import samba-4.18.6-100.el9

c9 imports/c9/samba-4.18.6-100.el9
MSVSphere Packaging Team 1 year ago
parent c6a7cbcb6e
commit 154001a0f9

2
.gitignore vendored

@ -1,2 +1,2 @@
SOURCES/samba-4.17.5.tar.xz
SOURCES/samba-4.18.6.tar.xz
SOURCES/samba-pubkey_AA99442FB680B620.gpg

@ -1,2 +1,2 @@
68926a886d20bbd5b4d768d9788d4b5a5ca399e5 SOURCES/samba-4.17.5.tar.xz
12b41f2a849cb6c40e9f5b174bb1cd823a060bd7 SOURCES/samba-4.18.6.tar.xz
971f563c447eda8d144d6c9e743cd0f0488c0d9e SOURCES/samba-pubkey_AA99442FB680B620.gpg

@ -1,441 +0,0 @@
From 2c987aa203f12390c51810e4fbca6a176180a8b1 Mon Sep 17 00:00:00 2001
From: Ralph Boehme <slow@samba.org>
Date: Tue, 20 Jun 2023 12:46:31 +0200
Subject: [PATCH 1/5] CVE-2023-3347: CI: add a test for server-side mandatory
signing
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15397
Signed-off-by: Ralph Boehme <slow@samba.org>
---
.../samba3.smb2.session-require-signing | 1 +
selftest/target/Samba3.pm | 1 +
source3/selftest/tests.py | 2 +
source4/torture/smb2/session.c | 64 +++++++++++++++++++
source4/torture/smb2/smb2.c | 1 +
5 files changed, 69 insertions(+)
create mode 100644 selftest/knownfail.d/samba3.smb2.session-require-signing
diff --git a/selftest/knownfail.d/samba3.smb2.session-require-signing b/selftest/knownfail.d/samba3.smb2.session-require-signing
new file mode 100644
index 000000000000..53b7a7022a83
--- /dev/null
+++ b/selftest/knownfail.d/samba3.smb2.session-require-signing
@@ -0,0 +1 @@
+^samba3.smb2.session-require-signing.bug15397
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index 9c590547c943..3336c5b8e97c 100755
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -1294,6 +1294,7 @@ sub setup_ad_member_idmap_rid
# values required for tests to succeed
create krb5 conf = no
map to guest = bad user
+ server signing = required
";
my $ret = $self->provision(
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index 04349c1f1f75..887bf6d52933 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -938,6 +938,8 @@ tests = base + raw + smb2 + rpc + unix + local + rap + nbt + idmap + vfs
# Certain tests fail when run against ad_member with MIT kerberos because the private krb5.conf overrides the provisioned lib/krb5.conf,
# ad_member_idmap_rid sets "create krb5.conf = no"
plansmbtorture4testsuite(t, "ad_member_idmap_rid", '//$SERVER/tmp -k yes -U$DC_USERNAME@$REALM%$DC_PASSWORD', 'krb5')
+ elif t == "smb2.session-require-signing":
+ plansmbtorture4testsuite(t, "ad_member_idmap_rid", '//$SERVER_IP/tmp -U$DC_USERNAME@$REALM%$DC_PASSWORD')
elif t == "rpc.lsa":
plansmbtorture4testsuite(t, "nt4_dc", '//$SERVER_IP/tmp -U$USERNAME%$PASSWORD', 'over ncacn_np ')
plansmbtorture4testsuite(t, "nt4_dc", 'ncacn_ip_tcp:$SERVER_IP -U$USERNAME%$PASSWORD', 'over ncacn_ip_tcp ')
diff --git a/source4/torture/smb2/session.c b/source4/torture/smb2/session.c
index 92f9e638ff47..e417008cad7a 100644
--- a/source4/torture/smb2/session.c
+++ b/source4/torture/smb2/session.c
@@ -5498,3 +5498,67 @@ struct torture_suite *torture_smb2_session_init(TALLOC_CTX *ctx)
return suite;
}
+
+static bool test_session_require_sign_bug15397(struct torture_context *tctx,
+ struct smb2_tree *_tree)
+{
+ const char *host = torture_setting_string(tctx, "host", NULL);
+ const char *share = torture_setting_string(tctx, "share", NULL);
+ struct cli_credentials *_creds = samba_cmdline_get_creds();
+ struct cli_credentials *creds = NULL;
+ struct smbcli_options options;
+ struct smb2_tree *tree = NULL;
+ uint8_t security_mode;
+ NTSTATUS status;
+ bool ok = true;
+
+ /*
+ * Setup our own connection so we can control the signing flags
+ */
+
+ creds = cli_credentials_shallow_copy(tctx, _creds);
+ torture_assert(tctx, creds != NULL, "cli_credentials_shallow_copy");
+
+ options = _tree->session->transport->options;
+ options.client_guid = GUID_random();
+ options.signing = SMB_SIGNING_IF_REQUIRED;
+
+ status = smb2_connect(tctx,
+ host,
+ lpcfg_smb_ports(tctx->lp_ctx),
+ share,
+ lpcfg_resolve_context(tctx->lp_ctx),
+ creds,
+ &tree,
+ tctx->ev,
+ &options,
+ lpcfg_socket_options(tctx->lp_ctx),
+ lpcfg_gensec_settings(tctx, tctx->lp_ctx));
+ torture_assert_ntstatus_ok_goto(tctx, status, ok, done,
+ "smb2_connect failed");
+
+ security_mode = smb2cli_session_security_mode(tree->session->smbXcli);
+
+ torture_assert_int_equal_goto(
+ tctx,
+ security_mode,
+ SMB2_NEGOTIATE_SIGNING_REQUIRED | SMB2_NEGOTIATE_SIGNING_ENABLED,
+ ok,
+ done,
+ "Signing not required");
+
+done:
+ return ok;
+}
+
+struct torture_suite *torture_smb2_session_req_sign_init(TALLOC_CTX *ctx)
+{
+ struct torture_suite *suite =
+ torture_suite_create(ctx, "session-require-signing");
+
+ torture_suite_add_1smb2_test(suite, "bug15397",
+ test_session_require_sign_bug15397);
+
+ suite->description = talloc_strdup(suite, "SMB2-SESSION require signing tests");
+ return suite;
+}
diff --git a/source4/torture/smb2/smb2.c b/source4/torture/smb2/smb2.c
index c717db50b70c..8621f09d820c 100644
--- a/source4/torture/smb2/smb2.c
+++ b/source4/torture/smb2/smb2.c
@@ -189,6 +189,7 @@ NTSTATUS torture_smb2_init(TALLOC_CTX *ctx)
torture_suite_add_suite(suite, torture_smb2_sharemode_init(suite));
torture_suite_add_1smb2_test(suite, "hold-oplock", test_smb2_hold_oplock);
torture_suite_add_suite(suite, torture_smb2_session_init(suite));
+ torture_suite_add_suite(suite, torture_smb2_session_req_sign_init(suite));
torture_suite_add_suite(suite, torture_smb2_replay_init(suite));
torture_suite_add_simple_test(suite, "dosmode", torture_smb2_dosmode);
torture_suite_add_simple_test(suite, "async_dosmode", torture_smb2_async_dosmode);
--
2.40.0
From dfde1691d336fe658857e576cec0debd3a2450b9 Mon Sep 17 00:00:00 2001
From: Ralph Boehme <slow@samba.org>
Date: Wed, 21 Jun 2023 15:06:12 +0200
Subject: [PATCH 2/5] CVE-2023-3347: smbd: pass lp_ctx to
smb[1|2]_srv_init_signing()
No change in behaviour.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15397
Signed-off-by: Ralph Boehme <slow@samba.org>
---
source3/smbd/proto.h | 3 ++-
source3/smbd/smb1_signing.c | 10 ++--------
source3/smbd/smb1_signing.h | 3 ++-
source3/smbd/smb2_signing.c | 25 +++++++++++++++----------
4 files changed, 21 insertions(+), 20 deletions(-)
diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h
index c4a330145151..67cc5e8a380a 100644
--- a/source3/smbd/proto.h
+++ b/source3/smbd/proto.h
@@ -52,7 +52,8 @@ struct dcesrv_context;
/* The following definitions come from smbd/smb2_signing.c */
-bool smb2_srv_init_signing(struct smbXsrv_connection *conn);
+bool smb2_srv_init_signing(struct loadparm_context *lp_ctx,
+ struct smbXsrv_connection *conn);
bool srv_init_signing(struct smbXsrv_connection *conn);
/* The following definitions come from smbd/aio.c */
diff --git a/source3/smbd/smb1_signing.c b/source3/smbd/smb1_signing.c
index 6bcb0629c4f0..aa3027d53182 100644
--- a/source3/smbd/smb1_signing.c
+++ b/source3/smbd/smb1_signing.c
@@ -170,18 +170,13 @@ static void smbd_shm_signing_free(TALLOC_CTX *mem_ctx, void *ptr)
Called by server negprot when signing has been negotiated.
************************************************************/
-bool smb1_srv_init_signing(struct smbXsrv_connection *conn)
+bool smb1_srv_init_signing(struct loadparm_context *lp_ctx,
+ struct smbXsrv_connection *conn)
{
bool allowed = true;
bool desired;
bool mandatory = false;
- struct loadparm_context *lp_ctx = loadparm_init_s3(conn, loadparm_s3_helpers());
- if (lp_ctx == NULL) {
- DEBUG(10, ("loadparm_init_s3 failed\n"));
- return false;
- }
-
/*
* if the client and server allow signing,
* we desire to use it.
@@ -195,7 +190,6 @@ bool smb1_srv_init_signing(struct smbXsrv_connection *conn)
*/
desired = lpcfg_server_signing_allowed(lp_ctx, &mandatory);
- talloc_unlink(conn, lp_ctx);
if (lp_async_smb_echo_handler()) {
struct smbd_shm_signing *s;
diff --git a/source3/smbd/smb1_signing.h b/source3/smbd/smb1_signing.h
index 56c59c5bbc21..26f60420dfa8 100644
--- a/source3/smbd/smb1_signing.h
+++ b/source3/smbd/smb1_signing.h
@@ -33,4 +33,5 @@ bool smb1_srv_is_signing_negotiated(struct smbXsrv_connection *conn);
void smb1_srv_set_signing(struct smbXsrv_connection *conn,
const DATA_BLOB user_session_key,
const DATA_BLOB response);
-bool smb1_srv_init_signing(struct smbXsrv_connection *conn);
+bool smb1_srv_init_signing(struct loadparm_context *lp_ctx,
+ struct smbXsrv_connection *conn);
diff --git a/source3/smbd/smb2_signing.c b/source3/smbd/smb2_signing.c
index 4691ef4d6130..c1f876f9cd74 100644
--- a/source3/smbd/smb2_signing.c
+++ b/source3/smbd/smb2_signing.c
@@ -26,32 +26,37 @@
#include "lib/param/param.h"
#include "smb2_signing.h"
-bool smb2_srv_init_signing(struct smbXsrv_connection *conn)
+bool smb2_srv_init_signing(struct loadparm_context *lp_ctx,
+ struct smbXsrv_connection *conn)
{
- struct loadparm_context *lp_ctx = loadparm_init_s3(conn, loadparm_s3_helpers());
- if (lp_ctx == NULL) {
- DBG_DEBUG("loadparm_init_s3 failed\n");
- return false;
- }
-
/*
* For SMB2 all we need to know is if signing is mandatory.
* It is always allowed and desired, whatever the smb.conf says.
*/
(void)lpcfg_server_signing_allowed(lp_ctx, &conn->smb2.signing_mandatory);
- talloc_unlink(conn, lp_ctx);
return true;
}
bool srv_init_signing(struct smbXsrv_connection *conn)
{
+ struct loadparm_context *lp_ctx = NULL;
+ bool ok;
+
+ lp_ctx = loadparm_init_s3(conn, loadparm_s3_helpers());
+ if (lp_ctx == NULL) {
+ DBG_DEBUG("loadparm_init_s3 failed\n");
+ return false;
+ }
+
#if defined(WITH_SMB1SERVER)
if (conn->protocol >= PROTOCOL_SMB2_02) {
#endif
- return smb2_srv_init_signing(conn);
+ ok = smb2_srv_init_signing(lp_ctx, conn);
#if defined(WITH_SMB1SERVER)
} else {
- return smb1_srv_init_signing(conn);
+ ok = smb1_srv_init_signing(lp_ctx, conn);
}
#endif
+ talloc_unlink(conn, lp_ctx);
+ return ok;
}
--
2.40.0
From fd5f7d15869b67c41f681539348f7917a8c2fc0c Mon Sep 17 00:00:00 2001
From: Ralph Boehme <slow@samba.org>
Date: Wed, 21 Jun 2023 15:10:58 +0200
Subject: [PATCH 3/5] CVE-2023-3347: smbd: inline smb2_srv_init_signing() code
in srv_init_signing()
It's now a one-line function, imho the overall code is simpler if that code is
just inlined.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15397
Signed-off-by: Ralph Boehme <slow@samba.org>
---
source3/smbd/proto.h | 2 --
source3/smbd/smb2_signing.c | 19 ++++++-------------
2 files changed, 6 insertions(+), 15 deletions(-)
diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h
index 67cc5e8a380a..8075f4e567e3 100644
--- a/source3/smbd/proto.h
+++ b/source3/smbd/proto.h
@@ -52,8 +52,6 @@ struct dcesrv_context;
/* The following definitions come from smbd/smb2_signing.c */
-bool smb2_srv_init_signing(struct loadparm_context *lp_ctx,
- struct smbXsrv_connection *conn);
bool srv_init_signing(struct smbXsrv_connection *conn);
/* The following definitions come from smbd/aio.c */
diff --git a/source3/smbd/smb2_signing.c b/source3/smbd/smb2_signing.c
index c1f876f9cd74..ef4a54d57107 100644
--- a/source3/smbd/smb2_signing.c
+++ b/source3/smbd/smb2_signing.c
@@ -26,21 +26,10 @@
#include "lib/param/param.h"
#include "smb2_signing.h"
-bool smb2_srv_init_signing(struct loadparm_context *lp_ctx,
- struct smbXsrv_connection *conn)
-{
- /*
- * For SMB2 all we need to know is if signing is mandatory.
- * It is always allowed and desired, whatever the smb.conf says.
- */
- (void)lpcfg_server_signing_allowed(lp_ctx, &conn->smb2.signing_mandatory);
- return true;
-}
-
bool srv_init_signing(struct smbXsrv_connection *conn)
{
struct loadparm_context *lp_ctx = NULL;
- bool ok;
+ bool ok = true;
lp_ctx = loadparm_init_s3(conn, loadparm_s3_helpers());
if (lp_ctx == NULL) {
@@ -51,7 +40,11 @@ bool srv_init_signing(struct smbXsrv_connection *conn)
#if defined(WITH_SMB1SERVER)
if (conn->protocol >= PROTOCOL_SMB2_02) {
#endif
- ok = smb2_srv_init_signing(lp_ctx, conn);
+ /*
+ * For SMB2 all we need to know is if signing is mandatory.
+ * It is always allowed and desired, whatever the smb.conf says.
+ */
+ (void)lpcfg_server_signing_allowed(lp_ctx, &conn->smb2.signing_mandatory);
#if defined(WITH_SMB1SERVER)
} else {
ok = smb1_srv_init_signing(lp_ctx, conn);
--
2.40.0
From afe8b8d4f55ac330683645dad149a1691c15e2bd Mon Sep 17 00:00:00 2001
From: Ralph Boehme <slow@samba.org>
Date: Tue, 20 Jun 2023 18:13:23 +0200
Subject: [PATCH 4/5] CVE-2023-3347: smbd: remove comment in
smbd_smb2_request_process_negprot()
This is just going to bitrot. Anyone who's interested can just grep for
"signing_mandatory" and look up what it does.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15397
Signed-off-by: Ralph Boehme <slow@samba.org>
---
source3/smbd/smb2_negprot.c | 6 ------
1 file changed, 6 deletions(-)
diff --git a/source3/smbd/smb2_negprot.c b/source3/smbd/smb2_negprot.c
index baddbecaade9..685a1460cef4 100644
--- a/source3/smbd/smb2_negprot.c
+++ b/source3/smbd/smb2_negprot.c
@@ -361,12 +361,6 @@ NTSTATUS smbd_smb2_request_process_negprot(struct smbd_smb2_request *req)
}
security_mode = SMB2_NEGOTIATE_SIGNING_ENABLED;
- /*
- * We use xconn->smb2.signing_mandatory set up via
- * srv_init_signing() -> smb2_srv_init_signing().
- * This calls lpcfg_server_signing_allowed() to get the correct
- * defaults, e.g. signing_required for an ad_dc.
- */
if (xconn->smb2.signing_mandatory) {
security_mode |= SMB2_NEGOTIATE_SIGNING_REQUIRED;
}
--
2.40.0
From d01483dba47134ee1cc959d3e52ef2af1b1221d8 Mon Sep 17 00:00:00 2001
From: Ralph Boehme <slow@samba.org>
Date: Tue, 20 Jun 2023 15:33:02 +0200
Subject: [PATCH 5/5] CVE-2023-3347: smbd: fix "server signing = mandatory"
This was broken by commit 1f3f6e20dc086a36de52bffd0bc36e15fb19e1c6 because when
calling srv_init_signing() very early after accepting the connection in
smbd_add_connection(), conn->protocol is still PROTOCOL_NONE.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15397
Signed-off-by: Ralph Boehme <slow@samba.org>
---
.../samba3.smb2.session-require-signing | 1 -
source3/smbd/smb2_signing.c | 19 ++++++++-----------
2 files changed, 8 insertions(+), 12 deletions(-)
delete mode 100644 selftest/knownfail.d/samba3.smb2.session-require-signing
diff --git a/selftest/knownfail.d/samba3.smb2.session-require-signing b/selftest/knownfail.d/samba3.smb2.session-require-signing
deleted file mode 100644
index 53b7a7022a83..000000000000
--- a/selftest/knownfail.d/samba3.smb2.session-require-signing
+++ /dev/null
@@ -1 +0,0 @@
-^samba3.smb2.session-require-signing.bug15397
diff --git a/source3/smbd/smb2_signing.c b/source3/smbd/smb2_signing.c
index ef4a54d57107..73d07380dfa1 100644
--- a/source3/smbd/smb2_signing.c
+++ b/source3/smbd/smb2_signing.c
@@ -37,19 +37,16 @@ bool srv_init_signing(struct smbXsrv_connection *conn)
return false;
}
+ /*
+ * For SMB2 all we need to know is if signing is mandatory.
+ * It is always allowed and desired, whatever the smb.conf says.
+ */
+ (void)lpcfg_server_signing_allowed(lp_ctx, &conn->smb2.signing_mandatory);
+
#if defined(WITH_SMB1SERVER)
- if (conn->protocol >= PROTOCOL_SMB2_02) {
-#endif
- /*
- * For SMB2 all we need to know is if signing is mandatory.
- * It is always allowed and desired, whatever the smb.conf says.
- */
- (void)lpcfg_server_signing_allowed(lp_ctx, &conn->smb2.signing_mandatory);
-#if defined(WITH_SMB1SERVER)
- } else {
- ok = smb1_srv_init_signing(lp_ctx, conn);
- }
+ ok = smb1_srv_init_signing(lp_ctx, conn);
#endif
+
talloc_unlink(conn, lp_ctx);
return ok;
}
--
2.40.0

@ -1,356 +0,0 @@
From 5a0951ffae8e030dfabad6f6eac9d2b48aba7a5b Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Sat, 15 Jul 2023 17:20:32 +0200
Subject: [PATCH 1/4] netlogon.idl: add support for netr_LogonGetCapabilities
response level 2
We don't have any documentation about this yet, but tests against
a Windows Server 2022 patched with KB5028166 revealed that
the response for query_level=2 is exactly the same as
for querey_level=1.
Until we know the reason for query_level=2 we won't
use it as client nor support it in the server, but
we want ndrdump to work.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15418
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 5f87888ed53320538cf773d64868390d8641a40e)
---
librpc/idl/netlogon.idl | 1 +
1 file changed, 1 insertion(+)
diff --git a/librpc/idl/netlogon.idl b/librpc/idl/netlogon.idl
index e563e114900b..c77151af26b1 100644
--- a/librpc/idl/netlogon.idl
+++ b/librpc/idl/netlogon.idl
@@ -1241,6 +1241,7 @@ interface netlogon
/* Function 0x15 */
typedef [switch_type(uint32)] union {
[case(1)] netr_NegotiateFlags server_capabilities;
+ [case(2)] netr_NegotiateFlags server_capabilities;
} netr_Capabilities;
NTSTATUS netr_LogonGetCapabilities(
--
2.34.1
From c28a4312122189740a6e02f1a9e4394d6c9c7f2e Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Sat, 15 Jul 2023 17:25:05 +0200
Subject: [PATCH 2/4] s4:torture/rpc: let rpc.schannel also check
netr_LogonGetCapabilities with different levels
The important change it that we expect DCERPC_NCA_S_FAULT_INVALID_TAG
for unsupported query_levels, we allow it to work with servers
with or without support for query_level=2.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15418
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 404ce08e9088968311c714e756f5d58ce2cef715)
---
.../knownfail.d/netr_LogonGetCapabilities | 3 +
source4/torture/rpc/netlogon.c | 77 ++++++++++++++++++-
2 files changed, 79 insertions(+), 1 deletion(-)
create mode 100644 selftest/knownfail.d/netr_LogonGetCapabilities
diff --git a/selftest/knownfail.d/netr_LogonGetCapabilities b/selftest/knownfail.d/netr_LogonGetCapabilities
new file mode 100644
index 000000000000..30aadf3bb9d5
--- /dev/null
+++ b/selftest/knownfail.d/netr_LogonGetCapabilities
@@ -0,0 +1,3 @@
+^samba3.rpc.schannel.*\.schannel\(nt4_dc
+^samba3.rpc.schannel.*\.schannel\(ad_dc
+^samba4.rpc.schannel.*\.schannel\(ad_dc
diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c
index 1f068eb78265..a3d190f13dd8 100644
--- a/source4/torture/rpc/netlogon.c
+++ b/source4/torture/rpc/netlogon.c
@@ -2056,8 +2056,47 @@ bool test_netlogon_capabilities(struct dcerpc_pipe *p, struct torture_context *t
r.out.capabilities = &capabilities;
r.out.return_authenticator = &return_auth;
- torture_comment(tctx, "Testing LogonGetCapabilities\n");
+ torture_comment(tctx, "Testing LogonGetCapabilities with query_level=0\n");
+ r.in.query_level = 0;
+ ZERO_STRUCT(return_auth);
+
+ /*
+ * we need to operate on a temporary copy of creds
+ * because dcerpc_netr_LogonGetCapabilities with
+ * an unknown query level returns DCERPC_NCA_S_FAULT_INVALID_TAG
+ * => NT_STATUS_RPC_ENUM_VALUE_OUT_OF_RANGE
+ * without looking a the authenticator.
+ */
+ tmp_creds = *creds;
+ netlogon_creds_client_authenticator(&tmp_creds, &auth);
+
+ status = dcerpc_netr_LogonGetCapabilities_r(b, tctx, &r);
+ torture_assert_ntstatus_equal(tctx, status, NT_STATUS_RPC_ENUM_VALUE_OUT_OF_RANGE,
+ "LogonGetCapabilities query_level=0 failed");
+
+ torture_comment(tctx, "Testing LogonGetCapabilities with query_level=3\n");
+
+ r.in.query_level = 3;
+ ZERO_STRUCT(return_auth);
+
+ /*
+ * we need to operate on a temporary copy of creds
+ * because dcerpc_netr_LogonGetCapabilities with
+ * an unknown query level returns DCERPC_NCA_S_FAULT_INVALID_TAG
+ * => NT_STATUS_RPC_ENUM_VALUE_OUT_OF_RANGE
+ * without looking a the authenticator.
+ */
+ tmp_creds = *creds;
+ netlogon_creds_client_authenticator(&tmp_creds, &auth);
+
+ status = dcerpc_netr_LogonGetCapabilities_r(b, tctx, &r);
+ torture_assert_ntstatus_equal(tctx, status, NT_STATUS_RPC_ENUM_VALUE_OUT_OF_RANGE,
+ "LogonGetCapabilities query_level=0 failed");
+
+ torture_comment(tctx, "Testing LogonGetCapabilities with query_level=1\n");
+
+ r.in.query_level = 1;
ZERO_STRUCT(return_auth);
/*
@@ -2077,6 +2116,42 @@ bool test_netlogon_capabilities(struct dcerpc_pipe *p, struct torture_context *t
*creds = tmp_creds;
+ torture_assert(tctx, netlogon_creds_client_check(creds,
+ &r.out.return_authenticator->cred),
+ "Credential chaining failed");
+
+ torture_assert_int_equal(tctx, creds->negotiate_flags,
+ capabilities.server_capabilities,
+ "negotiate flags");
+
+ torture_comment(tctx, "Testing LogonGetCapabilities with query_level=2\n");
+
+ r.in.query_level = 2;
+ ZERO_STRUCT(return_auth);
+
+ /*
+ * we need to operate on a temporary copy of creds
+ * because dcerpc_netr_LogonGetCapabilities with
+ * an query level 2 may returns DCERPC_NCA_S_FAULT_INVALID_TAG
+ * => NT_STATUS_RPC_ENUM_VALUE_OUT_OF_RANGE
+ * without looking a the authenticator.
+ */
+ tmp_creds = *creds;
+ netlogon_creds_client_authenticator(&tmp_creds, &auth);
+
+ status = dcerpc_netr_LogonGetCapabilities_r(b, tctx, &r);
+ if (NT_STATUS_EQUAL(status, NT_STATUS_RPC_ENUM_VALUE_OUT_OF_RANGE)) {
+ /*
+ * an server without KB5028166 returns
+ * DCERPC_NCA_S_FAULT_INVALID_TAG =>
+ * NT_STATUS_RPC_ENUM_VALUE_OUT_OF_RANGE
+ */
+ return true;
+ }
+ torture_assert_ntstatus_ok(tctx, status, "LogonGetCapabilities query_level=2 failed");
+
+ *creds = tmp_creds;
+
torture_assert(tctx, netlogon_creds_client_check(creds,
&r.out.return_authenticator->cred),
"Credential chaining failed");
--
2.34.1
From 4c4c630fe99c253f3400fc7a4542178eba9d0aa7 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Sat, 15 Jul 2023 16:11:48 +0200
Subject: [PATCH 3/4] s4:rpc_server:netlogon: generate FAULT_INVALID_TAG for
invalid netr_LogonGetCapabilities levels
This is important as Windows clients with KB5028166 seem to
call netr_LogonGetCapabilities with query_level=2 after
a call with query_level=1.
An unpatched Windows Server returns DCERPC_NCA_S_FAULT_INVALID_TAG
for query_level values other than 1.
While Samba tries to return NT_STATUS_NOT_SUPPORTED, but
later fails to marshall the response, which results
in DCERPC_FAULT_BAD_STUB_DATA instead.
Because we don't have any documentation for level 2 yet,
we just try to behave like an unpatched server and
generate DCERPC_NCA_S_FAULT_INVALID_TAG instead of
DCERPC_FAULT_BAD_STUB_DATA.
Which allows patched Windows clients to keep working
against a Samba DC.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15418
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit d5f1097b6220676d56ed5fc6707acf667b704518)
---
.../knownfail.d/netr_LogonGetCapabilities | 2 --
source4/rpc_server/netlogon/dcerpc_netlogon.c | 28 ++++++++++++++++---
2 files changed, 24 insertions(+), 6 deletions(-)
diff --git a/selftest/knownfail.d/netr_LogonGetCapabilities b/selftest/knownfail.d/netr_LogonGetCapabilities
index 30aadf3bb9d5..99c7ac711ede 100644
--- a/selftest/knownfail.d/netr_LogonGetCapabilities
+++ b/selftest/knownfail.d/netr_LogonGetCapabilities
@@ -1,3 +1 @@
^samba3.rpc.schannel.*\.schannel\(nt4_dc
-^samba3.rpc.schannel.*\.schannel\(ad_dc
-^samba4.rpc.schannel.*\.schannel\(ad_dc
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index 314b469a718a..e203e04143d7 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -2359,6 +2359,30 @@ static NTSTATUS dcesrv_netr_LogonGetCapabilities(struct dcesrv_call_state *dce_c
struct netlogon_creds_CredentialState *creds;
NTSTATUS status;
+ switch (r->in.query_level) {
+ case 1:
+ break;
+ case 2:
+ /*
+ * Until we know the details behind KB5028166
+ * just return DCERPC_NCA_S_FAULT_INVALID_TAG
+ * like an unpatched Windows Server.
+ */
+ FALL_THROUGH;
+ default:
+ /*
+ * There would not be a way to marshall the
+ * the response. Which would mean our final
+ * ndr_push would fail an we would return
+ * an RPC-level fault with DCERPC_FAULT_BAD_STUB_DATA.
+ *
+ * But it's important to match a Windows server
+ * especially before KB5028166, see also our bug #15418
+ * Otherwise Windows client would stop talking to us.
+ */
+ DCESRV_FAULT(DCERPC_NCA_S_FAULT_INVALID_TAG);
+ }
+
status = dcesrv_netr_creds_server_step_check(dce_call,
mem_ctx,
r->in.computer_name,
@@ -2370,10 +2394,6 @@ static NTSTATUS dcesrv_netr_LogonGetCapabilities(struct dcesrv_call_state *dce_c
}
NT_STATUS_NOT_OK_RETURN(status);
- if (r->in.query_level != 1) {
- return NT_STATUS_NOT_SUPPORTED;
- }
-
r->out.capabilities->server_capabilities = creds->negotiate_flags;
return NT_STATUS_OK;
--
2.34.1
From 44fb6686eee8f1c8767eee6a26edc215dccbc766 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Sat, 15 Jul 2023 16:11:48 +0200
Subject: [PATCH 4/4] s3:rpc_server:netlogon: generate FAULT_INVALID_TAG for
invalid netr_LogonGetCapabilities levels
This is important as Windows clients with KB5028166 seem to
call netr_LogonGetCapabilities with query_level=2 after
a call with query_level=1.
An unpatched Windows Server returns DCERPC_NCA_S_FAULT_INVALID_TAG
for query_level values other than 1.
While Samba tries to return NT_STATUS_NOT_SUPPORTED, but
later fails to marshall the response, which results
in DCERPC_FAULT_BAD_STUB_DATA instead.
Because we don't have any documentation for level 2 yet,
we just try to behave like an unpatched server and
generate DCERPC_NCA_S_FAULT_INVALID_TAG instead of
DCERPC_FAULT_BAD_STUB_DATA.
Which allows patched Windows clients to keep working
against a Samba DC.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15418
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Jul 17 07:35:09 UTC 2023 on atb-devel-224
(cherry picked from commit dfeabce44fbb78083fbbb2aa634fc4172cf83db9)
---
.../knownfail.d/netr_LogonGetCapabilities | 1 -
source3/rpc_server/netlogon/srv_netlog_nt.c | 29 ++++++++++++++++---
2 files changed, 25 insertions(+), 5 deletions(-)
delete mode 100644 selftest/knownfail.d/netr_LogonGetCapabilities
diff --git a/selftest/knownfail.d/netr_LogonGetCapabilities b/selftest/knownfail.d/netr_LogonGetCapabilities
deleted file mode 100644
index 99c7ac711ede..000000000000
--- a/selftest/knownfail.d/netr_LogonGetCapabilities
+++ /dev/null
@@ -1 +0,0 @@
-^samba3.rpc.schannel.*\.schannel\(nt4_dc
diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c
index 83318fff7532..c91eeed06b8d 100644
--- a/source3/rpc_server/netlogon/srv_netlog_nt.c
+++ b/source3/rpc_server/netlogon/srv_netlog_nt.c
@@ -2286,6 +2286,31 @@ NTSTATUS _netr_LogonGetCapabilities(struct pipes_struct *p,
struct netlogon_creds_CredentialState *creds;
NTSTATUS status;
+ switch (r->in.query_level) {
+ case 1:
+ break;
+ case 2:
+ /*
+ * Until we know the details behind KB5028166
+ * just return DCERPC_NCA_S_FAULT_INVALID_TAG
+ * like an unpatched Windows Server.
+ */
+ FALL_THROUGH;
+ default:
+ /*
+ * There would not be a way to marshall the
+ * the response. Which would mean our final
+ * ndr_push would fail an we would return
+ * an RPC-level fault with DCERPC_FAULT_BAD_STUB_DATA.
+ *
+ * But it's important to match a Windows server
+ * especially before KB5028166, see also our bug #15418
+ * Otherwise Windows client would stop talking to us.
+ */
+ p->fault_state = DCERPC_NCA_S_FAULT_INVALID_TAG;
+ return NT_STATUS_NOT_SUPPORTED;
+ }
+
become_root();
status = dcesrv_netr_creds_server_step_check(p->dce_call,
p->mem_ctx,
@@ -2298,10 +2323,6 @@ NTSTATUS _netr_LogonGetCapabilities(struct pipes_struct *p,
return status;
}
- if (r->in.query_level != 1) {
- return NT_STATUS_NOT_SUPPORTED;
- }
-
r->out.capabilities->server_capabilities = creds->negotiate_flags;
return NT_STATUS_OK;
--
2.34.1

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmPSvJEACgkQqplEL7aA
tiDXbA//bPY+2A4y8zPJLibWjRtmv76xTgj1EJMZoC5d7+5PXQfuVhVULGYrxriF
MIF4CtTnMDk20mihnQb03csGpZGvqfBKbZg6jYolqeTmwRDgKXf9dxLxYYBGswPN
JXiF/ZvDQzEorrsz24o7i9Pe44IXpdf7+3RjIXhKjCa2vFQibTndGRhYb0UYiR9S
DELp6V/rmV9/BrYWVhHVnuzROzNWsrXIyu1GPNRWdX6ptJmjq6f8wZUP0NODYsBP
e0+BpXwob795tDSAMBnbnp7ZsHRYgB2/iWDTe19MF5LjHCcPwRWmzfZjiWQuz11D
kg7RUmlTkpU0mrToM+Uyg3Lhc8sayojDTHkIuIPBTuirdKuyP5Zov1wCaPuvf8Ew
LCQlQsC2AVeko8xY7P5ieXrmsfncoKR23S0MaKM6oNXooMJcNFnemMvCsOGGeGCi
HJa1whPdI5Cj3zLB5X35UNMmauS7qWyyj3lS2horg8L/iIQ3R3q+0Xkd5VmX1BXz
EhVDvOnb1F7E9HFlxhZRJFufpnHrGZX6ZYe6BqP8oU092UUU5JMeIqe20wG/dAtX
B91QhITdPDnM4KrSbch9i+BKW1xD8srRXu4yqMTZp6X6dPh6lnzVn6vj4uKNCMwz
2qLa3Rl+cRON1uTeFJXSTHg/diHjKriu3+bCqm0RlHAFLMtvudk=
=gZl3
-----END PGP SIGNATURE-----

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmTc/5EACgkQqplEL7aA
tiB+4RAAkcRhO1/ZC7sXgqAqTZY05On8g2GLeuBh2Q+u7QIyjcDLuJWzp0TkrbMn
LBGtFAyCxM1JbW/K1UNafeQcf3UKzY1nIPtUpqVjN7qMxt0BDZ6MsXGbB/qhyGMZ
YnsZ8of/8NOUKx5KbrSeN5TqjICWTVRKi7KPcBrD51sTSt5unXYrolyJpKoPjYYU
lQS8cnh/shfvvFX4fYf9XtFS2OcQqCTFrLeajb6DU7Ep6ZBZa9r3m5Gk3ZvhBu9r
qowmQDqbNfo++wIkOaehD6tQsWcY2XvfBCFLqtSnF1SraN0jpdYr08dbcRGyuhFd
DS9+4BwCCML0mip7aaP6NHZpN+LvyYkAKPuKo8mW8pxe3i8ctxcTyN6SfmZA6RlE
bcmRQSkBD/e0jjBX5nR0zsaT01bgE1bBvbro0ZKHpR7/k6WeV+k6jDmqqXnYj3uB
61fCtf41w1b2pMhty70niga2gxaHrSqu9gqSl2wk/uMhwtdntqrJtaWIChWM0CRs
b6pfbjEZM2NDhsLe3idvY9Hl1hlKrMtoLJTu7fksTDVJzWPfqOCyIOc1DkxbCqlG
XB9fbre57DWIpRvNK4pu108LiGbavK2rLC6wlcjshP3/9BA3c3HO/JPQGtDAn1UE
JVQlYT1Fzzp9RU8U5Khz9D7pB3k6K19ZIo3q5xTA/V5O6axB5WM=
=GnJM
-----END PGP SIGNATURE-----

@ -2,7 +2,7 @@
#
# To build and run the tests use:
#
# fedpkg local --with testsuite
# fedpkg mockbuild --with testsuite
# or
# rpmbuild --rebuild --with testsuite samba.src.rpm
#
@ -10,12 +10,15 @@
# Build with internal talloc, tevent, tdb and ldb.
#
# fedpkg local --with=testsuite --with=includelibs
# fedpkg mockbuild --with=testsuite --with=includelibs
# or
# rpmbuild --rebuild --with=testsuite --with=includelibs samba.src.rpm
#
%bcond_with includelibs
# fedpkg mockbuild --with=ccache
%bcond_with ccache
# ctdb is enabled by default, you can disable it with: --without clustering
%bcond_without clustering
@ -134,8 +137,8 @@
%define samba_requires_eq() %(LC_ALL="C" echo '%*' | xargs -r rpm -q --qf 'Requires: %%{name} = %%{epoch}:%%{version}\\n' | sed -e 's/ (none):/ /' -e 's/ 0:/ /' | grep -v "is not")
%global samba_version 4.17.5
%global baserelease 103
%global samba_version 4.18.6
%global baserelease 100
# This should be rc1 or %%nil
%global pre_release %nil
@ -168,10 +171,10 @@
%global libsmbclient_so_version 0
%global libwbclient_so_version 0
%global talloc_version 2.3.4
%global tdb_version 1.4.7
%global tevent_version 0.13.0
%global ldb_version 2.6.1
%global talloc_version 2.4.0
%global tdb_version 1.4.8
%global tevent_version 0.14.1
%global ldb_version 2.7.2
%global required_mit_krb5 1.20.1
@ -185,7 +188,7 @@
# https://src.fedoraproject.org/rpms/redhat-rpm-config/blob/master/f/buildflags.md
%undefine _strict_symbol_defs_build
%global libwbc_alternatives_version 0.15
%global libwbc_alternatives_version 0.16
%global libwbc_alternatives_suffix %nil
%if 0%{?__isa_bits} == 64
%global libwbc_alternatives_suffix -64
@ -210,7 +213,7 @@ Epoch: 0
%global samba_depver %{epoch}:%{version}-%{release}
Summary: Server and Client software to interoperate with Windows machines
License: GPLv3+ and LGPLv3+
License: GPL-3.0-or-later AND LGPL-3.0-or-later
URL: https://www.samba.org
# This is a xz recompressed file of https://ftp.samba.org/pub/samba/samba-%%{version}%%{pre_release}.tar.gz
@ -231,9 +234,6 @@ Source17: samba-usershares-systemd-sysusers.conf
Source201: README.downgrade
Source202: samba.abignore
Patch0: samba-4.17-fix-netlogon-capability-level2.patch
Patch1: CVE-2023-3347-signing-4.17-01.patch
Requires(pre): /usr/sbin/groupadd
Requires(pre): %{name}-common = %{samba_depver}
@ -273,6 +273,7 @@ Provides: bundled(libreplace)
BuildRequires: make
BuildRequires: gcc
BuildRequires: glibc-gconv-extra
BuildRequires: avahi-devel
BuildRequires: bison
BuildRequires: cups-devel
@ -329,6 +330,10 @@ BuildRequires: zlib-devel >= 1.2.3
BuildRequires: pkgconfig(libsystemd)
%if 0%{?fedora} >= 37
BuildRequires: mold
%endif
%if %{with vfs_glusterfs}
BuildRequires: glusterfs-api-devel >= 3.4.0.16
BuildRequires: glusterfs-devel >= 3.4.0.16
@ -447,6 +452,8 @@ Requires: %{name}-common-libs = %{samba_depver}
Requires: libwbclient = %{samba_depver}
%endif
Requires: krb5-libs >= %{required_mit_krb5}
# This is needed for charset conversion
Requires: glibc-gconv-extra
%description client-libs
The samba-client-libs package contains internal libraries needed by the
@ -530,13 +537,13 @@ The samba-common-tools package contains tools for SMB/CIFS clients.
Summary: Tools for Samba servers
# samba-tool needs python3-samba
Requires: python3-%{name} = %{samba_depver}
# samba-tool needs tdbbackup
Requires: tdb-tools
# samba-tool needs python3-samba-dc also on non-dc build
Requires: python3-%{name}-dc = %{samba_depver}
%if %{with dc}
# samba-tool needs mdb_copy for domain backup or upgrade provision
# samba-tool needs mdb_copy and tdbackup for domain backup or upgrade provision
Requires: lmdb
Requires: tdb-tools
Requires: python3-gpg
%endif
%description tools
@ -565,6 +572,7 @@ Requires: %{name} = %{samba_depver}
Requires: %{name}-client-libs = %{samba_depver}
Requires: %{name}-common-libs = %{samba_depver}
Requires: %{name}-common-tools = %{samba_depver}
Requires: %{name}-tools = %{samba_depver}
Requires: %{name}-libs = %{samba_depver}
Requires: %{name}-dc-provision = %{samba_depver}
Requires: %{name}-dc-libs = %{samba_depver}
@ -585,6 +593,7 @@ Requires: python3-setproctitle
Requires: python3-%{name} = %{samba_depver}
Requires: python3-%{name}-dc = %{samba_depver}
Requires: krb5-server >= %{required_mit_krb5}
Requires: bind-utils
Provides: samba4-dc = %{samba_depver}
Obsoletes: samba4-dc < %{samba_depver}
@ -820,6 +829,7 @@ suite.
%package -n libwbclient
Summary: The winbind client library
Requires: %{name}-client-libs = %{samba_depver}
Conflicts: sssd-libwbclient
%description -n libwbclient
The libwbclient package contains the winbind client library from the Samba
@ -828,6 +838,7 @@ suite.
%package -n libwbclient-devel
Summary: Developer tools for the winbind library
Requires: libwbclient = %{samba_depver}
Conflicts: sssd-libwbclient-devel
Provides: samba-winbind-devel = %{samba_depver}
Obsoletes: samba-winbind-devel < %{samba_depver}
@ -898,7 +909,6 @@ Summary: Perl IDL compiler
Requires: perl-interpreter
Requires: perl(FindBin)
Requires: perl(Parse::Yapp)
Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
BuildArch: noarch
Provides: samba4-pidl = %{samba_depver}
@ -984,7 +994,7 @@ Requires(post): %{name}-client-libs = %{samba_depver}
Requires: %{name}-libs = %{samba_depver}
Requires(post): %{name}-libs = %{samba_depver}
Requires: %{name}-winbind-modules = %{samba_depver}
Recommends: %{name}-tools = %{samba_depver}
Suggests: %{name}-tools = %{samba_depver}
%if %{with libwbclient}
Requires(post): libwbclient = %{samba_depver}
@ -1075,14 +1085,14 @@ necessary to communicate to the Winbind Daemon
%if %{with winexe}
%package winexe
Summary: Samba Winexe Windows Binary
License: GPLv3
License: GPL-3.0-only
Requires: %{name}-client-libs = %{samba_depver}
Requires: %{name}-common-libs = %{samba_depver}
Provides: bundled(libreplace)
%description winexe
Winexe is a Remote Windows®-command executor
Winexe is a Remote Windows-command executor
%endif
### CTDB
@ -1252,6 +1262,15 @@ export python_LDFLAGS="$(echo %{__global_ldflags} | sed -e 's/-Wl,-z,defs//g')"
# Use the gold linker
export LDFLAGS="%{__global_ldflags} -fuse-ld=gold"
# Add support for mock ccache plugin
%if %{with ccache}
CCACHE="$(command -v ccache)"
if [ -n "${CCACHE}" ]; then
${CCACHE} -s
export CC="${CCACHE} gcc"
fi
%endif
%configure \
--enable-fhs \
--with-piddir=/run \
@ -1337,17 +1356,6 @@ install -d -m 0755 %{buildroot}/%{_libdir}/samba
install -d -m 0755 %{buildroot}/%{_libdir}/samba/ldb
install -d -m 0755 %{buildroot}/%{_libdir}/pkgconfig
# Move libwbclient.so* into private directory, it cannot be just libdir/samba
# because samba uses rpath with this directory.
install -d -m 0755 %{buildroot}/%{_libdir}/samba/wbclient
mv %{buildroot}/%{_libdir}/libwbclient.so* %{buildroot}/%{_libdir}/samba/wbclient
if [ ! -f %{buildroot}/%{_libdir}/samba/wbclient/libwbclient.so.%{libwbc_alternatives_version} ]
then
echo "Expected libwbclient version not found, please check if version has changed."
exit -1
fi
touch %{buildroot}%{_libexecdir}/samba/cups_backend_smb
# Install other stuff
@ -1554,52 +1562,13 @@ fi
%endif
%if %{with libwbclient}
%posttrans -n libwbclient
# It has to be posttrans here to make sure all files of a previous version
# without alternatives support are removed
%{_sbindir}/update-alternatives \
--install \
%{_libdir}/libwbclient.so.%{libwbc_alternatives_version} \
libwbclient.so.%{libwbc_alternatives_version}%{libwbc_alternatives_suffix} \
%{_libdir}/samba/wbclient/libwbclient.so.%{libwbc_alternatives_version} \
10
%{?ldconfig}
%preun -n libwbclient
if [ $1 -eq 0 ]; then
%{_sbindir}/update-alternatives \
--remove \
libwbclient.so.%{libwbc_alternatives_version}%{libwbc_alternatives_suffix} \
%{_libdir}/samba/wbclient/libwbclient.so.%{libwbc_alternatives_version}
fi
/sbin/ldconfig
%posttrans -n libwbclient-devel
%{_sbindir}/update-alternatives \
--install %{_libdir}/libwbclient.so \
libwbclient.so%{libwbc_alternatives_suffix} \
%{_libdir}/samba/wbclient/libwbclient.so \
10
%preun -n libwbclient-devel
# alternatives checks if the file which should be removed is a link or not, but
# not if it points to the /etc/alternatives directory or to some other place.
# When downgrading to a version where alternatives is not used and
# libwbclient.so is a link and not a file it will be removed. The following
# check removes the alternatives files manually if that is the case.
if [ $1 -eq 0 ]; then
if [ "`readlink %{_libdir}/libwbclient.so`" == "libwbclient.so.%{libwbc_alternatives_version}" ]; then
/bin/rm -f \
/etc/alternatives/libwbclient.so%{libwbc_alternatives_suffix} \
/var/lib/alternatives/libwbclient.so%{libwbc_alternatives_suffix} 2> /dev/null
else
%{_sbindir}/update-alternatives \
--remove \
libwbclient.so%{libwbc_alternatives_suffix} \
%{_libdir}/samba/wbclient/libwbclient.so
fi
%pre -n libwbclient
if [ $1 -gt 1 ] ; then
rm -rf %{_libdir}/samba/wbclient/
rm -f /etc/alternatives/libwbclient.so*
rm -f /var/lib/alternatives/libwbclient.so*
fi
%{?ldconfig}
#endif {with libwbclient}
%endif
@ -1946,6 +1915,7 @@ fi
%{_libdir}/samba/libsmbd-base-samba4.so
%{_libdir}/samba/libsmbd-shim-samba4.so
%{_libdir}/samba/libsmbldaphelper-samba4.so
%{_libdir}/samba/libstable-sort-samba4.so
%{_libdir}/samba/libsys-rw-samba4.so
%{_libdir}/samba/libsocket-blocking-samba4.so
%{_libdir}/samba/libtalloc-report-printf-samba4.so
@ -1971,10 +1941,9 @@ fi
%if %{with includelibs}
%{_libdir}/samba/libldb-*.so
%{_libdir}/samba/libldb.so.*
%{_libdir}/samba/libtalloc.so.*
%{_libdir}/samba/libtdb.so.*
%{_libdir}/samba/libtevent.so.*
%{_libdir}/samba/libtalloc-samba4.so
%{_libdir}/samba/libtdb-samba4.so
%{_libdir}/samba/libtevent-samba4.so
%{_libdir}/samba/ldb/asq.so
%{_libdir}/samba/ldb/ldb.so
@ -2127,9 +2096,13 @@ fi
%{_mandir}/man8/samba.8*
%{_mandir}/man8/samba_downgrade_db.8*
%dir %{_datadir}/samba/admx
%{_datadir}/samba/admx/GNOME_Settings.admx
%{_datadir}/samba/admx/samba.admx
%dir %{_datadir}/samba/admx/en-US
%{_datadir}/samba/admx/en-US/GNOME_Settings.adml
%{_datadir}/samba/admx/en-US/samba.adml
%dir %{_datadir}/samba/admx/ru-RU
%{_datadir}/samba/admx/ru-RU/GNOME_Settings.adml
%files dc-provision
%license source4/setup/ad-schema/licence.txt
@ -2207,6 +2180,7 @@ fi
%{_includedir}/samba-4.0/domain_credentials.h
%{_includedir}/samba-4.0/gen_ndr/atsvc.h
%{_includedir}/samba-4.0/gen_ndr/auth.h
%{_includedir}/samba-4.0/gen_ndr/claims.h
%{_includedir}/samba-4.0/gen_ndr/dcerpc.h
%{_includedir}/samba-4.0/gen_ndr/krb5pac.h
%{_includedir}/samba-4.0/gen_ndr/lsa.h
@ -2399,12 +2373,12 @@ fi
### LIBWBCLIENT
%if %{with libwbclient}
%files -n libwbclient
%{_libdir}/samba/wbclient/libwbclient.so.%{libwbclient_so_version}*
%{_libdir}/libwbclient.so.%{libwbclient_so_version}*
### LIBWBCLIENT-DEVEL
%files -n libwbclient-devel
%{_includedir}/samba-4.0/wbclient.h
%{_libdir}/samba/wbclient/libwbclient.so
%{_libdir}/libwbclient.so
%{_libdir}/pkgconfig/wbclient.pc
#endif {with libwbclient}
%endif
@ -2479,6 +2453,7 @@ fi
%{python3_sitearch}/samba/__pycache__/ms_schema.*.pyc
%{python3_sitearch}/samba/__pycache__/ndr.*.pyc
%{python3_sitearch}/samba/__pycache__/ntacls.*.pyc
%{python3_sitearch}/samba/__pycache__/safe_tarfile.*.pyc
%{python3_sitearch}/samba/__pycache__/sd_utils.*.pyc
%{python3_sitearch}/samba/__pycache__/sites.*.pyc
%{python3_sitearch}/samba/__pycache__/subnets.*.pyc
@ -2494,6 +2469,7 @@ fi
%{python3_sitearch}/samba/dbchecker.py
%{python3_sitearch}/samba/colour.py
%{python3_sitearch}/samba/common.py
%{python3_sitearch}/samba/compression.*.so
%{python3_sitearch}/samba/credentials.*.so
%{python3_sitearch}/samba/crypto.*.so
%dir %{python3_sitearch}/samba/dcerpc
@ -2503,6 +2479,7 @@ fi
%{python3_sitearch}/samba/dcerpc/atsvc.*.so
%{python3_sitearch}/samba/dcerpc/auth.*.so
%{python3_sitearch}/samba/dcerpc/base.*.so
%{python3_sitearch}/samba/dcerpc/claims.*.so
%{python3_sitearch}/samba/dcerpc/dcerpc.*.so
%{python3_sitearch}/samba/dcerpc/dfs.*.so
%{python3_sitearch}/samba/dcerpc/dns.*.so
@ -2699,7 +2676,9 @@ fi
%{python3_sitearch}/samba/param.*.so
%{python3_sitearch}/samba/policy.*.so
%{python3_sitearch}/samba/registry.*.so
%{python3_sitearch}/samba/reparse_symlink.*.so
%{python3_sitearch}/samba/security.*.so
%{python3_sitearch}/samba/safe_tarfile.py
%dir %{python3_sitearch}/samba/samba3
%{python3_sitearch}/samba/samba3/__init__.py
%dir %{python3_sitearch}/samba/samba3/__pycache__
@ -2735,8 +2714,8 @@ fi
%{_libdir}/samba/libsamba-python.cpython*.so
%if %{with includelibs}
%{_libdir}/samba/libpyldb-util.cpython*.so.*
%{_libdir}/samba/libpytalloc-util.cpython*.so.*
%{_libdir}/samba/libpyldb-util.cpython*.so
%{_libdir}/samba/libpytalloc-util.cpython*.so
%{python3_sitearch}/__pycache__/_ldb_text*.pyc
%{python3_sitearch}/__pycache__/_tdb_text*.pyc
@ -2833,6 +2812,7 @@ fi
%{python3_sitearch}/samba/tests/__pycache__/auth_log_winbind.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/common.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/complex_expressions.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/compression.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/core.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/credentials.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/cred_opt.*.pyc
@ -2873,6 +2853,7 @@ fi
%{python3_sitearch}/samba/tests/__pycache__/loadparm.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/logfiles.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/libsmb.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/libsmb-basic.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/lsa_string.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/messaging.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/ndr.*.pyc
@ -2907,12 +2888,14 @@ fi
%{python3_sitearch}/samba/tests/__pycache__/pso.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/py_credentials.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/registry.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/reparsepoints.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/s3idmapdb.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/s3param.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/s3passdb.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/s3registry.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/s3windb.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/s3_net_join.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/safe_tarfile.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/samba_upgradedns_lmdb.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/samba3sam.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/samdb.*.pyc
@ -2922,6 +2905,9 @@ fi
%{python3_sitearch}/samba/tests/__pycache__/segfault.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/sid_strings.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/smb.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/smb1posix.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/smb2symlink.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/smb3unix.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/smbconf.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/smb-notify.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/smbd_base.*.pyc
@ -2987,6 +2973,7 @@ fi
%{python3_sitearch}/samba/tests/blackbox/traffic_replay.py
%{python3_sitearch}/samba/tests/blackbox/traffic_summary.py
%{python3_sitearch}/samba/tests/common.py
%{python3_sitearch}/samba/tests/compression.py
%{python3_sitearch}/samba/tests/complex_expressions.py
%{python3_sitearch}/samba/tests/core.py
%{python3_sitearch}/samba/tests/credentials.py
@ -3092,9 +3079,11 @@ fi
%{python3_sitearch}/samba/tests/krb5/__pycache__/alias_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/as_canonicalization_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/as_req_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/claims_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/compatability_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/etype_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/fast_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/group_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/kcrypto.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/kdc_base_test.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/kdc_tests.*.pyc
@ -3123,9 +3112,11 @@ fi
%{python3_sitearch}/samba/tests/krb5/alias_tests.py
%{python3_sitearch}/samba/tests/krb5/as_canonicalization_tests.py
%{python3_sitearch}/samba/tests/krb5/as_req_tests.py
%{python3_sitearch}/samba/tests/krb5/claims_tests.py
%{python3_sitearch}/samba/tests/krb5/compatability_tests.py
%{python3_sitearch}/samba/tests/krb5/etype_tests.py
%{python3_sitearch}/samba/tests/krb5/fast_tests.py
%{python3_sitearch}/samba/tests/krb5/group_tests.py
%{python3_sitearch}/samba/tests/krb5/kcrypto.py
%{python3_sitearch}/samba/tests/krb5/kdc_base_test.py
%{python3_sitearch}/samba/tests/krb5/kdc_tests.py
@ -3157,6 +3148,7 @@ fi
%{python3_sitearch}/samba/tests/ldap_referrals.py
%{python3_sitearch}/samba/tests/ldap_upn_sam_account.py
%{python3_sitearch}/samba/tests/libsmb.py
%{python3_sitearch}/samba/tests/libsmb-basic.py
%{python3_sitearch}/samba/tests/loadparm.py
%{python3_sitearch}/samba/tests/logfiles.py
%{python3_sitearch}/samba/tests/lsa_string.py
@ -3193,12 +3185,14 @@ fi
%{python3_sitearch}/samba/tests/pso.py
%{python3_sitearch}/samba/tests/py_credentials.py
%{python3_sitearch}/samba/tests/registry.py
%{python3_sitearch}/samba/tests/reparsepoints.py
%{python3_sitearch}/samba/tests/s3idmapdb.py
%{python3_sitearch}/samba/tests/s3param.py
%{python3_sitearch}/samba/tests/s3passdb.py
%{python3_sitearch}/samba/tests/s3registry.py
%{python3_sitearch}/samba/tests/s3windb.py
%{python3_sitearch}/samba/tests/s3_net_join.py
%{python3_sitearch}/samba/tests/safe_tarfile.py
%{python3_sitearch}/samba/tests/samba3sam.py
%{python3_sitearch}/samba/tests/samba_upgradedns_lmdb.py
%dir %{python3_sitearch}/samba/tests/samba_tool
@ -3286,6 +3280,9 @@ fi
%{python3_sitearch}/samba/tests/segfault.py
%{python3_sitearch}/samba/tests/sid_strings.py
%{python3_sitearch}/samba/tests/smb.py
%{python3_sitearch}/samba/tests/smb1posix.py
%{python3_sitearch}/samba/tests/smb2symlink.py
%{python3_sitearch}/samba/tests/smb3unix.py
%{python3_sitearch}/samba/tests/smbconf.py
%{python3_sitearch}/samba/tests/smb-notify.py
%{python3_sitearch}/samba/tests/smbd_base.py
@ -3315,6 +3312,7 @@ fi
%{_mandir}/man1/smbtorture.1*
%if %{with testsuite}
%{_mandir}/man1/vfstest.1*
# files to ignore in testsuite mode
%{_libdir}/samba/libnss-wrapper.so
%{_libdir}/samba/libsocket-wrapper.so
@ -3532,7 +3530,10 @@ fi
%{_libexecdir}/ctdb/tests/sock_io_test
%{_libexecdir}/ctdb/tests/srvid_test
%{_libexecdir}/ctdb/tests/system_socket_test
%{_libexecdir}/ctdb/tests/tmon_ping_test
%{_libexecdir}/ctdb/tests/tmon_test
%{_libexecdir}/ctdb/tests/transaction_loop
%{_libexecdir}/ctdb/tests/tunable_test
%{_libexecdir}/ctdb/tests/tunnel_cmd
%{_libexecdir}/ctdb/tests/tunnel_test
%{_libexecdir}/ctdb/tests/update_record
@ -3619,13 +3620,19 @@ fi
%{_datadir}/ctdb/tests/INTEGRATION/simple/basics.005.process_exists.sh
%{_datadir}/ctdb/tests/INTEGRATION/simple/basics.010.statistics.sh
%{_datadir}/ctdb/tests/INTEGRATION/simple/basics.011.statistics_reset.sh
%{_datadir}/ctdb/tests/INTEGRATION/simple/cluster.002.recmaster_yield.sh
%{_datadir}/ctdb/tests/INTEGRATION/simple/cluster.001.stop_leader_yield.sh
%{_datadir}/ctdb/tests/INTEGRATION/simple/cluster.002.ban_leader_yield.sh
%{_datadir}/ctdb/tests/INTEGRATION/simple/cluster.003.capability_leader_yield.sh
%{_datadir}/ctdb/tests/INTEGRATION/simple/cluster.006.stop_leader_yield_no_lock.sh
%{_datadir}/ctdb/tests/INTEGRATION/simple/cluster.007.ban_leader_yield_no_lock.sh
%{_datadir}/ctdb/tests/INTEGRATION/simple/cluster.008.capability_leader_yield_no_lock.sh
%{_datadir}/ctdb/tests/INTEGRATION/simple/cluster.010.getrelock.sh
%{_datadir}/ctdb/tests/INTEGRATION/simple/cluster.012.reclock_command.sh
%{_datadir}/ctdb/tests/INTEGRATION/simple/cluster.015.reclock_remove_lock.sh
%{_datadir}/ctdb/tests/INTEGRATION/simple/cluster.016.reclock_move_lock_dir.sh
%{_datadir}/ctdb/tests/INTEGRATION/simple/cluster.020.message_ring.sh
%{_datadir}/ctdb/tests/INTEGRATION/simple/cluster.021.tunnel_ring.sh
%{_datadir}/ctdb/tests/INTEGRATION/simple/cluster.030.node_stall_leader_timeout.sh
%{_datadir}/ctdb/tests/INTEGRATION/simple/cluster.090.unreachable.sh
%{_datadir}/ctdb/tests/INTEGRATION/simple/cluster.091.version_check.sh
%{_datadir}/ctdb/tests/INTEGRATION/simple/debug.001.getdebug.sh
@ -3651,6 +3658,7 @@ fi
%{_datadir}/ctdb/tests/UNIT/cunit/cmdline_test_001.sh
%{_datadir}/ctdb/tests/UNIT/cunit/comm_test_001.sh
%{_datadir}/ctdb/tests/UNIT/cunit/comm_test_002.sh
%{_datadir}/ctdb/tests/UNIT/cunit/conf_test_001.sh
%{_datadir}/ctdb/tests/UNIT/cunit/config_test_001.sh
%{_datadir}/ctdb/tests/UNIT/cunit/config_test_002.sh
%{_datadir}/ctdb/tests/UNIT/cunit/config_test_003.sh
@ -3658,7 +3666,6 @@ fi
%{_datadir}/ctdb/tests/UNIT/cunit/config_test_005.sh
%{_datadir}/ctdb/tests/UNIT/cunit/config_test_006.sh
%{_datadir}/ctdb/tests/UNIT/cunit/config_test_007.sh
%{_datadir}/ctdb/tests/UNIT/cunit/conf_test_001.sh
%{_datadir}/ctdb/tests/UNIT/cunit/ctdb_io_test_001.sh
%{_datadir}/ctdb/tests/UNIT/cunit/db_hash_test_001.sh
%{_datadir}/ctdb/tests/UNIT/cunit/event_protocol_test_001.sh
@ -3686,6 +3693,9 @@ fi
%{_datadir}/ctdb/tests/UNIT/cunit/system_socket_test_001.sh
%{_datadir}/ctdb/tests/UNIT/cunit/system_socket_test_002.sh
%{_datadir}/ctdb/tests/UNIT/cunit/system_socket_test_003.sh
%{_datadir}/ctdb/tests/UNIT/cunit/tmon_test_001.sh
%{_datadir}/ctdb/tests/UNIT/cunit/tmon_test_002.sh
%{_datadir}/ctdb/tests/UNIT/cunit/tunable_test_001.sh
%dir %{_datadir}/ctdb/tests/UNIT/eventd
%dir %{_datadir}/ctdb/tests/UNIT/eventd/etc-ctdb
%{_datadir}/ctdb/tests/UNIT/eventd/etc-ctdb/ctdb.conf
@ -3756,10 +3766,6 @@ fi
%{_datadir}/ctdb/tests/UNIT/eventscripts/00.ctdb.init.007.sh
%{_datadir}/ctdb/tests/UNIT/eventscripts/00.ctdb.init.008.sh
%{_datadir}/ctdb/tests/UNIT/eventscripts/00.ctdb.init.009.sh
%{_datadir}/ctdb/tests/UNIT/eventscripts/00.ctdb.setup.001.sh
%{_datadir}/ctdb/tests/UNIT/eventscripts/00.ctdb.setup.002.sh
%{_datadir}/ctdb/tests/UNIT/eventscripts/00.ctdb.setup.003.sh
%{_datadir}/ctdb/tests/UNIT/eventscripts/00.ctdb.setup.004.sh
%{_datadir}/ctdb/tests/UNIT/eventscripts/01.reclock.init.001.sh
%{_datadir}/ctdb/tests/UNIT/eventscripts/01.reclock.init.002.sh
%{_datadir}/ctdb/tests/UNIT/eventscripts/01.reclock.init.003.sh
@ -3936,6 +3942,22 @@ fi
%{_datadir}/ctdb/tests/UNIT/eventscripts/91.lvs.shutdown.002.sh
%{_datadir}/ctdb/tests/UNIT/eventscripts/91.lvs.startup.001.sh
%{_datadir}/ctdb/tests/UNIT/eventscripts/91.lvs.startup.002.sh
%{_datadir}/ctdb/tests/UNIT/eventscripts/debug_locks.sh.001.sh
%{_datadir}/ctdb/tests/UNIT/eventscripts/debug_locks.sh.002.sh
%{_datadir}/ctdb/tests/UNIT/eventscripts/debug_locks.sh.003.sh
%{_datadir}/ctdb/tests/UNIT/eventscripts/debug_locks.sh.004.sh
%{_datadir}/ctdb/tests/UNIT/eventscripts/debug_locks.sh.005.sh
%{_datadir}/ctdb/tests/UNIT/eventscripts/debug_locks.sh.006.sh
%{_datadir}/ctdb/tests/UNIT/eventscripts/debug_locks.sh.007.sh
%{_datadir}/ctdb/tests/UNIT/eventscripts/debug_locks.sh.008.sh
%{_datadir}/ctdb/tests/UNIT/eventscripts/debug_locks.sh.021.sh
%{_datadir}/ctdb/tests/UNIT/eventscripts/debug_locks.sh.022.sh
%{_datadir}/ctdb/tests/UNIT/eventscripts/debug_locks.sh.023.sh
%{_datadir}/ctdb/tests/UNIT/eventscripts/debug_locks.sh.024.sh
%{_datadir}/ctdb/tests/UNIT/eventscripts/debug_locks.sh.025.sh
%{_datadir}/ctdb/tests/UNIT/eventscripts/debug_locks.sh.026.sh
%{_datadir}/ctdb/tests/UNIT/eventscripts/debug_locks.sh.027.sh
%{_datadir}/ctdb/tests/UNIT/eventscripts/debug_locks.sh.028.sh
%dir %{_datadir}/ctdb/tests/UNIT/eventscripts/etc
%dir %{_datadir}/ctdb/tests/UNIT/eventscripts/etc-ctdb
%{_datadir}/ctdb/tests/UNIT/eventscripts/etc-ctdb/public_addresses
@ -3965,6 +3987,7 @@ fi
%{_datadir}/ctdb/tests/UNIT/eventscripts/scripts/50.samba.sh
%{_datadir}/ctdb/tests/UNIT/eventscripts/scripts/60.nfs.sh
%{_datadir}/ctdb/tests/UNIT/eventscripts/scripts/91.lvs.sh
%{_datadir}/ctdb/tests/UNIT/eventscripts/scripts/debug_locks.sh
%{_datadir}/ctdb/tests/UNIT/eventscripts/scripts/local.sh
%{_datadir}/ctdb/tests/UNIT/eventscripts/scripts/statd-callout.sh
%{_datadir}/ctdb/tests/UNIT/eventscripts/statd-callout.001.sh
@ -3984,6 +4007,7 @@ fi
%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/df
%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/ethtool
%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/exportfs
%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/gstack
%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/id
%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/ip
%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/ip6tables
@ -3992,21 +4016,24 @@ fi
%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/kill
%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/killall
%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/multipath
%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/nfsconf
%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/net
%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/nfs-fake-callout
%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/nfsconf
%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/pidof
%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/pkill
%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/ps
%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/rm
%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/rpcinfo
%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/rpc.lockd
%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/rpc.mountd
%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/rpc.rquotad
%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/rpc.statd
%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/rpcinfo
%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/service
%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/sleep
%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/smnotify
%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/ss
%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/stat
%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/tdb_mutex_check
%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/tdbdump
%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/tdbtool
%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/testparm
@ -4034,7 +4061,6 @@ fi
%{_datadir}/ctdb/tests/UNIT/onnode/stubs/ssh
%dir %{_datadir}/ctdb/tests/UNIT/shellcheck
%{_datadir}/ctdb/tests/UNIT/shellcheck/base_scripts.sh
%{_datadir}/ctdb/tests/UNIT/shellcheck/ctdbd_wrapper.sh
%{_datadir}/ctdb/tests/UNIT/shellcheck/ctdb_helpers.sh
%{_datadir}/ctdb/tests/UNIT/shellcheck/event_scripts.sh
%{_datadir}/ctdb/tests/UNIT/shellcheck/functions.sh
@ -4169,6 +4195,8 @@ fi
%{_datadir}/ctdb/tests/UNIT/tool/ctdb.ipinfo.001.sh
%{_datadir}/ctdb/tests/UNIT/tool/ctdb.ipinfo.002.sh
%{_datadir}/ctdb/tests/UNIT/tool/ctdb.ipinfo.003.sh
%{_datadir}/ctdb/tests/UNIT/tool/ctdb.leader.001.sh
%{_datadir}/ctdb/tests/UNIT/tool/ctdb.leader.002.sh
%{_datadir}/ctdb/tests/UNIT/tool/ctdb.listnodes.001.sh
%{_datadir}/ctdb/tests/UNIT/tool/ctdb.listnodes.002.sh
%{_datadir}/ctdb/tests/UNIT/tool/ctdb.listvars.001.sh
@ -4196,6 +4224,7 @@ fi
%{_datadir}/ctdb/tests/UNIT/tool/ctdb.nodestatus.004.sh
%{_datadir}/ctdb/tests/UNIT/tool/ctdb.nodestatus.005.sh
%{_datadir}/ctdb/tests/UNIT/tool/ctdb.nodestatus.006.sh
%{_datadir}/ctdb/tests/UNIT/tool/ctdb.nodestatus.007.sh
%{_datadir}/ctdb/tests/UNIT/tool/ctdb.pdelete.001.sh
%{_datadir}/ctdb/tests/UNIT/tool/ctdb.ping.001.sh
%{_datadir}/ctdb/tests/UNIT/tool/ctdb.pnn.001.sh
@ -4205,8 +4234,6 @@ fi
%{_datadir}/ctdb/tests/UNIT/tool/ctdb.pstore.001.sh
%{_datadir}/ctdb/tests/UNIT/tool/ctdb.ptrans.001.sh
%{_datadir}/ctdb/tests/UNIT/tool/ctdb.readkey.001.sh
%{_datadir}/ctdb/tests/UNIT/tool/ctdb.recmaster.001.sh
%{_datadir}/ctdb/tests/UNIT/tool/ctdb.recmaster.002.sh
%{_datadir}/ctdb/tests/UNIT/tool/ctdb.recover.001.sh
%{_datadir}/ctdb/tests/UNIT/tool/ctdb.reloadnodes.001.sh
%{_datadir}/ctdb/tests/UNIT/tool/ctdb.reloadnodes.002.sh
@ -4248,6 +4275,7 @@ fi
%{_datadir}/ctdb/tests/UNIT/tool/ctdb.setvar.002.sh
%{_datadir}/ctdb/tests/UNIT/tool/ctdb.status.001.sh
%{_datadir}/ctdb/tests/UNIT/tool/ctdb.status.002.sh
%{_datadir}/ctdb/tests/UNIT/tool/ctdb.status.003.sh
%{_datadir}/ctdb/tests/UNIT/tool/ctdb.stop.001.sh
%{_datadir}/ctdb/tests/UNIT/tool/ctdb.stop.002.sh
%{_datadir}/ctdb/tests/UNIT/tool/ctdb.stop.003.sh
@ -4300,9 +4328,36 @@ fi
%endif
%changelog
* Tue Jul 18 2023 Andreas Schneider <asn@redhat.com> - 4.17.5-103
- resolves: rhbz#2223516 - Fix CVE-2023-3347 - SMB2 packet signing not enforced
- resolves: rhbz#2223600 - Fix netlogon capabilities level 2
* Thu Aug 17 2023 Andreas Schneider <asn@redhat.com> - 4.18.6-100
- related: rhbz#2190415 - Update to version 4.18.6
- resolves: rhbz#2211617 - Fix the rpcclient dfsgetinfo command
* Wed Jul 19 2023 Pavel Filipenský <pfilipen@redhat.com> - 4.18.5-100
- resolves: rhbz#2222895 - Fix CVE-2022-2127 CVE-2023-3347 CVE-2023-34966 CVE-2023-34967 CVE-2023-34968
* Mon Jul 17 2023 Pavel Filipenský <pfilipen@redhat.com> - 4.18.4-102
- resolves: rhbz#2222883 - Fix trust relationship between workstation and DC
* Mon Jul 10 2023 Pavel Filipenský <pfilipen@redhat.com> - 4.18.4-101
- resolves: rhbz#2216712 - Fix broken symlink for libwbclient
- resolves: rhbz#2214327 - Fix segfault of winbind child when listing users with `winbind scan trusted domains = yes`
- resolves: rhbz#2211605 - Fix access of Samba share with veto files = /.*/
- resolves: rhbz#2207692 - Fix Python tarfile extraction to avoid a warning
* Thu Jul 06 2023 Pavel Filipenský <pfilipen@redhat.com> - 4.18.4-100
- resolves: rhbz#2190415 - Update to version 4.18.4
* Tue Jun 13 2023 Pavel Filipenský <pfilipen@redhat.com> - 4.18.3-100
- resolves: rhbz#2190415 - Update to version 4.18.3
* Mon Jun 05 2023 Pavel Filipenský <pfilipen@redhat.com> - 4.18.2-101
- resolves: rhbz#2187313 - Fix weak dependencies in BaseOS
* Mon May 22 2023 Pavel Filipenský <pfilipen@redhat.com> - 4.18.2-100
- resolves: rhbz#2190415 - Update to version 4.18.2
* Thu Apr 27 2023 Andreas Schneider <asn@redhat.com> - 4.17.5-104
- related: rhbz#2182163 - Rebuild for liburing rebase to version 2.3
* Wed Feb 15 2023 Pavel Filipenský <pfilipen@redhat.com> - 4.17.5-102
- resolves: rhbz#2169980 - Fix winbind memory leak

Loading…
Cancel
Save