OpenPKG CVS Repository http://cvs.openpkg.org/ ____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src Date: 05-Jul-2004 10:38:43 Branch: OPENPKG_2_1_SOLID Handle: 2004070509384201 Added files: (Branch: OPENPKG_2_1_SOLID) openpkg-src/samba samba.patch Modified files: (Branch: OPENPKG_2_1_SOLID) openpkg-src/samba samba.spec Log: MFC: upgrade to latest status from CURRENT Summary: Revision Changes Path 1.3.2.1 +228 -0 openpkg-src/samba/samba.patch 1.68.2.2 +2 -1 openpkg-src/samba/samba.spec ____________________________________________________________________________ patch -p0 <<'@@ .' Index: openpkg-src/samba/samba.patch ============================================================================ $ cvs diff -u -r0 -r1.3.2.1 samba.patch --- /dev/null 2004-07-05 10:38:43.000000000 +0200 +++ samba.patch 2004-07-05 10:38:43.000000000 +0200 @@ -0,0 +1,228 @@ +Some vendor patches for Samba 3.0.4. + +Index: source/include/rpc_dce.h +--- source/include/rpc_dce.h.orig 2004-04-20 22:42:57 +0200 ++++ source/include/rpc_dce.h 2004-07-04 10:07:30 +0200 +@@ -63,7 +63,9 @@ + #define NETSEC_AUTH_TYPE 0x44 + #define NETSEC_SIGN_SIGNATURE { 0x77, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00 } + #define NETSEC_SEAL_SIGNATURE { 0x77, 0x00, 0x7a, 0x00, 0xff, 0xff, 0x00, 0x00 } +-#define RPC_AUTH_NETSEC_CHK_LEN 0x20 ++ ++#define RPC_AUTH_NETSEC_SIGN_OR_SEAL_CHK_LEN 0x20 ++#define RPC_AUTH_NETSEC_SIGN_ONLY_CHK_LEN 0x18 + + /* The 7 here seems to be required to get Win2k not to downgrade us + to NT4. Actually, anything other than 1ff would seem to do... */ +Index: source/lib/util_str.c +--- source/lib/util_str.c.orig 2004-04-20 22:42:55 +0200 ++++ source/lib/util_str.c 2004-07-04 10:07:30 +0200 +@@ -1980,10 +1980,16 @@ + { + int bits = 0; + int char_count = 0; +- size_t out_cnt = 0; +- size_t len = data.length; +- size_t output_len = data.length * 2; +- char *result = malloc(output_len); /* get us plenty of space */ ++ size_t out_cnt, len, output_len; ++ char *result; ++ ++ if (!data.length || !data.data) ++ return NULL; ++ ++ out_cnt = 0; ++ len = data.length; ++ output_len = data.length * 2; ++ result = malloc(output_len); /* get us plenty of space */ + + while (len-- && out_cnt < (data.length * 2) - 5) { + int c = (unsigned char) *(data.data++); +Index: source/rpc_client/cli_pipe.c +--- source/rpc_client/cli_pipe.c.orig 2004-04-04 09:37:16 +0200 ++++ source/rpc_client/cli_pipe.c 2004-07-04 10:07:30 +0200 +@@ -332,13 +332,24 @@ + if (cli->pipe_auth_flags & AUTH_PIPE_NETSEC) { + RPC_AUTH_NETSEC_CHK chk; + +- if (auth_len != RPC_AUTH_NETSEC_CHK_LEN) { ++ if ( (auth_len != RPC_AUTH_NETSEC_SIGN_OR_SEAL_CHK_LEN) ++ && (auth_len != RPC_AUTH_NETSEC_SIGN_ONLY_CHK_LEN) ) ++ { + DEBUG(0,("rpc_auth_pipe: wrong schannel auth len %d\n", auth_len)); + return False; + } + +- if (!smb_io_rpc_auth_netsec_chk("schannel_auth_sign", +- &chk, &auth_verf, 0)) { ++ /* can't seal with no nonce */ ++ if ( (cli->pipe_auth_flags & AUTH_PIPE_SEAL) ++ && (auth_len != RPC_AUTH_NETSEC_SIGN_OR_SEAL_CHK_LEN) ) ++ { ++ DEBUG(0,("rpc_auth_pipe: sealing not supported with schannel auth len %d\n", auth_len)); ++ return False; ++ } ++ ++ ++ if (!smb_io_rpc_auth_netsec_chk("schannel_auth_sign", auth_len, &chk, &auth_verf, 0)) ++ { + DEBUG(0, ("rpc_auth_pipe: schannel unmarshalling " + "RPC_AUTH_NETSECK_CHK failed\n")); + return False; +@@ -918,7 +929,7 @@ + auth_len = RPC_AUTH_NTLMSSP_CHK_LEN; + } + if (cli->pipe_auth_flags & AUTH_PIPE_NETSEC) { +- auth_len = RPC_AUTH_NETSEC_CHK_LEN; ++ auth_len = RPC_AUTH_NETSEC_SIGN_OR_SEAL_CHK_LEN; + } + auth_hdr_len = RPC_HDR_AUTH_LEN; + } +@@ -1034,8 +1045,9 @@ + /* write auth footer onto the packet */ + + parse_offset_marker = prs_offset(&sec_blob); +- if (!smb_io_rpc_auth_netsec_chk("", &verf, +- &sec_blob, 0)) { ++ if (!smb_io_rpc_auth_netsec_chk("", RPC_AUTH_NETSEC_SIGN_OR_SEAL_CHK_LEN, ++ &verf, &sec_blob, 0)) ++ { + prs_mem_free(&sec_blob); + return False; + } +Index: source/rpc_parse/parse_rpc.c +--- source/rpc_parse/parse_rpc.c.orig 2004-04-20 22:42:57 +0200 ++++ source/rpc_parse/parse_rpc.c 2004-07-04 10:07:30 +0200 +@@ -1189,7 +1189,8 @@ + /******************************************************************* + reads or writes an RPC_AUTH_NETSEC_CHK structure. + ********************************************************************/ +-BOOL smb_io_rpc_auth_netsec_chk(const char *desc, RPC_AUTH_NETSEC_CHK * chk, ++BOOL smb_io_rpc_auth_netsec_chk(const char *desc, int auth_len, ++ RPC_AUTH_NETSEC_CHK * chk, + prs_struct *ps, int depth) + { + if (chk == NULL) +@@ -1198,10 +1199,19 @@ + prs_debug(ps, depth, desc, "smb_io_rpc_auth_netsec_chk"); + depth++; + +- prs_uint8s(False, "sig ", ps, depth, chk->sig, sizeof(chk->sig)); +- prs_uint8s(False, "seq_num", ps, depth, chk->seq_num, sizeof(chk->seq_num)); +- prs_uint8s(False, "packet_digest", ps, depth, chk->packet_digest, sizeof(chk->packet_digest)); +- prs_uint8s(False, "confounder", ps, depth, chk->confounder, sizeof(chk->confounder)); ++ if ( !prs_uint8s(False, "sig ", ps, depth, chk->sig, sizeof(chk->sig)) ) ++ return False; ++ ++ if ( !prs_uint8s(False, "seq_num", ps, depth, chk->seq_num, sizeof(chk->seq_num)) ) ++ return False; ++ ++ if ( !prs_uint8s(False, "packet_digest", ps, depth, chk->packet_digest, sizeof(chk->packet_digest)) ) ++ return False; ++ ++ if ( auth_len == RPC_AUTH_NETSEC_SIGN_OR_SEAL_CHK_LEN ) { ++ if ( !prs_uint8s(False, "confounder", ps, depth, chk->confounder, sizeof(chk->confounder)) ) ++ return False; ++ } + + return True; + } +Index: source/rpc_server/srv_pipe.c +--- source/rpc_server/srv_pipe.c.orig 2004-05-07 21:27:34 +0200 ++++ source/rpc_server/srv_pipe.c 2004-07-04 10:07:30 +0200 +@@ -124,7 +124,7 @@ + if(p->ntlmssp_auth_validated) { + data_space_available -= (RPC_HDR_AUTH_LEN + RPC_AUTH_NTLMSSP_CHK_LEN); + } else if(p->netsec_auth_validated) { +- data_space_available -= (RPC_HDR_AUTH_LEN + RPC_AUTH_NETSEC_CHK_LEN); ++ data_space_available -= (RPC_HDR_AUTH_LEN + RPC_AUTH_NETSEC_SIGN_OR_SEAL_CHK_LEN); + } + + /* +@@ -177,8 +177,8 @@ + } else if (p->netsec_auth_validated) { + p->hdr.frag_len = RPC_HEADER_LEN + RPC_HDR_RESP_LEN + + data_len + ss_padding_len + +- RPC_HDR_AUTH_LEN + RPC_AUTH_NETSEC_CHK_LEN; +- p->hdr.auth_len = RPC_AUTH_NETSEC_CHK_LEN; ++ RPC_HDR_AUTH_LEN + RPC_AUTH_NETSEC_SIGN_OR_SEAL_CHK_LEN; ++ p->hdr.auth_len = RPC_AUTH_NETSEC_SIGN_OR_SEAL_CHK_LEN; + } else { + p->hdr.frag_len = RPC_HEADER_LEN + RPC_HDR_RESP_LEN + data_len; + p->hdr.auth_len = 0; +@@ -309,7 +309,8 @@ + SENDER_IS_ACCEPTOR, + &verf, data, data_len + ss_padding_len); + +- smb_io_rpc_auth_netsec_chk("", &verf, &outgoing_pdu, 0); ++ smb_io_rpc_auth_netsec_chk("", RPC_AUTH_NETSEC_SIGN_OR_SEAL_CHK_LEN, ++ &verf, &outgoing_pdu, 0); + + p->netsec_auth.seq_num++; + } +@@ -1339,7 +1340,7 @@ + + auth_len = p->hdr.auth_len; + +- if (auth_len != RPC_AUTH_NETSEC_CHK_LEN) { ++ if (auth_len != RPC_AUTH_NETSEC_SIGN_OR_SEAL_CHK_LEN) { + DEBUG(0,("Incorrect auth_len %d.\n", auth_len )); + return False; + } +@@ -1384,7 +1385,9 @@ + return False; + } + +- if(!smb_io_rpc_auth_netsec_chk("", &netsec_chk, rpc_in, 0)) { ++ if(!smb_io_rpc_auth_netsec_chk("", RPC_AUTH_NETSEC_SIGN_OR_SEAL_CHK_LEN, ++ &netsec_chk, rpc_in, 0)) ++ { + DEBUG(0,("failed to unmarshal RPC_AUTH_NETSEC_CHK.\n")); + return False; + } +Index: source/smbd/filename.c +--- source/smbd/filename.c.orig 2004-04-04 09:37:31 +0200 ++++ source/smbd/filename.c 2004-07-04 10:07:30 +0200 +@@ -137,6 +137,10 @@ + if (!*name) { + name[0] = '.'; + name[1] = '\0'; ++ if (SMB_VFS_STAT(conn,name,&st) == 0) { ++ *pst = st; ++ } ++ DEBUG(5,("conversion finished %s -> %s\n",orig_path, name)); + return(True); + } + +Index: source/smbd/uid.c +--- source/smbd/uid.c.orig 2004-04-04 09:37:31 +0200 ++++ source/smbd/uid.c 2004-07-04 10:07:30 +0200 +@@ -189,20 +189,26 @@ + + snum = SNUM(conn); + ++ if ((vuser) && !check_user_ok(conn, vuser, snum)) { ++ DEBUG(2,("change_to_user: SMB user %s (unix user %s, vuid %d) not permitted access to share %s.\n", ++ vuser->user.smb_name, vuser->user.unix_name, vuid, lp_servicename(snum))); ++ return False; ++ } ++ + if (conn->force_user) /* security = share sets this too */ { + uid = conn->uid; + gid = conn->gid; + current_user.groups = conn->groups; + current_user.ngroups = conn->ngroups; + token = conn->nt_user_token; +- } else if ((vuser) && check_user_ok(conn, vuser, snum)) { ++ } else if (vuser) { + uid = conn->admin_user ? 0 : vuser->uid; + gid = vuser->gid; + current_user.ngroups = vuser->n_groups; + current_user.groups = vuser->groups; + token = vuser->nt_user_token; + } else { +- DEBUG(2,("change_to_user: Invalid vuid used %d or vuid not permitted access to share.\n",vuid)); ++ DEBUG(2,("change_to_user: Invalid vuid used %d in accessing share %s.\n",vuid, lp_servicename(snum) )); + return False; + } + @@ . patch -p0 <<'@@ .' Index: openpkg-src/samba/samba.spec ============================================================================ $ cvs diff -u -r1.68.2.1 -r1.68.2.2 samba.spec --- openpkg-src/samba/samba.spec 2 Jul 2004 15:27:41 -0000 1.68.2.1 +++ openpkg-src/samba/samba.spec 5 Jul 2004 08:38:43 -0000 1.68.2.2 @@ -47,6 +47,7 @@ Source1: smb.conf Source2: smb.hosts Source3: rc.samba +Patch0: samba.patch # build information Prefix: %{l_prefix} @@ -86,7 +87,7 @@ %prep %setup -q - %{l_patch} -p1 <packaging/Mandrake/samba-3.0-smbmount-sbin.patch + %patch -p0 %build cd source @@ . ______________________________________________________________________ The OpenPKG Project www.openpkg.org CVS Repository Commit List [EMAIL PROTECTED]