Compare commits
No commits in common. "c9s" and "c8" have entirely different histories.
295
.gitignore
vendored
295
.gitignore
vendored
@ -1,293 +1,2 @@
|
||||
samba-3.5.4.tar.gz
|
||||
samba-3.6.0pre1.tar.gz
|
||||
/samba-3.6.0pre2.tar.gz
|
||||
/samba-3.6.0pre3.tar.gz
|
||||
/samba-3.6.0rc1.tar.gz
|
||||
/samba-3.6.0rc2.tar.gz
|
||||
/samba-3.6.0rc3.tar.gz
|
||||
/samba-3.6.0.tar.gz
|
||||
/samba-3.6.1.tar.gz
|
||||
/samba-3.6.3.tar.gz
|
||||
/samba-3.6.4.tar.gz
|
||||
/samba-3.6.5.tar.gz
|
||||
/samba-3.6.6.tar.gz
|
||||
/samba-3.6.7.tar.gz
|
||||
/samba-4.0.0rc1.tar.bz2
|
||||
/samba-4.0.0rc2.tar.bz2
|
||||
/samba-4.0.0rc3.tar.bz2
|
||||
/samba-4.0.0rc4.tar.bz2
|
||||
/samba-4.0.0rc5.tar.bz2
|
||||
/samba-4.0.0rc6.tar.bz2
|
||||
/samba-4.0.0.tar.bz2
|
||||
/samba-4.0.1.tar.bz2
|
||||
/samba-4.0.2.tar.bz2
|
||||
/samba-4.0.3.tar.bz2
|
||||
/samba-4.0.4.tar.bz2
|
||||
/samba-4.0.5.tar.bz2
|
||||
/samba-4.0.6.tar.bz2
|
||||
/samba-4.0.7.tar.xz
|
||||
/samba-4.1.0rc1.tar.xz
|
||||
/samba-4.1.0rc2.tar.xz
|
||||
/samba-4.1.0rc3.tar.xz
|
||||
/samba-4.1.0rc4.tar.xz
|
||||
/samba-4.1.0.tar.xz
|
||||
/samba-4.1.1.tar.xz
|
||||
/samba-4.1.2.tar.xz
|
||||
/samba-4.1.3.tar.xz
|
||||
/samba-4.1.4.tar.xz
|
||||
/samba-4.1.5.tar.xz
|
||||
/samba-4.1.6.tar.xz
|
||||
/samba-4.1.8.tar.xz
|
||||
/samba-4.1.9.tar.xz
|
||||
/samba-4.1.11.tar.gz
|
||||
/samba-4.1.11.tar.xz
|
||||
/samba-4.1.12.tar.xz
|
||||
/samba-4.2.0rc2.tar.xz
|
||||
/samba-4.2.0rc3.tar.xz
|
||||
/samba-4.2.0rc4.tar.xz
|
||||
/samba-4.2.0rc5.tar.xz
|
||||
/samba-4.2.0.tar.xz
|
||||
/samba-4.2.1.tar.xz
|
||||
/samba-4.2.2.tar.xz
|
||||
/samba-4.2.3.tar.xz
|
||||
/samba-4.3.0rc3.tar.xz
|
||||
/samba-4.3.0rc4.tar.xz
|
||||
/samba-4.3.0.tar.xz
|
||||
/samba-4.3.1.tar.xz
|
||||
/samba-4.3.2.tar.xz
|
||||
/samba-4.3.3.tar.xz
|
||||
/samba-4.3.4.tar.xz
|
||||
/samba-4.4.0rc1.tar.xz
|
||||
/samba-4.4.0rc2.tar.xz
|
||||
/samba-4.4.0rc3.tar.xz
|
||||
/samba-4.4.0rc4.tar.xz
|
||||
/samba-4.4.0rc5.tar.xz
|
||||
/samba-4.4.0.tar.xz
|
||||
/samba-4.4.2.tar.xz
|
||||
/samba-4.4.3.tar.xz
|
||||
/samba-4.4.4.tar.xz
|
||||
/samba-4.4.5.tar.xz
|
||||
/samba-4.5.0rc1.tar.xz
|
||||
/samba-4.5.0rc2.tar.xz
|
||||
/samba-4.5.0rc3.tar.xz
|
||||
/samba-4.5.0.tar.xz
|
||||
/samba-4.5.1.tar.xz
|
||||
/samba-4.5.2.tar.xz
|
||||
/samba-4.5.3.tar.xz
|
||||
/samba-4.6.0rc1.tar.xz
|
||||
/samba-4.6.0rc2.tar.xz
|
||||
/samba-4.6.0rc2.tar.asc
|
||||
/samba-4.6.0rc3.tar.asc
|
||||
/samba-4.6.0rc3.tar.xz
|
||||
/samba-4.6.0rc4.tar.xz
|
||||
/samba-4.6.0rc4.tar.asc
|
||||
/samba-4.6.0.tar.asc
|
||||
/samba-4.6.0.tar.xz
|
||||
/samba-4.6.1.tar.xz
|
||||
/samba-4.6.1.tar.asc
|
||||
/samba-4.6.2.tar.xz
|
||||
/samba-4.6.2.tar.asc
|
||||
/samba-4.6.3.tar.xz
|
||||
/samba-4.6.3.tar.asc
|
||||
/samba-4.6.4.tar.xz
|
||||
/samba-4.6.4.tar.asc
|
||||
/samba-4.6.5.tar.xz
|
||||
/samba-4.6.5.tar.asc
|
||||
/samba-4.7.0rc1.tar.xz
|
||||
/samba-4.7.0rc1.tar.asc
|
||||
/samba-4.7.0rc3.tar.xz
|
||||
/samba-4.7.0rc3.tar.asc
|
||||
/samba-4.7.0rc5.tar.xz
|
||||
/samba-4.7.0rc5.tar.asc
|
||||
/samba-4.7.0rc6.tar.xz
|
||||
/samba-4.7.0rc6.tar.asc
|
||||
/samba-4.7.0.tar.xz
|
||||
/samba-4.7.0.tar.asc
|
||||
/samba-4.7.1.tar.xz
|
||||
/samba-4.7.1.tar.asc
|
||||
/samba-4.7.2.tar.xz
|
||||
/samba-4.7.2.tar.asc
|
||||
/samba-4.7.3.tar.xz
|
||||
/samba-4.7.3.tar.asc
|
||||
/samba-4.7.4.tar.xz
|
||||
/samba-4.7.4.tar.asc
|
||||
/samba-4.8.0rc1.tar.xz
|
||||
/samba-4.8.0rc1.tar.asc
|
||||
/samba-4.8.0rc2.tar.xz
|
||||
/samba-4.8.0rc2.tar.asc
|
||||
/samba-4.8.0rc3.tar.xz
|
||||
/samba-4.8.0rc3.tar.asc
|
||||
/samba-4.8.0rc4.tar.xz
|
||||
/samba-4.8.0rc4.tar.asc
|
||||
/samba-4.8.0.tar.xz
|
||||
/samba-4.8.0.tar.asc
|
||||
/samba-4.8.1.tar.xz
|
||||
/samba-4.8.1.tar.asc
|
||||
/samba-4.8.2.tar.xz
|
||||
/samba-4.8.2.tar.asc
|
||||
/samba-4.8.3.tar.asc
|
||||
/samba-4.8.3.tar.xz
|
||||
/samba-4.9.0rc1.tar.xz
|
||||
/samba-4.9.0rc1.tar.asc
|
||||
/samba-4.9.0rc2.tar.xz
|
||||
/samba-4.9.0rc2.tar.asc
|
||||
/samba-4.9.0rc3.tar.xz
|
||||
/samba-4.9.0rc3.tar.asc
|
||||
/samba-4.9.0rc4.tar.xz
|
||||
/samba-4.9.0rc4.tar.asc
|
||||
/samba-4.9.0rc5.tar.asc
|
||||
/samba-4.9.0rc5.tar.xz
|
||||
/samba-4.9.0.tar.xz
|
||||
/samba-4.9.0.tar.asc
|
||||
/samba-4.9.1.tar.asc
|
||||
/samba-4.9.1.tar.xz
|
||||
/samba-4.9.2.tar.xz
|
||||
/samba-4.9.2.tar.asc
|
||||
/samba-4.9.3.tar.xz
|
||||
/samba-4.9.3.tar.asc
|
||||
/samba-4.9.4.tar.xz
|
||||
/samba-4.9.4.tar.asc
|
||||
/samba-4.10.0rc1.tar.xz
|
||||
/samba-4.10.0rc1.tar.asc
|
||||
/samba-4.10.0rc2.tar.xz
|
||||
/samba-4.10.0rc2.tar.asc
|
||||
/samba-4.10.0rc3.tar.xz
|
||||
/samba-4.10.0rc3.tar.asc
|
||||
/samba-4.10.0rc4.tar.xz
|
||||
/samba-4.10.0rc4.tar.asc
|
||||
/samba-4.10.0.tar.xz
|
||||
/samba-4.10.0.tar.asc
|
||||
/samba-4.10.1.tar.xz
|
||||
/samba-4.10.1.tar.asc
|
||||
/samba-4.10.2.tar.xz
|
||||
/samba-4.10.2.tar.asc
|
||||
/samba-4.10.3.tar.xz
|
||||
/samba-4.10.3.tar.asc
|
||||
/samba-4.10.4.tar.xz
|
||||
/samba-4.10.4.tar.asc
|
||||
/samba-4.10.5.tar.xz
|
||||
/samba-4.10.5.tar.asc
|
||||
/samba-4.10.6.tar.xz
|
||||
/samba-4.10.6.tar.asc
|
||||
/samba-4.11.0rc1.tar.xz
|
||||
/samba-4.11.0rc1.tar.asc
|
||||
/samba-4.11.0rc2.tar.xz
|
||||
/samba-4.11.0rc2.tar.asc
|
||||
/samba-4.11.0rc3.tar.xz
|
||||
/samba-4.11.0rc3.tar.asc
|
||||
/samba-4.11.0rc4.tar.xz
|
||||
/samba-4.11.0rc4.tar.asc
|
||||
/samba-4.11.0.tar.xz
|
||||
/samba-4.11.0.tar.asc
|
||||
/samba-4.11.1.tar.xz
|
||||
/samba-4.11.1.tar.asc
|
||||
/samba-4.11.2.tar.xz
|
||||
/samba-4.11.2.tar.asc
|
||||
/samba-4.11.3.tar.xz
|
||||
/samba-4.11.3.tar.asc
|
||||
/samba-4.11.4.tar.xz
|
||||
/samba-4.11.4.tar.asc
|
||||
/samba-4.11.5.tar.xz
|
||||
/samba-4.11.5.tar.asc
|
||||
/samba-4.12.0rc1.tar.xz
|
||||
/samba-4.12.0rc1.tar.asc
|
||||
/samba-4.12.0rc2.tar.xz
|
||||
/samba-4.12.0rc2.tar.asc
|
||||
/samba-4.12.0rc3.tar.xz
|
||||
/samba-4.12.0rc3.tar.asc
|
||||
/samba-4.12.0rc4.tar.xz
|
||||
/samba-4.12.0rc4.tar.asc
|
||||
/samba-4.12.0.tar.xz
|
||||
/samba-4.12.0.tar.asc
|
||||
/samba-4.12.1.tar.xz
|
||||
/samba-4.12.1.tar.asc
|
||||
/samba-4.12.2.tar.xz
|
||||
/samba-4.12.2.tar.asc
|
||||
/samba-4.12.3.tar.xz
|
||||
/samba-4.12.3.tar.asc
|
||||
/samba-4.12.4.tar.xz
|
||||
/samba-4.12.4.tar.asc
|
||||
/samba-4.12.5.tar.xz
|
||||
/samba-4.12.5.tar.asc
|
||||
/samba-4.13.0rc1.tar.xz
|
||||
/samba-4.13.0rc1.tar.asc
|
||||
/samba-4.13.0rc2.tar.xz
|
||||
/samba-4.13.0rc2.tar.asc
|
||||
/samba-4.13.0rc3.tar.xz
|
||||
/samba-4.13.0rc3.tar.asc
|
||||
/samba-4.13.0rc4.tar.xz
|
||||
/samba-4.13.0rc4.tar.asc
|
||||
/samba-4.13.0rc5.tar.xz
|
||||
/samba-4.13.0rc5.tar.asc
|
||||
/samba-4.13.0rc6.tar.xz
|
||||
/samba-4.13.0rc6.tar.asc
|
||||
/samba-4.13.0.tar.xz
|
||||
/samba-4.13.0.tar.asc
|
||||
/samba-4.13.1.tar.xz
|
||||
/samba-4.13.1.tar.asc
|
||||
/samba-4.13.2.tar.xz
|
||||
/samba-4.13.2.tar.asc
|
||||
/samba-4.13.3.tar.xz
|
||||
/samba-4.13.3.tar.asc
|
||||
/samba-4.13.4.tar.xz
|
||||
/samba-4.13.4.tar.asc
|
||||
/samba-4.14.0rc1.tar.xz
|
||||
/samba-4.14.0rc1.tar.asc
|
||||
/samba-4.14.0rc2.tar.xz
|
||||
/samba-4.14.0rc2.tar.asc
|
||||
/samba-4.14.0rc3.tar.xz
|
||||
/samba-4.14.0rc3.tar.asc
|
||||
/samba-4.14.0rc4.tar.xz
|
||||
/samba-4.14.0rc4.tar.asc
|
||||
/samba-4.14.0.tar.xz
|
||||
/samba-4.14.0.tar.asc
|
||||
/samba-4.14.1.tar.xz
|
||||
/samba-4.14.1.tar.asc
|
||||
/samba-4.14.2.tar.xz
|
||||
/samba-4.14.2.tar.asc
|
||||
/samba-4.14.4.tar.xz
|
||||
/samba-4.14.4.tar.asc
|
||||
/samba-4.14.5.tar.asc
|
||||
/samba-4.14.5.tar.xz
|
||||
/samba-4.15.2.tar.asc
|
||||
/samba-4.15.2.tar.xz
|
||||
/samba-4.15.3.tar.asc
|
||||
/samba-4.15.3.tar.xz
|
||||
/samba-4.15.4.tar.asc
|
||||
/samba-4.15.4.tar.xz
|
||||
/samba-4.15.5.tar.xz
|
||||
/samba-4.15.5.tar.asc
|
||||
/samba-4.16.1.tar.asc
|
||||
/samba-4.16.1.tar.xz
|
||||
/samba-4.16.2.tar.asc
|
||||
/samba-4.16.2.tar.xz
|
||||
/samba-4.16.3.tar.asc
|
||||
/samba-4.16.3.tar.xz
|
||||
/samba-4.16.4.tar.xz
|
||||
/samba-4.16.4.tar.asc
|
||||
/samba-4.17.2.tar.asc
|
||||
/samba-4.17.2.tar.xz
|
||||
/samba-4.17.4.tar.asc
|
||||
/samba-4.17.4.tar.xz
|
||||
/samba-4.17.5.tar.asc
|
||||
/samba-4.17.5.tar.xz
|
||||
/samba-4.18.2.tar.asc
|
||||
/samba-4.18.2.tar.xz
|
||||
/samba-4.18.3.tar.asc
|
||||
/samba-4.18.3.tar.xz
|
||||
/samba-4.18.4.tar.asc
|
||||
/samba-4.18.4.tar.xz
|
||||
/samba-4.18.5.tar.asc
|
||||
/samba-4.18.5.tar.xz
|
||||
/samba-4.18.6.tar.xz
|
||||
/samba-4.18.6.tar.asc
|
||||
/samba-4.19.3.tar.xz
|
||||
/samba-4.19.3.tar.asc
|
||||
/samba-4.19.4.tar.xz
|
||||
/samba-4.19.4.tar.asc
|
||||
/samba-4.20.0.tar.asc
|
||||
/samba-4.20.0.tar.xz
|
||||
/samba-4.20.1.tar.asc
|
||||
/samba-4.20.1.tar.xz
|
||||
/samba-4.20.2.tar.asc
|
||||
/samba-4.20.2.tar.xz
|
||||
SOURCES/samba-4.19.4.tar.xz
|
||||
SOURCES/samba-pubkey_AA99442FB680B620.gpg
|
||||
|
2
.samba.metadata
Normal file
2
.samba.metadata
Normal file
@ -0,0 +1,2 @@
|
||||
6a164128df94dd89e785ca9f42d7be5714f16bed SOURCES/samba-4.19.4.tar.xz
|
||||
971f563c447eda8d144d6c9e743cd0f0488c0d9e SOURCES/samba-pubkey_AA99442FB680B620.gpg
|
186
README.md
186
README.md
@ -1,186 +0,0 @@
|
||||
Samba is a free SMB and CIFS client and server and Domain Controller for UNIX
|
||||
and other operating systems. It is maintained by the Samba Team, who support the
|
||||
original author, Andrew Tridgell.
|
||||
|
||||
This software is freely distributable under the GNU public license, a copy of
|
||||
which you should have received with this software (in a file called COPYING).
|
||||
|
||||
# WHAT IS SMB/CIFS?
|
||||
This is a big question.
|
||||
|
||||
The very short answer is that it is the protocol by which a lot of PC-related
|
||||
machines share files and printers and other information such as lists of
|
||||
available files and printers. Operating systems that support this natively
|
||||
include Windows 9x, Windows NT (and derivatives), OS/2, Mac OS X and Linux. Add
|
||||
on packages that achieve the same thing are available for DOS, Windows 3.1, VMS,
|
||||
Unix of all kinds, MVS, and more. Some Web Browsers can speak this protocol as
|
||||
well (smb://). Alternatives to SMB include Netware, NFS, Appletalk, Banyan
|
||||
Vines, Decnet etc; many of these have advantages but none are both public
|
||||
specifications and widely implemented in desktop machines by default.
|
||||
|
||||
The Common Internet File system (CIFS) is what the new SMB initiative is called.
|
||||
For details watch [here](https://samba.org/cifs)
|
||||
|
||||
# WHY DO PEOPLE WANT TO USE SMB?
|
||||
* Many people want to integrate their Microsoft desktop clients with their Unix
|
||||
servers.
|
||||
|
||||
* Others want to integrate their Microsoft (etc) servers with Unix servers. This
|
||||
is a different problem to integrating desktop clients.
|
||||
|
||||
* Others want to replace protocols like NFS, DecNet and Novell NCP, especially
|
||||
when used with PCs.
|
||||
|
||||
# WHAT CAN SAMBA DO?
|
||||
Please refer to the WHATSNEW.txt included with this README for a list of
|
||||
features in the latest Samba release.
|
||||
|
||||
Here is a very short list of what samba includes, and what it does. For many
|
||||
networks this can be simply summarized by "Samba provides a complete replacement
|
||||
for Windows NT, Warp, NFS or Netware servers."
|
||||
* a SMB server, to provide Windows NT and LAN Manager-style file and print
|
||||
services to SMB clients such as Windows 95, Warp Server, smbfs and others.
|
||||
|
||||
* a Windows Domain Controller (NT4 and AD) replacement.
|
||||
|
||||
* a file/print server that can act as a member of a Windows NT 4.0 or Active
|
||||
Directory domain.
|
||||
|
||||
* a NetBIOS (rfc1001/1002) nameserver, which amongst other things gives browsing
|
||||
support. Samba can be the master browser on your LAN if you wish.
|
||||
|
||||
* a ftp-like SMB client so you can access PC resources (disks and printers) from
|
||||
UNIX, Netware, and other operating systems
|
||||
|
||||
* a tar extension to the client for backing up PCs
|
||||
|
||||
* limited command-line tool that supports some of the NT administrative
|
||||
functionality, which can be used on Samba, NT workstation and NT server.
|
||||
|
||||
For a much better overview have a look at the [web site](http://samba.org/samba)
|
||||
and browse the user survey.
|
||||
|
||||
#### Related packages include:
|
||||
* cifsvfs, an advanced Linux-only filesystem allowing you to mount remote SMB
|
||||
filesystems from PCs on your Linux box. This is included as standard with Linux
|
||||
2.5 and later.
|
||||
|
||||
* smbfs, the previous Linux-only filesystem allowing you to mount remote SMB
|
||||
filesystems from PCs on your Linux box. This is included as standard with Linux
|
||||
2.0 and later.
|
||||
|
||||
# CONTRIBUTIONS
|
||||
|
||||
### To contribute via GitHub
|
||||
* fork the official Samba team repository on GitHub
|
||||
-- see [GitHub](https://github.com/samba-team/samba)
|
||||
|
||||
* become familiar with the coding standards as described in README.Coding
|
||||
|
||||
* make sure you read the Samba copyright policy
|
||||
-- see [Copyright Policy](https://www.samba.org/samba/devel/copyright-policy.html)
|
||||
|
||||
* create a feature branch
|
||||
|
||||
* make changes
|
||||
|
||||
* when committing, be sure to add signed-off-by tags
|
||||
-- see [Commit message tags](https://wiki.samba.org/index.php/CodeReview#commit_message_tags)
|
||||
|
||||
* send a pull request for your branch through GitHub
|
||||
|
||||
* this will trigger an email to the samba-technical mailing list
|
||||
|
||||
* discussion happens on the samba-technical mailing list as described below
|
||||
|
||||
* more info on using Git for Samba development can be found on Samba Wiki
|
||||
-- see [Using Git for Samba](https://wiki.samba.org/index.php/Using_Git_for_Samba_Development)
|
||||
|
||||
### To contribute via mailing lists
|
||||
Join the mailing list. The Samba team accepts patches (preferably in "diff -u"
|
||||
format, see [here](https://samba.org/samba/devel) for more details) and are
|
||||
always glad to receive feedback or suggestions to the address
|
||||
samba@lists.samba.org. More information on the various Samba mailing lists can
|
||||
be found at [mailman](http://lists.samba.org).
|
||||
|
||||
You can also get the Samba sourcecode straight from the [git repository](http://wiki.samba.org/index.php/Using_Git_for_Samba_Development).
|
||||
|
||||
If you like a particular feature then look through the git change-log on the
|
||||
[web](https://git.samba.org/?p=samba.git;a=summary) and see who added it, then
|
||||
send them an email.
|
||||
|
||||
Remember that free software of this kind lives or dies by the response we get.
|
||||
If no one tells us they like it then we'll probably move onto something else.
|
||||
|
||||
|
||||
# MORE INFO
|
||||
|
||||
### DOCUMENTATION
|
||||
There is quite a bit of documentation included with the package, including man
|
||||
pages, and lots of .html files with hints and useful info. This is also
|
||||
available from the web page. There is a growing collection of information under
|
||||
docs/.
|
||||
|
||||
A list of Samba documentation in languages other than English is available on
|
||||
the web page.
|
||||
|
||||
If you would like to help with the documentation, please coordinate on the
|
||||
samba@lists.samba.org mailing list. See the next section for details on
|
||||
subscribing to samba mailing lists.
|
||||
|
||||
### MAILING LIST
|
||||
Please do NOT send subscription/unsubscription requests to the lists!
|
||||
|
||||
There is a mailing list for discussion of Samba. For details go to [mailman](https://lists.samba.org)
|
||||
or send mail to <samba-subscribe@lists.samba.org>.
|
||||
|
||||
There is also an announcement mailing list where new versions are announced. To
|
||||
subscribe go to [mailman](http://lists.samba.org) or send mail to
|
||||
<samba-announce-subscribe@lists.samba.org>. All announcements also go to the
|
||||
samba list, so you only need to be on one.
|
||||
|
||||
For details of other Samba mailing lists and for access to archives, see
|
||||
[mailman](http://lists.samba.org)
|
||||
|
||||
### MAILING LIST ETIQUETTE
|
||||
|
||||
A few tips when submitting to this or any mailing list.
|
||||
- Make your subject short and descriptive. Avoid the words "help" or "Samba" in
|
||||
the subject. The readers of this list already know that a) you need help, and b)
|
||||
you are writing about samba (of course, you may need to distinguish between
|
||||
Samba PDC and other file sharing software). Avoid phrases such as "what is" and
|
||||
"how do i". Some good subject lines might look like "Slow response with Excel
|
||||
files" or "Migrating from Samba PDC to NT PDC".
|
||||
|
||||
- If you include the original message in your reply, trim it so that only the
|
||||
relevant lines, enough to establish context, are included. Chances are (since
|
||||
this is a mailing list) we've already read the original message.
|
||||
|
||||
- Trim irrelevant headers from the original message in your reply. All we need
|
||||
to see is a) From, b) Date, and c) Subject. We don't even really need the
|
||||
Subject, if you haven't changed it. Better yet is to just preface the original
|
||||
message with "On [date] [someone] wrote:".
|
||||
|
||||
- Please don't reply to or argue about spam, spam filters or viruses on any
|
||||
Samba lists. We do have a spam filtering system that is working quite well thank
|
||||
you very much but occasionally unwanted messages slip through. Deal with it.
|
||||
|
||||
- Never say "Me too." It doesn't help anyone solve the problem. Instead, if you
|
||||
ARE having the same problem, give more information. Have you seen something that
|
||||
the other writer hasn't mentioned, which may be helpful?
|
||||
|
||||
- If you ask about a problem, then come up with the solution on your own or
|
||||
through another source, by all means post it. Someone else may have the same
|
||||
problem and is waiting for an answer, but never hears of it.
|
||||
|
||||
- Give as much *relevant* information as possible such as Samba release number,
|
||||
OS, kernel version, etc...
|
||||
|
||||
- RTFM. Google.
|
||||
|
||||
### WEB SITE
|
||||
A Samba WWW [site](https://samba.org) has been setup with lots of useful info.
|
||||
|
||||
As well as general information and documentation, this also has searchable
|
||||
archives of the mailing list and a user survey that shows who else is using this
|
||||
package.
|
@ -1,7 +1,7 @@
|
||||
From 3c29fc78029e1274f931e171c9e04c19ad0182c1 Mon Sep 17 00:00:00 2001
|
||||
From: Gabriel Nagy <gabriel.nagy@canonical.com>
|
||||
Date: Thu, 17 Aug 2023 01:05:54 +0300
|
||||
Subject: [PATCH 01/21] gp: Support more global trust directories
|
||||
Subject: [PATCH 01/28] gp: Support more global trust directories
|
||||
|
||||
In addition to the SUSE global trust directory, add support for RHEL and
|
||||
Debian-based distributions (including Ubuntu).
|
||||
@ -60,13 +60,13 @@ index 312c8ddf467..1b90ab46e90 100644
|
||||
# Symlink the certs to global trust dir
|
||||
dst = os.path.join(global_trust_dir, os.path.basename(src))
|
||||
--
|
||||
2.43.0
|
||||
2.45.2
|
||||
|
||||
|
||||
From 063606e8ec83a58972df47eb561ab267f8937ba4 Mon Sep 17 00:00:00 2001
|
||||
From: Gabriel Nagy <gabriel.nagy@canonical.com>
|
||||
Date: Thu, 17 Aug 2023 01:09:28 +0300
|
||||
Subject: [PATCH 02/21] gp: Support update-ca-trust helper
|
||||
Subject: [PATCH 02/28] gp: Support update-ca-trust helper
|
||||
|
||||
This is used on RHEL/Fedora instead of update-ca-certificates. They
|
||||
behave similarly so it's enough to change the command name.
|
||||
@ -104,13 +104,13 @@ index 1b90ab46e90..cefdafa21b2 100644
|
||||
Popen([update]).wait()
|
||||
# Setup Certificate Auto Enrollment
|
||||
--
|
||||
2.43.0
|
||||
2.45.2
|
||||
|
||||
|
||||
From 3b548bf280ca59ef12a7af10a9131813067a850a Mon Sep 17 00:00:00 2001
|
||||
From: Gabriel Nagy <gabriel.nagy@canonical.com>
|
||||
Date: Fri, 11 Aug 2023 18:46:42 +0300
|
||||
Subject: [PATCH 03/21] gp: Change root cert extension suffix
|
||||
Subject: [PATCH 03/28] gp: Change root cert extension suffix
|
||||
|
||||
On Ubuntu, certificates must end in '.crt' in order to be considered by
|
||||
the `update-ca-certificates` helper.
|
||||
@ -138,13 +138,13 @@ index cefdafa21b2..c562722906b 100644
|
||||
w.write(cert)
|
||||
root_certs.append(dest)
|
||||
--
|
||||
2.43.0
|
||||
2.45.2
|
||||
|
||||
|
||||
From 7592ed5032836dc43f657f66607a0a4661edcdb4 Mon Sep 17 00:00:00 2001
|
||||
From: Gabriel Nagy <gabriel.nagy@canonical.com>
|
||||
Date: Fri, 18 Aug 2023 17:06:43 +0300
|
||||
Subject: [PATCH 04/21] gp: Test with binary content for certificate data
|
||||
Subject: [PATCH 04/28] gp: Test with binary content for certificate data
|
||||
|
||||
This fails all GPO-related tests that call `gpupdate --rsop`.
|
||||
|
||||
@ -216,13 +216,13 @@ index 00000000000..0aad59607c2
|
||||
+^samba.tests.gpo.samba.tests.gpo.GPOTests.test_advanced_gp_cert_auto_enroll_ext
|
||||
+^samba.tests.gpo.samba.tests.gpo.GPOTests.test_gp_cert_auto_enroll_ext
|
||||
--
|
||||
2.43.0
|
||||
2.45.2
|
||||
|
||||
|
||||
From 7f7b235bda9e85c5ea330e52e734d1113a884571 Mon Sep 17 00:00:00 2001
|
||||
From: Gabriel Nagy <gabriel.nagy@canonical.com>
|
||||
Date: Wed, 16 Aug 2023 12:20:11 +0300
|
||||
Subject: [PATCH 05/21] gp: Convert CA certificates to base64
|
||||
Subject: [PATCH 05/28] gp: Convert CA certificates to base64
|
||||
|
||||
I don't know whether this applies universally, but in our case the
|
||||
contents of `es['cACertificate'][0]` are binary, so cleanly converting
|
||||
@ -289,13 +289,13 @@ index 0aad59607c2..00000000000
|
||||
-^samba.tests.gpo.samba.tests.gpo.GPOTests.test_advanced_gp_cert_auto_enroll_ext
|
||||
-^samba.tests.gpo.samba.tests.gpo.GPOTests.test_gp_cert_auto_enroll_ext
|
||||
--
|
||||
2.43.0
|
||||
2.45.2
|
||||
|
||||
|
||||
From 49cc74015a603e80048a38fe635cd1ac28938ee4 Mon Sep 17 00:00:00 2001
|
||||
From: Gabriel Nagy <gabriel.nagy@canonical.com>
|
||||
Date: Fri, 18 Aug 2023 17:16:23 +0300
|
||||
Subject: [PATCH 06/21] gp: Test adding new cert templates enforces changes
|
||||
Subject: [PATCH 06/28] gp: Test adding new cert templates enforces changes
|
||||
|
||||
Ensure that cepces-submit reporting additional templates and re-applying
|
||||
will enforce the updated policy.
|
||||
@ -422,13 +422,13 @@ index 00000000000..4edc1dce730
|
||||
+^samba.tests.gpo.samba.tests.gpo.GPOTests.test_advanced_gp_cert_auto_enroll_ext
|
||||
+^samba.tests.gpo.samba.tests.gpo.GPOTests.test_gp_cert_auto_enroll_ext
|
||||
--
|
||||
2.43.0
|
||||
2.45.2
|
||||
|
||||
|
||||
From 4c0906bd79f030e591701234bc54bc749a42d686 Mon Sep 17 00:00:00 2001
|
||||
From: Gabriel Nagy <gabriel.nagy@canonical.com>
|
||||
Date: Wed, 16 Aug 2023 12:37:17 +0300
|
||||
Subject: [PATCH 07/21] gp: Template changes should invalidate cache
|
||||
Subject: [PATCH 07/28] gp: Template changes should invalidate cache
|
||||
|
||||
If certificate templates are added or removed, the autoenroll extension
|
||||
should react to this and reapply the policy. Previously this wasn't
|
||||
@ -487,13 +487,13 @@ index 4edc1dce730..00000000000
|
||||
-^samba.tests.gpo.samba.tests.gpo.GPOTests.test_advanced_gp_cert_auto_enroll_ext
|
||||
-^samba.tests.gpo.samba.tests.gpo.GPOTests.test_gp_cert_auto_enroll_ext
|
||||
--
|
||||
2.43.0
|
||||
2.45.2
|
||||
|
||||
|
||||
From e61f30dc2518d5a1c239f090baea4a309307f3f8 Mon Sep 17 00:00:00 2001
|
||||
From: Gabriel Nagy <gabriel.nagy@canonical.com>
|
||||
Date: Fri, 18 Aug 2023 17:26:59 +0300
|
||||
Subject: [PATCH 08/21] gp: Test disabled enrollment unapplies policy
|
||||
Subject: [PATCH 08/28] gp: Test disabled enrollment unapplies policy
|
||||
|
||||
For this we need to stage a Registry.pol file with certificate
|
||||
autoenrollment enabled, but with checkboxes unticked.
|
||||
@ -588,13 +588,13 @@ index 00000000000..83bc9f0ac1f
|
||||
@@ -0,0 +1 @@
|
||||
+^samba.tests.gpo.samba.tests.gpo.GPOTests.test_gp_cert_auto_enroll_ext
|
||||
--
|
||||
2.43.0
|
||||
2.45.2
|
||||
|
||||
|
||||
From 7757b9b48546d71e19798d1260da97780caa99c3 Mon Sep 17 00:00:00 2001
|
||||
From: Gabriel Nagy <gabriel.nagy@canonical.com>
|
||||
Date: Wed, 16 Aug 2023 12:33:59 +0300
|
||||
Subject: [PATCH 09/21] gp: Send list of keys instead of dict to remove
|
||||
Subject: [PATCH 09/28] gp: Send list of keys instead of dict to remove
|
||||
|
||||
`cache_get_all_attribute_values` returns a dict whereas we need to pass
|
||||
a list of keys to `remove`. These will be interpolated in the gpdb search.
|
||||
@ -634,13 +634,13 @@ index 83bc9f0ac1f..00000000000
|
||||
@@ -1 +0,0 @@
|
||||
-^samba.tests.gpo.samba.tests.gpo.GPOTests.test_gp_cert_auto_enroll_ext
|
||||
--
|
||||
2.43.0
|
||||
2.45.2
|
||||
|
||||
|
||||
From 4e9b2e6409c5764ec0e66cc6c90b08e70f702e7c Mon Sep 17 00:00:00 2001
|
||||
From: Andreas Schneider <asn@samba.org>
|
||||
Date: Tue, 9 Jan 2024 08:50:01 +0100
|
||||
Subject: [PATCH 10/21] python:gp: Print a nice message if cepces-submit can't
|
||||
Subject: [PATCH 10/28] python:gp: Print a nice message if cepces-submit can't
|
||||
be found
|
||||
|
||||
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15552
|
||||
@ -691,13 +691,13 @@ index 64c35782ae8..08d1a7348cd 100644
|
||||
|
||||
def getca(ca, url, trust_dir):
|
||||
--
|
||||
2.43.0
|
||||
2.45.2
|
||||
|
||||
|
||||
From fb3aefff51c02cf8ba3f8dfeb7d3f971e8d4902a Mon Sep 17 00:00:00 2001
|
||||
From: Gabriel Nagy <gabriel.nagy@canonical.com>
|
||||
Date: Mon, 8 Jan 2024 18:05:08 +0200
|
||||
Subject: [PATCH 11/21] gpo: Test certificate policy without NDES
|
||||
Subject: [PATCH 11/28] gpo: Test certificate policy without NDES
|
||||
|
||||
As of 8231eaf856b, the NDES feature is no longer required on Windows, as
|
||||
cert auto-enroll can use the certificate from the LDAP request.
|
||||
@ -895,13 +895,13 @@ index 00000000000..f1e590bc7d8
|
||||
@@ -0,0 +1 @@
|
||||
+^samba.tests.gpo.samba.tests.gpo.GPOTests.test_gp_cert_auto_enroll_ext_without_ndes
|
||||
--
|
||||
2.43.0
|
||||
2.45.2
|
||||
|
||||
|
||||
From 1a9af36177c7491687c75df151474bb10285f00e Mon Sep 17 00:00:00 2001
|
||||
From: Gabriel Nagy <gabriel.nagy@canonical.com>
|
||||
Date: Thu, 18 Jan 2024 20:23:24 +0200
|
||||
Subject: [PATCH 12/21] gpo: Decode base64 root cert before importing
|
||||
Subject: [PATCH 12/28] gpo: Decode base64 root cert before importing
|
||||
|
||||
The reasoning behind this is described in the previous commit message,
|
||||
but essentially this should either be wrapped in certificate blocks and
|
||||
@ -948,13 +948,13 @@ index f1e590bc7d8..00000000000
|
||||
@@ -1 +0,0 @@
|
||||
-^samba.tests.gpo.samba.tests.gpo.GPOTests.test_gp_cert_auto_enroll_ext_without_ndes
|
||||
--
|
||||
2.43.0
|
||||
2.45.2
|
||||
|
||||
|
||||
From f5fc88f9ae255f4dc135580f0fa4a02f5addc390 Mon Sep 17 00:00:00 2001
|
||||
From: Gabriel Nagy <gabriel.nagy@canonical.com>
|
||||
Date: Fri, 19 Jan 2024 11:36:19 +0200
|
||||
Subject: [PATCH 13/21] gpo: Do not get templates list on first run
|
||||
Subject: [PATCH 13/28] gpo: Do not get templates list on first run
|
||||
|
||||
This is a visual fix and has no impact on functionality apart from
|
||||
cleaner log messages.
|
||||
@ -997,13 +997,13 @@ index cd5e54f1110..559c903e1a2 100644
|
||||
if changed(new_data, old_data) or self.cache_get_apply_state() == GPOSTATE.ENFORCE:
|
||||
self.unapply(guid, attribute, old_val)
|
||||
--
|
||||
2.43.0
|
||||
2.45.2
|
||||
|
||||
|
||||
From e8a6219181f2af87813b53fd09684650c1aa6f90 Mon Sep 17 00:00:00 2001
|
||||
From: David Mulder <dmulder@samba.org>
|
||||
Date: Fri, 5 Jan 2024 08:47:07 -0700
|
||||
Subject: [PATCH 14/21] gp: Skip site GP list if no site is found
|
||||
Subject: [PATCH 14/28] gp: Skip site GP list if no site is found
|
||||
|
||||
[MS-GPOL] 3.2.5.1.4 Site Search says if the site
|
||||
search returns ERROR_NO_SITENAME, the GP site
|
||||
@ -1065,13 +1065,13 @@ index 617ef79350c..babd8f90748 100644
|
||||
# (L)ocal
|
||||
gpo_list.insert(0, gpo.GROUP_POLICY_OBJECT("Local Policy",
|
||||
--
|
||||
2.43.0
|
||||
2.45.2
|
||||
|
||||
|
||||
From d0d1a890d6f2466691fa4ee663232ee0bd1c3776 Mon Sep 17 00:00:00 2001
|
||||
From: Andreas Schneider <asn@samba.org>
|
||||
Date: Mon, 22 Jan 2024 14:14:30 +0100
|
||||
Subject: [PATCH 15/21] python:gp: Avoid path check for cepces-submit
|
||||
Subject: [PATCH 15/28] python:gp: Avoid path check for cepces-submit
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
@ -1111,13 +1111,13 @@ index 559c903e1a2..7325d5132cf 100644
|
||||
'%s --server=%s --auth=%s' % (cepces_submit,
|
||||
ca['hostname'], auth)],
|
||||
--
|
||||
2.43.0
|
||||
2.45.2
|
||||
|
||||
|
||||
From 7f6c9a4945635c6eb8ada2255bd0febbf0f4e540 Mon Sep 17 00:00:00 2001
|
||||
From: Andreas Schneider <asn@samba.org>
|
||||
Date: Mon, 22 Jan 2024 14:07:47 +0100
|
||||
Subject: [PATCH 16/21] python:gp: Improve logging for certificate enrollment
|
||||
Subject: [PATCH 16/28] python:gp: Improve logging for certificate enrollment
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
@ -1171,13 +1171,13 @@ index 7325d5132cf..a25a9678587 100644
|
||||
getcert = which('getcert')
|
||||
cepces_submit = find_cepces_submit()
|
||||
--
|
||||
2.43.0
|
||||
2.45.2
|
||||
|
||||
|
||||
From 5321d5b5bd24d7659743576f2e12a7dc0a93a828 Mon Sep 17 00:00:00 2001
|
||||
From: Andreas Schneider <asn@samba.org>
|
||||
Date: Mon, 22 Jan 2024 15:04:36 +0100
|
||||
Subject: [PATCH 17/21] python:gp: Do not print an error, if CA already exists
|
||||
Subject: [PATCH 17/28] python:gp: Do not print an error, if CA already exists
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
@ -1217,13 +1217,13 @@ index a25a9678587..0b23cd688db 100644
|
||||
for template in supported_templates:
|
||||
attrs = fetch_template_attrs(ldb, template)
|
||||
--
|
||||
2.43.0
|
||||
2.45.2
|
||||
|
||||
|
||||
From 6a7a8a4090b8cdb8e71f4ad590260ceeda253ce2 Mon Sep 17 00:00:00 2001
|
||||
From: Andreas Schneider <asn@samba.org>
|
||||
Date: Mon, 22 Jan 2024 15:05:02 +0100
|
||||
Subject: [PATCH 18/21] python:gp: Do not print an error if template already
|
||||
Subject: [PATCH 18/28] python:gp: Do not print an error if template already
|
||||
exists
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
@ -1264,13 +1264,13 @@ index 0b23cd688db..db681cb6f69 100644
|
||||
data['templates'].append(nickname)
|
||||
if update is not None:
|
||||
--
|
||||
2.43.0
|
||||
2.45.2
|
||||
|
||||
|
||||
From 43dc3d5d833bc1db885eb45402decd3225a7c946 Mon Sep 17 00:00:00 2001
|
||||
From: Andreas Schneider <asn@samba.org>
|
||||
Date: Mon, 22 Jan 2024 15:05:24 +0100
|
||||
Subject: [PATCH 19/21] python:gp: Log an error if update fails
|
||||
Subject: [PATCH 19/28] python:gp: Log an error if update fails
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
@ -1301,13 +1301,13 @@ index db681cb6f69..c8ad2039dc6 100644
|
||||
log.warn('certmonger and cepces must be installed for ' +
|
||||
'certificate auto enrollment to work')
|
||||
--
|
||||
2.43.0
|
||||
2.45.2
|
||||
|
||||
|
||||
From d8276d6a098d10f405b8f24c4dfb82af4496607c Mon Sep 17 00:00:00 2001
|
||||
From: Andreas Schneider <asn@samba.org>
|
||||
Date: Mon, 22 Jan 2024 15:46:24 +0100
|
||||
Subject: [PATCH 20/21] python:gp: Improve working of log messages to avoid
|
||||
Subject: [PATCH 20/28] python:gp: Improve working of log messages to avoid
|
||||
confusion
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
@ -1354,13 +1354,13 @@ index c8ad2039dc6..2b7f7d22c2b 100644
|
||||
log.warn('Installing the server certificate only.')
|
||||
der_certificate = base64.b64decode(ca['cACertificate'])
|
||||
--
|
||||
2.43.0
|
||||
2.45.2
|
||||
|
||||
|
||||
From 585357bf0d8889747a2769c2451ee34766087d95 Mon Sep 17 00:00:00 2001
|
||||
From: Andreas Schneider <asn@samba.org>
|
||||
Date: Mon, 29 Jan 2024 17:46:30 +0100
|
||||
Subject: [PATCH 21/21] python:gp: Fix logging with gp
|
||||
Subject: [PATCH 21/28] python:gp: Fix logging with gp
|
||||
|
||||
This allows enable INFO level logging with: `samba-gpupdate -d3`
|
||||
|
||||
@ -1396,5 +1396,392 @@ index a74a8707d50..c3de32825db 100644
|
||||
logger.setLevel(logging.CRITICAL)
|
||||
if log_level == 1:
|
||||
--
|
||||
2.43.0
|
||||
2.45.2
|
||||
|
||||
|
||||
From 14ceb0b5f2f954bbabdaf78b8185fc515e3c8294 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Pavel=20Filipensk=C3=BD?= <pfilipensky@samba.org>
|
||||
Date: Wed, 13 Mar 2024 13:55:41 +0100
|
||||
Subject: [PATCH 22/28] docs-xml: Add parameter all_groupmem to idmap_ad
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15605
|
||||
|
||||
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
|
||||
Reviewed-by: Andreas Schneider <asn@samba.org>
|
||||
(cherry picked from commit a485d9de2f2d6a9815dcac6addb988a8987e111c)
|
||||
---
|
||||
docs-xml/manpages/idmap_ad.8.xml | 10 ++++++++++
|
||||
1 file changed, 10 insertions(+)
|
||||
|
||||
diff --git a/docs-xml/manpages/idmap_ad.8.xml b/docs-xml/manpages/idmap_ad.8.xml
|
||||
index b364bbfa231..de6d36afe95 100644
|
||||
--- a/docs-xml/manpages/idmap_ad.8.xml
|
||||
+++ b/docs-xml/manpages/idmap_ad.8.xml
|
||||
@@ -100,6 +100,16 @@
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
+ <term>all_groupmem = yes/no</term>
|
||||
+ <listitem><para>
|
||||
+ If set to <parameter>yes</parameter> winbind will retrieve all
|
||||
+ group members for getgrnam(3), getgrgid(3) and getgrent(3) calls,
|
||||
+ including those with missing uidNumber.
|
||||
+ </para>
|
||||
+ <para>Default: no</para>
|
||||
+ </listitem>
|
||||
+ </varlistentry>
|
||||
+ <varlistentry>
|
||||
<term>deny ous</term>
|
||||
<listitem><para>This parameter is a list of OUs from
|
||||
which objects will not be mapped via the ad idmap
|
||||
--
|
||||
2.45.2
|
||||
|
||||
|
||||
From ac4184c8c3220263cb6f1a46a012533ed1c4e047 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Pavel=20Filipensk=C3=BD?= <pfilipensky@samba.org>
|
||||
Date: Tue, 12 Mar 2024 13:20:24 +0100
|
||||
Subject: [PATCH 23/28] s3:winbindd: Improve performance of lookup_groupmem()
|
||||
in idmap_ad
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
The LDAP query of lookup_groupmem() returns all group members from AD
|
||||
even those with missing uidNumber. Such group members are useless in
|
||||
UNIX environment for idmap_ad backend since there is no uid mapping.
|
||||
|
||||
'test_user' is member of group "Domanin Users" with 200K members,
|
||||
only 20K members have set uidNumber.
|
||||
|
||||
Without this fix:
|
||||
|
||||
$ time id test_user
|
||||
|
||||
real 1m5.946s
|
||||
user 0m0.019s
|
||||
sys 0m0.012s
|
||||
|
||||
With this fix:
|
||||
|
||||
$ time id test_user
|
||||
|
||||
real 0m3.544s
|
||||
user 0m0.004s
|
||||
sys 0m0.007s
|
||||
|
||||
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15605
|
||||
|
||||
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
|
||||
Reviewed-by: Andreas Schneider <asn@samba.org>
|
||||
(cherry picked from commit 5d475d26a3d545f04791a04e85a06b8b192e3fcf)
|
||||
---
|
||||
source3/winbindd/winbindd_ads.c | 11 +++++++----
|
||||
1 file changed, 7 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c
|
||||
index d7a665abbc6..e625aa6473f 100644
|
||||
--- a/source3/winbindd/winbindd_ads.c
|
||||
+++ b/source3/winbindd/winbindd_ads.c
|
||||
@@ -1037,7 +1037,7 @@ static NTSTATUS lookup_useraliases(struct winbindd_domain *domain,
|
||||
}
|
||||
|
||||
static NTSTATUS add_primary_group_members(
|
||||
- ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, uint32_t rid,
|
||||
+ ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, uint32_t rid, const char *domname,
|
||||
char ***all_members, size_t *num_all_members)
|
||||
{
|
||||
char *filter;
|
||||
@@ -1049,10 +1049,13 @@ static NTSTATUS add_primary_group_members(
|
||||
char **members;
|
||||
size_t num_members;
|
||||
ads_control args;
|
||||
+ bool all_groupmem = idmap_config_bool(domname, "all_groupmem", false);
|
||||
|
||||
filter = talloc_asprintf(
|
||||
- mem_ctx, "(&(objectCategory=user)(primaryGroupID=%u))",
|
||||
- (unsigned)rid);
|
||||
+ mem_ctx,
|
||||
+ "(&(objectCategory=user)(primaryGroupID=%u)%s)",
|
||||
+ (unsigned)rid,
|
||||
+ all_groupmem ? "" : "(uidNumber=*)(!(uidNumber=0))");
|
||||
if (filter == NULL) {
|
||||
goto done;
|
||||
}
|
||||
@@ -1204,7 +1207,7 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
|
||||
|
||||
DEBUG(10, ("ads lookup_groupmem: got %d sids via extended dn call\n", (int)num_members));
|
||||
|
||||
- status = add_primary_group_members(ads, mem_ctx, rid,
|
||||
+ status = add_primary_group_members(ads, mem_ctx, rid, domain->name,
|
||||
&members, &num_members);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
DEBUG(10, ("%s: add_primary_group_members failed: %s\n",
|
||||
--
|
||||
2.45.2
|
||||
|
||||
|
||||
From d0e2002efcc37055b35c351a6b936e6ab89fad32 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Pavel=20Filipensk=C3=BD?= <pfilipensky@samba.org>
|
||||
Date: Mon, 25 Mar 2024 22:38:18 +0100
|
||||
Subject: [PATCH 24/28] selftest: Add "winbind expand groups = 1" to
|
||||
setup_ad_member_idmap_ad
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15605
|
||||
|
||||
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
|
||||
Reviewed-by: Andreas Schneider <asn@samba.org>
|
||||
(backported from commit 2dab3a331b5511b4f2253f2b3b4513db7e52ea9a)
|
||||
---
|
||||
selftest/target/Samba3.pm | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
|
||||
index 44ac4a5901a..606c65f8ab1 100755
|
||||
--- a/selftest/target/Samba3.pm
|
||||
+++ b/selftest/target/Samba3.pm
|
||||
@@ -1412,6 +1412,7 @@ sub setup_ad_member_idmap_ad
|
||||
idmap config $dcvars->{TRUST_DOMAIN} : backend = ad
|
||||
idmap config $dcvars->{TRUST_DOMAIN} : range = 2000000-2999999
|
||||
gensec_gssapi:requested_life_time = 5
|
||||
+ winbind expand groups = 1
|
||||
";
|
||||
|
||||
my $ret = $self->provision(
|
||||
--
|
||||
2.45.2
|
||||
|
||||
|
||||
From 9625b6aed981aa4e70fe11d9d1acdb54db7591a3 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Pavel=20Filipensk=C3=BD?= <pfilipensky@samba.org>
|
||||
Date: Thu, 14 Mar 2024 15:24:21 +0100
|
||||
Subject: [PATCH 25/28] tests: Add a test for "all_groups=no" to
|
||||
test_idmap_ad.sh
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15605
|
||||
|
||||
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
|
||||
Reviewed-by: Andreas Schneider <asn@samba.org>
|
||||
|
||||
Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
|
||||
Autobuild-Date(master): Tue Apr 2 13:25:39 UTC 2024 on atb-devel-224
|
||||
|
||||
(cherry picked from commit f8b72aa1f72881989990fabc9f4888968bb81967)
|
||||
---
|
||||
nsswitch/tests/test_idmap_ad.sh | 22 ++++++++++++++++++++++
|
||||
1 file changed, 22 insertions(+)
|
||||
|
||||
diff --git a/nsswitch/tests/test_idmap_ad.sh b/nsswitch/tests/test_idmap_ad.sh
|
||||
index 7ae112ada71..1d4bd395ba9 100755
|
||||
--- a/nsswitch/tests/test_idmap_ad.sh
|
||||
+++ b/nsswitch/tests/test_idmap_ad.sh
|
||||
@@ -94,6 +94,14 @@ gidNumber: 2000001
|
||||
unixHomeDirectory: /home/forbidden
|
||||
loginShell: /bin/tcsh
|
||||
gecos: User in forbidden OU
|
||||
+
|
||||
+dn: CN=no_posix_id,CN=Users,$BASE_DN
|
||||
+changetype: add
|
||||
+objectClass: user
|
||||
+samaccountName: no_posix_id
|
||||
+unixHomeDirectory: /home/no_posix_id
|
||||
+loginShell: /bin/sh
|
||||
+gecos: User without uidNumber and gidNumber
|
||||
EOF
|
||||
|
||||
#
|
||||
@@ -171,6 +179,17 @@ then
|
||||
failed=$(($failed + 1))
|
||||
fi
|
||||
|
||||
+#
|
||||
+# Test 6: Make sure that with the default "all_groups=no"
|
||||
+# the group "domain users" will not show user "no_posix_id"
|
||||
+# but will show "SAMBA2008R2/administrator"
|
||||
+#
|
||||
+
|
||||
+dom_users="$DOMAIN/domain users" # Extra step to make sure that all is one word
|
||||
+out="$($wbinfo --group-info "$dom_users")"
|
||||
+testit_grep_count "no_posix_id1" "no_posix_id" 0 echo "$out" || failed=$(expr $failed + 1)
|
||||
+testit_grep "no_posix_id2" "SAMBA2008R2/administrator" echo "$out" || failed=$(expr $failed + 1)
|
||||
+
|
||||
#
|
||||
# Trusted domain test 1: Test uid of Administrator, should be 2500000
|
||||
#
|
||||
@@ -241,6 +260,9 @@ gidNumber: 2000002
|
||||
dn: cn=forbidden,ou=sub,$BASE_DN
|
||||
changetype: delete
|
||||
|
||||
+dn: CN=no_posix_id,CN=Users,$BASE_DN
|
||||
+changetype: delete
|
||||
+
|
||||
dn: ou=sub,$BASE_DN
|
||||
changetype: delete
|
||||
EOF
|
||||
--
|
||||
2.45.2
|
||||
|
||||
|
||||
From e5890e63c35a4a5af29ae16e6dd734c4a3a304cc Mon Sep 17 00:00:00 2001
|
||||
From: Andreas Schneider <asn@samba.org>
|
||||
Date: Tue, 28 May 2024 13:51:53 +0200
|
||||
Subject: [PATCH 26/28] s3:libads: Allow get_kdc_ip_string() to lookup the KDCs
|
||||
IP
|
||||
|
||||
Remove the requirement to provide an IP address. We should look up the
|
||||
IP of the KDC and use it for the specified realm/workgroup.
|
||||
|
||||
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15653
|
||||
|
||||
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
||||
(cherry picked from commit 28aa0b815baf4668e3df01d52597c40fd430e2fb)
|
||||
---
|
||||
source3/libads/kerberos.c | 30 +++++++++++++++---------------
|
||||
1 file changed, 15 insertions(+), 15 deletions(-)
|
||||
|
||||
diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
|
||||
index 50f4a6de3c6..ddf97c11973 100644
|
||||
--- a/source3/libads/kerberos.c
|
||||
+++ b/source3/libads/kerberos.c
|
||||
@@ -437,23 +437,23 @@ static char *get_kdc_ip_string(char *mem_ctx,
|
||||
char *kdc_str = NULL;
|
||||
char *canon_sockaddr = NULL;
|
||||
|
||||
- SMB_ASSERT(pss != NULL);
|
||||
-
|
||||
- canon_sockaddr = print_canonical_sockaddr_with_port(frame, pss);
|
||||
- if (canon_sockaddr == NULL) {
|
||||
- goto out;
|
||||
- }
|
||||
+ if (pss != NULL) {
|
||||
+ canon_sockaddr = print_canonical_sockaddr_with_port(frame, pss);
|
||||
+ if (canon_sockaddr == NULL) {
|
||||
+ goto out;
|
||||
+ }
|
||||
|
||||
- kdc_str = talloc_asprintf(frame,
|
||||
- "\t\tkdc = %s\n",
|
||||
- canon_sockaddr);
|
||||
- if (kdc_str == NULL) {
|
||||
- goto out;
|
||||
- }
|
||||
+ kdc_str = talloc_asprintf(frame,
|
||||
+ "\t\tkdc = %s\n",
|
||||
+ canon_sockaddr);
|
||||
+ if (kdc_str == NULL) {
|
||||
+ goto out;
|
||||
+ }
|
||||
|
||||
- ok = sockaddr_storage_to_samba_sockaddr(&sa, pss);
|
||||
- if (!ok) {
|
||||
- goto out;
|
||||
+ ok = sockaddr_storage_to_samba_sockaddr(&sa, pss);
|
||||
+ if (!ok) {
|
||||
+ goto out;
|
||||
+ }
|
||||
}
|
||||
|
||||
/*
|
||||
--
|
||||
2.45.2
|
||||
|
||||
|
||||
From 96a1ecd8db249fa03db60259cf76fdef9c1bd749 Mon Sep 17 00:00:00 2001
|
||||
From: Andreas Schneider <asn@samba.org>
|
||||
Date: Tue, 28 May 2024 13:53:51 +0200
|
||||
Subject: [PATCH 27/28] s3:libads: Do not fail if we don't get an IP passed
|
||||
down
|
||||
|
||||
The IP should be optional and we should look it up if not provided.
|
||||
|
||||
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15653
|
||||
|
||||
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
||||
(cherry picked from commit 9dcc52d2a57314ec9ddaae82b3c49da051d1f1d2)
|
||||
---
|
||||
source3/libads/kerberos.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
|
||||
index ddf97c11973..f74d8eb567c 100644
|
||||
--- a/source3/libads/kerberos.c
|
||||
+++ b/source3/libads/kerberos.c
|
||||
@@ -704,7 +704,7 @@ bool create_local_private_krb5_conf_for_domain(const char *realm,
|
||||
return false;
|
||||
}
|
||||
|
||||
- if (domain == NULL || pss == NULL) {
|
||||
+ if (domain == NULL) {
|
||||
return false;
|
||||
}
|
||||
|
||||
--
|
||||
2.45.2
|
||||
|
||||
|
||||
From 4934642b7a7d92c6d81ba25ef6e4b66e3805f708 Mon Sep 17 00:00:00 2001
|
||||
From: Andreas Schneider <asn@samba.org>
|
||||
Date: Tue, 28 May 2024 13:54:24 +0200
|
||||
Subject: [PATCH 28/28] s3:winbind: Fix idmap_ad creating an invalid local
|
||||
krb5.conf
|
||||
|
||||
In case of a trusted domain, we are providing the realm of the primary
|
||||
trust but specify the KDC IP of the trusted domain. This leads to
|
||||
Kerberos ticket requests to the trusted domain KDC which doesn't know
|
||||
about the machine account. However we need a ticket from our primary
|
||||
trust KDC.
|
||||
|
||||
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15653
|
||||
|
||||
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
||||
(backported from commit 8989aa47b7493e6b7978c2efc4a40c781e9a2aee)
|
||||
---
|
||||
source3/winbindd/idmap_ad.c | 11 +++++++++--
|
||||
1 file changed, 9 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/source3/winbindd/idmap_ad.c b/source3/winbindd/idmap_ad.c
|
||||
index 5c9fe07db95..b8002825161 100644
|
||||
--- a/source3/winbindd/idmap_ad.c
|
||||
+++ b/source3/winbindd/idmap_ad.c
|
||||
@@ -320,7 +320,10 @@ static NTSTATUS idmap_ad_get_tldap_ctx(TALLOC_CTX *mem_ctx,
|
||||
struct tldap_context **pld)
|
||||
{
|
||||
struct netr_DsRGetDCNameInfo *dcinfo;
|
||||
- struct sockaddr_storage dcaddr;
|
||||
+ struct sockaddr_storage dcaddr = {
|
||||
+ .ss_family = AF_UNSPEC,
|
||||
+ };
|
||||
+ struct sockaddr_storage *pdcaddr = NULL;
|
||||
struct cli_credentials *creds;
|
||||
struct loadparm_context *lp_ctx;
|
||||
struct tldap_context *ld;
|
||||
@@ -362,9 +365,13 @@ static NTSTATUS idmap_ad_get_tldap_ctx(TALLOC_CTX *mem_ctx,
|
||||
* create_local_private_krb5_conf_for_domain() can deal with
|
||||
* sitename==NULL
|
||||
*/
|
||||
+ if (strequal(domname, lp_realm()) || strequal(domname, lp_workgroup()))
|
||||
+ {
|
||||
+ pdcaddr = &dcaddr;
|
||||
+ }
|
||||
|
||||
ok = create_local_private_krb5_conf_for_domain(
|
||||
- lp_realm(), lp_workgroup(), sitename, &dcaddr);
|
||||
+ lp_realm(), lp_workgroup(), sitename, pdcaddr);
|
||||
TALLOC_FREE(sitename);
|
||||
if (!ok) {
|
||||
DBG_DEBUG("Could not create private krb5.conf\n");
|
||||
--
|
||||
2.45.2
|
||||
|
16
SOURCES/samba-4.19.4.tar.asc
Normal file
16
SOURCES/samba-4.19.4.tar.asc
Normal file
@ -0,0 +1,16 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmWcCFAACgkQqplEL7aA
|
||||
tiDKSBAAuWA9jT6xCfFACIlme7DbEoUm/Bsbf+GM2Somd3pgajekiNxo7CsW9Xub
|
||||
Vmpj0Q5OKiri81XTqA8LlqMCBliqfw/rnP48kCH0YqXzjqD6aYuwmk0Q4G3wWBTJ
|
||||
2ZT/wOpbM3YooFfE9Iffz6uNgAiQ/8kpBt2m6Zzfy8n1ThfztyGAGaSmrUWxgUlq
|
||||
XjRjtgTw4isZBm+RzCFSGuPxvWvxRlfD5JCe2gc221rI3kbaQE2GSxdZ6D0635Ln
|
||||
iy64SLIAKkQCrrFFckudSCCLKgLNdIClEwzamhhCbmCxnWMDufzN+BQZhq3axQ+x
|
||||
svPfZqltVSQztr4nPGvKdebtVLL2Zyf/LtXWQP/s66quHlHFoEAC7MuD6tEMQVar
|
||||
JQUCN51Gs0Yk12iReQFm6/Uo35aPAlai1e2uOkNzS5FnagRObYt6FYeQripks4I8
|
||||
ZW5VvF4cE0zqdjrlG+Ttqmpbj7i6AUJj9wSbrEOFDUhTL+QPPOfJ05yr1BHmS6nJ
|
||||
vuuUs+ei/DnYEFS91P81h5NuOdpRHIBTG6LUOLz5KOoNdIgvzjD/Ugyscj4AFTBo
|
||||
+NTG9nNr6gkLV/6dxDRR2/sbU6P+FZBL+JVUoDR7XQ7oHG7sFV+/8Dtu8RivEw++
|
||||
1sNGqxvGkwu7JunMkJO5YZRwXi81v3nmHkWKgb0+52iYXgmdesY=
|
||||
=kOPP
|
||||
-----END PGP SIGNATURE-----
|
@ -18,6 +18,9 @@
|
||||
load printers = yes
|
||||
cups options = raw
|
||||
|
||||
# Install samba-usershares package for support
|
||||
include = /etc/samba/usershares.conf
|
||||
|
||||
[homes]
|
||||
comment = Home Directories
|
||||
valid users = %S, %D%w%S
|
File diff suppressed because it is too large
Load Diff
@ -1,230 +0,0 @@
|
||||
From 2b478bafd808218d3471fd5b1c9dc7d8e528cdb0 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Pavel=20Filipensk=C3=BD?= <pfilipensky@samba.org>
|
||||
Date: Wed, 13 Mar 2024 13:55:41 +0100
|
||||
Subject: [PATCH 1/4] docs-xml: Add parameter all_groupmem to idmap_ad
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15605
|
||||
|
||||
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
|
||||
Reviewed-by: Andreas Schneider <asn@samba.org>
|
||||
(cherry picked from commit a485d9de2f2d6a9815dcac6addb988a8987e111c)
|
||||
---
|
||||
docs-xml/manpages/idmap_ad.8.xml | 10 ++++++++++
|
||||
1 file changed, 10 insertions(+)
|
||||
|
||||
diff --git a/docs-xml/manpages/idmap_ad.8.xml b/docs-xml/manpages/idmap_ad.8.xml
|
||||
index 32df8d066c2..c7fcc65d763 100644
|
||||
--- a/docs-xml/manpages/idmap_ad.8.xml
|
||||
+++ b/docs-xml/manpages/idmap_ad.8.xml
|
||||
@@ -105,6 +105,16 @@
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
+ <term>all_groupmem = yes/no</term>
|
||||
+ <listitem><para>
|
||||
+ If set to <parameter>yes</parameter> winbind will retrieve all
|
||||
+ group members for getgrnam(3), getgrgid(3) and getgrent(3) calls,
|
||||
+ including those with missing uidNumber.
|
||||
+ </para>
|
||||
+ <para>Default: no</para>
|
||||
+ </listitem>
|
||||
+ </varlistentry>
|
||||
+ <varlistentry>
|
||||
<term>deny ous</term>
|
||||
<listitem><para>This parameter is a list of OUs from
|
||||
which objects will not be mapped via the ad idmap
|
||||
--
|
||||
2.41.0
|
||||
|
||||
|
||||
From 2259b59220b625cd682a3d22024ab442a56ecc3a Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Pavel=20Filipensk=C3=BD?= <pfilipensky@samba.org>
|
||||
Date: Tue, 12 Mar 2024 13:20:24 +0100
|
||||
Subject: [PATCH 2/4] s3:winbindd: Improve performance of lookup_groupmem() in
|
||||
idmap_ad
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
The LDAP query of lookup_groupmem() returns all group members from AD
|
||||
even those with missing uidNumber. Such group members are useless in
|
||||
UNIX environment for idmap_ad backend since there is no uid mapping.
|
||||
|
||||
'test_user' is member of group "Domanin Users" with 200K members,
|
||||
only 20K members have set uidNumber.
|
||||
|
||||
Without this fix:
|
||||
|
||||
$ time id test_user
|
||||
|
||||
real 1m5.946s
|
||||
user 0m0.019s
|
||||
sys 0m0.012s
|
||||
|
||||
With this fix:
|
||||
|
||||
$ time id test_user
|
||||
|
||||
real 0m3.544s
|
||||
user 0m0.004s
|
||||
sys 0m0.007s
|
||||
|
||||
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15605
|
||||
|
||||
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
|
||||
Reviewed-by: Andreas Schneider <asn@samba.org>
|
||||
(cherry picked from commit 5d475d26a3d545f04791a04e85a06b8b192e3fcf)
|
||||
---
|
||||
source3/winbindd/winbindd_ads.c | 11 +++++++----
|
||||
1 file changed, 7 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c
|
||||
index 7e572e5d41f..7d6324033ea 100644
|
||||
--- a/source3/winbindd/winbindd_ads.c
|
||||
+++ b/source3/winbindd/winbindd_ads.c
|
||||
@@ -1039,7 +1039,7 @@ static NTSTATUS lookup_useraliases(struct winbindd_domain *domain,
|
||||
}
|
||||
|
||||
static NTSTATUS add_primary_group_members(
|
||||
- ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, uint32_t rid,
|
||||
+ ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, uint32_t rid, const char *domname,
|
||||
char ***all_members, size_t *num_all_members)
|
||||
{
|
||||
char *filter;
|
||||
@@ -1051,10 +1051,13 @@ static NTSTATUS add_primary_group_members(
|
||||
char **members;
|
||||
size_t num_members;
|
||||
ads_control args;
|
||||
+ bool all_groupmem = idmap_config_bool(domname, "all_groupmem", false);
|
||||
|
||||
filter = talloc_asprintf(
|
||||
- mem_ctx, "(&(objectCategory=user)(primaryGroupID=%u))",
|
||||
- (unsigned)rid);
|
||||
+ mem_ctx,
|
||||
+ "(&(objectCategory=user)(primaryGroupID=%u)%s)",
|
||||
+ (unsigned)rid,
|
||||
+ all_groupmem ? "" : "(uidNumber=*)(!(uidNumber=0))");
|
||||
if (filter == NULL) {
|
||||
goto done;
|
||||
}
|
||||
@@ -1206,7 +1209,7 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
|
||||
|
||||
DEBUG(10, ("ads lookup_groupmem: got %d sids via extended dn call\n", (int)num_members));
|
||||
|
||||
- status = add_primary_group_members(ads, mem_ctx, rid,
|
||||
+ status = add_primary_group_members(ads, mem_ctx, rid, domain->name,
|
||||
&members, &num_members);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
DEBUG(10, ("%s: add_primary_group_members failed: %s\n",
|
||||
--
|
||||
2.41.0
|
||||
|
||||
|
||||
From 84b6ef6a95d821e44462105250ce50d124a62150 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Pavel=20Filipensk=C3=BD?= <pfilipensky@samba.org>
|
||||
Date: Mon, 25 Mar 2024 22:38:18 +0100
|
||||
Subject: [PATCH 3/4] selftest: Add "winbind expand groups = 1" to
|
||||
setup_ad_member_idmap_ad
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15605
|
||||
|
||||
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
|
||||
Reviewed-by: Andreas Schneider <asn@samba.org>
|
||||
(cherry picked from commit 2dab3a331b5511b4f2253f2b3b4513db7e52ea9a)
|
||||
---
|
||||
selftest/target/Samba3.pm | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
|
||||
index bbce55ea508..cf40633d127 100755
|
||||
--- a/selftest/target/Samba3.pm
|
||||
+++ b/selftest/target/Samba3.pm
|
||||
@@ -1420,6 +1420,7 @@ sub setup_ad_member_idmap_ad
|
||||
idmap config $dcvars->{TRUST_DOMAIN} : range = 2000000-2999999
|
||||
gensec_gssapi:requested_life_time = 5
|
||||
winbind scan trusted domains = yes
|
||||
+ winbind expand groups = 1
|
||||
";
|
||||
|
||||
my $ret = $self->provision(
|
||||
--
|
||||
2.41.0
|
||||
|
||||
|
||||
From 550c6218e83468874a6a11295a7b08b148d1295a Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Pavel=20Filipensk=C3=BD?= <pfilipensky@samba.org>
|
||||
Date: Thu, 14 Mar 2024 15:24:21 +0100
|
||||
Subject: [PATCH 4/4] tests: Add a test for "all_groups=no" to test_idmap_ad.sh
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15605
|
||||
|
||||
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
|
||||
Reviewed-by: Andreas Schneider <asn@samba.org>
|
||||
|
||||
Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
|
||||
Autobuild-Date(master): Tue Apr 2 13:25:39 UTC 2024 on atb-devel-224
|
||||
|
||||
(cherry picked from commit f8b72aa1f72881989990fabc9f4888968bb81967)
|
||||
---
|
||||
nsswitch/tests/test_idmap_ad.sh | 22 ++++++++++++++++++++++
|
||||
1 file changed, 22 insertions(+)
|
||||
|
||||
diff --git a/nsswitch/tests/test_idmap_ad.sh b/nsswitch/tests/test_idmap_ad.sh
|
||||
index 7ae112ada71..1d4bd395ba9 100755
|
||||
--- a/nsswitch/tests/test_idmap_ad.sh
|
||||
+++ b/nsswitch/tests/test_idmap_ad.sh
|
||||
@@ -94,6 +94,14 @@ gidNumber: 2000001
|
||||
unixHomeDirectory: /home/forbidden
|
||||
loginShell: /bin/tcsh
|
||||
gecos: User in forbidden OU
|
||||
+
|
||||
+dn: CN=no_posix_id,CN=Users,$BASE_DN
|
||||
+changetype: add
|
||||
+objectClass: user
|
||||
+samaccountName: no_posix_id
|
||||
+unixHomeDirectory: /home/no_posix_id
|
||||
+loginShell: /bin/sh
|
||||
+gecos: User without uidNumber and gidNumber
|
||||
EOF
|
||||
|
||||
#
|
||||
@@ -171,6 +179,17 @@ then
|
||||
failed=$(($failed + 1))
|
||||
fi
|
||||
|
||||
+#
|
||||
+# Test 6: Make sure that with the default "all_groups=no"
|
||||
+# the group "domain users" will not show user "no_posix_id"
|
||||
+# but will show "SAMBA2008R2/administrator"
|
||||
+#
|
||||
+
|
||||
+dom_users="$DOMAIN/domain users" # Extra step to make sure that all is one word
|
||||
+out="$($wbinfo --group-info "$dom_users")"
|
||||
+testit_grep_count "no_posix_id1" "no_posix_id" 0 echo "$out" || failed=$(expr $failed + 1)
|
||||
+testit_grep "no_posix_id2" "SAMBA2008R2/administrator" echo "$out" || failed=$(expr $failed + 1)
|
||||
+
|
||||
#
|
||||
# Trusted domain test 1: Test uid of Administrator, should be 2500000
|
||||
#
|
||||
@@ -241,6 +260,9 @@ gidNumber: 2000002
|
||||
dn: cn=forbidden,ou=sub,$BASE_DN
|
||||
changetype: delete
|
||||
|
||||
+dn: CN=no_posix_id,CN=Users,$BASE_DN
|
||||
+changetype: delete
|
||||
+
|
||||
dn: ou=sub,$BASE_DN
|
||||
changetype: delete
|
||||
EOF
|
||||
--
|
||||
2.41.0
|
||||
|
@ -1,8 +0,0 @@
|
||||
# recipients: idmafs-qe, asn, ftrivino, pfilipen
|
||||
--- !Policy
|
||||
product_versions:
|
||||
- rhel-9
|
||||
decision_context: osci_compose_gate
|
||||
rules:
|
||||
- !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}
|
||||
- !PassingTestCaseRule {test_case_name: idm-ci.brew-build.tier1.functional}
|
@ -1,102 +0,0 @@
|
||||
From dddbbec2cb10b05a6ec3b4f1fcc877d60a44080a Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Pavel=20Filipensk=C3=BD?= <pfilipensky@samba.org>
|
||||
Date: Thu, 4 Jul 2024 11:08:03 +0200
|
||||
Subject: [PATCH 1/2] .gitlab-ci-main.yml: Add safe.directory '*'
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
This is to fix the error when pushing to personal gitlab repo:
|
||||
|
||||
2024-07-04 08:16:05,460 Running: 'git clone --recursive --shared /builds/pfilipen/samba /builds/samba-testbase/master' in '/builds/pfilipen/samba'
|
||||
Cloning into '/builds/samba-testbase/master'...
|
||||
fatal: detected dubious ownership in repository at '/builds/pfilipen/samba/.git'
|
||||
To add an exception for this directory, call:
|
||||
git config --global --add safe.directory /builds/pfilipen/samba/.git
|
||||
fatal: Could not read from remote repository.
|
||||
|
||||
Instead of adding more and more explicit repositories
|
||||
we should just allow any, we're in an isolated environment...
|
||||
|
||||
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15660
|
||||
|
||||
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
|
||||
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
|
||||
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
||||
Reviewed-by: Andreas Schneider <asn@samba.org>
|
||||
|
||||
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
|
||||
Autobuild-Date(master): Wed Jul 10 10:35:00 UTC 2024 on atb-devel-224
|
||||
|
||||
(cherry picked from commit 3a21b7d9a4e7e9814d0be8c0ebf72b9821a5dc36)
|
||||
---
|
||||
.gitlab-ci-main.yml | 3 +--
|
||||
1 file changed, 1 insertion(+), 2 deletions(-)
|
||||
|
||||
diff --git a/.gitlab-ci-main.yml b/.gitlab-ci-main.yml
|
||||
index face2103327..08865ca2c42 100644
|
||||
--- a/.gitlab-ci-main.yml
|
||||
+++ b/.gitlab-ci-main.yml
|
||||
@@ -146,8 +146,7 @@ include:
|
||||
- ccache -z -M 500M
|
||||
- ccache -s
|
||||
# We are already running .gitlab-ci directives from this repo, remove additional checks that break our CI
|
||||
- - git config --global --add safe.directory `pwd`
|
||||
- - git config --global --add safe.directory /builds/samba-team/devel/samba/.git
|
||||
+ - git config --global --add safe.directory '*'
|
||||
after_script:
|
||||
- mount
|
||||
- df -h
|
||||
--
|
||||
2.45.2
|
||||
|
||||
|
||||
From 1c69964d34d2cf66532b23ffde76a839a65b0db2 Mon Sep 17 00:00:00 2001
|
||||
From: Andreas Schneider <asn@samba.org>
|
||||
Date: Fri, 12 Jul 2024 14:18:26 +0200
|
||||
Subject: [PATCH 2/2] s3:printing: Allow to run samba-bgqd as a standalone
|
||||
systemd service
|
||||
|
||||
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15683
|
||||
|
||||
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||
Reviewed-by: Alexander Bokovoy <ab@samba.org>
|
||||
(cherry picked from commit 0a532378322661b23b3393eb2ebde29402a16e62)
|
||||
|
||||
Autobuild-User(v4-20-test): Jule Anger <janger@samba.org>
|
||||
Autobuild-Date(v4-20-test): Tue Jul 23 08:56:24 UTC 2024 on atb-devel-224
|
||||
|
||||
(cherry picked from commit 4cf9af9186d7829f11bd07c7d6e526a51dcf0d61)
|
||||
---
|
||||
source3/printing/samba-bgqd.c | 8 +++++++-
|
||||
1 file changed, 7 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/source3/printing/samba-bgqd.c b/source3/printing/samba-bgqd.c
|
||||
index 59ed0cc40db..9560fcf9e35 100644
|
||||
--- a/source3/printing/samba-bgqd.c
|
||||
+++ b/source3/printing/samba-bgqd.c
|
||||
@@ -253,7 +253,9 @@ int main(int argc, const char *argv[])
|
||||
log_stdout = (debug_get_log_type() == DEBUG_STDOUT);
|
||||
|
||||
/* main process will notify systemd */
|
||||
- daemon_sd_notifications(false);
|
||||
+ if (ready_signal_fd != -1 || watch_fd != -1) {
|
||||
+ daemon_sd_notifications(false);
|
||||
+ }
|
||||
|
||||
if (!cmdline_daemon_cfg->fork) {
|
||||
daemon_status(progname, "Starting process ... ");
|
||||
@@ -325,6 +327,10 @@ int main(int argc, const char *argv[])
|
||||
goto done;
|
||||
}
|
||||
|
||||
+ if (!cmdline_daemon_cfg->fork) {
|
||||
+ daemon_ready(progname);
|
||||
+ }
|
||||
+
|
||||
if (ready_signal_fd != -1) {
|
||||
pid_t pid = getpid();
|
||||
ssize_t written;
|
||||
--
|
||||
2.45.2
|
||||
|
@ -1,24 +0,0 @@
|
||||
---
|
||||
badfuncs:
|
||||
ignore:
|
||||
- /usr/bin/nmblookup
|
||||
- /usr/bin/smbtorture
|
||||
- /usr/lib*/libndr.so.*
|
||||
- /usr/lib*/libsmbconf.so.*
|
||||
- /usr/lib*/samba/libgse-private-samba.so
|
||||
- /usr/lib*/samba/libsamba-sockets-private-samba.so
|
||||
- /usr/lib*/samba/service/nbtd.so
|
||||
- /usr/libexec/ctdb/smnotify
|
||||
- /usr/sbin/nmbd
|
||||
|
||||
runpath:
|
||||
allowed_paths:
|
||||
- /usr/lib/samba
|
||||
- /usr/lib64/samba
|
||||
|
||||
abidiff:
|
||||
suppression_file: samba.abignore
|
||||
|
||||
debuginfo:
|
||||
ignore:
|
||||
- /usr/lib*/libdcerpc-samr.so.*
|
Binary file not shown.
2
sources
2
sources
@ -1,2 +0,0 @@
|
||||
SHA512 (samba-4.20.2.tar.asc) = a0051efdca684bc6c3e40367b0a8b862d0b1b988aa9c15ec6987d5f97440daa1f7609e6be61611aa9bbed56d89e0258b192c43028384899c75c4cd449cc99694
|
||||
SHA512 (samba-4.20.2.tar.xz) = cf07b12b6c1ac9bc3fd0df7fd658529ebd08309a0823f49c68dd3c55c0c80f412d6af50a0f78b8f4484635029aeb292a72dd0a6638edbd463e73baff404d5315
|
@ -1,62 +0,0 @@
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Makefile of gating test "testparm"
|
||||
# Description: Basic config check for samba
|
||||
# Author: Andrej Dzilsky <adzilsky@redhat.com>
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Copyright (c) 2019 Red Hat, Inc.
|
||||
#
|
||||
# This program is free software: you can redistribute it and/or
|
||||
# modify it under the terms of the GNU General Public License as
|
||||
# published by the Free Software Foundation, either version 2 of
|
||||
# the License, or (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be
|
||||
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||
# PURPOSE. See the GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program. If not, see http://www.gnu.org/licenses/.
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
export TEST=testparm
|
||||
export TESTVERSION=1.0
|
||||
|
||||
BUILT_FILES=
|
||||
|
||||
FILES=$(METADATA) runtest.sh Makefile
|
||||
|
||||
.PHONY: all install download clean
|
||||
|
||||
run: $(FILES) build
|
||||
./runtest.sh
|
||||
|
||||
build: $(BUILT_FILES)
|
||||
test -x runtest.sh || chmod a+x runtest.sh
|
||||
|
||||
clean:
|
||||
rm -f *~ $(BUILT_FILES)
|
||||
|
||||
|
||||
include /usr/share/rhts/lib/rhts-make.include
|
||||
|
||||
$(METADATA): Makefile
|
||||
@echo "Owner: Andrej Dzilsky <adzilsky@redhat.com>" > $(METADATA)
|
||||
@echo "Name: $(TEST)" >> $(METADATA)
|
||||
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
|
||||
@echo "Path: $(TEST_DIR)" >> $(METADATA)
|
||||
@echo "Description: Basic samba config check" >> $(METADATA)
|
||||
@echo "Type: Regression" >> $(METADATA)
|
||||
@echo "TestTime: 5m" >> $(METADATA)
|
||||
@echo "RunFor: samba" >> $(METADATA)
|
||||
@echo "Priority: Normal" >> $(METADATA)
|
||||
@echo "License: GPLv2+" >> $(METADATA)
|
||||
@echo "Confidential: no" >> $(METADATA)
|
||||
@echo "Destructive: no" >> $(METADATA)
|
||||
@echo "Bug: 1653890" >> $(METADATA)
|
||||
|
||||
rhts-lint $(METADATA)
|
@ -1,43 +0,0 @@
|
||||
#!/bin/bash
|
||||
# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# runtest.sh of gating test "testparm"
|
||||
# Description: Basic samba config check
|
||||
# Author: Andrej Dzilsky <adzilsky@redhat.com>
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Copyright (c) 2019 Red Hat, Inc.
|
||||
#
|
||||
# This program is free software: you can redistribute it and/or
|
||||
# modify it under the terms of the GNU General Public License as
|
||||
# published by the Free Software Foundation, either version 2 of
|
||||
# the License, or (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be
|
||||
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||
# PURPOSE. See the GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program. If not, see http://www.gnu.org/licenses/.
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
# Include Beaker environment
|
||||
. /usr/bin/rhts-environment.sh || exit 1
|
||||
. /usr/share/beakerlib/beakerlib.sh || exit 1
|
||||
|
||||
# From Andreas Schneider <asn@redhat.com>:
|
||||
# This is a basic test which makes sure the samba is installed and the default
|
||||
# smb.conf is available.
|
||||
|
||||
rlJournalStart
|
||||
|
||||
rlPhaseStartTest
|
||||
rlRun "testparm -v -s" 0 "testparm ends with expected output"
|
||||
rlPhaseEnd
|
||||
|
||||
rlJournalPrintText
|
||||
rlJournalEnd
|
@ -1,13 +0,0 @@
|
||||
---
|
||||
# This first play always runs on the local staging system
|
||||
- hosts: localhost
|
||||
roles:
|
||||
- role: standard-test-beakerlib
|
||||
tags:
|
||||
- classic
|
||||
tests:
|
||||
- testparm
|
||||
required_packages:
|
||||
- samba
|
||||
- samba-client
|
||||
- samba-common
|
Loading…
Reference in New Issue
Block a user