Fri Mar 1 20:03:24 2019 UTC ()
Add a patch taken from upstream to allow smbd to work when
winbindd has been started but not configured.


(roy)
diff -r1.59 -r1.60 pkgsrc/net/samba4/Makefile
diff -r1.22 -r1.23 pkgsrc/net/samba4/distinfo
diff -r0 -r1.1 pkgsrc/net/samba4/patches/patch-source3_auth_token_util.c
cvs diff -r1.59 -r1.60 pkgsrc/net/samba4/Makefile (expand / switch to unified diff)

--- pkgsrc/net/samba4/Makefile 2019/02/23 21:29:29 1.59
+++ pkgsrc/net/samba4/Makefile 2019/03/01 20:03:24 1.60
@@ -1,17 +1,17 @@ @@ -1,17 +1,17 @@
1# $NetBSD: Makefile,v 1.59 2019/02/23 21:29:29 jperkin Exp $ 1# $NetBSD: Makefile,v 1.60 2019/03/01 20:03:24 roy Exp $
2 2
3DISTNAME= samba-4.9.4 3DISTNAME= samba-4.9.4
4PKGREVISION= 2 4PKGREVISION= 3
5CATEGORIES= net 5CATEGORIES= net
6MASTER_SITES= http://download.samba.org/pub/samba/stable/ 6MASTER_SITES= http://download.samba.org/pub/samba/stable/
7 7
8MAINTAINER= pkgsrc-users@NetBSD.org 8MAINTAINER= pkgsrc-users@NetBSD.org
9HOMEPAGE= http://www.samba.org/ 9HOMEPAGE= http://www.samba.org/
10COMMENT= SMB/CIFS protocol server suite 10COMMENT= SMB/CIFS protocol server suite
11LICENSE= gnu-gpl-v3 11LICENSE= gnu-gpl-v3
12 12
13CONFLICTS+= ja-samba-[0-9]* winbind-[0-9]* 13CONFLICTS+= ja-samba-[0-9]* winbind-[0-9]*
14 14
15GCC_REQD+= 4.4 15GCC_REQD+= 4.4
16BUILD_DEPENDS+= libxslt-[0-9]*:../../textproc/libxslt 16BUILD_DEPENDS+= libxslt-[0-9]*:../../textproc/libxslt
17BUILD_DEPENDS+= docbook-xml-[0-9]*:../../textproc/docbook-xml 17BUILD_DEPENDS+= docbook-xml-[0-9]*:../../textproc/docbook-xml
cvs diff -r1.22 -r1.23 pkgsrc/net/samba4/distinfo (expand / switch to unified diff)

--- pkgsrc/net/samba4/distinfo 2018/12/22 01:13:52 1.22
+++ pkgsrc/net/samba4/distinfo 2019/03/01 20:03:24 1.23
@@ -1,19 +1,20 @@ @@ -1,19 +1,20 @@
1$NetBSD: distinfo,v 1.22 2018/12/22 01:13:52 adam Exp $ 1$NetBSD: distinfo,v 1.23 2019/03/01 20:03:24 roy Exp $
2 2
3SHA1 (samba-4.9.4.tar.gz) = 7f8e15709e03e52d14bd9c85dd717366c106993f 3SHA1 (samba-4.9.4.tar.gz) = 7f8e15709e03e52d14bd9c85dd717366c106993f
4RMD160 (samba-4.9.4.tar.gz) = d0a43b85b85906f860de12b0b0abb1fcc5643b7a 4RMD160 (samba-4.9.4.tar.gz) = d0a43b85b85906f860de12b0b0abb1fcc5643b7a
5SHA512 (samba-4.9.4.tar.gz) = ecd9937caa12d409b9b4cf34982b1670346fa64c7ecd111b390e296771476e13eb7b868997bfe489f36b7bdc5c9fc3af42cd5ad276e9d85aaedfa8ac4cfc0617 5SHA512 (samba-4.9.4.tar.gz) = ecd9937caa12d409b9b4cf34982b1670346fa64c7ecd111b390e296771476e13eb7b868997bfe489f36b7bdc5c9fc3af42cd5ad276e9d85aaedfa8ac4cfc0617
6Size (samba-4.9.4.tar.gz) = 18053738 bytes 6Size (samba-4.9.4.tar.gz) = 18053738 bytes
7SHA1 (patch-buildtools_wafsamba_samba__install.py) = 82e91af3125931767df06821983d40e6f94140c3 7SHA1 (patch-buildtools_wafsamba_samba__install.py) = 82e91af3125931767df06821983d40e6f94140c3
8SHA1 (patch-buildtools_wafsamba_samba__pidl.py) = 1469d23fd2094ce0ecf979df6ff8cfd69fae53a6 8SHA1 (patch-buildtools_wafsamba_samba__pidl.py) = 1469d23fd2094ce0ecf979df6ff8cfd69fae53a6
9SHA1 (patch-buildtools_wafsamba_wscript) = 5604936a825675647157331df2333f4237c611f5 9SHA1 (patch-buildtools_wafsamba_wscript) = 5604936a825675647157331df2333f4237c611f5
10SHA1 (patch-docs-xml_wscript__build) = 5aa5cbf61882604b7ec9d19f0cd1537a23705ad0 10SHA1 (patch-docs-xml_wscript__build) = 5aa5cbf61882604b7ec9d19f0cd1537a23705ad0
11SHA1 (patch-dynconfig_wscript) = b77bc4aabaab2943962112c51dc539a65d015400 11SHA1 (patch-dynconfig_wscript) = b77bc4aabaab2943962112c51dc539a65d015400
12SHA1 (patch-lib_ldb_ldb__mdb_ldb__mdb.c) = e6d10c0eb44bbad4fbdd52a9e66116ead8e1818d 12SHA1 (patch-lib_ldb_ldb__mdb_ldb__mdb.c) = e6d10c0eb44bbad4fbdd52a9e66116ead8e1818d
13SHA1 (patch-lib_param_loadparm.h) = 0216b69d33d1e17260a446e11bee764116c52b18 13SHA1 (patch-lib_param_loadparm.h) = 0216b69d33d1e17260a446e11bee764116c52b18
14SHA1 (patch-lib_replace_wscript) = b6a042c2c13c0be78d7b64c0ce2efdaf4bbb1f3b 14SHA1 (patch-lib_replace_wscript) = b6a042c2c13c0be78d7b64c0ce2efdaf4bbb1f3b
15SHA1 (patch-lib_tevent_wscript) = fbbe2024096b57d651d90064f53489a974db9d7a 15SHA1 (patch-lib_tevent_wscript) = fbbe2024096b57d651d90064f53489a974db9d7a
16SHA1 (patch-nsswitch_wscript__build) = e8a6251e031ffa13d6347fade8891f7afd65d3eb 16SHA1 (patch-nsswitch_wscript__build) = e8a6251e031ffa13d6347fade8891f7afd65d3eb
 17SHA1 (patch-source3_auth_token_util.c) = fbe67b501fa4325c9fb3e37c51bc424847f5e908
17SHA1 (patch-source4_heimdal__build_roken.h) = ee535f8e7cc46a3487d95bc859438c476a88fe60 18SHA1 (patch-source4_heimdal__build_roken.h) = ee535f8e7cc46a3487d95bc859438c476a88fe60
18SHA1 (patch-source4_scripting_wsript_build) = bd4feddcaadf1c3d2d25eb7914e7b5843e4e9511 19SHA1 (patch-source4_scripting_wsript_build) = bd4feddcaadf1c3d2d25eb7914e7b5843e4e9511
19SHA1 (patch-source4_torture_local_nss__tests.c) = 8c878a8ed771ba996a7a325a1ad41bd13016c70c 20SHA1 (patch-source4_torture_local_nss__tests.c) = 8c878a8ed771ba996a7a325a1ad41bd13016c70c
File Added: pkgsrc/net/samba4/patches/Attic/patch-source3_auth_token_util.c
$NetBSD: patch-source3_auth_token_util.c,v 1.1 2019/03/01 20:03:24 roy Exp $

Taken from https://bugzilla.samba.org/show_bug.cgi?id=13697

From 1e8931dfc24a2576a3b1fe9115c4ccbfefbbd298 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Wed, 19 Dec 2018 09:38:33 +0100
Subject: [PATCH] s3:auth: ignore create_builtin_guests() failing without a
 valid idmap configuration

This happens on standalone servers, where winbindd is automatically
started by init scripts if it's installed. But it's not really
used and may not have a valid idmap configuration (
"idmap config * : range" has no default!)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13697

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit 865538fabaea33741f5fa542dbc3f2e08308c2c1)
---
 source3/auth/token_util.c | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/source3/auth/token_util.c b/source3/auth/token_util.c
index f5b0e6944335..ee38d6c9645b 100644
--- source3/auth/token_util.c
+++ source3/auth/token_util.c
@@ -745,7 +745,23 @@ NTSTATUS finalize_local_nt_token(struct security_token *result,
 		status = create_builtin_guests(domain_sid);
 		unbecome_root();
 
-		if (NT_STATUS_EQUAL(status, NT_STATUS_PROTOCOL_UNREACHABLE)) {
+		/*
+		 * NT_STATUS_PROTOCOL_UNREACHABLE:
+		 * => winbindd is not running.
+		 *
+		 * NT_STATUS_ACCESS_DENIED:
+		 * => no idmap config at all
+		 * and wbint_AllocateGid()/winbind_allocate_gid()
+		 * failed.
+		 *
+		 * NT_STATUS_NO_SUCH_GROUP:
+		 * => no idmap config at all and
+		 * "tdbsam:map builtin = no" means
+		 * wbint_Sids2UnixIDs() fails.
+		 */
+		if (NT_STATUS_EQUAL(status, NT_STATUS_PROTOCOL_UNREACHABLE) ||
+		    NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) ||
+		    NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_GROUP)) {
 			/*
 			 * Add BUILTIN\Guests directly to token.
 			 * But only if the token already indicates