- added lib-tls-fix-build-with-gnutls-3.4 (brackport of gnutls API update from 4.2.next)
- added dcerpc-multiplexed patch (backport of multiplexed DCERPC support from 4.2.next)
- added refactor-dcesrv_alter-function (regression fix for the latter, from 4.2.next)
--- /dev/null
+From 8c05ae93755a6f0f9887dd99f6356d488e337329 Mon Sep 17 00:00:00 2001
+From: Julien Kerihuel <j.kerihuel@openchange.org>
+Date: Tue, 24 Mar 2015 21:06:03 -0700
+Subject: [PATCH] Add multiplex state to dcerpc flags and control over
+ multiplex PFC flag in bind_ack and and dcesrv_alter replies
+
+Signed-off-by: Julien Kerihuel <j.kerihuel@openchange.org>
+Reviewed-by: "Stefan (metze) Metzmacher" <metze@samba.org>
+Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
+(cherry picked from commit caaf89e899c2a3926fb9e54d1c86f1a9cd5d7618)
+---
+ source4/rpc_server/dcerpc_server.c | 15 ++++++++++++++-
+ source4/rpc_server/dcerpc_server.h | 1 +
+ 2 files changed, 15 insertions(+), 1 deletion(-)
+
+diff --git a/source4/rpc_server/dcerpc_server.c b/source4/rpc_server/dcerpc_server.c
+index 4d5e166..4681e17 100644
+--- a/source4/rpc_server/dcerpc_server.c
++++ b/source4/rpc_server/dcerpc_server.c
+@@ -614,6 +614,12 @@ static NTSTATUS dcesrv_bind(struct dcesrv_call_state *call)
+ call->conn->cli_max_recv_frag = MIN(0x2000, call->pkt.u.bind.max_recv_frag);
+ }
+
++ if ((call->pkt.pfc_flags & DCERPC_PFC_FLAG_CONC_MPX) &&
++ (call->state_flags & DCESRV_CALL_STATE_FLAG_MULTIPLEXED)) {
++ call->context->conn->state_flags |= DCESRV_CALL_STATE_FLAG_MULTIPLEXED;
++ extra_flags |= DCERPC_PFC_FLAG_CONC_MPX;
++ }
++
+ /* handle any authentication that is being requested */
+ if (!dcesrv_auth_bind(call)) {
+ talloc_free(call->context);
+@@ -793,6 +799,7 @@ static NTSTATUS dcesrv_alter(struct dcesrv_call_state *call)
+ NTSTATUS status;
+ uint32_t result=0, reason=0;
+ uint32_t context_id;
++ uint32_t extra_flags = 0;
+
+ /* handle any authentication that is being requested */
+ if (!dcesrv_auth_alter(call)) {
+@@ -826,12 +833,18 @@ static NTSTATUS dcesrv_alter(struct dcesrv_call_state *call)
+ reason = DCERPC_BIND_REASON_ASYNTAX;
+ }
+
++ if ((call->pkt.pfc_flags & DCERPC_PFC_FLAG_CONC_MPX)) {
++ if (call->context->conn->state_flags & DCESRV_CALL_STATE_FLAG_MULTIPLEXED) {
++ extra_flags |= DCERPC_PFC_FLAG_CONC_MPX;
++ }
++ }
++
+ /* setup a alter_resp */
+ dcesrv_init_hdr(&pkt, lpcfg_rpc_big_endian(call->conn->dce_ctx->lp_ctx));
+ pkt.auth_length = 0;
+ pkt.call_id = call->pkt.call_id;
+ pkt.ptype = DCERPC_PKT_ALTER_RESP;
+- pkt.pfc_flags = DCERPC_PFC_FLAG_FIRST | DCERPC_PFC_FLAG_LAST;
++ pkt.pfc_flags = DCERPC_PFC_FLAG_FIRST | DCERPC_PFC_FLAG_LAST | extra_flags;
+ pkt.u.alter_resp.max_xmit_frag = 0x2000;
+ pkt.u.alter_resp.max_recv_frag = 0x2000;
+ if (result == 0) {
+diff --git a/source4/rpc_server/dcerpc_server.h b/source4/rpc_server/dcerpc_server.h
+index c5d8632..2346876 100644
+--- a/source4/rpc_server/dcerpc_server.h
++++ b/source4/rpc_server/dcerpc_server.h
+@@ -101,6 +101,7 @@ struct dcesrv_call_state {
+ */
+ #define DCESRV_CALL_STATE_FLAG_ASYNC (1<<0)
+ #define DCESRV_CALL_STATE_FLAG_MAY_ASYNC (1<<1)
++#define DCESRV_CALL_STATE_FLAG_MULTIPLEXED (1<<3)
+ uint32_t state_flags;
+
+ /* the time the request arrived in the server */
+--
+1.9.1
+
--- /dev/null
+From 33379031e66330c453bd5af201c2ddca3dd16a2c Mon Sep 17 00:00:00 2001
+From: Evangelos Foutras <evangelos@foutrelis.com>
+Date: Mon, 13 Apr 2015 23:11:14 +0300
+Subject: [PATCH] s4:lib/tls: fix build with gnutls 3.4
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+gnutls_certificate_type_set_priority() was removed in GnuTLS 3.4.0. Use
+gnutls_priority_set_direct instead.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=8780
+
+Signed-off-by: Björn Jacke <bj@sernet.de>
+Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
+
+Autobuild-User(master): Björn Jacke <bj@sernet.de>
+Autobuild-Date(master): Wed Apr 29 22:29:02 CEST 2015 on sn-devel-104
+
+(cherry picked from commit c6ad8a10c12c8a79dc83cab1591e5279edd62bd6)
+---
+ source4/lib/tls/tls.c | 3 +--
+ source4/lib/tls/tls_tstream.c | 7 +------
+ 2 files changed, 2 insertions(+), 8 deletions(-)
+
+diff --git a/source4/lib/tls/tls.c b/source4/lib/tls/tls.c
+index 9a3e610..7a7a7cd 100644
+--- a/source4/lib/tls/tls.c
++++ b/source4/lib/tls/tls.c
+@@ -572,7 +572,6 @@ struct socket_context *tls_init_client(struct socket_context *socket_ctx,
+ {
+ struct tls_context *tls;
+ int ret = 0;
+- const int cert_type_priority[] = { GNUTLS_CRT_X509, GNUTLS_CRT_OPENPGP, 0 };
+ struct socket_context *new_sock;
+ NTSTATUS nt_status;
+
+@@ -598,7 +597,7 @@ struct socket_context *tls_init_client(struct socket_context *socket_ctx,
+ gnutls_certificate_set_x509_trust_file(tls->xcred, ca_path, GNUTLS_X509_FMT_PEM);
+ TLSCHECK(gnutls_init(&tls->session, GNUTLS_CLIENT));
+ TLSCHECK(gnutls_set_default_priority(tls->session));
+- gnutls_certificate_type_set_priority(tls->session, cert_type_priority);
++ gnutls_priority_set_direct(tls->session, "NORMAL:+CTYPE-OPENPGP", NULL);
+ TLSCHECK(gnutls_credentials_set(tls->session, GNUTLS_CRD_CERTIFICATE, tls->xcred));
+
+ talloc_set_destructor(tls, tls_destructor);
+diff --git a/source4/lib/tls/tls_tstream.c b/source4/lib/tls/tls_tstream.c
+index 2cb75ed..b907d0a 100644
+--- a/source4/lib/tls/tls_tstream.c
++++ b/source4/lib/tls/tls_tstream.c
+@@ -967,11 +967,6 @@ struct tevent_req *_tstream_tls_connect_send(TALLOC_CTX *mem_ctx,
+ #if ENABLE_GNUTLS
+ struct tstream_tls *tlss;
+ int ret;
+- static const int cert_type_priority[] = {
+- GNUTLS_CRT_X509,
+- GNUTLS_CRT_OPENPGP,
+- 0
+- };
+ #endif /* ENABLE_GNUTLS */
+
+ req = tevent_req_create(mem_ctx, &state,
+@@ -1014,7 +1009,7 @@ struct tevent_req *_tstream_tls_connect_send(TALLOC_CTX *mem_ctx,
+ return tevent_req_post(req, ev);
+ }
+
+- gnutls_certificate_type_set_priority(tlss->tls_session, cert_type_priority);
++ gnutls_priority_set_direct(tlss->tls_session, "NORMAL:+CTYPE-OPENPGP", NULL);
+
+ ret = gnutls_credentials_set(tlss->tls_session,
+ GNUTLS_CRD_CERTIFICATE,
+--
+2.3.0
+
--- /dev/null
+From 4b942ee95cc351e4b123f57197ef19c79ae2b0aa Mon Sep 17 00:00:00 2001
+From: Jeremy Allison <jra@samba.org>
+Date: Fri, 24 Apr 2015 13:19:30 -0700
+Subject: [PATCH] s4: rpc: Refactor dcesrv_alter() function into setup and send
+ steps.
+
+Fixes bug:
+
+https://bugzilla.samba.org/show_bug.cgi?id=11236
+
+Based on code from Julien Kerihuel <j.kerihuel@openchange.org>
+
+Signed-off-by: Jeremy Allison <jra@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+
+Autobuild-User(master): Jeremy Allison <jra@samba.org>
+Autobuild-Date(master): Sat Apr 25 02:43:22 CEST 2015 on sn-devel-104
+
+(cherry picked from commit 49030649db3dfec5a9bc03e5dde4255a14499f16)
+---
+ source4/rpc_server/dcerpc_server.c | 114 ++++++++++++++++++++-----------------
+ 1 file changed, 62 insertions(+), 52 deletions(-)
+
+diff --git a/source4/rpc_server/dcerpc_server.c b/source4/rpc_server/dcerpc_server.c
+index f25aa68..b1c763b 100644
+--- a/source4/rpc_server/dcerpc_server.c
++++ b/source4/rpc_server/dcerpc_server.c
+@@ -793,62 +793,27 @@ static NTSTATUS dcesrv_alter_new_context(struct dcesrv_call_state *call, uint32_
+ return NT_STATUS_OK;
+ }
+
+-
+-/*
+- handle a alter context request
+-*/
+-static NTSTATUS dcesrv_alter(struct dcesrv_call_state *call)
++/* setup and send an alter_resp */
++static NTSTATUS dcesrv_alter_resp(struct dcesrv_call_state *call,
++ uint32_t result,
++ uint32_t reason)
+ {
+ struct ncacn_packet pkt;
+- struct data_blob_list_item *rep;
+- NTSTATUS status;
+- uint32_t result=0, reason=0;
+- uint32_t context_id;
+ uint32_t extra_flags = 0;
++ struct data_blob_list_item *rep = NULL;
++ NTSTATUS status;
+
+- /* handle any authentication that is being requested */
+- if (!dcesrv_auth_alter(call)) {
+- /* TODO: work out the right reject code */
+- result = DCERPC_BIND_PROVIDER_REJECT;
+- reason = DCERPC_BIND_REASON_ASYNTAX;
+- }
+-
+- context_id = call->pkt.u.alter.ctx_list[0].context_id;
+-
+- /* see if they are asking for a new interface */
+- if (result == 0) {
+- call->context = dcesrv_find_context(call->conn, context_id);
+- if (!call->context) {
+- status = dcesrv_alter_new_context(call, context_id);
+- if (!NT_STATUS_IS_OK(status)) {
+- result = DCERPC_BIND_PROVIDER_REJECT;
+- reason = DCERPC_BIND_REASON_ASYNTAX;
+- }
+- }
+- }
+-
+- if (result == 0 &&
+- call->pkt.u.alter.assoc_group_id != 0 &&
+- lpcfg_parm_bool(call->conn->dce_ctx->lp_ctx, NULL, "dcesrv","assoc group checking", true) &&
+- call->pkt.u.alter.assoc_group_id != call->context->assoc_group->id) {
+- DEBUG(0,(__location__ ": Failed attempt to use new assoc_group in alter context (0x%08x 0x%08x)\n",
+- call->context->assoc_group->id, call->pkt.u.alter.assoc_group_id));
+- /* TODO: can they ask for a new association group? */
+- result = DCERPC_BIND_PROVIDER_REJECT;
+- reason = DCERPC_BIND_REASON_ASYNTAX;
+- }
+-
+- if ((call->pkt.pfc_flags & DCERPC_PFC_FLAG_CONC_MPX)) {
+- if (call->context->conn->state_flags & DCESRV_CALL_STATE_FLAG_MULTIPLEXED) {
+- extra_flags |= DCERPC_PFC_FLAG_CONC_MPX;
+- }
+- }
+-
+- /* setup a alter_resp */
+ dcesrv_init_hdr(&pkt, lpcfg_rpc_big_endian(call->conn->dce_ctx->lp_ctx));
+ pkt.auth_length = 0;
+ pkt.call_id = call->pkt.call_id;
+ pkt.ptype = DCERPC_PKT_ALTER_RESP;
++ if (result == 0) {
++ if ((call->pkt.pfc_flags & DCERPC_PFC_FLAG_CONC_MPX) &&
++ call->context->conn->state_flags &
++ DCESRV_CALL_STATE_FLAG_MULTIPLEXED) {
++ extra_flags |= DCERPC_PFC_FLAG_CONC_MPX;
++ }
++ }
+ pkt.pfc_flags = DCERPC_PFC_FLAG_FIRST | DCERPC_PFC_FLAG_LAST | extra_flags;
+ pkt.u.alter_resp.max_xmit_frag = 0x2000;
+ pkt.u.alter_resp.max_recv_frag = 0x2000;
+@@ -908,6 +873,51 @@ static NTSTATUS dcesrv_alter(struct dcesrv_call_state *call)
+ }
+
+ /*
++ handle a alter context request
++*/
++static NTSTATUS dcesrv_alter(struct dcesrv_call_state *call)
++{
++ NTSTATUS status;
++ uint32_t context_id;
++
++ /* handle any authentication that is being requested */
++ if (!dcesrv_auth_alter(call)) {
++ /* TODO: work out the right reject code */
++ return dcesrv_alter_resp(call,
++ DCERPC_BIND_PROVIDER_REJECT,
++ DCERPC_BIND_REASON_ASYNTAX);
++ }
++
++ context_id = call->pkt.u.alter.ctx_list[0].context_id;
++
++ /* see if they are asking for a new interface */
++ call->context = dcesrv_find_context(call->conn, context_id);
++ if (!call->context) {
++ status = dcesrv_alter_new_context(call, context_id);
++ if (!NT_STATUS_IS_OK(status)) {
++ return dcesrv_alter_resp(call,
++ DCERPC_BIND_PROVIDER_REJECT,
++ DCERPC_BIND_REASON_ASYNTAX);
++ }
++ }
++
++ if (call->pkt.u.alter.assoc_group_id != 0 &&
++ lpcfg_parm_bool(call->conn->dce_ctx->lp_ctx, NULL, "dcesrv","assoc group checking", true) &&
++ call->pkt.u.alter.assoc_group_id != call->context->assoc_group->id) {
++ DEBUG(0,(__location__ ": Failed attempt to use new assoc_group in alter context (0x%08x 0x%08x)\n",
++ call->context->assoc_group->id, call->pkt.u.alter.assoc_group_id));
++ /* TODO: can they ask for a new association group? */
++ return dcesrv_alter_resp(call,
++ DCERPC_BIND_PROVIDER_REJECT,
++ DCERPC_BIND_REASON_ASYNTAX);
++ }
++
++ return dcesrv_alter_resp(call,
++ DCERPC_BIND_ACK_RESULT_ACCEPTANCE,
++ DCERPC_BIND_ACK_REASON_NOT_SPECIFIED);
++}
++
++/*
+ possibly save the call for inspection with ndrdump
+ */
+ static void dcesrv_save_call(struct dcesrv_call_state *call, const char *why)
+--
+2.2.0.rc0.207.ga3a616c
+
Summary: Samba Active Directory and SMB server
Summary(pl.UTF-8): Serwer Samba Active Directory i SMB
Name: samba
-Version: 4.2.0
-Release: 2
+Version: 4.2.1
+Release: 0.1
Epoch: 1
License: GPL v3
Group: Networking/Daemons
-Source0: http://www.samba.org/ftp/samba/samba-%{version}.tar.gz
-# Source0-md5: 5ef28ee4cda243d07a0066f038b7d6e0
+Source0: https://www.samba.org/ftp/samba/samba-%{version}.tar.gz
+# Source0-md5: 614b4c7b9bbc70cff4cb56956f565741
Source1: smb.init
Source2: samba.pamd
Source4: samba.sysconfig
Patch2: %{name}-lprng-no-dot-printers.patch
Patch3: systemd-pid-dir.patch
Patch4: unicodePwd-nthash-values-over-LDAP.patch
-Patch5: samba-heimdal.patch
+Patch5: %{name}-heimdal.patch
Patch6: server-role.patch
Patch7: %{name}-bug-9816.patch
+Patch8: %{name}-lib-tls-fix-build-with-gnutls-3.4.patch
+Patch9: %{name}-dcerpc-multiplexed.patch
+Patch10: %{name}-refactor-dcesrv_alter-function.patch
URL: http://www.samba.org/
BuildRequires: acl-devel
%{?with_avahi:BuildRequires: avahi-devel}
%patch5 -p1
%patch6 -p1
%patch7 -p1
+%patch8 -p1
+%patch9 -p1
+%patch10 -p1
%{__sed} -i -e 's|#!/usr/bin/env python|#!/usr/bin/python|' source4/scripting/bin/samba*
%{__sed} -i -e 's|#!/usr/bin/env perl|#!/usr/bin/perl|' pidl/pidl
projects / packages / samba.git / commitdiff