pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: pkgsrc/net/samba4



Module Name:    pkgsrc
Committed By:   adam
Date:           Mon Apr 15 07:16:39 UTC 2024

Modified Files:
        pkgsrc/net/samba4: Makefile PLIST distinfo
Added Files:
        pkgsrc/net/samba4/patches: patch-source3_lib_sysquotas__4A.c

Log Message:
samba4: updated to 4.20.0

Samba 4.20.0

NEW FEATURES/CHANGES
====================

New Minimum MIT Krb5 version for Samba AD Domain Controller
-----------------------------------------------------------

Samba now requires MIT 1.21 when built against a system MIT Krb5 and
acting as an Active Directory DC.  This addresses the issues that were
fixed in CVE-2022-37967 (KrbtgtFullPacSignature) and ensures that
Samba builds against the MIT version that allows us to avoid that
attack.

Removed dependency on Perl JSON module
--------------------------------------

Distributions are advised that the Perl JSON package is no longer
required by Samba builds that use the imported Heimdal.  The build
instead uses Perl's JSON::PP built into recent perl5 versions.

Current lists of packages required by Samba for major distributions
are found in the bootstrap/generated-dists/ directory of a Samba
source tree.  While there will be some differences - due to features
chosen by packagers - comparing these lists with the build dependencies
in a package may locate other dependencies we no longer require.

samba-tool user getpassword / syncpasswords ;rounds= change
-----------------------------------------------------------

The password access tool "samba-tool user getpassword" and the
password sync tool "samba-tool user syncpasswords" allow attributes to
be chosen for output, and accept parameters like
pwdLastSet;format=GeneralizedTime

These attributes then appear, in the same format, as the attributes in
the LDIF output.  This was not the case for the ;rounds= parameter of
virtualCryptSHA256 and virtualCryptSHA512, for example as
--attributes="virtualCryptSHA256;rounds=50000"

This release makes the behaviour consistent between these two
features.  Installations using GPG-encrypted passwords (or plaintext
storage) and the rounds= option, will find the output has changed

from:
virtualCryptSHA256: {CRYPT}$5$rounds=2561$hXem.M9onhM9Vuix$dFdSBwF

to:
virtualCryptSHA256;rounds=2561: {CRYPT}$5$rounds=2561$hXem.M9onhM9Vuix$dFdSBwF

Group Managed service account client-side features
--------------------------------------------------

samba-tool has been extended to provide client-side support for Group
Managed Service accounts.  These accounts have passwords that change
automatically, giving the advantages of service isolation without risk
of poor, unchanging passwords.

Where possible, Samba's existing samba-tool password handling
commands, which in the past have only operated against the local
sam.ldb have been extended to permit operation against a remote server
with authenticated access to "-H ldap://$DCNAME";

Supported operations include:
 - reading the current and previous gMSA password via
   "samba-tool user getpassword"
 - writing a Kerberos Ticket Granting Ticket (TGT) to a local
   credentials cache with a new command
   "samba-tool user get-kerberos-ticket"

New Windows Search Protocol Client
----------------------------------

Samba now by default builds new experimental Windows Search Protocol (WSP)
command line client "wspsearch"

The "wspsearch" cmd-line utility allows a WSP search request to be sent
to a server (such as a windows server) that has the (WSP)
Windows Search Protocol service configured and enabled.

For more details see the wspsearch man page.

Allow 'smbcacls' to save/restore DACLs to file
--------------------------------------------

'smbcacls' has been extended to allow DACLs to be saved and restored
to/from a file. This feature mimics the functionality that windows cmd
line tool 'icacls.exe' provides. Additionally files created either
by 'smbcalcs' or 'icacls.exe' are interchangeable and can be used by
either tool as the same file format is used.

New options added are:
 - '--save savefile'    Saves DACLs in sddl format to file
 - '--recurse'          Performs the '--save' operation above on directory
                        and all files/directories below.
 - '--restore savefile' Restores the stored DACLS to files in directory

Samba-tool extensions for AD Claims, Authentication Policies and Silos
----------------------------------------------------------------------

samba-tool now allows users to be associated with claims.  In the
Samba AD DC, claims derive from Active Directory attributes mapped
into specific names.  These claims can be used in rules, which are
conditional ACEs in a security descriptor, that decide if a user is
restricted by an authentication policy.

samba-tool also allows the creation and management of authentication
policies, which are rules about where a user may authenticate from,
if NTLM is permitted, and what services a user may authenticate to.

Finally, support is added for the creation and management of
authentication silos, which are helpful in defining network boundaries
by grouping users and the services they connect to.

Please note: The command line syntax for these tools is not final, and
may change before the next release, as we gain user feedback.  The
syntax will be locked in once Samba offers 2016 AD Functional Level as
a default.

AD DC support for Authentication Silos and Authentication Policies
------------------------------------------------------------------

The Samba AD DC now also honours any existing claims, authentication
policy and authentication silo configuration previously created (eg
from an import of a Microsoft AD), as well as new configurations
created with samba-tool.  The use of Microsoft's Powershell based
client tools is not expected to work.

To use this feature, the functional level must be set to 2012_R2 or
later with:

 ad dc functional level = 2016

in the smb.conf.

The smb.conf file on each DC must have 'ad dc functional level = 2016'
set to have the partially complete feature available.  This will also,
at first startup, update the server's own AD entry with the configured
functional level.

For new domains, add these parameters to 'samba-tool provision'

--option="ad dc functional level = 2016" --function-level=2016

The second option, setting the overall domain functional level
indicates that all DCs should be at this functional level.

To raise the domain functional level of an existing domain, after
updating the smb.conf and restarting Samba run
samba-tool domain schemaupgrade --schema=2019
samba-tool domain functionalprep --function-level=2016
samba-tool domain level raise --domain-level=2016 --forest-level=2016

This support is still new, so is not enabled by default in this
release.  The above instructions are set at 2016, which while not
complete, matches what our testing environment validates.

Conditional ACEs and Resource Attribute ACEs
--------------------------------------------

Ordinary Access Control Entries (ACEs) unconditionally allow or deny
access to a given user or group. Conditional ACEs have an additional
section that describes conditions under which the ACE applies. If the
conditional expression is true, the ACE works like an ordinary ACE,
otherwise it is ignored. The condition terms can refer to claims,
group memberships, and attributes on the object itself. These
attributes are described in Resource Attribute ACEs that occur in the
object's System Access Control List (SACL). Conditional ACEs are
described in Microsoft documentation.

Conditional ACE evaluation is controlled by the "acl claims
evaluation" smb.conf option. The default value is "AD DC only" which
enables them in AD DC settings. The other option is "never", which
disables them altogether. There is currently no option to enable them
on the file server (this is likely to change in future releases).

The Security Descriptor Definition Language has extensions for
conditional ACEs and resource attribute ACEs; these are now supported
by Samba.

Service Witness Protocol [MS-SWN]
---------------------------------

In a ctdb cluster it is now possible to provide
the SMB witness service that allows clients to
monitor their current smb connection to cluster
node A by asking cluster node B to notify the
client if the ip address from node A or the
whole node A becomes unavailable.

For disk shares in a ctdb cluster
SMB2_SHARE_CAP_SCALEOUT is now always returned
for SMB3 tree connect responses.

If the witness service is active
SMB2_SHARE_CAP_CLUSTER is now also returned.

In order to activate the witness service
"rpc start on demand helpers = no" needs to
be configured in the global section.
At the same time the 'samba-dcerpcd' service
needs to be started explicitly, typically
with the '--libexec-rpcds' option in order
to make all available services usable.
One important aspect is that tcp ports
135 (for the endpoint mapper) and various
ports in the 'rpc server dynamic port range'
will be used to provide the witness service
(rpcd_witness).

ctdb provides a '47.samba-dcerpcd.script' in order
to manage the samba-dcerpcd.service.
Typically as systemd service, but that's up
to the packager and/or admin.

Please note that current windows client
requires SMB2_SHARE_CAP_CONTINUOUS_AVAILABILITY
in addition to SMB2_SHARE_CAP_CLUSTER in order
to make use of the witness service.
But SMB2_SHARE_CAP_CONTINUOUS_AVAILABILITY implies
the windows clients always ask for persistent handle
(which are not implemented in samba yet), so
that every open generates a warning in the
windows smb client event log.
That's why SMB2_SHARE_CAP_CONTINUOUS_AVAILABILITY
is not returned by default.
An explicit 'smb3 share cap:CONTINUOUS AVAILABILITY = yes'
is needed.

There are also new 'net witness' commands in order
to let the admin list active client registrations
or ask specific clients to move their smb connection
to another cluster node. These are available:

 net witness list
 net witness client-move
 net witness share-move
 net witness force-unregister
 net witness force-response

Consult 'man net' or 'net witness help' for further details.


To generate a diff of this commit:
cvs rdiff -u -r1.179 -r1.180 pkgsrc/net/samba4/Makefile
cvs rdiff -u -r1.54 -r1.55 pkgsrc/net/samba4/PLIST
cvs rdiff -u -r1.102 -r1.103 pkgsrc/net/samba4/distinfo
cvs rdiff -u -r0 -r1.1 \
    pkgsrc/net/samba4/patches/patch-source3_lib_sysquotas__4A.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/net/samba4/Makefile
diff -u pkgsrc/net/samba4/Makefile:1.179 pkgsrc/net/samba4/Makefile:1.180
--- pkgsrc/net/samba4/Makefile:1.179    Tue Feb 20 05:21:35 2024
+++ pkgsrc/net/samba4/Makefile  Mon Apr 15 07:16:38 2024
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.179 2024/02/20 05:21:35 adam Exp $
+# $NetBSD: Makefile,v 1.180 2024/04/15 07:16:38 adam Exp $
 
-DISTNAME=      samba-4.19.5
+DISTNAME=      samba-4.20.0
 CATEGORIES=    net
 MASTER_SITES=  https://download.samba.org/pub/samba/stable/
 

Index: pkgsrc/net/samba4/PLIST
diff -u pkgsrc/net/samba4/PLIST:1.54 pkgsrc/net/samba4/PLIST:1.55
--- pkgsrc/net/samba4/PLIST:1.54        Thu Nov 16 16:37:31 2023
+++ pkgsrc/net/samba4/PLIST     Mon Apr 15 07:16:38 2024
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.54 2023/11/16 16:37:31 dogcow Exp $
+@comment $NetBSD: PLIST,v 1.55 2024/04/15 07:16:38 adam Exp $
 bin/cifsdd
 bin/dbwrap_tool
 bin/dumpmscat
@@ -35,6 +35,7 @@ bin/smbtorture
 bin/smbtree
 bin/testparm
 bin/wbinfo
+bin/wspsearch
 include/charset.h
 include/core/doserr.h
 include/core/error.h
@@ -94,6 +95,7 @@ include/samba/session.h
 include/samba/version.h
 include/share.h
 include/smb2_lease_struct.h
+include/smb3posix.h
 ${PLIST.ldap}include/smb_ldap.h
 include/smbconf.h
 ${PLIST.ldap}include/smbldap.h
@@ -143,8 +145,8 @@ lib/libndr-standard.so
 lib/libndr-standard.so.0
 lib/libndr-standard.so.0.0.1
 lib/libndr.so
-lib/libndr.so.3
-lib/libndr.so.3.0.1
+lib/libndr.so.4
+lib/libndr.so.4.0.0
 lib/libnetapi.so
 lib/libnetapi.so.1
 lib/libnetapi.so.1.0.0
@@ -172,7 +174,7 @@ lib/libsamdb.so.0
 lib/libsamdb.so.0.0.1
 lib/libsmbclient.so
 lib/libsmbclient.so.0
-lib/libsmbclient.so.0.7.0
+lib/libsmbclient.so.0.8.0
 lib/libsmbconf.so
 lib/libsmbconf.so.0
 lib/libsmbconf.so.0.0.1
@@ -216,6 +218,7 @@ ${PYSITELIB}/samba/dcerpc/atsvc.so
 ${PYSITELIB}/samba/dcerpc/auth.so
 ${PYSITELIB}/samba/dcerpc/base.so
 ${PYSITELIB}/samba/dcerpc/claims.so
+${PYSITELIB}/samba/dcerpc/conditional_ace.so
 ${PYSITELIB}/samba/dcerpc/dcerpc.so
 ${PYSITELIB}/samba/dcerpc/dfs.so
 ${PYSITELIB}/samba/dcerpc/dns.so
@@ -225,6 +228,8 @@ ${PYSITELIB}/samba/dcerpc/drsblobs.so
 ${PYSITELIB}/samba/dcerpc/drsuapi.so
 ${PYSITELIB}/samba/dcerpc/echo.so
 ${PYSITELIB}/samba/dcerpc/epmapper.so
+${PYSITELIB}/samba/dcerpc/gkdi.so
+${PYSITELIB}/samba/dcerpc/gmsa.so
 ${PYSITELIB}/samba/dcerpc/idmap.so
 ${PYSITELIB}/samba/dcerpc/initshutdown.so
 ${PYSITELIB}/samba/dcerpc/irpc.so
@@ -242,6 +247,8 @@ ${PYSITELIB}/samba/dcerpc/preg.so
 ${PYSITELIB}/samba/dcerpc/samr.so
 ${PYSITELIB}/samba/dcerpc/security.so
 ${PYSITELIB}/samba/dcerpc/server_id.so
+${PYSITELIB}/samba/dcerpc/smb3posix.so
+${PYSITELIB}/samba/dcerpc/smbXsrv.so
 ${PYSITELIB}/samba/dcerpc/smb_acl.so
 ${PYSITELIB}/samba/dcerpc/spoolss.so
 ${PYSITELIB}/samba/dcerpc/srvsvc.so
@@ -269,11 +276,13 @@ ${PYSITELIB}/samba/forest_update.py
 ${PYSITELIB}/samba/functional_level.py
 ${PYSITELIB}/samba/gensec.so
 ${PYSITELIB}/samba/getopt.py
+${PYSITELIB}/samba/gkdi.py
 ${PYSITELIB}/samba/gp/__init__.py
 ${PYSITELIB}/samba/gp/gp_centrify_crontab_ext.py
 ${PYSITELIB}/samba/gp/gp_centrify_sudoers_ext.py
 ${PYSITELIB}/samba/gp/gp_cert_auto_enroll_ext.py
 ${PYSITELIB}/samba/gp/gp_chromium_ext.py
+${PYSITELIB}/samba/gp/gp_drive_maps_ext.py
 ${PYSITELIB}/samba/gp/gp_ext_loader.py
 ${PYSITELIB}/samba/gp/gp_firefox_ext.py
 ${PYSITELIB}/samba/gp/gp_firewalld_ext.py
@@ -302,6 +311,7 @@ ${PYSITELIB}/samba/gp_parse/gp_pol.py
 ${PYSITELIB}/samba/gpo.so
 ${PYSITELIB}/samba/graph.py
 ${PYSITELIB}/samba/hostconfig.py
+${PYSITELIB}/samba/hresult.so
 ${PYSITELIB}/samba/idmap.py
 ${PYSITELIB}/samba/join.py
 ${PYSITELIB}/samba/kcc/__init__.py
@@ -353,7 +363,9 @@ ${PYSITELIB}/samba/netcmd/domain/models/
 ${PYSITELIB}/samba/netcmd/domain/models/claim_type.py
 ${PYSITELIB}/samba/netcmd/domain/models/exceptions.py
 ${PYSITELIB}/samba/netcmd/domain/models/fields.py
+${PYSITELIB}/samba/netcmd/domain/models/group.py
 ${PYSITELIB}/samba/netcmd/domain/models/model.py
+${PYSITELIB}/samba/netcmd/domain/models/query.py
 ${PYSITELIB}/samba/netcmd/domain/models/schema.py
 ${PYSITELIB}/samba/netcmd/domain/models/site.py
 ${PYSITELIB}/samba/netcmd/domain/models/subnet.py
@@ -382,12 +394,39 @@ ${PYSITELIB}/samba/netcmd/processes.py
 ${PYSITELIB}/samba/netcmd/pso.py
 ${PYSITELIB}/samba/netcmd/rodc.py
 ${PYSITELIB}/samba/netcmd/schema.py
+${PYSITELIB}/samba/netcmd/shell.py
 ${PYSITELIB}/samba/netcmd/sites.py
 ${PYSITELIB}/samba/netcmd/spn.py
 ${PYSITELIB}/samba/netcmd/testparm.py
-${PYSITELIB}/samba/netcmd/user.py
+${PYSITELIB}/samba/netcmd/user/__init__.py
+${PYSITELIB}/samba/netcmd/user/add.py
+${PYSITELIB}/samba/netcmd/user/add_unix_attrs.py
+${PYSITELIB}/samba/netcmd/user/auth/__init__.py
+${PYSITELIB}/samba/netcmd/user/auth/policy.py
+${PYSITELIB}/samba/netcmd/user/auth/silo.py
+${PYSITELIB}/samba/netcmd/user/delete.py
+${PYSITELIB}/samba/netcmd/user/disable.py
+${PYSITELIB}/samba/netcmd/user/edit.py
+${PYSITELIB}/samba/netcmd/user/enable.py
+${PYSITELIB}/samba/netcmd/user/getgroups.py
+${PYSITELIB}/samba/netcmd/user/list.py
+${PYSITELIB}/samba/netcmd/user/move.py
+${PYSITELIB}/samba/netcmd/user/password.py
+${PYSITELIB}/samba/netcmd/user/readpasswords/__init__.py
+${PYSITELIB}/samba/netcmd/user/readpasswords/common.py
+${PYSITELIB}/samba/netcmd/user/readpasswords/get_kerberos_ticket.py
+${PYSITELIB}/samba/netcmd/user/readpasswords/getpassword.py
+${PYSITELIB}/samba/netcmd/user/readpasswords/show.py
+${PYSITELIB}/samba/netcmd/user/readpasswords/syncpasswords.py
+${PYSITELIB}/samba/netcmd/user/rename.py
+${PYSITELIB}/samba/netcmd/user/sensitive.py
+${PYSITELIB}/samba/netcmd/user/setexpiry.py
+${PYSITELIB}/samba/netcmd/user/setpassword.py
+${PYSITELIB}/samba/netcmd/user/setprimarygroup.py
+${PYSITELIB}/samba/netcmd/user/unlock.py
 ${PYSITELIB}/samba/netcmd/validators.py
 ${PYSITELIB}/samba/netcmd/visualize.py
+${PYSITELIB}/samba/nt_time.py
 ${PYSITELIB}/samba/ntacls.py
 ${PYSITELIB}/samba/ntstatus.so
 ${PYSITELIB}/samba/param.so
@@ -438,16 +477,19 @@ ${PYSITELIB}/samba/tests/auth_log_winbin
 ${PYSITELIB}/samba/tests/blackbox/__init__.py
 ${PYSITELIB}/samba/tests/blackbox/bug13653.py
 ${PYSITELIB}/samba/tests/blackbox/check_output.py
+${PYSITELIB}/samba/tests/blackbox/claims.py
 ${PYSITELIB}/samba/tests/blackbox/downgradedatabase.py
 ${PYSITELIB}/samba/tests/blackbox/mdsearch.py
 ${PYSITELIB}/samba/tests/blackbox/ndrdump.py
 ${PYSITELIB}/samba/tests/blackbox/netads_dns.py
 ${PYSITELIB}/samba/tests/blackbox/netads_json.py
+${PYSITELIB}/samba/tests/blackbox/rpcd_witness_samba_only.py
 ${PYSITELIB}/samba/tests/blackbox/samba_dnsupdate.py
 ${PYSITELIB}/samba/tests/blackbox/smbcacls.py
 ${PYSITELIB}/samba/tests/blackbox/smbcacls_basic.py
 ${PYSITELIB}/samba/tests/blackbox/smbcacls_dfs_propagate_inherit.py
 ${PYSITELIB}/samba/tests/blackbox/smbcacls_propagate_inhertance.py
+${PYSITELIB}/samba/tests/blackbox/smbcacls_save_restore.py
 ${PYSITELIB}/samba/tests/blackbox/smbcontrol.py
 ${PYSITELIB}/samba/tests/blackbox/smbcontrol_process.py
 ${PYSITELIB}/samba/tests/blackbox/traffic_learner.py
@@ -456,6 +498,9 @@ ${PYSITELIB}/samba/tests/blackbox/traffi
 ${PYSITELIB}/samba/tests/common.py
 ${PYSITELIB}/samba/tests/complex_expressions.py
 ${PYSITELIB}/samba/tests/compression.py
+${PYSITELIB}/samba/tests/conditional_ace_assembler.py
+${PYSITELIB}/samba/tests/conditional_ace_bytes.py
+${PYSITELIB}/samba/tests/conditional_ace_claims.py
 ${PYSITELIB}/samba/tests/core.py
 ${PYSITELIB}/samba/tests/cred_opt.py
 ${PYSITELIB}/samba/tests/credentials.py
@@ -505,6 +550,7 @@ ${PYSITELIB}/samba/tests/encrypted_secre
 ${PYSITELIB}/samba/tests/gensec.py
 ${PYSITELIB}/samba/tests/get_opt.py
 ${PYSITELIB}/samba/tests/getdcname.py
+${PYSITELIB}/samba/tests/gkdi.py
 ${PYSITELIB}/samba/tests/glue.py
 ${PYSITELIB}/samba/tests/gpo.py
 ${PYSITELIB}/samba/tests/gpo_member.py
@@ -525,14 +571,17 @@ ${PYSITELIB}/samba/tests/krb5/authn_poli
 ${PYSITELIB}/samba/tests/krb5/claims_in_pac.py
 ${PYSITELIB}/samba/tests/krb5/claims_tests.py
 ${PYSITELIB}/samba/tests/krb5/compatability_tests.py
+${PYSITELIB}/samba/tests/krb5/conditional_ace_tests.py
 ${PYSITELIB}/samba/tests/krb5/device_tests.py
 ${PYSITELIB}/samba/tests/krb5/etype_tests.py
 ${PYSITELIB}/samba/tests/krb5/fast_tests.py
+${PYSITELIB}/samba/tests/krb5/gkdi_tests.py
 ${PYSITELIB}/samba/tests/krb5/group_tests.py
 ${PYSITELIB}/samba/tests/krb5/kcrypto.py
 ${PYSITELIB}/samba/tests/krb5/kdc_base_test.py
 ${PYSITELIB}/samba/tests/krb5/kdc_tests.py
 ${PYSITELIB}/samba/tests/krb5/kdc_tgs_tests.py
+${PYSITELIB}/samba/tests/krb5/kdc_tgt_tests.py
 ${PYSITELIB}/samba/tests/krb5/kpasswd_tests.py
 ${PYSITELIB}/samba/tests/krb5/lockout_tests.py
 ${PYSITELIB}/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py
@@ -543,6 +592,7 @@ ${PYSITELIB}/samba/tests/krb5/protected_
 ${PYSITELIB}/samba/tests/krb5/raw_testcase.py
 ${PYSITELIB}/samba/tests/krb5/rfc4120_constants.py
 ${PYSITELIB}/samba/tests/krb5/rfc4120_pyasn1.py
+${PYSITELIB}/samba/tests/krb5/rfc4120_pyasn1_generated.py
 ${PYSITELIB}/samba/tests/krb5/rodc_tests.py
 ${PYSITELIB}/samba/tests/krb5/s4u_tests.py
 ${PYSITELIB}/samba/tests/krb5/salt_tests.py
@@ -567,7 +617,9 @@ ${PYSITELIB}/samba/tests/loadparm.py
 ${PYSITELIB}/samba/tests/logfiles.py
 ${PYSITELIB}/samba/tests/lsa_string.py
 ${PYSITELIB}/samba/tests/messaging.py
-${PYSITELIB}/samba/tests/ndr.py
+${PYSITELIB}/samba/tests/ndr/gkdi.py
+${PYSITELIB}/samba/tests/ndr/gmsa.py
+${PYSITELIB}/samba/tests/ndr/wbint.py
 ${PYSITELIB}/samba/tests/net_join.py
 ${PYSITELIB}/samba/tests/net_join_no_spnego.py
 ${PYSITELIB}/samba/tests/netbios.py
@@ -615,7 +667,6 @@ ${PYSITELIB}/samba/tests/samba_tool/comp
 ${PYSITELIB}/samba/tests/samba_tool/contact.py
 ${PYSITELIB}/samba/tests/samba_tool/demote.py
 ${PYSITELIB}/samba/tests/samba_tool/dnscmd.py
-${PYSITELIB}/samba/tests/samba_tool/domain_auth_base.py
 ${PYSITELIB}/samba/tests/samba_tool/domain_auth_policy.py
 ${PYSITELIB}/samba/tests/samba_tool/domain_auth_silo.py
 ${PYSITELIB}/samba/tests/samba_tool/domain_claim.py
@@ -641,10 +692,15 @@ ${PYSITELIB}/samba/tests/samba_tool/prov
 ${PYSITELIB}/samba/tests/samba_tool/provision_userPassword_crypt.py
 ${PYSITELIB}/samba/tests/samba_tool/rodc.py
 ${PYSITELIB}/samba/tests/samba_tool/schema.py
+${PYSITELIB}/samba/tests/samba_tool/silo_base.py
 ${PYSITELIB}/samba/tests/samba_tool/sites.py
 ${PYSITELIB}/samba/tests/samba_tool/timecmd.py
 ${PYSITELIB}/samba/tests/samba_tool/user.py
+${PYSITELIB}/samba/tests/samba_tool/user_auth_policy.py
+${PYSITELIB}/samba/tests/samba_tool/user_auth_silo.py
 ${PYSITELIB}/samba/tests/samba_tool/user_check_password_script.py
+${PYSITELIB}/samba/tests/samba_tool/user_get_kerberos_ticket.py
+${PYSITELIB}/samba/tests/samba_tool/user_getpassword_gmsa.py
 ${PYSITELIB}/samba/tests/samba_tool/user_virtualCryptSHA.py
 ${PYSITELIB}/samba/tests/samba_tool/user_virtualCryptSHA_base.py
 ${PYSITELIB}/samba/tests/samba_tool/user_virtualCryptSHA_gpg.py
@@ -656,7 +712,9 @@ ${PYSITELIB}/samba/tests/samba_upgradedn
 ${PYSITELIB}/samba/tests/samdb.py
 ${PYSITELIB}/samba/tests/samdb_api.py
 ${PYSITELIB}/samba/tests/sddl.py
+${PYSITELIB}/samba/tests/sddl_conditional_ace.py
 ${PYSITELIB}/samba/tests/security.py
+${PYSITELIB}/samba/tests/security_descriptors.py
 ${PYSITELIB}/samba/tests/segfault.py
 ${PYSITELIB}/samba/tests/sid_strings.py
 ${PYSITELIB}/samba/tests/smb-notify.py
@@ -672,6 +730,7 @@ ${PYSITELIB}/samba/tests/source_chars.py
 ${PYSITELIB}/samba/tests/strings.py
 ${PYSITELIB}/samba/tests/subunitrun.py
 ${PYSITELIB}/samba/tests/tdb_util.py
+${PYSITELIB}/samba/tests/token_factory.py
 ${PYSITELIB}/samba/tests/upgrade.py
 ${PYSITELIB}/samba/tests/upgradeprovision.py
 ${PYSITELIB}/samba/tests/upgradeprovisionneeddc.py
@@ -751,126 +810,126 @@ lib/samba/nss_info/hash.${SOEXT}
 ${PLIST.ads}lib/samba/nss_info/rfc2307.${SOEXT}
 ${PLIST.ads}lib/samba/nss_info/sfu.${SOEXT}
 ${PLIST.ads}lib/samba/nss_info/sfu20.${SOEXT}
-lib/samba/private/libCHARSET3-samba4.so
-${PLIST.ads}lib/samba/private/libHDB-SAMBA4-samba4.so
-lib/samba/private/libLIBWBCLIENT-OLD-samba4.so
-lib/samba/private/libMESSAGING-SEND-samba4.so
-lib/samba/private/libMESSAGING-samba4.so
-lib/samba/private/libREG-FULL-samba4.so
-lib/samba/private/libRPC-SERVER-LOOP-samba4.so
-lib/samba/private/libRPC-WORKER-samba4.so
-${PLIST.ads}lib/samba/private/libad-claims-samba4.so
-lib/samba/private/libaddns-samba4.so
-lib/samba/private/libads-samba4.so
-lib/samba/private/libasn1-samba4.so
-lib/samba/private/libasn1util-samba4.so
-lib/samba/private/libauth-samba4.so
-lib/samba/private/libauth-unix-token-samba4.so
-lib/samba/private/libauth4-samba4.so
-lib/samba/private/libauthkrb5-samba4.so
-${PLIST.ads}lib/samba/private/libauthn-policy-util-samba4.so
-lib/samba/private/libcli-cldap-samba4.so
-lib/samba/private/libcli-ldap-common-samba4.so
-lib/samba/private/libcli-ldap-samba4.so
-lib/samba/private/libcli-nbt-samba4.so
-lib/samba/private/libcli-smb-common-samba4.so
-lib/samba/private/libcli-spoolss-samba4.so
-lib/samba/private/libcliauth-samba4.so
-lib/samba/private/libclidns-samba4.so
-lib/samba/private/libcluster-samba4.so
-lib/samba/private/libcmdline-contexts-samba4.so
-lib/samba/private/libcmdline-samba4.so
-lib/samba/private/libcom-err-samba4.so
-lib/samba/private/libcommon-auth-samba4.so
-${PLIST.ads}lib/samba/private/libdb-glue-samba4.so
-lib/samba/private/libdbwrap-samba4.so
-lib/samba/private/libdcerpc-pkt-auth-samba4.so
-lib/samba/private/libdcerpc-samba-samba4.so
-lib/samba/private/libdcerpc-samba4.so
-${PLIST.ads}lib/samba/private/libdfs-server-ad-samba4.so
-${PLIST.ads}lib/samba/private/libdlz-bind9-for-torture-samba4.so
-lib/samba/private/libdnsserver-common-samba4.so
-${PLIST.ads}lib/samba/private/libdsdb-garbage-collect-tombstones-samba4.so
-lib/samba/private/libdsdb-module-samba4.so
-lib/samba/private/libevents-samba4.so
-lib/samba/private/libflag-mapping-samba4.so
-lib/samba/private/libgenrand-samba4.so
-lib/samba/private/libgensec-samba4.so
-lib/samba/private/libgpext-samba4.so
-lib/samba/private/libgpo-samba4.so
-lib/samba/private/libgse-samba4.so
-lib/samba/private/libgss-preauth-samba4.so
-lib/samba/private/libgssapi-samba4.so
-lib/samba/private/libhcrypto-samba4.so
-lib/samba/private/libhdb-samba4.so
-lib/samba/private/libheimbase-samba4.so
-lib/samba/private/libheimntlm-samba4.so
-lib/samba/private/libhttp-samba4.so
-lib/samba/private/libhx509-samba4.so
-lib/samba/private/libidmap-samba4.so
-lib/samba/private/libinterfaces-samba4.so
-lib/samba/private/libiov-buf-samba4.so
-lib/samba/private/libkdc-samba4.so
-lib/samba/private/libkrb5-samba4.so
-lib/samba/private/libkrb5samba-samba4.so
-lib/samba/private/libldbsamba-samba4.so
-lib/samba/private/liblibcli-lsa3-samba4.so
-lib/samba/private/liblibcli-netlogon3-samba4.so
-lib/samba/private/liblibsmb-samba4.so
-lib/samba/private/libmessages-dgm-samba4.so
-lib/samba/private/libmessages-util-samba4.so
-lib/samba/private/libmscat-samba4.so
-lib/samba/private/libmsghdr-samba4.so
-lib/samba/private/libmsrpc3-samba4.so
-lib/samba/private/libndr-samba-samba4.so
-lib/samba/private/libndr-samba4.so
-lib/samba/private/libnet-keytab-samba4.so
-lib/samba/private/libnetif-samba4.so
-lib/samba/private/libnpa-tstream-samba4.so
-lib/samba/private/libnss-info-samba4.so
-${PLIST.ads}lib/samba/private/libpac-samba4.so
-lib/samba/private/libposix-eadb-samba4.so
-lib/samba/private/libprinter-driver-samba4.so
-lib/samba/private/libprinting-migrate-samba4.so
-${PLIST.ads}lib/samba/private/libprocess-model-samba4.so
-lib/samba/private/libregistry-samba4.so
-lib/samba/private/libreplace-samba4.so
-lib/samba/private/libroken-samba4.so
-lib/samba/private/libsamba-cluster-support-samba4.so
-lib/samba/private/libsamba-debug-samba4.so
-lib/samba/private/libsamba-modules-samba4.so
-lib/samba/private/libsamba-net-samba4.so
-lib/samba/private/libsamba-python-samba4.so
-lib/samba/private/libsamba-security-samba4.so
-lib/samba/private/libsamba-sockets-samba4.so
-lib/samba/private/libsamba3-util-samba4.so
-lib/samba/private/libsamdb-common-samba4.so
-${PLIST.ads}lib/samba/private/libscavenge-dns-records-samba4.so
-lib/samba/private/libsecrets3-samba4.so
-lib/samba/private/libserver-id-db-samba4.so
-lib/samba/private/libserver-role-samba4.so
-${PLIST.ads}lib/samba/private/libservice-samba4.so
-lib/samba/private/libshares-samba4.so
-lib/samba/private/libsmb-transport-samba4.so
-lib/samba/private/libsmbclient-raw-samba4.so
-lib/samba/private/libsmbd-base-samba4.so
-lib/samba/private/libsmbd-shim-samba4.so
-${PLIST.ldap}lib/samba/private/libsmbldaphelper-samba4.so
-lib/samba/private/libsmbpasswdparser-samba4.so
-lib/samba/private/libsocket-blocking-samba4.so
-lib/samba/private/libstable-sort-samba4.so
-lib/samba/private/libsys-rw-samba4.so
-lib/samba/private/libtalloc-report-printf-samba4.so
-lib/samba/private/libtalloc-report-samba4.so
-lib/samba/private/libtdb-wrap-samba4.so
-lib/samba/private/libtime-basic-samba4.so
-lib/samba/private/libtorture-samba4.so
-lib/samba/private/libtrusts-util-samba4.so
-lib/samba/private/libutil-reg-samba4.so
-lib/samba/private/libutil-setid-samba4.so
-lib/samba/private/libutil-tdb-samba4.so
-lib/samba/private/libwind-samba4.so
-lib/samba/private/libxattr-tdb-samba4.so
+lib/samba/private/libCHARSET3-private-samba.so
+lib/samba/private/libHDB-SAMBA4-private-samba.so
+lib/samba/private/libLIBWBCLIENT-OLD-private-samba.so
+lib/samba/private/libMESSAGING-SEND-private-samba.so
+lib/samba/private/libMESSAGING-private-samba.so
+lib/samba/private/libREG-FULL-private-samba.so
+lib/samba/private/libRPC-SERVER-LOOP-private-samba.so
+lib/samba/private/libRPC-WORKER-private-samba.so
+lib/samba/private/libad-claims-private-samba.so
+lib/samba/private/libaddns-private-samba.so
+lib/samba/private/libads-private-samba.so
+lib/samba/private/libasn1-private-samba.so
+lib/samba/private/libasn1util-private-samba.so
+lib/samba/private/libauth-private-samba.so
+lib/samba/private/libauth-unix-token-private-samba.so
+lib/samba/private/libauth4-private-samba.so
+lib/samba/private/libauthkrb5-private-samba.so
+lib/samba/private/libauthn-policy-util-private-samba.so
+lib/samba/private/libcli-cldap-private-samba.so
+lib/samba/private/libcli-ldap-common-private-samba.so
+lib/samba/private/libcli-ldap-private-samba.so
+lib/samba/private/libcli-nbt-private-samba.so
+lib/samba/private/libcli-smb-common-private-samba.so
+lib/samba/private/libcli-spoolss-private-samba.so
+lib/samba/private/libcliauth-private-samba.so
+lib/samba/private/libclidns-private-samba.so
+lib/samba/private/libcluster-private-samba.so
+lib/samba/private/libcmdline-contexts-private-samba.so
+lib/samba/private/libcmdline-private-samba.so
+lib/samba/private/libcom-err-private-samba.so
+lib/samba/private/libcommon-auth-private-samba.so
+lib/samba/private/libdb-glue-private-samba.so
+lib/samba/private/libdbwrap-private-samba.so
+lib/samba/private/libdcerpc-pkt-auth-private-samba.so
+lib/samba/private/libdcerpc-samba-private-samba.so
+lib/samba/private/libdcerpc-samba4-private-samba.so
+lib/samba/private/libdfs-server-ad-private-samba.so
+lib/samba/private/libdlz-bind9-for-torture-private-samba.so
+lib/samba/private/libdnsserver-common-private-samba.so
+lib/samba/private/libdsdb-garbage-collect-tombstones-private-samba.so
+lib/samba/private/libdsdb-module-private-samba.so
+lib/samba/private/libevents-private-samba.so
+lib/samba/private/libflag-mapping-private-samba.so
+lib/samba/private/libgenrand-private-samba.so
+lib/samba/private/libgensec-private-samba.so
+lib/samba/private/libgpext-private-samba.so
+lib/samba/private/libgpo-private-samba.so
+lib/samba/private/libgse-private-samba.so
+lib/samba/private/libgss-preauth-private-samba.so
+lib/samba/private/libgssapi-private-samba.so
+lib/samba/private/libhcrypto-private-samba.so
+lib/samba/private/libhdb-private-samba.so
+lib/samba/private/libheimbase-private-samba.so
+lib/samba/private/libheimntlm-private-samba.so
+lib/samba/private/libhttp-private-samba.so
+lib/samba/private/libhx509-private-samba.so
+lib/samba/private/libidmap-private-samba.so
+lib/samba/private/libinterfaces-private-samba.so
+lib/samba/private/libiov-buf-private-samba.so
+lib/samba/private/libkdc-private-samba.so
+lib/samba/private/libkrb5-private-samba.so
+lib/samba/private/libkrb5samba-private-samba.so
+lib/samba/private/libldbsamba-private-samba.so
+lib/samba/private/liblibcli-lsa3-private-samba.so
+lib/samba/private/liblibcli-netlogon3-private-samba.so
+lib/samba/private/liblibsmb-private-samba.so
+lib/samba/private/libmessages-dgm-private-samba.so
+lib/samba/private/libmessages-util-private-samba.so
+lib/samba/private/libmscat-private-samba.so
+lib/samba/private/libmsghdr-private-samba.so
+lib/samba/private/libmsrpc3-private-samba.so
+lib/samba/private/libndr-samba-private-samba.so
+lib/samba/private/libndr-samba4-private-samba.so
+lib/samba/private/libnet-keytab-private-samba.so
+lib/samba/private/libnetif-private-samba.so
+lib/samba/private/libnpa-tstream-private-samba.so
+lib/samba/private/libnss-info-private-samba.so
+lib/samba/private/libpac-private-samba.so
+lib/samba/private/libposix-eadb-private-samba.so
+lib/samba/private/libprinter-driver-private-samba.so
+lib/samba/private/libprinting-migrate-private-samba.so
+lib/samba/private/libprocess-model-private-samba.so
+lib/samba/private/libregistry-private-samba.so
+lib/samba/private/libreplace-private-samba.so
+lib/samba/private/libroken-private-samba.so
+lib/samba/private/libsamba-cluster-support-private-samba.so
+lib/samba/private/libsamba-debug-private-samba.so
+lib/samba/private/libsamba-modules-private-samba.so
+lib/samba/private/libsamba-net-private-samba.so
+lib/samba/private/libsamba-python-private-samba.so
+lib/samba/private/libsamba-security-private-samba.so
+lib/samba/private/libsamba-sockets-private-samba.so
+lib/samba/private/libsamba3-util-private-samba.so
+lib/samba/private/libsamdb-common-private-samba.so
+lib/samba/private/libscavenge-dns-records-private-samba.so
+lib/samba/private/libsecrets3-private-samba.so
+lib/samba/private/libserver-id-db-private-samba.so
+lib/samba/private/libserver-role-private-samba.so
+lib/samba/private/libservice-private-samba.so
+lib/samba/private/libshares-private-samba.so
+lib/samba/private/libsmb-transport-private-samba.so
+lib/samba/private/libsmbclient-raw-private-samba.so
+lib/samba/private/libsmbd-base-private-samba.so
+lib/samba/private/libsmbd-shim-private-samba.so
+lib/samba/private/libsmbldaphelper-private-samba.so
+lib/samba/private/libsmbpasswdparser-private-samba.so
+lib/samba/private/libsocket-blocking-private-samba.so
+lib/samba/private/libstable-sort-private-samba.so
+lib/samba/private/libsys-rw-private-samba.so
+lib/samba/private/libtalloc-report-printf-private-samba.so
+lib/samba/private/libtalloc-report-private-samba.so
+lib/samba/private/libtdb-wrap-private-samba.so
+lib/samba/private/libtime-basic-private-samba.so
+lib/samba/private/libtorture-private-samba.so
+lib/samba/private/libtrusts-util-private-samba.so
+lib/samba/private/libutil-reg-private-samba.so
+lib/samba/private/libutil-setid-private-samba.so
+lib/samba/private/libutil-tdb-private-samba.so
+lib/samba/private/libwind-private-samba.so
+lib/samba/private/libxattr-tdb-private-samba.so
 ${PLIST.ads}lib/samba/process_model/prefork.${SOEXT}
 ${PLIST.ads}lib/samba/process_model/standard.${SOEXT}
 ${PLIST.pam}lib/samba/security/pam_winbind.${SOEXT}
@@ -964,6 +1023,7 @@ man/man1/smbtorture.1
 man/man1/smbtree.1
 man/man1/testparm.1
 man/man1/wbinfo.1
+man/man1/wspsearch.1
 man/man5/lmhosts.5
 ${PLIST.pam}man/man5/pam_winbind.conf.5
 man/man5/smb.conf.5

Index: pkgsrc/net/samba4/distinfo
diff -u pkgsrc/net/samba4/distinfo:1.102 pkgsrc/net/samba4/distinfo:1.103
--- pkgsrc/net/samba4/distinfo:1.102    Tue Feb 20 05:21:35 2024
+++ pkgsrc/net/samba4/distinfo  Mon Apr 15 07:16:38 2024
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.102 2024/02/20 05:21:35 adam Exp $
+$NetBSD: distinfo,v 1.103 2024/04/15 07:16:38 adam Exp $
 
-BLAKE2s (samba-4.19.5.tar.gz) = 98182d21d4688af08cf657c2320eee5cfd0bfdf3b75fcb79e6eed64cfee9e00b
-SHA512 (samba-4.19.5.tar.gz) = 5b0934f2e44a28ffc4aa07e5495b339cf3a7548c49e29d1bae87de6c3a6f57c2a9130592dce782895079f559ed3bc8b5e4514c9c0fd8d5638aef68f0d0a3391f
-Size (samba-4.19.5.tar.gz) = 41840159 bytes
+BLAKE2s (samba-4.20.0.tar.gz) = 88938a680efad8d1a29fe591a95a125c194ddf45b435ebc1b21983078241ce84
+SHA512 (samba-4.20.0.tar.gz) = e820739706992ef3b4e3a7a771ad5d8efc6b87d5ccdcee7ebd41483d90fa3cc0420ba9680d059e71d7083c9c12b0d36deafcdce0224560f49bbfc3a277e7e77c
+Size (samba-4.20.0.tar.gz) = 42433302 bytes
 SHA1 (patch-buildtools_wafsamba_samba__conftests.py) = d927db17124d2bb5b382885e70a41f84c3929926
 SHA1 (patch-buildtools_wafsamba_samba__install.py) = d801340617da325e3bb70a90350e45cc8e383c2d
 SHA1 (patch-buildtools_wafsamba_samba__pidl.py) = e4c0ed3dacfcf5613a5b397b3c6cf88509497da7
@@ -24,6 +24,7 @@ SHA1 (patch-libcli_dns_wscript__build) =
 SHA1 (patch-nsswitch_stress-nss-libwbclient.c) = c546f00184b0d22b6c150e210962cdfc6fc12df2
 SHA1 (patch-nsswitch_winbind__nss__netbsd.c) = 1214bfbd7714b64f3ff3eb97b6f24e3d2629370f
 SHA1 (patch-nsswitch_wscript__build) = 5be3e07f8a34ae3e2f68126eb6f05f8b65f5be2f
+SHA1 (patch-source3_lib_sysquotas__4A.c) = da4e557485b95dbd780b3345613c506ef18d7923
 SHA1 (patch-source3_libsmb_pylibsmb.c) = 962bb35b140ec11c0035ffa7fb83c9143fa5615f
 SHA1 (patch-source3_modules_vfs__solarisacl.c) = 1a56006393d08d9977c60e75fddfcf501e2233f7
 SHA1 (patch-source3_modules_vfs__solarisacl.h) = 11f8664641a14fd83d78b1a7e10056a77b7b634f

Added files:

Index: pkgsrc/net/samba4/patches/patch-source3_lib_sysquotas__4A.c
diff -u /dev/null pkgsrc/net/samba4/patches/patch-source3_lib_sysquotas__4A.c:1.1
--- /dev/null   Mon Apr 15 07:16:39 2024
+++ pkgsrc/net/samba4/patches/patch-source3_lib_sysquotas__4A.c Mon Apr 15 07:16:39 2024
@@ -0,0 +1,16 @@
+$NetBSD: patch-source3_lib_sysquotas__4A.c,v 1.1 2024/04/15 07:16:39 adam Exp $
+
+On Darwin, struct dqblk does not have dqb_curblocks.
+
+--- source3/lib/sysquotas_4A.c.orig    2024-04-14 18:22:12.123682368 +0000
++++ source3/lib/sysquotas_4A.c
+@@ -155,7 +155,9 @@ int sys_get_vfs_quota(const char *path,
+       dp->ihardlimit = (uint64_t)D.dqb_ihardlimit;
+       dp->isoftlimit = (uint64_t)D.dqb_isoftlimit;
+       dp->curinodes = (uint64_t)D.dqb_curinodes;
++#if !defined(__APPLE__)
+       dp->curblocks = (uint64_t)D.dqb_curblocks;
++#endif
+ 
+ 
+       dp->qflags = qflags;



Home | Main Index | Thread Index | Old Index