diff --git a/net/samba34/Makefile b/net/samba34/Makefile index ae2018edde5b..e1d1915cf87f 100644 --- a/net/samba34/Makefile +++ b/net/samba34/Makefile @@ -6,8 +6,8 @@ # PORTNAME= samba34 -PORTVERSION= 3.4.9 -PORTREVISION?= 2 +PORTVERSION= 3.4.14 +PORTREVISION?= 0 CATEGORIES?= net MASTER_SITES= ${MASTER_SITE_SAMBA} MASTER_SITE_SUBDIR= . old-versions rc pre @@ -16,7 +16,7 @@ DISTNAME= ${PORTNAME:S|34$||}-${PORTVERSION:S|.p|pre|:S|.r|rc|:S|.t|tp|:S|.a|al MAINTAINER?= timur@FreeBSD.org COMMENT?= A free SMB and CIFS client and server for UNIX -CONFLICTS?= ja-samba-[235].* samba-[235].* sharity-light-1.* tdb-1.* +CONFLICTS?= samba3[2356]-3.* # Additional patches from Sernet.de PATCH_STRIP= -p1 EXTRA_PATCHES= ${PATCHDIR}/sernet.patch @@ -136,7 +136,7 @@ CONFIGURE_ARGS+= --with-pam --with-readline=/usr \ --without-libsmbclient \ --without-libaddns \ --without-libnetapi \ - --without-libsmbsharemodes + --without-libsmbsharemodes --disable-pie .if !defined(WITHOUT_LDAP) SAMBA_WANT_LDAP= yes diff --git a/net/samba34/distinfo b/net/samba34/distinfo index 934080f02637..de9789053a81 100644 --- a/net/samba34/distinfo +++ b/net/samba34/distinfo @@ -1,2 +1,2 @@ -SHA256 (samba-3.4.9.tar.gz) = 593952940f6c460a8486906aff55c56c8168c0f74d2d016bb55d080259048b8e -SIZE (samba-3.4.9.tar.gz) = 34850281 +SHA256 (samba-3.4.14.tar.gz) = 0c44883213859c7e45c89471194f8cab04917b1610213df5df0986913b1b99be +SIZE (samba-3.4.14.tar.gz) = 34803817 diff --git a/net/samba34/files/samba.in b/net/samba34/files/samba.in index cb86f976ea5f..58f8fbb0b7ec 100644 --- a/net/samba34/files/samba.in +++ b/net/samba34/files/samba.in @@ -28,8 +28,43 @@ name="samba" rcvar=$(set_rcvar) - +set_rcvar ${rcvar} "NO" "Samba service" > /dev/null +# Defaults +eval ${rcvar}=\${${rcvar}:=NO} +samba_config_default="%%SAMBA_CONFDIR%%/%%SAMBA_CONFIG%%" +samba_config=${samba_config="${samba_config_default}"} +command_args=${samba_config:+-s "${samba_config}"} +# Fetch parameters from configuration file +testparm_command="%%PREFIX%%/bin/testparm" +smbcontrol_command="%%PREFIX%%/bin/smbcontrol" +samba_parm="${testparm_command} -s -v --parameter-name" +samba_idmap=$(${samba_parm} 'idmap uid' "${samba_config}" 2>/dev/null) +samba_lockdir=$(${samba_parm} 'lock directory' "${samba_config}" 2>/dev/null) +# Load configuration load_rc_config "${name}" +# Setup dependent variables +if [ -n "${rcvar}" ] && checkyesno "${rcvar}"; then + nmbd_enable=${nmbd_enable=YES} + smbd_enable=${smbd_enable=YES} +%%WINBIND%% # Check that winbindd is actually configured +%%WINBIND%% if [ -n "${samba_idmap}" ]; then +%%WINBIND%% winbindd_enable=${winbindd_enable=YES} +%%WINBIND%% fi +fi +# XXX: Hack to enable check of the dependent variables +eval real_${rcvar}="\${${rcvar}:=NO}" ${rcvar}=YES +# nmbd +nmbd_enable=${nmbd_enable:=NO} +nmbd_flags=${nmbd_flags="-D"} +set_rcvar nmbd_enable "NO" "nmb daemon" >/dev/null +# smbd +smbd_enable=${smbd_enable:=NO} +smbd_flags=${smbd_flags="-D"} +set_rcvar smbd_enable "NO" "smb daemon" >/dev/null +%%WINBIND%%# winbindd +%%WINBIND%%winbindd_enable=${winbindd_enable:=NO} +%%WINBIND%%winbindd_flags=${winbindd_flags=''} +%%WINBIND%%set_rcvar winbindd_enable "NO" "winbind daemon" >/dev/null # Custom commands extra_commands="reload status" start_precmd="samba_start_precmd" @@ -40,40 +75,13 @@ restart_precmd="samba_checkconfig" reload_precmd="samba_checkconfig" reload_cmd="samba_reload_cmd" rcvar_cmd="samba_rcvar_cmd" -# Defaults -samba_enable=${samba_enable:=NO} -samba_config_default="%%SAMBA_CONFDIR%%/%%SAMBA_CONFIG%%" -samba_config=${samba_config="${samba_config_default}"} -command_args=${samba_config:+-s "${samba_config}"} -testparm_command="%%PREFIX%%/bin/testparm" -smbcontrol_command="%%PREFIX%%/bin/smbcontrol" -# Fetch parameters from configuration file -samba_parm="${testparm_command} -s -v --parameter-name" -%%WINBIND%%samba_idmap=$(${samba_parm} 'idmap uid' "${samba_config}" 2>/dev/null) -samba_lockdir=$(${samba_parm} 'lock directory' "${samba_config}" 2>/dev/null) -# Setup dependent variables -if [ -n "${rcvar}" ] && checkyesno "${rcvar}"; then - nmbd_enable=${nmbd_enable=YES} - smbd_enable=${smbd_enable=YES} -%%WINBIND%% # Check that winbindd is actually configured -%%WINBIND%% if [ -n "${samba_idmap}" ]; then -%%WINBIND%% winbindd_enable=${winbindd_enable=YES} -%%WINBIND%% fi -fi -# Defaults for dependent variables -nmbd_enable=${nmbd_enable:=NO} -nmbd_flags=${nmbd_flags="-D"} -smbd_enable=${smbd_enable:=NO} -smbd_flags=${smbd_flags="-D"} -%%WINBIND%%winbindd_enable=${winbindd_enable:=NO} -%%WINBIND%%winbindd_flags=${winbindd_flags=''} +# samba_daemons="nmbd smbd" %%WINBIND%%samba_daemons="${samba_daemons} winbindd" -# Hack to enable check of dependent variables -eval real_${rcvar}="\${${rcvar}:=NO}" ${rcvar}=YES # Requirements required_files="${samba_config}" required_dirs="${samba_lockdir}" + samba_checkconfig() { echo -n "Performing sanity check on Samba configuration: " if ${testparm_command} -s ${samba_config:+"${samba_config}"} >/dev/null 2>&1; then @@ -82,6 +90,7 @@ samba_checkconfig() { echo "FAILED" return 1 fi + return 0 } samba_start_precmd() { @@ -99,20 +108,13 @@ samba_start_precmd() { } samba_rcvar_cmd() { + local rcvar + rcvar=$(set_rcvar ${name}) + eval ${rcvar}=\${real_${rcvar}} # Prevent recursive calling unset "${rc_arg}_cmd" "${rc_arg}_precmd" "${rc_arg}_postcmd" # Check master variable - echo "# ${name}" - if [ -n "${rcvar}" ]; then - # Use original configured value - if checkyesno "real_${rcvar}"; then - echo "\$${rcvar}=YES" - else - echo "\$${rcvar}=NO" - fi - fi - # Check dependent variables - samba_cmd "${_rc_prefix}${rc_arg}" ${rc_extra_args} + run_rc_command "${_rc_prefix}${rc_arg}" ${rc_extra_args} } samba_reload_cmd() { @@ -121,7 +123,7 @@ samba_reload_cmd() { unset "${rc_arg}_cmd" "${rc_arg}_precmd" "${rc_arg}_postcmd" # Apply to all daemons for name in ${samba_daemons}; do - rcvar=$(set_rcvar) + rcvar=$(set_rcvar ${name}) command="%%PREFIX%%/sbin/${name}" pidfile="%%SAMBA_RUNDIR%%/${name}${pid_extra}.pid" # Daemon should be enabled and running @@ -137,30 +139,30 @@ samba_reload_cmd() { } samba_cmd() { - local name rcvar command pidfile samba_daemons result _result + local name rcvar rcvars v command pidfile samba_daemons result # Prevent recursive calling unset "${rc_arg}_cmd" "${rc_arg}_precmd" "${rc_arg}_postcmd" - # Stop processes in the reverse to order + # Stop processes in the reverse order if [ "${rc_arg}" = "stop" ] ; then samba_daemons=$(reverse_list ${samba_daemons}) fi - # Apply to all daemons + # Assume success result=0 + # Apply to all daemons for name in ${samba_daemons}; do - rcvar=$(set_rcvar) + rcvar=$(set_rcvar ${name}) + # XXX + rcvars=''; v='' command="%%PREFIX%%/sbin/${name}" pidfile="%%SAMBA_RUNDIR%%/${name}${pid_extra}.pid" # Daemon should be enabled and running if [ -n "${rcvar}" ] && checkyesno "${rcvar}"; then run_rc_command "${_rc_prefix}${rc_arg}" ${rc_extra_args} - # Collect return values - _result=$? - if [ ${_result} != 0 ]; then - result=${_result} - fi + # If any of the of the commands failed, take it as a total result + result=$((${result} || $?)) fi done - return $result + return ${result} } run_rc_command "$1" diff --git a/net/samba34/files/sernet.patch b/net/samba34/files/sernet.patch index cd3590cea656..b2283b054d18 100644 --- a/net/samba34/files/sernet.patch +++ b/net/samba34/files/sernet.patch @@ -1,8 +1,8 @@ samba-3.4-check-bad-password-count.patch samba-3.4-net-trustdom-list-tidyup.patch samba3-3.4-honor-all-loopback-ips.patch +samba3-3.4.12-nmbd-bind-explicit.patch samba3-3.4.4-fix-account-unlock.patch -samba3-3.4.6-nmbd-bind-explicit.patch source3/auth/auth_sam.c | 159 +++++++++++++++++++++++++++++++++--------- source3/include/proto.h | 3 + @@ -625,83 +625,7 @@ index 0ce495e..0511a28 100644 } /** -From 179e63ae9aa93984ea3d237c1039460c5acf01a5 Mon Sep 17 00:00:00 2001 -From: Michael Adam -Date: Thu, 14 Jan 2010 14:24:35 +0100 -Subject: [PATCH] s3:auth: fix account unlock regression introduced with fix for bug #4347 -MIME-Version: 1.0 -Content-Type: text/plain; charset=utf-8 -Content-Transfer-Encoding: 8bit - -By an oversight, the patchset for #4347 made the unlocking of a locked -account after the lockout duration ineffective. -Thanks to Björn for finding this! - -Michael ---- - source3/auth/auth_sam.c | 12 +++++------- - 1 files changed, 5 insertions(+), 7 deletions(-) - -diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c -index 1dd8fc9..01b2517 100644 ---- a/source3/auth/auth_sam.c -+++ b/source3/auth/auth_sam.c -@@ -369,7 +369,6 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context, - DATA_BLOB user_sess_key = data_blob_null; - DATA_BLOB lm_sess_key = data_blob_null; - bool updated_autolock = False, updated_badpw = False; -- uint32_t acct_ctrl; - const char *username; - const uint8_t *nt_pw; - const uint8_t *lm_pw; -@@ -399,22 +398,21 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context, - return NT_STATUS_NO_SUCH_USER; - } - -- acct_ctrl = pdb_get_acct_ctrl(sampass); - username = pdb_get_username(sampass); - nt_pw = pdb_get_nt_passwd(sampass); - lm_pw = pdb_get_lanman_passwd(sampass); - - /* see if autolock flag needs to be updated */ -- if (acct_ctrl & ACB_NORMAL) -+ if (pdb_get_acct_ctrl(sampass) & ACB_NORMAL) - pdb_update_autolock_flag(sampass, &updated_autolock); - /* Quit if the account was locked out. */ -- if (acct_ctrl & ACB_AUTOLOCK) { -+ if (pdb_get_acct_ctrl(sampass) & ACB_AUTOLOCK) { - DEBUG(3,("check_sam_security: Account for user %s was locked out.\n", username)); - return NT_STATUS_ACCOUNT_LOCKED_OUT; - } - - nt_status = sam_password_ok(auth_context, mem_ctx, -- username, acct_ctrl, lm_pw, nt_pw, -+ username, pdb_get_acct_ctrl(sampass), lm_pw, nt_pw, - user_info, &user_sess_key, &lm_sess_key); - - /* Notify passdb backend of login success/failure. If not -@@ -426,7 +424,7 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context, - bool increment_bad_pw_count = false; - - if (NT_STATUS_EQUAL(nt_status,NT_STATUS_WRONG_PASSWORD) && -- acct_ctrl & ACB_NORMAL && -+ pdb_get_acct_ctrl(sampass) & ACB_NORMAL && - NT_STATUS_IS_OK(update_login_attempts_status)) - { - increment_bad_pw_count = -@@ -457,7 +455,7 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context, - goto done; - } - -- if ((acct_ctrl & ACB_NORMAL) && -+ if ((pdb_get_acct_ctrl(sampass) & ACB_NORMAL) && - (pdb_get_bad_password_count(sampass) > 0)){ - pdb_set_bad_password_count(sampass, 0, PDB_CHANGED); - pdb_set_bad_password_time(sampass, 0, PDB_CHANGED); --- -1.6.3.3 - -From 2ad43c8c290ebb070d793fc24925f7c1ceb8a438 Mon Sep 17 00:00:00 2001 +From 104c65054cb5e4c4b78f7e75a21a078d68d12bb8 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 28 Jan 2010 11:04:05 +0100 Subject: [PATCH 1/4] s3:nmbd: also listen explicit on the subnet broadcast addresses @@ -718,9 +642,9 @@ metze source3/libsmb/namequery.c | 6 +- source3/libsmb/nmblib.c | 9 ++- source3/nmbd/nmbd.c | 5 +- - source3/nmbd/nmbd_packets.c | 189 ++++++++++++++++++++++++++++-------------- - source3/nmbd/nmbd_subnetdb.c | 123 ++++++++++++++++++---------- - 6 files changed, 222 insertions(+), 115 deletions(-) + source3/nmbd/nmbd_packets.c | 197 ++++++++++++++++++++++++++++-------------- + source3/nmbd/nmbd_subnetdb.c | 123 +++++++++++++++++--------- + 6 files changed, 230 insertions(+), 115 deletions(-) diff --git a/source3/include/nameserv.h b/source3/include/nameserv.h index 496d87e..53ffd6f 100644 @@ -771,7 +695,7 @@ index 50fb9f1..8f8d891 100644 p.packet_type = NMB_PACKET; diff --git a/source3/libsmb/nmblib.c b/source3/libsmb/nmblib.c -index 5f3eda4..1a21066 100644 +index 8230c5a..f7bcf8f 100644 --- a/source3/libsmb/nmblib.c +++ b/source3/libsmb/nmblib.c @@ -601,6 +601,8 @@ static struct packet_struct *copy_nmb_packet(struct packet_struct *packet) @@ -812,7 +736,7 @@ index 5f3eda4..1a21066 100644 /**************************************************************************** diff --git a/source3/nmbd/nmbd.c b/source3/nmbd/nmbd.c -index f31e7b1..418771a 100644 +index eefe27a..07a4b02 100644 --- a/source3/nmbd/nmbd.c +++ b/source3/nmbd/nmbd.c @@ -441,13 +441,14 @@ static void msg_nmbd_send_packet(struct messaging_context *msg, @@ -833,7 +757,7 @@ index f31e7b1..418771a 100644 break; } diff --git a/source3/nmbd/nmbd_packets.c b/source3/nmbd/nmbd_packets.c -index f69845b..51f4e32 100644 +index 1c570ea..402282c 100644 --- a/source3/nmbd/nmbd_packets.c +++ b/source3/nmbd/nmbd_packets.c @@ -207,7 +207,8 @@ static struct packet_struct *create_and_init_netbios_packet(struct nmb_name *nmb @@ -881,7 +805,7 @@ index f69845b..51f4e32 100644 packet.timestamp = time(NULL); debug_nmb_packet(&packet); -@@ -1679,50 +1686,74 @@ static bool create_listen_fdset(fd_set **ppset, int **psock_array, int *listen_n +@@ -1679,26 +1686,32 @@ static bool create_listen_fdset(fd_set **ppset, int **psock_array, int *listen_n return True; } @@ -892,11 +816,11 @@ index f69845b..51f4e32 100644 for (subrec = FIRST_SUBNET; subrec; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec)) count++; -- if((count*2) + 2 > FD_SETSIZE) { +- if((count*2) + 2 >= FD_SETSIZE) { + /* each interface gets 4 sockets */ + count *= 4; + -+ if(count > FD_SETSIZE) { ++ if(count >= FD_SETSIZE) { DEBUG(0,("create_listen_fdset: Too many file descriptors needed (%d). We can \ -only use %d.\n", (count*2) + 2, FD_SETSIZE)); +only use %d.\n", count, FD_SETSIZE)); @@ -916,7 +840,10 @@ index f69845b..51f4e32 100644 - /* Add in the broadcast socket on 137. */ + /* Add in the lp_socket_address() interface on 137. */ - FD_SET(ClientNMB,pset); + if (ClientNMB < 0 || ClientNMB >= FD_SETSIZE) { + errno = EBADF; + SAFE_FREE(pset); +@@ -1709,6 +1722,9 @@ only use %d.\n", (count*2) + 2, FD_SETSIZE)); sock_array[num++] = ClientNMB; *maxfd = MAX( *maxfd, ClientNMB); @@ -925,12 +852,18 @@ index f69845b..51f4e32 100644 + /* Add in the 137 sockets on all the interfaces. */ for (subrec = FIRST_SUBNET; subrec; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec)) { + if (subrec->nmb_sock < 0 || subrec->nmb_sock >= FD_SETSIZE) { +@@ -1718,9 +1734,19 @@ only use %d.\n", (count*2) + 2, FD_SETSIZE)); FD_SET(subrec->nmb_sock,pset); sock_array[num++] = subrec->nmb_sock; *maxfd = MAX( *maxfd, subrec->nmb_sock); + + sock_array[num++] = subrec->nmb_bcast; + if (subrec->nmb_bcast != -1) { ++ if (subrec->nmb_bcast < 0 || subrec->nmb_bcast >= FD_SETSIZE) { ++ /* We have to ignore sockets outside FD_SETSIZE. */ ++ continue; ++ } + FD_SET(subrec->nmb_bcast,pset); + *maxfd = MAX( *maxfd, subrec->nmb_bcast); + } @@ -938,7 +871,10 @@ index f69845b..51f4e32 100644 - /* Add in the broadcast socket on 138. */ + /* Add in the lp_socket_address() interface on 138. */ - FD_SET(ClientDGRAM,pset); + if (ClientDGRAM < 0 || ClientDGRAM >= FD_SETSIZE) { + errno = EBADF; + SAFE_FREE(pset); +@@ -1731,6 +1757,9 @@ only use %d.\n", (count*2) + 2, FD_SETSIZE)); sock_array[num++] = ClientDGRAM; *maxfd = MAX( *maxfd, ClientDGRAM); @@ -947,12 +883,18 @@ index f69845b..51f4e32 100644 + /* Add in the 138 sockets on all the interfaces. */ for (subrec = FIRST_SUBNET; subrec; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec)) { + if (subrec->dgram_sock < 0 || subrec->dgram_sock >= FD_SETSIZE) { +@@ -1740,9 +1769,19 @@ only use %d.\n", (count*2) + 2, FD_SETSIZE)); FD_SET(subrec->dgram_sock,pset); sock_array[num++] = subrec->dgram_sock; *maxfd = MAX( *maxfd, subrec->dgram_sock); + + sock_array[num++] = subrec->dgram_bcast; + if (subrec->dgram_bcast != -1) { ++ if (subrec->dgram_bcast < 0 || subrec->dgram_bcast >= FD_SETSIZE) { ++ /* We have to ignore sockets outside FD_SETSIZE. */ ++ continue; ++ } + FD_SET(subrec->dgram_bcast,pset); + *maxfd = MAX( *maxfd, subrec->dgram_bcast); + } @@ -963,7 +905,7 @@ index f69845b..51f4e32 100644 SAFE_FREE(*ppset); SAFE_FREE(*psock_array); -@@ -1811,61 +1842,90 @@ bool listen_for_packets(bool run_election) +@@ -1831,61 +1870,90 @@ bool listen_for_packets(bool run_election) #endif for(i = 0; i < listen_number; i++) { @@ -1071,16 +1013,16 @@ index f69845b..51f4e32 100644 + inet_ntoa(packet->ip),packet->port)); + free_packet(packet); + continue; - } -- } /* end processing 138 socket. */ -- } /* end for */ ++ } + + if (packet->packet.nmb.header.nm_flags.bcast) { + DEBUG(7,("discarding own nmb bcast packet from %s:%d\n", + inet_ntoa(packet->ip),packet->port)); + free_packet(packet); + continue; -+ } + } +- } /* end processing 138 socket. */ +- } /* end for */ + } + + /* @@ -1106,7 +1048,7 @@ index f69845b..51f4e32 100644 return False; } -@@ -1944,7 +2004,8 @@ bool send_mailslot(bool unique, const char *mailslot,char *buf, size_t len, +@@ -1964,7 +2032,8 @@ bool send_mailslot(bool unique, const char *mailslot,char *buf, size_t len, p.ip = dest_ip; p.port = dest_port; @@ -1290,10 +1232,10 @@ index 13bc931..96d7b32 100644 /**************************************************************************** -- -1.6.3.3 +1.7.0.4 -From df62c7c73e1a30a7db1257df44bbb50471d782c8 Mon Sep 17 00:00:00 2001 +From 67f12b0e16d6e97e5b942d2293c3e063ed1a520a Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 8 Feb 2010 12:51:29 +0100 Subject: [PATCH 2/4] s3:nmbd: change "nmbd:bind explicit broadcast" into "nmbd bind explicit broadcast" @@ -1307,10 +1249,10 @@ metze 3 files changed, 13 insertions(+), 1 deletions(-) diff --git a/source3/include/proto.h b/source3/include/proto.h -index d2ae62c..82c55d0 100644 +index 7c2893b..26b0643 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h -@@ -3934,6 +3934,7 @@ const char *lp_logon_drive(void); +@@ -3939,6 +3939,7 @@ const char *lp_logon_drive(void); const char *lp_logon_home(void); char *lp_remote_announce(void); char *lp_remote_browse_sync(void); @@ -1332,7 +1274,7 @@ index 96d7b32..703e229 100644 /* Check if we are creating a non broadcast subnet - if so don't create sockets. */ diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c -index 6e5e0b2..5e4f2f6 100644 +index 2ba2dd3..87df0d4 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -157,6 +157,7 @@ struct global { @@ -1368,10 +1310,10 @@ index 6e5e0b2..5e4f2f6 100644 FN_GLOBAL_LIST(lp_interfaces, &Globals.szInterfaces) FN_GLOBAL_STRING(lp_nis_home_map_name, &Globals.szNISHomeMapName) -- -1.6.3.3 +1.7.0.4 -From 4b52a598f0eb179183b66a05707a3d7e3eaf50a6 Mon Sep 17 00:00:00 2001 +From c7cbb3f8a06cf98abbbcaaad5806b101aea5b2a0 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 8 Feb 2010 12:59:13 +0100 Subject: [PATCH 3/4] s3:docs-xml: document "nmbd bind explicit broadcast" @@ -1406,10 +1348,10 @@ index 0000000..f328594 +no + -- -1.6.3.3 +1.7.0.4 -From fa11a65188c2973ebba441d7b4f528831bfe3882 Mon Sep 17 00:00:00 2001 +From 49b0020da61243090848136c1fb03fdd819655d0 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 10 Feb 2010 12:32:05 -0800 Subject: [PATCH 4/4] More of the fix for bug #7118 - nmbd problems with socket address. @@ -1438,10 +1380,10 @@ Jeremy. 1 files changed, 89 insertions(+), 0 deletions(-) diff --git a/source3/nmbd/nmbd_packets.c b/source3/nmbd/nmbd_packets.c -index 51f4e32..6c4b96a 100644 +index 402282c..567a9df 100644 --- a/source3/nmbd/nmbd_packets.c +++ b/source3/nmbd/nmbd_packets.c -@@ -1765,6 +1765,83 @@ only use %d.\n", count, FD_SETSIZE)); +@@ -1793,6 +1793,83 @@ only use %d.\n", count, FD_SETSIZE)); } /**************************************************************************** @@ -1525,7 +1467,7 @@ index 51f4e32..6c4b96a 100644 Listens for NMB or DGRAM packets, and queues them. return True if the socket is dead ***************************************************************************/ -@@ -1784,6 +1861,7 @@ bool listen_for_packets(bool run_election) +@@ -1812,6 +1889,7 @@ bool listen_for_packets(bool run_election) #ifndef SYNC_DNS int dns_fd; #endif @@ -1533,7 +1475,7 @@ index 51f4e32..6c4b96a 100644 if(listen_set == NULL || rescan_listen_set) { if(create_listen_fdset(&listen_set, &sock_array, &listen_number, &maxfd)) { -@@ -1906,6 +1984,16 @@ bool listen_for_packets(bool run_election) +@@ -1934,6 +2012,16 @@ bool listen_for_packets(bool run_election) } } @@ -1550,7 +1492,7 @@ index 51f4e32..6c4b96a 100644 /* * 0,2,4,... are unicast sockets * 1,3,5,... are broadcast sockets -@@ -1926,6 +2014,7 @@ bool listen_for_packets(bool run_election) +@@ -1954,6 +2042,7 @@ bool listen_for_packets(bool run_election) queue_packet(packet); } @@ -1559,5 +1501,113 @@ index 51f4e32..6c4b96a 100644 } -- +1.7.0.4 + +From 179e63ae9aa93984ea3d237c1039460c5acf01a5 Mon Sep 17 00:00:00 2001 +From: Michael Adam +Date: Thu, 14 Jan 2010 14:24:35 +0100 +Subject: [PATCH] s3:auth: fix account unlock regression introduced with fix for bug #4347 +MIME-Version: 1.0 +Content-Type: text/plain; charset=utf-8 +Content-Transfer-Encoding: 8bit + +By an oversight, the patchset for #4347 made the unlocking of a locked +account after the lockout duration ineffective. +Thanks to Björn for finding this! + +Michael +--- + source3/auth/auth_sam.c | 12 +++++------- + 1 files changed, 5 insertions(+), 7 deletions(-) + +diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c +index 1dd8fc9..01b2517 100644 +--- a/source3/auth/auth_sam.c ++++ b/source3/auth/auth_sam.c +@@ -369,7 +369,6 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context, + DATA_BLOB user_sess_key = data_blob_null; + DATA_BLOB lm_sess_key = data_blob_null; + bool updated_autolock = False, updated_badpw = False; +- uint32_t acct_ctrl; + const char *username; + const uint8_t *nt_pw; + const uint8_t *lm_pw; +@@ -399,22 +398,21 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context, + return NT_STATUS_NO_SUCH_USER; + } + +- acct_ctrl = pdb_get_acct_ctrl(sampass); + username = pdb_get_username(sampass); + nt_pw = pdb_get_nt_passwd(sampass); + lm_pw = pdb_get_lanman_passwd(sampass); + + /* see if autolock flag needs to be updated */ +- if (acct_ctrl & ACB_NORMAL) ++ if (pdb_get_acct_ctrl(sampass) & ACB_NORMAL) + pdb_update_autolock_flag(sampass, &updated_autolock); + /* Quit if the account was locked out. */ +- if (acct_ctrl & ACB_AUTOLOCK) { ++ if (pdb_get_acct_ctrl(sampass) & ACB_AUTOLOCK) { + DEBUG(3,("check_sam_security: Account for user %s was locked out.\n", username)); + return NT_STATUS_ACCOUNT_LOCKED_OUT; + } + + nt_status = sam_password_ok(auth_context, mem_ctx, +- username, acct_ctrl, lm_pw, nt_pw, ++ username, pdb_get_acct_ctrl(sampass), lm_pw, nt_pw, + user_info, &user_sess_key, &lm_sess_key); + + /* Notify passdb backend of login success/failure. If not +@@ -426,7 +424,7 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context, + bool increment_bad_pw_count = false; + + if (NT_STATUS_EQUAL(nt_status,NT_STATUS_WRONG_PASSWORD) && +- acct_ctrl & ACB_NORMAL && ++ pdb_get_acct_ctrl(sampass) & ACB_NORMAL && + NT_STATUS_IS_OK(update_login_attempts_status)) + { + increment_bad_pw_count = +@@ -457,7 +455,7 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context, + goto done; + } + +- if ((acct_ctrl & ACB_NORMAL) && ++ if ((pdb_get_acct_ctrl(sampass) & ACB_NORMAL) && + (pdb_get_bad_password_count(sampass) > 0)){ + pdb_set_bad_password_count(sampass, 0, PDB_CHANGED); + pdb_set_bad_password_time(sampass, 0, PDB_CHANGED); +-- 1.6.3.3 +From b2ec4bffca5d033a172c572ecf0605e84af68315 Mon Sep 17 00:00:00 2001 +From: Stefan Metzmacher +Date: Thu, 30 Jun 2011 09:56:06 +0200 +Subject: [PATCH] s3:nmbd_packets: return the used number of sockets in create_listen_fdset() (bug #8276) + +Fix bug #7949 (DoS in Winbind and smbd with many file descriptors open) +(commit feb3fcd0fa4bda0967b881315595d7702f4d1752) changed the bahavior, +so that we skipped some sockets. + +This should work for v3-4-test. + +metze +--- + source3/nmbd/nmbd_packets.c | 2 +- + 1 files changed, 1 insertions(+), 1 deletions(-) + +diff --git a/source3/nmbd/nmbd_packets.c b/source3/nmbd/nmbd_packets.c +index 1c570ea..855f6af 100644 +--- a/source3/nmbd/nmbd_packets.c ++++ b/source3/nmbd/nmbd_packets.c +@@ -1742,7 +1742,7 @@ only use %d.\n", (count*2) + 2, FD_SETSIZE)); + *maxfd = MAX( *maxfd, subrec->dgram_sock); + } + +- *listen_number = count; ++ *listen_number = num; + + SAFE_FREE(*ppset); + SAFE_FREE(*psock_array); +-- +1.7.4.1 +