Compare commits
No commits in common. "c8" and "c8s" have entirely different histories.
|
@ -1,2 +1,18 @@
|
||||||
SOURCES/samba-4.19.4.tar.xz
|
SOURCES/samba-4.17.5.tar.xz
|
||||||
SOURCES/samba-pubkey_AA99442FB680B620.gpg
|
/samba-4.17.5.tar.xz
|
||||||
|
/samba-4.18.2.tar.asc
|
||||||
|
/samba-4.18.2.tar.xz
|
||||||
|
/samba-4.18.3.tar.asc
|
||||||
|
/samba-4.18.3.tar.xz
|
||||||
|
/samba-4.18.4.tar.asc
|
||||||
|
/samba-4.18.4.tar.xz
|
||||||
|
/samba-4.18.5.tar.asc
|
||||||
|
/samba-4.18.5.tar.xz
|
||||||
|
/samba-4.18.6.tar.xz
|
||||||
|
/samba-4.18.6.tar.asc
|
||||||
|
/samba-4.19.2.tar.asc
|
||||||
|
/samba-4.19.2.tar.xz
|
||||||
|
/samba-4.19.3.tar.asc
|
||||||
|
/samba-4.19.3.tar.xz
|
||||||
|
/samba-4.19.4.tar.asc
|
||||||
|
/samba-4.19.4.tar.xz
|
||||||
|
|
|
@ -0,0 +1,186 @@
|
||||||
|
Samba is a free SMB and CIFS client and server and Domain Controller for UNIX
|
||||||
|
and other operating systems. It is maintained by the Samba Team, who support the
|
||||||
|
original author, Andrew Tridgell.
|
||||||
|
|
||||||
|
This software is freely distributable under the GNU public license, a copy of
|
||||||
|
which you should have received with this software (in a file called COPYING).
|
||||||
|
|
||||||
|
# WHAT IS SMB/CIFS?
|
||||||
|
This is a big question.
|
||||||
|
|
||||||
|
The very short answer is that it is the protocol by which a lot of PC-related
|
||||||
|
machines share files and printers and other information such as lists of
|
||||||
|
available files and printers. Operating systems that support this natively
|
||||||
|
include Windows 9x, Windows NT (and derivatives), OS/2, Mac OS X and Linux. Add
|
||||||
|
on packages that achieve the same thing are available for DOS, Windows 3.1, VMS,
|
||||||
|
Unix of all kinds, MVS, and more. Some Web Browsers can speak this protocol as
|
||||||
|
well (smb://). Alternatives to SMB include Netware, NFS, Appletalk, Banyan
|
||||||
|
Vines, Decnet etc; many of these have advantages but none are both public
|
||||||
|
specifications and widely implemented in desktop machines by default.
|
||||||
|
|
||||||
|
The Common Internet File system (CIFS) is what the new SMB initiative is called.
|
||||||
|
For details watch [here](https://samba.org/cifs)
|
||||||
|
|
||||||
|
# WHY DO PEOPLE WANT TO USE SMB?
|
||||||
|
* Many people want to integrate their Microsoft desktop clients with their Unix
|
||||||
|
servers.
|
||||||
|
|
||||||
|
* Others want to integrate their Microsoft (etc) servers with Unix servers. This
|
||||||
|
is a different problem to integrating desktop clients.
|
||||||
|
|
||||||
|
* Others want to replace protocols like NFS, DecNet and Novell NCP, especially
|
||||||
|
when used with PCs.
|
||||||
|
|
||||||
|
# WHAT CAN SAMBA DO?
|
||||||
|
Please refer to the WHATSNEW.txt included with this README for a list of
|
||||||
|
features in the latest Samba release.
|
||||||
|
|
||||||
|
Here is a very short list of what samba includes, and what it does. For many
|
||||||
|
networks this can be simply summarized by "Samba provides a complete replacement
|
||||||
|
for Windows NT, Warp, NFS or Netware servers."
|
||||||
|
* a SMB server, to provide Windows NT and LAN Manager-style file and print
|
||||||
|
services to SMB clients such as Windows 95, Warp Server, smbfs and others.
|
||||||
|
|
||||||
|
* a Windows Domain Controller (NT4 and AD) replacement.
|
||||||
|
|
||||||
|
* a file/print server that can act as a member of a Windows NT 4.0 or Active
|
||||||
|
Directory domain.
|
||||||
|
|
||||||
|
* a NetBIOS (rfc1001/1002) nameserver, which amongst other things gives browsing
|
||||||
|
support. Samba can be the master browser on your LAN if you wish.
|
||||||
|
|
||||||
|
* a ftp-like SMB client so you can access PC resources (disks and printers) from
|
||||||
|
UNIX, Netware, and other operating systems
|
||||||
|
|
||||||
|
* a tar extension to the client for backing up PCs
|
||||||
|
|
||||||
|
* limited command-line tool that supports some of the NT administrative
|
||||||
|
functionality, which can be used on Samba, NT workstation and NT server.
|
||||||
|
|
||||||
|
For a much better overview have a look at the [web site](http://samba.org/samba)
|
||||||
|
and browse the user survey.
|
||||||
|
|
||||||
|
#### Related packages include:
|
||||||
|
* cifsvfs, an advanced Linux-only filesystem allowing you to mount remote SMB
|
||||||
|
filesystems from PCs on your Linux box. This is included as standard with Linux
|
||||||
|
2.5 and later.
|
||||||
|
|
||||||
|
* smbfs, the previous Linux-only filesystem allowing you to mount remote SMB
|
||||||
|
filesystems from PCs on your Linux box. This is included as standard with Linux
|
||||||
|
2.0 and later.
|
||||||
|
|
||||||
|
# CONTRIBUTIONS
|
||||||
|
|
||||||
|
### To contribute via GitHub
|
||||||
|
* fork the official Samba team repository on GitHub
|
||||||
|
-- see [GitHub](https://github.com/samba-team/samba)
|
||||||
|
|
||||||
|
* become familiar with the coding standards as described in README.Coding
|
||||||
|
|
||||||
|
* make sure you read the Samba copyright policy
|
||||||
|
-- see [Copyright Policy](https://www.samba.org/samba/devel/copyright-policy.html)
|
||||||
|
|
||||||
|
* create a feature branch
|
||||||
|
|
||||||
|
* make changes
|
||||||
|
|
||||||
|
* when committing, be sure to add signed-off-by tags
|
||||||
|
-- see [Commit message tags](https://wiki.samba.org/index.php/CodeReview#commit_message_tags)
|
||||||
|
|
||||||
|
* send a pull request for your branch through GitHub
|
||||||
|
|
||||||
|
* this will trigger an email to the samba-technical mailing list
|
||||||
|
|
||||||
|
* discussion happens on the samba-technical mailing list as described below
|
||||||
|
|
||||||
|
* more info on using Git for Samba development can be found on Samba Wiki
|
||||||
|
-- see [Using Git for Samba](https://wiki.samba.org/index.php/Using_Git_for_Samba_Development)
|
||||||
|
|
||||||
|
### To contribute via mailing lists
|
||||||
|
Join the mailing list. The Samba team accepts patches (preferably in "diff -u"
|
||||||
|
format, see [here](https://samba.org/samba/devel) for more details) and are
|
||||||
|
always glad to receive feedback or suggestions to the address
|
||||||
|
samba@lists.samba.org. More information on the various Samba mailing lists can
|
||||||
|
be found at [mailman](http://lists.samba.org).
|
||||||
|
|
||||||
|
You can also get the Samba sourcecode straight from the [git repository](http://wiki.samba.org/index.php/Using_Git_for_Samba_Development).
|
||||||
|
|
||||||
|
If you like a particular feature then look through the git change-log on the
|
||||||
|
[web](https://git.samba.org/?p=samba.git;a=summary) and see who added it, then
|
||||||
|
send them an email.
|
||||||
|
|
||||||
|
Remember that free software of this kind lives or dies by the response we get.
|
||||||
|
If no one tells us they like it then we'll probably move onto something else.
|
||||||
|
|
||||||
|
|
||||||
|
# MORE INFO
|
||||||
|
|
||||||
|
### DOCUMENTATION
|
||||||
|
There is quite a bit of documentation included with the package, including man
|
||||||
|
pages, and lots of .html files with hints and useful info. This is also
|
||||||
|
available from the web page. There is a growing collection of information under
|
||||||
|
docs/.
|
||||||
|
|
||||||
|
A list of Samba documentation in languages other than English is available on
|
||||||
|
the web page.
|
||||||
|
|
||||||
|
If you would like to help with the documentation, please coordinate on the
|
||||||
|
samba@lists.samba.org mailing list. See the next section for details on
|
||||||
|
subscribing to samba mailing lists.
|
||||||
|
|
||||||
|
### MAILING LIST
|
||||||
|
Please do NOT send subscription/unsubscription requests to the lists!
|
||||||
|
|
||||||
|
There is a mailing list for discussion of Samba. For details go to [mailman](https://lists.samba.org)
|
||||||
|
or send mail to <samba-subscribe@lists.samba.org>.
|
||||||
|
|
||||||
|
There is also an announcement mailing list where new versions are announced. To
|
||||||
|
subscribe go to [mailman](http://lists.samba.org) or send mail to
|
||||||
|
<samba-announce-subscribe@lists.samba.org>. All announcements also go to the
|
||||||
|
samba list, so you only need to be on one.
|
||||||
|
|
||||||
|
For details of other Samba mailing lists and for access to archives, see
|
||||||
|
[mailman](http://lists.samba.org)
|
||||||
|
|
||||||
|
### MAILING LIST ETIQUETTE
|
||||||
|
|
||||||
|
A few tips when submitting to this or any mailing list.
|
||||||
|
- Make your subject short and descriptive. Avoid the words "help" or "Samba" in
|
||||||
|
the subject. The readers of this list already know that a) you need help, and b)
|
||||||
|
you are writing about samba (of course, you may need to distinguish between
|
||||||
|
Samba PDC and other file sharing software). Avoid phrases such as "what is" and
|
||||||
|
"how do i". Some good subject lines might look like "Slow response with Excel
|
||||||
|
files" or "Migrating from Samba PDC to NT PDC".
|
||||||
|
|
||||||
|
- If you include the original message in your reply, trim it so that only the
|
||||||
|
relevant lines, enough to establish context, are included. Chances are (since
|
||||||
|
this is a mailing list) we've already read the original message.
|
||||||
|
|
||||||
|
- Trim irrelevant headers from the original message in your reply. All we need
|
||||||
|
to see is a) From, b) Date, and c) Subject. We don't even really need the
|
||||||
|
Subject, if you haven't changed it. Better yet is to just preface the original
|
||||||
|
message with "On [date] [someone] wrote:".
|
||||||
|
|
||||||
|
- Please don't reply to or argue about spam, spam filters or viruses on any
|
||||||
|
Samba lists. We do have a spam filtering system that is working quite well thank
|
||||||
|
you very much but occasionally unwanted messages slip through. Deal with it.
|
||||||
|
|
||||||
|
- Never say "Me too." It doesn't help anyone solve the problem. Instead, if you
|
||||||
|
ARE having the same problem, give more information. Have you seen something that
|
||||||
|
the other writer hasn't mentioned, which may be helpful?
|
||||||
|
|
||||||
|
- If you ask about a problem, then come up with the solution on your own or
|
||||||
|
through another source, by all means post it. Someone else may have the same
|
||||||
|
problem and is waiting for an answer, but never hears of it.
|
||||||
|
|
||||||
|
- Give as much *relevant* information as possible such as Samba release number,
|
||||||
|
OS, kernel version, etc...
|
||||||
|
|
||||||
|
- RTFM. Google.
|
||||||
|
|
||||||
|
### WEB SITE
|
||||||
|
A Samba WWW [site](https://samba.org) has been setup with lots of useful info.
|
||||||
|
|
||||||
|
As well as general information and documentation, this also has searchable
|
||||||
|
archives of the mailing list and a user survey that shows who else is using this
|
||||||
|
package.
|
|
@ -1,16 +0,0 @@
|
||||||
-----BEGIN PGP SIGNATURE-----
|
|
||||||
|
|
||||||
iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmWcCFAACgkQqplEL7aA
|
|
||||||
tiDKSBAAuWA9jT6xCfFACIlme7DbEoUm/Bsbf+GM2Somd3pgajekiNxo7CsW9Xub
|
|
||||||
Vmpj0Q5OKiri81XTqA8LlqMCBliqfw/rnP48kCH0YqXzjqD6aYuwmk0Q4G3wWBTJ
|
|
||||||
2ZT/wOpbM3YooFfE9Iffz6uNgAiQ/8kpBt2m6Zzfy8n1ThfztyGAGaSmrUWxgUlq
|
|
||||||
XjRjtgTw4isZBm+RzCFSGuPxvWvxRlfD5JCe2gc221rI3kbaQE2GSxdZ6D0635Ln
|
|
||||||
iy64SLIAKkQCrrFFckudSCCLKgLNdIClEwzamhhCbmCxnWMDufzN+BQZhq3axQ+x
|
|
||||||
svPfZqltVSQztr4nPGvKdebtVLL2Zyf/LtXWQP/s66quHlHFoEAC7MuD6tEMQVar
|
|
||||||
JQUCN51Gs0Yk12iReQFm6/Uo35aPAlai1e2uOkNzS5FnagRObYt6FYeQripks4I8
|
|
||||||
ZW5VvF4cE0zqdjrlG+Ttqmpbj7i6AUJj9wSbrEOFDUhTL+QPPOfJ05yr1BHmS6nJ
|
|
||||||
vuuUs+ei/DnYEFS91P81h5NuOdpRHIBTG6LUOLz5KOoNdIgvzjD/Ugyscj4AFTBo
|
|
||||||
+NTG9nNr6gkLV/6dxDRR2/sbU6P+FZBL+JVUoDR7XQ7oHG7sFV+/8Dtu8RivEw++
|
|
||||||
1sNGqxvGkwu7JunMkJO5YZRwXi81v3nmHkWKgb0+52iYXgmdesY=
|
|
||||||
=kOPP
|
|
||||||
-----END PGP SIGNATURE-----
|
|
|
@ -0,0 +1,8 @@
|
||||||
|
# recipients: sssd-qe, asn, pfilipen, ftrivino
|
||||||
|
--- !Policy
|
||||||
|
product_versions:
|
||||||
|
- rhel-8
|
||||||
|
decision_context: osci_compose_gate
|
||||||
|
rules:
|
||||||
|
- !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}
|
||||||
|
- !PassingTestCaseRule {test_case_name: idm-ci.brew-build.tier1.functional}
|
|
@ -0,0 +1,24 @@
|
||||||
|
---
|
||||||
|
badfuncs:
|
||||||
|
ignore:
|
||||||
|
- /usr/bin/nmblookup
|
||||||
|
- /usr/bin/smbtorture
|
||||||
|
- /usr/lib*/libndr.so.*
|
||||||
|
- /usr/lib*/libsmbconf.so.*
|
||||||
|
- /usr/lib*/samba/libgse-samba4.so
|
||||||
|
- /usr/lib*/samba/libsamba-sockets-samba4.so
|
||||||
|
- /usr/lib*/samba/service/nbtd.so
|
||||||
|
- /usr/libexec/ctdb/smnotify
|
||||||
|
- /usr/sbin/nmbd
|
||||||
|
|
||||||
|
runpath:
|
||||||
|
allowed_paths:
|
||||||
|
- /usr/lib/samba
|
||||||
|
- /usr/lib64/samba
|
||||||
|
|
||||||
|
abidiff:
|
||||||
|
suppression_file: samba.abignore
|
||||||
|
|
||||||
|
debuginfo:
|
||||||
|
ignore:
|
||||||
|
- /usr/lib*/libdcerpc-samr.so.*
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,106 @@
|
||||||
|
From 21d8c1b2dabf8dd5a65de14816c6701e9c81de44 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Tue, 5 Dec 2023 15:46:48 +0100
|
||||||
|
Subject: [PATCH 1/2] s3:tests: Add smbget test for
|
||||||
|
smb://DOAMIN;user%password@server/share/file
|
||||||
|
|
||||||
|
This is supported according to the smbget manpage!
|
||||||
|
|
||||||
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15525
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
(cherry picked from commit e5fe856e76eba26e3b85a391bcea02dfe045c26e)
|
||||||
|
---
|
||||||
|
source3/script/tests/test_smbget.sh | 20 ++++++++++++++++++++
|
||||||
|
1 file changed, 20 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/source3/script/tests/test_smbget.sh b/source3/script/tests/test_smbget.sh
|
||||||
|
index 46c1f4a68a5..bdc62a71eff 100755
|
||||||
|
--- a/source3/script/tests/test_smbget.sh
|
||||||
|
+++ b/source3/script/tests/test_smbget.sh
|
||||||
|
@@ -145,6 +145,22 @@ test_singlefile_smburl()
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
|
||||||
|
+test_singlefile_smburl2()
|
||||||
|
+{
|
||||||
|
+ clear_download_area
|
||||||
|
+ $SMBGET "smb://$DOMAIN;$USERNAME:$PASSWORD@$SERVER_IP/smbget/testfile"
|
||||||
|
+ if [ $? -ne 0 ]; then
|
||||||
|
+ echo 'ERROR: RC does not match, expected: 0'
|
||||||
|
+ return 1
|
||||||
|
+ fi
|
||||||
|
+ cmp --silent $WORKDIR/testfile ./testfile
|
||||||
|
+ if [ $? -ne 0 ]; then
|
||||||
|
+ echo 'ERROR: file content does not match'
|
||||||
|
+ return 1
|
||||||
|
+ fi
|
||||||
|
+ return 0
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
test_singlefile_authfile()
|
||||||
|
{
|
||||||
|
clear_download_area
|
||||||
|
@@ -499,6 +515,10 @@ testit "download single file with --update and UPN" test_singlefile_U_UPN ||
|
||||||
|
testit "download single file with smb URL" test_singlefile_smburl ||
|
||||||
|
failed=$(expr $failed + 1)
|
||||||
|
|
||||||
|
+testit "download single file with smb URL including domain" \
|
||||||
|
+ test_singlefile_smburl2 ||
|
||||||
|
+ failed=$(expr $failed + 1)
|
||||||
|
+
|
||||||
|
testit "download single file with authfile" test_singlefile_authfile ||
|
||||||
|
failed=$(expr $failed + 1)
|
||||||
|
|
||||||
|
--
|
||||||
|
2.43.0
|
||||||
|
|
||||||
|
|
||||||
|
From e19fa9d75ee70ec23e70f166ee70241c116f7bf5 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Wed, 6 Dec 2023 08:48:34 +0100
|
||||||
|
Subject: [PATCH 2/2] s3:utils: Fix setting the debug level
|
||||||
|
|
||||||
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15525
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
(cherry picked from commit 763b2efe69dc74e1c0cd954607031012f832486d)
|
||||||
|
---
|
||||||
|
source3/utils/smbget.c | 6 +++++-
|
||||||
|
1 file changed, 5 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/source3/utils/smbget.c b/source3/utils/smbget.c
|
||||||
|
index 5c99dcf918a..8d98ba24602 100644
|
||||||
|
--- a/source3/utils/smbget.c
|
||||||
|
+++ b/source3/utils/smbget.c
|
||||||
|
@@ -849,6 +849,7 @@ int main(int argc, char **argv)
|
||||||
|
uint32_t gensec_features;
|
||||||
|
bool use_wbccache = false;
|
||||||
|
SMBCCTX *smb_ctx = NULL;
|
||||||
|
+ int dbg_lvl = -1;
|
||||||
|
int rc;
|
||||||
|
|
||||||
|
smb_init_locale();
|
||||||
|
@@ -922,13 +923,16 @@ int main(int argc, char **argv)
|
||||||
|
|
||||||
|
samba_cmdline_burn(argc, argv);
|
||||||
|
|
||||||
|
+ /* smbc_new_context() will set the log level to 0 */
|
||||||
|
+ dbg_lvl = debuglevel_get();
|
||||||
|
+
|
||||||
|
smb_ctx = smbc_new_context();
|
||||||
|
if (smb_ctx == NULL) {
|
||||||
|
fprintf(stderr, "Unable to initialize libsmbclient\n");
|
||||||
|
ok = false;
|
||||||
|
goto done;
|
||||||
|
}
|
||||||
|
- smbc_setDebug(smb_ctx, debuglevel_get());
|
||||||
|
+ smbc_setDebug(smb_ctx, dbg_lvl);
|
||||||
|
|
||||||
|
rc = smbc_setConfiguration(smb_ctx, lp_default_path());
|
||||||
|
if (rc < 0) {
|
||||||
|
--
|
||||||
|
2.43.0
|
||||||
|
|
File diff suppressed because it is too large
Load Diff
Binary file not shown.
|
@ -147,7 +147,7 @@
|
||||||
%define samba_requires_eq() %(LC_ALL="C" echo '%*' | xargs -r rpm -q --qf 'Requires: %%{name} = %%{epoch}:%%{version}\\n' | sed -e 's/ (none):/ /' -e 's/ 0:/ /' | grep -v "is not")
|
%define samba_requires_eq() %(LC_ALL="C" echo '%*' | xargs -r rpm -q --qf 'Requires: %%{name} = %%{epoch}:%%{version}\\n' | sed -e 's/ (none):/ /' -e 's/ 0:/ /' | grep -v "is not")
|
||||||
|
|
||||||
%global samba_version 4.19.4
|
%global samba_version 4.19.4
|
||||||
%global baserelease 3
|
%global baserelease 4
|
||||||
# This should be rc1 or %%nil
|
# This should be rc1 or %%nil
|
||||||
%global pre_release %nil
|
%global pre_release %nil
|
||||||
|
|
||||||
|
@ -244,6 +244,12 @@ Source18: samba-winbind-systemd-sysusers.conf
|
||||||
Source201: README.downgrade
|
Source201: README.downgrade
|
||||||
Source202: samba.abignore
|
Source202: samba.abignore
|
||||||
|
|
||||||
|
# Backport bug fixes to https://gitlab.com/samba-redhat/samba/-/tree/v4-19-redhat
|
||||||
|
# This will give us CI and makes it easy to generate patchsets.
|
||||||
|
#
|
||||||
|
# Generate the patchset using: git format-patch -l1 --stdout -N > samba-4.19-redhat.patch
|
||||||
|
Patch0: samba-4.19-redhat.patch
|
||||||
|
|
||||||
Requires(pre): /usr/sbin/groupadd
|
Requires(pre): /usr/sbin/groupadd
|
||||||
|
|
||||||
Requires(pre): %{name}-common = %{samba_depver}
|
Requires(pre): %{name}-common = %{samba_depver}
|
||||||
|
@ -4473,6 +4479,12 @@ fi
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu May 02 2024 Pavel Filipenský <pfilipen@redhat.com> - 4.19.4-4
|
||||||
|
- related: RHEL-33813 - Undo wrong changes in rpminspect.yaml
|
||||||
|
|
||||||
|
* Thu May 02 2024 Pavel Filipenský <pfilipen@redhat.com> - 4.19.4-4
|
||||||
|
- resolves: RHEL-33813 - Add option to request only POSIX groups from AD in idmap_ad
|
||||||
|
|
||||||
* Thu Jan 18 2024 Pavel Filipenský <pfilipen@redhat.com> - 4.19.4-3
|
* Thu Jan 18 2024 Pavel Filipenský <pfilipen@redhat.com> - 4.19.4-3
|
||||||
- resolves: RHEL-19753 - Fix smbget interactive authentication
|
- resolves: RHEL-19753 - Fix smbget interactive authentication
|
||||||
|
|
|
@ -0,0 +1,2 @@
|
||||||
|
SHA512 (samba-4.19.4.tar.asc) = 11bc51407d1464339817d7568f5d5bb059c19a05b49c6a1307d7425d289acb617ecd3e633e3736bdaa94947a7b3630d6cdb7ed6fe59d52556234c549eca8172a
|
||||||
|
SHA512 (samba-4.19.4.tar.xz) = 3d2899e4a3b8bcb77befc29c4af66d3ac858b7f7a0dbbb66a8bc210cd88d9cde3e11361334a5cce650318473134ec8b134148bfa4af4d51f555de33eff395029
|
|
@ -0,0 +1,62 @@
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
#
|
||||||
|
# Makefile of gating test "testparm"
|
||||||
|
# Description: Basic config check for samba
|
||||||
|
# Author: Andrej Dzilsky <adzilsky@redhat.com>
|
||||||
|
#
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
#
|
||||||
|
# Copyright (c) 2019 Red Hat, Inc.
|
||||||
|
#
|
||||||
|
# This program is free software: you can redistribute it and/or
|
||||||
|
# modify it under the terms of the GNU General Public License as
|
||||||
|
# published by the Free Software Foundation, either version 2 of
|
||||||
|
# the License, or (at your option) any later version.
|
||||||
|
#
|
||||||
|
# This program is distributed in the hope that it will be
|
||||||
|
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||||
|
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||||
|
# PURPOSE. See the GNU General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public License
|
||||||
|
# along with this program. If not, see http://www.gnu.org/licenses/.
|
||||||
|
#
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
|
||||||
|
export TEST=testparm
|
||||||
|
export TESTVERSION=1.0
|
||||||
|
|
||||||
|
BUILT_FILES=
|
||||||
|
|
||||||
|
FILES=$(METADATA) runtest.sh Makefile
|
||||||
|
|
||||||
|
.PHONY: all install download clean
|
||||||
|
|
||||||
|
run: $(FILES) build
|
||||||
|
./runtest.sh
|
||||||
|
|
||||||
|
build: $(BUILT_FILES)
|
||||||
|
test -x runtest.sh || chmod a+x runtest.sh
|
||||||
|
|
||||||
|
clean:
|
||||||
|
rm -f *~ $(BUILT_FILES)
|
||||||
|
|
||||||
|
|
||||||
|
include /usr/share/rhts/lib/rhts-make.include
|
||||||
|
|
||||||
|
$(METADATA): Makefile
|
||||||
|
@echo "Owner: Andrej Dzilsky <adzilsky@redhat.com>" > $(METADATA)
|
||||||
|
@echo "Name: $(TEST)" >> $(METADATA)
|
||||||
|
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
|
||||||
|
@echo "Path: $(TEST_DIR)" >> $(METADATA)
|
||||||
|
@echo "Description: Basic samba config check" >> $(METADATA)
|
||||||
|
@echo "Type: Regression" >> $(METADATA)
|
||||||
|
@echo "TestTime: 5m" >> $(METADATA)
|
||||||
|
@echo "RunFor: samba" >> $(METADATA)
|
||||||
|
@echo "Priority: Normal" >> $(METADATA)
|
||||||
|
@echo "License: GPLv2+" >> $(METADATA)
|
||||||
|
@echo "Confidential: no" >> $(METADATA)
|
||||||
|
@echo "Destructive: no" >> $(METADATA)
|
||||||
|
@echo "Bug: 1653890" >> $(METADATA)
|
||||||
|
|
||||||
|
rhts-lint $(METADATA)
|
|
@ -0,0 +1,43 @@
|
||||||
|
#!/bin/bash
|
||||||
|
# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
#
|
||||||
|
# runtest.sh of gating test "testparm"
|
||||||
|
# Description: Basic samba config check
|
||||||
|
# Author: Andrej Dzilsky <adzilsky@redhat.com>
|
||||||
|
#
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
#
|
||||||
|
# Copyright (c) 2019 Red Hat, Inc.
|
||||||
|
#
|
||||||
|
# This program is free software: you can redistribute it and/or
|
||||||
|
# modify it under the terms of the GNU General Public License as
|
||||||
|
# published by the Free Software Foundation, either version 2 of
|
||||||
|
# the License, or (at your option) any later version.
|
||||||
|
#
|
||||||
|
# This program is distributed in the hope that it will be
|
||||||
|
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||||
|
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||||
|
# PURPOSE. See the GNU General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public License
|
||||||
|
# along with this program. If not, see http://www.gnu.org/licenses/.
|
||||||
|
#
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
|
||||||
|
# Include Beaker environment
|
||||||
|
. /usr/bin/rhts-environment.sh || exit 1
|
||||||
|
. /usr/share/beakerlib/beakerlib.sh || exit 1
|
||||||
|
|
||||||
|
# From Andreas Schneider <asn@redhat.com>:
|
||||||
|
# This is a basic test which makes sure the samba is installed and the default
|
||||||
|
# smb.conf is available.
|
||||||
|
|
||||||
|
rlJournalStart
|
||||||
|
|
||||||
|
rlPhaseStartTest
|
||||||
|
rlRun "testparm -v -s" 0 "testparm ends with expected output"
|
||||||
|
rlPhaseEnd
|
||||||
|
|
||||||
|
rlJournalPrintText
|
||||||
|
rlJournalEnd
|
|
@ -0,0 +1,13 @@
|
||||||
|
---
|
||||||
|
# This first play always runs on the local staging system
|
||||||
|
- hosts: localhost
|
||||||
|
roles:
|
||||||
|
- role: standard-test-beakerlib
|
||||||
|
tags:
|
||||||
|
- classic
|
||||||
|
tests:
|
||||||
|
- testparm
|
||||||
|
required_packages:
|
||||||
|
- samba
|
||||||
|
- samba-client
|
||||||
|
- samba-common
|
|
@ -0,0 +1,325 @@
|
||||||
|
From 322597e5e243264d56ede73e579b4bf767bca5be Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Mon, 4 Sep 2023 16:29:46 +0200
|
||||||
|
Subject: [PATCH 1/3] selftest: Show that 'allow trusted domains = no'
|
||||||
|
firewalls Unix User|Group
|
||||||
|
|
||||||
|
UNEXPECTED(failure): samba3.blackbox.smbclient_auth.plain.local_creds.smbclient //LOCALSHARE4/forceuser_unixonly as user(simpleserver)
|
||||||
|
REASON: Exception: Exception: tree connect failed: NT_STATUS_AUTHENTICATION_FIREWALL_FAILED
|
||||||
|
|
||||||
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15469
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Reviewed-by: Ralph Boehme <slow@samba.org>
|
||||||
|
(cherry picked from commit ad0c0dd071401d98f0b7f595efbdf5312a165ab4)
|
||||||
|
---
|
||||||
|
selftest/knownfail.d/forceuser_trusteddomains | 2 ++
|
||||||
|
selftest/target/Samba3.pm | 1 +
|
||||||
|
2 files changed, 3 insertions(+)
|
||||||
|
create mode 100644 selftest/knownfail.d/forceuser_trusteddomains
|
||||||
|
|
||||||
|
diff --git a/selftest/knownfail.d/forceuser_trusteddomains b/selftest/knownfail.d/forceuser_trusteddomains
|
||||||
|
new file mode 100644
|
||||||
|
index 00000000000..b515400cd90
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/selftest/knownfail.d/forceuser_trusteddomains
|
||||||
|
@@ -0,0 +1,2 @@
|
||||||
|
+samba3.blackbox.smbclient_auth.plain.local_creds.smbclient...LOCALSHARE4.forceuser_unixonly.as.user.simpleserver
|
||||||
|
+samba3.blackbox.smbclient_auth.plain.local_creds.smbclient...LOCALSHARE4.forceuser_wkngroup.as.user.simpleserver
|
||||||
|
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
|
||||||
|
index 39831afc599..85e69e4b72d 100755
|
||||||
|
--- a/selftest/target/Samba3.pm
|
||||||
|
+++ b/selftest/target/Samba3.pm
|
||||||
|
@@ -1689,6 +1689,7 @@ sub setup_simpleserver
|
||||||
|
vfs objects = xattr_tdb streams_depot
|
||||||
|
change notify = no
|
||||||
|
server smb encrypt = off
|
||||||
|
+ allow trusted domains = no
|
||||||
|
|
||||||
|
[vfs_aio_pthread]
|
||||||
|
path = $prefix_abs/share
|
||||||
|
--
|
||||||
|
2.43.0
|
||||||
|
|
||||||
|
|
||||||
|
From 13775d470f26b8f85d7c7b539276237dc94d54c9 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Fri, 8 Sep 2023 12:50:32 +0200
|
||||||
|
Subject: [PATCH 2/3] s3:auth: Remove trailing white spaces from auth_util.c
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Reviewed-by: Ralph Boehme <slow@samba.org>
|
||||||
|
(cherry picked from commit 8f496161463f110e494201303b96dd14ab3774cd)
|
||||||
|
---
|
||||||
|
source3/auth/auth_util.c | 64 ++++++++++++++++++++--------------------
|
||||||
|
1 file changed, 32 insertions(+), 32 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
|
||||||
|
index 293523f4272..e5863d2272b 100644
|
||||||
|
--- a/source3/auth/auth_util.c
|
||||||
|
+++ b/source3/auth/auth_util.c
|
||||||
|
@@ -144,14 +144,14 @@ NTSTATUS make_user_info_map(TALLOC_CTX *mem_ctx,
|
||||||
|
}
|
||||||
|
|
||||||
|
/****************************************************************************
|
||||||
|
- Create an auth_usersupplied_data, making the DATA_BLOBs here.
|
||||||
|
+ Create an auth_usersupplied_data, making the DATA_BLOBs here.
|
||||||
|
Decrypt and encrypt the passwords.
|
||||||
|
****************************************************************************/
|
||||||
|
|
||||||
|
bool make_user_info_netlogon_network(TALLOC_CTX *mem_ctx,
|
||||||
|
struct auth_usersupplied_info **user_info,
|
||||||
|
- const char *smb_name,
|
||||||
|
- const char *client_domain,
|
||||||
|
+ const char *smb_name,
|
||||||
|
+ const char *client_domain,
|
||||||
|
const char *workstation_name,
|
||||||
|
const struct tsocket_address *remote_address,
|
||||||
|
const struct tsocket_address *local_address,
|
||||||
|
@@ -167,12 +167,12 @@ bool make_user_info_netlogon_network(TALLOC_CTX *mem_ctx,
|
||||||
|
DATA_BLOB nt_blob = data_blob(nt_network_pwd, nt_pwd_len);
|
||||||
|
|
||||||
|
status = make_user_info_map(mem_ctx, user_info,
|
||||||
|
- smb_name, client_domain,
|
||||||
|
+ smb_name, client_domain,
|
||||||
|
workstation_name,
|
||||||
|
remote_address,
|
||||||
|
local_address,
|
||||||
|
"SamLogon",
|
||||||
|
- lm_pwd_len ? &lm_blob : NULL,
|
||||||
|
+ lm_pwd_len ? &lm_blob : NULL,
|
||||||
|
nt_pwd_len ? &nt_blob : NULL,
|
||||||
|
NULL, NULL, NULL,
|
||||||
|
AUTH_PASSWORD_RESPONSE);
|
||||||
|
@@ -188,20 +188,20 @@ bool make_user_info_netlogon_network(TALLOC_CTX *mem_ctx,
|
||||||
|
}
|
||||||
|
|
||||||
|
/****************************************************************************
|
||||||
|
- Create an auth_usersupplied_data, making the DATA_BLOBs here.
|
||||||
|
+ Create an auth_usersupplied_data, making the DATA_BLOBs here.
|
||||||
|
Decrypt and encrypt the passwords.
|
||||||
|
****************************************************************************/
|
||||||
|
|
||||||
|
bool make_user_info_netlogon_interactive(TALLOC_CTX *mem_ctx,
|
||||||
|
struct auth_usersupplied_info **user_info,
|
||||||
|
- const char *smb_name,
|
||||||
|
- const char *client_domain,
|
||||||
|
+ const char *smb_name,
|
||||||
|
+ const char *client_domain,
|
||||||
|
const char *workstation_name,
|
||||||
|
const struct tsocket_address *remote_address,
|
||||||
|
const struct tsocket_address *local_address,
|
||||||
|
uint32_t logon_parameters,
|
||||||
|
- const uchar chal[8],
|
||||||
|
- const uchar lm_interactive_pwd[16],
|
||||||
|
+ const uchar chal[8],
|
||||||
|
+ const uchar lm_interactive_pwd[16],
|
||||||
|
const uchar nt_interactive_pwd[16])
|
||||||
|
{
|
||||||
|
struct samr_Password lm_pwd;
|
||||||
|
@@ -250,7 +250,7 @@ bool make_user_info_netlogon_interactive(TALLOC_CTX *mem_ctx,
|
||||||
|
|
||||||
|
nt_status = make_user_info_map(
|
||||||
|
mem_ctx,
|
||||||
|
- user_info,
|
||||||
|
+ user_info,
|
||||||
|
smb_name, client_domain, workstation_name,
|
||||||
|
remote_address,
|
||||||
|
local_address,
|
||||||
|
@@ -280,7 +280,7 @@ bool make_user_info_netlogon_interactive(TALLOC_CTX *mem_ctx,
|
||||||
|
|
||||||
|
bool make_user_info_for_reply(TALLOC_CTX *mem_ctx,
|
||||||
|
struct auth_usersupplied_info **user_info,
|
||||||
|
- const char *smb_name,
|
||||||
|
+ const char *smb_name,
|
||||||
|
const char *client_domain,
|
||||||
|
const struct tsocket_address *remote_address,
|
||||||
|
const struct tsocket_address *local_address,
|
||||||
|
@@ -315,10 +315,10 @@ bool make_user_info_for_reply(TALLOC_CTX *mem_ctx,
|
||||||
|
|
||||||
|
/* We can't do an NT hash here, as the password needs to be
|
||||||
|
case insensitive */
|
||||||
|
- local_nt_blob = data_blob_null;
|
||||||
|
+ local_nt_blob = data_blob_null;
|
||||||
|
} else {
|
||||||
|
- local_lm_blob = data_blob_null;
|
||||||
|
- local_nt_blob = data_blob_null;
|
||||||
|
+ local_lm_blob = data_blob_null;
|
||||||
|
+ local_nt_blob = data_blob_null;
|
||||||
|
}
|
||||||
|
|
||||||
|
plaintext_password_string = talloc_strndup(talloc_tos(),
|
||||||
|
@@ -329,7 +329,7 @@ bool make_user_info_for_reply(TALLOC_CTX *mem_ctx,
|
||||||
|
}
|
||||||
|
|
||||||
|
ret = make_user_info(mem_ctx,
|
||||||
|
- user_info, smb_name, smb_name, client_domain, client_domain,
|
||||||
|
+ user_info, smb_name, smb_name, client_domain, client_domain,
|
||||||
|
get_remote_machine_name(),
|
||||||
|
remote_address,
|
||||||
|
local_address,
|
||||||
|
@@ -403,14 +403,14 @@ bool make_user_info_guest(TALLOC_CTX *mem_ctx,
|
||||||
|
|
||||||
|
nt_status = make_user_info(mem_ctx,
|
||||||
|
user_info,
|
||||||
|
- "","",
|
||||||
|
- "","",
|
||||||
|
- "",
|
||||||
|
+ "","",
|
||||||
|
+ "","",
|
||||||
|
+ "",
|
||||||
|
remote_address,
|
||||||
|
local_address,
|
||||||
|
service_description,
|
||||||
|
- NULL, NULL,
|
||||||
|
- NULL, NULL,
|
||||||
|
+ NULL, NULL,
|
||||||
|
+ NULL, NULL,
|
||||||
|
NULL,
|
||||||
|
AUTH_PASSWORD_RESPONSE);
|
||||||
|
|
||||||
|
@@ -1258,7 +1258,7 @@ done:
|
||||||
|
}
|
||||||
|
|
||||||
|
session_info->unique_session_token = GUID_random();
|
||||||
|
-
|
||||||
|
+
|
||||||
|
*session_info_out = talloc_move(mem_ctx, &session_info);
|
||||||
|
TALLOC_FREE(frame);
|
||||||
|
return NT_STATUS_OK;
|
||||||
|
@@ -1954,9 +1954,9 @@ static NTSTATUS check_account(TALLOC_CTX *mem_ctx, const char *domain,
|
||||||
|
*pwd = passwd;
|
||||||
|
|
||||||
|
/* This is pointless -- there is no support for differing
|
||||||
|
- unix and windows names. Make sure to always store the
|
||||||
|
+ unix and windows names. Make sure to always store the
|
||||||
|
one we actually looked up and succeeded. Have I mentioned
|
||||||
|
- why I hate the 'winbind use default domain' parameter?
|
||||||
|
+ why I hate the 'winbind use default domain' parameter?
|
||||||
|
--jerry */
|
||||||
|
|
||||||
|
*found_username = talloc_strdup( mem_ctx, real_username );
|
||||||
|
@@ -1965,8 +1965,8 @@ static NTSTATUS check_account(TALLOC_CTX *mem_ctx, const char *domain,
|
||||||
|
}
|
||||||
|
|
||||||
|
/****************************************************************************
|
||||||
|
- Wrapper to allow the getpwnam() call to strip the domain name and
|
||||||
|
- try again in case a local UNIX user is already there. Also run through
|
||||||
|
+ Wrapper to allow the getpwnam() call to strip the domain name and
|
||||||
|
+ try again in case a local UNIX user is already there. Also run through
|
||||||
|
the username if we fallback to the username only.
|
||||||
|
****************************************************************************/
|
||||||
|
|
||||||
|
@@ -1977,11 +1977,11 @@ struct passwd *smb_getpwnam( TALLOC_CTX *mem_ctx, const char *domuser,
|
||||||
|
char *p = NULL;
|
||||||
|
const char *username = NULL;
|
||||||
|
|
||||||
|
- /* we only save a copy of the username it has been mangled
|
||||||
|
+ /* we only save a copy of the username it has been mangled
|
||||||
|
by winbindd use default domain */
|
||||||
|
*p_save_username = NULL;
|
||||||
|
|
||||||
|
- /* don't call map_username() here since it has to be done higher
|
||||||
|
+ /* don't call map_username() here since it has to be done higher
|
||||||
|
up the stack so we don't call it multiple times */
|
||||||
|
|
||||||
|
username = talloc_strdup(mem_ctx, domuser);
|
||||||
|
@@ -2068,10 +2068,10 @@ username_only:
|
||||||
|
}
|
||||||
|
|
||||||
|
/***************************************************************************
|
||||||
|
- Make a server_info struct from the info3 returned by a domain logon
|
||||||
|
+ Make a server_info struct from the info3 returned by a domain logon
|
||||||
|
***************************************************************************/
|
||||||
|
|
||||||
|
-NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
|
||||||
|
+NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
|
||||||
|
const char *sent_nt_username,
|
||||||
|
const char *domain,
|
||||||
|
struct auth_serversupplied_info **server_info,
|
||||||
|
@@ -2089,9 +2089,9 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
|
||||||
|
struct dom_sid sid;
|
||||||
|
TALLOC_CTX *tmp_ctx = talloc_stackframe();
|
||||||
|
|
||||||
|
- /*
|
||||||
|
+ /*
|
||||||
|
Here is where we should check the list of
|
||||||
|
- trusted domains, and verify that the SID
|
||||||
|
+ trusted domains, and verify that the SID
|
||||||
|
matches.
|
||||||
|
*/
|
||||||
|
|
||||||
|
--
|
||||||
|
2.43.0
|
||||||
|
|
||||||
|
|
||||||
|
From a83c51913963bbabd5c4fdd00ba2fc69df2b6ca6 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Thu, 30 Nov 2023 10:54:07 +0100
|
||||||
|
Subject: [PATCH 3/3] s3:auth: Allow 'Unix Users' and 'Unix Groups' to create a
|
||||||
|
local token
|
||||||
|
|
||||||
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15469
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Reviewed-by: Ralph Boehme <slow@samba.org>
|
||||||
|
(cherry picked from commit 00034d022896f879bf91bb78eb9e2972162c99ce)
|
||||||
|
---
|
||||||
|
selftest/knownfail.d/forceuser_trusteddomains | 2 --
|
||||||
|
source3/auth/auth_util.c | 17 ++++++++++++++++-
|
||||||
|
2 files changed, 16 insertions(+), 3 deletions(-)
|
||||||
|
delete mode 100644 selftest/knownfail.d/forceuser_trusteddomains
|
||||||
|
|
||||||
|
diff --git a/selftest/knownfail.d/forceuser_trusteddomains b/selftest/knownfail.d/forceuser_trusteddomains
|
||||||
|
deleted file mode 100644
|
||||||
|
index b515400cd90..00000000000
|
||||||
|
--- a/selftest/knownfail.d/forceuser_trusteddomains
|
||||||
|
+++ /dev/null
|
||||||
|
@@ -1,2 +0,0 @@
|
||||||
|
-samba3.blackbox.smbclient_auth.plain.local_creds.smbclient...LOCALSHARE4.forceuser_unixonly.as.user.simpleserver
|
||||||
|
-samba3.blackbox.smbclient_auth.plain.local_creds.smbclient...LOCALSHARE4.forceuser_wkngroup.as.user.simpleserver
|
||||||
|
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
|
||||||
|
index e5863d2272b..2a35fea5061 100644
|
||||||
|
--- a/source3/auth/auth_util.c
|
||||||
|
+++ b/source3/auth/auth_util.c
|
||||||
|
@@ -21,6 +21,7 @@
|
||||||
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*/
|
||||||
|
|
||||||
|
+#include "dom_sid.h"
|
||||||
|
#include "includes.h"
|
||||||
|
#include "auth.h"
|
||||||
|
#include "lib/util_unixsids.h"
|
||||||
|
@@ -478,6 +479,7 @@ NTSTATUS create_local_token(TALLOC_CTX *mem_ctx,
|
||||||
|
struct dom_sid tmp_sid;
|
||||||
|
struct auth_session_info *session_info = NULL;
|
||||||
|
struct unixid *ids;
|
||||||
|
+ bool is_allowed = false;
|
||||||
|
|
||||||
|
/* Ensure we can't possible take a code path leading to a
|
||||||
|
* null deref. */
|
||||||
|
@@ -485,7 +487,20 @@ NTSTATUS create_local_token(TALLOC_CTX *mem_ctx,
|
||||||
|
return NT_STATUS_LOGON_FAILURE;
|
||||||
|
}
|
||||||
|
|
||||||
|
- if (!is_allowed_domain(server_info->info3->base.logon_domain.string)) {
|
||||||
|
+ if (is_allowed_domain(server_info->info3->base.logon_domain.string)) {
|
||||||
|
+ is_allowed = true;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ /* Check if we have extra info about the user. */
|
||||||
|
+ if (dom_sid_in_domain(&global_sid_Unix_Users,
|
||||||
|
+ &server_info->extra.user_sid) ||
|
||||||
|
+ dom_sid_in_domain(&global_sid_Unix_Groups,
|
||||||
|
+ &server_info->extra.pgid_sid))
|
||||||
|
+ {
|
||||||
|
+ is_allowed = true;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (!is_allowed) {
|
||||||
|
DBG_NOTICE("Authentication failed for user [%s] "
|
||||||
|
"from firewalled domain [%s]\n",
|
||||||
|
server_info->info3->base.account_name.string,
|
||||||
|
--
|
||||||
|
2.43.0
|
||||||
|
|
Loading…
Reference in New Issue