update samba to 4.15.3
This commit is contained in:
yangl777
parent
828149ebad
commit
b369599be8
@ -1,91 +0,0 @@
|
||||
From 2632e8ebae826a7305fe7d3948ee28b77d2ffbc0 Mon Sep 17 00:00:00 2001
|
||||
From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
|
||||
Date: Fri, 21 Aug 2020 17:10:22 +1200
|
||||
Subject: [PATCH] CVE-2020-14383: s4/dns: Ensure variable initialization with
|
||||
NULL.
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=utf8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Based on patches from Francis Brosnan Blázquez <francis@aspl.es>
|
||||
and Jeremy Allison <jra@samba.org>
|
||||
|
||||
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14472
|
||||
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12795
|
||||
|
||||
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
|
||||
Reviewed-by: Jeremy Allison <jra@samba.org>
|
||||
(based on commit 7afe449e7201be92bed8e53cbb37b74af720ef4e)
|
||||
---
|
||||
.../rpc_server/dnsserver/dcerpc_dnsserver.c | 24 ++++++++++---------
|
||||
1 file changed, 13 insertions(+), 11 deletions(-)
|
||||
|
||||
diff --git a/source4/rpc_server/dnsserver/dcerpc_dnsserver.c b/source4/rpc_server/dnsserver/dcerpc_dnsserver.c
|
||||
index b6389f2328a..ec610168266 100644
|
||||
--- a/source4/rpc_server/dnsserver/dcerpc_dnsserver.c
|
||||
+++ b/source4/rpc_server/dnsserver/dcerpc_dnsserver.c
|
||||
@@ -1759,15 +1759,17 @@ static WERROR dnsserver_enumerate_records(struct dnsserver_state *dsstate,
|
||||
TALLOC_CTX *tmp_ctx;
|
||||
char *name;
|
||||
const char * const attrs[] = { "name", "dnsRecord", NULL };
|
||||
- struct ldb_result *res;
|
||||
- struct DNS_RPC_RECORDS_ARRAY *recs;
|
||||
+ struct ldb_result *res = NULL;
|
||||
+ struct DNS_RPC_RECORDS_ARRAY *recs = NULL;
|
||||
char **add_names = NULL;
|
||||
- char *rname;
|
||||
+ char *rname = NULL;
|
||||
const char *preference_name = NULL;
|
||||
int add_count = 0;
|
||||
int i, ret, len;
|
||||
WERROR status;
|
||||
- struct dns_tree *tree, *base, *node;
|
||||
+ struct dns_tree *tree = NULL;
|
||||
+ struct dns_tree *base = NULL;
|
||||
+ struct dns_tree *node = NULL;
|
||||
|
||||
tmp_ctx = talloc_new(mem_ctx);
|
||||
W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
|
||||
@@ -1850,9 +1852,9 @@ static WERROR dnsserver_enumerate_records(struct dnsserver_state *dsstate,
|
||||
}
|
||||
}
|
||||
|
||||
- talloc_free(res);
|
||||
- talloc_free(tree);
|
||||
- talloc_free(name);
|
||||
+ TALLOC_FREE(res);
|
||||
+ TALLOC_FREE(tree);
|
||||
+ TALLOC_FREE(name);
|
||||
|
||||
/* Add any additional records */
|
||||
if (select_flag & DNS_RPC_VIEW_ADDITIONAL_DATA) {
|
||||
@@ -1870,14 +1872,14 @@ static WERROR dnsserver_enumerate_records(struct dnsserver_state *dsstate,
|
||||
LDB_SCOPE_ONELEVEL, attrs,
|
||||
"(&(objectClass=dnsNode)(name=%s)(!(dNSTombstoned=TRUE)))",
|
||||
encoded_name);
|
||||
- talloc_free(name);
|
||||
+ TALLOC_FREE(name);
|
||||
if (ret != LDB_SUCCESS) {
|
||||
continue;
|
||||
}
|
||||
if (res->count == 1) {
|
||||
break;
|
||||
} else {
|
||||
- talloc_free(res);
|
||||
+ TALLOC_FREE(res);
|
||||
continue;
|
||||
}
|
||||
}
|
||||
@@ -1892,8 +1894,8 @@ static WERROR dnsserver_enumerate_records(struct dnsserver_state *dsstate,
|
||||
select_flag, rname,
|
||||
res->msgs[0], 0, recs,
|
||||
NULL, NULL);
|
||||
- talloc_free(rname);
|
||||
- talloc_free(res);
|
||||
+ TALLOC_FREE(rname);
|
||||
+ TALLOC_FREE(res);
|
||||
if (!W_ERROR_IS_OK(status)) {
|
||||
talloc_free(tmp_ctx);
|
||||
return status;
|
||||
--
|
||||
2.29.2
|
||||
@ -1,59 +0,0 @@
|
||||
From 8e09649351e9e8143b4bd0b76bcbd2cfb4d2f281 Mon Sep 17 00:00:00 2001
|
||||
From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
|
||||
Date: Fri, 21 Aug 2020 17:23:17 +1200
|
||||
Subject: [PATCH] CVE-2020-14383: s4/dns: do not crash when additional data not
|
||||
found
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=utf8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Found by Francis Brosnan Blázquez <francis@aspl.es>.
|
||||
|
||||
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14472
|
||||
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12795
|
||||
|
||||
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
|
||||
Reviewed-by: Jeremy Allison <jra@samba.org>
|
||||
|
||||
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
|
||||
Autobuild-Date(master): Mon Aug 24 00:21:41 UTC 2020 on sn-devel-184
|
||||
|
||||
(based on commit df98e7db04c901259dd089e20cd557bdbdeaf379)
|
||||
---
|
||||
source4/rpc_server/dnsserver/dcerpc_dnsserver.c | 7 ++++---
|
||||
1 file changed, 4 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/source4/rpc_server/dnsserver/dcerpc_dnsserver.c b/source4/rpc_server/dnsserver/dcerpc_dnsserver.c
|
||||
index ec610168266..88efc01f154 100644
|
||||
--- a/source4/rpc_server/dnsserver/dcerpc_dnsserver.c
|
||||
+++ b/source4/rpc_server/dnsserver/dcerpc_dnsserver.c
|
||||
@@ -1859,8 +1859,8 @@ static WERROR dnsserver_enumerate_records(struct dnsserver_state *dsstate,
|
||||
/* Add any additional records */
|
||||
if (select_flag & DNS_RPC_VIEW_ADDITIONAL_DATA) {
|
||||
for (i=0; i<add_count; i++) {
|
||||
- struct dnsserver_zone *z2;
|
||||
-
|
||||
+ struct dnsserver_zone *z2 = NULL;
|
||||
+ struct ldb_message *msg = NULL;
|
||||
/* Search all the available zones for additional name */
|
||||
for (z2 = dsstate->zones; z2; z2 = z2->next) {
|
||||
char *encoded_name;
|
||||
@@ -1877,6 +1877,7 @@ static WERROR dnsserver_enumerate_records(struct dnsserver_state *dsstate,
|
||||
continue;
|
||||
}
|
||||
if (res->count == 1) {
|
||||
+ msg = res->msgs[0];
|
||||
break;
|
||||
} else {
|
||||
TALLOC_FREE(res);
|
||||
@@ -1892,7 +1893,7 @@ static WERROR dnsserver_enumerate_records(struct dnsserver_state *dsstate,
|
||||
}
|
||||
status = dns_fill_records_array(tmp_ctx, NULL, DNS_TYPE_A,
|
||||
select_flag, rname,
|
||||
- res->msgs[0], 0, recs,
|
||||
+ msg, 0, recs,
|
||||
NULL, NULL);
|
||||
TALLOC_FREE(rname);
|
||||
TALLOC_FREE(res);
|
||||
--
|
||||
2.29.2
|
||||
@ -1,159 +0,0 @@
|
||||
From 5dd4c789c13035b805fdd2c3a9c38721657b05b3 Mon Sep 17 00:00:00 2001
|
||||
From: Jeremy Allison <jra@samba.org>
|
||||
Date: Tue, 7 Jul 2020 18:25:23 -0700
|
||||
Subject: [PATCH] s3: smbd: Ensure change notifies can't get set unless the
|
||||
directory handle is open for SEC_DIR_LIST.
|
||||
|
||||
Remove knownfail entry.
|
||||
|
||||
CVE-2020-14318
|
||||
|
||||
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14434
|
||||
|
||||
Signed-off-by: Jeremy Allison <jra@samba.org>
|
||||
---
|
||||
source3/smbd/notify.c | 8 ++++++++
|
||||
|
||||
1 files changed, 8 insertions(+)
|
||||
delete mode 100644 selftest/knownfail.d/smb2_notify_handle_permissions
|
||||
|
||||
diff --git a/source3/smbd/notify.c b/source3/smbd/notify.c
|
||||
index eb6317b7e8a..5f18b5cf794 100644
|
||||
--- a/source3/smbd/notify.c
|
||||
+++ b/source3/smbd/notify.c
|
||||
@@ -289,6 +289,14 @@ NTSTATUS change_notify_create(struct files_struct *fsp,
|
||||
char fullpath[len+1];
|
||||
NTSTATUS status = NT_STATUS_NOT_IMPLEMENTED;
|
||||
|
||||
+ /*
|
||||
+ * Setting a changenotify needs READ/LIST access
|
||||
+ * on the directory handle.
|
||||
+ */
|
||||
+ if (!(fsp->access_mask & SEC_DIR_LIST)) {
|
||||
+ return NT_STATUS_ACCESS_DENIED;
|
||||
+ }
|
||||
+
|
||||
if (fsp->notify != NULL) {
|
||||
DEBUG(1, ("change_notify_create: fsp->notify != NULL, "
|
||||
"fname = %s\n", fsp->fsp_name->base_name));
|
||||
--
|
||||
2.29.2
|
||||
|
||||
|
||||
From 22528b76ed6eb6251fdf01875aaa955480e7663d Mon Sep 17 00:00:00 2001
|
||||
From: Jeremy Allison <jra@samba.org>
|
||||
Date: Fri, 10 Jul 2020 15:09:33 -0700
|
||||
Subject: [PATCH] s4: torture: Add smb2.notify.handle-permissions test.
|
||||
|
||||
Add knownfail entry.
|
||||
|
||||
CVE-2020-14318
|
||||
|
||||
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14434
|
||||
|
||||
Signed-off-by: Jeremy Allison <jra@samba.org>
|
||||
---
|
||||
source4/torture/smb2/notify.c | 80 +++++++++++++++++++
|
||||
1 files changed, 80 insertions(+)
|
||||
create mode 100644 selftest/knownfail.d/smb2_notify_handle_permissions
|
||||
|
||||
diff --git a/source4/torture/smb2/notify.c b/source4/torture/smb2/notify.c
|
||||
index b65c116b75e..6081d394c6e 100644
|
||||
--- a/source4/torture/smb2/notify.c
|
||||
+++ b/source4/torture/smb2/notify.c
|
||||
@@ -2649,6 +2649,83 @@ done:
|
||||
return ok;
|
||||
}
|
||||
|
||||
+/*
|
||||
+ Test asking for a change notify on a handle without permissions.
|
||||
+*/
|
||||
+
|
||||
+#define BASEDIR_HPERM BASEDIR "_HPERM"
|
||||
+
|
||||
+static bool torture_smb2_notify_handle_permissions(
|
||||
+ struct torture_context *torture,
|
||||
+ struct smb2_tree *tree)
|
||||
+{
|
||||
+ bool ret = true;
|
||||
+ NTSTATUS status;
|
||||
+ union smb_notify notify;
|
||||
+ union smb_open io;
|
||||
+ struct smb2_handle h1 = {{0}};
|
||||
+ struct smb2_request *req;
|
||||
+
|
||||
+ smb2_deltree(tree, BASEDIR_HPERM);
|
||||
+ smb2_util_rmdir(tree, BASEDIR_HPERM);
|
||||
+
|
||||
+ torture_comment(torture,
|
||||
+ "TESTING CHANGE NOTIFY "
|
||||
+ "ON A HANDLE WITHOUT PERMISSIONS\n");
|
||||
+
|
||||
+ /*
|
||||
+ get a handle on the directory
|
||||
+ */
|
||||
+ ZERO_STRUCT(io.smb2);
|
||||
+ io.generic.level = RAW_OPEN_SMB2;
|
||||
+ io.smb2.in.create_flags = 0;
|
||||
+ io.smb2.in.desired_access = SEC_FILE_READ_ATTRIBUTE;
|
||||
+ io.smb2.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
|
||||
+ io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
|
||||
+ io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
|
||||
+ NTCREATEX_SHARE_ACCESS_WRITE;
|
||||
+ io.smb2.in.alloc_size = 0;
|
||||
+ io.smb2.in.create_disposition = NTCREATEX_DISP_CREATE;
|
||||
+ io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
|
||||
+ io.smb2.in.security_flags = 0;
|
||||
+ io.smb2.in.fname = BASEDIR_HPERM;
|
||||
+
|
||||
+ status = smb2_create(tree, torture, &io.smb2);
|
||||
+ CHECK_STATUS(status, NT_STATUS_OK);
|
||||
+ h1 = io.smb2.out.file.handle;
|
||||
+
|
||||
+ /* ask for a change notify,
|
||||
+ on file or directory name changes */
|
||||
+ ZERO_STRUCT(notify.smb2);
|
||||
+ notify.smb2.level = RAW_NOTIFY_SMB2;
|
||||
+ notify.smb2.in.buffer_size = 1000;
|
||||
+ notify.smb2.in.completion_filter = FILE_NOTIFY_CHANGE_NAME;
|
||||
+ notify.smb2.in.file.handle = h1;
|
||||
+ notify.smb2.in.recursive = true;
|
||||
+
|
||||
+ req = smb2_notify_send(tree, ¬ify.smb2);
|
||||
+ torture_assert_goto(torture,
|
||||
+ req != NULL,
|
||||
+ ret,
|
||||
+ done,
|
||||
+ "smb2_notify_send failed\n");
|
||||
+
|
||||
+ /*
|
||||
+ * Cancel it, we don't really want to wait.
|
||||
+ */
|
||||
+ smb2_cancel(req);
|
||||
+ status = smb2_notify_recv(req, torture, ¬ify.smb2);
|
||||
+ /* Handle h1 doesn't have permissions for ChangeNotify. */
|
||||
+ CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED);
|
||||
+
|
||||
+done:
|
||||
+ if (!smb2_util_handle_empty(h1)) {
|
||||
+ smb2_util_close(tree, h1);
|
||||
+ }
|
||||
+ smb2_deltree(tree, BASEDIR_HPERM);
|
||||
+ return ret;
|
||||
+}
|
||||
+
|
||||
/*
|
||||
basic testing of SMB2 change notify
|
||||
*/
|
||||
@@ -2682,6 +2759,9 @@ struct torture_suite *torture_smb2_notify_init(TALLOC_CTX *ctx)
|
||||
torture_smb2_notify_rmdir3);
|
||||
torture_suite_add_2smb2_test(suite, "rmdir4",
|
||||
torture_smb2_notify_rmdir4);
|
||||
+ torture_suite_add_1smb2_test(suite,
|
||||
+ "handle-permissions",
|
||||
+ torture_smb2_notify_handle_permissions);
|
||||
|
||||
suite->description = talloc_strdup(suite, "SMB2-NOTIFY tests");
|
||||
|
||||
--
|
||||
2.29.2
|
||||
@ -1,97 +0,0 @@
|
||||
From 595dd9fc4162dd70ad937db8669a0fddbbba9584 Mon Sep 17 00:00:00 2001
|
||||
From: Volker Lendecke <vl@samba.org>
|
||||
Date: Thu, 9 Jul 2020 21:49:25 +0200
|
||||
Subject: [PATCH] CVE-2020-14323 winbind: Fix invalid lookupsids DoS
|
||||
|
||||
A lookupsids request without extra_data will lead to "state->domain==NULL",
|
||||
which makes winbindd_lookupsids_recv trying to dereference it.
|
||||
|
||||
Reported by Bas Alberts of the GitHub Security Lab Team as GHSL-2020-134
|
||||
|
||||
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14436
|
||||
Signed-off-by: Volker Lendecke <vl@samba.org>
|
||||
---
|
||||
source3/winbindd/winbindd_lookupsids.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/source3/winbindd/winbindd_lookupsids.c b/source3/winbindd/winbindd_lookupsids.c
|
||||
index d28b5fa9f01..a289fd86f0f 100644
|
||||
--- a/source3/winbindd/winbindd_lookupsids.c
|
||||
+++ b/source3/winbindd/winbindd_lookupsids.c
|
||||
@@ -47,7 +47,7 @@ struct tevent_req *winbindd_lookupsids_send(TALLOC_CTX *mem_ctx,
|
||||
DEBUG(3, ("lookupsids\n"));
|
||||
|
||||
if (request->extra_len == 0) {
|
||||
- tevent_req_done(req);
|
||||
+ tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
|
||||
return tevent_req_post(req, ev);
|
||||
}
|
||||
if (request->extra_data.data[request->extra_len-1] != '\0') {
|
||||
--
|
||||
2.29.2
|
||||
|
||||
From 0b259a48a70bde4dfd482e0720e593ae5a9c414a Mon Sep 17 00:00:00 2001
|
||||
From: Volker Lendecke <vl@samba.org>
|
||||
Date: Thu, 9 Jul 2020 21:48:57 +0200
|
||||
Subject: [PATCH] CVE-2020-14323 torture4: Add a simple test for invalid
|
||||
lookup_sids winbind call
|
||||
|
||||
We can't add this test before the fix, add it to knownfail and have the fix
|
||||
remove the knownfail entry again. As this crashes winbind, many tests after
|
||||
this one will fail.
|
||||
|
||||
Reported by Bas Alberts of the GitHub Security Lab Team as GHSL-2020-134
|
||||
|
||||
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14436
|
||||
Signed-off-by: Volker Lendecke <vl@samba.org>
|
||||
---
|
||||
source4/torture/winbind/struct_based.c | 27 ++++++++++++++++++++++++++
|
||||
1 file changed, 27 insertions(+)
|
||||
|
||||
diff --git a/source4/torture/winbind/struct_based.c b/source4/torture/winbind/struct_based.c
|
||||
index 9745b621ca9..71f248c0d61 100644
|
||||
--- a/source4/torture/winbind/struct_based.c
|
||||
+++ b/source4/torture/winbind/struct_based.c
|
||||
@@ -1110,6 +1110,29 @@ static bool torture_winbind_struct_lookup_name_sid(struct torture_context *tortu
|
||||
return true;
|
||||
}
|
||||
|
||||
+static bool torture_winbind_struct_lookup_sids_invalid(
|
||||
+ struct torture_context *torture)
|
||||
+{
|
||||
+ struct winbindd_request req = {0};
|
||||
+ struct winbindd_response rep = {0};
|
||||
+ bool strict = torture_setting_bool(torture, "strict mode", false);
|
||||
+ bool ok;
|
||||
+
|
||||
+ torture_comment(torture,
|
||||
+ "Running WINBINDD_LOOKUP_SIDS (struct based)\n");
|
||||
+
|
||||
+ ok = true;
|
||||
+ DO_STRUCT_REQ_REP_EXT(WINBINDD_LOOKUPSIDS, &req, &rep,
|
||||
+ NSS_STATUS_NOTFOUND,
|
||||
+ strict,
|
||||
+ ok=false,
|
||||
+ talloc_asprintf(
|
||||
+ torture,
|
||||
+ "invalid lookupsids succeeded"));
|
||||
+
|
||||
+ return ok;
|
||||
+}
|
||||
+
|
||||
struct torture_suite *torture_winbind_struct_init(TALLOC_CTX *ctx)
|
||||
{
|
||||
struct torture_suite *suite = torture_suite_create(ctx, "struct");
|
||||
@@ -1132,6 +1155,10 @@ struct torture_suite *torture_winbind_struct_init(TALLOC_CTX *ctx)
|
||||
torture_suite_add_simple_test(suite, "getpwent", torture_winbind_struct_getpwent);
|
||||
torture_suite_add_simple_test(suite, "endpwent", torture_winbind_struct_endpwent);
|
||||
torture_suite_add_simple_test(suite, "lookup_name_sid", torture_winbind_struct_lookup_name_sid);
|
||||
+ torture_suite_add_simple_test(
|
||||
+ suite,
|
||||
+ "lookup_sids_invalid",
|
||||
+ torture_winbind_struct_lookup_sids_invalid);
|
||||
|
||||
suite->description = talloc_strdup(suite, "WINBIND - struct based protocol tests");
|
||||
|
||||
--
|
||||
2.29.2
|
||||
1842
CVE-2020-1472.patch
1842
CVE-2020-1472.patch
File diff suppressed because it is too large
Load Diff
@ -1,257 +0,0 @@
|
||||
From 44ed6c2263c2c969bec4229f99b37d8f2e09dde0 Mon Sep 17 00:00:00 2001
|
||||
From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
|
||||
Date: Thu, 11 Feb 2021 17:05:14 +1300
|
||||
Subject: [PATCH 1/3] CVE-2020-27840: pytests:segfault: add ldb.Dn validate
|
||||
test
|
||||
|
||||
ldb.Dn.validate wraps ldb_dn_explode.
|
||||
|
||||
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14595
|
||||
|
||||
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
|
||||
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
||||
---
|
||||
python/samba/tests/segfault.py | 6 ++++++
|
||||
selftest/knownfail.d/python-segfaults | 1 +
|
||||
2 files changed, 7 insertions(+)
|
||||
|
||||
diff --git a/python/samba/tests/segfault.py b/python/samba/tests/segfault.py
|
||||
index 07e2d46d56a..70bd5b180e3 100644
|
||||
--- a/python/samba/tests/segfault.py
|
||||
+++ b/python/samba/tests/segfault.py
|
||||
@@ -174,3 +174,9 @@ class SegfaultTests(samba.tests.TestCase):
|
||||
def test_dcerpc_idl_inline_arrays(self):
|
||||
"""Inline arrays were incorrectly handled."""
|
||||
dnsserver.DNS_RPC_SERVER_INFO_DOTNET().pExtensions
|
||||
+
|
||||
+ @segfault_detector
|
||||
+ def test_ldb_dn_explode_crash(self):
|
||||
+ for i in range(106, 550, 5):
|
||||
+ dn = ldb.Dn(ldb.Ldb(), "a=b%s,c= " % (' ' * i))
|
||||
+ dn.validate()
|
||||
diff --git a/selftest/knownfail.d/python-segfaults b/selftest/knownfail.d/python-segfaults
|
||||
index 1be0566dcb1..524f7dd013b 100644
|
||||
--- a/selftest/knownfail.d/python-segfaults
|
||||
+++ b/selftest/knownfail.d/python-segfaults
|
||||
@@ -1 +1,2 @@
|
||||
samba.tests.segfault.samba.tests.segfault.SegfaultTests.test_net_replicate_init__3
|
||||
+samba.tests.segfault.samba.tests.segfault.SegfaultTests.test_ldb_dn_explode_crash
|
||||
--
|
||||
2.25.1
|
||||
|
||||
|
||||
From 5fbc51a2cf77ebd7ca42cd7dda58d5fd0ec5127d Mon Sep 17 00:00:00 2001
|
||||
From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
|
||||
Date: Fri, 11 Dec 2020 16:32:25 +1300
|
||||
Subject: [PATCH 2/3] CVE-2020-27840 ldb_dn: avoid head corruption in
|
||||
ldb_dn_explode
|
||||
|
||||
A DN string with lots of trailing space can cause ldb_dn_explode() to
|
||||
put a zero byte in the wrong place in the heap.
|
||||
|
||||
When a DN string has a value represented with trailing spaces,
|
||||
like this
|
||||
|
||||
"CN=foo ,DC=bar"
|
||||
|
||||
the whitespace is supposed to be ignored. We keep track of this in the
|
||||
`t` pointer, which is NULL when we are not walking through trailing
|
||||
spaces, and points to the first space when we are. We are walking with
|
||||
the `p` pointer, writing the value to `d`, and keeping the length in
|
||||
`l`.
|
||||
|
||||
"CN=foo ,DC= " ==> "foo "
|
||||
^ ^ ^
|
||||
t p d
|
||||
--l---
|
||||
|
||||
The value is finished when we encounter a comma or the end of the
|
||||
string. If `t` is not NULL at that point, we assume there are trailing
|
||||
spaces and wind `d and `l` back by the correct amount. Then we switch
|
||||
to expecting an attribute name (e.g. "CN"), until we get to an "=",
|
||||
which puts us back into looking for a value.
|
||||
|
||||
Unfortunately, we forget to immediately tell `t` that we'd finished
|
||||
the last value, we can end up like this:
|
||||
|
||||
"CN=foo ,DC= " ==> ""
|
||||
^ ^ ^
|
||||
t p d
|
||||
l=0
|
||||
|
||||
where `p` is pointing to a new value that contains only spaces, while
|
||||
`t` is still referring to the old value. `p` notices the value ends,
|
||||
and we subtract `p - t` from `d`:
|
||||
|
||||
"CN=foo ,DC= " ==> ? ""
|
||||
^ ^ ^
|
||||
t p d
|
||||
l ~= SIZE_MAX - 8
|
||||
|
||||
At that point `d` wants to terminate its string with a '\0', but
|
||||
instead it terminates someone else's byte. This does not crash if the
|
||||
number of trailing spaces is small, as `d` will point into a previous
|
||||
value (a copy of "foo" in this example). Corrupting that value will
|
||||
ultimately not matter, as we will soon try to allocate a buffer `l`
|
||||
long, which will be greater than the available memory and the whole
|
||||
operation will fail properly.
|
||||
|
||||
However, with more spaces, `d` will point into memory before the
|
||||
beginning of the allocated buffer, with the exact offset depending on
|
||||
the length of the earlier attributes and the number of spaces.
|
||||
|
||||
What about a longer DN with more attributes? For example,
|
||||
"CN=foo ,DC= ,DC=example,DC=com" -- since `d` has moved out of
|
||||
bounds, won't we continue to use it and write more DN values into
|
||||
mystery memory? Fortunately not, because the aforementioned allocation
|
||||
of `l` bytes must happen first, and `l` is now huge. The allocation
|
||||
happens in a talloc_memdup(), which is by default restricted to
|
||||
allocating 256MB.
|
||||
|
||||
So this allows a person who controls a string parsed by ldb_dn_explode
|
||||
to corrupt heap memory by placing a single zero byte at a chosen
|
||||
offset before the allocated buffer.
|
||||
|
||||
An LDAP bind request can send a string DN as a username. This DN is
|
||||
necessarily parsed before the password is checked, so an attacker does
|
||||
not need proper credentials. The attacker can easily cause a denial of
|
||||
service and we cannot rule out more subtle attacks.
|
||||
|
||||
The immediate solution is to reset `t` to NULL when a comma is
|
||||
encountered, indicating that we are no longer looking at trailing
|
||||
whitespace.
|
||||
|
||||
Found with the help of Honggfuzz.
|
||||
|
||||
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14595
|
||||
|
||||
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
|
||||
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
||||
---
|
||||
lib/ldb/common/ldb_dn.c | 1 +
|
||||
selftest/knownfail.d/python-segfaults | 1 -
|
||||
2 files changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/lib/ldb/common/ldb_dn.c b/lib/ldb/common/ldb_dn.c
|
||||
index 83f94e3b913..047244287f5 100644
|
||||
--- a/lib/ldb/common/ldb_dn.c
|
||||
+++ b/lib/ldb/common/ldb_dn.c
|
||||
@@ -570,6 +570,7 @@ static bool ldb_dn_explode(struct ldb_dn *dn)
|
||||
/* trim back */
|
||||
d -= (p - t);
|
||||
l -= (p - t);
|
||||
+ t = NULL;
|
||||
}
|
||||
|
||||
in_attr = true;
|
||||
diff --git a/selftest/knownfail.d/python-segfaults b/selftest/knownfail.d/python-segfaults
|
||||
index 524f7dd013b..1be0566dcb1 100644
|
||||
--- a/selftest/knownfail.d/python-segfaults
|
||||
+++ b/selftest/knownfail.d/python-segfaults
|
||||
@@ -1,2 +1 @@
|
||||
samba.tests.segfault.samba.tests.segfault.SegfaultTests.test_net_replicate_init__3
|
||||
-samba.tests.segfault.samba.tests.segfault.SegfaultTests.test_ldb_dn_explode_crash
|
||||
--
|
||||
2.25.1
|
||||
|
||||
|
||||
From 90f08c437ce81f2a96ce0740a93aa00e94eb5f16 Mon Sep 17 00:00:00 2001
|
||||
From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
|
||||
Date: Thu, 11 Feb 2021 16:28:43 +1300
|
||||
Subject: [PATCH 3/3] CVE-2020-27840: pytests: move Dn.validate test to ldb
|
||||
|
||||
We had the test in the Samba Python segfault suite because
|
||||
a) the signal catching infrastructure was there, and
|
||||
b) the ldb tests lack Samba's knownfail mechanism, which allowed us to
|
||||
assert the failure.
|
||||
|
||||
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14595
|
||||
|
||||
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
|
||||
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
||||
---
|
||||
lib/ldb/tests/python/crash.py | 45 ++++++++++++++++++++++++++++++++++
|
||||
lib/ldb/wscript | 1 +
|
||||
python/samba/tests/segfault.py | 6 -----
|
||||
3 files changed, 46 insertions(+), 6 deletions(-)
|
||||
create mode 100644 lib/ldb/tests/python/crash.py
|
||||
|
||||
diff --git a/lib/ldb/tests/python/crash.py b/lib/ldb/tests/python/crash.py
|
||||
new file mode 100644
|
||||
index 00000000000..32839814552
|
||||
--- /dev/null
|
||||
+++ b/lib/ldb/tests/python/crash.py
|
||||
@@ -0,0 +1,45 @@
|
||||
+#!/usr/bin/env python3
|
||||
+#
|
||||
+# Tests for crashing functions
|
||||
+
|
||||
+import os
|
||||
+from unittest import TestCase
|
||||
+import os
|
||||
+import sys
|
||||
+import traceback
|
||||
+
|
||||
+import ldb
|
||||
+
|
||||
+
|
||||
+def segfault_detector(f):
|
||||
+ def wrapper(*args, **kwargs):
|
||||
+ pid = os.fork()
|
||||
+ if pid == 0:
|
||||
+ # child, crashing?
|
||||
+ try:
|
||||
+ f(*args, **kwargs)
|
||||
+ except Exception as e:
|
||||
+ traceback.print_exc()
|
||||
+ sys.stderr.flush()
|
||||
+ sys.stdout.flush()
|
||||
+ os._exit(0)
|
||||
+
|
||||
+ # parent, waiting
|
||||
+ pid2, status = os.waitpid(pid, 0)
|
||||
+ if os.WIFSIGNALED(status):
|
||||
+ signal = os.WTERMSIG(status)
|
||||
+ raise AssertionError("Failed with signal %d" % signal)
|
||||
+
|
||||
+ return wrapper
|
||||
+
|
||||
+
|
||||
+class LdbDnCrashTests(TestCase):
|
||||
+ @segfault_detector
|
||||
+ def test_ldb_dn_explode_crash(self):
|
||||
+ for i in range(106, 150):
|
||||
+ dn = ldb.Dn(ldb.Ldb(), "a=b%s,c= " % (' ' * i))
|
||||
+ dn.validate()
|
||||
+
|
||||
+if __name__ == '__main__':
|
||||
+ import unittest
|
||||
+ unittest.TestProgram()
|
||||
diff --git a/lib/ldb/wscript b/lib/ldb/wscript
|
||||
index edc3343e827..33265da373a 100644
|
||||
--- a/lib/ldb/wscript
|
||||
+++ b/lib/ldb/wscript
|
||||
@@ -614,6 +614,7 @@ def test(ctx):
|
||||
os.mkdir(tmp_dir)
|
||||
pyret = samba_utils.RUN_PYTHON_TESTS(
|
||||
['tests/python/api.py',
|
||||
+ 'tests/python/crash.py',
|
||||
'tests/python/index.py',
|
||||
'tests/python/repack.py'],
|
||||
extra_env={'SELFTEST_PREFIX': test_prefix})
|
||||
diff --git a/python/samba/tests/segfault.py b/python/samba/tests/segfault.py
|
||||
index 70bd5b180e3..07e2d46d56a 100644
|
||||
--- a/python/samba/tests/segfault.py
|
||||
+++ b/python/samba/tests/segfault.py
|
||||
@@ -174,9 +174,3 @@ class SegfaultTests(samba.tests.TestCase):
|
||||
def test_dcerpc_idl_inline_arrays(self):
|
||||
"""Inline arrays were incorrectly handled."""
|
||||
dnsserver.DNS_RPC_SERVER_INFO_DOTNET().pExtensions
|
||||
-
|
||||
- @segfault_detector
|
||||
- def test_ldb_dn_explode_crash(self):
|
||||
- for i in range(106, 550, 5):
|
||||
- dn = ldb.Dn(ldb.Ldb(), "a=b%s,c= " % (' ' * i))
|
||||
- dn.validate()
|
||||
--
|
||||
2.25.1
|
||||
@ -1,234 +0,0 @@
|
||||
From 75ad84167f5d2379557ec078d17c9a1c244402fc Mon Sep 17 00:00:00 2001
|
||||
From: Volker Lendecke <vl@samba.org>
|
||||
Date: Sat, 20 Feb 2021 15:50:12 +0100
|
||||
Subject: [PATCH] CVE-2021-20254 passdb: Simplify sids_to_unixids()
|
||||
|
||||
Best reviewed with "git show -b", there's a "continue" statement that
|
||||
changes subsequent indentation.
|
||||
|
||||
Decouple lookup status of ids from ID_TYPE_NOT_SPECIFIED
|
||||
|
||||
Add comments to explain the use of the three lookup
|
||||
loops.
|
||||
|
||||
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14571
|
||||
|
||||
Signed-off-by: Volker Lendecke <vl@samba.org>
|
||||
Reviewed-by: Jeremy Allison <jra@samba.org>
|
||||
|
||||
Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
|
||||
Autobuild-Date(master): Thu Apr 29 09:55:51 UTC 2021 on sn-devel-184
|
||||
---
|
||||
source3/passdb/lookup_sid.c | 123 +++++++++++++++++++++++++++++-------
|
||||
1 file changed, 101 insertions(+), 22 deletions(-)
|
||||
|
||||
diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c
|
||||
index cf80a300189..0e01467b3cb 100644
|
||||
--- a/source3/passdb/lookup_sid.c
|
||||
+++ b/source3/passdb/lookup_sid.c
|
||||
@@ -29,6 +29,7 @@
|
||||
#include "../libcli/security/security.h"
|
||||
#include "lib/winbind_util.h"
|
||||
#include "../librpc/gen_ndr/idmap.h"
|
||||
+#include "lib/util/bitmap.h"
|
||||
|
||||
static bool lookup_unix_user_name(const char *name, struct dom_sid *sid)
|
||||
{
|
||||
@@ -1266,7 +1267,9 @@ bool sids_to_unixids(const struct dom_sid *sids, uint32_t num_sids,
|
||||
{
|
||||
struct wbcDomainSid *wbc_sids = NULL;
|
||||
struct wbcUnixId *wbc_ids = NULL;
|
||||
+ struct bitmap *found = NULL;
|
||||
uint32_t i, num_not_cached;
|
||||
+ uint32_t wbc_ids_size = 0;
|
||||
wbcErr err;
|
||||
bool ret = false;
|
||||
|
||||
@@ -1274,6 +1277,20 @@ bool sids_to_unixids(const struct dom_sid *sids, uint32_t num_sids,
|
||||
if (wbc_sids == NULL) {
|
||||
return false;
|
||||
}
|
||||
+ found = bitmap_talloc(wbc_sids, num_sids);
|
||||
+ if (found == NULL) {
|
||||
+ goto fail;
|
||||
+ }
|
||||
+
|
||||
+ /*
|
||||
+ * We go through the requested SID array three times.
|
||||
+ * First time to look for global_sid_Unix_Users
|
||||
+ * and global_sid_Unix_Groups SIDS, and to look
|
||||
+ * for mappings cached in the idmap_cache.
|
||||
+ *
|
||||
+ * Use bitmap_set() to mark an ids[] array entry as
|
||||
+ * being mapped.
|
||||
+ */
|
||||
|
||||
num_not_cached = 0;
|
||||
|
||||
@@ -1285,17 +1302,20 @@ bool sids_to_unixids(const struct dom_sid *sids, uint32_t num_sids,
|
||||
&sids[i], &rid)) {
|
||||
ids[i].type = ID_TYPE_UID;
|
||||
ids[i].id = rid;
|
||||
+ bitmap_set(found, i);
|
||||
continue;
|
||||
}
|
||||
if (sid_peek_check_rid(&global_sid_Unix_Groups,
|
||||
&sids[i], &rid)) {
|
||||
ids[i].type = ID_TYPE_GID;
|
||||
ids[i].id = rid;
|
||||
+ bitmap_set(found, i);
|
||||
continue;
|
||||
}
|
||||
if (idmap_cache_find_sid2unixid(&sids[i], &ids[i], &expired)
|
||||
&& !expired)
|
||||
{
|
||||
+ bitmap_set(found, i);
|
||||
continue;
|
||||
}
|
||||
ids[i].type = ID_TYPE_NOT_SPECIFIED;
|
||||
@@ -1306,62 +1326,121 @@ bool sids_to_unixids(const struct dom_sid *sids, uint32_t num_sids,
|
||||
if (num_not_cached == 0) {
|
||||
goto done;
|
||||
}
|
||||
- wbc_ids = talloc_array(talloc_tos(), struct wbcUnixId, num_not_cached);
|
||||
+
|
||||
+ /*
|
||||
+ * For the ones that we couldn't map in the loop above, query winbindd
|
||||
+ * via wbcSidsToUnixIds().
|
||||
+ */
|
||||
+
|
||||
+ wbc_ids_size = num_not_cached;
|
||||
+ wbc_ids = talloc_array(talloc_tos(), struct wbcUnixId, wbc_ids_size);
|
||||
if (wbc_ids == NULL) {
|
||||
goto fail;
|
||||
}
|
||||
- for (i=0; i<num_not_cached; i++) {
|
||||
+ for (i=0; i<wbc_ids_size; i++) {
|
||||
wbc_ids[i].type = WBC_ID_TYPE_NOT_SPECIFIED;
|
||||
+ wbc_ids[i].id.gid = (uint32_t)-1;
|
||||
}
|
||||
- err = wbcSidsToUnixIds(wbc_sids, num_not_cached, wbc_ids);
|
||||
+ err = wbcSidsToUnixIds(wbc_sids, wbc_ids_size, wbc_ids);
|
||||
if (!WBC_ERROR_IS_OK(err)) {
|
||||
DEBUG(10, ("wbcSidsToUnixIds returned %s\n",
|
||||
wbcErrorString(err)));
|
||||
}
|
||||
|
||||
+ /*
|
||||
+ * Second time through the SID array, replace
|
||||
+ * the ids[] entries that wbcSidsToUnixIds() was able to
|
||||
+ * map.
|
||||
+ *
|
||||
+ * Use bitmap_set() to mark an ids[] array entry as
|
||||
+ * being mapped.
|
||||
+ */
|
||||
+
|
||||
num_not_cached = 0;
|
||||
|
||||
for (i=0; i<num_sids; i++) {
|
||||
- if (ids[i].type == ID_TYPE_NOT_SPECIFIED) {
|
||||
- switch (wbc_ids[num_not_cached].type) {
|
||||
- case WBC_ID_TYPE_UID:
|
||||
- ids[i].type = ID_TYPE_UID;
|
||||
- ids[i].id = wbc_ids[num_not_cached].id.uid;
|
||||
- break;
|
||||
- case WBC_ID_TYPE_GID:
|
||||
- ids[i].type = ID_TYPE_GID;
|
||||
- ids[i].id = wbc_ids[num_not_cached].id.gid;
|
||||
- break;
|
||||
- default:
|
||||
- /* The types match, and wbcUnixId -> id is a union anyway */
|
||||
- ids[i].type = (enum id_type)wbc_ids[num_not_cached].type;
|
||||
- ids[i].id = wbc_ids[num_not_cached].id.gid;
|
||||
- break;
|
||||
- }
|
||||
- num_not_cached += 1;
|
||||
+ if (bitmap_query(found, i)) {
|
||||
+ continue;
|
||||
+ }
|
||||
+
|
||||
+ SMB_ASSERT(num_not_cached < wbc_ids_size);
|
||||
+
|
||||
+ switch (wbc_ids[num_not_cached].type) {
|
||||
+ case WBC_ID_TYPE_UID:
|
||||
+ ids[i].type = ID_TYPE_UID;
|
||||
+ ids[i].id = wbc_ids[num_not_cached].id.uid;
|
||||
+ bitmap_set(found, i);
|
||||
+ break;
|
||||
+ case WBC_ID_TYPE_GID:
|
||||
+ ids[i].type = ID_TYPE_GID;
|
||||
+ ids[i].id = wbc_ids[num_not_cached].id.gid;
|
||||
+ bitmap_set(found, i);
|
||||
+ break;
|
||||
+ case WBC_ID_TYPE_BOTH:
|
||||
+ ids[i].type = ID_TYPE_BOTH;
|
||||
+ ids[i].id = wbc_ids[num_not_cached].id.uid;
|
||||
+ bitmap_set(found, i);
|
||||
+ break;
|
||||
+ case WBC_ID_TYPE_NOT_SPECIFIED:
|
||||
+ /*
|
||||
+ * wbcSidsToUnixIds() wasn't able to map this
|
||||
+ * so we still need to check legacy_sid_to_XXX()
|
||||
+ * below. Don't mark the bitmap entry
|
||||
+ * as being found so the final loop knows
|
||||
+ * to try and map this entry.
|
||||
+ */
|
||||
+ ids[i].type = ID_TYPE_NOT_SPECIFIED;
|
||||
+ ids[i].id = (uint32_t)-1;
|
||||
+ break;
|
||||
+ default:
|
||||
+ /*
|
||||
+ * A successful return from wbcSidsToUnixIds()
|
||||
+ * cannot return anything other than the values
|
||||
+ * checked for above. Ensure this is so.
|
||||
+ */
|
||||
+ smb_panic(__location__);
|
||||
+ break;
|
||||
}
|
||||
+ num_not_cached += 1;
|
||||
}
|
||||
|
||||
+ /*
|
||||
+ * Third and final time through the SID array,
|
||||
+ * try legacy_sid_to_gid()/legacy_sid_to_uid()
|
||||
+ * for entries we haven't already been able to
|
||||
+ * map.
|
||||
+ *
|
||||
+ * Use bitmap_set() to mark an ids[] array entry as
|
||||
+ * being mapped.
|
||||
+ */
|
||||
+
|
||||
for (i=0; i<num_sids; i++) {
|
||||
- if (ids[i].type != ID_TYPE_NOT_SPECIFIED) {
|
||||
+ if (bitmap_query(found, i)) {
|
||||
continue;
|
||||
}
|
||||
if (legacy_sid_to_gid(&sids[i], &ids[i].id)) {
|
||||
ids[i].type = ID_TYPE_GID;
|
||||
+ bitmap_set(found, i);
|
||||
continue;
|
||||
}
|
||||
if (legacy_sid_to_uid(&sids[i], &ids[i].id)) {
|
||||
ids[i].type = ID_TYPE_UID;
|
||||
+ bitmap_set(found, i);
|
||||
continue;
|
||||
}
|
||||
}
|
||||
done:
|
||||
+ /*
|
||||
+ * Pass through the return array for consistency.
|
||||
+ * Any ids[].id mapped to (uint32_t)-1 must be returned
|
||||
+ * as ID_TYPE_NOT_SPECIFIED.
|
||||
+ */
|
||||
for (i=0; i<num_sids; i++) {
|
||||
switch(ids[i].type) {
|
||||
case WBC_ID_TYPE_GID:
|
||||
case WBC_ID_TYPE_UID:
|
||||
case WBC_ID_TYPE_BOTH:
|
||||
- if (ids[i].id == -1) {
|
||||
+ if (ids[i].id == (uint32_t)-1) {
|
||||
ids[i].type = ID_TYPE_NOT_SPECIFIED;
|
||||
}
|
||||
break;
|
||||
--
|
||||
2.25.1
|
||||
@ -1,31 +0,0 @@
|
||||
From fab6b79b7724f0b636963be528483e3e946884aa Mon Sep 17 00:00:00 2001
|
||||
From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
|
||||
Date: Tue, 8 Dec 2020 21:32:09 +1300
|
||||
Subject: [PATCH] CVE-2021-20277 ldb/attrib_handlers casefold: stay in bounds
|
||||
|
||||
For a string that had N spaces at the beginning, we would
|
||||
try to move N bytes beyond the end of the string.
|
||||
|
||||
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14655
|
||||
|
||||
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
|
||||
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
||||
|
||||
(cherry-picked from commit for master)
|
||||
---
|
||||
lib/ldb/common/attrib_handlers.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/lib/ldb/common/attrib_handlers.c b/lib/ldb/common/attrib_handlers.c
|
||||
index b5212b731596..c6ef5ad477b0 100644
|
||||
--- a/lib/ldb/common/attrib_handlers.c
|
||||
+++ b/lib/ldb/common/attrib_handlers.c
|
||||
@@ -76,7 +76,7 @@ int ldb_handler_fold(struct ldb_context *ldb, void *mem_ctx,
|
||||
|
||||
/* remove leading spaces if any */
|
||||
if (*s == ' ') {
|
||||
- for (t = s; *s == ' '; s++) ;
|
||||
+ for (t = s; *s == ' '; s++, l--) ;
|
||||
|
||||
/* remove leading spaces by moving down the string */
|
||||
memmove(t, s, l);
|
||||
@ -1,39 +0,0 @@
|
||||
From 0cb4b939f192376bf5e33637863a91a20f74c5a5 Mon Sep 17 00:00:00 2001
|
||||
From: Luke Howard <lukeh@padl.com>
|
||||
Date: Fri, 27 Aug 2021 11:42:48 +1000
|
||||
Subject: [PATCH] CVE-2021-3671 HEIMDAL kdc: validate sname in TGS-REQ
|
||||
|
||||
In tgs_build_reply(), validate the server name in the TGS-REQ is present before
|
||||
dereferencing.
|
||||
|
||||
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770
|
||||
|
||||
[abartlet@samba.org backported from from Heimdal
|
||||
commit 04171147948d0a3636bc6374181926f0fb2ec83a via reference
|
||||
to an earlier patch by Joseph Sutton]
|
||||
|
||||
RN: An unuthenticated user can crash the AD DC KDC by omitting the server name in a TGS-REQ
|
||||
|
||||
Reviewed-by: Andreas Schneider <asn@samba.org>
|
||||
---
|
||||
source4/heimdal/kdc/krb5tgs.c | 4 ++++
|
||||
1 file changed, 4 insertions(+)
|
||||
|
||||
diff --git a/source4/heimdal/kdc/krb5tgs.c b/source4/heimdal/kdc/krb5tgs.c
|
||||
index b76726cdd64..d143eb739eb 100644
|
||||
--- a/source4/heimdal/kdc/krb5tgs.c
|
||||
+++ b/source4/heimdal/kdc/krb5tgs.c
|
||||
@@ -1603,6 +1603,10 @@ tgs_build_reply(krb5_context context,
|
||||
|
||||
s = &adtkt.cname;
|
||||
r = adtkt.crealm;
|
||||
+ } else if (s == NULL) {
|
||||
+ ret = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;
|
||||
+ krb5_set_error_message(context, ret, "No server in request");
|
||||
+ goto out;
|
||||
}
|
||||
|
||||
_krb5_principalname2krb5_principal(context, &sp, *s, r);
|
||||
--
|
||||
GitLab
|
||||
|
||||
Binary file not shown.
@ -1,7 +0,0 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iHMEABECADMWIQRS+8C4bZVLCEMyTNxvM5FbZWi36gUCXv3BXhUcc2FtYmEtYnVn
|
||||
c0BzYW1iYS5vcmcACgkQbzORW2Vot+quPwCcDfpwxTo7ZDrFD768SgWqRmKI/+QA
|
||||
oJqPMNOtzBJYbxVbKY+OyCqwQ2Zl
|
||||
=2OtH
|
||||
-----END PGP SIGNATURE-----
|
||||
16
samba-4.15.3.tar.asc
Normal file
16
samba-4.15.3.tar.asc
Normal file
@ -0,0 +1,16 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmGww0kACgkQqplEL7aA
|
||||
tiCzMg/+IzBD53oeYFSSt6V9o1ZhD/7bL425n/7Ea2iLaHkOEQWN3AgKV7h1rdSb
|
||||
tS/Ys3xUf9LB1ZVkXbu17oWj5pG8aWcp6Ky80uXHycZ5X0/fcHegSU5SIyUfLs0F
|
||||
d3BXvFWkPIy8H9a55wFTpJte2ofRoFqWUG4MAlOq83ummnmrz0W5j6QcufVIRjWq
|
||||
hGMbg8Vjk+UEtKNO7fl8iSQ0ZRyXCkBR3biDBtMbvtoluaVkixxwwSPqgDoNXgju
|
||||
ox2EbVfHLSHc+7Tb30uKQq/mf3uhf6ASIrajNVrXotK1fgpCCKnMLb9qRHEftttY
|
||||
DwYKQvsrHCw9vYg/xyO2NOBr82mxjE6NBLsV1Kp8pdc4vInmAqOCsQpOuZ0SgO6u
|
||||
sZk4c5AkfH7pZtHeNtlefiGe8/7ApU6UC6kkXT3mnLBtWKMBte9/NR6ZgCLle7tV
|
||||
aAx6Io9j/rAeueRRgIK98bzxXSufjtFyNmM+Qr7IXnFHtJNM919ib4pr5DzpGwAc
|
||||
+FMG0LfmU0XiUXcbw/IZ3AOD2DBwZC58ZezO3alUS8eRqNTP13v3Uhg9F78+eyah
|
||||
Wbohx05Y4MA1ywtMd8z/dZn97nw3bw+z6fLNC//1Sq1qo1fXipaoSQW1LK9IHeVO
|
||||
cV7cvd2c16p7NN3Op+34QY7Nc7b1uhtTV3v3tiEQYR/uQx+tyz8=
|
||||
=fu6B
|
||||
-----END PGP SIGNATURE-----
|
||||
Binary file not shown.
BIN
samba-pubkey_AA99442FB680B620.gpg
Normal file
BIN
samba-pubkey_AA99442FB680B620.gpg
Normal file
Binary file not shown.
266
samba.spec
266
samba.spec
@ -3,10 +3,10 @@
|
||||
|
||||
%define samba_requires_eq() %(LC_ALL="C" echo '%*' | xargs -r rpm -q --qf 'Requires: %%{name} = %%{epoch}:%%{version
|
||||
}\\n' | sed -e 's/ (none):/ /' -e 's/ 0:/ /' | grep -v "is not")
|
||||
%define talloc_version 2.3.1
|
||||
%define tdb_version 1.4.3
|
||||
%define tevent_version 0.10.2
|
||||
%define ldb_version 2.1.4
|
||||
%global talloc_version 2.3.3
|
||||
%global tdb_version 1.4.4
|
||||
%global tevent_version 0.11.0
|
||||
%global ldb_version 2.4.1
|
||||
|
||||
%undefine _strict_symbol_defs_build
|
||||
|
||||
@ -32,7 +32,7 @@
|
||||
%global with_dc 1
|
||||
%endif
|
||||
|
||||
%global required_mit_krb5 1.18
|
||||
%global required_mit_krb5 1.19
|
||||
|
||||
%global with_clustering_support 0
|
||||
|
||||
@ -45,11 +45,11 @@
|
||||
%global with_vfs_io_uring 0
|
||||
|
||||
%global _systemd_extra "Environment=KRB5CCNAME=FILE:/run/samba/krb5cc_samba"
|
||||
%define samba_depver %{version}-%{release}
|
||||
%global samba_depver %{version}-%{release}
|
||||
|
||||
Name: samba
|
||||
Version: 4.12.5
|
||||
Release: 7
|
||||
Version: 4.15.3
|
||||
Release: 1
|
||||
|
||||
Summary: A suite for Linux to interoperate with Windows
|
||||
License: GPLv3+ and LGPLv3+
|
||||
@ -57,7 +57,7 @@ URL: https://www.samba.org
|
||||
|
||||
Source0: https://download.samba.org/pub/samba/stable/%{name}-%{version}.tar.gz
|
||||
Source1: https://download.samba.org/pub/samba/stable/%{name}-%{version}.tar.asc
|
||||
Source2: gpgkey-52FBC0B86D954B0843324CDC6F33915B6568B7EA.gpg
|
||||
Source2: samba-pubkey_AA99442FB680B620.gpg
|
||||
Source3: samba.logrotate
|
||||
Source4: smb.conf.vendor
|
||||
Source5: smb.conf.example
|
||||
@ -66,21 +66,11 @@ Source7: samba.pamd
|
||||
|
||||
Source201: README.downgrade
|
||||
|
||||
Patch0: CVE-2020-1472.patch
|
||||
Patch1: 0001-CVE-2020-14383.patch
|
||||
Patch2: 0002-CVE-2020-14383.patch
|
||||
Patch3: CVE-2020-14318.patch
|
||||
Patch4: CVE-2020-14323.patch
|
||||
Patch5: CVE-2021-20277.patch
|
||||
Patch6: CVE-2020-27840.patch
|
||||
Patch7: CVE-2021-20254.patch
|
||||
Patch8: backport-CVE-2021-3671.patch
|
||||
|
||||
BuildRequires: avahi-devel bison cups-devel dbus-devel docbook-style-xsl e2fsprogs-devel flex gawk gnupg2 gnutls-devel >= 3.4.7 gpgme-devel
|
||||
BuildRequires: jansson-devel krb5-devel >= %{required_mit_krb5} libacl-devel libaio-devel libarchive-devel libattr-devel
|
||||
BuildRequires: libcap-devel libicu-devel libcmocka-devel libnsl2-devel libtirpc-devel libuuid-devel libxslt lmdb ncurses-devel openldap-devel
|
||||
BuildRequires: libcap-devel libicu-devel libcmocka-devel libtirpc-devel libuuid-devel libxslt lmdb ncurses-devel openldap-devel
|
||||
BuildRequires: pam-devel perl-interpreter perl-generators perl(Archive::Tar) perl(Test::More) popt-devel python3-devel python3-setuptools quota-devel
|
||||
BuildRequires: readline-devel rpcgen rpcsvc-proto-devel sed libtasn1-devel libtasn1-tools xfsprogs-devel xz zlib-devel >= 1.2.3
|
||||
BuildRequires: readline-devel rpcgen rpcsvc-proto-devel sed libtasn1-devel libtasn1-tools xfsprogs-devel xz zlib-devel >= 1.2.3 python3-dns
|
||||
BuildRequires: gcc
|
||||
BuildRequires: chrpath
|
||||
|
||||
@ -92,7 +82,7 @@ BuildRequires: mingw64-gcc
|
||||
BuildRequires: pkgconfig(libsystemd)
|
||||
|
||||
%if %{with_vfs_glusterfs}
|
||||
BuildRequires: glusterfs-api-devel >= 3.4.0.16 glusterfs-devel >= 3.4.0.16
|
||||
BuildRequires: glusterfs-api-devel >= 3.4.0.16 glusterfs-devel >= 3.4.0.16 libgfapi0
|
||||
%endif
|
||||
|
||||
%if %{with_vfs_cephfs}
|
||||
@ -100,7 +90,7 @@ BuildRequires: libcephfs-devel
|
||||
%endif
|
||||
|
||||
%if %{with_dc}
|
||||
BuildRequires: python3-iso8601 bind krb5-server >= %{required_mit_krb5}
|
||||
BuildRequires: python3-iso8601 bind krb5-server >= %{required_mit_krb5} python3-pyasn1
|
||||
%endif
|
||||
|
||||
BuildRequires: perl(ExtUtils::MakeMaker) perl(FindBin) perl(Parse::Yapp) libtalloc-devel >= %{talloc_version} python3-talloc-devel >= %{talloc_version}
|
||||
@ -110,7 +100,7 @@ BuildRequires: libtdb-devel >= %{tdb_version} python3-tdb >= %{tdb_version}
|
||||
BuildRequires: libldb-devel >= %{ldb_version} python3-ldb-devel >= %{ldb_version}
|
||||
|
||||
%if %{with testsuite} || %{with_dc}
|
||||
BuildRequires: ldb-tools tdb-tools python3-gpg python3-markdown
|
||||
BuildRequires: ldb-tools tdb-tools python3-gpg python3-markdown python3-cryptography
|
||||
%endif
|
||||
|
||||
%if %{with_vfs_io_uring}
|
||||
@ -191,6 +181,14 @@ Obsoletes: samba4-common < %{samba_depver} %{name}-common-libs
|
||||
This package contains some common basic files needed by %{name} client
|
||||
and server.
|
||||
|
||||
# ctdb-tests package has been dropped if we do not build the testsuite
|
||||
%if %with_clustering_support
|
||||
%if %{without testsuite}
|
||||
Obsoletes: ctdb-tests < %{samba_depver}
|
||||
# endif without testsuite
|
||||
%endif
|
||||
# endif with clustering support
|
||||
%endif
|
||||
|
||||
%package common-tools
|
||||
Summary: Tools package for %{name}
|
||||
@ -483,6 +481,7 @@ projects to store temporary data. If an application is already using TDB for
|
||||
temporary data it is very easy to convert that application to be cluster aware
|
||||
and use CTDB instead.
|
||||
|
||||
%if %{with testsuite}
|
||||
### CTDB-TEST
|
||||
%package -n ctdb-tests
|
||||
Summary: The test package fors CTDB clustered database
|
||||
@ -496,6 +495,9 @@ Obsoletes: ctdb-devel < %{samba_depver}
|
||||
|
||||
%description -n ctdb-tests
|
||||
This package contains the test suite for CTDB clustered database.
|
||||
#endif with testsuite
|
||||
%endif
|
||||
#endif with clustering
|
||||
%endif
|
||||
|
||||
%package help
|
||||
@ -612,7 +614,6 @@ install -d -m 0755 %{buildroot}/var/lib/samba/scripts
|
||||
install -d -m 0755 %{buildroot}/var/lib/samba/sysvol
|
||||
install -d -m 0755 %{buildroot}/var/lib/samba/winbindd_privileged
|
||||
install -d -m 0755 %{buildroot}/var/log/samba/old
|
||||
install -d -m 0755 %{buildroot}/var/spool/samba
|
||||
install -d -m 0755 %{buildroot}/run/samba
|
||||
install -d -m 0755 %{buildroot}/run/winbindd
|
||||
install -d -m 0755 %{buildroot}/%{_libdir}/samba
|
||||
@ -739,7 +740,6 @@ chrpath -d %{buildroot}%{_bindir}/masktest
|
||||
chrpath -d %{buildroot}%{_bindir}/ndrdump
|
||||
chrpath -d %{buildroot}%{_bindir}/locktest
|
||||
chrpath -d %{buildroot}%{_bindir}/gentest
|
||||
chrpath -d %{buildroot}%{_bindir}/mdfind
|
||||
chrpath -d %{buildroot}%{_bindir}/wbinfo
|
||||
chrpath -d %{buildroot}%{_bindir}/ntlm_auth
|
||||
chrpath -d %{buildroot}%{_bindir}/ltdbtool
|
||||
@ -758,7 +758,6 @@ echo "%{_libdir}/%{name}" > %{buildroot}/etc/ld.so.conf.d/%{name}-%{_arch}.conf
|
||||
%if ! %with_dc
|
||||
for i in \
|
||||
%{_libdir}/samba/libdfs-server-ad-samba4.so \
|
||||
%{_libdir}/samba/libdnsserver-common-samba4.so \
|
||||
%{_libdir}/samba/libdsdb-garbage-collect-tombstones-samba4.so \
|
||||
%{_libdir}/samba/libscavenge-dns-records-samba4.so \
|
||||
%{_libdir}/samba/ldb/ildap.so \
|
||||
@ -1105,15 +1104,16 @@ fi
|
||||
%{_libdir}/samba/vfs/time_audit.so
|
||||
%{_libdir}/samba/vfs/unityed_media.so
|
||||
%{_libdir}/samba/vfs/virusfilter.so
|
||||
%{_libdir}/samba/vfs/widelinks.so
|
||||
%{_libdir}/samba/vfs/worm.so
|
||||
%{_libdir}/samba/vfs/xattr_tdb.so
|
||||
%{_libexecdir}/samba/samba-bgqd
|
||||
%dir %{_datadir}/samba
|
||||
%dir %{_datadir}/samba/mdssvc
|
||||
%{_datadir}/samba/mdssvc/elasticsearch_mappings.json
|
||||
|
||||
%{_unitdir}/nmb.service
|
||||
%{_unitdir}/smb.service
|
||||
%attr(1777,root,root) %dir /var/spool/samba
|
||||
%dir %{_sysconfdir}/openldap/schema
|
||||
%config %{_sysconfdir}/openldap/schema/samba.schema
|
||||
%config(noreplace) %{_sysconfdir}/pam.d/samba
|
||||
@ -1129,6 +1129,7 @@ fi
|
||||
%{_libdir}/samba/libauth4-samba4.so
|
||||
%{_libdir}/samba/libauth-unix-token-samba4.so
|
||||
%{_libdir}/samba/libdcerpc-samba4.so
|
||||
%{_libdir}/samba/libdnsserver-common-samba4.so
|
||||
%{_libdir}/samba/libshares-samba4.so
|
||||
%{_libdir}/samba/libsmbpasswdparser-samba4.so
|
||||
%{_libdir}/samba/libxattr-tdb-samba4.so
|
||||
@ -1139,9 +1140,8 @@ fi
|
||||
%{_bindir}/cifsdd
|
||||
%{_bindir}/dbwrap_tool
|
||||
%{_bindir}/dumpmscat
|
||||
%{_bindir}/findsmb
|
||||
%{_bindir}/mvxattr
|
||||
%{_bindir}/mdfind
|
||||
%{_bindir}/mdsearch
|
||||
%{_bindir}/nmblookup
|
||||
%{_bindir}/oLschema2ldif
|
||||
%{_bindir}/regdiff
|
||||
@ -1199,10 +1199,10 @@ fi
|
||||
%{_libdir}/samba/libclidns-samba4.so
|
||||
%{_libdir}/samba/libcluster-samba4.so
|
||||
%{_libdir}/samba/libcmdline-contexts-samba4.so
|
||||
%{_libdir}/samba/libcmdline-credentials-samba4.so
|
||||
%{_libdir}/samba/libcommon-auth-samba4.so
|
||||
%{_libdir}/samba/libctdb-event-client-samba4.so
|
||||
%{_libdir}/samba/libdbwrap-samba4.so
|
||||
%{_libdir}/samba/libdcerpc-pkt-auth-samba4.so
|
||||
%{_libdir}/samba/libdcerpc-samba-samba4.so
|
||||
%{_libdir}/samba/libevents-samba4.so
|
||||
%{_libdir}/samba/libflag-mapping-samba4.so
|
||||
@ -1247,7 +1247,6 @@ fi
|
||||
%{_libdir}/samba/libsmb-transport-samba4.so
|
||||
%{_libdir}/samba/libsmbclient-raw-samba4.so
|
||||
%{_libdir}/samba/libsmbd-base-samba4.so
|
||||
%{_libdir}/samba/libsmbd-conn-samba4.so
|
||||
%{_libdir}/samba/libsmbd-shim-samba4.so
|
||||
%{_libdir}/samba/libsmbldaphelper-samba4.so
|
||||
%{_libdir}/samba/libsys-rw-samba4.so
|
||||
@ -1258,7 +1257,6 @@ fi
|
||||
%{_libdir}/samba/libtime-basic-samba4.so
|
||||
%{_libdir}/samba/libtorture-samba4.so
|
||||
%{_libdir}/samba/libtrusts-util-samba4.so
|
||||
%{_libdir}/samba/libutil-cmdline-samba4.so
|
||||
%{_libdir}/samba/libutil-reg-samba4.so
|
||||
%{_libdir}/samba/libutil-setid-samba4.so
|
||||
%{_libdir}/samba/libutil-tdb-samba4.so
|
||||
@ -1292,8 +1290,7 @@ fi
|
||||
%config(noreplace) %{_sysconfdir}/samba/lmhosts
|
||||
%config(noreplace) %{_sysconfdir}/sysconfig/samba
|
||||
|
||||
%{_libdir}/samba/libpopt-samba3-cmdline-samba4.so
|
||||
%{_libdir}/samba/libpopt-samba3-samba4.so
|
||||
%{_libdir}/samba/libcmdline-samba4.so
|
||||
|
||||
%dir %{_libdir}/samba/ldb
|
||||
|
||||
@ -1307,6 +1304,7 @@ fi
|
||||
%{_bindir}/net
|
||||
%{_bindir}/pdbedit
|
||||
%{_bindir}/profiles
|
||||
%{_bindir}/samba-tool
|
||||
%{_bindir}/smbcontrol
|
||||
%{_bindir}/smbpasswd
|
||||
%{_bindir}/testparm
|
||||
@ -1315,7 +1313,6 @@ fi
|
||||
%if %{with_dc}
|
||||
%files dc
|
||||
%{_unitdir}/samba.service
|
||||
%{_bindir}/samba-tool
|
||||
%{_sbindir}/samba
|
||||
%{_sbindir}/samba_dnsupdate
|
||||
%{_sbindir}/samba_downgrade_db
|
||||
@ -1406,7 +1403,6 @@ fi
|
||||
%{_libdir}/samba/service/winbindd.so
|
||||
%{_libdir}/samba/service/wrepl.so
|
||||
%{_libdir}/libdcerpc-server.so.*
|
||||
%{_libdir}/samba/libdnsserver-common-samba4.so
|
||||
%{_libdir}/samba/libdsdb-module-samba4.so
|
||||
%{_libdir}/samba/libdsdb-garbage-collect-tombstones-samba4.so
|
||||
%{_libdir}/samba/libscavenge-dns-records-samba4.so
|
||||
@ -1415,11 +1411,11 @@ fi
|
||||
%files dc-bind-dlz
|
||||
%attr(770,root,named) %dir /var/lib/samba/bind-dns
|
||||
%dir %{_libdir}/samba/bind9
|
||||
%{_libdir}/samba/bind9/dlz_bind9.so
|
||||
%{_libdir}/samba/bind9/dlz_bind9_9.so
|
||||
%{_libdir}/samba/bind9/dlz_bind9_10.so
|
||||
%{_libdir}/samba/bind9/dlz_bind9_11.so
|
||||
%{_libdir}/samba/bind9/dlz_bind9_12.so
|
||||
%{_libdir}/samba/bind9/dlz_bind9_14.so
|
||||
%{_libdir}/samba/bind9/dlz_bind9_16.so
|
||||
%config(noreplace) /etc/ld.so.conf.d/*
|
||||
#endif with_dc
|
||||
%endif
|
||||
@ -1491,7 +1487,6 @@ fi
|
||||
%dir %{_includedir}/samba-4.0/util
|
||||
%{_includedir}/samba-4.0/util/attr.h
|
||||
%{_includedir}/samba-4.0/util/blocking.h
|
||||
%{_includedir}/samba-4.0/util/byteorder.h
|
||||
%{_includedir}/samba-4.0/util/data_blob.h
|
||||
%{_includedir}/samba-4.0/util/debug.h
|
||||
%{_includedir}/samba-4.0/util/discard.h
|
||||
@ -1500,7 +1495,6 @@ fi
|
||||
%{_includedir}/samba-4.0/util/idtree.h
|
||||
%{_includedir}/samba-4.0/util/idtree_random.h
|
||||
%{_includedir}/samba-4.0/util/signal.h
|
||||
%{_includedir}/samba-4.0/util/string_wrappers.h
|
||||
%{_includedir}/samba-4.0/util/substitute.h
|
||||
%{_includedir}/samba-4.0/util/tevent_ntstatus.h
|
||||
%{_includedir}/samba-4.0/util/tevent_unix.h
|
||||
@ -1626,6 +1620,7 @@ fi
|
||||
%attr(644,root,root) %{perl_vendorlib}/Parse/Pidl/Samba4/Template.pm
|
||||
%dir %{perl_vendorlib}/Parse/Pidl/Samba4/NDR
|
||||
%attr(644,root,root) %{perl_vendorlib}/Parse/Pidl/Samba4/NDR/Server.pm
|
||||
%attr(644,root,root) %{perl_vendorlib}/Parse/Pidl/Samba4/NDR/ServerCompat.pm
|
||||
%attr(644,root,root) %{perl_vendorlib}/Parse/Pidl/Samba4/NDR/Client.pm
|
||||
%attr(644,root,root) %{perl_vendorlib}/Parse/Pidl/Samba4/NDR/Parser.pm
|
||||
%attr(644,root,root) %{perl_vendorlib}/Parse/Pidl/Samba4/TDR.pm
|
||||
@ -1640,14 +1635,19 @@ fi
|
||||
%{python3_sitearch}/samba/__pycache__/auth_util.*.pyc
|
||||
%{python3_sitearch}/samba/__pycache__/colour.*.pyc
|
||||
%{python3_sitearch}/samba/__pycache__/common.*.pyc
|
||||
%{python3_sitearch}/samba/__pycache__/compat.*.pyc
|
||||
%{python3_sitearch}/samba/__pycache__/dbchecker.*.pyc
|
||||
%{python3_sitearch}/samba/__pycache__/descriptor.*.pyc
|
||||
%{python3_sitearch}/samba/__pycache__/dnsresolver.*.pyc
|
||||
%{python3_sitearch}/samba/__pycache__/drs_utils.*.pyc
|
||||
%{python3_sitearch}/samba/__pycache__/getopt.*.pyc
|
||||
%{python3_sitearch}/samba/__pycache__/gpclass.*.pyc
|
||||
%{python3_sitearch}/samba/__pycache__/gp_ext_loader.*.pyc
|
||||
%{python3_sitearch}/samba/__pycache__/gp_gnome_settings_ext.*.pyc
|
||||
%{python3_sitearch}/samba/__pycache__/gp_msgs_ext.*.pyc
|
||||
%{python3_sitearch}/samba/__pycache__/gp_scripts_ext.*.pyc
|
||||
%{python3_sitearch}/samba/__pycache__/gp_sec_ext.*.pyc
|
||||
%{python3_sitearch}/samba/__pycache__/gp_smb_conf_ext.*.pyc
|
||||
%{python3_sitearch}/samba/__pycache__/gp_sudoers_ext.*.pyc
|
||||
%{python3_sitearch}/samba/__pycache__/graph.*.pyc
|
||||
%{python3_sitearch}/samba/__pycache__/hostconfig.*.pyc
|
||||
%{python3_sitearch}/samba/__pycache__/idmap.*.pyc
|
||||
@ -1662,8 +1662,17 @@ fi
|
||||
%{python3_sitearch}/samba/__pycache__/sites.*.pyc
|
||||
%{python3_sitearch}/samba/__pycache__/subnets.*.pyc
|
||||
%{python3_sitearch}/samba/__pycache__/tdb_util.*.pyc
|
||||
%{python3_sitearch}/samba/__pycache__/trust_utils.*.pyc
|
||||
%{python3_sitearch}/samba/__pycache__/upgrade.*.pyc
|
||||
%{python3_sitearch}/samba/__pycache__/upgradehelpers.*.pyc
|
||||
%{python3_sitearch}/samba/__pycache__/vgp_access_ext.*.pyc
|
||||
%{python3_sitearch}/samba/__pycache__/vgp_files_ext.*.pyc
|
||||
%{python3_sitearch}/samba/__pycache__/vgp_issue_ext.*.pyc
|
||||
%{python3_sitearch}/samba/__pycache__/vgp_motd_ext.*.pyc
|
||||
%{python3_sitearch}/samba/__pycache__/vgp_openssh_ext.*.pyc
|
||||
%{python3_sitearch}/samba/__pycache__/vgp_startup_scripts_ext.*.pyc
|
||||
%{python3_sitearch}/samba/__pycache__/vgp_sudoers_ext.*.pyc
|
||||
%{python3_sitearch}/samba/__pycache__/vgp_symlink_ext.*.pyc
|
||||
%{python3_sitearch}/samba/__pycache__/xattr.*.pyc
|
||||
%{python3_sitearch}/samba/_glue.*.so
|
||||
%{python3_sitearch}/samba/_ldb.*.so
|
||||
@ -1672,7 +1681,6 @@ fi
|
||||
%{python3_sitearch}/samba/dbchecker.py
|
||||
%{python3_sitearch}/samba/colour.py
|
||||
%{python3_sitearch}/samba/common.py
|
||||
%{python3_sitearch}/samba/compat.py
|
||||
%{python3_sitearch}/samba/credentials.*.so
|
||||
%{python3_sitearch}/samba/crypto.*.so
|
||||
%dir %{python3_sitearch}/samba/dcerpc
|
||||
@ -1693,6 +1701,7 @@ fi
|
||||
%{python3_sitearch}/samba/dcerpc/idmap.*.so
|
||||
%{python3_sitearch}/samba/dcerpc/initshutdown.*.so
|
||||
%{python3_sitearch}/samba/dcerpc/irpc.*.so
|
||||
%{python3_sitearch}/samba/dcerpc/krb5ccache.*.so
|
||||
%{python3_sitearch}/samba/dcerpc/krb5pac.*.so
|
||||
%{python3_sitearch}/samba/dcerpc/lsa.*.so
|
||||
%{python3_sitearch}/samba/dcerpc/messaging.*.so
|
||||
@ -1719,10 +1728,15 @@ fi
|
||||
%{python3_sitearch}/samba/dcerpc/wkssvc.*.so
|
||||
%{python3_sitearch}/samba/dcerpc/xattr.*.so
|
||||
%{python3_sitearch}/samba/descriptor.py
|
||||
%{python3_sitearch}/samba/dnsresolver.py
|
||||
%{python3_sitearch}/samba/drs_utils.py
|
||||
%{python3_sitearch}/samba/dsdb.*.so
|
||||
%{python3_sitearch}/samba/dsdb_dns.*.so
|
||||
%{python3_sitearch}/samba/gensec.*.so
|
||||
%{python3_sitearch}/samba/getopt.py
|
||||
%{python3_sitearch}/samba/gpclass.py
|
||||
%{python3_sitearch}/samba/gp_gnome_settings_ext.py
|
||||
%{python3_sitearch}/samba/gp_scripts_ext.py
|
||||
%{python3_sitearch}/samba/gp_sec_ext.py
|
||||
%{python3_sitearch}/samba/gpo.*.so
|
||||
%{python3_sitearch}/samba/graph.py
|
||||
@ -1732,6 +1746,7 @@ fi
|
||||
%{python3_sitearch}/samba/messaging.*.so
|
||||
%{python3_sitearch}/samba/ndr.py
|
||||
%{python3_sitearch}/samba/net.*.so
|
||||
%{python3_sitearch}/samba/net_s3.*.so
|
||||
%{python3_sitearch}/samba/ntstatus.*.so
|
||||
%{python3_sitearch}/samba/posix_eadb.*.so
|
||||
%dir %{python3_sitearch}/samba/emulate
|
||||
@ -1743,6 +1758,9 @@ fi
|
||||
%{python3_sitearch}/samba/emulate/traffic.py
|
||||
%{python3_sitearch}/samba/emulate/traffic_packets.py
|
||||
%{python3_sitearch}/samba/gp_ext_loader.py
|
||||
%{python3_sitearch}/samba/gp_msgs_ext.py
|
||||
%{python3_sitearch}/samba/gp_smb_conf_ext.py
|
||||
%{python3_sitearch}/samba/gp_sudoers_ext.py
|
||||
%dir %{python3_sitearch}/samba/gp_parse
|
||||
%{python3_sitearch}/samba/gp_parse/__init__.py
|
||||
%dir %{python3_sitearch}/samba/gp_parse/__pycache__
|
||||
@ -1831,7 +1849,9 @@ fi
|
||||
%{python3_sitearch}/samba/samba3/__init__.py
|
||||
%dir %{python3_sitearch}/samba/samba3/__pycache__
|
||||
%{python3_sitearch}/samba/samba3/__pycache__/__init__.*.pyc
|
||||
%{python3_sitearch}/samba/samba3/libsmb_samba_internal.*.so
|
||||
%{python3_sitearch}/samba/samba3/__pycache__/libsmb_samba_internal.*.pyc
|
||||
%{python3_sitearch}/samba/samba3/libsmb_samba_cwrapper.cpython*.so
|
||||
%{python3_sitearch}/samba/samba3/libsmb_samba_internal.py
|
||||
%{python3_sitearch}/samba/samba3/mdscli.*.so
|
||||
%{python3_sitearch}/samba/samba3/param.*.so
|
||||
%{python3_sitearch}/samba/samba3/passdb.*.so
|
||||
@ -1846,12 +1866,17 @@ fi
|
||||
%{python3_sitearch}/samba/subunit/__pycache__/run.*.pyc
|
||||
%{python3_sitearch}/samba/subunit/run.py
|
||||
%{python3_sitearch}/samba/tdb_util.py
|
||||
%dir %{python3_sitearch}/samba/third_party
|
||||
%{python3_sitearch}/samba/third_party/__init__.py
|
||||
%dir %{python3_sitearch}/samba/third_party/__pycache__
|
||||
%{python3_sitearch}/samba/third_party/__pycache__/__init__.*.pyc
|
||||
%{python3_sitearch}/samba/trust_utils.py
|
||||
%{python3_sitearch}/samba/upgrade.py
|
||||
%{python3_sitearch}/samba/upgradehelpers.py
|
||||
%{python3_sitearch}/samba/vgp_access_ext.py
|
||||
%{python3_sitearch}/samba/vgp_files_ext.py
|
||||
%{python3_sitearch}/samba/vgp_issue_ext.py
|
||||
%{python3_sitearch}/samba/vgp_motd_ext.py
|
||||
%{python3_sitearch}/samba/vgp_openssh_ext.py
|
||||
%{python3_sitearch}/samba/vgp_startup_scripts_ext.py
|
||||
%{python3_sitearch}/samba/vgp_sudoers_ext.py
|
||||
%{python3_sitearch}/samba/vgp_symlink_ext.py
|
||||
%{python3_sitearch}/samba/werror.*.so
|
||||
%{python3_sitearch}/samba/xattr.py
|
||||
%{python3_sitearch}/samba/xattr_native.*.so
|
||||
@ -1881,8 +1906,6 @@ fi
|
||||
|
||||
%{python3_sitearch}/samba/dcerpc/dnsserver.*.so
|
||||
%{python3_sitearch}/samba/dckeytab.*.so
|
||||
%{python3_sitearch}/samba/dsdb.*.so
|
||||
%{python3_sitearch}/samba/dsdb_dns.*.so
|
||||
%{python3_sitearch}/samba/domain_update.py
|
||||
%{python3_sitearch}/samba/forest_update.py
|
||||
%{python3_sitearch}/samba/ms_forest_updates_markdown.py
|
||||
@ -1947,8 +1970,10 @@ fi
|
||||
%{python3_sitearch}/samba/tests/__pycache__/complex_expressions.*.pyc
|
||||
%{python3_sitearch}/samba/tests/__pycache__/core.*.pyc
|
||||
%{python3_sitearch}/samba/tests/__pycache__/credentials.*.pyc
|
||||
%{python3_sitearch}/samba/tests/__pycache__/cred_opt.*.pyc
|
||||
%{python3_sitearch}/samba/tests/__pycache__/dckeytab.*.pyc
|
||||
%{python3_sitearch}/samba/tests/__pycache__/dns.*.pyc
|
||||
%{python3_sitearch}/samba/tests/__pycache__/dns_aging.*.pyc
|
||||
%{python3_sitearch}/samba/tests/__pycache__/dns_base.*.pyc
|
||||
%{python3_sitearch}/samba/tests/__pycache__/dns_forwarder.*.pyc
|
||||
%{python3_sitearch}/samba/tests/__pycache__/dns_invalid.*.pyc
|
||||
@ -1956,6 +1981,8 @@ fi
|
||||
%{python3_sitearch}/samba/tests/__pycache__/dns_tkey.*.pyc
|
||||
%{python3_sitearch}/samba/tests/__pycache__/dns_wildcard.*.pyc
|
||||
%{python3_sitearch}/samba/tests/__pycache__/dsdb.*.pyc
|
||||
%{python3_sitearch}/samba/tests/__pycache__/dsdb_api.*.pyc
|
||||
%{python3_sitearch}/samba/tests/__pycache__/dsdb_dns.*.pyc
|
||||
%{python3_sitearch}/samba/tests/__pycache__/dsdb_lock.*.pyc
|
||||
%{python3_sitearch}/samba/tests/__pycache__/dsdb_schema_attributes.*.pyc
|
||||
%{python3_sitearch}/samba/tests/__pycache__/docs.*.pyc
|
||||
@ -1967,17 +1994,22 @@ fi
|
||||
%{python3_sitearch}/samba/tests/__pycache__/getdcname.*.pyc
|
||||
%{python3_sitearch}/samba/tests/__pycache__/glue.*.pyc
|
||||
%{python3_sitearch}/samba/tests/__pycache__/gpo.*.pyc
|
||||
%{python3_sitearch}/samba/tests/__pycache__/gpo_member.*.pyc
|
||||
%{python3_sitearch}/samba/tests/__pycache__/graph.*.pyc
|
||||
%{python3_sitearch}/samba/tests/__pycache__/group_audit.*.pyc
|
||||
%{python3_sitearch}/samba/tests/__pycache__/hostconfig.*.pyc
|
||||
%{python3_sitearch}/samba/tests/__pycache__/imports.*.pyc
|
||||
%{python3_sitearch}/samba/tests/__pycache__/join.*.pyc
|
||||
%{python3_sitearch}/samba/tests/__pycache__/krb5_credentials.*.pyc
|
||||
%{python3_sitearch}/samba/tests/__pycache__/ldap_raw.*.pyc
|
||||
%{python3_sitearch}/samba/tests/__pycache__/ldap_referrals.*.pyc
|
||||
%{python3_sitearch}/samba/tests/__pycache__/ldap_spn.*.pyc
|
||||
%{python3_sitearch}/samba/tests/__pycache__/ldap_upn_sam_account.*.pyc
|
||||
%{python3_sitearch}/samba/tests/__pycache__/loadparm.*.pyc
|
||||
%{python3_sitearch}/samba/tests/__pycache__/libsmb.*.pyc
|
||||
%{python3_sitearch}/samba/tests/__pycache__/lsa_string.*.pyc
|
||||
%{python3_sitearch}/samba/tests/__pycache__/messaging.*.pyc
|
||||
%{python3_sitearch}/samba/tests/__pycache__/ndr.*.pyc
|
||||
%{python3_sitearch}/samba/tests/__pycache__/netbios.*.pyc
|
||||
%{python3_sitearch}/samba/tests/__pycache__/netcmd.*.pyc
|
||||
%{python3_sitearch}/samba/tests/__pycache__/net_join_no_spnego.*.pyc
|
||||
@ -2013,13 +2045,16 @@ fi
|
||||
%{python3_sitearch}/samba/tests/__pycache__/s3passdb.*.pyc
|
||||
%{python3_sitearch}/samba/tests/__pycache__/s3registry.*.pyc
|
||||
%{python3_sitearch}/samba/tests/__pycache__/s3windb.*.pyc
|
||||
%{python3_sitearch}/samba/tests/__pycache__/s3_net_join.*.pyc
|
||||
%{python3_sitearch}/samba/tests/__pycache__/samba3sam.*.pyc
|
||||
%{python3_sitearch}/samba/tests/__pycache__/samba_upgradedns_lmdb.*.pyc
|
||||
%{python3_sitearch}/samba/tests/__pycache__/samdb.*.pyc
|
||||
%{python3_sitearch}/samba/tests/__pycache__/samdb_api.*.pyc
|
||||
%{python3_sitearch}/samba/tests/__pycache__/sddl.*.pyc
|
||||
%{python3_sitearch}/samba/tests/__pycache__/security.*.pyc
|
||||
%{python3_sitearch}/samba/tests/__pycache__/segfault.*.pyc
|
||||
%{python3_sitearch}/samba/tests/__pycache__/smb.*.pyc
|
||||
%{python3_sitearch}/samba/tests/__pycache__/smb-notify.*.pyc
|
||||
%{python3_sitearch}/samba/tests/__pycache__/smbd_base.*.pyc
|
||||
%{python3_sitearch}/samba/tests/__pycache__/smbd_fuzztest.*.pyc
|
||||
%{python3_sitearch}/samba/tests/__pycache__/source.*.pyc
|
||||
@ -2050,10 +2085,14 @@ fi
|
||||
%{python3_sitearch}/samba/tests/blackbox/__pycache__/bug13653.*.pyc
|
||||
%{python3_sitearch}/samba/tests/blackbox/__pycache__/check_output.*.pyc
|
||||
%{python3_sitearch}/samba/tests/blackbox/__pycache__/downgradedatabase.*.pyc
|
||||
%{python3_sitearch}/samba/tests/blackbox/__pycache__/mdfind.*.pyc
|
||||
%{python3_sitearch}/samba/tests/blackbox/__pycache__/mdsearch.*.pyc
|
||||
%{python3_sitearch}/samba/tests/blackbox/__pycache__/ndrdump.*.pyc
|
||||
%{python3_sitearch}/samba/tests/blackbox/__pycache__/netads_json.*.pyc
|
||||
%{python3_sitearch}/samba/tests/blackbox/__pycache__/samba_dnsupdate.*.pyc
|
||||
%{python3_sitearch}/samba/tests/blackbox/__pycache__/smbcacls.*.pyc
|
||||
%{python3_sitearch}/samba/tests/blackbox/__pycache__/smbcacls_basic.*.pyc
|
||||
%{python3_sitearch}/samba/tests/blackbox/__pycache__/smbcacls_dfs_propagate_inherit.*.pyc
|
||||
%{python3_sitearch}/samba/tests/blackbox/__pycache__/smbcacls_propagate_inhertance.*.pyc
|
||||
%{python3_sitearch}/samba/tests/blackbox/__pycache__/smbcontrol.*.pyc
|
||||
%{python3_sitearch}/samba/tests/blackbox/__pycache__/smbcontrol_process.*.pyc
|
||||
%{python3_sitearch}/samba/tests/blackbox/__pycache__/traffic_learner.*.pyc
|
||||
@ -2062,10 +2101,14 @@ fi
|
||||
%{python3_sitearch}/samba/tests/blackbox/bug13653.py
|
||||
%{python3_sitearch}/samba/tests/blackbox/check_output.py
|
||||
%{python3_sitearch}/samba/tests/blackbox/downgradedatabase.py
|
||||
%{python3_sitearch}/samba/tests/blackbox/mdfind.py
|
||||
%{python3_sitearch}/samba/tests/blackbox/mdsearch.py
|
||||
%{python3_sitearch}/samba/tests/blackbox/ndrdump.py
|
||||
%{python3_sitearch}/samba/tests/blackbox/netads_json.py
|
||||
%{python3_sitearch}/samba/tests/blackbox/samba_dnsupdate.py
|
||||
%{python3_sitearch}/samba/tests/blackbox/smbcacls.py
|
||||
%{python3_sitearch}/samba/tests/blackbox/smbcacls_basic.py
|
||||
%{python3_sitearch}/samba/tests/blackbox/smbcacls_dfs_propagate_inherit.py
|
||||
%{python3_sitearch}/samba/tests/blackbox/smbcacls_propagate_inhertance.py
|
||||
%{python3_sitearch}/samba/tests/blackbox/smbcontrol.py
|
||||
%{python3_sitearch}/samba/tests/blackbox/smbcontrol_process.py
|
||||
%{python3_sitearch}/samba/tests/blackbox/traffic_learner.py
|
||||
@ -2075,14 +2118,18 @@ fi
|
||||
%{python3_sitearch}/samba/tests/complex_expressions.py
|
||||
%{python3_sitearch}/samba/tests/core.py
|
||||
%{python3_sitearch}/samba/tests/credentials.py
|
||||
%{python3_sitearch}/samba/tests/cred_opt.py
|
||||
%dir %{python3_sitearch}/samba/tests/dcerpc
|
||||
%{python3_sitearch}/samba/tests/dcerpc/__init__.py
|
||||
%dir %{python3_sitearch}/samba/tests/dcerpc/__pycache__
|
||||
%{python3_sitearch}/samba/tests/dcerpc/__pycache__/__init__.*.pyc
|
||||
%{python3_sitearch}/samba/tests/dcerpc/__pycache__/array.*.pyc
|
||||
%{python3_sitearch}/samba/tests/dcerpc/__pycache__/bare.*.pyc
|
||||
%{python3_sitearch}/samba/tests/dcerpc/__pycache__/createtrustrelax.*.pyc
|
||||
%{python3_sitearch}/samba/tests/dcerpc/__pycache__/binding.*.pyc
|
||||
%{python3_sitearch}/samba/tests/dcerpc/__pycache__/dnsserver.*.pyc
|
||||
%{python3_sitearch}/samba/tests/dcerpc/__pycache__/integer.*.pyc
|
||||
%{python3_sitearch}/samba/tests/dcerpc/__pycache__/lsa.*.pyc
|
||||
%{python3_sitearch}/samba/tests/dcerpc/__pycache__/mdssvc.*.pyc
|
||||
%{python3_sitearch}/samba/tests/dcerpc/__pycache__/misc.*.pyc
|
||||
%{python3_sitearch}/samba/tests/dcerpc/__pycache__/raw_protocol.*.pyc
|
||||
@ -2091,14 +2138,18 @@ fi
|
||||
%{python3_sitearch}/samba/tests/dcerpc/__pycache__/rpc_talloc.*.pyc
|
||||
%{python3_sitearch}/samba/tests/dcerpc/__pycache__/rpcecho.*.pyc
|
||||
%{python3_sitearch}/samba/tests/dcerpc/__pycache__/sam.*.pyc
|
||||
%{python3_sitearch}/samba/tests/dcerpc/__pycache__/samr_change_password.*.pyc
|
||||
%{python3_sitearch}/samba/tests/dcerpc/__pycache__/srvsvc.*.pyc
|
||||
%{python3_sitearch}/samba/tests/dcerpc/__pycache__/string_tests.*.pyc
|
||||
%{python3_sitearch}/samba/tests/dcerpc/__pycache__/testrpc.*.pyc
|
||||
%{python3_sitearch}/samba/tests/dcerpc/__pycache__/unix.*.pyc
|
||||
%{python3_sitearch}/samba/tests/dcerpc/array.py
|
||||
%{python3_sitearch}/samba/tests/dcerpc/bare.py
|
||||
%{python3_sitearch}/samba/tests/dcerpc/binding.py
|
||||
%{python3_sitearch}/samba/tests/dcerpc/createtrustrelax.py
|
||||
%{python3_sitearch}/samba/tests/dcerpc/dnsserver.py
|
||||
%{python3_sitearch}/samba/tests/dcerpc/integer.py
|
||||
%{python3_sitearch}/samba/tests/dcerpc/lsa.py
|
||||
%{python3_sitearch}/samba/tests/dcerpc/mdssvc.py
|
||||
%{python3_sitearch}/samba/tests/dcerpc/misc.py
|
||||
%{python3_sitearch}/samba/tests/dcerpc/raw_protocol.py
|
||||
@ -2107,12 +2158,14 @@ fi
|
||||
%{python3_sitearch}/samba/tests/dcerpc/rpc_talloc.py
|
||||
%{python3_sitearch}/samba/tests/dcerpc/rpcecho.py
|
||||
%{python3_sitearch}/samba/tests/dcerpc/sam.py
|
||||
%{python3_sitearch}/samba/tests/dcerpc/samr_change_password.py
|
||||
%{python3_sitearch}/samba/tests/dcerpc/srvsvc.py
|
||||
%{python3_sitearch}/samba/tests/dcerpc/string_tests.py
|
||||
%{python3_sitearch}/samba/tests/dcerpc/testrpc.py
|
||||
%{python3_sitearch}/samba/tests/dcerpc/unix.py
|
||||
%{python3_sitearch}/samba/tests/dckeytab.py
|
||||
%{python3_sitearch}/samba/tests/dns.py
|
||||
%{python3_sitearch}/samba/tests/dns_aging.py
|
||||
%{python3_sitearch}/samba/tests/dns_base.py
|
||||
%{python3_sitearch}/samba/tests/dns_forwarder.py
|
||||
%dir %{python3_sitearch}/samba/tests/dns_forwarder_helpers
|
||||
@ -2123,6 +2176,8 @@ fi
|
||||
%{python3_sitearch}/samba/tests/dns_tkey.py
|
||||
%{python3_sitearch}/samba/tests/dns_wildcard.py
|
||||
%{python3_sitearch}/samba/tests/dsdb.py
|
||||
%{python3_sitearch}/samba/tests/dsdb_api.py
|
||||
%{python3_sitearch}/samba/tests/dsdb_dns.py
|
||||
%{python3_sitearch}/samba/tests/dsdb_lock.py
|
||||
%{python3_sitearch}/samba/tests/dsdb_schema_attributes.py
|
||||
%{python3_sitearch}/samba/tests/docs.py
|
||||
@ -2142,9 +2197,11 @@ fi
|
||||
%{python3_sitearch}/samba/tests/get_opt.py
|
||||
%{python3_sitearch}/samba/tests/glue.py
|
||||
%{python3_sitearch}/samba/tests/gpo.py
|
||||
%{python3_sitearch}/samba/tests/gpo_member.py
|
||||
%{python3_sitearch}/samba/tests/graph.py
|
||||
%{python3_sitearch}/samba/tests/group_audit.py
|
||||
%{python3_sitearch}/samba/tests/hostconfig.py
|
||||
%{python3_sitearch}/samba/tests/imports.py
|
||||
%{python3_sitearch}/samba/tests/join.py
|
||||
%dir %{python3_sitearch}/samba/tests/kcc
|
||||
%{python3_sitearch}/samba/tests/kcc/__init__.py
|
||||
@ -2158,13 +2215,68 @@ fi
|
||||
%{python3_sitearch}/samba/tests/kcc/graph_utils.py
|
||||
%{python3_sitearch}/samba/tests/kcc/kcc_utils.py
|
||||
%{python3_sitearch}/samba/tests/kcc/ldif_import_export.py
|
||||
%dir %{python3_sitearch}/samba/tests/krb5
|
||||
%dir %{python3_sitearch}/samba/tests/krb5/__pycache__
|
||||
%{python3_sitearch}/samba/tests/krb5/__pycache__/alias_tests.*.pyc
|
||||
%{python3_sitearch}/samba/tests/krb5/__pycache__/as_canonicalization_tests.*.pyc
|
||||
%{python3_sitearch}/samba/tests/krb5/__pycache__/as_req_tests.*.pyc
|
||||
%{python3_sitearch}/samba/tests/krb5/__pycache__/compatability_tests.*.pyc
|
||||
%{python3_sitearch}/samba/tests/krb5/__pycache__/fast_tests.*.pyc
|
||||
%{python3_sitearch}/samba/tests/krb5/__pycache__/kcrypto.*.pyc
|
||||
%{python3_sitearch}/samba/tests/krb5/__pycache__/kdc_base_test.*.pyc
|
||||
%{python3_sitearch}/samba/tests/krb5/__pycache__/kdc_tests.*.pyc
|
||||
%{python3_sitearch}/samba/tests/krb5/__pycache__/kdc_tgs_tests.*.pyc
|
||||
%{python3_sitearch}/samba/tests/krb5/__pycache__/ms_kile_client_principal_lookup_tests.*.pyc
|
||||
%{python3_sitearch}/samba/tests/krb5/__pycache__/raw_testcase.*.pyc
|
||||
%{python3_sitearch}/samba/tests/krb5/__pycache__/rfc4120_constants.*.pyc
|
||||
%{python3_sitearch}/samba/tests/krb5/__pycache__/rfc4120_pyasn1.*.pyc
|
||||
%{python3_sitearch}/samba/tests/krb5/__pycache__/rodc_tests*.pyc
|
||||
%{python3_sitearch}/samba/tests/krb5/__pycache__/salt_tests.*.pyc
|
||||
%{python3_sitearch}/samba/tests/krb5/__pycache__/simple_tests.*.pyc
|
||||
%{python3_sitearch}/samba/tests/krb5/__pycache__/spn_tests.*.pyc
|
||||
%{python3_sitearch}/samba/tests/krb5/__pycache__/s4u_tests.*.pyc
|
||||
%{python3_sitearch}/samba/tests/krb5/__pycache__/test_ccache.*.pyc
|
||||
%{python3_sitearch}/samba/tests/krb5/__pycache__/test_idmap_nss.*.pyc
|
||||
%{python3_sitearch}/samba/tests/krb5/__pycache__/test_ldap.*.pyc
|
||||
%{python3_sitearch}/samba/tests/krb5/__pycache__/test_min_domain_uid.*.pyc
|
||||
%{python3_sitearch}/samba/tests/krb5/__pycache__/test_rpc.*.pyc
|
||||
%{python3_sitearch}/samba/tests/krb5/__pycache__/test_smb.*.pyc
|
||||
%{python3_sitearch}/samba/tests/krb5/__pycache__/xrealm_tests.*.pyc
|
||||
%{python3_sitearch}/samba/tests/krb5/alias_tests.py
|
||||
%{python3_sitearch}/samba/tests/krb5/as_canonicalization_tests.py
|
||||
%{python3_sitearch}/samba/tests/krb5/as_req_tests.py
|
||||
%{python3_sitearch}/samba/tests/krb5/compatability_tests.py
|
||||
%{python3_sitearch}/samba/tests/krb5/fast_tests.py
|
||||
%{python3_sitearch}/samba/tests/krb5/kcrypto.py
|
||||
%{python3_sitearch}/samba/tests/krb5/kdc_base_test.py
|
||||
%{python3_sitearch}/samba/tests/krb5/kdc_tests.py
|
||||
%{python3_sitearch}/samba/tests/krb5/kdc_tgs_tests.py
|
||||
%{python3_sitearch}/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py
|
||||
%{python3_sitearch}/samba/tests/krb5/raw_testcase.py
|
||||
%{python3_sitearch}/samba/tests/krb5/rfc4120_constants.py
|
||||
%{python3_sitearch}/samba/tests/krb5/rfc4120_pyasn1.py
|
||||
%{python3_sitearch}/samba/tests/krb5/rodc_tests.py
|
||||
%{python3_sitearch}/samba/tests/krb5/salt_tests.py
|
||||
%{python3_sitearch}/samba/tests/krb5/simple_tests.py
|
||||
%{python3_sitearch}/samba/tests/krb5/spn_tests.py
|
||||
%{python3_sitearch}/samba/tests/krb5/test_ccache.py
|
||||
%{python3_sitearch}/samba/tests/krb5/test_idmap_nss.py
|
||||
%{python3_sitearch}/samba/tests/krb5/test_ldap.py
|
||||
%{python3_sitearch}/samba/tests/krb5/test_min_domain_uid.py
|
||||
%{python3_sitearch}/samba/tests/krb5/test_rpc.py
|
||||
%{python3_sitearch}/samba/tests/krb5/test_smb.py
|
||||
%{python3_sitearch}/samba/tests/krb5/s4u_tests.py
|
||||
%{python3_sitearch}/samba/tests/krb5/xrealm_tests.py
|
||||
%{python3_sitearch}/samba/tests/krb5_credentials.py
|
||||
%{python3_sitearch}/samba/tests/ldap_raw.py
|
||||
%{python3_sitearch}/samba/tests/ldap_referrals.py
|
||||
%{python3_sitearch}/samba/tests/ldap_spn.py
|
||||
%{python3_sitearch}/samba/tests/ldap_upn_sam_account.py
|
||||
%{python3_sitearch}/samba/tests/libsmb.py
|
||||
%{python3_sitearch}/samba/tests/loadparm.py
|
||||
%{python3_sitearch}/samba/tests/lsa_string.py
|
||||
%{python3_sitearch}/samba/tests/messaging.py
|
||||
%{python3_sitearch}/samba/tests/ndr.py
|
||||
%{python3_sitearch}/samba/tests/netbios.py
|
||||
%{python3_sitearch}/samba/tests/netcmd.py
|
||||
%{python3_sitearch}/samba/tests/net_join_no_spnego.py
|
||||
@ -2200,6 +2312,7 @@ fi
|
||||
%{python3_sitearch}/samba/tests/s3passdb.py
|
||||
%{python3_sitearch}/samba/tests/s3registry.py
|
||||
%{python3_sitearch}/samba/tests/s3windb.py
|
||||
%{python3_sitearch}/samba/tests/s3_net_join.py
|
||||
%{python3_sitearch}/samba/tests/samba3sam.py
|
||||
%{python3_sitearch}/samba/tests/samba_upgradedns_lmdb.py
|
||||
%dir %{python3_sitearch}/samba/tests/samba_tool
|
||||
@ -2216,6 +2329,7 @@ fi
|
||||
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/forest.*.pyc
|
||||
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/fsmo.*.pyc
|
||||
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/gpo.*.pyc
|
||||
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/gpo_exts.*.pyc
|
||||
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/group.*.pyc
|
||||
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/help.*.pyc
|
||||
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/join.*.pyc
|
||||
@ -2227,6 +2341,7 @@ fi
|
||||
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/promote_dc_lmdb_size.*.pyc
|
||||
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/provision_lmdb_size.*.pyc
|
||||
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/provision_password_check.*.pyc
|
||||
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/provision_userPassword_crypt.*.pyc
|
||||
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/rodc.*.pyc
|
||||
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/schema.*.pyc
|
||||
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/sites.*.pyc
|
||||
@ -2234,6 +2349,9 @@ fi
|
||||
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/user.*.pyc
|
||||
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/user_check_password_script.*.pyc
|
||||
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/user_virtualCryptSHA.*.pyc
|
||||
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/user_virtualCryptSHA_base.*.pyc
|
||||
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/user_virtualCryptSHA_gpg.*.pyc
|
||||
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/user_virtualCryptSHA_userPassword.*.pyc
|
||||
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/user_wdigest.*.pyc
|
||||
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/visualize.*.pyc
|
||||
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/visualize_drs.*.pyc
|
||||
@ -2247,6 +2365,7 @@ fi
|
||||
%{python3_sitearch}/samba/tests/samba_tool/forest.py
|
||||
%{python3_sitearch}/samba/tests/samba_tool/fsmo.py
|
||||
%{python3_sitearch}/samba/tests/samba_tool/gpo.py
|
||||
%{python3_sitearch}/samba/tests/samba_tool/gpo_exts.py
|
||||
%{python3_sitearch}/samba/tests/samba_tool/group.py
|
||||
%{python3_sitearch}/samba/tests/samba_tool/help.py
|
||||
%{python3_sitearch}/samba/tests/samba_tool/join.py
|
||||
@ -2258,6 +2377,7 @@ fi
|
||||
%{python3_sitearch}/samba/tests/samba_tool/promote_dc_lmdb_size.py
|
||||
%{python3_sitearch}/samba/tests/samba_tool/provision_lmdb_size.py
|
||||
%{python3_sitearch}/samba/tests/samba_tool/provision_password_check.py
|
||||
%{python3_sitearch}/samba/tests/samba_tool/provision_userPassword_crypt.py
|
||||
%{python3_sitearch}/samba/tests/samba_tool/rodc.py
|
||||
%{python3_sitearch}/samba/tests/samba_tool/schema.py
|
||||
%{python3_sitearch}/samba/tests/samba_tool/sites.py
|
||||
@ -2265,14 +2385,19 @@ fi
|
||||
%{python3_sitearch}/samba/tests/samba_tool/user.py
|
||||
%{python3_sitearch}/samba/tests/samba_tool/user_check_password_script.py
|
||||
%{python3_sitearch}/samba/tests/samba_tool/user_virtualCryptSHA.py
|
||||
%{python3_sitearch}/samba/tests/samba_tool/user_virtualCryptSHA_base.py
|
||||
%{python3_sitearch}/samba/tests/samba_tool/user_virtualCryptSHA_gpg.py
|
||||
%{python3_sitearch}/samba/tests/samba_tool/user_virtualCryptSHA_userPassword.py
|
||||
%{python3_sitearch}/samba/tests/samba_tool/user_wdigest.py
|
||||
%{python3_sitearch}/samba/tests/samba_tool/visualize.py
|
||||
%{python3_sitearch}/samba/tests/samba_tool/visualize_drs.py
|
||||
%{python3_sitearch}/samba/tests/samdb.py
|
||||
%{python3_sitearch}/samba/tests/samdb_api.py
|
||||
%{python3_sitearch}/samba/tests/sddl.py
|
||||
%{python3_sitearch}/samba/tests/security.py
|
||||
%{python3_sitearch}/samba/tests/segfault.py
|
||||
%{python3_sitearch}/samba/tests/smb.py
|
||||
%{python3_sitearch}/samba/tests/smb-notify.py
|
||||
%{python3_sitearch}/samba/tests/smbd_base.py
|
||||
%{python3_sitearch}/samba/tests/smbd_fuzztest.py
|
||||
%{python3_sitearch}/samba/tests/source.py
|
||||
@ -2326,7 +2451,9 @@ fi
|
||||
|
||||
%files winbind-krb5-locator
|
||||
%ghost %{_libdir}/krb5/plugins/libkrb5/winbind_krb5_locator.so
|
||||
%dir %{_libdir}/samba/krb5
|
||||
%{_libdir}/samba/krb5/winbind_krb5_locator.so
|
||||
%{_libdir}/samba/krb5/async_dns_krb5_locator.so
|
||||
%config(noreplace) /etc/ld.so.conf.d/*
|
||||
|
||||
%files winbind-modules
|
||||
@ -2372,11 +2499,10 @@ fi
|
||||
%{_sbindir}/ctdbd
|
||||
%{_sbindir}/ctdbd_wrapper
|
||||
%{_bindir}/ctdb
|
||||
%{_bindir}/ctdb_local_daemons
|
||||
%{_bindir}/ping_pong
|
||||
%{_bindir}/ltdbtool
|
||||
%{_bindir}/ctdb_diagnostics
|
||||
%{_bindir}/ltdbtool
|
||||
%{_bindir}/onnode
|
||||
%{_bindir}/ping_pong
|
||||
|
||||
%dir %{_libexecdir}/ctdb
|
||||
%{_libexecdir}/ctdb/ctdb-config
|
||||
@ -2391,6 +2517,7 @@ fi
|
||||
%{_libexecdir}/ctdb/ctdb_recovery_helper
|
||||
%{_libexecdir}/ctdb/ctdb_takeover_helper
|
||||
%{_libexecdir}/ctdb/smnotify
|
||||
%{_libexecdir}/ctdb/tdb_mutex_check
|
||||
|
||||
%dir %{_localstatedir}/lib/ctdb/
|
||||
%dir %{_localstatedir}/lib/ctdb/persistent
|
||||
@ -2416,6 +2543,7 @@ fi
|
||||
%{_datadir}/ctdb/events/legacy/31.clamd.script
|
||||
%{_datadir}/ctdb/events/legacy/40.vsftpd.script
|
||||
%{_datadir}/ctdb/events/legacy/41.httpd.script
|
||||
%{_datadir}/ctdb/events/legacy/48.netbios.script
|
||||
%{_datadir}/ctdb/events/legacy/49.winbind.script
|
||||
%{_datadir}/ctdb/events/legacy/50.samba.script
|
||||
%{_datadir}/ctdb/events/legacy/60.nfs.script
|
||||
@ -2423,8 +2551,10 @@ fi
|
||||
%{_datadir}/ctdb/events/legacy/91.lvs.script
|
||||
%config(noreplace) /etc/ld.so.conf.d/*
|
||||
|
||||
%if %{with testsuite}
|
||||
%files -n ctdb-tests
|
||||
%doc ctdb/tests/README
|
||||
%{_bindir}/ctdb_local_daemons
|
||||
%{_bindir}/ctdb_run_tests
|
||||
%{_bindir}/ctdb_run_cluster_tests
|
||||
|
||||
@ -2516,6 +2646,7 @@ fi
|
||||
%{_datadir}/ctdb/tests/INTEGRATION/database/basics.004.wipe.sh
|
||||
%{_datadir}/ctdb/tests/INTEGRATION/database/basics.010.backup_restore.sh
|
||||
%{_datadir}/ctdb/tests/INTEGRATION/database/fetch.001.ring.sh
|
||||
%{_datadir}/ctdb/tests/INTEGRATION/database/fetch.002.ring-hotkeys.sh
|
||||
%{_datadir}/ctdb/tests/INTEGRATION/database/readonly.001.basic.sh
|
||||
%{_datadir}/ctdb/tests/INTEGRATION/database/recovery.001.volatile.sh
|
||||
%{_datadir}/ctdb/tests/INTEGRATION/database/recovery.002.large.sh
|
||||
@ -2560,7 +2691,6 @@ fi
|
||||
%{_datadir}/ctdb/tests/INTEGRATION/simple/basics.005.process_exists.sh
|
||||
%{_datadir}/ctdb/tests/INTEGRATION/simple/basics.010.statistics.sh
|
||||
%{_datadir}/ctdb/tests/INTEGRATION/simple/basics.011.statistics_reset.sh
|
||||
%{_datadir}/ctdb/tests/INTEGRATION/simple/cluster.001.isnotrecmaster.sh
|
||||
%{_datadir}/ctdb/tests/INTEGRATION/simple/cluster.002.recmaster_yield.sh
|
||||
%{_datadir}/ctdb/tests/INTEGRATION/simple/cluster.010.getrelock.sh
|
||||
%{_datadir}/ctdb/tests/INTEGRATION/simple/cluster.012.reclock_command.sh
|
||||
@ -2628,6 +2758,8 @@ fi
|
||||
%{_datadir}/ctdb/tests/UNIT/cunit/sock_io_test_001.sh
|
||||
%{_datadir}/ctdb/tests/UNIT/cunit/srvid_test_001.sh
|
||||
%{_datadir}/ctdb/tests/UNIT/cunit/system_socket_test_001.sh
|
||||
%{_datadir}/ctdb/tests/UNIT/cunit/system_socket_test_002.sh
|
||||
%{_datadir}/ctdb/tests/UNIT/cunit/system_socket_test_003.sh
|
||||
%dir %{_datadir}/ctdb/tests/UNIT/eventd
|
||||
%dir %{_datadir}/ctdb/tests/UNIT/eventd/etc-ctdb
|
||||
%{_datadir}/ctdb/tests/UNIT/eventd/etc-ctdb/ctdb.conf
|
||||
@ -2811,6 +2943,8 @@ fi
|
||||
%{_datadir}/ctdb/tests/UNIT/eventscripts/41.httpd.monitor.002.sh
|
||||
%{_datadir}/ctdb/tests/UNIT/eventscripts/41.httpd.shutdown.002.sh
|
||||
%{_datadir}/ctdb/tests/UNIT/eventscripts/41.httpd.startup.002.sh
|
||||
%{_datadir}/ctdb/tests/UNIT/eventscripts/48.netbios.shutdown.011.sh
|
||||
%{_datadir}/ctdb/tests/UNIT/eventscripts/48.netbios.startup.011.sh
|
||||
%{_datadir}/ctdb/tests/UNIT/eventscripts/49.winbind.monitor.101.sh
|
||||
%{_datadir}/ctdb/tests/UNIT/eventscripts/49.winbind.monitor.102.sh
|
||||
%{_datadir}/ctdb/tests/UNIT/eventscripts/49.winbind.shutdown.002.sh
|
||||
@ -2900,6 +3034,7 @@ fi
|
||||
%{_datadir}/ctdb/tests/UNIT/eventscripts/scripts/31.clamd.sh
|
||||
%{_datadir}/ctdb/tests/UNIT/eventscripts/scripts/40.vsftpd.sh
|
||||
%{_datadir}/ctdb/tests/UNIT/eventscripts/scripts/41.httpd.sh
|
||||
%{_datadir}/ctdb/tests/UNIT/eventscripts/scripts/48.netbios.sh
|
||||
%{_datadir}/ctdb/tests/UNIT/eventscripts/scripts/49.winbind.sh
|
||||
%{_datadir}/ctdb/tests/UNIT/eventscripts/scripts/50.samba.sh
|
||||
%{_datadir}/ctdb/tests/UNIT/eventscripts/scripts/60.nfs.sh
|
||||
@ -2931,6 +3066,7 @@ fi
|
||||
%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/kill
|
||||
%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/killall
|
||||
%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/multipath
|
||||
%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/nfsconf
|
||||
%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/net
|
||||
%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/pidof
|
||||
%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/pkill
|
||||
@ -3091,6 +3227,7 @@ fi
|
||||
%{_datadir}/ctdb/tests/UNIT/tool/ctdb.getdbstatus.001.sh
|
||||
%{_datadir}/ctdb/tests/UNIT/tool/ctdb.getdbstatus.002.sh
|
||||
%{_datadir}/ctdb/tests/UNIT/tool/ctdb.getpid.001.sh
|
||||
%{_datadir}/ctdb/tests/UNIT/tool/ctdb.getpid.010.sh
|
||||
%{_datadir}/ctdb/tests/UNIT/tool/ctdb.getreclock.001.sh
|
||||
%{_datadir}/ctdb/tests/UNIT/tool/ctdb.getreclock.002.sh
|
||||
%{_datadir}/ctdb/tests/UNIT/tool/ctdb.getvar.001.sh
|
||||
@ -3117,6 +3254,7 @@ fi
|
||||
%{_datadir}/ctdb/tests/UNIT/tool/ctdb.lvs.006.sh
|
||||
%{_datadir}/ctdb/tests/UNIT/tool/ctdb.lvs.007.sh
|
||||
%{_datadir}/ctdb/tests/UNIT/tool/ctdb.lvs.008.sh
|
||||
%{_datadir}/ctdb/tests/UNIT/tool/ctdb.lvs.010.sh
|
||||
%{_datadir}/ctdb/tests/UNIT/tool/ctdb.natgw.001.sh
|
||||
%{_datadir}/ctdb/tests/UNIT/tool/ctdb.natgw.002.sh
|
||||
%{_datadir}/ctdb/tests/UNIT/tool/ctdb.natgw.003.sh
|
||||
@ -3125,6 +3263,7 @@ fi
|
||||
%{_datadir}/ctdb/tests/UNIT/tool/ctdb.natgw.006.sh
|
||||
%{_datadir}/ctdb/tests/UNIT/tool/ctdb.natgw.007.sh
|
||||
%{_datadir}/ctdb/tests/UNIT/tool/ctdb.natgw.008.sh
|
||||
%{_datadir}/ctdb/tests/UNIT/tool/ctdb.natgw.010.sh
|
||||
%{_datadir}/ctdb/tests/UNIT/tool/ctdb.nodestatus.001.sh
|
||||
%{_datadir}/ctdb/tests/UNIT/tool/ctdb.nodestatus.002.sh
|
||||
%{_datadir}/ctdb/tests/UNIT/tool/ctdb.nodestatus.003.sh
|
||||
@ -3195,12 +3334,17 @@ fi
|
||||
%dir %{_datadir}/ctdb/tests/UNIT/tool/scripts
|
||||
%{_datadir}/ctdb/tests/UNIT/tool/scripts/local.sh
|
||||
%config(noreplace) /etc/ld.so.conf.d/*
|
||||
|
||||
#endif with_testsuite
|
||||
%endif
|
||||
#endif with_clustering_support
|
||||
%endif
|
||||
|
||||
%files help
|
||||
%{_mandir}/man*
|
||||
%dir %{_datadir}/samba/admx
|
||||
%{_datadir}/samba/admx/samba.admx
|
||||
%dir %{_datadir}/samba/admx/en-US
|
||||
%{_datadir}/samba/admx/en-US/samba.adml
|
||||
|
||||
%if %{with_winexe}
|
||||
### WINEXE
|
||||
@ -3209,6 +3353,12 @@ fi
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Fri Dec 24 2021 yanglu <yanglu72@huawei.com> - 4.15.3-1
|
||||
- Type:bugfix
|
||||
- ID:NA
|
||||
- SUG:NA
|
||||
- DESC:update samba to 4.15.3
|
||||
|
||||
* Mon Oct 25 2021 gaihuiying <gaihuiying1@huawei.com> - 4.12.5-7
|
||||
- Type:cves
|
||||
- ID:CVE-2021-3671
|
||||
@ -3306,7 +3456,7 @@ fi
|
||||
- Type: enhancement
|
||||
- ID: NA
|
||||
- SUG: NA
|
||||
- DESC:modify spec file
|
||||
- DESC:modify spec file
|
||||
|
||||
* Mon Sep 23 2019 huzhiyu<huzhiyu1@huawei.com> - 4.9.1-3
|
||||
- Package init
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user