From ea4398f13cb87ea28bbfb0ef0d4975e185f3d1a8 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Wed, 26 Oct 2022 10:30:43 +0200 Subject: [PATCH] Update to version 4.17.2 resolves: rhbz#2131993 --- .gitignore | 2 + samba-4.17-fix-changeuserpassword4.patch | 540 +++++++++++++++++++++++ samba-systemd-sysusers.conf | 2 + samba-usershares-systemd-sysusers.conf | 2 + samba.spec | 338 ++++++++++---- sources | 4 +- usershares.conf.vendor | 3 + 7 files changed, 796 insertions(+), 95 deletions(-) create mode 100644 samba-4.17-fix-changeuserpassword4.patch create mode 100644 samba-systemd-sysusers.conf create mode 100644 samba-usershares-systemd-sysusers.conf create mode 100644 usershares.conf.vendor diff --git a/.gitignore b/.gitignore index 3bb0283..6b6e039 100644 --- a/.gitignore +++ b/.gitignore @@ -265,3 +265,5 @@ samba-3.6.0pre1.tar.gz /samba-4.16.3.tar.xz /samba-4.16.4.tar.xz /samba-4.16.4.tar.asc +/samba-4.17.2.tar.asc +/samba-4.17.2.tar.xz diff --git a/samba-4.17-fix-changeuserpassword4.patch b/samba-4.17-fix-changeuserpassword4.patch new file mode 100644 index 0000000..7f1b482 --- /dev/null +++ b/samba-4.17-fix-changeuserpassword4.patch @@ -0,0 +1,540 @@ +From a3e3d05f35d6082ea48450060b39084e3d0e4056 Mon Sep 17 00:00:00 2001 +From: Andreas Schneider +Date: Mon, 10 Oct 2022 15:15:20 +0200 +Subject: [PATCH 1/5] s3:librpc: Improve GSE error message + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=15206 + +Signed-off-by: Andreas Schneider +Reviewed-by: Noel Power +--- + source3/librpc/crypto/gse.c | 21 +++++++++++++++++++-- + 1 file changed, 19 insertions(+), 2 deletions(-) + +diff --git a/source3/librpc/crypto/gse.c b/source3/librpc/crypto/gse.c +index c50a8a036df..c2cac7abf82 100644 +--- a/source3/librpc/crypto/gse.c ++++ b/source3/librpc/crypto/gse.c +@@ -546,11 +546,28 @@ init_sec_context_done: + goto done; + case GSS_S_FAILURE: + switch (gss_min) { +- case (OM_uint32)KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN: +- DBG_NOTICE("Server principal not found\n"); ++ case (OM_uint32)KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN: { ++ gss_buffer_desc name_token = { ++ .length = 0, ++ }; ++ ++ gss_maj = gss_display_name(&gss_min, ++ gse_ctx->server_name, ++ &name_token, ++ NULL); ++ if (gss_maj == GSS_S_COMPLETE) { ++ DBG_NOTICE("Server principal %.*s not found\n", ++ (int)name_token.length, ++ (char *)name_token.value); ++ gss_release_buffer(&gss_maj, &name_token); ++ } else { ++ DBG_NOTICE("Server principal not found\n"); ++ } ++ + /* Make SPNEGO ignore us, we can't go any further here */ + status = NT_STATUS_INVALID_PARAMETER; + goto done; ++ } + case (OM_uint32)KRB5KRB_AP_ERR_TKT_EXPIRED: + DBG_NOTICE("Ticket expired\n"); + /* Make SPNEGO ignore us, we can't go any further here */ +-- +2.37.3 + + +From d2e2e9acd717e45806f1b19378e09f39c8fe3da8 Mon Sep 17 00:00:00 2001 +From: Andreas Schneider +Date: Fri, 7 Oct 2022 14:35:15 +0200 +Subject: [PATCH 2/5] s3:rpcclient: Pass salt down to + init_samr_CryptPasswordAES() + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=15206 + +Signed-off-by: Andreas Schneider +Reviewed-by: Noel Power +--- + source3/rpc_client/init_samr.c | 15 ++++----------- + source3/rpc_client/init_samr.h | 1 + + source3/rpcclient/cmd_samr.c | 8 ++++++++ + source4/libnet/libnet_passwd.c | 13 +++++++------ + source4/torture/rpc/samr.c | 27 +++++++++++++++++++++++++++ + 5 files changed, 47 insertions(+), 17 deletions(-) + +diff --git a/source3/rpc_client/init_samr.c b/source3/rpc_client/init_samr.c +index 68f42b602b3..52fa2f90d6e 100644 +--- a/source3/rpc_client/init_samr.c ++++ b/source3/rpc_client/init_samr.c +@@ -79,6 +79,7 @@ NTSTATUS init_samr_CryptPassword(const char *pwd, + + NTSTATUS init_samr_CryptPasswordAES(TALLOC_CTX *mem_ctx, + const char *password, ++ DATA_BLOB *salt, + DATA_BLOB *session_key, + struct samr_EncryptedPasswordAES *ppwd_buf) + { +@@ -87,12 +88,6 @@ NTSTATUS init_samr_CryptPasswordAES(TALLOC_CTX *mem_ctx, + .data = pw_data, + .length = sizeof(pw_data), + }; +- size_t iv_size = gnutls_cipher_get_iv_size(GNUTLS_CIPHER_AES_256_CBC); +- uint8_t iv_data[iv_size]; +- DATA_BLOB iv = { +- .data = iv_data, +- .length = iv_size, +- }; + DATA_BLOB ciphertext = data_blob_null; + NTSTATUS status = NT_STATUS_UNSUCCESSFUL; + bool ok; +@@ -101,8 +96,6 @@ NTSTATUS init_samr_CryptPasswordAES(TALLOC_CTX *mem_ctx, + return NT_STATUS_INVALID_PARAMETER; + } + +- generate_nonce_buffer(iv.data, iv.length); +- + ok = encode_pwd_buffer514_from_str(pw_data, password, STR_UNICODE); + if (!ok) { + return NT_STATUS_INTERNAL_ERROR; +@@ -114,7 +107,7 @@ NTSTATUS init_samr_CryptPasswordAES(TALLOC_CTX *mem_ctx, + session_key, + &samr_aes256_enc_key_salt, + &samr_aes256_mac_key_salt, +- &iv, ++ salt, + &ciphertext, + ppwd_buf->auth_data); + BURN_DATA(pw_data); +@@ -126,8 +119,8 @@ NTSTATUS init_samr_CryptPasswordAES(TALLOC_CTX *mem_ctx, + ppwd_buf->cipher = ciphertext.data; + ppwd_buf->PBKDF2Iterations = 0; + +- SMB_ASSERT(iv.length == sizeof(ppwd_buf->salt)); +- memcpy(ppwd_buf->salt, iv.data, iv.length); ++ SMB_ASSERT(salt->length == sizeof(ppwd_buf->salt)); ++ memcpy(ppwd_buf->salt, salt->data, salt->length); + + return NT_STATUS_OK; + } +diff --git a/source3/rpc_client/init_samr.h b/source3/rpc_client/init_samr.h +index 940534e7168..71b4c0e573d 100644 +--- a/source3/rpc_client/init_samr.h ++++ b/source3/rpc_client/init_samr.h +@@ -47,6 +47,7 @@ NTSTATUS init_samr_CryptPassword(const char *pwd, + */ + NTSTATUS init_samr_CryptPasswordAES(TALLOC_CTX *mem_ctx, + const char *password, ++ DATA_BLOB *salt, + DATA_BLOB *session_key, + struct samr_EncryptedPasswordAES *ppwd_buf); + +diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c +index 9ccd2f78a8d..8106ca90cf2 100644 +--- a/source3/rpcclient/cmd_samr.c ++++ b/source3/rpcclient/cmd_samr.c +@@ -3172,6 +3172,11 @@ static NTSTATUS cmd_samr_setuserinfo_int(struct rpc_pipe_client *cli, + uint8_t nt_hash[16]; + uint8_t lm_hash[16]; + DATA_BLOB session_key; ++ uint8_t salt_data[16]; ++ DATA_BLOB salt = { ++ .data = salt_data, ++ .length = sizeof(salt_data), ++ }; + uint8_t password_expired = 0; + struct dcerpc_binding_handle *b = cli->binding_handle; + TALLOC_CTX *frame = NULL; +@@ -3198,6 +3203,8 @@ static NTSTATUS cmd_samr_setuserinfo_int(struct rpc_pipe_client *cli, + goto done; + } + ++ generate_nonce_buffer(salt.data, salt.length); ++ + switch(level) { + case 18: + case 21: +@@ -3220,6 +3227,7 @@ static NTSTATUS cmd_samr_setuserinfo_int(struct rpc_pipe_client *cli, + case 31: + status = init_samr_CryptPasswordAES(frame, + param, ++ &salt, + &session_key, + &pwd_buf_aes); + if (!NT_STATUS_IS_OK(status)) { +diff --git a/source4/libnet/libnet_passwd.c b/source4/libnet/libnet_passwd.c +index 4f662110e55..a1672104824 100644 +--- a/source4/libnet/libnet_passwd.c ++++ b/source4/libnet/libnet_passwd.c +@@ -57,13 +57,13 @@ static NTSTATUS libnet_ChangePassword_samr_aes(TALLOC_CTX *mem_ctx, + struct samr_EncryptedPasswordAES pwd_buf = { + .cipher_len = 0 + }; +- DATA_BLOB iv = { ++ DATA_BLOB salt = { + .data = pwd_buf.salt, + .length = sizeof(pwd_buf.salt), + }; +- gnutls_datum_t iv_datum = { +- .data = iv.data, +- .size = iv.length, ++ gnutls_datum_t salt_datum = { ++ .data = pwd_buf.salt, ++ .size = sizeof(pwd_buf.salt), + }; + uint64_t pbkdf2_iterations = generate_random_u64_range(5000, 1000000); + NTSTATUS status; +@@ -71,11 +71,11 @@ static NTSTATUS libnet_ChangePassword_samr_aes(TALLOC_CTX *mem_ctx, + + E_md4hash(old_password, old_nt_key_data); + +- generate_nonce_buffer(iv.data, iv.length); ++ generate_nonce_buffer(salt.data, salt.length); + + rc = gnutls_pbkdf2(GNUTLS_MAC_SHA512, + &old_nt_key, +- &iv_datum, ++ &salt_datum, + pbkdf2_iterations, + cek.data, + cek.length); +@@ -86,6 +86,7 @@ static NTSTATUS libnet_ChangePassword_samr_aes(TALLOC_CTX *mem_ctx, + + status = init_samr_CryptPasswordAES(mem_ctx, + new_password, ++ &salt, + &cek, + &pwd_buf); + data_blob_clear(&cek); +diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c +index de354659067..0b1880efa18 100644 +--- a/source4/torture/rpc/samr.c ++++ b/source4/torture/rpc/samr.c +@@ -783,6 +783,11 @@ static bool test_SetUserPass_32(struct dcerpc_pipe *p, struct torture_context *t + struct samr_SetUserInfo s; + union samr_UserInfo u; + DATA_BLOB session_key; ++ uint8_t salt_data[16]; ++ DATA_BLOB salt = { ++ .data = salt_data, ++ .length = sizeof(salt_data), ++ }; + char *newpass = NULL; + struct dcerpc_binding_handle *b = p->binding_handle; + struct samr_GetUserPwInfo pwp; +@@ -818,8 +823,11 @@ static bool test_SetUserPass_32(struct dcerpc_pipe *p, struct torture_context *t + return false; + } + ++ generate_nonce_buffer(salt.data, salt.length); ++ + status = init_samr_CryptPasswordAES(tctx, + newpass, ++ &salt, + &session_key, + &u.info32.password); + torture_assert_ntstatus_ok(tctx, +@@ -852,6 +860,7 @@ static bool test_SetUserPass_32(struct dcerpc_pipe *p, struct torture_context *t + + status = init_samr_CryptPasswordAES(tctx, + newpass, ++ &salt, + &session_key, + &u.info32.password); + torture_assert_ntstatus_ok(tctx, +@@ -896,6 +905,11 @@ static bool test_SetUserPass_31(struct dcerpc_pipe *p, struct torture_context *t + union samr_UserInfo u; + bool ret = true; + DATA_BLOB session_key; ++ uint8_t salt_data[16]; ++ DATA_BLOB salt = { ++ .data = salt_data, ++ .length = sizeof(salt_data), ++ }; + char *newpass; + struct dcerpc_binding_handle *b = p->binding_handle; + struct samr_GetUserPwInfo pwp; +@@ -931,8 +945,11 @@ static bool test_SetUserPass_31(struct dcerpc_pipe *p, struct torture_context *t + return false; + } + ++ generate_nonce_buffer(salt.data, salt.length); ++ + status = init_samr_CryptPasswordAES(tctx, + newpass, ++ &salt, + &session_key, + &u.info31.password); + torture_assert_ntstatus_ok(tctx, +@@ -959,6 +976,7 @@ static bool test_SetUserPass_31(struct dcerpc_pipe *p, struct torture_context *t + + status = init_samr_CryptPasswordAES(tctx, + newpass, ++ &salt, + &session_key, + &u.info31.password); + torture_assert_ntstatus_ok(tctx, +@@ -1381,6 +1399,11 @@ static bool test_SetUserPass_level_ex(struct dcerpc_pipe *p, + union samr_UserInfo u; + bool ret = true; + DATA_BLOB session_key; ++ uint8_t salt_data[16]; ++ DATA_BLOB salt = { ++ .data = salt_data, ++ .length = sizeof(salt_data), ++ }; + char *newpass; + struct dcerpc_binding_handle *b = p->binding_handle; + struct samr_GetUserPwInfo pwp; +@@ -1490,6 +1513,8 @@ static bool test_SetUserPass_level_ex(struct dcerpc_pipe *p, + return false; + } + ++ generate_nonce_buffer(salt.data, salt.length); ++ + switch (level) { + case 18: + { +@@ -1561,6 +1586,7 @@ static bool test_SetUserPass_level_ex(struct dcerpc_pipe *p, + case 31: + status = init_samr_CryptPasswordAES(tctx, + newpass, ++ &salt, + &session_key, + &u.info31.password); + +@@ -1568,6 +1594,7 @@ static bool test_SetUserPass_level_ex(struct dcerpc_pipe *p, + case 32: + status = init_samr_CryptPasswordAES(tctx, + newpass, ++ &salt, + &session_key, + &u.info32.password); + +-- +2.37.3 + + +From 1d630363c9b2497266e418aad89c55d5b51a63ad Mon Sep 17 00:00:00 2001 +From: Andreas Schneider +Date: Mon, 17 Oct 2022 09:02:28 +0200 +Subject: [PATCH 3/5] s4:libnet: If we successfully changed the password we are + done + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=15206 + +Signed-off-by: Andreas Schneider +Reviewed-by: Noel Power +--- + source4/libnet/libnet_passwd.c | 32 ++++++++++++++++++-------------- + 1 file changed, 18 insertions(+), 14 deletions(-) + +diff --git a/source4/libnet/libnet_passwd.c b/source4/libnet/libnet_passwd.c +index a1672104824..b17614bcd97 100644 +--- a/source4/libnet/libnet_passwd.c ++++ b/source4/libnet/libnet_passwd.c +@@ -101,7 +101,7 @@ static NTSTATUS libnet_ChangePassword_samr_aes(TALLOC_CTX *mem_ctx, + r.in.password = &pwd_buf; + + status = dcerpc_samr_ChangePasswordUser4_r(h, mem_ctx, &r); +- if (NT_STATUS_IS_OK(status)) { ++ if (!NT_STATUS_IS_OK(status)) { + goto done; + } + if (!NT_STATUS_IS_OK(r.out.result)) { +@@ -112,6 +112,7 @@ static NTSTATUS libnet_ChangePassword_samr_aes(TALLOC_CTX *mem_ctx, + account->string, + nt_errstr(status)); + status = r.out.result; ++ goto done; + } + + done: +@@ -424,20 +425,23 @@ static NTSTATUS libnet_ChangePassword_samr(struct libnet_context *ctx, TALLOC_CT + r->samr.in.oldpassword, + r->samr.in.newpassword, + &(r->samr.out.error_string)); +- if (!NT_STATUS_IS_OK(status)) { +- if (NT_STATUS_EQUAL(status, +- NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE) || +- NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED) || +- NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED)) { +- /* +- * Don't fallback to RC4 based SAMR if weak crypto is not +- * allowed. +- */ +- if (lpcfg_weak_crypto(ctx->lp_ctx) == +- SAMBA_WEAK_CRYPTO_DISALLOWED) { +- goto disconnect; +- } ++ if (NT_STATUS_IS_OK(status)) { ++ goto disconnect; ++ } else if (NT_STATUS_EQUAL(status, ++ NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE) || ++ NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED) || ++ NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED)) { ++ /* ++ * Don't fallback to RC4 based SAMR if weak crypto is not ++ * allowed. ++ */ ++ if (lpcfg_weak_crypto(ctx->lp_ctx) == ++ SAMBA_WEAK_CRYPTO_DISALLOWED) { ++ goto disconnect; + } ++ } else { ++ /* libnet_ChangePassword_samr_aes is implemented and failed */ ++ goto disconnect; + } + + status = libnet_ChangePassword_samr_rc4( +-- +2.37.3 + + +From 9a4a169ab34641afb87e7f81708c9a72b321879e Mon Sep 17 00:00:00 2001 +From: Noel Power +Date: Fri, 21 Oct 2022 17:40:36 +0100 +Subject: [PATCH 4/5] s4/rpc_server/sambr: don't mutate the return of + samdb_set_password_aes + +prior to this commit return of samdb_set_password_aes was set to +NT_STATUS_WRONG_PASSWORD on failure. Useful status that should be +returned such as NT_STATUS_PASSWORD_RESTRICTION are swallowed here +otherwise (and in this case can be partially responsible for failures +in test samba.tests.auth_log_pass_change (with later gnutls) + +Signed-off-by: Noel Power +Reviewed-by: Andreas Schneider +--- + source4/rpc_server/samr/samr_password.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/source4/rpc_server/samr/samr_password.c b/source4/rpc_server/samr/samr_password.c +index 4691f9a47a9..b581be6361c 100644 +--- a/source4/rpc_server/samr/samr_password.c ++++ b/source4/rpc_server/samr/samr_password.c +@@ -250,7 +250,6 @@ NTSTATUS dcesrv_samr_ChangePasswordUser4(struct dcesrv_call_state *dce_call, + + if (!NT_STATUS_IS_OK(status)) { + ldb_transaction_cancel(sam_ctx); +- status = NT_STATUS_WRONG_PASSWORD; + goto done; + } + +-- +2.37.3 + + +From b8b36ecba0f22dbc203c12627ebd629c2437c635 Mon Sep 17 00:00:00 2001 +From: Noel Power +Date: Fri, 21 Oct 2022 17:14:44 +0100 +Subject: [PATCH 5/5] python/samba/tests: fix samba.tests.auth_log_pass_change + for later gnutls + +later gnutls that support GNUTLS_PBKDF2 currently fail, +we need to conditionally switch test data to reflect use of +'samr_ChangePasswordUser3' or 'samr_ChangePasswordUser4' +depending on whether GNUTLS_PBKDF2 is supported or not + +Signed-off-by: Noel Power +Reviewed-by: Andreas Schneider +--- + python/samba/tests/auth_log_pass_change.py | 20 ++++++++++++++++---- + source4/selftest/tests.py | 9 ++++++--- + 2 files changed, 22 insertions(+), 7 deletions(-) + +diff --git a/python/samba/tests/auth_log_pass_change.py b/python/samba/tests/auth_log_pass_change.py +index 972af2158dd..1ca46c586b3 100644 +--- a/python/samba/tests/auth_log_pass_change.py ++++ b/python/samba/tests/auth_log_pass_change.py +@@ -72,6 +72,18 @@ class AuthLogPassChangeTests(samba.tests.auth_log_base.AuthLogTestBase): + + # discard any auth log messages for the password setup + self.discardMessages() ++ gnutls_pbkdf2_support = samba.tests.env_get_var_value( ++ 'GNUTLS_PBKDF2_SUPPORT', ++ allow_missing=True) ++ if gnutls_pbkdf2_support is None: ++ gnutls_pbkdf2_support = '0' ++ self.gnutls_pbkdf2_support = bool(int(gnutls_pbkdf2_support)) ++ ++ def _authDescription(self): ++ if self.gnutls_pbkdf2_support: ++ return "samr_ChangePasswordUser4" ++ else: ++ return "samr_ChangePasswordUser3" + + def tearDown(self): + super(AuthLogPassChangeTests, self).tearDown() +@@ -83,7 +95,7 @@ class AuthLogPassChangeTests(samba.tests.auth_log_base.AuthLogTestBase): + (msg["Authentication"]["serviceDescription"] == + "SAMR Password Change") and + (msg["Authentication"]["authDescription"] == +- "samr_ChangePasswordUser3") and ++ self._authDescription()) and + (msg["Authentication"]["eventId"] == + EVT_ID_SUCCESSFUL_LOGON) and + (msg["Authentication"]["logonType"] == +@@ -109,7 +121,7 @@ class AuthLogPassChangeTests(samba.tests.auth_log_base.AuthLogTestBase): + (msg["Authentication"]["serviceDescription"] == + "SAMR Password Change") and + (msg["Authentication"]["authDescription"] == +- "samr_ChangePasswordUser3") and ++ self._authDescription()) and + (msg["Authentication"]["eventId"] == + EVT_ID_UNSUCCESSFUL_LOGON) and + (msg["Authentication"]["logonType"] == +@@ -141,7 +153,7 @@ class AuthLogPassChangeTests(samba.tests.auth_log_base.AuthLogTestBase): + (msg["Authentication"]["serviceDescription"] == + "SAMR Password Change") and + (msg["Authentication"]["authDescription"] == +- "samr_ChangePasswordUser3") and ++ self._authDescription()) and + (msg["Authentication"]["eventId"] == + EVT_ID_UNSUCCESSFUL_LOGON) and + (msg["Authentication"]["logonType"] == +@@ -174,7 +186,7 @@ class AuthLogPassChangeTests(samba.tests.auth_log_base.AuthLogTestBase): + (msg["Authentication"]["serviceDescription"] == + "SAMR Password Change") and + (msg["Authentication"]["authDescription"] == +- "samr_ChangePasswordUser3") and ++ self._authDescription()) and + (msg["Authentication"]["eventId"] == + EVT_ID_UNSUCCESSFUL_LOGON) and + (msg["Authentication"]["logonType"] == +diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py +index a803d4704ea..c92105586a7 100755 +--- a/source4/selftest/tests.py ++++ b/source4/selftest/tests.py +@@ -1094,9 +1094,11 @@ if have_heimdal_support: + environ={'CLIENT_IP': '10.53.57.11', + 'SOCKET_WRAPPER_DEFAULT_IFACE': 11}) + planoldpythontestsuite("ad_dc_smb1", "samba.tests.auth_log_pass_change", +- extra_args=['-U"$USERNAME%$PASSWORD"']) ++ extra_args=['-U"$USERNAME%$PASSWORD"'], ++ environ={'GNUTLS_PBKDF2_SUPPORT': gnutls_pbkdf2_support}) + planoldpythontestsuite("ad_dc_ntvfs", "samba.tests.auth_log_pass_change", +- extra_args=['-U"$USERNAME%$PASSWORD"']) ++ extra_args=['-U"$USERNAME%$PASSWORD"'], ++ environ={'GNUTLS_PBKDF2_SUPPORT': gnutls_pbkdf2_support}) + + # these tests use a NCA local RPC connection, so always run on the + # :local testenv, and so don't need to fake a client connection +@@ -1113,7 +1115,8 @@ if have_heimdal_support: + "samba.tests.auth_log_winbind", + extra_args=['-U"$DC_USERNAME%$DC_PASSWORD"']) + planoldpythontestsuite("ad_dc", "samba.tests.audit_log_pass_change", +- extra_args=['-U"$USERNAME%$PASSWORD"']) ++ extra_args=['-U"$USERNAME%$PASSWORD"'], ++ environ={'GNUTLS_PBKDF2_SUPPORT': gnutls_pbkdf2_support}) + planoldpythontestsuite("ad_dc", "samba.tests.audit_log_dsdb", + extra_args=['-U"$USERNAME%$PASSWORD"']) + planoldpythontestsuite("ad_dc", "samba.tests.group_audit", +-- +2.37.3 + diff --git a/samba-systemd-sysusers.conf b/samba-systemd-sysusers.conf new file mode 100644 index 0000000..60ad7a5 --- /dev/null +++ b/samba-systemd-sysusers.conf @@ -0,0 +1,2 @@ +#Type Name ID +g printadmin - diff --git a/samba-usershares-systemd-sysusers.conf b/samba-usershares-systemd-sysusers.conf new file mode 100644 index 0000000..33f8fcb --- /dev/null +++ b/samba-usershares-systemd-sysusers.conf @@ -0,0 +1,2 @@ +#Type Name ID +g usershares - diff --git a/samba.spec b/samba.spec index d9f76e1..4937f21 100644 --- a/samba.spec +++ b/samba.spec @@ -134,14 +134,9 @@ %define samba_requires_eq() %(LC_ALL="C" echo '%*' | xargs -r rpm -q --qf 'Requires: %%{name} = %%{epoch}:%%{version}\\n' | sed -e 's/ (none):/ /' -e 's/ 0:/ /' | grep -v "is not") +%global samba_version 4.17.2 %global baserelease 101 - -%global samba_version 4.16.4 -%global talloc_version 2.3.3 -%global tdb_version 1.4.6 -%global tevent_version 0.12.0 -%global ldb_version 2.5.2 -# This should be rc1 or nil +# This should be rc1 or %%nil %global pre_release %nil %global samba_release %{baserelease} @@ -149,6 +144,37 @@ %global samba_release 0.%{baserelease}.%{pre_release} %endif + +# If one of those versions change, we need to make sure we rebuilt or adapt +# projects comsuming those. This is e.g. sssd, openchange, evolution-mapi, ... +%global libdcerpc_binding_so_version 0 +%global libdcerpc_server_core_so_version 0 +%global libdcerpc_so_version 0 +%global libndr_krb5pac_so_version 0 +%global libndr_nbt_so_version 0 +%global libndr_so_version 3 +%global libndr_standard_so_version 0 +%global libnetapi_so_version 1 +%global libsamba_credentials_so_version 1 +%global libsamba_errors_so_version 1 +%global libsamba_hostconfig_so_version 0 +%global libsamba_passdb_so_version 0 +%global libsamba_util_so_version 0 +%global libsamdb_so_version 0 +%global libsmbconf_so_version 0 +%global libsmbldap_so_version 2 +%global libtevent_util_so_version 0 + +%global libsmbclient_so_version 0 +%global libwbclient_so_version 0 + +%global talloc_version 2.3.4 +%global tdb_version 1.4.7 +%global tevent_version 0.13.0 +%global ldb_version 2.6.1 + +%global required_mit_krb5 1.19 + # This is a network daemon, do a hardened build # Enables PIE and full RELRO protection %global _hardened_build 1 @@ -165,8 +191,6 @@ %global libwbc_alternatives_suffix -64 %endif -%global required_mit_krb5 1.19 - %global _systemd_extra "Environment=KRB5CCNAME=FILE:/run/samba/krb5cc_samba" Name: samba @@ -200,18 +224,14 @@ Source11: smb.conf.vendor Source12: smb.conf.example Source13: pam_winbind.conf Source14: samba.pamd -Source15: samba.abignore +Source15: usershares.conf.vendor +Source16: samba-systemd-sysusers.conf +Source17: samba-usershares-systemd-sysusers.conf Source201: README.downgrade - -Patch0: samba-s4u.patch -# https://gitlab.com/samba-team/samba/-/merge_requests/2477 -Patch1: samba-4.16-waf-crypto.patch +Source202: samba.abignore Requires(pre): /usr/sbin/groupadd -Requires(post): systemd -Requires(preun): systemd -Requires(postun): systemd Requires(pre): %{name}-common = %{samba_depver} Requires: %{name}-common = %{samba_depver} @@ -219,6 +239,7 @@ Requires: %{name}-common-libs = %{samba_depver} Requires: %{name}-common-tools = %{samba_depver} Requires: %{name}-client-libs = %{samba_depver} Requires: %{name}-libs = %{samba_depver} +Requires: libnetapi = %{samba_depver} %if %{with libwbclient} Requires(post): libwbclient = %{samba_depver} Requires: libwbclient = %{samba_depver} @@ -292,6 +313,7 @@ BuildRequires: readline-devel BuildRequires: rpcgen BuildRequires: rpcsvc-proto-devel BuildRequires: sed +BuildRequires: systemd-rpm-macros BuildRequires: libtasn1-devel # We need asn1Parser BuildRequires: libtasn1-tools @@ -492,6 +514,8 @@ Summary: Tools for Samba servers and clients Requires: samba-common-libs = %{samba_depver} Requires: samba-client-libs = %{samba_depver} Requires: samba-libs = %{samba_depver} +Requires: samba-ldb-ldap-modules = %{samba_depver} +Requires: libnetapi = %{samba_depver} %if %{with libwbclient} Requires: libwbclient = %{samba_depver} %endif @@ -520,6 +544,7 @@ Summary: Samba AD Domain Controller Requires: %{name} = %{samba_depver} Requires: %{name}-client-libs = %{samba_depver} Requires: %{name}-common-libs = %{samba_depver} +Requires: %{name}-common-tools = %{samba_depver} Requires: %{name}-libs = %{samba_depver} Requires: %{name}-dc-provision = %{samba_depver} Requires: %{name}-dc-libs = %{samba_depver} @@ -599,6 +624,7 @@ Requires: %{name}-client-libs = %{samba_depver} %if %{with dc} Requires: %{name}-dc-libs = %{samba_depver} %endif +Requires: libnetapi = %{samba_depver} Provides: samba4-devel = %{samba_depver} Obsoletes: samba4-devel < %{samba_depver} @@ -661,6 +687,22 @@ Provides: bundled(libreplace) Samba VFS module for GlusterFS integration. %endif +### GPUPDATE +%if %{with dc} +%package gpupdate +Summary: Samba GPO support for clients +Requires: cepces +Requires: certmonger +Requires: %{name}-ldb-ldap-modules = %{samba_depver} +Requires: python3-%{name} = %{samba_depver} + +%description gpupdate +This package provides the samba-gpupdate tool to apply Group Policy Objects +(GPO) on Samba clients. + +# /with dc +%endif + ### KRB5-PRINTING %package krb5-printing Summary: Samba CUPS backend for printing with Kerberos @@ -676,6 +718,16 @@ If you need Kerberos for print jobs to a printer connection to cups via the SMB backend, then you need to install that package. It will allow cups to access the Kerberos credentials cache of the user issuing the print job. +### LDB-LDAP-MODULES +%package ldb-ldap-modules +Summary: Samba ldap modules for ldb +Requires: %{name}-client-libs = %{samba_depver} +Requires: %{name}-common-libs = %{samba_depver} + +%description ldb-ldap-modules +This package contains the ldb ldap modules required by samba-tool and +samba-gpupdate. + ### LIBS %package libs Summary: Samba libraries @@ -694,6 +746,25 @@ Provides: bundled(libreplace) The %{name}-libs package contains the libraries needed by programs that link against the SMB, RPC and other protocols provided by the Samba suite. +### LIBNETAPI +%package -n libnetapi +Summary: The NETAPI library +Requires(pre): %{name}-common = %{samba_depver} +Requires: %{name}-common = %{samba_depver} +Requires: %{name}-common-libs = %{samba_depver} +Requires: %{name}-client-libs = %{samba_depver} + +%description -n libnetapi +This contains the NETAPI library from the Samba suite. + +%package -n libnetapi-devel +Summary: Developer tools for the NETAPI library +Requires: libnetapi = %{samba_depver} + +%description -n libnetapi-devel +The libnetapi-devel package contains the header files and libraries needed to +develop programs that link against the NETAPI library in the Samba suite. + ### LIBSMBCLIENT %if %{with libsmbclient} %package -n libsmbclient @@ -830,6 +901,7 @@ Requires: %{name}-test-libs = %{samba_depver} Requires: %{name}-dc-libs = %{samba_depver} %endif Requires: %{name}-libs = %{samba_depver} +Requires: libnetapi = %{samba_depver} %if %{with libsmbclient} Requires: libsmbclient = %{samba_depver} %endif @@ -866,6 +938,17 @@ Provides: bundled(libreplace) %description test-libs %{name}-test-libs provides libraries required by the testing tools. +### USERSHARES +%package usershares +Summary: Provides support for non-root user shares +Requires: %{name} = %{samba_depver} +Requires: %{name}-common-tools = %{samba_depver} + +%description usershares +Installing this package will provide a configuration file, group and +directories to support non-root user shares. You can configure them +as a user using the `net usershare` command. + ### WINBIND %package winbind Summary: Samba winbind @@ -985,6 +1068,7 @@ Summary: A Clustered Database based on Samba's Trivial Database (TDB) Requires: %{name}-common-libs = %{samba_depver} Requires: %{name}-client-libs = %{samba_depver} +Requires: %{name}-winbind-clients = %{samba_depver} Requires: coreutils # for ps and killall @@ -1084,7 +1168,11 @@ Support for using an existing CEPH cluster as a mutex helper for CTDB %prep +%if 0%{?fedora} || 0%{?rhel} >= 9 +xzcat %{SOURCE0} | %{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data=- +%else xzcat %{SOURCE0} | gpgv2 --quiet --keyring %{SOURCE2} %{SOURCE1} - +%endif %autosetup -n samba-%{version}%{pre_release} -p1 # Ensure we rely on GnuTLS and do not build any other crypto code shipping with @@ -1190,6 +1278,9 @@ export LDFLAGS="%{__global_ldflags} -fuse-ld=gold" --systemd-smb-extra=%{_systemd_extra} \ --systemd-nmb-extra=%{_systemd_extra} \ --systemd-winbind-extra=%{_systemd_extra} \ +%if %{with clustering} + --systemd-ctdb-extra=%{_systemd_extra} \ +%endif --systemd-samba-extra=%{_systemd_extra} # Do not use %%make_build, make is just a wrapper around waf in Samba! @@ -1213,6 +1304,7 @@ install -d -m 0755 %{buildroot}/var/lib/samba/lock install -d -m 0755 %{buildroot}/var/lib/samba/private install -d -m 0755 %{buildroot}/var/lib/samba/scripts install -d -m 0755 %{buildroot}/var/lib/samba/sysvol +install -d -m 0755 %{buildroot}/var/lib/samba/usershares install -d -m 0755 %{buildroot}/var/lib/samba/winbindd_privileged install -d -m 0755 %{buildroot}/var/log/samba/old install -d -m 0755 %{buildroot}/run/samba @@ -1240,6 +1332,7 @@ install -m 0644 %{SOURCE10} %{buildroot}%{_sysconfdir}/logrotate.d/samba install -m 0644 %{SOURCE11} %{buildroot}%{_sysconfdir}/samba/smb.conf install -m 0644 %{SOURCE12} %{buildroot}%{_sysconfdir}/samba/smb.conf.example +install -m 0644 %{SOURCE15} %{buildroot}%{_sysconfdir}/samba/usershares.conf install -d -m 0755 %{buildroot}%{_sysconfdir}/security install -m 0644 %{SOURCE13} %{buildroot}%{_sysconfdir}/security/pam_winbind.conf @@ -1262,6 +1355,10 @@ echo "d /run/samba 755 root root" > %{buildroot}%{_tmpfilesdir}/samba.conf echo "d /run/ctdb 755 root root" > %{buildroot}%{_tmpfilesdir}/ctdb.conf %endif +install -d -m 0755 %{buildroot}%{_sysusersdir} +install -m 0644 %{SOURCE16} %{buildroot}%{_sysusersdir}/samba.conf +install -m 0644 %{SOURCE17} %{buildroot}%{_sysusersdir}/samba-usershares.conf + install -d -m 0755 %{buildroot}%{_sysconfdir}/sysconfig install -m 0644 packaging/systemd/samba.sysconfig %{buildroot}%{_sysconfdir}/sysconfig/samba %if %{with clustering} @@ -1275,10 +1372,6 @@ install -m 0644 ctdb/config/ctdb.conf %{buildroot}%{_sysconfdir}/ctdb/ctdb.conf install -m 0644 %{SOURCE201} packaging/README.downgrade -%if %{with clustering} -install -m 0644 ctdb/config/ctdb.service %{buildroot}%{_unitdir} -%endif - # NetworkManager online/offline script install -d -m 0755 %{buildroot}%{_prefix}/lib/NetworkManager/dispatcher.d/ install -m 0755 packaging/NetworkManager/30-winbind-systemd \ @@ -1296,8 +1389,6 @@ for i in \ %{_mandir}/man8/samba.8 \ %{_mandir}/man8/samba_downgrade_db.8 \ %{_mandir}/man8/samba-gpupdate.8 \ - %{_libdir}/samba/ldb/ildap.so \ - %{_libdir}/samba/ldb/ldbsamba_extensions.so \ %{_unitdir}/samba.service \ %{python3_sitearch}/samba/dcerpc/dnsserver.*.so \ %{python3_sitearch}/samba/dnsserver.py \ @@ -1428,7 +1519,11 @@ export WINBINDD_DONT_LOG_STDOUT=1 %systemd_postun_with_restart nmb.service %pre common +%if 0%{?fedora} || 0%{?rhel} > 8 +%sysusers_create_compat %{SOURCE16} +%else getent group printadmin >/dev/null || groupadd -r printadmin || : +%endif %post common %{?ldconfig} @@ -1536,6 +1631,13 @@ fi %ldconfig_scriptlets test +%pre usershares +%if 0%{?fedora} || 0%{?rhel} > 8 +%sysusers_create_compat %{SOURCE17} +%else +getent group usershares >/dev/null || groupadd -r usershares || : +%endif + %pre winbind /usr/sbin/groupadd -g 88 wbpriv >/dev/null 2>&1 || : @@ -1794,23 +1896,22 @@ fi ### CLIENT-LIBS %files client-libs -%{_libdir}/libdcerpc-binding.so.* -%{_libdir}/libdcerpc-server-core.so.* -%{_libdir}/libdcerpc.so.* -%{_libdir}/libndr-krb5pac.so.* -%{_libdir}/libndr-nbt.so.* -%{_libdir}/libndr-standard.so.* -%{_libdir}/libndr.so.* -%{_libdir}/libnetapi.so.* -%{_libdir}/libsamba-credentials.so.* -%{_libdir}/libsamba-errors.so.* -%{_libdir}/libsamba-hostconfig.so.* -%{_libdir}/libsamba-passdb.so.* -%{_libdir}/libsamba-util.so.* -%{_libdir}/libsamdb.so.* -%{_libdir}/libsmbconf.so.* -%{_libdir}/libsmbldap.so.* -%{_libdir}/libtevent-util.so.* +%{_libdir}/libdcerpc-binding.so.%{libdcerpc_binding_so_version}* +%{_libdir}/libdcerpc-server-core.so.%{libdcerpc_server_core_so_version}* +%{_libdir}/libdcerpc.so.%{libdcerpc_so_version}* +%{_libdir}/libndr-krb5pac.so.%{libndr_krb5pac_so_version}* +%{_libdir}/libndr-nbt.so.%{libndr_nbt_so_version}* +%{_libdir}/libndr-standard.so.%{libndr_standard_so_version}* +%{_libdir}/libndr.so.%{libndr_so_version}* +%{_libdir}/libsamba-credentials.so.%{libsamba_credentials_so_version}* +%{_libdir}/libsamba-errors.so.%{libsamba_errors_so_version}* +%{_libdir}/libsamba-hostconfig.so.%{libsamba_hostconfig_so_version}* +%{_libdir}/libsamba-passdb.so.%{libsamba_passdb_so_version}* +%{_libdir}/libsamba-util.so.%{libsamba_util_so_version}* +%{_libdir}/libsamdb.so.%{libsamdb_so_version}* +%{_libdir}/libsmbconf.so.%{libsmbconf_so_version}* +%{_libdir}/libsmbldap.so.%{libsmbldap_so_version}* +%{_libdir}/libtevent-util.so.%{libtevent_util_so_version}* %dir %{_libdir}/samba %{_libdir}/samba/libCHARSET3-samba4.so @@ -1899,7 +2000,7 @@ fi %endif %if %{without libsmbclient} -%{_libdir}/samba/libsmbclient.so.* +%{_libdir}/samba/libsmbclient.so.%{libsmbclient_so_version}* %{_mandir}/man7/libsmbclient.7* #endif without libsmbclient %endif @@ -1929,6 +2030,7 @@ fi ### COMMON %files common %{_tmpfilesdir}/samba.conf +%{_sysusersdir}/samba.conf %dir %{_sysconfdir}/logrotate.d/ %config(noreplace) %{_sysconfdir}/logrotate.d/samba %attr(0700,root,root) %dir /var/log/samba @@ -1948,7 +2050,7 @@ fi %{_mandir}/man5/smbpasswd.5* %{_mandir}/man7/samba.7* -### COMMON-libs +### COMMON-LIBS %files common-libs # common libraries %{_libdir}/samba/libcmdline-samba4.so @@ -1983,7 +2085,6 @@ fi %{_sbindir}/samba %{_sbindir}/samba_dnsupdate %{_sbindir}/samba_downgrade_db -%{_sbindir}/samba-gpupdate %{_sbindir}/samba_kcc %{_sbindir}/samba_spnupdate %{_sbindir}/samba_upgradedns @@ -2008,10 +2109,8 @@ fi %{_libdir}/samba/ldb/extended_dn_out.so %{_libdir}/samba/ldb/extended_dn_store.so %{_libdir}/samba/ldb/group_audit_log.so -%{_libdir}/samba/ldb/ildap.so %{_libdir}/samba/ldb/instancetype.so %{_libdir}/samba/ldb/lazy_commit.so -%{_libdir}/samba/ldb/ldbsamba_extensions.so %{_libdir}/samba/ldb/linked_attributes.so %{_libdir}/samba/ldb/new_partition.so %{_libdir}/samba/ldb/objectclass.so @@ -2046,7 +2145,6 @@ fi %dir /var/lib/samba/sysvol %{_mandir}/man8/samba.8* %{_mandir}/man8/samba_downgrade_db.8* -%{_mandir}/man8/samba-gpupdate.8* %dir %{_datadir}/samba/admx %{_datadir}/samba/admx/samba.admx %dir %{_datadir}/samba/admx/en-US @@ -2156,7 +2254,6 @@ fi %{_includedir}/samba-4.0/ndr/ndr_krb5pac.h %{_includedir}/samba-4.0/ndr/ndr_svcctl.h %{_includedir}/samba-4.0/ndr/ndr_nbt.h -%{_includedir}/samba-4.0/netapi.h %{_includedir}/samba-4.0/param.h %{_includedir}/samba-4.0/passdb.h %{_includedir}/samba-4.0/policy.h @@ -2197,7 +2294,6 @@ fi %{_libdir}/libndr-nbt.so %{_libdir}/libndr-standard.so %{_libdir}/libndr.so -%{_libdir}/libnetapi.so %{_libdir}/libsamba-credentials.so %{_libdir}/libsamba-errors.so %{_libdir}/libsamba-hostconfig.so @@ -2211,7 +2307,6 @@ fi %{_libdir}/pkgconfig/ndr_krb5pac.pc %{_libdir}/pkgconfig/ndr_nbt.pc %{_libdir}/pkgconfig/ndr_standard.pc -%{_libdir}/pkgconfig/netapi.pc %{_libdir}/pkgconfig/samba-credentials.pc %{_libdir}/pkgconfig/samba-hostconfig.pc %{_libdir}/pkgconfig/samba-util.pc @@ -2258,11 +2353,23 @@ fi %{_mandir}/man8/vfs_glusterfs.8* %endif +### GPUPDATE +%if %{with dc} +%files gpupdate +%{_mandir}/man8/samba-gpupdate.8* +%{_sbindir}/samba-gpupdate +%endif + ### KRB5-PRINTING %files krb5-printing %attr(0700,root,root) %{_libexecdir}/samba/smbspool_krb5_wrapper %{_mandir}/man8/smbspool_krb5_wrapper.8* +### LDB-LDAP-MODULES +%files ldb-ldap-modules +%{_libdir}/samba/ldb/ldbsamba_extensions.so +%{_libdir}/samba/ldb/ildap.so + ### LIBS %files libs %{_libdir}/libdcerpc-samr.so.* @@ -2279,6 +2386,16 @@ fi %{_libdir}/samba/libRPC-SERVER-LOOP-samba4.so %{_libdir}/samba/libRPC-WORKER-samba4.so +### LIBNETAPI +%files -n libnetapi +%{_libdir}/libnetapi.so.%{libnetapi_so_version}* + +### LIBNETAPI-DEVEL +%files -n libnetapi-devel +%{_includedir}/samba-4.0/netapi.h +%{_libdir}/libnetapi.so +%{_libdir}/pkgconfig/netapi.pc + ### LIBSMBCLIENT %if %{with libsmbclient} %files -n libsmbclient @@ -2296,7 +2413,7 @@ fi ### LIBWBCLIENT %if %{with libwbclient} %files -n libwbclient -%{_libdir}/samba/wbclient/libwbclient.so.* +%{_libdir}/samba/wbclient/libwbclient.so.%{libwbclient_so_version}* ### LIBWBCLIENT-DEVEL %files -n libwbclient-devel @@ -2366,18 +2483,6 @@ fi %{python3_sitearch}/samba/__pycache__/dnsresolver.*.pyc %{python3_sitearch}/samba/__pycache__/drs_utils.*.pyc %{python3_sitearch}/samba/__pycache__/getopt.*.pyc -%{python3_sitearch}/samba/__pycache__/gpclass.*.pyc -%{python3_sitearch}/samba/__pycache__/gp_cert_auto_enroll_ext.*.pyc -%{python3_sitearch}/samba/__pycache__/gp_chromium_ext.*.pyc -%{python3_sitearch}/samba/__pycache__/gp_ext_loader.*.pyc -%{python3_sitearch}/samba/__pycache__/gp_firefox_ext.*.pyc -%{python3_sitearch}/samba/__pycache__/gp_firewalld_ext.*.pyc -%{python3_sitearch}/samba/__pycache__/gp_gnome_settings_ext.*.pyc -%{python3_sitearch}/samba/__pycache__/gp_msgs_ext.*.pyc -%{python3_sitearch}/samba/__pycache__/gp_scripts_ext.*.pyc -%{python3_sitearch}/samba/__pycache__/gp_sec_ext.*.pyc -%{python3_sitearch}/samba/__pycache__/gp_smb_conf_ext.*.pyc -%{python3_sitearch}/samba/__pycache__/gp_sudoers_ext.*.pyc %{python3_sitearch}/samba/__pycache__/graph.*.pyc %{python3_sitearch}/samba/__pycache__/hostconfig.*.pyc %{python3_sitearch}/samba/__pycache__/idmap.*.pyc @@ -2395,14 +2500,6 @@ fi %{python3_sitearch}/samba/__pycache__/trust_utils.*.pyc %{python3_sitearch}/samba/__pycache__/upgrade.*.pyc %{python3_sitearch}/samba/__pycache__/upgradehelpers.*.pyc -%{python3_sitearch}/samba/__pycache__/vgp_access_ext.*.pyc -%{python3_sitearch}/samba/__pycache__/vgp_files_ext.*.pyc -%{python3_sitearch}/samba/__pycache__/vgp_issue_ext.*.pyc -%{python3_sitearch}/samba/__pycache__/vgp_motd_ext.*.pyc -%{python3_sitearch}/samba/__pycache__/vgp_openssh_ext.*.pyc -%{python3_sitearch}/samba/__pycache__/vgp_startup_scripts_ext.*.pyc -%{python3_sitearch}/samba/__pycache__/vgp_sudoers_ext.*.pyc -%{python3_sitearch}/samba/__pycache__/vgp_symlink_ext.*.pyc %{python3_sitearch}/samba/__pycache__/xattr.*.pyc %{python3_sitearch}/samba/_glue.*.so %{python3_sitearch}/samba/_ldb.*.so @@ -2464,11 +2561,6 @@ fi %{python3_sitearch}/samba/dsdb_dns.*.so %{python3_sitearch}/samba/gensec.*.so %{python3_sitearch}/samba/getopt.py -%{python3_sitearch}/samba/gpclass.py -%{python3_sitearch}/samba/gp_gnome_settings_ext.py -%{python3_sitearch}/samba/gp_scripts_ext.py -%{python3_sitearch}/samba/gp_sec_ext.py -%{python3_sitearch}/samba/gpo.*.so %{python3_sitearch}/samba/graph.py %{python3_sitearch}/samba/hostconfig.py %{python3_sitearch}/samba/idmap.py @@ -2487,14 +2579,57 @@ fi %{python3_sitearch}/samba/emulate/__init__.py %{python3_sitearch}/samba/emulate/traffic.py %{python3_sitearch}/samba/emulate/traffic_packets.py -%{python3_sitearch}/samba/gp_cert_auto_enroll_ext.py -%{python3_sitearch}/samba/gp_chromium_ext.py -%{python3_sitearch}/samba/gp_ext_loader.py -%{python3_sitearch}/samba/gp_firefox_ext.py -%{python3_sitearch}/samba/gp_firewalld_ext.py -%{python3_sitearch}/samba/gp_msgs_ext.py -%{python3_sitearch}/samba/gp_smb_conf_ext.py -%{python3_sitearch}/samba/gp_sudoers_ext.py +%dir %{python3_sitearch}/samba/gp +%dir %{python3_sitearch}/samba/gp/__pycache__ +%{python3_sitearch}/samba/gp/__pycache__/gpclass.*.pyc +%{python3_sitearch}/samba/gp/__pycache__/gp_centrify_crontab_ext.*.pyc +%{python3_sitearch}/samba/gp/__pycache__/gp_centrify_sudoers_ext.*.pyc +%{python3_sitearch}/samba/gp/__pycache__/gp_cert_auto_enroll_ext.*.pyc +%{python3_sitearch}/samba/gp/__pycache__/gp_chromium_ext.*.pyc +%{python3_sitearch}/samba/gp/__pycache__/gp_ext_loader.*.pyc +%{python3_sitearch}/samba/gp/__pycache__/gp_firefox_ext.*.pyc +%{python3_sitearch}/samba/gp/__pycache__/gp_firewalld_ext.*.pyc +%{python3_sitearch}/samba/gp/__pycache__/gp_gnome_settings_ext.*.pyc +%{python3_sitearch}/samba/gp/__pycache__/gp_msgs_ext.*.pyc +%{python3_sitearch}/samba/gp/__pycache__/gp_scripts_ext.*.pyc +%{python3_sitearch}/samba/gp/__pycache__/gp_sec_ext.*.pyc +%{python3_sitearch}/samba/gp/__pycache__/gp_smb_conf_ext.*.pyc +%{python3_sitearch}/samba/gp/__pycache__/gp_sudoers_ext.*.pyc +%{python3_sitearch}/samba/gp/__pycache__/vgp_access_ext.*.pyc +%{python3_sitearch}/samba/gp/__pycache__/vgp_files_ext.*.pyc +%{python3_sitearch}/samba/gp/__pycache__/vgp_issue_ext.*.pyc +%{python3_sitearch}/samba/gp/__pycache__/vgp_motd_ext.*.pyc +%{python3_sitearch}/samba/gp/__pycache__/vgp_openssh_ext.*.pyc +%{python3_sitearch}/samba/gp/__pycache__/vgp_startup_scripts_ext.*.pyc +%{python3_sitearch}/samba/gp/__pycache__/vgp_sudoers_ext.*.pyc +%{python3_sitearch}/samba/gp/__pycache__/vgp_symlink_ext.*.pyc +%{python3_sitearch}/samba/gp/gpclass.py +%{python3_sitearch}/samba/gp/gp_gnome_settings_ext.py +%{python3_sitearch}/samba/gp/gp_scripts_ext.py +%{python3_sitearch}/samba/gp/gp_sec_ext.py +%{python3_sitearch}/samba/gp/gp_centrify_crontab_ext.py +%{python3_sitearch}/samba/gp/gp_centrify_sudoers_ext.py +%{python3_sitearch}/samba/gp/gp_cert_auto_enroll_ext.py +%{python3_sitearch}/samba/gp/gp_chromium_ext.py +%{python3_sitearch}/samba/gp/gp_ext_loader.py +%{python3_sitearch}/samba/gp/gp_firefox_ext.py +%{python3_sitearch}/samba/gp/gp_firewalld_ext.py +%{python3_sitearch}/samba/gp/gp_msgs_ext.py +%{python3_sitearch}/samba/gp/gp_smb_conf_ext.py +%{python3_sitearch}/samba/gp/gp_sudoers_ext.py +%dir %{python3_sitearch}/samba/gp/util +%dir %{python3_sitearch}/samba/gp/util/__pycache__ +%{python3_sitearch}/samba/gp/util/__pycache__/logging.*.pyc +%{python3_sitearch}/samba/gp/util/logging.py +%{python3_sitearch}/samba/gp/vgp_access_ext.py +%{python3_sitearch}/samba/gp/vgp_files_ext.py +%{python3_sitearch}/samba/gp/vgp_issue_ext.py +%{python3_sitearch}/samba/gp/vgp_motd_ext.py +%{python3_sitearch}/samba/gp/vgp_openssh_ext.py +%{python3_sitearch}/samba/gp/vgp_startup_scripts_ext.py +%{python3_sitearch}/samba/gp/vgp_sudoers_ext.py +%{python3_sitearch}/samba/gp/vgp_symlink_ext.py +%{python3_sitearch}/samba/gpo.*.so %dir %{python3_sitearch}/samba/gp_parse %{python3_sitearch}/samba/gp_parse/__init__.py %dir %{python3_sitearch}/samba/gp_parse/__pycache__ @@ -2589,9 +2724,11 @@ fi %{python3_sitearch}/samba/samba3/mdscli.*.so %{python3_sitearch}/samba/samba3/param.*.so %{python3_sitearch}/samba/samba3/passdb.*.so +%{python3_sitearch}/samba/samba3/smbconf.*.so %{python3_sitearch}/samba/samba3/smbd.*.so %{python3_sitearch}/samba/sd_utils.py %{python3_sitearch}/samba/sites.py +%{python3_sitearch}/samba/smbconf.*.so %{python3_sitearch}/samba/subnets.py %dir %{python3_sitearch}/samba/subunit %{python3_sitearch}/samba/subunit/__init__.py @@ -2603,14 +2740,6 @@ fi %{python3_sitearch}/samba/trust_utils.py %{python3_sitearch}/samba/upgrade.py %{python3_sitearch}/samba/upgradehelpers.py -%{python3_sitearch}/samba/vgp_access_ext.py -%{python3_sitearch}/samba/vgp_files_ext.py -%{python3_sitearch}/samba/vgp_issue_ext.py -%{python3_sitearch}/samba/vgp_motd_ext.py -%{python3_sitearch}/samba/vgp_openssh_ext.py -%{python3_sitearch}/samba/vgp_startup_scripts_ext.py -%{python3_sitearch}/samba/vgp_sudoers_ext.py -%{python3_sitearch}/samba/vgp_symlink_ext.py %{python3_sitearch}/samba/werror.*.so %{python3_sitearch}/samba/xattr.py %{python3_sitearch}/samba/xattr_native.*.so @@ -2756,6 +2885,7 @@ fi %{python3_sitearch}/samba/tests/__pycache__/ldap_spn.*.pyc %{python3_sitearch}/samba/tests/__pycache__/ldap_upn_sam_account.*.pyc %{python3_sitearch}/samba/tests/__pycache__/loadparm.*.pyc +%{python3_sitearch}/samba/tests/__pycache__/logfiles.*.pyc %{python3_sitearch}/samba/tests/__pycache__/libsmb.*.pyc %{python3_sitearch}/samba/tests/__pycache__/lsa_string.*.pyc %{python3_sitearch}/samba/tests/__pycache__/messaging.*.pyc @@ -2773,6 +2903,7 @@ fi %{python3_sitearch}/samba/tests/__pycache__/ntlm_auth_krb5.*.pyc %{python3_sitearch}/samba/tests/__pycache__/pam_winbind.*.pyc %{python3_sitearch}/samba/tests/__pycache__/pam_winbind_chauthtok.*.pyc +%{python3_sitearch}/samba/tests/__pycache__/pam_winbind_setcred.*.pyc %{python3_sitearch}/samba/tests/__pycache__/pam_winbind_warn_pwd_expire.*.pyc %{python3_sitearch}/samba/tests/__pycache__/param.*.pyc %{python3_sitearch}/samba/tests/__pycache__/password_hash.*.pyc @@ -2803,7 +2934,9 @@ fi %{python3_sitearch}/samba/tests/__pycache__/sddl.*.pyc %{python3_sitearch}/samba/tests/__pycache__/security.*.pyc %{python3_sitearch}/samba/tests/__pycache__/segfault.*.pyc +%{python3_sitearch}/samba/tests/__pycache__/sid_strings.*.pyc %{python3_sitearch}/samba/tests/__pycache__/smb.*.pyc +%{python3_sitearch}/samba/tests/__pycache__/smbconf.*.pyc %{python3_sitearch}/samba/tests/__pycache__/smb-notify.*.pyc %{python3_sitearch}/samba/tests/__pycache__/smbd_base.*.pyc %{python3_sitearch}/samba/tests/__pycache__/smbd_fuzztest.*.pyc @@ -2838,6 +2971,7 @@ fi %{python3_sitearch}/samba/tests/blackbox/__pycache__/downgradedatabase.*.pyc %{python3_sitearch}/samba/tests/blackbox/__pycache__/mdsearch.*.pyc %{python3_sitearch}/samba/tests/blackbox/__pycache__/ndrdump.*.pyc +%{python3_sitearch}/samba/tests/blackbox/__pycache__/netads_dns.*.pyc %{python3_sitearch}/samba/tests/blackbox/__pycache__/netads_json.*.pyc %{python3_sitearch}/samba/tests/blackbox/__pycache__/samba_dnsupdate.*.pyc %{python3_sitearch}/samba/tests/blackbox/__pycache__/smbcacls.*.pyc @@ -2854,6 +2988,7 @@ fi %{python3_sitearch}/samba/tests/blackbox/downgradedatabase.py %{python3_sitearch}/samba/tests/blackbox/mdsearch.py %{python3_sitearch}/samba/tests/blackbox/ndrdump.py +%{python3_sitearch}/samba/tests/blackbox/netads_dns.py %{python3_sitearch}/samba/tests/blackbox/netads_json.py %{python3_sitearch}/samba/tests/blackbox/samba_dnsupdate.py %{python3_sitearch}/samba/tests/blackbox/smbcacls.py @@ -2978,8 +3113,11 @@ fi %{python3_sitearch}/samba/tests/krb5/__pycache__/kdc_tests.*.pyc %{python3_sitearch}/samba/tests/krb5/__pycache__/kdc_tgs_tests.*.pyc %{python3_sitearch}/samba/tests/krb5/__pycache__/kpasswd_tests.*.pyc +%{python3_sitearch}/samba/tests/krb5/__pycache__/lockout_tests.*.pyc %{python3_sitearch}/samba/tests/krb5/__pycache__/ms_kile_client_principal_lookup_tests.*.pyc +%{python3_sitearch}/samba/tests/krb5/__pycache__/nt_hash_tests.*.pyc %{python3_sitearch}/samba/tests/krb5/__pycache__/pac_align_tests.*.pyc +%{python3_sitearch}/samba/tests/krb5/__pycache__/protected_users_tests.*.pyc %{python3_sitearch}/samba/tests/krb5/__pycache__/raw_testcase.*.pyc %{python3_sitearch}/samba/tests/krb5/__pycache__/rfc4120_constants.*.pyc %{python3_sitearch}/samba/tests/krb5/__pycache__/rfc4120_pyasn1.*.pyc @@ -3005,8 +3143,11 @@ fi %{python3_sitearch}/samba/tests/krb5/kdc_tests.py %{python3_sitearch}/samba/tests/krb5/kdc_tgs_tests.py %{python3_sitearch}/samba/tests/krb5/kpasswd_tests.py +%{python3_sitearch}/samba/tests/krb5/lockout_tests.py %{python3_sitearch}/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py +%{python3_sitearch}/samba/tests/krb5/nt_hash_tests.py %{python3_sitearch}/samba/tests/krb5/pac_align_tests.py +%{python3_sitearch}/samba/tests/krb5/protected_users_tests.py %{python3_sitearch}/samba/tests/krb5/raw_testcase.py %{python3_sitearch}/samba/tests/krb5/rfc4120_constants.py %{python3_sitearch}/samba/tests/krb5/rfc4120_pyasn1.py @@ -3029,6 +3170,7 @@ fi %{python3_sitearch}/samba/tests/ldap_upn_sam_account.py %{python3_sitearch}/samba/tests/libsmb.py %{python3_sitearch}/samba/tests/loadparm.py +%{python3_sitearch}/samba/tests/logfiles.py %{python3_sitearch}/samba/tests/lsa_string.py %{python3_sitearch}/samba/tests/messaging.py %{python3_sitearch}/samba/tests/ndr.py @@ -3045,6 +3187,7 @@ fi %{python3_sitearch}/samba/tests/ntlm_auth_krb5.py %{python3_sitearch}/samba/tests/pam_winbind.py %{python3_sitearch}/samba/tests/pam_winbind_chauthtok.py +%{python3_sitearch}/samba/tests/pam_winbind_setcred.py %{python3_sitearch}/samba/tests/pam_winbind_warn_pwd_expire.py %{python3_sitearch}/samba/tests/param.py %{python3_sitearch}/samba/tests/password_hash.py @@ -3153,7 +3296,9 @@ fi %{python3_sitearch}/samba/tests/sddl.py %{python3_sitearch}/samba/tests/security.py %{python3_sitearch}/samba/tests/segfault.py +%{python3_sitearch}/samba/tests/sid_strings.py %{python3_sitearch}/samba/tests/smb.py +%{python3_sitearch}/samba/tests/smbconf.py %{python3_sitearch}/samba/tests/smb-notify.py %{python3_sitearch}/samba/tests/smbd_base.py %{python3_sitearch}/samba/tests/smbd_fuzztest.py @@ -3196,6 +3341,12 @@ fi %{_libdir}/samba/libdsdb-module-samba4.so %endif +### USERSHARES +%files usershares +%config(noreplace) %{_sysconfdir}/samba/usershares.conf +%attr(1770,root,usershares) %dir /var/lib/samba/usershares +%{_sysusersdir}/samba-usershares.conf + ### WINBIND %files winbind %{_libdir}/samba/idmap @@ -3274,7 +3425,6 @@ fi %config(noreplace) %{_sysconfdir}/ctdb/nfs-checks.d/50.rquotad.check %{_sbindir}/ctdbd -%{_sbindir}/ctdbd_wrapper %{_bindir}/ctdb %{_bindir}/ctdb_diagnostics %{_bindir}/ltdbtool @@ -3307,7 +3457,6 @@ fi %{_mandir}/man1/onnode.1.gz %{_mandir}/man1/ltdbtool.1.gz %{_mandir}/man1/ping_pong.1.gz -%{_mandir}/man1/ctdbd_wrapper.1.gz %{_mandir}/man5/ctdb.conf.5.gz %{_mandir}/man5/ctdb-script.options.5.gz %{_mandir}/man5/ctdb.sysconfig.5.gz @@ -4163,6 +4312,9 @@ fi %endif %changelog +* Wed Oct 26 2022 Andreas Schneider - 4.17.2-101 +- resolves: rhbz#2131993 - Update to version 4.17.2 + * Thu Aug 25 2022 Andreas Schneider - 4.16.4-101 - resolves: rhbz#2121317 - Do not require samba package in python3-samba diff --git a/sources b/sources index 851386b..7e94758 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (samba-4.16.4.tar.xz) = 263c33f202462c50ba9205232cc59f17eef6526bbe97cc1c6be6606e5e2fa8e235f24693da5ef00106ed126c5e2e1d83e2cfc0d2a690303ac94a8737e6760e95 -SHA512 (samba-4.16.4.tar.asc) = aec1d0dc15169dfa0f68776cff083b8a9ecfeb348d20cde02e236eda3548e1df13f6df3e9275ede6e8fdc6193b2fd304d2f493507b49f5877dbb6b7181d90367 +SHA512 (samba-4.17.2.tar.asc) = 0cb78e234e812d853ea2e795dbd2dba13bdd45e484a206ecaa54fb353e5d55697bb4cddc5d6e46bf43fa6d5bbcc32d62324dc907d0d122f99bcb3c220ab7d1ef +SHA512 (samba-4.17.2.tar.xz) = 6450deb75ee0b0a6a8e814f62e71973fe4d3e04050a3af42d1c6a3fb3603f0b2b02fa2b86e9a2309f1141a7f2d4ddc32ec4f51457f3c6d735fd19c9750254e31 diff --git a/usershares.conf.vendor b/usershares.conf.vendor new file mode 100644 index 0000000..38a7885 --- /dev/null +++ b/usershares.conf.vendor @@ -0,0 +1,3 @@ +[global] + usershare max shares = 100 + usershare allow guests = yes