- updated to 4.0.7

- added samba AD SysV init script
- updated patches
- added patch to allow setting unicodePwd with encoded NThash vlaue over LDAP

diff --git a/samba-nscd.patch b/samba-nscd.patch
index 4a28a3e3004d85c3522f729325ac893c2faca877..8dc912f327be50d63d7ddb88ddc5f4285706540f 100644 (file)
--- a/samba-nscd.patch
+++ b/samba-nscd.patch
@@ -2,12 +2,12 @@ diff -urN samba-3.2.1.org/source3/Makefile.in samba-3.2.1/source3/Makefile.in
 --- samba-3.2.1.org/source3/Makefile.in        2008-08-05 08:22:33.000000000 +0200
 +++ samba-3.2.1/source3/Makefile.in    2008-08-17 23:24:32.085914644 +0200
 @@ -1430,7 +1430,7 @@
-       @$(CC) -o $@ $(LDFLAGS) $(PASSDB_LIBS) $(RPCCLIENT_OBJ) \
+       @$(CC) -o $@ $(LDFLAGS) $(RPCCLIENT_OBJ) \
                $(DYNEXP) $(TERMLDFLAGS) $(TERMLIBS) $(LIBS) $(POPT_LIBS) \
                $(KRB5LIBS) $(LDAP_LIBS) $(LIBTALLOC_LIBS) $(LIBTEVENT_LIBS) $(LIBTDB_LIBS) \
 -              $(LIBWBCLIENT_LIBS) $(ZLIB_LIBS) $(PASSDB_LIBS)
 +              $(LIBWBCLIENT_LIBS) $(ZLIB_LIBS) $(PASSDB_LIBS) $(NSCD_LIBS)
  
- bin/smbclient@EXEEXT@: $(BINARY_PREREQS) $(CLIENT_OBJ) @BUILD_POPT@ $(LIBTALLOC) $(LIBTEVENT) $(LIBTDB) $(LIBWBCLIENT)
+ bin/smbclient: $(BINARY_PREREQS) $(CLIENT_OBJ) @BUILD_POPT@ $(LIBTALLOC) $(LIBTEVENT) $(LIBTDB) $(LIBWBCLIENT)
        @echo Linking $@
 

diff --git a/samba.init b/samba.init
new file mode 100644 (file)
index 0000000..b1b7ea8
--- /dev/null
+++ b/samba.init
@@ -0,0 +1,110 @@
+#!/bin/sh
+#
+# chkconfig:   345 91 35
+# description: Starts and stops the Samba daemon \
+#              used to provide Active Directory services.
+#
+# config:      /etc/samba/smb.conf
+# processname: samba
+
+# Source function library.
+. /etc/rc.d/init.d/functions
+
+# Source networking configuration.
+. /etc/sysconfig/network
+
+# Demon specified configuration.
+[ -f /etc/sysconfig/samba ] && . /etc/sysconfig/samba
+
+# Check that networking is up.
+if is_yes "${NETWORKING}"; then
+       if [ ! -f /var/lock/subsys/network -a "$1" != stop -a "$1" != status ]; then
+               msg_network_down "Samba AD Server"
+               exit 1
+       fi
+else
+       exit 0
+fi
+
+TMPDIR="/tmp"; export TMPDIR
+unset TMP || :
+
+start() {
+       # Check if the service is already running?
+       if [ -f /var/lock/subsys/samba ]; then
+               msg_already_running "Samba AD Server"
+               return
+       fi
+
+       msg_starting "Samba AD Server"
+       daemon /usr/sbin/smbd $SAMBAOPTIONS
+       RETVAL=$?
+       if [ $RETVAL -eq 0 ]; then
+               touch /var/lock/subsys/samba
+       fi
+}
+
+stop() {
+       # Stop daemons.
+       if [ ! -f /var/lock/subsys/samba ]; then
+               msg_not_running "Samba AD Server"
+               return
+       fi
+
+       msg_stopping "Samba SMB/CIFS Server"
+       killproc --pidfile /var/run/samba/samba.pid samba
+       rm -f /var/lock/subsys/samba >/dev/null 2>&1
+}
+
+reload() {
+       if [ ! -f /var/lock/subsys/samba ]; then
+               msg_not_running "Samba AD Server"
+               RETVAL=7
+               return
+       fi
+
+       msg_reloading "Samba AD Server"
+       killproc --pidfile /var/run/samba/samba.pid samba -HUP
+       RETVAL=$?
+}
+
+condrestart() {
+       if [ ! -f /var/lock/subsys/samba ]; then
+               msg_not_running "Samba AD Server"
+               RETVAL=$1
+               return
+       fi
+
+       stop
+       start
+}
+
+RETVAL=0
+# See how we were called.
+case "$1" in
+  start)
+       start
+       ;;
+  stop)
+       stop
+       ;;
+  restart)
+       stop
+       start
+       ;;
+  try-restart)
+       condrestart 0
+       ;;
+  reload|force-reload)
+       reload
+       ;;
+  status)
+       status samba
+       RETVAL=$?
+       ;;
+  *)
+       msg_usage "$0 {start|stop|restart|try-restart|reload|force-reload|status}"
+       exit 3
+esac
+
+exit $RETVAL

diff --git a/samba4.spec b/samba4.spec
index e0d392fec6fb1553bd1301df9683281c05f53cce..a573656f36be473733e00673dc84d9adb4c1189b 100644 (file)
--- a/samba4.spec
+++ b/samba4.spec
@@ -14,8 +14,8 @@
 
 %if %{with system_libs}
 %define                talloc_ver      2.0.7
-%define                tdb_ver         2:1.2.10
-%define                ldb_ver         1.1.15
+%define                tdb_ver         2:1.2.11
+%define                ldb_ver         1.1.16
 %define                tevent_ver      0.9.18
 %endif
 
@@ -23,13 +23,13 @@
 Summary:       Active Directory server
 Summary(pl.UTF-8):     Serwer Active Directory
 Name:          samba4
-Version:       4.0.5
-Release:       0.3
+Version:       4.0.7
+Release:       0.5
 Epoch:         1
 License:       GPL v3
 Group:         Networking/Daemons
 Source0:       http://www.samba.org/samba/ftp/stable/samba-%{version}.tar.gz
-# Source0-md5: 58ec2fec08872b72f8fd526f2da20a9e
+# Source0-md5: d887c1383654fc60b7bb1b74d273a826
 Source1:       smb.init
 Source2:       samba.pamd
 Source3:       swat.inetd
@@ -38,14 +38,15 @@ Source5:    samba.logrotate
 Source6:       smb.conf
 Source7:       winbind.init
 Source8:       winbind.sysconfig
+Source9:       samba.init
 Source10:      https://github.com/downloads/fumiyas/samba-virusfilter/samba-virusfilter-%{virusfilter_version}.tar.bz2
 # Source10-md5:        a3a30d5fbf309d356e8c5833db680c17
 Patch0:                system-heimdal.patch
 Patch1:                samba-c++-nofail.patch
 Patch3:                samba-nscd.patch
 Patch4:                samba-lprng-no-dot-printers.patch
-Patch5:                samba-fam.patch
-Patch6:                systemd-pid-dir.patch
+Patch5:                systemd-pid-dir.patch
+Patch6:                unicodePwd-nthash-values-over-LDAP.patch
 URL:           http://www.samba.org/
 BuildRequires: acl-devel
 BuildRequires: autoconf
@@ -98,6 +99,15 @@ BuildConflicts:      libbsd-devel
 Requires(post,preun):  /sbin/chkconfig
 Requires:      %{name}-common = %{epoch}:%{version}-%{release}
 Requires:      %{name}-common-server = %{epoch}:%{version}-%{release}
+#%if %{with system_libs}
+#Requires:     ldb >= %{ldb_ver}
+#Requires:     python-ldb >= %{ldb_ver}
+#Requires:     python-talloc >= %{talloc_ver}
+#Requires:     python-tevent >= %{tevent_ver}
+#Requires:     talloc >= %{talloc_ver}
+#Requires:     tdb >= %{tdb_ver}
+#Requires:     tevent >= %{tevent_ver}
+#%endif
 Requires:      logrotate >= 3.7-4
 Requires:      pam >= 0.99.8.1
 Requires:      rc-scripts >= 0.4.0.12
@@ -792,7 +802,7 @@ cd pidl
 
 %install
 rm -rf $RPM_BUILD_ROOT
-install -d $RPM_BUILD_ROOT/etc/{logrotate.d,rc.d/init.d,pam.d,security,sysconfig/rc-inetd,ld.so.conf.d} \
+install -d $RPM_BUILD_ROOT/etc/{logrotate.d,rc.d/init.d,pam.d,security,sysconfig/rc-inetd,ld.so.conf.d,env.d} \
        $RPM_BUILD_ROOT{/var/{log/archive,spool}/samba,/var/lib/samba/printing} \
        $RPM_BUILD_ROOT/var/log/samba/cores/{smbd,nmbd} \
        $RPM_BUILD_ROOT{/sbin,/%{_lib}/security,%{_libdir},%{_libdir}/samba/vfs,%{_includedir},%{_sambahome},%{schemadir}} \
@@ -835,6 +845,9 @@ cp -p %{SOURCE5} $RPM_BUILD_ROOT/etc/logrotate.d/samba
 cp -p %{SOURCE6} $RPM_BUILD_ROOT%{_sysconfdir}/samba/smb.conf
 install -p %{SOURCE7} $RPM_BUILD_ROOT/etc/rc.d/init.d/winbind
 cp -p %{SOURCE8} $RPM_BUILD_ROOT/etc/sysconfig/winbind
+install -p %{SOURCE9} $RPM_BUILD_ROOT/etc/rc.d/init.d/samba
+
+echo "LDB_MODULES_PATH=%{_libdir}/samba/ldb" > $RPM_BUILD_ROOT/etc/env.d/LDB_MODULES_PATH
 
 # move lib{smb,wb}client where they always were for compatibility
 %{__mv} $RPM_BUILD_ROOT%{_libdir}/samba/libsmbclient.so.* $RPM_BUILD_ROOT%{_libdir}
@@ -875,7 +888,6 @@ install examples/LDAP/samba.schema $RPM_BUILD_ROOT%{schemadir}
 
 # remove man pages for not installed commands
 %{__rm} $RPM_BUILD_ROOT%{_mandir}/man1/log2pcap.1*
-%{__rm} $RPM_BUILD_ROOT%{_mandir}/man1/smbtar.1*
 %{__rm} $RPM_BUILD_ROOT%{_mandir}/man8/vfs_cacheprime.8*
 %{__rm} $RPM_BUILD_ROOT%{_mandir}/man8/vfs_gpfs.8*
 %{__rm} $RPM_BUILD_ROOT%{_mandir}/man8/vfs_prealloc.8*
@@ -889,15 +901,15 @@ install examples/LDAP/samba.schema $RPM_BUILD_ROOT%{schemadir}
 rm -rf $RPM_BUILD_ROOT
 
 %post
-#/sbin/chkconfig --add samba
-#%service samba restart "Samba AD daemon"
+/sbin/chkconfig --add samba
+%service samba restart "Samba AD daemon"
 %systemd_post samba.service
 
 %preun
-#if [ "$1" = "0" ]; then
-#      %service samba stop
-#      /sbin/chkconfig --del samba
-#fi
+if [ "$1" = "0" ]; then
+       %service samba stop
+       /sbin/chkconfig --del samba
+fi
 %systemd_preun samba.service
 
 %postun
@@ -957,6 +969,8 @@ fi
 
 %files
 %defattr(644,root,root,755)
+%config(noreplace) %verify(not md5 mtime size) /etc/env.d/LDB_MODULES_PATH
+%attr(754,root,root) /etc/rc.d/init.d/samba
 %{systemdunitdir}/samba.service
 %{systemdtmpfilesdir}/samba.conf
 %attr(755,root,root) %{_bindir}/oLschema2ldif
@@ -1550,12 +1564,14 @@ fi
 %attr(755,root,root) %{_bindir}/sharesec
 %attr(755,root,root) %{_bindir}/smbcacls
 %attr(755,root,root) %{_bindir}/smbclient
+%attr(755,root,root) %{_bindir}/smbtar
 %attr(755,root,root) %{_bindir}/smbtree
 %{_mandir}/man1/nmblookup.1*
 %{_mandir}/man1/rpcclient.1*
 %{_mandir}/man1/sharesec.1*
 %{_mandir}/man1/smbcacls.1*
 %{_mandir}/man1/smbclient.1*
+%{_mandir}/man1/smbtar.1*
 %{_mandir}/man1/smbtree.1*
 %{_mandir}/man8/net.8*
 

diff --git a/system-heimdal.patch b/system-heimdal.patch
index 84bb56ac7f8fb735b1ec3dc48c523d60cb134614..5b8b60ef8d67e7d31575b19b64e7d70bf479533e 100644 (file)
--- a/system-heimdal.patch
+++ b/system-heimdal.patch
@@ -1,14 +1,5 @@
 --- samba-4.0.0/source4/heimdal_build/wscript_build~   2012-12-04 11:07:44.000000000 +0100
 +++ samba-4.0.0/source4/heimdal_build/wscript_build    2013-01-07 15:09:18.976932049 +0100
-@@ -947,7 +947,7 @@
- 
- HEIMDAL_BINARY('samba4kgetcred',
-     'kuser/kgetcred.c',
--    deps='krb5 heimntlm roken HEIMDAL_VERS hcrypto',
-+    deps='krb5 heimntlm roken HEIMDAL_VERS hcrypto asn1',
-     install=False
-     )
- 
 @@ -953,7 +953,7 @@
  
  HEIMDAL_BINARY('samba4kpasswd',

diff --git a/unicodePwd-nthash-values-over-LDAP.patch b/unicodePwd-nthash-values-over-LDAP.patch
new file mode 100644 (file)
index 0000000..e7f7c42
--- /dev/null
+++ b/unicodePwd-nthash-values-over-LDAP.patch
@@ -0,0 +1,47 @@
+
+Allow setting unicodePwd with NTHash vlue over LDAP
+
+--- samba-4.0.7/source4/libcli/ldap/ldap_controls.c~   2013-07-02 20:19:37.554868793 +0200
++++ samba-4.0.7/source4/libcli/ldap/ldap_controls.c    2013-07-02 21:00:47.595973713 +0200
+@@ -1293,7 +1293,7 @@
+       { LDB_CONTROL_REVEAL_INTERNALS, NULL, NULL },
+       { LDB_CONTROL_AS_SYSTEM_OID, NULL, NULL },
+       { DSDB_CONTROL_PASSWORD_CHANGE_STATUS_OID, NULL, NULL },
+-      { DSDB_CONTROL_PASSWORD_HASH_VALUES_OID, NULL, NULL },
++      { DSDB_CONTROL_PASSWORD_HASH_VALUES_OID, decode_flag_request, encode_flag_request },
+       { DSDB_CONTROL_PASSWORD_CHANGE_OID, NULL, NULL },
+       { DSDB_CONTROL_APPLY_LINKS, NULL, NULL },
+       { LDB_CONTROL_BYPASS_OPERATIONAL_OID, NULL, NULL },
+--- samba-4.0.7/source4/dsdb/samdb/ldb_modules/password_hash.c~        2013-07-02 20:01:42.731518064 +0200
++++ samba-4.0.7/source4/dsdb/samdb/ldb_modules/password_hash.c 2013-07-02 20:39:24.909757777 +0200
+@@ -3386,10 +3386,29 @@
+       return ldb_next_request(ac->module, mod_req);
+ }
+ 
++static int password_hash_init(struct ldb_module *module)
++{
++      struct ldb_context *ldb;
++      int ret;
++
++      ldb = ldb_module_get_ctx(module);
++
++      ret = ldb_mod_register_control(module, DSDB_CONTROL_PASSWORD_HASH_VALUES_OID);
++      if (ret != LDB_SUCCESS) {
++              ldb_debug(ldb, LDB_DEBUG_ERROR,
++                              "password_hash: Unable to register control (%s) with rootdse!\n",
++                              DSDB_CONTROL_PASSWORD_HASH_VALUES_OID);
++              return ldb_operr(ldb);
++      }
++
++      return ldb_next_init(module);
++}
++
+ static const struct ldb_module_ops ldb_password_hash_module_ops = {
+       .name          = "password_hash",
+       .add           = password_hash_add,
+-      .modify        = password_hash_modify
++      .modify        = password_hash_modify,
++      .init_context  = password_hash_init
+ };
+ 
+ int ldb_password_hash_module_init(const char *version)