diff options
Diffstat (limited to 'patches/source/samba')
| -rw-r--r-- | patches/source/samba/doinst.sh | 16 | ||||
| -rwxr-xr-x | patches/source/samba/prune-samba.sh | 33 | ||||
| -rw-r--r-- | patches/source/samba/rc.samba | 45 | ||||
| -rw-r--r-- | patches/source/samba/samba-4.6.3-4.5.9-4.4.13-CVE-2017-7494.patch | 34 | ||||
| -rwxr-xr-x | patches/source/samba/samba.SlackBuild | 233 | ||||
| -rw-r--r-- | patches/source/samba/slack-desc | 19 | ||||
| -rw-r--r-- | patches/source/samba/smb.conf.default | 271 | ||||
| -rw-r--r-- | patches/source/samba/smb.conf.default.orig | 271 | ||||
| -rw-r--r-- | patches/source/samba/smb.conf.diff | 29 | ||||
| -rw-r--r-- | patches/source/samba/talloc.pc | 11 |
10 files changed, 962 insertions, 0 deletions
diff --git a/patches/source/samba/doinst.sh b/patches/source/samba/doinst.sh new file mode 100644 index 000000000..c7b358ed1 --- /dev/null +++ b/patches/source/samba/doinst.sh @@ -0,0 +1,16 @@ +#!/bin/sh +config() { + NEW="$1" + OLD="`dirname $NEW`/`basename $NEW .new`" + # If there's no config file by that name, mv it over: + if [ ! -r $OLD ]; then + mv $NEW $OLD + elif [ "`cat $OLD | md5sum`" = "`cat $NEW | md5sum`" ]; then # toss the redundant copy + rm $NEW + fi + # Otherwise, we leave the .new copy for the admin to consider... +} +config etc/rc.d/rc.samba.new +# This won't be needed. The point here is to preserve the permissions of the existing +# file, if there is one. I don't see major new development happening in rc.samba... ;-) +rm -f etc/rc.d/rc.samba.new diff --git a/patches/source/samba/prune-samba.sh b/patches/source/samba/prune-samba.sh new file mode 100755 index 000000000..a6106df33 --- /dev/null +++ b/patches/source/samba/prune-samba.sh @@ -0,0 +1,33 @@ +#!/bin/sh + +# Copyright 2010 Patrick J. Volkerding, Sebeka, Minnesota, USA +# All rights reserved. +# +# Redistribution and use of this script, with or without modification, is +# permitted provided that the following conditions are met: +# +# 1. Redistributions of this script must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO +# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +# Pare down the Samba sources to just Samba3 for now, and drop redundant docs. +# This script expects the samba sources to be unpacked in the current +# directory. It will then "pare" them. You'll be expected to repack them +# afterwards. + +cd samba-?.?.? || cd samba-?.?.?? || exit 1 + +rm --verbose WHATSNEW4.txt howto-ol-backend-s4.txt howto4.txt prog_guide4.txt +rm -r --verbose docs-xml packaging4 source4 swat2* +rm --verbose docs/*.pdf + diff --git a/patches/source/samba/rc.samba b/patches/source/samba/rc.samba new file mode 100644 index 000000000..2a28f3e52 --- /dev/null +++ b/patches/source/samba/rc.samba @@ -0,0 +1,45 @@ +#!/bin/sh +# +# /etc/rc.d/rc.samba +# +# Start/stop/restart the Samba SMB file/print server. +# +# To make Samba start automatically at boot, make this +# file executable: chmod 755 /etc/rc.d/rc.samba +# + +samba_start() { + if [ -x /usr/sbin/smbd -a -x /usr/sbin/nmbd -a -r /etc/samba/smb.conf ]; then + echo "Starting Samba: /usr/sbin/smbd -D" + /usr/sbin/smbd -D + echo " /usr/sbin/nmbd -D" + /usr/sbin/nmbd -D + fi +} + +samba_stop() { + killall smbd nmbd +} + +samba_restart() { + samba_stop + sleep 2 + samba_start +} + +case "$1" in +'start') + samba_start + ;; +'stop') + samba_stop + ;; +'restart') + samba_restart + ;; +*) + # Default is "start", for backwards compatibility with previous + # Slackware versions. This may change to a 'usage' error someday. + samba_start +esac + diff --git a/patches/source/samba/samba-4.6.3-4.5.9-4.4.13-CVE-2017-7494.patch b/patches/source/samba/samba-4.6.3-4.5.9-4.4.13-CVE-2017-7494.patch new file mode 100644 index 000000000..34b443733 --- /dev/null +++ b/patches/source/samba/samba-4.6.3-4.5.9-4.4.13-CVE-2017-7494.patch @@ -0,0 +1,34 @@ +From d2bc9f3afe23ee04d237ae9f4511fbe59a27ff54 Mon Sep 17 00:00:00 2001 +From: Volker Lendecke <vl@samba.org> +Date: Mon, 8 May 2017 21:40:40 +0200 +Subject: [PATCH] CVE-2017-7494: rpc_server3: Refuse to open pipe names with / + inside + +Bug: https://bugzilla.samba.org/show_bug.cgi?id=12780 + +Signed-off-by: Volker Lendecke <vl@samba.org> +Reviewed-by: Jeremy Allison <jra@samba.org> +Reviewed-by: Stefan Metzmacher <metze@samba.org> +--- + source3/rpc_server/srv_pipe.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c +index 0633b5f..c3f0cd8 100644 +--- a/source3/rpc_server/srv_pipe.c ++++ b/source3/rpc_server/srv_pipe.c +@@ -475,6 +475,11 @@ bool is_known_pipename(const char *pipename, struct ndr_syntax_id *syntax) + { + NTSTATUS status; + ++ if (strchr(pipename, '/')) { ++ DEBUG(1, ("Refusing open on pipe %s\n", pipename)); ++ return false; ++ } ++ + if (lp_disable_spoolss() && strequal(pipename, "spoolss")) { + DEBUG(10, ("refusing spoolss access\n")); + return false; +-- +1.9.1 + diff --git a/patches/source/samba/samba.SlackBuild b/patches/source/samba/samba.SlackBuild new file mode 100755 index 000000000..ecbbe34bd --- /dev/null +++ b/patches/source/samba/samba.SlackBuild @@ -0,0 +1,233 @@ +#!/bin/sh + +# Copyright 2008, 2009, 2010, 2011 Patrick J. Volkerding, Sebeka, Minnesota, USA +# All rights reserved. +# +# Redistribution and use of this script, with or without modification, is +# permitted provided that the following conditions are met: +# +# 1. Redistributions of this script must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO +# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + + +VERSION=${VERSION:-$(echo samba-*.tar.xz | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} +BUILD=${BUILD:-2_slack13.37} + +# Automatically determine the architecture we're building on: +if [ -z "$ARCH" ]; then + case "$( uname -m )" in + i?86) export ARCH=i486 ;; + arm*) export ARCH=arm ;; + # Unless $ARCH is already set, use uname -m for all other archs: + *) export ARCH=$( uname -m ) ;; + esac +fi + +CWD=$(pwd) +TMP=${TMP:-/tmp} +PKG=$TMP/package-samba +rm -rf $PKG +mkdir -p $TMP $PKG + +cd $TMP +rm -rf samba-$VERSION +tar xvf $CWD/samba-$VERSION.tar.xz || exit 1 +cd samba-$VERSION || exit 1 + +if [ ! -d source3/lib/cmdline ]; then + ( cd source3/lib + mkdir cmdline + cd cmdline + ln -sf ../../../source3/include/popt_common.h . ) +fi + +chown -R root:root . +find . \ + \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \ + -exec chmod 755 {} \; -o \ + \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ + -exec chmod 644 {} \; + +# Patch CVE-2017-7494: +cat $CWD/samba-4.6.3-4.5.9-4.4.13-CVE-2017-7494.patch | patch -p1 --verbose || exit 1 + +cd source3 +if [ "$ARCH" = "i486" ]; then + SLKCFLAGS="-O2 -march=i486 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "s390" ]; then + SLKCFLAGS="-O2" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "x86_64" ]; then + SLKCFLAGS="-O2 -fPIC" + LIBDIRSUFFIX="64" +else + SLKCFLAGS="-O2" + LIBDIRSUFFIX="" +fi + +# Some of these options could be auto-detected, but declaring them +# here doesn't hurt and helps document what features we're trying to +# build in. +# +# LDFLAGS are needed to avoid problems with missing symbols. +LDFLAGS="-Wl,--no-as-needed" \ +CFLAGS="$SLKCFLAGS" \ +./configure \ + --prefix=/usr \ + --libdir=/usr/lib${LIBDIRSUFFIX} \ + --bindir=/usr/bin \ + --sbindir=/usr/sbin \ + --mandir=/usr/man \ + --sysconfdir=/etc \ + --with-configdir=/etc/samba \ + --with-piddir=/var/run \ + --with-privatedir=/etc/samba/private \ + --localstatedir=/var \ + --with-lockdir=/var/cache/samba \ + --with-swatdir=/usr/share/swat \ + --with-logfilebase=/var/log/samba \ + --enable-cups \ + --enable-external-libtalloc=no \ + --enable-static=no \ + --enable-shared=yes \ + --with-acl-support=yes \ + --with-automount \ + --with-cifsmount \ + --with-cifsumount \ + --with-quotas \ + --with-syslog \ + --with-utmp \ + --with-libsmbclient \ + --with-winbind \ + --with-ldap \ + --build=$ARCH-slackware-linux + # Using with-fhs overrides our libdir, and besides we are already hard-coding + # directories. So, now we define them all explicitly... + #--with-fhs \ + +# -j options don't seem to work... +make || exit 1 + +mkdir -p \ + $PKG/usr/doc/samba-$VERSION \ + $PKG/var/spool/samba \ + $PKG/var/log/samba \ + $PKG/etc/samba/private \ + $PKG/var/cache/samba +chmod 700 $PKG/etc/samba/private +chmod 1777 $PKG/var/spool/samba + +make install-everything DESTDIR=$PKG || exit 1 + +# Install libnss_win* libraries: +mkdir -p $PKG/lib${LIBDIRSUFFIX} +cp -a ../nsswitch/libnss_winbind.so $PKG/lib${LIBDIRSUFFIX}/libnss_winbind.so.2 +cp -a ../nsswitch/libnss_wins.so $PKG/lib${LIBDIRSUFFIX}/libnss_wins.so.2 +( cd $PKG/lib${LIBDIRSUFFIX} + ln -sf libnss_winbind.so.2 libnss_winbind.so + ln -sf libnss_wins.so.2 libnss_wins.so +) + +# Install a pkgconfig file for libtalloc: +mkdir -p $PKG/usr/lib${LIBDIRSUFFIX}/pkgconfig +if [ ! -r $PKG/usr/lib${LIBDIRSUFFIX}/pkgconfig/talloc.pc ]; then + cat $CWD/talloc.pc | sed -e "s/\/lib/\/lib${LIBDIRSUFFIX}/" > $PKG/usr/lib${LIBDIRSUFFIX}/pkgconfig/talloc.pc +fi + +## Make sure that other programs can link against libsmbclient: +#( cd $PKG/usr/lib${LIBDIRSUFFIX} +# for FILE in samba/libsmbclient.so* ; do +# ln -sf $FILE +# done +#) + +# Add some (u)mount links: +mkdir -p $PKG/sbin +( cd $PKG/sbin + # SMBFS is obsolete in the kernel now -- use mount.cifs + #rm -f mount.smbfs ; ln -sf /usr/bin/smbmount mount.smbfs + # Add a wrapper script from Debian that's included in the upstream Samba + # sources to help out people (like me ;-) who don't read every speck of + # documentation: + cat $TMP/samba-$VERSION/examples/scripts/mount/mount.smbfs > mount.smbfs + chmod 755 $PKG/sbin/mount.smbfs + # I suppose this wouldn't be the worst idea in the world, either: + ( cd $PKG/usr/bin ; ln -sf /sbin/mount.smbfs smbmount ) + rm -f mount.cifs ; ln -sf /usr/sbin/mount.cifs mount.cifs + # smbumount was giving me problems so it seems wise to play it safe + #rm -f umount.smbfs ; ln -sf /usr/bin/smbumount umount.smbfs + #rm -f umount.cifs ; ln -sf /usr/sbin/umount.cifs umount.cifs +) + +# Add a sample config file: +cat $CWD/smb.conf.default > $PKG/etc/samba/smb.conf-sample + +if [ ! -r $PKG/usr/bin/smbget ]; then + rm -f $PKG/usr/share/man/man1/smbget.1 + rm -f $PKG/usr/share/swat/help/smbget.1.html +fi + +# We'll add rc.samba to the init directory, but chmod 644 so that it doesn't +# start by default: +mkdir -p $PKG/etc/rc.d +cat $CWD/rc.samba > $PKG/etc/rc.d/rc.samba.new +chmod 644 $PKG/etc/rc.d/rc.samba.new + +mv $PKG/usr/share/man $PKG/usr +gzip -9 $PKG/usr/man/man?/*.? + +find $PKG | xargs file | grep -e "executable" -e "shared object" \ + | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null + +# PAM related stuff we don't use: +rm -r $PKG/usr/share/locale +rm -f $PKG/usr/man/man8/pam* + +cd .. +cp -a \ + COPYING* MAINTAINERS Manifest PFIF.txt README* \ + Read-Manifest-Now Roadmap WHATSNEW.txt docs examples \ + $PKG/usr/doc/samba-$VERSION +# These are installed elsewhere: +rm -rf $PKG/usr/doc/samba-$VERSION/docs/htmldocs \ + $PKG/usr/doc/samba-$VERSION/docs/manpages +mkdir -p $PKG/usr/doc/samba-$VERSION/docs +( cd $PKG/usr/doc/samba-$VERSION/docs + ln -sf /usr/share/swat/help htmldocs +) +# I'm sorry, but when all this info is included in HTML, adding 7MB worth of +# PDF files just to have extra artwork is more fluff than I'll agree to. +rm -f $PKG/usr/doc/samba-$VERSION/docs/*.pdf +# Also redundant also: +rm -rf $PKG/usr/doc/samba-$VERSION/docs/docbook + +mkdir -p $PKG/install +cat $CWD/slack-desc > $PKG/install/slack-desc +zcat $CWD/doinst.sh.gz > $PKG/install/doinst.sh + +cat << EOF + +*** Be sure the package contains: + +drwx------ 2 root root 1024 Mar 12 13:21 /etc/samba/private +drwxr-xr-x 2 root root 4096 May 3 15:46 /var/cache/samba/ +drwxr-xr-x 2 root root 48 Aug 29 13:06 /var/log/samba/ +drwxrwxrwt 2 root root 1024 Mar 12 13:21 /var/spool/samba/ + +EOF + +cd $PKG +/sbin/makepkg -l y -c n $TMP/samba-$VERSION-$ARCH-$BUILD.txz + diff --git a/patches/source/samba/slack-desc b/patches/source/samba/slack-desc new file mode 100644 index 000000000..c06b485d9 --- /dev/null +++ b/patches/source/samba/slack-desc @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. Line +# up the first '|' above the ':' following the base package name, and the '|' +# on the right side marks the last column you can put a character in. You must +# make exactly 11 lines for the formatting to be correct. It's also +# customary to leave one space after the ':'. + + |-----handy-ruler------------------------------------------------------| +samba: samba (SMB/CIFS file and print server) +samba: +samba: Samba is an SMB/CIFS file and print server for SMB and CIFS clients. +samba: It allows you to make file space or printers on a Samba host +samba: available to SMB/CIFS clients (such as PCs running Windows). +samba: +samba: If you have any Windows file servers, you may be able to replace them +samba: or supplement them with Samba. One of Samba's big strengths is +samba: integration, so you can use it to tie together your Linux hosts and +samba: Windows PC clients. +samba: diff --git a/patches/source/samba/smb.conf.default b/patches/source/samba/smb.conf.default new file mode 100644 index 000000000..44ba134f6 --- /dev/null +++ b/patches/source/samba/smb.conf.default @@ -0,0 +1,271 @@ +# This is the main Samba configuration file. You should read the +# smb.conf(5) manual page in order to understand the options listed +# here. Samba has a huge number of configurable options (perhaps too +# many!) most of which are not shown in this example +# +# For a step to step guide on installing, configuring and using samba, +# read the Samba-HOWTO-Collection. This may be obtained from: +# http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf +# +# Many working examples of smb.conf files can be found in the +# Samba-Guide which is generated daily and can be downloaded from: +# http://www.samba.org/samba/docs/Samba-Guide.pdf +# +# Any line which starts with a ; (semi-colon) or a # (hash) +# is a comment and is ignored. In this example we will use a # +# for commentry and a ; for parts of the config file that you +# may wish to enable +# +# NOTE: Whenever you modify this file you should run the command "testparm" +# to check that you have not made any basic syntactic errors. +# +#======================= Global Settings ===================================== +[global] + +# workgroup = NT-Domain-Name or Workgroup-Name, eg: LINUX2 + workgroup = MYGROUP + +# server string is the equivalent of the NT Description field + server string = Samba Server + +# Security mode. Defines in which mode Samba will operate. Possible +# values are share, user, server, domain and ads. Most people will want +# user level security. See the Samba-HOWTO-Collection for details. + security = user + +# This option is important for security. It allows you to restrict +# connections to machines which are on your local network. The +# following example restricts access to two C class networks and +# the "loopback" interface. For more examples of the syntax see +# the smb.conf man page +; hosts allow = 192.168.1. 192.168.2. 127. + +# If you want to automatically load your printer list rather +# than setting them up individually then you'll need this + load printers = yes + +# you may wish to override the location of the printcap file +; printcap name = /etc/printcap + +# on SystemV system setting printcap name to lpstat should allow +# you to automatically obtain a printer list from the SystemV spool +# system +; printcap name = lpstat + +# It should not be necessary to specify the print system type unless +# it is non-standard. Currently supported print systems include: +# bsd, cups, sysv, plp, lprng, aix, hpux, qnx +; printing = cups + +# Uncomment this if you want a guest account, you must add this to /etc/passwd +# otherwise the user "nobody" is used +; guest account = pcguest + +# this tells Samba to use a separate log file for each machine +# that connects + log file = /var/log/samba.%m + +# Put a capping on the size of the log files (in Kb). + max log size = 50 + +# Use password server option only with security = server +# The argument list may include: +# password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name] +# or to auto-locate the domain controller/s +# password server = * +; password server = <NT-Server-Name> + +# Use the realm option only with security = ads +# Specifies the Active Directory realm the host is part of +; realm = MY_REALM + +# Backend to store user information in. New installations should +# use either tdbsam or ldapsam. smbpasswd is available for backwards +# compatibility. tdbsam requires no further configuration. +; passdb backend = tdbsam + +# Using the following line enables you to customise your configuration +# on a per machine basis. The %m gets replaced with the netbios name +# of the machine that is connecting. +# Note: Consider carefully the location in the configuration file of +# this line. The included file is read at that point. +; include = /usr/local/samba/lib/smb.conf.%m + +# Configure Samba to use multiple interfaces +# If you have multiple network interfaces then you must list them +# here. See the man page for details. +; interfaces = 192.168.12.2/24 192.168.13.2/24 + +# Browser Control Options: +# set local master to no if you don't want Samba to become a master +# browser on your network. Otherwise the normal election rules apply +; local master = no + +# OS Level determines the precedence of this server in master browser +# elections. The default value should be reasonable +; os level = 33 + +# Domain Master specifies Samba to be the Domain Master Browser. This +# allows Samba to collate browse lists between subnets. Don't use this +# if you already have a Windows NT domain controller doing this job +; domain master = yes + +# Preferred Master causes Samba to force a local browser election on startup +# and gives it a slightly higher chance of winning the election +; preferred master = yes + +# Enable this if you want Samba to be a domain logon server for +# Windows95 workstations. +; domain logons = yes + +# if you enable domain logons then you may want a per-machine or +# per user logon script +# run a specific logon batch file per workstation (machine) +; logon script = %m.bat +# run a specific logon batch file per username +; logon script = %U.bat + +# Where to store roving profiles (only for Win95 and WinNT) +# %L substitutes for this servers netbios name, %U is username +# You must uncomment the [Profiles] share below +; logon path = \\%L\Profiles\%U + +# Windows Internet Name Serving Support Section: +# WINS Support - Tells the NMBD component of Samba to enable it's WINS Server +; wins support = yes + +# WINS Server - Tells the NMBD components of Samba to be a WINS Client +# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both +; wins server = w.x.y.z + +# WINS Proxy - Tells Samba to answer name resolution queries on +# behalf of a non WINS capable client, for this to work there must be +# at least one WINS Server on the network. The default is NO. +; wins proxy = yes + +# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names +# via DNS nslookups. The default is NO. + dns proxy = no + +# These scripts are used on a domain controller or stand-alone +# machine to add or delete corresponding unix accounts +; add user script = /usr/sbin/useradd %u +; add group script = /usr/sbin/groupadd %g +; add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %u +; delete user script = /usr/sbin/userdel %u +; delete user from group script = /usr/sbin/deluser %u %g +; delete group script = /usr/sbin/groupdel %g + + +#============================ Share Definitions ============================== +[homes] + comment = Home Directories + browseable = no + writable = yes + +# Un-comment the following and create the netlogon directory for Domain Logons +; [netlogon] +; comment = Network Logon Service +; path = /usr/local/samba/lib/netlogon +; guest ok = yes +; writable = no +; share modes = no + + +# Un-comment the following to provide a specific roving profile share +# the default is to use the user's home directory +;[Profiles] +; path = /usr/local/samba/profiles +; browseable = no +; guest ok = yes + + +# NOTE: If you have a BSD-style print system there is no need to +# specifically define each individual printer +[printers] + comment = All Printers + path = /var/spool/samba + browseable = no +# Set public = yes to allow user 'guest account' to print + guest ok = no + writable = no + printable = yes + +# This one is useful for people to share files +;[tmp] +; comment = Temporary file space +; path = /tmp +; read only = no +; public = yes + +# A publicly accessible directory, but read only, except for people in +# the "staff" group +;[public] +; comment = Public Stuff +; path = /home/samba +; public = yes +; writable = no +; printable = no +; write list = @staff + +# Other examples. +# +# A private printer, usable only by fred. Spool data will be placed in fred's +# home directory. Note that fred must have write access to the spool directory, +# wherever it is. +;[fredsprn] +; comment = Fred's Printer +; valid users = fred +; path = /homes/fred +; printer = freds_printer +; public = no +; writable = no +; printable = yes + +# A private directory, usable only by fred. Note that fred requires write +# access to the directory. +;[fredsdir] +; comment = Fred's Service +; path = /usr/somewhere/private +; valid users = fred +; public = no +; writable = yes +; printable = no + +# a service which has a different directory for each machine that connects +# this allows you to tailor configurations to incoming machines. You could +# also use the %U option to tailor it by user name. +# The %m gets replaced with the machine name that is connecting. +;[pchome] +; comment = PC Directories +; path = /usr/pc/%m +; public = no +; writable = yes + +# A publicly accessible directory, read/write to all users. Note that all files +# created in the directory by users will be owned by the default user, so +# any user with access can delete any other user's files. Obviously this +# directory must be writable by the default user. Another user could of course +# be specified, in which case all files would be owned by that user instead. +;[public] +; path = /usr/somewhere/else/public +; public = yes +; only guest = yes +; writable = yes +; printable = no + +# The following two entries demonstrate how to share a directory so that two +# users can place files there that will be owned by the specific users. In this +# setup, the directory should be writable by both users and should have the +# sticky bit set on it to prevent abuse. Obviously this could be extended to +# as many users as required. +;[myshare] +; comment = Mary's and Fred's stuff +; path = /usr/somewhere/shared +; valid users = mary fred +; public = no +; writable = yes +; printable = no +; create mask = 0765 + + diff --git a/patches/source/samba/smb.conf.default.orig b/patches/source/samba/smb.conf.default.orig new file mode 100644 index 000000000..b4e3d63e0 --- /dev/null +++ b/patches/source/samba/smb.conf.default.orig @@ -0,0 +1,271 @@ +# This is the main Samba configuration file. You should read the +# smb.conf(5) manual page in order to understand the options listed +# here. Samba has a huge number of configurable options (perhaps too +# many!) most of which are not shown in this example +# +# For a step to step guide on installing, configuring and using samba, +# read the Samba-HOWTO-Collection. This may be obtained from: +# http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf +# +# Many working examples of smb.conf files can be found in the +# Samba-Guide which is generated daily and can be downloaded from: +# http://www.samba.org/samba/docs/Samba-Guide.pdf +# +# Any line which starts with a ; (semi-colon) or a # (hash) +# is a comment and is ignored. In this example we will use a # +# for commentry and a ; for parts of the config file that you +# may wish to enable +# +# NOTE: Whenever you modify this file you should run the command "testparm" +# to check that you have not made any basic syntactic errors. +# +#======================= Global Settings ===================================== +[global] + +# workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH + workgroup = MYGROUP + +# server string is the equivalent of the NT Description field + server string = Samba Server + +# Security mode. Defines in which mode Samba will operate. Possible +# values are share, user, server, domain and ads. Most people will want +# user level security. See the Samba-HOWTO-Collection for details. + security = user + +# This option is important for security. It allows you to restrict +# connections to machines which are on your local network. The +# following example restricts access to two C class networks and +# the "loopback" interface. For more examples of the syntax see +# the smb.conf man page +; hosts allow = 192.168.1. 192.168.2. 127. + +# If you want to automatically load your printer list rather +# than setting them up individually then you'll need this + load printers = yes + +# you may wish to override the location of the printcap file +; printcap name = /etc/printcap + +# on SystemV system setting printcap name to lpstat should allow +# you to automatically obtain a printer list from the SystemV spool +# system +; printcap name = lpstat + +# It should not be necessary to specify the print system type unless +# it is non-standard. Currently supported print systems include: +# bsd, cups, sysv, plp, lprng, aix, hpux, qnx +; printing = cups + +# Uncomment this if you want a guest account, you must add this to /etc/passwd +# otherwise the user "nobody" is used +; guest account = pcguest + +# this tells Samba to use a separate log file for each machine +# that connects + log file = /usr/local/samba/var/log.%m + +# Put a capping on the size of the log files (in Kb). + max log size = 50 + +# Use password server option only with security = server +# The argument list may include: +# password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name] +# or to auto-locate the domain controller/s +# password server = * +; password server = <NT-Server-Name> + +# Use the realm option only with security = ads +# Specifies the Active Directory realm the host is part of +; realm = MY_REALM + +# Backend to store user information in. New installations should +# use either tdbsam or ldapsam. smbpasswd is available for backwards +# compatibility. tdbsam requires no further configuration. +; passdb backend = tdbsam + +# Using the following line enables you to customise your configuration +# on a per machine basis. The %m gets replaced with the netbios name +# of the machine that is connecting. +# Note: Consider carefully the location in the configuration file of +# this line. The included file is read at that point. +; include = /usr/local/samba/lib/smb.conf.%m + +# Configure Samba to use multiple interfaces +# If you have multiple network interfaces then you must list them +# here. See the man page for details. +; interfaces = 192.168.12.2/24 192.168.13.2/24 + +# Browser Control Options: +# set local master to no if you don't want Samba to become a master +# browser on your network. Otherwise the normal election rules apply +; local master = no + +# OS Level determines the precedence of this server in master browser +# elections. The default value should be reasonable +; os level = 33 + +# Domain Master specifies Samba to be the Domain Master Browser. This +# allows Samba to collate browse lists between subnets. Don't use this +# if you already have a Windows NT domain controller doing this job +; domain master = yes + +# Preferred Master causes Samba to force a local browser election on startup +# and gives it a slightly higher chance of winning the election +; preferred master = yes + +# Enable this if you want Samba to be a domain logon server for +# Windows95 workstations. +; domain logons = yes + +# if you enable domain logons then you may want a per-machine or +# per user logon script +# run a specific logon batch file per workstation (machine) +; logon script = %m.bat +# run a specific logon batch file per username +; logon script = %U.bat + +# Where to store roving profiles (only for Win95 and WinNT) +# %L substitutes for this servers netbios name, %U is username +# You must uncomment the [Profiles] share below +; logon path = \\%L\Profiles\%U + +# Windows Internet Name Serving Support Section: +# WINS Support - Tells the NMBD component of Samba to enable it's WINS Server +; wins support = yes + +# WINS Server - Tells the NMBD components of Samba to be a WINS Client +# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both +; wins server = w.x.y.z + +# WINS Proxy - Tells Samba to answer name resolution queries on +# behalf of a non WINS capable client, for this to work there must be +# at least one WINS Server on the network. The default is NO. +; wins proxy = yes + +# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names +# via DNS nslookups. The default is NO. + dns proxy = no + +# These scripts are used on a domain controller or stand-alone +# machine to add or delete corresponding unix accounts +; add user script = /usr/sbin/useradd %u +; add group script = /usr/sbin/groupadd %g +; add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %u +; delete user script = /usr/sbin/userdel %u +; delete user from group script = /usr/sbin/deluser %u %g +; delete group script = /usr/sbin/groupdel %g + + +#============================ Share Definitions ============================== +[homes] + comment = Home Directories + browseable = no + writable = yes + +# Un-comment the following and create the netlogon directory for Domain Logons +; [netlogon] +; comment = Network Logon Service +; path = /usr/local/samba/lib/netlogon +; guest ok = yes +; writable = no +; share modes = no + + +# Un-comment the following to provide a specific roving profile share +# the default is to use the user's home directory +;[Profiles] +; path = /usr/local/samba/profiles +; browseable = no +; guest ok = yes + + +# NOTE: If you have a BSD-style print system there is no need to +# specifically define each individual printer +[printers] + comment = All Printers + path = /usr/spool/samba + browseable = no +# Set public = yes to allow user 'guest account' to print + guest ok = no + writable = no + printable = yes + +# This one is useful for people to share files +;[tmp] +; comment = Temporary file space +; path = /tmp +; read only = no +; public = yes + +# A publicly accessible directory, but read only, except for people in +# the "staff" group +;[public] +; comment = Public Stuff +; path = /home/samba +; public = yes +; writable = no +; printable = no +; write list = @staff + +# Other examples. +# +# A private printer, usable only by fred. Spool data will be placed in fred's +# home directory. Note that fred must have write access to the spool directory, +# wherever it is. +;[fredsprn] +; comment = Fred's Printer +; valid users = fred +; path = /homes/fred +; printer = freds_printer +; public = no +; writable = no +; printable = yes + +# A private directory, usable only by fred. Note that fred requires write +# access to the directory. +;[fredsdir] +; comment = Fred's Service +; path = /usr/somewhere/private +; valid users = fred +; public = no +; writable = yes +; printable = no + +# a service which has a different directory for each machine that connects +# this allows you to tailor configurations to incoming machines. You could +# also use the %U option to tailor it by user name. +# The %m gets replaced with the machine name that is connecting. +;[pchome] +; comment = PC Directories +; path = /usr/pc/%m +; public = no +; writable = yes + +# A publicly accessible directory, read/write to all users. Note that all files +# created in the directory by users will be owned by the default user, so +# any user with access can delete any other user's files. Obviously this +# directory must be writable by the default user. Another user could of course +# be specified, in which case all files would be owned by that user instead. +;[public] +; path = /usr/somewhere/else/public +; public = yes +; only guest = yes +; writable = yes +; printable = no + +# The following two entries demonstrate how to share a directory so that two +# users can place files there that will be owned by the specific users. In this +# setup, the directory should be writable by both users and should have the +# sticky bit set on it to prevent abuse. Obviously this could be extended to +# as many users as required. +;[myshare] +; comment = Mary's and Fred's stuff +; path = /usr/somewhere/shared +; valid users = mary fred +; public = no +; writable = yes +; printable = no +; create mask = 0765 + + diff --git a/patches/source/samba/smb.conf.diff b/patches/source/samba/smb.conf.diff new file mode 100644 index 000000000..3573a8f0b --- /dev/null +++ b/patches/source/samba/smb.conf.diff @@ -0,0 +1,29 @@ +--- smb.conf.default.orig 2009-09-30 07:17:40.000000000 -0500 ++++ smb.conf.default 2009-10-03 15:59:26.000000000 -0500 +@@ -22,7 +22,7 @@ + #======================= Global Settings ===================================== + [global] + +-# workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH ++# workgroup = NT-Domain-Name or Workgroup-Name, eg: LINUX2 + workgroup = MYGROUP + + # server string is the equivalent of the NT Description field +@@ -63,7 +63,7 @@ + + # this tells Samba to use a separate log file for each machine + # that connects +- log file = /usr/local/samba/var/log.%m ++ log file = /var/log/samba.%m + + # Put a capping on the size of the log files (in Kb). + max log size = 50 +@@ -184,7 +184,7 @@ + # specifically define each individual printer + [printers] + comment = All Printers +- path = /usr/spool/samba ++ path = /var/spool/samba + browseable = no + # Set public = yes to allow user 'guest account' to print + guest ok = no diff --git a/patches/source/samba/talloc.pc b/patches/source/samba/talloc.pc new file mode 100644 index 000000000..7a23835ce --- /dev/null +++ b/patches/source/samba/talloc.pc @@ -0,0 +1,11 @@ +prefix=/usr +exec_prefix=${prefix} +libdir=${exec_prefix}/lib +includedir=${prefix}/include + +Name: talloc +Description: A hierarchical pool based memory system with destructors +Version: 2.0.1 +Libs: -L${libdir} -ltalloc +Cflags: -I${includedir} +URL: http://talloc.samba.org/ |