Update to Samba 4.8.0rc4

Guenther
This commit is contained in:
Günther Deschner 2018-03-02 11:15:22 +01:00
parent d1c03e5637
commit 872e9d79c7
5 changed files with 11 additions and 172 deletions

2
.gitignore vendored
View File

@ -117,3 +117,5 @@ samba-3.6.0pre1.tar.gz
/samba-4.8.0rc2.tar.asc
/samba-4.8.0rc3.tar.xz
/samba-4.8.0rc3.tar.asc
/samba-4.8.0rc4.tar.xz
/samba-4.8.0rc4.tar.asc

View File

@ -1,135 +0,0 @@
From f503bac8ac07b58a8377059922e3e56e28fc3e01 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <ab@samba.org>
Date: Tue, 24 Oct 2017 12:01:39 +0300
Subject: [PATCH] mit-kdb: support MIT Kerberos 1.16 KDB API changes
MIT Kerberos 1.16 adds ability to audit local and remote addresses
during AS_REQ processing. As result, audit_as_req callback signature
was changed to include the addresses and KDB API version was increased.
Change mit-kdb code to properly expose audit_as_req signature KDC
expects in 1.16 version. Also update #ifdefs to account for the new
KDB API version.
This commit does not add actual audit of the local and remote IP
addresses, it only makes it possible to compile against MIT Kerberos
1.16.
Signed-off-by: Alexander Bokovoy <ab@samba.org>
---
source4/kdc/mit-kdb/kdb_samba.h | 13 ++++++++-
source4/kdc/mit-kdb/kdb_samba_policies.c | 42 +++++++++++++++++++++---------
source4/kdc/mit-kdb/kdb_samba_principals.c | 2 +-
3 files changed, 42 insertions(+), 15 deletions(-)
diff --git a/source4/kdc/mit-kdb/kdb_samba.h b/source4/kdc/mit-kdb/kdb_samba.h
index abca2c166ae..b9c571f26cb 100644
--- a/source4/kdc/mit-kdb/kdb_samba.h
+++ b/source4/kdc/mit-kdb/kdb_samba.h
@@ -78,7 +78,7 @@ krb5_error_code kdb_samba_db_put_principal(krb5_context context,
krb5_error_code kdb_samba_db_delete_principal(krb5_context context,
krb5_const_principal princ);
-#if KRB5_KDB_API_VERSION == 8
+#if KRB5_KDB_API_VERSION >= 8
krb5_error_code kdb_samba_db_iterate(krb5_context context,
char *match_entry,
int (*func)(krb5_pointer, krb5_db_entry *),
@@ -148,12 +148,23 @@ krb5_error_code kdb_samba_db_check_allowed_to_delegate(krb5_context context,
const krb5_db_entry *server,
krb5_const_principal proxy);
+#if KRB5_KDB_API_VERSION >= 9
void kdb_samba_db_audit_as_req(krb5_context kcontext,
krb5_kdc_req *request,
+ const krb5_address *local_addr,
+ const krb5_address *remote_addr,
krb5_db_entry *client,
krb5_db_entry *server,
krb5_timestamp authtime,
krb5_error_code error_code);
+#else
+void kdb_samba_db_audit_as_req(krb5_context kcontext,
+ krb5_kdc_req *request,
+ krb5_db_entry *client,
+ krb5_db_entry *server,
+ krb5_timestamp authtime,
+ krb5_error_code error_code);
+#endif
/* from kdb_samba_change_pwd.c */
diff --git a/source4/kdc/mit-kdb/kdb_samba_policies.c b/source4/kdc/mit-kdb/kdb_samba_policies.c
index 81140abfd50..de5813bde2f 100644
--- a/source4/kdc/mit-kdb/kdb_samba_policies.c
+++ b/source4/kdc/mit-kdb/kdb_samba_policies.c
@@ -432,20 +432,10 @@ done:
return code;
}
-void kdb_samba_db_audit_as_req(krb5_context context,
- krb5_kdc_req *request,
- krb5_db_entry *client,
- krb5_db_entry *server,
- krb5_timestamp authtime,
- krb5_error_code error_code)
-{
- struct mit_samba_context *mit_ctx;
-
- mit_ctx = ks_get_context(context);
- if (mit_ctx == NULL) {
- return;
- }
+static void samba_bad_password_count(krb5_db_entry *client,
+ krb5_error_code error_code)
+{
switch (error_code) {
case 0:
mit_samba_zero_bad_password_count(client);
@@ -456,3 +446,29 @@ void kdb_samba_db_audit_as_req(krb5_context context,
break;
}
}
+
+#if KRB5_KDB_API_VERSION >= 9
+void kdb_samba_db_audit_as_req(krb5_context context,
+ krb5_kdc_req *request,
+ const krb5_address *local_addr,
+ const krb5_address *remote_addr,
+ krb5_db_entry *client,
+ krb5_db_entry *server,
+ krb5_timestamp authtime,
+ krb5_error_code error_code)
+{
+ samba_bad_password_count(client, error_code);
+
+ /* TODO: perform proper audit logging for addresses */
+}
+#else
+void kdb_samba_db_audit_as_req(krb5_context context,
+ krb5_kdc_req *request,
+ krb5_db_entry *client,
+ krb5_db_entry *server,
+ krb5_timestamp authtime,
+ krb5_error_code error_code)
+{
+ samba_bad_password_count(client, error_code);
+}
+#endif
diff --git a/source4/kdc/mit-kdb/kdb_samba_principals.c b/source4/kdc/mit-kdb/kdb_samba_principals.c
index 1dbb69b561d..8b67436dc47 100644
--- a/source4/kdc/mit-kdb/kdb_samba_principals.c
+++ b/source4/kdc/mit-kdb/kdb_samba_principals.c
@@ -308,7 +308,7 @@ krb5_error_code kdb_samba_db_delete_principal(krb5_context context,
return KRB5_KDB_DB_INUSE;
}
-#if KRB5_KDB_API_VERSION == 8
+#if KRB5_KDB_API_VERSION >= 8
krb5_error_code kdb_samba_db_iterate(krb5_context context,
char *match_entry,
int (*func)(krb5_pointer, krb5_db_entry *),
--
2.13.6

View File

@ -1,28 +0,0 @@
From ebae8df5e4b955f235cdeb629e99d32d35766d65 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
Date: Mon, 15 Jan 2018 23:20:39 +0100
Subject: [PATCH] FIXME: build: fix libceph-common detection
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
---
source3/wscript | 2 ++
1 file changed, 2 insertions(+)
diff --git a/source3/wscript b/source3/wscript
index 0f8fe5452da..4eba0103be8 100644
--- a/source3/wscript
+++ b/source3/wscript
@@ -1540,6 +1540,8 @@ main() {
conf.env['CPPPATH_CEPHFS'] = Options.options.libcephfs_dir + '/include'
conf.env['LIBPATH_CEPHFS'] = Options.options.libcephfs_dir + '/lib'
conf.env['LIBPATH_CEPH-COMMON'] = Options.options.libcephfs_dir + '/lib/ceph'
+ else:
+ conf.env['LIBPATH_CEPH-COMMON'] = Options.options.LIBDIR + '/ceph'
if (Options.options.with_cephfs and
conf.CHECK_HEADERS('cephfs/libcephfs.h', False, False, 'cephfs') and
--
2.14.3

View File

@ -6,15 +6,15 @@
# ctdb is enabled by default, you can disable it with: --without clustering
%bcond_without clustering
%define main_release 4
%define main_release 5
%define samba_version 4.8.0
%define talloc_version 2.1.11
%define tdb_version 1.3.15
%define tevent_version 0.9.35
%define ldb_version 1.3.1
%define tevent_version 0.9.36
%define ldb_version 1.3.2
# This should be rc1 or nil
%define pre_release rc3
%define pre_release rc4
%if "x%{?pre_release}" != "x"
%define samba_release 0.%{main_release}.%{pre_release}%{?dist}
@ -122,9 +122,6 @@ Source14: samba.pamd
Source200: README.dc
Source201: README.downgrade
Patch1: samba-4.7.0-support-krb5-1.16.patch
Patch3: samba-4.8.0-ceph.patch
Requires(pre): /usr/sbin/groupadd
Requires(post): systemd
Requires(preun): systemd
@ -3553,6 +3550,9 @@ fi
%endif # with_clustering_support
%changelog
* Fri Mar 02 2018 Guenther Deschner <gdeschner@redhat.com> - 4.8.0rc4-5
- Update to Samba 4.8.0rc4
* Mon Feb 12 2018 Guenther Deschner <gdeschner@redhat.com> - 4.8.0rc3-4
- Update to Samba 4.8.0rc3

View File

@ -1,2 +1,2 @@
SHA512 (samba-4.8.0rc3.tar.xz) = 41c1e1d991316f6b8b53a94129554f7831259ce02cbd21f558d580e6565c4ff27bc63d580f9c58f452ceeb533f5c9e62ec8b194addd94a3190f3c617e456a99e
SHA512 (samba-4.8.0rc3.tar.asc) = c4b89b367438ba85e862881aafcbca263c56e6ef9055239c084b229f9092f99b465acbab928f8c3a1cb4aabef3070346dc59eda11b6769b7408c58508597d583
SHA512 (samba-4.8.0rc4.tar.xz) = c4116a3997b874f94b31faae75f543f36d2ae44a9638acb5e8e3b757160ec8cacecc4c1db67c5aa8fc61da2989b05ca1ddfb335d4886ce22cf82d90c1bb4c58a
SHA512 (samba-4.8.0rc4.tar.asc) = 74bcb2c37330be53ad5ad83017b3f548afdebc7ecefbc38944b117776b11968d816a339b7840ba2b54d13fc3ef832faf3dd435f76e6293cc7a83204ba497f5d1