Projects
openEuler:20.03:LTS:SP3
samba
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
Expand all
Collapse all
Changes of Revision 32
View file
_service:tar_scm_kernel_repo:samba.spec
Changed
@@ -49,7 +49,7 @@ Name: samba Version: 4.11.12 -Release: 27 +Release: 28 Summary: A suite for Linux to interoperate with Windows License: GPLv3+ and LGPLv3+ @@ -339,6 +339,7 @@ Patch6410: backport-0037-CVE-2022-38023.patch Patch6411: backport-0038-CVE-2022-38023.patch Patch6412: backport-CVE-2023-0922.patch +Patch6413: backport-Adapt-sign_authdata-in-our-KDB-module-for-krb5-v1.18.patch BuildRequires: avahi-devel cups-devel dbus-devel docbook-style-xsl e2fsprogs-devel gawk gnupg2 gnutls-devel >= 3.4.7 gpgme-devel @@ -3397,6 +3398,12 @@ %{_mandir}/man* %changelog +* Tue Apr 18 2023 xinghe <xinghe2@h-partners.com> - 4.11.12-28 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:fix samba.service restart failed + * Mon Apr 10 2023 xinghe <xinghe2@h-partners.com> - 4.11.12-27 - Type:bugfix - CVE:NA
View file
_service:tar_scm_kernel_repo:backport-Adapt-sign_authdata-in-our-KDB-module-for-krb5-v1.18.patch
Added
@@ -0,0 +1,122 @@ +From bebad45b29ad8e90828b55ddbbdb9379691f8d62 Mon Sep 17 00:00:00 2001 +From: Isaac Boukris <iboukris@gmail.com> +Date: Mon, 16 Sep 2019 16:40:12 +0300 +Subject: [PATCH] Adapt sign_authdata in our KDB module for krb5 v1.18 + +Signed-off-by: Isaac Boukris <iboukris@samba.org> +Reviewed-by: Andreas Schneider <asn@samba.org> + +Conflict: source4/kdc/mit-kdb/kdb_samba_policies.c context adpat +Reference: https://github.com/samba-team/samba/commit/bebad45b29ad8e90828b55ddbbdb9379691f8d62 +--- + source4/kdc/mit-kdb/kdb_samba.c | 2 +- + source4/kdc/mit-kdb/kdb_samba.h | 21 +++++++++++++++++++ + source4/kdc/mit-kdb/kdb_samba_policies.c | 26 ++++++++++++++++++++++++ + 3 files changed, 48 insertions(+), 1 deletion(-) + +diff --git a/source4/kdc/mit-kdb/kdb_samba.c b/source4/kdc/mit-kdb/kdb_samba.c +index c5157d6..02bbdca 100644 +--- a/source4/kdc/mit-kdb/kdb_samba.c ++++ b/source4/kdc/mit-kdb/kdb_samba.c +@@ -139,7 +139,7 @@ static void kdb_samba_db_free_principal_e_data(krb5_context context, + + kdb_vftabl kdb_function_table = { + .maj_ver = KRB5_KDB_DAL_MAJOR_VERSION, +- .min_ver = 1, ++ .min_ver = KRB5_KDB_DAL_MAJOR_VERSION == 6 ? 1 : 0, + + .init_library = kdb_samba_init_library, + .fini_library = kdb_samba_fini_library, +diff --git a/source4/kdc/mit-kdb/kdb_samba.h b/source4/kdc/mit-kdb/kdb_samba.h +index 85579ca..7d859dc 100644 +--- a/source4/kdc/mit-kdb/kdb_samba.h ++++ b/source4/kdc/mit-kdb/kdb_samba.h +@@ -128,6 +128,7 @@ krb5_error_code kdb_samba_dbekd_encrypt_key_data(krb5_context context, + + /* from kdb_samba_policies.c */ + ++#if KRB5_KDB_API_VERSION < 10 + krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context, + unsigned int flags, + krb5_const_principal client_princ, +@@ -141,6 +142,26 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context, + krb5_timestamp authtime, + krb5_authdata **tgt_auth_data, + krb5_authdata ***signed_auth_data); ++#else ++krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context, ++ unsigned int flags, ++ krb5_const_principal client_princ, ++ krb5_const_principal server_princ, ++ krb5_db_entry *client, ++ krb5_db_entry *server, ++ krb5_db_entry *krbtgt, ++ krb5_db_entry *local_krbtgt, ++ krb5_keyblock *client_key, ++ krb5_keyblock *server_key, ++ krb5_keyblock *krbtgt_key, ++ krb5_keyblock *local_krbtgt_key, ++ krb5_keyblock *session_key, ++ krb5_timestamp authtime, ++ krb5_authdata **tgt_auth_data, ++ void *authdata_info, ++ krb5_data ***auth_indicators, ++ krb5_authdata ***signed_auth_data); ++#endif + + krb5_error_code kdb_samba_db_check_policy_as(krb5_context context, + krb5_kdc_req *kdcreq, +diff --git a/source4/kdc/mit-kdb/kdb_samba_policies.c b/source4/kdc/mit-kdb/kdb_samba_policies.c +index 1c81962..c0be796 100644 +--- a/source4/kdc/mit-kdb/kdb_samba_policies.c ++++ b/source4/kdc/mit-kdb/kdb_samba_policies.c +@@ -289,6 +289,7 @@ done: + return code; + } + ++#if KRB5_KDB_API_VERSION < 10 + krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context, + unsigned int flags, + krb5_const_principal client_princ, +@@ -303,6 +304,27 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context, + krb5_authdata **tgt_auth_data, + krb5_authdata ***signed_auth_data) + { ++#else ++krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context, ++ unsigned int flags, ++ krb5_const_principal client_princ, ++ krb5_const_principal server_princ, ++ krb5_db_entry *client, ++ krb5_db_entry *server, ++ krb5_db_entry *krbtgt, ++ krb5_db_entry *local_krbtgt, ++ krb5_keyblock *client_key, ++ krb5_keyblock *server_key, ++ krb5_keyblock *krbtgt_key, ++ krb5_keyblock *local_krbtgt_key, ++ krb5_keyblock *session_key, ++ krb5_timestamp authtime, ++ krb5_authdata **tgt_auth_data, ++ void *authdata_info, ++ krb5_data ***auth_indicators, ++ krb5_authdata ***signed_auth_data) ++{ ++#endif + krb5_const_principal ks_client_princ = NULL; + krb5_db_entry *client_entry = NULL; + krb5_authdata **pac_auth_data = NULL; +@@ -315,6 +337,10 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context, + bool generate_pac = false; + char *client_name = NULL; + ++#if KRB5_KDB_API_VERSION >= 10 ++ krbtgt = krbtgt == NULL ? local_krbtgt : krbtgt; ++ krbtgt_key = krbtgt_key == NULL ? local_krbtgt_key : krbtgt_key; ++#endif + + is_as_req = ((flags & KRB5_KDB_FLAG_CLIENT_REFERRALS_ONLY) != 0); + +-- +2.27.0 +
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.