Compare commits

..

3 Commits

Author SHA1 Message Date
04e2eb07a7 Update to 4.18.6-2.alma.1 2023-11-23 10:49:17 +03:00
791775af87 Merge branch 'c8' into a8 2023-11-23 10:33:34 +03:00
bb27d63e76 - Fix CVE-2023-3347
- netlogon: add support for netr_LogonGetCapabilities response level 2
2023-08-03 11:09:27 +03:00
10 changed files with 717 additions and 2019 deletions

2
.gitignore vendored
View File

@ -1,2 +1,2 @@
SOURCES/samba-4.19.4.tar.xz
SOURCES/samba-4.18.6.tar.xz
SOURCES/samba-pubkey_AA99442FB680B620.gpg

View File

@ -1,2 +1,2 @@
6a164128df94dd89e785ca9f42d7be5714f16bed SOURCES/samba-4.19.4.tar.xz
12b41f2a849cb6c40e9f5b174bb1cd823a060bd7 SOURCES/samba-4.18.6.tar.xz
971f563c447eda8d144d6c9e743cd0f0488c0d9e SOURCES/samba-pubkey_AA99442FB680B620.gpg

View File

@ -0,0 +1,295 @@
From 09ee91a8f7e53f688f091fe67e0b95d1d34fb9c9 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Tue, 25 Jul 2023 17:41:04 -0700
Subject: [PATCH 1/3] CVE-2023-3961:s3:smbd: Catch any incoming pipe path that
could exit socket_dir.
For now, SMB_ASSERT() to exit the server. We will remove
this once the test code is in place.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15422
Signed-off-by: Jeremy Allison <jra@samba.org>
---
source3/rpc_client/local_np.c | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
diff --git a/source3/rpc_client/local_np.c b/source3/rpc_client/local_np.c
index 0b323404f06..95228d5d801 100644
--- a/source3/rpc_client/local_np.c
+++ b/source3/rpc_client/local_np.c
@@ -542,6 +542,24 @@ struct tevent_req *local_np_connect_send(
return tevent_req_post(req, ev);
}
+ /*
+ * Ensure we cannot process a path that exits
+ * the socket_dir.
+ */
+ if (ISDOTDOT(lower_case_pipename) ||
+ (strchr(lower_case_pipename, '/')!=NULL))
+ {
+ DBG_DEBUG("attempt to connect to invalid pipe pathname %s\n",
+ lower_case_pipename);
+ /*
+ * For now, panic the server until we have
+ * the test code in place.
+ */
+ SMB_ASSERT(false);
+ tevent_req_error(req, ENOENT);
+ return tevent_req_post(req, ev);
+ }
+
state->socketpath = talloc_asprintf(
state, "%s/np/%s", socket_dir, lower_case_pipename);
if (tevent_req_nomem(state->socketpath, req)) {
--
2.39.2
From 34d4258e77d7a3f48004e88161ac2398e9669a4b Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Tue, 25 Jul 2023 17:49:21 -0700
Subject: [PATCH 2/3] CVE-2023-3961:s3:torture: Add test SMB2-INVALID-PIPENAME
to show we allow bad pipenames with unix separators through to the UNIX
domain socket code.
The raw SMB2-INVALID-PIPENAME test passes against Windows 2022,
as it just returns NT_STATUS_OBJECT_NAME_NOT_FOUND.
Add the knownfail.
BUG:https://bugzilla.samba.org/show_bug.cgi?id=15422
Signed-off-by: Jeremy Allison <jra@samba.org>
---
selftest/knownfail.d/badpipename | 1 +
source3/selftest/tests.py | 14 ++++
source3/torture/proto.h | 1 +
source3/torture/test_smb2.c | 107 +++++++++++++++++++++++++++++++
source3/torture/torture.c | 4 ++
5 files changed, 127 insertions(+)
create mode 100644 selftest/knownfail.d/badpipename
diff --git a/selftest/knownfail.d/badpipename b/selftest/knownfail.d/badpipename
new file mode 100644
index 00000000000..e69715f863d
--- /dev/null
+++ b/selftest/knownfail.d/badpipename
@@ -0,0 +1 @@
+^samba3.smbtorture_s3.smb2.SMB2-INVALID-PIPENAME.smbtorture\(fileserver\)
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index 1fdcad1089f..2c8336d35e8 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -296,6 +296,20 @@ plantestsuite("samba3.smbtorture_s3.smb2.SMB2-DFS-FILENAME-LEADING-BACKSLASH",
smbtorture3,
"-mSMB2"])
+# BUG: https://bugzilla.samba.org/show_bug.cgi?id=15422
+# Prevent bad pipenames.
+#
+plantestsuite("samba3.smbtorture_s3.smb2.SMB2-INVALID-PIPENAME",
+ "fileserver",
+ [os.path.join(samba3srcdir,
+ "script/tests/test_smbtorture_s3.sh"),
+ 'SMB2-INVALID-PIPENAME',
+ '//$SERVER_IP/tmp',
+ '$USERNAME',
+ '$PASSWORD',
+ smbtorture3,
+ "-mSMB2"])
+
#
# SMB2-NON-DFS-SHARE needs to run against a special share non-msdfs-pathname-share
# This is an empty non-DFS share with no links, used merely to test
diff --git a/source3/torture/proto.h b/source3/torture/proto.h
index 21d7b3e00a7..3751697596a 100644
--- a/source3/torture/proto.h
+++ b/source3/torture/proto.h
@@ -124,6 +124,7 @@ bool run_smb2_dfs_paths(int dummy);
bool run_smb2_non_dfs_share(int dummy);
bool run_smb2_dfs_share_non_dfs_path(int dummy);
bool run_smb2_dfs_filename_leading_backslash(int dummy);
+bool run_smb2_invalid_pipename(int dummy);
bool run_smb1_dfs_paths(int dummy);
bool run_smb1_dfs_search_paths(int dummy);
bool run_smb1_dfs_operations(int dummy);
diff --git a/source3/torture/test_smb2.c b/source3/torture/test_smb2.c
index 269ade4ef61..7ea3d83de10 100644
--- a/source3/torture/test_smb2.c
+++ b/source3/torture/test_smb2.c
@@ -5136,3 +5136,110 @@ bool run_smb2_dfs_filename_leading_backslash(int dummy)
(void)smb2_dfs_delete(cli, dfs_filename_slash);
return retval;
}
+
+bool run_smb2_invalid_pipename(int dummy)
+{
+ struct cli_state *cli = NULL;
+ NTSTATUS status;
+ uint64_t fid_persistent = 0;
+ uint64_t fid_volatile = 0;
+ const char *unknown_pipe = "badpipe";
+ const char *invalid_pipe = "../../../../../../../../../badpipe";
+
+ printf("Starting SMB2-INVALID-PIPENAME\n");
+
+ if (!torture_init_connection(&cli)) {
+ return false;
+ }
+
+ status = smbXcli_negprot(cli->conn,
+ cli->timeout,
+ PROTOCOL_SMB2_02,
+ PROTOCOL_SMB3_11);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smbXcli_negprot returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = cli_session_setup_creds(cli, torture_creds);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("cli_session_setup returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = cli_tree_connect(cli, "IPC$", "?????", NULL);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("cli_tree_connect returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ /* Try and connect to an unknown pipename. */
+ status = smb2cli_create(cli->conn,
+ cli->timeout,
+ cli->smb2.session,
+ cli->smb2.tcon,
+ unknown_pipe,
+ SMB2_OPLOCK_LEVEL_NONE, /* oplock_level, */
+ SMB2_IMPERSONATION_IMPERSONATION, /* impersonation_level, */
+ SEC_STD_SYNCHRONIZE|
+ SEC_FILE_READ_DATA|
+ SEC_FILE_WRITE_DATA|
+ SEC_FILE_READ_ATTRIBUTE, /* desired_access, */
+ FILE_ATTRIBUTE_NORMAL, /* file_attributes, */
+ FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, /* share_access, */
+ FILE_CREATE, /* create_disposition, */
+ 0, /* create_options, */
+ NULL, /* smb2_create_blobs *blobs */
+ &fid_persistent,
+ &fid_volatile,
+ NULL, /* struct smb_create_returns * */
+ talloc_tos(), /* mem_ctx. */
+ NULL, /* struct smb2_create_blobs * */
+ NULL); /* struct symlink_reparse_struct */
+ /* We should get NT_STATUS_OBJECT_NAME_NOT_FOUND */
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
+ printf("%s:%d smb2cli_create on name %s returned %s\n",
+ __FILE__,
+ __LINE__,
+ unknown_pipe,
+ nt_errstr(status));
+ return false;
+ }
+
+ /* Try and connect to an invalid pipename containing unix separators. */
+ status = smb2cli_create(cli->conn,
+ cli->timeout,
+ cli->smb2.session,
+ cli->smb2.tcon,
+ invalid_pipe,
+ SMB2_OPLOCK_LEVEL_NONE, /* oplock_level, */
+ SMB2_IMPERSONATION_IMPERSONATION, /* impersonation_level, */
+ SEC_STD_SYNCHRONIZE|
+ SEC_FILE_READ_DATA|
+ SEC_FILE_WRITE_DATA|
+ SEC_FILE_READ_ATTRIBUTE, /* desired_access, */
+ FILE_ATTRIBUTE_NORMAL, /* file_attributes, */
+ FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, /* share_access, */
+ FILE_CREATE, /* create_disposition, */
+ 0, /* create_options, */
+ NULL, /* smb2_create_blobs *blobs */
+ &fid_persistent,
+ &fid_volatile,
+ NULL, /* struct smb_create_returns * */
+ talloc_tos(), /* mem_ctx. */
+ NULL, /* struct smb2_create_blobs * */
+ NULL); /* struct symlink_reparse_struct */
+ /*
+ * We should still get NT_STATUS_OBJECT_NAME_NOT_FOUND
+ * (tested against Windows 2022).
+ */
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
+ printf("%s:%d smb2cli_create on name %s returned %s\n",
+ __FILE__,
+ __LINE__,
+ invalid_pipe,
+ nt_errstr(status));
+ return false;
+ }
+ return true;
+}
diff --git a/source3/torture/torture.c b/source3/torture/torture.c
index 1315b328f5f..d53699c3b02 100644
--- a/source3/torture/torture.c
+++ b/source3/torture/torture.c
@@ -15727,6 +15727,10 @@ static struct {
.name = "SMB2-DFS-FILENAME-LEADING-BACKSLASH",
.fn = run_smb2_dfs_filename_leading_backslash,
},
+ {
+ .name = "SMB2-INVALID-PIPENAME",
+ .fn = run_smb2_invalid_pipename,
+ },
{
.name = "SMB1-TRUNCATED-SESSSETUP",
.fn = run_smb1_truncated_sesssetup,
--
2.39.2
From cbd81ca9d7ea1d5a6ea2b1026bc342ff996cca7c Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Tue, 25 Jul 2023 17:54:41 -0700
Subject: [PATCH 3/3] CVE-2023-3961:s3: smbd: Remove the SMB_ASSERT() that
crashes on bad pipenames.
We correctly handle this and just return ENOENT (NT_STATUS_OBJECT_NAME_NOT_FOUND).
Remove knowfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15422
Signed-off-by: Jeremy Allison <jra@samba.org>
---
selftest/knownfail.d/badpipename | 1 -
source3/rpc_client/local_np.c | 5 -----
2 files changed, 6 deletions(-)
delete mode 100644 selftest/knownfail.d/badpipename
diff --git a/selftest/knownfail.d/badpipename b/selftest/knownfail.d/badpipename
deleted file mode 100644
index e69715f863d..00000000000
--- a/selftest/knownfail.d/badpipename
+++ /dev/null
@@ -1 +0,0 @@
-^samba3.smbtorture_s3.smb2.SMB2-INVALID-PIPENAME.smbtorture\(fileserver\)
diff --git a/source3/rpc_client/local_np.c b/source3/rpc_client/local_np.c
index 95228d5d801..791ded99a47 100644
--- a/source3/rpc_client/local_np.c
+++ b/source3/rpc_client/local_np.c
@@ -551,11 +551,6 @@ struct tevent_req *local_np_connect_send(
{
DBG_DEBUG("attempt to connect to invalid pipe pathname %s\n",
lower_case_pipename);
- /*
- * For now, panic the server until we have
- * the test code in place.
- */
- SMB_ASSERT(false);
tevent_req_error(req, ENOENT);
return tevent_req_post(req, ev);
}
--
2.39.2

View File

@ -0,0 +1,239 @@
From a4a3868fda277ddf0f174b77a859c33e4c339538 Mon Sep 17 00:00:00 2001
From: Ralph Boehme <slow@samba.org>
Date: Tue, 1 Aug 2023 12:30:00 +0200
Subject: [PATCH 1/2] CVE-2023-4091: smbtorture: test overwrite dispositions on
read-only file
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15439
Signed-off-by: Ralph Boehme <slow@samba.org>
---
selftest/knownfail.d/samba3.smb2.acls | 1 +
source4/torture/smb2/acls.c | 143 ++++++++++++++++++++++++++
2 files changed, 144 insertions(+)
create mode 100644 selftest/knownfail.d/samba3.smb2.acls
diff --git a/selftest/knownfail.d/samba3.smb2.acls b/selftest/knownfail.d/samba3.smb2.acls
new file mode 100644
index 000000000000..18df260c0e50
--- /dev/null
+++ b/selftest/knownfail.d/samba3.smb2.acls
@@ -0,0 +1 @@
+^samba3.smb2.acls.OVERWRITE_READ_ONLY_FILE
diff --git a/source4/torture/smb2/acls.c b/source4/torture/smb2/acls.c
index a27d4e079e67..5a892d004ea8 100644
--- a/source4/torture/smb2/acls.c
+++ b/source4/torture/smb2/acls.c
@@ -2989,6 +2989,148 @@ static bool test_mxac_not_granted(struct torture_context *tctx,
return ret;
}
+static bool test_overwrite_read_only_file(struct torture_context *tctx,
+ struct smb2_tree *tree)
+{
+ NTSTATUS status;
+ struct smb2_create c;
+ const char *fname = BASEDIR "\\test_overwrite_read_only_file.txt";
+ struct smb2_handle handle = {{0}};
+ union smb_fileinfo q;
+ union smb_setfileinfo set;
+ struct security_descriptor *sd = NULL, *sd_orig = NULL;
+ const char *owner_sid = NULL;
+ int i;
+ bool ret = true;
+
+ struct tcase {
+ int disposition;
+ const char *disposition_string;
+ NTSTATUS expected_status;
+ } tcases[] = {
+#define TCASE(d, s) { \
+ .disposition = d, \
+ .disposition_string = #d, \
+ .expected_status = s, \
+ }
+ TCASE(NTCREATEX_DISP_OPEN, NT_STATUS_OK),
+ TCASE(NTCREATEX_DISP_SUPERSEDE, NT_STATUS_ACCESS_DENIED),
+ TCASE(NTCREATEX_DISP_OVERWRITE, NT_STATUS_ACCESS_DENIED),
+ TCASE(NTCREATEX_DISP_OVERWRITE_IF, NT_STATUS_ACCESS_DENIED),
+ };
+#undef TCASE
+
+ ret = smb2_util_setup_dir(tctx, tree, BASEDIR);
+ torture_assert_goto(tctx, ret, ret, done, "smb2_util_setup_dir not ok");
+
+ c = (struct smb2_create) {
+ .in.desired_access = SEC_STD_READ_CONTROL |
+ SEC_STD_WRITE_DAC |
+ SEC_STD_WRITE_OWNER,
+ .in.file_attributes = FILE_ATTRIBUTE_NORMAL,
+ .in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+ NTCREATEX_SHARE_ACCESS_WRITE,
+ .in.create_disposition = NTCREATEX_DISP_OPEN_IF,
+ .in.impersonation_level = NTCREATEX_IMPERSONATION_ANONYMOUS,
+ .in.fname = fname,
+ };
+
+ status = smb2_create(tree, tctx, &c);
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+ "smb2_create failed\n");
+ handle = c.out.file.handle;
+
+ torture_comment(tctx, "get the original sd\n");
+
+ ZERO_STRUCT(q);
+ q.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
+ q.query_secdesc.in.file.handle = handle;
+ q.query_secdesc.in.secinfo_flags = SECINFO_DACL | SECINFO_OWNER;
+
+ status = smb2_getinfo_file(tree, tctx, &q);
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+ "smb2_getinfo_file failed\n");
+ sd_orig = q.query_secdesc.out.sd;
+
+ owner_sid = dom_sid_string(tctx, sd_orig->owner_sid);
+
+ sd = security_descriptor_dacl_create(tctx,
+ 0, NULL, NULL,
+ owner_sid,
+ SEC_ACE_TYPE_ACCESS_ALLOWED,
+ SEC_FILE_READ_DATA,
+ 0,
+ NULL);
+
+ ZERO_STRUCT(set);
+ set.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
+ set.set_secdesc.in.file.handle = handle;
+ set.set_secdesc.in.secinfo_flags = SECINFO_DACL;
+ set.set_secdesc.in.sd = sd;
+
+ status = smb2_setinfo_file(tree, &set);
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+ "smb2_setinfo_file failed\n");
+
+ smb2_util_close(tree, handle);
+ ZERO_STRUCT(handle);
+
+ for (i = 0; i < ARRAY_SIZE(tcases); i++) {
+ torture_comment(tctx, "Verify open with %s dispostion\n",
+ tcases[i].disposition_string);
+
+ c = (struct smb2_create) {
+ .in.create_disposition = tcases[i].disposition,
+ .in.desired_access = SEC_FILE_READ_DATA,
+ .in.file_attributes = FILE_ATTRIBUTE_NORMAL,
+ .in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
+ .in.impersonation_level = NTCREATEX_IMPERSONATION_ANONYMOUS,
+ .in.fname = fname,
+ };
+
+ status = smb2_create(tree, tctx, &c);
+ smb2_util_close(tree, c.out.file.handle);
+ torture_assert_ntstatus_equal_goto(
+ tctx, status, tcases[i].expected_status, ret, done,
+ "smb2_create failed\n");
+ };
+
+ torture_comment(tctx, "put back original sd\n");
+
+ c = (struct smb2_create) {
+ .in.desired_access = SEC_STD_WRITE_DAC,
+ .in.file_attributes = FILE_ATTRIBUTE_NORMAL,
+ .in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
+ .in.create_disposition = NTCREATEX_DISP_OPEN_IF,
+ .in.impersonation_level = NTCREATEX_IMPERSONATION_ANONYMOUS,
+ .in.fname = fname,
+ };
+
+ status = smb2_create(tree, tctx, &c);
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+ "smb2_create failed\n");
+ handle = c.out.file.handle;
+
+ ZERO_STRUCT(set);
+ set.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
+ set.set_secdesc.in.file.handle = handle;
+ set.set_secdesc.in.secinfo_flags = SECINFO_DACL;
+ set.set_secdesc.in.sd = sd_orig;
+
+ status = smb2_setinfo_file(tree, &set);
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+ "smb2_setinfo_file failed\n");
+
+ smb2_util_close(tree, handle);
+ ZERO_STRUCT(handle);
+
+done:
+ smb2_util_close(tree, handle);
+ smb2_util_unlink(tree, fname);
+ smb2_deltree(tree, BASEDIR);
+ return ret;
+}
+
/*
basic testing of SMB2 ACLs
*/
@@ -3017,6 +3159,7 @@ struct torture_suite *torture_smb2_acls_init(TALLOC_CTX *ctx)
test_deny1);
torture_suite_add_1smb2_test(suite, "MXAC-NOT-GRANTED",
test_mxac_not_granted);
+ torture_suite_add_1smb2_test(suite, "OVERWRITE_READ_ONLY_FILE", test_overwrite_read_only_file);
suite->description = talloc_strdup(suite, "SMB2-ACLS tests");
--
2.41.0
From 5b5e2b1714e4a242b1cea44deff1f380620872c9 Mon Sep 17 00:00:00 2001
From: Ralph Boehme <slow@samba.org>
Date: Tue, 1 Aug 2023 13:04:36 +0200
Subject: [PATCH 2/2] CVE-2023-4091: smbd: use open_access_mask for access
check in open_file()
If the client requested FILE_OVERWRITE[_IF], we're implicitly adding
FILE_WRITE_DATA to the open_access_mask in open_file_ntcreate(), but for the
access check we're using access_mask which doesn't contain the additional
right, which means we can end up truncating a file for which the user has
only read-only access via an SD.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15439
Signed-off-by: Ralph Boehme <slow@samba.org>
---
selftest/knownfail.d/samba3.smb2.acls | 1 -
source3/smbd/open.c | 4 ++--
2 files changed, 2 insertions(+), 3 deletions(-)
delete mode 100644 selftest/knownfail.d/samba3.smb2.acls
diff --git a/selftest/knownfail.d/samba3.smb2.acls b/selftest/knownfail.d/samba3.smb2.acls
deleted file mode 100644
index 18df260c0e50..000000000000
--- a/selftest/knownfail.d/samba3.smb2.acls
+++ /dev/null
@@ -1 +0,0 @@
-^samba3.smb2.acls.OVERWRITE_READ_ONLY_FILE
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index 94f50becb247..0c9ddfe7c948 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -1442,7 +1442,7 @@ static NTSTATUS open_file(struct smb_request *req,
dirfsp,
fsp,
false,
- access_mask);
+ open_access_mask);
if (!NT_STATUS_IS_OK(status)) {
DBG_DEBUG("smbd_check_access_rights_fsp"
@@ -1633,7 +1633,7 @@ static NTSTATUS open_file(struct smb_request *req,
status = smbd_check_access_rights_fsp(dirfsp,
fsp,
false,
- access_mask);
+ open_access_mask);
if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND) &&
posix_open &&
--
2.41.0

View File

@ -0,0 +1,123 @@
From e534a858d15589f27181b82c8ed8abefc56fb95f Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Tue, 12 Sep 2023 18:59:44 +1200
Subject: [PATCH 1/2] CVE-2023-42669 s4-rpc_server: Disable rpcecho server by
default
The rpcecho server is useful in development and testing, but should never
have been allowed into production, as it includes the facility to
do a blocking sleep() in the single-threaded rpc worker.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15474
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
---
docs-xml/smbdotconf/protocol/dcerpcendpointservers.xml | 2 +-
lib/param/loadparm.c | 2 +-
selftest/target/Samba4.pm | 2 +-
source3/param/loadparm.c | 2 +-
source4/rpc_server/wscript_build | 3 ++-
5 files changed, 6 insertions(+), 5 deletions(-)
diff --git a/docs-xml/smbdotconf/protocol/dcerpcendpointservers.xml b/docs-xml/smbdotconf/protocol/dcerpcendpointservers.xml
index 8a217cc7f11..c6642b795fd 100644
--- a/docs-xml/smbdotconf/protocol/dcerpcendpointservers.xml
+++ b/docs-xml/smbdotconf/protocol/dcerpcendpointservers.xml
@@ -6,6 +6,6 @@
<para>Specifies which DCE/RPC endpoint servers should be run.</para>
</description>
-<value type="default">epmapper, wkssvc, rpcecho, samr, netlogon, lsarpc, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver</value>
+<value type="default">epmapper, wkssvc, samr, netlogon, lsarpc, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver</value>
<value type="example">rpcecho</value>
</samba:parameter>
diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c
index 16cb0d47f31..83b05260e09 100644
--- a/lib/param/loadparm.c
+++ b/lib/param/loadparm.c
@@ -2730,7 +2730,7 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
lpcfg_do_global_parameter(lp_ctx, "ntvfs handler", "unixuid default");
lpcfg_do_global_parameter(lp_ctx, "max connections", "0");
- lpcfg_do_global_parameter(lp_ctx, "dcerpc endpoint servers", "epmapper wkssvc rpcecho samr netlogon lsarpc drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver");
+ lpcfg_do_global_parameter(lp_ctx, "dcerpc endpoint servers", "epmapper wkssvc samr netlogon lsarpc drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver");
lpcfg_do_global_parameter(lp_ctx, "server services", "s3fs rpc nbt wrepl ldap cldap kdc drepl winbindd ntp_signd kcc dnsupdate dns");
lpcfg_do_global_parameter(lp_ctx, "kccsrv:samba_kcc", "true");
/* the winbind method for domain controllers is for both RODC
diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index d15156a538b..5687d2a8587 100755
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -783,7 +783,7 @@ sub provision_raw_step1($$)
wins support = yes
server role = $ctx->{server_role}
server services = +echo $services
- dcerpc endpoint servers = +winreg +srvsvc
+ dcerpc endpoint servers = +winreg +srvsvc +rpcecho
notify:inotify = false
ldb:nosync = true
ldap server require strong auth = yes
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 12718ced9e7..e33751a27e3 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -883,7 +883,7 @@ static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals)
Globals.server_services = str_list_make_v3_const(NULL, "s3fs rpc nbt wrepl ldap cldap kdc drepl winbindd ntp_signd kcc dnsupdate dns", NULL);
- Globals.dcerpc_endpoint_servers = str_list_make_v3_const(NULL, "epmapper wkssvc rpcecho samr netlogon lsarpc drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver", NULL);
+ Globals.dcerpc_endpoint_servers = str_list_make_v3_const(NULL, "epmapper wkssvc samr netlogon lsarpc drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver", NULL);
Globals.tls_enabled = true;
Globals.tls_verify_peer = TLS_VERIFY_PEER_AS_STRICT_AS_POSSIBLE;
diff --git a/source4/rpc_server/wscript_build b/source4/rpc_server/wscript_build
index 0e44a3c2bae..31ec4f60c9a 100644
--- a/source4/rpc_server/wscript_build
+++ b/source4/rpc_server/wscript_build
@@ -33,7 +33,8 @@ bld.SAMBA_MODULE('dcerpc_rpcecho',
source='echo/rpc_echo.c',
subsystem='dcerpc_server',
init_function='dcerpc_server_rpcecho_init',
- deps='ndr-standard events'
+ deps='ndr-standard events',
+ enabled=bld.CONFIG_GET('ENABLE_SELFTEST')
)
--
2.25.1
From 8ce92246a016f3e7f23b6a94ceb666f776e56998 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Tue, 12 Sep 2023 19:01:03 +1200
Subject: [PATCH 2/2] CVE-2023-42669 s3-rpc_server: Disable rpcecho for
consistency with the AD DC
The rpcecho server in source3 does have samba the sleep() feature that
the s4 version has, but the task architecture is different, so there
is not the same impact. Hoever equally this is not something that
should be enabled on production builds of Samba, so restrict to
selftest builds.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15474
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
---
source3/rpc_server/wscript_build | 1 +
1 file changed, 1 insertion(+)
diff --git a/source3/rpc_server/wscript_build b/source3/rpc_server/wscript_build
index 341df41a321..5ed81283395 100644
--- a/source3/rpc_server/wscript_build
+++ b/source3/rpc_server/wscript_build
@@ -38,6 +38,7 @@ bld.SAMBA3_BINARY('rpcd_rpcecho',
RPC_WORKER
RPC_RPCECHO
''',
+ for_selftest=True,
install_path='${SAMBA_LIBEXECDIR}')
bld.SAMBA3_BINARY('rpcd_classic',
--
2.25.1

View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmTc/5EACgkQqplEL7aA
tiB+4RAAkcRhO1/ZC7sXgqAqTZY05On8g2GLeuBh2Q+u7QIyjcDLuJWzp0TkrbMn
LBGtFAyCxM1JbW/K1UNafeQcf3UKzY1nIPtUpqVjN7qMxt0BDZ6MsXGbB/qhyGMZ
YnsZ8of/8NOUKx5KbrSeN5TqjICWTVRKi7KPcBrD51sTSt5unXYrolyJpKoPjYYU
lQS8cnh/shfvvFX4fYf9XtFS2OcQqCTFrLeajb6DU7Ep6ZBZa9r3m5Gk3ZvhBu9r
qowmQDqbNfo++wIkOaehD6tQsWcY2XvfBCFLqtSnF1SraN0jpdYr08dbcRGyuhFd
DS9+4BwCCML0mip7aaP6NHZpN+LvyYkAKPuKo8mW8pxe3i8ctxcTyN6SfmZA6RlE
bcmRQSkBD/e0jjBX5nR0zsaT01bgE1bBvbro0ZKHpR7/k6WeV+k6jDmqqXnYj3uB
61fCtf41w1b2pMhty70niga2gxaHrSqu9gqSl2wk/uMhwtdntqrJtaWIChWM0CRs
b6pfbjEZM2NDhsLe3idvY9Hl1hlKrMtoLJTu7fksTDVJzWPfqOCyIOc1DkxbCqlG
XB9fbre57DWIpRvNK4pu108LiGbavK2rLC6wlcjshP3/9BA3c3HO/JPQGtDAn1UE
JVQlYT1Fzzp9RU8U5Khz9D7pB3k6K19ZIo3q5xTA/V5O6axB5WM=
=GnJM
-----END PGP SIGNATURE-----

File diff suppressed because it is too large Load Diff

View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmWcCFAACgkQqplEL7aA
tiDKSBAAuWA9jT6xCfFACIlme7DbEoUm/Bsbf+GM2Somd3pgajekiNxo7CsW9Xub
Vmpj0Q5OKiri81XTqA8LlqMCBliqfw/rnP48kCH0YqXzjqD6aYuwmk0Q4G3wWBTJ
2ZT/wOpbM3YooFfE9Iffz6uNgAiQ/8kpBt2m6Zzfy8n1ThfztyGAGaSmrUWxgUlq
XjRjtgTw4isZBm+RzCFSGuPxvWvxRlfD5JCe2gc221rI3kbaQE2GSxdZ6D0635Ln
iy64SLIAKkQCrrFFckudSCCLKgLNdIClEwzamhhCbmCxnWMDufzN+BQZhq3axQ+x
svPfZqltVSQztr4nPGvKdebtVLL2Zyf/LtXWQP/s66quHlHFoEAC7MuD6tEMQVar
JQUCN51Gs0Yk12iReQFm6/Uo35aPAlai1e2uOkNzS5FnagRObYt6FYeQripks4I8
ZW5VvF4cE0zqdjrlG+Ttqmpbj7i6AUJj9wSbrEOFDUhTL+QPPOfJ05yr1BHmS6nJ
vuuUs+ei/DnYEFS91P81h5NuOdpRHIBTG6LUOLz5KOoNdIgvzjD/Ugyscj4AFTBo
+NTG9nNr6gkLV/6dxDRR2/sbU6P+FZBL+JVUoDR7XQ7oHG7sFV+/8Dtu8RivEw++
1sNGqxvGkwu7JunMkJO5YZRwXi81v3nmHkWKgb0+52iYXgmdesY=
=kOPP
-----END PGP SIGNATURE-----

View File

@ -1,2 +0,0 @@
#Type Name ID
g wbpriv 88

View File

@ -121,12 +121,9 @@
#endif fedora || rhel >= 8
%endif
# Build the ctdb-pcp-pmda package by default on Fedora, except for i686 where
# pcp is no longer supported
# Build the ctdb-pcp-pmda package by default on Fedora
%if 0%{?fedora}
%ifnarch i686
%bcond_without pcp_pmda
%endif
%else
%bcond_with pcp_pmda
%endif
@ -138,16 +135,10 @@
%bcond_with etcd_mutex
%endif
%if 0%{?fedora} || 0%{?rhel} >= 9
%bcond_without gpupdate
%else
%bcond_with gpupdate
%endif
%define samba_requires_eq() %(LC_ALL="C" echo '%*' | xargs -r rpm -q --qf 'Requires: %%{name} = %%{epoch}:%%{version}\\n' | sed -e 's/ (none):/ /' -e 's/ 0:/ /' | grep -v "is not")
%global samba_version 4.19.4
%global baserelease 5
%global samba_version 4.18.6
%global baserelease 2
# This should be rc1 or %%nil
%global pre_release %nil
@ -180,10 +171,10 @@
%global libsmbclient_so_version 0
%global libwbclient_so_version 0
%global talloc_version 2.4.1
%global tdb_version 1.4.9
%global tevent_version 0.15.0
%global ldb_version 2.8.0
%global talloc_version 2.4.0
%global tdb_version 1.4.8
%global tevent_version 0.14.1
%global ldb_version 2.7.2
%global required_mit_krb5 1.18
@ -211,7 +202,7 @@
Name: samba
Version: %{samba_version}
Release: %{samba_release}%{?dist}
Release: %{samba_release}%{?dist}.alma.1
%if 0%{?fedora}
Epoch: 2
@ -239,16 +230,17 @@ Source14: samba.pamd
Source15: usershares.conf.vendor
Source16: samba-systemd-sysusers.conf
Source17: samba-usershares-systemd-sysusers.conf
Source18: samba-winbind-systemd-sysusers.conf
Source201: README.downgrade
Source202: samba.abignore
# Backport bug fixes to https://gitlab.com/samba-redhat/samba/-/tree/v4-19-redhat
# This will give us CI and makes it easy to generate patchsets.
#
# Generate the patchset using: git format-patch -l1 --stdout -N > samba-4.19-redhat.patch
Patch0: samba-4.19-redhat.patch
# Patches were taken from:
# https://attachments.samba.org/attachment.cgi?id=18128
Patch1: CVE-2023-3961-s3-smbd-Catch-any-incoming-pipe-path-that.patch
# https://attachments.samba.org/attachment.cgi?id=18131
Patch2: CVE-2023-4091-smbtorture-test-overwrite-dispositions-on.patch
# https://attachments.samba.org/attachment.cgi?id=18136
Patch3: CVE-2023-42669-s4-rpc_server-Disable-rpcecho-server-by.patch
Requires(pre): /usr/sbin/groupadd
@ -346,11 +338,9 @@ BuildRequires: zlib-devel >= 1.2.3
BuildRequires: pkgconfig(libsystemd)
%ifnarch i686
%if 0%{?fedora} >= 37
BuildRequires: mold
%endif
%endif
%if %{with vfs_glusterfs}
BuildRequires: glusterfs-api-devel >= 3.4.0.16
@ -375,10 +365,6 @@ BuildRequires: librados-devel
BuildRequires: python3-etcd
%endif
%if %{with gpupdate}
BuildRequires: cepces
%endif
# pidl requirements
BuildRequires: perl(ExtUtils::MakeMaker)
BuildRequires: perl(FindBin)
@ -743,7 +729,7 @@ Samba VFS module for GlusterFS integration.
%endif
### GPUPDATE
%if %{with gpupdate}
%if %{with dc}
%package gpupdate
Summary: Samba GPO support for clients
Requires: cepces
@ -755,7 +741,7 @@ Requires: python3-%{name} = %{samba_depver}
This package provides the samba-gpupdate tool to apply Group Policy Objects
(GPO) on Samba clients.
#endif with gpupdate
# /with dc
%endif
### KRB5-PRINTING
@ -920,8 +906,6 @@ Summary: Samba Python libraries for Samba AD
Requires: %{name}-client-libs = %{samba_depver}
Requires: %{name}-dc-libs = %{samba_depver}
Requires: python3-%{name} = %{samba_depver}
# for ms_forest_updates_markdown.py and ms_schema_markdown.py
Requires: python3-markdown
%description -n python3-samba-dc
The python3-%{name}-dc package contains the Python libraries needed by programs
@ -1283,17 +1267,8 @@ rm -f lib/crypto/{aes,rijndael}*.c
# TODO: resolve underlinked python modules
export python_LDFLAGS="$(echo %{__global_ldflags} | sed -e 's/-Wl,-z,defs//g')"
# Use the mold linker if possible
export python_LDFLAGS="$(echo %{__global_ldflags} | sed -e 's/-Wl,-z,defs//g')"
%ifnarch i686
%if 0%{?fedora} >= 37
export LDFLAGS="%{__global_ldflags} -fuse-ld=mold"
export python_LDFLAGS="$(echo ${LDFLAGS} | sed -e 's/-Wl,-z,defs//g')"
#endif fedora >= 37
%endif
#endif narch i686
%endif
# Use the gold linker
export LDFLAGS="%{__global_ldflags} -fuse-ld=gold"
# Add support for mock ccache plugin
%if %{with ccache}
@ -1423,7 +1398,6 @@ echo "d /run/ctdb 755 root root" > %{buildroot}%{_tmpfilesdir}/ctdb.conf
install -d -m 0755 %{buildroot}%{_sysusersdir}
install -m 0644 %{SOURCE16} %{buildroot}%{_sysusersdir}/samba.conf
install -m 0644 %{SOURCE17} %{buildroot}%{_sysusersdir}/samba-usershares.conf
install -m 0644 %{SOURCE18} %{buildroot}%{_sysusersdir}/samba-winbind.conf
install -d -m 0755 %{buildroot}%{_sysconfdir}/sysconfig
install -m 0644 packaging/systemd/samba.sysconfig %{buildroot}%{_sysconfdir}/sysconfig/samba
@ -1451,17 +1425,14 @@ touch %{buildroot}%{_libdir}/krb5/plugins/libkrb5/winbind_krb5_locator.so
for i in \
%{_mandir}/man8/samba.8 \
%{_mandir}/man8/samba_downgrade_db.8 \
%{_mandir}/man8/samba-gpupdate.8 \
%{_unitdir}/samba.service \
%{_sbindir}/samba-gpupdate \
; do
rm -f %{buildroot}$i
done
%endif
%if %{without gpupdate}
rm -f %{buildroot}%{_sbindir}/samba-gpupdate
rm -f %{buildroot}%{_mandir}/man8/samba-gpupdate.8*
%endif
%if %{without vfs_glusterfs}
rm -f %{buildroot}%{_mandir}/man8/vfs_glusterfs.8*
%endif
@ -1538,8 +1509,11 @@ export WINBINDD_DONT_LOG_STDOUT=1
%systemd_postun_with_restart nmb.service
%pre common
# This creates the group 'printadmin'
%if 0%{?fedora} || 0%{?rhel} > 8
%sysusers_create_compat %{SOURCE16}
%else
getent group printadmin >/dev/null || groupadd -r printadmin || :
%endif
%post common
%{?ldconfig}
@ -1609,11 +1583,13 @@ fi
%ldconfig_scriptlets test
%pre usershares
# This creates the group 'usershares'
%if 0%{?fedora} || 0%{?rhel} > 8
%sysusers_create_compat %{SOURCE17}
%else
getent group usershares >/dev/null || groupadd -r usershares || :
%endif
%pre winbind
# This creates the group 'wbpriv'
/usr/sbin/groupadd -g 88 wbpriv >/dev/null 2>&1 || :
%post winbind
@ -1825,6 +1801,7 @@ fi
%{_mandir}/man1/smbclient.1*
%{_mandir}/man1/smbcquotas.1*
%{_mandir}/man1/smbget.1*
%{_mandir}/man5/smbgetrc.5*
%{_mandir}/man1/smbtar.1*
%{_mandir}/man1/smbtree.1*
%{_mandir}/man7/traffic_learner.7.*
@ -2031,12 +2008,10 @@ fi
%{_bindir}/net
%{_bindir}/pdbedit
%{_bindir}/profiles
%{_bindir}/samba-log-parser
%{_bindir}/smbcontrol
%{_bindir}/smbpasswd
%{_bindir}/testparm
%{_mandir}/man1/profiles.1*
%{_mandir}/man1/samba-log-parser.1*
%{_mandir}/man1/smbcontrol.1*
%{_mandir}/man1/testparm.1*
%{_mandir}/man8/net.8*
@ -2057,9 +2032,6 @@ fi
%{_libexecdir}/samba/rpcd_fsrvp
%{_libexecdir}/samba/rpcd_lsad
%{_libexecdir}/samba/rpcd_mdssvc
%if %{with testsuite}
%{_libexecdir}/samba/rpcd_rpcecho
%endif
%{_libexecdir}/samba/rpcd_spoolss
%{_libexecdir}/samba/rpcd_winreg
%{_mandir}/man8/samba-dcerpcd.8*
@ -2182,8 +2154,6 @@ fi
%endif
%{_libdir}/libdcerpc-server.so.*
%{_libdir}/samba/libad-claims-samba4.so
%{_libdir}/samba/libauthn-policy-util-samba4.so
%{_libdir}/samba/libdsdb-module-samba4.so
%{_libdir}/samba/libdsdb-garbage-collect-tombstones-samba4.so
%{_libdir}/samba/libscavenge-dns-records-samba4.so
@ -2352,11 +2322,10 @@ fi
%endif
### GPUPDATE
%if %{with gpupdate}
%if %{with dc}
%files gpupdate
%{_mandir}/man8/samba-gpupdate.8*
%{_sbindir}/samba-gpupdate
#endif with gpupdate
%endif
### KRB5-PRINTING
@ -2480,7 +2449,6 @@ fi
%{python3_sitearch}/samba/__pycache__/descriptor.*.pyc
%{python3_sitearch}/samba/__pycache__/dnsresolver.*.pyc
%{python3_sitearch}/samba/__pycache__/drs_utils.*.pyc
%{python3_sitearch}/samba/__pycache__/functional_level.*.pyc
%{python3_sitearch}/samba/__pycache__/getopt.*.pyc
%{python3_sitearch}/samba/__pycache__/graph.*.pyc
%{python3_sitearch}/samba/__pycache__/hostconfig.*.pyc
@ -2492,7 +2460,6 @@ fi
%{python3_sitearch}/samba/__pycache__/ms_schema.*.pyc
%{python3_sitearch}/samba/__pycache__/ndr.*.pyc
%{python3_sitearch}/samba/__pycache__/ntacls.*.pyc
%{python3_sitearch}/samba/__pycache__/policies.*.pyc
%{python3_sitearch}/samba/__pycache__/safe_tarfile.*.pyc
%{python3_sitearch}/samba/__pycache__/sd_utils.*.pyc
%{python3_sitearch}/samba/__pycache__/sites.*.pyc
@ -2562,7 +2529,6 @@ fi
%{python3_sitearch}/samba/drs_utils.py
%{python3_sitearch}/samba/dsdb.*.so
%{python3_sitearch}/samba/dsdb_dns.*.so
%{python3_sitearch}/samba/functional_level.py
%{python3_sitearch}/samba/gensec.*.so
%{python3_sitearch}/samba/getopt.py
%{python3_sitearch}/samba/graph.py
@ -2585,8 +2551,6 @@ fi
%{python3_sitearch}/samba/emulate/traffic_packets.py
%dir %{python3_sitearch}/samba/gp
%dir %{python3_sitearch}/samba/gp/__pycache__
%{python3_sitearch}/samba/gp/__init__.py
%{python3_sitearch}/samba/gp/__pycache__/__init__.*.pyc
%{python3_sitearch}/samba/gp/__pycache__/gpclass.*.pyc
%{python3_sitearch}/samba/gp/__pycache__/gp_centrify_crontab_ext.*.pyc
%{python3_sitearch}/samba/gp/__pycache__/gp_centrify_sudoers_ext.*.pyc
@ -2665,12 +2629,12 @@ fi
%{python3_sitearch}/samba/netcmd/__pycache__/dbcheck.*.pyc
%{python3_sitearch}/samba/netcmd/__pycache__/delegation.*.pyc
%{python3_sitearch}/samba/netcmd/__pycache__/dns.*.pyc
%{python3_sitearch}/samba/netcmd/__pycache__/domain.*.pyc
%{python3_sitearch}/samba/netcmd/__pycache__/domain_backup.*.pyc
%{python3_sitearch}/samba/netcmd/__pycache__/drs.*.pyc
%{python3_sitearch}/samba/netcmd/__pycache__/dsacl.*.pyc
%{python3_sitearch}/samba/netcmd/__pycache__/encoders.*.pyc
%{python3_sitearch}/samba/netcmd/__pycache__/forest.*.pyc
%{python3_sitearch}/samba/netcmd/__pycache__/fsmo.*.pyc
%{python3_sitearch}/samba/netcmd/__pycache__/gpcommon.*.pyc
%{python3_sitearch}/samba/netcmd/__pycache__/gpo.*.pyc
%{python3_sitearch}/samba/netcmd/__pycache__/group.*.pyc
%{python3_sitearch}/samba/netcmd/__pycache__/ldapcmp.*.pyc
@ -2686,102 +2650,19 @@ fi
%{python3_sitearch}/samba/netcmd/__pycache__/spn.*.pyc
%{python3_sitearch}/samba/netcmd/__pycache__/testparm.*.pyc
%{python3_sitearch}/samba/netcmd/__pycache__/user.*.pyc
%{python3_sitearch}/samba/netcmd/__pycache__/validators.*.pyc
%{python3_sitearch}/samba/netcmd/__pycache__/visualize.*.pyc
%{python3_sitearch}/samba/netcmd/common.py
%{python3_sitearch}/samba/netcmd/computer.py
%{python3_sitearch}/samba/netcmd/contact.py
%{python3_sitearch}/samba/netcmd/dbcheck.py
%{python3_sitearch}/samba/netcmd/delegation.py
%dir %{python3_sitearch}/samba/netcmd/domain
%{python3_sitearch}/samba/netcmd/domain/__init__.py
%dir %{python3_sitearch}/samba/netcmd/domain/__pycache__
%{python3_sitearch}/samba/netcmd/domain/__pycache__/__init__.*.pyc
%{python3_sitearch}/samba/netcmd/domain/__pycache__/backup.*.pyc
%{python3_sitearch}/samba/netcmd/domain/__pycache__/classicupgrade.*.pyc
%{python3_sitearch}/samba/netcmd/domain/__pycache__/common.*.pyc
%{python3_sitearch}/samba/netcmd/domain/__pycache__/dcpromo.*.pyc
%{python3_sitearch}/samba/netcmd/domain/__pycache__/demote.*.pyc
%{python3_sitearch}/samba/netcmd/domain/__pycache__/functional_prep.*.pyc
%{python3_sitearch}/samba/netcmd/domain/__pycache__/info.*.pyc
%{python3_sitearch}/samba/netcmd/domain/__pycache__/join.*.pyc
%{python3_sitearch}/samba/netcmd/domain/__pycache__/keytab.*.pyc
%{python3_sitearch}/samba/netcmd/domain/__pycache__/leave.*.pyc
%{python3_sitearch}/samba/netcmd/domain/__pycache__/level.*.pyc
%{python3_sitearch}/samba/netcmd/domain/__pycache__/passwordsettings.*.pyc
%{python3_sitearch}/samba/netcmd/domain/__pycache__/provision.*.pyc
%{python3_sitearch}/samba/netcmd/domain/__pycache__/samba3upgrade.*.pyc
%{python3_sitearch}/samba/netcmd/domain/__pycache__/schemaupgrade.*.pyc
%{python3_sitearch}/samba/netcmd/domain/__pycache__/tombstones.*.pyc
%{python3_sitearch}/samba/netcmd/domain/__pycache__/trust.*.pyc
%dir %{python3_sitearch}/samba/netcmd/domain/auth
%{python3_sitearch}/samba/netcmd/domain/auth/__init__.py
%dir %{python3_sitearch}/samba/netcmd/domain/auth/__pycache__
%{python3_sitearch}/samba/netcmd/domain/auth/__pycache__/__init__.*.pyc
%{python3_sitearch}/samba/netcmd/domain/auth/__pycache__/policy.*.pyc
%{python3_sitearch}/samba/netcmd/domain/auth/__pycache__/silo.*.pyc
%{python3_sitearch}/samba/netcmd/domain/auth/__pycache__/silo_member.*.pyc
%{python3_sitearch}/samba/netcmd/domain/auth/policy.py
%{python3_sitearch}/samba/netcmd/domain/auth/silo.py
%{python3_sitearch}/samba/netcmd/domain/auth/silo_member.py
%{python3_sitearch}/samba/netcmd/domain/backup.py
%dir %{python3_sitearch}/samba/netcmd/domain/claim
%{python3_sitearch}/samba/netcmd/domain/claim/__init__.py
%dir %{python3_sitearch}/samba/netcmd/domain/claim/__pycache__
%{python3_sitearch}/samba/netcmd/domain/claim/__pycache__/__init__.*.pyc
%{python3_sitearch}/samba/netcmd/domain/claim/__pycache__/claim_type.*.pyc
%{python3_sitearch}/samba/netcmd/domain/claim/__pycache__/value_type.*.pyc
%{python3_sitearch}/samba/netcmd/domain/claim/claim_type.py
%{python3_sitearch}/samba/netcmd/domain/claim/value_type.py
%{python3_sitearch}/samba/netcmd/domain/classicupgrade.py
%{python3_sitearch}/samba/netcmd/domain/common.py
%{python3_sitearch}/samba/netcmd/domain/dcpromo.py
%{python3_sitearch}/samba/netcmd/domain/demote.py
%{python3_sitearch}/samba/netcmd/domain/functional_prep.py
%{python3_sitearch}/samba/netcmd/domain/info.py
%{python3_sitearch}/samba/netcmd/domain/join.py
%{python3_sitearch}/samba/netcmd/domain/keytab.py
%{python3_sitearch}/samba/netcmd/domain/leave.py
%{python3_sitearch}/samba/netcmd/domain/level.py
%dir %{python3_sitearch}/samba/netcmd/domain/models
%{python3_sitearch}/samba/netcmd/domain/models/__init__.py
%dir %{python3_sitearch}/samba/netcmd/domain/models/__pycache__
%{python3_sitearch}/samba/netcmd/domain/models/__pycache__/__init__.*.pyc
%{python3_sitearch}/samba/netcmd/domain/models/__pycache__/auth_policy.*.pyc
%{python3_sitearch}/samba/netcmd/domain/models/__pycache__/auth_silo.*.pyc
%{python3_sitearch}/samba/netcmd/domain/models/__pycache__/claim_type.*.pyc
%{python3_sitearch}/samba/netcmd/domain/models/__pycache__/exceptions.*.pyc
%{python3_sitearch}/samba/netcmd/domain/models/__pycache__/fields.*.pyc
%{python3_sitearch}/samba/netcmd/domain/models/__pycache__/model.*.pyc
%{python3_sitearch}/samba/netcmd/domain/models/__pycache__/schema.*.pyc
%{python3_sitearch}/samba/netcmd/domain/models/__pycache__/site.*.pyc
%{python3_sitearch}/samba/netcmd/domain/models/__pycache__/subnet.*.pyc
%{python3_sitearch}/samba/netcmd/domain/models/__pycache__/user.*.pyc
%{python3_sitearch}/samba/netcmd/domain/models/__pycache__/value_type.*.pyc
%{python3_sitearch}/samba/netcmd/domain/models/auth_policy.py
%{python3_sitearch}/samba/netcmd/domain/models/auth_silo.py
%{python3_sitearch}/samba/netcmd/domain/models/claim_type.py
%{python3_sitearch}/samba/netcmd/domain/models/exceptions.py
%{python3_sitearch}/samba/netcmd/domain/models/fields.py
%{python3_sitearch}/samba/netcmd/domain/models/model.py
%{python3_sitearch}/samba/netcmd/domain/models/schema.py
%{python3_sitearch}/samba/netcmd/domain/models/site.py
%{python3_sitearch}/samba/netcmd/domain/models/subnet.py
%{python3_sitearch}/samba/netcmd/domain/models/user.py
%{python3_sitearch}/samba/netcmd/domain/models/value_type.py
%{python3_sitearch}/samba/netcmd/domain/passwordsettings.py
%{python3_sitearch}/samba/netcmd/domain/provision.py
%{python3_sitearch}/samba/netcmd/domain/samba3upgrade.py
%{python3_sitearch}/samba/netcmd/domain/schemaupgrade.py
%{python3_sitearch}/samba/netcmd/domain/tombstones.py
%{python3_sitearch}/samba/netcmd/domain/trust.py
%{python3_sitearch}/samba/netcmd/dns.py
%{python3_sitearch}/samba/netcmd/domain.py
%{python3_sitearch}/samba/netcmd/domain_backup.py
%{python3_sitearch}/samba/netcmd/drs.py
%{python3_sitearch}/samba/netcmd/dsacl.py
%{python3_sitearch}/samba/netcmd/encoders.py
%{python3_sitearch}/samba/netcmd/forest.py
%{python3_sitearch}/samba/netcmd/fsmo.py
%{python3_sitearch}/samba/netcmd/gpcommon.py
%{python3_sitearch}/samba/netcmd/gpo.py
%{python3_sitearch}/samba/netcmd/group.py
%{python3_sitearch}/samba/netcmd/ldapcmp.py
@ -2797,11 +2678,9 @@ fi
%{python3_sitearch}/samba/netcmd/spn.py
%{python3_sitearch}/samba/netcmd/testparm.py
%{python3_sitearch}/samba/netcmd/user.py
%{python3_sitearch}/samba/netcmd/validators.py
%{python3_sitearch}/samba/netcmd/visualize.py
%{python3_sitearch}/samba/ntacls.py
%{python3_sitearch}/samba/param.*.so
%{python3_sitearch}/samba/policies.py
%{python3_sitearch}/samba/policy.*.so
%{python3_sitearch}/samba/registry.*.so
%{python3_sitearch}/samba/reparse_symlink.*.so
@ -2978,7 +2857,6 @@ fi
%{python3_sitearch}/samba/tests/__pycache__/ldap_referrals.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/ldap_spn.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/ldap_upn_sam_account.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/ldap_whoami.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/loadparm.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/logfiles.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/libsmb.*.pyc
@ -3026,7 +2904,6 @@ fi
%{python3_sitearch}/samba/tests/__pycache__/s3_net_join.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/safe_tarfile.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/samba_upgradedns_lmdb.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/samba_startup_fl_change.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/samba3sam.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/samdb.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/samdb_api.*.pyc
@ -3209,11 +3086,8 @@ fi
%{python3_sitearch}/samba/tests/krb5/__pycache__/alias_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/as_canonicalization_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/as_req_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/authn_policy_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/claims_in_pac.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/claims_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/compatability_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/device_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/etype_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/fast_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/group_tests.*.pyc
@ -3226,7 +3100,6 @@ fi
%{python3_sitearch}/samba/tests/krb5/__pycache__/ms_kile_client_principal_lookup_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/nt_hash_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/pac_align_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/pkinit_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/protected_users_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/raw_testcase.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/rfc4120_constants.*.pyc
@ -3246,11 +3119,8 @@ fi
%{python3_sitearch}/samba/tests/krb5/alias_tests.py
%{python3_sitearch}/samba/tests/krb5/as_canonicalization_tests.py
%{python3_sitearch}/samba/tests/krb5/as_req_tests.py
%{python3_sitearch}/samba/tests/krb5/authn_policy_tests.py
%{python3_sitearch}/samba/tests/krb5/claims_in_pac.py
%{python3_sitearch}/samba/tests/krb5/claims_tests.py
%{python3_sitearch}/samba/tests/krb5/compatability_tests.py
%{python3_sitearch}/samba/tests/krb5/device_tests.py
%{python3_sitearch}/samba/tests/krb5/etype_tests.py
%{python3_sitearch}/samba/tests/krb5/fast_tests.py
%{python3_sitearch}/samba/tests/krb5/group_tests.py
@ -3263,7 +3133,6 @@ fi
%{python3_sitearch}/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py
%{python3_sitearch}/samba/tests/krb5/nt_hash_tests.py
%{python3_sitearch}/samba/tests/krb5/pac_align_tests.py
%{python3_sitearch}/samba/tests/krb5/pkinit_tests.py
%{python3_sitearch}/samba/tests/krb5/protected_users_tests.py
%{python3_sitearch}/samba/tests/krb5/raw_testcase.py
%{python3_sitearch}/samba/tests/krb5/rfc4120_constants.py
@ -3285,7 +3154,6 @@ fi
%{python3_sitearch}/samba/tests/ldap_spn.py
%{python3_sitearch}/samba/tests/ldap_referrals.py
%{python3_sitearch}/samba/tests/ldap_upn_sam_account.py
%{python3_sitearch}/samba/tests/ldap_whoami.py
%{python3_sitearch}/samba/tests/libsmb.py
%{python3_sitearch}/samba/tests/libsmb-basic.py
%{python3_sitearch}/samba/tests/loadparm.py
@ -3333,7 +3201,6 @@ fi
%{python3_sitearch}/samba/tests/s3_net_join.py
%{python3_sitearch}/samba/tests/safe_tarfile.py
%{python3_sitearch}/samba/tests/samba3sam.py
%{python3_sitearch}/samba/tests/samba_startup_fl_change.py
%{python3_sitearch}/samba/tests/samba_upgradedns_lmdb.py
%dir %{python3_sitearch}/samba/tests/samba_tool
%{python3_sitearch}/samba/tests/samba_tool/__init__.py
@ -3344,11 +3211,6 @@ fi
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/contact.*.pyc
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/demote.*.pyc
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/dnscmd.*.pyc
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/domain_auth_base.*.pyc
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/domain_auth_policy.*.pyc
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/domain_auth_silo.*.pyc
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/domain_claim.*.pyc
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/domain_models.*.pyc
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/drs_clone_dc_data_lmdb_size.*.pyc
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/dsacl.*.pyc
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/forest.*.pyc
@ -3386,11 +3248,6 @@ fi
%{python3_sitearch}/samba/tests/samba_tool/contact.py
%{python3_sitearch}/samba/tests/samba_tool/demote.py
%{python3_sitearch}/samba/tests/samba_tool/dnscmd.py
%{python3_sitearch}/samba/tests/samba_tool/domain_auth_base.py
%{python3_sitearch}/samba/tests/samba_tool/domain_auth_policy.py
%{python3_sitearch}/samba/tests/samba_tool/domain_auth_silo.py
%{python3_sitearch}/samba/tests/samba_tool/domain_claim.py
%{python3_sitearch}/samba/tests/samba_tool/domain_models.py
%{python3_sitearch}/samba/tests/samba_tool/drs_clone_dc_data_lmdb_size.py
%{python3_sitearch}/samba/tests/samba_tool/dsacl.py
%{python3_sitearch}/samba/tests/samba_tool/forest.py
@ -3490,7 +3347,6 @@ fi
%{_libdir}/samba/libnss-info-samba4.so
%{_libdir}/samba/libidmap-samba4.so
%{_sbindir}/winbindd
%{_sysusersdir}/samba-winbind.conf
%attr(750,root,wbpriv) %dir /var/lib/samba/winbindd_privileged
%{_unitdir}/winbind.service
%{_prefix}/lib/NetworkManager
@ -4479,39 +4335,13 @@ fi
%endif
%changelog
* Fri Aug 02 2024 Pavel Filipenský <pfilipen@redhat.com> - 4.19.4-5
- resolves: RHEL-45842 - Fix idmap_ad with trusted domains
* Thu May 02 2024 Pavel Filipenský <pfilipen@redhat.com> - 4.19.4-4
- related: RHEL-33813 - Undo wrong changes in rpminspect.yaml
* Thu May 02 2024 Pavel Filipenský <pfilipen@redhat.com> - 4.19.4-4
- resolves: RHEL-33813 - Add option to request only POSIX groups from AD in idmap_ad
* Thu Jan 18 2024 Pavel Filipenský <pfilipen@redhat.com> - 4.19.4-3
- resolves: RHEL-19753 - Fix smbget interactive authentication
* Wed Jan 10 2024 Pavel Filipenský <pfilipen@redhat.com> - 4.19.4-2
- Fix error in PREIN scriptlet in rpm package samba-common
- related: RHEL-16483 - Update to version 4.19.4
* Tue Jan 09 2024 Pavel Filipenský <pfilipen@redhat.com> - 4.19.4-1
- resolves: RHEL-16483 - Update to version 4.19.4
* Thu Dec 14 2023 Pavel Filipenský <pfilipen@redhat.com> - 4.19.3-2
- resolves: RHEL-17283 - Fix smbget password interactive authentication
* Mon Dec 04 2023 Pavel Filipenský <pfilipen@redhat.com> - 4.19.3-1
- resolves: RHEL-16483 - Update to version 4.19.3
- resolves: RHEL-11361
- Fix CVE-2023-3961 CVE-2023-4091 CVE-2023-42669
- resolves: RHEL-2228 - Logging Format Enhancement
- resolves: RHEL-1965 - Fix smbget issues with DFS shares
- resolves: RHEL-2108 - Fix force user/group issues with 'allow trusted domains = yes'
- resolves: RHEL-17122 - Fix memory corruption in libnss_winbind
* Sat Nov 18 2023 Pavel Filipenský <pfilipen@redhat.com> - 4.19.2-0
- resolves: RHEL-16483 - Update to version 4.19.2
* Thu Nov 23 2023 Eduard Abdullin <eabdullin@almalinux.org> - 4.18.6-2.alma.1
- CVE-2023-3961:s3:smbd: Catch any incoming pipe path that
could exit socket_dir.
- CVE-2023-4091: smbtorture: test overwrite dispositions on
read-only file
- CVE-2023-42669 s4-rpc_server: Disable rpcecho server by
default
* Thu Aug 17 2023 Andreas Schneider <asn@redhat.com> - 4.18.6-1
- related: rhbz#2190417 - Update to version 4.18.6