!190 fix samba.service restart failed

From: @xinghe_1 
Reviewed-by: @seuzw 
Signed-off-by: @seuzw

backport-Adapt-sign_authdata-in-our-KDB-module-for-krb5-v1.18.patch

@@ -0,0 +1,122 @@
+From bebad45b29ad8e90828b55ddbbdb9379691f8d62 Mon Sep 17 00:00:00 2001
+From: Isaac Boukris <iboukris@gmail.com>
+Date: Mon, 16 Sep 2019 16:40:12 +0300
+Subject: [PATCH] Adapt sign_authdata in our KDB module for krb5 v1.18
+
+Signed-off-by: Isaac Boukris <iboukris@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+
+Conflict: source4/kdc/mit-kdb/kdb_samba_policies.c context adpat
+Reference: https://github.com/samba-team/samba/commit/bebad45b29ad8e90828b55ddbbdb9379691f8d62
+---
+ source4/kdc/mit-kdb/kdb_samba.c          |  2 +-
+ source4/kdc/mit-kdb/kdb_samba.h          | 21 +++++++++++++++++++
+ source4/kdc/mit-kdb/kdb_samba_policies.c | 26 ++++++++++++++++++++++++
+ 3 files changed, 48 insertions(+), 1 deletion(-)
+
+diff --git a/source4/kdc/mit-kdb/kdb_samba.c b/source4/kdc/mit-kdb/kdb_samba.c
+index c5157d6..02bbdca 100644
+--- a/source4/kdc/mit-kdb/kdb_samba.c
++++ b/source4/kdc/mit-kdb/kdb_samba.c
+@@ -139,7 +139,7 @@ static void kdb_samba_db_free_principal_e_data(krb5_context context,
+ 
+ kdb_vftabl kdb_function_table = {
+ 	.maj_ver                   = KRB5_KDB_DAL_MAJOR_VERSION,
+-	.min_ver                   = 1,
++	.min_ver                   = KRB5_KDB_DAL_MAJOR_VERSION == 6 ? 1 : 0,
+ 
+ 	.init_library              = kdb_samba_init_library,
+ 	.fini_library              = kdb_samba_fini_library,
+diff --git a/source4/kdc/mit-kdb/kdb_samba.h b/source4/kdc/mit-kdb/kdb_samba.h
+index 85579ca..7d859dc 100644
+--- a/source4/kdc/mit-kdb/kdb_samba.h
++++ b/source4/kdc/mit-kdb/kdb_samba.h
+@@ -128,6 +128,7 @@ krb5_error_code kdb_samba_dbekd_encrypt_key_data(krb5_context context,
+ 
+ /* from kdb_samba_policies.c */
+ 
++#if KRB5_KDB_API_VERSION < 10
+ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
+ 					    unsigned int flags,
+ 					    krb5_const_principal client_princ,
+@@ -141,6 +142,26 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
+ 					    krb5_timestamp authtime,
+ 					    krb5_authdata **tgt_auth_data,
+ 					    krb5_authdata ***signed_auth_data);
++#else
++krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
++					    unsigned int flags,
++					    krb5_const_principal client_princ,
++					    krb5_const_principal server_princ,
++					    krb5_db_entry *client,
++					    krb5_db_entry *server,
++					    krb5_db_entry *krbtgt,
++					    krb5_db_entry *local_krbtgt,
++					    krb5_keyblock *client_key,
++					    krb5_keyblock *server_key,
++					    krb5_keyblock *krbtgt_key,
++					    krb5_keyblock *local_krbtgt_key,
++					    krb5_keyblock *session_key,
++					    krb5_timestamp authtime,
++					    krb5_authdata **tgt_auth_data,
++					    void *authdata_info,
++					    krb5_data ***auth_indicators,
++					    krb5_authdata ***signed_auth_data);
++#endif
+ 
+ krb5_error_code kdb_samba_db_check_policy_as(krb5_context context,
+ 					     krb5_kdc_req *kdcreq,
+diff --git a/source4/kdc/mit-kdb/kdb_samba_policies.c b/source4/kdc/mit-kdb/kdb_samba_policies.c
+index 1c81962..c0be796 100644
+--- a/source4/kdc/mit-kdb/kdb_samba_policies.c
++++ b/source4/kdc/mit-kdb/kdb_samba_policies.c
+@@ -289,6 +289,7 @@ done:
+ 	return code;
+ }
+ 
++#if KRB5_KDB_API_VERSION < 10
+ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
+ 					    unsigned int flags,
+ 					    krb5_const_principal client_princ,
+@@ -303,6 +304,27 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
+ 					    krb5_authdata **tgt_auth_data,
+ 					    krb5_authdata ***signed_auth_data)
+ {
++#else
++krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
++					    unsigned int flags,
++					    krb5_const_principal client_princ,
++					    krb5_const_principal server_princ,
++					    krb5_db_entry *client,
++					    krb5_db_entry *server,
++					    krb5_db_entry *krbtgt,
++					    krb5_db_entry *local_krbtgt,
++					    krb5_keyblock *client_key,
++					    krb5_keyblock *server_key,
++					    krb5_keyblock *krbtgt_key,
++					    krb5_keyblock *local_krbtgt_key,
++					    krb5_keyblock *session_key,
++					    krb5_timestamp authtime,
++					    krb5_authdata **tgt_auth_data,
++					    void *authdata_info,
++					    krb5_data ***auth_indicators,
++					    krb5_authdata ***signed_auth_data)
++{
++#endif
+ 	krb5_const_principal ks_client_princ = NULL;
+ 	krb5_db_entry *client_entry = NULL;
+ 	krb5_authdata **pac_auth_data = NULL;
+@@ -315,6 +337,10 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
+ 	bool generate_pac = false;
+ 	char *client_name = NULL;
+ 
++#if KRB5_KDB_API_VERSION >= 10
++	krbtgt = krbtgt == NULL ? local_krbtgt : krbtgt;
++	krbtgt_key = krbtgt_key == NULL ? local_krbtgt_key : krbtgt_key;
++#endif
+ 
+ 	is_as_req = ((flags & KRB5_KDB_FLAG_CLIENT_REFERRALS_ONLY) != 0);
+ 
+-- 
+2.27.0
+

samba.spec

@@ -49,7 +49,7 @@
 
 Name:           samba
 Version:        4.11.12
-Release:        27
+Release:        28
 
 Summary:        A suite for Linux to interoperate with Windows
 License:        GPLv3+ and LGPLv3+
@@ -339,6 +339,7 @@ Patch6409:       backport-0036-CVE-2022-38023.patch
 Patch6410:       backport-0037-CVE-2022-38023.patch
 Patch6411:       backport-0038-CVE-2022-38023.patch
 Patch6412:       backport-CVE-2023-0922.patch
+Patch6413:       backport-Adapt-sign_authdata-in-our-KDB-module-for-krb5-v1.18.patch
 
 
 BuildRequires: avahi-devel cups-devel dbus-devel docbook-style-xsl e2fsprogs-devel gawk gnupg2 gnutls-devel >= 3.4.7 gpgme-devel
@@ -3397,6 +3398,12 @@ fi
 %{_mandir}/man*
 
 %changelog
+* Tue Apr 18 2023 xinghe <xinghe2@h-partners.com> - 4.11.12-28
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:fix samba.service restart failed
+
 * Mon Apr 10 2023 xinghe <xinghe2@h-partners.com> - 4.11.12-27
 - Type:bugfix
 - CVE:NA