diff options
| author |   Victor Ostorga <vostorga@gentoo.org> | 2010-06-23 17:11:00 +0000 |
|---|---|---|
| committer | Victor Ostorga <vostorga@gentoo.org> | 2010-06-23 17:11:00 +0000 |
| commit | f701eda6a38c8611ac05df0ab1dfcbf7436fc190 (patch) | |
| tree | 77ed3444a6ec45ad9273c485d50bf64c7db3305b /net-fs | |
| parent | Automated update of use.local.desc (diff) | |
| download | gentoo-2-f701eda6a38c8611ac05df0ab1dfcbf7436fc190.tar.gz gentoo-2-f701eda6a38c8611ac05df0ab1dfcbf7436fc190.tar.bz2 gentoo-2-f701eda6a38c8611ac05df0ab1dfcbf7436fc190.zip | |
Applying patch for CVE-2010-2063 , bug #323785, fixing domain and netbios name in DOS charset, fixing file corruption using smbclient with NT4 server, fix core dump when running overlapping byte lock test
(Portage version: 2.1.8.3/cvs/Linux i686)
Diffstat (limited to 'net-fs')
| -rw-r--r-- | net-fs/samba/ChangeLog | 20 | ||||
| -rw-r--r-- | net-fs/samba/files/3.0.37-CVE-2010-2063.patch | 38 | ||||
| -rw-r--r-- | net-fs/samba/files/3.0.37-allow-non-ASCII-netbios-names.patch | 31 | ||||
| -rw-r--r-- | net-fs/samba/files/3.2.15-CVE-2010-2063.patch | 37 | ||||
| -rw-r--r-- | net-fs/samba/files/3.2.15-core-dump-overlapping-byte-lock-test.patch | 538 | ||||
| -rw-r--r-- | net-fs/samba/files/3.2.15-smbclient-file-corruption-NT4.patch | 301 | ||||
| -rw-r--r-- | net-fs/samba/samba-3.0.37-r1.ebuild | 350 | ||||
| -rw-r--r-- | net-fs/samba/samba-3.2.15-r1.ebuild | 293 |
8 files changed, 1607 insertions, 1 deletions
diff --git a/net-fs/samba/ChangeLog b/net-fs/samba/ChangeLog index e8dd3536da60..7d28df06b5b4 100644 --- a/net-fs/samba/ChangeLog +++ b/net-fs/samba/ChangeLog @@ -1,6 +1,24 @@ # ChangeLog for net-fs/samba # Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-fs/samba/ChangeLog,v 1.423 2010/06/05 19:11:18 armin76 Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-fs/samba/ChangeLog,v 1.424 2010/06/23 17:10:59 vostorga Exp $ + +*samba-3.2.15-r1 (23 Jun 2010) +*samba-3.0.37-r1 (23 Jun 2010) + + 23 Jun 2010; Víctor Ostorga <vostorga@gentoo.org> + +files/3.0.37-CVE-2010-2063.patch, + +files/3.2.15-smbclient-file-corruption-NT4.patch, + +samba-3.0.37-r1.ebuild, +samba-3.2.15-r1.ebuild, + +files/3.2.15-CVE-2010-2063.patch, + +files/3.0.37-allow-non-ASCII-netbios-names.patch, + +files/3.2.15-core-dump-overlapping-byte-lock-test.patch: + Samba 3.0.37 and 3.2.15 + Adding patches fixing CVE-2010-2063 , bug #323785 + Samba 3.0.37 + Fixing domain and netbios name in DOS charset + Samba 3.2.15 + Fix file corruption using smbclient with NT4 server + Fix core dump when running overlapping Byte Lock test 05 Jun 2010; Raúl Porcel <armin76@gentoo.org> samba-3.4.6.ebuild: alpha/arm/ia64/s390/sh/sparc stable wrt #300158 diff --git a/net-fs/samba/files/3.0.37-CVE-2010-2063.patch b/net-fs/samba/files/3.0.37-CVE-2010-2063.patch new file mode 100644 index 000000000000..b4657de2c031 --- /dev/null +++ b/net-fs/samba/files/3.0.37-CVE-2010-2063.patch @@ -0,0 +1,38 @@ +diff --git a/source/smbd/process.c b/source/smbd/process.c +index e861e16..6499bc7 100644 +--- a/source/smbd/process.c ++++ b/source/smbd/process.c +@@ -1159,6 +1159,7 @@ int chain_reply(char *inbuf,char *outbuf,int size,int bufsize) + { + static char *orig_inbuf; + static char *orig_outbuf; ++ static int orig_size; + int smb_com1, smb_com2 = CVAL(inbuf,smb_vwv0); + unsigned smb_off2 = SVAL(inbuf,smb_vwv1); + char *inbuf2, *outbuf2; +@@ -1178,6 +1179,13 @@ int chain_reply(char *inbuf,char *outbuf,int size,int bufsize) + /* this is the first part of the chain */ + orig_inbuf = inbuf; + orig_outbuf = outbuf; ++ orig_size = size; ++ } ++ ++ /* Validate smb_off2 */ ++ if ((smb_off2 < smb_wct - 4) || orig_size < (smb_off2 + 4 - smb_wct)) { ++ exit_server_cleanly("Bad chained packet"); ++ return -1; + } + + /* +@@ -1192,6 +1200,11 @@ int chain_reply(char *inbuf,char *outbuf,int size,int bufsize) + SSVAL(outbuf,smb_vwv1,smb_offset(outbuf+outsize,outbuf)); + SCVAL(outbuf,smb_vwv0,smb_com2); + ++ if (outsize <= smb_wct) { ++ exit_server_cleanly("Bad chained packet"); ++ return -1; ++ } ++ + /* remember how much the caller added to the chain, only counting stuff + after the parameter words */ + chain_size += outsize - smb_wct; diff --git a/net-fs/samba/files/3.0.37-allow-non-ASCII-netbios-names.patch b/net-fs/samba/files/3.0.37-allow-non-ASCII-netbios-names.patch new file mode 100644 index 000000000000..f182d5603f5a --- /dev/null +++ b/net-fs/samba/files/3.0.37-allow-non-ASCII-netbios-names.patch @@ -0,0 +1,31 @@ +From 51aaf9c6812430975dcd2cf9a632eb8d241ec41e Mon Sep 17 00:00:00 2001 +From: Andrew Bartlett <abartlet@samba.org> +Date: Thu, 3 Jun 2010 09:35:31 +1000 +Subject: [PATCH] s3:schannel client Push the domain and netbios name into the DOS charset + +If the netbios name is not just ASCII, then we have to get it into the +right character set. + +Andrew Bartlett +--- + source/rpc_parse/parse_rpc.c | 4 ++-- + 1 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/source/rpc_parse/parse_rpc.c b/source/rpc_parse/parse_rpc.c +index 2d166c7..7b4b8e8 100644 +--- a/source/rpc_parse/parse_rpc.c ++++ b/source/rpc_parse/parse_rpc.c +@@ -786,8 +786,8 @@ void init_rpc_auth_schannel_neg(RPC_AUTH_SCHANNEL_NEG *neg, + { + neg->type1 = 0; + neg->type2 = 0x3; +- fstrcpy(neg->domain, domain); +- fstrcpy(neg->myname, myname); ++ push_ascii_fstring(neg->domain, domain); ++ push_ascii_fstring(neg->myname, myname); + } + + /******************************************************************* +-- +1.7.0.1 + diff --git a/net-fs/samba/files/3.2.15-CVE-2010-2063.patch b/net-fs/samba/files/3.2.15-CVE-2010-2063.patch new file mode 100644 index 000000000000..1a55e5fe36d0 --- /dev/null +++ b/net-fs/samba/files/3.2.15-CVE-2010-2063.patch @@ -0,0 +1,37 @@ +diff --git a/source/smbd/process.c b/source/smbd/process.c +index 446b868..403c7c6 100644 +--- a/source/smbd/process.c ++++ b/source/smbd/process.c +@@ -1645,6 +1645,7 @@ void construct_reply_common(const char *inbuf, char *outbuf) + void chain_reply(struct smb_request *req) + { + static char *orig_inbuf; ++ static int orig_size; + + /* + * Dirty little const_discard: We mess with req->inbuf, which is +@@ -1679,13 +1680,24 @@ void chain_reply(struct smb_request *req) + if (chain_size == 0) { + /* this is the first part of the chain */ + orig_inbuf = inbuf; ++ orig_size = size; + } + ++ /* Validate smb_off2 */ ++ if ((smb_off2 < smb_wct - 4) || orig_size < (smb_off2 + 4 - smb_wct)) { ++ exit_server_cleanly("Bad chained packet"); ++ return; ++ } + /* + * We need to save the output the caller added to the chain so that we + * can splice it into the final output buffer later. + */ + ++ if (outsize <= smb_wct) { ++ exit_server_cleanly("Bad chained packet"); ++ return; ++ } ++ + caller_outputlen = outsize - smb_wct; + + caller_output = (char *)memdup(outbuf + smb_wct, caller_outputlen); diff --git a/net-fs/samba/files/3.2.15-core-dump-overlapping-byte-lock-test.patch b/net-fs/samba/files/3.2.15-core-dump-overlapping-byte-lock-test.patch new file mode 100644 index 000000000000..433a1d72241a --- /dev/null +++ b/net-fs/samba/files/3.2.15-core-dump-overlapping-byte-lock-test.patch @@ -0,0 +1,538 @@ +From f31bb627bff1de1f57cf38e7a1fb520639bf267d Mon Sep 17 00:00:00 2001 +From: Jeremy Allison <jra@samba.org> +Date: Mon, 5 Oct 2009 16:56:00 -0700 +Subject: [PATCH] Fix bug 6776 - Running overlapping Byte Lock test will core dump Samba daemon. Re-write core of POSIX locking logic. Jeremy. + +--- + source/locking/brlock.c | 351 ++++++++++++++++++++++++++++------------------ + 1 files changed, 214 insertions(+), 137 deletions(-) + +diff --git a/source/locking/brlock.c b/source/locking/brlock.c +index 032aaa5..909d3f8 100644 +--- a/source/locking/brlock.c ++++ b/source/locking/brlock.c +@@ -371,10 +371,9 @@ static NTSTATUS brl_lock_windows(struct byte_range_lock *br_lck, + Cope with POSIX range splits and merges. + ****************************************************************************/ + +-static unsigned int brlock_posix_split_merge(struct lock_struct *lck_arr, /* Output array. */ +- const struct lock_struct *ex, /* existing lock. */ +- const struct lock_struct *plock, /* proposed lock. */ +- bool *lock_was_added) ++static unsigned int brlock_posix_split_merge(struct lock_struct *lck_arr, /* Output array. */ ++ struct lock_struct *ex, /* existing lock. */ ++ struct lock_struct *plock) /* proposed lock. */ + { + bool lock_types_differ = (ex->lock_type != plock->lock_type); + +@@ -391,21 +390,23 @@ static unsigned int brlock_posix_split_merge(struct lock_struct *lck_arr, /* Ou + /* Did we overlap ? */ + + /********************************************* +- +---------+ +- | ex | +- +---------+ +- +-------+ +- | plock | +- +-------+ ++ +---------+ ++ | ex | ++ +---------+ ++ +-------+ ++ | plock | ++ +-------+ + OR.... +- +---------+ +- | ex | +- +---------+ ++ +---------+ ++ | ex | ++ +---------+ + **********************************************/ + + if ( (ex->start > (plock->start + plock->size)) || +- (plock->start > (ex->start + ex->size))) { ++ (plock->start > (ex->start + ex->size))) { ++ + /* No overlap with this lock - copy existing. */ ++ + memcpy(&lck_arr[0], ex, sizeof(struct lock_struct)); + return 1; + } +@@ -417,26 +418,109 @@ OR.... + +---------------------------+ + | plock | -> replace with plock. + +---------------------------+ ++OR ++ +---------------+ ++ | ex | ++ +---------------+ ++ +---------------------------+ ++ | plock | -> replace with plock. ++ +---------------------------+ ++ + **********************************************/ + + if ( (ex->start >= plock->start) && +- (ex->start + ex->size <= plock->start + plock->size) ) { +- memcpy(&lck_arr[0], plock, sizeof(struct lock_struct)); +- *lock_was_added = True; +- return 1; ++ (ex->start + ex->size <= plock->start + plock->size) ) { ++ ++ /* Replace - discard existing lock. */ ++ ++ return 0; + } + + /********************************************* ++Adjacent after. ++ +-------+ ++ | ex | ++ +-------+ ++ +---------------+ ++ | plock | ++ +---------------+ ++ ++BECOMES.... ++ +---------------+-------+ ++ | plock | ex | - different lock types. ++ +---------------+-------+ ++OR.... (merge) ++ +-----------------------+ ++ | plock | - same lock type. ++ +-----------------------+ ++**********************************************/ ++ ++ if (plock->start + plock->size == ex->start) { ++ ++ /* If the lock types are the same, we merge, if different, we ++ add the remainder of the old lock. */ ++ ++ if (lock_types_differ) { ++ /* Add existing. */ ++ memcpy(&lck_arr[0], ex, sizeof(struct lock_struct)); ++ return 1; ++ } else { ++ /* Merge - adjust incoming lock as we may have more ++ * merging to come. */ ++ plock->size += ex->size; ++ return 0; ++ } ++ } ++ ++/********************************************* ++Adjacent before. ++ +-------+ ++ | ex | ++ +-------+ ++ +---------------+ ++ | plock | ++ +---------------+ ++BECOMES.... ++ +-------+---------------+ ++ | ex | plock | - different lock types ++ +-------+---------------+ ++ ++OR.... (merge) ++ +-----------------------+ ++ | plock | - same lock type. ++ +-----------------------+ ++ ++**********************************************/ ++ ++ if (ex->start + ex->size == plock->start) { ++ ++ /* If the lock types are the same, we merge, if different, we ++ add the existing lock. */ ++ ++ if (lock_types_differ) { ++ memcpy(&lck_arr[0], ex, sizeof(struct lock_struct)); ++ return 1; ++ } else { ++ /* Merge - adjust incoming lock as we may have more ++ * merging to come. */ ++ plock->start = ex->start; ++ plock->size += ex->size; ++ return 0; ++ } ++ } ++ ++/********************************************* ++Overlap after. + +-----------------------+ + | ex | + +-----------------------+ + +---------------+ + | plock | + +---------------+ +-OR.... +- +-------+ +- | ex | +- +-------+ ++OR ++ +----------------+ ++ | ex | ++ +----------------+ + +---------------+ + | plock | + +---------------+ +@@ -447,60 +531,57 @@ BECOMES.... + +---------------+-------+ + OR.... (merge) + +-----------------------+ +- | ex | - same lock type. ++ | plock | - same lock type. + +-----------------------+ + **********************************************/ + + if ( (ex->start >= plock->start) && +- (ex->start <= plock->start + plock->size) && +- (ex->start + ex->size > plock->start + plock->size) ) { +- +- *lock_was_added = True; ++ (ex->start <= plock->start + plock->size) && ++ (ex->start + ex->size > plock->start + plock->size) ) { + + /* If the lock types are the same, we merge, if different, we +- add the new lock before the old. */ ++ add the remainder of the old lock. */ + + if (lock_types_differ) { +- /* Add new. */ +- memcpy(&lck_arr[0], plock, sizeof(struct lock_struct)); +- memcpy(&lck_arr[1], ex, sizeof(struct lock_struct)); ++ /* Add remaining existing. */ ++ memcpy(&lck_arr[0], ex, sizeof(struct lock_struct)); + /* Adjust existing start and size. */ +- lck_arr[1].start = plock->start + plock->size; +- lck_arr[1].size = (ex->start + ex->size) - (plock->start + plock->size); +- return 2; +- } else { +- /* Merge. */ +- memcpy(&lck_arr[0], plock, sizeof(struct lock_struct)); +- /* Set new start and size. */ +- lck_arr[0].start = plock->start; +- lck_arr[0].size = (ex->start + ex->size) - plock->start; ++ lck_arr[0].start = plock->start + plock->size; ++ lck_arr[0].size = (ex->start + ex->size) - (plock->start + plock->size); + return 1; ++ } else { ++ /* Merge - adjust incoming lock as we may have more ++ * merging to come. */ ++ plock->size += (ex->start + ex->size) - (plock->start + plock->size); ++ return 0; + } + } + + /********************************************* +- +-----------------------+ +- | ex | +- +-----------------------+ +- +---------------+ +- | plock | +- +---------------+ +-OR.... +- +-------+ +- | ex | +- +-------+ +- +---------------+ +- | plock | +- +---------------+ ++Overlap before. ++ +-----------------------+ ++ | ex | ++ +-----------------------+ ++ +---------------+ ++ | plock | ++ +---------------+ ++OR ++ +-------------+ ++ | ex | ++ +-------------+ ++ +---------------+ ++ | plock | ++ +---------------+ ++ + BECOMES.... +- +-------+---------------+ +- | ex | plock | - different lock types +- +-------+---------------+ ++ +-------+---------------+ ++ | ex | plock | - different lock types ++ +-------+---------------+ + + OR.... (merge) +- +-----------------------+ +- | ex | - same lock type. +- +-----------------------+ ++ +-----------------------+ ++ | plock | - same lock type. ++ +-----------------------+ + + **********************************************/ + +@@ -508,27 +589,25 @@ OR.... (merge) + (ex->start + ex->size >= plock->start) && + (ex->start + ex->size <= plock->start + plock->size) ) { + +- *lock_was_added = True; +- + /* If the lock types are the same, we merge, if different, we +- add the new lock after the old. */ ++ add the truncated old lock. */ + + if (lock_types_differ) { + memcpy(&lck_arr[0], ex, sizeof(struct lock_struct)); +- memcpy(&lck_arr[1], plock, sizeof(struct lock_struct)); + /* Adjust existing size. */ + lck_arr[0].size = plock->start - ex->start; +- return 2; +- } else { +- /* Merge. */ +- memcpy(&lck_arr[0], ex, sizeof(struct lock_struct)); +- /* Adjust existing size. */ +- lck_arr[0].size = (plock->start + plock->size) - ex->start; + return 1; ++ } else { ++ /* Merge - adjust incoming lock as we may have more ++ * merging to come. MUST ADJUST plock SIZE FIRST ! */ ++ plock->size += (plock->start - ex->start); ++ plock->start = ex->start; ++ return 0; + } + } + + /********************************************* ++Complete overlap. + +---------------------------+ + | ex | + +---------------------------+ +@@ -541,32 +620,31 @@ BECOMES..... + +-------+---------+---------+ + OR + +---------------------------+ +- | ex | - same lock type. ++ | plock | - same lock type. + +---------------------------+ + **********************************************/ + + if ( (ex->start < plock->start) && (ex->start + ex->size > plock->start + plock->size) ) { +- *lock_was_added = True; + + if (lock_types_differ) { + + /* We have to split ex into two locks here. */ + + memcpy(&lck_arr[0], ex, sizeof(struct lock_struct)); +- memcpy(&lck_arr[1], plock, sizeof(struct lock_struct)); +- memcpy(&lck_arr[2], ex, sizeof(struct lock_struct)); ++ memcpy(&lck_arr[1], ex, sizeof(struct lock_struct)); + + /* Adjust first existing size. */ + lck_arr[0].size = plock->start - ex->start; + + /* Adjust second existing start and size. */ +- lck_arr[2].start = plock->start + plock->size; +- lck_arr[2].size = (ex->start + ex->size) - (plock->start + plock->size); +- return 3; ++ lck_arr[1].start = plock->start + plock->size; ++ lck_arr[1].size = (ex->start + ex->size) - (plock->start + plock->size); ++ return 2; + } else { +- /* Just eat plock. */ +- memcpy(&lck_arr[0], ex, sizeof(struct lock_struct)); +- return 1; ++ /* Just eat the existing locks, merge them into plock. */ ++ plock->start = ex->start; ++ plock->size = ex->size; ++ return 0; + } + } + +@@ -590,7 +668,6 @@ static NTSTATUS brl_lock_posix(struct messaging_context *msg_ctx, + unsigned int i, count; + struct lock_struct *locks = br_lck->lock_data; + struct lock_struct *tp; +- bool lock_was_added = False; + bool signal_pending_read = False; + + /* No zero-zero locks for POSIX. */ +@@ -612,8 +689,9 @@ static NTSTATUS brl_lock_posix(struct messaging_context *msg_ctx, + if (!tp) { + return NT_STATUS_NO_MEMORY; + } +- ++ + count = 0; ++ + for (i=0; i < br_lck->num_locks; i++) { + struct lock_struct *curr_lock = &locks[i]; + +@@ -648,14 +726,25 @@ static NTSTATUS brl_lock_posix(struct messaging_context *msg_ctx, + } + + /* Work out overlaps. */ +- count += brlock_posix_split_merge(&tp[count], curr_lock, plock, &lock_was_added); ++ count += brlock_posix_split_merge(&tp[count], curr_lock, plock); + } + } + +- if (!lock_was_added) { +- memcpy(&tp[count], plock, sizeof(struct lock_struct)); +- count++; ++ /* Try and add the lock in order, sorted by lock start. */ ++ for (i=0; i < count; i++) { ++ struct lock_struct *curr_lock = &tp[i]; ++ ++ if (curr_lock->start <= plock->start) { ++ continue; ++ } ++ } ++ ++ if (i < count) { ++ memmove(&tp[i+1], &tp[i], ++ (count - i)*sizeof(struct lock_struct)); + } ++ memcpy(&tp[i], plock, sizeof(struct lock_struct)); ++ count++; + + /* We can get the POSIX lock, now see if it needs to + be mapped into a lower level POSIX one, and if so can +@@ -687,11 +776,15 @@ static NTSTATUS brl_lock_posix(struct messaging_context *msg_ctx, + } + } + +- /* Realloc so we don't leak entries per lock call. */ +- tp = (struct lock_struct *)SMB_REALLOC(tp, count * sizeof(*locks)); +- if (!tp) { +- return NT_STATUS_NO_MEMORY; ++ /* If we didn't use all the allocated size, ++ * Realloc so we don't leak entries per lock call. */ ++ if (count < br_lck->num_locks + 2) { ++ tp = (struct lock_struct *)SMB_REALLOC(tp, count * sizeof(*locks)); ++ if (!tp) { ++ return NT_STATUS_NO_MEMORY; ++ } + } ++ + br_lck->num_locks = count; + SAFE_FREE(br_lck->lock_data); + br_lck->lock_data = tp; +@@ -890,7 +983,7 @@ static bool brl_unlock_windows(struct messaging_context *msg_ctx, + + static bool brl_unlock_posix(struct messaging_context *msg_ctx, + struct byte_range_lock *br_lck, +- const struct lock_struct *plock) ++ struct lock_struct *plock) + { + unsigned int i, j, count; + struct lock_struct *tp; +@@ -922,8 +1015,6 @@ static bool brl_unlock_posix(struct messaging_context *msg_ctx, + count = 0; + for (i = 0; i < br_lck->num_locks; i++) { + struct lock_struct *lock = &locks[i]; +- struct lock_struct tmp_lock[3]; +- bool lock_was_added = False; + unsigned int tmp_count; + + /* Only remove our own locks - ignore fnum. */ +@@ -934,64 +1025,50 @@ static bool brl_unlock_posix(struct messaging_context *msg_ctx, + continue; + } + +- /* Work out overlaps. */ +- tmp_count = brlock_posix_split_merge(&tmp_lock[0], &locks[i], plock, &lock_was_added); +- +- if (tmp_count == 1) { +- /* Ether the locks didn't overlap, or the unlock completely +- overlapped this lock. If it didn't overlap, then there's +- no change in the locks. */ +- if (tmp_lock[0].lock_type != UNLOCK_LOCK) { +- SMB_ASSERT(tmp_lock[0].lock_type == locks[i].lock_type); +- /* No change in this lock. */ +- memcpy(&tp[count], &tmp_lock[0], sizeof(struct lock_struct)); +- count++; +- } else { +- SMB_ASSERT(tmp_lock[0].lock_type == UNLOCK_LOCK); +- overlap_found = True; +- } +- continue; +- } else if (tmp_count == 2) { +- /* The unlock overlapped an existing lock. Copy the truncated +- lock into the lock array. */ +- if (tmp_lock[0].lock_type != UNLOCK_LOCK) { +- SMB_ASSERT(tmp_lock[0].lock_type == locks[i].lock_type); +- SMB_ASSERT(tmp_lock[1].lock_type == UNLOCK_LOCK); +- memcpy(&tp[count], &tmp_lock[0], sizeof(struct lock_struct)); +- if (tmp_lock[0].size != locks[i].size) { +- overlap_found = True; +- } +- } else { +- SMB_ASSERT(tmp_lock[0].lock_type == UNLOCK_LOCK); +- SMB_ASSERT(tmp_lock[1].lock_type == locks[i].lock_type); +- memcpy(&tp[count], &tmp_lock[1], sizeof(struct lock_struct)); +- if (tmp_lock[1].start != locks[i].start) { +- overlap_found = True; +- } ++ if (lock->lock_flav == WINDOWS_LOCK) { ++ /* Do any Windows flavour locks conflict ? */ ++ if (brl_conflict(lock, plock)) { ++ SAFE_FREE(tp); ++ return false; + } ++ /* Just copy the Windows lock into the new array. */ ++ memcpy(&tp[count], lock, sizeof(struct lock_struct)); + count++; + continue; +- } else { +- /* tmp_count == 3 - (we split a lock range in two). */ +- SMB_ASSERT(tmp_lock[0].lock_type == locks[i].lock_type); +- SMB_ASSERT(tmp_lock[1].lock_type == UNLOCK_LOCK); +- SMB_ASSERT(tmp_lock[2].lock_type == locks[i].lock_type); ++ } ++ ++ /* Work out overlaps. */ ++ tmp_count = brlock_posix_split_merge(&tp[count], lock, plock); ++ ++ if (tmp_count == 0) { ++ /* plock overlapped the existing lock completely, ++ or replaced it. Don't copy the existing lock. */ ++ overlap_found = true; ++ } else if (tmp_count == 1) { ++ /* Either no overlap, (simple copy of existing lock) or ++ * an overlap of an existing lock. */ ++ /* If the lock changed size, we had an overlap. */ ++ if (tp[count].size != lock->size) { ++ overlap_found = true; ++ } ++ count += tmp_count; ++ } else if (tmp_count == 2) { ++ /* We split a lock range in two. */ ++ overlap_found = true; ++ count += tmp_count; + +- memcpy(&tp[count], &tmp_lock[0], sizeof(struct lock_struct)); +- count++; +- memcpy(&tp[count], &tmp_lock[2], sizeof(struct lock_struct)); +- count++; +- overlap_found = True; + /* Optimisation... */ + /* We know we're finished here as we can't overlap any + more POSIX locks. Copy the rest of the lock array. */ ++ + if (i < br_lck->num_locks - 1) { +- memcpy(&tp[count], &locks[i+1], ++ memcpy(&tp[count], &locks[i+1], + sizeof(*locks)*((br_lck->num_locks-1) - i)); + count += ((br_lck->num_locks-1) - i); + } + break; + } ++ + } + + if (!overlap_found) { +-- +1.6.0.2 + diff --git a/net-fs/samba/files/3.2.15-smbclient-file-corruption-NT4.patch b/net-fs/samba/files/3.2.15-smbclient-file-corruption-NT4.patch new file mode 100644 index 000000000000..3ba2e513e37e --- /dev/null +++ b/net-fs/samba/files/3.2.15-smbclient-file-corruption-NT4.patch @@ -0,0 +1,301 @@ +From 6849e706469478144432fd5896f6de3f603bc825 Mon Sep 17 00:00:00 2001 +From: Volker Lendecke <vl@samba.org> +Date: Fri, 18 Sep 2009 19:45:36 +0200 +Subject: [PATCH] s3:smbclient: Fix bug 6606 (reported as 6744) in 3.2 + +This is a port of 1f34ffa0ca and 24309bdb2efc to 3.2. +--- + source/libsmb/clireadwrite.c | 188 +++++++++++++++++++++++++++++++++++++----- + 1 files changed, 168 insertions(+), 20 deletions(-) + +diff --git a/source/libsmb/clireadwrite.c b/source/libsmb/clireadwrite.c +index 057e647..40ce395 100644 +--- a/source/libsmb/clireadwrite.c ++++ b/source/libsmb/clireadwrite.c +@@ -156,6 +156,133 @@ NTSTATUS cli_read_andx_recv(struct async_req *req, ssize_t *received, + return NT_STATUS_OK; + } + ++struct cli_readall_state { ++ struct cli_state *cli; ++ uint16_t fnum; ++ off_t start_offset; ++ size_t size; ++ size_t received; ++ uint8_t *buf; ++}; ++ ++static void cli_readall_done(struct async_req *subreq); ++ ++static struct async_req *cli_readall_send(TALLOC_CTX *mem_ctx, ++ struct cli_state *cli, ++ uint16_t fnum, ++ off_t offset, size_t size) ++{ ++ struct async_req *req, *subreq; ++ struct cli_readall_state *state; ++ ++ req = async_req_new(mem_ctx, cli->event_ctx); ++ if (req == NULL) { ++ return NULL; ++ } ++ state = talloc(req, struct cli_readall_state); ++ if (state == NULL) { ++ TALLOC_FREE(req); ++ return NULL; ++ } ++ req->private_data = state; ++ ++ state->cli = cli; ++ state->fnum = fnum; ++ state->start_offset = offset; ++ state->size = size; ++ state->received = 0; ++ state->buf = NULL; ++ ++ subreq = cli_read_andx_send(state, cli, fnum, offset, size); ++ if (subreq == NULL) { ++ TALLOC_FREE(req); ++ return NULL; ++ } ++ subreq->async.fn = cli_readall_done; ++ subreq->async.priv = req; ++ return req; ++} ++ ++static void cli_readall_done(struct async_req *subreq) ++{ ++ struct async_req *req = talloc_get_type_abort( ++ subreq->async.priv, struct async_req); ++ struct cli_readall_state *state = talloc_get_type_abort( ++ req->private_data, struct cli_readall_state); ++ ssize_t received; ++ uint8_t *buf; ++ NTSTATUS status; ++ ++ status = cli_read_andx_recv(subreq, &received, &buf); ++ if (!NT_STATUS_IS_OK(status)) { ++ async_req_error(req, status); ++ return; ++ } ++ ++ if (received == 0) { ++ /* EOF */ ++ async_req_done(req); ++ return; ++ } ++ ++ if ((state->received == 0) && (received == state->size)) { ++ /* Ideal case: Got it all in one run */ ++ state->buf = buf; ++ state->received += received; ++ async_req_done(req); ++ return; ++ } ++ ++ /* ++ * We got a short read, issue a read for the ++ * rest. Unfortunately we have to allocate the buffer ++ * ourselves now, as our caller expects to receive a single ++ * buffer. cli_read_andx does it from the buffer received from ++ * the net, but with a short read we have to put it together ++ * from several reads. ++ */ ++ ++ if (state->buf == NULL) { ++ state->buf = talloc_array(state, uint8_t, state->size); ++ if (async_req_nomem(state->buf, req)) { ++ return; ++ } ++ } ++ memcpy(state->buf + state->received, buf, received); ++ state->received += received; ++ ++ TALLOC_FREE(subreq); ++ ++ if (state->received >= state->size) { ++ async_req_done(req); ++ return; ++ } ++ ++ subreq = cli_read_andx_send(state, state->cli, state->fnum, ++ state->start_offset + state->received, ++ state->size - state->received); ++ if (async_req_nomem(subreq, req)) { ++ return; ++ } ++ subreq->async.fn = cli_readall_done; ++ subreq->async.priv = req; ++} ++ ++static NTSTATUS cli_readall_recv(struct async_req *req, ssize_t *received, ++ uint8_t **rcvbuf) ++{ ++ struct cli_readall_state *state = talloc_get_type_abort( ++ req->private_data, struct cli_readall_state); ++ ++ SMB_ASSERT(req->state >= ASYNC_REQ_DONE); ++ if (req->state == ASYNC_REQ_ERROR) { ++ return req->status; ++ } ++ *received = state->received; ++ *rcvbuf = state->buf; ++ return NT_STATUS_OK; ++} ++ + /* + * Parallel read support. + * +@@ -164,6 +291,12 @@ NTSTATUS cli_read_andx_recv(struct async_req *req, ssize_t *received, + * the callback function "sink" in the right order. + */ + ++struct cli_pull_subreq { ++ struct async_req *req; ++ size_t received; ++ uint8_t *buf; ++}; ++ + struct cli_pull_state { + struct async_req *req; + +@@ -181,7 +314,7 @@ struct cli_pull_state { + * Outstanding requests + */ + int num_reqs; +- struct async_req **reqs; ++ struct cli_pull_subreq *reqs; + + /* + * For how many bytes did we send requests already? +@@ -270,7 +403,7 @@ struct async_req *cli_pull_send(TALLOC_CTX *mem_ctx, struct cli_state *cli, + state->num_reqs = MAX(window_size/state->chunk_size, 1); + state->num_reqs = MIN(state->num_reqs, cli->max_mux); + +- state->reqs = TALLOC_ZERO_ARRAY(state, struct async_req *, ++ state->reqs = TALLOC_ZERO_ARRAY(state, struct cli_pull_subreq, + state->num_reqs); + if (state->reqs == NULL) { + goto failed; +@@ -290,17 +423,17 @@ struct async_req *cli_pull_send(TALLOC_CTX *mem_ctx, struct cli_state *cli, + size_left = size - state->requested; + request_thistime = MIN(size_left, state->chunk_size); + +- state->reqs[i] = cli_read_andx_send( ++ state->reqs[i].req = cli_readall_send( + state->reqs, cli, fnum, + state->start_offset + state->requested, + request_thistime); + +- if (state->reqs[i] == NULL) { ++ if (state->reqs[i].req == NULL) { + goto failed; + } + +- state->reqs[i]->async.fn = cli_pull_read_done; +- state->reqs[i]->async.priv = result; ++ state->reqs[i].req->async.fn = cli_pull_read_done; ++ state->reqs[i].req->async.priv = result; + + state->requested += request_thistime; + } +@@ -322,16 +455,32 @@ static void cli_pull_read_done(struct async_req *read_req) + read_req->async.priv, struct async_req); + struct cli_pull_state *state = talloc_get_type_abort( + pull_req->private_data, struct cli_pull_state); +- struct cli_request *read_state = cli_request_get(read_req); ++ ssize_t received; ++ uint8_t *buf; + NTSTATUS status; ++ int i; + +- status = cli_read_andx_recv(read_req, &read_state->data.read.received, +- &read_state->data.read.rcvbuf); ++ status = cli_readall_recv(read_req, &received, &buf); + if (!NT_STATUS_IS_OK(status)) { + async_req_error(state->req, status); + return; + } + ++ for (i=0; i<state->num_reqs; i++) { ++ if (state->reqs[i].req == read_req) { ++ break; ++ } ++ } ++ ++ if (i == state->num_reqs) { ++ /* Got something we did not send. Just drop it. */ ++ TALLOC_FREE(read_req); ++ return; ++ } ++ ++ state->reqs[i].received = received; ++ state->reqs[i].buf = buf; ++ + /* + * This loop is the one to take care of out-of-order replies. All + * pending requests are in state->reqs, state->reqs[top_req] is the +@@ -341,34 +490,33 @@ static void cli_pull_read_done(struct async_req *read_req) + * requests. + */ + +- while (state->reqs[state->top_req] != NULL) { +- struct cli_request *top_read; ++ while (state->reqs[state->top_req].req != NULL) { ++ struct cli_pull_subreq *top_read; + + DEBUG(11, ("cli_pull_read_done: top_req = %d\n", + state->top_req)); + +- if (state->reqs[state->top_req]->state < ASYNC_REQ_DONE) { ++ if (state->reqs[state->top_req].req->state < ASYNC_REQ_DONE) { + DEBUG(11, ("cli_pull_read_done: top request not yet " + "done\n")); + return; + } + +- top_read = cli_request_get(state->reqs[state->top_req]); ++ top_read = &state->reqs[state->top_req]; + + DEBUG(10, ("cli_pull_read_done: Pushing %d bytes, %d already " +- "pushed\n", (int)top_read->data.read.received, ++ "pushed\n", (int)top_read->received, + (int)state->pushed)); + +- status = state->sink((char *)top_read->data.read.rcvbuf, +- top_read->data.read.received, ++ status = state->sink((char *)top_read->buf, top_read->received, + state->priv); + if (!NT_STATUS_IS_OK(status)) { + async_req_error(state->req, status); + return; + } +- state->pushed += top_read->data.read.received; ++ state->pushed += top_read->received; + +- TALLOC_FREE(state->reqs[state->top_req]); ++ TALLOC_FREE(state->reqs[state->top_req].req); + + if (state->requested < state->size) { + struct async_req *new_req; +@@ -385,7 +533,7 @@ static void cli_pull_read_done(struct async_req *read_req) + + state->requested), + state->top_req)); + +- new_req = cli_read_andx_send( ++ new_req = cli_readall_send( + state->reqs, state->cli, state->fnum, + state->start_offset + state->requested, + request_thistime); +@@ -397,7 +545,7 @@ static void cli_pull_read_done(struct async_req *read_req) + new_req->async.fn = cli_pull_read_done; + new_req->async.priv = pull_req; + +- state->reqs[state->top_req] = new_req; ++ state->reqs[state->top_req].req = new_req; + state->requested += request_thistime; + } + +-- +1.6.0.2 + diff --git a/net-fs/samba/samba-3.0.37-r1.ebuild b/net-fs/samba/samba-3.0.37-r1.ebuild new file mode 100644 index 000000000000..ae58d65c4a33 --- /dev/null +++ b/net-fs/samba/samba-3.0.37-r1.ebuild @@ -0,0 +1,350 @@ +# Copyright 1999-2010 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-fs/samba/samba-3.0.37-r1.ebuild,v 1.1 2010/06/23 17:10:59 vostorga Exp $ + +inherit autotools eutils pam python multilib versionator confutils + +VSCAN_P="samba-vscan-0.3.6c-beta5" +MY_P=${PN}-${PV/_/} + +DESCRIPTION="A suite of SMB and CIFS client/server programs for UNIX" +HOMEPAGE="http://www.samba.org/" +SRC_URI="mirror://samba/${MY_P}.tar.gz + mirror://samba/old-versions/${MY_P}.tar.gz + oav? ( http://www.openantivirus.org/download/${VSCAN_P}.tar.gz )" +LICENSE="GPL-3 oav? ( GPL-2 LGPL-2.1 )" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd" +IUSE="acl ads async automount caps cups debug doc examples ipv6 kernel_linux ldap fam + pam python quotas readline selinux swat syslog winbind oav" + +RDEPEND="dev-libs/popt + virtual/libiconv + acl? ( virtual/acl ) + cups? ( net-print/cups ) + ipv6? ( sys-apps/xinetd ) + ads? ( virtual/krb5 ) + ldap? ( net-nds/openldap ) + pam? ( virtual/pam ) + python? ( dev-lang/python ) + readline? ( sys-libs/readline ) + selinux? ( sec-policy/selinux-samba ) + swat? ( sys-apps/xinetd ) + syslog? ( virtual/logger ) + fam? ( virtual/fam ) + caps? ( sys-libs/libcap )" +DEPEND="${RDEPEND}" + +# Tests are broken now :-( +RESTRICT="test" + +S=${WORKDIR}/${MY_P} +CONFDIR=${FILESDIR}/config +PRIVATE_DST=/var/lib/samba/private + +pkg_setup() { + confutils_use_depend_all ads ldap +} + +src_unpack() { + unpack ${A} + cd "${S}/source" + + # lazyldflags.patch: adds "-Wl,-z,now" to smb{mnt,umount} + # invalid-free-fix.patch: Bug #196015 (upstream: #5021) + + epatch \ + "${FILESDIR}/3.0.26a-lazyldflags.patch" \ + "${FILESDIR}/3.0.26a-invalid-free-fix.patch" \ + "${FILESDIR}/3.0.28-fix_broken_readdir_detection.patch" \ + "${FILESDIR}/3.0.28a-wrong_python_ldflags.patch" \ + "${FILESDIR}/3.0.37-allow-non-ASCII-netbios-names.patch" \ + "${FILESDIR}/3.0.37-CVE-2010-2063.patch" + + eautoconf -I. -Ilib/replace + + # Ok, agreed, this is ugly. But it avoids a patch we + # need for every samba version and we don't need autotools + sed -i \ + -e 's|"lib32" ||' \ + -e 's|if test -d "$i/$l" ;|if test -d "$i/$l" -o -L "$i/$l";|' \ + configure || die "sed failed" + + rm "${S}/docs/manpages"/{mount,umount}.cifs.8 + +} + +src_compile() { + cd "${S}/source" + + local myconf + local mylangs + local mymod_shared + + myconf="--with-python=no" + use python && myconf="--with-python=$(PYTHON -a)" + + use winbind && mymod_shared="--with-shared-modules=idmap_rid" + if use ldap ; then + myconf="${myconf} $(use_with ads)" + use winbind && mymod_shared="${mymod_shared},idmap_ad" + fi + + [[ ${CHOST} == *-*bsd* ]] && myconf="${myconf} --disable-pie" + use hppa && myconf="${myconf} --disable-pie" + + use caps && export ac_cv_header_sys_capability_h=yes || export ac_cv_header_sys_capability_h=no + + # Otherwise we get the whole swat stuff installed + if ! use swat ; then + sed -i \ + -e 's/^\(install:.*\)installswat \(.*\)/\1\2/' \ + Makefile.in || die "sed failed" + fi + + econf \ + --with-fhs \ + --sysconfdir=/etc/samba \ + --localstatedir=/var \ + --with-configdir=/etc/samba \ + --with-libdir=/usr/$(get_libdir)/samba \ + --with-pammodulesdir=$(getpam_mod_dir) \ + --with-swatdir=/usr/share/doc/${PF}/swat \ + --with-piddir=/var/run/samba \ + --with-lockdir=/var/cache/samba \ + --with-logfilebase=/var/log/samba \ + --with-privatedir=${PRIVATE_DST} \ + --with-libsmbclient \ + --enable-socket-wrapper \ + --with-cifsmount=no \ + $(use_with acl acl-support) \ + $(use_with async aio-support) \ + $(use_with automount) \ + $(use_enable cups) \ + $(use_enable debug) \ + $(use_enable fam) \ + $(use_with ads krb5) \ + $(use_with ldap) \ + $(use_with pam) $(use_with pam pam_smbpass) \ + $(use_with quotas) $(use_with quotas sys-quotas) \ + $(use_with readline) \ + $(use_with kernel_linux smbmount) \ + $(use_with syslog) \ + $(use_with winbind) \ + ${myconf} ${mylangs} ${mymod_shared} + + emake -j1 proto || die "emake proto failed" + emake -j1 everything || die "emake everything failed" + + if use python ; then + emake -j1 python_ext || die "emake python_ext failed" + fi + + if use oav ; then + # maintainer-info: + # - there are no known releases of mks or kavdc, + # setting to builtin to disable auto-detection + cd "${WORKDIR}/${VSCAN_P}" + econf \ + --with-fhs \ + --with-samba-source="${S}/source" \ + --with-libmksd-builtin \ + --with-libkavdc-builtin \ + --without-symantec \ + --with-filetype \ + --with-fileregexp \ + $(use_enable debug) + emake -j1 || die "emake oav plugins failed" + fi +} + +src_test() { + cd "${S}/source" + emake test || die "tests failed" +} + +src_install() { + cd "${S}/source" + + emake DESTDIR="${D}" install-everything || die "emake install-everything failed" + + # Extra rpctorture progs + local extra_bins="rpctorture" + for i in ${extra_bins} ; do + [[ -x "${S}/bin/${i}" ]] && dobin "${S}/bin/${i}" + done + + # remove .old stuff from /usr/bin: + rm -f "${D}"/usr/bin/*.old + + # Removing executable bits from header-files + fperms 644 /usr/include/lib{msrpc,smbclient}.h + + # Nsswitch extensions. Make link for wins and winbind resolvers + if use winbind ; then + dolib.so nsswitch/libnss_wins.so + dosym libnss_wins.so /usr/$(get_libdir)/libnss_wins.so.2 + dolib.so nsswitch/libnss_winbind.so + dosym libnss_winbind.so /usr/$(get_libdir)/libnss_winbind.so.2 + fi + + if use kernel_linux ; then + # Warning: this can byte you if /usr is + # on a separate volume and you have to mount + # a smb volume before the local mount + dosym ../usr/bin/smbmount /sbin/mount.smbfs + fperms 4755 /usr/bin/smbmnt + fperms 4755 /usr/bin/smbumount + fi + + # bug #46389: samba doesn't create symlink anymore + # beaviour seems to be changed in 3.0.6, see bug #61046 + dosym samba/libsmbclient.so /usr/$(get_libdir)/libsmbclient.so.0 + dosym samba/libsmbclient.so /usr/$(get_libdir)/libsmbclient.so + + # make the smb backend symlink for cups printing support (bug #133133) + if use cups ; then + dodir $(cups-config --serverbin)/backend + dosym /usr/bin/smbspool $(cups-config --serverbin)/backend/smb + fi + + if use python ; then + emake DESTDIR="${D}" python_install || die "emake installpython failed" + # We're doing that manually + find "${D}$(python_get_sitedir)" -iname "*.pyc" -delete + fi + + cd "${S}/source" + + # General config files + insinto /etc/samba + doins "${CONFDIR}"/{smbusers,lmhosts} + newins "${CONFDIR}/smb.conf.example-samba3" smb.conf.example + + newpamd "${CONFDIR}/samba.pam" samba + use winbind && dopamd "${CONFDIR}/system-auth-winbind" + if use swat ; then + insinto /etc/xinetd.d + newins "${CONFDIR}/swat.xinetd" swat + else + rm -f "${D}/usr/sbin/swat" + rm -f "${D}/usr/share/man/man8/swat.8" + fi + + newinitd "${FILESDIR}/samba-init" samba + newconfd "${FILESDIR}/samba-conf" samba + + if use ldap ; then + insinto /etc/openldap/schema + doins "${S}/examples/LDAP/samba.schema" + fi + + if use ipv6 ; then + insinto /etc/xinetd.d + newins "${FILESDIR}/samba-xinetd" smb + fi + + # dirs + diropts -m0700 ; keepdir "${PRIVATE_DST}" + diropts -m1777 ; keepdir /var/spool/samba + + diropts -m0755 + keepdir /var/{log,run,cache}/samba + keepdir /var/lib/samba/{netlogon,profiles} + keepdir /var/lib/samba/printers/{W32X86,WIN40,W32ALPHA,W32MIPS,W32PPC,X64,IA64,COLOR} + keepdir /usr/$(get_libdir)/samba/{rpc,idmap,auth} + + # docs + dodoc "${FILESDIR}/README.gentoo" + dodoc "${S}"/{MAINTAINERS,README,Roadmap,WHATSNEW.txt} + dodoc "${CONFDIR}/nsswitch.conf-wins" + use winbind && dodoc "${CONFDIR}/nsswitch.conf-winbind" + + if use examples ; then + insinto /usr/share/doc/${PF} + doins -r "${S}/examples/" + find "${D}/usr/share/doc/${PF}" -type d -print0 | xargs -0 chmod 755 + find "${D}/usr/share/doc/${PF}/examples" ! -type d -print0 | xargs -0 chmod 644 + if use python ; then + insinto /usr/share/doc/${PF}/python + doins -r "${S}/source/python/examples" + fi + fi + + if ! use doc ; then + if ! use swat ; then + rm -rf "${D}/usr/share/doc/${PF}/swat" + else + rm -rf "${D}/usr/share/doc/${PF}/swat/help"/{guide,howto,devel} + rm -rf "${D}/usr/share/doc/${PF}/swat/using_samba" + fi + else + cd "${S}/docs" + insinto /usr/share/doc/${PF} + doins *.pdf + doins -r registry + dohtml -r htmldocs/* + fi + + if use oav ; then + cd "${WORKDIR}/${VSCAN_P}" + emake DESTDIR="${D}" install || die "emake install oav plugins failed" + docinto samba-vscan + dodoc AUTHORS ChangeLog FAQ INSTALL NEWS README TODO + find . -iname "*.conf" -print0 | xargs -0 dodoc + fi +} + +pkg_preinst() { + local PRIVATE_SRC=/etc/samba/private + if [[ ! -r "${ROOT}/${PRIVATE_DST}/secrets.tdb" \ + && -r "${ROOT}/${PRIVATE_SRC}/secrets.tdb" ]] ; then + ebegin "Copying "${ROOT}"/${PRIVATE_SRC}/* to ${ROOT}/${PRIVATE_DST}/" + mkdir -p "${D}/${PRIVATE_DST}" + cp -pPRf "${ROOT}/${PRIVATE_SRC}"/* "${D}/${PRIVATE_DST}/" + eend $? + fi + + if [[ ! -f "${ROOT}/etc/samba/smb.conf" ]] ; then + touch "${D}/etc/samba/smb.conf" + fi +} + +pkg_postinst() { + if use python ; then + python_mod_optimize $(python_get_sitedir)/samba + fi + + if use swat ; then + einfo "swat must be enabled by xinetd:" + einfo " change the /etc/xinetd.d/swat configuration" + fi + + if use ipv6 ; then + einfo "ipv6 support must be enabled by xinetd:" + einfo " change the /etc/xinetd.d/smb configuration" + fi + + elog "It is possible to start/stop daemons separately:" + elog " Create a symlink from /etc/init.d/samba.{smbd,nmbd,winbind} to" + elog " /etc/init.d/samba. Calling /etc/init.d/samba directly will start" + elog " the daemons configured in /etc/conf.d/samba" + + elog "The mount/umount.cifs helper applications are not included anymore." + elog "Please install net-fs/mount-cifs instead." + + if use oav ; then + elog "The configure snippets for various antivirus plugins are available here:" + elog " /usr/share/doc/${PF}/samba-vscan" + fi + + ewarn "If you're upgrading from 3.0.24 or earlier, please make sure to" + ewarn "restart your clients to clear any cached information about the server." + ewarn "Otherwise they might not be able to connect to the volumes." +} + +pkg_postrm() { + if use python ; then + python_mod_cleanup $(python_get_sitedir)/samba + fi +} diff --git a/net-fs/samba/samba-3.2.15-r1.ebuild b/net-fs/samba/samba-3.2.15-r1.ebuild new file mode 100644 index 000000000000..b98a9fd905a0 --- /dev/null +++ b/net-fs/samba/samba-3.2.15-r1.ebuild @@ -0,0 +1,293 @@ +# Copyright 1999-2010 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-fs/samba/samba-3.2.15-r1.ebuild,v 1.1 2010/06/23 17:11:00 vostorga Exp $ + +inherit eutils pam multilib versionator confutils autotools + +MY_P=${PN}-${PV/_/} + +DESCRIPTION="A suite of SMB and CIFS client/server programs for UNIX" +HOMEPAGE="http://www.samba.org/" +SRC_URI="mirror://samba/${MY_P}.tar.gz" +LICENSE="GPL-3" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~sparc-fbsd ~x86 ~x86-fbsd" + +# disabled for now +#IUSE_LINGUAS="linguas_ja linguas_pl" + +IUSE="${IUSE_LINGUAS} acl ads async automount caps cifsupcall cups doc examples ipv6 kernel_linux ldap fam + pam quotas readline selinux swat syslog winbind" + +RDEPEND="dev-libs/popt + dev-libs/iniparser + virtual/libiconv + acl? ( virtual/acl ) + cifsupcall? ( sys-apps/keyutils ) + cups? ( net-print/cups ) + ipv6? ( sys-apps/xinetd ) + ads? ( virtual/krb5 sys-fs/e2fsprogs ) + ldap? ( net-nds/openldap ) + pam? ( virtual/pam ) + readline? ( sys-libs/readline ) + selinux? ( sec-policy/selinux-samba ) + swat? ( sys-apps/xinetd ) + syslog? ( virtual/logger ) + fam? ( virtual/fam ) + caps? ( sys-libs/libcap )" +DEPEND="${RDEPEND}" + +S="${WORKDIR}/${MY_P}" +CONFDIR="${FILESDIR}/config-3.2" +PRIVATE_DST=/var/lib/samba/private + +# Tests are currently broken due to hardcoded paths (due to --with-fhs) +# The problem is that --without-fhs lets samba use lockdir (which can be changed in smb.conf) +# which is wrong as well. +RESTRICT="test" + +pkg_setup() { + confutils_use_depend_all ads ldap + confutils_use_depend_all cifsupcall ads +} + +src_unpack() { + unpack ${A} + cd "${S}/source" + + epatch \ + "${FILESDIR}/3.2.15-CVE-2010-2063.patch" \ + "${FILESDIR}/3.2.15-smbclient-file-corruption-NT4.patch" \ + "${FILESDIR}/3.2.15-core-dump-overlapping-byte-lock-test.patch" + + # Ok, agreed, this is ugly. But it avoids a patch we + # need for every samba version and we don't need autotools + sed -i \ + -e 's|"lib32" ||' \ + -e 's|if test -d "$i/$l" ;|if test -d "$i/$l" -o -L "$i/$l";|' \ + configure || die "sed failed" + + rm "${S}/docs/manpages"/{mount,umount}.cifs.8 + + sed -i \ + -e 's|tdbsam|tdbsam:${PRIVATEDIR}/passdb.tdb|' \ + "${S}/source/script/tests/selftest.sh" || die "sed failed" +} + +src_compile() { + cd "${S}/source" + + local myconf + local mylangs + local mymod_shared + + # this doesn't seem to work ... + #mylangs="--with-manpages-langs=en" + #use linguas_ja && mylangs="${mylangs},ja" + #use linguas_pl && mylangs="${mylangs},pl" + + use winbind && mymod_shared="--with-shared-modules=idmap_rid" + if use ldap ; then + myconf="${myconf} $(use_with ads)" + use winbind && mymod_shared="${mymod_shared},idmap_ad" + fi + + [[ ${CHOST} == *-*bsd* ]] && myconf="${myconf} --disable-pie" + use hppa && myconf="${myconf} --disable-pie" + + use caps && export ac_cv_header_sys_capability_h=yes || export ac_cv_header_sys_capability_h=no + + # Otherwise we get the whole swat stuff installed + if ! use swat ; then + sed -i \ + -e 's/^\(install:.*\)installswat \(.*\)/\1\2/' \ + Makefile.in || die "sed failed" + fi + + econf \ + --with-fhs \ + --sysconfdir=/etc/samba \ + --localstatedir=/var \ + --with-configdir=/etc/samba \ + --with-libdir=/usr/$(get_libdir)/samba \ + --with-pammodulesdir=$(getpam_mod_dir) \ + --with-swatdir=/usr/share/doc/${PF}/swat \ + --with-piddir=/var/run/samba \ + --with-lockdir=/var/cache/samba \ + --with-logfilebase=/var/log/samba \ + --with-privatedir=${PRIVATE_DST} \ + --with-libsmbclient \ + --enable-socket-wrapper \ + --enable-nss-wrapper \ + --with-cifsmount=no \ + --disable-dnssd \ + $(use_with acl acl-support) \ + $(use_with async aio-support) \ + $(use_with automount) \ + $(use_with cifsupcall) \ + $(use_enable cups) \ + $(use_enable fam) \ + $(use_with ads krb5) \ + $(use_with ads dnsupdate) \ + $(use_with ldap) \ + $(use_with pam) $(use_with pam pam_smbpass) \ + $(use_with quotas) $(use_with quotas sys-quotas) \ + $(use_with readline) \ + $(use_with syslog) \ + $(use_with winbind) \ + ${myconf} ${mylangs} ${mymod_shared} || die "econf failed" + + emake -j1 proto || die "emake proto failed" + emake -j1 everything || die "emake everything failed" + +} + +src_test() { + cd "${S}/source" + emake test || die "tests failed" +} + +src_install() { + cd "${S}/source" + + emake -j1 DESTDIR="${D}" install-everything || die "emake install-everything failed" + + # Extra rpctorture progs + local extra_bins="rpctorture" + for i in ${extra_bins} ; do + [[ -x "${S}/bin/${i}" ]] && dobin "${S}/bin/${i}" + done + + # remove .old stuff from /usr/bin: + rm -f "${D}"/usr/bin/*.old + + # Removing executable bits from header-files + fperms 644 /usr/include/libsmbclient.h + + # Nsswitch extensions. Make link for wins and winbind resolvers + if use winbind ; then + dolib.so nsswitch/libnss_wins.so + dosym libnss_wins.so /usr/$(get_libdir)/libnss_wins.so.2 + dolib.so nsswitch/libnss_winbind.so + dosym libnss_winbind.so /usr/$(get_libdir)/libnss_winbind.so.2 + fi + + # bug #46389: samba doesn't create symlink anymore + # beaviour seems to be changed in 3.0.6, see bug #61046 + dosym samba/libsmbclient.so /usr/$(get_libdir)/libsmbclient.so + dosym samba/libsmbclient.so.0 /usr/$(get_libdir)/libsmbclient.so.0 + dosym samba/libtalloc.so /usr/$(get_libdir)/libtalloc.so + dosym samba/libtalloc.so.1 /usr/$(get_libdir)/libtalloc.so.1 + dosym samba/libtdb.so /usr/$(get_libdir)/libtdb.so + dosym samba/libtdb.so.1 /usr/$(get_libdir)/libtdb.so.1 + dosym samba/libwbclient.so.0 /usr/$(get_libdir)/libwbclient.so.0 + dosym samba/libsmbsharemodes.so.0 /usr/$(get_libdir)/libsmbsharemodes.so.0 + + # make the smb backend symlink for cups printing support (bug #133133) + if use cups ; then + dodir $(cups-config --serverbin)/backend + dosym /usr/bin/smbspool $(cups-config --serverbin)/backend/smb + fi + + cd "${S}/source" + + # General config files + insinto /etc/samba + doins "${CONFDIR}"/{smbusers,lmhosts} + newins "${CONFDIR}/smb.conf.example-samba3" smb.conf.example + + newpamd "${CONFDIR}/samba.pam" samba + use winbind && dopamd "${CONFDIR}/system-auth-winbind" + if use swat ; then + insinto /etc/xinetd.d + newins "${CONFDIR}/swat.xinetd" swat + else + rm -f "${D}/usr/sbin/swat" + rm -f "${D}/usr/share/man/man8/swat.8" + fi + + newinitd "${FILESDIR}/samba-init" samba + newconfd "${FILESDIR}/samba-conf" samba + + if use ldap ; then + insinto /etc/openldap/schema + doins "${S}/examples/LDAP/samba.schema" + fi + + if use ipv6 ; then + insinto /etc/xinetd.d + newins "${FILESDIR}/samba-xinetd" smb + fi + + # dirs + diropts -m0700 ; keepdir "${PRIVATE_DST}" + diropts -m1777 ; keepdir /var/spool/samba + + diropts -m0755 + keepdir /var/{log,run,cache}/samba + keepdir /var/lib/samba/{netlogon,profiles} + keepdir /var/lib/samba/printers/{W32X86,WIN40,W32ALPHA,W32MIPS,W32PPC,X64,IA64,COLOR} + keepdir /usr/$(get_libdir)/samba/{rpc,idmap,auth} + + # docs + dodoc "${FILESDIR}/README.gentoo" + dodoc "${S}"/{MAINTAINERS,README,Roadmap,WHATSNEW.txt} + dodoc "${CONFDIR}/nsswitch.conf-wins" + use winbind && dodoc "${CONFDIR}/nsswitch.conf-winbind" + + if use examples ; then + insinto /usr/share/doc/${PF} + doins -r "${S}/examples/" + find "${D}/usr/share/doc/${PF}" -type d -print0 | xargs -0 chmod 755 + find "${D}/usr/share/doc/${PF}/examples" ! -type d -print0 | xargs -0 chmod 644 + fi + + if ! use doc ; then + if ! use swat ; then + rm -rf "${D}/usr/share/doc/${PF}/swat" + else + rm -rf "${D}/usr/share/doc/${PF}/swat/help"/{guide,howto,devel} + rm -rf "${D}/usr/share/doc/${PF}/swat/using_samba" + fi + fi + +} + +pkg_preinst() { + local PRIVATE_SRC=/etc/samba/private + if [[ ! -r "${ROOT}/${PRIVATE_DST}/secrets.tdb" \ + && -r "${ROOT}/${PRIVATE_SRC}/secrets.tdb" ]] ; then + ebegin "Copying ${ROOT}/${PRIVATE_SRC}/* to ${ROOT}/${PRIVATE_DST}/" + mkdir -p "${D}/${PRIVATE_DST}" + cp -pPRf "${ROOT}/${PRIVATE_SRC}"/* "${D}/${PRIVATE_DST}/" + eend $? + fi + + if [[ ! -f "${ROOT}/etc/samba/smb.conf" ]] ; then + touch "${D}/etc/samba/smb.conf" + fi +} + +pkg_postinst() { + if use swat ; then + einfo "swat must be enabled by xinetd:" + einfo " change the /etc/xinetd.d/swat configuration" + fi + + if use ipv6 ; then + einfo "ipv6 support must be enabled by xinetd:" + einfo " change the /etc/xinetd.d/smb configuration" + fi + + elog "It is possible to start/stop daemons separately:" + elog " Create a symlink from /etc/init.d/samba.{smbd,nmbd,winbind} to" + elog " /etc/init.d/samba. Calling /etc/init.d/samba directly will start" + elog " the daemons configured in /etc/conf.d/samba" + + elog "The mount/umount.cifs helper applications are not included anymore." + elog "Please install net-fs/mount-cifs instead." + + ewarn "If you're upgrading from 3.0.24 or earlier, please make sure to" + ewarn "restart your clients to clear any cached information about the server." + ewarn "Otherwise they might not be able to connect to the volumes." +} |