diff options
Diffstat (limited to 'net/samba422/files')
46 files changed, 4735 insertions, 0 deletions
diff --git a/net/samba422/files/0001-Compact-and-simplify-modules-build-and-config-genera.patch b/net/samba422/files/0001-Compact-and-simplify-modules-build-and-config-genera.patch new file mode 100644 index 000000000000..d34395bf6f22 --- /dev/null +++ b/net/samba422/files/0001-Compact-and-simplify-modules-build-and-config-genera.patch @@ -0,0 +1,292 @@ +From 05e3cc236406680a55e19b204202b63cdaf48ea1 Mon Sep 17 00:00:00 2001 +From: "Timur I. Bakeyev" <timur@FreeBSD.org> +Date: Mon, 1 Aug 2022 04:15:43 +0200 +Subject: [PATCH 01/28] Compact and simplify modules build and config + generation for Bind 9.x AD DLZ. + +Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org> +--- + python/samba/provision/sambadns.py | 68 ++++++++++++------------------ + source4/dns_server/dlz_minimal.h | 44 +++++++++---------- + source4/dns_server/wscript_build | 62 +++------------------------ + source4/setup/named.conf.dlz | 25 +---------- + source4/torture/dns/wscript_build | 2 +- + 5 files changed, 55 insertions(+), 146 deletions(-) + +diff --git a/python/samba/provision/sambadns.py b/python/samba/provision/sambadns.py +index 404b346a885..8e5a8ba5f25 100644 +--- a/python/samba/provision/sambadns.py ++++ b/python/samba/provision/sambadns.py +@@ -21,6 +21,7 @@ + """DNS-related provisioning""" + + import os ++import re + import uuid + import shutil + import time +@@ -1010,52 +1011,37 @@ def create_named_conf(paths, realm, dnsdomain, dns_backend, logger): + stderr=subprocess.STDOUT, + cwd='.').communicate()[0] + bind_info = get_string(bind_info) +- bind9_8 = '#' +- bind9_9 = '#' +- bind9_10 = '#' +- bind9_11 = '#' +- bind9_12 = '#' +- bind9_14 = '#' +- bind9_16 = '#' +- bind9_18 = '#' +- if bind_info.upper().find('BIND 9.8') != -1: +- bind9_8 = '' +- elif bind_info.upper().find('BIND 9.9') != -1: +- bind9_9 = '' +- elif bind_info.upper().find('BIND 9.10') != -1: +- bind9_10 = '' +- elif bind_info.upper().find('BIND 9.11') != -1: +- bind9_11 = '' +- elif bind_info.upper().find('BIND 9.12') != -1: +- bind9_12 = '' +- elif bind_info.upper().find('BIND 9.14') != -1: +- bind9_14 = '' +- elif bind_info.upper().find('BIND 9.16') != -1: +- bind9_16 = '' +- elif bind_info.upper().find('BIND 9.18') != -1: +- bind9_18 = '' +- elif bind_info.upper().find('BIND 9.7') != -1: +- raise ProvisioningError("DLZ option incompatible with BIND 9.7.") +- elif bind_info.upper().find('BIND_9.13') != -1: +- raise ProvisioningError("Only stable/esv releases of BIND are supported.") +- elif bind_info.upper().find('BIND_9.15') != -1: +- raise ProvisioningError("Only stable/esv releases of BIND are supported.") +- elif bind_info.upper().find('BIND_9.17') != -1: +- raise ProvisioningError("Only stable/esv releases of BIND are supported.") ++ bind9_release = re.search('BIND (9)\.(\d+)\.', bind_info, re.I) ++ if bind9_release: ++ bind9_disabled = '' ++ bind9_version = bind9_release.group(0) + "x" ++ bind9_version_major = int(bind9_release.group(1)) ++ bind9_version_minor = int(bind9_release.group(2)) ++ if bind9_version_minor == 7: ++ raise ProvisioningError("DLZ option incompatible with BIND 9.7.") ++ elif bind9_version_minor == 8: ++ bind9_dlz_version = "9" ++ elif bind9_version_minor in [13, 15, 17]: ++ raise ProvisioningError("Only stable/esv releases of BIND are supported.") ++ else: ++ bind9_dlz_version = "%d_%d" % (bind9_version_major, bind9_version_minor) + else: ++ bind9_disabled = '# ' ++ bind9_version = "BIND z.y.x" ++ bind9_dlz_version = "z_y" + logger.warning("BIND version unknown, please modify %s manually." % paths.namedconf) ++ ++ bind9_dlz = ( ++ ' # For %s\n' ++ ' %sdatabase "dlopen %s/bind9/dlz_bind%s.so";' ++ ) % ( ++ bind9_version, bind9_disabled, samba.param.modules_dir(), bind9_dlz_version ++ ) + setup_file(setup_path("named.conf.dlz"), paths.namedconf, { + "NAMED_CONF": paths.namedconf, + "MODULESDIR": samba.param.modules_dir(), +- "BIND9_8": bind9_8, +- "BIND9_9": bind9_9, +- "BIND9_10": bind9_10, +- "BIND9_11": bind9_11, +- "BIND9_12": bind9_12, +- "BIND9_14": bind9_14, +- "BIND9_16": bind9_16, +- "BIND9_18": bind9_18 +- }) ++ "BIND9_DLZ": bind9_dlz ++ }) + + + def create_named_txt(path, realm, dnsdomain, dnsname, binddns_dir, +diff --git a/source4/dns_server/dlz_minimal.h b/source4/dns_server/dlz_minimal.h +index b7e36e7f8e6..bbdb616deb2 100644 +--- a/source4/dns_server/dlz_minimal.h ++++ b/source4/dns_server/dlz_minimal.h +@@ -26,31 +26,25 @@ + #include <stdint.h> + #include <stdbool.h> + +-#if defined (BIND_VERSION_9_8) +-# error Bind 9.8 is not supported! +-#elif defined (BIND_VERSION_9_9) +-# error Bind 9.9 is not supported! +-#elif defined (BIND_VERSION_9_10) +-# define DLZ_DLOPEN_VERSION 3 +-# define DNS_CLIENTINFO_VERSION 1 +-# define ISC_BOOLEAN_AS_BOOL 0 +-#elif defined (BIND_VERSION_9_11) +-# define DLZ_DLOPEN_VERSION 3 +-# define DNS_CLIENTINFO_VERSION 2 +-# define ISC_BOOLEAN_AS_BOOL 0 +-#elif defined (BIND_VERSION_9_12) +-# define DLZ_DLOPEN_VERSION 3 +-# define DNS_CLIENTINFO_VERSION 2 +-# define ISC_BOOLEAN_AS_BOOL 0 +-#elif defined (BIND_VERSION_9_14) +-# define DLZ_DLOPEN_VERSION 3 +-# define DNS_CLIENTINFO_VERSION 2 +-#elif defined (BIND_VERSION_9_16) +-# define DLZ_DLOPEN_VERSION 3 +-# define DNS_CLIENTINFO_VERSION 2 +-#elif defined (BIND_VERSION_9_18) +-# define DLZ_DLOPEN_VERSION 3 +-# define DNS_CLIENTINFO_VERSION 2 ++#if defined (BIND_VERSION) ++# if BIND_VERSION == 908 ++# error Bind 9.8 is not supported! ++# elif BIND_VERSION == 909 ++# error Bind 9.9 is not supported! ++# elif BIND_VERSION == 910 ++# define DLZ_DLOPEN_VERSION 3 ++# define DNS_CLIENTINFO_VERSION 1 ++# define ISC_BOOLEAN_AS_BOOL 0 ++# elif BIND_VERSION == 911 || BIND_VERSION == 912 ++# define DLZ_DLOPEN_VERSION 3 ++# define DNS_CLIENTINFO_VERSION 2 ++# define ISC_BOOLEAN_AS_BOOL 0 ++# elif BIND_VERSION >= 914 ++# define DLZ_DLOPEN_VERSION 3 ++# define DNS_CLIENTINFO_VERSION 2 ++# else ++# error Unsupported BIND version ++# endif + #else + # error Unsupported BIND version + #endif +diff --git a/source4/dns_server/wscript_build b/source4/dns_server/wscript_build +index ab0a241b937..3743753504c 100644 +--- a/source4/dns_server/wscript_build ++++ b/source4/dns_server/wscript_build +@@ -20,69 +20,21 @@ bld.SAMBA_MODULE('service_dns', + ) + + # a bind9 dlz module giving access to the Samba DNS SAM +-bld.SAMBA_LIBRARY('dlz_bind9_10', ++for bind_version in (910, 911, 912, 914, 916, 918, 920): ++ string_version='%d_%d' % (bind_version // 100, bind_version % 100) ++ bld.SAMBA_LIBRARY('dlz_bind%s' % (string_version), + source='dlz_bind9.c', +- cflags='-DBIND_VERSION_9_10', ++ cflags='-DBIND_VERSION=%d' % bind_version, + private_library=True, +- link_name='modules/bind9/dlz_bind9_10.so', +- realname='dlz_bind9_10.so', +- install_path='${MODULESDIR}/bind9', +- deps='samba-hostconfig samdb-common gensec popt dnsserver_common', +- enabled=bld.AD_DC_BUILD_IS_ENABLED()) +- +-bld.SAMBA_LIBRARY('dlz_bind9_11', +- source='dlz_bind9.c', +- cflags='-DBIND_VERSION_9_11', +- private_library=True, +- link_name='modules/bind9/dlz_bind9_11.so', +- realname='dlz_bind9_11.so', +- install_path='${MODULESDIR}/bind9', +- deps='samba-hostconfig samdb-common gensec popt dnsserver_common', +- enabled=bld.AD_DC_BUILD_IS_ENABLED()) +- +-bld.SAMBA_LIBRARY('dlz_bind9_12', +- source='dlz_bind9.c', +- cflags='-DBIND_VERSION_9_12', +- private_library=True, +- link_name='modules/bind9/dlz_bind9_12.so', +- realname='dlz_bind9_12.so', +- install_path='${MODULESDIR}/bind9', +- deps='samba-hostconfig samdb-common gensec popt dnsserver_common', +- enabled=bld.AD_DC_BUILD_IS_ENABLED()) +- +-bld.SAMBA_LIBRARY('dlz_bind9_14', +- source='dlz_bind9.c', +- cflags='-DBIND_VERSION_9_14', +- private_library=True, +- link_name='modules/bind9/dlz_bind9_14.so', +- realname='dlz_bind9_14.so', +- install_path='${MODULESDIR}/bind9', +- deps='samba-hostconfig samdb-common gensec popt dnsserver_common', +- enabled=bld.AD_DC_BUILD_IS_ENABLED()) +- +-bld.SAMBA_LIBRARY('dlz_bind9_16', +- source='dlz_bind9.c', +- cflags='-DBIND_VERSION_9_16', +- private_library=True, +- link_name='modules/bind9/dlz_bind9_16.so', +- realname='dlz_bind9_16.so', +- install_path='${MODULESDIR}/bind9', +- deps='samba-hostconfig samdb-common gensec popt dnsserver_common', +- enabled=bld.AD_DC_BUILD_IS_ENABLED()) +- +-bld.SAMBA_LIBRARY('dlz_bind9_18', +- source='dlz_bind9.c', +- cflags='-DBIND_VERSION_9_18', +- private_library=True, +- link_name='modules/bind9/dlz_bind9_18.so', +- realname='dlz_bind9_18.so', ++ link_name='modules/bind9/dlz_bind%s.so' % (string_version), ++ realname='dlz_bind%s.so' % (string_version), + install_path='${MODULESDIR}/bind9', + deps='samba-hostconfig samdb-common gensec popt dnsserver_common', + enabled=bld.AD_DC_BUILD_IS_ENABLED()) + + bld.SAMBA_LIBRARY('dlz_bind9_for_torture', + source='dlz_bind9.c', +- cflags='-DBIND_VERSION_9_16', ++ cflags='-DBIND_VERSION=920', + private_library=True, + deps='samba-hostconfig samdb-common gensec popt dnsserver_common', + enabled=bld.AD_DC_BUILD_IS_ENABLED()) +diff --git a/source4/setup/named.conf.dlz b/source4/setup/named.conf.dlz +index cbe7d805f58..32672768af4 100644 +--- a/source4/setup/named.conf.dlz ++++ b/source4/setup/named.conf.dlz +@@ -10,28 +10,5 @@ + # Uncomment only single database line, depending on your BIND version + # + dlz "AD DNS Zone" { +- # For BIND 9.8.x +- ${BIND9_8} database "dlopen ${MODULESDIR}/bind9/dlz_bind9.so"; +- +- # For BIND 9.9.x +- ${BIND9_9} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_9.so"; +- +- # For BIND 9.10.x +- ${BIND9_10} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_10.so"; +- +- # For BIND 9.11.x +- ${BIND9_11} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_11.so"; +- +- # For BIND 9.12.x +- ${BIND9_12} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_12.so"; +- +- # For BIND 9.14.x +- ${BIND9_14} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_14.so"; +- +- # For BIND 9.16.x +- ${BIND9_16} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_16.so"; +- # +- # For BIND 9.18.x +- ${BIND9_18} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_18.so"; ++${BIND9_DLZ} + }; +- +diff --git a/source4/torture/dns/wscript_build b/source4/torture/dns/wscript_build +index 0b40e03e370..bf7415ff88a 100644 +--- a/source4/torture/dns/wscript_build ++++ b/source4/torture/dns/wscript_build +@@ -5,7 +5,7 @@ if bld.AD_DC_BUILD_IS_ENABLED(): + source='dlz_bind9.c', + subsystem='smbtorture', + init_function='torture_bind_dns_init', +- cflags='-DBIND_VERSION_9_16', ++ cflags='-DBIND_VERSION=920', + deps='torture talloc torturemain dlz_bind9_for_torture', + internal_module=True + ) +-- +2.37.1 + diff --git a/net/samba422/files/0002-Adjust-abi_gen.sh-script-to-run-under-FreeBSD-with-i.patch b/net/samba422/files/0002-Adjust-abi_gen.sh-script-to-run-under-FreeBSD-with-i.patch new file mode 100644 index 000000000000..fec7b9d07172 --- /dev/null +++ b/net/samba422/files/0002-Adjust-abi_gen.sh-script-to-run-under-FreeBSD-with-i.patch @@ -0,0 +1,35 @@ +From 639b8d650685476016a6d5b1c996a04ac54f8a6f Mon Sep 17 00:00:00 2001 +From: "Timur I. Bakeyev" <timur@FreeBSD.org> +Date: Sun, 30 May 2021 04:00:08 +0200 +Subject: [PATCH 02/28] Adjust abi_gen.sh script to run under FreeBSD with it's + own bintools and slightly different output of GDB. + +Substitution: yes + +Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org> +--- + buildtools/scripts/abi_gen.sh | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/buildtools/scripts/abi_gen.sh b/buildtools/scripts/abi_gen.sh +index ddb0a7cc36f..d2750705ff9 100755 +--- a/buildtools/scripts/abi_gen.sh ++++ b/buildtools/scripts/abi_gen.sh +@@ -9,6 +9,7 @@ GDBSCRIPT="gdb_syms.$$" + cat <<EOF + set height 0 + set width 0 ++set print sevenbit-strings on + EOF + + # On older linker versions _init|_fini symbols are not hidden. +@@ -22,5 +23,5 @@ done + ) > $GDBSCRIPT + + # forcing the terminal avoids a problem on Fedora12 +-TERM=none gdb -n -batch -x $GDBSCRIPT "$SHAREDLIB" < /dev/null ++TERM=none %%GDB_CMD%% -n -batch -x $GDBSCRIPT "$SHAREDLIB" < /dev/null + rm -f $GDBSCRIPT +-- +2.37.1 + diff --git a/net/samba422/files/0003-Mask-CLang-prototype-warnings-in-kadm5-admin.h.patch b/net/samba422/files/0003-Mask-CLang-prototype-warnings-in-kadm5-admin.h.patch new file mode 100644 index 000000000000..8540609886da --- /dev/null +++ b/net/samba422/files/0003-Mask-CLang-prototype-warnings-in-kadm5-admin.h.patch @@ -0,0 +1,32 @@ +From 382c3edc95a1747e0a6edd05c76adc0ec21a66c7 Mon Sep 17 00:00:00 2001 +From: "Timur I. Bakeyev" <timur@FreeBSD.org> +Date: Sun, 30 May 2021 03:50:17 +0200 +Subject: [PATCH 03/28] Mask CLang prototype warnings in kadm5/admin.h + +Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org> +--- + source4/kdc/kdc-service-mit.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/source4/kdc/kdc-service-mit.c b/source4/kdc/kdc-service-mit.c +index 22663b6ecc8..5bef125206a 100644 +--- a/source4/kdc/kdc-service-mit.c ++++ b/source4/kdc/kdc-service-mit.c +@@ -36,9 +36,13 @@ + #include "kdc/samba_kdc.h" + #include "kdc/kdc-server.h" + #include "kdc/kpasswd-service.h" +-#include <kadm5/admin.h> + #include <kdb.h> + ++#pragma clang diagnostic push ++#pragma clang diagnostic ignored "-Wstrict-prototypes" ++#include <kadm5/admin.h> ++#pragma clang diagnostic pop ++ + #include "source4/kdc/mit_kdc_irpc.h" + + /* PROTOTYPES */ +-- +2.37.1 + diff --git a/net/samba422/files/0004-On-FreeBSD-date-1-has-different-semantics-than-on-Li.patch b/net/samba422/files/0004-On-FreeBSD-date-1-has-different-semantics-than-on-Li.patch new file mode 100644 index 000000000000..4df0249fced2 --- /dev/null +++ b/net/samba422/files/0004-On-FreeBSD-date-1-has-different-semantics-than-on-Li.patch @@ -0,0 +1,38 @@ +From 0eb28116ceefee7bdafabac18a1763f13cb71883 Mon Sep 17 00:00:00 2001 +From: "Timur I. Bakeyev" <timur@FreeBSD.org> +Date: Sun, 30 May 2021 03:42:31 +0200 +Subject: [PATCH 04/28] On FreeBSD `date(1)` has different semantics than on + Linux. Generate call parameter accordingly. + +FreeBSD: `date [[[[[cc]yy]mm]dd]HH]MM[.ss]` +Linux: `date [mmddHHMM[[cc]yy][.ss]]` + +Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org> +--- + source3/utils/net_time.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/source3/utils/net_time.c b/source3/utils/net_time.c +index d102f84614f..f679000a979 100644 +--- a/source3/utils/net_time.c ++++ b/source3/utils/net_time.c +@@ -82,10 +82,15 @@ static const char *systime(time_t t) + if (!tm) { + return "unknown"; + } +- ++#if defined(FREEBSD) ++ return talloc_asprintf(talloc_tos(), "%04d%02d%02d%02d%02d.%02d", ++ tm->tm_year + 1900, tm->tm_mon+1, tm->tm_mday, ++ tm->tm_hour, tm->tm_min, tm->tm_sec); ++#else + return talloc_asprintf(talloc_tos(), "%02d%02d%02d%02d%04d.%02d", + tm->tm_mon+1, tm->tm_mday, tm->tm_hour, + tm->tm_min, tm->tm_year + 1900, tm->tm_sec); ++#endif + } + + int net_time_usage(struct net_context *c, int argc, const char **argv) +-- +2.37.1 + diff --git a/net/samba422/files/0005-Include-jemalloc-jemalloc.h-if-ENABLE_JEMALLOC-is-se.patch b/net/samba422/files/0005-Include-jemalloc-jemalloc.h-if-ENABLE_JEMALLOC-is-se.patch new file mode 100644 index 000000000000..a898a50f9972 --- /dev/null +++ b/net/samba422/files/0005-Include-jemalloc-jemalloc.h-if-ENABLE_JEMALLOC-is-se.patch @@ -0,0 +1,26 @@ +From 3cc67018c560d32b98523618d16902c1a670ed40 Mon Sep 17 00:00:00 2001 +From: "Timur I. Bakeyev" <timur@FreeBSD.org> +Date: Sun, 30 May 2021 03:33:51 +0200 +Subject: [PATCH 05/28] Include jemalloc/jemalloc.h if ENABLE_JEMALLOC is set. + +Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org> +--- + source3/include/includes.h | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/source3/include/includes.h b/source3/include/includes.h +index 510a0b96539..94a076de11e 100644 +--- a/source3/include/includes.h ++++ b/source3/include/includes.h +@@ -326,6 +326,8 @@ typedef char fstring[FSTRING_LEN]; + * the *bottom* of include files so as not to conflict. */ + #ifdef ENABLE_DMALLOC + # include <dmalloc.h> ++#elif ENABLE_JEMALLOC ++# include <jemalloc/jemalloc.h> + #endif + + +-- +2.37.1 + diff --git a/net/samba422/files/0006-Install-nss_-modules-into-PAMMODULESDIR-path.patch b/net/samba422/files/0006-Install-nss_-modules-into-PAMMODULESDIR-path.patch new file mode 100644 index 000000000000..9fa102f09d75 --- /dev/null +++ b/net/samba422/files/0006-Install-nss_-modules-into-PAMMODULESDIR-path.patch @@ -0,0 +1,32 @@ +From 406621efcd26d48b5e8f1e5df4082c8bf2cc8bab Mon Sep 17 00:00:00 2001 +From: "Timur I. Bakeyev" <timur@FreeBSD.org> +Date: Sun, 30 May 2021 03:32:21 +0200 +Subject: [PATCH 06/28] Install nss_* modules into PAMMODULESDIR path. + +Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org> +--- + nsswitch/wscript_build | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/nsswitch/wscript_build b/nsswitch/wscript_build +index 3247b6c2b7c..df2fc3b97ea 100644 +--- a/nsswitch/wscript_build ++++ b/nsswitch/wscript_build +@@ -54,12 +54,14 @@ elif (host_os.rfind('freebsd') > -1): + source='winbind_nss_linux.c winbind_nss_freebsd.c', + deps='wbclient', + realname='nss_winbind.so.1', ++ install_path='${PAMMODULESDIR}', + vnum='1') + + bld.SAMBA3_PLUGIN('nss_wins', + source='wins.c wins_freebsd.c', + deps='''wbclient''', + realname='nss_wins.so.1', ++ install_path='${PAMMODULESDIR}', + vnum='1') + + elif (host_os.rfind('netbsd') > -1): +-- +2.37.1 + diff --git a/net/samba422/files/0007-Use-macro-value-as-a-default-backlog-size-for-the-li.patch b/net/samba422/files/0007-Use-macro-value-as-a-default-backlog-size-for-the-li.patch new file mode 100644 index 000000000000..96fa888f3784 --- /dev/null +++ b/net/samba422/files/0007-Use-macro-value-as-a-default-backlog-size-for-the-li.patch @@ -0,0 +1,105 @@ +From 75f20f8e144a926873b619e1c0918896689d39a0 Mon Sep 17 00:00:00 2001 +From: "Timur I. Bakeyev" <timur@FreeBSD.org> +Date: Sun, 30 May 2021 03:28:09 +0200 +Subject: [PATCH 07/28] Use macro value as a default backlog size for the + `listen()` syscall. + +Set that macro to -1 on FreeBSD, specifying maximum kernel configured +allowed backlog size. + +Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org> +--- + lib/tevent/echo_server.c | 2 +- + source3/include/local.h | 11 +++++++++++ + source3/libsmb/unexpected.c | 2 +- + source3/utils/smbfilter.c | 2 +- + source3/winbindd/winbindd.c | 4 ++-- + 5 files changed, 16 insertions(+), 5 deletions(-) + +diff --git a/lib/tevent/echo_server.c b/lib/tevent/echo_server.c +index f93d8bcdee7..49354dbf0e5 100644 +--- a/lib/tevent/echo_server.c ++++ b/lib/tevent/echo_server.c +@@ -633,7 +633,7 @@ int main(int argc, const char **argv) + exit(1); + } + +- ret = listen(listen_sock, 5); ++ ret = listen(listen_sock, DEFAULT_LISTEN_BACKLOG); + if (ret == -1) { + perror("listen() failed"); + exit(1); +diff --git a/source3/include/local.h b/source3/include/local.h +index 297e5572fdb..d85aab09f9f 100644 +--- a/source3/include/local.h ++++ b/source3/include/local.h +@@ -163,7 +163,18 @@ + #define WINBIND_SERVER_MUTEX_WAIT_TIME (( ((NUM_CLI_AUTH_CONNECT_RETRIES) * ((CLI_AUTH_TIMEOUT)/1000)) + 5)*2) + + /* size of listen() backlog in smbd */ ++#if defined (FREEBSD) ++#define SMBD_LISTEN_BACKLOG -1 ++#else + #define SMBD_LISTEN_BACKLOG 50 ++#endif ++ ++/* size of listen() default backlog */ ++#if defined (FREEBSD) ++#define DEFAULT_LISTEN_BACKLOG -1 ++#else ++#define DEFAULT_LISTEN_BACKLOG 5 ++#endif + + /* Number of microseconds to wait before a sharing violation. */ + #define SHARING_VIOLATION_USEC_WAIT 950000 +diff --git a/source3/libsmb/unexpected.c b/source3/libsmb/unexpected.c +index ced46969b88..317d6b1e0e2 100644 +--- a/source3/libsmb/unexpected.c ++++ b/source3/libsmb/unexpected.c +@@ -95,7 +95,7 @@ NTSTATUS nb_packet_server_create(TALLOC_CTX *mem_ctx, + status = map_nt_error_from_unix(errno); + goto fail; + } +- rc = listen(result->listen_sock, 5); ++ rc = listen(result->listen_sock, DEFAULT_LISTEN_BACKLOG); + if (rc < 0) { + status = map_nt_error_from_unix(errno); + goto fail; +diff --git a/source3/utils/smbfilter.c b/source3/utils/smbfilter.c +index 3fbd63975c9..b2d90f993fc 100644 +--- a/source3/utils/smbfilter.c ++++ b/source3/utils/smbfilter.c +@@ -291,7 +291,7 @@ static void start_filter(char *desthost) + exit(1); + } + +- if (listen(s, 5) == -1) { ++ if (listen(s, DEFAULT_LISTEN_BACKLOG) == -1) { + d_printf("listen failed\n"); + } + +diff --git a/source3/winbindd/winbindd.c b/source3/winbindd/winbindd.c +index 0f9c6449a5a..c2df0c92372 100644 +--- a/source3/winbindd/winbindd.c ++++ b/source3/winbindd/winbindd.c +@@ -1312,7 +1312,7 @@ static bool winbindd_setup_listeners(void) + if (pub_state->fd == -1) { + goto failed; + } +- rc = listen(pub_state->fd, 5); ++ rc = listen(pub_state->fd, DEFAULT_LISTEN_BACKLOG); + if (rc < 0) { + goto failed; + } +@@ -1344,7 +1344,7 @@ static bool winbindd_setup_listeners(void) + if (priv_state->fd == -1) { + goto failed; + } +- rc = listen(priv_state->fd, 5); ++ rc = listen(priv_state->fd, DEFAULT_LISTEN_BACKLOG); + if (rc < 0) { + goto failed; + } +-- +2.37.1 + diff --git a/net/samba422/files/0008-Brute-force-work-around-usage-of-Linux-specific-m-fl.patch b/net/samba422/files/0008-Brute-force-work-around-usage-of-Linux-specific-m-fl.patch new file mode 100644 index 000000000000..a9528247cec3 --- /dev/null +++ b/net/samba422/files/0008-Brute-force-work-around-usage-of-Linux-specific-m-fl.patch @@ -0,0 +1,111 @@ +From 29d0b3479f61f33356d6cc82099085b5c412f949 Mon Sep 17 00:00:00 2001 +From: "Timur I. Bakeyev" <timur@FreeBSD.org> +Date: Sun, 30 May 2021 03:24:48 +0200 +Subject: [PATCH 08/28] Brute force work around usage of Linux-specific `%m` + flag in `sscanf()`. + +Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org> +--- + libcli/http/http.c | 36 ++++++++++++++++++++++++++----- + source4/libcli/ldap/ldap_client.c | 12 +++++++++++ + 2 files changed, 43 insertions(+), 5 deletions(-) + +diff --git a/libcli/http/http.c b/libcli/http/http.c +index d20fc25f9e2..a28caca0045 100644 +--- a/libcli/http/http.c ++++ b/libcli/http/http.c +@@ -142,7 +142,19 @@ static enum http_read_status http_parse_headers(struct http_read_response_state + return HTTP_ALL_DATA_READ; + } + ++#ifdef FREEBSD ++ int s0, s1, s2, s3; s0 = s1 = s2 = s3 = 0; ++ n = sscanf(line, "%n%*[^:]%n: %n%*[^\r\n]%n\r\n", &s0, &s1, &s2, &s3); ++ ++ if(n >= 0) { ++ key = calloc(sizeof(char), s1-s0+1); ++ value = calloc(sizeof(char), s3-s2+1); ++ ++ n = sscanf(line, "%[^:]: %[^\r\n]\r\n", key, value); ++ } ++#else + n = sscanf(line, "%m[^:]: %m[^\r\n]\r\n", &key, &value); ++#endif + if (n != 2) { + DEBUG(0, ("%s: Error parsing header '%s'\n", __func__, line)); + status = HTTP_DATA_CORRUPTED; +@@ -168,7 +180,7 @@ error: + static bool http_parse_response_line(struct http_read_response_state *state) + { + bool status = true; +- char *protocol; ++ char *protocol = NULL; + char *msg = NULL; + char major; + char minor; +@@ -188,12 +200,22 @@ static bool http_parse_response_line(struct http_read_response_state *state) + return false; + } + ++#ifdef FREEBSD ++ int s0, s1, s2, s3; s0 = s1 = s2 = s3 = 0; ++ n = sscanf(line, "%n%*[^/]%n/%c.%c %d %n%*[^\r\n]%n\r\n", ++ &s0, &s1, &major, &minor, &code, &s2, &s3); ++ ++ if(n == 3) { ++ protocol = calloc(sizeof(char), s1-s0+1); ++ msg = calloc(sizeof(char), s3-s2+1); ++ ++ n = sscanf(line, "%[^/]/%c.%c %d %[^\r\n]\r\n", ++ protocol, &major, &minor, &code, msg); ++ } ++#else + n = sscanf(line, "%m[^/]/%c.%c %d %m[^\r\n]\r\n", + &protocol, &major, &minor, &code, &msg); +- +- DEBUG(11, ("%s: Header parsed(%i): protocol->%s, major->%c, minor->%c, " +- "code->%d, message->%s\n", __func__, n, protocol, major, minor, +- code, msg)); ++#endif + + if (n != 5) { + DEBUG(0, ("%s: Error parsing header\n", __func__)); +@@ -201,6 +223,10 @@ static bool http_parse_response_line(struct http_read_response_state *state) + goto error; + } + ++ DEBUG(11, ("%s: Header parsed(%i): protocol->%s, major->%c, minor->%c, " ++ "code->%d, message->%s\n", __func__, n, protocol, major, minor, ++ code, msg)); ++ + if (major != '1') { + DEBUG(0, ("%s: Bad HTTP major number '%c'\n", __func__, major)); + status = false; +diff --git a/source4/libcli/ldap/ldap_client.c b/source4/libcli/ldap/ldap_client.c +index 8614ccdfd54..2630d3c8859 100644 +--- a/source4/libcli/ldap/ldap_client.c ++++ b/source4/libcli/ldap/ldap_client.c +@@ -402,8 +402,20 @@ static int ldap_parse_basic_url( + *pport = port; + return 0; + } ++#ifdef FREEBSD ++ int s0, s1; s0 = s1 = 0; ++ ret = sscanf(url, "%n%*[^:/]%n:%d", &s0, &s1, &port); + ++ if(ret >= 0) { ++ host = calloc(sizeof(char), s1 - s0 + 1); ++ if (host == NULL) { ++ return ENOMEM; ++ } ++ ret = sscanf(url, "%[^:/]:%d", host, &port); ++ } ++#else + ret = sscanf(url, "%m[^:/]:%d", &host, &port); ++#endif + if (ret < 1) { + return EINVAL; + } +-- +2.37.1 + diff --git a/net/samba422/files/0009-Make-sure-that-config-checks-fail-if-the-warning-is-.patch b/net/samba422/files/0009-Make-sure-that-config-checks-fail-if-the-warning-is-.patch new file mode 100644 index 000000000000..eed200921c65 --- /dev/null +++ b/net/samba422/files/0009-Make-sure-that-config-checks-fail-if-the-warning-is-.patch @@ -0,0 +1,39 @@ +From 3189d57e9c6cf8d5d25566f2760cfa4f822d7a2c Mon Sep 17 00:00:00 2001 +From: "Timur I. Bakeyev" <timur@FreeBSD.org> +Date: Sun, 30 May 2021 03:21:19 +0200 +Subject: [PATCH 09/28] Make sure that config checks fail if the warning is + raised, by adding -Werror flag to the CFLAGS(WERROR_CFLAGS) + +Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org> +--- + buildtools/wafsamba/samba_autoconf.py | 2 +- + lib/replace/wscript | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/buildtools/wafsamba/samba_autoconf.py b/buildtools/wafsamba/samba_autoconf.py +index 78927d85193..cf87c8bb9ff 100644 +--- a/buildtools/wafsamba/samba_autoconf.py ++++ b/buildtools/wafsamba/samba_autoconf.py +@@ -987,5 +987,5 @@ def SAMBA_CHECK_UNDEFINED_SYMBOL_FLAGS(conf): + conf.env.undefined_ldflags = conf.ADD_LDFLAGS('-Wl,-no-undefined', testflags=True) + + if (conf.env.undefined_ignore_ldflags == [] and +- conf.CHECK_LDFLAGS(['-undefined', 'dynamic_lookup'])): ++ conf.CHECK_LDFLAGS(['-undefined', 'dynamic_lookup'] + conf.env.WERROR_CFLAGS)): + conf.env.undefined_ignore_ldflags = ['-undefined', 'dynamic_lookup'] +diff --git a/lib/replace/wscript b/lib/replace/wscript +index 0db93d8caf1..1f9806f1dd7 100644 +--- a/lib/replace/wscript ++++ b/lib/replace/wscript +@@ -122,7 +122,7 @@ def configure(conf): + conf.CHECK_HEADERS('sys/atomic.h stdatomic.h') + conf.CHECK_HEADERS('libgen.h') + +- if conf.CHECK_CFLAGS('-Wno-format-truncation'): ++ if conf.CHECK_CFLAGS(['-Wno-format-truncation'] + conf.env.WERROR_CFLAGS): + conf.define('HAVE_WNO_FORMAT_TRUNCATION', '1') + + if conf.CHECK_CFLAGS('-Wno-unused-function'): +-- +2.37.1 + diff --git a/net/samba422/files/0010-Add-option-with-pkgconfigdir-to-specify-alternative-.patch b/net/samba422/files/0010-Add-option-with-pkgconfigdir-to-specify-alternative-.patch new file mode 100644 index 000000000000..966af1c790f1 --- /dev/null +++ b/net/samba422/files/0010-Add-option-with-pkgconfigdir-to-specify-alternative-.patch @@ -0,0 +1,54 @@ +From 5b0d17a5b7849f40f59fb0daedd62e8f5a1b0fba Mon Sep 17 00:00:00 2001 +From: "Timur I. Bakeyev" <timur@FreeBSD.org> +Date: Sun, 30 May 2021 03:16:37 +0200 +Subject: [PATCH 10/28] Add option --with-pkgconfigdir, to specify alternative + location. + +Override name of the config file. + +Remove code that doesn't allow direct install into /usr + +Substitution: yes + +Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org> +--- + dynconfig/wscript | 9 ++++----- + 1 file changed, 4 insertions(+), 5 deletions(-) + +diff --git a/dynconfig/wscript b/dynconfig/wscript +index c62afa25399..29cacf1b92c 100644 +--- a/dynconfig/wscript ++++ b/dynconfig/wscript +@@ -151,6 +151,8 @@ dynconfig = { + 'PKGCONFIGDIR' : { + 'STD-PATH': '${LIBDIR}/pkgconfig', + 'FHS-PATH': '${LIBDIR}/pkgconfig', ++ 'OPTION': '--with-pkgconfigdir', ++ 'HELPTEXT': 'Where to put .pc files', + }, + 'CODEPAGEDIR' : { + 'STD-PATH': '${DATADIR}/codepages', +@@ -257,8 +259,8 @@ dynconfig = { + 'DELAY': True, + }, + 'CONFIGFILE' : { +- 'STD-PATH': '${CONFIGDIR}/smb.conf', +- 'FHS-PATH': '${CONFIGDIR}/smb.conf', ++ 'STD-PATH': '${CONFIGDIR}/%%SAMBA4_CONFIG%%', ++ 'FHS-PATH': '${CONFIGDIR}/%%SAMBA4_CONFIG%%', + 'DELAY': True, + }, + 'LMHOSTSFILE' : { +@@ -317,9 +319,6 @@ def configure(conf): + flavor = 'FHS-PATH' + else: + flavor = 'STD-PATH' +- if conf.env.PREFIX == '/usr' or conf.env.PREFIX == '/usr/local': +- Logs.error("Don't install directly under /usr or /usr/local without using the FHS option (--enable-fhs)") +- raise Errors.WafError("ERROR: invalid --prefix=%s value" % (conf.env.PREFIX)) + + explicit_set ={} + +-- +2.37.1 + diff --git a/net/samba422/files/0011-Use-provided-by-port-location-of-the-XML-catalog.patch b/net/samba422/files/0011-Use-provided-by-port-location-of-the-XML-catalog.patch new file mode 100644 index 000000000000..518da2e2f2ec --- /dev/null +++ b/net/samba422/files/0011-Use-provided-by-port-location-of-the-XML-catalog.patch @@ -0,0 +1,28 @@ +From 6c68907dcd9abd82cc95c842380a8e817b8f0e7f Mon Sep 17 00:00:00 2001 +From: "Timur I. Bakeyev" <timur@FreeBSD.org> +Date: Sun, 30 May 2021 02:54:28 +0200 +Subject: [PATCH 11/28] Use provided by port location of the XML catalog. + +Substitution: yes + +Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org> +--- + buildtools/wafsamba/wafsamba.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/buildtools/wafsamba/wafsamba.py b/buildtools/wafsamba/wafsamba.py +index 7885ee720be..c42a021bc01 100644 +--- a/buildtools/wafsamba/wafsamba.py ++++ b/buildtools/wafsamba/wafsamba.py +@@ -1174,7 +1174,7 @@ def SAMBAMANPAGES(bld, manpages, extra_source=None): + bld.env.SAMBA_EXPAND_XSL = bld.srcnode.abspath() + '/docs-xml/xslt/expand-sambadoc.xsl' + bld.env.SAMBA_MAN_XSL = bld.srcnode.abspath() + '/docs-xml/xslt/man.xsl' + bld.env.SAMBA_CATALOG = bld.bldnode.abspath() + '/docs-xml/build/catalog.xml' +- bld.env.SAMBA_CATALOGS = os.getenv('XML_CATALOG_FILES', 'file:///etc/xml/catalog file:///usr/local/share/xml/catalog') + ' file://' + bld.env.SAMBA_CATALOG ++ bld.env.SAMBA_CATALOGS = os.getenv('XML_CATALOG_FILES', 'file:///etc/xml/catalog file://%%LOCALBASE%%/share/xml/catalog') + ' file://' + bld.env.SAMBA_CATALOG + + for m in manpages.split(): + source = [m + '.xml'] +-- +2.37.1 + diff --git a/net/samba422/files/0012-Create-shared-libraries-according-to-the-FreeBSD-spe.patch b/net/samba422/files/0012-Create-shared-libraries-according-to-the-FreeBSD-spe.patch new file mode 100644 index 000000000000..240db55406c6 --- /dev/null +++ b/net/samba422/files/0012-Create-shared-libraries-according-to-the-FreeBSD-spe.patch @@ -0,0 +1,29 @@ +From 9731cc810b50b6694ff931135df398a6772200ae Mon Sep 17 00:00:00 2001 +From: "Timur I. Bakeyev" <timur@FreeBSD.org> +Date: Sun, 30 May 2021 02:51:47 +0200 +Subject: [PATCH 12/28] Create shared libraries according to the + FreeBSD-specific naming schema, where only major.minor versions are used. + +https://docs.freebsd.org/en/books/developers-handbook/policies/#policies-shlib + +Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org> +--- + buildtools/wafsamba/samba_install.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/buildtools/wafsamba/samba_install.py b/buildtools/wafsamba/samba_install.py +index 2957e16c3da..82abbf893e2 100644 +--- a/buildtools/wafsamba/samba_install.py ++++ b/buildtools/wafsamba/samba_install.py +@@ -115,7 +115,7 @@ def install_library(self): + inst_name = bld.make_libname(t.target) + elif self.vnum: + vnum_base = self.vnum.split('.')[0] +- install_name = bld.make_libname(target_name, version=self.vnum) ++ install_name = bld.make_libname(target_name, version=vnum_base) + install_link = bld.make_libname(target_name, version=vnum_base) + inst_name = bld.make_libname(t.target) + if not self.private_library or not t.env.SONAME_ST: +-- +2.37.1 + diff --git a/net/samba422/files/0014-Add-option-to-disable-CTDB-tests-failing-on-FreeBSD-.patch b/net/samba422/files/0014-Add-option-to-disable-CTDB-tests-failing-on-FreeBSD-.patch new file mode 100644 index 000000000000..32b02176de6b --- /dev/null +++ b/net/samba422/files/0014-Add-option-to-disable-CTDB-tests-failing-on-FreeBSD-.patch @@ -0,0 +1,77 @@ +From 2f16c17b683655fe318a1e6d45aaad3857d1a512 Mon Sep 17 00:00:00 2001 +From: "Timur I. Bakeyev" <timur@FreeBSD.org> +Date: Mon, 31 May 2021 00:35:36 +0200 +Subject: [PATCH 14/28] Add option to disable CTDB tests - failing on FreeBSD + right now in too many places. + +Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org> +--- + ctdb/wscript | 24 ++++++++++++++++++------ + 1 file changed, 18 insertions(+), 6 deletions(-) + +diff --git a/ctdb/wscript b/ctdb/wscript +index a9fef9241aa..c89c6decdd7 100644 +--- a/ctdb/wscript ++++ b/ctdb/wscript +@@ -106,6 +106,9 @@ def options(opt): + opt.add_option('--enable-ceph-reclock', + help=("Enable Ceph CTDB recovery lock helper (default=no)"), + action="store_true", dest='ctdb_ceph_reclock', default=False) ++ opt.add_option('--disable-ctdb-tests', ++ help=("Disable CTDB tests (default=no)"), ++ action="store_true", dest='ctdb_no_tests', default=False) + + opt.add_option('--with-logdir', + help=("Path to log directory"), +@@ -278,7 +281,7 @@ def configure(conf): + + if Options.options.ctdb_ceph_reclock: + if (conf.CHECK_HEADERS('rados/librados.h', False, False, 'rados') and +- conf.CHECK_LIB('rados', shlib=True)): ++ conf.CHECK_LIB('rados', shlib=True)): + Logs.info('Building with Ceph librados recovery lock support') + conf.define('HAVE_LIBRADOS', 1) + else: +@@ -317,8 +320,14 @@ def configure(conf): + conf.env.CTDB_VARDIR, + conf.env.CTDB_RUNDIR)) + +- conf.env.CTDB_TEST_DATADIR = os.path.join(conf.env.CTDB_DATADIR, 'tests') +- conf.env.CTDB_TEST_LIBEXECDIR = os.path.join(conf.env.LIBEXECDIR, 'ctdb/tests') ++ if Options.options.ctdb_no_tests: ++ conf.env.ctdb_tests = False ++ else: ++ conf.env.ctdb_tests = True ++ ++ if conf.env.ctdb_tests: ++ conf.env.CTDB_TEST_DATADIR = os.path.join(conf.env.CTDB_DATADIR, 'tests') ++ conf.env.CTDB_TEST_LIBEXECDIR = os.path.join(conf.env.LIBEXECDIR, 'ctdb/tests') + + # Allow unified compilation and separate compilation of utilities + # to find includes +@@ -706,9 +715,9 @@ def build(bld): + if bld.env.HAVE_LIBRADOS: + bld.SAMBA_BINARY('ctdb_mutex_ceph_rados_helper', + source='utils/ceph/ctdb_mutex_ceph_rados_helper.c', +- deps='talloc tevent rados', +- includes='include', +- install_path='${CTDB_HELPER_BINDIR}') ++ deps='talloc tevent rados', ++ includes='include', ++ install_path='${CTDB_HELPER_BINDIR}') + + sed_expr1 = 's|/usr/local/var/lib/ctdb|%s|g' % (bld.env.CTDB_VARDIR) + sed_expr2 = 's|/usr/local/etc/ctdb|%s|g' % (bld.env.CTDB_ETCDIR) +@@ -885,6 +894,9 @@ def build(bld): + for d in ['volatile', 'persistent', 'state']: + bld.INSTALL_DIR(os.path.join(bld.env.CTDB_VARDIR, d)) + ++ if not bld.env.ctdb_tests: ++ return ++ + # + # Test-only below this point + # +-- +2.37.1 + diff --git a/net/samba422/files/0015-Add-extra-debug-class-to-trck-down-DB-locking-code.patch b/net/samba422/files/0015-Add-extra-debug-class-to-trck-down-DB-locking-code.patch new file mode 100644 index 000000000000..30b6a7a34a6e --- /dev/null +++ b/net/samba422/files/0015-Add-extra-debug-class-to-trck-down-DB-locking-code.patch @@ -0,0 +1,132 @@ +From 08e648c899e5023f337d2fa56e4e758f62f31ec4 Mon Sep 17 00:00:00 2001 +From: "Timur I. Bakeyev" <timur@FreeBSD.org> +Date: Mon, 31 May 2021 00:38:38 +0200 +Subject: [PATCH 15/28] Add extra debug class to trck down DB locking code. + +Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org> +--- + lib/dbwrap/dbwrap.c | 3 +++ + lib/dbwrap/dbwrap_local_open.c | 3 +++ + lib/dbwrap/dbwrap_rbt.c | 3 +++ + lib/dbwrap/dbwrap_tdb.c | 3 +++ + lib/dbwrap/dbwrap_util.c | 3 +++ + source3/lib/dbwrap/dbwrap_ctdb.c | 3 +++ + source3/lib/dbwrap/dbwrap_open.c | 3 +++ + source3/lib/dbwrap/dbwrap_watch.c | 3 +++ + 8 files changed, 24 insertions(+) + +diff --git a/lib/dbwrap/dbwrap.c b/lib/dbwrap/dbwrap.c +index 7555efaa3ab..51f58fea851 100644 +--- a/lib/dbwrap/dbwrap.c ++++ b/lib/dbwrap/dbwrap.c +@@ -28,6 +28,9 @@ + #include "lib/util/util_tdb.h" + #include "lib/util/tevent_ntstatus.h" + ++#undef DBGC_CLASS ++#define DBGC_CLASS DBGC_LOCKING ++ + /* + * Fall back using fetch if no genuine exists operation is provided + */ +diff --git a/lib/dbwrap/dbwrap_local_open.c b/lib/dbwrap/dbwrap_local_open.c +index 20c5fa0e1d2..b834bbd0e41 100644 +--- a/lib/dbwrap/dbwrap_local_open.c ++++ b/lib/dbwrap/dbwrap_local_open.c +@@ -23,6 +23,9 @@ + #include "dbwrap/dbwrap_tdb.h" + #include "tdb.h" + ++#undef DBGC_CLASS ++#define DBGC_CLASS DBGC_LOCKING ++ + struct db_context *dbwrap_local_open(TALLOC_CTX *mem_ctx, + const char *name, + int hash_size, int tdb_flags, +diff --git a/lib/dbwrap/dbwrap_rbt.c b/lib/dbwrap/dbwrap_rbt.c +index db456dfffba..483558a6dc7 100644 +--- a/lib/dbwrap/dbwrap_rbt.c ++++ b/lib/dbwrap/dbwrap_rbt.c +@@ -24,6 +24,9 @@ + #include "../lib/util/rbtree.h" + #include "../lib/util/dlinklist.h" + ++#undef DBGC_CLASS ++#define DBGC_CLASS DBGC_LOCKING ++ + #define DBWRAP_RBT_ALIGN(_size_) (((_size_)+15)&~15) + + struct db_rbt_ctx { +diff --git a/lib/dbwrap/dbwrap_tdb.c b/lib/dbwrap/dbwrap_tdb.c +index 6cd95fa25ad..4a75cd80256 100644 +--- a/lib/dbwrap/dbwrap_tdb.c ++++ b/lib/dbwrap/dbwrap_tdb.c +@@ -29,6 +29,9 @@ + #include "lib/param/param.h" + #include "libcli/util/error.h" + ++#undef DBGC_CLASS ++#define DBGC_CLASS DBGC_LOCKING ++ + struct db_tdb_ctx { + struct tdb_wrap *wtdb; + +diff --git a/lib/dbwrap/dbwrap_util.c b/lib/dbwrap/dbwrap_util.c +index df6dea40097..465814f0952 100644 +--- a/lib/dbwrap/dbwrap_util.c ++++ b/lib/dbwrap/dbwrap_util.c +@@ -26,6 +26,9 @@ + #include "dbwrap.h" + #include "lib/util/util_tdb.h" + ++#undef DBGC_CLASS ++#define DBGC_CLASS DBGC_LOCKING ++ + struct dbwrap_fetch_int32_state { + NTSTATUS status; + int32_t result; +diff --git a/source3/lib/dbwrap/dbwrap_ctdb.c b/source3/lib/dbwrap/dbwrap_ctdb.c +index 0907089164a..9fc771d1217 100644 +--- a/source3/lib/dbwrap/dbwrap_ctdb.c ++++ b/source3/lib/dbwrap/dbwrap_ctdb.c +@@ -38,6 +38,9 @@ + #include "lib/cluster_support.h" + #include "lib/util/tevent_ntstatus.h" + ++#undef DBGC_CLASS ++#define DBGC_CLASS DBGC_LOCKING ++ + struct db_ctdb_transaction_handle { + struct db_ctdb_ctx *ctx; + /* +diff --git a/source3/lib/dbwrap/dbwrap_open.c b/source3/lib/dbwrap/dbwrap_open.c +index 52c8a94aeff..caefb579058 100644 +--- a/source3/lib/dbwrap/dbwrap_open.c ++++ b/source3/lib/dbwrap/dbwrap_open.c +@@ -31,6 +31,9 @@ + #include "ctdbd_conn.h" + #include "global_contexts.h" + ++#undef DBGC_CLASS ++#define DBGC_CLASS DBGC_LOCKING ++ + bool db_is_local(const char *name) + { + const char *sockname = lp_ctdbd_socket(); +diff --git a/source3/lib/dbwrap/dbwrap_watch.c b/source3/lib/dbwrap/dbwrap_watch.c +index 17a52de37cc..77f7b178229 100644 +--- a/source3/lib/dbwrap/dbwrap_watch.c ++++ b/source3/lib/dbwrap/dbwrap_watch.c +@@ -28,6 +28,9 @@ + #include "server_id_watch.h" + #include "lib/dbwrap/dbwrap_private.h" + ++#undef DBGC_CLASS ++#define DBGC_CLASS DBGC_LOCKING ++ + struct dbwrap_watcher { + /* + * Process watching this record +-- +2.37.1 + diff --git a/net/samba422/files/0016-Make-ldb_schema_attribute_compare-a-stable-comparisi.patch b/net/samba422/files/0016-Make-ldb_schema_attribute_compare-a-stable-comparisi.patch new file mode 100644 index 000000000000..3449ab2d17d9 --- /dev/null +++ b/net/samba422/files/0016-Make-ldb_schema_attribute_compare-a-stable-comparisi.patch @@ -0,0 +1,29 @@ +From 2b3ee747cdf83b80d07aaf1b261956bc9894ff36 Mon Sep 17 00:00:00 2001 +From: "Timur I. Bakeyev" <timur@FreeBSD.org> +Date: Thu, 8 Sep 2022 00:06:37 +0200 +Subject: [PATCH 16/28] Make ldb_schema_attribute_compare() a stable + comparision function. + +Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org> +--- + lib/ldb/ldb_key_value/ldb_kv_cache.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/lib/ldb/ldb_key_value/ldb_kv_cache.c b/lib/ldb/ldb_key_value/ldb_kv_cache.c +index 4a3c9f29020..cb200aeb9ba 100644 +--- a/lib/ldb/ldb_key_value/ldb_kv_cache.c ++++ b/lib/ldb/ldb_key_value/ldb_kv_cache.c +@@ -92,7 +92,9 @@ static int ldb_schema_attribute_compare(const void *p1, const void *p2) + { + const struct ldb_schema_attribute *sa1 = (const struct ldb_schema_attribute *)p1; + const struct ldb_schema_attribute *sa2 = (const struct ldb_schema_attribute *)p2; +- return ldb_attr_cmp(sa1->name, sa2->name); ++ int res = ldb_attr_cmp(sa1->name, sa2->name); ++ ++ return (res) ? res : (sa1->flags > sa2->flags) ? 1 : (sa1->flags < sa2->flags) ? -1 : 0; + } + + /* +-- +2.37.1 + diff --git a/net/samba422/files/0017-Use-arc4random-when-available-to-generate-random-tal.patch b/net/samba422/files/0017-Use-arc4random-when-available-to-generate-random-tal.patch new file mode 100644 index 000000000000..a7e7c7d99dbe --- /dev/null +++ b/net/samba422/files/0017-Use-arc4random-when-available-to-generate-random-tal.patch @@ -0,0 +1,49 @@ +From 42c9490dd346ee2f4369cbed4c37cb43f06e5d19 Mon Sep 17 00:00:00 2001 +From: "Timur I. Bakeyev" <timur@FreeBSD.org> +Date: Wed, 7 Sep 2022 23:52:43 +0200 +Subject: [PATCH 17/28] Use arc4random() when available to generate random + talloc slab signature. + +Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org> +--- + lib/talloc/talloc.c | 4 ++++ + lib/talloc/wscript | 1 + + 2 files changed, 5 insertions(+) + +diff --git a/lib/talloc/talloc.c b/lib/talloc/talloc.c +index 29da190880a..79c76fd9e35 100644 +--- a/lib/talloc/talloc.c ++++ b/lib/talloc/talloc.c +@@ -397,6 +397,9 @@ void talloc_lib_init(void) CONSTRUCTOR; + void talloc_lib_init(void) + { + uint32_t random_value; ++#if defined(HAVE_ARC4RANDOM) ++ random_value = arc4random(); ++#else + #if defined(HAVE_GETAUXVAL) && defined(AT_RANDOM) + uint8_t *p; + /* +@@ -430,6 +433,7 @@ void talloc_lib_init(void) + */ + random_value = ((uintptr_t)talloc_lib_init & 0xFFFFFFFF); + } ++#endif /* HAVE_ARC4RANDOM */ + talloc_magic = random_value & ~TALLOC_FLAG_MASK; + } + #else +diff --git a/lib/talloc/wscript b/lib/talloc/wscript +index f0c266a7878..c75ec0505df 100644 +--- a/lib/talloc/wscript ++++ b/lib/talloc/wscript +@@ -52,6 +52,7 @@ def configure(conf): + + conf.CHECK_HEADERS('sys/auxv.h') + conf.CHECK_FUNCS('getauxval') ++ conf.CHECK_FUNCS('arc4random') + + conf.SAMBA_CONFIG_H() + +-- +2.37.1 + diff --git a/net/samba422/files/0018-Add-configuration-option-that-allows-to-choose-alter.patch b/net/samba422/files/0018-Add-configuration-option-that-allows-to-choose-alter.patch new file mode 100644 index 000000000000..5f5aa4af3a96 --- /dev/null +++ b/net/samba422/files/0018-Add-configuration-option-that-allows-to-choose-alter.patch @@ -0,0 +1,65 @@ +From b81d399aa6d9e2bdbb9db0efa8109c41aad4d025 Mon Sep 17 00:00:00 2001 +From: "Timur I. Bakeyev" <timur@FreeBSD.org> +Date: Mon, 31 May 2021 02:49:20 +0200 +Subject: [PATCH 18/28] Add configuration option that allows to choose + alternative mDNS implementation dns_sd library. + +Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org> +--- + source3/wscript | 12 ++++++++++++ + source3/wscript_build | 2 ++ + 2 files changed, 14 insertions(+) + +diff --git a/source3/wscript b/source3/wscript +index 2121b8b6510..6209472c6c8 100644 +--- a/source3/wscript ++++ b/source3/wscript +@@ -70,6 +70,7 @@ def options(opt): + opt.samba_add_onoff_option('sendfile-support', default=None) + opt.samba_add_onoff_option('utmp') + opt.samba_add_onoff_option('avahi', with_name="enable", without_name="disable") ++ opt.samba_add_onoff_option('dnssd', with_name="enable", without_name="disable") + opt.samba_add_onoff_option('iconv') + opt.samba_add_onoff_option('acl-support') + opt.samba_add_onoff_option('syslog') +@@ -855,6 +856,17 @@ msg.msg_accrightslen = sizeof(fd); + conf.SET_TARGET_TYPE('avahi-common', 'EMPTY') + conf.SET_TARGET_TYPE('avahi-client', 'EMPTY') + ++ if Options.options.with_dnssd: ++ conf.env.with_dnssd = True ++ if not conf.CHECK_HEADERS('dns_sd.h'): ++ conf.env.with_dnssd = False ++ if not conf.CHECK_FUNCS_IN('DNSServiceRegister', 'dns_sd'): ++ conf.env.with_dnssd = False ++ if conf.env.with_dnssd: ++ conf.DEFINE('WITH_DNSSD_SUPPORT', 1) ++ else: ++ conf.SET_TARGET_TYPE('dns_sd', 'EMPTY') ++ + if Options.options.with_iconv: + conf.env.with_iconv = True + if not conf.CHECK_FUNCS_IN('iconv_open', 'iconv', headers='iconv.h'): +diff --git a/source3/wscript_build b/source3/wscript_build +index 5cf965dc45d..edd7985e648 100644 +--- a/source3/wscript_build ++++ b/source3/wscript_build +@@ -709,6 +709,7 @@ bld.SAMBA3_LIBRARY('smbd_base', + samba3core + param_service + AVAHI ++ dns_sd + PROFILE + LOCKING + LIBADS_SERVER +@@ -1128,6 +1129,7 @@ bld.SAMBA3_BINARY('client/smbclient', + msrpc3 + RPC_NDR_SRVSVC + cli_smb_common ++ dns_sd + archive + ''') + +-- +2.37.1 + diff --git a/net/samba422/files/0019-From-923bc7a1afeb0b920e60e14846987ae1d2d7dca4-Mon-Se.patch b/net/samba422/files/0019-From-923bc7a1afeb0b920e60e14846987ae1d2d7dca4-Mon-Se.patch new file mode 100644 index 000000000000..551acb212f55 --- /dev/null +++ b/net/samba422/files/0019-From-923bc7a1afeb0b920e60e14846987ae1d2d7dca4-Mon-Se.patch @@ -0,0 +1,544 @@ +From 5aabf82dfaf325bf682db85d80476224e7005a41 Mon Sep 17 00:00:00 2001 +From: "Timur I. Bakeyev" <timur@FreeBSD.org> +Date: Mon, 31 May 2021 00:46:16 +0200 +Subject: [PATCH 19/28] From 923bc7a1afeb0b920e60e14846987ae1d2d7dca4 Mon Sep + 17 00:00:00 2001 From: John Hixson <john@ixsystems.com> Date: Thu, 7 Dec 2017 + 09:36:32 -0500 Subject: [PATCH] Freenas/master mdns fixes (#22) + +* mDNS fixes for Samba (work in progress). +* Fix mDNS - Can advertise on individual interfaces +* Fix mDNS browsing in smbclient + +Signed-off-by: Timur I. Bakeyev <timur@iXsystems.com> +Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org> +--- + source3/client/dnsbrowse.c | 19 +- + source3/smbd/dnsregister.c | 354 ++++++++++++++++++++++++++++++------- + 2 files changed, 299 insertions(+), 74 deletions(-) + +diff --git a/source3/client/dnsbrowse.c b/source3/client/dnsbrowse.c +index be6eb881cf1..83aef966d2a 100644 +--- a/source3/client/dnsbrowse.c ++++ b/source3/client/dnsbrowse.c +@@ -39,6 +39,7 @@ struct mdns_smbsrv_result + struct mdns_browse_state + { + struct mdns_smbsrv_result *listhead; /* Browse result list head */ ++ TALLOC_CTX * ctx; + int browseDone; + + }; +@@ -64,7 +65,7 @@ static void do_smb_resolve(struct mdns_smbsrv_result *browsesrv) + struct timeval tv; + DNSServiceErrorType err; + +- TALLOC_CTX * ctx = talloc_tos(); ++ TALLOC_CTX * ctx = talloc_new(NULL); + + err = DNSServiceResolve(&mdns_conn_sdref, 0 /* flags */, + browsesrv->ifIndex, +@@ -91,7 +92,7 @@ static void do_smb_resolve(struct mdns_smbsrv_result *browsesrv) + } + } + +- TALLOC_FREE(fdset); ++ TALLOC_FREE(ctx); + DNSServiceRefDeallocate(mdns_conn_sdref); + } + +@@ -124,18 +125,19 @@ do_smb_browse_reply(DNSServiceRef sdRef, DNSServiceFlags flags, + return; + } + +- bresult = talloc_array(talloc_tos(), struct mdns_smbsrv_result, 1); ++ bresult = talloc_array(bstatep->ctx, struct mdns_smbsrv_result, 1); + if (bresult == NULL) { + return; + } + ++ bresult->nextResult = NULL; + if (bstatep->listhead != NULL) { + bresult->nextResult = bstatep->listhead; + } + +- bresult->serviceName = talloc_strdup(talloc_tos(), serviceName); +- bresult->regType = talloc_strdup(talloc_tos(), regtype); +- bresult->domain = talloc_strdup(talloc_tos(), replyDomain); ++ bresult->serviceName = talloc_strdup(bstatep->ctx, serviceName); ++ bresult->regType = talloc_strdup(bstatep->ctx, regtype); ++ bresult->domain = talloc_strdup(bstatep->ctx, replyDomain); + bresult->ifIndex = interfaceIndex; + bstatep->listhead = bresult; + } +@@ -151,10 +153,13 @@ int do_smb_browse(void) + DNSServiceRef mdns_conn_sdref = NULL; + DNSServiceErrorType err; + +- TALLOC_CTX * ctx = talloc_stackframe(); ++ TALLOC_CTX * ctx = talloc_new(NULL); + + ZERO_STRUCT(bstate); + ++ bstate.ctx = ctx; ++ bstate.listhead = NULL; ++ + err = DNSServiceBrowse(&mdns_conn_sdref, 0, 0, "_smb._tcp", "", + do_smb_browse_reply, &bstate); + +diff --git a/source3/smbd/dnsregister.c b/source3/smbd/dnsregister.c +index df189001a09..389a4278f64 100644 +--- a/source3/smbd/dnsregister.c ++++ b/source3/smbd/dnsregister.c +@@ -29,6 +29,29 @@ + * browse for advertised SMB services. + */ + ++/* ++ * Time Machine Errata: ++ * sys=adVF=0x100 -- this is required when ._adisk._tcp is present on device. When it is ++ * set, the MacOS client will send a NetShareEnumAll IOCTL and shares will be visible. ++ * Otherwise, Finder will only see the Time Machine share. In the absence of ._adisk._tcp ++ * MacOS will _always_ send NetShareEnumAll IOCTL. ++ * ++ * waMa=0 -- MacOS server uses waMa=0, while embedded devices have it set to their Mac Address. ++ * Speculation in Samba-Technical indicates that this stands for "Wireless AirDisk Mac Address". ++ * ++ * adVU -- AirDisk Volume UUID. Mac OS servers generate a UUID. Time machine over SMB works without one ++ * set. Netatalk generates a UUID and stores it persistently in afp_voluuid.conf. This can be ++ * set by adding the share parameter "fruit:volume_uuid = " ++ * ++ * dk(n)=adVF= ++ * 0xa1, 0x81 - AFP support ++ * 0xa2, 0x82 - SMB support ++ * 0xa3, 0x83 - AFP and SMB support ++ * ++ * adVN -- AirDisk Volume Name. We set this to the share name. ++ * ++ */ ++ + #define DNS_REG_RETRY_INTERVAL (5*60) /* in seconds */ + + #ifdef WITH_DNSSD_SUPPORT +@@ -36,85 +59,177 @@ + #include <dns_sd.h> + + struct dns_reg_state { +- struct tevent_context *event_ctx; +- uint16_t port; +- DNSServiceRef srv_ref; +- struct tevent_timer *te; +- int fd; +- struct tevent_fd *fde; ++ int count; ++ struct reg_state { ++ DNSServiceRef srv_ref; ++ TALLOC_CTX *mem_ctx; ++ struct tevent_context *event_ctx; ++ struct tevent_timer *te; ++ struct tevent_fd *fde; ++ uint16_t port; ++ int if_index; ++ int fd; ++ } *drs; + }; + +-static int dns_reg_state_destructor(struct dns_reg_state *dns_state) ++static void dns_register_smbd_retry(struct tevent_context *ctx, ++ struct tevent_timer *te, ++ struct timeval now, ++ void *private_data); ++static void dns_register_smbd_fde_handler(struct tevent_context *ev, ++ struct tevent_fd *fde, ++ uint16_t flags, ++ void *private_data); ++ ++ ++static int reg_state_destructor(struct reg_state *state) + { +- if (dns_state->srv_ref != NULL) { ++ if (state == NULL) { ++ return -1; ++ } ++ ++ if (state->srv_ref != NULL) { + /* Close connection to the mDNS daemon */ +- DNSServiceRefDeallocate(dns_state->srv_ref); +- dns_state->srv_ref = NULL; ++ DNSServiceRefDeallocate(state->srv_ref); ++ state->srv_ref = NULL; + } + + /* Clear event handler */ +- TALLOC_FREE(dns_state->te); +- TALLOC_FREE(dns_state->fde); +- dns_state->fd = -1; ++ TALLOC_FREE(state->te); ++ TALLOC_FREE(state->fde); ++ state->fd = -1; + + return 0; + } + +-static void dns_register_smbd_retry(struct tevent_context *ctx, +- struct tevent_timer *te, +- struct timeval now, +- void *private_data); +-static void dns_register_smbd_fde_handler(struct tevent_context *ev, +- struct tevent_fd *fde, +- uint16_t flags, +- void *private_data); ++int TXTRecordPrintf(TXTRecordRef * rec, const char * key, const char * fmt, ... ) ++{ ++ int ret = 0; ++ char *str; ++ va_list ap; ++ va_start( ap, fmt ); ++ ++ if( 0 > vasprintf(&str, fmt, ap ) ) { ++ va_end(ap); ++ return -1; ++ } ++ va_end(ap); ++ ++ if( kDNSServiceErr_NoError != TXTRecordSetValue(rec, key, strlen(str), str) ) { ++ ret = -1; ++ } ++ ++ free(str); ++ return ret; ++} ++ ++int TXTRecordKeyPrintf(TXTRecordRef * rec, const char * key_fmt, int key_var, const char * fmt, ...) ++{ ++ int ret = 0; ++ char *key = NULL, *str = NULL; ++ va_list ap; ++ ++ if( 0 > asprintf(&key, key_fmt, key_var)) { ++ DEBUG(1, ("Failed in asprintf\n")); ++ return -1; ++ } + +-static bool dns_register_smbd_schedule(struct dns_reg_state *dns_state, ++ va_start( ap, fmt ); ++ if( 0 > vasprintf(&str, fmt, ap )) { ++ va_end(ap); ++ DEBUG(1, ("Failed in vasprintf\n")); ++ ret = -1; ++ goto exit; ++ } ++ va_end(ap); ++ ++ if( kDNSServiceErr_NoError != TXTRecordSetValue(rec, key, strlen(str), str) ) { ++ DEBUG(1, ("Failed in TXTRecordSetValuen")); ++ ret = -1; ++ goto exit; ++ } ++ ++ exit: ++ if (str) ++ free(str); ++ if (key) ++ free(key); ++ return ret; ++} ++ ++ ++static bool dns_register_smbd_schedule(struct reg_state *state, + struct timeval tval) + { +- dns_reg_state_destructor(dns_state); ++ reg_state_destructor(state); + +- dns_state->te = tevent_add_timer(dns_state->event_ctx, +- dns_state, ++ state->te = tevent_add_timer(state->event_ctx, ++ state->mem_ctx, + tval, + dns_register_smbd_retry, +- dns_state); +- if (!dns_state->te) { ++ state); ++ if (!state->te) { + return false; + } + + return true; + } + ++static void dns_register_smbd_callback(DNSServiceRef service, ++ DNSServiceFlags flags, ++ DNSServiceErrorType errorCode, ++ const char *name, ++ const char *type, ++ const char *domain, ++ void *context) ++{ ++ if (errorCode != kDNSServiceErr_NoError) { ++ DEBUG(6, ("error=%d\n", errorCode)); ++ } else { ++ DEBUG(6, ("%-15s %s.%s%s\n", "REGISTER", name, type, domain)); ++ } ++} ++ + static void dns_register_smbd_retry(struct tevent_context *ctx, + struct tevent_timer *te, + struct timeval now, + void *private_data) + { +- struct dns_reg_state *dns_state = talloc_get_type_abort(private_data, +- struct dns_reg_state); ++ struct reg_state *state = (struct reg_state *)private_data; + DNSServiceErrorType err; ++ int snum; ++ size_t dk = 0; ++ bool sys_txt_created = false; ++ TXTRecordRef txt_adisk; ++ TXTRecordRef txt_devinfo; ++ char *servname; ++ char *v_uuid; ++ int num_services = lp_numservices(); ++ ++ reg_state_destructor(state); + +- dns_reg_state_destructor(dns_state); ++ TXTRecordCreate(&txt_adisk, 0, NULL); + +- DEBUG(6, ("registering _smb._tcp service on port %d\n", +- dns_state->port)); ++ DEBUG(6, ("registering _smb._tcp service on port %d index %d\n", ++ state->port, state->if_index)); + + /* Register service with DNS. Connects with the mDNS + * daemon running on the local system to perform DNS + * service registration. + */ +- err = DNSServiceRegister(&dns_state->srv_ref, 0 /* flags */, +- kDNSServiceInterfaceIndexAny, +- NULL /* service name */, +- "_smb._tcp" /* service type */, +- NULL /* domain */, +- "" /* SRV target host name */, +- htons(dns_state->port), +- 0 /* TXT record len */, +- NULL /* TXT record data */, +- NULL /* callback func */, +- NULL /* callback context */); ++ err = DNSServiceRegister(&state->srv_ref, ++ 0 /* flags */, ++ state->if_index /* interface index */, ++ NULL /* service name */, ++ "_smb._tcp" /* service type */, ++ NULL /* domain */, ++ "" /* SRV target host name */, ++ htons(state->port) /* port */, ++ 0 /* TXT record len */, ++ NULL /* TXT record data */, ++ dns_register_smbd_callback /* callback func */, ++ NULL /* callback context */); ++ + + if (err != kDNSServiceErr_NoError) { + /* Failed to register service. Schedule a re-try attempt. +@@ -123,24 +238,96 @@ static void dns_register_smbd_retry(struct tevent_context *ctx, + goto retry; + } + +- dns_state->fd = DNSServiceRefSockFD(dns_state->srv_ref); +- if (dns_state->fd == -1) { ++ /* ++ * Check for services that are configured as Time Machine targets ++ * ++ */ ++ for (snum = 0; snum < num_services; snum++) { ++ if (lp_snum_ok(snum) && lp_parm_bool(snum, "fruit", "time machine", false)) ++ { ++ if (!sys_txt_created) { ++ if( 0 > TXTRecordPrintf(&txt_adisk, "sys", "adVF=0x100") ) { ++ DEBUG(1, ("Failed to create Zeroconf TXTRecord for sys") ); ++ goto retry; ++ } ++ else ++ { ++ sys_txt_created = true; ++ } ++ } ++ ++ v_uuid = lp_parm_const_string(snum, "fruit", "volume_uuid", NULL); ++ servname = lp_const_servicename(snum); ++ DEBUG(1, ("Registering volume %s for TimeMachine\n", servname)); ++ if (v_uuid) { ++ if( 0 > TXTRecordKeyPrintf(&txt_adisk, "dk%zu", dk++, "adVN=%s,adVF=0x82,adVU=%s", ++ servname, v_uuid) ) { ++ DEBUG(1, ("Could not set Zeroconf TXTRecord for dk%zu \n", dk)); ++ goto retry; ++ } ++ DEBUG(1, ("Registering TimeMachine with the following TXT parameters: " ++ "dk%zu,adVN=%s,adVF=0x82,adVU=%s\n", dk, servname, v_uuid) ); ++ } ++ else { ++ if( 0 > TXTRecordKeyPrintf(&txt_adisk, "dk%zu", dk++, "adVN=%s,adVF=0x82", ++ servname) ) { ++ DEBUG(1, ("Could not set Zeroconf TXTRecord for dk%zu \n", dk)); ++ goto retry; ++ } ++ DEBUG(1, ("Registering TimeMachine with the following TXT parameters: " ++ "dk%zu,adVN=%s,adVF=0x82\n", dk, servname) ); ++ } ++ } ++ } ++ ++ if (dk) { ++ err = DNSServiceRegister(&state->srv_ref, ++ 0 /* flags */, ++ state->if_index /* interface index */, ++ NULL /* service name */, ++ "_adisk._tcp" /* service type */, ++ NULL /* domain */, ++ "" /* SRV target host name */, ++ /* ++ * We would probably use port 0 zero, but we can't, from man DNSServiceRegister: ++ * "A value of 0 for a port is passed to register placeholder services. ++ * Place holder services are not found when browsing, but other ++ * clients cannot register with the same name as the placeholder service." ++ * We therefor use port 9 which is used by the adisk service type. ++ */ ++ htons(9) /* port */, ++ TXTRecordGetLength(&txt_adisk) /* TXT record len */, ++ TXTRecordGetBytesPtr(&txt_adisk) /* TXT record data */, ++ dns_register_smbd_callback /* callback func */, ++ NULL /* callback context */); ++ ++ ++ if (err != kDNSServiceErr_NoError) { ++ /* Failed to register service. Schedule a re-try attempt. ++ */ ++ DEBUG(1, ("unable to register with mDNS (err %d)\n", err)); ++ goto retry; ++ } ++ } ++ ++ state->fd = DNSServiceRefSockFD(state->srv_ref); ++ if (state->fd == -1) { + goto retry; + } + +- dns_state->fde = tevent_add_fd(dns_state->event_ctx, +- dns_state, +- dns_state->fd, +- TEVENT_FD_READ, +- dns_register_smbd_fde_handler, +- dns_state); +- if (!dns_state->fde) { ++ state->fde = tevent_add_fd(state->event_ctx, ++ state->mem_ctx, ++ state->fd, ++ TEVENT_FD_READ, ++ dns_register_smbd_fde_handler, ++ state); ++ if (!state->fde) { + goto retry; + } + + return; + retry: +- dns_register_smbd_schedule(dns_state, ++ dns_register_smbd_schedule(state, + timeval_current_ofs(DNS_REG_RETRY_INTERVAL, 0)); + } + +@@ -150,44 +337,77 @@ static void dns_register_smbd_fde_handler(struct tevent_context *ev, + uint16_t flags, + void *private_data) + { +- struct dns_reg_state *dns_state = talloc_get_type_abort(private_data, +- struct dns_reg_state); ++ struct reg_state *state = (struct reg_state *)private_data; + DNSServiceErrorType err; + +- err = DNSServiceProcessResult(dns_state->srv_ref); ++ err = DNSServiceProcessResult(state->srv_ref); + if (err != kDNSServiceErr_NoError) { +- DEBUG(3, ("failed to process mDNS result (err %d), re-trying\n", +- err)); ++ DEBUG(3, ("failed to process mDNS result (err %d), re-trying\n", err)); + goto retry; + } + +- talloc_free(dns_state); + return; + + retry: +- dns_register_smbd_schedule(dns_state, +- timeval_current_ofs(DNS_REG_RETRY_INTERVAL, 0)); ++ dns_register_smbd_schedule(state, timeval_zero()); + } + ++static int dns_reg_state_destructor(struct dns_reg_state *state) ++{ ++ if (state != NULL) { ++ talloc_free(state); ++ } ++ return 0; ++} ++ ++ + bool smbd_setup_mdns_registration(struct tevent_context *ev, + TALLOC_CTX *mem_ctx, + uint16_t port) + { + struct dns_reg_state *dns_state; ++ bool bind_all = true; ++ int i; + + dns_state = talloc_zero(mem_ctx, struct dns_reg_state); +- if (dns_state == NULL) { ++ if (dns_state == NULL) ++ return false; ++ ++ if (lp_interfaces() && lp_bind_interfaces_only()) ++ bind_all = false; ++ ++ dns_state->count = iface_count(); ++ if (dns_state->count <= 0 || bind_all == true) ++ dns_state->count = 1; ++ ++ dns_state->drs = talloc_array(mem_ctx, struct reg_state, dns_state->count); ++ if (dns_state->drs == NULL) { ++ talloc_free(dns_state); + return false; + } +- dns_state->event_ctx = ev; +- dns_state->port = port; +- dns_state->fd = -1; + +- talloc_set_destructor(dns_state, dns_reg_state_destructor); ++ for (i = 0; i < dns_state->count; i++) { ++ struct interface *iface = get_interface(i); ++ struct reg_state *state = &dns_state->drs[i]; ++ ++ state->mem_ctx = mem_ctx; ++ state->srv_ref = NULL; ++ state->event_ctx = ev; ++ state->te = NULL; ++ state->fde = NULL; ++ state->port = port; ++ state->fd = -1; + +- return dns_register_smbd_schedule(dns_state, timeval_zero()); ++ state->if_index = bind_all ? kDNSServiceInterfaceIndexAny : iface->if_index; ++ ++ dns_register_smbd_schedule(&dns_state->drs[i], timeval_zero()); ++ } ++ ++ talloc_set_destructor(dns_state, dns_reg_state_destructor); ++ return true; + } + ++ + #else /* WITH_DNSSD_SUPPORT */ + + bool smbd_setup_mdns_registration(struct tevent_context *ev, +-- +2.37.1 + diff --git a/net/samba422/files/0020-FreeBSD-12-between-r336017-and-r342928-wrongfuly-ret.patch b/net/samba422/files/0020-FreeBSD-12-between-r336017-and-r342928-wrongfuly-ret.patch new file mode 100644 index 000000000000..33661270ce25 --- /dev/null +++ b/net/samba422/files/0020-FreeBSD-12-between-r336017-and-r342928-wrongfuly-ret.patch @@ -0,0 +1,35 @@ +From 02b599cc740490fa6f433b0c455fe458fdc1db61 Mon Sep 17 00:00:00 2001 +From: "Timur I. Bakeyev" <timur@FreeBSD.org> +Date: Mon, 31 May 2021 02:45:11 +0200 +Subject: [PATCH 20/28] FreeBSD 12 between r336017 and r342928 wrongfuly return + ENOENT for the not enabled qoutas on ZFS. Wrap relevant error code check with + the versioning ifdef's. + +Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org> +--- + source3/lib/sysquotas_4B.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/source3/lib/sysquotas_4B.c b/source3/lib/sysquotas_4B.c +index d9beb924ad9..c41cac02e5f 100644 +--- a/source3/lib/sysquotas_4B.c ++++ b/source3/lib/sysquotas_4B.c +@@ -140,7 +140,14 @@ static int sys_quotactl_4B(const char * path, int cmd, + /* ENOTSUP means quota support is not compiled in. EINVAL + * means that quotas are not configured (commonly). + */ +- if (errno != ENOTSUP && errno != EINVAL) { ++ if (errno != ENOTSUP && errno != EINVAL ++/* ++ * FreeBSD 12 between r336017 and r342928 wrongfuly return ENOENT for the not enabled qoutas on ZFS. ++ */ ++#if defined(__FreeBSD__) && ((__FreeBSD_version >= 1102503 && __FreeBSD_version <= 1102506) || (__FreeBSD_version >= 1200072 && __FreeBSD_version <= 1200503) || (__FreeBSD_version >= 1300000 && __FreeBSD_version <= 1300009)) ++ && errno != ENOENT ++#endif ++ ) { + DEBUG(5, ("failed to %s quota for %s ID %u on %s: %s\n", + (cmd & QCMD(Q_GETQUOTA, 0)) ? "get" : "set", + (cmd & QCMD(0, GRPQUOTA)) ? "group" : "user", +-- +2.37.1 + diff --git a/net/samba422/files/0021-Fix-casting-warnings-in-the-nfs_quota-debug-message.patch b/net/samba422/files/0021-Fix-casting-warnings-in-the-nfs_quota-debug-message.patch new file mode 100644 index 000000000000..c364031b4603 --- /dev/null +++ b/net/samba422/files/0021-Fix-casting-warnings-in-the-nfs_quota-debug-message.patch @@ -0,0 +1,36 @@ +From 46f5b54aa5761541a16108d66764d662f37f04d2 Mon Sep 17 00:00:00 2001 +From: "Timur I. Bakeyev" <timur@FreeBSD.org> +Date: Mon, 31 May 2021 02:41:48 +0200 +Subject: [PATCH 21/28] Fix casting warnings in the nfs_quota debug message. + +Initialize quota structure with zeros. + +Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org> +--- + source3/smbd/quotas.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/source3/smbd/quotas.c b/source3/smbd/quotas.c +index 604631f81d6..c23fa49b3b0 100644 +--- a/source3/smbd/quotas.c ++++ b/source3/smbd/quotas.c +@@ -125,6 +125,7 @@ static bool nfs_quotas(char *nfspath, uid_t euser_id, uint64_t *bsize, uint64_t + if (!cutstr) + return False; + ++ memset(&D, '\0', sizeof(D)); + memset(cutstr, '\0', len+1); + host = strncat(cutstr,mnttype, sizeof(char) * len ); + DEBUG(5,("nfs_quotas: looking for mount on \"%s\"\n", cutstr)); +@@ -133,7 +134,7 @@ static bool nfs_quotas(char *nfspath, uid_t euser_id, uint64_t *bsize, uint64_t + args.gqa_pathp = testpath+1; + args.gqa_uid = uid; + +- DEBUG(5,("nfs_quotas: Asking for host \"%s\" rpcprog \"%i\" rpcvers \"%i\" network \"%s\"\n", host, RQUOTAPROG, RQUOTAVERS, "udp")); ++ DEBUG(5,("nfs_quotas: Asking for host \"%s\" rpcprog \"%lu\" rpcvers \"%lu\" network \"%s\"\n", host, RQUOTAPROG, RQUOTAVERS, "udp")); + + if ((clnt = clnt_create(host, RQUOTAPROG, RQUOTAVERS, "udp")) == NULL) { + ret = False; +-- +2.37.1 + diff --git a/net/samba422/files/0022-Clean-up-UTMP-handling-code-and-add-FreeBSD-support..patch b/net/samba422/files/0022-Clean-up-UTMP-handling-code-and-add-FreeBSD-support..patch new file mode 100644 index 000000000000..aadb084506eb --- /dev/null +++ b/net/samba422/files/0022-Clean-up-UTMP-handling-code-and-add-FreeBSD-support..patch @@ -0,0 +1,332 @@ +From 5019ad026f106d51dc2bb4c410a05b2f63b56cd0 Mon Sep 17 00:00:00 2001 +From: "Timur I. Bakeyev" <timur@FreeBSD.org> +Date: Mon, 31 May 2021 01:43:13 +0200 +Subject: [PATCH 22/28] Clean up UTMP handling code and add FreeBSD support. + Some really legacy platforms may have been dropped as a result. + +Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org> +--- + source3/smbd/utmp.c | 152 +++++++++++------------------------------- + source3/wscript | 36 +++++---- + 2 files changed, 60 insertions(+), 128 deletions(-) + +diff -Naurp a/source3/smbd/utmp.c b/source3/smbd/utmp.c +--- a/source3/smbd/utmp.c 2024-02-02 04:33:51.316490200 -0500 ++++ b/source3/smbd/utmp.c 2024-08-05 12:50:57.691687000 -0400 +@@ -257,7 +257,7 @@ static char *uw_pathname(TALLOC_CTX *ctx, + Update utmp file directly. No subroutine interface: probably a BSD system. + ****************************************************************************/ + +-static void pututline_my(const char *uname, struct utmp *u, bool claim) ++static void pututline_my(const char *uname, STRUCT_UTMP *u, bool claim) + { + DEBUG(1,("pututline_my: not yet implemented\n")); + /* BSD implementor: may want to consider (or not) adjusting "lastlog" */ +@@ -271,7 +271,7 @@ static void pututline_my(const char *uname, struct utm + Credit: Michail Vidiassov <master@iaas.msu.ru> + ****************************************************************************/ + +-static void updwtmp_my(const char *wname, struct utmp *u, bool claim) ++static void updwtmp_my(const char *wname, STRUCT_UTMP *u, bool claim) + { + int fd; + struct stat buf; +@@ -303,7 +303,7 @@ static void updwtmp_my(const char *wname, struct utmp + if ((fd = open(wname, O_WRONLY|O_APPEND, 0)) < 0) + return; + if (fstat(fd, &buf) == 0) { +- if (write(fd, (char *)u, sizeof(struct utmp)) != sizeof(struct utmp)) ++ if (write(fd, (char *)u, sizeof(STRUCT_UTMP)) != sizeof(STRUCT_UTMP)) + (void) ftruncate(fd, buf.st_size); + } + (void) close(fd); +@@ -314,12 +314,12 @@ static void updwtmp_my(const char *wname, struct utmp + Update via utmp/wtmp (not utmpx/wtmpx). + ****************************************************************************/ + +-static void utmp_nox_update(struct utmp *u, bool claim) ++static void utmp_nox_update(STRUCT_UTMP *u, bool claim) + { + char *uname = NULL; + char *wname = NULL; + #if defined(PUTUTLINE_RETURNS_UTMP) +- struct utmp *urc; ++ STRUCT_UTMP *urc; + #endif /* PUTUTLINE_RETURNS_UTMP */ + + uname = uw_pathname(talloc_tos(), "utmp", ut_pathname); +@@ -376,127 +376,52 @@ static void utmp_nox_update(struct utmp *u, bool claim + } + } + +-/**************************************************************************** +- Copy a string in the utmp structure. +-****************************************************************************/ + +-static void utmp_strcpy(char *dest, const char *src, size_t n) +-{ +- size_t len = 0; + +- memset(dest, '\0', n); +- if (src) +- len = strlen(src); +- if (len >= n) { +- memcpy(dest, src, n); +- } else { +- if (len) +- memcpy(dest, src, len); +- } +-} + ++ + /**************************************************************************** + Update via utmpx/wtmpx (preferred) or via utmp/wtmp. + ****************************************************************************/ + +-static void sys_utmp_update(struct utmp *u, const char *hostname, bool claim) ++static void sys_utmp_update(STRUCT_UTMP *u, const char *hostname, bool claim) + { +-#if !defined(HAVE_UTMPX_H) +- /* No utmpx stuff. Drop to non-x stuff */ +- utmp_nox_update(u, claim); +-#elif !defined(HAVE_PUTUTXLINE) +- /* Odd. Have utmpx.h but no "pututxline()". Drop to non-x stuff */ +- DEBUG(1,("utmp_update: have utmpx.h but no pututxline() function\n")); +- utmp_nox_update(u, claim); +-#elif !defined(HAVE_GETUTMPX) +- /* Odd. Have utmpx.h but no "getutmpx()". Drop to non-x stuff */ +- DEBUG(1,("utmp_update: have utmpx.h but no getutmpx() function\n")); +- utmp_nox_update(u, claim); +-#elif !defined(HAVE_UPDWTMPX) +- /* Have utmpx.h but no "updwtmpx()". Drop to non-x stuff */ +- DEBUG(1,("utmp_update: have utmpx.h but no updwtmpx() function\n")); +- utmp_nox_update(u, claim); +-#else +- char *uname = NULL; +- char *wname = NULL; +- struct utmpx ux, *uxrc; ++ STRUCT_UTMP *urc; + +- getutmpx(u, &ux); +- +-#if defined(HAVE_UX_UT_SYSLEN) +- if (hostname) +- ux.ut_syslen = strlen(hostname) + 1; /* include end NULL */ +- else +- ux.ut_syslen = 0; +-#endif +-#if defined(HAVE_UX_UT_HOST) +- utmp_strcpy(ux.ut_host, hostname, sizeof(ux.ut_host)); +-#endif +- +- uname = uw_pathname(talloc_tos(), "utmpx", ux_pathname); +- wname = uw_pathname(talloc_tos(), "wtmpx", wx_pathname); +- if (uname && wname) { +- DEBUG(2,("utmp_update: uname:%s wname:%s\n", uname, wname)); ++ setutxent(); ++ urc = pututxline(u); ++ endutxent(); ++ if (urc == NULL) { ++ DEBUG(2,("utmp_update: pututxline() failed\n")); ++ return; + } +- +- /* +- * Check for either uname or wname being empty. +- * Some systems, such as Redhat 6, have a "utmpx.h" which doesn't +- * define default filenames. +- * Also, our local installation has not provided an override. +- * Drop to non-x method. (E.g. RH6 has good defaults in "utmp.h".) +- */ +- if (!uname || !wname || (strlen(uname) == 0) || (strlen(wname) == 0)) { +- utmp_nox_update(u, claim); +- } else { +- utmpxname(uname); +- setutxent(); +- uxrc = pututxline(&ux); +- endutxent(); +- if (uxrc == NULL) { +- DEBUG(2,("utmp_update: pututxline() failed\n")); +- return; +- } +- updwtmpx(wname, &ux); +- } +-#endif /* HAVE_UTMPX_H */ + } + + #if defined(HAVE_UT_UT_ID) + /**************************************************************************** + Encode the unique connection number into "ut_id". + ****************************************************************************/ +- +-static int ut_id_encode(int i, char *fourbyte) ++static void ut_id_encode(char *buf, int id, size_t buf_size) + { +- int nbase; +- const char *ut_id_encstr = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"; ++ const char ut_id_encstr[] = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"; + +-/* +- * 'ut_id_encstr' is the character set on which modulo arithmetic is done. +- * Example: digits would produce the base-10 numbers from '001'. +- */ +- nbase = strlen(ut_id_encstr); ++ int nbase = sizeof(ut_id_encstr) - 1; ++ /* ++ * 'ut_id_encstr' is the character set on which modulo arithmetic is done. ++ * Example: digits would produce the base-10 numbers from '001'. ++ */ + +- fourbyte[0] = ut_id_encstr[i % nbase]; +- i /= nbase; +- fourbyte[1] = ut_id_encstr[i % nbase]; +- i /= nbase; +- fourbyte[3] = ut_id_encstr[i % nbase]; +- i /= nbase; +- fourbyte[2] = ut_id_encstr[i % nbase]; +- i /= nbase; +- +- /* we do not care about overflows as i is a random number */ +- return 0; ++ for(int i = 0; i < buf_size; i++) { ++ buf[i] = ut_id_encstr[id % nbase]; ++ id /= nbase; ++ } + } + #endif /* defined(HAVE_UT_UT_ID) */ + +- + /* + fill a system utmp structure given all the info we can gather + */ +-static bool sys_utmp_fill(struct utmp *u, ++static bool sys_utmp_fill(STRUCT_UTMP *u, + const char *username, const char *hostname, + const char *id_str, int id_num) + { +@@ -509,16 +434,16 @@ static bool sys_utmp_fill(struct utmp *u, + * rather than to try to detect and optimise. + */ + #if defined(HAVE_UT_UT_USER) +- utmp_strcpy(u->ut_user, username, sizeof(u->ut_user)); ++ strncpy(u->ut_user, username, sizeof(u->ut_user)); + #elif defined(HAVE_UT_UT_NAME) +- utmp_strcpy(u->ut_name, username, sizeof(u->ut_name)); ++ strncpy(u->ut_name, username, sizeof(u->ut_name)); + #endif + + /* + * ut_line: + * If size limit proves troublesome, then perhaps use "ut_id_encode()". + */ +- utmp_strcpy(u->ut_line, id_str, sizeof(u->ut_line)); ++ strncpy(u->ut_line, id_str, sizeof(u->ut_line)); + + #if defined(HAVE_UT_UT_PID) + u->ut_pid = getpid(); +@@ -535,20 +460,23 @@ static bool sys_utmp_fill(struct utmp *u, + u->ut_time = timeval.tv_sec; + #elif defined(HAVE_UT_UT_TV) + GetTimeOfDay(&timeval); +- u->ut_tv = timeval; ++ u->ut_tv.tv_sec = timeval.tv_sec; ++ u->ut_tv.tv_usec = timeval.tv_usec; + #else + #error "with-utmp must have UT_TIME or UT_TV" + #endif + + #if defined(HAVE_UT_UT_HOST) +- utmp_strcpy(u->ut_host, hostname, sizeof(u->ut_host)); ++ if(hostname != NULL) { ++ strncpy(u->ut_host, hostname, sizeof(u->ut_host)); ++#if defined(HAVE_UT_UT_SYSLEN) ++ u->ut_syslen = strlen(hostname) + 1; /* include trailing NULL */ + #endif ++ } ++#endif + + #if defined(HAVE_UT_UT_ID) +- if (ut_id_encode(id_num, u->ut_id) != 0) { +- DEBUG(1,("utmp_fill: cannot encode id %d\n", id_num)); +- return False; +- } ++ ut_id_encode(u->ut_id, id_num, sizeof(u->ut_id)); + #endif + + return True; +@@ -561,7 +489,7 @@ void sys_utmp_yield(const char *username, const char * + void sys_utmp_yield(const char *username, const char *hostname, + const char *id_str, int id_num) + { +- struct utmp u; ++ STRUCT_UTMP u; + + ZERO_STRUCT(u); + +@@ -587,7 +515,7 @@ void sys_utmp_claim(const char *username, const char * + void sys_utmp_claim(const char *username, const char *hostname, + const char *id_str, int id_num) + { +- struct utmp u; ++ STRUCT_UTMP u; + + ZERO_STRUCT(u); + +diff -Naurp a/source3/wscript b/source3/wscript +--- a/source3/wscript 2024-08-05 12:50:16.286549000 -0400 ++++ b/source3/wscript 2024-08-05 13:02:31.909769000 -0400 +@@ -804,34 +804,38 @@ msg.msg_accrightslen = sizeof(fd); + + if Options.options.with_utmp: + conf.env.with_utmp = True +- if not conf.CHECK_HEADERS('utmp.h'): conf.env.with_utmp = False +- conf.CHECK_FUNCS('pututline pututxline updwtmp updwtmpx getutmpx') +- conf.CHECK_STRUCTURE_MEMBER('struct utmp', 'ut_name', headers='utmp.h', ++ if not conf.CHECK_HEADERS('utmpx.h') and not conf.CHECK_HEADERS('utmp.h'): ++ conf.env.with_utmp = False ++ if conf.CONFIG_SET('HAVE_UTMPX_H'): ++ conf.DEFINE('STRUCT_UTMP', 'struct utmpx') ++ elif conf.CONFIG_SET('HAVE_UTMP_H'): ++ conf.DEFINE('STRUCT_UTMP', 'struct utmp') ++ conf.CHECK_FUNCS('pututxline getutxid getutxline updwtmpx getutmpx setutxent endutxent') ++ conf.CHECK_FUNCS('pututline getutid getutline updwtmp getutmp setutent endutent') ++ conf.CHECK_STRUCTURE_MEMBER('STRUCT_UTMP', 'ut_name', headers='utmpx.h utmp.h', + define='HAVE_UT_UT_NAME') +- conf.CHECK_STRUCTURE_MEMBER('struct utmp', 'ut_user', headers='utmp.h', ++ conf.CHECK_STRUCTURE_MEMBER('STRUCT_UTMP', 'ut_user', headers='utmpx.h utmp.h', + define='HAVE_UT_UT_USER') +- conf.CHECK_STRUCTURE_MEMBER('struct utmp', 'ut_id', headers='utmp.h', ++ conf.CHECK_STRUCTURE_MEMBER('STRUCT_UTMP', 'ut_id', headers='utmpx.h utmp.h', + define='HAVE_UT_UT_ID') +- conf.CHECK_STRUCTURE_MEMBER('struct utmp', 'ut_host', headers='utmp.h', ++ conf.CHECK_STRUCTURE_MEMBER('STRUCT_UTMP', 'ut_host', headers='utmpx.h utmp.h', + define='HAVE_UT_UT_HOST') +- conf.CHECK_STRUCTURE_MEMBER('struct utmp', 'ut_time', headers='utmp.h', ++ conf.CHECK_STRUCTURE_MEMBER('STRUCT_UTMP', 'ut_time', headers='utmpx.h utmp.h', + define='HAVE_UT_UT_TIME') +- conf.CHECK_STRUCTURE_MEMBER('struct utmp', 'ut_tv', headers='utmp.h', ++ conf.CHECK_STRUCTURE_MEMBER('STRUCT_UTMP', 'ut_tv', headers='utmpx.h utmp.h', + define='HAVE_UT_UT_TV') +- conf.CHECK_STRUCTURE_MEMBER('struct utmp', 'ut_type', headers='utmp.h', ++ conf.CHECK_STRUCTURE_MEMBER('STRUCT_UTMP', 'ut_type', headers='utmpx.h utmp.h', + define='HAVE_UT_UT_TYPE') +- conf.CHECK_STRUCTURE_MEMBER('struct utmp', 'ut_pid', headers='utmp.h', ++ conf.CHECK_STRUCTURE_MEMBER('STRUCT_UTMP', 'ut_pid', headers='utmpx.h utmp.h', + define='HAVE_UT_UT_PID') +- conf.CHECK_STRUCTURE_MEMBER('struct utmp', 'ut_exit.e_exit', headers='utmp.h', ++ conf.CHECK_STRUCTURE_MEMBER('STRUCT_UTMP', 'ut_exit.e_exit', headers='utmpx.h utmp.h', + define='HAVE_UT_UT_EXIT') +- conf.CHECK_STRUCTURE_MEMBER('struct utmpx', 'ut_syslen', headers='utmpx.h', +- define='HAVE_UX_UT_SYSLEN') +- conf.CHECK_STRUCTURE_MEMBER('struct utmpx', 'ut_host', headers='utmpx.h', +- define='HAVE_UX_UT_HOST') ++ conf.CHECK_STRUCTURE_MEMBER('STRUCT_UTMP', 'ut_syslen', headers='utmpx.h utmp.h', ++ define='HAVE_UT_UT_SYSLEN') + conf.CHECK_CODE('struct utmp utarg; struct utmp *utreturn; utreturn = pututline(&utarg);', + 'PUTUTLINE_RETURNS_UTMP', headers='utmp.h', + msg="Checking whether pututline returns pointer") +- conf.CHECK_SIZEOF(['((struct utmp *)NULL)->ut_line'], headers='utmp.h', ++ conf.CHECK_SIZEOF(['((STRUCT_UTMP *)NULL)->ut_line'], headers='utmpx.h utmp.h', + define='SIZEOF_UTMP_UT_LINE', critical=False) + if not conf.CONFIG_SET('SIZEOF_UTMP_UT_LINE'): + conf.env.with_utmp = False diff --git a/net/samba422/files/0023-Add-cmd_get_quota-test-function-into-vfstest-to-test.patch b/net/samba422/files/0023-Add-cmd_get_quota-test-function-into-vfstest-to-test.patch new file mode 100644 index 000000000000..581da64f6747 --- /dev/null +++ b/net/samba422/files/0023-Add-cmd_get_quota-test-function-into-vfstest-to-test.patch @@ -0,0 +1,121 @@ +From 2e927425e04d65027db5348b3e89a69a5e447556 Mon Sep 17 00:00:00 2001 +From: "Timur I. Bakeyev" <timur@FreeBSD.org> +Date: Mon, 31 May 2021 03:07:40 +0200 +Subject: [PATCH 23/28] Add `cmd_get_quota()` test function into vfstest, to + test disk quota interface. + +Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org> +--- + source3/torture/cmd_vfs.c | 78 +++++++++++++++++++++++++++++++++++ + source3/torture/wscript_build | 2 +- + 2 files changed, 79 insertions(+), 1 deletion(-) + +diff --git a/source3/torture/cmd_vfs.c b/source3/torture/cmd_vfs.c +index 38ce0dc4ff6..1bc4639d2a2 100644 +--- a/source3/torture/cmd_vfs.c ++++ b/source3/torture/cmd_vfs.c +@@ -145,6 +145,83 @@ static NTSTATUS cmd_disk_free(struct vfs_state *vfs, TALLOC_CTX *mem_ctx, int ar + return NT_STATUS_OK; + } + ++static NTSTATUS cmd_get_quota(struct vfs_state *vfs, TALLOC_CTX *mem_ctx, int argc, const char **argv) ++{ ++ struct smb_filename *smb_fname = NULL; ++ uint64_t bsize, dfree, dsize; ++ enum SMB_QUOTA_TYPE qtype; ++ SMB_DISK_QUOTA D; ++ unid_t id; ++ int r; ++ ++ if (argc != 4) { ++ printf("Usage: get_quota <path> [user|group] id\n"); ++ return NT_STATUS_OK; ++ } ++ ++ smb_fname = synthetic_smb_fname(talloc_tos(), ++ argv[1], ++ NULL, ++ NULL, ++ 0, ++ ssf_flags()); ++ if (smb_fname == NULL) { ++ return NT_STATUS_NO_MEMORY; ++ } ++ ++ if(strcmp(argv[2], "user") == 0) { ++ qtype = SMB_USER_FS_QUOTA_TYPE; ++ } ++ else if(strcmp(argv[2], "group") == 0) { ++ qtype = SMB_GROUP_FS_QUOTA_TYPE; ++ } ++ else { ++ printf("Usage: get_quota <path> [user|group] id\n"); ++ return NT_STATUS_OK; ++ } ++ ++ id.uid = atoi(argv[3]); ++ ++ ZERO_STRUCT(D); ++ ++ r = SMB_VFS_GET_QUOTA(vfs->conn, smb_fname, qtype, id, &D); ++ ++ if (r == -1 && errno != ENOSYS) { ++ return NT_STATUS_UNSUCCESSFUL; ++ } ++ ++ if (r == 0 && (D.qflags & QUOTAS_DENY_DISK) == 0) { ++ return NT_STATUS_UNSUCCESSFUL; ++ } ++ ++ bsize = D.bsize; ++ /* Use softlimit to determine disk space, except when it has been exceeded */ ++ if ( ++ (D.softlimit && D.curblocks >= D.softlimit) || ++ (D.hardlimit && D.curblocks >= D.hardlimit) || ++ (D.isoftlimit && D.curinodes >= D.isoftlimit) || ++ (D.ihardlimit && D.curinodes>=D.ihardlimit) ++ ) { ++ dfree = 0; ++ dsize = D.curblocks; ++ } else if (D.softlimit==0 && D.hardlimit==0) { ++ return NT_STATUS_UNSUCCESSFUL; ++ } else { ++ if (D.softlimit == 0) { ++ D.softlimit = D.hardlimit; ++ } ++ dfree = D.softlimit - D.curblocks; ++ dsize = D.softlimit; ++ } ++ ++ printf("get_quota: bsize = %lu, dfree = %lu, dsize = %lu\n", ++ (unsigned long)bsize, ++ (unsigned long)dfree, ++ (unsigned long)dsize); ++ ++ return NT_STATUS_OK; ++} ++ + + static NTSTATUS cmd_opendir(struct vfs_state *vfs, TALLOC_CTX *mem_ctx, int argc, const char **argv) + { +@@ -2257,6 +2334,7 @@ struct cmd_set vfs_commands[] = { + { "connect", cmd_connect, "VFS connect()", "connect" }, + { "disconnect", cmd_disconnect, "VFS disconnect()", "disconnect" }, + { "disk_free", cmd_disk_free, "VFS disk_free()", "disk_free <path>" }, ++ { "get_quota", cmd_get_quota, "VFS get_quota()", "get_quota <path> [user|group] id" }, + { "opendir", cmd_opendir, "VFS opendir()", "opendir <fname>" }, + { "readdir", cmd_readdir, "VFS readdir()", "readdir" }, + { "mkdir", cmd_mkdir, "VFS mkdir()", "mkdir <path>" }, +diff --git a/source3/torture/wscript_build b/source3/torture/wscript_build +index 0c4275de795..f75c4bfe2be 100644 +--- a/source3/torture/wscript_build ++++ b/source3/torture/wscript_build +@@ -124,4 +124,4 @@ bld.SAMBA3_BINARY('vfstest', + smbconf + SMBREADLINE + ''', +- for_selftest=True) ++ install=True) +-- +2.37.1 + diff --git a/net/samba422/files/0025-From-d9b748869a8f4018ebee302aae8246bf29f60309-Mon-Se.patch b/net/samba422/files/0025-From-d9b748869a8f4018ebee302aae8246bf29f60309-Mon-Se.patch new file mode 100644 index 000000000000..064eeb0cfa48 --- /dev/null +++ b/net/samba422/files/0025-From-d9b748869a8f4018ebee302aae8246bf29f60309-Mon-Se.patch @@ -0,0 +1,94 @@ +From 6e79023af14210a6435ab18ada8097253b8b16b6 Mon Sep 17 00:00:00 2001 +From: "Timur I. Bakeyev" <timur@FreeBSD.org> +Date: Mon, 31 May 2021 01:38:49 +0200 +Subject: [PATCH 25/28] From d9b748869a8f4018ebee302aae8246bf29f60309 Mon Sep + 17 00:00:00 2001 From: "Timur I. Bakeyev" <timur@iXsystems.com> Date: Fri, 1 + Jun 2018 01:35:08 +0800 Subject: [PATCH] vfs_fruit: allow broken + AFP_Signature where the first byte is 0 + +FreeBSD bug ... caused the first byte of the AFP_AfpInfo xattr to be 0 +instead of 'A'. This hack allows such broken AFP_AfpInfo blobs to be +parsed by afpinfo_unpack(). + +FreeBSD Bug: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=228462 + +Signed-off-by: Ralph Boehme <slow@samba.org> +Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org> +--- + source3/lib/adouble.c | 19 +++++++++++++++---- + source3/modules/vfs_fruit.c | 19 ++++++++++++++++++- + 2 files changed, 33 insertions(+), 5 deletions(-) + +diff -Naurp a/source3/lib/adouble.c b/source3/lib/adouble.c +--- a/source3/lib/adouble.c 2024-02-02 04:33:51.172489400 -0500 ++++ b/source3/lib/adouble.c 2024-08-05 13:53:43.952688000 -0400 +@@ -2821,6 +2821,8 @@ ssize_t afpinfo_pack(const AfpInfo *ai, char *buf) + return AFP_INFO_SIZE; + } + ++#define BROKEN_FREEBSD_AFP_Signature 0x00465000 ++ + /** + * Unpack a buffer into a AfpInfo structure + * +@@ -2841,11 +2843,20 @@ AfpInfo *afpinfo_unpack(TALLOC_CTX *ctx, const void *d + sizeof(ai->afpi_FinderInfo)); + + if (validate) { +- if (ai->afpi_Signature != AFP_Signature +- || ai->afpi_Version != AFP_Version) +- { +- DEBUG(1, ("Bad AfpInfo signature or version\n")); ++ if (ai->afpi_Signature != AFP_Signature) { ++ DBG_WARNING("Bad AFP signature [%x]\n", ai->afpi_Signature); ++ ++ if (ai->afpi_Signature != BROKEN_FREEBSD_AFP_Signature) { ++ DBG_ERR("Bad AfpInfo signature\n"); ++ TALLOC_FREE(ai); ++ return NULL; ++ } ++ } ++ ++ if (ai->afpi_Version != AFP_Version) { ++ DBG_ERR("Bad AfpInfo version\n"); + TALLOC_FREE(ai); ++ return NULL; + } + } else { + ai->afpi_Signature = AFP_Signature; +diff -Naurp a/source3/modules/vfs_fruit.c b/source3/modules/vfs_fruit.c +--- a/source3/modules/vfs_fruit.c 2024-02-02 04:33:51.228489600 -0500 ++++ b/source3/modules/vfs_fruit.c 2024-08-05 13:12:29.220129000 -0400 +@@ -2305,6 +2305,7 @@ static ssize_t fruit_pread_meta_stream(vfs_handle_stru + size_t n, off_t offset) + { + struct fio *fio = fruit_get_complete_fio(handle, fsp); ++ char *p = (char *)data; + ssize_t nread; + int ret; + +@@ -2313,7 +2314,23 @@ static ssize_t fruit_pread_meta_stream(vfs_handle_stru + } + + nread = SMB_VFS_NEXT_PREAD(handle, fsp, data, n, offset); +- if (nread == -1 || nread == n) { ++ if (nread <= 0) { ++ /* ++ * fruit_meta_open_stream() removes O_CREAT flag ++ * from xattr open. This results in vfs_streams_xattr ++ * not generating an FSP extension for the files_struct ++ * and causes subsequent pread() of stream to return ++ * nread=0 if pread() occurs before pwrite(). ++ */ ++ return nread; ++ } ++ ++ if (nread == n) { ++ if (offset == 0 && nread > 3 && p[0] == 0 && p[1] == 'F' && p[2] == 'P') { ++ DBG_NOTICE("Fixing AFP_Info of [%s]\n", ++ fsp_str_dbg(fsp)); ++ p[0] = 'A'; ++ } + return nread; + } + diff --git a/net/samba422/files/0026-vfs-add-a-compatibility-option-to-the-vfs_streams_xa.patch b/net/samba422/files/0026-vfs-add-a-compatibility-option-to-the-vfs_streams_xa.patch new file mode 100644 index 000000000000..38a7f0295b90 --- /dev/null +++ b/net/samba422/files/0026-vfs-add-a-compatibility-option-to-the-vfs_streams_xa.patch @@ -0,0 +1,335 @@ +From 2d73ccb27ffcdf419d569260fcca6e9ee3b9538a Mon Sep 17 00:00:00 2001 +From: "Timur I. Bakeyev" <timur@FreeBSD.org> +Date: Thu, 29 Sep 2022 03:24:26 +0200 +Subject: [PATCH 26/28] vfs: add a compatibility option to the + vfs_streams_xattr + +When enabled, the module does not append a trailing 0 +byte to the end of the extended attribute data. + +This is primarily a consideration when the administrator +wishes to expose extended attributes that have been written +by another application as alternate data streams via +Samba. + +An example where this parameter may be required is when +migrating a netatalk share to Samba. See manpage for +vfs_fruit for additional considerations regarding +Netatalk and Samba compatibility. + +Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org> +--- + docs-xml/manpages/vfs_streams_xattr.8.xml | 25 ++++++ + source3/modules/vfs_streams_xattr.c | 95 +++++++++++++++++------ + 2 files changed, 97 insertions(+), 23 deletions(-) + +diff --git a/docs-xml/manpages/vfs_streams_xattr.8.xml b/docs-xml/manpages/vfs_streams_xattr.8.xml +index 6645928c016..0f38d510a82 100644 +--- a/docs-xml/manpages/vfs_streams_xattr.8.xml ++++ b/docs-xml/manpages/vfs_streams_xattr.8.xml +@@ -71,6 +71,31 @@ + </listitem> + </varlistentry> + ++ <varlistentry> ++ <term>streams_xattr:xattr_compat = [yes|no]</term> ++ <listitem> ++ <para>When enabled, the module does not append a trailing 0 ++ byte to the end of the extended attribute data. This parameter ++ must not be changed once data has been written to the share ++ since it may result in dropping the last byte from xattr data. ++ ++ This is primarily a consideration when the administrator ++ wishes to expose extended attributes that have been written ++ by another application as alternate data streams via ++ Samba. ++ ++ An example where this parameter may be required is when ++ migrating a netatalk share to Samba. See manpage for ++ vfs_fruit for additional considerations regarding ++ Netatalk and Samba compatibility. ++ ++ WARNING: this parameter must not be changed on existing ++ Samba shares or new shares that export paths currently ++ or previously have been shared by Samba. ++ The default is <command>yes</command>.</para> ++ </listitem> ++ </varlistentry> ++ + </variablelist> + + </refsect1> +diff --git a/source3/modules/vfs_streams_xattr.c b/source3/modules/vfs_streams_xattr.c +index b69a4f342f5..070111e3ee9 100644 +--- a/source3/modules/vfs_streams_xattr.c ++++ b/source3/modules/vfs_streams_xattr.c +@@ -35,6 +35,7 @@ struct streams_xattr_config { + const char *prefix; + size_t prefix_len; + bool store_stream_type; ++ int xattr_compat_bytes; + }; + + struct stream_io { +@@ -45,22 +46,28 @@ struct stream_io { + vfs_handle_struct *handle; + }; + +-static ssize_t get_xattr_size_fsp(struct files_struct *fsp, ++static ssize_t get_xattr_size_fsp(vfs_handle_struct *handle, ++ struct files_struct *fsp, + const char *xattr_name) + { + NTSTATUS status; + struct ea_struct ea; + ssize_t result; ++ struct streams_xattr_config *config = NULL; + ++ SMB_VFS_HANDLE_GET_DATA(handle, config, struct streams_xattr_config, ++ return -1); ++ + status = get_ea_value_fsp(talloc_tos(), + fsp, + xattr_name, + &ea); ++ + if (!NT_STATUS_IS_OK(status)) { + return -1; + } + +- result = ea.value.length-1; ++ result = ea.value.length - config->xattr_compat_bytes; + TALLOC_FREE(ea.value.data); + return result; + } +@@ -197,7 +204,8 @@ static int streams_xattr_fstat(vfs_handle_struct *hand + return -1; + } + +- sbuf->st_ex_size = get_xattr_size_fsp(fsp->base_fsp, ++ sbuf->st_ex_size = get_xattr_size_fsp(handle, ++ fsp->base_fsp, + io->xattr_name); + if (sbuf->st_ex_size == -1) { + SET_STAT_INVALID(*sbuf); +@@ -273,7 +281,7 @@ static int streams_xattr_stat(vfs_handle_struct *handl + fsp = fsp->base_fsp; + } + +- smb_fname->st.st_ex_size = get_xattr_size_fsp(fsp, ++ smb_fname->st.st_ex_size = get_xattr_size_fsp(handle, fsp, + xattr_name); + if (smb_fname->st.st_ex_size == -1) { + TALLOC_FREE(xattr_name); +@@ -308,6 +316,7 @@ static int streams_xattr_lstat(vfs_handle_struct *hand + errno = ENOENT; + return -1; + } ++ + return SMB_VFS_NEXT_LSTAT(handle, smb_fname); + } + +@@ -341,6 +350,12 @@ static int streams_xattr_openat(struct vfs_handle_stru + how); + } + ++#ifdef O_EMPTY_PATH ++ if (how->flags & O_EMPTY_PATH) { ++ return vfs_fake_fd(); ++ } ++#endif ++ + if (how->resolve != 0) { + errno = ENOSYS; + return -1; +@@ -356,6 +371,8 @@ static int streams_xattr_openat(struct vfs_handle_stru + goto fail; + } + ++ fsp->fsp_flags.have_proc_fds = fsp->conn->have_proc_fds; ++ + status = get_ea_value_fsp(talloc_tos(), + fsp->base_fsp, + xattr_name, +@@ -394,7 +411,8 @@ static int streams_xattr_openat(struct vfs_handle_stru + */ + + /* +- * Darn, xattrs need at least 1 byte ++ * If xattr_compat_bytes is set we need to ++ * provide one extra trailing byte + */ + char null = '\0'; + +@@ -403,7 +421,8 @@ static int streams_xattr_openat(struct vfs_handle_stru + + ret = SMB_VFS_FSETXATTR(fsp->base_fsp, + xattr_name, +- &null, sizeof(null), ++ (config->xattr_compat_bytes) ? &null : NULL, ++ (config->xattr_compat_bytes) ? sizeof(null) : 0, + how->flags & O_EXCL ? XATTR_CREATE : 0); + if (ret != 0) { + goto fail; +@@ -412,13 +431,13 @@ static int streams_xattr_openat(struct vfs_handle_stru + + fakefd = vfs_fake_fd(); + +- sio = VFS_ADD_FSP_EXTENSION(handle, fsp, struct stream_io, NULL); +- if (sio == NULL) { +- errno = ENOMEM; +- goto fail; +- } ++ sio = VFS_ADD_FSP_EXTENSION(handle, fsp, struct stream_io, NULL); ++ if (sio == NULL) { ++ errno = ENOMEM; ++ goto fail; ++ } + +- sio->xattr_name = talloc_strdup(VFS_MEMCTX_FSP_EXTENSION(handle, fsp), ++ sio->xattr_name = talloc_strdup(VFS_MEMCTX_FSP_EXTENSION(handle, fsp), + xattr_name); + if (sio->xattr_name == NULL) { + errno = ENOMEM; +@@ -808,12 +827,16 @@ static bool collect_one_stream(struct ea_struct *ea, v + { + struct streaminfo_state *state = + (struct streaminfo_state *)private_data; ++ struct streams_xattr_config *config = NULL; + ++ SMB_VFS_HANDLE_GET_DATA(state->handle, config, struct streams_xattr_config, ++ return false); ++ + if (!add_one_stream(state->mem_ctx, + &state->num_streams, &state->streams, +- ea->name, ea->value.length-1, ++ ea->name, ea->value.length - config->xattr_compat_bytes, + smb_roundup(state->handle->conn, +- ea->value.length-1))) { ++ ea->value.length - config->xattr_compat_bytes))) { + state->status = NT_STATUS_NO_MEMORY; + return false; + } +@@ -875,6 +898,7 @@ static int streams_xattr_connect(vfs_handle_struct *ha + const char *default_prefix = SAMBA_XATTR_DOSSTREAM_PREFIX; + const char *prefix; + int rc; ++ bool xattr_compat; + + rc = SMB_VFS_NEXT_CONNECT(handle, service, user); + if (rc != 0) { +@@ -905,6 +929,13 @@ static int streams_xattr_connect(vfs_handle_struct *ha + "store_stream_type", + true); + ++ xattr_compat = lp_parm_bool(SNUM(handle->conn), ++ "streams_xattr", ++ "xattr_compat", ++ true); ++ ++ config->xattr_compat_bytes = xattr_compat ? 0 : 1; ++ + SMB_VFS_HANDLE_SET_DATA(handle, config, + NULL, struct stream_xattr_config, + return -1); +@@ -921,6 +952,7 @@ static ssize_t streams_xattr_pwrite(vfs_handle_struct + struct ea_struct ea; + NTSTATUS status; + int ret; ++ struct streams_xattr_config *config = NULL; + + DEBUG(10, ("streams_xattr_pwrite called for %d bytes\n", (int)n)); + +@@ -932,6 +964,9 @@ static ssize_t streams_xattr_pwrite(vfs_handle_struct + return -1; + } + ++ SMB_VFS_HANDLE_GET_DATA(handle, config, struct streams_xattr_config, ++ return -1); ++ + if ((offset + n) >= lp_smbd_max_xattr_size(SNUM(handle->conn))) { + /* + * Requested write is beyond what can be read based on +@@ -961,11 +996,11 @@ static ssize_t streams_xattr_pwrite(vfs_handle_struct + return -1; + } + +- if ((offset + n) > ea.value.length-1) { ++ if ((offset + n) > ea.value.length - config->xattr_compat_bytes) { + uint8_t *tmp; + + tmp = talloc_realloc(talloc_tos(), ea.value.data, uint8_t, +- offset + n + 1); ++ offset + n + config->xattr_compat_bytes); + + if (tmp == NULL) { + TALLOC_FREE(ea.value.data); +@@ -973,8 +1008,10 @@ static ssize_t streams_xattr_pwrite(vfs_handle_struct + return -1; + } + ea.value.data = tmp; +- ea.value.length = offset + n + 1; +- ea.value.data[offset+n] = 0; ++ ea.value.length = offset + n + config->xattr_compat_bytes; ++ if (config->xattr_compat_bytes) { ++ ea.value.data[offset+n] = 0; ++ } + } + + memcpy(ea.value.data + offset, data, n); +@@ -1002,7 +1039,12 @@ static ssize_t streams_xattr_pread(vfs_handle_struct * + struct ea_struct ea; + NTSTATUS status; + size_t length, overlap; ++ struct smb_filename *smb_fname_base = NULL; ++ struct streams_xattr_config *config = NULL; + ++ SMB_VFS_HANDLE_GET_DATA(handle, config, struct streams_xattr_config, ++ return -1); ++ + DEBUG(10, ("streams_xattr_pread: offset=%d, size=%d\n", + (int)offset, (int)n)); + +@@ -1022,7 +1064,7 @@ static ssize_t streams_xattr_pread(vfs_handle_struct * + return -1; + } + +- length = ea.value.length-1; ++ length = ea.value.length - config->xattr_compat_bytes; + + DBG_DEBUG("get_ea_value_fsp returned %d bytes\n", + (int)length); +@@ -1210,6 +1252,12 @@ static int streams_xattr_ftruncate(struct vfs_handle_s + struct stream_io *sio = + (struct stream_io *)VFS_FETCH_FSP_EXTENSION(handle, fsp); + ++ struct smb_filename *smb_fname_base = NULL; ++ struct streams_xattr_config *config = NULL; ++ ++ SMB_VFS_HANDLE_GET_DATA(handle, config, struct streams_xattr_config, ++ return -1); ++ + DEBUG(10, ("streams_xattr_ftruncate called for file %s offset %.0f\n", + fsp_str_dbg(fsp), (double)offset)); + +@@ -1239,14 +1287,16 @@ static int streams_xattr_ftruncate(struct vfs_handle_s + } + + /* Did we expand ? */ +- if (ea.value.length < offset + 1) { ++ if (ea.value.length < offset + config->xattr_compat_bytes) { + memset(&tmp[ea.value.length], '\0', +- offset + 1 - ea.value.length); ++ offset + config->xattr_compat_bytes - ea.value.length); + } + + ea.value.data = tmp; +- ea.value.length = offset + 1; +- ea.value.data[offset] = 0; ++ ea.value.length = offset + config->xattr_compat_bytes; ++ if (config->xattr_compat_bytes) { ++ ea.value.data[offset] = 0; ++ } + + ret = SMB_VFS_FSETXATTR(fsp->base_fsp, + sio->xattr_name, diff --git a/net/samba422/files/0028-s3-lib-system-add-FreeBSD-proc_fd_pattern.patch b/net/samba422/files/0028-s3-lib-system-add-FreeBSD-proc_fd_pattern.patch new file mode 100644 index 000000000000..2721be912c76 --- /dev/null +++ b/net/samba422/files/0028-s3-lib-system-add-FreeBSD-proc_fd_pattern.patch @@ -0,0 +1,121 @@ +From 584c69e77abb537a7345222648a397a9963c01b7 Mon Sep 17 00:00:00 2001 +From: "Timur I. Bakeyev" <timur@FreeBSD.org> +Date: Sat, 15 Oct 2022 04:02:43 +0200 +Subject: [PATCH 28/28] s3:lib:system - add FreeBSD proc_fd_pattern + +Add support for FreeBSD equivalent of /proc/self/fd through a special +fdescfs mount with option "nodup". This filesystem should be mounted +either to the private $PIDDIR/fd/ directory or to /dev/fd in order to +provide security and performance characteristics similar to Linux. + +Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org> +Adapted for Samba 4.20 by: Andrea venturoli <ml@netfence.it> +--- +--- source3/lib/system.c.orig 2025-06-27 15:05:05 UTC ++++ source3/lib/system.c +@@ -1047,6 +1047,68 @@ int sys_get_number_of_cores(void) + } + #endif + ++static bool freebsd_fdesc_check(const char *pattern) ++{ ++ char fdesc_path[PATH_MAX]; ++ int fd, fd2; ++ ++ fd = open(lp_pid_directory(), O_DIRECTORY); ++ if (fd == -1) { ++ DBG_ERR("%s: failed to open pid directory: %s\n", ++ lp_pid_directory(), strerror(errno)); ++ return false; ++ } ++ ++ snprintf(fdesc_path, sizeof(fdesc_path), pattern, fd); ++ ++ fd2 = open(fdesc_path, O_DIRECTORY); ++ if (fd2 == -1) { ++ /* ++ * Setting O_DIRECTORY on open of fdescfs mount ++ * without 'nodup' option will fail with ENOTDIR. ++ */ ++ if (errno == ENOTDIR) { ++ DBG_ERR("%s: fdescfs filesystem is not mounted with " ++ "'nodup' option. This specific mount option is " ++ "required in order to enable race-free handling " ++ "of paths.\n" ++ "See documentation for Samba's New VFS' " ++ "for more details. The 'nodup' mount option was " ++ "introduced in FreeBSD 13.\n", fdesc_path); ++ close(fd); ++ return false; ++ } ++ DBG_ERR("%s: failed to open fdescfs path: %s\n", ++ fdesc_path, strerror(errno)); ++ close(fd); ++ return false; ++ } ++ close(fd); ++ close(fd2); ++ ++ return true; ++} ++ ++static char* freebsd_pattern(char *buf, size_t bufsize) { ++ const char** base; ++ const char* base_dir[] = { ++ lp_pid_directory(), /* This is a preferred location */ ++ "/dev", ++ NULL ++ }; ++ ++ for(base = &base_dir[0]; *base != NULL; base++) { ++ snprintf(buf, bufsize, "%s/fd/%%lu", *base); ++ if(freebsd_fdesc_check(buf)) { ++ return buf; ++ } ++ } ++ return NULL; ++} ++ ++static char proc_fd_pattern_buf[PATH_MAX]; ++static const char *proc_fd_pattern = NULL; ++ + bool sys_have_proc_fds(void) + { + static bool checked = false; +@@ -1058,8 +1078,12 @@ bool sys_have_proc_fds(void) + return have_proc_fds; + } + +- ret = stat("/proc/self/fd/0", &sb); +- have_proc_fds = (ret == 0); ++ if (freebsd_pattern(proc_fd_pattern_buf, sizeof(proc_fd_pattern_buf)) != NULL) { ++ have_proc_fds = true; ++ proc_fd_pattern = proc_fd_pattern_buf; ++ } else ++ have_proc_fds = false; ++ + checked = true; + + return have_proc_fds; +@@ -1067,10 +1091,18 @@ char *sys_proc_fd_path(int fd, struct sys_proc_fd_path + + char *sys_proc_fd_path(int fd, struct sys_proc_fd_path_buf *buf) + { ++ bool have_proc_fds = sys_have_proc_fds(); ++ SMB_ASSERT(have_proc_fds); ++#if defined(__clang__) ++#pragma clang diagnostic push ++#pragma clang diagnostic ignored "-Wformat-nonliteral" ++#endif + int written = +- snprintf(buf->buf, sizeof(buf->buf), "/proc/self/fd/%d", fd); +- +- SMB_ASSERT(sys_have_proc_fds() && (written >= 0)); ++ snprintf(buf->buf, sizeof(buf->buf), proc_fd_pattern, fd); ++#if defined(__clang__) ++#pragma clang diagnostic pop ++#endif ++ SMB_ASSERT(written >= 0); + + return buf->buf; + } diff --git a/net/samba422/files/README.FreeBSD.in b/net/samba422/files/README.FreeBSD.in new file mode 100644 index 000000000000..95d349f525af --- /dev/null +++ b/net/samba422/files/README.FreeBSD.in @@ -0,0 +1,91 @@ + + !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + !!! Please read before running any tools !!! + !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + +Documentation +============= + + o https://wiki.samba.org/index.php/Samba4/HOWTO + + o https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO + + o https://wiki.samba.org/index.php/Samba4/samba-tool/domain/classicupgrade/HOWTO + +FreeBSD specific information +============================ + +* Your configuration is in: %%SAMBA4_CONFDIR%%/%%SAMBA4_CONFIG%% + +* All the logs are under: %%SAMBA4_LOGDIR%% + +* All the relevant databases are under: %%SAMBA4_LOCKDIR%% + +* Provisioning script is: %%PREFIX%%/bin/samba-tool + +Samba4 provisioning requires file system(s) with the ACLs support. On +UFS2 you need to enable POSIX ACLs by adding 'acls' option to the mount +flags, on ZFS you need to use NFSv4 ACLs and `zfsacl` VFS module to get +provisioning work. + +There is a hack in the code, that makes provisioning work on UFS2 and in +the jails on the price of using USER extattr(2) namespace, which is less +secure than SYSTEM namespace, as can be edited not only by root user, but +also by the owner of the file. + +For the provisioning on ZFS you need to use additional parameters to the +samba-tool, that would explicitly add `zfsacl` to the default `vfs objects`: + + # samba-tool domain provision --interactive \ + --option="vfs objects"="dfs_samba4 zfsacl" + +To run this port you need to perform the following steps: +--------------------------------------------------------- + +0. If you had Samba3 port installed before, please, *take backups* of +all the relevant files. That includes 'smb.conf' file and all the +content of the '/var/db/samba/' directory. + +1a. Create new '%%SAMBA4_CONFDIR%%/%%SAMBA4_CONFIG%%' file by running: + + # samba-tool domain provision + +1b. Or upgrade from the Samba3 'smb.conf' file by running: + + # samba-tool domain classicupgrade + +%%AD_DC%%1c. You will need to specify location of the 'nsupdate' command in the +%%AD_DC%%'%%SAMBA4_CONFIG%%' file: +%%AD_DC%% +%%AD_DC%% nsupdate command = %%PREFIX%%/bin/samba-nsupdate -g +%%AD_DC%% +2. Put string 'samba_server_enable="YES"' into your /etc/rc.conf. + +3. Make sure that your server doesn't run Samba3, OpenLDAP and named. +Stop them, if necessary. + +4. Run '%%PREFIX%%/etc/rc.d/samba_server start' or reboot. + +Please, check archives of samba@lists.samba.org and ask there for help, +if necessary: + + https://lists.samba.org/archive/samba/ + +Port related bugs can be reported to the FreeBSD Bugzilla or directly to: + + https://gitlab.com/samba-freebsd/ports/-/issues + +In case you found a bug which is clearly not related to the port build +process itself, please file a bug report at: + + https://bugzilla.samba.org/ + +And add me to CC list. + +You may find those tools helpful: +--------------------------------- + +Microsoft Remote Server Administration Tools (RSAT) for: + +* Vista: http://www.microsoft.com/en-us/download/details.aspx?id=21090 +* Windows 7: http://www.microsoft.com/en-us/download/details.aspx?id=7887 diff --git a/net/samba422/files/patch-docs-xml_manpages_vfs__freebsd.8.xml b/net/samba422/files/patch-docs-xml_manpages_vfs__freebsd.8.xml new file mode 100644 index 000000000000..b19ecafd4056 --- /dev/null +++ b/net/samba422/files/patch-docs-xml_manpages_vfs__freebsd.8.xml @@ -0,0 +1,172 @@ +--- docs-xml/manpages/vfs_freebsd.8.xml.orig 2025-07-11 10:55:41 UTC ++++ docs-xml/manpages/vfs_freebsd.8.xml +@@ -0,0 +1,169 @@ ++<?xml version="1.0" encoding="iso-8859-1"?> ++<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc"> ++<refentry id="vfs_freebsd.8"> ++ ++<refmeta> ++ <refentrytitle>vfs_freebsd</refentrytitle> ++ <manvolnum>8</manvolnum> ++ <refmiscinfo class="source">Samba</refmiscinfo> ++ <refmiscinfo class="manual">System Administration tools</refmiscinfo> ++ <refmiscinfo class="version">&doc.version;</refmiscinfo> ++</refmeta> ++ ++<refnamediv> ++ <refname>vfs_freebsd</refname> ++ <refpurpose>FreeBSD-specific VFS functions</refpurpose> ++</refnamediv> ++ ++<refsynopsisdiv> ++ <cmdsynopsis> ++ <command>vfs objects = freebsd</command> ++ </cmdsynopsis> ++</refsynopsisdiv> ++ ++<refsect1> ++ <title>DESCRIPTION</title> ++ ++ <para>This VFS module is part of the <citerefentry><refentrytitle>samba</refentrytitle> ++ <manvolnum>7</manvolnum></citerefentry> suite.</para> ++ ++ <para>The <command>vfs_freebsd</command> module implements some of the FreeBSD-specific VFS functions.</para> ++ ++ <para>This module is stackable.</para> ++</refsect1> ++ ++ ++<refsect1> ++ <title>OPTIONS</title> ++ ++ <variablelist> ++ ++ <varlistentry> ++ <term>freebsd:extattr mode=[legacy|compat|secure]</term> ++ <listitem> ++ <para>This parameter defines how the emulation of the Linux attr(5) extended attributes ++ is performed through the FreeBSD native extattr(9) system calls.</para> ++ ++ <para>Currently the <emphasis>security</emphasis>, <emphasis>system</emphasis>, ++ <emphasis>trusted</emphasis> and <emphasis>user</emphasis> extended attribute(xattr) ++ classes are defined in Linux. Contrary FreeBSD has only <emphasis>USER</emphasis> ++ and <emphasis>SYSTEM</emphasis> extended attribute(extattr) namespaces, so mapping ++ of one set into another isn't straightforward and can be done in different ways.</para> ++ ++ <para>Historically the Samba(7) built-in xattr mapping implementation simply converted ++ <emphasis>system</emphasis> and <emphasis>user</emphasis> xattr into corresponding ++ <emphasis>SYSTEM</emphasis> and <emphasis>USER</emphasis> extattr namespaces, dropping ++ the class prefix name with the separating dot and using attribute name only within the ++ mapped namespace. It also rejected any other xattr classes, like <emphasis>security</emphasis> ++ and <emphasis>trusted</emphasis> as invalid. Such behavior in particular broke AD ++ provisioning on UFS2 file systems as essential <emphasis>security.NTACL</emphasis> ++ xattr was rejected as invalid.</para> ++ ++ <para>This module tries to address this problem and provide secure, where it's possible, ++ way to map Linux xattr into FreeBSD's extattr.</para> ++ ++ <para>When <emphasis>mode</emphasis> is set to the <emphasis>legacy (default)</emphasis> ++ then modified version of built-in mapping is used, where <emphasis>system</emphasis> xattr ++ is mapped into SYSTEM namespace, while <emphasis>secure</emphasis>, <emphasis>trusted</emphasis> ++ and <emphasis>user</emphasis> xattr are all mapped into the USER namespace, dropping class ++ prefixes and mix them all together. This is the way how Samba FreeBSD ports were patched ++ up to the 4.9 version and that created multiple potential security issues. This mode is aimed for ++ the compatibility with the legacy installations only and should be avoided in new setups.</para> ++ ++ <para>The <emphasis>compat</emphasis> mode is mostly designed for the jailed environments, ++ where it's not possible to write extattrs into the secure SYSTEM namespace, so all four ++ classes are mapped into the USER namespace. To preserve information about origin of the ++ extended attribute it is stored together with the class preffix in the <emphasis>class.attribute</emphasis> ++ format.</para> ++ ++ <para>The <emphasis>secure</emphasis> mode is meant for storing extended attributes in a secure ++ manner, so that <emphasis>security</emphasis>, <emphasis>system</emphasis> and <emphasis>trusted</emphasis> ++ are stored in the SYSTEM namespace, which can be modified only by root. ++ </para> ++ </listitem> ++ </varlistentry> ++ ++ ++ </variablelist> ++</refsect1> ++ ++<refsect1> ++ <table frame="all" rowheader="firstcol"> ++ <title>Attributes mapping</title> ++ <tgroup cols='5' align='left' colsep='1' rowsep='1'> ++ <thead> ++ <row> ++ <entry> </entry> ++ <entry>built-in</entry> ++ <entry>legacy</entry> ++ <entry>compat/jail</entry> ++ <entry>secure</entry> ++ </row> ++ </thead> ++ <tbody> ++ <row> ++ <entry>user</entry> ++ <entry>USER; attribute</entry> ++ <entry>USER; attribute</entry> ++ <entry>USER; user.attribute</entry> ++ <entry>USER; user.attribute</entry> ++ </row> ++ <row> ++ <entry>system</entry> ++ <entry>SYSTEM; attribute</entry> ++ <entry>SYSTEM; attribute</entry> ++ <entry>USER; system.attribute</entry> ++ <entry>SYSTEM; system.attribute</entry> ++ </row> ++ <row> ++ <entry>trusted</entry> ++ <entry>FAIL</entry> ++ <entry>USER; attribute</entry> ++ <entry>USER; trusted.attribute</entry> ++ <entry>SYSTEM; trusted.attribute</entry> ++ </row> ++ <row> ++ <entry>security</entry> ++ <entry>FAIL</entry> ++ <entry>USER; attribute</entry> ++ <entry>USER; security.attribute</entry> ++ <entry>SYSTEM; security.attribute</entry> ++ </row> ++ </tbody> ++ </tgroup> ++ </table> ++</refsect1> ++ ++<refsect1> ++ <title>EXAMPLES</title> ++ ++ <para>Use secure method of setting extended attributes on the share:</para> ++ ++<programlisting> ++ <smbconfsection name="[sysvol]"/> ++ <smbconfoption name="vfs objects">freebsd</smbconfoption> ++ <smbconfoption name="freebsd:extattr mode">secure</smbconfoption> ++</programlisting> ++ ++</refsect1> ++ ++<refsect1> ++ <title>VERSION</title> ++ ++ <para>This man page is part of version &doc.version; of the Samba suite. ++ </para> ++</refsect1> ++ ++<refsect1> ++ <title>AUTHOR</title> ++ ++ <para>The original Samba software and related utilities ++ were created by Andrew Tridgell. Samba is now developed ++ by the Samba Team as an Open Source project similar ++ to the way the Linux kernel is developed.</para> ++ ++ <para>This module was written by Timur I. Bakeyev</para> ++ ++</refsect1> ++ ++</refentry> diff --git a/net/samba422/files/patch-docs-xml_wscript__build b/net/samba422/files/patch-docs-xml_wscript__build new file mode 100644 index 000000000000..cc8e028a823c --- /dev/null +++ b/net/samba422/files/patch-docs-xml_wscript__build @@ -0,0 +1,10 @@ +--- docs-xml/wscript_build.orig 2025-02-06 10:31:53 UTC ++++ docs-xml/wscript_build +@@ -88,6 +88,7 @@ vfs_module_manpages = ['vfs_acl_tdb', + 'vfs_extd_audit', + 'vfs_fake_perms', + 'vfs_fileid', ++ 'vfs_freebsd', + 'vfs_fruit', + 'vfs_full_audit', + 'vfs_glusterfs', diff --git a/net/samba422/files/patch-examples_pdb_wscript__build b/net/samba422/files/patch-examples_pdb_wscript__build new file mode 100644 index 000000000000..6b8e2685e80a --- /dev/null +++ b/net/samba422/files/patch-examples_pdb_wscript__build @@ -0,0 +1,11 @@ +--- examples/pdb/wscript_build.orig 2019-01-15 10:07:00 UTC ++++ examples/pdb/wscript_build +@@ -3,7 +3,7 @@ + bld.SAMBA3_MODULE('pdb_test', + subsystem='pdb', + source='test.c', +- deps='samba-util', ++ deps='samba-util samba-debug', + init_function='', + internal_module=bld.SAMBA3_IS_STATIC_MODULE('pdb_test'), + enabled=bld.SAMBA3_IS_ENABLED_MODULE('pdb_test')) diff --git a/net/samba422/files/patch-lib_talloc_wscript b/net/samba422/files/patch-lib_talloc_wscript new file mode 100644 index 000000000000..215b68b78fc8 --- /dev/null +++ b/net/samba422/files/patch-lib_talloc_wscript @@ -0,0 +1,11 @@ +--- lib/talloc/wscript.orig 2024-01-23 10:24:15.072250000 +0100 ++++ lib/talloc/wscript 2024-01-23 10:26:17.242921000 +0100 +@@ -45,7 +45,7 @@ def configure(conf): + conf.env.TALLOC_COMPAT1 = False + if conf.env.standalone_talloc: + conf.env.TALLOC_COMPAT1 = Options.options.TALLOC_COMPAT1 +- conf.env.PKGCONFIGDIR = '${LIBDIR}/pkgconfig' ++ conf.env.PKGCONFIGDIR = '%%PKGCONFIGDIR%%' + conf.env.TALLOC_VERSION = VERSION + + conf.CHECK_XSLTPROC_MANPAGES() diff --git a/net/samba422/files/patch-lib_util_util_crypt_c b/net/samba422/files/patch-lib_util_util_crypt_c new file mode 100644 index 000000000000..362f9a406d0b --- /dev/null +++ b/net/samba422/files/patch-lib_util_util_crypt_c @@ -0,0 +1,15 @@ +Index: lib/util/util_crypt.c +--- lib/util/util_crypt.c.orig ++++ lib/util/util_crypt.c +@@ -2,7 +2,11 @@ + #include "data_blob.h" + #include "discard.h" + #include <talloc.h> ++#ifdef __FreeBSD__ ++#include <unistd.h> ++#else + #include <crypt.h> ++#endif + #include "util_crypt.h" + + diff --git a/net/samba422/files/patch-python_samba_join.py b/net/samba422/files/patch-python_samba_join.py new file mode 100644 index 000000000000..79f32802c4f4 --- /dev/null +++ b/net/samba422/files/patch-python_samba_join.py @@ -0,0 +1,11 @@ +--- python/samba/join.py.orig 2025-02-06 10:31:54 UTC ++++ python/samba/join.py +@@ -917,7 +917,7 @@ class DCJoinContext(object): + secrets_ldb = Ldb(ctx.paths.secrets, session_info=system_session(), lp=ctx.lp) + + provision_fill(ctx.local_samdb, secrets_ldb, +- ctx.logger, ctx.names, ctx.paths, ++ ctx.logger, ctx.names, ctx.targetdir, ctx.paths, + dom_for_fun_level=ctx.behavior_version, + samdb_fill=FILL_SUBDOMAIN, + machinepass=ctx.acct_pass, serverrole="active directory domain controller", diff --git a/net/samba422/files/patch-python_samba_provision_____init____.py b/net/samba422/files/patch-python_samba_provision_____init____.py new file mode 100644 index 000000000000..c5aa0c96f265 --- /dev/null +++ b/net/samba422/files/patch-python_samba_provision_____init____.py @@ -0,0 +1,71 @@ +--- python/samba/provision/__init__.py.orig 2025-02-06 10:31:54 UTC ++++ python/samba/provision/__init__.py +@@ -1671,19 +1671,25 @@ def setsysvolacl(samdb, sysvol, uid, gid, domainsid, d + s3conf = s3param.get_context() + s3conf.load(lp.configfile) + +- file = tempfile.NamedTemporaryFile(dir=os.path.abspath(sysvol)) ++ sysvol_dir = os.path.abspath(sysvol) ++ ++ set_simple_acl = smbd.set_simple_acl ++ if smbd.has_nfsv4_acls(sysvol_dir): ++ set_simple_acl = smbd.set_simple_nfsv4_acl ++ ++ file = tempfile.NamedTemporaryFile(dir=sysvol_dir) + try: + try: +- smbd.set_simple_acl(file.name, 0o755, system_session_unix(), gid) ++ set_simple_acl(file.name, 0o755, system_session_unix(), gid) + except OSError: +- if not smbd.have_posix_acls(): ++ if not smbd.have_posix_acls() and not smbd.have_nfsv4_acls(): + # This clue is only strictly correct for RPM and + # Debian-like Linux systems, but hopefully other users + # will get enough clue from it. +- raise ProvisioningError("Samba was compiled without the posix ACL support that s3fs requires. " ++ raise ProvisioningError("Samba was compiled without the ACL support that s3fs requires. " + "Try installing libacl1-dev or libacl-devel, then re-run configure and make.") + +- raise ProvisioningError("Your filesystem or build does not support posix ACLs, which s3fs requires. " ++ raise ProvisioningError("Your filesystem or build does not support ACLs, which s3fs requires. " + "Try the mounting the filesystem with the 'acl' option.") + try: + smbd.chown(file.name, uid, gid, system_session_unix()) +@@ -1906,7 +1912,7 @@ def interface_ips_v6(lp): + return ret + + +-def provision_fill(samdb, secrets_ldb, logger, names, paths, ++def provision_fill(samdb, secrets_ldb, logger, names, paths, targetdir, + schema=None, + samdb_fill=FILL_FULL, + hostip=None, hostip6=None, +@@ -1965,6 +1971,9 @@ def provision_fill(samdb, secrets_ldb, logger, names, + samdb.transaction_commit() + + if serverrole == "active directory domain controller": ++ if targetdir and smbd.have_nfsv4_acls() and smbd.has_nfsv4_acls(targetdir): ++ smbd.set_nfsv4_defaults() ++ + # Continue setting up sysvol for GPO. This appears to require being + # outside a transaction. + if not skip_sysvolacl: +@@ -2341,6 +2350,9 @@ def provision(logger, session_info, smbconf=None, + if not os.path.isdir(paths.netlogon): + os.makedirs(paths.netlogon, 0o755) + ++ if smbd.have_nfsv4_acls() and smbd.has_nfsv4_acls(paths.sysvol): ++ smbd.set_nfsv4_defaults() ++ + if adminpass is None: + adminpass = samba.generate_random_password(12, 32) + adminpass_generated = True +@@ -2350,7 +2362,7 @@ def provision(logger, session_info, smbconf=None, + adminpass_generated = False + + if samdb_fill == FILL_FULL: +- provision_fill(samdb, secrets_ldb, logger, names, paths, ++ provision_fill(samdb, secrets_ldb, logger, names, paths, targetdir, + schema=schema, samdb_fill=samdb_fill, + hostip=hostip, hostip6=hostip6, + next_rid=next_rid, dc_rid=dc_rid, adminpass=adminpass, diff --git a/net/samba422/files/patch-source3_lib_sysacls.c b/net/samba422/files/patch-source3_lib_sysacls.c new file mode 100644 index 000000000000..dda39ee2828e --- /dev/null +++ b/net/samba422/files/patch-source3_lib_sysacls.c @@ -0,0 +1,19 @@ +--- source3/lib/sysacls.c.orig 2025-02-06 10:31:54 UTC ++++ source3/lib/sysacls.c +@@ -38,6 +38,16 @@ + #include "modules/vfs_aixacl.h" + #endif + ++/* ++ * NFSv4 ACL's should be understood and a first class citizen. Work ++ * needs to be done in librpc/idl/smb_acl.idl for this to occur. ++ */ ++#if defined(HAVE_LIBSUNACL) && defined(FREEBSD) ++#if 0 ++#include "modules/nfs4_acls.h" ++#endif ++#endif ++ + #undef DBGC_CLASS + #define DBGC_CLASS DBGC_ACLS + diff --git a/net/samba422/files/patch-source3_lib_util.c b/net/samba422/files/patch-source3_lib_util.c new file mode 100644 index 000000000000..cf5bae739144 --- /dev/null +++ b/net/samba422/files/patch-source3_lib_util.c @@ -0,0 +1,14 @@ +--- source3/lib/util.c.orig 2019-05-07 08:38:21 UTC ++++ source3/lib/util.c +@@ -1916,7 +1916,10 @@ bool any_nt_status_not_ok(NTSTATUS err1, + + int timeval_to_msec(struct timeval t) + { +- return t.tv_sec * 1000 + (t.tv_usec+999) / 1000; ++ unsigned long result; ++ ++ result = t.tv_sec * 1000 + (t.tv_usec+999) / 1000; ++ return result > INT_MAX ? INT_MAX : result; + } + + /******************************************************************* diff --git a/net/samba422/files/patch-source3_librpc_crypto_gse.c b/net/samba422/files/patch-source3_librpc_crypto_gse.c new file mode 100644 index 000000000000..61897ee6c8a2 --- /dev/null +++ b/net/samba422/files/patch-source3_librpc_crypto_gse.c @@ -0,0 +1,16 @@ +--- source3/librpc/crypto/gse.c.orig 2019-01-15 10:07:00 UTC ++++ source3/librpc/crypto/gse.c +@@ -621,11 +621,12 @@ static NTSTATUS gse_get_server_auth_toke + struct gse_context *gse_ctx = + talloc_get_type_abort(gensec_security->private_data, + struct gse_context); +- OM_uint32 gss_maj, gss_min; ++ OM_uint32 gss_min; + gss_buffer_desc in_data; + gss_buffer_desc out_data; + DATA_BLOB blob = data_blob_null; + NTSTATUS status; ++ OM_uint32 gss_maj = -1; + OM_uint32 time_rec = 0; + struct timeval tv; + diff --git a/net/samba422/files/patch-source3_modules_vfs__freebsd.c b/net/samba422/files/patch-source3_modules_vfs__freebsd.c new file mode 100644 index 000000000000..9d3e41041117 --- /dev/null +++ b/net/samba422/files/patch-source3_modules_vfs__freebsd.c @@ -0,0 +1,702 @@ +--- source3/modules/vfs_freebsd.c.orig 2025-07-11 10:55:17 UTC ++++ source3/modules/vfs_freebsd.c +@@ -0,0 +1,699 @@ ++/* ++ * This module implements VFS calls specific to FreeBSD ++ * ++ * Copyright (C) Timur I. Bakeyev, 2018 ++ * ++ * This program is free software; you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation; either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * This program is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with this program; if not, see <http://www.gnu.org/licenses/>. ++ */ ++ ++#include "includes.h" ++ ++#include "lib/util/tevent_unix.h" ++#include "lib/util/tevent_ntstatus.h" ++#include "system/filesys.h" ++#include "smbd/smbd.h" ++ ++#include <sys/sysctl.h> ++ ++static int vfs_freebsd_debug_level = DBGC_VFS; ++ ++#undef DBGC_CLASS ++#define DBGC_CLASS vfs_freebsd_debug_level ++ ++#ifndef EXTATTR_MAXNAMELEN ++#define EXTATTR_MAXNAMELEN UINT8_MAX ++#endif ++ ++#define EXTATTR_NAMESPACE(NS) EXTATTR_NAMESPACE_ ## NS, \ ++ EXTATTR_NAMESPACE_ ## NS ## _STRING ".", \ ++ .data.len = (sizeof(EXTATTR_NAMESPACE_ ## NS ## _STRING ".") - 1) ++ ++#define EXTATTR_EMPTY 0x00 ++#define EXTATTR_USER 0x01 ++#define EXTATTR_SYSTEM 0x02 ++#define EXTATTR_SECURITY 0x03 ++#define EXTATTR_TRUSTED 0x04 ++ ++enum extattr_mode { ++ FREEBSD_EXTATTR_SECURE, ++ FREEBSD_EXTATTR_COMPAT, ++ FREEBSD_EXTATTR_LEGACY ++}; ++ ++struct freebsd_handle_data { ++ enum extattr_mode extattr_mode; ++}; ++ ++typedef struct { ++ int namespace; ++ char name[EXTATTR_MAXNAMELEN+1]; ++ union { ++ uint16_t len; ++ uint16_t flags; ++ } data; ++} extattr_attr; ++ ++static const struct enum_list extattr_mode_param[] = { ++ { FREEBSD_EXTATTR_SECURE, "secure" }, /* */ ++ { FREEBSD_EXTATTR_COMPAT, "compat" }, /* */ ++ { FREEBSD_EXTATTR_LEGACY, "legacy" }, /* */ ++ { -1, NULL } ++}; ++ ++/* XXX: This order doesn't match namespace ids order! */ ++static extattr_attr extattr[] = { ++ { EXTATTR_NAMESPACE(EMPTY) }, ++ { EXTATTR_NAMESPACE(SYSTEM) }, ++ { EXTATTR_NAMESPACE(USER) }, ++}; ++ ++ ++static bool freebsd_in_jail(void) { ++ int val = 0; ++ size_t val_len = sizeof(val); ++ ++ if((sysctlbyname("security.jail.jailed", &val, &val_len, NULL, 0) != -1) && val == 1) { ++ return true; ++ } ++ return false; ++} ++ ++ ++static uint16_t freebsd_map_attrname(const char *name) ++{ ++ if(name == NULL || name[0] == '\0') { ++ return EXTATTR_EMPTY; ++ } ++ ++ switch(name[0]) { ++ case 'u': ++ if(strncmp(name, "user.", 5) == 0) ++ return EXTATTR_USER; ++ break; ++ case 't': ++ if(strncmp(name, "trusted.", 8) == 0) ++ return EXTATTR_TRUSTED; ++ break; ++ case 's': ++ /* name[1] could be any character, including '\0' */ ++ switch(name[1]) { ++ case 'e': ++ if(strncmp(name, "security.", 9) == 0) ++ return EXTATTR_SECURITY; ++ break; ++ case 'y': ++ if(strncmp(name, "system.", 7) == 0) ++ return EXTATTR_SYSTEM; ++ break; ++ } ++ break; ++ } ++ return EXTATTR_USER; ++} ++ ++ ++/* security, system, trusted or user */ ++static extattr_attr* freebsd_map_xattr(enum extattr_mode extattr_mode, const char *name, extattr_attr *attr) ++{ ++ int attrnamespace = EXTATTR_NAMESPACE_EMPTY; ++ const char *p, *attrname = name; ++ ++ if(name == NULL || name[0] == '\0') { ++ return NULL; ++ } ++ ++ if(attr == NULL) { ++ return NULL; ++ } ++ ++ uint16_t flags = freebsd_map_attrname(name); ++ ++ switch(flags) { ++ case EXTATTR_SECURITY: ++ case EXTATTR_TRUSTED: ++ case EXTATTR_SYSTEM: ++ attrnamespace = (extattr_mode == FREEBSD_EXTATTR_SECURE) ? ++ EXTATTR_NAMESPACE_SYSTEM : ++ EXTATTR_NAMESPACE_USER; ++ break; ++ case EXTATTR_USER: ++ attrnamespace = EXTATTR_NAMESPACE_USER; ++ break; ++ default: ++ /* Default to "user" namespace if nothing else was specified */ ++ attrnamespace = EXTATTR_NAMESPACE_USER; ++ flags = EXTATTR_USER; ++ break; ++ } ++ ++ if (extattr_mode == FREEBSD_EXTATTR_LEGACY) { ++ switch(flags) { ++ case EXTATTR_SECURITY: ++ attrname = name + 9; ++ break; ++ case EXTATTR_TRUSTED: ++ attrname = name + 8; ++ break; ++ case EXTATTR_SYSTEM: ++ attrname = name + 7; ++ break; ++ case EXTATTR_USER: ++ attrname = name + 5; ++ break; ++ default: ++ attrname = ((p=strchr(name, '.')) != NULL) ? p + 1 : name; ++ break; ++ } ++ } ++ ++ attr->namespace = attrnamespace; ++ attr->data.flags = flags; ++ strlcpy(attr->name, attrname, EXTATTR_MAXNAMELEN + 1); ++ ++ return attr; ++} ++ ++ ++static ssize_t extattr_size(struct files_struct *fsp, extattr_attr *attr) ++{ ++ ssize_t result; ++ ++ SMB_ASSERT(!fsp_is_alternate_stream(fsp)); ++ ++ int fd = fsp_get_pathref_fd(fsp); ++ ++ if (fsp->fsp_flags.is_pathref) { ++ const char *path = fsp->fsp_name->base_name; ++ if (fsp->fsp_flags.have_proc_fds) { ++ char buf[PATH_MAX]; ++ path = sys_proc_fd_path(fd, &buf); ++ if (path == NULL) { ++ return -1; ++ } ++ } ++ /* ++ * This is no longer a handle based call. ++ */ ++ return extattr_get_file(path, attr->namespace, attr->name, NULL, 0); ++ } ++ else { ++ return extattr_get_fd(fd, attr->namespace, attr->name, NULL, 0); ++ } ++} ++ ++/* ++ * The list of names is returned as an unordered array of NULL-terminated ++ * character strings (attribute names are separated by NULL characters), ++ * like this: ++ * user.name1\0system.name1\0user.name2\0 ++ * ++ * Filesystems like ext2, ext3 and XFS which implement POSIX ACLs using ++ * extended attributes, might return a list like this: ++ * system.posix_acl_access\0system.posix_acl_default\0 ++ */ ++/* ++ * The extattr_list_file() returns a list of attributes present in the ++ * requested namespace. Each list entry consists of a single byte containing ++ * the length of the attribute name, followed by the attribute name. The ++ * attribute name is not terminated by ASCII 0 (nul). ++*/ ++static ssize_t freebsd_extattr_list(struct files_struct *fsp, enum extattr_mode extattr_mode, char *list, size_t size) ++{ ++ ssize_t list_size, total_size = 0; ++ char *p, *q, *list_end; ++ int len; ++ /* ++ Ignore all but user namespace when we are not root or in jail ++ See: https://bugzilla.samba.org/show_bug.cgi?id=10247 ++ */ ++ bool as_root = (geteuid() == 0); ++ ++ int ns = (extattr_mode == FREEBSD_EXTATTR_SECURE && as_root) ? 1 : 2; ++ ++ int fd = fsp_get_pathref_fd(fsp); ++ ++ /* Iterate through extattr(2) namespaces */ ++ for(; ns < ARRAY_SIZE(extattr); ns++) { ++ list_size = -1; ++ ++ if (fsp->fsp_flags.is_pathref) { ++ const char *path = fsp->fsp_name->base_name; ++ if (fsp->fsp_flags.have_proc_fds) { ++ char buf[PATH_MAX]; ++ path = sys_proc_fd_path(fd, &buf); ++ if (path == NULL) { ++ return -1; ++ } ++ } ++ /* ++ * This is no longer a handle based call. ++ */ ++ list_size = extattr_list_file(path, extattr[ns].namespace, list, size); ++ } ++ else { ++ list_size = extattr_list_fd(fd, extattr[ns].namespace, list, size); ++ } ++ /* Some error happend. Errno should be set by the previous call */ ++ if(list_size < 0) ++ return -1; ++ /* No attributes in this namespace */ ++ if(list_size == 0) ++ continue; ++ /* ++ Call with an empty buffer may be used to calculate ++ necessary buffer size. ++ */ ++ if(list == NULL) { ++ /* ++ XXX: Unfortunately, we can't say, how many attributes were ++ returned, so here is the potential problem with the emulation. ++ */ ++ if(extattr_mode == FREEBSD_EXTATTR_LEGACY) { ++ /* ++ Take the worse case of one char attribute names - ++ two bytes per name plus one more for sanity. ++ */ ++ total_size += list_size + (list_size/2 + 1)*extattr[ns].data.len; ++ } ++ else { ++ total_size += list_size; ++ } ++ continue; ++ } ++ ++ if(extattr_mode == FREEBSD_EXTATTR_LEGACY) { ++ /* Count necessary offset to fit namespace prefixes */ ++ int extra_len = 0; ++ uint16_t flags; ++ list_end = list + list_size; ++ for(list_size = 0, p = q = list; p < list_end; p += len) { ++ len = p[0] + 1; ++ (void)strlcpy(q, p + 1, len); ++ flags = freebsd_map_attrname(q); ++ /* Skip secure attributes for non-root user */ ++ if(extattr_mode != FREEBSD_EXTATTR_SECURE && !as_root && flags > EXTATTR_USER) { ++ continue; ++ } ++ if(flags <= EXTATTR_USER) { ++ /* Don't count trailing '\0' */ ++ extra_len += extattr[ns].data.len; ++ } ++ list_size += len; ++ q += len; ++ } ++ total_size += list_size + extra_len; ++ /* Buffer is too small to fit the results */ ++ if(total_size > size) { ++ errno = ERANGE; ++ return -1; ++ } ++ /* Shift results backwards, so we can prepend prefixes */ ++ list_end = list + extra_len; ++ p = (char*)memmove(list_end, list, list_size); ++ /* ++ We enter the loop with `p` pointing to the shifted list and ++ `extra_len` having the total margin between `list` and `p` ++ */ ++ for(list_end += list_size; p < list_end; p += len) { ++ len = strlen(p) + 1; ++ flags = freebsd_map_attrname(p); ++ if(flags <= EXTATTR_USER) { ++ /* Add namespace prefix */ ++ (void)strncpy(list, extattr[ns].name, extattr[ns].data.len); ++ list += extattr[ns].data.len; ++ } ++ /* Append attribute name */ ++ (void)strlcpy(list, p, len); ++ list += len; ++ } ++ } ++ else { ++ /* Convert UCSD strings into nul-terminated strings */ ++ for(list_end = list + list_size; list < list_end; list += len) { ++ len = list[0] + 1; ++ (void)strlcpy(list, list + 1, len); ++ } ++ total_size += list_size; ++ } ++ } ++ return total_size; ++} ++ ++/* ++static ssize_t freebsd_fgetxattr_size(struct vfs_handle_struct *handle, ++ struct files_struct *fsp, ++ const char *name) ++{ ++ struct freebsd_handle_data *data; ++ extattr_attr attr; ++ ++ SMB_ASSERT(!fsp_is_alternate_stream(fsp)); ++ ++ SMB_VFS_HANDLE_GET_DATA(handle, data, ++ struct freebsd_handle_data, ++ return -1); ++ ++ if(!freebsd_map_xattr(data->extattr_mode, name, &attr)) { ++ errno = EINVAL; ++ return -1; ++ } ++ ++ if(data->extattr_mode != FREEBSD_EXTATTR_SECURE && geteuid() != 0 && attr.data.flags > EXTATTR_USER) { ++ errno = ENOATTR; ++ return -1; ++ } ++ ++ return extattr_size(fsp, &attr); ++} ++*/ ++ ++/* VFS entries */ ++static ssize_t freebsd_fgetxattr(struct vfs_handle_struct *handle, ++ struct files_struct *fsp, ++ const char *name, ++ void *value, ++ size_t size) ++{ ++#if defined(HAVE_XATTR_EXTATTR) ++ struct freebsd_handle_data *data; ++ extattr_attr attr; ++ ssize_t res; ++ int fd; ++ ++ SMB_ASSERT(!fsp_is_alternate_stream(fsp)); ++ ++ SMB_VFS_HANDLE_GET_DATA(handle, data, ++ struct freebsd_handle_data, ++ return -1); ++ ++ if(!freebsd_map_xattr(data->extattr_mode, name, &attr)) { ++ errno = EINVAL; ++ return -1; ++ } ++ ++ /* Filter out 'secure' entries */ ++ if(data->extattr_mode != FREEBSD_EXTATTR_SECURE && geteuid() != 0 && attr.data.flags > EXTATTR_USER) { ++ errno = ENOATTR; ++ return -1; ++ } ++ ++ /* ++ * The BSD implementation has a nasty habit of silently truncating ++ * the returned value to the size of the buffer, so we have to check ++ * that the buffer is large enough to fit the returned value. ++ */ ++ if((res=extattr_size(fsp, &attr)) < 0) { ++ return -1; ++ } ++ ++ if (size == 0) { ++ return res; ++ } ++ else if (res > size) { ++ errno = ERANGE; ++ return -1; ++ } ++ ++ fd = fsp_get_pathref_fd(fsp); ++ ++ if (fsp->fsp_flags.is_pathref) { ++ const char *path = fsp->fsp_name->base_name; ++ if (fsp->fsp_flags.have_proc_fds) { ++ char buf[PATH_MAX]; ++ path = sys_proc_fd_path(fd, &buf); ++ if (path == NULL) { ++ return -1; ++ } ++ } ++ /* ++ * This is no longer a handle based call. ++ */ ++ return extattr_get_file(path, attr.namespace, attr.name, value, size); ++ } ++ else { ++ return extattr_get_fd(fd, attr.namespace, attr.name, value, size); ++ } ++ return -1; ++#else ++ errno = ENOSYS; ++ return -1; ++#endif ++} ++ ++ ++static ssize_t freebsd_flistxattr(struct vfs_handle_struct *handle, ++ struct files_struct *fsp, ++ char *list, ++ size_t size) ++{ ++#if defined(HAVE_XATTR_EXTATTR) ++ struct freebsd_handle_data *data; ++ ++ SMB_ASSERT(!fsp_is_alternate_stream(fsp)); ++ ++ SMB_VFS_HANDLE_GET_DATA(handle, data, ++ struct freebsd_handle_data, ++ return -1); ++ ++ return freebsd_extattr_list(fsp, data->extattr_mode, list, size); ++#else ++ errno = ENOSYS; ++ return -1; ++#endif ++} ++ ++ ++static int freebsd_fremovexattr(struct vfs_handle_struct *handle, ++ struct files_struct *fsp, ++ const char *name) ++{ ++#if defined(HAVE_XATTR_EXTATTR) ++ struct freebsd_handle_data *data; ++ extattr_attr attr; ++ int fd; ++ ++ SMB_ASSERT(!fsp_is_alternate_stream(fsp)); ++ ++ SMB_VFS_HANDLE_GET_DATA(handle, data, ++ struct freebsd_handle_data, ++ return -1); ++ ++ if(!freebsd_map_xattr(data->extattr_mode, name, &attr)) { ++ errno = EINVAL; ++ return -1; ++ } ++ ++ /* Filter out 'secure' entries */ ++ if(data->extattr_mode != FREEBSD_EXTATTR_SECURE && geteuid() != 0 && attr.data.flags > EXTATTR_USER) { ++ errno = ENOATTR; ++ return -1; ++ } ++ ++ fd = fsp_get_pathref_fd(fsp); ++ ++ if (fsp->fsp_flags.is_pathref) { ++ const char *path = fsp->fsp_name->base_name; ++ if (fsp->fsp_flags.have_proc_fds) { ++ char buf[PATH_MAX]; ++ path = sys_proc_fd_path(fd, &buf); ++ if (path == NULL) { ++ return -1; ++ } ++ } ++ /* ++ * This is no longer a handle based call. ++ */ ++ return extattr_delete_file(path, attr.namespace, attr.name); ++ } ++ else { ++ return extattr_delete_fd(fd, attr.namespace, attr.name); ++ } ++ return -1; ++#else ++ errno = ENOSYS; ++ return -1; ++#endif ++} ++ ++ ++static int freebsd_fsetxattr(struct vfs_handle_struct *handle, ++ struct files_struct *fsp, ++ const char *name, ++ const void *value, ++ size_t size, ++ int flags) ++{ ++#if defined(HAVE_XATTR_EXTATTR) ++ struct freebsd_handle_data *data; ++ extattr_attr attr; ++ ssize_t res; ++ int fd; ++ ++ SMB_ASSERT(!fsp_is_alternate_stream(fsp)); ++ ++ SMB_VFS_HANDLE_GET_DATA(handle, data, ++ struct freebsd_handle_data, ++ return -1); ++ ++ if(!freebsd_map_xattr(data->extattr_mode, name, &attr)) { ++ errno = EINVAL; ++ return -1; ++ } ++ ++ /* Filter out 'secure' entries */ ++ if(data->extattr_mode != FREEBSD_EXTATTR_SECURE && geteuid() != 0 && attr.data.flags > EXTATTR_USER) { ++ errno = ENOATTR; ++ return -1; ++ } ++ ++ if (flags) { ++ /* Check attribute existence */ ++ res = extattr_size(fsp, &attr); ++ if (res < 0) { ++ /* REPLACE attribute, that doesn't exist */ ++ if ((flags & XATTR_REPLACE) && errno == ENOATTR) { ++ errno = ENOATTR; ++ return -1; ++ } ++ /* Ignore other errors */ ++ } ++ else { ++ /* CREATE attribute, that already exists */ ++ if (flags & XATTR_CREATE) { ++ errno = EEXIST; ++ return -1; ++ } ++ } ++ } ++ ++ fd = fsp_get_pathref_fd(fsp); ++ ++ if (fsp->fsp_flags.is_pathref) { ++ const char *path = fsp->fsp_name->base_name; ++ if (fsp->fsp_flags.have_proc_fds) { ++ char buf[PATH_MAX]; ++ path = sys_proc_fd_path(fd, &buf); ++ if (path == NULL) { ++ return -1; ++ } ++ } ++ /* ++ * This is no longer a handle based call. ++ */ ++ res = extattr_set_file(path, attr.namespace, attr.name, value, size); ++ } ++ else { ++ res = extattr_set_fd(fd, attr.namespace, attr.name, value, size); ++ } ++ return (res >= 0) ? 0 : -1; ++#else ++ errno = ENOSYS; ++ return -1; ++#endif ++} ++ ++ ++static int freebsd_connect(struct vfs_handle_struct *handle, ++ const char *service, ++ const char *user) ++{ ++ struct freebsd_handle_data *data; ++ int enumval, saved_errno; ++ ++ int ret = SMB_VFS_NEXT_CONNECT(handle, service, user); ++ ++ if (ret < 0) { ++ return ret; ++ } ++ ++ data = talloc_zero(handle->conn, struct freebsd_handle_data); ++ if (!data) { ++ saved_errno = errno; ++ SMB_VFS_NEXT_DISCONNECT(handle); ++ DEBUG(0, ("talloc_zero() failed\n")); ++ errno = saved_errno; ++ return -1; ++ } ++ ++ enumval = lp_parm_enum(SNUM(handle->conn), "freebsd", ++ "extattr mode", extattr_mode_param, FREEBSD_EXTATTR_LEGACY); ++ if (enumval == -1) { ++ saved_errno = errno; ++ SMB_VFS_NEXT_DISCONNECT(handle); ++ DBG_DEBUG("value for freebsd: 'extattr mode' is unknown\n"); ++ errno = saved_errno; ++ return -1; ++ } ++ ++ if(freebsd_in_jail()) { ++ enumval = FREEBSD_EXTATTR_COMPAT; ++ DBG_WARNING("running in jail, enforcing 'compat' mode\n"); ++ } ++ ++ data->extattr_mode = (enum extattr_mode)enumval; ++ ++ SMB_VFS_HANDLE_SET_DATA(handle, data, NULL, ++ struct freebsd_handle_data, ++ return -1); ++ ++ DBG_DEBUG("connect to service[%s] with '%s' extattr mode\n", ++ service, extattr_mode_param[data->extattr_mode].name); ++ ++ return 0; ++} ++ ++ ++static void freebsd_disconnect(vfs_handle_struct *handle) ++{ ++ SMB_VFS_NEXT_DISCONNECT(handle); ++} ++ ++/* VFS operations structure */ ++ ++struct vfs_fn_pointers freebsd_fns = { ++ /* Disk operations */ ++ .connect_fn = freebsd_connect, ++ .disconnect_fn = freebsd_disconnect, ++ ++ /* EA operations. */ ++ .getxattrat_send_fn = vfs_not_implemented_getxattrat_send, ++ .getxattrat_recv_fn = vfs_not_implemented_getxattrat_recv, ++ .fgetxattr_fn = freebsd_fgetxattr, ++ .flistxattr_fn = freebsd_flistxattr, ++ .fremovexattr_fn = freebsd_fremovexattr, ++ .fsetxattr_fn = freebsd_fsetxattr, ++}; ++ ++static_decl_vfs; ++NTSTATUS vfs_freebsd_init(TALLOC_CTX *ctx) ++{ ++ NTSTATUS ret; ++ ++ ret = smb_register_vfs(SMB_VFS_INTERFACE_VERSION, "freebsd", ++ &freebsd_fns); ++ ++ if (!NT_STATUS_IS_OK(ret)) { ++ return ret; ++ } ++ ++ vfs_freebsd_debug_level = debug_add_class("freebsd"); ++ if (vfs_freebsd_debug_level == -1) { ++ vfs_freebsd_debug_level = DBGC_VFS; ++ DEBUG(0, ("vfs_freebsd: Couldn't register custom debugging class!\n")); ++ } else { ++ DEBUG(10, ("vfs_freebsd: Debug class number of 'fileid': %d\n", vfs_freebsd_debug_level)); ++ } ++ ++ return ret; ++} diff --git a/net/samba422/files/patch-source3_modules_vfs__virusfilter__utils.c b/net/samba422/files/patch-source3_modules_vfs__virusfilter__utils.c new file mode 100644 index 000000000000..6e6dc6d2bae5 --- /dev/null +++ b/net/samba422/files/patch-source3_modules_vfs__virusfilter__utils.c @@ -0,0 +1,36 @@ +--- source3/modules/vfs_virusfilter_utils.c.orig 2019-01-15 10:07:00 UTC ++++ source3/modules/vfs_virusfilter_utils.c +@@ -392,6 +392,10 @@ bool virusfilter_io_writel( + + bool virusfilter_io_writefl( + struct virusfilter_io_handle *io_h, ++ const char *data_fmt, ...) PRINTF_ATTRIBUTE(2, 3); ++ ++bool virusfilter_io_writefl( ++ struct virusfilter_io_handle *io_h, + const char *data_fmt, ...) + { + va_list ap; +@@ -415,6 +419,10 @@ bool virusfilter_io_writefl( + + bool virusfilter_io_vwritefl( + struct virusfilter_io_handle *io_h, ++ const char *data_fmt, va_list ap) PRINTF_ATTRIBUTE(2, 0); ++ ++bool virusfilter_io_vwritefl( ++ struct virusfilter_io_handle *io_h, + const char *data_fmt, va_list ap) + { + char data[VIRUSFILTER_IO_BUFFER_SIZE + VIRUSFILTER_IO_EOL_SIZE]; +@@ -666,6 +674,11 @@ bool virusfilter_io_readl(TALLOC_CTX *ct + bool virusfilter_io_writefl_readl( + struct virusfilter_io_handle *io_h, + char **read_line, ++ const char *fmt, ...) PRINTF_ATTRIBUTE(3, 4); ++ ++bool virusfilter_io_writefl_readl( ++ struct virusfilter_io_handle *io_h, ++ char **read_line, + const char *fmt, ...) + { + bool ok; diff --git a/net/samba422/files/patch-source3_modules_vfs__zfsacl.c b/net/samba422/files/patch-source3_modules_vfs__zfsacl.c new file mode 100644 index 000000000000..d96450f19316 --- /dev/null +++ b/net/samba422/files/patch-source3_modules_vfs__zfsacl.c @@ -0,0 +1,182 @@ +--- source3/modules/vfs_zfsacl.c 2024-07-29 11:03:15.390630700 +0200 ++++ source3/modules/vfs_zfsacl.c 2025-01-07 15:56:32.048227000 +0100 +@@ -169,6 +169,7 @@ + bool must_add_empty_ace = false; + struct zfsacl_config_data *config = NULL; + int fd; ++ struct sys_proc_fd_path_buf buf; + + SMB_VFS_HANDLE_GET_DATA(handle, config, + struct zfsacl_config_data, +@@ -235,24 +236,52 @@ + SMB_ASSERT(i == naces); + + /* store acl */ +- fd = fsp_get_pathref_fd(fsp); +- if (fd == -1) { ++ ++ if (!fsp->fsp_flags.is_pathref) { ++ fd = fsp_get_io_fd(fsp); ++ ++ rv = facl(fd, ACE_SETACL, naces, acebuf); ++ if (rv != 0) { ++ DEBUG(8, ("zfs_process_smbacl(%s): Not PATHREF: facl(ACE_SETACL, %d): %s\n", ++ fsp_str_dbg(fsp), naces, ++ strerror(errno))); ++ return false; ++ } ++ DEBUG(10, ("zfs_process_smbacl(%s): Not PATHREF: facl(ACE_SETACL, %d) -> %d\n", ++ fsp_str_dbg(fsp), naces, ++ rv)); ++ ++ } else if (fsp->fsp_flags.have_proc_fds) { ++ fd = fsp_get_pathref_fd(fsp); ++ if (fd == -1) { ++ DEBUG(8, ("zfs_process_smbacl(%s): PATHREF(proc_fd): fsp_get_pathref_fd=-1: %s\n", ++ fsp_str_dbg(fsp), strerror(errno))); + errno = EBADF; + return false; +- } +- rv = facl(fd, ACE_SETACL, naces, acebuf); +- if (rv != 0) { +- if(errno == ENOSYS) { +- DEBUG(9, ("acl(ACE_SETACL, %s): Operation is not " +- "supported on the filesystem where the file " +- "resides\n", fsp_str_dbg(fsp))); +- } else { +- DEBUG(9, ("acl(ACE_SETACL, %s): %s\n", fsp_str_dbg(fsp), +- strerror(errno))); +- } ++ } ++ rv = acl(sys_proc_fd_path(fd, &buf), ACE_SETACL, naces, acebuf); ++ if (rv != 0) { ++ DEBUG(8, ("zfs_process_smbacl(%s): acl(ACE_SETACL, %d): %s\n", ++ fsp_str_dbg(fsp), naces, ++ strerror(errno))); + return false; ++ } ++ DEBUG(10, ("zfs_process_smbacl(%s): PATHREF(proc_fd): acl(ACE_SETACL, %d) -> %d\n", ++ fsp_str_dbg(fsp), naces, ++ rv)); ++ } else { ++ rv = acl(fsp->fsp_name->base_name, ACE_SETACL, naces, acebuf); ++ if (rv != 0) { ++ DEBUG(8, ("zfs_process_smbacl(%s): PATHREF(base_name): acl(ACE_SETACL, %d): %s\n", ++ fsp_str_dbg(fsp), naces, ++ strerror(errno))); ++ return false; ++ } ++ DEBUG(10, ("zfs_process_smbacl(%s): PATHREF(base_name): facl(ACE_SETACL, %d) -> %d\n", ++ fsp_str_dbg(fsp), naces, ++ rv)); + } +- ++ + return True; + } + +@@ -282,25 +311,46 @@ + struct files_struct *fsp, + ace_t **outbuf) + { +- int naces, rv; ++ int naces, rv = -1, fd = -1; + ace_t *acebuf = NULL; +- int fd; ++ struct sys_proc_fd_path_buf buf; + +- fd = fsp_get_pathref_fd(fsp); +- if (fd == -1) { ++ ++ if (!fsp->fsp_flags.is_pathref) { ++ fd = fsp_get_io_fd(fsp); ++ if (fd == -1) { ++ DEBUG(8, ("fget_zfsacl(%s): Not PATHREF: fsp_get_io_fd=-1: %s\n", ++ fsp_str_dbg(fsp), strerror(errno))); + errno = EBADF; + return -1; +- } +- naces = facl(fd, ACE_GETACLCNT, 0, NULL); +- if (naces == -1) { +- int dbg_level = 10; +- +- if (errno == ENOSYS) { +- dbg_level = 1; +- } +- DEBUG(dbg_level, ("facl(ACE_GETACLCNT, %s): %s\n", ++ } ++ naces = facl(fd, ACE_GETACLCNT, 0, NULL); ++ if (naces == -1) { ++ DEBUG(8, ("fget_zfsacl(%s): Not PATHREF: facl(ACE_GETACLCNT): %s\n", ++ fsp_str_dbg(fsp), strerror(errno))); ++ return -1; ++ } ++ } else if (fsp->fsp_flags.have_proc_fds) { ++ fd = fsp_get_pathref_fd(fsp); ++ if (fd == -1) { ++ DEBUG(8, ("fget_zfsacl(%s): PATHREF(proc_fd): fsp_get_pathref_fd=-1: %s\n", ++ fsp_str_dbg(fsp), strerror(errno))); ++ errno = EBADF; ++ return -1; ++ } ++ naces = acl(sys_proc_fd_path(fd, &buf), ACE_GETACLCNT, 0, NULL); ++ if (naces == -1) { ++ DEBUG(8, ("fget_zfsacl(%s): PATHREF(proc_fd): acl(ACE_GETACLCNT): %s\n", + fsp_str_dbg(fsp), strerror(errno))); +- return naces; ++ return -1; ++ } ++ } else { ++ naces = acl(fsp->fsp_name->base_name, ACE_GETACLCNT, 0, NULL); ++ if (naces == -1) { ++ DEBUG(8, ("fget_zfsacl(%s): PATHREF(base_name): acl(ACE_GETACLCNT): %s\n", ++ fsp_str_dbg(fsp), strerror(errno))); ++ return -1; ++ } + } + + acebuf = talloc_size(mem_ctx, sizeof(ace_t)*naces); +@@ -309,15 +359,37 @@ + return -1; + } + +- rv = facl(fd, ACE_GETACL, naces, acebuf); +- if (rv == -1) { +- DBG_DEBUG("acl(ACE_GETACL, %s): %s\n", +- fsp_str_dbg(fsp), strerror(errno)); ++ if (!fsp->fsp_flags.is_pathref) { ++ rv = facl(fd, ACE_GETACL, naces, acebuf); ++ if (rv == -1) { ++ DEBUG(8, ("fget_zfsacl(%s): Not PATHREF: facl(ACE_GETACL): %s\n", ++ fsp_str_dbg(fsp), strerror(errno))); + return -1; ++ } ++ DEBUG(10, ("fget_zfsacl(%s): Not PATHREF: facl(ACE_GETACL) -> %d entries\n", ++ fsp_str_dbg(fsp), rv)); ++ } else if (fsp->fsp_flags.have_proc_fds) { ++ rv = acl(sys_proc_fd_path(fd, &buf), ACE_GETACL, naces, acebuf); ++ if (rv == -1) { ++ DEBUG(8, ("fget_zfsacl(%s): PATHREF(proc_fd): acl(ACE_GETACL): %s\n", ++ fsp_str_dbg(fsp), strerror(errno))); ++ return -1; ++ } ++ DEBUG(10, ("fget_zfsacl(%s): PATHREF(proc_fd): acl(ACE_GETACL) -> %d entries\n", ++ fsp_str_dbg(fsp), rv)); ++ } else { ++ rv = acl(fsp->fsp_name->base_name, ACE_GETACL, naces, acebuf); ++ if (rv == -1) { ++ DEBUG(8, ("fget_zfsacl(%s): PATHREF(base_name): acl(ACE_GETACL): %s\n", ++ fsp_str_dbg(fsp), strerror(errno))); ++ return -1; ++ } ++ DEBUG(10, ("fget_zfsacl(%s): PATHREF(base_name): acl(ACE_GETACL) -> %d entries\n", ++ fsp_str_dbg(fsp), rv)); + } +- ++ + *outbuf = acebuf; +- return naces; ++ return rv; + } + + static NTSTATUS zfsacl_fget_nt_acl(struct vfs_handle_struct *handle, diff --git a/net/samba422/files/patch-source3_modules_wscript__build b/net/samba422/files/patch-source3_modules_wscript__build new file mode 100644 index 000000000000..5c008e39e5b8 --- /dev/null +++ b/net/samba422/files/patch-source3_modules_wscript__build @@ -0,0 +1,16 @@ +--- source3/modules/wscript_build.orig 2025-02-06 10:31:54 UTC ++++ source3/modules/wscript_build +@@ -641,6 +641,13 @@ bld.SAMBA3_MODULE('vfs_delay_inject', + enabled=bld.SAMBA3_IS_ENABLED_MODULE('vfs_delay_inject'), + install=False) + ++bld.SAMBA3_MODULE('vfs_freebsd', ++ subsystem='vfs', ++ source='vfs_freebsd.c', ++ init_function='', ++ internal_module=bld.SAMBA3_IS_STATIC_MODULE('vfs_freebsd'), ++ enabled=bld.SAMBA3_IS_ENABLED_MODULE('vfs_freebsd')) ++ + bld.SAMBA3_MODULE('vfs_widelinks', + subsystem='vfs', + source='vfs_widelinks.c', diff --git a/net/samba422/files/patch-source3_param_loadparm.c b/net/samba422/files/patch-source3_param_loadparm.c new file mode 100644 index 000000000000..9d74f59bfd2a --- /dev/null +++ b/net/samba422/files/patch-source3_param_loadparm.c @@ -0,0 +1,32 @@ +--- source3/param/loadparm.c.orig 2025-02-06 10:31:54 UTC ++++ source3/param/loadparm.c +@@ -2890,9 +2890,29 @@ static void init_locals(void) + } else { + if (lp_parm_const_string(-1, "xattr_tdb", "file", NULL)) { + lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr xattr_tdb"); ++ /* ++ * By default, the samba sysvol is located in the statedir. Provisioning will fail in setntacl ++ * unless we have zfacl enabled. Unfortunately, at this point the smb.conf has not been generated. ++ * This workaround is freebsd-specific. ++ */ ++#if defined(_PC_ACL_EXTENDED) ++ } else if (pathconf(lp_state_directory(), _PC_ACL_EXTENDED) == 1) { ++ lp_do_parameter(-1, "vfs objects", "dfs_samba4 freebsd"); ++#endif ++#if defined(_PC_ACL_NFS4) ++ } else if (pathconf(lp_state_directory(), _PC_ACL_NFS4) == 1) { ++ lp_do_parameter(-1, "vfs objects", "dfs_samba4 zfsacl"); ++#endif + } else if (lp_parm_const_string(-1, "posix", "eadb", NULL)) { + lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr posix_eadb"); + } else { ++ /* ++ * This should only set dfs_samba4 and leave acl_xattr ++ * to be set later (or zfsacl). The only reason the decision ++ * can't be made here to load acl_xattr or zfsacl is ++ * that we don't have access to what the target ++ * directory is. ++ */ + lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr"); + } + } diff --git a/net/samba422/files/patch-source3_registry_tests_test__regfio.c b/net/samba422/files/patch-source3_registry_tests_test__regfio.c new file mode 100644 index 000000000000..e79c77c9731e --- /dev/null +++ b/net/samba422/files/patch-source3_registry_tests_test__regfio.c @@ -0,0 +1,10 @@ +--- source3/registry/tests/test_regfio.c.orig 2019-05-07 08:38:21 UTC ++++ source3/registry/tests/test_regfio.c +@@ -24,6 +24,7 @@ + + #include <errno.h> + #include <stdlib.h> ++#include <unistd.h> + #include <sys/types.h> + #include <sys/stat.h> + #include <fcntl.h> diff --git a/net/samba422/files/patch-source3_smbd_pysmbd.c b/net/samba422/files/patch-source3_smbd_pysmbd.c new file mode 100644 index 000000000000..2f0c06720168 --- /dev/null +++ b/net/samba422/files/patch-source3_smbd_pysmbd.c @@ -0,0 +1,230 @@ +--- source3/smbd/pysmbd.c.orig 2025-02-20 12:58:50 UTC ++++ source3/smbd/pysmbd.c +@@ -507,6 +507,20 @@ static SMB_ACL_T make_simple_acl(TALLOC_CTX *mem_ctx, + return acl; + } + ++static SMB_ACL_T make_simple_nfsv4_acl(TALLOC_CTX *mem_ctx, ++ gid_t gid, ++ mode_t chmod_mode) ++{ ++ /* ++ * This function needs to create an NFSv4 ACL. Currently, the only way ++ * to do so is to use the operating system interface, or to use the ++ * functions in source3/modules/nfs4_acls.c. These seems ugly and ++ * hacky. NFSv4 ACL's should be a first class citizen and ++ * librpc/idl/smb_acl.idl should be modified accordingly. ++ */ ++ return NULL; ++} ++ + /* + set a simple ACL on a file, as a test + */ +@@ -579,7 +593,85 @@ static PyObject *py_smbd_set_simple_acl(PyObject *self + Py_RETURN_NONE; + } + ++ + /* ++ set a simple NFSv4 ACL on a file, as a test ++ */ ++static PyObject *py_smbd_set_simple_nfsv4_acl(PyObject *self, PyObject *args, PyObject *kwargs) ++{ ++ const char * const kwnames[] = { ++ "fname", ++ "mode", ++ "session_info", ++ "gid", ++ "service", ++ NULL ++ }; ++ char *fname, *service = NULL; ++ PyObject *py_session = Py_None; ++ struct auth_session_info *session_info = NULL; ++ int ret; ++ int mode, gid = -1; ++ SMB_ACL_T acl; ++ TALLOC_CTX *frame; ++ connection_struct *conn; ++ ++ if (!PyArg_ParseTupleAndKeywords(args, kwargs, "siO|iz", ++ discard_const_p(char *, kwnames), ++ &fname, ++ &mode, ++ &py_session, ++ &gid, ++ &service)) ++ return NULL; ++ ++ if (!py_check_dcerpc_type(py_session, ++ "samba.dcerpc.auth", ++ "session_info")) { ++ return NULL; ++ } ++ session_info = pytalloc_get_type(py_session, ++ struct auth_session_info); ++ if (session_info == NULL) { ++ PyErr_Format(PyExc_TypeError, ++ "Expected auth_session_info for session_info argument got %s", ++ pytalloc_get_name(py_session)); ++ return NULL; ++ } ++ ++ frame = talloc_stackframe(); ++ ++ acl = make_simple_nfsv4_acl(frame, gid, mode); ++ if (acl == NULL) { ++ TALLOC_FREE(frame); ++ Py_RETURN_NONE; ++ } ++ ++ conn = get_conn_tos(service, session_info); ++ if (!conn) { ++ TALLOC_FREE(frame); ++ Py_RETURN_NONE; ++ } ++ ++ /* ++ * SMB_ACL_TYPE_ACCESS -> ACL_TYPE_ACCESS -> Not valid for NFSv4 ACL ++ */ ++ ret = 0; ++ ++ /* ret = set_sys_acl_conn(fname, SMB_ACL_TYPE_ACCESS, acl, conn); */ ++ ++ if (ret != 0) { ++ TALLOC_FREE(frame); ++ errno = ret; ++ return PyErr_SetFromErrno(PyExc_OSError); ++ } ++ ++ TALLOC_FREE(frame); ++ ++ Py_RETURN_NONE; ++} ++ ++/* + chown a file + */ + static PyObject *py_smbd_chown(PyObject *self, PyObject *args, PyObject *kwargs) +@@ -767,7 +859,7 @@ static PyObject *py_smbd_unlink(PyObject *self, PyObje + } + + /* +- check if we have ACL support ++ check if we have POSIX.1e ACL support + */ + static PyObject *py_smbd_have_posix_acls(PyObject *self, + PyObject *Py_UNUSED(ignored)) +@@ -779,7 +871,84 @@ static PyObject *py_smbd_have_posix_acls(PyObject *sel + #endif + } + ++static PyObject *py_smbd_has_posix_acls(PyObject *self, PyObject *args, PyObject *kwargs) ++{ ++ const char * const kwnames[] = { "path", NULL }; ++ char *path = NULL; ++ TALLOC_CTX *frame; ++ struct statfs fs; ++ int ret = false; ++ ++ frame = talloc_stackframe(); ++ ++ if (!PyArg_ParseTupleAndKeywords(args, kwargs, "s|z", ++ discard_const_p(char *, kwnames), &path)) { ++ TALLOC_FREE(frame); ++ return NULL; ++ } ++ ++ if (statfs(path, &fs) != 0) { ++ TALLOC_FREE(frame); ++ return NULL; ++ } ++ ++ if (fs.f_flags & MNT_ACLS) ++ ret = true; ++ ++ TALLOC_FREE(frame); ++ return PyBool_FromLong(ret); ++} ++ + /* ++ check if we have NFSv4 ACL support ++ */ ++static PyObject *py_smbd_have_nfsv4_acls(PyObject *self) ++{ ++#ifdef HAVE_LIBSUNACL ++ return PyBool_FromLong(true); ++#else ++ return PyBool_FromLong(false); ++#endif ++} ++ ++static PyObject *py_smbd_has_nfsv4_acls(PyObject *self, PyObject *args, PyObject *kwargs) ++{ ++ const char * const kwnames[] = { "path", NULL }; ++ char *path = NULL; ++ TALLOC_CTX *frame; ++ struct statfs fs; ++ int ret = false; ++ ++ frame = talloc_stackframe(); ++ ++ if (!PyArg_ParseTupleAndKeywords(args, kwargs, "s|z", ++ discard_const_p(char *, kwnames), &path)) { ++ TALLOC_FREE(frame); ++ return NULL; ++ } ++ ++ if (statfs(path, &fs) != 0) { ++ TALLOC_FREE(frame); ++ return NULL; ++ } ++ ++ if (fs.f_flags & MNT_NFS4ACLS) ++ ret = true; ++ ++ TALLOC_FREE(frame); ++ return PyBool_FromLong(ret); ++} ++ ++ ++static PyObject *py_smbd_set_nfsv4_defaults(PyObject *self) ++{ ++ /* ++ * It is really be done in source3/param/loadparm.c ++ */ ++ Py_RETURN_NONE; ++} ++ ++/* + set the NT ACL on a file + */ + static PyObject *py_smbd_set_nt_acl(PyObject *self, PyObject *args, PyObject *kwargs) +@@ -1284,8 +1453,26 @@ static PyMethodDef py_smbd_methods[] = { + { "have_posix_acls", + (PyCFunction)py_smbd_have_posix_acls, METH_NOARGS, + NULL }, ++ { "has_posix_acls", ++ PY_DISCARD_FUNC_SIG(PyCFunction, py_smbd_has_posix_acls), ++ METH_VARARGS|METH_KEYWORDS, ++ NULL }, ++ { "have_nfsv4_acls", ++ (PyCFunction)py_smbd_have_nfsv4_acls, METH_NOARGS, ++ NULL }, ++ { "has_nfsv4_acls", ++ PY_DISCARD_FUNC_SIG(PyCFunction, py_smbd_has_nfsv4_acls), ++ METH_VARARGS|METH_KEYWORDS, ++ NULL }, ++ { "set_nfsv4_defaults", ++ (PyCFunction)py_smbd_set_nfsv4_defaults, METH_NOARGS, ++ NULL }, + { "set_simple_acl", + PY_DISCARD_FUNC_SIG(PyCFunction, py_smbd_set_simple_acl), ++ METH_VARARGS|METH_KEYWORDS, ++ NULL }, ++ { "set_simple_nfsv4_acl", ++ PY_DISCARD_FUNC_SIG(PyCFunction, py_smbd_set_simple_nfsv4_acl), + METH_VARARGS|METH_KEYWORDS, + NULL }, + { "set_nt_acl", diff --git a/net/samba422/files/patch-source3_winbindd_wscript__build b/net/samba422/files/patch-source3_winbindd_wscript__build new file mode 100644 index 000000000000..60acba0507a6 --- /dev/null +++ b/net/samba422/files/patch-source3_winbindd_wscript__build @@ -0,0 +1,11 @@ +--- source3/winbindd/wscript_build.orig 2019-01-15 10:07:00 UTC ++++ source3/winbindd/wscript_build +@@ -2,7 +2,7 @@ + + bld.SAMBA3_LIBRARY('idmap', + source='idmap.c idmap_util.c', +- deps='samba-util pdb', ++ deps='pdb samba-modules secrets3', + allow_undefined_symbols=True, + private_library=True) + diff --git a/net/samba422/files/pkg-message.in b/net/samba422/files/pkg-message.in new file mode 100644 index 000000000000..02818d517e50 --- /dev/null +++ b/net/samba422/files/pkg-message.in @@ -0,0 +1,31 @@ +[ +{ type: install + message: <<EOM +How to start: http://wiki.samba.org/index.php/Samba4/HOWTO + +* Your configuration is: %%SAMBA4_CONFDIR%%/%%SAMBA4_CONFIG%% + +* All the relevant databases are under: %%SAMBA4_LOCKDIR%% + +* All the logs are under: %%SAMBA4_LOGDIR%% + +%%AD_DC%%* Provisioning script is: %%PREFIX%%/bin/samba-tool +%%AD_DC%% +%%AD_DC%%For the working DNS updates you will need to either build dns/bind9* +%%AD_DC%%with the enabled GSSAPI(GSSAPI_MIT5 is recommended) or install +%%AD_DC%%dns/samba-nsupdate package, which is preconfigured with such a support. +%%AD_DC%% +%%AD_DC%%You will need to specify location of the 'nsupdate' command in the +%%AD_DC%%%%SAMBA4_CONFIG%% file: +%%AD_DC%% +%%AD_DC%% nsupdate command = %%PREFIX%%/bin/samba-nsupdate -g +%%AD_DC%% +%%AD_DC%%For additional documentation check: https://wiki.samba.org/index.php/User_Documentation + +Port related bug reports can go to the https://gitlab.com/samba-freebsd/ports/-/issues or +to the FreeBSD Bugzilla https://bugs.freebsd.org/ + +All Samba related bug reports should go to the: https://bugzilla.samba.org/ +EOM +} +] diff --git a/net/samba422/files/samba_server.in b/net/samba422/files/samba_server.in new file mode 100644 index 000000000000..99c9b64cc78d --- /dev/null +++ b/net/samba422/files/samba_server.in @@ -0,0 +1,253 @@ +#!/bin/sh + +# PROVIDE: samba_server +# REQUIRE: NETWORKING SERVERS DAEMON ldconfig resolv ntpd %%SAMBA4_SERVICES%% +# BEFORE: LOGIN +# KEYWORD: shutdown + +# Add the following lines to /etc/rc.conf.local or /etc/rc.conf +# to enable this service: +# +#samba_server_enable=YES +# +# You can disable/enable any of the Samba daemons by specifying: +#samba_enable=NO +#nmbd_enable=NO +#smbd_enable=NO +# You need to enable winbindd separately, by adding: +#winbindd_enable=YES +# Configuration file can be set with: +#samba_server_config=%%SAMBA4_CONFDIR%%/%%SAMBA4_CONFIG%% +# +# shellcheck disable=SC2034,SC2086,SC3043 + +# shellcheck source=/dev/null +. /etc/rc.subr + +name=samba_server +rcvar=samba_server_enable +desc="Samba4 server startup script" + +# Load configuration +load_rc_config "${name}" + +# Custom commands +extra_commands="reload status configtest" + +start_precmd=samba_server_prestart +restart_precmd=samba_server_checkconfig +reload_precmd=samba_server_checkconfig +start_cmd=samba_server_cmd +stop_cmd=samba_server_cmd +status_cmd=samba_server_cmd +configtest_cmd=samba_server_checkconfig +reload_cmd=samba_server_reload_cmd +rcvar_cmd=samba_server_rcvar_cmd +stop_postcmd=samba_server_poststop +# Defaults +samba_server_config_default=%%SAMBA4_CONFDIR%%/%%SAMBA4_CONFIG%% +smbcontrol_command=%%PREFIX%%/bin/smbcontrol + +samba_server_checkconfig() +{ + printf "Performing sanity check on Samba configuration: " + if ${testparm_command} >/dev/null 2>&1; then + echo "OK" + else + echo "FAILED" + return 1 + fi +} + +samba_server_prestart() +{ + samba_server_checkconfig + # Make sure we have our RUNDIR, even if it's on a tmpfs + if [ -d "${samba_server_piddir}" ] || [ ! -e "${samba_server_piddir}" ]; then + install -d -m 0755 "${samba_server_piddir}" + fi + # https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=200186 + if [ -d "${samba_server_privatedir}" ] || [ ! -e "${samba_server_privatedir}" ]; then + install -d -m 0700 "${samba_server_privatedir}" + fi + # + if ! df -t fdescfs -T "${samba_server_piddir}/fd" >/dev/null 2>&1; then + install -d -m 0555 "${samba_server_piddir}/fd" + if can_mount fdescfs; then + mount -t fdescfs -o nodup none "${samba_server_piddir}/fd" + else + warn "${name}: cannot fdescfs mount to ${samba_server_piddir}/fd" + fi + fi +} + +samba_server_poststop() +{ + if df -t fdescfs -T "${samba_server_piddir}/fd" >/dev/null 2>&1; then + if can_mount fdescfs; then + umount "${samba_server_piddir}/fd" + fi + fi +} + +samba_server_rcvar_cmd() +{ + local name rcvar desc + rcvar=${name}_enable + # Prevent recursive calling + unset "${rc_arg}_cmd" "${rc_arg}_precmd" "${rc_arg}_postcmd" + # Check master variable + run_rc_command "${_rc_prefix}${rc_arg}" ${rc_extra_args} + # Check dependent variables + #unset desc + for name in ${samba_daemons}; do + # reset loop vars + rcvars=''; v='' + rcvar=${name}_enable + eval "desc=\${${name}_desc}" + run_rc_command "${_rc_prefix}${rc_arg}" ${rc_extra_args} + done +} + +samba_server_reload_cmd() +{ + local name rcvar command pidfile force_run + # Prevent recursive calling + unset "${rc_arg}_cmd" "${rc_arg}_precmd" "${rc_arg}_postcmd" + # Ignore rcvar and run command + if [ -n "${_rc_prefix}" ] && [ "${_rc_prefix}" = "one" ] || [ -n "${rc_force}" ] || [ -n "${rc_fast}" ]; then + force_run=yes + fi + # Apply to all daemons + for name in ${samba_daemons}; do + rcvar=${name}_enable + command="%%PREFIX%%/sbin/${name}" + pidfile="${samba_server_piddir}/${name}.pid" + # Daemon should be enabled and running + if ( [ -n "${rcvar}" ] && checkyesno "${rcvar}" ) || [ -n "$force_run" ]; then + if [ -n "$(check_pidfile "${pidfile}" "${command}")" ]; then + debug "reloading ${name} configuration" + echo "Reloading ${name}." + ${smbcontrol_command} "${name}" 'reload-config' ${command_args} >/dev/null 2>&1 + fi + fi + done +} + +samba_server_cmd() +{ + local name rcvar rcvars v command pidfile samba_daemons samba_postcmd result force_run + # Stop processes in the reverse order + if [ "${rc_arg}" = "stop" ] ; then + samba_daemons=$(reverse_list ${samba_daemons}) + fi + # Within the cmd itself we operate with the global _precmd, _cmd and _postcmd + samba_postcmd=$_postcmd + # Prevent recursive calling + unset "${rc_arg}_cmd" "${rc_arg}_precmd" "${rc_arg}_postcmd" + # Ignore rcvar and run command + if [ -n "${_rc_prefix}" ] && [ "${_rc_prefix}" = "one" ] || [ -n "${rc_force}" ] || [ -n "${rc_fast}" ]; then + force_run=yes + fi + # Assume success + result=0 + # Apply to all daemons + for name in ${samba_daemons}; do + # XXX + #rcvars=''; v='' + rcvar=${name}_enable + command="%%PREFIX%%/sbin/${name}" + pidfile="${samba_server_piddir}/${name}.pid" + # Daemon should be enabled and running + if ( [ -n "${rcvar}" ] && checkyesno "${rcvar}" ) || [ -n "$force_run" ]; then + run_rc_command "${_rc_prefix}${rc_arg}" ${rc_extra_args} + # If any of the commands failed, take it as a global result + result=$((result || $?)) + fi + done + if [ -n "${samba_postcmd}" ]; then + eval "_postcmd=${samba_postcmd}" + fi + return $result +} + +samba_server_config_init() +{ + local name + # Defaults + samba_server_enable=${samba_server_enable:=NO} + samba_server_config=${samba_server_config=${samba_server_config_default}} + samba_server_configfile_arg=${samba_server_config:+--configfile="${samba_server_config}"} #" + #testparm_command="%%PREFIX%%/bin/samba-tool testparm --suppress-prompt --verbose ${samba_server_configfile_arg}" + testparm_command="%%PREFIX%%/bin/testparm --suppress-prompt --verbose ${samba_server_config}" + # Determine what daemons are necessary to run Samba in the current role + samba_server_role=$(${testparm_command} --parameter-name='server role' 2>/dev/null) + case "${samba_server_role}" in + active\ directory\ domain\ controller) + samba_daemons="samba" + ;; + auto|*) + samba_daemons="nmbd smbd winbindd" + ;; + esac + # Load daemons configuration + for name in ${samba_daemons}; do + load_rc_config "${name}" + # If samba_server_enable is 'YES' + if [ -n "${rcvar}" ] && checkyesno "${rcvar}"; then + if [ "${name}" != "winbindd" ]; then + # Set variable to 'YES' only if it is unset + eval "${name}_enable=\${${name}_enable-YES}" + else + # Winbindd + samba_server_idmap=$(${testparm_command} --parameter-name='idmap uid' 2>/dev/null) + if [ -n "${samba_server_idmap}" ]; then + winbindd_enable="YES" + fi + fi + fi + # If variable is empty, set it to 'NO' + eval "${name}_enable=\${${name}_enable:-NO}" + done + # Fetch parameters from configuration file + samba_server_lockdir="$(${testparm_command} --parameter-name='lock directory' 2>/dev/null)" + samba_server_lockdir=${samba_server_lockdir:=%%SAMBA4_LOCKDIR%%} + samba_server_piddir="$(${testparm_command} --parameter-name='pid directory' 2>/dev/null)" + samba_server_piddir=${samba_server_piddir:=%%SAMBA4_RUNDIR%%} + samba_server_privatedir="$(${testparm_command} --parameter-name='private dir' 2>/dev/null)" + samba_server_privatedir=${samba_server_privatedir:=%%SAMBA4_PRIVATEDIR%%} +} + +can_mount() +{ + local kld + kld=$1 + if ! load_kld $kld; then + return 1 + fi + if [ $(${SYSCTL_N} security.jail.jailed) -eq 0 ]; then + return 0 + fi + if [ $(${SYSCTL_N} security.jail.mount_allowed) -eq 1 ] && + [ $(${SYSCTL_N} security.jail.mount_${kld}_allowed) -eq 1 ]; then + return 0 + fi + return 1 +} + +# Load configuration variables +samba_server_config_init +nmbd_desc="NetBIOS name server" +smbd_desc="SMB/CIFS services server" +winbindd_desc="Name Service Switch server" +# Common flags +command_args=${samba_server_configfile_arg} +samba_flags=${samba_flags="--daemon"} +nmbd_flags=${nmbd_flags="--daemon"} +smbd_flags=${smbd_flags="--daemon"} +winbindd_flags=${winbindd_flags="--daemon"} +# Requirements +required_files="${samba_server_config}" +required_dirs="${samba_server_lockdir}" + +run_rc_command "$1" |