diff options
Diffstat (limited to 'package/samba')
| -rw-r--r-- | package/samba/Config.in | 37 | ||||
| -rw-r--r-- | package/samba/Makefile | 115 | ||||
| -rw-r--r-- | package/samba/files/samba.init | 26 | ||||
| -rw-r--r-- | package/samba/files/smb.conf | 14 | ||||
| -rw-r--r-- | package/samba/ipkg/samba-client.control | 6 | ||||
| -rw-r--r-- | package/samba/ipkg/samba.conffiles | 1 | ||||
| -rw-r--r-- | package/samba/ipkg/samba.control | 7 | ||||
| -rw-r--r-- | package/samba/patches/100-samba.patch | 489 | ||||
| -rw-r--r-- | package/samba/patches/200-security.patch | 611 | ||||
| -rw-r--r-- | package/samba/patches/300-shared_lib_ldflags_fix.patch | 25 | ||||
| -rw-r--r-- | package/samba/patches/301-config_files_path.patch | 25 | 
11 files changed, 1356 insertions, 0 deletions
| diff --git a/package/samba/Config.in b/package/samba/Config.in new file mode 100644 index 000000000..b2a6f866e --- /dev/null +++ b/package/samba/Config.in @@ -0,0 +1,37 @@ +config BR2_COMPILE_SAMBA +	bool +	default n +	depends BR2_PACKAGE_SAMBA || BR2_PACKAGE_SAMBA_CLIENT + +config BR2_PACKAGE_SAMBA +	tristate "samba - NetBIOS/SMB file and print server" +#	default m if CONFIG_DEVEL +	default n +	select BR2_COMPILE_SAMBA +	help +	 The Samba software suite is a collection of programs that implements the  +	 SMB protocol for unix systems, allowing you to serve files and printers to  +	 Windows, NT, OS/2 and DOS clients. This protocol is sometimes also referred  +	 to as the LanManager or Netbios protocol. +	  +	 http://www.samba.org/ +	  +	 This package contains the SMB file and print server daemons. +	  + +config BR2_PACKAGE_SAMBA_CLIENT +	tristate "samba-client - NetBIOS/SMB simple client" +#	default m if CONFIG_DEVEL +	default n +	select BR2_COMPILE_SAMBA +	help +	 The Samba software suite is a collection of programs that implements the  +	 SMB protocol for unix systems, allowing you to serve files and printers to  +	 Windows, NT, OS/2 and DOS clients. This protocol is sometimes also referred  +	 to as the LanManager or Netbios protocol. +	  +	 http://www.samba.org/ +	  +	 This package contains a simple command-line SMB client. +	  + diff --git a/package/samba/Makefile b/package/samba/Makefile new file mode 100644 index 000000000..5491f151d --- /dev/null +++ b/package/samba/Makefile @@ -0,0 +1,115 @@ +include $(TOPDIR)/rules.mk + +PKG_NAME:=samba +PKG_VERSION:=2.0.10 +PKG_RELEASE:=1 +PKG_MD5SUM:=54870482fe036b7e69dd48c90661eec6 + +PKG_SOURCE_URL:=ftp://se.samba.org/pub/samba/stable \ +	ftp://ftp.easynet.be/samba/stable +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz +PKG_CAT:=zcat +PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION) +PKG_INSTALL_DIR:=$(PKG_BUILD_DIR)/ipkg-install + +include $(TOPDIR)/package/rules.mk + +$(eval $(call PKG_template,SAMBA,samba,$(PKG_VERSION)-$(PKG_RELEASE),$(ARCH))) +$(eval $(call PKG_template,SAMBA_CLIENT,samba-client,$(PKG_VERSION)-$(PKG_RELEASE),$(ARCH))) + +$(PKG_BUILD_DIR)/.configured: $(PKG_BUILD_DIR)/.prepared +	(cd $(PKG_BUILD_DIR)/source; \ +		$(TARGET_CONFIGURE_OPTS) \ +		CFLAGS="$(TARGET_CFLAGS) -D_GNU_SOURCE -DNDEBUG -DSHMEM_SIZE=524288 -Dfcntl=fcntl64" \ +		CPPFLAGS="-I$(STAGING_DIR)/usr/include" \ +		LDFLAGS="-L$(STAGING_DIR)/lib -L$(STAGING_DIR)/usr/lib" \ +		ac_cv_sizeof_int=4 \ +		ac_cv_sizeof_long=4 \ +		ac_cv_sizeof_short=2 \ +		samba_cv_FTRUNCATE_NEEDS_ROOT=no \ +		samba_cv_HAVE_BROKEN_FCNTL64_LOCKS=no \ +		samba_cv_HAVE_BROKEN_GETGROUPS=no \ +		samba_cv_HAVE_BROKEN_READDIR=no \ +		samba_cv_HAVE_FCNTL_LOCK=yes \ +		samba_cv_HAVE_FNMATCH=yes \ +		samba_cv_HAVE_FTRUNCATE_EXTEND=no \ +		samba_cv_HAVE_GETTIMEOFDAY_TZ=yes \ +		samba_cv_HAVE_IFACE_AIX=no \ +		samba_cv_HAVE_IFACE_IFCONF=yes \ +		samba_cv_HAVE_IFACE_IFREQ=yes \ +		samba_cv_HAVE_INO64_T=yes \ +		samba_cv_HAVE_IRIX_SPECIFIC_CAPABILITIES=no \ +		samba_cv_HAVE_OFF64_T=yes \ +		samba_cv_HAVE_ROOT=yes \ +		samba_cv_HAVE_SECURE_MKSTEMP=yes \ +		samba_cv_HAVE_SHARED_MMAP=yes \ +		samba_cv_HAVE_STRUCT_FLOCK64=yes \ +		samba_cv_HAVE_SYSV_IPC=no \ +		samba_cv_HAVE_TRUNCATED_SALT=no \ +		samba_cv_HAVE_UNION_SEMUN=no \ +		samba_cv_HAVE_UNSIGNED_CHAR=yes \ +		samba_cv_NEED_SGI_SEMUN_HACK=no \ +		samba_cv_REPLACE_INET_NTOA=no \ +		samba_cv_SIZEOF_INO_T=4 \ +		samba_cv_SIZEOF_OFF_T=4 \ +		samba_cv_SYSCONF_SC_NGROUPS_MAX=yes \ +		samba_cv_USE_SETEUID=yes \ +		samba_cv_USE_SETRESUID=no \ +		samba_cv_USE_SETREUID=yes \ +		samba_cv_USE_SETUIDX=no \ +		samba_cv_have_longlong=yes \ +		samba_cv_have_setresgid=no \ +		samba_cv_have_setresuid=no \ +		./configure \ +			--target=$(GNU_TARGET_NAME) \ +			--host=$(GNU_TARGET_NAME) \ +			--build=$(GNU_HOST_NAME) \ +			--program-prefix="" \ +			--program-suffix="" \ +			--prefix=/usr \ +			--exec-prefix=/usr \ +			--bindir=/usr/bin \ +			--datadir=/usr/share \ +			--includedir=/usr/include \ +			--infodir=/usr/share/info \ +			--libdir=/usr/lib \ +			--libexecdir=/usr/lib \ +			--localstatedir=/var/log/samba \ +			--mandir=/usr/share/man \ +			--sbindir=/usr/sbin \ +			--sysconfdir=/etc/samba \ +			$(DISABLE_LARGEFILE) \ +			$(DISABLE_NLS) \ +			--with-lockdir=/var/run/samba \ +			--with-privatedir=/etc/samba \ +			--enable-cups \ +	); +	touch $@ + +$(PKG_BUILD_DIR)/.built: +	$(MAKE) -C $(PKG_BUILD_DIR)/source \ +		$(TARGET_CONFIGURE_OPTS) \ +		all +	touch $@ + +$(IPKG_SAMBA): +	install -d -m0755 $(IDIR_SAMBA)/etc/init.d +	install -m0755 ./files/samba.init $(IDIR_SAMBA)/etc/init.d/samba +	install -d -m0755 $(IDIR_SAMBA)/etc/samba +	install -m0644 ./files/smb.conf $(IDIR_SAMBA)/etc/samba/smb.conf +	install -d -m0755 $(IDIR_SAMBA)/usr/bin +	install -m0755 $(PKG_BUILD_DIR)/source/bin/smbpasswd $(IDIR_SAMBA)/usr/bin/ +	install -d -m0755 $(IDIR_SAMBA)/usr/sbin +	install -m0755 $(PKG_BUILD_DIR)/source/bin/{n,s}mbd $(IDIR_SAMBA)/usr/sbin/ +	$(RSTRIP) $(IDIR_SAMBA) +	$(IPKG_BUILD) $(IDIR_SAMBA) $(PACKAGE_DIR) + +$(IPKG_SAMBA_CLIENT): +	install -d -m0755 $(IDIR_SAMBA_CLIENT)/usr/bin +	install -m0755 $(PKG_BUILD_DIR)/source/bin/smbclient $(IDIR_SAMBA_CLIENT)/usr/bin/ +	$(RSTRIP) $(IDIR_SAMBA_CLIENT) +	$(IPKG_BUILD) $(IDIR_SAMBA_CLIENT) $(PACKAGE_DIR) + +mostlyclean: +	make -C $(PKG_BUILD_DIR) clean +	rm $(PKG_BUILD_DIR)/.built diff --git a/package/samba/files/samba.init b/package/samba/files/samba.init new file mode 100644 index 000000000..43ab372ca --- /dev/null +++ b/package/samba/files/samba.init @@ -0,0 +1,26 @@ +#!/bin/sh + +DEFAULT=/etc/default/samba +LOG_D=/var/log/samba +RUN_D=/var/run/samba +NMBD_PID_F=$RUN_D/nmbd.pid +SMBD_PID_F=$RUN_D/smbd.pid +[ -f $DEFAULT ] && . $DEFAULT + +case $1 in + start) +  mkdir -p $LOG_D +  mkdir -p $RUN_D +  nmbd -D $NMBD_OPTIONS +  smbd -D $SMBD_OPTIONS +  ;; + stop) +  [ -f $SMBD_PID_F ] && kill $(cat $SMBD_PID_F) +  [ -f $NMBD_PID_F ] && kill $(cat $NMBD_PID_F) +  ;; + *) +  echo "usage: $0 (start|stop)" +  exit 1 +esac + +exit $? diff --git a/package/samba/files/smb.conf b/package/samba/files/smb.conf new file mode 100644 index 000000000..4c4cd1dab --- /dev/null +++ b/package/samba/files/smb.conf @@ -0,0 +1,14 @@ +[global] + workgroup = OpenWrt + security = share + guest account = nobody + local master = yes + name resolve order = lmhosts hosts bcast + +[tmp] + comment = /tmp + path = /tmp + browseable = yes + public = yes + writeable = no + diff --git a/package/samba/ipkg/samba-client.control b/package/samba/ipkg/samba-client.control new file mode 100644 index 000000000..d829a7a0c --- /dev/null +++ b/package/samba/ipkg/samba-client.control @@ -0,0 +1,6 @@ +Package: samba-client +Priority: optional +Section: net +Maintainer: Oliver Ertl <oliver@ertl-net.net>, OpenWrt Developers Team <bugs@openwrt.org> +Source: http://openwrt.org/cgi-bin/viewcvs.cgi/openwrt/package/samba/ +Description: NetBIOS/SMB client diff --git a/package/samba/ipkg/samba.conffiles b/package/samba/ipkg/samba.conffiles new file mode 100644 index 000000000..5c10c50ad --- /dev/null +++ b/package/samba/ipkg/samba.conffiles @@ -0,0 +1 @@ +/etc/samba/smb.conf diff --git a/package/samba/ipkg/samba.control b/package/samba/ipkg/samba.control new file mode 100644 index 000000000..01419db13 --- /dev/null +++ b/package/samba/ipkg/samba.control @@ -0,0 +1,7 @@ +Package: samba +Priority: optional +Section: net +Maintainer: Oliver Ertl <oliver@ertl-net.net>, OpenWrt Developers Team <bugs@openwrt.org> +Source: http://openwrt.org/cgi-bin/viewcvs.cgi/openwrt/package/samba/ +Description: NetBIOS/SMB file and print server +Depends: cups diff --git a/package/samba/patches/100-samba.patch b/package/samba/patches/100-samba.patch new file mode 100644 index 000000000..3d41af78e --- /dev/null +++ b/package/samba/patches/100-samba.patch @@ -0,0 +1,489 @@ +diff -ur samba-2.0.10/source/include/smb.h samba/source/include/smb.h +--- samba-2.0.10/source/include/smb.h	2001-06-23 12:52:20.000000000 +0400 ++++ samba/source/include/smb.h	2005-05-21 21:09:03.204222704 +0400 +@@ -115,6 +115,22 @@ +  *               Usage: +  *                 DEBUGADD( 2, ("Some additional text.\n") ); +  */ ++  ++#ifdef NDEBUG ++ ++#define DEBUGLVL( level ) \ ++  ( (0 == (level)) \ ++   && dbghdr( level, FILE_MACRO, FUNCTION_MACRO, (__LINE__) ) ) ++ ++#define DEBUG( level, body ) \ ++  (void)( (0 == (level)) \ ++       && (dbghdr( level, FILE_MACRO, FUNCTION_MACRO, (__LINE__) )) \ ++       && (dbgtext body) ) ++ ++#define DEBUGADD( level, body )	\ ++  (void)( (0 == (level)) && (dbgtext body) ) ++ ++#else + #define DEBUGLVL( level ) \ +   ( (DEBUGLEVEL >= (level)) \ +    && dbghdr( level, FILE_MACRO, FUNCTION_MACRO, (__LINE__) ) ) +@@ -140,7 +156,7 @@ +   (void)( (DEBUGLEVEL >= (level)) && (dbgtext body) ) +  + #endif +- ++#endif + /* End Debugging code section. +  * -------------------------------------------------------------------------- ** +  */ +@@ -1612,7 +1628,9 @@ + #define CAP_LOCK_AND_READ    0x0100 + #define CAP_NT_FIND          0x0200 + #define CAP_DFS              0x1000 ++#define CAP_W2K_SMBS         0x2000 + #define CAP_LARGE_READX      0x4000 ++#define CAP_LARGE_WRITEX     0x8000 + #define CAP_EXTENDED_SECURITY 0x80000000 +  + /* protocol types. It assumes that higher protocols include lower protocols +diff -ur samba-2.0.10/source/Makefile.in samba/source/Makefile.in +--- samba-2.0.10/source/Makefile.in	2000-03-17 01:57:08.000000000 +0300 ++++ samba/source/Makefile.in	2005-05-21 20:59:57.130238568 +0400 +@@ -37,8 +37,8 @@ + # set these to where to find various files + # These can be overridden by command line switches (see smbd(8)) + # or in smb.conf (see smb.conf(5)) +-SMBLOGFILE = $(VARDIR)/log.smb +-NMBLOGFILE = $(VARDIR)/log.nmb ++SMBLOGFILE = $(VARDIR)/smb ++NMBLOGFILE = $(VARDIR)/nmb + CONFIGFILE = $(LIBDIR)/smb.conf + LMHOSTSFILE = $(LIBDIR)/lmhosts + DRIVERFILE = $(LIBDIR)/printers.def +@@ -55,7 +55,7 @@ + LOCKDIR = @lockdir@ +  + # The directory where code page definition files go +-CODEPAGEDIR = $(LIBDIR)/codepages ++CODEPAGEDIR = $(BASEDIR)/codepages +  + # The current codepage definition list. + CODEPAGELIST= 437 737 775 850 852 861 932 866 949 950 936 1251 ISO8859-1 ISO8859-2 ISO8859-5 ISO8859-7 KOI8-R +@@ -82,6 +82,7 @@ + PROGS2 = bin/rpcclient bin/smbpasswd bin/make_smbcodepage bin/make_unicodemap @WRAP@ @WRAP32@ + MPROGS = @MPROGS@ + PROGS = $(PROGS1) $(PROGS2) $(MPROGS) bin/nmblookup bin/make_printerdef  ++SHAREDPROGS = bin/smbd.shared bin/nmbd.shared bin/smbpasswd.shared +  + SCRIPTS = $(srcdir)/script/smbtar $(srcdir)/script/addtosmbpass $(srcdir)/script/convert_smbpasswd +  +@@ -159,6 +160,8 @@ +            $(RPC_SERVER_OBJ) $(RPC_CLIENT_OBJ) $(RPC_PARSE_OBJ) \ +            $(LOCKING_OBJ) $(PASSDB_OBJ) $(PRINTING_OBJ) $(PROFILE_OBJ) $(LIB_OBJ) +  ++SMBDSHARED_OBJ = $(SMBD_OBJ1) $(RPC_SERVER_OBJ) \ ++           $(LOCKING_OBJ) $(PROFILE_OBJ) #$(PRINTING_OBJ) +  + NMBD_OBJ1 = nmbd/asyncdns.o nmbd/nmbd.o nmbd/nmbd_become_dmb.o \ +             nmbd/nmbd_become_lmb.o nmbd/nmbd_browserdb.o \ +@@ -176,6 +179,8 @@ + NMBD_OBJ = $(NMBD_OBJ1) $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) \ +            $(LIB_OBJ) +  ++NMBDSHARED_OBJ = $(NMBD_OBJ1) ++ + SWAT_OBJ = web/cgi.o web/diagnose.o web/startstop.o web/statuspage.o \ +            web/swat.o $(LIBSMB_OBJ) $(LOCKING_OBJ) \ +            $(PARAM_OBJ) $(PASSDB_OBJ) $(RPC_CLIENT_OBJ) $(RPC_PARSE_OBJ) \ +@@ -207,6 +212,8 @@ + SMBPASSWD_OBJ = utils/smbpasswd.o $(PARAM_OBJ) $(LIBSMB_OBJ) $(PASSDB_OBJ) \ +                 $(UBIQX_OBJ) $(RPC_CLIENT_OBJ) $(RPC_PARSE_OBJ) $(LIB_OBJ) +  ++SMBPASSWDSHARED_OBJ = utils/smbpasswd.o ++ + RPCCLIENT_OBJ = rpcclient/rpcclient.o \ +              rpcclient/display.o \ +              rpcclient/cmd_lsarpc.o \ +@@ -265,6 +272,11 @@ + PROTO_OBJ = $(SMBD_OBJ) $(NMBD_OBJ) $(SWAT_OBJ) $(CLIENT_OBJ) \ + 	    $(RPCCLIENT_OBJ) $(SMBWRAPPER_OBJ) $(SMBTORTURE_OBJ) +  ++LIBSMBSHARED_OBJ = $(LIB_OBJ) $(LIBSMB_OBJ) $(PARAM_OBJ) $(UBIQX_OBJ) \ ++		$(PASSDB_OBJ) $(RPC_PARSE_OBJ) #$(RPC_CLIENT_OBJ) ++ ++LIBSMB_PICOBJS = $(LIBSMBSHARED_OBJ:.o=.po) ++ + PICOBJS = $(SMBWRAPPER_OBJ:.o=.po) + PICOBJS32 = $(SMBWRAPPER_OBJ:.o=.po32) +  +@@ -274,6 +286,8 @@ +  + all : CHECK $(SPROGS) $(PROGS)  +  ++shared : CHECK $(SHAREDPROGS) ++ + smbwrapper : CHECK bin/smbsh bin/smbwrapper.@SHLIBEXT@ @WRAP32@ +  + smbtorture : CHECK bin/smbtorture +@@ -359,10 +373,18 @@ + 	@echo Linking $@ + 	@$(CC) $(FLAGS) -o $@ $(SMBD_OBJ) $(LDFLAGS) $(LIBS)  +  ++bin/smbd.shared: $(SMBDSHARED_OBJ) bin/libsmb.@SHLIBEXT@ bin/.dummy ++	@echo Linking $@ ++	@$(CC) $(FLAGS) -o $@ $(SMBDSHARED_OBJ) $(LDFLAGS) $(LIBS) -Lbin -lsmb ++ + bin/nmbd: $(NMBD_OBJ) bin/.dummy + 	@echo Linking $@ + 	@$(CC) $(FLAGS) -o $@ $(NMBD_OBJ) $(LDFLAGS) $(LIBS) +  ++bin/nmbd.shared: $(NMBDSHARED_OBJ) bin/libsmb.@SHLIBEXT@ bin/.dummy ++	@echo Linking $@ ++	@$(CC) $(FLAGS) -o $@ $(NMBDSHARED_OBJ) $(LDFLAGS) $(LIBS) -Lbin -lsmb ++ + bin/swat: $(SWAT_OBJ) bin/.dummy + 	@echo Linking $@ + 	@$(CC) $(FLAGS) -o $@ $(SWAT_OBJ) $(LDFLAGS) $(LIBS)  +@@ -411,6 +433,10 @@ + 	@echo Linking $@ + 	@$(CC) $(FLAGS) -o $@ $(SMBPASSWD_OBJ) $(LDFLAGS) $(LIBS) +  ++bin/smbpasswd.shared: $(SMBPASSWDSHARED_OBJ) bin/libsmb.@SHLIBEXT@ bin/.dummy ++	@echo Linking $@ ++	@$(CC) $(FLAGS) -o $@ $(SMBPASSWDSHARED_OBJ) $(LDFLAGS) $(LIBS) -Lbin -lsmb ++ + bin/make_smbcodepage: $(MAKE_SMBCODEPAGE_OBJ) bin/.dummy + 	@echo Linking $@ + 	@$(CC) $(FLAGS) -o $@ $(MAKE_SMBCODEPAGE_OBJ) $(LDFLAGS) $(LIBS) +@@ -459,6 +485,10 @@ + 	@echo Linking $@ + 	@$(CC) $(FLAGS) -o $@ $(SMBSH_OBJ) $(LDFLAGS) $(LIBS) +  ++bin/libsmb.@SHLIBEXT@: $(LIBSMB_PICOBJS) bin/.dummy ++	@echo Linking shared library $@ ++	@$(LD) @LDSHFLAGS@ -o $@ $(LIBSMB_PICOBJS) $(LIBS) ++ + install: installbin installman installscripts installcp installswat +  + installdirs: +@@ -518,7 +548,7 @@ + 	ctags `find . -name "*.[ch]" | grep -v /CVS/` +  + realclean: clean +-	-rm -f config.log $(PROGS) $(SPROGS) bin/.dummy ++	-rm -f config.log $(PROGS) $(SPROGS) $(SHAREDPROGS) bin/.dummy + 	-rmdir bin +  + distclean: realclean +diff -ur samba-2.0.10/source/nmbd/nmbd_mynames.c samba/source/nmbd/nmbd_mynames.c +--- samba-2.0.10/source/nmbd/nmbd_mynames.c	2000-03-17 01:59:24.000000000 +0300 ++++ samba/source/nmbd/nmbd_mynames.c	2005-05-21 20:57:26.672111680 +0400 +@@ -215,8 +215,8 @@ +          */ +         if( !is_refresh_already_queued( subrec, namerec) ) +           refresh_name( subrec, namerec, NULL, NULL, NULL ); +-        namerec->data.death_time += lp_max_ttl(); +-        namerec->data.refresh_time += MIN(lp_max_ttl(), MAX_REFRESH_TIME); ++        namerec->data.death_time = t + lp_max_ttl(); ++        namerec->data.refresh_time = t + MIN(lp_max_ttl(), MAX_REFRESH_TIME); +       } +     } +   } +diff -ur samba-2.0.10/source/smbd/close.c samba/source/smbd/close.c +--- samba-2.0.10/source/smbd/close.c	2000-04-21 21:43:13.000000000 +0400 ++++ samba/source/smbd/close.c	2005-05-21 19:44:59.516979712 +0400 +@@ -122,11 +122,11 @@ + 		last_reference = True; +  +     fsp->fd_ptr = NULL; +- ++#ifdef PRINTING + 	/* NT uses smbclose to start a print - weird */ + 	if (normal_close && fsp->print_file) + 		print_file(conn, fsp); +- ++#endif + 	/* check for magic scripts */ + 	if (normal_close) { + 		check_magic(fsp,conn); +diff -ur samba-2.0.10/source/smbd/ipc.c samba/source/smbd/ipc.c +--- samba-2.0.10/source/smbd/ipc.c	2000-03-30 02:20:06.000000000 +0400 ++++ samba/source/smbd/ipc.c	2005-05-21 19:44:59.559973176 +0400 +@@ -472,7 +472,7 @@ +   PACK(desc,t,v); + } +  +- ++#ifdef PRINTING + /**************************************************************************** +   get a print queue +   ****************************************************************************/ +@@ -1004,7 +1004,7 @@ +    +   return True; + } +- ++#endif + /**************************************************************************** +   get info level for a server list query +   ****************************************************************************/ +@@ -1834,7 +1834,7 @@ +  +   return(True); + } +- ++#ifdef PRINTING + /**************************************************************************** +   delete a print job +   Form: <W> <>  +@@ -2091,7 +2091,7 @@ + 	 + 	return(True); + } +- ++#endif +  + /**************************************************************************** +   get info about the server +@@ -2756,7 +2756,7 @@ +  +   return(True); + } +- ++#ifdef PRINTING + /**************************************************************************** +   api_WPrintJobEnumerate +   ****************************************************************************/ +@@ -3189,7 +3189,7 @@ +   DEBUG(4,("WPrintPortEnum: errorcode %d\n",desc.errcode)); +   return(True); + } +- ++#endif + /**************************************************************************** +  Start the first part of an RPC reply which began with an SMBtrans request. + ****************************************************************************/ +@@ -3407,6 +3407,7 @@ +   {"RNetUserGetInfo",	56,	api_RNetUserGetInfo,0}, +   {"NetUserGetGroups",	59,	api_NetUserGetGroups,0}, +   {"NetWkstaGetInfo",	63,	api_NetWkstaGetInfo,0}, ++#ifdef PRINTING +   {"DosPrintQEnum",	69,	api_DosPrintQEnum,0}, +   {"DosPrintQGetInfo",	70,	api_DosPrintQGetInfo,0}, +   {"WPrintQueuePause",  74, api_WPrintQueuePurge,0}, +@@ -3418,16 +3419,21 @@ +   {"RDosPrintJobResume",83,	api_RDosPrintJobDel,0}, +   {"WPrintDestEnum",	84,	api_WPrintDestEnum,0}, +   {"WPrintDestGetInfo",	85,	api_WPrintDestGetInfo,0}, ++#endif +   {"NetRemoteTOD",	91,	api_NetRemoteTOD,0}, ++#ifdef PRINTING +   {"WPrintQueuePurge",	103,	api_WPrintQueuePurge,0}, ++#endif +   {"NetServerEnum",	104,	api_RNetServerEnum,0}, +   {"WAccessGetUserPerms",105,	api_WAccessGetUserPerms,0}, +   {"SetUserPassword",	115,	api_SetUserPassword,0}, +   {"WWkstaUserLogon",	132,	api_WWkstaUserLogon,0}, ++#ifdef PRINTING +   {"PrintJobInfo",	147,	api_PrintJobInfo,0}, +   {"WPrintDriverEnum",	205,	api_WPrintDriverEnum,0}, +   {"WPrintQProcEnum",	206,	api_WPrintQProcEnum,0}, +   {"WPrintPortEnum",	207,	api_WPrintPortEnum,0}, ++#endif +   {"SamOEMChangePassword", 214, api_SamOEMChangePassword,0}, +   {NULL,		-1,	api_Unsupported,0}}; +  +diff -ur samba-2.0.10/source/smbd/negprot.c samba/source/smbd/negprot.c +--- samba-2.0.10/source/smbd/negprot.c	2000-03-17 01:59:47.000000000 +0300 ++++ samba/source/smbd/negprot.c	2005-05-21 21:09:16.025273608 +0400 +@@ -160,7 +160,7 @@ +   /* dual names + lock_and_read + nt SMBs + remote API calls */ +   int capabilities = CAP_NT_FIND|CAP_LOCK_AND_READ| +                      (lp_nt_smb_support() ? CAP_NT_SMBS | CAP_RPC_REMOTE_APIS : 0) | +-                     (SMB_OFF_T_BITS == 64 ? CAP_LARGE_FILES : 0); ++                     (SMB_OFF_T_BITS == 64 ? CAP_LARGE_FILES | CAP_LARGE_READX | CAP_LARGE_WRITEX /*| CAP_W2K_SMBS*/ : 0); +  +  + /* +diff -ur samba-2.0.10/source/smbd/password.c samba/source/smbd/password.c +--- samba-2.0.10/source/smbd/password.c	2000-03-17 01:59:48.000000000 +0300 ++++ samba/source/smbd/password.c	2005-05-21 19:44:59.562972720 +0400 +@@ -1149,7 +1149,7 @@ +  +   return(True); + } +- ++#ifdef RPCCLIENT + /*********************************************************************** +  Connect to a remote machine for domain security authentication +  given a name or IP address. +@@ -1504,3 +1504,4 @@ +   cli_shutdown(&cli); +   return True; + } ++#endif +diff -ur samba-2.0.10/source/smbd/process.c samba/source/smbd/process.c +--- samba-2.0.10/source/smbd/process.c	2000-04-15 04:21:27.000000000 +0400 ++++ samba/source/smbd/process.c	2005-05-21 19:44:59.583969528 +0400 +@@ -343,10 +343,12 @@ +    {SMBlseek,"SMBlseek",reply_lseek,AS_USER}, +    {SMBflush,"SMBflush",reply_flush,AS_USER}, +    {SMBctemp,"SMBctemp",reply_ctemp,AS_USER | QUEUE_IN_OPLOCK }, ++#ifdef PRINTING +    {SMBsplopen,"SMBsplopen",reply_printopen,AS_USER | QUEUE_IN_OPLOCK }, +    {SMBsplclose,"SMBsplclose",reply_printclose,AS_USER}, +    {SMBsplretq,"SMBsplretq",reply_printqueue,AS_USER}, +    {SMBsplwr,"SMBsplwr",reply_printwrite,AS_USER}, ++#endif +    {SMBlock,"SMBlock",reply_lock,AS_USER}, +    {SMBunlock,"SMBunlock",reply_unlock,AS_USER}, +     +@@ -908,7 +910,7 @@ +     DEBUG(2,("Closing idle connection 2.\n")); +     return False; +   } +- ++#ifdef RPCLIENT +   if(global_machine_password_needs_changing) +   { +     unsigned char trust_passwd_hash[16]; +@@ -954,7 +956,7 @@ +     trust_password_unlock(); +     global_machine_password_needs_changing = False; +   } +- ++#endif +   /* +    * Check to see if we have any blocking locks +    * outstanding on the queue. +diff -ur samba-2.0.10/source/smbd/reply.c samba/source/smbd/reply.c +--- samba-2.0.10/source/smbd/reply.c	2001-06-23 12:51:24.000000000 +0400 ++++ samba/source/smbd/reply.c	2005-05-21 19:44:59.628962688 +0400 +@@ -597,12 +597,12 @@ +  +   if (!check_domain_match(orig_user, domain)) +      return False; +- ++#ifdef RPCCLIENT +   ret = domain_client_validate(orig_user, domain, +                                 smb_apasswd, smb_apasslen, +                                 smb_ntpasswd, smb_ntpasslen, +                                 &user_exists); +- ++#endif +   if(ret) { +     /* +      * User validated ok against Domain controller. +@@ -2991,7 +2991,7 @@ + 	return -1; + } +  +- ++#ifdef PRINTING + /**************************************************************************** +   reply to a printopen + ****************************************************************************/ +@@ -3176,7 +3176,7 @@ +    +   return(outsize); + } +- ++#endif +  + /**************************************************************************** +   reply to a mkdir +diff -ur samba-2.0.10/source/smbd/server.c samba/source/smbd/server.c +--- samba-2.0.10/source/smbd/server.c	2000-03-17 01:59:52.000000000 +0300 ++++ samba/source/smbd/server.c	2005-05-21 19:44:59.649959496 +0400 +@@ -300,9 +300,9 @@ + 	lp_killunused(conn_snum_used); +  + 	ret = lp_load(servicesf,False,False,True); +- ++#ifdef PRINTING + 	load_printers(); +- ++#endif + 	/* perhaps the config filename is now set */ + 	if (!test) + 		reload_services(True); +diff -ur samba-2.0.10/source/smbd/service.c samba/source/smbd/service.c +--- samba-2.0.10/source/smbd/service.c	2000-03-17 01:59:52.000000000 +0300 ++++ samba/source/smbd/service.c	2005-05-21 19:44:59.670956304 +0400 +@@ -121,7 +121,7 @@ +       } +      } +    } +- ++#ifdef PRINTING +    /* If we still don't have a service, attempt to add it as a printer. */ +    if (iService < 0) +    { +@@ -146,7 +146,7 @@ +             DEBUG(3,("%s is not a valid printer name\n", service)); +       } +    } +- ++#endif +    /* just possibly it's a default service? */ +    if (iService < 0)  +    { +diff -ur samba-2.0.10/source/utils/smbpasswd.c samba/source/utils/smbpasswd.c +--- samba-2.0.10/source/utils/smbpasswd.c	2000-03-17 01:59:57.000000000 +0300 ++++ samba/source/utils/smbpasswd.c	2005-05-21 19:44:59.671956152 +0400 +@@ -71,7 +71,7 @@ + 	} + 	exit(1); + } +- ++#ifdef RPCCLIENT + /********************************************************* + Join a domain. + **********************************************************/ +@@ -143,7 +143,7 @@ + 	 + 	return (int)ret; + } +- ++#endif +  + static void set_line_buffering(FILE *f) + { +@@ -335,13 +335,13 @@ + 	if((local_flags & (LOCAL_ADD_USER|LOCAL_DELETE_USER)) && ((remote_machine != NULL) || joining_domain)) { + 		usage(); + 	} +-	 ++#ifdef RPCCLIENT	 + 	if(joining_domain) { + 		if (argc != 0) + 			usage(); + 		return join_domain(new_domain, remote_machine); + 	} +- ++#endif + 	/* + 	 * Deal with root - can add a user, but only locally. + 	 */ +diff -ur samba-2.0.10/source/web/swat.c samba/source/web/swat.c +--- samba-2.0.10/source/web/swat.c	2000-04-11 21:36:36.000000000 +0400 ++++ samba/source/web/swat.c	2005-05-21 19:44:59.692952960 +0400 +@@ -357,8 +357,9 @@ +                 return 0; +         } + 	iNumNonAutoPrintServices = lp_numservices(); ++#ifdef PRINTING + 	load_printers(); +- ++#endif + 	return 1; + } +  +@@ -997,8 +998,9 @@ + 	charset_initialise(); + 	load_config(True); + 	iNumNonAutoPrintServices = lp_numservices(); ++#ifdef PRINTING + 	load_printers(); +- ++#endif + 	cgi_setup(SWATDIR, !demo_mode); +  + 	print_header(); diff --git a/package/samba/patches/200-security.patch b/package/samba/patches/200-security.patch new file mode 100644 index 000000000..7fb34f94f --- /dev/null +++ b/package/samba/patches/200-security.patch @@ -0,0 +1,611 @@ +diff -ur samba-2.0.10/source/include/smb.h samba-2.0.10-security/source/include/smb.h +--- samba-2.0.10/source/include/smb.h	2001-06-23 12:52:20.000000000 +0400 ++++ samba-2.0.10-security/source/include/smb.h	2005-05-21 21:51:17.206995728 +0400 +@@ -256,6 +256,7 @@ + #define ERRlock 33 /* Lock request conflicts with existing lock */ + #define ERRunsup 50 /* Request unsupported, returned by Win 95, RJS 20Jun98 */ + #define ERRfilexists 80 /* File in operation already exists */ ++#define ERRinvalidparam 87 + #define ERRcannotopen 110 /* Cannot open the file specified */ + #define ERRunknownlevel 124 + #define ERRrename 183 +@@ -1893,4 +1894,7 @@ +  + #define SAFE_NETBIOS_CHARS ". -_" +  ++#ifndef SAFE_FREE ++#define SAFE_FREE(x) do { if ((x) != NULL) {free((x)); (x)=NULL;} } while(0) ++#endif + #endif /* _SMB_H */ +diff -ur samba-2.0.10/source/include/version.h samba-2.0.10-security/source/include/version.h +--- samba-2.0.10/source/include/version.h	2001-06-23 17:23:59.000000000 +0400 ++++ samba-2.0.10-security/source/include/version.h	2005-05-21 21:51:17.227992536 +0400 +@@ -1 +1 @@ +-#define VERSION "2.0.10" ++#define VERSION "2.0.10-security-rollup" +diff -ur samba-2.0.10/source/smbd/filename.c samba-2.0.10-security/source/smbd/filename.c +--- samba-2.0.10/source/smbd/filename.c	2000-03-17 01:59:44.000000000 +0300 ++++ samba-2.0.10-security/source/smbd/filename.c	2005-05-21 21:51:17.403965784 +0400 +@@ -172,7 +172,7 @@ +    * StrnCpy always null terminates. +    */ +  +-  StrnCpy(orig_name, full_orig_name, namelen); ++  StrnCpy(orig_name, full_orig_name, MIN(namelen, sizeof(orig_name)-1)); +   if(!case_sensitive) +     strupper( orig_name ); +  +diff -ur samba-2.0.10/source/smbd/ipc.c samba-2.0.10-security/source/smbd/ipc.c +--- samba-2.0.10/source/smbd/ipc.c	2000-03-30 02:20:06.000000000 +0400 ++++ samba-2.0.10-security/source/smbd/ipc.c	2005-05-21 21:51:17.269986152 +0400 +@@ -3550,18 +3550,18 @@ + 	uint16 *setup=NULL; + 	int outsize = 0; + 	uint16 vuid = SVAL(inbuf,smb_uid); +-	int tpscnt = SVAL(inbuf,smb_vwv0); +-	int tdscnt = SVAL(inbuf,smb_vwv1); +-	int mprcnt = SVAL(inbuf,smb_vwv2); +-	int mdrcnt = SVAL(inbuf,smb_vwv3); +-	int msrcnt = CVAL(inbuf,smb_vwv4); ++	unsigned int tpscnt = SVAL(inbuf,smb_vwv0); ++	unsigned int tdscnt = SVAL(inbuf,smb_vwv1); ++	unsigned int mprcnt = SVAL(inbuf,smb_vwv2); ++	unsigned int mdrcnt = SVAL(inbuf,smb_vwv3); ++	unsigned int msrcnt = CVAL(inbuf,smb_vwv4); + 	BOOL close_on_completion = BITSETW(inbuf+smb_vwv5,0); + 	BOOL one_way = BITSETW(inbuf+smb_vwv5,1); +-	int pscnt = SVAL(inbuf,smb_vwv9); +-	int psoff = SVAL(inbuf,smb_vwv10); +-	int dscnt = SVAL(inbuf,smb_vwv11); +-	int dsoff = SVAL(inbuf,smb_vwv12); +-	int suwcnt = CVAL(inbuf,smb_vwv13); ++	unsigned int pscnt = SVAL(inbuf,smb_vwv9); ++	unsigned int psoff = SVAL(inbuf,smb_vwv10); ++	unsigned int dscnt = SVAL(inbuf,smb_vwv11); ++	unsigned int dsoff = SVAL(inbuf,smb_vwv12); ++	unsigned int suwcnt = CVAL(inbuf,smb_vwv13); +  + 	memset(name, '\0',sizeof(name)); + 	fstrcpy(name,smb_buf(inbuf)); +@@ -3572,31 +3572,48 @@ +    + 	if (tdscnt)  { + 		if((data = (char *)malloc(tdscnt)) == NULL) { +-			DEBUG(0,("reply_trans: data malloc fail for %d bytes !\n", tdscnt)); ++			DEBUG(0,("reply_trans: data malloc fail for %u bytes !\n", tdscnt)); + 			return(ERROR(ERRDOS,ERRnomem)); + 		}  ++		if ((dsoff+dscnt < dsoff) || (dsoff+dscnt < dscnt)) ++			goto bad_param; ++		if (smb_base(inbuf)+dsoff+dscnt > inbuf + size) ++			goto bad_param; ++ + 		memcpy(data,smb_base(inbuf)+dsoff,dscnt); + 	} +  + 	if (tpscnt) { + 		if((params = (char *)malloc(tpscnt)) == NULL) { +-			DEBUG(0,("reply_trans: param malloc fail for %d bytes !\n", tpscnt)); ++			DEBUG(0,("reply_trans: param malloc fail for %u bytes !\n", tpscnt)); ++			SAFE_FREE(data); + 			return(ERROR(ERRDOS,ERRnomem)); + 		}  ++		if ((psoff+pscnt < psoff) || (psoff+pscnt < pscnt)) ++			goto bad_param; ++		if (smb_base(inbuf)+psoff+pscnt > inbuf + size) ++			goto bad_param; ++ + 		memcpy(params,smb_base(inbuf)+psoff,pscnt); + 	} +  + 	if (suwcnt) { + 		int i; + 		if((setup = (uint16 *)malloc(suwcnt*sizeof(uint16))) == NULL) { +-          DEBUG(0,("reply_trans: setup malloc fail for %d bytes !\n", (int)(suwcnt * sizeof(uint16)))); +-		  return(ERROR(ERRDOS,ERRnomem)); +-        }  ++			DEBUG(0,("reply_trans: setup malloc fail for %u bytes !\n", (unsigned int)(suwcnt * sizeof(uint16)))); ++			SAFE_FREE(data); ++			SAFE_FREE(params); ++			return(ERROR(ERRDOS,ERRnomem)); ++		}  ++		if (inbuf+smb_vwv14+(suwcnt*SIZEOFWORD) > inbuf + size) ++			goto bad_param; ++		if ((smb_vwv14+(suwcnt*SIZEOFWORD) < smb_vwv14) || (smb_vwv14+(suwcnt*SIZEOFWORD) < (suwcnt*SIZEOFWORD))) ++			goto bad_param; ++ + 		for (i=0;i<suwcnt;i++) + 			setup[i] = SVAL(inbuf,smb_vwv14+i*SIZEOFWORD); + 	} +  +- + 	if (pscnt < tpscnt || dscnt < tdscnt) { + 		/* We need to send an interim response then receive the rest + 		   of the parameter/data bytes */ +@@ -3608,7 +3625,7 @@ + 	/* receive the rest of the trans packet */ + 	while (pscnt < tpscnt || dscnt < tdscnt) { + 		BOOL ret; +-		int pcnt,poff,dcnt,doff,pdisp,ddisp; ++		unsigned int pcnt,poff,dcnt,doff,pdisp,ddisp; +        + 		ret = receive_next_smb(inbuf,bufsize,SMB_SECONDARY_WAIT); +  +@@ -3619,19 +3636,19 @@ + 				DEBUG(0,("reply_trans: %s in getting secondary trans response.\n", + 					 (smb_read_error == READ_ERROR) ? "error" : "timeout" )); + 			} +-			if (params) +-				free(params); +-			if (data) +-				free(data); +-			if (setup) +-				free(setup); ++			SAFE_FREE(params); ++			SAFE_FREE(data); ++			SAFE_FREE(setup); + 			return(ERROR(ERRSRV,ERRerror)); + 		} +  + 		show_msg(inbuf); +        +-		tpscnt = SVAL(inbuf,smb_vwv0); +-		tdscnt = SVAL(inbuf,smb_vwv1); ++		/* Revise total_params and total_data in case they have changed downwards */ ++		if (SVAL(inbuf,smb_vwv0) < tpscnt) ++			tpscnt = SVAL(inbuf,smb_vwv0); ++		if (SVAL(inbuf,smb_vwv1) < tdscnt) ++			tdscnt = SVAL(inbuf,smb_vwv1); +  + 		pcnt = SVAL(inbuf,smb_vwv2); + 		poff = SVAL(inbuf,smb_vwv3); +@@ -3644,17 +3661,36 @@ + 		pscnt += pcnt; + 		dscnt += dcnt; + 		 +-		if (dscnt > tdscnt || pscnt > tpscnt) { +-			exit_server("invalid trans parameters\n"); +-		} ++		if (dscnt > tdscnt || pscnt > tpscnt) ++			goto bad_param; + 		 +-		if (pcnt) ++		if (pcnt) { ++			if (pdisp+pcnt >= tpscnt) ++				goto bad_param; ++			if ((pdisp+pcnt < pdisp) || (pdisp+pcnt < pcnt)) ++				goto bad_param; ++			if (smb_base(inbuf) + poff + pcnt >= inbuf + bufsize) ++				goto bad_param; ++			if (params + pdisp < params) ++				goto bad_param; ++ + 			memcpy(params+pdisp,smb_base(inbuf)+poff,pcnt); +-		if (dcnt) ++		} ++ ++		if (dcnt) { ++			if (ddisp+dcnt >= tdscnt) ++				goto bad_param; ++			if ((ddisp+dcnt < ddisp) || (ddisp+dcnt < dcnt)) ++				goto bad_param; ++			if (smb_base(inbuf) + doff + dcnt >= inbuf + bufsize) ++				goto bad_param; ++			if (data + ddisp < data) ++				goto bad_param; ++ + 			memcpy(data+ddisp,smb_base(inbuf)+doff,dcnt);       ++		} + 	} +-	 +-	 ++ + 	DEBUG(3,("trans <%s> data=%d params=%d setup=%d\n", + 		 name,tdscnt,tpscnt,suwcnt)); + 	 +@@ -3694,4 +3730,12 @@ + 		return(ERROR(ERRSRV,ERRnosupport)); + 	 + 	return(outsize); ++ ++  bad_param: ++ ++	DEBUG(0,("reply_trans: invalid trans parameters\n")); ++	SAFE_FREE(data); ++	SAFE_FREE(params); ++	SAFE_FREE(setup); ++	return(ERROR(ERRSRV,ERRerror)); + } +diff -ur samba-2.0.10/source/smbd/nttrans.c samba-2.0.10-security/source/smbd/nttrans.c +--- samba-2.0.10/source/smbd/nttrans.c	2000-04-24 21:27:30.000000000 +0400 ++++ samba-2.0.10-security/source/smbd/nttrans.c	2005-05-21 21:51:17.314979312 +0400 +@@ -2575,11 +2575,14 @@ +     params = (char *)malloc(total_parameter_count); +   if (total_data_count > 0) +     data = (char *)malloc(total_data_count); +-  ++ +   if ((total_parameter_count && !params)  || (total_data_count && !data) || +       (setup_count && !setup)) { ++    SAFE_FREE(setup); ++    SAFE_FREE(params); ++    SAFE_FREE(data); +     DEBUG(0,("reply_nttrans : Out of memory\n")); +-    return(ERROR(ERRDOS,ERRnomem)); ++    return ERROR(ERRDOS,ERRnomem); +   } +  +   /* Copy the param and data bytes sent with this request into +@@ -2588,64 +2591,112 @@ +   num_data_sofar = data_count; +  +   if (parameter_count > total_parameter_count || data_count > total_data_count) +-    exit_server("reply_nttrans: invalid sizes in packet.\n"); ++    goto bad_param; +  +   if(setup) { +-    memcpy( setup, &inbuf[smb_nt_SetupStart], setup_count); +     DEBUG(10,("reply_nttrans: setup_count = %d\n", setup_count)); +-    dump_data(10, setup, setup_count); ++    if ((smb_nt_SetupStart + setup_count < smb_nt_SetupStart) || ++	(smb_nt_SetupStart + setup_count < setup_count)) ++      goto bad_param; ++    if (smb_nt_SetupStart + setup_count > length) ++      goto bad_param; ++     ++    memcpy( setup, &inbuf[smb_nt_SetupStart], setup_count); +   } +   if(params) { +-    memcpy( params, smb_base(inbuf) + parameter_offset, parameter_count); +     DEBUG(10,("reply_nttrans: parameter_count = %d\n", parameter_count)); +-    dump_data(10, params, parameter_count); ++    if ((parameter_offset + parameter_count < parameter_offset) || ++	(parameter_offset + parameter_count < parameter_count)) ++      goto bad_param; ++    if (smb_base(inbuf) + parameter_offset + parameter_count > inbuf + length) ++      goto bad_param; ++     ++    memcpy( params, smb_base(inbuf) + parameter_offset, parameter_count); +   } +   if(data) { +-    memcpy( data, smb_base(inbuf) + data_offset, data_count); +     DEBUG(10,("reply_nttrans: data_count = %d\n",data_count)); +-    dump_data(10, data, data_count); ++    if ((data_offset + data_count < data_offset) || (data_offset + data_count < data_count)) ++      goto bad_param; ++    if (smb_base(inbuf) + data_offset + data_count > inbuf + length) ++      goto bad_param; ++     ++    memcpy( data, smb_base(inbuf) + data_offset, data_count); ++ +   } +  +   if(num_data_sofar < total_data_count || num_params_sofar < total_parameter_count) { +     /* We need to send an interim response then receive the rest +        of the parameter/data bytes */ +     outsize = set_message(outbuf,0,0,True); +-    send_smb(Client,outbuf); ++    if (!send_smb(Client,outbuf)) ++      exit_server("reply_nttrans: send_smb failed."); +  +     while( num_data_sofar < total_data_count || num_params_sofar < total_parameter_count) { +       BOOL ret; +- ++      uint32 parameter_displacement; ++      uint32 data_displacement; ++       +       ret = receive_next_smb(inbuf,bufsize,SMB_SECONDARY_WAIT); +- ++       +       if((ret && (CVAL(inbuf, smb_com) != SMBnttranss)) || !ret) { +-        outsize = set_message(outbuf,0,0,True); +-        if(ret) { +-		DEBUG(0,("reply_nttrans: Invalid secondary nttrans packet\n")); +-        } else { +-		DEBUG(0,("reply_nttrans: %s in getting secondary nttrans response.\n", +-			 (smb_read_error == READ_ERROR) ? "error" : "timeout" )); ++	outsize = set_message(outbuf,0,0,True); ++	if(ret) { ++	  DEBUG(0,("reply_nttrans: Invalid secondary nttrans packet\n")); ++	} else { ++	  DEBUG(0,("reply_nttrans: %s in getting secondary nttrans response.\n", ++		   (smb_read_error == READ_ERROR) ? "error" : "timeout" )); + 	} +-        if(params) +-          free(params); +-        if(data) +-          free(data); +-        if(setup) +-          free(setup); +-        return(ERROR(ERRSRV,ERRerror)); ++	goto bad_param; +       } +        +       /* Revise total_params and total_data in case they have changed downwards */ +-      total_parameter_count = IVAL(inbuf, smb_nts_TotalParameterCount); +-      total_data_count = IVAL(inbuf, smb_nts_TotalDataCount); +-      num_params_sofar += (parameter_count = IVAL(inbuf,smb_nts_ParameterCount)); +-      num_data_sofar += ( data_count = IVAL(inbuf, smb_nts_DataCount)); +-      if (num_params_sofar > total_parameter_count || num_data_sofar > total_data_count) +-        exit_server("reply_nttrans2: data overflow in secondary nttrans packet\n"); +- +-      memcpy( ¶ms[ IVAL(inbuf, smb_nts_ParameterDisplacement)],  +-              smb_base(inbuf) + IVAL(inbuf, smb_nts_ParameterOffset), parameter_count); +-      memcpy( &data[IVAL(inbuf, smb_nts_DataDisplacement)], +-              smb_base(inbuf)+ IVAL(inbuf, smb_nts_DataOffset), data_count); ++      if (IVAL(inbuf, smb_nts_TotalParameterCount) < total_parameter_count) ++	total_parameter_count = IVAL(inbuf, smb_nts_TotalParameterCount); ++      if (IVAL(inbuf, smb_nts_TotalDataCount) < total_data_count) ++	total_data_count = IVAL(inbuf, smb_nts_TotalDataCount); ++       ++      parameter_count = IVAL(inbuf,smb_nts_ParameterCount); ++      parameter_offset = IVAL(inbuf, smb_nts_ParameterOffset); ++      parameter_displacement = IVAL(inbuf, smb_nts_ParameterDisplacement); ++      num_params_sofar += parameter_count; ++       ++      data_count = IVAL(inbuf, smb_nts_DataCount); ++      data_displacement = IVAL(inbuf, smb_nts_DataDisplacement); ++      data_offset = IVAL(inbuf, smb_nts_DataOffset); ++      num_data_sofar += data_count; ++ ++      if (num_params_sofar > total_parameter_count || num_data_sofar > total_data_count) { ++	DEBUG(0,("reply_nttrans2: data overflow in secondary nttrans packet")); ++	goto bad_param; ++      } ++ ++      if (parameter_count) { ++	if (parameter_displacement + parameter_count >= total_parameter_count) ++	  goto bad_param; ++	if ((parameter_displacement + parameter_count < parameter_displacement) || ++	    (parameter_displacement + parameter_count < parameter_count)) ++	  goto bad_param; ++	if (smb_base(inbuf) + parameter_offset + parameter_count >= inbuf + bufsize) ++	  goto bad_param; ++	if (params + parameter_displacement < params) ++	  goto bad_param; ++	 ++	memcpy( ¶ms[parameter_displacement], smb_base(inbuf) + parameter_offset, parameter_count); ++      } ++       ++      if (data_count) { ++	if (data_displacement + data_count >= total_data_count) ++	  goto bad_param; ++	if ((data_displacement + data_count < data_displacement) || ++	    (data_displacement + data_count < data_count)) ++	  goto bad_param; ++	if (smb_base(inbuf) + data_offset + data_count >= inbuf + bufsize) ++	  goto bad_param; ++	if (data + data_displacement < data) ++	  goto bad_param; ++	 ++	memcpy( &data[data_displacement], smb_base(inbuf)+ data_offset, data_count); ++      } +     } +   } +  +@@ -2714,4 +2765,10 @@ +   return outsize; /* If a correct response was needed the call_nt_transact_xxxx  + 		     calls have already sent it. If outsize != -1 then it is + 		     returning an error packet. */ ++ bad_param: ++ ++  SAFE_FREE(params); ++  SAFE_FREE(data); ++  SAFE_FREE(setup); ++  return ERROR(ERRDOS,ERRinvalidparam); + } +diff -ur samba-2.0.10/source/smbd/password.c samba-2.0.10-security/source/smbd/password.c +--- samba-2.0.10/source/smbd/password.c	2000-03-17 01:59:48.000000000 +0300 ++++ samba-2.0.10-security/source/smbd/password.c	2005-05-21 21:51:17.336975968 +0400 +@@ -770,7 +770,7 @@ +       if (!ok && lp_username(snum)) { + 	char *auser; + 	pstring user_list; +-	StrnCpy(user_list,lp_username(snum),sizeof(pstring)); ++	StrnCpy(user_list,lp_username(snum),sizeof(pstring)-1); +  + 	pstring_sub(user_list,"%S",lp_servicename(snum)); + 	   +diff -ur samba-2.0.10/source/smbd/reply.c samba-2.0.10-security/source/smbd/reply.c +--- samba-2.0.10/source/smbd/reply.c	2001-06-23 12:51:24.000000000 +0400 ++++ samba-2.0.10-security/source/smbd/reply.c	2005-05-21 21:51:17.378969584 +0400 +@@ -1413,6 +1413,9 @@ +  +         for (i=numentries;(i<maxentries) && !finished;i++) +         { ++	  /* check to make sure we have room in the buffer */ ++	  if ( ((PTR_DIFF(p, outbuf))+DIR_STRUCT_SIZE) > BUFFER_SIZE ) ++	  	break; +           finished =  +             !get_dir_entry(conn,mask,dirtype,fname,&size,&mode,&date,check_descend); +           if (!finished) +@@ -3122,6 +3125,9 @@ +      +  + 		for (i=first;i<first+num_to_get;i++) { ++			/* check to make sure we have room in the buffer */ ++			if ( (PTR_DIFF(p, outbuf)+28) > BUFFER_SIZE ) ++				break; + 			put_dos_date2(p,0,queue[i].time); + 			CVAL(p,4) = (queue[i].status==LPQ_PRINTING?2:3); + 			SSVAL(p,5,printjob_encode(SNUM(conn),  +diff -ur samba-2.0.10/source/smbd/trans2.c samba-2.0.10-security/source/smbd/trans2.c +--- samba-2.0.10/source/smbd/trans2.c	2000-04-24 21:27:31.000000000 +0400 ++++ samba-2.0.10-security/source/smbd/trans2.c	2005-05-21 21:51:17.402965936 +0400 +@@ -201,7 +201,6 @@ +   int16 open_ofun = SVAL(params,12); +   int32 open_size = IVAL(params,14); +   char *pname = ¶ms[28]; +-  int16 namelen = strlen(pname)+1; +  +   pstring fname; +   mode_t unixmode; +@@ -213,7 +212,7 @@ +   BOOL bad_path = False; +   files_struct *fsp; +  +-  StrnCpy(fname,pname,namelen); ++  pstrcpy(fname,pname); +  +   DEBUG(3,("trans2open %s mode=%d attr=%d ofun=%d size=%d\n", + 	   fname,open_mode, open_attr, open_ofun, open_size)); +@@ -2185,7 +2184,7 @@ + 	unsigned int suwcnt = SVAL(inbuf, smb_suwcnt); + 	unsigned int tran_call = SVAL(inbuf, smb_setup0); + 	char *params = NULL, *data = NULL; +-	int num_params, num_params_sofar, num_data, num_data_sofar; ++	unsigned int num_params, num_params_sofar, num_data, num_data_sofar; +  + 	if(global_oplock_break && (tran_call == TRANSACT2_OPEN)) { + 		/* Queue this open message as we are the process of an +@@ -2203,8 +2202,9 @@ + 	/* All trans2 messages we handle have smb_sucnt == 1 - ensure this + 	   is so as a sanity check */ + 	if (suwcnt != 1) { +-		DEBUG(2,("Invalid smb_sucnt in trans2 call\n")); +-		return(ERROR(ERRSRV,ERRerror)); ++		DEBUG(2,("Invalid smb_sucnt in trans2 call(%u)\n",suwcnt)); ++		DEBUG(2,("Transaction is %d\n",tran_call)); ++		ERROR(ERRDOS,ERRinvalidparam); + 	} +      + 	/* Allocate the space for the maximum needed parameters and data */ +@@ -2215,11 +2215,9 @@ +    + 	if ((total_params && !params)  || (total_data && !data)) { + 		DEBUG(2,("Out of memory in reply_trans2\n")); +-        if(params) +-          free(params); +-        if(data) +-          free(data);  +-		return(ERROR(ERRDOS,ERRnomem)); ++		SAFE_FREE(params); ++		SAFE_FREE(data);  ++		return ERROR(ERRDOS,ERRnomem); + 	} +  + 	/* Copy the param and data bytes sent with this request into +@@ -2230,20 +2228,37 @@ + 	if (num_params > total_params || num_data > total_data) + 		exit_server("invalid params in reply_trans2"); +  +-	if(params) +-		memcpy( params, smb_base(inbuf) + SVAL(inbuf, smb_psoff), num_params); +-	if(data) +-		memcpy( data, smb_base(inbuf) + SVAL(inbuf, smb_dsoff), num_data); ++	if(params) { ++		unsigned int psoff = SVAL(inbuf, smb_psoff); ++		if ((psoff + num_params < psoff) || (psoff + num_params < num_params)) ++			goto bad_param; ++		if (smb_base(inbuf) + psoff + num_params > inbuf + length) ++			goto bad_param; ++		memcpy( params, smb_base(inbuf) + psoff, num_params); ++	} ++	if(data) { ++		unsigned int dsoff = SVAL(inbuf, smb_dsoff); ++		if ((dsoff + num_data < dsoff) || (dsoff + num_data < num_data)) ++			goto bad_param; ++		if (smb_base(inbuf) + dsoff + num_data > inbuf + length) ++			goto bad_param; ++		memcpy( data, smb_base(inbuf) + dsoff, num_data); ++	} +  + 	if(num_data_sofar < total_data || num_params_sofar < total_params)  { + 		/* We need to send an interim response then receive the rest + 		   of the parameter/data bytes */ + 		outsize = set_message(outbuf,0,0,True); +-		send_smb(Client,outbuf); ++		if (!send_smb(Client,outbuf)) ++			exit_server("reply_trans2: send_smb failed."); +  + 		while (num_data_sofar < total_data ||  + 		       num_params_sofar < total_params) { + 			BOOL ret; ++			unsigned int param_disp; ++			unsigned int param_off; ++			unsigned int data_disp; ++			unsigned int data_off; +  + 			ret = receive_next_smb(inbuf,bufsize,SMB_SECONDARY_WAIT); + 			 +@@ -2255,26 +2270,55 @@ + 				else + 					DEBUG(0,("reply_trans2: %s in getting secondary trans2 response.\n", + 						 (smb_read_error == READ_ERROR) ? "error" : "timeout" )); +-				if(params) +-					free(params); +-				if(data) +-					free(data); +-				return(ERROR(ERRSRV,ERRerror)); ++				goto bad_param; + 			} +        + 			/* Revise total_params and total_data in case +                            they have changed downwards */ +-			total_params = SVAL(inbuf, smb_tpscnt); +-			total_data = SVAL(inbuf, smb_tdscnt); +-			num_params_sofar += (num_params = SVAL(inbuf,smb_spscnt)); +-			num_data_sofar += ( num_data = SVAL(inbuf, smb_sdscnt)); ++			if (SVAL(inbuf, smb_tpscnt) < total_params) ++				total_params = SVAL(inbuf, smb_tpscnt); ++			if (SVAL(inbuf, smb_tdscnt) < total_data) ++				total_data = SVAL(inbuf, smb_tdscnt); ++ ++			num_params = SVAL(inbuf,smb_spscnt); ++			param_off = SVAL(inbuf, smb_spsoff); ++			param_disp = SVAL(inbuf, smb_spsdisp); ++			num_params_sofar += num_params; ++ ++			num_data = SVAL(inbuf, smb_sdscnt); ++			data_off = SVAL(inbuf, smb_sdsoff); ++			data_disp = SVAL(inbuf, smb_sdsdisp); ++			num_data_sofar += num_data; ++ + 			if (num_params_sofar > total_params || num_data_sofar > total_data) +-				exit_server("data overflow in trans2"); ++				goto bad_param; + 			 +-			memcpy( ¶ms[ SVAL(inbuf, smb_spsdisp)],  +-				smb_base(inbuf) + SVAL(inbuf, smb_spsoff), num_params); +-			memcpy( &data[SVAL(inbuf, smb_sdsdisp)], +-				smb_base(inbuf)+ SVAL(inbuf, smb_sdsoff), num_data); ++			if (num_params) { ++				if (param_disp + num_params >= total_params) ++					goto bad_param; ++				if ((param_disp + num_params < param_disp) || ++						(param_disp + num_params < num_params)) ++					goto bad_param; ++				if (smb_base(inbuf) + param_off + num_params >= inbuf + bufsize) ++					goto bad_param; ++				if (params + param_disp < params) ++					goto bad_param; ++ ++				memcpy( ¶ms[param_disp], smb_base(inbuf) + param_off, num_params); ++			} ++			if (num_data) { ++				if (data_disp + num_data >= total_data) ++					goto bad_param; ++				if ((data_disp + num_data < data_disp) || ++						(data_disp + num_data < num_data)) ++					goto bad_param; ++				if (smb_base(inbuf) + data_off + num_data >= inbuf + bufsize) ++					goto bad_param; ++				if (data + data_disp < data) ++					goto bad_param; ++ ++				memcpy( &data[data_disp], smb_base(inbuf) + data_off, num_data); ++			} + 		} + 	} + 	 +@@ -2367,4 +2411,10 @@ + 	return outsize; /* If a correct response was needed the + 			   call_trans2xxx calls have already sent + 			   it. If outsize != -1 then it is returning */ ++ ++  bad_param: ++ ++	SAFE_FREE(params); ++	SAFE_FREE(data); ++	return (ERROR(ERRDOS,ERRinvalidparam)); + } diff --git a/package/samba/patches/300-shared_lib_ldflags_fix.patch b/package/samba/patches/300-shared_lib_ldflags_fix.patch new file mode 100644 index 000000000..7428facc4 --- /dev/null +++ b/package/samba/patches/300-shared_lib_ldflags_fix.patch @@ -0,0 +1,25 @@ +--- samba-2.0.10/source/Makefile.in.orig	2005-08-20 20:34:44.000000000 +0200 ++++ samba-2.0.10/source/Makefile.in	2005-08-20 20:36:27.000000000 +0200 +@@ -475,11 +475,11 @@ +  + bin/smbwrapper.@SHLIBEXT@: $(PICOBJS) + 	@echo Linking shared library $@ +-	@$(LD) @LDSHFLAGS@ -o $@ $(PICOBJS) $(LIBS) ++	@$(LD) @LDSHFLAGS@ -o $@ $(PICOBJS) $(LDFLAGS) $(LIBS) +  + bin/smbwrapper.32.@SHLIBEXT@: $(PICOBJS32) + 	@echo Linking shared library $@ +-	@$(LD) -32 @LDSHFLAGS@ -o $@ $(PICOBJS32) $(LIBS) ++	@$(LD) -32 @LDSHFLAGS@ -o $@ $(PICOBJS32) $(LDFLAGS) $(LIBS) +  + bin/smbsh: $(SMBSH_OBJ) bin/.dummy + 	@echo Linking $@ +@@ -487,7 +487,7 @@ +  + bin/libsmb.@SHLIBEXT@: $(LIBSMB_PICOBJS) bin/.dummy + 	@echo Linking shared library $@ +-	@$(LD) @LDSHFLAGS@ -o $@ $(LIBSMB_PICOBJS) $(LIBS) ++	@$(LD) @LDSHFLAGS@ -o $@ $(LIBSMB_PICOBJS) $(LDFLAGS) $(LIBS) +  + install: installbin installman installscripts installcp installswat +  diff --git a/package/samba/patches/301-config_files_path.patch b/package/samba/patches/301-config_files_path.patch new file mode 100644 index 000000000..089d9f6ef --- /dev/null +++ b/package/samba/patches/301-config_files_path.patch @@ -0,0 +1,25 @@ +diff -ruN samba-2.0.10-old/source/Makefile.in samba-2.0.10-new/source/Makefile.in +--- samba-2.0.10-old/source/Makefile.in	2005-08-22 03:03:17.000000000 +0200 ++++ samba-2.0.10-new/source/Makefile.in	2005-08-22 03:08:23.000000000 +0200 +@@ -31,6 +31,8 @@ + MANDIR = @mandir@ + SAMBABOOK = @sambabook@ +  ++CONFIGDIR = @sysconfdir@ ++ + # The permissions to give the executables + INSTALLPERMS = 0755 +  +@@ -39,9 +41,9 @@ + # or in smb.conf (see smb.conf(5)) + SMBLOGFILE = $(VARDIR)/smb + NMBLOGFILE = $(VARDIR)/nmb +-CONFIGFILE = $(LIBDIR)/smb.conf +-LMHOSTSFILE = $(LIBDIR)/lmhosts +-DRIVERFILE = $(LIBDIR)/printers.def ++CONFIGFILE = $(CONFIGDIR)/smb.conf ++LMHOSTSFILE = $(CONFIGDIR)/lmhosts ++DRIVERFILE = $(CONFIGDIR)/printers.def + PASSWD_PROGRAM = /bin/passwd + # This is where smbpasswd et al go + PRIVATEDIR = @privatedir@ | 
