From 8c4b3c4ba2299e24e04a10a7f1f2ac3818951267 Mon Sep 17 00:00:00 2001 From: cvs2git Date: Sun, 30 Mar 2008 12:46:21 +0000 Subject: [PATCH] This commit was manufactured by cvs2git to create tag 'auto-ac-samba- 3_0_28a-1'. MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Sprout from master 2008-02-06 15:14:50 UTC Jan Rękorajski '- add location option to rpcclient setprinter command' Cherrypick from master 2006-06-06 11:59:08 UTC Elan Ruusamäe '- cosmetic': samba.logrotate -> 1.6 samba.pamd -> 1.3 Cherrypick from AC-branch 2008-03-30 12:46:21 UTC Elan Ruusamäe '- merge from HEAD update to 3.0.28a (fixes vista interoperability issues); add vfs_notify_fam module': samba.spec -> 1.348.2.7.2.9 Cherrypick from unlabeled-1.3.2 2007-07-06 17:08:28 UTC Jakub Bogusz '- adjusted for AC glibc not compliant with current POSIX': samba-smbwrapper.patch -> 1.3.2.1 Cherrypick from unlabeled-1.8.2 2007-04-17 10:24:06 UTC twittner '- don't confuse people: security_level.txt file doesn't exist.': smb.conf -> 1.8.2.1 Delete: samba-3.0-CAN-2006-3403.patch samba-pam_smbpass-syslog.patch --- samba-3.0-CAN-2006-3403.patch | 16 - samba-pam_smbpass-syslog.patch | 584 --------------------------------- samba-smbwrapper.patch | 45 --- samba.logrotate | 2 +- samba.pamd | 9 +- samba.spec | 45 ++- 6 files changed, 39 insertions(+), 662 deletions(-) delete mode 100644 samba-3.0-CAN-2006-3403.patch delete mode 100644 samba-pam_smbpass-syslog.patch diff --git a/samba-3.0-CAN-2006-3403.patch b/samba-3.0-CAN-2006-3403.patch deleted file mode 100644 index e9c80a6..0000000 --- a/samba-3.0-CAN-2006-3403.patch +++ /dev/null @@ -1,16 +0,0 @@ -Index: source/smbd/service.c -=================================================================== ---- source/smbd/service.c (revision 16676) -+++ source/smbd/service.c (working copy) -@@ -763,6 +763,11 @@ - smb_panic("make_connection: PANIC ERROR. Called as nonroot\n"); - } - -+ if (conn_num_open() > 2047) { -+ *status = NT_STATUS_INSUFF_SERVER_RESOURCES; -+ return NULL; -+ } -+ - if(lp_security() != SEC_SHARE) { - vuser = get_valid_user_struct(vuid); - if (!vuser) { diff --git a/samba-pam_smbpass-syslog.patch b/samba-pam_smbpass-syslog.patch deleted file mode 100644 index b33792a..0000000 --- a/samba-pam_smbpass-syslog.patch +++ /dev/null @@ -1,584 +0,0 @@ -Goal: Don't call openlog() or closelog() from pam_smbpass - -Fixes: bug #434372 (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=434372) - -Upstream status: submitted as bugzilla bug #4831 - -Index: samba-3.0.25c/source/pam_smbpass/support.c -=================================================================== ---- samba-3.0.25c.orig/source/pam_smbpass/support.c 2007-08-26 12:07:14.098417404 +0200 -+++ samba-3.0.25c/source/pam_smbpass/support.c 2007-08-26 13:09:09.419359938 +0200 -@@ -15,6 +15,7 @@ - * Mass Ave, Cambridge, MA 02139, USA. - */ - -+ #include "config.h" - #include "includes.h" - #include "general.h" - -@@ -66,19 +67,44 @@ - - char *servicesf = dyn_CONFIGFILE; - -- /* syslogging function for errors and other information */ -- -- void _log_err( int err, const char *format, ... ) -- { -- va_list args; -+/* syslogging function for errors and other information */ -+#ifdef HAVE_PAM_VSYSLOG -+void _log_err( pam_handle_t *pamh, int err, const char *format, ... ) -+{ -+ va_list args; - -- va_start( args, format ); -- openlog( "PAM_smbpass", LOG_CONS | LOG_PID, LOG_AUTH ); -- vsyslog( err, format, args ); -- va_end( args ); -- closelog(); -+ va_start(args, format); -+ pam_vsyslog(pamh, err, format, args); -+ va_end(args); -+} -+#else -+void _log_err( pam_handle_t *pamh, int err, const char *format, ... ) -+{ -+ va_list args; -+ const char tag[] = "(pam_smbpass) "; -+ char *mod_format; -+ -+ mod_format = SMB_MALLOC_ARRAY(char, sizeof(tag) + strlen(format)); -+ /* try really, really hard to log something, since this may have -+ been a message about a malloc() failure... */ -+ if (mod_format == NULL) { -+ va_start(args, format); -+ vsyslog(err | LOG_AUTH, format, args); -+ va_end(args); -+ return; - } - -+ strncpy(mod_format, tag, strlen(tag)+1); -+ strncat(mod_format, format, strlen(format)); -+ -+ va_start(args, format); -+ vsyslog(err | LOG_AUTH, mod_format, args); -+ va_end(args); -+ -+ free(mod_format); -+} -+#endif -+ - /* this is a front-end for module-application conversations */ - - int converse( pam_handle_t * pamh, int ctrl, int nargs -@@ -95,12 +121,14 @@ - ,response, conv->appdata_ptr); - - if (retval != PAM_SUCCESS && on(SMB_DEBUG, ctrl)) { -- _log_err(LOG_DEBUG, "conversation failure [%s]" -- ,pam_strerror(pamh, retval)); -+ _log_err(pamh, LOG_DEBUG, -+ "conversation failure [%s]", -+ pam_strerror(pamh, retval)); - } - } else { -- _log_err(LOG_ERR, "couldn't obtain coversation function [%s]" -- ,pam_strerror(pamh, retval)); -+ _log_err(pamh, LOG_ERR, -+ "couldn't obtain coversation function [%s]", -+ pam_strerror(pamh, retval)); - } - - return retval; /* propagate error status */ -@@ -126,7 +154,7 @@ - - /* set the control flags for the SMB module. */ - --int set_ctrl( int flags, int argc, const char **argv ) -+int set_ctrl( pam_handle_t *pamh, int flags, int argc, const char **argv ) - { - int i = 0; - const char *service_file = dyn_CONFIGFILE; -@@ -168,7 +196,7 @@ - /* Read some options from the Samba config. Can be overridden by - the PAM config. */ - if(lp_load(service_file,True,False,False,True) == False) { -- _log_err( LOG_ERR, "Error loading service file %s", service_file ); -+ _log_err(pamh, LOG_ERR, "Error loading service file %s", service_file); - } - - secrets_init(); -@@ -191,7 +219,7 @@ - } - - if (j >= SMB_CTRLS_) { -- _log_err( LOG_ERR, "unrecognized option [%s]", *argv ); -+ _log_err(pamh, LOG_ERR, "unrecognized option [%s]", *argv); - } else { - ctrl &= smb_args[j].mask; /* for turning things off */ - ctrl |= smb_args[j].flag; /* for turning things on */ -@@ -230,7 +258,7 @@ - * evidence of old token around for later stack analysis. - * - */ --char * smbpXstrDup( const char *x ) -+char * smbpXstrDup( pam_handle_t *pamh, const char *x ) - { - register char *newstr = NULL; - -@@ -240,7 +268,7 @@ - for (i = 0; x[i]; ++i); /* length of string */ - if ((newstr = SMB_MALLOC_ARRAY(char, ++i)) == NULL) { - i = 0; -- _log_err( LOG_CRIT, "out of memory in smbpXstrDup" ); -+ _log_err(pamh, LOG_CRIT, "out of memory in smbpXstrDup"); - } else { - while (i-- > 0) { - newstr[i] = x[i]; -@@ -282,7 +310,7 @@ - /* log the number of authentication failures */ - if (failure->count != 0) { - pam_get_item( pamh, PAM_SERVICE, (const void **) &service ); -- _log_err( LOG_NOTICE -+ _log_err(pamh, LOG_NOTICE - , "%d authentication %s " - "from %s for service %s as %s(%d)" - , failure->count -@@ -291,7 +319,7 @@ - , service == NULL ? "**unknown**" : service - , failure->user, failure->id ); - if (failure->count > SMB_MAX_RETRIES) { -- _log_err( LOG_ALERT -+ _log_err(pamh, LOG_ALERT - , "service(%s) ignoring max retries; %d > %d" - , service == NULL ? "**unknown**" : service - , failure->count -@@ -327,8 +355,7 @@ - - if (!pdb_get_lanman_passwd(sampass)) - { -- _log_err( LOG_DEBUG, "user %s has null SMB password" -- , name ); -+ _log_err(pamh, LOG_DEBUG, "user %s has null SMB password", name); - - if (off( SMB__NONULL, ctrl ) - && (pdb_get_acct_ctrl(sampass) & ACB_PWNOTREQ)) -@@ -338,15 +365,16 @@ - const char *service; - - pam_get_item( pamh, PAM_SERVICE, (const void **)&service ); -- _log_err( LOG_NOTICE, "failed auth request by %s for service %s as %s", -- uidtoname(getuid()), service ? service : "**unknown**", name); -+ _log_err(pamh, LOG_NOTICE, -+ "failed auth request by %s for service %s as %s", -+ uidtoname(getuid()), service ? service : "**unknown**", name); - return PAM_AUTH_ERR; - } - } - - data_name = SMB_MALLOC_ARRAY(char, sizeof(FAIL_PREFIX) + strlen( name )); - if (data_name == NULL) { -- _log_err( LOG_CRIT, "no memory for data-name" ); -+ _log_err(pamh, LOG_CRIT, "no memory for data-name"); - } - strncpy( data_name, FAIL_PREFIX, sizeof(FAIL_PREFIX) ); - strncpy( data_name + sizeof(FAIL_PREFIX) - 1, name, strlen( name ) + 1 ); -@@ -392,31 +420,31 @@ - retval = PAM_MAXTRIES; - } - } else { -- _log_err(LOG_NOTICE, -+ _log_err(pamh, LOG_NOTICE, - "failed auth request by %s for service %s as %s", - uidtoname(getuid()), - service ? service : "**unknown**", name); - newauth->count = 1; - } - if (!sid_to_uid(pdb_get_user_sid(sampass), &(newauth->id))) { -- _log_err(LOG_NOTICE, -+ _log_err(pamh, LOG_NOTICE, - "failed auth request by %s for service %s as %s", - uidtoname(getuid()), - service ? service : "**unknown**", name); - } -- newauth->user = smbpXstrDup( name ); -- newauth->agent = smbpXstrDup( uidtoname( getuid() ) ); -+ newauth->user = smbpXstrDup(pamh, name); -+ newauth->agent = smbpXstrDup(pamh, uidtoname( getuid() )); - pam_set_data( pamh, data_name, newauth, _cleanup_failures ); - - } else { -- _log_err( LOG_CRIT, "no memory for failure recorder" ); -- _log_err(LOG_NOTICE, -+ _log_err(pamh, LOG_CRIT, "no memory for failure recorder"); -+ _log_err(pamh, LOG_NOTICE, - "failed auth request by %s for service %s as %s(%d)", - uidtoname(getuid()), - service ? service : "**unknown**", name); - } - } else { -- _log_err(LOG_NOTICE, -+ _log_err(pamh, LOG_NOTICE, - "failed auth request by %s for service %s as %s(%d)", - uidtoname(getuid()), - service ? service : "**unknown**", name); -@@ -490,8 +518,8 @@ - retval = pam_get_item( pamh, authtok_flag, (const void **) &item ); - if (retval != PAM_SUCCESS) { - /* very strange. */ -- _log_err( LOG_ALERT -- , "pam_get_item returned error to smb_read_password" ); -+ _log_err(pamh, LOG_ALERT, -+ "pam_get_item returned error to smb_read_password"); - return retval; - } else if (item != NULL) { /* we have a password! */ - *pass = item; -@@ -543,7 +571,7 @@ - - if (retval == PAM_SUCCESS) { /* a good conversation */ - -- token = smbpXstrDup(resp[j++].resp); -+ token = smbpXstrDup(pamh, resp[j++].resp); - if (token != NULL) { - if (expect == 2) { - /* verify that password entered correctly */ -@@ -555,7 +583,8 @@ - } - } - } else { -- _log_err(LOG_NOTICE, "could not recover authentication token"); -+ _log_err(pamh, LOG_NOTICE, -+ "could not recover authentication token"); - } - } - -@@ -568,7 +597,7 @@ - - if (retval != PAM_SUCCESS) { - if (on( SMB_DEBUG, ctrl )) -- _log_err( LOG_DEBUG, "unable to obtain a password" ); -+ _log_err(pamh, LOG_DEBUG, "unable to obtain a password"); - return retval; - } - /* 'token' is the entered password */ -@@ -583,7 +612,7 @@ - || (retval = pam_get_item( pamh, authtok_flag - ,(const void **)&item )) != PAM_SUCCESS) - { -- _log_err( LOG_CRIT, "error manipulating password" ); -+ _log_err(pamh, LOG_CRIT, "error manipulating password"); - return retval; - } - } else { -@@ -597,8 +626,8 @@ - || (retval = pam_get_data( pamh, data_name, (const void **)&item )) - != PAM_SUCCESS) - { -- _log_err( LOG_CRIT, "error manipulating password data [%s]" -- , pam_strerror( pamh, retval )); -+ _log_err(pamh, LOG_CRIT, "error manipulating password data [%s]", -+ pam_strerror( pamh, retval )); - _pam_delete( token ); - item = NULL; - return retval; -@@ -622,8 +651,8 @@ - if (pass_new == NULL || (pass_old && !strcmp( pass_old, pass_new ))) - { - if (on(SMB_DEBUG, ctrl)) { -- _log_err( LOG_DEBUG, -- "passwd: bad authentication token (null or unchanged)" ); -+ _log_err(pamh, LOG_DEBUG, -+ "passwd: bad authentication token (null or unchanged)"); - } - make_remark( pamh, ctrl, PAM_ERROR_MSG, pass_new == NULL ? - "No password supplied" : "Password unchanged" ); -Index: samba-3.0.25c/source/pam_smbpass/pam_smb_auth.c -=================================================================== ---- samba-3.0.25c.orig/source/pam_smbpass/pam_smb_auth.c 2007-08-26 12:07:14.098417404 +0200 -+++ samba-3.0.25c/source/pam_smbpass/pam_smb_auth.c 2007-08-26 13:09:09.419359938 +0200 -@@ -75,10 +75,9 @@ - - /* Samba initialization. */ - load_case_tables(); -- setup_logging("pam_smbpass",False); - in_client = True; - -- ctrl = set_ctrl(flags, argc, argv); -+ ctrl = set_ctrl(pamh, flags, argc, argv); - - /* Get a few bytes so we can pass our return value to - pam_sm_setcred(). */ -@@ -93,23 +92,23 @@ - retval = pam_get_user( pamh, &name, "Username: " ); - if ( retval != PAM_SUCCESS ) { - if (on( SMB_DEBUG, ctrl )) { -- _log_err(LOG_DEBUG, "auth: could not identify user"); -+ _log_err(pamh, LOG_DEBUG, "auth: could not identify user"); - } - AUTH_RETURN; - } - if (on( SMB_DEBUG, ctrl )) { -- _log_err( LOG_DEBUG, "username [%s] obtained", name ); -+ _log_err(pamh, LOG_DEBUG, "username [%s] obtained", name); - } - - if (!initialize_password_db(True)) { -- _log_err( LOG_ALERT, "Cannot access samba password database" ); -+ _log_err(pamh, LOG_ALERT, "Cannot access samba password database"); - retval = PAM_AUTHINFO_UNAVAIL; - AUTH_RETURN; - } - - sampass = samu_new( NULL ); - if (!sampass) { -- _log_err( LOG_ALERT, "Cannot talloc a samu struct" ); -+ _log_err(pamh, LOG_ALERT, "Cannot talloc a samu struct"); - retval = nt_status_to_pam(NT_STATUS_NO_MEMORY); - AUTH_RETURN; - } -@@ -123,7 +122,7 @@ - } - - if (!found) { -- _log_err(LOG_ALERT, "Failed to find entry for user %s.", name); -+ _log_err(pamh, LOG_ALERT, "Failed to find entry for user %s.", name); - retval = PAM_USER_UNKNOWN; - TALLOC_FREE(sampass); - sampass = NULL; -@@ -142,7 +141,7 @@ - - retval = _smb_read_password(pamh, ctrl, NULL, "Password: ", NULL, _SMB_AUTHTOK, &p); - if (retval != PAM_SUCCESS ) { -- _log_err(LOG_CRIT, "auth: no password provided for [%s]", name); -+ _log_err(pamh,LOG_CRIT, "auth: no password provided for [%s]", name); - TALLOC_FREE(sampass); - AUTH_RETURN; - } -@@ -194,8 +193,8 @@ - retval = pam_get_item( pamh, PAM_AUTHTOK, (const void **) &pass ); - - if (retval != PAM_SUCCESS) { -- _log_err( LOG_ALERT -- , "pam_get_item returned error to pam_sm_authenticate" ); -+ _log_err(pamh, LOG_ALERT, -+ "pam_get_item returned error to pam_sm_authenticate"); - return PAM_AUTHTOK_RECOVER_ERR; - } else if (pass == NULL) { - return PAM_AUTHTOK_RECOVER_ERR; -Index: samba-3.0.25c/source/pam_smbpass/pam_smb_acct.c -=================================================================== ---- samba-3.0.25c.orig/source/pam_smbpass/pam_smb_acct.c 2007-08-26 12:07:14.098417404 +0200 -+++ samba-3.0.25c/source/pam_smbpass/pam_smb_acct.c 2007-08-26 13:09:09.419359938 +0200 -@@ -52,29 +52,28 @@ - - /* Samba initialization. */ - load_case_tables(); -- setup_logging( "pam_smbpass", False ); - in_client = True; - -- ctrl = set_ctrl( flags, argc, argv ); -+ ctrl = set_ctrl(pamh, flags, argc, argv); - - /* get the username */ - - retval = pam_get_user( pamh, &name, "Username: " ); - if (retval != PAM_SUCCESS) { - if (on( SMB_DEBUG, ctrl )) { -- _log_err( LOG_DEBUG, "acct: could not identify user" ); -+ _log_err(pamh, LOG_DEBUG, "acct: could not identify user"); - } - return retval; - } - if (on( SMB_DEBUG, ctrl )) { -- _log_err( LOG_DEBUG, "acct: username [%s] obtained", name ); -+ _log_err(pamh, LOG_DEBUG, "acct: username [%s] obtained", name); - } - - /* Getting into places that might use LDAP -- protect the app - from a SIGPIPE it's not expecting */ - oldsig_handler = CatchSignal(SIGPIPE, SIGNAL_CAST SIG_IGN); - if (!initialize_password_db(True)) { -- _log_err( LOG_ALERT, "Cannot access samba password database" ); -+ _log_err(pamh, LOG_ALERT, "Cannot access samba password database"); - CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler); - return PAM_AUTHINFO_UNAVAIL; - } -@@ -88,7 +87,7 @@ - } - - if (!pdb_getsampwnam(sampass, name )) { -- _log_err( LOG_DEBUG, "acct: could not identify user" ); -+ _log_err(pamh, LOG_DEBUG, "acct: could not identify user"); - CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler); - return PAM_USER_UNKNOWN; - } -@@ -101,8 +100,8 @@ - - if (pdb_get_acct_ctrl(sampass) & ACB_DISABLED) { - if (on( SMB_DEBUG, ctrl )) { -- _log_err( LOG_DEBUG -- , "acct: account %s is administratively disabled", name ); -+ _log_err(pamh, LOG_DEBUG, -+ "acct: account %s is administratively disabled", name); - } - make_remark( pamh, ctrl, PAM_ERROR_MSG - , "Your account has been disabled; " -Index: samba-3.0.25c/source/pam_smbpass/pam_smb_passwd.c -=================================================================== ---- samba-3.0.25c.orig/source/pam_smbpass/pam_smb_passwd.c 2007-08-26 12:07:14.098417404 +0200 -+++ samba-3.0.25c/source/pam_smbpass/pam_smb_passwd.c 2007-08-26 13:09:09.419359938 +0200 -@@ -104,10 +104,9 @@ - - /* Samba initialization. */ - load_case_tables(); -- setup_logging( "pam_smbpass", False ); - in_client = True; - -- ctrl = set_ctrl(flags, argc, argv); -+ ctrl = set_ctrl(pamh, flags, argc, argv); - - /* - * First get the name of a user. No need to do anything if we can't -@@ -117,12 +116,12 @@ - retval = pam_get_user( pamh, &user, "Username: " ); - if (retval != PAM_SUCCESS) { - if (on( SMB_DEBUG, ctrl )) { -- _log_err( LOG_DEBUG, "password: could not identify user" ); -+ _log_err(pamh, LOG_DEBUG, "password: could not identify user"); - } - return retval; - } - if (on( SMB_DEBUG, ctrl )) { -- _log_err( LOG_DEBUG, "username [%s] obtained", user ); -+ _log_err(pamh, LOG_DEBUG, "username [%s] obtained", user); - } - - /* Getting into places that might use LDAP -- protect the app -@@ -130,7 +129,7 @@ - oldsig_handler = CatchSignal(SIGPIPE, SIGNAL_CAST SIG_IGN); - - if (!initialize_password_db(False)) { -- _log_err( LOG_ALERT, "Cannot access samba password database" ); -+ _log_err(pamh, LOG_ALERT, "Cannot access samba password database"); - CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler); - return PAM_AUTHINFO_UNAVAIL; - } -@@ -142,12 +141,12 @@ - } - - if (!pdb_getsampwnam(sampass,user)) { -- _log_err( LOG_ALERT, "Failed to find entry for user %s.", user ); -+ _log_err(pamh, LOG_ALERT, "Failed to find entry for user %s.", user); - CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler); - return PAM_USER_UNKNOWN; - } - if (on( SMB_DEBUG, ctrl )) { -- _log_err( LOG_DEBUG, "Located account for %s", user ); -+ _log_err(pamh, LOG_DEBUG, "Located account for %s", user); - } - - if (flags & PAM_PRELIM_CHECK) { -@@ -173,7 +172,7 @@ - #define greeting "Changing password for " - Announce = SMB_MALLOC_ARRAY(char, sizeof(greeting)+strlen(user)); - if (Announce == NULL) { -- _log_err(LOG_CRIT, "password: out of memory"); -+ _log_err(pamh, LOG_CRIT, "password: out of memory"); - TALLOC_FREE(sampass); - CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler); - return PAM_BUF_ERR; -@@ -188,8 +187,8 @@ - SAFE_FREE( Announce ); - - if (retval != PAM_SUCCESS) { -- _log_err( LOG_NOTICE -- , "password - (old) token not obtained" ); -+ _log_err(pamh, LOG_NOTICE, -+ "password - (old) token not obtained"); - TALLOC_FREE(sampass); - CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler); - return retval; -@@ -234,7 +233,7 @@ - } - - if (retval != PAM_SUCCESS) { -- _log_err( LOG_NOTICE, "password: user not authenticated" ); -+ _log_err(pamh, LOG_NOTICE, "password: user not authenticated"); - TALLOC_FREE(sampass); - CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler); - return retval; -@@ -259,8 +258,8 @@ - - if (retval != PAM_SUCCESS) { - if (on( SMB_DEBUG, ctrl )) { -- _log_err( LOG_ALERT -- , "password: new password not obtained" ); -+ _log_err(pamh, LOG_ALERT, -+ "password: new password not obtained"); - } - pass_old = NULL; /* tidy up */ - TALLOC_FREE(sampass); -@@ -281,7 +280,7 @@ - retval = _pam_smb_approve_pass(pamh, ctrl, pass_old, pass_new); - - if (retval != PAM_SUCCESS) { -- _log_err(LOG_NOTICE, "new password not acceptable"); -+ _log_err(pamh, LOG_NOTICE, "new password not acceptable"); - pass_new = pass_old = NULL; /* tidy up */ - TALLOC_FREE(sampass); - CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler); -@@ -301,16 +300,17 @@ - - /* password updated */ - if (!sid_to_uid(pdb_get_user_sid(sampass), &uid)) { -- _log_err( LOG_NOTICE, "Unable to get uid for user %s", -+ _log_err(pamh, LOG_NOTICE, -+ "Unable to get uid for user %s", - pdb_get_username(sampass)); -- _log_err( LOG_NOTICE, "password for (%s) changed by (%s/%d)", -+ _log_err(pamh, LOG_NOTICE, "password for (%s) changed by (%s/%d)", - user, uidtoname(getuid()), getuid()); - } else { -- _log_err( LOG_NOTICE, "password for (%s/%d) changed by (%s/%d)", -+ _log_err(pamh, LOG_NOTICE, "password for (%s/%d) changed by (%s/%d)", - user, uid, uidtoname(getuid()), getuid()); - } - } else { -- _log_err( LOG_ERR, "password change failed for user %s", user); -+ _log_err(pamh, LOG_ERR, "password change failed for user %s", user); - } - - pass_old = pass_new = NULL; -@@ -321,7 +321,7 @@ - - } else { /* something has broken with the library */ - -- _log_err( LOG_ALERT, "password received unknown request" ); -+ _log_err(pamh, LOG_ALERT, "password received unknown request"); - retval = PAM_ABORT; - - } -Index: samba-3.0.25c/source/pam_smbpass/support.h -=================================================================== ---- samba-3.0.25c.orig/source/pam_smbpass/support.h 2007-08-26 12:07:14.098417404 +0200 -+++ samba-3.0.25c/source/pam_smbpass/support.h 2007-08-26 13:09:09.419359938 +0200 -@@ -1,8 +1,8 @@ - /* syslogging function for errors and other information */ --extern void _log_err(int, const char *, ...); -+extern void _log_err(pam_handle_t *, int, const char *, ...); - - /* set the control flags for the UNIX module. */ --extern int set_ctrl(int, int, const char **); -+extern int set_ctrl(pam_handle_t *, int, int, const char **); - - /* generic function for freeing pam data segments */ - extern void _cleanup(pam_handle_t *, void *, int); -@@ -12,7 +12,7 @@ - * evidence of old token around for later stack analysis. - */ - --extern char *smbpXstrDup(const char *); -+extern char *smbpXstrDup(pam_handle_t *,const char *); - - /* ************************************************************** * - * Useful non-trivial functions * diff --git a/samba-smbwrapper.patch b/samba-smbwrapper.patch index a9f1875..861adf3 100644 --- a/samba-smbwrapper.patch +++ b/samba-smbwrapper.patch @@ -10,30 +10,6 @@ diff -urN samba-3.0.25a.org/examples/libsmbclient/smbwrapper/Makefile samba-3.0. SMBINCLUDE = -I../../../source/include CFLAGS= -fpic -g -O0 $(DEFS) $(SMBINCLUDE) -diff -urN samba-3.0.25a.org/examples/libsmbclient/smbwrapper/smbw.c samba-3.0.25a/examples/libsmbclient/smbwrapper/smbw.c ---- samba-3.0.25a.org/examples/libsmbclient/smbwrapper/smbw.c 2006-01-25 00:46:42.000000000 +0100 -+++ samba-3.0.25a/examples/libsmbclient/smbwrapper/smbw.c 2007-06-17 17:38:36.620376591 +0200 -@@ -548,7 +548,7 @@ - /***************************************************** - a wrapper for readlink() - needed for correct errno setting - *******************************************************/ --int smbw_readlink(const char *fname, char *buf, size_t bufsize) -+ssize_t smbw_readlink(const char *fname, char *buf, size_t bufsize) - { - struct SMBW_stat st; - int ret; -diff -urN samba-3.0.25a.org/examples/libsmbclient/smbwrapper/smbw.h samba-3.0.25a/examples/libsmbclient/smbwrapper/smbw.h ---- samba-3.0.25a.org/examples/libsmbclient/smbwrapper/smbw.h 2006-01-25 00:46:42.000000000 +0100 -+++ samba-3.0.25a/examples/libsmbclient/smbwrapper/smbw.h 2007-06-17 17:38:36.620376591 +0200 -@@ -79,7 +79,7 @@ - int smbw_close(int fd); - int smbw_fcntl(int fd, int cmd, long arg); - int smbw_access(const char *name, int mode); --int smbw_readlink(const char *path, char *buf, size_t bufsize); -+ssize_t smbw_readlink(const char *path, char *buf, size_t bufsize); - int smbw_unlink(const char *fname); - int smbw_rename(const char *oldname, const char *newname); - int smbw_utime(const char *fname, void *buf); diff -urN samba-3.0.25a.org/examples/libsmbclient/smbwrapper/wrapper.c samba-3.0.25a/examples/libsmbclient/smbwrapper/wrapper.c --- samba-3.0.25a.org/examples/libsmbclient/smbwrapper/wrapper.c 2006-01-25 00:46:42.000000000 +0100 +++ samba-3.0.25a/examples/libsmbclient/smbwrapper/wrapper.c 2007-06-17 17:39:16.085693163 +0200 @@ -71,24 +47,3 @@ diff -urN samba-3.0.25a.org/examples/libsmbclient/smbwrapper/wrapper.c samba-3.0 if (smbw_fd(fd)) ret = smbw_lseek(fd, offset, whence); -@@ -1109,7 +1111,7 @@ - return (* smbw_libc.utimes)((char *) name, (struct timeval *) tvp); - } - --int readlink(const char *path, char *buf, size_t bufsize) -+ssize_t readlink(const char *path, char *buf, size_t bufsize) - { - check_init("readlink"); - -diff -urN samba-3.0.25a.org/examples/libsmbclient/smbwrapper/wrapper.h samba-3.0.25a/examples/libsmbclient/smbwrapper/wrapper.h ---- samba-3.0.25a.org/examples/libsmbclient/smbwrapper/wrapper.h 2006-01-25 00:46:42.000000000 +0100 -+++ samba-3.0.25a/examples/libsmbclient/smbwrapper/wrapper.h 2007-06-17 17:38:36.620376591 +0200 -@@ -123,7 +123,7 @@ - int (* unlink)(char *name); - int (* utime)(char *name, struct utimbuf *tvp); - int (* utimes)(char *name, struct timeval *tvp); -- int (* readlink)(char *path, char *buf, size_t bufsize); -+ ssize_t (* readlink)(char *path, char *buf, size_t bufsize); - int (* rename)(char *oldname, char *newname); - int (* rmdir)(char *name); - int (* symlink)(char *topath, char *frompath); diff --git a/samba.logrotate b/samba.logrotate index 66fe44c..804890f 100644 --- a/samba.logrotate +++ b/samba.logrotate @@ -1,7 +1,7 @@ /var/log/samba/log.* { notifempty missingok - olddir /var/log/archive/samba + olddir /var/log/archiv/samba postrotate /bin/killall -HUP nmbd smbd endscript diff --git a/samba.pamd b/samba.pamd index 9bdf4ef..ad006a2 100644 --- a/samba.pamd +++ b/samba.pamd @@ -1,6 +1,7 @@ #%PAM-1.0 +auth required pam_listfile.so item=user sense=deny file=/etc/security/blacklist onerr=succeed auth required pam_listfile.so item=user sense=deny file=/etc/security/blacklist.samba onerr=succeed -auth include system-auth -account include system-auth -password include system-auth -session include system-auth +auth required pam_unix.so +account required pam_unix.so +session required pam_unix.so +password required pam_unix.so diff --git a/samba.spec b/samba.spec index f272b84..9f90917 100644 --- a/samba.spec +++ b/samba.spec @@ -13,7 +13,7 @@ # Conditional build: %bcond_without ads # without ActiveDirectory support %bcond_without cups # without CUPS support -%bcond_without kerberos5 # without Kerberos V support +%bcond_without kerberos5 # without Kerberos5/Heimdal support %bcond_without ldap # without LDAP support %bcond_without python # without python libs/utils %bcond_with mks # with vfs-mks (mksd dependency not distributale) @@ -40,13 +40,13 @@ Summary(tr.UTF-8): SMB sunucusu Summary(uk.UTF-8): SMB клієнт та сервер Summary(zh_CN.UTF-8): Samba 客户端和服务器 Name: samba -Version: 3.0.28 -Release: 5 +Version: 3.0.28a +Release: 1 Epoch: 1 License: GPL v2 Group: Networking/Daemons Source0: http://us1.samba.org/samba/ftp/%{name}-%{version}.tar.gz -# Source0-md5: 8761cd7c02833d959fbebd4f69895075 +# Source0-md5: 59754cb0c19da6e65c42d0a163c5885a Source1: smb.init Source2: %{name}.pamd Source3: swat.inetd @@ -65,23 +65,24 @@ Patch4: %{name}-libsmbclient-libnscd_link.patch Patch5: %{name}-doc.patch Patch6: %{name}-libs-needed.patch Patch7: %{name}-lprng-no-dot-printers.patch -Patch8: %{name}-pam_smbpass-syslog.patch -Patch9: %{name}-cap.patch +Patch8: %{name}-cap.patch +Patch9: %{name}-printerlocation.patch URL: http://www.samba.org/ BuildRequires: acl-devel BuildRequires: autoconf BuildRequires: automake %{?with_cups:BuildRequires: cups-devel >= 1:1.2.0} BuildRequires: dmapi-devel +BuildRequires: fam-devel BuildRequires: iconv -%{?with_kerberos5:BuildRequires: krb5-devel} +%{?with_kerberos5:BuildRequires: heimdal-devel >= 0.7} BuildRequires: libmagic-devel BuildRequires: libnscd-devel BuildRequires: libtool >= 2:1.4d BuildRequires: ncurses-devel >= 5.2 -%{?with_ldap:BuildRequires: openldap-devel >= 2.4.6} +%{?with_ldap:BuildRequires: openldap-devel >= 2.3.0} BuildRequires: openssl-devel >= 0.9.7d -BuildRequires: pam-devel >= 0.99.8.1 +BuildRequires: pam-devel > 0.66 BuildRequires: popt-devel %{?with_pgsql:BuildRequires: postgresql-devel} %if %{with python} @@ -95,7 +96,7 @@ BuildRequires: xfsprogs-devel Requires(post,preun): /sbin/chkconfig Requires: %{name}-common = %{epoch}:%{version}-%{release} Requires: logrotate >= 3.7-4 -Requires: pam >= 0.99.8.1 +Requires: pam >= 0.66 Requires: rc-scripts Requires: setup >= 2.4.6-7 # smbd links with libcups @@ -312,7 +313,7 @@ Summary(ru.UTF-8): Клиентские программы Samba (SMB) Summary(uk.UTF-8): Клієнтські програми Samba (SMB) Group: Applications/Networking Requires: %{name}-common = %{epoch}:%{version}-%{release} -%{?with_kerberos5:Requires: krb5-libs} +%{?with_kerberos5:Requires: heimdal-libs >= 0.7} Obsoletes: mount-cifs Obsoletes: smbfs @@ -424,7 +425,7 @@ Obsoletes: pam_smbpass %description -n pam-pam_smbpass PAM module which can be used on conforming systems to keep the -smbpasswd (Samba password) database in sync with the unix password +smbpasswd (Samba password) database in sync with the Unix password file. %description -n pam-pam_smbpass -l pl.UTF-8 @@ -617,6 +618,21 @@ klientom, że pliki i katalogi z profilu są zapisywane. To wystarczy klientom pomimo, że pliki nie zostaną nigdy nadpisane przy logowaniu lub wylogowywaniu klienta. +%package vfs-notify_fam +Summary: VFS module to implement file change notifications +Summary(pl.UTF-8): Moduł VFS implementujący informowanie o zmianach w plikach +Group: Networking/Daemons +Requires: %{name} = %{epoch}:%{version}-%{release} + +%description vfs-notify_fam +The vfs_notify_fam module makes use of the system FAM (File Alteration +Monitor) daemon to implement file change notifications for Windows +clients. + +%description vfs-notify_fam -l pl.UTF-8 +Ten moduł używa demona FAM (File Alteration Monitor) do implementacji +informowania o zmianach w plikach dla klientów Windows. + %package vfs-netatalk Summary: VFS module for ease co-existence of samba and netatalk Summary(pl.UTF-8): Moduł VFS ułatwiający współpracę serwisów samba i netatalk @@ -1371,6 +1387,11 @@ fi %attr(755,root,root) %{_vfsdir}/fake_perms.so %{_mandir}/man8/vfs_fake_perms.8* +%files vfs-notify_fam +%defattr(644,root,root,755) +%attr(755,root,root) %{_vfsdir}/notify_fam.so +%{_mandir}/man8/vfs_notify_fam.8* + %files vfs-netatalk %defattr(644,root,root,755) %attr(755,root,root) %{_vfsdir}/netatalk.so -- 2.44.0