Compare commits
178 Commits
Author | SHA1 | Date |
---|---|---|
Günther Deschner | 4ed526a349 | |
Pavel Filipenský | 0ee138228a | |
Pavel Filipenský | f94f6a54d4 | |
Florian Weimer | 4cccd21d61 | |
Florian Weimer | 71db3a4330 | |
Pavel Filipenský | 15b4b0f68d | |
Pavel Filipenský | 3d20282019 | |
Pavel Filipenský | 143a40a9cb | |
Günther Deschner | 0582429c21 | |
Günther Deschner | 345db31405 | |
Günther Deschner | 53c12663f0 | |
Günther Deschner | 9884bc0a06 | |
Günther Deschner | 87360b3db3 | |
Andreas Schneider | d8effb3e4d | |
Günther Deschner | 83abd721be | |
Pavel Filipenský | ac5a9f04ff | |
Pavel Filipenský | bcf6a6c2df | |
Pavel Filipenský | d9948a0633 | |
Pavel Filipenský | 8bf014646d | |
Pavel Filipenský | 17040e7063 | |
Andreas Schneider | 206378cd5b | |
Tomas Popela | e515cbc876 | |
Pavel Filipenský | aa08f6aa44 | |
Andreas Schneider | 89a3ad9ef4 | |
Pavel Filipenský | f258fd4269 | |
Günther Deschner | e81f157454 | |
Günther Deschner | 45747d7559 | |
Pavel Filipenský | 482970ccc5 | |
Andreas Schneider | c42829d1ad | |
Pavel Filipenský | 073076ff12 | |
Günther Deschner | 626bbcbaac | |
Pavel Filipenský | 4ee87cc214 | |
Pavel Filipenský | fae36af2f3 | |
Pavel Filipenský | b935fbcb7d | |
Pavel Filipenský | c8ac21e6f1 | |
Pavel Filipenský | c1f9bec1db | |
Pavel Filipenský | 6da37eb4ca | |
Andreas Schneider | 13dfbb0767 | |
Pavel Filipenský | 8a81633e9a | |
Andreas Schneider | 3314e8e15a | |
Pavel Filipenský | 6bc60bb396 | |
Andreas Schneider | a4093f41f0 | |
Andreas Schneider | 73757dc8a3 | |
Andreas Schneider | 6f2c200320 | |
Günther Deschner | 2ee30bad8f | |
Günther Deschner | 2eedc4de19 | |
Günther Deschner | af2d47413b | |
Günther Deschner | f0333fc6d6 | |
Günther Deschner | 56ca6af06a | |
Günther Deschner | 3c2c163325 | |
Günther Deschner | 331ea7c567 | |
Günther Deschner | bc51ea8a5e | |
Günther Deschner | 2efb445c94 | |
Günther Deschner | c6ac21963a | |
Günther Deschner | 29bd82541a | |
Andreas Schneider | eae8b04784 | |
Andreas Schneider | a7a77b0af0 | |
Günther Deschner | 0a04de2534 | |
Günther Deschner | a184099345 | |
Günther Deschner | fe6291ff86 | |
Anoop C S | 6410d154eb | |
Anoop C S | cffce0ef3e | |
Adam Williamson | 376ef2f0e0 | |
Andreas Schneider | 713db3d972 | |
Anoop C S | 68140d413f | |
Andreas Schneider | 47c27ed2c1 | |
Andreas Schneider | b904ff11a5 | |
Andreas Schneider | 58450895a0 | |
Anoop C S | db523c32da | |
Anoop C S | cc8c80c04b | |
Günther Deschner | 03a37fd80f | |
Fedora Release Engineering | 0f02de3867 | |
Günther Deschner | ab92045b9b | |
Günther Deschner | c7152a7598 | |
Günther Deschner | 30df8220b4 | |
Günther Deschner | 8e500051bc | |
Günther Deschner | dc0913c8f2 | |
Günther Deschner | 15c3d6dc9d | |
Günther Deschner | 869e9c50a6 | |
Günther Deschner | daabe96f8e | |
Andreas Schneider | 5e4f3ca118 | |
Andreas Schneider | b0ce351e1d | |
Andreas Schneider | 7be6ccad7b | |
Andreas Schneider | e17d2fbe11 | |
Andreas Schneider | e37c5c8b5b | |
Python Maint | 4e6773440b | |
Günther Deschner | a42aaa69c3 | |
Andreas Schneider | 2f7e875944 | |
Jitka Plesnikova | d08addb413 | |
Pete Walter | eb93f258dc | |
Pete Walter | 249389209b | |
Pete Walter | aa94f9dec1 | |
Andreas Schneider | 4e19062fc1 | |
Andreas Schneider | 06f8e7b2d9 | |
Andreas Schneider | f08374c6d4 | |
Andreas Schneider | b69385bc2d | |
Andreas Schneider | 554a3330e3 | |
Andreas Schneider | 3356311a17 | |
Andreas Schneider | d3d2a031b7 | |
Andreas Schneider | 8fae59d7cc | |
Andreas Schneider | 7f443ad2e8 | |
Andreas Schneider | 0f1369ca59 | |
Andreas Schneider | 9d2d741749 | |
Andreas Schneider | f6040f38cd | |
Andreas Schneider | d47396691c | |
Günther Deschner | 7f81bed73e | |
Anoop C S | 1520f9620f | |
Andreas Schneider | b88dfc7eaa | |
Andreas Schneider | 4249254548 | |
Günther Deschner | fba068844e | |
Andreas Schneider | 3627144822 | |
Andreas Schneider | 2ae69028bf | |
Andreas Schneider | 4651019383 | |
Richard W.M. Jones | e68a8ba5b9 | |
Alexander Bokovoy | d08e5bf692 | |
Günther Deschner | b05e4ed148 | |
Günther Deschner | e5dda56658 | |
Günther Deschner | f931b17773 | |
Zbigniew Jędrzejewski-Szmek | 18faec13bc | |
Günther Deschner | 45765aba68 | |
Günther Deschner | 83436d8564 | |
Andreas Schneider | 6cddc6448b | |
Andreas Schneider | 8f1e592d6a | |
Günther Deschner | e267c837dc | |
Andreas Schneider | 5e5dc1ede5 | |
Günther Deschner | 95450ee5f8 | |
Günther Deschner | 12217d454e | |
Alexander Bokovoy | 254400b459 | |
Tom Stellard | 8fff4f7c11 | |
Günther Deschner | ee8f8c2cd1 | |
Alexander Bokovoy | 0526d5b25f | |
Alexander Bokovoy | bcc551eafa | |
Alexander Bokovoy | 1d03aa069e | |
Alexander Bokovoy | 13eed773b0 | |
Andreas Schneider | 061477b3e7 | |
Andreas Schneider | 772e0d9aa6 | |
Andreas Schneider | 0867e962ba | |
Andreas Schneider | f88d234f14 | |
Andreas Schneider | 8316f0ac99 | |
Andreas Schneider | 0d567d3ab9 | |
Andreas Schneider | a324d7bf6f | |
Andreas Schneider | f3b2e2942f | |
Günther Deschner | c6b149506e | |
Günther Deschner | 19efd0180f | |
Günther Deschner | 5f0457d042 | |
Günther Deschner | b44802fb9c | |
Andreas Schneider | efa876d95a | |
Andreas Schneider | 04e828d22a | |
Andreas Schneider | 586addaaf8 | |
Andreas Schneider | 5856c50271 | |
Andreas Schneider | 36b4604ec1 | |
Andreas Schneider | f6c5528ad0 | |
Andreas Schneider | b1b788374b | |
Andreas Schneider | 7feea33409 | |
Andreas Schneider | a72748f232 | |
Andreas Schneider | f172c59a67 | |
Andreas Schneider | a04dd9958d | |
Andreas Schneider | cab0cecf58 | |
Andreas Schneider | 89d751d1bf | |
Andreas Schneider | 0ac733db9b | |
Andreas Schneider | a31119d9e4 | |
Alexander Bokovoy | 92693f66e9 | |
Alexander Bokovoy | 1e29c417eb | |
Isaac Boukris | a172510646 | |
Günther Deschner | b62fe79160 | |
Günther Deschner | c0da1c5303 | |
Günther Deschner | 0a5021c37e | |
Günther Deschner | 2804f931d0 | |
Günther Deschner | a2f88f217f | |
Neal Gompa | 41ab0cd76d | |
Günther Deschner | 692491a456 | |
Günther Deschner | a31354402a | |
Anoop C S | 57015c72af | |
Günther Deschner | 3f3c9ecde9 | |
Andreas Schneider | 67ed8f8f78 | |
Fedora Release Engineering | 0e393ad6d6 | |
Andreas Schneider | a000c31c78 | |
Tom Stellard | 2659a5f9b5 |
|
@ -211,3 +211,99 @@ samba-3.6.0pre1.tar.gz
|
|||
/samba-4.12.5.tar.asc
|
||||
/samba-4.13.0rc1.tar.xz
|
||||
/samba-4.13.0rc1.tar.asc
|
||||
/samba-4.13.0rc2.tar.xz
|
||||
/samba-4.13.0rc2.tar.asc
|
||||
/samba-4.13.0rc3.tar.xz
|
||||
/samba-4.13.0rc3.tar.asc
|
||||
/samba-4.13.0rc4.tar.xz
|
||||
/samba-4.13.0rc4.tar.asc
|
||||
/samba-4.13.0rc5.tar.xz
|
||||
/samba-4.13.0rc5.tar.asc
|
||||
/samba-4.13.0rc6.tar.xz
|
||||
/samba-4.13.0rc6.tar.asc
|
||||
/samba-4.13.0.tar.xz
|
||||
/samba-4.13.0.tar.asc
|
||||
/samba-4.13.1.tar.xz
|
||||
/samba-4.13.1.tar.asc
|
||||
/samba-4.13.2.tar.xz
|
||||
/samba-4.13.2.tar.asc
|
||||
/samba-4.13.3.tar.xz
|
||||
/samba-4.13.3.tar.asc
|
||||
/samba-4.13.4.tar.xz
|
||||
/samba-4.13.4.tar.asc
|
||||
/samba-4.14.0rc1.tar.xz
|
||||
/samba-4.14.0rc1.tar.asc
|
||||
/samba-4.14.0rc2.tar.xz
|
||||
/samba-4.14.0rc2.tar.asc
|
||||
/samba-4.14.0rc3.tar.xz
|
||||
/samba-4.14.0rc3.tar.asc
|
||||
/samba-4.14.0rc4.tar.xz
|
||||
/samba-4.14.0rc4.tar.asc
|
||||
/samba-4.14.0.tar.xz
|
||||
/samba-4.14.0.tar.asc
|
||||
/samba-4.14.1.tar.xz
|
||||
/samba-4.14.1.tar.asc
|
||||
/samba-4.14.2.tar.xz
|
||||
/samba-4.14.2.tar.asc
|
||||
/samba-4.14.3.tar.xz
|
||||
/samba-4.14.3.tar.asc
|
||||
/samba-4.14.4.tar.xz
|
||||
/samba-4.14.4.tar.asc
|
||||
/samba-4.14.5.tar.xz
|
||||
/samba-4.14.5.tar.asc
|
||||
/samba-4.14.6.tar.xz
|
||||
/samba-4.14.6.tar.asc
|
||||
/samba-4.15.0rc1.tar.xz
|
||||
/samba-4.15.0rc1.tar.asc
|
||||
/samba-4.15.0rc2.tar.xz
|
||||
/samba-4.15.0rc2.tar.asc
|
||||
/samba-4.15.0rc3.tar.xz
|
||||
/samba-4.15.0rc3.tar.asc
|
||||
/samba-4.15.0rc4.tar.xz
|
||||
/samba-4.15.0rc4.tar.asc
|
||||
/samba-4.15.0rc5.tar.xz
|
||||
/samba-4.15.0rc5.tar.asc
|
||||
/samba-4.15.0rc6.tar.xz
|
||||
/samba-4.15.0rc6.tar.asc
|
||||
/samba-4.15.0rc7.tar.xz
|
||||
/samba-4.15.0rc7.tar.asc
|
||||
/samba-4.15.0.tar.xz
|
||||
/samba-4.15.0.tar.asc
|
||||
/samba-4.15.1.tar.xz
|
||||
/samba-4.15.1.tar.asc
|
||||
/samba-4.15.2.tar.xz
|
||||
/samba-4.15.2.tar.asc
|
||||
/samba-4.15.3.tar.xz
|
||||
/samba-4.15.3.tar.asc
|
||||
/samba-4.15.4.tar.xz
|
||||
/samba-4.15.4.tar.asc
|
||||
/samba-4.16.0rc1.tar.xz
|
||||
/samba-4.16.0rc1.tar.asc
|
||||
/samba-4.16.0rc2.tar.xz
|
||||
/samba-4.16.0rc2.tar.asc
|
||||
/samba-4.16.0rc3.tar.xz
|
||||
/samba-4.16.0rc3.tar.asc
|
||||
/samba-4.16.0rc4.tar.xz
|
||||
/samba-4.16.0rc4.tar.asc
|
||||
/samba-4.16.0rc5.tar.xz
|
||||
/samba-4.16.0rc5.tar.asc
|
||||
/samba-4.16.0.tar.xz
|
||||
/samba-4.16.0.tar.asc
|
||||
/samba-4.16.1.tar.xz
|
||||
/samba-4.16.1.tar.asc
|
||||
/samba-4.16.2.tar.xz
|
||||
/samba-4.16.2.tar.asc
|
||||
/samba-4.16.3.tar.xz
|
||||
/samba-4.16.3.tar.asc
|
||||
/samba-4.16.4.tar.xz
|
||||
/samba-4.16.4.tar.asc
|
||||
/samba-4.16.5.tar.xz
|
||||
/samba-4.16.5.tar.asc
|
||||
/samba-4.16.6.tar.xz
|
||||
/samba-4.16.6.tar.asc
|
||||
/samba-4.16.7.tar.xz
|
||||
/samba-4.16.7.tar.asc
|
||||
/samba-4.16.8.tar.xz
|
||||
/samba-4.16.8.tar.asc
|
||||
/samba-4.16.9.tar.xz
|
||||
/samba-4.16.9.tar.asc
|
||||
|
|
|
@ -1,3 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
/usr/lib/rpm/perl.req $* | grep -E -v '(Net::LDAP|Crypt::SmbHash|CGI|Unicode::MapUTF8|smbldap_tools|Carp|Convert::ASN1|Getopt::Long|Getopt::Std|IO::Socket|POSIX|Time::Local|strict)'
|
Binary file not shown.
|
@ -0,0 +1,20 @@
|
|||
---
|
||||
badfuncs:
|
||||
ignore:
|
||||
- /usr/bin/nmblookup
|
||||
- /usr/bin/smbtorture
|
||||
- /usr/lib*/libndr.so.*
|
||||
- /usr/lib*/libsmbconf.so.*
|
||||
- /usr/lib*/samba/libgse-samba4.so
|
||||
- /usr/lib*/samba/libsamba-sockets-samba4.so
|
||||
- /usr/lib*/samba/service/nbtd.so
|
||||
- /usr/libexec/ctdb/smnotify
|
||||
- /usr/sbin/nmbd
|
||||
|
||||
runpath:
|
||||
allowed_paths:
|
||||
- /usr/lib/samba
|
||||
- /usr/lib64/samba
|
||||
|
||||
abidiff:
|
||||
suppression_file: samba.abignore
|
|
@ -0,0 +1,77 @@
|
|||
From 41d3efebcf6abab9119f9b0f97c86c1c48739fee Mon Sep 17 00:00:00 2001
|
||||
From: Andreas Schneider <asn@samba.org>
|
||||
Date: Mon, 4 Apr 2022 11:24:04 +0200
|
||||
Subject: [PATCH 1/2] waf: Check for GnuTLS earlier
|
||||
|
||||
As GnuTLS is an essential part we need to check for it early so we can react on
|
||||
GnuTLS features in other wscripts.
|
||||
|
||||
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||
---
|
||||
wscript | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/wscript b/wscript
|
||||
index d8220b35095..5b85d9a1682 100644
|
||||
--- a/wscript
|
||||
+++ b/wscript
|
||||
@@ -189,6 +189,8 @@ def configure(conf):
|
||||
conf.RECURSE('dynconfig')
|
||||
conf.RECURSE('selftest')
|
||||
|
||||
+ conf.PROCESS_SEPARATE_RULE('system_gnutls')
|
||||
+
|
||||
conf.CHECK_CFG(package='zlib', minversion='1.2.3',
|
||||
args='--cflags --libs',
|
||||
mandatory=True)
|
||||
@@ -297,8 +299,6 @@ def configure(conf):
|
||||
if not conf.CONFIG_GET('KRB5_VENDOR'):
|
||||
conf.PROCESS_SEPARATE_RULE('embedded_heimdal')
|
||||
|
||||
- conf.PROCESS_SEPARATE_RULE('system_gnutls')
|
||||
-
|
||||
conf.RECURSE('source4/dsdb/samdb/ldb_modules')
|
||||
conf.RECURSE('source4/ntvfs/sysdep')
|
||||
conf.RECURSE('lib/util')
|
||||
--
|
||||
2.35.1
|
||||
|
||||
|
||||
From 63701a28116afc1550c23cb5f7b9d6e366fd1270 Mon Sep 17 00:00:00 2001
|
||||
From: Andreas Schneider <asn@samba.org>
|
||||
Date: Mon, 4 Apr 2022 11:25:31 +0200
|
||||
Subject: [PATCH 2/2] third_party:waf: Do not recurse in aesni-intel if GnuTLS
|
||||
provides the cipher
|
||||
|
||||
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||
---
|
||||
third_party/wscript | 6 ++++--
|
||||
1 file changed, 4 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/third_party/wscript b/third_party/wscript
|
||||
index 1f4bc1ce1d7..a17c15bcaa7 100644
|
||||
--- a/third_party/wscript
|
||||
+++ b/third_party/wscript
|
||||
@@ -5,7 +5,8 @@ from waflib import Options
|
||||
def configure(conf):
|
||||
conf.RECURSE('cmocka')
|
||||
conf.RECURSE('popt')
|
||||
- conf.RECURSE('aesni-intel')
|
||||
+ if not conf.CONFIG_SET('HAVE_GNUTLS_AES_CMAC'):
|
||||
+ conf.RECURSE('aesni-intel')
|
||||
if conf.CONFIG_GET('ENABLE_SELFTEST'):
|
||||
conf.RECURSE('socket_wrapper')
|
||||
conf.RECURSE('nss_wrapper')
|
||||
@@ -18,7 +19,8 @@ def configure(conf):
|
||||
def build(bld):
|
||||
bld.RECURSE('cmocka')
|
||||
bld.RECURSE('popt')
|
||||
- bld.RECURSE('aesni-intel')
|
||||
+ if not bld.CONFIG_SET('HAVE_GNUTLS_AES_CMAC'):
|
||||
+ bld.RECURSE('aesni-intel')
|
||||
if bld.CONFIG_GET('SOCKET_WRAPPER'):
|
||||
bld.RECURSE('socket_wrapper')
|
||||
if bld.CONFIG_GET('NSS_WRAPPER'):
|
||||
--
|
||||
2.35.1
|
||||
|
Binary file not shown.
|
@ -0,0 +1,642 @@
|
|||
From 5d7ec9a00b6f4c6768c606d37d235415f2006445 Mon Sep 17 00:00:00 2001
|
||||
From: Isaac Boukris <iboukris@gmail.com>
|
||||
Date: Fri, 27 Sep 2019 18:25:03 +0300
|
||||
Subject: [PATCH 1/3] mit-kdc: add basic loacl realm S4U support
|
||||
|
||||
Signed-off-by: Isaac Boukris <iboukris@gmail.com>
|
||||
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
|
||||
---
|
||||
source4/kdc/mit-kdb/kdb_samba_policies.c | 124 +++++++++++------------
|
||||
source4/kdc/mit_samba.c | 47 ++-------
|
||||
source4/kdc/mit_samba.h | 6 +-
|
||||
3 files changed, 71 insertions(+), 106 deletions(-)
|
||||
|
||||
diff --git a/source4/kdc/mit-kdb/kdb_samba_policies.c b/source4/kdc/mit-kdb/kdb_samba_policies.c
|
||||
index 793fe366c35..22534c09974 100644
|
||||
--- a/source4/kdc/mit-kdb/kdb_samba_policies.c
|
||||
+++ b/source4/kdc/mit-kdb/kdb_samba_policies.c
|
||||
@@ -200,13 +200,17 @@ static krb5_error_code ks_verify_pac(krb5_context context,
|
||||
krb5_keyblock *krbtgt_key,
|
||||
krb5_timestamp authtime,
|
||||
krb5_authdata **tgt_auth_data,
|
||||
- krb5_pac *pac)
|
||||
+ krb5_pac *out_pac)
|
||||
{
|
||||
struct mit_samba_context *mit_ctx;
|
||||
krb5_authdata **authdata = NULL;
|
||||
- krb5_pac ipac = NULL;
|
||||
- DATA_BLOB logon_data = { NULL, 0 };
|
||||
+ krb5_keyblock *header_server_key = NULL;
|
||||
+ krb5_key_data *impersonator_kd = NULL;
|
||||
+ krb5_keyblock impersonator_key = {0};
|
||||
krb5_error_code code;
|
||||
+ krb5_pac pac;
|
||||
+
|
||||
+ *out_pac = NULL;
|
||||
|
||||
mit_ctx = ks_get_context(context);
|
||||
if (mit_ctx == NULL) {
|
||||
@@ -238,41 +242,43 @@ static krb5_error_code ks_verify_pac(krb5_context context,
|
||||
code = krb5_pac_parse(context,
|
||||
authdata[0]->contents,
|
||||
authdata[0]->length,
|
||||
- &ipac);
|
||||
+ &pac);
|
||||
if (code != 0) {
|
||||
goto done;
|
||||
}
|
||||
|
||||
- /* TODO: verify this is correct
|
||||
- *
|
||||
- * In the constrained delegation case, the PAC is from a service
|
||||
- * ticket rather than a TGT; we must verify the server and KDC
|
||||
- * signatures to assert that the server did not forge the PAC.
|
||||
+ /*
|
||||
+ * For constrained delegation in MIT version < 1.18 we aren't provided
|
||||
+ * with the 2nd ticket server key to verify the PAC.
|
||||
+ * We can workaround that by fetching the key from the client db entry,
|
||||
+ * which is the impersonator account in that version.
|
||||
+ * TODO: use the provided entry in the new 1.18 version.
|
||||
*/
|
||||
if (flags & KRB5_KDB_FLAG_CONSTRAINED_DELEGATION) {
|
||||
- code = krb5_pac_verify(context,
|
||||
- ipac,
|
||||
- authtime,
|
||||
- client_princ,
|
||||
- server_key,
|
||||
- krbtgt_key);
|
||||
+ /* The impersonator must be local. */
|
||||
+ if (client == NULL) {
|
||||
+ code = KRB5KDC_ERR_BADOPTION;
|
||||
+ goto done;
|
||||
+ }
|
||||
+ /* Fetch and decrypt 2nd ticket server's current key. */
|
||||
+ code = krb5_dbe_find_enctype(context, client, -1, -1, 0,
|
||||
+ &impersonator_kd);
|
||||
+ if (code != 0) {
|
||||
+ goto done;
|
||||
+ }
|
||||
+ code = krb5_dbe_decrypt_key_data(context, NULL,
|
||||
+ impersonator_kd,
|
||||
+ &impersonator_key, NULL);
|
||||
+ if (code != 0) {
|
||||
+ goto done;
|
||||
+ }
|
||||
+ header_server_key = &impersonator_key;
|
||||
} else {
|
||||
- code = krb5_pac_verify(context,
|
||||
- ipac,
|
||||
- authtime,
|
||||
- client_princ,
|
||||
- krbtgt_key,
|
||||
- NULL);
|
||||
- }
|
||||
- if (code != 0) {
|
||||
- goto done;
|
||||
+ header_server_key = krbtgt_key;
|
||||
}
|
||||
|
||||
- /* check and update PAC */
|
||||
- code = krb5_pac_parse(context,
|
||||
- authdata[0]->contents,
|
||||
- authdata[0]->length,
|
||||
- pac);
|
||||
+ code = krb5_pac_verify(context, pac, authtime, client_princ,
|
||||
+ header_server_key, NULL);
|
||||
if (code != 0) {
|
||||
goto done;
|
||||
}
|
||||
@@ -280,17 +286,22 @@ static krb5_error_code ks_verify_pac(krb5_context context,
|
||||
code = mit_samba_reget_pac(mit_ctx,
|
||||
context,
|
||||
flags,
|
||||
- client_princ,
|
||||
client,
|
||||
server,
|
||||
krbtgt,
|
||||
krbtgt_key,
|
||||
- pac);
|
||||
+ &pac);
|
||||
+ if (code != 0) {
|
||||
+ goto done;
|
||||
+ }
|
||||
+
|
||||
+ *out_pac = pac;
|
||||
+ pac = NULL;
|
||||
|
||||
done:
|
||||
+ krb5_free_keyblock_contents(context, &impersonator_key);
|
||||
krb5_free_authdata(context, authdata);
|
||||
- krb5_pac_free(context, ipac);
|
||||
- free(logon_data.data);
|
||||
+ krb5_pac_free(context, pac);
|
||||
|
||||
return code;
|
||||
}
|
||||
@@ -319,6 +330,7 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
|
||||
krb5_authdata **pac_auth_data = NULL;
|
||||
krb5_authdata **authdata = NULL;
|
||||
krb5_boolean is_as_req;
|
||||
+ krb5_const_principal pac_client;
|
||||
krb5_error_code code;
|
||||
krb5_pac pac = NULL;
|
||||
krb5_data pac_data;
|
||||
@@ -330,11 +342,6 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
|
||||
krbtgt = krbtgt == NULL ? local_krbtgt : krbtgt;
|
||||
krbtgt_key = krbtgt_key == NULL ? local_krbtgt_key : krbtgt_key;
|
||||
|
||||
- /* FIXME: We don't support S4U yet */
|
||||
- if (flags & KRB5_KDB_FLAGS_S4U) {
|
||||
- return KRB5_KDB_DBTYPE_NOSUP;
|
||||
- }
|
||||
-
|
||||
is_as_req = ((flags & KRB5_KDB_FLAG_CLIENT_REFERRALS_ONLY) != 0);
|
||||
|
||||
/*
|
||||
@@ -395,6 +402,16 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
|
||||
ks_client_princ = client->princ;
|
||||
}
|
||||
|
||||
+ /* In protocol transition, we are currently not provided with the tgt
|
||||
+ * client name to verify the PAC, we could probably skip the name
|
||||
+ * verification and just verify the signatures, but since we don't
|
||||
+ * support cross-realm nor aliases, we can just use server->princ */
|
||||
+ if (flags & KRB5_KDB_FLAG_PROTOCOL_TRANSITION) {
|
||||
+ pac_client = server->princ;
|
||||
+ } else {
|
||||
+ pac_client = ks_client_princ;
|
||||
+ }
|
||||
+
|
||||
if (client_entry == NULL) {
|
||||
client_entry = client;
|
||||
}
|
||||
@@ -469,7 +486,7 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
|
||||
|
||||
code = ks_verify_pac(context,
|
||||
flags,
|
||||
- ks_client_princ,
|
||||
+ pac_client,
|
||||
client_entry,
|
||||
server,
|
||||
krbtgt,
|
||||
@@ -515,7 +532,7 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
|
||||
is_as_req ? "AS-REQ" : "TGS-REQ",
|
||||
client_name);
|
||||
code = krb5_pac_sign(context, pac, authtime, ks_client_princ,
|
||||
- server_key, krbtgt_key, &pac_data);
|
||||
+ server_key, krbtgt_key, &pac_data);
|
||||
if (code != 0) {
|
||||
DBG_ERR("krb5_pac_sign failed: %d\n", code);
|
||||
goto done;
|
||||
@@ -541,12 +558,6 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
|
||||
KRB5_AUTHDATA_IF_RELEVANT,
|
||||
authdata,
|
||||
signed_auth_data);
|
||||
- if (code != 0) {
|
||||
- goto done;
|
||||
- }
|
||||
-
|
||||
- code = 0;
|
||||
-
|
||||
done:
|
||||
if (client_entry != NULL && client_entry != client) {
|
||||
ks_free_principal(context, client_entry);
|
||||
@@ -572,32 +583,13 @@ krb5_error_code kdb_samba_db_check_allowed_to_delegate(krb5_context context,
|
||||
* server; -> delegating service
|
||||
* proxy; -> target principal
|
||||
*/
|
||||
- krb5_db_entry *delegating_service = discard_const_p(krb5_db_entry, server);
|
||||
-
|
||||
- char *target_name = NULL;
|
||||
- bool is_enterprise;
|
||||
- krb5_error_code code;
|
||||
|
||||
mit_ctx = ks_get_context(context);
|
||||
if (mit_ctx == NULL) {
|
||||
return KRB5_KDB_DBNOTINITED;
|
||||
}
|
||||
|
||||
- code = krb5_unparse_name(context, proxy, &target_name);
|
||||
- if (code) {
|
||||
- goto done;
|
||||
- }
|
||||
-
|
||||
- is_enterprise = (proxy->type == KRB5_NT_ENTERPRISE_PRINCIPAL);
|
||||
-
|
||||
- code = mit_samba_check_s4u2proxy(mit_ctx,
|
||||
- delegating_service,
|
||||
- target_name,
|
||||
- is_enterprise);
|
||||
-
|
||||
-done:
|
||||
- free(target_name);
|
||||
- return code;
|
||||
+ return mit_samba_check_s4u2proxy(mit_ctx, server, proxy);
|
||||
}
|
||||
|
||||
|
||||
diff --git a/source4/kdc/mit_samba.c b/source4/kdc/mit_samba.c
|
||||
index cb72b5de294..03c2c2ea1de 100644
|
||||
--- a/source4/kdc/mit_samba.c
|
||||
+++ b/source4/kdc/mit_samba.c
|
||||
@@ -517,7 +517,6 @@ int mit_samba_get_pac(struct mit_samba_context *smb_ctx,
|
||||
krb5_error_code mit_samba_reget_pac(struct mit_samba_context *ctx,
|
||||
krb5_context context,
|
||||
int flags,
|
||||
- krb5_const_principal client_principal,
|
||||
krb5_db_entry *client,
|
||||
krb5_db_entry *server,
|
||||
krb5_db_entry *krbtgt,
|
||||
@@ -689,7 +688,7 @@ krb5_error_code mit_samba_reget_pac(struct mit_samba_context *ctx,
|
||||
context,
|
||||
*pac,
|
||||
server->princ,
|
||||
- discard_const(client_principal),
|
||||
+ client->princ,
|
||||
deleg_blob);
|
||||
if (!NT_STATUS_IS_OK(nt_status)) {
|
||||
DEBUG(0, ("Update delegation info failed: %s\n",
|
||||
@@ -1081,41 +1080,17 @@ int mit_samba_check_client_access(struct mit_samba_context *ctx,
|
||||
}
|
||||
|
||||
int mit_samba_check_s4u2proxy(struct mit_samba_context *ctx,
|
||||
- krb5_db_entry *kentry,
|
||||
- const char *target_name,
|
||||
- bool is_nt_enterprise_name)
|
||||
+ const krb5_db_entry *server,
|
||||
+ krb5_const_principal target_principal)
|
||||
{
|
||||
-#if 1
|
||||
- /*
|
||||
- * This is disabled because mit_samba_update_pac_data() does not handle
|
||||
- * S4U_DELEGATION_INFO
|
||||
- */
|
||||
-
|
||||
- return KRB5KDC_ERR_BADOPTION;
|
||||
-#else
|
||||
- krb5_principal target_principal;
|
||||
- int flags = 0;
|
||||
- int ret;
|
||||
-
|
||||
- if (is_nt_enterprise_name) {
|
||||
- flags = KRB5_PRINCIPAL_PARSE_ENTERPRISE;
|
||||
- }
|
||||
-
|
||||
- ret = krb5_parse_name_flags(ctx->context, target_name,
|
||||
- flags, &target_principal);
|
||||
- if (ret) {
|
||||
- return ret;
|
||||
- }
|
||||
-
|
||||
- ret = samba_kdc_check_s4u2proxy(ctx->context,
|
||||
- ctx->db_ctx,
|
||||
- skdc_entry,
|
||||
- target_principal);
|
||||
-
|
||||
- krb5_free_principal(ctx->context, target_principal);
|
||||
-
|
||||
- return ret;
|
||||
-#endif
|
||||
+ struct samba_kdc_entry *server_skdc_entry =
|
||||
+ talloc_get_type_abort(server->e_data,
|
||||
+ struct samba_kdc_entry);
|
||||
+
|
||||
+ return samba_kdc_check_s4u2proxy(ctx->context,
|
||||
+ ctx->db_ctx,
|
||||
+ server_skdc_entry,
|
||||
+ target_principal);
|
||||
}
|
||||
|
||||
static krb5_error_code mit_samba_change_pwd_error(krb5_context context,
|
||||
diff --git a/source4/kdc/mit_samba.h b/source4/kdc/mit_samba.h
|
||||
index 4431e82a1b2..9370ab533af 100644
|
||||
--- a/source4/kdc/mit_samba.h
|
||||
+++ b/source4/kdc/mit_samba.h
|
||||
@@ -57,7 +57,6 @@ int mit_samba_get_pac(struct mit_samba_context *smb_ctx,
|
||||
krb5_error_code mit_samba_reget_pac(struct mit_samba_context *ctx,
|
||||
krb5_context context,
|
||||
int flags,
|
||||
- krb5_const_principal client_principal,
|
||||
krb5_db_entry *client,
|
||||
krb5_db_entry *server,
|
||||
krb5_db_entry *krbtgt,
|
||||
@@ -74,9 +73,8 @@ int mit_samba_check_client_access(struct mit_samba_context *ctx,
|
||||
DATA_BLOB *e_data);
|
||||
|
||||
int mit_samba_check_s4u2proxy(struct mit_samba_context *ctx,
|
||||
- krb5_db_entry *kentry,
|
||||
- const char *target_name,
|
||||
- bool is_nt_enterprise_name);
|
||||
+ const krb5_db_entry *server,
|
||||
+ krb5_const_principal target_principal);
|
||||
|
||||
int mit_samba_kpasswd_change_password(struct mit_samba_context *ctx,
|
||||
char *pwd,
|
||||
--
|
||||
2.37.1
|
||||
|
||||
|
||||
From 325912375cf54743ab8ea557172a72b870002e9f Mon Sep 17 00:00:00 2001
|
||||
From: Isaac Boukris <iboukris@gmail.com>
|
||||
Date: Fri, 27 Sep 2019 18:35:30 +0300
|
||||
Subject: [PATCH 2/3] krb5-mit: enable S4U client support for MIT build
|
||||
|
||||
Signed-off-by: Isaac Boukris <iboukris@gmail.com>
|
||||
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
|
||||
---
|
||||
lib/krb5_wrap/krb5_samba.c | 185 ++++++++++++++++++++++++++
|
||||
lib/krb5_wrap/krb5_samba.h | 2 -
|
||||
source4/auth/kerberos/kerberos_util.c | 11 --
|
||||
3 files changed, 185 insertions(+), 13 deletions(-)
|
||||
|
||||
diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c
|
||||
index 4321f07ca09..3fd95e47fca 100644
|
||||
--- a/lib/krb5_wrap/krb5_samba.c
|
||||
+++ b/lib/krb5_wrap/krb5_samba.c
|
||||
@@ -2702,6 +2702,191 @@ krb5_error_code smb_krb5_kinit_s4u2_ccache(krb5_context ctx,
|
||||
|
||||
return 0;
|
||||
}
|
||||
+
|
||||
+#else /* MIT */
|
||||
+
|
||||
+static bool princ_compare_no_dollar(krb5_context ctx,
|
||||
+ krb5_principal a,
|
||||
+ krb5_principal b)
|
||||
+{
|
||||
+ bool cmp;
|
||||
+ krb5_principal mod = NULL;
|
||||
+
|
||||
+ if (a->length == 1 && b->length == 1 &&
|
||||
+ a->data[0].length != 0 && b->data[0].length != 0 &&
|
||||
+ a->data[0].data[a->data[0].length -1] !=
|
||||
+ b->data[0].data[b->data[0].length -1]) {
|
||||
+ if (a->data[0].data[a->data[0].length -1] == '$') {
|
||||
+ mod = a;
|
||||
+ mod->data[0].length--;
|
||||
+ } else if (b->data[0].data[b->data[0].length -1] == '$') {
|
||||
+ mod = b;
|
||||
+ mod->data[0].length--;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ cmp = krb5_principal_compare_flags(ctx, a, b,
|
||||
+ KRB5_PRINCIPAL_COMPARE_CASEFOLD);
|
||||
+
|
||||
+ if (mod != NULL) {
|
||||
+ mod->data[0].length++;
|
||||
+ }
|
||||
+
|
||||
+ return cmp;
|
||||
+}
|
||||
+
|
||||
+krb5_error_code smb_krb5_kinit_s4u2_ccache(krb5_context ctx,
|
||||
+ krb5_ccache store_cc,
|
||||
+ krb5_principal init_principal,
|
||||
+ const char *init_password,
|
||||
+ krb5_principal impersonate_principal,
|
||||
+ const char *self_service,
|
||||
+ const char *target_service,
|
||||
+ krb5_get_init_creds_opt *krb_options,
|
||||
+ time_t *expire_time,
|
||||
+ time_t *kdc_time)
|
||||
+{
|
||||
+ krb5_error_code code;
|
||||
+ krb5_principal self_princ = NULL;
|
||||
+ krb5_principal target_princ = NULL;
|
||||
+ krb5_creds *store_creds;
|
||||
+ krb5_creds *s4u2self_creds = NULL;
|
||||
+ krb5_creds *s4u2proxy_creds = NULL;
|
||||
+ krb5_creds init_creds = {0};
|
||||
+ krb5_creds mcreds = {0};
|
||||
+ krb5_flags options = KRB5_GC_NO_STORE;
|
||||
+ krb5_ccache tmp_cc;
|
||||
+ bool s4u2proxy;
|
||||
+
|
||||
+ code = krb5_cc_new_unique(ctx, "MEMORY", NULL, &tmp_cc);
|
||||
+ if (code != 0) {
|
||||
+ return code;
|
||||
+ }
|
||||
+
|
||||
+ code = krb5_get_init_creds_password(ctx, &init_creds,
|
||||
+ init_principal,
|
||||
+ init_password,
|
||||
+ NULL, NULL,
|
||||
+ 0,
|
||||
+ NULL,
|
||||
+ krb_options);
|
||||
+ if (code != 0) {
|
||||
+ goto done;
|
||||
+ }
|
||||
+
|
||||
+ code = krb5_cc_initialize(ctx, tmp_cc, init_creds.client);
|
||||
+ if (code != 0) {
|
||||
+ goto done;
|
||||
+ }
|
||||
+
|
||||
+ code = krb5_cc_store_cred(ctx, tmp_cc, &init_creds);
|
||||
+ if (code != 0) {
|
||||
+ goto done;
|
||||
+ }
|
||||
+
|
||||
+ /*
|
||||
+ * Check if we also need S4U2Proxy or if S4U2Self is
|
||||
+ * enough in order to get a ticket for the target.
|
||||
+ */
|
||||
+ if (target_service == NULL) {
|
||||
+ s4u2proxy = false;
|
||||
+ } else if (strcmp(target_service, self_service) == 0) {
|
||||
+ s4u2proxy = false;
|
||||
+ } else {
|
||||
+ s4u2proxy = true;
|
||||
+ }
|
||||
+
|
||||
+ code = krb5_parse_name(ctx, self_service, &self_princ);
|
||||
+ if (code != 0) {
|
||||
+ goto done;
|
||||
+ }
|
||||
+
|
||||
+ /* MIT lacks aliases support in S4U, for S4U2Self we require the tgt
|
||||
+ * client and the request server to be the same principal name. */
|
||||
+ if (!princ_compare_no_dollar(ctx, init_creds.client, self_princ)) {
|
||||
+ code = KRB5KDC_ERR_PADATA_TYPE_NOSUPP;
|
||||
+ goto done;
|
||||
+ }
|
||||
+
|
||||
+ mcreds.client = impersonate_principal;
|
||||
+ mcreds.server = init_creds.client;
|
||||
+
|
||||
+ code = krb5_get_credentials_for_user(ctx, options, tmp_cc, &mcreds,
|
||||
+ NULL, &s4u2self_creds);
|
||||
+ if (code != 0) {
|
||||
+ goto done;
|
||||
+ }
|
||||
+
|
||||
+ if (s4u2proxy) {
|
||||
+ code = krb5_parse_name(ctx, target_service, &target_princ);
|
||||
+ if (code != 0) {
|
||||
+ goto done;
|
||||
+ }
|
||||
+
|
||||
+ mcreds.client = init_creds.client;
|
||||
+ mcreds.server = target_princ;
|
||||
+ mcreds.second_ticket = s4u2self_creds->ticket;
|
||||
+
|
||||
+ code = krb5_get_credentials(ctx, options |
|
||||
+ KRB5_GC_CONSTRAINED_DELEGATION,
|
||||
+ tmp_cc, &mcreds, &s4u2proxy_creds);
|
||||
+ if (code != 0) {
|
||||
+ goto done;
|
||||
+ }
|
||||
+
|
||||
+ /* Check KDC support of S4U2Proxy extension */
|
||||
+ if (!krb5_principal_compare(ctx, s4u2self_creds->client,
|
||||
+ s4u2proxy_creds->client)) {
|
||||
+ code = KRB5KDC_ERR_PADATA_TYPE_NOSUPP;
|
||||
+ goto done;
|
||||
+ }
|
||||
+
|
||||
+ store_creds = s4u2proxy_creds;
|
||||
+ } else {
|
||||
+ store_creds = s4u2self_creds;;
|
||||
+
|
||||
+ /* We need to save the ticket with the requested server name
|
||||
+ * or the caller won't be able to find it in cache. */
|
||||
+ if (!krb5_principal_compare(ctx, self_princ,
|
||||
+ store_creds->server)) {
|
||||
+ krb5_free_principal(ctx, store_creds->server);
|
||||
+ store_creds->server = NULL;
|
||||
+ code = krb5_copy_principal(ctx, self_princ,
|
||||
+ &store_creds->server);
|
||||
+ if (code != 0) {
|
||||
+ goto done;
|
||||
+ }
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ code = krb5_cc_initialize(ctx, store_cc, store_creds->client);
|
||||
+ if (code != 0) {
|
||||
+ goto done;
|
||||
+ }
|
||||
+
|
||||
+ code = krb5_cc_store_cred(ctx, store_cc, store_creds);
|
||||
+ if (code != 0) {
|
||||
+ goto done;
|
||||
+ }
|
||||
+
|
||||
+ if (expire_time) {
|
||||
+ *expire_time = (time_t) store_creds->times.endtime;
|
||||
+ }
|
||||
+
|
||||
+ if (kdc_time) {
|
||||
+ *kdc_time = (time_t) store_creds->times.starttime;
|
||||
+ }
|
||||
+
|
||||
+done:
|
||||
+ krb5_cc_destroy(ctx, tmp_cc);
|
||||
+ krb5_free_cred_contents(ctx, &init_creds);
|
||||
+ krb5_free_creds(ctx, s4u2self_creds);
|
||||
+ krb5_free_creds(ctx, s4u2proxy_creds);
|
||||
+ krb5_free_principal(ctx, self_princ);
|
||||
+ krb5_free_principal(ctx, target_princ);
|
||||
+
|
||||
+ return code;
|
||||
+}
|
||||
#endif
|
||||
|
||||
#if !defined(HAVE_KRB5_MAKE_PRINCIPAL) && defined(HAVE_KRB5_BUILD_PRINCIPAL_ALLOC_VA)
|
||||
diff --git a/lib/krb5_wrap/krb5_samba.h b/lib/krb5_wrap/krb5_samba.h
|
||||
index a66b7465530..c8573f52bd9 100644
|
||||
--- a/lib/krb5_wrap/krb5_samba.h
|
||||
+++ b/lib/krb5_wrap/krb5_samba.h
|
||||
@@ -252,7 +252,6 @@ krb5_error_code smb_krb5_kinit_password_ccache(krb5_context ctx,
|
||||
krb5_get_init_creds_opt *krb_options,
|
||||
time_t *expire_time,
|
||||
time_t *kdc_time);
|
||||
-#ifdef SAMBA4_USES_HEIMDAL
|
||||
krb5_error_code smb_krb5_kinit_s4u2_ccache(krb5_context ctx,
|
||||
krb5_ccache store_cc,
|
||||
krb5_principal init_principal,
|
||||
@@ -263,7 +262,6 @@ krb5_error_code smb_krb5_kinit_s4u2_ccache(krb5_context ctx,
|
||||
krb5_get_init_creds_opt *krb_options,
|
||||
time_t *expire_time,
|
||||
time_t *kdc_time);
|
||||
-#endif
|
||||
|
||||
#if defined(HAVE_KRB5_MAKE_PRINCIPAL)
|
||||
#define smb_krb5_make_principal krb5_make_principal
|
||||
diff --git a/source4/auth/kerberos/kerberos_util.c b/source4/auth/kerberos/kerberos_util.c
|
||||
index 544d9d853cc..c14d8c72d8c 100644
|
||||
--- a/source4/auth/kerberos/kerberos_util.c
|
||||
+++ b/source4/auth/kerberos/kerberos_util.c
|
||||
@@ -234,9 +234,7 @@ done:
|
||||
{
|
||||
krb5_error_code ret;
|
||||
const char *password;
|
||||
-#ifdef SAMBA4_USES_HEIMDAL
|
||||
const char *self_service;
|
||||
-#endif
|
||||
const char *target_service;
|
||||
time_t kdc_time = 0;
|
||||
krb5_principal princ;
|
||||
@@ -268,9 +266,7 @@ done:
|
||||
return ret;
|
||||
}
|
||||
|
||||
-#ifdef SAMBA4_USES_HEIMDAL
|
||||
self_service = cli_credentials_get_self_service(credentials);
|
||||
-#endif
|
||||
target_service = cli_credentials_get_target_service(credentials);
|
||||
|
||||
password = cli_credentials_get_password(credentials);
|
||||
@@ -331,7 +327,6 @@ done:
|
||||
#endif
|
||||
if (password) {
|
||||
if (impersonate_principal) {
|
||||
-#ifdef SAMBA4_USES_HEIMDAL
|
||||
ret = smb_krb5_kinit_s4u2_ccache(smb_krb5_context->krb5_context,
|
||||
ccache,
|
||||
princ,
|
||||
@@ -342,12 +337,6 @@ done:
|
||||
krb_options,
|
||||
NULL,
|
||||
&kdc_time);
|
||||
-#else
|
||||
- talloc_free(mem_ctx);
|
||||
- (*error_string) = "INTERNAL error: s4u2 ops "
|
||||
- "are not supported with MIT build yet";
|
||||
- return EINVAL;
|
||||
-#endif
|
||||
} else {
|
||||
ret = smb_krb5_kinit_password_ccache(smb_krb5_context->krb5_context,
|
||||
ccache,
|
||||
--
|
||||
2.37.1
|
||||
|
||||
|
||||
From a5713b1558192f24348f7794da84bf65cf78e6ec Mon Sep 17 00:00:00 2001
|
||||
From: Isaac Boukris <iboukris@gmail.com>
|
||||
Date: Sat, 19 Sep 2020 14:16:20 +0200
|
||||
Subject: [PATCH 3/3] wip: for canonicalization with new MIT kdc code
|
||||
|
||||
---
|
||||
source4/kdc/mit_samba.c | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/source4/kdc/mit_samba.c b/source4/kdc/mit_samba.c
|
||||
index 03c2c2ea1de..30fade56531 100644
|
||||
--- a/source4/kdc/mit_samba.c
|
||||
+++ b/source4/kdc/mit_samba.c
|
||||
@@ -232,6 +232,9 @@ int mit_samba_get_principal(struct mit_samba_context *ctx,
|
||||
if (kflags & KRB5_KDB_FLAG_CANONICALIZE) {
|
||||
sflags |= SDB_F_CANON;
|
||||
}
|
||||
+#if KRB5_KDB_API_VERSION >= 10
|
||||
+ sflags |= SDB_F_FORCE_CANON;
|
||||
+#endif
|
||||
if (kflags & (KRB5_KDB_FLAG_CLIENT_REFERRALS_ONLY |
|
||||
KRB5_KDB_FLAG_INCLUDE_PAC)) {
|
||||
/*
|
||||
--
|
||||
2.37.1
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
#################################################
|
||||
# This is a grouping library without any code
|
||||
#################################################
|
||||
[suppress_file]
|
||||
file_name_regexp=.*libdcerpc-samr\\.so.*
|
1416
samba.spec
1416
samba.spec
File diff suppressed because it is too large
Load Diff
|
@ -281,7 +281,7 @@
|
|||
|
||||
[printers]
|
||||
comment = All Printers
|
||||
path = /var/spool/samba
|
||||
path = /var/tmp
|
||||
browseable = no
|
||||
guest ok = no
|
||||
writable = no
|
||||
|
|
|
@ -2,6 +2,10 @@
|
|||
# read the smb.conf manpage.
|
||||
# Run 'testparm' to verify the config is correct after
|
||||
# you modified it.
|
||||
#
|
||||
# Note:
|
||||
# SMB1 is disabled by default. This means clients without support for SMB2 or
|
||||
# SMB3 are no longer able to connect to smbd (by default).
|
||||
|
||||
[global]
|
||||
workgroup = SAMBA
|
||||
|
|
4
sources
4
sources
|
@ -1,2 +1,2 @@
|
|||
SHA512 (samba-4.13.0rc1.tar.xz) = 3e6d431998907ad8c81f488ddf78dcef5fd6a4cdf8ca684e5ad0ce9bf7217d82fcca7501155446c83d804f939bea7012f1d37c1f738d8ec7bc769a9148a6592a
|
||||
SHA512 (samba-4.13.0rc1.tar.asc) = 6dfe9467fd7fd28db91ae15fa3314a7707cfeb88c8ecd2af532d57614bec311119546a2fd4ced71063df9b7d6879a62f9ba512ae05d494323e0362a5492d33fa
|
||||
SHA512 (samba-4.16.9.tar.xz) = 5ec51b7576b6171bc15653906ed3412ccb7ab383e93791723d5845b7181395473a88be51d19c28bf6b212ca903dea3c24cdd1449222e6f3643bc7cda10049d84
|
||||
SHA512 (samba-4.16.9.tar.asc) = 75409da7d935185f567c9342175ba967dd068067a727e2adb9cbfb333c1789a9d9f8d365abbade8f29de4eceadf0f3e9c349e5fab9384adc1750a9459a995174
|
||||
|
|
Loading…
Reference in New Issue