From d002c33086ae4e124006eb8b542705866de1983e Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Dec 17 2021 10:09:25 +0000 Subject: import samba-4.15.3-0.el8 --- diff --git a/.gitignore b/.gitignore index 4dcddf1..9b3845c 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -SOURCES/samba-4.15.2.tar.xz +SOURCES/samba-4.15.3.tar.xz SOURCES/samba-pubkey_AA99442FB680B620.gpg diff --git a/.samba.metadata b/.samba.metadata index 12ae262..3011278 100644 --- a/.samba.metadata +++ b/.samba.metadata @@ -1,2 +1,2 @@ -4ab5db6dd0103af6dce93c5931729849774aa45e SOURCES/samba-4.15.2.tar.xz +e778708ce1f39566d91d74dce8e9940b324d1ef1 SOURCES/samba-4.15.3.tar.xz 971f563c447eda8d144d6c9e743cd0f0488c0d9e SOURCES/samba-pubkey_AA99442FB680B620.gpg diff --git a/SOURCES/samba-4.15-fix-recursive-dir-delete-symlinks.patch b/SOURCES/samba-4.15-fix-recursive-dir-delete-symlinks.patch deleted file mode 100644 index 6f025aa..0000000 --- a/SOURCES/samba-4.15-fix-recursive-dir-delete-symlinks.patch +++ /dev/null @@ -1,668 +0,0 @@ -From 05cbf6e66f6989e383904ac582dae9515ac3a838 Mon Sep 17 00:00:00 2001 -From: Jeremy Allison -Date: Thu, 21 Oct 2021 16:37:27 -0700 -Subject: [PATCH 1/7] s3: smbd: Add two tests showing the ability to delete a - directory containing a dangling symlink over SMB2 depends on "delete veto - files" setting. - -Add knownfail. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=14879 - -Signed-off-by: Jeremy Allison -Reviewed-by: Ralph Boehme -(cherry picked from commit 942123b95923f35a32df4196a072a3ed3468396a) ---- - selftest/knownfail.d/rmdir_dangle_symlink | 1 + - selftest/target/Samba3.pm | 4 + - .../test_delete_veto_files_only_rmdir.sh | 183 ++++++++++++++++++ - source3/selftest/tests.py | 3 + - 4 files changed, 191 insertions(+) - create mode 100644 selftest/knownfail.d/rmdir_dangle_symlink - create mode 100755 source3/script/tests/test_delete_veto_files_only_rmdir.sh - -diff --git a/selftest/knownfail.d/rmdir_dangle_symlink b/selftest/knownfail.d/rmdir_dangle_symlink -new file mode 100644 -index 00000000000..c775dc5fe15 ---- /dev/null -+++ b/selftest/knownfail.d/rmdir_dangle_symlink -@@ -0,0 +1 @@ -+^samba3.blackbox.test_dangle_rmdir.rmdir can delete directory containing dangling symlink\(fileserver\) -diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm -index 2fdab781fda..8ecfc1aaf82 100755 ---- a/selftest/target/Samba3.pm -+++ b/selftest/target/Samba3.pm -@@ -1738,6 +1738,10 @@ sub setup_fileserver - veto files = /veto_name*/ - delete veto files = yes - -+[delete_veto_files_only] -+ path = $veto_sharedir -+ delete veto files = yes -+ - [homes] - comment = Home directories - browseable = No -diff --git a/source3/script/tests/test_delete_veto_files_only_rmdir.sh b/source3/script/tests/test_delete_veto_files_only_rmdir.sh -new file mode 100755 -index 00000000000..d2c3b2198f7 ---- /dev/null -+++ b/source3/script/tests/test_delete_veto_files_only_rmdir.sh -@@ -0,0 +1,183 @@ -+#!/bin/sh -+# -+# Check smbclient can (or cannot) delete a directory containing dangling symlinks. -+# BUG: https://bugzilla.samba.org/show_bug.cgi?id=14879 -+# -+ -+if [ $# -lt 6 ]; then -+cat < "$tmpfile" < "$tmpfile" < "$tmpfile" < "$tmpfile" < -Date: Mon, 25 Oct 2021 12:01:58 -0700 -Subject: [PATCH 2/7] s3: VFS: streams_depot. Allow unlinkat to cope with - dangling symlinks. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=14879 - -Signed-off-by: Jeremy Allison -Reviewed-by: Ralph Boehme -(cherry picked from commit 295d7d026babe3cd5123d0f53adcb16868907f05) ---- - source3/modules/vfs_streams_depot.c | 10 ++++++++++ - 1 file changed, 10 insertions(+) - -diff --git a/source3/modules/vfs_streams_depot.c b/source3/modules/vfs_streams_depot.c -index 973edeeda24..ae73ba965a5 100644 ---- a/source3/modules/vfs_streams_depot.c -+++ b/source3/modules/vfs_streams_depot.c -@@ -823,6 +823,16 @@ static int streams_depot_unlink_internal(vfs_handle_struct *handle, - ret = SMB_VFS_NEXT_LSTAT(handle, full_fname); - } else { - ret = SMB_VFS_NEXT_STAT(handle, full_fname); -+ if (ret == -1 && (errno == ENOENT || errno == ELOOP)) { -+ if (VALID_STAT(smb_fname->st) && -+ S_ISLNK(smb_fname->st.st_ex_mode)) { -+ /* -+ * Original name was a link - Could be -+ * trying to remove a dangling symlink. -+ */ -+ ret = SMB_VFS_NEXT_LSTAT(handle, full_fname); -+ } -+ } - } - if (ret == -1) { - TALLOC_FREE(full_fname); --- -2.30.2 - - -From 9938ef02b42f1578e758010b9c4b7a149a9d39c8 Mon Sep 17 00:00:00 2001 -From: Jeremy Allison -Date: Mon, 25 Oct 2021 12:02:43 -0700 -Subject: [PATCH 3/7] s3: VFS: xattr_tdb. Allow unlinkat to cope with dangling - symlinks. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=14879 - -Signed-off-by: Jeremy Allison -Reviewed-by: Ralph Boehme -(cherry picked from commit f254be19d6501a4f573843af97963e350a9ee2ed) ---- - source3/modules/vfs_xattr_tdb.c | 10 ++++++++++ - 1 file changed, 10 insertions(+) - -diff --git a/source3/modules/vfs_xattr_tdb.c b/source3/modules/vfs_xattr_tdb.c -index daa99b2cc3e..42c570b54b3 100644 ---- a/source3/modules/vfs_xattr_tdb.c -+++ b/source3/modules/vfs_xattr_tdb.c -@@ -520,6 +520,16 @@ static int xattr_tdb_unlinkat(vfs_handle_struct *handle, - ret = SMB_VFS_NEXT_LSTAT(handle, full_fname); - } else { - ret = SMB_VFS_NEXT_STAT(handle, full_fname); -+ if (ret == -1 && (errno == ENOENT || errno == ELOOP)) { -+ if (VALID_STAT(smb_fname->st) && -+ S_ISLNK(smb_fname->st.st_ex_mode)) { -+ /* -+ * Original name was a link - Could be -+ * trying to remove a dangling symlink. -+ */ -+ ret = SMB_VFS_NEXT_LSTAT(handle, full_fname); -+ } -+ } - } - if (ret == -1) { - goto out; --- -2.30.2 - - -From 38ca6d51a07b2ff26e6447846d62c72aabee3606 Mon Sep 17 00:00:00 2001 -From: Jeremy Allison -Date: Mon, 25 Oct 2021 12:21:37 -0700 -Subject: [PATCH 4/7] s3: smbd: Fix rmdir_internals() to do an early return if - lp_delete_veto_files() is not set. - -Fix the comments to match what the code actually does. The -exit at the end of the scan directory loop if we find a client -visible filename is a change in behavior, but the previous -behavior (not exist on visible filename, but delete it) was -a bug and in non-tested code. Now it's testd. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=14879 - -Signed-off-by: Jeremy Allison -Reviewed-by: Ralph Boehme -(cherry picked from commit a37d16e7c55f85e3f2c9c8614755ea6307092d5f) ---- - source3/smbd/close.c | 36 ++++++++++++++++++++++-------------- - 1 file changed, 22 insertions(+), 14 deletions(-) - -diff --git a/source3/smbd/close.c b/source3/smbd/close.c -index 470ca7f1b6d..484442ddc17 100644 ---- a/source3/smbd/close.c -+++ b/source3/smbd/close.c -@@ -965,8 +965,6 @@ static NTSTATUS rmdir_internals(TALLOC_CTX *ctx, struct files_struct *fsp) - struct smb_filename *smb_dname = fsp->fsp_name; - struct smb_filename *parent_fname = NULL; - struct smb_filename *at_fname = NULL; -- const struct loadparm_substitution *lp_sub = -- loadparm_s3_global_substitution(); - SMB_STRUCT_STAT st; - const char *dname = NULL; - char *talloced = NULL; -@@ -1026,9 +1024,7 @@ static NTSTATUS rmdir_internals(TALLOC_CTX *ctx, struct files_struct *fsp) - return NT_STATUS_OK; - } - -- if (!((errno == ENOTEMPTY) || (errno == EEXIST)) || -- !*lp_veto_files(talloc_tos(), lp_sub, SNUM(conn))) -- { -+ if (!((errno == ENOTEMPTY) || (errno == EEXIST))) { - DEBUG(3,("rmdir_internals: couldn't remove directory %s : " - "%s\n", smb_fname_str_dbg(smb_dname), - strerror(errno))); -@@ -1036,11 +1032,21 @@ static NTSTATUS rmdir_internals(TALLOC_CTX *ctx, struct files_struct *fsp) - return map_nt_error_from_unix(errno); - } - -+ /* -+ * Here we know the initial directory unlink failed with -+ * ENOTEMPTY or EEXIST so we know there are objects within. -+ * If we don't have permission to delete files non -+ * visible to the client just fail the directory delete. -+ */ -+ -+ if (!lp_delete_veto_files(SNUM(conn))) { -+ errno = ENOTEMPTY; -+ goto err; -+ } -+ - /* - * Check to see if the only thing in this directory are -- * vetoed files/directories. If so then delete them and -- * retry. If we fail to delete any of them (and we *don't* -- * do a recursive delete) then fail the rmdir. -+ * files non-visible to the client. If not, fail the delete. - */ - - dir_hnd = OpenDir(talloc_tos(), conn, smb_dname, NULL, 0); -@@ -1133,16 +1139,18 @@ static NTSTATUS rmdir_internals(TALLOC_CTX *ctx, struct files_struct *fsp) - continue; - } - -+ /* -+ * We found a client visible name. -+ * We cannot delete this directory. -+ */ -+ DBG_DEBUG("got name %s - " -+ "can't delete directory %s\n", -+ dname, -+ fsp_str_dbg(fsp)); - TALLOC_FREE(talloced); - TALLOC_FREE(fullname); - TALLOC_FREE(smb_dname_full); - TALLOC_FREE(direntry_fname); -- } -- -- /* We only have veto files/directories. -- * Are we allowed to delete them ? */ -- -- if (!lp_delete_veto_files(SNUM(conn))) { - errno = ENOTEMPTY; - goto err; - } --- -2.30.2 - - -From a8bc5af4ded62d80dca97622f5c90b0ebab5c130 Mon Sep 17 00:00:00 2001 -From: Jeremy Allison -Date: Mon, 25 Oct 2021 12:32:29 -0700 -Subject: [PATCH 5/7] s3: smbd: Fix logic in rmdir_internals() to cope with - dangling symlinks. - -Still need to add the same logic in can_delete_directory_fsp() -before we can delete the knownfail. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=14879 - -Signed-off-by: Jeremy Allison -Reviewed-by: Ralph Boehme -(cherry picked from commit 26fecad2e66e91a3913d88ee2e0889f266e91d89) ---- - source3/smbd/close.c | 56 ++++++++++++++++++++++++++++++++++++++++---- - 1 file changed, 51 insertions(+), 5 deletions(-) - -diff --git a/source3/smbd/close.c b/source3/smbd/close.c -index 484442ddc17..7178257efcc 100644 ---- a/source3/smbd/close.c -+++ b/source3/smbd/close.c -@@ -1103,15 +1103,61 @@ static NTSTATUS rmdir_internals(TALLOC_CTX *ctx, struct files_struct *fsp) - goto err; - } - -- /* -- * is_visible_fsp() always returns true -- * for the symlink/MSDFS case. -- */ - if (S_ISLNK(smb_dname_full->st.st_ex_mode)) { -+ /* Could it be an msdfs link ? */ -+ if (lp_host_msdfs() && -+ lp_msdfs_root(SNUM(conn))) { -+ struct smb_filename *smb_atname; -+ smb_atname = synthetic_smb_fname(talloc_tos(), -+ dname, -+ NULL, -+ &smb_dname_full->st, -+ fsp->fsp_name->twrp, -+ fsp->fsp_name->flags); -+ if (smb_atname == NULL) { -+ TALLOC_FREE(talloced); -+ TALLOC_FREE(fullname); -+ TALLOC_FREE(smb_dname_full); -+ errno = ENOMEM; -+ goto err; -+ } -+ if (is_msdfs_link(fsp, smb_atname)) { -+ TALLOC_FREE(talloced); -+ TALLOC_FREE(fullname); -+ TALLOC_FREE(smb_dname_full); -+ TALLOC_FREE(smb_atname); -+ DBG_DEBUG("got msdfs link name %s " -+ "- can't delete directory %s\n", -+ dname, -+ fsp_str_dbg(fsp)); -+ errno = ENOTEMPTY; -+ goto err; -+ } -+ TALLOC_FREE(smb_atname); -+ } -+ -+ /* Not a DFS link - could it be a dangling symlink ? */ -+ ret = SMB_VFS_STAT(conn, smb_dname_full); -+ if (ret == -1 && (errno == ENOENT || errno == ELOOP)) { -+ /* -+ * Dangling symlink. -+ * Allow delete as "delete veto files = yes" -+ */ -+ TALLOC_FREE(talloced); -+ TALLOC_FREE(fullname); -+ TALLOC_FREE(smb_dname_full); -+ continue; -+ } -+ -+ DBG_DEBUG("got symlink name %s - " -+ "can't delete directory %s\n", -+ dname, -+ fsp_str_dbg(fsp)); - TALLOC_FREE(talloced); - TALLOC_FREE(fullname); - TALLOC_FREE(smb_dname_full); -- continue; -+ errno = ENOTEMPTY; -+ goto err; - } - - /* Not a symlink, get a pathref. */ --- -2.30.2 - - -From a1fb0d7bcf0791066b23e909c4f3a7a89bab6034 Mon Sep 17 00:00:00 2001 -From: Jeremy Allison -Date: Mon, 25 Oct 2021 12:36:57 -0700 -Subject: [PATCH 6/7] s3: smbd: Fix logic in can_delete_directory_fsp() to cope - with dangling symlinks. - -Remove knownfail. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=14879 - -Signed-off-by: Jeremy Allison -Reviewed-by: Ralph Boehme -(cherry picked from commit e9ef970eee5eca8ab3720279c54098e91d2dfda9) ---- - selftest/knownfail.d/rmdir_dangle_symlink | 1 - - source3/smbd/dir.c | 55 ++++++++++++++++++++--- - 2 files changed, 49 insertions(+), 7 deletions(-) - delete mode 100644 selftest/knownfail.d/rmdir_dangle_symlink - -diff --git a/selftest/knownfail.d/rmdir_dangle_symlink b/selftest/knownfail.d/rmdir_dangle_symlink -deleted file mode 100644 -index c775dc5fe15..00000000000 ---- a/selftest/knownfail.d/rmdir_dangle_symlink -+++ /dev/null -@@ -1 +0,0 @@ --^samba3.blackbox.test_dangle_rmdir.rmdir can delete directory containing dangling symlink\(fileserver\) -diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c -index 174f07b1159..4d61bb0d56d 100644 ---- a/source3/smbd/dir.c -+++ b/source3/smbd/dir.c -@@ -1922,16 +1922,59 @@ NTSTATUS can_delete_directory_fsp(files_struct *fsp) - break; - } - -- /* -- * is_visible_fsp() always returns true -- * for the symlink/MSDFS case. -- */ -- - if (S_ISLNK(smb_dname_full->st.st_ex_mode)) { -+ /* Could it be an msdfs link ? */ -+ if (lp_host_msdfs() && -+ lp_msdfs_root(SNUM(conn))) { -+ struct smb_filename *smb_dname; -+ smb_dname = synthetic_smb_fname(talloc_tos(), -+ dname, -+ NULL, -+ &smb_dname_full->st, -+ fsp->fsp_name->twrp, -+ fsp->fsp_name->flags); -+ if (smb_dname == NULL) { -+ TALLOC_FREE(talloced); -+ TALLOC_FREE(fullname); -+ TALLOC_FREE(smb_dname_full); -+ status = NT_STATUS_NO_MEMORY; -+ break; -+ } -+ if (is_msdfs_link(fsp, smb_dname)) { -+ TALLOC_FREE(talloced); -+ TALLOC_FREE(fullname); -+ TALLOC_FREE(smb_dname_full); -+ TALLOC_FREE(smb_dname); -+ DBG_DEBUG("got msdfs link name %s " -+ "- can't delete directory %s\n", -+ dname, -+ fsp_str_dbg(fsp)); -+ status = NT_STATUS_DIRECTORY_NOT_EMPTY; -+ break; -+ } -+ TALLOC_FREE(smb_dname); -+ } -+ /* Not a DFS link - could it be a dangling symlink ? */ -+ ret = SMB_VFS_STAT(conn, smb_dname_full); -+ if (ret == -1 && (errno == ENOENT || errno == ELOOP)) { -+ /* -+ * Dangling symlink. -+ * Allow if "delete veto files = yes" -+ */ -+ if (lp_delete_veto_files(SNUM(conn))) { -+ TALLOC_FREE(talloced); -+ TALLOC_FREE(fullname); -+ TALLOC_FREE(smb_dname_full); -+ continue; -+ } -+ } -+ DBG_DEBUG("got symlink name %s - " -+ "can't delete directory %s\n", -+ dname, -+ fsp_str_dbg(fsp)); - TALLOC_FREE(talloced); - TALLOC_FREE(fullname); - TALLOC_FREE(smb_dname_full); -- DBG_DEBUG("got name %s - can't delete\n", dname); - status = NT_STATUS_DIRECTORY_NOT_EMPTY; - break; - } --- -2.30.2 - - -From 2a6f19df3f1588dbf60b86b520798b88861d2179 Mon Sep 17 00:00:00 2001 -From: Jeremy Allison -Date: Mon, 25 Oct 2021 12:42:02 -0700 -Subject: [PATCH 7/7] s3: docs-xml: Clarify the "delete veto files" paramter. -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=14879 - -Signed-off-by: Jeremy Allison -Reviewed-by: Ralph Boehme - -Autobuild-User(master): Ralph Böhme -Autobuild-Date(master): Fri Oct 29 14:57:14 UTC 2021 on sn-devel-184 - -(cherry picked from commit 0b818c6b77e972626d0b071bebcf4ce55619fb84) ---- - docs-xml/smbdotconf/filename/deletevetofiles.xml | 9 ++++++--- - 1 file changed, 6 insertions(+), 3 deletions(-) - -diff --git a/docs-xml/smbdotconf/filename/deletevetofiles.xml b/docs-xml/smbdotconf/filename/deletevetofiles.xml -index 581dc05396d..570d4ac60a0 100644 ---- a/docs-xml/smbdotconf/filename/deletevetofiles.xml -+++ b/docs-xml/smbdotconf/filename/deletevetofiles.xml -@@ -4,9 +4,12 @@ - xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> - - This option is used when Samba is attempting to -- delete a directory that contains one or more vetoed directories -- (see the -- option). If this option is set to no (the default) then if a vetoed -+ delete a directory that contains one or more vetoed files -+ or directories or non-visible files or directories (such -+ as dangling symlinks that point nowhere). -+ (see the , , -+ , -+ options). If this option is set to no (the default) then if a vetoed - directory contains any non-vetoed files or directories then the - directory delete will fail. This is usually what you want. - --- -2.30.2 - diff --git a/SOURCES/samba-4.15-fix-recursive-dir-delete.patch b/SOURCES/samba-4.15-fix-recursive-dir-delete.patch deleted file mode 100644 index d61d434..0000000 --- a/SOURCES/samba-4.15-fix-recursive-dir-delete.patch +++ /dev/null @@ -1,346 +0,0 @@ -From 83499424ab011da66ded2df441277c2b89844c7b Mon Sep 17 00:00:00 2001 -From: Jeremy Allison -Date: Thu, 21 Oct 2021 15:06:20 -0700 -Subject: [PATCH 1/2] s3: smbd: Add two tests showing recursive directory - delete of a directory containing veto file and msdfs links over SMB2. - -Add knownfail. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=14878 - -Signed-off-by: Jeremy Allison -Reviewed-by: Ralph Boehme -(cherry picked from commit ad0082d79a681b981154747dcde5713e1933b88f) ---- - selftest/knownfail.d/veto_rmdir | 1 + - selftest/target/Samba3.pm | 16 ++ - source3/script/tests/test_veto_rmdir.sh | 217 ++++++++++++++++++++++++ - source3/selftest/tests.py | 3 + - 4 files changed, 237 insertions(+) - create mode 100644 selftest/knownfail.d/veto_rmdir - create mode 100755 source3/script/tests/test_veto_rmdir.sh - -diff --git a/selftest/knownfail.d/veto_rmdir b/selftest/knownfail.d/veto_rmdir -new file mode 100644 -index 00000000000..ecced55d794 ---- /dev/null -+++ b/selftest/knownfail.d/veto_rmdir -@@ -0,0 +1 @@ -+^samba3.blackbox.test_veto_rmdir.rmdir can delete directory containing a veto file\(fileserver\) -diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm -index fdbba8411bc..2fdab781fda 100755 ---- a/selftest/target/Samba3.pm -+++ b/selftest/target/Samba3.pm -@@ -1614,6 +1614,9 @@ sub setup_fileserver - my $bad_iconv_sharedir="$share_dir/bad_iconv"; - push(@dirs, $bad_iconv_sharedir); - -+ my $veto_sharedir="$share_dir/veto"; -+ push(@dirs,$veto_sharedir); -+ - my $ip4 = Samba::get_ipv4_addr("FILESERVER"); - my $fileserver_options = " - kernel change notify = yes -@@ -1722,6 +1725,19 @@ sub setup_fileserver - comment = smb username is [%U] - vfs objects = - -+[veto_files_nodelete] -+ path = $veto_sharedir -+ read only = no -+ msdfs root = yes -+ veto files = /veto_name*/ -+ delete veto files = no -+ -+[veto_files_delete] -+ path = $veto_sharedir -+ msdfs root = yes -+ veto files = /veto_name*/ -+ delete veto files = yes -+ - [homes] - comment = Home directories - browseable = No -diff --git a/source3/script/tests/test_veto_rmdir.sh b/source3/script/tests/test_veto_rmdir.sh -new file mode 100755 -index 00000000000..d3df8f1bba0 ---- /dev/null -+++ b/source3/script/tests/test_veto_rmdir.sh -@@ -0,0 +1,217 @@ -+#!/bin/sh -+# -+# Check smbclient can (or cannot) delete a directory containing veto files. -+# BUG: https://bugzilla.samba.org/show_bug.cgi?id=14878 -+# -+ -+if [ $# -lt 6 ]; then -+cat < "$tmpfile" < "$tmpfile" < "$tmpfile" < "$tmpfile" < "$tmpfile" < -Date: Thu, 21 Oct 2021 16:18:24 -0700 -Subject: [PATCH 2/2] s3: smbd: Fix recursive directory delete of a directory - containing veto file and msdfs links. - -Remove knownfail. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=14878 - -Signed-off-by: Jeremy Allison -Reviewed-by: Ralph Boehme -(cherry picked from commit 73de1194c3c429ab93d722a852aa4f54213b112a) ---- - selftest/knownfail.d/veto_rmdir | 1 - - source3/smbd/close.c | 2 +- - 2 files changed, 1 insertion(+), 2 deletions(-) - delete mode 100644 selftest/knownfail.d/veto_rmdir - -diff --git a/selftest/knownfail.d/veto_rmdir b/selftest/knownfail.d/veto_rmdir -deleted file mode 100644 -index ecced55d794..00000000000 ---- a/selftest/knownfail.d/veto_rmdir -+++ /dev/null -@@ -1 +0,0 @@ --^samba3.blackbox.test_veto_rmdir.rmdir can delete directory containing a veto file\(fileserver\) -diff --git a/source3/smbd/close.c b/source3/smbd/close.c -index 191626557dc..470ca7f1b6d 100644 ---- a/source3/smbd/close.c -+++ b/source3/smbd/close.c -@@ -1267,7 +1267,7 @@ static NTSTATUS rmdir_internals(TALLOC_CTX *ctx, struct files_struct *fsp) - - /* Retry the rmdir */ - ret = SMB_VFS_UNLINKAT(conn, -- dirfsp, -+ parent_fname->fsp, - at_fname, - AT_REMOVEDIR); - --- -2.30.2 - diff --git a/SOURCES/samba-4.15-fix-winbind-no-trusted-domain.patch b/SOURCES/samba-4.15-fix-winbind-no-trusted-domain.patch deleted file mode 100644 index 4924872..0000000 --- a/SOURCES/samba-4.15-fix-winbind-no-trusted-domain.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 2edaf32b4204b9fe363c441c25b6989fe76911a4 Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher -Date: Tue, 9 Nov 2021 20:50:20 +0100 -Subject: [PATCH] s3:winbindd: fix "allow trusted domains = no" regression - -add_trusted_domain() should only reject domains -based on is_allowed_domain(), which now also -checks "allow trusted domains = no", if we don't -have an explicit trust to the domain (SEC_CHAN_NULL). - -We use at least SEC_CHAN_LOCAL for local domains like -BUILTIN. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=14899 - -Signed-off-by: Stefan Metzmacher - -Autobuild-User(master): Stefan Metzmacher -Autobuild-Date(master): Wed Nov 10 11:21:31 UTC 2021 on sn-devel-184 - -(cherry picked from commit a7f6c60cb037b4bc9eee276236539b8282213935) ---- - source3/winbindd/winbindd_util.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c -index 42ddbfd2f44..9d54e462c42 100644 ---- a/source3/winbindd/winbindd_util.c -+++ b/source3/winbindd/winbindd_util.c -@@ -134,7 +134,7 @@ static NTSTATUS add_trusted_domain(const char *domain_name, - return NT_STATUS_INVALID_PARAMETER; - } - -- if (!is_allowed_domain(domain_name)) { -+ if (secure_channel_type == SEC_CHAN_NULL && !is_allowed_domain(domain_name)) { - return NT_STATUS_NO_SUCH_DOMAIN; - } - --- -2.33.1 - diff --git a/SOURCES/samba-4.15-ipa-dc-schannel.patch b/SOURCES/samba-4.15-ipa-dc-schannel.patch deleted file mode 100644 index d315a5d..0000000 --- a/SOURCES/samba-4.15-ipa-dc-schannel.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 3fc4d1d3998f3956a84c855cb60a9dcb335e1f59 Mon Sep 17 00:00:00 2001 -From: Alexander Bokovoy -Date: Fri, 12 Nov 2021 19:06:01 +0200 -Subject: [PATCH] IPA DC: add missing checks - -When introducing FreeIPA support, two places were forgotten: - - - schannel gensec module needs to be aware of IPA DC - - _lsa_QueryInfoPolicy should treat IPA DC as PDC - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=14903 - -Signed-off-by: Alexander Bokovoy ---- - auth/gensec/schannel.c | 1 + - source3/rpc_server/lsa/srv_lsa_nt.c | 1 + - 2 files changed, 2 insertions(+) - -diff --git a/auth/gensec/schannel.c b/auth/gensec/schannel.c -index 0cdae141ead..6ebbe8f3179 100644 ---- a/auth/gensec/schannel.c -+++ b/auth/gensec/schannel.c -@@ -1080,6 +1080,7 @@ static NTSTATUS schannel_server_start(struct gensec_security *gensec_security) - case ROLE_DOMAIN_BDC: - case ROLE_DOMAIN_PDC: - case ROLE_ACTIVE_DIRECTORY_DC: -+ case ROLE_IPA_DC: - return NT_STATUS_OK; - default: - return NT_STATUS_NOT_IMPLEMENTED; -diff --git a/source3/rpc_server/lsa/srv_lsa_nt.c b/source3/rpc_server/lsa/srv_lsa_nt.c -index 8d71b5252ab..ea92a22cbc9 100644 ---- a/source3/rpc_server/lsa/srv_lsa_nt.c -+++ b/source3/rpc_server/lsa/srv_lsa_nt.c -@@ -683,6 +683,7 @@ NTSTATUS _lsa_QueryInfoPolicy(struct pipes_struct *p, - switch (lp_server_role()) { - case ROLE_DOMAIN_PDC: - case ROLE_DOMAIN_BDC: -+ case ROLE_IPA_DC: - name = get_global_sam_name(); - sid = dom_sid_dup(p->mem_ctx, get_global_sam_sid()); - if (!sid) { --- -2.33.1 - diff --git a/SOURCES/samba-4.15-logfile.patch b/SOURCES/samba-4.15-logfile.patch deleted file mode 100644 index 6300639..0000000 --- a/SOURCES/samba-4.15-logfile.patch +++ /dev/null @@ -1,981 +0,0 @@ -From 96d6bd4feb27b9b003aac44ef2ab7ef0a288272d Mon Sep 17 00:00:00 2001 -From: Ralph Boehme -Date: Wed, 10 Nov 2021 20:18:07 +0100 -Subject: [PATCH 1/8] source3: move lib/substitute.c functions out of proto.h - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=14897 - -Signed-off-by: Ralph Boehme ---- - source3/auth/auth_generic.c | 1 + - source3/auth/auth_ntlmssp.c | 1 + - source3/auth/auth_util.c | 1 + - source3/include/proto.h | 33 ----------- - source3/lib/substitute.c | 1 + - source3/lib/substitute.h | 63 +++++++++++++++++++++ - source3/modules/vfs_expand_msdfs.c | 1 + - source3/modules/vfs_full_audit.c | 1 + - source3/modules/vfs_recycle.c | 1 + - source3/modules/vfs_unityed_media.c | 1 + - source3/modules/vfs_virusfilter_utils.c | 1 + - source3/nmbd/nmbd.c | 1 + - source3/nmbd/nmbd_synclists.c | 1 + - source3/param/loadparm.c | 1 + - source3/passdb/passdb.c | 1 + - source3/passdb/pdb_ldap.c | 1 + - source3/printing/print_generic.c | 1 + - source3/printing/printing.c | 1 + - source3/rpc_server/lsa/srv_lsa_nt.c | 1 + - source3/rpc_server/netlogon/srv_netlog_nt.c | 1 + - source3/rpc_server/srvsvc/srv_srvsvc_nt.c | 1 + - source3/smbd/ipc.c | 1 + - source3/smbd/lanman.c | 1 + - source3/smbd/message.c | 1 + - source3/smbd/msdfs.c | 1 + - source3/smbd/process.c | 1 + - source3/smbd/reply.c | 1 + - source3/smbd/server.c | 1 + - source3/smbd/service.c | 1 + - source3/smbd/sesssetup.c | 1 + - source3/smbd/share_access.c | 1 + - source3/smbd/smb2_server.c | 1 + - source3/smbd/smb2_sesssetup.c | 1 + - source3/smbd/trans2.c | 1 + - source3/smbd/uid.c | 1 + - source3/torture/torture.c | 1 + - source3/utils/net_sam.c | 1 + - source3/winbindd/wb_getpwsid.c | 1 + - source3/winbindd/winbindd.c | 1 + - 39 files changed, 100 insertions(+), 33 deletions(-) - create mode 100644 source3/lib/substitute.h - -diff --git a/source3/auth/auth_generic.c b/source3/auth/auth_generic.c -index fc7a7549e8e..ff51307e43a 100644 ---- a/source3/auth/auth_generic.c -+++ b/source3/auth/auth_generic.c -@@ -36,6 +36,7 @@ - #include "auth/credentials/credentials.h" - #include "lib/param/loadparm.h" - #include "librpc/gen_ndr/dcerpc.h" -+#include "source3/lib/substitute.h" - - static NTSTATUS auth3_generate_session_info_pac(struct auth4_context *auth_ctx, - TALLOC_CTX *mem_ctx, -diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c -index 676aa9d892c..f2deca09aa6 100644 ---- a/source3/auth/auth_ntlmssp.c -+++ b/source3/auth/auth_ntlmssp.c -@@ -25,6 +25,7 @@ - #include "auth.h" - #include "libcli/security/security.h" - #include "lib/util/tevent_ntstatus.h" -+#include "source3/lib/substitute.h" - - NTSTATUS auth3_generate_session_info(struct auth4_context *auth_context, - TALLOC_CTX *mem_ctx, -diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c -index dec854d85c3..4527dedc49d 100644 ---- a/source3/auth/auth_util.c -+++ b/source3/auth/auth_util.c -@@ -38,6 +38,7 @@ - #include "rpc_client/util_netlogon.h" - #include "source4/auth/auth.h" - #include "auth/auth_util.h" -+#include "source3/lib/substitute.h" - - #undef DBGC_CLASS - #define DBGC_CLASS DBGC_AUTH -diff --git a/source3/include/proto.h b/source3/include/proto.h -index eb45179aebb..a96c2c8d110 100644 ---- a/source3/include/proto.h -+++ b/source3/include/proto.h -@@ -139,39 +139,6 @@ int smbrun_no_sanitize(const char *cmd, int *outfd, char * const *env); - int smbrun(const char *cmd, int *outfd, char * const *env); - int smbrunsecret(const char *cmd, const char *secret); - --/* The following definitions come from lib/substitute.c */ -- --bool set_local_machine_name(const char *local_name, bool perm); --const char *get_local_machine_name(void); --bool set_remote_machine_name(const char *remote_name, bool perm); --const char *get_remote_machine_name(void); --void sub_set_smb_name(const char *name); --void set_current_user_info(const char *smb_name, const char *unix_name, -- const char *domain); --void sub_set_socket_ids(const char *peeraddr, const char *peername, -- const char *sockaddr); --const char *get_current_username(void); --void standard_sub_basic(const char *smb_name, const char *domain_name, -- char *str, size_t len); --char *talloc_sub_basic(TALLOC_CTX *mem_ctx, const char *smb_name, -- const char *domain_name, const char *str); --char *talloc_sub_specified(TALLOC_CTX *mem_ctx, -- const char *input_string, -- const char *username, -- const char *grpname, -- const char *domain, -- uid_t uid, -- gid_t gid); --char *talloc_sub_advanced(TALLOC_CTX *mem_ctx, -- const char *servicename, const char *user, -- const char *connectpath, gid_t gid, -- const char *str); --char *talloc_sub_full(TALLOC_CTX *mem_ctx, -- const char *servicename, const char *user, -- const char *connectpath, gid_t gid, -- const char *smb_name, const char *domain_name, -- const char *str); -- - /* The following definitions come from lib/sysquotas.c */ - - int sys_get_quota(const char *path, enum SMB_QUOTA_TYPE qtype, unid_t id, SMB_DISK_QUOTA *dp); -diff --git a/source3/lib/substitute.c b/source3/lib/substitute.c -index b98a0acf1cb..a941b89f82a 100644 ---- a/source3/lib/substitute.c -+++ b/source3/lib/substitute.c -@@ -20,6 +20,7 @@ - - - #include "includes.h" -+#include "substitute.h" - #include "system/passwd.h" - #include "secrets.h" - #include "auth.h" -diff --git a/source3/lib/substitute.h b/source3/lib/substitute.h -new file mode 100644 -index 00000000000..2056d163dd7 ---- /dev/null -+++ b/source3/lib/substitute.h -@@ -0,0 +1,63 @@ -+/* -+ Unix SMB/CIFS implementation. -+ string substitution functions -+ Copyright (C) Andrew Tridgell 1992-2000 -+ Copyright (C) Gerald Carter 2006 -+ -+ This program is free software; you can redistribute it and/or modify -+ it under the terms of the GNU General Public License as published by -+ the Free Software Foundation; either version 3 of the License, or -+ (at your option) any later version. -+ -+ This program is distributed in the hope that it will be useful, -+ but WITHOUT ANY WARRANTY; without even the implied warranty of -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ GNU General Public License for more details. -+ -+ You should have received a copy of the GNU General Public License -+ along with this program. If not, see . -+*/ -+ -+#ifndef SUBSTITUTE_H -+#define SUBSTITUTE_H -+ -+bool set_local_machine_name(const char *local_name, bool perm); -+const char *get_local_machine_name(void); -+bool set_remote_machine_name(const char *remote_name, bool perm); -+const char *get_remote_machine_name(void); -+void sub_set_socket_ids(const char *peeraddr, const char *peername, -+ const char *sockaddr); -+void set_current_user_info(const char *smb_name, -+ const char *unix_name, -+ const char *domain); -+const char *get_current_username(void); -+void standard_sub_basic(const char *smb_name, -+ const char *domain_name, -+ char *str, -+ size_t len); -+char *talloc_sub_basic(TALLOC_CTX *mem_ctx, -+ const char *smb_name, -+ const char *domain_name, -+ const char *str); -+char *talloc_sub_specified(TALLOC_CTX *mem_ctx, -+ const char *input_string, -+ const char *username, -+ const char *grpname, -+ const char *domain, -+ uid_t uid, -+ gid_t gid); -+char *talloc_sub_advanced(TALLOC_CTX *ctx, -+ const char *servicename, -+ const char *user, -+ const char *connectpath, -+ gid_t gid, -+ const char *str); -+char *talloc_sub_full(TALLOC_CTX *ctx, -+ const char *servicename, -+ const char *user, -+ const char *connectpath, -+ gid_t gid, -+ const char *smb_name, -+ const char *domain_name, -+ const char *str); -+#endif -diff --git a/source3/modules/vfs_expand_msdfs.c b/source3/modules/vfs_expand_msdfs.c -index 34e7051dca5..fe3c6f47462 100644 ---- a/source3/modules/vfs_expand_msdfs.c -+++ b/source3/modules/vfs_expand_msdfs.c -@@ -25,6 +25,7 @@ - #include "auth.h" - #include "../lib/tsocket/tsocket.h" - #include "msdfs.h" -+#include "source3/lib/substitute.h" - - #undef DBGC_CLASS - #define DBGC_CLASS DBGC_VFS -diff --git a/source3/modules/vfs_full_audit.c b/source3/modules/vfs_full_audit.c -index ceda99d4568..c8dbc8c07bb 100644 ---- a/source3/modules/vfs_full_audit.c -+++ b/source3/modules/vfs_full_audit.c -@@ -73,6 +73,7 @@ - #include "passdb/machine_sid.h" - #include "lib/util/tevent_ntstatus.h" - #include "lib/util/string_wrappers.h" -+#include "source3/lib/substitute.h" - - static int vfs_full_audit_debug_level = DBGC_VFS; - -diff --git a/source3/modules/vfs_recycle.c b/source3/modules/vfs_recycle.c -index 1c18f232c32..7cbc938a57c 100644 ---- a/source3/modules/vfs_recycle.c -+++ b/source3/modules/vfs_recycle.c -@@ -27,6 +27,7 @@ - #include "system/filesys.h" - #include "../librpc/gen_ndr/ndr_netlogon.h" - #include "auth.h" -+#include "source3/lib/substitute.h" - - #define ALLOC_CHECK(ptr, label) do { if ((ptr) == NULL) { DEBUG(0, ("recycle.bin: out of memory!\n")); errno = ENOMEM; goto label; } } while(0) - -diff --git a/source3/modules/vfs_unityed_media.c b/source3/modules/vfs_unityed_media.c -index 62a1456b996..fbd4d968172 100644 ---- a/source3/modules/vfs_unityed_media.c -+++ b/source3/modules/vfs_unityed_media.c -@@ -62,6 +62,7 @@ - #include "../lib/tsocket/tsocket.h" - #include "lib/util/smb_strtox.h" - #include -+#include "source3/lib/substitute.h" - - #define UM_PARAM_TYPE_NAME "unityed_media" - -diff --git a/source3/modules/vfs_virusfilter_utils.c b/source3/modules/vfs_virusfilter_utils.c -index c7f8089ffc7..b8b44eb203b 100644 ---- a/source3/modules/vfs_virusfilter_utils.c -+++ b/source3/modules/vfs_virusfilter_utils.c -@@ -25,6 +25,7 @@ struct iovec; - #include "lib/util/iov_buf.h" - #include - #include "lib/tsocket/tsocket.h" -+#include "source3/lib/substitute.h" - - int virusfilter_debug_class = DBGC_VFS; - -diff --git a/source3/nmbd/nmbd.c b/source3/nmbd/nmbd.c -index 44121e9915c..7470897587e 100644 ---- a/source3/nmbd/nmbd.c -+++ b/source3/nmbd/nmbd.c -@@ -29,6 +29,7 @@ - #include "util_cluster.h" - #include "lib/gencache.h" - #include "lib/global_contexts.h" -+#include "source3/lib/substitute.h" - - int ClientNMB = -1; - int ClientDGRAM = -1; -diff --git a/source3/nmbd/nmbd_synclists.c b/source3/nmbd/nmbd_synclists.c -index a65cbb87e0e..d291927fbc8 100644 ---- a/source3/nmbd/nmbd_synclists.c -+++ b/source3/nmbd/nmbd_synclists.c -@@ -33,6 +33,7 @@ - #include "libsmb/clirap.h" - #include "../libcli/smb/smbXcli_base.h" - #include "lib/util/string_wrappers.h" -+#include "source3/lib/substitute.h" - - struct sync_record { - struct sync_record *next, *prev; -diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c -index f54c08cc4a5..b56fd20e410 100644 ---- a/source3/param/loadparm.c -+++ b/source3/param/loadparm.c -@@ -76,6 +76,7 @@ - #include "lib/crypto/gnutls_helpers.h" - #include "lib/util/string_wrappers.h" - #include "auth/credentials/credentials.h" -+#include "source3/lib/substitute.h" - - #ifdef HAVE_SYS_SYSCTL_H - #include -diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c -index 068c5a5ea70..863f260ea90 100644 ---- a/source3/passdb/passdb.c -+++ b/source3/passdb/passdb.c -@@ -33,6 +33,7 @@ - #include "auth/credentials/credentials.h" - #include "lib/param/param.h" - #include "lib/util/string_wrappers.h" -+#include "source3/lib/substitute.h" - - #undef DBGC_CLASS - #define DBGC_CLASS DBGC_PASSDB -diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c -index e6d8a84c60f..93da28b1941 100644 ---- a/source3/passdb/pdb_ldap.c -+++ b/source3/passdb/pdb_ldap.c -@@ -56,6 +56,7 @@ - #include "lib/util_sid_passdb.h" - #include "lib/util/smb_strtox.h" - #include "lib/util/string_wrappers.h" -+#include "source3/lib/substitute.h" - - #undef DBGC_CLASS - #define DBGC_CLASS DBGC_PASSDB -diff --git a/source3/printing/print_generic.c b/source3/printing/print_generic.c -index 743c311bbd5..8798a4cf34a 100644 ---- a/source3/printing/print_generic.c -+++ b/source3/printing/print_generic.c -@@ -20,6 +20,7 @@ - #include "includes.h" - #include "printing.h" - #include "smbd/proto.h" -+#include "source3/lib/substitute.h" - - extern userdom_struct current_user_info; - -diff --git a/source3/printing/printing.c b/source3/printing/printing.c -index 499334df03f..67d798fbb21 100644 ---- a/source3/printing/printing.c -+++ b/source3/printing/printing.c -@@ -40,6 +40,7 @@ - #include "lib/util/string_wrappers.h" - #include "lib/global_contexts.h" - #include "source3/printing/rap_jobid.h" -+#include "source3/lib/substitute.h" - - extern userdom_struct current_user_info; - -diff --git a/source3/rpc_server/lsa/srv_lsa_nt.c b/source3/rpc_server/lsa/srv_lsa_nt.c -index d6d606ddeca..57f981cb358 100644 ---- a/source3/rpc_server/lsa/srv_lsa_nt.c -+++ b/source3/rpc_server/lsa/srv_lsa_nt.c -@@ -53,6 +53,7 @@ - #include "librpc/rpc/dcesrv_core.h" - #include "librpc/rpc/dcerpc_helper.h" - #include "lib/param/loadparm.h" -+#include "source3/lib/substitute.h" - - #include "lib/crypto/gnutls_helpers.h" - #include -diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c -index eaacd8dbc6a..2906fa3f30f 100644 ---- a/source3/rpc_server/netlogon/srv_netlog_nt.c -+++ b/source3/rpc_server/netlogon/srv_netlog_nt.c -@@ -49,6 +49,7 @@ - #include "lib/param/param.h" - #include "libsmb/dsgetdcname.h" - #include "lib/util/util_str_escape.h" -+#include "source3/lib/substitute.h" - - extern userdom_struct current_user_info; - -diff --git a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c -index 8576e9d2ce2..fc27a459634 100644 ---- a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c -+++ b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c -@@ -42,6 +42,7 @@ - #include "messages.h" - #include "serverid.h" - #include "lib/global_contexts.h" -+#include "source3/lib/substitute.h" - - extern const struct generic_mapping file_generic_mapping; - -diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c -index f1c8ea0c2ed..cf3b7c91c22 100644 ---- a/source3/smbd/ipc.c -+++ b/source3/smbd/ipc.c -@@ -29,6 +29,7 @@ - #include "smbd/globals.h" - #include "smbprofile.h" - #include "rpc_server/srv_pipe_hnd.h" -+#include "source3/lib/substitute.h" - - #define NERR_notsupported 50 - -diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c -index 9194113e768..eb8148753b9 100644 ---- a/source3/smbd/lanman.c -+++ b/source3/smbd/lanman.c -@@ -45,6 +45,7 @@ - #include "rpc_server/rpc_ncacn_np.h" - #include "lib/util/string_wrappers.h" - #include "source3/printing/rap_jobid.h" -+#include "source3/lib/substitute.h" - - #ifdef CHECK_TYPES - #undef CHECK_TYPES -diff --git a/source3/smbd/message.c b/source3/smbd/message.c -index b9728946889..7185bec1289 100644 ---- a/source3/smbd/message.c -+++ b/source3/smbd/message.c -@@ -27,6 +27,7 @@ - #include "smbd/smbd.h" - #include "smbd/globals.h" - #include "smbprofile.h" -+#include "source3/lib/substitute.h" - - extern userdom_struct current_user_info; - -diff --git a/source3/smbd/msdfs.c b/source3/smbd/msdfs.c -index 995ed815d90..fd002e98071 100644 ---- a/source3/smbd/msdfs.c -+++ b/source3/smbd/msdfs.c -@@ -34,6 +34,7 @@ - #include "librpc/gen_ndr/ndr_dfsblobs.h" - #include "lib/tsocket/tsocket.h" - #include "lib/global_contexts.h" -+#include "source3/lib/substitute.h" - - /********************************************************************** - Parse a DFS pathname of the form \hostname\service\reqpath -diff --git a/source3/smbd/process.c b/source3/smbd/process.c -index 03409742752..5015c143a04 100644 ---- a/source3/smbd/process.c -+++ b/source3/smbd/process.c -@@ -46,6 +46,7 @@ - #include "libcli/smb/smbXcli_base.h" - #include "lib/util/time_basic.h" - #include "smb1_utils.h" -+#include "source3/lib/substitute.h" - - /* Internal message queue for deferred opens. */ - struct pending_message_list { -diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c -index 042e7f2329e..f85d1122a07 100644 ---- a/source3/smbd/reply.c -+++ b/source3/smbd/reply.c -@@ -50,6 +50,7 @@ - #include "libcli/smb/smb2_posix.h" - #include "lib/util/string_wrappers.h" - #include "source3/printing/rap_jobid.h" -+#include "source3/lib/substitute.h" - - /**************************************************************************** - Ensure we check the path in *exactly* the same way as W2K for a findfirst/findnext -diff --git a/source3/smbd/server.c b/source3/smbd/server.c -index d7f5b4b73c0..d02ff1bd883 100644 ---- a/source3/smbd/server.c -+++ b/source3/smbd/server.c -@@ -60,6 +60,7 @@ - #include "rpc_server/fssd.h" - #include "rpc_server/mdssd.h" - #include "lib/global_contexts.h" -+#include "source3/lib/substitute.h" - - #ifdef CLUSTER_SUPPORT - #include "ctdb_protocol.h" -diff --git a/source3/smbd/service.c b/source3/smbd/service.c -index afdea38b016..ef7c14d92d0 100644 ---- a/source3/smbd/service.c -+++ b/source3/smbd/service.c -@@ -34,6 +34,7 @@ - #include "lib/afs/afs_funcs.h" - #include "lib/util_path.h" - #include "lib/util/string_wrappers.h" -+#include "source3/lib/substitute.h" - - bool canonicalize_connect_path(connection_struct *conn) - { -diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c -index 2bd527ce80e..1705b8920b6 100644 ---- a/source3/smbd/sesssetup.c -+++ b/source3/smbd/sesssetup.c -@@ -34,6 +34,7 @@ - #include "auth/gensec/gensec.h" - #include "../libcli/smb/smb_signing.h" - #include "lib/util/string_wrappers.h" -+#include "source3/lib/substitute.h" - - /**************************************************************************** - Add the standard 'Samba' signature to the end of the session setup. -diff --git a/source3/smbd/share_access.c b/source3/smbd/share_access.c -index debe4fc6385..c44c4bd8c69 100644 ---- a/source3/smbd/share_access.c -+++ b/source3/smbd/share_access.c -@@ -23,6 +23,7 @@ - #include "../libcli/security/security.h" - #include "passdb/lookup_sid.h" - #include "auth.h" -+#include "source3/lib/substitute.h" - - /* - * We dropped NIS support in 2021, but need to keep configs working. -diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c -index f359db0729d..f6b376e5a07 100644 ---- a/source3/smbd/smb2_server.c -+++ b/source3/smbd/smb2_server.c -@@ -33,6 +33,7 @@ - #include "lib/util/iov_buf.h" - #include "auth.h" - #include "libcli/smb/smbXcli_base.h" -+#include "source3/lib/substitute.h" - - #if defined(LINUX) - /* SIOCOUTQ TIOCOUTQ are the same */ -diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c -index 38049e8535f..14b806bc007 100644 ---- a/source3/smbd/smb2_sesssetup.c -+++ b/source3/smbd/smb2_sesssetup.c -@@ -28,6 +28,7 @@ - #include "../lib/tsocket/tsocket.h" - #include "../libcli/security/security.h" - #include "../lib/util/tevent_ntstatus.h" -+#include "source3/lib/substitute.h" - - #include "lib/crypto/gnutls_helpers.h" - #include -diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c -index cd6b61429c5..a86ac3228e3 100644 ---- a/source3/smbd/trans2.c -+++ b/source3/smbd/trans2.c -@@ -45,6 +45,7 @@ - #include "smb1_utils.h" - #include "libcli/smb/smb2_posix.h" - #include "lib/util/string_wrappers.h" -+#include "source3/lib/substitute.h" - - #define DIR_ENTRY_SAFETY_MARGIN 4096 - -diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c -index b0d7f21c200..52918c4f181 100644 ---- a/source3/smbd/uid.c -+++ b/source3/smbd/uid.c -@@ -26,6 +26,7 @@ - #include "passdb/lookup_sid.h" - #include "auth.h" - #include "../auth/auth_util.h" -+#include "source3/lib/substitute.h" - - /* what user is current? */ - extern struct current_user current_user; -diff --git a/source3/torture/torture.c b/source3/torture/torture.c -index 79a9c65073c..d3e0e3cf095 100644 ---- a/source3/torture/torture.c -+++ b/source3/torture/torture.c -@@ -51,6 +51,7 @@ - #include "lib/param/param.h" - #include "auth/gensec/gensec.h" - #include "lib/util/string_wrappers.h" -+#include "source3/lib/substitute.h" - - #include - #include -diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c -index 6a2c6c861f9..17cc47b2ddd 100644 ---- a/source3/utils/net_sam.c -+++ b/source3/utils/net_sam.c -@@ -33,6 +33,7 @@ - #include "idmap.h" - #include "lib/util/smb_strtox.h" - #include "lib/util/string_wrappers.h" -+#include "source3/lib/substitute.h" - - /* - * Set a user's data -diff --git a/source3/winbindd/wb_getpwsid.c b/source3/winbindd/wb_getpwsid.c -index fb0351ec201..7f168bdda7a 100644 ---- a/source3/winbindd/wb_getpwsid.c -+++ b/source3/winbindd/wb_getpwsid.c -@@ -22,6 +22,7 @@ - #include "librpc/gen_ndr/ndr_winbind_c.h" - #include "../libcli/security/security.h" - #include "lib/util/string_wrappers.h" -+#include "source3/lib/substitute.h" - - struct wb_getpwsid_state { - struct tevent_context *ev; -diff --git a/source3/winbindd/winbindd.c b/source3/winbindd/winbindd.c -index 25d8b723010..290454619a4 100644 ---- a/source3/winbindd/winbindd.c -+++ b/source3/winbindd/winbindd.c -@@ -51,6 +51,7 @@ - #include "lib/gencache.h" - #include "rpc_server/rpc_config.h" - #include "lib/global_contexts.h" -+#include "source3/lib/substitute.h" - - #undef DBGC_CLASS - #define DBGC_CLASS DBGC_WINBIND --- -2.33.1 - - -From 1184733a1628c1187a215956195ca806419db16d Mon Sep 17 00:00:00 2001 -From: Ralph Boehme -Date: Thu, 11 Nov 2021 05:23:09 +0100 -Subject: [PATCH 2/8] samba-bgqd: fix startup and logging - -Let samba-bgqd use the new POPT_COMMON_DAEMON infrastructure. - -The calls to setup_logging() can safely be removed as this is already taken care -of by samba_cmdline_init(). - -To avoid a logfile basename of ".log" when using "%m", we add a call to -set_remote_machine_name(). - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=14897 - -Signed-off-by: Ralph Boehme ---- - source3/printing/samba-bgqd.c | 35 ++++++++++------------------------- - 1 file changed, 10 insertions(+), 25 deletions(-) - -diff --git a/source3/printing/samba-bgqd.c b/source3/printing/samba-bgqd.c -index 8ac6ec525b2..2cd6a8e007a 100644 ---- a/source3/printing/samba-bgqd.c -+++ b/source3/printing/samba-bgqd.c -@@ -40,6 +40,7 @@ - #include "source3/lib/util_procid.h" - #include "source3/auth/proto.h" - #include "source3/printing/queue_process.h" -+#include "source3/lib/substitute.h" - - static void watch_handler(struct tevent_req *req) - { -@@ -235,6 +236,7 @@ static int closeall_except_fd_params( - - int main(int argc, const char *argv[]) - { -+ struct samba_cmdline_daemon_cfg *cmdline_daemon_cfg = NULL; - const struct loadparm_substitution *lp_sub = - loadparm_s3_global_substitution(); - const char *progname = getprogname(); -@@ -245,8 +247,6 @@ int main(int argc, const char *argv[]) - struct tevent_req *watch_req = NULL; - struct tevent_signal *sigterm_handler = NULL; - struct bq_state *bq = NULL; -- int foreground = 0; -- int no_process_group = 0; - int log_stdout = 0; - int ready_signal_fd = -1; - int watch_fd = -1; -@@ -259,21 +259,7 @@ int main(int argc, const char *argv[]) - struct poptOption long_options[] = { - POPT_AUTOHELP - POPT_COMMON_SAMBA -- { -- .longName = "foreground", -- .shortName = 'F', -- .argInfo = POPT_ARG_NONE, -- .arg = &foreground, -- .descrip = "Run daemon in foreground " -- "(for daemontools, etc.)", -- }, -- { -- .longName = "no-process-group", -- .shortName = '\0', -- .argInfo = POPT_ARG_NONE, -- .arg = &no_process_group, -- .descrip = "Don't create a new process group" , -- }, -+ POPT_COMMON_DAEMON - - /* - * File descriptor to write the PID of the helper -@@ -311,6 +297,7 @@ int main(int argc, const char *argv[]) - frame = talloc_stackframe(); - - umask(0); -+ set_remote_machine_name("smbd-bgqd", true); - - ok = samba_cmdline_init(frame, - SAMBA_CMDLINE_CONFIG_SERVER, -@@ -320,6 +307,8 @@ int main(int argc, const char *argv[]) - exit(ENOMEM); - } - -+ cmdline_daemon_cfg = samba_cmdline_get_daemon_cfg(); -+ - pc = samba_popt_get_context(progname, - argc, - argv, -@@ -340,16 +329,12 @@ int main(int argc, const char *argv[]) - - log_stdout = (debug_get_log_type() == DEBUG_STDOUT); - -- if (foreground) { -+ if (!cmdline_daemon_cfg->fork) { - daemon_status(progname, "Starting process ... "); - } else { -- become_daemon(true, no_process_group, log_stdout); -- } -- -- if (log_stdout) { -- setup_logging(progname, DEBUG_STDOUT); -- } else { -- setup_logging(progname, DEBUG_FILE); -+ become_daemon(true, -+ cmdline_daemon_cfg->no_process_group, -+ log_stdout); - } - - BlockSignals(true, SIGPIPE); --- -2.33.1 - - -From 1a0a1ccbe888332ea134b16bfac0d0d011bf1f4c Mon Sep 17 00:00:00 2001 -From: Ralph Boehme -Date: Wed, 10 Nov 2021 18:27:08 +0100 -Subject: [PATCH 3/8] winbindd: remove is_default_dyn_LOGFILEBASE() logic - -Handling of -l commandline parameter is already implemented by lib/cmdline/. - -is_default_dyn_LOGFILEBASE() == true is the default case and this causes us to -temporarily overwrite the configured logfile with LOGFILEBASE/log.winbindd until -winbindd_reload_services_file() restores it. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=14897 - -Signed-off-by: Ralph Boehme ---- - source3/winbindd/winbindd.c | 9 --------- - 1 file changed, 9 deletions(-) - -diff --git a/source3/winbindd/winbindd.c b/source3/winbindd/winbindd.c -index 290454619a4..58c5ffbced4 100644 ---- a/source3/winbindd/winbindd.c -+++ b/source3/winbindd/winbindd.c -@@ -1717,15 +1717,6 @@ int main(int argc, const char **argv) - - poptFreeContext(pc); - -- if (is_default_dyn_LOGFILEBASE()) { -- char *lfile = NULL; -- if (asprintf(&lfile,"%s/log.winbindd", -- get_dyn_LOGFILEBASE()) > 0) { -- lp_set_logfile(lfile); -- SAFE_FREE(lfile); -- } -- } -- - reopen_logs(); - - DEBUG(0,("winbindd version %s started.\n", samba_version_string())); --- -2.33.1 - - -From bcbf9fb6669933cc3dcf1f615d2885c542a08035 Mon Sep 17 00:00:00 2001 -From: Ralph Boehme -Date: Wed, 10 Nov 2021 14:13:11 +0100 -Subject: [PATCH 4/8] lib/debug: fix fd check before dup'ing to stderr - -Before I added per-class logfile and we had only one fd for the logfile the code -looked like this: - - /* Take over stderr to catch output into logs */ - if (state.fd > 0) { - if (dup2(state.fd, 2) == -1) { - /* Close stderr too, if dup2 can't point it - - at the logfile. There really isn't much - that can be done on such a fundamental - failure... */ - close_low_fd(2); - } - } - -In the current code the equivalent to state.fd is dbgc_config[DBGC_ALL].fd. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=14897 - -Signed-off-by: Ralph Boehme ---- - lib/util/debug.c | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) - -diff --git a/lib/util/debug.c b/lib/util/debug.c -index 4fd17679227..b271608621a 100644 ---- a/lib/util/debug.c -+++ b/lib/util/debug.c -@@ -1125,7 +1125,6 @@ bool reopen_logs_internal(void) - { - struct debug_backend *b = NULL; - mode_t oldumask; -- int new_fd = 0; - size_t i; - bool ok; - -@@ -1190,7 +1189,7 @@ bool reopen_logs_internal(void) - * If log file was opened or created successfully, take over stderr to - * catch output into logs. - */ -- if (new_fd != -1) { -+ if (dbgc_config[DBGC_ALL].fd > 0) { - if (dup2(dbgc_config[DBGC_ALL].fd, 2) == -1) { - /* Close stderr too, if dup2 can't point it - - at the logfile. There really isn't much --- -2.33.1 - - -From 9f76bd48d87eb03c66dfe942b4a84e997a8fe8ba Mon Sep 17 00:00:00 2001 -From: Ralph Boehme -Date: Mon, 8 Nov 2021 19:41:50 +0100 -Subject: [PATCH 5/8] lib/debug: in debug_set_logfile() call - reopen_logs_internal() - -This simplifies the logging API for callers that typically would want to set -logging by just setup_logging() once without bothering that typically -configuration is loaded (via some lpcfg_load*() or lp_load*() varient) which -will only then pick up the configured logfile from smb.conf without actually -applying the new logifle to the logging subsytem. - -Therefor our daemons will additionally call reopen_logs() explicitly in their -startup code after config is loaded, eg - - setup_logging(getprogname(), DEBUG_FILE); - ... - lpcfg_load(lp_ctx, config_file); - ... - reopen_logs(); - -By calling reopen_logs_internal() implicitly from debug_set_logfile() there's no -need to call reopen_logs() explicitly anymore to apply the logfile. - -As reopen_logs() will also apply other logging configuration options, we have to -keep the explicit calls in the daemon code. But at least this allows consistent -logging setup wrt to the logfile in the new cmdline library. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=14897 - -Signed-off-by: Ralph Boehme ---- - lib/util/debug.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/lib/util/debug.c b/lib/util/debug.c -index b271608621a..171b5e15008 100644 ---- a/lib/util/debug.c -+++ b/lib/util/debug.c -@@ -1018,6 +1018,8 @@ void debug_set_logfile(const char *name) - } - TALLOC_FREE(dbgc_config[DBGC_ALL].logfile); - dbgc_config[DBGC_ALL].logfile = talloc_strdup(NULL, name); -+ -+ reopen_logs_internal(); - } - - static void debug_close_fd(int fd) --- -2.33.1 - - -From b80911bc1a306cac479ee3feabdcea124946cdde Mon Sep 17 00:00:00 2001 -From: Ralph Boehme -Date: Mon, 8 Nov 2021 12:08:47 +0100 -Subject: [PATCH 6/8] lib/cmdline: fix indentation - -s/whitespace/tab/ - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=14897 - -Signed-off-by: Ralph Boehme ---- - lib/cmdline/cmdline_s3.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/lib/cmdline/cmdline_s3.c b/lib/cmdline/cmdline_s3.c -index 1f8d9ed5eb5..639d403aed3 100644 ---- a/lib/cmdline/cmdline_s3.c -+++ b/lib/cmdline/cmdline_s3.c -@@ -55,7 +55,7 @@ static bool _samba_cmdline_load_config_s3(void) - case SAMBA_CMDLINE_CONFIG_CLIENT: - ok = lp_load_client(config_file); - break; -- case SAMBA_CMDLINE_CONFIG_SERVER: -+ case SAMBA_CMDLINE_CONFIG_SERVER: - { - const struct samba_cmdline_daemon_cfg *cmdline_daemon_cfg = - samba_cmdline_get_daemon_cfg(); --- -2.33.1 - - -From a6b6b0b6e6dfcd2c8e2c2085d20cd16c51e3b379 Mon Sep 17 00:00:00 2001 -From: Ralph Boehme -Date: Mon, 8 Nov 2021 12:09:16 +0100 -Subject: [PATCH 7/8] lib/cmdline: remember config_type in samba_cmdline_init() - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=14897 - -Signed-off-by: Ralph Boehme ---- - lib/cmdline/cmdline_s4.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/lib/cmdline/cmdline_s4.c b/lib/cmdline/cmdline_s4.c -index 61c1b96ba8d..6ef6f59db49 100644 ---- a/lib/cmdline/cmdline_s4.c -+++ b/lib/cmdline/cmdline_s4.c -@@ -25,6 +25,7 @@ - #include "cmdline_private.h" - - static bool _require_smbconf; -+static enum samba_cmdline_config_type _config_type; - - static bool _samba_cmdline_load_config_s4(void) - { -@@ -81,6 +82,7 @@ bool samba_cmdline_init(TALLOC_CTX *mem_ctx, - return false; - } - _require_smbconf = require_smbconf; -+ _config_type = config_type; - - creds = cli_credentials_init(mem_ctx); - if (creds == NULL) { --- -2.33.1 - - -From e1d6ab1b0dbd8ff30019edf804c4766b066db4b7 Mon Sep 17 00:00:00 2001 -From: Ralph Boehme -Date: Mon, 8 Nov 2021 12:09:43 +0100 -Subject: [PATCH 8/8] lib/cmdline: setup default file logging for servers - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=14897 -RN: samba process doesn't log to logfile - -Signed-off-by: Ralph Boehme ---- - lib/cmdline/cmdline_s4.c | 14 ++++++++++++++ - 1 file changed, 14 insertions(+) - -diff --git a/lib/cmdline/cmdline_s4.c b/lib/cmdline/cmdline_s4.c -index 6ef6f59db49..29e9f34bbe2 100644 ---- a/lib/cmdline/cmdline_s4.c -+++ b/lib/cmdline/cmdline_s4.c -@@ -44,6 +44,20 @@ static bool _samba_cmdline_load_config_s4(void) - } - } - -+ switch (_config_type) { -+ case SAMBA_CMDLINE_CONFIG_SERVER: { -+ const struct samba_cmdline_daemon_cfg *cmdline_daemon_cfg = -+ samba_cmdline_get_daemon_cfg(); -+ -+ if (!cmdline_daemon_cfg->interactive) { -+ setup_logging(getprogname(), DEBUG_FILE); -+ } -+ break; -+ } -+ default: -+ break; -+ } -+ - config_file = get_dyn_CONFIGFILE(); - ok = lpcfg_load(lp_ctx, config_file); - if (!ok) { --- -2.33.1 - diff --git a/SOURCES/samba-4.15.1-winexe.patch b/SOURCES/samba-4.15.1-winexe.patch deleted file mode 100644 index 38460b3..0000000 --- a/SOURCES/samba-4.15.1-winexe.patch +++ /dev/null @@ -1,61 +0,0 @@ -From 3d02bf10d7738fe604b524863764de3ca1faa081 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?G=C3=BCnther=20Deschner?= -Date: Thu, 4 Nov 2021 22:22:44 +0100 -Subject: [PATCH] s3-winexe: Fix winexe core dump (use-after-free) -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=14893 - -Guenther - -Signed-off-by: Guenther Deschner -Reviewed-by: Andreas Schneider - -Autobuild-User(master): Günther Deschner -Autobuild-Date(master): Fri Nov 5 11:43:57 UTC 2021 on sn-devel-184 - -(cherry picked from commit e9495d2ed28a26899dc3dd77bdfe56e284980218) ---- - examples/winexe/winexe.c | 16 ++++++++++++---- - 1 file changed, 12 insertions(+), 4 deletions(-) - -diff --git a/examples/winexe/winexe.c b/examples/winexe/winexe.c -index 3e0813a4091..59fb9dbdebb 100644 ---- a/examples/winexe/winexe.c -+++ b/examples/winexe/winexe.c -@@ -220,8 +220,6 @@ static void parse_args(int argc, const char *argv[], - *port_str = '\0'; - } - -- poptFreeContext(pc); -- - if (options->runas == NULL && options->runas_file != NULL) { - struct cli_credentials *runas_cred; - const char *user; -@@ -253,9 +251,19 @@ static void parse_args(int argc, const char *argv[], - - options->credentials = samba_cmdline_get_creds(); - -- options->hostname = argv_new[0] + 2; -+ options->hostname = talloc_strdup(mem_ctx, argv_new[0] + 2); -+ if (options->hostname == NULL) { -+ DBG_ERR("Out of memory\n"); -+ exit(1); -+ } - options->port = port; -- options->cmd = argv_new[1]; -+ options->cmd = talloc_strdup(mem_ctx, argv_new[1]); -+ if (options->cmd == NULL) { -+ DBG_ERR("Out of memory\n"); -+ exit(1); -+ } -+ -+ poptFreeContext(pc); - - options->flags = flag_interactive; - if (flag_reinstall) { --- -2.33.1 - diff --git a/SOURCES/samba-4.15.2-smbclient_anonymous.patch b/SOURCES/samba-4.15.2-smbclient_anonymous.patch deleted file mode 100644 index 477ddef..0000000 --- a/SOURCES/samba-4.15.2-smbclient_anonymous.patch +++ /dev/null @@ -1,58 +0,0 @@ -From 61fd63d70578043de9f3bff1c3267c499dbf50a0 Mon Sep 17 00:00:00 2001 -From: Andreas Schneider -Date: Wed, 10 Nov 2021 12:06:51 +0100 -Subject: [PATCH] auth:creds: Guess the username first via getpwuid(my_id) - -If we have a container, we often don't have USER or LOGNAME set. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=14883 - -Tested-by: Anoop C S -Signed-off-by: Andreas Schneider -Reviewed-by: Stefan Metzmacher -(cherry picked from commit c28be4067463e582e378df402f812e510883d606) ---- - auth/credentials/credentials.c | 13 +++++++++++++ - 1 file changed, 13 insertions(+) - -diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c -index 02a3cf3b354..c5a6ba6940c 100644 ---- a/auth/credentials/credentials.c -+++ b/auth/credentials/credentials.c -@@ -30,6 +30,7 @@ - #include "tevent.h" - #include "param/param.h" - #include "system/filesys.h" -+#include "system/passwd.h" - - /** - * Create a new credentials structure -@@ -1159,6 +1160,7 @@ _PUBLIC_ bool cli_credentials_guess(struct cli_credentials *cred, - { - const char *error_string; - const char *env = NULL; -+ struct passwd *pwd = NULL; - bool ok; - - if (lp_ctx != NULL) { -@@ -1168,6 +1170,17 @@ _PUBLIC_ bool cli_credentials_guess(struct cli_credentials *cred, - } - } - -+ pwd = getpwuid(getuid()); -+ if (pwd != NULL) { -+ size_t len = strlen(pwd->pw_name); -+ -+ if (len > 0 && len <= 1024) { -+ (void)cli_credentials_parse_string(cred, -+ pwd->pw_name, -+ CRED_GUESS_ENV); -+ } -+ } -+ - env = getenv("LOGNAME"); - if (env != NULL) { - size_t len = strlen(env); --- -2.33.1 - diff --git a/SOURCES/samba-4.15.2.tar.asc b/SOURCES/samba-4.15.2.tar.asc deleted file mode 100644 index b55faa8..0000000 --- a/SOURCES/samba-4.15.2.tar.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmGJC1MACgkQqplEL7aA -tiCwkhAAgHQFzw/TiURShe+AAw9eE168VXPICTBPNSRRiYH2FBbqG4qSHxG/SSAr -Fq8tMAoGhVuPC+Rjie7wMYoF9R7wd3X+KQ2GzLismbHS6Cn2C1EJ0cX/UJqP+Qpu -vitKHTpczNqEtWbYiMO2NKuLz1pyGl8/i/HErlVmSVFrHUnyLDXkZn1R1+R8b4hg -9Nj27L41ndAqyws24MCKoWNuhkwCN3QLf/n4/b22wZwJyNmiwvJlH5nK0RF4gY1T -Ne09HHNovcBvIgtJCp+ABcSKVQXGj2L47XDLBEXU4AeM+dzbRP0dBOCzs50ZbYQ1 -8JMq7+r/MWSKuiDf1ofW6EYZPcxRsKcFGhpnP7rlMucxNRN358CqTaVW8qmhBRDV -9mglTBX6ie+Jj8fYP7Ak5rc+LYxolfTZmniH+dk7HH4QUdXjL/P3SpSwhwNmxtmc -JCWP4Tszw0tpRwoGRdt3A+I1/YRRCftSL5/Nm8q+ERyW77uVH+IkWdAsjuZUHyod -sT1+YQGoPrBRmESpugqqKQKQ9/CgVL1PZLjfKAgFP2a5/gwTr12rjXXn7uEMShjq -WDduBZRH6873IcVYkV/TVmqd+AfHk31d4B4Djzy7itGqF4XNCpWFlmLj4kApNY99 -IXPfzua5Owjc8LIZssRSmPE0BLa1ElCfPvk6q2IJnpWZ04EdCjo= -=sYeb ------END PGP SIGNATURE----- diff --git a/SOURCES/samba-4.15.3.tar.asc b/SOURCES/samba-4.15.3.tar.asc new file mode 100644 index 0000000..dbc01c2 --- /dev/null +++ b/SOURCES/samba-4.15.3.tar.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmGww0kACgkQqplEL7aA +tiCzMg/+IzBD53oeYFSSt6V9o1ZhD/7bL425n/7Ea2iLaHkOEQWN3AgKV7h1rdSb +tS/Ys3xUf9LB1ZVkXbu17oWj5pG8aWcp6Ky80uXHycZ5X0/fcHegSU5SIyUfLs0F +d3BXvFWkPIy8H9a55wFTpJte2ofRoFqWUG4MAlOq83ummnmrz0W5j6QcufVIRjWq +hGMbg8Vjk+UEtKNO7fl8iSQ0ZRyXCkBR3biDBtMbvtoluaVkixxwwSPqgDoNXgju +ox2EbVfHLSHc+7Tb30uKQq/mf3uhf6ASIrajNVrXotK1fgpCCKnMLb9qRHEftttY +DwYKQvsrHCw9vYg/xyO2NOBr82mxjE6NBLsV1Kp8pdc4vInmAqOCsQpOuZ0SgO6u +sZk4c5AkfH7pZtHeNtlefiGe8/7ApU6UC6kkXT3mnLBtWKMBte9/NR6ZgCLle7tV +aAx6Io9j/rAeueRRgIK98bzxXSufjtFyNmM+Qr7IXnFHtJNM919ib4pr5DzpGwAc ++FMG0LfmU0XiUXcbw/IZ3AOD2DBwZC58ZezO3alUS8eRqNTP13v3Uhg9F78+eyah +Wbohx05Y4MA1ywtMd8z/dZn97nw3bw+z6fLNC//1Sq1qo1fXipaoSQW1LK9IHeVO +cV7cvd2c16p7NN3Op+34QY7Nc7b1uhtTV3v3tiEQYR/uQx+tyz8= +=fu6B +-----END PGP SIGNATURE----- diff --git a/SOURCES/samba-glibc-dns.patch b/SOURCES/samba-glibc-dns.patch new file mode 100644 index 0000000..c01d481 --- /dev/null +++ b/SOURCES/samba-glibc-dns.patch @@ -0,0 +1,64 @@ +From e556b4067e0c4036e20fc26523e3b4d6d5c6be42 Mon Sep 17 00:00:00 2001 +From: Andreas Schneider +Date: Thu, 7 Oct 2021 15:55:37 +0200 +Subject: [PATCH] waf: Fix resolv_wrapper with glibc 2.34 + +With glibc 2.34 we are not able to talk to the DNS server via socket_wrapper +anymore. The res_* symbols have been moved from libresolv to libc. We are not +able to intercept any traffic inside of libc. + +Signed-off-by: Andreas Schneider +Reviewed-by: Andreas Schneider +Reviewed-by: Alexander Bokovoy +--- + selftest/wscript | 2 +- + third_party/resolv_wrapper/wscript | 13 +++++++++++++ + 2 files changed, 14 insertions(+), 1 deletion(-) + +diff --git a/selftest/wscript b/selftest/wscript +index a6be06c2ae9..85d9338489a 100644 +--- a/selftest/wscript ++++ b/selftest/wscript +@@ -252,7 +252,7 @@ def cmd_testonly(opt): + if os.environ.get('USE_NAMESPACES') is None: + env.OPTIONS += " --socket_wrapper_so_path=" + CONFIG_GET(opt, 'LIBSOCKET_WRAPPER_SO_PATH') + +- if Utils.unversioned_sys_platform() in ('netbsd', 'openbsd', 'sunos'): ++ if not CONFIG_SET(opt, 'HAVE_RESOLV_CONF_SUPPORT'): + env.OPTIONS += " --use-dns-faking" + + if CONFIG_GET(opt, 'USING_SYSTEM_KRB5') and CONFIG_GET(opt, 'MIT_KDC_PATH'): +diff --git a/third_party/resolv_wrapper/wscript b/third_party/resolv_wrapper/wscript +index a7f18389b0f..7e369bd90b5 100644 +--- a/third_party/resolv_wrapper/wscript ++++ b/third_party/resolv_wrapper/wscript +@@ -1,6 +1,7 @@ + #!/usr/bin/env python + + import os ++from waflib import Logs + + VERSION="1.1.7" + +@@ -49,6 +50,18 @@ def configure(conf): + if conf.CONFIG_SET('HAVE_RES_NCLOSE'): + conf.DEFINE('HAVE_RES_NCLOSE_IN_LIBRESOLV', 1) + ++ # If we find res_nquery in libc, we can't do resolv.conf redirect ++ conf.CHECK_FUNCS('res_nquery __res_nquery') ++ if (conf.CONFIG_SET('HAVE_RES_NQUERY') ++ or conf.CONFIG_SET('HAVE___RES_NQUERY')): ++ Logs.warn("Detection for resolv_wrapper: " ++ "Only dns faking will be available") ++ else: ++ if conf.CHECK_FUNCS('res_nquery', lib='resolv'): ++ conf.DEFINE('HAVE_RESOLV_CONF_SUPPORT', 1) ++ if conf.CHECK_FUNCS('__res_nquery', lib='resolv'): ++ conf.DEFINE('HAVE_RESOLV_CONF_SUPPORT', 1) ++ + conf.CHECK_FUNCS_IN('res_init __res_init', 'resolv', checklibc=True) + conf.CHECK_FUNCS_IN('res_ninit __res_ninit', 'resolv', checklibc=True) + conf.CHECK_FUNCS_IN('res_close __res_close', 'resolv', checklibc=True) +-- +2.33.1 + diff --git a/SPECS/samba.spec b/SPECS/samba.spec index 15fdcdc..057de27 100644 --- a/SPECS/samba.spec +++ b/SPECS/samba.spec @@ -132,9 +132,9 @@ %define samba_requires_eq() %(LC_ALL="C" echo '%*' | xargs -r rpm -q --qf 'Requires: %%{name} = %%{epoch}:%%{version}\\n' | sed -e 's/ (none):/ /' -e 's/ 0:/ /' | grep -v "is not") -%global baserelease 2 +%global baserelease 0 -%global samba_version 4.15.2 +%global samba_version 4.15.3 %global talloc_version 2.3.3 %global tdb_version 1.4.4 %global tevent_version 0.11.0 @@ -169,7 +169,7 @@ Name: samba Version: %{samba_version} -Release: %{samba_release}%{?dist}.0.1 +Release: %{samba_release}%{?dist} %if 0%{?rhel} Epoch: 0 @@ -203,13 +203,7 @@ Source201: README.downgrade Patch0: samba-s4u.patch Patch1: samba-ctdb-etcd-reclock.patch -Patch2: samba-4.15.1-winexe.patch -Patch3: samba-4.15-fix-winbind-no-trusted-domain.patch -Patch4: samba-4.15-logfile.patch -Patch5: samba-4.15.2-smbclient_anonymous.patch -Patch6: samba-4.15-ipa-dc-schannel.patch -Patch7: samba-4.15-fix-recursive-dir-delete.patch -Patch8: samba-4.15-fix-recursive-dir-delete-symlinks.patch +Patch2: samba-glibc-dns.patch Requires(pre): /usr/sbin/groupadd Requires(post): systemd @@ -613,6 +607,7 @@ Samba VFS module for Ceph distributed storage system integration. Summary: Samba VFS module for io_uring Requires: %{name} = %{samba_depver} Requires: %{name}-libs = %{samba_depver} +Requires: %{name}-client-libs = %{samba_depver} Provides: bundled(libreplace) @@ -949,6 +944,7 @@ necessary to communicate to the Winbind Daemon Summary: Samba Winexe Windows Binary License: GPLv3 Requires: %{name}-client-libs = %{samba_depver} +Requires: %{name}-common-libs = %{samba_depver} Provides: bundled(libreplace) @@ -1796,7 +1792,6 @@ fi %{_libdir}/samba/libdbwrap-samba4.so %{_libdir}/samba/libdcerpc-pkt-auth-samba4.so %{_libdir}/samba/libdcerpc-samba-samba4.so -%{_libdir}/samba/libdcerpc-pkt-auth-samba4.so %{_libdir}/samba/libevents-samba4.so %{_libdir}/samba/libflag-mapping-samba4.so %{_libdir}/samba/libgenrand-samba4.so @@ -2937,6 +2932,7 @@ fi %{python3_sitearch}/samba/tests/krb5/__pycache__/spn_tests.*.pyc %{python3_sitearch}/samba/tests/krb5/__pycache__/s4u_tests.*.pyc %{python3_sitearch}/samba/tests/krb5/__pycache__/test_ccache.*.pyc +%{python3_sitearch}/samba/tests/krb5/__pycache__/test_idmap_nss.*.pyc %{python3_sitearch}/samba/tests/krb5/__pycache__/test_ldap.*.pyc %{python3_sitearch}/samba/tests/krb5/__pycache__/test_min_domain_uid.*.pyc %{python3_sitearch}/samba/tests/krb5/__pycache__/test_rpc.*.pyc @@ -2960,6 +2956,7 @@ fi %{python3_sitearch}/samba/tests/krb5/simple_tests.py %{python3_sitearch}/samba/tests/krb5/spn_tests.py %{python3_sitearch}/samba/tests/krb5/test_ccache.py +%{python3_sitearch}/samba/tests/krb5/test_idmap_nss.py %{python3_sitearch}/samba/tests/krb5/test_ldap.py %{python3_sitearch}/samba/tests/krb5/test_min_domain_uid.py %{python3_sitearch}/samba/tests/krb5/test_rpc.py