diff -urN samba-2.0.6.orig/source/include/proto.h samba-2.0.6/source/include/proto.h --- samba-2.0.6.orig/source/include/proto.h Thu Nov 11 03:36:01 1999 +++ samba-2.0.6/source/include/proto.h Thu Dec 9 13:39:16 1999 @@ -1014,6 +1014,8 @@ char *lp_remote_browse_sync(void); char *lp_wins_server(void); char *lp_interfaces(void); +char *lp_sysv_shm_key(void); +char *lp_codepagedir(void); char *lp_socket_address(void); char *lp_nis_home_map_name(void); char *lp_netbios_aliases(void); diff -urN samba-2.0.6.orig/source/lib/charset.c samba-2.0.6/source/lib/charset.c --- samba-2.0.6.orig/source/lib/charset.c Wed Oct 13 07:26:48 1999 +++ samba-2.0.6/source/lib/charset.c Thu Dec 9 13:39:16 1999 @@ -192,16 +192,18 @@ SMB_OFF_T size; codepage_p cp_p = NULL; SMB_STRUCT_STAT st; - + char* codepagedir; + DEBUG(5, ("load_client_codepage: loading codepage %d.\n", client_codepage)); - if(strlen(CODEPAGEDIR) + 14 > sizeof(codepage_file_name)) + codepagedir = lp_codepagedir(); + if(strlen(codepagedir) + 14 > sizeof(codepage_file_name)) { DEBUG(0,("load_client_codepage: filename too long to load\n")); return NULL; } - pstrcpy(codepage_file_name, CODEPAGEDIR); + pstrcpy(codepage_file_name, codepagedir); pstrcat(codepage_file_name, "/"); pstrcat(codepage_file_name, "codepage."); slprintf(&codepage_file_name[strlen(codepage_file_name)], @@ -348,13 +350,13 @@ #ifdef KANJI DEBUG(6,("codepage_initialise: loading dynamic codepage file %s/codepage.%d \ for code page %d failed. Using default client codepage 932\n", - CODEPAGEDIR, client_codepage, client_codepage)); + lp_codepagedir(), client_codepage, client_codepage)); cp = cp_932; client_codepage = KANJI_CODEPAGE; #else /* KANJI */ DEBUG(6,("codepage_initialise: loading dynamic codepage file %s/codepage.%d \ for code page %d failed. Using default client codepage 850\n", - CODEPAGEDIR, client_codepage, client_codepage)); + lp_codepagedir(), client_codepage, client_codepage)); cp = cp_850; client_codepage = MSDOS_LATIN_1_CODEPAGE; #endif /* KANJI */ diff -urN samba-2.0.6.orig/source/locking/shmem_sysv.c samba-2.0.6/source/locking/shmem_sysv.c --- samba-2.0.6.orig/source/locking/shmem_sysv.c Wed Oct 13 07:26:51 1999 +++ samba-2.0.6/source/locking/shmem_sysv.c Thu Dec 9 13:39:16 1999 @@ -27,9 +27,6 @@ extern int DEBUGLEVEL; -#define SHMEM_KEY ((key_t)0x280267) -#define SEMAPHORE_KEY (SHMEM_KEY+2) - #define SHM_MAGIC 0x53484100 #define SHM_VERSION 2 @@ -51,6 +48,18 @@ #define SHMEM_HASH_SIZE 13 #define MIN_SHM_SIZE 0x1000 + +key_t get_shm_key(void) { + char* f; + + f = lp_sysv_shm_key(); + if (f && *f) + return ftok(f, 0x5B); + return (key_t)0x280267; +} +#define SHMEM_KEY (get_shm_key()) +#define SEMAPHORE_KEY (SHMEM_KEY+2) + static int shm_id; static int sem_id; diff -urN samba-2.0.6.orig/source/param/loadparm.c samba-2.0.6/source/param/loadparm.c --- samba-2.0.6.orig/source/param/loadparm.c Thu Nov 11 03:36:05 1999 +++ samba-2.0.6/source/param/loadparm.c Thu Dec 9 13:39:16 1999 @@ -244,6 +244,8 @@ BOOL bDebugHiresTimestamp; BOOL bDebugPid; BOOL bDebugUid; + char *szSysVkey; + char *szCodepagedir; /* This is initialised in init_globals */ } global; static global Globals; @@ -544,6 +546,8 @@ {"interfaces", P_STRING, P_GLOBAL, &Globals.szInterfaces, NULL, NULL, FLAG_BASIC}, {"bind interfaces only", P_BOOL,P_GLOBAL, &Globals.bBindInterfacesOnly,NULL, NULL, 0}, + {"sysv shm key", P_STRING, P_GLOBAL, &Globals.szSysVkey, NULL, NULL, 0}, + {"codepage dir", P_STRING, P_GLOBAL, &Globals.szCodepagedir, NULL, NULL, 0}, {"Security Options", P_SEP, P_SEPARATOR}, {"security", P_ENUM, P_GLOBAL, &Globals.security, NULL, enum_security, FLAG_BASIC}, {"encrypt passwords",P_BOOL, P_GLOBAL, &Globals.bEncryptPasswords, NULL, NULL, FLAG_BASIC}, @@ -894,6 +898,8 @@ string_set(&Globals.szNameResolveOrder, "lmhosts host wins bcast"); + string_set(&Globals.szCodepagedir, CODEPAGEDIR); + Globals.bLoadPrinters = True; Globals.bUseRhosts = False; Globals.max_packet = 65535; @@ -1192,6 +1198,8 @@ FN_GLOBAL_STRING(lp_remote_browse_sync,&Globals.szRemoteBrowseSync) FN_GLOBAL_STRING(lp_wins_server,&Globals.szWINSserver) FN_GLOBAL_STRING(lp_interfaces,&Globals.szInterfaces) +FN_GLOBAL_STRING(lp_sysv_shm_key,&Globals.szSysVkey); +FN_GLOBAL_STRING(lp_codepagedir,&Globals.szCodepagedir); FN_GLOBAL_STRING(lp_socket_address,&Globals.szSocketAddress) FN_GLOBAL_STRING(lp_nis_home_map_name,&Globals.szNISHomeMapName) static FN_GLOBAL_STRING(lp_announce_version,&Globals.szAnnounceVersion) diff -urN samba-2.0.6.orig/source/run_cfg samba-2.0.6/source/run_cfg --- samba-2.0.6.orig/source/run_cfg Thu Jan 1 01:00:00 1970 +++ samba-2.0.6/source/run_cfg Thu Dec 9 13:39:16 1999 @@ -0,0 +1,2 @@ +#! /bin/sh +./configure --with-automount --with-smbmount --with-mmap --with-syslog --with-netatalk --with-quotas diff -urN samba-2.0.6.orig/source/utils/smbpasswd.c samba-2.0.6/source/utils/smbpasswd.c --- samba-2.0.6.orig/source/utils/smbpasswd.c Wed Oct 13 07:27:03 1999 +++ samba-2.0.6/source/utils/smbpasswd.c Thu Dec 9 13:39:16 1999 @@ -58,6 +58,7 @@ printf(" -D LEVEL debug level\n"); printf(" -U USER remote username\n"); printf(" -r MACHINE remote machine\n"); + printf(" -l CONFIGFILE samba configuration file\n"); if (getuid() == 0) { printf(" -R ORDER name resolve order\n"); @@ -258,84 +259,45 @@ /************************************************************* handle password changing for root *************************************************************/ -static int process_root(int argc, char *argv[]) + +struct nonroot_opts { + char *remote_machine; + BOOL stdin_passwd_get; + char *user_name; +}; + +struct root_opts { + BOOL joining_domain; + BOOL trust_account; + BOOL add_user; + BOOL disable_user; + BOOL enable_user; + BOOL set_no_password; + char *new_domain; + char *new_passwd; + char *resolve_order; +}; + +static int process_root(int argc, char *argv[], struct nonroot_opts* nro, struct root_opts* ro) { struct passwd *pwd; int ch; - BOOL joining_domain = False; - BOOL trust_account = False; - BOOL add_user = False; - BOOL disable_user = False; - BOOL enable_user = False; - BOOL set_no_password = False; - BOOL stdin_passwd_get = False; - char *user_name = NULL; - char *new_domain = NULL; - char *new_passwd = NULL; char *old_passwd = NULL; - char *remote_machine = NULL; - - while ((ch = getopt(argc, argv, "adehmnj:r:sR:D:U:")) != EOF) { - switch(ch) { - case 'a': - add_user = True; - break; - case 'd': - disable_user = True; - new_passwd = "XXXXXX"; - break; - case 'e': - enable_user = True; - break; - case 'D': - DEBUGLEVEL = atoi(optarg); - break; - case 'n': - set_no_password = True; - new_passwd = "NO PASSWORD"; - case 'r': - remote_machine = optarg; - break; - case 's': - set_line_buffering(stdin); - set_line_buffering(stdout); - set_line_buffering(stderr); - stdin_passwd_get = True; - break; - case 'R': - lp_set_name_resolve_order(optarg); - break; - case 'm': - trust_account = True; - break; - case 'j': - new_domain = optarg; - strupper(new_domain); - joining_domain = True; - break; - case 'U': - user_name = optarg; - break; - default: - usage(); - } - } - - argc -= optind; - argv += optind; + if (ro->resolve_order) + lp_set_name_resolve_order(optarg); /* * Ensure add_user and either remote machine or join domain are * not both set. */ - if(add_user && ((remote_machine != NULL) || joining_domain)) { + if(ro->add_user && ((nro->remote_machine != NULL) || ro->joining_domain)) { usage(); } - if(joining_domain) { + if(ro->joining_domain) { if (argc != 0) usage(); - return join_domain(new_domain, remote_machine); + return join_domain(ro->new_domain, nro->remote_machine); } /* @@ -346,26 +308,26 @@ case 0: break; case 1: - user_name = argv[0]; + nro->user_name = argv[0]; break; case 2: - user_name = argv[0]; - new_passwd = argv[1]; + nro->user_name = argv[0]; + ro->new_passwd = argv[1]; break; default: usage(); } - if (!user_name && (pwd = sys_getpwuid(0))) { - user_name = xstrdup(pwd->pw_name); + if (!nro->user_name && (pwd = sys_getpwuid(0))) { + nro->user_name = xstrdup(pwd->pw_name); } - if (!user_name) { + if (!nro->user_name) { fprintf(stderr,"You must specify a username\n"); exit(1); } - if (trust_account) { + if (ro->trust_account) { /* add the $ automatically */ static fstring buf; @@ -374,13 +336,13 @@ * generate the initial machine password. */ - if (user_name[strlen(user_name)-1] == '$') { - user_name[strlen(user_name)-1] = 0; + if (nro->user_name[strlen(nro->user_name)-1] == '$') { + nro->user_name[strlen(nro->user_name)-1] = 0; } - if (add_user) { - new_passwd = xstrdup(user_name); - strlower(new_passwd); + if (ro->add_user) { + ro->new_passwd = xstrdup(nro->user_name); + strlower(ro->new_passwd); } /* @@ -388,21 +350,21 @@ * the machine add. */ - slprintf(buf, sizeof(buf)-1, "%s$", user_name); - user_name = buf; + slprintf(buf, sizeof(buf)-1, "%s$", nro->user_name); + nro->user_name = buf; } - if (!remote_machine && !Get_Pwnam(user_name, True)) { + if (!nro->remote_machine && !Get_Pwnam(nro->user_name, True)) { fprintf(stderr, "User \"%s\" was not found in system password file.\n", - user_name); + nro->user_name); exit(1); } - if (remote_machine != NULL) { - old_passwd = get_pass("Old SMB password:",stdin_passwd_get); + if (nro->remote_machine != NULL) { + old_passwd = get_pass("Old SMB password:",nro->stdin_passwd_get); } - if (!new_passwd) { + if (!ro->new_passwd) { /* * If we are trying to enable a user, first we need to find out @@ -413,38 +375,38 @@ * smbpasswd file) then we need to prompt for a new password. */ - if(enable_user) { - struct smb_passwd *smb_pass = getsmbpwnam(user_name); + if(ro->enable_user) { + struct smb_passwd *smb_pass = getsmbpwnam(nro->user_name); if((smb_pass != NULL) && (smb_pass->smb_passwd != NULL)) { - new_passwd = "XXXX"; /* Don't care. */ + ro->new_passwd = "XXXX"; /* Don't care. */ } } - if(!new_passwd) - new_passwd = prompt_for_new_password(stdin_passwd_get); + if(!ro->new_passwd) + ro->new_passwd = prompt_for_new_password(nro->stdin_passwd_get); - if(!new_passwd) { + if(!ro->new_passwd) { fprintf(stderr, "Unable to get new password.\n"); exit(1); } } - if (!password_change(remote_machine, user_name, old_passwd, new_passwd, - add_user, enable_user, disable_user, set_no_password, - trust_account)) { - fprintf(stderr,"Failed to change password entry for %s\n", user_name); + if (!password_change(nro->remote_machine, nro->user_name, old_passwd, ro->new_passwd, + ro->add_user, ro->enable_user, ro->disable_user, ro->set_no_password, + ro->trust_account)) { + fprintf(stderr,"Failed to change password entry for %s\n", nro->user_name); return 1; } - if(disable_user) { - printf("User %s disabled.\n", user_name); - } else if(enable_user) { - printf("User %s enabled.\n", user_name); - } else if (set_no_password) { - printf("User %s - set to no password.\n", user_name); + if(ro->disable_user) { + printf("User %s disabled.\n", nro->user_name); + } else if(ro->enable_user) { + printf("User %s enabled.\n", nro->user_name); + } else if (ro->set_no_password) { + printf("User %s - set to no password.\n", nro->user_name); } else { - struct smb_passwd *smb_pass = getsmbpwnam(user_name); - printf("Password changed for user %s.", user_name ); + struct smb_passwd *smb_pass = getsmbpwnam(nro->user_name); + printf("Password changed for user %s.", nro->user_name ); if((smb_pass != NULL) && (smb_pass->acct_ctrl & ACB_DISABLED )) printf(" User has disabled flag set."); if((smb_pass != NULL) && (smb_pass->acct_ctrl & ACB_PWNOTREQ)) @@ -458,41 +420,13 @@ /************************************************************* handle password changing for non-root *************************************************************/ -static int process_nonroot(int argc, char *argv[]) +static int process_nonroot(int argc, char *argv[], struct nonroot_opts* nro) { struct passwd *pwd = NULL; int ch; - BOOL stdin_passwd_get = False; char *old_passwd = NULL; - char *remote_machine = NULL; - char *user_name = NULL; char *new_passwd = NULL; - while ((ch = getopt(argc, argv, "hD:r:sU:")) != EOF) { - switch(ch) { - case 'D': - DEBUGLEVEL = atoi(optarg); - break; - case 'r': - remote_machine = optarg; - break; - case 's': - set_line_buffering(stdin); - set_line_buffering(stdout); - set_line_buffering(stderr); - stdin_passwd_get = True; - break; - case 'U': - user_name = optarg; - break; - default: - usage(); - } - } - - argc -= optind; - argv += optind; - if(argc > 1) { usage(); } @@ -501,10 +435,10 @@ new_passwd = argv[0]; } - if (!user_name) { + if (!nro->user_name) { pwd = sys_getpwuid(getuid()); if (pwd) { - user_name = xstrdup(pwd->pw_name); + nro->user_name = xstrdup(pwd->pw_name); } else { fprintf(stderr,"you don't exist - go away\n"); exit(1); @@ -516,17 +450,17 @@ * via a remote machine (even if that machine is * localhost). */ - if (remote_machine == NULL) { - remote_machine = "127.0.0.1"; + if (nro->remote_machine == NULL) { + nro->remote_machine = "127.0.0.1"; } - if (remote_machine != NULL) { - old_passwd = get_pass("Old SMB password:",stdin_passwd_get); + if (nro->remote_machine != NULL) { + old_passwd = get_pass("Old SMB password:",nro->stdin_passwd_get); } if (!new_passwd) { - new_passwd = prompt_for_new_password(stdin_passwd_get); + new_passwd = prompt_for_new_password(nro->stdin_passwd_get); } if (!new_passwd) { @@ -534,13 +468,13 @@ exit(1); } - if (!password_change(remote_machine, user_name, old_passwd, new_passwd, + if (!password_change(nro->remote_machine, nro->user_name, old_passwd, new_passwd, False, False, False, False, False)) { - fprintf(stderr,"Failed to change password for %s\n", user_name); + fprintf(stderr,"Failed to change password for %s\n", nro->user_name); return 1; } - printf("Password changed for user %s\n", user_name); + printf("Password changed for user %s\n", nro->user_name); return 0; } @@ -552,11 +486,19 @@ int main(int argc, char **argv) { static pstring servicesf = CONFIGFILE; - + struct nonroot_opts nro; + struct root_opts ro; + int ch; + const char* optchars; + int root; + #if defined(HAVE_SET_AUTH_PARAMETERS) set_auth_parameters(argc, argv); #endif /* HAVE_SET_AUTH_PARAMETERS */ + memset(&nro, 0, sizeof(nro)); + memset(&ro, 0, sizeof(ro)); + TimeInit(); setup_logging("smbpasswd", True); @@ -568,6 +510,68 @@ exit(1); } + /* Check the effective uid - make sure we are not setuid */ + if ((geteuid() == (uid_t)0) && (getuid() != (uid_t)0)) { + fprintf(stderr, "smbpasswd must *NOT* be setuid root.\n"); + exit(1); + } + + root = getuid() == 0; + optchars = root?"l:hD:r:sUademnj:R:":"l:hD:r:sU:"; + while ((ch = getopt(argc, argv, optchars)) != EOF) { + switch(ch) { + case 'D': + DEBUGLEVEL = atoi(optarg); + break; + case 'r': + nro.remote_machine = optarg; + break; + case 's': + set_line_buffering(stdin); + set_line_buffering(stdout); + set_line_buffering(stderr); + nro.stdin_passwd_get = True; + break; + case 'U': + nro.user_name = optarg; + break; + case 'l': + pstrcpy(servicesf, optarg); + break; + + case 'a': + ro.add_user = True; + break; + case 'd': + ro.disable_user = True; + ro.new_passwd = "XXXXXX"; + break; + case 'e': + ro.enable_user = True; + break; + case 'n': + ro.set_no_password = True; + ro.new_passwd = "NO PASSWORD"; + break; + case 'R': + ro.resolve_order = optarg; + break; + case 'm': + ro.trust_account = True; + break; + case 'j': + ro.new_domain = optarg; + strupper(ro.new_domain); + ro.joining_domain = True; + break; + default: + usage(); + } + } + + argc -= optind; + argv += optind; + if (!lp_load(servicesf,True,False,False)) { fprintf(stderr, "Can't load %s - run testparm to debug it\n", servicesf); @@ -591,15 +595,9 @@ load_interfaces(); - /* Check the effective uid - make sure we are not setuid */ - if ((geteuid() == (uid_t)0) && (getuid() != (uid_t)0)) { - fprintf(stderr, "smbpasswd must *NOT* be setuid root.\n"); - exit(1); - } - - if (getuid() == 0) { - return process_root(argc, argv); + if (root) { + return process_root(argc, argv, &nro, &ro); } - return process_nonroot(argc, argv); + return process_nonroot(argc, argv, &nro); }