Update to Samba 4.8.0rc4
Guenther
This commit is contained in:
parent
d1c03e5637
commit
872e9d79c7
2
.gitignore
vendored
2
.gitignore
vendored
@ -117,3 +117,5 @@ samba-3.6.0pre1.tar.gz
|
||||
/samba-4.8.0rc2.tar.asc
|
||||
/samba-4.8.0rc3.tar.xz
|
||||
/samba-4.8.0rc3.tar.asc
|
||||
/samba-4.8.0rc4.tar.xz
|
||||
/samba-4.8.0rc4.tar.asc
|
||||
|
@ -1,135 +0,0 @@
|
||||
From f503bac8ac07b58a8377059922e3e56e28fc3e01 Mon Sep 17 00:00:00 2001
|
||||
From: Alexander Bokovoy <ab@samba.org>
|
||||
Date: Tue, 24 Oct 2017 12:01:39 +0300
|
||||
Subject: [PATCH] mit-kdb: support MIT Kerberos 1.16 KDB API changes
|
||||
|
||||
MIT Kerberos 1.16 adds ability to audit local and remote addresses
|
||||
during AS_REQ processing. As result, audit_as_req callback signature
|
||||
was changed to include the addresses and KDB API version was increased.
|
||||
|
||||
Change mit-kdb code to properly expose audit_as_req signature KDC
|
||||
expects in 1.16 version. Also update #ifdefs to account for the new
|
||||
KDB API version.
|
||||
|
||||
This commit does not add actual audit of the local and remote IP
|
||||
addresses, it only makes it possible to compile against MIT Kerberos
|
||||
1.16.
|
||||
|
||||
Signed-off-by: Alexander Bokovoy <ab@samba.org>
|
||||
---
|
||||
source4/kdc/mit-kdb/kdb_samba.h | 13 ++++++++-
|
||||
source4/kdc/mit-kdb/kdb_samba_policies.c | 42 +++++++++++++++++++++---------
|
||||
source4/kdc/mit-kdb/kdb_samba_principals.c | 2 +-
|
||||
3 files changed, 42 insertions(+), 15 deletions(-)
|
||||
|
||||
diff --git a/source4/kdc/mit-kdb/kdb_samba.h b/source4/kdc/mit-kdb/kdb_samba.h
|
||||
index abca2c166ae..b9c571f26cb 100644
|
||||
--- a/source4/kdc/mit-kdb/kdb_samba.h
|
||||
+++ b/source4/kdc/mit-kdb/kdb_samba.h
|
||||
@@ -78,7 +78,7 @@ krb5_error_code kdb_samba_db_put_principal(krb5_context context,
|
||||
krb5_error_code kdb_samba_db_delete_principal(krb5_context context,
|
||||
krb5_const_principal princ);
|
||||
|
||||
-#if KRB5_KDB_API_VERSION == 8
|
||||
+#if KRB5_KDB_API_VERSION >= 8
|
||||
krb5_error_code kdb_samba_db_iterate(krb5_context context,
|
||||
char *match_entry,
|
||||
int (*func)(krb5_pointer, krb5_db_entry *),
|
||||
@@ -148,12 +148,23 @@ krb5_error_code kdb_samba_db_check_allowed_to_delegate(krb5_context context,
|
||||
const krb5_db_entry *server,
|
||||
krb5_const_principal proxy);
|
||||
|
||||
+#if KRB5_KDB_API_VERSION >= 9
|
||||
void kdb_samba_db_audit_as_req(krb5_context kcontext,
|
||||
krb5_kdc_req *request,
|
||||
+ const krb5_address *local_addr,
|
||||
+ const krb5_address *remote_addr,
|
||||
krb5_db_entry *client,
|
||||
krb5_db_entry *server,
|
||||
krb5_timestamp authtime,
|
||||
krb5_error_code error_code);
|
||||
+#else
|
||||
+void kdb_samba_db_audit_as_req(krb5_context kcontext,
|
||||
+ krb5_kdc_req *request,
|
||||
+ krb5_db_entry *client,
|
||||
+ krb5_db_entry *server,
|
||||
+ krb5_timestamp authtime,
|
||||
+ krb5_error_code error_code);
|
||||
+#endif
|
||||
|
||||
/* from kdb_samba_change_pwd.c */
|
||||
|
||||
diff --git a/source4/kdc/mit-kdb/kdb_samba_policies.c b/source4/kdc/mit-kdb/kdb_samba_policies.c
|
||||
index 81140abfd50..de5813bde2f 100644
|
||||
--- a/source4/kdc/mit-kdb/kdb_samba_policies.c
|
||||
+++ b/source4/kdc/mit-kdb/kdb_samba_policies.c
|
||||
@@ -432,20 +432,10 @@ done:
|
||||
return code;
|
||||
}
|
||||
|
||||
-void kdb_samba_db_audit_as_req(krb5_context context,
|
||||
- krb5_kdc_req *request,
|
||||
- krb5_db_entry *client,
|
||||
- krb5_db_entry *server,
|
||||
- krb5_timestamp authtime,
|
||||
- krb5_error_code error_code)
|
||||
-{
|
||||
- struct mit_samba_context *mit_ctx;
|
||||
-
|
||||
- mit_ctx = ks_get_context(context);
|
||||
- if (mit_ctx == NULL) {
|
||||
- return;
|
||||
- }
|
||||
|
||||
+static void samba_bad_password_count(krb5_db_entry *client,
|
||||
+ krb5_error_code error_code)
|
||||
+{
|
||||
switch (error_code) {
|
||||
case 0:
|
||||
mit_samba_zero_bad_password_count(client);
|
||||
@@ -456,3 +446,29 @@ void kdb_samba_db_audit_as_req(krb5_context context,
|
||||
break;
|
||||
}
|
||||
}
|
||||
+
|
||||
+#if KRB5_KDB_API_VERSION >= 9
|
||||
+void kdb_samba_db_audit_as_req(krb5_context context,
|
||||
+ krb5_kdc_req *request,
|
||||
+ const krb5_address *local_addr,
|
||||
+ const krb5_address *remote_addr,
|
||||
+ krb5_db_entry *client,
|
||||
+ krb5_db_entry *server,
|
||||
+ krb5_timestamp authtime,
|
||||
+ krb5_error_code error_code)
|
||||
+{
|
||||
+ samba_bad_password_count(client, error_code);
|
||||
+
|
||||
+ /* TODO: perform proper audit logging for addresses */
|
||||
+}
|
||||
+#else
|
||||
+void kdb_samba_db_audit_as_req(krb5_context context,
|
||||
+ krb5_kdc_req *request,
|
||||
+ krb5_db_entry *client,
|
||||
+ krb5_db_entry *server,
|
||||
+ krb5_timestamp authtime,
|
||||
+ krb5_error_code error_code)
|
||||
+{
|
||||
+ samba_bad_password_count(client, error_code);
|
||||
+}
|
||||
+#endif
|
||||
diff --git a/source4/kdc/mit-kdb/kdb_samba_principals.c b/source4/kdc/mit-kdb/kdb_samba_principals.c
|
||||
index 1dbb69b561d..8b67436dc47 100644
|
||||
--- a/source4/kdc/mit-kdb/kdb_samba_principals.c
|
||||
+++ b/source4/kdc/mit-kdb/kdb_samba_principals.c
|
||||
@@ -308,7 +308,7 @@ krb5_error_code kdb_samba_db_delete_principal(krb5_context context,
|
||||
return KRB5_KDB_DB_INUSE;
|
||||
}
|
||||
|
||||
-#if KRB5_KDB_API_VERSION == 8
|
||||
+#if KRB5_KDB_API_VERSION >= 8
|
||||
krb5_error_code kdb_samba_db_iterate(krb5_context context,
|
||||
char *match_entry,
|
||||
int (*func)(krb5_pointer, krb5_db_entry *),
|
||||
--
|
||||
2.13.6
|
||||
|
@ -1,28 +0,0 @@
|
||||
From ebae8df5e4b955f235cdeb629e99d32d35766d65 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
|
||||
Date: Mon, 15 Jan 2018 23:20:39 +0100
|
||||
Subject: [PATCH] FIXME: build: fix libceph-common detection
|
||||
|
||||
Guenther
|
||||
|
||||
Signed-off-by: Guenther Deschner <gd@samba.org>
|
||||
---
|
||||
source3/wscript | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/source3/wscript b/source3/wscript
|
||||
index 0f8fe5452da..4eba0103be8 100644
|
||||
--- a/source3/wscript
|
||||
+++ b/source3/wscript
|
||||
@@ -1540,6 +1540,8 @@ main() {
|
||||
conf.env['CPPPATH_CEPHFS'] = Options.options.libcephfs_dir + '/include'
|
||||
conf.env['LIBPATH_CEPHFS'] = Options.options.libcephfs_dir + '/lib'
|
||||
conf.env['LIBPATH_CEPH-COMMON'] = Options.options.libcephfs_dir + '/lib/ceph'
|
||||
+ else:
|
||||
+ conf.env['LIBPATH_CEPH-COMMON'] = Options.options.LIBDIR + '/ceph'
|
||||
|
||||
if (Options.options.with_cephfs and
|
||||
conf.CHECK_HEADERS('cephfs/libcephfs.h', False, False, 'cephfs') and
|
||||
--
|
||||
2.14.3
|
||||
|
14
samba.spec
14
samba.spec
@ -6,15 +6,15 @@
|
||||
# ctdb is enabled by default, you can disable it with: --without clustering
|
||||
%bcond_without clustering
|
||||
|
||||
%define main_release 4
|
||||
%define main_release 5
|
||||
|
||||
%define samba_version 4.8.0
|
||||
%define talloc_version 2.1.11
|
||||
%define tdb_version 1.3.15
|
||||
%define tevent_version 0.9.35
|
||||
%define ldb_version 1.3.1
|
||||
%define tevent_version 0.9.36
|
||||
%define ldb_version 1.3.2
|
||||
# This should be rc1 or nil
|
||||
%define pre_release rc3
|
||||
%define pre_release rc4
|
||||
|
||||
%if "x%{?pre_release}" != "x"
|
||||
%define samba_release 0.%{main_release}.%{pre_release}%{?dist}
|
||||
@ -122,9 +122,6 @@ Source14: samba.pamd
|
||||
Source200: README.dc
|
||||
Source201: README.downgrade
|
||||
|
||||
Patch1: samba-4.7.0-support-krb5-1.16.patch
|
||||
Patch3: samba-4.8.0-ceph.patch
|
||||
|
||||
Requires(pre): /usr/sbin/groupadd
|
||||
Requires(post): systemd
|
||||
Requires(preun): systemd
|
||||
@ -3553,6 +3550,9 @@ fi
|
||||
%endif # with_clustering_support
|
||||
|
||||
%changelog
|
||||
* Fri Mar 02 2018 Guenther Deschner <gdeschner@redhat.com> - 4.8.0rc4-5
|
||||
- Update to Samba 4.8.0rc4
|
||||
|
||||
* Mon Feb 12 2018 Guenther Deschner <gdeschner@redhat.com> - 4.8.0rc3-4
|
||||
- Update to Samba 4.8.0rc3
|
||||
|
||||
|
4
sources
4
sources
@ -1,2 +1,2 @@
|
||||
SHA512 (samba-4.8.0rc3.tar.xz) = 41c1e1d991316f6b8b53a94129554f7831259ce02cbd21f558d580e6565c4ff27bc63d580f9c58f452ceeb533f5c9e62ec8b194addd94a3190f3c617e456a99e
|
||||
SHA512 (samba-4.8.0rc3.tar.asc) = c4b89b367438ba85e862881aafcbca263c56e6ef9055239c084b229f9092f99b465acbab928f8c3a1cb4aabef3070346dc59eda11b6769b7408c58508597d583
|
||||
SHA512 (samba-4.8.0rc4.tar.xz) = c4116a3997b874f94b31faae75f543f36d2ae44a9638acb5e8e3b757160ec8cacecc4c1db67c5aa8fc61da2989b05ca1ddfb335d4886ce22cf82d90c1bb4c58a
|
||||
SHA512 (samba-4.8.0rc4.tar.asc) = 74bcb2c37330be53ad5ad83017b3f548afdebc7ecefbc38944b117776b11968d816a339b7840ba2b54d13fc3ef832faf3dd435f76e6293cc7a83204ba497f5d1
|
||||
|
Loading…
Reference in New Issue
Block a user