rpms/samba
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Update to version 4.17.2

Browse Source 
resolves: rhbz#2131993
This commit is contained in:
Andreas Schneider 2022-10-26 10:30:43 +02:00
parent 589e9313fb
commit ea4398f13c
7 changed files with 796 additions and 95 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -265,3 +265,5 @@ samba-3.6.0pre1.tar.gz
/samba-4.16.3.tar.xz
/samba-4.16.4.tar.xz
/samba-4.16.4.tar.asc
/samba-4.17.2.tar.asc
/samba-4.17.2.tar.xz

540
samba-4.17-fix-changeuserpassword4.patch Normal file
View File

@ -0,0 +1,540 @@
From a3e3d05f35d6082ea48450060b39084e3d0e4056 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Mon, 10 Oct 2022 15:15:20 +0200
Subject: [PATCH 1/5] s3:librpc: Improve GSE error message
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15206
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
---
source3/librpc/crypto/gse.c | 21 +++++++++++++++++++--
1 file changed, 19 insertions(+), 2 deletions(-)
diff --git a/source3/librpc/crypto/gse.c b/source3/librpc/crypto/gse.c
index c50a8a036df..c2cac7abf82 100644
--- a/source3/librpc/crypto/gse.c
+++ b/source3/librpc/crypto/gse.c
@@ -546,11 +546,28 @@ init_sec_context_done:
goto done;
case GSS_S_FAILURE:
switch (gss_min) {
- case (OM_uint32)KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN:
- DBG_NOTICE("Server principal not found\n");
+ case (OM_uint32)KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN: {
+ gss_buffer_desc name_token = {
+ .length = 0,
+ };
+
+ gss_maj = gss_display_name(&gss_min,
+ gse_ctx->server_name,
+ &name_token,
+ NULL);
+ if (gss_maj == GSS_S_COMPLETE) {
+ DBG_NOTICE("Server principal %.*s not found\n",
+ (int)name_token.length,
+ (char *)name_token.value);
+ gss_release_buffer(&gss_maj, &name_token);
+ } else {
+ DBG_NOTICE("Server principal not found\n");
+ }
+
/* Make SPNEGO ignore us, we can't go any further here */
status = NT_STATUS_INVALID_PARAMETER;
goto done;
+ }
case (OM_uint32)KRB5KRB_AP_ERR_TKT_EXPIRED:
DBG_NOTICE("Ticket expired\n");
/* Make SPNEGO ignore us, we can't go any further here */
--
2.37.3
From d2e2e9acd717e45806f1b19378e09f39c8fe3da8 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Fri, 7 Oct 2022 14:35:15 +0200
Subject: [PATCH 2/5] s3:rpcclient: Pass salt down to
init_samr_CryptPasswordAES()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15206
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
---
source3/rpc_client/init_samr.c | 15 ++++-----------
source3/rpc_client/init_samr.h | 1 +
source3/rpcclient/cmd_samr.c | 8 ++++++++
source4/libnet/libnet_passwd.c | 13 +++++++------
source4/torture/rpc/samr.c | 27 +++++++++++++++++++++++++++
5 files changed, 47 insertions(+), 17 deletions(-)
diff --git a/source3/rpc_client/init_samr.c b/source3/rpc_client/init_samr.c
index 68f42b602b3..52fa2f90d6e 100644
--- a/source3/rpc_client/init_samr.c
+++ b/source3/rpc_client/init_samr.c
@@ -79,6 +79,7 @@ NTSTATUS init_samr_CryptPassword(const char *pwd,
NTSTATUS init_samr_CryptPasswordAES(TALLOC_CTX *mem_ctx,
const char *password,
+ DATA_BLOB *salt,
DATA_BLOB *session_key,
struct samr_EncryptedPasswordAES *ppwd_buf)
{
@@ -87,12 +88,6 @@ NTSTATUS init_samr_CryptPasswordAES(TALLOC_CTX *mem_ctx,
.data = pw_data,
.length = sizeof(pw_data),
};
- size_t iv_size = gnutls_cipher_get_iv_size(GNUTLS_CIPHER_AES_256_CBC);
- uint8_t iv_data[iv_size];
- DATA_BLOB iv = {
- .data = iv_data,
- .length = iv_size,
- };
DATA_BLOB ciphertext = data_blob_null;
NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
bool ok;
@@ -101,8 +96,6 @@ NTSTATUS init_samr_CryptPasswordAES(TALLOC_CTX *mem_ctx,
return NT_STATUS_INVALID_PARAMETER;
}
- generate_nonce_buffer(iv.data, iv.length);
-
ok = encode_pwd_buffer514_from_str(pw_data, password, STR_UNICODE);
if (!ok) {
return NT_STATUS_INTERNAL_ERROR;
@@ -114,7 +107,7 @@ NTSTATUS init_samr_CryptPasswordAES(TALLOC_CTX *mem_ctx,
session_key,
&samr_aes256_enc_key_salt,
&samr_aes256_mac_key_salt,
- &iv,
+ salt,
&ciphertext,
ppwd_buf->auth_data);
BURN_DATA(pw_data);
@@ -126,8 +119,8 @@ NTSTATUS init_samr_CryptPasswordAES(TALLOC_CTX *mem_ctx,
ppwd_buf->cipher = ciphertext.data;
ppwd_buf->PBKDF2Iterations = 0;
- SMB_ASSERT(iv.length == sizeof(ppwd_buf->salt));
- memcpy(ppwd_buf->salt, iv.data, iv.length);
+ SMB_ASSERT(salt->length == sizeof(ppwd_buf->salt));
+ memcpy(ppwd_buf->salt, salt->data, salt->length);
return NT_STATUS_OK;
}
diff --git a/source3/rpc_client/init_samr.h b/source3/rpc_client/init_samr.h
index 940534e7168..71b4c0e573d 100644
--- a/source3/rpc_client/init_samr.h
+++ b/source3/rpc_client/init_samr.h
@@ -47,6 +47,7 @@ NTSTATUS init_samr_CryptPassword(const char *pwd,
*/
NTSTATUS init_samr_CryptPasswordAES(TALLOC_CTX *mem_ctx,
const char *password,
+ DATA_BLOB *salt,
DATA_BLOB *session_key,
struct samr_EncryptedPasswordAES *ppwd_buf);
diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c
index 9ccd2f78a8d..8106ca90cf2 100644
--- a/source3/rpcclient/cmd_samr.c
+++ b/source3/rpcclient/cmd_samr.c
@@ -3172,6 +3172,11 @@ static NTSTATUS cmd_samr_setuserinfo_int(struct rpc_pipe_client *cli,
uint8_t nt_hash[16];
uint8_t lm_hash[16];
DATA_BLOB session_key;
+ uint8_t salt_data[16];
+ DATA_BLOB salt = {
+ .data = salt_data,
+ .length = sizeof(salt_data),
+ };
uint8_t password_expired = 0;
struct dcerpc_binding_handle *b = cli->binding_handle;
TALLOC_CTX *frame = NULL;
@@ -3198,6 +3203,8 @@ static NTSTATUS cmd_samr_setuserinfo_int(struct rpc_pipe_client *cli,
goto done;
}
+ generate_nonce_buffer(salt.data, salt.length);
+
switch(level) {
case 18:
case 21:
@@ -3220,6 +3227,7 @@ static NTSTATUS cmd_samr_setuserinfo_int(struct rpc_pipe_client *cli,
case 31:
status = init_samr_CryptPasswordAES(frame,
param,
+ &salt,
&session_key,
&pwd_buf_aes);
if (!NT_STATUS_IS_OK(status)) {
diff --git a/source4/libnet/libnet_passwd.c b/source4/libnet/libnet_passwd.c
index 4f662110e55..a1672104824 100644
--- a/source4/libnet/libnet_passwd.c
+++ b/source4/libnet/libnet_passwd.c
@@ -57,13 +57,13 @@ static NTSTATUS libnet_ChangePassword_samr_aes(TALLOC_CTX *mem_ctx,
struct samr_EncryptedPasswordAES pwd_buf = {
.cipher_len = 0
};
- DATA_BLOB iv = {
+ DATA_BLOB salt = {
.data = pwd_buf.salt,
.length = sizeof(pwd_buf.salt),
};
- gnutls_datum_t iv_datum = {
- .data = iv.data,
- .size = iv.length,
+ gnutls_datum_t salt_datum = {
+ .data = pwd_buf.salt,
+ .size = sizeof(pwd_buf.salt),
};
uint64_t pbkdf2_iterations = generate_random_u64_range(5000, 1000000);
NTSTATUS status;
@@ -71,11 +71,11 @@ static NTSTATUS libnet_ChangePassword_samr_aes(TALLOC_CTX *mem_ctx,
E_md4hash(old_password, old_nt_key_data);
- generate_nonce_buffer(iv.data, iv.length);
+ generate_nonce_buffer(salt.data, salt.length);
rc = gnutls_pbkdf2(GNUTLS_MAC_SHA512,
&old_nt_key,
- &iv_datum,
+ &salt_datum,
pbkdf2_iterations,
cek.data,
cek.length);
@@ -86,6 +86,7 @@ static NTSTATUS libnet_ChangePassword_samr_aes(TALLOC_CTX *mem_ctx,
status = init_samr_CryptPasswordAES(mem_ctx,
new_password,
+ &salt,
&cek,
&pwd_buf);
data_blob_clear(&cek);
diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c
index de354659067..0b1880efa18 100644
--- a/source4/torture/rpc/samr.c
+++ b/source4/torture/rpc/samr.c
@@ -783,6 +783,11 @@ static bool test_SetUserPass_32(struct dcerpc_pipe *p, struct torture_context *t
struct samr_SetUserInfo s;
union samr_UserInfo u;
DATA_BLOB session_key;
+ uint8_t salt_data[16];
+ DATA_BLOB salt = {
+ .data = salt_data,
+ .length = sizeof(salt_data),
+ };
char *newpass = NULL;
struct dcerpc_binding_handle *b = p->binding_handle;
struct samr_GetUserPwInfo pwp;
@@ -818,8 +823,11 @@ static bool test_SetUserPass_32(struct dcerpc_pipe *p, struct torture_context *t
return false;
}
+ generate_nonce_buffer(salt.data, salt.length);
+
status = init_samr_CryptPasswordAES(tctx,
newpass,
+ &salt,
&session_key,
&u.info32.password);
torture_assert_ntstatus_ok(tctx,
@@ -852,6 +860,7 @@ static bool test_SetUserPass_32(struct dcerpc_pipe *p, struct torture_context *t
status = init_samr_CryptPasswordAES(tctx,
newpass,
+ &salt,
&session_key,
&u.info32.password);
torture_assert_ntstatus_ok(tctx,
@@ -896,6 +905,11 @@ static bool test_SetUserPass_31(struct dcerpc_pipe *p, struct torture_context *t
union samr_UserInfo u;
bool ret = true;
DATA_BLOB session_key;
+ uint8_t salt_data[16];
+ DATA_BLOB salt = {
+ .data = salt_data,
+ .length = sizeof(salt_data),
+ };
char *newpass;
struct dcerpc_binding_handle *b = p->binding_handle;
struct samr_GetUserPwInfo pwp;
@@ -931,8 +945,11 @@ static bool test_SetUserPass_31(struct dcerpc_pipe *p, struct torture_context *t
return false;
}
+ generate_nonce_buffer(salt.data, salt.length);
+
status = init_samr_CryptPasswordAES(tctx,
newpass,
+ &salt,
&session_key,
&u.info31.password);
torture_assert_ntstatus_ok(tctx,
@@ -959,6 +976,7 @@ static bool test_SetUserPass_31(struct dcerpc_pipe *p, struct torture_context *t
status = init_samr_CryptPasswordAES(tctx,
newpass,
+ &salt,
&session_key,
&u.info31.password);
torture_assert_ntstatus_ok(tctx,
@@ -1381,6 +1399,11 @@ static bool test_SetUserPass_level_ex(struct dcerpc_pipe *p,
union samr_UserInfo u;
bool ret = true;
DATA_BLOB session_key;
+ uint8_t salt_data[16];
+ DATA_BLOB salt = {
+ .data = salt_data,
+ .length = sizeof(salt_data),
+ };
char *newpass;
struct dcerpc_binding_handle *b = p->binding_handle;
struct samr_GetUserPwInfo pwp;
@@ -1490,6 +1513,8 @@ static bool test_SetUserPass_level_ex(struct dcerpc_pipe *p,
return false;
}
+ generate_nonce_buffer(salt.data, salt.length);
+
switch (level) {
case 18:
{
@@ -1561,6 +1586,7 @@ static bool test_SetUserPass_level_ex(struct dcerpc_pipe *p,
case 31:
status = init_samr_CryptPasswordAES(tctx,
newpass,
+ &salt,
&session_key,
&u.info31.password);
@@ -1568,6 +1594,7 @@ static bool test_SetUserPass_level_ex(struct dcerpc_pipe *p,
case 32:
status = init_samr_CryptPasswordAES(tctx,
newpass,
+ &salt,
&session_key,
&u.info32.password);
--
2.37.3
From 1d630363c9b2497266e418aad89c55d5b51a63ad Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Mon, 17 Oct 2022 09:02:28 +0200
Subject: [PATCH 3/5] s4:libnet: If we successfully changed the password we are
done
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15206
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
---
source4/libnet/libnet_passwd.c | 32 ++++++++++++++++++--------------
1 file changed, 18 insertions(+), 14 deletions(-)
diff --git a/source4/libnet/libnet_passwd.c b/source4/libnet/libnet_passwd.c
index a1672104824..b17614bcd97 100644
--- a/source4/libnet/libnet_passwd.c
+++ b/source4/libnet/libnet_passwd.c
@@ -101,7 +101,7 @@ static NTSTATUS libnet_ChangePassword_samr_aes(TALLOC_CTX *mem_ctx,
r.in.password = &pwd_buf;
status = dcerpc_samr_ChangePasswordUser4_r(h, mem_ctx, &r);
- if (NT_STATUS_IS_OK(status)) {
+ if (!NT_STATUS_IS_OK(status)) {
goto done;
}
if (!NT_STATUS_IS_OK(r.out.result)) {
@@ -112,6 +112,7 @@ static NTSTATUS libnet_ChangePassword_samr_aes(TALLOC_CTX *mem_ctx,
account->string,
nt_errstr(status));
status = r.out.result;
+ goto done;
}
done:
@@ -424,20 +425,23 @@ static NTSTATUS libnet_ChangePassword_samr(struct libnet_context *ctx, TALLOC_CT
r->samr.in.oldpassword,
r->samr.in.newpassword,
&(r->samr.out.error_string));
- if (!NT_STATUS_IS_OK(status)) {
- if (NT_STATUS_EQUAL(status,
- NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE) ||
- NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED) ||
- NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED)) {
- /*
- * Don't fallback to RC4 based SAMR if weak crypto is not
- * allowed.
- */
- if (lpcfg_weak_crypto(ctx->lp_ctx) ==
- SAMBA_WEAK_CRYPTO_DISALLOWED) {
- goto disconnect;
- }
+ if (NT_STATUS_IS_OK(status)) {
+ goto disconnect;
+ } else if (NT_STATUS_EQUAL(status,
+ NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE) ||
+ NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED) ||
+ NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED)) {
+ /*
+ * Don't fallback to RC4 based SAMR if weak crypto is not
+ * allowed.
+ */
+ if (lpcfg_weak_crypto(ctx->lp_ctx) ==
+ SAMBA_WEAK_CRYPTO_DISALLOWED) {
+ goto disconnect;
}
+ } else {
+ /* libnet_ChangePassword_samr_aes is implemented and failed */
+ goto disconnect;
}
status = libnet_ChangePassword_samr_rc4(
--
2.37.3
From 9a4a169ab34641afb87e7f81708c9a72b321879e Mon Sep 17 00:00:00 2001
From: Noel Power <noel.power@suse.com>
Date: Fri, 21 Oct 2022 17:40:36 +0100
Subject: [PATCH 4/5] s4/rpc_server/sambr: don't mutate the return of
samdb_set_password_aes
prior to this commit return of samdb_set_password_aes was set to
NT_STATUS_WRONG_PASSWORD on failure. Useful status that should be
returned such as NT_STATUS_PASSWORD_RESTRICTION are swallowed here
otherwise (and in this case can be partially responsible for failures
in test samba.tests.auth_log_pass_change (with later gnutls)
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
---
source4/rpc_server/samr/samr_password.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/source4/rpc_server/samr/samr_password.c b/source4/rpc_server/samr/samr_password.c
index 4691f9a47a9..b581be6361c 100644
--- a/source4/rpc_server/samr/samr_password.c
+++ b/source4/rpc_server/samr/samr_password.c
@@ -250,7 +250,6 @@ NTSTATUS dcesrv_samr_ChangePasswordUser4(struct dcesrv_call_state *dce_call,
if (!NT_STATUS_IS_OK(status)) {
ldb_transaction_cancel(sam_ctx);
- status = NT_STATUS_WRONG_PASSWORD;
goto done;
}
--
2.37.3
From b8b36ecba0f22dbc203c12627ebd629c2437c635 Mon Sep 17 00:00:00 2001
From: Noel Power <noel.power@suse.com>
Date: Fri, 21 Oct 2022 17:14:44 +0100
Subject: [PATCH 5/5] python/samba/tests: fix samba.tests.auth_log_pass_change
for later gnutls
later gnutls that support GNUTLS_PBKDF2 currently fail,
we need to conditionally switch test data to reflect use of
'samr_ChangePasswordUser3' or 'samr_ChangePasswordUser4'
depending on whether GNUTLS_PBKDF2 is supported or not
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
---
python/samba/tests/auth_log_pass_change.py | 20 ++++++++++++++++----
source4/selftest/tests.py | 9 ++++++---
2 files changed, 22 insertions(+), 7 deletions(-)
diff --git a/python/samba/tests/auth_log_pass_change.py b/python/samba/tests/auth_log_pass_change.py
index 972af2158dd..1ca46c586b3 100644
--- a/python/samba/tests/auth_log_pass_change.py
+++ b/python/samba/tests/auth_log_pass_change.py
@@ -72,6 +72,18 @@ class AuthLogPassChangeTests(samba.tests.auth_log_base.AuthLogTestBase):
# discard any auth log messages for the password setup
self.discardMessages()
+ gnutls_pbkdf2_support = samba.tests.env_get_var_value(
+ 'GNUTLS_PBKDF2_SUPPORT',
+ allow_missing=True)
+ if gnutls_pbkdf2_support is None:
+ gnutls_pbkdf2_support = '0'
+ self.gnutls_pbkdf2_support = bool(int(gnutls_pbkdf2_support))
+
+ def _authDescription(self):
+ if self.gnutls_pbkdf2_support:
+ return "samr_ChangePasswordUser4"
+ else:
+ return "samr_ChangePasswordUser3"
def tearDown(self):
super(AuthLogPassChangeTests, self).tearDown()
@@ -83,7 +95,7 @@ class AuthLogPassChangeTests(samba.tests.auth_log_base.AuthLogTestBase):
(msg["Authentication"]["serviceDescription"] ==
"SAMR Password Change") and
(msg["Authentication"]["authDescription"] ==
- "samr_ChangePasswordUser3") and
+ self._authDescription()) and
(msg["Authentication"]["eventId"] ==
EVT_ID_SUCCESSFUL_LOGON) and
(msg["Authentication"]["logonType"] ==
@@ -109,7 +121,7 @@ class AuthLogPassChangeTests(samba.tests.auth_log_base.AuthLogTestBase):
(msg["Authentication"]["serviceDescription"] ==
"SAMR Password Change") and
(msg["Authentication"]["authDescription"] ==
- "samr_ChangePasswordUser3") and
+ self._authDescription()) and
(msg["Authentication"]["eventId"] ==
EVT_ID_UNSUCCESSFUL_LOGON) and
(msg["Authentication"]["logonType"] ==
@@ -141,7 +153,7 @@ class AuthLogPassChangeTests(samba.tests.auth_log_base.AuthLogTestBase):
(msg["Authentication"]["serviceDescription"] ==
"SAMR Password Change") and
(msg["Authentication"]["authDescription"] ==
- "samr_ChangePasswordUser3") and
+ self._authDescription()) and
(msg["Authentication"]["eventId"] ==
EVT_ID_UNSUCCESSFUL_LOGON) and
(msg["Authentication"]["logonType"] ==
@@ -174,7 +186,7 @@ class AuthLogPassChangeTests(samba.tests.auth_log_base.AuthLogTestBase):
(msg["Authentication"]["serviceDescription"] ==
"SAMR Password Change") and
(msg["Authentication"]["authDescription"] ==
- "samr_ChangePasswordUser3") and
+ self._authDescription()) and
(msg["Authentication"]["eventId"] ==
EVT_ID_UNSUCCESSFUL_LOGON) and
(msg["Authentication"]["logonType"] ==
diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py
index a803d4704ea..c92105586a7 100755
--- a/source4/selftest/tests.py
+++ b/source4/selftest/tests.py
@@ -1094,9 +1094,11 @@ if have_heimdal_support:
environ={'CLIENT_IP': '10.53.57.11',
'SOCKET_WRAPPER_DEFAULT_IFACE': 11})
planoldpythontestsuite("ad_dc_smb1", "samba.tests.auth_log_pass_change",
- extra_args=['-U"$USERNAME%$PASSWORD"'])
+ extra_args=['-U"$USERNAME%$PASSWORD"'],
+ environ={'GNUTLS_PBKDF2_SUPPORT': gnutls_pbkdf2_support})
planoldpythontestsuite("ad_dc_ntvfs", "samba.tests.auth_log_pass_change",
- extra_args=['-U"$USERNAME%$PASSWORD"'])
+ extra_args=['-U"$USERNAME%$PASSWORD"'],
+ environ={'GNUTLS_PBKDF2_SUPPORT': gnutls_pbkdf2_support})
# these tests use a NCA local RPC connection, so always run on the
# :local testenv, and so don't need to fake a client connection
@@ -1113,7 +1115,8 @@ if have_heimdal_support:
"samba.tests.auth_log_winbind",
extra_args=['-U"$DC_USERNAME%$DC_PASSWORD"'])
planoldpythontestsuite("ad_dc", "samba.tests.audit_log_pass_change",
- extra_args=['-U"$USERNAME%$PASSWORD"'])
+ extra_args=['-U"$USERNAME%$PASSWORD"'],
+ environ={'GNUTLS_PBKDF2_SUPPORT': gnutls_pbkdf2_support})
planoldpythontestsuite("ad_dc", "samba.tests.audit_log_dsdb",
extra_args=['-U"$USERNAME%$PASSWORD"'])
planoldpythontestsuite("ad_dc", "samba.tests.group_audit",
--
2.37.3

2
samba-systemd-sysusers.conf Normal file
View File

@ -0,0 +1,2 @@
#Type Name ID
g printadmin -

2
samba-usershares-systemd-sysusers.conf Normal file
View File

@ -0,0 +1,2 @@
#Type Name ID
g usershares -

338
samba.spec
View File

@ -134,14 +134,9 @@
%define samba_requires_eq() %(LC_ALL="C" echo '%*' | xargs -r rpm -q --qf 'Requires: %%{name} = %%{epoch}:%%{version}\\n' | sed -e 's/ (none):/ /' -e 's/ 0:/ /' | grep -v "is not")
%global samba_version 4.17.2
%global baserelease 101
%global samba_version 4.16.4
%global talloc_version 2.3.3
%global tdb_version 1.4.6
%global tevent_version 0.12.0
%global ldb_version 2.5.2
# This should be rc1 or nil
# This should be rc1 or %%nil
%global pre_release %nil
%global samba_release %{baserelease}
@ -149,6 +144,37 @@
%global samba_release 0.%{baserelease}.%{pre_release}
%endif
# If one of those versions change, we need to make sure we rebuilt or adapt
# projects comsuming those. This is e.g. sssd, openchange, evolution-mapi, ...
%global libdcerpc_binding_so_version 0
%global libdcerpc_server_core_so_version 0
%global libdcerpc_so_version 0
%global libndr_krb5pac_so_version 0
%global libndr_nbt_so_version 0
%global libndr_so_version 3
%global libndr_standard_so_version 0
%global libnetapi_so_version 1
%global libsamba_credentials_so_version 1
%global libsamba_errors_so_version 1
%global libsamba_hostconfig_so_version 0
%global libsamba_passdb_so_version 0
%global libsamba_util_so_version 0
%global libsamdb_so_version 0
%global libsmbconf_so_version 0
%global libsmbldap_so_version 2
%global libtevent_util_so_version 0
%global libsmbclient_so_version 0
%global libwbclient_so_version 0
%global talloc_version 2.3.4
%global tdb_version 1.4.7
%global tevent_version 0.13.0
%global ldb_version 2.6.1
%global required_mit_krb5 1.19
# This is a network daemon, do a hardened build
# Enables PIE and full RELRO protection
%global _hardened_build 1
@ -165,8 +191,6 @@
%global libwbc_alternatives_suffix -64
%endif
%global required_mit_krb5 1.19
%global _systemd_extra "Environment=KRB5CCNAME=FILE:/run/samba/krb5cc_samba"
Name: samba
@ -200,18 +224,14 @@ Source11: smb.conf.vendor
Source12: smb.conf.example
Source13: pam_winbind.conf
Source14: samba.pamd
Source15: samba.abignore
Source15: usershares.conf.vendor
Source16: samba-systemd-sysusers.conf
Source17: samba-usershares-systemd-sysusers.conf
Source201: README.downgrade
Patch0: samba-s4u.patch
# https://gitlab.com/samba-team/samba/-/merge_requests/2477
Patch1: samba-4.16-waf-crypto.patch
Source202: samba.abignore
Requires(pre): /usr/sbin/groupadd
Requires(post): systemd
Requires(preun): systemd
Requires(postun): systemd
Requires(pre): %{name}-common = %{samba_depver}
Requires: %{name}-common = %{samba_depver}
@ -219,6 +239,7 @@ Requires: %{name}-common-libs = %{samba_depver}
Requires: %{name}-common-tools = %{samba_depver}
Requires: %{name}-client-libs = %{samba_depver}
Requires: %{name}-libs = %{samba_depver}
Requires: libnetapi = %{samba_depver}
%if %{with libwbclient}
Requires(post): libwbclient = %{samba_depver}
Requires: libwbclient = %{samba_depver}
@ -292,6 +313,7 @@ BuildRequires: readline-devel
BuildRequires: rpcgen
BuildRequires: rpcsvc-proto-devel
BuildRequires: sed
BuildRequires: systemd-rpm-macros
BuildRequires: libtasn1-devel
# We need asn1Parser
BuildRequires: libtasn1-tools
@ -492,6 +514,8 @@ Summary: Tools for Samba servers and clients
Requires: samba-common-libs = %{samba_depver}
Requires: samba-client-libs = %{samba_depver}
Requires: samba-libs = %{samba_depver}
Requires: samba-ldb-ldap-modules = %{samba_depver}
Requires: libnetapi = %{samba_depver}
%if %{with libwbclient}
Requires: libwbclient = %{samba_depver}
%endif
@ -520,6 +544,7 @@ Summary: Samba AD Domain Controller
Requires: %{name} = %{samba_depver}
Requires: %{name}-client-libs = %{samba_depver}
Requires: %{name}-common-libs = %{samba_depver}
Requires: %{name}-common-tools = %{samba_depver}
Requires: %{name}-libs = %{samba_depver}
Requires: %{name}-dc-provision = %{samba_depver}
Requires: %{name}-dc-libs = %{samba_depver}
@ -599,6 +624,7 @@ Requires: %{name}-client-libs = %{samba_depver}
%if %{with dc}
Requires: %{name}-dc-libs = %{samba_depver}
%endif
Requires: libnetapi = %{samba_depver}
Provides: samba4-devel = %{samba_depver}
Obsoletes: samba4-devel < %{samba_depver}
@ -661,6 +687,22 @@ Provides: bundled(libreplace)
Samba VFS module for GlusterFS integration.
%endif
### GPUPDATE
%if %{with dc}
%package gpupdate
Summary: Samba GPO support for clients
Requires: cepces
Requires: certmonger
Requires: %{name}-ldb-ldap-modules = %{samba_depver}
Requires: python3-%{name} = %{samba_depver}
%description gpupdate
This package provides the samba-gpupdate tool to apply Group Policy Objects
(GPO) on Samba clients.
# /with dc
%endif
### KRB5-PRINTING
%package krb5-printing
Summary: Samba CUPS backend for printing with Kerberos
@ -676,6 +718,16 @@ If you need Kerberos for print jobs to a printer connection to cups via the SMB
backend, then you need to install that package. It will allow cups to access
the Kerberos credentials cache of the user issuing the print job.
### LDB-LDAP-MODULES
%package ldb-ldap-modules
Summary: Samba ldap modules for ldb
Requires: %{name}-client-libs = %{samba_depver}
Requires: %{name}-common-libs = %{samba_depver}
%description ldb-ldap-modules
This package contains the ldb ldap modules required by samba-tool and
samba-gpupdate.
### LIBS
%package libs
Summary: Samba libraries
@ -694,6 +746,25 @@ Provides: bundled(libreplace)
The %{name}-libs package contains the libraries needed by programs that link
against the SMB, RPC and other protocols provided by the Samba suite.
### LIBNETAPI
%package -n libnetapi
Summary: The NETAPI library
Requires(pre): %{name}-common = %{samba_depver}
Requires: %{name}-common = %{samba_depver}
Requires: %{name}-common-libs = %{samba_depver}
Requires: %{name}-client-libs = %{samba_depver}
%description -n libnetapi
This contains the NETAPI library from the Samba suite.
%package -n libnetapi-devel
Summary: Developer tools for the NETAPI library
Requires: libnetapi = %{samba_depver}
%description -n libnetapi-devel
The libnetapi-devel package contains the header files and libraries needed to
develop programs that link against the NETAPI library in the Samba suite.
### LIBSMBCLIENT
%if %{with libsmbclient}
%package -n libsmbclient
@ -830,6 +901,7 @@ Requires: %{name}-test-libs = %{samba_depver}
Requires: %{name}-dc-libs = %{samba_depver}
%endif
Requires: %{name}-libs = %{samba_depver}
Requires: libnetapi = %{samba_depver}
%if %{with libsmbclient}
Requires: libsmbclient = %{samba_depver}
%endif
@ -866,6 +938,17 @@ Provides: bundled(libreplace)
%description test-libs
%{name}-test-libs provides libraries required by the testing tools.
### USERSHARES
%package usershares
Summary: Provides support for non-root user shares
Requires: %{name} = %{samba_depver}
Requires: %{name}-common-tools = %{samba_depver}
%description usershares
Installing this package will provide a configuration file, group and
directories to support non-root user shares. You can configure them
as a user using the `net usershare` command.
### WINBIND
%package winbind
Summary: Samba winbind
@ -985,6 +1068,7 @@ Summary: A Clustered Database based on Samba's Trivial Database (TDB)
Requires: %{name}-common-libs = %{samba_depver}
Requires: %{name}-client-libs = %{samba_depver}
Requires: %{name}-winbind-clients = %{samba_depver}
Requires: coreutils
# for ps and killall
@ -1084,7 +1168,11 @@ Support for using an existing CEPH cluster as a mutex helper for CTDB
%prep
%if 0%{?fedora} || 0%{?rhel} >= 9
xzcat %{SOURCE0} | %{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data=-
%else
xzcat %{SOURCE0} | gpgv2 --quiet --keyring %{SOURCE2} %{SOURCE1} -
%endif
%autosetup -n samba-%{version}%{pre_release} -p1
# Ensure we rely on GnuTLS and do not build any other crypto code shipping with
@ -1190,6 +1278,9 @@ export LDFLAGS="%{__global_ldflags} -fuse-ld=gold"
--systemd-smb-extra=%{_systemd_extra} \
--systemd-nmb-extra=%{_systemd_extra} \
--systemd-winbind-extra=%{_systemd_extra} \
%if %{with clustering}
--systemd-ctdb-extra=%{_systemd_extra} \
%endif
--systemd-samba-extra=%{_systemd_extra}
# Do not use %%make_build, make is just a wrapper around waf in Samba!
@ -1213,6 +1304,7 @@ install -d -m 0755 %{buildroot}/var/lib/samba/lock
install -d -m 0755 %{buildroot}/var/lib/samba/private
install -d -m 0755 %{buildroot}/var/lib/samba/scripts
install -d -m 0755 %{buildroot}/var/lib/samba/sysvol
install -d -m 0755 %{buildroot}/var/lib/samba/usershares
install -d -m 0755 %{buildroot}/var/lib/samba/winbindd_privileged
install -d -m 0755 %{buildroot}/var/log/samba/old
install -d -m 0755 %{buildroot}/run/samba
@ -1240,6 +1332,7 @@ install -m 0644 %{SOURCE10} %{buildroot}%{_sysconfdir}/logrotate.d/samba
install -m 0644 %{SOURCE11} %{buildroot}%{_sysconfdir}/samba/smb.conf
install -m 0644 %{SOURCE12} %{buildroot}%{_sysconfdir}/samba/smb.conf.example
install -m 0644 %{SOURCE15} %{buildroot}%{_sysconfdir}/samba/usershares.conf
install -d -m 0755 %{buildroot}%{_sysconfdir}/security
install -m 0644 %{SOURCE13} %{buildroot}%{_sysconfdir}/security/pam_winbind.conf
@ -1262,6 +1355,10 @@ echo "d /run/samba 755 root root" > %{buildroot}%{_tmpfilesdir}/samba.conf
echo "d /run/ctdb 755 root root" > %{buildroot}%{_tmpfilesdir}/ctdb.conf
%endif
install -d -m 0755 %{buildroot}%{_sysusersdir}
install -m 0644 %{SOURCE16} %{buildroot}%{_sysusersdir}/samba.conf
install -m 0644 %{SOURCE17} %{buildroot}%{_sysusersdir}/samba-usershares.conf
install -d -m 0755 %{buildroot}%{_sysconfdir}/sysconfig
install -m 0644 packaging/systemd/samba.sysconfig %{buildroot}%{_sysconfdir}/sysconfig/samba
%if %{with clustering}
@ -1275,10 +1372,6 @@ install -m 0644 ctdb/config/ctdb.conf %{buildroot}%{_sysconfdir}/ctdb/ctdb.conf
install -m 0644 %{SOURCE201} packaging/README.downgrade
%if %{with clustering}
install -m 0644 ctdb/config/ctdb.service %{buildroot}%{_unitdir}
%endif
# NetworkManager online/offline script
install -d -m 0755 %{buildroot}%{_prefix}/lib/NetworkManager/dispatcher.d/
install -m 0755 packaging/NetworkManager/30-winbind-systemd \
@ -1296,8 +1389,6 @@ for i in \
%{_mandir}/man8/samba.8 \
%{_mandir}/man8/samba_downgrade_db.8 \
%{_mandir}/man8/samba-gpupdate.8 \
%{_libdir}/samba/ldb/ildap.so \
%{_libdir}/samba/ldb/ldbsamba_extensions.so \
%{_unitdir}/samba.service \
%{python3_sitearch}/samba/dcerpc/dnsserver.*.so \
%{python3_sitearch}/samba/dnsserver.py \
@ -1428,7 +1519,11 @@ export WINBINDD_DONT_LOG_STDOUT=1
%systemd_postun_with_restart nmb.service
%pre common
%if 0%{?fedora} || 0%{?rhel} > 8
%sysusers_create_compat %{SOURCE16}
%else
getent group printadmin >/dev/null || groupadd -r printadmin || :
%endif
%post common
%{?ldconfig}
@ -1536,6 +1631,13 @@ fi
%ldconfig_scriptlets test
%pre usershares
%if 0%{?fedora} || 0%{?rhel} > 8
%sysusers_create_compat %{SOURCE17}
%else
getent group usershares >/dev/null || groupadd -r usershares || :
%endif
%pre winbind
/usr/sbin/groupadd -g 88 wbpriv >/dev/null 2>&1 || :
@ -1794,23 +1896,22 @@ fi
### CLIENT-LIBS
%files client-libs
%{_libdir}/libdcerpc-binding.so.*
%{_libdir}/libdcerpc-server-core.so.*
%{_libdir}/libdcerpc.so.*
%{_libdir}/libndr-krb5pac.so.*
%{_libdir}/libndr-nbt.so.*
%{_libdir}/libndr-standard.so.*
%{_libdir}/libndr.so.*
%{_libdir}/libnetapi.so.*
%{_libdir}/libsamba-credentials.so.*
%{_libdir}/libsamba-errors.so.*
%{_libdir}/libsamba-hostconfig.so.*
%{_libdir}/libsamba-passdb.so.*
%{_libdir}/libsamba-util.so.*
%{_libdir}/libsamdb.so.*
%{_libdir}/libsmbconf.so.*
%{_libdir}/libsmbldap.so.*
%{_libdir}/libtevent-util.so.*
%{_libdir}/libdcerpc-binding.so.%{libdcerpc_binding_so_version}*
%{_libdir}/libdcerpc-server-core.so.%{libdcerpc_server_core_so_version}*
%{_libdir}/libdcerpc.so.%{libdcerpc_so_version}*
%{_libdir}/libndr-krb5pac.so.%{libndr_krb5pac_so_version}*
%{_libdir}/libndr-nbt.so.%{libndr_nbt_so_version}*
%{_libdir}/libndr-standard.so.%{libndr_standard_so_version}*
%{_libdir}/libndr.so.%{libndr_so_version}*
%{_libdir}/libsamba-credentials.so.%{libsamba_credentials_so_version}*
%{_libdir}/libsamba-errors.so.%{libsamba_errors_so_version}*
%{_libdir}/libsamba-hostconfig.so.%{libsamba_hostconfig_so_version}*
%{_libdir}/libsamba-passdb.so.%{libsamba_passdb_so_version}*
%{_libdir}/libsamba-util.so.%{libsamba_util_so_version}*
%{_libdir}/libsamdb.so.%{libsamdb_so_version}*
%{_libdir}/libsmbconf.so.%{libsmbconf_so_version}*
%{_libdir}/libsmbldap.so.%{libsmbldap_so_version}*
%{_libdir}/libtevent-util.so.%{libtevent_util_so_version}*
%dir %{_libdir}/samba
%{_libdir}/samba/libCHARSET3-samba4.so
@ -1899,7 +2000,7 @@ fi
%endif
%if %{without libsmbclient}
%{_libdir}/samba/libsmbclient.so.*
%{_libdir}/samba/libsmbclient.so.%{libsmbclient_so_version}*
%{_mandir}/man7/libsmbclient.7*
#endif without libsmbclient
%endif
@ -1929,6 +2030,7 @@ fi
### COMMON
%files common
%{_tmpfilesdir}/samba.conf
%{_sysusersdir}/samba.conf
%dir %{_sysconfdir}/logrotate.d/
%config(noreplace) %{_sysconfdir}/logrotate.d/samba
%attr(0700,root,root) %dir /var/log/samba
@ -1948,7 +2050,7 @@ fi
%{_mandir}/man5/smbpasswd.5*
%{_mandir}/man7/samba.7*
### COMMON-libs
### COMMON-LIBS
%files common-libs
# common libraries
%{_libdir}/samba/libcmdline-samba4.so
@ -1983,7 +2085,6 @@ fi
%{_sbindir}/samba
%{_sbindir}/samba_dnsupdate
%{_sbindir}/samba_downgrade_db
%{_sbindir}/samba-gpupdate
%{_sbindir}/samba_kcc
%{_sbindir}/samba_spnupdate
%{_sbindir}/samba_upgradedns
@ -2008,10 +2109,8 @@ fi
%{_libdir}/samba/ldb/extended_dn_out.so
%{_libdir}/samba/ldb/extended_dn_store.so
%{_libdir}/samba/ldb/group_audit_log.so
%{_libdir}/samba/ldb/ildap.so
%{_libdir}/samba/ldb/instancetype.so
%{_libdir}/samba/ldb/lazy_commit.so
%{_libdir}/samba/ldb/ldbsamba_extensions.so
%{_libdir}/samba/ldb/linked_attributes.so
%{_libdir}/samba/ldb/new_partition.so
%{_libdir}/samba/ldb/objectclass.so
@ -2046,7 +2145,6 @@ fi
%dir /var/lib/samba/sysvol
%{_mandir}/man8/samba.8*
%{_mandir}/man8/samba_downgrade_db.8*
%{_mandir}/man8/samba-gpupdate.8*
%dir %{_datadir}/samba/admx
%{_datadir}/samba/admx/samba.admx
%dir %{_datadir}/samba/admx/en-US
@ -2156,7 +2254,6 @@ fi
%{_includedir}/samba-4.0/ndr/ndr_krb5pac.h
%{_includedir}/samba-4.0/ndr/ndr_svcctl.h
%{_includedir}/samba-4.0/ndr/ndr_nbt.h
%{_includedir}/samba-4.0/netapi.h
%{_includedir}/samba-4.0/param.h
%{_includedir}/samba-4.0/passdb.h
%{_includedir}/samba-4.0/policy.h
@ -2197,7 +2294,6 @@ fi
%{_libdir}/libndr-nbt.so
%{_libdir}/libndr-standard.so
%{_libdir}/libndr.so
%{_libdir}/libnetapi.so
%{_libdir}/libsamba-credentials.so
%{_libdir}/libsamba-errors.so
%{_libdir}/libsamba-hostconfig.so
@ -2211,7 +2307,6 @@ fi
%{_libdir}/pkgconfig/ndr_krb5pac.pc
%{_libdir}/pkgconfig/ndr_nbt.pc
%{_libdir}/pkgconfig/ndr_standard.pc
%{_libdir}/pkgconfig/netapi.pc
%{_libdir}/pkgconfig/samba-credentials.pc
%{_libdir}/pkgconfig/samba-hostconfig.pc
%{_libdir}/pkgconfig/samba-util.pc
@ -2258,11 +2353,23 @@ fi
%{_mandir}/man8/vfs_glusterfs.8*
%endif
### GPUPDATE
%if %{with dc}
%files gpupdate
%{_mandir}/man8/samba-gpupdate.8*
%{_sbindir}/samba-gpupdate
%endif
### KRB5-PRINTING
%files krb5-printing
%attr(0700,root,root) %{_libexecdir}/samba/smbspool_krb5_wrapper
%{_mandir}/man8/smbspool_krb5_wrapper.8*
### LDB-LDAP-MODULES
%files ldb-ldap-modules
%{_libdir}/samba/ldb/ldbsamba_extensions.so
%{_libdir}/samba/ldb/ildap.so
### LIBS
%files libs
%{_libdir}/libdcerpc-samr.so.*
@ -2279,6 +2386,16 @@ fi
%{_libdir}/samba/libRPC-SERVER-LOOP-samba4.so
%{_libdir}/samba/libRPC-WORKER-samba4.so
### LIBNETAPI
%files -n libnetapi
%{_libdir}/libnetapi.so.%{libnetapi_so_version}*
### LIBNETAPI-DEVEL
%files -n libnetapi-devel
%{_includedir}/samba-4.0/netapi.h
%{_libdir}/libnetapi.so
%{_libdir}/pkgconfig/netapi.pc
### LIBSMBCLIENT
%if %{with libsmbclient}
%files -n libsmbclient
@ -2296,7 +2413,7 @@ fi
### LIBWBCLIENT
%if %{with libwbclient}
%files -n libwbclient
%{_libdir}/samba/wbclient/libwbclient.so.*
%{_libdir}/samba/wbclient/libwbclient.so.%{libwbclient_so_version}*
### LIBWBCLIENT-DEVEL
%files -n libwbclient-devel
@ -2366,18 +2483,6 @@ fi
%{python3_sitearch}/samba/__pycache__/dnsresolver.*.pyc
%{python3_sitearch}/samba/__pycache__/drs_utils.*.pyc
%{python3_sitearch}/samba/__pycache__/getopt.*.pyc
%{python3_sitearch}/samba/__pycache__/gpclass.*.pyc
%{python3_sitearch}/samba/__pycache__/gp_cert_auto_enroll_ext.*.pyc
%{python3_sitearch}/samba/__pycache__/gp_chromium_ext.*.pyc
%{python3_sitearch}/samba/__pycache__/gp_ext_loader.*.pyc
%{python3_sitearch}/samba/__pycache__/gp_firefox_ext.*.pyc
%{python3_sitearch}/samba/__pycache__/gp_firewalld_ext.*.pyc
%{python3_sitearch}/samba/__pycache__/gp_gnome_settings_ext.*.pyc
%{python3_sitearch}/samba/__pycache__/gp_msgs_ext.*.pyc
%{python3_sitearch}/samba/__pycache__/gp_scripts_ext.*.pyc
%{python3_sitearch}/samba/__pycache__/gp_sec_ext.*.pyc
%{python3_sitearch}/samba/__pycache__/gp_smb_conf_ext.*.pyc
%{python3_sitearch}/samba/__pycache__/gp_sudoers_ext.*.pyc
%{python3_sitearch}/samba/__pycache__/graph.*.pyc
%{python3_sitearch}/samba/__pycache__/hostconfig.*.pyc
%{python3_sitearch}/samba/__pycache__/idmap.*.pyc
@ -2395,14 +2500,6 @@ fi
%{python3_sitearch}/samba/__pycache__/trust_utils.*.pyc
%{python3_sitearch}/samba/__pycache__/upgrade.*.pyc
%{python3_sitearch}/samba/__pycache__/upgradehelpers.*.pyc
%{python3_sitearch}/samba/__pycache__/vgp_access_ext.*.pyc
%{python3_sitearch}/samba/__pycache__/vgp_files_ext.*.pyc
%{python3_sitearch}/samba/__pycache__/vgp_issue_ext.*.pyc
%{python3_sitearch}/samba/__pycache__/vgp_motd_ext.*.pyc
%{python3_sitearch}/samba/__pycache__/vgp_openssh_ext.*.pyc
%{python3_sitearch}/samba/__pycache__/vgp_startup_scripts_ext.*.pyc
%{python3_sitearch}/samba/__pycache__/vgp_sudoers_ext.*.pyc
%{python3_sitearch}/samba/__pycache__/vgp_symlink_ext.*.pyc
%{python3_sitearch}/samba/__pycache__/xattr.*.pyc
%{python3_sitearch}/samba/_glue.*.so
%{python3_sitearch}/samba/_ldb.*.so
@ -2464,11 +2561,6 @@ fi
%{python3_sitearch}/samba/dsdb_dns.*.so
%{python3_sitearch}/samba/gensec.*.so
%{python3_sitearch}/samba/getopt.py
%{python3_sitearch}/samba/gpclass.py
%{python3_sitearch}/samba/gp_gnome_settings_ext.py
%{python3_sitearch}/samba/gp_scripts_ext.py
%{python3_sitearch}/samba/gp_sec_ext.py
%{python3_sitearch}/samba/gpo.*.so
%{python3_sitearch}/samba/graph.py
%{python3_sitearch}/samba/hostconfig.py
%{python3_sitearch}/samba/idmap.py
@ -2487,14 +2579,57 @@ fi
%{python3_sitearch}/samba/emulate/__init__.py
%{python3_sitearch}/samba/emulate/traffic.py
%{python3_sitearch}/samba/emulate/traffic_packets.py
%{python3_sitearch}/samba/gp_cert_auto_enroll_ext.py
%{python3_sitearch}/samba/gp_chromium_ext.py
%{python3_sitearch}/samba/gp_ext_loader.py
%{python3_sitearch}/samba/gp_firefox_ext.py
%{python3_sitearch}/samba/gp_firewalld_ext.py
%{python3_sitearch}/samba/gp_msgs_ext.py
%{python3_sitearch}/samba/gp_smb_conf_ext.py
%{python3_sitearch}/samba/gp_sudoers_ext.py
%dir %{python3_sitearch}/samba/gp
%dir %{python3_sitearch}/samba/gp/__pycache__
%{python3_sitearch}/samba/gp/__pycache__/gpclass.*.pyc
%{python3_sitearch}/samba/gp/__pycache__/gp_centrify_crontab_ext.*.pyc
%{python3_sitearch}/samba/gp/__pycache__/gp_centrify_sudoers_ext.*.pyc
%{python3_sitearch}/samba/gp/__pycache__/gp_cert_auto_enroll_ext.*.pyc
%{python3_sitearch}/samba/gp/__pycache__/gp_chromium_ext.*.pyc
%{python3_sitearch}/samba/gp/__pycache__/gp_ext_loader.*.pyc
%{python3_sitearch}/samba/gp/__pycache__/gp_firefox_ext.*.pyc
%{python3_sitearch}/samba/gp/__pycache__/gp_firewalld_ext.*.pyc
%{python3_sitearch}/samba/gp/__pycache__/gp_gnome_settings_ext.*.pyc
%{python3_sitearch}/samba/gp/__pycache__/gp_msgs_ext.*.pyc
%{python3_sitearch}/samba/gp/__pycache__/gp_scripts_ext.*.pyc
%{python3_sitearch}/samba/gp/__pycache__/gp_sec_ext.*.pyc
%{python3_sitearch}/samba/gp/__pycache__/gp_smb_conf_ext.*.pyc
%{python3_sitearch}/samba/gp/__pycache__/gp_sudoers_ext.*.pyc
%{python3_sitearch}/samba/gp/__pycache__/vgp_access_ext.*.pyc
%{python3_sitearch}/samba/gp/__pycache__/vgp_files_ext.*.pyc
%{python3_sitearch}/samba/gp/__pycache__/vgp_issue_ext.*.pyc
%{python3_sitearch}/samba/gp/__pycache__/vgp_motd_ext.*.pyc
%{python3_sitearch}/samba/gp/__pycache__/vgp_openssh_ext.*.pyc
%{python3_sitearch}/samba/gp/__pycache__/vgp_startup_scripts_ext.*.pyc
%{python3_sitearch}/samba/gp/__pycache__/vgp_sudoers_ext.*.pyc
%{python3_sitearch}/samba/gp/__pycache__/vgp_symlink_ext.*.pyc
%{python3_sitearch}/samba/gp/gpclass.py
%{python3_sitearch}/samba/gp/gp_gnome_settings_ext.py
%{python3_sitearch}/samba/gp/gp_scripts_ext.py
%{python3_sitearch}/samba/gp/gp_sec_ext.py
%{python3_sitearch}/samba/gp/gp_centrify_crontab_ext.py
%{python3_sitearch}/samba/gp/gp_centrify_sudoers_ext.py
%{python3_sitearch}/samba/gp/gp_cert_auto_enroll_ext.py
%{python3_sitearch}/samba/gp/gp_chromium_ext.py
%{python3_sitearch}/samba/gp/gp_ext_loader.py
%{python3_sitearch}/samba/gp/gp_firefox_ext.py
%{python3_sitearch}/samba/gp/gp_firewalld_ext.py
%{python3_sitearch}/samba/gp/gp_msgs_ext.py
%{python3_sitearch}/samba/gp/gp_smb_conf_ext.py
%{python3_sitearch}/samba/gp/gp_sudoers_ext.py
%dir %{python3_sitearch}/samba/gp/util
%dir %{python3_sitearch}/samba/gp/util/__pycache__
%{python3_sitearch}/samba/gp/util/__pycache__/logging.*.pyc
%{python3_sitearch}/samba/gp/util/logging.py
%{python3_sitearch}/samba/gp/vgp_access_ext.py
%{python3_sitearch}/samba/gp/vgp_files_ext.py
%{python3_sitearch}/samba/gp/vgp_issue_ext.py
%{python3_sitearch}/samba/gp/vgp_motd_ext.py
%{python3_sitearch}/samba/gp/vgp_openssh_ext.py
%{python3_sitearch}/samba/gp/vgp_startup_scripts_ext.py
%{python3_sitearch}/samba/gp/vgp_sudoers_ext.py
%{python3_sitearch}/samba/gp/vgp_symlink_ext.py
%{python3_sitearch}/samba/gpo.*.so
%dir %{python3_sitearch}/samba/gp_parse
%{python3_sitearch}/samba/gp_parse/__init__.py
%dir %{python3_sitearch}/samba/gp_parse/__pycache__
@ -2589,9 +2724,11 @@ fi
%{python3_sitearch}/samba/samba3/mdscli.*.so
%{python3_sitearch}/samba/samba3/param.*.so
%{python3_sitearch}/samba/samba3/passdb.*.so
%{python3_sitearch}/samba/samba3/smbconf.*.so
%{python3_sitearch}/samba/samba3/smbd.*.so
%{python3_sitearch}/samba/sd_utils.py
%{python3_sitearch}/samba/sites.py
%{python3_sitearch}/samba/smbconf.*.so
%{python3_sitearch}/samba/subnets.py
%dir %{python3_sitearch}/samba/subunit
%{python3_sitearch}/samba/subunit/__init__.py
@ -2603,14 +2740,6 @@ fi
%{python3_sitearch}/samba/trust_utils.py
%{python3_sitearch}/samba/upgrade.py
%{python3_sitearch}/samba/upgradehelpers.py
%{python3_sitearch}/samba/vgp_access_ext.py
%{python3_sitearch}/samba/vgp_files_ext.py
%{python3_sitearch}/samba/vgp_issue_ext.py
%{python3_sitearch}/samba/vgp_motd_ext.py
%{python3_sitearch}/samba/vgp_openssh_ext.py
%{python3_sitearch}/samba/vgp_startup_scripts_ext.py
%{python3_sitearch}/samba/vgp_sudoers_ext.py
%{python3_sitearch}/samba/vgp_symlink_ext.py
%{python3_sitearch}/samba/werror.*.so
%{python3_sitearch}/samba/xattr.py
%{python3_sitearch}/samba/xattr_native.*.so
@ -2756,6 +2885,7 @@ fi
%{python3_sitearch}/samba/tests/__pycache__/ldap_spn.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/ldap_upn_sam_account.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/loadparm.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/logfiles.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/libsmb.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/lsa_string.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/messaging.*.pyc
@ -2773,6 +2903,7 @@ fi
%{python3_sitearch}/samba/tests/__pycache__/ntlm_auth_krb5.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/pam_winbind.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/pam_winbind_chauthtok.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/pam_winbind_setcred.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/pam_winbind_warn_pwd_expire.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/param.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/password_hash.*.pyc
@ -2803,7 +2934,9 @@ fi
%{python3_sitearch}/samba/tests/__pycache__/sddl.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/security.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/segfault.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/sid_strings.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/smb.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/smbconf.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/smb-notify.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/smbd_base.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/smbd_fuzztest.*.pyc
@ -2838,6 +2971,7 @@ fi
%{python3_sitearch}/samba/tests/blackbox/__pycache__/downgradedatabase.*.pyc
%{python3_sitearch}/samba/tests/blackbox/__pycache__/mdsearch.*.pyc
%{python3_sitearch}/samba/tests/blackbox/__pycache__/ndrdump.*.pyc
%{python3_sitearch}/samba/tests/blackbox/__pycache__/netads_dns.*.pyc
%{python3_sitearch}/samba/tests/blackbox/__pycache__/netads_json.*.pyc
%{python3_sitearch}/samba/tests/blackbox/__pycache__/samba_dnsupdate.*.pyc
%{python3_sitearch}/samba/tests/blackbox/__pycache__/smbcacls.*.pyc
@ -2854,6 +2988,7 @@ fi
%{python3_sitearch}/samba/tests/blackbox/downgradedatabase.py
%{python3_sitearch}/samba/tests/blackbox/mdsearch.py
%{python3_sitearch}/samba/tests/blackbox/ndrdump.py
%{python3_sitearch}/samba/tests/blackbox/netads_dns.py
%{python3_sitearch}/samba/tests/blackbox/netads_json.py
%{python3_sitearch}/samba/tests/blackbox/samba_dnsupdate.py
%{python3_sitearch}/samba/tests/blackbox/smbcacls.py
@ -2978,8 +3113,11 @@ fi
%{python3_sitearch}/samba/tests/krb5/__pycache__/kdc_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/kdc_tgs_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/kpasswd_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/lockout_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/ms_kile_client_principal_lookup_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/nt_hash_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/pac_align_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/protected_users_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/raw_testcase.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/rfc4120_constants.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/rfc4120_pyasn1.*.pyc
@ -3005,8 +3143,11 @@ fi
%{python3_sitearch}/samba/tests/krb5/kdc_tests.py
%{python3_sitearch}/samba/tests/krb5/kdc_tgs_tests.py
%{python3_sitearch}/samba/tests/krb5/kpasswd_tests.py
%{python3_sitearch}/samba/tests/krb5/lockout_tests.py
%{python3_sitearch}/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py
%{python3_sitearch}/samba/tests/krb5/nt_hash_tests.py
%{python3_sitearch}/samba/tests/krb5/pac_align_tests.py
%{python3_sitearch}/samba/tests/krb5/protected_users_tests.py
%{python3_sitearch}/samba/tests/krb5/raw_testcase.py
%{python3_sitearch}/samba/tests/krb5/rfc4120_constants.py
%{python3_sitearch}/samba/tests/krb5/rfc4120_pyasn1.py
@ -3029,6 +3170,7 @@ fi
%{python3_sitearch}/samba/tests/ldap_upn_sam_account.py
%{python3_sitearch}/samba/tests/libsmb.py
%{python3_sitearch}/samba/tests/loadparm.py
%{python3_sitearch}/samba/tests/logfiles.py
%{python3_sitearch}/samba/tests/lsa_string.py
%{python3_sitearch}/samba/tests/messaging.py
%{python3_sitearch}/samba/tests/ndr.py
@ -3045,6 +3187,7 @@ fi
%{python3_sitearch}/samba/tests/ntlm_auth_krb5.py
%{python3_sitearch}/samba/tests/pam_winbind.py
%{python3_sitearch}/samba/tests/pam_winbind_chauthtok.py
%{python3_sitearch}/samba/tests/pam_winbind_setcred.py
%{python3_sitearch}/samba/tests/pam_winbind_warn_pwd_expire.py
%{python3_sitearch}/samba/tests/param.py
%{python3_sitearch}/samba/tests/password_hash.py
@ -3153,7 +3296,9 @@ fi
%{python3_sitearch}/samba/tests/sddl.py
%{python3_sitearch}/samba/tests/security.py
%{python3_sitearch}/samba/tests/segfault.py
%{python3_sitearch}/samba/tests/sid_strings.py
%{python3_sitearch}/samba/tests/smb.py
%{python3_sitearch}/samba/tests/smbconf.py
%{python3_sitearch}/samba/tests/smb-notify.py
%{python3_sitearch}/samba/tests/smbd_base.py
%{python3_sitearch}/samba/tests/smbd_fuzztest.py
@ -3196,6 +3341,12 @@ fi
%{_libdir}/samba/libdsdb-module-samba4.so
%endif
### USERSHARES
%files usershares
%config(noreplace) %{_sysconfdir}/samba/usershares.conf
%attr(1770,root,usershares) %dir /var/lib/samba/usershares
%{_sysusersdir}/samba-usershares.conf
### WINBIND
%files winbind
%{_libdir}/samba/idmap
@ -3274,7 +3425,6 @@ fi
%config(noreplace) %{_sysconfdir}/ctdb/nfs-checks.d/50.rquotad.check
%{_sbindir}/ctdbd
%{_sbindir}/ctdbd_wrapper
%{_bindir}/ctdb
%{_bindir}/ctdb_diagnostics
%{_bindir}/ltdbtool
@ -3307,7 +3457,6 @@ fi
%{_mandir}/man1/onnode.1.gz
%{_mandir}/man1/ltdbtool.1.gz
%{_mandir}/man1/ping_pong.1.gz
%{_mandir}/man1/ctdbd_wrapper.1.gz
%{_mandir}/man5/ctdb.conf.5.gz
%{_mandir}/man5/ctdb-script.options.5.gz
%{_mandir}/man5/ctdb.sysconfig.5.gz
@ -4163,6 +4312,9 @@ fi
%endif
%changelog
* Wed Oct 26 2022 Andreas Schneider <asn@redhat.com> - 4.17.2-101
- resolves: rhbz#2131993 - Update to version 4.17.2
* Thu Aug 25 2022 Andreas Schneider <asn@redhat.com> - 4.16.4-101
- resolves: rhbz#2121317 - Do not require samba package in python3-samba

4
sources
View File

@ -1,2 +1,2 @@
SHA512 (samba-4.16.4.tar.xz) = 263c33f202462c50ba9205232cc59f17eef6526bbe97cc1c6be6606e5e2fa8e235f24693da5ef00106ed126c5e2e1d83e2cfc0d2a690303ac94a8737e6760e95
SHA512 (samba-4.16.4.tar.asc) = aec1d0dc15169dfa0f68776cff083b8a9ecfeb348d20cde02e236eda3548e1df13f6df3e9275ede6e8fdc6193b2fd304d2f493507b49f5877dbb6b7181d90367
SHA512 (samba-4.17.2.tar.asc) = 0cb78e234e812d853ea2e795dbd2dba13bdd45e484a206ecaa54fb353e5d55697bb4cddc5d6e46bf43fa6d5bbcc32d62324dc907d0d122f99bcb3c220ab7d1ef
SHA512 (samba-4.17.2.tar.xz) = 6450deb75ee0b0a6a8e814f62e71973fe4d3e04050a3af42d1c6a3fb3603f0b2b02fa2b86e9a2309f1141a7f2d4ddc32ec4f51457f3c6d735fd19c9750254e31

3
usershares.conf.vendor Normal file
View File

@ -0,0 +1,3 @@
[global]
usershare max shares = 100
usershare allow guests = yes