diff --git a/.gitignore b/.gitignore index 73b40d5..4471443 100644 --- a/.gitignore +++ b/.gitignore @@ -14,3 +14,4 @@ samba-3.6.0pre1.tar.gz /samba-3.6.7.tar.gz /samba-4.0.0rc1.tar.bz2 /samba-4.0.0rc2.tar.bz2 +/samba-4.0.0rc3.tar.bz2 diff --git a/samba-4.0.0rc3-add_aes_enctypes_to_krb5_conf.patch b/samba-4.0.0rc3-add_aes_enctypes_to_krb5_conf.patch deleted file mode 100644 index f34cef2..0000000 --- a/samba-4.0.0rc3-add_aes_enctypes_to_krb5_conf.patch +++ /dev/null @@ -1,64 +0,0 @@ -commit 06f3b1f0b0dcf9355a8d634cdb62f1f0a8ea4dbe -Author: Günther Deschner -AuthorDate: Mon Dec 19 10:52:58 2011 +0100 -Commit: Günther Deschner -CommitDate: Tue Oct 2 16:22:31 2012 +0200 - - s3-kerberos: add aes enctypes to generated krb5.conf. - - Guenther ---- - source3/libads/kerberos.c | 29 ++++++++++++++++++++++++----- - 1 file changed, 24 insertions(+), 5 deletions(-) - -diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c -index fd39394..3183e26 100644 ---- a/source3/libads/kerberos.c -+++ b/source3/libads/kerberos.c -@@ -831,6 +831,7 @@ bool create_local_private_krb5_conf_for_domain(const char *realm, - int fd; - char *realm_upper = NULL; - bool result = false; -+ char *aes_enctypes = NULL; - - if (!lp_create_krb5_conf()) { - return false; -@@ -870,15 +871,33 @@ bool create_local_private_krb5_conf_for_domain(const char *realm, - goto done; - } - -- /* FIXME: add aes here - gd */ -+ aes_enctypes = talloc_strdup(fname, ""); -+ if (aes_enctypes == NULL) { -+ goto done; -+ } -+ -+#ifdef HAVE_ENCTYPE_AES256_CTS_HMAC_SHA1_96 -+ aes_enctypes = talloc_asprintf_append(aes_enctypes, "%s", "aes256-cts-hmac-sha1-96 "); -+ if (aes_enctypes == NULL) { -+ goto done; -+ } -+#endif -+#ifdef HAVE_ENCTYPE_AES128_CTS_HMAC_SHA1_96 -+ aes_enctypes = talloc_asprintf_append(aes_enctypes, "%s", "aes128-cts-hmac-sha1-96"); -+ if (aes_enctypes == NULL) { -+ goto done; -+ } -+#endif -+ - file_contents = talloc_asprintf(fname, - "[libdefaults]\n\tdefault_realm = %s\n" -- "\tdefault_tgs_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5\n" -- "\tdefault_tkt_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5\n" -- "\tpreferred_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5\n\n" -+ "\tdefault_tgs_enctypes = %s RC4-HMAC DES-CBC-CRC DES-CBC-MD5\n" -+ "\tdefault_tkt_enctypes = %s RC4-HMAC DES-CBC-CRC DES-CBC-MD5\n" -+ "\tpreferred_enctypes = %s RC4-HMAC DES-CBC-CRC DES-CBC-MD5\n\n" - "[realms]\n\t%s = {\n" - "\t%s\t}\n", -- realm_upper, realm_upper, kdc_ip_string); -+ realm_upper, aes_enctypes, aes_enctypes, aes_enctypes, -+ realm_upper, kdc_ip_string); - - if (!file_contents) { - goto done; diff --git a/samba-4.0.0rc3-fix_pam_smbpass_option.patch b/samba-4.0.0rc3-fix_pam_smbpass_option.patch deleted file mode 100644 index 3df3aab..0000000 --- a/samba-4.0.0rc3-fix_pam_smbpass_option.patch +++ /dev/null @@ -1,38 +0,0 @@ -commit fb3cf6c24270d22dad8ac9a1c12e8d77c8189f11 -Author: Andreas Schneider -AuthorDate: Tue Oct 2 14:25:40 2012 +0200 -Commit: Andreas Schneider -CommitDate: Thu Oct 4 10:20:35 2012 +0200 - - waf: Build pam_smbpass module only if enabled. ---- - source3/pam_smbpass/wscript_build | 3 ++- - source3/wscript | 3 +++ - 2 files changed, 5 insertions(+), 1 deletion(-) - -diff --git a/source3/pam_smbpass/wscript_build b/source3/pam_smbpass/wscript_build -index 70b21d5..a2a2d01 100644 ---- a/source3/pam_smbpass/wscript_build -+++ b/source3/pam_smbpass/wscript_build -@@ -10,5 +10,6 @@ if bld.CONFIG_SET('WITH_PAM_MODULES'): - LIBNTLMSSP LIBTSOCKET''', - cflags='-DLOCALEDIR=\"%s/locale\"' % bld.env.DATADIR, - realname='pam_smbpass.so', -- install_path='${PAMMODULESDIR}' -+ install_path='${PAMMODULESDIR}', -+ enabled=bld.env.with_pam_smbpass - ) -diff --git a/source3/wscript b/source3/wscript -index 765f761..e4898ef 100644 ---- a/source3/wscript -+++ b/source3/wscript -@@ -762,6 +762,9 @@ int i; i = PAM_RADIO_TYPE; - conf.DEFINE('WITH_PAM', 1) - conf.DEFINE('WITH_PAM_MODULES', 1) - -+ if Options.options.with_pam_smbpass: -+ conf.env.with_pam_smbpass = True -+ - seteuid = False - - # diff --git a/samba-4.0.0rc3-fix_printing_init.patch b/samba-4.0.0rc3-fix_printing_init.patch deleted file mode 100644 index 8179241..0000000 --- a/samba-4.0.0rc3-fix_printing_init.patch +++ /dev/null @@ -1,40 +0,0 @@ -commit 50de2c9bbbc25074f022b4b2cf9d49f8e9a53e01 -Author: Andreas Schneider -AuthorDate: Tue Oct 2 15:51:08 2012 +0200 -Commit: Andreas Schneider -CommitDate: Thu Oct 4 12:06:29 2012 +0200 - - s3fs-smbd: Make sure the registry is set up before we init printing. - - Autobuild-User(master): Andreas Schneider - Autobuild-Date(master): Thu Oct 4 12:06:29 CEST 2012 on sn-devel-104 ---- - source3/smbd/server.c | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/source3/smbd/server.c b/source3/smbd/server.c -index 90bbb62..7dad13b 100644 ---- a/source3/smbd/server.c -+++ b/source3/smbd/server.c -@@ -1471,6 +1471,10 @@ extern void build_options(bool screen); - } - } - -+ if (!dcesrv_ep_setup(ev_ctx, msg_ctx)) { -+ exit(1); -+ } -+ - /* only start other daemons if we are running as a daemon - * -- bad things will happen if smbd is launched via inetd - * and we fork a copy of ourselves here */ -@@ -1495,10 +1499,6 @@ extern void build_options(bool screen); - } - } - -- if (!dcesrv_ep_setup(ev_ctx, msg_ctx)) { -- exit(1); -- } -- - if (!is_daemon) { - int sock; - diff --git a/samba-4.0.0rc3-request_aes_krb_keys.patch b/samba-4.0.0rc3-request_aes_krb_keys.patch deleted file mode 100644 index 31391f8..0000000 --- a/samba-4.0.0rc3-request_aes_krb_keys.patch +++ /dev/null @@ -1,65 +0,0 @@ -commit eae33e96fcaa456830862325b91579faf2a96213 -Author: Günther Deschner -AuthorDate: Thu Dec 15 18:12:41 2011 +0100 -Commit: Günther Deschner -CommitDate: Tue Oct 2 16:22:31 2012 +0200 - - s3-krb5: use and request AES keys in kerberos operations. - - Guenther ---- - lib/krb5_wrap/krb5_samba.c | 6 ++++++ - source3/libads/kerberos.c | 1 + - source3/libads/kerberos_keytab.c | 8 +++++++- - 3 files changed, 14 insertions(+), 1 deletion(-) - -diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c -index 1a5a710..8037337 100644 ---- a/lib/krb5_wrap/krb5_samba.c -+++ b/lib/krb5_wrap/krb5_samba.c -@@ -688,6 +688,12 @@ int cli_krb5_get_ticket(TALLOC_CTX *mem_ctx, - ENCTYPE_ARCFOUR_HMAC, - ENCTYPE_DES_CBC_MD5, - ENCTYPE_DES_CBC_CRC, -+#ifdef HAVE_ENCTYPE_AES128_CTS_HMAC_SHA1_96 -+ ENCTYPE_AES128_CTS_HMAC_SHA1_96, -+#endif -+#ifdef HAVE_ENCTYPE_AES256_CTS_HMAC_SHA1_96 -+ ENCTYPE_AES256_CTS_HMAC_SHA1_96, -+#endif - ENCTYPE_NULL}; - - initialize_krb5_error_table(); -diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c -index 1093d12..fd39394 100644 ---- a/source3/libads/kerberos.c -+++ b/source3/libads/kerberos.c -@@ -870,6 +870,7 @@ bool create_local_private_krb5_conf_for_domain(const char *realm, - goto done; - } - -+ /* FIXME: add aes here - gd */ - file_contents = talloc_asprintf(fname, - "[libdefaults]\n\tdefault_realm = %s\n" - "\tdefault_tgs_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5\n" -diff --git a/source3/libads/kerberos_keytab.c b/source3/libads/kerberos_keytab.c -index eb2603b..b7df50d 100644 ---- a/source3/libads/kerberos_keytab.c -+++ b/source3/libads/kerberos_keytab.c -@@ -263,9 +263,15 @@ int ads_keytab_add_entry(ADS_STRUCT *ads, const char *srvPrinc) - krb5_keytab keytab = NULL; - krb5_data password; - krb5_kvno kvno; -- krb5_enctype enctypes[4] = { -+ krb5_enctype enctypes[6] = { - ENCTYPE_DES_CBC_CRC, - ENCTYPE_DES_CBC_MD5, -+#ifdef HAVE_ENCTYPE_AES128_CTS_HMAC_SHA1_96 -+ ENCTYPE_AES128_CTS_HMAC_SHA1_96, -+#endif -+#ifdef HAVE_ENCTYPE_AES256_CTS_HMAC_SHA1_96 -+ ENCTYPE_AES256_CTS_HMAC_SHA1_96, -+#endif - ENCTYPE_ARCFOUR_HMAC, - 0 - }; diff --git a/samba.spec b/samba.spec index f6ac197..4c1527c 100644 --- a/samba.spec +++ b/samba.spec @@ -1,4 +1,4 @@ -%define main_release 153 +%define main_release 154 %define samba_version 4.0.0 %define talloc_version 2.0.7 @@ -6,7 +6,7 @@ %define tdb_version 1.2.10 %define tevent_version 0.9.17 %define ldb_version 1.1.12 -%define pre_release rc2 +%define pre_release rc3 %define samba_release %{main_release}%{?dist}.%{pre_release} @@ -65,11 +65,6 @@ Source100: smbprint Source200: README.dc Source201: README.downgrade -Patch0: samba-4.0.0rc3-request_aes_krb_keys.patch -Patch1: samba-4.0.0rc3-add_aes_enctypes_to_krb5_conf.patch -Patch2: samba-4.0.0rc3-fix_pam_smbpass_option.patch -Patch3: samba-4.0.0rc3-fix_printing_init.patch - BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) Requires(pre): /usr/sbin/groupadd @@ -393,11 +388,6 @@ link against the SMB, RPC and other protocols. %prep %setup -q -n samba-%{version}%{pre_release} -%patch0 -p1 -b .request_aes_krb_keys -%patch1 -p1 -b .add_aes_enctypes_to_krb5_conf -%patch2 -p1 -b .fix_pam_smbpass_option -%patch3 -p1 -b .fix_printing_init - %build %global _talloc_lib ,talloc,pytalloc,pytalloc-util %global _tevent_lib ,tevent,pytevent @@ -1283,15 +1273,20 @@ rm -rf %{buildroot} %endif # with_libwbclient %changelog -* Wed Oct 10 2012 - Alexander Bokovoy - 2:4.0.0-153.rc1 +* Tue Oct 16 2012 - Andreas Schneider - 2:4.0.0-154.rc3 +- Update to 4.0.0rc3. +- resolves: #805562 - Unable to share print queues. +- resolves: #863388 - Unable to reload smbd configuration with systemctl. + +* Wed Oct 10 2012 - Alexander Bokovoy - 2:4.0.0-153.rc2 - Use alternatives to configure winbind_krb5_locator.so - Fix Requires for winbind. -* Thu Oct 04 2012 - Andreas Schneider - 2:4.0.0-152.rc1 +* Thu Oct 04 2012 - Andreas Schneider - 2:4.0.0-152.rc2 - Add kerberos AES support. - Fix printing initialization. -* Tue Oct 02 2012 - Andreas Schneider - 2:4.0.0-151.rc1 +* Tue Oct 02 2012 - Andreas Schneider - 2:4.0.0-151.rc2 - Update to 4.0.0rc2. * Wed Sep 26 2012 - Andreas Schneider - 2:4.0.0-150.rc1 diff --git a/sources b/sources index f6d7f34..4b53f0a 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -f55716677b19969e22bf5573be6bee10 samba-4.0.0rc2.tar.bz2 +147cad905cb3e2fb6706566907d2481a samba-4.0.0rc3.tar.bz2