diff options
| author |   Markus Rothe <corsair@gentoo.org> | 2007-05-14 15:17:53 +0000 |
|---|---|---|
| committer | Markus Rothe <corsair@gentoo.org> | 2007-05-14 15:17:53 +0000 |
| commit | d3bec5ed977403a0d1cc75b87ef671f777c535f3 (patch) | |
| tree | c1eec7bf62d0d600977160fc3281c87f3600af21 | |
| parent | New alpha, fixing many things. Now works on ppc and arm :) (diff) | |
| download | gentoo-2-d3bec5ed977403a0d1cc75b87ef671f777c535f3.tar.gz gentoo-2-d3bec5ed977403a0d1cc75b87ef671f777c535f3.tar.bz2 gentoo-2-d3bec5ed977403a0d1cc75b87ef671f777c535f3.zip | |
Version bump (fixes bug #177029 aka CVE-2007-2446, CVE-2007-2447) and mark it stable on ppc64
(Portage version: 2.1.2.2)
| -rw-r--r-- | net-fs/samba/ChangeLog | 10 | ||||
| -rw-r--r-- | net-fs/samba/files/3.0.24-heap_overflow.patch | 247 | ||||
| -rw-r--r-- | net-fs/samba/files/3.0.24-shell_escape.patch | 252 | ||||
| -rw-r--r-- | net-fs/samba/files/3.0.24-sid2name_elevation.patch | 112 | ||||
| -rw-r--r-- | net-fs/samba/files/digest-samba-3.0.24-r2 | 9 | ||||
| -rw-r--r-- | net-fs/samba/samba-3.0.24-r2.ebuild | 304 |
6 files changed, 933 insertions, 1 deletions
diff --git a/net-fs/samba/ChangeLog b/net-fs/samba/ChangeLog index af2c32797951..06dca7ca1784 100644 --- a/net-fs/samba/ChangeLog +++ b/net-fs/samba/ChangeLog @@ -1,6 +1,14 @@ # ChangeLog for net-fs/samba # Copyright 1999-2007 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-fs/samba/ChangeLog,v 1.278 2007/05/12 09:05:45 kumba Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-fs/samba/ChangeLog,v 1.279 2007/05/14 15:17:53 corsair Exp $ + +*samba-3.0.24-r2 (14 May 2007) + + 14 May 2007; Markus Rothe <corsair@gentoo.org> + +files/3.0.24-heap_overflow.patch, +files/3.0.24-shell_escape.patch, + +files/3.0.24-sid2name_elevation.patch, +samba-3.0.24-r2.ebuild: + Version bump (fixes bug #177029 aka CVE-2007-2446, CVE-2007-2447) and mark + it stable on ppc64 12 May 2007; Joshua Kinard <kumba@gentoo.org> samba-3.0.24.ebuild: Stable on mips. diff --git a/net-fs/samba/files/3.0.24-heap_overflow.patch b/net-fs/samba/files/3.0.24-heap_overflow.patch new file mode 100644 index 000000000000..06e23bb89844 --- /dev/null +++ b/net-fs/samba/files/3.0.24-heap_overflow.patch @@ -0,0 +1,247 @@ +Index: samba-3.0.24/source/include/smb_macros.h +=================================================================== +--- samba-3.0.24.orig/source/include/smb_macros.h 2007-05-10 09:47:34.000000000 -0500 ++++ samba-3.0.24/source/include/smb_macros.h 2007-05-10 09:48:03.000000000 -0500 +@@ -310,7 +310,6 @@ + #if defined(PARANOID_MALLOC_CHECKER) + + #define PRS_ALLOC_MEM(ps, type, count) (type *)prs_alloc_mem_((ps),sizeof(type),(count)) +-#define PRS_ALLOC_MEM_VOID(ps, size) prs_alloc_mem_((ps),(size),1) + + /* Get medieval on our ass about malloc.... */ + +@@ -354,7 +353,6 @@ + #define __location__ __FILE__ ":" __LINESTR__ + + #define PRS_ALLOC_MEM(ps, type, count) (type *)prs_alloc_mem((ps),sizeof(type),(count)) +-#define PRS_ALLOC_MEM_VOID(ps, size) prs_alloc_mem((ps),(size),1) + + /* Regular malloc code. */ + +Index: samba-3.0.24/source/rpc_parse/parse_dfs.c +=================================================================== +--- samba-3.0.24.orig/source/rpc_parse/parse_dfs.c 2007-05-10 09:47:28.000000000 -0500 ++++ samba-3.0.24/source/rpc_parse/parse_dfs.c 2007-05-10 09:48:03.000000000 -0500 +@@ -325,7 +325,9 @@ + return False; + + if (UNMARSHALLING(ps)) { +- v->stores = (void *)PRS_ALLOC_MEM_VOID(ps,sizeof(*v->stores)*v->num_stores); ++ v->stores = PRS_ALLOC_MEM(ps,NETDFS_DFS_STORAGEINFO,v->num_stores); ++ if (!v->stores) ++ return False; + } + for (i_stores_1=0; i_stores_1<v->num_stores;i_stores_1++) { + if (!netdfs_io_dfs_StorageInfo_p("stores", &v->stores[i_stores_1], ps, depth)) +@@ -447,7 +449,9 @@ + return False; + + if (UNMARSHALLING(ps)) { +- v->stores = (void *)PRS_ALLOC_MEM_VOID(ps,sizeof(*v->stores)*v->num_stores); ++ v->stores = PRS_ALLOC_MEM(ps,NETDFS_DFS_STORAGEINFO,v->num_stores); ++ if (!v->stores) ++ return False; + } + for (i_stores_1=0; i_stores_1<v->num_stores;i_stores_1++) { + if (!netdfs_io_dfs_StorageInfo_p("stores", &v->stores[i_stores_1], ps, depth)) +@@ -920,7 +924,9 @@ + return False; + + if (UNMARSHALLING(ps)) { +- v->s = (void *)PRS_ALLOC_MEM_VOID(ps,sizeof(*v->s)*v->count); ++ v->s = PRS_ALLOC_MEM(ps,NETDFS_DFS_INFO1,v->count); ++ if (!v->s) ++ return False; + } + for (i_s_1=0; i_s_1<v->count;i_s_1++) { + if (!netdfs_io_dfs_Info1_p("s", &v->s[i_s_1], ps, depth)) +@@ -986,7 +992,9 @@ + return False; + + if (UNMARSHALLING(ps)) { +- v->s = (void *)PRS_ALLOC_MEM_VOID(ps,sizeof(*v->s)*v->count); ++ v->s = PRS_ALLOC_MEM(ps,NETDFS_DFS_INFO2,v->count); ++ if (!v->s) ++ return False; + } + for (i_s_1=0; i_s_1<v->count;i_s_1++) { + if (!netdfs_io_dfs_Info2_p("s", &v->s[i_s_1], ps, depth)) +@@ -1052,7 +1060,9 @@ + return False; + + if (UNMARSHALLING(ps)) { +- v->s = (void *)PRS_ALLOC_MEM_VOID(ps,sizeof(*v->s)*v->count); ++ v->s = PRS_ALLOC_MEM(ps,NETDFS_DFS_INFO3,v->count); ++ if (!v->s) ++ return False; + } + for (i_s_1=0; i_s_1<v->count;i_s_1++) { + if (!netdfs_io_dfs_Info3_p("s", &v->s[i_s_1], ps, depth)) +@@ -1118,7 +1128,9 @@ + return False; + + if (UNMARSHALLING(ps)) { +- v->s = (void *)PRS_ALLOC_MEM_VOID(ps,sizeof(*v->s)*v->count); ++ v->s = PRS_ALLOC_MEM(ps,NETDFS_DFS_INFO4,v->count); ++ if (!v->s) ++ return False; + } + for (i_s_1=0; i_s_1<v->count;i_s_1++) { + if (!netdfs_io_dfs_Info4_p("s", &v->s[i_s_1], ps, depth)) +@@ -1184,7 +1196,9 @@ + return False; + + if (UNMARSHALLING(ps)) { +- v->s = (void *)PRS_ALLOC_MEM_VOID(ps,sizeof(*v->s)*v->count); ++ v->s = PRS_ALLOC_MEM(ps,NETDFS_DFS_INFO200,v->count); ++ if (!v->s) ++ return False; + } + for (i_s_1=0; i_s_1<v->count;i_s_1++) { + if (!netdfs_io_dfs_Info200_p("s", &v->s[i_s_1], ps, depth)) +@@ -1250,7 +1264,9 @@ + return False; + + if (UNMARSHALLING(ps)) { +- v->s = (void *)PRS_ALLOC_MEM_VOID(ps,sizeof(*v->s)*v->count); ++ v->s = PRS_ALLOC_MEM(ps,NETDFS_DFS_INFO300,v->count); ++ if (!v->s) ++ return False; + } + for (i_s_1=0; i_s_1<v->count;i_s_1++) { + if (!netdfs_io_dfs_Info300_p("s", &v->s[i_s_1], ps, depth)) +Index: samba-3.0.24/source/rpc_parse/parse_lsa.c +=================================================================== +--- samba-3.0.24.orig/source/rpc_parse/parse_lsa.c 2007-05-10 09:47:14.000000000 -0500 ++++ samba-3.0.24/source/rpc_parse/parse_lsa.c 2007-05-10 09:47:58.000000000 -0500 +@@ -1349,12 +1349,17 @@ + &trn->num_entries2)) + return False; + ++ if (trn->num_entries2 != trn->num_entries) { ++ /* RPC fault */ ++ return False; ++ } ++ + if (UNMARSHALLING(ps)) { +- if ((trn->name = PRS_ALLOC_MEM(ps, LSA_TRANS_NAME, trn->num_entries)) == NULL) { ++ if ((trn->name = PRS_ALLOC_MEM(ps, LSA_TRANS_NAME, trn->num_entries2)) == NULL) { + return False; + } + +- if ((trn->uni_name = PRS_ALLOC_MEM(ps, UNISTR2, trn->num_entries)) == NULL) { ++ if ((trn->uni_name = PRS_ALLOC_MEM(ps, UNISTR2, trn->num_entries2)) == NULL) { + return False; + } + } +@@ -1406,12 +1411,17 @@ + &trn->num_entries2)) + return False; + ++ if (trn->num_entries2 != trn->num_entries) { ++ /* RPC fault */ ++ return False; ++ } ++ + if (UNMARSHALLING(ps)) { +- if ((trn->name = PRS_ALLOC_MEM(ps, LSA_TRANS_NAME2, trn->num_entries)) == NULL) { ++ if ((trn->name = PRS_ALLOC_MEM(ps, LSA_TRANS_NAME2, trn->num_entries2)) == NULL) { + return False; + } + +- if ((trn->uni_name = PRS_ALLOC_MEM(ps, UNISTR2, trn->num_entries)) == NULL) { ++ if ((trn->uni_name = PRS_ALLOC_MEM(ps, UNISTR2, trn->num_entries2)) == NULL) { + return False; + } + } +@@ -2759,7 +2769,7 @@ + + static BOOL lsa_io_privilege_set(const char *desc, PRIVILEGE_SET *out, prs_struct *ps, int depth) + { +- uint32 i; ++ uint32 i, dummy; + + prs_debug(ps, depth, desc, "lsa_io_privilege_set"); + depth++; +@@ -2767,7 +2777,7 @@ + if(!prs_align(ps)) + return False; + +- if(!prs_uint32("count", ps, depth, &out->count)) ++ if(!prs_uint32("count", ps, depth, &dummy)) + return False; + if(!prs_uint32("control", ps, depth, &out->control)) + return False; +Index: samba-3.0.24/source/rpc_parse/parse_prs.c +=================================================================== +--- samba-3.0.24.orig/source/rpc_parse/parse_prs.c 2007-05-10 09:47:19.000000000 -0500 ++++ samba-3.0.24/source/rpc_parse/parse_prs.c 2007-05-10 09:48:03.000000000 -0500 +@@ -156,7 +156,7 @@ + { + char *ret = NULL; + +- if (size) { ++ if (size && count) { + /* We can't call the type-safe version here. */ + ret = _talloc_zero_array(ps->mem_ctx, size, count, "parse_prs"); + } +@@ -642,7 +642,7 @@ + return True; + + if (UNMARSHALLING(ps)) { +- if ( !(*data = PRS_ALLOC_MEM_VOID(ps, data_size)) ) ++ if ( !(*data = (void *)PRS_ALLOC_MEM(ps, char, data_size)) ) + return False; + } + +Index: samba-3.0.24/source/rpc_parse/parse_sec.c +=================================================================== +--- samba-3.0.24.orig/source/rpc_parse/parse_sec.c 2007-05-10 09:47:22.000000000 -0500 ++++ samba-3.0.24/source/rpc_parse/parse_sec.c 2007-05-10 09:48:01.000000000 -0500 +@@ -122,7 +122,7 @@ + for you as it reads them. + ********************************************************************/ + +-BOOL sec_io_acl(const char *desc, SEC_ACL **ppsa, prs_struct *ps, int depth) ++static BOOL sec_io_acl(const char *desc, SEC_ACL **ppsa, prs_struct *ps, int depth) + { + unsigned int i; + uint32 old_offset; +@@ -165,13 +165,10 @@ + return False; + + if (UNMARSHALLING(ps)) { +- /* +- * Even if the num_aces is zero, allocate memory as there's a difference +- * between a non-present DACL (allow all access) and a DACL with no ACE's +- * (allow no access). +- */ +- if((psa->ace = PRS_ALLOC_MEM(ps, SEC_ACE, psa->num_aces+1)) == NULL) +- return False; ++ if (psa->num_aces) { ++ if((psa->ace = PRS_ALLOC_MEM(ps, SEC_ACE, psa->num_aces)) == NULL) ++ return False; ++ } + } + + for (i = 0; i < psa->num_aces; i++) { +Index: samba-3.0.24/source/rpc_parse/parse_spoolss.c +=================================================================== +--- samba-3.0.24.orig/source/rpc_parse/parse_spoolss.c 2007-05-10 09:47:16.000000000 -0500 ++++ samba-3.0.24/source/rpc_parse/parse_spoolss.c 2007-05-10 09:48:00.000000000 -0500 +@@ -227,8 +227,13 @@ + if(!prs_uint32("count2", ps, depth, &type->count2)) + return False; + +- if (type->count2 != type->count) ++ if (type->count2 != type->count) { + DEBUG(4,("What a mess, count was %x now is %x !\n", type->count, type->count2)); ++ return False; ++ } ++ if (type->count2 > MAX_NOTIFY_TYPE_FOR_NOW) { ++ return False; ++ } + + /* parse the option type data */ + for(i=0;i<type->count2;i++) + diff --git a/net-fs/samba/files/3.0.24-shell_escape.patch b/net-fs/samba/files/3.0.24-shell_escape.patch new file mode 100644 index 000000000000..dc7fd94ebddd --- /dev/null +++ b/net-fs/samba/files/3.0.24-shell_escape.patch @@ -0,0 +1,252 @@ +Only in source-orig/: configure +diff -u -r source-orig/lib/charcnv.c source/lib/charcnv.c +--- source-orig/lib/charcnv.c 2006-04-19 19:29:23.000000000 -0700 ++++ source/lib/charcnv.c 2007-05-10 09:59:49.023262000 -0700 +@@ -1398,5 +1398,5 @@ + /* We're hosed - we don't know how big this is... */ + DEBUG(10,("next_mb_char_size: unknown size at string %s\n", s)); + conv_silent = False; +- return 1; ++ return (size_t)-1; + } +diff -u -r source-orig/lib/smbrun.c source/lib/smbrun.c +--- source-orig/lib/smbrun.c 2006-04-19 19:29:23.000000000 -0700 ++++ source/lib/smbrun.c 2007-05-10 09:57:03.305061000 -0700 +@@ -55,7 +55,7 @@ + outfd (or discard it if outfd is NULL). + ****************************************************************************/ + +-int smbrun(const char *cmd, int *outfd) ++static int smbrun_internal(const char *cmd, int *outfd, BOOL sanitize) + { + pid_t pid; + uid_t uid = current_user.ut.uid; +@@ -173,13 +173,36 @@ + } + #endif + +- execl("/bin/sh","sh","-c",cmd,NULL); ++ { ++ const char *newcmd = sanitize ? escape_shell_string(cmd) : cmd; ++ if (!newcmd) { ++ exit(82); ++ } ++ execl("/bin/sh","sh","-c",newcmd,NULL); ++ } + + /* not reached */ +- exit(82); ++ exit(83); + return 1; + } + ++/**************************************************************************** ++ Use only in known safe shell calls (printing). ++****************************************************************************/ ++ ++int smbrun_no_sanitize(const char *cmd, int *outfd) ++{ ++ return smbrun_internal(cmd, outfd, False); ++} ++ ++/**************************************************************************** ++ By default this now sanitizes shell expansion. ++****************************************************************************/ ++ ++int smbrun(const char *cmd, int *outfd) ++{ ++ return smbrun_internal(cmd, outfd, True); ++} + + /**************************************************************************** + run a command being careful about uid/gid handling and putting the output in +@@ -302,7 +325,7 @@ + #endif + + execl("/bin/sh", "sh", "-c", cmd, NULL); +- ++ + /* not reached */ + exit(82); + return 1; +diff -u -r source-orig/lib/util_str.c source/lib/util_str.c +--- source-orig/lib/util_str.c 2007-02-04 10:59:17.000000000 -0800 ++++ source/lib/util_str.c 2007-05-10 09:59:36.718762000 -0700 +@@ -2426,3 +2426,165 @@ + return True; + } + ++ ++/******************************************************************* ++ Add a shell escape character '\' to any character not in a known list ++ of characters. UNIX charset format. ++*******************************************************************/ ++ ++#define INCLUDE_LIST "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabdefghijklmnopqrstuvwxyz_/ \t.," ++#define INSIDE_DQUOTE_LIST "$`\n\"\\" ++ ++char *escape_shell_string(const char *src) ++{ ++ size_t srclen = strlen(src); ++ char *ret = SMB_MALLOC((srclen * 2) + 1); ++ char *dest = ret; ++ BOOL in_s_quote = False; ++ BOOL in_d_quote = False; ++ BOOL next_escaped = False; ++ ++ if (!ret) { ++ return NULL; ++ } ++ ++ while (*src) { ++ size_t c_size = next_mb_char_size(src); ++ ++ if (c_size == (size_t)-1) { ++ SAFE_FREE(ret); ++ return NULL; ++ } ++ ++ if (c_size > 1) { ++ memcpy(dest, src, c_size); ++ src += c_size; ++ dest += c_size; ++ next_escaped = False; ++ continue; ++ } ++ ++ /* ++ * Deal with backslash escaped state. ++ * This only lasts for one character. ++ */ ++ ++ if (next_escaped) { ++ *dest++ = *src++; ++ next_escaped = False; ++ continue; ++ } ++ ++ /* ++ * Deal with single quote state. The ++ * only thing we care about is exiting ++ * this state. ++ */ ++ ++ if (in_s_quote) { ++ if (*src == '\'') { ++ in_s_quote = False; ++ } ++ *dest++ = *src++; ++ continue; ++ } ++ ++ /* ++ * Deal with double quote state. The most ++ * complex state. We must cope with \, meaning ++ * possibly escape next char (depending what it ++ * is), ", meaning exit this state, and possibly ++ * add an \ escape to any unprotected character ++ * (listed in INSIDE_DQUOTE_LIST). ++ */ ++ ++ if (in_d_quote) { ++ if (*src == '\\') { ++ /* ++ * Next character might be escaped. ++ * We have to peek. Inside double ++ * quotes only INSIDE_DQUOTE_LIST ++ * characters are escaped by a \. ++ */ ++ ++ char nextchar; ++ ++ c_size = next_mb_char_size(&src[1]); ++ if (c_size == (size_t)-1) { ++ SAFE_FREE(ret); ++ return NULL; ++ } ++ if (c_size > 1) { ++ /* ++ * Don't escape the next char. ++ * Just copy the \. ++ */ ++ *dest++ = *src++; ++ continue; ++ } ++ ++ nextchar = src[1]; ++ ++ if (nextchar && strchr(INSIDE_DQUOTE_LIST, (int)nextchar)) { ++ next_escaped = True; ++ } ++ *dest++ = *src++; ++ continue; ++ } ++ ++ if (*src == '\"') { ++ /* Exit double quote state. */ ++ in_d_quote = False; ++ *dest++ = *src++; ++ continue; ++ } ++ ++ /* ++ * We know the character isn't \ or ", ++ * so escape it if it's any of the other ++ * possible unprotected characters. ++ */ ++ ++ if (strchr(INSIDE_DQUOTE_LIST, (int)*src)) { ++ *dest++ = '\\'; ++ } ++ *dest++ = *src++; ++ continue; ++ } ++ ++ /* ++ * From here to the end of the loop we're ++ * not in the single or double quote state. ++ */ ++ ++ if (*src == '\\') { ++ /* Next character must be escaped. */ ++ next_escaped = True; ++ *dest++ = *src++; ++ continue; ++ } ++ ++ if (*src == '\'') { ++ /* Go into single quote state. */ ++ in_s_quote = True; ++ *dest++ = *src++; ++ continue; ++ } ++ ++ if (*src == '\"') { ++ /* Go into double quote state. */ ++ in_d_quote = True; ++ *dest++ = *src++; ++ continue; ++ } ++ ++ /* Check if we need to escape the character. */ ++ ++ if (!strchr(INCLUDE_LIST, (int)*src)) { ++ *dest++ = '\\'; ++ } ++ *dest++ = *src++; ++ } ++ *dest++ = '\0'; ++ return ret; ++} +diff -u -r source-orig/printing/print_generic.c source/printing/print_generic.c +--- source-orig/printing/print_generic.c 2007-02-04 10:59:13.000000000 -0800 ++++ source/printing/print_generic.c 2007-05-10 09:57:03.292061000 -0700 +@@ -58,7 +58,7 @@ + if ( do_sub && snum != -1 ) + standard_sub_snum(snum,syscmd,sizeof(syscmd)); + +- ret = smbrun(syscmd,outfd); ++ ret = smbrun_no_sanitize(syscmd,outfd); + + DEBUG(3,("Running the command `%s' gave %d\n",syscmd,ret)); + diff --git a/net-fs/samba/files/3.0.24-sid2name_elevation.patch b/net-fs/samba/files/3.0.24-sid2name_elevation.patch new file mode 100644 index 000000000000..e78782fc5ae4 --- /dev/null +++ b/net-fs/samba/files/3.0.24-sid2name_elevation.patch @@ -0,0 +1,112 @@ +Index: samba-3.0.24/source/lib/util_sec.c +=================================================================== +--- samba-3.0.24.orig/source/lib/util_sec.c 2007-05-03 16:41:17.000000000 -0500 ++++ samba-3.0.24/source/lib/util_sec.c 2007-05-03 16:41:24.000000000 -0500 +@@ -286,28 +286,6 @@ + } + + /**************************************************************************** +- Lightweight become root - no group change. +-****************************************************************************/ +- +-void become_root_uid_only(void) +-{ +- save_re_uid(); +- set_effective_uid(0); +-} +- +-/**************************************************************************** +- Lightweight unbecome root - no group change. Expects we are root already, +- saves errno across call boundary. +-****************************************************************************/ +- +-void unbecome_root_uid_only(void) +-{ +- int saved_errno = errno; +- restore_re_uid_fromroot(); +- errno = saved_errno; +-} +- +-/**************************************************************************** + save the real and effective gid for later restoration. Used by the + getgroups code + ****************************************************************************/ +Index: samba-3.0.24/source/passdb/lookup_sid.c +=================================================================== +--- samba-3.0.24.orig/source/passdb/lookup_sid.c 2007-05-03 16:41:17.000000000 -0500 ++++ samba-3.0.24/source/passdb/lookup_sid.c 2007-05-03 16:41:24.000000000 -0500 +@@ -421,10 +421,10 @@ + return False; + } + +- become_root_uid_only(); ++ become_root(); + result = pdb_lookup_rids(domain_sid, num_rids, rids, + *names, *types); +- unbecome_root_uid_only(); ++ unbecome_root(); + + return (NT_STATUS_IS_OK(result) || + NT_STATUS_EQUAL(result, NT_STATUS_NONE_MAPPED) || +@@ -1085,9 +1085,9 @@ + goto done; + } + +- become_root_uid_only(); ++ become_root(); + ret = pdb_uid_to_rid(uid, &rid); +- unbecome_root_uid_only(); ++ unbecome_root(); + + if (ret) { + /* This is a mapped user */ +@@ -1131,9 +1131,9 @@ + goto done; + } + +- become_root_uid_only(); ++ become_root(); + ret = pdb_gid_to_sid(gid, psid); +- unbecome_root_uid_only(); ++ unbecome_root(); + + if (ret) { + /* This is a mapped group */ +@@ -1179,9 +1179,9 @@ + union unid_t id; + BOOL ret; + +- become_root_uid_only(); ++ become_root(); + ret = pdb_sid_to_id(psid, &id, &type); +- unbecome_root_uid_only(); ++ unbecome_root(); + + if (ret) { + if (type != SID_NAME_USER) { +@@ -1259,9 +1259,9 @@ + sid_check_is_in_wellknown_domain(psid))) { + BOOL ret; + +- become_root_uid_only(); ++ become_root(); + ret = pdb_getgrsid(&map, *psid); +- unbecome_root_uid_only(); ++ unbecome_root(); + + if (ret) { + *pgid = map.gid; +@@ -1273,9 +1273,9 @@ + if (sid_peek_check_rid(get_global_sam_sid(), psid, &rid)) { + BOOL ret; + +- become_root_uid_only(); ++ become_root(); + ret = pdb_sid_to_id(psid, &id, &type); +- unbecome_root_uid_only(); ++ unbecome_root(); + + if (ret) { + if ((type != SID_NAME_DOM_GRP) && + + diff --git a/net-fs/samba/files/digest-samba-3.0.24-r2 b/net-fs/samba/files/digest-samba-3.0.24-r2 new file mode 100644 index 000000000000..00360d37af2c --- /dev/null +++ b/net-fs/samba/files/digest-samba-3.0.24-r2 @@ -0,0 +1,9 @@ +MD5 ca3b7f83de0204ab79a9f0aea5a5051d samba-3-gentoo-0.3.16.tar.bz2 14291 +RMD160 c8388239352e981c03f7e99ff02dbaa13ad77e2a samba-3-gentoo-0.3.16.tar.bz2 14291 +SHA256 fe0ae6f8c2833cfdbab82a5ae2087045da4f27f6f07daba6fdc829a93b4e6508 samba-3-gentoo-0.3.16.tar.bz2 14291 +MD5 89273f67a6d8067cbbecefaa13747153 samba-3.0.24.tar.gz 17708128 +RMD160 f208dca645d07a195169e005a50fb4c4879254eb samba-3.0.24.tar.gz 17708128 +SHA256 c4e8de3426fbbcee7f338f5cf09052cbdf9a36ae638aeeeca10498ef8d5343e2 samba-3.0.24.tar.gz 17708128 +MD5 900502ba36b80620229b94e5129bc856 samba-vscan-0.3.6b.tar.bz2 164471 +RMD160 5cd81345b06f44b2febf3f24e62325322b1c6a3b samba-vscan-0.3.6b.tar.bz2 164471 +SHA256 14f78b624b047b90ddf4965998e7115d3b3ac97b3229154a302637d8e49adcd4 samba-vscan-0.3.6b.tar.bz2 164471 diff --git a/net-fs/samba/samba-3.0.24-r2.ebuild b/net-fs/samba/samba-3.0.24-r2.ebuild new file mode 100644 index 000000000000..3895154f264b --- /dev/null +++ b/net-fs/samba/samba-3.0.24-r2.ebuild @@ -0,0 +1,304 @@ +# Copyright 1999-2007 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-fs/samba/samba-3.0.24-r2.ebuild,v 1.1 2007/05/14 15:17:53 corsair Exp $ + +WANT_AUTOCONF="latest" +WANT_AUTOMAKE="none" + +inherit eutils autotools versionator pam + +IUSE_LINGUAS="ja pl" +IUSE="acl async automount caps cups doc examples kerberos kernel_linux ldap fam + linguas_ja linguas_pl + oav pam python quotas readline selinux swat syslog winbind" + +VSCAN_VER="0.3.6b" +PATCH_VER="0.3.16" +MY_P=${PN}-${PV/_/} +MY_PP=${PN}-$(get_major_version)-gentoo-${PATCH_VER} +S2=${WORKDIR}/${MY_P} +S=${S2}/source +PFVSCAN=${PN}-vscan-${VSCAN_VER} + +DESCRIPTION="SAMBA is a suite of SMB and CIFS client/server programs for UNIX" +HOMEPAGE="http://www.samba.org/ http://www.openantivirus.org/projects.php" +SRC_URI="mirror://gentoo/${MY_PP}.tar.bz2 + mirror://samba/${MY_P}.tar.gz + mirror://samba/old-versions/${MY_P}.tar.gz + oav? ( mirror://sourceforge/openantivirus/${PFVSCAN}.tar.bz2 )" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm hppa ~ia64 ~mips ~ppc ppc64 ~s390 ~sh ~sparc ~sparc-fbsd ~x86 ~x86-fbsd" + +RDEPEND="dev-libs/popt + virtual/libiconv + acl? ( kernel_linux? ( sys-apps/acl ) ) + cups? ( net-print/cups ) + ldap? ( kerberos? ( virtual/krb5 ) net-nds/openldap ) + pam? ( virtual/pam ) + python? ( dev-lang/python ) + readline? ( sys-libs/readline ) + selinux? ( sec-policy/selinux-samba ) + swat? ( sys-apps/xinetd ) + syslog? ( virtual/logger ) + fam? ( virtual/fam ) + caps? ( sys-libs/libcap )" +DEPEND="${RDEPEND}" + +PRIVATE_DST=/var/lib/samba/private +PATCHDIR=${WORKDIR}/patches +CONFDIR=${WORKDIR}/configs + +src_unpack() { + unpack ${A} + cd "${S2}" + + epatch "${FILESDIR}/${PV}-sid2name_elevation.patch" + epatch "${FILESDIR}/${PV}-shell_escape.patch" + epatch "${FILESDIR}/${PV}-heap_overflow.patch" + + export EPATCH_SUFFIX="patch" + epatch ${PATCHDIR}/general + + if use oav ; then + cd ${WORKDIR} + if [[ -d ${PATCHDIR}/vscan ]] ; then + epatch ${PATCHDIR}/vscan + fi + cp -pPR ${WORKDIR}/${PFVSCAN} ${S2}/examples/VFS + fi + + # patches screw with autotool files + cd "${S}" + eautoconf +} + +src_compile() { + local myconf + local mylangs + local mymod_shared + + mylangs="--with-manpages-langs=en" + use linguas_ja && mylangs="${mylangs},ja" + use linguas_pl && mylangs="${mylangs},pl" + + use winbind && mymod_shared="--with-shared-modules=idmap_rid" + if use ldap ; then + myconf="${myconf} $(use_with kerberos ads)" + use winbind && mymod_shared="${mymod_shared},idmap_ad" + fi + + [[ ${CHOST} == *-*bsd* ]] && myconf="${myconf} --disable-pie" + use hppa && myconf="${myconf} --disable-pie" + + use fam && export ac_cv_header_fam_h=yes || export ac_cv_header_fam_h=no + use caps && export ac_cv_header_sys_capability_h=yes || export ac_cv_header_sys_capability_h=no + + econf \ + --with-fhs \ + --sysconfdir=/etc/samba \ + --localstatedir=/var \ + --with-configdir=/etc/samba \ + --with-libdir=/usr/$(get_libdir)/samba \ + --with-swatdir=/usr/share/doc/${PF}/swat \ + --with-piddir=/var/run/samba \ + --with-lockdir=/var/cache/samba \ + --with-logfilebase=/var/log/samba \ + --with-privatedir=${PRIVATE_DST} \ + --with-libsmbclient \ + --without-spinlocks \ + --enable-socket-wrapper \ + $(use_with acl acl-support) \ + $(use_with async aio-support) \ + $(use_with automount) \ + $(use_enable cups) \ + $(use_with kerberos krb5) \ + $(use_with ldap) \ + $(use_with pam) $(use_with pam pam_smbpass) \ + $(use_with python) \ + $(use_with quotas) $(use_with quotas sys-quotas) \ + $(use_with readline) \ + $(use_with kernel_linux smbmount) \ + $(use_with syslog) \ + $(use_with winbind) \ + ${myconf} ${mylangs} ${mymod_shared} || die + + emake proto || die "SAMBA make proto error" + emake everything || die "SAMBA make everything error" + + emake rpctorture >& rpctorture.log || ewarn "rpctorture didn't build [that's ok!]" + + if use python ; then + python python/setup.py build + fi + + # Build samba-vscan plugins + if use oav ; then + cd ${S2}/examples/VFS/${PFVSCAN} + econf \ + --with-fhs \ + --libdir=/usr/$(get_libdir)/samba \ + || die "${PFVSCAN} ./configure failed" + emake || die "Failed to make ${PFVSCAN}" + fi + +} + +src_install() { + local extra_bins="rpctorture" + + emake DESTDIR="${D}" install-everything || die + + # Extra rpctorture progs + for i in ${extra_bins} ; do + [[ -x ${S}/bin/${i} ]] && dobin "${S}"/bin/${i} + done + + # remove .old stuff from /usr/bin: + rm -f "${D}"/usr/bin/*.old + + # Nsswitch extensions. Make link for wins and winbind resolvers + if use winbind ; then + dolib.so "${S}"/nsswitch/libnss_wins.so || die + dosym libnss_wins.so /usr/$(get_libdir)/libnss_wins.so.2 + dolib.so "${S}"/nsswitch/libnss_winbind.so || die + dosym libnss_winbind.so /usr/$(get_libdir)/libnss_winbind.so.2 + fi + + if use pam ; then + exeinto /$(get_libdir)/security + doexe "${S}"/bin/pam_smbpass.so || die + if use winbind ; then + exeinto /$(get_libdir)/security + doexe "${S}"/bin/pam_winbind.so || die + fi + fi + + if use kernel_linux ; then + # mount backend + dodir /sbin + dosym ../usr/bin/smbmount /sbin/mount.smbfs + dosym ../usr/bin/mount.cifs /sbin/mount.cifs + fi + + # bug #46389: samba doesn't create symlink anymore + # beaviour seems to be changed in 3.0.6, see bug #61046 + dosym samba/libsmbclient.so /usr/$(get_libdir)/libsmbclient.so.0 + dosym samba/libsmbclient.so /usr/$(get_libdir)/libsmbclient.so + + # make the smb backend symlink for cups printing support (bug #133133) + if use cups ; then + dodir $(cups-config --serverbin)/backend + dosym /usr/bin/smbspool $(cups-config --serverbin)/backend/smb + fi + + # VFS plugin modules + if use oav ; then + cd ${S2}/examples/VFS/${PFVSCAN} + make install DESTDIR=${D} || die "VFS: vscan error" + insinto /etc/samba + doins ${S2}/examples/VFS/${PFVSCAN}/openantivirus/*conf + fi + + # Python extensions + if use python ; then + cd ${S} + python python/setup.py install --root=${D} || die + fi + + # General config files + insinto /etc/samba + doins ${CONFDIR}/smbusers + newins ${CONFDIR}/smb.conf.example-samba3 smb.conf.example + doins ${CONFDIR}/lmhosts + + newpamd ${CONFDIR}/samba.pam samba + use winbind && doins ${CONFDIR}/system-auth-winbind + if use swat ; then + insinto /etc/xinetd.d + newins ${CONFDIR}/swat.xinetd swat + else + rm -f "${D}"/usr/sbin/swat + rm -f "${D}"/usr/share/man/man8/swat.8 + fi + newinitd "${FILESDIR}/samba-init" samba + newconfd "${FILESDIR}/samba-conf" samba + if use ldap ; then + insinto /etc/openldap/schema + doins ${S2}/examples/LDAP/samba.schema + fi + + # dirs + diropts -m0700 ; keepdir ${PRIVATE_DST} + diropts -m1777 ; keepdir /var/spool/samba + + diropts -m0755 + keepdir /var/{log,run,cache}/samba + keepdir /var/lib/samba/{netlogon,profiles} + keepdir /var/lib/samba/printers/{W32X86,WIN40,W32ALPHA,W32MIPS,W32PPC} + keepdir /usr/$(get_libdir)/samba/{rpc,idmap,auth} + + # docs + dodoc ${FILESDIR}/README.gentoo + dodoc ${S2}/{COPYING,Manifest,README,Roadmap,WHATSNEW.txt} + dodoc ${CONFDIR}/nsswitch.conf-wins + use winbind && dodoc ${CONFDIR}/nsswitch.conf-winbind + + if use oav ; then + docinto ${PFVSCAN} + cd ${WORKDIR}/${PFVSCAN} + dodoc AUTHORS COPYING ChangeLog FAQ INSTALL NEWS README TODO + dodoc */*.conf + fi + + if use examples ; then + docinto examples + cp -pPR ${S2}/examples/* "${D}"/usr/share/doc/${PF}/examples + find "${D}"/usr/share/doc/${PF} -type d -print0 | xargs -0 chmod 755 + find "${D}"/usr/share/doc/${PF}/examples ! -type d -print0 | xargs -0 chmod 644 + fi + + if ! use doc ; then + if ! use swat ; then + rm -rf "${D}"/usr/share/doc/${PF}/swat + else + rm -rf "${D}"/usr/share/doc/${PF}/swat/help/{guide,howto,devel} + rm -rf "${D}"/usr/share/doc/${PF}/swat/using_samba + fi + fi + + # Patch ChangeLog + docinto gentoo + dodoc ${PATCHDIR}/ChangeLog +} + +pkg_preinst() { + local PRIVATE_SRC=/etc/samba/private + if [[ ! -r ${ROOT}/${PRIVATE_DST}/secrets.tdb \ + && -r ${ROOT}/${PRIVATE_SRC}/secrets.tdb ]] ; then + ebegin "Copying ${ROOT}/${PRIVATE_SRC}/* to ${ROOT}/${PRIVATE_DST}/" + mkdir -p "${D}"/${PRIVATE_DST} + cp -pPRf "${ROOT}"/${PRIVATE_SRC}/* "${D}"/${PRIVATE_DST}/ + eend $? + fi + + if [[ ! -f ${ROOT}/etc/samba/smb.conf ]] ; then + touch "${D}"/etc/samba/smb.conf + fi +} + +pkg_postinst() { + if use swat ; then + einfo "swat must be enabled by xinetd:" + einfo " change the /etc/xinetd.d/swat configuration" + fi + einfo "Latest info: README.gentoo in documentation directory" +} + +pkg_postrm(){ + # If stale docs, and one isn't re-emerging the latest version, removes + # (this is actually a portage bug, though) + [[ -n ${PF} && ! -f ${ROOT}/usr/lib/${PN}/en.msg ]] && \ + rm -rf "${ROOT}"/usr/share/doc/${PF} +} |