source "package/radvd/Config.in"
source "package/robocfg/Config.in"
source "package/rsync/Config.in"
+source "package/samba/Config.in"
source "package/ser/Config.in"
source "package/shat/Config.in"
source "package/siproxd/Config.in"
package-$(BR2_PACKAGE_RSYNC) += rsync
package-$(BR2_PACKAGE_SABLEVM) += sablevm
package-$(BR2_PACKAGE_SABLEVM_CLASSPATH) += sablevm-classpath
+package-$(BR2_COMPILE_SAMBA) += samba
package-$(BR2_PACKAGE_SCREEN) += screen
package-$(BR2_PACKAGE_SDK) += sdk
package-$(BR2_PACKAGE_SER) += ser
rrdcollect-compile: rrdtool-compile
rrdtool-compile: cgilib-compile freetype-compile libart-compile libpng-compile
rsync-compile: popt-compile
+samba-compile: cups-compile
screen-compile: ncurses-compile
siproxd-compile: libosip2-compile
sipsak-compile: openssl-compile
--- /dev/null
+config BR2_COMPILE_SAMBA
+ bool
+ default n
+ depends BR2_PACKAGE_SAMBA || BR2_PACKAGE_SAMBA_CLIENT
+
+config BR2_PACKAGE_SAMBA
+ tristate "samba - NetBIOS/SMB file and print server"
+# default m if CONFIG_DEVEL
+ default n
+ select BR2_COMPILE_SAMBA
+ help
+ The Samba software suite is a collection of programs that implements the
+ SMB protocol for unix systems, allowing you to serve files and printers to
+ Windows, NT, OS/2 and DOS clients. This protocol is sometimes also referred
+ to as the LanManager or Netbios protocol.
+
+ http://www.samba.org/
+
+ This package contains the SMB file and print server daemons.
+
+
+config BR2_PACKAGE_SAMBA_CLIENT
+ tristate "samba-client - NetBIOS/SMB simple client"
+# default m if CONFIG_DEVEL
+ default n
+ select BR2_COMPILE_SAMBA
+ help
+ The Samba software suite is a collection of programs that implements the
+ SMB protocol for unix systems, allowing you to serve files and printers to
+ Windows, NT, OS/2 and DOS clients. This protocol is sometimes also referred
+ to as the LanManager or Netbios protocol.
+
+ http://www.samba.org/
+
+ This package contains a simple command-line SMB client.
+
+
--- /dev/null
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=samba
+PKG_VERSION:=2.0.10
+PKG_RELEASE:=1
+PKG_MD5SUM:=54870482fe036b7e69dd48c90661eec6
+
+PKG_SOURCE_URL:=ftp://se.samba.org/pub/samba/stable \
+ ftp://ftp.easynet.be/samba/stable
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_CAT:=zcat
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
+PKG_INSTALL_DIR:=$(PKG_BUILD_DIR)/ipkg-install
+
+include $(TOPDIR)/package/rules.mk
+
+$(eval $(call PKG_template,SAMBA,samba,$(PKG_VERSION)-$(PKG_RELEASE),$(ARCH)))
+$(eval $(call PKG_template,SAMBA_CLIENT,samba-client,$(PKG_VERSION)-$(PKG_RELEASE),$(ARCH)))
+
+$(PKG_BUILD_DIR)/.configured: $(PKG_BUILD_DIR)/.prepared
+ (cd $(PKG_BUILD_DIR)/source; \
+ $(TARGET_CONFIGURE_OPTS) \
+ CFLAGS="$(TARGET_CFLAGS) -D_GNU_SOURCE -DNDEBUG -DSHMEM_SIZE=524288 -Dfcntl=fcntl64" \
+ CPPFLAGS="-I$(STAGING_DIR)/usr/include" \
+ LDFLAGS="-L$(STAGING_DIR)/lib -L$(STAGING_DIR)/usr/lib" \
+ ac_cv_sizeof_int=4 \
+ ac_cv_sizeof_long=4 \
+ ac_cv_sizeof_short=2 \
+ samba_cv_FTRUNCATE_NEEDS_ROOT=no \
+ samba_cv_HAVE_BROKEN_FCNTL64_LOCKS=no \
+ samba_cv_HAVE_BROKEN_GETGROUPS=no \
+ samba_cv_HAVE_BROKEN_READDIR=no \
+ samba_cv_HAVE_FCNTL_LOCK=yes \
+ samba_cv_HAVE_FNMATCH=yes \
+ samba_cv_HAVE_FTRUNCATE_EXTEND=no \
+ samba_cv_HAVE_GETTIMEOFDAY_TZ=yes \
+ samba_cv_HAVE_IFACE_AIX=no \
+ samba_cv_HAVE_IFACE_IFCONF=yes \
+ samba_cv_HAVE_IFACE_IFREQ=yes \
+ samba_cv_HAVE_INO64_T=yes \
+ samba_cv_HAVE_IRIX_SPECIFIC_CAPABILITIES=no \
+ samba_cv_HAVE_OFF64_T=yes \
+ samba_cv_HAVE_ROOT=yes \
+ samba_cv_HAVE_SECURE_MKSTEMP=yes \
+ samba_cv_HAVE_SHARED_MMAP=yes \
+ samba_cv_HAVE_STRUCT_FLOCK64=yes \
+ samba_cv_HAVE_SYSV_IPC=no \
+ samba_cv_HAVE_TRUNCATED_SALT=no \
+ samba_cv_HAVE_UNION_SEMUN=no \
+ samba_cv_HAVE_UNSIGNED_CHAR=yes \
+ samba_cv_NEED_SGI_SEMUN_HACK=no \
+ samba_cv_REPLACE_INET_NTOA=no \
+ samba_cv_SIZEOF_INO_T=4 \
+ samba_cv_SIZEOF_OFF_T=4 \
+ samba_cv_SYSCONF_SC_NGROUPS_MAX=yes \
+ samba_cv_USE_SETEUID=yes \
+ samba_cv_USE_SETRESUID=no \
+ samba_cv_USE_SETREUID=yes \
+ samba_cv_USE_SETUIDX=no \
+ samba_cv_have_longlong=yes \
+ samba_cv_have_setresgid=no \
+ samba_cv_have_setresuid=no \
+ ./configure \
+ --target=$(GNU_TARGET_NAME) \
+ --host=$(GNU_TARGET_NAME) \
+ --build=$(GNU_HOST_NAME) \
+ --program-prefix="" \
+ --program-suffix="" \
+ --prefix=/usr \
+ --exec-prefix=/usr \
+ --bindir=/usr/bin \
+ --datadir=/usr/share \
+ --includedir=/usr/include \
+ --infodir=/usr/share/info \
+ --libdir=/usr/lib \
+ --libexecdir=/usr/lib \
+ --localstatedir=/var/log/samba \
+ --mandir=/usr/share/man \
+ --sbindir=/usr/sbin \
+ --sysconfdir=/etc/samba \
+ $(DISABLE_LARGEFILE) \
+ $(DISABLE_NLS) \
+ --with-lockdir=/var/run/samba \
+ --with-privatedir=/etc/samba \
+ --enable-cups \
+ );
+ touch $@
+
+$(PKG_BUILD_DIR)/.built:
+ $(MAKE) -C $(PKG_BUILD_DIR)/source \
+ $(TARGET_CONFIGURE_OPTS) \
+ all
+ touch $@
+
+$(IPKG_SAMBA):
+ install -d -m0755 $(IDIR_SAMBA)/etc/init.d
+ install -m0755 ./files/samba.init $(IDIR_SAMBA)/etc/init.d/samba
+ install -d -m0755 $(IDIR_SAMBA)/etc/samba
+ install -m0644 ./files/smb.conf $(IDIR_SAMBA)/etc/samba/smb.conf
+ install -d -m0755 $(IDIR_SAMBA)/usr/bin
+ install -m0755 $(PKG_BUILD_DIR)/source/bin/smbpasswd $(IDIR_SAMBA)/usr/bin/
+ install -d -m0755 $(IDIR_SAMBA)/usr/sbin
+ install -m0755 $(PKG_BUILD_DIR)/source/bin/{n,s}mbd $(IDIR_SAMBA)/usr/sbin/
+ $(RSTRIP) $(IDIR_SAMBA)
+ $(IPKG_BUILD) $(IDIR_SAMBA) $(PACKAGE_DIR)
+
+$(IPKG_SAMBA_CLIENT):
+ install -d -m0755 $(IDIR_SAMBA_CLIENT)/usr/bin
+ install -m0755 $(PKG_BUILD_DIR)/source/bin/smbclient $(IDIR_SAMBA_CLIENT)/usr/bin/
+ $(RSTRIP) $(IDIR_SAMBA_CLIENT)
+ $(IPKG_BUILD) $(IDIR_SAMBA_CLIENT) $(PACKAGE_DIR)
+
+mostlyclean:
+ make -C $(PKG_BUILD_DIR) clean
+ rm $(PKG_BUILD_DIR)/.built
--- /dev/null
+#!/bin/sh
+
+DEFAULT=/etc/default/samba
+LOG_D=/var/log/samba
+RUN_D=/var/run/samba
+NMBD_PID_F=$RUN_D/nmbd.pid
+SMBD_PID_F=$RUN_D/smbd.pid
+[ -f $DEFAULT ] && . $DEFAULT
+
+case $1 in
+ start)
+ mkdir -p $LOG_D
+ mkdir -p $RUN_D
+ nmbd -D $NMBD_OPTIONS
+ smbd -D $SMBD_OPTIONS
+ ;;
+ stop)
+ [ -f $SMBD_PID_F ] && kill $(cat $SMBD_PID_F)
+ [ -f $NMBD_PID_F ] && kill $(cat $NMBD_PID_F)
+ ;;
+ *)
+ echo "usage: $0 (start|stop)"
+ exit 1
+esac
+
+exit $?
--- /dev/null
+[global]
+ workgroup = OpenWrt
+ security = share
+ guest account = nobody
+ local master = yes
+ name resolve order = lmhosts hosts bcast
+
+[tmp]
+ comment = /tmp
+ path = /tmp
+ browseable = yes
+ public = yes
+ writeable = no
+
--- /dev/null
+Package: samba-client
+Priority: optional
+Section: net
+Maintainer: Oliver Ertl <oliver@ertl-net.net>, OpenWrt Developers Team <bugs@openwrt.org>
+Source: http://openwrt.org/cgi-bin/viewcvs.cgi/openwrt/package/samba/
+Description: NetBIOS/SMB client
--- /dev/null
+/etc/samba/smb.conf
--- /dev/null
+Package: samba
+Priority: optional
+Section: net
+Maintainer: Oliver Ertl <oliver@ertl-net.net>, OpenWrt Developers Team <bugs@openwrt.org>
+Source: http://openwrt.org/cgi-bin/viewcvs.cgi/openwrt/package/samba/
+Description: NetBIOS/SMB file and print server
+Depends: cups
--- /dev/null
+diff -ur samba-2.0.10/source/include/smb.h samba/source/include/smb.h
+--- samba-2.0.10/source/include/smb.h 2001-06-23 12:52:20.000000000 +0400
++++ samba/source/include/smb.h 2005-05-21 21:09:03.204222704 +0400
+@@ -115,6 +115,22 @@
+ * Usage:
+ * DEBUGADD( 2, ("Some additional text.\n") );
+ */
++
++#ifdef NDEBUG
++
++#define DEBUGLVL( level ) \
++ ( (0 == (level)) \
++ && dbghdr( level, FILE_MACRO, FUNCTION_MACRO, (__LINE__) ) )
++
++#define DEBUG( level, body ) \
++ (void)( (0 == (level)) \
++ && (dbghdr( level, FILE_MACRO, FUNCTION_MACRO, (__LINE__) )) \
++ && (dbgtext body) )
++
++#define DEBUGADD( level, body ) \
++ (void)( (0 == (level)) && (dbgtext body) )
++
++#else
+ #define DEBUGLVL( level ) \
+ ( (DEBUGLEVEL >= (level)) \
+ && dbghdr( level, FILE_MACRO, FUNCTION_MACRO, (__LINE__) ) )
+@@ -140,7 +156,7 @@
+ (void)( (DEBUGLEVEL >= (level)) && (dbgtext body) )
+
+ #endif
+-
++#endif
+ /* End Debugging code section.
+ * -------------------------------------------------------------------------- **
+ */
+@@ -1612,7 +1628,9 @@
+ #define CAP_LOCK_AND_READ 0x0100
+ #define CAP_NT_FIND 0x0200
+ #define CAP_DFS 0x1000
++#define CAP_W2K_SMBS 0x2000
+ #define CAP_LARGE_READX 0x4000
++#define CAP_LARGE_WRITEX 0x8000
+ #define CAP_EXTENDED_SECURITY 0x80000000
+
+ /* protocol types. It assumes that higher protocols include lower protocols
+diff -ur samba-2.0.10/source/Makefile.in samba/source/Makefile.in
+--- samba-2.0.10/source/Makefile.in 2000-03-17 01:57:08.000000000 +0300
++++ samba/source/Makefile.in 2005-05-21 20:59:57.130238568 +0400
+@@ -37,8 +37,8 @@
+ # set these to where to find various files
+ # These can be overridden by command line switches (see smbd(8))
+ # or in smb.conf (see smb.conf(5))
+-SMBLOGFILE = $(VARDIR)/log.smb
+-NMBLOGFILE = $(VARDIR)/log.nmb
++SMBLOGFILE = $(VARDIR)/smb
++NMBLOGFILE = $(VARDIR)/nmb
+ CONFIGFILE = $(LIBDIR)/smb.conf
+ LMHOSTSFILE = $(LIBDIR)/lmhosts
+ DRIVERFILE = $(LIBDIR)/printers.def
+@@ -55,7 +55,7 @@
+ LOCKDIR = @lockdir@
+
+ # The directory where code page definition files go
+-CODEPAGEDIR = $(LIBDIR)/codepages
++CODEPAGEDIR = $(BASEDIR)/codepages
+
+ # The current codepage definition list.
+ CODEPAGELIST= 437 737 775 850 852 861 932 866 949 950 936 1251 ISO8859-1 ISO8859-2 ISO8859-5 ISO8859-7 KOI8-R
+@@ -82,6 +82,7 @@
+ PROGS2 = bin/rpcclient bin/smbpasswd bin/make_smbcodepage bin/make_unicodemap @WRAP@ @WRAP32@
+ MPROGS = @MPROGS@
+ PROGS = $(PROGS1) $(PROGS2) $(MPROGS) bin/nmblookup bin/make_printerdef
++SHAREDPROGS = bin/smbd.shared bin/nmbd.shared bin/smbpasswd.shared
+
+ SCRIPTS = $(srcdir)/script/smbtar $(srcdir)/script/addtosmbpass $(srcdir)/script/convert_smbpasswd
+
+@@ -159,6 +160,8 @@
+ $(RPC_SERVER_OBJ) $(RPC_CLIENT_OBJ) $(RPC_PARSE_OBJ) \
+ $(LOCKING_OBJ) $(PASSDB_OBJ) $(PRINTING_OBJ) $(PROFILE_OBJ) $(LIB_OBJ)
+
++SMBDSHARED_OBJ = $(SMBD_OBJ1) $(RPC_SERVER_OBJ) \
++ $(LOCKING_OBJ) $(PROFILE_OBJ) #$(PRINTING_OBJ)
+
+ NMBD_OBJ1 = nmbd/asyncdns.o nmbd/nmbd.o nmbd/nmbd_become_dmb.o \
+ nmbd/nmbd_become_lmb.o nmbd/nmbd_browserdb.o \
+@@ -176,6 +179,8 @@
+ NMBD_OBJ = $(NMBD_OBJ1) $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) \
+ $(LIB_OBJ)
+
++NMBDSHARED_OBJ = $(NMBD_OBJ1)
++
+ SWAT_OBJ = web/cgi.o web/diagnose.o web/startstop.o web/statuspage.o \
+ web/swat.o $(LIBSMB_OBJ) $(LOCKING_OBJ) \
+ $(PARAM_OBJ) $(PASSDB_OBJ) $(RPC_CLIENT_OBJ) $(RPC_PARSE_OBJ) \
+@@ -207,6 +212,8 @@
+ SMBPASSWD_OBJ = utils/smbpasswd.o $(PARAM_OBJ) $(LIBSMB_OBJ) $(PASSDB_OBJ) \
+ $(UBIQX_OBJ) $(RPC_CLIENT_OBJ) $(RPC_PARSE_OBJ) $(LIB_OBJ)
+
++SMBPASSWDSHARED_OBJ = utils/smbpasswd.o
++
+ RPCCLIENT_OBJ = rpcclient/rpcclient.o \
+ rpcclient/display.o \
+ rpcclient/cmd_lsarpc.o \
+@@ -265,6 +272,11 @@
+ PROTO_OBJ = $(SMBD_OBJ) $(NMBD_OBJ) $(SWAT_OBJ) $(CLIENT_OBJ) \
+ $(RPCCLIENT_OBJ) $(SMBWRAPPER_OBJ) $(SMBTORTURE_OBJ)
+
++LIBSMBSHARED_OBJ = $(LIB_OBJ) $(LIBSMB_OBJ) $(PARAM_OBJ) $(UBIQX_OBJ) \
++ $(PASSDB_OBJ) $(RPC_PARSE_OBJ) #$(RPC_CLIENT_OBJ)
++
++LIBSMB_PICOBJS = $(LIBSMBSHARED_OBJ:.o=.po)
++
+ PICOBJS = $(SMBWRAPPER_OBJ:.o=.po)
+ PICOBJS32 = $(SMBWRAPPER_OBJ:.o=.po32)
+
+@@ -274,6 +286,8 @@
+
+ all : CHECK $(SPROGS) $(PROGS)
+
++shared : CHECK $(SHAREDPROGS)
++
+ smbwrapper : CHECK bin/smbsh bin/smbwrapper.@SHLIBEXT@ @WRAP32@
+
+ smbtorture : CHECK bin/smbtorture
+@@ -359,10 +373,18 @@
+ @echo Linking $@
+ @$(CC) $(FLAGS) -o $@ $(SMBD_OBJ) $(LDFLAGS) $(LIBS)
+
++bin/smbd.shared: $(SMBDSHARED_OBJ) bin/libsmb.@SHLIBEXT@ bin/.dummy
++ @echo Linking $@
++ @$(CC) $(FLAGS) -o $@ $(SMBDSHARED_OBJ) $(LDFLAGS) $(LIBS) -Lbin -lsmb
++
+ bin/nmbd: $(NMBD_OBJ) bin/.dummy
+ @echo Linking $@
+ @$(CC) $(FLAGS) -o $@ $(NMBD_OBJ) $(LDFLAGS) $(LIBS)
+
++bin/nmbd.shared: $(NMBDSHARED_OBJ) bin/libsmb.@SHLIBEXT@ bin/.dummy
++ @echo Linking $@
++ @$(CC) $(FLAGS) -o $@ $(NMBDSHARED_OBJ) $(LDFLAGS) $(LIBS) -Lbin -lsmb
++
+ bin/swat: $(SWAT_OBJ) bin/.dummy
+ @echo Linking $@
+ @$(CC) $(FLAGS) -o $@ $(SWAT_OBJ) $(LDFLAGS) $(LIBS)
+@@ -411,6 +433,10 @@
+ @echo Linking $@
+ @$(CC) $(FLAGS) -o $@ $(SMBPASSWD_OBJ) $(LDFLAGS) $(LIBS)
+
++bin/smbpasswd.shared: $(SMBPASSWDSHARED_OBJ) bin/libsmb.@SHLIBEXT@ bin/.dummy
++ @echo Linking $@
++ @$(CC) $(FLAGS) -o $@ $(SMBPASSWDSHARED_OBJ) $(LDFLAGS) $(LIBS) -Lbin -lsmb
++
+ bin/make_smbcodepage: $(MAKE_SMBCODEPAGE_OBJ) bin/.dummy
+ @echo Linking $@
+ @$(CC) $(FLAGS) -o $@ $(MAKE_SMBCODEPAGE_OBJ) $(LDFLAGS) $(LIBS)
+@@ -459,6 +485,10 @@
+ @echo Linking $@
+ @$(CC) $(FLAGS) -o $@ $(SMBSH_OBJ) $(LDFLAGS) $(LIBS)
+
++bin/libsmb.@SHLIBEXT@: $(LIBSMB_PICOBJS) bin/.dummy
++ @echo Linking shared library $@
++ @$(LD) @LDSHFLAGS@ -o $@ $(LIBSMB_PICOBJS) $(LIBS)
++
+ install: installbin installman installscripts installcp installswat
+
+ installdirs:
+@@ -518,7 +548,7 @@
+ ctags `find . -name "*.[ch]" | grep -v /CVS/`
+
+ realclean: clean
+- -rm -f config.log $(PROGS) $(SPROGS) bin/.dummy
++ -rm -f config.log $(PROGS) $(SPROGS) $(SHAREDPROGS) bin/.dummy
+ -rmdir bin
+
+ distclean: realclean
+diff -ur samba-2.0.10/source/nmbd/nmbd_mynames.c samba/source/nmbd/nmbd_mynames.c
+--- samba-2.0.10/source/nmbd/nmbd_mynames.c 2000-03-17 01:59:24.000000000 +0300
++++ samba/source/nmbd/nmbd_mynames.c 2005-05-21 20:57:26.672111680 +0400
+@@ -215,8 +215,8 @@
+ */
+ if( !is_refresh_already_queued( subrec, namerec) )
+ refresh_name( subrec, namerec, NULL, NULL, NULL );
+- namerec->data.death_time += lp_max_ttl();
+- namerec->data.refresh_time += MIN(lp_max_ttl(), MAX_REFRESH_TIME);
++ namerec->data.death_time = t + lp_max_ttl();
++ namerec->data.refresh_time = t + MIN(lp_max_ttl(), MAX_REFRESH_TIME);
+ }
+ }
+ }
+diff -ur samba-2.0.10/source/smbd/close.c samba/source/smbd/close.c
+--- samba-2.0.10/source/smbd/close.c 2000-04-21 21:43:13.000000000 +0400
++++ samba/source/smbd/close.c 2005-05-21 19:44:59.516979712 +0400
+@@ -122,11 +122,11 @@
+ last_reference = True;
+
+ fsp->fd_ptr = NULL;
+-
++#ifdef PRINTING
+ /* NT uses smbclose to start a print - weird */
+ if (normal_close && fsp->print_file)
+ print_file(conn, fsp);
+-
++#endif
+ /* check for magic scripts */
+ if (normal_close) {
+ check_magic(fsp,conn);
+diff -ur samba-2.0.10/source/smbd/ipc.c samba/source/smbd/ipc.c
+--- samba-2.0.10/source/smbd/ipc.c 2000-03-30 02:20:06.000000000 +0400
++++ samba/source/smbd/ipc.c 2005-05-21 19:44:59.559973176 +0400
+@@ -472,7 +472,7 @@
+ PACK(desc,t,v);
+ }
+
+-
++#ifdef PRINTING
+ /****************************************************************************
+ get a print queue
+ ****************************************************************************/
+@@ -1004,7 +1004,7 @@
+
+ return True;
+ }
+-
++#endif
+ /****************************************************************************
+ get info level for a server list query
+ ****************************************************************************/
+@@ -1834,7 +1834,7 @@
+
+ return(True);
+ }
+-
++#ifdef PRINTING
+ /****************************************************************************
+ delete a print job
+ Form: <W> <>
+@@ -2091,7 +2091,7 @@
+
+ return(True);
+ }
+-
++#endif
+
+ /****************************************************************************
+ get info about the server
+@@ -2756,7 +2756,7 @@
+
+ return(True);
+ }
+-
++#ifdef PRINTING
+ /****************************************************************************
+ api_WPrintJobEnumerate
+ ****************************************************************************/
+@@ -3189,7 +3189,7 @@
+ DEBUG(4,("WPrintPortEnum: errorcode %d\n",desc.errcode));
+ return(True);
+ }
+-
++#endif
+ /****************************************************************************
+ Start the first part of an RPC reply which began with an SMBtrans request.
+ ****************************************************************************/
+@@ -3407,6 +3407,7 @@
+ {"RNetUserGetInfo", 56, api_RNetUserGetInfo,0},
+ {"NetUserGetGroups", 59, api_NetUserGetGroups,0},
+ {"NetWkstaGetInfo", 63, api_NetWkstaGetInfo,0},
++#ifdef PRINTING
+ {"DosPrintQEnum", 69, api_DosPrintQEnum,0},
+ {"DosPrintQGetInfo", 70, api_DosPrintQGetInfo,0},
+ {"WPrintQueuePause", 74, api_WPrintQueuePurge,0},
+@@ -3418,16 +3419,21 @@
+ {"RDosPrintJobResume",83, api_RDosPrintJobDel,0},
+ {"WPrintDestEnum", 84, api_WPrintDestEnum,0},
+ {"WPrintDestGetInfo", 85, api_WPrintDestGetInfo,0},
++#endif
+ {"NetRemoteTOD", 91, api_NetRemoteTOD,0},
++#ifdef PRINTING
+ {"WPrintQueuePurge", 103, api_WPrintQueuePurge,0},
++#endif
+ {"NetServerEnum", 104, api_RNetServerEnum,0},
+ {"WAccessGetUserPerms",105, api_WAccessGetUserPerms,0},
+ {"SetUserPassword", 115, api_SetUserPassword,0},
+ {"WWkstaUserLogon", 132, api_WWkstaUserLogon,0},
++#ifdef PRINTING
+ {"PrintJobInfo", 147, api_PrintJobInfo,0},
+ {"WPrintDriverEnum", 205, api_WPrintDriverEnum,0},
+ {"WPrintQProcEnum", 206, api_WPrintQProcEnum,0},
+ {"WPrintPortEnum", 207, api_WPrintPortEnum,0},
++#endif
+ {"SamOEMChangePassword", 214, api_SamOEMChangePassword,0},
+ {NULL, -1, api_Unsupported,0}};
+
+diff -ur samba-2.0.10/source/smbd/negprot.c samba/source/smbd/negprot.c
+--- samba-2.0.10/source/smbd/negprot.c 2000-03-17 01:59:47.000000000 +0300
++++ samba/source/smbd/negprot.c 2005-05-21 21:09:16.025273608 +0400
+@@ -160,7 +160,7 @@
+ /* dual names + lock_and_read + nt SMBs + remote API calls */
+ int capabilities = CAP_NT_FIND|CAP_LOCK_AND_READ|
+ (lp_nt_smb_support() ? CAP_NT_SMBS | CAP_RPC_REMOTE_APIS : 0) |
+- (SMB_OFF_T_BITS == 64 ? CAP_LARGE_FILES : 0);
++ (SMB_OFF_T_BITS == 64 ? CAP_LARGE_FILES | CAP_LARGE_READX | CAP_LARGE_WRITEX /*| CAP_W2K_SMBS*/ : 0);
+
+
+ /*
+diff -ur samba-2.0.10/source/smbd/password.c samba/source/smbd/password.c
+--- samba-2.0.10/source/smbd/password.c 2000-03-17 01:59:48.000000000 +0300
++++ samba/source/smbd/password.c 2005-05-21 19:44:59.562972720 +0400
+@@ -1149,7 +1149,7 @@
+
+ return(True);
+ }
+-
++#ifdef RPCCLIENT
+ /***********************************************************************
+ Connect to a remote machine for domain security authentication
+ given a name or IP address.
+@@ -1504,3 +1504,4 @@
+ cli_shutdown(&cli);
+ return True;
+ }
++#endif
+diff -ur samba-2.0.10/source/smbd/process.c samba/source/smbd/process.c
+--- samba-2.0.10/source/smbd/process.c 2000-04-15 04:21:27.000000000 +0400
++++ samba/source/smbd/process.c 2005-05-21 19:44:59.583969528 +0400
+@@ -343,10 +343,12 @@
+ {SMBlseek,"SMBlseek",reply_lseek,AS_USER},
+ {SMBflush,"SMBflush",reply_flush,AS_USER},
+ {SMBctemp,"SMBctemp",reply_ctemp,AS_USER | QUEUE_IN_OPLOCK },
++#ifdef PRINTING
+ {SMBsplopen,"SMBsplopen",reply_printopen,AS_USER | QUEUE_IN_OPLOCK },
+ {SMBsplclose,"SMBsplclose",reply_printclose,AS_USER},
+ {SMBsplretq,"SMBsplretq",reply_printqueue,AS_USER},
+ {SMBsplwr,"SMBsplwr",reply_printwrite,AS_USER},
++#endif
+ {SMBlock,"SMBlock",reply_lock,AS_USER},
+ {SMBunlock,"SMBunlock",reply_unlock,AS_USER},
+
+@@ -908,7 +910,7 @@
+ DEBUG(2,("Closing idle connection 2.\n"));
+ return False;
+ }
+-
++#ifdef RPCLIENT
+ if(global_machine_password_needs_changing)
+ {
+ unsigned char trust_passwd_hash[16];
+@@ -954,7 +956,7 @@
+ trust_password_unlock();
+ global_machine_password_needs_changing = False;
+ }
+-
++#endif
+ /*
+ * Check to see if we have any blocking locks
+ * outstanding on the queue.
+diff -ur samba-2.0.10/source/smbd/reply.c samba/source/smbd/reply.c
+--- samba-2.0.10/source/smbd/reply.c 2001-06-23 12:51:24.000000000 +0400
++++ samba/source/smbd/reply.c 2005-05-21 19:44:59.628962688 +0400
+@@ -597,12 +597,12 @@
+
+ if (!check_domain_match(orig_user, domain))
+ return False;
+-
++#ifdef RPCCLIENT
+ ret = domain_client_validate(orig_user, domain,
+ smb_apasswd, smb_apasslen,
+ smb_ntpasswd, smb_ntpasslen,
+ &user_exists);
+-
++#endif
+ if(ret) {
+ /*
+ * User validated ok against Domain controller.
+@@ -2991,7 +2991,7 @@
+ return -1;
+ }
+
+-
++#ifdef PRINTING
+ /****************************************************************************
+ reply to a printopen
+ ****************************************************************************/
+@@ -3176,7 +3176,7 @@
+
+ return(outsize);
+ }
+-
++#endif
+
+ /****************************************************************************
+ reply to a mkdir
+diff -ur samba-2.0.10/source/smbd/server.c samba/source/smbd/server.c
+--- samba-2.0.10/source/smbd/server.c 2000-03-17 01:59:52.000000000 +0300
++++ samba/source/smbd/server.c 2005-05-21 19:44:59.649959496 +0400
+@@ -300,9 +300,9 @@
+ lp_killunused(conn_snum_used);
+
+ ret = lp_load(servicesf,False,False,True);
+-
++#ifdef PRINTING
+ load_printers();
+-
++#endif
+ /* perhaps the config filename is now set */
+ if (!test)
+ reload_services(True);
+diff -ur samba-2.0.10/source/smbd/service.c samba/source/smbd/service.c
+--- samba-2.0.10/source/smbd/service.c 2000-03-17 01:59:52.000000000 +0300
++++ samba/source/smbd/service.c 2005-05-21 19:44:59.670956304 +0400
+@@ -121,7 +121,7 @@
+ }
+ }
+ }
+-
++#ifdef PRINTING
+ /* If we still don't have a service, attempt to add it as a printer. */
+ if (iService < 0)
+ {
+@@ -146,7 +146,7 @@
+ DEBUG(3,("%s is not a valid printer name\n", service));
+ }
+ }
+-
++#endif
+ /* just possibly it's a default service? */
+ if (iService < 0)
+ {
+diff -ur samba-2.0.10/source/utils/smbpasswd.c samba/source/utils/smbpasswd.c
+--- samba-2.0.10/source/utils/smbpasswd.c 2000-03-17 01:59:57.000000000 +0300
++++ samba/source/utils/smbpasswd.c 2005-05-21 19:44:59.671956152 +0400
+@@ -71,7 +71,7 @@
+ }
+ exit(1);
+ }
+-
++#ifdef RPCCLIENT
+ /*********************************************************
+ Join a domain.
+ **********************************************************/
+@@ -143,7 +143,7 @@
+
+ return (int)ret;
+ }
+-
++#endif
+
+ static void set_line_buffering(FILE *f)
+ {
+@@ -335,13 +335,13 @@
+ if((local_flags & (LOCAL_ADD_USER|LOCAL_DELETE_USER)) && ((remote_machine != NULL) || joining_domain)) {
+ usage();
+ }
+-
++#ifdef RPCCLIENT
+ if(joining_domain) {
+ if (argc != 0)
+ usage();
+ return join_domain(new_domain, remote_machine);
+ }
+-
++#endif
+ /*
+ * Deal with root - can add a user, but only locally.
+ */
+diff -ur samba-2.0.10/source/web/swat.c samba/source/web/swat.c
+--- samba-2.0.10/source/web/swat.c 2000-04-11 21:36:36.000000000 +0400
++++ samba/source/web/swat.c 2005-05-21 19:44:59.692952960 +0400
+@@ -357,8 +357,9 @@
+ return 0;
+ }
+ iNumNonAutoPrintServices = lp_numservices();
++#ifdef PRINTING
+ load_printers();
+-
++#endif
+ return 1;
+ }
+
+@@ -997,8 +998,9 @@
+ charset_initialise();
+ load_config(True);
+ iNumNonAutoPrintServices = lp_numservices();
++#ifdef PRINTING
+ load_printers();
+-
++#endif
+ cgi_setup(SWATDIR, !demo_mode);
+
+ print_header();
--- /dev/null
+diff -ur samba-2.0.10/source/include/smb.h samba-2.0.10-security/source/include/smb.h
+--- samba-2.0.10/source/include/smb.h 2001-06-23 12:52:20.000000000 +0400
++++ samba-2.0.10-security/source/include/smb.h 2005-05-21 21:51:17.206995728 +0400
+@@ -256,6 +256,7 @@
+ #define ERRlock 33 /* Lock request conflicts with existing lock */
+ #define ERRunsup 50 /* Request unsupported, returned by Win 95, RJS 20Jun98 */
+ #define ERRfilexists 80 /* File in operation already exists */
++#define ERRinvalidparam 87
+ #define ERRcannotopen 110 /* Cannot open the file specified */
+ #define ERRunknownlevel 124
+ #define ERRrename 183
+@@ -1893,4 +1894,7 @@
+
+ #define SAFE_NETBIOS_CHARS ". -_"
+
++#ifndef SAFE_FREE
++#define SAFE_FREE(x) do { if ((x) != NULL) {free((x)); (x)=NULL;} } while(0)
++#endif
+ #endif /* _SMB_H */
+diff -ur samba-2.0.10/source/include/version.h samba-2.0.10-security/source/include/version.h
+--- samba-2.0.10/source/include/version.h 2001-06-23 17:23:59.000000000 +0400
++++ samba-2.0.10-security/source/include/version.h 2005-05-21 21:51:17.227992536 +0400
+@@ -1 +1 @@
+-#define VERSION "2.0.10"
++#define VERSION "2.0.10-security-rollup"
+diff -ur samba-2.0.10/source/smbd/filename.c samba-2.0.10-security/source/smbd/filename.c
+--- samba-2.0.10/source/smbd/filename.c 2000-03-17 01:59:44.000000000 +0300
++++ samba-2.0.10-security/source/smbd/filename.c 2005-05-21 21:51:17.403965784 +0400
+@@ -172,7 +172,7 @@
+ * StrnCpy always null terminates.
+ */
+
+- StrnCpy(orig_name, full_orig_name, namelen);
++ StrnCpy(orig_name, full_orig_name, MIN(namelen, sizeof(orig_name)-1));
+ if(!case_sensitive)
+ strupper( orig_name );
+
+diff -ur samba-2.0.10/source/smbd/ipc.c samba-2.0.10-security/source/smbd/ipc.c
+--- samba-2.0.10/source/smbd/ipc.c 2000-03-30 02:20:06.000000000 +0400
++++ samba-2.0.10-security/source/smbd/ipc.c 2005-05-21 21:51:17.269986152 +0400
+@@ -3550,18 +3550,18 @@
+ uint16 *setup=NULL;
+ int outsize = 0;
+ uint16 vuid = SVAL(inbuf,smb_uid);
+- int tpscnt = SVAL(inbuf,smb_vwv0);
+- int tdscnt = SVAL(inbuf,smb_vwv1);
+- int mprcnt = SVAL(inbuf,smb_vwv2);
+- int mdrcnt = SVAL(inbuf,smb_vwv3);
+- int msrcnt = CVAL(inbuf,smb_vwv4);
++ unsigned int tpscnt = SVAL(inbuf,smb_vwv0);
++ unsigned int tdscnt = SVAL(inbuf,smb_vwv1);
++ unsigned int mprcnt = SVAL(inbuf,smb_vwv2);
++ unsigned int mdrcnt = SVAL(inbuf,smb_vwv3);
++ unsigned int msrcnt = CVAL(inbuf,smb_vwv4);
+ BOOL close_on_completion = BITSETW(inbuf+smb_vwv5,0);
+ BOOL one_way = BITSETW(inbuf+smb_vwv5,1);
+- int pscnt = SVAL(inbuf,smb_vwv9);
+- int psoff = SVAL(inbuf,smb_vwv10);
+- int dscnt = SVAL(inbuf,smb_vwv11);
+- int dsoff = SVAL(inbuf,smb_vwv12);
+- int suwcnt = CVAL(inbuf,smb_vwv13);
++ unsigned int pscnt = SVAL(inbuf,smb_vwv9);
++ unsigned int psoff = SVAL(inbuf,smb_vwv10);
++ unsigned int dscnt = SVAL(inbuf,smb_vwv11);
++ unsigned int dsoff = SVAL(inbuf,smb_vwv12);
++ unsigned int suwcnt = CVAL(inbuf,smb_vwv13);
+
+ memset(name, '\0',sizeof(name));
+ fstrcpy(name,smb_buf(inbuf));
+@@ -3572,31 +3572,48 @@
+
+ if (tdscnt) {
+ if((data = (char *)malloc(tdscnt)) == NULL) {
+- DEBUG(0,("reply_trans: data malloc fail for %d bytes !\n", tdscnt));
++ DEBUG(0,("reply_trans: data malloc fail for %u bytes !\n", tdscnt));
+ return(ERROR(ERRDOS,ERRnomem));
+ }
++ if ((dsoff+dscnt < dsoff) || (dsoff+dscnt < dscnt))
++ goto bad_param;
++ if (smb_base(inbuf)+dsoff+dscnt > inbuf + size)
++ goto bad_param;
++
+ memcpy(data,smb_base(inbuf)+dsoff,dscnt);
+ }
+
+ if (tpscnt) {
+ if((params = (char *)malloc(tpscnt)) == NULL) {
+- DEBUG(0,("reply_trans: param malloc fail for %d bytes !\n", tpscnt));
++ DEBUG(0,("reply_trans: param malloc fail for %u bytes !\n", tpscnt));
++ SAFE_FREE(data);
+ return(ERROR(ERRDOS,ERRnomem));
+ }
++ if ((psoff+pscnt < psoff) || (psoff+pscnt < pscnt))
++ goto bad_param;
++ if (smb_base(inbuf)+psoff+pscnt > inbuf + size)
++ goto bad_param;
++
+ memcpy(params,smb_base(inbuf)+psoff,pscnt);
+ }
+
+ if (suwcnt) {
+ int i;
+ if((setup = (uint16 *)malloc(suwcnt*sizeof(uint16))) == NULL) {
+- DEBUG(0,("reply_trans: setup malloc fail for %d bytes !\n", (int)(suwcnt * sizeof(uint16))));
+- return(ERROR(ERRDOS,ERRnomem));
+- }
++ DEBUG(0,("reply_trans: setup malloc fail for %u bytes !\n", (unsigned int)(suwcnt * sizeof(uint16))));
++ SAFE_FREE(data);
++ SAFE_FREE(params);
++ return(ERROR(ERRDOS,ERRnomem));
++ }
++ if (inbuf+smb_vwv14+(suwcnt*SIZEOFWORD) > inbuf + size)
++ goto bad_param;
++ if ((smb_vwv14+(suwcnt*SIZEOFWORD) < smb_vwv14) || (smb_vwv14+(suwcnt*SIZEOFWORD) < (suwcnt*SIZEOFWORD)))
++ goto bad_param;
++
+ for (i=0;i<suwcnt;i++)
+ setup[i] = SVAL(inbuf,smb_vwv14+i*SIZEOFWORD);
+ }
+
+-
+ if (pscnt < tpscnt || dscnt < tdscnt) {
+ /* We need to send an interim response then receive the rest
+ of the parameter/data bytes */
+@@ -3608,7 +3625,7 @@
+ /* receive the rest of the trans packet */
+ while (pscnt < tpscnt || dscnt < tdscnt) {
+ BOOL ret;
+- int pcnt,poff,dcnt,doff,pdisp,ddisp;
++ unsigned int pcnt,poff,dcnt,doff,pdisp,ddisp;
+
+ ret = receive_next_smb(inbuf,bufsize,SMB_SECONDARY_WAIT);
+
+@@ -3619,19 +3636,19 @@
+ DEBUG(0,("reply_trans: %s in getting secondary trans response.\n",
+ (smb_read_error == READ_ERROR) ? "error" : "timeout" ));
+ }
+- if (params)
+- free(params);
+- if (data)
+- free(data);
+- if (setup)
+- free(setup);
++ SAFE_FREE(params);
++ SAFE_FREE(data);
++ SAFE_FREE(setup);
+ return(ERROR(ERRSRV,ERRerror));
+ }
+
+ show_msg(inbuf);
+
+- tpscnt = SVAL(inbuf,smb_vwv0);
+- tdscnt = SVAL(inbuf,smb_vwv1);
++ /* Revise total_params and total_data in case they have changed downwards */
++ if (SVAL(inbuf,smb_vwv0) < tpscnt)
++ tpscnt = SVAL(inbuf,smb_vwv0);
++ if (SVAL(inbuf,smb_vwv1) < tdscnt)
++ tdscnt = SVAL(inbuf,smb_vwv1);
+
+ pcnt = SVAL(inbuf,smb_vwv2);
+ poff = SVAL(inbuf,smb_vwv3);
+@@ -3644,17 +3661,36 @@
+ pscnt += pcnt;
+ dscnt += dcnt;
+
+- if (dscnt > tdscnt || pscnt > tpscnt) {
+- exit_server("invalid trans parameters\n");
+- }
++ if (dscnt > tdscnt || pscnt > tpscnt)
++ goto bad_param;
+
+- if (pcnt)
++ if (pcnt) {
++ if (pdisp+pcnt >= tpscnt)
++ goto bad_param;
++ if ((pdisp+pcnt < pdisp) || (pdisp+pcnt < pcnt))
++ goto bad_param;
++ if (smb_base(inbuf) + poff + pcnt >= inbuf + bufsize)
++ goto bad_param;
++ if (params + pdisp < params)
++ goto bad_param;
++
+ memcpy(params+pdisp,smb_base(inbuf)+poff,pcnt);
+- if (dcnt)
++ }
++
++ if (dcnt) {
++ if (ddisp+dcnt >= tdscnt)
++ goto bad_param;
++ if ((ddisp+dcnt < ddisp) || (ddisp+dcnt < dcnt))
++ goto bad_param;
++ if (smb_base(inbuf) + doff + dcnt >= inbuf + bufsize)
++ goto bad_param;
++ if (data + ddisp < data)
++ goto bad_param;
++
+ memcpy(data+ddisp,smb_base(inbuf)+doff,dcnt);
++ }
+ }
+-
+-
++
+ DEBUG(3,("trans <%s> data=%d params=%d setup=%d\n",
+ name,tdscnt,tpscnt,suwcnt));
+
+@@ -3694,4 +3730,12 @@
+ return(ERROR(ERRSRV,ERRnosupport));
+
+ return(outsize);
++
++ bad_param:
++
++ DEBUG(0,("reply_trans: invalid trans parameters\n"));
++ SAFE_FREE(data);
++ SAFE_FREE(params);
++ SAFE_FREE(setup);
++ return(ERROR(ERRSRV,ERRerror));
+ }
+diff -ur samba-2.0.10/source/smbd/nttrans.c samba-2.0.10-security/source/smbd/nttrans.c
+--- samba-2.0.10/source/smbd/nttrans.c 2000-04-24 21:27:30.000000000 +0400
++++ samba-2.0.10-security/source/smbd/nttrans.c 2005-05-21 21:51:17.314979312 +0400
+@@ -2575,11 +2575,14 @@
+ params = (char *)malloc(total_parameter_count);
+ if (total_data_count > 0)
+ data = (char *)malloc(total_data_count);
+-
++
+ if ((total_parameter_count && !params) || (total_data_count && !data) ||
+ (setup_count && !setup)) {
++ SAFE_FREE(setup);
++ SAFE_FREE(params);
++ SAFE_FREE(data);
+ DEBUG(0,("reply_nttrans : Out of memory\n"));
+- return(ERROR(ERRDOS,ERRnomem));
++ return ERROR(ERRDOS,ERRnomem);
+ }
+
+ /* Copy the param and data bytes sent with this request into
+@@ -2588,64 +2591,112 @@
+ num_data_sofar = data_count;
+
+ if (parameter_count > total_parameter_count || data_count > total_data_count)
+- exit_server("reply_nttrans: invalid sizes in packet.\n");
++ goto bad_param;
+
+ if(setup) {
+- memcpy( setup, &inbuf[smb_nt_SetupStart], setup_count);
+ DEBUG(10,("reply_nttrans: setup_count = %d\n", setup_count));
+- dump_data(10, setup, setup_count);
++ if ((smb_nt_SetupStart + setup_count < smb_nt_SetupStart) ||
++ (smb_nt_SetupStart + setup_count < setup_count))
++ goto bad_param;
++ if (smb_nt_SetupStart + setup_count > length)
++ goto bad_param;
++
++ memcpy( setup, &inbuf[smb_nt_SetupStart], setup_count);
+ }
+ if(params) {
+- memcpy( params, smb_base(inbuf) + parameter_offset, parameter_count);
+ DEBUG(10,("reply_nttrans: parameter_count = %d\n", parameter_count));
+- dump_data(10, params, parameter_count);
++ if ((parameter_offset + parameter_count < parameter_offset) ||
++ (parameter_offset + parameter_count < parameter_count))
++ goto bad_param;
++ if (smb_base(inbuf) + parameter_offset + parameter_count > inbuf + length)
++ goto bad_param;
++
++ memcpy( params, smb_base(inbuf) + parameter_offset, parameter_count);
+ }
+ if(data) {
+- memcpy( data, smb_base(inbuf) + data_offset, data_count);
+ DEBUG(10,("reply_nttrans: data_count = %d\n",data_count));
+- dump_data(10, data, data_count);
++ if ((data_offset + data_count < data_offset) || (data_offset + data_count < data_count))
++ goto bad_param;
++ if (smb_base(inbuf) + data_offset + data_count > inbuf + length)
++ goto bad_param;
++
++ memcpy( data, smb_base(inbuf) + data_offset, data_count);
++
+ }
+
+ if(num_data_sofar < total_data_count || num_params_sofar < total_parameter_count) {
+ /* We need to send an interim response then receive the rest
+ of the parameter/data bytes */
+ outsize = set_message(outbuf,0,0,True);
+- send_smb(Client,outbuf);
++ if (!send_smb(Client,outbuf))
++ exit_server("reply_nttrans: send_smb failed.");
+
+ while( num_data_sofar < total_data_count || num_params_sofar < total_parameter_count) {
+ BOOL ret;
+-
++ uint32 parameter_displacement;
++ uint32 data_displacement;
++
+ ret = receive_next_smb(inbuf,bufsize,SMB_SECONDARY_WAIT);
+-
++
+ if((ret && (CVAL(inbuf, smb_com) != SMBnttranss)) || !ret) {
+- outsize = set_message(outbuf,0,0,True);
+- if(ret) {
+- DEBUG(0,("reply_nttrans: Invalid secondary nttrans packet\n"));
+- } else {
+- DEBUG(0,("reply_nttrans: %s in getting secondary nttrans response.\n",
+- (smb_read_error == READ_ERROR) ? "error" : "timeout" ));
++ outsize = set_message(outbuf,0,0,True);
++ if(ret) {
++ DEBUG(0,("reply_nttrans: Invalid secondary nttrans packet\n"));
++ } else {
++ DEBUG(0,("reply_nttrans: %s in getting secondary nttrans response.\n",
++ (smb_read_error == READ_ERROR) ? "error" : "timeout" ));
+ }
+- if(params)
+- free(params);
+- if(data)
+- free(data);
+- if(setup)
+- free(setup);
+- return(ERROR(ERRSRV,ERRerror));
++ goto bad_param;
+ }
+
+ /* Revise total_params and total_data in case they have changed downwards */
+- total_parameter_count = IVAL(inbuf, smb_nts_TotalParameterCount);
+- total_data_count = IVAL(inbuf, smb_nts_TotalDataCount);
+- num_params_sofar += (parameter_count = IVAL(inbuf,smb_nts_ParameterCount));
+- num_data_sofar += ( data_count = IVAL(inbuf, smb_nts_DataCount));
+- if (num_params_sofar > total_parameter_count || num_data_sofar > total_data_count)
+- exit_server("reply_nttrans2: data overflow in secondary nttrans packet\n");
+-
+- memcpy( ¶ms[ IVAL(inbuf, smb_nts_ParameterDisplacement)],
+- smb_base(inbuf) + IVAL(inbuf, smb_nts_ParameterOffset), parameter_count);
+- memcpy( &data[IVAL(inbuf, smb_nts_DataDisplacement)],
+- smb_base(inbuf)+ IVAL(inbuf, smb_nts_DataOffset), data_count);
++ if (IVAL(inbuf, smb_nts_TotalParameterCount) < total_parameter_count)
++ total_parameter_count = IVAL(inbuf, smb_nts_TotalParameterCount);
++ if (IVAL(inbuf, smb_nts_TotalDataCount) < total_data_count)
++ total_data_count = IVAL(inbuf, smb_nts_TotalDataCount);
++
++ parameter_count = IVAL(inbuf,smb_nts_ParameterCount);
++ parameter_offset = IVAL(inbuf, smb_nts_ParameterOffset);
++ parameter_displacement = IVAL(inbuf, smb_nts_ParameterDisplacement);
++ num_params_sofar += parameter_count;
++
++ data_count = IVAL(inbuf, smb_nts_DataCount);
++ data_displacement = IVAL(inbuf, smb_nts_DataDisplacement);
++ data_offset = IVAL(inbuf, smb_nts_DataOffset);
++ num_data_sofar += data_count;
++
++ if (num_params_sofar > total_parameter_count || num_data_sofar > total_data_count) {
++ DEBUG(0,("reply_nttrans2: data overflow in secondary nttrans packet"));
++ goto bad_param;
++ }
++
++ if (parameter_count) {
++ if (parameter_displacement + parameter_count >= total_parameter_count)
++ goto bad_param;
++ if ((parameter_displacement + parameter_count < parameter_displacement) ||
++ (parameter_displacement + parameter_count < parameter_count))
++ goto bad_param;
++ if (smb_base(inbuf) + parameter_offset + parameter_count >= inbuf + bufsize)
++ goto bad_param;
++ if (params + parameter_displacement < params)
++ goto bad_param;
++
++ memcpy( ¶ms[parameter_displacement], smb_base(inbuf) + parameter_offset, parameter_count);
++ }
++
++ if (data_count) {
++ if (data_displacement + data_count >= total_data_count)
++ goto bad_param;
++ if ((data_displacement + data_count < data_displacement) ||
++ (data_displacement + data_count < data_count))
++ goto bad_param;
++ if (smb_base(inbuf) + data_offset + data_count >= inbuf + bufsize)
++ goto bad_param;
++ if (data + data_displacement < data)
++ goto bad_param;
++
++ memcpy( &data[data_displacement], smb_base(inbuf)+ data_offset, data_count);
++ }
+ }
+ }
+
+@@ -2714,4 +2765,10 @@
+ return outsize; /* If a correct response was needed the call_nt_transact_xxxx
+ calls have already sent it. If outsize != -1 then it is
+ returning an error packet. */
++ bad_param:
++
++ SAFE_FREE(params);
++ SAFE_FREE(data);
++ SAFE_FREE(setup);
++ return ERROR(ERRDOS,ERRinvalidparam);
+ }
+diff -ur samba-2.0.10/source/smbd/password.c samba-2.0.10-security/source/smbd/password.c
+--- samba-2.0.10/source/smbd/password.c 2000-03-17 01:59:48.000000000 +0300
++++ samba-2.0.10-security/source/smbd/password.c 2005-05-21 21:51:17.336975968 +0400
+@@ -770,7 +770,7 @@
+ if (!ok && lp_username(snum)) {
+ char *auser;
+ pstring user_list;
+- StrnCpy(user_list,lp_username(snum),sizeof(pstring));
++ StrnCpy(user_list,lp_username(snum),sizeof(pstring)-1);
+
+ pstring_sub(user_list,"%S",lp_servicename(snum));
+
+diff -ur samba-2.0.10/source/smbd/reply.c samba-2.0.10-security/source/smbd/reply.c
+--- samba-2.0.10/source/smbd/reply.c 2001-06-23 12:51:24.000000000 +0400
++++ samba-2.0.10-security/source/smbd/reply.c 2005-05-21 21:51:17.378969584 +0400
+@@ -1413,6 +1413,9 @@
+
+ for (i=numentries;(i<maxentries) && !finished;i++)
+ {
++ /* check to make sure we have room in the buffer */
++ if ( ((PTR_DIFF(p, outbuf))+DIR_STRUCT_SIZE) > BUFFER_SIZE )
++ break;
+ finished =
+ !get_dir_entry(conn,mask,dirtype,fname,&size,&mode,&date,check_descend);
+ if (!finished)
+@@ -3122,6 +3125,9 @@
+
+
+ for (i=first;i<first+num_to_get;i++) {
++ /* check to make sure we have room in the buffer */
++ if ( (PTR_DIFF(p, outbuf)+28) > BUFFER_SIZE )
++ break;
+ put_dos_date2(p,0,queue[i].time);
+ CVAL(p,4) = (queue[i].status==LPQ_PRINTING?2:3);
+ SSVAL(p,5,printjob_encode(SNUM(conn),
+diff -ur samba-2.0.10/source/smbd/trans2.c samba-2.0.10-security/source/smbd/trans2.c
+--- samba-2.0.10/source/smbd/trans2.c 2000-04-24 21:27:31.000000000 +0400
++++ samba-2.0.10-security/source/smbd/trans2.c 2005-05-21 21:51:17.402965936 +0400
+@@ -201,7 +201,6 @@
+ int16 open_ofun = SVAL(params,12);
+ int32 open_size = IVAL(params,14);
+ char *pname = ¶ms[28];
+- int16 namelen = strlen(pname)+1;
+
+ pstring fname;
+ mode_t unixmode;
+@@ -213,7 +212,7 @@
+ BOOL bad_path = False;
+ files_struct *fsp;
+
+- StrnCpy(fname,pname,namelen);
++ pstrcpy(fname,pname);
+
+ DEBUG(3,("trans2open %s mode=%d attr=%d ofun=%d size=%d\n",
+ fname,open_mode, open_attr, open_ofun, open_size));
+@@ -2185,7 +2184,7 @@
+ unsigned int suwcnt = SVAL(inbuf, smb_suwcnt);
+ unsigned int tran_call = SVAL(inbuf, smb_setup0);
+ char *params = NULL, *data = NULL;
+- int num_params, num_params_sofar, num_data, num_data_sofar;
++ unsigned int num_params, num_params_sofar, num_data, num_data_sofar;
+
+ if(global_oplock_break && (tran_call == TRANSACT2_OPEN)) {
+ /* Queue this open message as we are the process of an
+@@ -2203,8 +2202,9 @@
+ /* All trans2 messages we handle have smb_sucnt == 1 - ensure this
+ is so as a sanity check */
+ if (suwcnt != 1) {
+- DEBUG(2,("Invalid smb_sucnt in trans2 call\n"));
+- return(ERROR(ERRSRV,ERRerror));
++ DEBUG(2,("Invalid smb_sucnt in trans2 call(%u)\n",suwcnt));
++ DEBUG(2,("Transaction is %d\n",tran_call));
++ ERROR(ERRDOS,ERRinvalidparam);
+ }
+
+ /* Allocate the space for the maximum needed parameters and data */
+@@ -2215,11 +2215,9 @@
+
+ if ((total_params && !params) || (total_data && !data)) {
+ DEBUG(2,("Out of memory in reply_trans2\n"));
+- if(params)
+- free(params);
+- if(data)
+- free(data);
+- return(ERROR(ERRDOS,ERRnomem));
++ SAFE_FREE(params);
++ SAFE_FREE(data);
++ return ERROR(ERRDOS,ERRnomem);
+ }
+
+ /* Copy the param and data bytes sent with this request into
+@@ -2230,20 +2228,37 @@
+ if (num_params > total_params || num_data > total_data)
+ exit_server("invalid params in reply_trans2");
+
+- if(params)
+- memcpy( params, smb_base(inbuf) + SVAL(inbuf, smb_psoff), num_params);
+- if(data)
+- memcpy( data, smb_base(inbuf) + SVAL(inbuf, smb_dsoff), num_data);
++ if(params) {
++ unsigned int psoff = SVAL(inbuf, smb_psoff);
++ if ((psoff + num_params < psoff) || (psoff + num_params < num_params))
++ goto bad_param;
++ if (smb_base(inbuf) + psoff + num_params > inbuf + length)
++ goto bad_param;
++ memcpy( params, smb_base(inbuf) + psoff, num_params);
++ }
++ if(data) {
++ unsigned int dsoff = SVAL(inbuf, smb_dsoff);
++ if ((dsoff + num_data < dsoff) || (dsoff + num_data < num_data))
++ goto bad_param;
++ if (smb_base(inbuf) + dsoff + num_data > inbuf + length)
++ goto bad_param;
++ memcpy( data, smb_base(inbuf) + dsoff, num_data);
++ }
+
+ if(num_data_sofar < total_data || num_params_sofar < total_params) {
+ /* We need to send an interim response then receive the rest
+ of the parameter/data bytes */
+ outsize = set_message(outbuf,0,0,True);
+- send_smb(Client,outbuf);
++ if (!send_smb(Client,outbuf))
++ exit_server("reply_trans2: send_smb failed.");
+
+ while (num_data_sofar < total_data ||
+ num_params_sofar < total_params) {
+ BOOL ret;
++ unsigned int param_disp;
++ unsigned int param_off;
++ unsigned int data_disp;
++ unsigned int data_off;
+
+ ret = receive_next_smb(inbuf,bufsize,SMB_SECONDARY_WAIT);
+
+@@ -2255,26 +2270,55 @@
+ else
+ DEBUG(0,("reply_trans2: %s in getting secondary trans2 response.\n",
+ (smb_read_error == READ_ERROR) ? "error" : "timeout" ));
+- if(params)
+- free(params);
+- if(data)
+- free(data);
+- return(ERROR(ERRSRV,ERRerror));
++ goto bad_param;
+ }
+
+ /* Revise total_params and total_data in case
+ they have changed downwards */
+- total_params = SVAL(inbuf, smb_tpscnt);
+- total_data = SVAL(inbuf, smb_tdscnt);
+- num_params_sofar += (num_params = SVAL(inbuf,smb_spscnt));
+- num_data_sofar += ( num_data = SVAL(inbuf, smb_sdscnt));
++ if (SVAL(inbuf, smb_tpscnt) < total_params)
++ total_params = SVAL(inbuf, smb_tpscnt);
++ if (SVAL(inbuf, smb_tdscnt) < total_data)
++ total_data = SVAL(inbuf, smb_tdscnt);
++
++ num_params = SVAL(inbuf,smb_spscnt);
++ param_off = SVAL(inbuf, smb_spsoff);
++ param_disp = SVAL(inbuf, smb_spsdisp);
++ num_params_sofar += num_params;
++
++ num_data = SVAL(inbuf, smb_sdscnt);
++ data_off = SVAL(inbuf, smb_sdsoff);
++ data_disp = SVAL(inbuf, smb_sdsdisp);
++ num_data_sofar += num_data;
++
+ if (num_params_sofar > total_params || num_data_sofar > total_data)
+- exit_server("data overflow in trans2");
++ goto bad_param;
+
+- memcpy( ¶ms[ SVAL(inbuf, smb_spsdisp)],
+- smb_base(inbuf) + SVAL(inbuf, smb_spsoff), num_params);
+- memcpy( &data[SVAL(inbuf, smb_sdsdisp)],
+- smb_base(inbuf)+ SVAL(inbuf, smb_sdsoff), num_data);
++ if (num_params) {
++ if (param_disp + num_params >= total_params)
++ goto bad_param;
++ if ((param_disp + num_params < param_disp) ||
++ (param_disp + num_params < num_params))
++ goto bad_param;
++ if (smb_base(inbuf) + param_off + num_params >= inbuf + bufsize)
++ goto bad_param;
++ if (params + param_disp < params)
++ goto bad_param;
++
++ memcpy( ¶ms[param_disp], smb_base(inbuf) + param_off, num_params);
++ }
++ if (num_data) {
++ if (data_disp + num_data >= total_data)
++ goto bad_param;
++ if ((data_disp + num_data < data_disp) ||
++ (data_disp + num_data < num_data))
++ goto bad_param;
++ if (smb_base(inbuf) + data_off + num_data >= inbuf + bufsize)
++ goto bad_param;
++ if (data + data_disp < data)
++ goto bad_param;
++
++ memcpy( &data[data_disp], smb_base(inbuf) + data_off, num_data);
++ }
+ }
+ }
+
+@@ -2367,4 +2411,10 @@
+ return outsize; /* If a correct response was needed the
+ call_trans2xxx calls have already sent
+ it. If outsize != -1 then it is returning */
++
++ bad_param:
++
++ SAFE_FREE(params);
++ SAFE_FREE(data);
++ return (ERROR(ERRDOS,ERRinvalidparam));
+ }
--- /dev/null
+--- samba-2.0.10/source/Makefile.in.orig 2005-08-20 20:34:44.000000000 +0200
++++ samba-2.0.10/source/Makefile.in 2005-08-20 20:36:27.000000000 +0200
+@@ -475,11 +475,11 @@
+
+ bin/smbwrapper.@SHLIBEXT@: $(PICOBJS)
+ @echo Linking shared library $@
+- @$(LD) @LDSHFLAGS@ -o $@ $(PICOBJS) $(LIBS)
++ @$(LD) @LDSHFLAGS@ -o $@ $(PICOBJS) $(LDFLAGS) $(LIBS)
+
+ bin/smbwrapper.32.@SHLIBEXT@: $(PICOBJS32)
+ @echo Linking shared library $@
+- @$(LD) -32 @LDSHFLAGS@ -o $@ $(PICOBJS32) $(LIBS)
++ @$(LD) -32 @LDSHFLAGS@ -o $@ $(PICOBJS32) $(LDFLAGS) $(LIBS)
+
+ bin/smbsh: $(SMBSH_OBJ) bin/.dummy
+ @echo Linking $@
+@@ -487,7 +487,7 @@
+
+ bin/libsmb.@SHLIBEXT@: $(LIBSMB_PICOBJS) bin/.dummy
+ @echo Linking shared library $@
+- @$(LD) @LDSHFLAGS@ -o $@ $(LIBSMB_PICOBJS) $(LIBS)
++ @$(LD) @LDSHFLAGS@ -o $@ $(LIBSMB_PICOBJS) $(LDFLAGS) $(LIBS)
+
+ install: installbin installman installscripts installcp installswat
+
--- /dev/null
+diff -ruN samba-2.0.10-old/source/Makefile.in samba-2.0.10-new/source/Makefile.in
+--- samba-2.0.10-old/source/Makefile.in 2005-08-22 03:03:17.000000000 +0200
++++ samba-2.0.10-new/source/Makefile.in 2005-08-22 03:08:23.000000000 +0200
+@@ -31,6 +31,8 @@
+ MANDIR = @mandir@
+ SAMBABOOK = @sambabook@
+
++CONFIGDIR = @sysconfdir@
++
+ # The permissions to give the executables
+ INSTALLPERMS = 0755
+
+@@ -39,9 +41,9 @@
+ # or in smb.conf (see smb.conf(5))
+ SMBLOGFILE = $(VARDIR)/smb
+ NMBLOGFILE = $(VARDIR)/nmb
+-CONFIGFILE = $(LIBDIR)/smb.conf
+-LMHOSTSFILE = $(LIBDIR)/lmhosts
+-DRIVERFILE = $(LIBDIR)/printers.def
++CONFIGFILE = $(CONFIGDIR)/smb.conf
++LMHOSTSFILE = $(CONFIGDIR)/lmhosts
++DRIVERFILE = $(CONFIGDIR)/printers.def
+ PASSWD_PROGRAM = /bin/passwd
+ # This is where smbpasswd et al go
+ PRIVATEDIR = @privatedir@
projects / openwrt / openwrt.git / commitdiff