manuel/void-packages
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

samba: update to 4.13.2.

Browse Source
This commit is contained in:
Andrew J. Hesford 2020-12-13 19:17:17 -05:00
parent da39e26816
commit 1064515c61
14 changed files with 393 additions and 421 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
common/shlibs
View File

@ -774,10 +774,8 @@ libgssdp-1.2.so.0 gssdp-1.2.0_1
libgupnp-1.2.so.0 gupnp-1.2.0_1
libsamplerate.so.0 libsamplerate-0.1.7_1
libmms.so.0 libmms-0.6_1
libsmbclient.so.0 libsmbclient-3.5.6_1
libsmbios.so.2 libsmbios-2.2.28_1
libsmbios_c.so.2 libsmbios-2.2.28_1
libwbclient.so.0 libsmbclient-3.5.6_1
libjasper.so.4 libjasper-1.900.27_1
librecode.so.0 librecode-3.6_1
libenca.so.0 libenca-1.13_1
@ -1618,8 +1616,6 @@ libdovecot-compression.so.0 dovecot-2.2.11_2
libdovecot-sql.so.0 dovecot-2.2.11_2
libdovecot-storage.so.0 dovecot-2.2.11_2
libdovecot-lda.so.0 dovecot-2.2.11_2
libnetapi.so.0 samba-3.6.23_1
libsmbsharemodes.so.0 samba-3.6.23_1
libmysqld.so.18 libmariadbclient-5.5.36_1
libwiretap.so.11 libwireshark-3.4.0_1
libwireshark.so.14 libwireshark-3.4.0_1
@ -4001,3 +3997,55 @@ libevemu.so.3 evemu-2.7.0_1
libantilib.so.1 libantimicrox-3.1.2_1
libinih.so.0 inih-52_1
libpcaudio.so.0 pcaudiolib-1.1_1
libauth-unix-token-samba4.so samba-4.13.2_1
libauth4-samba4.so samba-4.13.2_1
libdcerpc-samba4.so samba-4.13.2_1
libdcerpc-samr.so.0 samba-4.13.2_1
libdcerpc-server-core.so.0 samba-4.13.2_1
libdsdb-module-samba4.so samba-4.13.2_1
libgpext-samba4.so samba-4.13.2_1
libnet-keytab-samba4.so samba-4.13.2_1
libnetapi.so.0 samba-4.13.2_1
libnss_winbind.so.2 samba-4.13.2_1
libnss_wins.so.2 samba-4.13.2_1
libposix-eadb-samba4.so samba-4.13.2_1
libprinting-migrate-samba4.so samba-4.13.2_1
libsamba-net-samba4.so samba-4.13.2_1
libsamba-policy.so.0 samba-4.13.2_1
libsamba-python-samba4.so samba-4.13.2_1
libshares-samba4.so samba-4.13.2_1
libsmbd-base-samba4.so samba-4.13.2_1
libsmbd-conn-samba4.so samba-4.13.2_1
libsmbpasswdparser-samba4.so samba-4.13.2_1
libxattr-tdb-samba4.so samba-4.13.2_1
libcli-ldap-samba4.so samba-libs-4.13.2_1
libcliauth-samba4.so samba-libs-4.13.2_1
libcluster-samba4.so samba-libs-4.13.2_1
libcommon-auth-samba4.so samba-libs-4.13.2_1
libdcerpc.so.0 samba-libs-4.13.2_1
libdcerpc-binding.so.0 samba-libs-4.13.2_1
libdcerpc-samba-samba4.so samba-libs-4.13.2_1
libflag-mapping-samba4.so samba-libs-4.13.2_1
libgpo-samba4.so samba-libs-4.13.2_1
libiov-buf-samba4.so samba-libs-4.13.2_1
libndr-krb5pac.so.0 samba-libs-4.13.2_1
libndr-nbt.so.0 samba-libs-4.13.2_1
libndr-samba-samba4.so samba-libs-4.13.2_1
libndr-samba4.so samba-libs-4.13.2_1
libndr-standard.so.0 samba-libs-4.13.2_1
libndr.so.1 samba-libs-4.13.2_1
libprinter-driver-samba4.so samba-libs-4.13.2_1
libsamba-credentials.so.0 samba-libs-4.13.2_1
libsamba-errors.so.1 samba-libs-4.13.2_1
libsamba-hostconfig.so.0 samba-libs-4.13.2_1
libsamba-passdb.so.0 samba-libs-4.13.2_1
libsamba-util.so.0 samba-libs-4.13.2_1
libsamdb.so.0 samba-libs-4.13.2_1
libsmb-transport-samba4.so samba-libs-4.13.2_1
libsmbclient.so.0 samba-libs-4.13.2_1
libsmbconf.so.0 samba-libs-4.13.2_1
libsmbldap.so.2 samba-libs-4.13.2_1
libtdb-wrap-samba4.so samba-libs-4.13.2_1
libutil-cmdline-samba4.so samba-libs-4.13.2_1
libwbclient.so.0 samba-libs-4.13.2_1
libwinbind-client-samba4.so samba-libs-4.13.2_1

0
srcpkgs/libsmbclient → srcpkgs/samba-libs
View File

0
srcpkgs/samba-cups → srcpkgs/samba-python3
View File

32
srcpkgs/samba/patches/CVE-2017-7494.patch
View File

@ -1,32 +0,0 @@
From c12670f75b6403aa0b7d7c02bd7af0d4f1160b9e Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl@samba.org>
Date: Mon, 8 May 2017 21:40:40 +0200
Subject: [PATCH 1/1] CVE-2017-7494: Refuse to open pipe names with / inside
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12780
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
---
source3/rpc_server/srv_pipe.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index 251f899..7126865 100644
--- source3/rpc_server/srv_pipe.c
+++ source3/rpc_server/srv_pipe.c
@@ -473,6 +473,11 @@ bool is_known_pipename(const char *cli_filename, struct ndr_syntax_id *syntax)
pipename += 1;
}
+ if (strchr(pipename, '/')) {
+ DEBUG(1,("Refusing open on pipe %s\n", pipename));
+ return false;
+ }
+
if (lp_disable_spoolss() && strequal(pipename, "spoolss")) {
DEBUG(10, ("refusing spoolss access\n"));
return false;
2.9.3

14
srcpkgs/samba/patches/add_missing___compar_fn_t.patch Normal file
View File

@ -0,0 +1,14 @@
--- source4/dsdb/samdb/ldb_modules/count_attrs.c
+++ source4/dsdb/samdb/ldb_modules/count_attrs.c
@@ -38,6 +38,11 @@
#define NULL_REQ_PSEUDO_N -2LL;
#define STAR_REQ_PSEUDO_N -4LL;
+#ifndef __COMPAR_FN_T
+#define __COMPAR_FN_T
+typedef int (*__compar_fn_t)(const void *, const void *);
+#endif
+
struct count_attrs_private {
struct tdb_wrap *requested;
struct tdb_wrap *duplicates;

72
srcpkgs/samba/patches/getpwent_r.patch Normal file
View File

@ -0,0 +1,72 @@
diff --git source4/torture/local/nss_tests.c source4/torture/local/nss_tests.c
index 2cd6122..04f13c6 100644
--- source4/torture/local/nss_tests.c
+++ source4/torture/local/nss_tests.c
@@ -333,6 +333,7 @@ static bool test_enum_passwd(struct torture_context *tctx,
return true;
}
+#if HAVE_GETPWENT_R
static bool test_enum_r_passwd(struct torture_context *tctx,
struct passwd **pwd_array_p,
size_t *num_pwd_p)
@@ -383,6 +384,7 @@ static bool test_enum_r_passwd(struct torture_context *tctx,
return true;
}
+#endif
static bool torture_assert_passwd_equal(struct torture_context *tctx,
const struct passwd *p1,
@@ -434,7 +436,7 @@ static bool test_passwd_r(struct torture_context *tctx)
struct passwd *pwd, pwd1, pwd2;
size_t num_pwd;
- torture_assert(tctx, test_enum_r_passwd(tctx, &pwd, &num_pwd),
+ torture_assert(tctx, test_enum_passwd(tctx, &pwd, &num_pwd),
"failed to enumerate passwd");
for (i=0; i < num_pwd; i++) {
@@ -462,7 +464,7 @@ static bool test_passwd_r_cross(struct torture_context *tctx)
struct passwd *pwd, pwd1, pwd2, pwd3, pwd4;
size_t num_pwd;
- torture_assert(tctx, test_enum_r_passwd(tctx, &pwd, &num_pwd),
+ torture_assert(tctx, test_enum_passwd(tctx, &pwd, &num_pwd),
"failed to enumerate passwd");
for (i=0; i < num_pwd; i++) {
@@ -533,6 +535,7 @@ static bool test_enum_group(struct torture_context *tctx,
return true;
}
+#if HAVE_GETGRENT_R
static bool test_enum_r_group(struct torture_context *tctx,
struct group **grp_array_p,
size_t *num_grp_p)
@@ -583,6 +586,7 @@ static bool test_enum_r_group(struct torture_context *tctx,
return true;
}
+#endif
static bool torture_assert_group_equal(struct torture_context *tctx,
const struct group *g1,
@@ -639,7 +643,7 @@ static bool test_group_r(struct torture_context *tctx)
struct group *grp, grp1, grp2;
size_t num_grp;
- torture_assert(tctx, test_enum_r_group(tctx, &grp, &num_grp),
+ torture_assert(tctx, test_enum_group(tctx, &grp, &num_grp),
"failed to enumerate group");
for (i=0; i < num_grp; i++) {
@@ -667,7 +671,7 @@ static bool test_group_r_cross(struct torture_context *tctx)
struct group *grp, grp1, grp2, grp3, grp4;
size_t num_grp;
- torture_assert(tctx, test_enum_r_group(tctx, &grp, &num_grp),
+ torture_assert(tctx, test_enum_group(tctx, &grp, &num_grp),
"failed to enumerate group");
for (i=0; i < num_grp; i++) {

32
srcpkgs/samba/patches/glibc-2.28.patch
View File

@ -1,32 +0,0 @@
--- source3/lib/system.c.orig 2019-01-23 23:55:02.171524646 +0100
+++ source3/lib/system.c 2019-01-23 23:55:32.693250813 +0100
@@ -25,6 +25,7 @@
#include "system/capability.h"
#include "system/passwd.h"
#include "system/filesys.h"
+#include <sys/sysmacros.h>
#ifdef HAVE_SYS_PRCTL_H
#include <sys/prctl.h>
--- source3/libsmb/clifile.c.orig 2019-01-24 00:00:41.142565919 +0100
+++ source3/libsmb/clifile.c 2019-01-24 00:00:28.148674834 +0100
@@ -26,6 +26,7 @@
#include "libsmb/clirap.h"
#include "trans2.h"
#include "ntioctl.h"
+#include <sys/sysmacros.h>
/***********************************************************
Common function for pushing stings, used by smb_bytes_push_str()
--- lib/replace/replace.h.orig 2019-01-24 00:04:11.908799366 +0100
+++ lib/replace/replace.h 2019-01-24 00:04:32.329628199 +0100
@@ -40,6 +40,7 @@
#include <stdlib.h>
#include <stdarg.h>
#include <errno.h>
+#include <sys/sysmacros.h>
#if defined(_MSC_VER) || defined(__MINGW32__)
#include "win32_replace.h"

38
srcpkgs/samba/patches/missing-headers.patch Normal file
View File

@ -0,0 +1,38 @@
diff --git lib/param/loadparm.h lib/param/loadparm.h
index b5d79b9..3f4eae0 100644
--- lib/param/loadparm.h
+++ lib/param/loadparm.h
@@ -31,6 +31,7 @@
#define _LOADPARM_H
#include <talloc.h>
+#include <time.h>
struct parmlist_entry {
struct parmlist_entry *prev, *next;
diff --git source3/lib/system_smbd.c source3/lib/system_smbd.c
index 3b1ac9c..4044d75 100644
--- source3/lib/system_smbd.c
+++ source3/lib/system_smbd.c
@@ -27,6 +27,8 @@
#include "system/passwd.h"
#include "nsswitch/winbind_client.h"
#include "../lib/util/setid.h"
+#include <grp.h>
+#include <uuid/uuid.h>
#ifndef HAVE_GETGROUPLIST
diff --git source4/torture/local/nss_tests.c source4/torture/local/nss_tests.c
index 2cd6122..0c84ec2 100644
--- source4/torture/local/nss_tests.c
+++ source4/torture/local/nss_tests.c
@@ -20,6 +20,8 @@
*/
#include "includes.h"
+#include <grp.h>
+#include <uuid/uuid.h>
#include "torture/torture.h"
#include "torture/local/proto.h"

10
srcpkgs/samba/patches/musl.patch
View File

@ -1,10 +0,0 @@
--- source3/include/samba_linux_quota.h.orig 2015-06-13 11:42:24.658548702 +0200
+++ source3/include/samba_linux_quota.h 2015-06-13 11:42:33.241642520 +0200
@@ -40,6 +40,7 @@
* Headerfile for old quotafile format
*/
+#include <sys/cdefs.h>
#include <sys/types.h>
#define V1_DQBLK_SIZE_BITS 10

37
srcpkgs/samba/patches/musl_rm_unistd_incl.patch Normal file
View File

@ -0,0 +1,37 @@
--- lib/replace/replace.h
+++ lib/replace/replace.h
@@ -168,10 +168,6 @@
#include <bsd/unistd.h>
#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-
#ifdef HAVE_STRING_H
#include <string.h>
#endif
--- lib/replace/system/network.h
+++ lib/replace/system/network.h
@@ -31,10 +31,6 @@
#error "AC_LIBREPLACE_NETWORK_CHECKS missing in configure"
#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-
#ifdef HAVE_SYS_SOCKET_H
#include <sys/socket.h>
#endif
--- source3/rpc_server/mdssvc/mdssvc.c
+++ source3/rpc_server/mdssvc/mdssvc.c
@@ -18,6 +18,8 @@
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
+#include <unistd.h>
+
#include "includes.h"
#include "librpc/gen_ndr/auth.h"
#include "dbwrap/dbwrap.h"

35
srcpkgs/samba/patches/musl_uintptr.patch Normal file
View File

@ -0,0 +1,35 @@
commit f81e5b71ce78f33250347914dacc75c8463bf102
Author: Breno Leitao <breno.leitao@gmail.com>
Date: Wed Mar 29 15:22:38 2017 -0300
include: Check for previous declaration of uintptr_t
Adding a extra check before declaring uintptr_t. Currently musl uses
macro __DEFINED_uintptr_t once it defines uintptr_t type. Checking
this macro before defining it, and, defining it when uintptr_t is
defined.
Signed-off-by: Breno Leitao <breno.leitao@gmail.com>
diff --git third_party/cmocka/cmocka.h third_party/cmocka/cmocka.h
index 303d0ae..a2bfc40 100644
--- third_party/cmocka/cmocka.h
+++ third_party/cmocka/cmocka.h
@@ -111,7 +111,7 @@
((LargestIntegralType)(value))
/* Smallest integral type capable of holding a pointer. */
-#if !defined(_UINTPTR_T) && !defined(_UINTPTR_T_DEFINED)
+#if !defined(_UINTPTR_T) && !defined(_UINTPTR_T_DEFINED) && !defined(__DEFINED_uintptr_t)
# if defined(_WIN32)
/* WIN32 is an ILP32 platform */
typedef unsigned int uintptr_t;
@@ -137,6 +137,8 @@
# define _UINTPTR_T
# define _UINTPTR_T_DEFINED
+# define __DEFINED_uintptr_t
+
#endif /* !defined(_UINTPTR_T) || !defined(_UINTPTR_T_DEFINED) */
/* Perform an unsigned cast to uintptr_t. */

19
srcpkgs/samba/patches/netdb-defines.patch Normal file
View File

@ -0,0 +1,19 @@
diff --git nsswitch/wins.c nsswitch/wins.c
index dccb6dd..bb24acb 100644
--- nsswitch/wins.c
+++ nsswitch/wins.c
@@ -39,6 +39,14 @@ static pthread_mutex_t wins_nss_mutex = PTHREAD_MUTEX_INITIALIZER;
#define INADDRSZ 4
#endif
+#ifndef NETDB_INTERNAL
+#define NETDB_INTERNAL -1
+#endif
+
+#ifndef NETDB_SUCCESS
+#define NETDB_SUCCESS 0
+#endif
+
NSS_STATUS _nss_wins_gethostbyname_r(const char *hostname,
struct hostent *he,
char *buffer,

255
srcpkgs/samba/patches/samba-3.6.25-security-2015-12-16.patch
View File

@ -1,255 +0,0 @@
From 2e94b6ec10f1d15e24867bab3063bb85f173406a Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Thu, 9 Jul 2015 10:58:11 -0700
Subject: [PATCH] CVE-2015-5252: s3: smbd: Fix symlink verification (file
access outside the share).
Ensure matching component ends in '/' or '\0'.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11395
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
---
source3/smbd/vfs.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/source3/smbd/vfs.c b/source3/smbd/vfs.c
index 6c56964..bd93b7f 100644
--- source3/smbd/vfs.c
+++ source3/smbd/vfs.c
@@ -982,6 +982,7 @@ NTSTATUS check_reduced_name(connection_struct *conn, const char *fname)
if (!allow_widelinks || !allow_symlinks) {
const char *conn_rootdir;
size_t rootdir_len;
+ bool matched;
conn_rootdir = SMB_VFS_CONNECTPATH(conn, fname);
if (conn_rootdir == NULL) {
@@ -992,8 +993,10 @@ NTSTATUS check_reduced_name(connection_struct *conn, const char *fname)
}
rootdir_len = strlen(conn_rootdir);
- if (strncmp(conn_rootdir, resolved_name,
- rootdir_len) != 0) {
+ matched = (strncmp(conn_rootdir, resolved_name,
+ rootdir_len) == 0);
+ if (!matched || (resolved_name[rootdir_len] != '/' &&
+ resolved_name[rootdir_len] != '\0')) {
DEBUG(2, ("check_reduced_name: Bad access "
"attempt: %s is a symlink outside the "
"share path\n", fname));
--
2.5.0
From 25139116756cc285a3a5534834cc276ef1b7baaa Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Wed, 30 Sep 2015 21:17:02 +0200
Subject: [PATCH 1/2] CVE-2015-5296: s3:libsmb: force signing when requiring
encryption in do_connect()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11536
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
---
source3/libsmb/clidfs.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/source3/libsmb/clidfs.c b/source3/libsmb/clidfs.c
index 23e1471..f153b6b 100644
--- source3/libsmb/clidfs.c
+++ source3/libsmb/clidfs.c
@@ -98,6 +98,11 @@ static struct cli_state *do_connect(TALLOC_CTX *ctx,
const char *username;
const char *password;
NTSTATUS status;
+ int signing_state = get_cmdline_auth_info_signing_state(auth_info);
+
+ if (force_encrypt) {
+ signing_state = Required;
+ }
/* make a copy so we don't modify the global string 'service' */
servicename = talloc_strdup(ctx,share);
@@ -132,7 +137,7 @@ static struct cli_state *do_connect(TALLOC_CTX *ctx,
zero_sockaddr(&ss);
/* have to open a new connection */
- c = cli_initialise_ex(get_cmdline_auth_info_signing_state(auth_info));
+ c = cli_initialise_ex(signing_state);
if (c == NULL) {
d_printf("Connection to %s failed\n", server_n);
return NULL;
--
2.5.0
From 060adb0abdeda51b8b622c6020b5dea0c8dde1cf Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Wed, 30 Sep 2015 21:17:02 +0200
Subject: [PATCH 2/2] CVE-2015-5296: s3:libsmb: force signing when requiring
encryption in SMBC_server_internal()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11536
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
---
source3/libsmb/libsmb_server.c | 13 +++++++++++--
1 file changed, 11 insertions(+), 2 deletions(-)
diff --git a/source3/libsmb/libsmb_server.c b/source3/libsmb/libsmb_server.c
index 45be660..167f2c9 100644
--- source3/libsmb/libsmb_server.c
+++ source3/libsmb/libsmb_server.c
@@ -258,6 +258,7 @@ SMBC_server_internal(TALLOC_CTX *ctx,
const char *username_used;
NTSTATUS status;
char *newserver, *newshare;
+ int signing_state = Undefined;
zero_sockaddr(&ss);
ZERO_STRUCT(c);
@@ -404,8 +405,12 @@ again:
zero_sockaddr(&ss);
+ if (context->internal->smb_encryption_level != SMBC_ENCRYPTLEVEL_NONE) {
+ signing_state = Required;
+ }
+
/* have to open a new connection */
- if ((c = cli_initialise()) == NULL) {
+ if ((c = cli_initialise_ex(signing_state)) == NULL) {
errno = ENOMEM;
return NULL;
}
@@ -750,6 +755,7 @@ SMBC_attr_server(TALLOC_CTX *ctx,
ipc_srv = SMBC_find_server(ctx, context, server, "*IPC$",
pp_workgroup, pp_username, pp_password);
if (!ipc_srv) {
+ int signing_state = Undefined;
/* We didn't find a cached connection. Get the password */
if (!*pp_password || (*pp_password)[0] == '\0') {
@@ -771,6 +777,9 @@ SMBC_attr_server(TALLOC_CTX *ctx,
if (smbc_getOptionUseCCache(context)) {
flags |= CLI_FULL_CONNECTION_USE_CCACHE;
}
+ if (context->internal->smb_encryption_level != SMBC_ENCRYPTLEVEL_NONE) {
+ signing_state = Required;
+ }
zero_sockaddr(&ss);
nt_status = cli_full_connection(&ipc_cli,
@@ -780,7 +789,7 @@ SMBC_attr_server(TALLOC_CTX *ctx,
*pp_workgroup,
*pp_password,
flags,
- Undefined);
+ signing_state);
if (! NT_STATUS_IS_OK(nt_status)) {
DEBUG(1,("cli_full_connection failed! (%s)\n",
nt_errstr(nt_status)));
--
2.5.0
From 8e49de7754f7171a58a1f94dee0f1138dbee3c60 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Fri, 23 Oct 2015 14:54:31 -0700
Subject: [PATCH] CVE-2015-5299: s3-shadow-copy2: fix missing access check on
snapdir
Fix originally from <partha@exablox.com>
https://bugzilla.samba.org/show_bug.cgi?id=11529
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
---
source3/modules/vfs_shadow_copy2.c | 47 ++++++++++++++++++++++++++++++++++++++
1 file changed, 47 insertions(+)
diff --git a/source3/modules/vfs_shadow_copy2.c b/source3/modules/vfs_shadow_copy2.c
index fedfb53..16c1ed7 100644
--- source3/modules/vfs_shadow_copy2.c
+++ source3/modules/vfs_shadow_copy2.c
@@ -21,6 +21,8 @@
#include "includes.h"
#include "smbd/smbd.h"
+#include "smbd/globals.h"
+#include "../libcli/security/security.h"
#include "system/filesys.h"
#include "ntioctl.h"
@@ -764,6 +766,43 @@ static int shadow_copy2_mkdir(vfs_handle_struct *handle, const char *fname, mod
SHADOW2_NEXT(MKDIR, (handle, name, mode), int, -1);
}
+static bool check_access_snapdir(struct vfs_handle_struct *handle,
+ const char *path)
+{
+ struct smb_filename smb_fname;
+ int ret;
+ NTSTATUS status;
+ uint32_t access_granted = 0;
+
+ ZERO_STRUCT(smb_fname);
+ smb_fname.base_name = talloc_asprintf(talloc_tos(),
+ "%s",
+ path);
+ if (smb_fname.base_name == NULL) {
+ return false;
+ }
+
+ ret = SMB_VFS_NEXT_STAT(handle, &smb_fname);
+ if (ret != 0 || !S_ISDIR(smb_fname.st.st_ex_mode)) {
+ TALLOC_FREE(smb_fname.base_name);
+ return false;
+ }
+
+ status = smbd_check_open_rights(handle->conn,
+ &smb_fname,
+ SEC_DIR_LIST,
+ &access_granted);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0,("user does not have list permission "
+ "on snapdir %s\n",
+ smb_fname.base_name));
+ TALLOC_FREE(smb_fname.base_name);
+ return false;
+ }
+ TALLOC_FREE(smb_fname.base_name);
+ return true;
+}
+
static int shadow_copy2_rmdir(vfs_handle_struct *handle, const char *fname)
{
SHADOW2_NEXT(RMDIR, (handle, name), int, -1);
@@ -877,6 +916,7 @@ static int shadow_copy2_get_shadow_copy2_data(vfs_handle_struct *handle,
SMB_STRUCT_DIRENT *d;
TALLOC_CTX *tmp_ctx = talloc_new(handle->data);
char *snapshot;
+ bool ret;
snapdir = shadow_copy2_find_snapdir(tmp_ctx, handle);
if (snapdir == NULL) {
@@ -886,6 +926,13 @@ static int shadow_copy2_get_shadow_copy2_data(vfs_handle_struct *handle,
talloc_free(tmp_ctx);
return -1;
}
+ ret = check_access_snapdir(handle, snapdir);
+ if (!ret) {
+ DEBUG(0,("access denied on listing snapdir %s\n", snapdir));
+ errno = EACCES;
+ talloc_free(tmp_ctx);
+ return -1;
+ }
p = SMB_VFS_NEXT_OPENDIR(handle, snapdir, NULL, 0);
--
2.5.0

214
srcpkgs/samba/template
View File

@ -1,82 +1,79 @@
# Template file for 'samba'
pkgname=samba
version=3.6.25
revision=15
build_wrksrc=source3
build_style=gnu-configure
configure_args="--with-fhs --with-pam --with-pam_smbpass --with-ldap
--with-configdir=/etc/samba --with-lockdir=/var/samba --with-static-libs=libtevent
--with-cachedir=/var/samba --with-nmbdsocketdir=/run/samba/socket
--with-statedir=/var/samba --with-piddir=/run/samba --with-dnsupdate
--with-pammodulesdir=/usr/lib/security --with-automount --disable-swat
--with-syslog --enable-external-libtalloc --with-quotas --enable-cups
--enable-external-libtdb --disable-fam --with-ads --with-acl-support
--with-shared-modules=idmap_ad,idmap_adex,idmap_rid,idmap_hash,idmap_tdb2
--sbindir=/usr/bin"
version=4.13.2
revision=1
build_style=waf3
build_helper="qemu"
configure_script="buildtools/bin/waf"
_idmap_modules="idmap_ad,idmap_rid,idmap_adex,idmap_hash,idmap_tdb2"
_pdb_modules="pdb_tdbsam,pdb_ldap,pdb_ads,pdb_smbpasswd,pdb_wbc_sam,pdb_samba4"
_auth_modules="auth_unix,auth_wbc,auth_server,auth_netlogind,autH_script,auth_samba4"
configure_args="--enable-fhs --sbindir=/usr/bin --localstatedir=/var
--sysconfdir=/etc --with-piddir=/run/samba --with-sockets-dir=/run/samba
--with-privatedir=/etc/samba/private --with-pammodulesdir=/usr/lib/security
--with-modulesdir=/usr/lib/samba --disable-rpath --disable-rpath-install
--without-systemd --without-gettext --bundled-libraries=NONE
--with-system-mitkrb5 --without-ad-dc
--with-shared-modules=${_idmap_modules},${_pdb_modules},${_auth_modules}"
hostmakedepends="pkg-config perl-Parse-Yapp rpcsvc-proto docbook2x
libtasn1-tools tdb-python3 tevent-python3 talloc-python3"
makedepends="python3-devel libtirpc-devel popt-devel e2fsprogs-devel
mit-krb5-devel pam-devel acl-devel cups-devel avahi-libs-devel tdb-devel
talloc-devel tevent-devel ldb-devel cmocka-devel gnutls-devel zlib-devel
ncurses-devel libldap-devel libarchive-devel jansson-devel"
short_desc="SMB/CIFS file, print, and login server for Unix"
maintainer="Orphaned <orphan@voidlinux.org>"
license="GPL-3"
license="GPL-3.0-or-later"
homepage="http://www.samba.org"
distfiles="http://us1.samba.org/samba/ftp/stable/$pkgname-$version.tar.gz"
checksum=8f2c8a7f2bd89b0dfd228ed917815852f7c625b2bc0936304ac3ed63aaf83751
distfiles="http://download.samba.org/pub/samba/stable/${pkgname}-${version}.tar.gz"
checksum=276464396a05d88b775bda01ac2eb1e5a636ccf7010b0fd28efc3d85583af2b4
lib32disabled=yes
conf_files="/etc/pam.d/samba /etc/samba/smb.conf"
make_dirs="/etc/samba/private 0750 root root"
hostmakedepends="pkg-config perl python-devel"
makedepends="readline-devel libcap-devel popt-devel e2fsprogs-devel mit-krb5-devel
libldap-devel pam-devel acl-devel avahi-libs-devel tdb-devel talloc-devel cups-devel"
if [ "$XBPS_TARGET_LIBC" = "musl" ]; then
makedepends+=" musl-legacy-compat"
fi
do_configure() {
sed -e 's,XFS_QUOTA_,FS_QUOTA_,g' -i lib/sysquotas_xfs.c
# By default, samba wants to install a bunch of private "*-samba4.so" shared
# libraries that leak into shlib_requires dependencies. Most of these can be
# built into the public shared libraries, avoiding the mess of tracking shlibs
# that shouldn't be exposed locally. For those that cannot be built in, make
# sure to install them into /usr/lib so xbps-src picks them up.
_privlibs="CHARSET3 MESSAGING_SEND MESSAGING LIBWBCLIENT_OLD addns ads \
asn1util auth authkrb5 cmdline_contexts cmdline-credentials cli_cldap \
cli-ldap-common cli-nbt cli_smb_common cli_spoolss clidns common-auth dbwrap \
events flag-mapping genrand gensec gse http interfaces iov-buf krb5samba \
ldbsamba libcli_lsa3 libcli_netlogon3 libsmb messages_dgm messages_util mscat \
msghdr msrpc3 netif npa_tstream popt_samba3 popt_samba3_cmdline \
printer-driver registry replace samba-cluster-support samba-debug \
samba-modules samba-security samba-sockets samba3-util samdb-common secrets3 \
server_id_db server-role smbclient-raw smbd_shim socket-blocking \
sys_rw talloc_report_printf talloc_report tdb_wrap time-basic trusts_util \
util_reg util_setid util_tdb tevent-util"
configure_args+=" --with-privatelibdir=/usr/lib --builtin-libraries=${_privlibs// /,}"
if [ "$CROSS_BUILD" ]; then
configure_args+=" samba_cv_CC_NEGATIVE_ENUM_VALUES=yes
libreplace_cv_HAVE_GETADDRINFO=no
libreplace_cv_HAVE_GETIFADDRS=yes
ac_cv_file__proc_sys_kernel_core_pattern=yes
ac_cv_func_ext_krb5_free_keytab_entry_contents=yes
samba_cv_HAVE_WRFILE_KEYTAB=yes
smb_krb5_cv_enctype_to_string_takes_size_t_arg=yes
smb_krb5_cv_enctype_to_string_takes_krb5_context_arg=yes"
fi
# Disable quotas, broken with musl (needs rpc).
./configure ${configure_args} --without-quotas
export PYTHON_CONFIG="${XBPS_CROSS_BASE}/usr/bin/python3-config"
post_patch() {
# Look for properly named python support libraries
vsed -i third_party/waf/waflib/Tools/python.py \
-e "/env.pyext_PATTERN/s/dct\['SO'\]/'.so'/"
# Fix log and spool locations in conf file
vsed -i examples/smb.conf.default \
-e 's|/usr/spool/samba|/var/spool/samba|g' \
-e 's|log file = .*$|log file = /var/log/samba/%m.log|g'
}
post_install() {
cd ${wrksrc}
# conf file
cat examples/smb.conf.default | \
sed 's|log file = .*$|log file = /var/log/samba/%m.log|g' > \
${DESTDIR}/etc/samba/smb.conf
# install conf file
vinstall examples/smb.conf.default 644 etc/samba smb.conf
# fix logrotate
sed -i -e 's|log.%m|%m.log|g' ${DESTDIR}/etc/samba/smb.conf
# fix spool directory
sed -i 's|/usr/spool/samba|/var/spool/samba|g' \
${DESTDIR}/etc/samba/smb.conf
# nsswitch libraries
vinstall nsswitch/libnss_wins.so 755 usr/lib
ln -s libnss_wins.so ${DESTDIR}/usr/lib/libnss_wins.so.2
vinstall nsswitch/libnss_winbind.so 755 usr/lib
ln -s libnss_winbind.so ${DESTDIR}/usr/lib/libnss_winbind.so.2
# winbind krb5 locator
vinstall source3/bin/winbind_krb5_locator.so 755 \
usr/lib/krb5/plugins/libkrb5
# Remove unused manpages
rm -f ${DESTDIR}/usr/share/man/man8/tdb*
rm -f ${DESTDIR}/usr/share/man/man8/swat*
rm -f ${DESTDIR}/usr/lib/libtevent*
rm -f ${DESTDIR}/usr/include/samba/tevent*
# move winbind krb5 locator into place
vmkdir usr/lib/krb5/plugins/libkrb5
mv ${DESTDIR}/usr/lib/samba/krb5/winbind_krb5_locator.so \
${DESTDIR}/usr/lib/krb5/plugins/libkrb5
vsv nmbd
vsv smbd
@ -84,54 +81,95 @@ post_install() {
# PAM support
vinstall ${FILESDIR}/samba.pam 644 etc/pam.d samba
# Install pkg-config files.
vmkdir usr/lib/pkgconfig
install -m644 source3/pkgconfig/*.pc ${DESTDIR}/usr/lib/pkgconfig
# Link cups backend
vmkdir usr/lib/cups/backend
ln -s /usr/bin/smbspool ${DESTDIR}/usr/lib/cups/backend/smb
ln -fs /usr/bin/smbspool ${DESTDIR}/usr/lib/cups/backend/smb
}
smbclient_package() {
short_desc="Command-line SMB/CIFS clients for Unix"
short_desc+=" - client utilities"
provides="samba-cups-${version}_${revision}"
replaces="samba-cups>=0"
pkg_install() {
vmove usr/share/man/man1
local _t _tools
# Determine which binaries are client and which are server
# by looking at manpage suffix, and vmove the client
# binaries. Ugly.
for f in "$PKGDESTDIR"/usr/share/man/man1/*.1; do
g=$(basename "${f}" .1)
if [ -e "${DESTDIR}/usr/bin/${g}" ]; then
vmove usr/bin/${g}
fi
# These utilities have man pages in section 1
_tools="findsmb dbwrap_tool mdfind mvxattr nmblookup ntlm_auth
oLschema2ldif regdiff regpatch regshell regtree rpcclient
sharesec smbcacls smbclient smbcquotas smbget smbtar smbtree
wbinfo"
for _t in ${_tools}; do
vmove usr/bin/${_t}
vmove usr/share/man/man1/${_t}.1
done
# These utilities have man pages in section 8
_tools="cifsdd samba-regedit smbspool"
for _t in ${_tools}; do
vmove usr/bin/${_t}
vmove usr/share/man/man8/${_t}.8
done
# No man page for this one
vmove usr/bin/dumpmscat
# Extra man page for smbget
vmove usr/share/man/man5/smbgetrc.5
vmove usr/libexec/samba/smbspool_krb5_wrapper
vmove usr/share/man/man8/smbspool_krb5_wrapper.8
# Move symlink
vmove usr/lib/cups/backend/smb
}
}
libsmbclient_package() {
short_desc="Shared libraries for communication with SMB/CIFS servers"
samba-libs_package() {
short_desc+=" - core libraries"
provides="libsmbclient-${version}_${revision}"
replaces="libsmbclient>=0"
pkg_install() {
vmove "usr/lib/libwbclient.so.*"
vmove "usr/lib/libsmbclient.so.*"
local _libs _privlibs _lib
_libs="dcerpc dcerpc-binding ndr-krb5pac ndr-nbt ndr-standard ndr
samba-credentials samba-errors samba-hostconfig samba-passdb
samba-util samdb smbclient smbconf smbldap wbclient"
_privlibs="cli-ldap cliauth cluster common-auth dcerpc-samba
flag-mapping gpo iov-buf ndr-samba ndr printer-driver
smb-transport tdb-wrap util-cmdline winbind-client"
for _lib in ${_libs}; do
vmove "usr/lib/lib${_lib}.so.*"
done
for _lib in ${_privlibs}; do
vmove "usr/lib/lib${_lib}-samba4.so"
done
vmove usr/share/man/man7/libsmbclient.7
}
}
samba-devel_package() {
depends="libsmbclient>=${version}_${revision}"
depends="${sourcepkg}>=${version}_${revision}"
short_desc+=" - development files"
pkg_install() {
vmove usr/include
vmove usr/lib/pkgconfig
vmove usr/lib/libwbclient.so
vmove usr/lib/libsmbclient.so
vmkdir usr/lib
local _f
for _f in ${DESTDIR}/usr/lib/*.so; do
[ -L "$_f" ] || continue
mv "$_f" ${PKGDESTDIR}/usr/lib
done
}
}
samba-cups_package() {
depends="${sourcepkg}-${version}_${revision}"
short_desc="SMB backend for cups"
samba-python3_package() {
short_desc+=" - Python3 bindings"
pkg_install() {
vmove usr/lib/cups/backend/smb
vmove ${py3_lib}
}
}