diff --git a/net/samba422/Makefile b/net/samba422/Makefile index 3696bb7..b38b28c 100644 --- a/net/samba422/Makefile +++ b/net/samba422/Makefile @@ -1,6 +1,5 @@ -PORTNAME= ${SAMBA4_BASENAME}420 +PORTNAME= ${SAMBA4_BASENAME}422 PORTVERSION= ${SAMBA4_VERSION} -PORTREVISION= 10 CATEGORIES?= net MASTER_SITES= SAMBA/samba/stable SAMBA/samba/rc DISTNAME= ${SAMBA4_DISTNAME} @@ -29,7 +28,6 @@ EXTRA_PATCHES= \ ${PATCHDIR}/0010-Add-option-with-pkgconfigdir-to-specify-alternative-.patch:-p1 \ ${PATCHDIR}/0011-Use-provided-by-port-location-of-the-XML-catalog.patch:-p1 \ ${PATCHDIR}/0012-Create-shared-libraries-according-to-the-FreeBSD-spe.patch:-p1 \ - ${PATCHDIR}/0013-Pass-additional-msg-parameter-to-CHECK_LIB-so-it-can.patch:-p1 \ ${PATCHDIR}/0014-Add-option-to-disable-CTDB-tests-failing-on-FreeBSD-.patch:-p1 \ ${PATCHDIR}/0015-Add-extra-debug-class-to-trck-down-DB-locking-code.patch:-p1 \ ${PATCHDIR}/0016-Make-ldb_schema_attribute_compare-a-stable-comparisi.patch:-p1 \ @@ -40,18 +38,12 @@ EXTRA_PATCHES= \ ${PATCHDIR}/0021-Fix-casting-warnings-in-the-nfs_quota-debug-message.patch:-p1 \ ${PATCHDIR}/0022-Clean-up-UTMP-handling-code-and-add-FreeBSD-support..patch:-p1 \ ${PATCHDIR}/0023-Add-cmd_get_quota-test-function-into-vfstest-to-test.patch:-p1 \ - ${PATCHDIR}/0024-Cherry-pick-ZFS-provisioning-code-by-iXsystems-Inc.patch:-p1 \ ${PATCHDIR}/0025-From-d9b748869a8f4018ebee302aae8246bf29f60309-Mon-Se.patch:-p1 \ - ${PATCHDIR}/0026-vfs-add-a-compatibility-option-to-the-vfs_streams_xa.patch:-p1 \ - ${PATCHDIR}/0027-Add-VFS-module-vfs_freebsd-that-implements-FreeBSD-s.patch:-p1 \ - ${PATCHDIR}/0028-Fix-rl_completion_func_t.patch:-p1 \ ${PATCHDIR}/0028-s3-lib-system-add-FreeBSD-proc_fd_pattern.patch \ - ${PATCHDIR}/0100-Fix-pathref-handling-for-FreeBSD-13plus_samba42x.patch:-p1 \ - ${PATCHDIR}/0102-FreeBSD-vfs_freebsd-fix-sys_proc_fd_path-args.patch:-p1 SAMBA4_BASENAME= samba SAMBA4_PORTNAME= ${SAMBA4_BASENAME}4 -SAMBA4_VERSION= 4.20.7 +SAMBA4_VERSION= 4.22.3 SAMBA4_DISTNAME= ${SAMBA4_BASENAME}-${SAMBA4_VERSION:S|.p|pre|:S|.r|rc|:S|.t|tp|:S|.a|alpha|} WRKSRC?= ${WRKDIR}/${DISTNAME} @@ -98,7 +90,7 @@ CONFIGURE_ENV= PTHREAD_LDFLAGS="-lpthread" \ PYTHONHASHSEED=1 MAKE_ENV= PYTHONHASHSEED=1 -USES= bison compiler:c++11-lang iconv localbase:ldflags \ +USES= compiler:c++11-lang iconv localbase:ldflags \ perl5 pkgconfig shebangfix waf gettext-runtime USE_PERL5= build USE_LDCONFIG= ${SAMBA4_LIBDIR} @@ -116,8 +108,8 @@ SUB_LIST= PKGCONFIGDIR=${PKGCONFIGDIR_REL} ############################################################################## OPTIONS_SUB= yes -OPTIONS_DEFINE= AD_DC ADS CLUSTER CUPS DOCS FAM GPGME \ - LDAP MANPAGES PROFILE PYTHON3 QUOTAS \ +OPTIONS_DEFINE= AD_DC ADS CLUSTER CUPS DOCS FAM LDAP GPGME \ + MANPAGES PROFILE PYTHON3 QUOTAS \ SYSLOG UTMP #OPTIONS_DEFINE+= DEVELOPER MEMORY_DEBUG @@ -135,7 +127,7 @@ OPTIONS_DEFAULT= AD_DC ADS DOCS FAM LDAP MANPAGES \ PROFILE PYTHON3 QUOTAS SYSLOG UTMP \ FRUIT GSSAPI_BUILTIN AVAHI ############################################################################## -ADS_DESC= Active Directory client(implies LDAP) +ADS_DESC= Active Directory client AD_DC_DESC= Active Directory Domain Controller(implies PYTHON3) CLUSTER_DESC= Clustering support DEVELOPER_DESC= With developer framework @@ -177,6 +169,9 @@ LIB_DEPENDS+= libgnutls.so:security/gnutls LIB_DEPENDS+= libgcrypt.so:security/libgcrypt # NFSv4 ACL glue LIB_DEPENDS+= libsunacl.so:sysutils/libsunacl +# libicu +LIB_DEPENDS+= libicui18n.so:devel/icu +LIB_DEPENDS+= libicuuc.so:devel/icu # Jansson BUILD_DEPENDS+= jansson>=2.10:devel/jansson RUN_DEPENDS+= jansson>=2.10:devel/jansson @@ -197,7 +192,7 @@ SAMBA4_BUNDLED_CMOCKA?= no SAMBA4_BUNDLED_TALLOC?= no SAMBA4_BUNDLED_TEVENT?= no SAMBA4_BUNDLED_TDB?= no -SAMBA4_BUNDLED_LDB?= no +SAMBA4_BUNDLED_LDB?= yes # cmocka .if defined(SAMBA4_BUNDLED_CMOCKA) && ${SAMBA4_BUNDLED_CMOCKA} == yes SAMBA4_BUNDLED_LIBS+= cmocka @@ -218,8 +213,8 @@ PLIST_SUB+= SAMBA4_BUNDLED_TALLOC="" SUB_LIST+= SAMBA4_BUNDLED_TALLOC="" .else SAMBA4_BUNDLED_LIBS+= !talloc -BUILD_DEPENDS+= talloc242>=2.4.2:devel/talloc242 -RUN_DEPENDS+= talloc242>=2.4.2:devel/talloc242 +BUILD_DEPENDS+= talloc243>=2.4.3:devel/talloc243 +RUN_DEPENDS+= talloc243>=2.4.3:devel/talloc243 PLIST_SUB+= SAMBA4_BUNDLED_TALLOC="@comment " SUB_LIST+= SAMBA4_BUNDLED_TALLOC="@comment " .endif @@ -231,8 +226,8 @@ PLIST_SUB+= SAMBA4_BUNDLED_TEVENT="" SUB_LIST+= SAMBA4_BUNDLED_TEVENT="" .else SAMBA4_BUNDLED_LIBS+= !tevent -BUILD_DEPENDS+= tevent016>=0.16.1:devel/tevent016 -RUN_DEPENDS+= tevent016>=0.16.1:devel/tevent016 +BUILD_DEPENDS+= tevent017>=0.17:devel/tevent017 +RUN_DEPENDS+= tevent017>=0.17:devel/tevent017 PLIST_SUB+= SAMBA4_BUNDLED_TEVENT="@comment " SUB_LIST+= SAMBA4_BUNDLED_TEVENT="@comment " .endif @@ -244,8 +239,8 @@ PLIST_SUB+= SAMBA4_BUNDLED_TDB="" SUB_LIST+= SAMBA4_BUNDLED_TDB="" .else SAMBA4_BUNDLED_LIBS+= !tdb -BUILD_DEPENDS+= tdb1410>=1.4.10:databases/tdb1410 -RUN_DEPENDS+= tdb1410>=1.4.10:databases/tdb1410 +BUILD_DEPENDS+= tdb1413>=1.4.13:databases/tdb1413 +RUN_DEPENDS+= tdb1413>=1.4.13:databases/tdb1413 PLIST_SUB+= SAMBA4_BUNDLED_TDB="@comment " SUB_LIST+= SAMBA4_BUNDLED_TDB="@comment " .endif @@ -253,6 +248,7 @@ SUB_LIST+= SAMBA4_BUNDLED_TDB="@comment " .if defined(SAMBA4_BUNDLED_LDB) && ${SAMBA4_BUNDLED_LDB} == yes SAMBA4_BUNDLED_LDB= yes SAMBA4_BUNDLED_LIBS+= ldb +CONFLICTS_INSTALL+= ldb-* ldb2-* PLIST_SUB+= SAMBA4_BUNDLED_LDB="" SUB_LIST+= SAMBA4_BUNDLED_LDB="" SAMBA4_MODULEDIR= ${SAMBA4_LIBDIR}/modules @@ -351,7 +347,6 @@ AD_DC_BUILD_DEPENDS+= ${PYTHON_PKGNAMEPREFIX}markdown>=3.3.7:textproc/py-markdo AD_DC_RUN_DEPENDS+= ${PYTHON_PKGNAMEPREFIX}markdown>=3.3.7:textproc/py-markdown@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}dnspython>=2.2.1:dns/py-dnspython@${PY_FLAVOR} -ADS_IMPLIES= LDAP ADS_CONFIGURE_WITH= ads CLUSTER_CONFIGURE_WITH= cluster-support @@ -367,13 +362,7 @@ GPGME_CONFIGURE_WITH= gpgme GPGME_LIB_DEPENDS= libgpgme.so:security/gpgme GPGME_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}gpg>=2.0.0:security/py-gpg@${PY_FLAVOR} -.if exists(/usr/libexec/krb5kdc) -GSSAPI_BUILTIN_USES= gssapi -GSSAPI_MIT_CONFIGURE_ON= --with-system-mitkrb5 ${GSSAPIBASEDIR} \ - --with-system-mitkdc=${GSSAPIBASEDIR}/libexec/krb5kdc -.endif - -GSSAPI_BUILTIN_BUILD_DEPENDS= p5-JSON>=4.0:converters/p5-JSON +GSSAPI_BUILTIN_USES= bison GSSAPI_MIT_CONFIGURE_ON= --with-system-mitkrb5 ${GSSAPIBASEDIR} \ --with-system-mitkdc=${GSSAPIBASEDIR}/sbin/krb5kdc \ @@ -386,7 +375,8 @@ GSSAPI_HEIMDAL_PREVENTS= AD_DC GSSAPI_HEIMDAL_PREVENTS_MSG= GSSAPI_HEIMDAL and AD_DC enable conflicting options LDAP_CONFIGURE_WITH= ldap -LDAP_CONFIGURE_ON= --with-openldap=${LOCALBASE} +LDAP_CONFIGURE_ON= --with-ldap +LDAP_CONFIGURE_OFF= --without-ldap LDAP_USES= ldap LDAP_VARS= SAMBA4_MODULES+=idmap_ldap @@ -470,8 +460,8 @@ SAMBA4_BUNDLED_LIBS+= !pytalloc-util . endif . if defined(SAMBA4_BUNDLED_TEVENT) && ${SAMBA4_BUNDLED_TEVENT} == yes -SAMBA4_BUNDLED_LIBS+= pytevent -. else +SAMBA4_BUNDLED_LIBS+= pytevenockbuf_add_io() and LDAP_OPT_SOCKBUF for SASL and TLS support + else SAMBA4_BUNDLED_LIBS+= !pytevent . endif @@ -617,11 +607,6 @@ post-install-fix-manpages: .for f in vfs_aio_linux.8 vfs_btrfs.8 vfs_ceph.8 vfs_gpfs.8 ${RM} ${STAGEDIR}${PREFIX}/share/man/man8/${f} .endfor -.if defined(SAMBA4_BUNDLED_LDB) && ${SAMBA4_BUNDLED_LDB} == yes -. for f in ldbadd.1 ldbdel.1 ldbedit.1 ldbmodify.1 ldbrename.1 ldbsearch.1 - ${MV} ${STAGEDIR}${PREFIX}/share/man/man1/${f} ${STAGEDIR}${PREFIX}/share/man/man1/samba-${f} -. endfor -.endif .if defined(SAMBA4_BUNDLED_TALLOC) && ${SAMBA4_BUNDLED_TALLOC} == yes . for f in talloc.3 diff --git a/net/samba422/distinfo b/net/samba422/distinfo index e6dc8bc..270840d 100644 --- a/net/samba422/distinfo +++ b/net/samba422/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1737565689 -SHA256 (samba-4.20.7.tar.gz) = 5afe8b66e612ab1c7e57c6146adfe98ec3ea9d40dee2962a2076a3d6d6973b78 -SIZE (samba-4.20.7.tar.gz) = 42523056 +TIMESTAMP = 1752217501 +SHA256 (samba-4.22.3.tar.gz) = 8fd7092629a3596d935cd7567d934979f94272918ec3affd0cc807934ecf22ba +SIZE (samba-4.22.3.tar.gz) = 42869744 diff --git a/net/samba422/files/0013-Pass-additional-msg-parameter-to-CHECK_LIB-so-it-can.patch b/net/samba422/files/0013-Pass-additional-msg-parameter-to-CHECK_LIB-so-it-can.patch index 0508ba5..e69de29 100644 --- a/net/samba422/files/0013-Pass-additional-msg-parameter-to-CHECK_LIB-so-it-can.patch +++ b/net/samba422/files/0013-Pass-additional-msg-parameter-to-CHECK_LIB-so-it-can.patch @@ -1,70 +0,0 @@ -From 6be12b41eb0f71cfc25b5df6659dd176bd681621 Mon Sep 17 00:00:00 2001 -From: "Timur I. Bakeyev" -Date: Thu, 8 Sep 2022 00:25:05 +0200 -Subject: [PATCH 13/28] Pass additional msg parameter to CHECK_LIB(), so it can - be transited to the conf.check(), which allows us to specify `match` - parameter to opt.add_option(). - -Signed-off-by: Timur I. Bakeyev ---- - buildtools/wafsamba/samba_autoconf.py | 9 ++++++--- - buildtools/wafsamba/wscript | 9 +++++++-- - 2 files changed, 13 insertions(+), 5 deletions(-) - -diff --git a/buildtools/wafsamba/samba_autoconf.py b/buildtools/wafsamba/samba_autoconf.py -index cf87c8bb9ff..f6c72d99125 100644 ---- a/buildtools/wafsamba/samba_autoconf.py -+++ b/buildtools/wafsamba/samba_autoconf.py -@@ -593,7 +593,7 @@ def library_flags(self, libs): - - - @conf --def CHECK_LIB(conf, libs, mandatory=False, empty_decl=True, set_target=True, shlib=False): -+def CHECK_LIB(conf, libs, mandatory=False, empty_decl=True, set_target=True, shlib=False, msg=None): - '''check if a set of libraries exist as system libraries - - returns the sublist of libs that do exist as a syslib or [] -@@ -613,11 +613,14 @@ int foo() - ret.append(lib) - continue - -+ if msg is None: -+ msg = 'Checking for library %s' % lib -+ - (ccflags, ldflags, cpppath) = library_flags(conf, lib) - if shlib: -- res = conf.check(features='c cshlib', fragment=fragment, lib=lib, uselib_store=lib, cflags=ccflags, ldflags=ldflags, uselib=lib.upper(), mandatory=False) -+ res = conf.check(features='c cshlib', fragment=fragment, lib=lib, uselib_store=lib, cflags=ccflags, ldflags=ldflags, uselib=lib.upper(), mandatory=False, msg=msg) - else: -- res = conf.check(lib=lib, uselib_store=lib, cflags=ccflags, ldflags=ldflags, uselib=lib.upper(), mandatory=False) -+ res = conf.check(lib=lib, uselib_store=lib, cflags=ccflags, ldflags=ldflags, uselib=lib.upper(), mandatory=False, msg=msg) - - if not res: - if mandatory: -diff --git a/buildtools/wafsamba/wscript b/buildtools/wafsamba/wscript -index a4d6f3e5c49..c047e1e8b5a 100644 ---- a/buildtools/wafsamba/wscript -+++ b/buildtools/wafsamba/wscript -@@ -133,12 +133,17 @@ Currently the only tested value is 'smbtorture,smbd/smbd' for Samba'''), - help=("private library directory [PREFIX/lib/%s]" % Context.g_module.APPNAME), - action="store", dest='PRIVATELIBDIR', default=None) - -+ opt.add_option('--with-openldap', -+ help='additional directory to search for OpenLDAP libs', -+ action='store', dest='ldap_open', default=None, -+ match = ['Checking for library lber', 'Checking for library ldap']) -+ - opt.add_option('--with-libiconv', - help='additional directory to search for libiconv', -- action='store', dest='iconv_open', default='/usr/local', -+ action='store', dest='iconv_open', default=None, - match = ['Checking for library iconv', 'Checking for iconv_open', 'Checking for header iconv.h']) - opt.add_option('--without-gettext', -- help=("Disable use of gettext"), -+ help=("disable use of gettext"), - action="store_true", dest='disable_gettext', default=False) - - gr = opt.option_group('developer options') --- -2.37.1 - diff --git a/net/samba422/files/0024-Cherry-pick-ZFS-provisioning-code-by-iXsystems-Inc.patch b/net/samba422/files/0024-Cherry-pick-ZFS-provisioning-code-by-iXsystems-Inc.patch index 3746f0e..e69de29 100644 --- a/net/samba422/files/0024-Cherry-pick-ZFS-provisioning-code-by-iXsystems-Inc.patch +++ b/net/samba422/files/0024-Cherry-pick-ZFS-provisioning-code-by-iXsystems-Inc.patch @@ -1,367 +0,0 @@ -From d3024a4a2ff8015932a26a9df08e8ea5ff12a959 Mon Sep 17 00:00:00 2001 -From: "Timur I. Bakeyev" -Date: Thu, 4 Aug 2022 05:15:33 +0200 -Subject: [PATCH 24/28] Cherry-pick ZFS provisioning code by iXsystems Inc. - -* Check if sysvol is on filesystem with NFSv4 ACL's -(cherry picked from commit ca86f52b78a7b6e7537454a69cf93e7b96210cba) - -* Only check targetdir if it is defined (I had assumed it was) -(cherry picked from commit a29050cb2978ce23e3c04a859340dc2664c77a8a) - -* Kick samba a little bit into understanding NFSv4 ACL's -(cherry picked from commit 1c7542ff4904b729e311e17464ee76582760c219) - -Signed-off-by: Timur I. Bakeyev ---- - python/samba/provision/__init__.py | 22 +++- - source3/lib/sysacls.c | 10 ++ - source3/param/loadparm.c | 20 +++ - source3/smbd/pysmbd.c | 189 ++++++++++++++++++++++++++++- - 4 files changed, 235 insertions(+), 6 deletions(-) - -diff --git a/python/samba/provision/__init__.py b/python/samba/provision/__init__.py -index ff9b8fac916..20e41a9ad3e 100644 ---- a/python/samba/provision/__init__.py -+++ b/python/samba/provision/__init__.py -@@ -1662,19 +1662,25 @@ def setsysvolacl(samdb, netlogon, sysvol, uid, gid, domainsid, dnsdomain, - s3conf = s3param.get_context() - s3conf.load(lp.configfile) - -- file = tempfile.NamedTemporaryFile(dir=os.path.abspath(sysvol)) -+ sysvol_dir = os.path.abspath(sysvol) -+ -+ set_simple_acl = smbd.set_simple_acl -+ if smbd.has_nfsv4_acls(sysvol_dir): -+ set_simple_acl = smbd.set_simple_nfsv4_acl -+ -+ file = tempfile.NamedTemporaryFile(dir=sysvol_dir) - try: - try: -- smbd.set_simple_acl(file.name, 0o755, system_session_unix(), gid) -+ set_simple_acl(file.name, 0o755, system_session_unix(), gid) - except OSError: -- if not smbd.have_posix_acls(): -+ if not smbd.have_posix_acls() and not smbd.have_nfsv4_acls(): - # This clue is only strictly correct for RPM and - # Debian-like Linux systems, but hopefully other users - # will get enough clue from it. -- raise ProvisioningError("Samba was compiled without the posix ACL support that s3fs requires. " -+ raise ProvisioningError("Samba was compiled without the ACL support that s3fs requires. " - "Try installing libacl1-dev or libacl-devel, then re-run configure and make.") - -- raise ProvisioningError("Your filesystem or build does not support posix ACLs, which s3fs requires. " -+ raise ProvisioningError("Your filesystem or build does not support ACLs, which s3fs requires. " - "Try the mounting the filesystem with the 'acl' option.") - try: - smbd.chown(file.name, uid, gid, system_session_unix()) -@@ -1959,6 +1965,9 @@ def provision_fill(samdb, secrets_ldb, logger, names, paths, - samdb.transaction_commit() - - if serverrole == "active directory domain controller": -+ if targetdir and smbd.have_nfsv4_acls() and smbd.has_nfsv4_acls(targetdir): -+ smbd.set_nfsv4_defaults() -+ - # Continue setting up sysvol for GPO. This appears to require being - # outside a transaction. - if not skip_sysvolacl: -@@ -2313,6 +2322,9 @@ def provision(logger, session_info, smbconf=None, - if not os.path.isdir(paths.netlogon): - os.makedirs(paths.netlogon, 0o755) - -+ if smbd.have_nfsv4_acls() and smbd.has_nfsv4_acls(paths.sysvol): -+ smbd.set_nfsv4_defaults() -+ - if adminpass is None: - adminpass = samba.generate_random_password(12, 32) - adminpass_generated = True -diff --git a/source3/lib/sysacls.c b/source3/lib/sysacls.c -index 891fabea21e..d1357a47bd0 100644 ---- a/source3/lib/sysacls.c -+++ b/source3/lib/sysacls.c -@@ -38,6 +38,16 @@ - #include "modules/vfs_aixacl.h" - #endif - -+/* -+ * NFSv4 ACL's should be understood and a first class citizen. Work -+ * needs to be done in librpc/idl/smb_acl.idl for this to occur. -+ */ -+#if defined(HAVE_LIBSUNACL) && defined(FREEBSD) -+#if 0 -+#include "modules/nfs4_acls.h" -+#endif -+#endif -+ - #undef DBGC_CLASS - #define DBGC_CLASS DBGC_ACLS - -diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c -index 21e061939e3..4e23fdaaf6d 100644 ---- a/source3/param/loadparm.c -+++ b/source3/param/loadparm.c -@@ -2830,9 +2830,29 @@ static void init_locals(void) - } else { - if (lp_parm_const_string(-1, "xattr_tdb", "file", NULL)) { - lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr xattr_tdb"); -+ /* -+ * By default, the samba sysvol is located in the statedir. Provisioning will fail in setntacl -+ * unless we have zfacl enabled. Unfortunately, at this point the smb.conf has not been generated. -+ * This workaround is freebsd-specific. -+ */ -+#if defined(_PC_ACL_EXTENDED) -+ } else if (pathconf(lp_state_directory(), _PC_ACL_EXTENDED) == 1) { -+ lp_do_parameter(-1, "vfs objects", "dfs_samba4 freebsd"); -+#endif -+#if defined(_PC_ACL_NFS4) -+ } else if (pathconf(lp_state_directory(), _PC_ACL_NFS4) == 1) { -+ lp_do_parameter(-1, "vfs objects", "dfs_samba4 zfsacl"); -+#endif - } else if (lp_parm_const_string(-1, "posix", "eadb", NULL)) { - lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr posix_eadb"); - } else { -+ /* -+ * This should only set dfs_samba4 and leave acl_xattr -+ * to be set later (or zfsacl). The only reason the decision -+ * can't be made here to load acl_xattr or zfsacl is -+ * that we don't have access to what the target -+ * directory is. -+ */ - lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr"); - } - } -diff --git a/source3/smbd/pysmbd.c b/source3/smbd/pysmbd.c -index 88cbf62a680..867010ea6cd 100644 ---- a/source3/smbd/pysmbd.c -+++ b/source3/smbd/pysmbd.c -@@ -485,6 +485,20 @@ static SMB_ACL_T make_simple_acl(TALLOC_CTX *mem_ctx, - return acl; - } - -+static SMB_ACL_T make_simple_nfsv4_acl(TALLOC_CTX *mem_ctx, -+ gid_t gid, -+ mode_t chmod_mode) -+{ -+ /* -+ * This function needs to create an NFSv4 ACL. Currently, the only way -+ * to do so is to use the operating system interface, or to use the -+ * functions in source3/modules/nfs4_acls.c. These seems ugly and -+ * hacky. NFSv4 ACL's should be a first class citizen and -+ * librpc/idl/smb_acl.idl should be modified accordingly. -+ */ -+ return NULL; -+} -+ - /* - set a simple ACL on a file, as a test - */ -@@ -557,6 +571,84 @@ static PyObject *py_smbd_set_simple_acl(PyObject *self, PyObject *args, PyObject - Py_RETURN_NONE; - } - -+ -+/* -+ set a simple NFSv4 ACL on a file, as a test -+ */ -+static PyObject *py_smbd_set_simple_nfsv4_acl(PyObject *self, PyObject *args, PyObject *kwargs) -+{ -+ const char * const kwnames[] = { -+ "fname", -+ "mode", -+ "session_info", -+ "gid", -+ "service", -+ NULL -+ }; -+ char *fname, *service = NULL; -+ PyObject *py_session = Py_None; -+ struct auth_session_info *session_info = NULL; -+ int ret; -+ int mode, gid = -1; -+ SMB_ACL_T acl; -+ TALLOC_CTX *frame; -+ connection_struct *conn; -+ -+ if (!PyArg_ParseTupleAndKeywords(args, kwargs, "siO|iz", -+ discard_const_p(char *, kwnames), -+ &fname, -+ &mode, -+ &py_session, -+ &gid, -+ &service)) -+ return NULL; -+ -+ if (!py_check_dcerpc_type(py_session, -+ "samba.dcerpc.auth", -+ "session_info")) { -+ return NULL; -+ } -+ session_info = pytalloc_get_type(py_session, -+ struct auth_session_info); -+ if (session_info == NULL) { -+ PyErr_Format(PyExc_TypeError, -+ "Expected auth_session_info for session_info argument got %s", -+ pytalloc_get_name(py_session)); -+ return NULL; -+ } -+ -+ frame = talloc_stackframe(); -+ -+ acl = make_simple_nfsv4_acl(frame, gid, mode); -+ if (acl == NULL) { -+ TALLOC_FREE(frame); -+ Py_RETURN_NONE; -+ } -+ -+ conn = get_conn_tos(service, session_info); -+ if (!conn) { -+ TALLOC_FREE(frame); -+ Py_RETURN_NONE; -+ } -+ -+ /* -+ * SMB_ACL_TYPE_ACCESS -> ACL_TYPE_ACCESS -> Not valid for NFSv4 ACL -+ */ -+ ret = 0; -+ -+ /* ret = set_sys_acl_conn(fname, SMB_ACL_TYPE_ACCESS, acl, conn); */ -+ -+ if (ret != 0) { -+ TALLOC_FREE(frame); -+ errno = ret; -+ return PyErr_SetFromErrno(PyExc_OSError); -+ } -+ -+ TALLOC_FREE(frame); -+ -+ Py_RETURN_NONE; -+} -+ - /* - chown a file - */ -@@ -744,7 +836,7 @@ static PyObject *py_smbd_unlink(PyObject *self, PyObject *args, PyObject *kwargs - } - - /* -- check if we have ACL support -+ check if we have POSIX.1e ACL support - */ - static PyObject *py_smbd_have_posix_acls(PyObject *self, - PyObject *Py_UNUSED(ignored)) -@@ -756,6 +848,83 @@ static PyObject *py_smbd_have_posix_acls(PyObject *self, - #endif - } - -+static PyObject *py_smbd_has_posix_acls(PyObject *self, PyObject *args, PyObject *kwargs) -+{ -+ const char * const kwnames[] = { "path", NULL }; -+ char *path = NULL; -+ TALLOC_CTX *frame; -+ struct statfs fs; -+ int ret = false; -+ -+ frame = talloc_stackframe(); -+ -+ if (!PyArg_ParseTupleAndKeywords(args, kwargs, "s|z", -+ discard_const_p(char *, kwnames), &path)) { -+ TALLOC_FREE(frame); -+ return NULL; -+ } -+ -+ if (statfs(path, &fs) != 0) { -+ TALLOC_FREE(frame); -+ return NULL; -+ } -+ -+ if (fs.f_flags & MNT_ACLS) -+ ret = true; -+ -+ TALLOC_FREE(frame); -+ return PyBool_FromLong(ret); -+} -+ -+/* -+ check if we have NFSv4 ACL support -+ */ -+static PyObject *py_smbd_have_nfsv4_acls(PyObject *self) -+{ -+#ifdef HAVE_LIBSUNACL -+ return PyBool_FromLong(true); -+#else -+ return PyBool_FromLong(false); -+#endif -+} -+ -+static PyObject *py_smbd_has_nfsv4_acls(PyObject *self, PyObject *args, PyObject *kwargs) -+{ -+ const char * const kwnames[] = { "path", NULL }; -+ char *path = NULL; -+ TALLOC_CTX *frame; -+ struct statfs fs; -+ int ret = false; -+ -+ frame = talloc_stackframe(); -+ -+ if (!PyArg_ParseTupleAndKeywords(args, kwargs, "s|z", -+ discard_const_p(char *, kwnames), &path)) { -+ TALLOC_FREE(frame); -+ return NULL; -+ } -+ -+ if (statfs(path, &fs) != 0) { -+ TALLOC_FREE(frame); -+ return NULL; -+ } -+ -+ if (fs.f_flags & MNT_NFS4ACLS) -+ ret = true; -+ -+ TALLOC_FREE(frame); -+ return PyBool_FromLong(ret); -+} -+ -+ -+static PyObject *py_smbd_set_nfsv4_defaults(PyObject *self) -+{ -+ /* -+ * It is really be done in source3/param/loadparm.c -+ */ -+ Py_RETURN_NONE; -+} -+ - /* - set the NT ACL on a file - */ -@@ -1242,10 +1411,28 @@ static PyMethodDef py_smbd_methods[] = { - { "have_posix_acls", - (PyCFunction)py_smbd_have_posix_acls, METH_NOARGS, - NULL }, -+ { "has_posix_acls", -+ PY_DISCARD_FUNC_SIG(PyCFunction, py_smbd_has_posix_acls), -+ METH_VARARGS|METH_KEYWORDS, -+ NULL }, -+ { "have_nfsv4_acls", -+ (PyCFunction)py_smbd_have_nfsv4_acls, METH_NOARGS, -+ NULL }, -+ { "has_nfsv4_acls", -+ PY_DISCARD_FUNC_SIG(PyCFunction, py_smbd_has_nfsv4_acls), -+ METH_VARARGS|METH_KEYWORDS, -+ NULL }, -+ { "set_nfsv4_defaults", -+ (PyCFunction)py_smbd_set_nfsv4_defaults, METH_NOARGS, -+ NULL }, - { "set_simple_acl", - PY_DISCARD_FUNC_SIG(PyCFunction, py_smbd_set_simple_acl), - METH_VARARGS|METH_KEYWORDS, - NULL }, -+ { "set_simple_nfsv4_acl", -+ PY_DISCARD_FUNC_SIG(PyCFunction, py_smbd_set_simple_nfsv4_acl), -+ METH_VARARGS|METH_KEYWORDS, -+ NULL }, - { "set_nt_acl", - PY_DISCARD_FUNC_SIG(PyCFunction, py_smbd_set_nt_acl), - METH_VARARGS|METH_KEYWORDS, --- -2.37.1 - diff --git a/net/samba422/files/0028-Fix-rl_completion_func_t.patch b/net/samba422/files/0028-Fix-rl_completion_func_t.patch index 33debfa..e69de29 100644 --- a/net/samba422/files/0028-Fix-rl_completion_func_t.patch +++ b/net/samba422/files/0028-Fix-rl_completion_func_t.patch @@ -1,32 +0,0 @@ ---- a/samba-4.19.8/lib/replace/system/readline.h 2023-07-18 10:14:54.478091000 +0200 -+++ b/lib/replace/system/readline.h 2024-10-02 13:47:48.773606000 +0200 -@@ -46,10 +46,10 @@ - #endif - - #ifdef HAVE_NEW_LIBREADLINE --#ifdef HAVE_CPPFUNCTION -+#if defined(HAVE_RL_COMPLETION_FUNC_T) -+# define RL_COMPLETION_CAST (rl_completion_func_t *) -+#elif defined(HAVE_CPPFUNCTION) - # define RL_COMPLETION_CAST (CPPFunction *) --#elif defined(HAVE_RL_COMPLETION_T) --# define RL_COMPLETION_CAST (rl_completion_t *) - #else - # define RL_COMPLETION_CAST - #endif -diff -upr a/samba-4.19.8/libcli/smbreadline/wscript_configure b/libcli/smbreadline/wscript_configure ---- a/samba-4.19.8/libcli/smbreadline/wscript_configure 2023-07-18 10:14:54.558091600 +0200 -+++ b/libcli/smbreadline/wscript_configure 2024-10-02 13:47:48.774008000 +0200 -@@ -51,10 +51,10 @@ conf.CHECK_CODE(''' - # endif - # endif - #endif --int main(void) {rl_completion_t f; return 0;} -+int main(void) {rl_completion_func_t f; return 0;} - ''', - 'HAVE_RL_COMPLETION_FUNC_T', execute=False, addmain=False, --msg='Checking for rl_completion_t') -+msg='Checking for rl_completion_func_t') - - conf.CHECK_CODE(''' - #ifdef HAVE_READLINE_READLINE_H diff --git a/net/samba422/files/0099-s3-modules-zfsacl-fix-get-set-ACL-on-FreeBSD-13.patch b/net/samba422/files/0099-s3-modules-zfsacl-fix-get-set-ACL-on-FreeBSD-13.patch index 275e7e4..e69de29 100644 --- a/net/samba422/files/0099-s3-modules-zfsacl-fix-get-set-ACL-on-FreeBSD-13.patch +++ b/net/samba422/files/0099-s3-modules-zfsacl-fix-get-set-ACL-on-FreeBSD-13.patch @@ -1,164 +0,0 @@ -From ff8b27f6f0c67cbb0fb37f80f3336c1bd0f28430 Mon Sep 17 00:00:00 2001 -From: Andrew Walker -Date: Thu, 16 Mar 2023 09:05:45 -0700 -Subject: [PATCH] Fixups for VFS changes in 4.18 - ---- - debian/changelog | 24 ++++++------------ - lib/audit_logging/audit_logging.c | 4 +-- - source3/modules/vfs_shadow_copy_zfs.c | 24 ++++++++---------- - source3/modules/vfs_tmprotect.c | 2 +- - source3/modules/vfs_zfsacl.c | 35 +++++++++++++++++++++++++++ - source3/utils/net_groupmap.c | 6 ++--- - 6 files changed, 58 insertions(+), 37 deletions(-) - -diff --git a/source3/modules/vfs_zfsacl.c b/source3/modules/vfs_zfsacl.c -index e24cb683d2..18f8dcb4b2 100644 ---- a/source3/modules/vfs_zfsacl.c -+++ b/source3/modules/vfs_zfsacl.c -@@ -307,6 +307,41 @@ static NTSTATUS zfs_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp, - zfs_process_smbacl); - } - -+static int get_zfsacl(TALLOC_CTX *mem_ctx, -+ const struct smb_filename *smb_fname, -+ ace_t **outbuf) -+{ -+ int naces, rv; -+ ace_t *acebuf = NULL; -+ -+ naces = acl(smb_fname->base_name, ACE_GETACLCNT, 0, NULL); -+ if (naces == -1) { -+ int dbg_level = 10; -+ -+ if (errno == ENOSYS) { -+ dbg_level = 1; -+ } -+ DEBUG(dbg_level, ("acl(ACE_GETACLCNT, %s): %s ", -+ smb_fname->base_name, strerror(errno))); -+ return naces; -+ } -+ acebuf = talloc_size(mem_ctx, sizeof(ace_t)*naces); -+ if (acebuf == NULL) { -+ errno = ENOMEM; -+ return -1; -+ } -+ -+ rv = acl(smb_fname->base_name, ACE_GETACL, naces, acebuf); -+ if (rv == -1) { -+ DBG_DEBUG("acl(ACE_GETACL, %s) failed: %s ", -+ smb_fname->base_name, strerror(errno)); -+ return -1; -+ } -+ -+ *outbuf = acebuf; -+ return naces; -+} -+ - static int fget_zfsacl(TALLOC_CTX *mem_ctx, - struct files_struct *fsp, - ace_t **outbuf) -From 0c2c9f21cf01983d9001edef4983bc15b79a31ad Mon Sep 17 00:00:00 2001 -From: Andrew -Date: Mon, 29 Nov 2021 12:33:15 -0500 -Subject: [PATCH] NAS-113538 / Fix procfd handling for xattr-based alternate - datastreams (#54) - -vfs_streams_xattr openat() does not set fsp.flags.have_proc_fds. In open_streams_for_delete() the fsp is not allocated via talloc_zero() and so this may be unitialized memory. - -This particular fix ensures vfs_streams_xattr sets the fsp have_proc_fds flag to the one defined in the associated tree connect for the fsp. In the case of vfs_ixnas, ensure that we read the NT ACL from fsp->base_fsp (file) rather than the fsp associated with the xattr. - -This PR also fixes vfs_zfsacl for FreeBSD 13 (adding handling for procfd paths) ---- - source3/modules/vfs_ixnas.c | 4 ++- - source3/modules/vfs_zfsacl.c | 62 ++++++++++++++++++++++++++++++++++++ - 2 files changed, 65 insertions(+), 1 deletion(-) - ---- a/source3/modules/vfs_zfsacl.c -+++ b/source3/modules/vfs_zfsacl.c -@@ -235,12 +235,43 @@ static bool zfs_process_smbacl(vfs_handle_struct *handle, files_struct *fsp, - SMB_ASSERT(i == naces); - - /* store acl */ -+#ifdef O_PATH -+ if (fsp->fsp_flags.is_pathref) { -+ const char *proc_fd_path = NULL; -+ char buf[PATH_MAX]; -+ -+ if (!fsp->fsp_flags.have_proc_fds) { -+ DBG_ERR("fdescfs filesystem must be mounted with 'nodup' " -+ "option \n"); -+ errno = EBADF; -+ return -1; -+ } -+ -+ fd = fsp_get_pathref_fd(fsp); -+ proc_fd_path = sys_proc_fd_path(fd, buf, sizeof(buf)); -+ if (proc_fd_path == NULL) { -+ DBG_ERR("%s: failed to generate pathref fd for %d\n", -+ fsp_str_dbg(fsp), fd); -+ errno = EBADF; -+ return -1; -+ } -+ rv = acl(proc_fd_path, ACE_SETACL, naces, acebuf); -+ } else { -+ fd = fsp_get_io_fd(fsp); -+ if (fd == -1) { -+ errno = EBADF; -+ return false; -+ } -+ rv = facl(fd, ACE_SETACL, naces, acebuf); -+ } -+#else - fd = fsp_get_pathref_fd(fsp); - if (fd == -1) { - errno = EBADF; - return false; - } - rv = facl(fd, ACE_SETACL, naces, acebuf); -+#endif - if (rv != 0) { - if(errno == ENOSYS) { - DEBUG(9, ("acl(ACE_SETACL, %s): Operation is not " -@@ -286,7 +317,38 @@ static int fget_zfsacl(TALLOC_CTX *mem_ctx, - ace_t *acebuf = NULL; - int fd; - -+#ifdef O_PATH -+ if (fsp->fsp_flags.is_pathref) { -+ const char *proc_fd_path = NULL; -+ char buf[PATH_MAX]; -+ struct smb_filename smb_fname; -+ -+ if (!fsp->fsp_flags.have_proc_fds) { -+ DBG_ERR("fdescfs filesystem must be mounted with 'nodup' " -+ "option \n"); -+ errno = EBADF; -+ return -1; -+ } -+ -+ fd = fsp_get_pathref_fd(fsp); -+ proc_fd_path = sys_proc_fd_path(fd, buf, sizeof(buf)); -+ if (proc_fd_path == NULL) { -+ DBG_ERR("%s: failed to generate pathref fd for %d\n", -+ fsp_str_dbg(fsp), fd); -+ errno = EBADF; -+ return -1; -+ } -+ -+ smb_fname = (struct smb_filename) { -+ .base_name = discard_const_p(char, proc_fd_path) -+ }; -+ -+ return get_zfsacl(mem_ctx, &smb_fname, outbuf); -+ } -+ fd = fsp_get_io_fd(fsp); -+#else - fd = fsp_get_pathref_fd(fsp); -+#endif - if (fd == -1) { - errno = EBADF; - return -1; --- -2.43.0 - diff --git a/net/samba422/files/0100-Fix-pathref-handling-for-FreeBSD-13plus_samba42x.patch b/net/samba422/files/0100-Fix-pathref-handling-for-FreeBSD-13plus_samba42x.patch index 3a185fe..e69de29 100644 --- a/net/samba422/files/0100-Fix-pathref-handling-for-FreeBSD-13plus_samba42x.patch +++ b/net/samba422/files/0100-Fix-pathref-handling-for-FreeBSD-13plus_samba42x.patch @@ -1,515 +0,0 @@ -https://bugzilla.samba.org/show_bug.cgi?id=15376 - -# 2024-08-05 -# NOTE: Patch is partially split apart from the copy in net/samba419 due to Samba upstream -# making some Linux-specific changes. FreeBSD-specific linprocfs mount path bits are -# moved to a separate patch due to upstream hardcoding the Linux-specific procfs -# path in multiple places in commit 9f63fad392f3: -# https://git.samba.org/?p=samba.git;a=commitdiff;h=9f63fad392f3cff34d6a8e318e0427499170c417 - -diff -Naurp a/source3/include/proto.h b/source3/include/proto.h ---- a/source3/include/proto.h 2024-02-02 04:33:51.168489200 -0500 -+++ b/source3/include/proto.h 2024-08-05 21:25:56.723092000 -0400 -@@ -211,6 +211,10 @@ char *sys_proc_fd_path(int fd, struct sys_proc_fd_path - bool sys_have_proc_fds(void); - char *sys_proc_fd_path(int fd, struct sys_proc_fd_path_buf *buf); - -+int sys_open_real_fd_from_pathref_fd(int fd, -+ int *mfd, -+ int flags); -+ - struct stat; - void init_stat_ex_from_stat (struct stat_ex *dst, - const struct stat *src, -diff -Naurp a/source3/lib/system.c b/source3/lib/system.c ---- a/source3/lib/system.c 2024-02-02 04:33:51.188489400 -0500 -+++ b/source3/lib/system.c 2024-08-05 21:25:56.723571000 -0400 -@@ -1074,3 +1074,23 @@ char *sys_proc_fd_path(int fd, struct sys_proc_fd_path - - return buf->buf; - } -+ -+/* Helper function that opens a usable fd for accessing data -+ (metadata & content) from a pathref fd */ -+int sys_open_real_fd_from_pathref_fd(int fd, int *rfd, int flags) -+{ -+ int tfd; -+ -+#if defined(HAVE_OPENAT) && defined(O_EMPTY_PATH) -+ /* This works for FreeBSD 13+ atleast */ -+ tfd = openat(fd, "", O_EMPTY_PATH|flags); -+ if (tfd < 0) { -+ return errno; -+ } -+ -+ *rfd = tfd; -+ return 0; -+#else -+ return ENOSYS; -+#endif -+} -diff -Naurp a/source3/modules/vfs_default.c b/source3/modules/vfs_default.c ---- a/source3/modules/vfs_default.c 2024-08-02 07:54:09.629892300 -0400 -+++ b/source3/modules/vfs_default.c 2024-08-05 21:25:56.724593000 -0400 -@@ -2688,7 +2688,7 @@ static int vfswrap_fchmod(vfs_handle_struct *handle, f - - static int vfswrap_fchmod(vfs_handle_struct *handle, files_struct *fsp, mode_t mode) - { -- int result; -+ int result, fd, real_fd; - - START_PROFILE(syscall_fchmod); - -@@ -2698,8 +2698,9 @@ static int vfswrap_fchmod(vfs_handle_struct *handle, f - return result; - } - -+ fd = fsp_get_pathref_fd(fsp); -+ - if (fsp->fsp_flags.have_proc_fds) { -- int fd = fsp_get_pathref_fd(fsp); - struct sys_proc_fd_path_buf buf; - - result = chmod(sys_proc_fd_path(fd, &buf), mode); -@@ -2708,6 +2709,17 @@ static int vfswrap_fchmod(vfs_handle_struct *handle, f - return result; - } - -+ if (sys_open_real_fd_from_pathref_fd(fd, &real_fd, O_RDONLY|O_NONBLOCK) == 0) { -+ int saved_errno; -+ -+ result = fchmod(real_fd, mode); -+ saved_errno = errno; -+ close(real_fd); -+ errno = saved_errno; -+ END_PROFILE(syscall_fchmod); -+ return result; -+ } -+ - /* - * This is no longer a handle based call. - */ -@@ -2720,7 +2732,7 @@ static int vfswrap_fchown(vfs_handle_struct *handle, f - static int vfswrap_fchown(vfs_handle_struct *handle, files_struct *fsp, uid_t uid, gid_t gid) - { - #ifdef HAVE_FCHOWN -- int result; -+ int result, fd, real_fd; - - START_PROFILE(syscall_fchown); - if (!fsp->fsp_flags.is_pathref) { -@@ -2729,8 +2741,9 @@ static int vfswrap_fchown(vfs_handle_struct *handle, f - return result; - } - -+ fd = fsp_get_pathref_fd(fsp); -+ - if (fsp->fsp_flags.have_proc_fds) { -- int fd = fsp_get_pathref_fd(fsp); - struct sys_proc_fd_path_buf buf; - - result = chown(sys_proc_fd_path(fd, &buf), uid, gid); -@@ -2739,6 +2752,17 @@ static int vfswrap_fchown(vfs_handle_struct *handle, f - return result; - } - -+ if (sys_open_real_fd_from_pathref_fd(fd, &real_fd, O_RDONLY|O_NONBLOCK) == 0) { -+ int saved_errno; -+ -+ result = fchown(real_fd, uid, gid); -+ saved_errno = errno; -+ close(real_fd); -+ errno = saved_errno; -+ END_PROFILE(syscall_fchown); -+ return result; -+ } -+ - /* - * This is no longer a handle based call. - */ -@@ -2812,7 +2836,7 @@ static int vfswrap_fntimes(vfs_handle_struct *handle, - files_struct *fsp, - struct smb_file_time *ft) - { -- int result = -1; -+ int result = -1, fd, real_fd; - struct timespec ts[2]; - struct timespec *times = NULL; - -@@ -2857,8 +2881,9 @@ static int vfswrap_fntimes(vfs_handle_struct *handle, - goto out; - } - -+ fd = fsp_get_pathref_fd(fsp); -+ - if (fsp->fsp_flags.have_proc_fds) { -- int fd = fsp_get_pathref_fd(fsp); - struct sys_proc_fd_path_buf buf; - - result = utimensat(AT_FDCWD, -@@ -2869,6 +2894,16 @@ static int vfswrap_fntimes(vfs_handle_struct *handle, - goto out; - } - -+ if (sys_open_real_fd_from_pathref_fd(fd, &real_fd, O_RDONLY|O_NONBLOCK) == 0) { -+ int saved_errno; -+ -+ result = futimens(real_fd, times); -+ saved_errno = errno; -+ close(real_fd); -+ errno = saved_errno; -+ goto out; -+ } -+ - /* - * The fd is a pathref (opened with O_PATH) and there isn't fd to - * path translation mechanism. Fallback to path based call. -@@ -3272,6 +3307,7 @@ static int vfswrap_fchflags(vfs_handle_struct *handle, - { - #ifdef HAVE_FCHFLAGS - int fd = fsp_get_pathref_fd(fsp); -+ int real_fd; - - SMB_ASSERT(!fsp_is_alternate_stream(fsp)); - -@@ -3285,6 +3321,16 @@ static int vfswrap_fchflags(vfs_handle_struct *handle, - return chflags(sys_proc_fd_path(fd, &buf), flags); - } - -+ if (sys_open_real_fd_from_pathref_fd(fd, &real_fd, O_RDONLY|O_NONBLOCK) == 0) { -+ int saved_errno, result; -+ -+ result = fchflags(real_fd, flags); -+ saved_errno = errno; -+ close(real_fd); -+ errno = saved_errno; -+ return result; -+ } -+ - /* - * This is no longer a handle based call. - */ -@@ -3513,6 +3559,7 @@ static ssize_t vfswrap_fgetxattr(struct vfs_handle_str - size_t size) - { - int fd = fsp_get_pathref_fd(fsp); -+ int real_fd; - - SMB_ASSERT(!fsp_is_alternate_stream(fsp)); - -@@ -3526,6 +3573,16 @@ static ssize_t vfswrap_fgetxattr(struct vfs_handle_str - return getxattr(sys_proc_fd_path(fd, &buf), name, value, size); - } - -+ if (sys_open_real_fd_from_pathref_fd(fd, &real_fd, O_RDONLY|O_NONBLOCK) == 0) { -+ int saved_errno, result; -+ -+ result = fgetxattr(real_fd, name, value, size); -+ saved_errno = errno; -+ close(real_fd); -+ errno = saved_errno; -+ return result; -+ } -+ - /* - * This is no longer a handle based call. - */ -@@ -3833,6 +3890,7 @@ static ssize_t vfswrap_flistxattr(struct vfs_handle_st - static ssize_t vfswrap_flistxattr(struct vfs_handle_struct *handle, struct files_struct *fsp, char *list, size_t size) - { - int fd = fsp_get_pathref_fd(fsp); -+ int real_fd; - - SMB_ASSERT(!fsp_is_alternate_stream(fsp)); - -@@ -3846,6 +3904,16 @@ static ssize_t vfswrap_flistxattr(struct vfs_handle_st - return listxattr(sys_proc_fd_path(fd, &buf), list, size); - } - -+ if (sys_open_real_fd_from_pathref_fd(fd, &real_fd, O_RDONLY|O_NONBLOCK) == 0) { -+ int saved_errno, result; -+ -+ result = flistxattr(real_fd, list, size); -+ saved_errno = errno; -+ close(real_fd); -+ errno = saved_errno; -+ return result; -+ } -+ - /* - * This is no longer a handle based call. - */ -@@ -3855,6 +3923,7 @@ static int vfswrap_fremovexattr(struct vfs_handle_stru - static int vfswrap_fremovexattr(struct vfs_handle_struct *handle, struct files_struct *fsp, const char *name) - { - int fd = fsp_get_pathref_fd(fsp); -+ int real_fd; - - SMB_ASSERT(!fsp_is_alternate_stream(fsp)); - -@@ -3868,6 +3937,16 @@ static int vfswrap_fremovexattr(struct vfs_handle_stru - return removexattr(sys_proc_fd_path(fd, &buf), name); - } - -+ if (sys_open_real_fd_from_pathref_fd(fd, &real_fd, O_RDONLY|O_NONBLOCK) == 0) { -+ int saved_errno, result; -+ -+ result = fremovexattr(real_fd, name); -+ saved_errno = errno; -+ close(real_fd); -+ errno = saved_errno; -+ return result; -+ } -+ - /* - * This is no longer a handle based call. - */ -@@ -3877,6 +3956,7 @@ static int vfswrap_fsetxattr(struct vfs_handle_struct - static int vfswrap_fsetxattr(struct vfs_handle_struct *handle, struct files_struct *fsp, const char *name, const void *value, size_t size, int flags) - { - int fd = fsp_get_pathref_fd(fsp); -+ int real_fd; - - SMB_ASSERT(!fsp_is_alternate_stream(fsp)); - -@@ -3892,6 +3972,16 @@ static int vfswrap_fsetxattr(struct vfs_handle_struct - value, - size, - flags); -+ } -+ -+ if (sys_open_real_fd_from_pathref_fd(fd, &real_fd, O_RDONLY|O_NONBLOCK) == 0) { -+ int saved_errno, result; -+ -+ result = fsetxattr(real_fd, name, value, size, flags); -+ saved_errno = errno; -+ close(real_fd); -+ errno = saved_errno; -+ return result; - } - - /* -diff -Naurp a/source3/modules/vfs_zfsacl.c b/source3/modules/vfs_zfsacl.c ---- a/source3/modules/vfs_zfsacl.c 2024-02-02 04:33:51.236489800 -0500 -+++ b/source3/modules/vfs_zfsacl.c 2024-08-05 21:25:56.724941000 -0400 -@@ -234,13 +234,39 @@ static bool zfs_process_smbacl(vfs_handle_struct *hand - - SMB_ASSERT(i == naces); - -- /* store acl */ -- fd = fsp_get_pathref_fd(fsp); -- if (fd == -1) { -- errno = EBADF; -- return false; -+ if (!fsp->fsp_flags.is_pathref) { -+ rv = facl(fsp_get_io_fd(fsp), ACE_SETACL, naces, acebuf); -+ } else { -+ const char *procfd_p = NULL; -+ char buf[PATH_MAX]; -+ -+ fd = fsp_get_pathref_fd(fsp); -+ if (fsp->fsp_flags.have_proc_fds && (procfd_p = sys_proc_fd_path(fd, &buf))) { -+ rv = acl(procfd_p, ACE_SETACL, naces, acebuf); -+ } else { -+ int real_fd; -+ -+ fd = fsp_get_pathref_fd(fsp); -+ -+ /* First try this for versions of FreeBSD 13+ that allows facl() on O_PATH fd's */ -+ rv = facl(fd, ACE_SETACL, naces, acebuf); -+ -+ if (rv < 0 && errno == EBADF && -+ sys_open_real_fd_from_pathref_fd(fd, &real_fd, O_RDONLY|O_NONBLOCK) == 0) { -+ /* Works on FreeBSD 13+ */ -+ int saved_errno; -+ -+ rv = facl(real_fd, ACE_SETACL, naces, acebuf); -+ saved_errno = errno; -+ close(real_fd); -+ errno = saved_errno; -+ } else { -+ /* Last ditch fallback */ -+ rv = acl(fsp->fsp_name->base_name, ACE_SETACL, naces, acebuf); -+ } -+ } - } -- rv = facl(fd, ACE_SETACL, naces, acebuf); -+ - if (rv != 0) { - if(errno == ENOSYS) { - DEBUG(9, ("acl(ACE_SETACL, %s): Operation is not " -@@ -284,14 +310,39 @@ static int fget_zfsacl(TALLOC_CTX *mem_ctx, - { - int naces, rv; - ace_t *acebuf = NULL; -- int fd; -+ int fd = -1; -+ const char *procfd_p = NULL; -+ char buf[PATH_MAX]; - -- fd = fsp_get_pathref_fd(fsp); -- if (fd == -1) { -- errno = EBADF; -- return -1; -+ if (!fsp->fsp_flags.is_pathref) { -+ naces = facl(fsp_get_io_fd(fsp), ACE_GETACLCNT, 0, NULL); -+ } else { -+ fd = fsp_get_pathref_fd(fsp); -+ -+ if (fsp->fsp_flags.have_proc_fds && (procfd_p = sys_proc_fd_path(fd, &buf))) { -+ /* If we have procfd support, try this first */ -+ naces = acl(procfd_p, ACE_GETACLCNT, 0, NULL); -+ } else { -+ int real_fd; -+ -+ /* First try this for versions of FreeBSD 13+ that allows facl() on O_PATH fd's */ -+ naces = facl(fd, ACE_GETACLCNT, 0, NULL); -+ if (naces < 0 && errno == EBADF && -+ sys_open_real_fd_from_pathref_fd(fd, &real_fd, O_RDONLY|O_NONBLOCK) == 0) { -+ /* Works on FreeBSD 13+ */ -+ int saved_errno; -+ -+ naces = facl(real_fd, ACE_GETACLCNT, 0, NULL); -+ saved_errno = errno; -+ close(real_fd); -+ errno = saved_errno; -+ } else { -+ /* Last ditch fallback */ -+ naces = acl(fsp->fsp_name->base_name, ACE_GETACLCNT, 0, NULL); -+ } -+ } - } -- naces = facl(fd, ACE_GETACLCNT, 0, NULL); -+ - if (naces == -1) { - int dbg_level = 10; - -@@ -309,7 +360,32 @@ static int fget_zfsacl(TALLOC_CTX *mem_ctx, - return -1; - } - -- rv = facl(fd, ACE_GETACL, naces, acebuf); -+ if (!fsp->fsp_flags.is_pathref) { -+ rv = facl(fsp_get_io_fd(fsp), ACE_GETACL, naces, acebuf); -+ } else { -+ if (procfd_p) { -+ rv = acl(procfd_p, ACE_GETACL, naces, acebuf); -+ } else { -+ int real_fd; -+ -+ /* First try this for versions of FreeBSD that allows facl() on O_PATH fd's */ -+ rv = facl(fd, ACE_GETACL, naces, acebuf); -+ if (rv < 0 && errno == EBADF && -+ sys_open_real_fd_from_pathref_fd(fd, &real_fd, O_RDONLY|O_NONBLOCK) == 0) { -+ /* Works on FreeBSD 13+ */ -+ int saved_errno; -+ -+ rv = facl(real_fd, ACE_GETACL, naces, acebuf); -+ saved_errno = errno; -+ close(real_fd); -+ errno = saved_errno; -+ } else { -+ /* Last ditch fallback */ -+ rv = acl(fsp->fsp_name->base_name, ACE_GETACL, naces, acebuf); -+ } -+ } -+ } -+ - if (rv == -1) { - DBG_DEBUG("acl(ACE_GETACL, %s): %s\n", - fsp_str_dbg(fsp), strerror(errno)); -diff -Naurp a/source3/smbd/open.c b/source3/smbd/open.c ---- a/source3/smbd/open.c 2024-08-02 07:54:09.637892500 -0400 -+++ b/source3/smbd/open.c 2024-08-05 21:27:26.052148000 -0400 -@@ -1169,51 +1169,54 @@ static NTSTATUS reopen_from_fsp(struct files_struct *d - const struct vfs_open_how *how, - bool *p_file_created) - { -- NTSTATUS status; -- int old_fd; -+ NTSTATUS status; -+ int old_fd; - -- if (fsp->fsp_flags.have_proc_fds && -- ((old_fd = fsp_get_pathref_fd(fsp)) != -1)) { -+ old_fd = fsp_get_pathref_fd(fsp); -+ if (old_fd == -1) { -+ int new_fd; -+ if (sys_open_real_fd_from_pathref_fd(old_fd, &new_fd, how->flags) != 0) { -+ if (fsp->fsp_flags.have_proc_fds) { -+ struct sys_proc_fd_path_buf buf; -+ struct smb_filename proc_fname = (struct smb_filename){ -+ .base_name = sys_proc_fd_path(old_fd, &buf), -+ }; -+ mode_t mode = fsp->fsp_name->st.st_ex_mode; - -- struct sys_proc_fd_path_buf buf; -- struct smb_filename proc_fname = (struct smb_filename){ -- .base_name = sys_proc_fd_path(old_fd, &buf), -- }; -- mode_t mode = fsp->fsp_name->st.st_ex_mode; -- int new_fd; -+ SMB_ASSERT(fsp->fsp_flags.is_pathref); - -- SMB_ASSERT(fsp->fsp_flags.is_pathref); -+ if (S_ISLNK(mode)) { -+ return NT_STATUS_STOPPED_ON_SYMLINK; -+ } -+ if (!(S_ISREG(mode) || S_ISDIR(mode))) { -+ return NT_STATUS_IO_REPARSE_TAG_NOT_HANDLED; -+ } - -- if (S_ISLNK(mode)) { -- return NT_STATUS_STOPPED_ON_SYMLINK; -- } -- if (!(S_ISREG(mode) || S_ISDIR(mode))) { -- return NT_STATUS_IO_REPARSE_TAG_NOT_HANDLED; -- } -+ new_fd = SMB_VFS_OPENAT(fsp->conn, -+ fsp->conn->cwd_fsp, -+ &proc_fname, -+ fsp, -+ how); -+ if (new_fd == -1) { -+ status = map_nt_error_from_unix(errno); -+ fd_close(fsp); -+ return status; -+ } - -- fsp->fsp_flags.is_pathref = false; -+ status = fd_close(fsp); -+ if (!NT_STATUS_IS_OK(status)) { -+ return status; -+ } - -- new_fd = SMB_VFS_OPENAT(fsp->conn, -- fsp->conn->cwd_fsp, -- &proc_fname, -- fsp, -- how); -- if (new_fd == -1) { -- status = map_nt_error_from_unix(errno); -- fd_close(fsp); -- return status; -- } -+ fsp_set_fd(fsp, new_fd); -+ fsp->fsp_flags.is_pathref = false; - -- status = fd_close(fsp); -- if (!NT_STATUS_IS_OK(status)) { -- return status; -- } -+ return NT_STATUS_OK; -+ } -+ } -+ } - -- fsp_set_fd(fsp, new_fd); -- return NT_STATUS_OK; -- } -- -- /* -+ /* - * Close the existing pathref fd and set the fsp flag - * is_pathref to false so we get a "normal" fd this time. - */ diff --git a/net/samba422/files/0102-FreeBSD-vfs_freebsd-fix-sys_proc_fd_path-args.patch b/net/samba422/files/0102-FreeBSD-vfs_freebsd-fix-sys_proc_fd_path-args.patch index 62bd8f0..e69de29 100644 --- a/net/samba422/files/0102-FreeBSD-vfs_freebsd-fix-sys_proc_fd_path-args.patch +++ b/net/samba422/files/0102-FreeBSD-vfs_freebsd-fix-sys_proc_fd_path-args.patch @@ -1,53 +0,0 @@ -# 2024-08-05 -# NOTE: The 'sys_proc_fd_path' function had its signature changed in commit 9f63fad392f3 to drop -# the third 'size_t bufsize' parameter. Upstream changed all of the code except for that -# in vfs_freebsd.c. - -diff -Naurp a/source3/modules/vfs_freebsd.c b/source3/modules/vfs_freebsd.c ---- a/source3/modules/vfs_freebsd.c 2024-08-05 20:18:53.656593000 -0400 -+++ b/source3/modules/vfs_freebsd.c 2024-08-05 20:22:54.634979000 -0400 -@@ -197,7 +197,7 @@ static ssize_t extattr_size(struct files_struct *fsp, - const char *path = fsp->fsp_name->base_name; - if (fsp->fsp_flags.have_proc_fds) { - char buf[PATH_MAX]; -- path = sys_proc_fd_path(fd, buf, sizeof(buf)); -+ path = sys_proc_fd_path(fd, &buf); - if (path == NULL) { - return -1; - } -@@ -251,7 +251,7 @@ static ssize_t freebsd_extattr_list(struct files_struc - const char *path = fsp->fsp_name->base_name; - if (fsp->fsp_flags.have_proc_fds) { - char buf[PATH_MAX]; -- path = sys_proc_fd_path(fd, buf, sizeof(buf)); -+ path = sys_proc_fd_path(fd, &buf); - if (path == NULL) { - return -1; - } -@@ -431,7 +431,7 @@ static ssize_t freebsd_fgetxattr(struct vfs_handle_str - const char *path = fsp->fsp_name->base_name; - if (fsp->fsp_flags.have_proc_fds) { - char buf[PATH_MAX]; -- path = sys_proc_fd_path(fd, buf, sizeof(buf)); -+ path = sys_proc_fd_path(fd, &buf); - if (path == NULL) { - return -1; - } -@@ -506,7 +506,7 @@ static int freebsd_fremovexattr(struct vfs_handle_stru - const char *path = fsp->fsp_name->base_name; - if (fsp->fsp_flags.have_proc_fds) { - char buf[PATH_MAX]; -- path = sys_proc_fd_path(fd, buf, sizeof(buf)); -+ path = sys_proc_fd_path(fd, &buf); - if (path == NULL) { - return -1; - } -@@ -583,7 +583,7 @@ static int freebsd_fsetxattr(struct vfs_handle_struct - const char *path = fsp->fsp_name->base_name; - if (fsp->fsp_flags.have_proc_fds) { - char buf[PATH_MAX]; -- path = sys_proc_fd_path(fd, buf, sizeof(buf)); -+ path = sys_proc_fd_path(fd, &buf); - if (path == NULL) { - return -1; - } diff --git a/net/samba422/files/README.FreeBSD.in b/net/samba422/files/README.FreeBSD.in index d89cfe7..9ab4faa 100644 --- a/net/samba422/files/README.FreeBSD.in +++ b/net/samba422/files/README.FreeBSD.in @@ -54,11 +54,11 @@ content of the '/var/db/samba/' directory. # samba-tool domain classicupgrade -%%AD_DC%%1c. You will need to specify location of the 'nsupdate' command in the -%%AD_DC%%'%%SAMBA4_CONFIG%%' file: -%%AD_DC%% -%%AD_DC%% nsupdate command = %%PREFIX%%/bin/samba-nsupdate -g -%%AD_DC%% +%%AC_DC%%1c. You will need to specify location of the 'nsupdate' command in the +%%AC_DC%%'%%SAMBA4_CONFIG%%' file: +%%AC_DC%% +%%AC_DC%% nsupdate command = %%PREFIX%%/bin/samba-nsupdate -g +%%AC_DC%% 2. Put string 'samba_server_enable="YES"' into your /etc/rc.conf. 3. Make sure that your server doesn't run Samba3, OpenLDAP and named. diff --git a/net/samba422/files/patch-docs-xml_manpages_vfs__freebsd.8.xml b/net/samba422/files/patch-docs-xml_manpages_vfs__freebsd.8.xml new file mode 100644 index 0000000..b19ecaf --- /dev/null +++ b/net/samba422/files/patch-docs-xml_manpages_vfs__freebsd.8.xml @@ -0,0 +1,172 @@ +--- docs-xml/manpages/vfs_freebsd.8.xml.orig 2025-07-11 10:55:41 UTC ++++ docs-xml/manpages/vfs_freebsd.8.xml +@@ -0,0 +1,169 @@ ++ ++ ++ ++ ++ ++ vfs_freebsd ++ 8 ++ Samba ++ System Administration tools ++ &doc.version; ++ ++ ++ ++ vfs_freebsd ++ FreeBSD-specific VFS functions ++ ++ ++ ++ ++ vfs objects = freebsd ++ ++ ++ ++ ++ DESCRIPTION ++ ++ This VFS module is part of the samba ++ 7 suite. ++ ++ The vfs_freebsd module implements some of the FreeBSD-specific VFS functions. ++ ++ This module is stackable. ++ ++ ++ ++ ++ OPTIONS ++ ++ ++ ++ ++ freebsd:extattr mode=[legacy|compat|secure] ++ ++ This parameter defines how the emulation of the Linux attr(5) extended attributes ++ is performed through the FreeBSD native extattr(9) system calls. ++ ++ Currently the security, system, ++ trusted and user extended attribute(xattr) ++ classes are defined in Linux. Contrary FreeBSD has only USER ++ and SYSTEM extended attribute(extattr) namespaces, so mapping ++ of one set into another isn't straightforward and can be done in different ways. ++ ++ Historically the Samba(7) built-in xattr mapping implementation simply converted ++ system and user xattr into corresponding ++ SYSTEM and USER extattr namespaces, dropping ++ the class prefix name with the separating dot and using attribute name only within the ++ mapped namespace. It also rejected any other xattr classes, like security ++ and trusted as invalid. Such behavior in particular broke AD ++ provisioning on UFS2 file systems as essential security.NTACL ++ xattr was rejected as invalid. ++ ++ This module tries to address this problem and provide secure, where it's possible, ++ way to map Linux xattr into FreeBSD's extattr. ++ ++ When mode is set to the legacy (default) ++ then modified version of built-in mapping is used, where system xattr ++ is mapped into SYSTEM namespace, while secure, trusted ++ and user xattr are all mapped into the USER namespace, dropping class ++ prefixes and mix them all together. This is the way how Samba FreeBSD ports were patched ++ up to the 4.9 version and that created multiple potential security issues. This mode is aimed for ++ the compatibility with the legacy installations only and should be avoided in new setups. ++ ++ The compat mode is mostly designed for the jailed environments, ++ where it's not possible to write extattrs into the secure SYSTEM namespace, so all four ++ classes are mapped into the USER namespace. To preserve information about origin of the ++ extended attribute it is stored together with the class preffix in the class.attribute ++ format. ++ ++ The secure mode is meant for storing extended attributes in a secure ++ manner, so that security, system and trusted ++ are stored in the SYSTEM namespace, which can be modified only by root. ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ Attributes mapping ++ ++ ++ ++ ++ built-in ++ legacy ++ compat/jail ++ secure ++ ++ ++ ++ ++ user ++ USER; attribute ++ USER; attribute ++ USER; user.attribute ++ USER; user.attribute ++ ++ ++ system ++ SYSTEM; attribute ++ SYSTEM; attribute ++ USER; system.attribute ++ SYSTEM; system.attribute ++ ++ ++ trusted ++ FAIL ++ USER; attribute ++ USER; trusted.attribute ++ SYSTEM; trusted.attribute ++ ++ ++ security ++ FAIL ++ USER; attribute ++ USER; security.attribute ++ SYSTEM; security.attribute ++ ++ ++ ++
++ ++ ++ ++ EXAMPLES ++ ++ Use secure method of setting extended attributes on the share: ++ ++ ++ ++ freebsd ++ secure ++ ++ ++ ++ ++ ++ VERSION ++ ++ This man page is part of version &doc.version; of the Samba suite. ++ ++ ++ ++ ++ AUTHOR ++ ++ The original Samba software and related utilities ++ were created by Andrew Tridgell. Samba is now developed ++ by the Samba Team as an Open Source project similar ++ to the way the Linux kernel is developed. ++ ++ This module was written by Timur I. Bakeyev ++ ++ ++ ++ diff --git a/net/samba422/files/patch-docs-xml_wscript__build b/net/samba422/files/patch-docs-xml_wscript__build new file mode 100644 index 0000000..cc8e028 --- /dev/null +++ b/net/samba422/files/patch-docs-xml_wscript__build @@ -0,0 +1,10 @@ +--- docs-xml/wscript_build.orig 2025-02-06 10:31:53 UTC ++++ docs-xml/wscript_build +@@ -88,6 +88,7 @@ vfs_module_manpages = ['vfs_acl_tdb', + 'vfs_extd_audit', + 'vfs_fake_perms', + 'vfs_fileid', ++ 'vfs_freebsd', + 'vfs_fruit', + 'vfs_full_audit', + 'vfs_glusterfs', diff --git a/net/samba422/files/patch-lib_ldb_wscript b/net/samba422/files/patch-lib_ldb_wscript index e21e426..e69de29 100644 --- a/net/samba422/files/patch-lib_ldb_wscript +++ b/net/samba422/files/patch-lib_ldb_wscript @@ -1,61 +0,0 @@ ---- lib/ldb/wscript.orig 2019-07-08 12:47:51 UTC -+++ lib/ldb/wscript -@@ -208,7 +208,7 @@ def build(bld): - if bld.env.standalone_ldb: - if not 'PACKAGE_VERSION' in bld.env: - bld.env.PACKAGE_VERSION = VERSION -- bld.env.PKGCONFIGDIR = '${LIBDIR}/pkgconfig' -+ bld.env.PKGCONFIGDIR = '%%PKGCONFIGDIR%%' - private_library = False - else: - private_library = True -@@ -285,7 +285,6 @@ def build(bld): - pc_files='ldb.pc', - vnum=VERSION, - private_library=private_library, -- manpages='man/ldb.3', - abi_directory='ABI', - abi_match = abi_match) - -@@ -438,7 +437,7 @@ def build(bld): - - LDB_TOOLS='ldbadd ldbsearch ldbdel ldbmodify ldbedit ldbrename' - for t in LDB_TOOLS.split(): -- bld.SAMBA_BINARY(t, 'tools/%s.c' % t, deps='ldb-cmdline ldb', -+ bld.SAMBA_BINARY('samba-%s' % t, 'tools/%s.c' % t, deps='ldb-cmdline ldb', - manpages='man/%s.1' % t) - - # ldbtest doesn't get installed -@@ -450,10 +449,10 @@ def build(bld): - else: - lmdb_deps = '' - # ldbdump doesn't get installed -- bld.SAMBA_BINARY('ldbdump', -+ bld.SAMBA_BINARY('samba-ldbdump', - 'tools/ldbdump.c', - deps='ldb-cmdline ldb' + lmdb_deps, -- install=False) -+ install=True) - - bld.SAMBA_LIBRARY('ldb-cmdline', - source='tools/ldbutil.c tools/cmdline.c', -@@ -498,11 +497,6 @@ def build(bld): - deps='cmocka ldb', - install=False) - -- bld.SAMBA_BINARY('ldb_match_test', -- source='tests/ldb_match_test.c', -- deps='cmocka ldb', -- install=False) -- - bld.SAMBA_BINARY('ldb_key_value_test', - source='tests/ldb_key_value_test.c', - deps='cmocka ldb ldb_tdb_err_map', -@@ -641,7 +635,6 @@ def test(ctx): - 'ldb_tdb_guid_mod_op_test', - 'ldb_tdb_kv_ops_test', - 'ldb_tdb_test', -- 'ldb_match_test', - 'ldb_key_value_test', - # we currently don't run ldb_key_value_sub_txn_tdb_test as it - # tests the nested/sub transaction handling diff --git a/net/samba422/files/patch-lib_util_util_crypt_c b/net/samba422/files/patch-lib_util_util_crypt_c new file mode 100644 index 0000000..362f9a4 --- /dev/null +++ b/net/samba422/files/patch-lib_util_util_crypt_c @@ -0,0 +1,15 @@ +Index: lib/util/util_crypt.c +--- lib/util/util_crypt.c.orig ++++ lib/util/util_crypt.c +@@ -2,7 +2,11 @@ + #include "data_blob.h" + #include "discard.h" + #include ++#ifdef __FreeBSD__ ++#include ++#else + #include ++#endif + #include "util_crypt.h" + + diff --git a/net/samba422/files/patch-lib_util_wscript__build b/net/samba422/files/patch-lib_util_wscript__build index 5b88f21..e69de29 100644 --- a/net/samba422/files/patch-lib_util_wscript__build +++ b/net/samba422/files/patch-lib_util_wscript__build @@ -1,11 +0,0 @@ ---- lib/util/wscript_build.orig 2019-05-07 08:38:21 UTC -+++ lib/util/wscript_build -@@ -151,7 +151,7 @@ else: - - bld.SAMBA_LIBRARY('samba-modules', - source='modules.c', -- deps='samba-errors samba-util', -+ deps='samba-errors samba-util samba-debug', - local_include=False, - private_library=True) - diff --git a/net/samba422/files/patch-python_samba_join.py b/net/samba422/files/patch-python_samba_join.py new file mode 100644 index 0000000..79f3280 --- /dev/null +++ b/net/samba422/files/patch-python_samba_join.py @@ -0,0 +1,11 @@ +--- python/samba/join.py.orig 2025-02-06 10:31:54 UTC ++++ python/samba/join.py +@@ -917,7 +917,7 @@ class DCJoinContext(object): + secrets_ldb = Ldb(ctx.paths.secrets, session_info=system_session(), lp=ctx.lp) + + provision_fill(ctx.local_samdb, secrets_ldb, +- ctx.logger, ctx.names, ctx.paths, ++ ctx.logger, ctx.names, ctx.targetdir, ctx.paths, + dom_for_fun_level=ctx.behavior_version, + samdb_fill=FILL_SUBDOMAIN, + machinepass=ctx.acct_pass, serverrole="active directory domain controller", diff --git a/net/samba422/files/patch-python_samba_provision_____init____.py b/net/samba422/files/patch-python_samba_provision_____init____.py new file mode 100644 index 0000000..c5aa0c9 --- /dev/null +++ b/net/samba422/files/patch-python_samba_provision_____init____.py @@ -0,0 +1,71 @@ +--- python/samba/provision/__init__.py.orig 2025-02-06 10:31:54 UTC ++++ python/samba/provision/__init__.py +@@ -1671,19 +1671,25 @@ def setsysvolacl(samdb, sysvol, uid, gid, domainsid, d + s3conf = s3param.get_context() + s3conf.load(lp.configfile) + +- file = tempfile.NamedTemporaryFile(dir=os.path.abspath(sysvol)) ++ sysvol_dir = os.path.abspath(sysvol) ++ ++ set_simple_acl = smbd.set_simple_acl ++ if smbd.has_nfsv4_acls(sysvol_dir): ++ set_simple_acl = smbd.set_simple_nfsv4_acl ++ ++ file = tempfile.NamedTemporaryFile(dir=sysvol_dir) + try: + try: +- smbd.set_simple_acl(file.name, 0o755, system_session_unix(), gid) ++ set_simple_acl(file.name, 0o755, system_session_unix(), gid) + except OSError: +- if not smbd.have_posix_acls(): ++ if not smbd.have_posix_acls() and not smbd.have_nfsv4_acls(): + # This clue is only strictly correct for RPM and + # Debian-like Linux systems, but hopefully other users + # will get enough clue from it. +- raise ProvisioningError("Samba was compiled without the posix ACL support that s3fs requires. " ++ raise ProvisioningError("Samba was compiled without the ACL support that s3fs requires. " + "Try installing libacl1-dev or libacl-devel, then re-run configure and make.") + +- raise ProvisioningError("Your filesystem or build does not support posix ACLs, which s3fs requires. " ++ raise ProvisioningError("Your filesystem or build does not support ACLs, which s3fs requires. " + "Try the mounting the filesystem with the 'acl' option.") + try: + smbd.chown(file.name, uid, gid, system_session_unix()) +@@ -1906,7 +1912,7 @@ def interface_ips_v6(lp): + return ret + + +-def provision_fill(samdb, secrets_ldb, logger, names, paths, ++def provision_fill(samdb, secrets_ldb, logger, names, paths, targetdir, + schema=None, + samdb_fill=FILL_FULL, + hostip=None, hostip6=None, +@@ -1965,6 +1971,9 @@ def provision_fill(samdb, secrets_ldb, logger, names, + samdb.transaction_commit() + + if serverrole == "active directory domain controller": ++ if targetdir and smbd.have_nfsv4_acls() and smbd.has_nfsv4_acls(targetdir): ++ smbd.set_nfsv4_defaults() ++ + # Continue setting up sysvol for GPO. This appears to require being + # outside a transaction. + if not skip_sysvolacl: +@@ -2341,6 +2350,9 @@ def provision(logger, session_info, smbconf=None, + if not os.path.isdir(paths.netlogon): + os.makedirs(paths.netlogon, 0o755) + ++ if smbd.have_nfsv4_acls() and smbd.has_nfsv4_acls(paths.sysvol): ++ smbd.set_nfsv4_defaults() ++ + if adminpass is None: + adminpass = samba.generate_random_password(12, 32) + adminpass_generated = True +@@ -2350,7 +2362,7 @@ def provision(logger, session_info, smbconf=None, + adminpass_generated = False + + if samdb_fill == FILL_FULL: +- provision_fill(samdb, secrets_ldb, logger, names, paths, ++ provision_fill(samdb, secrets_ldb, logger, names, paths, targetdir, + schema=schema, samdb_fill=samdb_fill, + hostip=hostip, hostip6=hostip6, + next_rid=next_rid, dc_rid=dc_rid, adminpass=adminpass, diff --git a/net/samba422/files/patch-python_samba_tdb__util.py b/net/samba422/files/patch-python_samba_tdb__util.py index ffbe35f..e69de29 100644 --- a/net/samba422/files/patch-python_samba_tdb__util.py +++ b/net/samba422/files/patch-python_samba_tdb__util.py @@ -1,15 +0,0 @@ ---- python/samba/tdb_util.py.orig 2025-02-17 11:38:24.136379000 +0100 -+++ python/samba/tdb_util.py 2025-02-17 11:38:44.171612000 +0100 -@@ -37,9 +37,10 @@ - raise FileNotFoundError(2, "could not find tdbbackup tool: " - "is tdb-tools installed?") - -- tdbbackup_cmd = [toolpath, "-s", ".copy.tdb", file1] - if readonly: -- tdbbackup_cmd.append("-r") -+ tdbbackup_cmd = [toolpath, "-r", "-s", ".copy.tdb", file1] -+ else: -+ tdbbackup_cmd = [toolpath, "-s", ".copy.tdb", file1] - - status = subprocess.check_call(tdbbackup_cmd, close_fds=True, shell=False) - diff --git a/net/samba422/files/patch-source3_lib_sysacls.c b/net/samba422/files/patch-source3_lib_sysacls.c new file mode 100644 index 0000000..dda39ee --- /dev/null +++ b/net/samba422/files/patch-source3_lib_sysacls.c @@ -0,0 +1,19 @@ +--- source3/lib/sysacls.c.orig 2025-02-06 10:31:54 UTC ++++ source3/lib/sysacls.c +@@ -38,6 +38,16 @@ + #include "modules/vfs_aixacl.h" + #endif + ++/* ++ * NFSv4 ACL's should be understood and a first class citizen. Work ++ * needs to be done in librpc/idl/smb_acl.idl for this to occur. ++ */ ++#if defined(HAVE_LIBSUNACL) && defined(FREEBSD) ++#if 0 ++#include "modules/nfs4_acls.h" ++#endif ++#endif ++ + #undef DBGC_CLASS + #define DBGC_CLASS DBGC_ACLS + diff --git a/net/samba422/files/patch-source3_modules_vfs__zfsacl.c b/net/samba422/files/patch-source3_modules_vfs__zfsacl.c new file mode 100644 index 0000000..d96450f --- /dev/null +++ b/net/samba422/files/patch-source3_modules_vfs__zfsacl.c @@ -0,0 +1,182 @@ +--- source3/modules/vfs_zfsacl.c 2024-07-29 11:03:15.390630700 +0200 ++++ source3/modules/vfs_zfsacl.c 2025-01-07 15:56:32.048227000 +0100 +@@ -169,6 +169,7 @@ + bool must_add_empty_ace = false; + struct zfsacl_config_data *config = NULL; + int fd; ++ struct sys_proc_fd_path_buf buf; + + SMB_VFS_HANDLE_GET_DATA(handle, config, + struct zfsacl_config_data, +@@ -235,24 +236,52 @@ + SMB_ASSERT(i == naces); + + /* store acl */ +- fd = fsp_get_pathref_fd(fsp); +- if (fd == -1) { ++ ++ if (!fsp->fsp_flags.is_pathref) { ++ fd = fsp_get_io_fd(fsp); ++ ++ rv = facl(fd, ACE_SETACL, naces, acebuf); ++ if (rv != 0) { ++ DEBUG(8, ("zfs_process_smbacl(%s): Not PATHREF: facl(ACE_SETACL, %d): %s\n", ++ fsp_str_dbg(fsp), naces, ++ strerror(errno))); ++ return false; ++ } ++ DEBUG(10, ("zfs_process_smbacl(%s): Not PATHREF: facl(ACE_SETACL, %d) -> %d\n", ++ fsp_str_dbg(fsp), naces, ++ rv)); ++ ++ } else if (fsp->fsp_flags.have_proc_fds) { ++ fd = fsp_get_pathref_fd(fsp); ++ if (fd == -1) { ++ DEBUG(8, ("zfs_process_smbacl(%s): PATHREF(proc_fd): fsp_get_pathref_fd=-1: %s\n", ++ fsp_str_dbg(fsp), strerror(errno))); + errno = EBADF; + return false; +- } +- rv = facl(fd, ACE_SETACL, naces, acebuf); +- if (rv != 0) { +- if(errno == ENOSYS) { +- DEBUG(9, ("acl(ACE_SETACL, %s): Operation is not " +- "supported on the filesystem where the file " +- "resides\n", fsp_str_dbg(fsp))); +- } else { +- DEBUG(9, ("acl(ACE_SETACL, %s): %s\n", fsp_str_dbg(fsp), +- strerror(errno))); +- } ++ } ++ rv = acl(sys_proc_fd_path(fd, &buf), ACE_SETACL, naces, acebuf); ++ if (rv != 0) { ++ DEBUG(8, ("zfs_process_smbacl(%s): acl(ACE_SETACL, %d): %s\n", ++ fsp_str_dbg(fsp), naces, ++ strerror(errno))); + return false; ++ } ++ DEBUG(10, ("zfs_process_smbacl(%s): PATHREF(proc_fd): acl(ACE_SETACL, %d) -> %d\n", ++ fsp_str_dbg(fsp), naces, ++ rv)); ++ } else { ++ rv = acl(fsp->fsp_name->base_name, ACE_SETACL, naces, acebuf); ++ if (rv != 0) { ++ DEBUG(8, ("zfs_process_smbacl(%s): PATHREF(base_name): acl(ACE_SETACL, %d): %s\n", ++ fsp_str_dbg(fsp), naces, ++ strerror(errno))); ++ return false; ++ } ++ DEBUG(10, ("zfs_process_smbacl(%s): PATHREF(base_name): facl(ACE_SETACL, %d) -> %d\n", ++ fsp_str_dbg(fsp), naces, ++ rv)); + } +- ++ + return True; + } + +@@ -282,25 +311,46 @@ + struct files_struct *fsp, + ace_t **outbuf) + { +- int naces, rv; ++ int naces, rv = -1, fd = -1; + ace_t *acebuf = NULL; +- int fd; ++ struct sys_proc_fd_path_buf buf; + +- fd = fsp_get_pathref_fd(fsp); +- if (fd == -1) { ++ ++ if (!fsp->fsp_flags.is_pathref) { ++ fd = fsp_get_io_fd(fsp); ++ if (fd == -1) { ++ DEBUG(8, ("fget_zfsacl(%s): Not PATHREF: fsp_get_io_fd=-1: %s\n", ++ fsp_str_dbg(fsp), strerror(errno))); + errno = EBADF; + return -1; +- } +- naces = facl(fd, ACE_GETACLCNT, 0, NULL); +- if (naces == -1) { +- int dbg_level = 10; +- +- if (errno == ENOSYS) { +- dbg_level = 1; +- } +- DEBUG(dbg_level, ("facl(ACE_GETACLCNT, %s): %s\n", ++ } ++ naces = facl(fd, ACE_GETACLCNT, 0, NULL); ++ if (naces == -1) { ++ DEBUG(8, ("fget_zfsacl(%s): Not PATHREF: facl(ACE_GETACLCNT): %s\n", ++ fsp_str_dbg(fsp), strerror(errno))); ++ return -1; ++ } ++ } else if (fsp->fsp_flags.have_proc_fds) { ++ fd = fsp_get_pathref_fd(fsp); ++ if (fd == -1) { ++ DEBUG(8, ("fget_zfsacl(%s): PATHREF(proc_fd): fsp_get_pathref_fd=-1: %s\n", ++ fsp_str_dbg(fsp), strerror(errno))); ++ errno = EBADF; ++ return -1; ++ } ++ naces = acl(sys_proc_fd_path(fd, &buf), ACE_GETACLCNT, 0, NULL); ++ if (naces == -1) { ++ DEBUG(8, ("fget_zfsacl(%s): PATHREF(proc_fd): acl(ACE_GETACLCNT): %s\n", + fsp_str_dbg(fsp), strerror(errno))); +- return naces; ++ return -1; ++ } ++ } else { ++ naces = acl(fsp->fsp_name->base_name, ACE_GETACLCNT, 0, NULL); ++ if (naces == -1) { ++ DEBUG(8, ("fget_zfsacl(%s): PATHREF(base_name): acl(ACE_GETACLCNT): %s\n", ++ fsp_str_dbg(fsp), strerror(errno))); ++ return -1; ++ } + } + + acebuf = talloc_size(mem_ctx, sizeof(ace_t)*naces); +@@ -309,15 +359,37 @@ + return -1; + } + +- rv = facl(fd, ACE_GETACL, naces, acebuf); +- if (rv == -1) { +- DBG_DEBUG("acl(ACE_GETACL, %s): %s\n", +- fsp_str_dbg(fsp), strerror(errno)); ++ if (!fsp->fsp_flags.is_pathref) { ++ rv = facl(fd, ACE_GETACL, naces, acebuf); ++ if (rv == -1) { ++ DEBUG(8, ("fget_zfsacl(%s): Not PATHREF: facl(ACE_GETACL): %s\n", ++ fsp_str_dbg(fsp), strerror(errno))); + return -1; ++ } ++ DEBUG(10, ("fget_zfsacl(%s): Not PATHREF: facl(ACE_GETACL) -> %d entries\n", ++ fsp_str_dbg(fsp), rv)); ++ } else if (fsp->fsp_flags.have_proc_fds) { ++ rv = acl(sys_proc_fd_path(fd, &buf), ACE_GETACL, naces, acebuf); ++ if (rv == -1) { ++ DEBUG(8, ("fget_zfsacl(%s): PATHREF(proc_fd): acl(ACE_GETACL): %s\n", ++ fsp_str_dbg(fsp), strerror(errno))); ++ return -1; ++ } ++ DEBUG(10, ("fget_zfsacl(%s): PATHREF(proc_fd): acl(ACE_GETACL) -> %d entries\n", ++ fsp_str_dbg(fsp), rv)); ++ } else { ++ rv = acl(fsp->fsp_name->base_name, ACE_GETACL, naces, acebuf); ++ if (rv == -1) { ++ DEBUG(8, ("fget_zfsacl(%s): PATHREF(base_name): acl(ACE_GETACL): %s\n", ++ fsp_str_dbg(fsp), strerror(errno))); ++ return -1; ++ } ++ DEBUG(10, ("fget_zfsacl(%s): PATHREF(base_name): acl(ACE_GETACL) -> %d entries\n", ++ fsp_str_dbg(fsp), rv)); + } +- ++ + *outbuf = acebuf; +- return naces; ++ return rv; + } + + static NTSTATUS zfsacl_fget_nt_acl(struct vfs_handle_struct *handle, diff --git a/net/samba422/files/patch-source3_modules_wscript__build b/net/samba422/files/patch-source3_modules_wscript__build new file mode 100644 index 0000000..5c008e3 --- /dev/null +++ b/net/samba422/files/patch-source3_modules_wscript__build @@ -0,0 +1,16 @@ +--- source3/modules/wscript_build.orig 2025-02-06 10:31:54 UTC ++++ source3/modules/wscript_build +@@ -641,6 +641,13 @@ bld.SAMBA3_MODULE('vfs_delay_inject', + enabled=bld.SAMBA3_IS_ENABLED_MODULE('vfs_delay_inject'), + install=False) + ++bld.SAMBA3_MODULE('vfs_freebsd', ++ subsystem='vfs', ++ source='vfs_freebsd.c', ++ init_function='', ++ internal_module=bld.SAMBA3_IS_STATIC_MODULE('vfs_freebsd'), ++ enabled=bld.SAMBA3_IS_ENABLED_MODULE('vfs_freebsd')) ++ + bld.SAMBA3_MODULE('vfs_widelinks', + subsystem='vfs', + source='vfs_widelinks.c', diff --git a/net/samba422/files/patch-source3_param_loadparm.c b/net/samba422/files/patch-source3_param_loadparm.c new file mode 100644 index 0000000..9d74f59 --- /dev/null +++ b/net/samba422/files/patch-source3_param_loadparm.c @@ -0,0 +1,32 @@ +--- source3/param/loadparm.c.orig 2025-02-06 10:31:54 UTC ++++ source3/param/loadparm.c +@@ -2890,9 +2890,29 @@ static void init_locals(void) + } else { + if (lp_parm_const_string(-1, "xattr_tdb", "file", NULL)) { + lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr xattr_tdb"); ++ /* ++ * By default, the samba sysvol is located in the statedir. Provisioning will fail in setntacl ++ * unless we have zfacl enabled. Unfortunately, at this point the smb.conf has not been generated. ++ * This workaround is freebsd-specific. ++ */ ++#if defined(_PC_ACL_EXTENDED) ++ } else if (pathconf(lp_state_directory(), _PC_ACL_EXTENDED) == 1) { ++ lp_do_parameter(-1, "vfs objects", "dfs_samba4 freebsd"); ++#endif ++#if defined(_PC_ACL_NFS4) ++ } else if (pathconf(lp_state_directory(), _PC_ACL_NFS4) == 1) { ++ lp_do_parameter(-1, "vfs objects", "dfs_samba4 zfsacl"); ++#endif + } else if (lp_parm_const_string(-1, "posix", "eadb", NULL)) { + lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr posix_eadb"); + } else { ++ /* ++ * This should only set dfs_samba4 and leave acl_xattr ++ * to be set later (or zfsacl). The only reason the decision ++ * can't be made here to load acl_xattr or zfsacl is ++ * that we don't have access to what the target ++ * directory is. ++ */ + lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr"); + } + } diff --git a/net/samba422/files/patch-source3_smbd_pysmbd.c b/net/samba422/files/patch-source3_smbd_pysmbd.c new file mode 100644 index 0000000..2f0c067 --- /dev/null +++ b/net/samba422/files/patch-source3_smbd_pysmbd.c @@ -0,0 +1,230 @@ +--- source3/smbd/pysmbd.c.orig 2025-02-20 12:58:50 UTC ++++ source3/smbd/pysmbd.c +@@ -507,6 +507,20 @@ static SMB_ACL_T make_simple_acl(TALLOC_CTX *mem_ctx, + return acl; + } + ++static SMB_ACL_T make_simple_nfsv4_acl(TALLOC_CTX *mem_ctx, ++ gid_t gid, ++ mode_t chmod_mode) ++{ ++ /* ++ * This function needs to create an NFSv4 ACL. Currently, the only way ++ * to do so is to use the operating system interface, or to use the ++ * functions in source3/modules/nfs4_acls.c. These seems ugly and ++ * hacky. NFSv4 ACL's should be a first class citizen and ++ * librpc/idl/smb_acl.idl should be modified accordingly. ++ */ ++ return NULL; ++} ++ + /* + set a simple ACL on a file, as a test + */ +@@ -579,7 +593,85 @@ static PyObject *py_smbd_set_simple_acl(PyObject *self + Py_RETURN_NONE; + } + ++ + /* ++ set a simple NFSv4 ACL on a file, as a test ++ */ ++static PyObject *py_smbd_set_simple_nfsv4_acl(PyObject *self, PyObject *args, PyObject *kwargs) ++{ ++ const char * const kwnames[] = { ++ "fname", ++ "mode", ++ "session_info", ++ "gid", ++ "service", ++ NULL ++ }; ++ char *fname, *service = NULL; ++ PyObject *py_session = Py_None; ++ struct auth_session_info *session_info = NULL; ++ int ret; ++ int mode, gid = -1; ++ SMB_ACL_T acl; ++ TALLOC_CTX *frame; ++ connection_struct *conn; ++ ++ if (!PyArg_ParseTupleAndKeywords(args, kwargs, "siO|iz", ++ discard_const_p(char *, kwnames), ++ &fname, ++ &mode, ++ &py_session, ++ &gid, ++ &service)) ++ return NULL; ++ ++ if (!py_check_dcerpc_type(py_session, ++ "samba.dcerpc.auth", ++ "session_info")) { ++ return NULL; ++ } ++ session_info = pytalloc_get_type(py_session, ++ struct auth_session_info); ++ if (session_info == NULL) { ++ PyErr_Format(PyExc_TypeError, ++ "Expected auth_session_info for session_info argument got %s", ++ pytalloc_get_name(py_session)); ++ return NULL; ++ } ++ ++ frame = talloc_stackframe(); ++ ++ acl = make_simple_nfsv4_acl(frame, gid, mode); ++ if (acl == NULL) { ++ TALLOC_FREE(frame); ++ Py_RETURN_NONE; ++ } ++ ++ conn = get_conn_tos(service, session_info); ++ if (!conn) { ++ TALLOC_FREE(frame); ++ Py_RETURN_NONE; ++ } ++ ++ /* ++ * SMB_ACL_TYPE_ACCESS -> ACL_TYPE_ACCESS -> Not valid for NFSv4 ACL ++ */ ++ ret = 0; ++ ++ /* ret = set_sys_acl_conn(fname, SMB_ACL_TYPE_ACCESS, acl, conn); */ ++ ++ if (ret != 0) { ++ TALLOC_FREE(frame); ++ errno = ret; ++ return PyErr_SetFromErrno(PyExc_OSError); ++ } ++ ++ TALLOC_FREE(frame); ++ ++ Py_RETURN_NONE; ++} ++ ++/* + chown a file + */ + static PyObject *py_smbd_chown(PyObject *self, PyObject *args, PyObject *kwargs) +@@ -767,7 +859,7 @@ static PyObject *py_smbd_unlink(PyObject *self, PyObje + } + + /* +- check if we have ACL support ++ check if we have POSIX.1e ACL support + */ + static PyObject *py_smbd_have_posix_acls(PyObject *self, + PyObject *Py_UNUSED(ignored)) +@@ -779,7 +871,84 @@ static PyObject *py_smbd_have_posix_acls(PyObject *sel + #endif + } + ++static PyObject *py_smbd_has_posix_acls(PyObject *self, PyObject *args, PyObject *kwargs) ++{ ++ const char * const kwnames[] = { "path", NULL }; ++ char *path = NULL; ++ TALLOC_CTX *frame; ++ struct statfs fs; ++ int ret = false; ++ ++ frame = talloc_stackframe(); ++ ++ if (!PyArg_ParseTupleAndKeywords(args, kwargs, "s|z", ++ discard_const_p(char *, kwnames), &path)) { ++ TALLOC_FREE(frame); ++ return NULL; ++ } ++ ++ if (statfs(path, &fs) != 0) { ++ TALLOC_FREE(frame); ++ return NULL; ++ } ++ ++ if (fs.f_flags & MNT_ACLS) ++ ret = true; ++ ++ TALLOC_FREE(frame); ++ return PyBool_FromLong(ret); ++} ++ + /* ++ check if we have NFSv4 ACL support ++ */ ++static PyObject *py_smbd_have_nfsv4_acls(PyObject *self) ++{ ++#ifdef HAVE_LIBSUNACL ++ return PyBool_FromLong(true); ++#else ++ return PyBool_FromLong(false); ++#endif ++} ++ ++static PyObject *py_smbd_has_nfsv4_acls(PyObject *self, PyObject *args, PyObject *kwargs) ++{ ++ const char * const kwnames[] = { "path", NULL }; ++ char *path = NULL; ++ TALLOC_CTX *frame; ++ struct statfs fs; ++ int ret = false; ++ ++ frame = talloc_stackframe(); ++ ++ if (!PyArg_ParseTupleAndKeywords(args, kwargs, "s|z", ++ discard_const_p(char *, kwnames), &path)) { ++ TALLOC_FREE(frame); ++ return NULL; ++ } ++ ++ if (statfs(path, &fs) != 0) { ++ TALLOC_FREE(frame); ++ return NULL; ++ } ++ ++ if (fs.f_flags & MNT_NFS4ACLS) ++ ret = true; ++ ++ TALLOC_FREE(frame); ++ return PyBool_FromLong(ret); ++} ++ ++ ++static PyObject *py_smbd_set_nfsv4_defaults(PyObject *self) ++{ ++ /* ++ * It is really be done in source3/param/loadparm.c ++ */ ++ Py_RETURN_NONE; ++} ++ ++/* + set the NT ACL on a file + */ + static PyObject *py_smbd_set_nt_acl(PyObject *self, PyObject *args, PyObject *kwargs) +@@ -1284,8 +1453,26 @@ static PyMethodDef py_smbd_methods[] = { + { "have_posix_acls", + (PyCFunction)py_smbd_have_posix_acls, METH_NOARGS, + NULL }, ++ { "has_posix_acls", ++ PY_DISCARD_FUNC_SIG(PyCFunction, py_smbd_has_posix_acls), ++ METH_VARARGS|METH_KEYWORDS, ++ NULL }, ++ { "have_nfsv4_acls", ++ (PyCFunction)py_smbd_have_nfsv4_acls, METH_NOARGS, ++ NULL }, ++ { "has_nfsv4_acls", ++ PY_DISCARD_FUNC_SIG(PyCFunction, py_smbd_has_nfsv4_acls), ++ METH_VARARGS|METH_KEYWORDS, ++ NULL }, ++ { "set_nfsv4_defaults", ++ (PyCFunction)py_smbd_set_nfsv4_defaults, METH_NOARGS, ++ NULL }, + { "set_simple_acl", + PY_DISCARD_FUNC_SIG(PyCFunction, py_smbd_set_simple_acl), ++ METH_VARARGS|METH_KEYWORDS, ++ NULL }, ++ { "set_simple_nfsv4_acl", ++ PY_DISCARD_FUNC_SIG(PyCFunction, py_smbd_set_simple_nfsv4_acl), + METH_VARARGS|METH_KEYWORDS, + NULL }, + { "set_nt_acl", diff --git a/net/samba422/files/patch-source3_wscript__build b/net/samba422/files/patch-source3_wscript__build index ff35a17..e69de29 100644 --- a/net/samba422/files/patch-source3_wscript__build +++ b/net/samba422/files/patch-source3_wscript__build @@ -1,44 +0,0 @@ ---- source3/wscript_build.orig 2020-07-09 13:33:56 UTC -+++ source3/wscript_build -@@ -235,11 +235,9 @@ bld.SAMBA3_SUBSYSTEM('SMBREGISTRY', - talloc - replace - util_reg -- samba-util -- samba-security - errors3 - dbwrap -- samba3-util -+ samba3util - ''') - - # Do not link against this use 'smbconf' -@@ -482,7 +480,7 @@ bld.SAMBA3_LIBRARY('secrets3', - - bld.SAMBA3_LIBRARY('smbldap', - source='lib/smbldap.c', -- deps='ldap lber samba-util smbconf', -+ deps='ldap lber samba3util smbd_shim samba-debug smbconf', - enabled=bld.CONFIG_SET("HAVE_LDAP"), - private_library=False, - abi_directory='lib/ABI', -@@ -1151,8 +1151,8 @@ bld.SAMBA3_BINARY('smbspool_krb5_wrapper', - enabled=bld.CONFIG_SET('HAVE_CUPS')) - - bld.SAMBA3_BINARY('smbspool_argv_wrapper', -- source='script/tests/smbspool_argv_wrapper.c', -- for_selftest=True) -+ source='script/tests/smbspool_argv_wrapper.c', -+ for_selftest=True) - - bld.SAMBA3_BINARY('smbconftort', - source='lib/smbconf/testsuite.c', -@@ -1199,7 +1199,7 @@ bld.SAMBA3_BINARY('vlp', - talloc - smbconf - ''', -- for_selftest=True) -+ install=True) - - - pyrpc_util = bld.pyembed_libname('pyrpc_util') diff --git a/net/samba422/pkg-plist b/net/samba422/pkg-plist index 7bec423..4da36b6 100644 --- a/net/samba422/pkg-plist +++ b/net/samba422/pkg-plist @@ -34,7 +34,6 @@ bin/smbtar bin/smbtree bin/testparm bin/vfstest -bin/vlp bin/wbinfo bin/wspsearch sbin/eventlogadm @@ -49,11 +48,9 @@ include/samba4/core/ntstatus_gen.h include/samba4/core/ntstatus.h include/samba4/core/werror_gen.h include/samba4/core/werror.h -include/samba4/credentials.h -include/samba4/dcerpc.h -include/samba4/dcesrv_core.h %%LDAP%%include/samba4/smb_ldap.h %%LDAP%%include/samba4/smbldap.h +include/samba4/dcesrv_core.h include/samba4/domain_credentials.h include/samba4/gen_ndr/atsvc.h include/samba4/gen_ndr/auth.h @@ -72,7 +69,6 @@ include/samba4/gen_ndr/ndr_drsuapi.h include/samba4/gen_ndr/ndr_krb5pac.h include/samba4/gen_ndr/ndr_misc.h include/samba4/gen_ndr/ndr_nbt.h -include/samba4/gen_ndr/ndr_samr_c.h include/samba4/gen_ndr/ndr_samr.h include/samba4/gen_ndr/ndr_svcctl_c.h include/samba4/gen_ndr/ndr_svcctl.h @@ -93,7 +89,6 @@ include/samba4/ndr/ndr_krb5pac.h include/samba4/ndr/ndr_nbt.h include/samba4/ndr/ndr_svcctl.h include/samba4/netapi.h -include/samba4/param.h include/samba4/passdb.h include/samba4/rpc_common.h include/samba4/samba/session.h @@ -117,9 +112,6 @@ include/samba4/util/idtree_random.h include/samba4/util/idtree.h include/samba4/util/signal.h include/samba4/util/substitute.h -include/samba4/util/tevent_ntstatus.h -include/samba4/util/tevent_unix.h -include/samba4/util/tevent_werror.h include/samba4/util/tfork.h include/samba4/util/time.h include/samba4/wbclient.h @@ -131,12 +123,8 @@ include/samba4/wbclient.h @dir include/samba4 %%SAMBA4_LIBDIR%%/libdcerpc-binding.so %%SAMBA4_LIBDIR%%/libdcerpc-binding.so.0 -%%SAMBA4_LIBDIR%%/libdcerpc-samr.so -%%SAMBA4_LIBDIR%%/libdcerpc-samr.so.0 %%SAMBA4_LIBDIR%%/libdcerpc-server-core.so %%SAMBA4_LIBDIR%%/libdcerpc-server-core.so.0 -%%SAMBA4_LIBDIR%%/libdcerpc.so -%%SAMBA4_LIBDIR%%/libdcerpc.so.0 %%SAMBA4_LIBDIR%%/libndr-krb5pac.so %%SAMBA4_LIBDIR%%/libndr-krb5pac.so.0 %%SAMBA4_LIBDIR%%/libndr-nbt.so @@ -144,29 +132,21 @@ include/samba4/wbclient.h %%SAMBA4_LIBDIR%%/libndr-standard.so %%SAMBA4_LIBDIR%%/libndr-standard.so.0 %%SAMBA4_LIBDIR%%/libndr.so -%%SAMBA4_LIBDIR%%/libndr.so.4 +%%SAMBA4_LIBDIR%%/libndr.so.6 %%SAMBA4_LIBDIR%%/libnetapi.so %%SAMBA4_LIBDIR%%/libnetapi.so.1 -%%SAMBA4_LIBDIR%%/libsamba-credentials.so -%%SAMBA4_LIBDIR%%/libsamba-credentials.so.1 %%SAMBA4_LIBDIR%%/libsamba-errors.so %%SAMBA4_LIBDIR%%/libsamba-errors.so.1 -%%SAMBA4_LIBDIR%%/libsamba-hostconfig.so -%%SAMBA4_LIBDIR%%/libsamba-hostconfig.so.0 %%SAMBA4_LIBDIR%%/libsamba-passdb.so %%SAMBA4_LIBDIR%%/libsamba-passdb.so.0 %%SAMBA4_LIBDIR%%/libsamba-util.so %%SAMBA4_LIBDIR%%/libsamba-util.so.0 -%%SAMBA4_LIBDIR%%/libsamdb.so -%%SAMBA4_LIBDIR%%/libsamdb.so.0 %%SAMBA4_LIBDIR%%/libsmbclient.so %%SAMBA4_LIBDIR%%/libsmbclient.so.0 %%SAMBA4_LIBDIR%%/libsmbconf.so %%SAMBA4_LIBDIR%%/libsmbconf.so.0 %%LDAP%%%%SAMBA4_LIBDIR%%/libsmbldap.so %%LDAP%%%%SAMBA4_LIBDIR%%/libsmbldap.so.2 -%%SAMBA4_LIBDIR%%/libtevent-util.so -%%SAMBA4_LIBDIR%%/libtevent-util.so.0 %%SAMBA4_LIBDIR%%/libwbclient.so %%SAMBA4_LIBDIR%%/libwbclient.so.0 lib/nss_winbind.so.1 @@ -206,9 +186,13 @@ libexec/samba/samba-dcerpcd %%GSSAPI_BUILTIN%%%%SAMBA4_LIBDIR%%/private/libcom-err-private-samba.so %%SAMBA4_LIBDIR%%/private/libcommon-auth-private-samba.so %%SAMBA4_LIBDIR%%/private/libdbwrap-private-samba.so +%%SAMBA4_LIBDIR%%/private/libutil-crypt-private-samba.so %%SAMBA4_LIBDIR%%/private/libdcerpc-pkt-auth-private-samba.so +%%SAMBA4_LIBDIR%%/private/libdcerpc-private-samba.so %%SAMBA4_LIBDIR%%/private/libdcerpc-samba-private-samba.so %%SAMBA4_LIBDIR%%/private/libdcerpc-samba4-private-samba.so +%%SAMBA4_LIBDIR%%/private/libdcerpc-samr-private-samba.so +%%SAMBA4_LIBDIR%%/private/libdcerpc-server-private-samba.so %%SAMBA4_LIBDIR%%/private/libdnsserver-common-private-samba.so %%SAMBA4_LIBDIR%%/private/libdsdb-module-private-samba.so %%SAMBA4_LIBDIR%%/private/libevents-private-samba.so @@ -259,13 +243,19 @@ libexec/samba/samba-dcerpcd %%GSSAPI_BUILTIN%%%%SAMBA4_LIBDIR%%/private/libroken-private-samba.so %%SAMBA4_LIBDIR%%/private/libRPC-SERVER-LOOP-private-samba.so %%SAMBA4_LIBDIR%%/private/libRPC-WORKER-private-samba.so +%%SAMBA4_LIBDIR%%/private/libsamba-credentials-private-samba.so %%SAMBA4_LIBDIR%%/private/libsamba-cluster-support-private-samba.so %%SAMBA4_LIBDIR%%/private/libsamba-debug-private-samba.so +%%SAMBA4_LIBDIR%%/private/libsamba-hostconfig-private-samba.so %%SAMBA4_LIBDIR%%/private/libsamba-modules-private-samba.so +%%SAMBA4_LIBDIR%%/private/libsamba-net-join%%PYTHON_TAG%%-private-samba.so +%%SAMBA4_LIBDIR%%/private/libsamba-net-private-samba.so +%%SAMBA4_LIBDIR%%/private/libsamba-policy-private-samba.so %%SAMBA4_LIBDIR%%/private/libsamba-security-private-samba.so %%SAMBA4_LIBDIR%%/private/libsamba-sockets-private-samba.so %%SAMBA4_LIBDIR%%/private/libsamba3-util-private-samba.so %%SAMBA4_LIBDIR%%/private/libsamdb-common-private-samba.so +%%SAMBA4_LIBDIR%%/private/libsamdb-private-samba.so %%SAMBA4_LIBDIR%%/private/libsecrets3-private-samba.so %%SAMBA4_LIBDIR%%/private/libserver-id-db-private-samba.so %%SAMBA4_LIBDIR%%/private/libserver-role-private-samba.so @@ -280,10 +270,10 @@ libexec/samba/samba-dcerpcd %%SAMBA4_LIBDIR%%/private/libsys-rw-private-samba.so %%SAMBA4_LIBDIR%%/private/libtalloc-report-printf-private-samba.so %%SAMBA4_LIBDIR%%/private/libtalloc-report-private-samba.so +%%SAMBA4_LIBDIR%%/private/libtevent-util-private-samba.so %%SAMBA4_LIBDIR%%/private/libtdb-wrap-private-samba.so %%SAMBA4_LIBDIR%%/private/libtime-basic-private-samba.so %%SAMBA4_LIBDIR%%/private/libtorture-private-samba.so -%%SAMBA4_LIBDIR%%/private/libtrusts-util-private-samba.so %%SAMBA4_LIBDIR%%/private/libutil-reg-private-samba.so %%SAMBA4_LIBDIR%%/private/libutil-setid-private-samba.so %%SAMBA4_LIBDIR%%/private/libutil-tdb-private-samba.so @@ -291,17 +281,12 @@ libexec/samba/samba-dcerpcd %%SAMBA4_LIBDIR%%/private/libxattr-tdb-private-samba.so @dir %%SAMBA4_LIBDIR%%/private @dir %%SAMBA4_LIBDIR%% -%%PKGCONFIGDIR%%/dcerpc.pc -%%PKGCONFIGDIR%%/dcerpc_samr.pc %%PKGCONFIGDIR%%/ndr.pc %%PKGCONFIGDIR%%/ndr_krb5pac.pc %%PKGCONFIGDIR%%/ndr_nbt.pc %%PKGCONFIGDIR%%/ndr_standard.pc %%PKGCONFIGDIR%%/netapi.pc -%%PKGCONFIGDIR%%/samba-credentials.pc -%%PKGCONFIGDIR%%/samba-hostconfig.pc %%PKGCONFIGDIR%%/samba-util.pc -%%PKGCONFIGDIR%%/samdb.pc %%PKGCONFIGDIR%%/smbclient.pc %%PKGCONFIGDIR%%/wbclient.pc @comment Setup files @@ -420,13 +405,12 @@ libexec/samba/samba-dcerpcd %%SAMBA4_BUNDLED_LDB%%%%PYTHON3%%%%PYTHON_SITELIBDIR%%/_ldb_text.py %%SAMBA4_BUNDLED_LDB%%%%PYTHON3%%%%PYTHON_SITELIBDIR%%/ldb%%PYTHON_TAG%%.so %%SAMBA4_BUNDLED_LDB%%%%PYTHON3%%%%SAMBA4_LIBDIR%%/private/libpyldb-util%%PYTHON_TAG%%-private-samba.so -%%SAMBA4_BUNDLED_LDB%%bin/samba-ldbdump -%%SAMBA4_BUNDLED_LDB%%bin/samba-ldbadd -%%SAMBA4_BUNDLED_LDB%%bin/samba-ldbdel -%%SAMBA4_BUNDLED_LDB%%bin/samba-ldbedit -%%SAMBA4_BUNDLED_LDB%%bin/samba-ldbmodify -%%SAMBA4_BUNDLED_LDB%%bin/samba-ldbrename -%%SAMBA4_BUNDLED_LDB%%bin/samba-ldbsearch +%%SAMBA4_BUNDLED_LDB%%bin/ldbadd +%%SAMBA4_BUNDLED_LDB%%bin/ldbdel +%%SAMBA4_BUNDLED_LDB%%bin/ldbedit +%%SAMBA4_BUNDLED_LDB%%bin/ldbmodify +%%SAMBA4_BUNDLED_LDB%%bin/ldbrename +%%SAMBA4_BUNDLED_LDB%%bin/ldbsearch %%SAMBA4_BUNDLED_LDB%%%%SAMBA4_LIBDIR%%/private/libldb-cmdline-private-samba.so %%SAMBA4_BUNDLED_LDB%%%%SAMBA4_LIBDIR%%/private/libldb-key-value-private-samba.so %%SAMBA4_BUNDLED_LDB%%%%SAMBA4_LIBDIR%%/private/libldb-private-samba.so @@ -443,20 +427,21 @@ libexec/samba/samba-dcerpcd %%SAMBA4_BUNDLED_LDB%%%%SAMBA4_MODULEDIR%%/ldb/server_sort.so %%SAMBA4_BUNDLED_LDB%%%%SAMBA4_MODULEDIR%%/ldb/skel.so %%SAMBA4_BUNDLED_LDB%%%%SAMBA4_MODULEDIR%%/ldb/tdb.so -%%MANPAGES%%%%SAMBA4_BUNDLED_LDB%%share/man/man1/samba-ldbadd.1.gz -%%MANPAGES%%%%SAMBA4_BUNDLED_LDB%%share/man/man1/samba-ldbdel.1.gz -%%MANPAGES%%%%SAMBA4_BUNDLED_LDB%%share/man/man1/samba-ldbedit.1.gz -%%MANPAGES%%%%SAMBA4_BUNDLED_LDB%%share/man/man1/samba-ldbmodify.1.gz -%%MANPAGES%%%%SAMBA4_BUNDLED_LDB%%share/man/man1/samba-ldbrename.1.gz -%%MANPAGES%%%%SAMBA4_BUNDLED_LDB%%share/man/man1/samba-ldbsearch.1.gz -%%MANPAGES%%%%SAMBA4_BUNDLED_TALLOC%%share/man/man3/samba-talloc.3.gz -%%MANPAGES%%%%SAMBA4_BUNDLED_TDB%%share/man/man8/samba-tdbbackup.8.gz -%%MANPAGES%%%%SAMBA4_BUNDLED_TDB%%share/man/man8/samba-tdbdump.8.gz -%%MANPAGES%%%%SAMBA4_BUNDLED_TDB%%share/man/man8/samba-tdbrestore.8.gz -%%MANPAGES%%%%SAMBA4_BUNDLED_TDB%%share/man/man8/samba-tdbtool.8.gz +%%MANPAGES%%%%SAMBA4_BUNDLED_LDB%%share/man/man3/ldb.3.gz +%%MANPAGES%%%%SAMBA4_BUNDLED_LDB%%share/man/man1/ldbadd.1.gz +%%MANPAGES%%%%SAMBA4_BUNDLED_LDB%%share/man/man1/ldbdel.1.gz +%%MANPAGES%%%%SAMBA4_BUNDLED_LDB%%share/man/man1/ldbedit.1.gz +%%MANPAGES%%%%SAMBA4_BUNDLED_LDB%%share/man/man1/ldbmodify.1.gz +%%MANPAGES%%%%SAMBA4_BUNDLED_LDB%%share/man/man1/ldbrename.1.gz +%%MANPAGES%%%%SAMBA4_BUNDLED_LDB%%share/man/man1/ldbsearch.1.gz +%%MANPAGES%%%%SAMBA4_BUNDLED_TDB%%share/man/man8/tdbbackup.8.gz +%%MANPAGES%%%%SAMBA4_BUNDLED_TDB%%share/man/man8/tdbdump.8.gz +%%MANPAGES%%%%SAMBA4_BUNDLED_TDB%%share/man/man8/tdbrestore.8.gz +%%MANPAGES%%%%SAMBA4_BUNDLED_TDB%%share/man/man8/tdbtool.8.gz %%SAMBA4_BUNDLED_TALLOC%%%%PYTHON3%%%%PYTHON_SITELIBDIR%%/talloc%%PYTHON_TAG%%.so %%SAMBA4_BUNDLED_TALLOC%%%%PYTHON3%%%%SAMBA4_LIBDIR%%/private/libpytalloc-util%%PYTHON_TAG%%-private-samba.so %%SAMBA4_BUNDLED_TALLOC%%%%SAMBA4_LIBDIR%%/private/libtalloc-private-samba.so +%%SAMBA4_BUNDLED_TALLOC%%share/man/man3/samba-talloc.3.gz %%SAMBA4_BUNDLED_TDB%%%%PYTHON3%%%%PYTHON_SITELIBDIR%%/_tdb_text.py %%SAMBA4_BUNDLED_TDB%%%%PYTHON3%%%%PYTHON_SITELIBDIR%%/tdb%%PYTHON_TAG%%.so %%SAMBA4_BUNDLED_TDB%%bin/tdbbackup diff --git a/net/samba422/pkg-plist.ad_dc b/net/samba422/pkg-plist.ad_dc index 12ed58d..80c9095 100644 --- a/net/samba422/pkg-plist.ad_dc +++ b/net/samba422/pkg-plist.ad_dc @@ -4,9 +4,6 @@ sbin/samba_dnsupdate sbin/samba_kcc sbin/samba_spnupdate sbin/samba_upgradedns -include/samba4/dcerpc_server.h -%%SAMBA4_LIBDIR%%/libdcerpc-server.so -%%SAMBA4_LIBDIR%%/libdcerpc-server.so.0 %%SAMBA4_LIBDIR%%/private/libad-claims-private-samba.so %%SAMBA4_LIBDIR%%/private/libauthn-policy-util-private-samba.so %%SAMBA4_LIBDIR%%/private/libdlz-bind9-for-torture-private-samba.so @@ -30,7 +27,6 @@ include/samba4/dcerpc_server.h %%SAMBA4_MODULEDIR%%/ldb/aclread.so %%SAMBA4_MODULEDIR%%/ldb/anr.so %%SAMBA4_MODULEDIR%%/ldb/audit_log.so -%%SAMBA4_MODULEDIR%%/ldb/count_attrs.so %%SAMBA4_MODULEDIR%%/ldb/descriptor.so %%SAMBA4_MODULEDIR%%/ldb/dirsync.so %%SAMBA4_MODULEDIR%%/ldb/dns_notify.so @@ -40,10 +36,9 @@ include/samba4/dcerpc_server.h %%SAMBA4_MODULEDIR%%/ldb/extended_dn_out.so %%SAMBA4_MODULEDIR%%/ldb/extended_dn_store.so %%SAMBA4_MODULEDIR%%/ldb/group_audit_log.so -%%SAMBA4_MODULEDIR%%/ldb/ildap.so %%SAMBA4_MODULEDIR%%/ldb/instancetype.so %%SAMBA4_MODULEDIR%%/ldb/lazy_commit.so -%%SAMBA4_MODULEDIR%%/ldb/ldbsamba_extensions.so +%%SAMBA4_MODULEDIR%%/ldb/ldap.so %%SAMBA4_MODULEDIR%%/ldb/linked_attributes.so %%SAMBA4_MODULEDIR%%/ldb/new_partition.so %%SAMBA4_MODULEDIR%%/ldb/objectclass_attrs.so @@ -89,7 +84,6 @@ include/samba4/dcerpc_server.h %%SAMBA4_MODULEDIR%%/service/winbindd.so %%SAMBA4_MODULEDIR%%/service/wrepl.so %%SAMBA4_MODULEDIR%%/vfs/posix_eadb.so -%%PKGCONFIGDIR%%/dcerpc_server.pc %%DATADIR%%/samba/admx/GNOME_Settings.admx %%DATADIR%%/samba/admx/en-US/GNOME_Settings.adml %%DATADIR%%/samba/admx/en-US/samba.adml diff --git a/net/samba422/pkg-plist.python b/net/samba422/pkg-plist.python index 2ee4e74..1c5127b 100644 --- a/net/samba422/pkg-plist.python +++ b/net/samba422/pkg-plist.python @@ -2,12 +2,7 @@ bin/smbtorture sbin/samba-gpupdate %%MANPAGES%%share/man/man1/smbtorture.1.gz %%MANPAGES%%share/man/man8/samba-gpupdate.8.gz -include/samba4/policy.h -lib/samba4/libsamba-policy%%PYTHON_TAG%%.so -lib/samba4/libsamba-policy%%PYTHON_TAG%%.so.0 -lib/samba4/private/libsamba-net%%PYTHON_TAG%%-private-samba.so lib/samba4/private/libsamba-python%%PYTHON_TAG%%-private-samba.so -%%PKGCONFIGDIR%%/samba-policy%%PYTHON_TAG%%.pc @comment Python block %%AD_DC%%%%PYTHON_SITELIBDIR%%/samba/dckeytab%%PYTHON_TAG%%.so %%AD_DC%%%%PYTHON_SITELIBDIR%%/samba/posix_eadb%%PYTHON_TAG%%.so @@ -75,6 +70,29 @@ lib/samba4/private/libsamba-python%%PYTHON_TAG%%-private-samba.so %%PYTHON_SITELIBDIR%%/samba/dcerpc/witness%%PYTHON_TAG%%.so %%PYTHON_SITELIBDIR%%/samba/dcerpc/wkssvc%%PYTHON_TAG%%.so %%PYTHON_SITELIBDIR%%/samba/dcerpc/xattr%%PYTHON_TAG%%.so +%%PYTHON_SITELIBDIR%%/samba/domain/__init__.py +%%PYTHON_SITELIBDIR%%/samba/domain/models/__init__.py +%%PYTHON_SITELIBDIR%%/samba/domain/models/auth_policy.py +%%PYTHON_SITELIBDIR%%/samba/domain/models/auth_silo.py +%%PYTHON_SITELIBDIR%%/samba/domain/models/claim_type.py +%%PYTHON_SITELIBDIR%%/samba/domain/models/computer.py +%%PYTHON_SITELIBDIR%%/samba/domain/models/constants.py +%%PYTHON_SITELIBDIR%%/samba/domain/models/container.py +%%PYTHON_SITELIBDIR%%/samba/domain/models/exceptions.py +%%PYTHON_SITELIBDIR%%/samba/domain/models/fields.py +%%PYTHON_SITELIBDIR%%/samba/domain/models/gmsa.py +%%PYTHON_SITELIBDIR%%/samba/domain/models/group.py +%%PYTHON_SITELIBDIR%%/samba/domain/models/model.py +%%PYTHON_SITELIBDIR%%/samba/domain/models/org.py +%%PYTHON_SITELIBDIR%%/samba/domain/models/person.py +%%PYTHON_SITELIBDIR%%/samba/domain/models/query.py +%%PYTHON_SITELIBDIR%%/samba/domain/models/registry.py +%%PYTHON_SITELIBDIR%%/samba/domain/models/schema.py +%%PYTHON_SITELIBDIR%%/samba/domain/models/site.py +%%PYTHON_SITELIBDIR%%/samba/domain/models/subnet.py +%%PYTHON_SITELIBDIR%%/samba/domain/models/types.py +%%PYTHON_SITELIBDIR%%/samba/domain/models/user.py +%%PYTHON_SITELIBDIR%%/samba/domain/models/value_type.py %%PYTHON_SITELIBDIR%%/samba/descriptor.py %%PYTHON_SITELIBDIR%%/samba/dnsresolver.py %%PYTHON_SITELIBDIR%%/samba/dnsserver.py @@ -132,6 +150,7 @@ lib/samba4/private/libsamba-python%%PYTHON_TAG%%-private-samba.so %%PYTHON_SITELIBDIR%%/samba/kcc/kcc_utils.py %%PYTHON_SITELIBDIR%%/samba/kcc/ldif_import_export.py %%PYTHON_SITELIBDIR%%/samba/logger.py +%%PYTHON_SITELIBDIR%%/samba/lsa_utils.py %%PYTHON_SITELIBDIR%%/samba/mdb_util.py %%PYTHON_SITELIBDIR%%/samba/messaging%%PYTHON_TAG%%.so %%PYTHON_SITELIBDIR%%/samba/ms_display_specifiers.py @@ -151,9 +170,18 @@ lib/samba4/private/libsamba-python%%PYTHON_TAG%%-private-samba.so %%PYTHON_SITELIBDIR%%/samba/netcmd/dns.py %%PYTHON_SITELIBDIR%%/samba/netcmd/domain/__init__.py %%PYTHON_SITELIBDIR%%/samba/netcmd/domain/auth/__init__.py -%%PYTHON_SITELIBDIR%%/samba/netcmd/domain/auth/policy.py -%%PYTHON_SITELIBDIR%%/samba/netcmd/domain/auth/silo.py -%%PYTHON_SITELIBDIR%%/samba/netcmd/domain/auth/silo_member.py +%%PYTHON_SITELIBDIR%%/samba/netcmd/domain/auth/policy/__init__.py +%%PYTHON_SITELIBDIR%%/samba/netcmd/domain/auth/policy/computer_allowed_to_authenticate_to.py +%%PYTHON_SITELIBDIR%%/samba/netcmd/domain/auth/policy/policy.py +%%PYTHON_SITELIBDIR%%/samba/netcmd/domain/auth/policy/service_allowed_to_authenticate_from.py +%%PYTHON_SITELIBDIR%%/samba/netcmd/domain/auth/policy/service_allowed_to_authenticate_to.py +%%PYTHON_SITELIBDIR%%/samba/netcmd/domain/auth/policy/user_allowed_to_authenticate_from.py +%%PYTHON_SITELIBDIR%%/samba/netcmd/domain/auth/policy/user_allowed_to_authenticate_to.py +%%PYTHON_SITELIBDIR%%/samba/netcmd/domain/auth/silo/__init__.py +%%PYTHON_SITELIBDIR%%/samba/netcmd/domain/auth/silo/member.py +%%PYTHON_SITELIBDIR%%/samba/netcmd/domain/auth/silo/silo.py +%%PYTHON_SITELIBDIR%%/samba/netcmd/domain/kds/__init__.py +%%PYTHON_SITELIBDIR%%/samba/netcmd/domain/kds/root_key.py %%PYTHON_SITELIBDIR%%/samba/netcmd/domain/backup.py %%PYTHON_SITELIBDIR%%/samba/netcmd/domain/claim/__init__.py %%PYTHON_SITELIBDIR%%/samba/netcmd/domain/claim/claim_type.py @@ -168,24 +196,13 @@ lib/samba4/private/libsamba-python%%PYTHON_TAG%%-private-samba.so %%PYTHON_SITELIBDIR%%/samba/netcmd/domain/keytab.py %%PYTHON_SITELIBDIR%%/samba/netcmd/domain/leave.py %%PYTHON_SITELIBDIR%%/samba/netcmd/domain/level.py -%%PYTHON_SITELIBDIR%%/samba/netcmd/domain/models/__init__.py -%%PYTHON_SITELIBDIR%%/samba/netcmd/domain/models/auth_policy.py -%%PYTHON_SITELIBDIR%%/samba/netcmd/domain/models/auth_silo.py -%%PYTHON_SITELIBDIR%%/samba/netcmd/domain/models/claim_type.py -%%PYTHON_SITELIBDIR%%/samba/netcmd/domain/models/exceptions.py -%%PYTHON_SITELIBDIR%%/samba/netcmd/domain/models/fields.py -%%PYTHON_SITELIBDIR%%/samba/netcmd/domain/models/group.py -%%PYTHON_SITELIBDIR%%/samba/netcmd/domain/models/model.py -%%PYTHON_SITELIBDIR%%/samba/netcmd/domain/models/query.py -%%PYTHON_SITELIBDIR%%/samba/netcmd/domain/models/schema.py -%%PYTHON_SITELIBDIR%%/samba/netcmd/domain/models/site.py -%%PYTHON_SITELIBDIR%%/samba/netcmd/domain/models/subnet.py -%%PYTHON_SITELIBDIR%%/samba/netcmd/domain/models/user.py -%%PYTHON_SITELIBDIR%%/samba/netcmd/domain/models/value_type.py %%PYTHON_SITELIBDIR%%/samba/netcmd/domain/passwordsettings.py %%PYTHON_SITELIBDIR%%/samba/netcmd/domain/provision.py %%PYTHON_SITELIBDIR%%/samba/netcmd/domain/samba3upgrade.py %%PYTHON_SITELIBDIR%%/samba/netcmd/domain/schemaupgrade.py +%%PYTHON_SITELIBDIR%%/samba/netcmd/service_account/__init__.py +%%PYTHON_SITELIBDIR%%/samba/netcmd/service_account/group_msa_membership.py +%%PYTHON_SITELIBDIR%%/samba/netcmd/service_account/service_account.py %%PYTHON_SITELIBDIR%%/samba/netcmd/domain/tombstones.py %%PYTHON_SITELIBDIR%%/samba/netcmd/domain/trust.py %%PYTHON_SITELIBDIR%%/samba/netcmd/drs.py @@ -289,6 +306,7 @@ lib/samba4/private/libsamba-python%%PYTHON_TAG%%-private-samba.so %%PYTHON_SITELIBDIR%%/samba/tests/blackbox/check_output.py %%PYTHON_SITELIBDIR%%/samba/tests/blackbox/claims.py %%PYTHON_SITELIBDIR%%/samba/tests/blackbox/downgradedatabase.py +%%PYTHON_SITELIBDIR%%/samba/tests/blackbox/gmsa.py %%PYTHON_SITELIBDIR%%/samba/tests/blackbox/http_chunk.py %%PYTHON_SITELIBDIR%%/samba/tests/blackbox/http_content.py %%PYTHON_SITELIBDIR%%/samba/tests/blackbox/mdsearch.py @@ -321,10 +339,10 @@ lib/samba4/private/libsamba-python%%PYTHON_TAG%%-private-samba.so %%PYTHON_SITELIBDIR%%/samba/tests/dcerpc/array.py %%PYTHON_SITELIBDIR%%/samba/tests/dcerpc/bare.py %%PYTHON_SITELIBDIR%%/samba/tests/dcerpc/binding.py -%%PYTHON_SITELIBDIR%%/samba/tests/dcerpc/createtrustrelax.py %%PYTHON_SITELIBDIR%%/samba/tests/dcerpc/dnsserver.py %%PYTHON_SITELIBDIR%%/samba/tests/dcerpc/integer.py %%PYTHON_SITELIBDIR%%/samba/tests/dcerpc/lsa.py +%%PYTHON_SITELIBDIR%%/samba/tests/dcerpc/lsa_utils.py %%PYTHON_SITELIBDIR%%/samba/tests/dcerpc/mdssvc.py %%PYTHON_SITELIBDIR%%/samba/tests/dcerpc/misc.py %%PYTHON_SITELIBDIR%%/samba/tests/dcerpc/raw_protocol.py @@ -355,6 +373,8 @@ lib/samba4/private/libsamba-python%%PYTHON_TAG%%-private-samba.so %%PYTHON_SITELIBDIR%%/samba/tests/dsdb_api.py %%PYTHON_SITELIBDIR%%/samba/tests/dsdb_dns.py %%PYTHON_SITELIBDIR%%/samba/tests/dsdb_lock.py +%%PYTHON_SITELIBDIR%%/samba/tests/dsdb_quiet_env_tests.py +%%PYTHON_SITELIBDIR%%/samba/tests/dsdb_quiet_provision_tests.py %%PYTHON_SITELIBDIR%%/samba/tests/dsdb_schema_attributes.py %%PYTHON_SITELIBDIR%%/samba/tests/emulate/__init__.py %%PYTHON_SITELIBDIR%%/samba/tests/emulate/traffic.py @@ -389,6 +409,7 @@ lib/samba4/private/libsamba-python%%PYTHON_TAG%%-private-samba.so %%PYTHON_SITELIBDIR%%/samba/tests/krb5/etype_tests.py %%PYTHON_SITELIBDIR%%/samba/tests/krb5/fast_tests.py %%PYTHON_SITELIBDIR%%/samba/tests/krb5/gkdi_tests.py +%%PYTHON_SITELIBDIR%%/samba/tests/krb5/gmsa_tests.py %%PYTHON_SITELIBDIR%%/samba/tests/krb5/group_tests.py %%PYTHON_SITELIBDIR%%/samba/tests/krb5/kcrypto.py %%PYTHON_SITELIBDIR%%/samba/tests/krb5/kdc_base_test.py @@ -398,6 +419,7 @@ lib/samba4/private/libsamba-python%%PYTHON_TAG%%-private-samba.so %%PYTHON_SITELIBDIR%%/samba/tests/krb5/kpasswd_tests.py %%PYTHON_SITELIBDIR%%/samba/tests/krb5/lockout_tests.py %%PYTHON_SITELIBDIR%%/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py +%%PYTHON_SITELIBDIR%%/samba/tests/krb5/netlogon.py %%PYTHON_SITELIBDIR%%/samba/tests/krb5/nt_hash_tests.py %%PYTHON_SITELIBDIR%%/samba/tests/krb5/pac_align_tests.py %%PYTHON_SITELIBDIR%%/samba/tests/krb5/pkinit_tests.py @@ -438,6 +460,7 @@ lib/samba4/private/libsamba-python%%PYTHON_TAG%%-private-samba.so %%PYTHON_SITELIBDIR%%/samba/tests/netbios.py %%PYTHON_SITELIBDIR%%/samba/tests/netcmd.py %%PYTHON_SITELIBDIR%%/samba/tests/netlogonsvc.py +%%PYTHON_SITELIBDIR%%/samba/tests/ndr/sd.py %%PYTHON_SITELIBDIR%%/samba/tests/ntacls.py %%PYTHON_SITELIBDIR%%/samba/tests/ntacls_backup.py %%PYTHON_SITELIBDIR%%/samba/tests/ntlm_auth.py @@ -465,6 +488,7 @@ lib/samba4/private/libsamba-python%%PYTHON_TAG%%-private-samba.so %%PYTHON_SITELIBDIR%%/samba/tests/py_credentials.py %%PYTHON_SITELIBDIR%%/samba/tests/registry.py %%PYTHON_SITELIBDIR%%/samba/tests/reparsepoints.py +%%PYTHON_SITELIBDIR%%/samba/tests/rust.py %%PYTHON_SITELIBDIR%%/samba/tests/s3_net_join.py %%PYTHON_SITELIBDIR%%/samba/tests/s3idmapdb.py %%PYTHON_SITELIBDIR%%/samba/tests/s3param.py @@ -483,6 +507,7 @@ lib/samba4/private/libsamba-python%%PYTHON_TAG%%-private-samba.so %%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/domain_auth_policy.py %%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/domain_auth_silo.py %%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/domain_claim.py +%%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/domain_kds_root_key.py %%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/domain_models.py %%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/drs_clone_dc_data_lmdb_size.py %%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/dsacl.py @@ -505,6 +530,7 @@ lib/samba4/private/libsamba-python%%PYTHON_TAG%%-private-samba.so %%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/provision_userPassword_crypt.py %%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/rodc.py %%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/schema.py +%%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/service_account.py %%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/silo_base.py %%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/sites.py %%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/timecmd.py @@ -549,7 +575,6 @@ lib/samba4/private/libsamba-python%%PYTHON_TAG%%-private-samba.so %%PYTHON_SITELIBDIR%%/samba/tests/upgradeprovisionneeddc.py %%PYTHON_SITELIBDIR%%/samba/tests/usage.py %%PYTHON_SITELIBDIR%%/samba/tests/xattr.py -%%PYTHON_SITELIBDIR%%/samba/trust_utils.py %%PYTHON_SITELIBDIR%%/samba/upgrade.py %%PYTHON_SITELIBDIR%%/samba/upgradehelpers.py %%PYTHON_SITELIBDIR%%/samba/uptodateness.py