diff --git a/.gitignore b/.gitignore index 347f3eb..9a1363f 100644 --- a/.gitignore +++ b/.gitignore @@ -355,3 +355,5 @@ samba-3.6.0pre1.tar.gz /samba-4.19.3.tar.asc /samba-4.19.4.tar.xz /samba-4.19.4.tar.asc +/samba-4.20.0rc1.tar.xz +/samba-4.20.0rc1.tar.asc diff --git a/samba-4.19-fix-gpupdate-rhel-fedora.patch b/samba-4.19-fix-gpupdate-rhel-fedora.patch deleted file mode 100644 index 6381e0a..0000000 --- a/samba-4.19-fix-gpupdate-rhel-fedora.patch +++ /dev/null @@ -1,638 +0,0 @@ -From 549b5fe579fc15d63b71b1cc8a0ebf4e4869171b Mon Sep 17 00:00:00 2001 -From: Gabriel Nagy -Date: Thu, 17 Aug 2023 01:05:54 +0300 -Subject: [PATCH 1/9] gp: Support more global trust directories - -In addition to the SUSE global trust directory, add support for RHEL and -Debian-based distributions (including Ubuntu). - -To determine the correct directory to use, we iterate over the variants -and stop at the first which is a directory. - -In case none is found, fallback to the first option which will produce a -warning as it did previously. - -Signed-off-by: Gabriel Nagy -Reviewed-by: Joseph Sutton -Reviewed-by: David Mulder -(cherry picked from commit a1b285e485c0b5a8747499bdbbb9f3f4fc025b2f) ---- - python/samba/gp/gp_cert_auto_enroll_ext.py | 12 +++++++++++- - 1 file changed, 11 insertions(+), 1 deletion(-) - -diff --git a/python/samba/gp/gp_cert_auto_enroll_ext.py b/python/samba/gp/gp_cert_auto_enroll_ext.py -index 312c8ddf467..1b90ab46e90 100644 ---- a/python/samba/gp/gp_cert_auto_enroll_ext.py -+++ b/python/samba/gp/gp_cert_auto_enroll_ext.py -@@ -45,10 +45,12 @@ cert_wrap = b""" - -----BEGIN CERTIFICATE----- - %s - -----END CERTIFICATE-----""" --global_trust_dir = '/etc/pki/trust/anchors' - endpoint_re = '(https|HTTPS)://(?P[a-zA-Z0-9.-]+)/ADPolicyProvider' + \ - '_CEP_(?P[a-zA-Z]+)/service.svc/CEP' - -+global_trust_dirs = ['/etc/pki/trust/anchors', # SUSE -+ '/etc/pki/ca-trust/source/anchors', # RHEL/Fedora -+ '/usr/local/share/ca-certificates'] # Debian/Ubuntu - - def octet_string_to_objectGUID(data): - """Convert an octet string to an objectGUID.""" -@@ -249,12 +251,20 @@ def getca(ca, url, trust_dir): - return root_certs - - -+def find_global_trust_dir(): -+ """Return the global trust dir using known paths from various Linux distros.""" -+ for trust_dir in global_trust_dirs: -+ if os.path.isdir(trust_dir): -+ return trust_dir -+ return global_trust_dirs[0] -+ - def cert_enroll(ca, ldb, trust_dir, private_dir, auth='Kerberos'): - """Install the root certificate chain.""" - data = dict({'files': [], 'templates': []}, **ca) - url = 'http://%s/CertSrv/mscep/mscep.dll/pkiclient.exe?' % ca['hostname'] - root_certs = getca(ca, url, trust_dir) - data['files'].extend(root_certs) -+ global_trust_dir = find_global_trust_dir() - for src in root_certs: - # Symlink the certs to global trust dir - dst = os.path.join(global_trust_dir, os.path.basename(src)) --- -2.43.0 - - -From c624a1e9b1d09fe2bb3f9778cb616230e57168a8 Mon Sep 17 00:00:00 2001 -From: Gabriel Nagy -Date: Thu, 17 Aug 2023 01:09:28 +0300 -Subject: [PATCH 2/9] gp: Support update-ca-trust helper - -This is used on RHEL/Fedora instead of update-ca-certificates. They -behave similarly so it's enough to change the command name. - -Signed-off-by: Gabriel Nagy -Reviewed-by: Joseph Sutton -Reviewed-by: David Mulder -(cherry picked from commit fa80d1d86439749c44e60cf9075e84dc9ed3c268) ---- - python/samba/gp/gp_cert_auto_enroll_ext.py | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -diff --git a/python/samba/gp/gp_cert_auto_enroll_ext.py b/python/samba/gp/gp_cert_auto_enroll_ext.py -index 1b90ab46e90..cefdafa21b2 100644 ---- a/python/samba/gp/gp_cert_auto_enroll_ext.py -+++ b/python/samba/gp/gp_cert_auto_enroll_ext.py -@@ -258,6 +258,10 @@ def find_global_trust_dir(): - return trust_dir - return global_trust_dirs[0] - -+def update_ca_command(): -+ """Return the command to update the CA trust store.""" -+ return which('update-ca-certificates') or which('update-ca-trust') -+ - def cert_enroll(ca, ldb, trust_dir, private_dir, auth='Kerberos'): - """Install the root certificate chain.""" - data = dict({'files': [], 'templates': []}, **ca) -@@ -283,7 +287,7 @@ def cert_enroll(ca, ldb, trust_dir, private_dir, auth='Kerberos'): - # already exists. Ignore the FileExistsError. Preserve the - # existing symlink in the unapply data. - data['files'].append(dst) -- update = which('update-ca-certificates') -+ update = update_ca_command() - if update is not None: - Popen([update]).wait() - # Setup Certificate Auto Enrollment --- -2.43.0 - - -From 086406ca457cc17e15001fb44802276ada068679 Mon Sep 17 00:00:00 2001 -From: Gabriel Nagy -Date: Fri, 11 Aug 2023 18:46:42 +0300 -Subject: [PATCH 3/9] gp: Change root cert extension suffix - -On Ubuntu, certificates must end in '.crt' in order to be considered by -the `update-ca-certificates` helper. - -Signed-off-by: Gabriel Nagy -Reviewed-by: Joseph Sutton -Reviewed-by: David Mulder -(cherry picked from commit bce3a89204545dcab5fb39a712590f6e166f997b) ---- - python/samba/gp/gp_cert_auto_enroll_ext.py | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/python/samba/gp/gp_cert_auto_enroll_ext.py b/python/samba/gp/gp_cert_auto_enroll_ext.py -index cefdafa21b2..c562722906b 100644 ---- a/python/samba/gp/gp_cert_auto_enroll_ext.py -+++ b/python/samba/gp/gp_cert_auto_enroll_ext.py -@@ -241,7 +241,8 @@ def getca(ca, url, trust_dir): - certs = load_der_pkcs7_certificates(r.content) - for i in range(0, len(certs)): - cert = certs[i].public_bytes(Encoding.PEM) -- dest = '%s.%d' % (root_cert, i) -+ filename, extension = root_cert.rsplit('.', 1) -+ dest = '%s.%d.%s' % (filename, i, extension) - with open(dest, 'wb') as w: - w.write(cert) - root_certs.append(dest) --- -2.43.0 - - -From c57c32020cc9017191b8c8657ebabe00d552a6e3 Mon Sep 17 00:00:00 2001 -From: Gabriel Nagy -Date: Fri, 18 Aug 2023 17:06:43 +0300 -Subject: [PATCH 4/9] gp: Test with binary content for certificate data - -This fails all GPO-related tests that call `gpupdate --rsop`. - -Signed-off-by: Gabriel Nagy -Reviewed-by: Joseph Sutton -Reviewed-by: David Mulder -(cherry picked from commit 1ef722cf66f9ec99f52939f1cfca031c5fe1ad70) ---- - python/samba/tests/gpo.py | 8 ++++---- - selftest/knownfail.d/gpo | 13 +++++++++++++ - 2 files changed, 17 insertions(+), 4 deletions(-) - create mode 100644 selftest/knownfail.d/gpo - -diff --git a/python/samba/tests/gpo.py b/python/samba/tests/gpo.py -index e4b75cc62a4..963f873f755 100644 ---- a/python/samba/tests/gpo.py -+++ b/python/samba/tests/gpo.py -@@ -6783,14 +6783,14 @@ class GPOTests(tests.TestCase): - ldb.add({'dn': certa_dn, - 'objectClass': 'certificationAuthority', - 'authorityRevocationList': ['XXX'], -- 'cACertificate': 'XXX', -+ 'cACertificate': b'0\x82\x03u0\x82\x02]\xa0\x03\x02\x01\x02\x02\x10I', - 'certificateRevocationList': ['XXX'], - }) - # Write the dummy pKIEnrollmentService - enroll_dn = 'CN=%s,CN=Enrollment Services,%s' % (ca_cn, confdn) - ldb.add({'dn': enroll_dn, - 'objectClass': 'pKIEnrollmentService', -- 'cACertificate': 'XXXX', -+ 'cACertificate': b'0\x82\x03u0\x82\x02]\xa0\x03\x02\x01\x02\x02\x10I', - 'certificateTemplates': ['Machine'], - 'dNSHostName': hostname, - }) -@@ -7201,14 +7201,14 @@ class GPOTests(tests.TestCase): - ldb.add({'dn': certa_dn, - 'objectClass': 'certificationAuthority', - 'authorityRevocationList': ['XXX'], -- 'cACertificate': 'XXX', -+ 'cACertificate': b'0\x82\x03u0\x82\x02]\xa0\x03\x02\x01\x02\x02\x10I', - 'certificateRevocationList': ['XXX'], - }) - # Write the dummy pKIEnrollmentService - enroll_dn = 'CN=%s,CN=Enrollment Services,%s' % (ca_cn, confdn) - ldb.add({'dn': enroll_dn, - 'objectClass': 'pKIEnrollmentService', -- 'cACertificate': 'XXXX', -+ 'cACertificate': b'0\x82\x03u0\x82\x02]\xa0\x03\x02\x01\x02\x02\x10I', - 'certificateTemplates': ['Machine'], - 'dNSHostName': hostname, - }) -diff --git a/selftest/knownfail.d/gpo b/selftest/knownfail.d/gpo -new file mode 100644 -index 00000000000..0aad59607c2 ---- /dev/null -+++ b/selftest/knownfail.d/gpo -@@ -0,0 +1,13 @@ -+^samba.tests.gpo.samba.tests.gpo.GPOTests.test_gp_user_centrify_crontab_ext -+^samba.tests.gpo.samba.tests.gpo.GPOTests.test_gp_user_scripts_ext -+^samba.tests.gpo.samba.tests.gpo.GPOTests.test_rsop -+^samba.tests.gpo.samba.tests.gpo.GPOTests.test_vgp_access -+^samba.tests.gpo.samba.tests.gpo.GPOTests.test_vgp_files -+^samba.tests.gpo.samba.tests.gpo.GPOTests.test_vgp_issue -+^samba.tests.gpo.samba.tests.gpo.GPOTests.test_vgp_motd -+^samba.tests.gpo.samba.tests.gpo.GPOTests.test_vgp_openssh -+^samba.tests.gpo.samba.tests.gpo.GPOTests.test_vgp_startup_scripts -+^samba.tests.gpo.samba.tests.gpo.GPOTests.test_vgp_sudoers -+^samba.tests.gpo.samba.tests.gpo.GPOTests.test_vgp_symlink -+^samba.tests.gpo.samba.tests.gpo.GPOTests.test_advanced_gp_cert_auto_enroll_ext -+^samba.tests.gpo.samba.tests.gpo.GPOTests.test_gp_cert_auto_enroll_ext --- -2.43.0 - - -From c53b2994fd13f4c74cee891e725a4558cdb06b2d Mon Sep 17 00:00:00 2001 -From: Gabriel Nagy -Date: Wed, 16 Aug 2023 12:20:11 +0300 -Subject: [PATCH 5/9] gp: Convert CA certificates to base64 - -I don't know whether this applies universally, but in our case the -contents of `es['cACertificate'][0]` are binary, so cleanly converting -to a string fails with the following: - -'utf-8' codec can't decode byte 0x82 in position 1: invalid start byte - -We found a fix to be encoding the certificate to base64 when -constructing the CA list. - -Section 4.4.5.2 of MS-CAESO also suggests that the content of -`cACertificate` is binary (OCTET string). - -Signed-off-by: Gabriel Nagy -Reviewed-by: Joseph Sutton -Reviewed-by: David Mulder -(cherry picked from commit 157335ee93eb866f9b6a47486a5668d6e76aced5) ---- - python/samba/gp/gp_cert_auto_enroll_ext.py | 5 ++--- - selftest/knownfail.d/gpo | 13 ------------- - 2 files changed, 2 insertions(+), 16 deletions(-) - delete mode 100644 selftest/knownfail.d/gpo - -diff --git a/python/samba/gp/gp_cert_auto_enroll_ext.py b/python/samba/gp/gp_cert_auto_enroll_ext.py -index c562722906b..c8b5368c16a 100644 ---- a/python/samba/gp/gp_cert_auto_enroll_ext.py -+++ b/python/samba/gp/gp_cert_auto_enroll_ext.py -@@ -158,7 +158,7 @@ def fetch_certification_authorities(ldb): - for es in res: - data = { 'name': get_string(es['cn'][0]), - 'hostname': get_string(es['dNSHostName'][0]), -- 'cACertificate': get_string(es['cACertificate'][0]) -+ 'cACertificate': get_string(base64.b64encode(es['cACertificate'][0])) - } - result.append(data) - return result -@@ -176,8 +176,7 @@ def fetch_template_attrs(ldb, name, attrs=None): - return {'msPKI-Minimal-Key-Size': ['2048']} - - def format_root_cert(cert): -- cert = base64.b64encode(cert.encode()) -- return cert_wrap % re.sub(b"(.{64})", b"\\1\n", cert, 0, re.DOTALL) -+ return cert_wrap % re.sub(b"(.{64})", b"\\1\n", cert.encode(), 0, re.DOTALL) - - def find_cepces_submit(): - certmonger_dirs = [os.environ.get("PATH"), '/usr/lib/certmonger', -diff --git a/selftest/knownfail.d/gpo b/selftest/knownfail.d/gpo -deleted file mode 100644 -index 0aad59607c2..00000000000 ---- a/selftest/knownfail.d/gpo -+++ /dev/null -@@ -1,13 +0,0 @@ --^samba.tests.gpo.samba.tests.gpo.GPOTests.test_gp_user_centrify_crontab_ext --^samba.tests.gpo.samba.tests.gpo.GPOTests.test_gp_user_scripts_ext --^samba.tests.gpo.samba.tests.gpo.GPOTests.test_rsop --^samba.tests.gpo.samba.tests.gpo.GPOTests.test_vgp_access --^samba.tests.gpo.samba.tests.gpo.GPOTests.test_vgp_files --^samba.tests.gpo.samba.tests.gpo.GPOTests.test_vgp_issue --^samba.tests.gpo.samba.tests.gpo.GPOTests.test_vgp_motd --^samba.tests.gpo.samba.tests.gpo.GPOTests.test_vgp_openssh --^samba.tests.gpo.samba.tests.gpo.GPOTests.test_vgp_startup_scripts --^samba.tests.gpo.samba.tests.gpo.GPOTests.test_vgp_sudoers --^samba.tests.gpo.samba.tests.gpo.GPOTests.test_vgp_symlink --^samba.tests.gpo.samba.tests.gpo.GPOTests.test_advanced_gp_cert_auto_enroll_ext --^samba.tests.gpo.samba.tests.gpo.GPOTests.test_gp_cert_auto_enroll_ext --- -2.43.0 - - -From fd13702a9cd6475a14113de87ccad6588d2d443b Mon Sep 17 00:00:00 2001 -From: Gabriel Nagy -Date: Fri, 18 Aug 2023 17:16:23 +0300 -Subject: [PATCH 6/9] gp: Test adding new cert templates enforces changes - -Ensure that cepces-submit reporting additional templates and re-applying -will enforce the updated policy. - -Signed-off-by: Gabriel Nagy -Reviewed-by: Joseph Sutton -Reviewed-by: David Mulder -(cherry picked from commit 2d6943a864405f324c467e8c3464c31ac08457b0) ---- - python/samba/tests/bin/cepces-submit | 3 +- - python/samba/tests/gpo.py | 48 ++++++++++++++++++++++++++++ - selftest/knownfail.d/gpo | 2 ++ - 3 files changed, 52 insertions(+), 1 deletion(-) - create mode 100644 selftest/knownfail.d/gpo - -diff --git a/python/samba/tests/bin/cepces-submit b/python/samba/tests/bin/cepces-submit -index 668682a9f58..de63164692b 100755 ---- a/python/samba/tests/bin/cepces-submit -+++ b/python/samba/tests/bin/cepces-submit -@@ -14,4 +14,5 @@ if __name__ == "__main__": - assert opts.auth == 'Kerberos' - if 'CERTMONGER_OPERATION' in os.environ and \ - os.environ['CERTMONGER_OPERATION'] == 'GET-SUPPORTED-TEMPLATES': -- print('Machine') # Report a Machine template -+ templates = os.environ.get('CEPCES_SUBMIT_SUPPORTED_TEMPLATES', 'Machine').split(',') -+ print('\n'.join(templates)) # Report the requested templates -diff --git a/python/samba/tests/gpo.py b/python/samba/tests/gpo.py -index 963f873f755..e75c411bde7 100644 ---- a/python/samba/tests/gpo.py -+++ b/python/samba/tests/gpo.py -@@ -6812,6 +6812,23 @@ class GPOTests(tests.TestCase): - self.assertTrue(os.path.exists(machine_crt), - 'Machine key was not generated') - -+ # Subsequent apply should react to new certificate templates -+ os.environ['CEPCES_SUBMIT_SUPPORTED_TEMPLATES'] = 'Machine,Workstation' -+ self.addCleanup(os.environ.pop, 'CEPCES_SUBMIT_SUPPORTED_TEMPLATES') -+ ext.process_group_policy([], gpos, dname, dname) -+ self.assertTrue(os.path.exists(ca_crt), -+ 'Root CA certificate was not requested') -+ self.assertTrue(os.path.exists(machine_crt), -+ 'Machine certificate was not requested') -+ self.assertTrue(os.path.exists(machine_crt), -+ 'Machine key was not generated') -+ workstation_crt = os.path.join(dname, '%s.Workstation.crt' % ca_cn) -+ self.assertTrue(os.path.exists(workstation_crt), -+ 'Workstation certificate was not requested') -+ workstation_key = os.path.join(dname, '%s.Workstation.key' % ca_cn) -+ self.assertTrue(os.path.exists(workstation_crt), -+ 'Workstation key was not generated') -+ - # Verify RSOP does not fail - ext.rsop([g for g in gpos if g.name == guid][0]) - -@@ -6829,11 +6846,17 @@ class GPOTests(tests.TestCase): - 'Machine certificate was not removed') - self.assertFalse(os.path.exists(machine_crt), - 'Machine key was not removed') -+ self.assertFalse(os.path.exists(workstation_crt), -+ 'Workstation certificate was not removed') -+ self.assertFalse(os.path.exists(workstation_crt), -+ 'Workstation key was not removed') - out, _ = Popen(['getcert', 'list-cas'], stdout=PIPE).communicate() - self.assertNotIn(get_bytes(ca_cn), out, 'CA was not removed') - out, _ = Popen(['getcert', 'list'], stdout=PIPE).communicate() - self.assertNotIn(b'Machine', out, - 'Machine certificate not removed') -+ self.assertNotIn(b'Workstation', out, -+ 'Workstation certificate not removed') - - # Remove the dummy CA, pKIEnrollmentService, and pKICertificateTemplate - ldb.delete(certa_dn) -@@ -7233,6 +7256,25 @@ class GPOTests(tests.TestCase): - self.assertTrue(os.path.exists(machine_crt), - 'Machine key was not generated') - -+ # Subsequent apply should react to new certificate templates -+ os.environ['CEPCES_SUBMIT_SUPPORTED_TEMPLATES'] = 'Machine,Workstation' -+ self.addCleanup(os.environ.pop, 'CEPCES_SUBMIT_SUPPORTED_TEMPLATES') -+ ext.process_group_policy([], gpos, dname, dname) -+ for ca in ca_list: -+ self.assertTrue(os.path.exists(ca_crt), -+ 'Root CA certificate was not requested') -+ self.assertTrue(os.path.exists(machine_crt), -+ 'Machine certificate was not requested') -+ self.assertTrue(os.path.exists(machine_crt), -+ 'Machine key was not generated') -+ -+ workstation_crt = os.path.join(dname, '%s.Workstation.crt' % ca) -+ self.assertTrue(os.path.exists(workstation_crt), -+ 'Workstation certificate was not requested') -+ workstation_key = os.path.join(dname, '%s.Workstation.key' % ca) -+ self.assertTrue(os.path.exists(workstation_crt), -+ 'Workstation key was not generated') -+ - # Verify RSOP does not fail - ext.rsop([g for g in gpos if g.name == guid][0]) - -@@ -7250,12 +7292,18 @@ class GPOTests(tests.TestCase): - 'Machine certificate was not removed') - self.assertFalse(os.path.exists(machine_crt), - 'Machine key was not removed') -+ self.assertFalse(os.path.exists(workstation_crt), -+ 'Workstation certificate was not removed') -+ self.assertFalse(os.path.exists(workstation_crt), -+ 'Workstation key was not removed') - out, _ = Popen(['getcert', 'list-cas'], stdout=PIPE).communicate() - for ca in ca_list: - self.assertNotIn(get_bytes(ca), out, 'CA was not removed') - out, _ = Popen(['getcert', 'list'], stdout=PIPE).communicate() - self.assertNotIn(b'Machine', out, - 'Machine certificate not removed') -+ self.assertNotIn(b'Workstation', out, -+ 'Workstation certificate not removed') - - # Remove the dummy CA, pKIEnrollmentService, and pKICertificateTemplate - ldb.delete(certa_dn) -diff --git a/selftest/knownfail.d/gpo b/selftest/knownfail.d/gpo -new file mode 100644 -index 00000000000..4edc1dce730 ---- /dev/null -+++ b/selftest/knownfail.d/gpo -@@ -0,0 +1,2 @@ -+^samba.tests.gpo.samba.tests.gpo.GPOTests.test_advanced_gp_cert_auto_enroll_ext -+^samba.tests.gpo.samba.tests.gpo.GPOTests.test_gp_cert_auto_enroll_ext --- -2.43.0 - - -From 4578c6664ab6eac476ee10afae4a1a95b3b63272 Mon Sep 17 00:00:00 2001 -From: Gabriel Nagy -Date: Wed, 16 Aug 2023 12:37:17 +0300 -Subject: [PATCH 7/9] gp: Template changes should invalidate cache - -If certificate templates are added or removed, the autoenroll extension -should react to this and reapply the policy. Previously this wasn't -taken into account. - -Signed-off-by: Gabriel Nagy -Reviewed-by: Joseph Sutton -Reviewed-by: David Mulder -(cherry picked from commit 2a6ae997f2464b12b72b5314fa80d9784fb0f6c1) ---- - python/samba/gp/gp_cert_auto_enroll_ext.py | 15 ++++++++++----- - selftest/knownfail.d/gpo | 2 -- - 2 files changed, 10 insertions(+), 7 deletions(-) - delete mode 100644 selftest/knownfail.d/gpo - -diff --git a/python/samba/gp/gp_cert_auto_enroll_ext.py b/python/samba/gp/gp_cert_auto_enroll_ext.py -index c8b5368c16a..8233713e8ad 100644 ---- a/python/samba/gp/gp_cert_auto_enroll_ext.py -+++ b/python/samba/gp/gp_cert_auto_enroll_ext.py -@@ -262,6 +262,11 @@ def update_ca_command(): - """Return the command to update the CA trust store.""" - return which('update-ca-certificates') or which('update-ca-trust') - -+def changed(new_data, old_data): -+ """Return True if any key present in both dicts has changed.""" -+ return any((new_data[k] != old_data[k] if k in old_data else False) \ -+ for k in new_data.keys()) -+ - def cert_enroll(ca, ldb, trust_dir, private_dir, auth='Kerberos'): - """Install the root certificate chain.""" - data = dict({'files': [], 'templates': []}, **ca) -@@ -351,12 +356,12 @@ class gp_cert_auto_enroll_ext(gp_pol_ext, gp_applier): - # If the policy has changed, unapply, then apply new policy - old_val = self.cache_get_attribute_value(guid, attribute) - old_data = json.loads(old_val) if old_val is not None else {} -- if all([(ca[k] == old_data[k] if k in old_data else False) \ -- for k in ca.keys()]) or \ -- self.cache_get_apply_state() == GPOSTATE.ENFORCE: -+ templates = ['%s.%s' % (ca['name'], t.decode()) for t in get_supported_templates(ca['hostname'])] -+ new_data = { 'templates': templates, **ca } -+ if changed(new_data, old_data) or self.cache_get_apply_state() == GPOSTATE.ENFORCE: - self.unapply(guid, attribute, old_val) -- # If policy is already applied, skip application -- if old_val is not None and \ -+ # If policy is already applied and unchanged, skip application -+ if old_val is not None and not changed(new_data, old_data) and \ - self.cache_get_apply_state() != GPOSTATE.ENFORCE: - return - -diff --git a/selftest/knownfail.d/gpo b/selftest/knownfail.d/gpo -deleted file mode 100644 -index 4edc1dce730..00000000000 ---- a/selftest/knownfail.d/gpo -+++ /dev/null -@@ -1,2 +0,0 @@ --^samba.tests.gpo.samba.tests.gpo.GPOTests.test_advanced_gp_cert_auto_enroll_ext --^samba.tests.gpo.samba.tests.gpo.GPOTests.test_gp_cert_auto_enroll_ext --- -2.43.0 - - -From 2d641b736b42f7623955f251ad354439b954159d Mon Sep 17 00:00:00 2001 -From: Gabriel Nagy -Date: Fri, 18 Aug 2023 17:26:59 +0300 -Subject: [PATCH 8/9] gp: Test disabled enrollment unapplies policy - -For this we need to stage a Registry.pol file with certificate -autoenrollment enabled, but with checkboxes unticked. - -Signed-off-by: Gabriel Nagy -Reviewed-by: Joseph Sutton -Reviewed-by: David Mulder -(cherry picked from commit ee814f7707a8ddef2657212cd6d31799501b7bb3) ---- - python/samba/tests/gpo.py | 54 +++++++++++++++++++++++++++++++++++++++ - selftest/knownfail.d/gpo | 1 + - 2 files changed, 55 insertions(+) - create mode 100644 selftest/knownfail.d/gpo - -diff --git a/python/samba/tests/gpo.py b/python/samba/tests/gpo.py -index e75c411bde7..580f3568de8 100644 ---- a/python/samba/tests/gpo.py -+++ b/python/samba/tests/gpo.py -@@ -281,6 +281,28 @@ b""" - - """ - -+auto_enroll_unchecked_reg_pol = \ -+b""" -+ -+ -+ -+ Software\Policies\Microsoft\Cryptography\AutoEnrollment -+ AEPolicy -+ 0 -+ -+ -+ Software\Policies\Microsoft\Cryptography\AutoEnrollment -+ OfflineExpirationPercent -+ 10 -+ -+ -+ Software\Policies\Microsoft\Cryptography\AutoEnrollment -+ OfflineExpirationStoreNames -+ MY -+ -+ -+""" -+ - advanced_enroll_reg_pol = \ - b""" - -@@ -6836,6 +6858,38 @@ class GPOTests(tests.TestCase): - ret = rsop(self.lp) - self.assertEqual(ret, 0, 'gpupdate --rsop failed!') - -+ # Remove policy by staging pol file with auto-enroll unchecked -+ parser.load_xml(etree.fromstring(auto_enroll_unchecked_reg_pol.strip())) -+ ret = stage_file(reg_pol, ndr_pack(parser.pol_file)) -+ self.assertTrue(ret, 'Could not create the target %s' % reg_pol) -+ ext.process_group_policy([], gpos, dname, dname) -+ self.assertFalse(os.path.exists(ca_crt), -+ 'Root CA certificate was not removed') -+ self.assertFalse(os.path.exists(machine_crt), -+ 'Machine certificate was not removed') -+ self.assertFalse(os.path.exists(machine_crt), -+ 'Machine key was not removed') -+ self.assertFalse(os.path.exists(workstation_crt), -+ 'Workstation certificate was not removed') -+ self.assertFalse(os.path.exists(workstation_crt), -+ 'Workstation key was not removed') -+ -+ # Reapply policy by staging the enabled pol file -+ parser.load_xml(etree.fromstring(auto_enroll_reg_pol.strip())) -+ ret = stage_file(reg_pol, ndr_pack(parser.pol_file)) -+ self.assertTrue(ret, 'Could not create the target %s' % reg_pol) -+ ext.process_group_policy([], gpos, dname, dname) -+ self.assertTrue(os.path.exists(ca_crt), -+ 'Root CA certificate was not requested') -+ self.assertTrue(os.path.exists(machine_crt), -+ 'Machine certificate was not requested') -+ self.assertTrue(os.path.exists(machine_crt), -+ 'Machine key was not generated') -+ self.assertTrue(os.path.exists(workstation_crt), -+ 'Workstation certificate was not requested') -+ self.assertTrue(os.path.exists(workstation_crt), -+ 'Workstation key was not generated') -+ - # Remove policy - gp_db = store.get_gplog(machine_creds.get_username()) - del_gpos = get_deleted_gpos_list(gp_db, []) -diff --git a/selftest/knownfail.d/gpo b/selftest/knownfail.d/gpo -new file mode 100644 -index 00000000000..83bc9f0ac1f ---- /dev/null -+++ b/selftest/knownfail.d/gpo -@@ -0,0 +1 @@ -+^samba.tests.gpo.samba.tests.gpo.GPOTests.test_gp_cert_auto_enroll_ext --- -2.43.0 - - -From e5588f8800899894388284468b9e25463d3c3e6c Mon Sep 17 00:00:00 2001 -From: Gabriel Nagy -Date: Wed, 16 Aug 2023 12:33:59 +0300 -Subject: [PATCH 9/9] gp: Send list of keys instead of dict to remove - -`cache_get_all_attribute_values` returns a dict whereas we need to pass -a list of keys to `remove`. These will be interpolated in the gpdb search. - -Signed-off-by: Gabriel Nagy -Reviewed-by: Joseph Sutton -Reviewed-by: David Mulder - -Autobuild-User(master): Andrew Bartlett -Autobuild-Date(master): Mon Aug 28 03:01:22 UTC 2023 on atb-devel-224 - -(cherry picked from commit 7dc181757c76b881ceaf1915ebb0bfbcf5aca83a) ---- - python/samba/gp/gp_cert_auto_enroll_ext.py | 2 +- - selftest/knownfail.d/gpo | 1 - - 2 files changed, 1 insertion(+), 2 deletions(-) - delete mode 100644 selftest/knownfail.d/gpo - -diff --git a/python/samba/gp/gp_cert_auto_enroll_ext.py b/python/samba/gp/gp_cert_auto_enroll_ext.py -index 8233713e8ad..64c35782ae8 100644 ---- a/python/samba/gp/gp_cert_auto_enroll_ext.py -+++ b/python/samba/gp/gp_cert_auto_enroll_ext.py -@@ -415,7 +415,7 @@ class gp_cert_auto_enroll_ext(gp_pol_ext, gp_applier): - # remove any existing policy - ca_attrs = \ - self.cache_get_all_attribute_values(gpo.name) -- self.clean(gpo.name, remove=ca_attrs) -+ self.clean(gpo.name, remove=list(ca_attrs.keys())) - - def __read_cep_data(self, guid, ldb, end_point_information, - trust_dir, private_dir): -diff --git a/selftest/knownfail.d/gpo b/selftest/knownfail.d/gpo -deleted file mode 100644 -index 83bc9f0ac1f..00000000000 ---- a/selftest/knownfail.d/gpo -+++ /dev/null -@@ -1 +0,0 @@ --^samba.tests.gpo.samba.tests.gpo.GPOTests.test_gp_cert_auto_enroll_ext --- -2.43.0 - diff --git a/samba-4.19-fix-gpupdate-site-aware.patch b/samba-4.19-fix-gpupdate-site-aware.patch deleted file mode 100644 index 3354bb0..0000000 --- a/samba-4.19-fix-gpupdate-site-aware.patch +++ /dev/null @@ -1,61 +0,0 @@ -From 372b8f15ccf37c491f43ec7ab81be692ff0fcfed Mon Sep 17 00:00:00 2001 -From: David Mulder -Date: Fri, 5 Jan 2024 08:47:07 -0700 -Subject: [PATCH] WIP: gp: Skip site GP list if no site is found - -[MS-GPOL] 3.2.5.1.4 Site Search says if the site -search returns ERROR_NO_SITENAME, the GP site -search should be skipped. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=15548 - -Signed-off-by: David Mulder ---- - python/samba/gp/gpclass.py | 30 ++++++++++++++++++------------ - 1 file changed, 18 insertions(+), 12 deletions(-) - -diff --git a/python/samba/gp/gpclass.py b/python/samba/gp/gpclass.py -index b7a0dcb0ed5..26c2386847e 100644 ---- a/python/samba/gp/gpclass.py -+++ b/python/samba/gp/gpclass.py -@@ -896,19 +896,25 @@ def get_gpo_list(dc_hostname, creds, lp, username): - - # (S)ite - if gpo_list_machine: -- site_dn = site_dn_for_machine(samdb, dc_hostname, lp, creds, username) -- - try: -- log.debug("get_gpo_list: query SITE: [%s] for GPOs" % site_dn) -- gp_link = get_gpo_link(samdb, site_dn) -- except ldb.LdbError as e: -- (enum, estr) = e.args -- log.debug(estr) -- else: -- add_gplink_to_gpo_list(samdb, gpo_list, forced_gpo_list, -- site_dn, gp_link, -- gpo.GP_LINK_SITE, -- add_only_forced_gpos, token) -+ site_dn = site_dn_for_machine(samdb, dc_hostname, lp, creds, username) -+ -+ try: -+ log.debug("get_gpo_list: query SITE: [%s] for GPOs" % site_dn) -+ gp_link = get_gpo_link(samdb, site_dn) -+ except ldb.LdbError as e: -+ (enum, estr) = e.args -+ log.debug(estr) -+ else: -+ add_gplink_to_gpo_list(samdb, gpo_list, forced_gpo_list, -+ site_dn, gp_link, -+ gpo.GP_LINK_SITE, -+ add_only_forced_gpos, token) -+ except ldb.LdbError: -+ # [MS-GPOL] 3.2.5.1.4 Site Search: If the method returns -+ # ERROR_NO_SITENAME, the remainder of this message MUST be skipped -+ # and the protocol sequence MUST continue at GPO Search -+ pass - - # (L)ocal - gpo_list.insert(0, gpo.GROUP_POLICY_OBJECT("Local Policy", --- -GitLab - diff --git a/samba.spec b/samba.spec index 136e8e3..e55167e 100644 --- a/samba.spec +++ b/samba.spec @@ -146,10 +146,10 @@ %define samba_requires_eq() %(LC_ALL="C" echo '%*' | xargs -r rpm -q --qf 'Requires: %%{name} = %%{epoch}:%%{version}\\n' | sed -e 's/ (none):/ /' -e 's/ 0:/ /' | grep -v "is not") -%global samba_version 4.19.4 -%global baserelease 4 +%global samba_version 4.20.0 +%global baserelease 1 # This should be rc1 or %%nil -%global pre_release %nil +%global pre_release rc1 %global samba_release %{baserelease} %if "x%{?pre_release}" != "x" @@ -164,7 +164,7 @@ %global libdcerpc_so_version 0 %global libndr_krb5pac_so_version 0 %global libndr_nbt_so_version 0 -%global libndr_so_version 3 +%global libndr_so_version 4 %global libndr_standard_so_version 0 %global libnetapi_so_version 1 %global libsamba_credentials_so_version 1 @@ -180,10 +180,10 @@ %global libsmbclient_so_version 0 %global libwbclient_so_version 0 -%global talloc_version 2.4.1 -%global tdb_version 1.4.9 -%global tevent_version 0.15.0 -%global ldb_version 2.8.0 +%global talloc_version 2.4.2 +%global tdb_version 1.4.10 +%global tevent_version 0.16.1 +%global ldb_version 2.9.0 %global required_mit_krb5 1.20.1 @@ -238,9 +238,6 @@ Source18: samba-winbind-systemd-sysusers.conf Source201: README.downgrade Source202: samba.abignore -Patch0: samba-4.19-fix-gpupdate-rhel-fedora.patch -Patch1: samba-4.19-fix-gpupdate-site-aware.patch - Requires(pre): %{name}-common = %{samba_depver} Requires: %{name}-common = %{samba_depver} Requires: %{name}-common-libs = %{samba_depver} @@ -1660,8 +1657,8 @@ fi %{_sbindir}/nmbd %{_sbindir}/smbd %if %{with dc} || %{with testsuite} -# This is only used by vfs_dfs_samba4 -%{_libdir}/samba/libdfs-server-ad-samba4.so +# This is only used by vfs_dfs_samba-private +%{_libdir}/samba/libdfs-server-ad-private-samba.so %endif %dir %{_libdir}/samba/auth %{_libdir}/samba/auth/unix.so @@ -1799,6 +1796,7 @@ fi %{_bindir}/smbspool %{_bindir}/smbtar %{_bindir}/smbtree +%{_bindir}/wspsearch %dir %{_libexecdir}/samba %ghost %{_libexecdir}/samba/cups_backend_smb %{_mandir}/man1/dbwrap_tool.1* @@ -1870,86 +1868,86 @@ fi %{_libdir}/libtevent-util.so.%{libtevent_util_so_version}* %dir %{_libdir}/samba -%{_libdir}/samba/libCHARSET3-samba4.so -%{_libdir}/samba/libMESSAGING-SEND-samba4.so -%{_libdir}/samba/libMESSAGING-samba4.so -%{_libdir}/samba/libaddns-samba4.so -%{_libdir}/samba/libads-samba4.so -%{_libdir}/samba/libasn1util-samba4.so -%{_libdir}/samba/libauth-samba4.so -%{_libdir}/samba/libauthkrb5-samba4.so -%{_libdir}/samba/libcli-cldap-samba4.so -%{_libdir}/samba/libcli-ldap-common-samba4.so -%{_libdir}/samba/libcli-ldap-samba4.so -%{_libdir}/samba/libcli-nbt-samba4.so -%{_libdir}/samba/libcli-smb-common-samba4.so -%{_libdir}/samba/libcli-spoolss-samba4.so -%{_libdir}/samba/libcliauth-samba4.so -%{_libdir}/samba/libclidns-samba4.so -%{_libdir}/samba/libcluster-samba4.so -%{_libdir}/samba/libcmdline-contexts-samba4.so -%{_libdir}/samba/libcommon-auth-samba4.so -%{_libdir}/samba/libctdb-event-client-samba4.so -%{_libdir}/samba/libdbwrap-samba4.so -%{_libdir}/samba/libdcerpc-pkt-auth-samba4.so -%{_libdir}/samba/libdcerpc-samba-samba4.so -%{_libdir}/samba/libevents-samba4.so -%{_libdir}/samba/libflag-mapping-samba4.so -%{_libdir}/samba/libgenrand-samba4.so -%{_libdir}/samba/libgensec-samba4.so -%{_libdir}/samba/libgpext-samba4.so -%{_libdir}/samba/libgpo-samba4.so -%{_libdir}/samba/libgse-samba4.so -%{_libdir}/samba/libhttp-samba4.so -%{_libdir}/samba/libinterfaces-samba4.so -%{_libdir}/samba/libiov-buf-samba4.so -%{_libdir}/samba/libkrb5samba-samba4.so -%{_libdir}/samba/libldbsamba-samba4.so -%{_libdir}/samba/liblibcli-lsa3-samba4.so -%{_libdir}/samba/liblibcli-netlogon3-samba4.so -%{_libdir}/samba/liblibsmb-samba4.so -%{_libdir}/samba/libmessages-dgm-samba4.so -%{_libdir}/samba/libmessages-util-samba4.so -%{_libdir}/samba/libmscat-samba4.so -%{_libdir}/samba/libmsghdr-samba4.so -%{_libdir}/samba/libmsrpc3-samba4.so -%{_libdir}/samba/libndr-samba-samba4.so -%{_libdir}/samba/libndr-samba4.so -%{_libdir}/samba/libnet-keytab-samba4.so -%{_libdir}/samba/libnetif-samba4.so -%{_libdir}/samba/libnpa-tstream-samba4.so -%{_libdir}/samba/libposix-eadb-samba4.so -%{_libdir}/samba/libprinter-driver-samba4.so -%{_libdir}/samba/libprinting-migrate-samba4.so -%{_libdir}/samba/libreplace-samba4.so -%{_libdir}/samba/libregistry-samba4.so -%{_libdir}/samba/libsamba-cluster-support-samba4.so -%{_libdir}/samba/libsamba-debug-samba4.so -%{_libdir}/samba/libsamba-modules-samba4.so -%{_libdir}/samba/libsamba-security-samba4.so -%{_libdir}/samba/libsamba-sockets-samba4.so -%{_libdir}/samba/libsamba3-util-samba4.so -%{_libdir}/samba/libsamdb-common-samba4.so -%{_libdir}/samba/libsecrets3-samba4.so -%{_libdir}/samba/libserver-id-db-samba4.so -%{_libdir}/samba/libserver-role-samba4.so -%{_libdir}/samba/libsmb-transport-samba4.so -%{_libdir}/samba/libsmbclient-raw-samba4.so -%{_libdir}/samba/libsmbd-base-samba4.so -%{_libdir}/samba/libsmbd-shim-samba4.so -%{_libdir}/samba/libsmbldaphelper-samba4.so -%{_libdir}/samba/libstable-sort-samba4.so -%{_libdir}/samba/libsys-rw-samba4.so -%{_libdir}/samba/libsocket-blocking-samba4.so -%{_libdir}/samba/libtalloc-report-printf-samba4.so -%{_libdir}/samba/libtalloc-report-samba4.so -%{_libdir}/samba/libtdb-wrap-samba4.so -%{_libdir}/samba/libtime-basic-samba4.so -%{_libdir}/samba/libtorture-samba4.so -%{_libdir}/samba/libtrusts-util-samba4.so -%{_libdir}/samba/libutil-reg-samba4.so -%{_libdir}/samba/libutil-setid-samba4.so -%{_libdir}/samba/libutil-tdb-samba4.so +%{_libdir}/samba/libCHARSET3-private-samba.so +%{_libdir}/samba/libMESSAGING-SEND-private-samba.so +%{_libdir}/samba/libMESSAGING-private-samba.so +%{_libdir}/samba/libaddns-private-samba.so +%{_libdir}/samba/libads-private-samba.so +%{_libdir}/samba/libasn1util-private-samba.so +%{_libdir}/samba/libauth-private-samba.so +%{_libdir}/samba/libauthkrb5-private-samba.so +%{_libdir}/samba/libcli-cldap-private-samba.so +%{_libdir}/samba/libcli-ldap-common-private-samba.so +%{_libdir}/samba/libcli-ldap-private-samba.so +%{_libdir}/samba/libcli-nbt-private-samba.so +%{_libdir}/samba/libcli-smb-common-private-samba.so +%{_libdir}/samba/libcli-spoolss-private-samba.so +%{_libdir}/samba/libcliauth-private-samba.so +%{_libdir}/samba/libclidns-private-samba.so +%{_libdir}/samba/libcluster-private-samba.so +%{_libdir}/samba/libcmdline-contexts-private-samba.so +%{_libdir}/samba/libcommon-auth-private-samba.so +%{_libdir}/samba/libctdb-event-client-private-samba.so +%{_libdir}/samba/libdbwrap-private-samba.so +%{_libdir}/samba/libdcerpc-pkt-auth-private-samba.so +%{_libdir}/samba/libdcerpc-samba-private-samba.so +%{_libdir}/samba/libevents-private-samba.so +%{_libdir}/samba/libflag-mapping-private-samba.so +%{_libdir}/samba/libgenrand-private-samba.so +%{_libdir}/samba/libgensec-private-samba.so +%{_libdir}/samba/libgpext-private-samba.so +%{_libdir}/samba/libgpo-private-samba.so +%{_libdir}/samba/libgse-private-samba.so +%{_libdir}/samba/libhttp-private-samba.so +%{_libdir}/samba/libinterfaces-private-samba.so +%{_libdir}/samba/libiov-buf-private-samba.so +%{_libdir}/samba/libkrb5samba-private-samba.so +%{_libdir}/samba/libldbsamba-private-samba.so +%{_libdir}/samba/liblibcli-lsa3-private-samba.so +%{_libdir}/samba/liblibcli-netlogon3-private-samba.so +%{_libdir}/samba/liblibsmb-private-samba.so +%{_libdir}/samba/libmessages-dgm-private-samba.so +%{_libdir}/samba/libmessages-util-private-samba.so +%{_libdir}/samba/libmscat-private-samba.so +%{_libdir}/samba/libmsghdr-private-samba.so +%{_libdir}/samba/libmsrpc3-private-samba.so +%{_libdir}/samba/libndr-samba-private-samba.so +%{_libdir}/samba/libndr-samba4-private-samba.so +%{_libdir}/samba/libnet-keytab-private-samba.so +%{_libdir}/samba/libnetif-private-samba.so +%{_libdir}/samba/libnpa-tstream-private-samba.so +%{_libdir}/samba/libposix-eadb-private-samba.so +%{_libdir}/samba/libprinter-driver-private-samba.so +%{_libdir}/samba/libprinting-migrate-private-samba.so +%{_libdir}/samba/libreplace-private-samba.so +%{_libdir}/samba/libregistry-private-samba.so +%{_libdir}/samba/libsamba-cluster-support-private-samba.so +%{_libdir}/samba/libsamba-debug-private-samba.so +%{_libdir}/samba/libsamba-modules-private-samba.so +%{_libdir}/samba/libsamba-security-private-samba.so +%{_libdir}/samba/libsamba-sockets-private-samba.so +%{_libdir}/samba/libsamba3-util-private-samba.so +%{_libdir}/samba/libsamdb-common-private-samba.so +%{_libdir}/samba/libsecrets3-private-samba.so +%{_libdir}/samba/libserver-id-db-private-samba.so +%{_libdir}/samba/libserver-role-private-samba.so +%{_libdir}/samba/libsmb-transport-private-samba.so +%{_libdir}/samba/libsmbclient-raw-private-samba.so +%{_libdir}/samba/libsmbd-base-private-samba.so +%{_libdir}/samba/libsmbd-shim-private-samba.so +%{_libdir}/samba/libsmbldaphelper-private-samba.so +%{_libdir}/samba/libstable-sort-private-samba.so +%{_libdir}/samba/libsys-rw-private-samba.so +%{_libdir}/samba/libsocket-blocking-private-samba.so +%{_libdir}/samba/libtalloc-report-printf-private-samba.so +%{_libdir}/samba/libtalloc-report-private-samba.so +%{_libdir}/samba/libtdb-wrap-private-samba.so +%{_libdir}/samba/libtime-basic-private-samba.so +%{_libdir}/samba/libtorture-private-samba.so +%{_libdir}/samba/libtrusts-util-private-samba.so +%{_libdir}/samba/libutil-reg-private-samba.so +%{_libdir}/samba/libutil-setid-private-samba.so +%{_libdir}/samba/libutil-tdb-private-samba.so %if %{without libwbclient} %{_libdir}/samba/libwbclient.so.* @@ -1964,9 +1962,9 @@ fi %if %{with includelibs} %{_libdir}/samba/libldb-*.so -%{_libdir}/samba/libtalloc-samba4.so -%{_libdir}/samba/libtdb-samba4.so -%{_libdir}/samba/libtevent-samba4.so +%{_libdir}/samba/libtalloc-private-samba.so +%{_libdir}/samba/libtdb-private-samba.so +%{_libdir}/samba/libtevent-private-samba.so %{_libdir}/samba/ldb/asq.so %{_libdir}/samba/ldb/ldb.so @@ -2009,7 +2007,7 @@ fi ### COMMON-LIBS %files common-libs # common libraries -%{_libdir}/samba/libcmdline-samba4.so +%{_libdir}/samba/libcmdline-private-samba.so %dir %{_libdir}/samba/ldb @@ -2054,6 +2052,7 @@ fi %endif %{_libexecdir}/samba/rpcd_spoolss %{_libexecdir}/samba/rpcd_winreg +%{_libexecdir}/samba/rpcd_witness %{_mandir}/man8/samba-dcerpcd.8* ### DC @@ -2139,16 +2138,16 @@ fi %endif ### DC-LIBS %files dc-libs -%{_libdir}/samba/libauth4-samba4.so +%{_libdir}/samba/libauth4-private-samba.so %if %{with dc} || %{with testsuite} -%{_libdir}/samba/libdb-glue-samba4.so -%{_libdir}/samba/libpac-samba4.so -%{_libdir}/samba/libprocess-model-samba4.so -%{_libdir}/samba/libservice-samba4.so +%{_libdir}/samba/libdb-glue-private-samba.so +%{_libdir}/samba/libpac-private-samba.so +%{_libdir}/samba/libprocess-model-private-samba.so +%{_libdir}/samba/libservice-private-samba.so %if %{with testsuite} -%{_libdir}/samba/libntvfs-samba4.so +%{_libdir}/samba/libntvfs-private-samba.so %endif %dir %{_libdir}/samba/process_model @@ -2174,11 +2173,11 @@ fi %endif %{_libdir}/libdcerpc-server.so.* -%{_libdir}/samba/libad-claims-samba4.so -%{_libdir}/samba/libauthn-policy-util-samba4.so -%{_libdir}/samba/libdsdb-module-samba4.so -%{_libdir}/samba/libdsdb-garbage-collect-tombstones-samba4.so -%{_libdir}/samba/libscavenge-dns-records-samba4.so +%{_libdir}/samba/libad-claims-private-samba.so +%{_libdir}/samba/libauthn-policy-util-private-samba.so +%{_libdir}/samba/libdsdb-module-private-samba.so +%{_libdir}/samba/libdsdb-garbage-collect-tombstones-private-samba.so +%{_libdir}/samba/libscavenge-dns-records-private-samba.so ### DC-BIND %files dc-bind-dlz @@ -2252,6 +2251,7 @@ fi %{_includedir}/samba-4.0/samba/version.h %{_includedir}/samba-4.0/share.h %{_includedir}/samba-4.0/smb2_lease_struct.h +%{_includedir}/samba-4.0/smb3posix.h %{_includedir}/samba-4.0/smbconf.h %{_includedir}/samba-4.0/smb_ldap.h %{_includedir}/samba-4.0/smbldap.h @@ -2365,16 +2365,16 @@ fi %files libs %{_libdir}/libdcerpc-samr.so.* -%{_libdir}/samba/libLIBWBCLIENT-OLD-samba4.so -%{_libdir}/samba/libauth-unix-token-samba4.so -%{_libdir}/samba/libdcerpc-samba4.so -%{_libdir}/samba/libdnsserver-common-samba4.so -%{_libdir}/samba/libshares-samba4.so -%{_libdir}/samba/libsmbpasswdparser-samba4.so -%{_libdir}/samba/libxattr-tdb-samba4.so -%{_libdir}/samba/libREG-FULL-samba4.so -%{_libdir}/samba/libRPC-SERVER-LOOP-samba4.so -%{_libdir}/samba/libRPC-WORKER-samba4.so +%{_libdir}/samba/libLIBWBCLIENT-OLD-private-samba.so +%{_libdir}/samba/libauth-unix-token-private-samba.so +%{_libdir}/samba/libdcerpc-samba4-private-samba.so +%{_libdir}/samba/libdnsserver-common-private-samba.so +%{_libdir}/samba/libshares-private-samba.so +%{_libdir}/samba/libsmbpasswdparser-private-samba.so +%{_libdir}/samba/libxattr-tdb-private-samba.so +%{_libdir}/samba/libREG-FULL-private-samba.so +%{_libdir}/samba/libRPC-SERVER-LOOP-private-samba.so +%{_libdir}/samba/libRPC-WORKER-private-samba.so ### LIBNETAPI %files -n libnetapi @@ -2474,6 +2474,7 @@ fi %{python3_sitearch}/samba/__pycache__/drs_utils.*.pyc %{python3_sitearch}/samba/__pycache__/functional_level.*.pyc %{python3_sitearch}/samba/__pycache__/getopt.*.pyc +%{python3_sitearch}/samba/__pycache__/gkdi.*.pyc %{python3_sitearch}/samba/__pycache__/graph.*.pyc %{python3_sitearch}/samba/__pycache__/hostconfig.*.pyc %{python3_sitearch}/samba/__pycache__/idmap.*.pyc @@ -2484,6 +2485,7 @@ fi %{python3_sitearch}/samba/__pycache__/ms_schema.*.pyc %{python3_sitearch}/samba/__pycache__/ndr.*.pyc %{python3_sitearch}/samba/__pycache__/ntacls.*.pyc +%{python3_sitearch}/samba/__pycache__/nt_time.*.pyc %{python3_sitearch}/samba/__pycache__/policies.*.pyc %{python3_sitearch}/samba/__pycache__/safe_tarfile.*.pyc %{python3_sitearch}/samba/__pycache__/sd_utils.*.pyc @@ -2512,6 +2514,7 @@ fi %{python3_sitearch}/samba/dcerpc/auth.*.so %{python3_sitearch}/samba/dcerpc/base.*.so %{python3_sitearch}/samba/dcerpc/claims.*.so +%{python3_sitearch}/samba/dcerpc/conditional_ace.*.so %{python3_sitearch}/samba/dcerpc/dcerpc.*.so %{python3_sitearch}/samba/dcerpc/dfs.*.so %{python3_sitearch}/samba/dcerpc/dns.*.so @@ -2520,6 +2523,8 @@ fi %{python3_sitearch}/samba/dcerpc/drsuapi.*.so %{python3_sitearch}/samba/dcerpc/echo.*.so %{python3_sitearch}/samba/dcerpc/epmapper.*.so +%{python3_sitearch}/samba/dcerpc/gkdi.*.so +%{python3_sitearch}/samba/dcerpc/gmsa.*.so %{python3_sitearch}/samba/dcerpc/idmap.*.so %{python3_sitearch}/samba/dcerpc/initshutdown.*.so %{python3_sitearch}/samba/dcerpc/irpc.*.so @@ -2538,6 +2543,8 @@ fi %{python3_sitearch}/samba/dcerpc/security.*.so %{python3_sitearch}/samba/dcerpc/server_id.*.so %{python3_sitearch}/samba/dcerpc/smb_acl.*.so +%{python3_sitearch}/samba/dcerpc/smb3posix.*.so +%{python3_sitearch}/samba/dcerpc/smbXsrv.*.so %{python3_sitearch}/samba/dcerpc/spoolss.*.so %{python3_sitearch}/samba/dcerpc/srvsvc.*.so %{python3_sitearch}/samba/dcerpc/svcctl.*.so @@ -2557,6 +2564,7 @@ fi %{python3_sitearch}/samba/functional_level.py %{python3_sitearch}/samba/gensec.*.so %{python3_sitearch}/samba/getopt.py +%{python3_sitearch}/samba/gkdi.py %{python3_sitearch}/samba/graph.py %{python3_sitearch}/samba/hostconfig.py %{python3_sitearch}/samba/idmap.py @@ -2583,6 +2591,7 @@ fi %{python3_sitearch}/samba/gp/__pycache__/gp_centrify_crontab_ext.*.pyc %{python3_sitearch}/samba/gp/__pycache__/gp_centrify_sudoers_ext.*.pyc %{python3_sitearch}/samba/gp/__pycache__/gp_cert_auto_enroll_ext.*.pyc +%{python3_sitearch}/samba/gp/__pycache__/gp_drive_maps_ext.*.pyc %{python3_sitearch}/samba/gp/__pycache__/gp_chromium_ext.*.pyc %{python3_sitearch}/samba/gp/__pycache__/gp_ext_loader.*.pyc %{python3_sitearch}/samba/gp/__pycache__/gp_firefox_ext.*.pyc @@ -2608,6 +2617,7 @@ fi %{python3_sitearch}/samba/gp/gp_centrify_crontab_ext.py %{python3_sitearch}/samba/gp/gp_centrify_sudoers_ext.py %{python3_sitearch}/samba/gp/gp_cert_auto_enroll_ext.py +%{python3_sitearch}/samba/gp/gp_drive_maps_ext.py %{python3_sitearch}/samba/gp/gp_chromium_ext.py %{python3_sitearch}/samba/gp/gp_ext_loader.py %{python3_sitearch}/samba/gp/gp_firefox_ext.py @@ -2642,6 +2652,7 @@ fi %{python3_sitearch}/samba/gp_parse/gp_inf.py %{python3_sitearch}/samba/gp_parse/gp_ini.py %{python3_sitearch}/samba/gp_parse/gp_pol.py +%{python3_sitearch}/samba/hresult.*.so %{python3_sitearch}/samba/logger.py %{python3_sitearch}/samba/mdb_util.py %{python3_sitearch}/samba/ms_display_specifiers.py @@ -2673,11 +2684,11 @@ fi %{python3_sitearch}/samba/netcmd/__pycache__/processes.*.pyc %{python3_sitearch}/samba/netcmd/__pycache__/pso.*.pyc %{python3_sitearch}/samba/netcmd/__pycache__/rodc.*.pyc +%{python3_sitearch}/samba/netcmd/__pycache__/shell.*.pyc %{python3_sitearch}/samba/netcmd/__pycache__/schema.*.pyc %{python3_sitearch}/samba/netcmd/__pycache__/sites.*.pyc %{python3_sitearch}/samba/netcmd/__pycache__/spn.*.pyc %{python3_sitearch}/samba/netcmd/__pycache__/testparm.*.pyc -%{python3_sitearch}/samba/netcmd/__pycache__/user.*.pyc %{python3_sitearch}/samba/netcmd/__pycache__/validators.*.pyc %{python3_sitearch}/samba/netcmd/__pycache__/visualize.*.pyc %{python3_sitearch}/samba/netcmd/common.py @@ -2744,7 +2755,9 @@ fi %{python3_sitearch}/samba/netcmd/domain/models/__pycache__/claim_type.*.pyc %{python3_sitearch}/samba/netcmd/domain/models/__pycache__/exceptions.*.pyc %{python3_sitearch}/samba/netcmd/domain/models/__pycache__/fields.*.pyc +%{python3_sitearch}/samba/netcmd/domain/models/__pycache__/group.*.pyc %{python3_sitearch}/samba/netcmd/domain/models/__pycache__/model.*.pyc +%{python3_sitearch}/samba/netcmd/domain/models/__pycache__/query.*.pyc %{python3_sitearch}/samba/netcmd/domain/models/__pycache__/schema.*.pyc %{python3_sitearch}/samba/netcmd/domain/models/__pycache__/site.*.pyc %{python3_sitearch}/samba/netcmd/domain/models/__pycache__/subnet.*.pyc @@ -2755,7 +2768,9 @@ fi %{python3_sitearch}/samba/netcmd/domain/models/claim_type.py %{python3_sitearch}/samba/netcmd/domain/models/exceptions.py %{python3_sitearch}/samba/netcmd/domain/models/fields.py +%{python3_sitearch}/samba/netcmd/domain/models/group.py %{python3_sitearch}/samba/netcmd/domain/models/model.py +%{python3_sitearch}/samba/netcmd/domain/models/query.py %{python3_sitearch}/samba/netcmd/domain/models/schema.py %{python3_sitearch}/samba/netcmd/domain/models/site.py %{python3_sitearch}/samba/netcmd/domain/models/subnet.py @@ -2785,13 +2800,72 @@ fi %{python3_sitearch}/samba/netcmd/pso.py %{python3_sitearch}/samba/netcmd/rodc.py %{python3_sitearch}/samba/netcmd/schema.py +%{python3_sitearch}/samba/netcmd/shell.py %{python3_sitearch}/samba/netcmd/sites.py %{python3_sitearch}/samba/netcmd/spn.py %{python3_sitearch}/samba/netcmd/testparm.py -%{python3_sitearch}/samba/netcmd/user.py +%dir %{python3_sitearch}/samba/netcmd/user +%{python3_sitearch}/samba/netcmd/user/__init__.py +%{python3_sitearch}/samba/netcmd/user/add.py +%{python3_sitearch}/samba/netcmd/user/add_unix_attrs.py +%dir %{python3_sitearch}/samba/netcmd/user/auth +%{python3_sitearch}/samba/netcmd/user/auth/__init__.py +%{python3_sitearch}/samba/netcmd/user/auth/policy.py +%dir %{python3_sitearch}/samba/netcmd/user/auth/__pycache__ +%{python3_sitearch}/samba/netcmd/user/auth/__pycache__/__init__.*.pyc +%{python3_sitearch}/samba/netcmd/user/auth/__pycache__/policy.*.pyc +%{python3_sitearch}/samba/netcmd/user/auth/__pycache__/silo.*.pyc +%{python3_sitearch}/samba/netcmd/user/auth/silo.py +%{python3_sitearch}/samba/netcmd/user/delete.py +%{python3_sitearch}/samba/netcmd/user/disable.py +%{python3_sitearch}/samba/netcmd/user/edit.py +%{python3_sitearch}/samba/netcmd/user/enable.py +%{python3_sitearch}/samba/netcmd/user/getgroups.py +%{python3_sitearch}/samba/netcmd/user/list.py +%{python3_sitearch}/samba/netcmd/user/move.py +%{python3_sitearch}/samba/netcmd/user/password.py +%dir %{python3_sitearch}/samba/netcmd/user/__pycache__ +%{python3_sitearch}/samba/netcmd/user/__pycache__/__init__.*.pyc +%{python3_sitearch}/samba/netcmd/user/__pycache__/add.*.pyc +%{python3_sitearch}/samba/netcmd/user/__pycache__/add_unix_attrs.*.pyc +%{python3_sitearch}/samba/netcmd/user/__pycache__/delete.*.pyc +%{python3_sitearch}/samba/netcmd/user/__pycache__/disable.*.pyc +%{python3_sitearch}/samba/netcmd/user/__pycache__/edit.*.pyc +%{python3_sitearch}/samba/netcmd/user/__pycache__/enable.*.pyc +%{python3_sitearch}/samba/netcmd/user/__pycache__/getgroups.*.pyc +%{python3_sitearch}/samba/netcmd/user/__pycache__/list.*.pyc +%{python3_sitearch}/samba/netcmd/user/__pycache__/move.*.pyc +%{python3_sitearch}/samba/netcmd/user/__pycache__/password.*.pyc +%{python3_sitearch}/samba/netcmd/user/__pycache__/rename.*.pyc +%{python3_sitearch}/samba/netcmd/user/__pycache__/sensitive.*.pyc +%{python3_sitearch}/samba/netcmd/user/__pycache__/setexpiry.*.pyc +%{python3_sitearch}/samba/netcmd/user/__pycache__/setpassword.*.pyc +%{python3_sitearch}/samba/netcmd/user/__pycache__/setprimarygroup.*.pyc +%{python3_sitearch}/samba/netcmd/user/__pycache__/unlock.*.pyc +%dir %{python3_sitearch}/samba/netcmd/user/readpasswords +%{python3_sitearch}/samba/netcmd/user/readpasswords/common.py +%{python3_sitearch}/samba/netcmd/user/readpasswords/get_kerberos_ticket.py +%{python3_sitearch}/samba/netcmd/user/readpasswords/getpassword.py +%{python3_sitearch}/samba/netcmd/user/readpasswords/__init__.py +%dir %{python3_sitearch}/samba/netcmd/user/readpasswords/__pycache__ +%{python3_sitearch}/samba/netcmd/user/readpasswords/__pycache__/__init__.*.pyc +%{python3_sitearch}/samba/netcmd/user/readpasswords/__pycache__/common.*.pyc +%{python3_sitearch}/samba/netcmd/user/readpasswords/__pycache__/get_kerberos_ticket.*.pyc +%{python3_sitearch}/samba/netcmd/user/readpasswords/__pycache__/getpassword.*.pyc +%{python3_sitearch}/samba/netcmd/user/readpasswords/__pycache__/show.*.pyc +%{python3_sitearch}/samba/netcmd/user/readpasswords/__pycache__/syncpasswords.*.pyc +%{python3_sitearch}/samba/netcmd/user/readpasswords/show.py +%{python3_sitearch}/samba/netcmd/user/readpasswords/syncpasswords.py +%{python3_sitearch}/samba/netcmd/user/rename.py +%{python3_sitearch}/samba/netcmd/user/sensitive.py +%{python3_sitearch}/samba/netcmd/user/setexpiry.py +%{python3_sitearch}/samba/netcmd/user/setpassword.py +%{python3_sitearch}/samba/netcmd/user/setprimarygroup.py +%{python3_sitearch}/samba/netcmd/user/unlock.py %{python3_sitearch}/samba/netcmd/validators.py %{python3_sitearch}/samba/netcmd/visualize.py %{python3_sitearch}/samba/ntacls.py +%{python3_sitearch}/samba/nt_time.py %{python3_sitearch}/samba/param.*.so %{python3_sitearch}/samba/policies.py %{python3_sitearch}/samba/policy.*.so @@ -2933,6 +3007,9 @@ fi %{python3_sitearch}/samba/tests/__pycache__/common.*.pyc %{python3_sitearch}/samba/tests/__pycache__/complex_expressions.*.pyc %{python3_sitearch}/samba/tests/__pycache__/compression.*.pyc +%{python3_sitearch}/samba/tests/__pycache__/conditional_ace_assembler.*.pyc +%{python3_sitearch}/samba/tests/__pycache__/conditional_ace_bytes.*.pyc +%{python3_sitearch}/samba/tests/__pycache__/conditional_ace_claims.*.pyc %{python3_sitearch}/samba/tests/__pycache__/core.*.pyc %{python3_sitearch}/samba/tests/__pycache__/credentials.*.pyc %{python3_sitearch}/samba/tests/__pycache__/cred_opt.*.pyc @@ -2957,6 +3034,7 @@ fi %{python3_sitearch}/samba/tests/__pycache__/gensec.*.pyc %{python3_sitearch}/samba/tests/__pycache__/get_opt.*.pyc %{python3_sitearch}/samba/tests/__pycache__/getdcname.*.pyc +%{python3_sitearch}/samba/tests/__pycache__/gkdi.*.pyc %{python3_sitearch}/samba/tests/__pycache__/glue.*.pyc %{python3_sitearch}/samba/tests/__pycache__/gpo.*.pyc %{python3_sitearch}/samba/tests/__pycache__/gpo_member.*.pyc @@ -2977,7 +3055,6 @@ fi %{python3_sitearch}/samba/tests/__pycache__/libsmb-basic.*.pyc %{python3_sitearch}/samba/tests/__pycache__/lsa_string.*.pyc %{python3_sitearch}/samba/tests/__pycache__/messaging.*.pyc -%{python3_sitearch}/samba/tests/__pycache__/ndr.*.pyc %{python3_sitearch}/samba/tests/__pycache__/netbios.*.pyc %{python3_sitearch}/samba/tests/__pycache__/netcmd.*.pyc %{python3_sitearch}/samba/tests/__pycache__/net_join_no_spnego.*.pyc @@ -3023,7 +3100,9 @@ fi %{python3_sitearch}/samba/tests/__pycache__/samdb.*.pyc %{python3_sitearch}/samba/tests/__pycache__/samdb_api.*.pyc %{python3_sitearch}/samba/tests/__pycache__/sddl.*.pyc +%{python3_sitearch}/samba/tests/__pycache__/sddl_conditional_ace.*.pyc %{python3_sitearch}/samba/tests/__pycache__/security.*.pyc +%{python3_sitearch}/samba/tests/__pycache__/security_descriptors.*.pyc %{python3_sitearch}/samba/tests/__pycache__/segfault.*.pyc %{python3_sitearch}/samba/tests/__pycache__/sid_strings.*.pyc %{python3_sitearch}/samba/tests/__pycache__/smb.*.pyc @@ -3039,6 +3118,7 @@ fi %{python3_sitearch}/samba/tests/__pycache__/strings.*.pyc %{python3_sitearch}/samba/tests/__pycache__/subunitrun.*.pyc %{python3_sitearch}/samba/tests/__pycache__/tdb_util.*.pyc +%{python3_sitearch}/samba/tests/__pycache__/token_factory.*.pyc %{python3_sitearch}/samba/tests/__pycache__/upgrade.*.pyc %{python3_sitearch}/samba/tests/__pycache__/upgradeprovision.*.pyc %{python3_sitearch}/samba/tests/__pycache__/upgradeprovisionneeddc.*.pyc @@ -3062,16 +3142,19 @@ fi %{python3_sitearch}/samba/tests/blackbox/__pycache__/__init__.*.pyc %{python3_sitearch}/samba/tests/blackbox/__pycache__/bug13653.*.pyc %{python3_sitearch}/samba/tests/blackbox/__pycache__/check_output.*.pyc +%{python3_sitearch}/samba/tests/blackbox/__pycache__/claims.*.pyc %{python3_sitearch}/samba/tests/blackbox/__pycache__/downgradedatabase.*.pyc %{python3_sitearch}/samba/tests/blackbox/__pycache__/mdsearch.*.pyc %{python3_sitearch}/samba/tests/blackbox/__pycache__/ndrdump.*.pyc %{python3_sitearch}/samba/tests/blackbox/__pycache__/netads_dns.*.pyc %{python3_sitearch}/samba/tests/blackbox/__pycache__/netads_json.*.pyc +%{python3_sitearch}/samba/tests/blackbox/__pycache__/rpcd_witness_samba_only.*.pyc %{python3_sitearch}/samba/tests/blackbox/__pycache__/samba_dnsupdate.*.pyc %{python3_sitearch}/samba/tests/blackbox/__pycache__/smbcacls.*.pyc %{python3_sitearch}/samba/tests/blackbox/__pycache__/smbcacls_basic.*.pyc %{python3_sitearch}/samba/tests/blackbox/__pycache__/smbcacls_dfs_propagate_inherit.*.pyc %{python3_sitearch}/samba/tests/blackbox/__pycache__/smbcacls_propagate_inhertance.*.pyc +%{python3_sitearch}/samba/tests/blackbox/__pycache__/smbcacls_save_restore.*.pyc %{python3_sitearch}/samba/tests/blackbox/__pycache__/smbcontrol.*.pyc %{python3_sitearch}/samba/tests/blackbox/__pycache__/smbcontrol_process.*.pyc %{python3_sitearch}/samba/tests/blackbox/__pycache__/traffic_learner.*.pyc @@ -3079,16 +3162,19 @@ fi %{python3_sitearch}/samba/tests/blackbox/__pycache__/traffic_summary.*.pyc %{python3_sitearch}/samba/tests/blackbox/bug13653.py %{python3_sitearch}/samba/tests/blackbox/check_output.py +%{python3_sitearch}/samba/tests/blackbox/claims.py %{python3_sitearch}/samba/tests/blackbox/downgradedatabase.py %{python3_sitearch}/samba/tests/blackbox/mdsearch.py %{python3_sitearch}/samba/tests/blackbox/ndrdump.py %{python3_sitearch}/samba/tests/blackbox/netads_dns.py %{python3_sitearch}/samba/tests/blackbox/netads_json.py +%{python3_sitearch}/samba/tests/blackbox/rpcd_witness_samba_only.py %{python3_sitearch}/samba/tests/blackbox/samba_dnsupdate.py %{python3_sitearch}/samba/tests/blackbox/smbcacls.py %{python3_sitearch}/samba/tests/blackbox/smbcacls_basic.py %{python3_sitearch}/samba/tests/blackbox/smbcacls_dfs_propagate_inherit.py %{python3_sitearch}/samba/tests/blackbox/smbcacls_propagate_inhertance.py +%{python3_sitearch}/samba/tests/blackbox/smbcacls_save_restore.py %{python3_sitearch}/samba/tests/blackbox/smbcontrol.py %{python3_sitearch}/samba/tests/blackbox/smbcontrol_process.py %{python3_sitearch}/samba/tests/blackbox/traffic_learner.py @@ -3097,6 +3183,9 @@ fi %{python3_sitearch}/samba/tests/common.py %{python3_sitearch}/samba/tests/compression.py %{python3_sitearch}/samba/tests/complex_expressions.py +%{python3_sitearch}/samba/tests/conditional_ace_assembler.py +%{python3_sitearch}/samba/tests/conditional_ace_bytes.py +%{python3_sitearch}/samba/tests/conditional_ace_claims.py %{python3_sitearch}/samba/tests/core.py %{python3_sitearch}/samba/tests/credentials.py %{python3_sitearch}/samba/tests/cred_opt.py @@ -3176,6 +3265,7 @@ fi %{python3_sitearch}/samba/tests/gensec.py %{python3_sitearch}/samba/tests/getdcname.py %{python3_sitearch}/samba/tests/get_opt.py +%{python3_sitearch}/samba/tests/gkdi.py %{python3_sitearch}/samba/tests/glue.py %{python3_sitearch}/samba/tests/gpo.py %{python3_sitearch}/samba/tests/gpo_member.py @@ -3205,14 +3295,17 @@ fi %{python3_sitearch}/samba/tests/krb5/__pycache__/claims_in_pac.*.pyc %{python3_sitearch}/samba/tests/krb5/__pycache__/claims_tests.*.pyc %{python3_sitearch}/samba/tests/krb5/__pycache__/compatability_tests.*.pyc +%{python3_sitearch}/samba/tests/krb5/__pycache__/conditional_ace_tests.*.pyc %{python3_sitearch}/samba/tests/krb5/__pycache__/device_tests.*.pyc %{python3_sitearch}/samba/tests/krb5/__pycache__/etype_tests.*.pyc %{python3_sitearch}/samba/tests/krb5/__pycache__/fast_tests.*.pyc +%{python3_sitearch}/samba/tests/krb5/__pycache__/gkdi_tests.*.pyc %{python3_sitearch}/samba/tests/krb5/__pycache__/group_tests.*.pyc %{python3_sitearch}/samba/tests/krb5/__pycache__/kcrypto.*.pyc %{python3_sitearch}/samba/tests/krb5/__pycache__/kdc_base_test.*.pyc %{python3_sitearch}/samba/tests/krb5/__pycache__/kdc_tests.*.pyc %{python3_sitearch}/samba/tests/krb5/__pycache__/kdc_tgs_tests.*.pyc +%{python3_sitearch}/samba/tests/krb5/__pycache__/kdc_tgt_tests.*.pyc %{python3_sitearch}/samba/tests/krb5/__pycache__/kpasswd_tests.*.pyc %{python3_sitearch}/samba/tests/krb5/__pycache__/lockout_tests.*.pyc %{python3_sitearch}/samba/tests/krb5/__pycache__/ms_kile_client_principal_lookup_tests.*.pyc @@ -3223,6 +3316,7 @@ fi %{python3_sitearch}/samba/tests/krb5/__pycache__/raw_testcase.*.pyc %{python3_sitearch}/samba/tests/krb5/__pycache__/rfc4120_constants.*.pyc %{python3_sitearch}/samba/tests/krb5/__pycache__/rfc4120_pyasn1.*.pyc +%{python3_sitearch}/samba/tests/krb5/__pycache__/rfc4120_pyasn1_generated.*.pyc %{python3_sitearch}/samba/tests/krb5/__pycache__/rodc_tests.*.pyc %{python3_sitearch}/samba/tests/krb5/__pycache__/simple_tests.*.pyc %{python3_sitearch}/samba/tests/krb5/__pycache__/s4u_tests.*.pyc @@ -3242,14 +3336,17 @@ fi %{python3_sitearch}/samba/tests/krb5/claims_in_pac.py %{python3_sitearch}/samba/tests/krb5/claims_tests.py %{python3_sitearch}/samba/tests/krb5/compatability_tests.py +%{python3_sitearch}/samba/tests/krb5/conditional_ace_tests.py %{python3_sitearch}/samba/tests/krb5/device_tests.py %{python3_sitearch}/samba/tests/krb5/etype_tests.py %{python3_sitearch}/samba/tests/krb5/fast_tests.py +%{python3_sitearch}/samba/tests/krb5/gkdi_tests.py %{python3_sitearch}/samba/tests/krb5/group_tests.py %{python3_sitearch}/samba/tests/krb5/kcrypto.py %{python3_sitearch}/samba/tests/krb5/kdc_base_test.py %{python3_sitearch}/samba/tests/krb5/kdc_tests.py %{python3_sitearch}/samba/tests/krb5/kdc_tgs_tests.py +%{python3_sitearch}/samba/tests/krb5/kdc_tgt_tests.py %{python3_sitearch}/samba/tests/krb5/kpasswd_tests.py %{python3_sitearch}/samba/tests/krb5/lockout_tests.py %{python3_sitearch}/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py @@ -3260,6 +3357,7 @@ fi %{python3_sitearch}/samba/tests/krb5/raw_testcase.py %{python3_sitearch}/samba/tests/krb5/rfc4120_constants.py %{python3_sitearch}/samba/tests/krb5/rfc4120_pyasn1.py +%{python3_sitearch}/samba/tests/krb5/rfc4120_pyasn1_generated.py %{python3_sitearch}/samba/tests/krb5/rodc_tests.py %{python3_sitearch}/samba/tests/krb5/simple_tests.py %{python3_sitearch}/samba/tests/krb5/test_idmap_nss.py @@ -3284,7 +3382,14 @@ fi %{python3_sitearch}/samba/tests/logfiles.py %{python3_sitearch}/samba/tests/lsa_string.py %{python3_sitearch}/samba/tests/messaging.py -%{python3_sitearch}/samba/tests/ndr.py +%dir %{python3_sitearch}/samba/tests/ndr +%{python3_sitearch}/samba/tests/ndr/gkdi.py +%{python3_sitearch}/samba/tests/ndr/gmsa.py +%dir %{python3_sitearch}/samba/tests/ndr/__pycache__ +%{python3_sitearch}/samba/tests/ndr/__pycache__/gkdi.*.pyc +%{python3_sitearch}/samba/tests/ndr/__pycache__/gmsa.*.pyc +%{python3_sitearch}/samba/tests/ndr/__pycache__/wbint.*.pyc +%{python3_sitearch}/samba/tests/ndr/wbint.py %{python3_sitearch}/samba/tests/netbios.py %{python3_sitearch}/samba/tests/netcmd.py %{python3_sitearch}/samba/tests/net_join_no_spnego.py @@ -3336,7 +3441,6 @@ fi %{python3_sitearch}/samba/tests/samba_tool/__pycache__/contact.*.pyc %{python3_sitearch}/samba/tests/samba_tool/__pycache__/demote.*.pyc %{python3_sitearch}/samba/tests/samba_tool/__pycache__/dnscmd.*.pyc -%{python3_sitearch}/samba/tests/samba_tool/__pycache__/domain_auth_base.*.pyc %{python3_sitearch}/samba/tests/samba_tool/__pycache__/domain_auth_policy.*.pyc %{python3_sitearch}/samba/tests/samba_tool/__pycache__/domain_auth_silo.*.pyc %{python3_sitearch}/samba/tests/samba_tool/__pycache__/domain_claim.*.pyc @@ -3362,10 +3466,15 @@ fi %{python3_sitearch}/samba/tests/samba_tool/__pycache__/provision_userPassword_crypt.*.pyc %{python3_sitearch}/samba/tests/samba_tool/__pycache__/rodc.*.pyc %{python3_sitearch}/samba/tests/samba_tool/__pycache__/schema.*.pyc +%{python3_sitearch}/samba/tests/samba_tool/__pycache__/silo_base.*.pyc %{python3_sitearch}/samba/tests/samba_tool/__pycache__/sites.*.pyc %{python3_sitearch}/samba/tests/samba_tool/__pycache__/timecmd.*.pyc %{python3_sitearch}/samba/tests/samba_tool/__pycache__/user.*.pyc +%{python3_sitearch}/samba/tests/samba_tool/__pycache__/user_auth_policy.*.pyc +%{python3_sitearch}/samba/tests/samba_tool/__pycache__/user_auth_silo.*.pyc %{python3_sitearch}/samba/tests/samba_tool/__pycache__/user_check_password_script.*.pyc +%{python3_sitearch}/samba/tests/samba_tool/__pycache__/user_get_kerberos_ticket.*.pyc +%{python3_sitearch}/samba/tests/samba_tool/__pycache__/user_getpassword_gmsa.*.pyc %{python3_sitearch}/samba/tests/samba_tool/__pycache__/user_virtualCryptSHA.*.pyc %{python3_sitearch}/samba/tests/samba_tool/__pycache__/user_virtualCryptSHA_base.*.pyc %{python3_sitearch}/samba/tests/samba_tool/__pycache__/user_virtualCryptSHA_gpg.*.pyc @@ -3378,7 +3487,6 @@ fi %{python3_sitearch}/samba/tests/samba_tool/contact.py %{python3_sitearch}/samba/tests/samba_tool/demote.py %{python3_sitearch}/samba/tests/samba_tool/dnscmd.py -%{python3_sitearch}/samba/tests/samba_tool/domain_auth_base.py %{python3_sitearch}/samba/tests/samba_tool/domain_auth_policy.py %{python3_sitearch}/samba/tests/samba_tool/domain_auth_silo.py %{python3_sitearch}/samba/tests/samba_tool/domain_claim.py @@ -3404,10 +3512,15 @@ fi %{python3_sitearch}/samba/tests/samba_tool/provision_userPassword_crypt.py %{python3_sitearch}/samba/tests/samba_tool/rodc.py %{python3_sitearch}/samba/tests/samba_tool/schema.py +%{python3_sitearch}/samba/tests/samba_tool/silo_base.py %{python3_sitearch}/samba/tests/samba_tool/sites.py %{python3_sitearch}/samba/tests/samba_tool/timecmd.py %{python3_sitearch}/samba/tests/samba_tool/user.py +%{python3_sitearch}/samba/tests/samba_tool/user_auth_policy.py +%{python3_sitearch}/samba/tests/samba_tool/user_auth_silo.py %{python3_sitearch}/samba/tests/samba_tool/user_check_password_script.py +%{python3_sitearch}/samba/tests/samba_tool/user_get_kerberos_ticket.py +%{python3_sitearch}/samba/tests/samba_tool/user_getpassword_gmsa.py %{python3_sitearch}/samba/tests/samba_tool/user_virtualCryptSHA.py %{python3_sitearch}/samba/tests/samba_tool/user_virtualCryptSHA_base.py %{python3_sitearch}/samba/tests/samba_tool/user_virtualCryptSHA_gpg.py @@ -3418,7 +3531,9 @@ fi %{python3_sitearch}/samba/tests/samdb.py %{python3_sitearch}/samba/tests/samdb_api.py %{python3_sitearch}/samba/tests/sddl.py +%{python3_sitearch}/samba/tests/sddl_conditional_ace.py %{python3_sitearch}/samba/tests/security.py +%{python3_sitearch}/samba/tests/security_descriptors.py %{python3_sitearch}/samba/tests/segfault.py %{python3_sitearch}/samba/tests/sid_strings.py %{python3_sitearch}/samba/tests/smb.py @@ -3434,6 +3549,7 @@ fi %{python3_sitearch}/samba/tests/strings.py %{python3_sitearch}/samba/tests/subunitrun.py %{python3_sitearch}/samba/tests/tdb_util.py +%{python3_sitearch}/samba/tests/token_factory.py %{python3_sitearch}/samba/tests/upgrade.py %{python3_sitearch}/samba/tests/upgradeprovision.py %{python3_sitearch}/samba/tests/upgradeprovisionneeddc.py @@ -3464,9 +3580,9 @@ fi ### TEST-LIBS %files test-libs %if %{with dc} || %{with testsuite} -%{_libdir}/samba/libdlz-bind9-for-torture-samba4.so +%{_libdir}/samba/libdlz-bind9-for-torture-private-samba.so %else -%{_libdir}/samba/libdsdb-module-samba4.so +%{_libdir}/samba/libdsdb-module-private-samba.so %endif ### USERSHARES @@ -3479,8 +3595,8 @@ fi %files winbind %{_libdir}/samba/idmap %{_libdir}/samba/nss_info -%{_libdir}/samba/libnss-info-samba4.so -%{_libdir}/samba/libidmap-samba4.so +%{_libdir}/samba/libnss-info-private-samba.so +%{_libdir}/samba/libidmap-private-samba.so %{_sbindir}/winbindd %{_sysusersdir}/samba-winbind.conf %attr(750,root,wbpriv) %dir /var/lib/samba/winbindd_privileged @@ -4471,6 +4587,9 @@ fi %endif %changelog +* Mon Jan 29 2024 Guenther Deschner - 4.20.0rc1-1 +- resolves: #2260895 - Update to version 4.20.0rc1 + * Sat Jan 27 2024 Fedora Release Engineering - 2:4.19.4-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild diff --git a/sources b/sources index ed14bdd..a412569 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (samba-4.19.4.tar.xz) = 3d2899e4a3b8bcb77befc29c4af66d3ac858b7f7a0dbbb66a8bc210cd88d9cde3e11361334a5cce650318473134ec8b134148bfa4af4d51f555de33eff395029 -SHA512 (samba-4.19.4.tar.asc) = 11bc51407d1464339817d7568f5d5bb059c19a05b49c6a1307d7425d289acb617ecd3e633e3736bdaa94947a7b3630d6cdb7ed6fe59d52556234c549eca8172a +SHA512 (samba-4.20.0rc1.tar.xz) = aec30327572403ab1a8fccd0e702da3939e57120a99dfadfb0b81cf997abf40a004dd682da81ea7284909e7e321db2ead6c397d654b2cff853dc9758ba5bbd52 +SHA512 (samba-4.20.0rc1.tar.asc) = 15e5c4be7eca42ffff0d3b98ab73e57b0a095f43848907a46c16a238c4a1d0d634f6a8cfb0d9c012fd7aa53052b9cdcbba19293a5d75d37f58da9f8b185ea615