import samba-4.17.5-2.el8
This commit is contained in:
		
							parent
							
								
									122824123f
								
							
						
					
					
						commit
						f16b5f7a86
					
				
							
								
								
									
										2
									
								
								.gitignore
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										2
									
								
								.gitignore
									
									
									
									
										vendored
									
									
								
							| @ -1,2 +1,2 @@ | |||||||
| SOURCES/samba-4.16.4.tar.xz | SOURCES/samba-4.17.5.tar.xz | ||||||
| SOURCES/samba-pubkey_AA99442FB680B620.gpg | SOURCES/samba-pubkey_AA99442FB680B620.gpg | ||||||
|  | |||||||
| @ -1,2 +1,2 @@ | |||||||
| c943ec2e8b9413cd3465e39481b49872b4486e86 SOURCES/samba-4.16.4.tar.xz | 68926a886d20bbd5b4d768d9788d4b5a5ca399e5 SOURCES/samba-4.17.5.tar.xz | ||||||
| 971f563c447eda8d144d6c9e743cd0f0488c0d9e SOURCES/samba-pubkey_AA99442FB680B620.gpg | 971f563c447eda8d144d6c9e743cd0f0488c0d9e SOURCES/samba-pubkey_AA99442FB680B620.gpg | ||||||
|  | |||||||
										
											
												File diff suppressed because it is too large
												Load Diff
											
										
									
								
							
										
											
												File diff suppressed because it is too large
												Load Diff
											
										
									
								
							| @ -1,59 +0,0 @@ | |||||||
| From 5c8e34cae96ee65d34da61801a0f04c562006369 Mon Sep 17 00:00:00 2001 |  | ||||||
| From: Andrew <awalker@ixsystems.com> |  | ||||||
| Date: Fri, 16 Dec 2022 08:16:10 -0800 |  | ||||||
| Subject: [PATCH] rpc_server:srvsvc - retrieve share ACL via root context |  | ||||||
| 
 |  | ||||||
| share_info.tdb has permissions of 0o600 and so we need |  | ||||||
| to become_root() prior to retrieving the security info. |  | ||||||
| 
 |  | ||||||
| BUG: https://bugzilla.samba.org/show_bug.cgi?id=15265 |  | ||||||
| 
 |  | ||||||
| Signed-off-by: Andrew Walker <awalker@ixsystems.com> |  | ||||||
| Reviewed-by: Jeremy Allison <jra@samba.org> |  | ||||||
| 
 |  | ||||||
| Autobuild-User(master): Jeremy Allison <jra@samba.org> |  | ||||||
| Autobuild-Date(master): Mon Dec 19 20:41:15 UTC 2022 on sn-devel-184 |  | ||||||
| 
 |  | ||||||
| (cherry picked from commit 80c0b416892bfacc0d919fe032461748d7962f05) |  | ||||||
| ---
 |  | ||||||
|  source3/rpc_server/srvsvc/srv_srvsvc_nt.c | 17 ++++++++++++++--- |  | ||||||
|  1 file changed, 14 insertions(+), 3 deletions(-) |  | ||||||
| 
 |  | ||||||
| diff --git a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
 |  | ||||||
| index 233718ff310..fbc617c3ac1 100644
 |  | ||||||
| --- a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
 |  | ||||||
| +++ b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
 |  | ||||||
| @@ -540,6 +540,7 @@ static bool is_hidden_share(int snum)
 |  | ||||||
|  static bool is_enumeration_allowed(struct pipes_struct *p, |  | ||||||
|                                     int snum) |  | ||||||
|  { |  | ||||||
| +	bool allowed;
 |  | ||||||
|  	struct dcesrv_call_state *dce_call = p->dce_call; |  | ||||||
|  	struct auth_session_info *session_info = |  | ||||||
|  		dcesrv_call_session_info(dce_call); |  | ||||||
| @@ -556,9 +557,19 @@ static bool is_enumeration_allowed(struct pipes_struct *p,
 |  | ||||||
|  		return false; |  | ||||||
|  	} |  | ||||||
|   |  | ||||||
| -	return share_access_check(session_info->security_token,
 |  | ||||||
| -				  lp_servicename(talloc_tos(), lp_sub, snum),
 |  | ||||||
| -				  FILE_READ_DATA, NULL);
 |  | ||||||
| +
 |  | ||||||
| +	/*
 |  | ||||||
| +	 * share_access_check() must be opened as root
 |  | ||||||
| +	 * because it ultimately gets a R/W db handle on share_info.tdb
 |  | ||||||
| +	 * which has 0o600 permissions
 |  | ||||||
| +	 */
 |  | ||||||
| +	become_root();
 |  | ||||||
| +	allowed = share_access_check(session_info->security_token,
 |  | ||||||
| +				     lp_servicename(talloc_tos(), lp_sub, snum),
 |  | ||||||
| +				     FILE_READ_DATA, NULL);
 |  | ||||||
| +	unbecome_root();
 |  | ||||||
| +
 |  | ||||||
| +	return allowed;
 |  | ||||||
|  } |  | ||||||
|   |  | ||||||
|  /**************************************************************************** |  | ||||||
| -- 
 |  | ||||||
| 2.34.1 |  | ||||||
| 
 |  | ||||||
| @ -1,77 +0,0 @@ | |||||||
| From 41d3efebcf6abab9119f9b0f97c86c1c48739fee Mon Sep 17 00:00:00 2001 |  | ||||||
| From: Andreas Schneider <asn@samba.org> |  | ||||||
| Date: Mon, 4 Apr 2022 11:24:04 +0200 |  | ||||||
| Subject: [PATCH 1/2] waf: Check for GnuTLS earlier |  | ||||||
| 
 |  | ||||||
| As GnuTLS is an essential part we need to check for it early so we can react on |  | ||||||
| GnuTLS features in other wscripts. |  | ||||||
| 
 |  | ||||||
| Signed-off-by: Andreas Schneider <asn@samba.org> |  | ||||||
| ---
 |  | ||||||
|  wscript | 4 ++-- |  | ||||||
|  1 file changed, 2 insertions(+), 2 deletions(-) |  | ||||||
| 
 |  | ||||||
| diff --git a/wscript b/wscript
 |  | ||||||
| index d8220b35095..5b85d9a1682 100644
 |  | ||||||
| --- a/wscript
 |  | ||||||
| +++ b/wscript
 |  | ||||||
| @@ -189,6 +189,8 @@ def configure(conf):
 |  | ||||||
|      conf.RECURSE('dynconfig') |  | ||||||
|      conf.RECURSE('selftest') |  | ||||||
|   |  | ||||||
| +    conf.PROCESS_SEPARATE_RULE('system_gnutls')
 |  | ||||||
| +
 |  | ||||||
|      conf.CHECK_CFG(package='zlib', minversion='1.2.3', |  | ||||||
|                     args='--cflags --libs', |  | ||||||
|                     mandatory=True) |  | ||||||
| @@ -297,8 +299,6 @@ def configure(conf):
 |  | ||||||
|      if not conf.CONFIG_GET('KRB5_VENDOR'): |  | ||||||
|          conf.PROCESS_SEPARATE_RULE('embedded_heimdal') |  | ||||||
|   |  | ||||||
| -    conf.PROCESS_SEPARATE_RULE('system_gnutls')
 |  | ||||||
| -
 |  | ||||||
|      conf.RECURSE('source4/dsdb/samdb/ldb_modules') |  | ||||||
|      conf.RECURSE('source4/ntvfs/sysdep') |  | ||||||
|      conf.RECURSE('lib/util') |  | ||||||
| -- 
 |  | ||||||
| 2.35.1 |  | ||||||
| 
 |  | ||||||
| 
 |  | ||||||
| From 63701a28116afc1550c23cb5f7b9d6e366fd1270 Mon Sep 17 00:00:00 2001 |  | ||||||
| From: Andreas Schneider <asn@samba.org> |  | ||||||
| Date: Mon, 4 Apr 2022 11:25:31 +0200 |  | ||||||
| Subject: [PATCH 2/2] third_party:waf: Do not recurse in aesni-intel if GnuTLS |  | ||||||
|  provides the cipher |  | ||||||
| 
 |  | ||||||
| Signed-off-by: Andreas Schneider <asn@samba.org> |  | ||||||
| ---
 |  | ||||||
|  third_party/wscript | 6 ++++-- |  | ||||||
|  1 file changed, 4 insertions(+), 2 deletions(-) |  | ||||||
| 
 |  | ||||||
| diff --git a/third_party/wscript b/third_party/wscript
 |  | ||||||
| index 1f4bc1ce1d7..a17c15bcaa7 100644
 |  | ||||||
| --- a/third_party/wscript
 |  | ||||||
| +++ b/third_party/wscript
 |  | ||||||
| @@ -5,7 +5,8 @@ from waflib import Options
 |  | ||||||
|  def configure(conf): |  | ||||||
|      conf.RECURSE('cmocka') |  | ||||||
|      conf.RECURSE('popt') |  | ||||||
| -    conf.RECURSE('aesni-intel')
 |  | ||||||
| +    if not conf.CONFIG_SET('HAVE_GNUTLS_AES_CMAC'):
 |  | ||||||
| +        conf.RECURSE('aesni-intel')
 |  | ||||||
|      if conf.CONFIG_GET('ENABLE_SELFTEST'): |  | ||||||
|          conf.RECURSE('socket_wrapper') |  | ||||||
|          conf.RECURSE('nss_wrapper') |  | ||||||
| @@ -18,7 +19,8 @@ def configure(conf):
 |  | ||||||
|  def build(bld): |  | ||||||
|      bld.RECURSE('cmocka') |  | ||||||
|      bld.RECURSE('popt') |  | ||||||
| -    bld.RECURSE('aesni-intel')
 |  | ||||||
| +    if not bld.CONFIG_SET('HAVE_GNUTLS_AES_CMAC'):
 |  | ||||||
| +        bld.RECURSE('aesni-intel')
 |  | ||||||
|      if bld.CONFIG_GET('SOCKET_WRAPPER'): |  | ||||||
|          bld.RECURSE('socket_wrapper') |  | ||||||
|      if bld.CONFIG_GET('NSS_WRAPPER'): |  | ||||||
| -- 
 |  | ||||||
| 2.35.1 |  | ||||||
| 
 |  | ||||||
| @ -1,16 +0,0 @@ | |||||||
| -----BEGIN PGP SIGNATURE----- |  | ||||||
| 
 |  | ||||||
| iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmLg520ACgkQqplEL7aA |  | ||||||
| tiBsuA//ZqQhoz1unYEMk6tqu528xGweYd488gjdKkszWPCI5NmGbmvN/tbhUIc3 |  | ||||||
| WbJO8oPEFN81+a0b7nsKxpgDt8IR00rx4mA3A5rh+Z1PTbUWpjBxchTsXZsEaDaE |  | ||||||
| dA/pRes+rzDpjLg2VWAd+5SDwy1d5ZfZ+gX/qntfpgYLqiBfJNJJPxCEFqnG1IUF |  | ||||||
| xaWwKQNuduq89Wr3LabSCjx4IMQEABr8VN+WZG5JhmKBaad1I5tOBOFypLS0iKUX |  | ||||||
| bGsMr3itdKFvYmAFM2ZbY/Q7DZb5GIUvNOqyRcBYQe33tqS2GYjEHS0tbXoNP5l2 |  | ||||||
| gQcs3FiebX6Bi4I6EoFL380LLG1zskCV5xRtGIvrW7SOKCnkaswuxlHEQSVWFc0A |  | ||||||
| 2aZmT7RaKYwtm+0kD+Fq3PWBwPvLBgiCP9oohfOgqrW9VnIJNbyCyJcBbK8snS0a |  | ||||||
| KIfr+hM+ccNBVhmpFWRjA0WkVW9d9/tcDFN63nTQJkZg4cXZboMVO7fjmo4U1oJK |  | ||||||
| qIVU5Xr0e5TXLNWguvr6t03CUvtfgBHMYFrHRX4HJTN7Z3m4WxAYt+jspIavQP/S |  | ||||||
| muj4g/INYmjZmBG2f9mign6Tt3MtOtHlymMFAJ1t1e+9B5v1dkmO4T6ffqbDgvg5 |  | ||||||
| bnAFUM5+bzW81DGJNbITDSNBU7PokwP4cQBNTVtgK38DW4BiPO8= |  | ||||||
| =6kYO |  | ||||||
| -----END PGP SIGNATURE----- |  | ||||||
							
								
								
									
										16
									
								
								SOURCES/samba-4.17.5.tar.asc
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										16
									
								
								SOURCES/samba-4.17.5.tar.asc
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,16 @@ | |||||||
|  | -----BEGIN PGP SIGNATURE----- | ||||||
|  | 
 | ||||||
|  | iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmPSvJEACgkQqplEL7aA | ||||||
|  | tiDXbA//bPY+2A4y8zPJLibWjRtmv76xTgj1EJMZoC5d7+5PXQfuVhVULGYrxriF | ||||||
|  | MIF4CtTnMDk20mihnQb03csGpZGvqfBKbZg6jYolqeTmwRDgKXf9dxLxYYBGswPN | ||||||
|  | JXiF/ZvDQzEorrsz24o7i9Pe44IXpdf7+3RjIXhKjCa2vFQibTndGRhYb0UYiR9S | ||||||
|  | DELp6V/rmV9/BrYWVhHVnuzROzNWsrXIyu1GPNRWdX6ptJmjq6f8wZUP0NODYsBP | ||||||
|  | e0+BpXwob795tDSAMBnbnp7ZsHRYgB2/iWDTe19MF5LjHCcPwRWmzfZjiWQuz11D | ||||||
|  | kg7RUmlTkpU0mrToM+Uyg3Lhc8sayojDTHkIuIPBTuirdKuyP5Zov1wCaPuvf8Ew | ||||||
|  | LCQlQsC2AVeko8xY7P5ieXrmsfncoKR23S0MaKM6oNXooMJcNFnemMvCsOGGeGCi | ||||||
|  | HJa1whPdI5Cj3zLB5X35UNMmauS7qWyyj3lS2horg8L/iIQ3R3q+0Xkd5VmX1BXz | ||||||
|  | EhVDvOnb1F7E9HFlxhZRJFufpnHrGZX6ZYe6BqP8oU092UUU5JMeIqe20wG/dAtX | ||||||
|  | B91QhITdPDnM4KrSbch9i+BKW1xD8srRXu4yqMTZp6X6dPh6lnzVn6vj4uKNCMwz | ||||||
|  | 2qLa3Rl+cRON1uTeFJXSTHg/diHjKriu3+bCqm0RlHAFLMtvudk= | ||||||
|  | =gZl3 | ||||||
|  | -----END PGP SIGNATURE----- | ||||||
| @ -1,642 +0,0 @@ | |||||||
| From 5d7ec9a00b6f4c6768c606d37d235415f2006445 Mon Sep 17 00:00:00 2001 |  | ||||||
| From: Isaac Boukris <iboukris@gmail.com> |  | ||||||
| Date: Fri, 27 Sep 2019 18:25:03 +0300 |  | ||||||
| Subject: [PATCH 1/3] mit-kdc: add basic loacl realm S4U support |  | ||||||
| 
 |  | ||||||
| Signed-off-by: Isaac Boukris <iboukris@gmail.com> |  | ||||||
| Pair-Programmed-With: Andreas Schneider <asn@samba.org> |  | ||||||
| ---
 |  | ||||||
|  source4/kdc/mit-kdb/kdb_samba_policies.c | 124 +++++++++++------------ |  | ||||||
|  source4/kdc/mit_samba.c                  |  47 ++------- |  | ||||||
|  source4/kdc/mit_samba.h                  |   6 +- |  | ||||||
|  3 files changed, 71 insertions(+), 106 deletions(-) |  | ||||||
| 
 |  | ||||||
| diff --git a/source4/kdc/mit-kdb/kdb_samba_policies.c b/source4/kdc/mit-kdb/kdb_samba_policies.c
 |  | ||||||
| index 793fe366c35..22534c09974 100644
 |  | ||||||
| --- a/source4/kdc/mit-kdb/kdb_samba_policies.c
 |  | ||||||
| +++ b/source4/kdc/mit-kdb/kdb_samba_policies.c
 |  | ||||||
| @@ -200,13 +200,17 @@ static krb5_error_code ks_verify_pac(krb5_context context,
 |  | ||||||
|  				     krb5_keyblock *krbtgt_key, |  | ||||||
|  				     krb5_timestamp authtime, |  | ||||||
|  				     krb5_authdata **tgt_auth_data, |  | ||||||
| -				     krb5_pac *pac)
 |  | ||||||
| +				     krb5_pac *out_pac)
 |  | ||||||
|  { |  | ||||||
|  	struct mit_samba_context *mit_ctx; |  | ||||||
|  	krb5_authdata **authdata = NULL; |  | ||||||
| -	krb5_pac ipac = NULL;
 |  | ||||||
| -	DATA_BLOB logon_data = { NULL, 0 };
 |  | ||||||
| +	krb5_keyblock *header_server_key = NULL;
 |  | ||||||
| +	krb5_key_data *impersonator_kd = NULL;
 |  | ||||||
| +	krb5_keyblock impersonator_key = {0};
 |  | ||||||
|  	krb5_error_code code; |  | ||||||
| +	krb5_pac pac;
 |  | ||||||
| +
 |  | ||||||
| +	*out_pac = NULL;
 |  | ||||||
|   |  | ||||||
|  	mit_ctx = ks_get_context(context); |  | ||||||
|  	if (mit_ctx == NULL) { |  | ||||||
| @@ -238,41 +242,43 @@ static krb5_error_code ks_verify_pac(krb5_context context,
 |  | ||||||
|  	code = krb5_pac_parse(context, |  | ||||||
|  			      authdata[0]->contents, |  | ||||||
|  			      authdata[0]->length, |  | ||||||
| -			      &ipac);
 |  | ||||||
| +			      &pac);
 |  | ||||||
|  	if (code != 0) { |  | ||||||
|  		goto done; |  | ||||||
|  	} |  | ||||||
|   |  | ||||||
| -	/* TODO: verify this is correct
 |  | ||||||
| -	 *
 |  | ||||||
| -	 * In the constrained delegation case, the PAC is from a service
 |  | ||||||
| -	 * ticket rather than a TGT; we must verify the server and KDC
 |  | ||||||
| -	 * signatures to assert that the server did not forge the PAC.
 |  | ||||||
| +	/*
 |  | ||||||
| +	 * For constrained delegation in MIT version < 1.18 we aren't provided
 |  | ||||||
| +	 * with the 2nd ticket server key to verify the PAC.
 |  | ||||||
| +	 * We can workaround that by fetching the key from the client db entry,
 |  | ||||||
| +	 * which is the impersonator account in that version.
 |  | ||||||
| +	 * TODO: use the provided entry in the new 1.18 version.
 |  | ||||||
|  	 */ |  | ||||||
|  	if (flags & KRB5_KDB_FLAG_CONSTRAINED_DELEGATION) { |  | ||||||
| -		code = krb5_pac_verify(context,
 |  | ||||||
| -				       ipac,
 |  | ||||||
| -				       authtime,
 |  | ||||||
| -				       client_princ,
 |  | ||||||
| -				       server_key,
 |  | ||||||
| -				       krbtgt_key);
 |  | ||||||
| +		/* The impersonator must be local. */
 |  | ||||||
| +		if (client == NULL) {
 |  | ||||||
| +			code = KRB5KDC_ERR_BADOPTION;
 |  | ||||||
| +			goto done;
 |  | ||||||
| +		}
 |  | ||||||
| +		/* Fetch and decrypt 2nd ticket server's current key. */
 |  | ||||||
| +		code = krb5_dbe_find_enctype(context, client, -1, -1, 0,
 |  | ||||||
| +					     &impersonator_kd);
 |  | ||||||
| +		if (code != 0) {
 |  | ||||||
| +			goto done;
 |  | ||||||
| +		}
 |  | ||||||
| +		code = krb5_dbe_decrypt_key_data(context, NULL,
 |  | ||||||
| +						 impersonator_kd,
 |  | ||||||
| +						 &impersonator_key, NULL);
 |  | ||||||
| +		if (code != 0) {
 |  | ||||||
| +			goto done;
 |  | ||||||
| +		}
 |  | ||||||
| +		header_server_key = &impersonator_key;
 |  | ||||||
|  	} else { |  | ||||||
| -		code = krb5_pac_verify(context,
 |  | ||||||
| -				       ipac,
 |  | ||||||
| -				       authtime,
 |  | ||||||
| -				       client_princ,
 |  | ||||||
| -				       krbtgt_key,
 |  | ||||||
| -				       NULL);
 |  | ||||||
| -	}
 |  | ||||||
| -	if (code != 0) {
 |  | ||||||
| -		goto done;
 |  | ||||||
| +		header_server_key = krbtgt_key;
 |  | ||||||
|  	} |  | ||||||
|   |  | ||||||
| -	/* check and update PAC */
 |  | ||||||
| -	code = krb5_pac_parse(context,
 |  | ||||||
| -			      authdata[0]->contents,
 |  | ||||||
| -			      authdata[0]->length,
 |  | ||||||
| -			      pac);
 |  | ||||||
| +	code = krb5_pac_verify(context, pac, authtime, client_princ,
 |  | ||||||
| +			       header_server_key, NULL);
 |  | ||||||
|  	if (code != 0) { |  | ||||||
|  		goto done; |  | ||||||
|  	} |  | ||||||
| @@ -280,17 +286,22 @@ static krb5_error_code ks_verify_pac(krb5_context context,
 |  | ||||||
|  	code = mit_samba_reget_pac(mit_ctx, |  | ||||||
|  				   context, |  | ||||||
|  				   flags, |  | ||||||
| -				   client_princ,
 |  | ||||||
|  				   client, |  | ||||||
|  				   server, |  | ||||||
|  				   krbtgt, |  | ||||||
|  				   krbtgt_key, |  | ||||||
| -				   pac);
 |  | ||||||
| +				   &pac);
 |  | ||||||
| +	if (code != 0) {
 |  | ||||||
| +		goto done;
 |  | ||||||
| +	}
 |  | ||||||
| +
 |  | ||||||
| +	*out_pac = pac;
 |  | ||||||
| +	pac = NULL;
 |  | ||||||
|   |  | ||||||
|  done: |  | ||||||
| +	krb5_free_keyblock_contents(context, &impersonator_key);
 |  | ||||||
|  	krb5_free_authdata(context, authdata); |  | ||||||
| -	krb5_pac_free(context, ipac);
 |  | ||||||
| -	free(logon_data.data);
 |  | ||||||
| +	krb5_pac_free(context, pac);
 |  | ||||||
|   |  | ||||||
|  	return code; |  | ||||||
|  } |  | ||||||
| @@ -319,6 +330,7 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
 |  | ||||||
|  	krb5_authdata **pac_auth_data = NULL; |  | ||||||
|  	krb5_authdata **authdata = NULL; |  | ||||||
|  	krb5_boolean is_as_req; |  | ||||||
| +	krb5_const_principal pac_client;
 |  | ||||||
|  	krb5_error_code code; |  | ||||||
|  	krb5_pac pac = NULL; |  | ||||||
|  	krb5_data pac_data; |  | ||||||
| @@ -330,11 +342,6 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
 |  | ||||||
|  	krbtgt = krbtgt == NULL ? local_krbtgt : krbtgt; |  | ||||||
|  	krbtgt_key = krbtgt_key == NULL ? local_krbtgt_key : krbtgt_key; |  | ||||||
|   |  | ||||||
| -	/* FIXME: We don't support S4U yet */
 |  | ||||||
| -	if (flags & KRB5_KDB_FLAGS_S4U) {
 |  | ||||||
| -		return KRB5_KDB_DBTYPE_NOSUP;
 |  | ||||||
| -	}
 |  | ||||||
| -
 |  | ||||||
|  	is_as_req = ((flags & KRB5_KDB_FLAG_CLIENT_REFERRALS_ONLY) != 0); |  | ||||||
|   |  | ||||||
|  	/* |  | ||||||
| @@ -395,6 +402,16 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
 |  | ||||||
|  		ks_client_princ = client->princ; |  | ||||||
|  	} |  | ||||||
|   |  | ||||||
| +	/* In protocol transition, we are currently not provided with the tgt
 |  | ||||||
| +	 * client name to verify the PAC, we could probably skip the name
 |  | ||||||
| +	 * verification and just verify the signatures, but since we don't
 |  | ||||||
| +	 * support cross-realm nor aliases, we can just use server->princ */
 |  | ||||||
| +	if (flags & KRB5_KDB_FLAG_PROTOCOL_TRANSITION) {
 |  | ||||||
| +		pac_client = server->princ;
 |  | ||||||
| +	} else {
 |  | ||||||
| +		pac_client = ks_client_princ;
 |  | ||||||
| +	}
 |  | ||||||
| +
 |  | ||||||
|  	if (client_entry == NULL) { |  | ||||||
|  		client_entry = client; |  | ||||||
|  	} |  | ||||||
| @@ -469,7 +486,7 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
 |  | ||||||
|   |  | ||||||
|  			code = ks_verify_pac(context, |  | ||||||
|  					     flags, |  | ||||||
| -					     ks_client_princ,
 |  | ||||||
| +					     pac_client,
 |  | ||||||
|  					     client_entry, |  | ||||||
|  					     server, |  | ||||||
|  					     krbtgt, |  | ||||||
| @@ -515,7 +532,7 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
 |  | ||||||
|  		  is_as_req ? "AS-REQ" : "TGS-REQ", |  | ||||||
|  		  client_name); |  | ||||||
|  	code = krb5_pac_sign(context, pac, authtime, ks_client_princ, |  | ||||||
| -			server_key, krbtgt_key, &pac_data);
 |  | ||||||
| +			     server_key, krbtgt_key, &pac_data);
 |  | ||||||
|  	if (code != 0) { |  | ||||||
|  		DBG_ERR("krb5_pac_sign failed: %d\n", code); |  | ||||||
|  		goto done; |  | ||||||
| @@ -541,12 +558,6 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
 |  | ||||||
|  					      KRB5_AUTHDATA_IF_RELEVANT, |  | ||||||
|  					      authdata, |  | ||||||
|  					      signed_auth_data); |  | ||||||
| -	if (code != 0) {
 |  | ||||||
| -		goto done;
 |  | ||||||
| -	}
 |  | ||||||
| -
 |  | ||||||
| -	code = 0;
 |  | ||||||
| -
 |  | ||||||
|  done: |  | ||||||
|  	if (client_entry != NULL && client_entry != client) { |  | ||||||
|  		ks_free_principal(context, client_entry); |  | ||||||
| @@ -572,32 +583,13 @@ krb5_error_code kdb_samba_db_check_allowed_to_delegate(krb5_context context,
 |  | ||||||
|  	 * server; -> delegating service |  | ||||||
|  	 * proxy; -> target principal |  | ||||||
|  	 */ |  | ||||||
| -	krb5_db_entry *delegating_service = discard_const_p(krb5_db_entry, server);
 |  | ||||||
| -
 |  | ||||||
| -	char *target_name = NULL;
 |  | ||||||
| -	bool is_enterprise;
 |  | ||||||
| -	krb5_error_code code;
 |  | ||||||
|   |  | ||||||
|  	mit_ctx = ks_get_context(context); |  | ||||||
|  	if (mit_ctx == NULL) { |  | ||||||
|  		return KRB5_KDB_DBNOTINITED; |  | ||||||
|  	} |  | ||||||
|   |  | ||||||
| -	code = krb5_unparse_name(context, proxy, &target_name);
 |  | ||||||
| -	if (code) {
 |  | ||||||
| -		goto done;
 |  | ||||||
| -	}
 |  | ||||||
| -
 |  | ||||||
| -	is_enterprise = (proxy->type == KRB5_NT_ENTERPRISE_PRINCIPAL);
 |  | ||||||
| -
 |  | ||||||
| -	code = mit_samba_check_s4u2proxy(mit_ctx,
 |  | ||||||
| -					 delegating_service,
 |  | ||||||
| -					 target_name,
 |  | ||||||
| -					 is_enterprise);
 |  | ||||||
| -
 |  | ||||||
| -done:
 |  | ||||||
| -	free(target_name);
 |  | ||||||
| -	return code;
 |  | ||||||
| +	return mit_samba_check_s4u2proxy(mit_ctx, server, proxy);
 |  | ||||||
|  } |  | ||||||
|   |  | ||||||
|   |  | ||||||
| diff --git a/source4/kdc/mit_samba.c b/source4/kdc/mit_samba.c
 |  | ||||||
| index cb72b5de294..03c2c2ea1de 100644
 |  | ||||||
| --- a/source4/kdc/mit_samba.c
 |  | ||||||
| +++ b/source4/kdc/mit_samba.c
 |  | ||||||
| @@ -517,7 +517,6 @@ int mit_samba_get_pac(struct mit_samba_context *smb_ctx,
 |  | ||||||
|  krb5_error_code mit_samba_reget_pac(struct mit_samba_context *ctx, |  | ||||||
|  				    krb5_context context, |  | ||||||
|  				    int flags, |  | ||||||
| -				    krb5_const_principal client_principal,
 |  | ||||||
|  				    krb5_db_entry *client, |  | ||||||
|  				    krb5_db_entry *server, |  | ||||||
|  				    krb5_db_entry *krbtgt, |  | ||||||
| @@ -689,7 +688,7 @@ krb5_error_code mit_samba_reget_pac(struct mit_samba_context *ctx,
 |  | ||||||
|  								  context, |  | ||||||
|  								  *pac, |  | ||||||
|  								  server->princ, |  | ||||||
| -								  discard_const(client_principal),
 |  | ||||||
| +								  client->princ,
 |  | ||||||
|  								  deleg_blob); |  | ||||||
|  		if (!NT_STATUS_IS_OK(nt_status)) { |  | ||||||
|  			DEBUG(0, ("Update delegation info failed: %s\n", |  | ||||||
| @@ -1081,41 +1080,17 @@ int mit_samba_check_client_access(struct mit_samba_context *ctx,
 |  | ||||||
|  } |  | ||||||
|   |  | ||||||
|  int mit_samba_check_s4u2proxy(struct mit_samba_context *ctx, |  | ||||||
| -			      krb5_db_entry *kentry,
 |  | ||||||
| -			      const char *target_name,
 |  | ||||||
| -			      bool is_nt_enterprise_name)
 |  | ||||||
| +			      const krb5_db_entry *server,
 |  | ||||||
| +			      krb5_const_principal target_principal)
 |  | ||||||
|  { |  | ||||||
| -#if 1
 |  | ||||||
| -	/*
 |  | ||||||
| -	 * This is disabled because mit_samba_update_pac_data() does not handle
 |  | ||||||
| -	 * S4U_DELEGATION_INFO
 |  | ||||||
| -	 */
 |  | ||||||
| -
 |  | ||||||
| -	return KRB5KDC_ERR_BADOPTION;
 |  | ||||||
| -#else
 |  | ||||||
| -	krb5_principal target_principal;
 |  | ||||||
| -	int flags = 0;
 |  | ||||||
| -	int ret;
 |  | ||||||
| -
 |  | ||||||
| -	if (is_nt_enterprise_name) {
 |  | ||||||
| -		flags = KRB5_PRINCIPAL_PARSE_ENTERPRISE;
 |  | ||||||
| -	}
 |  | ||||||
| -
 |  | ||||||
| -	ret = krb5_parse_name_flags(ctx->context, target_name,
 |  | ||||||
| -				    flags, &target_principal);
 |  | ||||||
| -	if (ret) {
 |  | ||||||
| -		return ret;
 |  | ||||||
| -	}
 |  | ||||||
| -
 |  | ||||||
| -	ret = samba_kdc_check_s4u2proxy(ctx->context,
 |  | ||||||
| -					ctx->db_ctx,
 |  | ||||||
| -					skdc_entry,
 |  | ||||||
| -					target_principal);
 |  | ||||||
| -
 |  | ||||||
| -	krb5_free_principal(ctx->context, target_principal);
 |  | ||||||
| -
 |  | ||||||
| -	return ret;
 |  | ||||||
| -#endif
 |  | ||||||
| +	struct samba_kdc_entry *server_skdc_entry =
 |  | ||||||
| +		 talloc_get_type_abort(server->e_data,
 |  | ||||||
| +				       struct samba_kdc_entry);
 |  | ||||||
| +
 |  | ||||||
| +	return samba_kdc_check_s4u2proxy(ctx->context,
 |  | ||||||
| +					 ctx->db_ctx,
 |  | ||||||
| +					 server_skdc_entry,
 |  | ||||||
| +					 target_principal);
 |  | ||||||
|  } |  | ||||||
|   |  | ||||||
|  static krb5_error_code mit_samba_change_pwd_error(krb5_context context, |  | ||||||
| diff --git a/source4/kdc/mit_samba.h b/source4/kdc/mit_samba.h
 |  | ||||||
| index 4431e82a1b2..9370ab533af 100644
 |  | ||||||
| --- a/source4/kdc/mit_samba.h
 |  | ||||||
| +++ b/source4/kdc/mit_samba.h
 |  | ||||||
| @@ -57,7 +57,6 @@ int mit_samba_get_pac(struct mit_samba_context *smb_ctx,
 |  | ||||||
|  krb5_error_code mit_samba_reget_pac(struct mit_samba_context *ctx, |  | ||||||
|  				    krb5_context context, |  | ||||||
|  				    int flags, |  | ||||||
| -				    krb5_const_principal client_principal,
 |  | ||||||
|  				    krb5_db_entry *client, |  | ||||||
|  				    krb5_db_entry *server, |  | ||||||
|  				    krb5_db_entry *krbtgt, |  | ||||||
| @@ -74,9 +73,8 @@ int mit_samba_check_client_access(struct mit_samba_context *ctx,
 |  | ||||||
|  				  DATA_BLOB *e_data); |  | ||||||
|   |  | ||||||
|  int mit_samba_check_s4u2proxy(struct mit_samba_context *ctx, |  | ||||||
| -			      krb5_db_entry *kentry,
 |  | ||||||
| -			      const char *target_name,
 |  | ||||||
| -			      bool is_nt_enterprise_name);
 |  | ||||||
| +			      const krb5_db_entry *server,
 |  | ||||||
| +			      krb5_const_principal target_principal);
 |  | ||||||
|   |  | ||||||
|  int mit_samba_kpasswd_change_password(struct mit_samba_context *ctx, |  | ||||||
|  				      char *pwd, |  | ||||||
| -- 
 |  | ||||||
| 2.37.1 |  | ||||||
| 
 |  | ||||||
| 
 |  | ||||||
| From 325912375cf54743ab8ea557172a72b870002e9f Mon Sep 17 00:00:00 2001 |  | ||||||
| From: Isaac Boukris <iboukris@gmail.com> |  | ||||||
| Date: Fri, 27 Sep 2019 18:35:30 +0300 |  | ||||||
| Subject: [PATCH 2/3] krb5-mit: enable S4U client support for MIT build |  | ||||||
| 
 |  | ||||||
| Signed-off-by: Isaac Boukris <iboukris@gmail.com> |  | ||||||
| Pair-Programmed-With: Andreas Schneider <asn@samba.org> |  | ||||||
| ---
 |  | ||||||
|  lib/krb5_wrap/krb5_samba.c            | 185 ++++++++++++++++++++++++++ |  | ||||||
|  lib/krb5_wrap/krb5_samba.h            |   2 - |  | ||||||
|  source4/auth/kerberos/kerberos_util.c |  11 -- |  | ||||||
|  3 files changed, 185 insertions(+), 13 deletions(-) |  | ||||||
| 
 |  | ||||||
| diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c
 |  | ||||||
| index 4321f07ca09..3fd95e47fca 100644
 |  | ||||||
| --- a/lib/krb5_wrap/krb5_samba.c
 |  | ||||||
| +++ b/lib/krb5_wrap/krb5_samba.c
 |  | ||||||
| @@ -2702,6 +2702,191 @@ krb5_error_code smb_krb5_kinit_s4u2_ccache(krb5_context ctx,
 |  | ||||||
|   |  | ||||||
|  	return 0; |  | ||||||
|  } |  | ||||||
| +
 |  | ||||||
| +#else /* MIT */
 |  | ||||||
| +
 |  | ||||||
| +static bool princ_compare_no_dollar(krb5_context ctx,
 |  | ||||||
| +				    krb5_principal a,
 |  | ||||||
| +				    krb5_principal b)
 |  | ||||||
| +{
 |  | ||||||
| +	bool cmp;
 |  | ||||||
| +	krb5_principal mod = NULL;
 |  | ||||||
| +
 |  | ||||||
| +	if (a->length == 1 && b->length == 1 &&
 |  | ||||||
| +	    a->data[0].length != 0 && b->data[0].length != 0 &&
 |  | ||||||
| +	    a->data[0].data[a->data[0].length -1] !=
 |  | ||||||
| +	    b->data[0].data[b->data[0].length -1]) {
 |  | ||||||
| +		if (a->data[0].data[a->data[0].length -1] == '$') {
 |  | ||||||
| +			mod = a;
 |  | ||||||
| +			mod->data[0].length--;
 |  | ||||||
| +		} else if (b->data[0].data[b->data[0].length -1] == '$') {
 |  | ||||||
| +			mod = b;
 |  | ||||||
| +			mod->data[0].length--;
 |  | ||||||
| +		}
 |  | ||||||
| +	}
 |  | ||||||
| +
 |  | ||||||
| +	cmp = krb5_principal_compare_flags(ctx, a, b,
 |  | ||||||
| +					   KRB5_PRINCIPAL_COMPARE_CASEFOLD);
 |  | ||||||
| +
 |  | ||||||
| +	if (mod != NULL) {
 |  | ||||||
| +		mod->data[0].length++;
 |  | ||||||
| +	}
 |  | ||||||
| +
 |  | ||||||
| +	return cmp;
 |  | ||||||
| +}
 |  | ||||||
| +
 |  | ||||||
| +krb5_error_code smb_krb5_kinit_s4u2_ccache(krb5_context ctx,
 |  | ||||||
| +					   krb5_ccache store_cc,
 |  | ||||||
| +					   krb5_principal init_principal,
 |  | ||||||
| +					   const char *init_password,
 |  | ||||||
| +					   krb5_principal impersonate_principal,
 |  | ||||||
| +					   const char *self_service,
 |  | ||||||
| +					   const char *target_service,
 |  | ||||||
| +					   krb5_get_init_creds_opt *krb_options,
 |  | ||||||
| +					   time_t *expire_time,
 |  | ||||||
| +					   time_t *kdc_time)
 |  | ||||||
| +{
 |  | ||||||
| +	krb5_error_code code;
 |  | ||||||
| +	krb5_principal self_princ = NULL;
 |  | ||||||
| +	krb5_principal target_princ = NULL;
 |  | ||||||
| +	krb5_creds *store_creds;
 |  | ||||||
| +	krb5_creds *s4u2self_creds = NULL;
 |  | ||||||
| +	krb5_creds *s4u2proxy_creds = NULL;
 |  | ||||||
| +	krb5_creds init_creds = {0};
 |  | ||||||
| +	krb5_creds mcreds = {0};
 |  | ||||||
| +	krb5_flags options = KRB5_GC_NO_STORE;
 |  | ||||||
| +	krb5_ccache tmp_cc;
 |  | ||||||
| +	bool s4u2proxy;
 |  | ||||||
| +
 |  | ||||||
| +	code = krb5_cc_new_unique(ctx, "MEMORY", NULL, &tmp_cc);
 |  | ||||||
| +	if (code != 0) {
 |  | ||||||
| +		return code;
 |  | ||||||
| +	}
 |  | ||||||
| +
 |  | ||||||
| +	code = krb5_get_init_creds_password(ctx, &init_creds,
 |  | ||||||
| +					    init_principal,
 |  | ||||||
| +					    init_password,
 |  | ||||||
| +					    NULL, NULL,
 |  | ||||||
| +					    0,
 |  | ||||||
| +					    NULL,
 |  | ||||||
| +					    krb_options);
 |  | ||||||
| +	if (code != 0) {
 |  | ||||||
| +		goto done;
 |  | ||||||
| +	}
 |  | ||||||
| +
 |  | ||||||
| +	code = krb5_cc_initialize(ctx, tmp_cc, init_creds.client);
 |  | ||||||
| +	if (code != 0) {
 |  | ||||||
| +		goto done;
 |  | ||||||
| +	}
 |  | ||||||
| +
 |  | ||||||
| +	code = krb5_cc_store_cred(ctx, tmp_cc, &init_creds);
 |  | ||||||
| +	if (code != 0) {
 |  | ||||||
| +		goto done;
 |  | ||||||
| +	}
 |  | ||||||
| +
 |  | ||||||
| +	/*
 |  | ||||||
| +	 * Check if we also need S4U2Proxy or if S4U2Self is
 |  | ||||||
| +	 * enough in order to get a ticket for the target.
 |  | ||||||
| +	 */
 |  | ||||||
| +	if (target_service == NULL) {
 |  | ||||||
| +		s4u2proxy = false;
 |  | ||||||
| +	} else if (strcmp(target_service, self_service) == 0) {
 |  | ||||||
| +		s4u2proxy = false;
 |  | ||||||
| +	} else {
 |  | ||||||
| +		s4u2proxy = true;
 |  | ||||||
| +	}
 |  | ||||||
| +
 |  | ||||||
| +	code = krb5_parse_name(ctx, self_service, &self_princ);
 |  | ||||||
| +	if (code != 0) {
 |  | ||||||
| +		goto done;
 |  | ||||||
| +	}
 |  | ||||||
| +
 |  | ||||||
| +	/* MIT lacks aliases support in S4U, for S4U2Self we require the tgt
 |  | ||||||
| +	 * client and the request server to be the same principal name. */
 |  | ||||||
| +	if (!princ_compare_no_dollar(ctx, init_creds.client, self_princ)) {
 |  | ||||||
| +		code = KRB5KDC_ERR_PADATA_TYPE_NOSUPP;
 |  | ||||||
| +		goto done;
 |  | ||||||
| +	}
 |  | ||||||
| +
 |  | ||||||
| +	mcreds.client = impersonate_principal;
 |  | ||||||
| +	mcreds.server = init_creds.client;
 |  | ||||||
| +
 |  | ||||||
| +	code = krb5_get_credentials_for_user(ctx, options, tmp_cc, &mcreds,
 |  | ||||||
| +					     NULL, &s4u2self_creds);
 |  | ||||||
| +	if (code != 0) {
 |  | ||||||
| +		goto done;
 |  | ||||||
| +	}
 |  | ||||||
| +
 |  | ||||||
| +	if (s4u2proxy) {
 |  | ||||||
| +		code = krb5_parse_name(ctx, target_service, &target_princ);
 |  | ||||||
| +		if (code != 0) {
 |  | ||||||
| +			goto done;
 |  | ||||||
| +		}
 |  | ||||||
| +
 |  | ||||||
| +		mcreds.client = init_creds.client;
 |  | ||||||
| +		mcreds.server = target_princ;
 |  | ||||||
| +		mcreds.second_ticket = s4u2self_creds->ticket;
 |  | ||||||
| +
 |  | ||||||
| +		code = krb5_get_credentials(ctx, options |
 |  | ||||||
| +					    KRB5_GC_CONSTRAINED_DELEGATION,
 |  | ||||||
| +					    tmp_cc, &mcreds, &s4u2proxy_creds);
 |  | ||||||
| +		if (code != 0) {
 |  | ||||||
| +			goto done;
 |  | ||||||
| +		}
 |  | ||||||
| +
 |  | ||||||
| +		/* Check KDC support of S4U2Proxy extension */
 |  | ||||||
| +		if (!krb5_principal_compare(ctx, s4u2self_creds->client,
 |  | ||||||
| +					    s4u2proxy_creds->client)) {
 |  | ||||||
| +			code = KRB5KDC_ERR_PADATA_TYPE_NOSUPP;
 |  | ||||||
| +			goto done;
 |  | ||||||
| +		}
 |  | ||||||
| +
 |  | ||||||
| +		store_creds = s4u2proxy_creds;
 |  | ||||||
| +	} else {
 |  | ||||||
| +		store_creds = s4u2self_creds;;
 |  | ||||||
| +
 |  | ||||||
| +		/* We need to save the ticket with the requested server name
 |  | ||||||
| +		 * or the caller won't be able to find it in cache. */
 |  | ||||||
| +		if (!krb5_principal_compare(ctx, self_princ,
 |  | ||||||
| +			store_creds->server)) {
 |  | ||||||
| +			krb5_free_principal(ctx, store_creds->server);
 |  | ||||||
| +			store_creds->server = NULL;
 |  | ||||||
| +			code = krb5_copy_principal(ctx, self_princ,
 |  | ||||||
| +						   &store_creds->server);
 |  | ||||||
| +			if (code != 0) {
 |  | ||||||
| +				goto done;
 |  | ||||||
| +			}
 |  | ||||||
| +		}
 |  | ||||||
| +	}
 |  | ||||||
| +
 |  | ||||||
| +	code = krb5_cc_initialize(ctx, store_cc, store_creds->client);
 |  | ||||||
| +	if (code != 0) {
 |  | ||||||
| +		goto done;
 |  | ||||||
| +	}
 |  | ||||||
| +
 |  | ||||||
| +	code = krb5_cc_store_cred(ctx, store_cc, store_creds);
 |  | ||||||
| +	if (code != 0) {
 |  | ||||||
| +		goto done;
 |  | ||||||
| +	}
 |  | ||||||
| +
 |  | ||||||
| +	if (expire_time) {
 |  | ||||||
| +		*expire_time = (time_t) store_creds->times.endtime;
 |  | ||||||
| +	}
 |  | ||||||
| +
 |  | ||||||
| +	if (kdc_time) {
 |  | ||||||
| +		*kdc_time = (time_t) store_creds->times.starttime;
 |  | ||||||
| +	}
 |  | ||||||
| +
 |  | ||||||
| +done:
 |  | ||||||
| +	krb5_cc_destroy(ctx, tmp_cc);
 |  | ||||||
| +	krb5_free_cred_contents(ctx, &init_creds);
 |  | ||||||
| +	krb5_free_creds(ctx, s4u2self_creds);
 |  | ||||||
| +	krb5_free_creds(ctx, s4u2proxy_creds);
 |  | ||||||
| +	krb5_free_principal(ctx, self_princ);
 |  | ||||||
| +	krb5_free_principal(ctx, target_princ);
 |  | ||||||
| +
 |  | ||||||
| +	return code;
 |  | ||||||
| +}
 |  | ||||||
|  #endif |  | ||||||
|   |  | ||||||
|  #if !defined(HAVE_KRB5_MAKE_PRINCIPAL) && defined(HAVE_KRB5_BUILD_PRINCIPAL_ALLOC_VA) |  | ||||||
| diff --git a/lib/krb5_wrap/krb5_samba.h b/lib/krb5_wrap/krb5_samba.h
 |  | ||||||
| index a66b7465530..c8573f52bd9 100644
 |  | ||||||
| --- a/lib/krb5_wrap/krb5_samba.h
 |  | ||||||
| +++ b/lib/krb5_wrap/krb5_samba.h
 |  | ||||||
| @@ -252,7 +252,6 @@ krb5_error_code smb_krb5_kinit_password_ccache(krb5_context ctx,
 |  | ||||||
|  					       krb5_get_init_creds_opt *krb_options, |  | ||||||
|  					       time_t *expire_time, |  | ||||||
|  					       time_t *kdc_time); |  | ||||||
| -#ifdef SAMBA4_USES_HEIMDAL
 |  | ||||||
|  krb5_error_code smb_krb5_kinit_s4u2_ccache(krb5_context ctx, |  | ||||||
|  					   krb5_ccache store_cc, |  | ||||||
|  					   krb5_principal init_principal, |  | ||||||
| @@ -263,7 +262,6 @@ krb5_error_code smb_krb5_kinit_s4u2_ccache(krb5_context ctx,
 |  | ||||||
|  					   krb5_get_init_creds_opt *krb_options, |  | ||||||
|  					   time_t *expire_time, |  | ||||||
|  					   time_t *kdc_time); |  | ||||||
| -#endif
 |  | ||||||
|   |  | ||||||
|  #if defined(HAVE_KRB5_MAKE_PRINCIPAL) |  | ||||||
|  #define smb_krb5_make_principal krb5_make_principal |  | ||||||
| diff --git a/source4/auth/kerberos/kerberos_util.c b/source4/auth/kerberos/kerberos_util.c
 |  | ||||||
| index 544d9d853cc..c14d8c72d8c 100644
 |  | ||||||
| --- a/source4/auth/kerberos/kerberos_util.c
 |  | ||||||
| +++ b/source4/auth/kerberos/kerberos_util.c
 |  | ||||||
| @@ -234,9 +234,7 @@ done:
 |  | ||||||
|  { |  | ||||||
|  	krb5_error_code ret; |  | ||||||
|  	const char *password; |  | ||||||
| -#ifdef SAMBA4_USES_HEIMDAL
 |  | ||||||
|  	const char *self_service; |  | ||||||
| -#endif
 |  | ||||||
|  	const char *target_service; |  | ||||||
|  	time_t kdc_time = 0; |  | ||||||
|  	krb5_principal princ; |  | ||||||
| @@ -268,9 +266,7 @@ done:
 |  | ||||||
|  		return ret; |  | ||||||
|  	} |  | ||||||
|   |  | ||||||
| -#ifdef SAMBA4_USES_HEIMDAL
 |  | ||||||
|  	self_service = cli_credentials_get_self_service(credentials); |  | ||||||
| -#endif
 |  | ||||||
|  	target_service = cli_credentials_get_target_service(credentials); |  | ||||||
|   |  | ||||||
|  	password = cli_credentials_get_password(credentials); |  | ||||||
| @@ -331,7 +327,6 @@ done:
 |  | ||||||
|  #endif |  | ||||||
|  		if (password) { |  | ||||||
|  			if (impersonate_principal) { |  | ||||||
| -#ifdef SAMBA4_USES_HEIMDAL
 |  | ||||||
|  				ret = smb_krb5_kinit_s4u2_ccache(smb_krb5_context->krb5_context, |  | ||||||
|  								 ccache, |  | ||||||
|  								 princ, |  | ||||||
| @@ -342,12 +337,6 @@ done:
 |  | ||||||
|  								 krb_options, |  | ||||||
|  								 NULL, |  | ||||||
|  								 &kdc_time); |  | ||||||
| -#else
 |  | ||||||
| -				talloc_free(mem_ctx);
 |  | ||||||
| -				(*error_string) = "INTERNAL error: s4u2 ops "
 |  | ||||||
| -					"are not supported with MIT build yet";
 |  | ||||||
| -				return EINVAL;
 |  | ||||||
| -#endif
 |  | ||||||
|  			} else { |  | ||||||
|  				ret = smb_krb5_kinit_password_ccache(smb_krb5_context->krb5_context, |  | ||||||
|  								     ccache, |  | ||||||
| -- 
 |  | ||||||
| 2.37.1 |  | ||||||
| 
 |  | ||||||
| 
 |  | ||||||
| From a5713b1558192f24348f7794da84bf65cf78e6ec Mon Sep 17 00:00:00 2001 |  | ||||||
| From: Isaac Boukris <iboukris@gmail.com> |  | ||||||
| Date: Sat, 19 Sep 2020 14:16:20 +0200 |  | ||||||
| Subject: [PATCH 3/3] wip: for canonicalization with new MIT kdc code |  | ||||||
| 
 |  | ||||||
| ---
 |  | ||||||
|  source4/kdc/mit_samba.c | 3 +++ |  | ||||||
|  1 file changed, 3 insertions(+) |  | ||||||
| 
 |  | ||||||
| diff --git a/source4/kdc/mit_samba.c b/source4/kdc/mit_samba.c
 |  | ||||||
| index 03c2c2ea1de..30fade56531 100644
 |  | ||||||
| --- a/source4/kdc/mit_samba.c
 |  | ||||||
| +++ b/source4/kdc/mit_samba.c
 |  | ||||||
| @@ -232,6 +232,9 @@ int mit_samba_get_principal(struct mit_samba_context *ctx,
 |  | ||||||
|  	if (kflags & KRB5_KDB_FLAG_CANONICALIZE) { |  | ||||||
|  		sflags |= SDB_F_CANON; |  | ||||||
|  	} |  | ||||||
| +#if KRB5_KDB_API_VERSION >= 10
 |  | ||||||
| +	sflags |= SDB_F_FORCE_CANON;
 |  | ||||||
| +#endif
 |  | ||||||
|  	if (kflags & (KRB5_KDB_FLAG_CLIENT_REFERRALS_ONLY | |  | ||||||
|  		      KRB5_KDB_FLAG_INCLUDE_PAC)) { |  | ||||||
|  		/* |  | ||||||
| -- 
 |  | ||||||
| 2.37.1 |  | ||||||
| 
 |  | ||||||
							
								
								
									
										2
									
								
								SOURCES/samba-systemd-sysusers.conf
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										2
									
								
								SOURCES/samba-systemd-sysusers.conf
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,2 @@ | |||||||
|  | #Type Name       ID | ||||||
|  | g     printadmin - | ||||||
							
								
								
									
										2
									
								
								SOURCES/samba-usershares-systemd-sysusers.conf
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										2
									
								
								SOURCES/samba-usershares-systemd-sysusers.conf
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,2 @@ | |||||||
|  | #Type Name       ID | ||||||
|  | g     usershares - | ||||||
| @ -281,7 +281,7 @@ | |||||||
| 
 | 
 | ||||||
| [printers] | [printers] | ||||||
| 	comment = All Printers | 	comment = All Printers | ||||||
| 	path = /var/spool/samba | 	path = /var/tmp | ||||||
| 	browseable = no | 	browseable = no | ||||||
| 	guest ok = no | 	guest ok = no | ||||||
| 	writable = no | 	writable = no | ||||||
|  | |||||||
| @ -2,6 +2,10 @@ | |||||||
| # read the smb.conf manpage. | # read the smb.conf manpage. | ||||||
| # Run 'testparm' to verify the config is correct after | # Run 'testparm' to verify the config is correct after | ||||||
| # you modified it. | # you modified it. | ||||||
|  | # | ||||||
|  | # Note: | ||||||
|  | # SMB1 is disabled by default. This means clients without support for SMB2 or | ||||||
|  | # SMB3 are no longer able to connect to smbd (by default). | ||||||
| 
 | 
 | ||||||
| [global] | [global] | ||||||
| 	workgroup = SAMBA | 	workgroup = SAMBA | ||||||
| @ -14,6 +18,9 @@ | |||||||
| 	load printers = yes | 	load printers = yes | ||||||
| 	cups options = raw | 	cups options = raw | ||||||
| 
 | 
 | ||||||
|  | 	# Install samba-usershares package for support | ||||||
|  | 	include = /etc/samba/usershares.conf | ||||||
|  | 
 | ||||||
| [homes] | [homes] | ||||||
| 	comment = Home Directories | 	comment = Home Directories | ||||||
| 	valid users = %S, %D%w%S | 	valid users = %S, %D%w%S | ||||||
|  | |||||||
							
								
								
									
										3
									
								
								SOURCES/usershares.conf.vendor
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										3
									
								
								SOURCES/usershares.conf.vendor
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,3 @@ | |||||||
|  | [global] | ||||||
|  | 	usershare max shares = 100 | ||||||
|  | 	usershare allow guests = yes | ||||||
							
								
								
									
										427
									
								
								SPECS/samba.spec
									
									
									
									
									
								
							
							
						
						
									
										427
									
								
								SPECS/samba.spec
									
									
									
									
									
								
							| @ -134,14 +134,9 @@ | |||||||
| 
 | 
 | ||||||
| %define samba_requires_eq()  %(LC_ALL="C" echo '%*' | xargs -r rpm -q --qf 'Requires: %%{name} = %%{epoch}:%%{version}\\n' | sed -e 's/ (none):/ /' -e 's/ 0:/ /' | grep -v "is not") | %define samba_requires_eq()  %(LC_ALL="C" echo '%*' | xargs -r rpm -q --qf 'Requires: %%{name} = %%{epoch}:%%{version}\\n' | sed -e 's/ (none):/ /' -e 's/ 0:/ /' | grep -v "is not") | ||||||
| 
 | 
 | ||||||
| %global baserelease 6 | %global samba_version 4.17.5 | ||||||
| 
 | %global baserelease 2 | ||||||
| %global samba_version 4.16.4 | # This should be rc1 or %%nil | ||||||
| %global talloc_version 2.3.3 |  | ||||||
| %global tdb_version 1.4.6 |  | ||||||
| %global tevent_version 0.12.0 |  | ||||||
| %global ldb_version 2.5.2 |  | ||||||
| # This should be rc1 or nil |  | ||||||
| %global pre_release %nil | %global pre_release %nil | ||||||
| 
 | 
 | ||||||
| %global samba_release %{baserelease} | %global samba_release %{baserelease} | ||||||
| @ -149,6 +144,37 @@ | |||||||
| %global samba_release 0.%{baserelease}.%{pre_release} | %global samba_release 0.%{baserelease}.%{pre_release} | ||||||
| %endif | %endif | ||||||
| 
 | 
 | ||||||
|  | 
 | ||||||
|  | # If one of those versions change, we need to make sure we rebuilt or adapt | ||||||
|  | # projects comsuming those. This is e.g. sssd, openchange, evolution-mapi, ... | ||||||
|  | %global libdcerpc_binding_so_version 0 | ||||||
|  | %global libdcerpc_server_core_so_version 0 | ||||||
|  | %global libdcerpc_so_version 0 | ||||||
|  | %global libndr_krb5pac_so_version 0 | ||||||
|  | %global libndr_nbt_so_version 0 | ||||||
|  | %global libndr_so_version 3 | ||||||
|  | %global libndr_standard_so_version 0 | ||||||
|  | %global libnetapi_so_version 1 | ||||||
|  | %global libsamba_credentials_so_version 1 | ||||||
|  | %global libsamba_errors_so_version 1 | ||||||
|  | %global libsamba_hostconfig_so_version 0 | ||||||
|  | %global libsamba_passdb_so_version 0 | ||||||
|  | %global libsamba_util_so_version 0 | ||||||
|  | %global libsamdb_so_version 0 | ||||||
|  | %global libsmbconf_so_version 0 | ||||||
|  | %global libsmbldap_so_version 2 | ||||||
|  | %global libtevent_util_so_version 0 | ||||||
|  | 
 | ||||||
|  | %global libsmbclient_so_version 0 | ||||||
|  | %global libwbclient_so_version 0 | ||||||
|  | 
 | ||||||
|  | %global talloc_version 2.3.4 | ||||||
|  | %global tdb_version 1.4.7 | ||||||
|  | %global tevent_version 0.13.0 | ||||||
|  | %global ldb_version 2.6.1 | ||||||
|  | 
 | ||||||
|  | %global required_mit_krb5 1.18 | ||||||
|  | 
 | ||||||
| # This is a network daemon, do a hardened build | # This is a network daemon, do a hardened build | ||||||
| # Enables PIE and full RELRO protection | # Enables PIE and full RELRO protection | ||||||
| %global _hardened_build 1 | %global _hardened_build 1 | ||||||
| @ -165,25 +191,23 @@ | |||||||
| %global libwbc_alternatives_suffix -64 | %global libwbc_alternatives_suffix -64 | ||||||
| %endif | %endif | ||||||
| 
 | 
 | ||||||
| %global required_mit_krb5 1.18 |  | ||||||
| 
 |  | ||||||
| %global _systemd_extra "Environment=KRB5CCNAME=FILE:/run/samba/krb5cc_samba" | %global _systemd_extra "Environment=KRB5CCNAME=FILE:/run/samba/krb5cc_samba" | ||||||
| 
 | 
 | ||||||
|  | # Make a copy of this variable to prevent repeated evaluation of the | ||||||
|  | # embedded shell command.  Avoid recursive macro definition if undefined. | ||||||
|  | %{?python3_sitearch: %global python3_sitearch %{python3_sitearch}} | ||||||
|  | 
 | ||||||
| Name:           samba | Name:           samba | ||||||
| Version:        %{samba_version} | Version:        %{samba_version} | ||||||
| Release:        %{samba_release}%{?dist} | Release:        %{samba_release}%{?dist} | ||||||
| 
 | 
 | ||||||
| %if 0%{?rhel} | %if 0%{?fedora} | ||||||
| Epoch:          0 |  | ||||||
| %else |  | ||||||
| Epoch:          2 | Epoch:          2 | ||||||
|  | %else | ||||||
|  | Epoch:          0 | ||||||
| %endif | %endif | ||||||
| 
 | 
 | ||||||
| %if 0%{?epoch} > 0 |  | ||||||
| %global samba_depver %{epoch}:%{version}-%{release} | %global samba_depver %{epoch}:%{version}-%{release} | ||||||
| %else |  | ||||||
| %global samba_depver %{version}-%{release} |  | ||||||
| %endif |  | ||||||
| 
 | 
 | ||||||
| Summary:        Server and Client software to interoperate with Windows machines | Summary:        Server and Client software to interoperate with Windows machines | ||||||
| License:        GPLv3+ and LGPLv3+ | License:        GPLv3+ and LGPLv3+ | ||||||
| @ -200,21 +224,14 @@ Source11:       smb.conf.vendor | |||||||
| Source12:       smb.conf.example | Source12:       smb.conf.example | ||||||
| Source13:       pam_winbind.conf | Source13:       pam_winbind.conf | ||||||
| Source14:       samba.pamd | Source14:       samba.pamd | ||||||
| Source15:       samba.abignore | Source15:       usershares.conf.vendor | ||||||
|  | Source16:       samba-systemd-sysusers.conf | ||||||
|  | Source17:       samba-usershares-systemd-sysusers.conf | ||||||
| 
 | 
 | ||||||
| Source201:      README.downgrade | Source201:      README.downgrade | ||||||
| 
 | Source202:      samba.abignore | ||||||
| Patch0:         samba-s4u.patch |  | ||||||
| # https://gitlab.com/samba-team/samba/-/merge_requests/2477 |  | ||||||
| Patch1:         samba-4.16-waf-crypto.patch |  | ||||||
| Patch2:         CVE-2022-38023-v4-16.patch |  | ||||||
| Patch3:         CVE-2022-38023-for-s3-v4-16.patch |  | ||||||
| Patch4:         samba-4.16-share-enum.patch |  | ||||||
| 
 | 
 | ||||||
| Requires(pre): /usr/sbin/groupadd | Requires(pre): /usr/sbin/groupadd | ||||||
| Requires(post): systemd |  | ||||||
| Requires(preun): systemd |  | ||||||
| Requires(postun): systemd |  | ||||||
| 
 | 
 | ||||||
| Requires(pre): %{name}-common = %{samba_depver} | Requires(pre): %{name}-common = %{samba_depver} | ||||||
| Requires: %{name}-common = %{samba_depver} | Requires: %{name}-common = %{samba_depver} | ||||||
| @ -223,6 +240,7 @@ Requires: %{name}-common-tools = %{samba_depver} | |||||||
| Requires: %{name}-client-libs = %{samba_depver} | Requires: %{name}-client-libs = %{samba_depver} | ||||||
| Requires: %{name}-libs = %{samba_depver} | Requires: %{name}-libs = %{samba_depver} | ||||||
| Requires: %{name}-dcerpc = %{samba_depver} | Requires: %{name}-dcerpc = %{samba_depver} | ||||||
|  | Requires: libnetapi = %{samba_depver} | ||||||
| %if %{with libwbclient} | %if %{with libwbclient} | ||||||
| Requires(post): libwbclient = %{samba_depver} | Requires(post): libwbclient = %{samba_depver} | ||||||
| Requires: libwbclient = %{samba_depver} | Requires: libwbclient = %{samba_depver} | ||||||
| @ -288,14 +306,17 @@ BuildRequires: perl-generators | |||||||
| BuildRequires: perl(Archive::Tar) | BuildRequires: perl(Archive::Tar) | ||||||
| BuildRequires: perl(Test::More) | BuildRequires: perl(Test::More) | ||||||
| BuildRequires: popt-devel | BuildRequires: popt-devel | ||||||
|  | BuildRequires: python3-cryptography | ||||||
| BuildRequires: python3-devel | BuildRequires: python3-devel | ||||||
| BuildRequires: python3-dns | BuildRequires: python3-dns | ||||||
|  | BuildRequires: python3-requests | ||||||
| BuildRequires: python3-setuptools | BuildRequires: python3-setuptools | ||||||
| BuildRequires: quota-devel | BuildRequires: quota-devel | ||||||
| BuildRequires: readline-devel | BuildRequires: readline-devel | ||||||
| BuildRequires: rpcgen | BuildRequires: rpcgen | ||||||
| BuildRequires: rpcsvc-proto-devel | BuildRequires: rpcsvc-proto-devel | ||||||
| BuildRequires: sed | BuildRequires: sed | ||||||
|  | BuildRequires: systemd-rpm-macros | ||||||
| BuildRequires: libtasn1-devel | BuildRequires: libtasn1-devel | ||||||
| # We need asn1Parser | # We need asn1Parser | ||||||
| BuildRequires: libtasn1-tools | BuildRequires: libtasn1-tools | ||||||
| @ -328,17 +349,6 @@ BuildRequires: librados-devel | |||||||
| BuildRequires: python3-etcd | BuildRequires: python3-etcd | ||||||
| %endif | %endif | ||||||
| 
 | 
 | ||||||
| %if %{with dc} || %{with testsuite} |  | ||||||
| # Add python3-iso8601 to avoid that the |  | ||||||
| # version in Samba is being packaged |  | ||||||
| BuildRequires: python3-iso8601 |  | ||||||
| BuildRequires: python3-pyasn1 >= 0.4.8 |  | ||||||
| 
 |  | ||||||
| BuildRequires: bind |  | ||||||
| BuildRequires: krb5-server >= %{required_mit_krb5} |  | ||||||
| #endif with dc |  | ||||||
| %endif |  | ||||||
| 
 |  | ||||||
| # pidl requirements | # pidl requirements | ||||||
| BuildRequires: perl(ExtUtils::MakeMaker) | BuildRequires: perl(ExtUtils::MakeMaker) | ||||||
| BuildRequires: perl(FindBin) | BuildRequires: perl(FindBin) | ||||||
| @ -369,10 +379,15 @@ BuildRequires: lmdb-devel | |||||||
| %if %{with dc} || %{with testsuite} | %if %{with dc} || %{with testsuite} | ||||||
| BuildRequires: bind | BuildRequires: bind | ||||||
| BuildRequires: krb5-server >= %{required_mit_krb5} | BuildRequires: krb5-server >= %{required_mit_krb5} | ||||||
|  | %if 0%{?fedora} || 0%{?rhel} >= 9 | ||||||
|  | BuildRequires: python3-dateutil | ||||||
|  | %else | ||||||
|  | BuildRequires: python3-iso8601 | ||||||
|  | %endif | ||||||
| BuildRequires: python3-gpg | BuildRequires: python3-gpg | ||||||
| BuildRequires: python3-markdown | BuildRequires: python3-markdown | ||||||
|  | BuildRequires: python3-pyasn1 >= 0.4.8 | ||||||
| BuildRequires: python3-setproctitle | BuildRequires: python3-setproctitle | ||||||
| BuildRequires: python3-cryptography |  | ||||||
| 
 | 
 | ||||||
| %if %{without includelibs} | %if %{without includelibs} | ||||||
| BuildRequires: tdb-tools | BuildRequires: tdb-tools | ||||||
| @ -496,6 +511,8 @@ Summary: Tools for Samba clients | |||||||
| Requires: samba-common-libs = %{samba_depver} | Requires: samba-common-libs = %{samba_depver} | ||||||
| Requires: samba-client-libs = %{samba_depver} | Requires: samba-client-libs = %{samba_depver} | ||||||
| Requires: samba-libs = %{samba_depver} | Requires: samba-libs = %{samba_depver} | ||||||
|  | Requires: samba-ldb-ldap-modules = %{samba_depver} | ||||||
|  | Requires: libnetapi = %{samba_depver} | ||||||
| %if %{with libwbclient} | %if %{with libwbclient} | ||||||
| Requires: libwbclient = %{samba_depver} | Requires: libwbclient = %{samba_depver} | ||||||
| %endif | %endif | ||||||
| @ -529,6 +546,7 @@ Summary: DCE RPC binaries | |||||||
| Requires: samba-common-libs = %{samba_depver} | Requires: samba-common-libs = %{samba_depver} | ||||||
| Requires: samba-client-libs = %{samba_depver} | Requires: samba-client-libs = %{samba_depver} | ||||||
| Requires: samba-libs = %{samba_depver} | Requires: samba-libs = %{samba_depver} | ||||||
|  | Requires: libnetapi = %{samba_depver} | ||||||
| %if %{with libwbclient} | %if %{with libwbclient} | ||||||
| Requires: libwbclient = %{samba_depver} | Requires: libwbclient = %{samba_depver} | ||||||
| %endif | %endif | ||||||
| @ -543,6 +561,7 @@ Summary: Samba AD Domain Controller | |||||||
| Requires: %{name} = %{samba_depver} | Requires: %{name} = %{samba_depver} | ||||||
| Requires: %{name}-client-libs = %{samba_depver} | Requires: %{name}-client-libs = %{samba_depver} | ||||||
| Requires: %{name}-common-libs = %{samba_depver} | Requires: %{name}-common-libs = %{samba_depver} | ||||||
|  | Requires: %{name}-common-tools = %{samba_depver} | ||||||
| Requires: %{name}-libs = %{samba_depver} | Requires: %{name}-libs = %{samba_depver} | ||||||
| Requires: %{name}-dc-provision = %{samba_depver} | Requires: %{name}-dc-provision = %{samba_depver} | ||||||
| Requires: %{name}-dc-libs = %{samba_depver} | Requires: %{name}-dc-libs = %{samba_depver} | ||||||
| @ -626,6 +645,7 @@ Requires: %{name}-client-libs = %{samba_depver} | |||||||
| %if %{with dc} | %if %{with dc} | ||||||
| Requires: %{name}-dc-libs = %{samba_depver} | Requires: %{name}-dc-libs = %{samba_depver} | ||||||
| %endif | %endif | ||||||
|  | Requires: libnetapi = %{samba_depver} | ||||||
| 
 | 
 | ||||||
| Provides: samba4-devel = %{samba_depver} | Provides: samba4-devel = %{samba_depver} | ||||||
| Obsoletes: samba4-devel < %{samba_depver} | Obsoletes: samba4-devel < %{samba_depver} | ||||||
| @ -688,6 +708,22 @@ Provides: bundled(libreplace) | |||||||
| Samba VFS module for GlusterFS integration. | Samba VFS module for GlusterFS integration. | ||||||
| %endif | %endif | ||||||
| 
 | 
 | ||||||
|  | ### GPUPDATE | ||||||
|  | %if %{with dc} | ||||||
|  | %package gpupdate | ||||||
|  | Summary: Samba GPO support for clients | ||||||
|  | Requires: cepces | ||||||
|  | Requires: certmonger | ||||||
|  | Requires: %{name}-ldb-ldap-modules = %{samba_depver} | ||||||
|  | Requires: python3-%{name} = %{samba_depver} | ||||||
|  | 
 | ||||||
|  | %description gpupdate | ||||||
|  | This package provides the samba-gpupdate tool to apply Group Policy Objects | ||||||
|  | (GPO) on Samba clients. | ||||||
|  | 
 | ||||||
|  | # /with dc | ||||||
|  | %endif | ||||||
|  | 
 | ||||||
| ### KRB5-PRINTING | ### KRB5-PRINTING | ||||||
| %package krb5-printing | %package krb5-printing | ||||||
| Summary: Samba CUPS backend for printing with Kerberos | Summary: Samba CUPS backend for printing with Kerberos | ||||||
| @ -703,6 +739,16 @@ If you need Kerberos for print jobs to a printer connection to cups via the SMB | |||||||
| backend, then you need to install that package. It will allow cups to access | backend, then you need to install that package. It will allow cups to access | ||||||
| the Kerberos credentials cache of the user issuing the print job. | the Kerberos credentials cache of the user issuing the print job. | ||||||
| 
 | 
 | ||||||
|  | ### LDB-LDAP-MODULES | ||||||
|  | %package ldb-ldap-modules | ||||||
|  | Summary: Samba ldap modules for ldb | ||||||
|  | Requires: %{name}-client-libs = %{samba_depver} | ||||||
|  | Requires: %{name}-common-libs = %{samba_depver} | ||||||
|  | 
 | ||||||
|  | %description ldb-ldap-modules | ||||||
|  | This package contains the ldb ldap modules required by samba-tool and | ||||||
|  | samba-gpupdate. | ||||||
|  | 
 | ||||||
| ### LIBS | ### LIBS | ||||||
| %package libs | %package libs | ||||||
| Summary: Samba libraries | Summary: Samba libraries | ||||||
| @ -721,6 +767,25 @@ Provides: bundled(libreplace) | |||||||
| The %{name}-libs package contains the libraries needed by programs that link | The %{name}-libs package contains the libraries needed by programs that link | ||||||
| against the SMB, RPC and other protocols provided by the Samba suite. | against the SMB, RPC and other protocols provided by the Samba suite. | ||||||
| 
 | 
 | ||||||
|  | ### LIBNETAPI | ||||||
|  | %package -n libnetapi | ||||||
|  | Summary: The NETAPI library | ||||||
|  | Requires(pre): %{name}-common = %{samba_depver} | ||||||
|  | Requires: %{name}-common = %{samba_depver} | ||||||
|  | Requires: %{name}-common-libs = %{samba_depver} | ||||||
|  | Requires: %{name}-client-libs = %{samba_depver} | ||||||
|  | 
 | ||||||
|  | %description -n libnetapi | ||||||
|  | This contains the NETAPI library from the Samba suite. | ||||||
|  | 
 | ||||||
|  | %package -n libnetapi-devel | ||||||
|  | Summary: Developer tools for the NETAPI library | ||||||
|  | Requires: libnetapi = %{samba_depver} | ||||||
|  | 
 | ||||||
|  | %description -n libnetapi-devel | ||||||
|  | The libnetapi-devel package contains the header files and libraries needed to | ||||||
|  | develop programs that link against the NETAPI library in the Samba suite. | ||||||
|  | 
 | ||||||
| ### LIBSMBCLIENT | ### LIBSMBCLIENT | ||||||
| %if %{with libsmbclient} | %if %{with libsmbclient} | ||||||
| %package -n libsmbclient | %package -n libsmbclient | ||||||
| @ -777,11 +842,13 @@ Requires: %{name}-client-libs = %{samba_depver} | |||||||
| Requires: %{name}-common-libs = %{samba_depver} | Requires: %{name}-common-libs = %{samba_depver} | ||||||
| Requires: %{name}-libs = %{samba_depver} | Requires: %{name}-libs = %{samba_depver} | ||||||
| Requires: %{name}-dc-libs = %{samba_depver} | Requires: %{name}-dc-libs = %{samba_depver} | ||||||
| Requires: python3-talloc | Requires: python3-cryptography | ||||||
| Requires: python3-tevent |  | ||||||
| Requires: python3-tdb |  | ||||||
| Requires: python3-ldb |  | ||||||
| Requires: python3-dns | Requires: python3-dns | ||||||
|  | Requires: python3-ldb | ||||||
|  | Requires: python3-requests | ||||||
|  | Requires: python3-talloc | ||||||
|  | Requires: python3-tdb | ||||||
|  | Requires: python3-tevent | ||||||
| %if %{with libsmbclient} | %if %{with libsmbclient} | ||||||
| Requires: libsmbclient = %{samba_depver} | Requires: libsmbclient = %{samba_depver} | ||||||
| %endif | %endif | ||||||
| @ -853,6 +920,7 @@ Requires: %{name}-test-libs = %{samba_depver} | |||||||
| Requires: %{name}-dc-libs = %{samba_depver} | Requires: %{name}-dc-libs = %{samba_depver} | ||||||
| %endif | %endif | ||||||
| Requires: %{name}-libs = %{samba_depver} | Requires: %{name}-libs = %{samba_depver} | ||||||
|  | Requires: libnetapi = %{samba_depver} | ||||||
| %if %{with libsmbclient} | %if %{with libsmbclient} | ||||||
| Requires: libsmbclient = %{samba_depver} | Requires: libsmbclient = %{samba_depver} | ||||||
| %endif | %endif | ||||||
| @ -889,6 +957,17 @@ Provides: bundled(libreplace) | |||||||
| %description test-libs | %description test-libs | ||||||
| %{name}-test-libs provides libraries required by the testing tools. | %{name}-test-libs provides libraries required by the testing tools. | ||||||
| 
 | 
 | ||||||
|  | ### USERSHARES | ||||||
|  | %package usershares | ||||||
|  | Summary: Provides support for non-root user shares | ||||||
|  | Requires: %{name} = %{samba_depver} | ||||||
|  | Requires: %{name}-common-tools = %{samba_depver} | ||||||
|  | 
 | ||||||
|  | %description usershares | ||||||
|  | Installing this package will provide a configuration file, group and | ||||||
|  | directories to support non-root user shares. You can configure them | ||||||
|  | as a user using the `net usershare` command. | ||||||
|  | 
 | ||||||
| ### WINBIND | ### WINBIND | ||||||
| %package winbind | %package winbind | ||||||
| Summary: Samba winbind | Summary: Samba winbind | ||||||
| @ -1110,7 +1189,11 @@ Support for using an existing CEPH cluster as a mutex helper for CTDB | |||||||
| 
 | 
 | ||||||
| 
 | 
 | ||||||
| %prep | %prep | ||||||
|  | %if 0%{?fedora} || 0%{?rhel} >= 9 | ||||||
|  | xzcat %{SOURCE0} | %{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data=- | ||||||
|  | %else | ||||||
| xzcat %{SOURCE0} | gpgv2 --quiet --keyring %{SOURCE2} %{SOURCE1} - | xzcat %{SOURCE0} | gpgv2 --quiet --keyring %{SOURCE2} %{SOURCE1} - | ||||||
|  | %endif | ||||||
| %autosetup -n samba-%{version}%{pre_release} -p1 | %autosetup -n samba-%{version}%{pre_release} -p1 | ||||||
| 
 | 
 | ||||||
| # Ensure we rely on GnuTLS and do not build any other crypto code shipping with | # Ensure we rely on GnuTLS and do not build any other crypto code shipping with | ||||||
| @ -1216,6 +1299,9 @@ export LDFLAGS="%{__global_ldflags} -fuse-ld=gold" | |||||||
|         --systemd-smb-extra=%{_systemd_extra} \ |         --systemd-smb-extra=%{_systemd_extra} \ | ||||||
|         --systemd-nmb-extra=%{_systemd_extra} \ |         --systemd-nmb-extra=%{_systemd_extra} \ | ||||||
|         --systemd-winbind-extra=%{_systemd_extra} \ |         --systemd-winbind-extra=%{_systemd_extra} \ | ||||||
|  | %if %{with clustering} | ||||||
|  |         --systemd-ctdb-extra=%{_systemd_extra} \ | ||||||
|  | %endif | ||||||
|         --systemd-samba-extra=%{_systemd_extra} |         --systemd-samba-extra=%{_systemd_extra} | ||||||
| 
 | 
 | ||||||
| # Do not use %%make_build, make is just a wrapper around waf in Samba! | # Do not use %%make_build, make is just a wrapper around waf in Samba! | ||||||
| @ -1239,6 +1325,7 @@ install -d -m 0755 %{buildroot}/var/lib/samba/lock | |||||||
| install -d -m 0755 %{buildroot}/var/lib/samba/private | install -d -m 0755 %{buildroot}/var/lib/samba/private | ||||||
| install -d -m 0755 %{buildroot}/var/lib/samba/scripts | install -d -m 0755 %{buildroot}/var/lib/samba/scripts | ||||||
| install -d -m 0755 %{buildroot}/var/lib/samba/sysvol | install -d -m 0755 %{buildroot}/var/lib/samba/sysvol | ||||||
|  | install -d -m 0755 %{buildroot}/var/lib/samba/usershares | ||||||
| install -d -m 0755 %{buildroot}/var/lib/samba/winbindd_privileged | install -d -m 0755 %{buildroot}/var/lib/samba/winbindd_privileged | ||||||
| install -d -m 0755 %{buildroot}/var/log/samba/old | install -d -m 0755 %{buildroot}/var/log/samba/old | ||||||
| install -d -m 0755 %{buildroot}/run/samba | install -d -m 0755 %{buildroot}/run/samba | ||||||
| @ -1266,6 +1353,7 @@ install -m 0644 %{SOURCE10} %{buildroot}%{_sysconfdir}/logrotate.d/samba | |||||||
| 
 | 
 | ||||||
| install -m 0644 %{SOURCE11} %{buildroot}%{_sysconfdir}/samba/smb.conf | install -m 0644 %{SOURCE11} %{buildroot}%{_sysconfdir}/samba/smb.conf | ||||||
| install -m 0644 %{SOURCE12} %{buildroot}%{_sysconfdir}/samba/smb.conf.example | install -m 0644 %{SOURCE12} %{buildroot}%{_sysconfdir}/samba/smb.conf.example | ||||||
|  | install -m 0644 %{SOURCE15} %{buildroot}%{_sysconfdir}/samba/usershares.conf | ||||||
| 
 | 
 | ||||||
| install -d -m 0755 %{buildroot}%{_sysconfdir}/security | install -d -m 0755 %{buildroot}%{_sysconfdir}/security | ||||||
| install -m 0644 %{SOURCE13} %{buildroot}%{_sysconfdir}/security/pam_winbind.conf | install -m 0644 %{SOURCE13} %{buildroot}%{_sysconfdir}/security/pam_winbind.conf | ||||||
| @ -1288,6 +1376,10 @@ echo "d /run/samba  755 root root" > %{buildroot}%{_tmpfilesdir}/samba.conf | |||||||
| echo "d /run/ctdb 755 root root" > %{buildroot}%{_tmpfilesdir}/ctdb.conf | echo "d /run/ctdb 755 root root" > %{buildroot}%{_tmpfilesdir}/ctdb.conf | ||||||
| %endif | %endif | ||||||
| 
 | 
 | ||||||
|  | install -d -m 0755 %{buildroot}%{_sysusersdir} | ||||||
|  | install -m 0644 %{SOURCE16} %{buildroot}%{_sysusersdir}/samba.conf | ||||||
|  | install -m 0644 %{SOURCE17} %{buildroot}%{_sysusersdir}/samba-usershares.conf | ||||||
|  | 
 | ||||||
| install -d -m 0755 %{buildroot}%{_sysconfdir}/sysconfig | install -d -m 0755 %{buildroot}%{_sysconfdir}/sysconfig | ||||||
| install -m 0644 packaging/systemd/samba.sysconfig %{buildroot}%{_sysconfdir}/sysconfig/samba | install -m 0644 packaging/systemd/samba.sysconfig %{buildroot}%{_sysconfdir}/sysconfig/samba | ||||||
| %if %{with clustering} | %if %{with clustering} | ||||||
| @ -1301,10 +1393,6 @@ install -m 0644 ctdb/config/ctdb.conf %{buildroot}%{_sysconfdir}/ctdb/ctdb.conf | |||||||
| 
 | 
 | ||||||
| install -m 0644 %{SOURCE201} packaging/README.downgrade | install -m 0644 %{SOURCE201} packaging/README.downgrade | ||||||
| 
 | 
 | ||||||
| %if %{with clustering} |  | ||||||
| install -m 0644 ctdb/config/ctdb.service %{buildroot}%{_unitdir} |  | ||||||
| %endif |  | ||||||
| 
 |  | ||||||
| # NetworkManager online/offline script | # NetworkManager online/offline script | ||||||
| install -d -m 0755 %{buildroot}%{_prefix}/lib/NetworkManager/dispatcher.d/ | install -d -m 0755 %{buildroot}%{_prefix}/lib/NetworkManager/dispatcher.d/ | ||||||
| install -m 0755 packaging/NetworkManager/30-winbind-systemd \ | install -m 0755 packaging/NetworkManager/30-winbind-systemd \ | ||||||
| @ -1319,15 +1407,7 @@ for i in \ | |||||||
|     %{_mandir}/man8/samba.8 \ |     %{_mandir}/man8/samba.8 \ | ||||||
|     %{_mandir}/man8/samba_downgrade_db.8 \ |     %{_mandir}/man8/samba_downgrade_db.8 \ | ||||||
|     %{_mandir}/man8/samba-gpupdate.8 \ |     %{_mandir}/man8/samba-gpupdate.8 \ | ||||||
|     %{_libdir}/samba/ldb/ildap.so \ |  | ||||||
|     %{_libdir}/samba/ldb/ldbsamba_extensions.so \ |  | ||||||
|     %{_unitdir}/samba.service \ |     %{_unitdir}/samba.service \ | ||||||
|     %{python3_sitearch}/samba/third_party/iso8601/__init__.py \ |  | ||||||
|     %{python3_sitearch}/samba/third_party/iso8601/__pycache__/__init__.*.pyc \ |  | ||||||
|     %{python3_sitearch}/samba/third_party/iso8601/__pycache__/iso8601.*.pyc \ |  | ||||||
|     %{python3_sitearch}/samba/third_party/iso8601/__pycache__/test_iso8601.*.pyc \ |  | ||||||
|     %{python3_sitearch}/samba/third_party/iso8601/iso8601.py \ |  | ||||||
|     %{python3_sitearch}/samba/third_party/iso8601/test_iso8601.py \ |  | ||||||
|     %{_sbindir}/samba-gpupdate \ |     %{_sbindir}/samba-gpupdate \ | ||||||
|     ; do |     ; do | ||||||
|     rm -f %{buildroot}$i |     rm -f %{buildroot}$i | ||||||
| @ -1410,7 +1490,11 @@ export WINBINDD_DONT_LOG_STDOUT=1 | |||||||
| %systemd_postun_with_restart nmb.service | %systemd_postun_with_restart nmb.service | ||||||
| 
 | 
 | ||||||
| %pre common | %pre common | ||||||
|  | %if 0%{?fedora} || 0%{?rhel} > 8 | ||||||
|  | %sysusers_create_compat %{SOURCE16} | ||||||
|  | %else | ||||||
| getent group printadmin >/dev/null || groupadd -r printadmin || : | getent group printadmin >/dev/null || groupadd -r printadmin || : | ||||||
|  | %endif | ||||||
| 
 | 
 | ||||||
| %post common | %post common | ||||||
| %{?ldconfig} | %{?ldconfig} | ||||||
| @ -1518,6 +1602,13 @@ fi | |||||||
| 
 | 
 | ||||||
| %ldconfig_scriptlets test | %ldconfig_scriptlets test | ||||||
| 
 | 
 | ||||||
|  | %pre usershares | ||||||
|  | %if 0%{?fedora} || 0%{?rhel} > 8 | ||||||
|  | %sysusers_create_compat %{SOURCE17} | ||||||
|  | %else | ||||||
|  | getent group usershares >/dev/null || groupadd -r usershares || : | ||||||
|  | %endif | ||||||
|  | 
 | ||||||
| %pre winbind | %pre winbind | ||||||
| /usr/sbin/groupadd -g 88 wbpriv >/dev/null 2>&1 || : | /usr/sbin/groupadd -g 88 wbpriv >/dev/null 2>&1 || : | ||||||
| 
 | 
 | ||||||
| @ -1766,23 +1857,22 @@ fi | |||||||
| 
 | 
 | ||||||
| ### CLIENT-LIBS | ### CLIENT-LIBS | ||||||
| %files client-libs | %files client-libs | ||||||
| %{_libdir}/libdcerpc-binding.so.* | %{_libdir}/libdcerpc-binding.so.%{libdcerpc_binding_so_version}* | ||||||
| %{_libdir}/libdcerpc-server-core.so.* | %{_libdir}/libdcerpc-server-core.so.%{libdcerpc_server_core_so_version}* | ||||||
| %{_libdir}/libdcerpc.so.* | %{_libdir}/libdcerpc.so.%{libdcerpc_so_version}* | ||||||
| %{_libdir}/libndr-krb5pac.so.* | %{_libdir}/libndr-krb5pac.so.%{libndr_krb5pac_so_version}* | ||||||
| %{_libdir}/libndr-nbt.so.* | %{_libdir}/libndr-nbt.so.%{libndr_nbt_so_version}* | ||||||
| %{_libdir}/libndr-standard.so.* | %{_libdir}/libndr-standard.so.%{libndr_standard_so_version}* | ||||||
| %{_libdir}/libndr.so.* | %{_libdir}/libndr.so.%{libndr_so_version}* | ||||||
| %{_libdir}/libnetapi.so.* | %{_libdir}/libsamba-credentials.so.%{libsamba_credentials_so_version}* | ||||||
| %{_libdir}/libsamba-credentials.so.* | %{_libdir}/libsamba-errors.so.%{libsamba_errors_so_version}* | ||||||
| %{_libdir}/libsamba-errors.so.* | %{_libdir}/libsamba-hostconfig.so.%{libsamba_hostconfig_so_version}* | ||||||
| %{_libdir}/libsamba-hostconfig.so.* | %{_libdir}/libsamba-passdb.so.%{libsamba_passdb_so_version}* | ||||||
| %{_libdir}/libsamba-passdb.so.* | %{_libdir}/libsamba-util.so.%{libsamba_util_so_version}* | ||||||
| %{_libdir}/libsamba-util.so.* | %{_libdir}/libsamdb.so.%{libsamdb_so_version}* | ||||||
| %{_libdir}/libsamdb.so.* | %{_libdir}/libsmbconf.so.%{libsmbconf_so_version}* | ||||||
| %{_libdir}/libsmbconf.so.* | %{_libdir}/libsmbldap.so.%{libsmbldap_so_version}* | ||||||
| %{_libdir}/libsmbldap.so.* | %{_libdir}/libtevent-util.so.%{libtevent_util_so_version}* | ||||||
| %{_libdir}/libtevent-util.so.* |  | ||||||
| 
 | 
 | ||||||
| %dir %{_libdir}/samba | %dir %{_libdir}/samba | ||||||
| %{_libdir}/samba/libCHARSET3-samba4.so | %{_libdir}/samba/libCHARSET3-samba4.so | ||||||
| @ -1871,7 +1961,7 @@ fi | |||||||
| %endif | %endif | ||||||
| 
 | 
 | ||||||
| %if %{without libsmbclient} | %if %{without libsmbclient} | ||||||
| %{_libdir}/samba/libsmbclient.so.* | %{_libdir}/samba/libsmbclient.so.%{libsmbclient_so_version}* | ||||||
| %{_mandir}/man7/libsmbclient.7* | %{_mandir}/man7/libsmbclient.7* | ||||||
| #endif without libsmbclient | #endif without libsmbclient | ||||||
| %endif | %endif | ||||||
| @ -1901,6 +1991,7 @@ fi | |||||||
| ### COMMON | ### COMMON | ||||||
| %files common | %files common | ||||||
| %{_tmpfilesdir}/samba.conf | %{_tmpfilesdir}/samba.conf | ||||||
|  | %{_sysusersdir}/samba.conf | ||||||
| %dir %{_sysconfdir}/logrotate.d/ | %dir %{_sysconfdir}/logrotate.d/ | ||||||
| %config(noreplace) %{_sysconfdir}/logrotate.d/samba | %config(noreplace) %{_sysconfdir}/logrotate.d/samba | ||||||
| %attr(0700,root,root) %dir /var/log/samba | %attr(0700,root,root) %dir /var/log/samba | ||||||
| @ -1920,7 +2011,7 @@ fi | |||||||
| %{_mandir}/man5/smbpasswd.5* | %{_mandir}/man5/smbpasswd.5* | ||||||
| %{_mandir}/man7/samba.7* | %{_mandir}/man7/samba.7* | ||||||
| 
 | 
 | ||||||
| ### COMMON-libs | ### COMMON-LIBS | ||||||
| %files common-libs | %files common-libs | ||||||
| # common libraries | # common libraries | ||||||
| %{_libdir}/samba/libcmdline-samba4.so | %{_libdir}/samba/libcmdline-samba4.so | ||||||
| @ -1973,7 +2064,6 @@ fi | |||||||
| %{_sbindir}/samba | %{_sbindir}/samba | ||||||
| %{_sbindir}/samba_dnsupdate | %{_sbindir}/samba_dnsupdate | ||||||
| %{_sbindir}/samba_downgrade_db | %{_sbindir}/samba_downgrade_db | ||||||
| %{_sbindir}/samba-gpupdate |  | ||||||
| %{_sbindir}/samba_kcc | %{_sbindir}/samba_kcc | ||||||
| %{_sbindir}/samba_spnupdate | %{_sbindir}/samba_spnupdate | ||||||
| %{_sbindir}/samba_upgradedns | %{_sbindir}/samba_upgradedns | ||||||
| @ -1997,10 +2087,8 @@ fi | |||||||
| %{_libdir}/samba/ldb/extended_dn_out.so | %{_libdir}/samba/ldb/extended_dn_out.so | ||||||
| %{_libdir}/samba/ldb/extended_dn_store.so | %{_libdir}/samba/ldb/extended_dn_store.so | ||||||
| %{_libdir}/samba/ldb/group_audit_log.so | %{_libdir}/samba/ldb/group_audit_log.so | ||||||
| %{_libdir}/samba/ldb/ildap.so |  | ||||||
| %{_libdir}/samba/ldb/instancetype.so | %{_libdir}/samba/ldb/instancetype.so | ||||||
| %{_libdir}/samba/ldb/lazy_commit.so | %{_libdir}/samba/ldb/lazy_commit.so | ||||||
| %{_libdir}/samba/ldb/ldbsamba_extensions.so |  | ||||||
| %{_libdir}/samba/ldb/linked_attributes.so | %{_libdir}/samba/ldb/linked_attributes.so | ||||||
| %{_libdir}/samba/ldb/new_partition.so | %{_libdir}/samba/ldb/new_partition.so | ||||||
| %{_libdir}/samba/ldb/objectclass.so | %{_libdir}/samba/ldb/objectclass.so | ||||||
| @ -2035,7 +2123,6 @@ fi | |||||||
| %dir /var/lib/samba/sysvol | %dir /var/lib/samba/sysvol | ||||||
| %{_mandir}/man8/samba.8* | %{_mandir}/man8/samba.8* | ||||||
| %{_mandir}/man8/samba_downgrade_db.8* | %{_mandir}/man8/samba_downgrade_db.8* | ||||||
| %{_mandir}/man8/samba-gpupdate.8* |  | ||||||
| %dir %{_datadir}/samba/admx | %dir %{_datadir}/samba/admx | ||||||
| %{_datadir}/samba/admx/samba.admx | %{_datadir}/samba/admx/samba.admx | ||||||
| %dir %{_datadir}/samba/admx/en-US | %dir %{_datadir}/samba/admx/en-US | ||||||
| @ -2151,7 +2238,6 @@ fi | |||||||
| %{_includedir}/samba-4.0/ndr/ndr_krb5pac.h | %{_includedir}/samba-4.0/ndr/ndr_krb5pac.h | ||||||
| %{_includedir}/samba-4.0/ndr/ndr_svcctl.h | %{_includedir}/samba-4.0/ndr/ndr_svcctl.h | ||||||
| %{_includedir}/samba-4.0/ndr/ndr_nbt.h | %{_includedir}/samba-4.0/ndr/ndr_nbt.h | ||||||
| %{_includedir}/samba-4.0/netapi.h |  | ||||||
| %{_includedir}/samba-4.0/param.h | %{_includedir}/samba-4.0/param.h | ||||||
| %{_includedir}/samba-4.0/passdb.h | %{_includedir}/samba-4.0/passdb.h | ||||||
| %{_includedir}/samba-4.0/policy.h | %{_includedir}/samba-4.0/policy.h | ||||||
| @ -2192,7 +2278,6 @@ fi | |||||||
| %{_libdir}/libndr-nbt.so | %{_libdir}/libndr-nbt.so | ||||||
| %{_libdir}/libndr-standard.so | %{_libdir}/libndr-standard.so | ||||||
| %{_libdir}/libndr.so | %{_libdir}/libndr.so | ||||||
| %{_libdir}/libnetapi.so |  | ||||||
| %{_libdir}/libsamba-credentials.so | %{_libdir}/libsamba-credentials.so | ||||||
| %{_libdir}/libsamba-errors.so | %{_libdir}/libsamba-errors.so | ||||||
| %{_libdir}/libsamba-hostconfig.so | %{_libdir}/libsamba-hostconfig.so | ||||||
| @ -2206,7 +2291,6 @@ fi | |||||||
| %{_libdir}/pkgconfig/ndr_krb5pac.pc | %{_libdir}/pkgconfig/ndr_krb5pac.pc | ||||||
| %{_libdir}/pkgconfig/ndr_nbt.pc | %{_libdir}/pkgconfig/ndr_nbt.pc | ||||||
| %{_libdir}/pkgconfig/ndr_standard.pc | %{_libdir}/pkgconfig/ndr_standard.pc | ||||||
| %{_libdir}/pkgconfig/netapi.pc |  | ||||||
| %{_libdir}/pkgconfig/samba-credentials.pc | %{_libdir}/pkgconfig/samba-credentials.pc | ||||||
| %{_libdir}/pkgconfig/samba-hostconfig.pc | %{_libdir}/pkgconfig/samba-hostconfig.pc | ||||||
| %{_libdir}/pkgconfig/samba-util.pc | %{_libdir}/pkgconfig/samba-util.pc | ||||||
| @ -2253,11 +2337,23 @@ fi | |||||||
| %{_mandir}/man8/vfs_glusterfs.8* | %{_mandir}/man8/vfs_glusterfs.8* | ||||||
| %endif | %endif | ||||||
| 
 | 
 | ||||||
|  | ### GPUPDATE | ||||||
|  | %if %{with dc} | ||||||
|  | %files gpupdate | ||||||
|  | %{_mandir}/man8/samba-gpupdate.8* | ||||||
|  | %{_sbindir}/samba-gpupdate | ||||||
|  | %endif | ||||||
|  | 
 | ||||||
| ### KRB5-PRINTING | ### KRB5-PRINTING | ||||||
| %files krb5-printing | %files krb5-printing | ||||||
| %attr(0700,root,root) %{_libexecdir}/samba/smbspool_krb5_wrapper | %attr(0700,root,root) %{_libexecdir}/samba/smbspool_krb5_wrapper | ||||||
| %{_mandir}/man8/smbspool_krb5_wrapper.8* | %{_mandir}/man8/smbspool_krb5_wrapper.8* | ||||||
| 
 | 
 | ||||||
|  | ### LDB-LDAP-MODULES | ||||||
|  | %files ldb-ldap-modules | ||||||
|  | %{_libdir}/samba/ldb/ldbsamba_extensions.so | ||||||
|  | %{_libdir}/samba/ldb/ildap.so | ||||||
|  | 
 | ||||||
| ### LIBS | ### LIBS | ||||||
| %files libs | %files libs | ||||||
| %{_libdir}/libdcerpc-samr.so.* | %{_libdir}/libdcerpc-samr.so.* | ||||||
| @ -2273,6 +2369,16 @@ fi | |||||||
| %{_libdir}/samba/libRPC-SERVER-LOOP-samba4.so | %{_libdir}/samba/libRPC-SERVER-LOOP-samba4.so | ||||||
| %{_libdir}/samba/libRPC-WORKER-samba4.so | %{_libdir}/samba/libRPC-WORKER-samba4.so | ||||||
| 
 | 
 | ||||||
|  | ### LIBNETAPI | ||||||
|  | %files -n libnetapi | ||||||
|  | %{_libdir}/libnetapi.so.%{libnetapi_so_version}* | ||||||
|  | 
 | ||||||
|  | ### LIBNETAPI-DEVEL | ||||||
|  | %files -n libnetapi-devel | ||||||
|  | %{_includedir}/samba-4.0/netapi.h | ||||||
|  | %{_libdir}/libnetapi.so | ||||||
|  | %{_libdir}/pkgconfig/netapi.pc | ||||||
|  | 
 | ||||||
| ### LIBSMBCLIENT | ### LIBSMBCLIENT | ||||||
| %if %{with libsmbclient} | %if %{with libsmbclient} | ||||||
| %files -n libsmbclient | %files -n libsmbclient | ||||||
| @ -2290,7 +2396,7 @@ fi | |||||||
| ### LIBWBCLIENT | ### LIBWBCLIENT | ||||||
| %if %{with libwbclient} | %if %{with libwbclient} | ||||||
| %files -n libwbclient | %files -n libwbclient | ||||||
| %{_libdir}/samba/wbclient/libwbclient.so.* | %{_libdir}/samba/wbclient/libwbclient.so.%{libwbclient_so_version}* | ||||||
| 
 | 
 | ||||||
| ### LIBWBCLIENT-DEVEL | ### LIBWBCLIENT-DEVEL | ||||||
| %files -n libwbclient-devel | %files -n libwbclient-devel | ||||||
| @ -2360,18 +2466,6 @@ fi | |||||||
| %{python3_sitearch}/samba/__pycache__/dnsresolver.*.pyc | %{python3_sitearch}/samba/__pycache__/dnsresolver.*.pyc | ||||||
| %{python3_sitearch}/samba/__pycache__/drs_utils.*.pyc | %{python3_sitearch}/samba/__pycache__/drs_utils.*.pyc | ||||||
| %{python3_sitearch}/samba/__pycache__/getopt.*.pyc | %{python3_sitearch}/samba/__pycache__/getopt.*.pyc | ||||||
| %{python3_sitearch}/samba/__pycache__/gpclass.*.pyc |  | ||||||
| %{python3_sitearch}/samba/__pycache__/gp_cert_auto_enroll_ext.*.pyc |  | ||||||
| %{python3_sitearch}/samba/__pycache__/gp_chromium_ext.*.pyc |  | ||||||
| %{python3_sitearch}/samba/__pycache__/gp_ext_loader.*.pyc |  | ||||||
| %{python3_sitearch}/samba/__pycache__/gp_firefox_ext.*.pyc |  | ||||||
| %{python3_sitearch}/samba/__pycache__/gp_firewalld_ext.*.pyc |  | ||||||
| %{python3_sitearch}/samba/__pycache__/gp_gnome_settings_ext.*.pyc |  | ||||||
| %{python3_sitearch}/samba/__pycache__/gp_msgs_ext.*.pyc |  | ||||||
| %{python3_sitearch}/samba/__pycache__/gp_scripts_ext.*.pyc |  | ||||||
| %{python3_sitearch}/samba/__pycache__/gp_sec_ext.*.pyc |  | ||||||
| %{python3_sitearch}/samba/__pycache__/gp_smb_conf_ext.*.pyc |  | ||||||
| %{python3_sitearch}/samba/__pycache__/gp_sudoers_ext.*.pyc |  | ||||||
| %{python3_sitearch}/samba/__pycache__/graph.*.pyc | %{python3_sitearch}/samba/__pycache__/graph.*.pyc | ||||||
| %{python3_sitearch}/samba/__pycache__/hostconfig.*.pyc | %{python3_sitearch}/samba/__pycache__/hostconfig.*.pyc | ||||||
| %{python3_sitearch}/samba/__pycache__/idmap.*.pyc | %{python3_sitearch}/samba/__pycache__/idmap.*.pyc | ||||||
| @ -2389,14 +2483,6 @@ fi | |||||||
| %{python3_sitearch}/samba/__pycache__/trust_utils.*.pyc | %{python3_sitearch}/samba/__pycache__/trust_utils.*.pyc | ||||||
| %{python3_sitearch}/samba/__pycache__/upgrade.*.pyc | %{python3_sitearch}/samba/__pycache__/upgrade.*.pyc | ||||||
| %{python3_sitearch}/samba/__pycache__/upgradehelpers.*.pyc | %{python3_sitearch}/samba/__pycache__/upgradehelpers.*.pyc | ||||||
| %{python3_sitearch}/samba/__pycache__/vgp_access_ext.*.pyc |  | ||||||
| %{python3_sitearch}/samba/__pycache__/vgp_files_ext.*.pyc |  | ||||||
| %{python3_sitearch}/samba/__pycache__/vgp_issue_ext.*.pyc |  | ||||||
| %{python3_sitearch}/samba/__pycache__/vgp_motd_ext.*.pyc |  | ||||||
| %{python3_sitearch}/samba/__pycache__/vgp_openssh_ext.*.pyc |  | ||||||
| %{python3_sitearch}/samba/__pycache__/vgp_startup_scripts_ext.*.pyc |  | ||||||
| %{python3_sitearch}/samba/__pycache__/vgp_sudoers_ext.*.pyc |  | ||||||
| %{python3_sitearch}/samba/__pycache__/vgp_symlink_ext.*.pyc |  | ||||||
| %{python3_sitearch}/samba/__pycache__/xattr.*.pyc | %{python3_sitearch}/samba/__pycache__/xattr.*.pyc | ||||||
| %{python3_sitearch}/samba/_glue.*.so | %{python3_sitearch}/samba/_glue.*.so | ||||||
| %{python3_sitearch}/samba/_ldb.*.so | %{python3_sitearch}/samba/_ldb.*.so | ||||||
| @ -2458,11 +2544,6 @@ fi | |||||||
| %{python3_sitearch}/samba/dsdb_dns.*.so | %{python3_sitearch}/samba/dsdb_dns.*.so | ||||||
| %{python3_sitearch}/samba/gensec.*.so | %{python3_sitearch}/samba/gensec.*.so | ||||||
| %{python3_sitearch}/samba/getopt.py | %{python3_sitearch}/samba/getopt.py | ||||||
| %{python3_sitearch}/samba/gpclass.py |  | ||||||
| %{python3_sitearch}/samba/gp_gnome_settings_ext.py |  | ||||||
| %{python3_sitearch}/samba/gp_scripts_ext.py |  | ||||||
| %{python3_sitearch}/samba/gp_sec_ext.py |  | ||||||
| %{python3_sitearch}/samba/gpo.*.so |  | ||||||
| %{python3_sitearch}/samba/graph.py | %{python3_sitearch}/samba/graph.py | ||||||
| %{python3_sitearch}/samba/hostconfig.py | %{python3_sitearch}/samba/hostconfig.py | ||||||
| %{python3_sitearch}/samba/idmap.py | %{python3_sitearch}/samba/idmap.py | ||||||
| @ -2481,14 +2562,57 @@ fi | |||||||
| %{python3_sitearch}/samba/emulate/__init__.py | %{python3_sitearch}/samba/emulate/__init__.py | ||||||
| %{python3_sitearch}/samba/emulate/traffic.py | %{python3_sitearch}/samba/emulate/traffic.py | ||||||
| %{python3_sitearch}/samba/emulate/traffic_packets.py | %{python3_sitearch}/samba/emulate/traffic_packets.py | ||||||
| %{python3_sitearch}/samba/gp_cert_auto_enroll_ext.py | %dir %{python3_sitearch}/samba/gp | ||||||
| %{python3_sitearch}/samba/gp_chromium_ext.py | %dir %{python3_sitearch}/samba/gp/__pycache__ | ||||||
| %{python3_sitearch}/samba/gp_ext_loader.py | %{python3_sitearch}/samba/gp/__pycache__/gpclass.*.pyc | ||||||
| %{python3_sitearch}/samba/gp_firefox_ext.py | %{python3_sitearch}/samba/gp/__pycache__/gp_centrify_crontab_ext.*.pyc | ||||||
| %{python3_sitearch}/samba/gp_firewalld_ext.py | %{python3_sitearch}/samba/gp/__pycache__/gp_centrify_sudoers_ext.*.pyc | ||||||
| %{python3_sitearch}/samba/gp_msgs_ext.py | %{python3_sitearch}/samba/gp/__pycache__/gp_cert_auto_enroll_ext.*.pyc | ||||||
| %{python3_sitearch}/samba/gp_smb_conf_ext.py | %{python3_sitearch}/samba/gp/__pycache__/gp_chromium_ext.*.pyc | ||||||
| %{python3_sitearch}/samba/gp_sudoers_ext.py | %{python3_sitearch}/samba/gp/__pycache__/gp_ext_loader.*.pyc | ||||||
|  | %{python3_sitearch}/samba/gp/__pycache__/gp_firefox_ext.*.pyc | ||||||
|  | %{python3_sitearch}/samba/gp/__pycache__/gp_firewalld_ext.*.pyc | ||||||
|  | %{python3_sitearch}/samba/gp/__pycache__/gp_gnome_settings_ext.*.pyc | ||||||
|  | %{python3_sitearch}/samba/gp/__pycache__/gp_msgs_ext.*.pyc | ||||||
|  | %{python3_sitearch}/samba/gp/__pycache__/gp_scripts_ext.*.pyc | ||||||
|  | %{python3_sitearch}/samba/gp/__pycache__/gp_sec_ext.*.pyc | ||||||
|  | %{python3_sitearch}/samba/gp/__pycache__/gp_smb_conf_ext.*.pyc | ||||||
|  | %{python3_sitearch}/samba/gp/__pycache__/gp_sudoers_ext.*.pyc | ||||||
|  | %{python3_sitearch}/samba/gp/__pycache__/vgp_access_ext.*.pyc | ||||||
|  | %{python3_sitearch}/samba/gp/__pycache__/vgp_files_ext.*.pyc | ||||||
|  | %{python3_sitearch}/samba/gp/__pycache__/vgp_issue_ext.*.pyc | ||||||
|  | %{python3_sitearch}/samba/gp/__pycache__/vgp_motd_ext.*.pyc | ||||||
|  | %{python3_sitearch}/samba/gp/__pycache__/vgp_openssh_ext.*.pyc | ||||||
|  | %{python3_sitearch}/samba/gp/__pycache__/vgp_startup_scripts_ext.*.pyc | ||||||
|  | %{python3_sitearch}/samba/gp/__pycache__/vgp_sudoers_ext.*.pyc | ||||||
|  | %{python3_sitearch}/samba/gp/__pycache__/vgp_symlink_ext.*.pyc | ||||||
|  | %{python3_sitearch}/samba/gp/gpclass.py | ||||||
|  | %{python3_sitearch}/samba/gp/gp_gnome_settings_ext.py | ||||||
|  | %{python3_sitearch}/samba/gp/gp_scripts_ext.py | ||||||
|  | %{python3_sitearch}/samba/gp/gp_sec_ext.py | ||||||
|  | %{python3_sitearch}/samba/gp/gp_centrify_crontab_ext.py | ||||||
|  | %{python3_sitearch}/samba/gp/gp_centrify_sudoers_ext.py | ||||||
|  | %{python3_sitearch}/samba/gp/gp_cert_auto_enroll_ext.py | ||||||
|  | %{python3_sitearch}/samba/gp/gp_chromium_ext.py | ||||||
|  | %{python3_sitearch}/samba/gp/gp_ext_loader.py | ||||||
|  | %{python3_sitearch}/samba/gp/gp_firefox_ext.py | ||||||
|  | %{python3_sitearch}/samba/gp/gp_firewalld_ext.py | ||||||
|  | %{python3_sitearch}/samba/gp/gp_msgs_ext.py | ||||||
|  | %{python3_sitearch}/samba/gp/gp_smb_conf_ext.py | ||||||
|  | %{python3_sitearch}/samba/gp/gp_sudoers_ext.py | ||||||
|  | %dir %{python3_sitearch}/samba/gp/util | ||||||
|  | %dir %{python3_sitearch}/samba/gp/util/__pycache__ | ||||||
|  | %{python3_sitearch}/samba/gp/util/__pycache__/logging.*.pyc | ||||||
|  | %{python3_sitearch}/samba/gp/util/logging.py | ||||||
|  | %{python3_sitearch}/samba/gp/vgp_access_ext.py | ||||||
|  | %{python3_sitearch}/samba/gp/vgp_files_ext.py | ||||||
|  | %{python3_sitearch}/samba/gp/vgp_issue_ext.py | ||||||
|  | %{python3_sitearch}/samba/gp/vgp_motd_ext.py | ||||||
|  | %{python3_sitearch}/samba/gp/vgp_openssh_ext.py | ||||||
|  | %{python3_sitearch}/samba/gp/vgp_startup_scripts_ext.py | ||||||
|  | %{python3_sitearch}/samba/gp/vgp_sudoers_ext.py | ||||||
|  | %{python3_sitearch}/samba/gp/vgp_symlink_ext.py | ||||||
|  | %{python3_sitearch}/samba/gpo.*.so | ||||||
| %dir %{python3_sitearch}/samba/gp_parse | %dir %{python3_sitearch}/samba/gp_parse | ||||||
| %{python3_sitearch}/samba/gp_parse/__init__.py | %{python3_sitearch}/samba/gp_parse/__init__.py | ||||||
| %dir %{python3_sitearch}/samba/gp_parse/__pycache__ | %dir %{python3_sitearch}/samba/gp_parse/__pycache__ | ||||||
| @ -2583,9 +2707,11 @@ fi | |||||||
| %{python3_sitearch}/samba/samba3/mdscli.*.so | %{python3_sitearch}/samba/samba3/mdscli.*.so | ||||||
| %{python3_sitearch}/samba/samba3/param.*.so | %{python3_sitearch}/samba/samba3/param.*.so | ||||||
| %{python3_sitearch}/samba/samba3/passdb.*.so | %{python3_sitearch}/samba/samba3/passdb.*.so | ||||||
|  | %{python3_sitearch}/samba/samba3/smbconf.*.so | ||||||
| %{python3_sitearch}/samba/samba3/smbd.*.so | %{python3_sitearch}/samba/samba3/smbd.*.so | ||||||
| %{python3_sitearch}/samba/sd_utils.py | %{python3_sitearch}/samba/sd_utils.py | ||||||
| %{python3_sitearch}/samba/sites.py | %{python3_sitearch}/samba/sites.py | ||||||
|  | %{python3_sitearch}/samba/smbconf.*.so | ||||||
| %{python3_sitearch}/samba/subnets.py | %{python3_sitearch}/samba/subnets.py | ||||||
| %dir %{python3_sitearch}/samba/subunit | %dir %{python3_sitearch}/samba/subunit | ||||||
| %{python3_sitearch}/samba/subunit/__init__.py | %{python3_sitearch}/samba/subunit/__init__.py | ||||||
| @ -2597,14 +2723,6 @@ fi | |||||||
| %{python3_sitearch}/samba/trust_utils.py | %{python3_sitearch}/samba/trust_utils.py | ||||||
| %{python3_sitearch}/samba/upgrade.py | %{python3_sitearch}/samba/upgrade.py | ||||||
| %{python3_sitearch}/samba/upgradehelpers.py | %{python3_sitearch}/samba/upgradehelpers.py | ||||||
| %{python3_sitearch}/samba/vgp_access_ext.py |  | ||||||
| %{python3_sitearch}/samba/vgp_files_ext.py |  | ||||||
| %{python3_sitearch}/samba/vgp_issue_ext.py |  | ||||||
| %{python3_sitearch}/samba/vgp_motd_ext.py |  | ||||||
| %{python3_sitearch}/samba/vgp_openssh_ext.py |  | ||||||
| %{python3_sitearch}/samba/vgp_startup_scripts_ext.py |  | ||||||
| %{python3_sitearch}/samba/vgp_sudoers_ext.py |  | ||||||
| %{python3_sitearch}/samba/vgp_symlink_ext.py |  | ||||||
| %{python3_sitearch}/samba/werror.*.so | %{python3_sitearch}/samba/werror.*.so | ||||||
| %{python3_sitearch}/samba/xattr.py | %{python3_sitearch}/samba/xattr.py | ||||||
| %{python3_sitearch}/samba/xattr_native.*.so | %{python3_sitearch}/samba/xattr_native.*.so | ||||||
| @ -2750,6 +2868,7 @@ fi | |||||||
| %{python3_sitearch}/samba/tests/__pycache__/ldap_spn.*.pyc | %{python3_sitearch}/samba/tests/__pycache__/ldap_spn.*.pyc | ||||||
| %{python3_sitearch}/samba/tests/__pycache__/ldap_upn_sam_account.*.pyc | %{python3_sitearch}/samba/tests/__pycache__/ldap_upn_sam_account.*.pyc | ||||||
| %{python3_sitearch}/samba/tests/__pycache__/loadparm.*.pyc | %{python3_sitearch}/samba/tests/__pycache__/loadparm.*.pyc | ||||||
|  | %{python3_sitearch}/samba/tests/__pycache__/logfiles.*.pyc | ||||||
| %{python3_sitearch}/samba/tests/__pycache__/libsmb.*.pyc | %{python3_sitearch}/samba/tests/__pycache__/libsmb.*.pyc | ||||||
| %{python3_sitearch}/samba/tests/__pycache__/lsa_string.*.pyc | %{python3_sitearch}/samba/tests/__pycache__/lsa_string.*.pyc | ||||||
| %{python3_sitearch}/samba/tests/__pycache__/messaging.*.pyc | %{python3_sitearch}/samba/tests/__pycache__/messaging.*.pyc | ||||||
| @ -2767,6 +2886,7 @@ fi | |||||||
| %{python3_sitearch}/samba/tests/__pycache__/ntlm_auth_krb5.*.pyc | %{python3_sitearch}/samba/tests/__pycache__/ntlm_auth_krb5.*.pyc | ||||||
| %{python3_sitearch}/samba/tests/__pycache__/pam_winbind.*.pyc | %{python3_sitearch}/samba/tests/__pycache__/pam_winbind.*.pyc | ||||||
| %{python3_sitearch}/samba/tests/__pycache__/pam_winbind_chauthtok.*.pyc | %{python3_sitearch}/samba/tests/__pycache__/pam_winbind_chauthtok.*.pyc | ||||||
|  | %{python3_sitearch}/samba/tests/__pycache__/pam_winbind_setcred.*.pyc | ||||||
| %{python3_sitearch}/samba/tests/__pycache__/pam_winbind_warn_pwd_expire.*.pyc | %{python3_sitearch}/samba/tests/__pycache__/pam_winbind_warn_pwd_expire.*.pyc | ||||||
| %{python3_sitearch}/samba/tests/__pycache__/param.*.pyc | %{python3_sitearch}/samba/tests/__pycache__/param.*.pyc | ||||||
| %{python3_sitearch}/samba/tests/__pycache__/password_hash.*.pyc | %{python3_sitearch}/samba/tests/__pycache__/password_hash.*.pyc | ||||||
| @ -2797,7 +2917,9 @@ fi | |||||||
| %{python3_sitearch}/samba/tests/__pycache__/sddl.*.pyc | %{python3_sitearch}/samba/tests/__pycache__/sddl.*.pyc | ||||||
| %{python3_sitearch}/samba/tests/__pycache__/security.*.pyc | %{python3_sitearch}/samba/tests/__pycache__/security.*.pyc | ||||||
| %{python3_sitearch}/samba/tests/__pycache__/segfault.*.pyc | %{python3_sitearch}/samba/tests/__pycache__/segfault.*.pyc | ||||||
|  | %{python3_sitearch}/samba/tests/__pycache__/sid_strings.*.pyc | ||||||
| %{python3_sitearch}/samba/tests/__pycache__/smb.*.pyc | %{python3_sitearch}/samba/tests/__pycache__/smb.*.pyc | ||||||
|  | %{python3_sitearch}/samba/tests/__pycache__/smbconf.*.pyc | ||||||
| %{python3_sitearch}/samba/tests/__pycache__/smb-notify.*.pyc | %{python3_sitearch}/samba/tests/__pycache__/smb-notify.*.pyc | ||||||
| %{python3_sitearch}/samba/tests/__pycache__/smbd_base.*.pyc | %{python3_sitearch}/samba/tests/__pycache__/smbd_base.*.pyc | ||||||
| %{python3_sitearch}/samba/tests/__pycache__/smbd_fuzztest.*.pyc | %{python3_sitearch}/samba/tests/__pycache__/smbd_fuzztest.*.pyc | ||||||
| @ -2832,6 +2954,7 @@ fi | |||||||
| %{python3_sitearch}/samba/tests/blackbox/__pycache__/downgradedatabase.*.pyc | %{python3_sitearch}/samba/tests/blackbox/__pycache__/downgradedatabase.*.pyc | ||||||
| %{python3_sitearch}/samba/tests/blackbox/__pycache__/mdsearch.*.pyc | %{python3_sitearch}/samba/tests/blackbox/__pycache__/mdsearch.*.pyc | ||||||
| %{python3_sitearch}/samba/tests/blackbox/__pycache__/ndrdump.*.pyc | %{python3_sitearch}/samba/tests/blackbox/__pycache__/ndrdump.*.pyc | ||||||
|  | %{python3_sitearch}/samba/tests/blackbox/__pycache__/netads_dns.*.pyc | ||||||
| %{python3_sitearch}/samba/tests/blackbox/__pycache__/netads_json.*.pyc | %{python3_sitearch}/samba/tests/blackbox/__pycache__/netads_json.*.pyc | ||||||
| %{python3_sitearch}/samba/tests/blackbox/__pycache__/samba_dnsupdate.*.pyc | %{python3_sitearch}/samba/tests/blackbox/__pycache__/samba_dnsupdate.*.pyc | ||||||
| %{python3_sitearch}/samba/tests/blackbox/__pycache__/smbcacls.*.pyc | %{python3_sitearch}/samba/tests/blackbox/__pycache__/smbcacls.*.pyc | ||||||
| @ -2848,6 +2971,7 @@ fi | |||||||
| %{python3_sitearch}/samba/tests/blackbox/downgradedatabase.py | %{python3_sitearch}/samba/tests/blackbox/downgradedatabase.py | ||||||
| %{python3_sitearch}/samba/tests/blackbox/mdsearch.py | %{python3_sitearch}/samba/tests/blackbox/mdsearch.py | ||||||
| %{python3_sitearch}/samba/tests/blackbox/ndrdump.py | %{python3_sitearch}/samba/tests/blackbox/ndrdump.py | ||||||
|  | %{python3_sitearch}/samba/tests/blackbox/netads_dns.py | ||||||
| %{python3_sitearch}/samba/tests/blackbox/netads_json.py | %{python3_sitearch}/samba/tests/blackbox/netads_json.py | ||||||
| %{python3_sitearch}/samba/tests/blackbox/samba_dnsupdate.py | %{python3_sitearch}/samba/tests/blackbox/samba_dnsupdate.py | ||||||
| %{python3_sitearch}/samba/tests/blackbox/smbcacls.py | %{python3_sitearch}/samba/tests/blackbox/smbcacls.py | ||||||
| @ -2966,14 +3090,18 @@ fi | |||||||
| %{python3_sitearch}/samba/tests/krb5/__pycache__/as_canonicalization_tests.*.pyc | %{python3_sitearch}/samba/tests/krb5/__pycache__/as_canonicalization_tests.*.pyc | ||||||
| %{python3_sitearch}/samba/tests/krb5/__pycache__/as_req_tests.*.pyc | %{python3_sitearch}/samba/tests/krb5/__pycache__/as_req_tests.*.pyc | ||||||
| %{python3_sitearch}/samba/tests/krb5/__pycache__/compatability_tests.*.pyc | %{python3_sitearch}/samba/tests/krb5/__pycache__/compatability_tests.*.pyc | ||||||
|  | %{python3_sitearch}/samba/tests/krb5/__pycache__/etype_tests.*.pyc | ||||||
| %{python3_sitearch}/samba/tests/krb5/__pycache__/fast_tests.*.pyc | %{python3_sitearch}/samba/tests/krb5/__pycache__/fast_tests.*.pyc | ||||||
| %{python3_sitearch}/samba/tests/krb5/__pycache__/kcrypto.*.pyc | %{python3_sitearch}/samba/tests/krb5/__pycache__/kcrypto.*.pyc | ||||||
| %{python3_sitearch}/samba/tests/krb5/__pycache__/kdc_base_test.*.pyc | %{python3_sitearch}/samba/tests/krb5/__pycache__/kdc_base_test.*.pyc | ||||||
| %{python3_sitearch}/samba/tests/krb5/__pycache__/kdc_tests.*.pyc | %{python3_sitearch}/samba/tests/krb5/__pycache__/kdc_tests.*.pyc | ||||||
| %{python3_sitearch}/samba/tests/krb5/__pycache__/kdc_tgs_tests.*.pyc | %{python3_sitearch}/samba/tests/krb5/__pycache__/kdc_tgs_tests.*.pyc | ||||||
| %{python3_sitearch}/samba/tests/krb5/__pycache__/kpasswd_tests.*.pyc | %{python3_sitearch}/samba/tests/krb5/__pycache__/kpasswd_tests.*.pyc | ||||||
|  | %{python3_sitearch}/samba/tests/krb5/__pycache__/lockout_tests.*.pyc | ||||||
| %{python3_sitearch}/samba/tests/krb5/__pycache__/ms_kile_client_principal_lookup_tests.*.pyc | %{python3_sitearch}/samba/tests/krb5/__pycache__/ms_kile_client_principal_lookup_tests.*.pyc | ||||||
|  | %{python3_sitearch}/samba/tests/krb5/__pycache__/nt_hash_tests.*.pyc | ||||||
| %{python3_sitearch}/samba/tests/krb5/__pycache__/pac_align_tests.*.pyc | %{python3_sitearch}/samba/tests/krb5/__pycache__/pac_align_tests.*.pyc | ||||||
|  | %{python3_sitearch}/samba/tests/krb5/__pycache__/protected_users_tests.*.pyc | ||||||
| %{python3_sitearch}/samba/tests/krb5/__pycache__/raw_testcase.*.pyc | %{python3_sitearch}/samba/tests/krb5/__pycache__/raw_testcase.*.pyc | ||||||
| %{python3_sitearch}/samba/tests/krb5/__pycache__/rfc4120_constants.*.pyc | %{python3_sitearch}/samba/tests/krb5/__pycache__/rfc4120_constants.*.pyc | ||||||
| %{python3_sitearch}/samba/tests/krb5/__pycache__/rfc4120_pyasn1.*.pyc | %{python3_sitearch}/samba/tests/krb5/__pycache__/rfc4120_pyasn1.*.pyc | ||||||
| @ -2993,14 +3121,18 @@ fi | |||||||
| %{python3_sitearch}/samba/tests/krb5/as_canonicalization_tests.py | %{python3_sitearch}/samba/tests/krb5/as_canonicalization_tests.py | ||||||
| %{python3_sitearch}/samba/tests/krb5/as_req_tests.py | %{python3_sitearch}/samba/tests/krb5/as_req_tests.py | ||||||
| %{python3_sitearch}/samba/tests/krb5/compatability_tests.py | %{python3_sitearch}/samba/tests/krb5/compatability_tests.py | ||||||
|  | %{python3_sitearch}/samba/tests/krb5/etype_tests.py | ||||||
| %{python3_sitearch}/samba/tests/krb5/fast_tests.py | %{python3_sitearch}/samba/tests/krb5/fast_tests.py | ||||||
| %{python3_sitearch}/samba/tests/krb5/kcrypto.py | %{python3_sitearch}/samba/tests/krb5/kcrypto.py | ||||||
| %{python3_sitearch}/samba/tests/krb5/kdc_base_test.py | %{python3_sitearch}/samba/tests/krb5/kdc_base_test.py | ||||||
| %{python3_sitearch}/samba/tests/krb5/kdc_tests.py | %{python3_sitearch}/samba/tests/krb5/kdc_tests.py | ||||||
| %{python3_sitearch}/samba/tests/krb5/kdc_tgs_tests.py | %{python3_sitearch}/samba/tests/krb5/kdc_tgs_tests.py | ||||||
| %{python3_sitearch}/samba/tests/krb5/kpasswd_tests.py | %{python3_sitearch}/samba/tests/krb5/kpasswd_tests.py | ||||||
|  | %{python3_sitearch}/samba/tests/krb5/lockout_tests.py | ||||||
| %{python3_sitearch}/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py | %{python3_sitearch}/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py | ||||||
|  | %{python3_sitearch}/samba/tests/krb5/nt_hash_tests.py | ||||||
| %{python3_sitearch}/samba/tests/krb5/pac_align_tests.py | %{python3_sitearch}/samba/tests/krb5/pac_align_tests.py | ||||||
|  | %{python3_sitearch}/samba/tests/krb5/protected_users_tests.py | ||||||
| %{python3_sitearch}/samba/tests/krb5/raw_testcase.py | %{python3_sitearch}/samba/tests/krb5/raw_testcase.py | ||||||
| %{python3_sitearch}/samba/tests/krb5/rfc4120_constants.py | %{python3_sitearch}/samba/tests/krb5/rfc4120_constants.py | ||||||
| %{python3_sitearch}/samba/tests/krb5/rfc4120_pyasn1.py | %{python3_sitearch}/samba/tests/krb5/rfc4120_pyasn1.py | ||||||
| @ -3023,6 +3155,7 @@ fi | |||||||
| %{python3_sitearch}/samba/tests/ldap_upn_sam_account.py | %{python3_sitearch}/samba/tests/ldap_upn_sam_account.py | ||||||
| %{python3_sitearch}/samba/tests/libsmb.py | %{python3_sitearch}/samba/tests/libsmb.py | ||||||
| %{python3_sitearch}/samba/tests/loadparm.py | %{python3_sitearch}/samba/tests/loadparm.py | ||||||
|  | %{python3_sitearch}/samba/tests/logfiles.py | ||||||
| %{python3_sitearch}/samba/tests/lsa_string.py | %{python3_sitearch}/samba/tests/lsa_string.py | ||||||
| %{python3_sitearch}/samba/tests/messaging.py | %{python3_sitearch}/samba/tests/messaging.py | ||||||
| %{python3_sitearch}/samba/tests/ndr.py | %{python3_sitearch}/samba/tests/ndr.py | ||||||
| @ -3039,6 +3172,7 @@ fi | |||||||
| %{python3_sitearch}/samba/tests/ntlm_auth_krb5.py | %{python3_sitearch}/samba/tests/ntlm_auth_krb5.py | ||||||
| %{python3_sitearch}/samba/tests/pam_winbind.py | %{python3_sitearch}/samba/tests/pam_winbind.py | ||||||
| %{python3_sitearch}/samba/tests/pam_winbind_chauthtok.py | %{python3_sitearch}/samba/tests/pam_winbind_chauthtok.py | ||||||
|  | %{python3_sitearch}/samba/tests/pam_winbind_setcred.py | ||||||
| %{python3_sitearch}/samba/tests/pam_winbind_warn_pwd_expire.py | %{python3_sitearch}/samba/tests/pam_winbind_warn_pwd_expire.py | ||||||
| %{python3_sitearch}/samba/tests/param.py | %{python3_sitearch}/samba/tests/param.py | ||||||
| %{python3_sitearch}/samba/tests/password_hash.py | %{python3_sitearch}/samba/tests/password_hash.py | ||||||
| @ -3147,7 +3281,9 @@ fi | |||||||
| %{python3_sitearch}/samba/tests/sddl.py | %{python3_sitearch}/samba/tests/sddl.py | ||||||
| %{python3_sitearch}/samba/tests/security.py | %{python3_sitearch}/samba/tests/security.py | ||||||
| %{python3_sitearch}/samba/tests/segfault.py | %{python3_sitearch}/samba/tests/segfault.py | ||||||
|  | %{python3_sitearch}/samba/tests/sid_strings.py | ||||||
| %{python3_sitearch}/samba/tests/smb.py | %{python3_sitearch}/samba/tests/smb.py | ||||||
|  | %{python3_sitearch}/samba/tests/smbconf.py | ||||||
| %{python3_sitearch}/samba/tests/smb-notify.py | %{python3_sitearch}/samba/tests/smb-notify.py | ||||||
| %{python3_sitearch}/samba/tests/smbd_base.py | %{python3_sitearch}/samba/tests/smbd_base.py | ||||||
| %{python3_sitearch}/samba/tests/smbd_fuzztest.py | %{python3_sitearch}/samba/tests/smbd_fuzztest.py | ||||||
| @ -3190,6 +3326,12 @@ fi | |||||||
| %{_libdir}/samba/libdsdb-module-samba4.so | %{_libdir}/samba/libdsdb-module-samba4.so | ||||||
| %endif | %endif | ||||||
| 
 | 
 | ||||||
|  | ### USERSHARES | ||||||
|  | %files usershares | ||||||
|  | %config(noreplace) %{_sysconfdir}/samba/usershares.conf | ||||||
|  | %attr(1770,root,usershares) %dir /var/lib/samba/usershares | ||||||
|  | %{_sysusersdir}/samba-usershares.conf | ||||||
|  | 
 | ||||||
| ### WINBIND | ### WINBIND | ||||||
| %files winbind | %files winbind | ||||||
| %{_libdir}/samba/idmap | %{_libdir}/samba/idmap | ||||||
| @ -3268,7 +3410,6 @@ fi | |||||||
| %config(noreplace) %{_sysconfdir}/ctdb/nfs-checks.d/50.rquotad.check | %config(noreplace) %{_sysconfdir}/ctdb/nfs-checks.d/50.rquotad.check | ||||||
| 
 | 
 | ||||||
| %{_sbindir}/ctdbd | %{_sbindir}/ctdbd | ||||||
| %{_sbindir}/ctdbd_wrapper |  | ||||||
| %{_bindir}/ctdb | %{_bindir}/ctdb | ||||||
| %{_bindir}/ctdb_diagnostics | %{_bindir}/ctdb_diagnostics | ||||||
| %{_bindir}/ltdbtool | %{_bindir}/ltdbtool | ||||||
| @ -3301,7 +3442,6 @@ fi | |||||||
| %{_mandir}/man1/onnode.1.gz | %{_mandir}/man1/onnode.1.gz | ||||||
| %{_mandir}/man1/ltdbtool.1.gz | %{_mandir}/man1/ltdbtool.1.gz | ||||||
| %{_mandir}/man1/ping_pong.1.gz | %{_mandir}/man1/ping_pong.1.gz | ||||||
| %{_mandir}/man1/ctdbd_wrapper.1.gz |  | ||||||
| %{_mandir}/man5/ctdb.conf.5.gz | %{_mandir}/man5/ctdb.conf.5.gz | ||||||
| %{_mandir}/man5/ctdb-script.options.5.gz | %{_mandir}/man5/ctdb-script.options.5.gz | ||||||
| %{_mandir}/man5/ctdb.sysconfig.5.gz | %{_mandir}/man5/ctdb.sysconfig.5.gz | ||||||
| @ -4157,20 +4297,33 @@ fi | |||||||
| %endif | %endif | ||||||
| 
 | 
 | ||||||
| %changelog | %changelog | ||||||
| * Thu Feb 16 2023 Pavel Filipenský <pfilipen@redhat.com> - 4.16.4-6 | * Wed Feb 15 2023 Pavel Filipenský <pfilipen@redhat.com> - 4.17.5-2 | ||||||
| - resolves: rhbz#2170468 - Remove libnetapi dependency from dcerpc | - resolves: rhbz#2169339 - Fix winbind memory leak | ||||||
|  | - resolves: rhbz#2152899 - Fix Samba shares not accessible issue | ||||||
| 
 | 
 | ||||||
| * Thu Feb 16 2023 Pavel Filipenský <pfilipen@redhat.com> - 4.16.4-5 | * Mon Feb 13 2023 Pavel Filipenský <pfilipen@redhat.com> - 4.17.5-1 | ||||||
| - resolves: rhbz#2170394 - Fix share enum | - resolves: rhbz#2167691 - Create package samba-tools | ||||||
| - resolves: rhbz#2170467 - Add to package ctdb dependency for package samba-winbind-clients |  | ||||||
| - resolves: rhbz#2170468 - Add package dcerpc - fix winbind to retrieve user groups from AD |  | ||||||
| - resolves: rhbz#2170469 - Create package samba-tools |  | ||||||
| 
 | 
 | ||||||
| * Mon Jan 16 2023 Andreas Schneider <asn@redhat.com> - 4.16.4-4 | * Fri Jan 27 2023 Pavel Filipenský <pfilipen@redhat.com> - 4.17.5-0 | ||||||
| - related: rhbz#2154369 - Add additional patch for CVE-2022-38023 | - related: rhbz#2132051 - Update to version 4.17.5 | ||||||
| 
 | 
 | ||||||
| * Tue Dec 20 2022 Andreas Schneider <asn@redhat.com> - 4.16.4-3 | * Thu Dec 22 2022 Pavel Filipenský <pfilipen@redhat.com> - 4.17.4-1 | ||||||
| - resolves: rhbz#2154369 - Fix CVE-2022-38023 | - related: rhbz#2132051 - Create package dc-libs also for 'non-dc build' | ||||||
|  | 
 | ||||||
|  | * Tue Dec 20 2022 Pavel Filipenský <pfilipenn@redhat.com> - 4.17.4-0 | ||||||
|  | - related: rhbz#2132051 - Update to version 4.17.4 | ||||||
|  | - resolves: rhbz#2154370 - Fix CVE-2022-38023 | ||||||
|  | - resolves: rhbz#2142331 - Fix %U include directive for share listing (netshareenum) | ||||||
|  | - resolves: rhbz#2148943 - Fix Winbind to retrieve user groups from Active Directory | ||||||
|  | 
 | ||||||
|  | * Wed Nov 02 2022 Pavel Filipenský <pfilipen@redhat.com> - 4.17.2-2 | ||||||
|  | - Always add epoch to samba_depver to fix osci.brew-build.rpmdeplint.functional | ||||||
|  | - related: rhbz#2132051 | ||||||
|  | 
 | ||||||
|  | * Wed Oct 26 2022 Andreas Schneider <asn@redhat.com> - 4.17.2-1 | ||||||
|  | - resolves: rhbz#2132051 - Update to version 4.17.2 | ||||||
|  | - resolves: rhbz#2126174 - Fix CVE-2022-1615 | ||||||
|  | - resolves: rhbz#2108487 - ctdb: Add dependency to samba-winbind-clients | ||||||
| 
 | 
 | ||||||
| * Thu Aug 25 2022 Andreas Schneider <asn@redhat.com> - 4.16.4-2 | * Thu Aug 25 2022 Andreas Schneider <asn@redhat.com> - 4.16.4-2 | ||||||
| - resolves: rhbz#2120956 - Do not require samba package in python3-samba | - resolves: rhbz#2120956 - Do not require samba package in python3-samba | ||||||
|  | |||||||
		Loading…
	
		Reference in New Issue
	
	Block a user