.pyc %{python3_sitearch}/samba/tests/__pycache__/graph.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/group_audit.*.pyc %{python3_sitearch}/samba/tests/__pycache__/group_audit.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/hostconfig.*.pyc %{python3_sitearch}/samba/tests/__pycache__/hostconfig.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/imports.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/join.*.pyc %{python3_sitearch}/samba/tests/__pycache__/join.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/krb5_credentials.*.pyc %{python3_sitearch}/samba/tests/__pycache__/krb5_credentials.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/ldap_raw.*.pyc %{python3_sitearch}/samba/tests/__pycache__/ldap_raw.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/ldap_referrals.*.pyc %{python3_sitearch}/samba/tests/__pycache__/ldap_referrals.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/ldap_spn.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/ldap_upn_sam_account.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/loadparm.*.pyc %{python3_sitearch}/samba/tests/__pycache__/loadparm.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/libsmb.*.pyc %{python3_sitearch}/samba/tests/__pycache__/libsmb.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/lsa_string.*.pyc %{python3_sitearch}/samba/tests/__pycache__/lsa_string.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/messaging.*.pyc %{python3_sitearch}/samba/tests/__pycache__/messaging.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/ndr.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/netbios.*.pyc %{python3_sitearch}/samba/tests/__pycache__/netbios.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/netcmd.*.pyc %{python3_sitearch}/samba/tests/__pycache__/netcmd.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/net_join_no_spnego.*.pyc %{python3_sitearch}/samba/tests/__pycache__/net_join_no_spnego.*.pyc
@ -2619,10 +2746,12 @@ fi
%{python3_sitearch}/samba/tests/__pycache__/s3passdb.*.pyc %{python3_sitearch}/samba/tests/__pycache__/s3passdb.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/s3registry.*.pyc %{python3_sitearch}/samba/tests/__pycache__/s3registry.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/s3windb.*.pyc %{python3_sitearch}/samba/tests/__pycache__/s3windb.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/s3_net_join.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/samba_upgradedns_lmdb.*.pyc %{python3_sitearch}/samba/tests/__pycache__/samba_upgradedns_lmdb.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/samba3sam.*.pyc %{python3_sitearch}/samba/tests/__pycache__/samba3sam.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/samdb.*.pyc %{python3_sitearch}/samba/tests/__pycache__/samdb.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/samdb_api.*.pyc %{python3_sitearch}/samba/tests/__pycache__/samdb_api.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/sddl.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/security.*.pyc %{python3_sitearch}/samba/tests/__pycache__/security.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/segfault.*.pyc %{python3_sitearch}/samba/tests/__pycache__/segfault.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/smb.*.pyc %{python3_sitearch}/samba/tests/__pycache__/smb.*.pyc
@ -2657,7 +2786,7 @@ fi
%{python3_sitearch}/samba/tests/blackbox/__pycache__/bug13653.*.pyc %{python3_sitearch}/samba/tests/blackbox/__pycache__/bug13653.*.pyc
%{python3_sitearch}/samba/tests/blackbox/__pycache__/check_output.*.pyc %{python3_sitearch}/samba/tests/blackbox/__pycache__/check_output.*.pyc
%{python3_sitearch}/samba/tests/blackbox/__pycache__/downgradedatabase.*.pyc %{python3_sitearch}/samba/tests/blackbox/__pycache__/downgradedatabase.*.pyc
%{python3_sitearch}/samba/tests/blackbox/__pycache__/mdfind.*.pyc %{python3_sitearch}/samba/tests/blackbox/__pycache__/mdsearch.*.pyc
%{python3_sitearch}/samba/tests/blackbox/__pycache__/ndrdump.*.pyc %{python3_sitearch}/samba/tests/blackbox/__pycache__/ndrdump.*.pyc
%{python3_sitearch}/samba/tests/blackbox/__pycache__/netads_json.*.pyc %{python3_sitearch}/samba/tests/blackbox/__pycache__/netads_json.*.pyc
%{python3_sitearch}/samba/tests/blackbox/__pycache__/samba_dnsupdate.*.pyc %{python3_sitearch}/samba/tests/blackbox/__pycache__/samba_dnsupdate.*.pyc
@ -2673,7 +2802,7 @@ fi
%{python3_sitearch}/samba/tests/blackbox/bug13653.py %{python3_sitearch}/samba/tests/blackbox/bug13653.py
%{python3_sitearch}/samba/tests/blackbox/check_output.py %{python3_sitearch}/samba/tests/blackbox/check_output.py
%{python3_sitearch}/samba/tests/blackbox/downgradedatabase.py %{python3_sitearch}/samba/tests/blackbox/downgradedatabase.py
%{python3_sitearch}/samba/tests/blackbox/mdfind.py %{python3_sitearch}/samba/tests/blackbox/mdsearch.py
%{python3_sitearch}/samba/tests/blackbox/ndrdump.py %{python3_sitearch}/samba/tests/blackbox/ndrdump.py
%{python3_sitearch}/samba/tests/blackbox/netads_json.py %{python3_sitearch}/samba/tests/blackbox/netads_json.py
%{python3_sitearch}/samba/tests/blackbox/samba_dnsupdate.py %{python3_sitearch}/samba/tests/blackbox/samba_dnsupdate.py
@ -2701,6 +2830,7 @@ fi
%{python3_sitearch}/samba/tests/dcerpc/__pycache__/binding.*.pyc %{python3_sitearch}/samba/tests/dcerpc/__pycache__/binding.*.pyc
%{python3_sitearch}/samba/tests/dcerpc/__pycache__/dnsserver.*.pyc %{python3_sitearch}/samba/tests/dcerpc/__pycache__/dnsserver.*.pyc
%{python3_sitearch}/samba/tests/dcerpc/__pycache__/integer.*.pyc %{python3_sitearch}/samba/tests/dcerpc/__pycache__/integer.*.pyc
%{python3_sitearch}/samba/tests/dcerpc/__pycache__/lsa.*.pyc
%{python3_sitearch}/samba/tests/dcerpc/__pycache__/mdssvc.*.pyc %{python3_sitearch}/samba/tests/dcerpc/__pycache__/mdssvc.*.pyc
%{python3_sitearch}/samba/tests/dcerpc/__pycache__/misc.*.pyc %{python3_sitearch}/samba/tests/dcerpc/__pycache__/misc.*.pyc
%{python3_sitearch}/samba/tests/dcerpc/__pycache__/raw_protocol.*.pyc %{python3_sitearch}/samba/tests/dcerpc/__pycache__/raw_protocol.*.pyc
@ -2720,6 +2850,7 @@ fi
%{python3_sitearch}/samba/tests/dcerpc/createtrustrelax.py %{python3_sitearch}/samba/tests/dcerpc/createtrustrelax.py
%{python3_sitearch}/samba/tests/dcerpc/dnsserver.py %{python3_sitearch}/samba/tests/dcerpc/dnsserver.py
%{python3_sitearch}/samba/tests/dcerpc/integer.py %{python3_sitearch}/samba/tests/dcerpc/integer.py
%{python3_sitearch}/samba/tests/dcerpc/lsa.py
%{python3_sitearch}/samba/tests/dcerpc/mdssvc.py %{python3_sitearch}/samba/tests/dcerpc/mdssvc.py
%{python3_sitearch}/samba/tests/dcerpc/misc.py %{python3_sitearch}/samba/tests/dcerpc/misc.py
%{python3_sitearch}/samba/tests/dcerpc/raw_protocol.py %{python3_sitearch}/samba/tests/dcerpc/raw_protocol.py
@ -2735,6 +2866,7 @@ fi
%{python3_sitearch}/samba/tests/dcerpc/unix.py %{python3_sitearch}/samba/tests/dcerpc/unix.py
%{python3_sitearch}/samba/tests/dckeytab.py %{python3_sitearch}/samba/tests/dckeytab.py
%{python3_sitearch}/samba/tests/dns.py %{python3_sitearch}/samba/tests/dns.py
%{python3_sitearch}/samba/tests/dns_aging.py
%{python3_sitearch}/samba/tests/dns_base.py %{python3_sitearch}/samba/tests/dns_base.py
%{python3_sitearch}/samba/tests/dns_forwarder.py %{python3_sitearch}/samba/tests/dns_forwarder.py
%dir %{python3_sitearch}/samba/tests/dns_forwarder_helpers %dir %{python3_sitearch}/samba/tests/dns_forwarder_helpers
@ -2745,6 +2877,8 @@ fi
%{python3_sitearch}/samba/tests/dns_tkey.py %{python3_sitearch}/samba/tests/dns_tkey.py
%{python3_sitearch}/samba/tests/dns_wildcard.py %{python3_sitearch}/samba/tests/dns_wildcard.py
%{python3_sitearch}/samba/tests/dsdb.py %{python3_sitearch}/samba/tests/dsdb.py
%{python3_sitearch}/samba/tests/dsdb_api.py
%{python3_sitearch}/samba/tests/dsdb_dns.py
%{python3_sitearch}/samba/tests/dsdb_lock.py %{python3_sitearch}/samba/tests/dsdb_lock.py
%{python3_sitearch}/samba/tests/dsdb_schema_attributes.py %{python3_sitearch}/samba/tests/dsdb_schema_attributes.py
%{python3_sitearch}/samba/tests/docs.py %{python3_sitearch}/samba/tests/docs.py
@ -2764,9 +2898,11 @@ fi
%{python3_sitearch}/samba/tests/get_opt.py %{python3_sitearch}/samba/tests/get_opt.py
%{python3_sitearch}/samba/tests/glue.py %{python3_sitearch}/samba/tests/glue.py
%{python3_sitearch}/samba/tests/gpo.py %{python3_sitearch}/samba/tests/gpo.py
%{python3_sitearch}/samba/tests/gpo_member.py
%{python3_sitearch}/samba/tests/graph.py %{python3_sitearch}/samba/tests/graph.py
%{python3_sitearch}/samba/tests/group_audit.py %{python3_sitearch}/samba/tests/group_audit.py
%{python3_sitearch}/samba/tests/hostconfig.py %{python3_sitearch}/samba/tests/hostconfig.py
%{python3_sitearch}/samba/tests/imports.py
%{python3_sitearch}/samba/tests/join.py %{python3_sitearch}/samba/tests/join.py
%dir %{python3_sitearch}/samba/tests/kcc %dir %{python3_sitearch}/samba/tests/kcc
%{python3_sitearch}/samba/tests/kcc/__init__.py %{python3_sitearch}/samba/tests/kcc/__init__.py
@ -2782,37 +2918,64 @@ fi
%{python3_sitearch}/samba/tests/kcc/ldif_import_export.py %{python3_sitearch}/samba/tests/kcc/ldif_import_export.py
%dir %{python3_sitearch}/samba/tests/krb5 %dir %{python3_sitearch}/samba/tests/krb5
%dir %{python3_sitearch}/samba/tests/krb5/__pycache__ %dir %{python3_sitearch}/samba/tests/krb5/__pycache__
%{python3_sitearch}/samba/tests/krb5/__pycache__/alias_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/as_canonicalization_tests.*.pyc %{python3_sitearch}/samba/tests/krb5/__pycache__/as_canonicalization_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/as_req_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/compatability_tests.*.pyc %{python3_sitearch}/samba/tests/krb5/__pycache__/compatability_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/fast_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/kcrypto.*.pyc %{python3_sitearch}/samba/tests/krb5/__pycache__/kcrypto.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/kdc_base_test.*.pyc %{python3_sitearch}/samba/tests/krb5/__pycache__/kdc_base_test.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/kdc_tests.*.pyc %{python3_sitearch}/samba/tests/krb5/__pycache__/kdc_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/kdc_tgs_tests.*.pyc %{python3_sitearch}/samba/tests/krb5/__pycache__/kdc_tgs_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/ms_kile_client_principal_lookup_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/raw_testcase.*.pyc %{python3_sitearch}/samba/tests/krb5/__pycache__/raw_testcase.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/rfc4120_constants.*.pyc %{python3_sitearch}/samba/tests/krb5/__pycache__/rfc4120_constants.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/rfc4120_pyasn1.*.pyc %{python3_sitearch}/samba/tests/krb5/__pycache__/rfc4120_pyasn1.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/rodc_tests*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/salt_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/simple_tests.*.pyc %{python3_sitearch}/samba/tests/krb5/__pycache__/simple_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/spn_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/s4u_tests.*.pyc %{python3_sitearch}/samba/tests/krb5/__pycache__/s4u_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/test_ccache.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/test_ldap.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/test_min_domain_uid.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/test_rpc.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/test_smb.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/xrealm_tests.*.pyc %{python3_sitearch}/samba/tests/krb5/__pycache__/xrealm_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/alias_tests.py
%{python3_sitearch}/samba/tests/krb5/as_canonicalization_tests.py %{python3_sitearch}/samba/tests/krb5/as_canonicalization_tests.py
%{python3_sitearch}/samba/tests/krb5/as_req_tests.py
%{python3_sitearch}/samba/tests/krb5/compatability_tests.py %{python3_sitearch}/samba/tests/krb5/compatability_tests.py
%{python3_sitearch}/samba/tests/krb5/fast_tests.py
%{python3_sitearch}/samba/tests/krb5/kcrypto.py %{python3_sitearch}/samba/tests/krb5/kcrypto.py
%{python3_sitearch}/samba/tests/krb5/kdc_base_test.py %{python3_sitearch}/samba/tests/krb5/kdc_base_test.py
%{python3_sitearch}/samba/tests/krb5/kdc_tests.py %{python3_sitearch}/samba/tests/krb5/kdc_tests.py
%{python3_sitearch}/samba/tests/krb5/kdc_tgs_tests.py %{python3_sitearch}/samba/tests/krb5/kdc_tgs_tests.py
%{python3_sitearch}/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py
%{python3_sitearch}/samba/tests/krb5/raw_testcase.py %{python3_sitearch}/samba/tests/krb5/raw_testcase.py
%{python3_sitearch}/samba/tests/krb5/rfc4120_constants.py %{python3_sitearch}/samba/tests/krb5/rfc4120_constants.py
%{python3_sitearch}/samba/tests/krb5/rfc4120_pyasn1.py %{python3_sitearch}/samba/tests/krb5/rfc4120_pyasn1.py
%{python3_sitearch}/samba/tests/krb5/rodc_tests.py
%{python3_sitearch}/samba/tests/krb5/salt_tests.py
%{python3_sitearch}/samba/tests/krb5/simple_tests.py %{python3_sitearch}/samba/tests/krb5/simple_tests.py
%{python3_sitearch}/samba/tests/krb5/spn_tests.py
%{python3_sitearch}/samba/tests/krb5/test_ccache.py
%{python3_sitearch}/samba/tests/krb5/test_ldap.py
%{python3_sitearch}/samba/tests/krb5/test_min_domain_uid.py
%{python3_sitearch}/samba/tests/krb5/test_rpc.py
%{python3_sitearch}/samba/tests/krb5/test_smb.py
%{python3_sitearch}/samba/tests/krb5/s4u_tests.py %{python3_sitearch}/samba/tests/krb5/s4u_tests.py
%{python3_sitearch}/samba/tests/krb5/xrealm_tests.py %{python3_sitearch}/samba/tests/krb5/xrealm_tests.py
%{python3_sitearch}/samba/tests/krb5_credentials.py %{python3_sitearch}/samba/tests/krb5_credentials.py
%{python3_sitearch}/samba/tests/ldap_raw.py %{python3_sitearch}/samba/tests/ldap_raw.py
%{python3_sitearch}/samba/tests/ldap_referrals.py %{python3_sitearch}/samba/tests/ldap_referrals.py
%{python3_sitearch}/samba/tests/ldap_spn.py
%{python3_sitearch}/samba/tests/ldap_upn_sam_account.py
%{python3_sitearch}/samba/tests/libsmb.py %{python3_sitearch}/samba/tests/libsmb.py
%{python3_sitearch}/samba/tests/loadparm.py %{python3_sitearch}/samba/tests/loadparm.py
%{python3_sitearch}/samba/tests/lsa_string.py %{python3_sitearch}/samba/tests/lsa_string.py
%{python3_sitearch}/samba/tests/messaging.py %{python3_sitearch}/samba/tests/messaging.py
%{python3_sitearch}/samba/tests/ndr.py
%{python3_sitearch}/samba/tests/netbios.py %{python3_sitearch}/samba/tests/netbios.py
%{python3_sitearch}/samba/tests/netcmd.py %{python3_sitearch}/samba/tests/netcmd.py
%{python3_sitearch}/samba/tests/net_join_no_spnego.py %{python3_sitearch}/samba/tests/net_join_no_spnego.py
@ -2848,6 +3011,7 @@ fi
%{python3_sitearch}/samba/tests/s3passdb.py %{python3_sitearch}/samba/tests/s3passdb.py
%{python3_sitearch}/samba/tests/s3registry.py %{python3_sitearch}/samba/tests/s3registry.py
%{python3_sitearch}/samba/tests/s3windb.py %{python3_sitearch}/samba/tests/s3windb.py
%{python3_sitearch}/samba/tests/s3_net_join.py
%{python3_sitearch}/samba/tests/samba3sam.py %{python3_sitearch}/samba/tests/samba3sam.py
%{python3_sitearch}/samba/tests/samba_upgradedns_lmdb.py %{python3_sitearch}/samba/tests/samba_upgradedns_lmdb.py
%dir %{python3_sitearch}/samba/tests/samba_tool %dir %{python3_sitearch}/samba/tests/samba_tool
@ -2864,6 +3028,7 @@ fi
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/forest.*.pyc %{python3_sitearch}/samba/tests/samba_tool/__pycache__/forest.*.pyc
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/fsmo.*.pyc %{python3_sitearch}/samba/tests/samba_tool/__pycache__/fsmo.*.pyc
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/gpo.*.pyc %{python3_sitearch}/samba/tests/samba_tool/__pycache__/gpo.*.pyc
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/gpo_exts.*.pyc
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/group.*.pyc %{python3_sitearch}/samba/tests/samba_tool/__pycache__/group.*.pyc
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/help.*.pyc %{python3_sitearch}/samba/tests/samba_tool/__pycache__/help.*.pyc
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/join.*.pyc %{python3_sitearch}/samba/tests/samba_tool/__pycache__/join.*.pyc
@ -2875,6 +3040,7 @@ fi
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/promote_dc_lmdb_size.*.pyc %{python3_sitearch}/samba/tests/samba_tool/__pycache__/promote_dc_lmdb_size.*.pyc
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/provision_lmdb_size.*.pyc %{python3_sitearch}/samba/tests/samba_tool/__pycache__/provision_lmdb_size.*.pyc
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/provision_password_check.*.pyc %{python3_sitearch}/samba/tests/samba_tool/__pycache__/provision_password_check.*.pyc
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/provision_userPassword_crypt.*.pyc
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/rodc.*.pyc %{python3_sitearch}/samba/tests/samba_tool/__pycache__/rodc.*.pyc
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/schema.*.pyc %{python3_sitearch}/samba/tests/samba_tool/__pycache__/schema.*.pyc
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/sites.*.pyc %{python3_sitearch}/samba/tests/samba_tool/__pycache__/sites.*.pyc
@ -2898,6 +3064,7 @@ fi
%{python3_sitearch}/samba/tests/samba_tool/forest.py %{python3_sitearch}/samba/tests/samba_tool/forest.py
%{python3_sitearch}/samba/tests/samba_tool/fsmo.py %{python3_sitearch}/samba/tests/samba_tool/fsmo.py
%{python3_sitearch}/samba/tests/samba_tool/gpo.py %{python3_sitearch}/samba/tests/samba_tool/gpo.py
%{python3_sitearch}/samba/tests/samba_tool/gpo_exts.py
%{python3_sitearch}/samba/tests/samba_tool/group.py %{python3_sitearch}/samba/tests/samba_tool/group.py
%{python3_sitearch}/samba/tests/samba_tool/help.py %{python3_sitearch}/samba/tests/samba_tool/help.py
%{python3_sitearch}/samba/tests/samba_tool/join.py %{python3_sitearch}/samba/tests/samba_tool/join.py
@ -2909,6 +3076,7 @@ fi
%{python3_sitearch}/samba/tests/samba_tool/promote_dc_lmdb_size.py %{python3_sitearch}/samba/tests/samba_tool/promote_dc_lmdb_size.py
%{python3_sitearch}/samba/tests/samba_tool/provision_lmdb_size.py %{python3_sitearch}/samba/tests/samba_tool/provision_lmdb_size.py
%{python3_sitearch}/samba/tests/samba_tool/provision_password_check.py %{python3_sitearch}/samba/tests/samba_tool/provision_password_check.py
%{python3_sitearch}/samba/tests/samba_tool/provision_userPassword_crypt.py
%{python3_sitearch}/samba/tests/samba_tool/rodc.py %{python3_sitearch}/samba/tests/samba_tool/rodc.py
%{python3_sitearch}/samba/tests/samba_tool/schema.py %{python3_sitearch}/samba/tests/samba_tool/schema.py
%{python3_sitearch}/samba/tests/samba_tool/sites.py %{python3_sitearch}/samba/tests/samba_tool/sites.py
@ -2924,6 +3092,7 @@ fi
%{python3_sitearch}/samba/tests/samba_tool/visualize_drs.py %{python3_sitearch}/samba/tests/samba_tool/visualize_drs.py
%{python3_sitearch}/samba/tests/samdb.py %{python3_sitearch}/samba/tests/samdb.py
%{python3_sitearch}/samba/tests/samdb_api.py %{python3_sitearch}/samba/tests/samdb_api.py
%{python3_sitearch}/samba/tests/sddl.py
%{python3_sitearch}/samba/tests/security.py %{python3_sitearch}/samba/tests/security.py
%{python3_sitearch}/samba/tests/segfault.py %{python3_sitearch}/samba/tests/segfault.py
%{python3_sitearch}/samba/tests/smb.py %{python3_sitearch}/samba/tests/smb.py
@ -3067,6 +3236,7 @@ fi
%{_libexecdir}/ctdb/ctdb_recovery_helper %{_libexecdir}/ctdb/ctdb_recovery_helper
%{_libexecdir}/ctdb/ctdb_takeover_helper %{_libexecdir}/ctdb/ctdb_takeover_helper
%{_libexecdir}/ctdb/smnotify %{_libexecdir}/ctdb/smnotify
%{_libexecdir}/ctdb/tdb_mutex_check
%dir %{_localstatedir}/lib/ctdb/ %dir %{_localstatedir}/lib/ctdb/
%dir %{_localstatedir}/lib/ctdb/persistent %dir %{_localstatedir}/lib/ctdb/persistent
@ -3897,6 +4067,33 @@ fi
#endif with selftest #endif with selftest
%endif %endif
%if %{with pcp_pmda}
%files -n ctdb-pcp-pmda
%dir %{_localstatedir}/lib/pcp/pmdas/ctdb
%{_localstatedir}/lib/pcp/pmdas/ctdb/Install
%{_localstatedir}/lib/pcp/pmdas/ctdb/README
%{_localstatedir}/lib/pcp/pmdas/ctdb/Remove
%{_localstatedir}/lib/pcp/pmdas/ctdb/domain.h
%{_localstatedir}/lib/pcp/pmdas/ctdb/help
%{_localstatedir}/lib/pcp/pmdas/ctdb/pmdactdb
%{_localstatedir}/lib/pcp/pmdas/ctdb/pmns
#endif with pcp_pmda
%endif
%if %{with etcd_mutex}
%files -n ctdb-etcd-mutex
%{_libexecdir}/ctdb/ctdb_etcd_lock
%{_mandir}/man7/ctdb-etcd.7.gz
#endif with etcd_mutex
%endif
%if %{with ceph_mutex}
%files -n ctdb-ceph-mutex
%{_libexecdir}/ctdb/ctdb_mutex_ceph_rados_helper
%{_mandir}/man7/ctdb_mutex_ceph_rados_helper.7.gz
#endif with ceph_mutex
%endif
#endif with clustering #endif with clustering
%endif %endif
@ -3908,6 +4105,35 @@ fi
%endif %endif
%changelog %changelog
* Fri Dec 03 2021 Andreas Schneider <asn@redhat.com> - 4.15.2-2
- related: rhbz#2013596 - Remove unneeded lmdb dependency
* Thu Nov 25 2021 Pavel Filipenský <pfilipen@redhat.com> - 4.15.2-1
- resolves: rhbz#2013596 - Rebase to version 4.15.2
- resolves: rhbz#1999294 - Remove noisy error message in winbindd
- resolves: rhbz#1958881 - Don't require winbind being online for krb5 auth
with one-way trusts
- resolves: rhbz#2019461 - Fix deleting directories with dangling symlinks
* Mon Nov 22 2021 Andreas Schneider <asn@redhat.com> - 4.14.5-14
- related: rbhz#2019674 - Fix CVE-2020-25717
- Fix running ktest (selftest)
* Sat Nov 13 2021 Alexander Bokovoy <abokovoy@redhat.com> - 4.14.5-13
- related: rbhz#2019674 - Fix CVE-2020-25717
- Add missing checks for IPA DC server role
* Wed Nov 10 2021 Andreas Schneider <asn@redhat.com> - 4.14.5-12
- related: rbhz#2019674 - Fix regression with 'allow trusted domains = no'
* Tue Nov 09 2021 Andreas Schneider <asn@redhat.com> - 4.14.5-11
- resolves: rhbz#2021425 - Add missing PAC buffer types to krb5pac.idl
* Fri Nov 05 2021 Andreas Schneider <asn@redhat.com> - 4.14.4-3
- resolves: rhbz#2019662 - Fix CVE-2016-2124
- resolves: rhbz#2019668 - Fix CVE-2021-23192
- resolves: rbhz#2019674 - Fix CVE-2020-25717
* Tue Jul 13 2021 Andreas Schneider <asn@redhat.com> - 4.14.4-2 * Tue Jul 13 2021 Andreas Schneider <asn@redhat.com> - 4.14.4-2
- related: rhbz#1980346 - Rebuild for libtalloc 0.11.0 - related: rhbz#1980346 - Rebuild for libtalloc 0.11.0