Compare commits
No commits in common. "c8" and "c9s" have entirely different histories.
295
.gitignore
vendored
295
.gitignore
vendored
@ -1,2 +1,293 @@
|
|||||||
SOURCES/samba-4.19.4.tar.xz
|
samba-3.5.4.tar.gz
|
||||||
SOURCES/samba-pubkey_AA99442FB680B620.gpg
|
samba-3.6.0pre1.tar.gz
|
||||||
|
/samba-3.6.0pre2.tar.gz
|
||||||
|
/samba-3.6.0pre3.tar.gz
|
||||||
|
/samba-3.6.0rc1.tar.gz
|
||||||
|
/samba-3.6.0rc2.tar.gz
|
||||||
|
/samba-3.6.0rc3.tar.gz
|
||||||
|
/samba-3.6.0.tar.gz
|
||||||
|
/samba-3.6.1.tar.gz
|
||||||
|
/samba-3.6.3.tar.gz
|
||||||
|
/samba-3.6.4.tar.gz
|
||||||
|
/samba-3.6.5.tar.gz
|
||||||
|
/samba-3.6.6.tar.gz
|
||||||
|
/samba-3.6.7.tar.gz
|
||||||
|
/samba-4.0.0rc1.tar.bz2
|
||||||
|
/samba-4.0.0rc2.tar.bz2
|
||||||
|
/samba-4.0.0rc3.tar.bz2
|
||||||
|
/samba-4.0.0rc4.tar.bz2
|
||||||
|
/samba-4.0.0rc5.tar.bz2
|
||||||
|
/samba-4.0.0rc6.tar.bz2
|
||||||
|
/samba-4.0.0.tar.bz2
|
||||||
|
/samba-4.0.1.tar.bz2
|
||||||
|
/samba-4.0.2.tar.bz2
|
||||||
|
/samba-4.0.3.tar.bz2
|
||||||
|
/samba-4.0.4.tar.bz2
|
||||||
|
/samba-4.0.5.tar.bz2
|
||||||
|
/samba-4.0.6.tar.bz2
|
||||||
|
/samba-4.0.7.tar.xz
|
||||||
|
/samba-4.1.0rc1.tar.xz
|
||||||
|
/samba-4.1.0rc2.tar.xz
|
||||||
|
/samba-4.1.0rc3.tar.xz
|
||||||
|
/samba-4.1.0rc4.tar.xz
|
||||||
|
/samba-4.1.0.tar.xz
|
||||||
|
/samba-4.1.1.tar.xz
|
||||||
|
/samba-4.1.2.tar.xz
|
||||||
|
/samba-4.1.3.tar.xz
|
||||||
|
/samba-4.1.4.tar.xz
|
||||||
|
/samba-4.1.5.tar.xz
|
||||||
|
/samba-4.1.6.tar.xz
|
||||||
|
/samba-4.1.8.tar.xz
|
||||||
|
/samba-4.1.9.tar.xz
|
||||||
|
/samba-4.1.11.tar.gz
|
||||||
|
/samba-4.1.11.tar.xz
|
||||||
|
/samba-4.1.12.tar.xz
|
||||||
|
/samba-4.2.0rc2.tar.xz
|
||||||
|
/samba-4.2.0rc3.tar.xz
|
||||||
|
/samba-4.2.0rc4.tar.xz
|
||||||
|
/samba-4.2.0rc5.tar.xz
|
||||||
|
/samba-4.2.0.tar.xz
|
||||||
|
/samba-4.2.1.tar.xz
|
||||||
|
/samba-4.2.2.tar.xz
|
||||||
|
/samba-4.2.3.tar.xz
|
||||||
|
/samba-4.3.0rc3.tar.xz
|
||||||
|
/samba-4.3.0rc4.tar.xz
|
||||||
|
/samba-4.3.0.tar.xz
|
||||||
|
/samba-4.3.1.tar.xz
|
||||||
|
/samba-4.3.2.tar.xz
|
||||||
|
/samba-4.3.3.tar.xz
|
||||||
|
/samba-4.3.4.tar.xz
|
||||||
|
/samba-4.4.0rc1.tar.xz
|
||||||
|
/samba-4.4.0rc2.tar.xz
|
||||||
|
/samba-4.4.0rc3.tar.xz
|
||||||
|
/samba-4.4.0rc4.tar.xz
|
||||||
|
/samba-4.4.0rc5.tar.xz
|
||||||
|
/samba-4.4.0.tar.xz
|
||||||
|
/samba-4.4.2.tar.xz
|
||||||
|
/samba-4.4.3.tar.xz
|
||||||
|
/samba-4.4.4.tar.xz
|
||||||
|
/samba-4.4.5.tar.xz
|
||||||
|
/samba-4.5.0rc1.tar.xz
|
||||||
|
/samba-4.5.0rc2.tar.xz
|
||||||
|
/samba-4.5.0rc3.tar.xz
|
||||||
|
/samba-4.5.0.tar.xz
|
||||||
|
/samba-4.5.1.tar.xz
|
||||||
|
/samba-4.5.2.tar.xz
|
||||||
|
/samba-4.5.3.tar.xz
|
||||||
|
/samba-4.6.0rc1.tar.xz
|
||||||
|
/samba-4.6.0rc2.tar.xz
|
||||||
|
/samba-4.6.0rc2.tar.asc
|
||||||
|
/samba-4.6.0rc3.tar.asc
|
||||||
|
/samba-4.6.0rc3.tar.xz
|
||||||
|
/samba-4.6.0rc4.tar.xz
|
||||||
|
/samba-4.6.0rc4.tar.asc
|
||||||
|
/samba-4.6.0.tar.asc
|
||||||
|
/samba-4.6.0.tar.xz
|
||||||
|
/samba-4.6.1.tar.xz
|
||||||
|
/samba-4.6.1.tar.asc
|
||||||
|
/samba-4.6.2.tar.xz
|
||||||
|
/samba-4.6.2.tar.asc
|
||||||
|
/samba-4.6.3.tar.xz
|
||||||
|
/samba-4.6.3.tar.asc
|
||||||
|
/samba-4.6.4.tar.xz
|
||||||
|
/samba-4.6.4.tar.asc
|
||||||
|
/samba-4.6.5.tar.xz
|
||||||
|
/samba-4.6.5.tar.asc
|
||||||
|
/samba-4.7.0rc1.tar.xz
|
||||||
|
/samba-4.7.0rc1.tar.asc
|
||||||
|
/samba-4.7.0rc3.tar.xz
|
||||||
|
/samba-4.7.0rc3.tar.asc
|
||||||
|
/samba-4.7.0rc5.tar.xz
|
||||||
|
/samba-4.7.0rc5.tar.asc
|
||||||
|
/samba-4.7.0rc6.tar.xz
|
||||||
|
/samba-4.7.0rc6.tar.asc
|
||||||
|
/samba-4.7.0.tar.xz
|
||||||
|
/samba-4.7.0.tar.asc
|
||||||
|
/samba-4.7.1.tar.xz
|
||||||
|
/samba-4.7.1.tar.asc
|
||||||
|
/samba-4.7.2.tar.xz
|
||||||
|
/samba-4.7.2.tar.asc
|
||||||
|
/samba-4.7.3.tar.xz
|
||||||
|
/samba-4.7.3.tar.asc
|
||||||
|
/samba-4.7.4.tar.xz
|
||||||
|
/samba-4.7.4.tar.asc
|
||||||
|
/samba-4.8.0rc1.tar.xz
|
||||||
|
/samba-4.8.0rc1.tar.asc
|
||||||
|
/samba-4.8.0rc2.tar.xz
|
||||||
|
/samba-4.8.0rc2.tar.asc
|
||||||
|
/samba-4.8.0rc3.tar.xz
|
||||||
|
/samba-4.8.0rc3.tar.asc
|
||||||
|
/samba-4.8.0rc4.tar.xz
|
||||||
|
/samba-4.8.0rc4.tar.asc
|
||||||
|
/samba-4.8.0.tar.xz
|
||||||
|
/samba-4.8.0.tar.asc
|
||||||
|
/samba-4.8.1.tar.xz
|
||||||
|
/samba-4.8.1.tar.asc
|
||||||
|
/samba-4.8.2.tar.xz
|
||||||
|
/samba-4.8.2.tar.asc
|
||||||
|
/samba-4.8.3.tar.asc
|
||||||
|
/samba-4.8.3.tar.xz
|
||||||
|
/samba-4.9.0rc1.tar.xz
|
||||||
|
/samba-4.9.0rc1.tar.asc
|
||||||
|
/samba-4.9.0rc2.tar.xz
|
||||||
|
/samba-4.9.0rc2.tar.asc
|
||||||
|
/samba-4.9.0rc3.tar.xz
|
||||||
|
/samba-4.9.0rc3.tar.asc
|
||||||
|
/samba-4.9.0rc4.tar.xz
|
||||||
|
/samba-4.9.0rc4.tar.asc
|
||||||
|
/samba-4.9.0rc5.tar.asc
|
||||||
|
/samba-4.9.0rc5.tar.xz
|
||||||
|
/samba-4.9.0.tar.xz
|
||||||
|
/samba-4.9.0.tar.asc
|
||||||
|
/samba-4.9.1.tar.asc
|
||||||
|
/samba-4.9.1.tar.xz
|
||||||
|
/samba-4.9.2.tar.xz
|
||||||
|
/samba-4.9.2.tar.asc
|
||||||
|
/samba-4.9.3.tar.xz
|
||||||
|
/samba-4.9.3.tar.asc
|
||||||
|
/samba-4.9.4.tar.xz
|
||||||
|
/samba-4.9.4.tar.asc
|
||||||
|
/samba-4.10.0rc1.tar.xz
|
||||||
|
/samba-4.10.0rc1.tar.asc
|
||||||
|
/samba-4.10.0rc2.tar.xz
|
||||||
|
/samba-4.10.0rc2.tar.asc
|
||||||
|
/samba-4.10.0rc3.tar.xz
|
||||||
|
/samba-4.10.0rc3.tar.asc
|
||||||
|
/samba-4.10.0rc4.tar.xz
|
||||||
|
/samba-4.10.0rc4.tar.asc
|
||||||
|
/samba-4.10.0.tar.xz
|
||||||
|
/samba-4.10.0.tar.asc
|
||||||
|
/samba-4.10.1.tar.xz
|
||||||
|
/samba-4.10.1.tar.asc
|
||||||
|
/samba-4.10.2.tar.xz
|
||||||
|
/samba-4.10.2.tar.asc
|
||||||
|
/samba-4.10.3.tar.xz
|
||||||
|
/samba-4.10.3.tar.asc
|
||||||
|
/samba-4.10.4.tar.xz
|
||||||
|
/samba-4.10.4.tar.asc
|
||||||
|
/samba-4.10.5.tar.xz
|
||||||
|
/samba-4.10.5.tar.asc
|
||||||
|
/samba-4.10.6.tar.xz
|
||||||
|
/samba-4.10.6.tar.asc
|
||||||
|
/samba-4.11.0rc1.tar.xz
|
||||||
|
/samba-4.11.0rc1.tar.asc
|
||||||
|
/samba-4.11.0rc2.tar.xz
|
||||||
|
/samba-4.11.0rc2.tar.asc
|
||||||
|
/samba-4.11.0rc3.tar.xz
|
||||||
|
/samba-4.11.0rc3.tar.asc
|
||||||
|
/samba-4.11.0rc4.tar.xz
|
||||||
|
/samba-4.11.0rc4.tar.asc
|
||||||
|
/samba-4.11.0.tar.xz
|
||||||
|
/samba-4.11.0.tar.asc
|
||||||
|
/samba-4.11.1.tar.xz
|
||||||
|
/samba-4.11.1.tar.asc
|
||||||
|
/samba-4.11.2.tar.xz
|
||||||
|
/samba-4.11.2.tar.asc
|
||||||
|
/samba-4.11.3.tar.xz
|
||||||
|
/samba-4.11.3.tar.asc
|
||||||
|
/samba-4.11.4.tar.xz
|
||||||
|
/samba-4.11.4.tar.asc
|
||||||
|
/samba-4.11.5.tar.xz
|
||||||
|
/samba-4.11.5.tar.asc
|
||||||
|
/samba-4.12.0rc1.tar.xz
|
||||||
|
/samba-4.12.0rc1.tar.asc
|
||||||
|
/samba-4.12.0rc2.tar.xz
|
||||||
|
/samba-4.12.0rc2.tar.asc
|
||||||
|
/samba-4.12.0rc3.tar.xz
|
||||||
|
/samba-4.12.0rc3.tar.asc
|
||||||
|
/samba-4.12.0rc4.tar.xz
|
||||||
|
/samba-4.12.0rc4.tar.asc
|
||||||
|
/samba-4.12.0.tar.xz
|
||||||
|
/samba-4.12.0.tar.asc
|
||||||
|
/samba-4.12.1.tar.xz
|
||||||
|
/samba-4.12.1.tar.asc
|
||||||
|
/samba-4.12.2.tar.xz
|
||||||
|
/samba-4.12.2.tar.asc
|
||||||
|
/samba-4.12.3.tar.xz
|
||||||
|
/samba-4.12.3.tar.asc
|
||||||
|
/samba-4.12.4.tar.xz
|
||||||
|
/samba-4.12.4.tar.asc
|
||||||
|
/samba-4.12.5.tar.xz
|
||||||
|
/samba-4.12.5.tar.asc
|
||||||
|
/samba-4.13.0rc1.tar.xz
|
||||||
|
/samba-4.13.0rc1.tar.asc
|
||||||
|
/samba-4.13.0rc2.tar.xz
|
||||||
|
/samba-4.13.0rc2.tar.asc
|
||||||
|
/samba-4.13.0rc3.tar.xz
|
||||||
|
/samba-4.13.0rc3.tar.asc
|
||||||
|
/samba-4.13.0rc4.tar.xz
|
||||||
|
/samba-4.13.0rc4.tar.asc
|
||||||
|
/samba-4.13.0rc5.tar.xz
|
||||||
|
/samba-4.13.0rc5.tar.asc
|
||||||
|
/samba-4.13.0rc6.tar.xz
|
||||||
|
/samba-4.13.0rc6.tar.asc
|
||||||
|
/samba-4.13.0.tar.xz
|
||||||
|
/samba-4.13.0.tar.asc
|
||||||
|
/samba-4.13.1.tar.xz
|
||||||
|
/samba-4.13.1.tar.asc
|
||||||
|
/samba-4.13.2.tar.xz
|
||||||
|
/samba-4.13.2.tar.asc
|
||||||
|
/samba-4.13.3.tar.xz
|
||||||
|
/samba-4.13.3.tar.asc
|
||||||
|
/samba-4.13.4.tar.xz
|
||||||
|
/samba-4.13.4.tar.asc
|
||||||
|
/samba-4.14.0rc1.tar.xz
|
||||||
|
/samba-4.14.0rc1.tar.asc
|
||||||
|
/samba-4.14.0rc2.tar.xz
|
||||||
|
/samba-4.14.0rc2.tar.asc
|
||||||
|
/samba-4.14.0rc3.tar.xz
|
||||||
|
/samba-4.14.0rc3.tar.asc
|
||||||
|
/samba-4.14.0rc4.tar.xz
|
||||||
|
/samba-4.14.0rc4.tar.asc
|
||||||
|
/samba-4.14.0.tar.xz
|
||||||
|
/samba-4.14.0.tar.asc
|
||||||
|
/samba-4.14.1.tar.xz
|
||||||
|
/samba-4.14.1.tar.asc
|
||||||
|
/samba-4.14.2.tar.xz
|
||||||
|
/samba-4.14.2.tar.asc
|
||||||
|
/samba-4.14.4.tar.xz
|
||||||
|
/samba-4.14.4.tar.asc
|
||||||
|
/samba-4.14.5.tar.asc
|
||||||
|
/samba-4.14.5.tar.xz
|
||||||
|
/samba-4.15.2.tar.asc
|
||||||
|
/samba-4.15.2.tar.xz
|
||||||
|
/samba-4.15.3.tar.asc
|
||||||
|
/samba-4.15.3.tar.xz
|
||||||
|
/samba-4.15.4.tar.asc
|
||||||
|
/samba-4.15.4.tar.xz
|
||||||
|
/samba-4.15.5.tar.xz
|
||||||
|
/samba-4.15.5.tar.asc
|
||||||
|
/samba-4.16.1.tar.asc
|
||||||
|
/samba-4.16.1.tar.xz
|
||||||
|
/samba-4.16.2.tar.asc
|
||||||
|
/samba-4.16.2.tar.xz
|
||||||
|
/samba-4.16.3.tar.asc
|
||||||
|
/samba-4.16.3.tar.xz
|
||||||
|
/samba-4.16.4.tar.xz
|
||||||
|
/samba-4.16.4.tar.asc
|
||||||
|
/samba-4.17.2.tar.asc
|
||||||
|
/samba-4.17.2.tar.xz
|
||||||
|
/samba-4.17.4.tar.asc
|
||||||
|
/samba-4.17.4.tar.xz
|
||||||
|
/samba-4.17.5.tar.asc
|
||||||
|
/samba-4.17.5.tar.xz
|
||||||
|
/samba-4.18.2.tar.asc
|
||||||
|
/samba-4.18.2.tar.xz
|
||||||
|
/samba-4.18.3.tar.asc
|
||||||
|
/samba-4.18.3.tar.xz
|
||||||
|
/samba-4.18.4.tar.asc
|
||||||
|
/samba-4.18.4.tar.xz
|
||||||
|
/samba-4.18.5.tar.asc
|
||||||
|
/samba-4.18.5.tar.xz
|
||||||
|
/samba-4.18.6.tar.xz
|
||||||
|
/samba-4.18.6.tar.asc
|
||||||
|
/samba-4.19.3.tar.xz
|
||||||
|
/samba-4.19.3.tar.asc
|
||||||
|
/samba-4.19.4.tar.xz
|
||||||
|
/samba-4.19.4.tar.asc
|
||||||
|
/samba-4.20.0.tar.asc
|
||||||
|
/samba-4.20.0.tar.xz
|
||||||
|
/samba-4.20.1.tar.asc
|
||||||
|
/samba-4.20.1.tar.xz
|
||||||
|
/samba-4.20.2.tar.asc
|
||||||
|
/samba-4.20.2.tar.xz
|
||||||
|
@ -1,2 +0,0 @@
|
|||||||
6a164128df94dd89e785ca9f42d7be5714f16bed SOURCES/samba-4.19.4.tar.xz
|
|
||||||
971f563c447eda8d144d6c9e743cd0f0488c0d9e SOURCES/samba-pubkey_AA99442FB680B620.gpg
|
|
186
README.md
Normal file
186
README.md
Normal file
@ -0,0 +1,186 @@
|
|||||||
|
Samba is a free SMB and CIFS client and server and Domain Controller for UNIX
|
||||||
|
and other operating systems. It is maintained by the Samba Team, who support the
|
||||||
|
original author, Andrew Tridgell.
|
||||||
|
|
||||||
|
This software is freely distributable under the GNU public license, a copy of
|
||||||
|
which you should have received with this software (in a file called COPYING).
|
||||||
|
|
||||||
|
# WHAT IS SMB/CIFS?
|
||||||
|
This is a big question.
|
||||||
|
|
||||||
|
The very short answer is that it is the protocol by which a lot of PC-related
|
||||||
|
machines share files and printers and other information such as lists of
|
||||||
|
available files and printers. Operating systems that support this natively
|
||||||
|
include Windows 9x, Windows NT (and derivatives), OS/2, Mac OS X and Linux. Add
|
||||||
|
on packages that achieve the same thing are available for DOS, Windows 3.1, VMS,
|
||||||
|
Unix of all kinds, MVS, and more. Some Web Browsers can speak this protocol as
|
||||||
|
well (smb://). Alternatives to SMB include Netware, NFS, Appletalk, Banyan
|
||||||
|
Vines, Decnet etc; many of these have advantages but none are both public
|
||||||
|
specifications and widely implemented in desktop machines by default.
|
||||||
|
|
||||||
|
The Common Internet File system (CIFS) is what the new SMB initiative is called.
|
||||||
|
For details watch [here](https://samba.org/cifs)
|
||||||
|
|
||||||
|
# WHY DO PEOPLE WANT TO USE SMB?
|
||||||
|
* Many people want to integrate their Microsoft desktop clients with their Unix
|
||||||
|
servers.
|
||||||
|
|
||||||
|
* Others want to integrate their Microsoft (etc) servers with Unix servers. This
|
||||||
|
is a different problem to integrating desktop clients.
|
||||||
|
|
||||||
|
* Others want to replace protocols like NFS, DecNet and Novell NCP, especially
|
||||||
|
when used with PCs.
|
||||||
|
|
||||||
|
# WHAT CAN SAMBA DO?
|
||||||
|
Please refer to the WHATSNEW.txt included with this README for a list of
|
||||||
|
features in the latest Samba release.
|
||||||
|
|
||||||
|
Here is a very short list of what samba includes, and what it does. For many
|
||||||
|
networks this can be simply summarized by "Samba provides a complete replacement
|
||||||
|
for Windows NT, Warp, NFS or Netware servers."
|
||||||
|
* a SMB server, to provide Windows NT and LAN Manager-style file and print
|
||||||
|
services to SMB clients such as Windows 95, Warp Server, smbfs and others.
|
||||||
|
|
||||||
|
* a Windows Domain Controller (NT4 and AD) replacement.
|
||||||
|
|
||||||
|
* a file/print server that can act as a member of a Windows NT 4.0 or Active
|
||||||
|
Directory domain.
|
||||||
|
|
||||||
|
* a NetBIOS (rfc1001/1002) nameserver, which amongst other things gives browsing
|
||||||
|
support. Samba can be the master browser on your LAN if you wish.
|
||||||
|
|
||||||
|
* a ftp-like SMB client so you can access PC resources (disks and printers) from
|
||||||
|
UNIX, Netware, and other operating systems
|
||||||
|
|
||||||
|
* a tar extension to the client for backing up PCs
|
||||||
|
|
||||||
|
* limited command-line tool that supports some of the NT administrative
|
||||||
|
functionality, which can be used on Samba, NT workstation and NT server.
|
||||||
|
|
||||||
|
For a much better overview have a look at the [web site](http://samba.org/samba)
|
||||||
|
and browse the user survey.
|
||||||
|
|
||||||
|
#### Related packages include:
|
||||||
|
* cifsvfs, an advanced Linux-only filesystem allowing you to mount remote SMB
|
||||||
|
filesystems from PCs on your Linux box. This is included as standard with Linux
|
||||||
|
2.5 and later.
|
||||||
|
|
||||||
|
* smbfs, the previous Linux-only filesystem allowing you to mount remote SMB
|
||||||
|
filesystems from PCs on your Linux box. This is included as standard with Linux
|
||||||
|
2.0 and later.
|
||||||
|
|
||||||
|
# CONTRIBUTIONS
|
||||||
|
|
||||||
|
### To contribute via GitHub
|
||||||
|
* fork the official Samba team repository on GitHub
|
||||||
|
-- see [GitHub](https://github.com/samba-team/samba)
|
||||||
|
|
||||||
|
* become familiar with the coding standards as described in README.Coding
|
||||||
|
|
||||||
|
* make sure you read the Samba copyright policy
|
||||||
|
-- see [Copyright Policy](https://www.samba.org/samba/devel/copyright-policy.html)
|
||||||
|
|
||||||
|
* create a feature branch
|
||||||
|
|
||||||
|
* make changes
|
||||||
|
|
||||||
|
* when committing, be sure to add signed-off-by tags
|
||||||
|
-- see [Commit message tags](https://wiki.samba.org/index.php/CodeReview#commit_message_tags)
|
||||||
|
|
||||||
|
* send a pull request for your branch through GitHub
|
||||||
|
|
||||||
|
* this will trigger an email to the samba-technical mailing list
|
||||||
|
|
||||||
|
* discussion happens on the samba-technical mailing list as described below
|
||||||
|
|
||||||
|
* more info on using Git for Samba development can be found on Samba Wiki
|
||||||
|
-- see [Using Git for Samba](https://wiki.samba.org/index.php/Using_Git_for_Samba_Development)
|
||||||
|
|
||||||
|
### To contribute via mailing lists
|
||||||
|
Join the mailing list. The Samba team accepts patches (preferably in "diff -u"
|
||||||
|
format, see [here](https://samba.org/samba/devel) for more details) and are
|
||||||
|
always glad to receive feedback or suggestions to the address
|
||||||
|
samba@lists.samba.org. More information on the various Samba mailing lists can
|
||||||
|
be found at [mailman](http://lists.samba.org).
|
||||||
|
|
||||||
|
You can also get the Samba sourcecode straight from the [git repository](http://wiki.samba.org/index.php/Using_Git_for_Samba_Development).
|
||||||
|
|
||||||
|
If you like a particular feature then look through the git change-log on the
|
||||||
|
[web](https://git.samba.org/?p=samba.git;a=summary) and see who added it, then
|
||||||
|
send them an email.
|
||||||
|
|
||||||
|
Remember that free software of this kind lives or dies by the response we get.
|
||||||
|
If no one tells us they like it then we'll probably move onto something else.
|
||||||
|
|
||||||
|
|
||||||
|
# MORE INFO
|
||||||
|
|
||||||
|
### DOCUMENTATION
|
||||||
|
There is quite a bit of documentation included with the package, including man
|
||||||
|
pages, and lots of .html files with hints and useful info. This is also
|
||||||
|
available from the web page. There is a growing collection of information under
|
||||||
|
docs/.
|
||||||
|
|
||||||
|
A list of Samba documentation in languages other than English is available on
|
||||||
|
the web page.
|
||||||
|
|
||||||
|
If you would like to help with the documentation, please coordinate on the
|
||||||
|
samba@lists.samba.org mailing list. See the next section for details on
|
||||||
|
subscribing to samba mailing lists.
|
||||||
|
|
||||||
|
### MAILING LIST
|
||||||
|
Please do NOT send subscription/unsubscription requests to the lists!
|
||||||
|
|
||||||
|
There is a mailing list for discussion of Samba. For details go to [mailman](https://lists.samba.org)
|
||||||
|
or send mail to <samba-subscribe@lists.samba.org>.
|
||||||
|
|
||||||
|
There is also an announcement mailing list where new versions are announced. To
|
||||||
|
subscribe go to [mailman](http://lists.samba.org) or send mail to
|
||||||
|
<samba-announce-subscribe@lists.samba.org>. All announcements also go to the
|
||||||
|
samba list, so you only need to be on one.
|
||||||
|
|
||||||
|
For details of other Samba mailing lists and for access to archives, see
|
||||||
|
[mailman](http://lists.samba.org)
|
||||||
|
|
||||||
|
### MAILING LIST ETIQUETTE
|
||||||
|
|
||||||
|
A few tips when submitting to this or any mailing list.
|
||||||
|
- Make your subject short and descriptive. Avoid the words "help" or "Samba" in
|
||||||
|
the subject. The readers of this list already know that a) you need help, and b)
|
||||||
|
you are writing about samba (of course, you may need to distinguish between
|
||||||
|
Samba PDC and other file sharing software). Avoid phrases such as "what is" and
|
||||||
|
"how do i". Some good subject lines might look like "Slow response with Excel
|
||||||
|
files" or "Migrating from Samba PDC to NT PDC".
|
||||||
|
|
||||||
|
- If you include the original message in your reply, trim it so that only the
|
||||||
|
relevant lines, enough to establish context, are included. Chances are (since
|
||||||
|
this is a mailing list) we've already read the original message.
|
||||||
|
|
||||||
|
- Trim irrelevant headers from the original message in your reply. All we need
|
||||||
|
to see is a) From, b) Date, and c) Subject. We don't even really need the
|
||||||
|
Subject, if you haven't changed it. Better yet is to just preface the original
|
||||||
|
message with "On [date] [someone] wrote:".
|
||||||
|
|
||||||
|
- Please don't reply to or argue about spam, spam filters or viruses on any
|
||||||
|
Samba lists. We do have a spam filtering system that is working quite well thank
|
||||||
|
you very much but occasionally unwanted messages slip through. Deal with it.
|
||||||
|
|
||||||
|
- Never say "Me too." It doesn't help anyone solve the problem. Instead, if you
|
||||||
|
ARE having the same problem, give more information. Have you seen something that
|
||||||
|
the other writer hasn't mentioned, which may be helpful?
|
||||||
|
|
||||||
|
- If you ask about a problem, then come up with the solution on your own or
|
||||||
|
through another source, by all means post it. Someone else may have the same
|
||||||
|
problem and is waiting for an answer, but never hears of it.
|
||||||
|
|
||||||
|
- Give as much *relevant* information as possible such as Samba release number,
|
||||||
|
OS, kernel version, etc...
|
||||||
|
|
||||||
|
- RTFM. Google.
|
||||||
|
|
||||||
|
### WEB SITE
|
||||||
|
A Samba WWW [site](https://samba.org) has been setup with lots of useful info.
|
||||||
|
|
||||||
|
As well as general information and documentation, this also has searchable
|
||||||
|
archives of the mailing list and a user survey that shows who else is using this
|
||||||
|
package.
|
@ -1,16 +0,0 @@
|
|||||||
-----BEGIN PGP SIGNATURE-----
|
|
||||||
|
|
||||||
iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmWcCFAACgkQqplEL7aA
|
|
||||||
tiDKSBAAuWA9jT6xCfFACIlme7DbEoUm/Bsbf+GM2Somd3pgajekiNxo7CsW9Xub
|
|
||||||
Vmpj0Q5OKiri81XTqA8LlqMCBliqfw/rnP48kCH0YqXzjqD6aYuwmk0Q4G3wWBTJ
|
|
||||||
2ZT/wOpbM3YooFfE9Iffz6uNgAiQ/8kpBt2m6Zzfy8n1ThfztyGAGaSmrUWxgUlq
|
|
||||||
XjRjtgTw4isZBm+RzCFSGuPxvWvxRlfD5JCe2gc221rI3kbaQE2GSxdZ6D0635Ln
|
|
||||||
iy64SLIAKkQCrrFFckudSCCLKgLNdIClEwzamhhCbmCxnWMDufzN+BQZhq3axQ+x
|
|
||||||
svPfZqltVSQztr4nPGvKdebtVLL2Zyf/LtXWQP/s66quHlHFoEAC7MuD6tEMQVar
|
|
||||||
JQUCN51Gs0Yk12iReQFm6/Uo35aPAlai1e2uOkNzS5FnagRObYt6FYeQripks4I8
|
|
||||||
ZW5VvF4cE0zqdjrlG+Ttqmpbj7i6AUJj9wSbrEOFDUhTL+QPPOfJ05yr1BHmS6nJ
|
|
||||||
vuuUs+ei/DnYEFS91P81h5NuOdpRHIBTG6LUOLz5KOoNdIgvzjD/Ugyscj4AFTBo
|
|
||||||
+NTG9nNr6gkLV/6dxDRR2/sbU6P+FZBL+JVUoDR7XQ7oHG7sFV+/8Dtu8RivEw++
|
|
||||||
1sNGqxvGkwu7JunMkJO5YZRwXi81v3nmHkWKgb0+52iYXgmdesY=
|
|
||||||
=kOPP
|
|
||||||
-----END PGP SIGNATURE-----
|
|
230
ad_lookup_groupmem.patch
Normal file
230
ad_lookup_groupmem.patch
Normal file
@ -0,0 +1,230 @@
|
|||||||
|
From 2b478bafd808218d3471fd5b1c9dc7d8e528cdb0 Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Pavel=20Filipensk=C3=BD?= <pfilipensky@samba.org>
|
||||||
|
Date: Wed, 13 Mar 2024 13:55:41 +0100
|
||||||
|
Subject: [PATCH 1/4] docs-xml: Add parameter all_groupmem to idmap_ad
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15605
|
||||||
|
|
||||||
|
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
|
||||||
|
Reviewed-by: Andreas Schneider <asn@samba.org>
|
||||||
|
(cherry picked from commit a485d9de2f2d6a9815dcac6addb988a8987e111c)
|
||||||
|
---
|
||||||
|
docs-xml/manpages/idmap_ad.8.xml | 10 ++++++++++
|
||||||
|
1 file changed, 10 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/docs-xml/manpages/idmap_ad.8.xml b/docs-xml/manpages/idmap_ad.8.xml
|
||||||
|
index 32df8d066c2..c7fcc65d763 100644
|
||||||
|
--- a/docs-xml/manpages/idmap_ad.8.xml
|
||||||
|
+++ b/docs-xml/manpages/idmap_ad.8.xml
|
||||||
|
@@ -105,6 +105,16 @@
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
<varlistentry>
|
||||||
|
+ <term>all_groupmem = yes/no</term>
|
||||||
|
+ <listitem><para>
|
||||||
|
+ If set to <parameter>yes</parameter> winbind will retrieve all
|
||||||
|
+ group members for getgrnam(3), getgrgid(3) and getgrent(3) calls,
|
||||||
|
+ including those with missing uidNumber.
|
||||||
|
+ </para>
|
||||||
|
+ <para>Default: no</para>
|
||||||
|
+ </listitem>
|
||||||
|
+ </varlistentry>
|
||||||
|
+ <varlistentry>
|
||||||
|
<term>deny ous</term>
|
||||||
|
<listitem><para>This parameter is a list of OUs from
|
||||||
|
which objects will not be mapped via the ad idmap
|
||||||
|
--
|
||||||
|
2.41.0
|
||||||
|
|
||||||
|
|
||||||
|
From 2259b59220b625cd682a3d22024ab442a56ecc3a Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Pavel=20Filipensk=C3=BD?= <pfilipensky@samba.org>
|
||||||
|
Date: Tue, 12 Mar 2024 13:20:24 +0100
|
||||||
|
Subject: [PATCH 2/4] s3:winbindd: Improve performance of lookup_groupmem() in
|
||||||
|
idmap_ad
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
The LDAP query of lookup_groupmem() returns all group members from AD
|
||||||
|
even those with missing uidNumber. Such group members are useless in
|
||||||
|
UNIX environment for idmap_ad backend since there is no uid mapping.
|
||||||
|
|
||||||
|
'test_user' is member of group "Domanin Users" with 200K members,
|
||||||
|
only 20K members have set uidNumber.
|
||||||
|
|
||||||
|
Without this fix:
|
||||||
|
|
||||||
|
$ time id test_user
|
||||||
|
|
||||||
|
real 1m5.946s
|
||||||
|
user 0m0.019s
|
||||||
|
sys 0m0.012s
|
||||||
|
|
||||||
|
With this fix:
|
||||||
|
|
||||||
|
$ time id test_user
|
||||||
|
|
||||||
|
real 0m3.544s
|
||||||
|
user 0m0.004s
|
||||||
|
sys 0m0.007s
|
||||||
|
|
||||||
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15605
|
||||||
|
|
||||||
|
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
|
||||||
|
Reviewed-by: Andreas Schneider <asn@samba.org>
|
||||||
|
(cherry picked from commit 5d475d26a3d545f04791a04e85a06b8b192e3fcf)
|
||||||
|
---
|
||||||
|
source3/winbindd/winbindd_ads.c | 11 +++++++----
|
||||||
|
1 file changed, 7 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c
|
||||||
|
index 7e572e5d41f..7d6324033ea 100644
|
||||||
|
--- a/source3/winbindd/winbindd_ads.c
|
||||||
|
+++ b/source3/winbindd/winbindd_ads.c
|
||||||
|
@@ -1039,7 +1039,7 @@ static NTSTATUS lookup_useraliases(struct winbindd_domain *domain,
|
||||||
|
}
|
||||||
|
|
||||||
|
static NTSTATUS add_primary_group_members(
|
||||||
|
- ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, uint32_t rid,
|
||||||
|
+ ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, uint32_t rid, const char *domname,
|
||||||
|
char ***all_members, size_t *num_all_members)
|
||||||
|
{
|
||||||
|
char *filter;
|
||||||
|
@@ -1051,10 +1051,13 @@ static NTSTATUS add_primary_group_members(
|
||||||
|
char **members;
|
||||||
|
size_t num_members;
|
||||||
|
ads_control args;
|
||||||
|
+ bool all_groupmem = idmap_config_bool(domname, "all_groupmem", false);
|
||||||
|
|
||||||
|
filter = talloc_asprintf(
|
||||||
|
- mem_ctx, "(&(objectCategory=user)(primaryGroupID=%u))",
|
||||||
|
- (unsigned)rid);
|
||||||
|
+ mem_ctx,
|
||||||
|
+ "(&(objectCategory=user)(primaryGroupID=%u)%s)",
|
||||||
|
+ (unsigned)rid,
|
||||||
|
+ all_groupmem ? "" : "(uidNumber=*)(!(uidNumber=0))");
|
||||||
|
if (filter == NULL) {
|
||||||
|
goto done;
|
||||||
|
}
|
||||||
|
@@ -1206,7 +1209,7 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
|
||||||
|
|
||||||
|
DEBUG(10, ("ads lookup_groupmem: got %d sids via extended dn call\n", (int)num_members));
|
||||||
|
|
||||||
|
- status = add_primary_group_members(ads, mem_ctx, rid,
|
||||||
|
+ status = add_primary_group_members(ads, mem_ctx, rid, domain->name,
|
||||||
|
&members, &num_members);
|
||||||
|
if (!NT_STATUS_IS_OK(status)) {
|
||||||
|
DEBUG(10, ("%s: add_primary_group_members failed: %s\n",
|
||||||
|
--
|
||||||
|
2.41.0
|
||||||
|
|
||||||
|
|
||||||
|
From 84b6ef6a95d821e44462105250ce50d124a62150 Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Pavel=20Filipensk=C3=BD?= <pfilipensky@samba.org>
|
||||||
|
Date: Mon, 25 Mar 2024 22:38:18 +0100
|
||||||
|
Subject: [PATCH 3/4] selftest: Add "winbind expand groups = 1" to
|
||||||
|
setup_ad_member_idmap_ad
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15605
|
||||||
|
|
||||||
|
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
|
||||||
|
Reviewed-by: Andreas Schneider <asn@samba.org>
|
||||||
|
(cherry picked from commit 2dab3a331b5511b4f2253f2b3b4513db7e52ea9a)
|
||||||
|
---
|
||||||
|
selftest/target/Samba3.pm | 1 +
|
||||||
|
1 file changed, 1 insertion(+)
|
||||||
|
|
||||||
|
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
|
||||||
|
index bbce55ea508..cf40633d127 100755
|
||||||
|
--- a/selftest/target/Samba3.pm
|
||||||
|
+++ b/selftest/target/Samba3.pm
|
||||||
|
@@ -1420,6 +1420,7 @@ sub setup_ad_member_idmap_ad
|
||||||
|
idmap config $dcvars->{TRUST_DOMAIN} : range = 2000000-2999999
|
||||||
|
gensec_gssapi:requested_life_time = 5
|
||||||
|
winbind scan trusted domains = yes
|
||||||
|
+ winbind expand groups = 1
|
||||||
|
";
|
||||||
|
|
||||||
|
my $ret = $self->provision(
|
||||||
|
--
|
||||||
|
2.41.0
|
||||||
|
|
||||||
|
|
||||||
|
From 550c6218e83468874a6a11295a7b08b148d1295a Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Pavel=20Filipensk=C3=BD?= <pfilipensky@samba.org>
|
||||||
|
Date: Thu, 14 Mar 2024 15:24:21 +0100
|
||||||
|
Subject: [PATCH 4/4] tests: Add a test for "all_groups=no" to test_idmap_ad.sh
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15605
|
||||||
|
|
||||||
|
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
|
||||||
|
Reviewed-by: Andreas Schneider <asn@samba.org>
|
||||||
|
|
||||||
|
Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
|
||||||
|
Autobuild-Date(master): Tue Apr 2 13:25:39 UTC 2024 on atb-devel-224
|
||||||
|
|
||||||
|
(cherry picked from commit f8b72aa1f72881989990fabc9f4888968bb81967)
|
||||||
|
---
|
||||||
|
nsswitch/tests/test_idmap_ad.sh | 22 ++++++++++++++++++++++
|
||||||
|
1 file changed, 22 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/nsswitch/tests/test_idmap_ad.sh b/nsswitch/tests/test_idmap_ad.sh
|
||||||
|
index 7ae112ada71..1d4bd395ba9 100755
|
||||||
|
--- a/nsswitch/tests/test_idmap_ad.sh
|
||||||
|
+++ b/nsswitch/tests/test_idmap_ad.sh
|
||||||
|
@@ -94,6 +94,14 @@ gidNumber: 2000001
|
||||||
|
unixHomeDirectory: /home/forbidden
|
||||||
|
loginShell: /bin/tcsh
|
||||||
|
gecos: User in forbidden OU
|
||||||
|
+
|
||||||
|
+dn: CN=no_posix_id,CN=Users,$BASE_DN
|
||||||
|
+changetype: add
|
||||||
|
+objectClass: user
|
||||||
|
+samaccountName: no_posix_id
|
||||||
|
+unixHomeDirectory: /home/no_posix_id
|
||||||
|
+loginShell: /bin/sh
|
||||||
|
+gecos: User without uidNumber and gidNumber
|
||||||
|
EOF
|
||||||
|
|
||||||
|
#
|
||||||
|
@@ -171,6 +179,17 @@ then
|
||||||
|
failed=$(($failed + 1))
|
||||||
|
fi
|
||||||
|
|
||||||
|
+#
|
||||||
|
+# Test 6: Make sure that with the default "all_groups=no"
|
||||||
|
+# the group "domain users" will not show user "no_posix_id"
|
||||||
|
+# but will show "SAMBA2008R2/administrator"
|
||||||
|
+#
|
||||||
|
+
|
||||||
|
+dom_users="$DOMAIN/domain users" # Extra step to make sure that all is one word
|
||||||
|
+out="$($wbinfo --group-info "$dom_users")"
|
||||||
|
+testit_grep_count "no_posix_id1" "no_posix_id" 0 echo "$out" || failed=$(expr $failed + 1)
|
||||||
|
+testit_grep "no_posix_id2" "SAMBA2008R2/administrator" echo "$out" || failed=$(expr $failed + 1)
|
||||||
|
+
|
||||||
|
#
|
||||||
|
# Trusted domain test 1: Test uid of Administrator, should be 2500000
|
||||||
|
#
|
||||||
|
@@ -241,6 +260,9 @@ gidNumber: 2000002
|
||||||
|
dn: cn=forbidden,ou=sub,$BASE_DN
|
||||||
|
changetype: delete
|
||||||
|
|
||||||
|
+dn: CN=no_posix_id,CN=Users,$BASE_DN
|
||||||
|
+changetype: delete
|
||||||
|
+
|
||||||
|
dn: ou=sub,$BASE_DN
|
||||||
|
changetype: delete
|
||||||
|
EOF
|
||||||
|
--
|
||||||
|
2.41.0
|
||||||
|
|
8
gating.yaml
Normal file
8
gating.yaml
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
# recipients: idmafs-qe, asn, ftrivino, pfilipen
|
||||||
|
--- !Policy
|
||||||
|
product_versions:
|
||||||
|
- rhel-9
|
||||||
|
decision_context: osci_compose_gate
|
||||||
|
rules:
|
||||||
|
- !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}
|
||||||
|
- !PassingTestCaseRule {test_case_name: idm-ci.brew-build.tier1.functional}
|
102
redhat-4.20.2.patch
Normal file
102
redhat-4.20.2.patch
Normal file
@ -0,0 +1,102 @@
|
|||||||
|
From dddbbec2cb10b05a6ec3b4f1fcc877d60a44080a Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Pavel=20Filipensk=C3=BD?= <pfilipensky@samba.org>
|
||||||
|
Date: Thu, 4 Jul 2024 11:08:03 +0200
|
||||||
|
Subject: [PATCH 1/2] .gitlab-ci-main.yml: Add safe.directory '*'
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
This is to fix the error when pushing to personal gitlab repo:
|
||||||
|
|
||||||
|
2024-07-04 08:16:05,460 Running: 'git clone --recursive --shared /builds/pfilipen/samba /builds/samba-testbase/master' in '/builds/pfilipen/samba'
|
||||||
|
Cloning into '/builds/samba-testbase/master'...
|
||||||
|
fatal: detected dubious ownership in repository at '/builds/pfilipen/samba/.git'
|
||||||
|
To add an exception for this directory, call:
|
||||||
|
git config --global --add safe.directory /builds/pfilipen/samba/.git
|
||||||
|
fatal: Could not read from remote repository.
|
||||||
|
|
||||||
|
Instead of adding more and more explicit repositories
|
||||||
|
we should just allow any, we're in an isolated environment...
|
||||||
|
|
||||||
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15660
|
||||||
|
|
||||||
|
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
|
||||||
|
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
|
||||||
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
||||||
|
Reviewed-by: Andreas Schneider <asn@samba.org>
|
||||||
|
|
||||||
|
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
|
||||||
|
Autobuild-Date(master): Wed Jul 10 10:35:00 UTC 2024 on atb-devel-224
|
||||||
|
|
||||||
|
(cherry picked from commit 3a21b7d9a4e7e9814d0be8c0ebf72b9821a5dc36)
|
||||||
|
---
|
||||||
|
.gitlab-ci-main.yml | 3 +--
|
||||||
|
1 file changed, 1 insertion(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/.gitlab-ci-main.yml b/.gitlab-ci-main.yml
|
||||||
|
index face2103327..08865ca2c42 100644
|
||||||
|
--- a/.gitlab-ci-main.yml
|
||||||
|
+++ b/.gitlab-ci-main.yml
|
||||||
|
@@ -146,8 +146,7 @@ include:
|
||||||
|
- ccache -z -M 500M
|
||||||
|
- ccache -s
|
||||||
|
# We are already running .gitlab-ci directives from this repo, remove additional checks that break our CI
|
||||||
|
- - git config --global --add safe.directory `pwd`
|
||||||
|
- - git config --global --add safe.directory /builds/samba-team/devel/samba/.git
|
||||||
|
+ - git config --global --add safe.directory '*'
|
||||||
|
after_script:
|
||||||
|
- mount
|
||||||
|
- df -h
|
||||||
|
--
|
||||||
|
2.45.2
|
||||||
|
|
||||||
|
|
||||||
|
From 1c69964d34d2cf66532b23ffde76a839a65b0db2 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Fri, 12 Jul 2024 14:18:26 +0200
|
||||||
|
Subject: [PATCH 2/2] s3:printing: Allow to run samba-bgqd as a standalone
|
||||||
|
systemd service
|
||||||
|
|
||||||
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15683
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
Reviewed-by: Alexander Bokovoy <ab@samba.org>
|
||||||
|
(cherry picked from commit 0a532378322661b23b3393eb2ebde29402a16e62)
|
||||||
|
|
||||||
|
Autobuild-User(v4-20-test): Jule Anger <janger@samba.org>
|
||||||
|
Autobuild-Date(v4-20-test): Tue Jul 23 08:56:24 UTC 2024 on atb-devel-224
|
||||||
|
|
||||||
|
(cherry picked from commit 4cf9af9186d7829f11bd07c7d6e526a51dcf0d61)
|
||||||
|
---
|
||||||
|
source3/printing/samba-bgqd.c | 8 +++++++-
|
||||||
|
1 file changed, 7 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/source3/printing/samba-bgqd.c b/source3/printing/samba-bgqd.c
|
||||||
|
index 59ed0cc40db..9560fcf9e35 100644
|
||||||
|
--- a/source3/printing/samba-bgqd.c
|
||||||
|
+++ b/source3/printing/samba-bgqd.c
|
||||||
|
@@ -253,7 +253,9 @@ int main(int argc, const char *argv[])
|
||||||
|
log_stdout = (debug_get_log_type() == DEBUG_STDOUT);
|
||||||
|
|
||||||
|
/* main process will notify systemd */
|
||||||
|
- daemon_sd_notifications(false);
|
||||||
|
+ if (ready_signal_fd != -1 || watch_fd != -1) {
|
||||||
|
+ daemon_sd_notifications(false);
|
||||||
|
+ }
|
||||||
|
|
||||||
|
if (!cmdline_daemon_cfg->fork) {
|
||||||
|
daemon_status(progname, "Starting process ... ");
|
||||||
|
@@ -325,6 +327,10 @@ int main(int argc, const char *argv[])
|
||||||
|
goto done;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ if (!cmdline_daemon_cfg->fork) {
|
||||||
|
+ daemon_ready(progname);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
if (ready_signal_fd != -1) {
|
||||||
|
pid_t pid = getpid();
|
||||||
|
ssize_t written;
|
||||||
|
--
|
||||||
|
2.45.2
|
||||||
|
|
24
rpminspect.yaml
Normal file
24
rpminspect.yaml
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
---
|
||||||
|
badfuncs:
|
||||||
|
ignore:
|
||||||
|
- /usr/bin/nmblookup
|
||||||
|
- /usr/bin/smbtorture
|
||||||
|
- /usr/lib*/libndr.so.*
|
||||||
|
- /usr/lib*/libsmbconf.so.*
|
||||||
|
- /usr/lib*/samba/libgse-private-samba.so
|
||||||
|
- /usr/lib*/samba/libsamba-sockets-private-samba.so
|
||||||
|
- /usr/lib*/samba/service/nbtd.so
|
||||||
|
- /usr/libexec/ctdb/smnotify
|
||||||
|
- /usr/sbin/nmbd
|
||||||
|
|
||||||
|
runpath:
|
||||||
|
allowed_paths:
|
||||||
|
- /usr/lib/samba
|
||||||
|
- /usr/lib64/samba
|
||||||
|
|
||||||
|
abidiff:
|
||||||
|
suppression_file: samba.abignore
|
||||||
|
|
||||||
|
debuginfo:
|
||||||
|
ignore:
|
||||||
|
- /usr/lib*/libdcerpc-samr.so.*
|
@ -1,7 +1,7 @@
|
|||||||
From 3c29fc78029e1274f931e171c9e04c19ad0182c1 Mon Sep 17 00:00:00 2001
|
From 3c29fc78029e1274f931e171c9e04c19ad0182c1 Mon Sep 17 00:00:00 2001
|
||||||
From: Gabriel Nagy <gabriel.nagy@canonical.com>
|
From: Gabriel Nagy <gabriel.nagy@canonical.com>
|
||||||
Date: Thu, 17 Aug 2023 01:05:54 +0300
|
Date: Thu, 17 Aug 2023 01:05:54 +0300
|
||||||
Subject: [PATCH 01/28] gp: Support more global trust directories
|
Subject: [PATCH 01/21] gp: Support more global trust directories
|
||||||
|
|
||||||
In addition to the SUSE global trust directory, add support for RHEL and
|
In addition to the SUSE global trust directory, add support for RHEL and
|
||||||
Debian-based distributions (including Ubuntu).
|
Debian-based distributions (including Ubuntu).
|
||||||
@ -60,13 +60,13 @@ index 312c8ddf467..1b90ab46e90 100644
|
|||||||
# Symlink the certs to global trust dir
|
# Symlink the certs to global trust dir
|
||||||
dst = os.path.join(global_trust_dir, os.path.basename(src))
|
dst = os.path.join(global_trust_dir, os.path.basename(src))
|
||||||
--
|
--
|
||||||
2.45.2
|
2.43.0
|
||||||
|
|
||||||
|
|
||||||
From 063606e8ec83a58972df47eb561ab267f8937ba4 Mon Sep 17 00:00:00 2001
|
From 063606e8ec83a58972df47eb561ab267f8937ba4 Mon Sep 17 00:00:00 2001
|
||||||
From: Gabriel Nagy <gabriel.nagy@canonical.com>
|
From: Gabriel Nagy <gabriel.nagy@canonical.com>
|
||||||
Date: Thu, 17 Aug 2023 01:09:28 +0300
|
Date: Thu, 17 Aug 2023 01:09:28 +0300
|
||||||
Subject: [PATCH 02/28] gp: Support update-ca-trust helper
|
Subject: [PATCH 02/21] gp: Support update-ca-trust helper
|
||||||
|
|
||||||
This is used on RHEL/Fedora instead of update-ca-certificates. They
|
This is used on RHEL/Fedora instead of update-ca-certificates. They
|
||||||
behave similarly so it's enough to change the command name.
|
behave similarly so it's enough to change the command name.
|
||||||
@ -104,13 +104,13 @@ index 1b90ab46e90..cefdafa21b2 100644
|
|||||||
Popen([update]).wait()
|
Popen([update]).wait()
|
||||||
# Setup Certificate Auto Enrollment
|
# Setup Certificate Auto Enrollment
|
||||||
--
|
--
|
||||||
2.45.2
|
2.43.0
|
||||||
|
|
||||||
|
|
||||||
From 3b548bf280ca59ef12a7af10a9131813067a850a Mon Sep 17 00:00:00 2001
|
From 3b548bf280ca59ef12a7af10a9131813067a850a Mon Sep 17 00:00:00 2001
|
||||||
From: Gabriel Nagy <gabriel.nagy@canonical.com>
|
From: Gabriel Nagy <gabriel.nagy@canonical.com>
|
||||||
Date: Fri, 11 Aug 2023 18:46:42 +0300
|
Date: Fri, 11 Aug 2023 18:46:42 +0300
|
||||||
Subject: [PATCH 03/28] gp: Change root cert extension suffix
|
Subject: [PATCH 03/21] gp: Change root cert extension suffix
|
||||||
|
|
||||||
On Ubuntu, certificates must end in '.crt' in order to be considered by
|
On Ubuntu, certificates must end in '.crt' in order to be considered by
|
||||||
the `update-ca-certificates` helper.
|
the `update-ca-certificates` helper.
|
||||||
@ -138,13 +138,13 @@ index cefdafa21b2..c562722906b 100644
|
|||||||
w.write(cert)
|
w.write(cert)
|
||||||
root_certs.append(dest)
|
root_certs.append(dest)
|
||||||
--
|
--
|
||||||
2.45.2
|
2.43.0
|
||||||
|
|
||||||
|
|
||||||
From 7592ed5032836dc43f657f66607a0a4661edcdb4 Mon Sep 17 00:00:00 2001
|
From 7592ed5032836dc43f657f66607a0a4661edcdb4 Mon Sep 17 00:00:00 2001
|
||||||
From: Gabriel Nagy <gabriel.nagy@canonical.com>
|
From: Gabriel Nagy <gabriel.nagy@canonical.com>
|
||||||
Date: Fri, 18 Aug 2023 17:06:43 +0300
|
Date: Fri, 18 Aug 2023 17:06:43 +0300
|
||||||
Subject: [PATCH 04/28] gp: Test with binary content for certificate data
|
Subject: [PATCH 04/21] gp: Test with binary content for certificate data
|
||||||
|
|
||||||
This fails all GPO-related tests that call `gpupdate --rsop`.
|
This fails all GPO-related tests that call `gpupdate --rsop`.
|
||||||
|
|
||||||
@ -216,13 +216,13 @@ index 00000000000..0aad59607c2
|
|||||||
+^samba.tests.gpo.samba.tests.gpo.GPOTests.test_advanced_gp_cert_auto_enroll_ext
|
+^samba.tests.gpo.samba.tests.gpo.GPOTests.test_advanced_gp_cert_auto_enroll_ext
|
||||||
+^samba.tests.gpo.samba.tests.gpo.GPOTests.test_gp_cert_auto_enroll_ext
|
+^samba.tests.gpo.samba.tests.gpo.GPOTests.test_gp_cert_auto_enroll_ext
|
||||||
--
|
--
|
||||||
2.45.2
|
2.43.0
|
||||||
|
|
||||||
|
|
||||||
From 7f7b235bda9e85c5ea330e52e734d1113a884571 Mon Sep 17 00:00:00 2001
|
From 7f7b235bda9e85c5ea330e52e734d1113a884571 Mon Sep 17 00:00:00 2001
|
||||||
From: Gabriel Nagy <gabriel.nagy@canonical.com>
|
From: Gabriel Nagy <gabriel.nagy@canonical.com>
|
||||||
Date: Wed, 16 Aug 2023 12:20:11 +0300
|
Date: Wed, 16 Aug 2023 12:20:11 +0300
|
||||||
Subject: [PATCH 05/28] gp: Convert CA certificates to base64
|
Subject: [PATCH 05/21] gp: Convert CA certificates to base64
|
||||||
|
|
||||||
I don't know whether this applies universally, but in our case the
|
I don't know whether this applies universally, but in our case the
|
||||||
contents of `es['cACertificate'][0]` are binary, so cleanly converting
|
contents of `es['cACertificate'][0]` are binary, so cleanly converting
|
||||||
@ -289,13 +289,13 @@ index 0aad59607c2..00000000000
|
|||||||
-^samba.tests.gpo.samba.tests.gpo.GPOTests.test_advanced_gp_cert_auto_enroll_ext
|
-^samba.tests.gpo.samba.tests.gpo.GPOTests.test_advanced_gp_cert_auto_enroll_ext
|
||||||
-^samba.tests.gpo.samba.tests.gpo.GPOTests.test_gp_cert_auto_enroll_ext
|
-^samba.tests.gpo.samba.tests.gpo.GPOTests.test_gp_cert_auto_enroll_ext
|
||||||
--
|
--
|
||||||
2.45.2
|
2.43.0
|
||||||
|
|
||||||
|
|
||||||
From 49cc74015a603e80048a38fe635cd1ac28938ee4 Mon Sep 17 00:00:00 2001
|
From 49cc74015a603e80048a38fe635cd1ac28938ee4 Mon Sep 17 00:00:00 2001
|
||||||
From: Gabriel Nagy <gabriel.nagy@canonical.com>
|
From: Gabriel Nagy <gabriel.nagy@canonical.com>
|
||||||
Date: Fri, 18 Aug 2023 17:16:23 +0300
|
Date: Fri, 18 Aug 2023 17:16:23 +0300
|
||||||
Subject: [PATCH 06/28] gp: Test adding new cert templates enforces changes
|
Subject: [PATCH 06/21] gp: Test adding new cert templates enforces changes
|
||||||
|
|
||||||
Ensure that cepces-submit reporting additional templates and re-applying
|
Ensure that cepces-submit reporting additional templates and re-applying
|
||||||
will enforce the updated policy.
|
will enforce the updated policy.
|
||||||
@ -422,13 +422,13 @@ index 00000000000..4edc1dce730
|
|||||||
+^samba.tests.gpo.samba.tests.gpo.GPOTests.test_advanced_gp_cert_auto_enroll_ext
|
+^samba.tests.gpo.samba.tests.gpo.GPOTests.test_advanced_gp_cert_auto_enroll_ext
|
||||||
+^samba.tests.gpo.samba.tests.gpo.GPOTests.test_gp_cert_auto_enroll_ext
|
+^samba.tests.gpo.samba.tests.gpo.GPOTests.test_gp_cert_auto_enroll_ext
|
||||||
--
|
--
|
||||||
2.45.2
|
2.43.0
|
||||||
|
|
||||||
|
|
||||||
From 4c0906bd79f030e591701234bc54bc749a42d686 Mon Sep 17 00:00:00 2001
|
From 4c0906bd79f030e591701234bc54bc749a42d686 Mon Sep 17 00:00:00 2001
|
||||||
From: Gabriel Nagy <gabriel.nagy@canonical.com>
|
From: Gabriel Nagy <gabriel.nagy@canonical.com>
|
||||||
Date: Wed, 16 Aug 2023 12:37:17 +0300
|
Date: Wed, 16 Aug 2023 12:37:17 +0300
|
||||||
Subject: [PATCH 07/28] gp: Template changes should invalidate cache
|
Subject: [PATCH 07/21] gp: Template changes should invalidate cache
|
||||||
|
|
||||||
If certificate templates are added or removed, the autoenroll extension
|
If certificate templates are added or removed, the autoenroll extension
|
||||||
should react to this and reapply the policy. Previously this wasn't
|
should react to this and reapply the policy. Previously this wasn't
|
||||||
@ -487,13 +487,13 @@ index 4edc1dce730..00000000000
|
|||||||
-^samba.tests.gpo.samba.tests.gpo.GPOTests.test_advanced_gp_cert_auto_enroll_ext
|
-^samba.tests.gpo.samba.tests.gpo.GPOTests.test_advanced_gp_cert_auto_enroll_ext
|
||||||
-^samba.tests.gpo.samba.tests.gpo.GPOTests.test_gp_cert_auto_enroll_ext
|
-^samba.tests.gpo.samba.tests.gpo.GPOTests.test_gp_cert_auto_enroll_ext
|
||||||
--
|
--
|
||||||
2.45.2
|
2.43.0
|
||||||
|
|
||||||
|
|
||||||
From e61f30dc2518d5a1c239f090baea4a309307f3f8 Mon Sep 17 00:00:00 2001
|
From e61f30dc2518d5a1c239f090baea4a309307f3f8 Mon Sep 17 00:00:00 2001
|
||||||
From: Gabriel Nagy <gabriel.nagy@canonical.com>
|
From: Gabriel Nagy <gabriel.nagy@canonical.com>
|
||||||
Date: Fri, 18 Aug 2023 17:26:59 +0300
|
Date: Fri, 18 Aug 2023 17:26:59 +0300
|
||||||
Subject: [PATCH 08/28] gp: Test disabled enrollment unapplies policy
|
Subject: [PATCH 08/21] gp: Test disabled enrollment unapplies policy
|
||||||
|
|
||||||
For this we need to stage a Registry.pol file with certificate
|
For this we need to stage a Registry.pol file with certificate
|
||||||
autoenrollment enabled, but with checkboxes unticked.
|
autoenrollment enabled, but with checkboxes unticked.
|
||||||
@ -588,13 +588,13 @@ index 00000000000..83bc9f0ac1f
|
|||||||
@@ -0,0 +1 @@
|
@@ -0,0 +1 @@
|
||||||
+^samba.tests.gpo.samba.tests.gpo.GPOTests.test_gp_cert_auto_enroll_ext
|
+^samba.tests.gpo.samba.tests.gpo.GPOTests.test_gp_cert_auto_enroll_ext
|
||||||
--
|
--
|
||||||
2.45.2
|
2.43.0
|
||||||
|
|
||||||
|
|
||||||
From 7757b9b48546d71e19798d1260da97780caa99c3 Mon Sep 17 00:00:00 2001
|
From 7757b9b48546d71e19798d1260da97780caa99c3 Mon Sep 17 00:00:00 2001
|
||||||
From: Gabriel Nagy <gabriel.nagy@canonical.com>
|
From: Gabriel Nagy <gabriel.nagy@canonical.com>
|
||||||
Date: Wed, 16 Aug 2023 12:33:59 +0300
|
Date: Wed, 16 Aug 2023 12:33:59 +0300
|
||||||
Subject: [PATCH 09/28] gp: Send list of keys instead of dict to remove
|
Subject: [PATCH 09/21] gp: Send list of keys instead of dict to remove
|
||||||
|
|
||||||
`cache_get_all_attribute_values` returns a dict whereas we need to pass
|
`cache_get_all_attribute_values` returns a dict whereas we need to pass
|
||||||
a list of keys to `remove`. These will be interpolated in the gpdb search.
|
a list of keys to `remove`. These will be interpolated in the gpdb search.
|
||||||
@ -634,13 +634,13 @@ index 83bc9f0ac1f..00000000000
|
|||||||
@@ -1 +0,0 @@
|
@@ -1 +0,0 @@
|
||||||
-^samba.tests.gpo.samba.tests.gpo.GPOTests.test_gp_cert_auto_enroll_ext
|
-^samba.tests.gpo.samba.tests.gpo.GPOTests.test_gp_cert_auto_enroll_ext
|
||||||
--
|
--
|
||||||
2.45.2
|
2.43.0
|
||||||
|
|
||||||
|
|
||||||
From 4e9b2e6409c5764ec0e66cc6c90b08e70f702e7c Mon Sep 17 00:00:00 2001
|
From 4e9b2e6409c5764ec0e66cc6c90b08e70f702e7c Mon Sep 17 00:00:00 2001
|
||||||
From: Andreas Schneider <asn@samba.org>
|
From: Andreas Schneider <asn@samba.org>
|
||||||
Date: Tue, 9 Jan 2024 08:50:01 +0100
|
Date: Tue, 9 Jan 2024 08:50:01 +0100
|
||||||
Subject: [PATCH 10/28] python:gp: Print a nice message if cepces-submit can't
|
Subject: [PATCH 10/21] python:gp: Print a nice message if cepces-submit can't
|
||||||
be found
|
be found
|
||||||
|
|
||||||
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15552
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15552
|
||||||
@ -691,13 +691,13 @@ index 64c35782ae8..08d1a7348cd 100644
|
|||||||
|
|
||||||
def getca(ca, url, trust_dir):
|
def getca(ca, url, trust_dir):
|
||||||
--
|
--
|
||||||
2.45.2
|
2.43.0
|
||||||
|
|
||||||
|
|
||||||
From fb3aefff51c02cf8ba3f8dfeb7d3f971e8d4902a Mon Sep 17 00:00:00 2001
|
From fb3aefff51c02cf8ba3f8dfeb7d3f971e8d4902a Mon Sep 17 00:00:00 2001
|
||||||
From: Gabriel Nagy <gabriel.nagy@canonical.com>
|
From: Gabriel Nagy <gabriel.nagy@canonical.com>
|
||||||
Date: Mon, 8 Jan 2024 18:05:08 +0200
|
Date: Mon, 8 Jan 2024 18:05:08 +0200
|
||||||
Subject: [PATCH 11/28] gpo: Test certificate policy without NDES
|
Subject: [PATCH 11/21] gpo: Test certificate policy without NDES
|
||||||
|
|
||||||
As of 8231eaf856b, the NDES feature is no longer required on Windows, as
|
As of 8231eaf856b, the NDES feature is no longer required on Windows, as
|
||||||
cert auto-enroll can use the certificate from the LDAP request.
|
cert auto-enroll can use the certificate from the LDAP request.
|
||||||
@ -895,13 +895,13 @@ index 00000000000..f1e590bc7d8
|
|||||||
@@ -0,0 +1 @@
|
@@ -0,0 +1 @@
|
||||||
+^samba.tests.gpo.samba.tests.gpo.GPOTests.test_gp_cert_auto_enroll_ext_without_ndes
|
+^samba.tests.gpo.samba.tests.gpo.GPOTests.test_gp_cert_auto_enroll_ext_without_ndes
|
||||||
--
|
--
|
||||||
2.45.2
|
2.43.0
|
||||||
|
|
||||||
|
|
||||||
From 1a9af36177c7491687c75df151474bb10285f00e Mon Sep 17 00:00:00 2001
|
From 1a9af36177c7491687c75df151474bb10285f00e Mon Sep 17 00:00:00 2001
|
||||||
From: Gabriel Nagy <gabriel.nagy@canonical.com>
|
From: Gabriel Nagy <gabriel.nagy@canonical.com>
|
||||||
Date: Thu, 18 Jan 2024 20:23:24 +0200
|
Date: Thu, 18 Jan 2024 20:23:24 +0200
|
||||||
Subject: [PATCH 12/28] gpo: Decode base64 root cert before importing
|
Subject: [PATCH 12/21] gpo: Decode base64 root cert before importing
|
||||||
|
|
||||||
The reasoning behind this is described in the previous commit message,
|
The reasoning behind this is described in the previous commit message,
|
||||||
but essentially this should either be wrapped in certificate blocks and
|
but essentially this should either be wrapped in certificate blocks and
|
||||||
@ -948,13 +948,13 @@ index f1e590bc7d8..00000000000
|
|||||||
@@ -1 +0,0 @@
|
@@ -1 +0,0 @@
|
||||||
-^samba.tests.gpo.samba.tests.gpo.GPOTests.test_gp_cert_auto_enroll_ext_without_ndes
|
-^samba.tests.gpo.samba.tests.gpo.GPOTests.test_gp_cert_auto_enroll_ext_without_ndes
|
||||||
--
|
--
|
||||||
2.45.2
|
2.43.0
|
||||||
|
|
||||||
|
|
||||||
From f5fc88f9ae255f4dc135580f0fa4a02f5addc390 Mon Sep 17 00:00:00 2001
|
From f5fc88f9ae255f4dc135580f0fa4a02f5addc390 Mon Sep 17 00:00:00 2001
|
||||||
From: Gabriel Nagy <gabriel.nagy@canonical.com>
|
From: Gabriel Nagy <gabriel.nagy@canonical.com>
|
||||||
Date: Fri, 19 Jan 2024 11:36:19 +0200
|
Date: Fri, 19 Jan 2024 11:36:19 +0200
|
||||||
Subject: [PATCH 13/28] gpo: Do not get templates list on first run
|
Subject: [PATCH 13/21] gpo: Do not get templates list on first run
|
||||||
|
|
||||||
This is a visual fix and has no impact on functionality apart from
|
This is a visual fix and has no impact on functionality apart from
|
||||||
cleaner log messages.
|
cleaner log messages.
|
||||||
@ -997,13 +997,13 @@ index cd5e54f1110..559c903e1a2 100644
|
|||||||
if changed(new_data, old_data) or self.cache_get_apply_state() == GPOSTATE.ENFORCE:
|
if changed(new_data, old_data) or self.cache_get_apply_state() == GPOSTATE.ENFORCE:
|
||||||
self.unapply(guid, attribute, old_val)
|
self.unapply(guid, attribute, old_val)
|
||||||
--
|
--
|
||||||
2.45.2
|
2.43.0
|
||||||
|
|
||||||
|
|
||||||
From e8a6219181f2af87813b53fd09684650c1aa6f90 Mon Sep 17 00:00:00 2001
|
From e8a6219181f2af87813b53fd09684650c1aa6f90 Mon Sep 17 00:00:00 2001
|
||||||
From: David Mulder <dmulder@samba.org>
|
From: David Mulder <dmulder@samba.org>
|
||||||
Date: Fri, 5 Jan 2024 08:47:07 -0700
|
Date: Fri, 5 Jan 2024 08:47:07 -0700
|
||||||
Subject: [PATCH 14/28] gp: Skip site GP list if no site is found
|
Subject: [PATCH 14/21] gp: Skip site GP list if no site is found
|
||||||
|
|
||||||
[MS-GPOL] 3.2.5.1.4 Site Search says if the site
|
[MS-GPOL] 3.2.5.1.4 Site Search says if the site
|
||||||
search returns ERROR_NO_SITENAME, the GP site
|
search returns ERROR_NO_SITENAME, the GP site
|
||||||
@ -1065,13 +1065,13 @@ index 617ef79350c..babd8f90748 100644
|
|||||||
# (L)ocal
|
# (L)ocal
|
||||||
gpo_list.insert(0, gpo.GROUP_POLICY_OBJECT("Local Policy",
|
gpo_list.insert(0, gpo.GROUP_POLICY_OBJECT("Local Policy",
|
||||||
--
|
--
|
||||||
2.45.2
|
2.43.0
|
||||||
|
|
||||||
|
|
||||||
From d0d1a890d6f2466691fa4ee663232ee0bd1c3776 Mon Sep 17 00:00:00 2001
|
From d0d1a890d6f2466691fa4ee663232ee0bd1c3776 Mon Sep 17 00:00:00 2001
|
||||||
From: Andreas Schneider <asn@samba.org>
|
From: Andreas Schneider <asn@samba.org>
|
||||||
Date: Mon, 22 Jan 2024 14:14:30 +0100
|
Date: Mon, 22 Jan 2024 14:14:30 +0100
|
||||||
Subject: [PATCH 15/28] python:gp: Avoid path check for cepces-submit
|
Subject: [PATCH 15/21] python:gp: Avoid path check for cepces-submit
|
||||||
MIME-Version: 1.0
|
MIME-Version: 1.0
|
||||||
Content-Type: text/plain; charset=UTF-8
|
Content-Type: text/plain; charset=UTF-8
|
||||||
Content-Transfer-Encoding: 8bit
|
Content-Transfer-Encoding: 8bit
|
||||||
@ -1111,13 +1111,13 @@ index 559c903e1a2..7325d5132cf 100644
|
|||||||
'%s --server=%s --auth=%s' % (cepces_submit,
|
'%s --server=%s --auth=%s' % (cepces_submit,
|
||||||
ca['hostname'], auth)],
|
ca['hostname'], auth)],
|
||||||
--
|
--
|
||||||
2.45.2
|
2.43.0
|
||||||
|
|
||||||
|
|
||||||
From 7f6c9a4945635c6eb8ada2255bd0febbf0f4e540 Mon Sep 17 00:00:00 2001
|
From 7f6c9a4945635c6eb8ada2255bd0febbf0f4e540 Mon Sep 17 00:00:00 2001
|
||||||
From: Andreas Schneider <asn@samba.org>
|
From: Andreas Schneider <asn@samba.org>
|
||||||
Date: Mon, 22 Jan 2024 14:07:47 +0100
|
Date: Mon, 22 Jan 2024 14:07:47 +0100
|
||||||
Subject: [PATCH 16/28] python:gp: Improve logging for certificate enrollment
|
Subject: [PATCH 16/21] python:gp: Improve logging for certificate enrollment
|
||||||
MIME-Version: 1.0
|
MIME-Version: 1.0
|
||||||
Content-Type: text/plain; charset=UTF-8
|
Content-Type: text/plain; charset=UTF-8
|
||||||
Content-Transfer-Encoding: 8bit
|
Content-Transfer-Encoding: 8bit
|
||||||
@ -1171,13 +1171,13 @@ index 7325d5132cf..a25a9678587 100644
|
|||||||
getcert = which('getcert')
|
getcert = which('getcert')
|
||||||
cepces_submit = find_cepces_submit()
|
cepces_submit = find_cepces_submit()
|
||||||
--
|
--
|
||||||
2.45.2
|
2.43.0
|
||||||
|
|
||||||
|
|
||||||
From 5321d5b5bd24d7659743576f2e12a7dc0a93a828 Mon Sep 17 00:00:00 2001
|
From 5321d5b5bd24d7659743576f2e12a7dc0a93a828 Mon Sep 17 00:00:00 2001
|
||||||
From: Andreas Schneider <asn@samba.org>
|
From: Andreas Schneider <asn@samba.org>
|
||||||
Date: Mon, 22 Jan 2024 15:04:36 +0100
|
Date: Mon, 22 Jan 2024 15:04:36 +0100
|
||||||
Subject: [PATCH 17/28] python:gp: Do not print an error, if CA already exists
|
Subject: [PATCH 17/21] python:gp: Do not print an error, if CA already exists
|
||||||
MIME-Version: 1.0
|
MIME-Version: 1.0
|
||||||
Content-Type: text/plain; charset=UTF-8
|
Content-Type: text/plain; charset=UTF-8
|
||||||
Content-Transfer-Encoding: 8bit
|
Content-Transfer-Encoding: 8bit
|
||||||
@ -1217,13 +1217,13 @@ index a25a9678587..0b23cd688db 100644
|
|||||||
for template in supported_templates:
|
for template in supported_templates:
|
||||||
attrs = fetch_template_attrs(ldb, template)
|
attrs = fetch_template_attrs(ldb, template)
|
||||||
--
|
--
|
||||||
2.45.2
|
2.43.0
|
||||||
|
|
||||||
|
|
||||||
From 6a7a8a4090b8cdb8e71f4ad590260ceeda253ce2 Mon Sep 17 00:00:00 2001
|
From 6a7a8a4090b8cdb8e71f4ad590260ceeda253ce2 Mon Sep 17 00:00:00 2001
|
||||||
From: Andreas Schneider <asn@samba.org>
|
From: Andreas Schneider <asn@samba.org>
|
||||||
Date: Mon, 22 Jan 2024 15:05:02 +0100
|
Date: Mon, 22 Jan 2024 15:05:02 +0100
|
||||||
Subject: [PATCH 18/28] python:gp: Do not print an error if template already
|
Subject: [PATCH 18/21] python:gp: Do not print an error if template already
|
||||||
exists
|
exists
|
||||||
MIME-Version: 1.0
|
MIME-Version: 1.0
|
||||||
Content-Type: text/plain; charset=UTF-8
|
Content-Type: text/plain; charset=UTF-8
|
||||||
@ -1264,13 +1264,13 @@ index 0b23cd688db..db681cb6f69 100644
|
|||||||
data['templates'].append(nickname)
|
data['templates'].append(nickname)
|
||||||
if update is not None:
|
if update is not None:
|
||||||
--
|
--
|
||||||
2.45.2
|
2.43.0
|
||||||
|
|
||||||
|
|
||||||
From 43dc3d5d833bc1db885eb45402decd3225a7c946 Mon Sep 17 00:00:00 2001
|
From 43dc3d5d833bc1db885eb45402decd3225a7c946 Mon Sep 17 00:00:00 2001
|
||||||
From: Andreas Schneider <asn@samba.org>
|
From: Andreas Schneider <asn@samba.org>
|
||||||
Date: Mon, 22 Jan 2024 15:05:24 +0100
|
Date: Mon, 22 Jan 2024 15:05:24 +0100
|
||||||
Subject: [PATCH 19/28] python:gp: Log an error if update fails
|
Subject: [PATCH 19/21] python:gp: Log an error if update fails
|
||||||
MIME-Version: 1.0
|
MIME-Version: 1.0
|
||||||
Content-Type: text/plain; charset=UTF-8
|
Content-Type: text/plain; charset=UTF-8
|
||||||
Content-Transfer-Encoding: 8bit
|
Content-Transfer-Encoding: 8bit
|
||||||
@ -1301,13 +1301,13 @@ index db681cb6f69..c8ad2039dc6 100644
|
|||||||
log.warn('certmonger and cepces must be installed for ' +
|
log.warn('certmonger and cepces must be installed for ' +
|
||||||
'certificate auto enrollment to work')
|
'certificate auto enrollment to work')
|
||||||
--
|
--
|
||||||
2.45.2
|
2.43.0
|
||||||
|
|
||||||
|
|
||||||
From d8276d6a098d10f405b8f24c4dfb82af4496607c Mon Sep 17 00:00:00 2001
|
From d8276d6a098d10f405b8f24c4dfb82af4496607c Mon Sep 17 00:00:00 2001
|
||||||
From: Andreas Schneider <asn@samba.org>
|
From: Andreas Schneider <asn@samba.org>
|
||||||
Date: Mon, 22 Jan 2024 15:46:24 +0100
|
Date: Mon, 22 Jan 2024 15:46:24 +0100
|
||||||
Subject: [PATCH 20/28] python:gp: Improve working of log messages to avoid
|
Subject: [PATCH 20/21] python:gp: Improve working of log messages to avoid
|
||||||
confusion
|
confusion
|
||||||
MIME-Version: 1.0
|
MIME-Version: 1.0
|
||||||
Content-Type: text/plain; charset=UTF-8
|
Content-Type: text/plain; charset=UTF-8
|
||||||
@ -1354,13 +1354,13 @@ index c8ad2039dc6..2b7f7d22c2b 100644
|
|||||||
log.warn('Installing the server certificate only.')
|
log.warn('Installing the server certificate only.')
|
||||||
der_certificate = base64.b64decode(ca['cACertificate'])
|
der_certificate = base64.b64decode(ca['cACertificate'])
|
||||||
--
|
--
|
||||||
2.45.2
|
2.43.0
|
||||||
|
|
||||||
|
|
||||||
From 585357bf0d8889747a2769c2451ee34766087d95 Mon Sep 17 00:00:00 2001
|
From 585357bf0d8889747a2769c2451ee34766087d95 Mon Sep 17 00:00:00 2001
|
||||||
From: Andreas Schneider <asn@samba.org>
|
From: Andreas Schneider <asn@samba.org>
|
||||||
Date: Mon, 29 Jan 2024 17:46:30 +0100
|
Date: Mon, 29 Jan 2024 17:46:30 +0100
|
||||||
Subject: [PATCH 21/28] python:gp: Fix logging with gp
|
Subject: [PATCH 21/21] python:gp: Fix logging with gp
|
||||||
|
|
||||||
This allows enable INFO level logging with: `samba-gpupdate -d3`
|
This allows enable INFO level logging with: `samba-gpupdate -d3`
|
||||||
|
|
||||||
@ -1396,392 +1396,5 @@ index a74a8707d50..c3de32825db 100644
|
|||||||
logger.setLevel(logging.CRITICAL)
|
logger.setLevel(logging.CRITICAL)
|
||||||
if log_level == 1:
|
if log_level == 1:
|
||||||
--
|
--
|
||||||
2.45.2
|
2.43.0
|
||||||
|
|
||||||
|
|
||||||
From 14ceb0b5f2f954bbabdaf78b8185fc515e3c8294 Mon Sep 17 00:00:00 2001
|
|
||||||
From: =?UTF-8?q?Pavel=20Filipensk=C3=BD?= <pfilipensky@samba.org>
|
|
||||||
Date: Wed, 13 Mar 2024 13:55:41 +0100
|
|
||||||
Subject: [PATCH 22/28] docs-xml: Add parameter all_groupmem to idmap_ad
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain; charset=UTF-8
|
|
||||||
Content-Transfer-Encoding: 8bit
|
|
||||||
|
|
||||||
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15605
|
|
||||||
|
|
||||||
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
|
|
||||||
Reviewed-by: Andreas Schneider <asn@samba.org>
|
|
||||||
(cherry picked from commit a485d9de2f2d6a9815dcac6addb988a8987e111c)
|
|
||||||
---
|
|
||||||
docs-xml/manpages/idmap_ad.8.xml | 10 ++++++++++
|
|
||||||
1 file changed, 10 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/docs-xml/manpages/idmap_ad.8.xml b/docs-xml/manpages/idmap_ad.8.xml
|
|
||||||
index b364bbfa231..de6d36afe95 100644
|
|
||||||
--- a/docs-xml/manpages/idmap_ad.8.xml
|
|
||||||
+++ b/docs-xml/manpages/idmap_ad.8.xml
|
|
||||||
@@ -100,6 +100,16 @@
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
<varlistentry>
|
|
||||||
+ <term>all_groupmem = yes/no</term>
|
|
||||||
+ <listitem><para>
|
|
||||||
+ If set to <parameter>yes</parameter> winbind will retrieve all
|
|
||||||
+ group members for getgrnam(3), getgrgid(3) and getgrent(3) calls,
|
|
||||||
+ including those with missing uidNumber.
|
|
||||||
+ </para>
|
|
||||||
+ <para>Default: no</para>
|
|
||||||
+ </listitem>
|
|
||||||
+ </varlistentry>
|
|
||||||
+ <varlistentry>
|
|
||||||
<term>deny ous</term>
|
|
||||||
<listitem><para>This parameter is a list of OUs from
|
|
||||||
which objects will not be mapped via the ad idmap
|
|
||||||
--
|
|
||||||
2.45.2
|
|
||||||
|
|
||||||
|
|
||||||
From ac4184c8c3220263cb6f1a46a012533ed1c4e047 Mon Sep 17 00:00:00 2001
|
|
||||||
From: =?UTF-8?q?Pavel=20Filipensk=C3=BD?= <pfilipensky@samba.org>
|
|
||||||
Date: Tue, 12 Mar 2024 13:20:24 +0100
|
|
||||||
Subject: [PATCH 23/28] s3:winbindd: Improve performance of lookup_groupmem()
|
|
||||||
in idmap_ad
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain; charset=UTF-8
|
|
||||||
Content-Transfer-Encoding: 8bit
|
|
||||||
|
|
||||||
The LDAP query of lookup_groupmem() returns all group members from AD
|
|
||||||
even those with missing uidNumber. Such group members are useless in
|
|
||||||
UNIX environment for idmap_ad backend since there is no uid mapping.
|
|
||||||
|
|
||||||
'test_user' is member of group "Domanin Users" with 200K members,
|
|
||||||
only 20K members have set uidNumber.
|
|
||||||
|
|
||||||
Without this fix:
|
|
||||||
|
|
||||||
$ time id test_user
|
|
||||||
|
|
||||||
real 1m5.946s
|
|
||||||
user 0m0.019s
|
|
||||||
sys 0m0.012s
|
|
||||||
|
|
||||||
With this fix:
|
|
||||||
|
|
||||||
$ time id test_user
|
|
||||||
|
|
||||||
real 0m3.544s
|
|
||||||
user 0m0.004s
|
|
||||||
sys 0m0.007s
|
|
||||||
|
|
||||||
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15605
|
|
||||||
|
|
||||||
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
|
|
||||||
Reviewed-by: Andreas Schneider <asn@samba.org>
|
|
||||||
(cherry picked from commit 5d475d26a3d545f04791a04e85a06b8b192e3fcf)
|
|
||||||
---
|
|
||||||
source3/winbindd/winbindd_ads.c | 11 +++++++----
|
|
||||||
1 file changed, 7 insertions(+), 4 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c
|
|
||||||
index d7a665abbc6..e625aa6473f 100644
|
|
||||||
--- a/source3/winbindd/winbindd_ads.c
|
|
||||||
+++ b/source3/winbindd/winbindd_ads.c
|
|
||||||
@@ -1037,7 +1037,7 @@ static NTSTATUS lookup_useraliases(struct winbindd_domain *domain,
|
|
||||||
}
|
|
||||||
|
|
||||||
static NTSTATUS add_primary_group_members(
|
|
||||||
- ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, uint32_t rid,
|
|
||||||
+ ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, uint32_t rid, const char *domname,
|
|
||||||
char ***all_members, size_t *num_all_members)
|
|
||||||
{
|
|
||||||
char *filter;
|
|
||||||
@@ -1049,10 +1049,13 @@ static NTSTATUS add_primary_group_members(
|
|
||||||
char **members;
|
|
||||||
size_t num_members;
|
|
||||||
ads_control args;
|
|
||||||
+ bool all_groupmem = idmap_config_bool(domname, "all_groupmem", false);
|
|
||||||
|
|
||||||
filter = talloc_asprintf(
|
|
||||||
- mem_ctx, "(&(objectCategory=user)(primaryGroupID=%u))",
|
|
||||||
- (unsigned)rid);
|
|
||||||
+ mem_ctx,
|
|
||||||
+ "(&(objectCategory=user)(primaryGroupID=%u)%s)",
|
|
||||||
+ (unsigned)rid,
|
|
||||||
+ all_groupmem ? "" : "(uidNumber=*)(!(uidNumber=0))");
|
|
||||||
if (filter == NULL) {
|
|
||||||
goto done;
|
|
||||||
}
|
|
||||||
@@ -1204,7 +1207,7 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
|
|
||||||
|
|
||||||
DEBUG(10, ("ads lookup_groupmem: got %d sids via extended dn call\n", (int)num_members));
|
|
||||||
|
|
||||||
- status = add_primary_group_members(ads, mem_ctx, rid,
|
|
||||||
+ status = add_primary_group_members(ads, mem_ctx, rid, domain->name,
|
|
||||||
&members, &num_members);
|
|
||||||
if (!NT_STATUS_IS_OK(status)) {
|
|
||||||
DEBUG(10, ("%s: add_primary_group_members failed: %s\n",
|
|
||||||
--
|
|
||||||
2.45.2
|
|
||||||
|
|
||||||
|
|
||||||
From d0e2002efcc37055b35c351a6b936e6ab89fad32 Mon Sep 17 00:00:00 2001
|
|
||||||
From: =?UTF-8?q?Pavel=20Filipensk=C3=BD?= <pfilipensky@samba.org>
|
|
||||||
Date: Mon, 25 Mar 2024 22:38:18 +0100
|
|
||||||
Subject: [PATCH 24/28] selftest: Add "winbind expand groups = 1" to
|
|
||||||
setup_ad_member_idmap_ad
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain; charset=UTF-8
|
|
||||||
Content-Transfer-Encoding: 8bit
|
|
||||||
|
|
||||||
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15605
|
|
||||||
|
|
||||||
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
|
|
||||||
Reviewed-by: Andreas Schneider <asn@samba.org>
|
|
||||||
(backported from commit 2dab3a331b5511b4f2253f2b3b4513db7e52ea9a)
|
|
||||||
---
|
|
||||||
selftest/target/Samba3.pm | 1 +
|
|
||||||
1 file changed, 1 insertion(+)
|
|
||||||
|
|
||||||
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
|
|
||||||
index 44ac4a5901a..606c65f8ab1 100755
|
|
||||||
--- a/selftest/target/Samba3.pm
|
|
||||||
+++ b/selftest/target/Samba3.pm
|
|
||||||
@@ -1412,6 +1412,7 @@ sub setup_ad_member_idmap_ad
|
|
||||||
idmap config $dcvars->{TRUST_DOMAIN} : backend = ad
|
|
||||||
idmap config $dcvars->{TRUST_DOMAIN} : range = 2000000-2999999
|
|
||||||
gensec_gssapi:requested_life_time = 5
|
|
||||||
+ winbind expand groups = 1
|
|
||||||
";
|
|
||||||
|
|
||||||
my $ret = $self->provision(
|
|
||||||
--
|
|
||||||
2.45.2
|
|
||||||
|
|
||||||
|
|
||||||
From 9625b6aed981aa4e70fe11d9d1acdb54db7591a3 Mon Sep 17 00:00:00 2001
|
|
||||||
From: =?UTF-8?q?Pavel=20Filipensk=C3=BD?= <pfilipensky@samba.org>
|
|
||||||
Date: Thu, 14 Mar 2024 15:24:21 +0100
|
|
||||||
Subject: [PATCH 25/28] tests: Add a test for "all_groups=no" to
|
|
||||||
test_idmap_ad.sh
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain; charset=UTF-8
|
|
||||||
Content-Transfer-Encoding: 8bit
|
|
||||||
|
|
||||||
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15605
|
|
||||||
|
|
||||||
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
|
|
||||||
Reviewed-by: Andreas Schneider <asn@samba.org>
|
|
||||||
|
|
||||||
Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
|
|
||||||
Autobuild-Date(master): Tue Apr 2 13:25:39 UTC 2024 on atb-devel-224
|
|
||||||
|
|
||||||
(cherry picked from commit f8b72aa1f72881989990fabc9f4888968bb81967)
|
|
||||||
---
|
|
||||||
nsswitch/tests/test_idmap_ad.sh | 22 ++++++++++++++++++++++
|
|
||||||
1 file changed, 22 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/nsswitch/tests/test_idmap_ad.sh b/nsswitch/tests/test_idmap_ad.sh
|
|
||||||
index 7ae112ada71..1d4bd395ba9 100755
|
|
||||||
--- a/nsswitch/tests/test_idmap_ad.sh
|
|
||||||
+++ b/nsswitch/tests/test_idmap_ad.sh
|
|
||||||
@@ -94,6 +94,14 @@ gidNumber: 2000001
|
|
||||||
unixHomeDirectory: /home/forbidden
|
|
||||||
loginShell: /bin/tcsh
|
|
||||||
gecos: User in forbidden OU
|
|
||||||
+
|
|
||||||
+dn: CN=no_posix_id,CN=Users,$BASE_DN
|
|
||||||
+changetype: add
|
|
||||||
+objectClass: user
|
|
||||||
+samaccountName: no_posix_id
|
|
||||||
+unixHomeDirectory: /home/no_posix_id
|
|
||||||
+loginShell: /bin/sh
|
|
||||||
+gecos: User without uidNumber and gidNumber
|
|
||||||
EOF
|
|
||||||
|
|
||||||
#
|
|
||||||
@@ -171,6 +179,17 @@ then
|
|
||||||
failed=$(($failed + 1))
|
|
||||||
fi
|
|
||||||
|
|
||||||
+#
|
|
||||||
+# Test 6: Make sure that with the default "all_groups=no"
|
|
||||||
+# the group "domain users" will not show user "no_posix_id"
|
|
||||||
+# but will show "SAMBA2008R2/administrator"
|
|
||||||
+#
|
|
||||||
+
|
|
||||||
+dom_users="$DOMAIN/domain users" # Extra step to make sure that all is one word
|
|
||||||
+out="$($wbinfo --group-info "$dom_users")"
|
|
||||||
+testit_grep_count "no_posix_id1" "no_posix_id" 0 echo "$out" || failed=$(expr $failed + 1)
|
|
||||||
+testit_grep "no_posix_id2" "SAMBA2008R2/administrator" echo "$out" || failed=$(expr $failed + 1)
|
|
||||||
+
|
|
||||||
#
|
|
||||||
# Trusted domain test 1: Test uid of Administrator, should be 2500000
|
|
||||||
#
|
|
||||||
@@ -241,6 +260,9 @@ gidNumber: 2000002
|
|
||||||
dn: cn=forbidden,ou=sub,$BASE_DN
|
|
||||||
changetype: delete
|
|
||||||
|
|
||||||
+dn: CN=no_posix_id,CN=Users,$BASE_DN
|
|
||||||
+changetype: delete
|
|
||||||
+
|
|
||||||
dn: ou=sub,$BASE_DN
|
|
||||||
changetype: delete
|
|
||||||
EOF
|
|
||||||
--
|
|
||||||
2.45.2
|
|
||||||
|
|
||||||
|
|
||||||
From e5890e63c35a4a5af29ae16e6dd734c4a3a304cc Mon Sep 17 00:00:00 2001
|
|
||||||
From: Andreas Schneider <asn@samba.org>
|
|
||||||
Date: Tue, 28 May 2024 13:51:53 +0200
|
|
||||||
Subject: [PATCH 26/28] s3:libads: Allow get_kdc_ip_string() to lookup the KDCs
|
|
||||||
IP
|
|
||||||
|
|
||||||
Remove the requirement to provide an IP address. We should look up the
|
|
||||||
IP of the KDC and use it for the specified realm/workgroup.
|
|
||||||
|
|
||||||
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15653
|
|
||||||
|
|
||||||
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
||||||
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
||||||
(cherry picked from commit 28aa0b815baf4668e3df01d52597c40fd430e2fb)
|
|
||||||
---
|
|
||||||
source3/libads/kerberos.c | 30 +++++++++++++++---------------
|
|
||||||
1 file changed, 15 insertions(+), 15 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
|
|
||||||
index 50f4a6de3c6..ddf97c11973 100644
|
|
||||||
--- a/source3/libads/kerberos.c
|
|
||||||
+++ b/source3/libads/kerberos.c
|
|
||||||
@@ -437,23 +437,23 @@ static char *get_kdc_ip_string(char *mem_ctx,
|
|
||||||
char *kdc_str = NULL;
|
|
||||||
char *canon_sockaddr = NULL;
|
|
||||||
|
|
||||||
- SMB_ASSERT(pss != NULL);
|
|
||||||
-
|
|
||||||
- canon_sockaddr = print_canonical_sockaddr_with_port(frame, pss);
|
|
||||||
- if (canon_sockaddr == NULL) {
|
|
||||||
- goto out;
|
|
||||||
- }
|
|
||||||
+ if (pss != NULL) {
|
|
||||||
+ canon_sockaddr = print_canonical_sockaddr_with_port(frame, pss);
|
|
||||||
+ if (canon_sockaddr == NULL) {
|
|
||||||
+ goto out;
|
|
||||||
+ }
|
|
||||||
|
|
||||||
- kdc_str = talloc_asprintf(frame,
|
|
||||||
- "\t\tkdc = %s\n",
|
|
||||||
- canon_sockaddr);
|
|
||||||
- if (kdc_str == NULL) {
|
|
||||||
- goto out;
|
|
||||||
- }
|
|
||||||
+ kdc_str = talloc_asprintf(frame,
|
|
||||||
+ "\t\tkdc = %s\n",
|
|
||||||
+ canon_sockaddr);
|
|
||||||
+ if (kdc_str == NULL) {
|
|
||||||
+ goto out;
|
|
||||||
+ }
|
|
||||||
|
|
||||||
- ok = sockaddr_storage_to_samba_sockaddr(&sa, pss);
|
|
||||||
- if (!ok) {
|
|
||||||
- goto out;
|
|
||||||
+ ok = sockaddr_storage_to_samba_sockaddr(&sa, pss);
|
|
||||||
+ if (!ok) {
|
|
||||||
+ goto out;
|
|
||||||
+ }
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
--
|
|
||||||
2.45.2
|
|
||||||
|
|
||||||
|
|
||||||
From 96a1ecd8db249fa03db60259cf76fdef9c1bd749 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Andreas Schneider <asn@samba.org>
|
|
||||||
Date: Tue, 28 May 2024 13:53:51 +0200
|
|
||||||
Subject: [PATCH 27/28] s3:libads: Do not fail if we don't get an IP passed
|
|
||||||
down
|
|
||||||
|
|
||||||
The IP should be optional and we should look it up if not provided.
|
|
||||||
|
|
||||||
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15653
|
|
||||||
|
|
||||||
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
||||||
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
||||||
(cherry picked from commit 9dcc52d2a57314ec9ddaae82b3c49da051d1f1d2)
|
|
||||||
---
|
|
||||||
source3/libads/kerberos.c | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
|
|
||||||
index ddf97c11973..f74d8eb567c 100644
|
|
||||||
--- a/source3/libads/kerberos.c
|
|
||||||
+++ b/source3/libads/kerberos.c
|
|
||||||
@@ -704,7 +704,7 @@ bool create_local_private_krb5_conf_for_domain(const char *realm,
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
- if (domain == NULL || pss == NULL) {
|
|
||||||
+ if (domain == NULL) {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
--
|
|
||||||
2.45.2
|
|
||||||
|
|
||||||
|
|
||||||
From 4934642b7a7d92c6d81ba25ef6e4b66e3805f708 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Andreas Schneider <asn@samba.org>
|
|
||||||
Date: Tue, 28 May 2024 13:54:24 +0200
|
|
||||||
Subject: [PATCH 28/28] s3:winbind: Fix idmap_ad creating an invalid local
|
|
||||||
krb5.conf
|
|
||||||
|
|
||||||
In case of a trusted domain, we are providing the realm of the primary
|
|
||||||
trust but specify the KDC IP of the trusted domain. This leads to
|
|
||||||
Kerberos ticket requests to the trusted domain KDC which doesn't know
|
|
||||||
about the machine account. However we need a ticket from our primary
|
|
||||||
trust KDC.
|
|
||||||
|
|
||||||
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15653
|
|
||||||
|
|
||||||
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
||||||
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
||||||
(backported from commit 8989aa47b7493e6b7978c2efc4a40c781e9a2aee)
|
|
||||||
---
|
|
||||||
source3/winbindd/idmap_ad.c | 11 +++++++++--
|
|
||||||
1 file changed, 9 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/source3/winbindd/idmap_ad.c b/source3/winbindd/idmap_ad.c
|
|
||||||
index 5c9fe07db95..b8002825161 100644
|
|
||||||
--- a/source3/winbindd/idmap_ad.c
|
|
||||||
+++ b/source3/winbindd/idmap_ad.c
|
|
||||||
@@ -320,7 +320,10 @@ static NTSTATUS idmap_ad_get_tldap_ctx(TALLOC_CTX *mem_ctx,
|
|
||||||
struct tldap_context **pld)
|
|
||||||
{
|
|
||||||
struct netr_DsRGetDCNameInfo *dcinfo;
|
|
||||||
- struct sockaddr_storage dcaddr;
|
|
||||||
+ struct sockaddr_storage dcaddr = {
|
|
||||||
+ .ss_family = AF_UNSPEC,
|
|
||||||
+ };
|
|
||||||
+ struct sockaddr_storage *pdcaddr = NULL;
|
|
||||||
struct cli_credentials *creds;
|
|
||||||
struct loadparm_context *lp_ctx;
|
|
||||||
struct tldap_context *ld;
|
|
||||||
@@ -362,9 +365,13 @@ static NTSTATUS idmap_ad_get_tldap_ctx(TALLOC_CTX *mem_ctx,
|
|
||||||
* create_local_private_krb5_conf_for_domain() can deal with
|
|
||||||
* sitename==NULL
|
|
||||||
*/
|
|
||||||
+ if (strequal(domname, lp_realm()) || strequal(domname, lp_workgroup()))
|
|
||||||
+ {
|
|
||||||
+ pdcaddr = &dcaddr;
|
|
||||||
+ }
|
|
||||||
|
|
||||||
ok = create_local_private_krb5_conf_for_domain(
|
|
||||||
- lp_realm(), lp_workgroup(), sitename, &dcaddr);
|
|
||||||
+ lp_realm(), lp_workgroup(), sitename, pdcaddr);
|
|
||||||
TALLOC_FREE(sitename);
|
|
||||||
if (!ok) {
|
|
||||||
DBG_DEBUG("Could not create private krb5.conf\n");
|
|
||||||
--
|
|
||||||
2.45.2
|
|
||||||
|
|
BIN
samba-pubkey_AA99442FB680B620.gpg
Normal file
BIN
samba-pubkey_AA99442FB680B620.gpg
Normal file
Binary file not shown.
File diff suppressed because it is too large
Load Diff
@ -18,9 +18,6 @@
|
|||||||
load printers = yes
|
load printers = yes
|
||||||
cups options = raw
|
cups options = raw
|
||||||
|
|
||||||
# Install samba-usershares package for support
|
|
||||||
include = /etc/samba/usershares.conf
|
|
||||||
|
|
||||||
[homes]
|
[homes]
|
||||||
comment = Home Directories
|
comment = Home Directories
|
||||||
valid users = %S, %D%w%S
|
valid users = %S, %D%w%S
|
2
sources
Normal file
2
sources
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
SHA512 (samba-4.20.2.tar.asc) = a0051efdca684bc6c3e40367b0a8b862d0b1b988aa9c15ec6987d5f97440daa1f7609e6be61611aa9bbed56d89e0258b192c43028384899c75c4cd449cc99694
|
||||||
|
SHA512 (samba-4.20.2.tar.xz) = cf07b12b6c1ac9bc3fd0df7fd658529ebd08309a0823f49c68dd3c55c0c80f412d6af50a0f78b8f4484635029aeb292a72dd0a6638edbd463e73baff404d5315
|
62
tests/testparm/Makefile
Normal file
62
tests/testparm/Makefile
Normal file
@ -0,0 +1,62 @@
|
|||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
#
|
||||||
|
# Makefile of gating test "testparm"
|
||||||
|
# Description: Basic config check for samba
|
||||||
|
# Author: Andrej Dzilsky <adzilsky@redhat.com>
|
||||||
|
#
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
#
|
||||||
|
# Copyright (c) 2019 Red Hat, Inc.
|
||||||
|
#
|
||||||
|
# This program is free software: you can redistribute it and/or
|
||||||
|
# modify it under the terms of the GNU General Public License as
|
||||||
|
# published by the Free Software Foundation, either version 2 of
|
||||||
|
# the License, or (at your option) any later version.
|
||||||
|
#
|
||||||
|
# This program is distributed in the hope that it will be
|
||||||
|
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||||
|
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||||
|
# PURPOSE. See the GNU General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public License
|
||||||
|
# along with this program. If not, see http://www.gnu.org/licenses/.
|
||||||
|
#
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
|
||||||
|
export TEST=testparm
|
||||||
|
export TESTVERSION=1.0
|
||||||
|
|
||||||
|
BUILT_FILES=
|
||||||
|
|
||||||
|
FILES=$(METADATA) runtest.sh Makefile
|
||||||
|
|
||||||
|
.PHONY: all install download clean
|
||||||
|
|
||||||
|
run: $(FILES) build
|
||||||
|
./runtest.sh
|
||||||
|
|
||||||
|
build: $(BUILT_FILES)
|
||||||
|
test -x runtest.sh || chmod a+x runtest.sh
|
||||||
|
|
||||||
|
clean:
|
||||||
|
rm -f *~ $(BUILT_FILES)
|
||||||
|
|
||||||
|
|
||||||
|
include /usr/share/rhts/lib/rhts-make.include
|
||||||
|
|
||||||
|
$(METADATA): Makefile
|
||||||
|
@echo "Owner: Andrej Dzilsky <adzilsky@redhat.com>" > $(METADATA)
|
||||||
|
@echo "Name: $(TEST)" >> $(METADATA)
|
||||||
|
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
|
||||||
|
@echo "Path: $(TEST_DIR)" >> $(METADATA)
|
||||||
|
@echo "Description: Basic samba config check" >> $(METADATA)
|
||||||
|
@echo "Type: Regression" >> $(METADATA)
|
||||||
|
@echo "TestTime: 5m" >> $(METADATA)
|
||||||
|
@echo "RunFor: samba" >> $(METADATA)
|
||||||
|
@echo "Priority: Normal" >> $(METADATA)
|
||||||
|
@echo "License: GPLv2+" >> $(METADATA)
|
||||||
|
@echo "Confidential: no" >> $(METADATA)
|
||||||
|
@echo "Destructive: no" >> $(METADATA)
|
||||||
|
@echo "Bug: 1653890" >> $(METADATA)
|
||||||
|
|
||||||
|
rhts-lint $(METADATA)
|
43
tests/testparm/runtest.sh
Normal file
43
tests/testparm/runtest.sh
Normal file
@ -0,0 +1,43 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
#
|
||||||
|
# runtest.sh of gating test "testparm"
|
||||||
|
# Description: Basic samba config check
|
||||||
|
# Author: Andrej Dzilsky <adzilsky@redhat.com>
|
||||||
|
#
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
#
|
||||||
|
# Copyright (c) 2019 Red Hat, Inc.
|
||||||
|
#
|
||||||
|
# This program is free software: you can redistribute it and/or
|
||||||
|
# modify it under the terms of the GNU General Public License as
|
||||||
|
# published by the Free Software Foundation, either version 2 of
|
||||||
|
# the License, or (at your option) any later version.
|
||||||
|
#
|
||||||
|
# This program is distributed in the hope that it will be
|
||||||
|
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||||
|
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||||
|
# PURPOSE. See the GNU General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public License
|
||||||
|
# along with this program. If not, see http://www.gnu.org/licenses/.
|
||||||
|
#
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
|
||||||
|
# Include Beaker environment
|
||||||
|
. /usr/bin/rhts-environment.sh || exit 1
|
||||||
|
. /usr/share/beakerlib/beakerlib.sh || exit 1
|
||||||
|
|
||||||
|
# From Andreas Schneider <asn@redhat.com>:
|
||||||
|
# This is a basic test which makes sure the samba is installed and the default
|
||||||
|
# smb.conf is available.
|
||||||
|
|
||||||
|
rlJournalStart
|
||||||
|
|
||||||
|
rlPhaseStartTest
|
||||||
|
rlRun "testparm -v -s" 0 "testparm ends with expected output"
|
||||||
|
rlPhaseEnd
|
||||||
|
|
||||||
|
rlJournalPrintText
|
||||||
|
rlJournalEnd
|
13
tests/tests.yml
Normal file
13
tests/tests.yml
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
---
|
||||||
|
# This first play always runs on the local staging system
|
||||||
|
- hosts: localhost
|
||||||
|
roles:
|
||||||
|
- role: standard-test-beakerlib
|
||||||
|
tags:
|
||||||
|
- classic
|
||||||
|
tests:
|
||||||
|
- testparm
|
||||||
|
required_packages:
|
||||||
|
- samba
|
||||||
|
- samba-client
|
||||||
|
- samba-common
|
Loading…
Reference in New Issue
Block a user