kiwi/klara-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

D52168

Browse Source
This commit is contained in:
Xavier Beaudouin
2025-09-11 05:14:52 +02:00
parent 7acb408e7d
commit afc6047814
26 changed files with 869 additions and 1454 deletions
Download Patch File Download Diff File Expand all files Collapse all files

59
net/samba422/Makefile
View File

@ -1,6 +1,5 @@
PORTNAME= ${SAMBA4_BASENAME}420
PORTNAME= ${SAMBA4_BASENAME}422
PORTVERSION= ${SAMBA4_VERSION}
PORTREVISION= 10
CATEGORIES?= net
MASTER_SITES= SAMBA/samba/stable SAMBA/samba/rc
DISTNAME= ${SAMBA4_DISTNAME}
@ -29,7 +28,6 @@ EXTRA_PATCHES= \
${PATCHDIR}/0010-Add-option-with-pkgconfigdir-to-specify-alternative-.patch:-p1 \
${PATCHDIR}/0011-Use-provided-by-port-location-of-the-XML-catalog.patch:-p1 \
${PATCHDIR}/0012-Create-shared-libraries-according-to-the-FreeBSD-spe.patch:-p1 \
${PATCHDIR}/0013-Pass-additional-msg-parameter-to-CHECK_LIB-so-it-can.patch:-p1 \
${PATCHDIR}/0014-Add-option-to-disable-CTDB-tests-failing-on-FreeBSD-.patch:-p1 \
${PATCHDIR}/0015-Add-extra-debug-class-to-trck-down-DB-locking-code.patch:-p1 \
${PATCHDIR}/0016-Make-ldb_schema_attribute_compare-a-stable-comparisi.patch:-p1 \
@ -40,18 +38,12 @@ EXTRA_PATCHES= \
${PATCHDIR}/0021-Fix-casting-warnings-in-the-nfs_quota-debug-message.patch:-p1 \
${PATCHDIR}/0022-Clean-up-UTMP-handling-code-and-add-FreeBSD-support..patch:-p1 \
${PATCHDIR}/0023-Add-cmd_get_quota-test-function-into-vfstest-to-test.patch:-p1 \
${PATCHDIR}/0024-Cherry-pick-ZFS-provisioning-code-by-iXsystems-Inc.patch:-p1 \
${PATCHDIR}/0025-From-d9b748869a8f4018ebee302aae8246bf29f60309-Mon-Se.patch:-p1 \
${PATCHDIR}/0026-vfs-add-a-compatibility-option-to-the-vfs_streams_xa.patch:-p1 \
${PATCHDIR}/0027-Add-VFS-module-vfs_freebsd-that-implements-FreeBSD-s.patch:-p1 \
${PATCHDIR}/0028-Fix-rl_completion_func_t.patch:-p1 \
${PATCHDIR}/0028-s3-lib-system-add-FreeBSD-proc_fd_pattern.patch \
${PATCHDIR}/0100-Fix-pathref-handling-for-FreeBSD-13plus_samba42x.patch:-p1 \
${PATCHDIR}/0102-FreeBSD-vfs_freebsd-fix-sys_proc_fd_path-args.patch:-p1
SAMBA4_BASENAME= samba
SAMBA4_PORTNAME= ${SAMBA4_BASENAME}4
SAMBA4_VERSION= 4.20.7
SAMBA4_VERSION= 4.22.3
SAMBA4_DISTNAME= ${SAMBA4_BASENAME}-${SAMBA4_VERSION:S|.p|pre|:S|.r|rc|:S|.t|tp|:S|.a|alpha|}
WRKSRC?= ${WRKDIR}/${DISTNAME}
@ -98,7 +90,7 @@ CONFIGURE_ENV= PTHREAD_LDFLAGS="-lpthread" \
PYTHONHASHSEED=1
MAKE_ENV= PYTHONHASHSEED=1
USES= bison compiler:c++11-lang iconv localbase:ldflags \
USES= compiler:c++11-lang iconv localbase:ldflags \
perl5 pkgconfig shebangfix waf gettext-runtime
USE_PERL5= build
USE_LDCONFIG= ${SAMBA4_LIBDIR}
@ -116,8 +108,8 @@ SUB_LIST= PKGCONFIGDIR=${PKGCONFIGDIR_REL}
##############################################################################
OPTIONS_SUB= yes
OPTIONS_DEFINE= AD_DC ADS CLUSTER CUPS DOCS FAM GPGME \
LDAP MANPAGES PROFILE PYTHON3 QUOTAS \
OPTIONS_DEFINE= AD_DC ADS CLUSTER CUPS DOCS FAM LDAP GPGME \
MANPAGES PROFILE PYTHON3 QUOTAS \
SYSLOG UTMP
#OPTIONS_DEFINE+= DEVELOPER MEMORY_DEBUG
@ -135,7 +127,7 @@ OPTIONS_DEFAULT= AD_DC ADS DOCS FAM LDAP MANPAGES \
PROFILE PYTHON3 QUOTAS SYSLOG UTMP \
FRUIT GSSAPI_BUILTIN AVAHI
##############################################################################
ADS_DESC= Active Directory client(implies LDAP)
ADS_DESC= Active Directory client
AD_DC_DESC= Active Directory Domain Controller(implies PYTHON3)
CLUSTER_DESC= Clustering support
DEVELOPER_DESC= With developer framework
@ -177,6 +169,9 @@ LIB_DEPENDS+= libgnutls.so:security/gnutls
LIB_DEPENDS+= libgcrypt.so:security/libgcrypt
# NFSv4 ACL glue
LIB_DEPENDS+= libsunacl.so:sysutils/libsunacl
# libicu
LIB_DEPENDS+= libicui18n.so:devel/icu
LIB_DEPENDS+= libicuuc.so:devel/icu
# Jansson
BUILD_DEPENDS+= jansson>=2.10:devel/jansson
RUN_DEPENDS+= jansson>=2.10:devel/jansson
@ -197,7 +192,7 @@ SAMBA4_BUNDLED_CMOCKA?= no
SAMBA4_BUNDLED_TALLOC?= no
SAMBA4_BUNDLED_TEVENT?= no
SAMBA4_BUNDLED_TDB?= no
SAMBA4_BUNDLED_LDB?= no
SAMBA4_BUNDLED_LDB?= yes
# cmocka
.if defined(SAMBA4_BUNDLED_CMOCKA) && ${SAMBA4_BUNDLED_CMOCKA} == yes
SAMBA4_BUNDLED_LIBS+= cmocka
@ -218,8 +213,8 @@ PLIST_SUB+= SAMBA4_BUNDLED_TALLOC=""
SUB_LIST+= SAMBA4_BUNDLED_TALLOC=""
.else
SAMBA4_BUNDLED_LIBS+= !talloc
BUILD_DEPENDS+= talloc242>=2.4.2:devel/talloc242
RUN_DEPENDS+= talloc242>=2.4.2:devel/talloc242
BUILD_DEPENDS+= talloc243>=2.4.3:devel/talloc243
RUN_DEPENDS+= talloc243>=2.4.3:devel/talloc243
PLIST_SUB+= SAMBA4_BUNDLED_TALLOC="@comment "
SUB_LIST+= SAMBA4_BUNDLED_TALLOC="@comment "
.endif
@ -231,8 +226,8 @@ PLIST_SUB+= SAMBA4_BUNDLED_TEVENT=""
SUB_LIST+= SAMBA4_BUNDLED_TEVENT=""
.else
SAMBA4_BUNDLED_LIBS+= !tevent
BUILD_DEPENDS+= tevent016>=0.16.1:devel/tevent016
RUN_DEPENDS+= tevent016>=0.16.1:devel/tevent016
BUILD_DEPENDS+= tevent017>=0.17:devel/tevent017
RUN_DEPENDS+= tevent017>=0.17:devel/tevent017
PLIST_SUB+= SAMBA4_BUNDLED_TEVENT="@comment "
SUB_LIST+= SAMBA4_BUNDLED_TEVENT="@comment "
.endif
@ -244,8 +239,8 @@ PLIST_SUB+= SAMBA4_BUNDLED_TDB=""
SUB_LIST+= SAMBA4_BUNDLED_TDB=""
.else
SAMBA4_BUNDLED_LIBS+= !tdb
BUILD_DEPENDS+= tdb1410>=1.4.10:databases/tdb1410
RUN_DEPENDS+= tdb1410>=1.4.10:databases/tdb1410
BUILD_DEPENDS+= tdb1413>=1.4.13:databases/tdb1413
RUN_DEPENDS+= tdb1413>=1.4.13:databases/tdb1413
PLIST_SUB+= SAMBA4_BUNDLED_TDB="@comment "
SUB_LIST+= SAMBA4_BUNDLED_TDB="@comment "
.endif
@ -253,6 +248,7 @@ SUB_LIST+= SAMBA4_BUNDLED_TDB="@comment "
.if defined(SAMBA4_BUNDLED_LDB) && ${SAMBA4_BUNDLED_LDB} == yes
SAMBA4_BUNDLED_LDB= yes
SAMBA4_BUNDLED_LIBS+= ldb
CONFLICTS_INSTALL+= ldb-* ldb2-*
PLIST_SUB+= SAMBA4_BUNDLED_LDB=""
SUB_LIST+= SAMBA4_BUNDLED_LDB=""
SAMBA4_MODULEDIR= ${SAMBA4_LIBDIR}/modules
@ -351,7 +347,6 @@ AD_DC_BUILD_DEPENDS+= ${PYTHON_PKGNAMEPREFIX}markdown>=3.3.7:textproc/py-markdo
AD_DC_RUN_DEPENDS+= ${PYTHON_PKGNAMEPREFIX}markdown>=3.3.7:textproc/py-markdown@${PY_FLAVOR} \
${PYTHON_PKGNAMEPREFIX}dnspython>=2.2.1:dns/py-dnspython@${PY_FLAVOR}
ADS_IMPLIES= LDAP
ADS_CONFIGURE_WITH= ads
CLUSTER_CONFIGURE_WITH= cluster-support
@ -367,13 +362,7 @@ GPGME_CONFIGURE_WITH= gpgme
GPGME_LIB_DEPENDS= libgpgme.so:security/gpgme
GPGME_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}gpg>=2.0.0:security/py-gpg@${PY_FLAVOR}
.if exists(/usr/libexec/krb5kdc)
GSSAPI_BUILTIN_USES= gssapi
GSSAPI_MIT_CONFIGURE_ON= --with-system-mitkrb5 ${GSSAPIBASEDIR} \
--with-system-mitkdc=${GSSAPIBASEDIR}/libexec/krb5kdc
.endif
GSSAPI_BUILTIN_BUILD_DEPENDS= p5-JSON>=4.0:converters/p5-JSON
GSSAPI_BUILTIN_USES= bison
GSSAPI_MIT_CONFIGURE_ON= --with-system-mitkrb5 ${GSSAPIBASEDIR} \
--with-system-mitkdc=${GSSAPIBASEDIR}/sbin/krb5kdc \
@ -386,7 +375,8 @@ GSSAPI_HEIMDAL_PREVENTS= AD_DC
GSSAPI_HEIMDAL_PREVENTS_MSG= GSSAPI_HEIMDAL and AD_DC enable conflicting options
LDAP_CONFIGURE_WITH= ldap
LDAP_CONFIGURE_ON= --with-openldap=${LOCALBASE}
LDAP_CONFIGURE_ON= --with-ldap
LDAP_CONFIGURE_OFF= --without-ldap
LDAP_USES= ldap
LDAP_VARS= SAMBA4_MODULES+=idmap_ldap
@ -470,8 +460,8 @@ SAMBA4_BUNDLED_LIBS+= !pytalloc-util
. endif
. if defined(SAMBA4_BUNDLED_TEVENT) && ${SAMBA4_BUNDLED_TEVENT} == yes
SAMBA4_BUNDLED_LIBS+= pytevent
. else
SAMBA4_BUNDLED_LIBS+= pytevenockbuf_add_io() and LDAP_OPT_SOCKBUF for SASL and TLS support
else
SAMBA4_BUNDLED_LIBS+= !pytevent
. endif
@ -617,11 +607,6 @@ post-install-fix-manpages:
.for f in vfs_aio_linux.8 vfs_btrfs.8 vfs_ceph.8 vfs_gpfs.8
${RM} ${STAGEDIR}${PREFIX}/share/man/man8/${f}
.endfor
.if defined(SAMBA4_BUNDLED_LDB) && ${SAMBA4_BUNDLED_LDB} == yes
. for f in ldbadd.1 ldbdel.1 ldbedit.1 ldbmodify.1 ldbrename.1 ldbsearch.1
${MV} ${STAGEDIR}${PREFIX}/share/man/man1/${f} ${STAGEDIR}${PREFIX}/share/man/man1/samba-${f}
. endfor
.endif
.if defined(SAMBA4_BUNDLED_TALLOC) && ${SAMBA4_BUNDLED_TALLOC} == yes
. for f in talloc.3

6
net/samba422/distinfo
View File

@ -1,3 +1,3 @@
TIMESTAMP = 1737565689
SHA256 (samba-4.20.7.tar.gz) = 5afe8b66e612ab1c7e57c6146adfe98ec3ea9d40dee2962a2076a3d6d6973b78
SIZE (samba-4.20.7.tar.gz) = 42523056
TIMESTAMP = 1752217501
SHA256 (samba-4.22.3.tar.gz) = 8fd7092629a3596d935cd7567d934979f94272918ec3affd0cc807934ecf22ba
SIZE (samba-4.22.3.tar.gz) = 42869744

70
net/samba422/files/0013-Pass-additional-msg-parameter-to-CHECK_LIB-so-it-can.patch
View File

@ -1,70 +0,0 @@
From 6be12b41eb0f71cfc25b5df6659dd176bd681621 Mon Sep 17 00:00:00 2001
From: "Timur I. Bakeyev" <timur@FreeBSD.org>
Date: Thu, 8 Sep 2022 00:25:05 +0200
Subject: [PATCH 13/28] Pass additional msg parameter to CHECK_LIB(), so it can
be transited to the conf.check(), which allows us to specify `match`
parameter to opt.add_option().
Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
---
buildtools/wafsamba/samba_autoconf.py | 9 ++++++---
buildtools/wafsamba/wscript | 9 +++++++--
2 files changed, 13 insertions(+), 5 deletions(-)
diff --git a/buildtools/wafsamba/samba_autoconf.py b/buildtools/wafsamba/samba_autoconf.py
index cf87c8bb9ff..f6c72d99125 100644
--- a/buildtools/wafsamba/samba_autoconf.py
+++ b/buildtools/wafsamba/samba_autoconf.py
@@ -593,7 +593,7 @@ def library_flags(self, libs):
@conf
-def CHECK_LIB(conf, libs, mandatory=False, empty_decl=True, set_target=True, shlib=False):
+def CHECK_LIB(conf, libs, mandatory=False, empty_decl=True, set_target=True, shlib=False, msg=None):
'''check if a set of libraries exist as system libraries
returns the sublist of libs that do exist as a syslib or []
@@ -613,11 +613,14 @@ int foo()
ret.append(lib)
continue
+ if msg is None:
+ msg = 'Checking for library %s' % lib
+
(ccflags, ldflags, cpppath) = library_flags(conf, lib)
if shlib:
- res = conf.check(features='c cshlib', fragment=fragment, lib=lib, uselib_store=lib, cflags=ccflags, ldflags=ldflags, uselib=lib.upper(), mandatory=False)
+ res = conf.check(features='c cshlib', fragment=fragment, lib=lib, uselib_store=lib, cflags=ccflags, ldflags=ldflags, uselib=lib.upper(), mandatory=False, msg=msg)
else:
- res = conf.check(lib=lib, uselib_store=lib, cflags=ccflags, ldflags=ldflags, uselib=lib.upper(), mandatory=False)
+ res = conf.check(lib=lib, uselib_store=lib, cflags=ccflags, ldflags=ldflags, uselib=lib.upper(), mandatory=False, msg=msg)
if not res:
if mandatory:
diff --git a/buildtools/wafsamba/wscript b/buildtools/wafsamba/wscript
index a4d6f3e5c49..c047e1e8b5a 100644
--- a/buildtools/wafsamba/wscript
+++ b/buildtools/wafsamba/wscript
@@ -133,12 +133,17 @@ Currently the only tested value is 'smbtorture,smbd/smbd' for Samba'''),
help=("private library directory [PREFIX/lib/%s]" % Context.g_module.APPNAME),
action="store", dest='PRIVATELIBDIR', default=None)
+ opt.add_option('--with-openldap',
+ help='additional directory to search for OpenLDAP libs',
+ action='store', dest='ldap_open', default=None,
+ match = ['Checking for library lber', 'Checking for library ldap'])
+
opt.add_option('--with-libiconv',
help='additional directory to search for libiconv',
- action='store', dest='iconv_open', default='/usr/local',
+ action='store', dest='iconv_open', default=None,
match = ['Checking for library iconv', 'Checking for iconv_open', 'Checking for header iconv.h'])
opt.add_option('--without-gettext',
- help=("Disable use of gettext"),
+ help=("disable use of gettext"),
action="store_true", dest='disable_gettext', default=False)
gr = opt.option_group('developer options')
--
2.37.1

367
net/samba422/files/0024-Cherry-pick-ZFS-provisioning-code-by-iXsystems-Inc.patch
View File

@ -1,367 +0,0 @@
From d3024a4a2ff8015932a26a9df08e8ea5ff12a959 Mon Sep 17 00:00:00 2001
From: "Timur I. Bakeyev" <timur@FreeBSD.org>
Date: Thu, 4 Aug 2022 05:15:33 +0200
Subject: [PATCH 24/28] Cherry-pick ZFS provisioning code by iXsystems Inc.
* Check if sysvol is on filesystem with NFSv4 ACL's
(cherry picked from commit ca86f52b78a7b6e7537454a69cf93e7b96210cba)
* Only check targetdir if it is defined (I had assumed it was)
(cherry picked from commit a29050cb2978ce23e3c04a859340dc2664c77a8a)
* Kick samba a little bit into understanding NFSv4 ACL's
(cherry picked from commit 1c7542ff4904b729e311e17464ee76582760c219)
Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
---
python/samba/provision/__init__.py | 22 +++-
source3/lib/sysacls.c | 10 ++
source3/param/loadparm.c | 20 +++
source3/smbd/pysmbd.c | 189 ++++++++++++++++++++++++++++-
4 files changed, 235 insertions(+), 6 deletions(-)
diff --git a/python/samba/provision/__init__.py b/python/samba/provision/__init__.py
index ff9b8fac916..20e41a9ad3e 100644
--- a/python/samba/provision/__init__.py
+++ b/python/samba/provision/__init__.py
@@ -1662,19 +1662,25 @@ def setsysvolacl(samdb, netlogon, sysvol, uid, gid, domainsid, dnsdomain,
s3conf = s3param.get_context()
s3conf.load(lp.configfile)
- file = tempfile.NamedTemporaryFile(dir=os.path.abspath(sysvol))
+ sysvol_dir = os.path.abspath(sysvol)
+
+ set_simple_acl = smbd.set_simple_acl
+ if smbd.has_nfsv4_acls(sysvol_dir):
+ set_simple_acl = smbd.set_simple_nfsv4_acl
+
+ file = tempfile.NamedTemporaryFile(dir=sysvol_dir)
try:
try:
- smbd.set_simple_acl(file.name, 0o755, system_session_unix(), gid)
+ set_simple_acl(file.name, 0o755, system_session_unix(), gid)
except OSError:
- if not smbd.have_posix_acls():
+ if not smbd.have_posix_acls() and not smbd.have_nfsv4_acls():
# This clue is only strictly correct for RPM and
# Debian-like Linux systems, but hopefully other users
# will get enough clue from it.
- raise ProvisioningError("Samba was compiled without the posix ACL support that s3fs requires. "
+ raise ProvisioningError("Samba was compiled without the ACL support that s3fs requires. "
"Try installing libacl1-dev or libacl-devel, then re-run configure and make.")
- raise ProvisioningError("Your filesystem or build does not support posix ACLs, which s3fs requires. "
+ raise ProvisioningError("Your filesystem or build does not support ACLs, which s3fs requires. "
"Try the mounting the filesystem with the 'acl' option.")
try:
smbd.chown(file.name, uid, gid, system_session_unix())
@@ -1959,6 +1965,9 @@ def provision_fill(samdb, secrets_ldb, logger, names, paths,
samdb.transaction_commit()
if serverrole == "active directory domain controller":
+ if targetdir and smbd.have_nfsv4_acls() and smbd.has_nfsv4_acls(targetdir):
+ smbd.set_nfsv4_defaults()
+
# Continue setting up sysvol for GPO. This appears to require being
# outside a transaction.
if not skip_sysvolacl:
@@ -2313,6 +2322,9 @@ def provision(logger, session_info, smbconf=None,
if not os.path.isdir(paths.netlogon):
os.makedirs(paths.netlogon, 0o755)
+ if smbd.have_nfsv4_acls() and smbd.has_nfsv4_acls(paths.sysvol):
+ smbd.set_nfsv4_defaults()
+
if adminpass is None:
adminpass = samba.generate_random_password(12, 32)
adminpass_generated = True
diff --git a/source3/lib/sysacls.c b/source3/lib/sysacls.c
index 891fabea21e..d1357a47bd0 100644
--- a/source3/lib/sysacls.c
+++ b/source3/lib/sysacls.c
@@ -38,6 +38,16 @@
#include "modules/vfs_aixacl.h"
#endif
+/*
+ * NFSv4 ACL's should be understood and a first class citizen. Work
+ * needs to be done in librpc/idl/smb_acl.idl for this to occur.
+ */
+#if defined(HAVE_LIBSUNACL) && defined(FREEBSD)
+#if 0
+#include "modules/nfs4_acls.h"
+#endif
+#endif
+
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_ACLS
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 21e061939e3..4e23fdaaf6d 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -2830,9 +2830,29 @@ static void init_locals(void)
} else {
if (lp_parm_const_string(-1, "xattr_tdb", "file", NULL)) {
lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr xattr_tdb");
+ /*
+ * By default, the samba sysvol is located in the statedir. Provisioning will fail in setntacl
+ * unless we have zfacl enabled. Unfortunately, at this point the smb.conf has not been generated.
+ * This workaround is freebsd-specific.
+ */
+#if defined(_PC_ACL_EXTENDED)
+ } else if (pathconf(lp_state_directory(), _PC_ACL_EXTENDED) == 1) {
+ lp_do_parameter(-1, "vfs objects", "dfs_samba4 freebsd");
+#endif
+#if defined(_PC_ACL_NFS4)
+ } else if (pathconf(lp_state_directory(), _PC_ACL_NFS4) == 1) {
+ lp_do_parameter(-1, "vfs objects", "dfs_samba4 zfsacl");
+#endif
} else if (lp_parm_const_string(-1, "posix", "eadb", NULL)) {
lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr posix_eadb");
} else {
+ /*
+ * This should only set dfs_samba4 and leave acl_xattr
+ * to be set later (or zfsacl). The only reason the decision
+ * can't be made here to load acl_xattr or zfsacl is
+ * that we don't have access to what the target
+ * directory is.
+ */
lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr");
}
}
diff --git a/source3/smbd/pysmbd.c b/source3/smbd/pysmbd.c
index 88cbf62a680..867010ea6cd 100644
--- a/source3/smbd/pysmbd.c
+++ b/source3/smbd/pysmbd.c
@@ -485,6 +485,20 @@ static SMB_ACL_T make_simple_acl(TALLOC_CTX *mem_ctx,
return acl;
}
+static SMB_ACL_T make_simple_nfsv4_acl(TALLOC_CTX *mem_ctx,
+ gid_t gid,
+ mode_t chmod_mode)
+{
+ /*
+ * This function needs to create an NFSv4 ACL. Currently, the only way
+ * to do so is to use the operating system interface, or to use the
+ * functions in source3/modules/nfs4_acls.c. These seems ugly and
+ * hacky. NFSv4 ACL's should be a first class citizen and
+ * librpc/idl/smb_acl.idl should be modified accordingly.
+ */
+ return NULL;
+}
+
/*
set a simple ACL on a file, as a test
*/
@@ -557,6 +571,84 @@ static PyObject *py_smbd_set_simple_acl(PyObject *self, PyObject *args, PyObject
Py_RETURN_NONE;
}
+
+/*
+ set a simple NFSv4 ACL on a file, as a test
+ */
+static PyObject *py_smbd_set_simple_nfsv4_acl(PyObject *self, PyObject *args, PyObject *kwargs)
+{
+ const char * const kwnames[] = {
+ "fname",
+ "mode",
+ "session_info",
+ "gid",
+ "service",
+ NULL
+ };
+ char *fname, *service = NULL;
+ PyObject *py_session = Py_None;
+ struct auth_session_info *session_info = NULL;
+ int ret;
+ int mode, gid = -1;
+ SMB_ACL_T acl;
+ TALLOC_CTX *frame;
+ connection_struct *conn;
+
+ if (!PyArg_ParseTupleAndKeywords(args, kwargs, "siO|iz",
+ discard_const_p(char *, kwnames),
+ &fname,
+ &mode,
+ &py_session,
+ &gid,
+ &service))
+ return NULL;
+
+ if (!py_check_dcerpc_type(py_session,
+ "samba.dcerpc.auth",
+ "session_info")) {
+ return NULL;
+ }
+ session_info = pytalloc_get_type(py_session,
+ struct auth_session_info);
+ if (session_info == NULL) {
+ PyErr_Format(PyExc_TypeError,
+ "Expected auth_session_info for session_info argument got %s",
+ pytalloc_get_name(py_session));
+ return NULL;
+ }
+
+ frame = talloc_stackframe();
+
+ acl = make_simple_nfsv4_acl(frame, gid, mode);
+ if (acl == NULL) {
+ TALLOC_FREE(frame);
+ Py_RETURN_NONE;
+ }
+
+ conn = get_conn_tos(service, session_info);
+ if (!conn) {
+ TALLOC_FREE(frame);
+ Py_RETURN_NONE;
+ }
+
+ /*
+ * SMB_ACL_TYPE_ACCESS -> ACL_TYPE_ACCESS -> Not valid for NFSv4 ACL
+ */
+ ret = 0;
+
+ /* ret = set_sys_acl_conn(fname, SMB_ACL_TYPE_ACCESS, acl, conn); */
+
+ if (ret != 0) {
+ TALLOC_FREE(frame);
+ errno = ret;
+ return PyErr_SetFromErrno(PyExc_OSError);
+ }
+
+ TALLOC_FREE(frame);
+
+ Py_RETURN_NONE;
+}
+
/*
chown a file
*/
@@ -744,7 +836,7 @@ static PyObject *py_smbd_unlink(PyObject *self, PyObject *args, PyObject *kwargs
}
/*
- check if we have ACL support
+ check if we have POSIX.1e ACL support
*/
static PyObject *py_smbd_have_posix_acls(PyObject *self,
PyObject *Py_UNUSED(ignored))
@@ -756,6 +848,83 @@ static PyObject *py_smbd_have_posix_acls(PyObject *self,
#endif
}
+static PyObject *py_smbd_has_posix_acls(PyObject *self, PyObject *args, PyObject *kwargs)
+{
+ const char * const kwnames[] = { "path", NULL };
+ char *path = NULL;
+ TALLOC_CTX *frame;
+ struct statfs fs;
+ int ret = false;
+
+ frame = talloc_stackframe();
+
+ if (!PyArg_ParseTupleAndKeywords(args, kwargs, "s|z",
+ discard_const_p(char *, kwnames), &path)) {
+ TALLOC_FREE(frame);
+ return NULL;
+ }
+
+ if (statfs(path, &fs) != 0) {
+ TALLOC_FREE(frame);
+ return NULL;
+ }
+
+ if (fs.f_flags & MNT_ACLS)
+ ret = true;
+
+ TALLOC_FREE(frame);
+ return PyBool_FromLong(ret);
+}
+
+/*
+ check if we have NFSv4 ACL support
+ */
+static PyObject *py_smbd_have_nfsv4_acls(PyObject *self)
+{
+#ifdef HAVE_LIBSUNACL
+ return PyBool_FromLong(true);
+#else
+ return PyBool_FromLong(false);
+#endif
+}
+
+static PyObject *py_smbd_has_nfsv4_acls(PyObject *self, PyObject *args, PyObject *kwargs)
+{
+ const char * const kwnames[] = { "path", NULL };
+ char *path = NULL;
+ TALLOC_CTX *frame;
+ struct statfs fs;
+ int ret = false;
+
+ frame = talloc_stackframe();
+
+ if (!PyArg_ParseTupleAndKeywords(args, kwargs, "s|z",
+ discard_const_p(char *, kwnames), &path)) {
+ TALLOC_FREE(frame);
+ return NULL;
+ }
+
+ if (statfs(path, &fs) != 0) {
+ TALLOC_FREE(frame);
+ return NULL;
+ }
+
+ if (fs.f_flags & MNT_NFS4ACLS)
+ ret = true;
+
+ TALLOC_FREE(frame);
+ return PyBool_FromLong(ret);
+}
+
+
+static PyObject *py_smbd_set_nfsv4_defaults(PyObject *self)
+{
+ /*
+ * It is really be done in source3/param/loadparm.c
+ */
+ Py_RETURN_NONE;
+}
+
/*
set the NT ACL on a file
*/
@@ -1242,10 +1411,28 @@ static PyMethodDef py_smbd_methods[] = {
{ "have_posix_acls",
(PyCFunction)py_smbd_have_posix_acls, METH_NOARGS,
NULL },
+ { "has_posix_acls",
+ PY_DISCARD_FUNC_SIG(PyCFunction, py_smbd_has_posix_acls),
+ METH_VARARGS|METH_KEYWORDS,
+ NULL },
+ { "have_nfsv4_acls",
+ (PyCFunction)py_smbd_have_nfsv4_acls, METH_NOARGS,
+ NULL },
+ { "has_nfsv4_acls",
+ PY_DISCARD_FUNC_SIG(PyCFunction, py_smbd_has_nfsv4_acls),
+ METH_VARARGS|METH_KEYWORDS,
+ NULL },
+ { "set_nfsv4_defaults",
+ (PyCFunction)py_smbd_set_nfsv4_defaults, METH_NOARGS,
+ NULL },
{ "set_simple_acl",
PY_DISCARD_FUNC_SIG(PyCFunction, py_smbd_set_simple_acl),
METH_VARARGS|METH_KEYWORDS,
NULL },
+ { "set_simple_nfsv4_acl",
+ PY_DISCARD_FUNC_SIG(PyCFunction, py_smbd_set_simple_nfsv4_acl),
+ METH_VARARGS|METH_KEYWORDS,
+ NULL },
{ "set_nt_acl",
PY_DISCARD_FUNC_SIG(PyCFunction, py_smbd_set_nt_acl),
METH_VARARGS|METH_KEYWORDS,
--
2.37.1

32
net/samba422/files/0028-Fix-rl_completion_func_t.patch
View File

@ -1,32 +0,0 @@
--- a/samba-4.19.8/lib/replace/system/readline.h 2023-07-18 10:14:54.478091000 +0200
+++ b/lib/replace/system/readline.h 2024-10-02 13:47:48.773606000 +0200
@@ -46,10 +46,10 @@
#endif
#ifdef HAVE_NEW_LIBREADLINE
-#ifdef HAVE_CPPFUNCTION
+#if defined(HAVE_RL_COMPLETION_FUNC_T)
+# define RL_COMPLETION_CAST (rl_completion_func_t *)
+#elif defined(HAVE_CPPFUNCTION)
# define RL_COMPLETION_CAST (CPPFunction *)
-#elif defined(HAVE_RL_COMPLETION_T)
-# define RL_COMPLETION_CAST (rl_completion_t *)
#else
# define RL_COMPLETION_CAST
#endif
diff -upr a/samba-4.19.8/libcli/smbreadline/wscript_configure b/libcli/smbreadline/wscript_configure
--- a/samba-4.19.8/libcli/smbreadline/wscript_configure 2023-07-18 10:14:54.558091600 +0200
+++ b/libcli/smbreadline/wscript_configure 2024-10-02 13:47:48.774008000 +0200
@@ -51,10 +51,10 @@ conf.CHECK_CODE('''
# endif
# endif
#endif
-int main(void) {rl_completion_t f; return 0;}
+int main(void) {rl_completion_func_t f; return 0;}
''',
'HAVE_RL_COMPLETION_FUNC_T', execute=False, addmain=False,
-msg='Checking for rl_completion_t')
+msg='Checking for rl_completion_func_t')
conf.CHECK_CODE('''
#ifdef HAVE_READLINE_READLINE_H

164
net/samba422/files/0099-s3-modules-zfsacl-fix-get-set-ACL-on-FreeBSD-13.patch
View File

@ -1,164 +0,0 @@
From ff8b27f6f0c67cbb0fb37f80f3336c1bd0f28430 Mon Sep 17 00:00:00 2001
From: Andrew Walker <awalker@ixsystems.com>
Date: Thu, 16 Mar 2023 09:05:45 -0700
Subject: [PATCH] Fixups for VFS changes in 4.18
---
debian/changelog | 24 ++++++------------
lib/audit_logging/audit_logging.c | 4 +--
source3/modules/vfs_shadow_copy_zfs.c | 24 ++++++++----------
source3/modules/vfs_tmprotect.c | 2 +-
source3/modules/vfs_zfsacl.c | 35 +++++++++++++++++++++++++++
source3/utils/net_groupmap.c | 6 ++---
6 files changed, 58 insertions(+), 37 deletions(-)
diff --git a/source3/modules/vfs_zfsacl.c b/source3/modules/vfs_zfsacl.c
index e24cb683d2..18f8dcb4b2 100644
--- a/source3/modules/vfs_zfsacl.c
+++ b/source3/modules/vfs_zfsacl.c
@@ -307,6 +307,41 @@ static NTSTATUS zfs_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
zfs_process_smbacl);
}
+static int get_zfsacl(TALLOC_CTX *mem_ctx,
+ const struct smb_filename *smb_fname,
+ ace_t **outbuf)
+{
+ int naces, rv;
+ ace_t *acebuf = NULL;
+
+ naces = acl(smb_fname->base_name, ACE_GETACLCNT, 0, NULL);
+ if (naces == -1) {
+ int dbg_level = 10;
+
+ if (errno == ENOSYS) {
+ dbg_level = 1;
+ }
+ DEBUG(dbg_level, ("acl(ACE_GETACLCNT, %s): %s ",
+ smb_fname->base_name, strerror(errno)));
+ return naces;
+ }
+ acebuf = talloc_size(mem_ctx, sizeof(ace_t)*naces);
+ if (acebuf == NULL) {
+ errno = ENOMEM;
+ return -1;
+ }
+
+ rv = acl(smb_fname->base_name, ACE_GETACL, naces, acebuf);
+ if (rv == -1) {
+ DBG_DEBUG("acl(ACE_GETACL, %s) failed: %s ",
+ smb_fname->base_name, strerror(errno));
+ return -1;
+ }
+
+ *outbuf = acebuf;
+ return naces;
+}
+
static int fget_zfsacl(TALLOC_CTX *mem_ctx,
struct files_struct *fsp,
ace_t **outbuf)
From 0c2c9f21cf01983d9001edef4983bc15b79a31ad Mon Sep 17 00:00:00 2001
From: Andrew <awalker@ixsystems.com>
Date: Mon, 29 Nov 2021 12:33:15 -0500
Subject: [PATCH] NAS-113538 / Fix procfd handling for xattr-based alternate
datastreams (#54)
vfs_streams_xattr openat() does not set fsp.flags.have_proc_fds. In open_streams_for_delete() the fsp is not allocated via talloc_zero() and so this may be unitialized memory.
This particular fix ensures vfs_streams_xattr sets the fsp have_proc_fds flag to the one defined in the associated tree connect for the fsp. In the case of vfs_ixnas, ensure that we read the NT ACL from fsp->base_fsp (file) rather than the fsp associated with the xattr.
This PR also fixes vfs_zfsacl for FreeBSD 13 (adding handling for procfd paths)
---
source3/modules/vfs_ixnas.c | 4 ++-
source3/modules/vfs_zfsacl.c | 62 ++++++++++++++++++++++++++++++++++++
2 files changed, 65 insertions(+), 1 deletion(-)
--- a/source3/modules/vfs_zfsacl.c
+++ b/source3/modules/vfs_zfsacl.c
@@ -235,12 +235,43 @@ static bool zfs_process_smbacl(vfs_handle_struct *handle, files_struct *fsp,
SMB_ASSERT(i == naces);
/* store acl */
+#ifdef O_PATH
+ if (fsp->fsp_flags.is_pathref) {
+ const char *proc_fd_path = NULL;
+ char buf[PATH_MAX];
+
+ if (!fsp->fsp_flags.have_proc_fds) {
+ DBG_ERR("fdescfs filesystem must be mounted with 'nodup' "
+ "option \n");
+ errno = EBADF;
+ return -1;
+ }
+
+ fd = fsp_get_pathref_fd(fsp);
+ proc_fd_path = sys_proc_fd_path(fd, buf, sizeof(buf));
+ if (proc_fd_path == NULL) {
+ DBG_ERR("%s: failed to generate pathref fd for %d\n",
+ fsp_str_dbg(fsp), fd);
+ errno = EBADF;
+ return -1;
+ }
+ rv = acl(proc_fd_path, ACE_SETACL, naces, acebuf);
+ } else {
+ fd = fsp_get_io_fd(fsp);
+ if (fd == -1) {
+ errno = EBADF;
+ return false;
+ }
+ rv = facl(fd, ACE_SETACL, naces, acebuf);
+ }
+#else
fd = fsp_get_pathref_fd(fsp);
if (fd == -1) {
errno = EBADF;
return false;
}
rv = facl(fd, ACE_SETACL, naces, acebuf);
+#endif
if (rv != 0) {
if(errno == ENOSYS) {
DEBUG(9, ("acl(ACE_SETACL, %s): Operation is not "
@@ -286,7 +317,38 @@ static int fget_zfsacl(TALLOC_CTX *mem_ctx,
ace_t *acebuf = NULL;
int fd;
+#ifdef O_PATH
+ if (fsp->fsp_flags.is_pathref) {
+ const char *proc_fd_path = NULL;
+ char buf[PATH_MAX];
+ struct smb_filename smb_fname;
+
+ if (!fsp->fsp_flags.have_proc_fds) {
+ DBG_ERR("fdescfs filesystem must be mounted with 'nodup' "
+ "option \n");
+ errno = EBADF;
+ return -1;
+ }
+
+ fd = fsp_get_pathref_fd(fsp);
+ proc_fd_path = sys_proc_fd_path(fd, buf, sizeof(buf));
+ if (proc_fd_path == NULL) {
+ DBG_ERR("%s: failed to generate pathref fd for %d\n",
+ fsp_str_dbg(fsp), fd);
+ errno = EBADF;
+ return -1;
+ }
+
+ smb_fname = (struct smb_filename) {
+ .base_name = discard_const_p(char, proc_fd_path)
+ };
+
+ return get_zfsacl(mem_ctx, &smb_fname, outbuf);
+ }
+ fd = fsp_get_io_fd(fsp);
+#else
fd = fsp_get_pathref_fd(fsp);
+#endif
if (fd == -1) {
errno = EBADF;
return -1;
--
2.43.0

515
net/samba422/files/0100-Fix-pathref-handling-for-FreeBSD-13plus_samba42x.patch
View File

@ -1,515 +0,0 @@
https://bugzilla.samba.org/show_bug.cgi?id=15376
# 2024-08-05
# NOTE: Patch is partially split apart from the copy in net/samba419 due to Samba upstream
# making some Linux-specific changes. FreeBSD-specific linprocfs mount path bits are
# moved to a separate patch due to upstream hardcoding the Linux-specific procfs
# path in multiple places in commit 9f63fad392f3:
# https://git.samba.org/?p=samba.git;a=commitdiff;h=9f63fad392f3cff34d6a8e318e0427499170c417
diff -Naurp a/source3/include/proto.h b/source3/include/proto.h
--- a/source3/include/proto.h 2024-02-02 04:33:51.168489200 -0500
+++ b/source3/include/proto.h 2024-08-05 21:25:56.723092000 -0400
@@ -211,6 +211,10 @@ char *sys_proc_fd_path(int fd, struct sys_proc_fd_path
bool sys_have_proc_fds(void);
char *sys_proc_fd_path(int fd, struct sys_proc_fd_path_buf *buf);
+int sys_open_real_fd_from_pathref_fd(int fd,
+ int *mfd,
+ int flags);
+
struct stat;
void init_stat_ex_from_stat (struct stat_ex *dst,
const struct stat *src,
diff -Naurp a/source3/lib/system.c b/source3/lib/system.c
--- a/source3/lib/system.c 2024-02-02 04:33:51.188489400 -0500
+++ b/source3/lib/system.c 2024-08-05 21:25:56.723571000 -0400
@@ -1074,3 +1074,23 @@ char *sys_proc_fd_path(int fd, struct sys_proc_fd_path
return buf->buf;
}
+
+/* Helper function that opens a usable fd for accessing data
+ (metadata & content) from a pathref fd */
+int sys_open_real_fd_from_pathref_fd(int fd, int *rfd, int flags)
+{
+ int tfd;
+
+#if defined(HAVE_OPENAT) && defined(O_EMPTY_PATH)
+ /* This works for FreeBSD 13+ atleast */
+ tfd = openat(fd, "", O_EMPTY_PATH|flags);
+ if (tfd < 0) {
+ return errno;
+ }
+
+ *rfd = tfd;
+ return 0;
+#else
+ return ENOSYS;
+#endif
+}
diff -Naurp a/source3/modules/vfs_default.c b/source3/modules/vfs_default.c
--- a/source3/modules/vfs_default.c 2024-08-02 07:54:09.629892300 -0400
+++ b/source3/modules/vfs_default.c 2024-08-05 21:25:56.724593000 -0400
@@ -2688,7 +2688,7 @@ static int vfswrap_fchmod(vfs_handle_struct *handle, f
static int vfswrap_fchmod(vfs_handle_struct *handle, files_struct *fsp, mode_t mode)
{
- int result;
+ int result, fd, real_fd;
START_PROFILE(syscall_fchmod);
@@ -2698,8 +2698,9 @@ static int vfswrap_fchmod(vfs_handle_struct *handle, f
return result;
}
+ fd = fsp_get_pathref_fd(fsp);
+
if (fsp->fsp_flags.have_proc_fds) {
- int fd = fsp_get_pathref_fd(fsp);
struct sys_proc_fd_path_buf buf;
result = chmod(sys_proc_fd_path(fd, &buf), mode);
@@ -2708,6 +2709,17 @@ static int vfswrap_fchmod(vfs_handle_struct *handle, f
return result;
}
+ if (sys_open_real_fd_from_pathref_fd(fd, &real_fd, O_RDONLY|O_NONBLOCK) == 0) {
+ int saved_errno;
+
+ result = fchmod(real_fd, mode);
+ saved_errno = errno;
+ close(real_fd);
+ errno = saved_errno;
+ END_PROFILE(syscall_fchmod);
+ return result;
+ }
+
/*
* This is no longer a handle based call.
*/
@@ -2720,7 +2732,7 @@ static int vfswrap_fchown(vfs_handle_struct *handle, f
static int vfswrap_fchown(vfs_handle_struct *handle, files_struct *fsp, uid_t uid, gid_t gid)
{
#ifdef HAVE_FCHOWN
- int result;
+ int result, fd, real_fd;
START_PROFILE(syscall_fchown);
if (!fsp->fsp_flags.is_pathref) {
@@ -2729,8 +2741,9 @@ static int vfswrap_fchown(vfs_handle_struct *handle, f
return result;
}
+ fd = fsp_get_pathref_fd(fsp);
+
if (fsp->fsp_flags.have_proc_fds) {
- int fd = fsp_get_pathref_fd(fsp);
struct sys_proc_fd_path_buf buf;
result = chown(sys_proc_fd_path(fd, &buf), uid, gid);
@@ -2739,6 +2752,17 @@ static int vfswrap_fchown(vfs_handle_struct *handle, f
return result;
}
+ if (sys_open_real_fd_from_pathref_fd(fd, &real_fd, O_RDONLY|O_NONBLOCK) == 0) {
+ int saved_errno;
+
+ result = fchown(real_fd, uid, gid);
+ saved_errno = errno;
+ close(real_fd);
+ errno = saved_errno;
+ END_PROFILE(syscall_fchown);
+ return result;
+ }
+
/*
* This is no longer a handle based call.
*/
@@ -2812,7 +2836,7 @@ static int vfswrap_fntimes(vfs_handle_struct *handle,
files_struct *fsp,
struct smb_file_time *ft)
{
- int result = -1;
+ int result = -1, fd, real_fd;
struct timespec ts[2];
struct timespec *times = NULL;
@@ -2857,8 +2881,9 @@ static int vfswrap_fntimes(vfs_handle_struct *handle,
goto out;
}
+ fd = fsp_get_pathref_fd(fsp);
+
if (fsp->fsp_flags.have_proc_fds) {
- int fd = fsp_get_pathref_fd(fsp);
struct sys_proc_fd_path_buf buf;
result = utimensat(AT_FDCWD,
@@ -2869,6 +2894,16 @@ static int vfswrap_fntimes(vfs_handle_struct *handle,
goto out;
}
+ if (sys_open_real_fd_from_pathref_fd(fd, &real_fd, O_RDONLY|O_NONBLOCK) == 0) {
+ int saved_errno;
+
+ result = futimens(real_fd, times);
+ saved_errno = errno;
+ close(real_fd);
+ errno = saved_errno;
+ goto out;
+ }
+
/*
* The fd is a pathref (opened with O_PATH) and there isn't fd to
* path translation mechanism. Fallback to path based call.
@@ -3272,6 +3307,7 @@ static int vfswrap_fchflags(vfs_handle_struct *handle,
{
#ifdef HAVE_FCHFLAGS
int fd = fsp_get_pathref_fd(fsp);
+ int real_fd;
SMB_ASSERT(!fsp_is_alternate_stream(fsp));
@@ -3285,6 +3321,16 @@ static int vfswrap_fchflags(vfs_handle_struct *handle,
return chflags(sys_proc_fd_path(fd, &buf), flags);
}
+ if (sys_open_real_fd_from_pathref_fd(fd, &real_fd, O_RDONLY|O_NONBLOCK) == 0) {
+ int saved_errno, result;
+
+ result = fchflags(real_fd, flags);
+ saved_errno = errno;
+ close(real_fd);
+ errno = saved_errno;
+ return result;
+ }
+
/*
* This is no longer a handle based call.
*/
@@ -3513,6 +3559,7 @@ static ssize_t vfswrap_fgetxattr(struct vfs_handle_str
size_t size)
{
int fd = fsp_get_pathref_fd(fsp);
+ int real_fd;
SMB_ASSERT(!fsp_is_alternate_stream(fsp));
@@ -3526,6 +3573,16 @@ static ssize_t vfswrap_fgetxattr(struct vfs_handle_str
return getxattr(sys_proc_fd_path(fd, &buf), name, value, size);
}
+ if (sys_open_real_fd_from_pathref_fd(fd, &real_fd, O_RDONLY|O_NONBLOCK) == 0) {
+ int saved_errno, result;
+
+ result = fgetxattr(real_fd, name, value, size);
+ saved_errno = errno;
+ close(real_fd);
+ errno = saved_errno;
+ return result;
+ }
+
/*
* This is no longer a handle based call.
*/
@@ -3833,6 +3890,7 @@ static ssize_t vfswrap_flistxattr(struct vfs_handle_st
static ssize_t vfswrap_flistxattr(struct vfs_handle_struct *handle, struct files_struct *fsp, char *list, size_t size)
{
int fd = fsp_get_pathref_fd(fsp);
+ int real_fd;
SMB_ASSERT(!fsp_is_alternate_stream(fsp));
@@ -3846,6 +3904,16 @@ static ssize_t vfswrap_flistxattr(struct vfs_handle_st
return listxattr(sys_proc_fd_path(fd, &buf), list, size);
}
+ if (sys_open_real_fd_from_pathref_fd(fd, &real_fd, O_RDONLY|O_NONBLOCK) == 0) {
+ int saved_errno, result;
+
+ result = flistxattr(real_fd, list, size);
+ saved_errno = errno;
+ close(real_fd);
+ errno = saved_errno;
+ return result;
+ }
+
/*
* This is no longer a handle based call.
*/
@@ -3855,6 +3923,7 @@ static int vfswrap_fremovexattr(struct vfs_handle_stru
static int vfswrap_fremovexattr(struct vfs_handle_struct *handle, struct files_struct *fsp, const char *name)
{
int fd = fsp_get_pathref_fd(fsp);
+ int real_fd;
SMB_ASSERT(!fsp_is_alternate_stream(fsp));
@@ -3868,6 +3937,16 @@ static int vfswrap_fremovexattr(struct vfs_handle_stru
return removexattr(sys_proc_fd_path(fd, &buf), name);
}
+ if (sys_open_real_fd_from_pathref_fd(fd, &real_fd, O_RDONLY|O_NONBLOCK) == 0) {
+ int saved_errno, result;
+
+ result = fremovexattr(real_fd, name);
+ saved_errno = errno;
+ close(real_fd);
+ errno = saved_errno;
+ return result;
+ }
+
/*
* This is no longer a handle based call.
*/
@@ -3877,6 +3956,7 @@ static int vfswrap_fsetxattr(struct vfs_handle_struct
static int vfswrap_fsetxattr(struct vfs_handle_struct *handle, struct files_struct *fsp, const char *name, const void *value, size_t size, int flags)
{
int fd = fsp_get_pathref_fd(fsp);
+ int real_fd;
SMB_ASSERT(!fsp_is_alternate_stream(fsp));
@@ -3892,6 +3972,16 @@ static int vfswrap_fsetxattr(struct vfs_handle_struct
value,
size,
flags);
+ }
+
+ if (sys_open_real_fd_from_pathref_fd(fd, &real_fd, O_RDONLY|O_NONBLOCK) == 0) {
+ int saved_errno, result;
+
+ result = fsetxattr(real_fd, name, value, size, flags);
+ saved_errno = errno;
+ close(real_fd);
+ errno = saved_errno;
+ return result;
}
/*
diff -Naurp a/source3/modules/vfs_zfsacl.c b/source3/modules/vfs_zfsacl.c
--- a/source3/modules/vfs_zfsacl.c 2024-02-02 04:33:51.236489800 -0500
+++ b/source3/modules/vfs_zfsacl.c 2024-08-05 21:25:56.724941000 -0400
@@ -234,13 +234,39 @@ static bool zfs_process_smbacl(vfs_handle_struct *hand
SMB_ASSERT(i == naces);
- /* store acl */
- fd = fsp_get_pathref_fd(fsp);
- if (fd == -1) {
- errno = EBADF;
- return false;
+ if (!fsp->fsp_flags.is_pathref) {
+ rv = facl(fsp_get_io_fd(fsp), ACE_SETACL, naces, acebuf);
+ } else {
+ const char *procfd_p = NULL;
+ char buf[PATH_MAX];
+
+ fd = fsp_get_pathref_fd(fsp);
+ if (fsp->fsp_flags.have_proc_fds && (procfd_p = sys_proc_fd_path(fd, &buf))) {
+ rv = acl(procfd_p, ACE_SETACL, naces, acebuf);
+ } else {
+ int real_fd;
+
+ fd = fsp_get_pathref_fd(fsp);
+
+ /* First try this for versions of FreeBSD 13+ that allows facl() on O_PATH fd's */
+ rv = facl(fd, ACE_SETACL, naces, acebuf);
+
+ if (rv < 0 && errno == EBADF &&
+ sys_open_real_fd_from_pathref_fd(fd, &real_fd, O_RDONLY|O_NONBLOCK) == 0) {
+ /* Works on FreeBSD 13+ */
+ int saved_errno;
+
+ rv = facl(real_fd, ACE_SETACL, naces, acebuf);
+ saved_errno = errno;
+ close(real_fd);
+ errno = saved_errno;
+ } else {
+ /* Last ditch fallback */
+ rv = acl(fsp->fsp_name->base_name, ACE_SETACL, naces, acebuf);
+ }
+ }
}
- rv = facl(fd, ACE_SETACL, naces, acebuf);
+
if (rv != 0) {
if(errno == ENOSYS) {
DEBUG(9, ("acl(ACE_SETACL, %s): Operation is not "
@@ -284,14 +310,39 @@ static int fget_zfsacl(TALLOC_CTX *mem_ctx,
{
int naces, rv;
ace_t *acebuf = NULL;
- int fd;
+ int fd = -1;
+ const char *procfd_p = NULL;
+ char buf[PATH_MAX];
- fd = fsp_get_pathref_fd(fsp);
- if (fd == -1) {
- errno = EBADF;
- return -1;
+ if (!fsp->fsp_flags.is_pathref) {
+ naces = facl(fsp_get_io_fd(fsp), ACE_GETACLCNT, 0, NULL);
+ } else {
+ fd = fsp_get_pathref_fd(fsp);
+
+ if (fsp->fsp_flags.have_proc_fds && (procfd_p = sys_proc_fd_path(fd, &buf))) {
+ /* If we have procfd support, try this first */
+ naces = acl(procfd_p, ACE_GETACLCNT, 0, NULL);
+ } else {
+ int real_fd;
+
+ /* First try this for versions of FreeBSD 13+ that allows facl() on O_PATH fd's */
+ naces = facl(fd, ACE_GETACLCNT, 0, NULL);
+ if (naces < 0 && errno == EBADF &&
+ sys_open_real_fd_from_pathref_fd(fd, &real_fd, O_RDONLY|O_NONBLOCK) == 0) {
+ /* Works on FreeBSD 13+ */
+ int saved_errno;
+
+ naces = facl(real_fd, ACE_GETACLCNT, 0, NULL);
+ saved_errno = errno;
+ close(real_fd);
+ errno = saved_errno;
+ } else {
+ /* Last ditch fallback */
+ naces = acl(fsp->fsp_name->base_name, ACE_GETACLCNT, 0, NULL);
+ }
+ }
}
- naces = facl(fd, ACE_GETACLCNT, 0, NULL);
+
if (naces == -1) {
int dbg_level = 10;
@@ -309,7 +360,32 @@ static int fget_zfsacl(TALLOC_CTX *mem_ctx,
return -1;
}
- rv = facl(fd, ACE_GETACL, naces, acebuf);
+ if (!fsp->fsp_flags.is_pathref) {
+ rv = facl(fsp_get_io_fd(fsp), ACE_GETACL, naces, acebuf);
+ } else {
+ if (procfd_p) {
+ rv = acl(procfd_p, ACE_GETACL, naces, acebuf);
+ } else {
+ int real_fd;
+
+ /* First try this for versions of FreeBSD that allows facl() on O_PATH fd's */
+ rv = facl(fd, ACE_GETACL, naces, acebuf);
+ if (rv < 0 && errno == EBADF &&
+ sys_open_real_fd_from_pathref_fd(fd, &real_fd, O_RDONLY|O_NONBLOCK) == 0) {
+ /* Works on FreeBSD 13+ */
+ int saved_errno;
+
+ rv = facl(real_fd, ACE_GETACL, naces, acebuf);
+ saved_errno = errno;
+ close(real_fd);
+ errno = saved_errno;
+ } else {
+ /* Last ditch fallback */
+ rv = acl(fsp->fsp_name->base_name, ACE_GETACL, naces, acebuf);
+ }
+ }
+ }
+
if (rv == -1) {
DBG_DEBUG("acl(ACE_GETACL, %s): %s\n",
fsp_str_dbg(fsp), strerror(errno));
diff -Naurp a/source3/smbd/open.c b/source3/smbd/open.c
--- a/source3/smbd/open.c 2024-08-02 07:54:09.637892500 -0400
+++ b/source3/smbd/open.c 2024-08-05 21:27:26.052148000 -0400
@@ -1169,51 +1169,54 @@ static NTSTATUS reopen_from_fsp(struct files_struct *d
const struct vfs_open_how *how,
bool *p_file_created)
{
- NTSTATUS status;
- int old_fd;
+ NTSTATUS status;
+ int old_fd;
- if (fsp->fsp_flags.have_proc_fds &&
- ((old_fd = fsp_get_pathref_fd(fsp)) != -1)) {
+ old_fd = fsp_get_pathref_fd(fsp);
+ if (old_fd == -1) {
+ int new_fd;
+ if (sys_open_real_fd_from_pathref_fd(old_fd, &new_fd, how->flags) != 0) {
+ if (fsp->fsp_flags.have_proc_fds) {
+ struct sys_proc_fd_path_buf buf;
+ struct smb_filename proc_fname = (struct smb_filename){
+ .base_name = sys_proc_fd_path(old_fd, &buf),
+ };
+ mode_t mode = fsp->fsp_name->st.st_ex_mode;
- struct sys_proc_fd_path_buf buf;
- struct smb_filename proc_fname = (struct smb_filename){
- .base_name = sys_proc_fd_path(old_fd, &buf),
- };
- mode_t mode = fsp->fsp_name->st.st_ex_mode;
- int new_fd;
+ SMB_ASSERT(fsp->fsp_flags.is_pathref);
- SMB_ASSERT(fsp->fsp_flags.is_pathref);
+ if (S_ISLNK(mode)) {
+ return NT_STATUS_STOPPED_ON_SYMLINK;
+ }
+ if (!(S_ISREG(mode) || S_ISDIR(mode))) {
+ return NT_STATUS_IO_REPARSE_TAG_NOT_HANDLED;
+ }
- if (S_ISLNK(mode)) {
- return NT_STATUS_STOPPED_ON_SYMLINK;
- }
- if (!(S_ISREG(mode) || S_ISDIR(mode))) {
- return NT_STATUS_IO_REPARSE_TAG_NOT_HANDLED;
- }
+ new_fd = SMB_VFS_OPENAT(fsp->conn,
+ fsp->conn->cwd_fsp,
+ &proc_fname,
+ fsp,
+ how);
+ if (new_fd == -1) {
+ status = map_nt_error_from_unix(errno);
+ fd_close(fsp);
+ return status;
+ }
- fsp->fsp_flags.is_pathref = false;
+ status = fd_close(fsp);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
- new_fd = SMB_VFS_OPENAT(fsp->conn,
- fsp->conn->cwd_fsp,
- &proc_fname,
- fsp,
- how);
- if (new_fd == -1) {
- status = map_nt_error_from_unix(errno);
- fd_close(fsp);
- return status;
- }
+ fsp_set_fd(fsp, new_fd);
+ fsp->fsp_flags.is_pathref = false;
- status = fd_close(fsp);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
+ return NT_STATUS_OK;
+ }
+ }
+ }
- fsp_set_fd(fsp, new_fd);
- return NT_STATUS_OK;
- }
-
- /*
+ /*
* Close the existing pathref fd and set the fsp flag
* is_pathref to false so we get a "normal" fd this time.
*/

53
net/samba422/files/0102-FreeBSD-vfs_freebsd-fix-sys_proc_fd_path-args.patch
View File

@ -1,53 +0,0 @@
# 2024-08-05
# NOTE: The 'sys_proc_fd_path' function had its signature changed in commit 9f63fad392f3 to drop
# the third 'size_t bufsize' parameter. Upstream changed all of the code except for that
# in vfs_freebsd.c.
diff -Naurp a/source3/modules/vfs_freebsd.c b/source3/modules/vfs_freebsd.c
--- a/source3/modules/vfs_freebsd.c 2024-08-05 20:18:53.656593000 -0400
+++ b/source3/modules/vfs_freebsd.c 2024-08-05 20:22:54.634979000 -0400
@@ -197,7 +197,7 @@ static ssize_t extattr_size(struct files_struct *fsp,
const char *path = fsp->fsp_name->base_name;
if (fsp->fsp_flags.have_proc_fds) {
char buf[PATH_MAX];
- path = sys_proc_fd_path(fd, buf, sizeof(buf));
+ path = sys_proc_fd_path(fd, &buf);
if (path == NULL) {
return -1;
}
@@ -251,7 +251,7 @@ static ssize_t freebsd_extattr_list(struct files_struc
const char *path = fsp->fsp_name->base_name;
if (fsp->fsp_flags.have_proc_fds) {
char buf[PATH_MAX];
- path = sys_proc_fd_path(fd, buf, sizeof(buf));
+ path = sys_proc_fd_path(fd, &buf);
if (path == NULL) {
return -1;
}
@@ -431,7 +431,7 @@ static ssize_t freebsd_fgetxattr(struct vfs_handle_str
const char *path = fsp->fsp_name->base_name;
if (fsp->fsp_flags.have_proc_fds) {
char buf[PATH_MAX];
- path = sys_proc_fd_path(fd, buf, sizeof(buf));
+ path = sys_proc_fd_path(fd, &buf);
if (path == NULL) {
return -1;
}
@@ -506,7 +506,7 @@ static int freebsd_fremovexattr(struct vfs_handle_stru
const char *path = fsp->fsp_name->base_name;
if (fsp->fsp_flags.have_proc_fds) {
char buf[PATH_MAX];
- path = sys_proc_fd_path(fd, buf, sizeof(buf));
+ path = sys_proc_fd_path(fd, &buf);
if (path == NULL) {
return -1;
}
@@ -583,7 +583,7 @@ static int freebsd_fsetxattr(struct vfs_handle_struct
const char *path = fsp->fsp_name->base_name;
if (fsp->fsp_flags.have_proc_fds) {
char buf[PATH_MAX];
- path = sys_proc_fd_path(fd, buf, sizeof(buf));
+ path = sys_proc_fd_path(fd, &buf);
if (path == NULL) {
return -1;
}

10
net/samba422/files/README.FreeBSD.in
View File

@ -54,11 +54,11 @@ content of the '/var/db/samba/' directory.
# samba-tool domain classicupgrade
%%AD_DC%%1c. You will need to specify location of the 'nsupdate' command in the
%%AD_DC%%'%%SAMBA4_CONFIG%%' file:
%%AD_DC%%
%%AD_DC%% nsupdate command = %%PREFIX%%/bin/samba-nsupdate -g
%%AD_DC%%
%%AC_DC%%1c. You will need to specify location of the 'nsupdate' command in the
%%AC_DC%%'%%SAMBA4_CONFIG%%' file:
%%AC_DC%%
%%AC_DC%% nsupdate command = %%PREFIX%%/bin/samba-nsupdate -g
%%AC_DC%%
2. Put string 'samba_server_enable="YES"' into your /etc/rc.conf.
3. Make sure that your server doesn't run Samba3, OpenLDAP and named.

172
net/samba422/files/patch-docs-xml_manpages_vfs__freebsd.8.xml Normal file
View File

@ -0,0 +1,172 @@
--- docs-xml/manpages/vfs_freebsd.8.xml.orig 2025-07-11 10:55:41 UTC
+++ docs-xml/manpages/vfs_freebsd.8.xml
@@ -0,0 +1,169 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
+<refentry id="vfs_freebsd.8">
+
+<refmeta>
+ <refentrytitle>vfs_freebsd</refentrytitle>
+ <manvolnum>8</manvolnum>
+ <refmiscinfo class="source">Samba</refmiscinfo>
+ <refmiscinfo class="manual">System Administration tools</refmiscinfo>
+ <refmiscinfo class="version">&doc.version;</refmiscinfo>
+</refmeta>
+
+<refnamediv>
+ <refname>vfs_freebsd</refname>
+ <refpurpose>FreeBSD-specific VFS functions</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+ <cmdsynopsis>
+ <command>vfs objects = freebsd</command>
+ </cmdsynopsis>
+</refsynopsisdiv>
+
+<refsect1>
+ <title>DESCRIPTION</title>
+
+ <para>This VFS module is part of the <citerefentry><refentrytitle>samba</refentrytitle>
+ <manvolnum>7</manvolnum></citerefentry> suite.</para>
+
+ <para>The <command>vfs_freebsd</command> module implements some of the FreeBSD-specific VFS functions.</para>
+
+ <para>This module is stackable.</para>
+</refsect1>
+
+
+<refsect1>
+ <title>OPTIONS</title>
+
+ <variablelist>
+
+ <varlistentry>
+ <term>freebsd:extattr mode=[legacy|compat|secure]</term>
+ <listitem>
+ <para>This parameter defines how the emulation of the Linux attr(5) extended attributes
+ is performed through the FreeBSD native extattr(9) system calls.</para>
+
+ <para>Currently the <emphasis>security</emphasis>, <emphasis>system</emphasis>,
+ <emphasis>trusted</emphasis> and <emphasis>user</emphasis> extended attribute(xattr)
+ classes are defined in Linux. Contrary FreeBSD has only <emphasis>USER</emphasis>
+ and <emphasis>SYSTEM</emphasis> extended attribute(extattr) namespaces, so mapping
+ of one set into another isn't straightforward and can be done in different ways.</para>
+
+ <para>Historically the Samba(7) built-in xattr mapping implementation simply converted
+ <emphasis>system</emphasis> and <emphasis>user</emphasis> xattr into corresponding
+ <emphasis>SYSTEM</emphasis> and <emphasis>USER</emphasis> extattr namespaces, dropping
+ the class prefix name with the separating dot and using attribute name only within the
+ mapped namespace. It also rejected any other xattr classes, like <emphasis>security</emphasis>
+ and <emphasis>trusted</emphasis> as invalid. Such behavior in particular broke AD
+ provisioning on UFS2 file systems as essential <emphasis>security.NTACL</emphasis>
+ xattr was rejected as invalid.</para>
+
+ <para>This module tries to address this problem and provide secure, where it's possible,
+ way to map Linux xattr into FreeBSD's extattr.</para>
+
+ <para>When <emphasis>mode</emphasis> is set to the <emphasis>legacy (default)</emphasis>
+ then modified version of built-in mapping is used, where <emphasis>system</emphasis> xattr
+ is mapped into SYSTEM namespace, while <emphasis>secure</emphasis>, <emphasis>trusted</emphasis>
+ and <emphasis>user</emphasis> xattr are all mapped into the USER namespace, dropping class
+ prefixes and mix them all together. This is the way how Samba FreeBSD ports were patched
+ up to the 4.9 version and that created multiple potential security issues. This mode is aimed for
+ the compatibility with the legacy installations only and should be avoided in new setups.</para>
+
+ <para>The <emphasis>compat</emphasis> mode is mostly designed for the jailed environments,
+ where it's not possible to write extattrs into the secure SYSTEM namespace, so all four
+ classes are mapped into the USER namespace. To preserve information about origin of the
+ extended attribute it is stored together with the class preffix in the <emphasis>class.attribute</emphasis>
+ format.</para>
+
+ <para>The <emphasis>secure</emphasis> mode is meant for storing extended attributes in a secure
+ manner, so that <emphasis>security</emphasis>, <emphasis>system</emphasis> and <emphasis>trusted</emphasis>
+ are stored in the SYSTEM namespace, which can be modified only by root.
+ </para>
+ </listitem>
+ </varlistentry>
+
+
+ </variablelist>
+</refsect1>
+
+<refsect1>
+ <table frame="all" rowheader="firstcol">
+ <title>Attributes mapping</title>
+ <tgroup cols='5' align='left' colsep='1' rowsep='1'>
+ <thead>
+ <row>
+ <entry> </entry>
+ <entry>built-in</entry>
+ <entry>legacy</entry>
+ <entry>compat/jail</entry>
+ <entry>secure</entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry>user</entry>
+ <entry>USER; attribute</entry>
+ <entry>USER; attribute</entry>
+ <entry>USER; user.attribute</entry>
+ <entry>USER; user.attribute</entry>
+ </row>
+ <row>
+ <entry>system</entry>
+ <entry>SYSTEM; attribute</entry>
+ <entry>SYSTEM; attribute</entry>
+ <entry>USER; system.attribute</entry>
+ <entry>SYSTEM; system.attribute</entry>
+ </row>
+ <row>
+ <entry>trusted</entry>
+ <entry>FAIL</entry>
+ <entry>USER; attribute</entry>
+ <entry>USER; trusted.attribute</entry>
+ <entry>SYSTEM; trusted.attribute</entry>
+ </row>
+ <row>
+ <entry>security</entry>
+ <entry>FAIL</entry>
+ <entry>USER; attribute</entry>
+ <entry>USER; security.attribute</entry>
+ <entry>SYSTEM; security.attribute</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </table>
+</refsect1>
+
+<refsect1>
+ <title>EXAMPLES</title>
+
+ <para>Use secure method of setting extended attributes on the share:</para>
+
+<programlisting>
+ <smbconfsection name="[sysvol]"/>
+ <smbconfoption name="vfs objects">freebsd</smbconfoption>
+ <smbconfoption name="freebsd:extattr mode">secure</smbconfoption>
+</programlisting>
+
+</refsect1>
+
+<refsect1>
+ <title>VERSION</title>
+
+ <para>This man page is part of version &doc.version; of the Samba suite.
+ </para>
+</refsect1>
+
+<refsect1>
+ <title>AUTHOR</title>
+
+ <para>The original Samba software and related utilities
+ were created by Andrew Tridgell. Samba is now developed
+ by the Samba Team as an Open Source project similar
+ to the way the Linux kernel is developed.</para>
+
+ <para>This module was written by Timur I. Bakeyev</para>
+
+</refsect1>
+
+</refentry>

10
net/samba422/files/patch-docs-xml_wscript__build Normal file
View File

@ -0,0 +1,10 @@
--- docs-xml/wscript_build.orig 2025-02-06 10:31:53 UTC
+++ docs-xml/wscript_build
@@ -88,6 +88,7 @@ vfs_module_manpages = ['vfs_acl_tdb',
'vfs_extd_audit',
'vfs_fake_perms',
'vfs_fileid',
+ 'vfs_freebsd',
'vfs_fruit',
'vfs_full_audit',
'vfs_glusterfs',

61
net/samba422/files/patch-lib_ldb_wscript
View File

@ -1,61 +0,0 @@
--- lib/ldb/wscript.orig 2019-07-08 12:47:51 UTC
+++ lib/ldb/wscript
@@ -208,7 +208,7 @@ def build(bld):
if bld.env.standalone_ldb:
if not 'PACKAGE_VERSION' in bld.env:
bld.env.PACKAGE_VERSION = VERSION
- bld.env.PKGCONFIGDIR = '${LIBDIR}/pkgconfig'
+ bld.env.PKGCONFIGDIR = '%%PKGCONFIGDIR%%'
private_library = False
else:
private_library = True
@@ -285,7 +285,6 @@ def build(bld):
pc_files='ldb.pc',
vnum=VERSION,
private_library=private_library,
- manpages='man/ldb.3',
abi_directory='ABI',
abi_match = abi_match)
@@ -438,7 +437,7 @@ def build(bld):
LDB_TOOLS='ldbadd ldbsearch ldbdel ldbmodify ldbedit ldbrename'
for t in LDB_TOOLS.split():
- bld.SAMBA_BINARY(t, 'tools/%s.c' % t, deps='ldb-cmdline ldb',
+ bld.SAMBA_BINARY('samba-%s' % t, 'tools/%s.c' % t, deps='ldb-cmdline ldb',
manpages='man/%s.1' % t)
# ldbtest doesn't get installed
@@ -450,10 +449,10 @@ def build(bld):
else:
lmdb_deps = ''
# ldbdump doesn't get installed
- bld.SAMBA_BINARY('ldbdump',
+ bld.SAMBA_BINARY('samba-ldbdump',
'tools/ldbdump.c',
deps='ldb-cmdline ldb' + lmdb_deps,
- install=False)
+ install=True)
bld.SAMBA_LIBRARY('ldb-cmdline',
source='tools/ldbutil.c tools/cmdline.c',
@@ -498,11 +497,6 @@ def build(bld):
deps='cmocka ldb',
install=False)
- bld.SAMBA_BINARY('ldb_match_test',
- source='tests/ldb_match_test.c',
- deps='cmocka ldb',
- install=False)
-
bld.SAMBA_BINARY('ldb_key_value_test',
source='tests/ldb_key_value_test.c',
deps='cmocka ldb ldb_tdb_err_map',
@@ -641,7 +635,6 @@ def test(ctx):
'ldb_tdb_guid_mod_op_test',
'ldb_tdb_kv_ops_test',
'ldb_tdb_test',
- 'ldb_match_test',
'ldb_key_value_test',
# we currently don't run ldb_key_value_sub_txn_tdb_test as it
# tests the nested/sub transaction handling

15
net/samba422/files/patch-lib_util_util_crypt_c Normal file
View File

@ -0,0 +1,15 @@
Index: lib/util/util_crypt.c
--- lib/util/util_crypt.c.orig
+++ lib/util/util_crypt.c
@@ -2,7 +2,11 @@
#include "data_blob.h"
#include "discard.h"
#include <talloc.h>
+#ifdef __FreeBSD__
+#include <unistd.h>
+#else
#include <crypt.h>
+#endif
#include "util_crypt.h"

11
net/samba422/files/patch-lib_util_wscript__build
View File

@ -1,11 +0,0 @@
--- lib/util/wscript_build.orig 2019-05-07 08:38:21 UTC
+++ lib/util/wscript_build
@@ -151,7 +151,7 @@ else:
bld.SAMBA_LIBRARY('samba-modules',
source='modules.c',
- deps='samba-errors samba-util',
+ deps='samba-errors samba-util samba-debug',
local_include=False,
private_library=True)

11
net/samba422/files/patch-python_samba_join.py Normal file
View File

@ -0,0 +1,11 @@
--- python/samba/join.py.orig 2025-02-06 10:31:54 UTC
+++ python/samba/join.py
@@ -917,7 +917,7 @@ class DCJoinContext(object):
secrets_ldb = Ldb(ctx.paths.secrets, session_info=system_session(), lp=ctx.lp)
provision_fill(ctx.local_samdb, secrets_ldb,
- ctx.logger, ctx.names, ctx.paths,
+ ctx.logger, ctx.names, ctx.targetdir, ctx.paths,
dom_for_fun_level=ctx.behavior_version,
samdb_fill=FILL_SUBDOMAIN,
machinepass=ctx.acct_pass, serverrole="active directory domain controller",

71
net/samba422/files/patch-python_samba_provision_____init____.py Normal file
View File

@ -0,0 +1,71 @@
--- python/samba/provision/__init__.py.orig 2025-02-06 10:31:54 UTC
+++ python/samba/provision/__init__.py
@@ -1671,19 +1671,25 @@ def setsysvolacl(samdb, sysvol, uid, gid, domainsid, d
s3conf = s3param.get_context()
s3conf.load(lp.configfile)
- file = tempfile.NamedTemporaryFile(dir=os.path.abspath(sysvol))
+ sysvol_dir = os.path.abspath(sysvol)
+
+ set_simple_acl = smbd.set_simple_acl
+ if smbd.has_nfsv4_acls(sysvol_dir):
+ set_simple_acl = smbd.set_simple_nfsv4_acl
+
+ file = tempfile.NamedTemporaryFile(dir=sysvol_dir)
try:
try:
- smbd.set_simple_acl(file.name, 0o755, system_session_unix(), gid)
+ set_simple_acl(file.name, 0o755, system_session_unix(), gid)
except OSError:
- if not smbd.have_posix_acls():
+ if not smbd.have_posix_acls() and not smbd.have_nfsv4_acls():
# This clue is only strictly correct for RPM and
# Debian-like Linux systems, but hopefully other users
# will get enough clue from it.
- raise ProvisioningError("Samba was compiled without the posix ACL support that s3fs requires. "
+ raise ProvisioningError("Samba was compiled without the ACL support that s3fs requires. "
"Try installing libacl1-dev or libacl-devel, then re-run configure and make.")
- raise ProvisioningError("Your filesystem or build does not support posix ACLs, which s3fs requires. "
+ raise ProvisioningError("Your filesystem or build does not support ACLs, which s3fs requires. "
"Try the mounting the filesystem with the 'acl' option.")
try:
smbd.chown(file.name, uid, gid, system_session_unix())
@@ -1906,7 +1912,7 @@ def interface_ips_v6(lp):
return ret
-def provision_fill(samdb, secrets_ldb, logger, names, paths,
+def provision_fill(samdb, secrets_ldb, logger, names, paths, targetdir,
schema=None,
samdb_fill=FILL_FULL,
hostip=None, hostip6=None,
@@ -1965,6 +1971,9 @@ def provision_fill(samdb, secrets_ldb, logger, names,
samdb.transaction_commit()
if serverrole == "active directory domain controller":
+ if targetdir and smbd.have_nfsv4_acls() and smbd.has_nfsv4_acls(targetdir):
+ smbd.set_nfsv4_defaults()
+
# Continue setting up sysvol for GPO. This appears to require being
# outside a transaction.
if not skip_sysvolacl:
@@ -2341,6 +2350,9 @@ def provision(logger, session_info, smbconf=None,
if not os.path.isdir(paths.netlogon):
os.makedirs(paths.netlogon, 0o755)
+ if smbd.have_nfsv4_acls() and smbd.has_nfsv4_acls(paths.sysvol):
+ smbd.set_nfsv4_defaults()
+
if adminpass is None:
adminpass = samba.generate_random_password(12, 32)
adminpass_generated = True
@@ -2350,7 +2362,7 @@ def provision(logger, session_info, smbconf=None,
adminpass_generated = False
if samdb_fill == FILL_FULL:
- provision_fill(samdb, secrets_ldb, logger, names, paths,
+ provision_fill(samdb, secrets_ldb, logger, names, paths, targetdir,
schema=schema, samdb_fill=samdb_fill,
hostip=hostip, hostip6=hostip6,
next_rid=next_rid, dc_rid=dc_rid, adminpass=adminpass,

15
net/samba422/files/patch-python_samba_tdb__util.py
View File

@ -1,15 +0,0 @@
--- python/samba/tdb_util.py.orig 2025-02-17 11:38:24.136379000 +0100
+++ python/samba/tdb_util.py 2025-02-17 11:38:44.171612000 +0100
@@ -37,9 +37,10 @@
raise FileNotFoundError(2, "could not find tdbbackup tool: "
"is tdb-tools installed?")
- tdbbackup_cmd = [toolpath, "-s", ".copy.tdb", file1]
if readonly:
- tdbbackup_cmd.append("-r")
+ tdbbackup_cmd = [toolpath, "-r", "-s", ".copy.tdb", file1]
+ else:
+ tdbbackup_cmd = [toolpath, "-s", ".copy.tdb", file1]
status = subprocess.check_call(tdbbackup_cmd, close_fds=True, shell=False)

19
net/samba422/files/patch-source3_lib_sysacls.c Normal file
View File

@ -0,0 +1,19 @@
--- source3/lib/sysacls.c.orig 2025-02-06 10:31:54 UTC
+++ source3/lib/sysacls.c
@@ -38,6 +38,16 @@
#include "modules/vfs_aixacl.h"
#endif
+/*
+ * NFSv4 ACL's should be understood and a first class citizen. Work
+ * needs to be done in librpc/idl/smb_acl.idl for this to occur.
+ */
+#if defined(HAVE_LIBSUNACL) && defined(FREEBSD)
+#if 0
+#include "modules/nfs4_acls.h"
+#endif
+#endif
+
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_ACLS

182
net/samba422/files/patch-source3_modules_vfs__zfsacl.c Normal file
View File

@ -0,0 +1,182 @@
--- source3/modules/vfs_zfsacl.c 2024-07-29 11:03:15.390630700 +0200
+++ source3/modules/vfs_zfsacl.c 2025-01-07 15:56:32.048227000 +0100
@@ -169,6 +169,7 @@
bool must_add_empty_ace = false;
struct zfsacl_config_data *config = NULL;
int fd;
+ struct sys_proc_fd_path_buf buf;
SMB_VFS_HANDLE_GET_DATA(handle, config,
struct zfsacl_config_data,
@@ -235,24 +236,52 @@
SMB_ASSERT(i == naces);
/* store acl */
- fd = fsp_get_pathref_fd(fsp);
- if (fd == -1) {
+
+ if (!fsp->fsp_flags.is_pathref) {
+ fd = fsp_get_io_fd(fsp);
+
+ rv = facl(fd, ACE_SETACL, naces, acebuf);
+ if (rv != 0) {
+ DEBUG(8, ("zfs_process_smbacl(%s): Not PATHREF: facl(ACE_SETACL, %d): %s\n",
+ fsp_str_dbg(fsp), naces,
+ strerror(errno)));
+ return false;
+ }
+ DEBUG(10, ("zfs_process_smbacl(%s): Not PATHREF: facl(ACE_SETACL, %d) -> %d\n",
+ fsp_str_dbg(fsp), naces,
+ rv));
+
+ } else if (fsp->fsp_flags.have_proc_fds) {
+ fd = fsp_get_pathref_fd(fsp);
+ if (fd == -1) {
+ DEBUG(8, ("zfs_process_smbacl(%s): PATHREF(proc_fd): fsp_get_pathref_fd=-1: %s\n",
+ fsp_str_dbg(fsp), strerror(errno)));
errno = EBADF;
return false;
- }
- rv = facl(fd, ACE_SETACL, naces, acebuf);
- if (rv != 0) {
- if(errno == ENOSYS) {
- DEBUG(9, ("acl(ACE_SETACL, %s): Operation is not "
- "supported on the filesystem where the file "
- "resides\n", fsp_str_dbg(fsp)));
- } else {
- DEBUG(9, ("acl(ACE_SETACL, %s): %s\n", fsp_str_dbg(fsp),
- strerror(errno)));
- }
+ }
+ rv = acl(sys_proc_fd_path(fd, &buf), ACE_SETACL, naces, acebuf);
+ if (rv != 0) {
+ DEBUG(8, ("zfs_process_smbacl(%s): acl(ACE_SETACL, %d): %s\n",
+ fsp_str_dbg(fsp), naces,
+ strerror(errno)));
return false;
+ }
+ DEBUG(10, ("zfs_process_smbacl(%s): PATHREF(proc_fd): acl(ACE_SETACL, %d) -> %d\n",
+ fsp_str_dbg(fsp), naces,
+ rv));
+ } else {
+ rv = acl(fsp->fsp_name->base_name, ACE_SETACL, naces, acebuf);
+ if (rv != 0) {
+ DEBUG(8, ("zfs_process_smbacl(%s): PATHREF(base_name): acl(ACE_SETACL, %d): %s\n",
+ fsp_str_dbg(fsp), naces,
+ strerror(errno)));
+ return false;
+ }
+ DEBUG(10, ("zfs_process_smbacl(%s): PATHREF(base_name): facl(ACE_SETACL, %d) -> %d\n",
+ fsp_str_dbg(fsp), naces,
+ rv));
}
-
+
return True;
}
@@ -282,25 +311,46 @@
struct files_struct *fsp,
ace_t **outbuf)
{
- int naces, rv;
+ int naces, rv = -1, fd = -1;
ace_t *acebuf = NULL;
- int fd;
+ struct sys_proc_fd_path_buf buf;
- fd = fsp_get_pathref_fd(fsp);
- if (fd == -1) {
+
+ if (!fsp->fsp_flags.is_pathref) {
+ fd = fsp_get_io_fd(fsp);
+ if (fd == -1) {
+ DEBUG(8, ("fget_zfsacl(%s): Not PATHREF: fsp_get_io_fd=-1: %s\n",
+ fsp_str_dbg(fsp), strerror(errno)));
errno = EBADF;
return -1;
- }
- naces = facl(fd, ACE_GETACLCNT, 0, NULL);
- if (naces == -1) {
- int dbg_level = 10;
-
- if (errno == ENOSYS) {
- dbg_level = 1;
- }
- DEBUG(dbg_level, ("facl(ACE_GETACLCNT, %s): %s\n",
+ }
+ naces = facl(fd, ACE_GETACLCNT, 0, NULL);
+ if (naces == -1) {
+ DEBUG(8, ("fget_zfsacl(%s): Not PATHREF: facl(ACE_GETACLCNT): %s\n",
+ fsp_str_dbg(fsp), strerror(errno)));
+ return -1;
+ }
+ } else if (fsp->fsp_flags.have_proc_fds) {
+ fd = fsp_get_pathref_fd(fsp);
+ if (fd == -1) {
+ DEBUG(8, ("fget_zfsacl(%s): PATHREF(proc_fd): fsp_get_pathref_fd=-1: %s\n",
+ fsp_str_dbg(fsp), strerror(errno)));
+ errno = EBADF;
+ return -1;
+ }
+ naces = acl(sys_proc_fd_path(fd, &buf), ACE_GETACLCNT, 0, NULL);
+ if (naces == -1) {
+ DEBUG(8, ("fget_zfsacl(%s): PATHREF(proc_fd): acl(ACE_GETACLCNT): %s\n",
fsp_str_dbg(fsp), strerror(errno)));
- return naces;
+ return -1;
+ }
+ } else {
+ naces = acl(fsp->fsp_name->base_name, ACE_GETACLCNT, 0, NULL);
+ if (naces == -1) {
+ DEBUG(8, ("fget_zfsacl(%s): PATHREF(base_name): acl(ACE_GETACLCNT): %s\n",
+ fsp_str_dbg(fsp), strerror(errno)));
+ return -1;
+ }
}
acebuf = talloc_size(mem_ctx, sizeof(ace_t)*naces);
@@ -309,15 +359,37 @@
return -1;
}
- rv = facl(fd, ACE_GETACL, naces, acebuf);
- if (rv == -1) {
- DBG_DEBUG("acl(ACE_GETACL, %s): %s\n",
- fsp_str_dbg(fsp), strerror(errno));
+ if (!fsp->fsp_flags.is_pathref) {
+ rv = facl(fd, ACE_GETACL, naces, acebuf);
+ if (rv == -1) {
+ DEBUG(8, ("fget_zfsacl(%s): Not PATHREF: facl(ACE_GETACL): %s\n",
+ fsp_str_dbg(fsp), strerror(errno)));
return -1;
+ }
+ DEBUG(10, ("fget_zfsacl(%s): Not PATHREF: facl(ACE_GETACL) -> %d entries\n",
+ fsp_str_dbg(fsp), rv));
+ } else if (fsp->fsp_flags.have_proc_fds) {
+ rv = acl(sys_proc_fd_path(fd, &buf), ACE_GETACL, naces, acebuf);
+ if (rv == -1) {
+ DEBUG(8, ("fget_zfsacl(%s): PATHREF(proc_fd): acl(ACE_GETACL): %s\n",
+ fsp_str_dbg(fsp), strerror(errno)));
+ return -1;
+ }
+ DEBUG(10, ("fget_zfsacl(%s): PATHREF(proc_fd): acl(ACE_GETACL) -> %d entries\n",
+ fsp_str_dbg(fsp), rv));
+ } else {
+ rv = acl(fsp->fsp_name->base_name, ACE_GETACL, naces, acebuf);
+ if (rv == -1) {
+ DEBUG(8, ("fget_zfsacl(%s): PATHREF(base_name): acl(ACE_GETACL): %s\n",
+ fsp_str_dbg(fsp), strerror(errno)));
+ return -1;
+ }
+ DEBUG(10, ("fget_zfsacl(%s): PATHREF(base_name): acl(ACE_GETACL) -> %d entries\n",
+ fsp_str_dbg(fsp), rv));
}
-
+
*outbuf = acebuf;
- return naces;
+ return rv;
}
static NTSTATUS zfsacl_fget_nt_acl(struct vfs_handle_struct *handle,

16
net/samba422/files/patch-source3_modules_wscript__build Normal file
View File

@ -0,0 +1,16 @@
--- source3/modules/wscript_build.orig 2025-02-06 10:31:54 UTC
+++ source3/modules/wscript_build
@@ -641,6 +641,13 @@ bld.SAMBA3_MODULE('vfs_delay_inject',
enabled=bld.SAMBA3_IS_ENABLED_MODULE('vfs_delay_inject'),
install=False)
+bld.SAMBA3_MODULE('vfs_freebsd',
+ subsystem='vfs',
+ source='vfs_freebsd.c',
+ init_function='',
+ internal_module=bld.SAMBA3_IS_STATIC_MODULE('vfs_freebsd'),
+ enabled=bld.SAMBA3_IS_ENABLED_MODULE('vfs_freebsd'))
+
bld.SAMBA3_MODULE('vfs_widelinks',
subsystem='vfs',
source='vfs_widelinks.c',

32
net/samba422/files/patch-source3_param_loadparm.c Normal file
View File

@ -0,0 +1,32 @@
--- source3/param/loadparm.c.orig 2025-02-06 10:31:54 UTC
+++ source3/param/loadparm.c
@@ -2890,9 +2890,29 @@ static void init_locals(void)
} else {
if (lp_parm_const_string(-1, "xattr_tdb", "file", NULL)) {
lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr xattr_tdb");
+ /*
+ * By default, the samba sysvol is located in the statedir. Provisioning will fail in setntacl
+ * unless we have zfacl enabled. Unfortunately, at this point the smb.conf has not been generated.
+ * This workaround is freebsd-specific.
+ */
+#if defined(_PC_ACL_EXTENDED)
+ } else if (pathconf(lp_state_directory(), _PC_ACL_EXTENDED) == 1) {
+ lp_do_parameter(-1, "vfs objects", "dfs_samba4 freebsd");
+#endif
+#if defined(_PC_ACL_NFS4)
+ } else if (pathconf(lp_state_directory(), _PC_ACL_NFS4) == 1) {
+ lp_do_parameter(-1, "vfs objects", "dfs_samba4 zfsacl");
+#endif
} else if (lp_parm_const_string(-1, "posix", "eadb", NULL)) {
lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr posix_eadb");
} else {
+ /*
+ * This should only set dfs_samba4 and leave acl_xattr
+ * to be set later (or zfsacl). The only reason the decision
+ * can't be made here to load acl_xattr or zfsacl is
+ * that we don't have access to what the target
+ * directory is.
+ */
lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr");
}
}

230
net/samba422/files/patch-source3_smbd_pysmbd.c Normal file
View File

@ -0,0 +1,230 @@
--- source3/smbd/pysmbd.c.orig 2025-02-20 12:58:50 UTC
+++ source3/smbd/pysmbd.c
@@ -507,6 +507,20 @@ static SMB_ACL_T make_simple_acl(TALLOC_CTX *mem_ctx,
return acl;
}
+static SMB_ACL_T make_simple_nfsv4_acl(TALLOC_CTX *mem_ctx,
+ gid_t gid,
+ mode_t chmod_mode)
+{
+ /*
+ * This function needs to create an NFSv4 ACL. Currently, the only way
+ * to do so is to use the operating system interface, or to use the
+ * functions in source3/modules/nfs4_acls.c. These seems ugly and
+ * hacky. NFSv4 ACL's should be a first class citizen and
+ * librpc/idl/smb_acl.idl should be modified accordingly.
+ */
+ return NULL;
+}
+
/*
set a simple ACL on a file, as a test
*/
@@ -579,7 +593,85 @@ static PyObject *py_smbd_set_simple_acl(PyObject *self
Py_RETURN_NONE;
}
+
/*
+ set a simple NFSv4 ACL on a file, as a test
+ */
+static PyObject *py_smbd_set_simple_nfsv4_acl(PyObject *self, PyObject *args, PyObject *kwargs)
+{
+ const char * const kwnames[] = {
+ "fname",
+ "mode",
+ "session_info",
+ "gid",
+ "service",
+ NULL
+ };
+ char *fname, *service = NULL;
+ PyObject *py_session = Py_None;
+ struct auth_session_info *session_info = NULL;
+ int ret;
+ int mode, gid = -1;
+ SMB_ACL_T acl;
+ TALLOC_CTX *frame;
+ connection_struct *conn;
+
+ if (!PyArg_ParseTupleAndKeywords(args, kwargs, "siO|iz",
+ discard_const_p(char *, kwnames),
+ &fname,
+ &mode,
+ &py_session,
+ &gid,
+ &service))
+ return NULL;
+
+ if (!py_check_dcerpc_type(py_session,
+ "samba.dcerpc.auth",
+ "session_info")) {
+ return NULL;
+ }
+ session_info = pytalloc_get_type(py_session,
+ struct auth_session_info);
+ if (session_info == NULL) {
+ PyErr_Format(PyExc_TypeError,
+ "Expected auth_session_info for session_info argument got %s",
+ pytalloc_get_name(py_session));
+ return NULL;
+ }
+
+ frame = talloc_stackframe();
+
+ acl = make_simple_nfsv4_acl(frame, gid, mode);
+ if (acl == NULL) {
+ TALLOC_FREE(frame);
+ Py_RETURN_NONE;
+ }
+
+ conn = get_conn_tos(service, session_info);
+ if (!conn) {
+ TALLOC_FREE(frame);
+ Py_RETURN_NONE;
+ }
+
+ /*
+ * SMB_ACL_TYPE_ACCESS -> ACL_TYPE_ACCESS -> Not valid for NFSv4 ACL
+ */
+ ret = 0;
+
+ /* ret = set_sys_acl_conn(fname, SMB_ACL_TYPE_ACCESS, acl, conn); */
+
+ if (ret != 0) {
+ TALLOC_FREE(frame);
+ errno = ret;
+ return PyErr_SetFromErrno(PyExc_OSError);
+ }
+
+ TALLOC_FREE(frame);
+
+ Py_RETURN_NONE;
+}
+
+/*
chown a file
*/
static PyObject *py_smbd_chown(PyObject *self, PyObject *args, PyObject *kwargs)
@@ -767,7 +859,7 @@ static PyObject *py_smbd_unlink(PyObject *self, PyObje
}
/*
- check if we have ACL support
+ check if we have POSIX.1e ACL support
*/
static PyObject *py_smbd_have_posix_acls(PyObject *self,
PyObject *Py_UNUSED(ignored))
@@ -779,7 +871,84 @@ static PyObject *py_smbd_have_posix_acls(PyObject *sel
#endif
}
+static PyObject *py_smbd_has_posix_acls(PyObject *self, PyObject *args, PyObject *kwargs)
+{
+ const char * const kwnames[] = { "path", NULL };
+ char *path = NULL;
+ TALLOC_CTX *frame;
+ struct statfs fs;
+ int ret = false;
+
+ frame = talloc_stackframe();
+
+ if (!PyArg_ParseTupleAndKeywords(args, kwargs, "s|z",
+ discard_const_p(char *, kwnames), &path)) {
+ TALLOC_FREE(frame);
+ return NULL;
+ }
+
+ if (statfs(path, &fs) != 0) {
+ TALLOC_FREE(frame);
+ return NULL;
+ }
+
+ if (fs.f_flags & MNT_ACLS)
+ ret = true;
+
+ TALLOC_FREE(frame);
+ return PyBool_FromLong(ret);
+}
+
/*
+ check if we have NFSv4 ACL support
+ */
+static PyObject *py_smbd_have_nfsv4_acls(PyObject *self)
+{
+#ifdef HAVE_LIBSUNACL
+ return PyBool_FromLong(true);
+#else
+ return PyBool_FromLong(false);
+#endif
+}
+
+static PyObject *py_smbd_has_nfsv4_acls(PyObject *self, PyObject *args, PyObject *kwargs)
+{
+ const char * const kwnames[] = { "path", NULL };
+ char *path = NULL;
+ TALLOC_CTX *frame;
+ struct statfs fs;
+ int ret = false;
+
+ frame = talloc_stackframe();
+
+ if (!PyArg_ParseTupleAndKeywords(args, kwargs, "s|z",
+ discard_const_p(char *, kwnames), &path)) {
+ TALLOC_FREE(frame);
+ return NULL;
+ }
+
+ if (statfs(path, &fs) != 0) {
+ TALLOC_FREE(frame);
+ return NULL;
+ }
+
+ if (fs.f_flags & MNT_NFS4ACLS)
+ ret = true;
+
+ TALLOC_FREE(frame);
+ return PyBool_FromLong(ret);
+}
+
+
+static PyObject *py_smbd_set_nfsv4_defaults(PyObject *self)
+{
+ /*
+ * It is really be done in source3/param/loadparm.c
+ */
+ Py_RETURN_NONE;
+}
+
+/*
set the NT ACL on a file
*/
static PyObject *py_smbd_set_nt_acl(PyObject *self, PyObject *args, PyObject *kwargs)
@@ -1284,8 +1453,26 @@ static PyMethodDef py_smbd_methods[] = {
{ "have_posix_acls",
(PyCFunction)py_smbd_have_posix_acls, METH_NOARGS,
NULL },
+ { "has_posix_acls",
+ PY_DISCARD_FUNC_SIG(PyCFunction, py_smbd_has_posix_acls),
+ METH_VARARGS|METH_KEYWORDS,
+ NULL },
+ { "have_nfsv4_acls",
+ (PyCFunction)py_smbd_have_nfsv4_acls, METH_NOARGS,
+ NULL },
+ { "has_nfsv4_acls",
+ PY_DISCARD_FUNC_SIG(PyCFunction, py_smbd_has_nfsv4_acls),
+ METH_VARARGS|METH_KEYWORDS,
+ NULL },
+ { "set_nfsv4_defaults",
+ (PyCFunction)py_smbd_set_nfsv4_defaults, METH_NOARGS,
+ NULL },
{ "set_simple_acl",
PY_DISCARD_FUNC_SIG(PyCFunction, py_smbd_set_simple_acl),
+ METH_VARARGS|METH_KEYWORDS,
+ NULL },
+ { "set_simple_nfsv4_acl",
+ PY_DISCARD_FUNC_SIG(PyCFunction, py_smbd_set_simple_nfsv4_acl),
METH_VARARGS|METH_KEYWORDS,
NULL },
{ "set_nt_acl",

44
net/samba422/files/patch-source3_wscript__build
View File

@ -1,44 +0,0 @@
--- source3/wscript_build.orig 2020-07-09 13:33:56 UTC
+++ source3/wscript_build
@@ -235,11 +235,9 @@ bld.SAMBA3_SUBSYSTEM('SMBREGISTRY',
talloc
replace
util_reg
- samba-util
- samba-security
errors3
dbwrap
- samba3-util
+ samba3util
''')
# Do not link against this use 'smbconf'
@@ -482,7 +480,7 @@ bld.SAMBA3_LIBRARY('secrets3',
bld.SAMBA3_LIBRARY('smbldap',
source='lib/smbldap.c',
- deps='ldap lber samba-util smbconf',
+ deps='ldap lber samba3util smbd_shim samba-debug smbconf',
enabled=bld.CONFIG_SET("HAVE_LDAP"),
private_library=False,
abi_directory='lib/ABI',
@@ -1151,8 +1151,8 @@ bld.SAMBA3_BINARY('smbspool_krb5_wrapper',
enabled=bld.CONFIG_SET('HAVE_CUPS'))
bld.SAMBA3_BINARY('smbspool_argv_wrapper',
- source='script/tests/smbspool_argv_wrapper.c',
- for_selftest=True)
+ source='script/tests/smbspool_argv_wrapper.c',
+ for_selftest=True)
bld.SAMBA3_BINARY('smbconftort',
source='lib/smbconf/testsuite.c',
@@ -1199,7 +1199,7 @@ bld.SAMBA3_BINARY('vlp',
talloc
smbconf
''',
- for_selftest=True)
+ install=True)
pyrpc_util = bld.pyembed_libname('pyrpc_util')

77
net/samba422/pkg-plist
View File

@ -34,7 +34,6 @@ bin/smbtar
bin/smbtree
bin/testparm
bin/vfstest
bin/vlp
bin/wbinfo
bin/wspsearch
sbin/eventlogadm
@ -49,11 +48,9 @@ include/samba4/core/ntstatus_gen.h
include/samba4/core/ntstatus.h
include/samba4/core/werror_gen.h
include/samba4/core/werror.h
include/samba4/credentials.h
include/samba4/dcerpc.h
include/samba4/dcesrv_core.h
%%LDAP%%include/samba4/smb_ldap.h
%%LDAP%%include/samba4/smbldap.h
include/samba4/dcesrv_core.h
include/samba4/domain_credentials.h
include/samba4/gen_ndr/atsvc.h
include/samba4/gen_ndr/auth.h
@ -72,7 +69,6 @@ include/samba4/gen_ndr/ndr_drsuapi.h
include/samba4/gen_ndr/ndr_krb5pac.h
include/samba4/gen_ndr/ndr_misc.h
include/samba4/gen_ndr/ndr_nbt.h
include/samba4/gen_ndr/ndr_samr_c.h
include/samba4/gen_ndr/ndr_samr.h
include/samba4/gen_ndr/ndr_svcctl_c.h
include/samba4/gen_ndr/ndr_svcctl.h
@ -93,7 +89,6 @@ include/samba4/ndr/ndr_krb5pac.h
include/samba4/ndr/ndr_nbt.h
include/samba4/ndr/ndr_svcctl.h
include/samba4/netapi.h
include/samba4/param.h
include/samba4/passdb.h
include/samba4/rpc_common.h
include/samba4/samba/session.h
@ -117,9 +112,6 @@ include/samba4/util/idtree_random.h
include/samba4/util/idtree.h
include/samba4/util/signal.h
include/samba4/util/substitute.h
include/samba4/util/tevent_ntstatus.h
include/samba4/util/tevent_unix.h
include/samba4/util/tevent_werror.h
include/samba4/util/tfork.h
include/samba4/util/time.h
include/samba4/wbclient.h
@ -131,12 +123,8 @@ include/samba4/wbclient.h
@dir include/samba4
%%SAMBA4_LIBDIR%%/libdcerpc-binding.so
%%SAMBA4_LIBDIR%%/libdcerpc-binding.so.0
%%SAMBA4_LIBDIR%%/libdcerpc-samr.so
%%SAMBA4_LIBDIR%%/libdcerpc-samr.so.0
%%SAMBA4_LIBDIR%%/libdcerpc-server-core.so
%%SAMBA4_LIBDIR%%/libdcerpc-server-core.so.0
%%SAMBA4_LIBDIR%%/libdcerpc.so
%%SAMBA4_LIBDIR%%/libdcerpc.so.0
%%SAMBA4_LIBDIR%%/libndr-krb5pac.so
%%SAMBA4_LIBDIR%%/libndr-krb5pac.so.0
%%SAMBA4_LIBDIR%%/libndr-nbt.so
@ -144,29 +132,21 @@ include/samba4/wbclient.h
%%SAMBA4_LIBDIR%%/libndr-standard.so
%%SAMBA4_LIBDIR%%/libndr-standard.so.0
%%SAMBA4_LIBDIR%%/libndr.so
%%SAMBA4_LIBDIR%%/libndr.so.4
%%SAMBA4_LIBDIR%%/libndr.so.6
%%SAMBA4_LIBDIR%%/libnetapi.so
%%SAMBA4_LIBDIR%%/libnetapi.so.1
%%SAMBA4_LIBDIR%%/libsamba-credentials.so
%%SAMBA4_LIBDIR%%/libsamba-credentials.so.1
%%SAMBA4_LIBDIR%%/libsamba-errors.so
%%SAMBA4_LIBDIR%%/libsamba-errors.so.1
%%SAMBA4_LIBDIR%%/libsamba-hostconfig.so
%%SAMBA4_LIBDIR%%/libsamba-hostconfig.so.0
%%SAMBA4_LIBDIR%%/libsamba-passdb.so
%%SAMBA4_LIBDIR%%/libsamba-passdb.so.0
%%SAMBA4_LIBDIR%%/libsamba-util.so
%%SAMBA4_LIBDIR%%/libsamba-util.so.0
%%SAMBA4_LIBDIR%%/libsamdb.so
%%SAMBA4_LIBDIR%%/libsamdb.so.0
%%SAMBA4_LIBDIR%%/libsmbclient.so
%%SAMBA4_LIBDIR%%/libsmbclient.so.0
%%SAMBA4_LIBDIR%%/libsmbconf.so
%%SAMBA4_LIBDIR%%/libsmbconf.so.0
%%LDAP%%%%SAMBA4_LIBDIR%%/libsmbldap.so
%%LDAP%%%%SAMBA4_LIBDIR%%/libsmbldap.so.2
%%SAMBA4_LIBDIR%%/libtevent-util.so
%%SAMBA4_LIBDIR%%/libtevent-util.so.0
%%SAMBA4_LIBDIR%%/libwbclient.so
%%SAMBA4_LIBDIR%%/libwbclient.so.0
lib/nss_winbind.so.1
@ -206,9 +186,13 @@ libexec/samba/samba-dcerpcd
%%GSSAPI_BUILTIN%%%%SAMBA4_LIBDIR%%/private/libcom-err-private-samba.so
%%SAMBA4_LIBDIR%%/private/libcommon-auth-private-samba.so
%%SAMBA4_LIBDIR%%/private/libdbwrap-private-samba.so
%%SAMBA4_LIBDIR%%/private/libutil-crypt-private-samba.so
%%SAMBA4_LIBDIR%%/private/libdcerpc-pkt-auth-private-samba.so
%%SAMBA4_LIBDIR%%/private/libdcerpc-private-samba.so
%%SAMBA4_LIBDIR%%/private/libdcerpc-samba-private-samba.so
%%SAMBA4_LIBDIR%%/private/libdcerpc-samba4-private-samba.so
%%SAMBA4_LIBDIR%%/private/libdcerpc-samr-private-samba.so
%%SAMBA4_LIBDIR%%/private/libdcerpc-server-private-samba.so
%%SAMBA4_LIBDIR%%/private/libdnsserver-common-private-samba.so
%%SAMBA4_LIBDIR%%/private/libdsdb-module-private-samba.so
%%SAMBA4_LIBDIR%%/private/libevents-private-samba.so
@ -259,13 +243,19 @@ libexec/samba/samba-dcerpcd
%%GSSAPI_BUILTIN%%%%SAMBA4_LIBDIR%%/private/libroken-private-samba.so
%%SAMBA4_LIBDIR%%/private/libRPC-SERVER-LOOP-private-samba.so
%%SAMBA4_LIBDIR%%/private/libRPC-WORKER-private-samba.so
%%SAMBA4_LIBDIR%%/private/libsamba-credentials-private-samba.so
%%SAMBA4_LIBDIR%%/private/libsamba-cluster-support-private-samba.so
%%SAMBA4_LIBDIR%%/private/libsamba-debug-private-samba.so
%%SAMBA4_LIBDIR%%/private/libsamba-hostconfig-private-samba.so
%%SAMBA4_LIBDIR%%/private/libsamba-modules-private-samba.so
%%SAMBA4_LIBDIR%%/private/libsamba-net-join%%PYTHON_TAG%%-private-samba.so
%%SAMBA4_LIBDIR%%/private/libsamba-net-private-samba.so
%%SAMBA4_LIBDIR%%/private/libsamba-policy-private-samba.so
%%SAMBA4_LIBDIR%%/private/libsamba-security-private-samba.so
%%SAMBA4_LIBDIR%%/private/libsamba-sockets-private-samba.so
%%SAMBA4_LIBDIR%%/private/libsamba3-util-private-samba.so
%%SAMBA4_LIBDIR%%/private/libsamdb-common-private-samba.so
%%SAMBA4_LIBDIR%%/private/libsamdb-private-samba.so
%%SAMBA4_LIBDIR%%/private/libsecrets3-private-samba.so
%%SAMBA4_LIBDIR%%/private/libserver-id-db-private-samba.so
%%SAMBA4_LIBDIR%%/private/libserver-role-private-samba.so
@ -280,10 +270,10 @@ libexec/samba/samba-dcerpcd
%%SAMBA4_LIBDIR%%/private/libsys-rw-private-samba.so
%%SAMBA4_LIBDIR%%/private/libtalloc-report-printf-private-samba.so
%%SAMBA4_LIBDIR%%/private/libtalloc-report-private-samba.so
%%SAMBA4_LIBDIR%%/private/libtevent-util-private-samba.so
%%SAMBA4_LIBDIR%%/private/libtdb-wrap-private-samba.so
%%SAMBA4_LIBDIR%%/private/libtime-basic-private-samba.so
%%SAMBA4_LIBDIR%%/private/libtorture-private-samba.so
%%SAMBA4_LIBDIR%%/private/libtrusts-util-private-samba.so
%%SAMBA4_LIBDIR%%/private/libutil-reg-private-samba.so
%%SAMBA4_LIBDIR%%/private/libutil-setid-private-samba.so
%%SAMBA4_LIBDIR%%/private/libutil-tdb-private-samba.so
@ -291,17 +281,12 @@ libexec/samba/samba-dcerpcd
%%SAMBA4_LIBDIR%%/private/libxattr-tdb-private-samba.so
@dir %%SAMBA4_LIBDIR%%/private
@dir %%SAMBA4_LIBDIR%%
%%PKGCONFIGDIR%%/dcerpc.pc
%%PKGCONFIGDIR%%/dcerpc_samr.pc
%%PKGCONFIGDIR%%/ndr.pc
%%PKGCONFIGDIR%%/ndr_krb5pac.pc
%%PKGCONFIGDIR%%/ndr_nbt.pc
%%PKGCONFIGDIR%%/ndr_standard.pc
%%PKGCONFIGDIR%%/netapi.pc
%%PKGCONFIGDIR%%/samba-credentials.pc
%%PKGCONFIGDIR%%/samba-hostconfig.pc
%%PKGCONFIGDIR%%/samba-util.pc
%%PKGCONFIGDIR%%/samdb.pc
%%PKGCONFIGDIR%%/smbclient.pc
%%PKGCONFIGDIR%%/wbclient.pc
@comment Setup files
@ -420,13 +405,12 @@ libexec/samba/samba-dcerpcd
%%SAMBA4_BUNDLED_LDB%%%%PYTHON3%%%%PYTHON_SITELIBDIR%%/_ldb_text.py
%%SAMBA4_BUNDLED_LDB%%%%PYTHON3%%%%PYTHON_SITELIBDIR%%/ldb%%PYTHON_TAG%%.so
%%SAMBA4_BUNDLED_LDB%%%%PYTHON3%%%%SAMBA4_LIBDIR%%/private/libpyldb-util%%PYTHON_TAG%%-private-samba.so
%%SAMBA4_BUNDLED_LDB%%bin/samba-ldbdump
%%SAMBA4_BUNDLED_LDB%%bin/samba-ldbadd
%%SAMBA4_BUNDLED_LDB%%bin/samba-ldbdel
%%SAMBA4_BUNDLED_LDB%%bin/samba-ldbedit
%%SAMBA4_BUNDLED_LDB%%bin/samba-ldbmodify
%%SAMBA4_BUNDLED_LDB%%bin/samba-ldbrename
%%SAMBA4_BUNDLED_LDB%%bin/samba-ldbsearch
%%SAMBA4_BUNDLED_LDB%%bin/ldbadd
%%SAMBA4_BUNDLED_LDB%%bin/ldbdel
%%SAMBA4_BUNDLED_LDB%%bin/ldbedit
%%SAMBA4_BUNDLED_LDB%%bin/ldbmodify
%%SAMBA4_BUNDLED_LDB%%bin/ldbrename
%%SAMBA4_BUNDLED_LDB%%bin/ldbsearch
%%SAMBA4_BUNDLED_LDB%%%%SAMBA4_LIBDIR%%/private/libldb-cmdline-private-samba.so
%%SAMBA4_BUNDLED_LDB%%%%SAMBA4_LIBDIR%%/private/libldb-key-value-private-samba.so
%%SAMBA4_BUNDLED_LDB%%%%SAMBA4_LIBDIR%%/private/libldb-private-samba.so
@ -443,20 +427,21 @@ libexec/samba/samba-dcerpcd
%%SAMBA4_BUNDLED_LDB%%%%SAMBA4_MODULEDIR%%/ldb/server_sort.so
%%SAMBA4_BUNDLED_LDB%%%%SAMBA4_MODULEDIR%%/ldb/skel.so
%%SAMBA4_BUNDLED_LDB%%%%SAMBA4_MODULEDIR%%/ldb/tdb.so
%%MANPAGES%%%%SAMBA4_BUNDLED_LDB%%share/man/man1/samba-ldbadd.1.gz
%%MANPAGES%%%%SAMBA4_BUNDLED_LDB%%share/man/man1/samba-ldbdel.1.gz
%%MANPAGES%%%%SAMBA4_BUNDLED_LDB%%share/man/man1/samba-ldbedit.1.gz
%%MANPAGES%%%%SAMBA4_BUNDLED_LDB%%share/man/man1/samba-ldbmodify.1.gz
%%MANPAGES%%%%SAMBA4_BUNDLED_LDB%%share/man/man1/samba-ldbrename.1.gz
%%MANPAGES%%%%SAMBA4_BUNDLED_LDB%%share/man/man1/samba-ldbsearch.1.gz
%%MANPAGES%%%%SAMBA4_BUNDLED_TALLOC%%share/man/man3/samba-talloc.3.gz
%%MANPAGES%%%%SAMBA4_BUNDLED_TDB%%share/man/man8/samba-tdbbackup.8.gz
%%MANPAGES%%%%SAMBA4_BUNDLED_TDB%%share/man/man8/samba-tdbdump.8.gz
%%MANPAGES%%%%SAMBA4_BUNDLED_TDB%%share/man/man8/samba-tdbrestore.8.gz
%%MANPAGES%%%%SAMBA4_BUNDLED_TDB%%share/man/man8/samba-tdbtool.8.gz
%%MANPAGES%%%%SAMBA4_BUNDLED_LDB%%share/man/man3/ldb.3.gz
%%MANPAGES%%%%SAMBA4_BUNDLED_LDB%%share/man/man1/ldbadd.1.gz
%%MANPAGES%%%%SAMBA4_BUNDLED_LDB%%share/man/man1/ldbdel.1.gz
%%MANPAGES%%%%SAMBA4_BUNDLED_LDB%%share/man/man1/ldbedit.1.gz
%%MANPAGES%%%%SAMBA4_BUNDLED_LDB%%share/man/man1/ldbmodify.1.gz
%%MANPAGES%%%%SAMBA4_BUNDLED_LDB%%share/man/man1/ldbrename.1.gz
%%MANPAGES%%%%SAMBA4_BUNDLED_LDB%%share/man/man1/ldbsearch.1.gz
%%MANPAGES%%%%SAMBA4_BUNDLED_TDB%%share/man/man8/tdbbackup.8.gz
%%MANPAGES%%%%SAMBA4_BUNDLED_TDB%%share/man/man8/tdbdump.8.gz
%%MANPAGES%%%%SAMBA4_BUNDLED_TDB%%share/man/man8/tdbrestore.8.gz
%%MANPAGES%%%%SAMBA4_BUNDLED_TDB%%share/man/man8/tdbtool.8.gz
%%SAMBA4_BUNDLED_TALLOC%%%%PYTHON3%%%%PYTHON_SITELIBDIR%%/talloc%%PYTHON_TAG%%.so
%%SAMBA4_BUNDLED_TALLOC%%%%PYTHON3%%%%SAMBA4_LIBDIR%%/private/libpytalloc-util%%PYTHON_TAG%%-private-samba.so
%%SAMBA4_BUNDLED_TALLOC%%%%SAMBA4_LIBDIR%%/private/libtalloc-private-samba.so
%%SAMBA4_BUNDLED_TALLOC%%share/man/man3/samba-talloc.3.gz
%%SAMBA4_BUNDLED_TDB%%%%PYTHON3%%%%PYTHON_SITELIBDIR%%/_tdb_text.py
%%SAMBA4_BUNDLED_TDB%%%%PYTHON3%%%%PYTHON_SITELIBDIR%%/tdb%%PYTHON_TAG%%.so
%%SAMBA4_BUNDLED_TDB%%bin/tdbbackup

8
net/samba422/pkg-plist.ad_dc
View File

@ -4,9 +4,6 @@ sbin/samba_dnsupdate
sbin/samba_kcc
sbin/samba_spnupdate
sbin/samba_upgradedns
include/samba4/dcerpc_server.h
%%SAMBA4_LIBDIR%%/libdcerpc-server.so
%%SAMBA4_LIBDIR%%/libdcerpc-server.so.0
%%SAMBA4_LIBDIR%%/private/libad-claims-private-samba.so
%%SAMBA4_LIBDIR%%/private/libauthn-policy-util-private-samba.so
%%SAMBA4_LIBDIR%%/private/libdlz-bind9-for-torture-private-samba.so
@ -30,7 +27,6 @@ include/samba4/dcerpc_server.h
%%SAMBA4_MODULEDIR%%/ldb/aclread.so
%%SAMBA4_MODULEDIR%%/ldb/anr.so
%%SAMBA4_MODULEDIR%%/ldb/audit_log.so
%%SAMBA4_MODULEDIR%%/ldb/count_attrs.so
%%SAMBA4_MODULEDIR%%/ldb/descriptor.so
%%SAMBA4_MODULEDIR%%/ldb/dirsync.so
%%SAMBA4_MODULEDIR%%/ldb/dns_notify.so
@ -40,10 +36,9 @@ include/samba4/dcerpc_server.h
%%SAMBA4_MODULEDIR%%/ldb/extended_dn_out.so
%%SAMBA4_MODULEDIR%%/ldb/extended_dn_store.so
%%SAMBA4_MODULEDIR%%/ldb/group_audit_log.so
%%SAMBA4_MODULEDIR%%/ldb/ildap.so
%%SAMBA4_MODULEDIR%%/ldb/instancetype.so
%%SAMBA4_MODULEDIR%%/ldb/lazy_commit.so
%%SAMBA4_MODULEDIR%%/ldb/ldbsamba_extensions.so
%%SAMBA4_MODULEDIR%%/ldb/ldap.so
%%SAMBA4_MODULEDIR%%/ldb/linked_attributes.so
%%SAMBA4_MODULEDIR%%/ldb/new_partition.so
%%SAMBA4_MODULEDIR%%/ldb/objectclass_attrs.so
@ -89,7 +84,6 @@ include/samba4/dcerpc_server.h
%%SAMBA4_MODULEDIR%%/service/winbindd.so
%%SAMBA4_MODULEDIR%%/service/wrepl.so
%%SAMBA4_MODULEDIR%%/vfs/posix_eadb.so
%%PKGCONFIGDIR%%/dcerpc_server.pc
%%DATADIR%%/samba/admx/GNOME_Settings.admx
%%DATADIR%%/samba/admx/en-US/GNOME_Settings.adml
%%DATADIR%%/samba/admx/en-US/samba.adml

73
net/samba422/pkg-plist.python
View File

@ -2,12 +2,7 @@ bin/smbtorture
sbin/samba-gpupdate
%%MANPAGES%%share/man/man1/smbtorture.1.gz
%%MANPAGES%%share/man/man8/samba-gpupdate.8.gz
include/samba4/policy.h
lib/samba4/libsamba-policy%%PYTHON_TAG%%.so
lib/samba4/libsamba-policy%%PYTHON_TAG%%.so.0
lib/samba4/private/libsamba-net%%PYTHON_TAG%%-private-samba.so
lib/samba4/private/libsamba-python%%PYTHON_TAG%%-private-samba.so
%%PKGCONFIGDIR%%/samba-policy%%PYTHON_TAG%%.pc
@comment Python block
%%AD_DC%%%%PYTHON_SITELIBDIR%%/samba/dckeytab%%PYTHON_TAG%%.so
%%AD_DC%%%%PYTHON_SITELIBDIR%%/samba/posix_eadb%%PYTHON_TAG%%.so
@ -75,6 +70,29 @@ lib/samba4/private/libsamba-python%%PYTHON_TAG%%-private-samba.so
%%PYTHON_SITELIBDIR%%/samba/dcerpc/witness%%PYTHON_TAG%%.so
%%PYTHON_SITELIBDIR%%/samba/dcerpc/wkssvc%%PYTHON_TAG%%.so
%%PYTHON_SITELIBDIR%%/samba/dcerpc/xattr%%PYTHON_TAG%%.so
%%PYTHON_SITELIBDIR%%/samba/domain/__init__.py
%%PYTHON_SITELIBDIR%%/samba/domain/models/__init__.py
%%PYTHON_SITELIBDIR%%/samba/domain/models/auth_policy.py
%%PYTHON_SITELIBDIR%%/samba/domain/models/auth_silo.py
%%PYTHON_SITELIBDIR%%/samba/domain/models/claim_type.py
%%PYTHON_SITELIBDIR%%/samba/domain/models/computer.py
%%PYTHON_SITELIBDIR%%/samba/domain/models/constants.py
%%PYTHON_SITELIBDIR%%/samba/domain/models/container.py
%%PYTHON_SITELIBDIR%%/samba/domain/models/exceptions.py
%%PYTHON_SITELIBDIR%%/samba/domain/models/fields.py
%%PYTHON_SITELIBDIR%%/samba/domain/models/gmsa.py
%%PYTHON_SITELIBDIR%%/samba/domain/models/group.py
%%PYTHON_SITELIBDIR%%/samba/domain/models/model.py
%%PYTHON_SITELIBDIR%%/samba/domain/models/org.py
%%PYTHON_SITELIBDIR%%/samba/domain/models/person.py
%%PYTHON_SITELIBDIR%%/samba/domain/models/query.py
%%PYTHON_SITELIBDIR%%/samba/domain/models/registry.py
%%PYTHON_SITELIBDIR%%/samba/domain/models/schema.py
%%PYTHON_SITELIBDIR%%/samba/domain/models/site.py
%%PYTHON_SITELIBDIR%%/samba/domain/models/subnet.py
%%PYTHON_SITELIBDIR%%/samba/domain/models/types.py
%%PYTHON_SITELIBDIR%%/samba/domain/models/user.py
%%PYTHON_SITELIBDIR%%/samba/domain/models/value_type.py
%%PYTHON_SITELIBDIR%%/samba/descriptor.py
%%PYTHON_SITELIBDIR%%/samba/dnsresolver.py
%%PYTHON_SITELIBDIR%%/samba/dnsserver.py
@ -132,6 +150,7 @@ lib/samba4/private/libsamba-python%%PYTHON_TAG%%-private-samba.so
%%PYTHON_SITELIBDIR%%/samba/kcc/kcc_utils.py
%%PYTHON_SITELIBDIR%%/samba/kcc/ldif_import_export.py
%%PYTHON_SITELIBDIR%%/samba/logger.py
%%PYTHON_SITELIBDIR%%/samba/lsa_utils.py
%%PYTHON_SITELIBDIR%%/samba/mdb_util.py
%%PYTHON_SITELIBDIR%%/samba/messaging%%PYTHON_TAG%%.so
%%PYTHON_SITELIBDIR%%/samba/ms_display_specifiers.py
@ -151,9 +170,18 @@ lib/samba4/private/libsamba-python%%PYTHON_TAG%%-private-samba.so
%%PYTHON_SITELIBDIR%%/samba/netcmd/dns.py
%%PYTHON_SITELIBDIR%%/samba/netcmd/domain/__init__.py
%%PYTHON_SITELIBDIR%%/samba/netcmd/domain/auth/__init__.py
%%PYTHON_SITELIBDIR%%/samba/netcmd/domain/auth/policy.py
%%PYTHON_SITELIBDIR%%/samba/netcmd/domain/auth/silo.py
%%PYTHON_SITELIBDIR%%/samba/netcmd/domain/auth/silo_member.py
%%PYTHON_SITELIBDIR%%/samba/netcmd/domain/auth/policy/__init__.py
%%PYTHON_SITELIBDIR%%/samba/netcmd/domain/auth/policy/computer_allowed_to_authenticate_to.py
%%PYTHON_SITELIBDIR%%/samba/netcmd/domain/auth/policy/policy.py
%%PYTHON_SITELIBDIR%%/samba/netcmd/domain/auth/policy/service_allowed_to_authenticate_from.py
%%PYTHON_SITELIBDIR%%/samba/netcmd/domain/auth/policy/service_allowed_to_authenticate_to.py
%%PYTHON_SITELIBDIR%%/samba/netcmd/domain/auth/policy/user_allowed_to_authenticate_from.py
%%PYTHON_SITELIBDIR%%/samba/netcmd/domain/auth/policy/user_allowed_to_authenticate_to.py
%%PYTHON_SITELIBDIR%%/samba/netcmd/domain/auth/silo/__init__.py
%%PYTHON_SITELIBDIR%%/samba/netcmd/domain/auth/silo/member.py
%%PYTHON_SITELIBDIR%%/samba/netcmd/domain/auth/silo/silo.py
%%PYTHON_SITELIBDIR%%/samba/netcmd/domain/kds/__init__.py
%%PYTHON_SITELIBDIR%%/samba/netcmd/domain/kds/root_key.py
%%PYTHON_SITELIBDIR%%/samba/netcmd/domain/backup.py
%%PYTHON_SITELIBDIR%%/samba/netcmd/domain/claim/__init__.py
%%PYTHON_SITELIBDIR%%/samba/netcmd/domain/claim/claim_type.py
@ -168,24 +196,13 @@ lib/samba4/private/libsamba-python%%PYTHON_TAG%%-private-samba.so
%%PYTHON_SITELIBDIR%%/samba/netcmd/domain/keytab.py
%%PYTHON_SITELIBDIR%%/samba/netcmd/domain/leave.py
%%PYTHON_SITELIBDIR%%/samba/netcmd/domain/level.py
%%PYTHON_SITELIBDIR%%/samba/netcmd/domain/models/__init__.py
%%PYTHON_SITELIBDIR%%/samba/netcmd/domain/models/auth_policy.py
%%PYTHON_SITELIBDIR%%/samba/netcmd/domain/models/auth_silo.py
%%PYTHON_SITELIBDIR%%/samba/netcmd/domain/models/claim_type.py
%%PYTHON_SITELIBDIR%%/samba/netcmd/domain/models/exceptions.py
%%PYTHON_SITELIBDIR%%/samba/netcmd/domain/models/fields.py
%%PYTHON_SITELIBDIR%%/samba/netcmd/domain/models/group.py
%%PYTHON_SITELIBDIR%%/samba/netcmd/domain/models/model.py
%%PYTHON_SITELIBDIR%%/samba/netcmd/domain/models/query.py
%%PYTHON_SITELIBDIR%%/samba/netcmd/domain/models/schema.py
%%PYTHON_SITELIBDIR%%/samba/netcmd/domain/models/site.py
%%PYTHON_SITELIBDIR%%/samba/netcmd/domain/models/subnet.py
%%PYTHON_SITELIBDIR%%/samba/netcmd/domain/models/user.py
%%PYTHON_SITELIBDIR%%/samba/netcmd/domain/models/value_type.py
%%PYTHON_SITELIBDIR%%/samba/netcmd/domain/passwordsettings.py
%%PYTHON_SITELIBDIR%%/samba/netcmd/domain/provision.py
%%PYTHON_SITELIBDIR%%/samba/netcmd/domain/samba3upgrade.py
%%PYTHON_SITELIBDIR%%/samba/netcmd/domain/schemaupgrade.py
%%PYTHON_SITELIBDIR%%/samba/netcmd/service_account/__init__.py
%%PYTHON_SITELIBDIR%%/samba/netcmd/service_account/group_msa_membership.py
%%PYTHON_SITELIBDIR%%/samba/netcmd/service_account/service_account.py
%%PYTHON_SITELIBDIR%%/samba/netcmd/domain/tombstones.py
%%PYTHON_SITELIBDIR%%/samba/netcmd/domain/trust.py
%%PYTHON_SITELIBDIR%%/samba/netcmd/drs.py
@ -289,6 +306,7 @@ lib/samba4/private/libsamba-python%%PYTHON_TAG%%-private-samba.so
%%PYTHON_SITELIBDIR%%/samba/tests/blackbox/check_output.py
%%PYTHON_SITELIBDIR%%/samba/tests/blackbox/claims.py
%%PYTHON_SITELIBDIR%%/samba/tests/blackbox/downgradedatabase.py
%%PYTHON_SITELIBDIR%%/samba/tests/blackbox/gmsa.py
%%PYTHON_SITELIBDIR%%/samba/tests/blackbox/http_chunk.py
%%PYTHON_SITELIBDIR%%/samba/tests/blackbox/http_content.py
%%PYTHON_SITELIBDIR%%/samba/tests/blackbox/mdsearch.py
@ -321,10 +339,10 @@ lib/samba4/private/libsamba-python%%PYTHON_TAG%%-private-samba.so
%%PYTHON_SITELIBDIR%%/samba/tests/dcerpc/array.py
%%PYTHON_SITELIBDIR%%/samba/tests/dcerpc/bare.py
%%PYTHON_SITELIBDIR%%/samba/tests/dcerpc/binding.py
%%PYTHON_SITELIBDIR%%/samba/tests/dcerpc/createtrustrelax.py
%%PYTHON_SITELIBDIR%%/samba/tests/dcerpc/dnsserver.py
%%PYTHON_SITELIBDIR%%/samba/tests/dcerpc/integer.py
%%PYTHON_SITELIBDIR%%/samba/tests/dcerpc/lsa.py
%%PYTHON_SITELIBDIR%%/samba/tests/dcerpc/lsa_utils.py
%%PYTHON_SITELIBDIR%%/samba/tests/dcerpc/mdssvc.py
%%PYTHON_SITELIBDIR%%/samba/tests/dcerpc/misc.py
%%PYTHON_SITELIBDIR%%/samba/tests/dcerpc/raw_protocol.py
@ -355,6 +373,8 @@ lib/samba4/private/libsamba-python%%PYTHON_TAG%%-private-samba.so
%%PYTHON_SITELIBDIR%%/samba/tests/dsdb_api.py
%%PYTHON_SITELIBDIR%%/samba/tests/dsdb_dns.py
%%PYTHON_SITELIBDIR%%/samba/tests/dsdb_lock.py
%%PYTHON_SITELIBDIR%%/samba/tests/dsdb_quiet_env_tests.py
%%PYTHON_SITELIBDIR%%/samba/tests/dsdb_quiet_provision_tests.py
%%PYTHON_SITELIBDIR%%/samba/tests/dsdb_schema_attributes.py
%%PYTHON_SITELIBDIR%%/samba/tests/emulate/__init__.py
%%PYTHON_SITELIBDIR%%/samba/tests/emulate/traffic.py
@ -389,6 +409,7 @@ lib/samba4/private/libsamba-python%%PYTHON_TAG%%-private-samba.so
%%PYTHON_SITELIBDIR%%/samba/tests/krb5/etype_tests.py
%%PYTHON_SITELIBDIR%%/samba/tests/krb5/fast_tests.py
%%PYTHON_SITELIBDIR%%/samba/tests/krb5/gkdi_tests.py
%%PYTHON_SITELIBDIR%%/samba/tests/krb5/gmsa_tests.py
%%PYTHON_SITELIBDIR%%/samba/tests/krb5/group_tests.py
%%PYTHON_SITELIBDIR%%/samba/tests/krb5/kcrypto.py
%%PYTHON_SITELIBDIR%%/samba/tests/krb5/kdc_base_test.py
@ -398,6 +419,7 @@ lib/samba4/private/libsamba-python%%PYTHON_TAG%%-private-samba.so
%%PYTHON_SITELIBDIR%%/samba/tests/krb5/kpasswd_tests.py
%%PYTHON_SITELIBDIR%%/samba/tests/krb5/lockout_tests.py
%%PYTHON_SITELIBDIR%%/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py
%%PYTHON_SITELIBDIR%%/samba/tests/krb5/netlogon.py
%%PYTHON_SITELIBDIR%%/samba/tests/krb5/nt_hash_tests.py
%%PYTHON_SITELIBDIR%%/samba/tests/krb5/pac_align_tests.py
%%PYTHON_SITELIBDIR%%/samba/tests/krb5/pkinit_tests.py
@ -438,6 +460,7 @@ lib/samba4/private/libsamba-python%%PYTHON_TAG%%-private-samba.so
%%PYTHON_SITELIBDIR%%/samba/tests/netbios.py
%%PYTHON_SITELIBDIR%%/samba/tests/netcmd.py
%%PYTHON_SITELIBDIR%%/samba/tests/netlogonsvc.py
%%PYTHON_SITELIBDIR%%/samba/tests/ndr/sd.py
%%PYTHON_SITELIBDIR%%/samba/tests/ntacls.py
%%PYTHON_SITELIBDIR%%/samba/tests/ntacls_backup.py
%%PYTHON_SITELIBDIR%%/samba/tests/ntlm_auth.py
@ -465,6 +488,7 @@ lib/samba4/private/libsamba-python%%PYTHON_TAG%%-private-samba.so
%%PYTHON_SITELIBDIR%%/samba/tests/py_credentials.py
%%PYTHON_SITELIBDIR%%/samba/tests/registry.py
%%PYTHON_SITELIBDIR%%/samba/tests/reparsepoints.py
%%PYTHON_SITELIBDIR%%/samba/tests/rust.py
%%PYTHON_SITELIBDIR%%/samba/tests/s3_net_join.py
%%PYTHON_SITELIBDIR%%/samba/tests/s3idmapdb.py
%%PYTHON_SITELIBDIR%%/samba/tests/s3param.py
@ -483,6 +507,7 @@ lib/samba4/private/libsamba-python%%PYTHON_TAG%%-private-samba.so
%%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/domain_auth_policy.py
%%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/domain_auth_silo.py
%%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/domain_claim.py
%%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/domain_kds_root_key.py
%%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/domain_models.py
%%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/drs_clone_dc_data_lmdb_size.py
%%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/dsacl.py
@ -505,6 +530,7 @@ lib/samba4/private/libsamba-python%%PYTHON_TAG%%-private-samba.so
%%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/provision_userPassword_crypt.py
%%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/rodc.py
%%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/schema.py
%%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/service_account.py
%%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/silo_base.py
%%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/sites.py
%%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/timecmd.py
@ -549,7 +575,6 @@ lib/samba4/private/libsamba-python%%PYTHON_TAG%%-private-samba.so
%%PYTHON_SITELIBDIR%%/samba/tests/upgradeprovisionneeddc.py
%%PYTHON_SITELIBDIR%%/samba/tests/usage.py
%%PYTHON_SITELIBDIR%%/samba/tests/xattr.py
%%PYTHON_SITELIBDIR%%/samba/trust_utils.py
%%PYTHON_SITELIBDIR%%/samba/upgrade.py
%%PYTHON_SITELIBDIR%%/samba/upgradehelpers.py
%%PYTHON_SITELIBDIR%%/samba/uptodateness.py