aboutsummaryrefslogtreecommitdiff
path: root/net
diff options
context:
space:
mode:
authorTimur I. Bakeyev <timur@FreeBSD.org>2007-09-18 22:27:58 +0000
committerTimur I. Bakeyev <timur@FreeBSD.org>2007-09-18 22:27:58 +0000
commit2a1c6bc502e0d421e486d9ab1d520e71f3817242 (patch)
tree19f78cc4ed08c52af326afb49621e16c61d92443 /net
parentee623ddee4fabbc06dedbdb2cd66a52c40fad16e (diff)
This is a cummulative update of net/samba3 from version 3.0.25a to
3.0.26a. Detailed list of all the changes can be found: http://www.samba.org/samba/history/samba-3.0.26a.html Changes are: o Memory leaks in Winbind's IDMap manager. o CVE-2007-4138 - Incorrect primary group assignment for domain users using the rfc2307 or sfu winbind nss info plugin. o File sharing with Widows 9x clients. o Winbind running out of file descriptors due to stalled child processes. o MS-DFS inter-operability issues. o Offline caching of files with Windows XP/Vista clients. o Improper cleanup of expired or invalid byte range locks on files. o Crashes is idmap_ldap and idmap_rid. Approved by: shaun (mentor)
Notes
Notes: svn path=/head/; revision=199730
Diffstat (limited to 'net')
-rw-r--r--net/samba3/Makefile38
-rw-r--r--net/samba3/distinfo6
-rw-r--r--net/samba3/files/patch-Makefile.in26
-rw-r--r--net/samba3/files/patch-aclocal.m4138
-rw-r--r--net/samba3/files/patch-configure.in34
-rw-r--r--net/samba3/files/patch-lib__replace__repdir_getdirentries.c15
-rw-r--r--net/samba3/files/patch-lib__system.c212
-rw-r--r--net/samba3/files/patch-lib__system_smbd.c17
-rw-r--r--net/samba3/files/patch-libaddns__dnsgss.c55
-rw-r--r--net/samba3/files/patch-nsswitch_winbindd.c12
-rw-r--r--net/samba3/files/patch-samba3-undo_the_right_thing2.patch14
-rw-r--r--net/samba3/files/patch-smbd_sec_ctx.c170
-rw-r--r--net/samba3/files/patch-vfs_zfsacl.c190
-rw-r--r--net/samba3/pkg-plist.swat1
14 files changed, 851 insertions, 77 deletions
diff --git a/net/samba3/Makefile b/net/samba3/Makefile
index ef0021ee576c..fd4769c8d399 100644
--- a/net/samba3/Makefile
+++ b/net/samba3/Makefile
@@ -6,15 +6,15 @@
#
PORTNAME= samba
-PORTVERSION?= 3.0.25a
-PORTREVISION?= 1
+PORTVERSION?= 3.0.26a
+PORTREVISION?= 0
PORTEPOCH?= 1
CATEGORIES?= net
MASTER_SITES= ${MASTER_SITE_SAMBA}
MASTER_SITE_SUBDIR= . old-versions rc pre
DISTNAME= ${PORTNAME}-${PORTVERSION:S/.p/pre/:S/.r/rc/}
-MAINTAINER?= timur@gnu.org
+MAINTAINER?= timur@FreeBSD.org
COMMENT?= A free SMB and CIFS client and server for UNIX
CONFLICTS?= ja-samba-2.* ja-samba-3.* samba-2.* sharity-light-1.*
@@ -70,13 +70,13 @@ OPTIONS= LDAP "With LDAP support" on \
SYSLOG "With Syslog support" off \
QUOTAS "With Disk quota support" off \
UTMP "With UTMP accounting support" on \
- MSDFS "With MSDFS support" off \
+ MSDFS "With MSDFS support" on \
PAM_SMBPASS "With PAM authentication vs passdb backends" off \
CLUSTER "With experimental cluster support" off \
DNSUPDATE "With dynamic DNS update" off \
EXP_MODULES "With experimental modules" off \
POPT "With system-wide POPT library" on \
- MAX_DEBUG "With maximum debuging" off \
+ MAX_DEBUG "With maximum debugging" off \
SMBTORTURE "With smbtorture" off
.endif
@@ -105,6 +105,9 @@ CONFIGURE_ARGS+= --with-pam --with-readline --with-sendfile-support \
--without-libaddns --with-included-iniparser \
--enable-largefile
+# Let proccess generate meaningful backtrace on core dump
+LIB_DEPENDS+= execinfo.1:${PORTSDIR}/devel/libexecinfo
+
.if !defined(WITHOUT_LDAP)
SAMBA_WANT_LDAP= yes
.endif
@@ -120,12 +123,16 @@ SUB_LIST+= CUPSD="@comment "
.if defined(WITH_MAX_DEBUG)
LIB_DEPENDS+= dmalloc.1:${PORTSDIR}/devel/dmalloc
-CPPFLAGS+= -I${LOCALBASE}/include
-LDFLAGS+= -L${LOCALBASE}/lib
+CPPFLAGS+= -g -I${LOCALBASE}/include
+LDFLAGS+= -g -L${LOCALBASE}/lib
CONFIGURE_ENV+= CPPFLAGS="${CPPFLAGS}" LDFLAGS="${LDFLAGS}"
-CONFIGURE_ARGS+= --enable-debug --enable-developer --enable-krb5developer --enable-dmalloc --with-profiling-data
+CONFIGURE_ARGS+= --enable-debug --enable-socket-wrapper \
+ --enable-developer --enable-krb5developer \
+ --enable-dmalloc --with-profiling-data
.else
-CONFIGURE_ARGS+= --disable-debug --disable-developer --disable-krb5developer --disable-dmalloc --without-profiling-data
+CONFIGURE_ARGS+= --disable-debug --disable-socket-wrapper \
+ --disable-developer --disable-krb5developer \
+ --disable-dmalloc --without-profiling-data
.endif
.if defined(WITH_SYSLOG)
@@ -164,8 +171,8 @@ PLIST_SUB+= WINBIND_NSS="@comment "
. endif
.else
CONFIGURE_ARGS+= --without-winbind
-PLIST_SUB+= WINBIND="@comment "
-SUB_LIST+= WINBIND="@comment "
+PLIST_SUB+= WINBIND="@comment " WINBIND_NSS="@comment "
+SUB_LIST+= WINBIND="@comment " WINBIND_NSS="@comment "
.endif
.if defined(WITH_FAM_SUPPORT)
@@ -221,7 +228,7 @@ CONFIGURE_ARGS+= --without-cluster-support
.if defined(WITH_DNSUPDATE)
. if !defined(WITH_ADS)
-IGNORE= dynamic DNS updates require ADS support
+IGNORE= dynamic DNS updates require ADS support. Disable DNSUPDATE support
. endif
LIB_DEPENDS+= uuid.1:${PORTSDIR}/misc/e2fsprogs-libuuid
CONFIGURE_ARGS+= --with-dnsupdate
@@ -294,6 +301,10 @@ PLIST_SUB+= SMBTORTURE=""
PLIST_SUB+= SMBTORTURE="@comment "
.endif
+.if defined(WITH_SMBTORTURE4_PATH) && exists(${WITH_SMBTORTURE4_PATH})
+CONFIGURE_ARGS+= --with-smbtorture4-path=${WITH_SMBTORTURE4_PATH}
+.endif
+
.if !defined(SAMBA_SUBPORT)
# Samba server itself
MAN1= findsmb.1 log2pcap.1 nmblookup.1 ntlm_auth.1 profiles.1 \
@@ -471,4 +482,7 @@ post-install:
# !SAMBA_SUBPORT
.endif
+test:
+ cd ${WRKSRC} && ${MAKE} test
+
.include <bsd.port.post.mk>
diff --git a/net/samba3/distinfo b/net/samba3/distinfo
index 8e6528892605..41e6bbb825ff 100644
--- a/net/samba3/distinfo
+++ b/net/samba3/distinfo
@@ -1,3 +1,3 @@
-MD5 (samba-3.0.25a.tar.gz) = cbd33bb5d904ccd8a294a4019743745d
-SHA256 (samba-3.0.25a.tar.gz) = 12f4fa70b5131520b58f3b62450a2e304dd63efe2532905a0760c7f11a308470
-SIZE (samba-3.0.25a.tar.gz) = 18145636
+MD5 (samba-3.0.26a.tar.gz) = 16b47e6add332e5ac4523fc88c381d06
+SHA256 (samba-3.0.26a.tar.gz) = 41e11f69288b2291f12f8db093e2c55dc1360555d4542c83c0758c4c7a3d4d37
+SIZE (samba-3.0.26a.tar.gz) = 18180031
diff --git a/net/samba3/files/patch-Makefile.in b/net/samba3/files/patch-Makefile.in
index fec7b561bcd8..7eed1927ae02 100644
--- a/net/samba3/files/patch-Makefile.in
+++ b/net/samba3/files/patch-Makefile.in
@@ -1,6 +1,26 @@
---- ./Makefile.in.orig Mon Apr 9 19:31:00 2007
-+++ ./Makefile.in Tue Apr 17 02:06:59 2007
-@@ -1558,8 +1558,7 @@
+--- Makefile.in.orig Tue Jun 19 19:11:39 2007
++++ Makefile.in Thu Aug 30 23:19:54 2007
+@@ -424,6 +424,7 @@
+ VFS_HPUXACL_OBJ = modules/vfs_hpuxacl.o
+ VFS_IRIXACL_OBJ = modules/vfs_irixacl.o
+ VFS_TRU64ACL_OBJ = modules/vfs_tru64acl.o
++VFS_ZFSACL_OBJ = modules/vfs_zfsacl.o
+ VFS_CATIA_OBJ = modules/vfs_catia.o
+ VFS_CACHEPRIME_OBJ = modules/vfs_cacheprime.o
+ VFS_PREALLOC_OBJ = modules/vfs_prealloc.o
+@@ -1477,6 +1478,11 @@
+ @$(SHLD) $(LDSHFLAGS) -o $@ $(VFS_TRU64ACL_OBJ) \
+ @SONAMEFLAG@`basename $@`
+
++bin/zfsacl.@SHLIBEXT@: $(VFS_ZFSACL_OBJ)
++ @echo "Building plugin $@"
++ @$(SHLD) $(LDSHFLAGS) -o $@ $(VFS_ZFSACL_OBJ) \
++ @SONAMEFLAG@`basename $@`
++
+ bin/catia.@SHLIBEXT@: proto_exists $(VFS_CATIA_OBJ)
+ @echo "Building plugin $@"
+ @$(SHLD) $(LDSHFLAGS) -o $@ $(VFS_CATIA_OBJ) \
+@@ -1566,8 +1572,7 @@
@echo Linking $@
@$(CC) $(FLAGS) -o $@ $(DYNEXP) script/tests/timelimit.o
diff --git a/net/samba3/files/patch-aclocal.m4 b/net/samba3/files/patch-aclocal.m4
new file mode 100644
index 000000000000..030bc17a97bd
--- /dev/null
+++ b/net/samba3/files/patch-aclocal.m4
@@ -0,0 +1,138 @@
+--- aclocal.m4.orig Thu Aug 30 21:19:57 2007
++++ aclocal.m4 Thu Aug 30 21:40:52 2007
+@@ -307,84 +307,79 @@
+ dnl those with the standalone portable libiconv installed).
+ AC_MSG_CHECKING(for iconv in $1)
+ jm_cv_func_iconv="no"
++ jm_cv_include=""
+ jm_cv_lib_iconv=""
+- jm_cv_giconv=no
++ jm_cv_giconv="no"
+ jm_save_LIBS="$LIBS"
+
+ dnl Check for include in funny place but no lib needed
+ if test "$jm_cv_func_iconv" != yes; then
+ AC_TRY_LINK([#include <stdlib.h>
+ #include <giconv.h>],
+- [iconv_t cd = iconv_open("","");
+- iconv(cd,NULL,NULL,NULL,NULL);
+- iconv_close(cd);],
+- jm_cv_func_iconv=yes
+- jm_cv_include="giconv.h"
+- jm_cv_giconv="yes"
+- jm_cv_lib_iconv="")
++ [iconv_t cd = iconv_open("","");
++ iconv(cd,NULL,NULL,NULL,NULL);
++ iconv_close(cd);],
++ jm_cv_func_iconv=yes
++ jm_cv_include="giconv.h"
++ jm_cv_lib_iconv=""
++ jm_cv_giconv="yes")
+
+ dnl Standard iconv.h include, lib in glibc or libc ...
+ if test "$jm_cv_func_iconv" != yes; then
+- AC_TRY_LINK([#include <stdlib.h>
++ AC_TRY_LINK([#include <stdlib.h>
+ #include <iconv.h>],
+- [iconv_t cd = iconv_open("","");
++ [iconv_t cd = iconv_open("","");
++ iconv(cd,NULL,NULL,NULL,NULL);
++ iconv_close(cd);],
++ jm_cv_func_iconv=yes
++ jm_cv_include="iconv.h"
++ jm_cv_lib_iconv="")
++
++ if test "$jm_cv_func_iconv" != yes; then
++ jm_save_LIBS="$LIBS"
++ LIBS="$LIBS -lgiconv"
++ AC_TRY_LINK([#include <stdlib.h>
++#include <giconv.h>],
++ [iconv_t cd = iconv_open("","");
+ iconv(cd,NULL,NULL,NULL,NULL);
+ iconv_close(cd);],
+- jm_cv_include="iconv.h"
+- jm_cv_func_iconv=yes
+- jm_cv_lib_iconv="")
+-
+- if test "$jm_cv_lib_iconv" != yes; then
+- jm_save_LIBS="$LIBS"
+- LIBS="$LIBS -lgiconv"
+- AC_TRY_LINK([#include <stdlib.h>
+-#include <giconv.h>],
+- [iconv_t cd = iconv_open("","");
+- iconv(cd,NULL,NULL,NULL,NULL);
+- iconv_close(cd);],
+- jm_cv_lib_iconv=yes
+- jm_cv_func_iconv=yes
+- jm_cv_include="giconv.h"
+- jm_cv_giconv=yes
+- jm_cv_lib_iconv="giconv")
+-
+- LIBS="$jm_save_LIBS"
+-
+- if test "$jm_cv_func_iconv" != yes; then
+- jm_save_LIBS="$LIBS"
+- LIBS="$LIBS -liconv"
+- AC_TRY_LINK([#include <stdlib.h>
++ jm_cv_func_iconv=yes
++ jm_cv_include="giconv.h"
++ jm_cv_lib_iconv="giconv"
++ jm_cv_giconv=yes)
++
++ LIBS="$jm_save_LIBS"
++
++ if test "$jm_cv_func_iconv" != yes; then
++ jm_save_LIBS="$LIBS"
++ LIBS="$LIBS -liconv"
++ AC_TRY_LINK([#include <stdlib.h>
+ #include <iconv.h>],
+- [iconv_t cd = iconv_open("","");
+- iconv(cd,NULL,NULL,NULL,NULL);
+- iconv_close(cd);],
+- jm_cv_include="iconv.h"
+- jm_cv_func_iconv=yes
+- jm_cv_lib_iconv="iconv")
+- LIBS="$jm_save_LIBS"
+- fi
++ [iconv_t cd = iconv_open("","");
++ iconv(cd,NULL,NULL,NULL,NULL);
++ iconv_close(cd);],
++ jm_cv_func_iconv=yes
++ jm_cv_include="iconv.h"
++ jm_cv_lib_iconv="iconv")
++
++ LIBS="$jm_save_LIBS"
++ fi
++ fi
+ fi
+ fi
+- fi
+- if test "$jm_cv_func_iconv" = yes; then
+- if test "$jm_cv_giconv" = yes; then
+- AC_DEFINE(HAVE_GICONV, 1, [What header to include for iconv() function: giconv.h])
+- AC_MSG_RESULT(yes)
+- ICONV_FOUND=yes
+- else
+- if test "$jm_cv_biconv" = yes; then
+- AC_DEFINE(HAVE_BICONV, 1, [What header to include for iconv() function: biconv.h])
+- AC_MSG_RESULT(yes)
+- ICONV_FOUND=yes
++ if test "$jm_cv_func_iconv" = yes; then
++ if test "$jm_cv_giconv" = yes; then
++ AC_DEFINE(HAVE_GICONV, 1, [What header to include for iconv() function: giconv.h])
++ AC_MSG_RESULT(yes)
++ ICONV_FOUND=yes
+ else
+ AC_DEFINE(HAVE_ICONV, 1, [What header to include for iconv() function: iconv.h])
+ AC_MSG_RESULT(yes)
+ ICONV_FOUND=yes
+ fi
++ else
++ AC_MSG_RESULT(no)
+ fi
+- else
+- AC_MSG_RESULT(no)
+- fi
+ ])
+
+ AC_DEFUN(rjs_CHARSET,[
diff --git a/net/samba3/files/patch-configure.in b/net/samba3/files/patch-configure.in
index c639b90466ab..83cd1371ccdb 100644
--- a/net/samba3/files/patch-configure.in
+++ b/net/samba3/files/patch-configure.in
@@ -1,5 +1,5 @@
---- configure.in.orig Wed May 23 17:29:20 2007
-+++ configure.in Mon Jun 4 03:22:42 2007
+--- configure.in.orig Mon Aug 20 15:04:51 2007
++++ configure.in Fri Aug 31 00:59:33 2007
@@ -1041,6 +1041,21 @@
AC_DEFINE(HAVE_SIG_ATOMIC_T_TYPE,1,[Whether we have the atomic_t variable type])
fi
@@ -22,7 +22,15 @@
AC_CACHE_CHECK([for struct timespec type],samba_cv_struct_timespec, [
AC_TRY_COMPILE([
#include <sys/types.h>
-@@ -4033,10 +4048,10 @@
+@@ -1244,6 +1259,7 @@
+
+ # Find a method of generating a stack trace
+ AC_CHECK_HEADERS(execinfo.h libexc.h libunwind.h)
++AC_SEARCH_LIBS(backtrace_symbols, [execinfo])
+ AC_CHECK_FUNCS(backtrace_symbols)
+ AC_CHECK_LIB(exc, trace_back_stack)
+
+@@ -4041,10 +4057,10 @@
################################################################
# first test for Active Directory support being enabled
@@ -37,7 +45,7 @@
##################################################################
# then test for uuid.h (necessary to generate unique DNS keynames
# (uuid.h is required for this test)
-@@ -5107,7 +5122,7 @@
+@@ -5115,7 +5131,7 @@
#################################################
# check for ACL support
@@ -46,7 +54,7 @@
AC_ARG_WITH(acl-support,
[ --with-acl-support Include ACL support (default=no)],
[ case "$withval" in
-@@ -5115,43 +5130,37 @@
+@@ -5123,43 +5139,37 @@
case "$host_os" in
*sysv5*)
@@ -97,7 +105,7 @@
*linux*)
AC_CHECK_LIB(attr,getxattr,[ACL_LIBS="$ACL_LIBS -lattr"])
AC_CHECK_LIB(acl,acl_get_file,[ACL_LIBS="$ACL_LIBS -lacl"])
-@@ -5172,7 +5181,7 @@
+@@ -5180,7 +5190,7 @@
LIBS=$acl_LIBS
])
if test x"$samba_cv_HAVE_POSIX_ACLS" = x"yes"; then
@@ -106,7 +114,7 @@
AC_DEFINE(HAVE_POSIX_ACLS,1,[Whether POSIX ACLs are available])
AC_CACHE_CHECK([for acl_get_perm_np],samba_cv_HAVE_ACL_GET_PERM_NP,[
acl_LIBS=$LIBS
-@@ -5193,12 +5202,18 @@
+@@ -5201,12 +5211,18 @@
AC_DEFINE(HAVE_ACL_GET_PERM_NP,1,[Whether acl_get_perm_np() is available])
fi
fi
@@ -129,7 +137,7 @@
AC_TRY_LINK([
#include <sys/types.h>
#include <sys/acl.h>
-@@ -5211,20 +5226,20 @@
+@@ -5219,20 +5235,20 @@
[samba_cv_HAVE_POSIX_ACLS=yes],
[samba_cv_HAVE_POSIX_ACLS=no])
LIBS=$acl_LIBS
@@ -155,7 +163,7 @@
],
[samba_cv_HAVE_ACL_GET_PERM_NP=yes],
[samba_cv_HAVE_ACL_GET_PERM_NP=no])
-@@ -5233,17 +5248,22 @@
+@@ -5241,17 +5257,22 @@
if test x"$samba_cv_HAVE_ACL_GET_PERM_NP" = x"yes"; then
AC_DEFINE(HAVE_ACL_GET_PERM_NP,1,[Whether acl_get_perm_np() is available])
fi
@@ -180,3 +188,11 @@
)
if test x"$samba_cv_HAVE_POSIX_ACLS" = x"yes"; then
+@@ -6082,6 +6103,7 @@
+ SMB_MODULE(vfs_irixacl, \$(VFS_IRIXACL_OBJ), "bin/irixacl.$SHLIBEXT", VFS)
+ SMB_MODULE(vfs_hpuxacl, \$(VFS_HPUXACL_OBJ), "bin/hpuxacl.$SHLIBEXT", VFS)
+ SMB_MODULE(vfs_tru64acl, \$(VFS_TRU64ACL_OBJ), "bin/tru64acl.$SHLIBEXT", VFS)
++SMB_MODULE(vfs_zfsacl, \$(VFS_ZFSACL_OBJ), "bin/zfsacl.$SHLIBEXT", VFS)
+ SMB_MODULE(vfs_catia, \$(VFS_CATIA_OBJ), "bin/catia.$SHLIBEXT", VFS)
+ SMB_MODULE(vfs_cacheprime, \$(VFS_CACHEPRIME_OBJ), "bin/cacheprime.$SHLIBEXT", VFS)
+ SMB_MODULE(vfs_prealloc, \$(VFS_PREALLOC_OBJ), "bin/prealloc.$SHLIBEXT", VFS)
diff --git a/net/samba3/files/patch-lib__replace__repdir_getdirentries.c b/net/samba3/files/patch-lib__replace__repdir_getdirentries.c
new file mode 100644
index 000000000000..87072b5fb43b
--- /dev/null
+++ b/net/samba3/files/patch-lib__replace__repdir_getdirentries.c
@@ -0,0 +1,15 @@
+--- lib/replace/repdir_getdirentries.c.orig Fri Sep 14 05:21:51 2007
++++ lib/replace/repdir_getdirentries.c Fri Sep 14 05:22:13 2007
+@@ -129,11 +129,7 @@
+ d->ofs = 0;
+ d->nbytes = 0;
+ }
+- /* this relies on seekpos always being a multiple of
+- DIR_BUF_SIZE. Is that always true on BSD systems? */
+- if (d->seekpos & (DIR_BUF_SIZE-1)) {
+- abort();
+- }
++ /* abort() */
+ return d->seekpos + d->ofs;
+ }
+
diff --git a/net/samba3/files/patch-lib__system.c b/net/samba3/files/patch-lib__system.c
new file mode 100644
index 000000000000..340be871c1f7
--- /dev/null
+++ b/net/samba3/files/patch-lib__system.c
@@ -0,0 +1,212 @@
+--- lib/system.c.orig Mon Aug 20 15:04:50 2007
++++ lib/system.c Sun Sep 16 04:25:55 2007
+@@ -574,7 +574,11 @@
+ {
+ char *wd;
+ #ifdef HAVE_GETCWD
++#ifdef PATH_MAX
++ wd = (char *)getcwd(s, PATH_MAX);
++#else
+ wd = (char *)getcwd(s, sizeof (pstring));
++#endif
+ #else
+ wd = (char *)getwd(s);
+ #endif
+@@ -643,6 +647,25 @@
+ }
+
+ /*******************************************************************
++ Wrapper for lchown.
++********************************************************************/
++
++int sys_lchown(const char *fname,uid_t uid,gid_t gid)
++{
++#ifndef HAVE_LCHOWN
++ static int done;
++ if (!done) {
++ DEBUG(1,("WARNING: no lchown!\n"));
++ done=1;
++ }
++ errno = ENOSYS;
++ return -1;
++#else
++ return(lchown(fname,uid,gid));
++#endif
++}
++
++/*******************************************************************
+ os/2 also doesn't have chroot
+ ********************************************************************/
+ int sys_chroot(const char *dname)
+@@ -871,15 +894,13 @@
+ }
+
+ /**************************************************************************
+- Wrapper for getgroups. Deals with broken (int) case.
++ Wrap setgroups and getgroups for systems that declare getgroups() as
++ returning an array of gid_t, but actuall return an array of int.
+ ****************************************************************************/
+
+-int sys_getgroups(int setlen, gid_t *gidset)
++#if defined(HAVE_BROKEN_GETGROUPS)
++static int sys_broken_getgroups(int setlen, gid_t *gidset)
+ {
+-#if !defined(HAVE_BROKEN_GETGROUPS)
+- return getgroups(setlen, gidset);
+-#else
+-
+ GID_T gid;
+ GID_T *group_list;
+ int i, ngroups;
+@@ -901,7 +922,7 @@
+ if (setlen == 0)
+ setlen = groups_max();
+
+- if((group_list = (GID_T *)malloc(setlen * sizeof(GID_T))) == NULL) {
++ if((group_list = SMB_MALLOC_ARRAY(GID_T, setlen)) == NULL) {
+ DEBUG(0,("sys_getgroups: Malloc fail.\n"));
+ return -1;
+ }
+@@ -918,26 +939,10 @@
+
+ SAFE_FREE(group_list);
+ return ngroups;
+-#endif /* HAVE_BROKEN_GETGROUPS */
+ }
+
+-
+-/**************************************************************************
+- Wrapper for setgroups. Deals with broken (int) case. Automatically used
+- if we have broken getgroups.
+-****************************************************************************/
+-
+-int sys_setgroups(int setlen, gid_t *gidset)
++static int sys_broken_setgroups(int setlen, gid_t *gidset)
+ {
+-#if !defined(HAVE_SETGROUPS)
+- errno = ENOSYS;
+- return -1;
+-#endif /* HAVE_SETGROUPS */
+-
+-#if !defined(HAVE_BROKEN_GETGROUPS)
+- return setgroups(setlen, gidset);
+-#else
+-
+ GID_T *group_list;
+ int i ;
+
+@@ -954,7 +959,7 @@
+ * GID_T array of size setlen.
+ */
+
+- if((group_list = (GID_T *)malloc(setlen * sizeof(GID_T))) == NULL) {
++ if((group_list = SMB_MALLOC_ARRAY(GID_T, setlen)) == NULL) {
+ DEBUG(0,("sys_setgroups: Malloc fail.\n"));
+ return -1;
+ }
+@@ -971,7 +976,105 @@
+
+ SAFE_FREE(group_list);
+ return 0 ;
++}
++
+ #endif /* HAVE_BROKEN_GETGROUPS */
++
++/* This is a list of systems that require the first GID passed to setgroups(2)
++ * to be the effective GID. If your system is one of these, add it here.
++ */
++#if defined (FREEBSD) || defined (DARWINOS)
++#define USE_BSD_SETGROUPS
++#endif
++
++#if defined(USE_BSD_SETGROUPS)
++/* Depending on the particular BSD implementation, the first GID that is
++ * passed to setgroups(2) will either be ignored or will set the credential's
++ * effective GID. In either case, the right thing to do is to guarantee that
++ * gidset[0] is the effective GID.
++ */
++static int sys_bsd_setgroups(gid_t primary_gid, int setlen, const gid_t *gidset)
++{
++ gid_t *new_gidset = NULL;
++ int max;
++ int ret;
++
++ /* setgroups(2) will fail with EINVAL if we pass too many groups. */
++ max = groups_max();
++
++ /* No group list, just make sure we are setting the efective GID. */
++ if (setlen == 0) {
++ return setgroups(1, &primary_gid);
++ }
++
++ /* If the primary gid is not the first array element, grow the array
++ * and insert it at the front.
++ */
++ if (gidset[0] != primary_gid) {
++ new_gidset = SMB_MALLOC_ARRAY(gid_t, setlen + 1);
++ if (new_gidset == NULL) {
++ return -1;
++ }
++
++ memcpy(new_gidset + 1, gidset, (setlen * sizeof(gid_t)));
++ new_gidset[0] = primary_gid;
++ setlen++;
++ }
++
++ if (setlen > max) {
++ DEBUG(3, ("forced to truncate group list from %d to %d\n",
++ setlen, max));
++ setlen = max;
++ }
++
++#if defined(HAVE_BROKEN_GETGROUPS)
++ ret = sys_broken_setgroups(setlen, new_gidset ? new_gidset : gidset);
++#else
++ ret = setgroups(setlen, new_gidset ? new_gidset : gidset);
++#endif
++
++ if (new_gidset) {
++ int errsav = errno;
++ SAFE_FREE(new_gidset);
++ errno = errsav;
++ }
++
++ return ret;
++}
++
++#endif /* USE_BSD_SETGROUPS */
++
++/**************************************************************************
++ Wrapper for getgroups. Deals with broken (int) case.
++****************************************************************************/
++
++int sys_getgroups(int setlen, gid_t *gidset)
++{
++#if defined(HAVE_BROKEN_GETGROUPS)
++ return sys_broken_getgroups(setlen, gidset);
++#else
++ return getgroups(setlen, gidset);
++#endif
++}
++
++/**************************************************************************
++ Wrapper for setgroups. Deals with broken (int) case and BSD case.
++****************************************************************************/
++
++int sys_setgroups(gid_t UNUSED(primary_gid), int setlen, gid_t *gidset)
++{
++#if !defined(HAVE_SETGROUPS)
++ errno = ENOSYS;
++ return -1;
++#endif /* HAVE_SETGROUPS */
++
++#if defined(USE_BSD_SETGROUPS)
++ return sys_bsd_setgroups(primary_gid, setlen, gidset);
++#elif defined(HAVE_BROKEN_GETGROUPS)
++ return sys_broken_setgroups(setlen, gidset);
++#else
++ return setgroups(setlen, gidset);
++#endif
+ }
+
+ /**************************************************************************
diff --git a/net/samba3/files/patch-lib__system_smbd.c b/net/samba3/files/patch-lib__system_smbd.c
new file mode 100644
index 000000000000..edc1c797251d
--- /dev/null
+++ b/net/samba3/files/patch-lib__system_smbd.c
@@ -0,0 +1,17 @@
+--- lib/system_smbd.c.orig Sun Sep 16 04:29:55 2007
++++ lib/system_smbd.c Sun Sep 16 04:31:21 2007
+@@ -104,12 +104,10 @@
+
+ restore_re_gid();
+
+- if (sys_setgroups(ngrp_saved, gids_saved) != 0) {
++ if (sys_setgroups(gid, ngrp_saved, gids_saved) != 0) {
+ /* yikes! */
+ DEBUG(0,("ERROR: getgrouplist: failed to reset group list!\n"));
+- smb_panic("getgrouplist: failed to reset group list!\n");
+- free(gids_saved);
+- return -1;
++ smb_panic("getgrouplist: failed to reset group list!");
+ }
+
+ free(gids_saved);
diff --git a/net/samba3/files/patch-libaddns__dnsgss.c b/net/samba3/files/patch-libaddns__dnsgss.c
new file mode 100644
index 000000000000..7d0bae94fc7e
--- /dev/null
+++ b/net/samba3/files/patch-libaddns__dnsgss.c
@@ -0,0 +1,55 @@
+Index: libaddns/dnsgss.c
+===================================================================
+--- libaddns/dnsgss.c (revision 25080)
++++ libaddns/dnsgss.c (working copy)
+@@ -219,11 +219,8 @@ DNS_ERROR dns_negotiate_sec_ctx( const c
+
+ gss_name_t targ_name;
+
+- krb5_principal host_principal;
+- krb5_context krb_ctx = NULL;
+-
+ gss_OID_desc nt_host_oid_desc =
+- { 10, (char *)"\052\206\110\206\367\022\001\002\002\002" };
++ {10, (char *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x01"};
+
+ TALLOC_CTX *mem_ctx;
+
+@@ -247,23 +244,13 @@ DNS_ERROR dns_negotiate_sec_ctx( const c
+ goto error;
+ }
+
+- krb5_init_context( &krb_ctx );
+- krb5_parse_name( krb_ctx, targetname, &host_principal );
+-
+- /* don't free the principal until after you call
+- gss_release_name() or else you'll get a segv
+- as the krb5_copy_principal() does a structure
+- copy and not a deep copy. --jerry*/
+-
+- input_name.value = &host_principal;
+- input_name.length = sizeof( host_principal );
++ input_name.value = targetname;
++ input_name.length = strlen(targetname);
+
+ major = gss_import_name( &minor, &input_name,
+ &nt_host_oid_desc, &targ_name );
+
+ if (major) {
+- krb5_free_principal( krb_ctx, host_principal );
+- krb5_free_context( krb_ctx );
+ err = ERROR_DNS_GSS_ERROR;
+ goto error;
+ }
+@@ -273,11 +260,6 @@ DNS_ERROR dns_negotiate_sec_ctx( const c
+
+ gss_release_name( &minor, &targ_name );
+
+- /* now we can free the principal */
+-
+- krb5_free_principal( krb_ctx, host_principal );
+- krb5_free_context( krb_ctx );
+-
+ error:
+ TALLOC_FREE(mem_ctx);
+
diff --git a/net/samba3/files/patch-nsswitch_winbindd.c b/net/samba3/files/patch-nsswitch_winbindd.c
deleted file mode 100644
index efbb4402f818..000000000000
--- a/net/samba3/files/patch-nsswitch_winbindd.c
+++ /dev/null
@@ -1,12 +0,0 @@
---- nsswitch/winbindd.c.orig Sun Apr 22 01:00:32 2007
-+++ nsswitch/winbindd.c Mon Jun 4 02:59:13 2007
-@@ -303,6 +303,9 @@
- if (state->mem_ctx == NULL)
- return;
-
-+ /* Remember who asked us. */
-+ state->pid = state->request.pid;
-+
- /* Process command */
-
- for (table = dispatch_table; table->fn; table++) {
diff --git a/net/samba3/files/patch-samba3-undo_the_right_thing2.patch b/net/samba3/files/patch-samba3-undo_the_right_thing2.patch
new file mode 100644
index 000000000000..c679c403b42a
--- /dev/null
+++ b/net/samba3/files/patch-samba3-undo_the_right_thing2.patch
@@ -0,0 +1,14 @@
+Index: nsswitch/winbindd_cache.c
+===================================================================
+--- nsswitch/winbindd_cache.c (Revision 15137)
++++ nsswitch/winbindd_cache.c (Arbeitskopie)
+@@ -121,7 +121,8 @@
+ if ( !domain->primary )
+ our_domain = find_our_domain();
+
+- if ( (our_domain->active_directory || IS_DC) && domain->active_directory ) {
++ if ( (our_domain->active_directory || IS_DC) && domain->active_directory &&
++ (lp_security()==SEC_ADS)) {
+ DEBUG(5,("get_cache: Setting ADS methods for domain %s\n", domain->name));
+ domain->backend = &ads_methods;
+ } else {
diff --git a/net/samba3/files/patch-smbd_sec_ctx.c b/net/samba3/files/patch-smbd_sec_ctx.c
index 46c6d55c4c2c..cd754ad56e45 100644
--- a/net/samba3/files/patch-smbd_sec_ctx.c
+++ b/net/samba3/files/patch-smbd_sec_ctx.c
@@ -1,6 +1,25 @@
--- smbd/sec_ctx.c.orig Thu Mar 1 05:54:08 2007
-+++ smbd/sec_ctx.c Tue Jun 5 01:16:32 2007
-@@ -192,7 +192,7 @@
++++ smbd/sec_ctx.c Sat Sep 15 02:49:24 2007
+@@ -5,7 +5,7 @@
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+- the Free Software Foundation; either version 2 of the License, or
++ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+@@ -14,8 +14,7 @@
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+- along with this program; if not, write to the Free Software
+- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
++ along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+ #include "includes.h"
+@@ -192,7 +191,7 @@
if (sec_ctx_stack_ndx == MAX_SEC_CTX_DEPTH) {
DEBUG(0, ("Security context stack overflow!\n"));
@@ -9,50 +28,104 @@
}
/* Store previous user context */
-@@ -234,7 +234,9 @@
- void set_sec_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups, NT_USER_TOKEN *token)
- {
- struct sec_ctx *ctx_p = &sec_ctx_stack[sec_ctx_stack_ndx];
--
+@@ -228,6 +227,73 @@
+ }
+
+ /****************************************************************************
++ Change UNIX security context. Calls panic if not successful so no return value.
++****************************************************************************/
++
++#ifndef HAVE_DARWIN_INITGROUPS
++
++/* Normal credential switch path. */
++
++static void set_unix_security_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups)
++{
++ /* Start context switch */
++ gain_root();
+#ifdef HAVE_SETGROUPS
-+ gid_t *new_groups = NULL;
++ if (sys_setgroups(gid, ngroups, groups) != 0 && !non_root_mode()) {
++ smb_panic("sys_setgroups failed");
++ }
+#endif
- /* Set the security context */
++ become_id(uid, gid);
++ /* end context switch */
++}
++
++#else /* HAVE_DARWIN_INITGROUPS */
++
++/* The Darwin groups implementation is a little unusual. The list of
++* groups in the kernel credential is not exhaustive, but more like
++* a cache. The full group list is held in userspace and checked
++* dynamically.
++*
++* This is an optional mechanism, and setgroups(2) opts out
++* of it. That is, if you call setgroups, then the list of groups you
++* set are the only groups that are ever checked. This is not what we
++* want. We want to opt in to the dynamic resolution mechanism, so we
++* need to specify the uid of the user whose group list (cache) we are
++* setting.
++*
++* The Darwin rules are:
++* 1. Thou shalt setegid, initgroups and seteuid IN THAT ORDER
++* 2. Thou shalt not pass more that NGROUPS_MAX to initgroups
++* 3. Thou shalt leave the first entry in the groups list well alone
++*/
++
++#include <sys/syscall.h>
++
++static void set_unix_security_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups)
++{
++ int max = groups_max();
++
++ /* Start context switch */
++ gain_root();
++
++ become_gid(gid);
++
++
++ if (syscall(SYS_initgroups, (ngroups > max) ? max : ngroups,
++ groups, uid) == -1 && !non_root_mode()) {
++ DEBUG(0, ("WARNING: failed to set group list "
++ "(%d groups) for UID %ld: %s\n",
++ ngroups, uid, strerror(errno)));
++ smb_panic("sys_setgroups failed");
++ }
++
++ become_uid(uid);
++ /* end context switch */
++}
++
++#endif /* HAVE_DARWIN_INITGROUPS */
++
++/****************************************************************************
+ Set the current security context to a given user.
+ ****************************************************************************/
- DEBUG(3, ("setting sec ctx (%u, %u) - sec_ctx_stack_ndx = %d\n",
-@@ -246,12 +248,20 @@
- gain_root();
+@@ -243,11 +309,8 @@
+ debug_nt_user_token(DBGC_CLASS, 5, token);
+ debug_unix_user_token(DBGC_CLASS, 5, uid, gid, ngroups, groups);
- #ifdef HAVE_SETGROUPS
+- gain_root();
+-
+-#ifdef HAVE_SETGROUPS
- sys_setgroups(ngroups, groups);
-+ if (!(new_groups = SMB_MALLOC_ARRAY(gid_t, ngroups+1))) {
-+ smb_panic("malloc for groups failed");
-+ }
-+ new_groups[0] = gid;
-+ if(ngroups) {
-+ memcpy(&new_groups[1], groups, sizeof(gid_t) * ngroups);
-+ }
-+ sys_setgroups(ngroups+1, new_groups);
-+ SAFE_FREE(new_groups);
- #endif
+-#endif
++ /* Change uid, gid and supplementary group list. */
++ set_unix_security_ctx(uid, gid, ngroups, groups);
ctx_p->ut.ngroups = ngroups;
--
- SAFE_FREE(ctx_p->ut.groups);
-+
- if (token && (token == ctx_p->token)) {
- smb_panic("DUPLICATE_TOKEN");
+
+@@ -277,8 +340,6 @@
+ ctx_p->token = NULL;
}
-@@ -262,7 +272,7 @@
- ctx_p->ut.groups = (gid_t *)memdup(groups,
- sizeof(gid_t) * ngroups);
- if (!ctx_p->ut.groups) {
-- smb_panic("memdup failed");
-+ smb_panic("memdup for groups failed");
- }
- } else {
- ctx_p->ut.groups = NULL;
-@@ -315,7 +325,7 @@
+
+- become_id(uid, gid);
+-
+ ctx_p->ut.uid = uid;
+ ctx_p->ut.gid = gid;
+
+@@ -315,7 +376,7 @@
if (sec_ctx_stack_ndx == 0) {
DEBUG(0, ("Security context stack underflow!\n"));
@@ -61,3 +134,24 @@
}
ctx_p = &sec_ctx_stack[sec_ctx_stack_ndx];
+@@ -334,15 +395,13 @@
+
+ sec_ctx_stack_ndx--;
+
+- gain_root();
+-
+ prev_ctx_p = &sec_ctx_stack[sec_ctx_stack_ndx];
+
+-#ifdef HAVE_SETGROUPS
+- sys_setgroups(prev_ctx_p->ut.ngroups, prev_ctx_p->ut.groups);
+-#endif
+-
+- become_id(prev_ctx_p->ut.uid, prev_ctx_p->ut.gid);
++ /* Change uid, gid and supplementary group list. */
++ set_unix_security_ctx(prev_ctx_p->ut.uid,
++ prev_ctx_p->ut.gid,
++ prev_ctx_p->ut.ngroups,
++ prev_ctx_p->ut.groups);
+
+ /* Update current_user stuff */
+
diff --git a/net/samba3/files/patch-vfs_zfsacl.c b/net/samba3/files/patch-vfs_zfsacl.c
new file mode 100644
index 000000000000..2b243f580800
--- /dev/null
+++ b/net/samba3/files/patch-vfs_zfsacl.c
@@ -0,0 +1,190 @@
+--- /dev/null Thu Aug 30 22:11:01 2007
++++ modules/vfs_zfsacl.c Thu Aug 30 16:33:06 2007
+@@ -0,0 +1,187 @@
++/*
++ * Convert ZFS/NFSv4 acls to NT acls and vice versa.
++ *
++ * Copyright (C) Jiri Sasek, 2007
++ * based on the foobar.c module which is copyrighted by Volker Lendecke
++ *
++ * This program is free software; you can redistribute it and/or modify
++ * it under the terms of the GNU General Public License as published by
++ * the Free Software Foundation; either version 2 of the License, or
++ * (at your option) any later version.
++ *
++ * This program is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program; if not, write to the Free Software
++ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
++ *
++ */
++
++#include "includes.h"
++#include "nfs4_acls.h"
++
++#undef DBGC_CLASS
++#define DBGC_CLASS DBGC_VFS
++
++#define ZFSACL_MODULE_NAME "zfsacl"
++
++/* zfs_get_nt_acl()
++ * read the local file's acls and return it in NT form
++ * using the NFSv4 format conversion
++ */
++static size_t zfs_get_nt_acl(struct files_struct *fsp, uint32 security_info,
++ struct security_descriptor **ppdesc)
++{
++ int naces, i;
++ ace_t *acebuf;
++ SMB4ACL_T *pacl;
++ TALLOC_CTX *mem_ctx;
++
++ /* read the number of file aces */
++ if((naces = acl(fsp->fsp_name, ACE_GETACLCNT, 0, NULL)) == -1) {
++ if(errno == ENOSYS) {
++ DEBUG(9, ("acl(ACE_GETACLCNT, %s): Operation is not supported on the filesystem where the file reside"));
++ } else {
++ DEBUG(9, ("acl(ACE_GETACLCNT, %s): %s ", fsp->fsp_name,
++ strerror(errno)));
++ }
++ return 0;
++ }
++ /* allocate the field of ZFS aces */
++ mem_ctx = main_loop_talloc_get();
++ acebuf = (ace_t *) talloc_size(mem_ctx, sizeof(ace_t)*naces);
++ if(acebuf == NULL) {
++ errno = ENOMEM;
++ return 0;
++ }
++ /* read the aces into the field */
++ if(acl(fsp->fsp_name, ACE_GETACL, naces, acebuf) < 0) {
++ DEBUG(9, ("acl(ACE_GETACL, %s): %s ", fsp->fsp_name,
++ strerror(errno)));
++ return 0;
++ }
++ /* create SMB4ACL data */
++ if((pacl = smb_create_smb4acl()) == NULL) return 0;
++ for(i=0; i<naces; i++) {
++ SMB_ACE4PROP_T aceprop;
++
++ aceprop.aceType = (uint32) acebuf[i].a_type;
++ aceprop.aceFlags = (uint32) acebuf[i].a_flags;
++ aceprop.aceMask = (uint32) acebuf[i].a_access_mask;
++ aceprop.who.id = (uint32) acebuf[i].a_who;
++ aceprop.flags = 0;
++ if(smb_add_ace4(pacl, &aceprop) == NULL) return 0;
++ }
++
++ return smb_get_nt_acl_nfs4(fsp, security_info, ppdesc, pacl);
++}
++
++/* call-back function processing the NT acl -> ZFS acl using NFSv4 conv. */
++static BOOL zfs_process_smbacl(files_struct *fsp, SMB4ACL_T *smbacl)
++{
++ int naces = smb_get_naces(smbacl), i;
++ ace_t *acebuf;
++ SMB4ACE_T *smbace;
++ TALLOC_CTX *mem_ctx;
++
++ /* allocate the field of ZFS aces */
++ mem_ctx = main_loop_talloc_get();
++ acebuf = (ace_t *) talloc_size(mem_ctx, sizeof(ace_t)*naces);
++ if(acebuf == NULL) {
++ errno = ENOMEM;
++ return False;
++ }
++ /* handle all aces */
++ for(smbace = smb_first_ace4(smbacl), i = 0;
++ smbace!=NULL;
++ smbace = smb_next_ace4(smbace), i++) {
++ SMB_ACE4PROP_T *aceprop = smb_get_ace4(smbace);
++
++ acebuf[i].a_type = aceprop->aceType;
++ acebuf[i].a_flags = aceprop->aceFlags;
++ acebuf[i].a_access_mask = aceprop->aceMask;
++ acebuf[i].a_who = aceprop->who.id;
++ }
++ SMB_ASSERT(i == naces);
++
++ /* store acl */
++ if(acl(fsp->fsp_name, ACE_SETACL, naces, acebuf)) {
++ if(errno == ENOSYS) {
++ DEBUG(9, ("acl(ACE_SETACL, %s): Operation is not supported on the filesystem where the file reside"));
++ } else {
++ DEBUG(9, ("acl(ACE_SETACL, %s): %s ", fsp->fsp_name,
++ strerror(errno)));
++ }
++ return 0;
++ }
++
++ return True;
++}
++
++/* zfs_set_nt_acl()
++ * set the local file's acls obtaining it in NT form
++ * using the NFSv4 format conversion
++ */
++static NTSTATUS zfs_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
++ uint32 security_info_sent,
++ struct security_descriptor *psd)
++{
++ return smb_set_nt_acl_nfs4(fsp, security_info_sent, psd,
++ zfs_process_smbacl);
++}
++
++static size_t zfsacl_fget_nt_acl(struct vfs_handle_struct *handle,
++ struct files_struct *fsp,
++ int fd, uint32 security_info,
++ struct security_descriptor **ppdesc)
++{
++ return zfs_get_nt_acl(fsp, security_info, ppdesc);
++}
++
++static size_t zfsacl_get_nt_acl(struct vfs_handle_struct *handle,
++ struct files_struct *fsp,
++ const char *name, uint32 security_info,
++ struct security_descriptor **ppdesc)
++{
++ return zfs_get_nt_acl(fsp, security_info, ppdesc);
++}
++
++static NTSTATUS zfsacl_fset_nt_acl(vfs_handle_struct *handle,
++ files_struct *fsp,
++ int fd, uint32 security_info_sent,
++ SEC_DESC *psd)
++{
++ return zfs_set_nt_acl(handle, fsp, security_info_sent, psd);
++}
++
++static NTSTATUS zfsacl_set_nt_acl(vfs_handle_struct *handle,
++ files_struct *fsp,
++ const char *name, uint32 security_info_sent,
++ SEC_DESC *psd)
++{
++ return zfs_set_nt_acl(handle, fsp, security_info_sent, psd);
++}
++
++/* VFS operations structure */
++
++static vfs_op_tuple zfsacl_ops[] = {
++ {SMB_VFS_OP(zfsacl_fget_nt_acl), SMB_VFS_OP_FGET_NT_ACL,
++ SMB_VFS_LAYER_OPAQUE},
++ {SMB_VFS_OP(zfsacl_get_nt_acl), SMB_VFS_OP_GET_NT_ACL,
++ SMB_VFS_LAYER_OPAQUE},
++ {SMB_VFS_OP(zfsacl_fset_nt_acl), SMB_VFS_OP_FSET_NT_ACL,
++ SMB_VFS_LAYER_OPAQUE},
++ {SMB_VFS_OP(zfsacl_set_nt_acl), SMB_VFS_OP_SET_NT_ACL,
++ SMB_VFS_LAYER_OPAQUE},
++ {SMB_VFS_OP(NULL), SMB_VFS_OP_NOOP, SMB_VFS_LAYER_NOOP}
++};
++
++NTSTATUS vfs_zfsacl_init(void);
++NTSTATUS vfs_zfsacl_init(void)
++{
++ return smb_register_vfs(SMB_VFS_INTERFACE_VERSION, "zfsacl",
++ zfsacl_ops);
++}
diff --git a/net/samba3/pkg-plist.swat b/net/samba3/pkg-plist.swat
index 90b01b772957..7ccfa14ca48d 100644
--- a/net/samba3/pkg-plist.swat
+++ b/net/samba3/pkg-plist.swat
@@ -75,6 +75,7 @@ share/swat/help/Samba3-Developers-Guide/internals.html
share/swat/help/Samba3-Developers-Guide/modules.html
share/swat/help/Samba3-Developers-Guide/ntdomain.html
share/swat/help/Samba3-Developers-Guide/parsing.html
+share/swat/help/Samba3-Developers-Guide/pr01.html
share/swat/help/Samba3-Developers-Guide/pt01.html
share/swat/help/Samba3-Developers-Guide/pt02.html
share/swat/help/Samba3-Developers-Guide/pt03.html