Index: samba-3.0.37/source/auth/auth_util.c =================================================================== --- samba-3.0.37.orig/source/auth/auth_util.c 2009-09-30 14:21:56.000000000 +0200 +++ samba-3.0.37/source/auth/auth_util.c 2011-08-09 00:02:34.854444169 +0200 @@ -2284,18 +2284,20 @@ /* The only other possible result is that winbind is not up and running. We need to update the trustdom_cache ourselves */ - +#ifndef AVM_SMALLER update_trustdom_cache(); +#endif } /* now the trustdom cache should be available a DC could still * have a transitive trust so fall back to the cache of trusted * domains (like a domain member would use */ +#ifndef AVM_SMALLER if ( trustdom_cache_fetch(dom_name, &trustdom_sid) ) { return True; } - +#endif return False; } Index: samba-3.0.37/source/include/local.h =================================================================== --- samba-3.0.37.orig/source/include/local.h 2009-09-30 14:21:56.000000000 +0200 +++ samba-3.0.37/source/include/local.h 2011-08-09 00:02:34.854444169 +0200 @@ -49,7 +49,8 @@ #define MAX_DIRECTORY_HANDLES 2048 /* maximum number of file caches per smbd */ -#define MAX_WRITE_CACHES 10 +/* #define MAX_WRITE_CACHES 10 */ +#define MAX_WRITE_CACHES 2 /* AVM */ /* define what facility to use for syslog */ #ifndef SYSLOG_FACILITY Index: samba-3.0.37/source/lib/iconv.c =================================================================== --- samba-3.0.37.orig/source/lib/iconv.c 2009-09-30 14:21:56.000000000 +0200 +++ samba-3.0.37/source/lib/iconv.c 2011-08-09 00:02:34.854444169 +0200 @@ -385,7 +385,10 @@ while (*inbytesleft >= 2 && *outbytesleft >= 1) { (*outbuf)[0] = (*inbuf)[0]; - if ((*inbuf)[1]) ir_count++; + if ((*inbuf)[1]) { + ir_count++; + (*outbuf)[0] = '_'; // AVM + } (*inbytesleft) -= 2; (*outbytesleft) -= 1; (*inbuf) += 2; Index: samba-3.0.37/source/lib/pidfile.c =================================================================== --- samba-3.0.37.orig/source/lib/pidfile.c 2009-09-30 14:21:56.000000000 +0200 +++ samba-3.0.37/source/lib/pidfile.c 2011-08-09 00:02:34.854444169 +0200 @@ -87,6 +87,7 @@ pstring pidFile; pid_t pid; +#if 0 /* AVM */ /* Add a suffix to the program name if this is a process with a * none default configuration file name. */ if (strcmp( CONFIGFILE, dyn_CONFIGFILE) == 0) { @@ -103,6 +104,9 @@ slprintf( name, sizeof( name)-1, "%s-%s", program_name, short_configfile ); } +#else + strncpy( name, program_name, sizeof( name)-1); +#endif slprintf(pidFile, sizeof(pidFile)-1, "%s/%s.pid", lp_piddir(), name); Index: samba-3.0.37/source/lib/system.c =================================================================== --- samba-3.0.37.orig/source/lib/system.c 2009-09-30 14:21:56.000000000 +0200 +++ samba-3.0.37/source/lib/system.c 2011-08-09 00:02:34.864444169 +0200 @@ -1499,7 +1499,11 @@ void *sys_dlopen(const char *name, int flags) { #if defined(HAVE_DLOPEN) +#if 1 /* FRITZBOX */ + return NULL; +#else return dlopen(name, flags); +#endif #else return NULL; #endif Index: samba-3.0.37/source/lib/util.c =================================================================== --- samba-3.0.37.orig/source/lib/util.c 2009-09-30 14:21:56.000000000 +0200 +++ samba-3.0.37/source/lib/util.c 2011-08-09 00:02:34.864444169 +0200 @@ -301,7 +301,11 @@ char *p; if ((p = getenv("TMPDIR"))) return p; +#if 0 /* AVM */ + return "/var/tmp"; +#else return "/tmp"; +#endif } /**************************************************************************** Index: samba-3.0.37/source/libsmb/clifile.c =================================================================== --- samba-3.0.37.orig/source/libsmb/clifile.c 2009-09-30 14:21:56.000000000 +0200 +++ samba-3.0.37/source/libsmb/clifile.c 2011-08-09 00:02:34.864444169 +0200 @@ -21,6 +21,8 @@ #include "includes.h" +#ifndef AVM_SMALLER + /**************************************************************************** Hard/Symlink a file (UNIX extensions). Creates new name (sym)linked to oldname. @@ -71,6 +73,9 @@ return True; } +#endif /* AVM_SMALLER */ + + /**************************************************************************** Map standard UNIX permissions onto wire representations. ****************************************************************************/ @@ -165,6 +170,9 @@ } } + +#ifndef AVM_SMALLER + /**************************************************************************** Do a POSIX getfacl (UNIX extensions). ****************************************************************************/ @@ -647,6 +655,7 @@ return True; } +#endif /* AVM_SMALLER */ /**************************************************************************** Open a file - exposing the full horror of the NT API :-). @@ -718,6 +727,7 @@ FILE_SHARE_READ|FILE_SHARE_WRITE, FILE_OPEN, 0x0, 0x0); } +#ifndef AVM_SMALLER /**************************************************************************** Open a file WARNING: if you open with O_WRONLY then getattrE won't work! @@ -796,6 +806,7 @@ return SVAL(cli->inbuf,smb_vwv2); } +#endif /* AVM_SMALLER */ /**************************************************************************** Close a file. @@ -823,6 +834,7 @@ return !cli_is_error(cli); } +#ifndef AVM_SMALLER /**************************************************************************** send a lock with a specified locktype @@ -1972,3 +1984,6 @@ { return cli_posix_unlink_internal(cli, fname, True); } + +#endif /* AVM_SMALLER */ + Index: samba-3.0.37/source/libsmb/namequery.c =================================================================== --- samba-3.0.37.orig/source/libsmb/namequery.c 2009-09-30 14:21:56.000000000 +0200 +++ samba-3.0.37/source/libsmb/namequery.c 2011-08-09 00:02:34.864444169 +0200 @@ -1114,6 +1114,7 @@ const char *sitename, struct ip_service **return_iplist, int *return_count) { +#ifdef HAVE_ADS int i, j; NTSTATUS status; TALLOC_CTX *ctx; @@ -1194,6 +1195,9 @@ talloc_destroy(ctx); return True; +#else /* HAVE_ADS */ + return False; +#endif } /******************************************************************* Index: samba-3.0.37/source/libsmb/namequery_dc.c =================================================================== --- samba-3.0.37.orig/source/libsmb/namequery_dc.c 2009-09-30 14:21:56.000000000 +0200 +++ samba-3.0.37/source/libsmb/namequery_dc.c 2011-08-09 00:02:34.864444169 +0200 @@ -52,6 +52,9 @@ struct in_addr *dc_ip, fstring srv_name) { +#if 1 /* AVM */ + return False; +#else ADS_STRUCT *ads; char *sitename; int i; @@ -139,6 +142,7 @@ srv_name, inet_ntoa(*dc_ip))); return True; +#endif /* AVM */ } /**************************************************************************** Index: samba-3.0.37/source/modules/vfs_default.c =================================================================== --- samba-3.0.37.orig/source/modules/vfs_default.c 2009-09-30 14:21:56.000000000 +0200 +++ samba-3.0.37/source/modules/vfs_default.c 2011-08-09 14:13:37.593167315 +0200 @@ -24,6 +24,78 @@ #undef DBGC_CLASS #define DBGC_CLASS DBGC_VFS +// AVM_SEC - avoid following NTFS symbolic links to "not allowed places" +// #define AVM_SEC + + +#ifdef AVM_SEC +static int IsAllowed(const char *pa) +{ + // only allow access below /var/media/ftp/ + + if (!pa) return 0; + +Log(("IsAllowed: checking %s", pa)); + + char *path = strdup(pa); + if (!path) goto no; + + char buf[4096]; + int ret; + char *p = &path[strlen(path)]; + char c = *p; + do { + if (path[0] == '\0') { + if (0 == getcwd(buf, sizeof(buf))) { + *p = c; + goto no; // failed - not allowed + } + ret = 0; + } else { + if (0 == realpath(path, buf)) ret = -1; + else ret = 0; + } + if (ret) { + // realpath failed - remove prev path component + *p = c; + while(p > path && *(p-1) != '/') p--; + if (p <= path) { + p = path; + } else { + p--; + } + c = *p; + *p = '\0'; + } + } while(ret); + + *p = c; + +#if 0 // TODO + // weitere pfadkompontenen // /./ und /../ auswerten + // assert (*p ist '\0' oder '/') + while(*p != '\0') { + xxx + } +#endif + + if (buf != strstr(buf, "/var/media/ftp")) goto no; + c = buf[strlen("/var/media/ftp")]; + if (c != '/' && c != '\0') goto no; + +Log(("IsAllowed: %s ok", pa)); + if (path) free(path); + return 1; + +no: + Log(("IsAllowed: %s not allowed", pa ? pa : "(null)")); + if (path) free(path); + return 0; +} +#endif + + + /* Check for NULL pointer parameters in vfswrap_* functions */ /* We don't want to have NULL function pointers lying around. Someone @@ -88,6 +160,10 @@ static int vfswrap_statvfs(struct vfs_handle_struct *handle, const char *path, vfs_statvfs_struct *statbuf) { +#ifdef AVM_SEC + if (!IsAllowed(path)) { errno = EACCES; return -1; } +#endif + return sys_statvfs(path, statbuf); } @@ -97,6 +173,10 @@ { SMB_STRUCT_DIR *result; +#ifdef AVM_SEC + if (!IsAllowed(fname)) { errno = EACCES; return 0; } +#endif + START_PROFILE(syscall_opendir); result = sys_opendir(fname); END_PROFILE(syscall_opendir); @@ -141,6 +221,10 @@ int result; BOOL has_dacl = False; +#ifdef AVM_SEC + if (!IsAllowed(path)) { errno = EACCES; return -1; } +#endif + START_PROFILE(syscall_mkdir); if (lp_inherit_acls(SNUM(handle->conn)) && (has_dacl = directory_has_default_acl(handle->conn, parent_dirname(path)))) @@ -169,6 +253,10 @@ { int result; +#ifdef AVM_SEC + if (!IsAllowed(path)) { errno = EACCES; return -1; } +#endif + START_PROFILE(syscall_rmdir); result = rmdir(path); END_PROFILE(syscall_rmdir); @@ -192,6 +280,10 @@ { int result; +#ifdef AVM_SEC + if (!IsAllowed(fname)) { errno = EACCES; return -1; } +#endif + START_PROFILE(syscall_open); result = sys_open(fname, flags, mode); END_PROFILE(syscall_open); @@ -361,6 +453,11 @@ int ifd = -1; int ofd = -1; +#ifdef AVM_SEC + if (!IsAllowed(source)) { errno = EACCES; return -1; } + if (!IsAllowed(dest)) { errno = EACCES; return -1; } +#endif + if (sys_lstat (source, &source_stats) == -1) return -1; @@ -442,6 +539,11 @@ { int result; +#ifdef AVM_SEC + if (!IsAllowed(oldname)) { errno = EACCES; return -1; } + if (!IsAllowed(newname)) { errno = EACCES; return -1; } +#endif + START_PROFILE(syscall_rename); result = rename(oldname, newname); if ((result == -1) && (errno == EXDEV)) { @@ -471,6 +573,10 @@ { int result; +#ifdef AVM_SEC + if (!IsAllowed(fname)) { errno = EACCES; return -1; } +#endif + START_PROFILE(syscall_stat); result = sys_stat(fname, sbuf); END_PROFILE(syscall_stat); @@ -491,6 +597,10 @@ { int result; +#ifdef AVM_SEC + if (!IsAllowed(path)) { errno = EACCES; return -1; } +#endif + START_PROFILE(syscall_lstat); result = sys_lstat(path, sbuf); END_PROFILE(syscall_lstat); @@ -501,6 +611,10 @@ { int result; +#ifdef AVM_SEC + if (!IsAllowed(path)) { errno = EACCES; return -1; } +#endif + START_PROFILE(syscall_unlink); result = unlink(path); END_PROFILE(syscall_unlink); @@ -511,6 +625,10 @@ { int result; +#ifdef AVM_SEC + if (!IsAllowed(path)) { errno = EACCES; return -1; } +#endif + START_PROFILE(syscall_chmod); /* @@ -572,6 +690,10 @@ { int result; +#ifdef AVM_SEC + if (!IsAllowed(path)) { errno = EACCES; return -1; } +#endif + START_PROFILE(syscall_chown); result = sys_chown(path, uid, gid); END_PROFILE(syscall_chown); @@ -597,6 +719,10 @@ { int result; +#ifdef AVM_SEC + if (!IsAllowed(path)) { errno = EACCES; return -1; } +#endif + START_PROFILE(syscall_chdir); result = chdir(path); END_PROFILE(syscall_chdir); @@ -717,6 +843,44 @@ return result; } +#if 1 // AVM patch - don't growth the file (too much time and RAM for copy of large files to USB1.1 FAT filesystem) + { + SMB_BIG_UINT big_len = len; + + result = SMB_VFS_FSTAT(fsp,fsp->fh->fd,&st); + if (result == -1) { + goto done; + } + + if (big_len == (SMB_BIG_UINT)st.st_size) { + result = 0; + goto done; + } + + if (big_len > (SMB_BIG_UINT)st.st_size) { + SMB_BIG_UINT space_avail; + SMB_BIG_UINT bsize,dfree,dsize; + big_len -= st.st_size; + big_len /= 1024; /* Len is now number of 1k blocks needed. */ + space_avail = SMB_VFS_DISK_FREE(fsp->conn ,fsp->fsp_name,False,&bsize,&dfree,&dsize); + if (space_avail == (SMB_BIG_UINT)-1) { + result = -1; + goto done; + } + + if (big_len > space_avail) { + errno = ENOSPC; + result = -1; + goto done; + } + + // do nothing to be fast! + result = 0; + goto done; + } + } // block +#endif // AVM Patch + /* we used to just check HAVE_FTRUNCATE_EXTEND and only use sys_ftruncate if the system supports it. Then I discovered that you can have some filesystems that support ftruncate @@ -830,6 +994,11 @@ { int result; +#ifdef AVM_SEC + if (!IsAllowed(oldpath)) { errno = EACCES; return -1; } + if (!IsAllowed(newpath)) { errno = EACCES; return -1; } +#endif + START_PROFILE(syscall_symlink); result = sys_symlink(oldpath, newpath); END_PROFILE(syscall_symlink); @@ -840,6 +1009,10 @@ { int result; +#ifdef AVM_SEC + if (!IsAllowed(path)) { errno = EACCES; return -1; } +#endif + START_PROFILE(syscall_readlink); result = sys_readlink(path, buf, bufsiz); END_PROFILE(syscall_readlink); @@ -850,6 +1023,11 @@ { int result; +#ifdef AVM_SEC + if (!IsAllowed(oldpath)) { errno = EACCES; return -1; } + if (!IsAllowed(newpath)) { errno = EACCES; return -1; } +#endif + START_PROFILE(syscall_link); result = sys_link(oldpath, newpath); END_PROFILE(syscall_link); @@ -860,6 +1038,9 @@ { int result; +#ifdef AVM_SEC + if (!IsAllowed(pathname)) { errno = EACCES; return -1; } +#endif START_PROFILE(syscall_mknod); result = sys_mknod(pathname, mode, dev); END_PROFILE(syscall_mknod); @@ -870,6 +1051,9 @@ { char *result; +#ifdef AVM_SEC + if (!IsAllowed(path)) { errno = EACCES; return 0; } +#endif START_PROFILE(syscall_realpath); result = sys_realpath(path, resolved_path); END_PROFILE(syscall_realpath); Index: samba-3.0.37/source/param/loadparm.c =================================================================== --- samba-3.0.37.orig/source/param/loadparm.c 2009-09-30 14:21:56.000000000 +0200 +++ samba-3.0.37/source/param/loadparm.c 2011-08-09 00:02:34.874444169 +0200 @@ -2713,8 +2713,11 @@ slprintf(comment, sizeof(comment) - 1, "IPC Service (%s)", Globals.szServerString); - +#if 0 /* AVM */ + string_set(&ServicePtrs[i]->szPath, "/var/media/ftp"); +#else string_set(&ServicePtrs[i]->szPath, tmpdir()); +#endif string_set(&ServicePtrs[i]->szUsername, ""); string_set(&ServicePtrs[i]->comment, comment); string_set(&ServicePtrs[i]->fstype, "IPC"); Index: samba-3.0.37/source/registry/reg_frontend.c =================================================================== --- samba-3.0.37.orig/source/registry/reg_frontend.c 2009-09-30 14:21:56.000000000 +0200 +++ samba-3.0.37/source/registry/reg_frontend.c 2011-08-09 00:02:34.874444169 +0200 @@ -35,9 +35,11 @@ REGISTRY_HOOK reg_hooks[] = { #ifndef REG_TDB_ONLY +#ifndef AVM_NO_PRINTING { KEY_PRINTING, &printing_ops }, { KEY_PRINTING_2K, &printing_ops }, { KEY_PRINTING_PORTS, &printing_ops }, +#endif { KEY_SHARES, &shares_reg_ops }, #endif { NULL, NULL } Index: samba-3.0.37/source/rpc_client/cli_pipe.c =================================================================== --- samba-3.0.37.orig/source/rpc_client/cli_pipe.c 2009-09-30 14:21:56.000000000 +0200 +++ samba-3.0.37/source/rpc_client/cli_pipe.c 2011-08-09 00:02:34.874444169 +0200 @@ -619,7 +619,11 @@ DEBUG(1, ("cli_pipe_validate_current_pdu: RPC fault code %s received from remote machine %s " "pipe %s fnum 0x%x!\n", +#if 1 /* AVM */ + "ERRSTR-REPLACEMENT", +#else dcerpc_errstr(NT_STATUS_V(fault_resp.status)), +#endif cli->cli->desthost, cli->pipe_name, (unsigned int)cli->fnum)); Index: samba-3.0.37/source/rpc_parse/parse_prs.c =================================================================== --- samba-3.0.37.orig/source/rpc_parse/parse_prs.c 2009-09-30 14:21:56.000000000 +0200 +++ samba-3.0.37/source/rpc_parse/parse_prs.c 2011-08-09 00:02:34.874444169 +0200 @@ -796,7 +796,12 @@ } DEBUG(5,("%s%04x %s: %s\n", tab_depth(depth), ps->data_offset, name, - dcerpc_errstr(NT_STATUS_V(*status)))); +#if 1 /* AVM */ + "ERRSTR-REPLACEMENT" +#else + dcerpc_errstr(NT_STATUS_V(*status)) +#endif + )); ps->data_offset += sizeof(uint32); Index: samba-3.0.37/source/rpc_parse/parse_sec.c =================================================================== --- samba-3.0.37.orig/source/rpc_parse/parse_sec.c 2009-09-30 14:21:56.000000000 +0200 +++ samba-3.0.37/source/rpc_parse/parse_sec.c 2011-08-09 00:02:34.874444169 +0200 @@ -104,7 +104,7 @@ for you as it reads them. ********************************************************************/ -BOOL sec_io_acl(const char *desc, SEC_ACL **ppsa, prs_struct *ps, int depth) +static BOOL sec_io_acl(const char *desc, SEC_ACL **ppsa, prs_struct *ps, int depth) { unsigned int i; uint32 old_offset; Index: samba-3.0.37/source/rpc_parse/parse_spoolss.c =================================================================== --- samba-3.0.37.orig/source/rpc_parse/parse_spoolss.c 2009-09-30 14:21:56.000000000 +0200 +++ samba-3.0.37/source/rpc_parse/parse_spoolss.c 2011-08-09 00:02:34.874444169 +0200 @@ -227,8 +227,13 @@ if(!prs_uint32("count2", ps, depth, &type->count2)) return False; - if (type->count2 != type->count) + if (type->count2 != type->count) { DEBUG(4,("What a mess, count was %x now is %x !\n", type->count, type->count2)); + return False; + } + if (type->count2 > MAX_NOTIFY_TYPE_FOR_NOW) { + return False; + } if (type->count2 > MAX_NOTIFY_TYPE_FOR_NOW) { return False; Index: samba-3.0.37/source/rpc_server/srv_pipe.c =================================================================== --- samba-3.0.37.orig/source/rpc_server/srv_pipe.c 2009-09-30 14:21:56.000000000 +0200 +++ samba-3.0.37/source/rpc_server/srv_pipe.c 2011-08-09 00:02:34.884444169 +0200 @@ -2335,6 +2335,7 @@ int n_cmds = 0; switch ( idx ) { +#ifndef AVM_SMALLER case PI_LSARPC: lsa_get_pipe_fns( &cmds, &n_cmds ); break; @@ -2347,12 +2348,14 @@ case PI_NETLOGON: netlog_get_pipe_fns( &cmds, &n_cmds ); break; +#endif /* AVM_SMALLER */ case PI_SRVSVC: srvsvc_get_pipe_fns( &cmds, &n_cmds ); break; case PI_WKSSVC: wkssvc_get_pipe_fns( &cmds, &n_cmds ); break; +#ifndef AVM_SMALLER case PI_WINREG: reg_get_pipe_fns( &cmds, &n_cmds ); break; @@ -2371,6 +2374,8 @@ case PI_NTSVCS: ntsvcs_get_pipe_fns( &cmds, &n_cmds ); break; +#endif /* AVM_SMALLER */ + #ifdef DEVELOPER case PI_ECHO: echo_get_pipe_fns( &cmds, &n_cmds ); Index: samba-3.0.37/source/smbd/change_trust_pw.c =================================================================== --- samba-3.0.37.orig/source/smbd/change_trust_pw.c 2009-09-30 14:21:56.000000000 +0200 +++ samba-3.0.37/source/smbd/change_trust_pw.c 2011-08-09 00:02:34.884444169 +0200 @@ -30,6 +30,10 @@ NTSTATUS change_trust_account_password( const char *domain, const char *remote_machine) { +#ifdef AVM_SMALLER + return NT_STATUS_UNSUCCESSFUL; +#else + NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; struct in_addr pdc_ip; fstring dc_name; @@ -97,4 +101,5 @@ DEBUG(5,("change_trust_account_password: sucess!\n")); return nt_status; +#endif /* AVM_SMALLER */ } Index: samba-3.0.37/source/smbd/close.c =================================================================== --- samba-3.0.37.orig/source/smbd/close.c 2009-09-30 14:21:56.000000000 +0200 +++ samba-3.0.37/source/smbd/close.c 2011-08-09 00:02:34.884444169 +0200 @@ -353,7 +353,9 @@ saved_status2 = close_filestruct(fsp); if (fsp->print_file) { +#ifndef AVM_NO_PRINTING print_fsp_end(fsp, close_type); +#endif file_free(fsp); return NT_STATUS_OK; } Index: samba-3.0.37/source/smbd/conn.c =================================================================== --- samba-3.0.37.orig/source/smbd/conn.c 2009-09-30 14:21:56.000000000 +0200 +++ samba-3.0.37/source/smbd/conn.c 2011-08-09 00:02:34.884444169 +0200 @@ -216,9 +216,12 @@ * idle with a handle open. */ + +#ifndef AVM_SMALLER for (plist = get_first_internal_pipe(); plist; plist = get_next_internal_pipe(plist)) if (plist->pipe_handles && plist->pipe_handles->count) allidle = False; +#endif return allidle; } Index: samba-3.0.37/source/smbd/dfree.c =================================================================== --- samba-3.0.37.orig/source/smbd/dfree.c 2009-09-30 14:21:56.000000000 +0200 +++ samba-3.0.37/source/smbd/dfree.c 2011-08-09 00:02:34.884444169 +0200 @@ -130,11 +130,13 @@ } } +#if 0 /* AVM */ if (disk_quotas(path, &bsize_q, &dfree_q, &dsize_q)) { (*bsize) = bsize_q; (*dfree) = MIN(*dfree,dfree_q); (*dsize) = MIN(*dsize,dsize_q); } +#endif /* FIXME : Any reason for this assumption ? */ if (*bsize < 256) { Index: samba-3.0.37/source/smbd/dosmode.c =================================================================== --- samba-3.0.37.orig/source/smbd/dosmode.c 2009-09-30 14:21:56.000000000 +0200 +++ samba-3.0.37/source/smbd/dosmode.c 2011-08-09 00:02:34.884444169 +0200 @@ -40,12 +40,15 @@ if (ISDOT(path) || ISDOTDOT(path)) { return 0; } - +#ifdef AVM_SMALLER + return 0; +#else if (!lp_dmapi_support(SNUM(conn)) || !dmapi_have_session()) { return 0; } return dmapi_file_flags(path); +#endif } /**************************************************************************** Index: samba-3.0.37/source/smbd/fileio.c =================================================================== --- samba-3.0.37.orig/source/smbd/fileio.c 2009-09-30 14:21:56.000000000 +0200 +++ samba-3.0.37/source/smbd/fileio.c 2011-08-09 00:02:34.884444169 +0200 @@ -176,6 +176,8 @@ static int wcp_file_size_change(files_struct *fsp) { +/* AVM: Fuer Pruefung des freien Speichers auf dem Datentraeger wird + SMB_VFS_FTRUNCATE aufgerufen, auch falls es langsam sein sollte */ int ret; write_cache *wcp = fsp->wcp; @@ -199,6 +201,10 @@ int write_path = -1; if (fsp->print_file) { +#ifdef AVM_NO_PRINTING + errno = EBADF; + return -1; +#else fstring sharename; uint32 jobid; @@ -210,6 +216,7 @@ } return print_job_write(SNUM(fsp->conn), jobid, data, pos, n); +#endif /* AVM_NO_PRINTING */ } if (!fsp->can_write) { Index: samba-3.0.37/source/smbd/files.c =================================================================== --- samba-3.0.37.orig/source/smbd/files.c 2009-09-30 14:21:56.000000000 +0200 +++ samba-3.0.37/source/smbd/files.c 2011-08-09 00:02:34.884444169 +0200 @@ -203,10 +203,12 @@ exit_server("out of memory in file_init"); } +#ifndef AVM_SMALLER /* * Ensure that pipe_handle_oppset is set correctly. */ set_pipe_handle_offset(real_max_open_files); +#endif } /**************************************************************************** Index: samba-3.0.37/source/smbd/lanman.c =================================================================== --- samba-3.0.37.orig/source/smbd/lanman.c 2009-09-30 14:21:56.000000000 +0200 +++ samba-3.0.37/source/smbd/lanman.c 2011-08-09 00:02:34.884444169 +0200 @@ -400,6 +400,7 @@ PACK(desc,t,v); } +#ifndef AVM_NO_PRINTING /**************************************************************************** Get a print queue. ****************************************************************************/ @@ -781,6 +782,7 @@ return result; } +#endif /* AVM_NO_PRINTING */ static BOOL api_DosPrintQGetInfo(connection_struct *conn, uint16 vuid, char *param, int tpscnt, @@ -789,6 +791,9 @@ char **rdata,char **rparam, int *rdata_len,int *rparam_len) { +#ifdef AVM_NO_PRINTING +return False; +#else char *str1 = get_safe_str_ptr(param,tpscnt,param,2); char *str2 = skip_string(param,tpscnt,str1); char *p = skip_string(param,tpscnt,str2); @@ -901,6 +906,7 @@ SAFE_FREE(tmpdata); return(True); +#endif /* AVM_NO_PRINTING */ } /**************************************************************************** @@ -914,6 +920,9 @@ char **rdata, char** rparam, int *rdata_len, int *rparam_len) { +#ifdef AVM_NO_PRINTING +return False; +#else char *param_format = get_safe_str_ptr(param,tpscnt,param,2); char *output_format1 = skip_string(param,tpscnt,param_format); char *p = skip_string(param,tpscnt,output_format1); @@ -1046,6 +1055,7 @@ SAFE_FREE(status); return False; +#endif /* AVM_NO_PRINTING */ } /**************************************************************************** @@ -2539,6 +2549,9 @@ char **rdata,char **rparam, int *rdata_len,int *rparam_len) { +#ifdef AVM_NO_PRINTING +return False; +#else int function = get_safe_SVAL(param,tpscnt,param,0,0); char *str1 = get_safe_str_ptr(param,tpscnt,param,2); char *str2 = skip_string(param,tpscnt,str1); @@ -2609,6 +2622,7 @@ SSVAL(*rparam,2,0); /* converter word */ return(True); +#endif } /**************************************************************************** @@ -2622,6 +2636,9 @@ char **rdata,char **rparam, int *rdata_len,int *rparam_len) { +#ifdef AVM_NO_PRINTING +return False; +#else int function = get_safe_SVAL(param,tpscnt,param,0,0); char *str1 = get_safe_str_ptr(param,tpscnt,param,2); char *str2 = skip_string(param,tpscnt,str1); @@ -2674,6 +2691,7 @@ SSVAL(*rparam,2,0); /* converter word */ return(True); +#endif } /**************************************************************************** @@ -2714,6 +2732,9 @@ char **rdata,char **rparam, int *rdata_len,int *rparam_len) { +#ifdef AVM_NO_PRINTING +return False; +#else struct pack_desc desc; char *str1 = get_safe_str_ptr(param,tpscnt,param,2); char *str2 = skip_string(param,tpscnt,str1); @@ -2788,6 +2809,7 @@ SSVAL(*rparam,2,0); /* converter word */ return(True); +#endif } @@ -3579,6 +3601,9 @@ char **rdata,char **rparam, int *rdata_len,int *rparam_len) { +#ifdef AVM_NO_PRINTING +return False; +#else char *str1 = get_safe_str_ptr(param,tpscnt,param,2); char *str2 = skip_string(param,tpscnt,str1); char *p = skip_string(param,tpscnt,str2); @@ -3669,6 +3694,7 @@ DEBUG(4,("WPrintJobGetInfo: errorcode %d\n",desc.errcode)); return True; +#endif } static BOOL api_WPrintJobEnumerate(connection_struct *conn, uint16 vuid, @@ -3678,6 +3704,9 @@ char **rdata,char **rparam, int *rdata_len,int *rparam_len) { +#ifdef AVM_NO_PRINTING +return False; +#else char *str1 = get_safe_str_ptr(param,tpscnt,param,2); char *str2 = skip_string(param,tpscnt,str1); char *p = skip_string(param,tpscnt,str2); @@ -3760,6 +3789,7 @@ DEBUG(4,("WPrintJobEnumerate: errorcode %d\n",desc.errcode)); return True; +#endif } static int check_printdest_info(struct pack_desc* desc, @@ -3835,6 +3865,9 @@ char **rdata,char **rparam, int *rdata_len,int *rparam_len) { +#ifdef AVM_NO_PRINTING +return False; +#else char *str1 = get_safe_str_ptr(param,tpscnt,param,2); char *str2 = skip_string(param,tpscnt,str1); char *p = skip_string(param,tpscnt,str2); @@ -3906,6 +3939,7 @@ SAFE_FREE(tmpdata); return True; +#endif } static BOOL api_WPrintDestEnum(connection_struct *conn, uint16 vuid, @@ -3915,6 +3949,9 @@ char **rdata,char **rparam, int *rdata_len,int *rparam_len) { +#ifdef AVM_NO_PRINTING +return False; +#else char *str1 = get_safe_str_ptr(param,tpscnt,param,2); char *str2 = skip_string(param,tpscnt,str1); char *p = skip_string(param,tpscnt,str2); @@ -3987,6 +4024,7 @@ DEBUG(4,("WPrintDestEnumerate: errorcode %d\n",desc.errcode)); return True; +#endif } static BOOL api_WPrintDriverEnum(connection_struct *conn, uint16 vuid, @@ -3996,6 +4034,9 @@ char **rdata,char **rparam, int *rdata_len,int *rparam_len) { +#ifdef AVM_NO_PRINTING +return False; +#else char *str1 = get_safe_str_ptr(param,tpscnt,param,2); char *str2 = skip_string(param,tpscnt,str1); char *p = skip_string(param,tpscnt,str2); @@ -4050,6 +4091,7 @@ DEBUG(4,("WPrintDriverEnum: errorcode %d\n",desc.errcode)); return True; +#endif } static BOOL api_WPrintQProcEnum(connection_struct *conn, uint16 vuid, @@ -4059,6 +4101,9 @@ char **rdata,char **rparam, int *rdata_len,int *rparam_len) { +#ifdef AVM_NO_PRINTING +return False; +#else char *str1 = get_safe_str_ptr(param,tpscnt,param,2); char *str2 = skip_string(param,tpscnt,str1); char *p = skip_string(param,tpscnt,str2); @@ -4113,6 +4158,7 @@ DEBUG(4,("WPrintQProcEnum: errorcode %d\n",desc.errcode)); return True; +#endif } static BOOL api_WPrintPortEnum(connection_struct *conn, uint16 vuid, @@ -4122,6 +4168,9 @@ char **rdata,char **rparam, int *rdata_len,int *rparam_len) { +#ifdef AVM_NO_PRINTING +return False; +#else char *str1 = get_safe_str_ptr(param,tpscnt,param,2); char *str2 = skip_string(param,tpscnt,str1); char *p = skip_string(param,tpscnt,str2); @@ -4178,6 +4227,7 @@ DEBUG(4,("WPrintPortEnum: errorcode %d\n",desc.errcode)); return True; +#endif } /**************************************************************************** Index: samba-3.0.37/source/smbd/open.c =================================================================== --- samba-3.0.37.orig/source/smbd/open.c 2009-09-30 14:21:56.000000000 +0200 +++ samba-3.0.37/source/smbd/open.c 2011-08-09 00:02:34.884444169 +0200 @@ -1155,8 +1155,11 @@ } DEBUG(10, ("open_file_ntcreate: printer open fname=%s\n", fname)); - +#ifdef AVM_NO_PRINTING + return NT_STATUS_OK; +#else return print_fsp_open(conn, fname, result); +#endif } if (!parent_dirname_talloc(tmp_talloc_ctx(), fname, &parent_dir, Index: samba-3.0.37/source/smbd/process.c =================================================================== --- samba-3.0.37.orig/source/smbd/process.c 2009-09-30 14:21:56.000000000 +0200 +++ samba-3.0.37/source/smbd/process.c 2011-08-09 00:02:34.894444169 +0200 @@ -1028,7 +1028,9 @@ chain_size = 0; file_chain_reset(); +#ifndef AVM_SMALLER reset_chain_p(); +#endif if (msg_type != 0) return(reply_special(inbuf,outbuf)); @@ -1268,9 +1270,11 @@ select_timeout = blocking_locks_timeout_ms(SMBD_SELECT_TIMEOUT*1000); +#ifndef AVM_NO_PRINTING if (print_notify_messages_pending()) { select_timeout = MIN(select_timeout, 1000); } +#endif return select_timeout; } @@ -1461,9 +1465,10 @@ */ process_blocking_lock_queue(); +#ifndef AVM_NO_PRINTING /* update printer queue caches if necessary */ - update_monitored_printq_cache(); +#endif /* * Now we are root, check if the log files need pruning. @@ -1472,9 +1477,10 @@ force_check_log_size(); check_log_size(); +#ifndef AVM_NO_PRINTING /* Send any queued printer notify message to interested smbd's. */ - print_notify_send_messages(0); +#endif /* * Modify the select timeout depending upon Index: samba-3.0.37/source/smbd/reply.c =================================================================== --- samba-3.0.37.orig/source/smbd/reply.c 2009-09-30 14:21:56.000000000 +0200 +++ samba-3.0.37/source/smbd/reply.c 2011-08-09 00:02:34.894444169 +0200 @@ -3606,7 +3606,10 @@ NTSTATUS status; START_PROFILE(SMBsplopen); - +#ifdef AVM_NO_PRINTING + END_PROFILE(SMBsplopen); + return ERROR_DOS(ERRDOS,ERRnoaccess); +#else if (!CAN_PRINT(conn)) { END_PROFILE(SMBsplopen); return ERROR_DOS(ERRDOS,ERRnoaccess); @@ -3628,6 +3631,7 @@ END_PROFILE(SMBsplopen); return(outsize); +#endif } /**************************************************************************** @@ -3644,6 +3648,10 @@ CHECK_FSP(fsp,conn); +#ifdef AVM_NO_PRINTING + END_PROFILE(SMBsplretq); + return ERROR_DOS(ERRDOS,ERRnoaccess); +#else if (!CAN_PRINT(conn)) { END_PROFILE(SMBsplclose); return ERROR_NT(NT_STATUS_DOS(ERRSRV, ERRerror)); @@ -3661,6 +3669,7 @@ END_PROFILE(SMBsplclose); return(outsize); +#endif } /**************************************************************************** @@ -3670,6 +3679,10 @@ int reply_printqueue(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize) { +#ifdef AVM_NO_PRINTING + END_PROFILE(SMBsplretq); + return ERROR_DOS(ERRDOS,ERRnoaccess); +#else int outsize = set_message(outbuf,2,3,True); int max_count = SVAL(inbuf,smb_vwv0); int start_index = SVAL(inbuf,smb_vwv1); @@ -3732,6 +3745,7 @@ END_PROFILE(SMBsplretq); return(outsize); +#endif } /**************************************************************************** Index: samba-3.0.37/source/smbd/server.c =================================================================== --- samba-3.0.37.orig/source/smbd/server.c 2009-09-30 14:21:56.000000000 +0200 +++ samba-3.0.37/source/smbd/server.c 2011-08-09 00:02:34.894444169 +0200 @@ -22,7 +22,7 @@ #include "includes.h" -static_decl_rpc; +/* AVM ???? static_decl_rpc; */ static int am_parent = 1; @@ -617,6 +617,7 @@ **************************************************************************/ void reload_printers(void) { +#ifndef AVM_NO_PRINTING int snum; int n_services = lp_numservices(); int pnum = lp_servicenumber(PRINTERS_NAME); @@ -643,6 +644,7 @@ } load_printers(); +#endif /* AVM_NO_PRINTING */ } /**************************************************************************** @@ -725,7 +727,9 @@ invalidate_all_vuids(); +#ifndef AVM_NO_PRINTING print_notify_send_messages(3); /* 3 second timeout. */ +#endif /* delete our entry in the connections database. */ yield_connection(NULL,""); @@ -739,7 +743,9 @@ #endif locking_end(); +#ifndef AVM_NO_PRINTING printing_end(); +#endif if (how != SERVER_EXIT_NORMAL) { int oldlevel = DEBUGLEVEL; @@ -820,7 +826,9 @@ mkproto.h. Mixing $(builddir) and $(srcdir) source files in the current prototype generation system is too complicated. */ +#if 0 /* AVM */ extern void build_options(BOOL screen); +#endif int main(int argc,const char *argv[]) { @@ -833,6 +841,13 @@ static char *ports = NULL; static char *profile_level = NULL; int opt; + +#if 0 // AVM DEBUG + extern void crashdump_init(char*); + crashdump_init("smbd"); +#endif + +#ifndef AVM_NO_POPT poptContext pc; struct poptOption long_options[] = { @@ -842,7 +857,9 @@ {"foreground", 'F', POPT_ARG_VAL, &Fork, False, "Run daemon in foreground (for daemontools, etc.)" }, {"no-process-group", '\0', POPT_ARG_VAL, &no_process_group, True, "Don't create a new process group" }, {"log-stdout", 'S', POPT_ARG_VAL, &log_stdout, True, "Log to stdout" }, +#if 0 /* AVM */ {"build-options", 'b', POPT_ARG_NONE, NULL, 'b', "Print build options" }, +#endif {"port", 'p', POPT_ARG_STRING, &ports, 0, "Listen on the specified ports"}, {"profiling-level", 'P', POPT_ARG_STRING, &profile_level, 0, "Set profiling level","PROFILE_LEVEL"}, POPT_COMMON_SAMBA @@ -861,21 +878,31 @@ pc = poptGetContext("smbd", argc, argv, long_options, 0); while((opt = poptGetNextOpt(pc)) != -1) { +#if 0 /* AVM */ switch (opt) { case 'b': build_options(True); /* Display output to screen as well as debug */ exit(0); break; } +#endif } poptFreeContext(pc); +#else + load_case_tables(); +#endif /* AVM_NO_POPT */ + #ifdef HAVE_SETLUID /* needed for SecureWare on SCO */ setluid(0); #endif +#if 1 /* AVM */ + setpriority(PRIO_PROCESS, 0, 19); /* be nice */ +#endif + sec_init(); set_remote_machine_name("smbd", False); @@ -903,6 +930,16 @@ /* make absolutely sure we run as root - to handle cases where people are crazy enough to have it setuid */ + generate_random_buffer(NULL, 0); + + /* make absolutely sure we run as root - to handle cases where people + are crazy enough to have it setuid */ + + gain_root_privilege(); + gain_root_group_privilege(); + + fault_setup((void (*)(void *))exit_server_fault); + dump_core_setup("smbd"); gain_root_privilege(); gain_root_group_privilege(); @@ -945,8 +982,10 @@ DEBUG(2,("uid=%d gid=%d euid=%d egid=%d\n", (int)getuid(),(int)getgid(),(int)geteuid(),(int)getegid())); +#if 0 /* AVM */ /* Output the build options to the debug log */ build_options(False); +#endif if (sizeof(uint16) < 2 || sizeof(uint32) < 4) { DEBUG(0,("ERROR: Samba is not configured correctly for the word size on your machine\n")); @@ -1042,16 +1081,20 @@ namecache_enable(); +#ifndef AVM_SMALLER if (!init_registry()) exit(1); +#endif #if 0 if (!init_svcctl_db()) exit(1); #endif +#ifndef AVM_NO_PRINTING if (!print_backend_init()) exit(1); +#endif if (!init_guest_info()) { DEBUG(0,("ERROR: failed to setup guest info.\n")); @@ -1068,14 +1111,18 @@ smbd is launched via inetd and we fork a copy of ourselves here */ +#ifndef AVM_NO_PRINTING if ( is_daemon && !interactive ) start_background_queue(); +#endif +#if 0 /* AVM */ /* Always attempt to initialize DMAPI. We will only use it later if * lp_dmapi_support is set on the share, but we need a single global * session to work with. */ dmapi_init_session(); +#endif if (!open_sockets_smbd(is_daemon, interactive, ports)) exit(1); @@ -1084,7 +1131,12 @@ * everything after this point is run after the fork() */ +#if 0 /* AVM */ static_init_rpc; +#else + rpc_wkssvc_init(); + rpc_srv_init(); +#endif init_modules(); Index: samba-3.0.37/source/smbd/service.c =================================================================== --- samba-3.0.37.orig/source/smbd/service.c 2009-09-30 14:21:56.000000000 +0200 +++ samba-3.0.37/source/smbd/service.c 2011-08-09 00:02:34.894444169 +0200 @@ -288,6 +288,7 @@ iService = add_home_service(service,service /* 'username' */, phome_dir); } +#ifndef AVM_NO_PRINTING /* If we still don't have a service, attempt to add it as a printer. */ if (iService < 0) { int iPrinterService; @@ -307,6 +308,7 @@ } } } +#endif /* AVM_NO_PRINTING */ /* Check for default vfs service? Unsure whether to implement this */ if (iService < 0) { @@ -1225,7 +1227,9 @@ void close_cnum(connection_struct *conn, uint16 vuid) { if (IS_IPC(conn)) { +#ifndef AVM_SMALLER pipe_close_conn(conn); +#endif } else { file_close_conn(conn); dptr_closecnum(conn); Index: samba-3.0.37/source/smbd/trans2.c =================================================================== --- samba-3.0.37.orig/source/smbd/trans2.c 2009-09-30 14:21:56.000000000 +0200 +++ samba-3.0.37/source/smbd/trans2.c 2011-08-09 00:02:34.904444169 +0200 @@ -2878,11 +2878,14 @@ /* unknown_2 6 NULL bytes follow*/ /* now set the quotas */ +#if 1 /* AVM */ + return ERROR_DOS(ERRSRV,ERRerror); +#else if (vfs_set_ntquota(fsp, SMB_USER_FS_QUOTA_TYPE, NULL, "as)!=0) { DEBUG(0,("vfs_set_ntquota() failed for service [%s]\n",lp_servicename(SNUM(conn)))); return ERROR_DOS(ERRSRV,ERRerror); } - +#endif break; } default: Index: samba-3.0.37/source/utils/avm_smbpasswd.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ samba-3.0.37/source/utils/avm_smbpasswd.c 2011-08-09 00:02:34.904444169 +0200 @@ -0,0 +1,212 @@ +/* + * Unix SMB/CIFS implementation. + * Copyright (C) Jeremy Allison 1995-1998 + * Copyright (C) Tim Potter 2001 + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. + * + * This program is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for + * more details. + * + * You should have received a copy of the GNU General Public License along with + * this program; if not, write to the Free Software Foundation, Inc., 675 + * Mass Ave, Cambridge, MA 02139, USA. */ + +#include "includes.h" + + +void E_md4hash(const char *passwd, uchar p16[16]) +{ + int len; + smb_ucs2_t wpwd[129]; + int i; + + + /* Password must be converted to NT unicode - null terminated. */ + len = strlen(passwd); +#if 0 + push_ucs2(NULL, wpwd, (const char *)passwd, 256, STR_UNICODE|STR_NOALIGN|STR_TERMINATE); +#else + for (i = 0; i < len; i++) { + wpwd[i] = (unsigned char)passwd[i]; + } + wpwd[i] = 0; // termination +#endif + /* Calculate length in bytes */ + len = len /*strlen_w(wpwd)*/ * sizeof(int16); + + mdfour(p16, (unsigned char *)wpwd, len); + ZERO_STRUCT(wpwd); +} + +/** + * Creates the DES forward-only Hash of the users password in DOS ASCII charset + * @param passwd password in 'unix' charset. + * @param p16 return password hashed with DES, caller allocated 16 byte buffer + * @return False if password was > 14 characters, and therefore may be incorrect, otherwise True + * @note p16 is filled in regardless + */ + +BOOL E_deshash(const char *passwd, uchar p16[16]) +{ + BOOL ret = True; + char dospwd[256+2]; + int i; + int len; + + /* Password must be converted to DOS charset - null terminated, uppercase. */ +// push_ascii(dospwd, passwd, sizeof(dospwd), STR_UPPER|STR_TERMINATE); + len = strlen(passwd); + for (i = 0; i < len; i++) { + char c = passwd[i]; + if (islower(c)) c = toupper(c); + dospwd[i] = c; + } + dospwd[i] = 0; + + /* Only the fisrt 14 chars are considered, password need not be null terminated. */ + E_P16((const unsigned char *)dospwd, p16); + + if (strlen(dospwd) > 14) { + ret = False; + } + + memset(dospwd, 0, sizeof(dospwd)); + // ZERO_STRUCT(dospwd); + + return ret; +} + +static void my_pdb_sethexpwd(char *p, const unsigned char *pwd) +{ + if (pwd != NULL) { + int i; + for (i = 0; i < 16; i++) + slprintf(&p[i*2], 3, "%02X", pwd[i]); + } else { + strncpy(p, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", 32); + } +} + +static void crypt_password (const char *user_name, + const char *new_passwd, char *new_lanman_p16, char *new_nt_p16) +{ + /* Calculate the MD4 hash (NT compatible) of the password */ + E_md4hash(new_passwd, new_nt_p16); + + if (!E_deshash(new_passwd, new_lanman_p16)) { + /* E_deshash returns false for 'long' passwords (> 14 + DOS chars). This allows us to match Win2k, which + does not store a LM hash for these passwords (which + would reduce the effective password length to 14 */ + + memset(new_lanman_p16, 0, LM_HASH_LEN); + } +} + +/* +ftpuser:1000:8C6F5D02DEB21501AAD3B435B51404EE:E0FBA38268D0EC66EF1CB452D5885E53:[UX ]:LCT-00000000: +*/ + +/********************************************************* + Start here. +**********************************************************/ +int main(int argc, char **argv) +{ + char *passwd_filename = "/var/samba/private/smbpasswd"; + char *cleartext_filename = "/var/tmp/smbpasswd.cleartext"; + + if (argc != 1) { + fprintf(stderr, "use: smbpasswd\n"); + fprintf(stderr, " file %s will be encrypted to %s\n", cleartext_filename, passwd_filename); + return -9; + } + + FILE *fp = fopen(passwd_filename, "w"); + + if (fp == NULL) { + fprintf(stderr, "can't write %s\n", passwd_filename); + return -10; + } + /* Make sure it is only rw by the owner */ + chmod(passwd_filename, 0600); + + + FILE *fp_in = fopen(cleartext_filename, "r"); + if (!fp_in) { + fprintf(stderr, "can't read %s\n", cleartext_filename); + fclose(fp); + return -11; + } + + + char line[512]; + + unsigned nusers = 0; + while(line == fgets(line, sizeof(line)-1, fp_in)) { + char *username, *passwd, *extra; + unsigned uid; + uchar new_lanman_p16[LM_HASH_LEN]; + uchar new_nt_p16[NT_HASH_LEN]; + char ascii_p16[32+1]; + char *p; + + line[sizeof(line)-1] = '\0'; + if (strlen(line)) { + p = &line[strlen(line)-1]; + while(p >= line) { + if (*p != '\n' && *p != '\r') break; + *p = '\0'; + p--; + } + } + + p = line; + char *p2 = strchr(p, ':'); + if (!p2) goto err; + *p2 = 0; + username = p; + + p = p2 + 1; + p2 = strchr(p, ':'); + if (!p2) goto err; + *p2 = 0; + uid = atoi(p); + + p = p2 + 1; + p2 = strchr(p, ':'); + if (!p2) goto err; + *p2 = 0; + passwd = p; + + extra = p2 + 1; + + crypt_password(username, passwd, new_lanman_p16, new_nt_p16); + + fprintf(fp, "%s:%u:", username, uid); + + my_pdb_sethexpwd(ascii_p16, new_lanman_p16); + ascii_p16[32] = '\0'; + fprintf(fp, "%s:", ascii_p16); + + my_pdb_sethexpwd(ascii_p16, new_nt_p16); + ascii_p16[32] = '\0'; + fprintf(fp, "%s:", ascii_p16); + + fprintf(fp, "%s\n", extra); + + nusers++; + } // while + +err: + fclose(fp_in); + fclose(fp); + +fprintf(stderr, "%u samba users written to %s\n", nusers, passwd_filename); + return 0; +} Index: samba-3.0.37/source/Makefile.in =================================================================== --- samba-3.0.37.orig/source/Makefile.in 2009-09-30 14:21:56.000000000 +0200 +++ samba-3.0.37/source/Makefile.in 2011-08-09 14:13:50.623167315 +0200 @@ -257,7 +257,7 @@ lib/adt_tree.o lib/gencache.o $(TDB_OBJ) \ lib/module.o lib/events.o lib/ldap_escape.o @CHARSET_STATIC@ \ lib/secdesc.o lib/util_seaccess.o lib/secace.o lib/secacl.o \ - libads/krb5_errs.o lib/system_smbd.o lib/audit.o + lib/system_smbd.o lib/audit.o LIB_OBJ = $(LIB_WITHOUT_PROTO_OBJ) $(LIB_WITH_PROTO_OBJ) @@ -272,7 +272,7 @@ PARAM_OBJ = dynconfig.o param/loadparm.o param/params.o lib/sharesec.o lib/ldap_debug_handler.o -KRBCLIENT_OBJ = libads/kerberos.o libads/ads_status.o +KRBCLIENT_OBJ = libads/ads_status.o LIBADDNS_OBJ0 = libaddns/dnsrecord.o libaddns/dnsutils.o libaddns/dnssock.o \ libaddns/dnsgss.o libaddns/dnsmarshall.o @@ -282,14 +282,9 @@ libgpo/gpo_fetch.o libgpo/gpo_filesync.o LIBGPO_OBJ = $(LIBGPO_OBJ0) -LIBADS_OBJ = libads/ldap.o libads/ldap_printer.o libads/sasl.o \ - libads/krb5_setpw.o libads/ldap_user.o \ - libads/ads_struct.o libads/kerberos_keytab.o \ - libads/disp_sec.o libads/ads_utils.o libads/ldap_utils.o \ - libads/authdata.o libads/cldap.o libads/util.o +LIBADS_OBJ = -LIBADS_SERVER_OBJ = libads/kerberos_verify.o \ - libads/ldap_schema.o +LIBADS_SERVER_OBJ = SECRETS_OBJ = passdb/secrets.o passdb/machine_sid.o @@ -471,7 +466,7 @@ printing/printfsp.o lib/sysquotas.o lib/sysquotas_linux.o \ lib/sysquotas_xfs.o lib/sysquotas_4A.o \ smbd/change_trust_pw.o smbd/fake_file.o \ - smbd/quotas.o smbd/ntquotas.o $(AFS_OBJ) smbd/msdfs.o \ + smbd/ntquotas.o $(AFS_OBJ) smbd/msdfs.o \ $(AFS_SETTOKEN_OBJ) smbd/aio.o smbd/statvfs.o \ smbd/dmapi.o $(MANGLE_OBJ) @VFS_STATIC@ @@ -821,9 +816,9 @@ NTLM_AUTH_OBJ1 = utils/ntlm_auth.o utils/ntlm_auth_diagnostics.o NTLM_AUTH_OBJ = ${NTLM_AUTH_OBJ1} $(LIBSAMBA_OBJ) $(POPT_LIB_OBJ) \ - libsmb/asn1.o libsmb/spnego.o libsmb/clikrb5.o libads/kerberos.o \ - libads/kerberos_verify.o $(SECRETS_OBJ) $(SERVER_MUTEX_OBJ) \ - libads/authdata.o $(RPC_PARSE_OBJ1) $(PASSDB_OBJ) $(GROUPDB_OBJ) \ + libsmb/asn1.o libsmb/spnego.o libsmb/clikrb5.o \ + $(SECRETS_OBJ) $(SERVER_MUTEX_OBJ) \ + $(RPC_PARSE_OBJ1) $(PASSDB_OBJ) $(GROUPDB_OBJ) \ $(SMBLDAP_OBJ) $(DOSERR_OBJ) rpc_parse/parse_net.o $(LIBNMB_OBJ) \ $(LDB_OBJ) libsmb/errormap.o