Here I attach the patch that fixes mentioned 3 problems as well as few others:

 * BUG 1315 - wbinfo -t unsuccessful on 3.0.4
 * BUG 1319 - Cannot write to a share with write-list users
 * BUG 1345 - Macromedia Homesite cannot connect anymore after upgrade to 3.0.4

 * Patch from Rudolf Cejka <cejkar@fit.vutbr.cz> - rpcclient does not recognize
     parameters in -c <command> correctly.

 * Patch from Joerg Pulz <Joerg.Pulz@frm2.tum.de> - fixes to samba.sh startup script.

PR:		ports/67865
Submitted by:	edwin@mavetju.org,Rudolf Cejka <cejkar@fit.vutbr.cz>,Joerg Pulz <Joerg.Pulz@frm2.tum.de>
Approved by:	maintainer

11 files changed, 259 insertions, 7 deletions

diff --git a/net/samba3/Makefile b/net/samba3/Makefile
index 82bf9e0185f2..1cb23f747ac4 100644
--- a/net/samba3/Makefile
+++ b/net/samba3/Makefile
@@ -7,7 +7,7 @@
 
 PORTNAME=		samba
 PORTVERSION=		3.0.4
-PORTREVISION?=		2
+PORTREVISION?=		3
 PORTEPOCH?=		1
 CATEGORIES?=		net
 MASTER_SITES=		${MASTER_SITE_SAMBA}
@@ -22,7 +22,7 @@ CONFLICTS?=		ja-samba-2.* samba-2.* sharity-light-1.*
 USE_ICONV=		yes
 USE_AUTOCONF_VER=	253
 
-LATEST_LINK?=		${PKGNAMEPREFIX}${PORTNAME}-3${PKGNAMESUFFIX}
+LATEST_LINK?=		${PKGNAMEPREFIX}${PORTNAME}3${PKGNAMESUFFIX}
 EXAMPLESDIR=		${PREFIX}/share/examples/${PKGNAMEPREFIX}${PORTNAME}${PKGNAMESUFFIX}
 WRKSRC=			${WRKDIR}/${DISTNAME}/source
 
@@ -33,10 +33,10 @@ SAMBA_LOGDIR=		${VARDIR}/log/samba
 SAMBA_RUNDIR=		${VARDIR}/run
 SAMBA_LOCKDIR?=		${VARDIR}/db/samba
 SAMBA_PRIVATE?=		${PREFIX}/private
-SAMBA_CONFDIR?=		${PREFIX}/etc
+SAMBA_CONFDIR=		${PREFIX}/etc
 SAMBA_SWATDIR=		${PREFIX}/share/swat
 SAMBA_LIBDIR=		${PREFIX}/lib
-RC_DIR?=		${SAMBA_CONFDIR}/rc.d
+RC_DIR=			${SAMBA_CONFDIR}/rc.d
 SAMBA_CONFIG=		${SAMBA_CONFDIR}/smb.conf
 
 CONFIGURE_ENV+=		CPPFLAGS=-I${LOCALBASE}/include \
diff --git a/net/samba3/files/patch-configure.in b/net/samba3/files/patch-configure.in
new file mode 100644
index 000000000000..9f38d6ecbfb6
--- /dev/null
+++ b/net/samba3/files/patch-configure.in
@@ -0,0 +1,16 @@
+--- configure.in.orig	Thu Apr 29 09:34:48 2004
++++ configure.in	Thu May 20 14:16:15 2004
+@@ -803,6 +803,13 @@
+    AC_DEFINE(HAVE_SIG_ATOMIC_T_TYPE,1,[Whether we have the atomic_t variable type])
+ fi
+ 
++AC_CACHE_CHECK([for optreset], samba_cv_var_optreset, [
++  AC_TRY_LINK([#include <unistd.h>],[optreset = 1],
++  [samba_cv_var_optreset=yes],[samba_cv_var_optreset=no])])
++if test x"$samba_cv_var_optreset" = x"yes"; then
++  AC_DEFINE(HAVE_OPTRESET,1,[Whether the system has optreset])
++fi
++
+ # stupid headers have the functions but no declaration. grrrr.
+ AC_HAVE_DECL(errno, [#include <errno.h>])
+ AC_HAVE_DECL(setresuid, [#include <unistd.h>])
diff --git a/net/samba3/files/patch-include_config.h.in b/net/samba3/files/patch-include_config.h.in
new file mode 100644
index 000000000000..093b2ef23485
--- /dev/null
+++ b/net/samba3/files/patch-include_config.h.in
@@ -0,0 +1,12 @@
+--- include/config.h.in.orig	Sat May  8 02:33:46 2004
++++ include/config.h.in	Thu May 20 14:17:44 2004
+@@ -236,6 +236,9 @@
+ /* Define to 1 if you have the `endnetgrent' function. */
+ #undef HAVE_ENDNETGRENT
+ 
++/* Whether optreset is available */
++#undef HAVE_OPTRESET
++
+ /* Whether errno() is available */
+ #undef HAVE_ERRNO_DECL
+ 
diff --git a/net/samba3/files/patch-jerry-cli_pipe.c b/net/samba3/files/patch-jerry-cli_pipe.c
new file mode 100644
index 000000000000..310f3d860f3f
--- /dev/null
+++ b/net/samba3/files/patch-jerry-cli_pipe.c
@@ -0,0 +1,53 @@
+Index: source/rpc_client/cli_pipe.c
+===================================================================
+--- rpc_client/cli_pipe.c	(revision 842)
++++ rpc_client/cli_pipe.c	(working copy)
+@@ -332,13 +332,24 @@
+ 	if (cli->pipe_auth_flags & AUTH_PIPE_NETSEC) {
+ 		RPC_AUTH_NETSEC_CHK chk;
+ 
+-		if (auth_len != RPC_AUTH_NETSEC_CHK_LEN) {
++		if ( (auth_len != RPC_AUTH_NETSEC_SIGN_OR_SEAL_CHK_LEN) 
++			&& (auth_len != RPC_AUTH_NETSEC_SIGN_ONLY_CHK_LEN)  ) 
++		{
+ 			DEBUG(0,("rpc_auth_pipe: wrong schannel auth len %d\n", auth_len));
+ 			return False;
+ 		}
+ 
+-		if (!smb_io_rpc_auth_netsec_chk("schannel_auth_sign", 
+-						&chk, &auth_verf, 0)) {
++		/* can't seal with no nonce */
++		if ( (cli->pipe_auth_flags & AUTH_PIPE_SEAL)
++			&& (auth_len != RPC_AUTH_NETSEC_SIGN_OR_SEAL_CHK_LEN)  )
++		{
++			DEBUG(0,("rpc_auth_pipe: sealing not supported with schannel auth len %d\n", auth_len));
++			return False;
++		}
++		
++
++		if (!smb_io_rpc_auth_netsec_chk("schannel_auth_sign", auth_len, &chk, &auth_verf, 0)) 
++		{
+ 			DEBUG(0, ("rpc_auth_pipe: schannel unmarshalling "
+ 				  "RPC_AUTH_NETSECK_CHK failed\n"));
+ 			return False;
+@@ -918,7 +929,7 @@
+ 			auth_len = RPC_AUTH_NTLMSSP_CHK_LEN;
+ 		}
+ 		if (cli->pipe_auth_flags & AUTH_PIPE_NETSEC) {	
+-			auth_len = RPC_AUTH_NETSEC_CHK_LEN;
++			auth_len = RPC_AUTH_NETSEC_SIGN_OR_SEAL_CHK_LEN;
+ 		}
+ 		auth_hdr_len = RPC_HDR_AUTH_LEN;
+ 	}
+@@ -1034,8 +1045,9 @@
+ 				/* write auth footer onto the packet */
+ 				
+ 				parse_offset_marker = prs_offset(&sec_blob);
+-				if (!smb_io_rpc_auth_netsec_chk("", &verf,
+-								&sec_blob, 0)) {
++				if (!smb_io_rpc_auth_netsec_chk("", RPC_AUTH_NETSEC_SIGN_OR_SEAL_CHK_LEN, 
++					&verf, &sec_blob, 0)) 
++				{
+ 					prs_mem_free(&sec_blob);
+ 					return False;
+ 				}
diff --git a/net/samba3/files/patch-jerry-filename.c b/net/samba3/files/patch-jerry-filename.c
new file mode 100644
index 000000000000..9ee1ade38fc8
--- /dev/null
+++ b/net/samba3/files/patch-jerry-filename.c
@@ -0,0 +1,15 @@
+Index: source/smbd/filename.c
+===================================================================
+--- smbd/filename.c	(revision 842)
++++ smbd/filename.c	(working copy)
+@@ -137,6 +137,10 @@
+ 	if (!*name) {
+ 		name[0] = '.';
+ 		name[1] = '\0';
++		if (SMB_VFS_STAT(conn,name,&st) == 0) {
++			*pst = st;
++		}
++		DEBUG(5,("conversion finished %s -> %s\n",orig_path, name));
+ 		return(True);
+ 	}
+ 
diff --git a/net/samba3/files/patch-jerry-parse_rpc.c b/net/samba3/files/patch-jerry-parse_rpc.c
new file mode 100644
index 000000000000..e0beba3cf61c
--- /dev/null
+++ b/net/samba3/files/patch-jerry-parse_rpc.c
@@ -0,0 +1,38 @@
+Index: source/rpc_parse/parse_rpc.c
+===================================================================
+--- rpc_parse/parse_rpc.c	(revision 842)
++++ rpc_parse/parse_rpc.c	(working copy)
+@@ -1189,7 +1189,8 @@
+ /*******************************************************************
+ reads or writes an RPC_AUTH_NETSEC_CHK structure.
+ ********************************************************************/
+-BOOL smb_io_rpc_auth_netsec_chk(const char *desc, RPC_AUTH_NETSEC_CHK * chk,
++BOOL smb_io_rpc_auth_netsec_chk(const char *desc, int auth_len, 
++                                RPC_AUTH_NETSEC_CHK * chk,
+ 				prs_struct *ps, int depth)
+ {
+ 	if (chk == NULL)
+@@ -1198,10 +1199,19 @@
+ 	prs_debug(ps, depth, desc, "smb_io_rpc_auth_netsec_chk");
+ 	depth++;
+ 
+-	prs_uint8s(False, "sig  ", ps, depth, chk->sig, sizeof(chk->sig));
+-	prs_uint8s(False, "seq_num", ps, depth, chk->seq_num, sizeof(chk->seq_num));
+-	prs_uint8s(False, "packet_digest", ps, depth, chk->packet_digest, sizeof(chk->packet_digest));
+-	prs_uint8s(False, "confounder", ps, depth, chk->confounder, sizeof(chk->confounder));
++	if ( !prs_uint8s(False, "sig  ", ps, depth, chk->sig, sizeof(chk->sig)) )
++		return False;
++		
++	if ( !prs_uint8s(False, "seq_num", ps, depth, chk->seq_num, sizeof(chk->seq_num)) )
++		return False;
++		
++	if ( !prs_uint8s(False, "packet_digest", ps, depth, chk->packet_digest, sizeof(chk->packet_digest)) )
++		return False;
++	
++	if ( auth_len == RPC_AUTH_NETSEC_SIGN_OR_SEAL_CHK_LEN ) {
++		if ( !prs_uint8s(False, "confounder", ps, depth, chk->confounder, sizeof(chk->confounder)) )
++			return False;
++	}
+ 
+ 	return True;
+ }
diff --git a/net/samba3/files/patch-jerry-rpc_dce.h b/net/samba3/files/patch-jerry-rpc_dce.h
new file mode 100644
index 000000000000..e99931e00cd0
--- /dev/null
+++ b/net/samba3/files/patch-jerry-rpc_dce.h
@@ -0,0 +1,16 @@
+Index: source/include/rpc_dce.h
+===================================================================
+--- include/rpc_dce.h	(revision 842)
++++ include/rpc_dce.h	(working copy)
+@@ -63,8 +63,10 @@
+ #define NETSEC_AUTH_TYPE 0x44
+ #define NETSEC_SIGN_SIGNATURE { 0x77, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00 }
+ #define NETSEC_SEAL_SIGNATURE { 0x77, 0x00, 0x7a, 0x00, 0xff, 0xff, 0x00, 0x00 }
+-#define RPC_AUTH_NETSEC_CHK_LEN 0x20
+ 
++#define RPC_AUTH_NETSEC_SIGN_OR_SEAL_CHK_LEN 	0x20
++#define RPC_AUTH_NETSEC_SIGN_ONLY_CHK_LEN 	0x18
++
+ /* The 7 here seems to be required to get Win2k not to downgrade us
+    to NT4.  Actually, anything other than 1ff would seem to do... */
+ #define NETLOGON_NEG_AUTH2_FLAGS 0x000701ff
diff --git a/net/samba3/files/patch-jerry-srv_pipe.c b/net/samba3/files/patch-jerry-srv_pipe.c
new file mode 100644
index 000000000000..9185fac2e4b9
--- /dev/null
+++ b/net/samba3/files/patch-jerry-srv_pipe.c
@@ -0,0 +1,54 @@
+Index: source/rpc_server/srv_pipe.c
+===================================================================
+--- rpc_server/srv_pipe.c	(revision 842)
++++ rpc_server/srv_pipe.c	(working copy)
+@@ -124,7 +124,7 @@
+ 	if(p->ntlmssp_auth_validated) {
+ 		data_space_available -= (RPC_HDR_AUTH_LEN + RPC_AUTH_NTLMSSP_CHK_LEN);
+ 	} else if(p->netsec_auth_validated) {
+-		data_space_available -= (RPC_HDR_AUTH_LEN + RPC_AUTH_NETSEC_CHK_LEN);
++		data_space_available -= (RPC_HDR_AUTH_LEN + RPC_AUTH_NETSEC_SIGN_OR_SEAL_CHK_LEN);
+ 	}
+ 
+ 	/*
+@@ -177,8 +177,8 @@
+ 	} else if (p->netsec_auth_validated) {
+ 		p->hdr.frag_len = RPC_HEADER_LEN + RPC_HDR_RESP_LEN +
+ 			data_len + ss_padding_len +
+-			RPC_HDR_AUTH_LEN + RPC_AUTH_NETSEC_CHK_LEN;
+-		p->hdr.auth_len = RPC_AUTH_NETSEC_CHK_LEN;
++			RPC_HDR_AUTH_LEN + RPC_AUTH_NETSEC_SIGN_OR_SEAL_CHK_LEN;
++		p->hdr.auth_len = RPC_AUTH_NETSEC_SIGN_OR_SEAL_CHK_LEN;
+ 	} else {
+ 		p->hdr.frag_len = RPC_HEADER_LEN + RPC_HDR_RESP_LEN + data_len;
+ 		p->hdr.auth_len = 0;
+@@ -309,7 +309,8 @@
+ 			      SENDER_IS_ACCEPTOR,
+ 			      &verf, data, data_len + ss_padding_len);
+ 
+-		smb_io_rpc_auth_netsec_chk("", &verf, &outgoing_pdu, 0);
++		smb_io_rpc_auth_netsec_chk("", RPC_AUTH_NETSEC_SIGN_OR_SEAL_CHK_LEN, 
++			&verf, &outgoing_pdu, 0);
+ 
+ 		p->netsec_auth.seq_num++;
+ 	}
+@@ -1339,7 +1340,7 @@
+ 
+ 	auth_len = p->hdr.auth_len;
+ 
+-	if (auth_len != RPC_AUTH_NETSEC_CHK_LEN) {
++	if (auth_len != RPC_AUTH_NETSEC_SIGN_OR_SEAL_CHK_LEN) {
+ 		DEBUG(0,("Incorrect auth_len %d.\n", auth_len ));
+ 		return False;
+ 	}
+@@ -1384,7 +1385,9 @@
+ 		return False;
+ 	}
+ 
+-	if(!smb_io_rpc_auth_netsec_chk("", &netsec_chk, rpc_in, 0)) {
++	if(!smb_io_rpc_auth_netsec_chk("", RPC_AUTH_NETSEC_SIGN_OR_SEAL_CHK_LEN, 
++		&netsec_chk, rpc_in, 0)) 
++	{
+ 		DEBUG(0,("failed to unmarshal RPC_AUTH_NETSEC_CHK.\n"));
+ 		return False;
+ 	}
diff --git a/net/samba3/files/patch-jerry-uid.c b/net/samba3/files/patch-jerry-uid.c
new file mode 100644
index 000000000000..c3c4a7b5c9ad
--- /dev/null
+++ b/net/samba3/files/patch-jerry-uid.c
@@ -0,0 +1,33 @@
+Index: source/smbd/uid.c
+===================================================================
+--- smbd/uid.c	(revision 842)
++++ smbd/uid.c	(working copy)
+@@ -189,20 +189,26 @@
+ 
+ 	snum = SNUM(conn);
+ 
++	if ((vuser) && !check_user_ok(conn, vuser, snum)) {
++		DEBUG(2,("change_to_user: SMB user %s (unix user %s, vuid %d) not permitted access to share %s.\n",
++			vuser->user.smb_name, vuser->user.unix_name, vuid, lp_servicename(snum)));
++		return False;
++	}
++
+ 	if (conn->force_user) /* security = share sets this too */ {
+ 		uid = conn->uid;
+ 		gid = conn->gid;
+ 		current_user.groups = conn->groups;
+ 		current_user.ngroups = conn->ngroups;
+ 		token = conn->nt_user_token;
+-	} else if ((vuser) && check_user_ok(conn, vuser, snum)) {
++	} else if (vuser) {
+ 		uid = conn->admin_user ? 0 : vuser->uid;
+ 		gid = vuser->gid;
+ 		current_user.ngroups = vuser->n_groups;
+ 		current_user.groups  = vuser->groups;
+ 		token = vuser->nt_user_token;
+ 	} else {
+-		DEBUG(2,("change_to_user: Invalid vuid used %d or vuid not permitted access to share.\n",vuid));
++		DEBUG(2,("change_to_user: Invalid vuid used %d in accessing share %s.\n",vuid, lp_servicename(snum) ));
+ 		return False;
+ 	}
+ 
diff --git a/net/samba3/files/patch-rpcclient_cmd_reg.c b/net/samba3/files/patch-rpcclient_cmd_reg.c
new file mode 100644
index 000000000000..dc8a5726b678
--- /dev/null
+++ b/net/samba3/files/patch-rpcclient_cmd_reg.c
@@ -0,0 +1,15 @@
+--- rpcclient/cmd_reg.c.orig	Sun Apr  4 09:37:28 2004
++++ rpcclient/cmd_reg.c	Thu May 20 14:18:36 2004
+@@ -905,7 +905,11 @@
+ 	int opt;
+ 
+ 	*msg = 0;
+-	optind = 0; /* TODO: test if this hack works on other systems too --simo */
++#ifdef HAVE_OPTRESET
++	optreset = optind = 1;
++#else
++	optind = 0;
++#endif
+ 
+ 	while ((opt = getopt(argc, argv, "m:t:rf")) != EOF)
+ 	{
diff --git a/net/samba3/files/samba.sh.sample b/net/samba3/files/samba.sh.sample
index 1b51ab40b6d8..6fea8f03478a 100644
--- a/net/samba3/files/samba.sh.sample
+++ b/net/samba3/files/samba.sh.sample
@@ -86,7 +86,7 @@ stop_cmd="samba_stop"
 # Defaults
 nmbd_enable=${nmbd_enable:-"NO"}
 nmbd_flags=${nmbd_flags:-"-D"}
-command_args="${nmbd_flags} -s ${samba_config}"
+command_args="-s ${samba_config}"
 
 load_rc_config $name
 run_rc_command "$1"
@@ -101,7 +101,7 @@ stop_cmd="samba_stop"
 # Defaults
 smbd_enable=${smbd_enable:-"NO"}
 smbd_flags=${smbd_flags:-"-D"}
-command_args="${smbd_flags} -s ${samba_config}"
+command_args="-s ${samba_config}"
 
 load_rc_config $name
 run_rc_command "$1"
@@ -117,7 +117,7 @@ run_rc_command "$1"
 %%WINBIND%%# Defaults
 %%WINBIND%%winbindd_enable=${winbindd_enable:-"NO"}
 %%WINBIND%%winbindd_flags=${winbindd_flags:-""}
-%%WINBIND%%command_args="${winbindd_flags} -s ${samba_config}"
+%%WINBIND%%command_args="-s ${samba_config}"
 %%WINBIND%%
 %%WINBIND%%load_rc_config $name
 %%WINBIND%%run_rc_command "$1"