Compare commits
No commits in common. "c8s" and "c8" have entirely different histories.
|
@ -1,18 +1,2 @@
|
|||
SOURCES/samba-4.17.5.tar.xz
|
||||
/samba-4.17.5.tar.xz
|
||||
/samba-4.18.2.tar.asc
|
||||
/samba-4.18.2.tar.xz
|
||||
/samba-4.18.3.tar.asc
|
||||
/samba-4.18.3.tar.xz
|
||||
/samba-4.18.4.tar.asc
|
||||
/samba-4.18.4.tar.xz
|
||||
/samba-4.18.5.tar.asc
|
||||
/samba-4.18.5.tar.xz
|
||||
/samba-4.18.6.tar.xz
|
||||
/samba-4.18.6.tar.asc
|
||||
/samba-4.19.2.tar.asc
|
||||
/samba-4.19.2.tar.xz
|
||||
/samba-4.19.3.tar.asc
|
||||
/samba-4.19.3.tar.xz
|
||||
/samba-4.19.4.tar.asc
|
||||
/samba-4.19.4.tar.xz
|
||||
SOURCES/samba-4.19.4.tar.xz
|
||||
SOURCES/samba-pubkey_AA99442FB680B620.gpg
|
||||
|
|
186
README.md
186
README.md
|
@ -1,186 +0,0 @@
|
|||
Samba is a free SMB and CIFS client and server and Domain Controller for UNIX
|
||||
and other operating systems. It is maintained by the Samba Team, who support the
|
||||
original author, Andrew Tridgell.
|
||||
|
||||
This software is freely distributable under the GNU public license, a copy of
|
||||
which you should have received with this software (in a file called COPYING).
|
||||
|
||||
# WHAT IS SMB/CIFS?
|
||||
This is a big question.
|
||||
|
||||
The very short answer is that it is the protocol by which a lot of PC-related
|
||||
machines share files and printers and other information such as lists of
|
||||
available files and printers. Operating systems that support this natively
|
||||
include Windows 9x, Windows NT (and derivatives), OS/2, Mac OS X and Linux. Add
|
||||
on packages that achieve the same thing are available for DOS, Windows 3.1, VMS,
|
||||
Unix of all kinds, MVS, and more. Some Web Browsers can speak this protocol as
|
||||
well (smb://). Alternatives to SMB include Netware, NFS, Appletalk, Banyan
|
||||
Vines, Decnet etc; many of these have advantages but none are both public
|
||||
specifications and widely implemented in desktop machines by default.
|
||||
|
||||
The Common Internet File system (CIFS) is what the new SMB initiative is called.
|
||||
For details watch [here](https://samba.org/cifs)
|
||||
|
||||
# WHY DO PEOPLE WANT TO USE SMB?
|
||||
* Many people want to integrate their Microsoft desktop clients with their Unix
|
||||
servers.
|
||||
|
||||
* Others want to integrate their Microsoft (etc) servers with Unix servers. This
|
||||
is a different problem to integrating desktop clients.
|
||||
|
||||
* Others want to replace protocols like NFS, DecNet and Novell NCP, especially
|
||||
when used with PCs.
|
||||
|
||||
# WHAT CAN SAMBA DO?
|
||||
Please refer to the WHATSNEW.txt included with this README for a list of
|
||||
features in the latest Samba release.
|
||||
|
||||
Here is a very short list of what samba includes, and what it does. For many
|
||||
networks this can be simply summarized by "Samba provides a complete replacement
|
||||
for Windows NT, Warp, NFS or Netware servers."
|
||||
* a SMB server, to provide Windows NT and LAN Manager-style file and print
|
||||
services to SMB clients such as Windows 95, Warp Server, smbfs and others.
|
||||
|
||||
* a Windows Domain Controller (NT4 and AD) replacement.
|
||||
|
||||
* a file/print server that can act as a member of a Windows NT 4.0 or Active
|
||||
Directory domain.
|
||||
|
||||
* a NetBIOS (rfc1001/1002) nameserver, which amongst other things gives browsing
|
||||
support. Samba can be the master browser on your LAN if you wish.
|
||||
|
||||
* a ftp-like SMB client so you can access PC resources (disks and printers) from
|
||||
UNIX, Netware, and other operating systems
|
||||
|
||||
* a tar extension to the client for backing up PCs
|
||||
|
||||
* limited command-line tool that supports some of the NT administrative
|
||||
functionality, which can be used on Samba, NT workstation and NT server.
|
||||
|
||||
For a much better overview have a look at the [web site](http://samba.org/samba)
|
||||
and browse the user survey.
|
||||
|
||||
#### Related packages include:
|
||||
* cifsvfs, an advanced Linux-only filesystem allowing you to mount remote SMB
|
||||
filesystems from PCs on your Linux box. This is included as standard with Linux
|
||||
2.5 and later.
|
||||
|
||||
* smbfs, the previous Linux-only filesystem allowing you to mount remote SMB
|
||||
filesystems from PCs on your Linux box. This is included as standard with Linux
|
||||
2.0 and later.
|
||||
|
||||
# CONTRIBUTIONS
|
||||
|
||||
### To contribute via GitHub
|
||||
* fork the official Samba team repository on GitHub
|
||||
-- see [GitHub](https://github.com/samba-team/samba)
|
||||
|
||||
* become familiar with the coding standards as described in README.Coding
|
||||
|
||||
* make sure you read the Samba copyright policy
|
||||
-- see [Copyright Policy](https://www.samba.org/samba/devel/copyright-policy.html)
|
||||
|
||||
* create a feature branch
|
||||
|
||||
* make changes
|
||||
|
||||
* when committing, be sure to add signed-off-by tags
|
||||
-- see [Commit message tags](https://wiki.samba.org/index.php/CodeReview#commit_message_tags)
|
||||
|
||||
* send a pull request for your branch through GitHub
|
||||
|
||||
* this will trigger an email to the samba-technical mailing list
|
||||
|
||||
* discussion happens on the samba-technical mailing list as described below
|
||||
|
||||
* more info on using Git for Samba development can be found on Samba Wiki
|
||||
-- see [Using Git for Samba](https://wiki.samba.org/index.php/Using_Git_for_Samba_Development)
|
||||
|
||||
### To contribute via mailing lists
|
||||
Join the mailing list. The Samba team accepts patches (preferably in "diff -u"
|
||||
format, see [here](https://samba.org/samba/devel) for more details) and are
|
||||
always glad to receive feedback or suggestions to the address
|
||||
samba@lists.samba.org. More information on the various Samba mailing lists can
|
||||
be found at [mailman](http://lists.samba.org).
|
||||
|
||||
You can also get the Samba sourcecode straight from the [git repository](http://wiki.samba.org/index.php/Using_Git_for_Samba_Development).
|
||||
|
||||
If you like a particular feature then look through the git change-log on the
|
||||
[web](https://git.samba.org/?p=samba.git;a=summary) and see who added it, then
|
||||
send them an email.
|
||||
|
||||
Remember that free software of this kind lives or dies by the response we get.
|
||||
If no one tells us they like it then we'll probably move onto something else.
|
||||
|
||||
|
||||
# MORE INFO
|
||||
|
||||
### DOCUMENTATION
|
||||
There is quite a bit of documentation included with the package, including man
|
||||
pages, and lots of .html files with hints and useful info. This is also
|
||||
available from the web page. There is a growing collection of information under
|
||||
docs/.
|
||||
|
||||
A list of Samba documentation in languages other than English is available on
|
||||
the web page.
|
||||
|
||||
If you would like to help with the documentation, please coordinate on the
|
||||
samba@lists.samba.org mailing list. See the next section for details on
|
||||
subscribing to samba mailing lists.
|
||||
|
||||
### MAILING LIST
|
||||
Please do NOT send subscription/unsubscription requests to the lists!
|
||||
|
||||
There is a mailing list for discussion of Samba. For details go to [mailman](https://lists.samba.org)
|
||||
or send mail to <samba-subscribe@lists.samba.org>.
|
||||
|
||||
There is also an announcement mailing list where new versions are announced. To
|
||||
subscribe go to [mailman](http://lists.samba.org) or send mail to
|
||||
<samba-announce-subscribe@lists.samba.org>. All announcements also go to the
|
||||
samba list, so you only need to be on one.
|
||||
|
||||
For details of other Samba mailing lists and for access to archives, see
|
||||
[mailman](http://lists.samba.org)
|
||||
|
||||
### MAILING LIST ETIQUETTE
|
||||
|
||||
A few tips when submitting to this or any mailing list.
|
||||
- Make your subject short and descriptive. Avoid the words "help" or "Samba" in
|
||||
the subject. The readers of this list already know that a) you need help, and b)
|
||||
you are writing about samba (of course, you may need to distinguish between
|
||||
Samba PDC and other file sharing software). Avoid phrases such as "what is" and
|
||||
"how do i". Some good subject lines might look like "Slow response with Excel
|
||||
files" or "Migrating from Samba PDC to NT PDC".
|
||||
|
||||
- If you include the original message in your reply, trim it so that only the
|
||||
relevant lines, enough to establish context, are included. Chances are (since
|
||||
this is a mailing list) we've already read the original message.
|
||||
|
||||
- Trim irrelevant headers from the original message in your reply. All we need
|
||||
to see is a) From, b) Date, and c) Subject. We don't even really need the
|
||||
Subject, if you haven't changed it. Better yet is to just preface the original
|
||||
message with "On [date] [someone] wrote:".
|
||||
|
||||
- Please don't reply to or argue about spam, spam filters or viruses on any
|
||||
Samba lists. We do have a spam filtering system that is working quite well thank
|
||||
you very much but occasionally unwanted messages slip through. Deal with it.
|
||||
|
||||
- Never say "Me too." It doesn't help anyone solve the problem. Instead, if you
|
||||
ARE having the same problem, give more information. Have you seen something that
|
||||
the other writer hasn't mentioned, which may be helpful?
|
||||
|
||||
- If you ask about a problem, then come up with the solution on your own or
|
||||
through another source, by all means post it. Someone else may have the same
|
||||
problem and is waiting for an answer, but never hears of it.
|
||||
|
||||
- Give as much *relevant* information as possible such as Samba release number,
|
||||
OS, kernel version, etc...
|
||||
|
||||
- RTFM. Google.
|
||||
|
||||
### WEB SITE
|
||||
A Samba WWW [site](https://samba.org) has been setup with lots of useful info.
|
||||
|
||||
As well as general information and documentation, this also has searchable
|
||||
archives of the mailing list and a user survey that shows who else is using this
|
||||
package.
|
|
@ -0,0 +1,16 @@
|
|||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmWcCFAACgkQqplEL7aA
|
||||
tiDKSBAAuWA9jT6xCfFACIlme7DbEoUm/Bsbf+GM2Somd3pgajekiNxo7CsW9Xub
|
||||
Vmpj0Q5OKiri81XTqA8LlqMCBliqfw/rnP48kCH0YqXzjqD6aYuwmk0Q4G3wWBTJ
|
||||
2ZT/wOpbM3YooFfE9Iffz6uNgAiQ/8kpBt2m6Zzfy8n1ThfztyGAGaSmrUWxgUlq
|
||||
XjRjtgTw4isZBm+RzCFSGuPxvWvxRlfD5JCe2gc221rI3kbaQE2GSxdZ6D0635Ln
|
||||
iy64SLIAKkQCrrFFckudSCCLKgLNdIClEwzamhhCbmCxnWMDufzN+BQZhq3axQ+x
|
||||
svPfZqltVSQztr4nPGvKdebtVLL2Zyf/LtXWQP/s66quHlHFoEAC7MuD6tEMQVar
|
||||
JQUCN51Gs0Yk12iReQFm6/Uo35aPAlai1e2uOkNzS5FnagRObYt6FYeQripks4I8
|
||||
ZW5VvF4cE0zqdjrlG+Ttqmpbj7i6AUJj9wSbrEOFDUhTL+QPPOfJ05yr1BHmS6nJ
|
||||
vuuUs+ei/DnYEFS91P81h5NuOdpRHIBTG6LUOLz5KOoNdIgvzjD/Ugyscj4AFTBo
|
||||
+NTG9nNr6gkLV/6dxDRR2/sbU6P+FZBL+JVUoDR7XQ7oHG7sFV+/8Dtu8RivEw++
|
||||
1sNGqxvGkwu7JunMkJO5YZRwXi81v3nmHkWKgb0+52iYXgmdesY=
|
||||
=kOPP
|
||||
-----END PGP SIGNATURE-----
|
|
@ -147,7 +147,7 @@
|
|||
%define samba_requires_eq() %(LC_ALL="C" echo '%*' | xargs -r rpm -q --qf 'Requires: %%{name} = %%{epoch}:%%{version}\\n' | sed -e 's/ (none):/ /' -e 's/ 0:/ /' | grep -v "is not")
|
||||
|
||||
%global samba_version 4.19.4
|
||||
%global baserelease 4
|
||||
%global baserelease 3
|
||||
# This should be rc1 or %%nil
|
||||
%global pre_release %nil
|
||||
|
||||
|
@ -244,12 +244,6 @@ Source18: samba-winbind-systemd-sysusers.conf
|
|||
Source201: README.downgrade
|
||||
Source202: samba.abignore
|
||||
|
||||
# Backport bug fixes to https://gitlab.com/samba-redhat/samba/-/tree/v4-19-redhat
|
||||
# This will give us CI and makes it easy to generate patchsets.
|
||||
#
|
||||
# Generate the patchset using: git format-patch -l1 --stdout -N > samba-4.19-redhat.patch
|
||||
Patch0: samba-4.19-redhat.patch
|
||||
|
||||
Requires(pre): /usr/sbin/groupadd
|
||||
|
||||
Requires(pre): %{name}-common = %{samba_depver}
|
||||
|
@ -4479,12 +4473,6 @@ fi
|
|||
%endif
|
||||
|
||||
%changelog
|
||||
* Thu May 02 2024 Pavel Filipenský <pfilipen@redhat.com> - 4.19.4-4
|
||||
- related: RHEL-33813 - Undo wrong changes in rpminspect.yaml
|
||||
|
||||
* Thu May 02 2024 Pavel Filipenský <pfilipen@redhat.com> - 4.19.4-4
|
||||
- resolves: RHEL-33813 - Add option to request only POSIX groups from AD in idmap_ad
|
||||
|
||||
* Thu Jan 18 2024 Pavel Filipenský <pfilipen@redhat.com> - 4.19.4-3
|
||||
- resolves: RHEL-19753 - Fix smbget interactive authentication
|
||||
|
|
@ -1,8 +0,0 @@
|
|||
# recipients: sssd-qe, asn, pfilipen, ftrivino
|
||||
--- !Policy
|
||||
product_versions:
|
||||
- rhel-8
|
||||
decision_context: osci_compose_gate
|
||||
rules:
|
||||
- !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}
|
||||
- !PassingTestCaseRule {test_case_name: idm-ci.brew-build.tier1.functional}
|
|
@ -1,24 +0,0 @@
|
|||
---
|
||||
badfuncs:
|
||||
ignore:
|
||||
- /usr/bin/nmblookup
|
||||
- /usr/bin/smbtorture
|
||||
- /usr/lib*/libndr.so.*
|
||||
- /usr/lib*/libsmbconf.so.*
|
||||
- /usr/lib*/samba/libgse-samba4.so
|
||||
- /usr/lib*/samba/libsamba-sockets-samba4.so
|
||||
- /usr/lib*/samba/service/nbtd.so
|
||||
- /usr/libexec/ctdb/smnotify
|
||||
- /usr/sbin/nmbd
|
||||
|
||||
runpath:
|
||||
allowed_paths:
|
||||
- /usr/lib/samba
|
||||
- /usr/lib64/samba
|
||||
|
||||
abidiff:
|
||||
suppression_file: samba.abignore
|
||||
|
||||
debuginfo:
|
||||
ignore:
|
||||
- /usr/lib*/libdcerpc-samr.so.*
|
File diff suppressed because it is too large
Load Diff
|
@ -1,106 +0,0 @@
|
|||
From 21d8c1b2dabf8dd5a65de14816c6701e9c81de44 Mon Sep 17 00:00:00 2001
|
||||
From: Andreas Schneider <asn@samba.org>
|
||||
Date: Tue, 5 Dec 2023 15:46:48 +0100
|
||||
Subject: [PATCH 1/2] s3:tests: Add smbget test for
|
||||
smb://DOAMIN;user%password@server/share/file
|
||||
|
||||
This is supported according to the smbget manpage!
|
||||
|
||||
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15525
|
||||
|
||||
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
||||
(cherry picked from commit e5fe856e76eba26e3b85a391bcea02dfe045c26e)
|
||||
---
|
||||
source3/script/tests/test_smbget.sh | 20 ++++++++++++++++++++
|
||||
1 file changed, 20 insertions(+)
|
||||
|
||||
diff --git a/source3/script/tests/test_smbget.sh b/source3/script/tests/test_smbget.sh
|
||||
index 46c1f4a68a5..bdc62a71eff 100755
|
||||
--- a/source3/script/tests/test_smbget.sh
|
||||
+++ b/source3/script/tests/test_smbget.sh
|
||||
@@ -145,6 +145,22 @@ test_singlefile_smburl()
|
||||
return 0
|
||||
}
|
||||
|
||||
+test_singlefile_smburl2()
|
||||
+{
|
||||
+ clear_download_area
|
||||
+ $SMBGET "smb://$DOMAIN;$USERNAME:$PASSWORD@$SERVER_IP/smbget/testfile"
|
||||
+ if [ $? -ne 0 ]; then
|
||||
+ echo 'ERROR: RC does not match, expected: 0'
|
||||
+ return 1
|
||||
+ fi
|
||||
+ cmp --silent $WORKDIR/testfile ./testfile
|
||||
+ if [ $? -ne 0 ]; then
|
||||
+ echo 'ERROR: file content does not match'
|
||||
+ return 1
|
||||
+ fi
|
||||
+ return 0
|
||||
+}
|
||||
+
|
||||
test_singlefile_authfile()
|
||||
{
|
||||
clear_download_area
|
||||
@@ -499,6 +515,10 @@ testit "download single file with --update and UPN" test_singlefile_U_UPN ||
|
||||
testit "download single file with smb URL" test_singlefile_smburl ||
|
||||
failed=$(expr $failed + 1)
|
||||
|
||||
+testit "download single file with smb URL including domain" \
|
||||
+ test_singlefile_smburl2 ||
|
||||
+ failed=$(expr $failed + 1)
|
||||
+
|
||||
testit "download single file with authfile" test_singlefile_authfile ||
|
||||
failed=$(expr $failed + 1)
|
||||
|
||||
--
|
||||
2.43.0
|
||||
|
||||
|
||||
From e19fa9d75ee70ec23e70f166ee70241c116f7bf5 Mon Sep 17 00:00:00 2001
|
||||
From: Andreas Schneider <asn@samba.org>
|
||||
Date: Wed, 6 Dec 2023 08:48:34 +0100
|
||||
Subject: [PATCH 2/2] s3:utils: Fix setting the debug level
|
||||
|
||||
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15525
|
||||
|
||||
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
||||
(cherry picked from commit 763b2efe69dc74e1c0cd954607031012f832486d)
|
||||
---
|
||||
source3/utils/smbget.c | 6 +++++-
|
||||
1 file changed, 5 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/source3/utils/smbget.c b/source3/utils/smbget.c
|
||||
index 5c99dcf918a..8d98ba24602 100644
|
||||
--- a/source3/utils/smbget.c
|
||||
+++ b/source3/utils/smbget.c
|
||||
@@ -849,6 +849,7 @@ int main(int argc, char **argv)
|
||||
uint32_t gensec_features;
|
||||
bool use_wbccache = false;
|
||||
SMBCCTX *smb_ctx = NULL;
|
||||
+ int dbg_lvl = -1;
|
||||
int rc;
|
||||
|
||||
smb_init_locale();
|
||||
@@ -922,13 +923,16 @@ int main(int argc, char **argv)
|
||||
|
||||
samba_cmdline_burn(argc, argv);
|
||||
|
||||
+ /* smbc_new_context() will set the log level to 0 */
|
||||
+ dbg_lvl = debuglevel_get();
|
||||
+
|
||||
smb_ctx = smbc_new_context();
|
||||
if (smb_ctx == NULL) {
|
||||
fprintf(stderr, "Unable to initialize libsmbclient\n");
|
||||
ok = false;
|
||||
goto done;
|
||||
}
|
||||
- smbc_setDebug(smb_ctx, debuglevel_get());
|
||||
+ smbc_setDebug(smb_ctx, dbg_lvl);
|
||||
|
||||
rc = smbc_setConfiguration(smb_ctx, lp_default_path());
|
||||
if (rc < 0) {
|
||||
--
|
||||
2.43.0
|
||||
|
File diff suppressed because it is too large
Load Diff
Binary file not shown.
2
sources
2
sources
|
@ -1,2 +0,0 @@
|
|||
SHA512 (samba-4.19.4.tar.asc) = 11bc51407d1464339817d7568f5d5bb059c19a05b49c6a1307d7425d289acb617ecd3e633e3736bdaa94947a7b3630d6cdb7ed6fe59d52556234c549eca8172a
|
||||
SHA512 (samba-4.19.4.tar.xz) = 3d2899e4a3b8bcb77befc29c4af66d3ac858b7f7a0dbbb66a8bc210cd88d9cde3e11361334a5cce650318473134ec8b134148bfa4af4d51f555de33eff395029
|
|
@ -1,62 +0,0 @@
|
|||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Makefile of gating test "testparm"
|
||||
# Description: Basic config check for samba
|
||||
# Author: Andrej Dzilsky <adzilsky@redhat.com>
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Copyright (c) 2019 Red Hat, Inc.
|
||||
#
|
||||
# This program is free software: you can redistribute it and/or
|
||||
# modify it under the terms of the GNU General Public License as
|
||||
# published by the Free Software Foundation, either version 2 of
|
||||
# the License, or (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be
|
||||
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||
# PURPOSE. See the GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program. If not, see http://www.gnu.org/licenses/.
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
export TEST=testparm
|
||||
export TESTVERSION=1.0
|
||||
|
||||
BUILT_FILES=
|
||||
|
||||
FILES=$(METADATA) runtest.sh Makefile
|
||||
|
||||
.PHONY: all install download clean
|
||||
|
||||
run: $(FILES) build
|
||||
./runtest.sh
|
||||
|
||||
build: $(BUILT_FILES)
|
||||
test -x runtest.sh || chmod a+x runtest.sh
|
||||
|
||||
clean:
|
||||
rm -f *~ $(BUILT_FILES)
|
||||
|
||||
|
||||
include /usr/share/rhts/lib/rhts-make.include
|
||||
|
||||
$(METADATA): Makefile
|
||||
@echo "Owner: Andrej Dzilsky <adzilsky@redhat.com>" > $(METADATA)
|
||||
@echo "Name: $(TEST)" >> $(METADATA)
|
||||
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
|
||||
@echo "Path: $(TEST_DIR)" >> $(METADATA)
|
||||
@echo "Description: Basic samba config check" >> $(METADATA)
|
||||
@echo "Type: Regression" >> $(METADATA)
|
||||
@echo "TestTime: 5m" >> $(METADATA)
|
||||
@echo "RunFor: samba" >> $(METADATA)
|
||||
@echo "Priority: Normal" >> $(METADATA)
|
||||
@echo "License: GPLv2+" >> $(METADATA)
|
||||
@echo "Confidential: no" >> $(METADATA)
|
||||
@echo "Destructive: no" >> $(METADATA)
|
||||
@echo "Bug: 1653890" >> $(METADATA)
|
||||
|
||||
rhts-lint $(METADATA)
|
|
@ -1,43 +0,0 @@
|
|||
#!/bin/bash
|
||||
# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# runtest.sh of gating test "testparm"
|
||||
# Description: Basic samba config check
|
||||
# Author: Andrej Dzilsky <adzilsky@redhat.com>
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Copyright (c) 2019 Red Hat, Inc.
|
||||
#
|
||||
# This program is free software: you can redistribute it and/or
|
||||
# modify it under the terms of the GNU General Public License as
|
||||
# published by the Free Software Foundation, either version 2 of
|
||||
# the License, or (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be
|
||||
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||
# PURPOSE. See the GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program. If not, see http://www.gnu.org/licenses/.
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
# Include Beaker environment
|
||||
. /usr/bin/rhts-environment.sh || exit 1
|
||||
. /usr/share/beakerlib/beakerlib.sh || exit 1
|
||||
|
||||
# From Andreas Schneider <asn@redhat.com>:
|
||||
# This is a basic test which makes sure the samba is installed and the default
|
||||
# smb.conf is available.
|
||||
|
||||
rlJournalStart
|
||||
|
||||
rlPhaseStartTest
|
||||
rlRun "testparm -v -s" 0 "testparm ends with expected output"
|
||||
rlPhaseEnd
|
||||
|
||||
rlJournalPrintText
|
||||
rlJournalEnd
|
|
@ -1,13 +0,0 @@
|
|||
---
|
||||
# This first play always runs on the local staging system
|
||||
- hosts: localhost
|
||||
roles:
|
||||
- role: standard-test-beakerlib
|
||||
tags:
|
||||
- classic
|
||||
tests:
|
||||
- testparm
|
||||
required_packages:
|
||||
- samba
|
||||
- samba-client
|
||||
- samba-common
|
|
@ -1,325 +0,0 @@
|
|||
From 322597e5e243264d56ede73e579b4bf767bca5be Mon Sep 17 00:00:00 2001
|
||||
From: Andreas Schneider <asn@samba.org>
|
||||
Date: Mon, 4 Sep 2023 16:29:46 +0200
|
||||
Subject: [PATCH 1/3] selftest: Show that 'allow trusted domains = no'
|
||||
firewalls Unix User|Group
|
||||
|
||||
UNEXPECTED(failure): samba3.blackbox.smbclient_auth.plain.local_creds.smbclient //LOCALSHARE4/forceuser_unixonly as user(simpleserver)
|
||||
REASON: Exception: Exception: tree connect failed: NT_STATUS_AUTHENTICATION_FIREWALL_FAILED
|
||||
|
||||
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15469
|
||||
|
||||
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||
Reviewed-by: Ralph Boehme <slow@samba.org>
|
||||
(cherry picked from commit ad0c0dd071401d98f0b7f595efbdf5312a165ab4)
|
||||
---
|
||||
selftest/knownfail.d/forceuser_trusteddomains | 2 ++
|
||||
selftest/target/Samba3.pm | 1 +
|
||||
2 files changed, 3 insertions(+)
|
||||
create mode 100644 selftest/knownfail.d/forceuser_trusteddomains
|
||||
|
||||
diff --git a/selftest/knownfail.d/forceuser_trusteddomains b/selftest/knownfail.d/forceuser_trusteddomains
|
||||
new file mode 100644
|
||||
index 00000000000..b515400cd90
|
||||
--- /dev/null
|
||||
+++ b/selftest/knownfail.d/forceuser_trusteddomains
|
||||
@@ -0,0 +1,2 @@
|
||||
+samba3.blackbox.smbclient_auth.plain.local_creds.smbclient...LOCALSHARE4.forceuser_unixonly.as.user.simpleserver
|
||||
+samba3.blackbox.smbclient_auth.plain.local_creds.smbclient...LOCALSHARE4.forceuser_wkngroup.as.user.simpleserver
|
||||
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
|
||||
index 39831afc599..85e69e4b72d 100755
|
||||
--- a/selftest/target/Samba3.pm
|
||||
+++ b/selftest/target/Samba3.pm
|
||||
@@ -1689,6 +1689,7 @@ sub setup_simpleserver
|
||||
vfs objects = xattr_tdb streams_depot
|
||||
change notify = no
|
||||
server smb encrypt = off
|
||||
+ allow trusted domains = no
|
||||
|
||||
[vfs_aio_pthread]
|
||||
path = $prefix_abs/share
|
||||
--
|
||||
2.43.0
|
||||
|
||||
|
||||
From 13775d470f26b8f85d7c7b539276237dc94d54c9 Mon Sep 17 00:00:00 2001
|
||||
From: Andreas Schneider <asn@samba.org>
|
||||
Date: Fri, 8 Sep 2023 12:50:32 +0200
|
||||
Subject: [PATCH 2/3] s3:auth: Remove trailing white spaces from auth_util.c
|
||||
|
||||
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||
Reviewed-by: Ralph Boehme <slow@samba.org>
|
||||
(cherry picked from commit 8f496161463f110e494201303b96dd14ab3774cd)
|
||||
---
|
||||
source3/auth/auth_util.c | 64 ++++++++++++++++++++--------------------
|
||||
1 file changed, 32 insertions(+), 32 deletions(-)
|
||||
|
||||
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
|
||||
index 293523f4272..e5863d2272b 100644
|
||||
--- a/source3/auth/auth_util.c
|
||||
+++ b/source3/auth/auth_util.c
|
||||
@@ -144,14 +144,14 @@ NTSTATUS make_user_info_map(TALLOC_CTX *mem_ctx,
|
||||
}
|
||||
|
||||
/****************************************************************************
|
||||
- Create an auth_usersupplied_data, making the DATA_BLOBs here.
|
||||
+ Create an auth_usersupplied_data, making the DATA_BLOBs here.
|
||||
Decrypt and encrypt the passwords.
|
||||
****************************************************************************/
|
||||
|
||||
bool make_user_info_netlogon_network(TALLOC_CTX *mem_ctx,
|
||||
struct auth_usersupplied_info **user_info,
|
||||
- const char *smb_name,
|
||||
- const char *client_domain,
|
||||
+ const char *smb_name,
|
||||
+ const char *client_domain,
|
||||
const char *workstation_name,
|
||||
const struct tsocket_address *remote_address,
|
||||
const struct tsocket_address *local_address,
|
||||
@@ -167,12 +167,12 @@ bool make_user_info_netlogon_network(TALLOC_CTX *mem_ctx,
|
||||
DATA_BLOB nt_blob = data_blob(nt_network_pwd, nt_pwd_len);
|
||||
|
||||
status = make_user_info_map(mem_ctx, user_info,
|
||||
- smb_name, client_domain,
|
||||
+ smb_name, client_domain,
|
||||
workstation_name,
|
||||
remote_address,
|
||||
local_address,
|
||||
"SamLogon",
|
||||
- lm_pwd_len ? &lm_blob : NULL,
|
||||
+ lm_pwd_len ? &lm_blob : NULL,
|
||||
nt_pwd_len ? &nt_blob : NULL,
|
||||
NULL, NULL, NULL,
|
||||
AUTH_PASSWORD_RESPONSE);
|
||||
@@ -188,20 +188,20 @@ bool make_user_info_netlogon_network(TALLOC_CTX *mem_ctx,
|
||||
}
|
||||
|
||||
/****************************************************************************
|
||||
- Create an auth_usersupplied_data, making the DATA_BLOBs here.
|
||||
+ Create an auth_usersupplied_data, making the DATA_BLOBs here.
|
||||
Decrypt and encrypt the passwords.
|
||||
****************************************************************************/
|
||||
|
||||
bool make_user_info_netlogon_interactive(TALLOC_CTX *mem_ctx,
|
||||
struct auth_usersupplied_info **user_info,
|
||||
- const char *smb_name,
|
||||
- const char *client_domain,
|
||||
+ const char *smb_name,
|
||||
+ const char *client_domain,
|
||||
const char *workstation_name,
|
||||
const struct tsocket_address *remote_address,
|
||||
const struct tsocket_address *local_address,
|
||||
uint32_t logon_parameters,
|
||||
- const uchar chal[8],
|
||||
- const uchar lm_interactive_pwd[16],
|
||||
+ const uchar chal[8],
|
||||
+ const uchar lm_interactive_pwd[16],
|
||||
const uchar nt_interactive_pwd[16])
|
||||
{
|
||||
struct samr_Password lm_pwd;
|
||||
@@ -250,7 +250,7 @@ bool make_user_info_netlogon_interactive(TALLOC_CTX *mem_ctx,
|
||||
|
||||
nt_status = make_user_info_map(
|
||||
mem_ctx,
|
||||
- user_info,
|
||||
+ user_info,
|
||||
smb_name, client_domain, workstation_name,
|
||||
remote_address,
|
||||
local_address,
|
||||
@@ -280,7 +280,7 @@ bool make_user_info_netlogon_interactive(TALLOC_CTX *mem_ctx,
|
||||
|
||||
bool make_user_info_for_reply(TALLOC_CTX *mem_ctx,
|
||||
struct auth_usersupplied_info **user_info,
|
||||
- const char *smb_name,
|
||||
+ const char *smb_name,
|
||||
const char *client_domain,
|
||||
const struct tsocket_address *remote_address,
|
||||
const struct tsocket_address *local_address,
|
||||
@@ -315,10 +315,10 @@ bool make_user_info_for_reply(TALLOC_CTX *mem_ctx,
|
||||
|
||||
/* We can't do an NT hash here, as the password needs to be
|
||||
case insensitive */
|
||||
- local_nt_blob = data_blob_null;
|
||||
+ local_nt_blob = data_blob_null;
|
||||
} else {
|
||||
- local_lm_blob = data_blob_null;
|
||||
- local_nt_blob = data_blob_null;
|
||||
+ local_lm_blob = data_blob_null;
|
||||
+ local_nt_blob = data_blob_null;
|
||||
}
|
||||
|
||||
plaintext_password_string = talloc_strndup(talloc_tos(),
|
||||
@@ -329,7 +329,7 @@ bool make_user_info_for_reply(TALLOC_CTX *mem_ctx,
|
||||
}
|
||||
|
||||
ret = make_user_info(mem_ctx,
|
||||
- user_info, smb_name, smb_name, client_domain, client_domain,
|
||||
+ user_info, smb_name, smb_name, client_domain, client_domain,
|
||||
get_remote_machine_name(),
|
||||
remote_address,
|
||||
local_address,
|
||||
@@ -403,14 +403,14 @@ bool make_user_info_guest(TALLOC_CTX *mem_ctx,
|
||||
|
||||
nt_status = make_user_info(mem_ctx,
|
||||
user_info,
|
||||
- "","",
|
||||
- "","",
|
||||
- "",
|
||||
+ "","",
|
||||
+ "","",
|
||||
+ "",
|
||||
remote_address,
|
||||
local_address,
|
||||
service_description,
|
||||
- NULL, NULL,
|
||||
- NULL, NULL,
|
||||
+ NULL, NULL,
|
||||
+ NULL, NULL,
|
||||
NULL,
|
||||
AUTH_PASSWORD_RESPONSE);
|
||||
|
||||
@@ -1258,7 +1258,7 @@ done:
|
||||
}
|
||||
|
||||
session_info->unique_session_token = GUID_random();
|
||||
-
|
||||
+
|
||||
*session_info_out = talloc_move(mem_ctx, &session_info);
|
||||
TALLOC_FREE(frame);
|
||||
return NT_STATUS_OK;
|
||||
@@ -1954,9 +1954,9 @@ static NTSTATUS check_account(TALLOC_CTX *mem_ctx, const char *domain,
|
||||
*pwd = passwd;
|
||||
|
||||
/* This is pointless -- there is no support for differing
|
||||
- unix and windows names. Make sure to always store the
|
||||
+ unix and windows names. Make sure to always store the
|
||||
one we actually looked up and succeeded. Have I mentioned
|
||||
- why I hate the 'winbind use default domain' parameter?
|
||||
+ why I hate the 'winbind use default domain' parameter?
|
||||
--jerry */
|
||||
|
||||
*found_username = talloc_strdup( mem_ctx, real_username );
|
||||
@@ -1965,8 +1965,8 @@ static NTSTATUS check_account(TALLOC_CTX *mem_ctx, const char *domain,
|
||||
}
|
||||
|
||||
/****************************************************************************
|
||||
- Wrapper to allow the getpwnam() call to strip the domain name and
|
||||
- try again in case a local UNIX user is already there. Also run through
|
||||
+ Wrapper to allow the getpwnam() call to strip the domain name and
|
||||
+ try again in case a local UNIX user is already there. Also run through
|
||||
the username if we fallback to the username only.
|
||||
****************************************************************************/
|
||||
|
||||
@@ -1977,11 +1977,11 @@ struct passwd *smb_getpwnam( TALLOC_CTX *mem_ctx, const char *domuser,
|
||||
char *p = NULL;
|
||||
const char *username = NULL;
|
||||
|
||||
- /* we only save a copy of the username it has been mangled
|
||||
+ /* we only save a copy of the username it has been mangled
|
||||
by winbindd use default domain */
|
||||
*p_save_username = NULL;
|
||||
|
||||
- /* don't call map_username() here since it has to be done higher
|
||||
+ /* don't call map_username() here since it has to be done higher
|
||||
up the stack so we don't call it multiple times */
|
||||
|
||||
username = talloc_strdup(mem_ctx, domuser);
|
||||
@@ -2068,10 +2068,10 @@ username_only:
|
||||
}
|
||||
|
||||
/***************************************************************************
|
||||
- Make a server_info struct from the info3 returned by a domain logon
|
||||
+ Make a server_info struct from the info3 returned by a domain logon
|
||||
***************************************************************************/
|
||||
|
||||
-NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
|
||||
+NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
|
||||
const char *sent_nt_username,
|
||||
const char *domain,
|
||||
struct auth_serversupplied_info **server_info,
|
||||
@@ -2089,9 +2089,9 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
|
||||
struct dom_sid sid;
|
||||
TALLOC_CTX *tmp_ctx = talloc_stackframe();
|
||||
|
||||
- /*
|
||||
+ /*
|
||||
Here is where we should check the list of
|
||||
- trusted domains, and verify that the SID
|
||||
+ trusted domains, and verify that the SID
|
||||
matches.
|
||||
*/
|
||||
|
||||
--
|
||||
2.43.0
|
||||
|
||||
|
||||
From a83c51913963bbabd5c4fdd00ba2fc69df2b6ca6 Mon Sep 17 00:00:00 2001
|
||||
From: Andreas Schneider <asn@samba.org>
|
||||
Date: Thu, 30 Nov 2023 10:54:07 +0100
|
||||
Subject: [PATCH 3/3] s3:auth: Allow 'Unix Users' and 'Unix Groups' to create a
|
||||
local token
|
||||
|
||||
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15469
|
||||
|
||||
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||
Reviewed-by: Ralph Boehme <slow@samba.org>
|
||||
(cherry picked from commit 00034d022896f879bf91bb78eb9e2972162c99ce)
|
||||
---
|
||||
selftest/knownfail.d/forceuser_trusteddomains | 2 --
|
||||
source3/auth/auth_util.c | 17 ++++++++++++++++-
|
||||
2 files changed, 16 insertions(+), 3 deletions(-)
|
||||
delete mode 100644 selftest/knownfail.d/forceuser_trusteddomains
|
||||
|
||||
diff --git a/selftest/knownfail.d/forceuser_trusteddomains b/selftest/knownfail.d/forceuser_trusteddomains
|
||||
deleted file mode 100644
|
||||
index b515400cd90..00000000000
|
||||
--- a/selftest/knownfail.d/forceuser_trusteddomains
|
||||
+++ /dev/null
|
||||
@@ -1,2 +0,0 @@
|
||||
-samba3.blackbox.smbclient_auth.plain.local_creds.smbclient...LOCALSHARE4.forceuser_unixonly.as.user.simpleserver
|
||||
-samba3.blackbox.smbclient_auth.plain.local_creds.smbclient...LOCALSHARE4.forceuser_wkngroup.as.user.simpleserver
|
||||
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
|
||||
index e5863d2272b..2a35fea5061 100644
|
||||
--- a/source3/auth/auth_util.c
|
||||
+++ b/source3/auth/auth_util.c
|
||||
@@ -21,6 +21,7 @@
|
||||
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
+#include "dom_sid.h"
|
||||
#include "includes.h"
|
||||
#include "auth.h"
|
||||
#include "lib/util_unixsids.h"
|
||||
@@ -478,6 +479,7 @@ NTSTATUS create_local_token(TALLOC_CTX *mem_ctx,
|
||||
struct dom_sid tmp_sid;
|
||||
struct auth_session_info *session_info = NULL;
|
||||
struct unixid *ids;
|
||||
+ bool is_allowed = false;
|
||||
|
||||
/* Ensure we can't possible take a code path leading to a
|
||||
* null deref. */
|
||||
@@ -485,7 +487,20 @@ NTSTATUS create_local_token(TALLOC_CTX *mem_ctx,
|
||||
return NT_STATUS_LOGON_FAILURE;
|
||||
}
|
||||
|
||||
- if (!is_allowed_domain(server_info->info3->base.logon_domain.string)) {
|
||||
+ if (is_allowed_domain(server_info->info3->base.logon_domain.string)) {
|
||||
+ is_allowed = true;
|
||||
+ }
|
||||
+
|
||||
+ /* Check if we have extra info about the user. */
|
||||
+ if (dom_sid_in_domain(&global_sid_Unix_Users,
|
||||
+ &server_info->extra.user_sid) ||
|
||||
+ dom_sid_in_domain(&global_sid_Unix_Groups,
|
||||
+ &server_info->extra.pgid_sid))
|
||||
+ {
|
||||
+ is_allowed = true;
|
||||
+ }
|
||||
+
|
||||
+ if (!is_allowed) {
|
||||
DBG_NOTICE("Authentication failed for user [%s] "
|
||||
"from firewalled domain [%s]\n",
|
||||
server_info->info3->base.account_name.string,
|
||||
--
|
||||
2.43.0
|
||||
|
Loading…
Reference in New Issue