Compare commits
No commits in common. "c8s" and "c8" have entirely different histories.
|
@ -1,18 +1,2 @@
|
||||||
SOURCES/samba-4.17.5.tar.xz
|
SOURCES/samba-4.19.4.tar.xz
|
||||||
/samba-4.17.5.tar.xz
|
SOURCES/samba-pubkey_AA99442FB680B620.gpg
|
||||||
/samba-4.18.2.tar.asc
|
|
||||||
/samba-4.18.2.tar.xz
|
|
||||||
/samba-4.18.3.tar.asc
|
|
||||||
/samba-4.18.3.tar.xz
|
|
||||||
/samba-4.18.4.tar.asc
|
|
||||||
/samba-4.18.4.tar.xz
|
|
||||||
/samba-4.18.5.tar.asc
|
|
||||||
/samba-4.18.5.tar.xz
|
|
||||||
/samba-4.18.6.tar.xz
|
|
||||||
/samba-4.18.6.tar.asc
|
|
||||||
/samba-4.19.2.tar.asc
|
|
||||||
/samba-4.19.2.tar.xz
|
|
||||||
/samba-4.19.3.tar.asc
|
|
||||||
/samba-4.19.3.tar.xz
|
|
||||||
/samba-4.19.4.tar.asc
|
|
||||||
/samba-4.19.4.tar.xz
|
|
||||||
|
|
186
README.md
186
README.md
|
@ -1,186 +0,0 @@
|
||||||
Samba is a free SMB and CIFS client and server and Domain Controller for UNIX
|
|
||||||
and other operating systems. It is maintained by the Samba Team, who support the
|
|
||||||
original author, Andrew Tridgell.
|
|
||||||
|
|
||||||
This software is freely distributable under the GNU public license, a copy of
|
|
||||||
which you should have received with this software (in a file called COPYING).
|
|
||||||
|
|
||||||
# WHAT IS SMB/CIFS?
|
|
||||||
This is a big question.
|
|
||||||
|
|
||||||
The very short answer is that it is the protocol by which a lot of PC-related
|
|
||||||
machines share files and printers and other information such as lists of
|
|
||||||
available files and printers. Operating systems that support this natively
|
|
||||||
include Windows 9x, Windows NT (and derivatives), OS/2, Mac OS X and Linux. Add
|
|
||||||
on packages that achieve the same thing are available for DOS, Windows 3.1, VMS,
|
|
||||||
Unix of all kinds, MVS, and more. Some Web Browsers can speak this protocol as
|
|
||||||
well (smb://). Alternatives to SMB include Netware, NFS, Appletalk, Banyan
|
|
||||||
Vines, Decnet etc; many of these have advantages but none are both public
|
|
||||||
specifications and widely implemented in desktop machines by default.
|
|
||||||
|
|
||||||
The Common Internet File system (CIFS) is what the new SMB initiative is called.
|
|
||||||
For details watch [here](https://samba.org/cifs)
|
|
||||||
|
|
||||||
# WHY DO PEOPLE WANT TO USE SMB?
|
|
||||||
* Many people want to integrate their Microsoft desktop clients with their Unix
|
|
||||||
servers.
|
|
||||||
|
|
||||||
* Others want to integrate their Microsoft (etc) servers with Unix servers. This
|
|
||||||
is a different problem to integrating desktop clients.
|
|
||||||
|
|
||||||
* Others want to replace protocols like NFS, DecNet and Novell NCP, especially
|
|
||||||
when used with PCs.
|
|
||||||
|
|
||||||
# WHAT CAN SAMBA DO?
|
|
||||||
Please refer to the WHATSNEW.txt included with this README for a list of
|
|
||||||
features in the latest Samba release.
|
|
||||||
|
|
||||||
Here is a very short list of what samba includes, and what it does. For many
|
|
||||||
networks this can be simply summarized by "Samba provides a complete replacement
|
|
||||||
for Windows NT, Warp, NFS or Netware servers."
|
|
||||||
* a SMB server, to provide Windows NT and LAN Manager-style file and print
|
|
||||||
services to SMB clients such as Windows 95, Warp Server, smbfs and others.
|
|
||||||
|
|
||||||
* a Windows Domain Controller (NT4 and AD) replacement.
|
|
||||||
|
|
||||||
* a file/print server that can act as a member of a Windows NT 4.0 or Active
|
|
||||||
Directory domain.
|
|
||||||
|
|
||||||
* a NetBIOS (rfc1001/1002) nameserver, which amongst other things gives browsing
|
|
||||||
support. Samba can be the master browser on your LAN if you wish.
|
|
||||||
|
|
||||||
* a ftp-like SMB client so you can access PC resources (disks and printers) from
|
|
||||||
UNIX, Netware, and other operating systems
|
|
||||||
|
|
||||||
* a tar extension to the client for backing up PCs
|
|
||||||
|
|
||||||
* limited command-line tool that supports some of the NT administrative
|
|
||||||
functionality, which can be used on Samba, NT workstation and NT server.
|
|
||||||
|
|
||||||
For a much better overview have a look at the [web site](http://samba.org/samba)
|
|
||||||
and browse the user survey.
|
|
||||||
|
|
||||||
#### Related packages include:
|
|
||||||
* cifsvfs, an advanced Linux-only filesystem allowing you to mount remote SMB
|
|
||||||
filesystems from PCs on your Linux box. This is included as standard with Linux
|
|
||||||
2.5 and later.
|
|
||||||
|
|
||||||
* smbfs, the previous Linux-only filesystem allowing you to mount remote SMB
|
|
||||||
filesystems from PCs on your Linux box. This is included as standard with Linux
|
|
||||||
2.0 and later.
|
|
||||||
|
|
||||||
# CONTRIBUTIONS
|
|
||||||
|
|
||||||
### To contribute via GitHub
|
|
||||||
* fork the official Samba team repository on GitHub
|
|
||||||
-- see [GitHub](https://github.com/samba-team/samba)
|
|
||||||
|
|
||||||
* become familiar with the coding standards as described in README.Coding
|
|
||||||
|
|
||||||
* make sure you read the Samba copyright policy
|
|
||||||
-- see [Copyright Policy](https://www.samba.org/samba/devel/copyright-policy.html)
|
|
||||||
|
|
||||||
* create a feature branch
|
|
||||||
|
|
||||||
* make changes
|
|
||||||
|
|
||||||
* when committing, be sure to add signed-off-by tags
|
|
||||||
-- see [Commit message tags](https://wiki.samba.org/index.php/CodeReview#commit_message_tags)
|
|
||||||
|
|
||||||
* send a pull request for your branch through GitHub
|
|
||||||
|
|
||||||
* this will trigger an email to the samba-technical mailing list
|
|
||||||
|
|
||||||
* discussion happens on the samba-technical mailing list as described below
|
|
||||||
|
|
||||||
* more info on using Git for Samba development can be found on Samba Wiki
|
|
||||||
-- see [Using Git for Samba](https://wiki.samba.org/index.php/Using_Git_for_Samba_Development)
|
|
||||||
|
|
||||||
### To contribute via mailing lists
|
|
||||||
Join the mailing list. The Samba team accepts patches (preferably in "diff -u"
|
|
||||||
format, see [here](https://samba.org/samba/devel) for more details) and are
|
|
||||||
always glad to receive feedback or suggestions to the address
|
|
||||||
samba@lists.samba.org. More information on the various Samba mailing lists can
|
|
||||||
be found at [mailman](http://lists.samba.org).
|
|
||||||
|
|
||||||
You can also get the Samba sourcecode straight from the [git repository](http://wiki.samba.org/index.php/Using_Git_for_Samba_Development).
|
|
||||||
|
|
||||||
If you like a particular feature then look through the git change-log on the
|
|
||||||
[web](https://git.samba.org/?p=samba.git;a=summary) and see who added it, then
|
|
||||||
send them an email.
|
|
||||||
|
|
||||||
Remember that free software of this kind lives or dies by the response we get.
|
|
||||||
If no one tells us they like it then we'll probably move onto something else.
|
|
||||||
|
|
||||||
|
|
||||||
# MORE INFO
|
|
||||||
|
|
||||||
### DOCUMENTATION
|
|
||||||
There is quite a bit of documentation included with the package, including man
|
|
||||||
pages, and lots of .html files with hints and useful info. This is also
|
|
||||||
available from the web page. There is a growing collection of information under
|
|
||||||
docs/.
|
|
||||||
|
|
||||||
A list of Samba documentation in languages other than English is available on
|
|
||||||
the web page.
|
|
||||||
|
|
||||||
If you would like to help with the documentation, please coordinate on the
|
|
||||||
samba@lists.samba.org mailing list. See the next section for details on
|
|
||||||
subscribing to samba mailing lists.
|
|
||||||
|
|
||||||
### MAILING LIST
|
|
||||||
Please do NOT send subscription/unsubscription requests to the lists!
|
|
||||||
|
|
||||||
There is a mailing list for discussion of Samba. For details go to [mailman](https://lists.samba.org)
|
|
||||||
or send mail to <samba-subscribe@lists.samba.org>.
|
|
||||||
|
|
||||||
There is also an announcement mailing list where new versions are announced. To
|
|
||||||
subscribe go to [mailman](http://lists.samba.org) or send mail to
|
|
||||||
<samba-announce-subscribe@lists.samba.org>. All announcements also go to the
|
|
||||||
samba list, so you only need to be on one.
|
|
||||||
|
|
||||||
For details of other Samba mailing lists and for access to archives, see
|
|
||||||
[mailman](http://lists.samba.org)
|
|
||||||
|
|
||||||
### MAILING LIST ETIQUETTE
|
|
||||||
|
|
||||||
A few tips when submitting to this or any mailing list.
|
|
||||||
- Make your subject short and descriptive. Avoid the words "help" or "Samba" in
|
|
||||||
the subject. The readers of this list already know that a) you need help, and b)
|
|
||||||
you are writing about samba (of course, you may need to distinguish between
|
|
||||||
Samba PDC and other file sharing software). Avoid phrases such as "what is" and
|
|
||||||
"how do i". Some good subject lines might look like "Slow response with Excel
|
|
||||||
files" or "Migrating from Samba PDC to NT PDC".
|
|
||||||
|
|
||||||
- If you include the original message in your reply, trim it so that only the
|
|
||||||
relevant lines, enough to establish context, are included. Chances are (since
|
|
||||||
this is a mailing list) we've already read the original message.
|
|
||||||
|
|
||||||
- Trim irrelevant headers from the original message in your reply. All we need
|
|
||||||
to see is a) From, b) Date, and c) Subject. We don't even really need the
|
|
||||||
Subject, if you haven't changed it. Better yet is to just preface the original
|
|
||||||
message with "On [date] [someone] wrote:".
|
|
||||||
|
|
||||||
- Please don't reply to or argue about spam, spam filters or viruses on any
|
|
||||||
Samba lists. We do have a spam filtering system that is working quite well thank
|
|
||||||
you very much but occasionally unwanted messages slip through. Deal with it.
|
|
||||||
|
|
||||||
- Never say "Me too." It doesn't help anyone solve the problem. Instead, if you
|
|
||||||
ARE having the same problem, give more information. Have you seen something that
|
|
||||||
the other writer hasn't mentioned, which may be helpful?
|
|
||||||
|
|
||||||
- If you ask about a problem, then come up with the solution on your own or
|
|
||||||
through another source, by all means post it. Someone else may have the same
|
|
||||||
problem and is waiting for an answer, but never hears of it.
|
|
||||||
|
|
||||||
- Give as much *relevant* information as possible such as Samba release number,
|
|
||||||
OS, kernel version, etc...
|
|
||||||
|
|
||||||
- RTFM. Google.
|
|
||||||
|
|
||||||
### WEB SITE
|
|
||||||
A Samba WWW [site](https://samba.org) has been setup with lots of useful info.
|
|
||||||
|
|
||||||
As well as general information and documentation, this also has searchable
|
|
||||||
archives of the mailing list and a user survey that shows who else is using this
|
|
||||||
package.
|
|
|
@ -0,0 +1,16 @@
|
||||||
|
-----BEGIN PGP SIGNATURE-----
|
||||||
|
|
||||||
|
iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmWcCFAACgkQqplEL7aA
|
||||||
|
tiDKSBAAuWA9jT6xCfFACIlme7DbEoUm/Bsbf+GM2Somd3pgajekiNxo7CsW9Xub
|
||||||
|
Vmpj0Q5OKiri81XTqA8LlqMCBliqfw/rnP48kCH0YqXzjqD6aYuwmk0Q4G3wWBTJ
|
||||||
|
2ZT/wOpbM3YooFfE9Iffz6uNgAiQ/8kpBt2m6Zzfy8n1ThfztyGAGaSmrUWxgUlq
|
||||||
|
XjRjtgTw4isZBm+RzCFSGuPxvWvxRlfD5JCe2gc221rI3kbaQE2GSxdZ6D0635Ln
|
||||||
|
iy64SLIAKkQCrrFFckudSCCLKgLNdIClEwzamhhCbmCxnWMDufzN+BQZhq3axQ+x
|
||||||
|
svPfZqltVSQztr4nPGvKdebtVLL2Zyf/LtXWQP/s66quHlHFoEAC7MuD6tEMQVar
|
||||||
|
JQUCN51Gs0Yk12iReQFm6/Uo35aPAlai1e2uOkNzS5FnagRObYt6FYeQripks4I8
|
||||||
|
ZW5VvF4cE0zqdjrlG+Ttqmpbj7i6AUJj9wSbrEOFDUhTL+QPPOfJ05yr1BHmS6nJ
|
||||||
|
vuuUs+ei/DnYEFS91P81h5NuOdpRHIBTG6LUOLz5KOoNdIgvzjD/Ugyscj4AFTBo
|
||||||
|
+NTG9nNr6gkLV/6dxDRR2/sbU6P+FZBL+JVUoDR7XQ7oHG7sFV+/8Dtu8RivEw++
|
||||||
|
1sNGqxvGkwu7JunMkJO5YZRwXi81v3nmHkWKgb0+52iYXgmdesY=
|
||||||
|
=kOPP
|
||||||
|
-----END PGP SIGNATURE-----
|
|
@ -147,7 +147,7 @@
|
||||||
%define samba_requires_eq() %(LC_ALL="C" echo '%*' | xargs -r rpm -q --qf 'Requires: %%{name} = %%{epoch}:%%{version}\\n' | sed -e 's/ (none):/ /' -e 's/ 0:/ /' | grep -v "is not")
|
%define samba_requires_eq() %(LC_ALL="C" echo '%*' | xargs -r rpm -q --qf 'Requires: %%{name} = %%{epoch}:%%{version}\\n' | sed -e 's/ (none):/ /' -e 's/ 0:/ /' | grep -v "is not")
|
||||||
|
|
||||||
%global samba_version 4.19.4
|
%global samba_version 4.19.4
|
||||||
%global baserelease 4
|
%global baserelease 3
|
||||||
# This should be rc1 or %%nil
|
# This should be rc1 or %%nil
|
||||||
%global pre_release %nil
|
%global pre_release %nil
|
||||||
|
|
||||||
|
@ -244,12 +244,6 @@ Source18: samba-winbind-systemd-sysusers.conf
|
||||||
Source201: README.downgrade
|
Source201: README.downgrade
|
||||||
Source202: samba.abignore
|
Source202: samba.abignore
|
||||||
|
|
||||||
# Backport bug fixes to https://gitlab.com/samba-redhat/samba/-/tree/v4-19-redhat
|
|
||||||
# This will give us CI and makes it easy to generate patchsets.
|
|
||||||
#
|
|
||||||
# Generate the patchset using: git format-patch -l1 --stdout -N > samba-4.19-redhat.patch
|
|
||||||
Patch0: samba-4.19-redhat.patch
|
|
||||||
|
|
||||||
Requires(pre): /usr/sbin/groupadd
|
Requires(pre): /usr/sbin/groupadd
|
||||||
|
|
||||||
Requires(pre): %{name}-common = %{samba_depver}
|
Requires(pre): %{name}-common = %{samba_depver}
|
||||||
|
@ -4479,12 +4473,6 @@ fi
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Thu May 02 2024 Pavel Filipenský <pfilipen@redhat.com> - 4.19.4-4
|
|
||||||
- related: RHEL-33813 - Undo wrong changes in rpminspect.yaml
|
|
||||||
|
|
||||||
* Thu May 02 2024 Pavel Filipenský <pfilipen@redhat.com> - 4.19.4-4
|
|
||||||
- resolves: RHEL-33813 - Add option to request only POSIX groups from AD in idmap_ad
|
|
||||||
|
|
||||||
* Thu Jan 18 2024 Pavel Filipenský <pfilipen@redhat.com> - 4.19.4-3
|
* Thu Jan 18 2024 Pavel Filipenský <pfilipen@redhat.com> - 4.19.4-3
|
||||||
- resolves: RHEL-19753 - Fix smbget interactive authentication
|
- resolves: RHEL-19753 - Fix smbget interactive authentication
|
||||||
|
|
|
@ -1,8 +0,0 @@
|
||||||
# recipients: sssd-qe, asn, pfilipen, ftrivino
|
|
||||||
--- !Policy
|
|
||||||
product_versions:
|
|
||||||
- rhel-8
|
|
||||||
decision_context: osci_compose_gate
|
|
||||||
rules:
|
|
||||||
- !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}
|
|
||||||
- !PassingTestCaseRule {test_case_name: idm-ci.brew-build.tier1.functional}
|
|
|
@ -1,24 +0,0 @@
|
||||||
---
|
|
||||||
badfuncs:
|
|
||||||
ignore:
|
|
||||||
- /usr/bin/nmblookup
|
|
||||||
- /usr/bin/smbtorture
|
|
||||||
- /usr/lib*/libndr.so.*
|
|
||||||
- /usr/lib*/libsmbconf.so.*
|
|
||||||
- /usr/lib*/samba/libgse-samba4.so
|
|
||||||
- /usr/lib*/samba/libsamba-sockets-samba4.so
|
|
||||||
- /usr/lib*/samba/service/nbtd.so
|
|
||||||
- /usr/libexec/ctdb/smnotify
|
|
||||||
- /usr/sbin/nmbd
|
|
||||||
|
|
||||||
runpath:
|
|
||||||
allowed_paths:
|
|
||||||
- /usr/lib/samba
|
|
||||||
- /usr/lib64/samba
|
|
||||||
|
|
||||||
abidiff:
|
|
||||||
suppression_file: samba.abignore
|
|
||||||
|
|
||||||
debuginfo:
|
|
||||||
ignore:
|
|
||||||
- /usr/lib*/libdcerpc-samr.so.*
|
|
File diff suppressed because it is too large
Load Diff
|
@ -1,106 +0,0 @@
|
||||||
From 21d8c1b2dabf8dd5a65de14816c6701e9c81de44 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Andreas Schneider <asn@samba.org>
|
|
||||||
Date: Tue, 5 Dec 2023 15:46:48 +0100
|
|
||||||
Subject: [PATCH 1/2] s3:tests: Add smbget test for
|
|
||||||
smb://DOAMIN;user%password@server/share/file
|
|
||||||
|
|
||||||
This is supported according to the smbget manpage!
|
|
||||||
|
|
||||||
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15525
|
|
||||||
|
|
||||||
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
||||||
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
||||||
(cherry picked from commit e5fe856e76eba26e3b85a391bcea02dfe045c26e)
|
|
||||||
---
|
|
||||||
source3/script/tests/test_smbget.sh | 20 ++++++++++++++++++++
|
|
||||||
1 file changed, 20 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/source3/script/tests/test_smbget.sh b/source3/script/tests/test_smbget.sh
|
|
||||||
index 46c1f4a68a5..bdc62a71eff 100755
|
|
||||||
--- a/source3/script/tests/test_smbget.sh
|
|
||||||
+++ b/source3/script/tests/test_smbget.sh
|
|
||||||
@@ -145,6 +145,22 @@ test_singlefile_smburl()
|
|
||||||
return 0
|
|
||||||
}
|
|
||||||
|
|
||||||
+test_singlefile_smburl2()
|
|
||||||
+{
|
|
||||||
+ clear_download_area
|
|
||||||
+ $SMBGET "smb://$DOMAIN;$USERNAME:$PASSWORD@$SERVER_IP/smbget/testfile"
|
|
||||||
+ if [ $? -ne 0 ]; then
|
|
||||||
+ echo 'ERROR: RC does not match, expected: 0'
|
|
||||||
+ return 1
|
|
||||||
+ fi
|
|
||||||
+ cmp --silent $WORKDIR/testfile ./testfile
|
|
||||||
+ if [ $? -ne 0 ]; then
|
|
||||||
+ echo 'ERROR: file content does not match'
|
|
||||||
+ return 1
|
|
||||||
+ fi
|
|
||||||
+ return 0
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
test_singlefile_authfile()
|
|
||||||
{
|
|
||||||
clear_download_area
|
|
||||||
@@ -499,6 +515,10 @@ testit "download single file with --update and UPN" test_singlefile_U_UPN ||
|
|
||||||
testit "download single file with smb URL" test_singlefile_smburl ||
|
|
||||||
failed=$(expr $failed + 1)
|
|
||||||
|
|
||||||
+testit "download single file with smb URL including domain" \
|
|
||||||
+ test_singlefile_smburl2 ||
|
|
||||||
+ failed=$(expr $failed + 1)
|
|
||||||
+
|
|
||||||
testit "download single file with authfile" test_singlefile_authfile ||
|
|
||||||
failed=$(expr $failed + 1)
|
|
||||||
|
|
||||||
--
|
|
||||||
2.43.0
|
|
||||||
|
|
||||||
|
|
||||||
From e19fa9d75ee70ec23e70f166ee70241c116f7bf5 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Andreas Schneider <asn@samba.org>
|
|
||||||
Date: Wed, 6 Dec 2023 08:48:34 +0100
|
|
||||||
Subject: [PATCH 2/2] s3:utils: Fix setting the debug level
|
|
||||||
|
|
||||||
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15525
|
|
||||||
|
|
||||||
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
||||||
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
||||||
(cherry picked from commit 763b2efe69dc74e1c0cd954607031012f832486d)
|
|
||||||
---
|
|
||||||
source3/utils/smbget.c | 6 +++++-
|
|
||||||
1 file changed, 5 insertions(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/source3/utils/smbget.c b/source3/utils/smbget.c
|
|
||||||
index 5c99dcf918a..8d98ba24602 100644
|
|
||||||
--- a/source3/utils/smbget.c
|
|
||||||
+++ b/source3/utils/smbget.c
|
|
||||||
@@ -849,6 +849,7 @@ int main(int argc, char **argv)
|
|
||||||
uint32_t gensec_features;
|
|
||||||
bool use_wbccache = false;
|
|
||||||
SMBCCTX *smb_ctx = NULL;
|
|
||||||
+ int dbg_lvl = -1;
|
|
||||||
int rc;
|
|
||||||
|
|
||||||
smb_init_locale();
|
|
||||||
@@ -922,13 +923,16 @@ int main(int argc, char **argv)
|
|
||||||
|
|
||||||
samba_cmdline_burn(argc, argv);
|
|
||||||
|
|
||||||
+ /* smbc_new_context() will set the log level to 0 */
|
|
||||||
+ dbg_lvl = debuglevel_get();
|
|
||||||
+
|
|
||||||
smb_ctx = smbc_new_context();
|
|
||||||
if (smb_ctx == NULL) {
|
|
||||||
fprintf(stderr, "Unable to initialize libsmbclient\n");
|
|
||||||
ok = false;
|
|
||||||
goto done;
|
|
||||||
}
|
|
||||||
- smbc_setDebug(smb_ctx, debuglevel_get());
|
|
||||||
+ smbc_setDebug(smb_ctx, dbg_lvl);
|
|
||||||
|
|
||||||
rc = smbc_setConfiguration(smb_ctx, lp_default_path());
|
|
||||||
if (rc < 0) {
|
|
||||||
--
|
|
||||||
2.43.0
|
|
||||||
|
|
File diff suppressed because it is too large
Load Diff
Binary file not shown.
2
sources
2
sources
|
@ -1,2 +0,0 @@
|
||||||
SHA512 (samba-4.19.4.tar.asc) = 11bc51407d1464339817d7568f5d5bb059c19a05b49c6a1307d7425d289acb617ecd3e633e3736bdaa94947a7b3630d6cdb7ed6fe59d52556234c549eca8172a
|
|
||||||
SHA512 (samba-4.19.4.tar.xz) = 3d2899e4a3b8bcb77befc29c4af66d3ac858b7f7a0dbbb66a8bc210cd88d9cde3e11361334a5cce650318473134ec8b134148bfa4af4d51f555de33eff395029
|
|
|
@ -1,62 +0,0 @@
|
||||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
||||||
#
|
|
||||||
# Makefile of gating test "testparm"
|
|
||||||
# Description: Basic config check for samba
|
|
||||||
# Author: Andrej Dzilsky <adzilsky@redhat.com>
|
|
||||||
#
|
|
||||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
||||||
#
|
|
||||||
# Copyright (c) 2019 Red Hat, Inc.
|
|
||||||
#
|
|
||||||
# This program is free software: you can redistribute it and/or
|
|
||||||
# modify it under the terms of the GNU General Public License as
|
|
||||||
# published by the Free Software Foundation, either version 2 of
|
|
||||||
# the License, or (at your option) any later version.
|
|
||||||
#
|
|
||||||
# This program is distributed in the hope that it will be
|
|
||||||
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
|
||||||
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
|
||||||
# PURPOSE. See the GNU General Public License for more details.
|
|
||||||
#
|
|
||||||
# You should have received a copy of the GNU General Public License
|
|
||||||
# along with this program. If not, see http://www.gnu.org/licenses/.
|
|
||||||
#
|
|
||||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
||||||
|
|
||||||
export TEST=testparm
|
|
||||||
export TESTVERSION=1.0
|
|
||||||
|
|
||||||
BUILT_FILES=
|
|
||||||
|
|
||||||
FILES=$(METADATA) runtest.sh Makefile
|
|
||||||
|
|
||||||
.PHONY: all install download clean
|
|
||||||
|
|
||||||
run: $(FILES) build
|
|
||||||
./runtest.sh
|
|
||||||
|
|
||||||
build: $(BUILT_FILES)
|
|
||||||
test -x runtest.sh || chmod a+x runtest.sh
|
|
||||||
|
|
||||||
clean:
|
|
||||||
rm -f *~ $(BUILT_FILES)
|
|
||||||
|
|
||||||
|
|
||||||
include /usr/share/rhts/lib/rhts-make.include
|
|
||||||
|
|
||||||
$(METADATA): Makefile
|
|
||||||
@echo "Owner: Andrej Dzilsky <adzilsky@redhat.com>" > $(METADATA)
|
|
||||||
@echo "Name: $(TEST)" >> $(METADATA)
|
|
||||||
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
|
|
||||||
@echo "Path: $(TEST_DIR)" >> $(METADATA)
|
|
||||||
@echo "Description: Basic samba config check" >> $(METADATA)
|
|
||||||
@echo "Type: Regression" >> $(METADATA)
|
|
||||||
@echo "TestTime: 5m" >> $(METADATA)
|
|
||||||
@echo "RunFor: samba" >> $(METADATA)
|
|
||||||
@echo "Priority: Normal" >> $(METADATA)
|
|
||||||
@echo "License: GPLv2+" >> $(METADATA)
|
|
||||||
@echo "Confidential: no" >> $(METADATA)
|
|
||||||
@echo "Destructive: no" >> $(METADATA)
|
|
||||||
@echo "Bug: 1653890" >> $(METADATA)
|
|
||||||
|
|
||||||
rhts-lint $(METADATA)
|
|
|
@ -1,43 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
|
|
||||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
||||||
#
|
|
||||||
# runtest.sh of gating test "testparm"
|
|
||||||
# Description: Basic samba config check
|
|
||||||
# Author: Andrej Dzilsky <adzilsky@redhat.com>
|
|
||||||
#
|
|
||||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
||||||
#
|
|
||||||
# Copyright (c) 2019 Red Hat, Inc.
|
|
||||||
#
|
|
||||||
# This program is free software: you can redistribute it and/or
|
|
||||||
# modify it under the terms of the GNU General Public License as
|
|
||||||
# published by the Free Software Foundation, either version 2 of
|
|
||||||
# the License, or (at your option) any later version.
|
|
||||||
#
|
|
||||||
# This program is distributed in the hope that it will be
|
|
||||||
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
|
||||||
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
|
||||||
# PURPOSE. See the GNU General Public License for more details.
|
|
||||||
#
|
|
||||||
# You should have received a copy of the GNU General Public License
|
|
||||||
# along with this program. If not, see http://www.gnu.org/licenses/.
|
|
||||||
#
|
|
||||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
||||||
|
|
||||||
# Include Beaker environment
|
|
||||||
. /usr/bin/rhts-environment.sh || exit 1
|
|
||||||
. /usr/share/beakerlib/beakerlib.sh || exit 1
|
|
||||||
|
|
||||||
# From Andreas Schneider <asn@redhat.com>:
|
|
||||||
# This is a basic test which makes sure the samba is installed and the default
|
|
||||||
# smb.conf is available.
|
|
||||||
|
|
||||||
rlJournalStart
|
|
||||||
|
|
||||||
rlPhaseStartTest
|
|
||||||
rlRun "testparm -v -s" 0 "testparm ends with expected output"
|
|
||||||
rlPhaseEnd
|
|
||||||
|
|
||||||
rlJournalPrintText
|
|
||||||
rlJournalEnd
|
|
|
@ -1,13 +0,0 @@
|
||||||
---
|
|
||||||
# This first play always runs on the local staging system
|
|
||||||
- hosts: localhost
|
|
||||||
roles:
|
|
||||||
- role: standard-test-beakerlib
|
|
||||||
tags:
|
|
||||||
- classic
|
|
||||||
tests:
|
|
||||||
- testparm
|
|
||||||
required_packages:
|
|
||||||
- samba
|
|
||||||
- samba-client
|
|
||||||
- samba-common
|
|
|
@ -1,325 +0,0 @@
|
||||||
From 322597e5e243264d56ede73e579b4bf767bca5be Mon Sep 17 00:00:00 2001
|
|
||||||
From: Andreas Schneider <asn@samba.org>
|
|
||||||
Date: Mon, 4 Sep 2023 16:29:46 +0200
|
|
||||||
Subject: [PATCH 1/3] selftest: Show that 'allow trusted domains = no'
|
|
||||||
firewalls Unix User|Group
|
|
||||||
|
|
||||||
UNEXPECTED(failure): samba3.blackbox.smbclient_auth.plain.local_creds.smbclient //LOCALSHARE4/forceuser_unixonly as user(simpleserver)
|
|
||||||
REASON: Exception: Exception: tree connect failed: NT_STATUS_AUTHENTICATION_FIREWALL_FAILED
|
|
||||||
|
|
||||||
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15469
|
|
||||||
|
|
||||||
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
||||||
Reviewed-by: Ralph Boehme <slow@samba.org>
|
|
||||||
(cherry picked from commit ad0c0dd071401d98f0b7f595efbdf5312a165ab4)
|
|
||||||
---
|
|
||||||
selftest/knownfail.d/forceuser_trusteddomains | 2 ++
|
|
||||||
selftest/target/Samba3.pm | 1 +
|
|
||||||
2 files changed, 3 insertions(+)
|
|
||||||
create mode 100644 selftest/knownfail.d/forceuser_trusteddomains
|
|
||||||
|
|
||||||
diff --git a/selftest/knownfail.d/forceuser_trusteddomains b/selftest/knownfail.d/forceuser_trusteddomains
|
|
||||||
new file mode 100644
|
|
||||||
index 00000000000..b515400cd90
|
|
||||||
--- /dev/null
|
|
||||||
+++ b/selftest/knownfail.d/forceuser_trusteddomains
|
|
||||||
@@ -0,0 +1,2 @@
|
|
||||||
+samba3.blackbox.smbclient_auth.plain.local_creds.smbclient...LOCALSHARE4.forceuser_unixonly.as.user.simpleserver
|
|
||||||
+samba3.blackbox.smbclient_auth.plain.local_creds.smbclient...LOCALSHARE4.forceuser_wkngroup.as.user.simpleserver
|
|
||||||
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
|
|
||||||
index 39831afc599..85e69e4b72d 100755
|
|
||||||
--- a/selftest/target/Samba3.pm
|
|
||||||
+++ b/selftest/target/Samba3.pm
|
|
||||||
@@ -1689,6 +1689,7 @@ sub setup_simpleserver
|
|
||||||
vfs objects = xattr_tdb streams_depot
|
|
||||||
change notify = no
|
|
||||||
server smb encrypt = off
|
|
||||||
+ allow trusted domains = no
|
|
||||||
|
|
||||||
[vfs_aio_pthread]
|
|
||||||
path = $prefix_abs/share
|
|
||||||
--
|
|
||||||
2.43.0
|
|
||||||
|
|
||||||
|
|
||||||
From 13775d470f26b8f85d7c7b539276237dc94d54c9 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Andreas Schneider <asn@samba.org>
|
|
||||||
Date: Fri, 8 Sep 2023 12:50:32 +0200
|
|
||||||
Subject: [PATCH 2/3] s3:auth: Remove trailing white spaces from auth_util.c
|
|
||||||
|
|
||||||
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
||||||
Reviewed-by: Ralph Boehme <slow@samba.org>
|
|
||||||
(cherry picked from commit 8f496161463f110e494201303b96dd14ab3774cd)
|
|
||||||
---
|
|
||||||
source3/auth/auth_util.c | 64 ++++++++++++++++++++--------------------
|
|
||||||
1 file changed, 32 insertions(+), 32 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
|
|
||||||
index 293523f4272..e5863d2272b 100644
|
|
||||||
--- a/source3/auth/auth_util.c
|
|
||||||
+++ b/source3/auth/auth_util.c
|
|
||||||
@@ -144,14 +144,14 @@ NTSTATUS make_user_info_map(TALLOC_CTX *mem_ctx,
|
|
||||||
}
|
|
||||||
|
|
||||||
/****************************************************************************
|
|
||||||
- Create an auth_usersupplied_data, making the DATA_BLOBs here.
|
|
||||||
+ Create an auth_usersupplied_data, making the DATA_BLOBs here.
|
|
||||||
Decrypt and encrypt the passwords.
|
|
||||||
****************************************************************************/
|
|
||||||
|
|
||||||
bool make_user_info_netlogon_network(TALLOC_CTX *mem_ctx,
|
|
||||||
struct auth_usersupplied_info **user_info,
|
|
||||||
- const char *smb_name,
|
|
||||||
- const char *client_domain,
|
|
||||||
+ const char *smb_name,
|
|
||||||
+ const char *client_domain,
|
|
||||||
const char *workstation_name,
|
|
||||||
const struct tsocket_address *remote_address,
|
|
||||||
const struct tsocket_address *local_address,
|
|
||||||
@@ -167,12 +167,12 @@ bool make_user_info_netlogon_network(TALLOC_CTX *mem_ctx,
|
|
||||||
DATA_BLOB nt_blob = data_blob(nt_network_pwd, nt_pwd_len);
|
|
||||||
|
|
||||||
status = make_user_info_map(mem_ctx, user_info,
|
|
||||||
- smb_name, client_domain,
|
|
||||||
+ smb_name, client_domain,
|
|
||||||
workstation_name,
|
|
||||||
remote_address,
|
|
||||||
local_address,
|
|
||||||
"SamLogon",
|
|
||||||
- lm_pwd_len ? &lm_blob : NULL,
|
|
||||||
+ lm_pwd_len ? &lm_blob : NULL,
|
|
||||||
nt_pwd_len ? &nt_blob : NULL,
|
|
||||||
NULL, NULL, NULL,
|
|
||||||
AUTH_PASSWORD_RESPONSE);
|
|
||||||
@@ -188,20 +188,20 @@ bool make_user_info_netlogon_network(TALLOC_CTX *mem_ctx,
|
|
||||||
}
|
|
||||||
|
|
||||||
/****************************************************************************
|
|
||||||
- Create an auth_usersupplied_data, making the DATA_BLOBs here.
|
|
||||||
+ Create an auth_usersupplied_data, making the DATA_BLOBs here.
|
|
||||||
Decrypt and encrypt the passwords.
|
|
||||||
****************************************************************************/
|
|
||||||
|
|
||||||
bool make_user_info_netlogon_interactive(TALLOC_CTX *mem_ctx,
|
|
||||||
struct auth_usersupplied_info **user_info,
|
|
||||||
- const char *smb_name,
|
|
||||||
- const char *client_domain,
|
|
||||||
+ const char *smb_name,
|
|
||||||
+ const char *client_domain,
|
|
||||||
const char *workstation_name,
|
|
||||||
const struct tsocket_address *remote_address,
|
|
||||||
const struct tsocket_address *local_address,
|
|
||||||
uint32_t logon_parameters,
|
|
||||||
- const uchar chal[8],
|
|
||||||
- const uchar lm_interactive_pwd[16],
|
|
||||||
+ const uchar chal[8],
|
|
||||||
+ const uchar lm_interactive_pwd[16],
|
|
||||||
const uchar nt_interactive_pwd[16])
|
|
||||||
{
|
|
||||||
struct samr_Password lm_pwd;
|
|
||||||
@@ -250,7 +250,7 @@ bool make_user_info_netlogon_interactive(TALLOC_CTX *mem_ctx,
|
|
||||||
|
|
||||||
nt_status = make_user_info_map(
|
|
||||||
mem_ctx,
|
|
||||||
- user_info,
|
|
||||||
+ user_info,
|
|
||||||
smb_name, client_domain, workstation_name,
|
|
||||||
remote_address,
|
|
||||||
local_address,
|
|
||||||
@@ -280,7 +280,7 @@ bool make_user_info_netlogon_interactive(TALLOC_CTX *mem_ctx,
|
|
||||||
|
|
||||||
bool make_user_info_for_reply(TALLOC_CTX *mem_ctx,
|
|
||||||
struct auth_usersupplied_info **user_info,
|
|
||||||
- const char *smb_name,
|
|
||||||
+ const char *smb_name,
|
|
||||||
const char *client_domain,
|
|
||||||
const struct tsocket_address *remote_address,
|
|
||||||
const struct tsocket_address *local_address,
|
|
||||||
@@ -315,10 +315,10 @@ bool make_user_info_for_reply(TALLOC_CTX *mem_ctx,
|
|
||||||
|
|
||||||
/* We can't do an NT hash here, as the password needs to be
|
|
||||||
case insensitive */
|
|
||||||
- local_nt_blob = data_blob_null;
|
|
||||||
+ local_nt_blob = data_blob_null;
|
|
||||||
} else {
|
|
||||||
- local_lm_blob = data_blob_null;
|
|
||||||
- local_nt_blob = data_blob_null;
|
|
||||||
+ local_lm_blob = data_blob_null;
|
|
||||||
+ local_nt_blob = data_blob_null;
|
|
||||||
}
|
|
||||||
|
|
||||||
plaintext_password_string = talloc_strndup(talloc_tos(),
|
|
||||||
@@ -329,7 +329,7 @@ bool make_user_info_for_reply(TALLOC_CTX *mem_ctx,
|
|
||||||
}
|
|
||||||
|
|
||||||
ret = make_user_info(mem_ctx,
|
|
||||||
- user_info, smb_name, smb_name, client_domain, client_domain,
|
|
||||||
+ user_info, smb_name, smb_name, client_domain, client_domain,
|
|
||||||
get_remote_machine_name(),
|
|
||||||
remote_address,
|
|
||||||
local_address,
|
|
||||||
@@ -403,14 +403,14 @@ bool make_user_info_guest(TALLOC_CTX *mem_ctx,
|
|
||||||
|
|
||||||
nt_status = make_user_info(mem_ctx,
|
|
||||||
user_info,
|
|
||||||
- "","",
|
|
||||||
- "","",
|
|
||||||
- "",
|
|
||||||
+ "","",
|
|
||||||
+ "","",
|
|
||||||
+ "",
|
|
||||||
remote_address,
|
|
||||||
local_address,
|
|
||||||
service_description,
|
|
||||||
- NULL, NULL,
|
|
||||||
- NULL, NULL,
|
|
||||||
+ NULL, NULL,
|
|
||||||
+ NULL, NULL,
|
|
||||||
NULL,
|
|
||||||
AUTH_PASSWORD_RESPONSE);
|
|
||||||
|
|
||||||
@@ -1258,7 +1258,7 @@ done:
|
|
||||||
}
|
|
||||||
|
|
||||||
session_info->unique_session_token = GUID_random();
|
|
||||||
-
|
|
||||||
+
|
|
||||||
*session_info_out = talloc_move(mem_ctx, &session_info);
|
|
||||||
TALLOC_FREE(frame);
|
|
||||||
return NT_STATUS_OK;
|
|
||||||
@@ -1954,9 +1954,9 @@ static NTSTATUS check_account(TALLOC_CTX *mem_ctx, const char *domain,
|
|
||||||
*pwd = passwd;
|
|
||||||
|
|
||||||
/* This is pointless -- there is no support for differing
|
|
||||||
- unix and windows names. Make sure to always store the
|
|
||||||
+ unix and windows names. Make sure to always store the
|
|
||||||
one we actually looked up and succeeded. Have I mentioned
|
|
||||||
- why I hate the 'winbind use default domain' parameter?
|
|
||||||
+ why I hate the 'winbind use default domain' parameter?
|
|
||||||
--jerry */
|
|
||||||
|
|
||||||
*found_username = talloc_strdup( mem_ctx, real_username );
|
|
||||||
@@ -1965,8 +1965,8 @@ static NTSTATUS check_account(TALLOC_CTX *mem_ctx, const char *domain,
|
|
||||||
}
|
|
||||||
|
|
||||||
/****************************************************************************
|
|
||||||
- Wrapper to allow the getpwnam() call to strip the domain name and
|
|
||||||
- try again in case a local UNIX user is already there. Also run through
|
|
||||||
+ Wrapper to allow the getpwnam() call to strip the domain name and
|
|
||||||
+ try again in case a local UNIX user is already there. Also run through
|
|
||||||
the username if we fallback to the username only.
|
|
||||||
****************************************************************************/
|
|
||||||
|
|
||||||
@@ -1977,11 +1977,11 @@ struct passwd *smb_getpwnam( TALLOC_CTX *mem_ctx, const char *domuser,
|
|
||||||
char *p = NULL;
|
|
||||||
const char *username = NULL;
|
|
||||||
|
|
||||||
- /* we only save a copy of the username it has been mangled
|
|
||||||
+ /* we only save a copy of the username it has been mangled
|
|
||||||
by winbindd use default domain */
|
|
||||||
*p_save_username = NULL;
|
|
||||||
|
|
||||||
- /* don't call map_username() here since it has to be done higher
|
|
||||||
+ /* don't call map_username() here since it has to be done higher
|
|
||||||
up the stack so we don't call it multiple times */
|
|
||||||
|
|
||||||
username = talloc_strdup(mem_ctx, domuser);
|
|
||||||
@@ -2068,10 +2068,10 @@ username_only:
|
|
||||||
}
|
|
||||||
|
|
||||||
/***************************************************************************
|
|
||||||
- Make a server_info struct from the info3 returned by a domain logon
|
|
||||||
+ Make a server_info struct from the info3 returned by a domain logon
|
|
||||||
***************************************************************************/
|
|
||||||
|
|
||||||
-NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
|
|
||||||
+NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
|
|
||||||
const char *sent_nt_username,
|
|
||||||
const char *domain,
|
|
||||||
struct auth_serversupplied_info **server_info,
|
|
||||||
@@ -2089,9 +2089,9 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
|
|
||||||
struct dom_sid sid;
|
|
||||||
TALLOC_CTX *tmp_ctx = talloc_stackframe();
|
|
||||||
|
|
||||||
- /*
|
|
||||||
+ /*
|
|
||||||
Here is where we should check the list of
|
|
||||||
- trusted domains, and verify that the SID
|
|
||||||
+ trusted domains, and verify that the SID
|
|
||||||
matches.
|
|
||||||
*/
|
|
||||||
|
|
||||||
--
|
|
||||||
2.43.0
|
|
||||||
|
|
||||||
|
|
||||||
From a83c51913963bbabd5c4fdd00ba2fc69df2b6ca6 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Andreas Schneider <asn@samba.org>
|
|
||||||
Date: Thu, 30 Nov 2023 10:54:07 +0100
|
|
||||||
Subject: [PATCH 3/3] s3:auth: Allow 'Unix Users' and 'Unix Groups' to create a
|
|
||||||
local token
|
|
||||||
|
|
||||||
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15469
|
|
||||||
|
|
||||||
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
||||||
Reviewed-by: Ralph Boehme <slow@samba.org>
|
|
||||||
(cherry picked from commit 00034d022896f879bf91bb78eb9e2972162c99ce)
|
|
||||||
---
|
|
||||||
selftest/knownfail.d/forceuser_trusteddomains | 2 --
|
|
||||||
source3/auth/auth_util.c | 17 ++++++++++++++++-
|
|
||||||
2 files changed, 16 insertions(+), 3 deletions(-)
|
|
||||||
delete mode 100644 selftest/knownfail.d/forceuser_trusteddomains
|
|
||||||
|
|
||||||
diff --git a/selftest/knownfail.d/forceuser_trusteddomains b/selftest/knownfail.d/forceuser_trusteddomains
|
|
||||||
deleted file mode 100644
|
|
||||||
index b515400cd90..00000000000
|
|
||||||
--- a/selftest/knownfail.d/forceuser_trusteddomains
|
|
||||||
+++ /dev/null
|
|
||||||
@@ -1,2 +0,0 @@
|
|
||||||
-samba3.blackbox.smbclient_auth.plain.local_creds.smbclient...LOCALSHARE4.forceuser_unixonly.as.user.simpleserver
|
|
||||||
-samba3.blackbox.smbclient_auth.plain.local_creds.smbclient...LOCALSHARE4.forceuser_wkngroup.as.user.simpleserver
|
|
||||||
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
|
|
||||||
index e5863d2272b..2a35fea5061 100644
|
|
||||||
--- a/source3/auth/auth_util.c
|
|
||||||
+++ b/source3/auth/auth_util.c
|
|
||||||
@@ -21,6 +21,7 @@
|
|
||||||
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
||||||
*/
|
|
||||||
|
|
||||||
+#include "dom_sid.h"
|
|
||||||
#include "includes.h"
|
|
||||||
#include "auth.h"
|
|
||||||
#include "lib/util_unixsids.h"
|
|
||||||
@@ -478,6 +479,7 @@ NTSTATUS create_local_token(TALLOC_CTX *mem_ctx,
|
|
||||||
struct dom_sid tmp_sid;
|
|
||||||
struct auth_session_info *session_info = NULL;
|
|
||||||
struct unixid *ids;
|
|
||||||
+ bool is_allowed = false;
|
|
||||||
|
|
||||||
/* Ensure we can't possible take a code path leading to a
|
|
||||||
* null deref. */
|
|
||||||
@@ -485,7 +487,20 @@ NTSTATUS create_local_token(TALLOC_CTX *mem_ctx,
|
|
||||||
return NT_STATUS_LOGON_FAILURE;
|
|
||||||
}
|
|
||||||
|
|
||||||
- if (!is_allowed_domain(server_info->info3->base.logon_domain.string)) {
|
|
||||||
+ if (is_allowed_domain(server_info->info3->base.logon_domain.string)) {
|
|
||||||
+ is_allowed = true;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ /* Check if we have extra info about the user. */
|
|
||||||
+ if (dom_sid_in_domain(&global_sid_Unix_Users,
|
|
||||||
+ &server_info->extra.user_sid) ||
|
|
||||||
+ dom_sid_in_domain(&global_sid_Unix_Groups,
|
|
||||||
+ &server_info->extra.pgid_sid))
|
|
||||||
+ {
|
|
||||||
+ is_allowed = true;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ if (!is_allowed) {
|
|
||||||
DBG_NOTICE("Authentication failed for user [%s] "
|
|
||||||
"from firewalled domain [%s]\n",
|
|
||||||
server_info->info3->base.account_name.string,
|
|
||||||
--
|
|
||||||
2.43.0
|
|
||||||
|
|
Loading…
Reference in New Issue