Compare commits
4 Commits
Author | SHA1 | Date | |
---|---|---|---|
3caafdd88f | |||
04e2eb07a7 | |||
791775af87 | |||
bb27d63e76 |
2
.gitignore
vendored
2
.gitignore
vendored
@ -1,2 +1,2 @@
|
|||||||
SOURCES/samba-4.19.4.tar.xz
|
SOURCES/samba-4.18.6.tar.xz
|
||||||
SOURCES/samba-pubkey_AA99442FB680B620.gpg
|
SOURCES/samba-pubkey_AA99442FB680B620.gpg
|
||||||
|
@ -1,2 +1,2 @@
|
|||||||
6a164128df94dd89e785ca9f42d7be5714f16bed SOURCES/samba-4.19.4.tar.xz
|
12b41f2a849cb6c40e9f5b174bb1cd823a060bd7 SOURCES/samba-4.18.6.tar.xz
|
||||||
971f563c447eda8d144d6c9e743cd0f0488c0d9e SOURCES/samba-pubkey_AA99442FB680B620.gpg
|
971f563c447eda8d144d6c9e743cd0f0488c0d9e SOURCES/samba-pubkey_AA99442FB680B620.gpg
|
||||||
|
@ -0,0 +1,295 @@
|
|||||||
|
From 09ee91a8f7e53f688f091fe67e0b95d1d34fb9c9 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jeremy Allison <jra@samba.org>
|
||||||
|
Date: Tue, 25 Jul 2023 17:41:04 -0700
|
||||||
|
Subject: [PATCH 1/3] CVE-2023-3961:s3:smbd: Catch any incoming pipe path that
|
||||||
|
could exit socket_dir.
|
||||||
|
|
||||||
|
For now, SMB_ASSERT() to exit the server. We will remove
|
||||||
|
this once the test code is in place.
|
||||||
|
|
||||||
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15422
|
||||||
|
|
||||||
|
Signed-off-by: Jeremy Allison <jra@samba.org>
|
||||||
|
---
|
||||||
|
source3/rpc_client/local_np.c | 18 ++++++++++++++++++
|
||||||
|
1 file changed, 18 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/source3/rpc_client/local_np.c b/source3/rpc_client/local_np.c
|
||||||
|
index 0b323404f06..95228d5d801 100644
|
||||||
|
--- a/source3/rpc_client/local_np.c
|
||||||
|
+++ b/source3/rpc_client/local_np.c
|
||||||
|
@@ -542,6 +542,24 @@ struct tevent_req *local_np_connect_send(
|
||||||
|
return tevent_req_post(req, ev);
|
||||||
|
}
|
||||||
|
|
||||||
|
+ /*
|
||||||
|
+ * Ensure we cannot process a path that exits
|
||||||
|
+ * the socket_dir.
|
||||||
|
+ */
|
||||||
|
+ if (ISDOTDOT(lower_case_pipename) ||
|
||||||
|
+ (strchr(lower_case_pipename, '/')!=NULL))
|
||||||
|
+ {
|
||||||
|
+ DBG_DEBUG("attempt to connect to invalid pipe pathname %s\n",
|
||||||
|
+ lower_case_pipename);
|
||||||
|
+ /*
|
||||||
|
+ * For now, panic the server until we have
|
||||||
|
+ * the test code in place.
|
||||||
|
+ */
|
||||||
|
+ SMB_ASSERT(false);
|
||||||
|
+ tevent_req_error(req, ENOENT);
|
||||||
|
+ return tevent_req_post(req, ev);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
state->socketpath = talloc_asprintf(
|
||||||
|
state, "%s/np/%s", socket_dir, lower_case_pipename);
|
||||||
|
if (tevent_req_nomem(state->socketpath, req)) {
|
||||||
|
--
|
||||||
|
2.39.2
|
||||||
|
|
||||||
|
|
||||||
|
From 34d4258e77d7a3f48004e88161ac2398e9669a4b Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jeremy Allison <jra@samba.org>
|
||||||
|
Date: Tue, 25 Jul 2023 17:49:21 -0700
|
||||||
|
Subject: [PATCH 2/3] CVE-2023-3961:s3:torture: Add test SMB2-INVALID-PIPENAME
|
||||||
|
to show we allow bad pipenames with unix separators through to the UNIX
|
||||||
|
domain socket code.
|
||||||
|
|
||||||
|
The raw SMB2-INVALID-PIPENAME test passes against Windows 2022,
|
||||||
|
as it just returns NT_STATUS_OBJECT_NAME_NOT_FOUND.
|
||||||
|
|
||||||
|
Add the knownfail.
|
||||||
|
|
||||||
|
BUG:https://bugzilla.samba.org/show_bug.cgi?id=15422
|
||||||
|
|
||||||
|
Signed-off-by: Jeremy Allison <jra@samba.org>
|
||||||
|
---
|
||||||
|
selftest/knownfail.d/badpipename | 1 +
|
||||||
|
source3/selftest/tests.py | 14 ++++
|
||||||
|
source3/torture/proto.h | 1 +
|
||||||
|
source3/torture/test_smb2.c | 107 +++++++++++++++++++++++++++++++
|
||||||
|
source3/torture/torture.c | 4 ++
|
||||||
|
5 files changed, 127 insertions(+)
|
||||||
|
create mode 100644 selftest/knownfail.d/badpipename
|
||||||
|
|
||||||
|
diff --git a/selftest/knownfail.d/badpipename b/selftest/knownfail.d/badpipename
|
||||||
|
new file mode 100644
|
||||||
|
index 00000000000..e69715f863d
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/selftest/knownfail.d/badpipename
|
||||||
|
@@ -0,0 +1 @@
|
||||||
|
+^samba3.smbtorture_s3.smb2.SMB2-INVALID-PIPENAME.smbtorture\(fileserver\)
|
||||||
|
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
|
||||||
|
index 1fdcad1089f..2c8336d35e8 100755
|
||||||
|
--- a/source3/selftest/tests.py
|
||||||
|
+++ b/source3/selftest/tests.py
|
||||||
|
@@ -296,6 +296,20 @@ plantestsuite("samba3.smbtorture_s3.smb2.SMB2-DFS-FILENAME-LEADING-BACKSLASH",
|
||||||
|
smbtorture3,
|
||||||
|
"-mSMB2"])
|
||||||
|
|
||||||
|
+# BUG: https://bugzilla.samba.org/show_bug.cgi?id=15422
|
||||||
|
+# Prevent bad pipenames.
|
||||||
|
+#
|
||||||
|
+plantestsuite("samba3.smbtorture_s3.smb2.SMB2-INVALID-PIPENAME",
|
||||||
|
+ "fileserver",
|
||||||
|
+ [os.path.join(samba3srcdir,
|
||||||
|
+ "script/tests/test_smbtorture_s3.sh"),
|
||||||
|
+ 'SMB2-INVALID-PIPENAME',
|
||||||
|
+ '//$SERVER_IP/tmp',
|
||||||
|
+ '$USERNAME',
|
||||||
|
+ '$PASSWORD',
|
||||||
|
+ smbtorture3,
|
||||||
|
+ "-mSMB2"])
|
||||||
|
+
|
||||||
|
#
|
||||||
|
# SMB2-NON-DFS-SHARE needs to run against a special share non-msdfs-pathname-share
|
||||||
|
# This is an empty non-DFS share with no links, used merely to test
|
||||||
|
diff --git a/source3/torture/proto.h b/source3/torture/proto.h
|
||||||
|
index 21d7b3e00a7..3751697596a 100644
|
||||||
|
--- a/source3/torture/proto.h
|
||||||
|
+++ b/source3/torture/proto.h
|
||||||
|
@@ -124,6 +124,7 @@ bool run_smb2_dfs_paths(int dummy);
|
||||||
|
bool run_smb2_non_dfs_share(int dummy);
|
||||||
|
bool run_smb2_dfs_share_non_dfs_path(int dummy);
|
||||||
|
bool run_smb2_dfs_filename_leading_backslash(int dummy);
|
||||||
|
+bool run_smb2_invalid_pipename(int dummy);
|
||||||
|
bool run_smb1_dfs_paths(int dummy);
|
||||||
|
bool run_smb1_dfs_search_paths(int dummy);
|
||||||
|
bool run_smb1_dfs_operations(int dummy);
|
||||||
|
diff --git a/source3/torture/test_smb2.c b/source3/torture/test_smb2.c
|
||||||
|
index 269ade4ef61..7ea3d83de10 100644
|
||||||
|
--- a/source3/torture/test_smb2.c
|
||||||
|
+++ b/source3/torture/test_smb2.c
|
||||||
|
@@ -5136,3 +5136,110 @@ bool run_smb2_dfs_filename_leading_backslash(int dummy)
|
||||||
|
(void)smb2_dfs_delete(cli, dfs_filename_slash);
|
||||||
|
return retval;
|
||||||
|
}
|
||||||
|
+
|
||||||
|
+bool run_smb2_invalid_pipename(int dummy)
|
||||||
|
+{
|
||||||
|
+ struct cli_state *cli = NULL;
|
||||||
|
+ NTSTATUS status;
|
||||||
|
+ uint64_t fid_persistent = 0;
|
||||||
|
+ uint64_t fid_volatile = 0;
|
||||||
|
+ const char *unknown_pipe = "badpipe";
|
||||||
|
+ const char *invalid_pipe = "../../../../../../../../../badpipe";
|
||||||
|
+
|
||||||
|
+ printf("Starting SMB2-INVALID-PIPENAME\n");
|
||||||
|
+
|
||||||
|
+ if (!torture_init_connection(&cli)) {
|
||||||
|
+ return false;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ status = smbXcli_negprot(cli->conn,
|
||||||
|
+ cli->timeout,
|
||||||
|
+ PROTOCOL_SMB2_02,
|
||||||
|
+ PROTOCOL_SMB3_11);
|
||||||
|
+ if (!NT_STATUS_IS_OK(status)) {
|
||||||
|
+ printf("smbXcli_negprot returned %s\n", nt_errstr(status));
|
||||||
|
+ return false;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ status = cli_session_setup_creds(cli, torture_creds);
|
||||||
|
+ if (!NT_STATUS_IS_OK(status)) {
|
||||||
|
+ printf("cli_session_setup returned %s\n", nt_errstr(status));
|
||||||
|
+ return false;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ status = cli_tree_connect(cli, "IPC$", "?????", NULL);
|
||||||
|
+ if (!NT_STATUS_IS_OK(status)) {
|
||||||
|
+ printf("cli_tree_connect returned %s\n", nt_errstr(status));
|
||||||
|
+ return false;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ /* Try and connect to an unknown pipename. */
|
||||||
|
+ status = smb2cli_create(cli->conn,
|
||||||
|
+ cli->timeout,
|
||||||
|
+ cli->smb2.session,
|
||||||
|
+ cli->smb2.tcon,
|
||||||
|
+ unknown_pipe,
|
||||||
|
+ SMB2_OPLOCK_LEVEL_NONE, /* oplock_level, */
|
||||||
|
+ SMB2_IMPERSONATION_IMPERSONATION, /* impersonation_level, */
|
||||||
|
+ SEC_STD_SYNCHRONIZE|
|
||||||
|
+ SEC_FILE_READ_DATA|
|
||||||
|
+ SEC_FILE_WRITE_DATA|
|
||||||
|
+ SEC_FILE_READ_ATTRIBUTE, /* desired_access, */
|
||||||
|
+ FILE_ATTRIBUTE_NORMAL, /* file_attributes, */
|
||||||
|
+ FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, /* share_access, */
|
||||||
|
+ FILE_CREATE, /* create_disposition, */
|
||||||
|
+ 0, /* create_options, */
|
||||||
|
+ NULL, /* smb2_create_blobs *blobs */
|
||||||
|
+ &fid_persistent,
|
||||||
|
+ &fid_volatile,
|
||||||
|
+ NULL, /* struct smb_create_returns * */
|
||||||
|
+ talloc_tos(), /* mem_ctx. */
|
||||||
|
+ NULL, /* struct smb2_create_blobs * */
|
||||||
|
+ NULL); /* struct symlink_reparse_struct */
|
||||||
|
+ /* We should get NT_STATUS_OBJECT_NAME_NOT_FOUND */
|
||||||
|
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
|
||||||
|
+ printf("%s:%d smb2cli_create on name %s returned %s\n",
|
||||||
|
+ __FILE__,
|
||||||
|
+ __LINE__,
|
||||||
|
+ unknown_pipe,
|
||||||
|
+ nt_errstr(status));
|
||||||
|
+ return false;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ /* Try and connect to an invalid pipename containing unix separators. */
|
||||||
|
+ status = smb2cli_create(cli->conn,
|
||||||
|
+ cli->timeout,
|
||||||
|
+ cli->smb2.session,
|
||||||
|
+ cli->smb2.tcon,
|
||||||
|
+ invalid_pipe,
|
||||||
|
+ SMB2_OPLOCK_LEVEL_NONE, /* oplock_level, */
|
||||||
|
+ SMB2_IMPERSONATION_IMPERSONATION, /* impersonation_level, */
|
||||||
|
+ SEC_STD_SYNCHRONIZE|
|
||||||
|
+ SEC_FILE_READ_DATA|
|
||||||
|
+ SEC_FILE_WRITE_DATA|
|
||||||
|
+ SEC_FILE_READ_ATTRIBUTE, /* desired_access, */
|
||||||
|
+ FILE_ATTRIBUTE_NORMAL, /* file_attributes, */
|
||||||
|
+ FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, /* share_access, */
|
||||||
|
+ FILE_CREATE, /* create_disposition, */
|
||||||
|
+ 0, /* create_options, */
|
||||||
|
+ NULL, /* smb2_create_blobs *blobs */
|
||||||
|
+ &fid_persistent,
|
||||||
|
+ &fid_volatile,
|
||||||
|
+ NULL, /* struct smb_create_returns * */
|
||||||
|
+ talloc_tos(), /* mem_ctx. */
|
||||||
|
+ NULL, /* struct smb2_create_blobs * */
|
||||||
|
+ NULL); /* struct symlink_reparse_struct */
|
||||||
|
+ /*
|
||||||
|
+ * We should still get NT_STATUS_OBJECT_NAME_NOT_FOUND
|
||||||
|
+ * (tested against Windows 2022).
|
||||||
|
+ */
|
||||||
|
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
|
||||||
|
+ printf("%s:%d smb2cli_create on name %s returned %s\n",
|
||||||
|
+ __FILE__,
|
||||||
|
+ __LINE__,
|
||||||
|
+ invalid_pipe,
|
||||||
|
+ nt_errstr(status));
|
||||||
|
+ return false;
|
||||||
|
+ }
|
||||||
|
+ return true;
|
||||||
|
+}
|
||||||
|
diff --git a/source3/torture/torture.c b/source3/torture/torture.c
|
||||||
|
index 1315b328f5f..d53699c3b02 100644
|
||||||
|
--- a/source3/torture/torture.c
|
||||||
|
+++ b/source3/torture/torture.c
|
||||||
|
@@ -15727,6 +15727,10 @@ static struct {
|
||||||
|
.name = "SMB2-DFS-FILENAME-LEADING-BACKSLASH",
|
||||||
|
.fn = run_smb2_dfs_filename_leading_backslash,
|
||||||
|
},
|
||||||
|
+ {
|
||||||
|
+ .name = "SMB2-INVALID-PIPENAME",
|
||||||
|
+ .fn = run_smb2_invalid_pipename,
|
||||||
|
+ },
|
||||||
|
{
|
||||||
|
.name = "SMB1-TRUNCATED-SESSSETUP",
|
||||||
|
.fn = run_smb1_truncated_sesssetup,
|
||||||
|
--
|
||||||
|
2.39.2
|
||||||
|
|
||||||
|
|
||||||
|
From cbd81ca9d7ea1d5a6ea2b1026bc342ff996cca7c Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jeremy Allison <jra@samba.org>
|
||||||
|
Date: Tue, 25 Jul 2023 17:54:41 -0700
|
||||||
|
Subject: [PATCH 3/3] CVE-2023-3961:s3: smbd: Remove the SMB_ASSERT() that
|
||||||
|
crashes on bad pipenames.
|
||||||
|
|
||||||
|
We correctly handle this and just return ENOENT (NT_STATUS_OBJECT_NAME_NOT_FOUND).
|
||||||
|
|
||||||
|
Remove knowfail.
|
||||||
|
|
||||||
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15422
|
||||||
|
|
||||||
|
Signed-off-by: Jeremy Allison <jra@samba.org>
|
||||||
|
---
|
||||||
|
selftest/knownfail.d/badpipename | 1 -
|
||||||
|
source3/rpc_client/local_np.c | 5 -----
|
||||||
|
2 files changed, 6 deletions(-)
|
||||||
|
delete mode 100644 selftest/knownfail.d/badpipename
|
||||||
|
|
||||||
|
diff --git a/selftest/knownfail.d/badpipename b/selftest/knownfail.d/badpipename
|
||||||
|
deleted file mode 100644
|
||||||
|
index e69715f863d..00000000000
|
||||||
|
--- a/selftest/knownfail.d/badpipename
|
||||||
|
+++ /dev/null
|
||||||
|
@@ -1 +0,0 @@
|
||||||
|
-^samba3.smbtorture_s3.smb2.SMB2-INVALID-PIPENAME.smbtorture\(fileserver\)
|
||||||
|
diff --git a/source3/rpc_client/local_np.c b/source3/rpc_client/local_np.c
|
||||||
|
index 95228d5d801..791ded99a47 100644
|
||||||
|
--- a/source3/rpc_client/local_np.c
|
||||||
|
+++ b/source3/rpc_client/local_np.c
|
||||||
|
@@ -551,11 +551,6 @@ struct tevent_req *local_np_connect_send(
|
||||||
|
{
|
||||||
|
DBG_DEBUG("attempt to connect to invalid pipe pathname %s\n",
|
||||||
|
lower_case_pipename);
|
||||||
|
- /*
|
||||||
|
- * For now, panic the server until we have
|
||||||
|
- * the test code in place.
|
||||||
|
- */
|
||||||
|
- SMB_ASSERT(false);
|
||||||
|
tevent_req_error(req, ENOENT);
|
||||||
|
return tevent_req_post(req, ev);
|
||||||
|
}
|
||||||
|
--
|
||||||
|
2.39.2
|
@ -0,0 +1,239 @@
|
|||||||
|
From a4a3868fda277ddf0f174b77a859c33e4c339538 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Ralph Boehme <slow@samba.org>
|
||||||
|
Date: Tue, 1 Aug 2023 12:30:00 +0200
|
||||||
|
Subject: [PATCH 1/2] CVE-2023-4091: smbtorture: test overwrite dispositions on
|
||||||
|
read-only file
|
||||||
|
|
||||||
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15439
|
||||||
|
|
||||||
|
Signed-off-by: Ralph Boehme <slow@samba.org>
|
||||||
|
---
|
||||||
|
selftest/knownfail.d/samba3.smb2.acls | 1 +
|
||||||
|
source4/torture/smb2/acls.c | 143 ++++++++++++++++++++++++++
|
||||||
|
2 files changed, 144 insertions(+)
|
||||||
|
create mode 100644 selftest/knownfail.d/samba3.smb2.acls
|
||||||
|
|
||||||
|
diff --git a/selftest/knownfail.d/samba3.smb2.acls b/selftest/knownfail.d/samba3.smb2.acls
|
||||||
|
new file mode 100644
|
||||||
|
index 000000000000..18df260c0e50
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/selftest/knownfail.d/samba3.smb2.acls
|
||||||
|
@@ -0,0 +1 @@
|
||||||
|
+^samba3.smb2.acls.OVERWRITE_READ_ONLY_FILE
|
||||||
|
diff --git a/source4/torture/smb2/acls.c b/source4/torture/smb2/acls.c
|
||||||
|
index a27d4e079e67..5a892d004ea8 100644
|
||||||
|
--- a/source4/torture/smb2/acls.c
|
||||||
|
+++ b/source4/torture/smb2/acls.c
|
||||||
|
@@ -2989,6 +2989,148 @@ static bool test_mxac_not_granted(struct torture_context *tctx,
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
+static bool test_overwrite_read_only_file(struct torture_context *tctx,
|
||||||
|
+ struct smb2_tree *tree)
|
||||||
|
+{
|
||||||
|
+ NTSTATUS status;
|
||||||
|
+ struct smb2_create c;
|
||||||
|
+ const char *fname = BASEDIR "\\test_overwrite_read_only_file.txt";
|
||||||
|
+ struct smb2_handle handle = {{0}};
|
||||||
|
+ union smb_fileinfo q;
|
||||||
|
+ union smb_setfileinfo set;
|
||||||
|
+ struct security_descriptor *sd = NULL, *sd_orig = NULL;
|
||||||
|
+ const char *owner_sid = NULL;
|
||||||
|
+ int i;
|
||||||
|
+ bool ret = true;
|
||||||
|
+
|
||||||
|
+ struct tcase {
|
||||||
|
+ int disposition;
|
||||||
|
+ const char *disposition_string;
|
||||||
|
+ NTSTATUS expected_status;
|
||||||
|
+ } tcases[] = {
|
||||||
|
+#define TCASE(d, s) { \
|
||||||
|
+ .disposition = d, \
|
||||||
|
+ .disposition_string = #d, \
|
||||||
|
+ .expected_status = s, \
|
||||||
|
+ }
|
||||||
|
+ TCASE(NTCREATEX_DISP_OPEN, NT_STATUS_OK),
|
||||||
|
+ TCASE(NTCREATEX_DISP_SUPERSEDE, NT_STATUS_ACCESS_DENIED),
|
||||||
|
+ TCASE(NTCREATEX_DISP_OVERWRITE, NT_STATUS_ACCESS_DENIED),
|
||||||
|
+ TCASE(NTCREATEX_DISP_OVERWRITE_IF, NT_STATUS_ACCESS_DENIED),
|
||||||
|
+ };
|
||||||
|
+#undef TCASE
|
||||||
|
+
|
||||||
|
+ ret = smb2_util_setup_dir(tctx, tree, BASEDIR);
|
||||||
|
+ torture_assert_goto(tctx, ret, ret, done, "smb2_util_setup_dir not ok");
|
||||||
|
+
|
||||||
|
+ c = (struct smb2_create) {
|
||||||
|
+ .in.desired_access = SEC_STD_READ_CONTROL |
|
||||||
|
+ SEC_STD_WRITE_DAC |
|
||||||
|
+ SEC_STD_WRITE_OWNER,
|
||||||
|
+ .in.file_attributes = FILE_ATTRIBUTE_NORMAL,
|
||||||
|
+ .in.share_access = NTCREATEX_SHARE_ACCESS_READ |
|
||||||
|
+ NTCREATEX_SHARE_ACCESS_WRITE,
|
||||||
|
+ .in.create_disposition = NTCREATEX_DISP_OPEN_IF,
|
||||||
|
+ .in.impersonation_level = NTCREATEX_IMPERSONATION_ANONYMOUS,
|
||||||
|
+ .in.fname = fname,
|
||||||
|
+ };
|
||||||
|
+
|
||||||
|
+ status = smb2_create(tree, tctx, &c);
|
||||||
|
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
|
||||||
|
+ "smb2_create failed\n");
|
||||||
|
+ handle = c.out.file.handle;
|
||||||
|
+
|
||||||
|
+ torture_comment(tctx, "get the original sd\n");
|
||||||
|
+
|
||||||
|
+ ZERO_STRUCT(q);
|
||||||
|
+ q.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
|
||||||
|
+ q.query_secdesc.in.file.handle = handle;
|
||||||
|
+ q.query_secdesc.in.secinfo_flags = SECINFO_DACL | SECINFO_OWNER;
|
||||||
|
+
|
||||||
|
+ status = smb2_getinfo_file(tree, tctx, &q);
|
||||||
|
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
|
||||||
|
+ "smb2_getinfo_file failed\n");
|
||||||
|
+ sd_orig = q.query_secdesc.out.sd;
|
||||||
|
+
|
||||||
|
+ owner_sid = dom_sid_string(tctx, sd_orig->owner_sid);
|
||||||
|
+
|
||||||
|
+ sd = security_descriptor_dacl_create(tctx,
|
||||||
|
+ 0, NULL, NULL,
|
||||||
|
+ owner_sid,
|
||||||
|
+ SEC_ACE_TYPE_ACCESS_ALLOWED,
|
||||||
|
+ SEC_FILE_READ_DATA,
|
||||||
|
+ 0,
|
||||||
|
+ NULL);
|
||||||
|
+
|
||||||
|
+ ZERO_STRUCT(set);
|
||||||
|
+ set.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
|
||||||
|
+ set.set_secdesc.in.file.handle = handle;
|
||||||
|
+ set.set_secdesc.in.secinfo_flags = SECINFO_DACL;
|
||||||
|
+ set.set_secdesc.in.sd = sd;
|
||||||
|
+
|
||||||
|
+ status = smb2_setinfo_file(tree, &set);
|
||||||
|
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
|
||||||
|
+ "smb2_setinfo_file failed\n");
|
||||||
|
+
|
||||||
|
+ smb2_util_close(tree, handle);
|
||||||
|
+ ZERO_STRUCT(handle);
|
||||||
|
+
|
||||||
|
+ for (i = 0; i < ARRAY_SIZE(tcases); i++) {
|
||||||
|
+ torture_comment(tctx, "Verify open with %s dispostion\n",
|
||||||
|
+ tcases[i].disposition_string);
|
||||||
|
+
|
||||||
|
+ c = (struct smb2_create) {
|
||||||
|
+ .in.create_disposition = tcases[i].disposition,
|
||||||
|
+ .in.desired_access = SEC_FILE_READ_DATA,
|
||||||
|
+ .in.file_attributes = FILE_ATTRIBUTE_NORMAL,
|
||||||
|
+ .in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
|
||||||
|
+ .in.impersonation_level = NTCREATEX_IMPERSONATION_ANONYMOUS,
|
||||||
|
+ .in.fname = fname,
|
||||||
|
+ };
|
||||||
|
+
|
||||||
|
+ status = smb2_create(tree, tctx, &c);
|
||||||
|
+ smb2_util_close(tree, c.out.file.handle);
|
||||||
|
+ torture_assert_ntstatus_equal_goto(
|
||||||
|
+ tctx, status, tcases[i].expected_status, ret, done,
|
||||||
|
+ "smb2_create failed\n");
|
||||||
|
+ };
|
||||||
|
+
|
||||||
|
+ torture_comment(tctx, "put back original sd\n");
|
||||||
|
+
|
||||||
|
+ c = (struct smb2_create) {
|
||||||
|
+ .in.desired_access = SEC_STD_WRITE_DAC,
|
||||||
|
+ .in.file_attributes = FILE_ATTRIBUTE_NORMAL,
|
||||||
|
+ .in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
|
||||||
|
+ .in.create_disposition = NTCREATEX_DISP_OPEN_IF,
|
||||||
|
+ .in.impersonation_level = NTCREATEX_IMPERSONATION_ANONYMOUS,
|
||||||
|
+ .in.fname = fname,
|
||||||
|
+ };
|
||||||
|
+
|
||||||
|
+ status = smb2_create(tree, tctx, &c);
|
||||||
|
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
|
||||||
|
+ "smb2_create failed\n");
|
||||||
|
+ handle = c.out.file.handle;
|
||||||
|
+
|
||||||
|
+ ZERO_STRUCT(set);
|
||||||
|
+ set.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
|
||||||
|
+ set.set_secdesc.in.file.handle = handle;
|
||||||
|
+ set.set_secdesc.in.secinfo_flags = SECINFO_DACL;
|
||||||
|
+ set.set_secdesc.in.sd = sd_orig;
|
||||||
|
+
|
||||||
|
+ status = smb2_setinfo_file(tree, &set);
|
||||||
|
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
|
||||||
|
+ "smb2_setinfo_file failed\n");
|
||||||
|
+
|
||||||
|
+ smb2_util_close(tree, handle);
|
||||||
|
+ ZERO_STRUCT(handle);
|
||||||
|
+
|
||||||
|
+done:
|
||||||
|
+ smb2_util_close(tree, handle);
|
||||||
|
+ smb2_util_unlink(tree, fname);
|
||||||
|
+ smb2_deltree(tree, BASEDIR);
|
||||||
|
+ return ret;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
/*
|
||||||
|
basic testing of SMB2 ACLs
|
||||||
|
*/
|
||||||
|
@@ -3017,6 +3159,7 @@ struct torture_suite *torture_smb2_acls_init(TALLOC_CTX *ctx)
|
||||||
|
test_deny1);
|
||||||
|
torture_suite_add_1smb2_test(suite, "MXAC-NOT-GRANTED",
|
||||||
|
test_mxac_not_granted);
|
||||||
|
+ torture_suite_add_1smb2_test(suite, "OVERWRITE_READ_ONLY_FILE", test_overwrite_read_only_file);
|
||||||
|
|
||||||
|
suite->description = talloc_strdup(suite, "SMB2-ACLS tests");
|
||||||
|
|
||||||
|
--
|
||||||
|
2.41.0
|
||||||
|
|
||||||
|
|
||||||
|
From 5b5e2b1714e4a242b1cea44deff1f380620872c9 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Ralph Boehme <slow@samba.org>
|
||||||
|
Date: Tue, 1 Aug 2023 13:04:36 +0200
|
||||||
|
Subject: [PATCH 2/2] CVE-2023-4091: smbd: use open_access_mask for access
|
||||||
|
check in open_file()
|
||||||
|
|
||||||
|
If the client requested FILE_OVERWRITE[_IF], we're implicitly adding
|
||||||
|
FILE_WRITE_DATA to the open_access_mask in open_file_ntcreate(), but for the
|
||||||
|
access check we're using access_mask which doesn't contain the additional
|
||||||
|
right, which means we can end up truncating a file for which the user has
|
||||||
|
only read-only access via an SD.
|
||||||
|
|
||||||
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15439
|
||||||
|
|
||||||
|
Signed-off-by: Ralph Boehme <slow@samba.org>
|
||||||
|
---
|
||||||
|
selftest/knownfail.d/samba3.smb2.acls | 1 -
|
||||||
|
source3/smbd/open.c | 4 ++--
|
||||||
|
2 files changed, 2 insertions(+), 3 deletions(-)
|
||||||
|
delete mode 100644 selftest/knownfail.d/samba3.smb2.acls
|
||||||
|
|
||||||
|
diff --git a/selftest/knownfail.d/samba3.smb2.acls b/selftest/knownfail.d/samba3.smb2.acls
|
||||||
|
deleted file mode 100644
|
||||||
|
index 18df260c0e50..000000000000
|
||||||
|
--- a/selftest/knownfail.d/samba3.smb2.acls
|
||||||
|
+++ /dev/null
|
||||||
|
@@ -1 +0,0 @@
|
||||||
|
-^samba3.smb2.acls.OVERWRITE_READ_ONLY_FILE
|
||||||
|
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
|
||||||
|
index 94f50becb247..0c9ddfe7c948 100644
|
||||||
|
--- a/source3/smbd/open.c
|
||||||
|
+++ b/source3/smbd/open.c
|
||||||
|
@@ -1442,7 +1442,7 @@ static NTSTATUS open_file(struct smb_request *req,
|
||||||
|
dirfsp,
|
||||||
|
fsp,
|
||||||
|
false,
|
||||||
|
- access_mask);
|
||||||
|
+ open_access_mask);
|
||||||
|
|
||||||
|
if (!NT_STATUS_IS_OK(status)) {
|
||||||
|
DBG_DEBUG("smbd_check_access_rights_fsp"
|
||||||
|
@@ -1633,7 +1633,7 @@ static NTSTATUS open_file(struct smb_request *req,
|
||||||
|
status = smbd_check_access_rights_fsp(dirfsp,
|
||||||
|
fsp,
|
||||||
|
false,
|
||||||
|
- access_mask);
|
||||||
|
+ open_access_mask);
|
||||||
|
|
||||||
|
if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND) &&
|
||||||
|
posix_open &&
|
||||||
|
--
|
||||||
|
2.41.0
|
@ -0,0 +1,123 @@
|
|||||||
|
From e534a858d15589f27181b82c8ed8abefc56fb95f Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
Date: Tue, 12 Sep 2023 18:59:44 +1200
|
||||||
|
Subject: [PATCH 1/2] CVE-2023-42669 s4-rpc_server: Disable rpcecho server by
|
||||||
|
default
|
||||||
|
|
||||||
|
The rpcecho server is useful in development and testing, but should never
|
||||||
|
have been allowed into production, as it includes the facility to
|
||||||
|
do a blocking sleep() in the single-threaded rpc worker.
|
||||||
|
|
||||||
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15474
|
||||||
|
|
||||||
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
---
|
||||||
|
docs-xml/smbdotconf/protocol/dcerpcendpointservers.xml | 2 +-
|
||||||
|
lib/param/loadparm.c | 2 +-
|
||||||
|
selftest/target/Samba4.pm | 2 +-
|
||||||
|
source3/param/loadparm.c | 2 +-
|
||||||
|
source4/rpc_server/wscript_build | 3 ++-
|
||||||
|
5 files changed, 6 insertions(+), 5 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/docs-xml/smbdotconf/protocol/dcerpcendpointservers.xml b/docs-xml/smbdotconf/protocol/dcerpcendpointservers.xml
|
||||||
|
index 8a217cc7f11..c6642b795fd 100644
|
||||||
|
--- a/docs-xml/smbdotconf/protocol/dcerpcendpointservers.xml
|
||||||
|
+++ b/docs-xml/smbdotconf/protocol/dcerpcendpointservers.xml
|
||||||
|
@@ -6,6 +6,6 @@
|
||||||
|
<para>Specifies which DCE/RPC endpoint servers should be run.</para>
|
||||||
|
</description>
|
||||||
|
|
||||||
|
-<value type="default">epmapper, wkssvc, rpcecho, samr, netlogon, lsarpc, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver</value>
|
||||||
|
+<value type="default">epmapper, wkssvc, samr, netlogon, lsarpc, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver</value>
|
||||||
|
<value type="example">rpcecho</value>
|
||||||
|
</samba:parameter>
|
||||||
|
diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c
|
||||||
|
index 16cb0d47f31..83b05260e09 100644
|
||||||
|
--- a/lib/param/loadparm.c
|
||||||
|
+++ b/lib/param/loadparm.c
|
||||||
|
@@ -2730,7 +2730,7 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
|
||||||
|
lpcfg_do_global_parameter(lp_ctx, "ntvfs handler", "unixuid default");
|
||||||
|
lpcfg_do_global_parameter(lp_ctx, "max connections", "0");
|
||||||
|
|
||||||
|
- lpcfg_do_global_parameter(lp_ctx, "dcerpc endpoint servers", "epmapper wkssvc rpcecho samr netlogon lsarpc drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver");
|
||||||
|
+ lpcfg_do_global_parameter(lp_ctx, "dcerpc endpoint servers", "epmapper wkssvc samr netlogon lsarpc drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver");
|
||||||
|
lpcfg_do_global_parameter(lp_ctx, "server services", "s3fs rpc nbt wrepl ldap cldap kdc drepl winbindd ntp_signd kcc dnsupdate dns");
|
||||||
|
lpcfg_do_global_parameter(lp_ctx, "kccsrv:samba_kcc", "true");
|
||||||
|
/* the winbind method for domain controllers is for both RODC
|
||||||
|
diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
|
||||||
|
index d15156a538b..5687d2a8587 100755
|
||||||
|
--- a/selftest/target/Samba4.pm
|
||||||
|
+++ b/selftest/target/Samba4.pm
|
||||||
|
@@ -783,7 +783,7 @@ sub provision_raw_step1($$)
|
||||||
|
wins support = yes
|
||||||
|
server role = $ctx->{server_role}
|
||||||
|
server services = +echo $services
|
||||||
|
- dcerpc endpoint servers = +winreg +srvsvc
|
||||||
|
+ dcerpc endpoint servers = +winreg +srvsvc +rpcecho
|
||||||
|
notify:inotify = false
|
||||||
|
ldb:nosync = true
|
||||||
|
ldap server require strong auth = yes
|
||||||
|
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
|
||||||
|
index 12718ced9e7..e33751a27e3 100644
|
||||||
|
--- a/source3/param/loadparm.c
|
||||||
|
+++ b/source3/param/loadparm.c
|
||||||
|
@@ -883,7 +883,7 @@ static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals)
|
||||||
|
|
||||||
|
Globals.server_services = str_list_make_v3_const(NULL, "s3fs rpc nbt wrepl ldap cldap kdc drepl winbindd ntp_signd kcc dnsupdate dns", NULL);
|
||||||
|
|
||||||
|
- Globals.dcerpc_endpoint_servers = str_list_make_v3_const(NULL, "epmapper wkssvc rpcecho samr netlogon lsarpc drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver", NULL);
|
||||||
|
+ Globals.dcerpc_endpoint_servers = str_list_make_v3_const(NULL, "epmapper wkssvc samr netlogon lsarpc drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver", NULL);
|
||||||
|
|
||||||
|
Globals.tls_enabled = true;
|
||||||
|
Globals.tls_verify_peer = TLS_VERIFY_PEER_AS_STRICT_AS_POSSIBLE;
|
||||||
|
diff --git a/source4/rpc_server/wscript_build b/source4/rpc_server/wscript_build
|
||||||
|
index 0e44a3c2bae..31ec4f60c9a 100644
|
||||||
|
--- a/source4/rpc_server/wscript_build
|
||||||
|
+++ b/source4/rpc_server/wscript_build
|
||||||
|
@@ -33,7 +33,8 @@ bld.SAMBA_MODULE('dcerpc_rpcecho',
|
||||||
|
source='echo/rpc_echo.c',
|
||||||
|
subsystem='dcerpc_server',
|
||||||
|
init_function='dcerpc_server_rpcecho_init',
|
||||||
|
- deps='ndr-standard events'
|
||||||
|
+ deps='ndr-standard events',
|
||||||
|
+ enabled=bld.CONFIG_GET('ENABLE_SELFTEST')
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
|
--
|
||||||
|
2.25.1
|
||||||
|
|
||||||
|
|
||||||
|
From 8ce92246a016f3e7f23b6a94ceb666f776e56998 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
Date: Tue, 12 Sep 2023 19:01:03 +1200
|
||||||
|
Subject: [PATCH 2/2] CVE-2023-42669 s3-rpc_server: Disable rpcecho for
|
||||||
|
consistency with the AD DC
|
||||||
|
|
||||||
|
The rpcecho server in source3 does have samba the sleep() feature that
|
||||||
|
the s4 version has, but the task architecture is different, so there
|
||||||
|
is not the same impact. Hoever equally this is not something that
|
||||||
|
should be enabled on production builds of Samba, so restrict to
|
||||||
|
selftest builds.
|
||||||
|
|
||||||
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15474
|
||||||
|
|
||||||
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
||||||
|
---
|
||||||
|
source3/rpc_server/wscript_build | 1 +
|
||||||
|
1 file changed, 1 insertion(+)
|
||||||
|
|
||||||
|
diff --git a/source3/rpc_server/wscript_build b/source3/rpc_server/wscript_build
|
||||||
|
index 341df41a321..5ed81283395 100644
|
||||||
|
--- a/source3/rpc_server/wscript_build
|
||||||
|
+++ b/source3/rpc_server/wscript_build
|
||||||
|
@@ -38,6 +38,7 @@ bld.SAMBA3_BINARY('rpcd_rpcecho',
|
||||||
|
RPC_WORKER
|
||||||
|
RPC_RPCECHO
|
||||||
|
''',
|
||||||
|
+ for_selftest=True,
|
||||||
|
install_path='${SAMBA_LIBEXECDIR}')
|
||||||
|
|
||||||
|
bld.SAMBA3_BINARY('rpcd_classic',
|
||||||
|
--
|
||||||
|
2.25.1
|
613
SOURCES/memory-corruption-since-samba-4-18.patch
Normal file
613
SOURCES/memory-corruption-since-samba-4-18.patch
Normal file
@ -0,0 +1,613 @@
|
|||||||
|
From ced40c5a805dcfb06d5f3d68aa45a0aaa44bfdca Mon Sep 17 00:00:00 2001
|
||||||
|
From: Stefan Metzmacher <metze@samba.org>
|
||||||
|
Date: Fri, 8 Sep 2023 13:57:26 +0200
|
||||||
|
Subject: [PATCH 1/5] nsswitch: add test for pthread_key_delete missuse (bug
|
||||||
|
15464)
|
||||||
|
|
||||||
|
This is based on https://bugzilla.samba.org/attachment.cgi?id=18081
|
||||||
|
written by Krzysztof Piotr Oledzki <ole@ans.pl>
|
||||||
|
|
||||||
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15464
|
||||||
|
|
||||||
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
||||||
|
Reviewed-by: Jeremy Allison <jra@samba.org>
|
||||||
|
(cherry picked from commit 62af25d44e542548d8cdecb061a6001e0071ee76)
|
||||||
|
---
|
||||||
|
nsswitch/b15464-testcase.c | 77 +++++++++++++++++++++++++++
|
||||||
|
nsswitch/wscript_build | 5 ++
|
||||||
|
selftest/knownfail.d/b15464_testcase | 1 +
|
||||||
|
source3/selftest/tests.py | 6 +++
|
||||||
|
testprogs/blackbox/b15464-testcase.sh | 21 ++++++++
|
||||||
|
5 files changed, 110 insertions(+)
|
||||||
|
create mode 100644 nsswitch/b15464-testcase.c
|
||||||
|
create mode 100644 selftest/knownfail.d/b15464_testcase
|
||||||
|
create mode 100755 testprogs/blackbox/b15464-testcase.sh
|
||||||
|
|
||||||
|
diff --git a/nsswitch/b15464-testcase.c b/nsswitch/b15464-testcase.c
|
||||||
|
new file mode 100644
|
||||||
|
index 000000000000..decb474a81ee
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/nsswitch/b15464-testcase.c
|
||||||
|
@@ -0,0 +1,77 @@
|
||||||
|
+#include "replace.h"
|
||||||
|
+#include "system/wait.h"
|
||||||
|
+#include "system/threads.h"
|
||||||
|
+#include <assert.h>
|
||||||
|
+
|
||||||
|
+int main(int argc, const char *argv[])
|
||||||
|
+{
|
||||||
|
+ pid_t pid;
|
||||||
|
+ int wstatus;
|
||||||
|
+ pthread_key_t k1;
|
||||||
|
+ pthread_key_t k2;
|
||||||
|
+ pthread_key_t k3;
|
||||||
|
+ char *val = NULL;
|
||||||
|
+ const char *nss_winbind = (argc >= 2 ? argv[1] : "bin/plugins/libnss_winbind.so.2");
|
||||||
|
+ void *nss_winbind_handle = NULL;
|
||||||
|
+ union {
|
||||||
|
+ int (*fn)(void);
|
||||||
|
+ void *symbol;
|
||||||
|
+ } nss_winbind_endpwent = { .symbol = NULL, };
|
||||||
|
+
|
||||||
|
+ /*
|
||||||
|
+ * load and invoke something simple like
|
||||||
|
+ * _nss_winbind_endpwent in order to
|
||||||
|
+ * get the libnss_winbind internal going
|
||||||
|
+ */
|
||||||
|
+ nss_winbind_handle = dlopen(nss_winbind, RTLD_NOW);
|
||||||
|
+ printf("%d: nss_winbind[%s] nss_winbind_handle[%p]\n",
|
||||||
|
+ getpid(), nss_winbind, nss_winbind_handle);
|
||||||
|
+ assert(nss_winbind_handle != NULL);
|
||||||
|
+
|
||||||
|
+ nss_winbind_endpwent.symbol = dlsym(nss_winbind_handle,
|
||||||
|
+ "_nss_winbind_endpwent");
|
||||||
|
+ printf("%d: nss_winbind_handle[%p] _nss_winbind_endpwent[%p]\n",
|
||||||
|
+ getpid(), nss_winbind_handle, nss_winbind_endpwent.symbol);
|
||||||
|
+ assert(nss_winbind_endpwent.symbol != NULL);
|
||||||
|
+ (void)nss_winbind_endpwent.fn();
|
||||||
|
+
|
||||||
|
+ val = malloc(1);
|
||||||
|
+ assert(val != NULL);
|
||||||
|
+
|
||||||
|
+ pthread_key_create(&k1, NULL);
|
||||||
|
+ pthread_setspecific(k1, val);
|
||||||
|
+ printf("%d: k1=%d\n", getpid(), k1);
|
||||||
|
+
|
||||||
|
+ pid = fork();
|
||||||
|
+ if (pid) {
|
||||||
|
+ free(val);
|
||||||
|
+ wait(&wstatus);
|
||||||
|
+ return WEXITSTATUS(wstatus);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ pthread_key_create(&k2, NULL);
|
||||||
|
+ pthread_setspecific(k2, val);
|
||||||
|
+
|
||||||
|
+ printf("%d: Hello after fork, k1=%d, k2=%d\n", getpid(), k1, k2);
|
||||||
|
+
|
||||||
|
+ pid = fork();
|
||||||
|
+
|
||||||
|
+ if (pid) {
|
||||||
|
+ free(val);
|
||||||
|
+ wait(&wstatus);
|
||||||
|
+ return WEXITSTATUS(wstatus);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ pthread_key_create(&k3, NULL);
|
||||||
|
+ pthread_setspecific(k3, val);
|
||||||
|
+
|
||||||
|
+ printf("%d: Hello after fork2, k1=%d, k2=%d, k3=%d\n", getpid(), k1, k2, k3);
|
||||||
|
+
|
||||||
|
+ if (k1 == k2 || k2 == k3) {
|
||||||
|
+ printf("%d: FAIL inconsistent keys\n", getpid());
|
||||||
|
+ return 1;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ printf("%d: OK consistent keys\n", getpid());
|
||||||
|
+ return 0;
|
||||||
|
+}
|
||||||
|
diff --git a/nsswitch/wscript_build b/nsswitch/wscript_build
|
||||||
|
index 3247b6c2b7c3..4e62bb4c9461 100644
|
||||||
|
--- a/nsswitch/wscript_build
|
||||||
|
+++ b/nsswitch/wscript_build
|
||||||
|
@@ -15,6 +15,11 @@ if bld.CONFIG_SET('HAVE_PTHREAD'):
|
||||||
|
deps='wbclient pthread',
|
||||||
|
for_selftest=True
|
||||||
|
)
|
||||||
|
+ bld.SAMBA_BINARY('b15464-testcase',
|
||||||
|
+ source='b15464-testcase.c',
|
||||||
|
+ deps='replace pthread dl',
|
||||||
|
+ for_selftest=True
|
||||||
|
+ )
|
||||||
|
|
||||||
|
# The nss_wrapper code relies strictly on the linux implementation and
|
||||||
|
# name, so compile but do not install a copy under this name.
|
||||||
|
diff --git a/selftest/knownfail.d/b15464_testcase b/selftest/knownfail.d/b15464_testcase
|
||||||
|
new file mode 100644
|
||||||
|
index 000000000000..94dd7db7c2a5
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/selftest/knownfail.d/b15464_testcase
|
||||||
|
@@ -0,0 +1 @@
|
||||||
|
+^b15464_testcase.run.b15464-testcase
|
||||||
|
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
|
||||||
|
index 0c834ed48b5e..ea17ead3eda7 100755
|
||||||
|
--- a/source3/selftest/tests.py
|
||||||
|
+++ b/source3/selftest/tests.py
|
||||||
|
@@ -67,6 +67,8 @@ except KeyError:
|
||||||
|
samba4bindir = bindir()
|
||||||
|
config_h = os.path.join(samba4bindir, "default/include/config.h")
|
||||||
|
|
||||||
|
+bbdir = os.path.join(srcdir(), "testprogs/blackbox")
|
||||||
|
+
|
||||||
|
# check available features
|
||||||
|
config_hash = dict()
|
||||||
|
f = open(config_h, 'r')
|
||||||
|
@@ -936,6 +938,10 @@ if with_pthreadpool:
|
||||||
|
[os.path.join(samba3srcdir,
|
||||||
|
"script/tests/test_libwbclient_threads.sh"),
|
||||||
|
"$DOMAIN", "$DC_USERNAME"])
|
||||||
|
+ plantestsuite("b15464_testcase", "none",
|
||||||
|
+ [os.path.join(bbdir, "b15464-testcase.sh"),
|
||||||
|
+ binpath("b15464-testcase"),
|
||||||
|
+ binpath("plugins/libnss_winbind.so.2")])
|
||||||
|
|
||||||
|
plantestsuite("samba3.test_nfs4_acl", "none",
|
||||||
|
[os.path.join(bindir(), "test_nfs4_acls"),
|
||||||
|
diff --git a/testprogs/blackbox/b15464-testcase.sh b/testprogs/blackbox/b15464-testcase.sh
|
||||||
|
new file mode 100755
|
||||||
|
index 000000000000..b0c88260d4cc
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/testprogs/blackbox/b15464-testcase.sh
|
||||||
|
@@ -0,0 +1,21 @@
|
||||||
|
+#!/bin/sh
|
||||||
|
+# Blackbox wrapper for bug 15464
|
||||||
|
+# Copyright (C) 2023 Stefan Metzmacher
|
||||||
|
+
|
||||||
|
+if [ $# -lt 2 ]; then
|
||||||
|
+ cat <<EOF
|
||||||
|
+Usage: b15464-testcase.sh B15464_TESTCASE LIBNSS_WINBIND
|
||||||
|
+EOF
|
||||||
|
+ exit 1
|
||||||
|
+fi
|
||||||
|
+
|
||||||
|
+b15464_testcase=$1
|
||||||
|
+libnss_winbind=$2
|
||||||
|
+shift 2
|
||||||
|
+failed=0
|
||||||
|
+
|
||||||
|
+. $(dirname $0)/subunit.sh
|
||||||
|
+
|
||||||
|
+testit "run b15464-testcase" $VALGRIND $b15464_testcase $libnss_winbind || failed=$(expr $failed + 1)
|
||||||
|
+
|
||||||
|
+testok $0 $failed
|
||||||
|
--
|
||||||
|
2.34.1
|
||||||
|
|
||||||
|
|
||||||
|
From 08728ee7847d7864d4c72a4ac1ddfeca78934326 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Stefan Metzmacher <metze@samba.org>
|
||||||
|
Date: Thu, 7 Sep 2023 16:02:32 +0200
|
||||||
|
Subject: [PATCH 2/5] nsswitch/wb_common.c: fix build without HAVE_PTHREAD
|
||||||
|
|
||||||
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15464
|
||||||
|
|
||||||
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
||||||
|
Reviewed-by: Jeremy Allison <jra@samba.org>
|
||||||
|
(cherry picked from commit 4faf806412c4408db25448b1f67c09359ec2f81f)
|
||||||
|
---
|
||||||
|
nsswitch/wb_common.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/nsswitch/wb_common.c b/nsswitch/wb_common.c
|
||||||
|
index d569e761ebe4..c382a44c1209 100644
|
||||||
|
--- a/nsswitch/wb_common.c
|
||||||
|
+++ b/nsswitch/wb_common.c
|
||||||
|
@@ -104,7 +104,6 @@ static void wb_thread_ctx_initialize(void)
|
||||||
|
wb_thread_ctx_destructor);
|
||||||
|
assert(ret == 0);
|
||||||
|
}
|
||||||
|
-#endif
|
||||||
|
|
||||||
|
static struct winbindd_context *get_wb_thread_ctx(void)
|
||||||
|
{
|
||||||
|
@@ -139,6 +138,7 @@ static struct winbindd_context *get_wb_thread_ctx(void)
|
||||||
|
}
|
||||||
|
return ctx;
|
||||||
|
}
|
||||||
|
+#endif /* HAVE_PTHREAD */
|
||||||
|
|
||||||
|
static struct winbindd_context *get_wb_global_ctx(void)
|
||||||
|
{
|
||||||
|
--
|
||||||
|
2.34.1
|
||||||
|
|
||||||
|
|
||||||
|
From d1f43cd4cc6aeb2ac9fcaee9aa512012ca92ecb3 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Stefan Metzmacher <metze@samba.org>
|
||||||
|
Date: Fri, 8 Sep 2023 09:53:42 +0200
|
||||||
|
Subject: [PATCH 3/5] nsswitch/wb_common.c: winbind_destructor can always use
|
||||||
|
get_wb_global_ctx()
|
||||||
|
|
||||||
|
The HAVE_PTHREAD logic inside of get_wb_global_ctx() will do all
|
||||||
|
required magic.
|
||||||
|
|
||||||
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15464
|
||||||
|
|
||||||
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
||||||
|
Reviewed-by: Jeremy Allison <jra@samba.org>
|
||||||
|
(cherry picked from commit 836823e5047d0eb18e66707386ba03b812adfaf8)
|
||||||
|
---
|
||||||
|
nsswitch/wb_common.c | 6 +-----
|
||||||
|
1 file changed, 1 insertion(+), 5 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/nsswitch/wb_common.c b/nsswitch/wb_common.c
|
||||||
|
index c382a44c1209..d56e48d9bdb8 100644
|
||||||
|
--- a/nsswitch/wb_common.c
|
||||||
|
+++ b/nsswitch/wb_common.c
|
||||||
|
@@ -246,14 +246,10 @@ static void winbind_destructor(void)
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
-#ifdef HAVE_PTHREAD_H
|
||||||
|
- ctx = (struct winbindd_context *)pthread_getspecific(wb_global_ctx.key);
|
||||||
|
+ ctx = get_wb_global_ctx();
|
||||||
|
if (ctx == NULL) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
-#else
|
||||||
|
- ctx = get_wb_global_ctx();
|
||||||
|
-#endif
|
||||||
|
|
||||||
|
winbind_close_sock(ctx);
|
||||||
|
}
|
||||||
|
--
|
||||||
|
2.34.1
|
||||||
|
|
||||||
|
|
||||||
|
From 6e29ea5b9efe5cf166cc9d633c1dc4eb8f192736 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Stefan Metzmacher <metze@samba.org>
|
||||||
|
Date: Fri, 8 Sep 2023 09:56:47 +0200
|
||||||
|
Subject: [PATCH 4/5] nsswitch/wb_common.c: don't operate on a stale
|
||||||
|
wb_global_ctx.key
|
||||||
|
|
||||||
|
If nss_winbind is loaded into a process that uses fork multiple times
|
||||||
|
without any further calls into nss_winbind, wb_atfork_child handler
|
||||||
|
was using a wb_global_ctx.key that was no longer registered in the
|
||||||
|
pthread library, so we operated on a slot that was potentially
|
||||||
|
reused by other libraries or the main application. Which is likely
|
||||||
|
to cause memory corruption.
|
||||||
|
|
||||||
|
So we better don't call pthread_key_delete() in wb_atfork_child().
|
||||||
|
|
||||||
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15464
|
||||||
|
|
||||||
|
Reported-by: Krzysztof Piotr Oledzki <ole@ans.pl>
|
||||||
|
Tested-by: Krzysztof Piotr Oledzki <ole@ans.pl>
|
||||||
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
||||||
|
Reviewed-by: Jeremy Allison <jra@samba.org>
|
||||||
|
(cherry picked from commit 91b30a7261e6455d3a4f31728c23e4849e3945b9)
|
||||||
|
---
|
||||||
|
nsswitch/wb_common.c | 5 -----
|
||||||
|
selftest/knownfail.d/b15464_testcase | 1 -
|
||||||
|
2 files changed, 6 deletions(-)
|
||||||
|
delete mode 100644 selftest/knownfail.d/b15464_testcase
|
||||||
|
|
||||||
|
diff --git a/nsswitch/wb_common.c b/nsswitch/wb_common.c
|
||||||
|
index d56e48d9bdb8..38f9f334016b 100644
|
||||||
|
--- a/nsswitch/wb_common.c
|
||||||
|
+++ b/nsswitch/wb_common.c
|
||||||
|
@@ -76,11 +76,6 @@ static void wb_atfork_child(void)
|
||||||
|
|
||||||
|
winbind_close_sock(ctx);
|
||||||
|
free(ctx);
|
||||||
|
-
|
||||||
|
- ret = pthread_key_delete(wb_global_ctx.key);
|
||||||
|
- assert(ret == 0);
|
||||||
|
-
|
||||||
|
- wb_global_ctx.control = (pthread_once_t)PTHREAD_ONCE_INIT;
|
||||||
|
}
|
||||||
|
|
||||||
|
static void wb_thread_ctx_destructor(void *p)
|
||||||
|
diff --git a/selftest/knownfail.d/b15464_testcase b/selftest/knownfail.d/b15464_testcase
|
||||||
|
deleted file mode 100644
|
||||||
|
index 94dd7db7c2a5..000000000000
|
||||||
|
--- a/selftest/knownfail.d/b15464_testcase
|
||||||
|
+++ /dev/null
|
||||||
|
@@ -1 +0,0 @@
|
||||||
|
-^b15464_testcase.run.b15464-testcase
|
||||||
|
--
|
||||||
|
2.34.1
|
||||||
|
|
||||||
|
|
||||||
|
From 61ca2c66e0a3c837f2c542b8d9321a8d8cd03382 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Stefan Metzmacher <metze@samba.org>
|
||||||
|
Date: Thu, 7 Sep 2023 15:59:59 +0200
|
||||||
|
Subject: [PATCH 5/5] nsswitch/wb_common.c: fix socket fd and memory leaks of
|
||||||
|
global state
|
||||||
|
|
||||||
|
When we are called in wb_atfork_child() or winbind_destructor(),
|
||||||
|
wb_thread_ctx_destructor() is not called for the global state
|
||||||
|
of the current nor any other thread, which means we would
|
||||||
|
leak the related memory and socket fds.
|
||||||
|
|
||||||
|
Now we maintain a global list protected by a global mutex.
|
||||||
|
We traverse the list and close all socket fds, which are no
|
||||||
|
longer used (winbind_destructor) or no longer valid in the
|
||||||
|
current process (wb_atfork_child), in addition we 'autofree'
|
||||||
|
the ones, which are only visible internally as global (per thread)
|
||||||
|
context.
|
||||||
|
|
||||||
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15464
|
||||||
|
|
||||||
|
Tested-by: Krzysztof Piotr Oledzki <ole@ans.pl>
|
||||||
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
||||||
|
Reviewed-by: Jeremy Allison <jra@samba.org>
|
||||||
|
|
||||||
|
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
|
||||||
|
Autobuild-Date(master): Thu Sep 14 18:53:07 UTC 2023 on atb-devel-224
|
||||||
|
|
||||||
|
(cherry picked from commit 4af3faace481d23869b64485b791bdd43d8972c5)
|
||||||
|
---
|
||||||
|
nsswitch/wb_common.c | 143 ++++++++++++++++++++++++++++++++++---------
|
||||||
|
1 file changed, 113 insertions(+), 30 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/nsswitch/wb_common.c b/nsswitch/wb_common.c
|
||||||
|
index 38f9f334016b..b7f84435a4ee 100644
|
||||||
|
--- a/nsswitch/wb_common.c
|
||||||
|
+++ b/nsswitch/wb_common.c
|
||||||
|
@@ -26,6 +26,7 @@
|
||||||
|
#include "replace.h"
|
||||||
|
#include "system/select.h"
|
||||||
|
#include "winbind_client.h"
|
||||||
|
+#include "lib/util/dlinklist.h"
|
||||||
|
#include <assert.h>
|
||||||
|
|
||||||
|
#ifdef HAVE_PTHREAD_H
|
||||||
|
@@ -37,67 +38,112 @@ static __thread char client_name[32];
|
||||||
|
/* Global context */
|
||||||
|
|
||||||
|
struct winbindd_context {
|
||||||
|
+ struct winbindd_context *prev, *next;
|
||||||
|
int winbindd_fd; /* winbind file descriptor */
|
||||||
|
bool is_privileged; /* using the privileged socket? */
|
||||||
|
pid_t our_pid; /* calling process pid */
|
||||||
|
+ bool autofree; /* this is a thread global context */
|
||||||
|
};
|
||||||
|
|
||||||
|
static struct wb_global_ctx {
|
||||||
|
- bool initialized;
|
||||||
|
#ifdef HAVE_PTHREAD
|
||||||
|
pthread_once_t control;
|
||||||
|
pthread_key_t key;
|
||||||
|
+ bool key_initialized;
|
||||||
|
+#ifdef PTHREAD_ERRORCHECK_MUTEX_INITIALIZER_NP
|
||||||
|
+#define WB_GLOBAL_MUTEX_INITIALIZER PTHREAD_ERRORCHECK_MUTEX_INITIALIZER_NP
|
||||||
|
#else
|
||||||
|
- bool dummy;
|
||||||
|
+#define WB_GLOBAL_MUTEX_INITIALIZER PTHREAD_MUTEX_INITIALIZER
|
||||||
|
#endif
|
||||||
|
+#define WB_GLOBAL_LIST_LOCK do { \
|
||||||
|
+ int __pret = pthread_mutex_lock(&wb_global_ctx.list_mutex); \
|
||||||
|
+ assert(__pret == 0); \
|
||||||
|
+} while(0)
|
||||||
|
+#define WB_GLOBAL_LIST_UNLOCK do { \
|
||||||
|
+ int __pret = pthread_mutex_unlock(&wb_global_ctx.list_mutex); \
|
||||||
|
+ assert(__pret == 0); \
|
||||||
|
+} while(0)
|
||||||
|
+ pthread_mutex_t list_mutex;
|
||||||
|
+#else /* => not HAVE_PTHREAD */
|
||||||
|
+#define WB_GLOBAL_LIST_LOCK do { } while(0)
|
||||||
|
+#define WB_GLOBAL_LIST_UNLOCK do { } while(0)
|
||||||
|
+#endif /* not HAVE_PTHREAD */
|
||||||
|
+ struct winbindd_context *list;
|
||||||
|
} wb_global_ctx = {
|
||||||
|
#ifdef HAVE_PTHREAD
|
||||||
|
.control = PTHREAD_ONCE_INIT,
|
||||||
|
+ .list_mutex = WB_GLOBAL_MUTEX_INITIALIZER,
|
||||||
|
#endif
|
||||||
|
+ .list = NULL,
|
||||||
|
};
|
||||||
|
|
||||||
|
static void winbind_close_sock(struct winbindd_context *ctx);
|
||||||
|
+static void winbind_ctx_free_locked(struct winbindd_context *ctx);
|
||||||
|
+static void winbind_cleanup_list(void);
|
||||||
|
|
||||||
|
#ifdef HAVE_PTHREAD
|
||||||
|
static void wb_thread_ctx_initialize(void);
|
||||||
|
|
||||||
|
+static void wb_atfork_prepare(void)
|
||||||
|
+{
|
||||||
|
+ WB_GLOBAL_LIST_LOCK;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static void wb_atfork_parent(void)
|
||||||
|
+{
|
||||||
|
+ WB_GLOBAL_LIST_UNLOCK;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
static void wb_atfork_child(void)
|
||||||
|
{
|
||||||
|
- struct winbindd_context *ctx = NULL;
|
||||||
|
- int ret;
|
||||||
|
+ wb_global_ctx.list_mutex = (pthread_mutex_t)WB_GLOBAL_MUTEX_INITIALIZER;
|
||||||
|
|
||||||
|
- ctx = (struct winbindd_context *)pthread_getspecific(wb_global_ctx.key);
|
||||||
|
- if (ctx == NULL) {
|
||||||
|
- return;
|
||||||
|
- }
|
||||||
|
+ if (wb_global_ctx.key_initialized) {
|
||||||
|
+ int ret;
|
||||||
|
|
||||||
|
- ret = pthread_setspecific(wb_global_ctx.key, NULL);
|
||||||
|
- assert(ret == 0);
|
||||||
|
+ /*
|
||||||
|
+ * After a fork the child still believes
|
||||||
|
+ * it is the same thread as in the parent.
|
||||||
|
+ * So pthread_getspecific() would return the
|
||||||
|
+ * value of the thread that called fork().
|
||||||
|
+ *
|
||||||
|
+ * But we don't want that behavior, so
|
||||||
|
+ * we just clear the reference and let
|
||||||
|
+ * winbind_cleanup_list() below 'autofree'
|
||||||
|
+ * the parent threads global context.
|
||||||
|
+ */
|
||||||
|
+ ret = pthread_setspecific(wb_global_ctx.key, NULL);
|
||||||
|
+ assert(ret == 0);
|
||||||
|
+ }
|
||||||
|
|
||||||
|
- winbind_close_sock(ctx);
|
||||||
|
- free(ctx);
|
||||||
|
+ /*
|
||||||
|
+ * But we need to close/cleanup the global state
|
||||||
|
+ * of the parents threads.
|
||||||
|
+ */
|
||||||
|
+ winbind_cleanup_list();
|
||||||
|
}
|
||||||
|
|
||||||
|
static void wb_thread_ctx_destructor(void *p)
|
||||||
|
{
|
||||||
|
struct winbindd_context *ctx = (struct winbindd_context *)p;
|
||||||
|
|
||||||
|
- winbind_close_sock(ctx);
|
||||||
|
- free(ctx);
|
||||||
|
+ winbindd_ctx_free(ctx);
|
||||||
|
}
|
||||||
|
|
||||||
|
static void wb_thread_ctx_initialize(void)
|
||||||
|
{
|
||||||
|
int ret;
|
||||||
|
|
||||||
|
- ret = pthread_atfork(NULL,
|
||||||
|
- NULL,
|
||||||
|
+ ret = pthread_atfork(wb_atfork_prepare,
|
||||||
|
+ wb_atfork_parent,
|
||||||
|
wb_atfork_child);
|
||||||
|
assert(ret == 0);
|
||||||
|
|
||||||
|
ret = pthread_key_create(&wb_global_ctx.key,
|
||||||
|
wb_thread_ctx_destructor);
|
||||||
|
assert(ret == 0);
|
||||||
|
+
|
||||||
|
+ wb_global_ctx.key_initialized = true;
|
||||||
|
}
|
||||||
|
|
||||||
|
static struct winbindd_context *get_wb_thread_ctx(void)
|
||||||
|
@@ -123,9 +169,14 @@ static struct winbindd_context *get_wb_thread_ctx(void)
|
||||||
|
*ctx = (struct winbindd_context) {
|
||||||
|
.winbindd_fd = -1,
|
||||||
|
.is_privileged = false,
|
||||||
|
- .our_pid = 0
|
||||||
|
+ .our_pid = 0,
|
||||||
|
+ .autofree = true,
|
||||||
|
};
|
||||||
|
|
||||||
|
+ WB_GLOBAL_LIST_LOCK;
|
||||||
|
+ DLIST_ADD_END(wb_global_ctx.list, ctx);
|
||||||
|
+ WB_GLOBAL_LIST_UNLOCK;
|
||||||
|
+
|
||||||
|
ret = pthread_setspecific(wb_global_ctx.key, ctx);
|
||||||
|
if (ret != 0) {
|
||||||
|
free(ctx);
|
||||||
|
@@ -142,7 +193,8 @@ static struct winbindd_context *get_wb_global_ctx(void)
|
||||||
|
static struct winbindd_context _ctx = {
|
||||||
|
.winbindd_fd = -1,
|
||||||
|
.is_privileged = false,
|
||||||
|
- .our_pid = 0
|
||||||
|
+ .our_pid = 0,
|
||||||
|
+ .autofree = false,
|
||||||
|
};
|
||||||
|
#endif
|
||||||
|
|
||||||
|
@@ -150,9 +202,11 @@ static struct winbindd_context *get_wb_global_ctx(void)
|
||||||
|
ctx = get_wb_thread_ctx();
|
||||||
|
#else
|
||||||
|
ctx = &_ctx;
|
||||||
|
+ if (ctx->prev == NULL && ctx->next == NULL) {
|
||||||
|
+ DLIST_ADD_END(wb_global_ctx.list, ctx);
|
||||||
|
+ }
|
||||||
|
#endif
|
||||||
|
|
||||||
|
- wb_global_ctx.initialized = true;
|
||||||
|
return ctx;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -226,6 +280,30 @@ static void winbind_close_sock(struct winbindd_context *ctx)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
+static void winbind_ctx_free_locked(struct winbindd_context *ctx)
|
||||||
|
+{
|
||||||
|
+ winbind_close_sock(ctx);
|
||||||
|
+ DLIST_REMOVE(wb_global_ctx.list, ctx);
|
||||||
|
+ free(ctx);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static void winbind_cleanup_list(void)
|
||||||
|
+{
|
||||||
|
+ struct winbindd_context *ctx = NULL, *next = NULL;
|
||||||
|
+
|
||||||
|
+ WB_GLOBAL_LIST_LOCK;
|
||||||
|
+ for (ctx = wb_global_ctx.list; ctx != NULL; ctx = next) {
|
||||||
|
+ next = ctx->next;
|
||||||
|
+
|
||||||
|
+ if (ctx->autofree) {
|
||||||
|
+ winbind_ctx_free_locked(ctx);
|
||||||
|
+ } else {
|
||||||
|
+ winbind_close_sock(ctx);
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ WB_GLOBAL_LIST_UNLOCK;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
/* Destructor for global context to ensure fd is closed */
|
||||||
|
|
||||||
|
#ifdef HAVE_DESTRUCTOR_ATTRIBUTE
|
||||||
|
@@ -235,18 +313,18 @@ __attribute__((destructor))
|
||||||
|
#endif
|
||||||
|
static void winbind_destructor(void)
|
||||||
|
{
|
||||||
|
- struct winbindd_context *ctx;
|
||||||
|
-
|
||||||
|
- if (!wb_global_ctx.initialized) {
|
||||||
|
- return;
|
||||||
|
+#ifdef HAVE_PTHREAD
|
||||||
|
+ if (wb_global_ctx.key_initialized) {
|
||||||
|
+ int ret;
|
||||||
|
+ ret = pthread_key_delete(wb_global_ctx.key);
|
||||||
|
+ assert(ret == 0);
|
||||||
|
+ wb_global_ctx.key_initialized = false;
|
||||||
|
}
|
||||||
|
|
||||||
|
- ctx = get_wb_global_ctx();
|
||||||
|
- if (ctx == NULL) {
|
||||||
|
- return;
|
||||||
|
- }
|
||||||
|
+ wb_global_ctx.control = (pthread_once_t)PTHREAD_ONCE_INIT;
|
||||||
|
+#endif /* HAVE_PTHREAD */
|
||||||
|
|
||||||
|
- winbind_close_sock(ctx);
|
||||||
|
+ winbind_cleanup_list();
|
||||||
|
}
|
||||||
|
|
||||||
|
#define CONNECT_TIMEOUT 30
|
||||||
|
@@ -928,11 +1006,16 @@ struct winbindd_context *winbindd_ctx_create(void)
|
||||||
|
|
||||||
|
ctx->winbindd_fd = -1;
|
||||||
|
|
||||||
|
+ WB_GLOBAL_LIST_LOCK;
|
||||||
|
+ DLIST_ADD_END(wb_global_ctx.list, ctx);
|
||||||
|
+ WB_GLOBAL_LIST_UNLOCK;
|
||||||
|
+
|
||||||
|
return ctx;
|
||||||
|
}
|
||||||
|
|
||||||
|
void winbindd_ctx_free(struct winbindd_context *ctx)
|
||||||
|
{
|
||||||
|
- winbind_close_sock(ctx);
|
||||||
|
- free(ctx);
|
||||||
|
+ WB_GLOBAL_LIST_LOCK;
|
||||||
|
+ winbind_ctx_free_locked(ctx);
|
||||||
|
+ WB_GLOBAL_LIST_UNLOCK;
|
||||||
|
}
|
||||||
|
--
|
||||||
|
2.34.1
|
16
SOURCES/samba-4.18.6.tar.asc
Normal file
16
SOURCES/samba-4.18.6.tar.asc
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
-----BEGIN PGP SIGNATURE-----
|
||||||
|
|
||||||
|
iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmTc/5EACgkQqplEL7aA
|
||||||
|
tiB+4RAAkcRhO1/ZC7sXgqAqTZY05On8g2GLeuBh2Q+u7QIyjcDLuJWzp0TkrbMn
|
||||||
|
LBGtFAyCxM1JbW/K1UNafeQcf3UKzY1nIPtUpqVjN7qMxt0BDZ6MsXGbB/qhyGMZ
|
||||||
|
YnsZ8of/8NOUKx5KbrSeN5TqjICWTVRKi7KPcBrD51sTSt5unXYrolyJpKoPjYYU
|
||||||
|
lQS8cnh/shfvvFX4fYf9XtFS2OcQqCTFrLeajb6DU7Ep6ZBZa9r3m5Gk3ZvhBu9r
|
||||||
|
qowmQDqbNfo++wIkOaehD6tQsWcY2XvfBCFLqtSnF1SraN0jpdYr08dbcRGyuhFd
|
||||||
|
DS9+4BwCCML0mip7aaP6NHZpN+LvyYkAKPuKo8mW8pxe3i8ctxcTyN6SfmZA6RlE
|
||||||
|
bcmRQSkBD/e0jjBX5nR0zsaT01bgE1bBvbro0ZKHpR7/k6WeV+k6jDmqqXnYj3uB
|
||||||
|
61fCtf41w1b2pMhty70niga2gxaHrSqu9gqSl2wk/uMhwtdntqrJtaWIChWM0CRs
|
||||||
|
b6pfbjEZM2NDhsLe3idvY9Hl1hlKrMtoLJTu7fksTDVJzWPfqOCyIOc1DkxbCqlG
|
||||||
|
XB9fbre57DWIpRvNK4pu108LiGbavK2rLC6wlcjshP3/9BA3c3HO/JPQGtDAn1UE
|
||||||
|
JVQlYT1Fzzp9RU8U5Khz9D7pB3k6K19ZIo3q5xTA/V5O6axB5WM=
|
||||||
|
=GnJM
|
||||||
|
-----END PGP SIGNATURE-----
|
File diff suppressed because it is too large
Load Diff
@ -1,16 +0,0 @@
|
|||||||
-----BEGIN PGP SIGNATURE-----
|
|
||||||
|
|
||||||
iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmWcCFAACgkQqplEL7aA
|
|
||||||
tiDKSBAAuWA9jT6xCfFACIlme7DbEoUm/Bsbf+GM2Somd3pgajekiNxo7CsW9Xub
|
|
||||||
Vmpj0Q5OKiri81XTqA8LlqMCBliqfw/rnP48kCH0YqXzjqD6aYuwmk0Q4G3wWBTJ
|
|
||||||
2ZT/wOpbM3YooFfE9Iffz6uNgAiQ/8kpBt2m6Zzfy8n1ThfztyGAGaSmrUWxgUlq
|
|
||||||
XjRjtgTw4isZBm+RzCFSGuPxvWvxRlfD5JCe2gc221rI3kbaQE2GSxdZ6D0635Ln
|
|
||||||
iy64SLIAKkQCrrFFckudSCCLKgLNdIClEwzamhhCbmCxnWMDufzN+BQZhq3axQ+x
|
|
||||||
svPfZqltVSQztr4nPGvKdebtVLL2Zyf/LtXWQP/s66quHlHFoEAC7MuD6tEMQVar
|
|
||||||
JQUCN51Gs0Yk12iReQFm6/Uo35aPAlai1e2uOkNzS5FnagRObYt6FYeQripks4I8
|
|
||||||
ZW5VvF4cE0zqdjrlG+Ttqmpbj7i6AUJj9wSbrEOFDUhTL+QPPOfJ05yr1BHmS6nJ
|
|
||||||
vuuUs+ei/DnYEFS91P81h5NuOdpRHIBTG6LUOLz5KOoNdIgvzjD/Ugyscj4AFTBo
|
|
||||||
+NTG9nNr6gkLV/6dxDRR2/sbU6P+FZBL+JVUoDR7XQ7oHG7sFV+/8Dtu8RivEw++
|
|
||||||
1sNGqxvGkwu7JunMkJO5YZRwXi81v3nmHkWKgb0+52iYXgmdesY=
|
|
||||||
=kOPP
|
|
||||||
-----END PGP SIGNATURE-----
|
|
@ -1,2 +0,0 @@
|
|||||||
#Type Name ID
|
|
||||||
g wbpriv 88
|
|
258
SPECS/samba.spec
258
SPECS/samba.spec
@ -121,12 +121,9 @@
|
|||||||
#endif fedora || rhel >= 8
|
#endif fedora || rhel >= 8
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
# Build the ctdb-pcp-pmda package by default on Fedora, except for i686 where
|
# Build the ctdb-pcp-pmda package by default on Fedora
|
||||||
# pcp is no longer supported
|
|
||||||
%if 0%{?fedora}
|
%if 0%{?fedora}
|
||||||
%ifnarch i686
|
|
||||||
%bcond_without pcp_pmda
|
%bcond_without pcp_pmda
|
||||||
%endif
|
|
||||||
%else
|
%else
|
||||||
%bcond_with pcp_pmda
|
%bcond_with pcp_pmda
|
||||||
%endif
|
%endif
|
||||||
@ -138,16 +135,10 @@
|
|||||||
%bcond_with etcd_mutex
|
%bcond_with etcd_mutex
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%if 0%{?fedora} || 0%{?rhel} >= 9
|
|
||||||
%bcond_without gpupdate
|
|
||||||
%else
|
|
||||||
%bcond_with gpupdate
|
|
||||||
%endif
|
|
||||||
|
|
||||||
%define samba_requires_eq() %(LC_ALL="C" echo '%*' | xargs -r rpm -q --qf 'Requires: %%{name} = %%{epoch}:%%{version}\\n' | sed -e 's/ (none):/ /' -e 's/ 0:/ /' | grep -v "is not")
|
%define samba_requires_eq() %(LC_ALL="C" echo '%*' | xargs -r rpm -q --qf 'Requires: %%{name} = %%{epoch}:%%{version}\\n' | sed -e 's/ (none):/ /' -e 's/ 0:/ /' | grep -v "is not")
|
||||||
|
|
||||||
%global samba_version 4.19.4
|
%global samba_version 4.18.6
|
||||||
%global baserelease 5
|
%global baserelease 3
|
||||||
# This should be rc1 or %%nil
|
# This should be rc1 or %%nil
|
||||||
%global pre_release %nil
|
%global pre_release %nil
|
||||||
|
|
||||||
@ -180,10 +171,10 @@
|
|||||||
%global libsmbclient_so_version 0
|
%global libsmbclient_so_version 0
|
||||||
%global libwbclient_so_version 0
|
%global libwbclient_so_version 0
|
||||||
|
|
||||||
%global talloc_version 2.4.1
|
%global talloc_version 2.4.0
|
||||||
%global tdb_version 1.4.9
|
%global tdb_version 1.4.8
|
||||||
%global tevent_version 0.15.0
|
%global tevent_version 0.14.1
|
||||||
%global ldb_version 2.8.0
|
%global ldb_version 2.7.2
|
||||||
|
|
||||||
%global required_mit_krb5 1.18
|
%global required_mit_krb5 1.18
|
||||||
|
|
||||||
@ -211,7 +202,7 @@
|
|||||||
|
|
||||||
Name: samba
|
Name: samba
|
||||||
Version: %{samba_version}
|
Version: %{samba_version}
|
||||||
Release: %{samba_release}%{?dist}
|
Release: %{samba_release}%{?dist}.alma.1
|
||||||
|
|
||||||
%if 0%{?fedora}
|
%if 0%{?fedora}
|
||||||
Epoch: 2
|
Epoch: 2
|
||||||
@ -239,16 +230,19 @@ Source14: samba.pamd
|
|||||||
Source15: usershares.conf.vendor
|
Source15: usershares.conf.vendor
|
||||||
Source16: samba-systemd-sysusers.conf
|
Source16: samba-systemd-sysusers.conf
|
||||||
Source17: samba-usershares-systemd-sysusers.conf
|
Source17: samba-usershares-systemd-sysusers.conf
|
||||||
Source18: samba-winbind-systemd-sysusers.conf
|
|
||||||
|
|
||||||
Source201: README.downgrade
|
Source201: README.downgrade
|
||||||
Source202: samba.abignore
|
Source202: samba.abignore
|
||||||
|
|
||||||
# Backport bug fixes to https://gitlab.com/samba-redhat/samba/-/tree/v4-19-redhat
|
# Patches were taken from:
|
||||||
# This will give us CI and makes it easy to generate patchsets.
|
# https://attachments.samba.org/attachment.cgi?id=18128
|
||||||
#
|
Patch1: CVE-2023-3961-s3-smbd-Catch-any-incoming-pipe-path-that.patch
|
||||||
# Generate the patchset using: git format-patch -l1 --stdout -N > samba-4.19-redhat.patch
|
# https://attachments.samba.org/attachment.cgi?id=18131
|
||||||
Patch0: samba-4.19-redhat.patch
|
Patch2: CVE-2023-4091-smbtorture-test-overwrite-dispositions-on.patch
|
||||||
|
# https://attachments.samba.org/attachment.cgi?id=18136
|
||||||
|
Patch3: CVE-2023-42669-s4-rpc_server-Disable-rpcecho-server-by.patch
|
||||||
|
# https://attachments.samba.org/attachment.cgi?id=18104
|
||||||
|
Patch4: memory-corruption-since-samba-4-18.patch
|
||||||
|
|
||||||
Requires(pre): /usr/sbin/groupadd
|
Requires(pre): /usr/sbin/groupadd
|
||||||
|
|
||||||
@ -346,11 +340,9 @@ BuildRequires: zlib-devel >= 1.2.3
|
|||||||
|
|
||||||
BuildRequires: pkgconfig(libsystemd)
|
BuildRequires: pkgconfig(libsystemd)
|
||||||
|
|
||||||
%ifnarch i686
|
|
||||||
%if 0%{?fedora} >= 37
|
%if 0%{?fedora} >= 37
|
||||||
BuildRequires: mold
|
BuildRequires: mold
|
||||||
%endif
|
%endif
|
||||||
%endif
|
|
||||||
|
|
||||||
%if %{with vfs_glusterfs}
|
%if %{with vfs_glusterfs}
|
||||||
BuildRequires: glusterfs-api-devel >= 3.4.0.16
|
BuildRequires: glusterfs-api-devel >= 3.4.0.16
|
||||||
@ -375,10 +367,6 @@ BuildRequires: librados-devel
|
|||||||
BuildRequires: python3-etcd
|
BuildRequires: python3-etcd
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%if %{with gpupdate}
|
|
||||||
BuildRequires: cepces
|
|
||||||
%endif
|
|
||||||
|
|
||||||
# pidl requirements
|
# pidl requirements
|
||||||
BuildRequires: perl(ExtUtils::MakeMaker)
|
BuildRequires: perl(ExtUtils::MakeMaker)
|
||||||
BuildRequires: perl(FindBin)
|
BuildRequires: perl(FindBin)
|
||||||
@ -743,7 +731,7 @@ Samba VFS module for GlusterFS integration.
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
### GPUPDATE
|
### GPUPDATE
|
||||||
%if %{with gpupdate}
|
%if %{with dc}
|
||||||
%package gpupdate
|
%package gpupdate
|
||||||
Summary: Samba GPO support for clients
|
Summary: Samba GPO support for clients
|
||||||
Requires: cepces
|
Requires: cepces
|
||||||
@ -755,7 +743,7 @@ Requires: python3-%{name} = %{samba_depver}
|
|||||||
This package provides the samba-gpupdate tool to apply Group Policy Objects
|
This package provides the samba-gpupdate tool to apply Group Policy Objects
|
||||||
(GPO) on Samba clients.
|
(GPO) on Samba clients.
|
||||||
|
|
||||||
#endif with gpupdate
|
# /with dc
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
### KRB5-PRINTING
|
### KRB5-PRINTING
|
||||||
@ -920,8 +908,6 @@ Summary: Samba Python libraries for Samba AD
|
|||||||
Requires: %{name}-client-libs = %{samba_depver}
|
Requires: %{name}-client-libs = %{samba_depver}
|
||||||
Requires: %{name}-dc-libs = %{samba_depver}
|
Requires: %{name}-dc-libs = %{samba_depver}
|
||||||
Requires: python3-%{name} = %{samba_depver}
|
Requires: python3-%{name} = %{samba_depver}
|
||||||
# for ms_forest_updates_markdown.py and ms_schema_markdown.py
|
|
||||||
Requires: python3-markdown
|
|
||||||
|
|
||||||
%description -n python3-samba-dc
|
%description -n python3-samba-dc
|
||||||
The python3-%{name}-dc package contains the Python libraries needed by programs
|
The python3-%{name}-dc package contains the Python libraries needed by programs
|
||||||
@ -1283,17 +1269,8 @@ rm -f lib/crypto/{aes,rijndael}*.c
|
|||||||
# TODO: resolve underlinked python modules
|
# TODO: resolve underlinked python modules
|
||||||
export python_LDFLAGS="$(echo %{__global_ldflags} | sed -e 's/-Wl,-z,defs//g')"
|
export python_LDFLAGS="$(echo %{__global_ldflags} | sed -e 's/-Wl,-z,defs//g')"
|
||||||
|
|
||||||
# Use the mold linker if possible
|
# Use the gold linker
|
||||||
export python_LDFLAGS="$(echo %{__global_ldflags} | sed -e 's/-Wl,-z,defs//g')"
|
export LDFLAGS="%{__global_ldflags} -fuse-ld=gold"
|
||||||
|
|
||||||
%ifnarch i686
|
|
||||||
%if 0%{?fedora} >= 37
|
|
||||||
export LDFLAGS="%{__global_ldflags} -fuse-ld=mold"
|
|
||||||
export python_LDFLAGS="$(echo ${LDFLAGS} | sed -e 's/-Wl,-z,defs//g')"
|
|
||||||
#endif fedora >= 37
|
|
||||||
%endif
|
|
||||||
#endif narch i686
|
|
||||||
%endif
|
|
||||||
|
|
||||||
# Add support for mock ccache plugin
|
# Add support for mock ccache plugin
|
||||||
%if %{with ccache}
|
%if %{with ccache}
|
||||||
@ -1423,7 +1400,6 @@ echo "d /run/ctdb 755 root root" > %{buildroot}%{_tmpfilesdir}/ctdb.conf
|
|||||||
install -d -m 0755 %{buildroot}%{_sysusersdir}
|
install -d -m 0755 %{buildroot}%{_sysusersdir}
|
||||||
install -m 0644 %{SOURCE16} %{buildroot}%{_sysusersdir}/samba.conf
|
install -m 0644 %{SOURCE16} %{buildroot}%{_sysusersdir}/samba.conf
|
||||||
install -m 0644 %{SOURCE17} %{buildroot}%{_sysusersdir}/samba-usershares.conf
|
install -m 0644 %{SOURCE17} %{buildroot}%{_sysusersdir}/samba-usershares.conf
|
||||||
install -m 0644 %{SOURCE18} %{buildroot}%{_sysusersdir}/samba-winbind.conf
|
|
||||||
|
|
||||||
install -d -m 0755 %{buildroot}%{_sysconfdir}/sysconfig
|
install -d -m 0755 %{buildroot}%{_sysconfdir}/sysconfig
|
||||||
install -m 0644 packaging/systemd/samba.sysconfig %{buildroot}%{_sysconfdir}/sysconfig/samba
|
install -m 0644 packaging/systemd/samba.sysconfig %{buildroot}%{_sysconfdir}/sysconfig/samba
|
||||||
@ -1451,17 +1427,14 @@ touch %{buildroot}%{_libdir}/krb5/plugins/libkrb5/winbind_krb5_locator.so
|
|||||||
for i in \
|
for i in \
|
||||||
%{_mandir}/man8/samba.8 \
|
%{_mandir}/man8/samba.8 \
|
||||||
%{_mandir}/man8/samba_downgrade_db.8 \
|
%{_mandir}/man8/samba_downgrade_db.8 \
|
||||||
|
%{_mandir}/man8/samba-gpupdate.8 \
|
||||||
%{_unitdir}/samba.service \
|
%{_unitdir}/samba.service \
|
||||||
|
%{_sbindir}/samba-gpupdate \
|
||||||
; do
|
; do
|
||||||
rm -f %{buildroot}$i
|
rm -f %{buildroot}$i
|
||||||
done
|
done
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%if %{without gpupdate}
|
|
||||||
rm -f %{buildroot}%{_sbindir}/samba-gpupdate
|
|
||||||
rm -f %{buildroot}%{_mandir}/man8/samba-gpupdate.8*
|
|
||||||
%endif
|
|
||||||
|
|
||||||
%if %{without vfs_glusterfs}
|
%if %{without vfs_glusterfs}
|
||||||
rm -f %{buildroot}%{_mandir}/man8/vfs_glusterfs.8*
|
rm -f %{buildroot}%{_mandir}/man8/vfs_glusterfs.8*
|
||||||
%endif
|
%endif
|
||||||
@ -1538,8 +1511,11 @@ export WINBINDD_DONT_LOG_STDOUT=1
|
|||||||
%systemd_postun_with_restart nmb.service
|
%systemd_postun_with_restart nmb.service
|
||||||
|
|
||||||
%pre common
|
%pre common
|
||||||
# This creates the group 'printadmin'
|
%if 0%{?fedora} || 0%{?rhel} > 8
|
||||||
|
%sysusers_create_compat %{SOURCE16}
|
||||||
|
%else
|
||||||
getent group printadmin >/dev/null || groupadd -r printadmin || :
|
getent group printadmin >/dev/null || groupadd -r printadmin || :
|
||||||
|
%endif
|
||||||
|
|
||||||
%post common
|
%post common
|
||||||
%{?ldconfig}
|
%{?ldconfig}
|
||||||
@ -1609,11 +1585,13 @@ fi
|
|||||||
%ldconfig_scriptlets test
|
%ldconfig_scriptlets test
|
||||||
|
|
||||||
%pre usershares
|
%pre usershares
|
||||||
# This creates the group 'usershares'
|
%if 0%{?fedora} || 0%{?rhel} > 8
|
||||||
|
%sysusers_create_compat %{SOURCE17}
|
||||||
|
%else
|
||||||
getent group usershares >/dev/null || groupadd -r usershares || :
|
getent group usershares >/dev/null || groupadd -r usershares || :
|
||||||
|
%endif
|
||||||
|
|
||||||
%pre winbind
|
%pre winbind
|
||||||
# This creates the group 'wbpriv'
|
|
||||||
/usr/sbin/groupadd -g 88 wbpriv >/dev/null 2>&1 || :
|
/usr/sbin/groupadd -g 88 wbpriv >/dev/null 2>&1 || :
|
||||||
|
|
||||||
%post winbind
|
%post winbind
|
||||||
@ -1825,6 +1803,7 @@ fi
|
|||||||
%{_mandir}/man1/smbclient.1*
|
%{_mandir}/man1/smbclient.1*
|
||||||
%{_mandir}/man1/smbcquotas.1*
|
%{_mandir}/man1/smbcquotas.1*
|
||||||
%{_mandir}/man1/smbget.1*
|
%{_mandir}/man1/smbget.1*
|
||||||
|
%{_mandir}/man5/smbgetrc.5*
|
||||||
%{_mandir}/man1/smbtar.1*
|
%{_mandir}/man1/smbtar.1*
|
||||||
%{_mandir}/man1/smbtree.1*
|
%{_mandir}/man1/smbtree.1*
|
||||||
%{_mandir}/man7/traffic_learner.7.*
|
%{_mandir}/man7/traffic_learner.7.*
|
||||||
@ -2031,12 +2010,10 @@ fi
|
|||||||
%{_bindir}/net
|
%{_bindir}/net
|
||||||
%{_bindir}/pdbedit
|
%{_bindir}/pdbedit
|
||||||
%{_bindir}/profiles
|
%{_bindir}/profiles
|
||||||
%{_bindir}/samba-log-parser
|
|
||||||
%{_bindir}/smbcontrol
|
%{_bindir}/smbcontrol
|
||||||
%{_bindir}/smbpasswd
|
%{_bindir}/smbpasswd
|
||||||
%{_bindir}/testparm
|
%{_bindir}/testparm
|
||||||
%{_mandir}/man1/profiles.1*
|
%{_mandir}/man1/profiles.1*
|
||||||
%{_mandir}/man1/samba-log-parser.1*
|
|
||||||
%{_mandir}/man1/smbcontrol.1*
|
%{_mandir}/man1/smbcontrol.1*
|
||||||
%{_mandir}/man1/testparm.1*
|
%{_mandir}/man1/testparm.1*
|
||||||
%{_mandir}/man8/net.8*
|
%{_mandir}/man8/net.8*
|
||||||
@ -2057,9 +2034,6 @@ fi
|
|||||||
%{_libexecdir}/samba/rpcd_fsrvp
|
%{_libexecdir}/samba/rpcd_fsrvp
|
||||||
%{_libexecdir}/samba/rpcd_lsad
|
%{_libexecdir}/samba/rpcd_lsad
|
||||||
%{_libexecdir}/samba/rpcd_mdssvc
|
%{_libexecdir}/samba/rpcd_mdssvc
|
||||||
%if %{with testsuite}
|
|
||||||
%{_libexecdir}/samba/rpcd_rpcecho
|
|
||||||
%endif
|
|
||||||
%{_libexecdir}/samba/rpcd_spoolss
|
%{_libexecdir}/samba/rpcd_spoolss
|
||||||
%{_libexecdir}/samba/rpcd_winreg
|
%{_libexecdir}/samba/rpcd_winreg
|
||||||
%{_mandir}/man8/samba-dcerpcd.8*
|
%{_mandir}/man8/samba-dcerpcd.8*
|
||||||
@ -2182,8 +2156,6 @@ fi
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%{_libdir}/libdcerpc-server.so.*
|
%{_libdir}/libdcerpc-server.so.*
|
||||||
%{_libdir}/samba/libad-claims-samba4.so
|
|
||||||
%{_libdir}/samba/libauthn-policy-util-samba4.so
|
|
||||||
%{_libdir}/samba/libdsdb-module-samba4.so
|
%{_libdir}/samba/libdsdb-module-samba4.so
|
||||||
%{_libdir}/samba/libdsdb-garbage-collect-tombstones-samba4.so
|
%{_libdir}/samba/libdsdb-garbage-collect-tombstones-samba4.so
|
||||||
%{_libdir}/samba/libscavenge-dns-records-samba4.so
|
%{_libdir}/samba/libscavenge-dns-records-samba4.so
|
||||||
@ -2352,11 +2324,10 @@ fi
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
### GPUPDATE
|
### GPUPDATE
|
||||||
%if %{with gpupdate}
|
%if %{with dc}
|
||||||
%files gpupdate
|
%files gpupdate
|
||||||
%{_mandir}/man8/samba-gpupdate.8*
|
%{_mandir}/man8/samba-gpupdate.8*
|
||||||
%{_sbindir}/samba-gpupdate
|
%{_sbindir}/samba-gpupdate
|
||||||
#endif with gpupdate
|
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
### KRB5-PRINTING
|
### KRB5-PRINTING
|
||||||
@ -2480,7 +2451,6 @@ fi
|
|||||||
%{python3_sitearch}/samba/__pycache__/descriptor.*.pyc
|
%{python3_sitearch}/samba/__pycache__/descriptor.*.pyc
|
||||||
%{python3_sitearch}/samba/__pycache__/dnsresolver.*.pyc
|
%{python3_sitearch}/samba/__pycache__/dnsresolver.*.pyc
|
||||||
%{python3_sitearch}/samba/__pycache__/drs_utils.*.pyc
|
%{python3_sitearch}/samba/__pycache__/drs_utils.*.pyc
|
||||||
%{python3_sitearch}/samba/__pycache__/functional_level.*.pyc
|
|
||||||
%{python3_sitearch}/samba/__pycache__/getopt.*.pyc
|
%{python3_sitearch}/samba/__pycache__/getopt.*.pyc
|
||||||
%{python3_sitearch}/samba/__pycache__/graph.*.pyc
|
%{python3_sitearch}/samba/__pycache__/graph.*.pyc
|
||||||
%{python3_sitearch}/samba/__pycache__/hostconfig.*.pyc
|
%{python3_sitearch}/samba/__pycache__/hostconfig.*.pyc
|
||||||
@ -2492,7 +2462,6 @@ fi
|
|||||||
%{python3_sitearch}/samba/__pycache__/ms_schema.*.pyc
|
%{python3_sitearch}/samba/__pycache__/ms_schema.*.pyc
|
||||||
%{python3_sitearch}/samba/__pycache__/ndr.*.pyc
|
%{python3_sitearch}/samba/__pycache__/ndr.*.pyc
|
||||||
%{python3_sitearch}/samba/__pycache__/ntacls.*.pyc
|
%{python3_sitearch}/samba/__pycache__/ntacls.*.pyc
|
||||||
%{python3_sitearch}/samba/__pycache__/policies.*.pyc
|
|
||||||
%{python3_sitearch}/samba/__pycache__/safe_tarfile.*.pyc
|
%{python3_sitearch}/samba/__pycache__/safe_tarfile.*.pyc
|
||||||
%{python3_sitearch}/samba/__pycache__/sd_utils.*.pyc
|
%{python3_sitearch}/samba/__pycache__/sd_utils.*.pyc
|
||||||
%{python3_sitearch}/samba/__pycache__/sites.*.pyc
|
%{python3_sitearch}/samba/__pycache__/sites.*.pyc
|
||||||
@ -2562,7 +2531,6 @@ fi
|
|||||||
%{python3_sitearch}/samba/drs_utils.py
|
%{python3_sitearch}/samba/drs_utils.py
|
||||||
%{python3_sitearch}/samba/dsdb.*.so
|
%{python3_sitearch}/samba/dsdb.*.so
|
||||||
%{python3_sitearch}/samba/dsdb_dns.*.so
|
%{python3_sitearch}/samba/dsdb_dns.*.so
|
||||||
%{python3_sitearch}/samba/functional_level.py
|
|
||||||
%{python3_sitearch}/samba/gensec.*.so
|
%{python3_sitearch}/samba/gensec.*.so
|
||||||
%{python3_sitearch}/samba/getopt.py
|
%{python3_sitearch}/samba/getopt.py
|
||||||
%{python3_sitearch}/samba/graph.py
|
%{python3_sitearch}/samba/graph.py
|
||||||
@ -2585,8 +2553,6 @@ fi
|
|||||||
%{python3_sitearch}/samba/emulate/traffic_packets.py
|
%{python3_sitearch}/samba/emulate/traffic_packets.py
|
||||||
%dir %{python3_sitearch}/samba/gp
|
%dir %{python3_sitearch}/samba/gp
|
||||||
%dir %{python3_sitearch}/samba/gp/__pycache__
|
%dir %{python3_sitearch}/samba/gp/__pycache__
|
||||||
%{python3_sitearch}/samba/gp/__init__.py
|
|
||||||
%{python3_sitearch}/samba/gp/__pycache__/__init__.*.pyc
|
|
||||||
%{python3_sitearch}/samba/gp/__pycache__/gpclass.*.pyc
|
%{python3_sitearch}/samba/gp/__pycache__/gpclass.*.pyc
|
||||||
%{python3_sitearch}/samba/gp/__pycache__/gp_centrify_crontab_ext.*.pyc
|
%{python3_sitearch}/samba/gp/__pycache__/gp_centrify_crontab_ext.*.pyc
|
||||||
%{python3_sitearch}/samba/gp/__pycache__/gp_centrify_sudoers_ext.*.pyc
|
%{python3_sitearch}/samba/gp/__pycache__/gp_centrify_sudoers_ext.*.pyc
|
||||||
@ -2665,12 +2631,12 @@ fi
|
|||||||
%{python3_sitearch}/samba/netcmd/__pycache__/dbcheck.*.pyc
|
%{python3_sitearch}/samba/netcmd/__pycache__/dbcheck.*.pyc
|
||||||
%{python3_sitearch}/samba/netcmd/__pycache__/delegation.*.pyc
|
%{python3_sitearch}/samba/netcmd/__pycache__/delegation.*.pyc
|
||||||
%{python3_sitearch}/samba/netcmd/__pycache__/dns.*.pyc
|
%{python3_sitearch}/samba/netcmd/__pycache__/dns.*.pyc
|
||||||
|
%{python3_sitearch}/samba/netcmd/__pycache__/domain.*.pyc
|
||||||
|
%{python3_sitearch}/samba/netcmd/__pycache__/domain_backup.*.pyc
|
||||||
%{python3_sitearch}/samba/netcmd/__pycache__/drs.*.pyc
|
%{python3_sitearch}/samba/netcmd/__pycache__/drs.*.pyc
|
||||||
%{python3_sitearch}/samba/netcmd/__pycache__/dsacl.*.pyc
|
%{python3_sitearch}/samba/netcmd/__pycache__/dsacl.*.pyc
|
||||||
%{python3_sitearch}/samba/netcmd/__pycache__/encoders.*.pyc
|
|
||||||
%{python3_sitearch}/samba/netcmd/__pycache__/forest.*.pyc
|
%{python3_sitearch}/samba/netcmd/__pycache__/forest.*.pyc
|
||||||
%{python3_sitearch}/samba/netcmd/__pycache__/fsmo.*.pyc
|
%{python3_sitearch}/samba/netcmd/__pycache__/fsmo.*.pyc
|
||||||
%{python3_sitearch}/samba/netcmd/__pycache__/gpcommon.*.pyc
|
|
||||||
%{python3_sitearch}/samba/netcmd/__pycache__/gpo.*.pyc
|
%{python3_sitearch}/samba/netcmd/__pycache__/gpo.*.pyc
|
||||||
%{python3_sitearch}/samba/netcmd/__pycache__/group.*.pyc
|
%{python3_sitearch}/samba/netcmd/__pycache__/group.*.pyc
|
||||||
%{python3_sitearch}/samba/netcmd/__pycache__/ldapcmp.*.pyc
|
%{python3_sitearch}/samba/netcmd/__pycache__/ldapcmp.*.pyc
|
||||||
@ -2686,102 +2652,19 @@ fi
|
|||||||
%{python3_sitearch}/samba/netcmd/__pycache__/spn.*.pyc
|
%{python3_sitearch}/samba/netcmd/__pycache__/spn.*.pyc
|
||||||
%{python3_sitearch}/samba/netcmd/__pycache__/testparm.*.pyc
|
%{python3_sitearch}/samba/netcmd/__pycache__/testparm.*.pyc
|
||||||
%{python3_sitearch}/samba/netcmd/__pycache__/user.*.pyc
|
%{python3_sitearch}/samba/netcmd/__pycache__/user.*.pyc
|
||||||
%{python3_sitearch}/samba/netcmd/__pycache__/validators.*.pyc
|
|
||||||
%{python3_sitearch}/samba/netcmd/__pycache__/visualize.*.pyc
|
%{python3_sitearch}/samba/netcmd/__pycache__/visualize.*.pyc
|
||||||
%{python3_sitearch}/samba/netcmd/common.py
|
%{python3_sitearch}/samba/netcmd/common.py
|
||||||
%{python3_sitearch}/samba/netcmd/computer.py
|
%{python3_sitearch}/samba/netcmd/computer.py
|
||||||
%{python3_sitearch}/samba/netcmd/contact.py
|
%{python3_sitearch}/samba/netcmd/contact.py
|
||||||
%{python3_sitearch}/samba/netcmd/dbcheck.py
|
%{python3_sitearch}/samba/netcmd/dbcheck.py
|
||||||
%{python3_sitearch}/samba/netcmd/delegation.py
|
%{python3_sitearch}/samba/netcmd/delegation.py
|
||||||
%dir %{python3_sitearch}/samba/netcmd/domain
|
|
||||||
%{python3_sitearch}/samba/netcmd/domain/__init__.py
|
|
||||||
%dir %{python3_sitearch}/samba/netcmd/domain/__pycache__
|
|
||||||
%{python3_sitearch}/samba/netcmd/domain/__pycache__/__init__.*.pyc
|
|
||||||
%{python3_sitearch}/samba/netcmd/domain/__pycache__/backup.*.pyc
|
|
||||||
%{python3_sitearch}/samba/netcmd/domain/__pycache__/classicupgrade.*.pyc
|
|
||||||
%{python3_sitearch}/samba/netcmd/domain/__pycache__/common.*.pyc
|
|
||||||
%{python3_sitearch}/samba/netcmd/domain/__pycache__/dcpromo.*.pyc
|
|
||||||
%{python3_sitearch}/samba/netcmd/domain/__pycache__/demote.*.pyc
|
|
||||||
%{python3_sitearch}/samba/netcmd/domain/__pycache__/functional_prep.*.pyc
|
|
||||||
%{python3_sitearch}/samba/netcmd/domain/__pycache__/info.*.pyc
|
|
||||||
%{python3_sitearch}/samba/netcmd/domain/__pycache__/join.*.pyc
|
|
||||||
%{python3_sitearch}/samba/netcmd/domain/__pycache__/keytab.*.pyc
|
|
||||||
%{python3_sitearch}/samba/netcmd/domain/__pycache__/leave.*.pyc
|
|
||||||
%{python3_sitearch}/samba/netcmd/domain/__pycache__/level.*.pyc
|
|
||||||
%{python3_sitearch}/samba/netcmd/domain/__pycache__/passwordsettings.*.pyc
|
|
||||||
%{python3_sitearch}/samba/netcmd/domain/__pycache__/provision.*.pyc
|
|
||||||
%{python3_sitearch}/samba/netcmd/domain/__pycache__/samba3upgrade.*.pyc
|
|
||||||
%{python3_sitearch}/samba/netcmd/domain/__pycache__/schemaupgrade.*.pyc
|
|
||||||
%{python3_sitearch}/samba/netcmd/domain/__pycache__/tombstones.*.pyc
|
|
||||||
%{python3_sitearch}/samba/netcmd/domain/__pycache__/trust.*.pyc
|
|
||||||
%dir %{python3_sitearch}/samba/netcmd/domain/auth
|
|
||||||
%{python3_sitearch}/samba/netcmd/domain/auth/__init__.py
|
|
||||||
%dir %{python3_sitearch}/samba/netcmd/domain/auth/__pycache__
|
|
||||||
%{python3_sitearch}/samba/netcmd/domain/auth/__pycache__/__init__.*.pyc
|
|
||||||
%{python3_sitearch}/samba/netcmd/domain/auth/__pycache__/policy.*.pyc
|
|
||||||
%{python3_sitearch}/samba/netcmd/domain/auth/__pycache__/silo.*.pyc
|
|
||||||
%{python3_sitearch}/samba/netcmd/domain/auth/__pycache__/silo_member.*.pyc
|
|
||||||
%{python3_sitearch}/samba/netcmd/domain/auth/policy.py
|
|
||||||
%{python3_sitearch}/samba/netcmd/domain/auth/silo.py
|
|
||||||
%{python3_sitearch}/samba/netcmd/domain/auth/silo_member.py
|
|
||||||
%{python3_sitearch}/samba/netcmd/domain/backup.py
|
|
||||||
%dir %{python3_sitearch}/samba/netcmd/domain/claim
|
|
||||||
%{python3_sitearch}/samba/netcmd/domain/claim/__init__.py
|
|
||||||
%dir %{python3_sitearch}/samba/netcmd/domain/claim/__pycache__
|
|
||||||
%{python3_sitearch}/samba/netcmd/domain/claim/__pycache__/__init__.*.pyc
|
|
||||||
%{python3_sitearch}/samba/netcmd/domain/claim/__pycache__/claim_type.*.pyc
|
|
||||||
%{python3_sitearch}/samba/netcmd/domain/claim/__pycache__/value_type.*.pyc
|
|
||||||
%{python3_sitearch}/samba/netcmd/domain/claim/claim_type.py
|
|
||||||
%{python3_sitearch}/samba/netcmd/domain/claim/value_type.py
|
|
||||||
%{python3_sitearch}/samba/netcmd/domain/classicupgrade.py
|
|
||||||
%{python3_sitearch}/samba/netcmd/domain/common.py
|
|
||||||
%{python3_sitearch}/samba/netcmd/domain/dcpromo.py
|
|
||||||
%{python3_sitearch}/samba/netcmd/domain/demote.py
|
|
||||||
%{python3_sitearch}/samba/netcmd/domain/functional_prep.py
|
|
||||||
%{python3_sitearch}/samba/netcmd/domain/info.py
|
|
||||||
%{python3_sitearch}/samba/netcmd/domain/join.py
|
|
||||||
%{python3_sitearch}/samba/netcmd/domain/keytab.py
|
|
||||||
%{python3_sitearch}/samba/netcmd/domain/leave.py
|
|
||||||
%{python3_sitearch}/samba/netcmd/domain/level.py
|
|
||||||
%dir %{python3_sitearch}/samba/netcmd/domain/models
|
|
||||||
%{python3_sitearch}/samba/netcmd/domain/models/__init__.py
|
|
||||||
%dir %{python3_sitearch}/samba/netcmd/domain/models/__pycache__
|
|
||||||
%{python3_sitearch}/samba/netcmd/domain/models/__pycache__/__init__.*.pyc
|
|
||||||
%{python3_sitearch}/samba/netcmd/domain/models/__pycache__/auth_policy.*.pyc
|
|
||||||
%{python3_sitearch}/samba/netcmd/domain/models/__pycache__/auth_silo.*.pyc
|
|
||||||
%{python3_sitearch}/samba/netcmd/domain/models/__pycache__/claim_type.*.pyc
|
|
||||||
%{python3_sitearch}/samba/netcmd/domain/models/__pycache__/exceptions.*.pyc
|
|
||||||
%{python3_sitearch}/samba/netcmd/domain/models/__pycache__/fields.*.pyc
|
|
||||||
%{python3_sitearch}/samba/netcmd/domain/models/__pycache__/model.*.pyc
|
|
||||||
%{python3_sitearch}/samba/netcmd/domain/models/__pycache__/schema.*.pyc
|
|
||||||
%{python3_sitearch}/samba/netcmd/domain/models/__pycache__/site.*.pyc
|
|
||||||
%{python3_sitearch}/samba/netcmd/domain/models/__pycache__/subnet.*.pyc
|
|
||||||
%{python3_sitearch}/samba/netcmd/domain/models/__pycache__/user.*.pyc
|
|
||||||
%{python3_sitearch}/samba/netcmd/domain/models/__pycache__/value_type.*.pyc
|
|
||||||
%{python3_sitearch}/samba/netcmd/domain/models/auth_policy.py
|
|
||||||
%{python3_sitearch}/samba/netcmd/domain/models/auth_silo.py
|
|
||||||
%{python3_sitearch}/samba/netcmd/domain/models/claim_type.py
|
|
||||||
%{python3_sitearch}/samba/netcmd/domain/models/exceptions.py
|
|
||||||
%{python3_sitearch}/samba/netcmd/domain/models/fields.py
|
|
||||||
%{python3_sitearch}/samba/netcmd/domain/models/model.py
|
|
||||||
%{python3_sitearch}/samba/netcmd/domain/models/schema.py
|
|
||||||
%{python3_sitearch}/samba/netcmd/domain/models/site.py
|
|
||||||
%{python3_sitearch}/samba/netcmd/domain/models/subnet.py
|
|
||||||
%{python3_sitearch}/samba/netcmd/domain/models/user.py
|
|
||||||
%{python3_sitearch}/samba/netcmd/domain/models/value_type.py
|
|
||||||
%{python3_sitearch}/samba/netcmd/domain/passwordsettings.py
|
|
||||||
%{python3_sitearch}/samba/netcmd/domain/provision.py
|
|
||||||
%{python3_sitearch}/samba/netcmd/domain/samba3upgrade.py
|
|
||||||
%{python3_sitearch}/samba/netcmd/domain/schemaupgrade.py
|
|
||||||
%{python3_sitearch}/samba/netcmd/domain/tombstones.py
|
|
||||||
%{python3_sitearch}/samba/netcmd/domain/trust.py
|
|
||||||
%{python3_sitearch}/samba/netcmd/dns.py
|
%{python3_sitearch}/samba/netcmd/dns.py
|
||||||
|
%{python3_sitearch}/samba/netcmd/domain.py
|
||||||
|
%{python3_sitearch}/samba/netcmd/domain_backup.py
|
||||||
%{python3_sitearch}/samba/netcmd/drs.py
|
%{python3_sitearch}/samba/netcmd/drs.py
|
||||||
%{python3_sitearch}/samba/netcmd/dsacl.py
|
%{python3_sitearch}/samba/netcmd/dsacl.py
|
||||||
%{python3_sitearch}/samba/netcmd/encoders.py
|
|
||||||
%{python3_sitearch}/samba/netcmd/forest.py
|
%{python3_sitearch}/samba/netcmd/forest.py
|
||||||
%{python3_sitearch}/samba/netcmd/fsmo.py
|
%{python3_sitearch}/samba/netcmd/fsmo.py
|
||||||
%{python3_sitearch}/samba/netcmd/gpcommon.py
|
|
||||||
%{python3_sitearch}/samba/netcmd/gpo.py
|
%{python3_sitearch}/samba/netcmd/gpo.py
|
||||||
%{python3_sitearch}/samba/netcmd/group.py
|
%{python3_sitearch}/samba/netcmd/group.py
|
||||||
%{python3_sitearch}/samba/netcmd/ldapcmp.py
|
%{python3_sitearch}/samba/netcmd/ldapcmp.py
|
||||||
@ -2797,11 +2680,9 @@ fi
|
|||||||
%{python3_sitearch}/samba/netcmd/spn.py
|
%{python3_sitearch}/samba/netcmd/spn.py
|
||||||
%{python3_sitearch}/samba/netcmd/testparm.py
|
%{python3_sitearch}/samba/netcmd/testparm.py
|
||||||
%{python3_sitearch}/samba/netcmd/user.py
|
%{python3_sitearch}/samba/netcmd/user.py
|
||||||
%{python3_sitearch}/samba/netcmd/validators.py
|
|
||||||
%{python3_sitearch}/samba/netcmd/visualize.py
|
%{python3_sitearch}/samba/netcmd/visualize.py
|
||||||
%{python3_sitearch}/samba/ntacls.py
|
%{python3_sitearch}/samba/ntacls.py
|
||||||
%{python3_sitearch}/samba/param.*.so
|
%{python3_sitearch}/samba/param.*.so
|
||||||
%{python3_sitearch}/samba/policies.py
|
|
||||||
%{python3_sitearch}/samba/policy.*.so
|
%{python3_sitearch}/samba/policy.*.so
|
||||||
%{python3_sitearch}/samba/registry.*.so
|
%{python3_sitearch}/samba/registry.*.so
|
||||||
%{python3_sitearch}/samba/reparse_symlink.*.so
|
%{python3_sitearch}/samba/reparse_symlink.*.so
|
||||||
@ -2978,7 +2859,6 @@ fi
|
|||||||
%{python3_sitearch}/samba/tests/__pycache__/ldap_referrals.*.pyc
|
%{python3_sitearch}/samba/tests/__pycache__/ldap_referrals.*.pyc
|
||||||
%{python3_sitearch}/samba/tests/__pycache__/ldap_spn.*.pyc
|
%{python3_sitearch}/samba/tests/__pycache__/ldap_spn.*.pyc
|
||||||
%{python3_sitearch}/samba/tests/__pycache__/ldap_upn_sam_account.*.pyc
|
%{python3_sitearch}/samba/tests/__pycache__/ldap_upn_sam_account.*.pyc
|
||||||
%{python3_sitearch}/samba/tests/__pycache__/ldap_whoami.*.pyc
|
|
||||||
%{python3_sitearch}/samba/tests/__pycache__/loadparm.*.pyc
|
%{python3_sitearch}/samba/tests/__pycache__/loadparm.*.pyc
|
||||||
%{python3_sitearch}/samba/tests/__pycache__/logfiles.*.pyc
|
%{python3_sitearch}/samba/tests/__pycache__/logfiles.*.pyc
|
||||||
%{python3_sitearch}/samba/tests/__pycache__/libsmb.*.pyc
|
%{python3_sitearch}/samba/tests/__pycache__/libsmb.*.pyc
|
||||||
@ -3026,7 +2906,6 @@ fi
|
|||||||
%{python3_sitearch}/samba/tests/__pycache__/s3_net_join.*.pyc
|
%{python3_sitearch}/samba/tests/__pycache__/s3_net_join.*.pyc
|
||||||
%{python3_sitearch}/samba/tests/__pycache__/safe_tarfile.*.pyc
|
%{python3_sitearch}/samba/tests/__pycache__/safe_tarfile.*.pyc
|
||||||
%{python3_sitearch}/samba/tests/__pycache__/samba_upgradedns_lmdb.*.pyc
|
%{python3_sitearch}/samba/tests/__pycache__/samba_upgradedns_lmdb.*.pyc
|
||||||
%{python3_sitearch}/samba/tests/__pycache__/samba_startup_fl_change.*.pyc
|
|
||||||
%{python3_sitearch}/samba/tests/__pycache__/samba3sam.*.pyc
|
%{python3_sitearch}/samba/tests/__pycache__/samba3sam.*.pyc
|
||||||
%{python3_sitearch}/samba/tests/__pycache__/samdb.*.pyc
|
%{python3_sitearch}/samba/tests/__pycache__/samdb.*.pyc
|
||||||
%{python3_sitearch}/samba/tests/__pycache__/samdb_api.*.pyc
|
%{python3_sitearch}/samba/tests/__pycache__/samdb_api.*.pyc
|
||||||
@ -3209,11 +3088,8 @@ fi
|
|||||||
%{python3_sitearch}/samba/tests/krb5/__pycache__/alias_tests.*.pyc
|
%{python3_sitearch}/samba/tests/krb5/__pycache__/alias_tests.*.pyc
|
||||||
%{python3_sitearch}/samba/tests/krb5/__pycache__/as_canonicalization_tests.*.pyc
|
%{python3_sitearch}/samba/tests/krb5/__pycache__/as_canonicalization_tests.*.pyc
|
||||||
%{python3_sitearch}/samba/tests/krb5/__pycache__/as_req_tests.*.pyc
|
%{python3_sitearch}/samba/tests/krb5/__pycache__/as_req_tests.*.pyc
|
||||||
%{python3_sitearch}/samba/tests/krb5/__pycache__/authn_policy_tests.*.pyc
|
|
||||||
%{python3_sitearch}/samba/tests/krb5/__pycache__/claims_in_pac.*.pyc
|
|
||||||
%{python3_sitearch}/samba/tests/krb5/__pycache__/claims_tests.*.pyc
|
%{python3_sitearch}/samba/tests/krb5/__pycache__/claims_tests.*.pyc
|
||||||
%{python3_sitearch}/samba/tests/krb5/__pycache__/compatability_tests.*.pyc
|
%{python3_sitearch}/samba/tests/krb5/__pycache__/compatability_tests.*.pyc
|
||||||
%{python3_sitearch}/samba/tests/krb5/__pycache__/device_tests.*.pyc
|
|
||||||
%{python3_sitearch}/samba/tests/krb5/__pycache__/etype_tests.*.pyc
|
%{python3_sitearch}/samba/tests/krb5/__pycache__/etype_tests.*.pyc
|
||||||
%{python3_sitearch}/samba/tests/krb5/__pycache__/fast_tests.*.pyc
|
%{python3_sitearch}/samba/tests/krb5/__pycache__/fast_tests.*.pyc
|
||||||
%{python3_sitearch}/samba/tests/krb5/__pycache__/group_tests.*.pyc
|
%{python3_sitearch}/samba/tests/krb5/__pycache__/group_tests.*.pyc
|
||||||
@ -3226,7 +3102,6 @@ fi
|
|||||||
%{python3_sitearch}/samba/tests/krb5/__pycache__/ms_kile_client_principal_lookup_tests.*.pyc
|
%{python3_sitearch}/samba/tests/krb5/__pycache__/ms_kile_client_principal_lookup_tests.*.pyc
|
||||||
%{python3_sitearch}/samba/tests/krb5/__pycache__/nt_hash_tests.*.pyc
|
%{python3_sitearch}/samba/tests/krb5/__pycache__/nt_hash_tests.*.pyc
|
||||||
%{python3_sitearch}/samba/tests/krb5/__pycache__/pac_align_tests.*.pyc
|
%{python3_sitearch}/samba/tests/krb5/__pycache__/pac_align_tests.*.pyc
|
||||||
%{python3_sitearch}/samba/tests/krb5/__pycache__/pkinit_tests.*.pyc
|
|
||||||
%{python3_sitearch}/samba/tests/krb5/__pycache__/protected_users_tests.*.pyc
|
%{python3_sitearch}/samba/tests/krb5/__pycache__/protected_users_tests.*.pyc
|
||||||
%{python3_sitearch}/samba/tests/krb5/__pycache__/raw_testcase.*.pyc
|
%{python3_sitearch}/samba/tests/krb5/__pycache__/raw_testcase.*.pyc
|
||||||
%{python3_sitearch}/samba/tests/krb5/__pycache__/rfc4120_constants.*.pyc
|
%{python3_sitearch}/samba/tests/krb5/__pycache__/rfc4120_constants.*.pyc
|
||||||
@ -3246,11 +3121,8 @@ fi
|
|||||||
%{python3_sitearch}/samba/tests/krb5/alias_tests.py
|
%{python3_sitearch}/samba/tests/krb5/alias_tests.py
|
||||||
%{python3_sitearch}/samba/tests/krb5/as_canonicalization_tests.py
|
%{python3_sitearch}/samba/tests/krb5/as_canonicalization_tests.py
|
||||||
%{python3_sitearch}/samba/tests/krb5/as_req_tests.py
|
%{python3_sitearch}/samba/tests/krb5/as_req_tests.py
|
||||||
%{python3_sitearch}/samba/tests/krb5/authn_policy_tests.py
|
|
||||||
%{python3_sitearch}/samba/tests/krb5/claims_in_pac.py
|
|
||||||
%{python3_sitearch}/samba/tests/krb5/claims_tests.py
|
%{python3_sitearch}/samba/tests/krb5/claims_tests.py
|
||||||
%{python3_sitearch}/samba/tests/krb5/compatability_tests.py
|
%{python3_sitearch}/samba/tests/krb5/compatability_tests.py
|
||||||
%{python3_sitearch}/samba/tests/krb5/device_tests.py
|
|
||||||
%{python3_sitearch}/samba/tests/krb5/etype_tests.py
|
%{python3_sitearch}/samba/tests/krb5/etype_tests.py
|
||||||
%{python3_sitearch}/samba/tests/krb5/fast_tests.py
|
%{python3_sitearch}/samba/tests/krb5/fast_tests.py
|
||||||
%{python3_sitearch}/samba/tests/krb5/group_tests.py
|
%{python3_sitearch}/samba/tests/krb5/group_tests.py
|
||||||
@ -3263,7 +3135,6 @@ fi
|
|||||||
%{python3_sitearch}/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py
|
%{python3_sitearch}/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py
|
||||||
%{python3_sitearch}/samba/tests/krb5/nt_hash_tests.py
|
%{python3_sitearch}/samba/tests/krb5/nt_hash_tests.py
|
||||||
%{python3_sitearch}/samba/tests/krb5/pac_align_tests.py
|
%{python3_sitearch}/samba/tests/krb5/pac_align_tests.py
|
||||||
%{python3_sitearch}/samba/tests/krb5/pkinit_tests.py
|
|
||||||
%{python3_sitearch}/samba/tests/krb5/protected_users_tests.py
|
%{python3_sitearch}/samba/tests/krb5/protected_users_tests.py
|
||||||
%{python3_sitearch}/samba/tests/krb5/raw_testcase.py
|
%{python3_sitearch}/samba/tests/krb5/raw_testcase.py
|
||||||
%{python3_sitearch}/samba/tests/krb5/rfc4120_constants.py
|
%{python3_sitearch}/samba/tests/krb5/rfc4120_constants.py
|
||||||
@ -3285,7 +3156,6 @@ fi
|
|||||||
%{python3_sitearch}/samba/tests/ldap_spn.py
|
%{python3_sitearch}/samba/tests/ldap_spn.py
|
||||||
%{python3_sitearch}/samba/tests/ldap_referrals.py
|
%{python3_sitearch}/samba/tests/ldap_referrals.py
|
||||||
%{python3_sitearch}/samba/tests/ldap_upn_sam_account.py
|
%{python3_sitearch}/samba/tests/ldap_upn_sam_account.py
|
||||||
%{python3_sitearch}/samba/tests/ldap_whoami.py
|
|
||||||
%{python3_sitearch}/samba/tests/libsmb.py
|
%{python3_sitearch}/samba/tests/libsmb.py
|
||||||
%{python3_sitearch}/samba/tests/libsmb-basic.py
|
%{python3_sitearch}/samba/tests/libsmb-basic.py
|
||||||
%{python3_sitearch}/samba/tests/loadparm.py
|
%{python3_sitearch}/samba/tests/loadparm.py
|
||||||
@ -3333,7 +3203,6 @@ fi
|
|||||||
%{python3_sitearch}/samba/tests/s3_net_join.py
|
%{python3_sitearch}/samba/tests/s3_net_join.py
|
||||||
%{python3_sitearch}/samba/tests/safe_tarfile.py
|
%{python3_sitearch}/samba/tests/safe_tarfile.py
|
||||||
%{python3_sitearch}/samba/tests/samba3sam.py
|
%{python3_sitearch}/samba/tests/samba3sam.py
|
||||||
%{python3_sitearch}/samba/tests/samba_startup_fl_change.py
|
|
||||||
%{python3_sitearch}/samba/tests/samba_upgradedns_lmdb.py
|
%{python3_sitearch}/samba/tests/samba_upgradedns_lmdb.py
|
||||||
%dir %{python3_sitearch}/samba/tests/samba_tool
|
%dir %{python3_sitearch}/samba/tests/samba_tool
|
||||||
%{python3_sitearch}/samba/tests/samba_tool/__init__.py
|
%{python3_sitearch}/samba/tests/samba_tool/__init__.py
|
||||||
@ -3344,11 +3213,6 @@ fi
|
|||||||
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/contact.*.pyc
|
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/contact.*.pyc
|
||||||
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/demote.*.pyc
|
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/demote.*.pyc
|
||||||
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/dnscmd.*.pyc
|
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/dnscmd.*.pyc
|
||||||
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/domain_auth_base.*.pyc
|
|
||||||
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/domain_auth_policy.*.pyc
|
|
||||||
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/domain_auth_silo.*.pyc
|
|
||||||
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/domain_claim.*.pyc
|
|
||||||
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/domain_models.*.pyc
|
|
||||||
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/drs_clone_dc_data_lmdb_size.*.pyc
|
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/drs_clone_dc_data_lmdb_size.*.pyc
|
||||||
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/dsacl.*.pyc
|
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/dsacl.*.pyc
|
||||||
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/forest.*.pyc
|
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/forest.*.pyc
|
||||||
@ -3386,11 +3250,6 @@ fi
|
|||||||
%{python3_sitearch}/samba/tests/samba_tool/contact.py
|
%{python3_sitearch}/samba/tests/samba_tool/contact.py
|
||||||
%{python3_sitearch}/samba/tests/samba_tool/demote.py
|
%{python3_sitearch}/samba/tests/samba_tool/demote.py
|
||||||
%{python3_sitearch}/samba/tests/samba_tool/dnscmd.py
|
%{python3_sitearch}/samba/tests/samba_tool/dnscmd.py
|
||||||
%{python3_sitearch}/samba/tests/samba_tool/domain_auth_base.py
|
|
||||||
%{python3_sitearch}/samba/tests/samba_tool/domain_auth_policy.py
|
|
||||||
%{python3_sitearch}/samba/tests/samba_tool/domain_auth_silo.py
|
|
||||||
%{python3_sitearch}/samba/tests/samba_tool/domain_claim.py
|
|
||||||
%{python3_sitearch}/samba/tests/samba_tool/domain_models.py
|
|
||||||
%{python3_sitearch}/samba/tests/samba_tool/drs_clone_dc_data_lmdb_size.py
|
%{python3_sitearch}/samba/tests/samba_tool/drs_clone_dc_data_lmdb_size.py
|
||||||
%{python3_sitearch}/samba/tests/samba_tool/dsacl.py
|
%{python3_sitearch}/samba/tests/samba_tool/dsacl.py
|
||||||
%{python3_sitearch}/samba/tests/samba_tool/forest.py
|
%{python3_sitearch}/samba/tests/samba_tool/forest.py
|
||||||
@ -3490,7 +3349,6 @@ fi
|
|||||||
%{_libdir}/samba/libnss-info-samba4.so
|
%{_libdir}/samba/libnss-info-samba4.so
|
||||||
%{_libdir}/samba/libidmap-samba4.so
|
%{_libdir}/samba/libidmap-samba4.so
|
||||||
%{_sbindir}/winbindd
|
%{_sbindir}/winbindd
|
||||||
%{_sysusersdir}/samba-winbind.conf
|
|
||||||
%attr(750,root,wbpriv) %dir /var/lib/samba/winbindd_privileged
|
%attr(750,root,wbpriv) %dir /var/lib/samba/winbindd_privileged
|
||||||
%{_unitdir}/winbind.service
|
%{_unitdir}/winbind.service
|
||||||
%{_prefix}/lib/NetworkManager
|
%{_prefix}/lib/NetworkManager
|
||||||
@ -4479,39 +4337,17 @@ fi
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Fri Aug 02 2024 Pavel Filipenský <pfilipen@redhat.com> - 4.19.4-5
|
* Wed Feb 21 2024 Eduard Abdullin <eabdullin@almalinux.org> - 4.18.6-3.alma.1
|
||||||
- resolves: RHEL-45842 - Fix idmap_ad with trusted domains
|
- Fix libnss_winbind causes memory corruption since samba-4.18,
|
||||||
|
impacts sendmail, zabbix, potentially more
|
||||||
|
|
||||||
* Thu May 02 2024 Pavel Filipenský <pfilipen@redhat.com> - 4.19.4-4
|
* Thu Nov 23 2023 Eduard Abdullin <eabdullin@almalinux.org> - 4.18.6-2.alma.1
|
||||||
- related: RHEL-33813 - Undo wrong changes in rpminspect.yaml
|
- CVE-2023-3961:s3:smbd: Catch any incoming pipe path that
|
||||||
|
could exit socket_dir.
|
||||||
* Thu May 02 2024 Pavel Filipenský <pfilipen@redhat.com> - 4.19.4-4
|
- CVE-2023-4091: smbtorture: test overwrite dispositions on
|
||||||
- resolves: RHEL-33813 - Add option to request only POSIX groups from AD in idmap_ad
|
read-only file
|
||||||
|
- CVE-2023-42669 s4-rpc_server: Disable rpcecho server by
|
||||||
* Thu Jan 18 2024 Pavel Filipenský <pfilipen@redhat.com> - 4.19.4-3
|
default
|
||||||
- resolves: RHEL-19753 - Fix smbget interactive authentication
|
|
||||||
|
|
||||||
* Wed Jan 10 2024 Pavel Filipenský <pfilipen@redhat.com> - 4.19.4-2
|
|
||||||
- Fix error in PREIN scriptlet in rpm package samba-common
|
|
||||||
- related: RHEL-16483 - Update to version 4.19.4
|
|
||||||
|
|
||||||
* Tue Jan 09 2024 Pavel Filipenský <pfilipen@redhat.com> - 4.19.4-1
|
|
||||||
- resolves: RHEL-16483 - Update to version 4.19.4
|
|
||||||
|
|
||||||
* Thu Dec 14 2023 Pavel Filipenský <pfilipen@redhat.com> - 4.19.3-2
|
|
||||||
- resolves: RHEL-17283 - Fix smbget password interactive authentication
|
|
||||||
|
|
||||||
* Mon Dec 04 2023 Pavel Filipenský <pfilipen@redhat.com> - 4.19.3-1
|
|
||||||
- resolves: RHEL-16483 - Update to version 4.19.3
|
|
||||||
- resolves: RHEL-11361
|
|
||||||
- Fix CVE-2023-3961 CVE-2023-4091 CVE-2023-42669
|
|
||||||
- resolves: RHEL-2228 - Logging Format Enhancement
|
|
||||||
- resolves: RHEL-1965 - Fix smbget issues with DFS shares
|
|
||||||
- resolves: RHEL-2108 - Fix force user/group issues with 'allow trusted domains = yes'
|
|
||||||
- resolves: RHEL-17122 - Fix memory corruption in libnss_winbind
|
|
||||||
|
|
||||||
* Sat Nov 18 2023 Pavel Filipenský <pfilipen@redhat.com> - 4.19.2-0
|
|
||||||
- resolves: RHEL-16483 - Update to version 4.19.2
|
|
||||||
|
|
||||||
* Thu Aug 17 2023 Andreas Schneider <asn@redhat.com> - 4.18.6-1
|
* Thu Aug 17 2023 Andreas Schneider <asn@redhat.com> - 4.18.6-1
|
||||||
- related: rhbz#2190417 - Update to version 4.18.6
|
- related: rhbz#2190417 - Update to version 4.18.6
|
||||||
|
Loading…
Reference in New Issue
Block a user