FreeBSD Bugzilla – Attachment 43756 Details for
Bug 67865
[patch] Fix three bugs in Samba 3.0.4
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
samba.diff
samba.diff (text/plain; charset=us-ascii), 13.67 KB, created by
Timur I. Bakeyev
on 2004-06-23 23:50:05 UTC
(
hide
)
Description:
samba.diff
Filename:
MIME Type:
Creator:
Timur I. Bakeyev
Created:
2004-06-23 23:50:05 UTC
Size:
13.67 KB
patch
obsolete
>Index: Makefile >=================================================================== >RCS file: /home/ncvs/ports/net/samba3/Makefile,v >retrieving revision 1.123 >diff -u -r1.123 Makefile >--- Makefile 3 Jun 2004 07:57:07 -0000 1.123 >+++ Makefile 22 Jun 2004 21:24:38 -0000 >@@ -7,7 +7,7 @@ > > PORTNAME= samba > PORTVERSION= 3.0.4 >-PORTREVISION?= 2 >+PORTREVISION?= 3 > PORTEPOCH?= 1 > CATEGORIES?= net > MASTER_SITES= ${MASTER_SITE_SAMBA} >@@ -22,7 +22,7 @@ > USE_ICONV= yes > USE_AUTOCONF_VER= 253 > >-LATEST_LINK?= ${PKGNAMEPREFIX}${PORTNAME}-3${PKGNAMESUFFIX} >+LATEST_LINK?= ${PKGNAMEPREFIX}${PORTNAME}3${PKGNAMESUFFIX} > EXAMPLESDIR= ${PREFIX}/share/examples/${PKGNAMEPREFIX}${PORTNAME}${PKGNAMESUFFIX} > WRKSRC= ${WRKDIR}/${DISTNAME}/source > >@@ -33,10 +33,10 @@ > SAMBA_RUNDIR= ${VARDIR}/run > SAMBA_LOCKDIR?= ${VARDIR}/db/samba > SAMBA_PRIVATE?= ${PREFIX}/private >-SAMBA_CONFDIR?= ${PREFIX}/etc >+SAMBA_CONFDIR= ${PREFIX}/etc > SAMBA_SWATDIR= ${PREFIX}/share/swat > SAMBA_LIBDIR= ${PREFIX}/lib >-RC_DIR?= ${SAMBA_CONFDIR}/rc.d >+RC_DIR= ${SAMBA_CONFDIR}/rc.d > SAMBA_CONFIG= ${SAMBA_CONFDIR}/smb.conf > > CONFIGURE_ENV+= CPPFLAGS=-I${LOCALBASE}/include \ >Index: files/patch-configure.in >=================================================================== >RCS file: files/patch-configure.in >diff -N files/patch-configure.in >--- /dev/null 1 Jan 1970 00:00:00 -0000 >+++ files/patch-configure.in 20 May 2004 12:16:00 -0000 >@@ -0,0 +1,16 @@ >+--- configure.in.orig Thu Apr 29 09:34:48 2004 >++++ configure.in Thu May 20 14:16:15 2004 >+@@ -803,6 +803,13 @@ >+ AC_DEFINE(HAVE_SIG_ATOMIC_T_TYPE,1,[Whether we have the atomic_t variable type]) >+ fi >+ >++AC_CACHE_CHECK([for optreset], samba_cv_var_optreset, [ >++ AC_TRY_LINK([#include <unistd.h>],[optreset = 1], >++ [samba_cv_var_optreset=yes],[samba_cv_var_optreset=no])]) >++if test x"$samba_cv_var_optreset" = x"yes"; then >++ AC_DEFINE(HAVE_OPTRESET,1,[Whether the system has optreset]) >++fi >++ >+ # stupid headers have the functions but no declaration. grrrr. >+ AC_HAVE_DECL(errno, [#include <errno.h>]) >+ AC_HAVE_DECL(setresuid, [#include <unistd.h>]) >Index: files/patch-include_config.h.in >=================================================================== >RCS file: files/patch-include_config.h.in >diff -N files/patch-include_config.h.in >--- /dev/null 1 Jan 1970 00:00:00 -0000 >+++ files/patch-include_config.h.in 20 May 2004 12:17:00 -0000 >@@ -0,0 +1,12 @@ >+--- include/config.h.in.orig Sat May 8 02:33:46 2004 >++++ include/config.h.in Thu May 20 14:17:44 2004 >+@@ -236,6 +236,9 @@ >+ /* Define to 1 if you have the `endnetgrent' function. */ >+ #undef HAVE_ENDNETGRENT >+ >++/* Whether optreset is available */ >++#undef HAVE_OPTRESET >++ >+ /* Whether errno() is available */ >+ #undef HAVE_ERRNO_DECL >+ >Index: files/patch-jerry-cli_pipe.c >=================================================================== >RCS file: files/patch-jerry-cli_pipe.c >diff -N files/patch-jerry-cli_pipe.c >--- /dev/null 1 Jan 1970 00:00:00 -0000 >+++ files/patch-jerry-cli_pipe.c 22 Jun 2004 20:57:14 -0000 >@@ -0,0 +1,53 @@ >+Index: source/rpc_client/cli_pipe.c >+=================================================================== >+--- rpc_client/cli_pipe.c (revision 842) >++++ rpc_client/cli_pipe.c (working copy) >+@@ -332,13 +332,24 @@ >+ if (cli->pipe_auth_flags & AUTH_PIPE_NETSEC) { >+ RPC_AUTH_NETSEC_CHK chk; >+ >+- if (auth_len != RPC_AUTH_NETSEC_CHK_LEN) { >++ if ( (auth_len != RPC_AUTH_NETSEC_SIGN_OR_SEAL_CHK_LEN) >++ && (auth_len != RPC_AUTH_NETSEC_SIGN_ONLY_CHK_LEN) ) >++ { >+ DEBUG(0,("rpc_auth_pipe: wrong schannel auth len %d\n", auth_len)); >+ return False; >+ } >+ >+- if (!smb_io_rpc_auth_netsec_chk("schannel_auth_sign", >+- &chk, &auth_verf, 0)) { >++ /* can't seal with no nonce */ >++ if ( (cli->pipe_auth_flags & AUTH_PIPE_SEAL) >++ && (auth_len != RPC_AUTH_NETSEC_SIGN_OR_SEAL_CHK_LEN) ) >++ { >++ DEBUG(0,("rpc_auth_pipe: sealing not supported with schannel auth len %d\n", auth_len)); >++ return False; >++ } >++ >++ >++ if (!smb_io_rpc_auth_netsec_chk("schannel_auth_sign", auth_len, &chk, &auth_verf, 0)) >++ { >+ DEBUG(0, ("rpc_auth_pipe: schannel unmarshalling " >+ "RPC_AUTH_NETSECK_CHK failed\n")); >+ return False; >+@@ -918,7 +929,7 @@ >+ auth_len = RPC_AUTH_NTLMSSP_CHK_LEN; >+ } >+ if (cli->pipe_auth_flags & AUTH_PIPE_NETSEC) { >+- auth_len = RPC_AUTH_NETSEC_CHK_LEN; >++ auth_len = RPC_AUTH_NETSEC_SIGN_OR_SEAL_CHK_LEN; >+ } >+ auth_hdr_len = RPC_HDR_AUTH_LEN; >+ } >+@@ -1034,8 +1045,9 @@ >+ /* write auth footer onto the packet */ >+ >+ parse_offset_marker = prs_offset(&sec_blob); >+- if (!smb_io_rpc_auth_netsec_chk("", &verf, >+- &sec_blob, 0)) { >++ if (!smb_io_rpc_auth_netsec_chk("", RPC_AUTH_NETSEC_SIGN_OR_SEAL_CHK_LEN, >++ &verf, &sec_blob, 0)) >++ { >+ prs_mem_free(&sec_blob); >+ return False; >+ } >Index: files/patch-jerry-filename.c >=================================================================== >RCS file: files/patch-jerry-filename.c >diff -N files/patch-jerry-filename.c >--- /dev/null 1 Jan 1970 00:00:00 -0000 >+++ files/patch-jerry-filename.c 22 Jun 2004 20:58:09 -0000 >@@ -0,0 +1,15 @@ >+Index: source/smbd/filename.c >+=================================================================== >+--- smbd/filename.c (revision 842) >++++ smbd/filename.c (working copy) >+@@ -137,6 +137,10 @@ >+ if (!*name) { >+ name[0] = '.'; >+ name[1] = '\0'; >++ if (SMB_VFS_STAT(conn,name,&st) == 0) { >++ *pst = st; >++ } >++ DEBUG(5,("conversion finished %s -> %s\n",orig_path, name)); >+ return(True); >+ } >+ >Index: files/patch-jerry-parse_rpc.c >=================================================================== >RCS file: files/patch-jerry-parse_rpc.c >diff -N files/patch-jerry-parse_rpc.c >--- /dev/null 1 Jan 1970 00:00:00 -0000 >+++ files/patch-jerry-parse_rpc.c 22 Jun 2004 20:57:37 -0000 >@@ -0,0 +1,38 @@ >+Index: source/rpc_parse/parse_rpc.c >+=================================================================== >+--- rpc_parse/parse_rpc.c (revision 842) >++++ rpc_parse/parse_rpc.c (working copy) >+@@ -1189,7 +1189,8 @@ >+ /******************************************************************* >+ reads or writes an RPC_AUTH_NETSEC_CHK structure. >+ ********************************************************************/ >+-BOOL smb_io_rpc_auth_netsec_chk(const char *desc, RPC_AUTH_NETSEC_CHK * chk, >++BOOL smb_io_rpc_auth_netsec_chk(const char *desc, int auth_len, >++ RPC_AUTH_NETSEC_CHK * chk, >+ prs_struct *ps, int depth) >+ { >+ if (chk == NULL) >+@@ -1198,10 +1199,19 @@ >+ prs_debug(ps, depth, desc, "smb_io_rpc_auth_netsec_chk"); >+ depth++; >+ >+- prs_uint8s(False, "sig ", ps, depth, chk->sig, sizeof(chk->sig)); >+- prs_uint8s(False, "seq_num", ps, depth, chk->seq_num, sizeof(chk->seq_num)); >+- prs_uint8s(False, "packet_digest", ps, depth, chk->packet_digest, sizeof(chk->packet_digest)); >+- prs_uint8s(False, "confounder", ps, depth, chk->confounder, sizeof(chk->confounder)); >++ if ( !prs_uint8s(False, "sig ", ps, depth, chk->sig, sizeof(chk->sig)) ) >++ return False; >++ >++ if ( !prs_uint8s(False, "seq_num", ps, depth, chk->seq_num, sizeof(chk->seq_num)) ) >++ return False; >++ >++ if ( !prs_uint8s(False, "packet_digest", ps, depth, chk->packet_digest, sizeof(chk->packet_digest)) ) >++ return False; >++ >++ if ( auth_len == RPC_AUTH_NETSEC_SIGN_OR_SEAL_CHK_LEN ) { >++ if ( !prs_uint8s(False, "confounder", ps, depth, chk->confounder, sizeof(chk->confounder)) ) >++ return False; >++ } >+ >+ return True; >+ } >Index: files/patch-jerry-rpc_dce.h >=================================================================== >RCS file: files/patch-jerry-rpc_dce.h >diff -N files/patch-jerry-rpc_dce.h >--- /dev/null 1 Jan 1970 00:00:00 -0000 >+++ files/patch-jerry-rpc_dce.h 22 Jun 2004 20:58:24 -0000 >@@ -0,0 +1,16 @@ >+Index: source/include/rpc_dce.h >+=================================================================== >+--- include/rpc_dce.h (revision 842) >++++ include/rpc_dce.h (working copy) >+@@ -63,8 +63,10 @@ >+ #define NETSEC_AUTH_TYPE 0x44 >+ #define NETSEC_SIGN_SIGNATURE { 0x77, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00 } >+ #define NETSEC_SEAL_SIGNATURE { 0x77, 0x00, 0x7a, 0x00, 0xff, 0xff, 0x00, 0x00 } >+-#define RPC_AUTH_NETSEC_CHK_LEN 0x20 >+ >++#define RPC_AUTH_NETSEC_SIGN_OR_SEAL_CHK_LEN 0x20 >++#define RPC_AUTH_NETSEC_SIGN_ONLY_CHK_LEN 0x18 >++ >+ /* The 7 here seems to be required to get Win2k not to downgrade us >+ to NT4. Actually, anything other than 1ff would seem to do... */ >+ #define NETLOGON_NEG_AUTH2_FLAGS 0x000701ff >Index: files/patch-jerry-srv_pipe.c >=================================================================== >RCS file: files/patch-jerry-srv_pipe.c >diff -N files/patch-jerry-srv_pipe.c >--- /dev/null 1 Jan 1970 00:00:00 -0000 >+++ files/patch-jerry-srv_pipe.c 22 Jun 2004 20:58:33 -0000 >@@ -0,0 +1,54 @@ >+Index: source/rpc_server/srv_pipe.c >+=================================================================== >+--- rpc_server/srv_pipe.c (revision 842) >++++ rpc_server/srv_pipe.c (working copy) >+@@ -124,7 +124,7 @@ >+ if(p->ntlmssp_auth_validated) { >+ data_space_available -= (RPC_HDR_AUTH_LEN + RPC_AUTH_NTLMSSP_CHK_LEN); >+ } else if(p->netsec_auth_validated) { >+- data_space_available -= (RPC_HDR_AUTH_LEN + RPC_AUTH_NETSEC_CHK_LEN); >++ data_space_available -= (RPC_HDR_AUTH_LEN + RPC_AUTH_NETSEC_SIGN_OR_SEAL_CHK_LEN); >+ } >+ >+ /* >+@@ -177,8 +177,8 @@ >+ } else if (p->netsec_auth_validated) { >+ p->hdr.frag_len = RPC_HEADER_LEN + RPC_HDR_RESP_LEN + >+ data_len + ss_padding_len + >+- RPC_HDR_AUTH_LEN + RPC_AUTH_NETSEC_CHK_LEN; >+- p->hdr.auth_len = RPC_AUTH_NETSEC_CHK_LEN; >++ RPC_HDR_AUTH_LEN + RPC_AUTH_NETSEC_SIGN_OR_SEAL_CHK_LEN; >++ p->hdr.auth_len = RPC_AUTH_NETSEC_SIGN_OR_SEAL_CHK_LEN; >+ } else { >+ p->hdr.frag_len = RPC_HEADER_LEN + RPC_HDR_RESP_LEN + data_len; >+ p->hdr.auth_len = 0; >+@@ -309,7 +309,8 @@ >+ SENDER_IS_ACCEPTOR, >+ &verf, data, data_len + ss_padding_len); >+ >+- smb_io_rpc_auth_netsec_chk("", &verf, &outgoing_pdu, 0); >++ smb_io_rpc_auth_netsec_chk("", RPC_AUTH_NETSEC_SIGN_OR_SEAL_CHK_LEN, >++ &verf, &outgoing_pdu, 0); >+ >+ p->netsec_auth.seq_num++; >+ } >+@@ -1339,7 +1340,7 @@ >+ >+ auth_len = p->hdr.auth_len; >+ >+- if (auth_len != RPC_AUTH_NETSEC_CHK_LEN) { >++ if (auth_len != RPC_AUTH_NETSEC_SIGN_OR_SEAL_CHK_LEN) { >+ DEBUG(0,("Incorrect auth_len %d.\n", auth_len )); >+ return False; >+ } >+@@ -1384,7 +1385,9 @@ >+ return False; >+ } >+ >+- if(!smb_io_rpc_auth_netsec_chk("", &netsec_chk, rpc_in, 0)) { >++ if(!smb_io_rpc_auth_netsec_chk("", RPC_AUTH_NETSEC_SIGN_OR_SEAL_CHK_LEN, >++ &netsec_chk, rpc_in, 0)) >++ { >+ DEBUG(0,("failed to unmarshal RPC_AUTH_NETSEC_CHK.\n")); >+ return False; >+ } >Index: files/patch-jerry-uid.c >=================================================================== >RCS file: files/patch-jerry-uid.c >diff -N files/patch-jerry-uid.c >--- /dev/null 1 Jan 1970 00:00:00 -0000 >+++ files/patch-jerry-uid.c 22 Jun 2004 20:58:46 -0000 >@@ -0,0 +1,33 @@ >+Index: source/smbd/uid.c >+=================================================================== >+--- smbd/uid.c (revision 842) >++++ smbd/uid.c (working copy) >+@@ -189,20 +189,26 @@ >+ >+ snum = SNUM(conn); >+ >++ if ((vuser) && !check_user_ok(conn, vuser, snum)) { >++ DEBUG(2,("change_to_user: SMB user %s (unix user %s, vuid %d) not permitted access to share %s.\n", >++ vuser->user.smb_name, vuser->user.unix_name, vuid, lp_servicename(snum))); >++ return False; >++ } >++ >+ if (conn->force_user) /* security = share sets this too */ { >+ uid = conn->uid; >+ gid = conn->gid; >+ current_user.groups = conn->groups; >+ current_user.ngroups = conn->ngroups; >+ token = conn->nt_user_token; >+- } else if ((vuser) && check_user_ok(conn, vuser, snum)) { >++ } else if (vuser) { >+ uid = conn->admin_user ? 0 : vuser->uid; >+ gid = vuser->gid; >+ current_user.ngroups = vuser->n_groups; >+ current_user.groups = vuser->groups; >+ token = vuser->nt_user_token; >+ } else { >+- DEBUG(2,("change_to_user: Invalid vuid used %d or vuid not permitted access to share.\n",vuid)); >++ DEBUG(2,("change_to_user: Invalid vuid used %d in accessing share %s.\n",vuid, lp_servicename(snum) )); >+ return False; >+ } >+ >Index: files/patch-rpcclient_cmd_reg.c >=================================================================== >RCS file: files/patch-rpcclient_cmd_reg.c >diff -N files/patch-rpcclient_cmd_reg.c >--- /dev/null 1 Jan 1970 00:00:00 -0000 >+++ files/patch-rpcclient_cmd_reg.c 20 May 2004 12:18:00 -0000 >@@ -0,0 +1,15 @@ >+--- rpcclient/cmd_reg.c.orig Sun Apr 4 09:37:28 2004 >++++ rpcclient/cmd_reg.c Thu May 20 14:18:36 2004 >+@@ -905,7 +905,11 @@ >+ int opt; >+ >+ *msg = 0; >+- optind = 0; /* TODO: test if this hack works on other systems too --simo */ >++#ifdef HAVE_OPTRESET >++ optreset = optind = 1; >++#else >++ optind = 0; >++#endif >+ >+ while ((opt = getopt(argc, argv, "m:t:rf")) != EOF) >+ { >Index: files/samba.sh.sample >=================================================================== >RCS file: /home/ncvs/ports/net/samba3/files/samba.sh.sample,v >retrieving revision 1.7 >diff -u -r1.7 samba.sh.sample >--- files/samba.sh.sample 18 May 2004 14:52:47 -0000 1.7 >+++ files/samba.sh.sample 22 Jun 2004 21:10:45 -0000 >@@ -86,7 +86,7 @@ > # Defaults > nmbd_enable=${nmbd_enable:-"NO"} > nmbd_flags=${nmbd_flags:-"-D"} >-command_args="${nmbd_flags} -s ${samba_config}" >+command_args="-s ${samba_config}" > > load_rc_config $name > run_rc_command "$1" >@@ -101,7 +101,7 @@ > # Defaults > smbd_enable=${smbd_enable:-"NO"} > smbd_flags=${smbd_flags:-"-D"} >-command_args="${smbd_flags} -s ${samba_config}" >+command_args="-s ${samba_config}" > > load_rc_config $name > run_rc_command "$1" >@@ -117,7 +117,7 @@ > %%WINBIND%%# Defaults > %%WINBIND%%winbindd_enable=${winbindd_enable:-"NO"} > %%WINBIND%%winbindd_flags=${winbindd_flags:-""} >-%%WINBIND%%command_args="${winbindd_flags} -s ${samba_config}" >+%%WINBIND%%command_args="-s ${samba_config}" > %%WINBIND%% > %%WINBIND%%load_rc_config $name > %%WINBIND%%run_rc_command "$1"
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=43756">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 67865
: 43756