Compare commits
28 Commits
f969f3cc48
...
42e489e3b5
Author | SHA1 | Date |
---|---|---|
Andreas Schneider | 42e489e3b5 | |
Günther Deschner | 39f5652863 | |
Andreas Schneider | 438d84812e | |
Pavel Filipenský | 299323d641 | |
Andreas Schneider | 09b9bd7d72 | |
Andreas Schneider | 3f44a1d65c | |
Andreas Schneider | 823f4aaeb6 | |
Pavel Filipenský | 63931382e3 | |
Pavel Filipenský | 306ca4dd30 | |
Günther Deschner | 0ea99a3fc7 | |
Andreas Schneider | 54b4a4bb2b | |
Andreas Schneider | 0bcbb3c8e5 | |
Andreas Schneider | a7b63dff56 | |
Andreas Schneider | 2f030add8d | |
Andreas Schneider | 60713c3d38 | |
Pavel Filipenský | f57b4c25bd | |
Pavel Filipenský | f7094aca2e | |
Florian Weimer | bad5261747 | |
Florian Weimer | 5abeded564 | |
Pavel Filipenský | 8fdf7b3aef | |
Pavel Filipenský | f56b60cdb6 | |
Pavel Filipenský | f40435c960 | |
Günther Deschner | a96084a42d | |
Günther Deschner | b153e7b803 | |
Günther Deschner | c86f1a337e | |
Andreas Schneider | 690c51a74b | |
Andreas Schneider | 50546ea326 | |
Andreas Schneider | 11a3749088 |
|
@ -311,3 +311,13 @@ samba-3.6.0pre1.tar.gz
|
|||
/samba-4.17.0.tar.asc
|
||||
/samba-4.17.1.tar.xz
|
||||
/samba-4.17.1.tar.asc
|
||||
/samba-4.17.2.tar.xz
|
||||
/samba-4.17.2.tar.asc
|
||||
/samba-4.17.3.tar.xz
|
||||
/samba-4.17.3.tar.asc
|
||||
/samba-4.17.4.tar.xz
|
||||
/samba-4.17.4.tar.asc
|
||||
/samba-4.17.5.tar.xz
|
||||
/samba-4.17.5.tar.asc
|
||||
/samba-4.17.6.tar.xz
|
||||
/samba-4.17.6.tar.asc
|
||||
|
|
|
@ -18,3 +18,7 @@ runpath:
|
|||
|
||||
abidiff:
|
||||
suppression_file: samba.abignore
|
||||
|
||||
debuginfo:
|
||||
ignore:
|
||||
- /usr/lib*/libdcerpc-samr.so.*
|
||||
|
|
|
@ -0,0 +1,540 @@
|
|||
From a3e3d05f35d6082ea48450060b39084e3d0e4056 Mon Sep 17 00:00:00 2001
|
||||
From: Andreas Schneider <asn@samba.org>
|
||||
Date: Mon, 10 Oct 2022 15:15:20 +0200
|
||||
Subject: [PATCH 1/5] s3:librpc: Improve GSE error message
|
||||
|
||||
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15206
|
||||
|
||||
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||
Reviewed-by: Noel Power <noel.power@suse.com>
|
||||
---
|
||||
source3/librpc/crypto/gse.c | 21 +++++++++++++++++++--
|
||||
1 file changed, 19 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/source3/librpc/crypto/gse.c b/source3/librpc/crypto/gse.c
|
||||
index c50a8a036df..c2cac7abf82 100644
|
||||
--- a/source3/librpc/crypto/gse.c
|
||||
+++ b/source3/librpc/crypto/gse.c
|
||||
@@ -546,11 +546,28 @@ init_sec_context_done:
|
||||
goto done;
|
||||
case GSS_S_FAILURE:
|
||||
switch (gss_min) {
|
||||
- case (OM_uint32)KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN:
|
||||
- DBG_NOTICE("Server principal not found\n");
|
||||
+ case (OM_uint32)KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN: {
|
||||
+ gss_buffer_desc name_token = {
|
||||
+ .length = 0,
|
||||
+ };
|
||||
+
|
||||
+ gss_maj = gss_display_name(&gss_min,
|
||||
+ gse_ctx->server_name,
|
||||
+ &name_token,
|
||||
+ NULL);
|
||||
+ if (gss_maj == GSS_S_COMPLETE) {
|
||||
+ DBG_NOTICE("Server principal %.*s not found\n",
|
||||
+ (int)name_token.length,
|
||||
+ (char *)name_token.value);
|
||||
+ gss_release_buffer(&gss_maj, &name_token);
|
||||
+ } else {
|
||||
+ DBG_NOTICE("Server principal not found\n");
|
||||
+ }
|
||||
+
|
||||
/* Make SPNEGO ignore us, we can't go any further here */
|
||||
status = NT_STATUS_INVALID_PARAMETER;
|
||||
goto done;
|
||||
+ }
|
||||
case (OM_uint32)KRB5KRB_AP_ERR_TKT_EXPIRED:
|
||||
DBG_NOTICE("Ticket expired\n");
|
||||
/* Make SPNEGO ignore us, we can't go any further here */
|
||||
--
|
||||
2.37.3
|
||||
|
||||
|
||||
From d2e2e9acd717e45806f1b19378e09f39c8fe3da8 Mon Sep 17 00:00:00 2001
|
||||
From: Andreas Schneider <asn@samba.org>
|
||||
Date: Fri, 7 Oct 2022 14:35:15 +0200
|
||||
Subject: [PATCH 2/5] s3:rpcclient: Pass salt down to
|
||||
init_samr_CryptPasswordAES()
|
||||
|
||||
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15206
|
||||
|
||||
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||
Reviewed-by: Noel Power <noel.power@suse.com>
|
||||
---
|
||||
source3/rpc_client/init_samr.c | 15 ++++-----------
|
||||
source3/rpc_client/init_samr.h | 1 +
|
||||
source3/rpcclient/cmd_samr.c | 8 ++++++++
|
||||
source4/libnet/libnet_passwd.c | 13 +++++++------
|
||||
source4/torture/rpc/samr.c | 27 +++++++++++++++++++++++++++
|
||||
5 files changed, 47 insertions(+), 17 deletions(-)
|
||||
|
||||
diff --git a/source3/rpc_client/init_samr.c b/source3/rpc_client/init_samr.c
|
||||
index 68f42b602b3..52fa2f90d6e 100644
|
||||
--- a/source3/rpc_client/init_samr.c
|
||||
+++ b/source3/rpc_client/init_samr.c
|
||||
@@ -79,6 +79,7 @@ NTSTATUS init_samr_CryptPassword(const char *pwd,
|
||||
|
||||
NTSTATUS init_samr_CryptPasswordAES(TALLOC_CTX *mem_ctx,
|
||||
const char *password,
|
||||
+ DATA_BLOB *salt,
|
||||
DATA_BLOB *session_key,
|
||||
struct samr_EncryptedPasswordAES *ppwd_buf)
|
||||
{
|
||||
@@ -87,12 +88,6 @@ NTSTATUS init_samr_CryptPasswordAES(TALLOC_CTX *mem_ctx,
|
||||
.data = pw_data,
|
||||
.length = sizeof(pw_data),
|
||||
};
|
||||
- size_t iv_size = gnutls_cipher_get_iv_size(GNUTLS_CIPHER_AES_256_CBC);
|
||||
- uint8_t iv_data[iv_size];
|
||||
- DATA_BLOB iv = {
|
||||
- .data = iv_data,
|
||||
- .length = iv_size,
|
||||
- };
|
||||
DATA_BLOB ciphertext = data_blob_null;
|
||||
NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
|
||||
bool ok;
|
||||
@@ -101,8 +96,6 @@ NTSTATUS init_samr_CryptPasswordAES(TALLOC_CTX *mem_ctx,
|
||||
return NT_STATUS_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
- generate_nonce_buffer(iv.data, iv.length);
|
||||
-
|
||||
ok = encode_pwd_buffer514_from_str(pw_data, password, STR_UNICODE);
|
||||
if (!ok) {
|
||||
return NT_STATUS_INTERNAL_ERROR;
|
||||
@@ -114,7 +107,7 @@ NTSTATUS init_samr_CryptPasswordAES(TALLOC_CTX *mem_ctx,
|
||||
session_key,
|
||||
&samr_aes256_enc_key_salt,
|
||||
&samr_aes256_mac_key_salt,
|
||||
- &iv,
|
||||
+ salt,
|
||||
&ciphertext,
|
||||
ppwd_buf->auth_data);
|
||||
BURN_DATA(pw_data);
|
||||
@@ -126,8 +119,8 @@ NTSTATUS init_samr_CryptPasswordAES(TALLOC_CTX *mem_ctx,
|
||||
ppwd_buf->cipher = ciphertext.data;
|
||||
ppwd_buf->PBKDF2Iterations = 0;
|
||||
|
||||
- SMB_ASSERT(iv.length == sizeof(ppwd_buf->salt));
|
||||
- memcpy(ppwd_buf->salt, iv.data, iv.length);
|
||||
+ SMB_ASSERT(salt->length == sizeof(ppwd_buf->salt));
|
||||
+ memcpy(ppwd_buf->salt, salt->data, salt->length);
|
||||
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
diff --git a/source3/rpc_client/init_samr.h b/source3/rpc_client/init_samr.h
|
||||
index 940534e7168..71b4c0e573d 100644
|
||||
--- a/source3/rpc_client/init_samr.h
|
||||
+++ b/source3/rpc_client/init_samr.h
|
||||
@@ -47,6 +47,7 @@ NTSTATUS init_samr_CryptPassword(const char *pwd,
|
||||
*/
|
||||
NTSTATUS init_samr_CryptPasswordAES(TALLOC_CTX *mem_ctx,
|
||||
const char *password,
|
||||
+ DATA_BLOB *salt,
|
||||
DATA_BLOB *session_key,
|
||||
struct samr_EncryptedPasswordAES *ppwd_buf);
|
||||
|
||||
diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c
|
||||
index 9ccd2f78a8d..8106ca90cf2 100644
|
||||
--- a/source3/rpcclient/cmd_samr.c
|
||||
+++ b/source3/rpcclient/cmd_samr.c
|
||||
@@ -3172,6 +3172,11 @@ static NTSTATUS cmd_samr_setuserinfo_int(struct rpc_pipe_client *cli,
|
||||
uint8_t nt_hash[16];
|
||||
uint8_t lm_hash[16];
|
||||
DATA_BLOB session_key;
|
||||
+ uint8_t salt_data[16];
|
||||
+ DATA_BLOB salt = {
|
||||
+ .data = salt_data,
|
||||
+ .length = sizeof(salt_data),
|
||||
+ };
|
||||
uint8_t password_expired = 0;
|
||||
struct dcerpc_binding_handle *b = cli->binding_handle;
|
||||
TALLOC_CTX *frame = NULL;
|
||||
@@ -3198,6 +3203,8 @@ static NTSTATUS cmd_samr_setuserinfo_int(struct rpc_pipe_client *cli,
|
||||
goto done;
|
||||
}
|
||||
|
||||
+ generate_nonce_buffer(salt.data, salt.length);
|
||||
+
|
||||
switch(level) {
|
||||
case 18:
|
||||
case 21:
|
||||
@@ -3220,6 +3227,7 @@ static NTSTATUS cmd_samr_setuserinfo_int(struct rpc_pipe_client *cli,
|
||||
case 31:
|
||||
status = init_samr_CryptPasswordAES(frame,
|
||||
param,
|
||||
+ &salt,
|
||||
&session_key,
|
||||
&pwd_buf_aes);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
diff --git a/source4/libnet/libnet_passwd.c b/source4/libnet/libnet_passwd.c
|
||||
index 4f662110e55..a1672104824 100644
|
||||
--- a/source4/libnet/libnet_passwd.c
|
||||
+++ b/source4/libnet/libnet_passwd.c
|
||||
@@ -57,13 +57,13 @@ static NTSTATUS libnet_ChangePassword_samr_aes(TALLOC_CTX *mem_ctx,
|
||||
struct samr_EncryptedPasswordAES pwd_buf = {
|
||||
.cipher_len = 0
|
||||
};
|
||||
- DATA_BLOB iv = {
|
||||
+ DATA_BLOB salt = {
|
||||
.data = pwd_buf.salt,
|
||||
.length = sizeof(pwd_buf.salt),
|
||||
};
|
||||
- gnutls_datum_t iv_datum = {
|
||||
- .data = iv.data,
|
||||
- .size = iv.length,
|
||||
+ gnutls_datum_t salt_datum = {
|
||||
+ .data = pwd_buf.salt,
|
||||
+ .size = sizeof(pwd_buf.salt),
|
||||
};
|
||||
uint64_t pbkdf2_iterations = generate_random_u64_range(5000, 1000000);
|
||||
NTSTATUS status;
|
||||
@@ -71,11 +71,11 @@ static NTSTATUS libnet_ChangePassword_samr_aes(TALLOC_CTX *mem_ctx,
|
||||
|
||||
E_md4hash(old_password, old_nt_key_data);
|
||||
|
||||
- generate_nonce_buffer(iv.data, iv.length);
|
||||
+ generate_nonce_buffer(salt.data, salt.length);
|
||||
|
||||
rc = gnutls_pbkdf2(GNUTLS_MAC_SHA512,
|
||||
&old_nt_key,
|
||||
- &iv_datum,
|
||||
+ &salt_datum,
|
||||
pbkdf2_iterations,
|
||||
cek.data,
|
||||
cek.length);
|
||||
@@ -86,6 +86,7 @@ static NTSTATUS libnet_ChangePassword_samr_aes(TALLOC_CTX *mem_ctx,
|
||||
|
||||
status = init_samr_CryptPasswordAES(mem_ctx,
|
||||
new_password,
|
||||
+ &salt,
|
||||
&cek,
|
||||
&pwd_buf);
|
||||
data_blob_clear(&cek);
|
||||
diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c
|
||||
index de354659067..0b1880efa18 100644
|
||||
--- a/source4/torture/rpc/samr.c
|
||||
+++ b/source4/torture/rpc/samr.c
|
||||
@@ -783,6 +783,11 @@ static bool test_SetUserPass_32(struct dcerpc_pipe *p, struct torture_context *t
|
||||
struct samr_SetUserInfo s;
|
||||
union samr_UserInfo u;
|
||||
DATA_BLOB session_key;
|
||||
+ uint8_t salt_data[16];
|
||||
+ DATA_BLOB salt = {
|
||||
+ .data = salt_data,
|
||||
+ .length = sizeof(salt_data),
|
||||
+ };
|
||||
char *newpass = NULL;
|
||||
struct dcerpc_binding_handle *b = p->binding_handle;
|
||||
struct samr_GetUserPwInfo pwp;
|
||||
@@ -818,8 +823,11 @@ static bool test_SetUserPass_32(struct dcerpc_pipe *p, struct torture_context *t
|
||||
return false;
|
||||
}
|
||||
|
||||
+ generate_nonce_buffer(salt.data, salt.length);
|
||||
+
|
||||
status = init_samr_CryptPasswordAES(tctx,
|
||||
newpass,
|
||||
+ &salt,
|
||||
&session_key,
|
||||
&u.info32.password);
|
||||
torture_assert_ntstatus_ok(tctx,
|
||||
@@ -852,6 +860,7 @@ static bool test_SetUserPass_32(struct dcerpc_pipe *p, struct torture_context *t
|
||||
|
||||
status = init_samr_CryptPasswordAES(tctx,
|
||||
newpass,
|
||||
+ &salt,
|
||||
&session_key,
|
||||
&u.info32.password);
|
||||
torture_assert_ntstatus_ok(tctx,
|
||||
@@ -896,6 +905,11 @@ static bool test_SetUserPass_31(struct dcerpc_pipe *p, struct torture_context *t
|
||||
union samr_UserInfo u;
|
||||
bool ret = true;
|
||||
DATA_BLOB session_key;
|
||||
+ uint8_t salt_data[16];
|
||||
+ DATA_BLOB salt = {
|
||||
+ .data = salt_data,
|
||||
+ .length = sizeof(salt_data),
|
||||
+ };
|
||||
char *newpass;
|
||||
struct dcerpc_binding_handle *b = p->binding_handle;
|
||||
struct samr_GetUserPwInfo pwp;
|
||||
@@ -931,8 +945,11 @@ static bool test_SetUserPass_31(struct dcerpc_pipe *p, struct torture_context *t
|
||||
return false;
|
||||
}
|
||||
|
||||
+ generate_nonce_buffer(salt.data, salt.length);
|
||||
+
|
||||
status = init_samr_CryptPasswordAES(tctx,
|
||||
newpass,
|
||||
+ &salt,
|
||||
&session_key,
|
||||
&u.info31.password);
|
||||
torture_assert_ntstatus_ok(tctx,
|
||||
@@ -959,6 +976,7 @@ static bool test_SetUserPass_31(struct dcerpc_pipe *p, struct torture_context *t
|
||||
|
||||
status = init_samr_CryptPasswordAES(tctx,
|
||||
newpass,
|
||||
+ &salt,
|
||||
&session_key,
|
||||
&u.info31.password);
|
||||
torture_assert_ntstatus_ok(tctx,
|
||||
@@ -1381,6 +1399,11 @@ static bool test_SetUserPass_level_ex(struct dcerpc_pipe *p,
|
||||
union samr_UserInfo u;
|
||||
bool ret = true;
|
||||
DATA_BLOB session_key;
|
||||
+ uint8_t salt_data[16];
|
||||
+ DATA_BLOB salt = {
|
||||
+ .data = salt_data,
|
||||
+ .length = sizeof(salt_data),
|
||||
+ };
|
||||
char *newpass;
|
||||
struct dcerpc_binding_handle *b = p->binding_handle;
|
||||
struct samr_GetUserPwInfo pwp;
|
||||
@@ -1490,6 +1513,8 @@ static bool test_SetUserPass_level_ex(struct dcerpc_pipe *p,
|
||||
return false;
|
||||
}
|
||||
|
||||
+ generate_nonce_buffer(salt.data, salt.length);
|
||||
+
|
||||
switch (level) {
|
||||
case 18:
|
||||
{
|
||||
@@ -1561,6 +1586,7 @@ static bool test_SetUserPass_level_ex(struct dcerpc_pipe *p,
|
||||
case 31:
|
||||
status = init_samr_CryptPasswordAES(tctx,
|
||||
newpass,
|
||||
+ &salt,
|
||||
&session_key,
|
||||
&u.info31.password);
|
||||
|
||||
@@ -1568,6 +1594,7 @@ static bool test_SetUserPass_level_ex(struct dcerpc_pipe *p,
|
||||
case 32:
|
||||
status = init_samr_CryptPasswordAES(tctx,
|
||||
newpass,
|
||||
+ &salt,
|
||||
&session_key,
|
||||
&u.info32.password);
|
||||
|
||||
--
|
||||
2.37.3
|
||||
|
||||
|
||||
From 1d630363c9b2497266e418aad89c55d5b51a63ad Mon Sep 17 00:00:00 2001
|
||||
From: Andreas Schneider <asn@samba.org>
|
||||
Date: Mon, 17 Oct 2022 09:02:28 +0200
|
||||
Subject: [PATCH 3/5] s4:libnet: If we successfully changed the password we are
|
||||
done
|
||||
|
||||
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15206
|
||||
|
||||
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||
Reviewed-by: Noel Power <noel.power@suse.com>
|
||||
---
|
||||
source4/libnet/libnet_passwd.c | 32 ++++++++++++++++++--------------
|
||||
1 file changed, 18 insertions(+), 14 deletions(-)
|
||||
|
||||
diff --git a/source4/libnet/libnet_passwd.c b/source4/libnet/libnet_passwd.c
|
||||
index a1672104824..b17614bcd97 100644
|
||||
--- a/source4/libnet/libnet_passwd.c
|
||||
+++ b/source4/libnet/libnet_passwd.c
|
||||
@@ -101,7 +101,7 @@ static NTSTATUS libnet_ChangePassword_samr_aes(TALLOC_CTX *mem_ctx,
|
||||
r.in.password = &pwd_buf;
|
||||
|
||||
status = dcerpc_samr_ChangePasswordUser4_r(h, mem_ctx, &r);
|
||||
- if (NT_STATUS_IS_OK(status)) {
|
||||
+ if (!NT_STATUS_IS_OK(status)) {
|
||||
goto done;
|
||||
}
|
||||
if (!NT_STATUS_IS_OK(r.out.result)) {
|
||||
@@ -112,6 +112,7 @@ static NTSTATUS libnet_ChangePassword_samr_aes(TALLOC_CTX *mem_ctx,
|
||||
account->string,
|
||||
nt_errstr(status));
|
||||
status = r.out.result;
|
||||
+ goto done;
|
||||
}
|
||||
|
||||
done:
|
||||
@@ -424,20 +425,23 @@ static NTSTATUS libnet_ChangePassword_samr(struct libnet_context *ctx, TALLOC_CT
|
||||
r->samr.in.oldpassword,
|
||||
r->samr.in.newpassword,
|
||||
&(r->samr.out.error_string));
|
||||
- if (!NT_STATUS_IS_OK(status)) {
|
||||
- if (NT_STATUS_EQUAL(status,
|
||||
- NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE) ||
|
||||
- NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED) ||
|
||||
- NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED)) {
|
||||
- /*
|
||||
- * Don't fallback to RC4 based SAMR if weak crypto is not
|
||||
- * allowed.
|
||||
- */
|
||||
- if (lpcfg_weak_crypto(ctx->lp_ctx) ==
|
||||
- SAMBA_WEAK_CRYPTO_DISALLOWED) {
|
||||
- goto disconnect;
|
||||
- }
|
||||
+ if (NT_STATUS_IS_OK(status)) {
|
||||
+ goto disconnect;
|
||||
+ } else if (NT_STATUS_EQUAL(status,
|
||||
+ NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE) ||
|
||||
+ NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED) ||
|
||||
+ NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED)) {
|
||||
+ /*
|
||||
+ * Don't fallback to RC4 based SAMR if weak crypto is not
|
||||
+ * allowed.
|
||||
+ */
|
||||
+ if (lpcfg_weak_crypto(ctx->lp_ctx) ==
|
||||
+ SAMBA_WEAK_CRYPTO_DISALLOWED) {
|
||||
+ goto disconnect;
|
||||
}
|
||||
+ } else {
|
||||
+ /* libnet_ChangePassword_samr_aes is implemented and failed */
|
||||
+ goto disconnect;
|
||||
}
|
||||
|
||||
status = libnet_ChangePassword_samr_rc4(
|
||||
--
|
||||
2.37.3
|
||||
|
||||
|
||||
From 9a4a169ab34641afb87e7f81708c9a72b321879e Mon Sep 17 00:00:00 2001
|
||||
From: Noel Power <noel.power@suse.com>
|
||||
Date: Fri, 21 Oct 2022 17:40:36 +0100
|
||||
Subject: [PATCH 4/5] s4/rpc_server/sambr: don't mutate the return of
|
||||
samdb_set_password_aes
|
||||
|
||||
prior to this commit return of samdb_set_password_aes was set to
|
||||
NT_STATUS_WRONG_PASSWORD on failure. Useful status that should be
|
||||
returned such as NT_STATUS_PASSWORD_RESTRICTION are swallowed here
|
||||
otherwise (and in this case can be partially responsible for failures
|
||||
in test samba.tests.auth_log_pass_change (with later gnutls)
|
||||
|
||||
Signed-off-by: Noel Power <noel.power@suse.com>
|
||||
Reviewed-by: Andreas Schneider <asn@samba.org>
|
||||
---
|
||||
source4/rpc_server/samr/samr_password.c | 1 -
|
||||
1 file changed, 1 deletion(-)
|
||||
|
||||
diff --git a/source4/rpc_server/samr/samr_password.c b/source4/rpc_server/samr/samr_password.c
|
||||
index 4691f9a47a9..b581be6361c 100644
|
||||
--- a/source4/rpc_server/samr/samr_password.c
|
||||
+++ b/source4/rpc_server/samr/samr_password.c
|
||||
@@ -250,7 +250,6 @@ NTSTATUS dcesrv_samr_ChangePasswordUser4(struct dcesrv_call_state *dce_call,
|
||||
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
ldb_transaction_cancel(sam_ctx);
|
||||
- status = NT_STATUS_WRONG_PASSWORD;
|
||||
goto done;
|
||||
}
|
||||
|
||||
--
|
||||
2.37.3
|
||||
|
||||
|
||||
From b8b36ecba0f22dbc203c12627ebd629c2437c635 Mon Sep 17 00:00:00 2001
|
||||
From: Noel Power <noel.power@suse.com>
|
||||
Date: Fri, 21 Oct 2022 17:14:44 +0100
|
||||
Subject: [PATCH 5/5] python/samba/tests: fix samba.tests.auth_log_pass_change
|
||||
for later gnutls
|
||||
|
||||
later gnutls that support GNUTLS_PBKDF2 currently fail,
|
||||
we need to conditionally switch test data to reflect use of
|
||||
'samr_ChangePasswordUser3' or 'samr_ChangePasswordUser4'
|
||||
depending on whether GNUTLS_PBKDF2 is supported or not
|
||||
|
||||
Signed-off-by: Noel Power <noel.power@suse.com>
|
||||
Reviewed-by: Andreas Schneider <asn@samba.org>
|
||||
---
|
||||
python/samba/tests/auth_log_pass_change.py | 20 ++++++++++++++++----
|
||||
source4/selftest/tests.py | 9 ++++++---
|
||||
2 files changed, 22 insertions(+), 7 deletions(-)
|
||||
|
||||
diff --git a/python/samba/tests/auth_log_pass_change.py b/python/samba/tests/auth_log_pass_change.py
|
||||
index 972af2158dd..1ca46c586b3 100644
|
||||
--- a/python/samba/tests/auth_log_pass_change.py
|
||||
+++ b/python/samba/tests/auth_log_pass_change.py
|
||||
@@ -72,6 +72,18 @@ class AuthLogPassChangeTests(samba.tests.auth_log_base.AuthLogTestBase):
|
||||
|
||||
# discard any auth log messages for the password setup
|
||||
self.discardMessages()
|
||||
+ gnutls_pbkdf2_support = samba.tests.env_get_var_value(
|
||||
+ 'GNUTLS_PBKDF2_SUPPORT',
|
||||
+ allow_missing=True)
|
||||
+ if gnutls_pbkdf2_support is None:
|
||||
+ gnutls_pbkdf2_support = '0'
|
||||
+ self.gnutls_pbkdf2_support = bool(int(gnutls_pbkdf2_support))
|
||||
+
|
||||
+ def _authDescription(self):
|
||||
+ if self.gnutls_pbkdf2_support:
|
||||
+ return "samr_ChangePasswordUser4"
|
||||
+ else:
|
||||
+ return "samr_ChangePasswordUser3"
|
||||
|
||||
def tearDown(self):
|
||||
super(AuthLogPassChangeTests, self).tearDown()
|
||||
@@ -83,7 +95,7 @@ class AuthLogPassChangeTests(samba.tests.auth_log_base.AuthLogTestBase):
|
||||
(msg["Authentication"]["serviceDescription"] ==
|
||||
"SAMR Password Change") and
|
||||
(msg["Authentication"]["authDescription"] ==
|
||||
- "samr_ChangePasswordUser3") and
|
||||
+ self._authDescription()) and
|
||||
(msg["Authentication"]["eventId"] ==
|
||||
EVT_ID_SUCCESSFUL_LOGON) and
|
||||
(msg["Authentication"]["logonType"] ==
|
||||
@@ -109,7 +121,7 @@ class AuthLogPassChangeTests(samba.tests.auth_log_base.AuthLogTestBase):
|
||||
(msg["Authentication"]["serviceDescription"] ==
|
||||
"SAMR Password Change") and
|
||||
(msg["Authentication"]["authDescription"] ==
|
||||
- "samr_ChangePasswordUser3") and
|
||||
+ self._authDescription()) and
|
||||
(msg["Authentication"]["eventId"] ==
|
||||
EVT_ID_UNSUCCESSFUL_LOGON) and
|
||||
(msg["Authentication"]["logonType"] ==
|
||||
@@ -141,7 +153,7 @@ class AuthLogPassChangeTests(samba.tests.auth_log_base.AuthLogTestBase):
|
||||
(msg["Authentication"]["serviceDescription"] ==
|
||||
"SAMR Password Change") and
|
||||
(msg["Authentication"]["authDescription"] ==
|
||||
- "samr_ChangePasswordUser3") and
|
||||
+ self._authDescription()) and
|
||||
(msg["Authentication"]["eventId"] ==
|
||||
EVT_ID_UNSUCCESSFUL_LOGON) and
|
||||
(msg["Authentication"]["logonType"] ==
|
||||
@@ -174,7 +186,7 @@ class AuthLogPassChangeTests(samba.tests.auth_log_base.AuthLogTestBase):
|
||||
(msg["Authentication"]["serviceDescription"] ==
|
||||
"SAMR Password Change") and
|
||||
(msg["Authentication"]["authDescription"] ==
|
||||
- "samr_ChangePasswordUser3") and
|
||||
+ self._authDescription()) and
|
||||
(msg["Authentication"]["eventId"] ==
|
||||
EVT_ID_UNSUCCESSFUL_LOGON) and
|
||||
(msg["Authentication"]["logonType"] ==
|
||||
diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py
|
||||
index a803d4704ea..c92105586a7 100755
|
||||
--- a/source4/selftest/tests.py
|
||||
+++ b/source4/selftest/tests.py
|
||||
@@ -1094,9 +1094,11 @@ if have_heimdal_support:
|
||||
environ={'CLIENT_IP': '10.53.57.11',
|
||||
'SOCKET_WRAPPER_DEFAULT_IFACE': 11})
|
||||
planoldpythontestsuite("ad_dc_smb1", "samba.tests.auth_log_pass_change",
|
||||
- extra_args=['-U"$USERNAME%$PASSWORD"'])
|
||||
+ extra_args=['-U"$USERNAME%$PASSWORD"'],
|
||||
+ environ={'GNUTLS_PBKDF2_SUPPORT': gnutls_pbkdf2_support})
|
||||
planoldpythontestsuite("ad_dc_ntvfs", "samba.tests.auth_log_pass_change",
|
||||
- extra_args=['-U"$USERNAME%$PASSWORD"'])
|
||||
+ extra_args=['-U"$USERNAME%$PASSWORD"'],
|
||||
+ environ={'GNUTLS_PBKDF2_SUPPORT': gnutls_pbkdf2_support})
|
||||
|
||||
# these tests use a NCA local RPC connection, so always run on the
|
||||
# :local testenv, and so don't need to fake a client connection
|
||||
@@ -1113,7 +1115,8 @@ if have_heimdal_support:
|
||||
"samba.tests.auth_log_winbind",
|
||||
extra_args=['-U"$DC_USERNAME%$DC_PASSWORD"'])
|
||||
planoldpythontestsuite("ad_dc", "samba.tests.audit_log_pass_change",
|
||||
- extra_args=['-U"$USERNAME%$PASSWORD"'])
|
||||
+ extra_args=['-U"$USERNAME%$PASSWORD"'],
|
||||
+ environ={'GNUTLS_PBKDF2_SUPPORT': gnutls_pbkdf2_support})
|
||||
planoldpythontestsuite("ad_dc", "samba.tests.audit_log_dsdb",
|
||||
extra_args=['-U"$USERNAME%$PASSWORD"'])
|
||||
planoldpythontestsuite("ad_dc", "samba.tests.group_audit",
|
||||
--
|
||||
2.37.3
|
||||
|
273
samba.spec
273
samba.spec
|
@ -134,8 +134,8 @@
|
|||
|
||||
%define samba_requires_eq() %(LC_ALL="C" echo '%*' | xargs -r rpm -q --qf 'Requires: %%{name} = %%{epoch}:%%{version}\\n' | sed -e 's/ (none):/ /' -e 's/ 0:/ /' | grep -v "is not")
|
||||
|
||||
%global samba_version 4.17.1
|
||||
%global baserelease 1
|
||||
%global samba_version 4.17.6
|
||||
%global baserelease 0
|
||||
# This should be rc1 or %%nil
|
||||
%global pre_release %nil
|
||||
|
||||
|
@ -193,24 +193,24 @@
|
|||
|
||||
%global _systemd_extra "Environment=KRB5CCNAME=FILE:/run/samba/krb5cc_samba"
|
||||
|
||||
# Make a copy of this variable to prevent repeated evaluation of the
|
||||
# embedded shell command. Avoid recursive macro definition if undefined.
|
||||
%{?python3_sitearch: %global python3_sitearch %{python3_sitearch}}
|
||||
|
||||
Name: samba
|
||||
Version: %{samba_version}
|
||||
Release: %{samba_release}%{?dist}
|
||||
|
||||
%if 0%{?rhel}
|
||||
Epoch: 0
|
||||
%else
|
||||
%if 0%{?fedora}
|
||||
Epoch: 2
|
||||
%else
|
||||
Epoch: 0
|
||||
%endif
|
||||
|
||||
%if 0%{?epoch} > 0
|
||||
%global samba_depver %{epoch}:%{version}-%{release}
|
||||
%else
|
||||
%global samba_depver %{version}-%{release}
|
||||
%endif
|
||||
|
||||
Summary: Server and Client software to interoperate with Windows machines
|
||||
License: GPLv3+ and LGPLv3+
|
||||
License: GPL-3.0-or-later AND LGPL-3.0-or-later
|
||||
URL: https://www.samba.org
|
||||
|
||||
# This is a xz recompressed file of https://ftp.samba.org/pub/samba/samba-%%{version}%%{pre_release}.tar.gz
|
||||
|
@ -239,6 +239,7 @@ Requires: %{name}-common-libs = %{samba_depver}
|
|||
Requires: %{name}-common-tools = %{samba_depver}
|
||||
Requires: %{name}-client-libs = %{samba_depver}
|
||||
Requires: %{name}-libs = %{samba_depver}
|
||||
Requires: %{name}-dcerpc = %{samba_depver}
|
||||
Requires: libnetapi = %{samba_depver}
|
||||
%if %{with libwbclient}
|
||||
Requires(post): libwbclient = %{samba_depver}
|
||||
|
@ -269,6 +270,7 @@ Provides: bundled(libreplace)
|
|||
|
||||
BuildRequires: make
|
||||
BuildRequires: gcc
|
||||
BuildRequires: glibc-gconv-extra
|
||||
BuildRequires: avahi-devel
|
||||
BuildRequires: bison
|
||||
BuildRequires: cups-devel
|
||||
|
@ -305,8 +307,10 @@ BuildRequires: perl-generators
|
|||
BuildRequires: perl(Archive::Tar)
|
||||
BuildRequires: perl(Test::More)
|
||||
BuildRequires: popt-devel
|
||||
BuildRequires: python3-cryptography
|
||||
BuildRequires: python3-devel
|
||||
BuildRequires: python3-dns
|
||||
BuildRequires: python3-requests
|
||||
BuildRequires: python3-setuptools
|
||||
BuildRequires: quota-devel
|
||||
BuildRequires: readline-devel
|
||||
|
@ -323,6 +327,10 @@ BuildRequires: zlib-devel >= 1.2.3
|
|||
|
||||
BuildRequires: pkgconfig(libsystemd)
|
||||
|
||||
%if 0%{?fedora} >= 37
|
||||
BuildRequires: mold
|
||||
%endif
|
||||
|
||||
%if %{with vfs_glusterfs}
|
||||
BuildRequires: glusterfs-api-devel >= 3.4.0.16
|
||||
BuildRequires: glusterfs-devel >= 3.4.0.16
|
||||
|
@ -346,17 +354,6 @@ BuildRequires: librados-devel
|
|||
BuildRequires: python3-etcd
|
||||
%endif
|
||||
|
||||
%if %{with dc} || %{with testsuite}
|
||||
# Add python3-iso8601 to avoid that the
|
||||
# version in Samba is being packaged
|
||||
BuildRequires: python3-iso8601
|
||||
BuildRequires: python3-pyasn1 >= 0.4.8
|
||||
|
||||
BuildRequires: bind
|
||||
BuildRequires: krb5-server >= %{required_mit_krb5}
|
||||
#endif with dc
|
||||
%endif
|
||||
|
||||
# pidl requirements
|
||||
BuildRequires: perl(ExtUtils::MakeMaker)
|
||||
BuildRequires: perl(FindBin)
|
||||
|
@ -387,10 +384,15 @@ BuildRequires: lmdb-devel
|
|||
%if %{with dc} || %{with testsuite}
|
||||
BuildRequires: bind
|
||||
BuildRequires: krb5-server >= %{required_mit_krb5}
|
||||
%if 0%{?fedora} || 0%{?rhel} >= 9
|
||||
BuildRequires: python3-dateutil
|
||||
%else
|
||||
BuildRequires: python3-iso8601
|
||||
%endif
|
||||
BuildRequires: python3-gpg
|
||||
BuildRequires: python3-markdown
|
||||
BuildRequires: python3-pyasn1 >= 0.4.8
|
||||
BuildRequires: python3-setproctitle
|
||||
BuildRequires: python3-cryptography
|
||||
|
||||
%if %{without includelibs}
|
||||
BuildRequires: tdb-tools
|
||||
|
@ -447,6 +449,8 @@ Requires: %{name}-common-libs = %{samba_depver}
|
|||
Requires: libwbclient = %{samba_depver}
|
||||
%endif
|
||||
Requires: krb5-libs >= %{required_mit_krb5}
|
||||
# This is needed for charset conversion
|
||||
Requires: glibc-gconv-extra
|
||||
|
||||
%description client-libs
|
||||
The samba-client-libs package contains internal libraries needed by the
|
||||
|
@ -510,7 +514,7 @@ SMB/CIFS clients.
|
|||
|
||||
### COMMON-TOOLS
|
||||
%package common-tools
|
||||
Summary: Tools for Samba servers and clients
|
||||
Summary: Tools for Samba clients
|
||||
Requires: samba-common-libs = %{samba_depver}
|
||||
Requires: samba-client-libs = %{samba_depver}
|
||||
Requires: samba-libs = %{samba_depver}
|
||||
|
@ -520,22 +524,42 @@ Requires: libnetapi = %{samba_depver}
|
|||
Requires: libwbclient = %{samba_depver}
|
||||
%endif
|
||||
|
||||
# samba-tool needs python3-samba
|
||||
Requires: python3-%{name} = %{samba_depver}
|
||||
# samba-tool needs tdbbackup
|
||||
Requires: tdb-tools
|
||||
%if %{with dc}
|
||||
# samba-tool needs python3-samba-dc on a full build
|
||||
Requires: python3-%{name}-dc = %{samba_depver}
|
||||
# samba-tool needs mdb_copy for domain backup or upgrade provision
|
||||
Requires: lmdb
|
||||
%endif
|
||||
|
||||
Provides: bundled(libreplace)
|
||||
|
||||
%description common-tools
|
||||
The samba-common-tools package contains tools for Samba servers and
|
||||
SMB/CIFS clients.
|
||||
The samba-common-tools package contains tools for SMB/CIFS clients.
|
||||
|
||||
### SAMBA-TOOLS
|
||||
%package tools
|
||||
Summary: Tools for Samba servers
|
||||
# samba-tool needs python3-samba
|
||||
Requires: python3-%{name} = %{samba_depver}
|
||||
# samba-tool needs python3-samba-dc also on non-dc build
|
||||
Requires: python3-%{name}-dc = %{samba_depver}
|
||||
%if %{with dc}
|
||||
# samba-tool needs mdb_copy and tdbackup for domain backup or upgrade provision
|
||||
Requires: lmdb
|
||||
Requires: tdb-tools
|
||||
Requires: python3-gpg
|
||||
%endif
|
||||
|
||||
%description tools
|
||||
The samba-tools package contains tools for Samba servers
|
||||
and for GPO management on domain members.
|
||||
|
||||
### RPC
|
||||
%package dcerpc
|
||||
Summary: DCE RPC binaries
|
||||
Requires: samba-common-libs = %{samba_depver}
|
||||
Requires: samba-client-libs = %{samba_depver}
|
||||
Requires: samba-libs = %{samba_depver}
|
||||
Requires: libnetapi = %{samba_depver}
|
||||
%if %{with libwbclient}
|
||||
Requires: libwbclient = %{samba_depver}
|
||||
%endif
|
||||
|
||||
%description dcerpc
|
||||
The samba-dcerpc package contains binaries that serve DCERPC over named pipes.
|
||||
|
||||
### DC
|
||||
%if %{with dc} || %{with testsuite}
|
||||
|
@ -545,6 +569,7 @@ Requires: %{name} = %{samba_depver}
|
|||
Requires: %{name}-client-libs = %{samba_depver}
|
||||
Requires: %{name}-common-libs = %{samba_depver}
|
||||
Requires: %{name}-common-tools = %{samba_depver}
|
||||
Requires: %{name}-tools = %{samba_depver}
|
||||
Requires: %{name}-libs = %{samba_depver}
|
||||
Requires: %{name}-dc-provision = %{samba_depver}
|
||||
Requires: %{name}-dc-libs = %{samba_depver}
|
||||
|
@ -582,6 +607,9 @@ BuildArch: noarch
|
|||
%description dc-provision
|
||||
The samba-dc-provision package provides files to setup a domain controller
|
||||
|
||||
#endif with dc || with testsuite
|
||||
%endif
|
||||
|
||||
### DC-LIBS
|
||||
%package dc-libs
|
||||
Summary: Samba AD Domain Controller Libraries
|
||||
|
@ -598,6 +626,7 @@ Provides: bundled(libreplace)
|
|||
The %{name}-dc-libs package contains the libraries needed by the DC to
|
||||
link against the SMB, RPC and other protocols.
|
||||
|
||||
%if %{with dc} || %{with testsuite}
|
||||
### DC-BIND
|
||||
%package dc-bind-dlz
|
||||
Summary: Bind DLZ module for Samba AD
|
||||
|
@ -722,6 +751,7 @@ the Kerberos credentials cache of the user issuing the print job.
|
|||
%package ldb-ldap-modules
|
||||
Summary: Samba ldap modules for ldb
|
||||
Requires: %{name}-client-libs = %{samba_depver}
|
||||
Requires: %{name}-common-libs = %{samba_depver}
|
||||
|
||||
%description ldb-ldap-modules
|
||||
This package contains the ldb ldap modules required by samba-tool and
|
||||
|
@ -819,14 +849,14 @@ Summary: Samba Python3 libraries
|
|||
Requires: %{name}-client-libs = %{samba_depver}
|
||||
Requires: %{name}-common-libs = %{samba_depver}
|
||||
Requires: %{name}-libs = %{samba_depver}
|
||||
%if %{with dc}
|
||||
Requires: %{name}-dc-libs = %{samba_depver}
|
||||
%endif
|
||||
Requires: python3-talloc
|
||||
Requires: python3-tevent
|
||||
Requires: python3-tdb
|
||||
Requires: python3-ldb
|
||||
Requires: python3-cryptography
|
||||
Requires: python3-dns
|
||||
Requires: python3-ldb
|
||||
Requires: python3-requests
|
||||
Requires: python3-talloc
|
||||
Requires: python3-tdb
|
||||
Requires: python3-tevent
|
||||
%if %{with libsmbclient}
|
||||
Requires: libsmbclient = %{samba_depver}
|
||||
%endif
|
||||
|
@ -857,7 +887,6 @@ Requires: %{name}-libs = %{samba_depver}
|
|||
The python3-%{name}-test package contains the Python libraries used by the test suite of Samba.
|
||||
If you want to run full set of Samba tests, you need to install this package.
|
||||
|
||||
%if %{with dc} || %{with testsuite}
|
||||
%package -n python3-samba-dc
|
||||
Summary: Samba Python libraries for Samba AD
|
||||
Requires: %{name}-client-libs = %{samba_depver}
|
||||
|
@ -867,7 +896,6 @@ Requires: python3-%{name} = %{samba_depver}
|
|||
%description -n python3-samba-dc
|
||||
The python3-%{name}-dc package contains the Python libraries needed by programs
|
||||
to manage Samba AD.
|
||||
%endif
|
||||
|
||||
### PIDL
|
||||
%package pidl
|
||||
|
@ -961,11 +989,13 @@ Requires(post): %{name}-client-libs = %{samba_depver}
|
|||
Requires: %{name}-libs = %{samba_depver}
|
||||
Requires(post): %{name}-libs = %{samba_depver}
|
||||
Requires: %{name}-winbind-modules = %{samba_depver}
|
||||
Recommends: %{name}-tools = %{samba_depver}
|
||||
|
||||
%if %{with libwbclient}
|
||||
Requires(post): libwbclient = %{samba_depver}
|
||||
Requires: libwbclient = %{samba_depver}
|
||||
%endif
|
||||
Requires: %{name}-dcerpc = %{samba_depver}
|
||||
|
||||
Provides: samba4-winbind = %{samba_depver}
|
||||
Obsoletes: samba4-winbind < %{samba_depver}
|
||||
|
@ -1050,7 +1080,7 @@ necessary to communicate to the Winbind Daemon
|
|||
%if %{with winexe}
|
||||
%package winexe
|
||||
Summary: Samba Winexe Windows Binary
|
||||
License: GPLv3
|
||||
License: GPL-3.0-only
|
||||
Requires: %{name}-client-libs = %{samba_depver}
|
||||
Requires: %{name}-common-libs = %{samba_depver}
|
||||
|
||||
|
@ -1067,6 +1097,7 @@ Summary: A Clustered Database based on Samba's Trivial Database (TDB)
|
|||
|
||||
Requires: %{name}-common-libs = %{samba_depver}
|
||||
Requires: %{name}-client-libs = %{samba_depver}
|
||||
Requires: %{name}-winbind-clients = %{samba_depver}
|
||||
|
||||
Requires: coreutils
|
||||
# for ps and killall
|
||||
|
@ -1166,7 +1197,11 @@ Support for using an existing CEPH cluster as a mutex helper for CTDB
|
|||
|
||||
|
||||
%prep
|
||||
%if 0%{?fedora} || 0%{?rhel} >= 9
|
||||
xzcat %{SOURCE0} | %{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data=-
|
||||
%else
|
||||
xzcat %{SOURCE0} | gpgv2 --quiet --keyring %{SOURCE2} %{SOURCE1} -
|
||||
%endif
|
||||
%autosetup -n samba-%{version}%{pre_release} -p1
|
||||
|
||||
# Ensure we rely on GnuTLS and do not build any other crypto code shipping with
|
||||
|
@ -1219,9 +1254,13 @@ rm -f lib/crypto/{aes,rijndael}*.c
|
|||
# TODO: resolve underlinked python modules
|
||||
export python_LDFLAGS="$(echo %{__global_ldflags} | sed -e 's/-Wl,-z,defs//g')"
|
||||
|
||||
# Use the gold linker
|
||||
# See https://bugzilla.redhat.com/show_bug.cgi?id=2043178 ; For f36 do not use ld.gold till it is fixed
|
||||
#export LDFLAGS="%%{__global_ldflags} -fuse-ld=gold"
|
||||
# Use the mold linker
|
||||
%if 0%{?fedora} >= 37
|
||||
export LDFLAGS="%{__global_ldflags} -fuse-ld=mold"
|
||||
export python_LDFLAGS="$(echo ${LDFLAGS} | sed -e 's/-Wl,-z,defs//g')"
|
||||
%else
|
||||
export python_LDFLAGS="$(echo %{__global_ldflags} | sed -e 's/-Wl,-z,defs//g')"
|
||||
%endif
|
||||
|
||||
%configure \
|
||||
--enable-fhs \
|
||||
|
@ -1378,60 +1417,10 @@ touch %{buildroot}%{_libdir}/krb5/plugins/libkrb5/winbind_krb5_locator.so
|
|||
|
||||
%if %{without dc} && %{without testsuite}
|
||||
for i in \
|
||||
%{_libdir}/samba/libdfs-server-ad-samba4.so \
|
||||
%{_libdir}/samba/libdsdb-garbage-collect-tombstones-samba4.so \
|
||||
%{_libdir}/samba/libscavenge-dns-records-samba4.so \
|
||||
%{_mandir}/man8/samba.8 \
|
||||
%{_mandir}/man8/samba_downgrade_db.8 \
|
||||
%{_mandir}/man8/samba-gpupdate.8 \
|
||||
%{_unitdir}/samba.service \
|
||||
%{python3_sitearch}/samba/dcerpc/dnsserver.*.so \
|
||||
%{python3_sitearch}/samba/dnsserver.py \
|
||||
%{python3_sitearch}/samba/domain_update.py \
|
||||
%{python3_sitearch}/samba/forest_update.py \
|
||||
%{python3_sitearch}/samba/kcc/__init__.py \
|
||||
%{python3_sitearch}/samba/kcc/debug.py \
|
||||
%{python3_sitearch}/samba/kcc/graph.py \
|
||||
%{python3_sitearch}/samba/kcc/graph_utils.py \
|
||||
%{python3_sitearch}/samba/kcc/kcc_utils.py \
|
||||
%{python3_sitearch}/samba/kcc/ldif_import_export.py \
|
||||
%{python3_sitearch}/samba/kcc/__pycache__/__init__.*.pyc \
|
||||
%{python3_sitearch}/samba/kcc/__pycache__/debug.*.pyc \
|
||||
%{python3_sitearch}/samba/kcc/__pycache__/graph.*.pyc \
|
||||
%{python3_sitearch}/samba/kcc/__pycache__/graph_utils.*.pyc \
|
||||
%{python3_sitearch}/samba/kcc/__pycache__/kcc_utils.*.pyc \
|
||||
%{python3_sitearch}/samba/kcc/__pycache__/ldif_import_export.*.pyc \
|
||||
%{python3_sitearch}/samba/ms_forest_updates_markdown.py \
|
||||
%{python3_sitearch}/samba/ms_schema_markdown.py \
|
||||
%{python3_sitearch}/samba/provision/__init__.py \
|
||||
%{python3_sitearch}/samba/provision/backend.py \
|
||||
%{python3_sitearch}/samba/provision/common.py \
|
||||
%{python3_sitearch}/samba/provision/kerberos_implementation.py \
|
||||
%{python3_sitearch}/samba/provision/kerberos.py \
|
||||
%{python3_sitearch}/samba/provision/sambadns.py \
|
||||
%{python3_sitearch}/samba/provision/__pycache__/__init__.*.pyc \
|
||||
%{python3_sitearch}/samba/provision/__pycache__/backend.*.pyc \
|
||||
%{python3_sitearch}/samba/provision/__pycache__/common.*.pyc \
|
||||
%{python3_sitearch}/samba/provision/__pycache__/kerberos_implementation.*.pyc \
|
||||
%{python3_sitearch}/samba/provision/__pycache__/kerberos.*.pyc \
|
||||
%{python3_sitearch}/samba/provision/__pycache__/sambadns.*.pyc \
|
||||
%{python3_sitearch}/samba/__pycache__/domain_update.*.pyc \
|
||||
%{python3_sitearch}/samba/__pycache__/forest_update.*.pyc \
|
||||
%{python3_sitearch}/samba/__pycache__/ms_forest_updates_markdown.*.pyc \
|
||||
%{python3_sitearch}/samba/__pycache__/ms_schema_markdown.*.pyc \
|
||||
%{python3_sitearch}/samba/__pycache__/remove_dc.*.pyc \
|
||||
%{python3_sitearch}/samba/__pycache__/schema.*.pyc \
|
||||
%{python3_sitearch}/samba/__pycache__/uptodateness.*.pyc \
|
||||
%{python3_sitearch}/samba/remove_dc.py \
|
||||
%{python3_sitearch}/samba/samdb.py \
|
||||
%{python3_sitearch}/samba/schema.py \
|
||||
%{python3_sitearch}/samba/third_party/iso8601/__init__.py \
|
||||
%{python3_sitearch}/samba/third_party/iso8601/__pycache__/__init__.*.pyc \
|
||||
%{python3_sitearch}/samba/third_party/iso8601/__pycache__/iso8601.*.pyc \
|
||||
%{python3_sitearch}/samba/third_party/iso8601/__pycache__/test_iso8601.*.pyc \
|
||||
%{python3_sitearch}/samba/third_party/iso8601/iso8601.py \
|
||||
%{python3_sitearch}/samba/third_party/iso8601/test_iso8601.py \
|
||||
%{python3_sitearch}/samba/uptodateness.py \
|
||||
%{_sbindir}/samba-gpupdate \
|
||||
; do
|
||||
rm -f %{buildroot}$i
|
||||
|
@ -1744,15 +1733,6 @@ fi
|
|||
|
||||
%dir %{_libexecdir}/samba
|
||||
%{_libexecdir}/samba/samba-bgqd
|
||||
%{_libexecdir}/samba/samba-dcerpcd
|
||||
%{_libexecdir}/samba/rpcd_classic
|
||||
%{_libexecdir}/samba/rpcd_epmapper
|
||||
%{_libexecdir}/samba/rpcd_fsrvp
|
||||
%{_libexecdir}/samba/rpcd_lsad
|
||||
%{_libexecdir}/samba/rpcd_mdssvc
|
||||
%{_libexecdir}/samba/rpcd_rpcecho
|
||||
%{_libexecdir}/samba/rpcd_spoolss
|
||||
%{_libexecdir}/samba/rpcd_winreg
|
||||
|
||||
%dir %{_datadir}/samba
|
||||
%dir %{_datadir}/samba/mdssvc
|
||||
|
@ -1766,7 +1746,6 @@ fi
|
|||
%{_mandir}/man1/smbstatus.1*
|
||||
%{_mandir}/man8/eventlogadm.8*
|
||||
%{_mandir}/man8/samba-bgqd.8*
|
||||
%{_mandir}/man8/samba-dcerpcd.8*
|
||||
%{_mandir}/man8/smbd.8*
|
||||
%{_mandir}/man8/nmbd.8*
|
||||
%{_mandir}/man8/vfs_acl_tdb.8*
|
||||
|
@ -2057,11 +2036,11 @@ fi
|
|||
%{_libdir}/samba/pdb/smbpasswd.so
|
||||
%{_libdir}/samba/pdb/tdbsam.so
|
||||
|
||||
### COMMON-TOOLS
|
||||
%files common-tools
|
||||
%{_bindir}/net
|
||||
%{_bindir}/pdbedit
|
||||
%{_bindir}/profiles
|
||||
%{_bindir}/samba-tool
|
||||
%{_bindir}/smbcontrol
|
||||
%{_bindir}/smbpasswd
|
||||
%{_bindir}/testparm
|
||||
|
@ -2070,9 +2049,27 @@ fi
|
|||
%{_mandir}/man1/testparm.1*
|
||||
%{_mandir}/man8/net.8*
|
||||
%{_mandir}/man8/pdbedit.8*
|
||||
%{_mandir}/man8/samba-tool.8*
|
||||
%{_mandir}/man8/smbpasswd.8*
|
||||
|
||||
### TOOLS
|
||||
%files tools
|
||||
%{_bindir}/samba-tool
|
||||
%{_mandir}/man8/samba-tool.8*
|
||||
|
||||
### RPC
|
||||
%files dcerpc
|
||||
%dir %{_libexecdir}/samba
|
||||
%{_libexecdir}/samba/samba-dcerpcd
|
||||
%{_libexecdir}/samba/rpcd_classic
|
||||
%{_libexecdir}/samba/rpcd_epmapper
|
||||
%{_libexecdir}/samba/rpcd_fsrvp
|
||||
%{_libexecdir}/samba/rpcd_lsad
|
||||
%{_libexecdir}/samba/rpcd_mdssvc
|
||||
%{_libexecdir}/samba/rpcd_rpcecho
|
||||
%{_libexecdir}/samba/rpcd_spoolss
|
||||
%{_libexecdir}/samba/rpcd_winreg
|
||||
%{_mandir}/man8/samba-dcerpcd.8*
|
||||
|
||||
### DC
|
||||
%if %{with dc} || %{with testsuite}
|
||||
%files dc
|
||||
|
@ -2087,7 +2084,6 @@ fi
|
|||
%{_libdir}/krb5/plugins/kdb/samba.so
|
||||
|
||||
%{_libdir}/samba/auth/samba4.so
|
||||
%{_libdir}/samba/libpac-samba4.so
|
||||
%dir %{_libdir}/samba/gensec
|
||||
%{_libdir}/samba/gensec/krb5.so
|
||||
%{_libdir}/samba/ldb/acl.so
|
||||
|
@ -2149,9 +2145,15 @@ fi
|
|||
%license source4/setup/ad-schema/licence.txt
|
||||
%{_datadir}/samba/setup
|
||||
|
||||
#endif with dc || with testsuite
|
||||
%endif
|
||||
### DC-LIBS
|
||||
%files dc-libs
|
||||
%{_libdir}/samba/libauth4-samba4.so
|
||||
|
||||
%if %{with dc} || %{with testsuite}
|
||||
%{_libdir}/samba/libdb-glue-samba4.so
|
||||
%{_libdir}/samba/libpac-samba4.so
|
||||
%{_libdir}/samba/libprocess-model-samba4.so
|
||||
%{_libdir}/samba/libservice-samba4.so
|
||||
|
||||
|
@ -2370,7 +2372,6 @@ fi
|
|||
%{_libdir}/libdcerpc-samr.so.*
|
||||
|
||||
%{_libdir}/samba/libLIBWBCLIENT-OLD-samba4.so
|
||||
%{_libdir}/samba/libauth4-samba4.so
|
||||
%{_libdir}/samba/libauth-unix-token-samba4.so
|
||||
%{_libdir}/samba/libdcerpc-samba4.so
|
||||
%{_libdir}/samba/libdnsserver-common-samba4.so
|
||||
|
@ -2764,7 +2765,6 @@ fi
|
|||
%{_libdir}/libsamba-policy.*.so
|
||||
%{_libdir}/pkgconfig/samba-policy.*.pc
|
||||
|
||||
%if %{with dc} || %{with testsuite}
|
||||
%files -n python3-%{name}-dc
|
||||
%{python3_sitearch}/samba/samdb.py
|
||||
%{python3_sitearch}/samba/schema.py
|
||||
|
@ -2780,7 +2780,9 @@ fi
|
|||
%{python3_sitearch}/samba/__pycache__/uptodateness.*.pyc
|
||||
|
||||
%{python3_sitearch}/samba/dcerpc/dnsserver.*.so
|
||||
%if %{with dc} || %{with testsuite}
|
||||
%{python3_sitearch}/samba/dckeytab.*.so
|
||||
%endif
|
||||
%{python3_sitearch}/samba/domain_update.py
|
||||
%{python3_sitearch}/samba/forest_update.py
|
||||
%{python3_sitearch}/samba/ms_forest_updates_markdown.py
|
||||
|
@ -2821,7 +2823,6 @@ fi
|
|||
|
||||
%{python3_sitearch}/samba/remove_dc.py
|
||||
%{python3_sitearch}/samba/uptodateness.py
|
||||
%endif
|
||||
|
||||
%files -n python3-%{name}-test
|
||||
%dir %{python3_sitearch}/samba/tests
|
||||
|
@ -3102,6 +3103,7 @@ fi
|
|||
%{python3_sitearch}/samba/tests/krb5/__pycache__/as_canonicalization_tests.*.pyc
|
||||
%{python3_sitearch}/samba/tests/krb5/__pycache__/as_req_tests.*.pyc
|
||||
%{python3_sitearch}/samba/tests/krb5/__pycache__/compatability_tests.*.pyc
|
||||
%{python3_sitearch}/samba/tests/krb5/__pycache__/etype_tests.*.pyc
|
||||
%{python3_sitearch}/samba/tests/krb5/__pycache__/fast_tests.*.pyc
|
||||
%{python3_sitearch}/samba/tests/krb5/__pycache__/kcrypto.*.pyc
|
||||
%{python3_sitearch}/samba/tests/krb5/__pycache__/kdc_base_test.*.pyc
|
||||
|
@ -3132,6 +3134,7 @@ fi
|
|||
%{python3_sitearch}/samba/tests/krb5/as_canonicalization_tests.py
|
||||
%{python3_sitearch}/samba/tests/krb5/as_req_tests.py
|
||||
%{python3_sitearch}/samba/tests/krb5/compatability_tests.py
|
||||
%{python3_sitearch}/samba/tests/krb5/etype_tests.py
|
||||
%{python3_sitearch}/samba/tests/krb5/fast_tests.py
|
||||
%{python3_sitearch}/samba/tests/krb5/kcrypto.py
|
||||
%{python3_sitearch}/samba/tests/krb5/kdc_base_test.py
|
||||
|
@ -4307,6 +4310,48 @@ fi
|
|||
%endif
|
||||
|
||||
%changelog
|
||||
* Thu Mar 09 2023 Guenther Deschner <gdeschner@redhat.com> - 4.17.6-0
|
||||
- Update to version 4.17.6
|
||||
|
||||
* Thu Feb 23 2023 Pavel Filipenský <pfilipen@redhat.com> - 4.17.5-2
|
||||
- resolves: #2173619 - Add missing Requires for glibc-gconv-extra
|
||||
- SPDX migration
|
||||
|
||||
* Tue Feb 14 2023 Pavel Filipenský <pfilipen@redhat.com> - 4.17.5-1
|
||||
- resolves: rhbz#2166124 - Create package samba-tools, move there samba-tool binary
|
||||
|
||||
* Thu Jan 26 2023 Guenther Deschner <gdeschner@redhat.com> - 4.17.5-0
|
||||
- Update to version 4.17.5
|
||||
|
||||
* Thu Dec 22 2022 Pavel Filipenský <pfilipen@redhat.com> - 4.17.4-2
|
||||
- Always add epoch to samba_depver to fix osci.brew-build.rpmdeplint.functional
|
||||
- Create package dc-libs also for 'non-dc build'
|
||||
|
||||
* Tue Dec 20 2022 Pavel Filipenský <pfilipen@redhat.com> - 4.17.4-1
|
||||
- Fix '--without dc' build: delete libauth4-samba4.so
|
||||
|
||||
* Mon Dec 19 2022 Pavel Filipenský <pfilipen@redhat.com> - 4.17.4-1
|
||||
- Create a samba-dcerpc sub-package
|
||||
- Fix package installation without samba and samba-dc package
|
||||
|
||||
* Fri Dec 16 2022 Guenther Deschner <gdeschner@redhat.com> - 4.17.4-0
|
||||
- resolves: #2153906 - Update to version 4.17.4
|
||||
- resolves: #2154362, #2154363 - Security fixes for CVE-2022-38023
|
||||
- resolves: #2154303, #2154304 - Security fixes for CVE-2022-37966
|
||||
- resolves: #2154320, #2154322 - Security fixes for CVE-2022-37967
|
||||
|
||||
* Tue Nov 15 2022 Guenther Deschner <gdeschner@redhat.com> - 4.17.3-0
|
||||
- resolves: #2142959 - Update to version 4.17.3
|
||||
- resolves: #2140960, #2143117 - Security fixes for CVE-2022-42898
|
||||
|
||||
* Tue Oct 25 2022 Andreas Schneider <asn@redhat.com> - 4.17.2-1
|
||||
- Update to version 4.17.2
|
||||
- Fix CVE-2022-3592: A malicious client can use a symlink to escape the
|
||||
exported
|
||||
|
||||
* Mon Oct 24 2022 Andreas Schneider <asn@redhat.com> - 4.17.1-2
|
||||
- Add missing dependency for wbinfo used by ctdb scripts
|
||||
|
||||
* Wed Oct 19 2022 Pavel Filipenský <pfilipen@redhat.com> - 4.17.1-1
|
||||
- Update to version 4.17.1
|
||||
- resolves: rhbz#2127301 - Permission denied calling SMBC_getatr when file not exists
|
||||
|
|
4
sources
4
sources
|
@ -1,2 +1,2 @@
|
|||
SHA512 (samba-4.17.1.tar.xz) = fd1dd3059c484b550cfc694b14b32bb509c4e0b0e209e15b4ddc98ceba4bee8b4d94c5a488a98f75cafaf1d36dde912d738b6f79cba8bf14037c314ad9bfe4b9
|
||||
SHA512 (samba-4.17.1.tar.asc) = 921eec6894195d68922ef86c0c9d741cee17f98e7381f4e8ee99a8fe8168f569cb094b73a4e4094070f9b3ea677cf2db670dba55191fe8b417aa85b804f1fe03
|
||||
SHA512 (samba-4.17.6.tar.xz) = 5c9341fc27ed9912de8da190f6b3464a46e4ad95b1edc8e1a4556d5da5fd17005873b22a26da9890b1537bf61d70c5e2de0d8243c361c71518959d99bb0790aa
|
||||
SHA512 (samba-4.17.6.tar.asc) = f666ebef32865e4d347ea78c2274742c07222f6539a2a8ec5db5c509b115490c2456243beab27c9c9054ad21a2375f15969787f01c2c269db19da3f5316ac166
|
||||
|
|
Loading…
Reference in New Issue