diff --git a/SOURCES/samba-4.13-redhat.patch b/SOURCES/samba-4.13-redhat.patch
index e419a1e..33b84bd 100644
--- a/SOURCES/samba-4.13-redhat.patch
+++ b/SOURCES/samba-4.13-redhat.patch
@@ -1,7 +1,7 @@
-From 07aff9dc09ed0a94887024dfc76efaed8991333e Mon Sep 17 00:00:00 2001
+From 77a771be72a6084216ea848f2d851eb7192ae9b9 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Mon, 13 Jul 2020 16:15:03 +0200
-Subject: [PATCH 001/100] libcli:smb2: Do not leak ptext on error
+Subject: [PATCH 001/105] libcli:smb2: Do not leak ptext on error
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
@@ -25,10 +25,10 @@ index 623fc23fb18..bba80817018 100644
2.28.0
-From 73014e92aad8993f839c791908f59b72d40a24ae Mon Sep 17 00:00:00 2001
+From eb5fbbd3090cbdea95b14e9ac167253fafe633f8 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Mon, 13 Jul 2020 17:23:37 +0200
-Subject: [PATCH 002/100] libcli:smb2: Use talloc NULL context if we don't have
+Subject: [PATCH 002/105] libcli:smb2: Use talloc NULL context if we don't have
a stackframe
If we execute this code from python we don't have a talloc stackframe
@@ -109,10 +109,10 @@ index bba80817018..7669b219bbe 100644
2.28.0
-From 7ca72018fbe6bbedf084cdf2e01c2ebf08e44ead Mon Sep 17 00:00:00 2001
+From 66ee204aee9a4919d94003a9a3263a44c2d5b436 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Wed, 6 Nov 2019 17:37:45 +0100
-Subject: [PATCH 003/100] auth:creds: Introduce CRED_SMB_CONF
+Subject: [PATCH 003/105] auth:creds: Introduce CRED_SMB_CONF
We have several places where we check '> CRED_UNINITIALISED',
so we better don't use CRED_UNINITIALISED for values from
@@ -205,10 +205,10 @@ index d2a81506de3..6454ac9ff7c 100644
2.28.0
-From 8db7189e56c1d92afd9d4ddad86aec5bd2e79782 Mon Sep 17 00:00:00 2001
+From 8d2d8cdc90d0455429c9d461ebd65d21a0b29b8d Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Thu, 10 Oct 2019 14:18:23 +0200
-Subject: [PATCH 004/100] param: Add 'server smb encrypt' parameter
+Subject: [PATCH 004/105] param: Add 'server smb encrypt' parameter
And this also makes 'smb encrypt' a synonym of that.
@@ -824,10 +824,10 @@ index 7acde285a90..b745e0906b1 100644
2.28.0
-From 1d65a9fcc38f75ebafa13a841db2144352a1b1c8 Mon Sep 17 00:00:00 2001
+From 71b97ba1fd9260efd29e3ab3456b82d2a4f6dcc8 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Thu, 28 May 2020 10:04:19 +0200
-Subject: [PATCH 005/100] param: Create and use enum_smb_encryption_vals
+Subject: [PATCH 005/105] param: Create and use enum_smb_encryption_vals
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
@@ -922,10 +922,10 @@ index b424b13cde4..2fb1fd7189e 100644
2.28.0
-From 7c809faf69a750863bda401b6bf30417d3e8b480 Mon Sep 17 00:00:00 2001
+From ca1e10a901af67327d25765bfed404e2d1c756a5 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Tue, 26 May 2020 09:34:54 +0200
-Subject: [PATCH 006/100] s3:smbd: Use 'enum smb_encryption_setting' values
+Subject: [PATCH 006/105] s3:smbd: Use 'enum smb_encryption_setting' values
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
@@ -1046,10 +1046,10 @@ index b745e0906b1..2f2fdcb7260 100644
2.28.0
-From b4cd08724632654f71faeec2b7127819c4918ebe Mon Sep 17 00:00:00 2001
+From a5630bb933393fe69ff9b7f072221b9085d6277c Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Thu, 9 Apr 2020 10:38:41 +0200
-Subject: [PATCH 007/100] docs-xml: Add 'client smb encrypt'
+Subject: [PATCH 007/105] docs-xml: Add 'client smb encrypt'
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
@@ -1224,10 +1224,10 @@ index b305e34b252..9a2a309b781 100644
2.28.0
-From 79fa663ab07739c097df0ce1fe4a52b586e15c87 Mon Sep 17 00:00:00 2001
+From 3d826b1efb4a0e1f77875c7cbad2fcd16c3ac17b Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Wed, 22 Jul 2020 17:48:25 +0200
-Subject: [PATCH 008/100] lib:param: Add lpcfg_parse_enum_vals()
+Subject: [PATCH 008/105] lib:param: Add lpcfg_parse_enum_vals()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
@@ -1291,10 +1291,10 @@ index 323fcf84523..e66ce2324b4 100644
2.28.0
-From b97462eb6e5fef2ef09693974e08b28ed7a0bf96 Mon Sep 17 00:00:00 2001
+From 2f74f9d6a5d38e6eb2ca3d32f61d5d9b1c55f3c1 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Wed, 9 Oct 2019 09:38:08 +0200
-Subject: [PATCH 009/100] libcli:smb: Add smb_signing_setting_translate()
+Subject: [PATCH 009/105] libcli:smb: Add smb_signing_setting_translate()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
@@ -1464,10 +1464,10 @@ index 6918e1306c3..20981754db4 100644
2.28.0
-From f86a150caa64f422eb453ff8d7d1c1481c08d0fc Mon Sep 17 00:00:00 2001
+From 912ec83bf4ec6a965ee10ace1d74036c5c6a4c92 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Tue, 26 May 2020 08:39:34 +0200
-Subject: [PATCH 010/100] libcli:smb: Add smb_encryption_setting_translate()
+Subject: [PATCH 010/105] libcli:smb: Add smb_encryption_setting_translate()
Add encryption enum and function to avoid confusion when reading the
code.
@@ -1558,10 +1558,10 @@ index da0e4db2bf3..ac2887ee5c4 100644
2.28.0
-From 05c4c489b43bbe7170fa9720e4ff165b7413746b Mon Sep 17 00:00:00 2001
+From 7d2c3a519805549f577b54cf72a5d95b4ae744f3 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Wed, 9 Oct 2019 09:47:59 +0200
-Subject: [PATCH 011/100] s3:lib: Use smb_signing_setting_translate for cmdline
+Subject: [PATCH 011/105] s3:lib: Use smb_signing_setting_translate for cmdline
parsing
The function will be removed soon.
@@ -1625,10 +1625,10 @@ index 5a07eddac44..6a08afe4a25 100644
2.28.0
-From b70cea0b6ce5d2b956374dfe5aa99fcaf11b12ef Mon Sep 17 00:00:00 2001
+From d488762aa9468bd54890a2fe3dba3fd52582b556 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Thu, 23 Jul 2020 07:47:18 +0200
-Subject: [PATCH 012/100] auth:creds: Remove unused credentials autoproto
+Subject: [PATCH 012/105] auth:creds: Remove unused credentials autoproto
header
Signed-off-by: Andreas Schneider <asn@samba.org>
@@ -1705,10 +1705,10 @@ index 7711eac2afa..d9be3562adb 100644
2.28.0
-From 3d195c36e2e4ea8ce52087eb125508fd972b89b9 Mon Sep 17 00:00:00 2001
+From 696d2230503dada1e4369500c7c632bd7d3e5527 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Tue, 26 May 2020 09:32:44 +0200
-Subject: [PATCH 013/100] auth:creds: Add
+Subject: [PATCH 013/105] auth:creds: Add
cli_credentials_(get|set)_smb_signing()
Signed-off-by: Andreas Schneider <asn@samba.org>
@@ -1847,10 +1847,10 @@ index 68f1f25dce1..9cde0000b5f 100644
2.28.0
-From 9512e052b03d6fc9dffd4a02845b955b0066a129 Mon Sep 17 00:00:00 2001
+From 0176a9d55aed4bdb49ac6f703dcae778b2f4ac5c Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Wed, 3 Jun 2020 11:56:01 +0200
-Subject: [PATCH 014/100] auth:creds: Add python bindings for
+Subject: [PATCH 014/105] auth:creds: Add python bindings for
(get|set)_smb_signing
Signed-off-by: Andreas Schneider <asn@samba.org>
@@ -1973,10 +1973,10 @@ index 6454ac9ff7c..e5f8122fa21 100644
2.28.0
-From a13c70026e974ff0a041ede4fcbe6c03245b2d90 Mon Sep 17 00:00:00 2001
+From 96c4ce197bb62772778d822f0e5956d5a3ffe28d Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Thu, 28 May 2020 16:31:35 +0200
-Subject: [PATCH 015/100] auth:creds: Add
+Subject: [PATCH 015/105] auth:creds: Add
cli_credentials_(get|set)_smb_ipc_signing()
Signed-off-by: Andreas Schneider <asn@samba.org>
@@ -2105,10 +2105,10 @@ index 9cde0000b5f..54e8271471f 100644
2.28.0
-From 7a8a171af61558bc73ae91b79a1e340c5a3ab0a8 Mon Sep 17 00:00:00 2001
+From 301adf15736a4cb10f9dca267a906efb8f885354 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Wed, 3 Jun 2020 12:32:46 +0200
-Subject: [PATCH 016/100] auth:creds: Add python bindings for
+Subject: [PATCH 016/105] auth:creds: Add python bindings for
(get|set)_smb_ipc_signing
Signed-off-by: Andreas Schneider <asn@samba.org>
@@ -2210,10 +2210,10 @@ index e5f8122fa21..8edf13ce6ff 100644
2.28.0
-From 8a0a0505f4174be7b064f3c876a40d06610528e6 Mon Sep 17 00:00:00 2001
+From cf2cafb38dd319c01ff539a73d40dac8813f03a0 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Thu, 28 May 2020 16:10:52 +0200
-Subject: [PATCH 017/100] auth:creds: Add
+Subject: [PATCH 017/105] auth:creds: Add
cli_credentials_(get|set)_smb_encryption()
Signed-off-by: Andreas Schneider <asn@samba.org>
@@ -2344,10 +2344,10 @@ index 54e8271471f..3b86b742448 100644
2.28.0
-From 5c4e143a21f850721dbcedd8be7e6b4f2b92b6e2 Mon Sep 17 00:00:00 2001
+From a25732f42cf7418789c2102f093dc0b3062543fd Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Wed, 3 Jun 2020 12:38:30 +0200
-Subject: [PATCH 018/100] auth:creds: Add python bindings for
+Subject: [PATCH 018/105] auth:creds: Add python bindings for
(get|set)_smb_encryption
Signed-off-by: Andreas Schneider <asn@samba.org>
@@ -2462,10 +2462,10 @@ index 8edf13ce6ff..e0a6248d37a 100644
2.28.0
-From 9040ebf06daa7b239ae5899d3ead86942e3d48fb Mon Sep 17 00:00:00 2001
+From 1a1809bd260ceff97dd4ff697f78b97a63f60b48 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Thu, 4 Jun 2020 11:19:53 +0200
-Subject: [PATCH 019/100] auth:creds: Add python bindings for
+Subject: [PATCH 019/105] auth:creds: Add python bindings for
cli_credentials_set_conf()
Signed-off-by: Andreas Schneider <asn@samba.org>
@@ -2590,10 +2590,10 @@ index e0a6248d37a..6187bded0b6 100644
2.28.0
-From 8d7b4b017c507b138e74c2a56a07b41fe6cc3958 Mon Sep 17 00:00:00 2001
+From 72b31403174eb23fe4fdf75ad918e845a740db6f Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Thu, 23 Jul 2020 08:14:23 +0200
-Subject: [PATCH 020/100] auth:creds: Bump library version
+Subject: [PATCH 020/105] auth:creds: Bump library version
We added new functions so bump the version.
@@ -2620,10 +2620,10 @@ index 564a04fe8dd..1e3302e3e48 100644
2.28.0
-From ea02926bce5c4b7cd0d8e8dd06c35b7c048767fa Mon Sep 17 00:00:00 2001
+From 918b87437b9c36981049ca4e3cf0220ad56ec7c2 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Wed, 27 May 2020 11:10:30 +0200
-Subject: [PATCH 021/100] s3:lib: Use cli_credential_(get|set)_smb_signing()
+Subject: [PATCH 021/105] s3:lib: Use cli_credential_(get|set)_smb_signing()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
@@ -2691,10 +2691,10 @@ index bc1f1c3ed25..6038ec11515 100644
2.28.0
-From fe7a2f6d1c83a97dcbc77a499e959a3fb847db18 Mon Sep 17 00:00:00 2001
+From 22efb02d818946e4f03ebfb72ea345e9106deca8 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Wed, 10 Jun 2020 12:45:34 +0200
-Subject: [PATCH 022/100] s3:lib: Set smb encryption also via cli creds API
+Subject: [PATCH 022/105] s3:lib: Set smb encryption also via cli creds API
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
@@ -2720,10 +2720,10 @@ index 6038ec11515..9c9e2f0ac0f 100644
2.28.0
-From c0c976e808ee16cf65548cc85c516959808a2df9 Mon Sep 17 00:00:00 2001
+From 9abae48706106793f8952524ad2325bdd6a5101c Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Thu, 13 Aug 2020 10:40:23 +0200
-Subject: [PATCH 023/100] python: Remove unused sign argument from
+Subject: [PATCH 023/105] python: Remove unused sign argument from
smb_connection()
Signed-off-by: Andreas Schneider <asn@samba.org>
@@ -2775,10 +2775,10 @@ index 1e2c2918ebe..ad60cda0690 100644
2.28.0
-From f596bc78863ad25a669c555d355af0f2a45e4141 Mon Sep 17 00:00:00 2001
+From e2f0f56ea6ec4f9696affdee08de89c0bdffa719 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Wed, 3 Jun 2020 14:02:37 +0200
-Subject: [PATCH 024/100] python: Set smb signing via the creds API
+Subject: [PATCH 024/105] python: Set smb signing via the creds API
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
@@ -2879,10 +2879,10 @@ index ad60cda0690..0f2f6520fc3 100644
2.28.0
-From 1b482adc474ca99d44ee7ea31a596fbe90d1339d Mon Sep 17 00:00:00 2001
+From 53b2d53349b8f453cd0144f01b833deca52e3626 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Thu, 28 May 2020 17:22:12 +0200
-Subject: [PATCH 025/100] s3:libsmb: Introduce CLI_FULL_CONNECTION_IPC
+Subject: [PATCH 025/105] s3:libsmb: Introduce CLI_FULL_CONNECTION_IPC
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
@@ -3102,10 +3102,10 @@ index 6cea2ee306c..2241beb331f 100644
2.28.0
-From 4357e54eb1631973d780973aeba837a68700c7c9 Mon Sep 17 00:00:00 2001
+From 975383e368a3891e92fb071ab20f2b5208167500 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Thu, 28 May 2020 17:29:25 +0200
-Subject: [PATCH 026/100] s3:pylibsmb: Add ipc=True support for
+Subject: [PATCH 026/105] s3:pylibsmb: Add ipc=True support for
CLI_FULL_CONNECTION_IPC
Signed-off-by: Andreas Schneider <asn@samba.org>
@@ -3167,10 +3167,10 @@ index 3fcc3424a57..3579a040830 100644
2.28.0
-From b9d57cea1d92ef7115d8ea65b15859a6e0da9465 Mon Sep 17 00:00:00 2001
+From 59831141a17195b9308d75257123134b0217489c Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Fri, 24 Jul 2020 09:47:11 +0200
-Subject: [PATCH 027/100] python:tests: Mark libsmb connection as an IPC
+Subject: [PATCH 027/105] python:tests: Mark libsmb connection as an IPC
connection
Signed-off-by: Andreas Schneider <asn@samba.org>
@@ -3196,10 +3196,10 @@ index ba7440df13b..2c028d381db 100644
2.28.0
-From c0ad61ec04becafe23acc3ec3536ada7454d0e6b Mon Sep 17 00:00:00 2001
+From b9df53c20a753bf31b8684776f2b6aaaf1583abe Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Mon, 17 Aug 2020 12:52:39 +0200
-Subject: [PATCH 028/100] python:tests: Set smb ipc signing via the creds API
+Subject: [PATCH 028/105] python:tests: Set smb ipc signing via the creds API
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
@@ -3234,10 +3234,10 @@ index 2c028d381db..d6f5de7440a 100644
2.28.0
-From 6ccf22196236b154752581ccd15d44aa130364e5 Mon Sep 17 00:00:00 2001
+From c9e88d833db2b472099e5751b7731e337342d2c4 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Thu, 28 May 2020 17:59:19 +0200
-Subject: [PATCH 029/100] s3:libsmb: Use 'enum smb_signing_setting' in
+Subject: [PATCH 029/105] s3:libsmb: Use 'enum smb_signing_setting' in
cliconnect.c
Signed-off-by: Andreas Schneider <asn@samba.org>
@@ -3364,10 +3364,10 @@ index d214cdabca4..995187e21b4 100644
2.28.0
-From 5267082c586eeb6c925190338b35a2ce7c4d4763 Mon Sep 17 00:00:00 2001
+From 40c201c4d1b4621e823485e3082d0ca5799a6237 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Thu, 28 May 2020 18:11:31 +0200
-Subject: [PATCH 030/100] s3:client: Turn off smb signing for message op
+Subject: [PATCH 030/105] s3:client: Turn off smb signing for message op
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
@@ -3516,10 +3516,10 @@ index 3579a040830..f8a4d56cf53 100644
2.28.0
-From 2196e80bed2c36a228493159cf1990e7e01f94f0 Mon Sep 17 00:00:00 2001
+From 639de1d5ddf200d03f51b0436789f5dde4cd083b Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Thu, 28 May 2020 18:20:02 +0200
-Subject: [PATCH 031/100] s3:libsmb: Remove signing_state from
+Subject: [PATCH 031/105] s3:libsmb: Remove signing_state from
cli_full_connection_creds_send()
Signed-off-by: Andreas Schneider <asn@samba.org>
@@ -3615,10 +3615,10 @@ index f8a4d56cf53..c7a2d73afcb 100644
2.28.0
-From d4068d9754728142f64a7f4a211ae48f81a868d0 Mon Sep 17 00:00:00 2001
+From 57336e07f2e23dade5fcd0b8f0d002202cda223d Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Thu, 4 Jun 2020 14:59:14 +0200
-Subject: [PATCH 032/100] s3:libsmb: Remove signing_state from
+Subject: [PATCH 032/105] s3:libsmb: Remove signing_state from
cli_full_connection_creds()
Signed-off-by: Andreas Schneider <asn@samba.org>
@@ -3986,10 +3986,10 @@ index 954d6eba804..fea066ce468 100644
2.28.0
-From 059ef05fd29cc292620806a3d039c8d6808bcdb5 Mon Sep 17 00:00:00 2001
+From 6752c123f20d46aa68725971e09548a47b7c7457 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Mon, 8 Jun 2020 08:04:24 +0200
-Subject: [PATCH 033/100] s3:libsmb: Add encryption support to
+Subject: [PATCH 033/105] s3:libsmb: Add encryption support to
cli_full_connection_creds*()
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
@@ -4203,10 +4203,10 @@ index b24743d789b..abfd18bfaf1 100644
2.28.0
-From 662f4c15153f2b35bbda70fa4fb2b5ffcc280758 Mon Sep 17 00:00:00 2001
+From bdb894ebb29820b97dba3721a517a61d96fac152 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Wed, 10 Jun 2020 11:26:00 +0200
-Subject: [PATCH 034/100] python: Add a test for SMB encryption
+Subject: [PATCH 034/105] python: Add a test for SMB encryption
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
@@ -4277,10 +4277,10 @@ index e8f8e7fe94d..81d4e482644 100644
2.28.0
-From 53a41d43a8ad4a353cf71113fbc6a1e3ed01be40 Mon Sep 17 00:00:00 2001
+From d26afd8352435db71c542388220e951184adcdde Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Wed, 10 Jun 2020 12:31:02 +0200
-Subject: [PATCH 035/100] s3:net: Use cli_credentials_set_smb_encryption()
+Subject: [PATCH 035/105] s3:net: Use cli_credentials_set_smb_encryption()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
@@ -4326,10 +4326,10 @@ index b139fb2d0da..5829d891075 100644
2.28.0
-From bd7f204ca8b70d395898fcc52554da8cd6649203 Mon Sep 17 00:00:00 2001
+From c228933e88c6b615fa49402d2e826a5ec14b9f85 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Wed, 10 Jun 2020 12:40:13 +0200
-Subject: [PATCH 036/100] s3:libsmb: Use cli_credentials_set_smb_encryption()
+Subject: [PATCH 036/105] s3:libsmb: Use cli_credentials_set_smb_encryption()
This also adds a SMBC_ENCRYPTLEVEL_DEFAULT to 'enum
smbc_smb_encrypt_level' in order to use the smb.conf default value.
@@ -4685,10 +4685,10 @@ index ec4a516b2ee..61503d0a98b 100644
2.28.0
-From 362fc38076e65f52aaed0d4dd502fa9928081157 Mon Sep 17 00:00:00 2001
+From 76dc706e6449161c27a5f117bc45922ab467dbfc Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Wed, 10 Jun 2020 12:43:33 +0200
-Subject: [PATCH 037/100] s3:client: Remove unused smb encryption code
+Subject: [PATCH 037/105] s3:client: Remove unused smb encryption code
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
@@ -4721,10 +4721,10 @@ index f56dc323b6e..16a8d44c069 100644
2.28.0
-From bb37438f379ec43ba6bf768a9a981f221e1a8cd4 Mon Sep 17 00:00:00 2001
+From a444688a6ed50c8443a778fbddb4dbd8a39d49d4 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Wed, 10 Jun 2020 12:47:05 +0200
-Subject: [PATCH 038/100] s3:utils: Remove obsolete force encryption from
+Subject: [PATCH 038/105] s3:utils: Remove obsolete force encryption from
smbacls
Signed-off-by: Andreas Schneider <asn@samba.org>
@@ -4758,10 +4758,10 @@ index 5983ebbd0a5..8fd9fcc5780 100644
2.28.0
-From 5d1a6460d2df00c86ccbcb00b9b5842f7daea92f Mon Sep 17 00:00:00 2001
+From 21b72b6107cd849b9da77e17520e658745fb897a Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Wed, 10 Jun 2020 12:48:18 +0200
-Subject: [PATCH 039/100] s3:utils: Remove obsolete force encryption from
+Subject: [PATCH 039/105] s3:utils: Remove obsolete force encryption from
mdfind
Signed-off-by: Andreas Schneider <asn@samba.org>
@@ -4792,10 +4792,10 @@ index 2ac4fde7daf..ef2657e4fa5 100644
2.28.0
-From 6121d9887affc2533711a579b70b56ba6b730258 Mon Sep 17 00:00:00 2001
+From 842c3c1346cba54c92d6ba2d462818875403a394 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Wed, 10 Jun 2020 12:49:28 +0200
-Subject: [PATCH 040/100] s3:utils: Remove obsolete force encryption from
+Subject: [PATCH 040/105] s3:utils: Remove obsolete force encryption from
smbcquotas
Signed-off-by: Andreas Schneider <asn@samba.org>
@@ -4830,10 +4830,10 @@ index fea066ce468..4ceac7b3ab0 100644
2.28.0
-From 6947e8cde1b2400f27c63dfa8bb21d9fbc040d89 Mon Sep 17 00:00:00 2001
+From be36aec550d817bbcfdea88b433e31b44886ba19 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Wed, 10 Jun 2020 12:51:18 +0200
-Subject: [PATCH 041/100] s3:rpcclient: Remove obsolete force encryption from
+Subject: [PATCH 041/105] s3:rpcclient: Remove obsolete force encryption from
rpcclient
Signed-off-by: Andreas Schneider <asn@samba.org>
@@ -4868,10 +4868,10 @@ index 2ead6cc7ba5..575a42ebf70 100644
2.28.0
-From c44b861e8feba963341c971ff376d09f17eb8b75 Mon Sep 17 00:00:00 2001
+From 8e2de7801238eb7f1090a9307dc4b05885b3dda2 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Mon, 6 Jul 2020 10:58:36 +0200
-Subject: [PATCH 042/100] examples: Remove obsolete force encryption from
+Subject: [PATCH 042/105] examples: Remove obsolete force encryption from
smb2mount
Signed-off-by: Andreas Schneider <asn@samba.org>
@@ -4906,10 +4906,10 @@ index 6206c3a9701..c64be573462 100644
2.28.0
-From da07c3060929a43fd059e309efa7a5a4a6190068 Mon Sep 17 00:00:00 2001
+From 8c9a31cc180c674925919771ccdce1bb6895c1a3 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Mon, 6 Jul 2020 11:05:59 +0200
-Subject: [PATCH 043/100] s3:libsmb: Make cli_cm_force_encryption_creds()
+Subject: [PATCH 043/105] s3:libsmb: Make cli_cm_force_encryption_creds()
static
Signed-off-by: Andreas Schneider <asn@samba.org>
@@ -4954,10 +4954,10 @@ index 850cf12c8a6..eeabcaa7463 100644
2.28.0
-From f2a39d9ba951eaf4b7bb122f465d9e47ee1e5ba3 Mon Sep 17 00:00:00 2001
+From 6e2a7196c424edd2c447cfd4377e38e5b51ee675 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Thu, 13 Aug 2020 16:16:55 +0200
-Subject: [PATCH 044/100] s4:libcli: Return NTSTATUS errors for
+Subject: [PATCH 044/105] s4:libcli: Return NTSTATUS errors for
smb_composite_connect_send()
Signed-off-by: Andreas Schneider <asn@samba.org>
@@ -5054,10 +5054,10 @@ index 582d43ef173..ad50ae0ac81 100644
2.28.0
-From 98827d1cfc15e92ad06b788dc08ad3e8b30b1155 Mon Sep 17 00:00:00 2001
+From cf89573a78556993d7ecb43257d347edc6c61151 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Tue, 7 Jul 2020 12:54:26 +0200
-Subject: [PATCH 045/100] s4:libcli: Return if encryption is requested for SMB1
+Subject: [PATCH 045/105] s4:libcli: Return if encryption is requested for SMB1
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
@@ -5091,10 +5091,10 @@ index 6ee4929e8d7..51e121bdce6 100644
2.28.0
-From 9c3e7534536f010b756e548ccb59bfe17f85c77e Mon Sep 17 00:00:00 2001
+From 05914c4f85f71c7d1df884e33b8c0b8f5062ee3b Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Tue, 7 Jul 2020 12:29:39 +0200
-Subject: [PATCH 046/100] s3:libcli: Split out smb2_connect_tcon_start()
+Subject: [PATCH 046/105] s3:libcli: Split out smb2_connect_tcon_start()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
@@ -5144,10 +5144,10 @@ index 6fc3993a4e8..95ff05eac8f 100644
2.28.0
-From 691f383e2e7ab7e86430d44fa89f202b0109b915 Mon Sep 17 00:00:00 2001
+From 63b0086d8ffdfca44134c09ff0db76d7a9ae8f6c Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Tue, 7 Jul 2020 12:44:26 +0200
-Subject: [PATCH 047/100] s4:libcli: Add smb2_connect_enc_start()
+Subject: [PATCH 047/105] s4:libcli: Add smb2_connect_enc_start()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
@@ -5215,10 +5215,10 @@ index 95ff05eac8f..3a3ecdf20e8 100644
2.28.0
-From 52a1af4a1f0acffd9babb7e03558edc2b85d9a57 Mon Sep 17 00:00:00 2001
+From 8bc1b5f884d1e6a88e1ac403d9bc64c3b77e9428 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Fri, 24 Jul 2020 10:18:52 +0200
-Subject: [PATCH 048/100] s4:libcli: Require signing for SMB encryption
+Subject: [PATCH 048/105] s4:libcli: Require signing for SMB encryption
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
@@ -5271,10 +5271,10 @@ index 3a3ecdf20e8..9540704491e 100644
2.28.0
-From 149055eb59fa4b27807caa0ce41c7b4a7efecb57 Mon Sep 17 00:00:00 2001
+From 5cc8a0bc7381444804cde992afdc7aa0c0b70074 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Tue, 7 Jul 2020 14:27:07 +0200
-Subject: [PATCH 049/100] python:tests: Add test for SMB encrypted DCERPC
+Subject: [PATCH 049/105] python:tests: Add test for SMB encrypted DCERPC
connection
Signed-off-by: Andreas Schneider <asn@samba.org>
@@ -5392,10 +5392,10 @@ index 20981754db4..adcb5b53189 100644
2.28.0
-From 26355e67409640a07a9f52b98574cacf7ab245fc Mon Sep 17 00:00:00 2001
+From 546ecfae4f11e0625de86e47e90a98a7aafa0453 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Fri, 4 Sep 2020 10:47:54 +0200
-Subject: [PATCH 050/100] auth:gensec: Add gensec_security_sasl_names()
+Subject: [PATCH 050/105] auth:gensec: Add gensec_security_sasl_names()
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
@@ -5522,10 +5522,10 @@ index d2d62d6652e..4eb45643714 100644
2.28.0
-From 78ca2ead7ff7cbc9d0e1859758cb6a403c24de05 Mon Sep 17 00:00:00 2001
+From ec079d88720a99a5bc5e6b5efd03f87342364f15 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Fri, 4 Sep 2020 10:48:27 +0200
-Subject: [PATCH 051/100] s4:ldap_server: Use samba_server_gensec_start() in
+Subject: [PATCH 051/105] s4:ldap_server: Use samba_server_gensec_start() in
ldapsrv_backend_Init()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
@@ -5634,10 +5634,10 @@ index 2839082daef..915d9b94f9b 100644
2.28.0
-From be05b798e05d8f7bbf2cd380f7cdcd9cf39dbf3f Mon Sep 17 00:00:00 2001
+From bc128ea1ea455a3a63e0ce3dc8777a7482c356f8 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Fri, 4 Sep 2020 14:39:15 +0200
-Subject: [PATCH 052/100] auth:gensec: Make gensec_use_kerberos_mechs() a
+Subject: [PATCH 052/105] auth:gensec: Make gensec_use_kerberos_mechs() a
static function
Signed-off-by: Stefan Metzmacher <metze@samba.org>
@@ -5684,10 +5684,10 @@ index 4eb45643714..ebcab76999a 100644
2.28.0
-From fad57642bb329a298dcf682be81dff2e46586f57 Mon Sep 17 00:00:00 2001
+From 37b7016fba1eae75fc4a87c9c5aebbbb47b7ff39 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Fri, 4 Sep 2020 14:41:43 +0200
-Subject: [PATCH 053/100] auth:gensec: Pass use_kerberos and keep_schannel to
+Subject: [PATCH 053/105] auth:gensec: Pass use_kerberos and keep_schannel to
gensec_use_kerberos_mechs()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
@@ -5758,10 +5758,10 @@ index ebcab76999a..8d1b41fec74 100644
2.28.0
-From 593149ee4331c90fd074374c49be1758181cb1ab Mon Sep 17 00:00:00 2001
+From 0579dbd6faa5a828cff42cd797f78c51316324b0 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Fri, 4 Sep 2020 17:00:45 +0200
-Subject: [PATCH 054/100] auth:gensec: If Kerberos is required, keep schannel
+Subject: [PATCH 054/105] auth:gensec: If Kerberos is required, keep schannel
for machine account auth
Signed-off-by: Stefan Metzmacher <metze@samba.org>
@@ -5795,10 +5795,10 @@ index 8d1b41fec74..3f42d611140 100644
2.28.0
-From ddb3827fec3a318b0e013e6567bcd59624576f86 Mon Sep 17 00:00:00 2001
+From 0f3676f4f84184b5bf83101e0b1eca0bb05a5079 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Fri, 4 Sep 2020 12:21:21 +0200
-Subject: [PATCH 055/100] auth:creds: Add cli_credentials_init_server()
+Subject: [PATCH 055/105] auth:creds: Add cli_credentials_init_server()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
@@ -5861,10 +5861,10 @@ index 7d0cf53194b..438bcdce232 100644
2.28.0
-From cbc3cb116cfd16f16cf6ba55fd94e8b8d6b6f1c3 Mon Sep 17 00:00:00 2001
+From e1d566c2962ebd5596638df6f81fd120aaf32fcd Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Fri, 4 Sep 2020 12:21:36 +0200
-Subject: [PATCH 056/100] s4:rpc_server: Use cli_credentials_init_server()
+Subject: [PATCH 056/105] s4:rpc_server: Use cli_credentials_init_server()
Signed-off-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 6c94ebf77fdb7383be2042f5e20ba2ef598cd4a4)
@@ -5909,10 +5909,10 @@ index 084857a44bf..e64148ef788 100644
2.28.0
-From 428dae176ceab301ffa463fda7bf4b6a9b75e111 Mon Sep 17 00:00:00 2001
+From 694e1d1ca62372baba69818acf25a2eec8847115 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Mon, 7 Sep 2020 09:19:43 +0200
-Subject: [PATCH 057/100] s4:smb_server: Use cli_credentials_init_server() for
+Subject: [PATCH 057/105] s4:smb_server: Use cli_credentials_init_server() for
negprot
Signed-off-by: Andreas Schneider <asn@samba.org>
@@ -6009,10 +6009,10 @@ index 4aaaf46793b..c433eb194bd 100644
2.28.0
-From e69d40e5a88ee548e304062cbba99f44bc788735 Mon Sep 17 00:00:00 2001
+From c3b277172554d1d3155c3a1b4ad76685985273df Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Tue, 8 Sep 2020 10:15:22 +0200
-Subject: [PATCH 058/100] selftest: Rename 'smb encrypt' to 'server smb
+Subject: [PATCH 058/105] selftest: Rename 'smb encrypt' to 'server smb
encrypt'
This makes it more clear what we want. 'smb encrypt' is a synonym for
@@ -6060,10 +6060,10 @@ index 0a8cefa811d..a31165b372d 100755
2.28.0
-From 0f4965bd555ef4697cc6a847db88a2c4e2e43efc Mon Sep 17 00:00:00 2001
+From 355afa22953cf8838dc83210315bc2557e764082 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Tue, 8 Sep 2020 12:30:08 +0200
-Subject: [PATCH 059/100] selftest: Move enc_desired to provision to have it in
+Subject: [PATCH 059/105] selftest: Move enc_desired to provision to have it in
'fileserver' too
Signed-off-by: Andreas Schneider <asn@samba.org>
@@ -6107,10 +6107,10 @@ index a31165b372d..eda2c428793 100755
2.28.0
-From 7a5e9cd94d772cea4a945f617571d51b67157b46 Mon Sep 17 00:00:00 2001
+From 2a8b98850f61219a1c97da9151e55d0e21a4265b Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Tue, 8 Sep 2020 10:15:20 +0200
-Subject: [PATCH 060/100] s3:tests: Add smbclient tests for 'client smb
+Subject: [PATCH 060/105] s3:tests: Add smbclient tests for 'client smb
encrypt'
Signed-off-by: Andreas Schneider <asn@samba.org>
@@ -6248,10 +6248,10 @@ index d05de6bd08c..ec967caea2e 100755
2.28.0
-From 91ef540a40947fecf596f404a369ff16e34c0c11 Mon Sep 17 00:00:00 2001
+From 45ebf91c66a23488c0835ba038eca345db984106 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Thu, 27 Aug 2020 15:19:27 +0200
-Subject: [PATCH 061/100] s3:client: Remove global smb_encrypt
+Subject: [PATCH 061/105] s3:client: Remove global smb_encrypt
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
@@ -6356,10 +6356,10 @@ index 30287ffd253..e1128bf4a8c 100644
2.28.0
-From 8d37ca3cc6d128dafcc1c24ed09fb06030d33002 Mon Sep 17 00:00:00 2001
+From 088473e47bcb30fe3b179133265da9ea6b8ec684 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Thu, 27 Aug 2020 15:24:27 +0200
-Subject: [PATCH 062/100] s3:libsmb: Remove force_encrypt from cli_cm_open()
+Subject: [PATCH 062/105] s3:libsmb: Remove force_encrypt from cli_cm_open()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
@@ -6510,10 +6510,10 @@ index eeabcaa7463..bb3e9e6874e 100644
2.28.0
-From a95d25743105e63b607b1b322adb212e5b181292 Mon Sep 17 00:00:00 2001
+From 0291ff12056c914b3f9429a5bba48190897fe6c1 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Thu, 27 Aug 2020 15:26:39 +0200
-Subject: [PATCH 063/100] s3:libsmb: Remove force_encrypt from cli_cm_connect()
+Subject: [PATCH 063/105] s3:libsmb: Remove force_encrypt from cli_cm_connect()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
@@ -6572,10 +6572,10 @@ index 4825b8f3fae..b0032005398 100644
2.28.0
-From cc6769a91ca1ea87b8f435206bbe0896cb6370a6 Mon Sep 17 00:00:00 2001
+From 32f7fd016ecbeb3b24ad93d593ba06e8292dd02f Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Thu, 27 Aug 2020 15:28:28 +0200
-Subject: [PATCH 064/100] s3:libsmb: Remove force_encrypt from clidfs
+Subject: [PATCH 064/105] s3:libsmb: Remove force_encrypt from clidfs
do_connect()
Signed-off-by: Andreas Schneider <asn@samba.org>
@@ -6633,10 +6633,10 @@ index b0032005398..5503506de97 100644
2.28.0
-From 9f9db5d3f5b99d500bae6d474cd1acb88985dc92 Mon Sep 17 00:00:00 2001
+From 4afc92a55aa63557db2b4e2a9b0bbe5bc7d12c55 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Thu, 27 Aug 2020 15:52:11 +0200
-Subject: [PATCH 065/100] s3:libsmb: Remove force_encrypt from
+Subject: [PATCH 065/105] s3:libsmb: Remove force_encrypt from
cli_check_msdfs_proxy()
Signed-off-by: Andreas Schneider <asn@samba.org>
@@ -6730,10 +6730,10 @@ index bb3e9e6874e..f2b0a8c5ff8 100644
2.28.0
-From 19c3da7a0967d027aff26df65257ff9c11408202 Mon Sep 17 00:00:00 2001
+From 2c50d0ba7eec6d37943b7afdf426b114c9e1f292 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Tue, 18 Aug 2020 17:15:09 +0200
-Subject: [PATCH 066/100] s3:libsmb: Pass cli_credentials to clidfs
+Subject: [PATCH 066/105] s3:libsmb: Pass cli_credentials to clidfs
do_connect()
Signed-off-by: Andreas Schneider <asn@samba.org>
@@ -6849,10 +6849,10 @@ index 736c565a7a8..d536e0597af 100644
2.28.0
-From 446c8c184644c0a7638d3bf89fabd9b368c17eb8 Mon Sep 17 00:00:00 2001
+From 608c0b87761f75e539b2e1e7599ceb981770b647 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Tue, 18 Aug 2020 17:18:16 +0200
-Subject: [PATCH 067/100] s3:libsmb: Pass cli_credentials to cli_cm_connect()
+Subject: [PATCH 067/105] s3:libsmb: Pass cli_credentials to cli_cm_connect()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
@@ -6920,10 +6920,10 @@ index d536e0597af..a2c6f5fe5ec 100644
2.28.0
-From 6b2ea3677318ab214179fd32c4effe9c2b4a93f4 Mon Sep 17 00:00:00 2001
+From d6d5da0e28c3879280e1139f51bfe2ef03bc450e Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Tue, 18 Aug 2020 17:26:54 +0200
-Subject: [PATCH 068/100] s3:libsmb: Pass cli_credentials to cli_cm_open()
+Subject: [PATCH 068/105] s3:libsmb: Pass cli_credentials to cli_cm_open()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
@@ -7131,10 +7131,10 @@ index f2b0a8c5ff8..0b8cf2a6036 100644
2.28.0
-From eb416f5230f91ebb219b053919027b1005853c37 Mon Sep 17 00:00:00 2001
+From 1c07abb4b9690b62b2ae7841134d7a71e4771bb9 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Tue, 18 Aug 2020 17:42:25 +0200
-Subject: [PATCH 069/100] s3:libsmb: Pass cli_credentials to
+Subject: [PATCH 069/105] s3:libsmb: Pass cli_credentials to
cli_resolve_path(), using helper variables.
Signed-off-by: Andreas Schneider <asn@samba.org>
@@ -8018,10 +8018,10 @@ index 8fd9fcc5780..4989ec633c3 100644
2.28.0
-From 345f63570d4aa33c77a865745715903ccb08b962 Mon Sep 17 00:00:00 2001
+From 100dad122572d927889f4c03b19f169a3bf61df4 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Thu, 27 Aug 2020 16:40:49 +0200
-Subject: [PATCH 070/100] s3:client: Remove global max_protocol
+Subject: [PATCH 070/105] s3:client: Remove global max_protocol
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
@@ -8100,10 +8100,10 @@ index 23de5befee3..329463795e0 100644
2.28.0
-From 57d598c8503aa68f881c9e060fe12cbcafb34dcb Mon Sep 17 00:00:00 2001
+From fecf06bd00bc8ff23634bded86d649e432431957 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Thu, 27 Aug 2020 16:43:46 +0200
-Subject: [PATCH 071/100] s3:libsmb: Remove max_protocol from cli_cm_open()
+Subject: [PATCH 071/105] s3:libsmb: Remove max_protocol from cli_cm_open()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
@@ -8225,10 +8225,10 @@ index 517738dbcd7..8aaaff2cb1e 100644
2.28.0
-From 7b846927e67e80b967139dab74265cb6a9353152 Mon Sep 17 00:00:00 2001
+From 2af136fd7c1ecae9cc06bc2cf26a7feac16cb279 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Thu, 27 Aug 2020 16:45:12 +0200
-Subject: [PATCH 072/100] s3:libcmb: Remove max_protocol from cli_cm_connect()
+Subject: [PATCH 072/105] s3:libcmb: Remove max_protocol from cli_cm_connect()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
@@ -8278,10 +8278,10 @@ index fb1a0c72e6d..023dd4d2757 100644
2.28.0
-From 399b744f97c1b2221150114a17a5a5fc73b95014 Mon Sep 17 00:00:00 2001
+From dc8cfd9551afa10b0610c6663cb28bfb1ec5888a Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Thu, 27 Aug 2020 16:46:29 +0200
-Subject: [PATCH 073/100] s3:libsmb: Remove max_protocol from clidfs
+Subject: [PATCH 073/105] s3:libsmb: Remove max_protocol from clidfs
do_connect()
The if check for max_protocol == 0 is part of lp_client_max_protocol().
@@ -8341,10 +8341,10 @@ index 023dd4d2757..ee5becf76a6 100644
2.28.0
-From 2d487c1271518ef4c19433eec4a3466cfc17ad8a Mon Sep 17 00:00:00 2001
+From 3a99225868e079e108968552f43b937b5b9b702f Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Mon, 10 Aug 2020 15:47:35 +0200
-Subject: [PATCH 074/100] s3:include: Move loadparm prototypes to own header
+Subject: [PATCH 074/105] s3:include: Move loadparm prototypes to own header
file
Signed-off-by: Andreas Schneider <asn@samba.org>
@@ -8759,10 +8759,10 @@ index 00000000000..7686877ccf1
2.28.0
-From 98434dd3e37afe5849695b2af5aa48e5bcce14e2 Mon Sep 17 00:00:00 2001
+From 076e6929c3c8d1dc161e7dacfc7fb7aeceb588bd Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Tue, 11 Aug 2020 10:41:07 +0200
-Subject: [PATCH 075/100] s3:lib: Move interface prototypes to own header file
+Subject: [PATCH 075/105] s3:lib: Move interface prototypes to own header file
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
@@ -8865,10 +8865,10 @@ index 00000000000..f45435b4a81
2.28.0
-From 52b9047566541d93c339ba2509549cadd36ba7a3 Mon Sep 17 00:00:00 2001
+From b6d36e462fe41f7b88bbf120831c3765c40ef326 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Fri, 7 Feb 2020 16:48:16 +0100
-Subject: [PATCH 076/100] idl: Add SID_SAMBA_SMB3
+Subject: [PATCH 076/105] idl: Add SID_SAMBA_SMB3
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
@@ -8895,10 +8895,10 @@ index a92e8f1518e..06bf7449a70 100644
2.28.0
-From 1a61bdd3f6cd36617363d94a53950ac9faebcbcc Mon Sep 17 00:00:00 2001
+From 3128ed8c26c13ccc068b5e50ae52604f5ffc9241 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Fri, 7 Feb 2020 16:48:29 +0100
-Subject: [PATCH 077/100] s3:smbd: Add SMB3 connection information to session
+Subject: [PATCH 077/105] s3:smbd: Add SMB3 connection information to session
info
Signed-off-by: Andreas Schneider <asn@samba.org>
@@ -9052,10 +9052,10 @@ index cf9de185c1f..cd24b7d2ed5 100644
2.28.0
-From 09ce597f238335a56b51aff5fc55e3b1c38dc8b7 Mon Sep 17 00:00:00 2001
+From 333ae30e7f8238c684d2a1aec2b0516369068a7e Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Thu, 12 Mar 2020 14:11:56 +0100
-Subject: [PATCH 078/100] librpc: Add dcerpc helper
+Subject: [PATCH 078/105] librpc: Add dcerpc helper
dcerpc_is_transport_encrypted()
Signed-off-by: Andreas Schneider <asn@samba.org>
@@ -9268,10 +9268,10 @@ index 27b180fa63d..109a1834841 100644
2.28.0
-From bb2781b8d585dcb892988ad720bf4d2f0c52f9f7 Mon Sep 17 00:00:00 2001
+From 4a2e7909f3a40c6ab82c045a5a54f8604a6f1dd2 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Fri, 28 Aug 2020 16:31:17 +0200
-Subject: [PATCH 079/100] s3:smbd: Use defines to set 'srv_smb_encrypt'
+Subject: [PATCH 079/105] s3:smbd: Use defines to set 'srv_smb_encrypt'
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
@@ -9305,10 +9305,10 @@ index d51a3de9497..785cbb23b5f 100644
2.28.0
-From 3f8715a6107f930e02ceeed4e9a3b9804cc39db3 Mon Sep 17 00:00:00 2001
+From 69b9e46fa29adcf5a478a240ea6980bf7d97ae4b Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Tue, 12 Nov 2019 16:56:45 +0100
-Subject: [PATCH 080/100] s3:rpc_server: Allow to use RC4 for setting passwords
+Subject: [PATCH 080/105] s3:rpc_server: Allow to use RC4 for setting passwords
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
@@ -9542,10 +9542,10 @@ index 2af02ad6fa8..eb91ac09384 100644
2.28.0
-From c621c050cf7ce2434e906dff5f9e214d8c19322d Mon Sep 17 00:00:00 2001
+From 110323b646715aabd4468d70773c2d94968f2e99 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Fri, 15 Nov 2019 13:49:40 +0100
-Subject: [PATCH 081/100] s4:rpc_server: Allow to use RC4 for setting passwords
+Subject: [PATCH 081/105] s4:rpc_server: Allow to use RC4 for setting passwords
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
@@ -9673,10 +9673,10 @@ index de55ad6239a..c9c1978f223 100644
2.28.0
-From 62115236ed1cce9bc6481ab7505843c5f3b0e6de Mon Sep 17 00:00:00 2001
+From 6353a991bc6d35b9468867c0e809e752b060da9b Mon Sep 17 00:00:00 2001
From: Isaac Boukris <iboukris@gmail.com>
Date: Thu, 20 Aug 2020 12:45:49 +0200
-Subject: [PATCH 082/100] lib:crypto: Add py binding for set_relax/strict fips
+Subject: [PATCH 082/105] lib:crypto: Add py binding for set_relax/strict fips
mode
Signed-off-by: Isaac Boukris <iboukris@gmail.com>
@@ -9731,10 +9731,10 @@ index 32b946eee8f..ad18d3ada0f 100644
2.28.0
-From 33a6fe040b79db51cd557cc620e13d097e308121 Mon Sep 17 00:00:00 2001
+From 525072939b9292a1744f929803a9597b5f725f9a Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Wed, 28 Oct 2020 17:05:36 +0100
-Subject: [PATCH 083/100] s4:param: Add 'weak crypto' getter to pyparam
+Subject: [PATCH 083/105] s4:param: Add 'weak crypto' getter to pyparam
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
@@ -9787,10 +9787,10 @@ index 4023fac4dd6..e15592b5743 100644
2.28.0
-From f712705bb0e4fa36ce2687e0ce31c8eba791e9eb Mon Sep 17 00:00:00 2001
+From c7dfaf75a8f8bdb18c42325c470bdee8e600d930 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Wed, 21 Oct 2020 10:09:22 +0200
-Subject: [PATCH 084/100] python:tests: Add SAMR password change tests for fips
+Subject: [PATCH 084/105] python:tests: Add SAMR password change tests for fips
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
@@ -10012,10 +10012,10 @@ index adcb5b53189..86cab3f8046 100644
2.28.0
-From d1a21036371de9af91bc5440b321a06805590c91 Mon Sep 17 00:00:00 2001
+From 9dfef9d7129babedfdc0fddd60f76859f44fe7c1 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Wed, 21 Oct 2020 10:09:22 +0200
-Subject: [PATCH 085/100] python:tests: Add SAMR password change tests for fips
+Subject: [PATCH 085/105] python:tests: Add SAMR password change tests for fips
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
@@ -10045,10 +10045,10 @@ index 649e923ff9a..1ebdf2a5484 100755
2.28.0
-From f337470af537e0713ac89eb38b0cc898b2d911e7 Mon Sep 17 00:00:00 2001
+From 8e8b9d33f25c7ef89fdf4af90821ea4de77525e1 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Thu, 20 Aug 2020 09:40:41 +0200
-Subject: [PATCH 086/100] auth:creds: Rename CRED_USE_KERBEROS values
+Subject: [PATCH 086/105] auth:creds: Rename CRED_USE_KERBEROS values
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
@@ -10787,10 +10787,10 @@ index 07c6faebb15..701dfc10a07 100644
2.28.0
-From cb1ed647e5fe0dfc2412332ca1c1b2499a1f1995 Mon Sep 17 00:00:00 2001
+From 6a356a6e79fa76de18a4ca0760ac4f053d70137f Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Tue, 1 Sep 2020 12:32:28 +0200
-Subject: [PATCH 087/100] auth:creds:tests: Migrate test to a cmocka unit test
+Subject: [PATCH 087/105] auth:creds:tests: Migrate test to a cmocka unit test
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
@@ -11084,10 +11084,103 @@ index 38b6c8f4b6e..f0ab0357986 100644
2.28.0
-From 577ad63a0ca0a95196645669eb4619ee7f5b1cbb Mon Sep 17 00:00:00 2001
+From f6a4f70007e5c5ad1df3ddb018bde8568fc63f57 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Mon, 2 Nov 2020 16:10:44 +0100
+Subject: [PATCH 088/105] s3-vfs_glusterfs: always disable write-behind
+ translator
+
+The "pass-through" option has now been merged upstream as of:
+https://github.com/gluster/glusterfs/pull/1640
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=14486
+
+Guenther
+
+Signed-off-by: Guenther Deschner <gd@samba.org>
+Pair-Programmed-With: Anoop C S <anoopcs@samba.org>
+Pair-Programmed-With: Sachin Prabhu <sprabhu@redhat.com>
+Reviewed-by: Jeremy Allison <jra@samba.org>
+
+Autobuild-User(master): Jeremy Allison <jra@samba.org>
+Autobuild-Date(master): Wed Nov 4 22:53:49 UTC 2020 on sn-devel-184
+
+(cherry picked from commit a51cda69ec6a017ad04b5690a3ae67a5478deee9)
+
+Autobuild-User(v4-13-test): Karolin Seeger <kseeger@samba.org>
+Autobuild-Date(v4-13-test): Thu Nov 5 13:54:25 UTC 2020 on sn-devel-184
+---
+ source3/modules/vfs_glusterfs.c | 20 +++++++++++++++++---
+ source3/wscript | 3 +++
+ 2 files changed, 20 insertions(+), 3 deletions(-)
+
+diff --git a/source3/modules/vfs_glusterfs.c b/source3/modules/vfs_glusterfs.c
+index 3cbb1ab6cb6..bdfe35ced82 100644
+--- a/source3/modules/vfs_glusterfs.c
++++ b/source3/modules/vfs_glusterfs.c
+@@ -363,6 +363,7 @@ static int vfs_gluster_connect(struct vfs_handle_struct *handle,
+ glfs_t *fs = NULL;
+ TALLOC_CTX *tmp_ctx;
+ int ret = 0;
++ bool write_behind_pass_through_set = false;
+
+ tmp_ctx = talloc_new(NULL);
+ if (tmp_ctx == NULL) {
+@@ -435,6 +436,17 @@ static int vfs_gluster_connect(struct vfs_handle_struct *handle,
+ goto done;
+ }
+
++#ifdef HAVE_GFAPI_VER_7_9
++ ret = glfs_set_xlator_option(fs, "*-write-behind", "pass-through",
++ "true");
++ if (ret < 0) {
++ DBG_ERR("%s: Failed to set xlator option: pass-through\n",
++ volume);
++ goto done;
++ }
++ write_behind_pass_through_set = true;
++#endif
++
+ ret = glfs_set_logging(fs, logfile, loglevel);
+ if (ret < 0) {
+ DEBUG(0, ("%s: Failed to set logfile %s loglevel %d\n",
+@@ -449,9 +461,11 @@ static int vfs_gluster_connect(struct vfs_handle_struct *handle,
+ goto done;
+ }
+
+- ret = check_for_write_behind_translator(tmp_ctx, fs, volume);
+- if (ret < 0) {
+- goto done;
++ if (!write_behind_pass_through_set) {
++ ret = check_for_write_behind_translator(tmp_ctx, fs, volume);
++ if (ret < 0) {
++ goto done;
++ }
+ }
+
+ ret = glfs_set_preopened(volume, handle->conn->connectpath, fs);
+diff --git a/source3/wscript b/source3/wscript
+index 335cfd797f1..9920432a360 100644
+--- a/source3/wscript
++++ b/source3/wscript
+@@ -1766,6 +1766,9 @@ main() {
+ conf.CHECK_CFG(package='glusterfs-api', args='"glusterfs-api >= 7.6" --cflags --libs',
+ msg='Checking for glusterfs-api >= 7.6',
+ uselib_store="GFAPI_VER_7_6")
++ conf.CHECK_CFG(package='glusterfs-api', args='"glusterfs-api >= 7.9" --cflags --libs',
++ msg='Checking for glusterfs-api >= 7.9',
++ uselib_store="GFAPI_VER_7_9")
+ else:
+ conf.SET_TARGET_TYPE('gfapi', 'EMPTY')
+ conf.undefine('HAVE_GLUSTERFS')
+--
+2.28.0
+
+
+From 0d6268ff0a055e8fb418da761eeb820a8e11e2ad Mon Sep 17 00:00:00 2001
From: Isaac Boukris <iboukris@gmail.com>
Date: Thu, 20 Aug 2020 12:09:05 +0200
-Subject: [PATCH 088/100] Add smb2cli_session_get_encryption_cipher()
+Subject: [PATCH 089/105] Add smb2cli_session_get_encryption_cipher()
When 'session->smb2->should_encrypt' is true, the client MUST encrypt
all transport messages (see also MS-SMB2 3.2.4.1.8).
@@ -11141,10 +11234,10 @@ index 2afc7165cd9..db5f5d58799 100644
2.28.0
-From 916e989213be71d7727d1596afe393364998e4f5 Mon Sep 17 00:00:00 2001
+From 3f77e6cb6220d50b75ceb197e26813e9e5244cc0 Mon Sep 17 00:00:00 2001
From: Isaac Boukris <iboukris@gmail.com>
Date: Thu, 20 Aug 2020 12:18:21 +0200
-Subject: [PATCH 089/100] Add dcerpc_transport_encrypted()
+Subject: [PATCH 090/105] Add dcerpc_transport_encrypted()
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
@@ -11233,10 +11326,10 @@ index bd79a072bc8..6ea27a8d9a3 100644
2.28.0
-From ed948e3dc84da57edfaca5bd12541bb80f4f835e Mon Sep 17 00:00:00 2001
+From 4045c677a3ea3c44e5509025c1c7d03936ba9d82 Mon Sep 17 00:00:00 2001
From: Isaac Boukris <iboukris@gmail.com>
Date: Thu, 20 Aug 2020 12:35:01 +0200
-Subject: [PATCH 090/100] Add py binding for dcerpc_transport_encrypted
+Subject: [PATCH 091/105] Add py binding for dcerpc_transport_encrypted
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
@@ -11280,10 +11373,10 @@ index be914ed5f14..309a6d72e26 100644
2.28.0
-From 5ac2a4a449d83371da40bbc0561ec61f1621580c Mon Sep 17 00:00:00 2001
+From 07a87eaff7e2e18c2d462f4caff95cace92a0130 Mon Sep 17 00:00:00 2001
From: Isaac Boukris <iboukris@gmail.com>
Date: Thu, 20 Aug 2020 12:44:08 +0200
-Subject: [PATCH 091/100] selftest: add a test for py dce transport_encrypted
+Subject: [PATCH 092/105] selftest: add a test for py dce transport_encrypted
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
@@ -11345,10 +11438,10 @@ index 8e0d6a5ef0a..24e4ac77d89 100644
2.28.0
-From dbdd59cbe88a83f10c2c6d1f46f0338b99d1abb2 Mon Sep 17 00:00:00 2001
+From 1c74d87e4dfe78d6e884c9bb4e57ec383d632a88 Mon Sep 17 00:00:00 2001
From: Isaac Boukris <iboukris@gmail.com>
Date: Thu, 20 Aug 2020 12:47:12 +0200
-Subject: [PATCH 092/100] Add CreateTrustedDomainRelax wrapper for fips mode
+Subject: [PATCH 093/105] Add CreateTrustedDomainRelax wrapper for fips mode
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
@@ -11431,10 +11524,10 @@ index 00000000000..b4df0fa5bb8
2.28.0
-From f0bc0e0bea24b7f6455ea48808a5516efb99ee45 Mon Sep 17 00:00:00 2001
+From 067c8d73800b928b02bcb1095c13083d9e0e368d Mon Sep 17 00:00:00 2001
From: Isaac Boukris <iboukris@gmail.com>
Date: Thu, 20 Aug 2020 12:49:17 +0200
-Subject: [PATCH 093/100] Use the new CreateTrustedDomainRelax()
+Subject: [PATCH 094/105] Use the new CreateTrustedDomainRelax()
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
@@ -11538,10 +11631,10 @@ index 1d12c362911..93a3258d28d 100644
2.28.0
-From cb10fb8f74035307054ae1979c430dae76e51e70 Mon Sep 17 00:00:00 2001
+From 72dfcc923d0cf8054cb0f011e8405fa96b9ec6e0 Mon Sep 17 00:00:00 2001
From: Isaac Boukris <iboukris@gmail.com>
Date: Tue, 1 Sep 2020 20:14:29 +0300
-Subject: [PATCH 094/100] selftest: add a test for the CreateTrustedDomainRelax
+Subject: [PATCH 095/105] selftest: add a test for the CreateTrustedDomainRelax
wrapper
Originally copied from 'source4/scripting/devel/createtrust'
@@ -11723,10 +11816,10 @@ index 3a903a7eee0..96f51b68cfc 100755
2.28.0
-From 37c2669e9135f9f6645152786d23d7b010b45031 Mon Sep 17 00:00:00 2001
+From 341cc046bf816ad5818932c6c5d170a2a9a38783 Mon Sep 17 00:00:00 2001
From: Isaac Boukris <iboukris@gmail.com>
Date: Thu, 5 Nov 2020 15:38:19 +0200
-Subject: [PATCH 095/100] Remove source4/scripting/devel/createtrust script
+Subject: [PATCH 096/105] Remove source4/scripting/devel/createtrust script
We now have the 'samba-tool domain trust' command.
@@ -11878,10 +11971,10 @@ index 26b0d0dcb68..00000000000
2.28.0
-From fda1267458dc14216d85ce08617c9aaf303dd762 Mon Sep 17 00:00:00 2001
+From f51b23a9b8ad22d4cd4d7dea3ed8f0150974a209 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Fri, 6 Nov 2020 14:30:26 +0100
-Subject: [PATCH 096/100] s3:rpc_server: Use gnutls_cipher_decrypt() in
+Subject: [PATCH 097/105] s3:rpc_server: Use gnutls_cipher_decrypt() in
get_trustdom_auth_blob()
It doesn't matter for RC4, but just to be correct.
@@ -11910,10 +12003,10 @@ index 198387424e6..e749caf2551 100644
2.28.0
-From c7ede087fbdd9546dda275c5a036e38b69e10abc Mon Sep 17 00:00:00 2001
+From 7b24fdcb4a797b1daa97750f8a2c4f2c603115f3 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Fri, 6 Nov 2020 14:33:38 +0100
-Subject: [PATCH 097/100] s4:rpc_server: Use gnutls_cipher_decrypt() in
+Subject: [PATCH 098/105] s4:rpc_server: Use gnutls_cipher_decrypt() in
get_trustdom_auth_blob()
It doesn't matter for RC4, but just to be correct.
@@ -11942,10 +12035,10 @@ index 8333cb149b6..4bb8aaa9592 100644
2.28.0
-From f5fa816dcd16e5fea37f2303887890a316a6353f Mon Sep 17 00:00:00 2001
+From acbb59f45cb2b4c35df678ba774425180e9cf8c6 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Thu, 20 Aug 2020 13:40:21 +0200
-Subject: [PATCH 098/100] s3:rpc_server: Allow to use RC4 for creating trusts
+Subject: [PATCH 099/105] s3:rpc_server: Allow to use RC4 for creating trusts
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
@@ -12009,10 +12102,10 @@ index e749caf2551..d6d606ddeca 100644
2.28.0
-From a63dcce61e7a5535b3377896176d3078e8174831 Mon Sep 17 00:00:00 2001
+From a4d0e69eb7a429a13e456cff7f96870e87791694 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Thu, 20 Aug 2020 13:51:39 +0200
-Subject: [PATCH 099/100] s4:rpc_server: Allow to use RC4 for creating trusts
+Subject: [PATCH 100/105] s4:rpc_server: Allow to use RC4 for creating trusts
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
@@ -12081,10 +12174,10 @@ index 4bb8aaa9592..5b3ef71d458 100644
2.28.0
-From a38f09393f0ff5e356d03bcaf7de1b152ae00a84 Mon Sep 17 00:00:00 2001
+From f327133ced90a52d1ff9e104b1722876b21b7a78 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Fri, 6 Nov 2020 10:13:48 +0100
-Subject: [PATCH 100/100] sefltest: Enable the dcerpc.createtrustrelax test
+Subject: [PATCH 101/105] sefltest: Enable the dcerpc.createtrustrelax test
against ad_dc_fips
Signed-off-by: Andreas Schneider <asn@samba.org>
@@ -12110,3 +12203,412 @@ index 80effda8343..00000000000
--
2.28.0
+
+From 721f97817de2d1e14d99459f9e6af9fccf11b621 Mon Sep 17 00:00:00 2001
+From: Jeremy Allison <jra@samba.org>
+Date: Thu, 5 Nov 2020 15:48:08 -0800
+Subject: [PATCH 102/105] s3: spoolss: Make parameters in call to
+ user_ok_token() match all other uses.
+
+We already have p->session_info->unix_info->unix_name, we don't
+need to go through a legacy call to uidtoname(p->session_info->unix_token->uid).
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=14568
+
+Signed-off-by: Jeremy Allison <jra@samba.org>
+Reviewed-by: Andrew Bartlett <abartlet@samba.org>
+
+Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
+Autobuild-Date(master): Mon Nov 9 04:10:45 UTC 2020 on sn-devel-184
+
+(cherry picked from commit e5e1759057a767f517bf480a2172a36623df2799)
+---
+ source3/rpc_server/spoolss/srv_spoolss_nt.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/source3/rpc_server/spoolss/srv_spoolss_nt.c b/source3/rpc_server/spoolss/srv_spoolss_nt.c
+index e98401a4365..906fab2adb5 100644
+--- a/source3/rpc_server/spoolss/srv_spoolss_nt.c
++++ b/source3/rpc_server/spoolss/srv_spoolss_nt.c
+@@ -1880,7 +1880,8 @@ WERROR _spoolss_OpenPrinterEx(struct pipes_struct *p,
+ return WERR_ACCESS_DENIED;
+ }
+
+- if (!user_ok_token(uidtoname(p->session_info->unix_token->uid), NULL,
++ if (!user_ok_token(p->session_info->unix_info->unix_name,
++ p->session_info->info->domain_name,
+ p->session_info->security_token, snum) ||
+ !W_ERROR_IS_OK(print_access_check(p->session_info,
+ p->msg_ctx,
+--
+2.28.0
+
+
+From a078205ce3816c175cd16dc22875dc147a5da645 Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@samba.org>
+Date: Wed, 11 Nov 2020 13:42:06 +0100
+Subject: [PATCH 103/105] s3:smbd: Fix possible null pointer dereference in
+ token_contains_name()
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=14572
+
+Signed-off-by: Andreas Schneider <asn@samba.org>
+Reviewed-by: Alexander Bokovoy <ab@samba.org>
+
+Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
+Autobuild-Date(master): Thu Nov 12 15:13:47 UTC 2020 on sn-devel-184
+
+(cherry picked from commit 8036bf9717f83e83c3e4a9cf00fded42e9a5de15)
+---
+ source3/smbd/share_access.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/source3/smbd/share_access.c b/source3/smbd/share_access.c
+index 57754a0f766..694c0c290e8 100644
+--- a/source3/smbd/share_access.c
++++ b/source3/smbd/share_access.c
+@@ -79,7 +79,7 @@ static bool token_contains_name(TALLOC_CTX *mem_ctx,
+ enum lsa_SidType type;
+
+ if (username != NULL) {
+- size_t domain_len = strlen(domain);
++ size_t domain_len = domain != NULL ? strlen(domain) : 0;
+
+ /* Check if username starts with domain name */
+ if (domain_len > 0) {
+--
+2.28.0
+
+
+From 5654101584b7742e684d12e6aea43e5004142dcb Mon Sep 17 00:00:00 2001
+From: Alexander Bokovoy <ab@samba.org>
+Date: Tue, 10 Nov 2020 17:35:24 +0200
+Subject: [PATCH 104/105] lookup_name: allow lookup names prefixed with DNS
+ forest root for FreeIPA DC
+
+In FreeIPA deployment with active Global Catalog service, when a two-way
+trust to Active Directory forest is established, Windows systems can
+look up FreeIPA users and groups. When using a security tab in Windows
+Explorer on AD side, a lookup over a trusted forest might come as
+realm\name instead of NetBIOS domain name:
+
+--------------------------------------------------------------------
+[2020/01/13 11:12:39.859134, 1, pid=33253, effective(1732401004, 1732401004), real(1732401004, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:471(ndr_print_function_debug)
+ lsa_LookupNames3: struct lsa_LookupNames3
+ in: struct lsa_LookupNames3
+ handle : *
+ handle: struct policy_handle
+ handle_type : 0x00000000 (0)
+ uuid : 0000000e-0000-0000-1c5e-a750e5810000
+ num_names : 0x00000001 (1)
+ names: ARRAY(1)
+ names: struct lsa_String
+ length : 0x001e (30)
+ size : 0x0020 (32)
+ string : *
+ string : 'ipa.test\admins'
+ sids : *
+ sids: struct lsa_TransSidArray3
+ count : 0x00000000 (0)
+ sids : NULL
+ level : LSA_LOOKUP_NAMES_UPLEVEL_TRUSTS_ONLY2 (6)
+ count : *
+ count : 0x00000000 (0)
+ lookup_options : LSA_LOOKUP_OPTION_SEARCH_ISOLATED_NAMES (0)
+ client_revision : LSA_CLIENT_REVISION_2 (2)
+--------------------------------------------------------------------
+
+If we are running as a DC and PASSDB supports returning domain info
+(pdb_get_domain_info() returns a valid structure), check domain of the
+name in lookup_name() against DNS forest name and allow the request to
+be done against the primary domain. This corresponds to FreeIPA's use of
+Samba as a DC. For normal domain members a realm-based lookup falls back
+to a lookup over to its own domain controller with the help of winbindd.
+
+Signed-off-by: Alexander Bokovoy <ab@samba.org>
+Reviewed-by: Stefan Metzmacher <metze@samba.org>
+
+Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
+Autobuild-Date(master): Wed Nov 11 10:59:01 UTC 2020 on sn-devel-184
+
+(cherry picked from commit 31c703766fd2b89737826fb7e9a707f0622bb8cd)
+---
+ source3/passdb/lookup_sid.c | 37 ++++++++++++++++++++++++++++---------
+ 1 file changed, 28 insertions(+), 9 deletions(-)
+
+diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c
+index 82c47b3145b..864246da56e 100644
+--- a/source3/passdb/lookup_sid.c
++++ b/source3/passdb/lookup_sid.c
+@@ -113,17 +113,36 @@ bool lookup_name(TALLOC_CTX *mem_ctx,
+ full_name, domain, name));
+ DEBUG(10, ("lookup_name: flags = 0x0%x\n", flags));
+
+- if (((flags & LOOKUP_NAME_DOMAIN) || (flags == 0)) &&
+- strequal(domain, get_global_sam_name()))
+- {
++ if ((flags & LOOKUP_NAME_DOMAIN) || (flags == 0)) {
++ bool check_global_sam = false;
++
++ check_global_sam = strequal(domain, get_global_sam_name());
++
++ /* If we are running on a DC that has PASSDB module with domain
++ * information, check if DNS forest name is matching the domain
++ * name. This is the case of FreeIPA domain controller when
++ * trusted AD DC looks up users found in a Global Catalog of
++ * the forest root domain. */
++ if (!check_global_sam && (IS_DC)) {
++ struct pdb_domain_info *dom_info = NULL;
++ dom_info = pdb_get_domain_info(tmp_ctx);
++
++ if ((dom_info != NULL) && (dom_info->dns_forest != NULL)) {
++ check_global_sam = strequal(domain, dom_info->dns_forest);
++ }
+
+- /* It's our own domain, lookup the name in passdb */
+- if (lookup_global_sam_name(name, flags, &rid, &type)) {
+- sid_compose(&sid, get_global_sam_sid(), rid);
+- goto ok;
++ TALLOC_FREE(dom_info);
++ }
++
++ if (check_global_sam) {
++ /* It's our own domain, lookup the name in passdb */
++ if (lookup_global_sam_name(name, flags, &rid, &type)) {
++ sid_compose(&sid, get_global_sam_sid(), rid);
++ goto ok;
++ }
++ TALLOC_FREE(tmp_ctx);
++ return false;
+ }
+- TALLOC_FREE(tmp_ctx);
+- return false;
+ }
+
+ if ((flags & LOOKUP_NAME_BUILTIN) &&
+--
+2.28.0
+
+
+From efa59aa4b2455ea3bc4d0fd0358b160858626585 Mon Sep 17 00:00:00 2001
+From: Alexander Bokovoy <ab@samba.org>
+Date: Wed, 11 Nov 2020 14:42:55 +0200
+Subject: [PATCH 105/105] auth_sam: use pdb_get_domain_info to look up DNS
+ forest information
+
+When Samba is used as a part of FreeIPA domain controller, Windows
+clients for a trusted AD forest may try to authenticate (perform logon
+operation) as a REALM\name user account.
+
+Fix auth_sam plugins to accept DNS forest name if we are running on a DC
+with PASSDB module providing domain information (e.g. pdb_get_domain_info()
+returning non-NULL structure). Right now, only FreeIPA or Samba AD DC
+PASSDB backends return this information but Samba AD DC configuration is
+explicitly ignored by the two auth_sam (strict and netlogon3) modules.
+
+Detailed logs below:
+
+[2020/11/11 09:23:53.281296, 1, pid=42677, effective(65534, 65534), real(65534, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:482(ndr_print_function_debug)
+ netr_LogonSamLogonWithFlags: struct netr_LogonSamLogonWithFlags
+ in: struct netr_LogonSamLogonWithFlags
+ server_name : *
+ server_name : '\\master.ipa.test'
+ computer_name : *
+ computer_name : 'AD1'
+ credential : *
+ credential: struct netr_Authenticator
+ cred: struct netr_Credential
+ data : 529f4b087c5f6546
+ timestamp : Wed Nov 11 09:23:55 AM 2020 UTC
+ return_authenticator : *
+ return_authenticator: struct netr_Authenticator
+ cred: struct netr_Credential
+ data : 204f28f622010000
+ timestamp : Fri May 2 06:37:50 AM 1986 UTC
+ logon_level : NetlogonNetworkTransitiveInformation (6)
+ logon : *
+ logon : union netr_LogonLevel(case 6)
+ network : *
+ network: struct netr_NetworkInfo
+ identity_info: struct netr_IdentityInfo
+ domain_name: struct lsa_String
+ length : 0x0010 (16)
+ size : 0x01fe (510)
+ string : *
+ string : 'IPA.TEST'
+ parameter_control : 0x00002ae0 (10976)
+ 0: MSV1_0_CLEARTEXT_PASSWORD_ALLOWED
+ 0: MSV1_0_UPDATE_LOGON_STATISTICS
+ 0: MSV1_0_RETURN_USER_PARAMETERS
+ 0: MSV1_0_DONT_TRY_GUEST_ACCOUNT
+ 1: MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT
+ 1: MSV1_0_RETURN_PASSWORD_EXPIRY
+ 1: MSV1_0_USE_CLIENT_CHALLENGE
+ 0: MSV1_0_TRY_GUEST_ACCOUNT_ONLY
+ 1: MSV1_0_RETURN_PROFILE_PATH
+ 0: MSV1_0_TRY_SPECIFIED_DOMAIN_ONLY
+ 1: MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT
+ 0: MSV1_0_DISABLE_PERSONAL_FALLBACK
+ 1: MSV1_0_ALLOW_FORCE_GUEST
+ 0: MSV1_0_CLEARTEXT_PASSWORD_SUPPLIED
+ 0: MSV1_0_USE_DOMAIN_FOR_ROUTING_ONLY
+ 0: MSV1_0_ALLOW_MSVCHAPV2
+ 0: MSV1_0_S4U2SELF
+ 0: MSV1_0_CHECK_LOGONHOURS_FOR_S4U
+ 0: MSV1_0_SUBAUTHENTICATION_DLL_EX
+ logon_id : 0x0000000000884ef2 (8933106)
+ account_name: struct lsa_String
+ length : 0x000e (14)
+ size : 0x000e (14)
+ string : *
+ string : 'idmuser'
+ workstation: struct lsa_String
+ length : 0x0000 (0)
+ size : 0x0000 (0)
+ string : *
+ string : ''
+ challenge : 417207867bd33c74
+ nt: struct netr_ChallengeResponse
+ length : 0x00c0 (192)
+ size : 0x00c0 (192)
+ data : *
+ data: ARRAY(192)
+ [0000] A5 24 62 6E 31 DF 69 66 9E DC 54 D6 63 4C D6 2F .$bn1.if ..T.cL./
+ [0010] 01 01 00 00 00 00 00 00 50 37 D7 60 0C B8 D6 01 ........ P7.`....
+ [0020] 15 1B 38 4F 47 95 4D 62 00 00 00 00 02 00 0E 00 ..8OG.Mb ........
+ [0030] 57 00 49 00 4E 00 32 00 30 00 31 00 36 00 01 00 W.I.N.2. 0.1.6...
+ [0040] 06 00 41 00 44 00 31 00 04 00 18 00 77 00 69 00 ..A.D.1. ....w.i.
+ [0050] 6E 00 32 00 30 00 31 00 36 00 2E 00 74 00 65 00 n.2.0.1. 6...t.e.
+ [0060] 73 00 74 00 03 00 20 00 61 00 64 00 31 00 2E 00 s.t... . a.d.1...
+ [0070] 77 00 69 00 6E 00 32 00 30 00 31 00 36 00 2E 00 w.i.n.2. 0.1.6...
+ [0080] 74 00 65 00 73 00 74 00 05 00 18 00 77 00 69 00 t.e.s.t. ....w.i.
+ [0090] 6E 00 32 00 30 00 31 00 36 00 2E 00 74 00 65 00 n.2.0.1. 6...t.e.
+ [00A0] 73 00 74 00 07 00 08 00 50 37 D7 60 0C B8 D6 01 s.t..... P7.`....
+ [00B0] 06 00 04 00 02 00 00 00 00 00 00 00 00 00 00 00 ........ ........
+ lm: struct netr_ChallengeResponse
+ length : 0x0018 (24)
+ size : 0x0018 (24)
+ data : *
+ data : 000000000000000000000000000000000000000000000000
+ validation_level : 0x0006 (6)
+ flags : *
+ flags : 0x00000000 (0)
+ 0: NETLOGON_SAMLOGON_FLAG_PASS_TO_FOREST_ROOT
+ 0: NETLOGON_SAMLOGON_FLAG_PASS_CROSS_FOREST_HOP
+ 0: NETLOGON_SAMLOGON_FLAG_RODC_TO_OTHER_DOMAIN
+ 0: NETLOGON_SAMLOGON_FLAG_RODC_NTLM_REQUEST
+
+In such case checks for a workgroup name will not match the DNS forest
+name used in the username specification:
+
+[2020/11/11 09:23:53.283055, 3, pid=42677, effective(65534, 65534), real(65534, 0), class=auth] ../../source3/auth/auth.c:200(auth_check_ntlm_password)
+ check_ntlm_password: Checking password for unmapped user [IPA.TEST]\[idmuser]@[] with the new password interface
+[2020/11/11 09:23:53.283073, 3, pid=42677, effective(65534, 65534), real(65534, 0), class=auth] ../../source3/auth/auth.c:203(auth_check_ntlm_password)
+ check_ntlm_password: mapped user is: [IPA.TEST]\[idmuser]@[]
+[2020/11/11 09:23:53.283082, 10, pid=42677, effective(65534, 65534), real(65534, 0), class=auth] ../../source3/auth/auth.c:213(auth_check_ntlm_password)
+ check_ntlm_password: auth_context challenge created by fixed
+[2020/11/11 09:23:53.283091, 10, pid=42677, effective(65534, 65534), real(65534, 0), class=auth] ../../source3/auth/auth.c:216(auth_check_ntlm_password)
+ challenge is:
+[2020/11/11 09:23:53.283099, 5, pid=42677, effective(65534, 65534), real(65534, 0)] ../../lib/util/util.c:678(dump_data)
+ [0000] 41 72 07 86 7B D3 3C 74 Ar..{.<t
+[2020/11/11 09:23:53.283113, 10, pid=42677, effective(65534, 65534), real(65534, 0), class=auth] ../../source3/auth/auth_sam.c:209(auth_sam_netlogon3_auth)
+ auth_sam_netlogon3_auth: Check auth for: [IPA.TEST]\[idmuser]
+[2020/11/11 09:23:53.283123, 5, pid=42677, effective(65534, 65534), real(65534, 0), class=auth] ../../source3/auth/auth_sam.c:234(auth_sam_netlogon3_auth)
+ auth_sam_netlogon3_auth: IPA.TEST is not our domain name (DC for IPA)
+[2020/11/11 09:23:53.283131, 10, pid=42677, effective(65534, 65534), real(65534, 0), class=auth] ../../source3/auth/auth.c:249(auth_check_ntlm_password)
+ auth_check_ntlm_password: sam_netlogon3 had nothing to say
+
+and overall authentication attempt will fail: auth_winbind will complain
+that this domain is not a trusted one and refuse operating on it:
+
+[2020/11/11 09:23:53.283784, 10, pid=42663, effective(0, 0), real(0, 0), class=winbind] ../../source3/winbindd/winbindd.c:742(process_request_send)
+ process_request_send: process_request: Handling async request smbd(42677):PAM_AUTH_CRAP
+[2020/11/11 09:23:53.283796, 3, pid=42663, effective(0, 0), real(0, 0), class=winbind] ../../source3/winbindd/winbindd_pam_auth_crap.c:110(winbindd_pam_auth_crap_send)
+ [42677]: pam auth crap domain: [IPA.TEST] user: idmuser
+[2020/11/11 09:23:53.283810, 3, pid=42663, effective(0, 0), real(0, 0), class=winbind] ../../source3/winbindd/winbindd_pam.c:409(find_auth_domain)
+ Authentication for domain [IPA.TEST] refused as it is not a trusted domain
+[2020/11/11 09:23:53.283825, 10, pid=42663, effective(0, 0), real(0, 0), class=winbind] ../../source3/winbindd/winbindd.c:810(process_request_done)
+ process_request_done: [smbd(42677):PAM_AUTH_CRAP]: NT_STATUS_NO_SUCH_USER
+[2020/11/11 09:23:53.283844, 10, pid=42663, effective(0, 0), real(0, 0), class=winbind] ../../source3/winbindd/winbindd.c:855(process_request_written)
+ process_request_written: [smbd(42677):PAM_AUTH_CRAP]: delivered response to client
+
+Signed-off-by: Alexander Bokovoy <ab@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+(cherry picked from commit 2a8b672652dcbcf55ec59be537773d76f0f14d0a)
+---
+ source3/auth/auth_sam.c | 45 +++++++++++++++++++++++++++++++++++++----
+ 1 file changed, 41 insertions(+), 4 deletions(-)
+
+diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c
+index 3c12f959faf..e8e0d543f8c 100644
+--- a/source3/auth/auth_sam.c
++++ b/source3/auth/auth_sam.c
+@@ -22,6 +22,7 @@
+
+ #include "includes.h"
+ #include "auth.h"
++#include "passdb.h"
+
+ #undef DBGC_CLASS
+ #define DBGC_CLASS DBGC_AUTH
+@@ -142,10 +143,28 @@ static NTSTATUS auth_samstrict_auth(const struct auth_context *auth_context,
+ break;
+ case ROLE_DOMAIN_PDC:
+ case ROLE_DOMAIN_BDC:
+- if ( !is_local_name && !is_my_domain ) {
+- DEBUG(6,("check_samstrict_security: %s is not one of my local names or domain name (DC)\n",
+- effective_domain));
+- return NT_STATUS_NOT_IMPLEMENTED;
++ if (!is_local_name && !is_my_domain) {
++ /* If we are running on a DC that has PASSDB module with domain
++ * information, check if DNS forest name is matching the domain
++ * name. This is the case of FreeIPA domain controller when
++ * trusted AD DCs attempt to authenticate FreeIPA users using
++ * the forest root domain (which is the only domain in FreeIPA).
++ */
++ struct pdb_domain_info *dom_info = NULL;
++
++ dom_info = pdb_get_domain_info(mem_ctx);
++ if ((dom_info != NULL) && (dom_info->dns_forest != NULL)) {
++ is_my_domain = strequal(user_info->mapped.domain_name,
++ dom_info->dns_forest);
++ }
++
++ TALLOC_FREE(dom_info);
++ if (!is_my_domain) {
++ DEBUG(6,("check_samstrict_security: %s is not one "
++ "of my local names or domain name (DC)\n",
++ effective_domain));
++ return NT_STATUS_NOT_IMPLEMENTED;
++ }
+ }
+
+ break;
+@@ -230,6 +249,24 @@ static NTSTATUS auth_sam_netlogon3_auth(const struct auth_context *auth_context,
+ }
+
+ is_my_domain = strequal(user_info->mapped.domain_name, lp_workgroup());
++ if (!is_my_domain) {
++ /* If we are running on a DC that has PASSDB module with domain
++ * information, check if DNS forest name is matching the domain
++ * name. This is the case of FreeIPA domain controller when
++ * trusted AD DCs attempt to authenticate FreeIPA users using
++ * the forest root domain (which is the only domain in FreeIPA).
++ */
++ struct pdb_domain_info *dom_info = NULL;
++ dom_info = pdb_get_domain_info(mem_ctx);
++
++ if ((dom_info != NULL) && (dom_info->dns_forest != NULL)) {
++ is_my_domain = strequal(user_info->mapped.domain_name,
++ dom_info->dns_forest);
++ }
++
++ TALLOC_FREE(dom_info);
++ }
++
+ if (!is_my_domain) {
+ DBG_INFO("%s is not our domain name (DC for %s)\n",
+ effective_domain, lp_workgroup());
+--
+2.28.0
+
diff --git a/SPECS/samba.spec b/SPECS/samba.spec
index 8d5ec5f..8928adb 100644
--- a/SPECS/samba.spec
+++ b/SPECS/samba.spec
@@ -96,7 +96,7 @@
%define samba_requires_eq() %(LC_ALL="C" echo '%*' | xargs -r rpm -q --qf 'Requires: %%{name} = %%{epoch}:%%{version}\\n' | sed -e 's/ (none):/ /' -e 's/ 0:/ /' | grep -v "is not")
-%global main_release 1
+%global main_release 2
%global samba_version 4.13.2
%global talloc_version 2.3.1
@@ -804,6 +804,7 @@ necessary to communicate to the Winbind Daemon
%package winexe
Summary: Samba Winexe Windows Binary
License: GPLv3
+Requires: %{name}-client-libs = %{samba_depver}
%description winexe
Winexe is a Remote Windows®-command executor
@@ -953,6 +954,7 @@ export LDFLAGS="%{__global_ldflags} -fuse-ld=gold"
%if %{with testsuite}
--enable-selftest \
%endif
+ --with-profiling-data \
--with-systemd \
--systemd-install-services \
--with-systemddir=/usr/lib/systemd/system \
@@ -1550,21 +1552,22 @@ fi
### CLIENT-LIBS
%files client-libs
%{_libdir}/libdcerpc-binding.so.*
-%{_libdir}/libndr.so.*
+%{_libdir}/libdcerpc-server-core.so.*
+%{_libdir}/libdcerpc.so.*
%{_libdir}/libndr-krb5pac.so.*
%{_libdir}/libndr-nbt.so.*
%{_libdir}/libndr-standard.so.*
+%{_libdir}/libndr.so.*
%{_libdir}/libnetapi.so.*
%{_libdir}/libsamba-credentials.so.*
%{_libdir}/libsamba-errors.so.*
+%{_libdir}/libsamba-hostconfig.so.*
%{_libdir}/libsamba-passdb.so.*
%{_libdir}/libsamba-util.so.*
-%{_libdir}/libsamba-hostconfig.so.*
%{_libdir}/libsamdb.so.*
%{_libdir}/libsmbconf.so.*
%{_libdir}/libsmbldap.so.*
%{_libdir}/libtevent-util.so.*
-%{_libdir}/libdcerpc.so.*
%dir %{_libdir}/samba
%{_libdir}/samba/libCHARSET3-samba4.so
@@ -2020,7 +2023,6 @@ fi
### LIBS
%files libs
%{_libdir}/libdcerpc-samr.so.*
-%{_libdir}/libdcerpc-server-core.so.*
%{_libdir}/samba/libLIBWBCLIENT-OLD-samba4.so
%{_libdir}/samba/libauth4-samba4.so
@@ -3774,6 +3776,11 @@ fi
%endif
%changelog
+* Tue Nov 17 2020 Andreas Schneider <asn@redhat.com> - 4.13.2-2
+- related: #1869702 - Fix spoolss crash
+- resolves: #1896736 - Fix name lookups of FreeIPA users
+- resolves: #1899113 - Fix DFS links
+
* Tue Nov 03 2020 Andreas Schneider <asn@redhat.com> - 4.13.2-1
- resolves: #1878109 - Rebase Samba to version 4.13.2
- resolves: #1872833 - Add samba-winexe subpackage