1
0
mirror of https://git.FreeBSD.org/ports.git synced 2024-12-24 04:33:24 +00:00

Here I attach the patch that fixes mentioned 3 problems as well as few others:

* BUG 1315 - wbinfo -t unsuccessful on 3.0.4
 * BUG 1319 - Cannot write to a share with write-list users
 * BUG 1345 - Macromedia Homesite cannot connect anymore after upgrade to 3.0.4

 * Patch from Rudolf Cejka <cejkar@fit.vutbr.cz> - rpcclient does not recognize
     parameters in -c <command> correctly.

 * Patch from Joerg Pulz <Joerg.Pulz@frm2.tum.de> - fixes to samba.sh startup script.

PR:		ports/67865
Submitted by:	edwin@mavetju.org,Rudolf Cejka <cejkar@fit.vutbr.cz>,Joerg Pulz <Joerg.Pulz@frm2.tum.de>
Approved by:	maintainer
This commit is contained in:
Edwin Groothuis 2004-07-03 12:46:41 +00:00
parent 59b7d2a2af
commit d281f6efd9
Notes: svn2git 2021-03-31 03:12:20 +00:00
svn path=/head/; revision=112848
11 changed files with 259 additions and 7 deletions

View File

@ -7,7 +7,7 @@
PORTNAME= samba
PORTVERSION= 3.0.4
PORTREVISION?= 2
PORTREVISION?= 3
PORTEPOCH?= 1
CATEGORIES?= net
MASTER_SITES= ${MASTER_SITE_SAMBA}
@ -22,7 +22,7 @@ CONFLICTS?= ja-samba-2.* samba-2.* sharity-light-1.*
USE_ICONV= yes
USE_AUTOCONF_VER= 253
LATEST_LINK?= ${PKGNAMEPREFIX}${PORTNAME}-3${PKGNAMESUFFIX}
LATEST_LINK?= ${PKGNAMEPREFIX}${PORTNAME}3${PKGNAMESUFFIX}
EXAMPLESDIR= ${PREFIX}/share/examples/${PKGNAMEPREFIX}${PORTNAME}${PKGNAMESUFFIX}
WRKSRC= ${WRKDIR}/${DISTNAME}/source
@ -33,10 +33,10 @@ SAMBA_LOGDIR= ${VARDIR}/log/samba
SAMBA_RUNDIR= ${VARDIR}/run
SAMBA_LOCKDIR?= ${VARDIR}/db/samba
SAMBA_PRIVATE?= ${PREFIX}/private
SAMBA_CONFDIR?= ${PREFIX}/etc
SAMBA_CONFDIR= ${PREFIX}/etc
SAMBA_SWATDIR= ${PREFIX}/share/swat
SAMBA_LIBDIR= ${PREFIX}/lib
RC_DIR?= ${SAMBA_CONFDIR}/rc.d
RC_DIR= ${SAMBA_CONFDIR}/rc.d
SAMBA_CONFIG= ${SAMBA_CONFDIR}/smb.conf
CONFIGURE_ENV+= CPPFLAGS=-I${LOCALBASE}/include \

View File

@ -0,0 +1,16 @@
--- configure.in.orig Thu Apr 29 09:34:48 2004
+++ configure.in Thu May 20 14:16:15 2004
@@ -803,6 +803,13 @@
AC_DEFINE(HAVE_SIG_ATOMIC_T_TYPE,1,[Whether we have the atomic_t variable type])
fi
+AC_CACHE_CHECK([for optreset], samba_cv_var_optreset, [
+ AC_TRY_LINK([#include <unistd.h>],[optreset = 1],
+ [samba_cv_var_optreset=yes],[samba_cv_var_optreset=no])])
+if test x"$samba_cv_var_optreset" = x"yes"; then
+ AC_DEFINE(HAVE_OPTRESET,1,[Whether the system has optreset])
+fi
+
# stupid headers have the functions but no declaration. grrrr.
AC_HAVE_DECL(errno, [#include <errno.h>])
AC_HAVE_DECL(setresuid, [#include <unistd.h>])

View File

@ -0,0 +1,12 @@
--- include/config.h.in.orig Sat May 8 02:33:46 2004
+++ include/config.h.in Thu May 20 14:17:44 2004
@@ -236,6 +236,9 @@
/* Define to 1 if you have the `endnetgrent' function. */
#undef HAVE_ENDNETGRENT
+/* Whether optreset is available */
+#undef HAVE_OPTRESET
+
/* Whether errno() is available */
#undef HAVE_ERRNO_DECL

View File

@ -0,0 +1,53 @@
Index: source/rpc_client/cli_pipe.c
===================================================================
--- rpc_client/cli_pipe.c (revision 842)
+++ rpc_client/cli_pipe.c (working copy)
@@ -332,13 +332,24 @@
if (cli->pipe_auth_flags & AUTH_PIPE_NETSEC) {
RPC_AUTH_NETSEC_CHK chk;
- if (auth_len != RPC_AUTH_NETSEC_CHK_LEN) {
+ if ( (auth_len != RPC_AUTH_NETSEC_SIGN_OR_SEAL_CHK_LEN)
+ && (auth_len != RPC_AUTH_NETSEC_SIGN_ONLY_CHK_LEN) )
+ {
DEBUG(0,("rpc_auth_pipe: wrong schannel auth len %d\n", auth_len));
return False;
}
- if (!smb_io_rpc_auth_netsec_chk("schannel_auth_sign",
- &chk, &auth_verf, 0)) {
+ /* can't seal with no nonce */
+ if ( (cli->pipe_auth_flags & AUTH_PIPE_SEAL)
+ && (auth_len != RPC_AUTH_NETSEC_SIGN_OR_SEAL_CHK_LEN) )
+ {
+ DEBUG(0,("rpc_auth_pipe: sealing not supported with schannel auth len %d\n", auth_len));
+ return False;
+ }
+
+
+ if (!smb_io_rpc_auth_netsec_chk("schannel_auth_sign", auth_len, &chk, &auth_verf, 0))
+ {
DEBUG(0, ("rpc_auth_pipe: schannel unmarshalling "
"RPC_AUTH_NETSECK_CHK failed\n"));
return False;
@@ -918,7 +929,7 @@
auth_len = RPC_AUTH_NTLMSSP_CHK_LEN;
}
if (cli->pipe_auth_flags & AUTH_PIPE_NETSEC) {
- auth_len = RPC_AUTH_NETSEC_CHK_LEN;
+ auth_len = RPC_AUTH_NETSEC_SIGN_OR_SEAL_CHK_LEN;
}
auth_hdr_len = RPC_HDR_AUTH_LEN;
}
@@ -1034,8 +1045,9 @@
/* write auth footer onto the packet */
parse_offset_marker = prs_offset(&sec_blob);
- if (!smb_io_rpc_auth_netsec_chk("", &verf,
- &sec_blob, 0)) {
+ if (!smb_io_rpc_auth_netsec_chk("", RPC_AUTH_NETSEC_SIGN_OR_SEAL_CHK_LEN,
+ &verf, &sec_blob, 0))
+ {
prs_mem_free(&sec_blob);
return False;
}

View File

@ -0,0 +1,15 @@
Index: source/smbd/filename.c
===================================================================
--- smbd/filename.c (revision 842)
+++ smbd/filename.c (working copy)
@@ -137,6 +137,10 @@
if (!*name) {
name[0] = '.';
name[1] = '\0';
+ if (SMB_VFS_STAT(conn,name,&st) == 0) {
+ *pst = st;
+ }
+ DEBUG(5,("conversion finished %s -> %s\n",orig_path, name));
return(True);
}

View File

@ -0,0 +1,38 @@
Index: source/rpc_parse/parse_rpc.c
===================================================================
--- rpc_parse/parse_rpc.c (revision 842)
+++ rpc_parse/parse_rpc.c (working copy)
@@ -1189,7 +1189,8 @@
/*******************************************************************
reads or writes an RPC_AUTH_NETSEC_CHK structure.
********************************************************************/
-BOOL smb_io_rpc_auth_netsec_chk(const char *desc, RPC_AUTH_NETSEC_CHK * chk,
+BOOL smb_io_rpc_auth_netsec_chk(const char *desc, int auth_len,
+ RPC_AUTH_NETSEC_CHK * chk,
prs_struct *ps, int depth)
{
if (chk == NULL)
@@ -1198,10 +1199,19 @@
prs_debug(ps, depth, desc, "smb_io_rpc_auth_netsec_chk");
depth++;
- prs_uint8s(False, "sig ", ps, depth, chk->sig, sizeof(chk->sig));
- prs_uint8s(False, "seq_num", ps, depth, chk->seq_num, sizeof(chk->seq_num));
- prs_uint8s(False, "packet_digest", ps, depth, chk->packet_digest, sizeof(chk->packet_digest));
- prs_uint8s(False, "confounder", ps, depth, chk->confounder, sizeof(chk->confounder));
+ if ( !prs_uint8s(False, "sig ", ps, depth, chk->sig, sizeof(chk->sig)) )
+ return False;
+
+ if ( !prs_uint8s(False, "seq_num", ps, depth, chk->seq_num, sizeof(chk->seq_num)) )
+ return False;
+
+ if ( !prs_uint8s(False, "packet_digest", ps, depth, chk->packet_digest, sizeof(chk->packet_digest)) )
+ return False;
+
+ if ( auth_len == RPC_AUTH_NETSEC_SIGN_OR_SEAL_CHK_LEN ) {
+ if ( !prs_uint8s(False, "confounder", ps, depth, chk->confounder, sizeof(chk->confounder)) )
+ return False;
+ }
return True;
}

View File

@ -0,0 +1,16 @@
Index: source/include/rpc_dce.h
===================================================================
--- include/rpc_dce.h (revision 842)
+++ include/rpc_dce.h (working copy)
@@ -63,8 +63,10 @@
#define NETSEC_AUTH_TYPE 0x44
#define NETSEC_SIGN_SIGNATURE { 0x77, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00 }
#define NETSEC_SEAL_SIGNATURE { 0x77, 0x00, 0x7a, 0x00, 0xff, 0xff, 0x00, 0x00 }
-#define RPC_AUTH_NETSEC_CHK_LEN 0x20
+#define RPC_AUTH_NETSEC_SIGN_OR_SEAL_CHK_LEN 0x20
+#define RPC_AUTH_NETSEC_SIGN_ONLY_CHK_LEN 0x18
+
/* The 7 here seems to be required to get Win2k not to downgrade us
to NT4. Actually, anything other than 1ff would seem to do... */
#define NETLOGON_NEG_AUTH2_FLAGS 0x000701ff

View File

@ -0,0 +1,54 @@
Index: source/rpc_server/srv_pipe.c
===================================================================
--- rpc_server/srv_pipe.c (revision 842)
+++ rpc_server/srv_pipe.c (working copy)
@@ -124,7 +124,7 @@
if(p->ntlmssp_auth_validated) {
data_space_available -= (RPC_HDR_AUTH_LEN + RPC_AUTH_NTLMSSP_CHK_LEN);
} else if(p->netsec_auth_validated) {
- data_space_available -= (RPC_HDR_AUTH_LEN + RPC_AUTH_NETSEC_CHK_LEN);
+ data_space_available -= (RPC_HDR_AUTH_LEN + RPC_AUTH_NETSEC_SIGN_OR_SEAL_CHK_LEN);
}
/*
@@ -177,8 +177,8 @@
} else if (p->netsec_auth_validated) {
p->hdr.frag_len = RPC_HEADER_LEN + RPC_HDR_RESP_LEN +
data_len + ss_padding_len +
- RPC_HDR_AUTH_LEN + RPC_AUTH_NETSEC_CHK_LEN;
- p->hdr.auth_len = RPC_AUTH_NETSEC_CHK_LEN;
+ RPC_HDR_AUTH_LEN + RPC_AUTH_NETSEC_SIGN_OR_SEAL_CHK_LEN;
+ p->hdr.auth_len = RPC_AUTH_NETSEC_SIGN_OR_SEAL_CHK_LEN;
} else {
p->hdr.frag_len = RPC_HEADER_LEN + RPC_HDR_RESP_LEN + data_len;
p->hdr.auth_len = 0;
@@ -309,7 +309,8 @@
SENDER_IS_ACCEPTOR,
&verf, data, data_len + ss_padding_len);
- smb_io_rpc_auth_netsec_chk("", &verf, &outgoing_pdu, 0);
+ smb_io_rpc_auth_netsec_chk("", RPC_AUTH_NETSEC_SIGN_OR_SEAL_CHK_LEN,
+ &verf, &outgoing_pdu, 0);
p->netsec_auth.seq_num++;
}
@@ -1339,7 +1340,7 @@
auth_len = p->hdr.auth_len;
- if (auth_len != RPC_AUTH_NETSEC_CHK_LEN) {
+ if (auth_len != RPC_AUTH_NETSEC_SIGN_OR_SEAL_CHK_LEN) {
DEBUG(0,("Incorrect auth_len %d.\n", auth_len ));
return False;
}
@@ -1384,7 +1385,9 @@
return False;
}
- if(!smb_io_rpc_auth_netsec_chk("", &netsec_chk, rpc_in, 0)) {
+ if(!smb_io_rpc_auth_netsec_chk("", RPC_AUTH_NETSEC_SIGN_OR_SEAL_CHK_LEN,
+ &netsec_chk, rpc_in, 0))
+ {
DEBUG(0,("failed to unmarshal RPC_AUTH_NETSEC_CHK.\n"));
return False;
}

View File

@ -0,0 +1,33 @@
Index: source/smbd/uid.c
===================================================================
--- smbd/uid.c (revision 842)
+++ smbd/uid.c (working copy)
@@ -189,20 +189,26 @@
snum = SNUM(conn);
+ if ((vuser) && !check_user_ok(conn, vuser, snum)) {
+ DEBUG(2,("change_to_user: SMB user %s (unix user %s, vuid %d) not permitted access to share %s.\n",
+ vuser->user.smb_name, vuser->user.unix_name, vuid, lp_servicename(snum)));
+ return False;
+ }
+
if (conn->force_user) /* security = share sets this too */ {
uid = conn->uid;
gid = conn->gid;
current_user.groups = conn->groups;
current_user.ngroups = conn->ngroups;
token = conn->nt_user_token;
- } else if ((vuser) && check_user_ok(conn, vuser, snum)) {
+ } else if (vuser) {
uid = conn->admin_user ? 0 : vuser->uid;
gid = vuser->gid;
current_user.ngroups = vuser->n_groups;
current_user.groups = vuser->groups;
token = vuser->nt_user_token;
} else {
- DEBUG(2,("change_to_user: Invalid vuid used %d or vuid not permitted access to share.\n",vuid));
+ DEBUG(2,("change_to_user: Invalid vuid used %d in accessing share %s.\n",vuid, lp_servicename(snum) ));
return False;
}

View File

@ -0,0 +1,15 @@
--- rpcclient/cmd_reg.c.orig Sun Apr 4 09:37:28 2004
+++ rpcclient/cmd_reg.c Thu May 20 14:18:36 2004
@@ -905,7 +905,11 @@
int opt;
*msg = 0;
- optind = 0; /* TODO: test if this hack works on other systems too --simo */
+#ifdef HAVE_OPTRESET
+ optreset = optind = 1;
+#else
+ optind = 0;
+#endif
while ((opt = getopt(argc, argv, "m:t:rf")) != EOF)
{

View File

@ -86,7 +86,7 @@ stop_cmd="samba_stop"
# Defaults
nmbd_enable=${nmbd_enable:-"NO"}
nmbd_flags=${nmbd_flags:-"-D"}
command_args="${nmbd_flags} -s ${samba_config}"
command_args="-s ${samba_config}"
load_rc_config $name
run_rc_command "$1"
@ -101,7 +101,7 @@ stop_cmd="samba_stop"
# Defaults
smbd_enable=${smbd_enable:-"NO"}
smbd_flags=${smbd_flags:-"-D"}
command_args="${smbd_flags} -s ${samba_config}"
command_args="-s ${samba_config}"
load_rc_config $name
run_rc_command "$1"
@ -117,7 +117,7 @@ run_rc_command "$1"
%%WINBIND%%# Defaults
%%WINBIND%%winbindd_enable=${winbindd_enable:-"NO"}
%%WINBIND%%winbindd_flags=${winbindd_flags:-""}
%%WINBIND%%command_args="${winbindd_flags} -s ${samba_config}"
%%WINBIND%%command_args="-s ${samba_config}"
%%WINBIND%%
%%WINBIND%%load_rc_config $name
%%WINBIND%%run_rc_command "$1"