diff --git a/.gitignore b/.gitignore
index 0db09e0..4dcddf1 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,2 @@
-SOURCES/samba-4.14.5.tar.xz
+SOURCES/samba-4.15.2.tar.xz
SOURCES/samba-pubkey_AA99442FB680B620.gpg
diff --git a/.samba.metadata b/.samba.metadata
index 707bb47..12ae262 100644
--- a/.samba.metadata
+++ b/.samba.metadata
@@ -1,2 +1,2 @@
-46925b3ed9f63b1b936f2271253fdccccbf1575f SOURCES/samba-4.14.5.tar.xz
+4ab5db6dd0103af6dce93c5931729849774aa45e SOURCES/samba-4.15.2.tar.xz
971f563c447eda8d144d6c9e743cd0f0488c0d9e SOURCES/samba-pubkey_AA99442FB680B620.gpg
diff --git a/SOURCES/samba-4.14.5.tar.asc b/SOURCES/samba-4.14.5.tar.asc
deleted file mode 100644
index 24e5294..0000000
--- a/SOURCES/samba-4.14.5.tar.asc
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmC14EsACgkQqplEL7aA
-tiDWUA//b0Dj/dJozZY/Q6OI9UjPNL9nvPGqpKF0Sl2sW5jO1KWdcq1OZk+H6eO5
-gaX9nuH8Qo/IMxVRIPZVW6lXwsLzSdAOhwPAV02D/feSNfuld078v5yN1My2x6gH
-tmfEVXZJjNkObhLDz0Wgq3mxxKvwxSM4+q2SI9p2/Yk32+oT1l/EWT3WZRNa/I1x
-MF8nr8p5BktPw7tQoITG/JhkWudfkPpvVA3LJYl+F0rjubMA3C3btvDNquPaNXQ0
-Jr0nOt8+OKpsrtBb6ED0su7CWqbHHjc7lTKLepruqnHzllk5/Tcsu6APVRb8qjim
-B2ElieWYJKQ7vBchjuSw/3ufqOsJdvckO4znGM1bUFDnCV0DDOXPE/U5QmjcoQqE
-kJ36m53WnGCHR3JbL+rSjrB1m0ip8tViNraV+Ch2sXNlNvKYPNNo3cgX62nnDWJz
-aLlncx0W1LpZ8mhYVv0AvdoVKBDygzxheye8Fssz3Wz5RDzZ6Vm0AoJwBm+G8v1k
-u0MXMyvBv1KLpBLL27PJm2m7r6KIDB0v9PuLK5iF107omkSWfY/lMLQR2UFph8oH
-uCwV5PiEy/ecBhBfo3KzUG5yJLBBayYB2vGcXJh4yRpAByppFbpo3csr6UZSEsU8
-iImmN97Tg3QVd/FTn9qRiQ15NxzWC0XCE1glY87KqqC5kl5Lk9Y=
-=i6jp
------END PGP SIGNATURE-----
diff --git a/SOURCES/samba-4.15-fix-winbind-no-trusted-domain.patch b/SOURCES/samba-4.15-fix-winbind-no-trusted-domain.patch
new file mode 100644
index 0000000..4924872
--- /dev/null
+++ b/SOURCES/samba-4.15-fix-winbind-no-trusted-domain.patch
@@ -0,0 +1,41 @@
+From 2edaf32b4204b9fe363c441c25b6989fe76911a4 Mon Sep 17 00:00:00 2001
+From: Stefan Metzmacher <metze@samba.org>
+Date: Tue, 9 Nov 2021 20:50:20 +0100
+Subject: [PATCH] s3:winbindd: fix "allow trusted domains = no" regression
+
+add_trusted_domain() should only reject domains
+based on is_allowed_domain(), which now also
+checks "allow trusted domains = no", if we don't
+have an explicit trust to the domain (SEC_CHAN_NULL).
+
+We use at least SEC_CHAN_LOCAL for local domains like
+BUILTIN.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=14899
+
+Signed-off-by: Stefan Metzmacher <metze@samba.org>
+
+Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
+Autobuild-Date(master): Wed Nov 10 11:21:31 UTC 2021 on sn-devel-184
+
+(cherry picked from commit a7f6c60cb037b4bc9eee276236539b8282213935)
+---
+ source3/winbindd/winbindd_util.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c
+index 42ddbfd2f44..9d54e462c42 100644
+--- a/source3/winbindd/winbindd_util.c
++++ b/source3/winbindd/winbindd_util.c
+@@ -134,7 +134,7 @@ static NTSTATUS add_trusted_domain(const char *domain_name,
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+- if (!is_allowed_domain(domain_name)) {
++ if (secure_channel_type == SEC_CHAN_NULL && !is_allowed_domain(domain_name)) {
+ return NT_STATUS_NO_SUCH_DOMAIN;
+ }
+
+--
+2.33.1
+
diff --git a/SOURCES/samba-4.15-ipa-dc-schannel.patch b/SOURCES/samba-4.15-ipa-dc-schannel.patch
new file mode 100644
index 0000000..d315a5d
--- /dev/null
+++ b/SOURCES/samba-4.15-ipa-dc-schannel.patch
@@ -0,0 +1,45 @@
+From 3fc4d1d3998f3956a84c855cb60a9dcb335e1f59 Mon Sep 17 00:00:00 2001
+From: Alexander Bokovoy <ab@samba.org>
+Date: Fri, 12 Nov 2021 19:06:01 +0200
+Subject: [PATCH] IPA DC: add missing checks
+
+When introducing FreeIPA support, two places were forgotten:
+
+ - schannel gensec module needs to be aware of IPA DC
+ - _lsa_QueryInfoPolicy should treat IPA DC as PDC
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=14903
+
+Signed-off-by: Alexander Bokovoy <ab@samba.org>
+---
+ auth/gensec/schannel.c | 1 +
+ source3/rpc_server/lsa/srv_lsa_nt.c | 1 +
+ 2 files changed, 2 insertions(+)
+
+diff --git a/auth/gensec/schannel.c b/auth/gensec/schannel.c
+index 0cdae141ead..6ebbe8f3179 100644
+--- a/auth/gensec/schannel.c
++++ b/auth/gensec/schannel.c
+@@ -1080,6 +1080,7 @@ static NTSTATUS schannel_server_start(struct gensec_security *gensec_security)
+ case ROLE_DOMAIN_BDC:
+ case ROLE_DOMAIN_PDC:
+ case ROLE_ACTIVE_DIRECTORY_DC:
++ case ROLE_IPA_DC:
+ return NT_STATUS_OK;
+ default:
+ return NT_STATUS_NOT_IMPLEMENTED;
+diff --git a/source3/rpc_server/lsa/srv_lsa_nt.c b/source3/rpc_server/lsa/srv_lsa_nt.c
+index 8d71b5252ab..ea92a22cbc9 100644
+--- a/source3/rpc_server/lsa/srv_lsa_nt.c
++++ b/source3/rpc_server/lsa/srv_lsa_nt.c
+@@ -683,6 +683,7 @@ NTSTATUS _lsa_QueryInfoPolicy(struct pipes_struct *p,
+ switch (lp_server_role()) {
+ case ROLE_DOMAIN_PDC:
+ case ROLE_DOMAIN_BDC:
++ case ROLE_IPA_DC:
+ name = get_global_sam_name();
+ sid = dom_sid_dup(p->mem_ctx, get_global_sam_sid());
+ if (!sid) {
+--
+2.33.1
+
diff --git a/SOURCES/samba-4.15-logfile.patch b/SOURCES/samba-4.15-logfile.patch
new file mode 100644
index 0000000..6300639
--- /dev/null
+++ b/SOURCES/samba-4.15-logfile.patch
@@ -0,0 +1,981 @@
+From 96d6bd4feb27b9b003aac44ef2ab7ef0a288272d Mon Sep 17 00:00:00 2001
+From: Ralph Boehme <slow@samba.org>
+Date: Wed, 10 Nov 2021 20:18:07 +0100
+Subject: [PATCH 1/8] source3: move lib/substitute.c functions out of proto.h
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=14897
+
+Signed-off-by: Ralph Boehme <slow@samba.org>
+---
+ source3/auth/auth_generic.c | 1 +
+ source3/auth/auth_ntlmssp.c | 1 +
+ source3/auth/auth_util.c | 1 +
+ source3/include/proto.h | 33 -----------
+ source3/lib/substitute.c | 1 +
+ source3/lib/substitute.h | 63 +++++++++++++++++++++
+ source3/modules/vfs_expand_msdfs.c | 1 +
+ source3/modules/vfs_full_audit.c | 1 +
+ source3/modules/vfs_recycle.c | 1 +
+ source3/modules/vfs_unityed_media.c | 1 +
+ source3/modules/vfs_virusfilter_utils.c | 1 +
+ source3/nmbd/nmbd.c | 1 +
+ source3/nmbd/nmbd_synclists.c | 1 +
+ source3/param/loadparm.c | 1 +
+ source3/passdb/passdb.c | 1 +
+ source3/passdb/pdb_ldap.c | 1 +
+ source3/printing/print_generic.c | 1 +
+ source3/printing/printing.c | 1 +
+ source3/rpc_server/lsa/srv_lsa_nt.c | 1 +
+ source3/rpc_server/netlogon/srv_netlog_nt.c | 1 +
+ source3/rpc_server/srvsvc/srv_srvsvc_nt.c | 1 +
+ source3/smbd/ipc.c | 1 +
+ source3/smbd/lanman.c | 1 +
+ source3/smbd/message.c | 1 +
+ source3/smbd/msdfs.c | 1 +
+ source3/smbd/process.c | 1 +
+ source3/smbd/reply.c | 1 +
+ source3/smbd/server.c | 1 +
+ source3/smbd/service.c | 1 +
+ source3/smbd/sesssetup.c | 1 +
+ source3/smbd/share_access.c | 1 +
+ source3/smbd/smb2_server.c | 1 +
+ source3/smbd/smb2_sesssetup.c | 1 +
+ source3/smbd/trans2.c | 1 +
+ source3/smbd/uid.c | 1 +
+ source3/torture/torture.c | 1 +
+ source3/utils/net_sam.c | 1 +
+ source3/winbindd/wb_getpwsid.c | 1 +
+ source3/winbindd/winbindd.c | 1 +
+ 39 files changed, 100 insertions(+), 33 deletions(-)
+ create mode 100644 source3/lib/substitute.h
+
+diff --git a/source3/auth/auth_generic.c b/source3/auth/auth_generic.c
+index fc7a7549e8e..ff51307e43a 100644
+--- a/source3/auth/auth_generic.c
++++ b/source3/auth/auth_generic.c
+@@ -36,6 +36,7 @@
+ #include "auth/credentials/credentials.h"
+ #include "lib/param/loadparm.h"
+ #include "librpc/gen_ndr/dcerpc.h"
++#include "source3/lib/substitute.h"
+
+ static NTSTATUS auth3_generate_session_info_pac(struct auth4_context *auth_ctx,
+ TALLOC_CTX *mem_ctx,
+diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c
+index 676aa9d892c..f2deca09aa6 100644
+--- a/source3/auth/auth_ntlmssp.c
++++ b/source3/auth/auth_ntlmssp.c
+@@ -25,6 +25,7 @@
+ #include "auth.h"
+ #include "libcli/security/security.h"
+ #include "lib/util/tevent_ntstatus.h"
++#include "source3/lib/substitute.h"
+
+ NTSTATUS auth3_generate_session_info(struct auth4_context *auth_context,
+ TALLOC_CTX *mem_ctx,
+diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
+index dec854d85c3..4527dedc49d 100644
+--- a/source3/auth/auth_util.c
++++ b/source3/auth/auth_util.c
+@@ -38,6 +38,7 @@
+ #include "rpc_client/util_netlogon.h"
+ #include "source4/auth/auth.h"
+ #include "auth/auth_util.h"
++#include "source3/lib/substitute.h"
+
+ #undef DBGC_CLASS
+ #define DBGC_CLASS DBGC_AUTH
+diff --git a/source3/include/proto.h b/source3/include/proto.h
+index eb45179aebb..a96c2c8d110 100644
+--- a/source3/include/proto.h
++++ b/source3/include/proto.h
+@@ -139,39 +139,6 @@ int smbrun_no_sanitize(const char *cmd, int *outfd, char * const *env);
+ int smbrun(const char *cmd, int *outfd, char * const *env);
+ int smbrunsecret(const char *cmd, const char *secret);
+
+-/* The following definitions come from lib/substitute.c */
+-
+-bool set_local_machine_name(const char *local_name, bool perm);
+-const char *get_local_machine_name(void);
+-bool set_remote_machine_name(const char *remote_name, bool perm);
+-const char *get_remote_machine_name(void);
+-void sub_set_smb_name(const char *name);
+-void set_current_user_info(const char *smb_name, const char *unix_name,
+- const char *domain);
+-void sub_set_socket_ids(const char *peeraddr, const char *peername,
+- const char *sockaddr);
+-const char *get_current_username(void);
+-void standard_sub_basic(const char *smb_name, const char *domain_name,
+- char *str, size_t len);
+-char *talloc_sub_basic(TALLOC_CTX *mem_ctx, const char *smb_name,
+- const char *domain_name, const char *str);
+-char *talloc_sub_specified(TALLOC_CTX *mem_ctx,
+- const char *input_string,
+- const char *username,
+- const char *grpname,
+- const char *domain,
+- uid_t uid,
+- gid_t gid);
+-char *talloc_sub_advanced(TALLOC_CTX *mem_ctx,
+- const char *servicename, const char *user,
+- const char *connectpath, gid_t gid,
+- const char *str);
+-char *talloc_sub_full(TALLOC_CTX *mem_ctx,
+- const char *servicename, const char *user,
+- const char *connectpath, gid_t gid,
+- const char *smb_name, const char *domain_name,
+- const char *str);
+-
+ /* The following definitions come from lib/sysquotas.c */
+
+ int sys_get_quota(const char *path, enum SMB_QUOTA_TYPE qtype, unid_t id, SMB_DISK_QUOTA *dp);
+diff --git a/source3/lib/substitute.c b/source3/lib/substitute.c
+index b98a0acf1cb..a941b89f82a 100644
+--- a/source3/lib/substitute.c
++++ b/source3/lib/substitute.c
+@@ -20,6 +20,7 @@
+
+
+ #include "includes.h"
++#include "substitute.h"
+ #include "system/passwd.h"
+ #include "secrets.h"
+ #include "auth.h"
+diff --git a/source3/lib/substitute.h b/source3/lib/substitute.h
+new file mode 100644
+index 00000000000..2056d163dd7
+--- /dev/null
++++ b/source3/lib/substitute.h
+@@ -0,0 +1,63 @@
++/*
++ Unix SMB/CIFS implementation.
++ string substitution functions
++ Copyright (C) Andrew Tridgell 1992-2000
++ Copyright (C) Gerald Carter 2006
++
++ This program is free software; you can redistribute it and/or modify
++ it under the terms of the GNU General Public License as published by
++ the Free Software Foundation; either version 3 of the License, or
++ (at your option) any later version.
++
++ This program is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++ GNU General Public License for more details.
++
++ You should have received a copy of the GNU General Public License
++ along with this program. If not, see <http://www.gnu.org/licenses/>.
++*/
++
++#ifndef SUBSTITUTE_H
++#define SUBSTITUTE_H
++
++bool set_local_machine_name(const char *local_name, bool perm);
++const char *get_local_machine_name(void);
++bool set_remote_machine_name(const char *remote_name, bool perm);
++const char *get_remote_machine_name(void);
++void sub_set_socket_ids(const char *peeraddr, const char *peername,
++ const char *sockaddr);
++void set_current_user_info(const char *smb_name,
++ const char *unix_name,
++ const char *domain);
++const char *get_current_username(void);
++void standard_sub_basic(const char *smb_name,
++ const char *domain_name,
++ char *str,
++ size_t len);
++char *talloc_sub_basic(TALLOC_CTX *mem_ctx,
++ const char *smb_name,
++ const char *domain_name,
++ const char *str);
++char *talloc_sub_specified(TALLOC_CTX *mem_ctx,
++ const char *input_string,
++ const char *username,
++ const char *grpname,
++ const char *domain,
++ uid_t uid,
++ gid_t gid);
++char *talloc_sub_advanced(TALLOC_CTX *ctx,
++ const char *servicename,
++ const char *user,
++ const char *connectpath,
++ gid_t gid,
++ const char *str);
++char *talloc_sub_full(TALLOC_CTX *ctx,
++ const char *servicename,
++ const char *user,
++ const char *connectpath,
++ gid_t gid,
++ const char *smb_name,
++ const char *domain_name,
++ const char *str);
++#endif
+diff --git a/source3/modules/vfs_expand_msdfs.c b/source3/modules/vfs_expand_msdfs.c
+index 34e7051dca5..fe3c6f47462 100644
+--- a/source3/modules/vfs_expand_msdfs.c
++++ b/source3/modules/vfs_expand_msdfs.c
+@@ -25,6 +25,7 @@
+ #include "auth.h"
+ #include "../lib/tsocket/tsocket.h"
+ #include "msdfs.h"
++#include "source3/lib/substitute.h"
+
+ #undef DBGC_CLASS
+ #define DBGC_CLASS DBGC_VFS
+diff --git a/source3/modules/vfs_full_audit.c b/source3/modules/vfs_full_audit.c
+index ceda99d4568..c8dbc8c07bb 100644
+--- a/source3/modules/vfs_full_audit.c
++++ b/source3/modules/vfs_full_audit.c
+@@ -73,6 +73,7 @@
+ #include "passdb/machine_sid.h"
+ #include "lib/util/tevent_ntstatus.h"
+ #include "lib/util/string_wrappers.h"
++#include "source3/lib/substitute.h"
+
+ static int vfs_full_audit_debug_level = DBGC_VFS;
+
+diff --git a/source3/modules/vfs_recycle.c b/source3/modules/vfs_recycle.c
+index 1c18f232c32..7cbc938a57c 100644
+--- a/source3/modules/vfs_recycle.c
++++ b/source3/modules/vfs_recycle.c
+@@ -27,6 +27,7 @@
+ #include "system/filesys.h"
+ #include "../librpc/gen_ndr/ndr_netlogon.h"
+ #include "auth.h"
++#include "source3/lib/substitute.h"
+
+ #define ALLOC_CHECK(ptr, label) do { if ((ptr) == NULL) { DEBUG(0, ("recycle.bin: out of memory!\n")); errno = ENOMEM; goto label; } } while(0)
+
+diff --git a/source3/modules/vfs_unityed_media.c b/source3/modules/vfs_unityed_media.c
+index 62a1456b996..fbd4d968172 100644
+--- a/source3/modules/vfs_unityed_media.c
++++ b/source3/modules/vfs_unityed_media.c
+@@ -62,6 +62,7 @@
+ #include "../lib/tsocket/tsocket.h"
+ #include "lib/util/smb_strtox.h"
+ #include <libgen.h>
++#include "source3/lib/substitute.h"
+
+ #define UM_PARAM_TYPE_NAME "unityed_media"
+
+diff --git a/source3/modules/vfs_virusfilter_utils.c b/source3/modules/vfs_virusfilter_utils.c
+index c7f8089ffc7..b8b44eb203b 100644
+--- a/source3/modules/vfs_virusfilter_utils.c
++++ b/source3/modules/vfs_virusfilter_utils.c
+@@ -25,6 +25,7 @@ struct iovec;
+ #include "lib/util/iov_buf.h"
+ #include <tevent.h>
+ #include "lib/tsocket/tsocket.h"
++#include "source3/lib/substitute.h"
+
+ int virusfilter_debug_class = DBGC_VFS;
+
+diff --git a/source3/nmbd/nmbd.c b/source3/nmbd/nmbd.c
+index 44121e9915c..7470897587e 100644
+--- a/source3/nmbd/nmbd.c
++++ b/source3/nmbd/nmbd.c
+@@ -29,6 +29,7 @@
+ #include "util_cluster.h"
+ #include "lib/gencache.h"
+ #include "lib/global_contexts.h"
++#include "source3/lib/substitute.h"
+
+ int ClientNMB = -1;
+ int ClientDGRAM = -1;
+diff --git a/source3/nmbd/nmbd_synclists.c b/source3/nmbd/nmbd_synclists.c
+index a65cbb87e0e..d291927fbc8 100644
+--- a/source3/nmbd/nmbd_synclists.c
++++ b/source3/nmbd/nmbd_synclists.c
+@@ -33,6 +33,7 @@
+ #include "libsmb/clirap.h"
+ #include "../libcli/smb/smbXcli_base.h"
+ #include "lib/util/string_wrappers.h"
++#include "source3/lib/substitute.h"
+
+ struct sync_record {
+ struct sync_record *next, *prev;
+diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
+index f54c08cc4a5..b56fd20e410 100644
+--- a/source3/param/loadparm.c
++++ b/source3/param/loadparm.c
+@@ -76,6 +76,7 @@
+ #include "lib/crypto/gnutls_helpers.h"
+ #include "lib/util/string_wrappers.h"
+ #include "auth/credentials/credentials.h"
++#include "source3/lib/substitute.h"
+
+ #ifdef HAVE_SYS_SYSCTL_H
+ #include <sys/sysctl.h>
+diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
+index 068c5a5ea70..863f260ea90 100644
+--- a/source3/passdb/passdb.c
++++ b/source3/passdb/passdb.c
+@@ -33,6 +33,7 @@
+ #include "auth/credentials/credentials.h"
+ #include "lib/param/param.h"
+ #include "lib/util/string_wrappers.h"
++#include "source3/lib/substitute.h"
+
+ #undef DBGC_CLASS
+ #define DBGC_CLASS DBGC_PASSDB
+diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
+index e6d8a84c60f..93da28b1941 100644
+--- a/source3/passdb/pdb_ldap.c
++++ b/source3/passdb/pdb_ldap.c
+@@ -56,6 +56,7 @@
+ #include "lib/util_sid_passdb.h"
+ #include "lib/util/smb_strtox.h"
+ #include "lib/util/string_wrappers.h"
++#include "source3/lib/substitute.h"
+
+ #undef DBGC_CLASS
+ #define DBGC_CLASS DBGC_PASSDB
+diff --git a/source3/printing/print_generic.c b/source3/printing/print_generic.c
+index 743c311bbd5..8798a4cf34a 100644
+--- a/source3/printing/print_generic.c
++++ b/source3/printing/print_generic.c
+@@ -20,6 +20,7 @@
+ #include "includes.h"
+ #include "printing.h"
+ #include "smbd/proto.h"
++#include "source3/lib/substitute.h"
+
+ extern userdom_struct current_user_info;
+
+diff --git a/source3/printing/printing.c b/source3/printing/printing.c
+index 499334df03f..67d798fbb21 100644
+--- a/source3/printing/printing.c
++++ b/source3/printing/printing.c
+@@ -40,6 +40,7 @@
+ #include "lib/util/string_wrappers.h"
+ #include "lib/global_contexts.h"
+ #include "source3/printing/rap_jobid.h"
++#include "source3/lib/substitute.h"
+
+ extern userdom_struct current_user_info;
+
+diff --git a/source3/rpc_server/lsa/srv_lsa_nt.c b/source3/rpc_server/lsa/srv_lsa_nt.c
+index d6d606ddeca..57f981cb358 100644
+--- a/source3/rpc_server/lsa/srv_lsa_nt.c
++++ b/source3/rpc_server/lsa/srv_lsa_nt.c
+@@ -53,6 +53,7 @@
+ #include "librpc/rpc/dcesrv_core.h"
+ #include "librpc/rpc/dcerpc_helper.h"
+ #include "lib/param/loadparm.h"
++#include "source3/lib/substitute.h"
+
+ #include "lib/crypto/gnutls_helpers.h"
+ #include <gnutls/gnutls.h>
+diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c
+index eaacd8dbc6a..2906fa3f30f 100644
+--- a/source3/rpc_server/netlogon/srv_netlog_nt.c
++++ b/source3/rpc_server/netlogon/srv_netlog_nt.c
+@@ -49,6 +49,7 @@
+ #include "lib/param/param.h"
+ #include "libsmb/dsgetdcname.h"
+ #include "lib/util/util_str_escape.h"
++#include "source3/lib/substitute.h"
+
+ extern userdom_struct current_user_info;
+
+diff --git a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
+index 8576e9d2ce2..fc27a459634 100644
+--- a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
++++ b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
+@@ -42,6 +42,7 @@
+ #include "messages.h"
+ #include "serverid.h"
+ #include "lib/global_contexts.h"
++#include "source3/lib/substitute.h"
+
+ extern const struct generic_mapping file_generic_mapping;
+
+diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c
+index f1c8ea0c2ed..cf3b7c91c22 100644
+--- a/source3/smbd/ipc.c
++++ b/source3/smbd/ipc.c
+@@ -29,6 +29,7 @@
+ #include "smbd/globals.h"
+ #include "smbprofile.h"
+ #include "rpc_server/srv_pipe_hnd.h"
++#include "source3/lib/substitute.h"
+
+ #define NERR_notsupported 50
+
+diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c
+index 9194113e768..eb8148753b9 100644
+--- a/source3/smbd/lanman.c
++++ b/source3/smbd/lanman.c
+@@ -45,6 +45,7 @@
+ #include "rpc_server/rpc_ncacn_np.h"
+ #include "lib/util/string_wrappers.h"
+ #include "source3/printing/rap_jobid.h"
++#include "source3/lib/substitute.h"
+
+ #ifdef CHECK_TYPES
+ #undef CHECK_TYPES
+diff --git a/source3/smbd/message.c b/source3/smbd/message.c
+index b9728946889..7185bec1289 100644
+--- a/source3/smbd/message.c
++++ b/source3/smbd/message.c
+@@ -27,6 +27,7 @@
+ #include "smbd/smbd.h"
+ #include "smbd/globals.h"
+ #include "smbprofile.h"
++#include "source3/lib/substitute.h"
+
+ extern userdom_struct current_user_info;
+
+diff --git a/source3/smbd/msdfs.c b/source3/smbd/msdfs.c
+index 995ed815d90..fd002e98071 100644
+--- a/source3/smbd/msdfs.c
++++ b/source3/smbd/msdfs.c
+@@ -34,6 +34,7 @@
+ #include "librpc/gen_ndr/ndr_dfsblobs.h"
+ #include "lib/tsocket/tsocket.h"
+ #include "lib/global_contexts.h"
++#include "source3/lib/substitute.h"
+
+ /**********************************************************************
+ Parse a DFS pathname of the form \hostname\service\reqpath
+diff --git a/source3/smbd/process.c b/source3/smbd/process.c
+index 03409742752..5015c143a04 100644
+--- a/source3/smbd/process.c
++++ b/source3/smbd/process.c
+@@ -46,6 +46,7 @@
+ #include "libcli/smb/smbXcli_base.h"
+ #include "lib/util/time_basic.h"
+ #include "smb1_utils.h"
++#include "source3/lib/substitute.h"
+
+ /* Internal message queue for deferred opens. */
+ struct pending_message_list {
+diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
+index 042e7f2329e..f85d1122a07 100644
+--- a/source3/smbd/reply.c
++++ b/source3/smbd/reply.c
+@@ -50,6 +50,7 @@
+ #include "libcli/smb/smb2_posix.h"
+ #include "lib/util/string_wrappers.h"
+ #include "source3/printing/rap_jobid.h"
++#include "source3/lib/substitute.h"
+
+ /****************************************************************************
+ Ensure we check the path in *exactly* the same way as W2K for a findfirst/findnext
+diff --git a/source3/smbd/server.c b/source3/smbd/server.c
+index d7f5b4b73c0..d02ff1bd883 100644
+--- a/source3/smbd/server.c
++++ b/source3/smbd/server.c
+@@ -60,6 +60,7 @@
+ #include "rpc_server/fssd.h"
+ #include "rpc_server/mdssd.h"
+ #include "lib/global_contexts.h"
++#include "source3/lib/substitute.h"
+
+ #ifdef CLUSTER_SUPPORT
+ #include "ctdb_protocol.h"
+diff --git a/source3/smbd/service.c b/source3/smbd/service.c
+index afdea38b016..ef7c14d92d0 100644
+--- a/source3/smbd/service.c
++++ b/source3/smbd/service.c
+@@ -34,6 +34,7 @@
+ #include "lib/afs/afs_funcs.h"
+ #include "lib/util_path.h"
+ #include "lib/util/string_wrappers.h"
++#include "source3/lib/substitute.h"
+
+ bool canonicalize_connect_path(connection_struct *conn)
+ {
+diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
+index 2bd527ce80e..1705b8920b6 100644
+--- a/source3/smbd/sesssetup.c
++++ b/source3/smbd/sesssetup.c
+@@ -34,6 +34,7 @@
+ #include "auth/gensec/gensec.h"
+ #include "../libcli/smb/smb_signing.h"
+ #include "lib/util/string_wrappers.h"
++#include "source3/lib/substitute.h"
+
+ /****************************************************************************
+ Add the standard 'Samba' signature to the end of the session setup.
+diff --git a/source3/smbd/share_access.c b/source3/smbd/share_access.c
+index debe4fc6385..c44c4bd8c69 100644
+--- a/source3/smbd/share_access.c
++++ b/source3/smbd/share_access.c
+@@ -23,6 +23,7 @@
+ #include "../libcli/security/security.h"
+ #include "passdb/lookup_sid.h"
+ #include "auth.h"
++#include "source3/lib/substitute.h"
+
+ /*
+ * We dropped NIS support in 2021, but need to keep configs working.
+diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c
+index f359db0729d..f6b376e5a07 100644
+--- a/source3/smbd/smb2_server.c
++++ b/source3/smbd/smb2_server.c
+@@ -33,6 +33,7 @@
+ #include "lib/util/iov_buf.h"
+ #include "auth.h"
+ #include "libcli/smb/smbXcli_base.h"
++#include "source3/lib/substitute.h"
+
+ #if defined(LINUX)
+ /* SIOCOUTQ TIOCOUTQ are the same */
+diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
+index 38049e8535f..14b806bc007 100644
+--- a/source3/smbd/smb2_sesssetup.c
++++ b/source3/smbd/smb2_sesssetup.c
+@@ -28,6 +28,7 @@
+ #include "../lib/tsocket/tsocket.h"
+ #include "../libcli/security/security.h"
+ #include "../lib/util/tevent_ntstatus.h"
++#include "source3/lib/substitute.h"
+
+ #include "lib/crypto/gnutls_helpers.h"
+ #include <gnutls/gnutls.h>
+diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
+index cd6b61429c5..a86ac3228e3 100644
+--- a/source3/smbd/trans2.c
++++ b/source3/smbd/trans2.c
+@@ -45,6 +45,7 @@
+ #include "smb1_utils.h"
+ #include "libcli/smb/smb2_posix.h"
+ #include "lib/util/string_wrappers.h"
++#include "source3/lib/substitute.h"
+
+ #define DIR_ENTRY_SAFETY_MARGIN 4096
+
+diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c
+index b0d7f21c200..52918c4f181 100644
+--- a/source3/smbd/uid.c
++++ b/source3/smbd/uid.c
+@@ -26,6 +26,7 @@
+ #include "passdb/lookup_sid.h"
+ #include "auth.h"
+ #include "../auth/auth_util.h"
++#include "source3/lib/substitute.h"
+
+ /* what user is current? */
+ extern struct current_user current_user;
+diff --git a/source3/torture/torture.c b/source3/torture/torture.c
+index 79a9c65073c..d3e0e3cf095 100644
+--- a/source3/torture/torture.c
++++ b/source3/torture/torture.c
+@@ -51,6 +51,7 @@
+ #include "lib/param/param.h"
+ #include "auth/gensec/gensec.h"
+ #include "lib/util/string_wrappers.h"
++#include "source3/lib/substitute.h"
+
+ #include <gnutls/gnutls.h>
+ #include <gnutls/crypto.h>
+diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c
+index 6a2c6c861f9..17cc47b2ddd 100644
+--- a/source3/utils/net_sam.c
++++ b/source3/utils/net_sam.c
+@@ -33,6 +33,7 @@
+ #include "idmap.h"
+ #include "lib/util/smb_strtox.h"
+ #include "lib/util/string_wrappers.h"
++#include "source3/lib/substitute.h"
+
+ /*
+ * Set a user's data
+diff --git a/source3/winbindd/wb_getpwsid.c b/source3/winbindd/wb_getpwsid.c
+index fb0351ec201..7f168bdda7a 100644
+--- a/source3/winbindd/wb_getpwsid.c
++++ b/source3/winbindd/wb_getpwsid.c
+@@ -22,6 +22,7 @@
+ #include "librpc/gen_ndr/ndr_winbind_c.h"
+ #include "../libcli/security/security.h"
+ #include "lib/util/string_wrappers.h"
++#include "source3/lib/substitute.h"
+
+ struct wb_getpwsid_state {
+ struct tevent_context *ev;
+diff --git a/source3/winbindd/winbindd.c b/source3/winbindd/winbindd.c
+index 25d8b723010..290454619a4 100644
+--- a/source3/winbindd/winbindd.c
++++ b/source3/winbindd/winbindd.c
+@@ -51,6 +51,7 @@
+ #include "lib/gencache.h"
+ #include "rpc_server/rpc_config.h"
+ #include "lib/global_contexts.h"
++#include "source3/lib/substitute.h"
+
+ #undef DBGC_CLASS
+ #define DBGC_CLASS DBGC_WINBIND
+--
+2.33.1
+
+
+From 1184733a1628c1187a215956195ca806419db16d Mon Sep 17 00:00:00 2001
+From: Ralph Boehme <slow@samba.org>
+Date: Thu, 11 Nov 2021 05:23:09 +0100
+Subject: [PATCH 2/8] samba-bgqd: fix startup and logging
+
+Let samba-bgqd use the new POPT_COMMON_DAEMON infrastructure.
+
+The calls to setup_logging() can safely be removed as this is already taken care
+of by samba_cmdline_init().
+
+To avoid a logfile basename of ".log" when using "%m", we add a call to
+set_remote_machine_name().
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=14897
+
+Signed-off-by: Ralph Boehme <slow@samba.org>
+---
+ source3/printing/samba-bgqd.c | 35 ++++++++++-------------------------
+ 1 file changed, 10 insertions(+), 25 deletions(-)
+
+diff --git a/source3/printing/samba-bgqd.c b/source3/printing/samba-bgqd.c
+index 8ac6ec525b2..2cd6a8e007a 100644
+--- a/source3/printing/samba-bgqd.c
++++ b/source3/printing/samba-bgqd.c
+@@ -40,6 +40,7 @@
+ #include "source3/lib/util_procid.h"
+ #include "source3/auth/proto.h"
+ #include "source3/printing/queue_process.h"
++#include "source3/lib/substitute.h"
+
+ static void watch_handler(struct tevent_req *req)
+ {
+@@ -235,6 +236,7 @@ static int closeall_except_fd_params(
+
+ int main(int argc, const char *argv[])
+ {
++ struct samba_cmdline_daemon_cfg *cmdline_daemon_cfg = NULL;
+ const struct loadparm_substitution *lp_sub =
+ loadparm_s3_global_substitution();
+ const char *progname = getprogname();
+@@ -245,8 +247,6 @@ int main(int argc, const char *argv[])
+ struct tevent_req *watch_req = NULL;
+ struct tevent_signal *sigterm_handler = NULL;
+ struct bq_state *bq = NULL;
+- int foreground = 0;
+- int no_process_group = 0;
+ int log_stdout = 0;
+ int ready_signal_fd = -1;
+ int watch_fd = -1;
+@@ -259,21 +259,7 @@ int main(int argc, const char *argv[])
+ struct poptOption long_options[] = {
+ POPT_AUTOHELP
+ POPT_COMMON_SAMBA
+- {
+- .longName = "foreground",
+- .shortName = 'F',
+- .argInfo = POPT_ARG_NONE,
+- .arg = &foreground,
+- .descrip = "Run daemon in foreground "
+- "(for daemontools, etc.)",
+- },
+- {
+- .longName = "no-process-group",
+- .shortName = '\0',
+- .argInfo = POPT_ARG_NONE,
+- .arg = &no_process_group,
+- .descrip = "Don't create a new process group" ,
+- },
++ POPT_COMMON_DAEMON
+
+ /*
+ * File descriptor to write the PID of the helper
+@@ -311,6 +297,7 @@ int main(int argc, const char *argv[])
+ frame = talloc_stackframe();
+
+ umask(0);
++ set_remote_machine_name("smbd-bgqd", true);
+
+ ok = samba_cmdline_init(frame,
+ SAMBA_CMDLINE_CONFIG_SERVER,
+@@ -320,6 +307,8 @@ int main(int argc, const char *argv[])
+ exit(ENOMEM);
+ }
+
++ cmdline_daemon_cfg = samba_cmdline_get_daemon_cfg();
++
+ pc = samba_popt_get_context(progname,
+ argc,
+ argv,
+@@ -340,16 +329,12 @@ int main(int argc, const char *argv[])
+
+ log_stdout = (debug_get_log_type() == DEBUG_STDOUT);
+
+- if (foreground) {
++ if (!cmdline_daemon_cfg->fork) {
+ daemon_status(progname, "Starting process ... ");
+ } else {
+- become_daemon(true, no_process_group, log_stdout);
+- }
+-
+- if (log_stdout) {
+- setup_logging(progname, DEBUG_STDOUT);
+- } else {
+- setup_logging(progname, DEBUG_FILE);
++ become_daemon(true,
++ cmdline_daemon_cfg->no_process_group,
++ log_stdout);
+ }
+
+ BlockSignals(true, SIGPIPE);
+--
+2.33.1
+
+
+From 1a0a1ccbe888332ea134b16bfac0d0d011bf1f4c Mon Sep 17 00:00:00 2001
+From: Ralph Boehme <slow@samba.org>
+Date: Wed, 10 Nov 2021 18:27:08 +0100
+Subject: [PATCH 3/8] winbindd: remove is_default_dyn_LOGFILEBASE() logic
+
+Handling of -l commandline parameter is already implemented by lib/cmdline/.
+
+is_default_dyn_LOGFILEBASE() == true is the default case and this causes us to
+temporarily overwrite the configured logfile with LOGFILEBASE/log.winbindd until
+winbindd_reload_services_file() restores it.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=14897
+
+Signed-off-by: Ralph Boehme <slow@samba.org>
+---
+ source3/winbindd/winbindd.c | 9 ---------
+ 1 file changed, 9 deletions(-)
+
+diff --git a/source3/winbindd/winbindd.c b/source3/winbindd/winbindd.c
+index 290454619a4..58c5ffbced4 100644
+--- a/source3/winbindd/winbindd.c
++++ b/source3/winbindd/winbindd.c
+@@ -1717,15 +1717,6 @@ int main(int argc, const char **argv)
+
+ poptFreeContext(pc);
+
+- if (is_default_dyn_LOGFILEBASE()) {
+- char *lfile = NULL;
+- if (asprintf(&lfile,"%s/log.winbindd",
+- get_dyn_LOGFILEBASE()) > 0) {
+- lp_set_logfile(lfile);
+- SAFE_FREE(lfile);
+- }
+- }
+-
+ reopen_logs();
+
+ DEBUG(0,("winbindd version %s started.\n", samba_version_string()));
+--
+2.33.1
+
+
+From bcbf9fb6669933cc3dcf1f615d2885c542a08035 Mon Sep 17 00:00:00 2001
+From: Ralph Boehme <slow@samba.org>
+Date: Wed, 10 Nov 2021 14:13:11 +0100
+Subject: [PATCH 4/8] lib/debug: fix fd check before dup'ing to stderr
+
+Before I added per-class logfile and we had only one fd for the logfile the code
+looked like this:
+
+ /* Take over stderr to catch output into logs */
+ if (state.fd > 0) {
+ if (dup2(state.fd, 2) == -1) {
+ /* Close stderr too, if dup2 can't point it -
+ at the logfile. There really isn't much
+ that can be done on such a fundamental
+ failure... */
+ close_low_fd(2);
+ }
+ }
+
+In the current code the equivalent to state.fd is dbgc_config[DBGC_ALL].fd.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=14897
+
+Signed-off-by: Ralph Boehme <slow@samba.org>
+---
+ lib/util/debug.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/lib/util/debug.c b/lib/util/debug.c
+index 4fd17679227..b271608621a 100644
+--- a/lib/util/debug.c
++++ b/lib/util/debug.c
+@@ -1125,7 +1125,6 @@ bool reopen_logs_internal(void)
+ {
+ struct debug_backend *b = NULL;
+ mode_t oldumask;
+- int new_fd = 0;
+ size_t i;
+ bool ok;
+
+@@ -1190,7 +1189,7 @@ bool reopen_logs_internal(void)
+ * If log file was opened or created successfully, take over stderr to
+ * catch output into logs.
+ */
+- if (new_fd != -1) {
++ if (dbgc_config[DBGC_ALL].fd > 0) {
+ if (dup2(dbgc_config[DBGC_ALL].fd, 2) == -1) {
+ /* Close stderr too, if dup2 can't point it -
+ at the logfile. There really isn't much
+--
+2.33.1
+
+
+From 9f76bd48d87eb03c66dfe942b4a84e997a8fe8ba Mon Sep 17 00:00:00 2001
+From: Ralph Boehme <slow@samba.org>
+Date: Mon, 8 Nov 2021 19:41:50 +0100
+Subject: [PATCH 5/8] lib/debug: in debug_set_logfile() call
+ reopen_logs_internal()
+
+This simplifies the logging API for callers that typically would want to set
+logging by just setup_logging() once without bothering that typically
+configuration is loaded (via some lpcfg_load*() or lp_load*() varient) which
+will only then pick up the configured logfile from smb.conf without actually
+applying the new logifle to the logging subsytem.
+
+Therefor our daemons will additionally call reopen_logs() explicitly in their
+startup code after config is loaded, eg
+
+ setup_logging(getprogname(), DEBUG_FILE);
+ ...
+ lpcfg_load(lp_ctx, config_file);
+ ...
+ reopen_logs();
+
+By calling reopen_logs_internal() implicitly from debug_set_logfile() there's no
+need to call reopen_logs() explicitly anymore to apply the logfile.
+
+As reopen_logs() will also apply other logging configuration options, we have to
+keep the explicit calls in the daemon code. But at least this allows consistent
+logging setup wrt to the logfile in the new cmdline library.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=14897
+
+Signed-off-by: Ralph Boehme <slow@samba.org>
+---
+ lib/util/debug.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/lib/util/debug.c b/lib/util/debug.c
+index b271608621a..171b5e15008 100644
+--- a/lib/util/debug.c
++++ b/lib/util/debug.c
+@@ -1018,6 +1018,8 @@ void debug_set_logfile(const char *name)
+ }
+ TALLOC_FREE(dbgc_config[DBGC_ALL].logfile);
+ dbgc_config[DBGC_ALL].logfile = talloc_strdup(NULL, name);
++
++ reopen_logs_internal();
+ }
+
+ static void debug_close_fd(int fd)
+--
+2.33.1
+
+
+From b80911bc1a306cac479ee3feabdcea124946cdde Mon Sep 17 00:00:00 2001
+From: Ralph Boehme <slow@samba.org>
+Date: Mon, 8 Nov 2021 12:08:47 +0100
+Subject: [PATCH 6/8] lib/cmdline: fix indentation
+
+s/whitespace/tab/
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=14897
+
+Signed-off-by: Ralph Boehme <slow@samba.org>
+---
+ lib/cmdline/cmdline_s3.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/cmdline/cmdline_s3.c b/lib/cmdline/cmdline_s3.c
+index 1f8d9ed5eb5..639d403aed3 100644
+--- a/lib/cmdline/cmdline_s3.c
++++ b/lib/cmdline/cmdline_s3.c
+@@ -55,7 +55,7 @@ static bool _samba_cmdline_load_config_s3(void)
+ case SAMBA_CMDLINE_CONFIG_CLIENT:
+ ok = lp_load_client(config_file);
+ break;
+- case SAMBA_CMDLINE_CONFIG_SERVER:
++ case SAMBA_CMDLINE_CONFIG_SERVER:
+ {
+ const struct samba_cmdline_daemon_cfg *cmdline_daemon_cfg =
+ samba_cmdline_get_daemon_cfg();
+--
+2.33.1
+
+
+From a6b6b0b6e6dfcd2c8e2c2085d20cd16c51e3b379 Mon Sep 17 00:00:00 2001
+From: Ralph Boehme <slow@samba.org>
+Date: Mon, 8 Nov 2021 12:09:16 +0100
+Subject: [PATCH 7/8] lib/cmdline: remember config_type in samba_cmdline_init()
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=14897
+
+Signed-off-by: Ralph Boehme <slow@samba.org>
+---
+ lib/cmdline/cmdline_s4.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/lib/cmdline/cmdline_s4.c b/lib/cmdline/cmdline_s4.c
+index 61c1b96ba8d..6ef6f59db49 100644
+--- a/lib/cmdline/cmdline_s4.c
++++ b/lib/cmdline/cmdline_s4.c
+@@ -25,6 +25,7 @@
+ #include "cmdline_private.h"
+
+ static bool _require_smbconf;
++static enum samba_cmdline_config_type _config_type;
+
+ static bool _samba_cmdline_load_config_s4(void)
+ {
+@@ -81,6 +82,7 @@ bool samba_cmdline_init(TALLOC_CTX *mem_ctx,
+ return false;
+ }
+ _require_smbconf = require_smbconf;
++ _config_type = config_type;
+
+ creds = cli_credentials_init(mem_ctx);
+ if (creds == NULL) {
+--
+2.33.1
+
+
+From e1d6ab1b0dbd8ff30019edf804c4766b066db4b7 Mon Sep 17 00:00:00 2001
+From: Ralph Boehme <slow@samba.org>
+Date: Mon, 8 Nov 2021 12:09:43 +0100
+Subject: [PATCH 8/8] lib/cmdline: setup default file logging for servers
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=14897
+RN: samba process doesn't log to logfile
+
+Signed-off-by: Ralph Boehme <slow@samba.org>
+---
+ lib/cmdline/cmdline_s4.c | 14 ++++++++++++++
+ 1 file changed, 14 insertions(+)
+
+diff --git a/lib/cmdline/cmdline_s4.c b/lib/cmdline/cmdline_s4.c
+index 6ef6f59db49..29e9f34bbe2 100644
+--- a/lib/cmdline/cmdline_s4.c
++++ b/lib/cmdline/cmdline_s4.c
+@@ -44,6 +44,20 @@ static bool _samba_cmdline_load_config_s4(void)
+ }
+ }
+
++ switch (_config_type) {
++ case SAMBA_CMDLINE_CONFIG_SERVER: {
++ const struct samba_cmdline_daemon_cfg *cmdline_daemon_cfg =
++ samba_cmdline_get_daemon_cfg();
++
++ if (!cmdline_daemon_cfg->interactive) {
++ setup_logging(getprogname(), DEBUG_FILE);
++ }
++ break;
++ }
++ default:
++ break;
++ }
++
+ config_file = get_dyn_CONFIGFILE();
+ ok = lpcfg_load(lp_ctx, config_file);
+ if (!ok) {
+--
+2.33.1
+
diff --git a/SOURCES/samba-4.15.1-winexe.patch b/SOURCES/samba-4.15.1-winexe.patch
new file mode 100644
index 0000000..38460b3
--- /dev/null
+++ b/SOURCES/samba-4.15.1-winexe.patch
@@ -0,0 +1,61 @@
+From 3d02bf10d7738fe604b524863764de3ca1faa081 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Thu, 4 Nov 2021 22:22:44 +0100
+Subject: [PATCH] s3-winexe: Fix winexe core dump (use-after-free)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=14893
+
+Guenther
+
+Signed-off-by: Guenther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+
+Autobuild-User(master): Günther Deschner <gd@samba.org>
+Autobuild-Date(master): Fri Nov 5 11:43:57 UTC 2021 on sn-devel-184
+
+(cherry picked from commit e9495d2ed28a26899dc3dd77bdfe56e284980218)
+---
+ examples/winexe/winexe.c | 16 ++++++++++++----
+ 1 file changed, 12 insertions(+), 4 deletions(-)
+
+diff --git a/examples/winexe/winexe.c b/examples/winexe/winexe.c
+index 3e0813a4091..59fb9dbdebb 100644
+--- a/examples/winexe/winexe.c
++++ b/examples/winexe/winexe.c
+@@ -220,8 +220,6 @@ static void parse_args(int argc, const char *argv[],
+ *port_str = '\0';
+ }
+
+- poptFreeContext(pc);
+-
+ if (options->runas == NULL && options->runas_file != NULL) {
+ struct cli_credentials *runas_cred;
+ const char *user;
+@@ -253,9 +251,19 @@ static void parse_args(int argc, const char *argv[],
+
+ options->credentials = samba_cmdline_get_creds();
+
+- options->hostname = argv_new[0] + 2;
++ options->hostname = talloc_strdup(mem_ctx, argv_new[0] + 2);
++ if (options->hostname == NULL) {
++ DBG_ERR("Out of memory\n");
++ exit(1);
++ }
+ options->port = port;
+- options->cmd = argv_new[1];
++ options->cmd = talloc_strdup(mem_ctx, argv_new[1]);
++ if (options->cmd == NULL) {
++ DBG_ERR("Out of memory\n");
++ exit(1);
++ }
++
++ poptFreeContext(pc);
+
+ options->flags = flag_interactive;
+ if (flag_reinstall) {
+--
+2.33.1
+
diff --git a/SOURCES/samba-4.15.2-smbclient_anonymous.patch b/SOURCES/samba-4.15.2-smbclient_anonymous.patch
new file mode 100644
index 0000000..477ddef
--- /dev/null
+++ b/SOURCES/samba-4.15.2-smbclient_anonymous.patch
@@ -0,0 +1,58 @@
+From 61fd63d70578043de9f3bff1c3267c499dbf50a0 Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@samba.org>
+Date: Wed, 10 Nov 2021 12:06:51 +0100
+Subject: [PATCH] auth:creds: Guess the username first via getpwuid(my_id)
+
+If we have a container, we often don't have USER or LOGNAME set.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=14883
+
+Tested-by: Anoop C S <anoopcs@samba.org>
+Signed-off-by: Andreas Schneider <asn@samba.org>
+Reviewed-by: Stefan Metzmacher <metze@samba.org>
+(cherry picked from commit c28be4067463e582e378df402f812e510883d606)
+---
+ auth/credentials/credentials.c | 13 +++++++++++++
+ 1 file changed, 13 insertions(+)
+
+diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c
+index 02a3cf3b354..c5a6ba6940c 100644
+--- a/auth/credentials/credentials.c
++++ b/auth/credentials/credentials.c
+@@ -30,6 +30,7 @@
+ #include "tevent.h"
+ #include "param/param.h"
+ #include "system/filesys.h"
++#include "system/passwd.h"
+
+ /**
+ * Create a new credentials structure
+@@ -1159,6 +1160,7 @@ _PUBLIC_ bool cli_credentials_guess(struct cli_credentials *cred,
+ {
+ const char *error_string;
+ const char *env = NULL;
++ struct passwd *pwd = NULL;
+ bool ok;
+
+ if (lp_ctx != NULL) {
+@@ -1168,6 +1170,17 @@ _PUBLIC_ bool cli_credentials_guess(struct cli_credentials *cred,
+ }
+ }
+
++ pwd = getpwuid(getuid());
++ if (pwd != NULL) {
++ size_t len = strlen(pwd->pw_name);
++
++ if (len > 0 && len <= 1024) {
++ (void)cli_credentials_parse_string(cred,
++ pwd->pw_name,
++ CRED_GUESS_ENV);
++ }
++ }
++
+ env = getenv("LOGNAME");
+ if (env != NULL) {
+ size_t len = strlen(env);
+--
+2.33.1
+
diff --git a/SOURCES/samba-4.15.2.tar.asc b/SOURCES/samba-4.15.2.tar.asc
new file mode 100644
index 0000000..b55faa8
--- /dev/null
+++ b/SOURCES/samba-4.15.2.tar.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmGJC1MACgkQqplEL7aA
+tiCwkhAAgHQFzw/TiURShe+AAw9eE168VXPICTBPNSRRiYH2FBbqG4qSHxG/SSAr
+Fq8tMAoGhVuPC+Rjie7wMYoF9R7wd3X+KQ2GzLismbHS6Cn2C1EJ0cX/UJqP+Qpu
+vitKHTpczNqEtWbYiMO2NKuLz1pyGl8/i/HErlVmSVFrHUnyLDXkZn1R1+R8b4hg
+9Nj27L41ndAqyws24MCKoWNuhkwCN3QLf/n4/b22wZwJyNmiwvJlH5nK0RF4gY1T
+Ne09HHNovcBvIgtJCp+ABcSKVQXGj2L47XDLBEXU4AeM+dzbRP0dBOCzs50ZbYQ1
+8JMq7+r/MWSKuiDf1ofW6EYZPcxRsKcFGhpnP7rlMucxNRN358CqTaVW8qmhBRDV
+9mglTBX6ie+Jj8fYP7Ak5rc+LYxolfTZmniH+dk7HH4QUdXjL/P3SpSwhwNmxtmc
+JCWP4Tszw0tpRwoGRdt3A+I1/YRRCftSL5/Nm8q+ERyW77uVH+IkWdAsjuZUHyod
+sT1+YQGoPrBRmESpugqqKQKQ9/CgVL1PZLjfKAgFP2a5/gwTr12rjXXn7uEMShjq
+WDduBZRH6873IcVYkV/TVmqd+AfHk31d4B4Djzy7itGqF4XNCpWFlmLj4kApNY99
+IXPfzua5Owjc8LIZssRSmPE0BLa1ElCfPvk6q2IJnpWZ04EdCjo=
+=sYeb
+-----END PGP SIGNATURE-----
diff --git a/SOURCES/samba-ctdb-etcd-reclock.patch b/SOURCES/samba-ctdb-etcd-reclock.patch
new file mode 100644
index 0000000..2a55408
--- /dev/null
+++ b/SOURCES/samba-ctdb-etcd-reclock.patch
@@ -0,0 +1,30 @@
+From 939aed0498269df3c1e012f3b68c314b583f25bd Mon Sep 17 00:00:00 2001
+From: Martin Schwenke <martin@meltin.net>
+Date: Tue, 27 Apr 2021 15:46:14 +1000
+Subject: [PATCH] utils: Use Python 3
+
+Due to the number of flake8 and pylint warnings it is unclear if the
+source has Python 3 incompatibilities. These will be cleaned up in
+subsequent commits.
+
+Signed-off-by: "L.P.H. van Belle" <belle@bazuin.nl>
+Reviewed-by: Martin Schwenke <martin@meltin.net>
+Reviewed-by: David Disseldorp <ddiss@samba.org>
+Reviewed-by: Jose A. Rivera <jarrpa@samba.org>
+---
+ ctdb/utils/etcd/ctdb_etcd_lock | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/ctdb/utils/etcd/ctdb_etcd_lock b/ctdb/utils/etcd/ctdb_etcd_lock
+index 000c6bb7208..7f5194eff0a 100755
+--- a/ctdb/utils/etcd/ctdb_etcd_lock
++++ b/ctdb/utils/etcd/ctdb_etcd_lock
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python
++#!/usr/bin/env python3
+ #
+ # This program is free software: you can redistribute it and/or modify
+ # it under the terms of the GNU General Public License as published by
+--
+2.31.1
+
diff --git a/SOURCES/samba-s4u.patch b/SOURCES/samba-s4u.patch
index 83ed873..8e84d96 100644
--- a/SOURCES/samba-s4u.patch
+++ b/SOURCES/samba-s4u.patch
@@ -1,22 +1,21 @@
-From fe300549844509624d944b93fc64dc6d382e71c1 Mon Sep 17 00:00:00 2001
+From 0b196043f08ea4c025f19c4519175a3a73e1d185 Mon Sep 17 00:00:00 2001
From: Isaac Boukris <iboukris@gmail.com>
Date: Fri, 27 Sep 2019 18:25:03 +0300
-Subject: [PATCH 3/7] mit-kdc: add basic loacl realm S4U support
+Subject: [PATCH 1/3] mit-kdc: add basic loacl realm S4U support
Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
---
- source4/kdc/mit-kdb/kdb_samba_policies.c | 148 +++++++++---------
- source4/kdc/mit_samba.c | 47 ++----
- source4/kdc/mit_samba.h | 6 +-
- wscript_configure_system_mitkrb5 | 3 +
- 6 files changed, 91 insertions(+), 115 deletions(-)
+ source4/kdc/mit-kdb/kdb_samba_policies.c | 124 +++++++++++------------
+ source4/kdc/mit_samba.c | 47 ++-------
+ source4/kdc/mit_samba.h | 6 +-
+ 3 files changed, 71 insertions(+), 106 deletions(-)
diff --git a/source4/kdc/mit-kdb/kdb_samba_policies.c b/source4/kdc/mit-kdb/kdb_samba_policies.c
-index 9197551ed61..944324d9a2f 100644
+index f35210669c2..b1c7c5dcc5e 100644
--- a/source4/kdc/mit-kdb/kdb_samba_policies.c
+++ b/source4/kdc/mit-kdb/kdb_samba_policies.c
-@@ -192,13 +192,17 @@ static krb5_error_code ks_verify_pac(krb5_context context,
+@@ -195,13 +195,17 @@ static krb5_error_code ks_verify_pac(krb5_context context,
krb5_keyblock *krbtgt_key,
krb5_timestamp authtime,
krb5_authdata **tgt_auth_data,
@@ -37,7 +36,7 @@ index 9197551ed61..944324d9a2f 100644
mit_ctx = ks_get_context(context);
if (mit_ctx == NULL) {
-@@ -230,41 +234,43 @@ static krb5_error_code ks_verify_pac(krb5_context context,
+@@ -233,41 +237,43 @@ static krb5_error_code ks_verify_pac(krb5_context context,
code = krb5_pac_parse(context,
authdata[0]->contents,
authdata[0]->length,
@@ -107,7 +106,7 @@ index 9197551ed61..944324d9a2f 100644
if (code != 0) {
goto done;
}
-@@ -272,17 +278,22 @@ static krb5_error_code ks_verify_pac(krb5_context context,
+@@ -275,17 +281,22 @@ static krb5_error_code ks_verify_pac(krb5_context context,
code = mit_samba_reget_pac(mit_ctx,
context,
flags,
@@ -134,31 +133,30 @@ index 9197551ed61..944324d9a2f 100644
return code;
}
-@@ -324,7 +335,7 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
- {
- #endif
+@@ -314,6 +325,7 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
+ krb5_authdata **pac_auth_data = NULL;
krb5_authdata **authdata = NULL;
-- krb5_boolean is_as_req;
+ krb5_boolean is_as_req;
+ krb5_const_principal pac_client;
krb5_error_code code;
krb5_pac pac = NULL;
krb5_data pac_data;
-@@ -334,24 +345,21 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
+@@ -325,11 +337,6 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
+ krbtgt = krbtgt == NULL ? local_krbtgt : krbtgt;
krbtgt_key = krbtgt_key == NULL ? local_krbtgt_key : krbtgt_key;
- #endif
- /* FIXME: We don't support S4U yet */
- if (flags & KRB5_KDB_FLAGS_S4U) {
- return KRB5_KDB_DBTYPE_NOSUP;
- }
-
-- is_as_req = ((flags & KRB5_KDB_FLAG_CLIENT_REFERRALS_ONLY) != 0);
--
-- if (is_as_req && (flags & KRB5_KDB_FLAG_INCLUDE_PAC)) {
-- code = ks_get_pac(context, client, client_key, &pac);
-- if (code != 0) {
-- goto done;
-- }
+ is_as_req = ((flags & KRB5_KDB_FLAG_CLIENT_REFERRALS_ONLY) != 0);
+
+ /*
+@@ -390,6 +397,16 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
+ ks_client_princ = client->princ;
+ }
+
+ /* In protocol transition, we are currently not provided with the tgt
+ * client name to verify the PAC, we could probably skip the name
+ * verification and just verify the signatures, but since we don't
@@ -166,59 +164,31 @@ index 9197551ed61..944324d9a2f 100644
+ if (flags & KRB5_KDB_FLAG_PROTOCOL_TRANSITION) {
+ pac_client = server->princ;
+ } else {
-+ pac_client = client_princ;
- }
-
-- if (!is_as_req) {
-+ /* TGS request */
-+ if (!(flags & KRB5_KDB_FLAG_CLIENT_REFERRALS_ONLY)) {
- code = ks_verify_pac(context,
- flags,
-- client_princ,
-+ pac_client,
- client,
- server,
- krbtgt,
-@@ -363,14 +371,28 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
- if (code != 0) {
- goto done;
- }
-+
-+ /* We require PAC as we don't support LSA_TRUST_TYPE_MIT */
-+ if (pac == NULL) {
-+ code = KRB5_KDB_DBTYPE_NOSUP;
-+ goto done;
-+ }
- }
-
-- if (pac == NULL && client != NULL) {
-+ if (flags & KRB5_KDB_FLAG_PROTOCOL_TRANSITION) {
-+ krb5_pac_free(context, pac);
-+ pac = NULL;
++ pac_client = ks_client_princ;
+ }
-
-+ /* AS request or local realm protocol transition */
-+ if ((flags & KRB5_KDB_FLAG_CLIENT_REFERRALS_ONLY) ||
-+ (client != NULL && (flags & KRB5_KDB_FLAG_PROTOCOL_TRANSITION))) {
- code = ks_get_pac(context, client, client_key, &pac);
- if (code != 0) {
- goto done;
- }
-+ /* We require a pac! */
-+ SMB_ASSERT(pac != NULL);
- }
-
- if (pac == NULL) {
-@@ -379,7 +401,7 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
++
+ if (client_entry == NULL) {
+ client_entry = client;
}
+@@ -454,7 +471,7 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
- code = krb5_pac_sign(context, pac, authtime, client_princ,
+ code = ks_verify_pac(context,
+ flags,
+- ks_client_princ,
++ pac_client,
+ client_entry,
+ server,
+ krbtgt,
+@@ -494,7 +511,7 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
+ is_as_req ? "AS-REQ" : "TGS-REQ",
+ client_name);
+ code = krb5_pac_sign(context, pac, authtime, ks_client_princ,
- server_key, krbtgt_key, &pac_data);
+ server_key, krbtgt_key, &pac_data);
if (code != 0) {
DBG_ERR("krb5_pac_sign failed: %d\n", code);
goto done;
-@@ -405,11 +427,6 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
+@@ -520,12 +537,6 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
KRB5_AUTHDATA_IF_RELEVANT,
authdata,
signed_auth_data);
@@ -227,10 +197,11 @@ index 9197551ed61..944324d9a2f 100644
- }
-
- code = 0;
-
+-
done:
- krb5_pac_free(context, pac);
-@@ -432,32 +449,13 @@ krb5_error_code kdb_samba_db_check_allowed_to_delegate(krb5_context context,
+ if (client_entry != NULL && client_entry != client) {
+ ks_free_principal(context, client_entry);
+@@ -551,32 +562,13 @@ krb5_error_code kdb_samba_db_check_allowed_to_delegate(krb5_context context,
* server; -> delegating service
* proxy; -> target principal
*/
@@ -265,10 +236,10 @@ index 9197551ed61..944324d9a2f 100644
diff --git a/source4/kdc/mit_samba.c b/source4/kdc/mit_samba.c
-index 54dcd545ea1..f23327c9613 100644
+index 4239332f0d9..acc3cba6254 100644
--- a/source4/kdc/mit_samba.c
+++ b/source4/kdc/mit_samba.c
-@@ -467,7 +467,6 @@ int mit_samba_get_pac(struct mit_samba_context *smb_ctx,
+@@ -501,7 +501,6 @@ int mit_samba_get_pac(struct mit_samba_context *smb_ctx,
krb5_error_code mit_samba_reget_pac(struct mit_samba_context *ctx,
krb5_context context,
int flags,
@@ -276,7 +247,7 @@ index 54dcd545ea1..f23327c9613 100644
krb5_db_entry *client,
krb5_db_entry *server,
krb5_db_entry *krbtgt,
-@@ -615,7 +614,7 @@ krb5_error_code mit_samba_reget_pac(struct mit_samba_context *ctx,
+@@ -665,7 +664,7 @@ krb5_error_code mit_samba_reget_pac(struct mit_samba_context *ctx,
context,
*pac,
server->princ,
@@ -285,7 +256,7 @@ index 54dcd545ea1..f23327c9613 100644
deleg_blob);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(0, ("Update delegation info failed: %s\n",
-@@ -937,41 +936,17 @@ int mit_samba_check_client_access(struct mit_samba_context *ctx,
+@@ -987,41 +986,17 @@ int mit_samba_check_client_access(struct mit_samba_context *ctx,
}
int mit_samba_check_s4u2proxy(struct mit_samba_context *ctx,
@@ -338,7 +309,7 @@ index 54dcd545ea1..f23327c9613 100644
static krb5_error_code mit_samba_change_pwd_error(krb5_context context,
diff --git a/source4/kdc/mit_samba.h b/source4/kdc/mit_samba.h
-index ba824557bd5..5aadf206443 100644
+index 636c77ec97c..9cb00c9610e 100644
--- a/source4/kdc/mit_samba.h
+++ b/source4/kdc/mit_samba.h
@@ -56,7 +56,6 @@ int mit_samba_get_pac(struct mit_samba_context *smb_ctx,
@@ -362,12 +333,13 @@ index ba824557bd5..5aadf206443 100644
int mit_samba_kpasswd_change_password(struct mit_samba_context *ctx,
char *pwd,
--
-2.25.4
+2.33.1
+
-From ff1b225493ede3d43cfad571770dacb73f75ec42 Mon Sep 17 00:00:00 2001
+From 992d38fa35c01f2f0bdb39d387fa29e8eb8d3d37 Mon Sep 17 00:00:00 2001
From: Isaac Boukris <iboukris@gmail.com>
Date: Fri, 27 Sep 2019 18:35:30 +0300
-Subject: [PATCH 5/7] krb5-mit: enable S4U client support for MIT build
+Subject: [PATCH 2/3] krb5-mit: enable S4U client support for MIT build
Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
@@ -375,13 +347,13 @@ Pair-Programmed-With: Andreas Schneider <asn@samba.org>
lib/krb5_wrap/krb5_samba.c | 185 ++++++++++++++++++++++++++
lib/krb5_wrap/krb5_samba.h | 2 -
source4/auth/kerberos/kerberos_util.c | 11 --
- 4 files changed, 185 insertions(+), 14 deletions(-)
+ 3 files changed, 185 insertions(+), 13 deletions(-)
diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c
-index 20ce86c708d..e72ab3c30f7 100644
+index fff5b4e2a22..791b417d5ba 100644
--- a/lib/krb5_wrap/krb5_samba.c
+++ b/lib/krb5_wrap/krb5_samba.c
-@@ -2568,6 +2568,191 @@ krb5_error_code smb_krb5_kinit_s4u2_ccache(krb5_context ctx,
+@@ -2694,6 +2694,191 @@ krb5_error_code smb_krb5_kinit_s4u2_ccache(krb5_context ctx,
return 0;
}
@@ -574,7 +546,7 @@ index 20ce86c708d..e72ab3c30f7 100644
#if !defined(HAVE_KRB5_MAKE_PRINCIPAL) && defined(HAVE_KRB5_BUILD_PRINCIPAL_ALLOC_VA)
diff --git a/lib/krb5_wrap/krb5_samba.h b/lib/krb5_wrap/krb5_samba.h
-index ca9a893e4f7..3264ce5eb3b 100644
+index eab67f6d969..b5385c69a33 100644
--- a/lib/krb5_wrap/krb5_samba.h
+++ b/lib/krb5_wrap/krb5_samba.h
@@ -252,7 +252,6 @@ krb5_error_code smb_krb5_kinit_password_ccache(krb5_context ctx,
@@ -639,14 +611,13 @@ index 544d9d853cc..c14d8c72d8c 100644
ret = smb_krb5_kinit_password_ccache(smb_krb5_context->krb5_context,
ccache,
--
-2.25.4
-
+2.33.1
-From cf1b9bdc09180d68e2b30258839d2f78b7af9c62 Mon Sep 17 00:00:00 2001
+From f1951b501ca0fb3e613f04437c99dc1bbf204609 Mon Sep 17 00:00:00 2001
From: Isaac Boukris <iboukris@gmail.com>
Date: Sat, 19 Sep 2020 14:16:20 +0200
-Subject: [PATCH 7/7] wip: for canonicalization with new MIT kdc code
+Subject: [PATCH 3/3] wip: for canonicalization with new MIT kdc code
---
source4/heimdal/lib/hdb/hdb.h | 1 +
@@ -656,7 +627,7 @@ Subject: [PATCH 7/7] wip: for canonicalization with new MIT kdc code
4 files changed, 11 insertions(+), 2 deletions(-)
diff --git a/source4/heimdal/lib/hdb/hdb.h b/source4/heimdal/lib/hdb/hdb.h
-index 6a09ecb6fe1..bc5211fef35 100644
+index 5ef9d9565f3..dafaffc6c2d 100644
--- a/source4/heimdal/lib/hdb/hdb.h
+++ b/source4/heimdal/lib/hdb/hdb.h
@@ -63,6 +63,7 @@ enum hdb_lockop{ HDB_RLOCK, HDB_WLOCK };
@@ -668,7 +639,7 @@ index 6a09ecb6fe1..bc5211fef35 100644
/* hdb_capability_flags */
#define HDB_CAP_F_HANDLE_ENTERPRISE_PRINCIPAL 1
diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c
-index a560a1cd84b..c27b6a8ef4c 100644
+index aff74f2ee71..d16b4c3329a 100644
--- a/source4/kdc/db-glue.c
+++ b/source4/kdc/db-glue.c
@@ -916,17 +916,21 @@ static krb5_error_code samba_kdc_message2entry(krb5_context context,
@@ -696,10 +667,10 @@ index a560a1cd84b..c27b6a8ef4c 100644
ret = smb_krb5_make_principal(context, &entry_ex->entry.principal, lpcfg_realm(lp_ctx), samAccountName, NULL);
if (ret) {
diff --git a/source4/kdc/mit_samba.c b/source4/kdc/mit_samba.c
-index f23327c9613..4084e893cc2 100644
+index acc3cba6254..f0b9df8b613 100644
--- a/source4/kdc/mit_samba.c
+++ b/source4/kdc/mit_samba.c
-@@ -198,6 +198,9 @@ int mit_samba_get_principal(struct mit_samba_context *ctx,
+@@ -224,6 +224,9 @@ int mit_samba_get_principal(struct mit_samba_context *ctx,
if (kflags & KRB5_KDB_FLAG_CANONICALIZE) {
sflags |= SDB_F_CANON;
}
@@ -722,5 +693,5 @@ index c929acccce6..a9115ec23d7 100644
void sdb_free_entry(struct sdb_entry_ex *e);
void free_sdb_entry(struct sdb_entry *s);
--
-2.25.4
+2.33.1
diff --git a/SPECS/samba.spec b/SPECS/samba.spec
index d09116a..c9fa74b 100644
--- a/SPECS/samba.spec
+++ b/SPECS/samba.spec
@@ -15,6 +15,9 @@
# ctdb is enabled by default, you can disable it with: --without clustering
%bcond_without clustering
+# Define _make_verbose if it doesn't exist (RHEL8)
+%{!?_make_verbose:%define _make_verbose V=1 VERBOSE=1}
+
# Build with Active Directory Domain Controller support by default on Fedora
%if 0%{?fedora}
%bcond_without dc
@@ -42,24 +45,27 @@
%bcond_without winexe
%endif
-# Build vfs_ceph module by default on 64bit Fedora
+# Build vfs_ceph module and ctdb cepth mutex helper by default on 64bit Fedora
%if 0%{?fedora}
%ifarch aarch64 ppc64le s390x x86_64
%bcond_without vfs_cephfs
+%bcond_without ceph_mutex
%else
%bcond_with vfs_cephfs
+%bcond_with ceph_mutex
#endifarch
%endif
%else
%bcond_with vfs_cephfs
+%bcond_with ceph_mutex
#endif fedora
%endif
# Build vfs_gluster module by default on 64bit Fedora
%global is_rhgs 0
-%if "%{dist}" == ".el8rhgs" || "%{dist}" == ".el9rhgs"
+%if "%{dist}" == ".el8rhgs" || "%{dist}" == ".el9rhgs"
%global is_rhgs 1
%endif
@@ -106,15 +112,29 @@
#endif fedora || rhel >= 8
%endif
+# Build the ctdb-pcp-pmda package by default on Fedora
+%if 0%{?fedora}
+%bcond_without pcp_pmda
+%else
+%bcond_with pcp_pmda
+%endif
+
+# Build the etcd helpers by default on Fedora
+%if 0%{?fedora}
+%bcond_without etcd_mutex
+%else
+%bcond_with etcd_mutex
+%endif
+
%define samba_requires_eq() %(LC_ALL="C" echo '%*' | xargs -r rpm -q --qf 'Requires: %%{name} = %%{epoch}:%%{version}\\n' | sed -e 's/ (none):/ /' -e 's/ 0:/ /' | grep -v "is not")
-%global baserelease 103
+%global baserelease 3
-%global samba_version 4.14.5
-%global talloc_version 2.3.2
-%global tdb_version 1.4.3
-%global tevent_version 0.10.2
-%global ldb_version 2.3.0
+%global samba_version 4.15.2
+%global talloc_version 2.3.3
+%global tdb_version 1.4.4
+%global tevent_version 0.11.0
+%global ldb_version 2.4.1
# This should be rc1 or nil
%global pre_release %nil
@@ -178,6 +198,12 @@ Source14: samba.pamd
Source201: README.downgrade
Patch0: samba-s4u.patch
+Patch1: samba-ctdb-etcd-reclock.patch
+Patch2: samba-4.15.1-winexe.patch
+Patch3: samba-4.15-fix-winbind-no-trusted-domain.patch
+Patch4: samba-4.15-logfile.patch
+Patch5: samba-4.15.2-smbclient_anonymous.patch
+Patch6: samba-4.15-ipa-dc-schannel.patch
Requires(pre): /usr/sbin/groupadd
Requires(post): systemd
@@ -285,6 +311,16 @@ BuildRequires: libcephfs-devel
BuildRequires: liburing-devel >= 0.4
%endif
+%if %{with pcp_pmda}
+BuildRequires: pcp-libs-devel
+%endif
+%if %{with ceph_mutex}
+BuildRequires: librados-devel
+%endif
+%if %{with etcd_mutex}
+BuildRequires: python3-etcd
+%endif
+
%if %{with dc} || %{with testsuite}
# Add python3-iso8601 to avoid that the
# version in Samba is being packaged
@@ -314,9 +350,13 @@ BuildRequires: python3-tdb >= %{tdb_version}
BuildRequires: libldb-devel >= %{ldb_version}
BuildRequires: python3-ldb >= %{ldb_version}
BuildRequires: python3-ldb-devel >= %{ldb_version}
-%else
+%endif
+
+%if %{with includelibs} || %{with testsuite}
+# lmdb-devel is required for the mdb ldb module, if samba is configured
+# to build includelibs we need lmdb-devel for building that module on our own
BuildRequires: lmdb-devel
-#endif without testsuite
+#endif without includelibs
%endif
%if %{with dc} || %{with testsuite}
@@ -326,6 +366,7 @@ BuildRequires: ldb-tools
BuildRequires: python3-gpg
BuildRequires: python3-markdown
BuildRequires: python3-setproctitle
+BuildRequires: python3-cryptography
BuildRequires: tdb-tools
%endif
@@ -423,7 +464,7 @@ Obsoletes: ctdb-tests-debuginfo < %{samba_depver}
# endif with clustering
%endif
-# If only build glusterfs for RHGS and Fedora, so obsolete it on other version
+# We only build glusterfs for RHGS and Fedora, so obsolete it on other versions
# of the distro
%if %{without vfs_glusterfs}
Obsoletes: samba-vfs-glusterfs < %{samba_depver}
@@ -444,6 +485,15 @@ Requires: samba-libs = %{samba_depver}
Requires: libwbclient = %{samba_depver}
%endif
+# samba-tool needs python3-samba
+Requires: python3-%{name} = %{samba_depver}
+# samba-tool needs tdbbackup
+Requires: tdb-tools
+%if %{with dc}
+# samba-tool needs mdb_copy for domain backup or upgrade provision
+Requires: lmdb
+%endif
+
Provides: bundled(libreplace)
%description common-tools
@@ -465,10 +515,6 @@ Requires(post): libwbclient = %{samba_depver}
Requires: libwbclient = %{samba_depver}
%endif
-# samba-tool needs tdbbackup
-Requires: tdb-tools
-# samba-tool needs mdb_copy
-Requires: lmdb
Requires: ldb-tools
Requires: python3-setproctitle
# Force using libldb version to be the same as build version
@@ -704,7 +750,7 @@ Summary: Samba python devel files
Requires: python3-%{name} = %{samba_depver}
%description -n python3-%{name}-devel
-The python3-%{name}-devel package contains the Python 3 defel files.
+The python3-%{name}-devel package contains the Python 3 devel files.
%package -n python3-samba-test
Summary: Samba Python libraries
@@ -806,7 +852,6 @@ Requires(post): %{name}-client-libs = %{samba_depver}
Requires: %{name}-libs = %{samba_depver}
Requires(post): %{name}-libs = %{samba_depver}
Requires: %{name}-winbind-modules = %{samba_depver}
-Requires(post): %{name}-winbind-modules = %{samba_depver}
%if %{with libwbclient}
Requires(post): libwbclient = %{samba_depver}
@@ -965,6 +1010,45 @@ and use CTDB instead.
#endif with testsuite
%endif
+
+%if %{with pcp_pmda}
+
+%package -n ctdb-pcp-pmda
+Summary: CTDB PCP pmda support
+Requires: ctdb = %{samba_depver}
+Requires: pcp-libs
+
+%description -n ctdb-pcp-pmda
+Performance Co-Pilot (PCP) support for CTDB
+
+#endif with pcp_pmda
+%endif
+
+%if %{with etcd_mutex}
+
+%package -n ctdb-etcd-mutex
+Summary: CTDB ETCD mutex helper
+Requires: ctdb = %{samba_depver}
+Requires: python3-etcd
+
+%description -n ctdb-etcd-mutex
+Support for using an existing ETCD cluster as a mutex helper for CTDB
+
+#endif with etcd_mutex
+%endif
+
+%if %{with ceph_mutex}
+
+%package -n ctdb-ceph-mutex
+Summary: CTDB ceph mutex helper
+Requires: ctdb = %{samba_depver}
+
+%description -n ctdb-ceph-mutex
+Support for using an existing CEPH cluster as a mutex helper for CTDB
+
+#endif with ceph_mutex
+%endif
+
#endif with clustering
%endif
@@ -1055,8 +1139,18 @@ export LDFLAGS="%{__global_ldflags} -fuse-ld=gold"
%if %{with testsuite}
--enable-selftest \
%endif
+%if %{with pcp_pmda}
+ --enable-pmda \
+%endif
+%if %{with ceph_mutex}
+ --enable-ceph-reclock \
+%endif
+%if %{with etcd_mutex}
+ --enable-etcd-reclock \
+%endif
--with-profiling-data \
--with-systemd \
+ --with-quotas \
--systemd-install-services \
--with-systemddir=/usr/lib/systemd/system \
--systemd-smb-extra=%{_systemd_extra} \
@@ -1074,7 +1168,8 @@ pushd pidl
popd
%install
-%make_install
+# Do not use %%make_install, make is just a wrapper around waf in Samba!
+%{__make} %{?_smp_mflags} %{_make_verbose} install DESTDIR=%{buildroot}
install -d -m 0755 %{buildroot}/usr/{sbin,bin}
install -d -m 0755 %{buildroot}%{_libdir}/security
@@ -1162,12 +1257,10 @@ touch %{buildroot}%{_libdir}/krb5/plugins/libkrb5/winbind_krb5_locator.so
%if %{without dc} && %{without testsuite}
for i in \
%{_libdir}/samba/libdfs-server-ad-samba4.so \
- %{_libdir}/samba/libdnsserver-common-samba4.so \
%{_libdir}/samba/libdsdb-garbage-collect-tombstones-samba4.so \
%{_libdir}/samba/libscavenge-dns-records-samba4.so \
%{_mandir}/man8/samba.8 \
%{_mandir}/man8/samba_downgrade_db.8 \
- %{_mandir}/man8/samba-tool.8 \
%{_mandir}/man8/samba-gpupdate.8 \
%{_libdir}/samba/ldb/ildap.so \
%{_libdir}/samba/ldb/ldbsamba_extensions.so \
@@ -1518,6 +1611,8 @@ fi
%{_libdir}/samba/vfs/nfs4acl_xattr.so
%endif
+%{_libexecdir}/samba/samba-bgqd
+
%dir %{_datadir}/samba
%dir %{_datadir}/samba/mdssvc
%{_datadir}/samba/mdssvc/elasticsearch_mappings.json
@@ -1529,6 +1624,7 @@ fi
%config(noreplace) %{_sysconfdir}/pam.d/samba
%{_mandir}/man1/smbstatus.1*
%{_mandir}/man8/eventlogadm.8*
+%{_mandir}/man8/samba-bgqd.8*
%{_mandir}/man8/smbd.8*
%{_mandir}/man8/nmbd.8*
%{_mandir}/man8/vfs_acl_tdb.8*
@@ -1579,9 +1675,8 @@ fi
%{_bindir}/cifsdd
%{_bindir}/dbwrap_tool
%{_bindir}/dumpmscat
-%exclude %{_bindir}/findsmb
%{_bindir}/mvxattr
-%{_bindir}/mdfind
+%{_bindir}/mdsearch
%{_bindir}/nmblookup
%{_bindir}/oLschema2ldif
%{_bindir}/regdiff
@@ -1608,9 +1703,8 @@ fi
%{_mandir}/man1/regpatch.1*
%{_mandir}/man1/regshell.1*
%{_mandir}/man1/regtree.1*
-%exclude %{_mandir}/man1/findsmb.1*
%{_mandir}/man1/log2pcap.1*
-%{_mandir}/man1/mdfind.1*
+%{_mandir}/man1/mdsearch.1*
%{_mandir}/man1/mvxattr.1*
%{_mandir}/man1/rpcclient.1*
%{_mandir}/man1/sharesec.1*
@@ -1691,10 +1785,10 @@ fi
%{_libdir}/samba/libclidns-samba4.so
%{_libdir}/samba/libcluster-samba4.so
%{_libdir}/samba/libcmdline-contexts-samba4.so
-%{_libdir}/samba/libcmdline-credentials-samba4.so
%{_libdir}/samba/libcommon-auth-samba4.so
%{_libdir}/samba/libctdb-event-client-samba4.so
%{_libdir}/samba/libdbwrap-samba4.so
+%{_libdir}/samba/libdcerpc-pkt-auth-samba4.so
%{_libdir}/samba/libdcerpc-samba-samba4.so
%{_libdir}/samba/libevents-samba4.so
%{_libdir}/samba/libflag-mapping-samba4.so
@@ -1749,7 +1843,6 @@ fi
%{_libdir}/samba/libtime-basic-samba4.so
%{_libdir}/samba/libtorture-samba4.so
%{_libdir}/samba/libtrusts-util-samba4.so
-%{_libdir}/samba/libutil-cmdline-samba4.so
%{_libdir}/samba/libutil-reg-samba4.so
%{_libdir}/samba/libutil-setid-samba4.so
%{_libdir}/samba/libutil-tdb-samba4.so
@@ -1775,7 +1868,7 @@ fi
%{_libdir}/samba/ldb/asq.so
%{_libdir}/samba/ldb/ldb.so
-#%%{_libdir}/samba/ldb/mdb.so
+%{_libdir}/samba/ldb/mdb.so
%{_libdir}/samba/ldb/paged_searches.so
%{_libdir}/samba/ldb/rdn_name.so
%{_libdir}/samba/ldb/sample.so
@@ -1813,8 +1906,7 @@ fi
### COMMON-libs
%files common-libs
# common libraries
-%{_libdir}/samba/libpopt-samba3-cmdline-samba4.so
-%{_libdir}/samba/libpopt-samba3-samba4.so
+%{_libdir}/samba/libcmdline-samba4.so
%dir %{_libdir}/samba/ldb
@@ -1827,6 +1919,7 @@ fi
%{_bindir}/net
%{_bindir}/pdbedit
%{_bindir}/profiles
+%{_bindir}/samba-tool
%{_bindir}/smbcontrol
%{_bindir}/smbpasswd
%{_bindir}/testparm
@@ -1835,13 +1928,13 @@ fi
%{_mandir}/man1/testparm.1*
%{_mandir}/man8/net.8*
%{_mandir}/man8/pdbedit.8*
+%{_mandir}/man8/samba-tool.8*
%{_mandir}/man8/smbpasswd.8*
### DC
%if %{with dc} || %{with testsuite}
%files dc
%{_unitdir}/samba.service
-%{_bindir}/samba-tool
%{_sbindir}/samba
%{_sbindir}/samba_dnsupdate
%{_sbindir}/samba_downgrade_db
@@ -1909,7 +2002,6 @@ fi
%{_mandir}/man8/samba.8*
%{_mandir}/man8/samba_downgrade_db.8*
%{_mandir}/man8/samba-gpupdate.8*
-%{_mandir}/man8/samba-tool.8*
%dir %{_datadir}/samba/admx
%{_datadir}/samba/admx/samba.admx
%dir %{_datadir}/samba/admx/en-US
@@ -1952,7 +2044,6 @@ fi
%endif
%{_libdir}/libdcerpc-server.so.*
-%{_libdir}/samba/libdnsserver-common-samba4.so
%{_libdir}/samba/libdsdb-module-samba4.so
%{_libdir}/samba/libdsdb-garbage-collect-tombstones-samba4.so
%{_libdir}/samba/libscavenge-dns-records-samba4.so
@@ -1961,8 +2052,6 @@ fi
%files dc-bind-dlz
%attr(770,root,named) %dir /var/lib/samba/bind-dns
%dir %{_libdir}/samba/bind9
-%{_libdir}/samba/bind9/dlz_bind9.so
-%{_libdir}/samba/bind9/dlz_bind9_9.so
%{_libdir}/samba/bind9/dlz_bind9_10.so
%{_libdir}/samba/bind9/dlz_bind9_11.so
%{_libdir}/samba/bind9/dlz_bind9_12.so
@@ -2136,6 +2225,7 @@ fi
%{_libdir}/samba/libauth4-samba4.so
%{_libdir}/samba/libauth-unix-token-samba4.so
%{_libdir}/samba/libdcerpc-samba4.so
+%{_libdir}/samba/libdnsserver-common-samba4.so
%{_libdir}/samba/libshares-samba4.so
%{_libdir}/samba/libsmbpasswdparser-samba4.so
%{_libdir}/samba/libxattr-tdb-samba4.so
@@ -2230,6 +2320,7 @@ fi
%{python3_sitearch}/samba/__pycache__/getopt.*.pyc
%{python3_sitearch}/samba/__pycache__/gpclass.*.pyc
%{python3_sitearch}/samba/__pycache__/gp_ext_loader.*.pyc
+%{python3_sitearch}/samba/__pycache__/gp_gnome_settings_ext.*.pyc
%{python3_sitearch}/samba/__pycache__/gp_msgs_ext.*.pyc
%{python3_sitearch}/samba/__pycache__/gp_scripts_ext.*.pyc
%{python3_sitearch}/samba/__pycache__/gp_sec_ext.*.pyc
@@ -2252,7 +2343,14 @@ fi
%{python3_sitearch}/samba/__pycache__/trust_utils.*.pyc
%{python3_sitearch}/samba/__pycache__/upgrade.*.pyc
%{python3_sitearch}/samba/__pycache__/upgradehelpers.*.pyc
+%{python3_sitearch}/samba/__pycache__/vgp_access_ext.*.pyc
+%{python3_sitearch}/samba/__pycache__/vgp_files_ext.*.pyc
+%{python3_sitearch}/samba/__pycache__/vgp_issue_ext.*.pyc
+%{python3_sitearch}/samba/__pycache__/vgp_motd_ext.*.pyc
+%{python3_sitearch}/samba/__pycache__/vgp_openssh_ext.*.pyc
+%{python3_sitearch}/samba/__pycache__/vgp_startup_scripts_ext.*.pyc
%{python3_sitearch}/samba/__pycache__/vgp_sudoers_ext.*.pyc
+%{python3_sitearch}/samba/__pycache__/vgp_symlink_ext.*.pyc
%{python3_sitearch}/samba/__pycache__/xattr.*.pyc
%{python3_sitearch}/samba/_glue.*.so
%{python3_sitearch}/samba/_ldb.*.so
@@ -2281,6 +2379,7 @@ fi
%{python3_sitearch}/samba/dcerpc/idmap.*.so
%{python3_sitearch}/samba/dcerpc/initshutdown.*.so
%{python3_sitearch}/samba/dcerpc/irpc.*.so
+%{python3_sitearch}/samba/dcerpc/krb5ccache.*.so
%{python3_sitearch}/samba/dcerpc/krb5pac.*.so
%{python3_sitearch}/samba/dcerpc/lsa.*.so
%{python3_sitearch}/samba/dcerpc/messaging.*.so
@@ -2309,9 +2408,12 @@ fi
%{python3_sitearch}/samba/descriptor.py
%{python3_sitearch}/samba/dnsresolver.py
%{python3_sitearch}/samba/drs_utils.py
+%{python3_sitearch}/samba/dsdb.*.so
+%{python3_sitearch}/samba/dsdb_dns.*.so
%{python3_sitearch}/samba/gensec.*.so
%{python3_sitearch}/samba/getopt.py
%{python3_sitearch}/samba/gpclass.py
+%{python3_sitearch}/samba/gp_gnome_settings_ext.py
%{python3_sitearch}/samba/gp_scripts_ext.py
%{python3_sitearch}/samba/gp_sec_ext.py
%{python3_sitearch}/samba/gpo.*.so
@@ -2322,6 +2424,7 @@ fi
%{python3_sitearch}/samba/messaging.*.so
%{python3_sitearch}/samba/ndr.py
%{python3_sitearch}/samba/net.*.so
+%{python3_sitearch}/samba/net_s3.*.so
%{python3_sitearch}/samba/ntstatus.*.so
%{python3_sitearch}/samba/posix_eadb.*.so
%dir %{python3_sitearch}/samba/emulate
@@ -2444,7 +2547,14 @@ fi
%{python3_sitearch}/samba/trust_utils.py
%{python3_sitearch}/samba/upgrade.py
%{python3_sitearch}/samba/upgradehelpers.py
+%{python3_sitearch}/samba/vgp_access_ext.py
+%{python3_sitearch}/samba/vgp_files_ext.py
+%{python3_sitearch}/samba/vgp_issue_ext.py
+%{python3_sitearch}/samba/vgp_motd_ext.py
+%{python3_sitearch}/samba/vgp_openssh_ext.py
+%{python3_sitearch}/samba/vgp_startup_scripts_ext.py
%{python3_sitearch}/samba/vgp_sudoers_ext.py
+%{python3_sitearch}/samba/vgp_symlink_ext.py
%{python3_sitearch}/samba/werror.*.so
%{python3_sitearch}/samba/xattr.py
%{python3_sitearch}/samba/xattr_native.*.so
@@ -2491,8 +2601,6 @@ fi
%{python3_sitearch}/samba/dcerpc/dnsserver.*.so
%{python3_sitearch}/samba/dckeytab.*.so
-%{python3_sitearch}/samba/dsdb.*.so
-%{python3_sitearch}/samba/dsdb_dns.*.so
%{python3_sitearch}/samba/domain_update.py
%{python3_sitearch}/samba/forest_update.py
%{python3_sitearch}/samba/ms_forest_updates_markdown.py
@@ -2559,6 +2667,7 @@ fi
%{python3_sitearch}/samba/tests/__pycache__/cred_opt.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/dckeytab.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/dns.*.pyc
+%{python3_sitearch}/samba/tests/__pycache__/dns_aging.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/dns_base.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/dns_forwarder.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/dns_invalid.*.pyc
@@ -2566,6 +2675,8 @@ fi
%{python3_sitearch}/samba/tests/__pycache__/dns_tkey.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/dns_wildcard.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/dsdb.*.pyc
+%{python3_sitearch}/samba/tests/__pycache__/dsdb_api.*.pyc
+%{python3_sitearch}/samba/tests/__pycache__/dsdb_dns.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/dsdb_lock.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/dsdb_schema_attributes.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/docs.*.pyc
@@ -2577,17 +2688,22 @@ fi
%{python3_sitearch}/samba/tests/__pycache__/getdcname.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/glue.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/gpo.*.pyc
+%{python3_sitearch}/samba/tests/__pycache__/gpo_member.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/graph.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/group_audit.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/hostconfig.*.pyc
+%{python3_sitearch}/samba/tests/__pycache__/imports.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/join.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/krb5_credentials.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/ldap_raw.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/ldap_referrals.*.pyc
+%{python3_sitearch}/samba/tests/__pycache__/ldap_spn.*.pyc
+%{python3_sitearch}/samba/tests/__pycache__/ldap_upn_sam_account.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/loadparm.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/libsmb.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/lsa_string.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/messaging.*.pyc
+%{python3_sitearch}/samba/tests/__pycache__/ndr.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/netbios.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/netcmd.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/net_join_no_spnego.*.pyc
@@ -2623,10 +2739,12 @@ fi
%{python3_sitearch}/samba/tests/__pycache__/s3passdb.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/s3registry.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/s3windb.*.pyc
+%{python3_sitearch}/samba/tests/__pycache__/s3_net_join.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/samba_upgradedns_lmdb.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/samba3sam.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/samdb.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/samdb_api.*.pyc
+%{python3_sitearch}/samba/tests/__pycache__/sddl.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/security.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/segfault.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/smb.*.pyc
@@ -2661,7 +2779,7 @@ fi
%{python3_sitearch}/samba/tests/blackbox/__pycache__/bug13653.*.pyc
%{python3_sitearch}/samba/tests/blackbox/__pycache__/check_output.*.pyc
%{python3_sitearch}/samba/tests/blackbox/__pycache__/downgradedatabase.*.pyc
-%{python3_sitearch}/samba/tests/blackbox/__pycache__/mdfind.*.pyc
+%{python3_sitearch}/samba/tests/blackbox/__pycache__/mdsearch.*.pyc
%{python3_sitearch}/samba/tests/blackbox/__pycache__/ndrdump.*.pyc
%{python3_sitearch}/samba/tests/blackbox/__pycache__/netads_json.*.pyc
%{python3_sitearch}/samba/tests/blackbox/__pycache__/samba_dnsupdate.*.pyc
@@ -2677,7 +2795,7 @@ fi
%{python3_sitearch}/samba/tests/blackbox/bug13653.py
%{python3_sitearch}/samba/tests/blackbox/check_output.py
%{python3_sitearch}/samba/tests/blackbox/downgradedatabase.py
-%{python3_sitearch}/samba/tests/blackbox/mdfind.py
+%{python3_sitearch}/samba/tests/blackbox/mdsearch.py
%{python3_sitearch}/samba/tests/blackbox/ndrdump.py
%{python3_sitearch}/samba/tests/blackbox/netads_json.py
%{python3_sitearch}/samba/tests/blackbox/samba_dnsupdate.py
@@ -2705,6 +2823,7 @@ fi
%{python3_sitearch}/samba/tests/dcerpc/__pycache__/binding.*.pyc
%{python3_sitearch}/samba/tests/dcerpc/__pycache__/dnsserver.*.pyc
%{python3_sitearch}/samba/tests/dcerpc/__pycache__/integer.*.pyc
+%{python3_sitearch}/samba/tests/dcerpc/__pycache__/lsa.*.pyc
%{python3_sitearch}/samba/tests/dcerpc/__pycache__/mdssvc.*.pyc
%{python3_sitearch}/samba/tests/dcerpc/__pycache__/misc.*.pyc
%{python3_sitearch}/samba/tests/dcerpc/__pycache__/raw_protocol.*.pyc
@@ -2724,6 +2843,7 @@ fi
%{python3_sitearch}/samba/tests/dcerpc/createtrustrelax.py
%{python3_sitearch}/samba/tests/dcerpc/dnsserver.py
%{python3_sitearch}/samba/tests/dcerpc/integer.py
+%{python3_sitearch}/samba/tests/dcerpc/lsa.py
%{python3_sitearch}/samba/tests/dcerpc/mdssvc.py
%{python3_sitearch}/samba/tests/dcerpc/misc.py
%{python3_sitearch}/samba/tests/dcerpc/raw_protocol.py
@@ -2739,6 +2859,7 @@ fi
%{python3_sitearch}/samba/tests/dcerpc/unix.py
%{python3_sitearch}/samba/tests/dckeytab.py
%{python3_sitearch}/samba/tests/dns.py
+%{python3_sitearch}/samba/tests/dns_aging.py
%{python3_sitearch}/samba/tests/dns_base.py
%{python3_sitearch}/samba/tests/dns_forwarder.py
%dir %{python3_sitearch}/samba/tests/dns_forwarder_helpers
@@ -2749,6 +2870,8 @@ fi
%{python3_sitearch}/samba/tests/dns_tkey.py
%{python3_sitearch}/samba/tests/dns_wildcard.py
%{python3_sitearch}/samba/tests/dsdb.py
+%{python3_sitearch}/samba/tests/dsdb_api.py
+%{python3_sitearch}/samba/tests/dsdb_dns.py
%{python3_sitearch}/samba/tests/dsdb_lock.py
%{python3_sitearch}/samba/tests/dsdb_schema_attributes.py
%{python3_sitearch}/samba/tests/docs.py
@@ -2768,9 +2891,11 @@ fi
%{python3_sitearch}/samba/tests/get_opt.py
%{python3_sitearch}/samba/tests/glue.py
%{python3_sitearch}/samba/tests/gpo.py
+%{python3_sitearch}/samba/tests/gpo_member.py
%{python3_sitearch}/samba/tests/graph.py
%{python3_sitearch}/samba/tests/group_audit.py
%{python3_sitearch}/samba/tests/hostconfig.py
+%{python3_sitearch}/samba/tests/imports.py
%{python3_sitearch}/samba/tests/join.py
%dir %{python3_sitearch}/samba/tests/kcc
%{python3_sitearch}/samba/tests/kcc/__init__.py
@@ -2786,37 +2911,64 @@ fi
%{python3_sitearch}/samba/tests/kcc/ldif_import_export.py
%dir %{python3_sitearch}/samba/tests/krb5
%dir %{python3_sitearch}/samba/tests/krb5/__pycache__
+%{python3_sitearch}/samba/tests/krb5/__pycache__/alias_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/as_canonicalization_tests.*.pyc
+%{python3_sitearch}/samba/tests/krb5/__pycache__/as_req_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/compatability_tests.*.pyc
+%{python3_sitearch}/samba/tests/krb5/__pycache__/fast_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/kcrypto.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/kdc_base_test.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/kdc_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/kdc_tgs_tests.*.pyc
+%{python3_sitearch}/samba/tests/krb5/__pycache__/ms_kile_client_principal_lookup_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/raw_testcase.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/rfc4120_constants.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/rfc4120_pyasn1.*.pyc
+%{python3_sitearch}/samba/tests/krb5/__pycache__/rodc_tests*.pyc
+%{python3_sitearch}/samba/tests/krb5/__pycache__/salt_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/simple_tests.*.pyc
+%{python3_sitearch}/samba/tests/krb5/__pycache__/spn_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/s4u_tests.*.pyc
+%{python3_sitearch}/samba/tests/krb5/__pycache__/test_ccache.*.pyc
+%{python3_sitearch}/samba/tests/krb5/__pycache__/test_ldap.*.pyc
+%{python3_sitearch}/samba/tests/krb5/__pycache__/test_min_domain_uid.*.pyc
+%{python3_sitearch}/samba/tests/krb5/__pycache__/test_rpc.*.pyc
+%{python3_sitearch}/samba/tests/krb5/__pycache__/test_smb.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/xrealm_tests.*.pyc
+%{python3_sitearch}/samba/tests/krb5/alias_tests.py
%{python3_sitearch}/samba/tests/krb5/as_canonicalization_tests.py
+%{python3_sitearch}/samba/tests/krb5/as_req_tests.py
%{python3_sitearch}/samba/tests/krb5/compatability_tests.py
+%{python3_sitearch}/samba/tests/krb5/fast_tests.py
%{python3_sitearch}/samba/tests/krb5/kcrypto.py
%{python3_sitearch}/samba/tests/krb5/kdc_base_test.py
%{python3_sitearch}/samba/tests/krb5/kdc_tests.py
%{python3_sitearch}/samba/tests/krb5/kdc_tgs_tests.py
+%{python3_sitearch}/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py
%{python3_sitearch}/samba/tests/krb5/raw_testcase.py
%{python3_sitearch}/samba/tests/krb5/rfc4120_constants.py
%{python3_sitearch}/samba/tests/krb5/rfc4120_pyasn1.py
+%{python3_sitearch}/samba/tests/krb5/rodc_tests.py
+%{python3_sitearch}/samba/tests/krb5/salt_tests.py
%{python3_sitearch}/samba/tests/krb5/simple_tests.py
+%{python3_sitearch}/samba/tests/krb5/spn_tests.py
+%{python3_sitearch}/samba/tests/krb5/test_ccache.py
+%{python3_sitearch}/samba/tests/krb5/test_ldap.py
+%{python3_sitearch}/samba/tests/krb5/test_min_domain_uid.py
+%{python3_sitearch}/samba/tests/krb5/test_rpc.py
+%{python3_sitearch}/samba/tests/krb5/test_smb.py
%{python3_sitearch}/samba/tests/krb5/s4u_tests.py
%{python3_sitearch}/samba/tests/krb5/xrealm_tests.py
%{python3_sitearch}/samba/tests/krb5_credentials.py
%{python3_sitearch}/samba/tests/ldap_raw.py
%{python3_sitearch}/samba/tests/ldap_referrals.py
+%{python3_sitearch}/samba/tests/ldap_spn.py
+%{python3_sitearch}/samba/tests/ldap_upn_sam_account.py
%{python3_sitearch}/samba/tests/libsmb.py
%{python3_sitearch}/samba/tests/loadparm.py
%{python3_sitearch}/samba/tests/lsa_string.py
%{python3_sitearch}/samba/tests/messaging.py
+%{python3_sitearch}/samba/tests/ndr.py
%{python3_sitearch}/samba/tests/netbios.py
%{python3_sitearch}/samba/tests/netcmd.py
%{python3_sitearch}/samba/tests/net_join_no_spnego.py
@@ -2852,6 +3004,7 @@ fi
%{python3_sitearch}/samba/tests/s3passdb.py
%{python3_sitearch}/samba/tests/s3registry.py
%{python3_sitearch}/samba/tests/s3windb.py
+%{python3_sitearch}/samba/tests/s3_net_join.py
%{python3_sitearch}/samba/tests/samba3sam.py
%{python3_sitearch}/samba/tests/samba_upgradedns_lmdb.py
%dir %{python3_sitearch}/samba/tests/samba_tool
@@ -2868,6 +3021,7 @@ fi
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/forest.*.pyc
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/fsmo.*.pyc
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/gpo.*.pyc
+%{python3_sitearch}/samba/tests/samba_tool/__pycache__/gpo_exts.*.pyc
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/group.*.pyc
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/help.*.pyc
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/join.*.pyc
@@ -2879,6 +3033,7 @@ fi
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/promote_dc_lmdb_size.*.pyc
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/provision_lmdb_size.*.pyc
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/provision_password_check.*.pyc
+%{python3_sitearch}/samba/tests/samba_tool/__pycache__/provision_userPassword_crypt.*.pyc
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/rodc.*.pyc
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/schema.*.pyc
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/sites.*.pyc
@@ -2902,6 +3057,7 @@ fi
%{python3_sitearch}/samba/tests/samba_tool/forest.py
%{python3_sitearch}/samba/tests/samba_tool/fsmo.py
%{python3_sitearch}/samba/tests/samba_tool/gpo.py
+%{python3_sitearch}/samba/tests/samba_tool/gpo_exts.py
%{python3_sitearch}/samba/tests/samba_tool/group.py
%{python3_sitearch}/samba/tests/samba_tool/help.py
%{python3_sitearch}/samba/tests/samba_tool/join.py
@@ -2913,6 +3069,7 @@ fi
%{python3_sitearch}/samba/tests/samba_tool/promote_dc_lmdb_size.py
%{python3_sitearch}/samba/tests/samba_tool/provision_lmdb_size.py
%{python3_sitearch}/samba/tests/samba_tool/provision_password_check.py
+%{python3_sitearch}/samba/tests/samba_tool/provision_userPassword_crypt.py
%{python3_sitearch}/samba/tests/samba_tool/rodc.py
%{python3_sitearch}/samba/tests/samba_tool/schema.py
%{python3_sitearch}/samba/tests/samba_tool/sites.py
@@ -2928,6 +3085,7 @@ fi
%{python3_sitearch}/samba/tests/samba_tool/visualize_drs.py
%{python3_sitearch}/samba/tests/samdb.py
%{python3_sitearch}/samba/tests/samdb_api.py
+%{python3_sitearch}/samba/tests/sddl.py
%{python3_sitearch}/samba/tests/security.py
%{python3_sitearch}/samba/tests/segfault.py
%{python3_sitearch}/samba/tests/smb.py
@@ -3071,6 +3229,7 @@ fi
%{_libexecdir}/ctdb/ctdb_recovery_helper
%{_libexecdir}/ctdb/ctdb_takeover_helper
%{_libexecdir}/ctdb/smnotify
+%{_libexecdir}/ctdb/tdb_mutex_check
%dir %{_localstatedir}/lib/ctdb/
%dir %{_localstatedir}/lib/ctdb/persistent
@@ -3901,6 +4060,33 @@ fi
#endif with selftest
%endif
+%if %{with pcp_pmda}
+%files -n ctdb-pcp-pmda
+%dir %{_localstatedir}/lib/pcp/pmdas/ctdb
+%{_localstatedir}/lib/pcp/pmdas/ctdb/Install
+%{_localstatedir}/lib/pcp/pmdas/ctdb/README
+%{_localstatedir}/lib/pcp/pmdas/ctdb/Remove
+%{_localstatedir}/lib/pcp/pmdas/ctdb/domain.h
+%{_localstatedir}/lib/pcp/pmdas/ctdb/help
+%{_localstatedir}/lib/pcp/pmdas/ctdb/pmdactdb
+%{_localstatedir}/lib/pcp/pmdas/ctdb/pmns
+#endif with pcp_pmda
+%endif
+
+%if %{with etcd_mutex}
+%files -n ctdb-etcd-mutex
+%{_libexecdir}/ctdb/ctdb_etcd_lock
+%{_mandir}/man7/ctdb-etcd.7.gz
+#endif with etcd_mutex
+%endif
+
+%if %{with ceph_mutex}
+%files -n ctdb-ceph-mutex
+%{_libexecdir}/ctdb/ctdb_mutex_ceph_rados_helper
+%{_mandir}/man7/ctdb_mutex_ceph_rados_helper.7.gz
+#endif with ceph_mutex
+%endif
+
#endif with clustering
%endif
@@ -3912,6 +4098,21 @@ fi
%endif
%changelog
+* Fri Dec 03 2021 Andreas Schneider <asn@redhat.com> - 4.15.2-3
+- related: rhbz#2013578 - Remove unneeded lmdb dependency
+
+* Wed Dec 01 2021 Pavel Filipenský <pfilipen@redhat.com> - 4.15.2-2
+- resolves: rhbz#2019675 - Fix CVE-2020-25717
+
+* Wed Dec 01 2021 Pavel Filipenský <pfilipen@redhat.com> - 4.15.2-2
+- resolves: rhbz#2019669 - Fix CVE-2021-23192
+
+* Wed Dec 01 2021 Pavel Filipenský <pfilipen@redhat.com> - 4.15.2-2
+- resolves: rhbz#2019663 - Fix CVE-2016-2124
+
+* Mon Nov 29 2021 Pavel Filipenský <pfilipen@redhat.com> - 4.15.2-1
+- resolves: rhbz#2013578 - Rebase to Samba 4.15.2
+
* Tue Aug 31 2021 Andreas Schneider <asn@redhat.com> - 4.14.5-103
- resolves: rhbz#1980356 - Fix winbind restart on package upgrade