This commit was manufactured by cvs2git to create tag 'auto-ac-samba-

3_0_28a-1'.

Sprout from master 2008-02-06 15:14:50 UTC Jan Rękorajski <baggins@pld-linux.org> '- add location option to rpcclient setprinter command'
Cherrypick from master 2006-06-06 11:59:08 UTC Elan Ruusamäe <glen@pld-linux.org> '- cosmetic':
    samba.logrotate -> 1.6
    samba.pamd -> 1.3
Cherrypick from AC-branch 2008-03-30 12:46:21 UTC Elan Ruusamäe <glen@pld-linux.org> '- merge from HEAD update to 3.0.28a (fixes vista interoperability issues); add vfs_notify_fam module':
    samba.spec -> 1.348.2.7.2.9
Cherrypick from unlabeled-1.3.2 2007-07-06 17:08:28 UTC Jakub Bogusz <qboosh@pld-linux.org> '- adjusted for AC glibc not compliant with current POSIX':
    samba-smbwrapper.patch -> 1.3.2.1
Cherrypick from unlabeled-1.8.2 2007-04-17 10:24:06 UTC twittner <twittner@pld-linux.org> '- don't confuse people: security_level.txt file doesn't exist.':
    smb.conf -> 1.8.2.1
Delete:
    samba-3.0-CAN-2006-3403.patch
    samba-pam_smbpass-syslog.patch

diff --git a/samba-3.0-CAN-2006-3403.patch b/samba-3.0-CAN-2006-3403.patch
deleted file mode 100644 (file)
index e9c80a6..0000000
--- a/samba-3.0-CAN-2006-3403.patch
+++ /dev/null
@@ -1,16 +0,0 @@
-Index: source/smbd/service.c
-===================================================================
---- source/smbd/service.c      (revision 16676)
-+++ source/smbd/service.c      (working copy)
-@@ -763,6 +763,11 @@
-               smb_panic("make_connection: PANIC ERROR. Called as nonroot\n");
-       }
- 
-+      if (conn_num_open() > 2047) {
-+              *status = NT_STATUS_INSUFF_SERVER_RESOURCES;
-+              return NULL;
-+      }
-+
-       if(lp_security() != SEC_SHARE) {
-               vuser = get_valid_user_struct(vuid);
-               if (!vuser) {

diff --git a/samba-pam_smbpass-syslog.patch b/samba-pam_smbpass-syslog.patch
deleted file mode 100644 (file)
index b33792a..0000000
--- a/samba-pam_smbpass-syslog.patch
+++ /dev/null
@@ -1,584 +0,0 @@
-Goal: Don't call openlog() or closelog() from pam_smbpass
-
-Fixes: bug #434372 (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=434372)
-
-Upstream status: submitted as bugzilla bug #4831
-
-Index: samba-3.0.25c/source/pam_smbpass/support.c
-===================================================================
---- samba-3.0.25c.orig/source/pam_smbpass/support.c    2007-08-26 12:07:14.098417404 +0200
-+++ samba-3.0.25c/source/pam_smbpass/support.c 2007-08-26 13:09:09.419359938 +0200
-@@ -15,6 +15,7 @@
-        * Mass Ave, Cambridge, MA 02139, USA.
-        */
- 
-+      #include "config.h"
-       #include "includes.h"
-       #include "general.h"
- 
-@@ -66,19 +67,44 @@
- 
-       char *servicesf = dyn_CONFIGFILE;
- 
--      /* syslogging function for errors and other information */
--
--      void _log_err( int err, const char *format, ... )
--      {
--          va_list args;
-+/* syslogging function for errors and other information */
-+#ifdef HAVE_PAM_VSYSLOG
-+void _log_err( pam_handle_t *pamh, int err, const char *format, ... )
-+{
-+      va_list args;
- 
--          va_start( args, format );
--          openlog( "PAM_smbpass", LOG_CONS | LOG_PID, LOG_AUTH );
--          vsyslog( err, format, args );
--          va_end( args );
--          closelog();
-+      va_start(args, format);
-+      pam_vsyslog(pamh, err, format, args);
-+      va_end(args);
-+}
-+#else
-+void _log_err( pam_handle_t *pamh, int err, const char *format, ... )
-+{
-+      va_list args;
-+      const char tag[] = "(pam_smbpass) ";
-+      char *mod_format;
-+
-+      mod_format = SMB_MALLOC_ARRAY(char, sizeof(tag) + strlen(format));
-+      /* try really, really hard to log something, since this may have
-+         been a message about a malloc() failure... */
-+      if (mod_format == NULL) {
-+              va_start(args, format);
-+              vsyslog(err | LOG_AUTH, format, args);
-+              va_end(args);
-+              return;
-       }
- 
-+      strncpy(mod_format, tag, strlen(tag)+1);
-+      strncat(mod_format, format, strlen(format));
-+
-+      va_start(args, format);
-+      vsyslog(err | LOG_AUTH, mod_format, args);
-+      va_end(args);
-+
-+      free(mod_format);
-+}
-+#endif
-+
-       /* this is a front-end for module-application conversations */
- 
-       int converse( pam_handle_t * pamh, int ctrl, int nargs
-@@ -95,12 +121,14 @@
-                                                               ,response, conv->appdata_ptr);
- 
-                       if (retval != PAM_SUCCESS && on(SMB_DEBUG, ctrl)) {
--                              _log_err(LOG_DEBUG, "conversation failure [%s]"
--                                               ,pam_strerror(pamh, retval));
-+                              _log_err(pamh, LOG_DEBUG,
-+                                       "conversation failure [%s]",
-+                                       pam_strerror(pamh, retval));
-                       }
-               } else {
--                      _log_err(LOG_ERR, "couldn't obtain coversation function [%s]"
--                                       ,pam_strerror(pamh, retval));
-+                      _log_err(pamh, LOG_ERR,
-+                               "couldn't obtain coversation function [%s]",
-+                               pam_strerror(pamh, retval));
-               }
- 
-               return retval;                          /* propagate error status */
-@@ -126,7 +154,7 @@
- 
-       /* set the control flags for the SMB module. */
- 
--int set_ctrl( int flags, int argc, const char **argv )
-+int set_ctrl( pam_handle_t *pamh, int flags, int argc, const char **argv )
- {
-     int i = 0;
-     const char *service_file = dyn_CONFIGFILE;
-@@ -168,7 +196,7 @@
-     /* Read some options from the Samba config. Can be overridden by
-        the PAM config. */
-     if(lp_load(service_file,True,False,False,True) == False) {
--      _log_err( LOG_ERR, "Error loading service file %s", service_file );
-+      _log_err(pamh, LOG_ERR, "Error loading service file %s", service_file);
-     }
- 
-     secrets_init();
-@@ -191,7 +219,7 @@
-         }
- 
-         if (j >= SMB_CTRLS_) {
--            _log_err( LOG_ERR, "unrecognized option [%s]", *argv );
-+            _log_err(pamh, LOG_ERR, "unrecognized option [%s]", *argv);
-         } else {
-             ctrl &= smb_args[j].mask; /* for turning things off */
-             ctrl |= smb_args[j].flag; /* for turning things on  */
-@@ -230,7 +258,7 @@
-  * evidence of old token around for later stack analysis.
-  *
-  */
--char * smbpXstrDup( const char *x )
-+char * smbpXstrDup( pam_handle_t *pamh, const char *x )
- {
-     register char *newstr = NULL;
- 
-@@ -240,7 +268,7 @@
-         for (i = 0; x[i]; ++i); /* length of string */
-         if ((newstr = SMB_MALLOC_ARRAY(char, ++i)) == NULL) {
-             i = 0;
--            _log_err( LOG_CRIT, "out of memory in smbpXstrDup" );
-+            _log_err(pamh, LOG_CRIT, "out of memory in smbpXstrDup");
-         } else {
-             while (i-- > 0) {
-                 newstr[i] = x[i];
-@@ -282,7 +310,7 @@
-             /* log the number of authentication failures */
-             if (failure->count != 0) {
-                 pam_get_item( pamh, PAM_SERVICE, (const void **) &service );
--                _log_err( LOG_NOTICE
-+                _log_err(pamh, LOG_NOTICE
-                           , "%d authentication %s "
-                             "from %s for service %s as %s(%d)"
-                           , failure->count
-@@ -291,7 +319,7 @@
-                           , service == NULL ? "**unknown**" : service 
-                           , failure->user, failure->id );
-                 if (failure->count > SMB_MAX_RETRIES) {
--                    _log_err( LOG_ALERT
-+                    _log_err(pamh, LOG_ALERT
-                               , "service(%s) ignoring max retries; %d > %d"
-                               , service == NULL ? "**unknown**" : service
-                               , failure->count
-@@ -327,8 +355,7 @@
- 
-     if (!pdb_get_lanman_passwd(sampass))
-     {
--        _log_err( LOG_DEBUG, "user %s has null SMB password"
--                  , name );
-+        _log_err(pamh, LOG_DEBUG, "user %s has null SMB password", name);
- 
-         if (off( SMB__NONULL, ctrl )
-             && (pdb_get_acct_ctrl(sampass) & ACB_PWNOTREQ))
-@@ -338,15 +365,16 @@
-             const char *service;
- 
-             pam_get_item( pamh, PAM_SERVICE, (const void **)&service );
--            _log_err( LOG_NOTICE, "failed auth request by %s for service %s as %s",
--                      uidtoname(getuid()), service ? service : "**unknown**", name);
-+            _log_err(pamh, LOG_NOTICE,
-+                   "failed auth request by %s for service %s as %s",
-+                     uidtoname(getuid()), service ? service : "**unknown**", name);
-             return PAM_AUTH_ERR;
-         }
-     }
- 
-     data_name = SMB_MALLOC_ARRAY(char, sizeof(FAIL_PREFIX) + strlen( name ));
-     if (data_name == NULL) {
--        _log_err( LOG_CRIT, "no memory for data-name" );
-+        _log_err(pamh, LOG_CRIT, "no memory for data-name");
-     }
-     strncpy( data_name, FAIL_PREFIX, sizeof(FAIL_PREFIX) );
-     strncpy( data_name + sizeof(FAIL_PREFIX) - 1, name, strlen( name ) + 1 );
-@@ -392,31 +420,31 @@
-                         retval = PAM_MAXTRIES;
-                     }
-                 } else {
--                    _log_err(LOG_NOTICE,
-+                    _log_err(pamh, LOG_NOTICE,
-                       "failed auth request by %s for service %s as %s",
-                       uidtoname(getuid()),
-                       service ? service : "**unknown**", name);
-                     newauth->count = 1;
-                 }
-               if (!sid_to_uid(pdb_get_user_sid(sampass), &(newauth->id))) {
--                    _log_err(LOG_NOTICE,
-+                    _log_err(pamh, LOG_NOTICE,
-                       "failed auth request by %s for service %s as %s",
-                       uidtoname(getuid()),
-                       service ? service : "**unknown**", name);
-               }               
--                newauth->user = smbpXstrDup( name );
--                newauth->agent = smbpXstrDup( uidtoname( getuid() ) );
-+                newauth->user = smbpXstrDup(pamh, name);
-+                newauth->agent = smbpXstrDup(pamh, uidtoname( getuid() ));
-                 pam_set_data( pamh, data_name, newauth, _cleanup_failures );
- 
-             } else {
--                _log_err( LOG_CRIT, "no memory for failure recorder" );
--                _log_err(LOG_NOTICE,
-+                _log_err(pamh, LOG_CRIT, "no memory for failure recorder");
-+                _log_err(pamh, LOG_NOTICE,
-                       "failed auth request by %s for service %s as %s(%d)",
-                       uidtoname(getuid()),
-                       service ? service : "**unknown**", name);
-             }
-         } else {
--            _log_err(LOG_NOTICE,
-+            _log_err(pamh, LOG_NOTICE,
-                       "failed auth request by %s for service %s as %s(%d)",
-                       uidtoname(getuid()),
-                       service ? service : "**unknown**", name);
-@@ -490,8 +518,8 @@
-         retval = pam_get_item( pamh, authtok_flag, (const void **) &item );
-         if (retval != PAM_SUCCESS) {
-             /* very strange. */
--            _log_err( LOG_ALERT
--                      , "pam_get_item returned error to smb_read_password" );
-+            _log_err(pamh, LOG_ALERT,
-+                     "pam_get_item returned error to smb_read_password");
-             return retval;
-         } else if (item != NULL) {    /* we have a password! */
-             *pass = item;
-@@ -543,7 +571,7 @@
- 
-         if (retval == PAM_SUCCESS) {  /* a good conversation */
- 
--            token = smbpXstrDup(resp[j++].resp);
-+            token = smbpXstrDup(pamh, resp[j++].resp);
-             if (token != NULL) {
-                 if (expect == 2) {
-                     /* verify that password entered correctly */
-@@ -555,7 +583,8 @@
-                     }
-                 }
-             } else {
--                _log_err(LOG_NOTICE, "could not recover authentication token");
-+                _log_err(pamh, LOG_NOTICE,
-+                       "could not recover authentication token");
-             }
-         }
- 
-@@ -568,7 +597,7 @@
- 
-     if (retval != PAM_SUCCESS) {
-         if (on( SMB_DEBUG, ctrl ))
--            _log_err( LOG_DEBUG, "unable to obtain a password" );
-+            _log_err(pamh, LOG_DEBUG, "unable to obtain a password");
-         return retval;
-     }
-     /* 'token' is the entered password */
-@@ -583,7 +612,7 @@
-             || (retval = pam_get_item( pamh, authtok_flag
-                             ,(const void **)&item )) != PAM_SUCCESS)
-         {
--            _log_err( LOG_CRIT, "error manipulating password" );
-+            _log_err(pamh, LOG_CRIT, "error manipulating password");
-             return retval;
-         }
-     } else {
-@@ -597,8 +626,8 @@
-             || (retval = pam_get_data( pamh, data_name, (const void **)&item ))
-                              != PAM_SUCCESS)
-         {
--            _log_err( LOG_CRIT, "error manipulating password data [%s]"
--                      , pam_strerror( pamh, retval ));
-+            _log_err(pamh, LOG_CRIT, "error manipulating password data [%s]",
-+                     pam_strerror( pamh, retval ));
-             _pam_delete( token );
-             item = NULL;
-             return retval;
-@@ -622,8 +651,8 @@
-     if (pass_new == NULL || (pass_old && !strcmp( pass_old, pass_new )))
-     {
-       if (on(SMB_DEBUG, ctrl)) {
--          _log_err( LOG_DEBUG,
--                    "passwd: bad authentication token (null or unchanged)" );
-+          _log_err(pamh, LOG_DEBUG,
-+                   "passwd: bad authentication token (null or unchanged)");
-       }
-       make_remark( pamh, ctrl, PAM_ERROR_MSG, pass_new == NULL ?
-                               "No password supplied" : "Password unchanged" );
-Index: samba-3.0.25c/source/pam_smbpass/pam_smb_auth.c
-===================================================================
---- samba-3.0.25c.orig/source/pam_smbpass/pam_smb_auth.c       2007-08-26 12:07:14.098417404 +0200
-+++ samba-3.0.25c/source/pam_smbpass/pam_smb_auth.c    2007-08-26 13:09:09.419359938 +0200
-@@ -75,10 +75,9 @@
- 
-       /* Samba initialization. */
-       load_case_tables();
--      setup_logging("pam_smbpass",False);
-       in_client = True;
- 
--      ctrl = set_ctrl(flags, argc, argv);
-+      ctrl = set_ctrl(pamh, flags, argc, argv);
- 
-       /* Get a few bytes so we can pass our return value to
-               pam_sm_setcred(). */
-@@ -93,23 +92,23 @@
-       retval = pam_get_user( pamh, &name, "Username: " );
-       if ( retval != PAM_SUCCESS ) {
-               if (on( SMB_DEBUG, ctrl )) {
--                      _log_err(LOG_DEBUG, "auth: could not identify user");
-+                      _log_err(pamh, LOG_DEBUG, "auth: could not identify user");
-               }
-               AUTH_RETURN;
-       }
-       if (on( SMB_DEBUG, ctrl )) {
--              _log_err( LOG_DEBUG, "username [%s] obtained", name );
-+              _log_err(pamh, LOG_DEBUG, "username [%s] obtained", name);
-       }
- 
-       if (!initialize_password_db(True)) {
--              _log_err( LOG_ALERT, "Cannot access samba password database" );
-+              _log_err(pamh, LOG_ALERT, "Cannot access samba password database");
-               retval = PAM_AUTHINFO_UNAVAIL;
-               AUTH_RETURN;
-       }
- 
-       sampass = samu_new( NULL );
-       if (!sampass) {
--              _log_err( LOG_ALERT, "Cannot talloc a samu struct" );
-+              _log_err(pamh, LOG_ALERT, "Cannot talloc a samu struct");
-               retval = nt_status_to_pam(NT_STATUS_NO_MEMORY);
-               AUTH_RETURN;
-       }
-@@ -123,7 +122,7 @@
-       }
- 
-       if (!found) {
--              _log_err(LOG_ALERT, "Failed to find entry for user %s.", name);
-+              _log_err(pamh, LOG_ALERT, "Failed to find entry for user %s.", name);
-               retval = PAM_USER_UNKNOWN;
-               TALLOC_FREE(sampass);
-               sampass = NULL;
-@@ -142,7 +141,7 @@
- 
-       retval = _smb_read_password(pamh, ctrl, NULL, "Password: ", NULL, _SMB_AUTHTOK, &p);
-       if (retval != PAM_SUCCESS ) {
--              _log_err(LOG_CRIT, "auth: no password provided for [%s]", name);
-+              _log_err(pamh,LOG_CRIT, "auth: no password provided for [%s]", name);
-               TALLOC_FREE(sampass);
-               AUTH_RETURN;
-       }
-@@ -194,8 +193,8 @@
-     retval = pam_get_item( pamh, PAM_AUTHTOK, (const void **) &pass );
- 
-     if (retval != PAM_SUCCESS) {
--      _log_err( LOG_ALERT
--                , "pam_get_item returned error to pam_sm_authenticate" );
-+      _log_err(pamh, LOG_ALERT,
-+               "pam_get_item returned error to pam_sm_authenticate");
-       return PAM_AUTHTOK_RECOVER_ERR;
-     } else if (pass == NULL) {
-       return PAM_AUTHTOK_RECOVER_ERR;
-Index: samba-3.0.25c/source/pam_smbpass/pam_smb_acct.c
-===================================================================
---- samba-3.0.25c.orig/source/pam_smbpass/pam_smb_acct.c       2007-08-26 12:07:14.098417404 +0200
-+++ samba-3.0.25c/source/pam_smbpass/pam_smb_acct.c    2007-08-26 13:09:09.419359938 +0200
-@@ -52,29 +52,28 @@
- 
-       /* Samba initialization. */
-       load_case_tables();
--      setup_logging( "pam_smbpass", False );
-       in_client = True;
- 
--      ctrl = set_ctrl( flags, argc, argv );
-+      ctrl = set_ctrl(pamh, flags, argc, argv);
- 
-       /* get the username */
- 
-       retval = pam_get_user( pamh, &name, "Username: " );
-       if (retval != PAM_SUCCESS) {
-               if (on( SMB_DEBUG, ctrl )) {
--                      _log_err( LOG_DEBUG, "acct: could not identify user" );
-+                      _log_err(pamh, LOG_DEBUG, "acct: could not identify user");
-               }
-               return retval;
-       }
-       if (on( SMB_DEBUG, ctrl )) {
--              _log_err( LOG_DEBUG, "acct: username [%s] obtained", name );
-+              _log_err(pamh, LOG_DEBUG, "acct: username [%s] obtained", name);
-       }
- 
-       /* Getting into places that might use LDAP -- protect the app
-               from a SIGPIPE it's not expecting */
-       oldsig_handler = CatchSignal(SIGPIPE, SIGNAL_CAST SIG_IGN);
-       if (!initialize_password_db(True)) {
--              _log_err( LOG_ALERT, "Cannot access samba password database" );
-+              _log_err(pamh, LOG_ALERT, "Cannot access samba password database");
-               CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler);
-               return PAM_AUTHINFO_UNAVAIL;
-       }
-@@ -88,7 +87,7 @@
-       }
- 
-       if (!pdb_getsampwnam(sampass, name )) {
--              _log_err( LOG_DEBUG, "acct: could not identify user" );
-+              _log_err(pamh, LOG_DEBUG, "acct: could not identify user");
-               CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler);
-               return PAM_USER_UNKNOWN;
-       }
-@@ -101,8 +100,8 @@
- 
-       if (pdb_get_acct_ctrl(sampass) & ACB_DISABLED) {
-               if (on( SMB_DEBUG, ctrl )) {
--                      _log_err( LOG_DEBUG
--                              , "acct: account %s is administratively disabled", name );
-+                      _log_err(pamh, LOG_DEBUG,
-+                               "acct: account %s is administratively disabled", name);
-               }
-               make_remark( pamh, ctrl, PAM_ERROR_MSG
-                       , "Your account has been disabled; "
-Index: samba-3.0.25c/source/pam_smbpass/pam_smb_passwd.c
-===================================================================
---- samba-3.0.25c.orig/source/pam_smbpass/pam_smb_passwd.c     2007-08-26 12:07:14.098417404 +0200
-+++ samba-3.0.25c/source/pam_smbpass/pam_smb_passwd.c  2007-08-26 13:09:09.419359938 +0200
-@@ -104,10 +104,9 @@
- 
-     /* Samba initialization. */
-     load_case_tables();
--    setup_logging( "pam_smbpass", False );
-     in_client = True;
- 
--    ctrl = set_ctrl(flags, argc, argv);
-+    ctrl = set_ctrl(pamh, flags, argc, argv);
- 
-     /*
-      * First get the name of a user.  No need to do anything if we can't
-@@ -117,12 +116,12 @@
-     retval = pam_get_user( pamh, &user, "Username: " );
-     if (retval != PAM_SUCCESS) {
-         if (on( SMB_DEBUG, ctrl )) {
--            _log_err( LOG_DEBUG, "password: could not identify user" );
-+            _log_err(pamh, LOG_DEBUG, "password: could not identify user");
-         }
-         return retval;
-     }
-     if (on( SMB_DEBUG, ctrl )) {
--        _log_err( LOG_DEBUG, "username [%s] obtained", user );
-+        _log_err(pamh, LOG_DEBUG, "username [%s] obtained", user);
-     }
- 
-     /* Getting into places that might use LDAP -- protect the app
-@@ -130,7 +129,7 @@
-     oldsig_handler = CatchSignal(SIGPIPE, SIGNAL_CAST SIG_IGN);
- 
-     if (!initialize_password_db(False)) {
--        _log_err( LOG_ALERT, "Cannot access samba password database" );
-+        _log_err(pamh, LOG_ALERT, "Cannot access samba password database");
-         CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler);
-         return PAM_AUTHINFO_UNAVAIL;
-     }
-@@ -142,12 +141,12 @@
-     }
- 
-     if (!pdb_getsampwnam(sampass,user)) {
--        _log_err( LOG_ALERT, "Failed to find entry for user %s.", user );
-+        _log_err(pamh, LOG_ALERT, "Failed to find entry for user %s.", user);
-         CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler);
-         return PAM_USER_UNKNOWN;
-     }
-     if (on( SMB_DEBUG, ctrl )) {
--        _log_err( LOG_DEBUG, "Located account for %s", user );
-+        _log_err(pamh, LOG_DEBUG, "Located account for %s", user);
-     }
- 
-     if (flags & PAM_PRELIM_CHECK) {
-@@ -173,7 +172,7 @@
- #define greeting "Changing password for "
-             Announce = SMB_MALLOC_ARRAY(char, sizeof(greeting)+strlen(user));
-             if (Announce == NULL) {
--                _log_err(LOG_CRIT, "password: out of memory");
-+                _log_err(pamh, LOG_CRIT, "password: out of memory");
-                 TALLOC_FREE(sampass);
-                 CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler);
-                 return PAM_BUF_ERR;
-@@ -188,8 +187,8 @@
-             SAFE_FREE( Announce );
- 
-             if (retval != PAM_SUCCESS) {
--                _log_err( LOG_NOTICE
--                          , "password - (old) token not obtained" );
-+                _log_err(pamh, LOG_NOTICE,
-+                         "password - (old) token not obtained");
-                 TALLOC_FREE(sampass);
-                 CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler);
-                 return retval;
-@@ -234,7 +233,7 @@
-         }
- 
-         if (retval != PAM_SUCCESS) {
--            _log_err( LOG_NOTICE, "password: user not authenticated" );
-+            _log_err(pamh, LOG_NOTICE, "password: user not authenticated");
-             TALLOC_FREE(sampass);
-             CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler);
-             return retval;
-@@ -259,8 +258,8 @@
- 
-         if (retval != PAM_SUCCESS) {
-             if (on( SMB_DEBUG, ctrl )) {
--                _log_err( LOG_ALERT
--                          , "password: new password not obtained" );
-+                _log_err(pamh, LOG_ALERT,
-+                         "password: new password not obtained");
-             }
-             pass_old = NULL;                               /* tidy up */
-             TALLOC_FREE(sampass);
-@@ -281,7 +280,7 @@
-         retval = _pam_smb_approve_pass(pamh, ctrl, pass_old, pass_new);
- 
-         if (retval != PAM_SUCCESS) {
--            _log_err(LOG_NOTICE, "new password not acceptable");
-+            _log_err(pamh, LOG_NOTICE, "new password not acceptable");
-             pass_new = pass_old = NULL;               /* tidy up */
-             TALLOC_FREE(sampass);
-             CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler);
-@@ -301,16 +300,17 @@
-           
-             /* password updated */
-               if (!sid_to_uid(pdb_get_user_sid(sampass), &uid)) {
--                      _log_err( LOG_NOTICE, "Unable to get uid for user %s",
-+                      _log_err(pamh, LOG_NOTICE,
-+                               "Unable to get uid for user %s",
-                               pdb_get_username(sampass));
--                      _log_err( LOG_NOTICE, "password for (%s) changed by (%s/%d)",
-+                      _log_err(pamh, LOG_NOTICE, "password for (%s) changed by (%s/%d)",
-                               user, uidtoname(getuid()), getuid());
-               } else {
--                      _log_err( LOG_NOTICE, "password for (%s/%d) changed by (%s/%d)",
-+                      _log_err(pamh, LOG_NOTICE, "password for (%s/%d) changed by (%s/%d)",
-                               user, uid, uidtoname(getuid()), getuid());
-               }
-       } else {
--              _log_err( LOG_ERR, "password change failed for user %s", user);
-+              _log_err(pamh, LOG_ERR, "password change failed for user %s", user);
-       }
- 
-         pass_old = pass_new = NULL;
-@@ -321,7 +321,7 @@
- 
-     } else {            /* something has broken with the library */
- 
--        _log_err( LOG_ALERT, "password received unknown request" );
-+        _log_err(pamh, LOG_ALERT, "password received unknown request");
-         retval = PAM_ABORT;
- 
-     }
-Index: samba-3.0.25c/source/pam_smbpass/support.h
-===================================================================
---- samba-3.0.25c.orig/source/pam_smbpass/support.h    2007-08-26 12:07:14.098417404 +0200
-+++ samba-3.0.25c/source/pam_smbpass/support.h 2007-08-26 13:09:09.419359938 +0200
-@@ -1,8 +1,8 @@
- /* syslogging function for errors and other information */
--extern void _log_err(int, const char *, ...);
-+extern void _log_err(pam_handle_t *, int, const char *, ...);
- 
- /* set the control flags for the UNIX module. */
--extern int set_ctrl(int, int, const char **);
-+extern int set_ctrl(pam_handle_t *, int, int, const char **);
- 
- /* generic function for freeing pam data segments */
- extern void _cleanup(pam_handle_t *, void *, int);
-@@ -12,7 +12,7 @@
-  * evidence of old token around for later stack analysis.
-  */
- 
--extern char *smbpXstrDup(const char *);
-+extern char *smbpXstrDup(pam_handle_t *,const char *);
- 
- /* ************************************************************** *
-  * Useful non-trivial functions                                   *

diff --git a/samba-smbwrapper.patch b/samba-smbwrapper.patch
index a9f1875d504926c3116c62acc580e2b33782d0c6..861adf326d54286fac27d6f25bb35756e53a8885 100644 (file)
--- a/samba-smbwrapper.patch
+++ b/samba-smbwrapper.patch
@@ -10,30 +10,6 @@ diff -urN samba-3.0.25a.org/examples/libsmbclient/smbwrapper/Makefile samba-3.0.
  
  SMBINCLUDE = -I../../../source/include
  CFLAGS= -fpic -g -O0 $(DEFS) $(SMBINCLUDE)
-diff -urN samba-3.0.25a.org/examples/libsmbclient/smbwrapper/smbw.c samba-3.0.25a/examples/libsmbclient/smbwrapper/smbw.c
---- samba-3.0.25a.org/examples/libsmbclient/smbwrapper/smbw.c  2006-01-25 00:46:42.000000000 +0100
-+++ samba-3.0.25a/examples/libsmbclient/smbwrapper/smbw.c      2007-06-17 17:38:36.620376591 +0200
-@@ -548,7 +548,7 @@
- /***************************************************** 
- a wrapper for readlink() - needed for correct errno setting
- *******************************************************/
--int smbw_readlink(const char *fname, char *buf, size_t bufsize)
-+ssize_t smbw_readlink(const char *fname, char *buf, size_t bufsize)
- {
-       struct SMBW_stat st;
-       int ret;
-diff -urN samba-3.0.25a.org/examples/libsmbclient/smbwrapper/smbw.h samba-3.0.25a/examples/libsmbclient/smbwrapper/smbw.h
---- samba-3.0.25a.org/examples/libsmbclient/smbwrapper/smbw.h  2006-01-25 00:46:42.000000000 +0100
-+++ samba-3.0.25a/examples/libsmbclient/smbwrapper/smbw.h      2007-06-17 17:38:36.620376591 +0200
-@@ -79,7 +79,7 @@
- int smbw_close(int fd);
- int smbw_fcntl(int fd, int cmd, long arg);
- int smbw_access(const char *name, int mode);
--int smbw_readlink(const char *path, char *buf, size_t bufsize);
-+ssize_t smbw_readlink(const char *path, char *buf, size_t bufsize);
- int smbw_unlink(const char *fname);
- int smbw_rename(const char *oldname, const char *newname);
- int smbw_utime(const char *fname, void *buf);
 diff -urN samba-3.0.25a.org/examples/libsmbclient/smbwrapper/wrapper.c samba-3.0.25a/examples/libsmbclient/smbwrapper/wrapper.c
 --- samba-3.0.25a.org/examples/libsmbclient/smbwrapper/wrapper.c       2006-01-25 00:46:42.000000000 +0100
 +++ samba-3.0.25a/examples/libsmbclient/smbwrapper/wrapper.c   2007-06-17 17:39:16.085693163 +0200
@@ -71,24 +47,3 @@ diff -urN samba-3.0.25a.org/examples/libsmbclient/smbwrapper/wrapper.c samba-3.0
          
        if (smbw_fd(fd))
                ret = smbw_lseek(fd, offset, whence);
-@@ -1109,7 +1111,7 @@
-         return (* smbw_libc.utimes)((char *) name, (struct timeval *) tvp);
- }
- 
--int readlink(const char *path, char *buf, size_t bufsize)
-+ssize_t readlink(const char *path, char *buf, size_t bufsize)
- {
-         check_init("readlink");
-         
-diff -urN samba-3.0.25a.org/examples/libsmbclient/smbwrapper/wrapper.h samba-3.0.25a/examples/libsmbclient/smbwrapper/wrapper.h
---- samba-3.0.25a.org/examples/libsmbclient/smbwrapper/wrapper.h       2006-01-25 00:46:42.000000000 +0100
-+++ samba-3.0.25a/examples/libsmbclient/smbwrapper/wrapper.h   2007-06-17 17:38:36.620376591 +0200
-@@ -123,7 +123,7 @@
-         int (* unlink)(char *name);
-         int (* utime)(char *name, struct utimbuf *tvp);
-         int (* utimes)(char *name, struct timeval *tvp);
--        int (* readlink)(char *path, char *buf, size_t bufsize);
-+        ssize_t (* readlink)(char *path, char *buf, size_t bufsize);
-         int (* rename)(char *oldname, char *newname);
-         int (* rmdir)(char *name);
-         int (* symlink)(char *topath, char *frompath);

diff --git a/samba.logrotate b/samba.logrotate
index 66fe44c90c23e37573e70e21210a61ecfb05218b..804890fd40c607d7a28202315da904090cdc9d2b 100644 (file)
--- a/samba.logrotate
+++ b/samba.logrotate
@@ -1,7 +1,7 @@
 /var/log/samba/log.* {
        notifempty
        missingok
-       olddir /var/log/archive/samba
+       olddir /var/log/archiv/samba
        postrotate
                /bin/killall -HUP nmbd smbd
        endscript

diff --git a/samba.pamd b/samba.pamd
index 9bdf4efb381d91f5485937da49b953ab821574e2..ad006a2a12c7817e719d85ea93611a4d4da05fcf 100644 (file)
--- a/samba.pamd
+++ b/samba.pamd
@@ -1,6 +1,7 @@
 #%PAM-1.0
+auth           required        pam_listfile.so item=user sense=deny file=/etc/security/blacklist onerr=succeed
 auth           required        pam_listfile.so item=user sense=deny file=/etc/security/blacklist.samba onerr=succeed
-auth           include         system-auth
-account                include         system-auth
-password       include         system-auth
-session                include         system-auth
+auth           required        pam_unix.so
+account                required        pam_unix.so
+session         required        pam_unix.so
+password        required        pam_unix.so

diff --git a/samba.spec b/samba.spec
index f272b8422b08adbb73572761bce60fe0ed38da72..9f90917127c7cfdd48e68ad2bf003c693de28142 100644 (file)
--- a/samba.spec
+++ b/samba.spec
@@ -13,7 +13,7 @@
 # Conditional build:
 %bcond_without ads             # without ActiveDirectory support
 %bcond_without cups            # without CUPS support
-%bcond_without kerberos5       # without Kerberos V support
+%bcond_without kerberos5       # without Kerberos5/Heimdal support
 %bcond_without ldap            # without LDAP support
 %bcond_without python          # without python libs/utils
 %bcond_with            mks             # with vfs-mks (mksd dependency not distributale)
@@ -40,13 +40,13 @@ Summary(tr.UTF-8):  SMB sunucusu
 Summary(uk.UTF-8):     SMB клієнт та сервер
 Summary(zh_CN.UTF-8):  Samba 客户端和服务器
 Name:          samba
-Version:       3.0.28
-Release:       5
+Version:       3.0.28a
+Release:       1
 Epoch:         1
 License:       GPL v2
 Group:         Networking/Daemons
 Source0:       http://us1.samba.org/samba/ftp/%{name}-%{version}.tar.gz
-# Source0-md5: 8761cd7c02833d959fbebd4f69895075
+# Source0-md5: 59754cb0c19da6e65c42d0a163c5885a
 Source1:       smb.init
 Source2:       %{name}.pamd
 Source3:       swat.inetd
@@ -65,23 +65,24 @@ Patch4:             %{name}-libsmbclient-libnscd_link.patch
 Patch5:                %{name}-doc.patch
 Patch6:                %{name}-libs-needed.patch
 Patch7:                %{name}-lprng-no-dot-printers.patch
-Patch8:                %{name}-pam_smbpass-syslog.patch
-Patch9:                %{name}-cap.patch
+Patch8:                %{name}-cap.patch
+Patch9:                %{name}-printerlocation.patch
 URL:           http://www.samba.org/
 BuildRequires: acl-devel
 BuildRequires: autoconf
 BuildRequires: automake
 %{?with_cups:BuildRequires:    cups-devel >= 1:1.2.0}
 BuildRequires: dmapi-devel
+BuildRequires: fam-devel
 BuildRequires: iconv
-%{?with_kerberos5:BuildRequires:       krb5-devel}
+%{?with_kerberos5:BuildRequires:       heimdal-devel >= 0.7}
 BuildRequires: libmagic-devel
 BuildRequires: libnscd-devel
 BuildRequires: libtool >= 2:1.4d
 BuildRequires: ncurses-devel >= 5.2
-%{?with_ldap:BuildRequires:    openldap-devel >= 2.4.6}
+%{?with_ldap:BuildRequires:    openldap-devel >= 2.3.0}
 BuildRequires: openssl-devel >= 0.9.7d
-BuildRequires: pam-devel >= 0.99.8.1
+BuildRequires: pam-devel > 0.66
 BuildRequires: popt-devel
 %{?with_pgsql:BuildRequires:   postgresql-devel}
 %if %{with python}
@@ -95,7 +96,7 @@ BuildRequires:        xfsprogs-devel
 Requires(post,preun):  /sbin/chkconfig
 Requires:      %{name}-common = %{epoch}:%{version}-%{release}
 Requires:      logrotate >= 3.7-4
-Requires:      pam >= 0.99.8.1
+Requires:      pam >= 0.66
 Requires:      rc-scripts
 Requires:      setup >= 2.4.6-7
 # smbd links with libcups
@@ -312,7 +313,7 @@ Summary(ru.UTF-8):  Клиентские программы Samba (SMB)
 Summary(uk.UTF-8):     Клієнтські програми Samba (SMB)
 Group:         Applications/Networking
 Requires:      %{name}-common = %{epoch}:%{version}-%{release}
-%{?with_kerberos5:Requires:    krb5-libs}
+%{?with_kerberos5:Requires:    heimdal-libs >= 0.7}
 Obsoletes:     mount-cifs
 Obsoletes:     smbfs
 
@@ -424,7 +425,7 @@ Obsoletes:  pam_smbpass
 
 %description -n pam-pam_smbpass
 PAM module which can be used on conforming systems to keep the
-smbpasswd (Samba password) database in sync with the unix password
+smbpasswd (Samba password) database in sync with the Unix password
 file.
 
 %description -n pam-pam_smbpass -l pl.UTF-8
@@ -617,6 +618,21 @@ klientom, że pliki i katalogi z profilu są zapisywane. To wystarczy
 klientom pomimo, że pliki nie zostaną nigdy nadpisane przy logowaniu
 lub wylogowywaniu klienta.
 
+%package vfs-notify_fam
+Summary:       VFS module to implement  file  change  notifications
+Summary(pl.UTF-8):     Moduł VFS implementujący informowanie o zmianach w plikach
+Group:         Networking/Daemons
+Requires:      %{name} = %{epoch}:%{version}-%{release}
+
+%description vfs-notify_fam
+The vfs_notify_fam module makes use of the system FAM (File Alteration
+Monitor) daemon to implement file change notifications for Windows
+clients.
+
+%description vfs-notify_fam -l pl.UTF-8
+Ten moduł używa demona FAM (File Alteration Monitor) do implementacji
+informowania o zmianach w plikach dla klientów Windows.
+
 %package vfs-netatalk
 Summary:       VFS module for ease co-existence of samba and netatalk
 Summary(pl.UTF-8):     Moduł VFS ułatwiający współpracę serwisów samba i netatalk
@@ -1371,6 +1387,11 @@ fi
 %attr(755,root,root) %{_vfsdir}/fake_perms.so
 %{_mandir}/man8/vfs_fake_perms.8*
 
+%files vfs-notify_fam
+%defattr(644,root,root,755)
+%attr(755,root,root) %{_vfsdir}/notify_fam.so
+%{_mandir}/man8/vfs_notify_fam.8*
+
 %files vfs-netatalk
 %defattr(644,root,root,755)
 %attr(755,root,root) %{_vfsdir}/netatalk.so