else
include make/custom.mk
endif
+include make/samba.mk
include make/plugins-lua.mk
include make/multimedia.mk
include make/rootfs.mk
--- /dev/null
+#!/bin/sh
+
+SMB_CONF=/var/etc/samba/smb.conf
+
+case "$1" in
+ start)
+ if [ -e /var/etc/.samba ]; then
+ grep -q "%%NETBIOS_NAME%%" $SMB_CONF
+ if [ $? -eq 0 ]; then
+ hwaddr=$(ifconfig eth0 | awk '/HWaddr/ { split($5,v,":"); print v[4] v[5] v[6] }')
+ sed -i "s|%%NETBIOS_NAME%%|KW-${hwaddr}|" $SMB_CONF
+ fi
+ mkdir -p /var/samba/locks
+ for i in smbd nmbd; do
+ printf "starting $i ..."
+ if pidof $i > /dev/null; then
+ echo " already running"
+ else
+ $i
+ echo "done"
+ fi
+ done
+ fi
+ ;;
+ stop)
+ if [ -e /var/etc/.samba ]; then
+ for i in nmbd smbd; do
+ printf "stopping $i ..."
+ if pidof $i > /dev/null; then
+ read pid < /var/run/${i}.pid
+ kill $pid && echo "done" || echo "failed!"
+ else
+ echo "not running"
+ fi
+ done
+ fi
+ ;;
+ restart)
+ if [ -e /var/etc/.samba ]; then
+ $0 stop
+ sleep 2
+ $0 start
+ fi
+ ;;
+ *)
+ echo "[$BASENAME] Usage: $0 {start|stop|restart}"
+ ;;
+esac
--- /dev/null
+ac_cv_path_PYTHON=/not/exist
+ac_cv_path_PYTHON_CONFIG=/not/exist
+samba_cv_CC_NEGATIVE_ENUM_VALUES=yes
+libreplace_cv_HAVE_GETADDRINFO=no
+ac_cv_file__proc_sys_kernel_core_pattern=yes
--- /dev/null
+[global]
+server string = Samba-Server %v
+# align workgroup and netbios name to your needs
+workgroup = WORKGROUP
+netbios name = %%NETBIOS_NAME%%
+security = share
+guest account = root
+printcap name = /dev/null
+
+[public]
+path = /
+public = yes
+writable = yes
--- /dev/null
+From 126e3e992bed7174d60ee19212db9b717647ab2e Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@cryptomilk.org>
+Date: Wed, 30 Mar 2016 16:55:44 +0200
+Subject: [PATCH 1/3] CVE-2016-2112: s3:ntlmssp: Implement missing
+ ntlmssp_have_feature()
+
+Signed-off-by: Andreas Schneider <asn@samba.org>
+---
+ source3/include/proto.h | 1 +
+ source3/libsmb/ntlmssp.c | 30 ++++++++++++++++++++++++++++++
+ 2 files changed, 31 insertions(+)
+
+--- a/source3/include/proto.h
++++ b/source3/include/proto.h
+@@ -1260,6 +1260,7 @@ NTSTATUS ntlmssp_set_password(struct ntl
+ NTSTATUS ntlmssp_set_domain(struct ntlmssp_state *ntlmssp_state, const char *domain) ;
+ void ntlmssp_want_feature_list(struct ntlmssp_state *ntlmssp_state, char *feature_list);
+ void ntlmssp_want_feature(struct ntlmssp_state *ntlmssp_state, uint32_t feature);
++bool ntlmssp_have_feature(struct ntlmssp_state *ntlmssp_state, uint32_t feature);
+ NTSTATUS ntlmssp_update(struct ntlmssp_state *ntlmssp_state,
+ const DATA_BLOB in, DATA_BLOB *out) ;
+ NTSTATUS ntlmssp_server_start(TALLOC_CTX *mem_ctx,
+--- a/source3/libsmb/ntlmssp.c
++++ b/source3/libsmb/ntlmssp.c
+@@ -162,6 +162,36 @@ NTSTATUS ntlmssp_set_domain(struct ntlms
+ return NT_STATUS_OK;
+ }
+
++bool ntlmssp_have_feature(struct ntlmssp_state *ntlmssp_state,
++ uint32_t feature)
++{
++ if (feature & NTLMSSP_FEATURE_SIGN) {
++ if (ntlmssp_state->session_key.length == 0) {
++ return false;
++ }
++ if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SIGN) {
++ return true;
++ }
++ }
++
++ if (feature & NTLMSSP_FEATURE_SEAL) {
++ if (ntlmssp_state->session_key.length == 0) {
++ return false;
++ }
++ if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SEAL) {
++ return true;
++ }
++ }
++
++ if (feature & NTLMSSP_FEATURE_SESSION_KEY) {
++ if (ntlmssp_state->session_key.length > 0) {
++ return true;
++ }
++ }
++
++ return false;
++}
++
+ /**
+ * Request features for the NTLMSSP negotiation
+ *
+--- a/source3/libads/sasl.c
++++ b/source3/libads/sasl.c
+@@ -261,6 +261,37 @@ static ADS_STATUS ads_sasl_spnego_ntlmss
+ /* we have a reference conter on ntlmssp_state, if we are signing
+ then the state will be kept by the signing engine */
+
++ if (ads->ldap.wrap_type >= ADS_SASLWRAP_TYPE_SEAL) {
++ bool ok;
++
++ ok = ntlmssp_have_feature(ntlmssp_state,
++ NTLMSSP_FEATURE_SEAL);
++ if (!ok) {
++ DEBUG(0,("The ntlmssp feature sealing request, but unavailable\n"));
++ TALLOC_FREE(ntlmssp_state);
++ return ADS_ERROR_NT(NT_STATUS_INVALID_NETWORK_RESPONSE);
++ }
++
++ ok = ntlmssp_have_feature(ntlmssp_state,
++ NTLMSSP_FEATURE_SIGN);
++ if (!ok) {
++ DEBUG(0,("The ntlmssp feature signing request, but unavailable\n"));
++ TALLOC_FREE(ntlmssp_state);
++ return ADS_ERROR_NT(NT_STATUS_INVALID_NETWORK_RESPONSE);
++ }
++
++ } else if (ads->ldap.wrap_type >= ADS_SASLWRAP_TYPE_SIGN) {
++ bool ok;
++
++ ok = ntlmssp_have_feature(ntlmssp_state,
++ NTLMSSP_FEATURE_SIGN);
++ if (!ok) {
++ DEBUG(0,("The gensec feature signing request, but unavailable\n"));
++ TALLOC_FREE(ntlmssp_state);
++ return ADS_ERROR_NT(NT_STATUS_INVALID_NETWORK_RESPONSE);
++ }
++ }
++
+ if (ads->ldap.wrap_type > ADS_SASLWRAP_TYPE_PLAIN) {
+ ads->ldap.out.max_unwrapped = ADS_SASL_WRAPPING_OUT_MAX_WRAPPED - NTLMSSP_SIG_SIZE;
+ ads->ldap.out.sig_size = NTLMSSP_SIG_SIZE;
+--- a/docs-xml/smbdotconf/ldap/clientldapsaslwrapping.xml
++++ b/docs-xml/smbdotconf/ldap/clientldapsaslwrapping.xml
+@@ -34,11 +34,9 @@
+ </para>
+
+ <para>
+- The default value is <emphasis>plain</emphasis> which is not irritable
+- to KRB5 clock skew errors. That implies synchronizing the time
+- with the KDC in the case of using <emphasis>sign</emphasis> or
+- <emphasis>seal</emphasis>.
++ The default value is <emphasis>sign</emphasis>. That implies synchronizing the time
++ with the KDC in the case of using <emphasis>Kerberos</emphasis>.
+ </para>
+ </description>
+-<value type="default">plain</value>
++<value type="default">sign</value>
+ </samba:parameter>
+--- a/source3/param/loadparm.c
++++ b/source3/param/loadparm.c
+@@ -5392,6 +5392,8 @@ static void init_globals(bool reinit_glo
+ Globals.ldap_debug_level = 0;
+ Globals.ldap_debug_threshold = 10;
+
++ Globals.client_ldap_sasl_wrapping = ADS_AUTH_SASL_SIGN;
++
+ /* This is what we tell the afs client. in reality we set the token
+ * to never expire, though, when this runs out the afs client will
+ * forget the token. Set to 0 to get NEVERDATE.*/
--- /dev/null
+From 513bd34e4523e49e742487be32a7239111486a12 Mon Sep 17 00:00:00 2001
+From: Stefan Metzmacher <metze@samba.org>
+Date: Sat, 27 Feb 2016 03:43:58 +0100
+Subject: [PATCH 1/4] CVE-2016-2115: docs-xml: add "client ipc signing" option
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=11756
+
+Signed-off-by: Stefan Metzmacher <metze@samba.org>
+Reviewed-by: Ralph Boehme <slow@samba.org>
+---
+ docs-xml/smbdotconf/security/clientipcsigning.xml | 23 +++++++++++++++++++++++
+ docs-xml/smbdotconf/security/clientsigning.xml | 3 +++
+ source3/include/proto.h | 1 +
+ source3/param/loadparm.c | 12 ++++++++++++
+ 4 files changed, 39 insertions(+)
+ create mode 100644 docs-xml/smbdotconf/security/clientipcsigning.xml
+
+--- /dev/null
++++ b/docs-xml/smbdotconf/security/clientipcsigning.xml
+@@ -0,0 +1,23 @@
++<samba:parameter name="client ipc signing"
++ context="G"
++ type="enum"
++ enumlist="enum_smb_signing_vals"
++ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
++<description>
++ <para>This controls whether the client is allowed or required to use SMB signing for IPC$
++ connections as DCERPC transport inside of winbind. Possible values
++ are <emphasis>auto</emphasis>, <emphasis>mandatory</emphasis>
++ and <emphasis>disabled</emphasis>.
++ </para>
++
++ <para>When set to auto, SMB signing is offered, but not enforced and if set
++ to disabled, SMB signing is not offered either.</para>
++
++ <para>Connections from winbindd to Active Directory Domain Controllers
++ always enforce signing.</para>
++</description>
++
++<related>client signing</related>
++
++<value type="default">mandatory</value>
++</samba:parameter>
+--- a/docs-xml/smbdotconf/security/clientsigning.xml
++++ b/docs-xml/smbdotconf/security/clientsigning.xml
+@@ -12,6 +12,9 @@
+ <para>When set to auto, SMB signing is offered, but not enforced.
+ When set to mandatory, SMB signing is required and if set
+ to disabled, SMB signing is not offered either.
++
++ <para>IPC$ connections for DCERPC e.g. in winbindd, are handled by the
++ <smbconfoption name="client ipc signing"/> option.</para>
+ </para>
+ </description>
+
+--- a/source3/include/proto.h
++++ b/source3/include/proto.h
+@@ -1690,9 +1690,11 @@ int lp_winbind_cache_time(void);
+ int lp_winbind_reconnect_delay(void);
+ int lp_winbind_max_clients(void);
+ const char **lp_winbind_nss_info(void);
++bool lp_winbind_sealed_pipes(void);
+ int lp_algorithmic_rid_base(void);
+ int lp_name_cache_timeout(void);
+ int lp_client_signing(void);
++int lp_client_ipc_signing(void);
+ int lp_server_signing(void);
+ int lp_client_ldap_sasl_wrapping(void);
+ char *lp_parm_talloc_string(int snum, const char *type, const char *option, const char *def);
+--- a/source3/param/loadparm.c
++++ b/source3/param/loadparm.c
+@@ -215,6 +215,7 @@ struct global {
+ int winbind_expand_groups;
+ bool bWinbindRefreshTickets;
+ bool bWinbindOfflineLogon;
++ bool bWinbindSealedPipes;
+ bool bWinbindNormalizeNames;
+ bool bWinbindRpcOnly;
+ bool bCreateKrb5Conf;
+@@ -366,6 +367,7 @@ struct global {
+ int restrict_anonymous;
+ int name_cache_timeout;
+ int client_signing;
++ int client_ipc_signing;
+ int server_signing;
+ int client_ldap_sasl_wrapping;
+ int iUsershareMaxShares;
+@@ -2319,6 +2321,15 @@ static struct parm_struct parm_table[] =
+ .flags = FLAG_ADVANCED,
+ },
+ {
++ .label = "client ipc signing",
++ .type = P_ENUM,
++ .p_class = P_GLOBAL,
++ .ptr = &Globals.client_ipc_signing,
++ .special = NULL,
++ .enum_list = enum_smb_signing_vals,
++ .flags = FLAG_ADVANCED,
++ },
++ {
+ .label = "server signing",
+ .type = P_ENUM,
+ .p_class = P_GLOBAL,
+@@ -4765,6 +4776,15 @@ static struct parm_struct parm_table[] =
+ .flags = FLAG_ADVANCED,
+ },
+ {
++ .label = "winbind sealed pipes",
++ .type = P_BOOL,
++ .p_class = P_GLOBAL,
++ .ptr = &Globals.bWinbindSealedPipes,
++ .special = NULL,
++ .enum_list = NULL,
++ .flags = FLAG_ADVANCED,
++ },
++ {
+ .label = "winbind normalize names",
+ .type = P_BOOL,
+ .p_class = P_GLOBAL,
+@@ -5458,6 +5478,7 @@ static void init_globals(bool reinit_glo
+ Globals.szWinbindNssInfo = str_list_make_v3(NULL, "template", NULL);
+ Globals.bWinbindRefreshTickets = False;
+ Globals.bWinbindOfflineLogon = False;
++ Globals.bWinbindSealedPipes = True;
+
+ Globals.iIdmapCacheTime = 86400 * 7; /* a week by default */
+ Globals.iIdmapNegativeCacheTime = 120; /* 2 minutes by default */
+@@ -5470,6 +5491,7 @@ static void init_globals(bool reinit_glo
+ Globals.bClientUseSpnego = True;
+
+ Globals.client_signing = Auto;
++ Globals.client_ipc_signing = Required;
+ Globals.server_signing = False;
+
+ Globals.bDeferSharingViolations = True;
+@@ -5736,6 +5758,7 @@ FN_GLOBAL_BOOL(lp_winbind_nested_groups,
+ FN_GLOBAL_INTEGER(lp_winbind_expand_groups, &Globals.winbind_expand_groups)
+ FN_GLOBAL_BOOL(lp_winbind_refresh_tickets, &Globals.bWinbindRefreshTickets)
+ FN_GLOBAL_BOOL(lp_winbind_offline_logon, &Globals.bWinbindOfflineLogon)
++FN_GLOBAL_BOOL(lp_winbind_sealed_pipes, &Globals.bWinbindSealedPipes)
+ FN_GLOBAL_BOOL(lp_winbind_normalize_names, &Globals.bWinbindNormalizeNames)
+ FN_GLOBAL_BOOL(lp_winbind_rpc_only, &Globals.bWinbindRpcOnly)
+ FN_GLOBAL_BOOL(lp_create_krb5_conf, &Globals.bCreateKrb5Conf)
+@@ -6071,6 +6094,7 @@ FN_GLOBAL_LIST(lp_winbind_nss_info, &Glo
+ FN_GLOBAL_INTEGER(lp_algorithmic_rid_base, &Globals.AlgorithmicRidBase)
+ FN_GLOBAL_INTEGER(lp_name_cache_timeout, &Globals.name_cache_timeout)
+ FN_GLOBAL_INTEGER(lp_client_signing, &Globals.client_signing)
++FN_GLOBAL_INTEGER(lp_client_ipc_signing, &Globals.client_ipc_signing)
+ FN_GLOBAL_INTEGER(lp_server_signing, &Globals.server_signing)
+ FN_GLOBAL_INTEGER(lp_client_ldap_sasl_wrapping, &Globals.client_ldap_sasl_wrapping)
+
+@@ -9700,6 +9724,20 @@ static bool lp_load_ex(const char *pszFn
+ lp_do_parameter(GLOBAL_SECTION_SNUM, "wins server", "127.0.0.1");
+ }
+
++ if (!lp_is_in_client()) {
++ switch (lp_client_ipc_signing()) {
++ case Required:
++ lp_set_cmdline("client signing", "mandatory");
++ break;
++ case Auto:
++ lp_set_cmdline("client signing", "auto");
++ break;
++ case False:
++ lp_set_cmdline("client signing", "disabled");
++ break;
++ }
++ }
++
+ init_iconv();
+
+ bAllowIncludeRegistry = true;
+--- a/source3/rpc_server/spoolss/srv_spoolss_nt.c
++++ b/source3/rpc_server/spoolss/srv_spoolss_nt.c
+@@ -2480,7 +2480,7 @@ static bool spoolss_connect_to_client(st
+ "", /* username */
+ "", /* domain */
+ "", /* password */
+- 0, lp_client_signing());
++ 0, False);
+
+ if ( !NT_STATUS_IS_OK( ret ) ) {
+ DEBUG(2,("spoolss_connect_to_client: connection to [%s] failed!\n",
+--- /dev/null
++++ b/docs-xml/smbdotconf/winbind/winbindsealedpipes.xml
+@@ -0,0 +1,15 @@
++<samba:parameter name="winbind sealed pipes"
++ context="G"
++ type="boolean"
++ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
++<description>
++ <para>This option controls whether any requests from winbindd to domain controllers
++ pipe will be sealed. Disabling sealing can be useful for debugging
++ purposes.</para>
++
++ <para>The behavior can be controlled per netbios domain
++ by using 'winbind sealed pipes:NETBIOSDOMAIN = no' as option.</para>
++</description>
++
++<value type="default">yes</value>
++</samba:parameter>
+--- a/source3/winbindd/winbindd_cm.c
++++ b/source3/winbindd/winbindd_cm.c
+@@ -2384,6 +2384,15 @@ NTSTATUS cm_connect_sam(struct winbindd_
+ TALLOC_FREE(conn->samr_pipe);
+
+ anonymous:
++ if (lp_winbind_sealed_pipes() && (IS_DC || domain->primary)) {
++ status = NT_STATUS_DOWNGRADE_DETECTED;
++ DEBUG(1, ("Unwilling to make SAMR connection to domain %s "
++ "without connection level security, "
++ "must set 'winbind sealed pipes = false' "
++ "to proceed: %s\n",
++ domain->name, nt_errstr(status)));
++ goto done;
++ }
+
+ /* Finally fall back to anonymous. */
+ status = cli_rpc_pipe_open_noauth(conn->cli, &ndr_table_samr.syntax_id,
+@@ -2610,6 +2619,16 @@ NTSTATUS cm_connect_lsa(struct winbindd_
+
+ anonymous:
+
++ if (lp_winbind_sealed_pipes() && (IS_DC || domain->primary)) {
++ result = NT_STATUS_DOWNGRADE_DETECTED;
++ DEBUG(1, ("Unwilling to make LSA connection to domain %s "
++ "without connection level security, "
++ "must set 'winbind sealed pipes = false' "
++ "to proceed: %s\n",
++ domain->name, nt_errstr(result)));
++ goto done;
++ }
++
+ result = cli_rpc_pipe_open_noauth(conn->cli,
+ &ndr_table_lsarpc.syntax_id,
+ &conn->lsa_pipe);
+@@ -2749,7 +2768,18 @@ NTSTATUS cm_connect_netlogon(struct winb
+
+ no_schannel:
+ if ((lp_client_schannel() == False) ||
+- ((neg_flags & NETLOGON_NEG_SCHANNEL) == 0)) {
++ ((neg_flags & NETLOGON_NEG_SCHANNEL) == 0)) {
++ if (lp_winbind_sealed_pipes() && (IS_DC || domain->primary)) {
++ result = NT_STATUS_DOWNGRADE_DETECTED;
++ DEBUG(1, ("Unwilling to make connection to domain %s "
++ "without connection level security, "
++ "must set 'winbind sealed pipes = false' "
++ "to proceed: %s\n",
++ domain->name, nt_errstr(result)));
++ TALLOC_FREE(netlogon_pipe);
++ invalidate_cm_connection(conn);
++ return result;
++ }
+ /*
+ * NetSamLogonEx only works for schannel
+ */
--- /dev/null
+From d2bc9f3afe23ee04d237ae9f4511fbe59a27ff54 Mon Sep 17 00:00:00 2001
+From: Volker Lendecke <vl@samba.org>
+Date: Mon, 8 May 2017 21:40:40 +0200
+Subject: [PATCH] CVE-2017-7494: rpc_server3: Refuse to open pipe names with /
+ inside
+
+Bug: https://bugzilla.samba.org/show_bug.cgi?id=12780
+
+Signed-off-by: Volker Lendecke <vl@samba.org>
+Reviewed-by: Jeremy Allison <jra@samba.org>
+Reviewed-by: Stefan Metzmacher <metze@samba.org>
+---
+ source3/rpc_server/srv_pipe.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+--- a/source3/rpc_server/srv_pipe.c
++++ b/source3/rpc_server/srv_pipe.c
+@@ -473,6 +473,11 @@ bool is_known_pipename(const char *cli_f
+ pipename += 1;
+ }
+
++ if (strchr(pipename, '/')) {
++ DEBUG(1, ("Refusing open on pipe %s\n", pipename));
++ return false;
++ }
++
+ if (lp_disable_spoolss() && strequal(pipename, "spoolss")) {
+ DEBUG(10, ("refusing spoolss access\n"));
+ return false;
--- /dev/null
+From b246af4a5eb6fe899c19399a080ad08507d8c9ee Mon Sep 17 00:00:00 2001
+Message-Id: <b246af4a5eb6fe899c19399a080ad08507d8c9ee.1502537821.git.gandharva@gmx.de>
+From: gandharva <gandharva@gmx.de>
+Date: Sat, 12 Aug 2017 13:36:54 +0200
+Subject: [PATCH] - samba: build only what we need
+
+---
+ source3/Makefile.in | 4 +---
+ 1 file changed, 1 insertion(+), 3 deletions(-)
+
+diff --git a/source3/Makefile.in b/source3/Makefile.in
+index 9e8e03d..0f9d1ae 100644
+--- a/source3/Makefile.in
++++ b/source3/Makefile.in
+@@ -1531,9 +1531,7 @@ SPLIT_TOKENS_OBJ = utils/split_tokens.o \
+ ######################################################################
+ # now the rules...
+ ######################################################################
+-all:: SHOWFLAGS basics libs $(SBIN_PROGS) $(BIN_PROGS) \
+- $(MODULES) $(NSS_MODULES) $(PAM_MODULES) \
+- $(EXTRA_ALL_TARGETS)
++all:: SHOWFLAGS basics libs bin/smbd@EXEEXT@ bin/nmbd@EXEEXT@ bin/smbpasswd@EXEEXT@ bin/smbclient@EXEEXT@ bin/testparm@EXEEXT@
+
+ basics:: samba3-idl
+
+--
+2.11.0
+
--- /dev/null
+--- a/source3/librpc/rpc/rpc_common.c
++++ b/source3/librpc/rpc/rpc_common.c
+@@ -95,9 +95,11 @@ static bool initialize_interfaces(void)
+ if (!smb_register_ndr_interface(&ndr_table_lsarpc)) {
+ return false;
+ }
++#ifdef ACTIVE_DIRECTORY
+ if (!smb_register_ndr_interface(&ndr_table_dssetup)) {
+ return false;
+ }
++#endif
+ if (!smb_register_ndr_interface(&ndr_table_samr)) {
+ return false;
+ }
+@@ -141,9 +143,11 @@ static bool initialize_interfaces(void)
+ if (!smb_register_ndr_interface(&ndr_table_epmapper)) {
+ return false;
+ }
++#ifdef ACTIVE_DIRECTORY
+ if (!smb_register_ndr_interface(&ndr_table_drsuapi)) {
+ return false;
+ }
++#endif
+ return true;
+ }
+
+--- a/source3/rpc_server/rpc_ep_setup.c
++++ b/source3/rpc_server/rpc_ep_setup.c
+@@ -918,6 +918,7 @@ static bool netdfs_init_cb(void *ptr)
+ return true;
+ }
+
++#ifdef ACTIVE_DIRECTORY
+ static bool dssetup_init_cb(void *ptr)
+ {
+ struct dcesrv_ep_context *ep_ctx =
+@@ -966,6 +967,7 @@ static bool dssetup_init_cb(void *ptr)
+
+ return true;
+ }
++#endif
+
+ static bool wkssvc_init_cb(void *ptr)
+ {
+@@ -1172,12 +1174,14 @@ bool dcesrv_ep_setup(struct tevent_conte
+ }
+ #endif
+
++#ifdef ACTIVE_DIRECTORY
+ dssetup_cb.init = dssetup_init_cb;
+ dssetup_cb.shutdown = NULL;
+ dssetup_cb.private_data = ep_ctx;
+ if (!NT_STATUS_IS_OK(rpc_dssetup_init(&dssetup_cb))) {
+ return false;
+ }
++#endif
+
+ wkssvc_cb.init = wkssvc_init_cb;
+ wkssvc_cb.shutdown = NULL;
+--- a/source3/smbd/server_exit.c
++++ b/source3/smbd/server_exit.c
+@@ -132,7 +132,9 @@ static void exit_server_common(enum serv
+
+ if (am_parent) {
+ rpc_wkssvc_shutdown();
++#ifdef ACTIVE_DIRECTORY
+ rpc_dssetup_shutdown();
++#endif
+ #ifdef DEVELOPER
+ rpc_rpcecho_shutdown();
+ #endif
+--- a/source3/rpc_client/cli_pipe.c
++++ b/source3/rpc_client/cli_pipe.c
+@@ -3391,12 +3391,14 @@ NTSTATUS cli_rpc_pipe_open_noauth_transp
+ status = rpc_pipe_bind(result, auth);
+ if (!NT_STATUS_IS_OK(status)) {
+ int lvl = 0;
++#ifdef ACTIVE_DIRECTORY
+ if (ndr_syntax_id_equal(interface,
+ &ndr_table_dssetup.syntax_id)) {
+ /* non AD domains just don't have this pipe, avoid
+ * level 0 statement in that case - gd */
+ lvl = 3;
+ }
++#endif
+ DEBUG(lvl, ("cli_rpc_pipe_open_noauth: rpc_pipe_bind for pipe "
+ "%s failed with error %s\n",
+ get_pipe_name_from_syntax(talloc_tos(), interface),
--- /dev/null
+--- a/source3/rpc_server/rpc_ep_setup.c
++++ b/source3/rpc_server/rpc_ep_setup.c
+@@ -1110,6 +1110,10 @@ bool dcesrv_ep_setup(struct tevent_conte
+ "rpc_server",
+ "spoolss",
+ "embedded");
++#ifndef PRINTER_SUPPORT
++ if (1) {
++ } else
++#endif
+ if (StrCaseCmp(rpcsrv_type, "embedded") == 0) {
+ spoolss_cb.init = spoolss_init_cb;
+ spoolss_cb.shutdown = spoolss_shutdown_cb;
+--- a/source3/rpcclient/rpcclient.c
++++ b/source3/rpcclient/rpcclient.c
+@@ -624,7 +624,9 @@ static struct cmd_set *rpcclient_command
+ lsarpc_commands,
+ ds_commands,
+ samr_commands,
++#ifdef PRINTER_SUPPORT
+ spoolss_commands,
++#endif
+ netlogon_commands,
+ srvsvc_commands,
+ dfs_commands,
+--- a/source3/printing/spoolssd.c
++++ b/source3/printing/spoolssd.c
+@@ -165,6 +165,10 @@ void start_spoolssd(struct tevent_contex
+ NTSTATUS status;
+ int ret;
+
++#ifndef PRINTER_SUPPORT
++ return;
++#endif
++
+ DEBUG(1, ("Forking SPOOLSS Daemon\n"));
+
+ pid = sys_fork();
+--- a/source3/utils/net_rpc.c
++++ b/source3/utils/net_rpc.c
+@@ -7841,6 +7841,10 @@ int net_rpc_printer(struct net_context *
+ {NULL, NULL, 0, NULL, NULL}
+ };
+
++#ifndef PRINTER_SUPPORT
++ return 0;
++#endif
++
+ if (argc == 0) {
+ if (c->display_usage) {
+ d_printf(_("Usage:\n"));
+--- a/source3/smbd/reply.c
++++ b/source3/smbd/reply.c
+@@ -5208,7 +5208,11 @@ void reply_printopen(struct smb_request
+ return;
+ }
+
+- if (!CAN_PRINT(conn)) {
++
++#ifdef PRINTER_SUPPORT
++ if (!CAN_PRINT(conn))
++#endif
++ {
+ reply_nterror(req, NT_STATUS_ACCESS_DENIED);
+ END_PROFILE(SMBsplopen);
+ return;
+@@ -5314,7 +5318,10 @@ void reply_printqueue(struct smb_request
+ is really quite gross and only worked when there was only
+ one printer - I think we should now only accept it if they
+ get it right (tridge) */
+- if (!CAN_PRINT(conn)) {
++#ifdef PRINTER_SUPPORT
++ if (!CAN_PRINT(conn))
++#endif
++ {
+ reply_nterror(req, NT_STATUS_ACCESS_DENIED);
+ END_PROFILE(SMBsplretq);
+ return;
+--- a/source3/smbd/lanman.c
++++ b/source3/smbd/lanman.c
+@@ -784,6 +784,10 @@ static bool api_DosPrintQGetInfo(struct
+ union spoolss_JobInfo *job_info = NULL;
+ union spoolss_PrinterInfo printer_info;
+
++#ifndef PRINTER_SUPPORT
++ return False;
++#endif
++
+ if (!str1 || !str2 || !p) {
+ return False;
+ }
+@@ -999,6 +1003,10 @@ static bool api_DosPrintQEnum(struct smb
+ union spoolss_DriverInfo *driver_info;
+ union spoolss_JobInfo **job_info;
+
++#ifndef PRINTER_SUPPORT
++ return False;
++#endif
++
+ if (!param_format || !output_format1 || !p) {
+ return False;
+ }
+@@ -3105,6 +3113,10 @@ static bool api_RDosPrintJobDel(struct s
+ struct spoolss_DevmodeContainer devmode_ctr;
+ enum spoolss_JobControl command;
+
++#ifndef PRINTER_SUPPORT
++ return False;
++#endif
++
+ if (!str1 || !str2 || !p) {
+ return False;
+ }
+@@ -3238,6 +3250,10 @@ static bool api_WPrintQueueCtrl(struct s
+ struct sec_desc_buf secdesc_ctr;
+ enum spoolss_PrinterControl command;
+
++#ifndef PRINTER_SUPPORT
++ return False;
++#endif
++
+ if (!str1 || !str2 || !QueueName) {
+ return False;
+ }
+@@ -3404,6 +3420,10 @@ static bool api_PrintJobInfo(struct smbd
+ union spoolss_JobInfo info;
+ struct spoolss_SetJobInfo1 info1;
+
++#ifndef PRINTER_SUPPORT
++ return False;
++#endif
++
+ if (!str1 || !str2 || !p) {
+ return False;
+ }
+@@ -4547,6 +4567,10 @@ static bool api_WPrintJobGetInfo(struct
+ struct spoolss_DevmodeContainer devmode_ctr;
+ union spoolss_JobInfo info;
+
++#ifndef PRINTER_SUPPORT
++ return False;
++#endif
++
+ if (!str1 || !str2 || !p) {
+ return False;
+ }
+@@ -4685,6 +4709,10 @@ static bool api_WPrintJobEnumerate(struc
+ uint32_t count = 0;
+ union spoolss_JobInfo *info;
+
++#ifndef PRINTER_SUPPORT
++ return False;
++#endif
++
+ if (!str1 || !str2 || !p) {
+ return False;
+ }
+@@ -4890,6 +4918,10 @@ static bool api_WPrintDestGetInfo(struct
+ struct spoolss_DevmodeContainer devmode_ctr;
+ union spoolss_PrinterInfo info;
+
++#ifndef PRINTER_SUPPORT
++ return False;
++#endif
++
+ if (!str1 || !str2 || !p) {
+ return False;
+ }
+@@ -5026,6 +5058,10 @@ static bool api_WPrintDestEnum(struct sm
+ union spoolss_PrinterInfo *info;
+ uint32_t count;
+
++#ifndef PRINTER_SUPPORT
++ return False;
++#endif
++
+ if (!str1 || !str2 || !p) {
+ return False;
+ }
+@@ -5129,6 +5165,10 @@ static bool api_WPrintDriverEnum(struct
+ int succnt;
+ struct pack_desc desc;
+
++#ifndef PRINTER_SUPPORT
++ return False;
++#endif
++
+ if (!str1 || !str2 || !p) {
+ return False;
+ }
+@@ -5193,6 +5233,10 @@ static bool api_WPrintQProcEnum(struct s
+ int succnt;
+ struct pack_desc desc;
+
++#ifndef PRINTER_SUPPORT
++ return False;
++#endif
++
+ if (!str1 || !str2 || !p) {
+ return False;
+ }
+@@ -5257,6 +5301,10 @@ static bool api_WPrintPortEnum(struct sm
+ int succnt;
+ struct pack_desc desc;
+
++#ifndef PRINTER_SUPPORT
++ return False;
++#endif
++
+ if (!str1 || !str2 || !p) {
+ return False;
+ }
+--- a/source3/smbd/server_exit.c
++++ b/source3/smbd/server_exit.c
+@@ -141,7 +141,9 @@ static void exit_server_common(enum serv
+ rpc_eventlog_shutdown();
+ rpc_ntsvcs_shutdown();
+ rpc_svcctl_shutdown();
++#ifdef PRINTER_SUPPORT
+ rpc_spoolss_shutdown();
++#endif
+
+ rpc_srvsvc_shutdown();
+ rpc_winreg_shutdown();
+--- a/source3/smbd/open.c
++++ b/source3/smbd/open.c
+@@ -1608,6 +1608,9 @@ static NTSTATUS open_file_ntcreate(conne
+ * Most of the passed parameters are ignored.
+ */
+
++#ifndef PRINTER_SUPPORT
++ return NT_STATUS_ACCESS_DENIED;
++#endif
+ if (pinfo) {
+ *pinfo = FILE_WAS_CREATED;
+ }
+--- a/source3/smbd/close.c
++++ b/source3/smbd/close.c
+@@ -643,6 +643,9 @@ static NTSTATUS close_normal_file(struct
+ status = ntstatus_keeperror(status, tmp);
+
+ if (fsp->print_file) {
++#ifndef PRINTER_SUPPORT
++ return NT_STATUS_OK;
++#endif
+ /* FIXME: return spool errors */
+ print_spool_end(fsp, close_type);
+ file_free(req, fsp);
+--- a/source3/smbd/fileio.c
++++ b/source3/smbd/fileio.c
+@@ -298,6 +298,10 @@ ssize_t write_file(struct smb_request *r
+ uint32_t t;
+ int ret;
+
++#ifndef PRINTER_SUPPORT
++ return -1;
++#endif
++
+ ret = print_spool_write(fsp, data, n, pos, &t);
+ if (ret) {
+ errno = ret;
+--- a/source3/smbd/smb2_create.c
++++ b/source3/smbd/smb2_create.c
+@@ -486,7 +486,10 @@ static struct tevent_req *smbd_smb2_crea
+ info = FILE_WAS_OPENED;
+ } else if (CAN_PRINT(smb1req->conn)) {
+ status = file_new(smb1req, smb1req->conn, &result);
+- if(!NT_STATUS_IS_OK(status)) {
++#ifdef PRINTER_SUPPORT
++ if(!NT_STATUS_IS_OK(status))
++#endif
++ {
+ tevent_req_nterror(req, status);
+ return tevent_req_post(req, ev);
+ }
+--- a/source3/rpc_server/svcctl/srv_svcctl_nt.c
++++ b/source3/rpc_server/svcctl/srv_svcctl_nt.c
+@@ -85,9 +85,11 @@ bool init_service_op_table( void )
+
+ /* add builtin services */
+
++#ifdef PRINTER_SUPPORT
+ svcctl_ops[i].name = talloc_strdup( svcctl_ops, "Spooler" );
+ svcctl_ops[i].ops = &spoolss_svc_ops;
+ i++;
++#endif
+
+ svcctl_ops[i].name = talloc_strdup( svcctl_ops, "NETLOGON" );
+ svcctl_ops[i].ops = &netlogon_svc_ops;
+--- a/source3/librpc/rpc/rpc_common.c
++++ b/source3/librpc/rpc/rpc_common.c
+@@ -113,9 +113,11 @@ static bool initialize_interfaces(void)
+ if (!smb_register_ndr_interface(&ndr_table_winreg)) {
+ return false;
+ }
++#ifdef PRINTER_SUPPORT
+ if (!smb_register_ndr_interface(&ndr_table_spoolss)) {
+ return false;
+ }
++#endif
+ if (!smb_register_ndr_interface(&ndr_table_netdfs)) {
+ return false;
+ }
+--- a/source3/smbd/process.c
++++ b/source3/smbd/process.c
+@@ -2423,8 +2423,10 @@ static bool housekeeping_fn(const struct
+
+ change_to_root_user();
+
++#ifdef PRINTER_SUPPORT
+ /* update printer queue caches if necessary */
+ update_monitored_printq_cache(sconn->msg_ctx);
++#endif
+
+ /* check if we need to reload services */
+ check_reload(sconn, time_mono(NULL));
+--- a/source3/smbd/server.c
++++ b/source3/smbd/server.c
+@@ -123,7 +123,9 @@ static void smb_pcap_updated(struct mess
+ {
+ struct tevent_context *ev_ctx =
+ talloc_get_type_abort(private_data, struct tevent_context);
+-
++#ifndef PRINTER_SUPPORT
++ return;
++#endif
+ DEBUG(10,("Got message saying pcap was updated. Reloading.\n"));
+ change_to_root_user();
+ reload_printers(ev_ctx, msg);
+@@ -1277,6 +1279,7 @@ extern void build_options(bool screen);
+ * The print backend init also migrates the printing tdb's,
+ * this requires a winreg pipe.
+ */
++#ifdef PRINTER_SUPPORT
+ if (!print_backend_init(smbd_messaging_context()))
+ exit(1);
+
+@@ -1315,7 +1318,7 @@ extern void build_options(bool screen);
+ smbd_messaging_context());
+ }
+ }
+-
++#endif
+ if (!is_daemon) {
+ /* inetd mode */
+ TALLOC_FREE(frame);
--- /dev/null
+--- a/source3/lib/smbconf/smbconf_init.c
++++ b/source3/lib/smbconf/smbconf_init.c
+@@ -68,9 +68,12 @@ sbcErr smbconf_init(TALLOC_CTX *mem_ctx,
+ }
+ }
+
++#ifdef REGISTRY_BACKEND
+ if (strequal(backend, "registry") || strequal(backend, "reg")) {
+ err = smbconf_init_reg(mem_ctx, conf_ctx, path);
+- } else if (strequal(backend, "file") || strequal(backend, "txt")) {
++ } else
++#endif
++ if (strequal(backend, "file") || strequal(backend, "txt")) {
+ err = smbconf_init_txt(mem_ctx, conf_ctx, path);
+ } else if (sep == NULL) {
+ /*
+--- a/source3/lib/netapi/serverinfo.c
++++ b/source3/lib/netapi/serverinfo.c
+@@ -557,7 +557,10 @@ static WERROR NetServerSetInfo_l_1005(st
+ return WERR_INVALID_PARAM;
+ }
+
+- if (!lp_config_backend_is_registry()) {
++#ifdef REGISTRY_BACKEND
++ if (!lp_config_backend_is_registry())
++#endif
++ {
+ libnetapi_set_error_string(ctx,
+ "Configuration manipulation requested but not "
+ "supported by backend");
+--- a/source3/smbd/server.c
++++ b/source3/smbd/server.c
+@@ -1230,8 +1230,10 @@ extern void build_options(bool screen);
+ exit(1);
+ }
+
++#ifdef REGISTRY_BACKEND
+ if (!W_ERROR_IS_OK(registry_init_full()))
+ exit(1);
++#endif
+
+ /* Open the share_info.tdb here, so we don't have to open
+ after the fork on every single connection. This is a small
--- /dev/null
+--- a/source3/librpc/rpc/rpc_common.c
++++ b/source3/librpc/rpc/rpc_common.c
+@@ -131,6 +131,7 @@ static bool initialize_interfaces(void)
+ if (!smb_register_ndr_interface(&ndr_table_initshutdown)) {
+ return false;
+ }
++#ifdef EXTRA_SERVICES
+ if (!smb_register_ndr_interface(&ndr_table_svcctl)) {
+ return false;
+ }
+@@ -140,6 +141,7 @@ static bool initialize_interfaces(void)
+ if (!smb_register_ndr_interface(&ndr_table_ntsvcs)) {
+ return false;
+ }
++#endif
+ if (!smb_register_ndr_interface(&ndr_table_epmapper)) {
+ return false;
+ }
+--- a/source3/rpc_server/rpc_ep_setup.c
++++ b/source3/rpc_server/rpc_ep_setup.c
+@@ -697,6 +697,7 @@ static bool spoolss_shutdown_cb(void *pt
+ return true;
+ }
+
++#ifdef EXTRA_SERVICES
+ static bool svcctl_init_cb(void *ptr)
+ {
+ struct dcesrv_ep_context *ep_ctx =
+@@ -733,6 +734,7 @@ static bool svcctl_init_cb(void *ptr)
+
+ return true;
+ }
++#endif
+
+ static bool svcctl_shutdown_cb(void *ptr)
+ {
+@@ -741,6 +743,8 @@ static bool svcctl_shutdown_cb(void *ptr
+ return true;
+ }
+
++#ifdef EXTRA_SERVICES
++
+ static bool ntsvcs_init_cb(void *ptr)
+ {
+ struct dcesrv_ep_context *ep_ctx =
+@@ -802,6 +806,7 @@ static bool eventlog_init_cb(void *ptr)
+
+ return true;
+ }
++#endif
+
+ static bool initshutdown_init_cb(void *ptr)
+ {
+@@ -1130,6 +1135,7 @@ bool dcesrv_ep_setup(struct tevent_conte
+ }
+ }
+
++#ifdef EXTRA_SERVICES
+ svcctl_cb.init = svcctl_init_cb;
+ svcctl_cb.shutdown = svcctl_shutdown_cb;
+ svcctl_cb.private_data = ep_ctx;
+@@ -1150,6 +1156,7 @@ bool dcesrv_ep_setup(struct tevent_conte
+ if (!NT_STATUS_IS_OK(rpc_eventlog_init(&eventlog_cb))) {
+ return false;
+ }
++#endif
+
+ initshutdown_cb.init = initshutdown_init_cb;
+ initshutdown_cb.shutdown = NULL;
+--- a/source3/smbd/server_exit.c
++++ b/source3/smbd/server_exit.c
+@@ -140,9 +140,11 @@ static void exit_server_common(enum serv
+ #endif
+ rpc_netdfs_shutdown();
+ rpc_initshutdown_shutdown();
++#ifdef EXTRA_SERVICES
+ rpc_eventlog_shutdown();
+- rpc_ntsvcs_shutdown();
+ rpc_svcctl_shutdown();
++ rpc_ntsvcs_shutdown();
++#endif
+ #ifdef PRINTER_SUPPORT
+ rpc_spoolss_shutdown();
+ #endif
+--- a/source3/rpcclient/rpcclient.c
++++ b/source3/rpcclient/rpcclient.c
+@@ -637,9 +637,11 @@ static struct cmd_set *rpcclient_command
+ shutdown_commands,
+ test_commands,
+ wkssvc_commands,
++#ifdef EXTRA_SERVICES
+ ntsvcs_commands,
+ drsuapi_commands,
+ eventlog_commands,
++#endif
+ winreg_commands,
+ NULL
+ };
--- /dev/null
+--- a/source3/rpc_server/rpc_ep_setup.c
++++ b/source3/rpc_server/rpc_ep_setup.c
+@@ -409,6 +409,7 @@ static bool epmapper_shutdown_cb(void *p
+ return true;
+ }
+
++#ifdef WINREG_SUPPORT
+ static bool winreg_init_cb(void *ptr)
+ {
+ struct dcesrv_ep_context *ep_ctx =
+@@ -456,6 +457,7 @@ static bool winreg_init_cb(void *ptr)
+
+ return true;
+ }
++#endif
+
+ static bool srvsvc_init_cb(void *ptr)
+ {
+@@ -710,10 +712,12 @@ static bool svcctl_init_cb(void *ptr)
+ "epmapper",
+ "none");
+
++#ifdef WINREG_SUPPORT
+ ok = svcctl_init_winreg(ep_ctx->msg_ctx);
+ if (!ok) {
+ return false;
+ }
++#endif
+
+ /* initialize the control hooks */
+ init_service_op_table();
+@@ -785,10 +789,12 @@ static bool eventlog_init_cb(void *ptr)
+ "epmapper",
+ "none");
+
++#ifdef WINREG_SUPPORT
+ ok = eventlog_init_winreg(ep_ctx->msg_ctx);
+ if (!ok) {
+ return false;
+ }
++#endif
+
+ if (StrCaseCmp(rpcsrv_type, "embedded") == 0 ||
+ StrCaseCmp(rpcsrv_type, "daemon") == 0) {
+@@ -1077,12 +1083,14 @@ bool dcesrv_ep_setup(struct tevent_conte
+ }
+ }
+
++#ifdef WINREG_SUPPORT
+ winreg_cb.init = winreg_init_cb;
+ winreg_cb.shutdown = NULL;
+ winreg_cb.private_data = ep_ctx;
+ if (!NT_STATUS_IS_OK(rpc_winreg_init(&winreg_cb))) {
+ return false;
+ }
++#endif
+
+ srvsvc_cb.init = srvsvc_init_cb;
+ srvsvc_cb.shutdown = NULL;
+--- a/source3/smbd/server_exit.c
++++ b/source3/smbd/server_exit.c
+@@ -150,7 +150,9 @@ static void exit_server_common(enum serv
+ #endif
+
+ rpc_srvsvc_shutdown();
++#ifdef WINREG_SUPPORT
+ rpc_winreg_shutdown();
++#endif
+
+ rpc_netlogon_shutdown();
+ rpc_samr_shutdown();
+--- a/source3/librpc/rpc/rpc_common.c
++++ b/source3/librpc/rpc/rpc_common.c
+@@ -112,9 +112,11 @@ static bool initialize_interfaces(void)
+ if (!smb_register_ndr_interface(&ndr_table_wkssvc)) {
+ return false;
+ }
++#ifdef WINREG_SUPPORT
+ if (!smb_register_ndr_interface(&ndr_table_winreg)) {
+ return false;
+ }
++#endif
+ #ifdef PRINTER_SUPPORT
+ if (!smb_register_ndr_interface(&ndr_table_spoolss)) {
+ return false;
+--- a/source3/rpc_server/svcctl/srv_svcctl_nt.c
++++ b/source3/rpc_server/svcctl/srv_svcctl_nt.c
+@@ -95,9 +95,11 @@ bool init_service_op_table( void )
+ svcctl_ops[i].ops = &netlogon_svc_ops;
+ i++;
+
++#ifdef WINREG_SUPPORT
+ svcctl_ops[i].name = talloc_strdup( svcctl_ops, "RemoteRegistry" );
+ svcctl_ops[i].ops = &winreg_svc_ops;
+ i++;
++#endif
+
+ svcctl_ops[i].name = talloc_strdup( svcctl_ops, "WINS" );
+ svcctl_ops[i].ops = &wins_svc_ops;
+--- a/source3/services/svc_winreg_glue.c
++++ b/source3/services/svc_winreg_glue.c
+@@ -88,6 +88,10 @@ struct security_descriptor *svcctl_get_s
+ NTSTATUS status;
+ WERROR result = WERR_OK;
+
++#ifndef WINREG_SUPPORT
++ return NULL;
++#endif
++
+ key = talloc_asprintf(mem_ctx,
+ "%s\\%s\\Security",
+ TOP_LEVEL_SERVICES_KEY, name);
+@@ -161,6 +165,10 @@ bool svcctl_set_secdesc(struct messaging
+ NTSTATUS status;
+ WERROR result = WERR_OK;
+
++#ifndef WINREG_SUPPORT
++ return false;
++#endif
++
+ tmp_ctx = talloc_stackframe();
+ if (tmp_ctx == NULL) {
+ return false;
+@@ -272,6 +280,10 @@ const char *svcctl_get_string_value(TALL
+ NTSTATUS status;
+ WERROR result = WERR_OK;
+
++#ifndef WINREG_SUPPORT
++ return NULL;
++#endif
++
+ tmp_ctx = talloc_stackframe();
+ if (tmp_ctx == NULL) {
+ return NULL;
+--- a/source3/rpcclient/rpcclient.c
++++ b/source3/rpcclient/rpcclient.c
+@@ -642,7 +642,9 @@ static struct cmd_set *rpcclient_command
+ drsuapi_commands,
+ eventlog_commands,
+ #endif
++#ifdef WINREG_SUPPORT
+ winreg_commands,
++#endif
+ NULL
+ };
+
--- /dev/null
+--- a/source3/smbd/lanman.c
++++ b/source3/smbd/lanman.c
+@@ -2197,6 +2197,10 @@ static bool api_RNetShareAdd(struct smbd
+ struct srvsvc_NetShareInfo2 info2;
+ struct dcerpc_binding_handle *b;
+
++#ifndef SRVSVC_SUPPORT
++ return False;
++#endif
++
+ if (!str1 || !str2 || !p) {
+ return False;
+ }
+@@ -3589,10 +3593,7 @@ static bool api_RNetServerGetInfo(struct
+ NTSTATUS status;
+ WERROR werr;
+ TALLOC_CTX *mem_ctx = talloc_tos();
+- struct rpc_pipe_client *cli = NULL;
+- union srvsvc_NetSrvInfo info;
+ int errcode;
+- struct dcerpc_binding_handle *b;
+
+ if (!str1 || !str2 || !p) {
+ return False;
+@@ -3655,66 +3656,16 @@ static bool api_RNetServerGetInfo(struct
+ p = *rdata;
+ p2 = p + struct_len;
+
+- status = rpc_pipe_open_interface(mem_ctx, &ndr_table_srvsvc.syntax_id,
+- conn->session_info,
+- &conn->sconn->client_id,
+- conn->sconn->msg_ctx,
+- &cli);
+- if (!NT_STATUS_IS_OK(status)) {
+- DEBUG(0,("api_RNetServerGetInfo: could not connect to srvsvc: %s\n",
+- nt_errstr(status)));
+- errcode = W_ERROR_V(ntstatus_to_werror(status));
+- goto out;
+- }
+-
+- b = cli->binding_handle;
+-
+- status = dcerpc_srvsvc_NetSrvGetInfo(b, mem_ctx,
+- NULL,
+- 101,
+- &info,
+- &werr);
+- if (!NT_STATUS_IS_OK(status)) {
+- errcode = W_ERROR_V(ntstatus_to_werror(status));
+- goto out;
+- }
+- if (!W_ERROR_IS_OK(werr)) {
+- errcode = W_ERROR_V(werr);
+- goto out;
+- }
+-
+- if (info.info101 == NULL) {
+- errcode = W_ERROR_V(WERR_INVALID_PARAM);
+- goto out;
+- }
+-
+ if (uLevel != 20) {
+- srvstr_push(NULL, 0, p, info.info101->server_name, 16,
++ srvstr_push(NULL, 0, p, global_myname(), 16,
+ STR_ASCII|STR_UPPER|STR_TERMINATE);
+- }
++ }
+ p += 16;
+ if (uLevel > 0) {
+- SCVAL(p,0,info.info101->version_major);
+- SCVAL(p,1,info.info101->version_minor);
+- SIVAL(p,2,info.info101->server_type);
+-
+- if (mdrcnt == struct_len) {
+- SIVAL(p,6,0);
+- } else {
+- SIVAL(p,6,PTR_DIFF(p2,*rdata));
+- if (mdrcnt - struct_len <= 0) {
+- return false;
+- }
+- push_ascii(p2,
+- info.info101->comment,
+- MIN(mdrcnt - struct_len,
+- MAX_SERVER_STRING_LENGTH),
+- STR_TERMINATE);
+- p2 = skip_string(*rdata,*rdata_len,p2);
+- if (!p2) {
+- return False;
+- }
+- }
++ SCVAL(p,0,lp_major_announce_version());
++ SCVAL(p,1,lp_minor_announce_version());
++ SIVAL(p,2,lp_default_server_announce());
++ SIVAL(p,6,0);
+ }
+
+ if (uLevel > 1) {
+@@ -5405,6 +5356,10 @@ static bool api_RNetSessionEnum(struct s
+ uint32_t totalentries, resume_handle = 0;
+ uint32_t count = 0;
+
++#ifndef SRVSVC_SUPPORT
++ return False;
++#endif
++
+ if (!str1 || !str2 || !p) {
+ return False;
+ }
+--- a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
++++ b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
+@@ -1533,6 +1533,10 @@ WERROR _srvsvc_NetShareSetInfo(struct pi
+ TALLOC_CTX *ctx = p->mem_ctx;
+ union srvsvc_NetShareInfo *info = r->in.info;
+
++#ifndef FULL_SRVSVC
++ return WERR_ACCESS_DENIED;
++#endif
++
+ DEBUG(5,("_srvsvc_NetShareSetInfo: %d\n", __LINE__));
+
+ if (!r->in.share_name) {
+@@ -1763,6 +1767,10 @@ WERROR _srvsvc_NetShareAdd(struct pipes_
+ int max_connections = 0;
+ TALLOC_CTX *ctx = p->mem_ctx;
+
++#ifndef FULL_SRVSVC
++ return WERR_ACCESS_DENIED;
++#endif
++
+ DEBUG(5,("_srvsvc_NetShareAdd: %d\n", __LINE__));
+
+ if (r->out.parm_error) {
+@@ -1945,6 +1953,10 @@ WERROR _srvsvc_NetShareDel(struct pipes_
+ struct share_params *params;
+ TALLOC_CTX *ctx = p->mem_ctx;
+
++#ifndef FULL_SRVSVC
++ return WERR_ACCESS_DENIED;
++#endif
++
+ DEBUG(5,("_srvsvc_NetShareDel: %d\n", __LINE__));
+
+ if (!r->in.share_name) {
$(REMOVE)/mtd-utils-$(MTD_UTILS_VER)
$(TOUCH)
-# SAMBA
-ifeq ($(PLATFORM), nevis)
-SAMBA_BUILDS = \
- bin/smbd \
- bin/nmbd
-SAMBA_OPT =
-else
-SAMBA_BUILDS = \
- bin/smbd \
- bin/nmbd
-SAMBA_OPT = \
- bin/smbclient \
- bin/smbpasswd
-endif
-# // use SAMBA_EXTRA_DIR to build it not in TARGETPREFIX
-SAMBA_EXTRA_DIR=yes
-ifeq ($(SAMBA_EXTRA_DIR), yes)
-SAMBA_TARGET=$(BUILD_TMP)/build_samba
-else
-SAMBA_TARGET=$(TARGETPREFIX)
-endif
-SMB_PREFIX=/var
-$(D)/samba2: $(ARCHIVE)/samba-$(SAMBA2_VER).tar.gz | $(TARGETPREFIX)
- $(START_BUILD)
- rm -fr $(SAMBA_TARGET)
- mkdir -p $(SAMBA_TARGET)
- $(UNTAR)/samba-$(SAMBA2_VER).tar.gz
- set -e; cd $(BUILD_TMP)/samba-$(SAMBA2_VER); \
- $(PATCH)/samba_2.2.12.diff; \
- $(PATCH)/samba_2.2.12-noprint.diff; \
- cd source; \
- rm -f config.guess; \
- rm -f config.sub; \
- autoconf configure.in > configure; \
- automake --add-missing || true; \
- ./configure \
- --build=$(BUILD) \
- --prefix=$(SMB_PREFIX) \
- samba_cv_struct_timespec=yes \
- samba_cv_HAVE_GETTIMEOFDAY_TZ=yes \
- --with-configdir=$(SMB_PREFIX)/etc \
- --with-privatedir=$(SMB_PREFIX)/etc/samba/private \
- --with-lockdir=/tmp/lock \
- --with-piddir=/tmp \
- --with-logfilebase=/tmp \
- --disable-cups \
- ; \
- $(MAKE) clean || true; \
- $(MAKE) bin/make_smbcodepage bin/make_unicodemap CC=$(CC); \
- install -d $(SAMBA_TARGET)$(SMB_PREFIX)/lib/codepages; \
- ./bin/make_smbcodepage c 850 codepages/codepage_def.850 \
- $(SAMBA_TARGET)$(SMB_PREFIX)/lib/codepages/codepage.850; \
- ./bin/make_unicodemap 850 codepages/CP850.TXT \
- $(SAMBA_TARGET)$(SMB_PREFIX)/lib/codepages/unicode_map.850; \
- ./bin/make_unicodemap ISO8859-1 codepages/CPISO8859-1.TXT \
- $(SAMBA_TARGET)$(SMB_PREFIX)/lib/codepages/unicode_map.ISO8859-1
- $(MAKE) -C $(BUILD_TMP)/samba-$(SAMBA2_VER)/source distclean
- set -e; cd $(BUILD_TMP)/samba-$(SAMBA2_VER)/source; \
- ./configure \
- --build=$(BUILD) \
- --host=$(TARGET) \
- --prefix=$(SMB_PREFIX) \
- samba_cv_struct_timespec=yes \
- samba_cv_HAVE_GETTIMEOFDAY_TZ=yes \
- samba_cv_HAVE_IFACE_IFCONF=yes \
- samba_cv_HAVE_EXPLICIT_LARGEFILE_SUPPORT=yes \
- samba_cv_HAVE_OFF64_T=yes \
- samba_cv_have_longlong=yes \
- --with-configdir=$(SMB_PREFIX)/etc \
- --with-privatedir=$(SMB_PREFIX)/etc/samba/private \
- --with-lockdir=/tmp/lock \
- --with-piddir=/tmp \
- --with-logfilebase=/tmp \
- --disable-cups \
- ; \
- $(MAKE) $(SAMBA_BUILDS) $(SAMBA_OPT)
- install -d $(SAMBA_TARGET)$(SMB_PREFIX)/bin
- for i in smbd nmbd; do \
- install $(BUILD_TMP)/samba-$(SAMBA2_VER)/source/bin/$$i $(SAMBA_TARGET)$(SMB_PREFIX)/bin; \
- done
- install -d $(SAMBA_TARGET)$(SMB_PREFIX)/etc/samba/private
- install -d $(SAMBA_TARGET)$(SMB_PREFIX)/etc/init.d
- install $(SCRIPTS)/smb.conf $(SAMBA_TARGET)$(SMB_PREFIX)/etc
- install -m 755 $(SCRIPTS)/samba $(SAMBA_TARGET)$(SMB_PREFIX)/etc/init.d/samba
- ln -sf samba $(SAMBA_TARGET)$(SMB_PREFIX)/etc/init.d/S99samba
- ln -sf samba $(SAMBA_TARGET)$(SMB_PREFIX)/etc/init.d/K01samba
- cp -a $(SAMBA_TARGET)/* $(TARGETPREFIX)
- $(TARGET)-strip $(SAMBA_TARGET)$(SMB_PREFIX)/bin/*
- for i in $(SAMBA_OPT); do \
- install $(BUILD_TMP)/samba-$(SAMBA2_VER)/source/$$i $(SAMBA_TARGET)$(SMB_PREFIX)/bin; \
- done
- $(REMOVE)/samba-$(SAMBA2_VER)
- $(TOUCH)
-
-$(D)/samba3: $(D)/libiconv $(ARCHIVE)/samba-$(SAMBA3_VER).tar.gz | $(TARGETPREFIX)
- $(START_BUILD)
- rm -f $(SAMBA_TARGET)
- mkdir -p $(SAMBA_TARGET)
- $(UNTAR)/samba-$(SAMBA3_VER).tar.gz
- cd $(BUILD_TMP)/samba-$(SAMBA3_VER) && \
- $(PATCH)/samba-3.3.9.diff && \
- cd source && \
- export CONFIG_SITE=$(PATCHES)/samba-3.3.9-config.site && \
- ./autogen.sh && \
- $(CONFIGURE) --build=$(BUILD) --host=$(TARGET) --target=$(TARGET) \
- --prefix=/ --mandir=/.remove \
- --sysconfdir=/etc/samba \
- --with-configdir=/etc/samba \
- --with-privatedir=/etc/samba \
- --with-modulesdir=/lib/samba \
- --datadir=/var/samba \
- --localstatedir=/var/samba \
- --with-piddir=/tmp \
- --with-libiconv=/lib \
- --without-krb5 --without-ldap --without-ads --disable-cups --disable-swat \
- && \
- $(MAKE) && \
- $(MAKE) install DESTDIR=$(SAMBA_TARGET)
- rm -f -r $(SAMBA_TARGET)/.remove
- $(REMOVE)/samba-$(SAMBA3_VER)
- $(TOUCH)
-
$(D)/qtweb: $(ARCHIVE)/qt-everywhere-opensource-src-4.6.3.tar.gz | $(TARGETPREFIX)
$(START_BUILD)
$(UNTAR)/qt-everywhere-opensource-src-4.6.3.tar.gz
$(ARCHIVE)/samba-$(SAMBA2_VER).tar.gz:
$(WGET) http://samba.org/samba/ftp/old-versions/samba-$(SAMBA2_VER).tar.gz
-$(ARCHIVE)/samba-$(SAMBA3_VER).tar.gz:
- $(WGET) http://www.fhloston-paradise.de/samba-$(SAMBA3_VER).tar.gz
+$(ARCHIVE)/samba-$(SAMBA33_VER).tar.gz:
+ $(WGET) https://download.samba.org/pub/samba/stable/samba-$(SAMBA33_VER).tar.gz
+
+$(ARCHIVE)/samba-$(SAMBA36_VER).tar.gz:
+ $(WGET) https://download.samba.org/pub/samba/stable/samba-$(SAMBA36_VER).tar.gz
$(ARCHIVE)/strace-4.6.tar.xz:
$(WGET) http://www.fhloston-paradise.de/strace-4.6.tar.xz
--- /dev/null
+# SAMBA
+ifeq ($(PLATFORM), nevis)
+SAMBA_BUILDS = \
+ bin/smbd \
+ bin/nmbd
+SAMBA_OPT =
+else
+SAMBA_BUILDS = \
+ bin/smbd \
+ bin/nmbd
+SAMBA_OPT = \
+ bin/smbclient \
+ bin/smbpasswd
+endif
+
+# // use SAMBA_EXTRA_DIR to build it not in TARGETPREFIX
+SAMBA_EXTRA_DIR=yes
+ifeq ($(SAMBA_EXTRA_DIR), yes)
+SAMBA_TARGET=$(BUILD_TMP)/build_samba
+else
+SAMBA_TARGET=$(TARGETPREFIX)
+endif
+SMB_PREFIX=/var
+$(D)/samba2: $(ARCHIVE)/samba-$(SAMBA2_VER).tar.gz | $(TARGETPREFIX)
+ $(START_BUILD)
+ rm -fr $(SAMBA_TARGET)
+ mkdir -p $(SAMBA_TARGET)
+ $(UNTAR)/samba-$(SAMBA2_VER).tar.gz
+ set -e; cd $(BUILD_TMP)/samba-$(SAMBA2_VER); \
+ $(PATCH)/samba_2.2.12.diff; \
+ $(PATCH)/samba_2.2.12-noprint.diff; \
+ cd source; \
+ rm -f config.guess; \
+ rm -f config.sub; \
+ autoconf configure.in > configure; \
+ automake --add-missing || true; \
+ ./configure \
+ --build=$(BUILD) \
+ --prefix=$(SMB_PREFIX) \
+ samba_cv_struct_timespec=yes \
+ samba_cv_HAVE_GETTIMEOFDAY_TZ=yes \
+ --with-configdir=$(SMB_PREFIX)/etc \
+ --with-privatedir=$(SMB_PREFIX)/etc/samba/private \
+ --with-lockdir=/tmp/lock \
+ --with-piddir=/tmp \
+ --with-logfilebase=/tmp \
+ --disable-cups \
+ ; \
+ $(MAKE) clean || true; \
+ $(MAKE) bin/make_smbcodepage bin/make_unicodemap CC=$(CC); \
+ install -d $(SAMBA_TARGET)$(SMB_PREFIX)/lib/codepages; \
+ ./bin/make_smbcodepage c 850 codepages/codepage_def.850 \
+ $(SAMBA_TARGET)$(SMB_PREFIX)/lib/codepages/codepage.850; \
+ ./bin/make_unicodemap 850 codepages/CP850.TXT \
+ $(SAMBA_TARGET)$(SMB_PREFIX)/lib/codepages/unicode_map.850; \
+ ./bin/make_unicodemap ISO8859-1 codepages/CPISO8859-1.TXT \
+ $(SAMBA_TARGET)$(SMB_PREFIX)/lib/codepages/unicode_map.ISO8859-1
+ $(MAKE) -C $(BUILD_TMP)/samba-$(SAMBA2_VER)/source distclean
+ set -e; cd $(BUILD_TMP)/samba-$(SAMBA2_VER)/source; \
+ ./configure \
+ --build=$(BUILD) \
+ --host=$(TARGET) \
+ --prefix=$(SMB_PREFIX) \
+ samba_cv_struct_timespec=yes \
+ samba_cv_HAVE_GETTIMEOFDAY_TZ=yes \
+ samba_cv_HAVE_IFACE_IFCONF=yes \
+ samba_cv_HAVE_EXPLICIT_LARGEFILE_SUPPORT=yes \
+ samba_cv_HAVE_OFF64_T=yes \
+ samba_cv_have_longlong=yes \
+ --with-configdir=$(SMB_PREFIX)/etc \
+ --with-privatedir=$(SMB_PREFIX)/etc/samba/private \
+ --with-lockdir=/tmp/lock \
+ --with-piddir=/tmp \
+ --with-logfilebase=/tmp \
+ --disable-cups \
+ ; \
+ $(MAKE) $(SAMBA_BUILDS) $(SAMBA_OPT)
+ install -d $(SAMBA_TARGET)$(SMB_PREFIX)/bin
+ for i in smbd nmbd; do \
+ install $(BUILD_TMP)/samba-$(SAMBA2_VER)/source/bin/$$i $(SAMBA_TARGET)$(SMB_PREFIX)/bin; \
+ done
+ install -d $(SAMBA_TARGET)$(SMB_PREFIX)/etc/samba/private
+ install -d $(SAMBA_TARGET)$(SMB_PREFIX)/etc/init.d
+ install $(SCRIPTS)/smb.conf $(SAMBA_TARGET)$(SMB_PREFIX)/etc
+ install -m 755 $(SCRIPTS)/samba $(SAMBA_TARGET)$(SMB_PREFIX)/etc/init.d/samba
+ ln -sf samba $(SAMBA_TARGET)$(SMB_PREFIX)/etc/init.d/S99samba
+ ln -sf samba $(SAMBA_TARGET)$(SMB_PREFIX)/etc/init.d/K01samba
+ cp -a $(SAMBA_TARGET)/* $(TARGETPREFIX)
+ $(TARGET)-strip $(SAMBA_TARGET)$(SMB_PREFIX)/bin/*
+ for i in $(SAMBA_OPT); do \
+ install $(BUILD_TMP)/samba-$(SAMBA2_VER)/source/$$i $(SAMBA_TARGET)$(SMB_PREFIX)/bin; \
+ done
+ $(REMOVE)/samba-$(SAMBA2_VER)
+ $(TOUCH)
+
+$(D)/samba33: $(D)/libiconv $(ARCHIVE)/samba-$(SAMBA33_VER).tar.gz | $(TARGETPREFIX)
+ $(START_BUILD)
+ rm -rf $(SAMBA_TARGET)
+ mkdir -p $(SAMBA_TARGET)
+ mkdir -p $(SAMBA_TARGET)/bin
+ mkdir -p $(SAMBA_TARGET)/var/etc
+ $(UNTAR)/samba-$(SAMBA33_VER).tar.gz
+ cd $(BUILD_TMP)/samba-$(SAMBA33_VER) && \
+ $(PATCH)/samba-3.3.9.diff && \
+ cd source && \
+ export CONFIG_SITE=$(PATCHES)/samba-3.3.9-config.site && \
+ ./autogen.sh && \
+ $(CONFIGURE) --build=$(BUILD) --host=$(TARGET) --target=$(TARGET) \
+ --prefix=/ --mandir=/.remove \
+ --sysconfdir=/etc/samba \
+ --with-configdir=/etc/samba \
+ --with-privatedir=/etc/samba \
+ --with-modulesdir=/lib/samba \
+ --datadir=/var/samba \
+ --localstatedir=/var/samba \
+ --with-piddir=/tmp \
+ --with-libiconv=/lib \
+ --without-krb5 --without-ldap --without-ads --disable-cups --disable-swat \
+ && \
+ $(MAKE) && \
+ $(MAKE) install DESTDIR=$(SAMBA_TARGET)
+ rm -f -r $(SAMBA_TARGET)/.remove
+ $(REMOVE)/samba-$(SAMBA33_VER)
+ $(TOUCH)
+
+SAMBA36_CONF_OPTS = \
+ --prefix=$(SMB_PREFIX) \
+ --datadir=/var/samba \
+ --datarootdir=/.remove \
+ --localstatedir=/var/samba \
+ --sysconfdir=$(SMB_PREFIX)/etc/samba \
+ --with-configdir=$(SMB_PREFIX)/etc/samba \
+ --with-privatedir=$(SMB_PREFIX)/etc/samba/private \
+ --with-modulesdir=$(SMB_PREFIX)/lib/samba \
+ --with-piddir=/var/run \
+ --with-sys-quotas=no \
+ --enable-static \
+ --disable-shared \
+ --without-acl-support \
+ --without-ads \
+ --without-cluster-support \
+ --without-dmapi \
+ --without-dnsupdate \
+ --without-krb5 \
+ --without-ldap \
+ --without-libnetapi \
+ --without-libsmbsharemodes \
+ --without-libsmbclient \
+ --without-libaddns \
+ --without-pam \
+ --without-winbind \
+ --disable-shared-libs \
+ --disable-avahi \
+ --disable-cups \
+ --disable-iprint \
+ --disable-pie \
+ --disable-relro \
+ --disable-swat
+
+$(D)/samba36: $(D)/zlib $(ARCHIVE)/samba-$(SAMBA36_VER).tar.gz | $(TARGETPREFIX)
+ $(START_BUILD)
+ rm -rf $(SAMBA_TARGET)
+ mkdir -p $(SAMBA_TARGET)
+ mkdir -p $(SAMBA_TARGET)
+ mkdir -p $(SAMBA_TARGET)/var/bin
+ mkdir -p $(SAMBA_TARGET)/var/sbin
+ mkdir -p $(SAMBA_TARGET)/var/etc
+ mkdir -p $(SAMBA_TARGET)/var/etc/init.d
+ $(REMOVE)/samba-$(SAMBA36_VER)
+ $(UNTAR)/samba-$(SAMBA36_VER).tar.gz
+ cd $(BUILD_TMP)/samba-$(SAMBA36_VER); \
+ for i in $(PATCHES)/samba36/patches/*; do \
+ echo -e "==> $(TERM_RED)Applying Patch:$(TERM_NORMAL) $$i"; \
+ patch -p1 < $$i; \
+ done; \
+ cd source3; \
+ export CONFIG_SITE=$(PATCHES)/samba36/files/samba36-config.site; \
+ ./autogen.sh; \
+ $(CONFIGURE) --build=$(BUILD) --host=$(TARGET) --target=$(TARGET) $(SAMBA36_CONF_OPTS); \
+ $(MAKE); \
+ $(MAKE) install DESTDIR=$(SAMBA_TARGET);
+ $(TARGET)-strip $(SAMBA_TARGET)/var/sbin/*
+ install -m 644 $(PATCHES)/samba36/files/smb3.conf $(SAMBA_TARGET)$(SMB_PREFIX)/etc/smb.conf
+ install -m 755 $(PATCHES)/samba36/files/samba3.init $(SAMBA_TARGET)$(SMB_PREFIX)/etc/init.d/samba
+ -rm -rf $(addprefix $(SAMBA_TARGET)/var/bin/,testparm findsmb smbtar smbclient smbpasswd)
+ rm -rf $(SAMBA_TARGET)/.remove
+ $(REMOVE)/samba-$(SAMBA36_VER)
+# $(TOUCH)
+
# Samba provides the SMB (Server-Message-Block-Protokoll)
SAMBA2_VER = 2.2.12
-SAMBA3_VER = 3.3.9
+SAMBA33_VER = 3.3.9
+SAMBA36_VER = 3.6.25
# SQLite is an in-process library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine
SQLITE_VER = 3160100
projects / bs-cst-neutrino-hd.git / commitdiff