Import ncpfs 2.2.6

Changes

@@ -1,3 +1,214 @@
+ChangeSet@1.306, 2005-01-27 18:25:25+01:00
+  Fix CAN-2005-0013 and CAN-2005-0014.  
+  
+  Fix CAN-2005-0013: Run with euid == uid for most of time, and switch 
+  to euid == 0 only when really needed.
+  
+  And although previous change decreases impact of CAN-2005-0014, let's 
+  fix random small static character arrays too.
+  
+  And when modprobe is spawned (on 2.0.x kernel), start it with empty
+  environment.
+
+ChangeSet@1.305, 2005-01-27 18:16:38+01:00
+  Move nds_login_auth prototype where it belongs.
+
+ChangeSet@1.304, 2005-01-13 23:35:33+01:00
+  Kill strcpy_cw function, it has no right to survive.
+
+ChangeSet@1.303, 2005-01-13 21:54:08+01:00
+  Obviously when I added nds_login_auth() to nwnet.h header, I should 
+  have removed it from "obsolete" headers...
+
+ChangeSet@1.302, 2005-01-13 20:57:58+01:00
+  Well, I hoped that nds_login_auth will die before it will become part 
+  of API, but as I did not get to write NWDSLogin()-like function for
+  about 5 years, it is probably time to finally accept this patch.
+  
+  Add nds_login_auth to ncpfs headers.
+  
+  From Novell/SUSE via Olaf Hering.
+
+ChangeSet@1.301, 2005-01-13 20:56:22+01:00
+  Add missing <string.h> includes here and there.
+  
+  From Novell/SUSE via Olaf Hering.
+
+ChangeSet@1.300, 2005-01-13 20:55:36+01:00
+  Create ${DESTDIR}/sbin directory when it does not exist, instead of
+  failing install.
+  
+  From Novell/SUSE via Olaf Hering.
+
+ChangeSet@1.299, 2005-01-13 20:54:42+01:00
+  Disable unused function in pam_ncp_auth.
+  
+  From Novell/SUSE via Olaf Hering.
+
+ChangeSet@1.298, 2005-01-13 20:46:55+01:00
+  Regenerate .gmos.
+
+ChangeSet@1.297, 2005-01-13 20:45:55+01:00
+  Add couple of new translations, update existing ones, and switch
+  everything to UTF8.  Hopefully older gettexts will not break.
+  
+  From Novell/SUSE via Olaf Hering.
+
+ChangeSet@1.296, 2004-11-30 16:51:35+01:00
+  Update version to 2.2.5 and regenerate autoconf things.
+  TAG: ncpfs-2.2.5
+
+ChangeSet@1.295, 2004-11-30 16:43:28+01:00
+  Oops, this should have been checked before NWDSCreateContextHandleMnt 
+  changes.
+
+ChangeSet@1.294, 2004-11-30 16:42:25+01:00
+  Fix bad buffer overflow in NWDSCreateContextHandleMnt.  Plus fix
+  bogus interpretation of treeName.  And split 
+  NWDSCreateContextHandleMnt into two functions, anything taking string
+  as argument must take context, as string's encoding is defined by 
+  context settings...
+
+ChangeSet@1.293, 2004-11-30 16:40:03+01:00
+  NCP extensions support.  First version.
+
+ChangeSet@1.292, 2004-11-30 16:39:01+01:00
+  Use 'GetNearestServer' while looking for connection for bindery resolver.
+
+ChangeSet@1.291, 2004-06-07 20:11:24+02:00
+  Correct ncpmount manpage: both ncp and ncpfs are allowed filesystem types.
+
+ChangeSet@1.290, 2004-05-30 00:05:33+02:00
+  Fix php_auth_nds build.
+
+ChangeSet@1.289, 2004-05-30 00:04:58+02:00
+  Regenerate autotools files.
+
+ChangeSet@1.288, 2004-05-30 00:03:04+02:00
+  Make code compatible with gcc-3.4 (mainly lvalue casts).
+  Get rid of all warnings messages.
+
+ChangeSet@1.287, 2004-05-29 19:38:43+02:00
+  Update PHP module with Patrick's changes.
+
+ChangeSet@1.286, 2004-05-29 19:37:36+02:00
+  Update PAM module with about two years old changes from Patrick. Sorry
+  for the delay.
+
+ChangeSet@1.285, 2004-03-15 15:53:18+01:00
+  Replace tabs with spaces in printed out messages in readattr.
+  Properly parse NWDSRead output when request type 4 is specified in readattr.
+
+ChangeSet@1.284, 2004-03-15 10:32:26+00:00, aia21@cantab.net
+  Apply patch (originally written by Ben Harris <bjh21@cam.ac.uk>) to
+  contrib/testing/readattr.c implementing the -n option to only print
+  the attribute value to stdout and improving the output formatting of
+  various things.
+
+ChangeSet@1.283, 2004-02-10 19:27:19+01:00
+  ncpfs-2.2.4
+  TAG: ncpfs-2.2.4
+
+ChangeSet@1.282, 2004-02-10 19:15:10+01:00
+  Fix ncp_path_to_NW_format for some boundary cases.
+  TAG: ncpfs-2.2.4
+
+ChangeSet@1.281, 2004-02-10 19:13:01+01:00
+  Force nodev & nosuid when non-root mounts filesystem.
+
+ChangeSet@1.280, 2004-02-02 01:19:30+01:00
+  Fix out-of-array indexing. RedHat bug 110897.
+
+ChangeSet@1.279, 2003-12-19 16:10:14+01:00
+  Missed this one in last checkin.
+
+ChangeSet@1.278, 2003-12-19 16:03:50+01:00
+  Rerun autoconf & phpize. 
+  
+  Fixes autoconf 2.5 vs. 2.13 mismatch between main configure and 
+  code in contrib/php discovered by Robin Cook.
+
+ChangeSet@1.277, 2003-12-10 12:21:04+01:00, esr@thyrsus.com
+  There was an unbalanced option group in nwpasswd synopsis.
+
+ChangeSet@1.276, 2003-07-20 01:52:32+02:00, vana@evon.vc.cvut.cz
+  Update perl interface for swig-1.3.20.
+
+ChangeSet@1.275, 2003-07-20 01:17:52+02:00, vana@evon.vc.cvut.cz
+  Move perl interface from contrib/swig to contrib/perl/ncpfs. MakeMaker 
+  requires directory name identical to .pm.
+
+ChangeSet@1.274, 2003-07-17 00:29:26+02:00
+  Updated autoconf to the latest code.
+
+ChangeSet@1.273, 2003-07-17 00:27:41+02:00
+  Rename pqrm to nwpqjob, and add support for resuming held print jobs (resuming code
+  was contributed by Zdenek Roub).
+
+ChangeSet@1.272, 2003-07-17 00:23:39+02:00, zroub@spss.zcu.cz
+  Add NWChangeQueueJobEntry to the library.
+
+ChangeSet@1.271, 2003-07-16 23:08:22+02:00, stk@ahs.hist.no
+  NWDSReadAttrDef request buffers should be filled with NWDSPutAttrName, not with
+  NWDSPutClassItem.
+
+ChangeSet@1.270, 2003-06-27 21:32:14+02:00
+  Disable logging questions.
+  Set default behavior for checkins to do get on modified files automatically.
+
+ChangeSet@1.269, 2003-06-27 21:26:25+02:00
+  Add support for generating slackware src packages.
+
+ChangeSet@1.268, 2003-06-14 22:37:35+02:00
+  Wait until ncpd exits when closing NCP connection. Otherwise ncpd can still run while
+  we are trying to open new connection (which fails due to local address still in use).
+
+ChangeSet@1.267, 2003-06-14 17:05:13+02:00
+  Add '-a /auth/src' option to the ncpmount. 
+  Originally by Petr Janecek <janecek@ucw.cz>.
+
+ChangeSet@1.266, 2003-06-14 14:59:50+02:00
+  Fix syslog format string in nwpjmv.
+
+ChangeSet@1.265, 2003-06-14 14:58:49+02:00
+  Fix changelog entry format for last commit.
+
+ChangeSet@1.264, 2003-06-14 14:55:04+02:00, patrick.pollet@cipcinsa.insa-lyon.fr
+  Allow '-S /mount/point' in all utilities.
+
+ChangeSet@1.263, 2003-04-23 22:18:08+02:00
+  Add error code to the nprint error messages.
+
+ChangeSet@1.262, 2003-04-23 22:12:10+02:00
+  Fix nprint on big endian machines. Reported by Quinten Steenhuis.
+
+ChangeSet@1.261, 2003-04-06 04:11:43+02:00
+  ignore:
+    added man/nwpjmv.1.gz util/nwpjmv
+
+ChangeSet@1.260, 2003-04-06 04:09:49+02:00
+  Use closing of pipe instead of sending signal for signalling watchdog process.
+  Caller can do set*euid() between ncp_open() and ncp_close(), and it can happen
+  that caller at ncp_close() time has no rights to send signals to process created
+  at ncp_open() time :-(
+  
+  Use doublefork for watchdog process so caller does not see this child...
+
+ChangeSet@1.259, 2003-03-31 21:50:14+02:00
+  Switch pqstat to getopt() parser.
+
+ChangeSet@1.258, 2003-03-31 21:35:04+02:00
+  Add version to the ncp_change_job_position symbol.
+
+ChangeSet@1.257, 2003-03-31 21:33:56+02:00
+  Add -B option to pqstat.
+
+ChangeSet@1.256, 2003-03-31 21:20:58+02:00
+  Add nwpjmv tool & ncp_change_job_position function. From Bruno Browning.
+
+ChangeSet@1.255, 2003-03-31 21:11:39+02:00
+  ncpfs 2.2.3 changelog
+
 ChangeSet@1.254, 2003-03-13 15:54:06+01:00
   ncpfs-2.2.3
   TAG: ncpfs-2.2.3

config.guess

@@ -3,7 +3,7 @@
 #   Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
 #   2000, 2001, 2002, 2003, 2004 Free Software Foundation, Inc.
 
-timestamp='2004-08-13'
+timestamp='2004-11-12'
 
 # This file is free software; you can redistribute it and/or modify it
 # under the terms of the GNU General Public License as published by
@@ -319,6 +319,9 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
     *:OS/390:*:*)
 	echo i370-ibm-openedition
 	exit 0 ;;
+    *:z/VM:*:*)
+	echo s390-ibm-zvmoe
+	exit 0 ;;
     *:OS400:*:*)
         echo powerpc-ibm-os400
 	exit 0 ;;
@@ -342,7 +345,7 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
     DRS?6000:unix:4.0:6*)
 	echo sparc-icl-nx6
 	exit 0 ;;
-    DRS?6000:UNIX_SV:4.2*:7*)
+    DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*)
 	case `/usr/bin/uname -p` in
 	    sparc) echo sparc-icl-nx7 && exit 0 ;;
 	esac ;;
@@ -824,6 +827,12 @@ EOF
     cris:Linux:*:*)
 	echo cris-axis-linux-gnu
 	exit 0 ;;
+    crisv32:Linux:*:*)
+	echo crisv32-axis-linux-gnu
+	exit 0 ;;
+    frv:Linux:*:*)
+    	echo frv-unknown-linux-gnu
+	exit 0 ;;
     ia64:Linux:*:*)
 	echo ${UNAME_MACHINE}-unknown-linux-gnu
 	exit 0 ;;
@@ -1241,7 +1250,10 @@ EOF
 	    A*) echo alpha-dec-vms && exit 0 ;;
 	    I*) echo ia64-dec-vms && exit 0 ;;
 	    V*) echo vax-dec-vms && exit 0 ;;
-	esac
+	esac ;;
+    *:XENIX:*:SysV)
+	echo i386-pc-xenix
+	exit 0 ;;
 esac
 
 #echo '(No uname command or uname output not recognized.)' 1>&2

config.sub

@@ -3,7 +3,7 @@
 #   Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
 #   2000, 2001, 2002, 2003, 2004 Free Software Foundation, Inc.
 
-timestamp='2004-06-24'
+timestamp='2004-11-30'
 
 # This file is (in principle) common to ALL GNU software.
 # The presence of a machine in this file suggests that SOME GNU software
@@ -267,7 +267,7 @@ case $basic_machine in
 	| tahoe | thumb | tic4x | tic80 | tron \
 	| v850 | v850e \
 	| we32k \
-	| x86 | xscale | xstormy16 | xtensa \
+	| x86 | xscale | xscalee[bl] | xstormy16 | xtensa \
 	| z8k)
 		basic_machine=$basic_machine-unknown
 		;;
@@ -343,8 +343,8 @@ case $basic_machine in
 	| tron-* \
 	| v850-* | v850e-* | vax-* \
 	| we32k-* \
-	| x86-* | x86_64-* | xps100-* | xscale-* | xstormy16-* \
-	| xtensa-* \
+	| x86-* | x86_64-* | xps100-* | xscale-* | xscalee[bl]-* \
+	| xstormy16-* | xtensa-* \
 	| ymp-* \
 	| z8k-*)
 		;;
@@ -457,6 +457,9 @@ case $basic_machine in
 	crds | unos)
 		basic_machine=m68k-crds
 		;;
+	crisv32 | crisv32-* | etraxfs*)
+		basic_machine=crisv32-axis
+		;;
 	cris | cris-* | etrax*)
 		basic_machine=cris-axis
 		;;
@@ -486,6 +489,10 @@ case $basic_machine in
 		basic_machine=m88k-motorola
 		os=-sysv3
 		;;
+	djgpp)
+		basic_machine=i586-pc
+		os=-msdosdjgpp
+		;;
 	dpx20 | dpx20-*)
 		basic_machine=rs6000-bull
 		os=-bosx
@@ -1026,6 +1033,10 @@ case $basic_machine in
 		basic_machine=hppa1.1-winbond
 		os=-proelf
 		;;
+	xbox)
+		basic_machine=i686-pc
+		os=-mingw32
+		;;
 	xps | xps100)
 		basic_machine=xps100-honeywell
 		;;
@@ -1294,6 +1305,9 @@ case $os in
 	-kaos*)
 		os=-kaos
 		;;
+	-zvmoe)
+		os=-zvmoe
+		;;
 	-none)
 		;;
 	*)

configure

@@ -1,7 +1,7 @@
 #! /bin/sh
-# From configure.ac 2.2.5.
+# From configure.ac 2.2.6.
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.59 for ncpfs 2.2.5.
+# Generated by GNU Autoconf 2.59 for ncpfs 2.2.6.
 #
 # Report bugs to <vandrove@vc.cvut.cz>.
 #
@@ -270,8 +270,8 @@ SHELL=${CONFIG_SHELL-/bin/sh}
 # Identity of this package.
 PACKAGE_NAME='ncpfs'
 PACKAGE_TARNAME='-ncpfs-'
-PACKAGE_VERSION='2.2.5'
-PACKAGE_STRING='ncpfs 2.2.5'
+PACKAGE_VERSION='2.2.6'
+PACKAGE_STRING='ncpfs 2.2.6'
 PACKAGE_BUGREPORT='vandrove@vc.cvut.cz'
 
 ac_unique_file="lib/ncplib.c"
@@ -782,7 +782,7 @@ if test "$ac_init_help" = "long"; then
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures ncpfs 2.2.5 to adapt to many kinds of systems.
+\`configure' configures ncpfs 2.2.6 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -843,7 +843,7 @@ fi
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of ncpfs 2.2.5:";;
+     short | recursive ) echo "Configuration of ncpfs 2.2.6:";;
    esac
   cat <<\_ACEOF
 
@@ -988,7 +988,7 @@ fi
 test -n "$ac_init_help" && exit 0
 if $ac_init_version; then
   cat <<\_ACEOF
-ncpfs configure 2.2.5
+ncpfs configure 2.2.6
 generated by GNU Autoconf 2.59
 
 Copyright (C) 2003 Free Software Foundation, Inc.
@@ -1002,7 +1002,7 @@ cat >&5 <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by ncpfs $as_me 2.2.5, which was
+It was created by ncpfs $as_me 2.2.6, which was
 generated by GNU Autoconf 2.59.  Invocation command line was
 
   $ $0 $@
@@ -11777,7 +11777,7 @@ _ASBOX
 } >&5
 cat >&5 <<_CSEOF
 
-This file was extended by ncpfs $as_me 2.2.5, which was
+This file was extended by ncpfs $as_me 2.2.6, which was
 generated by GNU Autoconf 2.59.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -11840,7 +11840,7 @@ _ACEOF
 
 cat >>$CONFIG_STATUS <<_ACEOF
 ac_cs_version="\\
-ncpfs config.status 2.2.5
+ncpfs config.status 2.2.6
 configured by $0, generated by GNU Autoconf 2.59,
   with options \\"`echo "$ac_configure_args" | sed 's/[\\""\`\$]/\\\\&/g'`\\"
 

configure.ac

@@ -1,8 +1,8 @@
 dnl Process this file with autoconf to produce a configure script.
 AC_PREREQ(2.50)
-AC_INIT([[ncpfs]],[[2.2.5]],[[vandrove@vc.cvut.cz]])
+AC_INIT([[ncpfs]],[[2.2.6]],[[vandrove@vc.cvut.cz]])
 AC_CONFIG_SRCDIR([[lib/ncplib.c]])
-AC_REVISION([[2.2.5]])
+AC_REVISION([[2.2.6]])
 AC_CONFIG_HEADER(include/config.h)
 
 

contrib/pam/pam_ncp_auth.c

@@ -3837,7 +3837,7 @@ nw_process_forward_file(UNUSED(const char *uname), const struct nw_user_info *ui
 
 /******************************* check for allowed remote access by zen ***/
 
-#if 1
+#if 0
 static void
 report(int err, const char *what, const char *info)
 {

contrib/php/libtool

@@ -44,7 +44,7 @@ available_tags=" CXX"
 
 # ### BEGIN LIBTOOL CONFIG
 
-# Libtool was configured on host evon:
+# Libtool was configured on host vana:
 
 # Shell to use when invoking shell scripts.
 SHELL="/bin/sh"
@@ -316,14 +316,18 @@ variables_saved_for_relink="PATH  LD_RUN_PATH GCC_EXEC_PREFIX COMPILER_PATH LIBR
 link_all_deplibs=unknown
 
 # Compile-time system search path for libraries
-sys_lib_search_path_spec=" /usr/lib/gcc-lib/i486-linux/3.3.3/ /usr/lib/gcc/i486-linux/3.3.3/ /usr/lib/gcc-lib/i486-linux/3.3.3/../../../../i486-linux/lib/i486-linux/3.3.3/ /usr/lib/gcc-lib/i486-linux/3.3.3/../../../../i486-linux/lib/ /usr/lib/gcc-lib/i486-linux/3.3.3/../../../i486-linux/3.3.3/ /usr/lib/gcc-lib/i486-linux/3.3.3/../../../ /lib/i486-linux/3.3.3/ /lib/ /usr/lib/i486-linux/3.3.3/ /usr/lib/"
+sys_lib_search_path_spec=" /usr/lib/gcc-lib/i486-linux/3.3.5/ /usr/lib/gcc/i486-linux/3.3.5/ /usr/lib/gcc-lib/i486-linux/3.3.5/../../../../i486-linux/lib/i486-linux/3.3.5/ /usr/lib/gcc-lib/i486-linux/3.3.5/../../../../i486-linux/lib/ /usr/lib/gcc-lib/i486-linux/3.3.5/../../../i486-linux/3.3.5/ /usr/lib/gcc-lib/i486-linux/3.3.5/../../../ /lib/i486-linux/3.3.5/ /lib/ /usr/lib/i486-linux/3.3.5/ /usr/lib/"
 
 # Run-time system search path for libraries
-sys_lib_dlsearch_path_spec="/lib /usr/lib /usr/X11R6/lib
-
+sys_lib_dlsearch_path_spec="/lib /usr/lib /usr/X11R6/lib/Xaw3d
+/usr/X11R6/lib
+/usr/local/lib
 /usr/lib/libc5-compat
 /lib/libc5-compat
-/usr/i486-linuxlibc1/lib"
+/usr/i486-linuxlibc1/lib
+/lib64
+/usr/lib64
+/usr/X11R6/lib64"
 
 # Fix the shell variable $srcfile for the compiler.
 fix_srcfile_path=""
@@ -6705,7 +6709,7 @@ build_old_libs=`case $build_libtool_libs in yes) $echo no;; *) $echo yes;; esac`
 # End:
 # ### BEGIN LIBTOOL TAG CONFIG: CXX
 
-# Libtool was configured on host evon:
+# Libtool was configured on host vana:
 
 # Shell to use when invoking shell scripts.
 SHELL="/bin/sh"
@@ -6878,11 +6882,11 @@ striplib="strip --strip-unneeded"
 
 # Dependencies to place before the objects being linked to create a
 # shared library.
-predep_objects="/usr/lib/gcc-lib/i486-linux/3.3.3/../../../crti.o /usr/lib/gcc-lib/i486-linux/3.3.3/crtbeginS.o"
+predep_objects="/usr/lib/gcc-lib/i486-linux/3.3.5/../../../crti.o /usr/lib/gcc-lib/i486-linux/3.3.5/crtbeginS.o"
 
 # Dependencies to place after the objects being linked to create a
 # shared library.
-postdep_objects="/usr/lib/gcc-lib/i486-linux/3.3.3/crtendS.o /usr/lib/gcc-lib/i486-linux/3.3.3/../../../crtn.o"
+postdep_objects="/usr/lib/gcc-lib/i486-linux/3.3.5/crtendS.o /usr/lib/gcc-lib/i486-linux/3.3.5/../../../crtn.o"
 
 # Dependencies to place before the objects being linked to create a
 # shared library.
@@ -6894,7 +6898,7 @@ postdeps="-lstdc++ -lm -lgcc_s -lc -lgcc_s"
 
 # The library search path used internally by the compiler when linking
 # a shared library.
-compiler_lib_search_path="-L/usr/lib/gcc-lib/i486-linux/3.3.3 -L/usr/lib/gcc-lib/i486-linux/3.3.3/../../.."
+compiler_lib_search_path="-L/usr/lib/gcc-lib/i486-linux/3.3.5 -L/usr/lib/gcc-lib/i486-linux/3.3.5/../../.."
 
 # Method to check whether dependent libraries are shared objects.
 deplibs_check_method="pass_all"
@@ -6974,14 +6978,18 @@ variables_saved_for_relink="PATH LD_LIBRARY_PATH LD_RUN_PATH GCC_EXEC_PREFIX COM
 link_all_deplibs=unknown
 
 # Compile-time system search path for libraries
-sys_lib_search_path_spec=" /usr/lib/gcc-lib/i486-linux/3.3.3/ /usr/lib/gcc/i486-linux/3.3.3/ /usr/lib/gcc-lib/i486-linux/3.3.3/../../../../i486-linux/lib/i486-linux/3.3.3/ /usr/lib/gcc-lib/i486-linux/3.3.3/../../../../i486-linux/lib/ /usr/lib/gcc-lib/i486-linux/3.3.3/../../../i486-linux/3.3.3/ /usr/lib/gcc-lib/i486-linux/3.3.3/../../../ /lib/i486-linux/3.3.3/ /lib/ /usr/lib/i486-linux/3.3.3/ /usr/lib/"
+sys_lib_search_path_spec=" /usr/lib/gcc-lib/i486-linux/3.3.5/ /usr/lib/gcc/i486-linux/3.3.5/ /usr/lib/gcc-lib/i486-linux/3.3.5/../../../../i486-linux/lib/i486-linux/3.3.5/ /usr/lib/gcc-lib/i486-linux/3.3.5/../../../../i486-linux/lib/ /usr/lib/gcc-lib/i486-linux/3.3.5/../../../i486-linux/3.3.5/ /usr/lib/gcc-lib/i486-linux/3.3.5/../../../ /lib/i486-linux/3.3.5/ /lib/ /usr/lib/i486-linux/3.3.5/ /usr/lib/"
 
 # Run-time system search path for libraries
-sys_lib_dlsearch_path_spec="/lib /usr/lib /usr/X11R6/lib
-
+sys_lib_dlsearch_path_spec="/lib /usr/lib /usr/X11R6/lib/Xaw3d
+/usr/X11R6/lib
+/usr/local/lib
 /usr/lib/libc5-compat
 /lib/libc5-compat
-/usr/i486-linuxlibc1/lib"
+/usr/i486-linuxlibc1/lib
+/lib64
+/usr/lib64
+/usr/X11R6/lib64"
 
 # Fix the shell variable $srcfile for the compiler.
 fix_srcfile_path=""

include/ncp/ndslib.h

@@ -98,4 +98,6 @@
 #include <ncp/obsolete/o_ndslib.h>
 #endif
 
+long nds_login_auth(NWCONN_HANDLE conn, const char *user, const char *pwd);
+
 #endif /* ifndef _NDSLIB_H_ */

include/ncp/nwclient.h

@@ -189,7 +189,6 @@ NWDSCCODE NWCXGetMultiStringAttributeValue (NWDSContextHandle ctx,
 NWDSCCODE NWCXSplitNameAndContext (NWDSContextHandle ctx,const NWDSChar * dn,
                                    char * name, char* context);
 
-
 #ifdef __cplusplus
 }
 #endif

include/ncp/obsolete/o_ndslib.h

@@ -35,7 +35,6 @@ void strcpy_uc(char *d, const uni_char *s);
 void strcpy_cu(uni_char *d, const char *s);
 long nds_get_server_name(NWCONN_HANDLE conn, uni_char **server_name);
 long nds_get_tree_name(NWCONN_HANDLE conn, char *name, int name_buf_len);
-long nds_login_auth(NWCONN_HANDLE conn, const char *user, const char *pwd);
 long nds_resolve_name(struct ncp_conn *conn, int flags, uni_char *entry_name,
 	int *entry_id, int *remote, struct sockaddr *serv_addr, size_t *addr_len);
 long nds_read(NWCONN_HANDLE conn, u_int32_t object_id, uni_char *prop_name,

lib/ds/classes.c

@@ -34,6 +34,7 @@
 
 #include <ncp/nwcalls.h>
 #include "nwnet_i.h"
+#include <string.h>
 
 #define CLASSDEF_ASN	0x0001
 #define CLASSDEF_TIMES	0x0002

lib/ds/dsgetstat.c

@@ -32,6 +32,7 @@
 
 #include <ncp/nwcalls.h>
 #include "nwnet_i.h"
+#include <string.h>
 
 static NWDSCCODE __NWDSGetNDSStatistics(
 		NWCONN_HANDLE	conn,

lib/ncplib.c

@@ -132,6 +132,7 @@
 #include "ncplib_i.h"
 /* due to NWVerifyObjectPassword... */
 #include <ncp/nwcalls.h>
+#include <ncp/nwnet.h>
 #include "ncpsign.h"
 #ifdef NDS_SUPPORT
 int bindery_only = 0;
@@ -2258,6 +2259,9 @@ ncp_fopen_nwc(FILE** nwc)
 	if (stat(path, &st) != 0) {
 		return errno;
 	}
+        if (st.st_uid != getuid()) {
+                return EACCES;
+        }
 	if ((st.st_mode & (S_IRWXO | S_IRWXG)) != 0) {
 		return NCPLIB_INVALID_MODE;
 	}
@@ -2366,7 +2370,7 @@ ncp_find_conn_spec3(const char *server, const char *user, const char *password,
 		       spec->server, spec->user);
 
 		pwd = getpass(_("Password: "));
-		if (strlen(pwd) > sizeof(spec->password)) {
+		if (strlen(pwd) >= sizeof(spec->password)) {
 			return ENAMETOOLONG;
 		}
 		strcpy(spec->password, pwd);

lib/nwclient.c

@@ -353,11 +353,6 @@ NWCCODE NWCXGetPermConnListByServerName (NWCONN_HANDLE* conns , int maxEntries,
 }
 
 #ifdef NDS_SUPPORT
-/* copied from ndslib.c */
-static void strcpy_cw(wchar_t *w, const char* s) {
-        while ((*w++ = *(const nuint8*)s++) != 0);
-}
-
 NWDSCCODE NWDSSetContextHandleTree(NWDSContextHandle ctx, const NWDSChar * treeName)
 {
 #define MAXCONNS 64
@@ -482,6 +477,10 @@ static char* readnwinfosfile (char * user, const char * info, const char * forTr
                 *err = errno;
                 return NULL;
         }
+        if (st.st_uid != getuid()) {
+                *err = EACCES;
+                return NULL;
+        }
         if ((st.st_mode & (S_IRWXO | S_IRWXG)) != 0) {
                 *err = NCPLIB_INVALID_MODE;
                 return NULL;
@@ -821,7 +820,7 @@ attributes with fields are emitted on a single line with "," as separator*/
 static NWDSCCODE __docopy_string (UNUSED(NWDSContextHandle ctx), const void* val,
                                    const enum SYNTAX synt, size_t currentSize,
                                    char* result, size_t maxSize){
-
+  int l;
 #ifdef DEBUG_PRINT
   printf ("__docopy_string got :%s synt = %d cursize=%d maxsize= %d\n",(char *)val,synt,currentSize,maxSize );
 #endif
@@ -830,90 +829,63 @@ static NWDSCCODE __docopy_string (UNUSED(NWDSContextHandle ctx), const void* val
   if (!result) return ERR_NULL_POINTER;
   switch (synt) {
 	case SYN_DIST_NAME:
-#if 0
-		{
-			NWDSCCODE err;
-			char tmpBuf [MAX_DN_BYTES+1];
-
-			err = NWDSAbbreviateName(ctx, val, tmpBuf);
-			if (err)
-				return err;
-			strcpy (result,tmpBuf);
-		}
-#else
-		strcpy(result,val);
-#endif
-		break;
 	case SYN_CI_STRING:
 	case SYN_CE_STRING:
         case SYN_PR_STRING:
 	case SYN_NU_STRING:
 	case SYN_TEL_NUMBER:
 	case SYN_CLASS_NAME:
-		strcpy(result,val);
-	        break;
+		l = snprintf(result, maxSize, "%s", (const char *)val);
+		break;
 	case SYN_PATH:{
 	        const Path_T* p = (const Path_T*)val;
-                if (strlen(p->volumeName)+strlen(p->path)+2+2+1>=maxSize)
-                        return NWE_BUFFER_OVERFLOW;
-		sprintf(result,"%u,%s,%s", p->nameSpaceType,p->volumeName, p->path);
+
+		l = snprintf(result, maxSize, "%u,%s,%s", p->nameSpaceType, p->volumeName, p->path);
                 }
 		break;
 	case SYN_TYPED_NAME:{
 		const Typed_Name_T* tn = (const Typed_Name_T*)val;
-                if (strlen(tn->objectName)+8+8+2+1>=maxSize)
-                        return NWE_BUFFER_OVERFLOW;
-		sprintf(result,"%u,%u,%s", tn->interval,tn->level,tn->objectName);
+
+		l = snprintf(result, maxSize, "%u,%u,%s", tn->interval, tn->level, tn->objectName);
 		}
 		break;
 	case SYN_FAX_NUMBER:{
 	        const Fax_Number_T* fn = (const Fax_Number_T*)val;
-                if (strlen(fn->telephoneNumber)+2+1+1>=maxSize)
-                        return NWE_BUFFER_OVERFLOW;
-		sprintf(result,"%s,%u", fn->telephoneNumber,fn->parameters.numOfBits);
+		
+		l = snprintf(result, maxSize, "%s,%u", fn->telephoneNumber, fn->parameters.numOfBits);
 		}
 		break;
 	case SYN_EMAIL_ADDRESS:{
 		const EMail_Address_T* ea = (const EMail_Address_T*)val;
                 /*change the SMTP:aaa@bbbb to SMTP,aaa@bbbb */
                 char* p=strchr(ea->address,':');
-                if (strlen(ea->address)+2+1+1>=maxSize)
-                        return NWE_BUFFER_OVERFLOW;
 
                 if (p) *p=',';
-		sprintf(result,"%u,%s", ea->type,ea->address);
+		l = snprintf(result, maxSize, "%u,%s", ea->type, ea->address);
 		}
 		break;
 	case SYN_PO_ADDRESS:{
 	        const NWDSChar* const* pa = (const NWDSChar* const*)val;
-                int n;
-                size_t len=1;
-                for (n=0;n <5;n++)
-                  len +=strlen(pa[n]+1);
-                if (len >=maxSize)
-                        return NWE_BUFFER_OVERFLOW;
-		sprintf(result,"%s,%s,%s,%s,%s,%s",pa[0],pa[1],pa[2],pa[3],pa[4],pa[5]);
+
+		l = snprintf(result, maxSize, "%s,%s,%s,%s,%s,%s", pa[0], pa[1], pa[2], pa[3], pa[4], pa[5]);
 		}
 		break;
 	case SYN_HOLD:{
 	        const Hold_T* h = (const Hold_T*)val;
-                if (strlen(h->objectName)+8+1+1>=maxSize)
-                        return NWE_BUFFER_OVERFLOW;
-		sprintf(result,"%u,%s", h->amount, h->objectName);
+
+		l = snprintf(result, maxSize, "%u,%s", h->amount, h->objectName);
 		}
 		break;
          case SYN_TIMESTAMP:{
                 const TimeStamp_T* stamp = (const TimeStamp_T*)val;
-                if (maxSize <=3*9)
-                        return NWE_BUFFER_OVERFLOW;
-                sprintf(result,"%u,%u,%u",stamp->wholeSeconds, stamp->replicaNum,stamp->eventID);
+                
+		l = snprintf(result, maxSize, "%u,%u,%u", stamp->wholeSeconds, stamp->replicaNum, stamp->eventID);
                 }
                 break;
          case SYN_BACK_LINK:{
                 const Back_Link_T* bl = (const Back_Link_T*)val;
-                if (strlen(bl->objectName)+8+1+1 >=maxSize)
-                        return NWE_BUFFER_OVERFLOW;
-                sprintf(result,"%08X,%s", bl->remoteID, bl->objectName);
+
+		l = snprintf(result, maxSize, "%08X,%s", bl->remoteID, bl->objectName);
                 }
                 break;
         case SYN_CI_LIST:{
@@ -938,61 +910,68 @@ static NWDSCCODE __docopy_string (UNUSED(NWDSContextHandle ctx), const void* val
                 }
                 *(--aux)=0;
                 }
-		break;
+		return 0;
 
          case SYN_OCTET_LIST:{
                 const Octet_List_T* ol = (const Octet_List_T*)val;
                 size_t i;
-                char aux [4];
-                if ((ol->length+1)*3+1 >=maxSize)
+                char *aux;
+
+                if (20 + (ol->length+1)*3+1 >=maxSize)
                         return NWE_BUFFER_OVERFLOW;
-                sprintf(result,"%u", ol->length);
+                sprintf(result, "%u", ol->length);
+		aux = result + strlen(result);
                 for (i = 0; i < ol->length; i++) {
-                        sprintf(aux,",%02X", ol->data[i]);
-                        strcat(result,aux);
+                        sprintf(aux, ",%02X", ol->data[i]);
+                        aux += 3;
                 }
                 }
-                break;
+                return 0;
         case SYN_OCTET_STRING:{
                 const Octet_String_T* os = (const Octet_String_T*)val;
-                char aux [4];
                 size_t i;
+		char *aux;
 #ifdef DEBUG_PRINT
                 printf ("len %d\n",os->length);
 #endif
-                if ((os->length+1)*3+1 >=maxSize)
+                if (20 + (os->length+1)*3+1 >=maxSize)
                         return NWE_BUFFER_OVERFLOW;
-                sprintf(result,"%u", os->length);
+                sprintf(result, "%u", os->length);
+		aux = result + strlen(result);
                 for (i = 0; i < os->length; i++) {
-                        sprintf(aux,",%02X", os->data[i]);
-                        strcat(result,aux);
+                        sprintf(aux, ",%02X", os->data[i]);
+                        aux += 3;
                 }
                 }
-                break;
+                return 0;
         case SYN_NET_ADDRESS:{
                 const Net_Address_T* na = (const Net_Address_T*)val;
                 size_t z;
-                char aux[4];
+                char *aux;
+
                 z=na->addressLength;
-                if (3*(z+2)+1  >=maxSize)
+                if (40 + 3*(z+2)+1  >=maxSize)
                         return NWE_BUFFER_OVERFLOW;
-                sprintf(result,"%u,%u", na->addressType,na->addressLength);
+                sprintf(result, "%u,%u", na->addressType, na->addressLength);
+		aux = result + strlen(result);
                 for (z = 0; z < na->addressLength; z++) {
-                        sprintf(aux,",%02X", na->address[z]);
-                        strcat(result,aux);
+                        sprintf(aux, ",%02X", na->address[z]);
+			aux += 3;
                 }
                 }
-                break;
+                return 0;
         case SYN_OBJECT_ACL:{
                 const Object_ACL_T* oacl = (const Object_ACL_T*)val;
-                if (strlen(oacl->protectedAttrName)+strlen(oacl->subjectName)+8+2+1 >=maxSize)
-                        return NWE_BUFFER_OVERFLOW;
-                sprintf(result,"%s,%s,%08X",oacl->protectedAttrName,oacl->subjectName,oacl->privileges);
+
+		l = snprintf(result, maxSize, "%s,%s,%08X", oacl->protectedAttrName, oacl->subjectName, oacl->privileges);
                 }
                 break;
 	default:
 		return EINVAL;
 	}
+	if (l < 0 || (size_t)l >= maxSize) {
+		return NWE_BUFFER_OVERFLOW;
+	}
         return 0;
 }
 

lib/nwcrypt.c

@@ -84,6 +84,7 @@ GPL. If anybody who knows more about copyright and sees any problems
 with this, please tell me.
 ****************************************************************************/
 
+#include <string.h>
 /******************* Data types ***************************/
 typedef unsigned char buf32[32];
 typedef unsigned char buf16[16];

lib/wcs.c

@@ -34,6 +34,7 @@
 #include "nwnet_i.h"
 
 #include <stdlib.h>
+#include <string.h>
 
 #ifndef HAVE_WCSCPY
 /* Do it yourself... Move into specific file?! */

ncpfs.lsm

@@ -1,7 +1,7 @@
 Begin3
 Title:          ncpfs
-Version:        2.2.5
-Entered-date:   November 30, 2004
+Version:        2.2.6
+Entered-date:   January 27, 2005
 Description:    With ncpfs you can mount volumes of your netware
                 server under Linux. You can also print to netware
                 print queues and spool netware print queues to the
@@ -10,8 +10,8 @@ Keywords:       filesystem ncp novell netware printing
 Author:         vandrove@vc.cvut.cz (Petr Vandrovec)
 		lendecke@Math.Uni-Goettingen.de (Volker Lendecke)
 Maintained-by:  vandrove@vc.cvut.cz (Petr Vandrovec)
-Primary-site:   platan.vc.cvut.cz /pub/linux/ncpfs/ncpfs-2.2.5
-                  1464k ncpfs-2.2.5.tgz
+Primary-site:   platan.vc.cvut.cz /pub/linux/ncpfs/ncpfs-2.2.6
+                  1464k ncpfs-2.2.6.tgz
                      1k ncpfs.lsm
 Alternate-site: ftp.cvut.cz /ncpfs
 Copying-policy: GPL

po/LINGUAS

@@ -1 +1 @@
-cs de
+cs de es fr hu it ja pt_BR zh_CN zh_TW

sutil/Makefile.in

@@ -50,6 +50,7 @@ all: $(UTILS)
 
 install: all
 	${INSTALL} -d $(DESTDIR)$(bindir)
+	${INSTALL} -d $(DESTDIR)/sbin
 	${INSTALL} -m 4755 $(UTILS) $(DESTDIR)$(bindir)
 ifeq ($(USE_KERNEL),1)
 	ln -sf ..$(bindir)/ncpmount $(DESTDIR)/sbin/mount.ncp

sutil/ncplogin.c

@@ -162,30 +162,34 @@ struct optinfo extopts[] = {
 #endif
 
         static int opt_set_volume_after_parsing_all_options(struct ncp_mount_info* info) {
-                char tmpNWPath[1024];
+                char *path;
 		int e;
 
-                /* we DID check in main that -V has been specified !*/
-                strcpy(tmpNWPath,info->remote_path);
-                if (info->root_path) {
-                        strcat(tmpNWPath,"/");
-                        strcat(tmpNWPath,info->root_path);
-                }
+		if (info->root_path) {
+			e = asprintf(&path, "%s/%s", info->remote_path, info->root_path);
+		} else {
+			e = asprintf(&path, "%s", info->remote_path);
+		}
+		if (e == -1) {
+			errexit(84, _("Cannot allocate memory for path\n"));
+		}
                 /* I keep forgeting typing it in uppercase so let's do it here */
-                str_upper(tmpNWPath);
-                info->pathlen = e = ncp_path_to_NW_format(tmpNWPath, info->NWpath, sizeof(info->NWpath));
+                str_upper(path);
+                info->pathlen = e = ncp_path_to_NW_format(path, info->NWpath, sizeof(info->NWpath));
 	        if (e < 0) {
-		        errexit(18, _("Volume path `%s' is invalid: `%s'\n"), tmpNWPath, strerror(-e));
+		        errexit(18, _("Volume path `%s' is invalid: `%s'\n"), path, strerror(-e));
 	        };
 	        if (info->pathlen == 1) {
 		        info->mdata.mounted_vol = "";
 		        info->remote_path = "/";
+			free(path);
 	        } else if (info->NWpath[0] != 1) {
 		        info->mdata.mounted_vol = "dummy";
-	        } else if (strlen(tmpNWPath) > NCP_VOLNAME_LEN) {
-		        errexit(19, _("Volume name `%s' is too long\n"), tmpNWPath);
+			free(path);
+	        } else if (strlen(path) > NCP_VOLNAME_LEN) {
+		        errexit(19, _("Volume name `%s' is too long\n"), path);
 	        } else {
-		        info->mdata.mounted_vol=info->remote_path;
+		        info->mdata.mounted_vol = path;
 	        }
                 return 0;
         }
@@ -201,8 +205,8 @@ struct optinfo extopts[] = {
         }
 
         static void opt_set_name_context(struct ncp_mount_info* info, const char* param) {
-                if (strlen(param)< sizeof(info->context))
-	                strcpy(info->context,param);
+                if (strlen(param) < sizeof(info->context))
+	                strcpy(info->context, param);
                 else{
 	                errexit(19, _("Context name `%s' is too long\n"), param);
                 }
@@ -307,7 +311,7 @@ main(int argc, char *argv[])
 {
 	struct ncp_mount_info info;
 	struct stat st;
-	char mount_name[256];
+	char *mount_name;
 
 	int result;
 
@@ -340,7 +344,7 @@ main(int argc, char *argv[])
 
 	init_mount_info(&info);
 
-	if (geteuid() != 0)
+	if (myeuid != 0)
 	{
 		errexit(26, _("%s must be installed suid root\n"), progname);
 	}
@@ -807,42 +811,29 @@ ncpipx:;
 
 	info.mdata.mount_point = mount_point;
 #ifndef NCPMAP
-	strcpy(mount_name, spec.server);
-	strcat(mount_name, "/");
-	strcat(mount_name, spec.user);
+	if (asprintf(&mount_name, "%s/%s", spec.server, spec.user) < 0) {
+		NWDSFreeContext(ctx);
+		errexit(85, _("Cannot allocate memory for mtab entry: %s\n"), strerror(ENOMEM));
+	}
 #else
 	{
-/* v 1.05 test for no multiple mount */
-		char nwuser[256]="";
-/*		struct ncp_conn_spec tmpSpec; */
+		NWDSChar user[MAX_DN_BYTES];
 
-		strcpy(mount_name, info.server);
-		strcat(mount_name, "/");
-		if ((err = NWDSWhoAmI(ctx,nwuser))==0) {
-		/* v 1.05 remove context in /etc/mtab entry */
-			NWCXSplitNameAndContext(ctx,nwuser,nwuser,NULL);
-			str_upper(nwuser);
-			strcat(mount_name,nwuser);
-/* does not work
-    if current user has another connexion to that server, even to another volume:path
-    ncp_find_permanent does not care about volume name nor "root path"
-                        memset(&tmpSpec, 0, sizeof(tmpSpec));
-                        strcpy(tmpSpec.user,nwuser);
-                        strcpy(tmpSpec.server,info.serverName);
-                        tmpSpec.uid=info.mdata.uid;
-                        if ((!info.allow_multiple_connections)&&
-		    ((tmp_mount = ncp_find_permanent(&tmpSpec)) != NULL))
-		{
-			fprintf(stderr,
-				_("You already have mounted server %s\nas user "
-				"%s\non mount point %s\n"), tmpSpec.server, tmpSpec.user,
-				tmp_mount);
-			exit(35);
-		}
-***************/
-		} else {
+		err = NWDSWhoAmI(ctx, user);
+		if (err) {
 			NWDSFreeContext(ctx);
-			errexit(51, _("NWDSWhoAmi returned %s\n"), strnwerror(err));
+			errexit(51, _("Cannot retrieve user identity: %s\n"), strnwerror(err));
+		}
+		err = NWCXSplitNameAndContext(ctx, user, user, NULL);
+		if (err) {
+			NWDSFreeContext(ctx);
+			errexit(86, _("Cannot parse user name: %s\n"), strnwerror(err));
+		}
+		/* FIXME: str_upper is unwanted! NWCXSplitNameAndContext too, BTW... Just retrieve name from server and do 'NWDSAbbreviateName' on it */
+		str_upper(user);
+		if (asprintf(&mount_name, "%s/%s", info.server, user) < 0) {
+			NWDSFreeContext(ctx);
+			errexit(85, _("Cannot allocate memory for mtab entry: %s\n"), strerror(ENOMEM));
 		}
 	}
 #endif
@@ -855,14 +846,16 @@ ncpipx:;
 		} else {
 			mycom_err(result, _("failed in mount(2)"));
 		}
+		free(mount_name);
 		NWDSFreeContext(ctx);
 		/*exit code stays 0 for TCL/tk to be fixed...*/
 		exit(0);
 	}
 	err = proc_aftermount(&info, &conn);
 	if (err) {
+		free(mount_name);
 		NWDSFreeContext(ctx);
-		umount(mount_point);
+		proc_ncpm_umount(mount_point);
 		exit(err);
 	}
 #ifndef NCPMAP
@@ -875,7 +868,8 @@ ncpipx:;
 				mycom_err(err, _("failed in nds login"));
 				fprintf(stderr, _("Login denied.\n"));
 				ncp_close(conn);
-				umount(mount_point);
+				proc_ncpm_umount(mount_point);
+				free(mount_name);
 				NWDSFreeContext(ctx);
 				exit(55);
 			}
@@ -893,7 +887,8 @@ ncpipx:;
 				mycom_err(err, _("in login"));
 				fprintf(stderr, _("Login denied\n"));
 				ncp_close(conn);
-				umount(mount_point);
+				proc_ncpm_umount(mount_point);
+				free(mount_name);
 				NWDSFreeContext(ctx);
 				exit(56);
 			}
@@ -911,34 +906,37 @@ ncpipx:;
 	err = NWDSAddConnection(ctx, conn);
 	if (err) {
 		ncp_close(conn);
-		umount(mount_point);
+		proc_ncpm_umount(mount_point);
+		free(mount_name);
 		NWDSFreeContext(ctx);
 		errexit(110, _("Cannot attach connection to context: %s\n"), strnwerror(err));
 	}
 	err = NWDSAuthenticateConn(ctx, conn);
 	if (err) {
 		ncp_close(conn);
-		umount(mount_point);
-/*one day I will be in trouble here, when NWDSFreeContext() will free all added connections */
+		proc_ncpm_umount(mount_point);
+		free(mount_name);
 		NWDSFreeContext(ctx);
 		errexit(112, _("Cannot authenticate connection: %s\n"), strnwerror(err));
 	}
 #endif
 
 	err = NWSetBroadcastMode(conn,info.bcastmode); /*ignore error for now */
-	NWDSFreeContext(ctx); /*free at last no more ifndef NCPMOUNT below */
 
 	if ((err = ncp_mount_specific(conn, -1, info.NWpath, info.pathlen)) != 0)
 	{
 		ncp_close(conn);
-		umount(mount_point);
+		proc_ncpm_umount(mount_point);
+		NWDSFreeContext(ctx);
 		errexit(57, _("Cannot access path \"%s\": %s\n"), info.remote_path, strerror(-err));
 	}
 	NWCCCloseConn(conn);
-	/*ncpmap, ncplogin must write in /etc/mtab*/
+	NWDSFreeContext(ctx);
+	/* ncpmap, ncplogin must write in /etc/mtab */
 	{
 		add_mnt_entry(mount_name, mount_point, info.flags);
 	}
+	free(mount_name);
 	if (info.echo_mnt_pnt) {
 		printf(_("mounted on:%s\n"),mount_point);
 	}

sutil/ncpm_common.c

@@ -219,8 +219,12 @@ static int load_ncpfs(void)
 		return 1;
 	} else if (pid == 0)
 	{
+		char *myenv[] = {
+			"PATH=/sbin:/usr/sbin:/bin:/usr/bin",
+			NULL
+		};
 		/* child */
-		execl("/sbin/modprobe", "modprobe", "ncpfs", NULL);
+		execle("/sbin/modprobe", "modprobe", "ncpfs", NULL, myenv);
 		_exit(127);	/* execl error */
 	} else
 	{
@@ -355,6 +359,54 @@ void verify_argv(int argc, char* argv[]) {
 
 #endif 
 
+static inline int ncpm_suser(void) {
+	return setreuid(-1, 0);
+}
+
+static int ncpm_normal(void) {
+	int e;
+	int v;
+
+	e = errno;
+	v = setreuid(-1, myuid);
+	errno = e;
+	return v;
+}
+
+static int proc_ncpm_mount(const char* source, const char* target, const char* filesystem, unsigned long mountflags, const void* data) {
+	int v;
+	int e;
+
+	if (ncpm_suser()) {
+		return errno;
+	}
+	v = mount(source, target, filesystem, mountflags, data);
+	if (ncpm_normal()) {
+		/* We cannot handle this situation gracefully, so do what we can */
+
+		e = errno;
+		/* If mount suceeded, undo it */
+		if (v) {
+			umount(target);
+		}
+		errexit(88, _("Cannot relinquish superuser rights: %s\n"), strerror(e));
+	}
+	return v;
+}
+
+int proc_ncpm_umount(const char* target) {
+	int v;
+
+	if (ncpm_suser()) {
+		return errno;
+	}
+	v = umount(target);
+	if (ncpm_normal()) {
+		errexit(89, _("Cannot relinquish superuser rights: %s\n"), strerror(errno));
+	}
+	return v;
+}
+
 #ifdef MOUNT2
 static int ncp_mount_v2(const char* mount_name, unsigned long flags, const struct ncp_mount_data_independent* data) {
 	struct ncp_mount_data_v2 datav2;
@@ -392,7 +444,7 @@ static int ncp_mount_v2(const char* mount_name, unsigned long flags, const struc
 	}
         datav2.file_mode   = data->file_mode;
         datav2.dir_mode    = data->dir_mode;
-	err = mount(mount_name, data->mount_point, "ncpfs", flags, (void*) &datav2);
+	err = proc_ncpm_mount(mount_name, data->mount_point, "ncpfs", flags, (void*) &datav2);
 	if (err)
 		return errno;
 	return 0;
@@ -456,7 +508,7 @@ static int ncp_mount_v3(const char* mount_name, unsigned long flags, const struc
 		exit(0);	/* Should not return from process_connection */
 	}
 	close(pp[0]);
-	err=mount(mount_name, data->mount_point, "ncpfs", flags, (void*) &datav3);
+	err=proc_ncpm_mount(mount_name, data->mount_point, "ncpfs", flags, (void*) &datav3);
 	if (err) {
 		err = errno;
 		/* Mount unsuccesful so we have to kill daemon */
@@ -507,7 +559,7 @@ static int ncp_mount_v4(const char* mount_name, unsigned long flags, struct ncp_
 		sprintf(mountopts, "version=%u,flags=%u,owner=%u,uid=%u,gid=%u,mode=%u,dirmode=%u,timeout=%u,retry=%u,wdogpid=%u,ncpfd=%u,infofd=%u",
 			NCP_MOUNT_VERSION_V5, ncpflags, data->mounted_uid, data->uid, data->gid, data->file_mode,
 			data->dir_mode, data->time_out, data->retry_count, wdog_pid, data->ncp_fd, pp[1]);
-		err=mount(mount_name, data->mount_point, "ncpfs", flags, mountopts);
+		err=proc_ncpm_mount(mount_name, data->mount_point, "ncpfs", flags, mountopts);
 	} else {
 		err=-1;
 	}
@@ -525,7 +577,7 @@ static int ncp_mount_v4(const char* mount_name, unsigned long flags, struct ncp_
 	        datav4.file_mode   = data->file_mode;
         	datav4.dir_mode    = data->dir_mode;
 		datav4.wdog_pid	   = wdog_pid;
-		err = mount(mount_name, data->mount_point, "ncpfs", flags, (void*)&datav4);
+		err = proc_ncpm_mount(mount_name, data->mount_point, "ncpfs", flags, (void*)&datav4);
 		if (err) {
 			err = errno;
 			/* Mount unsuccesful so we have to kill daemon */
@@ -546,9 +598,16 @@ static int ncp_mount_v4(const char* mount_name, unsigned long flags, struct ncp_
 void init_mount_info(struct ncp_mount_info *info) {
 	mode_t um;
 
-	memset(info, 0, sizeof(*info));
-
 	myuid = getuid();
+	myeuid = geteuid();
+
+	if (myeuid == 0) {
+		if (setreuid(-1, myuid)) {
+			errexit(87, _("Cannot relinquish superuser rights: %s\n"), strerror(errno));
+		}
+	}
+
+	memset(info, 0, sizeof(*info));
 
 	info->version = -1;
 	info->flags = MS_MGC_VAL;
@@ -649,7 +708,14 @@ ncp_mount_specific(struct ncp_conn* conn, int pathNS, const unsigned char* NWpat
 			sr.name_space = NW_NS_DOS;
 			sr.dirEntNum = DVAL_LH(&dirinfo.Directory.dirEntNum, 0);
 		}
+		if (ncpm_suser()) {
+			return -errno;
+		}
 		result = ioctl(ncp_get_fid(conn), NCP_IOC_SETROOT, &sr);
+		if (ncpm_normal()) {
+			/* Just continue, otherwise we cannot unmount directory */
+			return result ? -errno : -EPERM;
+		}
 		if (!result) {
 			return 0;
 		}
@@ -665,7 +731,15 @@ ncp_mount_specific(struct ncp_conn* conn, int pathNS, const unsigned char* NWpat
 #endif
 		return -ENOPKG;
 	}
-	if (ioctl(ncp_get_fid(conn), NCP_IOC_CONN_LOGGED_IN, NULL) != 0) {
+	if (ncpm_suser()) {
+		return -errno;
+	}
+	result = ioctl(ncp_get_fid(conn), NCP_IOC_CONN_LOGGED_IN, NULL);
+	if (ncpm_normal()) {
+		/* Just continue, otherwise we cannot umount directory */
+		return result ? -errno : -EPERM;
+	}
+	if (result != 0) {
 		return -errno;
 	}
 	return 0;
@@ -798,11 +872,14 @@ static void ncp_ctl_cmd(unsigned int cmd, const unsigned char* data, size_t data
 			return;
 	}
 	{
-		char xxx[1024];
+		char xxx[1024]; /* "cmd=XXXXXXXXXXX, len=XXXXXXXXX, data:" + 3x300 chars */
 		char* p;
 
 		sprintf(xxx, "cmd=%u, len=%u, data:", cmd, datalen);
 		p = xxx + strlen(xxx);
+		if (datalen > 300) {
+			datalen = 300;
+		}
 		while (datalen--) {
 			sprintf(p, " %02X", *data++);
 			p += 3;
@@ -1358,6 +1435,9 @@ void add_mnt_entry(char* mount_name, char* mpnt, unsigned long flags) {
 	}
 	*p = 0;
 
+	if (ncpm_suser()) {
+		errexit(91, _("Cannot switch to superuser: %s\n"), strerror(errno));
+	}
 	if ((fd = open(MOUNTED "~", O_RDWR | O_CREAT | O_EXCL, 0600)) == -1)
 	{
 		errexit(58, _("Can't get %s~ lock file\n"), MOUNTED);
@@ -1382,6 +1462,9 @@ void add_mnt_entry(char* mount_name, char* mpnt, unsigned long flags) {
 	{
 		errexit(62, _("Can't remove %s~\n"), MOUNTED);
 	}
+	if (ncpm_normal()) {
+		errexit(90, _("Cannot relinquish superuser rights: %s\n"), strerror(EPERM));
+	}
 }
 
 static int __proc_option(const struct optinfo* opts, struct ncp_mount_info* info, const char* opt, const char* param) {
@@ -1635,6 +1718,10 @@ int proc_aftermount(const struct ncp_mount_info* info, NWCONN_HANDLE* pconn) {
 	if ((info->nls_cs.codepage[0] != 0) || (info->nls_cs.iocharset[0] != 0)) {
 		int i;
 		
+		if (ncpm_suser()) {
+			fprintf(stderr, _("Cannot switch to superuser: %s\n"), strerror(errno));
+			return 90;
+		}
 		i = ioctl(ncp_get_fid(conn), NCP_IOC_SETCHARSETS,  &info->nls_cs);
 		if (i && (errno == EINVAL)) {
 			struct ncp_nls_ioctl_old old_nls;
@@ -1646,6 +1733,10 @@ int proc_aftermount(const struct ncp_mount_info* info, NWCONN_HANDLE* pconn) {
 			strcpy(old_nls.iocharset, info->nls_cs.iocharset);
 			i = ioctl(ncp_get_fid(conn), NCP_IOC_SETCHARSETS_OLD, &old_nls);
 		}
+		if (ncpm_normal()) {
+			fprintf(stderr, _("Cannot relinquish superuser rights: %s\n"), strerror(-errno));
+			return 91;
+		}
 		if (i) {
 			if (errno == EINVAL || errno == ENOTTY) {
 				fprintf(stderr, _("Your kernel does not support character mapping. You should upgrade to latest version.\n"));

sutil/ncpm_common.h

@@ -16,6 +16,7 @@
 #include "ncpmount.h"       
 
 uid_t myuid;
+uid_t myeuid;
 char *progname;
 char mount_point[MAXPATHLEN + 1];
 
@@ -118,6 +119,7 @@ struct optinfo {
 void proc_option(const struct optinfo* opts, struct ncp_mount_info* info, const char* opt, const char* param);
 int proc_buildconn(struct ncp_mount_info* info);
 int proc_aftermount(const struct ncp_mount_info* info, NWCONN_HANDLE* conn);
+int proc_ncpm_umount(const char* dir);
 
 #define UNUSED(x)	x __attribute__((unused))
 

sutil/ncpmount.c

@@ -171,7 +171,7 @@ main(int argc, char *argv[])
 {
 	struct ncp_mount_info info;
 	struct stat st;
-	char mount_name[256];
+	char *mount_name;
 #ifdef NDS_SUPPORT
 	NWDSContextHandle ctx;
 	NWCONN_HANDLE auth_conn;
@@ -350,7 +350,7 @@ main(int argc, char *argv[])
 	if (info.server && info.tree) {
 		errexit(66, _("Both tree and server name were specified. It is not allowed.\n"));
 	}
-	if (geteuid() != 0)
+	if (myeuid != 0)
 	{
 		errexit(26, _("%s must be installed suid root\n"), progname);
 	}
@@ -594,13 +594,18 @@ ncpipx:;
 
 	info.mdata.mount_point = mount_point;
 
-	strcpy(mount_name, spec.server);
-	strcat(mount_name, "/");
-	strcat(mount_name, spec.user);
+	if (asprintf(&mount_name, "%s/%s", spec.server, spec.user) < 0) {
+		NWDSFreeContext(ctx);
+		if (auth_conn) {
+			NWCCCloseConn(auth_conn);
+		}
+		errexit(85, _("Cannot allocate memory for mtab entry: %s\n"), strerror(ENOMEM));
+	}
 
 	result = ncp_mount(mount_name, &info);
 	if (result)
 	{
+		free(mount_name);
 		NWDSFreeContext(ctx);
 		if (auth_conn) {
 			NWCCCloseConn(auth_conn);
@@ -610,7 +615,8 @@ ncpipx:;
 	}
 	err = proc_aftermount(&info, &conn);
 	if (err) {
-		umount(info.mdata.mount_point);
+		proc_ncpm_umount(info.mdata.mount_point);
+		free(mount_name);
 		NWDSFreeContext(ctx);
 		if (auth_conn) {
 			NWCCCloseConn(auth_conn);
@@ -621,6 +627,8 @@ ncpipx:;
 	if (info.auth_src != NULL) {
 		err = NWDSAuthenticateConn(ctx, conn);
 		if (err) {
+			proc_ncpm_umount(info.mdata.mount_point);
+			free(mount_name);
 			NWDSFreeContext(ctx);
 			if (auth_conn) {
 				NWCCCloseConn(auth_conn);
@@ -636,7 +644,8 @@ ncpipx:;
 				mycom_err(err, _("in nds login"));
 				fprintf(stderr, _("Login denied.\n"));
 				ncp_close(conn);
-				umount(mount_point);
+				proc_ncpm_umount(mount_point);
+				free(mount_name);
 				NWDSFreeContext(ctx);
 				if (auth_conn) {
 					NWCCCloseConn(auth_conn);
@@ -660,7 +669,8 @@ ncpipx:;
 			mycom_err(err, _("in login"));
 			fprintf(stderr, _("Login denied\n"));
 			ncp_close(conn);
-			umount(mount_point);
+			proc_ncpm_umount(mount_point);
+			free(mount_name);
 			NWDSFreeContext(ctx);
 			if (auth_conn) {
 				NWCCCloseConn(auth_conn);
@@ -682,6 +692,9 @@ ncpipx:;
 #endif
 	err = NWDSFreeContext(ctx);
 	if (err) {
+		ncp_close(conn);
+		proc_ncpm_umount(mount_point);
+		free(mount_name);
 		if (auth_conn) {
 			NWCCCloseConn(auth_conn);
 		}
@@ -694,7 +707,8 @@ ncpipx:;
 	if ((err = ncp_mount_specific(conn, -1, info.NWpath, info.pathlen)) != 0) 
 	{
 		ncp_close(conn);
-		umount(mount_point);
+		proc_ncpm_umount(mount_point);
+		free(mount_name);
 		errexit(57, _("Cannot access path \"%s\": %s\n"), info.remote_path, strerror(-err));
 	}
 	ncp_close(conn);