mirror of
https://git.FreeBSD.org/ports.git
synced 2024-12-24 04:33:24 +00:00
Here I attach the patch that fixes mentioned 3 problems as well as few others:
* BUG 1315 - wbinfo -t unsuccessful on 3.0.4 * BUG 1319 - Cannot write to a share with write-list users * BUG 1345 - Macromedia Homesite cannot connect anymore after upgrade to 3.0.4 * Patch from Rudolf Cejka <cejkar@fit.vutbr.cz> - rpcclient does not recognize parameters in -c <command> correctly. * Patch from Joerg Pulz <Joerg.Pulz@frm2.tum.de> - fixes to samba.sh startup script. PR: ports/67865 Submitted by: edwin@mavetju.org,Rudolf Cejka <cejkar@fit.vutbr.cz>,Joerg Pulz <Joerg.Pulz@frm2.tum.de> Approved by: maintainer
This commit is contained in:
parent
59b7d2a2af
commit
d281f6efd9
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=112848
@ -7,7 +7,7 @@
|
||||
|
||||
PORTNAME= samba
|
||||
PORTVERSION= 3.0.4
|
||||
PORTREVISION?= 2
|
||||
PORTREVISION?= 3
|
||||
PORTEPOCH?= 1
|
||||
CATEGORIES?= net
|
||||
MASTER_SITES= ${MASTER_SITE_SAMBA}
|
||||
@ -22,7 +22,7 @@ CONFLICTS?= ja-samba-2.* samba-2.* sharity-light-1.*
|
||||
USE_ICONV= yes
|
||||
USE_AUTOCONF_VER= 253
|
||||
|
||||
LATEST_LINK?= ${PKGNAMEPREFIX}${PORTNAME}-3${PKGNAMESUFFIX}
|
||||
LATEST_LINK?= ${PKGNAMEPREFIX}${PORTNAME}3${PKGNAMESUFFIX}
|
||||
EXAMPLESDIR= ${PREFIX}/share/examples/${PKGNAMEPREFIX}${PORTNAME}${PKGNAMESUFFIX}
|
||||
WRKSRC= ${WRKDIR}/${DISTNAME}/source
|
||||
|
||||
@ -33,10 +33,10 @@ SAMBA_LOGDIR= ${VARDIR}/log/samba
|
||||
SAMBA_RUNDIR= ${VARDIR}/run
|
||||
SAMBA_LOCKDIR?= ${VARDIR}/db/samba
|
||||
SAMBA_PRIVATE?= ${PREFIX}/private
|
||||
SAMBA_CONFDIR?= ${PREFIX}/etc
|
||||
SAMBA_CONFDIR= ${PREFIX}/etc
|
||||
SAMBA_SWATDIR= ${PREFIX}/share/swat
|
||||
SAMBA_LIBDIR= ${PREFIX}/lib
|
||||
RC_DIR?= ${SAMBA_CONFDIR}/rc.d
|
||||
RC_DIR= ${SAMBA_CONFDIR}/rc.d
|
||||
SAMBA_CONFIG= ${SAMBA_CONFDIR}/smb.conf
|
||||
|
||||
CONFIGURE_ENV+= CPPFLAGS=-I${LOCALBASE}/include \
|
||||
|
16
net/samba3/files/patch-configure.in
Normal file
16
net/samba3/files/patch-configure.in
Normal file
@ -0,0 +1,16 @@
|
||||
--- configure.in.orig Thu Apr 29 09:34:48 2004
|
||||
+++ configure.in Thu May 20 14:16:15 2004
|
||||
@@ -803,6 +803,13 @@
|
||||
AC_DEFINE(HAVE_SIG_ATOMIC_T_TYPE,1,[Whether we have the atomic_t variable type])
|
||||
fi
|
||||
|
||||
+AC_CACHE_CHECK([for optreset], samba_cv_var_optreset, [
|
||||
+ AC_TRY_LINK([#include <unistd.h>],[optreset = 1],
|
||||
+ [samba_cv_var_optreset=yes],[samba_cv_var_optreset=no])])
|
||||
+if test x"$samba_cv_var_optreset" = x"yes"; then
|
||||
+ AC_DEFINE(HAVE_OPTRESET,1,[Whether the system has optreset])
|
||||
+fi
|
||||
+
|
||||
# stupid headers have the functions but no declaration. grrrr.
|
||||
AC_HAVE_DECL(errno, [#include <errno.h>])
|
||||
AC_HAVE_DECL(setresuid, [#include <unistd.h>])
|
12
net/samba3/files/patch-include_config.h.in
Normal file
12
net/samba3/files/patch-include_config.h.in
Normal file
@ -0,0 +1,12 @@
|
||||
--- include/config.h.in.orig Sat May 8 02:33:46 2004
|
||||
+++ include/config.h.in Thu May 20 14:17:44 2004
|
||||
@@ -236,6 +236,9 @@
|
||||
/* Define to 1 if you have the `endnetgrent' function. */
|
||||
#undef HAVE_ENDNETGRENT
|
||||
|
||||
+/* Whether optreset is available */
|
||||
+#undef HAVE_OPTRESET
|
||||
+
|
||||
/* Whether errno() is available */
|
||||
#undef HAVE_ERRNO_DECL
|
||||
|
53
net/samba3/files/patch-jerry-cli_pipe.c
Normal file
53
net/samba3/files/patch-jerry-cli_pipe.c
Normal file
@ -0,0 +1,53 @@
|
||||
Index: source/rpc_client/cli_pipe.c
|
||||
===================================================================
|
||||
--- rpc_client/cli_pipe.c (revision 842)
|
||||
+++ rpc_client/cli_pipe.c (working copy)
|
||||
@@ -332,13 +332,24 @@
|
||||
if (cli->pipe_auth_flags & AUTH_PIPE_NETSEC) {
|
||||
RPC_AUTH_NETSEC_CHK chk;
|
||||
|
||||
- if (auth_len != RPC_AUTH_NETSEC_CHK_LEN) {
|
||||
+ if ( (auth_len != RPC_AUTH_NETSEC_SIGN_OR_SEAL_CHK_LEN)
|
||||
+ && (auth_len != RPC_AUTH_NETSEC_SIGN_ONLY_CHK_LEN) )
|
||||
+ {
|
||||
DEBUG(0,("rpc_auth_pipe: wrong schannel auth len %d\n", auth_len));
|
||||
return False;
|
||||
}
|
||||
|
||||
- if (!smb_io_rpc_auth_netsec_chk("schannel_auth_sign",
|
||||
- &chk, &auth_verf, 0)) {
|
||||
+ /* can't seal with no nonce */
|
||||
+ if ( (cli->pipe_auth_flags & AUTH_PIPE_SEAL)
|
||||
+ && (auth_len != RPC_AUTH_NETSEC_SIGN_OR_SEAL_CHK_LEN) )
|
||||
+ {
|
||||
+ DEBUG(0,("rpc_auth_pipe: sealing not supported with schannel auth len %d\n", auth_len));
|
||||
+ return False;
|
||||
+ }
|
||||
+
|
||||
+
|
||||
+ if (!smb_io_rpc_auth_netsec_chk("schannel_auth_sign", auth_len, &chk, &auth_verf, 0))
|
||||
+ {
|
||||
DEBUG(0, ("rpc_auth_pipe: schannel unmarshalling "
|
||||
"RPC_AUTH_NETSECK_CHK failed\n"));
|
||||
return False;
|
||||
@@ -918,7 +929,7 @@
|
||||
auth_len = RPC_AUTH_NTLMSSP_CHK_LEN;
|
||||
}
|
||||
if (cli->pipe_auth_flags & AUTH_PIPE_NETSEC) {
|
||||
- auth_len = RPC_AUTH_NETSEC_CHK_LEN;
|
||||
+ auth_len = RPC_AUTH_NETSEC_SIGN_OR_SEAL_CHK_LEN;
|
||||
}
|
||||
auth_hdr_len = RPC_HDR_AUTH_LEN;
|
||||
}
|
||||
@@ -1034,8 +1045,9 @@
|
||||
/* write auth footer onto the packet */
|
||||
|
||||
parse_offset_marker = prs_offset(&sec_blob);
|
||||
- if (!smb_io_rpc_auth_netsec_chk("", &verf,
|
||||
- &sec_blob, 0)) {
|
||||
+ if (!smb_io_rpc_auth_netsec_chk("", RPC_AUTH_NETSEC_SIGN_OR_SEAL_CHK_LEN,
|
||||
+ &verf, &sec_blob, 0))
|
||||
+ {
|
||||
prs_mem_free(&sec_blob);
|
||||
return False;
|
||||
}
|
15
net/samba3/files/patch-jerry-filename.c
Normal file
15
net/samba3/files/patch-jerry-filename.c
Normal file
@ -0,0 +1,15 @@
|
||||
Index: source/smbd/filename.c
|
||||
===================================================================
|
||||
--- smbd/filename.c (revision 842)
|
||||
+++ smbd/filename.c (working copy)
|
||||
@@ -137,6 +137,10 @@
|
||||
if (!*name) {
|
||||
name[0] = '.';
|
||||
name[1] = '\0';
|
||||
+ if (SMB_VFS_STAT(conn,name,&st) == 0) {
|
||||
+ *pst = st;
|
||||
+ }
|
||||
+ DEBUG(5,("conversion finished %s -> %s\n",orig_path, name));
|
||||
return(True);
|
||||
}
|
||||
|
38
net/samba3/files/patch-jerry-parse_rpc.c
Normal file
38
net/samba3/files/patch-jerry-parse_rpc.c
Normal file
@ -0,0 +1,38 @@
|
||||
Index: source/rpc_parse/parse_rpc.c
|
||||
===================================================================
|
||||
--- rpc_parse/parse_rpc.c (revision 842)
|
||||
+++ rpc_parse/parse_rpc.c (working copy)
|
||||
@@ -1189,7 +1189,8 @@
|
||||
/*******************************************************************
|
||||
reads or writes an RPC_AUTH_NETSEC_CHK structure.
|
||||
********************************************************************/
|
||||
-BOOL smb_io_rpc_auth_netsec_chk(const char *desc, RPC_AUTH_NETSEC_CHK * chk,
|
||||
+BOOL smb_io_rpc_auth_netsec_chk(const char *desc, int auth_len,
|
||||
+ RPC_AUTH_NETSEC_CHK * chk,
|
||||
prs_struct *ps, int depth)
|
||||
{
|
||||
if (chk == NULL)
|
||||
@@ -1198,10 +1199,19 @@
|
||||
prs_debug(ps, depth, desc, "smb_io_rpc_auth_netsec_chk");
|
||||
depth++;
|
||||
|
||||
- prs_uint8s(False, "sig ", ps, depth, chk->sig, sizeof(chk->sig));
|
||||
- prs_uint8s(False, "seq_num", ps, depth, chk->seq_num, sizeof(chk->seq_num));
|
||||
- prs_uint8s(False, "packet_digest", ps, depth, chk->packet_digest, sizeof(chk->packet_digest));
|
||||
- prs_uint8s(False, "confounder", ps, depth, chk->confounder, sizeof(chk->confounder));
|
||||
+ if ( !prs_uint8s(False, "sig ", ps, depth, chk->sig, sizeof(chk->sig)) )
|
||||
+ return False;
|
||||
+
|
||||
+ if ( !prs_uint8s(False, "seq_num", ps, depth, chk->seq_num, sizeof(chk->seq_num)) )
|
||||
+ return False;
|
||||
+
|
||||
+ if ( !prs_uint8s(False, "packet_digest", ps, depth, chk->packet_digest, sizeof(chk->packet_digest)) )
|
||||
+ return False;
|
||||
+
|
||||
+ if ( auth_len == RPC_AUTH_NETSEC_SIGN_OR_SEAL_CHK_LEN ) {
|
||||
+ if ( !prs_uint8s(False, "confounder", ps, depth, chk->confounder, sizeof(chk->confounder)) )
|
||||
+ return False;
|
||||
+ }
|
||||
|
||||
return True;
|
||||
}
|
16
net/samba3/files/patch-jerry-rpc_dce.h
Normal file
16
net/samba3/files/patch-jerry-rpc_dce.h
Normal file
@ -0,0 +1,16 @@
|
||||
Index: source/include/rpc_dce.h
|
||||
===================================================================
|
||||
--- include/rpc_dce.h (revision 842)
|
||||
+++ include/rpc_dce.h (working copy)
|
||||
@@ -63,8 +63,10 @@
|
||||
#define NETSEC_AUTH_TYPE 0x44
|
||||
#define NETSEC_SIGN_SIGNATURE { 0x77, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00 }
|
||||
#define NETSEC_SEAL_SIGNATURE { 0x77, 0x00, 0x7a, 0x00, 0xff, 0xff, 0x00, 0x00 }
|
||||
-#define RPC_AUTH_NETSEC_CHK_LEN 0x20
|
||||
|
||||
+#define RPC_AUTH_NETSEC_SIGN_OR_SEAL_CHK_LEN 0x20
|
||||
+#define RPC_AUTH_NETSEC_SIGN_ONLY_CHK_LEN 0x18
|
||||
+
|
||||
/* The 7 here seems to be required to get Win2k not to downgrade us
|
||||
to NT4. Actually, anything other than 1ff would seem to do... */
|
||||
#define NETLOGON_NEG_AUTH2_FLAGS 0x000701ff
|
54
net/samba3/files/patch-jerry-srv_pipe.c
Normal file
54
net/samba3/files/patch-jerry-srv_pipe.c
Normal file
@ -0,0 +1,54 @@
|
||||
Index: source/rpc_server/srv_pipe.c
|
||||
===================================================================
|
||||
--- rpc_server/srv_pipe.c (revision 842)
|
||||
+++ rpc_server/srv_pipe.c (working copy)
|
||||
@@ -124,7 +124,7 @@
|
||||
if(p->ntlmssp_auth_validated) {
|
||||
data_space_available -= (RPC_HDR_AUTH_LEN + RPC_AUTH_NTLMSSP_CHK_LEN);
|
||||
} else if(p->netsec_auth_validated) {
|
||||
- data_space_available -= (RPC_HDR_AUTH_LEN + RPC_AUTH_NETSEC_CHK_LEN);
|
||||
+ data_space_available -= (RPC_HDR_AUTH_LEN + RPC_AUTH_NETSEC_SIGN_OR_SEAL_CHK_LEN);
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -177,8 +177,8 @@
|
||||
} else if (p->netsec_auth_validated) {
|
||||
p->hdr.frag_len = RPC_HEADER_LEN + RPC_HDR_RESP_LEN +
|
||||
data_len + ss_padding_len +
|
||||
- RPC_HDR_AUTH_LEN + RPC_AUTH_NETSEC_CHK_LEN;
|
||||
- p->hdr.auth_len = RPC_AUTH_NETSEC_CHK_LEN;
|
||||
+ RPC_HDR_AUTH_LEN + RPC_AUTH_NETSEC_SIGN_OR_SEAL_CHK_LEN;
|
||||
+ p->hdr.auth_len = RPC_AUTH_NETSEC_SIGN_OR_SEAL_CHK_LEN;
|
||||
} else {
|
||||
p->hdr.frag_len = RPC_HEADER_LEN + RPC_HDR_RESP_LEN + data_len;
|
||||
p->hdr.auth_len = 0;
|
||||
@@ -309,7 +309,8 @@
|
||||
SENDER_IS_ACCEPTOR,
|
||||
&verf, data, data_len + ss_padding_len);
|
||||
|
||||
- smb_io_rpc_auth_netsec_chk("", &verf, &outgoing_pdu, 0);
|
||||
+ smb_io_rpc_auth_netsec_chk("", RPC_AUTH_NETSEC_SIGN_OR_SEAL_CHK_LEN,
|
||||
+ &verf, &outgoing_pdu, 0);
|
||||
|
||||
p->netsec_auth.seq_num++;
|
||||
}
|
||||
@@ -1339,7 +1340,7 @@
|
||||
|
||||
auth_len = p->hdr.auth_len;
|
||||
|
||||
- if (auth_len != RPC_AUTH_NETSEC_CHK_LEN) {
|
||||
+ if (auth_len != RPC_AUTH_NETSEC_SIGN_OR_SEAL_CHK_LEN) {
|
||||
DEBUG(0,("Incorrect auth_len %d.\n", auth_len ));
|
||||
return False;
|
||||
}
|
||||
@@ -1384,7 +1385,9 @@
|
||||
return False;
|
||||
}
|
||||
|
||||
- if(!smb_io_rpc_auth_netsec_chk("", &netsec_chk, rpc_in, 0)) {
|
||||
+ if(!smb_io_rpc_auth_netsec_chk("", RPC_AUTH_NETSEC_SIGN_OR_SEAL_CHK_LEN,
|
||||
+ &netsec_chk, rpc_in, 0))
|
||||
+ {
|
||||
DEBUG(0,("failed to unmarshal RPC_AUTH_NETSEC_CHK.\n"));
|
||||
return False;
|
||||
}
|
33
net/samba3/files/patch-jerry-uid.c
Normal file
33
net/samba3/files/patch-jerry-uid.c
Normal file
@ -0,0 +1,33 @@
|
||||
Index: source/smbd/uid.c
|
||||
===================================================================
|
||||
--- smbd/uid.c (revision 842)
|
||||
+++ smbd/uid.c (working copy)
|
||||
@@ -189,20 +189,26 @@
|
||||
|
||||
snum = SNUM(conn);
|
||||
|
||||
+ if ((vuser) && !check_user_ok(conn, vuser, snum)) {
|
||||
+ DEBUG(2,("change_to_user: SMB user %s (unix user %s, vuid %d) not permitted access to share %s.\n",
|
||||
+ vuser->user.smb_name, vuser->user.unix_name, vuid, lp_servicename(snum)));
|
||||
+ return False;
|
||||
+ }
|
||||
+
|
||||
if (conn->force_user) /* security = share sets this too */ {
|
||||
uid = conn->uid;
|
||||
gid = conn->gid;
|
||||
current_user.groups = conn->groups;
|
||||
current_user.ngroups = conn->ngroups;
|
||||
token = conn->nt_user_token;
|
||||
- } else if ((vuser) && check_user_ok(conn, vuser, snum)) {
|
||||
+ } else if (vuser) {
|
||||
uid = conn->admin_user ? 0 : vuser->uid;
|
||||
gid = vuser->gid;
|
||||
current_user.ngroups = vuser->n_groups;
|
||||
current_user.groups = vuser->groups;
|
||||
token = vuser->nt_user_token;
|
||||
} else {
|
||||
- DEBUG(2,("change_to_user: Invalid vuid used %d or vuid not permitted access to share.\n",vuid));
|
||||
+ DEBUG(2,("change_to_user: Invalid vuid used %d in accessing share %s.\n",vuid, lp_servicename(snum) ));
|
||||
return False;
|
||||
}
|
||||
|
15
net/samba3/files/patch-rpcclient_cmd_reg.c
Normal file
15
net/samba3/files/patch-rpcclient_cmd_reg.c
Normal file
@ -0,0 +1,15 @@
|
||||
--- rpcclient/cmd_reg.c.orig Sun Apr 4 09:37:28 2004
|
||||
+++ rpcclient/cmd_reg.c Thu May 20 14:18:36 2004
|
||||
@@ -905,7 +905,11 @@
|
||||
int opt;
|
||||
|
||||
*msg = 0;
|
||||
- optind = 0; /* TODO: test if this hack works on other systems too --simo */
|
||||
+#ifdef HAVE_OPTRESET
|
||||
+ optreset = optind = 1;
|
||||
+#else
|
||||
+ optind = 0;
|
||||
+#endif
|
||||
|
||||
while ((opt = getopt(argc, argv, "m:t:rf")) != EOF)
|
||||
{
|
@ -86,7 +86,7 @@ stop_cmd="samba_stop"
|
||||
# Defaults
|
||||
nmbd_enable=${nmbd_enable:-"NO"}
|
||||
nmbd_flags=${nmbd_flags:-"-D"}
|
||||
command_args="${nmbd_flags} -s ${samba_config}"
|
||||
command_args="-s ${samba_config}"
|
||||
|
||||
load_rc_config $name
|
||||
run_rc_command "$1"
|
||||
@ -101,7 +101,7 @@ stop_cmd="samba_stop"
|
||||
# Defaults
|
||||
smbd_enable=${smbd_enable:-"NO"}
|
||||
smbd_flags=${smbd_flags:-"-D"}
|
||||
command_args="${smbd_flags} -s ${samba_config}"
|
||||
command_args="-s ${samba_config}"
|
||||
|
||||
load_rc_config $name
|
||||
run_rc_command "$1"
|
||||
@ -117,7 +117,7 @@ run_rc_command "$1"
|
||||
%%WINBIND%%# Defaults
|
||||
%%WINBIND%%winbindd_enable=${winbindd_enable:-"NO"}
|
||||
%%WINBIND%%winbindd_flags=${winbindd_flags:-""}
|
||||
%%WINBIND%%command_args="${winbindd_flags} -s ${samba_config}"
|
||||
%%WINBIND%%command_args="-s ${samba_config}"
|
||||
%%WINBIND%%
|
||||
%%WINBIND%%load_rc_config $name
|
||||
%%WINBIND%%run_rc_command "$1"
|
||||
|
Loading…
Reference in New Issue
Block a user