.gear/rules | 3 + .../tags/177ca58c2bf474dfea9b538f55e5ffad7a6f0dbe | 12 + .../tags/18d701bbbf26fedf022296e08d6329dcb9e3db26 | 12 + .../tags/2d9729a45cd0320ed0476129114ed651a36bfd7a | 13 + .../tags/38ec552630155029e02f3c5ce062a1156d4d9574 | 13 + .../tags/3ba0bc501c62b8fe3f2484ba1a1edea8c50b5271 | 12 + .../tags/3bf68e65fe17538e58be86fe8e94ae32269e425f | 12 + .../tags/56543df558c63d1235600a320868cea5dfe72ad8 | 13 + .../tags/61a7662b78af076cd9f31b1bac084354a602f7d2 | 12 + .../tags/6d17e9f140480d1705065da49093ba47817a9f59 | 12 + .../tags/80adb4c581bb44d0696fdf7ad9ab750f52b6b5cd | 12 + .../tags/9083fb80a0a7c2485226f9ae743393c359108d61 | 13 + .../tags/90f5841f72744cea3145f06b1c99711c2c3fb19e | 13 + .../tags/9110920c77c1d27800a25c4d9fa00b5719caf416 | 12 + .../tags/a9ef7372efb52595da450e242ed0b0d9f9798c38 | 13 + .../tags/c3b78540234f6b4ebfe7cdf38aaa4e93e1618533 | 13 + .../tags/c40499d6695e920c22dcf7935a1db1447ae8cb5c | 13 + .../tags/cbe38035d2fbdfd748e8f2113d58a4772b014474 | 13 + .../tags/cf65634964f5d33fb46c38b0e27d523d5ee9285b | 13 + .../tags/d0f9f2878c8cdd1f41db9b3f89a85354de83ba39 | 12 + .../tags/dd0dc04ec846983553db793ae0310df58d4780cc | 13 + .../tags/dd18d593546e2e5651558da657928e50f76d1e61 | 12 + .../tags/e0469f54559e7fa0fceeb94e439c9847ff29271e | 13 + .../tags/e481898bde1071a47d734be3b2ccb6aaa404742f | 13 + .../tags/eccdbb9dbdc595f4b239f29a4c750f894b1df470 | 13 + .../tags/fc74dcb584f84a5f3f41cdc49f55212755372e77 | 12 + .gear/tags/list | 24 + .gear/upstream/filter-tag | 3 + .gear/upstream/remotes | 3 + .gear/upstream/transform-tag | 3 + extra/README.dc | 17 + extra/README.downgrade | 29 + extra/ctdb.init | 95 + extra/nmb.init | 104 ++ extra/pam_winbind.conf | 38 + ...make-sure-domain-member-can-talk-to-trust.patch | 56 + extra/samba-grouppwd.patch | 19 + extra/samba.limits | 2 + extra/samba.log | 7 + extra/samba.pamd | 5 + extra/smb.conf.default | 288 +++ extra/smb.init | 103 ++ extra/smbprint | 84 + extra/winbind.init | 102 ++ lib/krb5_wrap/krb5_samba.c | 2 +- lib/util/setid.c | 14 + packaging/systemd/nmb.service | 2 +- packaging/systemd/samba.service | 2 +- packaging/systemd/smb.service | 2 +- packaging/systemd/winbind.service | 2 +- samba4.spec | 1907 ++++++++++++++++++++ source3/libnet/libnet_join.c | 11 + source3/librpc/crypto/gse_krb5.c | 6 + source3/winbindd/winbindd_pam.c | 3 +- source3/wscript | 7 + source4/dsdb/samdb/ldb_modules/proxy.c | 2 +- source4/heimdal/lib/krb5/config_file.c | 183 +- source4/heimdal/lib/krb5/context.c | 3 +- source4/heimdal/lib/krb5/krb5_locl.h | 8 + third_party/waf/wafadmin/Tools/python.py | 2 +- 60 files changed, 3434 insertions(+), 21 deletions(-) diff --git a/.gear/rules b/.gear/rules new file mode 100644 index 0000000..be7e6b5 --- /dev/null +++ b/.gear/rules @@ -0,0 +1,3 @@ +tar: samba-@version@:. name=@name@-@version@ +diff: samba-@version@:. . name=@name@-@version@-alt.patch +copy: extra/* diff --git a/.gear/tags/177ca58c2bf474dfea9b538f55e5ffad7a6f0dbe b/.gear/tags/177ca58c2bf474dfea9b538f55e5ffad7a6f0dbe new file mode 100644 index 0000000..bb87df4 --- /dev/null +++ b/.gear/tags/177ca58c2bf474dfea9b538f55e5ffad7a6f0dbe @@ -0,0 +1,12 @@ +object d1e69845e28c20a491c4cd60c712b46ddfcb9dc0 +type commit +tag samba-4.7.0 +tagger Karolin Seeger 1505975618 +0200 + +samba: tag release samba-4.7.0 +-----BEGIN PGP SIGNATURE----- + +iEYEABECAAYFAlnDXUMACgkQbzORW2Vot+pQoQCfe2sXqa+d7dyWDhZvVar/odam +8bQAoK9+gw/BZ1btsPRc8Pk8ua62qdmJ +=5F07 +-----END PGP SIGNATURE----- diff --git a/.gear/tags/18d701bbbf26fedf022296e08d6329dcb9e3db26 b/.gear/tags/18d701bbbf26fedf022296e08d6329dcb9e3db26 new file mode 100644 index 0000000..ea70f78 --- /dev/null +++ b/.gear/tags/18d701bbbf26fedf022296e08d6329dcb9e3db26 @@ -0,0 +1,12 @@ +object a42a92b09dab03e7872c5f5ee21e651c1ab5542d +type commit +tag samba-4.6.7 +tagger Karolin Seeger 1502178696 +0200 + +samba: tag release samba-4.6.7 +-----BEGIN PGP SIGNATURE----- + +iEYEABECAAYFAlmJbYgACgkQbzORW2Vot+qP6QCeL1uBQZWuFbGopmimhA9BqReF +5mIAoJ4IdEXC3IObYjIQqtTMPefxTqH1 +=Vo5I +-----END PGP SIGNATURE----- diff --git a/.gear/tags/2d9729a45cd0320ed0476129114ed651a36bfd7a b/.gear/tags/2d9729a45cd0320ed0476129114ed651a36bfd7a new file mode 100644 index 0000000..7fbcb67 --- /dev/null +++ b/.gear/tags/2d9729a45cd0320ed0476129114ed651a36bfd7a @@ -0,0 +1,13 @@ +object 55d71509595075a17eb2baf0d89c4801ba2f03f3 +type commit +tag samba-4.6.6 +tagger Stefan Metzmacher 1499851391 +0200 + +samba: tag release samba-4.6.6 +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1 + +iD8DBQBZZep/bzORW2Vot+oRAuc5AJ0Tvrle76k05Zr/ViN/6pN3+7Wn8wCeLmAa +Y0NeuljA0G4Vg+leDiQRJbc= +=y6/B +-----END PGP SIGNATURE----- diff --git a/.gear/tags/38ec552630155029e02f3c5ce062a1156d4d9574 b/.gear/tags/38ec552630155029e02f3c5ce062a1156d4d9574 new file mode 100644 index 0000000..f89c18e --- /dev/null +++ b/.gear/tags/38ec552630155029e02f3c5ce062a1156d4d9574 @@ -0,0 +1,13 @@ +object b0b0bf168a4d38dc78e1f5f6d9da0569d0e268ea +type commit +tag samba-4.6.4 +tagger Karolin Seeger 1495527692 +0200 + +samba: tag release samba-4.6.4 +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1 + +iD8DBQBZI/EMbzORW2Vot+oRArc4AJ41oa075jRFvA3uAp3mFQlrKn7WGwCePH4M +diIbEazX7aLnpRT2hBk7ycs= +=pwLi +-----END PGP SIGNATURE----- diff --git a/.gear/tags/3ba0bc501c62b8fe3f2484ba1a1edea8c50b5271 b/.gear/tags/3ba0bc501c62b8fe3f2484ba1a1edea8c50b5271 new file mode 100644 index 0000000..3f57633 --- /dev/null +++ b/.gear/tags/3ba0bc501c62b8fe3f2484ba1a1edea8c50b5271 @@ -0,0 +1,12 @@ +object 41f51e0180615494bc61ec643ba4e921208cc369 +type commit +tag samba-4.7.7 +tagger Karolin Seeger 1523950842 +0200 + +samba: tag release samba-4.7.7 +-----BEGIN PGP SIGNATURE----- + +iEYEABECAAYFAlrVpPoACgkQbzORW2Vot+qVWwCeIbRewQTNt3rZI6WZ8Dvazd8u +nDcAoI3XGlWop7SMVAnj87QuOpVwE7F3 +=hiOM +-----END PGP SIGNATURE----- diff --git a/.gear/tags/3bf68e65fe17538e58be86fe8e94ae32269e425f b/.gear/tags/3bf68e65fe17538e58be86fe8e94ae32269e425f new file mode 100644 index 0000000..96e0d69 --- /dev/null +++ b/.gear/tags/3bf68e65fe17538e58be86fe8e94ae32269e425f @@ -0,0 +1,12 @@ +object 4b1b5b141d3a46847eeec169a08516b65ab27255 +type commit +tag samba-4.7.4 +tagger Karolin Seeger 1513976048 +0100 + +samba: tag release samba-4.7.4 +-----BEGIN PGP SIGNATURE----- + +iEYEABECAAYFAlo9cPAACgkQbzORW2Vot+q3mwCgxMka4q4LfNRqKaVAGN8FDGU6 +d0gAoKFYHC7zVxaEl3+hNgEbnvKdOe+m +=xOEr +-----END PGP SIGNATURE----- diff --git a/.gear/tags/56543df558c63d1235600a320868cea5dfe72ad8 b/.gear/tags/56543df558c63d1235600a320868cea5dfe72ad8 new file mode 100644 index 0000000..4944333 --- /dev/null +++ b/.gear/tags/56543df558c63d1235600a320868cea5dfe72ad8 @@ -0,0 +1,13 @@ +object fb3e6296bb09534f882ea35e7f7ca4e5871d3222 +type commit +tag samba-4.4.5 +tagger Karolin Seeger 1467703998 +0200 + +samba: tag release samba-4.4.5 +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1 + +iD8DBQBXe2K+bzORW2Vot+oRArKsAJ976uGql/ZeHOwTvqqOJXs2kIQNtQCfZawq +aeAWTK4AFM3iOVK3gVhiUyk= +=T7P8 +-----END PGP SIGNATURE----- diff --git a/.gear/tags/61a7662b78af076cd9f31b1bac084354a602f7d2 b/.gear/tags/61a7662b78af076cd9f31b1bac084354a602f7d2 new file mode 100644 index 0000000..a1810d2 --- /dev/null +++ b/.gear/tags/61a7662b78af076cd9f31b1bac084354a602f7d2 @@ -0,0 +1,12 @@ +object c5bb8ef9e793bb7cd82f8d53786f2c5daa431470 +type commit +tag samba-4.7.2 +tagger Karolin Seeger 1510734179 +0100 + +samba: tag release samba-4.7.2 +-----BEGIN PGP SIGNATURE----- + +iEYEABECAAYFAloL+WQACgkQbzORW2Vot+o10ACeKPyBCHE3VmjOKzzDIHtTzGga +n6gAnRB4QC2uTzPS36tFvybKZud+zqtP +=6gop +-----END PGP SIGNATURE----- diff --git a/.gear/tags/6d17e9f140480d1705065da49093ba47817a9f59 b/.gear/tags/6d17e9f140480d1705065da49093ba47817a9f59 new file mode 100644 index 0000000..b820942 --- /dev/null +++ b/.gear/tags/6d17e9f140480d1705065da49093ba47817a9f59 @@ -0,0 +1,12 @@ +object 842bac10737439d04e4dcd7421b952755612480b +type commit +tag samba-4.7.0rc4 +tagger Karolin Seeger 1502781481 +0200 + +samba: tag release samba-4.7.0rc4 +-----BEGIN PGP SIGNATURE----- + +iEYEABECAAYFAlmSoCoACgkQbzORW2Vot+pI1gCdGpTfUko8m/VjwgbWb6RNikZa +DxUAnjOy2bf8HRKk3dc4Q5CD3jpGxzzH +=CMo7 +-----END PGP SIGNATURE----- diff --git a/.gear/tags/80adb4c581bb44d0696fdf7ad9ab750f52b6b5cd b/.gear/tags/80adb4c581bb44d0696fdf7ad9ab750f52b6b5cd new file mode 100644 index 0000000..1d68eba --- /dev/null +++ b/.gear/tags/80adb4c581bb44d0696fdf7ad9ab750f52b6b5cd @@ -0,0 +1,12 @@ +object 33244e57d95e516bc088cd5a5ad39a9178c5889a +type commit +tag samba-4.7.0rc6 +tagger Karolin Seeger 1505675802 +0200 + +samba: tag release samba-4.7.0rc6 +-----BEGIN PGP SIGNATURE----- + +iEYEABECAAYFAlm+yhsACgkQbzORW2Vot+ofOACfcUbtFMQHJzPuNsmV6ovKvym3 +xz8AoJFjwlPpkjSdUuD7vlI3jInbqApM +=7ci9 +-----END PGP SIGNATURE----- diff --git a/.gear/tags/9083fb80a0a7c2485226f9ae743393c359108d61 b/.gear/tags/9083fb80a0a7c2485226f9ae743393c359108d61 new file mode 100644 index 0000000..e82c97d --- /dev/null +++ b/.gear/tags/9083fb80a0a7c2485226f9ae743393c359108d61 @@ -0,0 +1,13 @@ +object 3da5d752a987ec1e60d7e773dfe44d38a91d8776 +type commit +tag samba-4.5.3 +tagger Karolin Seeger 1481276305 +0100 + +samba: tag release samba-4.5.3 +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1 + +iD8DBQBYSnuRbzORW2Vot+oRAmkOAKChhGoImWqVoIJluDZGUWPKn21G0wCdHtdI +p9XvUnsXrNiuxkQD+i0zc9U= +=J1SD +-----END PGP SIGNATURE----- diff --git a/.gear/tags/90f5841f72744cea3145f06b1c99711c2c3fb19e b/.gear/tags/90f5841f72744cea3145f06b1c99711c2c3fb19e new file mode 100644 index 0000000..d1d5101 --- /dev/null +++ b/.gear/tags/90f5841f72744cea3145f06b1c99711c2c3fb19e @@ -0,0 +1,13 @@ +object 1a8f3cfb4ebc21a0889c7692591ae41a46d7dfb2 +type commit +tag samba-4.6.1 +tagger Karolin Seeger 1490257198 +0100 + +samba: tag release samba-4.6.1 +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1 + +iD8DBQBY04UubzORW2Vot+oRAl3GAJ0WIQXaLDiHn6mdNhuIsBwi8WHBswCfZzet +l3K1PSH5fiSKlTWF5mzwG/4= +=5aXb +-----END PGP SIGNATURE----- diff --git a/.gear/tags/9110920c77c1d27800a25c4d9fa00b5719caf416 b/.gear/tags/9110920c77c1d27800a25c4d9fa00b5719caf416 new file mode 100644 index 0000000..bba7ce9 --- /dev/null +++ b/.gear/tags/9110920c77c1d27800a25c4d9fa00b5719caf416 @@ -0,0 +1,12 @@ +object 7d8e33c2adb2ee77e9ed66ae8364cf58a5d6c7f8 +type commit +tag samba-4.7.0rc5 +tagger Karolin Seeger 1503980026 +0200 + +samba: tag release samba-4.7.0rc5 +-----BEGIN PGP SIGNATURE----- + +iEYEABECAAYFAlmk6fsACgkQbzORW2Vot+qbnACgoUTtEHZ6smvIidUQftfxU8zF +8sYAoLgkTUr7O59ZncO26kiQcLZGq/y4 +=HU9U +-----END PGP SIGNATURE----- diff --git a/.gear/tags/a9ef7372efb52595da450e242ed0b0d9f9798c38 b/.gear/tags/a9ef7372efb52595da450e242ed0b0d9f9798c38 new file mode 100644 index 0000000..fef0a1f --- /dev/null +++ b/.gear/tags/a9ef7372efb52595da450e242ed0b0d9f9798c38 @@ -0,0 +1,13 @@ +object 1d13a64f2775c9df026665bdaa7bacf5ba752857 +type commit +tag samba-4.6.5 +tagger Karolin Seeger 1496735438 +0200 + +samba: tag release samba-4.6.5 +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1 + +iD8DBQBZNl7ObzORW2Vot+oRAupUAKCfU1FAyAbkyB7+pvBDxdzhl2FRSACgscHZ +JHGQiGdSsqeQOC+QzdmY0Qs= +=dbyN +-----END PGP SIGNATURE----- diff --git a/.gear/tags/c3b78540234f6b4ebfe7cdf38aaa4e93e1618533 b/.gear/tags/c3b78540234f6b4ebfe7cdf38aaa4e93e1618533 new file mode 100644 index 0000000..3fe5bba --- /dev/null +++ b/.gear/tags/c3b78540234f6b4ebfe7cdf38aaa4e93e1618533 @@ -0,0 +1,13 @@ +object f17816a4ae2bb0ed45561347a4c578ca9ab28ccf +type commit +tag samba-4.6.0 +tagger Karolin Seeger 1488878191 +0100 + +samba: tag release samba-4.6.0 +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1 + +iD8DBQBYvnpvbzORW2Vot+oRAmqnAJ9zybhFmvR8B7TXRqK6LgZTzUK62gCgsZdX +CkyHVseMtaZ1Ulaz99s864c= +=CqaS +-----END PGP SIGNATURE----- diff --git a/.gear/tags/c40499d6695e920c22dcf7935a1db1447ae8cb5c b/.gear/tags/c40499d6695e920c22dcf7935a1db1447ae8cb5c new file mode 100644 index 0000000..245e4eb --- /dev/null +++ b/.gear/tags/c40499d6695e920c22dcf7935a1db1447ae8cb5c @@ -0,0 +1,13 @@ +object 6ead5258a717d56794f25b91254bbe0ad737f45d +type commit +tag samba-4.5.2 +tagger Karolin Seeger 1481016405 +0100 + +samba: tag release samba-4.5.2 +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1 + +iD8DBQBYRoRVbzORW2Vot+oRAn8eAJ91lk6P9YsCsCay4/6uI6ReNvM9cQCgrTUN +cmC+/ej3gyZ8Pnx+jZYkXDI= +=yYE/ +-----END PGP SIGNATURE----- diff --git a/.gear/tags/cbe38035d2fbdfd748e8f2113d58a4772b014474 b/.gear/tags/cbe38035d2fbdfd748e8f2113d58a4772b014474 new file mode 100644 index 0000000..9e4389b --- /dev/null +++ b/.gear/tags/cbe38035d2fbdfd748e8f2113d58a4772b014474 @@ -0,0 +1,13 @@ +object 36d0070a6a7b021804a81fe5313cf6678769c7ae +type commit +tag samba-4.6.2 +tagger Karolin Seeger 1490942176 +0200 + +samba: tag release samba-4.6.2 +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1 + +iD8DBQBY3fjgbzORW2Vot+oRAnMMAJ9JBot0LP0dMm7cfNcgMeRfflhqGQCgk+Ax +amebo416/jH5lxtVUS9B9XQ= +=mKmF +-----END PGP SIGNATURE----- diff --git a/.gear/tags/cf65634964f5d33fb46c38b0e27d523d5ee9285b b/.gear/tags/cf65634964f5d33fb46c38b0e27d523d5ee9285b new file mode 100644 index 0000000..fba6478 --- /dev/null +++ b/.gear/tags/cf65634964f5d33fb46c38b0e27d523d5ee9285b @@ -0,0 +1,13 @@ +object bbdd5850b1d5fa44bbedcee8be60e4066ae0d680 +type commit +tag samba-4.6.3 +tagger Karolin Seeger 1493028908 +0200 + +samba: tag release samba-4.6.3 +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1 + +iD8DBQBY/dAsbzORW2Vot+oRAg+kAJ9Gj4aLql6uW4rk2szaPOuLiVAANQCbB+vA +UTv7Wfvy+YEfshv7NQkw78Q= +=Dnnp +-----END PGP SIGNATURE----- diff --git a/.gear/tags/d0f9f2878c8cdd1f41db9b3f89a85354de83ba39 b/.gear/tags/d0f9f2878c8cdd1f41db9b3f89a85354de83ba39 new file mode 100644 index 0000000..6567d55 --- /dev/null +++ b/.gear/tags/d0f9f2878c8cdd1f41db9b3f89a85354de83ba39 @@ -0,0 +1,12 @@ +object 5cfa947e5098bc361ff13fdad1b4fe3211a39154 +type commit +tag samba-4.7.6 +tagger Karolin Seeger 1520844957 +0100 + +samba: tag release samba-4.7.6 +-----BEGIN PGP SIGNATURE----- + +iEYEABECAAYFAlqmQJ4ACgkQbzORW2Vot+pC+wCfYmJs56gwvKBErxMXwSt0xG9W +v1wAmwUBH2GDArL58zrPru8/fcmYIbL5 +=U4dz +-----END PGP SIGNATURE----- diff --git a/.gear/tags/dd0dc04ec846983553db793ae0310df58d4780cc b/.gear/tags/dd0dc04ec846983553db793ae0310df58d4780cc new file mode 100644 index 0000000..8ba358c --- /dev/null +++ b/.gear/tags/dd0dc04ec846983553db793ae0310df58d4780cc @@ -0,0 +1,13 @@ +object 6c37399e65e6b13fead8f262cdb72fd9f2ffdfda +type commit +tag samba-4.3.1 +tagger Karolin Seeger 1445338156 +0200 + +samba: tag release samba-4.3.1 +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1 + +iD8DBQBWJhwsbzORW2Vot+oRAlvxAKC+aJpCzV23wyRnt/DolXsolymyeACgrou1 +30LMztiCXcWl0L3LbV7VXKU= +=nAEl +-----END PGP SIGNATURE----- diff --git a/.gear/tags/dd18d593546e2e5651558da657928e50f76d1e61 b/.gear/tags/dd18d593546e2e5651558da657928e50f76d1e61 new file mode 100644 index 0000000..c249a44 --- /dev/null +++ b/.gear/tags/dd18d593546e2e5651558da657928e50f76d1e61 @@ -0,0 +1,12 @@ +object d0b59a548fe77dad16c410b43beecba4feb37214 +type commit +tag samba-4.7.3 +tagger Karolin Seeger 1511176906 +0100 + +samba: tag release samba-4.7.3 +-----BEGIN PGP SIGNATURE----- + +iEYEABECAAYFAloSusoACgkQbzORW2Vot+qBBACgiqGoaIV7Oar9el8lfK1JSSMJ +ZU4An08CQbXY4lcYMZXPXVGLVgjzSXOq +=/6r8 +-----END PGP SIGNATURE----- diff --git a/.gear/tags/e0469f54559e7fa0fceeb94e439c9847ff29271e b/.gear/tags/e0469f54559e7fa0fceeb94e439c9847ff29271e new file mode 100644 index 0000000..f9d29ad --- /dev/null +++ b/.gear/tags/e0469f54559e7fa0fceeb94e439c9847ff29271e @@ -0,0 +1,13 @@ +object 49c473f6fe978d7f0a5d32df92e212380490a566 +type commit +tag samba-4.5.5 +tagger Karolin Seeger 1485771376 +0100 + +samba: tag release samba-4.5.5 +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1 + +iD8DBQBYjxJwbzORW2Vot+oRAhuzAJwPPNNZ7xFnd2nfu9YKl+6Us3ec1QCggFvV +Zz2MRczmhyXOIzcqqqLEuec= +=HNh2 +-----END PGP SIGNATURE----- diff --git a/.gear/tags/e481898bde1071a47d734be3b2ccb6aaa404742f b/.gear/tags/e481898bde1071a47d734be3b2ccb6aaa404742f new file mode 100644 index 0000000..c65db96 --- /dev/null +++ b/.gear/tags/e481898bde1071a47d734be3b2ccb6aaa404742f @@ -0,0 +1,13 @@ +object 548e16ca617ca8d5ad2171907c2a2cc8bc15f85c +type commit +tag samba-4.5.1 +tagger Karolin Seeger 1477338333 +0200 + +samba: tag release samba-4.5.1 +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1 + +iD8DBQBYDmTdbzORW2Vot+oRAuNoAKCgPCVU2cYBTXjqaewMLbA4zOlhGQCeJmyD +uYnnrwhRvXc/drKV4y/FyMQ= +=LGvl +-----END PGP SIGNATURE----- diff --git a/.gear/tags/eccdbb9dbdc595f4b239f29a4c750f894b1df470 b/.gear/tags/eccdbb9dbdc595f4b239f29a4c750f894b1df470 new file mode 100644 index 0000000..887e0ef --- /dev/null +++ b/.gear/tags/eccdbb9dbdc595f4b239f29a4c750f894b1df470 @@ -0,0 +1,13 @@ +object 916fab083a8cb5c10365da7f3a85d0bbfde4a30e +type commit +tag samba-4.5.0 +tagger Stefan Metzmacher 1473260211 +0200 + +samba: tag release samba-4.5.0 +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1 + +iD8DBQBX0CqzbzORW2Vot+oRAjldAJwLj8FHuHgoQr/DazeQvlFBIqfyKQCfZmZS +xt6e2OLqlSywSPFNb7R1xos= +=7OS7 +-----END PGP SIGNATURE----- diff --git a/.gear/tags/fc74dcb584f84a5f3f41cdc49f55212755372e77 b/.gear/tags/fc74dcb584f84a5f3f41cdc49f55212755372e77 new file mode 100644 index 0000000..df17fcd --- /dev/null +++ b/.gear/tags/fc74dcb584f84a5f3f41cdc49f55212755372e77 @@ -0,0 +1,12 @@ +object c216a22f793c5b21825afbcfc5b95c1ff051d969 +type commit +tag samba-4.7.8 +tagger Karolin Seeger 1529568304 +0200 + +samba: tag release samba-4.7.8 +-----BEGIN PGP SIGNATURE----- + +iEYEABECAAYFAlsrXDEACgkQbzORW2Vot+rSzACgm3LQFhIPWbJGpewNLEAJyhUF +EDEAn2lxSmZrfO3DkfJvz3fvq5IsdM5l +=9Bs7 +-----END PGP SIGNATURE----- diff --git a/.gear/tags/list b/.gear/tags/list new file mode 100644 index 0000000..4a25cb7 --- /dev/null +++ b/.gear/tags/list @@ -0,0 +1,24 @@ +56543df558c63d1235600a320868cea5dfe72ad8 samba-4.4.5 +eccdbb9dbdc595f4b239f29a4c750f894b1df470 samba-4.5.0 +e481898bde1071a47d734be3b2ccb6aaa404742f samba-4.5.1 +c40499d6695e920c22dcf7935a1db1447ae8cb5c samba-4.5.2 +9083fb80a0a7c2485226f9ae743393c359108d61 samba-4.5.3 +e0469f54559e7fa0fceeb94e439c9847ff29271e samba-4.5.5 +c3b78540234f6b4ebfe7cdf38aaa4e93e1618533 samba-4.6.0 +90f5841f72744cea3145f06b1c99711c2c3fb19e samba-4.6.1 +cbe38035d2fbdfd748e8f2113d58a4772b014474 samba-4.6.2 +cf65634964f5d33fb46c38b0e27d523d5ee9285b samba-4.6.3 +38ec552630155029e02f3c5ce062a1156d4d9574 samba-4.6.4 +a9ef7372efb52595da450e242ed0b0d9f9798c38 samba-4.6.5 +2d9729a45cd0320ed0476129114ed651a36bfd7a samba-4.6.6 +18d701bbbf26fedf022296e08d6329dcb9e3db26 samba-4.6.7 +6d17e9f140480d1705065da49093ba47817a9f59 samba-4.7.0rc4 +9110920c77c1d27800a25c4d9fa00b5719caf416 samba-4.7.0rc5 +80adb4c581bb44d0696fdf7ad9ab750f52b6b5cd samba-4.7.0rc6 +177ca58c2bf474dfea9b538f55e5ffad7a6f0dbe samba-4.7.0 +61a7662b78af076cd9f31b1bac084354a602f7d2 samba-4.7.2 +dd18d593546e2e5651558da657928e50f76d1e61 samba-4.7.3 +3bf68e65fe17538e58be86fe8e94ae32269e425f samba-4.7.4 +d0f9f2878c8cdd1f41db9b3f89a85354de83ba39 samba-4.7.6 +3ba0bc501c62b8fe3f2484ba1a1edea8c50b5271 samba-4.7.7 +fc74dcb584f84a5f3f41cdc49f55212755372e77 samba-4.7.8 diff --git a/.gear/upstream/filter-tag b/.gear/upstream/filter-tag new file mode 100755 index 0000000..eeb27ec --- /dev/null +++ b/.gear/upstream/filter-tag @@ -0,0 +1,3 @@ +#!/bin/bash + +grep '^samba-[[:digit:]]\+\.[[:digit:]]\+\.[[:digit:]]$' diff --git a/.gear/upstream/remotes b/.gear/upstream/remotes new file mode 100644 index 0000000..4724b34 --- /dev/null +++ b/.gear/upstream/remotes @@ -0,0 +1,3 @@ +[remote "upstream"] + url = git://git.samba.org/samba.git + fetch = +refs/heads/*:refs/remotes/upstream/* diff --git a/.gear/upstream/transform-tag b/.gear/upstream/transform-tag new file mode 100755 index 0000000..cc7311b --- /dev/null +++ b/.gear/upstream/transform-tag @@ -0,0 +1,3 @@ +#!/bin/bash + +sed -e 's,^samba-,v,' diff --git a/extra/README.dc b/extra/README.dc new file mode 100644 index 0000000..b5261bb --- /dev/null +++ b/extra/README.dc @@ -0,0 +1,17 @@ +MIT Kerberos 5 Support +======================= + +ALTLinux is using MIT Kerberos implementation as its Kerberos infrastructure of +choice. The Samba build in ALTLinux is using MIT Kerberos implementation in order +to allow system-wide interoperability between both desktop and server +applications running on the same machine. + +At the moment the Samba Active Directory Domain Controller implementation is +not available with MIT Kereberos. FreeIPA and Samba Team members are currently +working on Samba MIT Kerberos support as this is a requirement for a GNU/Linux +distribution integration of Samba AD DC features. + +We have just finished migrating the file server and all client utilities to MIT +Kerberos. The result of this work is available in samba-* packages in ALTLinux. +We'll provide Samba AD DC functionality as soon as its support of MIT Kerberos +KDC will be ready. diff --git a/extra/README.downgrade b/extra/README.downgrade new file mode 100644 index 0000000..5cb0aaa --- /dev/null +++ b/extra/README.downgrade @@ -0,0 +1,29 @@ +Downgrading Samba +================= + +Short version: data-preserving downgrades between Samba versions are not supported + +Long version: +With Samba development there are cases when on-disk database format evolves. +In general, Samba Team attempts to maintain forward compatibility and +automatically upgrade databases during runtime when requires. +However, when downgrade is required Samba will not perform downgrade to +existing databases. It may be impossible if new features that caused database +upgrade are in use. Thus, one needs to consider a downgrade procedure before +actually downgrading Samba setup. + +Please always perform back up prior both upgrading and downgrading across major +version changes. Restoring database files is easiest and simplest way to get to +previously working setup. + +Easiest way to downgrade is to remove all created databases and start from scratch. +This means losing all authentication and domain relationship data, as well as +user databases (in case of tdb storage), printers, registry settings, and winbindd +caches. + +Remove databases in following locations: +/var/lib/samba/*.tdb +/var/lib/samba/private/*.tdb + +In particular, registry settings are known to prevent running downgraded versions +(Samba 4 to Samba 3) as registry format has changed between Samba 3 and Samba 4. diff --git a/extra/ctdb.init b/extra/ctdb.init new file mode 100644 index 0000000..fb1c9d1 --- /dev/null +++ b/extra/ctdb.init @@ -0,0 +1,95 @@ +#!/bin/sh + +# Start and stop CTDB (Clustered TDB daemon) +# +# chkconfig: - 90 01 +# +# description: Starts and stops CTDB +# pidfile: /var/run/ctdb/ctdbd.pid +# config: /etc/sysconfig/ctdb + +### BEGIN INIT INFO +# Provides: ctdb +# Required-Start: $local_fs $syslog $network $remote_fs +# Required-Stop: $local_fs $syslog $network $remote_fs +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: start and stop ctdb service +# Description: Start and stop CTDB (Clustered TDB daemon) +### END INIT INFO + +# Do not load RH compatibility interface. +WITHOUT_RC_COMPAT=1 + +# Source function library. +. /etc/init.d/functions + +SourceIfNotEmpty /etc/sysconfig/ctdb + +CTDBD=ctdbd +CTDBD_WRAPPER=ctdbd_wrapper +LOCKFILE=/var/lock/subsys/ctdbd +PIDFILE=/var/run/ctdbd/ctdbd.pid +RETVAL=0 + +############################################################ + +start() +{ + msg_starting $"Samba ctdbd service" + start_daemon --pidfile "$PIDFILE" --lockfile "$LOCKFILE" --expect-user root --no-announce -- $CTDBD_WRAPPER "$PIDFILE" start + RETVAL=$? + return $RETVAL +} + +stop() +{ + msg_stopping $"Samba ctdbd service" + stop_daemon --pidfile "$PIDFILE" --lockfile "$LOCKFILE" --expect-user root --no-announce -- $CTDBD_WRAPPER "$PIDFILE" stop + RETVAL=$? + return $RETVAL +} + +restart() { + stop + start +} + +reload() { + stop + start +} + + +case "$1" in + start) + start + ;; + stop) + stop + ;; + restart) + restart + ;; + reload) + reload + ;; + status) + status --pidfile "$PIDFILE" --expect-user root -- $CTDBD + ;; + condrestart) + if [ -e "$LOCKFILE" ]; then + restart + fi + ;; + condstop) + if [ -e "$LOCKFILE" ]; then + stop + fi + ;; + *) + msg_usage "${0##*/} {start|stop|reload|restart|condstop|condrestart|condreload|status}" + RETVAL=1 +esac + +exit $RETVAL diff --git a/extra/nmb.init b/extra/nmb.init new file mode 100644 index 0000000..d948ead --- /dev/null +++ b/extra/nmb.init @@ -0,0 +1,104 @@ +#!/bin/sh +# +# chkconfig: - 91 35 +# description: Starts and stops the Samba nmbd daemon \ +# used to provide NetBIOS over IP naming services to clients. +# +# processname: nmbd +# pidfile: /var/run/samba/nmbd.pid +# config: /etc/samba/smb.conf +### BEGIN INIT INFO +# Provides: nmb +# Default-Start: 3 4 5 +# Default-Stop: 0 1 6 +# Should-Start: $syslog +# Should-Stop: $null +# Required-Start: $network $local_fs +# Required-Stop: $null +# Short-Description: Samba NetBIOS Name Server +# Description: Starts and stops the SAMBA nmbd daemon \ +# used to provide NetBIOS over IP naming services to clients. +### END INIT INFO + +# Do not load RH compatibility interface. +WITHOUT_RC_COMPAT=1 + +# Source function library. +. /etc/init.d/functions + +# Source networking configuration. +SourceIfNotEmpty /etc/sysconfig/network + +SourceIfNotEmpty /etc/sysconfig/samba + +# Check that smb.conf exists. +[ -s /etc/samba/smb.conf ] || exit + +export TMPDIR=/tmp +LOCKFILE=/var/lock/subsys/nmb +PIDFILE=/var/run/nmbd.pid +RETVAL=0 + +start() { + is_yes "$NETWORKING" || return 0 + NMBD_DISABLED=`testparm -s --parameter-name='disable netbios' 2>/dev/null` + if [ "$NMBD_DISABLED" != Yes ]; then + msg_starting $"Samba NetBIOS Name Server" + start_daemon --pidfile "$PIDFILE" --lockfile "$LOCKFILE" --expect-user root --no-announce -- nmbd -D $NMBDOPTIONS + RETVAL=$? + fi + return $RETVAL +} + +stop() { + msg_stopping $"Samba NetBIOS Name Server" + stop_daemon --pidfile "$PIDFILE" --lockfile "$LOCKFILE" --expect-user root --no-announce -- nmbd + RETVAL=$? +} + +restart() { + stop + start +} + +reload() { + msg_reloading $"Samba NetBIOS Name Server" + stop_daemon --pidfile "$PIDFILE" --expect-user root -HUP -- nmbd + RETVAL=$? + return $RETVAL +} + + +case "$1" in + start) + start + ;; + stop) + stop + ;; + restart) + restart + ;; + reload) + reload + ;; + status) + status --pidfile "$PIDFILE" --expect-user root -- nmbd + RETVAL=$? + ;; + condrestart) + if [ -e "$LOCKFILE" ]; then + restart + fi + ;; + condstop) + if [ -e "$LOCKFILE" ]; then + stop + fi + ;; + *) + msg_usage "${0##*/} {start|stop|reload|restart|condstop|condrestart|condreload|status}" + RETVAL=1 +esac + +exit $RETVAL diff --git a/extra/pam_winbind.conf b/extra/pam_winbind.conf new file mode 100644 index 0000000..dd0b112 --- /dev/null +++ b/extra/pam_winbind.conf @@ -0,0 +1,38 @@ +# +# pam_winbind configuration file +# +# /etc/security/pam_winbind.conf +# + +[global] + +# turn on debugging +;debug = no + +# turn on extended PAM state debugging +;debug_state = no + +# request a cached login if possible +# (needs "winbind offline logon = yes" in smb.conf) +;cached_login = no + +# authenticate using kerberos +;krb5_auth = no + +# when using kerberos, request a "FILE" krb5 credential cache type +# (leave empty to just do krb5 authentication but not have a ticket +# afterwards) +;krb5_ccache_type = + +# make successful authentication dependend on membership of one SID +# (can also take a name) +;require_membership_of = + +# password expiry warning period in days +;warn_pwd_expire = 14 + +# omit pam conversations +;silent = no + +# create homedirectory on the fly +;mkhomedir = no diff --git a/extra/samba-4.4.2-s3-winbind-make-sure-domain-member-can-talk-to-trust.patch b/extra/samba-4.4.2-s3-winbind-make-sure-domain-member-can-talk-to-trust.patch new file mode 100644 index 0000000..96417dd --- /dev/null +++ b/extra/samba-4.4.2-s3-winbind-make-sure-domain-member-can-talk-to-trust.patch @@ -0,0 +1,56 @@ +From afb52fd865448042ddda6b660df159f93f344b93 Mon Sep 17 00:00:00 2001 +From: Alexander Bokovoy +Date: Tue, 12 Apr 2016 09:36:12 +0300 +Subject: [PATCH] s3-winbind: make sure domain member can talk to trusted + domains DCs + + Allow cm_connect_netlogon() to talk to trusted domains' DCs when + running in a domain member configuration. + + BUG: https://bugzilla.samba.org/show_bug.cgi?id=11830 + +Signed-off-by: Alexander Bokovoy +--- + source3/winbindd/winbindd_cm.c | 13 ++++++++----- + 1 file changed, 8 insertions(+), 5 deletions(-) + +diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c +index 45e3fad..6f5a042 100644 +--- a/source3/winbindd/winbindd_cm.c ++++ b/source3/winbindd/winbindd_cm.c +@@ -2851,7 +2851,8 @@ retry: + anonymous: + + /* Finally fall back to anonymous. */ +- if (lp_winbind_sealed_pipes() || lp_require_strong_key()) { ++ if ((lp_winbind_sealed_pipes() || lp_require_strong_key()) && ++ (IS_DC || domain->primary)) { + status = NT_STATUS_DOWNGRADE_DETECTED; + "must set 'winbind sealed pipes = false' and " + "'require strong key = false' to proceed: %s\n", +@@ -3150,7 +3151,8 @@ retry: + + anonymous: + +- if (lp_winbind_sealed_pipes() || lp_require_strong_key()) { ++ if ((lp_winbind_sealed_pipes() || lp_require_strong_key()) && ++ (IS_DC || domain->primary)) { + result = NT_STATUS_DOWNGRADE_DETECTED; + DEBUG(1, ("Unwilling to make LSA connection to domain %s " + "without connection level security, " +@@ -3324,9 +3326,10 @@ static NTSTATUS cm_connect_netlogon_transport(struct winbindd_domain *domain, + TALLOC_FREE(netlogon_creds); + + if (!(conn->netlogon_flags & NETLOGON_NEG_AUTHENTICATED_RPC)) { +- if (lp_winbind_sealed_pipes() || lp_require_strong_key()) { ++ if ((lp_winbind_sealed_pipes() || lp_require_strong_key()) && ++ (IS_DC || domain->primary)) { + result = NT_STATUS_DOWNGRADE_DETECTED; +- DEBUG(1, ("Unwilling to make connection to domain %s" ++ DEBUG(1, ("Unwilling to make connection to domain %s " + "without connection level security, " + "must set 'winbind sealed pipes = false' and " + "'require strong key = false' to proceed: %s\n", +-- +2.5.5 + diff --git a/extra/samba-grouppwd.patch b/extra/samba-grouppwd.patch new file mode 100644 index 0000000..b7ebe09 --- /dev/null +++ b/extra/samba-grouppwd.patch @@ -0,0 +1,19 @@ +From ef1751dbba0d855444fca0a7c33b3f7a2c38533d Mon Sep 17 00:00:00 2001 +From: Alexey Shabalin +Date: Thu, 27 Dec 2012 13:20:28 +0400 +Subject: apply samba-3.2.0pre1-grouppwd.patch + + +diff --git a/source3/winbindd/winbindd_group.c b/source3/winbindd/winbindd_group.c +index ae461bf..212aaec 100644 +--- a/source3/winbindd/winbindd_group.c ++++ b/source3/winbindd/winbindd_group.c +@@ -69,7 +69,7 @@ bool fill_grent(TALLOC_CTX *mem_ctx, struct winbindd_gr *gr, + /* Group name and password */ + + strlcpy(gr->gr_name, full_group_name, sizeof(gr->gr_name)); +- strlcpy(gr->gr_passwd, "x", sizeof(gr->gr_passwd)); ++ strlcpy(gr->gr_passwd, "*", sizeof(gr->gr_passwd)); + + return True; + } diff --git a/extra/samba.limits b/extra/samba.limits new file mode 100644 index 0000000..ce8bd08 --- /dev/null +++ b/extra/samba.limits @@ -0,0 +1,2 @@ +* - nofile 16384 +root - nofile 16384 diff --git a/extra/samba.log b/extra/samba.log new file mode 100644 index 0000000..6ccd04d --- /dev/null +++ b/extra/samba.log @@ -0,0 +1,7 @@ +/var/log/samba/* { + notifempty + olddir /var/log/samba/old + missingok + sharedscripts + copytruncate +} diff --git a/extra/samba.pamd b/extra/samba.pamd new file mode 100644 index 0000000..61f2123 --- /dev/null +++ b/extra/samba.pamd @@ -0,0 +1,5 @@ +#%PAM-1.0 +auth include common-login +account include common-login +password include common-login +session include common-login diff --git a/extra/smb.conf.default b/extra/smb.conf.default new file mode 100644 index 0000000..5be6fa0 --- /dev/null +++ b/extra/smb.conf.default @@ -0,0 +1,288 @@ +# This is the main Samba configuration file. You should read the +# smb.conf(5) manual page in order to understand the options listed +# here. Samba has a huge number of configurable options (perhaps too +# many!) most of which are not shown in this example +# +# For a step to step guide on installing, configuring and using samba, +# read the Samba-HOWTO-Collection. This may be obtained from: +# http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf +# +# Many working examples of smb.conf files can be found in the +# Samba-Guide which is generated daily and can be downloaded from: +# http://www.samba.org/samba/docs/Samba-Guide.pdf +# +# Any line which starts with a ; (semi-colon) or a # (hash) +# is a comment and is ignored. In this example we will use a # +# for commentry and a ; for parts of the config file that you +# may wish to enable +# +# NOTE: Whenever you modify this file you should run the command "testparm" +# to check that you have not made any basic syntactic errors. +# +#--------------- +# SELINUX NOTES: +# +# If you want to use the useradd/groupadd family of binaries please run: +# setsebool -P samba_domain_controller on +# +# If you want to share home directories via samba please run: +# setsebool -P samba_enable_home_dirs on +# +# If you create a new directory you want to share you should mark it as +# "samba-share_t" so that selinux will let you write into it. +# Make sure not to do that on system directories as they may already have +# been marked with othe SELinux labels. +# +# Use ls -ldZ /path to see which context a directory has +# +# Set labels only on directories you created! +# To set a label use the following: chcon -t samba_share_t /path +# +# If you need to share a system created directory you can use one of the +# following (read-only/read-write): +# setsebool -P samba_export_all_ro on +# or +# setsebool -P samba_export_all_rw on +# +# If you want to run scripts (preexec/root prexec/print command/...) please +# put them into the /var/lib/samba/scripts directory so that smbd will be +# allowed to run them. +# Make sure you COPY them and not MOVE them so that the right SELinux context +# is applied, to check all is ok use restorecon -R -v /var/lib/samba/scripts +# +#-------------- +# +#======================= Global Settings ===================================== + +[global] + +# ----------------------- Netwrok Related Options ------------------------- +# +# workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH +# +# server string is the equivalent of the NT Description field +# +# netbios name can be used to specify a server name not tied to the hostname +# +# Interfaces lets you configure Samba to use multiple interfaces +# If you have multiple network interfaces then you can list the ones +# you want to listen on (never omit localhost) +# +# Hosts Allow/Hosts Deny lets you restrict who can connect, and you can +# specifiy it as a per share option as well +# + workgroup = MYGROUP + server string = Samba Server Version %v + +; netbios name = MYSERVER + +; interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24 +; hosts allow = 127. 192.168.12. 192.168.13. + +# --------------------------- Logging Options ----------------------------- +# +# Log File let you specify where to put logs and how to split them up. +# +# Max Log Size let you specify the max size log files should reach + + # logs split per machine + log file = /var/log/samba/log.%m + # max 50KB per log file, then rotate + max log size = 50 + +# ----------------------- Standalone Server Options ------------------------ +# +# Scurity can be set to user, share(deprecated) or server(deprecated) +# +# Backend to store user information in. New installations should +# use either tdbsam or ldapsam. smbpasswd is available for backwards +# compatibility. tdbsam requires no further configuration. + + security = user + passdb backend = tdbsam + + +# ----------------------- Domain Members Options ------------------------ +# +# Security must be set to domain or ads +# +# Use the realm option only with security = ads +# Specifies the Active Directory realm the host is part of +# +# Backend to store user information in. New installations should +# use either tdbsam or ldapsam. smbpasswd is available for backwards +# compatibility. tdbsam requires no further configuration. +# +# Use password server option only with security = server or if you can't +# use the DNS to locate Domain Controllers +# The argument list may include: +# password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name] +# or to auto-locate the domain controller/s +# password server = * + + +; security = domain +; passdb backend = tdbsam +; realm = MY_REALM + +; password server = + +# ----------------------- Domain Controller Options ------------------------ +# +# Security must be set to user for domain controllers +# +# Backend to store user information in. New installations should +# use either tdbsam or ldapsam. smbpasswd is available for backwards +# compatibility. tdbsam requires no further configuration. +# +# Domain Master specifies Samba to be the Domain Master Browser. This +# allows Samba to collate browse lists between subnets. Don't use this +# if you already have a Windows NT domain controller doing this job +# +# Domain Logons let Samba be a domain logon server for Windows workstations. +# +# Logon Scrpit let yuou specify a script to be run at login time on the client +# You need to provide it in a share called NETLOGON +# +# Logon Path let you specify where user profiles are stored (UNC path) +# +# Various scripts can be used on a domain controller or stand-alone +# machine to add or delete corresponding unix accounts +# +; security = user +; passdb backend = tdbsam + +; domain master = yes +; domain logons = yes + + # the login script name depends on the machine name +; logon script = %m.bat + # the login script name depends on the unix user used +; logon script = %u.bat +; logon path = \\%L\Profiles\%u + # disables profiles support by specifing an empty path +; logon path = + +; add user script = /usr/sbin/useradd "%u" -n -g users +; add group script = /usr/sbin/groupadd "%g" +; add machine script = /usr/sbin/useradd -n -c "Workstation (%u)" -M -d /nohome -s /bin/false "%u" +; delete user script = /usr/sbin/userdel "%u" +; delete user from group script = /usr/sbin/userdel "%u" "%g" +; delete group script = /usr/sbin/groupdel "%g" + + +# ----------------------- Browser Control Options ---------------------------- +# +# set local master to no if you don't want Samba to become a master +# browser on your network. Otherwise the normal election rules apply +# +# OS Level determines the precedence of this server in master browser +# elections. The default value should be reasonable +# +# Preferred Master causes Samba to force a local browser election on startup +# and gives it a slightly higher chance of winning the election +; local master = no +; os level = 33 +; preferred master = yes + +#----------------------------- Name Resolution ------------------------------- +# Windows Internet Name Serving Support Section: +# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both +# +# - WINS Support: Tells the NMBD component of Samba to enable it's WINS Server +# +# - WINS Server: Tells the NMBD components of Samba to be a WINS Client +# +# - WINS Proxy: Tells Samba to answer name resolution queries on +# behalf of a non WINS capable client, for this to work there must be +# at least one WINS Server on the network. The default is NO. +# +# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names +# via DNS nslookups. + +; wins support = yes +; wins server = w.x.y.z +; wins proxy = yes + +; dns proxy = yes + +# --------------------------- Printing Options ----------------------------- +# +# Load Printers let you load automatically the list of printers rather +# than setting them up individually +# +# Cups Options let you pass the cups libs custom options, setting it to raw +# for example will let you use drivers on your Windows clients +# +# Printcap Name let you specify an alternative printcap file +# +# You can choose a non default printing system using the Printing option + + load printers = yes + cups options = raw + +; printcap name = /etc/printcap + #obtain list of printers automatically on SystemV +; printcap name = lpstat +; printing = cups + +# --------------------------- Filesystem Options --------------------------- +# +# The following options can be uncommented if the filesystem supports +# Extended Attributes and they are enabled (usually by the mount option +# user_xattr). Thess options will let the admin store the DOS attributes +# in an EA and make samba not mess with the permission bits. +# +# Note: these options can also be set just per share, setting them in global +# makes them the default for all shares + +; map archive = no +; map hidden = no +; map read only = no +; map system = no +; store dos attributes = yes + + +#============================ Share Definitions ============================== + +[homes] + comment = Home Directories + browseable = no + writable = yes +; valid users = %S +; valid users = MYDOMAIN\%S + +[printers] + comment = All Printers + path = /var/spool/samba + browseable = no + guest ok = no + writable = no + printable = yes + +# Un-comment the following and create the netlogon directory for Domain Logons +; [netlogon] +; comment = Network Logon Service +; path = /var/lib/samba/netlogon +; guest ok = yes +; writable = no +; share modes = no + + +# Un-comment the following to provide a specific roving profile share +# the default is to use the user's home directory +; [Profiles] +; path = /var/lib/samba/profiles +; browseable = no +; guest ok = yes + + +# A publicly accessible directory, but read only, except for people in +# the "staff" group +; [public] +; comment = Public Stuff +; path = /home/samba +; public = yes +; writable = yes +; printable = no +; write list = +staff diff --git a/extra/smb.init b/extra/smb.init new file mode 100644 index 0000000..163aa22 --- /dev/null +++ b/extra/smb.init @@ -0,0 +1,103 @@ +#!/bin/sh +# +# chkconfig: - 91 35 +# description: Starts and stops the Samba smbd daemon \ +# used to provide SMB network services. +# +# processname: smbd +# pidfile: /var/run/samba/smbd.pid +# config: /etc/samba/smb.conf +# +### BEGIN INIT INFO +# Provides: smb +# Default-Start: 3 4 5 +# Default-Stop: 0 1 6 +# Should-Start: $syslog nmb winbind slapd cups +# Should-Stop: $null +# Required-Start: $local_fs $network +# Required-Stop: $null +# Short-Description: Samba SMB/CIFS Server +# Description: Starts and stops the SAMBA smbd daemons \ +# used to provide SMB network services. +### END INIT INFO + +# Do not load RH compatibility interface. +WITHOUT_RC_COMPAT=1 + +# Source function library. +. /etc/init.d/functions + +# Source networking configuration. +SourceIfNotEmpty /etc/sysconfig/network + +SourceIfNotEmpty /etc/sysconfig/samba + +# Check that smb.conf exists. +[ -s /etc/samba/smb.conf ] || exit + +export TMPDIR=/tmp +LOCKFILE=/var/lock/subsys/smb +PIDFILE=/var/run/smbd.pid +RETVAL=0 + + +start() { + is_yes "$NETWORKING" || return 0 + msg_starting $"Samba SMB/CIFS Server" + start_daemon --pidfile "$PIDFILE" --lockfile "$LOCKFILE" --expect-user root --no-announce -- smbd -D $SMBDOPTIONS + RETVAL=$? + return $RETVAL +} + +stop() { + msg_stopping $"Samba SMB/CIFS Server" + stop_daemon --pidfile "$PIDFILE" --lockfile "$LOCKFILE" --expect-user root --no-announce -- smbd + RETVAL=$? + return $RETVAL +} + +restart() { + stop + start +} + +reload() { + msg_reloading $"Samba SMB/CIFS Server" + stop_daemon --pidfile "$PIDFILE" --expect-user root -HUP -- smbd + RETVAL=$? + return $RETVAL +} + +case "$1" in + start) + start + ;; + stop) + stop + ;; + restart) + restart + ;; + reload) + reload + ;; + status) + status --pidfile "$PIDFILE" --expect-user root -- smbd + RETVAL=$? + ;; + condrestart) + if [ -e "$LOCKFILE" ]; then + restart + fi + ;; + condstop) + if [ -e "$LOCKFILE" ]; then + stop + fi + ;; + *) + msg_usage "${0##*/} {start|stop|reload|restart|condstop|condrestart|condreload|status}" + RETVAL=1 +esac + +exit $RETVAL diff --git a/extra/smbprint b/extra/smbprint new file mode 100644 index 0000000..1c3959d --- /dev/null +++ b/extra/smbprint @@ -0,0 +1,84 @@ +#!/bin/sh +# This script is an input filter for printcap printing on a unix machine. It +# uses the smbclient program to print the file to the specified smb-based +# server and service. +# For example you could have a printcap entry like this +# +# smb:lp=/dev/null:sd=/usr/spool/smb:sh:if=/usr/local/samba/smbprint +# +# which would create a unix printer called "smb" that will print via this +# script. You will need to create the spool directory /usr/spool/smb with +# appropriate permissions and ownerships for your system. + +# Set these to the server and service you wish to print to +# In this example I have a WfWg PC called "lapland" that has a printer +# exported called "printer" with no password. + +# +# Script further altered by hamiltom@ecnz.co.nz (Michael Hamilton) +# so that the server, service, and password can be read from +# a /usr/var/spool/lpd/PRINTNAME/.config file. +# +# In order for this to work the /etc/printcap entry must include an +# accounting file (af=...): +# +# cdcolour:\ +# :cm=CD IBM Colorjet on 6th:\ +# :sd=/var/spool/lpd/cdcolour:\ +# :af=/var/spool/lpd/cdcolour/acct:\ +# :if=/usr/local/etc/smbprint:\ +# :mx=0:\ +# :lp=/dev/null: +# +# The /usr/var/spool/lpd/PRINTNAME/.config file should contain: +# share=PC_SERVER +# user="user" +# password="password" +# +# Please, do not modify the order in the file. +# Example: +# share=\\server\deskjet +# user="fred" +# password="" + +# +# The last parameter to the filter is the accounting file name. +# Extract the directory name from the file name. +# Concat this with /.config to get the config file. +# +eval acct_file=\${$#} +spool_dir=`dirname $acct_file` +config_file=$spool_dir/.config + +# Should read the following variables set in the config file: +# share +# hostip +# user +# password + +eval `cat $config_file` + +share=`echo $share | sed "s/[\]/\//g"` + +if [ "$user" != "" ]; then + usercmd="-U" +else + usercmd="" +fi + +if [ "$workgroup" != "" ]; then + workgroupcmd="-W" +else + workgroupcmd="" +fi + +if [ "$translate" = "yes" ]; then + command="translate ; print -" +else + command="print -" +fi +#echo $share $password $translate $x_command > /tmp/smbprint.log + +cat | /usr/bin/smbclient "$share" "$password" -E ${hostip:+-I} \ + $hostip -N -P $usercmd "$user" $workgroupcmd "$workgroup" \ + -c "$command" 2>/dev/null diff --git a/extra/winbind.init b/extra/winbind.init new file mode 100644 index 0000000..5614c41 --- /dev/null +++ b/extra/winbind.init @@ -0,0 +1,102 @@ +#!/bin/sh +# +# chkconfig: - 27 73 +# description: Starts and stops the Samba Winbind daemon \ +# used to provide seamless NT domain integration. +# +# processname: winbindd +# pidfile: /var/run/winbindd.pid +# config: /etc/samba/smb.conf +### BEGIN INIT INFO +# Provides: winbind +# Default-Start: 3 4 5 +# Default-Stop: 0 1 6 +# Should-Start: $syslog nmb +# Should-Stop: $null +# Required-Start: $local_fs $network +# Required-Stop: $null +# Short-Description: Samba Name Service Switch daemon +# Description: Starts and stops the SAMBA winbind daemons \ +# used to provide user and group information \ +# from a NT domain controller to linux. +### END INIT INFO + +# Do not load RH compatibility interface. +WITHOUT_RC_COMPAT=1 + +. /etc/init.d/functions + +# Source networking configuration. +SourceIfNotEmpty /etc/sysconfig/network + +SourceIfNotEmpty /etc/sysconfig/samba + +# Check that smb.conf exists. +[ -s /etc/samba/smb.conf ] || exit + +export TMPDIR=/tmp +LOCKFILE=/var/lock/subsys/winbindd +PIDFILE=/var/run/winbindd.pid +RETVAL=0 + + +start() { + is_yes "$NETWORKING" || return 0 + msg_starting $"Samba Winbind service" + start_daemon --pidfile "$PIDFILE" --lockfile "$LOCKFILE" --expect-user root --no-announce -- winbindd -D "$WINBINDOPTIONS" + RETVAL=$? + return $RETVAL +} + +stop() { + msg_stopping $"Samba Winbind service" + stop_daemon --pidfile "$PIDFILE" --lockfile "$LOCKFILE" --expect-user root --no-announce -- winbindd + RETVAL=$? + return $RETVAL +} + +restart() { + stop + start +} + +reload() { + msg_reloading $"Samba Winbind service" + stop_daemon --pidfile "$PIDFILE" --expect-user root -HUP -- winbindd + RETVAL=$? + return $RETVAL +} + +case "$1" in + start) + start + ;; + stop) + stop + ;; + restart) + restart + ;; + reload) + reload + ;; + status) + status --pidfile "$PIDFILE" --expect-user root -- winbindd + RETVAL=$? + ;; + condrestart) + if [ -e "$LOCKFILE" ]; then + restart + fi + ;; + condstop) + if [ -e "$LOCKFILE" ]; then + stop + fi + ;; + *) + msg_usage "${0##*/} {start|stop|reload|restart|condstop|condrestart|condreload|status}" + RETVAL=1 +esac + +exit $RETVAL diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c index 7c461e5..431db1b 100644 --- a/lib/krb5_wrap/krb5_samba.c +++ b/lib/krb5_wrap/krb5_samba.c @@ -1357,7 +1357,7 @@ krb5_error_code smb_krb5_kt_open(krb5_context context, int cmp; if (keytab_name_req == NULL) { - return KRB5_KT_BADNAME; + goto open_keytab; } if (keytab_name_req[0] == '/') { diff --git a/lib/util/setid.c b/lib/util/setid.c index 88195d8..b75379a 100644 --- a/lib/util/setid.c +++ b/lib/util/setid.c @@ -56,6 +56,11 @@ int samba_setgroups(size_t setlen, const gid_t *gidset); #endif +/* missing SYS_setgroups32 leads to macro problems so define it by hand */ +#if (defined(__e2k__) && defined(__ptr64__)) +#define USE_LINUX_THREAD_CREDENTIALS 1 +#endif + #if defined(USE_LINUX_THREAD_CREDENTIALS) #if defined(HAVE_UNISTD_H) #include @@ -71,10 +76,19 @@ int samba_setgroups(size_t setlen, const gid_t *gidset); /* Ensure we can't compile in a mixed syscall setup. */ #if !defined(USE_LINUX_32BIT_SYSCALLS) #if defined(SYS_setresuid32) || defined(SYS_setresgid32) || defined(SYS_setreuid32) || defined(SYS_setregid32) || defined(SYS_setuid32) || defined(SYS_setgid32) || defined(SYS_setgroups32) +/* Just use 64-bit calls in e2k */ +#if !(defined(__e2k__) && defined(__ptr64__)) #error Mixture of 32-bit Linux system calls and 64-bit calls. #endif #endif +#endif + +#endif +/* Kernels with version <3.14.27 have definition SYS_setgroups32, but we use 64-bit syscalls*/ +#if (defined(__e2k__) && defined(__ptr64__)) +#undef USE_LINUX_32BIT_SYSCALLS +#define USE_LINUX_THREAD_CREDENTIALS 1 #endif /* All the setXX[ug]id functions and setgroups Samba uses. */ diff --git a/packaging/systemd/nmb.service b/packaging/systemd/nmb.service index 71c93d6..4d793a7 100644 --- a/packaging/systemd/nmb.service +++ b/packaging/systemd/nmb.service @@ -7,7 +7,7 @@ Type=notify NotifyAccess=all PIDFile=/run/nmbd.pid EnvironmentFile=-/etc/sysconfig/samba -ExecStart=/usr/sbin/nmbd --foreground --no-process-group $NMBDOPTIONS +ExecStart=/usr/sbin/nmbd --no-process-group $NMBDOPTIONS ExecReload=/usr/bin/kill -HUP $MAINPID LimitCORE=infinity diff --git a/packaging/systemd/samba.service b/packaging/systemd/samba.service index 1b64c3b..a5fb045 100644 --- a/packaging/systemd/samba.service +++ b/packaging/systemd/samba.service @@ -8,7 +8,7 @@ NotifyAccess=all PIDFile=/run/samba.pid LimitNOFILE=16384 EnvironmentFile=-/etc/sysconfig/samba -ExecStart=/usr/sbin/samba --foreground --no-process-group $SAMBAOPTIONS +ExecStart=/usr/sbin/samba --no-process-group $SAMBAOPTIONS ExecReload=/usr/bin/kill -HUP $MAINPID [Install] diff --git a/packaging/systemd/smb.service b/packaging/systemd/smb.service index adf6684..e5fdf82 100644 --- a/packaging/systemd/smb.service +++ b/packaging/systemd/smb.service @@ -8,7 +8,7 @@ NotifyAccess=all PIDFile=/run/smbd.pid LimitNOFILE=16384 EnvironmentFile=-/etc/sysconfig/samba -ExecStart=/usr/sbin/smbd --foreground --no-process-group $SMBDOPTIONS +ExecStart=/usr/sbin/smbd --no-process-group $SMBDOPTIONS ExecReload=/usr/bin/kill -HUP $MAINPID LimitCORE=infinity diff --git a/packaging/systemd/winbind.service b/packaging/systemd/winbind.service index 46b3797..05707b8 100644 --- a/packaging/systemd/winbind.service +++ b/packaging/systemd/winbind.service @@ -7,7 +7,7 @@ Type=notify NotifyAccess=all PIDFile=/run/winbindd.pid EnvironmentFile=-/etc/sysconfig/samba -ExecStart=/usr/sbin/winbindd --foreground --no-process-group "$WINBINDOPTIONS" +ExecStart=/usr/sbin/winbindd --no-process-group "$WINBINDOPTIONS" ExecReload=/usr/bin/kill -HUP $MAINPID LimitCORE=infinity diff --git a/samba4.spec b/samba4.spec new file mode 100644 index 0000000..793706e --- /dev/null +++ b/samba4.spec @@ -0,0 +1,1907 @@ +%define if_branch_le() %if "%(rpmvercmp '%ubt_id' '%1')" <= "0" +%define if_branch_eq() %if "%(rpmvercmp '%ubt_id' '%1')" == "0" +%define if_branch_ge() %if "%(rpmvercmp '%ubt_id' '%1')" >= "0" + +%set_verify_elf_method unresolved=relaxed +%add_findprov_skiplist /%_lib/* +%add_debuginfo_skiplist /%_lib + +%define _localstatedir /var +%define libwbc_alternatives_version 0.14 + +# internal libs +%def_without talloc +%def_without tevent +%def_without tdb +%def_without ldb + +%def_with profiling_data + +# build as separate package +%def_with winbind +%def_with libsmbclient +%def_with libwbclient +%def_with libnetapi +%def_without pam_smbpass +%def_with doc + +%def_with mitkrb5 +%def_without dc +%def_with clustering_support +%def_without testsuite + +%if_with testsuite +# The testsuite only works with a full build right now. +%def_without mitkrb5 +%def_with dc +%endif + +%def_with systemd +%def_enable avahi + +%ifarch e2k e2kv4 +%def_disable glusterfs +%def_without libcephfs +%else +%ifarch mipsel +%def_enable glusterfs +%def_without libcephfs +%else +%def_enable glusterfs +%def_with libcephfs +%endif +%endif + +Name: samba +Version: 4.7.8 +Release: alt1%ubt +Group: System/Servers +Summary: The Samba4 CIFS and AD client and server suite +License: GPLv3+ and LGPLv3+ +Url: http://www.samba.org/ + +Source: %name-%version.tar + +# Red Hat specific replacement-files +Source1: samba.log +Source5: smb.init +Source6: samba.pamd +Source8: winbind.init +Source9: smb.conf.default +Source10: nmb.init +Source11: pam_winbind.conf +Source12: ctdb.init +Source13: samba.limits + +Source200: README.dc +Source201: README.downgrade + +Patch: %name-%version-alt.patch +Patch10: samba-grouppwd.patch + +# fedora patches +Patch100: samba-4.4.2-s3-winbind-make-sure-domain-member-can-talk-to-trust.patch + +Provides: samba4 = %version-%release +Obsoletes: samba4 < %version-%release + +Provides: samba-swat = %version-%release +Obsoletes: samba-swat < %version-%release +Provides: samba4-swat = %version-%release +Obsoletes: samba4-swat < %version-%release +Provides: samba-doc = %version-%release +Obsoletes: samba-doc < %version-%release +Provides: samba4-doc = %version-%release +Obsoletes: samba4-doc < %version-%release + +Requires(pre): %name-common = %version-%release +Requires: %name-libs = %version-%release +Requires: %name-common-tools = %version-%release +%if_with libwbclient +Requires: libwbclient = %version-%release +%endif + +BuildRequires(pre):rpm-build-ubt + +BuildRequires: libe2fs-devel +BuildRequires: libxfs-devel +BuildRequires: libacl-devel +BuildRequires: libattr-devel +BuildRequires: libncurses-devel +BuildRequires: libpam-devel +BuildRequires: perl-devel +BuildRequires: perl-Parse-Yapp +BuildRequires: libpopt-devel +BuildRequires: python-devel +BuildRequires: libreadline-devel +BuildRequires: libldap-devel +BuildRequires: libpopt-devel +BuildRequires: zlib-devel +BuildRequires: glibc-devel glibc-kernheaders +# BuildRequires: libbsd-devel +BuildRequires: setproctitle-devel +BuildRequires: libiniparser-devel +BuildRequires: libkrb5-devel libssl-devel libcups-devel +BuildRequires: gawk libgtk+2-devel libcap-devel libuuid-devel +%{?_with_doc:BuildRequires: inkscape libxslt xsltproc netpbm dblatex html2text docbook-style-xsl} +%{?_without_talloc:BuildRequires: libtalloc-devel >= 2.1.10 libpytalloc-devel} +%{?_without_tevent:BuildRequires: libtevent-devel >= 0.9.36 python-module-tevent} +%{?_without_tdb:BuildRequires: libtdb-devel >= 1.3.15 python-module-tdb} +%{?_without_ldb:BuildRequires: libldb-devel >= 1.2.3 python-module-pyldb-devel} +#{?_with_clustering_support:BuildRequires: ctdb-devel} +%{?_with_testsuite:BuildRequires: ldb-tools} +%if_branch_le M70P +%{?_with_systemd:BuildRequires: systemd-devel} +%else +%{?_with_systemd:BuildRequires: libsystemd-devel} +%endif +%{?_enable_avahi:BuildRequires: libavahi-devel} +%{?_enable_glusterfs:BuildRequires: glusterfs3-devel >= 3.4.0.16} +%{?_with_libcephfs:BuildRequires: ceph-devel} +%{?_with_dc:BuildRequires: libgnutls-devel} + +%description +Samba is the standard Windows interoperability suite of programs for Linux and Unix. + +%package client +Summary: Samba client programs +Group: Networking/Other +Requires(pre): %name-common = %version-%release +Requires: %name-common-tools = %version-%release +Requires: %name-client-libs = %version-%release +%if_with libsmbclient +Requires: libsmbclient = %version-%release +%endif +Provides: samba4-client = %version-%release +Obsoletes: samba4-client < %version-%release +Provides: samba-client-cups = %version-%release +Obsoletes: samba-client-cups < %version-%release + +%description client +The %name-client package provides some SMB/CIFS clients to complement +the built-in SMB/CIFS filesystem in Linux. These clients allow access +of SMB/CIFS shares and printing to SMB/CIFS printers. + +%package client-libs +Summary: Samba client libraries +Group: Networking/Other +Conflicts: samba-common < %version-%release +Requires(pre): %_sysconfdir/samba/smb.conf + +%description client-libs +The samba-client-libs package contains internal libraries needed by the +SMB/CIFS clients. + +%package common +Summary: Files used by both Samba servers and clients +Group: System/Servers +BuildArch: noarch +Provides: samba-utils = %version-%release +Provides: samba4-common = %version-%release +Obsoletes: samba4-common < %version-%release + +%description common +%name-common provides files necessary for both the server and client +packages of Samba. + +%package common-libs +Summary: Libraries used by both Samba servers and clients +Group: System/Libraries +Requires(pre): %_sysconfdir/samba/smb.conf +Requires: %name-client-libs = %version-%release +%if_with libwbclient +Requires: libwbclient = %version-%release +%endif + +%description common-libs +The samba-common-libs package contains internal libraries needed by the +SMB/CIFS clients. + +%package common-tools +Summary: Tools for Samba servers and clients +Group: System/Servers +Requires: %name-libs = %version-%release + +%description common-tools +The samba-common-tools package contains tools for Samba servers and +SMB/CIFS clients. + +%package dc +Summary: Samba AD Domain Controller +Group: System/Servers +Requires: %name-libs = %version-%release +Requires: %name-dc-libs = %version-%release + +Provides: samba4-dc = %version-%release +Obsoletes: samba4-dc < %version-%release + +%description dc +The %name-dc package provides AD Domain Controller functionality + +%package dc-libs +Summary: Samba AD Domain Controller Libraries +Group: System/Libraries +Requires: %name-common-libs = %version-%release +Requires: %name-libs = %version-%release +Provides: samba4-dc-libs = %version-%release +Obsoletes: samba4-dc-libs < %version-%release + +%description dc-libs +The %name-dc-libs package contains the libraries needed by the DC to +link against the SMB, RPC and other protocols. + +%package vfs-cephfs +Summary: Samba VFS module for Ceph distributed storage system +Group: System/Libraries +Requires: %name = %version-%release +Requires: %name-libs = %version-%release + +%description vfs-cephfs +Samba VFS module for Ceph distributed storage system integration. + +%package vfs-glusterfs +Summary: Samba VFS module for GlusterFS +Group: System/Libraries +Requires: %name = %version-%release +Requires: %name-libs = %version-%release + +%description vfs-glusterfs +Samba VFS module for GlusterFS integration. + +%package libs +Summary: Samba libraries +Group: System/Libraries +Provides: samba4-libs = %version-%release +Obsoletes: samba4-libs < %version-%release + +Requires: %name-client-libs = %version-%release + +%if_with libnetapi +Requires: libnetapi = %version-%release +%else +Obsoletes: libnetapi4 < %version-%release +%endif +%if_with libwbclient +Requires: libwbclient = %version-%release +%else +Obsoletes: libwbclient4 < %version-%release +%endif +%if_with libsmbclient +Requires: libsmbclient = %version-%release +%else +Obsoletes: libsmbclient4 < %version-%release +%endif + +%description libs +The %name-libs package contains the libraries needed by programs that +link against the SMB, RPC and other protocols provided by the Samba suite. + +%package -n libsmbclient +Summary: The SMB client library +Group: System/Libraries +Provides: libsmbclient4 = %version-%release +Obsoletes: libsmbclient4 < %version-%release +Requires(pre): %_sysconfdir/samba/smb.conf +Requires: %name-client-libs = %version-%release + +%description -n libsmbclient +The libsmbclient contains the SMB client library from the Samba suite. + +%package -n libsmbclient-devel +Summary: Developer tools for the SMB client library +Group: Development/C +Requires: libsmbclient = %version-%release +Provides: libsmbclient4-devel = %version-%release +Obsoletes: libsmbclient4-devel < %version-%release + +%description -n libsmbclient-devel +The libsmbclient-devel package contains the header files and libraries needed to +develop programs that link against the SMB client library in the Samba suite. + +%package -n libwbclient +Summary: The winbind client library +Group: System/Libraries +Conflicts: samba-winbind-clients < %version +Provides: libwbclient4 = %version-%release +Obsoletes: libwbclient4 < %version-%release +Conflicts: samba-winbind-clients <= 3.6.12-alt1 +Conflicts: samba4-libs < %version-%release +Requires: %name-client-libs = %version-%release + +%description -n libwbclient +The libwbclient package contains the winbind client library from the Samba suite. + +%package -n libwbclient-devel +Summary: Developer tools for the winbind library +Group: Development/C +Requires: libwbclient = %version-%release +Provides: libwbclient4-devel = %version-%release +Obsoletes: libwbclient4-devel < %version-%release + +%description -n libwbclient-devel +The libwbclient-devel package provides developer tools for the wbclient library. + +%package -n libnetapi +Summary: Samba netapi library +Group: System/Libraries +Provides: libnetapi4 = %version-%release +Obsoletes: libnetapi4 < %version-%release + +%description -n libnetapi +Samba netapi library + +%package -n python-module-%name +Summary: Samba Python libraries +Group: Networking/Other +Requires: %name-libs = %version-%release +Provides: python-module-samba4 = %version-%release +Obsoletes: python-module-samba4 < %version-%release + +%add_python_req_skip Tdb + +%description -n python-module-%name +The %name-python package contains the Python libraries needed by programs +that use SMB, RPC and other Samba provided protocols in Python programs. + +%package devel +Summary: Developer tools for Samba libraries +Group: Development/C +Requires: %name-libs = %version-%release +Provides: samba4-devel = %version-%release +Obsoletes: samba4-devel < %version-%release +Provides: libnetapi-devel = %version-%release +Obsoletes: libnetapi-devel < %version-%release + +%description devel +The %name-devel package contains the header files for the libraries +needed to develop programs that link against the SMB, RPC and other +libraries in the Samba suite. + +%package pidl +Summary: Perl IDL compiler +Group: Development/Tools +BuildArch: noarch +# Requires: perl(:MODULE_COMPAT_%(eval "`perl -V:version`"; echo $version)) +Provides: samba4-pidl = %version-%release +Obsoletes: samba4-pidl < %version-%release + +%description pidl +The %name-pidl package contains the Perl IDL compiler used by Samba +and Wireshark to parse IDL and similar protocols + +%package test +Summary: Testing tools for Samba servers and clients +Group: Development/Tools +Requires: %name = %version-%release +Requires: %name-common = %version-%release +Requires: %name-dc = %version-%release +Requires: %name-libs = %version-%release +Requires: %name-winbind = %version-%release +%if_with libsmbclient +Requires: libsmbclient = %version-%release +%endif +Provides: samba4-test = %version-%release +Obsoletes: samba4-test < %version-%release + +%description test +samba4-test provides testing tools for both the server and client +packages of Samba. + +%if_with winbind +%package winbind +Summary: Samba winbind +Group: System/Servers +Requires(pre): %name-common = %version-%release +Requires: %name-common-tools = %version-%release +Requires: %name-libs = %version-%release +Provides: samba4-winbind = %version-%release +Obsoletes: samba4-winbind < %version-%release +%if_with libwbclient +# There are working configurations exists where samba-winbind could be +# using with sssd. Also it could be already installed from installation DVD. +## Conflicts: libwbclient-sssd +Requires: libwbclient +%endif + +%description winbind +The %name-winbind package provides the winbind NSS library, and some +client tools. Winbind enables Linux to be a full member in Windows +domains and to use Windows user and group accounts on Linux. + +%package winbind-clients +Summary: Samba winbind clients +Group: System/Servers +Requires: %name-winbind = %version-%release +%if_with libwbclient +Requires: libwbclient = %version-%release +%endif +Provides: samba4-winbind-clients = %version-%release +Obsoletes: samba4-winbind-clients < %version-%release + +%description winbind-clients +The samba-winbind-clients package provides the NSS library and a PAM +module necessary to communicate to the Winbind Daemon + +%package winbind-krb5-locator +Summary: Samba winbind krb5 locator +Group: System/Servers +%if_with libwbclient +Requires: libwbclient = %version-%release +Requires: %name-winbind = %version-%release +%else +Requires: %name-libs = %version-%release +%endif +Provides: samba4-winbind-krb5-locator = %version-%release +Obsoletes: samba4-winbind-krb5-locator < %version-%release + +%description winbind-krb5-locator +The winbind krb5 locator is a plugin for the system kerberos library to allow +the local kerberos library to use the same KDC as samba and winbind use + +%package winbind-devel +Summary: Developer tools for the winbind library +Group: Development/C +Requires: %name-winbind = %version-%release +Provides: samba4-winbind-devel = %version-%release +Obsoletes: samba4-winbind-devel < %version-%release + +%description winbind-devel +The samba-winbind package provides developer tools for the wbclient library. +%endif + +%package -n ctdb +Summary: A Clustered Database based on Samba's Trivial Database (TDB) +Group: System/Servers + +# for ps and killall +Requires: psmisc +Requires: tdb-utils +# for pkill and pidof: +Requires: procps +# for netstat: +Requires: net-tools +Requires: ethtool +# for ip: +Requires: iproute +Requires: iptables +# for flock, getopt, kill: +Requires: util-linux + +%description -n ctdb +CTDB is a cluster implementation of the TDB database used by Samba and other +projects to store temporary data. If an application is already using TDB for +temporary data it is very easy to convert that application to be cluster aware +and use CTDB instead. + +%package -n ctdb-tests +Summary: CTDB clustered database test suite +Group: Development/Other +Requires: ctdb = %version-%release +Requires: nc + +%description -n ctdb-tests +Test suite for CTDB. +CTDB is a cluster implementation of the TDB database used by Samba and other +projects to store temporary data. If an application is already using TDB for +temporary data it is very easy to convert that application to be cluster aware +and use CTDB instead. + +%if_with doc +%package doc +Summary: Documentation for the Samba suite +Group: Documentation +Requires: %name-common = %version-%release +BuildArch: noarch + +%description doc +The samba-doc package includes all the non-manpage documentation for the +Samba suite. +%endif + +%prep +%setup -q +%patch -p1 +%patch10 -p1 +%patch100 -p 1 -b .samba-4.4.2-s3-winbind-make-sure-domain-member-can-talk-to-trust.patch + +%build + +%define _talloc_lib ,talloc,pytalloc,pytalloc-util +%if_without talloc +%define _talloc_lib ,!talloc,!pytalloc,!pytalloc-util +%endif + +%define _tevent_lib ,tevent,pytevent +%if_without tevent +%define _tevent_lib ,!tevent,!pytevent +%endif + +%define _tdb_lib ,tdb,pytdb +%if_without tdb +%define _tdb_lib ,!tdb,!pytdb +%endif + +%define _ntdb_lib ,ntdb,pyntdb +%if_without ntdb +%define _ntdb_lib ,!ntdb,!pyntdb +%endif + +%define _ldb_lib ,ldb,pyldb,pyldb-util +%if_without ldb +%define _ldb_lib ,!ldb,!pyldb,!pyldb-util +%endif + +%define _samba4_libraries heimdal,!zlib,!popt%{_talloc_lib}%{_tevent_lib}%{_tdb_lib}%{_ldb_lib} + +%define _samba4_idmap_modules idmap_ad,idmap_rid,idmap_adex,idmap_hash,idmap_tdb2,idmap_ldap +%define _samba4_pdb_modules pdb_tdbsam,pdb_ldap,pdb_ads,pdb_smbpasswd,pdb_wbc_sam,pdb_samba4 +%define _samba4_auth_modules auth_unix,auth_wbc,auth_server,auth_netlogond,auth_script,auth_samba4 +# auth_domain needs to be static +%define _samba4_modules %_samba4_idmap_modules,%_samba4_pdb_modules,%_samba4_auth_modules + +%define _libsmbclient %nil +%if_without libsmbclient +%define _libsmbclient smbclient, +%endif + +%define _libwbclient %nil +%if_without libwbclient +%define _libwbclient wbclient, +%endif + +%define _libnetapi %nil +%if_without libnetapi +%define _libnetapi netapi, +%endif + +%define _samba4_private_libraries %{_libsmbclient}%{_libwbclient}%{_libnetapi} + + +%undefine _configure_gettext +%configure \ + --enable-fhs \ + --with-piddir=/var/run \ + --with-sockets-dir=/var/run/samba \ + --with-modulesdir=%_libdir/samba \ + --with-pammodulesdir=%_lib/security \ + --with-lockdir=%_localstatedir/lib/samba \ + --with-cachedir=%_localstatedir/cache/samba \ + --with-privatedir=/var/lib/samba/private \ + --with-shared-modules=%_samba4_modules \ + --bundled-libraries=%_samba4_libraries \ + --with-pam \ + --with-ads \ + --with-pie \ + --with-relro \ + --without-fam \ + --private-libraries=%_samba4_private_libraries \ + --with-libcephfs-common=%_libdir/ceph \ +%if_with mitkrb5 + --with-system-mitkrb5 \ +%endif +%if_without dc + --without-ad-dc \ +%endif +%if_with systemd + --with-systemd \ +%else + --without-systemd \ +%endif +%if_with clustering_support + --with-cluster-support \ +%endif +%if_with testsuite + --enable-selftest \ +%endif +%if_with profiling_data + --with-profiling-data \ +%endif + %{subst_enable avahi} \ + %{subst_enable glusterfs} \ + --disable-rpath \ + --disable-rpath-install + +[ -n "$NPROCS" ] || NPROCS=%__nprocs; export JOBS=$NPROCS +%make_build NPROCS=%__nprocs + +%install +%makeinstall_std + +mkdir -p %buildroot/sbin +mkdir -p %buildroot/usr/{sbin,bin} +mkdir -p %buildroot/%_lib/security +mkdir -p %buildroot/var/lib/samba +mkdir -p %buildroot/var/lib/ctdb +mkdir -p %buildroot%_localstatedir/cache/samba +mkdir -p %buildroot/var/lib/samba/{private,winbindd_privileged,scripts,sysvol} +mkdir -p %buildroot/var/log/samba/old +mkdir -p %buildroot/var/spool/samba +mkdir -p %buildroot/var/run/{samba,winbindd} +mkdir -p %buildroot%_libdir/samba +mkdir -p %buildroot%_pkgconfigdir +mkdir -p %buildroot%_initdir +mkdir -p %buildroot%_unitdir +mkdir -p %buildroot%_sysconfdir/{pam.d,logrotate.d,security,sysconfig} +mkdir -p %buildroot%_tmpfilesdir + +# Move libwbclient.so* into private directory, it cannot be just libdir/samba +# because samba uses rpath with this directory. +install -d -m 0755 %buildroot%_libdir/samba/wbclient +mv %buildroot%_libdir/libwbclient.so* %buildroot%_libdir/samba/wbclient +if [ ! -f %buildroot%_libdir/samba/wbclient/libwbclient.so.%libwbc_alternatives_version ] +then + echo "Expected libwbclient version not found, please check if version has changed." + exit -1 +fi +ln -s ../..%_libdir/samba/wbclient/libwbclient.so.%libwbc_alternatives_version %buildroot%_libdir/ +ln -s ../..%_libdir/samba/wbclient/libwbclient.so.0 %buildroot%_libdir/ +ln -s ../..%_libdir/samba/wbclient/libwbclient.so %buildroot%_libdir/ + +# Add alternatives for libwbclient +mkdir -p %buildroot%_altdir +printf '%_libdir/libwbclient.so.%libwbc_alternatives_version\t%_libdir/samba/wbclient/libwbclient.so.%libwbc_alternatives_version\t10\n' > %buildroot%_altdir/libwbclient-samba +printf '%_libdir/libwbclient.so.0\t%_libdir/samba/wbclient/libwbclient.so.0\t10\n' >> %buildroot%_altdir/libwbclient-samba + +printf '%_libdir/libwbclient.so\t%_libdir/samba/wbclient/libwbclient.so\t10\n' > %buildroot%_altdir/libwbclient-devel-samba + + +# Install other stuff +install -m644 %SOURCE1 %buildroot%_sysconfdir/logrotate.d/samba +install -m644 %SOURCE9 %buildroot%_sysconfdir/samba/smb.conf +install -m644 %SOURCE11 %buildroot%_sysconfdir/security +install -m644 %SOURCE6 %buildroot%_sysconfdir/pam.d/samba +echo 127.0.0.1 localhost > %buildroot%_sysconfdir/samba/lmhosts +mkdir -p %buildroot%_sysconfdir/openldap/schema +install -m644 examples/LDAP/samba.schema %buildroot%_sysconfdir/openldap/schema/samba.schema +install -m755 packaging/printing/smbprint %buildroot%_bindir/smbprint + + +install -m644 packaging/systemd/samba.sysconfig %buildroot%_sysconfdir/sysconfig/samba +install -m644 packaging/RHEL/setup/smbusers %buildroot%_sysconfdir/samba/smbusers + +install -m755 %SOURCE10 %buildroot%_initrddir/nmb +install -m755 %SOURCE5 %buildroot%_initrddir/smb +install -m755 %SOURCE8 %buildroot%_initrddir/winbind + +install -d -m 755 %buildroot%_defaultdocdir/%name +install -m 644 %SOURCE201 %buildroot%_defaultdocdir/%name/README.downgrade + +%if_without dc +install -m 644 %SOURCE200 %buildroot%_defaultdocdir/%name/README.dc +install -m 644 %SOURCE200 %buildroot%_defaultdocdir/%name/README.dc-libs +%endif + +for i in nmb smb winbind ; do + cat packaging/systemd/$i.service | sed -e 's@\[Service\]@[Service]\nEnvironment=KRB5CCNAME=FILE:/run/samba/krb5cc_samba@g' >tmp$i.service + install -m 0644 tmp$i.service %buildroot%_unitdir/$i.service +done +subst 's,Type=notify,Type=forking,' %buildroot%_unitdir/*.service +%if_with clustering_support +install -m755 %SOURCE12 %buildroot%_initrddir/ctdb +install -m 0644 ctdb/config/ctdb.service %buildroot%_unitdir +install -m 0644 ctdb/config/ctdbd.conf %buildroot%_sysconfdir/sysconfig/ctdb +echo "d /var/run/ctdb 755 root root" >> %buildroot%_tmpfilesdir/ctdb.conf +touch %buildroot%_sysconfdir/ctdb/nodes +%endif + +install -m644 packaging/systemd/samba.conf.tmp %buildroot%_tmpfilesdir/%name.conf + +# NetworkManager online/offline script +install -d -m 0755 %buildroot%_sysconfdir/NetworkManager/dispatcher.d/ +install -m 0755 packaging/NetworkManager/30-winbind-systemd \ + %buildroot%_sysconfdir/NetworkManager/dispatcher.d/30-winbind + + +# Clean out crap left behind by the PIDL install. +find %buildroot -type f -name .packlist -exec rm -f {} \; +rm -f %buildroot%perl_vendorlib/wscript_build +rm -rf %buildroot%perl_vendorlib/Parse/Yapp + +# winbind +ln -sf ..%_libdir/libnss_winbind.so %buildroot/%_lib/libnss_winbind.so.2 +ln -sf ..%_libdir/libnss_wins.so %buildroot/%_lib/libnss_wins.so.2 + +mkdir -p %buildroot%_libdir/krb5/plugins/libkrb5 +mv %buildroot%_libdir/winbind_krb5_locator.so %buildroot%_libdir/krb5/plugins/libkrb5/ + +#cups backend +%define cups_serverbin %(cups-config --serverbin 2>/dev/null) +mkdir -p %buildroot%{cups_serverbin}/backend +ln -s %_bindir/smbspool %buildroot%{cups_serverbin}/backend/smb + +# Fix up permission on perl install. +%_fixperms %buildroot%perl_vendor_privlib + +# remove tests form python modules +rm -rf %buildroot%python_sitelibdir/samba/{tests,external/subunit,external/testtool} + +# remove cmocka library +rm -f %buildroot%_libdir/samba/libcmocka-samba4.so + +# Install documentation +%if_with doc +#mkdir -p %buildroot%_defaultdocdir/%name/ +#cp -a docs-xml/output/htmldocs %buildroot%_defaultdocdir/%name/ +%endif + +# Cleanup man pages +%if_without libsmbclient +/bin/rm -f %buildroot%_man7dir/libsmbclient.7* +%endif + +# Install pidl/lib/Parse/Pidl/Samba3/Template.pm +cp -a pidl/lib/Parse/Pidl/Samba3/Template.pm %buildroot%_datadir/perl5/Parse/Pidl/Samba3/ + +# Install limits +mkdir -p %buildroot%_sysconfdir/security/limits.d/ +install -m644 %SOURCE13 %buildroot%_sysconfdir/security/limits.d/90-samba.conf + +%find_lang pam_winbind +%find_lang net + +%if_with testsuite +%check +TDB_NO_FSYNC=1 %make_build test +%endif + +%post +%post_service smb +%post_service nmb + +%preun +%preun_service smb +%preun_service nmb + +%if_with winbind +%pre winbind +%_sbindir/groupadd -f -r wbpriv >/dev/null 2>&1 || : + +%post winbind +%post_service winbind + +%preun winbind +%preun_service winbind +%endif + +%post -n ctdb +%post_service ctdb + +%preun -n ctdb +%preun_service ctdb + +%files +%doc COPYING README WHATSNEW.txt +%doc examples/autofs examples/LDAP examples/misc +%doc examples/printer-accounting examples/printing +%doc %_defaultdocdir/%name/README.downgrade +%_bindir/smbstatus +%_bindir/eventlogadm +%_sbindir/nmbd +%_sbindir/smbd +%_libdir/samba/auth +%_libdir/samba/vfs +%config(noreplace) %_sysconfdir/samba/smbusers +%attr(755,root,root) %_initdir/smb +%attr(755,root,root) %_initdir/nmb +%_unitdir/nmb.service +%_unitdir/smb.service +%attr(1777,root,root) %dir /var/spool/samba +%_sysconfdir/openldap/schema/samba.schema +%_sysconfdir/pam.d/samba +%if_with doc +%_man1dir/smbstatus.1* +%_man8dir/eventlogadm.8* +%_man8dir/smbd.8* +%_man8dir/nmbd.8* +%_man8dir/vfs_*.8* +%endif #doc + +%if_with libcephfs +%exclude %_libdir/samba/vfs/ceph.so +%if_with doc +%exclude %_man8dir/vfs_ceph.8* +%endif #doc +%endif # ! libcephfs +%if_enabled glusterfs +%exclude %_libdir/samba/vfs/glusterfs.so +%if_with doc +%exclude %_man8dir/vfs_glusterfs.8* +%endif #doc +%endif # ! glusterfs + +%files client +%_bindir/cifsdd +%_bindir/dbwrap_tool +%_bindir/findsmb +%_bindir/nmblookup +%_bindir/oLschema2ldif +%_bindir/regdiff +%_bindir/regpatch +%_bindir/regshell +%_bindir/regtree +%_bindir/rpcclient +%_bindir/samba-regedit +%_bindir/sharesec +%_bindir/smbcacls +%_bindir/smbclient +%_bindir/smbcquotas +%_bindir/smbget +#%_bindir/smbiconv +%_bindir/smbprint +%_bindir/smbspool +#_bindir/smbta-util +%_bindir/smbtar +%_bindir/smbtree +%_libexecdir/samba/smbspool_krb5_wrapper +%{cups_serverbin}/backend/smb +%if_with doc +%_man1dir/dbwrap_tool.1* +%_man1dir/nmblookup.1* +%_man1dir/oLschema2ldif.1* +%_man1dir/regdiff.1* +%_man8dir/samba-regedit.8* +%_man1dir/regpatch.1* +%_man1dir/regshell.1* +%_man1dir/regtree.1* +%exclude %_man1dir/findsmb.1* +%_man1dir/log2pcap.1* +%_man1dir/rpcclient.1* +%_man1dir/sharesec.1* +%_man1dir/smbcacls.1* +%_man1dir/smbclient.1* +%_man1dir/smbcquotas.1* +%_man1dir/smbget.1* +%_man5dir/smbgetrc.5* +%exclude %_man1dir/smbtar.1* +%_man1dir/smbtree.1* +%_man8dir/smbspool.8* +%_man8dir/smbspool_krb5_wrapper.8* +#_man8dir/smbta-util.8* +%_man8dir/cifsdd.8* +%endif #doc + +%if_with ntdb +%_bindir/ntdbbackup +%_bindir/ntdbdump +%_bindir/ntdbrestore +%_bindir/ntdbtool +%if_with doc +%_man3dir/ntdb.3* +%_man8dir/ntdbbackup.8* +%_man8dir/ntdbdump.8* +%_man8dir/ntdbrestore.8* +%_man8dir/ntdbtool.8* +%endif #doc +%endif #ntdb +%if_with tdb +%_bindir/tdbbackup +%_bindir/tdbdump +%_bindir/tdbrestore +%_bindir/tdbtool +%if_with doc +%_man8dir/tdbbackup.8* +%_man8dir/tdbdump.8* +%_man8dir/tdbrestore.8* +%_man8dir/tdbtool.8* +%endif #doc +%endif #tdb + +%if_with ldb +%_bindir/ldbadd +%_bindir/ldbdel +%_bindir/ldbedit +%_bindir/ldbmodify +%_bindir/ldbrename +%_bindir/ldbsearch +%if_with doc +%_man1dir/ldbadd.1* +%_man1dir/ldbdel.1* +%_man1dir/ldbedit.1* +%_man1dir/ldbmodify.1* +%_man1dir/ldbrename.1* +%_man1dir/ldbsearch.1* +%_libdir/samba/libldb-cmdline.so +%endif #doc +%endif #ldb + +%files client-libs +%_libdir/libdcerpc-binding.so.* +%_libdir/libndr.so.* +%_libdir/libndr-krb5pac.so.* +%_libdir/libndr-nbt.so.* +%_libdir/libndr-standard.so.* +%_libdir/libsamba-credentials.so.* +%_libdir/libsamba-errors.so.* +%_libdir/libsamba-passdb.so.* +%_libdir/libsamba-util.so.* +%_libdir/libsamba-hostconfig.so.* +%_libdir/libsamdb.so.* +%_libdir/libsmbconf.so.* +%_libdir/libsmbldap.so.* +%_libdir/libtevent-util.so.* +%_libdir/libdcerpc.so.* + +%dir %_libdir/samba +%_libdir/samba/libCHARSET3-samba4.so +%_libdir/samba/libaddns-samba4.so +%_libdir/samba/libads-samba4.so +%_libdir/samba/libasn1util-samba4.so +%_libdir/samba/libauth-samba4.so +%_libdir/samba/libauthkrb5-samba4.so +%_libdir/samba/libcli-cldap-samba4.so +%_libdir/samba/libcli-ldap-common-samba4.so +%_libdir/samba/libcli-ldap-samba4.so +%_libdir/samba/libcli-nbt-samba4.so +%_libdir/samba/libcli-smb-common-samba4.so +%_libdir/samba/libcli-spoolss-samba4.so +%_libdir/samba/libcliauth-samba4.so +%_libdir/samba/libcmdline-credentials-samba4.so +%_libdir/samba/libcommon-auth-samba4.so +%_libdir/samba/libdbwrap-samba4.so +%_libdir/samba/libdcerpc-samba-samba4.so +%_libdir/samba/libevents-samba4.so +%_libdir/samba/libflag-mapping-samba4.so +%_libdir/samba/libgenrand-samba4.so +%_libdir/samba/libgensec-samba4.so +%_libdir/samba/libgpo-samba4.so +%_libdir/samba/libgse-samba4.so +%_libdir/samba/libhttp-samba4.so +%_libdir/samba/libinterfaces-samba4.so +%_libdir/samba/libiov-buf-samba4.so +%_libdir/samba/libkrb5samba-samba4.so +%_libdir/samba/libldbsamba-samba4.so +%_libdir/samba/liblibcli-lsa3-samba4.so +%_libdir/samba/liblibcli-netlogon3-samba4.so +%_libdir/samba/liblibsmb-samba4.so +%_libdir/samba/libmessages-dgm-samba4.so +%_libdir/samba/libmessages-util-samba4.so +%_libdir/samba/libmsghdr-samba4.so +%_libdir/samba/libmsrpc3-samba4.so +%_libdir/samba/libndr-samba-samba4.so +%_libdir/samba/libndr-samba4.so +%_libdir/samba/libnet-keytab-samba4.so +%_libdir/samba/libnetif-samba4.so +%_libdir/samba/libnpa-tstream-samba4.so +%_libdir/samba/libprinting-migrate-samba4.so +%_libdir/samba/libregistry-samba4.so +%_libdir/samba/libreplace-samba4.so +%_libdir/samba/libsamba-cluster-support-samba4.so +%_libdir/samba/libsamba-debug-samba4.so +%_libdir/samba/libsamba-modules-samba4.so +%_libdir/samba/libsamba-security-samba4.so +%_libdir/samba/libsamba-sockets-samba4.so +%_libdir/samba/libsamba3-util-samba4.so +%_libdir/samba/libsamdb-common-samba4.so +%_libdir/samba/libsecrets3-samba4.so +%_libdir/samba/libserver-id-db-samba4.so +%_libdir/samba/libserver-role-samba4.so +%_libdir/samba/libsmb-transport-samba4.so +%_libdir/samba/libsmbclient-raw-samba4.so +%_libdir/samba/libsmbd-base-samba4.so +%_libdir/samba/libsmbd-conn-samba4.so +%_libdir/samba/libsmbd-shim-samba4.so +%_libdir/samba/libsmbldaphelper-samba4.so +%_libdir/samba/libsys-rw-samba4.so +%_libdir/samba/libsocket-blocking-samba4.so +%_libdir/samba/libtalloc-report-samba4.so +%_libdir/samba/libtdb-wrap-samba4.so +%_libdir/samba/libtime-basic-samba4.so +%_libdir/samba/libtorture-samba4.so +%_libdir/samba/libtrusts-util-samba4.so +%_libdir/samba/libutil-cmdline-samba4.so +%_libdir/samba/libutil-reg-samba4.so +%_libdir/samba/libutil-setid-samba4.so +%_libdir/samba/libutil-tdb-samba4.so + +%if_without libwbclient +%_libdir/libwbclient.so.* +%_libdir/samba/wbclient/libwbclient.so.* +%_libdir/samba/libwinbind-client-samba4.so +%_altdir/libwbclient-samba +%endif # ! with_libwbclient + +%if_without libsmbclient +%_libdir/samba/libsmbclient.so.* +%if_with doc +%_mandir/man7/libsmbclient.7* +%endif #doc +%endif # ! with_libsmbclient + +%if_with talloc +%_libdir/samba/libtalloc.so.* +%_libdir/samba/libpytalloc-util.so.* +%if_with doc +%_man3dir/talloc.3.* +%endif #doc +%endif #talloc + +%if_with tevent +%_libdir/samba/libtevent.so.* +%endif + +%if_with tdb +%_libdir/samba/libtdb.so.* +%endif + +%if_with ldb +%_libdir/samba/libldb.so.* +%if_with doc +%_man3dir/ldb.3.* +%endif #doc +%endif #ldb + +%files common +%_tmpfilesdir/%name.conf +%config(noreplace) %_sysconfdir/logrotate.d/samba +%config(noreplace) %_sysconfdir/security/limits.d/90-samba.conf +%attr(0700,root,root) %dir /var/log/samba +%attr(0700,root,root) %dir /var/log/samba/old +%dir /var/run/samba +%dir /var/run/winbindd +%dir /var/lib/samba +%attr(755,root,root) %dir %_localstatedir/cache/samba +%attr(700,root,root) %dir /var/lib/samba/private +%attr(755,root,root) %dir %_sysconfdir/samba +%config(noreplace) %_sysconfdir/samba/smb.conf +%config(noreplace) %_sysconfdir/samba/lmhosts +%config(noreplace) %_sysconfdir/sysconfig/samba + +%files common-libs +%_libdir/samba/libpopt-samba3-samba4.so + +%_libdir/samba/pdb + +%if_with pam_smbpass +%_libdir/security/pam_smbpass.so +%endif + +%files common-tools -f net.lang +%_bindir/mvxattr +%_bindir/net +%_bindir/pdbedit +%_bindir/profiles +%_bindir/smbcontrol +%_bindir/smbpasswd +%_bindir/testparm +%if_with doc +%_man1dir/mvxattr.1* +%_man1dir/profiles.1* +%_man1dir/smbcontrol.1* +%_man1dir/testparm.1* +%_man5dir/lmhosts.5* +%_man5dir/smb.conf.5* +%_man5dir/smbpasswd.5* +%_man7dir/samba.7* +%_man8dir/net.8* +%_man8dir/pdbedit.8* +%_man8dir/smbpasswd.8* +%endif #doc + +%files dc +%if_with dc +%_bindir/samba-tool +%_sbindir/samba +%_sbindir/samba_kcc +%_sbindir/samba_dnsupdate +%_sbindir/samba_spnupdate +%_sbindir/samba_upgradedns +%_sbindir/upgradeprovision +%_libdir/samba/bind9/dlz_bind9.so +%_libdir/samba/libheimntlm-samba4.so.* +%_libdir/samba/libkdc-samba4.so.* +%_libdir/samba/libpac-samba4.so +%dir %_libdir/samba/gensec +%_libdir/samba/gensec/krb5.so +%dir /var/lib/samba/sysvol +%_datadir/samba/setup +%if_with doc +%_man8dir/samba.8* +%_man8dir/samba-tool.8* +%endif #doc +%else +%doc %_defaultdocdir/%name/README.dc +%if_with doc +%exclude %_man8dir/samba.8* +%exclude %_man8dir/samba-tool.8* +%endif #doc +%exclude %_libdir/samba/ldb/ildap.so +%exclude %_libdir/samba/ldb/ldbsamba_extensions.so +%endif + +%files dc-libs +%if_with dc +%_libdir/samba/libprocess-model-samba4.so +%_libdir/samba/libservice-samba4.so +%dir %_libdir/samba/process_model +%_libdir/samba/process_model/standard.so +%dir %_libdir/samba/service +%_libdir/samba/service/cldap.so +%_libdir/samba/service/dcerpc.so +%_libdir/samba/service/dns.so +%_libdir/samba/service/dns_update.so +%_libdir/samba/service/drepl.so +%_libdir/samba/service/kcc.so +%_libdir/samba/service/kdc.so +%_libdir/samba/service/ldap.so +%_libdir/samba/service/nbtd.so +%_libdir/samba/service/ntp_signd.so +%_libdir/samba/service/s3fs.so +%_libdir/samba/service/smb.so +%_libdir/samba/service/web.so +%_libdir/samba/service/winbindd.so +%_libdir/samba/service/wrepl.so +%_libdir/libdcerpc-server.so.* +%_libdir/samba/libdfs-server-ad-samba4.so +%_libdir/samba/libdnsserver-common-samba4.so +%_libdir/samba/libdsdb-module-samba4.so +%_libdir/samba/libntvfs-samba4.so +%_libdir/samba/libposix-eadb-samba4.so +%_libdir/samba/bind9/dlz_bind9_9.so +%else +%doc %_defaultdocdir/%name/README.dc-libs +%endif + +%files devel +%_includedir/samba-4.0 + +%exclude %_includedir/samba-4.0/netapi.h +#%exclude %_includedir/samba-4.0/torture.h +%if_with libsmbclient +%exclude %_includedir/samba-4.0/libsmbclient.h +%endif +%if_with libwbclient +%exclude %_includedir/samba-4.0/wbclient.h +%endif + +%_libdir/libdcerpc-binding.so +%_libdir/libdcerpc-samr.so +%_libdir/libdcerpc.so +%_libdir/libndr-krb5pac.so +%_libdir/libndr-nbt.so +%_libdir/libndr-standard.so +%_libdir/libndr.so +%_libdir/libnetapi.so +%_libdir/libsamba-credentials.so +%_libdir/libsamba-errors.so +%_libdir/libsamba-hostconfig.so +%_libdir/libsamba-policy.so +%_libdir/libsamba-util.so +%_libdir/libsamdb.so +%_libdir/libsmbconf.so +%_libdir/libtevent-util.so +%_libdir/libsamba-passdb.so +%_libdir/libsmbldap.so + +%_pkgconfigdir/dcerpc.pc +%_pkgconfigdir/dcerpc_samr.pc +%_pkgconfigdir/ndr.pc +%_pkgconfigdir/ndr_krb5pac.pc +%_pkgconfigdir/ndr_nbt.pc +%_pkgconfigdir/ndr_standard.pc +%_pkgconfigdir/netapi.pc +%_pkgconfigdir/samba-credentials.pc +%_pkgconfigdir/samba-hostconfig.pc +%_pkgconfigdir/samba-policy.pc +%_pkgconfigdir/samba-util.pc +%_pkgconfigdir/samdb.pc + +%if_with dc +%_libdir/libdcerpc-server.so +%_pkgconfigdir/dcerpc_server.pc +%endif + +%if_with libcephfs +%files vfs-cephfs +%_libdir/samba/vfs/ceph.so +%if_with doc +%_man8dir/vfs_ceph.8* +%endif #doc +%endif #vfs-cephfs + +%if_enabled glusterfs +%files vfs-glusterfs +%_libdir/samba/vfs/glusterfs.so +%if_with doc +%_man8dir/vfs_glusterfs.8* +%endif #doc +%endif #vfs-glusterfs + +%files libs +%_libdir/libdcerpc-samr.so.* +%_libdir/libsamba-policy.so.* + +# libraries needed by the public libraries +%_libdir/samba/libMESSAGING-samba4.so +%_libdir/samba/libMESSAGING-SEND-samba4.so +%_libdir/samba/libLIBWBCLIENT-OLD-samba4.so +%_libdir/samba/libauth4-samba4.so +%_libdir/samba/libauth-unix-token-samba4.so +%_libdir/samba/libcluster-samba4.so +%_libdir/samba/libdcerpc-samba4.so +%_libdir/samba/libdsdb-garbage-collect-tombstones-samba4.so +%_libdir/samba/libnon-posix-acls-samba4.so +%_libdir/samba/libposix-eadb-samba4.so +%_libdir/samba/libsamba-net-samba4.so +%_libdir/samba/libsamba-python-samba4.so +%_libdir/samba/libshares-samba4.so +%_libdir/samba/libsmbpasswdparser-samba4.so +%_libdir/samba/libxattr-tdb-samba4.so + +%if_with dc +%_libdir/samba/libdb-glue-samba4.so +%_libdir/samba/libHDB-SAMBA4-samba4.so +%_libdir/samba/libasn1-samba4.so.* +%_libdir/samba/libgssapi-samba4.so.* +%_libdir/samba/libhcrypto-samba4.so.* +%_libdir/samba/libhdb-samba4.so.* +%_libdir/samba/libheimbase-samba4.so.* +%_libdir/samba/libhx509-samba4.so.* +%_libdir/samba/libkrb5-samba4.so.* +%_libdir/samba/libroken-samba4.so.* +%_libdir/samba/libwind-samba4.so.* +%endif + +%if_with libsmbclient +%files -n libsmbclient +%_libdir/libsmbclient.so.* + +%files -n libsmbclient-devel +%_includedir/samba-4.0/libsmbclient.h +%_libdir/libsmbclient.so +%_pkgconfigdir/smbclient.pc +%if_with doc +%_man7dir/libsmbclient.7* +%endif #doc +%endif #libsmbclient-devel + +%if_with libwbclient +%files -n libwbclient +%ghost %_libdir/libwbclient.so.* +%_libdir/samba/wbclient/libwbclient.so.* +%_libdir/samba/libwinbind-client-samba4.so +%_altdir/libwbclient-samba + +%files -n libwbclient-devel +%_includedir/samba-4.0/wbclient.h +%ghost %_libdir/libwbclient.so +%_libdir/samba/wbclient/libwbclient.so +%_altdir/libwbclient-devel-samba +%_pkgconfigdir/wbclient.pc +%endif + +%if_with libnetapi +%files -n libnetapi +%_libdir/libnetapi.so.* +%endif + +%files pidl +%attr(755,root,root) %_bindir/pidl +%if_with doc +%_man1dir/pidl.1.* +%_man3dir/Parse::Pidl::* +%endif +%perl_vendor_privlib/* + +%files -n python-module-%name +%python_sitelibdir/* + +%if_with doc +#%files doc +#%doc docs-xml/output/htmldocs +%endif + +%files test +%_bindir/gentest +%_bindir/locktest +%_bindir/masktest +%_bindir/ndrdump +%_bindir/smbtorture +%if_with doc +%_man1dir/gentest.1* +%_man1dir/locktest.1* +%_man1dir/masktest.1* +%_man1dir/ndrdump.1* +%_man1dir/smbtorture.1* +%_man1dir/vfstest.1* +%endif #doc + +%if_with testsuite +# files to ignore in testsuite mode +%_libdir/samba/libnss-wrapper.so +%_libdir/samba/libsocket-wrapper.so +%_libdir/samba/libuid-wrapper.so +%endif + +%if_without dc +%_libdir/samba/libdsdb-module-samba4.so +%endif + +%if_with winbind +%files winbind -f pam_winbind.lang +%_libdir/samba/idmap +%_libdir/samba/nss_info +%_libdir/samba/libnss-info-samba4.so +%_libdir/samba/libidmap-samba4.so +%_sbindir/winbindd +%attr(750,root,wbpriv) %dir /var/lib/samba/winbindd_privileged +%_unitdir/winbind.service +%attr(755,root,root) %_initrddir/winbind +%_sysconfdir/NetworkManager/dispatcher.d/30-winbind + +%if_with doc +%_man8dir/winbindd.8* +%_man8dir/idmap_*.8* +%endif #endif + +%files winbind-clients +%_bindir/ntlm_auth +%_bindir/wbinfo +%_libdir/libnss_winbind.so* +/%_lib/libnss_winbind.so.* +%_libdir/libnss_wins.so* +/%_lib/libnss_wins.so.* +/%_lib/security/pam_winbind.so +%config(noreplace) %_sysconfdir/security/pam_winbind.conf +%if_with doc +%_man1dir/ntlm_auth.1.* +%_man1dir/wbinfo.1* +%_man5dir/pam_winbind.conf.5* +%_man8dir/pam_winbind.8* +%endif #doc + +%files winbind-krb5-locator +%_libdir/krb5/plugins/libkrb5/winbind_krb5_locator.so +%if_with doc +%_man7dir/winbind_krb5_locator.7* +%endif #doc +%endif + +%if_with clustering_support +%files -n ctdb +#doc ctdb/README +%config(noreplace) %_sysconfdir/sysconfig/ctdb +%dir %_sysconfdir/ctdb +%config(noreplace) %_sysconfdir/ctdb/nodes +%config(noreplace) %_sysconfdir/ctdb/notify.sh +%config(noreplace) %_sysconfdir/ctdb/debug-hung-script.sh +%config(noreplace) %_sysconfdir/ctdb/ctdb-crash-cleanup.sh +%config(noreplace) %_sysconfdir/ctdb/gcore_trace.sh +%config(noreplace) %_sysconfdir/ctdb/functions +%config(noreplace) %_sysconfdir/ctdb/debug_locks.sh +%_sysconfdir/ctdb/statd-callout +%dir /var/lib/ctdb +%_unitdir/ctdb.service +%_initdir/ctdb +%_tmpfilesdir/ctdb.conf + +%_sysconfdir/ctdb/nfs-checks.d +%_sysconfdir/ctdb/nfs-linux-kernel-callout +%_sysconfdir/sudoers.d/ctdb +%_sysconfdir/ctdb/events.d +%dir %_sysconfdir/ctdb/notify.d +%_sysconfdir/ctdb/notify.d/README +%_sbindir/ctdbd +%_sbindir/ctdbd_wrapper +%_bindir/ctdb +%_bindir/ctdb_diagnostics +%_bindir/ltdbtool +%_bindir/onnode +%_bindir/ping_pong +%_libexecdir/ctdb/ctdb_event +%_libexecdir/ctdb/ctdb_eventd +%_libexecdir/ctdb/ctdb_killtcp +%_libexecdir/ctdb/ctdb_lock_helper +%_libexecdir/ctdb/ctdb_lvs +%_libexecdir/ctdb/ctdb_mutex_fcntl_helper +%_libexecdir/ctdb/ctdb_natgw +%_libexecdir/ctdb/ctdb_recovery_helper +%_libexecdir/ctdb/ctdb_takeover_helper +%_libexecdir/ctdb/smnotify + +%if_with doc +%_man1dir/ctdb.1* +%_man1dir/ctdbd.1* +%_man1dir/onnode.1* +%_man1dir/ltdbtool.1* +%_man1dir/ping_pong.1* +%_man1dir/ctdb_diagnostics.1* +%_man1dir/ctdbd_wrapper.1* +%_man5dir/ctdbd.conf.5* +%_man7dir/ctdb.7* +%_man7dir/ctdb-tunables.7* +%_man7dir/ctdb-statistics.7* +%endif #doc + +%files -n ctdb-tests +%_libexecdir/ctdb/tests +%_bindir/ctdb_run_tests +%_bindir/ctdb_run_cluster_tests +%_datadir/ctdb/tests +%doc ctdb/tests/README +%endif + +%changelog +* Fri Jun 22 2018 Evgeny Sinelnikov 4.7.8-alt1%ubt +- Update to first summer release of Samba 4.7 +- Rebuild for e2k with missing SYS_setgroups32 +- Disable glusterfs and cephfs for e2k +- Disable cephfs support for mipsel + +* Fri Jun 08 2018 Evgeny Sinelnikov 4.7.7-alt2%ubt +- Avoid client libraries requires to samba-common +- Fix build against new python Sisyphus release with libnsl2 + +* Wed Apr 18 2018 Evgeny Sinelnikov 4.7.7-alt1%ubt +- Update to first spring release of Samba 4.7 + +* Fri Mar 23 2018 Evgeny Sinelnikov 4.7.6-alt1%ubt +- Update to latest winter release of Samba 4.7 + +* Thu Mar 15 2018 Evgeny Sinelnikov 4.6.14-alt1%ubt.1 +- Rebuild security release (Fixes: CVE-2018-1050, CVE-2018-1057) with old + ceph version without libceph-common for c7/c8 + +* Mon Mar 12 2018 Evgeny Sinelnikov 4.6.14-alt1%ubt +- Update to spring security release +- Security fixes: + + CVE-2018-1050 Codenomicon crashes in spoolss server code + + CVE-2018-1057 Unprivileged user can change any user (and admin) password + +* Tue Feb 20 2018 Evgeny Sinelnikov 4.6.13-alt1%ubt +- Update to second winter release with common bugfixes + +* Tue Jan 23 2018 Evgeny Sinelnikov 4.6.12-alt2%ubt +- Fix trouble with joined machine account moving when it already exists. + Move it only if the admin specified an explicit OU (Samba bug #12696) + +* Fri Jan 05 2018 Evgeny Sinelnikov 4.7.4-alt1%ubt +- Update to first winter release of Samba 4.7 + +* Thu Dec 21 2017 Evgeny Sinelnikov 4.6.12-alt1%ubt +- Update to first winter release with common bugfixes (closes: 33210) + +* Wed Nov 29 2017 Evgeny Sinelnikov 4.6.11-alt2%ubt +- Backport from Heimdal upstream include/includedir directives for krb5.conf + +* Tue Nov 21 2017 Evgeny Sinelnikov 4.7.3-alt1%ubt +- Update to second autumn security release of Samba 4.7 + +* Tue Nov 21 2017 Evgeny Sinelnikov 4.6.11-alt1%ubt +- Second autumn security release (Fixes: CVE-2017-14746, CVE-2017-15275) + +* Fri Nov 17 2017 Evgeny Sinelnikov 4.7.2-alt1%ubt +- Update to third autumn release of Samba 4.7 + +* Thu Nov 16 2017 Evgeny Sinelnikov 4.6.10-alt1%ubt +- Update for third autumn release with common bugfixes + +* Wed Oct 25 2017 Evgeny Sinelnikov 4.6.9-alt1%ubt +- Update for second autumn release with common bugfixes + +* Wed Sep 27 2017 Alexey Shabalin 4.6.8-alt2%ubt +- rebuild with new libcephfs + +* Thu Sep 21 2017 Evgeny Sinelnikov 4.7.0-alt1%ubt +- Update to new autumn release of Samba 4.7 + +* Wed Sep 20 2017 Evgeny Sinelnikov 4.6.8-alt1%ubt +- Update for autumn security release: + + CVE-2017-12150 (SMB1/2/3 connections may not require signing where they + should) + + CVE-2017-12151 (SMB3 connections don't keep encryption across DFS redirects) + + CVE-2017-12163 (Server memory information leak over SMB1) + +* Wed Sep 20 2017 Evgeny Sinelnikov 4.6.7-alt3%ubt +- Avoid build trouble with ubt macros id on branch c8 + +* Fri Aug 18 2017 Evgeny Sinelnikov 4.6.7-alt2%ubt +- Clean code from old merged chunks +- Enable parallel build + +* Wed Aug 09 2017 Evgeny Sinelnikov 4.6.7-alt1%ubt +- Update to second summer release + +* Sat Jul 15 2017 Evgeny Sinelnikov 4.6.6-alt2%ubt +- Rebuild with universal build tag (aka ubt macros) for p7 and c7 + +* Wed Jul 12 2017 Evgeny Sinelnikov 4.6.6-alt1%ubt +- Update to summer security release +- Security fixes: + + CVE-2017-11103 Orpheus' Lyre KDC-REP service name validation + (Samba binaries built against MIT Kerberos are not vulnerable.) + +* Tue Jun 06 2017 Evgeny Sinelnikov 4.6.5-alt1%ubt +- Udpate to first summer release + +* Wed May 24 2017 Evgeny Sinelnikov 4.6.4-alt1%ubt +- Update to second spring security release +- Fix longtime initialization bug in ldb proxy +- Security fixes: + + CVE-2017-7494 Remote code execution from a writable share + +* Tue Apr 25 2017 Evgeny Sinelnikov 4.6.3-alt1%ubt +- Udpate to second spring release + +* Wed Apr 19 2017 Evgeny Sinelnikov 4.6.2-alt3%ubt +- Remove conflict winbind with libwbclient-sssd due upgrade problems + +* Wed Apr 12 2017 Evgeny Sinelnikov 4.6.2-alt2%ubt +- Fix problem with failed to create kerberos keytab during join to domain + +* Fri Mar 31 2017 Evgeny Sinelnikov 4.6.2-alt1%ubt +- Update with regression fix of spring security release +- Revert winbind problem fixes with access user to keytab due troubles in 4.6.x + +* Thu Mar 23 2017 Evgeny Sinelnikov 4.6.1-alt1%ubt +- Update to spring security release +- Fixed build --without docs (closes: 33118) +- Security fixes: + + CVE-2017-2619 Symlink race allows access outside share definition + +* Tue Mar 07 2017 Evgeny Sinelnikov 4.6.0-alt1%ubt +- Udpate to first spring release + +* Wed Feb 01 2017 Evgeny Sinelnikov 4.5.5-alt1%ubt +- Update to winter release + +* Sun Jan 01 2017 Evgeny Sinelnikov 4.5.3-alt3%ubt +- Fix winbind problem with access user to keytab + +* Wed Dec 28 2016 Evgeny Sinelnikov 4.5.3-alt2%ubt +- Do not delete an existing valid credential cache for KEYRING type +- Set FQDN to lower at fill_mem_keytab_from_system_keytab() + +* Mon Dec 19 2016 Evgeny Sinelnikov 4.5.3-alt1%ubt +- Update for release with security fixes: + - CVE-2016-2123 (ndr_pull_dnsp_name contains an integer wrap problem) + - CVE-2016-2125 (client code always requests a forwardable ticket) + - CVE-2016-2126 (crash winbindd using a legitimate Kerberos ticket) + +* Mon Dec 12 2016 Evgeny Sinelnikov 4.5.2-alt1%ubt +- Udpate to first winter release + +* Sat Dec 03 2016 Evgeny Sinelnikov 4.5.1-alt2 +- Add conflict winbind with libwbclient-sssd due compatibility +- Update build dependencies versions for external samba libraries + +* Sat Oct 29 2016 Evgeny Sinelnikov 4.5.1-alt1 +- Update with variety of fixes for autumn release + +* Fri Sep 09 2016 Evgeny Sinelnikov 4.5.0-alt1 +- Update to autumn release + +* Sun Jul 10 2016 Andrey Cherepanov 4.4.5-alt1 +- Update for security release with CVE-2016-2119 + +* Tue May 24 2016 Alexey Shabalin 4.4.3-alt2 +- build with libsystemd without compat libs +- add patches from fedora +- add again samba-grouppwd.patch + +* Wed May 04 2016 Andrey Cherepanov 4.4.3-alt1 +- New version + +* Thu Apr 28 2016 Andrey Cherepanov 4.4.2-alt2 +- Fix CVE-2016-2110/NTLMSSP regression (https://bugzilla.samba.org/show_bug.cgi?id=11849) + +* Tue Apr 12 2016 Andrey Cherepanov 4.4.2-alt1 +- New version +- Security fixes: + - CVE-2015-5370 (Multiple errors in DCE-RPC code) + - CVE-2016-2110 (Man in the middle attacks possible with NTLMSSP) + - CVE-2016-2111 (NETLOGON Spoofing Vulnerability) + - CVE-2016-2112 (LDAP client and server don't enforce integrity) + - CVE-2016-2113 (Missing TLS certificate validation) + - CVE-2016-2114 ("server signing = mandatory" not enforced) + - CVE-2016-2115 (SMB IPC traffic is not integrity protected) + - CVE-2016-2118 (SAMR and LSA man in the middle attacks possible) + +* Tue Mar 22 2016 Andrey Cherepanov 4.4.0-alt1 +- New version (https://www.samba.org/samba/history/samba-4.4.0.html) + +* Sun Mar 13 2016 Andrey Cherepanov 4.3.6-alt2 +- Rebuild with downgraded libtalloc + +* Wed Mar 09 2016 Andrey Cherepanov 4.3.6-alt1 +- New version (https://www.samba.org/samba/history/samba-4.3.6.html) +- Security fixes: + - CVE-2015-7560 (Incorrect ACL get/set allowed on symlink path) + - CVE-2016-0771 (Out-of-bounds read in internal DNS server) +- Do not use specified GID for wbpriv group (ALT #31858) + +* Thu Mar 03 2016 Andrey Cherepanov 4.3.5-alt1 +- New version (https://www.samba.org/samba/history/samba-4.3.5.html) + +* Tue Jan 12 2016 Andrey Cherepanov 4.3.4-alt1 +- New version (https://www.samba.org/samba/history/samba-4.3.4.html) + +* Thu Dec 24 2015 Andrey Cherepanov 4.3.3-alt2 +- Change services type from notify to forking + +* Wed Dec 16 2015 Andrey Cherepanov 4.3.3-alt1 +- New version (https://www.samba.org/samba/history/samba-4.3.3.html) +- Security fixes: + - CVE-2015-3223 (Denial of service in Samba Active Directory + server) + - CVE-2015-5252 (Insufficient symlink verification in smbd) + - CVE-2015-5299 (Missing access control check in shadow copy + code) + - CVE-2015-5296 (Samba client requesting encryption vulnerable + to downgrade attack) + - CVE-2015-8467 (Denial of service attack against Windows + Active Directory server) + - CVE-2015-5330 (Remote memory read in Samba LDAP server) + +* Tue Dec 08 2015 Igor Vlasenko 4.3.1-alt1.1 +- NMU: dropped unused prehistoric BR: perl-Perl4-CoreLibs + +* Fri Oct 23 2015 Alexey Shabalin 4.3.1-alt1 +- 4.3.1 + +* Thu Sep 10 2015 Alexey Shabalin 4.3.0-alt1 +- 4.3.0 + +* Wed Jul 15 2015 Alexey Shabalin 4.2.3-alt1 +- 4.2.3 +- add alternatives for libwbclient + +* Mon Mar 23 2015 Alexey Shabalin 4.2.0-alt1 +- 4.2.0 + +* Mon Feb 23 2015 Anton V. Boyarshinov 4.1.17-alt1 +- 4.1.17 +- CVE-2015-0240 fixed + +* Mon Jan 12 2015 Alexey Shabalin 4.1.15-alt1 +- 4.1.15 + +* Mon Dec 15 2014 Alexey Shabalin 4.1.14-alt1 +- 4.1.14 + +* Fri Nov 07 2014 Alexey Shabalin 4.1.13-alt1 +- 4.1.13 + +* Mon Sep 22 2014 Alexey Shabalin 4.1.12-alt1 +- 4.1.12 + +* Wed Aug 27 2014 Alexey Shabalin 4.1.11-alt2 +- update init scripts for ALTLinux + +* Tue Aug 05 2014 Alexey Shabalin 4.1.11-alt1 +- 4.1.11 +- fixed unstrcpy macro length is invalid(CVE-2014-3560) + +* Mon Jul 28 2014 Alexey Shabalin 4.1.10-alt1 +- 4.1.10 + +* Tue Jun 24 2014 Alexey Shabalin 4.1.9-alt1 +- 4.1.9 +- fixed nmbd denial of service(CVE-2014-0244) +- fixed Segmentation fault in smbd_marshall_dir_entry(CVE-2014-3493) + +* Wed Jun 04 2014 Alexey Shabalin 4.1.8-alt1 +- 4.1.8 +- fixed CVE-2014-0239, CVE-2014-0178 + +* Wed May 07 2014 Alexey Shabalin 4.1.7-alt2 +- add winbind-krb5-locator package + +* Mon May 05 2014 Alexey Shabalin 4.1.7-alt1 +- 4.1.7 + +* Mon Mar 17 2014 Alexey Shabalin 4.1.6-alt1 +- 4.1.6 +- fixed CVE-2013-4496, CVE-2013-6442 + +* Wed Jan 15 2014 Alexey Shabalin 4.1.4-alt1 +- 4.1.4 + +* Mon Dec 09 2013 Alexey Shabalin 4.1.3-alt1 +- 4.1.3 +- fixed CVE-2013-4408, CVE-2012-6150 + +* Wed Dec 04 2013 Alexey Shabalin 4.1.2-alt1 +- 4.1.2 +- drop swat package +- change build options: + + --with-profiling-data + + drop --disable-ntdb + + --without-fam + + drop --builtin-libraries=ccan +- build with avahi support +- build with external libntdb + +* Wed Nov 27 2013 Alexey Shabalin 4.0.12-alt1 +- 4.0.12 + +* Tue Nov 12 2013 Alexey Shabalin 4.0.11-alt1 +- 4.0.11 +- fixed CVE-2013-4475, CVE-2013-4476 + +* Tue Oct 08 2013 Alexey Shabalin 4.0.10-alt1 +- 4.0.10 + +* Mon Aug 26 2013 Alexey Shabalin 4.0.9-alt1 +- 4.0.9 +- add -D options for default forking type start of services to sysV init and systemd + +* Wed Aug 07 2013 Alexey Shabalin 4.0.8-alt1 +- 4.0.8 +- fixed CVE-2013-4124 + +* Wed Jul 03 2013 Alexey Shabalin 4.0.7-alt1 +- 4.0.7 + +* Thu May 23 2013 Alexey Shabalin 4.0.6-alt1 +- 4.0.6 + +* Tue Apr 09 2013 Alexey Shabalin 4.0.5-alt1 +- 4.0.5 + +* Tue Mar 19 2013 Alexey Shabalin 4.0.4-alt1 +- 4.0.4 (fixed CVE-2013-186) +- add /var/cache/samba to samba-common package (ALT#28601) + +* Mon Feb 25 2013 Alexey Shabalin 4.0.3-alt2 +- make systemctl reference indirect in packaging/NetworkManager/30-winbind-systemd (ALT#28585) + +* Fri Feb 15 2013 Alexey Shabalin 4.0.3-alt1 +- 4.0.3 +- build as default samba, replaced samba4 packages +- rename pdb_ldap to pdb_ldapsam + +* Mon Feb 04 2013 Alexey Shabalin 4.0.2-alt2 +- obsoletes libnetapi4,libwbclient4,libsmbclient4 by samba4-libs if build without them + +* Mon Feb 04 2013 Alexey Shabalin 4.0.2-alt1 +- 4.0.2 +- fixed gensec: Allow login without a PAC by default (samba bug #9581) + +* Fri Feb 01 2013 Alexey Shabalin 4.0.1-alt3 +- build without libnetapi +- add symlink ldapsam.so to ldap.so + +* Thu Jan 31 2013 Alexey Shabalin 4.0.1-alt2 +- build without libsmbclient and libwbclient + +* Mon Jan 28 2013 Alexey Shabalin 4.0.1-alt1 +- 4.0.1 + +* Fri Dec 21 2012 Alexey Shabalin 4.0.0-alt2 +- 4.0.0 release + +* Wed Mar 28 2012 Alexey Shabalin 4.0.0-alt1.alpha18 +- alpha18 + +* Sat Oct 22 2011 Vitaly Kuznetsov 4.0.0-alt1.alpha16.1 +- Rebuild with Python-2.7 + +* Mon Aug 08 2011 Alexey Shabalin 4.0.0-alt1.alpha16 +- alpha16 + +* Wed May 11 2011 Alexey Shabalin 4.0.0-alt1.alpha15 +- alpha15 + +* Thu Apr 14 2011 Alexey Shabalin 4.0.0-alt0.alpha15 +- pre alpha15 snapshot + +* Thu Sep 23 2010 Alexey Shabalin 4.0.0-alt1.alpha13 +- Upgrade to alpha13 + +* Fri Aug 13 2010 Alexey Shabalin 4.0.0-alt1.alpha11 +- initial build for ALT Linux Sisyphus + +* Mon Jun 28 2010 Ralf Corsépius - 4.0.0-24.alpha11 +- Revert changes to %%Release, use %%main_release instead. +- Rebuild for perl-5.12.x. + +* Mon Jun 28 2010 Ralf Corsépius - 4.0.0-23.alpha11.2 +- Once again rebuild for perl-5.12.x. + +* Wed Jun 02 2010 Marcela Maslanova - 4.0.0-23.alpha11.1 +- Mass rebuild with perl-5.12.0 + +* Wed Feb 24 2010 Stephen Gallagher - 4.0.0-23.alpha11 +- Rebuild against newer libtevent + +* Sun Jan 24 2010 Matthew Barnes - 4.0.0-22.alpha11 +- Upgrade to alpha11 + +* Fri Jan 08 2010 Matthew Barnes - 4.0.0-21.alpha10 +- Bump ldb_version to 0.9.10. + +* Fri Jan 08 2010 Matthew Barnes - 4.0.0-20.alpha10 +- Only install new command-line utilities if enable_samba4 is non-zero. + +* Wed Jan 06 2010 Matthew Barnes - 4.0.0-19.alpha10 +- Upgrade to alpha10 + +* Thu Sep 17 2009 Simo Sorce - 4.0.0-18.1.alpha8_git20090916 +- Need docbook stuff to build man pages + +* Thu Sep 17 2009 Simo Sorce - 4.0.0-18.alpha8_git20090916 +- Fix broken dependencies + +* Wed Sep 16 2009 Simo Sorce - 4.0.0-17.alpha8_git20090916 +- Upgrade to alpha8-git20090916 + +* Wed Sep 16 2009 Simo Sorce - 4.0.0-16.alpha7 +- Stop building libtevent, it is now an external package + +* Sun Jul 26 2009 Fedora Release Engineering - 4.0.0-15.2alpha7.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Fri May 22 2009 Simo Sorce - 4.0.0-15.2alpha7 +- Fix dependency + +* Sat May 09 2009 Simo Sorce - 4.0.0-15.1alpha7 +- Don't build talloc and tdb, they are now separate packages + +* Mon Apr 06 2009 Matthew Barnes - 4.0.0-14alpha7 +- Fix a build issue in samba4-common (RH bug #494243). + +* Wed Mar 25 2009 Simo Sorce - 4.0.0-13alpha7 +- rebuild with correct CFLAGS (also fixes debuginfo) + +* Tue Mar 10 2009 Simo Sorce - 4.0.0-12alpha7 +- Second part of fix for the ldb segfault problem from upstream + +* Mon Mar 09 2009 Simo Sorce - 4.0.0-11alpha7 +- Add upstream patch to fix a problem within ldb + +* Sun Mar 08 2009 Matthew Barnes - 4.0.0-10alpha7 +- Remove ldb.pc from samba4-devel (RH bug #489186). + +* Wed Mar 4 2009 Simo Sorce - 4.0.0-9alpha7 +- Make talloc,tdb,tevent,ldb easy to exclude using defines +- Fix package for non-mock "dirty" systems by deleting additional + files we are not interested in atm + +* Wed Mar 4 2009 Simo Sorce - 4.0.0-8alpha7 +- Fix typo in Requires + +* Mon Mar 2 2009 Simo Sorce - 4.0.0-7alpha7 +- Compile and have separate packages for additional samba libraries + Package in their own packages: talloc, tdb, tevent, ldb + +* Fri Feb 27 2009 Matthew Barnes - 4.0.0-4.alpha7 +- Update to 4.0.0alpha7 + +* Wed Feb 25 2009 Matthew Barnes - 4.0.0-3.alpha6 +- Formal package review cleanups. + +* Mon Feb 23 2009 Matthew Barnes - 4.0.0-2.alpha6 +- Disable subpackages not needed by OpenChange. +- Incorporate package review feedback. + +* Mon Jan 19 2009 Matthew Barnes - 4.0.0-1.alpha6 +- Update to 4.0.0alpha6 + +* Wed Dec 17 2008 Matthew Barnes - 4.0.0-0.8.alpha6.GIT.3508a66 +- Fix another file conflict: smbstatus + +* Fri Dec 12 2008 Matthew Barnes - 4.0.0-0.7.alpha6.GIT.3508a66 +- Disable the winbind subpackage because it conflicts with samba-winbind + and isn't needed to support OpenChange. + +* Fri Dec 12 2008 Matthew Barnes - 4.0.0-0.6.alpha6.GIT.3508a66 +- Update to the GIT revision OpenChange is now requiring. + +* Fri Aug 29 2008 Andrew Bartlett - 0:4.0.0-0.5.alpha5.fc10 +- Fix licence tag (the binaries are built into a GPLv3 whole, so the BSD licence need not be mentioned) + +* Fri Jul 25 2008 Andrew Bartlett - 0:4.0.0-0.4.alpha5.fc10 +- Remove talloc and tdb dependency (per https://bugzilla.redhat.com/show_bug.cgi?id=453083) +- Fix deps on chkconfig and service to main pkg (not -common) + (per https://bugzilla.redhat.com/show_bug.cgi?id=453083) + +* Mon Jul 21 2008 Brad Hards - 0:4.0.0-0.3.alpha5.fc10 +- Use --sysconfdir instead of --with-configdir +- Add patch for C++ header compatibility + +* Mon Jun 30 2008 Andrew Bartlett - 0:4.0.0-0.2.alpha5.fc9 +- Update per review feedback +- Update for alpha5 + +* Thu Jun 26 2008 Andrew Bartlett - 0:4.0.0-0.1.alpha4.fc9 +- Rework Fedora's Samba 3.2.0-1.rc2.16 spec file for Samba4 diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 903c93b..d07fedc 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -300,6 +300,7 @@ static ADS_STATUS libnet_join_precreate_machine_acct(TALLOC_CTX *mem_ctx, LDAPMessage *res = NULL; const char *attrs[] = { "dn", NULL }; bool moved = false; + const char *initial_account_ou = r->in.account_ou; status = ads_check_ou_dn(mem_ctx, r->in.ads, &r->in.account_ou); if (!ADS_ERR_OK(status)) { @@ -332,6 +333,16 @@ static ADS_STATUS libnet_join_precreate_machine_acct(TALLOC_CTX *mem_ctx, } else if ((status.error_type == ENUM_ADS_ERROR_LDAP) && (status.err.rc == LDAP_ALREADY_EXISTS)) { status = ADS_SUCCESS; + + if (initial_account_ou == NULL) { + /* + * Account already existed and + * admin didn't explicitly specify + * a different OU. Don't move the + * account, just return. + */ + return status; + } } if (!ADS_ERR_OK(status)) { diff --git a/source3/librpc/crypto/gse_krb5.c b/source3/librpc/crypto/gse_krb5.c index cc8cb90..dae3aeb 100644 --- a/source3/librpc/crypto/gse_krb5.c +++ b/source3/librpc/crypto/gse_krb5.c @@ -355,6 +355,12 @@ static krb5_error_code fill_mem_keytab_from_system_keytab(krb5_context krbctx, my_fqdn[0] = '\0'; name_to_fqdn(my_fqdn, lp_netbios_name()); + if (!strlower_m(my_fqdn)) { + ret = ENOMEM; + goto out; + } + DEBUG(10,("fill_mem_keytab_from_system_keytab: with fqdn %s.\n", my_fqdn)); + err = asprintf(&valid_princ_formats[0], "%s$@%s", my_name, lp_realm()); if (err == -1) { diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c index 8abd8f0..5f10b64 100644 --- a/source3/winbindd/winbindd_pam.c +++ b/source3/winbindd/winbindd_pam.c @@ -793,8 +793,9 @@ failed: * Do not delete an existing valid credential cache, if the user * e.g. enters a wrong password */ - if ((strequal(krb5_cc_type, "FILE") || strequal(krb5_cc_type, "WRFILE")) + if ((strequal(krb5_cc_type, "FILE") || strequal(krb5_cc_type, "WRFILE") || strequal(krb5_cc_type, "KEYRING")) && user_ccache_file != NULL) { + DEBUG(10,("winbindd_raw_kerberos_login: do not delete an existing valid credential cache\n")); return result; } diff --git a/source3/wscript b/source3/wscript index 921c8bc..307282e 100644 --- a/source3/wscript +++ b/source3/wscript @@ -68,6 +68,10 @@ def set_options(opt): help=("Directory under which libcephfs is installed"), action="store", dest='libcephfs_dir', default=None) + opt.add_option('--with-libcephfs-common', + help=("Directory under which libcephfs-common is installed"), + action="store", dest='libcephfs_common_dir', default=None) + opt.SAMBA3_ADD_OPTION('glusterfs', with_name="enable", without_name="disable", default=True) opt.SAMBA3_ADD_OPTION('cephfs', with_name="enable", without_name="disable", default=True) @@ -1586,6 +1590,9 @@ main() { else: conf.env['LIBPATH_CEPH-COMMON'] = Options.options.LIBDIR + '/ceph' + if Options.options.libcephfs_common_dir: + conf.env['LIBPATH_CEPH-COMMON'] = Options.options.libcephfs_common_dir + if (Options.options.with_cephfs and conf.CHECK_HEADERS('cephfs/libcephfs.h', False, False, 'cephfs') and conf.CHECK_LIB('cephfs', shlib=True)): diff --git a/source4/dsdb/samdb/ldb_modules/proxy.c b/source4/dsdb/samdb/ldb_modules/proxy.c index c3f12ba..1828337 100644 --- a/source4/dsdb/samdb/ldb_modules/proxy.c +++ b/source4/dsdb/samdb/ldb_modules/proxy.c @@ -352,7 +352,7 @@ static int proxy_search_bytree(struct ldb_module *module, struct ldb_request *re ldb_dn_add_base(base, proxy->olddn); ldb_debug(ldb, LDB_DEBUG_FATAL, "proxying: '%s' with dn '%s' \n", - ldb_filter_from_tree(ac, newreq->op.search.tree), ldb_dn_get_linearized(newreq->op.search.base)); + ldb_filter_from_tree(ac, req->op.search.tree), ldb_dn_get_linearized(req->op.search.base)); for (i = 0; req->op.search.attrs && req->op.search.attrs[i]; i++) { ldb_debug(ldb, LDB_DEBUG_FATAL, "attr: '%s'\n", req->op.search.attrs[i]); } diff --git a/source4/heimdal/lib/krb5/config_file.c b/source4/heimdal/lib/krb5/config_file.c index 4ac25ae..4bac296 100644 --- a/source4/heimdal/lib/krb5/config_file.c +++ b/source4/heimdal/lib/krb5/config_file.c @@ -41,6 +41,7 @@ /* Gaah! I want a portable funopen */ struct fileptr { + krb5_context context; const char *s; FILE *f; }; @@ -336,6 +337,41 @@ parse_plist_config(krb5_context context, const char *path, krb5_config_section * #endif +static int +is_absolute_path(const char *path) +{ + /* + * An absolute path is one that refers to an explicit object + * without ambiguity. + */ +#ifdef WIN32 + size_t len = strlen(path); + + /* UNC path is by definition absolute */ + if (len > 2 + && ISPATHSEP(path[0]) + && ISPATHSEP(path[1])) + return 1; + + /* A drive letter path might be absolute */ + if (len > 3 + && isalpha(path[0]) + && path[1] == ':' + && ISPATHSEP(path[2])) + return 1; + + /* + * if no drive letter but first char is a path + * separator then the drive letter must be obtained + * from the including file. + */ +#else + /* UNIX is easy, first char '/' is absolute */ + if (ISPATHSEP(path[0])) + return 1; +#endif + return 0; +} /* * Parse the config file `fname', generating the structures into `res' @@ -363,18 +399,46 @@ krb5_config_parse_debug (struct fileptr *f, ++p; if (*p == '#' || *p == ';') continue; - if (*p == '[') { + if (*p == '[') { ret = parse_section(p, &s, res, err_message); if (ret) return ret; b = NULL; } else if (*p == '}') { *err_message = "unmatched }"; - return EINVAL; /* XXX */ + return KRB5_CONFIG_BADFORMAT; + } else if (strncmp(p, "include", sizeof("include") - 1) == 0 && + isspace(p[sizeof("include") - 1])) { + p += sizeof("include"); + while (isspace(*p)) + p++; + if (!is_absolute_path(p)) { + krb5_set_error_message(f->context, EINVAL, + "Configuration include path must be " + "absolute"); + return EINVAL; + } + ret = krb5_config_parse_file_multi(f->context, p, res); + if (ret) + return ret; + } else if (strncmp(p, "includedir", sizeof("includedir") - 1) == 0 && + isspace(p[sizeof("includedir") - 1])) { + p += sizeof("includedir"); + while (isspace(*p)) + p++; + if (!is_absolute_path(p)) { + krb5_set_error_message(f->context, EINVAL, + "Configuration includedir path must be " + "absolute"); + return EINVAL; + } + ret = krb5_config_parse_dir_multi(f->context, p, res); + if (ret) + return ret; } else if(*p != '\0') { if (s == NULL) { *err_message = "binding before section"; - return EINVAL; + return KRB5_CONFIG_BADFORMAT; } ret = parse_binding(f, lineno, p, &b, &s->u.list, err_message); if (ret) @@ -397,6 +461,75 @@ is_plist_file(const char *fname) } /** + * Parse configuration files in the given directory and add the result + * into res. Only files whose names consist only of alphanumeric + * characters, hyphen, and underscore, will be parsed, though files + * ending in ".conf" will also be parsed. + * + * This interface can be used to parse several configuration directories + * into one resulting krb5_config_section by calling it repeatably. + * + * @param context a Kerberos 5 context. + * @param dname a directory name to a Kerberos configuration file + * @param res the returned result, must be free with krb5_free_config_files(). + * @return Return an error code or 0, see krb5_get_error_message(). + * + * @ingroup krb5_support + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_config_parse_dir_multi(krb5_context context, + const char *dname, + krb5_config_section **res) +{ + struct dirent *entry; + krb5_error_code ret; + DIR *d; + + if ((d = opendir(dname)) == NULL) + return errno; + + while ((entry = readdir(d)) != NULL) { + char *p = entry->d_name; + char *path; + int is_valid = 1; + + while (*p) { + /* + * Here be dragons. The call to krb5_config_parse_file_multi() + * below expands path tokens. Because of the limitations here + * on file naming, we can't have path tokens in the file name, + * so we're safe. Anyone changing this if condition here should + * be aware. + */ + if (!isalnum(*p) && *p != '_' && *p != '-' && + strcmp(p, ".conf") != 0) { + is_valid = 0; + break; + } + p++; + } + if (!is_valid) + continue; + + if (asprintf(&path, "%s/%s", dname, entry->d_name) == -1 || + path == NULL) { + (void) closedir(d); + return krb5_enomem(context); + } + ret = krb5_config_parse_file_multi(context, path, res); + free(path); + if (ret == ENOMEM) { + (void) closedir(d); + return krb5_enomem(context);; + } + /* Ignore malformed config files so we don't lock out admins, etc... */ + } + (void) closedir(d); + return 0; +} + +/** * Parse a configuration file and add the result into res. This * interface can be used to parse several configuration files into one * resulting krb5_config_section by calling it repeatably. @@ -419,6 +552,14 @@ krb5_config_parse_file_multi (krb5_context context, unsigned lineno = 0; krb5_error_code ret; struct fileptr f; + struct stat st; + + if (context->config_include_depth > 5) { + krb5_warnx(context, "Maximum config file include depth reached; " + "not including %s", fname); + return 0; + } + context->config_include_depth++; /** * If the fname starts with "~/" parse configuration file in the @@ -430,6 +571,7 @@ krb5_config_parse_file_multi (krb5_context context, const char *home = NULL; if (!_krb5_homedir_access(context)) { + context->config_include_depth--; krb5_set_error_message(context, EPERM, "Access to home directory not allowed"); return EPERM; @@ -446,6 +588,7 @@ krb5_config_parse_file_multi (krb5_context context, if (home) { asprintf(&newfname, "%s%s", home, &fname[1]); if (newfname == NULL) { + context->config_include_depth--; krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; @@ -456,6 +599,7 @@ krb5_config_parse_file_multi (krb5_context context, if (asprintf(&newfname, "%%{USERCONFIG}%s", &fname[1]) < 0 || newfname == NULL) { + context->config_include_depth--; krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; @@ -465,13 +609,13 @@ krb5_config_parse_file_multi (krb5_context context, } if (is_plist_file(fname)) { + context->config_include_depth--; #ifdef __APPLE__ ret = parse_plist_config(context, fname, res); if (ret) { krb5_set_error_message(context, ret, "Failed to parse plist %s", fname); - if (newfname) - free(newfname); + free(newfname); return ret; } #else @@ -485,6 +629,7 @@ krb5_config_parse_file_multi (krb5_context context, ret = _krb5_expand_path_tokens(context, fname, &exp_fname); if (ret) { + context->config_include_depth--; if (newfname) free(newfname); return ret; @@ -495,24 +640,36 @@ krb5_config_parse_file_multi (krb5_context context, fname = newfname = exp_fname; #endif + f.context = context; f.f = fopen(fname, "r"); f.s = NULL; - if(f.f == NULL) { + if (f.f == NULL || fstat(fileno(f.f), &st) == -1) { + if (f.f != NULL) + (void) fclose(f.f); + context->config_include_depth--; ret = errno; - krb5_set_error_message (context, ret, "open %s: %s", - fname, strerror(ret)); - if (newfname) - free(newfname); + krb5_set_error_message(context, ret, "open or stat %s: %s", + fname, strerror(ret)); + free(newfname); return ret; } + if (!S_ISREG(st.st_mode)) { + (void) fclose(f.f); + context->config_include_depth--; + free(newfname); + krb5_set_error_message(context, EISDIR, "not a regular file %s: %s", + fname, strerror(EISDIR)); + return EISDIR; + } + ret = krb5_config_parse_debug (&f, res, &lineno, &str); + context->config_include_depth--; fclose(f.f); if (ret) { krb5_set_error_message (context, ret, "%s:%u: %s", fname, lineno, str); - if (newfname) - free(newfname); + free(newfname); return ret; } } @@ -1310,6 +1467,8 @@ krb5_config_parse_string_multi(krb5_context context, unsigned lineno = 0; krb5_error_code ret; struct fileptr f; + + f.context = context; f.f = NULL; f.s = string; diff --git a/source4/heimdal/lib/krb5/context.c b/source4/heimdal/lib/krb5/context.c index 23e3879..770f012 100644 --- a/source4/heimdal/lib/krb5/context.c +++ b/source4/heimdal/lib/krb5/context.c @@ -646,7 +646,8 @@ krb5_set_config_files(krb5_context context, char **filenames) krb5_config_binding *tmp = NULL; while(filenames != NULL && *filenames != NULL && **filenames != '\0') { ret = krb5_config_parse_file_multi(context, *filenames, &tmp); - if(ret != 0 && ret != ENOENT && ret != EACCES && ret != EPERM) { + if (ret != 0 && ret != ENOENT && ret != EACCES && ret != EPERM + && ret != KRB5_CONFIG_BADFORMAT) { krb5_config_file_free(context, tmp); return ret; } diff --git a/source4/heimdal/lib/krb5/krb5_locl.h b/source4/heimdal/lib/krb5/krb5_locl.h index 49c614d..ab0cf87 100644 --- a/source4/heimdal/lib/krb5/krb5_locl.h +++ b/source4/heimdal/lib/krb5/krb5_locl.h @@ -262,6 +262,7 @@ typedef struct krb5_context_data { int32_t kdc_sec_offset; int32_t kdc_usec_offset; krb5_config_section *cf; + size_t config_include_depth; struct et_list *et_list; struct krb5_log_facility *warn_dest; struct krb5_log_facility *debug_dest; @@ -357,4 +358,11 @@ enum krb5_pk_type { #endif /* PKINIT */ +#define ISTILDE(x) (x == '~') +#ifdef _WIN32 +# define ISPATHSEP(x) (x == '/' || x =='\\') +#else +# define ISPATHSEP(x) (x == '/') +#endif + #endif /* __KRB5_LOCL_H__ */ diff --git a/third_party/waf/wafadmin/Tools/python.py b/third_party/waf/wafadmin/Tools/python.py index cd96b65..65c710e 100644 --- a/third_party/waf/wafadmin/Tools/python.py +++ b/third_party/waf/wafadmin/Tools/python.py @@ -253,7 +253,7 @@ LDVERSION = %r result = conf.check(lib=name, uselib='PYEMBED', libpath=path) if result: - env['LIBPATH_PYEMBED'] = path + env.append_unique('LIBPATH_PYEMBED', path) env.append_value('LIB_PYEMBED', name) else: conf.log.write("\n\n### LIB NOT FOUND\n")