mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-05 02:50:46 +00:00
Code Issues Projects Releases Wiki Activity

samba: upgrade to 4.1.12

Browse Source 
Signed-off-by: Bian Naimeng <biannm@cn.fujitsu.com>
This commit is contained in:
Bian Naimeng
2015-07-17 11:59:44 +08:00
committed by Martin Jansa
parent 772cdf8ef0
commit 4a89e4c608
66 changed files with 35319 additions and 22932 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-oe/recipes-connectivity/samba/samba-3.6.25/bug_221618_precise-64bit-prototype.patch
-20
View File
@@ -1,20 +0,0 @@
Description: 64 bit fix for libsmbclient
Author: Christian Perrier <bubulle@debian.org>
Bug-Debian: http://bugs.debian.org/221618
Forwarded: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=221618#27
Index: samba/source3/include/libsmbclient.h
===================================================================
--- samba.orig/source3/include/libsmbclient.h
+++ samba/source3/include/libsmbclient.h
@@ -79,6 +79,10 @@
#include <fcntl.h>
#include <utime.h>
+ /* Debian bug #221618 */
+#define _LARGEFILE64_SOURCE
+#define _FILE_OFFSET_BITS 64
+
#define SMBC_BASE_FD 10000 /* smallest file descriptor returned */
#define SMBC_WORKGROUP 1
meta-oe/recipes-connectivity/samba/samba-3.6.25/bug_387266_upstream_4104_mention-kerberos-in-smbspool-manpage.patch
-34
View File
@@ -1,34 +0,0 @@
Description: Add mention about some user for user information in smbspool manpage
Author: Christian Perrier <bubulle@debian.org>
Bug-Debian: http://bugs.debian.org/387266
Forwarded: yes
Bug: https://bugzilla.samba.org/show_bug.cgi?id=4104
Index: samba/docs-xml/manpages-3/smbspool.8.xml
===================================================================
--- samba.orig/docs-xml/manpages-3/smbspool.8.xml
+++ samba/docs-xml/manpages-3/smbspool.8.xml
@@ -73,7 +73,9 @@
</para></listitem>
<listitem><para>The user argument (argv[2]) contains the
- print user's name and is presently not used by smbspool.
+ print user's name and is presently not used by smbspool
+ except in Kerberos environments to access the user's
+ ticket cache.
</para></listitem>
<listitem><para>The title argument (argv[3]) contains the
Index: samba/docs/manpages/smbspool.8
===================================================================
--- samba.orig/docs/manpages/smbspool.8
+++ samba/docs/manpages/smbspool.8
@@ -114,7 +114,7 @@
.sp -1
.IP \(bu 2.3
.\}
-The user argument (argv[2]) contains the print user\*(Aqs name and is presently not used by smbspool\&.
+The user argument (argv[2]) contains the print user\*(Aqs name and is presently not used by smbspool except in Kerberos environments to access the user\'s ticket cache\&.
.RE
.sp
.RS 4
meta-oe/recipes-connectivity/samba/samba-3.6.25/bug_598313_upstream_7499-nss_wins-dont-clobber-daemons-logs.patch
-47
View File
@@ -1,47 +0,0 @@
Description: nss_wins stop clobbering other daemon's log
Author: Christian Perrier <bubulle@debian.org>,Buchan Milne
Bug-Debian: http://bugs.debian.org/598313
Forwarded: yes
Bug: https://bugzilla.samba.org/show_bug.cgi?id=7499
Index: samba/lib/util/debug.c
===================================================================
--- samba.orig/lib/util/debug.c
+++ samba/lib/util/debug.c
@@ -474,15 +474,17 @@
if (state.logtype == DEBUG_FILE) {
#ifdef WITH_SYSLOG
- const char *p = strrchr_m( prog_name,'/' );
- if (p)
- prog_name = p + 1;
+ if (prog_name) {
+ const char *p = strrchr_m( prog_name,'/' );
+ if (p)
+ prog_name = p + 1;
#ifdef LOG_DAEMON
- openlog( prog_name, LOG_PID, SYSLOG_FACILITY );
+ openlog( prog_name, LOG_PID, SYSLOG_FACILITY );
#else
- /* for old systems that have no facility codes. */
- openlog( prog_name, LOG_PID );
+ /* for old systems that have no facility codes. */
+ openlog( prog_name, LOG_PID );
#endif
+ }
#endif
}
}
Index: samba/nsswitch/wins.c
===================================================================
--- samba.orig/nsswitch/wins.c
+++ samba/nsswitch/wins.c
@@ -52,7 +52,7 @@
lp_set_cmdline("log level", "0");
TimeInit();
- setup_logging("nss_wins",False);
+ setup_logging(NULL,False);
lp_load(get_dyn_CONFIGFILE(),True,False,False,True);
load_interfaces();
}
meta-oe/recipes-connectivity/samba/samba-3.6.25/bug_601406_fix-perl-path-in-example.patch
-15
View File
@@ -1,15 +0,0 @@
Description: Fix path to perl binary in example file
Author: Christian Perrier <bubulle@debian.org>
Bug-Debian: http://bugs.debian.org/601406
Forwarded: not-needed
Index: samba/examples/misc/wall.perl
===================================================================
--- samba.orig/examples/misc/wall.perl
+++ samba/examples/misc/wall.perl
@@ -1,4 +1,4 @@
-#!/usr/local/bin/perl
+#!/usr/bin/perl
#
#@(#) smb-wall.pl Description:
#@(#) A perl script which allows you to announce whatever you choose to
meta-oe/recipes-connectivity/samba/samba-3.6.25/bug_604768_upstream_7826_drop-using-samba-link.patch
-21
View File
@@ -1,21 +0,0 @@
Description: Drop Using Samba link in HTML documentation summary
Author: Christian Perrier <bubulle@debian.org>
Bug-Debian: http://bugs.debian.org/604768
Forwarded: yes
Bug: https://bugzilla.samba.org/show_bug.cgi?id=7826
Index: samba/docs/htmldocs/index.html
===================================================================
--- samba.orig/docs/htmldocs/index.html
+++ samba/docs/htmldocs/index.html
@@ -23,10 +23,6 @@
<td valign="top">This book provides example configurations, it documents key aspects of Microsoft Windows networking, provides in-depth insight into the important configuration of Samba-3, and helps to put all of these into a useful framework.</td>
</tr>
<tr>
- <td valign="top"><a href="using_samba/toc.html">Using Samba</a>, 2nd Edition</td>
- <td valign="top"><i>Using Samba</i>, Second Edition is a comprehensive guide to Samba administration. It covers all versions of Samba from 2.0 to 2.2, including selected features from an alpha version of 3.0, as well as the SWAT graphical configuration tool. Updated for Windows 2000, ME, and XP, the book also explores Samba's new role as a primary domain controller and domain member server, its support for the use of Windows NT/2000/XP authentication and filesystem security on the host Unix system, and accessing shared files and printers from Unix clients.</td>
-</tr>
-<tr>
<td valign="top"><a href="manpages/index.html">Man pages</a></td>
<td valign="top">The Samba man pages in HTML.</td>
</tr>
meta-oe/recipes-connectivity/samba/samba-3.6.25/bug_604768_upstream_7826_fix-WHATSNEW-link.patch
-18
View File
@@ -1,18 +0,0 @@
Description: Fix WHATSNEW.txt link in HTML documentation summary to fit Debian files organization
Author: Christian Perrier <bubulle@debian.org>
Bug-Debian: http://bugs.debian.org/604768
Forwarded: not-needed
Index: samba/docs/htmldocs/index.html
===================================================================
--- samba.orig/docs/htmldocs/index.html
+++ samba/docs/htmldocs/index.html
@@ -27,7 +27,7 @@
<td valign="top">The Samba man pages in HTML.</td>
</tr>
<tr>
- <td valign="top"><a href="../../WHATSNEW.txt">WHATSNEW</a></td>
+ <td valign="top"><a href="../WHATSNEW.txt">WHATSNEW</a></td>
<td valign="top">Samba Release Notes.</td>
</tr>
</table></body></html>
meta-oe/recipes-connectivity/samba/samba-3.6.25/configure-disable-core_pattern-cross-check.patch
-20
View File
@@ -1,20 +0,0 @@
--- samba-3.6.8/source3/configure.orig 2012-10-01 16:28:17.559074996 -0300
+++ samba-3.6.8/source3/configure 2012-10-01 16:39:07.747700087 -0300
@@ -16718,7 +16718,7 @@
#################################################
# Check to see if core dump directory is defined in linux
# with /proc/sys/kernel/core_pattern
-
+if false; then
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for /proc/sys/kernel/core_pattern" >&5
$as_echo_n "checking for /proc/sys/kernel/core_pattern... " >&6; }
if ${ac_cv_file__proc_sys_kernel_core_pattern+:} false; then :
@@ -16739,7 +16739,7 @@
$as_echo "#define HAVE_SYS_KERNEL_PROC_CORE_PATTERN 1" >>confdefs.h
fi
-
+fi
#############################
# check if building with gpfs
meta-oe/recipes-connectivity/samba/samba-3.6.25/configure-disable-getaddrinfo-cross.patch
-11
View File
@@ -1,11 +0,0 @@
--- samba-3.6.6/source3/configure.orig 2012-10-01 15:50:15.371574883 -0300
+++ samba-3.6.6/source3/configure 2012-10-01 15:50:35.563699659 -0300
@@ -13302,7 +13302,7 @@
# getaddrinfo is broken on some AIX systems
# see bug 5910, use our replacements if we detect
# a broken system.
- if test "$cross_compiling" = yes; then :
+ if test "$cross_compiling" = foo; then :
{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
as_fn_error "cannot run test program while cross compiling
meta-oe/recipes-connectivity/samba/samba-3.6.25/configure-libunwind.patch
-82
View File
@@ -1,82 +0,0 @@
samba: add --enable-libunwind option
Upstream-Status: Pending
This let the end user explicitly enable/disable libunwind support.
---
configure | 28 ++++++++++++++++++++++++++--
1 file changed, 26 insertions(+), 2 deletions(-)
diff -urpN a/source3/configure b/source3/configure
--- a/source3/configure
+++ b/source3/configure
@@ -1007,6 +1007,7 @@ with_included_iniparser
with_static_modules
with_shared_modules
enable_dmalloc
+enable_libunwind
'
ac_precious_vars='build_alias
host_alias
@@ -1670,6 +1671,7 @@ Optional Features:
--enable-avahi Enable Avahi support (default=auto)
--enable-pthreadpool Enable pthreads pool helper support (default=no)
--enable-dmalloc Enable heap debugging [default=no]
+ --enable-libunwind Enable libunwind support if available (default=no)
Optional Packages:
--with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
@@ -16458,7 +16460,7 @@ done
# Find a method of generating a stack trace
-for ac_header in execinfo.h libexc.h libunwind.h
+for ac_header in execinfo.h libexc.h
do :
as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
@@ -16684,6 +16686,13 @@ fi
LIBS="$save_LIBS"
+# Check whether --enable-libunwind was given.
+if test "${enable_libunwind+set}" = set; then :
+ enableval=$enable_libunwind;
+fi
+
+if test "x$enable_libunwind" != xno
+then
# Note that all the libunwind symbols in the API are defined to internal
# platform-specific version, so we must include libunwind.h before checking
# any of them.
@@ -16691,6 +16700,21 @@ LIBS="$save_LIBS"
$as_echo_n "checking for libunwind... " >&6; }
save_LIBS=$LIBS
+# Check for libunwind.h present
+for ac_header in libunwind.h
+do :
+ as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
+eval as_val=\$$as_ac_Header
+ if test "x$as_val" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
UNWIND_ARCH="unknown"
if test x"$UNAME_I" != x"unknown"; then
UNWIND_ARCH="$UNAME_I"
@@ -16877,7 +16901,7 @@ fi
rm -f core conftest.err conftest.$ac_objext \
conftest$ac_exeext conftest.$ac_ext
fi
-
+fi
for ac_func in _dup _dup2 _opendir _readdir _seekdir _telldir _closedir
meta-oe/recipes-connectivity/samba/samba-3.6.25/documentation.patch
-302
View File
@@ -1,302 +0,0 @@
Description: Remove documentation parts that do not apply to Debian
Author: Christian Perrier <bubulle@debian.org>
Forwarded: not-needed
Index: experimental/docs/manpages/swat.8
===================================================================
--- experimental.orig/docs/manpages/swat.8
+++ experimental/docs/manpages/swat.8
@@ -120,86 +120,6 @@
.RS 4
Print a summary of command line options\&.
.RE
-.SH "INSTALLATION"
-.PP
-Swat is included as binary package with most distributions\&. The package manager in this case takes care of the installation and configuration\&. This section is only for those who have compiled swat from scratch\&.
-.PP
-After you compile SWAT you need to run
-make install
-to install the
-swat
-binary and the various help files and images\&. A default install would put these in:
-.sp
-.RS 4
-.ie n \{\
-\h'-04'\(bu\h'+03'\c
-.\}
-.el \{\
-.sp -1
-.IP \(bu 2.3
-.\}
-/usr/local/samba/sbin/swat
-.RE
-.sp
-.RS 4
-.ie n \{\
-\h'-04'\(bu\h'+03'\c
-.\}
-.el \{\
-.sp -1
-.IP \(bu 2.3
-.\}
-/usr/local/samba/swat/images/*
-.RE
-.sp
-.RS 4
-.ie n \{\
-\h'-04'\(bu\h'+03'\c
-.\}
-.el \{\
-.sp -1
-.IP \(bu 2.3
-.\}
-/usr/local/samba/swat/help/*
-.RE
-.sp
-.RE
-.SS "Inetd Installation"
-.PP
-You need to edit your
-/etc/inetd\&.conf
-and
-/etc/services
-to enable SWAT to be launched via
-inetd\&.
-.PP
-In
-/etc/services
-you need to add a line like this:
-.PP
-swat 901/tcp
-.PP
-Note for NIS/YP and LDAP users \- you may need to rebuild the NIS service maps rather than alter your local
-/etc/services
-file\&.
-.PP
-the choice of port number isn\*(Aqt really important except that it should be less than 1024 and not currently used (using a number above 1024 presents an obscure security hole depending on the implementation details of your
-inetd
-daemon)\&.
-.PP
-In
-/etc/inetd\&.conf
-you should add a line like this:
-.PP
-swat stream tcp nowait\&.400 root /usr/local/samba/sbin/swat swat
-.PP
-Once you have edited
-/etc/services
-and
-/etc/inetd\&.conf
-you need to send a HUP signal to inetd\&. To do this use
-kill \-1 PID
-where PID is the process ID of the inetd daemon\&.
.SH "LAUNCHING"
.PP
To launch SWAT just run your favorite web browser and point it at "http://localhost:901/"\&.
@@ -217,14 +137,11 @@
This file must contain a mapping of service name (e\&.g\&., swat) to service port (e\&.g\&., 901) and protocol type (e\&.g\&., tcp)\&.
.RE
.PP
-/usr/local/samba/lib/smb\&.conf
+/etc/samba/smb\&.conf
.RS 4
This is the default location of the
\fBsmb.conf\fR(5)
-server configuration file that swat edits\&. Other common places that systems install this file are
-/usr/samba/lib/smb\&.conf
-and
-/etc/smb\&.conf\&. This file describes all the services the server is to make available to clients\&.
+server configuration file that swat edits\&. This file describes all the services the server is to make available to clients\&.
.RE
.SH "WARNINGS"
.PP
Index: experimental/docs/manpages/nmbd.8
===================================================================
--- experimental.orig/docs/manpages/nmbd.8
+++ experimental/docs/manpages/nmbd.8
@@ -115,10 +115,7 @@
to answer any name queries\&. Adding a line to this file affects name NetBIOS resolution from this host
\fIONLY\fR\&.
.sp
-The default path to this file is compiled into Samba as part of the build process\&. Common defaults are
-/usr/local/samba/lib/lmhosts,
-/usr/samba/lib/lmhosts
-or
+The default path to this file is
/etc/samba/lmhosts\&. See the
\fBlmhosts\fR(5)
man page for details on the contents of this file\&.
@@ -187,14 +184,11 @@
inetd, this file must contain a mapping of service name (e\&.g\&., netbios\-ssn) to service port (e\&.g\&., 139) and protocol type (e\&.g\&., tcp)\&.
.RE
.PP
-/usr/local/samba/lib/smb\&.conf
+/etc/samba/smb\&.conf
.RS 4
This is the default location of the
\fBsmb.conf\fR(5)
-server configuration file\&. Other common places that systems install this file are
-/usr/samba/lib/smb\&.conf
-and
-/etc/samba/smb\&.conf\&.
+server configuration file\&.
.sp
When run as a WINS server (see the
\m[blue]\fBwins support\fR\m[]
@@ -238,10 +232,8 @@
will accept SIGHUP, which will cause it to dump out its namelists into the file
namelist\&.debug
in the
-/usr/local/samba/var/locks
-directory (or the
-var/locks
-directory configured under wherever Samba was configured to install itself)\&. This will also cause
+/var/run/samba
+directory\&. This will also cause
nmbd
to dump out its server database in the
log\&.nmb
Index: experimental/docs/manpages/smbd.8
===================================================================
--- experimental.orig/docs/manpages/smbd.8
+++ experimental/docs/manpages/smbd.8
@@ -169,14 +169,11 @@
inetd, this file must contain a mapping of service name (e\&.g\&., netbios\-ssn) to service port (e\&.g\&., 139) and protocol type (e\&.g\&., tcp)\&.
.RE
.PP
-/usr/local/samba/lib/smb\&.conf
+/etc/samba/smb\&.conf
.RS 4
This is the default location of the
\fBsmb.conf\fR(5)
-server configuration file\&. Other common places that systems install this file are
-/usr/samba/lib/smb\&.conf
-and
-/etc/samba/smb\&.conf\&.
+server configuration file\&.
.sp
This file describes all the services the server is to make available to clients\&. See
\fBsmb.conf\fR(5)
Index: experimental/docs/manpages/lmhosts.5
===================================================================
--- experimental.orig/docs/manpages/lmhosts.5
+++ experimental/docs/manpages/lmhosts.5
@@ -96,10 +96,8 @@
file\&.
.SH "FILES"
.PP
-lmhosts is loaded from the configuration directory\&. This is usually
-/etc/samba
-or
-/usr/local/samba/lib\&.
+lmhosts is loaded from the configuration directory\&. This is
+/etc/samba\&.
.SH "VERSION"
.PP
This man page is correct for version 3 of the Samba suite\&.
Index: experimental/docs/manpages/ntlm_auth.1
===================================================================
--- experimental.orig/docs/manpages/ntlm_auth.1
+++ experimental/docs/manpages/ntlm_auth.1
@@ -43,7 +43,7 @@
Some of these commands also require access to the directory
winbindd_privileged
in
-$LOCKDIR\&. This should be done either by running this command as root or providing group access to the
+/var/run/samba\F[]\&. This should be done either by running this command as root or providing group access to the
winbindd_privileged
directory\&. For security reasons, this directory should not be world\-accessable\&.
.SH "OPTIONS"
@@ -69,7 +69,7 @@
Requires access to the directory
winbindd_privileged
in
-$LOCKDIR\&. The protocol used is described here:
+/var/run/samba\&. The protocol used is described here:
http://devel\&.squid\-cache\&.org/ntlm/squid_helper_protocol\&.html\&. This protocol has been extended to allow the NTLMSSP Negotiate packet to be included as an argument to the
YR
command\&. (Thus avoiding loss of information in the protocol exchange)\&.
@@ -92,7 +92,7 @@
Requires access to the directory
winbindd_privileged
in
-$LOCKDIR\&.
+/var/run/samba\&.
.RE
.PP
gss\-spnego\-client
Index: experimental/docs/manpages/tdbbackup.8
===================================================================
--- experimental.orig/docs/manpages/tdbbackup.8
+++ experimental/docs/manpages/tdbbackup.8
@@ -77,7 +77,7 @@
.\}
secrets\&.tdb
-\- usual location is in the /usr/local/samba/private directory, or on some systems in /etc/samba\&.
+\- usual location is in the /var/lib/samba directory\&.
.RE
.sp
.RS 4
@@ -90,7 +90,7 @@
.\}
passdb\&.tdb
-\- usual location is in the /usr/local/samba/private directory, or on some systems in /etc/samba\&.
+\- usual location is in the /var/lib/samba directory\&.
.RE
.sp
.RS 4
@@ -103,7 +103,7 @@
.\}
*\&.tdb
-located in the /usr/local/samba/var directory or on some systems in the /var/cache or /var/lib/samba directories\&.
+located in the /var/lib/samba and /var/run/samba directories\&.
.RE
.SH "VERSION"
.PP
Index: experimental/docs/manpages/winbindd.8
===================================================================
--- experimental.orig/docs/manpages/winbindd.8
+++ experimental/docs/manpages/winbindd.8
@@ -539,16 +539,16 @@
file are owned by root\&.
.RE
.PP
-$LOCKDIR/winbindd_privileged/pipe
+/var/run/samba/winbindd_privileged/pipe
.RS 4
The UNIX pipe over which \*(Aqprivileged\*(Aq clients communicate with the
winbindd
program\&. For security reasons, access to some winbindd functions \- like those needed by the
ntlm_auth
-utility \- is restricted\&. By default, only users in the \*(Aqroot\*(Aq group will get this access, however the administrator may change the group permissions on $LOCKDIR/winbindd_privileged to allow programs like \*(Aqsquid\*(Aq to use ntlm_auth\&. Note that the winbind client will only attempt to connect to the winbindd daemon if both the
-$LOCKDIR/winbindd_privileged
+utility \- is restricted\&. By default, only users in the \'root\' group will get this access, however the administrator may change the group permissions on /var/run/samba/winbindd_privileged to allow programs like \'squid\' to use ntlm_auth\&. Note that the winbind client will only attempt to connect to the winbindd daemon if both the
+/var/run/samba/winbindd_privileged
directory and
-$LOCKDIR/winbindd_privileged/pipe
+/var/run/samba/winbindd_privileged/pipe
file are owned by root\&.
.RE
.PP
@@ -557,15 +557,12 @@
Implementation of name service switch library\&.
.RE
.PP
-$LOCKDIR/winbindd_idmap\&.tdb
+/var/run/samba/winbindd_idmap\&.tdb
.RS 4
-Storage for the Windows NT rid to UNIX user/group id mapping\&. The lock directory is specified when Samba is initially compiled using the
-\fI\-\-with\-lockdir\fR
-option\&. This directory is by default
-/usr/local/samba/var/locks\&.
+Storage for the Windows NT rid to UNIX user/group id mapping\&.
.RE
.PP
-$LOCKDIR/winbindd_cache\&.tdb
+/var/run/samba/winbindd_cache\&.tdb
.RS 4
Storage for cached user and group information\&.
.RE
meta-oe/recipes-connectivity/samba/samba-3.6.25/documentation2.patch
-314
View File
@@ -1,314 +0,0 @@
Description: Remove documentation parts that do not apply to Debian
Author: Christian Perrier <bubulle@debian.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=8789
Forwarded: yes
Index: samba/docs-xml/manpages-3/nmbd.8.xml
===================================================================
--- samba.orig/docs-xml/manpages-3/nmbd.8.xml
+++ samba/docs-xml/manpages-3/nmbd.8.xml
@@ -266,7 +266,6 @@
<manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>smb.conf</refentrytitle>
<manvolnum>5</manvolnum></citerefentry>, <citerefentry><refentrytitle>smbclient</refentrytitle>
<manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>testparm</refentrytitle>
- <manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>testprns</refentrytitle>
<manvolnum>1</manvolnum></citerefentry>, and the Internet
RFC's <filename>rfc1001.txt</filename>, <filename>rfc1002.txt</filename>.
In addition the CIFS (formerly SMB) specification is available
Index: samba/docs-xml/manpages-3/samba.7.xml
===================================================================
--- samba.orig/docs-xml/manpages-3/samba.7.xml
+++ samba/docs-xml/manpages-3/samba.7.xml
@@ -76,16 +76,6 @@
</varlistentry>
<varlistentry>
- <term><citerefentry><refentrytitle>testprns</refentrytitle>
- <manvolnum>1</manvolnum></citerefentry></term>
- <listitem><para>The <command>testprns</command>
- utility supports testing printer names defined
- in your <filename>printcap</filename> file used
- by Samba.</para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
<term><citerefentry><refentrytitle>smbstatus</refentrytitle>
<manvolnum>1</manvolnum></citerefentry></term>
<listitem><para>The <command>smbstatus</command>
@@ -125,7 +115,8 @@
<manvolnum>1</manvolnum></citerefentry></term>
<listitem><para>The <command>smbsh</command> command is
a program that allows you to run a unix shell with
- with an overloaded VFS.</para></listitem>
+ with an overloaded VFS. Note that, it is not installed by
+ the current samba package.</para></listitem>
</varlistentry>
<varlistentry>
Index: samba/docs-xml/manpages-3/smb.conf.5.xml
===================================================================
--- samba.orig/docs-xml/manpages-3/smb.conf.5.xml
+++ samba/docs-xml/manpages-3/smb.conf.5.xml
@@ -856,7 +856,6 @@
<manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>smbclient</refentrytitle>
<manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>nmblookup</refentrytitle>
<manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>testparm</refentrytitle>
- <manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>testprns</refentrytitle>
<manvolnum>1</manvolnum></citerefentry>.</para>
</refsect1>
Index: samba/docs-xml/manpages-3/smbd.8.xml
===================================================================
--- samba.orig/docs-xml/manpages-3/smbd.8.xml
+++ samba/docs-xml/manpages-3/smbd.8.xml
@@ -417,7 +417,6 @@
<manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>smb.conf</refentrytitle>
<manvolnum>5</manvolnum></citerefentry>, <citerefentry><refentrytitle>smbclient</refentrytitle>
<manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>testparm</refentrytitle>
- <manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>testprns</refentrytitle>
<manvolnum>1</manvolnum></citerefentry>, and the
Internet RFC's <filename>rfc1001.txt</filename>, <filename>rfc1002.txt</filename>.
In addition the CIFS (formerly SMB) specification is available
Index: samba/docs-xml/using_samba/appd.xml
===================================================================
--- samba.orig/docs-xml/using_samba/appd.xml
+++ samba/docs-xml/using_samba/appd.xml
@@ -296,7 +296,7 @@
<para>The <emphasis>smbsh</emphasis>
-<indexterm id="appd-idx-993744-0"><primary>smbsh program</primary></indexterm> program lets you use a remote Windows share on your Samba server as if the share was a regular Unix directory. When it's run, it provides an extra directory tree under <filename>/smb</filename>. Subdirectories of <filename>/smb</filename> are servers, and subdirectories of the servers are their individual disk and printer shares. Commands run by <emphasis>smbsh</emphasis> treat the <filename>/smb</filename> filesystem as if it were local to Unix. This means that you don't need <emphasis>smbmount</emphasis> in your kernel to mount Windows filesystems the way you mount with NFS filesystems. However, you do need to configure Samba with the <literal>--with-smbwrappers</literal> option to enable <filename>smbsh</filename>.</para>
+<indexterm id="appd-idx-993744-0"><primary>smbsh program</primary></indexterm> program (<emphasis>not available in this samba package</emphasis>) lets you use a remote Windows share on your Samba server as if the share was a regular Unix directory. When it's run, it provides an extra directory tree under <filename>/smb</filename>. Subdirectories of <filename>/smb</filename> are servers, and subdirectories of the servers are their individual disk and printer shares. Commands run by <emphasis>smbsh</emphasis> treat the <filename>/smb</filename> filesystem as if it were local to Unix. This means that you don't need <emphasis>smbmount</emphasis> in your kernel to mount Windows filesystems the way you mount with NFS filesystems. However, you do need to configure Samba with the <literal>--with-smbwrappers</literal> option to enable <filename>smbsh</filename>.</para>
<sect3 role="" label="D.1.4.1" id="appd-SECT-1.4.1">
@@ -1320,24 +1320,6 @@
</sect2>
-
-
-
-<sect2 role="" label="D.1.11" id="appd-SECT-1.11">
-<title>testprns</title>
-
-
-<para>The<indexterm id="appd-idx-993761-0"><primary>testprns program</primary></indexterm>
-<indexterm id="appd-idx-993761-1"><primary>printers</primary><secondary>names</secondary><tertiary>checking</tertiary></indexterm> <emphasis>testprns</emphasis> program checks a specified printer name against the system printer capabilities (<filename>printcap</filename>) file. Its command line is:</para>
-
-
-<programlisting>testprns <replaceable>printername</replaceable> [<replaceable>printcapname</replaceable>]</programlisting>
-
-
-<para>If the <literal>printcapname</literal> isn't specified, Samba attempts to use one located in the <filename>smb.conf</filename> file. If one isn't specified there, Samba will try <filename>/etc/printcap</filename>. If that fails, the program will generate an error.</para>
-</sect2>
-
-
Index: samba/docs-xml/using_samba/ch01.xml
===================================================================
--- samba.orig/docs-xml/using_samba/ch01.xml
+++ samba/docs-xml/using_samba/ch01.xml
@@ -1375,12 +1375,6 @@
</varlistentry>
-<varlistentry><term>testprns</term>
-<listitem><para>A program that tests whether various printers are recognized by the <filename>smbd</filename> daemon</para></listitem>
-</varlistentry>
-</variablelist>
-
-
<para>Each significant release of Samba goes through a significant exposure test before it's announced. In addition, it is quickly updated afterward if problems or unwanted side-effects are found. The latest stable distribution as of this writing is Samba 2.0.5, the long-awaited production version of Samba 2.0. This book focuses on the functionality supported in Samba 2.0, as opposed to the older 1.9.<emphasis>x</emphasis> versions of Samba, which are now obsolete.</para>
</sect1>
Index: samba/docs-xml/using_samba/ch07.xml
===================================================================
--- samba.orig/docs-xml/using_samba/ch07.xml
+++ samba/docs-xml/using_samba/ch07.xml
@@ -306,7 +306,7 @@
public: true</programlisting>
-<para>Second, try the command <literal>testprns</literal> <replaceable>printername</replaceable>. This is a simple program that verifies that the specified printer is available in your <emphasis>printcap</emphasis> file. If your <emphasis>printcap</emphasis> file is not in the usual place, you can specify its full pathname as the second argument to the <emphasis>testprns</emphasis> command:</para>
+<para>Second, try the command <literal>testprns</literal> <replaceable>printername</replaceable>. <emphasis>Note</emphasis>: This command is not available in this package. This is a simple program that verifies that the specified printer is available in your <emphasis>printcap</emphasis> file. If your <emphasis>printcap</emphasis> file is not in the usual place, you can specify its full pathname as the second argument to the <emphasis>testprns</emphasis> command:</para>
<programlisting># testprns lp /etc/printcap
Index: samba/docs/htmldocs/manpages/nmbd.8.html
===================================================================
--- samba.orig/docs/htmldocs/manpages/nmbd.8.html
+++ samba/docs/htmldocs/manpages/nmbd.8.html
@@ -131,7 +131,7 @@
transient problems to be diagnosed, whilst still running
at a normally low log level.</p></div><div class="refsect1" title="VERSION"><a name="id307511"></a><h2>VERSION</h2><p>This man page is correct for version 3 of
the Samba suite.</p></div><div class="refsect1" title="SEE ALSO"><a name="id307521"></a><h2>SEE ALSO</h2><p>
- <a class="citerefentry" href="inetd.8.html"><span class="citerefentry"><span class="refentrytitle">inetd</span>(8)</span></a>, <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>, <a class="citerefentry" href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a>, <a class="citerefentry" href="smbclient.1.html"><span class="citerefentry"><span class="refentrytitle">smbclient</span>(1)</span></a>, <a class="citerefentry" href="testparm.1.html"><span class="citerefentry"><span class="refentrytitle">testparm</span>(1)</span></a>, <a class="citerefentry" href="testprns.1.html"><span class="citerefentry"><span class="refentrytitle">testprns</span>(1)</span></a>, and the Internet
+ <a class="citerefentry" href="inetd.8.html"><span class="citerefentry"><span class="refentrytitle">inetd</span>(8)</span></a>, <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>, <a class="citerefentry" href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a>, <a class="citerefentry" href="smbclient.1.html"><span class="citerefentry"><span class="refentrytitle">smbclient</span>(1)</span></a>, <a class="citerefentry" href="testparm.1.html"><span class="citerefentry"><span class="refentrytitle">testparm</span>(1)</span></a>, and the Internet
RFC's <code class="filename">rfc1001.txt</code>, <code class="filename">rfc1002.txt</code>.
In addition the CIFS (formerly SMB) specification is available
as a link from the Web page <a class="ulink" href="http://samba.org/cifs/" target="_top">
Index: samba/docs/htmldocs/manpages/samba.7.html
===================================================================
--- samba.orig/docs/htmldocs/manpages/samba.7.html
+++ samba/docs/htmldocs/manpages/samba.7.html
@@ -17,10 +17,7 @@
servers (such as Windows NT), and can also be used
to allow a UNIX box to print to a printer attached to
any SMB server (such as a PC running Windows NT).</p></dd><dt><span class="term"><a class="citerefentry" href="testparm.1.html"><span class="citerefentry"><span class="refentrytitle">testparm</span>(1)</span></a></span></dt><dd><p>The <code class="literal">testparm</code>
- utility is a simple syntax checker for Samba's <a class="citerefentry" href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a> configuration file.</p></dd><dt><span class="term"><a class="citerefentry" href="testprns.1.html"><span class="citerefentry"><span class="refentrytitle">testprns</span>(1)</span></a></span></dt><dd><p>The <code class="literal">testprns</code>
- utility supports testing printer names defined
- in your <code class="filename">printcap</code> file used
- by Samba.</p></dd><dt><span class="term"><a class="citerefentry" href="smbstatus.1.html"><span class="citerefentry"><span class="refentrytitle">smbstatus</span>(1)</span></a></span></dt><dd><p>The <code class="literal">smbstatus</code>
+ utility is a simple syntax checker for Samba's <a class="citerefentry" href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a> configuration file.</p></dd><dt><span class="term"><a class="citerefentry" href="smbstatus.1.html"><span class="citerefentry"><span class="refentrytitle">smbstatus</span>(1)</span></a></span></dt><dd><p>The <code class="literal">smbstatus</code>
tool provides access to information about the
current connections to <code class="literal">smbd</code>.</p></dd><dt><span class="term"><a class="citerefentry" href="nmblookup.1.html"><span class="citerefentry"><span class="refentrytitle">nmblookup</span>(1)</span></a></span></dt><dd><p>The <code class="literal">nmblookup</code>
tools allows NetBIOS name queries to be made
@@ -29,7 +26,8 @@
password hashes on Samba and Windows NT servers.</p></dd><dt><span class="term"><a class="citerefentry" href="smbcacls.1.html"><span class="citerefentry"><span class="refentrytitle">smbcacls</span>(1)</span></a></span></dt><dd><p>The <code class="literal">smbcacls</code> command is
a tool to set ACL's on remote CIFS servers. </p></dd><dt><span class="term"><a class="citerefentry" href="smbsh.1.html"><span class="citerefentry"><span class="refentrytitle">smbsh</span>(1)</span></a></span></dt><dd><p>The <code class="literal">smbsh</code> command is
a program that allows you to run a unix shell with
- with an overloaded VFS.</p></dd><dt><span class="term"><a class="citerefentry" href="smbtree.1.html"><span class="citerefentry"><span class="refentrytitle">smbtree</span>(1)</span></a></span></dt><dd><p>The <code class="literal">smbtree</code> command
+ with an overloaded VFS. Note that, it is not installed by
+ the current samba package.</p></dd><dt><span class="term"><a class="citerefentry" href="smbtree.1.html"><span class="citerefentry"><span class="refentrytitle">smbtree</span>(1)</span></a></span></dt><dd><p>The <code class="literal">smbtree</code> command
is a text-based network neighborhood tool.</p></dd><dt><span class="term"><a class="citerefentry" href="smbtar.1.html"><span class="citerefentry"><span class="refentrytitle">smbtar</span>(1)</span></a></span></dt><dd><p>The <code class="literal">smbtar</code> can make
backups of data on CIFS/SMB servers.</p></dd><dt><span class="term"><a class="citerefentry" href="smbspool.8.html"><span class="citerefentry"><span class="refentrytitle">smbspool</span>(8)</span></a></span></dt><dd><p><code class="literal">smbspool</code> is a
helper utility for printing on printers connected
Index: samba/docs/htmldocs/manpages/smb.conf.5.html
===================================================================
--- samba.orig/docs/htmldocs/manpages/smb.conf.5.html
+++ samba/docs/htmldocs/manpages/smb.conf.5.html
@@ -6964,7 +6964,7 @@
care when designing these sections. In particular, ensure that the permissions on spool directories are
correct.
</p></div><div class="refsect1" title="VERSION"><a name="id340677"></a><h2>VERSION</h2><p>This man page is correct for version 3 of the Samba suite.</p></div><div class="refsect1" title="SEE ALSO"><a name="id340688"></a><h2>SEE ALSO</h2><p>
- <a class="citerefentry" href="samba.7.html"><span class="citerefentry"><span class="refentrytitle">samba</span>(7)</span></a>, <a class="citerefentry" href="smbpasswd.8.html"><span class="citerefentry"><span class="refentrytitle">smbpasswd</span>(8)</span></a>, <a class="citerefentry" href="swat.8.html"><span class="citerefentry"><span class="refentrytitle">swat</span>(8)</span></a>, <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>, <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a>, <a class="citerefentry" href="smbclient.1.html"><span class="citerefentry"><span class="refentrytitle">smbclient</span>(1)</span></a>, <a class="citerefentry" href="nmblookup.1.html"><span class="citerefentry"><span class="refentrytitle">nmblookup</span>(1)</span></a>, <a class="citerefentry" href="testparm.1.html"><span class="citerefentry"><span class="refentrytitle">testparm</span>(1)</span></a>, <a class="citerefentry" href="testprns.1.html"><span class="citerefentry"><span class="refentrytitle">testprns</span>(1)</span></a>.</p></div><div class="refsect1" title="AUTHOR"><a name="id340767"></a><h2>AUTHOR</h2><p>
+ <a class="citerefentry" href="samba.7.html"><span class="citerefentry"><span class="refentrytitle">samba</span>(7)</span></a>, <a class="citerefentry" href="smbpasswd.8.html"><span class="citerefentry"><span class="refentrytitle">smbpasswd</span>(8)</span></a>, <a class="citerefentry" href="swat.8.html"><span class="citerefentry"><span class="refentrytitle">swat</span>(8)</span></a>, <a class="citerefentry" href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>, <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a>, <a class="citerefentry" href="smbclient.1.html"><span class="citerefentry"><span class="refentrytitle">smbclient</span>(1)</span></a>, <a class="citerefentry" href="nmblookup.1.html"><span class="citerefentry"><span class="refentrytitle">nmblookup</span>(1)</span></a>, <a class="citerefentry" href="testparm.1.html"><span class="citerefentry"><span class="refentrytitle">testparm</span>(1)</span></a>.</p></div><div class="refsect1" title="AUTHOR"><a name="id340767"></a><h2>AUTHOR</h2><p>
The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.
</p><p>
Index: samba/docs/htmldocs/manpages/smbd.8.html
===================================================================
--- samba.orig/docs/htmldocs/manpages/smbd.8.html
+++ samba/docs/htmldocs/manpages/smbd.8.html
@@ -147,7 +147,7 @@
<code class="literal">smbd</code> is in a state of waiting for an incoming SMB before
issuing them. It is possible to make the signal handlers safe
by un-blocking the signals before the select call and re-blocking
- them after, however this would affect performance.</p></div><div class="refsect1" title="SEE ALSO"><a name="id307739"></a><h2>SEE ALSO</h2><p><a class="citerefentry" href="hosts_access.5.html"><span class="citerefentry"><span class="refentrytitle">hosts_access</span>(5)</span></a>, <a class="citerefentry" href="inetd.8.html"><span class="citerefentry"><span class="refentrytitle">inetd</span>(8)</span></a>, <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a>, <a class="citerefentry" href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a>, <a class="citerefentry" href="smbclient.1.html"><span class="citerefentry"><span class="refentrytitle">smbclient</span>(1)</span></a>, <a class="citerefentry" href="testparm.1.html"><span class="citerefentry"><span class="refentrytitle">testparm</span>(1)</span></a>, <a class="citerefentry" href="testprns.1.html"><span class="citerefentry"><span class="refentrytitle">testprns</span>(1)</span></a>, and the
+ them after, however this would affect performance.</p></div><div class="refsect1" title="SEE ALSO"><a name="id307739"></a><h2>SEE ALSO</h2><p><a class="citerefentry" href="hosts_access.5.html"><span class="citerefentry"><span class="refentrytitle">hosts_access</span>(5)</span></a>, <a class="citerefentry" href="inetd.8.html"><span class="citerefentry"><span class="refentrytitle">inetd</span>(8)</span></a>, <a class="citerefentry" href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a>, <a class="citerefentry" href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a>, <a class="citerefentry" href="smbclient.1.html"><span class="citerefentry"><span class="refentrytitle">smbclient</span>(1)</span></a>, <a class="citerefentry" href="testparm.1.html"><span class="citerefentry"><span class="refentrytitle">testparm</span>(1)</span></a>, and the
Internet RFC's <code class="filename">rfc1001.txt</code>, <code class="filename">rfc1002.txt</code>.
In addition the CIFS (formerly SMB) specification is available
as a link from the Web page <a class="ulink" href="http://samba.org/cifs/" target="_top">
Index: samba/docs/manpages/nmbd.8
===================================================================
--- samba.orig/docs/manpages/nmbd.8
+++ samba/docs/manpages/nmbd.8
@@ -252,8 +252,7 @@
\fBsmbd\fR(8),
\fBsmb.conf\fR(5),
\fBsmbclient\fR(1),
-\fBtestparm\fR(1),
-\fBtestprns\fR(1), and the Internet RFC\*(Aqs
+\fBtestparm\fR(1), and the Internet RFC\*(Aqs
rfc1001\&.txt,
rfc1002\&.txt\&. In addition the CIFS (formerly SMB) specification is available as a link from the Web page
http://samba\&.org/cifs/\&.
Index: samba/docs/manpages/samba.7
===================================================================
--- samba.orig/docs/manpages/samba.7
+++ samba/docs/manpages/samba.7
@@ -60,15 +60,6 @@
configuration file\&.
.RE
.PP
-\fBtestprns\fR(1)
-.RS 4
-The
-testprns
-utility supports testing printer names defined in your
-printcap
-file used by Samba\&.
-.RE
-.PP
\fBsmbstatus\fR(1)
.RS 4
The
@@ -102,7 +93,7 @@
.RS 4
The
smbsh
-command is a program that allows you to run a unix shell with with an overloaded VFS\&.
+command is a program that allows you to run a unix shell with with an overloaded VFS. Note that, it is not installed by the current samba package\&.
.RE
.PP
\fBsmbtree\fR(1)
Index: samba/docs/manpages/smb.conf.5
===================================================================
--- samba.orig/docs/manpages/smb.conf.5
+++ samba/docs/manpages/smb.conf.5
@@ -11021,8 +11021,7 @@
\fBnmbd\fR(8),
\fBsmbclient\fR(1),
\fBnmblookup\fR(1),
-\fBtestparm\fR(1),
-\fBtestprns\fR(1)\&.
+\fBtestparm\fR(1)\&.
.SH "AUTHOR"
.PP
The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
Index: samba/docs/manpages/smbd.8
===================================================================
--- samba.orig/docs/manpages/smbd.8
+++ samba/docs/manpages/smbd.8
@@ -370,8 +370,7 @@
\fBnmbd\fR(8),
\fBsmb.conf\fR(5),
\fBsmbclient\fR(1),
-\fBtestparm\fR(1),
-\fBtestprns\fR(1), and the Internet RFC\*(Aqs
+\fBtestparm\fR(1), and the Internet RFC\*(Aqs
rfc1001\&.txt,
rfc1002\&.txt\&. In addition the CIFS (formerly SMB) specification is available as a link from the Web page
http://samba\&.org/cifs/\&.
Index: samba/examples/tridge/smb.conf
===================================================================
--- samba.orig/examples/tridge/smb.conf
+++ samba/examples/tridge/smb.conf
@@ -31,14 +31,6 @@
print ok = yes
print command = xmenu -heading "%s" OK&
-[testprn]
- comment = Test printer
- path = /tmp
- user = susan
- print ok = yes
- print command = cp %s /tmp/smb.%U.prn
- lpq command = cat /tmp/xxyz
-
[amd]
comment = amd area
path = /mount
Index: samba/swat/lang/tr/help/welcome.html
===================================================================
--- samba.orig/swat/lang/tr/help/welcome.html
+++ samba/swat/lang/tr/help/welcome.html
@@ -40,7 +40,6 @@
<ul>
<li><a href="/swat/help/smbstatus.1.html" target="docs">smbstatus</a> - Samba gözlemcisi
<li><a href="/swat/help/testparm.1.html" target="docs">testparm</a> - ayar dosyasını kontrol eder
- <li><a href="/swat/help/testprns.1.html" target="docs">testprns</a> - yazıcı ayarlarını kontrol eder
<li><a href="/swat/help/nmblookup.1.html" target="docs">nmblookup</a> - NetBIOS isim sorgulama aracı
</ul>
<li><b>Kitaplar</b>
@@ -66,4 +65,4 @@
Eğer SWAT'ın bu sürümü ile ilgili konuları tartışmak istiyorsanız, lütfen
<A HREF="http://lists.samba.org/">samba</A> eposta listesine üye olun.
-
\ No newline at end of file
+
meta-oe/recipes-connectivity/samba/samba-3.6.25/dont-build-VFS-examples.patch
-31
View File
@@ -1,31 +0,0 @@
Description: Do not build VFS examples
Author: Christian Perrier <bubulle@debian.org>
Forwarded: not-needed
Index: samba/source3/Makefile.in
===================================================================
--- samba.orig/source3/Makefile.in
+++ samba/source3/Makefile.in
@@ -1616,8 +1616,7 @@
everything:: all libtalloc libsmbclient libnetapi debug2html smbfilter talloctort replacetort smbconftort modules torture \
- $(EVERYTHING_PROGS) \
- vfs_examples
+ $(EVERYTHING_PROGS)
.SUFFIXES:
.SUFFIXES: .c .o .lo
@@ -3552,12 +3551,3 @@
bin/ndrdump4: $(BINARY_PREREQS)
$(MAKE) -f Makefile-smbtorture4 bin/ndrdump4
-.PHONY: vfs_examples
-
-vfs_examples:
- ( \
- cd ../examples/VFS && \
- ./configure && \
- make clean && \
- make \
- )
meta-oe/recipes-connectivity/samba/samba-3.6.25/fhs-filespaths.patch
-65
View File
@@ -1,65 +0,0 @@
Description: Prepare the sources to better respect FHS
This patch was historically very long but most parts have
been integrated upstream.
.
The last remaining bit is the location of "private files
We historically have them in /var/lib/samba while upstream
has them in /etc/samba
.
We need to provide a migraiton path and go back to the "normal"
file layout
Author: Eloy A. Paris <peloy@debian.org>
Bug-Debian: http://bugs.debian.org/49011
Forwarded: not-needed
Index: samba/source3/passdb/pdb_tdb.c
===================================================================
--- samba.orig/source3/passdb/pdb_tdb.c
+++ samba/source3/passdb/pdb_tdb.c
@@ -1260,7 +1260,7 @@
/* save the path for later */
if (!location) {
- if (asprintf(&tdbfile, "%s/%s", lp_private_dir(),
+ if (asprintf(&tdbfile, "%s/%s", lp_statedir(),
PASSDB_FILE_NAME) < 0) {
return NT_STATUS_NO_MEMORY;
}
Index: samba/source3/passdb/secrets.c
===================================================================
--- samba.orig/source3/passdb/secrets.c
+++ samba/source3/passdb/secrets.c
@@ -64,7 +64,7 @@
return True;
fname = talloc_asprintf(talloc_tos(), "%s/secrets.tdb",
- lp_private_dir());
+ lp_statedir());
if (fname == NULL) {
return false;
}
Index: samba/docs/manpages/smb.conf.5
===================================================================
--- samba.orig/docs/manpages/smb.conf.5
+++ samba/docs/manpages/smb.conf.5
@@ -7167,7 +7167,7 @@
.\}
tdbsam
\- The TDB based password storage backend\&. Takes a path to the TDB as an optional argument (defaults to passdb\&.tdb in the
-\m[blue]\fBprivate dir\fR\m[]
+\m[blue]\fBstate directory\fR\m[]
directory\&.
.RE
.sp
@@ -8038,9 +8038,7 @@
.PP
.RS 4
This parameters defines the directory smbd will use for storing such files as
-smbpasswd
-and
-secrets\&.tdb\&.
+smbpasswd\&. secrets\&.tdb is stored in state directory on Debian systems\&.
.sp
Default:
\fI\fIprivate dir\fR\fR\fI = \fR\fI${prefix}/private\fR\fI \fR
meta-oe/recipes-connectivity/samba/samba-3.6.25/installswat.sh.patch
-23
View File
@@ -1,23 +0,0 @@
Description: Do not install the Using Samba book when installing SWAT
Using Samba is packaged in samba-doc, however upstream also
installs it in SWAT install dirs
Author: Christian Perrier <bubulle@debian.org>
Forwarded: not-needed
Index: experimental/source3/script/installswat.sh
===================================================================
--- experimental.orig/source3/script/installswat.sh
+++ experimental/source3/script/installswat.sh
@@ -198,7 +198,11 @@
# Install/ remove Using Samba book (but only if it is there)
-if [ "x$BOOKDIR" != "x" -a -f $SRCDIR../docs/htmldocs/using_samba/toc.html ]; then
+# Under Debian we don't actually install the book. The book is part of
+# the samba-doc package, so we just provide a symlink that points to
+# where the book is actually installed. The symlink is created in
+# debian/rules.
+if /bin/false; then
# Create directories
meta-oe/recipes-connectivity/samba/samba-3.6.25/libutil_drop_AI_ADDRCONFIG.patch
-54
View File
@@ -1,54 +0,0 @@
From 185cd4c79492a7de5988f9407d764cdb3a0e2e10 Mon Sep 17 00:00:00 2001
From: Simo Sorce <idra@samba.org>
Date: Wed, 11 May 2011 17:50:07 -0400
Subject: [PATCH] libutil: use AI_ADDRCONFIG only when AI_NUMERIC is not defined
This flag prevents startup w/o ip addresses assigned to any interface.
If AI_NUMERIC is passed it should be safe to avoid it.
Signed-off-by: Andreas Schneider <asn@samba.org>
---
lib/util/util_net.c | 16 +++++++++++-----
1 files changed, 11 insertions(+), 5 deletions(-)
Index: samba/lib/util/util_net.c
===================================================================
--- samba.orig/lib/util/util_net.c
+++ samba/lib/util/util_net.c
@@ -64,10 +64,9 @@
ppres);
if (ret) {
- DEBUG(3,("interpret_string_addr_internal: getaddrinfo failed "
- "for name %s [%s]\n",
- str,
- gai_strerror(ret) ));
+ DEBUG(3, ("interpret_string_addr_internal: "
+ "getaddrinfo failed for name %s (flags %d) [%s]\n",
+ str, flags, gai_strerror(ret)));
return false;
}
return true;
@@ -88,6 +87,7 @@
#if defined(HAVE_IPV6)
char addr[INET6_ADDRSTRLEN];
unsigned int scope_id = 0;
+ int int_flags;
if (strchr_m(str, ':')) {
char *p = strchr_m(str, '%');
@@ -108,7 +108,13 @@
zero_sockaddr(pss);
- if (!interpret_string_addr_internal(&res, str, flags|AI_ADDRCONFIG)) {
+ if (flags & AI_NUMERICHOST) {
+ int_flags = flags;
+ } else {
+ int_flags = flags|AI_ADDRCONFIG;
+ }
+
+ if (!interpret_string_addr_internal(&res, str, int_flags)) {
return false;
}
if (!res) {
meta-oe/recipes-connectivity/samba/samba-3.6.25/only_export_public_symbols.patch
-21
View File
@@ -1,21 +0,0 @@
Description: only export public symbols
Force usage of the symbols list when linking shared libraries. Otherwise,
private symbols get exported in libsmbclient and libwbclient.
Forwarded: no
Author: Ivo De Decker <ivo.dedecker@ugent.be>
Last-Update: 2012-06-27
--- samba-3.6.6.orig/source3/Makefile.in
+++ samba-3.6.6/source3/Makefile.in
@@ -28,8 +28,9 @@ SHLD=@SHLD@
LIB_PATH_VAR=@LIB_PATH_VAR@
## Dynamic shared libraries build settings
-DSO_EXPORTS_CMD=-Wl,--version-script,$(srcdir)/exports/`basename $@ | sed 's:\.@SHLIBEXT@[\.0-9]*$$:.@SYMSEXT@:'`
-DSO_EXPORTS=@DSO_EXPORTS@
+# force using syms file
+DSO_EXPORTS=-Wl,--version-script,$(srcdir)/exports/`basename $@ | sed 's:\.@SHLIBEXT@[\.0-9]*$$:.@SYMSEXT@:'`
+#DSO_EXPORTS=@DSO_EXPORTS@
SHLD_DSO = $(SHLD) $(LDSHFLAGS) $(DSO_EXPORTS) -o $@
# The MODULE_EXPORTS variable contains the platform-specific linker flags
meta-oe/recipes-connectivity/samba/samba-3.6.25/pam-examples.patch
-17
View File
@@ -1,17 +0,0 @@
Description: Fix examples directory location in pam_smbpass README
Author: Christian Perrier <bubulle@debian.org>
Forwarded: not-needed
Index: experimental/source3/pam_smbpass/README
===================================================================
--- experimental.orig/source3/pam_smbpass/README
+++ experimental/source3/pam_smbpass/README
@@ -37,7 +37,7 @@
smbconf=<file> - specify an alternate path to the smb.conf
file.
-See the samples/ directory for example PAM configurations using this
+See the examples/ directory for example PAM configurations using this
module.
Thanks go to the following people:
meta-oe/recipes-connectivity/samba/samba-3.6.25/shadow_copy2_backport.patch
-2101
View File
File diff suppressed because it is too large Load Diff
meta-oe/recipes-connectivity/samba/samba-3.6.25/smbclient-pager.patch
-18
View File
@@ -1,18 +0,0 @@
Description: Use the pager alternative as pager is PAGER is undefined
Author: Steve Langasek <vorlon@debian.org>
Bug-Debian: http://bugs.debian.org/135603
Forwarded: not-needed
Index: experimental/source3/include/local.h
===================================================================
--- experimental.orig/source3/include/local.h
+++ experimental/source3/include/local.h
@@ -127,7 +127,7 @@
/* the default pager to use for the client "more" command. Users can
override this with the PAGER environment variable */
#ifndef PAGER
-#define PAGER "more"
+#define PAGER "/usr/bin/pager"
#endif
/* the size of the uid cache used to reduce valid user checks */
meta-oe/recipes-connectivity/samba/samba-3.6.25/smbtar-bashism.patch
-19
View File
@@ -1,19 +0,0 @@
Description: Avoid using bashism in smbtar
Author: Jelmer Vernooij <jelmer@samba.org>
Bug-Debian: http://bugs.debian.org/486056
Forwarded: yes
Bug: https://bugzilla.samba.org/show_bug.cgi?id=8924
Index: experimental/source3/script/smbtar
===================================================================
--- experimental.orig/source3/script/smbtar
+++ experimental/source3/script/smbtar
@@ -151,7 +151,7 @@
if [ -z "$verbose" ]; then
echo "server is $server"
# echo "share is $service"
- echo "share is $service\\$cdcmd"
+ printf "share is %s\\%s\n" "$service" "$cdcmd"
echo "tar args is $tarargs"
# echo "password is $password" # passwords should never be sent to screen
echo "tape is $tapefile"
meta-oe/recipes-connectivity/samba/samba-3.6.25/smbtorture-manpage.patch
-94
View File
@@ -1,94 +0,0 @@
Description: Provide a manpage for smbtorture
Author: Christian Perrier <bubulle@debian.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=8930
Forwarded: yes
Bug-Debian: http://bugs.debian.org/528735
Index: samba/docs/manpages/smbtorture.1
===================================================================
--- /dev/null
+++ samba/docs/manpages/smbtorture.1
@@ -0,0 +1,83 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.40.9.
+.TH smbtorture "1" "May 2012" "samba test suite" "User Commands"
+.SH NAME
+smbtorture \- samba test suite.
+.SH SYNOPSIS
+.B smbtorture
+\fI//server/share <options> TEST1 TEST2 \fR...
+.SH DESCRIPTION
+smbtorture is the original samba3 test suite. It is nowadays recommended to use samba4 torture.
+.HP
+\fB\-d\fR debuglevel
+.HP
+\fB\-U\fR user%pass
+.TP
+\fB\-k\fR
+use kerberos
+.HP
+\fB\-N\fR numprocs
+.HP
+\fB\-n\fR my_netbios_name
+.HP
+\fB\-W\fR workgroup
+.HP
+\fB\-o\fR num_operations
+.HP
+\fB\-O\fR socket_options
+.HP
+\fB\-m\fR maximum protocol
+.HP
+\fB\-L\fR use oplocks
+.TP
+\fB\-c\fR CLIENT.TXT
+specify client load file for NBENCH
+.HP
+\fB\-A\fR showall
+.HP
+\fB\-p\fR port
+.HP
+\fB\-s\fR seed
+.TP
+\fB\-b\fR unclist_filename
+specify multiple shares for multiple connections
+.PP
+tests are: FDPASS LOCK1 LOCK2 LOCK3 LOCK4 LOCK5 LOCK6 LOCK7 LOCK8 LOCK9 UNLINK BROWSE ATTR TRANS2 MAXFID TORTURE RANDOMIPC NEGNOWAIT NBENCH NBENCH2 OPLOCK1 OPLOCK2 OPLOCK3 OPLOCK4 DIR DIR1 DIR\-CREATETIME DENY1 DENY2 TCON TCONDEV RW1 RW2 RW3 RW\-SIGNING OPEN POSIX POSIX\-APPEND ASYNC\-ECHO UID\-REGRESSION\-TEST SHORTNAME\-TEST ADDRCHANGE OPENATTR XCOPY RENAME DELETE DELETE\-LN PROPERTIES MANGLE MANGLE1 W2K TRANS2SCAN NTTRANSSCAN UTABLE CASETABLE ERRMAPEXTRACT PIPE_NUMBER TCON2 IOCTL CHKPATH FDSESS EATEST SESSSETUP_BENCH CHAIN1 CHAIN2 WINDOWS\-WRITE CLI_ECHO GETADDRINFO TLDAP STREAMERROR NOTIFY\-BENCH BAD\-NBT\-SESSION SMB\-ANY\-CONNECT LOCAL\-SUBSTITUTE LOCAL\-GENCACHE LOCAL\-TALLOC\-DICT LOCAL\-BASE64 LOCAL\-RBTREE LOCAL\-MEMCACHE LOCAL\-STREAM\-NAME LOCAL\-WBCLIENT LOCAL\-string_to_sid LOCAL\-binary_to_sid LOCAL\-DBTRANS LOCAL\-TEVENT\-SELECT
+default test is ALL
+.PP
+Usage: smbtorture //server/share <options> TEST1 TEST2 ...
+.HP
+\fB\-d\fR debuglevel
+.HP
+\fB\-U\fR user%pass
+.TP
+\fB\-k\fR
+use kerberos
+.HP
+\fB\-N\fR numprocs
+.HP
+\fB\-n\fR my_netbios_name
+.HP
+\fB\-W\fR workgroup
+.HP
+\fB\-o\fR num_operations
+.HP
+\fB\-O\fR socket_options
+.HP
+\fB\-m\fR maximum protocol
+.HP
+\fB\-L\fR use oplocks
+.TP
+\fB\-c\fR CLIENT.TXT
+specify client load file for NBENCH
+.HP
+\fB\-A\fR showall
+.HP
+\fB\-p\fR port
+.HP
+\fB\-s\fR seed
+.TP
+\fB\-b\fR unclist_filename
+specify multiple shares for multiple connections
+.PP
+tests are: FDPASS LOCK1 LOCK2 LOCK3 LOCK4 LOCK5 LOCK6 LOCK7 LOCK8 LOCK9 UNLINK BROWSE ATTR TRANS2 MAXFID TORTURE RANDOMIPC NEGNOWAIT NBENCH NBENCH2 OPLOCK1 OPLOCK2 OPLOCK3 OPLOCK4 DIR DIR1 DIR\-CREATETIME DENY1 DENY2 TCON TCONDEV RW1 RW2 RW3 RW\-SIGNING OPEN POSIX POSIX\-APPEND ASYNC\-ECHO UID\-REGRESSION\-TEST SHORTNAME\-TEST ADDRCHANGE OPENATTR XCOPY RENAME DELETE DELETE\-LN PROPERTIES MANGLE MANGLE1 W2K TRANS2SCAN NTTRANSSCAN UTABLE CASETABLE ERRMAPEXTRACT PIPE_NUMBER TCON2 IOCTL CHKPATH FDSESS EATEST SESSSETUP_BENCH CHAIN1 CHAIN2 WINDOWS\-WRITE CLI_ECHO GETADDRINFO TLDAP STREAMERROR NOTIFY\-BENCH BAD\-NBT\-SESSION SMB\-ANY\-CONNECT LOCAL\-SUBSTITUTE LOCAL\-GENCACHE LOCAL\-TALLOC\-DICT LOCAL\-BASE64 LOCAL\-RBTREE LOCAL\-MEMCACHE LOCAL\-STREAM\-NAME LOCAL\-WBCLIENT LOCAL\-string_to_sid LOCAL\-binary_to_sid LOCAL\-DBTRANS LOCAL\-TEVENT\-SELECT
+default test is ALL
meta-oe/recipes-connectivity/samba/samba-3.6.25/undefined-symbols.patch
-24
View File
@@ -1,24 +0,0 @@
Description: Fix missing symbols
Fix missing symbols in libsmbclient (and libnss_wins), and add
-Wl,-z,defs to the libsmbclient link options to prevent future
instances of undefined symbols.
.
This should be forwarded upstream once there's a configure test
for it.
Author: Steve Langasek <vorlon@debian.org>
Bug-Debian: http://bugs.debian.org/281181
Forwarded: no
Index: experimental/source3/Makefile.in
===================================================================
--- experimental.orig/source3/Makefile.in
+++ experimental/source3/Makefile.in
@@ -2594,7 +2594,7 @@
$(LIBSMBCLIENT_SHARED_TARGET_SONAME): $(BINARY_PREREQS) $(LIBSMBCLIENT_OBJ) $(LIBSMBCLIENT_THREAD_OBJ) $(LIBSMBCLIENT_SYMS) $(LIBTALLOC) $(LIBTEVENT) $(LIBTDB) $(LIBWBCLIENT)
@echo Linking shared library $@
- @$(SHLD_DSO) $(LIBSMBCLIENT_OBJ) $(LIBSMBCLIENT_THREAD_OBJ) \
+ @$(SHLD_DSO) -Wl,-z,defs $(LIBSMBCLIENT_OBJ) $(LIBSMBCLIENT_THREAD_OBJ) \
$(LIBTALLOC_LIBS) $(LIBTEVENT_LIBS) $(LIBTDB_LIBS) $(LIBWBCLIENT_LIBS) $(LIBS) \
$(KRB5LIBS) $(LDAP_LIBS) $(NSCD_LIBS) $(ZLIB_LIBS) $(PTHREAD_LDFLAGS) \
@SONAMEFLAG@`basename $@`
meta-oe/recipes-connectivity/samba/samba-3.6.25/usershare.patch
-38
View File
@@ -1,38 +0,0 @@
Description: Enable net usershares by default at build time
Enable net usershares by default at build time, with a limit of
100, and update the corresponding documentation.
Author: Mathias Gug <mathiaz@ubuntu.com>,
Author: Steve Langasek <vorlon@debian.org>
Bug-Debian: http://bugs.debian.org/443230
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/128548
Forwarded: not-needed
Index: experimental/docs/manpages/net.8
===================================================================
--- experimental.orig/docs/manpages/net.8
+++ experimental/docs/manpages/net.8
@@ -800,9 +800,9 @@
.RE
.SS "USERSHARE"
.PP
-Starting with version 3\&.0\&.23, a Samba server now supports the ability for non\-root users to add user defined shares to be exported using the "net usershare" commands\&.
+Starting with version 3\&.0\&.23, a Samba server now supports the ability for non\-root users to add user-defined shares to be exported using the "net usershare" commands\&.
.PP
-To set this up, first set up your smb\&.conf by adding to the [global] section: usershare path = /usr/local/samba/lib/usershares Next create the directory /usr/local/samba/lib/usershares, change the owner to root and set the group owner to the UNIX group who should have the ability to create usershares, for example a group called "serverops"\&. Set the permissions on /usr/local/samba/lib/usershares to 01770\&. (Owner and group all access, no access for others, plus the sticky bit, which means that a file in that directory can be renamed or deleted only by the owner of the file)\&. Finally, tell smbd how many usershares you will allow by adding to the [global] section of smb\&.conf a line such as : usershare max shares = 100\&. To allow 100 usershare definitions\&. Now, members of the UNIX group "serverops" can create user defined shares on demand using the commands below\&.
+Members of the UNIX group "sambashare" can create user-defined shares on demand using the commands below\&.
.PP
The usershare commands are:
.RS 4
Index: experimental/source3/param/loadparm.c
===================================================================
--- experimental.orig/source3/param/loadparm.c
+++ experimental/source3/param/loadparm.c
@@ -5461,7 +5461,7 @@
string_set(&Globals.szUsersharePath, s);
SAFE_FREE(s);
string_set(&Globals.szUsershareTemplateShare, "");
- Globals.iUsershareMaxShares = 0;
+ Globals.iUsershareMaxShares = 100;
/* By default disallow sharing of directories not owned by the sharer. */
Globals.bUsershareOwnerOnly = True;
/* By default disallow guest access to usershares. */
meta-oe/recipes-connectivity/samba/samba-3.6.25/waf-as-source.patch
-18534
View File
File diff suppressed because it is too large Load Diff
meta-oe/recipes-connectivity/samba/samba-4.1.12/00-fix-typos-in-man-pages.patch
+108
View File
@@ -0,0 +1,108 @@
From 1573638212a9733a44939a4d38a226f38dca36f1 Mon Sep 17 00:00:00 2001
From: Michele Baldessari <michele@acksyn.org>
Date: Tue, 9 Jul 2013 23:23:33 +0200
Subject: [PATCH] Fix typos in man-pages
Fix some typos in the man-pages.
Signed-off-by: Michele Baldessari <michele@acksyn.org>
Reviewed-by: Simo Sorce <idra@samba.org>
Autobuild-User(master): Simo Sorce <idra@samba.org>
Autobuild-Date(master): Wed Jul 10 16:45:07 CEST 2013 on sn-devel-104
---
docs-xml/manpages/dbwrap_tool.1.xml | 2 +-
docs-xml/manpages/idmap_autorid.8.xml | 2 +-
docs-xml/manpages/net.8.xml | 2 +-
docs-xml/manpages/pdbedit.8.xml | 2 +-
docs-xml/manpages/samba.7.xml | 2 +-
docs-xml/manpages/smbclient.1.xml | 2 +-
docs-xml/manpages/smbpasswd.5.xml | 2 +-
docs-xml/manpages/vfs_smb_traffic_analyzer.8.xml | 2 +-
8 files changed, 8 insertions(+), 8 deletions(-)
Index: samba-4.1.11/docs-xml/manpages/smbstatus.1.xml
===================================================================
--- samba-4.1.11.orig/docs-xml/manpages/smbstatus.1.xml
+++ samba-4.1.11/docs-xml/manpages/smbstatus.1.xml
@@ -137,6 +137,13 @@
</listitem>
</varlistentry>
+ <varlistentry>
+ <term>-n|--numeric</term>
+ <listitem><para>causes smbstatus to display numeric UIDs and GIDs instead of
+ resolving them to names.</para>
+ </listitem>
+ </varlistentry>
+
</variablelist>
</refsect1>
Index: samba-4.1.11/docs-xml/manpages/sharesec.1.xml
===================================================================
--- samba-4.1.11.orig/docs-xml/manpages/sharesec.1.xml
+++ samba-4.1.11/docs-xml/manpages/sharesec.1.xml
@@ -129,6 +129,13 @@
</para></listitem>
</varlistentry>
+ <varlistentry>
+ <term>-S|--setsddl=STRING</term>
+ <listitem><para>
+ Set security descriptor by providing ACL in SDDL format.
+ </para></listitem>
+ </varlistentry>
+
&stdarg.help;
&stdarg.server.debug;
&popt.common.samba;
Index: samba-4.1.11/docs-xml/build/DTD/samba.entities
===================================================================
--- samba-4.1.11.orig/docs-xml/build/DTD/samba.entities
+++ samba-4.1.11/docs-xml/build/DTD/samba.entities
@@ -270,6 +270,44 @@ file.
&popt.common.samba;
'>
+<!ENTITY stdarg.signing '
+<varlistentry>
+<term>-S|--signing on|off|required</term>
+<listitem><para>Set the client signing state.
+</para></listitem>
+</varlistentry>
+'>
+
+<!ENTITY stdarg.machinepass '
+<varlistentry>
+<term>-P|--machine-pass</term>
+<listitem><para>Use stored machine account password.
+</para></listitem>
+</varlistentry>
+'>
+
+<!ENTITY stdarg.encrypt '
+<varlistentry>
+<term>-e|--encrypt</term>
+<listitem><para>
+This command line parameter requires the remote
+server support the UNIX extensions or that the SMB3 protocol has been selected.
+Requests that the connection be encrypted. Negotiates SMB encryption using either
+SMB3 or POSIX extensions via GSSAPI. Uses the given credentials for
+the encryption negotiation (either kerberos or NTLMv1/v2 if given
+domain/username/password triple. Fails the connection if encryption
+cannot be negotiated.
+</para></listitem>
+</varlistentry>
+'>
+
+<!ENTITY stdarg.pwnthash '
+<varlistentry>
+<term>--pw-nt-hash</term>
+<listitem><para>The supplied password is the NT hash.
+</para></listitem>
+</varlistentry>
+'>
<!ENTITY stdarg.resolve.order '
<varlistentry>
meta-oe/recipes-connectivity/samba/samba-4.1.12/01-fix-force-user-sec-ads.patch
+1448
View File
File diff suppressed because it is too large Load Diff
meta-oe/recipes-connectivity/samba/samba-4.1.12/02-fix-ipv6-join.patch
+266
View File
@@ -0,0 +1,266 @@
From 168627e1877317db86471a4b0360dccd9f469aaa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
Date: Mon, 13 Jan 2014 15:59:26 +0100
Subject: [PATCH 1/2] s3-kerberos: remove print_kdc_line() completely.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Just calling print_canonical_sockaddr() is sufficient, as it already deals with
ipv6 as well. The port handling, which was only done for IPv6 (not IPv4), is
removed as well. It was pointless because it always derived the port number from
the provided address which was either a SMB (usually port 445) or LDAP
connection. No KDC will ever run on port 389 or 445 on a Windows/Samba DC.
Finally, the kerberos libraries that we support and build with, can deal with
ipv6 addresses in krb5.conf, so we no longer put the (unnecessary) burden of
resolving the DC name on the kerberos library anymore.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
---
source3/libads/kerberos.c | 73 ++++-------------------------------------------
1 file changed, 5 insertions(+), 68 deletions(-)
diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
index b026e09..ea14350 100644
--- a/source3/libads/kerberos.c
+++ b/source3/libads/kerberos.c
@@ -592,70 +592,6 @@ int kerberos_kinit_password(const char *principal,
/************************************************************************
************************************************************************/
-static char *print_kdc_line(char *mem_ctx,
- const char *prev_line,
- const struct sockaddr_storage *pss,
- const char *kdc_name)
-{
- char addr[INET6_ADDRSTRLEN];
- uint16_t port = get_sockaddr_port(pss);
-
- if (pss->ss_family == AF_INET) {
- return talloc_asprintf(mem_ctx, "%s\tkdc = %s\n",
- prev_line,
- print_canonical_sockaddr(mem_ctx, pss));
- }
-
- /*
- * IPv6 starts here
- */
-
- DEBUG(10, ("print_kdc_line: IPv6 case for kdc_name: %s, port: %d\n",
- kdc_name, port));
-
- if (port != 0 && port != DEFAULT_KRB5_PORT) {
- /* Currently for IPv6 we can't specify a non-default
- krb5 port with an address, as this requires a ':'.
- Resolve to a name. */
- char hostname[MAX_DNS_NAME_LENGTH];
- int ret = sys_getnameinfo((const struct sockaddr *)pss,
- sizeof(*pss),
- hostname, sizeof(hostname),
- NULL, 0,
- NI_NAMEREQD);
- if (ret) {
- DEBUG(0,("print_kdc_line: can't resolve name "
- "for kdc with non-default port %s. "
- "Error %s\n.",
- print_canonical_sockaddr(mem_ctx, pss),
- gai_strerror(ret)));
- return NULL;
- }
- /* Success, use host:port */
- return talloc_asprintf(mem_ctx,
- "%s\tkdc = %s:%u\n",
- prev_line,
- hostname,
- (unsigned int)port);
- }
-
- /* no krb5 lib currently supports "kdc = ipv6 address"
- * at all, so just fill in just the kdc_name if we have
- * it and let the krb5 lib figure out the appropriate
- * ipv6 address - gd */
-
- if (kdc_name) {
- return talloc_asprintf(mem_ctx, "%s\tkdc = %s\n",
- prev_line, kdc_name);
- }
-
- return talloc_asprintf(mem_ctx, "%s\tkdc = %s\n",
- prev_line,
- print_sockaddr(addr,
- sizeof(addr),
- pss));
-}
-
/************************************************************************
Create a string list of available kdc's, possibly searching by sitename.
Does DNS queries.
@@ -698,7 +634,8 @@ static char *get_kdc_ip_string(char *mem_ctx,
char *result = NULL;
struct netlogon_samlogon_response **responses = NULL;
NTSTATUS status;
- char *kdc_str = print_kdc_line(mem_ctx, "", pss, kdc_name);
+ char *kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n", "",
+ print_canonical_sockaddr(mem_ctx, pss));
if (kdc_str == NULL) {
TALLOC_FREE(frame);
@@ -788,9 +725,9 @@ static char *get_kdc_ip_string(char *mem_ctx,
}
/* Append to the string - inefficient but not done often. */
- new_kdc_str = print_kdc_line(mem_ctx, kdc_str,
- &dc_addrs[i],
- kdc_name);
+ new_kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n",
+ kdc_str,
+ print_canonical_sockaddr(mem_ctx, &dc_addrs[i]));
if (new_kdc_str == NULL) {
goto fail;
}
--
1.8.5.3
From 3edb3d4084548960f03356cf4c44a6892e6efb84 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
Date: Fri, 7 Mar 2014 14:47:31 +0100
Subject: [PATCH 2/2] s3-kerberos: remove unused kdc_name from
create_local_private_krb5_conf_for_domain().
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
---
source3/libads/kerberos.c | 10 ++++------
source3/libads/kerberos_proto.h | 3 +--
source3/libnet/libnet_join.c | 3 +--
source3/libsmb/namequery_dc.c | 6 ++----
source3/winbindd/winbindd_cm.c | 6 ++----
5 files changed, 10 insertions(+), 18 deletions(-)
diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
index ea14350..649e568 100644
--- a/source3/libads/kerberos.c
+++ b/source3/libads/kerberos.c
@@ -618,8 +618,7 @@ static void add_sockaddr_unique(struct sockaddr_storage *addrs, int *num_addrs,
static char *get_kdc_ip_string(char *mem_ctx,
const char *realm,
const char *sitename,
- const struct sockaddr_storage *pss,
- const char *kdc_name)
+ const struct sockaddr_storage *pss)
{
TALLOC_CTX *frame = talloc_stackframe();
int i;
@@ -756,8 +755,7 @@ fail:
bool create_local_private_krb5_conf_for_domain(const char *realm,
const char *domain,
const char *sitename,
- const struct sockaddr_storage *pss,
- const char *kdc_name)
+ const struct sockaddr_storage *pss)
{
char *dname;
char *tmpname = NULL;
@@ -782,7 +780,7 @@ bool create_local_private_krb5_conf_for_domain(const char *realm,
return false;
}
- if (domain == NULL || pss == NULL || kdc_name == NULL) {
+ if (domain == NULL || pss == NULL) {
return false;
}
@@ -815,7 +813,7 @@ bool create_local_private_krb5_conf_for_domain(const char *realm,
goto done;
}
- kdc_ip_string = get_kdc_ip_string(dname, realm, sitename, pss, kdc_name);
+ kdc_ip_string = get_kdc_ip_string(dname, realm, sitename, pss);
if (!kdc_ip_string) {
goto done;
}
diff --git a/source3/libads/kerberos_proto.h b/source3/libads/kerberos_proto.h
index f7470d2..2559634 100644
--- a/source3/libads/kerberos_proto.h
+++ b/source3/libads/kerberos_proto.h
@@ -62,8 +62,7 @@ int kerberos_kinit_password(const char *principal,
bool create_local_private_krb5_conf_for_domain(const char *realm,
const char *domain,
const char *sitename,
- const struct sockaddr_storage *pss,
- const char *kdc_name);
+ const struct sockaddr_storage *pss);
/* The following definitions come from libads/authdata.c */
diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
index a87eb38..68884cd 100644
--- a/source3/libnet/libnet_join.c
+++ b/source3/libnet/libnet_join.c
@@ -2152,8 +2152,7 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx,
create_local_private_krb5_conf_for_domain(
r->out.dns_domain_name, r->out.netbios_domain_name,
- NULL, smbXcli_conn_remote_sockaddr(cli->conn),
- smbXcli_conn_remote_name(cli->conn));
+ NULL, smbXcli_conn_remote_sockaddr(cli->conn));
if (r->out.domain_is_ad && r->in.account_ou &&
!(r->in.join_flags & WKSSVC_JOIN_FLAGS_JOIN_UNSECURE)) {
diff --git a/source3/libsmb/namequery_dc.c b/source3/libsmb/namequery_dc.c
index 3cfae79..eb34741 100644
--- a/source3/libsmb/namequery_dc.c
+++ b/source3/libsmb/namequery_dc.c
@@ -112,14 +112,12 @@ static bool ads_dc_name(const char *domain,
create_local_private_krb5_conf_for_domain(realm,
domain,
sitename,
- &ads->ldap.ss,
- ads->config.ldap_server_name);
+ &ads->ldap.ss);
} else {
create_local_private_krb5_conf_for_domain(realm,
domain,
NULL,
- &ads->ldap.ss,
- ads->config.ldap_server_name);
+ &ads->ldap.ss);
}
}
#endif
diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
index 669a43e..be13a57 100644
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -1233,8 +1233,7 @@ static bool dcip_to_name(TALLOC_CTX *mem_ctx,
create_local_private_krb5_conf_for_domain(domain->alt_name,
domain->name,
sitename,
- pss,
- *name);
+ pss);
SAFE_FREE(sitename);
} else {
@@ -1242,8 +1241,7 @@ static bool dcip_to_name(TALLOC_CTX *mem_ctx,
create_local_private_krb5_conf_for_domain(domain->alt_name,
domain->name,
NULL,
- pss,
- *name);
+ pss);
}
winbindd_set_locator_kdc_envs(domain);
--
1.8.5.3
meta-oe/recipes-connectivity/samba/samba-4.1.12/03-net-ads-kerberos-pac.patch
+962
View File
@@ -0,0 +1,962 @@
From 932490ae08578c37523e00e537017603ee00ce7c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
Date: Fri, 17 Jan 2014 14:29:03 +0100
Subject: [PATCH 1/8] s3-libads: pass down local_service to
kerberos_return_pac().
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
---
source3/libads/authdata.c | 6 +-----
source3/libads/kerberos_proto.h | 1 +
source3/utils/net_ads.c | 8 ++++++++
source3/winbindd/winbindd_pam.c | 9 +++++++++
4 files changed, 19 insertions(+), 5 deletions(-)
diff --git a/source3/libads/authdata.c b/source3/libads/authdata.c
index 801e551..dd80dc2 100644
--- a/source3/libads/authdata.c
+++ b/source3/libads/authdata.c
@@ -101,13 +101,13 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx,
bool add_netbios_addr,
time_t renewable_time,
const char *impersonate_princ_s,
+ const char *local_service,
struct PAC_LOGON_INFO **_logon_info)
{
krb5_error_code ret;
NTSTATUS status = NT_STATUS_INVALID_PARAMETER;
DATA_BLOB tkt, tkt_wrapped, ap_rep, sesskey1;
const char *auth_princ = NULL;
- const char *local_service = NULL;
const char *cc = "MEMORY:kerberos_return_pac";
struct auth_session_info *session_info;
struct gensec_security *gensec_server_context;
@@ -141,10 +141,6 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx,
}
NT_STATUS_HAVE_NO_MEMORY(auth_princ);
- local_service = talloc_asprintf(mem_ctx, "%s$@%s",
- lp_netbios_name(), lp_realm());
- NT_STATUS_HAVE_NO_MEMORY(local_service);
-
ret = kerberos_kinit_password_ext(auth_princ,
pass,
time_offset,
diff --git a/source3/libads/kerberos_proto.h b/source3/libads/kerberos_proto.h
index 2559634..1151d66 100644
--- a/source3/libads/kerberos_proto.h
+++ b/source3/libads/kerberos_proto.h
@@ -77,6 +77,7 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx,
bool add_netbios_addr,
time_t renewable_time,
const char *impersonate_princ_s,
+ const char *local_service,
struct PAC_LOGON_INFO **logon_info);
/* The following definitions come from libads/krb5_setpw.c */
diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
index 89eebf3..5a073b1 100644
--- a/source3/utils/net_ads.c
+++ b/source3/utils/net_ads.c
@@ -2604,6 +2604,7 @@ static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **ar
NTSTATUS status;
int ret = -1;
const char *impersonate_princ_s = NULL;
+ const char *local_service = NULL;
if (c->display_usage) {
d_printf( "%s\n"
@@ -2623,6 +2624,12 @@ static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **ar
impersonate_princ_s = argv[0];
}
+ local_service = talloc_asprintf(mem_ctx, "%s$@%s",
+ lp_netbios_name(), lp_realm());
+ if (local_service == NULL) {
+ goto out;
+ }
+
c->opt_password = net_prompt_pass(c, c->opt_user_name);
status = kerberos_return_pac(mem_ctx,
@@ -2636,6 +2643,7 @@ static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **ar
true,
2592000, /* one month */
impersonate_princ_s,
+ local_service,
&info);
if (!NT_STATUS_IS_OK(status)) {
d_printf(_("failed to query kerberos PAC: %s\n"),
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index 3f3ec70..61e2cef 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -576,6 +576,7 @@ static NTSTATUS winbindd_raw_kerberos_login(TALLOC_CTX *mem_ctx,
time_t time_offset = 0;
const char *user_ccache_file;
struct PAC_LOGON_INFO *logon_info = NULL;
+ const char *local_service;
*info3 = NULL;
@@ -632,6 +633,13 @@ static NTSTATUS winbindd_raw_kerberos_login(TALLOC_CTX *mem_ctx,
return NT_STATUS_NO_MEMORY;
}
+ local_service = talloc_asprintf(mem_ctx, "%s$@%s",
+ lp_netbios_name(), lp_realm());
+ if (local_service == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+
/* if this is a user ccache, we need to act as the user to let the krb5
* library handle the chown, etc. */
@@ -653,6 +661,7 @@ static NTSTATUS winbindd_raw_kerberos_login(TALLOC_CTX *mem_ctx,
true,
WINBINDD_PAM_AUTH_KRB5_RENEW_TIME,
NULL,
+ local_service,
&logon_info);
if (user_ccache_file != NULL) {
gain_root_privilege();
--
1.8.5.3
From baed403983a5bb2e728249443fdfc9167a87f526 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
Date: Mon, 3 Mar 2014 12:14:51 +0100
Subject: [PATCH 2/8] auth/kerberos: fix a typo.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
---
auth/kerberos/kerberos_pac.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/auth/kerberos/kerberos_pac.c b/auth/kerberos/kerberos_pac.c
index 81f7f21..8f55c8f 100644
--- a/auth/kerberos/kerberos_pac.c
+++ b/auth/kerberos/kerberos_pac.c
@@ -79,7 +79,7 @@ krb5_error_code check_pac_checksum(DATA_BLOB pac_data,
}
/**
-* @brief Decode a blob containing a NDR envoded PAC structure
+* @brief Decode a blob containing a NDR encoded PAC structure
*
* @param mem_ctx - The memory context
* @param pac_data_blob - The data blob containing the NDR encoded data
--
1.8.5.3
From 9725a86e60bb6ef6e912621e81acc955ae2f70a8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
Date: Mon, 10 Mar 2014 15:11:18 +0100
Subject: [PATCH 3/8] s3-net: change the way impersonation principals are used
in "net ads kerberos pac".
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
---
source3/utils/net_ads.c | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
index 5a073b1..ac6346f 100644
--- a/source3/utils/net_ads.c
+++ b/source3/utils/net_ads.c
@@ -2605,6 +2605,7 @@ static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **ar
int ret = -1;
const char *impersonate_princ_s = NULL;
const char *local_service = NULL;
+ int i;
if (c->display_usage) {
d_printf( "%s\n"
@@ -2615,15 +2616,20 @@ static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **ar
return 0;
}
+ for (i=0; i<argc; i++) {
+ if (strnequal(argv[i], "impersonate", strlen("impersonate"))) {
+ impersonate_princ_s = get_string_param(argv[i]);
+ if (impersonate_princ_s == NULL) {
+ return -1;
+ }
+ }
+ }
+
mem_ctx = talloc_init("net_ads_kerberos_pac");
if (!mem_ctx) {
goto out;
}
- if (argc > 0) {
- impersonate_princ_s = argv[0];
- }
-
local_service = talloc_asprintf(mem_ctx, "%s$@%s",
lp_netbios_name(), lp_realm());
if (local_service == NULL) {
--
1.8.5.3
From 35a1ed22f65473fabb2f4846f6d2b50da1847f6a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
Date: Tue, 11 Mar 2014 16:34:36 +0100
Subject: [PATCH 4/8] s3-net: allow to provide custom local_service in "net ads
kerberos pac".
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
---
source3/utils/net_ads.c | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
index ac6346f..c53c8c6 100644
--- a/source3/utils/net_ads.c
+++ b/source3/utils/net_ads.c
@@ -2623,6 +2623,12 @@ static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **ar
return -1;
}
}
+ if (strnequal(argv[i], "local_service", strlen("local_service"))) {
+ local_service = get_string_param(argv[i]);
+ if (local_service == NULL) {
+ return -1;
+ }
+ }
}
mem_ctx = talloc_init("net_ads_kerberos_pac");
@@ -2630,10 +2636,12 @@ static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **ar
goto out;
}
- local_service = talloc_asprintf(mem_ctx, "%s$@%s",
- lp_netbios_name(), lp_realm());
if (local_service == NULL) {
- goto out;
+ local_service = talloc_asprintf(mem_ctx, "%s$@%s",
+ lp_netbios_name(), lp_realm());
+ if (local_service == NULL) {
+ goto out;
+ }
}
c->opt_password = net_prompt_pass(c, c->opt_user_name);
--
1.8.5.3
From 1270e35ba70a4e4881512d375c767023512f67bd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
Date: Fri, 21 Feb 2014 18:56:04 +0100
Subject: [PATCH 5/8] s3-kerberos: return a full PAC in kerberos_return_pac().
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
---
source3/libads/authdata.c | 28 +++++++++++++++++-----------
source3/libads/kerberos_proto.h | 4 ++--
source3/utils/net_ads.c | 17 ++++++++++++++++-
source3/winbindd/winbindd_pam.c | 22 +++++++++++++++++++++-
4 files changed, 56 insertions(+), 15 deletions(-)
diff --git a/source3/libads/authdata.c b/source3/libads/authdata.c
index dd80dc2..53e40ef 100644
--- a/source3/libads/authdata.c
+++ b/source3/libads/authdata.c
@@ -52,7 +52,7 @@ static NTSTATUS kerberos_fetch_pac(struct auth4_context *auth_ctx,
struct auth_session_info **session_info)
{
TALLOC_CTX *tmp_ctx;
- struct PAC_LOGON_INFO *logon_info = NULL;
+ struct PAC_DATA *pac_data = NULL;
NTSTATUS status = NT_STATUS_INTERNAL_ERROR;
tmp_ctx = talloc_new(mem_ctx);
@@ -61,16 +61,22 @@ static NTSTATUS kerberos_fetch_pac(struct auth4_context *auth_ctx,
}
if (pac_blob) {
- status = kerberos_pac_logon_info(tmp_ctx, *pac_blob, NULL, NULL,
- NULL, NULL, 0, &logon_info);
+ status = kerberos_decode_pac(tmp_ctx,
+ *pac_blob,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ 0,
+ &pac_data);
if (!NT_STATUS_IS_OK(status)) {
goto done;
}
}
- talloc_set_name_const(logon_info, "struct PAC_LOGON_INFO");
+ talloc_set_name_const(pac_data, "struct PAC_DATA");
- auth_ctx->private_data = talloc_steal(auth_ctx, logon_info);
+ auth_ctx->private_data = talloc_steal(auth_ctx, pac_data);
*session_info = talloc_zero(mem_ctx, struct auth_session_info);
if (!*session_info) {
status = NT_STATUS_NO_MEMORY;
@@ -102,7 +108,7 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx,
time_t renewable_time,
const char *impersonate_princ_s,
const char *local_service,
- struct PAC_LOGON_INFO **_logon_info)
+ struct PAC_DATA **_pac_data)
{
krb5_error_code ret;
NTSTATUS status = NT_STATUS_INVALID_PARAMETER;
@@ -116,7 +122,7 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx,
size_t idx = 0;
struct auth4_context *auth_context;
struct loadparm_context *lp_ctx;
- struct PAC_LOGON_INFO *logon_info = NULL;
+ struct PAC_DATA *pac_data = NULL;
TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
NT_STATUS_HAVE_NO_MEMORY(tmp_ctx);
@@ -272,15 +278,15 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx,
goto out;
}
- logon_info = talloc_get_type_abort(gensec_server_context->auth_context->private_data,
- struct PAC_LOGON_INFO);
- if (logon_info == NULL) {
+ pac_data = talloc_get_type_abort(gensec_server_context->auth_context->private_data,
+ struct PAC_DATA);
+ if (pac_data == NULL) {
DEBUG(1,("no PAC\n"));
status = NT_STATUS_INVALID_PARAMETER;
goto out;
}
- *_logon_info = talloc_move(mem_ctx, &logon_info);
+ *_pac_data = talloc_move(mem_ctx, &pac_data);
out:
talloc_free(tmp_ctx);
diff --git a/source3/libads/kerberos_proto.h b/source3/libads/kerberos_proto.h
index 1151d66..b2f7486 100644
--- a/source3/libads/kerberos_proto.h
+++ b/source3/libads/kerberos_proto.h
@@ -32,7 +32,7 @@
#include "system/kerberos.h"
-struct PAC_LOGON_INFO;
+struct PAC_DATA;
#include "libads/ads_status.h"
@@ -78,7 +78,7 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx,
time_t renewable_time,
const char *impersonate_princ_s,
const char *local_service,
- struct PAC_LOGON_INFO **logon_info);
+ struct PAC_DATA **pac_data);
/* The following definitions come from libads/krb5_setpw.c */
diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
index c53c8c6..19da6da 100644
--- a/source3/utils/net_ads.c
+++ b/source3/utils/net_ads.c
@@ -2600,6 +2600,7 @@ static int net_ads_kerberos_renew(struct net_context *c, int argc, const char **
static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **argv)
{
struct PAC_LOGON_INFO *info = NULL;
+ struct PAC_DATA *pac_data = NULL;
TALLOC_CTX *mem_ctx = NULL;
NTSTATUS status;
int ret = -1;
@@ -2658,13 +2659,27 @@ static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **ar
2592000, /* one month */
impersonate_princ_s,
local_service,
- &info);
+ &pac_data);
if (!NT_STATUS_IS_OK(status)) {
d_printf(_("failed to query kerberos PAC: %s\n"),
nt_errstr(status));
goto out;
}
+ for (i=0; i < pac_data->num_buffers; i++) {
+
+ if (pac_data->buffers[i].type != PAC_TYPE_LOGON_INFO) {
+ continue;
+ }
+
+ info = pac_data->buffers[i].info->logon_info.info;
+ if (!info) {
+ goto out;
+ }
+
+ break;
+ }
+
if (info) {
const char *s;
s = NDR_PRINT_STRUCT_STRING(mem_ctx, PAC_LOGON_INFO, info);
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index 61e2cef..a8daae51 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -576,7 +576,9 @@ static NTSTATUS winbindd_raw_kerberos_login(TALLOC_CTX *mem_ctx,
time_t time_offset = 0;
const char *user_ccache_file;
struct PAC_LOGON_INFO *logon_info = NULL;
+ struct PAC_DATA *pac_data = NULL;
const char *local_service;
+ int i;
*info3 = NULL;
@@ -662,7 +664,7 @@ static NTSTATUS winbindd_raw_kerberos_login(TALLOC_CTX *mem_ctx,
WINBINDD_PAM_AUTH_KRB5_RENEW_TIME,
NULL,
local_service,
- &logon_info);
+ &pac_data);
if (user_ccache_file != NULL) {
gain_root_privilege();
}
@@ -673,6 +675,24 @@ static NTSTATUS winbindd_raw_kerberos_login(TALLOC_CTX *mem_ctx,
goto failed;
}
+ if (pac_data == NULL) {
+ goto failed;
+ }
+
+ for (i=0; i < pac_data->num_buffers; i++) {
+
+ if (pac_data->buffers[i].type != PAC_TYPE_LOGON_INFO) {
+ continue;
+ }
+
+ logon_info = pac_data->buffers[i].info->logon_info.info;
+ if (!logon_info) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ break;
+ }
+
*info3 = &logon_info->info3;
DEBUG(10,("winbindd_raw_kerberos_login: winbindd validated ticket of %s\n",
--
1.8.5.3
From a8c2807a26d2f1ff094ed7ea5724c0394f79b888 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
Date: Tue, 11 Mar 2014 18:07:11 +0100
Subject: [PATCH 6/8] s3-kerberos: let kerberos_return_pac() return a PAC
container.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
---
source3/libads/authdata.c | 29 +++++++++++++++++++++--------
source3/libads/kerberos_proto.h | 7 ++++++-
source3/utils/net_ads.c | 5 ++++-
source3/winbindd/winbindd_pam.c | 8 +++++++-
4 files changed, 38 insertions(+), 11 deletions(-)
diff --git a/source3/libads/authdata.c b/source3/libads/authdata.c
index 53e40ef..276408d 100644
--- a/source3/libads/authdata.c
+++ b/source3/libads/authdata.c
@@ -53,6 +53,7 @@ static NTSTATUS kerberos_fetch_pac(struct auth4_context *auth_ctx,
{
TALLOC_CTX *tmp_ctx;
struct PAC_DATA *pac_data = NULL;
+ struct PAC_DATA_CTR *pac_data_ctr = NULL;
NTSTATUS status = NT_STATUS_INTERNAL_ERROR;
tmp_ctx = talloc_new(mem_ctx);
@@ -74,9 +75,21 @@ static NTSTATUS kerberos_fetch_pac(struct auth4_context *auth_ctx,
}
}
- talloc_set_name_const(pac_data, "struct PAC_DATA");
+ pac_data_ctr = talloc(mem_ctx, struct PAC_DATA_CTR);
+ if (pac_data_ctr == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
+
+ talloc_set_name_const(pac_data_ctr, "struct PAC_DATA_CTR");
+
+ pac_data_ctr->pac_data = talloc_steal(pac_data_ctr, pac_data);
+ pac_data_ctr->pac_blob = data_blob_talloc(pac_data_ctr,
+ pac_blob->data,
+ pac_blob->length);
+
+ auth_ctx->private_data = talloc_steal(auth_ctx, pac_data_ctr);
- auth_ctx->private_data = talloc_steal(auth_ctx, pac_data);
*session_info = talloc_zero(mem_ctx, struct auth_session_info);
if (!*session_info) {
status = NT_STATUS_NO_MEMORY;
@@ -108,7 +121,7 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx,
time_t renewable_time,
const char *impersonate_princ_s,
const char *local_service,
- struct PAC_DATA **_pac_data)
+ struct PAC_DATA_CTR **_pac_data_ctr)
{
krb5_error_code ret;
NTSTATUS status = NT_STATUS_INVALID_PARAMETER;
@@ -122,7 +135,7 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx,
size_t idx = 0;
struct auth4_context *auth_context;
struct loadparm_context *lp_ctx;
- struct PAC_DATA *pac_data = NULL;
+ struct PAC_DATA_CTR *pac_data_ctr = NULL;
TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
NT_STATUS_HAVE_NO_MEMORY(tmp_ctx);
@@ -278,15 +291,15 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx,
goto out;
}
- pac_data = talloc_get_type_abort(gensec_server_context->auth_context->private_data,
- struct PAC_DATA);
- if (pac_data == NULL) {
+ pac_data_ctr = talloc_get_type_abort(gensec_server_context->auth_context->private_data,
+ struct PAC_DATA_CTR);
+ if (pac_data_ctr == NULL) {
DEBUG(1,("no PAC\n"));
status = NT_STATUS_INVALID_PARAMETER;
goto out;
}
- *_pac_data = talloc_move(mem_ctx, &pac_data);
+ *_pac_data_ctr = talloc_move(mem_ctx, &pac_data_ctr);
out:
talloc_free(tmp_ctx);
diff --git a/source3/libads/kerberos_proto.h b/source3/libads/kerberos_proto.h
index b2f7486..3d0ad4b 100644
--- a/source3/libads/kerberos_proto.h
+++ b/source3/libads/kerberos_proto.h
@@ -34,6 +34,11 @@
struct PAC_DATA;
+struct PAC_DATA_CTR {
+ DATA_BLOB pac_blob;
+ struct PAC_DATA *pac_data;
+};
+
#include "libads/ads_status.h"
/* The following definitions come from libads/kerberos.c */
@@ -78,7 +83,7 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx,
time_t renewable_time,
const char *impersonate_princ_s,
const char *local_service,
- struct PAC_DATA **pac_data);
+ struct PAC_DATA_CTR **pac_data_ctr);
/* The following definitions come from libads/krb5_setpw.c */
diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
index 19da6da..19c28b1 100644
--- a/source3/utils/net_ads.c
+++ b/source3/utils/net_ads.c
@@ -2601,6 +2601,7 @@ static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **ar
{
struct PAC_LOGON_INFO *info = NULL;
struct PAC_DATA *pac_data = NULL;
+ struct PAC_DATA_CTR *pac_data_ctr = NULL;
TALLOC_CTX *mem_ctx = NULL;
NTSTATUS status;
int ret = -1;
@@ -2659,13 +2660,15 @@ static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **ar
2592000, /* one month */
impersonate_princ_s,
local_service,
- &pac_data);
+ &pac_data_ctr);
if (!NT_STATUS_IS_OK(status)) {
d_printf(_("failed to query kerberos PAC: %s\n"),
nt_errstr(status));
goto out;
}
+ pac_data = pac_data_ctr->pac_data;
+
for (i=0; i < pac_data->num_buffers; i++) {
if (pac_data->buffers[i].type != PAC_TYPE_LOGON_INFO) {
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index a8daae51..b41291e 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -577,6 +577,7 @@ static NTSTATUS winbindd_raw_kerberos_login(TALLOC_CTX *mem_ctx,
const char *user_ccache_file;
struct PAC_LOGON_INFO *logon_info = NULL;
struct PAC_DATA *pac_data = NULL;
+ struct PAC_DATA_CTR *pac_data_ctr = NULL;
const char *local_service;
int i;
@@ -664,7 +665,7 @@ static NTSTATUS winbindd_raw_kerberos_login(TALLOC_CTX *mem_ctx,
WINBINDD_PAM_AUTH_KRB5_RENEW_TIME,
NULL,
local_service,
- &pac_data);
+ &pac_data_ctr);
if (user_ccache_file != NULL) {
gain_root_privilege();
}
@@ -675,6 +676,11 @@ static NTSTATUS winbindd_raw_kerberos_login(TALLOC_CTX *mem_ctx,
goto failed;
}
+ if (pac_data_ctr == NULL) {
+ goto failed;
+ }
+
+ pac_data = pac_data_ctr->pac_data;
if (pac_data == NULL) {
goto failed;
}
--
1.8.5.3
From 9e01f3cbc4752539128e5452f567ff2e73c3ec9d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
Date: Tue, 11 Mar 2014 18:14:39 +0100
Subject: [PATCH 7/8] s3-net: modify the current "net ads kerberos pac"
command.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Rename it to "net ads kerberos pac dump" and add a "type=num" option to allow
dumping of individial pac buffer types. Ommitting type= or using type=0 will
dump the whole PAC structure on stdout.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
---
source3/utils/net_ads.c | 115 ++++++++++++++++++++++++++++++++----------------
1 file changed, 77 insertions(+), 38 deletions(-)
diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
index 19c28b1..f54cf23 100644
--- a/source3/utils/net_ads.c
+++ b/source3/utils/net_ads.c
@@ -2597,27 +2597,15 @@ static int net_ads_kerberos_renew(struct net_context *c, int argc, const char **
return ret;
}
-static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **argv)
+static int net_ads_kerberos_pac_common(struct net_context *c, int argc, const char **argv,
+ struct PAC_DATA_CTR **pac_data_ctr)
{
- struct PAC_LOGON_INFO *info = NULL;
- struct PAC_DATA *pac_data = NULL;
- struct PAC_DATA_CTR *pac_data_ctr = NULL;
- TALLOC_CTX *mem_ctx = NULL;
NTSTATUS status;
int ret = -1;
const char *impersonate_princ_s = NULL;
const char *local_service = NULL;
int i;
- if (c->display_usage) {
- d_printf( "%s\n"
- "net ads kerberos pac [impersonation_principal]\n"
- " %s\n",
- _("Usage:"),
- _("Dump the Kerberos PAC"));
- return 0;
- }
-
for (i=0; i<argc; i++) {
if (strnequal(argv[i], "impersonate", strlen("impersonate"))) {
impersonate_princ_s = get_string_param(argv[i]);
@@ -2633,13 +2621,8 @@ static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **ar
}
}
- mem_ctx = talloc_init("net_ads_kerberos_pac");
- if (!mem_ctx) {
- goto out;
- }
-
if (local_service == NULL) {
- local_service = talloc_asprintf(mem_ctx, "%s$@%s",
+ local_service = talloc_asprintf(c, "%s$@%s",
lp_netbios_name(), lp_realm());
if (local_service == NULL) {
goto out;
@@ -2648,7 +2631,7 @@ static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **ar
c->opt_password = net_prompt_pass(c, c->opt_user_name);
- status = kerberos_return_pac(mem_ctx,
+ status = kerberos_return_pac(c,
c->opt_user_name,
c->opt_password,
0,
@@ -2660,39 +2643,95 @@ static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **ar
2592000, /* one month */
impersonate_princ_s,
local_service,
- &pac_data_ctr);
+ pac_data_ctr);
if (!NT_STATUS_IS_OK(status)) {
d_printf(_("failed to query kerberos PAC: %s\n"),
nt_errstr(status));
goto out;
}
- pac_data = pac_data_ctr->pac_data;
+ ret = 0;
+ out:
+ return ret;
+}
- for (i=0; i < pac_data->num_buffers; i++) {
+static int net_ads_kerberos_pac_dump(struct net_context *c, int argc, const char **argv)
+{
+ struct PAC_DATA_CTR *pac_data_ctr = NULL;
+ int i;
+ int ret = -1;
+ enum PAC_TYPE type = 0;
- if (pac_data->buffers[i].type != PAC_TYPE_LOGON_INFO) {
- continue;
+ if (c->display_usage) {
+ d_printf( "%s\n"
+ "net ads kerberos pac dump [impersonate=string] [local_service=string] [pac_buffer_type=int]\n"
+ " %s\n",
+ _("Usage:"),
+ _("Dump the Kerberos PAC"));
+ return -1;
+ }
+
+ for (i=0; i<argc; i++) {
+ if (strnequal(argv[i], "pac_buffer_type", strlen("pac_buffer_type"))) {
+ type = get_int_param(argv[i]);
}
+ }
- info = pac_data->buffers[i].info->logon_info.info;
- if (!info) {
- goto out;
+ ret = net_ads_kerberos_pac_common(c, argc, argv, &pac_data_ctr);
+ if (ret) {
+ return ret;
+ }
+
+ if (type == 0) {
+
+ char *s = NULL;
+
+ s = NDR_PRINT_STRUCT_STRING(c, PAC_DATA,
+ pac_data_ctr->pac_data);
+ if (s != NULL) {
+ d_printf(_("The Pac: %s\n"), s);
+ talloc_free(s);
}
- break;
+ return 0;
}
- if (info) {
- const char *s;
- s = NDR_PRINT_STRUCT_STRING(mem_ctx, PAC_LOGON_INFO, info);
- d_printf(_("The Pac: %s\n"), s);
+ for (i=0; i < pac_data_ctr->pac_data->num_buffers; i++) {
+
+ char *s = NULL;
+
+ if (pac_data_ctr->pac_data->buffers[i].type != type) {
+ continue;
+ }
+
+ s = NDR_PRINT_UNION_STRING(c, PAC_INFO, type,
+ pac_data_ctr->pac_data->buffers[i].info);
+ if (s != NULL) {
+ d_printf(_("The Pac: %s\n"), s);
+ talloc_free(s);
+ }
+ break;
}
- ret = 0;
- out:
- TALLOC_FREE(mem_ctx);
- return ret;
+ return 0;
+}
+
+static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **argv)
+{
+ struct functable func[] = {
+ {
+ "dump",
+ net_ads_kerberos_pac_dump,
+ NET_TRANSPORT_ADS,
+ N_("Dump Kerberos PAC"),
+ N_("net ads kerberos pac dump\n"
+ " Dump a Kerberos PAC to stdout")
+ },
+
+ {NULL, NULL, 0, NULL, NULL}
+ };
+
+ return net_run_function(c, argc, argv, "net ads kerberos pac", func);
}
static int net_ads_kerberos_kinit(struct net_context *c, int argc, const char **argv)
--
1.8.5.3
From 91ceace4ee8fd141cac5dbe5282bed141c38bee7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
Date: Tue, 11 Mar 2014 18:16:40 +0100
Subject: [PATCH 8/8] s3-net: add a new "net ads kerberos pac save" tool.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Use "filename=string" to define a file where to save the unencrypted PAC to.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
---
source3/utils/net_ads.c | 52 +++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 52 insertions(+)
diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
index f54cf23..8b8e719 100644
--- a/source3/utils/net_ads.c
+++ b/source3/utils/net_ads.c
@@ -2716,6 +2716,50 @@ static int net_ads_kerberos_pac_dump(struct net_context *c, int argc, const char
return 0;
}
+static int net_ads_kerberos_pac_save(struct net_context *c, int argc, const char **argv)
+{
+ struct PAC_DATA_CTR *pac_data_ctr = NULL;
+ char *filename = NULL;
+ int ret = -1;
+ int i;
+
+ if (c->display_usage) {
+ d_printf( "%s\n"
+ "net ads kerberos pac save [impersonate=string] [local_service=string] [filename=string]\n"
+ " %s\n",
+ _("Usage:"),
+ _("Save the Kerberos PAC"));
+ return -1;
+ }
+
+ for (i=0; i<argc; i++) {
+ if (strnequal(argv[i], "filename", strlen("filename"))) {
+ filename = get_string_param(argv[i]);
+ if (filename == NULL) {
+ return -1;
+ }
+ }
+ }
+
+ ret = net_ads_kerberos_pac_common(c, argc, argv, &pac_data_ctr);
+ if (ret) {
+ return ret;
+ }
+
+ if (filename == NULL) {
+ d_printf(_("please define \"filename=<filename>\" to save the PAC\n"));
+ return -1;
+ }
+
+ /* save the raw format */
+ if (!file_save(filename, pac_data_ctr->pac_blob.data, pac_data_ctr->pac_blob.length)) {
+ d_printf(_("failed to save PAC in %s\n"), filename);
+ return -1;
+ }
+
+ return 0;
+}
+
static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **argv)
{
struct functable func[] = {
@@ -2727,6 +2771,14 @@ static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **ar
N_("net ads kerberos pac dump\n"
" Dump a Kerberos PAC to stdout")
},
+ {
+ "save",
+ net_ads_kerberos_pac_save,
+ NET_TRANSPORT_ADS,
+ N_("Save Kerberos PAC"),
+ N_("net ads kerberos pac save\n"
+ " Save a Kerberos PAC in a file")
+ },
{NULL, NULL, 0, NULL, NULL}
};
--
1.8.5.3
meta-oe/recipes-connectivity/samba/samba-4.1.12/04-ipv6-workaround.patch
+211
View File
@@ -0,0 +1,211 @@
From 942dedb71437cd89932a7f39ca73d65c09aa59be Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
Date: Wed, 2 Apr 2014 19:37:34 +0200
Subject: [PATCH] s3-kerberos: make ipv6 support for generated krb5 config
files more robust.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Older MIT Kerberos libraries will add any secondary ipv6 address as
ipv4 address, defining the (default) krb5 port 88 circumvents that.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
---
source3/libads/kerberos.c | 29 +++++++++++++++++++++++++++--
1 file changed, 27 insertions(+), 2 deletions(-)
diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
index 649e568..f3c23ea 100644
--- a/source3/libads/kerberos.c
+++ b/source3/libads/kerberos.c
@@ -615,6 +615,31 @@ static void add_sockaddr_unique(struct sockaddr_storage *addrs, int *num_addrs,
*num_addrs += 1;
}
+/* print_canonical_sockaddr prints an ipv6 addr in the form of
+* [ipv6.addr]. This string, when put in a generated krb5.conf file is not
+* always properly dealt with by some older krb5 libraries. Adding the hard-coded
+* portnumber workarounds the issue. - gd */
+
+static char *print_canonical_sockaddr_with_port(TALLOC_CTX *mem_ctx,
+ const struct sockaddr_storage *pss)
+{
+ char *str = NULL;
+
+ str = print_canonical_sockaddr(mem_ctx, pss);
+ if (str == NULL) {
+ return NULL;
+ }
+
+ if (pss->ss_family != AF_INET6) {
+ return str;
+ }
+
+#if defined(HAVE_IPV6)
+ str = talloc_asprintf_append(str, ":88");
+#endif
+ return str;
+}
+
static char *get_kdc_ip_string(char *mem_ctx,
const char *realm,
const char *sitename,
@@ -634,7 +659,7 @@ static char *get_kdc_ip_string(char *mem_ctx,
struct netlogon_samlogon_response **responses = NULL;
NTSTATUS status;
char *kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n", "",
- print_canonical_sockaddr(mem_ctx, pss));
+ print_canonical_sockaddr_with_port(mem_ctx, pss));
if (kdc_str == NULL) {
TALLOC_FREE(frame);
@@ -726,7 +751,7 @@ static char *get_kdc_ip_string(char *mem_ctx,
/* Append to the string - inefficient but not done often. */
new_kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n",
kdc_str,
- print_canonical_sockaddr(mem_ctx, &dc_addrs[i]));
+ print_canonical_sockaddr_with_port(mem_ctx, &dc_addrs[i]));
if (new_kdc_str == NULL) {
goto fail;
}
--
1.9.0
From 60db71015f84dd242be889576d85ccd5c6a1f73b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
Date: Wed, 16 Apr 2014 16:07:14 +0200
Subject: [PATCH] s3-libads: allow ads_try_connect() to re-use a resolved ip
address.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Pass down a struct sockaddr_storage to ads_try_connect.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Thu Apr 17 19:56:16 CEST 2014 on sn-devel-104
---
source3/libads/ldap.c | 44 ++++++++++++++++++++++++++------------------
1 file changed, 26 insertions(+), 18 deletions(-)
diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
index d9bb8e2..8fed8fd 100644
--- a/source3/libads/ldap.c
+++ b/source3/libads/ldap.c
@@ -228,33 +228,27 @@ bool ads_closest_dc(ADS_STRUCT *ads)
try a connection to a given ldap server, returning True and setting the servers IP
in the ads struct if successful
*/
-static bool ads_try_connect(ADS_STRUCT *ads, const char *server, bool gc)
+static bool ads_try_connect(ADS_STRUCT *ads, bool gc,
+ struct sockaddr_storage *ss)
{
struct NETLOGON_SAM_LOGON_RESPONSE_EX cldap_reply;
TALLOC_CTX *frame = talloc_stackframe();
bool ret = false;
- struct sockaddr_storage ss;
char addr[INET6_ADDRSTRLEN];
- if (!server || !*server) {
+ if (ss == NULL) {
TALLOC_FREE(frame);
return False;
}
- if (!resolve_name(server, &ss, 0x20, true)) {
- DEBUG(5,("ads_try_connect: unable to resolve name %s\n",
- server ));
- TALLOC_FREE(frame);
- return false;
- }
- print_sockaddr(addr, sizeof(addr), &ss);
+ print_sockaddr(addr, sizeof(addr), ss);
DEBUG(5,("ads_try_connect: sending CLDAP request to %s (realm: %s)\n",
addr, ads->server.realm));
ZERO_STRUCT( cldap_reply );
- if ( !ads_cldap_netlogon_5(frame, &ss, ads->server.realm, &cldap_reply ) ) {
+ if ( !ads_cldap_netlogon_5(frame, ss, ads->server.realm, &cldap_reply ) ) {
DEBUG(3,("ads_try_connect: CLDAP request %s failed.\n", addr));
ret = false;
goto out;
@@ -298,7 +292,7 @@ static bool ads_try_connect(ADS_STRUCT *ads, const char *server, bool gc)
ads->server.workgroup = SMB_STRDUP(cldap_reply.domain_name);
ads->ldap.port = gc ? LDAP_GC_PORT : LDAP_PORT;
- ads->ldap.ss = ss;
+ ads->ldap.ss = *ss;
/* Store our site name. */
sitename_store( cldap_reply.domain_name, cldap_reply.client_site);
@@ -330,6 +324,7 @@ static NTSTATUS ads_find_dc(ADS_STRUCT *ads)
bool use_own_domain = False;
char *sitename;
NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
+ bool ok = false;
/* if the realm and workgroup are both empty, assume they are ours */
@@ -384,12 +379,14 @@ static NTSTATUS ads_find_dc(ADS_STRUCT *ads)
DEBUG(6,("ads_find_dc: (ldap) looking for %s '%s'\n",
(got_realm ? "realm" : "domain"), realm));
- if (get_dc_name(domain, realm, srv_name, &ip_out)) {
+ ok = get_dc_name(domain, realm, srv_name, &ip_out);
+ if (ok) {
/*
* we call ads_try_connect() to fill in the
* ads->config details
*/
- if (ads_try_connect(ads, srv_name, false)) {
+ ok = ads_try_connect(ads, false, &ip_out);
+ if (ok) {
return NT_STATUS_OK;
}
}
@@ -445,7 +442,8 @@ static NTSTATUS ads_find_dc(ADS_STRUCT *ads)
}
}
- if ( ads_try_connect(ads, server, false) ) {
+ ok = ads_try_connect(ads, false, &ip_list[i].ss);
+ if (ok) {
SAFE_FREE(ip_list);
SAFE_FREE(sitename);
return NT_STATUS_OK;
@@ -630,9 +628,19 @@ ADS_STATUS ads_connect(ADS_STRUCT *ads)
TALLOC_FREE(s);
}
- if (ads->server.ldap_server)
- {
- if (ads_try_connect(ads, ads->server.ldap_server, ads->server.gc)) {
+ if (ads->server.ldap_server) {
+ bool ok = false;
+ struct sockaddr_storage ss;
+
+ ok = resolve_name(ads->server.ldap_server, &ss, 0x20, true);
+ if (!ok) {
+ DEBUG(5,("ads_connect: unable to resolve name %s\n",
+ ads->server.ldap_server));
+ status = ADS_ERROR_NT(NT_STATUS_NOT_FOUND);
+ goto out;
+ }
+ ok = ads_try_connect(ads, ads->server.gc, &ss);
+ if (ok) {
goto got_connection;
}
--
1.9.0
meta-oe/recipes-connectivity/samba/samba-4.1.12/05-fix-gecos-field-with-samlogon.patch
+29894
View File
File diff suppressed because it is too large Load Diff
meta-oe/recipes-connectivity/samba/samba-4.1.12/06-fix-nmbd-systemd-status-update.patch
+97
View File
@@ -0,0 +1,97 @@
From f73c906237aa0c9d45900d69d31c9b39261f062a Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Tue, 16 Sep 2014 18:02:30 +0200
Subject: [PATCH 1/2] lib: Add daemon_status() to util library.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10816
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit 9f5f5fa8ebf845c53b7a92557d7aec56ed820320)
---
lib/util/become_daemon.c | 11 +++++++++++
lib/util/samba_util.h | 6 ++++++
2 files changed, 17 insertions(+)
diff --git a/lib/util/become_daemon.c b/lib/util/become_daemon.c
index 35c8b32..688bedd 100644
--- a/lib/util/become_daemon.c
+++ b/lib/util/become_daemon.c
@@ -135,3 +135,14 @@ _PUBLIC_ void daemon_ready(const char *daemon)
#endif
DEBUG(0, ("STATUS=daemon '%s' finished starting up and ready to serve connections", daemon));
}
+
+_PUBLIC_ void daemon_status(const char *name, const char *msg)
+{
+ if (name == NULL) {
+ name = "Samba";
+ }
+#ifdef HAVE_SYSTEMD
+ sd_notifyf(0, "\nSTATUS=%s: %s", name, msg);
+#endif
+ DEBUG(0, ("STATUS=daemon '%s' : %s", name, msg));
+}
diff --git a/lib/util/samba_util.h b/lib/util/samba_util.h
index e3fe6a6..f4216d8 100644
--- a/lib/util/samba_util.h
+++ b/lib/util/samba_util.h
@@ -853,6 +853,12 @@ _PUBLIC_ void exit_daemon(const char *msg, int error);
**/
_PUBLIC_ void daemon_ready(const char *daemon);
+/*
+ * Report the daemon status. For example if it is not ready to serve connections
+ * and is waiting for some event to happen.
+ */
+_PUBLIC_ void daemon_status(const char *name, const char *msg);
+
/**
* @brief Get a password from the console.
*
--
2.1.0
From 7fcd74039961fa0fb02934bc87ce41fd98234f1a Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Tue, 16 Sep 2014 18:03:51 +0200
Subject: [PATCH 2/2] nmbd: Send waiting status to systemd.
This tells the Administrator what's going on and we should log that IPv6
is not supported.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10816
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Sep 17 13:16:43 CEST 2014 on sn-devel-104
(cherry picked from commit 2df601bff0d949e66c79366b8248b9d950c0b430)
---
source3/nmbd/nmbd_subnetdb.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/source3/nmbd/nmbd_subnetdb.c b/source3/nmbd/nmbd_subnetdb.c
index 311a240..6c483af 100644
--- a/source3/nmbd/nmbd_subnetdb.c
+++ b/source3/nmbd/nmbd_subnetdb.c
@@ -247,8 +247,11 @@ bool create_subnets(void)
/* Only count IPv4, non-loopback interfaces. */
if (iface_count_v4_nl() == 0) {
- DEBUG(0,("create_subnets: No local IPv4 non-loopback interfaces !\n"));
- DEBUG(0,("create_subnets: Waiting for an interface to appear ...\n"));
+ daemon_status("nmbd",
+ "No local IPv4 non-loopback interfaces "
+ "available, waiting for interface ...");
+ DEBUG(0,("NOTE: NetBIOS name resolution is not supported for "
+ "Internet Protocol Version 6 (IPv6).\n"));
}
/* We only count IPv4, non-loopback interfaces here. */
--
2.1.0
meta-oe/recipes-connectivity/samba/samba-4.1.12/07-fix-idmap-ad-getgroups-without-gid.patch
+42
View File
@@ -0,0 +1,42 @@
From 23dfa2e35bec9c0f6c3d579e7dc2e1d0ce636aa2 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Fri, 19 Sep 2014 13:33:10 +0200
Subject: [PATCH] nsswitch: Skip groups we were not able to map.
If we have configured the idmap_ad backend it is possible that the user
is in a group without a gid set. This will result in (uid_t)-1 as the
gid. We return this invalid gid to NSS which is wrong.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10824
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Fri Sep 19 17:57:14 CEST 2014 on sn-devel-104
(cherry picked from commit 7f59711f076e98ece099f6b38ff6da8c80fa6d5e)
Signed-off-by: Andreas Schneider <asn@samba.org>
---
nsswitch/winbind_nss_linux.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/nsswitch/winbind_nss_linux.c b/nsswitch/winbind_nss_linux.c
index 8d66a74..70ede3e 100644
--- a/nsswitch/winbind_nss_linux.c
+++ b/nsswitch/winbind_nss_linux.c
@@ -1101,6 +1101,11 @@ _nss_winbind_initgroups_dyn(char *user, gid_t group, long int *start,
continue;
}
+ /* Skip groups without a mapping */
+ if (gid_list[i] == (uid_t)-1) {
+ continue;
+ }
+
/* Filled buffer ? If so, resize. */
if (*start == *size) {
--
2.1.0
meta-oe/recipes-connectivity/samba/samba-4.1.12/08-fix-idmap-ad-sfu-with-trusted-domains.patch
+44
View File
@@ -0,0 +1,44 @@
From dc6b86b93c8f059b0cc96c364ffad05c88b7d92e Mon Sep 17 00:00:00 2001
From: Christof Schmitt <cs@samba.org>
Date: Fri, 22 Aug 2014 09:15:59 -0700
Subject: [PATCH] s3-winbindd: Use correct realm for trusted domains in idmap child
When authenticating users in a trusted domain, the idmap_ad module
always connects to a local DC instead of one in the trusted domain.
Fix this by passing the correct realm to connect to.
Also Comment parameters passed to ads_cached_connection_connect
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit c203c722e7e22f9146f2ecf6f42452c0e82042e4)
---
source3/winbindd/winbindd_ads.c | 11 +++++++++--
1 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c
index 4c26389..e47613e 100644
--- a/source3/winbindd/winbindd_ads.c
+++ b/source3/winbindd/winbindd_ads.c
@@ -187,8 +187,15 @@ ADS_STATUS ads_idmap_cached_connection(ADS_STRUCT **adsp, const char *dom_name)
}
}
- status = ads_cached_connection_connect(adsp, realm, dom_name, ldap_server,
- password, realm, 0);
+ status = ads_cached_connection_connect(
+ adsp, /* Returns ads struct. */
+ wb_dom->alt_name, /* realm to connect to. */
+ dom_name, /* 'workgroup' name for ads_init */
+ ldap_server, /* DNS name to connect to. */
+ password, /* password for auth realm. */
+ realm, /* realm used for krb5 ticket. */
+ 0); /* renewable ticket time. */
+
SAFE_FREE(realm);
return status;
--
1.7.1
meta-oe/recipes-connectivity/samba/samba-4.1.12/09-fix-smbclient-echo-cmd-segfault.patch
+35
View File
@@ -0,0 +1,35 @@
From 0aab8ae3c137e5900d22160555bcef57cd62ca21 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Wed, 17 Sep 2014 15:17:50 +0200
Subject: [PATCH 2/2] libcli: Fix a segfault calling smbXcli_req_set_pending()
on NULL.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10817
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Sep 23 04:23:05 CEST 2014 on sn-devel-104
(cherry picked from commit f92086f4a347dcc8fa948aa2614a2c12f1115e5a)
Signed-off-by: Andreas Schneider <asn@samba.org>
---
libcli/smb/smb1cli_echo.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/libcli/smb/smb1cli_echo.c b/libcli/smb/smb1cli_echo.c
index 4fb7c60..10dff2d 100644
--- a/libcli/smb/smb1cli_echo.c
+++ b/libcli/smb/smb1cli_echo.c
@@ -96,7 +96,6 @@ static void smb1cli_echo_done(struct tevent_req *subreq)
NULL, /* pbytes_offset */
NULL, /* pinbuf */
expected, ARRAY_SIZE(expected));
- TALLOC_FREE(subreq);
if (!NT_STATUS_IS_OK(status)) {
tevent_req_nterror(req, status);
return;
--
2.1.0
meta-oe/recipes-connectivity/samba/samba-4.1.12/10-improve-service-principal-guessing-in-net.patch
+180
View File
@@ -0,0 +1,180 @@
From 579901faf787d8d787c978324bdec87c349e3d9b Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Tue, 23 Sep 2014 14:09:41 +0200
Subject: [PATCH] s3-libads: Improve service principle guessing.
If the name passed to the net command with the -S options is the long
hostname of the domaincontroller and not the 15 char NetBIOS name we
should construct a FQDN with the realm to get a Kerberos ticket.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10829
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit 83c62bd3f5945bbe295cbfbd153736d4c709b3a6)
---
source3/libads/sasl.c | 124 +++++++++++++++++++++++++++-----------------------
1 file changed, 66 insertions(+), 58 deletions(-)
diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c
index 33f4e24..1450ff1 100644
--- a/source3/libads/sasl.c
+++ b/source3/libads/sasl.c
@@ -714,88 +714,96 @@ static void ads_free_service_principal(struct ads_service_principal *p)
static ADS_STATUS ads_guess_service_principal(ADS_STRUCT *ads,
char **returned_principal)
{
+ ADS_STATUS status = ADS_ERROR(LDAP_NO_MEMORY);
char *princ = NULL;
+ TALLOC_CTX *frame;
+ char *server = NULL;
+ char *realm = NULL;
+ int rc;
- if (ads->server.realm && ads->server.ldap_server) {
- char *server, *server_realm;
-
- server = SMB_STRDUP(ads->server.ldap_server);
- server_realm = SMB_STRDUP(ads->server.realm);
-
- if (!server || !server_realm) {
- SAFE_FREE(server);
- SAFE_FREE(server_realm);
- return ADS_ERROR(LDAP_NO_MEMORY);
- }
+ frame = talloc_stackframe();
+ if (frame == NULL) {
+ return ADS_ERROR(LDAP_NO_MEMORY);
+ }
- if (!strlower_m(server)) {
- SAFE_FREE(server);
- SAFE_FREE(server_realm);
- return ADS_ERROR(LDAP_NO_MEMORY);
+ if (ads->server.realm && ads->server.ldap_server) {
+ server = strlower_talloc(frame, ads->server.ldap_server);
+ if (server == NULL) {
+ goto out;
}
- if (!strupper_m(server_realm)) {
- SAFE_FREE(server);
- SAFE_FREE(server_realm);
- return ADS_ERROR(LDAP_NO_MEMORY);
+ realm = strupper_talloc(frame, ads->server.realm);
+ if (realm == NULL) {
+ goto out;
}
- if (asprintf(&princ, "ldap/%s@%s", server, server_realm) == -1) {
- SAFE_FREE(server);
- SAFE_FREE(server_realm);
- return ADS_ERROR(LDAP_NO_MEMORY);
- }
+ /*
+ * If we got a name which is bigger than a NetBIOS name,
+ * but isn't a FQDN, create one.
+ */
+ if (strlen(server) > 15 && strstr(server, ".") == NULL) {
+ char *dnsdomain;
- SAFE_FREE(server);
- SAFE_FREE(server_realm);
+ dnsdomain = strlower_talloc(frame, ads->server.realm);
+ if (dnsdomain == NULL) {
+ goto out;
+ }
- if (!princ) {
- return ADS_ERROR(LDAP_NO_MEMORY);
+ server = talloc_asprintf(frame,
+ "%s.%s",
+ server, dnsdomain);
+ if (server == NULL) {
+ goto out;
+ }
}
} else if (ads->config.realm && ads->config.ldap_server_name) {
- char *server, *server_realm;
-
- server = SMB_STRDUP(ads->config.ldap_server_name);
- server_realm = SMB_STRDUP(ads->config.realm);
-
- if (!server || !server_realm) {
- SAFE_FREE(server);
- SAFE_FREE(server_realm);
- return ADS_ERROR(LDAP_NO_MEMORY);
+ server = strlower_talloc(frame, ads->config.ldap_server_name);
+ if (server == NULL) {
+ goto out;
}
- if (!strlower_m(server)) {
- SAFE_FREE(server);
- SAFE_FREE(server_realm);
- return ADS_ERROR(LDAP_NO_MEMORY);
+ realm = strupper_talloc(frame, ads->config.realm);
+ if (realm == NULL) {
+ goto out;
}
- if (!strupper_m(server_realm)) {
- SAFE_FREE(server);
- SAFE_FREE(server_realm);
- return ADS_ERROR(LDAP_NO_MEMORY);
- }
- if (asprintf(&princ, "ldap/%s@%s", server, server_realm) == -1) {
- SAFE_FREE(server);
- SAFE_FREE(server_realm);
- return ADS_ERROR(LDAP_NO_MEMORY);
- }
+ /*
+ * If we got a name which is bigger than a NetBIOS name,
+ * but isn't a FQDN, create one.
+ */
+ if (strlen(server) > 15 && strstr(server, ".") == NULL) {
+ char *dnsdomain;
- SAFE_FREE(server);
- SAFE_FREE(server_realm);
+ dnsdomain = strlower_talloc(frame, ads->server.realm);
+ if (dnsdomain == NULL) {
+ goto out;
+ }
- if (!princ) {
- return ADS_ERROR(LDAP_NO_MEMORY);
+ server = talloc_asprintf(frame,
+ "%s.%s",
+ server, dnsdomain);
+ if (server == NULL) {
+ goto out;
+ }
}
}
- if (!princ) {
- return ADS_ERROR(LDAP_PARAM_ERROR);
+ if (server == NULL || realm == NULL) {
+ goto out;
+ }
+
+ rc = asprintf(&princ, "ldap/%s@%s", server, realm);
+ if (rc == -1 || princ == NULL) {
+ status = ADS_ERROR(LDAP_PARAM_ERROR);
+ goto out;
}
*returned_principal = princ;
- return ADS_SUCCESS;
+ status = ADS_SUCCESS;
+out:
+ TALLOC_FREE(frame);
+ return status;
}
static ADS_STATUS ads_generate_service_principal(ADS_STRUCT *ads,
--
2.1.0
meta-oe/recipes-connectivity/samba/samba-4.1.12/11-fix-overwriting-of-spns-during-net-ads-join.patch
+329
View File
@@ -0,0 +1,329 @@
From 1925edc67e223d73d672af48c2ebd3e5865e01d9 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Wed, 24 Sep 2014 09:22:03 +0200
Subject: [PATCH 1/4] s3-libads: Add a function to retrieve the SPNs of a
computer account.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9984
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit 4eaa4ccbdf279f1ff6d8218b36d92aeea0114cd8)
---
source3/libads/ads_proto.h | 6 +++++
source3/libads/ldap.c | 60 ++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 66 insertions(+)
diff --git a/source3/libads/ads_proto.h b/source3/libads/ads_proto.h
index 17a84d1..6a22807 100644
--- a/source3/libads/ads_proto.h
+++ b/source3/libads/ads_proto.h
@@ -87,6 +87,12 @@ ADS_STATUS ads_add_strlist(TALLOC_CTX *ctx, ADS_MODLIST *mods,
const char *name, const char **vals);
uint32 ads_get_kvno(ADS_STRUCT *ads, const char *account_name);
uint32_t ads_get_machine_kvno(ADS_STRUCT *ads, const char *machine_name);
+
+ADS_STATUS ads_get_service_principal_names(TALLOC_CTX *mem_ctx,
+ ADS_STRUCT *ads,
+ const char *machine_name,
+ char ***spn_array,
+ size_t *num_spns);
ADS_STATUS ads_clear_service_principal_names(ADS_STRUCT *ads, const char *machine_name);
ADS_STATUS ads_add_service_principal_name(ADS_STRUCT *ads, const char *machine_name,
const char *my_fqdn, const char *spn);
diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
index fb99132..51a0883 100644
--- a/source3/libads/ldap.c
+++ b/source3/libads/ldap.c
@@ -1927,6 +1927,66 @@ ADS_STATUS ads_clear_service_principal_names(ADS_STRUCT *ads, const char *machin
}
/**
+ * @brief This gets the service principal names of an existing computer account.
+ *
+ * @param[in] mem_ctx The memory context to use to allocate the spn array.
+ *
+ * @param[in] ads The ADS context to use.
+ *
+ * @param[in] machine_name The NetBIOS name of the computer, which is used to
+ * identify the computer account.
+ *
+ * @param[in] spn_array A pointer to store the array for SPNs.
+ *
+ * @param[in] num_spns The number of principals stored in the array.
+ *
+ * @return 0 on success, or a ADS error if a failure occured.
+ */
+ADS_STATUS ads_get_service_principal_names(TALLOC_CTX *mem_ctx,
+ ADS_STRUCT *ads,
+ const char *machine_name,
+ char ***spn_array,
+ size_t *num_spns)
+{
+ ADS_STATUS status;
+ LDAPMessage *res = NULL;
+ char *dn;
+ int count;
+
+ status = ads_find_machine_acct(ads,
+ &res,
+ machine_name);
+ if (!ADS_ERR_OK(status)) {
+ DEBUG(1,("Host Account for %s not found... skipping operation.\n",
+ machine_name));
+ return status;
+ }
+
+ count = ads_count_replies(ads, res);
+ if (count != 1) {
+ status = ADS_ERROR(LDAP_NO_SUCH_OBJECT);
+ goto done;
+ }
+
+ dn = ads_get_dn(ads, mem_ctx, res);
+ if (dn == NULL) {
+ status = ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+ goto done;
+ }
+
+ *spn_array = ads_pull_strings(ads,
+ mem_ctx,
+ res,
+ "servicePrincipalName",
+ num_spns);
+
+done:
+ ads_msgfree(ads, res);
+
+ return status;
+}
+
+/**
* This adds a service principal name to an existing computer account
* (found by hostname) in AD.
* @param ads An initialized ADS_STRUCT
--
2.1.0
From ed3b6536e1027a26d7983942f62677aa2bc0e93c Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Wed, 24 Sep 2014 09:23:58 +0200
Subject: [PATCH 2/4] s3-libads: Add function to search for an element in an
array.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9984
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit e1ee4c8bc7018db7787dd9a0be6d3aa40a477ee2)
---
source3/libads/ads_proto.h | 2 ++
source3/libads/ldap.c | 31 +++++++++++++++++++++++++++++++
2 files changed, 33 insertions(+)
diff --git a/source3/libads/ads_proto.h b/source3/libads/ads_proto.h
index 6a22807..1e34247 100644
--- a/source3/libads/ads_proto.h
+++ b/source3/libads/ads_proto.h
@@ -88,6 +88,8 @@ ADS_STATUS ads_add_strlist(TALLOC_CTX *ctx, ADS_MODLIST *mods,
uint32 ads_get_kvno(ADS_STRUCT *ads, const char *account_name);
uint32_t ads_get_machine_kvno(ADS_STRUCT *ads, const char *machine_name);
+bool ads_element_in_array(const char **el_array, size_t num_el, const char *el);
+
ADS_STATUS ads_get_service_principal_names(TALLOC_CTX *mem_ctx,
ADS_STRUCT *ads,
const char *machine_name,
diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
index 51a0883..8d104c2 100644
--- a/source3/libads/ldap.c
+++ b/source3/libads/ldap.c
@@ -1927,6 +1927,37 @@ ADS_STATUS ads_clear_service_principal_names(ADS_STRUCT *ads, const char *machin
}
/**
+ * @brief Search for an element in a string array.
+ *
+ * @param[in] el_array The string array to search.
+ *
+ * @param[in] num_el The number of elements in the string array.
+ *
+ * @param[in] el The string to search.
+ *
+ * @return True if found, false if not.
+ */
+bool ads_element_in_array(const char **el_array, size_t num_el, const char *el)
+{
+ size_t i;
+
+ if (el_array == NULL || num_el == 0 || el == NULL) {
+ return false;
+ }
+
+ for (i = 0; i < num_el && el_array[i] != NULL; i++) {
+ int cmp;
+
+ cmp = strcasecmp_m(el_array[i], el);
+ if (cmp == 0) {
+ return true;
+ }
+ }
+
+ return false;
+}
+
+/**
* @brief This gets the service principal names of an existing computer account.
*
* @param[in] mem_ctx The memory context to use to allocate the spn array.
--
2.1.0
From 11700f1398d6197a99c686f1a43b45d6305ceae8 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Fri, 26 Sep 2014 03:09:08 +0200
Subject: [PATCH 3/4] s3-libnet: Add libnet_join_get_machine_spns().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9984
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit 7e0b8fcce5572c88d50993a1dbd90f65638ba90f)
---
source3/libnet/libnet_join.c | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
index 1418385..3611cc7 100644
--- a/source3/libnet/libnet_join.c
+++ b/source3/libnet/libnet_join.c
@@ -358,6 +358,26 @@ static ADS_STATUS libnet_join_find_machine_acct(TALLOC_CTX *mem_ctx,
return status;
}
+static ADS_STATUS libnet_join_get_machine_spns(TALLOC_CTX *mem_ctx,
+ struct libnet_JoinCtx *r,
+ char ***spn_array,
+ size_t *num_spns)
+{
+ ADS_STATUS status;
+
+ if (r->in.machine_name == NULL) {
+ return ADS_ERROR_SYSTEM(EINVAL);
+ }
+
+ status = ads_get_service_principal_names(mem_ctx,
+ r->in.ads,
+ r->in.machine_name,
+ spn_array,
+ num_spns);
+
+ return status;
+}
+
/****************************************************************
Set a machines dNSHostName and servicePrincipalName attributes
****************************************************************/
--
2.1.0
From 472256e27ad5cb5e7657efaece71744269ca8d16 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
Date: Fri, 26 Sep 2014 03:35:43 +0200
Subject: [PATCH 4/4] s3-libnet: Make sure we do not overwrite precreated SPNs.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9984
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Fri Sep 26 08:22:45 CEST 2014 on sn-devel-104
(cherry picked from commit 0aacbe78bb40d76b65087c2a197c92b0101e625e)
---
source3/libnet/libnet_join.c | 39 ++++++++++++++++++++++++++++++++++++---
1 file changed, 36 insertions(+), 3 deletions(-)
diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
index 3611cc7..aa7b5cb 100644
--- a/source3/libnet/libnet_join.c
+++ b/source3/libnet/libnet_join.c
@@ -388,8 +388,10 @@ static ADS_STATUS libnet_join_set_machine_spn(TALLOC_CTX *mem_ctx,
ADS_STATUS status;
ADS_MODLIST mods;
fstring my_fqdn;
- const char *spn_array[3] = {NULL, NULL, NULL};
+ const char **spn_array = NULL;
+ size_t num_spns = 0;
char *spn = NULL;
+ bool ok;
/* Find our DN */
@@ -398,6 +400,14 @@ static ADS_STATUS libnet_join_set_machine_spn(TALLOC_CTX *mem_ctx,
return status;
}
+ status = libnet_join_get_machine_spns(mem_ctx,
+ r,
+ discard_const_p(char **, &spn_array),
+ &num_spns);
+ if (!ADS_ERR_OK(status)) {
+ DEBUG(5, ("Retrieving the servicePrincipalNames failed.\n"));
+ }
+
/* Windows only creates HOST/shortname & HOST/fqdn. */
spn = talloc_asprintf(mem_ctx, "HOST/%s", r->in.machine_name);
@@ -407,7 +417,15 @@ static ADS_STATUS libnet_join_set_machine_spn(TALLOC_CTX *mem_ctx,
if (!strupper_m(spn)) {
return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
}
- spn_array[0] = spn;
+
+ ok = ads_element_in_array(spn_array, num_spns, spn);
+ if (!ok) {
+ ok = add_string_to_array(spn_array, spn,
+ &spn_array, (int *)&num_spns);
+ if (!ok) {
+ return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+ }
+ }
if (!name_to_fqdn(my_fqdn, r->in.machine_name)
|| (strchr(my_fqdn, '.') == NULL)) {
@@ -424,8 +442,23 @@ static ADS_STATUS libnet_join_set_machine_spn(TALLOC_CTX *mem_ctx,
if (!spn) {
return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
}
- spn_array[1] = spn;
+
+ ok = ads_element_in_array(spn_array, num_spns, spn);
+ if (!ok) {
+ ok = add_string_to_array(spn_array, spn,
+ &spn_array, (int *)&num_spns);
+ if (!ok) {
+ return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+ }
+ }
+ }
+
+ /* make sure to NULL terminate the array */
+ spn_array = talloc_realloc(mem_ctx, spn_array, const char *, num_spns + 1);
+ if (spn_array == NULL) {
+ return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
}
+ spn_array[num_spns] = NULL;
mods = ads_init_mods(mem_ctx);
if (!mods) {
--
2.1.0
meta-oe/recipes-connectivity/samba/samba-4.1.12/12-add-precreated-spns-from-AD-during-keytab-generation.patch
+159
View File
@@ -0,0 +1,159 @@
From 3516236ec6eb42f29eda42542b109fa10217e68c Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Wed, 24 Sep 2014 10:51:33 +0200
Subject: [PATCH] s3-libads: Add all machine account principals to the keytab.
This adds all SPNs defined in the DC for the computer account to the
keytab using 'net ads keytab create -P'.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9985
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit 5d58b92f8fcbc509f4fe2bd3617bcaeada1806b6)
---
source3/libads/kerberos_keytab.c | 74 ++++++++++++++++++++++++++++------------
1 file changed, 52 insertions(+), 22 deletions(-)
diff --git a/source3/libads/kerberos_keytab.c b/source3/libads/kerberos_keytab.c
index 83df088..d13625b 100644
--- a/source3/libads/kerberos_keytab.c
+++ b/source3/libads/kerberos_keytab.c
@@ -507,20 +507,57 @@ int ads_keytab_create_default(ADS_STRUCT *ads)
krb5_kt_cursor cursor;
krb5_keytab_entry kt_entry;
krb5_kvno kvno;
- int i, found = 0;
+ size_t found = 0;
char *sam_account_name, *upn;
char **oldEntries = NULL, *princ_s[26];
- TALLOC_CTX *tmpctx = NULL;
+ TALLOC_CTX *frame;
char *machine_name;
+ char **spn_array;
+ size_t num_spns;
+ size_t i;
+ ADS_STATUS status;
- /* these are the main ones we need */
- ret = ads_keytab_add_entry(ads, "host");
- if (ret != 0) {
- DEBUG(1, (__location__ ": ads_keytab_add_entry failed while "
- "adding 'host' principal.\n"));
- return ret;
+ frame = talloc_stackframe();
+ if (frame == NULL) {
+ ret = -1;
+ goto done;
+ }
+
+ status = ads_get_service_principal_names(frame,
+ ads,
+ lp_netbios_name(),
+ &spn_array,
+ &num_spns);
+ if (!ADS_ERR_OK(status)) {
+ ret = -1;
+ goto done;
}
+ for (i = 0; i < num_spns; i++) {
+ char *srv_princ;
+ char *p;
+
+ srv_princ = strlower_talloc(frame, spn_array[i]);
+ if (srv_princ == NULL) {
+ ret = -1;
+ goto done;
+ }
+
+ p = strchr_m(srv_princ, '/');
+ if (p == NULL) {
+ continue;
+ }
+ p[0] = '\0';
+
+ /* Add the SPNs found on the DC */
+ ret = ads_keytab_add_entry(ads, srv_princ);
+ if (ret != 0) {
+ DEBUG(1, ("ads_keytab_add_entry failed while "
+ "adding '%s' principal.\n",
+ spn_array[i]));
+ goto done;
+ }
+ }
#if 0 /* don't create the CIFS/... keytab entries since no one except smbd
really needs them and we will fall back to verifying against
@@ -543,24 +580,17 @@ int ads_keytab_create_default(ADS_STRUCT *ads)
if (ret) {
DEBUG(1, (__location__ ": could not krb5_init_context: %s\n",
error_message(ret)));
- return ret;
- }
-
- tmpctx = talloc_init(__location__);
- if (!tmpctx) {
- DEBUG(0, (__location__ ": talloc_init() failed!\n"));
- ret = -1;
goto done;
}
- machine_name = talloc_strdup(tmpctx, lp_netbios_name());
+ machine_name = talloc_strdup(frame, lp_netbios_name());
if (!machine_name) {
ret = -1;
goto done;
}
/* now add the userPrincipalName and sAMAccountName entries */
- sam_account_name = ads_get_samaccountname(ads, tmpctx, machine_name);
+ sam_account_name = ads_get_samaccountname(ads, frame, machine_name);
if (!sam_account_name) {
DEBUG(0, (__location__ ": unable to determine machine "
"account's name in AD!\n"));
@@ -584,7 +614,7 @@ int ads_keytab_create_default(ADS_STRUCT *ads)
}
/* remember that not every machine account will have a upn */
- upn = ads_get_upn(ads, tmpctx, machine_name);
+ upn = ads_get_upn(ads, frame, machine_name);
if (upn) {
ret = ads_keytab_add_entry(ads, upn);
if (ret != 0) {
@@ -596,7 +626,7 @@ int ads_keytab_create_default(ADS_STRUCT *ads)
/* Now loop through the keytab and update any other existing entries */
kvno = (krb5_kvno)ads_get_machine_kvno(ads, machine_name);
- if (kvno == -1) {
+ if (kvno == (krb5_kvno)-1) {
DEBUG(1, (__location__ ": ads_get_machine_kvno() failed to "
"determine the system's kvno.\n"));
goto done;
@@ -629,12 +659,12 @@ int ads_keytab_create_default(ADS_STRUCT *ads)
* have a race condition where someone else could add entries after
* we've counted them. Re-open asap to minimise the race. JRA.
*/
- DEBUG(3, (__location__ ": Found %d entries in the keytab.\n", found));
+ DEBUG(3, (__location__ ": Found %zd entries in the keytab.\n", found));
if (!found) {
goto done;
}
- oldEntries = talloc_array(tmpctx, char *, found);
+ oldEntries = talloc_array(frame, char *, found);
if (!oldEntries) {
DEBUG(1, (__location__ ": Failed to allocate space to store "
"the old keytab entries (talloc failed?).\n"));
@@ -708,7 +738,7 @@ int ads_keytab_create_default(ADS_STRUCT *ads)
done:
TALLOC_FREE(oldEntries);
- TALLOC_FREE(tmpctx);
+ TALLOC_FREE(frame);
{
krb5_keytab_entry zero_kt_entry;
--
2.1.0
meta-oe/recipes-connectivity/samba/samba-4.1.12/13-fix-aes-enctype.patch
+988
View File
@@ -0,0 +1,988 @@
From cbef7b5e10f4477d9f2e648ac6c654eef1165b82 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
Date: Wed, 24 Sep 2014 22:16:20 +0200
Subject: [PATCH 1/4] s3-net: add "net ads enctypes {list,set,delete}".
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
---
source3/utils/net_ads.c | 308 ++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 308 insertions(+)
diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
index 8b8e719..5f18bf4 100644
--- a/source3/utils/net_ads.c
+++ b/source3/utils/net_ads.c
@@ -2860,6 +2860,306 @@ int net_ads_kerberos(struct net_context *c, int argc, const char **argv)
return net_run_function(c, argc, argv, "net ads kerberos", func);
}
+static int net_ads_enctype_lookup_account(struct net_context *c,
+ ADS_STRUCT *ads,
+ const char *account,
+ LDAPMessage **res,
+ const char **enctype_str)
+{
+ const char *filter;
+ const char *attrs[] = {
+ "msDS-SupportedEncryptionTypes",
+ NULL
+ };
+ int count;
+ int ret = -1;
+ ADS_STATUS status;
+
+ filter = talloc_asprintf(c, "(&(objectclass=user)(sAMAccountName=%s))",
+ account);
+ if (filter == NULL) {
+ goto done;
+ }
+
+ status = ads_search(ads, res, filter, attrs);
+ if (!ADS_ERR_OK(status)) {
+ d_printf(_("no account found with filter: %s\n"), filter);
+ goto done;
+ }
+
+ count = ads_count_replies(ads, *res);
+ switch (count) {
+ case 1:
+ break;
+ case 0:
+ d_printf(_("no account found with filter: %s\n"), filter);
+ goto done;
+ default:
+ d_printf(_("multiple accounts found with filter: %s\n"), filter);
+ goto done;
+ }
+
+ if (enctype_str) {
+ *enctype_str = ads_pull_string(ads, c, *res,
+ "msDS-SupportedEncryptionTypes");
+ if (*enctype_str == NULL) {
+ d_printf(_("no msDS-SupportedEncryptionTypes attribute found\n"));
+ goto done;
+ }
+ }
+
+ ret = 0;
+ done:
+ return ret;
+}
+
+static void net_ads_enctype_dump_enctypes(const char *username,
+ const char *enctype_str)
+{
+ int enctypes;
+
+ d_printf(_("'%s' uses \"msDS-SupportedEncryptionTypes\":\n"), username);
+
+ enctypes = atoi(enctype_str);
+
+ printf("[%s] 0x%08x DES-CBC-CRC\n",
+ enctypes & ENC_CRC32 ? "X" : " ",
+ ENC_CRC32);
+ printf("[%s] 0x%08x DES-CBC-MD5\n",
+ enctypes & ENC_RSA_MD5 ? "X" : " ",
+ ENC_RSA_MD5);
+ printf("[%s] 0x%08x RC4-HMAC\n",
+ enctypes & ENC_RC4_HMAC_MD5 ? "X" : " ",
+ ENC_RC4_HMAC_MD5);
+ printf("[%s] 0x%08x AES128-CTS-HMAC-SHA1-96\n",
+ enctypes & ENC_HMAC_SHA1_96_AES128 ? "X" : " ",
+ ENC_HMAC_SHA1_96_AES128);
+ printf("[%s] 0x%08x AES256-CTS-HMAC-SHA1-96\n",
+ enctypes & ENC_HMAC_SHA1_96_AES256 ? "X" : " ",
+ ENC_HMAC_SHA1_96_AES256);
+}
+
+static int net_ads_enctypes_list(struct net_context *c, int argc, const char **argv)
+{
+ int ret = -1;
+ ADS_STATUS status;
+ ADS_STRUCT *ads = NULL;
+ LDAPMessage *res = NULL;
+ const char *str = NULL;
+
+ if (c->display_usage || (argc < 1)) {
+ d_printf( "%s\n"
+ "net ads enctypes list\n"
+ " %s\n",
+ _("Usage:"),
+ _("List supported enctypes"));
+ return 0;
+ }
+
+ status = ads_startup(c, false, &ads);
+ if (!ADS_ERR_OK(status)) {
+ printf("startup failed\n");
+ return ret;
+ }
+
+ ret = net_ads_enctype_lookup_account(c, ads, argv[0], &res, &str);
+ if (ret) {
+ goto done;
+ }
+
+ net_ads_enctype_dump_enctypes(argv[0], str);
+
+ ret = 0;
+ done:
+ ads_msgfree(ads, res);
+ ads_destroy(&ads);
+
+ return ret;
+}
+
+static int net_ads_enctypes_set(struct net_context *c, int argc, const char **argv)
+{
+ int ret = -1;
+ ADS_STATUS status;
+ ADS_STRUCT *ads;
+ LDAPMessage *res = NULL;
+ const char *etype_list_str;
+ const char *dn;
+ ADS_MODLIST mods;
+ uint32_t etype_list;
+ const char *str;
+
+ if (c->display_usage || argc < 1) {
+ d_printf( "%s\n"
+ "net ads enctypes set <sAMAccountName> [enctypes]\n"
+ " %s\n",
+ _("Usage:"),
+ _("Set supported enctypes"));
+ return 0;
+ }
+
+ status = ads_startup(c, false, &ads);
+ if (!ADS_ERR_OK(status)) {
+ printf("startup failed\n");
+ return ret;
+ }
+
+ ret = net_ads_enctype_lookup_account(c, ads, argv[0], &res, NULL);
+ if (ret) {
+ goto done;
+ }
+
+ dn = ads_get_dn(ads, c, res);
+ if (dn == NULL) {
+ goto done;
+ }
+
+ etype_list = ENC_CRC32 | ENC_RSA_MD5 | ENC_RC4_HMAC_MD5;
+#ifdef HAVE_ENCTYPE_AES128_CTS_HMAC_SHA1_96
+ etype_list |= ENC_HMAC_SHA1_96_AES128;
+#endif
+#ifdef HAVE_ENCTYPE_AES256_CTS_HMAC_SHA1_96
+ etype_list |= ENC_HMAC_SHA1_96_AES256;
+#endif
+
+ if (argv[1] != NULL) {
+ sscanf(argv[1], "%i", &etype_list);
+ }
+
+ etype_list_str = talloc_asprintf(c, "%d", etype_list);
+ if (!etype_list_str) {
+ goto done;
+ }
+
+ mods = ads_init_mods(c);
+ if (!mods) {
+ goto done;
+ }
+
+ status = ads_mod_str(c, &mods, "msDS-SupportedEncryptionTypes",
+ etype_list_str);
+ if (!ADS_ERR_OK(status)) {
+ goto done;
+ }
+
+ status = ads_gen_mod(ads, dn, mods);
+ if (!ADS_ERR_OK(status)) {
+ d_printf(_("failed to add msDS-SupportedEncryptionTypes: %s\n"),
+ ads_errstr(status));
+ goto done;
+ }
+
+ ads_msgfree(ads, res);
+
+ ret = net_ads_enctype_lookup_account(c, ads, argv[0], &res, &str);
+ if (ret) {
+ goto done;
+ }
+
+ net_ads_enctype_dump_enctypes(argv[0], str);
+
+ ret = 0;
+ done:
+ ads_msgfree(ads, res);
+ ads_destroy(&ads);
+
+ return ret;
+}
+
+static int net_ads_enctypes_delete(struct net_context *c, int argc, const char **argv)
+{
+ int ret = -1;
+ ADS_STATUS status;
+ ADS_STRUCT *ads;
+ LDAPMessage *res = NULL;
+ const char *dn;
+ ADS_MODLIST mods;
+
+ if (c->display_usage || argc < 1) {
+ d_printf( "%s\n"
+ "net ads enctypes delete <sAMAccountName>\n"
+ " %s\n",
+ _("Usage:"),
+ _("Delete supported enctypes"));
+ return 0;
+ }
+
+ status = ads_startup(c, false, &ads);
+ if (!ADS_ERR_OK(status)) {
+ printf("startup failed\n");
+ return ret;
+ }
+
+ ret = net_ads_enctype_lookup_account(c, ads, argv[0], &res, NULL);
+ if (ret) {
+ goto done;
+ }
+
+ dn = ads_get_dn(ads, c, res);
+ if (dn == NULL) {
+ goto done;
+ }
+
+ mods = ads_init_mods(c);
+ if (!mods) {
+ goto done;
+ }
+
+ status = ads_mod_str(c, &mods, "msDS-SupportedEncryptionTypes", NULL);
+ if (!ADS_ERR_OK(status)) {
+ goto done;
+ }
+
+ status = ads_gen_mod(ads, dn, mods);
+ if (!ADS_ERR_OK(status)) {
+ d_printf(_("failed to remove msDS-SupportedEncryptionTypes: %s\n"),
+ ads_errstr(status));
+ goto done;
+ }
+
+ ret = 0;
+
+ done:
+ ads_msgfree(ads, res);
+ ads_destroy(&ads);
+ return ret;
+}
+
+static int net_ads_enctypes(struct net_context *c, int argc, const char **argv)
+{
+ struct functable func[] = {
+ {
+ "list",
+ net_ads_enctypes_list,
+ NET_TRANSPORT_ADS,
+ N_("List the supported encryption types"),
+ N_("net ads enctypes list\n"
+ " List the supported encryption types")
+ },
+ {
+ "set",
+ net_ads_enctypes_set,
+ NET_TRANSPORT_ADS,
+ N_("Set the supported encryption types"),
+ N_("net ads enctypes set\n"
+ " Set the supported encryption types")
+ },
+ {
+ "delete",
+ net_ads_enctypes_delete,
+ NET_TRANSPORT_ADS,
+ N_("Delete the supported encryption types"),
+ N_("net ads enctypes delete\n"
+ " Delete the supported encryption types")
+ },
+
+ {NULL, NULL, 0, NULL, NULL}
+ };
+
+ return net_run_function(c, argc, argv, "net ads enctypes", func);
+}
+
+
int net_ads(struct net_context *c, int argc, const char **argv)
{
struct functable func[] = {
@@ -3015,6 +3315,14 @@ int net_ads(struct net_context *c, int argc, const char **argv)
N_("net ads kerberos\n"
" Manage kerberos keytab")
},
+ {
+ "enctypes",
+ net_ads_enctypes,
+ NET_TRANSPORT_ADS,
+ N_("List/modify supported encryption types"),
+ N_("net ads enctypes\n"
+ " List/modify enctypes")
+ },
{NULL, NULL, 0, NULL, NULL}
};
--
1.9.3
From a19f1e51bd7d48b238ad22ec9e27af53dfa5bf44 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
Date: Wed, 24 Sep 2014 23:36:19 +0200
Subject: [PATCH 2/4] s3-net: add manpage documentation for "net ads enctypes".
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
---
docs-xml/manpages/net.8.xml | 53 +++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 53 insertions(+)
diff --git a/docs-xml/manpages/net.8.xml b/docs-xml/manpages/net.8.xml
index f39b420..9e982e3 100644
--- a/docs-xml/manpages/net.8.xml
+++ b/docs-xml/manpages/net.8.xml
@@ -1339,6 +1339,59 @@ to show in the result.
</refsect2>
<refsect2>
+ <title>ADS ENCTYPES</title>
+
+<para>
+ List, modify or delete the value of the "msDS-SupportedEncryptionTypes" attribute of an account in AD.
+</para>
+
+<para>
+ This attribute allows to control which Kerberos encryption types are used for the generation of initial and service tickets. The value consists of an integer bitmask with the following values:
+</para>
+
+<para>0x00000001 DES-CBC-CRC</para>
+<para>0x00000002 DES-CBC-MD5</para>
+<para>0x00000004 RC4-HMAC</para>
+<para>0x00000008 AES128-CTS-HMAC-SHA1-96</para>
+<para>0x00000010 AES256-CTS-HMAC-SHA1-96</para>
+
+</refsect2>
+
+<refsect2>
+ <title>ADS ENCTYPES LIST <replaceable>&lt;ACCOUNTNAME&gt;</replaceable></title>
+
+<para>
+ List the value of the "msDS-SupportedEncryptionTypes" attribute of a given account.
+</para>
+
+<para>Example: <userinput>net ads enctypes list Computername</userinput></para>
+
+</refsect2>
+
+<refsect2>
+ <title>ADS ENCTYPES SET <replaceable>&lt;ACCOUNTNAME&gt;</replaceable> <replaceable>[enctypes]</replaceable></title>
+
+<para>
+ Set the value of the "msDS-SupportedEncryptionTypes" attribute of the LDAP object of ACCOUNTNAME to a given value. If the value is ommitted, the value is set to 31 which enables all the currently supported encryption types.
+</para>
+
+<para>Example: <userinput>net ads enctypes set Computername 24</userinput></para>
+
+</refsect2>
+
+<refsect2>
+ <title>ADS ENCTYPES DELETE <replaceable>&lt;ACCOUNTNAME&gt;</replaceable></title>
+
+<para>
+ Deletes the "msDS-SupportedEncryptionTypes" attribute of the LDAP object of ACCOUNTNAME.
+</para>
+
+<para>Example: <userinput>net ads enctypes set Computername 24</userinput></para>
+
+</refsect2>
+
+
+<refsect2>
<title>SAM CREATEBUILTINGROUP &lt;NAME&gt;</title>
<para>
--
1.9.3
From 0f42d123afde57ee74d89bdc742185cef718cf0f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
Date: Fri, 23 Nov 2012 12:34:27 +0100
Subject: [PATCH 3/4] s3-libnet: set list of allowed krb5 encryption types in
AD >= 2008.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
---
source3/libnet/libnet_join.c | 65 ++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 65 insertions(+)
diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
index 381a59c..e70e11a 100644
--- a/source3/libnet/libnet_join.c
+++ b/source3/libnet/libnet_join.c
@@ -605,6 +605,52 @@ static ADS_STATUS libnet_join_set_os_attributes(TALLOC_CTX *mem_ctx,
/****************************************************************
****************************************************************/
+static ADS_STATUS libnet_join_set_etypes(TALLOC_CTX *mem_ctx,
+ struct libnet_JoinCtx *r)
+{
+ ADS_STATUS status;
+ ADS_MODLIST mods;
+ uint32_t etype_list = ENC_CRC32 | ENC_RSA_MD5 | ENC_RC4_HMAC_MD5;
+ const char *etype_list_str;
+
+#ifdef HAVE_ENCTYPE_AES128_CTS_HMAC_SHA1_96
+ etype_list |= ENC_HMAC_SHA1_96_AES128;
+#endif
+#ifdef HAVE_ENCTYPE_AES256_CTS_HMAC_SHA1_96
+ etype_list |= ENC_HMAC_SHA1_96_AES256;
+#endif
+
+ etype_list_str = talloc_asprintf(mem_ctx, "%d", etype_list);
+ if (!etype_list_str) {
+ return ADS_ERROR(LDAP_NO_MEMORY);
+ }
+
+ /* Find our DN */
+
+ status = libnet_join_find_machine_acct(mem_ctx, r);
+ if (!ADS_ERR_OK(status)) {
+ return status;
+ }
+
+ /* now do the mods */
+
+ mods = ads_init_mods(mem_ctx);
+ if (!mods) {
+ return ADS_ERROR(LDAP_NO_MEMORY);
+ }
+
+ status = ads_mod_str(mem_ctx, &mods, "msDS-SupportedEncryptionTypes",
+ etype_list_str);
+ if (!ADS_ERR_OK(status)) {
+ return status;
+ }
+
+ return ads_gen_mod(r->in.ads, r->out.dn, mods);
+}
+
+/****************************************************************
+****************************************************************/
+
static bool libnet_join_create_keytab(TALLOC_CTX *mem_ctx,
struct libnet_JoinCtx *r)
{
@@ -679,6 +725,7 @@ static ADS_STATUS libnet_join_post_processing_ads(TALLOC_CTX *mem_ctx,
struct libnet_JoinCtx *r)
{
ADS_STATUS status;
+ uint32_t func_level = 0;
if (!r->in.ads) {
status = libnet_join_connect_ads(mem_ctx, r);
@@ -713,6 +760,24 @@ static ADS_STATUS libnet_join_post_processing_ads(TALLOC_CTX *mem_ctx,
return status;
}
+ status = ads_domain_func_level(r->in.ads, &func_level);
+ if (!ADS_ERR_OK(status)) {
+ libnet_join_set_error_string(mem_ctx, r,
+ "failed to query domain controller functional level: %s",
+ ads_errstr(status));
+ return status;
+ }
+
+ if (func_level >= DS_DOMAIN_FUNCTION_2008) {
+ status = libnet_join_set_etypes(mem_ctx, r);
+ if (!ADS_ERR_OK(status)) {
+ libnet_join_set_error_string(mem_ctx, r,
+ "failed to set machine kerberos encryption types: %s",
+ ads_errstr(status));
+ return status;
+ }
+ }
+
if (!libnet_join_derive_salting_principal(mem_ctx, r)) {
return ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL);
}
--
1.9.3
From adb206481ac56c8f438e70f7b9e986aeba9586b1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
Date: Fri, 26 Sep 2014 21:06:38 +0200
Subject: [PATCH 4/4] s4-auth/kerberos: fix salting principal, make sure
hostname is lowercase.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Found at MS interop event while working on AES kerberos key support.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---
source4/auth/kerberos/srv_keytab.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/source4/auth/kerberos/srv_keytab.c b/source4/auth/kerberos/srv_keytab.c
index d81e27d..3baba14 100644
--- a/source4/auth/kerberos/srv_keytab.c
+++ b/source4/auth/kerberos/srv_keytab.c
@@ -143,7 +143,7 @@ static krb5_error_code salt_principal(TALLOC_CTX *parent_ctx,
return ENOMEM;
}
- machine_username = talloc_strdup(tmp_ctx, samAccountName);
+ machine_username = strlower_talloc(tmp_ctx, samAccountName);
if (!machine_username) {
*error_string = "Cannot duplicate samAccountName";
talloc_free(tmp_ctx);
--
1.9.3
From d423e8b759af2e0a7cdce39d3f7a6c8d9c1764b4 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Mon, 16 Jun 2014 22:49:29 -0700
Subject: [PATCH 1/5] s3: auth: Add some const to the struct netr_SamInfo3 *
arguments of copy_netr_SamInfo3() and make_server_info_info3()
Both functions only read from the struct netr_SamInfo3 * argument.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Simo Sorce <idra@samba.org>
Conflicts:
source3/auth/proto.h
source3/auth/server_info.c
---
source3/auth/auth_util.c | 2 +-
source3/auth/proto.h | 4 ++--
source3/auth/server_info.c | 2 +-
3 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index ceaa706..afa78ec 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -1369,7 +1369,7 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
const char *sent_nt_username,
const char *domain,
struct auth_serversupplied_info **server_info,
- struct netr_SamInfo3 *info3)
+ const struct netr_SamInfo3 *info3)
{
static const char zeros[16] = {0, };
diff --git a/source3/auth/proto.h b/source3/auth/proto.h
index 76661fc..6ec206e 100644
--- a/source3/auth/proto.h
+++ b/source3/auth/proto.h
@@ -232,7 +232,7 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
const char *sent_nt_username,
const char *domain,
struct auth_serversupplied_info **server_info,
- struct netr_SamInfo3 *info3);
+ const struct netr_SamInfo3 *info3);
struct wbcAuthUserInfo;
NTSTATUS make_server_info_wbcAuthUserInfo(TALLOC_CTX *mem_ctx,
const char *sent_nt_username,
@@ -287,7 +287,7 @@ NTSTATUS samu_to_SamInfo3(TALLOC_CTX *mem_ctx,
const struct passwd *pwd,
struct netr_SamInfo3 **pinfo3);
struct netr_SamInfo3 *copy_netr_SamInfo3(TALLOC_CTX *mem_ctx,
- struct netr_SamInfo3 *orig);
+ const struct netr_SamInfo3 *orig);
struct netr_SamInfo3 *wbcAuthUserInfo_to_netr_SamInfo3(TALLOC_CTX *mem_ctx,
const struct wbcAuthUserInfo *info);
diff --git a/source3/auth/server_info.c b/source3/auth/server_info.c
index d2b7d6e..066b9a8 100644
--- a/source3/auth/server_info.c
+++ b/source3/auth/server_info.c
@@ -445,7 +445,7 @@ NTSTATUS samu_to_SamInfo3(TALLOC_CTX *mem_ctx,
} } while(0)
struct netr_SamInfo3 *copy_netr_SamInfo3(TALLOC_CTX *mem_ctx,
- struct netr_SamInfo3 *orig)
+ const struct netr_SamInfo3 *orig)
{
struct netr_SamInfo3 *info3;
unsigned int i;
--
1.9.3
From cab0cda9df0bb0eda2d7957c0bb8dbcb51ba7ef7 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Mon, 16 Jun 2014 22:54:45 -0700
Subject: [PATCH 2/5] s3: auth: Change make_server_info_info3() to take a const
struct netr_SamInfo3 pointer instead of a struct PAC_LOGON_INFO.
make_server_info_info3() only reads from the info3 pointer.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Simo Sorce <idra@samba.org>
---
source3/auth/auth_generic.c | 2 +-
source3/auth/proto.h | 2 +-
source3/auth/user_krb5.c | 8 ++++----
3 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/source3/auth/auth_generic.c b/source3/auth/auth_generic.c
index a2ba4e3..2880bc9 100644
--- a/source3/auth/auth_generic.c
+++ b/source3/auth/auth_generic.c
@@ -112,7 +112,7 @@ static NTSTATUS auth3_generate_session_info_pac(struct auth4_context *auth_ctx,
status = make_session_info_krb5(mem_ctx,
ntuser, ntdomain, username, pw,
- logon_info, is_guest, is_mapped, NULL /* No session key for now, caller will sort it out */,
+ &logon_info->info3, is_guest, is_mapped, NULL /* No session key for now, caller will sort it out */,
session_info);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("Failed to map kerberos pac to server info (%s)\n",
diff --git a/source3/auth/proto.h b/source3/auth/proto.h
index 6ec206e..75d1097 100644
--- a/source3/auth/proto.h
+++ b/source3/auth/proto.h
@@ -357,7 +357,7 @@ NTSTATUS make_session_info_krb5(TALLOC_CTX *mem_ctx,
char *ntdomain,
char *username,
struct passwd *pw,
- struct PAC_LOGON_INFO *logon_info,
+ const struct netr_SamInfo3 *info3,
bool mapped_to_guest, bool username_was_mapped,
DATA_BLOB *session_key,
struct auth_session_info **session_info);
diff --git a/source3/auth/user_krb5.c b/source3/auth/user_krb5.c
index 974a8aa..0a538b4 100644
--- a/source3/auth/user_krb5.c
+++ b/source3/auth/user_krb5.c
@@ -186,7 +186,7 @@ NTSTATUS make_session_info_krb5(TALLOC_CTX *mem_ctx,
char *ntdomain,
char *username,
struct passwd *pw,
- struct PAC_LOGON_INFO *logon_info,
+ const struct netr_SamInfo3 *info3,
bool mapped_to_guest, bool username_was_mapped,
DATA_BLOB *session_key,
struct auth_session_info **session_info)
@@ -202,14 +202,14 @@ NTSTATUS make_session_info_krb5(TALLOC_CTX *mem_ctx,
return status;
}
- } else if (logon_info) {
+ } else if (info3) {
/* pass the unmapped username here since map_username()
will be called again in make_server_info_info3() */
status = make_server_info_info3(mem_ctx,
ntuser, ntdomain,
&server_info,
- &logon_info->info3);
+ info3);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("make_server_info_info3 failed: %s!\n",
nt_errstr(status)));
@@ -299,7 +299,7 @@ NTSTATUS make_session_info_krb5(TALLOC_CTX *mem_ctx,
char *ntdomain,
char *username,
struct passwd *pw,
- struct PAC_LOGON_INFO *logon_info,
+ const struct netr_SamInfo3 *info3,
bool mapped_to_guest, bool username_was_mapped,
DATA_BLOB *session_key,
struct auth_session_info **session_info)
--
1.9.3
From 102335441aaa7967367abcc5690fe7229807546a Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Mon, 16 Jun 2014 23:11:58 -0700
Subject: [PATCH 3/5] s3: auth: Add create_info3_from_pac_logon_info() to
create a new info3 and merge resource group SIDs into it.
Originally written by Richard Sharpe Richard Sharpe <realrichardsharpe@gmail.com>.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Simo Sorce <idra@samba.org>
---
source3/auth/proto.h | 3 ++
source3/auth/server_info.c | 77 ++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 80 insertions(+)
diff --git a/source3/auth/proto.h b/source3/auth/proto.h
index 75d1097..cc51698 100644
--- a/source3/auth/proto.h
+++ b/source3/auth/proto.h
@@ -281,6 +281,9 @@ NTSTATUS serverinfo_to_SamInfo3(const struct auth_serversupplied_info *server_in
struct netr_SamInfo3 *sam3);
NTSTATUS serverinfo_to_SamInfo6(struct auth_serversupplied_info *server_info,
struct netr_SamInfo6 *sam6);
+NTSTATUS create_info3_from_pac_logon_info(TALLOC_CTX *mem_ctx,
+ const struct PAC_LOGON_INFO *logon_info,
+ struct netr_SamInfo3 **pp_info3);
NTSTATUS samu_to_SamInfo3(TALLOC_CTX *mem_ctx,
struct samu *samu,
const char *login_server,
diff --git a/source3/auth/server_info.c b/source3/auth/server_info.c
index 066b9a8..dc84794 100644
--- a/source3/auth/server_info.c
+++ b/source3/auth/server_info.c
@@ -252,6 +252,83 @@ static NTSTATUS group_sids_to_info3(struct netr_SamInfo3 *info3,
return NT_STATUS_OK;
}
+/*
+ * Merge resource SIDs, if any, into the passed in info3 structure.
+ */
+
+static NTSTATUS merge_resource_sids(const struct PAC_LOGON_INFO *logon_info,
+ struct netr_SamInfo3 *info3)
+{
+ uint32_t i = 0;
+
+ if (!(logon_info->info3.base.user_flags & NETLOGON_RESOURCE_GROUPS)) {
+ return NT_STATUS_OK;
+ }
+
+ /*
+ * If there are any resource groups (SID Compression) add
+ * them to the extra sids portion of the info3 in the PAC.
+ *
+ * This makes the info3 look like it would if we got the info
+ * from the DC rather than the PAC.
+ */
+
+ /*
+ * Construct a SID for each RID in the list and then append it
+ * to the info3.
+ */
+ for (i = 0; i < logon_info->res_groups.count; i++) {
+ NTSTATUS status;
+ struct dom_sid new_sid;
+ uint32_t attributes = logon_info->res_groups.rids[i].attributes;
+
+ sid_compose(&new_sid,
+ logon_info->res_group_dom_sid,
+ logon_info->res_groups.rids[i].rid);
+
+ DEBUG(10, ("Adding SID %s to extra SIDS\n",
+ sid_string_dbg(&new_sid)));
+
+ status = append_netr_SidAttr(info3, &info3->sids,
+ &info3->sidcount,
+ &new_sid,
+ attributes);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(1, ("failed to append SID %s to extra SIDS: %s\n",
+ sid_string_dbg(&new_sid),
+ nt_errstr(status)));
+ return status;
+ }
+ }
+
+ return NT_STATUS_OK;
+}
+
+/*
+ * Create a copy of an info3 struct from the struct PAC_LOGON_INFO,
+ * then merge resource SIDs, if any, into it. If successful return
+ * the created info3 struct.
+ */
+
+NTSTATUS create_info3_from_pac_logon_info(TALLOC_CTX *mem_ctx,
+ const struct PAC_LOGON_INFO *logon_info,
+ struct netr_SamInfo3 **pp_info3)
+{
+ NTSTATUS status;
+ struct netr_SamInfo3 *info3 = copy_netr_SamInfo3(mem_ctx,
+ &logon_info->info3);
+ if (info3 == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ status = merge_resource_sids(logon_info, info3);
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(info3);
+ return status;
+ }
+ *pp_info3 = info3;
+ return NT_STATUS_OK;
+}
+
#define RET_NOMEM(ptr) do { \
if (!ptr) { \
TALLOC_FREE(info3); \
--
1.9.3
From fda9cefd3d4a0808af67595631dd755d5b73aacf Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Mon, 16 Jun 2014 23:15:21 -0700
Subject: [PATCH 4/5] s3: auth: Change auth3_generate_session_info_pac() to use
a copy of the info3 struct from the struct PAC_LOGON_INFO.
Call create_info3_from_pac_logon_info() to add in any resource SIDs
from the struct PAC_LOGON_INFO to the info3.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Simo Sorce <idra@samba.org>
---
source3/auth/auth_generic.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/source3/auth/auth_generic.c b/source3/auth/auth_generic.c
index 2880bc9..f841f0c 100644
--- a/source3/auth/auth_generic.c
+++ b/source3/auth/auth_generic.c
@@ -44,6 +44,7 @@ static NTSTATUS auth3_generate_session_info_pac(struct auth4_context *auth_ctx,
{
TALLOC_CTX *tmp_ctx;
struct PAC_LOGON_INFO *logon_info = NULL;
+ struct netr_SamInfo3 *info3_copy = NULL;
bool is_mapped;
bool is_guest;
char *ntuser;
@@ -101,7 +102,13 @@ static NTSTATUS auth3_generate_session_info_pac(struct auth4_context *auth_ctx,
/* save the PAC data if we have it */
if (logon_info) {
- netsamlogon_cache_store(ntuser, &logon_info->info3);
+ status = create_info3_from_pac_logon_info(tmp_ctx,
+ logon_info,
+ &info3_copy);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto done;
+ }
+ netsamlogon_cache_store(ntuser, info3_copy);
}
/* setup the string used by %U */
@@ -112,7 +119,7 @@ static NTSTATUS auth3_generate_session_info_pac(struct auth4_context *auth_ctx,
status = make_session_info_krb5(mem_ctx,
ntuser, ntdomain, username, pw,
- &logon_info->info3, is_guest, is_mapped, NULL /* No session key for now, caller will sort it out */,
+ info3_copy, is_guest, is_mapped, NULL /* No session key for now, caller will sort it out */,
session_info);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("Failed to map kerberos pac to server info (%s)\n",
--
1.9.3
From 9ed711f88685fc2d4860c9d6b7fa651bd2a52558 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Mon, 16 Jun 2014 23:27:35 -0700
Subject: [PATCH 5/5] s3: auth: Fix winbindd_pam_auth_pac_send() to create a
new info3 and merge in resource groups from a trusted PAC.
Based on a patch from Richard Sharpe <realrichardsharpe@gmail.com>.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Simo Sorce <idra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jun 18 03:30:36 CEST 2014 on sn-devel-104
---
source3/winbindd/winbindd_pam.c | 24 ++++++++++++++++++++++--
1 file changed, 22 insertions(+), 2 deletions(-)
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index c356686..0f1ca28 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -2421,6 +2421,7 @@ NTSTATUS winbindd_pam_auth_pac_send(struct winbindd_cli_state *state,
struct winbindd_request *req = state->request;
DATA_BLOB pac_blob;
struct PAC_LOGON_INFO *logon_info = NULL;
+ struct netr_SamInfo3 *info3_copy = NULL;
NTSTATUS result;
pac_blob = data_blob_const(req->extra_data.data, req->extra_len);
@@ -2434,7 +2435,13 @@ NTSTATUS winbindd_pam_auth_pac_send(struct winbindd_cli_state *state,
if (logon_info) {
/* Signature verification succeeded, trust the PAC */
- netsamlogon_cache_store(NULL, &logon_info->info3);
+ result = create_info3_from_pac_logon_info(state->mem_ctx,
+ logon_info,
+ &info3_copy);
+ if (!NT_STATUS_IS_OK(result)) {
+ return result;
+ }
+ netsamlogon_cache_store(NULL, info3_copy);
} else {
/* Try without signature verification */
@@ -2446,9 +2453,22 @@ NTSTATUS winbindd_pam_auth_pac_send(struct winbindd_cli_state *state,
nt_errstr(result)));
return result;
}
+ if (logon_info) {
+ /*
+ * Don't strictly need to copy here,
+ * but it makes it explicit we're
+ * returning a copy talloc'ed off
+ * the state->mem_ctx.
+ */
+ info3_copy = copy_netr_SamInfo3(state->mem_ctx,
+ &logon_info->info3);
+ if (info3_copy == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ }
}
- *info3 = &logon_info->info3;
+ *info3 = info3_copy;
return NT_STATUS_OK;
}
--
1.9.3
meta-oe/recipes-connectivity/samba/samba-4.1.12/14-fix-dnsupdate.patch
+51
View File
@@ -0,0 +1,51 @@
From 3bf805a38a1b901a55b08118ec04097d9787497c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
Date: Mon, 29 Sep 2014 17:16:15 +0200
Subject: [PATCH] s3-net: Force libkrb5 locator to use the same KDC for join
and DNS update.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
---
source3/utils/net_ads.c | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
index e96377f..efbc3d2 100644
--- a/source3/utils/net_ads.c
+++ b/source3/utils/net_ads.c
@@ -1566,6 +1566,27 @@ int net_ads_join(struct net_context *c, int argc, const char **argv)
* If the dns update fails, we still consider the join
* operation as succeeded if we came this far.
*/
+
+ if (r->out.dns_domain_name != NULL) {
+
+ /* Avoid potential libkrb5 issues finding a good KDC when we
+ * already found one during the join. When the locator plugin is
+ * installed (but winbind is not yet running) make sure we can
+ * force libkrb5 to reuse that KDC. - gd */
+
+ char *env;
+
+ env = talloc_asprintf_strupper_m(r,
+ "WINBINDD_LOCATOR_KDC_ADDRESS_%s",
+ r->out.dns_domain_name);
+ if (env == NULL) {
+ return -1;
+ }
+
+ setenv(env, r->in.ads->auth.kdc_server, 0);
+ setenv("_NO_WINBINDD", "1", 0);
+ }
+
_net_ads_join_dns_updates(c, ctx, r);
TALLOC_FREE(r);
--
1.9.3
meta-oe/recipes-connectivity/samba/samba-4.1.12/15-fix-netbios-name-truncation.patch
+154
View File
@@ -0,0 +1,154 @@
From 170166b8a0076089c6a8505f53a22f5b72c15786 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Tue, 28 Oct 2014 11:55:30 -0700
Subject: [PATCH] s3-nmbd: Fix netbios name truncation.
Try and cope with truncation more intelligently.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10896
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 6adcc7bffd5e1474ecba04d2328955c0b208cabc)
Signed-off-by: Andreas Schneider <asn@samba.org>
---
source3/nmbd/nmbd_nameregister.c | 76 +++++++++++++++++++++++++++++++++++-----
1 file changed, 68 insertions(+), 8 deletions(-)
diff --git a/source3/nmbd/nmbd_nameregister.c b/source3/nmbd/nmbd_nameregister.c
index 71c4751..8b078e6 100644
--- a/source3/nmbd/nmbd_nameregister.c
+++ b/source3/nmbd/nmbd_nameregister.c
@@ -482,17 +482,77 @@ void register_name(struct subnet_record *subrec,
{
struct nmb_name nmbname;
nstring nname;
+ size_t converted_size;
errno = 0;
- push_ascii_nstring(nname, name);
- if (errno == E2BIG) {
- unstring tname;
- pull_ascii_nstring(tname, sizeof(tname), nname);
- DEBUG(0,("register_name: NetBIOS name %s is too long. Truncating to %s\n",
- name, tname));
- make_nmb_name(&nmbname, tname, type);
- } else {
+ converted_size = push_ascii_nstring(nname, name);
+ if (converted_size != (size_t)-1) {
+ /* Success. */
make_nmb_name(&nmbname, name, type);
+ } else if (errno == E2BIG) {
+ /*
+ * Name converted to CH_DOS is too large.
+ * try to truncate.
+ */
+ char *converted_str_dos = NULL;
+ char *converted_str_unix = NULL;
+ bool ok;
+
+ converted_size = 0;
+
+ ok = convert_string_talloc(talloc_tos(),
+ CH_UNIX,
+ CH_DOS,
+ name,
+ strlen(name)+1,
+ &converted_str_dos,
+ &converted_size);
+ if (!ok) {
+ DEBUG(0,("register_name: NetBIOS name %s cannot be "
+ "converted. Failing to register name.\n",
+ name));
+ return;
+ }
+
+ /*
+ * As it's now CH_DOS codepage
+ * we truncate by writing '\0' at
+ * MAX_NETBIOSNAME_LEN-1 and then
+ * convert back to CH_UNIX which we
+ * need for the make_nmb_name() call.
+ */
+ if (converted_size >= MAX_NETBIOSNAME_LEN) {
+ converted_str_dos[MAX_NETBIOSNAME_LEN-1] = '\0';
+ }
+
+ ok = convert_string_talloc(talloc_tos(),
+ CH_DOS,
+ CH_UNIX,
+ converted_str_dos,
+ strlen(converted_str_dos)+1,
+ &converted_str_unix,
+ &converted_size);
+ if (!ok) {
+ DEBUG(0,("register_name: NetBIOS name %s cannot be "
+ "converted back to CH_UNIX. "
+ "Failing to register name.\n",
+ converted_str_dos));
+ TALLOC_FREE(converted_str_dos);
+ return;
+ }
+
+ make_nmb_name(&nmbname, converted_str_unix, type);
+
+ TALLOC_FREE(converted_str_dos);
+ TALLOC_FREE(converted_str_unix);
+ } else {
+ /*
+ * Generic conversion error. Fail to register.
+ */
+ DEBUG(0,("register_name: NetBIOS name %s cannot be "
+ "converted (%s). Failing to register name.\n",
+ name, strerror(errno)));
+ return;
}
/* Always set the NB_ACTIVE flag on the name we are
--
2.1.2
From 653a1c312e6b85f1d8113beec52a27e0ba71ef79 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Fri, 31 Oct 2014 11:01:26 -0700
Subject: [PATCH] s3: nmbd: Ensure NetBIOS names are only 15 characters stored.
This screws up if the name is greater than MAX_NETBIOSNAME_LEN-1 in the
unix charset, but less than or equal to MAX_NETBIOSNAME_LEN-1 in the DOS
charset, but this is so old we have to live with that.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10920
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 7467f6e72cba214eeca75c34e9d9fba354c7ef31)
Signed-off-by: Andreas Schneider <asn@samba.org>
---
source3/lib/util_names.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/source3/lib/util_names.c b/source3/lib/util_names.c
index cf54a0e..1392b48 100644
--- a/source3/lib/util_names.c
+++ b/source3/lib/util_names.c
@@ -60,7 +60,15 @@ static bool set_my_netbios_names(const char *name, int i)
{
SAFE_FREE(smb_my_netbios_names[i]);
- smb_my_netbios_names[i] = SMB_STRDUP(name);
+ /*
+ * Don't include space for terminating '\0' in strndup,
+ * it is automatically added. This screws up if the name
+ * is greater than MAX_NETBIOSNAME_LEN-1 in the unix
+ * charset, but less than or equal to MAX_NETBIOSNAME_LEN-1
+ * in the DOS charset, but this is so old we have to live
+ * with that.
+ */
+ smb_my_netbios_names[i] = SMB_STRNDUP(name, MAX_NETBIOSNAME_LEN-1);
if (!smb_my_netbios_names[i])
return False;
return strupper_m(smb_my_netbios_names[i]);
--
2.1.2
meta-oe/recipes-connectivity/samba/samba-4.1.12/16-do-not-check-xsltproc-manpages.patch
+52
View File
@@ -0,0 +1,52 @@
Don't check xsltproc manpages
Signed-off-by: Bian Naimeng <biannm@cn.fujitsu.com>
diff -Nurp samba-4.1.12.orig/lib/ldb/wscript samba-4.1.12/lib/ldb/wscript
--- samba-4.1.12.orig/lib/ldb/wscript 2014-07-28 16:13:45.000000000 +0900
+++ samba-4.1.12/lib/ldb/wscript 2015-04-23 17:08:45.277000225 +0900
@@ -56,7 +56,7 @@ def configure(conf):
conf.define('USING_SYSTEM_PYLDB_UTIL', 1)
if conf.env.standalone_ldb:
- conf.CHECK_XSLTPROC_MANPAGES()
+ #conf.CHECK_XSLTPROC_MANPAGES()
# we need this for the ldap backend
if conf.CHECK_FUNCS_IN('ber_flush ldap_open ldap_initialize', 'lber ldap', headers='lber.h ldap.h'):
diff -Nurp samba-4.1.12.orig/lib/ntdb/wscript samba-4.1.12/lib/ntdb/wscript
--- samba-4.1.12.orig/lib/ntdb/wscript 2013-12-05 18:16:48.000000000 +0900
+++ samba-4.1.12/lib/ntdb/wscript 2015-04-23 17:09:17.680000274 +0900
@@ -121,7 +121,7 @@ def configure(conf):
Logs.warn('Disabling pyntdb as python devel libs not found')
conf.env.disable_python = True
- conf.CHECK_XSLTPROC_MANPAGES()
+ #conf.CHECK_XSLTPROC_MANPAGES()
# This make #include <ccan/...> work.
conf.ADD_EXTRA_INCLUDES('''#lib''')
diff -Nurp samba-4.1.12.orig/lib/talloc/wscript samba-4.1.12/lib/talloc/wscript
--- samba-4.1.12.orig/lib/talloc/wscript 2013-12-05 18:16:48.000000000 +0900
+++ samba-4.1.12/lib/talloc/wscript 2015-04-23 17:08:21.781000339 +0900
@@ -55,7 +55,7 @@ def configure(conf):
if conf.env.standalone_talloc:
conf.env.TALLOC_COMPAT1 = Options.options.TALLOC_COMPAT1
- conf.CHECK_XSLTPROC_MANPAGES()
+ #conf.CHECK_XSLTPROC_MANPAGES()
if not conf.env.disable_python:
# also disable if we don't have the python libs installed
diff -Nurp samba-4.1.12.orig/lib/tdb/wscript samba-4.1.12/lib/tdb/wscript
--- samba-4.1.12.orig/lib/tdb/wscript 2013-12-05 18:16:48.000000000 +0900
+++ samba-4.1.12/lib/tdb/wscript 2015-04-23 17:09:02.538000343 +0900
@@ -43,7 +43,7 @@ def configure(conf):
conf.env.disable_python = getattr(Options.options, 'disable_python', False)
- conf.CHECK_XSLTPROC_MANPAGES()
+ #conf.CHECK_XSLTPROC_MANPAGES()
if not conf.env.disable_python:
# also disable if we don't have the python libs installed
meta-oe/recipes-connectivity/samba/samba-4.1.12/17-execute-prog-by-qemu.patch
+22
View File
@@ -0,0 +1,22 @@
samba: execute prog on target directly is impossible.
Signed-off-by: Bian Naimeng <biannm@cn.fujitsu.com>
diff -Nurp samba-4.1.12.orig/lib/ccan/wscript samba-4.1.12/lib/ccan/wscript
--- samba-4.1.12.orig/lib/ccan/wscript 2013-06-13 18:21:02.000000000 +0900
+++ samba-4.1.12/lib/ccan/wscript 2015-04-27 14:26:25.123000238 +0900
@@ -127,10 +127,10 @@ def configure(conf):
# Only check for FILE_OFFSET_BITS=64 if off_t is normally small:
# use raw routines because wrappers include previous _GNU_SOURCE
# or _FILE_OFFSET_BITS defines.
- conf.check(fragment="""#include <sys/types.h>
- int main(void) { return !(sizeof(off_t) < 8); }""",
- execute=True, msg='Checking for small off_t',
- define_name='SMALL_OFF_T')
+ conf.CHECK_CODE("""#include <sys/types.h>
+ int main(void) { return !(sizeof(off_t) < 8); }""",
+ link=True, execute=True, addmain=False, msg='Checking for small off_t',
+ define='HAVE_SMALL_OFF_T')
# Unreliable return value above, hence use define.
if conf.CONFIG_SET('SMALL_OFF_T'):
conf.check(fragment="""#include <sys/types.h>
meta-oe/recipes-connectivity/samba/samba-4.1.12/18-avoid-get-config-by-native-ncurses.patch
+22
View File
@@ -0,0 +1,22 @@
waf trys to get package's configuration by native ncurses6-config.
it will make native header files and library be used.
Signed-off-by: Bian Naimeng <biannm@cn.fujitsu.com>
--- samba-4.1.12.orig/source3/wscript_configure_system_ncurses 2013-12-05 18:16:48.000000000 +0900
+++ samba-4.1.12/source3/wscript_configure_system_ncurses 2015-04-29 16:12:22.619000250 +0900
@@ -2,14 +2,6 @@ import Logs, Options, sys
Logs.info("Looking for ncurses features")
-conf.find_program('ncurses5-config', var='NCURSES_CONFIG')
-if not conf.env.NCURSES_CONFIG:
- conf.find_program('ncurses6-config', var='NCURSES_CONFIG')
-
-if conf.env.NCURSES_CONFIG:
- conf.check_cfg(path=conf.env.NCURSES_CONFIG, args="--cflags --libs",
- package="", uselib_store="NCURSES")
-
conf.CHECK_HEADERS('ncurses.h menu.h panel.h form.h', lib='ncurses')
conf.CHECK_FUNCS_IN('initscr', 'ncurses')
meta-oe/recipes-connectivity/samba/samba-4.1.12/19-systemd-daemon-is-contained-by-libsystemd.patch
+42
View File
@@ -0,0 +1,42 @@
systemd-daemon is contained by libsystemd, so we just need link libsystemd to
obtain the implementation of systemd-daemon's function.
Signed-off-by: Bian Naimeng <biannm@cn.fujitsu.com>
diff -Nurp samba-4.1.12.orig/lib/util/wscript_build samba-4.1.12/lib/util/wscript_build
--- samba-4.1.12.orig/lib/util/wscript_build 2014-09-08 18:26:14.000000000 +0900
+++ samba-4.1.12/lib/util/wscript_build 2015-04-29 16:16:58.303000207 +0900
@@ -10,7 +10,7 @@ bld.SAMBA_LIBRARY('samba-util',
server_id.c dprintf.c parmlist.c bitmap.c pidfile.c
tevent_debug.c util_process.c memcache.c''',
deps='DYNCONFIG',
- public_deps='talloc tevent execinfo uid_wrapper pthread LIBCRYPTO charset util_setid systemd-daemon',
+ public_deps='talloc tevent execinfo uid_wrapper pthread LIBCRYPTO charset util_setid systemd',
public_headers='debug.h attr.h byteorder.h data_blob.h memory.h safe_string.h time.h talloc_stack.h xfile.h dlinklist.h samba_util.h string_wrappers.h',
header_path= [ ('dlinklist.h samba_util.h', '.'), ('*', 'util') ],
local_include=False,
diff -Nurp samba-4.1.12.orig/wscript samba-4.1.12/wscript
--- samba-4.1.12.orig/wscript 2014-07-28 16:13:45.000000000 +0900
+++ samba-4.1.12/wscript 2015-04-29 16:17:52.338000264 +0900
@@ -183,16 +183,16 @@ def configure(conf):
conf.env['ENABLE_PIE'] = True
if Options.options.enable_systemd != False:
- conf.check_cfg(package='libsystemd-daemon', args='--cflags --libs',
- msg='Checking for libsystemd-daemon', uselib_store="SYSTEMD-DAEMON")
- conf.CHECK_HEADERS('systemd/sd-daemon.h', lib='systemd-daemon')
- conf.CHECK_LIB('systemd-daemon', shlib=True)
+ conf.check_cfg(package='libsystemd', args='--cflags --libs',
+ msg='Checking for libsystemd', uselib_store="SYSTEMD-DAEMON")
+ conf.CHECK_HEADERS('systemd/sd-daemon.h', lib='systemd')
+ conf.CHECK_LIB('systemd', shlib=True)
if conf.CONFIG_SET('HAVE_SYSTEMD_SD_DAEMON_H'):
conf.DEFINE('HAVE_SYSTEMD', '1')
conf.env['ENABLE_SYSTEMD'] = True
else:
- conf.SET_TARGET_TYPE('systemd-daemon', 'EMPTY')
+ conf.SET_TARGET_TYPE('systemd', 'EMPTY')
conf.undefine('HAVE_SYSTEMD')
conf.SAMBA_CONFIG_H('include/config.h')
meta-oe/recipes-connectivity/samba/samba-4.1.12/20-do-not-import-target-module-while-cross-compile.patch
Executable
+57
View File
@@ -0,0 +1,57 @@
Some modules such as dynamic library maybe cann't be imported while cross compile,
we just check whether does the module exist.
Signed-off-by: Bian Naimeng <biannm@cn.fujitsu.com>
--- samba-4.1.12.orig/buildtools/wafsamba/samba_bundled.py 2013-06-13 17:21:02.000000000 +0800
+++ samba-4.1.12/buildtools/wafsamba/samba_bundled.py 2015-07-16 16:57:06.649092158 +0800
@@ -1,7 +1,7 @@
# functions to support bundled libraries
from Configure import conf
-import sys, Logs
+import sys, Logs, imp
from samba_utils import *
def PRIVATE_NAME(bld, name, private_extension, private_library):
@@ -228,17 +228,32 @@ def CHECK_BUNDLED_SYSTEM_PYTHON(conf, li
# versions
minversion = minimum_library_version(conf, libname, minversion)
- try:
- m = __import__(modulename)
- except ImportError:
- found = False
- else:
+ # Find module in PYTHONPATH
+ stuff = imp.find_module(modulename, [os.environ["PYTHONPATH"]])
+ if stuff:
try:
- version = m.__version__
- except AttributeError:
+ m = imp.load_module(modulename, stuff[0], stuff[1], stuff[2])
+ except ImportError:
found = False
+
+ if conf.env.CROSS_COMPILE:
+ # Some modules such as dynamic library maybe cann't be imported
+ # while cross compile, we just check whether the module exist
+ Logs.warn('Cross module[%s] has been found, but can not be loaded.' % (stuff[1]))
+ found = True
else:
- found = tuplize_version(version) >= tuplize_version(minversion)
+ try:
+ version = m.__version__
+ except AttributeError:
+ found = False
+ else:
+ found = tuplize_version(version) >= tuplize_version(minversion)
+ finally:
+ if stuff[0]:
+ stuff[0].close()
+ else:
+ found = False
+
if not found and not conf.LIB_MAY_BE_BUNDLED(libname):
Logs.error('ERROR: Python module %s of version %s not found, and bundling disabled' % (libname, minversion))
sys.exit(1)
meta-oe/recipes-connectivity/samba/samba-basic.inc
-71
View File
@@ -1,71 +0,0 @@
SRC_URI += "file://config-lfs.patch \
file://quota.patch;striplevel=0 \
"
EXTRA_OECONF += "\
--enable-nss-wrapper \
--without-ads \
--with-winbind \
--without-ldap \
--without-krb5"
PACKAGES =+ "libwbclient libwinbind libwinbind-dbg libnss-winbind winbind winbind-dbg \
libnetapi libtdb libtevent libsmbsharemodes libsmbclient libsmbclient-dev \
cifs cifs-doc swat ${PN}-base"
RDEPENDS_${PN} += "${PN}-base"
FILES_${PN}-base = "${sbindir}/nmbd \
${sbindir}/smbd \
${sysconfdir}/default \
${sysconfdir}/samba \
${sysconfdir}/init.d/samba \
${localstatedir}/lib/samba \
${localstatedir}/log/samba \
${localstatedir}/nmbd \
${localstatedir}/spool/samba \
"
FILES_winbind-dbg = "${libdir}/idmap/.debug/*.so \
${libdir}/security/.debug/pam_winbind.so \
"
FILES_${PN} += "${libdir}/vfs/*.so \
${libdir}/charset/*.so \
${libdir}/*.dat \
${libdir}/auth/*.so \
${libdir}/security/pam_smbpass.so \
"
FILES_${PN}-dbg += "${libdir}/vfs/.debug/*.so \
${libdir}/charset/.debug/*.so \
${libdir}/auth/.debug/*.so \
${libdir}/security/.debug/pam_smbpass.so \
"
FILES_libwbclient = "${libdir}/libwbclient.so.*"
FILES_libnetapi = "${libdir}/libnetapi.so.*"
FILES_libsmbsharemodes = "${libdir}/libsmbsharemodes.so.*"
FILES_libtdb = "${libdir}/libtdb.so.*"
FILES_libtevent = "${libdir}/libtevent.so.*"
FILES_cifs = "${base_sbindir}/mount.cifs ${base_sbindir}/umount.cifs"
FILES_cifs-doc = "${mandir}/man8/mount.cifs.8 ${mandir}/man8/umount.cifs.8"
FILES_libsmbclient = "${libdir}/libsmbclient.so.*"
FILES_libsmbclient-dev = "${libdir}/libsmbclient.so ${includedir}"
FILES_winbind = "${sbindir}/winbindd \
${bindir}/wbinfo \
${bindir}/ntlm_auth \
${sysconfdir}/init.d/winbind \
${systemd_unitdir}/system/winbind.service \
"
FILES_libwinbind = "${libdir}/idmap/*.so \
${libdir}/pdb \
${libdir}/gpext \
${libdir}/perfcount \
${libdir}/security/pam_winbind.so \
"
FILES_libnss-winbind = "${libdir}/libnss_*${SOLIBS} \
${libdir}/nss_info"
FILES_swat = "${sbindir}/swat ${datadir}/swat ${libdir}/*.msg"
meta-oe/recipes-connectivity/samba/samba.inc
-161
View File
@@ -1,161 +0,0 @@
SECTION = "console/network"
LICENSE = "GPL-3.0"
DEPENDS = "readline virtual/libiconv zlib popt"
SAMBA_MIRROR = "http://samba.org/samba/ftp"
MIRRORS += "\
${SAMBA_MIRROR} http://mirror.internode.on.net/pub/samba \n \
${SAMBA_MIRROR} http://www.mirrorservice.org/sites/ftp.samba.org \n \
"
SRC_URI = "${SAMBA_MIRROR}/stable/samba-${PV}.tar.gz \
file://volatiles.03_samba \
file://smb.conf \
file://init.samba \
file://init.winbind \
file://tdb.pc \
file://nmb.service \
file://smb.service \
file://winbind.service \
"
S = "${WORKDIR}/samba-${PV}/source"
inherit autotools-brokensep update-rc.d systemd
SYSTEMD_PACKAGES = "${PN}-base winbind"
SYSTEMD_SERVICE_${PN}-base = "nmb.service smb.service"
SYSTEMD_SERVICE_winbind = "winbind.service"
SAMBAMMAP = "no"
SAMBAMMAP_libc-glibc = "yes"
# The file system settings --foodir=dirfoo and overridden unconditionally
# in the samba config by --with-foodir=dirfoo - even if the --with is not
# specified! Fix that here. Set the privatedir to /etc/samba/private.
EXTRA_OECONF='--disable-cups \
--with-readline=${STAGING_LIBDIR}/.. \
--with-libiconv=${STAGING_LIBDIR}/.. \
--without-automount \
--with-configdir=${sysconfdir}/samba \
--with-privatedir=${sysconfdir}/samba/private \
--with-lockdir=${localstatedir}/lock \
--with-piddir=${localstatedir}/run \
--with-logfilebase=${localstatedir}/log/samba \
--libdir=${libdir} \
--with-mandir=${mandir} \
--with-swatdir=${datadir}/swat \
--with-aio-support \
--with-winbind \
--with-wbclient \
--without-acl-support \
--disable-avahi \
samba_cv_struct_timespec=yes \
libreplace_cv_HAVE_MMAP=${SAMBAMMAP}'
PACKAGECONFIG = "${@base_contains('DISTRO_FEATURES', 'pam', 'pam', '', d)}"
PACKAGECONFIG[pam] = "--with-pam,--without-pam,libpam"
PACKAGECONFIG[fam] = "--enable-fam,--disable-fam,gamin"
PACKAGECONFIG[talloc] = "--enable-external-libtalloc --with-libtalloc, --disable-external-libtalloc --without-libtalloc, talloc"
PACKAGECONFIG[valgrind] = "ac_cv_header_valgrind_valgrind_h=yes ac_cv_header_valgrind_memcheck_h=yes, \
ac_cv_header_valgrind_valgrind_h=no ac_cv_header_valgrind_memcheck_h=no, valgrind"
INITSCRIPT_PACKAGES = "${PN}-base winbind"
INITSCRIPT_NAME_${PN}-base = "samba"
INITSCRIPT_NAME_winbind = "winbind"
# No dependencies, goes in at level 20 (NOTE: take care with the
# level, later levels put the shutdown later too - see the links
# in rc6.d, the shutdown must precede network shutdown).
INITSCRIPT_PARAMS = "defaults"
CONFFILES_${PN}-base = "${sysconfdir}/samba/smb.conf"
do_configure_prepend () {
./script/mkversion.sh
if [ ! -e acinclude.m4 ]; then
touch aclocal.m4
cat aclocal.m4 > acinclude.m4
fi
}
do_compile () {
oe_runmake proto_exists
base_do_compile
}
do_install_append() {
install -d ${D}${libdir}/pkgconfig/
cp ${WORKDIR}/tdb.pc ${D}${libdir}/pkgconfig/
mv ${D}${libdir}/libsmbclient.so ${D}${libdir}/libsmbclient.so.0 || true
ln -sf libsmbclient.so.0 ${D}${libdir}/libsmbclient.so
mkdir -p ${D}${base_sbindir}
rm -f ${D}${bindir}/*.old
rm -f ${D}${sbindir}/*.old
[ -f ${D}${sbindir}/mount.cifs ] && mv ${D}${sbindir}/mount.cifs ${D}${base_sbindir}/
[ -f ${D}${sbindir}/umount.cifs ] && mv ${D}${sbindir}/umount.cifs ${D}${base_sbindir}/
# This is needed for < 3.2.4
rm -f ${D}${sbindir}/mount.smbfs ${D}${base_sbindir}/mount.smbfs
if [ -f ${D}${bindir}/smbmount ]; then
ln -sf ${bindir}/smbmount ${D}${base_sbindir}/mount.smb
ln -sf ${bindir}/smbmount ${D}${base_sbindir}/mount.smbfs
fi
install -D -m 755 ${WORKDIR}/init.samba ${D}${sysconfdir}/init.d/samba
install -D -m 755 ${WORKDIR}/init.winbind ${D}${sysconfdir}/init.d/winbind
install -D -m 644 ${WORKDIR}/smb.conf ${D}${sysconfdir}/samba/smb.conf
install -D -m 644 ${WORKDIR}/volatiles.03_samba ${D}${sysconfdir}/default/volatiles/volatiles.03_samba
install -d ${D}/var/log/samba
install -d ${D}/var/spool/samba
# Install other stuff not installed by "make install"
if [ -d ${WORKDIR}/${PN}-${PV}/nsswitch ]; then
install -m 0644 ${WORKDIR}/${PN}-${PV}/nsswitch/libnss_winbind.so ${D}${libdir}/libnss_winbind.so.2
install -m 0644 ${WORKDIR}/${PN}-${PV}/nsswitch/libnss_wins.so ${D}${libdir}/libnss_wins.so.2
fi
rmdir --ignore-fail-on-non-empty ${D}${base_sbindir}
sed -i -e '1s,#!.*perl,#!${USRBINPATH}/env perl,' ${D}${bindir}/findsmb
# usershare mount place
mkdir -p ${D}${localstatedir}/lib/samba/usershares
# Remove sysinit script if sysvinit is not in DISTRO_FEATURES
if ${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', 'false', 'true', d)}; then
rm -rf ${D}${sysconfdir}/init.d/
fi
install -d ${D}${systemd_unitdir}/system
for i in nmb smb winbind; do
install -m 0644 ${WORKDIR}/$i.service ${D}${systemd_unitdir}/system
done
sed -e 's,@BASE_BINDIR@,${base_bindir},g' \
-e 's,@SBINDIR@,${sbindir},g' \
-i ${D}${systemd_unitdir}/system/*.service
if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
install -d ${D}${sysconfdir}/tmpfiles.d
echo "d ${localstatedir}/log/samba 0755 root root -" \
> ${D}${sysconfdir}/tmpfiles.d/99-${BPN}.conf
fi
}
DEPENDS_append = " ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd-systemctl-native', '', d)}"
pkg_postinst_${PN}-base () {
if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd sysvinit', 'true', 'false', d)}; then
if [ -n "$D" ]; then
OPTS="--root=$D"
fi
systemctl $OPTS mask samba.service
fi
}
pkg_postinst_libnss-winbind () {
# add wins to the list of resolvers
ns=$D${sysconfdir}/nsswitch.conf
if ! grep "hosts:.*wins" $ns > /dev/null; then
hosts="`grep '^hosts:' $ns`"
hosts=`echo "$hosts" | sed 's/\[/\\\\[/g; s/\]/\\\\]/g'`
sed -i "s/$hosts/$hosts wins/" "$ns"
fi
}
meta-oe/recipes-connectivity/samba/samba/0001-PIDL-fix-parsing-linemarkers-in-preprocessor-output.patch
-68
View File
@@ -1,68 +0,0 @@
Upstream-Status: Backport
From b07ade6e6fcc8b844cf1fb8b6038617281c4c2d0 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <ab@samba.org>
Date: Wed, 6 Feb 2013 10:17:57 +0200
Subject: [PATCH] PIDL: fix parsing linemarkers in preprocessor output
Commit b07ade6e6fcc8b844cf1fb8b6038617281c4c2d0 v3-6-stable
When PIDL calls out to C preprocessor to expand IDL files
and parse the output, it filters out linemarkers and line control
information as described in http://gcc.gnu.org/onlinedocs/cpp/Preprocessor-Output.html
and http://gcc.gnu.org/onlinedocs/cpp/Line-Control.html#Line-Control
With gcc 4.8 stdc-predef.h is included automatically and linemarker for the
file has extended flags that PIDL couldn't parse ('system header that needs to
be extern "C" protected for C++')
Thanks to Jakub Jelinek <jakub@redhat.com> for explanation of the linemarker format.
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=906517
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 6ba7ab5c14801aecae96373d5a9db7ab82957526)
Signed-off-by: Andreas Schneider <asn@samba.org>
Fix bug #9636 - pidl can't parse new linemarkers in preprocessor output.
(cherry picked from commit 643571470f2e4cd2f58bd60ac7189abb826d33cc)
(cherry picked from commit b5a8afd6550e9091d169d3010751913bb483fc4b)
---
pidl/idl.yp | 4 +++-
pidl/lib/Parse/Pidl/IDL.pm | 4 +++-
2 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/pidl/idl.yp b/pidl/idl.yp
index b5c5185..c8a65f6 100644
--- a/pidl/idl.yp
+++ b/pidl/idl.yp
@@ -610,7 +610,9 @@ again:
for ($parser->YYData->{INPUT}) {
if (/^\#/) {
- if (s/^\# (\d+) \"(.*?)\"( \d+|)//) {
+ # Linemarker format is described at
+ # http://gcc.gnu.org/onlinedocs/cpp/Preprocessor-Output.html
+ if (s/^\# (\d+) \"(.*?)\"(( \d+){1,4}|)//) {
$parser->YYData->{LINE} = $1-1;
$parser->YYData->{FILE} = $2;
goto again;
diff --git a/pidl/lib/Parse/Pidl/IDL.pm b/pidl/lib/Parse/Pidl/IDL.pm
index d4820ff..6927c89 100644
--- a/pidl/lib/Parse/Pidl/IDL.pm
+++ b/pidl/lib/Parse/Pidl/IDL.pm
@@ -2576,7 +2576,9 @@ again:
for ($parser->YYData->{INPUT}) {
if (/^\#/) {
- if (s/^\# (\d+) \"(.*?)\"( \d+|)//) {
+ # Linemarker format is described at
+ # http://gcc.gnu.org/onlinedocs/cpp/Preprocessor-Output.html
+ if (s/^\# (\d+) \"(.*?)\"(( \d+){1,4}|)//) {
$parser->YYData->{LINE} = $1-1;
$parser->YYData->{FILE} = $2;
goto again;
--
1.7.5.4
meta-oe/recipes-connectivity/samba/samba/Managing-Samba.txt
-40
View File
@@ -1,40 +0,0 @@
This device is running a bare-bone Samba server which allows easy
transfer of files and directories between any networked desktop PC and
your networked PDA.
Since it is generally a bad idea to allow everyone read and write access
to your PDA, you will have to configure at least one user to get access to
any shared folder.
How to create a Samba user with password:
- If you haven't already created a non-root user, do so now:
root@poodle:/usr/bin# adduser testuser
Changing password for testuser
Enter the new password (minimum of 5, maximum of 8 characters)
Please use a combination of upper and lower case letters and numbers.
Enter new password:
Bad password: too short.
Warning: weak password (continuing).
Re-enter new password:
Password changed.
root@poodle:/usr/bin#
- Note that the password you entered will _not_ be your samba password.
Samba uses its own password database.
- Add a Samba password for your user:
root@poodle:/usr/bin# smbpasswd -a testuser
New SMB password:
Retype new SMB password:
Added user testuser.
root@poodle:/usr/bin#
- After you have added your new samba user, you'll have to restart the samba
server by running "/etc/init.d/samba restart" or by rebooting the device
- Use the newly created username / password combination to access your network
shares. Please note the the Samba username must also exist as a unix username!
meta-oe/recipes-connectivity/samba/samba/cifs.patch
-10
View File
@@ -1,10 +0,0 @@
--- source/client/mount.cifs.c.old 2004-11-28 02:33:52.000000000 +1030
+++ source/client/mount.cifs.c 2004-11-28 02:33:59.000000000 +1030
@@ -36,6 +36,7 @@
#include <string.h>
#include <mntent.h>
#include <fcntl.h>
+#include <linux/limits.h>
#define MOUNT_CIFS_VERSION_MAJOR "1"
#define MOUNT_CIFS_VERSION_MINOR "2"
meta-oe/recipes-connectivity/samba/samba/config-h.patch
-12
View File
@@ -1,12 +0,0 @@
diff -urN source.old//include/config.h.in source//include/config.h.in
--- source.old//include/config.h.in 2008-11-20 14:45:04.000000000 +0000
+++ source//include/config.h.in 2008-11-30 21:04:17.990008933 +0000
@@ -2672,7 +2672,7 @@
#undef USE_SETEUID
/* Whether setresuid() is available */
-#undef USE_SETRESUID
+#define USE_SETRESUID 1
/* Whether setreuid() is available */
#undef USE_SETREUID
meta-oe/recipes-connectivity/samba/samba/config-lfs.patch
-47
View File
@@ -1,47 +0,0 @@
Cache the check for Linux LFS support, so it can be prepopulated from
the site cache for configure variables for cross-compiling. Without this,
samba gets the idea that it can use dirent64 and friends without defining
the flags it needs to get it, such as _GNU_SOURCE and _LARGEFILE64_SOURCE.
Symptoms of getting the configuration wrong on cross-compile inculde
warnings such as
smbd/trans2.c: In function `get_lanman2_dir_entry':
smbd/trans2.c:1065: warning: right shift count >= width of type
and errors like
smbd/vfs.c:630: error: dereferencing pointer to incomplete type
(when trying to dereference dirent64.)
--- source/configure.in.orig 2005-05-29 14:46:18.000000000 -0700
+++ source/configure.in 2005-05-29 14:51:57.000000000 -0700
@@ -588,7 +588,7 @@
# Tests for linux LFS support. Need kernel 2.4 and glibc2.2 or greater support.
#
*linux*)
- AC_MSG_CHECKING([for LFS support])
+ AC_CACHE_CHECK([for LFS support], samba_cv_LINUX_LFS_SUPPORT,[
old_CPPFLAGS="$CPPFLAGS"
CPPFLAGS="-D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE $CPPFLAGS"
AC_TRY_RUN([
@@ -627,15 +627,14 @@
exit(1);
#endif
}
-], [LINUX_LFS_SUPPORT=yes], [LINUX_LFS_SUPPORT=no], [LINUX_LFS_SUPPORT=cross])
- CPPFLAGS="$old_CPPFLAGS"
- if test x$LINUX_LFS_SUPPORT = xyes ; then
+], [samba_cv_LINUX_LFS_SUPPORT=yes], [samba_cv_LINUX_LFS_SUPPORT=no], [samba_cv_LINUX_LFS_SUPPORT=cross])
+ CPPFLAGS="$old_CPPFLAGS"])
+ if test x"$samba_cv_LINUX_LFS_SUPPORT" = x"yes" ; then
CPPFLAGS="-D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE $CPPFLAGS"
AC_DEFINE(_LARGEFILE64_SOURCE, 1, [Whether to enable large file support])
AC_DEFINE(_FILE_OFFSET_BITS, 64, [File offset bits])
AC_DEFINE(_GNU_SOURCE, 1, [Whether to use GNU libc extensions])
fi
- AC_MSG_RESULT([$LINUX_LFS_SUPPORT])
;;
#
meta-oe/recipes-connectivity/samba/samba/configure-3.3.0.patch
-85
View File
@@ -1,85 +0,0 @@
diff -urN source.old//configure source//configure
--- source.old//configure 2009-01-27 07:53:11.000000000 +0000
+++ source//configure 2009-01-31 21:07:25.811887936 +0000
@@ -43860,13 +43860,7 @@
*linux*)
# glibc <= 2.3.2 has a broken getgrouplist
if test "$cross_compiling" = yes; then
- { { $as_echo "$as_me:$LINENO: error: in \`$ac_pwd':" >&5
-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
-{ { $as_echo "$as_me:$LINENO: error: cannot run test program while cross compiling
-See \`config.log' for more details." >&5
-$as_echo "$as_me: error: cannot run test program while cross compiling
-See \`config.log' for more details." >&2;}
- { (exit 1); exit 1; }; }; }
+linux_getgrouplist_ok=no
else
cat >conftest.$ac_ext <<_ACEOF
/* confdefs.h. */
diff -urN source.old//configure.in source//configure.in
--- source.old//configure.in 2009-01-26 13:56:34.000000000 +0000
+++ source//configure.in 2009-01-31 21:04:39.051889949 +0000
@@ -280,6 +280,8 @@
fi
AC_SUBST(BROKEN_CC)
+AC_TRY_COMPILE([],[(void)sizeof(char[-1])],AC_MSG_ERROR([configure's compilation assert doesn't work with $CC]))
+
dnl Check if the C compiler understands -Werror
AC_CACHE_CHECK([that the C compiler understands -Werror],samba_cv_HAVE_Werror, [
AC_TRY_RUN_STRICT([
@@ -330,25 +332,11 @@
# a runtime test is needed here
AC_SUBST(PIDL_ARGS)
AC_CACHE_CHECK([that the C compiler understands negative enum values],samba_cv_CC_NEGATIVE_ENUM_VALUES, [
- AC_TRY_RUN(
+ AC_TRY_COMPILE([],
[
- #include <stdio.h>
enum negative_values { NEGATIVE_VALUE = 0xFFFFFFFF };
- int main(void) {
- enum negative_values v1 = NEGATIVE_VALUE;
- unsigned v2 = NEGATIVE_VALUE;
-
- if (v1 != 0xFFFFFFFF) {
- printf("%u != 0xFFFFFFFF\n", v1);
- return 1;
- }
- if (v2 != 0xFFFFFFFF) {
- printf("%u != 0xFFFFFFFF\n", v2);
- return 1;
- }
-
- return 0;
- }
+ (void)sizeof(char[1-2*( (unsigned)NEGATIVE_VALUE != 0xFFFFFFFF)]);
+ (void)sizeof(char[1-2*((enum negative_values)NEGATIVE_VALUE != 0xFFFFFFFF)]);
],
samba_cv_CC_NEGATIVE_ENUM_VALUES=yes,samba_cv__CC_NEGATIVE_ENUM_VALUES=no)])
if test x"$samba_cv_CC_NEGATIVE_ENUM_VALUES" != x"yes"; then
@@ -1224,22 +1212,12 @@
case "$host_os" in
*linux*)
# glibc <= 2.3.2 has a broken getgrouplist
- AC_TRY_RUN([
-#include <unistd.h>
+ AC_TRY_COMPILE([
#include <sys/utsname.h>
-main() {
- /* glibc up to 2.3 has a broken getgrouplist */
+],[
#if defined(__GLIBC__) && defined(__GLIBC_MINOR__)
- int libc_major = __GLIBC__;
- int libc_minor = __GLIBC_MINOR__;
-
- if (libc_major < 2)
- exit(1);
- if ((libc_major == 2) && (libc_minor <= 3))
- exit(1);
+ (void)sizeof(char[1-2*(__GLIBC__ < 2 || __GLIBC__ == 2 && __GLIBC_MINOR__ <= 3)]);
#endif
- exit(0);
-}
], [linux_getgrouplist_ok=yes], [linux_getgrouplist_ok=no])
if test x"$linux_getgrouplist_ok" = x"yes"; then
AC_DEFINE(HAVE_GETGROUPLIST, 1, [Have good getgrouplist])
meta-oe/recipes-connectivity/samba/samba/init.samba
-58
View File
@@ -1,58 +0,0 @@
#! /bin/sh
#
# This is an init script for openembedded
# Copy it to /etc/init.d/samba and type
# > update-rc.d samba defaults 60
#
smbd=/usr/sbin/smbd
test -x "$smbd" || exit 0
nmbd=/usr/sbin/nmbd
test -x "$nmbd" || exit 0
case "$1" in
start)
echo -n "Starting Samba: smbd"
start-stop-daemon --start --quiet --exec $smbd
echo -n " nmbd"
start-stop-daemon --start --quiet --exec $nmbd
echo "."
;;
stop)
echo -n "Stopping Samba: smbd"
start-stop-daemon --stop --quiet --pidfile /var/run/smbd.pid
echo -n " nmbd"
start-stop-daemon --stop --quiet --pidfile /var/run/nmbd.pid
echo "."
;;
reload|force-reload)
start-stop-daemon --stop --quiet --signal 1 --exec $smbd
start-stop-daemon --stop --quiet --signal 1 --exec $nmbd
;;
restart)
echo -n "Stopping Samba: smbd"
start-stop-daemon --stop --quiet --pidfile /var/run/smbd.pid
echo -n " nmbd"
start-stop-daemon --stop --quiet --pidfile /var/run/nmbd.pid
echo ""
echo -n "Waiting for samba processes to die off"
for i in 1 2 3 ;
do
sleep 1
echo -n "."
done
echo ""
echo -n "Starting Samba: smbd"
start-stop-daemon --start --quiet --exec $smbd
echo -n " nmbd"
start-stop-daemon --start --quiet --exec $nmbd
echo "."
;;
*)
echo "Usage: /etc/init.d/samba {start|stop|reload|restart|force-reload}"
exit 1
esac
exit 0
meta-oe/recipes-connectivity/samba/samba/init.winbind
-38
View File
@@ -1,38 +0,0 @@
#! /bin/sh
### BEGIN INIT INFO
# Provides: winbind
# Required-Start: $network $remote_fs $syslog
# Required-Stop: $network $remote_fs $syslog
# Should-Start: samba
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: start Winbind daemon
### END INIT INFO
winbind=/usr/sbin/winbindd
test -x "$winbind" || exit 0
case "$1" in
start)
echo -n "Starting Winbind... "
start-stop-daemon --start --quiet --exec $winbind
echo "done"
;;
stop)
echo -n "Stopping Winbind... "
start-stop-daemon --stop --quiet --pidfile /var/run/winbind.pid
echo "done"
;;
reload|force-reload)
start-stop-daemon --stop --quiet --signal 1 --exec $winbind
;;
restart)
$0 stop && sleep 2 && $0 start
;;
*)
echo "Usage: /etc/init.d/winbind {start|stop|reload|restart|force-reload}"
exit 1
esac
exit 0
meta-oe/recipes-connectivity/samba/samba/mtab.patch
-11
View File
@@ -1,11 +0,0 @@
diff -urN source/client/mtab.c samba-3.2.7//source/client/mtab.c
--- source/client/mtab.c 2008-12-19 13:57:33.000000000 +0000
+++ source/client/mtab.c 2009-01-09 23:14:00.717671075 +0000
@@ -32,6 +32,7 @@
#include <errno.h>
#include <stdio.h>
#include <sys/time.h>
+#include <sys/stat.h>
#include <time.h>
#include <fcntl.h>
#include <mntent.h>
meta-oe/recipes-connectivity/samba/samba/nmb.service
-12
View File
@@ -1,12 +0,0 @@
[Unit]
Description=Samba NMB Daemon
After=syslog.target network.target
[Service]
Type=forking
PIDFile=/var/run/nmbd.pid
ExecStart=@SBINDIR@/nmbd
ExecReload=@BASE_BINDIR@/kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target
meta-oe/recipes-connectivity/samba/samba/quota.patch
-11
View File
@@ -1,11 +0,0 @@
--- lib/sysquotas_4A.c.old 2005-07-03 17:16:00.000000000 +0200
+++ lib/sysquotas_4A.c 2005-07-03 17:10:09.000000000 +0200
@@ -28,6 +28,8 @@
/* long quotactl(int cmd, char *special, qid_t id, caddr_t addr) */
/* this is used by: HPUX,IRIX */
+ #define _LINUX_QUOTA_VERSION 1
+
#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif
meta-oe/recipes-connectivity/samba/samba/smb.conf
-266
View File
@@ -1,266 +0,0 @@
# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options (perhaps too
# many!) most of which are not shown in this example
#
# For a step to step guide on installing, configuring and using samba,
# read the Samba-HOWTO-Collection. This may be obtained from:
# http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf
#
# Many working examples of smb.conf files can be found in the
# Samba-Guide which is generated daily and can be downloaded from:
# http://www.samba.org/samba/docs/Samba-Guide.pdf
#
# Any line which starts with a ; (semi-colon) or a # (hash)
# is a comment and is ignored. In this example we will use a #
# for commentry and a ; for parts of the config file that you
# may wish to enable
#
# NOTE: Whenever you modify this file you should run the command "testparm"
# to check that you have not made any basic syntactic errors.
#
#======================= Global Settings =====================================
[global]
# workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH
workgroup = MYGROUP
# server string is the equivalent of the NT Description field
server string = Samba Server
# Security mode. Defines in which mode Samba will operate. Possible
# values are share, user, server, domain and ads. Most people will want
# user level security. See the Samba-HOWTO-Collection for details.
security = user
# This option is important for security. It allows you to restrict
# connections to machines which are on your local network. The
# following example restricts access to two C class networks and
# the "loopback" interface. For more examples of the syntax see
# the smb.conf man page
; hosts allow = 192.168.1. 192.168.2. 127.
# If you want to automatically load your printer list rather
# than setting them up individually then you'll need this
load printers = yes
# you may wish to override the location of the printcap file
; printcap name = /etc/printcap
# on SystemV system setting printcap name to lpstat should allow
# you to automatically obtain a printer list from the SystemV spool
# system
; printcap name = lpstat
# It should not be necessary to specify the print system type unless
# it is non-standard. Currently supported print systems include:
# bsd, cups, sysv, plp, lprng, aix, hpux, qnx
; printing = cups
# Uncomment this if you want a guest account, you must add this to /etc/passwd
# otherwise the user "nobody" is used
; guest account = pcguest
# this tells Samba to use a separate log file for each machine
# that connects
log file = /var/log/samba/log.%m
# Put a capping on the size of the log files (in Kb).
max log size = 50
# Use password server option only with security = server
# The argument list may include:
# password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
# or to auto-locate the domain controller/s
# password server = *
; password server = <NT-Server-Name>
# Use the realm option only with security = ads
# Specifies the Active Directory realm the host is part of
; realm = MY_REALM
# Backend to store user information in. New installations should
# use either tdbsam or ldapsam. smbpasswd is available for backwards
# compatibility. tdbsam requires no further configuration.
; passdb backend = tdbsam
# Using the following line enables you to customise your configuration
# on a per machine basis. The %m gets replaced with the netbios name
# of the machine that is connecting.
# Note: Consider carefully the location in the configuration file of
# this line. The included file is read at that point.
; include = /usr/local/samba/lib/smb.conf.%m
# Configure Samba to use multiple interfaces
# If you have multiple network interfaces then you must list them
# here. See the man page for details.
; interfaces = 192.168.12.2/24 192.168.13.2/24
# Browser Control Options:
# set local master to no if you don't want Samba to become a master
# browser on your network. Otherwise the normal election rules apply
; local master = no
# OS Level determines the precedence of this server in master browser
# elections. The default value should be reasonable
; os level = 33
# Domain Master specifies Samba to be the Domain Master Browser. This
# allows Samba to collate browse lists between subnets. Don't use this
# if you already have a Windows NT domain controller doing this job
; domain master = yes
# Preferred Master causes Samba to force a local browser election on startup
# and gives it a slightly higher chance of winning the election
; preferred master = yes
# Enable this if you want Samba to be a domain logon server for
# Windows95 workstations.
; domain logons = yes
# if you enable domain logons then you may want a per-machine or
# per user logon script
# run a specific logon batch file per workstation (machine)
; logon script = %m.bat
# run a specific logon batch file per username
; logon script = %U.bat
# Where to store roving profiles (only for Win95 and WinNT)
# %L substitutes for this servers netbios name, %U is username
# You must uncomment the [Profiles] share below
; logon path = \\%L\Profiles\%U
# Windows Internet Name Serving Support Section:
# WINS Support - Tells the NMBD component of Samba to enable it's WINS Server
; wins support = yes
# WINS Server - Tells the NMBD components of Samba to be a WINS Client
# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
; wins server = w.x.y.z
# WINS Proxy - Tells Samba to answer name resolution queries on
# behalf of a non WINS capable client, for this to work there must be
# at least one WINS Server on the network. The default is NO.
; wins proxy = yes
# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
# via DNS nslookups. The default is NO.
dns proxy = no
# These scripts are used on a domain controller or stand-alone
# machine to add or delete corresponding unix accounts
; add user script = /usr/sbin/useradd %u
; add group script = /usr/sbin/groupadd %g
; add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %u
; delete user script = /usr/sbin/userdel %u
; delete user from group script = /usr/sbin/deluser %u %g
; delete group script = /usr/sbin/groupdel %g
#============================ Share Definitions ==============================
[homes]
comment = Home Directories
browseable = yes
writable = yes
# Un-comment the following and create the netlogon directory for Domain Logons
; [netlogon]
; comment = Network Logon Service
; path = /usr/local/samba/lib/netlogon
; guest ok = yes
; writable = no
; share modes = no
# Un-comment the following to provide a specific roving profile share
# the default is to use the user's home directory
;[Profiles]
; path = /usr/local/samba/profiles
; browseable = no
; guest ok = yes
# NOTE: If you have a BSD-style print system there is no need to
# specifically define each individual printer
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
# Set public = yes to allow user 'guest account' to print
guest ok = no
writable = no
printable = yes
# This one is useful for people to share files
;[tmp]
; comment = Temporary file space
; path = /tmp
; read only = no
; public = yes
# A publicly accessible directory, but read only, except for people in
# the "staff" group
;[public]
; comment = Public Stuff
; path = /home/samba
; public = yes
; writable = yes
; printable = no
; write list = @staff
# Other examples.
#
# A private printer, usable only by fred. Spool data will be placed in fred's
# home directory. Note that fred must have write access to the spool directory,
# wherever it is.
;[fredsprn]
; comment = Fred's Printer
; valid users = fred
; path = /homes/fred
; printer = freds_printer
; public = no
# A private directory, usable only by fred. Note that fred requires write
# access to the directory.
;[fredsdir]
; comment = Fred's Service
; path = /usr/somewhere/private
; valid users = fred
; public = no
; writable = yes
; printable = no
# a service which has a different directory for each machine that connects
# this allows you to tailor configurations to incoming machines. You could
# also use the %U option to tailor it by user name.
# The %m gets replaced with the machine name that is connecting.
;[pchome]
; comment = PC Directories
; path = /usr/pc/%m
; public = no
; writable = yes
# A publicly accessible directory, read/write to all users. Note that all files
# created in the directory by users will be owned by the default user, so
# any user with access can delete any other user's files. Obviously this
# directory must be writable by the default user. Another user could of course
# be specified, in which case all files would be owned by that user instead.
;[public]
; path = /usr/somewhere/else/public
; public = yes
; only guest = yes
; writable = yes
; printable = no
# The following two entries demonstrate how to share a directory so that two
# users can place files there that will be owned by the specific users. In this
# setup, the directory should be writable by both users and should have the
# sticky bit set on it to prevent abuse. Obviously this could be extended to
# as many users as required.
;[myshare]
; comment = Mary's and Fred's stuff
; path = /usr/somewhere/shared
; valid users = mary fred
; public = no
; writable = yes
; printable = no
; create mask = 0765
meta-oe/recipes-connectivity/samba/samba/smb.service
-13
View File
@@ -1,13 +0,0 @@
[Unit]
Description=Samba SMB Daemon
After=syslog.target network.target nmb.service winbind.service
[Service]
Type=forking
PIDFile=/var/run/smbd.pid
LimitNOFILE=16384
ExecStart=@SBINDIR@/smbd
ExecReload=@BASE_BINDIR@/kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target
meta-oe/recipes-connectivity/samba/samba/tdb.pc
-11
View File
@@ -1,11 +0,0 @@
prefix=/usr
exec_prefix=/usr
libdir=/usr/lib
includedir=/usr/include
Name: tdb
Description: A trivial database
Version: 1.1.2
Libs: -L${libdir} -ltdb
Cflags: -I${includedir}
URL: http://tdb.samba.org/
meta-oe/recipes-connectivity/samba/samba/tdbheaderfix.patch
-14
View File
@@ -1,14 +0,0 @@
Index: source/lib/tdb/include/tdb.h
===================================================================
--- source.orig/lib/tdb/include/tdb.h 2009-05-17 17:42:41.000000000 +0100
+++ source/lib/tdb/include/tdb.h 2009-05-17 17:42:46.000000000 +0100
@@ -1,6 +1,9 @@
#ifndef __TDB_H__
#define __TDB_H__
+#include <signal.h>
+
+
/*
Unix SMB/CIFS implementation.
meta-oe/recipes-connectivity/samba/samba/volatiles.03_samba
-2
View File
@@ -1,2 +0,0 @@
# <type> <owner> <group> <mode> <path> <linksource>
d root root 0755 /var/log/samba none
meta-oe/recipes-connectivity/samba/samba/winbind.service
-12
View File
@@ -1,12 +0,0 @@
i[Unit]
Description=Samba Winbind Daemon
After=syslog.target network.target nmb.service
[Service]
Type=forking
PIDFile=/var/run/winbindd.pid
ExecStart=@SBINDIR@/winbindd
ExecReload=@BASE_BINDIR@/kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target
meta-oe/recipes-connectivity/samba/samba_3.6.25.bb
-67
View File
@@ -1,67 +0,0 @@
require samba.inc
require samba-basic.inc
LICENSE = "GPLv3"
LIC_FILES_CHKSUM = "file://../COPYING;md5=d32239bcb673463ab874e80d47fae504"
SRC_URI += "\
file://config-h.patch \
file://documentation.patch;patchdir=.. \
file://documentation2.patch;patchdir=.. \
file://fhs-filespaths.patch;patchdir=.. \
file://installswat.sh.patch;patchdir=.. \
file://pam-examples.patch;patchdir=.. \
file://smbclient-pager.patch;patchdir=.. \
file://undefined-symbols.patch;patchdir=.. \
file://usershare.patch;patchdir=.. \
file://smbtar-bashism.patch;patchdir=.. \
file://dont-build-VFS-examples.patch;patchdir=.. \
file://bug_221618_precise-64bit-prototype.patch;patchdir=.. \
file://bug_598313_upstream_7499-nss_wins-dont-clobber-daemons-logs.patch;patchdir=.. \
file://bug_387266_upstream_4104_mention-kerberos-in-smbspool-manpage.patch;patchdir=.. \
file://bug_604768_upstream_7826_drop-using-samba-link.patch;patchdir=.. \
file://bug_604768_upstream_7826_fix-WHATSNEW-link.patch;patchdir=.. \
file://waf-as-source.patch;patchdir=.. \
file://smbtorture-manpage.patch;patchdir=.. \
file://libutil_drop_AI_ADDRCONFIG.patch;patchdir=.. \
file://shadow_copy2_backport.patch;patchdir=.. \
file://only_export_public_symbols.patch;patchdir=.. \
file://configure-disable-getaddrinfo-cross.patch;patchdir=.. \
file://configure-disable-core_pattern-cross-check.patch;patchdir=.. \
file://configure-libunwind.patch;patchdir=.. \
"
SRC_URI[md5sum] = "76da2fa64edd94a0188531e7ecb27c4e"
SRC_URI[sha256sum] = "8f2c8a7f2bd89b0dfd228ed917815852f7c625b2bc0936304ac3ed63aaf83751"
S = "${WORKDIR}/samba-${PV}/source3"
PACKAGECONFIG ??= ""
PACKAGECONFIG[libunwind] = "--enable-libunwind,--disable-libunwind,libunwind"
EXTRA_OECONF += "\
ac_cv_path_PYTHON=/not/exist \
ac_cv_path_PYTHON_CONFIG=/not/exist \
SMB_BUILD_CC_NEGATIVE_ENUM_VALUES=yes \
samba_cv_CC_NEGATIVE_ENUM_VALUES=yes \
linux_getgrouplist_ok=no \
samba_cv_HAVE_BROKEN_GETGROUPS=no \
samba_cv_HAVE_FTRUNCATE_EXTEND=yes \
samba_cv_have_setresuid=yes \
samba_cv_have_setresgid=yes \
samba_cv_HAVE_WRFILE_KEYTAB=yes \
samba_cv_linux_getgrouplist_ok=yes \
"
do_configure() {
gnu-configize --force
oe_runconf
}
do_compile () {
base_do_compile
}
do_install_append() {
rmdir "${D}${localstatedir}/lock"
rmdir "${D}${localstatedir}/run"
rmdir --ignore-fail-on-non-empty "${D}${localstatedir}"
}
meta-oe/recipes-connectivity/samba/samba_4.1.12.bb
+156
View File
@@ -0,0 +1,156 @@
SECTION = "console/network"
LICENSE = "GPL-3.0+ & LGPL-3.0+ & GPL-2.0+"
LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504 \
file://${COREBASE}/meta/files/common-licenses/LGPL-3.0;md5=bfccfe952269fff2b407dd11f2f3083b \
file://${COREBASE}/meta/files/common-licenses/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6 "
SAMBA_MIRROR = "http://samba.org/samba/ftp"
MIRRORS += "\
${SAMBA_MIRROR} http://mirror.internode.on.net/pub/samba \n \
${SAMBA_MIRROR} http://www.mirrorservice.org/sites/ftp.samba.org \n \
"
SRC_URI = "${SAMBA_MIRROR}/stable/samba-${PV}.tar.gz \
file://00-fix-typos-in-man-pages.patch \
file://01-fix-force-user-sec-ads.patch \
file://02-fix-ipv6-join.patch \
file://03-net-ads-kerberos-pac.patch \
file://04-ipv6-workaround.patch \
file://05-fix-gecos-field-with-samlogon.patch \
file://06-fix-nmbd-systemd-status-update.patch \
file://07-fix-idmap-ad-getgroups-without-gid.patch \
file://08-fix-idmap-ad-sfu-with-trusted-domains.patch \
file://09-fix-smbclient-echo-cmd-segfault.patch \
file://10-improve-service-principal-guessing-in-net.patch \
file://11-fix-overwriting-of-spns-during-net-ads-join.patch \
file://12-add-precreated-spns-from-AD-during-keytab-generation.patch \
file://13-fix-aes-enctype.patch \
file://14-fix-dnsupdate.patch \
file://15-fix-netbios-name-truncation.patch \
file://16-do-not-check-xsltproc-manpages.patch \
file://17-execute-prog-by-qemu.patch \
file://18-avoid-get-config-by-native-ncurses.patch \
file://19-systemd-daemon-is-contained-by-libsystemd.patch \
file://20-do-not-import-target-module-while-cross-compile.patch \
"
SRC_URI[md5sum] = "232016d7581a1ba11e991ec2674553c4"
SRC_URI[sha256sum] = "033604674936bf5c77d7df299b0626052b84a41505a6a6afe902f6274fc29898"
inherit systemd waf-samba
DEPENDS += "readline virtual/libiconv zlib popt talloc libtdb libtevent libldb krb5 ctdb"
RDEPENDS_${PN} += "openldap"
PACKAGECONFIG = "${@base_contains('DISTRO_FEATURES', 'pam', 'pam', '', d)}"
PACKAGECONFIG += "${@base_contains('DISTRO_FEATURES', 'systemd', 'systemd', '', d)}"
PACKAGECONFIG[pam] = "--with-pam,--without-pam,libpam"
PACKAGECONFIG[fam] = "--with-fam,--without-fam,gamin"
PACKAGECONFIG[systemd] = "--with-systemd,--without-systemd,systemd"
SAMBA4_IDMAP_MODULES="idmap_ad,idmap_rid,idmap_adex,idmap_hash,idmap_tdb2"
SAMBA4_PDB_MODULES="pdb_tdbsam,pdb_ldap,pdb_ads,pdb_smbpasswd,pdb_wbc_sam,pdb_samba4"
SAMBA4_AUTH_MODULES="auth_unix,auth_wbc,auth_server,auth_netlogond,auth_script,auth_samba4"
SAMBA4_MODULES="${SAMBA4_IDMAP_MODULES},${SAMBA4_PDB_MODULES},${SAMBA4_AUTH_MODULES}"
SAMBA4_LIBS="heimdal,!zlib,!popt,!talloc,!pytalloc,!pytalloc-util,!tevent,!pytevent,!tdb,!pytdb,!ldb,!pyldb"
PERL_VERNDORLIB="${datadir}/perl5/vendor_perl/"
EXTRA_OECONF += "--enable-fhs \
--with-piddir=${localstatedir}/run \
--with-sockets-dir=${localstatedir}/run/samba \
--with-modulesdir=${libdir}/samba \
--with-pammodulesdir=${libdir}/security \
--with-lockdir=${localstatedir}/lib/samba \
--with-cachedir=${localstatedir}/lib/samba \
--with-perl-lib-install-dir=${PERL_VERNDORLIB} \
--disable-gnutls \
--disable-rpath-install \
--with-shared-modules=${SAMBA4_MODULES} \
--bundled-libraries=${SAMBA4_LIBS} \
--with-system-mitkrb5 \
--without-ad-dc \
${@base_conditional('TARGET_ARCH', 'x86_64', '', '--disable-glusterfs', d)} \
--with-cluster-support \
--enable-old-ctdb \
--with-profiling-data \
--with-libiconv=${STAGING_DIR_HOST}${prefix} \
"
LDFLAGS += "-Wl,-z,relro,-z,now"
do_install_append() {
rmdir --ignore-fail-on-non-empty "${D}/${localstatedir}/run"
if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
install -d ${D}${systemd_unitdir}/system
for i in nmb smb winbind; do
install -m 0644 packaging/systemd/$i.service ${D}${systemd_unitdir}/system
done
sed -e 's,@BASE_BINDIR@,${base_bindir},g' \
-e 's,@SBINDIR@,${sbindir},g' \
-i ${D}${systemd_unitdir}/system/*.service
install -d ${D}${sysconfdir}/tmpfiles.d
echo "d ${localstatedir}/log/samba 0755 root root -" \
> ${D}${sysconfdir}/tmpfiles.d/99-${BPN}.conf
fi
install -d ${D}${sysconfdir}/samba
echo "127.0.0.1 localhost" > ${D}${sysconfdir}/samba/lmhosts
install -m644 packaging/LSB/smb.conf ${D}${sysconfdir}/samba/smb.conf
install -d ${D}${libdir}/tmpfiles.d
install -m644 packaging/systemd/samba.conf.tmp ${D}${libdir}/tmpfiles.d/samba.conf
install -d ${D}${sysconfdir}/sysconfig/
install -m644 packaging/systemd/samba.sysconfig ${D}${sysconfdir}/sysconfig/samba
}
PACKAGES += "${PN}-python ${PN}-python-dbg ${PN}-pidl libwinbind libwinbind-dbg libwinbind-krb5-locator"
FILES_${PN} += "/run \
${libdir}/security/pam_smbpass.so \
${libdir}/tmpfiles.d/* \
"
SMB_SERVICE="${systemd_unitdir}/system/nmb.service ${systemd_unitdir}/system/smb.service"
FILES_${PN} +="${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '${SMB_SERVICE}', '', d)}"
FILES_${PN}-dbg += "${libdir}/samba/idmap/.debug/* \
${libdir}/samba/pdb/.debug/* \
${libdir}/samba/auth/.debug/* \
${libdir}/samba/nss_info/.debug/* \
${libdir}/samba/ldb/.debug/* \
${libdir}/samba/vfs/.debug/* \
${libdir}/security/.debug/pam_smbpass.so \
"
FILES_libwinbind = "${libdir}/security/pam_winbind.so"
FILES_libwinbind += "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '${systemd_unitdir}/system/winbind.service', '', d)}"
FILES_libwinbind-dbg = "${libdir}/security/.debug/pam_winbind.so"
FILES_libwinbind-krb5-locator = "${libdir}/winbind_krb5_locator.so"
FILES_${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.so \
${libdir}/python${PYTHON_BASEVERSION}/site-packages/samba/*.py \
${libdir}/python${PYTHON_BASEVERSION}/site-packages/samba/*.so \
${libdir}/python${PYTHON_BASEVERSION}/site-packages/samba/dcerpc/*.so \
${libdir}/python${PYTHON_BASEVERSION}/site-packages/samba/dcerpc/*.py \
${libdir}/python${PYTHON_BASEVERSION}/site-packages/samba/external/* \
${libdir}/python${PYTHON_BASEVERSION}/site-packages/samba/netcmd/*.py \
${libdir}/python${PYTHON_BASEVERSION}/site-packages/samba/provision/*.py \
${libdir}/python${PYTHON_BASEVERSION}/site-packages/samba/samba3/*.py \
${libdir}/python${PYTHON_BASEVERSION}/site-packages/samba/samba3/*.so \
${libdir}/python${PYTHON_BASEVERSION}/site-packages/samba/tests/* \
${libdir}/python${PYTHON_BASEVERSION}/site-packages/samba/web_server/* \
"
FILES_${PN}-python-dbg = "${libdir}/python${PYTHON_BASEVERSION}/site-packages/.debug/* \
${libdir}/python${PYTHON_BASEVERSION}/site-packages/samba/.debug/* \
${libdir}/python${PYTHON_BASEVERSION}/site-packages/samba/samba3/.debug/* \
${libdir}/python${PYTHON_BASEVERSION}/site-packages/samba/dcerpc/.debug/* \
"
FILES_${PN}-pidl = "${datadir}/perl5/vendor_perl/*"