diff --git a/.gitignore b/.gitignore index 6b9ff1e..977edb3 100644 --- a/.gitignore +++ b/.gitignore @@ -117,3 +117,5 @@ samba-3.6.0pre1.tar.gz /samba-4.8.0rc2.tar.asc /samba-4.8.0rc3.tar.xz /samba-4.8.0rc3.tar.asc +/samba-4.8.0rc4.tar.xz +/samba-4.8.0rc4.tar.asc diff --git a/samba-4.7.0-support-krb5-1.16.patch b/samba-4.7.0-support-krb5-1.16.patch deleted file mode 100644 index bc8cb48..0000000 --- a/samba-4.7.0-support-krb5-1.16.patch +++ /dev/null @@ -1,135 +0,0 @@ -From f503bac8ac07b58a8377059922e3e56e28fc3e01 Mon Sep 17 00:00:00 2001 -From: Alexander Bokovoy -Date: Tue, 24 Oct 2017 12:01:39 +0300 -Subject: [PATCH] mit-kdb: support MIT Kerberos 1.16 KDB API changes - -MIT Kerberos 1.16 adds ability to audit local and remote addresses -during AS_REQ processing. As result, audit_as_req callback signature -was changed to include the addresses and KDB API version was increased. - -Change mit-kdb code to properly expose audit_as_req signature KDC -expects in 1.16 version. Also update #ifdefs to account for the new -KDB API version. - -This commit does not add actual audit of the local and remote IP -addresses, it only makes it possible to compile against MIT Kerberos -1.16. - -Signed-off-by: Alexander Bokovoy ---- - source4/kdc/mit-kdb/kdb_samba.h | 13 ++++++++- - source4/kdc/mit-kdb/kdb_samba_policies.c | 42 +++++++++++++++++++++--------- - source4/kdc/mit-kdb/kdb_samba_principals.c | 2 +- - 3 files changed, 42 insertions(+), 15 deletions(-) - -diff --git a/source4/kdc/mit-kdb/kdb_samba.h b/source4/kdc/mit-kdb/kdb_samba.h -index abca2c166ae..b9c571f26cb 100644 ---- a/source4/kdc/mit-kdb/kdb_samba.h -+++ b/source4/kdc/mit-kdb/kdb_samba.h -@@ -78,7 +78,7 @@ krb5_error_code kdb_samba_db_put_principal(krb5_context context, - krb5_error_code kdb_samba_db_delete_principal(krb5_context context, - krb5_const_principal princ); - --#if KRB5_KDB_API_VERSION == 8 -+#if KRB5_KDB_API_VERSION >= 8 - krb5_error_code kdb_samba_db_iterate(krb5_context context, - char *match_entry, - int (*func)(krb5_pointer, krb5_db_entry *), -@@ -148,12 +148,23 @@ krb5_error_code kdb_samba_db_check_allowed_to_delegate(krb5_context context, - const krb5_db_entry *server, - krb5_const_principal proxy); - -+#if KRB5_KDB_API_VERSION >= 9 - void kdb_samba_db_audit_as_req(krb5_context kcontext, - krb5_kdc_req *request, -+ const krb5_address *local_addr, -+ const krb5_address *remote_addr, - krb5_db_entry *client, - krb5_db_entry *server, - krb5_timestamp authtime, - krb5_error_code error_code); -+#else -+void kdb_samba_db_audit_as_req(krb5_context kcontext, -+ krb5_kdc_req *request, -+ krb5_db_entry *client, -+ krb5_db_entry *server, -+ krb5_timestamp authtime, -+ krb5_error_code error_code); -+#endif - - /* from kdb_samba_change_pwd.c */ - -diff --git a/source4/kdc/mit-kdb/kdb_samba_policies.c b/source4/kdc/mit-kdb/kdb_samba_policies.c -index 81140abfd50..de5813bde2f 100644 ---- a/source4/kdc/mit-kdb/kdb_samba_policies.c -+++ b/source4/kdc/mit-kdb/kdb_samba_policies.c -@@ -432,20 +432,10 @@ done: - return code; - } - --void kdb_samba_db_audit_as_req(krb5_context context, -- krb5_kdc_req *request, -- krb5_db_entry *client, -- krb5_db_entry *server, -- krb5_timestamp authtime, -- krb5_error_code error_code) --{ -- struct mit_samba_context *mit_ctx; -- -- mit_ctx = ks_get_context(context); -- if (mit_ctx == NULL) { -- return; -- } - -+static void samba_bad_password_count(krb5_db_entry *client, -+ krb5_error_code error_code) -+{ - switch (error_code) { - case 0: - mit_samba_zero_bad_password_count(client); -@@ -456,3 +446,29 @@ void kdb_samba_db_audit_as_req(krb5_context context, - break; - } - } -+ -+#if KRB5_KDB_API_VERSION >= 9 -+void kdb_samba_db_audit_as_req(krb5_context context, -+ krb5_kdc_req *request, -+ const krb5_address *local_addr, -+ const krb5_address *remote_addr, -+ krb5_db_entry *client, -+ krb5_db_entry *server, -+ krb5_timestamp authtime, -+ krb5_error_code error_code) -+{ -+ samba_bad_password_count(client, error_code); -+ -+ /* TODO: perform proper audit logging for addresses */ -+} -+#else -+void kdb_samba_db_audit_as_req(krb5_context context, -+ krb5_kdc_req *request, -+ krb5_db_entry *client, -+ krb5_db_entry *server, -+ krb5_timestamp authtime, -+ krb5_error_code error_code) -+{ -+ samba_bad_password_count(client, error_code); -+} -+#endif -diff --git a/source4/kdc/mit-kdb/kdb_samba_principals.c b/source4/kdc/mit-kdb/kdb_samba_principals.c -index 1dbb69b561d..8b67436dc47 100644 ---- a/source4/kdc/mit-kdb/kdb_samba_principals.c -+++ b/source4/kdc/mit-kdb/kdb_samba_principals.c -@@ -308,7 +308,7 @@ krb5_error_code kdb_samba_db_delete_principal(krb5_context context, - return KRB5_KDB_DB_INUSE; - } - --#if KRB5_KDB_API_VERSION == 8 -+#if KRB5_KDB_API_VERSION >= 8 - krb5_error_code kdb_samba_db_iterate(krb5_context context, - char *match_entry, - int (*func)(krb5_pointer, krb5_db_entry *), --- -2.13.6 - diff --git a/samba-4.8.0-ceph.patch b/samba-4.8.0-ceph.patch deleted file mode 100644 index d479d2b..0000000 --- a/samba-4.8.0-ceph.patch +++ /dev/null @@ -1,28 +0,0 @@ -From ebae8df5e4b955f235cdeb629e99d32d35766d65 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?G=C3=BCnther=20Deschner?= -Date: Mon, 15 Jan 2018 23:20:39 +0100 -Subject: [PATCH] FIXME: build: fix libceph-common detection - -Guenther - -Signed-off-by: Guenther Deschner ---- - source3/wscript | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/source3/wscript b/source3/wscript -index 0f8fe5452da..4eba0103be8 100644 ---- a/source3/wscript -+++ b/source3/wscript -@@ -1540,6 +1540,8 @@ main() { - conf.env['CPPPATH_CEPHFS'] = Options.options.libcephfs_dir + '/include' - conf.env['LIBPATH_CEPHFS'] = Options.options.libcephfs_dir + '/lib' - conf.env['LIBPATH_CEPH-COMMON'] = Options.options.libcephfs_dir + '/lib/ceph' -+ else: -+ conf.env['LIBPATH_CEPH-COMMON'] = Options.options.LIBDIR + '/ceph' - - if (Options.options.with_cephfs and - conf.CHECK_HEADERS('cephfs/libcephfs.h', False, False, 'cephfs') and --- -2.14.3 - diff --git a/samba.spec b/samba.spec index 870ea3c..bcb3341 100644 --- a/samba.spec +++ b/samba.spec @@ -6,15 +6,15 @@ # ctdb is enabled by default, you can disable it with: --without clustering %bcond_without clustering -%define main_release 4 +%define main_release 5 %define samba_version 4.8.0 %define talloc_version 2.1.11 %define tdb_version 1.3.15 -%define tevent_version 0.9.35 -%define ldb_version 1.3.1 +%define tevent_version 0.9.36 +%define ldb_version 1.3.2 # This should be rc1 or nil -%define pre_release rc3 +%define pre_release rc4 %if "x%{?pre_release}" != "x" %define samba_release 0.%{main_release}.%{pre_release}%{?dist} @@ -122,9 +122,6 @@ Source14: samba.pamd Source200: README.dc Source201: README.downgrade -Patch1: samba-4.7.0-support-krb5-1.16.patch -Patch3: samba-4.8.0-ceph.patch - Requires(pre): /usr/sbin/groupadd Requires(post): systemd Requires(preun): systemd @@ -3553,6 +3550,9 @@ fi %endif # with_clustering_support %changelog +* Fri Mar 02 2018 Guenther Deschner - 4.8.0rc4-5 +- Update to Samba 4.8.0rc4 + * Mon Feb 12 2018 Guenther Deschner - 4.8.0rc3-4 - Update to Samba 4.8.0rc3 diff --git a/sources b/sources index 9c5ae94..a247e0c 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (samba-4.8.0rc3.tar.xz) = 41c1e1d991316f6b8b53a94129554f7831259ce02cbd21f558d580e6565c4ff27bc63d580f9c58f452ceeb533f5c9e62ec8b194addd94a3190f3c617e456a99e -SHA512 (samba-4.8.0rc3.tar.asc) = c4b89b367438ba85e862881aafcbca263c56e6ef9055239c084b229f9092f99b465acbab928f8c3a1cb4aabef3070346dc59eda11b6769b7408c58508597d583 +SHA512 (samba-4.8.0rc4.tar.xz) = c4116a3997b874f94b31faae75f543f36d2ae44a9638acb5e8e3b757160ec8cacecc4c1db67c5aa8fc61da2989b05ca1ddfb335d4886ce22cf82d90c1bb4c58a +SHA512 (samba-4.8.0rc4.tar.asc) = 74bcb2c37330be53ad5ad83017b3f548afdebc7ecefbc38944b117776b11968d816a339b7840ba2b54d13fc3ef832faf3dd435f76e6293cc7a83204ba497f5d1