kiwi/klara-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

0mp port

Browse Source
This commit is contained in:
Xavier Beaudouin
2025-09-11 11:56:43 +07:00
parent ba38a2457f
commit fb9bdce10a
53 changed files with 6731 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

292
net/samba422/files/0001-Compact-and-simplify-modules-build-and-config-genera.patch Normal file
View File

@ -0,0 +1,292 @@
From 05e3cc236406680a55e19b204202b63cdaf48ea1 Mon Sep 17 00:00:00 2001
From: "Timur I. Bakeyev" <timur@FreeBSD.org>
Date: Mon, 1 Aug 2022 04:15:43 +0200
Subject: [PATCH 01/28] Compact and simplify modules build and config
generation for Bind 9.x AD DLZ.
Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
---
python/samba/provision/sambadns.py | 68 ++++++++++++------------------
source4/dns_server/dlz_minimal.h | 44 +++++++++----------
source4/dns_server/wscript_build | 62 +++------------------------
source4/setup/named.conf.dlz | 25 +----------
source4/torture/dns/wscript_build | 2 +-
5 files changed, 55 insertions(+), 146 deletions(-)
diff --git a/python/samba/provision/sambadns.py b/python/samba/provision/sambadns.py
index 404b346a885..8e5a8ba5f25 100644
--- a/python/samba/provision/sambadns.py
+++ b/python/samba/provision/sambadns.py
@@ -21,6 +21,7 @@
"""DNS-related provisioning"""
import os
+import re
import uuid
import shutil
import time
@@ -1010,52 +1011,37 @@ def create_named_conf(paths, realm, dnsdomain, dns_backend, logger):
stderr=subprocess.STDOUT,
cwd='.').communicate()[0]
bind_info = get_string(bind_info)
- bind9_8 = '#'
- bind9_9 = '#'
- bind9_10 = '#'
- bind9_11 = '#'
- bind9_12 = '#'
- bind9_14 = '#'
- bind9_16 = '#'
- bind9_18 = '#'
- if bind_info.upper().find('BIND 9.8') != -1:
- bind9_8 = ''
- elif bind_info.upper().find('BIND 9.9') != -1:
- bind9_9 = ''
- elif bind_info.upper().find('BIND 9.10') != -1:
- bind9_10 = ''
- elif bind_info.upper().find('BIND 9.11') != -1:
- bind9_11 = ''
- elif bind_info.upper().find('BIND 9.12') != -1:
- bind9_12 = ''
- elif bind_info.upper().find('BIND 9.14') != -1:
- bind9_14 = ''
- elif bind_info.upper().find('BIND 9.16') != -1:
- bind9_16 = ''
- elif bind_info.upper().find('BIND 9.18') != -1:
- bind9_18 = ''
- elif bind_info.upper().find('BIND 9.7') != -1:
- raise ProvisioningError("DLZ option incompatible with BIND 9.7.")
- elif bind_info.upper().find('BIND_9.13') != -1:
- raise ProvisioningError("Only stable/esv releases of BIND are supported.")
- elif bind_info.upper().find('BIND_9.15') != -1:
- raise ProvisioningError("Only stable/esv releases of BIND are supported.")
- elif bind_info.upper().find('BIND_9.17') != -1:
- raise ProvisioningError("Only stable/esv releases of BIND are supported.")
+ bind9_release = re.search('BIND (9)\.(\d+)\.', bind_info, re.I)
+ if bind9_release:
+ bind9_disabled = ''
+ bind9_version = bind9_release.group(0) + "x"
+ bind9_version_major = int(bind9_release.group(1))
+ bind9_version_minor = int(bind9_release.group(2))
+ if bind9_version_minor == 7:
+ raise ProvisioningError("DLZ option incompatible with BIND 9.7.")
+ elif bind9_version_minor == 8:
+ bind9_dlz_version = "9"
+ elif bind9_version_minor in [13, 15, 17]:
+ raise ProvisioningError("Only stable/esv releases of BIND are supported.")
+ else:
+ bind9_dlz_version = "%d_%d" % (bind9_version_major, bind9_version_minor)
else:
+ bind9_disabled = '# '
+ bind9_version = "BIND z.y.x"
+ bind9_dlz_version = "z_y"
logger.warning("BIND version unknown, please modify %s manually." % paths.namedconf)
+
+ bind9_dlz = (
+ ' # For %s\n'
+ ' %sdatabase "dlopen %s/bind9/dlz_bind%s.so";'
+ ) % (
+ bind9_version, bind9_disabled, samba.param.modules_dir(), bind9_dlz_version
+ )
setup_file(setup_path("named.conf.dlz"), paths.namedconf, {
"NAMED_CONF": paths.namedconf,
"MODULESDIR": samba.param.modules_dir(),
- "BIND9_8": bind9_8,
- "BIND9_9": bind9_9,
- "BIND9_10": bind9_10,
- "BIND9_11": bind9_11,
- "BIND9_12": bind9_12,
- "BIND9_14": bind9_14,
- "BIND9_16": bind9_16,
- "BIND9_18": bind9_18
- })
+ "BIND9_DLZ": bind9_dlz
+ })
def create_named_txt(path, realm, dnsdomain, dnsname, binddns_dir,
diff --git a/source4/dns_server/dlz_minimal.h b/source4/dns_server/dlz_minimal.h
index b7e36e7f8e6..bbdb616deb2 100644
--- a/source4/dns_server/dlz_minimal.h
+++ b/source4/dns_server/dlz_minimal.h
@@ -26,31 +26,25 @@
#include <stdint.h>
#include <stdbool.h>
-#if defined (BIND_VERSION_9_8)
-# error Bind 9.8 is not supported!
-#elif defined (BIND_VERSION_9_9)
-# error Bind 9.9 is not supported!
-#elif defined (BIND_VERSION_9_10)
-# define DLZ_DLOPEN_VERSION 3
-# define DNS_CLIENTINFO_VERSION 1
-# define ISC_BOOLEAN_AS_BOOL 0
-#elif defined (BIND_VERSION_9_11)
-# define DLZ_DLOPEN_VERSION 3
-# define DNS_CLIENTINFO_VERSION 2
-# define ISC_BOOLEAN_AS_BOOL 0
-#elif defined (BIND_VERSION_9_12)
-# define DLZ_DLOPEN_VERSION 3
-# define DNS_CLIENTINFO_VERSION 2
-# define ISC_BOOLEAN_AS_BOOL 0
-#elif defined (BIND_VERSION_9_14)
-# define DLZ_DLOPEN_VERSION 3
-# define DNS_CLIENTINFO_VERSION 2
-#elif defined (BIND_VERSION_9_16)
-# define DLZ_DLOPEN_VERSION 3
-# define DNS_CLIENTINFO_VERSION 2
-#elif defined (BIND_VERSION_9_18)
-# define DLZ_DLOPEN_VERSION 3
-# define DNS_CLIENTINFO_VERSION 2
+#if defined (BIND_VERSION)
+# if BIND_VERSION == 908
+# error Bind 9.8 is not supported!
+# elif BIND_VERSION == 909
+# error Bind 9.9 is not supported!
+# elif BIND_VERSION == 910
+# define DLZ_DLOPEN_VERSION 3
+# define DNS_CLIENTINFO_VERSION 1
+# define ISC_BOOLEAN_AS_BOOL 0
+# elif BIND_VERSION == 911 || BIND_VERSION == 912
+# define DLZ_DLOPEN_VERSION 3
+# define DNS_CLIENTINFO_VERSION 2
+# define ISC_BOOLEAN_AS_BOOL 0
+# elif BIND_VERSION >= 914
+# define DLZ_DLOPEN_VERSION 3
+# define DNS_CLIENTINFO_VERSION 2
+# else
+# error Unsupported BIND version
+# endif
#else
# error Unsupported BIND version
#endif
diff --git a/source4/dns_server/wscript_build b/source4/dns_server/wscript_build
index ab0a241b937..3743753504c 100644
--- a/source4/dns_server/wscript_build
+++ b/source4/dns_server/wscript_build
@@ -20,69 +20,21 @@ bld.SAMBA_MODULE('service_dns',
)
# a bind9 dlz module giving access to the Samba DNS SAM
-bld.SAMBA_LIBRARY('dlz_bind9_10',
+for bind_version in (910, 911, 912, 914, 916, 918, 920):
+ string_version='%d_%d' % (bind_version // 100, bind_version % 100)
+ bld.SAMBA_LIBRARY('dlz_bind%s' % (string_version),
source='dlz_bind9.c',
- cflags='-DBIND_VERSION_9_10',
+ cflags='-DBIND_VERSION=%d' % bind_version,
private_library=True,
- link_name='modules/bind9/dlz_bind9_10.so',
- realname='dlz_bind9_10.so',
- install_path='${MODULESDIR}/bind9',
- deps='samba-hostconfig samdb-common gensec popt dnsserver_common',
- enabled=bld.AD_DC_BUILD_IS_ENABLED())
-
-bld.SAMBA_LIBRARY('dlz_bind9_11',
- source='dlz_bind9.c',
- cflags='-DBIND_VERSION_9_11',
- private_library=True,
- link_name='modules/bind9/dlz_bind9_11.so',
- realname='dlz_bind9_11.so',
- install_path='${MODULESDIR}/bind9',
- deps='samba-hostconfig samdb-common gensec popt dnsserver_common',
- enabled=bld.AD_DC_BUILD_IS_ENABLED())
-
-bld.SAMBA_LIBRARY('dlz_bind9_12',
- source='dlz_bind9.c',
- cflags='-DBIND_VERSION_9_12',
- private_library=True,
- link_name='modules/bind9/dlz_bind9_12.so',
- realname='dlz_bind9_12.so',
- install_path='${MODULESDIR}/bind9',
- deps='samba-hostconfig samdb-common gensec popt dnsserver_common',
- enabled=bld.AD_DC_BUILD_IS_ENABLED())
-
-bld.SAMBA_LIBRARY('dlz_bind9_14',
- source='dlz_bind9.c',
- cflags='-DBIND_VERSION_9_14',
- private_library=True,
- link_name='modules/bind9/dlz_bind9_14.so',
- realname='dlz_bind9_14.so',
- install_path='${MODULESDIR}/bind9',
- deps='samba-hostconfig samdb-common gensec popt dnsserver_common',
- enabled=bld.AD_DC_BUILD_IS_ENABLED())
-
-bld.SAMBA_LIBRARY('dlz_bind9_16',
- source='dlz_bind9.c',
- cflags='-DBIND_VERSION_9_16',
- private_library=True,
- link_name='modules/bind9/dlz_bind9_16.so',
- realname='dlz_bind9_16.so',
- install_path='${MODULESDIR}/bind9',
- deps='samba-hostconfig samdb-common gensec popt dnsserver_common',
- enabled=bld.AD_DC_BUILD_IS_ENABLED())
-
-bld.SAMBA_LIBRARY('dlz_bind9_18',
- source='dlz_bind9.c',
- cflags='-DBIND_VERSION_9_18',
- private_library=True,
- link_name='modules/bind9/dlz_bind9_18.so',
- realname='dlz_bind9_18.so',
+ link_name='modules/bind9/dlz_bind%s.so' % (string_version),
+ realname='dlz_bind%s.so' % (string_version),
install_path='${MODULESDIR}/bind9',
deps='samba-hostconfig samdb-common gensec popt dnsserver_common',
enabled=bld.AD_DC_BUILD_IS_ENABLED())
bld.SAMBA_LIBRARY('dlz_bind9_for_torture',
source='dlz_bind9.c',
- cflags='-DBIND_VERSION_9_16',
+ cflags='-DBIND_VERSION=920',
private_library=True,
deps='samba-hostconfig samdb-common gensec popt dnsserver_common',
enabled=bld.AD_DC_BUILD_IS_ENABLED())
diff --git a/source4/setup/named.conf.dlz b/source4/setup/named.conf.dlz
index cbe7d805f58..32672768af4 100644
--- a/source4/setup/named.conf.dlz
+++ b/source4/setup/named.conf.dlz
@@ -10,28 +10,5 @@
# Uncomment only single database line, depending on your BIND version
#
dlz "AD DNS Zone" {
- # For BIND 9.8.x
- ${BIND9_8} database "dlopen ${MODULESDIR}/bind9/dlz_bind9.so";
-
- # For BIND 9.9.x
- ${BIND9_9} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_9.so";
-
- # For BIND 9.10.x
- ${BIND9_10} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_10.so";
-
- # For BIND 9.11.x
- ${BIND9_11} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_11.so";
-
- # For BIND 9.12.x
- ${BIND9_12} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_12.so";
-
- # For BIND 9.14.x
- ${BIND9_14} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_14.so";
-
- # For BIND 9.16.x
- ${BIND9_16} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_16.so";
- #
- # For BIND 9.18.x
- ${BIND9_18} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_18.so";
+${BIND9_DLZ}
};
-
diff --git a/source4/torture/dns/wscript_build b/source4/torture/dns/wscript_build
index 0b40e03e370..bf7415ff88a 100644
--- a/source4/torture/dns/wscript_build
+++ b/source4/torture/dns/wscript_build
@@ -5,7 +5,7 @@ if bld.AD_DC_BUILD_IS_ENABLED():
source='dlz_bind9.c',
subsystem='smbtorture',
init_function='torture_bind_dns_init',
- cflags='-DBIND_VERSION_9_16',
+ cflags='-DBIND_VERSION=920',
deps='torture talloc torturemain dlz_bind9_for_torture',
internal_module=True
)
--
2.37.1

35
net/samba422/files/0002-Adjust-abi_gen.sh-script-to-run-under-FreeBSD-with-i.patch Normal file
View File

@ -0,0 +1,35 @@
From 639b8d650685476016a6d5b1c996a04ac54f8a6f Mon Sep 17 00:00:00 2001
From: "Timur I. Bakeyev" <timur@FreeBSD.org>
Date: Sun, 30 May 2021 04:00:08 +0200
Subject: [PATCH 02/28] Adjust abi_gen.sh script to run under FreeBSD with it's
own bintools and slightly different output of GDB.
Substitution: yes
Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
---
buildtools/scripts/abi_gen.sh | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/buildtools/scripts/abi_gen.sh b/buildtools/scripts/abi_gen.sh
index ddb0a7cc36f..d2750705ff9 100755
--- a/buildtools/scripts/abi_gen.sh
+++ b/buildtools/scripts/abi_gen.sh
@@ -9,6 +9,7 @@ GDBSCRIPT="gdb_syms.$$"
cat <<EOF
set height 0
set width 0
+set print sevenbit-strings on
EOF
# On older linker versions _init|_fini symbols are not hidden.
@@ -22,5 +23,5 @@ done
) > $GDBSCRIPT
# forcing the terminal avoids a problem on Fedora12
-TERM=none gdb -n -batch -x $GDBSCRIPT "$SHAREDLIB" < /dev/null
+TERM=none %%GDB_CMD%% -n -batch -x $GDBSCRIPT "$SHAREDLIB" < /dev/null
rm -f $GDBSCRIPT
--
2.37.1

32
net/samba422/files/0003-Mask-CLang-prototype-warnings-in-kadm5-admin.h.patch Normal file
View File

@ -0,0 +1,32 @@
From 382c3edc95a1747e0a6edd05c76adc0ec21a66c7 Mon Sep 17 00:00:00 2001
From: "Timur I. Bakeyev" <timur@FreeBSD.org>
Date: Sun, 30 May 2021 03:50:17 +0200
Subject: [PATCH 03/28] Mask CLang prototype warnings in kadm5/admin.h
Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
---
source4/kdc/kdc-service-mit.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/source4/kdc/kdc-service-mit.c b/source4/kdc/kdc-service-mit.c
index 22663b6ecc8..5bef125206a 100644
--- a/source4/kdc/kdc-service-mit.c
+++ b/source4/kdc/kdc-service-mit.c
@@ -36,9 +36,13 @@
#include "kdc/samba_kdc.h"
#include "kdc/kdc-server.h"
#include "kdc/kpasswd-service.h"
-#include <kadm5/admin.h>
#include <kdb.h>
+#pragma clang diagnostic push
+#pragma clang diagnostic ignored "-Wstrict-prototypes"
+#include <kadm5/admin.h>
+#pragma clang diagnostic pop
+
#include "source4/kdc/mit_kdc_irpc.h"
/* PROTOTYPES */
--
2.37.1

38
net/samba422/files/0004-On-FreeBSD-date-1-has-different-semantics-than-on-Li.patch Normal file
View File

@ -0,0 +1,38 @@
From 0eb28116ceefee7bdafabac18a1763f13cb71883 Mon Sep 17 00:00:00 2001
From: "Timur I. Bakeyev" <timur@FreeBSD.org>
Date: Sun, 30 May 2021 03:42:31 +0200
Subject: [PATCH 04/28] On FreeBSD `date(1)` has different semantics than on
Linux. Generate call parameter accordingly.
FreeBSD: `date [[[[[cc]yy]mm]dd]HH]MM[.ss]`
Linux: `date [mmddHHMM[[cc]yy][.ss]]`
Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
---
source3/utils/net_time.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/source3/utils/net_time.c b/source3/utils/net_time.c
index d102f84614f..f679000a979 100644
--- a/source3/utils/net_time.c
+++ b/source3/utils/net_time.c
@@ -82,10 +82,15 @@ static const char *systime(time_t t)
if (!tm) {
return "unknown";
}
-
+#if defined(FREEBSD)
+ return talloc_asprintf(talloc_tos(), "%04d%02d%02d%02d%02d.%02d",
+ tm->tm_year + 1900, tm->tm_mon+1, tm->tm_mday,
+ tm->tm_hour, tm->tm_min, tm->tm_sec);
+#else
return talloc_asprintf(talloc_tos(), "%02d%02d%02d%02d%04d.%02d",
tm->tm_mon+1, tm->tm_mday, tm->tm_hour,
tm->tm_min, tm->tm_year + 1900, tm->tm_sec);
+#endif
}
int net_time_usage(struct net_context *c, int argc, const char **argv)
--
2.37.1

26
net/samba422/files/0005-Include-jemalloc-jemalloc.h-if-ENABLE_JEMALLOC-is-se.patch Normal file
View File

@ -0,0 +1,26 @@
From 3cc67018c560d32b98523618d16902c1a670ed40 Mon Sep 17 00:00:00 2001
From: "Timur I. Bakeyev" <timur@FreeBSD.org>
Date: Sun, 30 May 2021 03:33:51 +0200
Subject: [PATCH 05/28] Include jemalloc/jemalloc.h if ENABLE_JEMALLOC is set.
Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
---
source3/include/includes.h | 2 ++
1 file changed, 2 insertions(+)
diff --git a/source3/include/includes.h b/source3/include/includes.h
index 510a0b96539..94a076de11e 100644
--- a/source3/include/includes.h
+++ b/source3/include/includes.h
@@ -326,6 +326,8 @@ typedef char fstring[FSTRING_LEN];
* the *bottom* of include files so as not to conflict. */
#ifdef ENABLE_DMALLOC
# include <dmalloc.h>
+#elif ENABLE_JEMALLOC
+# include <jemalloc/jemalloc.h>
#endif
--
2.37.1

32
net/samba422/files/0006-Install-nss_-modules-into-PAMMODULESDIR-path.patch Normal file
View File

@ -0,0 +1,32 @@
From 406621efcd26d48b5e8f1e5df4082c8bf2cc8bab Mon Sep 17 00:00:00 2001
From: "Timur I. Bakeyev" <timur@FreeBSD.org>
Date: Sun, 30 May 2021 03:32:21 +0200
Subject: [PATCH 06/28] Install nss_* modules into PAMMODULESDIR path.
Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
---
nsswitch/wscript_build | 2 ++
1 file changed, 2 insertions(+)
diff --git a/nsswitch/wscript_build b/nsswitch/wscript_build
index 3247b6c2b7c..df2fc3b97ea 100644
--- a/nsswitch/wscript_build
+++ b/nsswitch/wscript_build
@@ -54,12 +54,14 @@ elif (host_os.rfind('freebsd') > -1):
source='winbind_nss_linux.c winbind_nss_freebsd.c',
deps='wbclient',
realname='nss_winbind.so.1',
+ install_path='${PAMMODULESDIR}',
vnum='1')
bld.SAMBA3_PLUGIN('nss_wins',
source='wins.c wins_freebsd.c',
deps='''wbclient''',
realname='nss_wins.so.1',
+ install_path='${PAMMODULESDIR}',
vnum='1')
elif (host_os.rfind('netbsd') > -1):
--
2.37.1

105
net/samba422/files/0007-Use-macro-value-as-a-default-backlog-size-for-the-li.patch Normal file
View File

@ -0,0 +1,105 @@
From 75f20f8e144a926873b619e1c0918896689d39a0 Mon Sep 17 00:00:00 2001
From: "Timur I. Bakeyev" <timur@FreeBSD.org>
Date: Sun, 30 May 2021 03:28:09 +0200
Subject: [PATCH 07/28] Use macro value as a default backlog size for the
`listen()` syscall.
Set that macro to -1 on FreeBSD, specifying maximum kernel configured
allowed backlog size.
Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
---
lib/tevent/echo_server.c | 2 +-
source3/include/local.h | 11 +++++++++++
source3/libsmb/unexpected.c | 2 +-
source3/utils/smbfilter.c | 2 +-
source3/winbindd/winbindd.c | 4 ++--
5 files changed, 16 insertions(+), 5 deletions(-)
diff --git a/lib/tevent/echo_server.c b/lib/tevent/echo_server.c
index f93d8bcdee7..49354dbf0e5 100644
--- a/lib/tevent/echo_server.c
+++ b/lib/tevent/echo_server.c
@@ -633,7 +633,7 @@ int main(int argc, const char **argv)
exit(1);
}
- ret = listen(listen_sock, 5);
+ ret = listen(listen_sock, DEFAULT_LISTEN_BACKLOG);
if (ret == -1) {
perror("listen() failed");
exit(1);
diff --git a/source3/include/local.h b/source3/include/local.h
index 297e5572fdb..d85aab09f9f 100644
--- a/source3/include/local.h
+++ b/source3/include/local.h
@@ -163,7 +163,18 @@
#define WINBIND_SERVER_MUTEX_WAIT_TIME (( ((NUM_CLI_AUTH_CONNECT_RETRIES) * ((CLI_AUTH_TIMEOUT)/1000)) + 5)*2)
/* size of listen() backlog in smbd */
+#if defined (FREEBSD)
+#define SMBD_LISTEN_BACKLOG -1
+#else
#define SMBD_LISTEN_BACKLOG 50
+#endif
+
+/* size of listen() default backlog */
+#if defined (FREEBSD)
+#define DEFAULT_LISTEN_BACKLOG -1
+#else
+#define DEFAULT_LISTEN_BACKLOG 5
+#endif
/* Number of microseconds to wait before a sharing violation. */
#define SHARING_VIOLATION_USEC_WAIT 950000
diff --git a/source3/libsmb/unexpected.c b/source3/libsmb/unexpected.c
index ced46969b88..317d6b1e0e2 100644
--- a/source3/libsmb/unexpected.c
+++ b/source3/libsmb/unexpected.c
@@ -95,7 +95,7 @@ NTSTATUS nb_packet_server_create(TALLOC_CTX *mem_ctx,
status = map_nt_error_from_unix(errno);
goto fail;
}
- rc = listen(result->listen_sock, 5);
+ rc = listen(result->listen_sock, DEFAULT_LISTEN_BACKLOG);
if (rc < 0) {
status = map_nt_error_from_unix(errno);
goto fail;
diff --git a/source3/utils/smbfilter.c b/source3/utils/smbfilter.c
index 3fbd63975c9..b2d90f993fc 100644
--- a/source3/utils/smbfilter.c
+++ b/source3/utils/smbfilter.c
@@ -291,7 +291,7 @@ static void start_filter(char *desthost)
exit(1);
}
- if (listen(s, 5) == -1) {
+ if (listen(s, DEFAULT_LISTEN_BACKLOG) == -1) {
d_printf("listen failed\n");
}
diff --git a/source3/winbindd/winbindd.c b/source3/winbindd/winbindd.c
index 0f9c6449a5a..c2df0c92372 100644
--- a/source3/winbindd/winbindd.c
+++ b/source3/winbindd/winbindd.c
@@ -1312,7 +1312,7 @@ static bool winbindd_setup_listeners(void)
if (pub_state->fd == -1) {
goto failed;
}
- rc = listen(pub_state->fd, 5);
+ rc = listen(pub_state->fd, DEFAULT_LISTEN_BACKLOG);
if (rc < 0) {
goto failed;
}
@@ -1344,7 +1344,7 @@ static bool winbindd_setup_listeners(void)
if (priv_state->fd == -1) {
goto failed;
}
- rc = listen(priv_state->fd, 5);
+ rc = listen(priv_state->fd, DEFAULT_LISTEN_BACKLOG);
if (rc < 0) {
goto failed;
}
--
2.37.1

111
net/samba422/files/0008-Brute-force-work-around-usage-of-Linux-specific-m-fl.patch Normal file
View File

@ -0,0 +1,111 @@
From 29d0b3479f61f33356d6cc82099085b5c412f949 Mon Sep 17 00:00:00 2001
From: "Timur I. Bakeyev" <timur@FreeBSD.org>
Date: Sun, 30 May 2021 03:24:48 +0200
Subject: [PATCH 08/28] Brute force work around usage of Linux-specific `%m`
flag in `sscanf()`.
Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
---
libcli/http/http.c | 36 ++++++++++++++++++++++++++-----
source4/libcli/ldap/ldap_client.c | 12 +++++++++++
2 files changed, 43 insertions(+), 5 deletions(-)
diff --git a/libcli/http/http.c b/libcli/http/http.c
index d20fc25f9e2..a28caca0045 100644
--- a/libcli/http/http.c
+++ b/libcli/http/http.c
@@ -142,7 +142,19 @@ static enum http_read_status http_parse_headers(struct http_read_response_state
return HTTP_ALL_DATA_READ;
}
+#ifdef FREEBSD
+ int s0, s1, s2, s3; s0 = s1 = s2 = s3 = 0;
+ n = sscanf(line, "%n%*[^:]%n: %n%*[^\r\n]%n\r\n", &s0, &s1, &s2, &s3);
+
+ if(n >= 0) {
+ key = calloc(sizeof(char), s1-s0+1);
+ value = calloc(sizeof(char), s3-s2+1);
+
+ n = sscanf(line, "%[^:]: %[^\r\n]\r\n", key, value);
+ }
+#else
n = sscanf(line, "%m[^:]: %m[^\r\n]\r\n", &key, &value);
+#endif
if (n != 2) {
DEBUG(0, ("%s: Error parsing header '%s'\n", __func__, line));
status = HTTP_DATA_CORRUPTED;
@@ -168,7 +180,7 @@ error:
static bool http_parse_response_line(struct http_read_response_state *state)
{
bool status = true;
- char *protocol;
+ char *protocol = NULL;
char *msg = NULL;
char major;
char minor;
@@ -188,12 +200,22 @@ static bool http_parse_response_line(struct http_read_response_state *state)
return false;
}
+#ifdef FREEBSD
+ int s0, s1, s2, s3; s0 = s1 = s2 = s3 = 0;
+ n = sscanf(line, "%n%*[^/]%n/%c.%c %d %n%*[^\r\n]%n\r\n",
+ &s0, &s1, &major, &minor, &code, &s2, &s3);
+
+ if(n == 3) {
+ protocol = calloc(sizeof(char), s1-s0+1);
+ msg = calloc(sizeof(char), s3-s2+1);
+
+ n = sscanf(line, "%[^/]/%c.%c %d %[^\r\n]\r\n",
+ protocol, &major, &minor, &code, msg);
+ }
+#else
n = sscanf(line, "%m[^/]/%c.%c %d %m[^\r\n]\r\n",
&protocol, &major, &minor, &code, &msg);
-
- DEBUG(11, ("%s: Header parsed(%i): protocol->%s, major->%c, minor->%c, "
- "code->%d, message->%s\n", __func__, n, protocol, major, minor,
- code, msg));
+#endif
if (n != 5) {
DEBUG(0, ("%s: Error parsing header\n", __func__));
@@ -201,6 +223,10 @@ static bool http_parse_response_line(struct http_read_response_state *state)
goto error;
}
+ DEBUG(11, ("%s: Header parsed(%i): protocol->%s, major->%c, minor->%c, "
+ "code->%d, message->%s\n", __func__, n, protocol, major, minor,
+ code, msg));
+
if (major != '1') {
DEBUG(0, ("%s: Bad HTTP major number '%c'\n", __func__, major));
status = false;
diff --git a/source4/libcli/ldap/ldap_client.c b/source4/libcli/ldap/ldap_client.c
index 8614ccdfd54..2630d3c8859 100644
--- a/source4/libcli/ldap/ldap_client.c
+++ b/source4/libcli/ldap/ldap_client.c
@@ -402,8 +402,20 @@ static int ldap_parse_basic_url(
*pport = port;
return 0;
}
+#ifdef FREEBSD
+ int s0, s1; s0 = s1 = 0;
+ ret = sscanf(url, "%n%*[^:/]%n:%d", &s0, &s1, &port);
+ if(ret >= 0) {
+ host = calloc(sizeof(char), s1 - s0 + 1);
+ if (host == NULL) {
+ return ENOMEM;
+ }
+ ret = sscanf(url, "%[^:/]:%d", host, &port);
+ }
+#else
ret = sscanf(url, "%m[^:/]:%d", &host, &port);
+#endif
if (ret < 1) {
return EINVAL;
}
--
2.37.1

39
net/samba422/files/0009-Make-sure-that-config-checks-fail-if-the-warning-is-.patch Normal file
View File

@ -0,0 +1,39 @@
From 3189d57e9c6cf8d5d25566f2760cfa4f822d7a2c Mon Sep 17 00:00:00 2001
From: "Timur I. Bakeyev" <timur@FreeBSD.org>
Date: Sun, 30 May 2021 03:21:19 +0200
Subject: [PATCH 09/28] Make sure that config checks fail if the warning is
raised, by adding -Werror flag to the CFLAGS(WERROR_CFLAGS)
Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
---
buildtools/wafsamba/samba_autoconf.py | 2 +-
lib/replace/wscript | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/buildtools/wafsamba/samba_autoconf.py b/buildtools/wafsamba/samba_autoconf.py
index 78927d85193..cf87c8bb9ff 100644
--- a/buildtools/wafsamba/samba_autoconf.py
+++ b/buildtools/wafsamba/samba_autoconf.py
@@ -987,5 +987,5 @@ def SAMBA_CHECK_UNDEFINED_SYMBOL_FLAGS(conf):
conf.env.undefined_ldflags = conf.ADD_LDFLAGS('-Wl,-no-undefined', testflags=True)
if (conf.env.undefined_ignore_ldflags == [] and
- conf.CHECK_LDFLAGS(['-undefined', 'dynamic_lookup'])):
+ conf.CHECK_LDFLAGS(['-undefined', 'dynamic_lookup'] + conf.env.WERROR_CFLAGS)):
conf.env.undefined_ignore_ldflags = ['-undefined', 'dynamic_lookup']
diff --git a/lib/replace/wscript b/lib/replace/wscript
index 0db93d8caf1..1f9806f1dd7 100644
--- a/lib/replace/wscript
+++ b/lib/replace/wscript
@@ -122,7 +122,7 @@ def configure(conf):
conf.CHECK_HEADERS('sys/atomic.h stdatomic.h')
conf.CHECK_HEADERS('libgen.h')
- if conf.CHECK_CFLAGS('-Wno-format-truncation'):
+ if conf.CHECK_CFLAGS(['-Wno-format-truncation'] + conf.env.WERROR_CFLAGS):
conf.define('HAVE_WNO_FORMAT_TRUNCATION', '1')
if conf.CHECK_CFLAGS('-Wno-unused-function'):
--
2.37.1

54
net/samba422/files/0010-Add-option-with-pkgconfigdir-to-specify-alternative-.patch Normal file
View File

@ -0,0 +1,54 @@
From 5b0d17a5b7849f40f59fb0daedd62e8f5a1b0fba Mon Sep 17 00:00:00 2001
From: "Timur I. Bakeyev" <timur@FreeBSD.org>
Date: Sun, 30 May 2021 03:16:37 +0200
Subject: [PATCH 10/28] Add option --with-pkgconfigdir, to specify alternative
location.
Override name of the config file.
Remove code that doesn't allow direct install into /usr
Substitution: yes
Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
---
dynconfig/wscript | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/dynconfig/wscript b/dynconfig/wscript
index c62afa25399..29cacf1b92c 100644
--- a/dynconfig/wscript
+++ b/dynconfig/wscript
@@ -151,6 +151,8 @@ dynconfig = {
'PKGCONFIGDIR' : {
'STD-PATH': '${LIBDIR}/pkgconfig',
'FHS-PATH': '${LIBDIR}/pkgconfig',
+ 'OPTION': '--with-pkgconfigdir',
+ 'HELPTEXT': 'Where to put .pc files',
},
'CODEPAGEDIR' : {
'STD-PATH': '${DATADIR}/codepages',
@@ -257,8 +259,8 @@ dynconfig = {
'DELAY': True,
},
'CONFIGFILE' : {
- 'STD-PATH': '${CONFIGDIR}/smb.conf',
- 'FHS-PATH': '${CONFIGDIR}/smb.conf',
+ 'STD-PATH': '${CONFIGDIR}/%%SAMBA4_CONFIG%%',
+ 'FHS-PATH': '${CONFIGDIR}/%%SAMBA4_CONFIG%%',
'DELAY': True,
},
'LMHOSTSFILE' : {
@@ -317,9 +319,6 @@ def configure(conf):
flavor = 'FHS-PATH'
else:
flavor = 'STD-PATH'
- if conf.env.PREFIX == '/usr' or conf.env.PREFIX == '/usr/local':
- Logs.error("Don't install directly under /usr or /usr/local without using the FHS option (--enable-fhs)")
- raise Errors.WafError("ERROR: invalid --prefix=%s value" % (conf.env.PREFIX))
explicit_set ={}
--
2.37.1

28
net/samba422/files/0011-Use-provided-by-port-location-of-the-XML-catalog.patch Normal file
View File

@ -0,0 +1,28 @@
From 6c68907dcd9abd82cc95c842380a8e817b8f0e7f Mon Sep 17 00:00:00 2001
From: "Timur I. Bakeyev" <timur@FreeBSD.org>
Date: Sun, 30 May 2021 02:54:28 +0200
Subject: [PATCH 11/28] Use provided by port location of the XML catalog.
Substitution: yes
Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
---
buildtools/wafsamba/wafsamba.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/buildtools/wafsamba/wafsamba.py b/buildtools/wafsamba/wafsamba.py
index 7885ee720be..c42a021bc01 100644
--- a/buildtools/wafsamba/wafsamba.py
+++ b/buildtools/wafsamba/wafsamba.py
@@ -1174,7 +1174,7 @@ def SAMBAMANPAGES(bld, manpages, extra_source=None):
bld.env.SAMBA_EXPAND_XSL = bld.srcnode.abspath() + '/docs-xml/xslt/expand-sambadoc.xsl'
bld.env.SAMBA_MAN_XSL = bld.srcnode.abspath() + '/docs-xml/xslt/man.xsl'
bld.env.SAMBA_CATALOG = bld.bldnode.abspath() + '/docs-xml/build/catalog.xml'
- bld.env.SAMBA_CATALOGS = os.getenv('XML_CATALOG_FILES', 'file:///etc/xml/catalog file:///usr/local/share/xml/catalog') + ' file://' + bld.env.SAMBA_CATALOG
+ bld.env.SAMBA_CATALOGS = os.getenv('XML_CATALOG_FILES', 'file:///etc/xml/catalog file://%%LOCALBASE%%/share/xml/catalog') + ' file://' + bld.env.SAMBA_CATALOG
for m in manpages.split():
source = [m + '.xml']
--
2.37.1

29
net/samba422/files/0012-Create-shared-libraries-according-to-the-FreeBSD-spe.patch Normal file
View File

@ -0,0 +1,29 @@
From 9731cc810b50b6694ff931135df398a6772200ae Mon Sep 17 00:00:00 2001
From: "Timur I. Bakeyev" <timur@FreeBSD.org>
Date: Sun, 30 May 2021 02:51:47 +0200
Subject: [PATCH 12/28] Create shared libraries according to the
FreeBSD-specific naming schema, where only major.minor versions are used.
https://docs.freebsd.org/en/books/developers-handbook/policies/#policies-shlib
Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
---
buildtools/wafsamba/samba_install.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/buildtools/wafsamba/samba_install.py b/buildtools/wafsamba/samba_install.py
index 2957e16c3da..82abbf893e2 100644
--- a/buildtools/wafsamba/samba_install.py
+++ b/buildtools/wafsamba/samba_install.py
@@ -115,7 +115,7 @@ def install_library(self):
inst_name = bld.make_libname(t.target)
elif self.vnum:
vnum_base = self.vnum.split('.')[0]
- install_name = bld.make_libname(target_name, version=self.vnum)
+ install_name = bld.make_libname(target_name, version=vnum_base)
install_link = bld.make_libname(target_name, version=vnum_base)
inst_name = bld.make_libname(t.target)
if not self.private_library or not t.env.SONAME_ST:
--
2.37.1

77
net/samba422/files/0014-Add-option-to-disable-CTDB-tests-failing-on-FreeBSD-.patch Normal file
View File

@ -0,0 +1,77 @@
From 2f16c17b683655fe318a1e6d45aaad3857d1a512 Mon Sep 17 00:00:00 2001
From: "Timur I. Bakeyev" <timur@FreeBSD.org>
Date: Mon, 31 May 2021 00:35:36 +0200
Subject: [PATCH 14/28] Add option to disable CTDB tests - failing on FreeBSD
right now in too many places.
Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
---
ctdb/wscript | 24 ++++++++++++++++++------
1 file changed, 18 insertions(+), 6 deletions(-)
diff --git a/ctdb/wscript b/ctdb/wscript
index a9fef9241aa..c89c6decdd7 100644
--- a/ctdb/wscript
+++ b/ctdb/wscript
@@ -106,6 +106,9 @@ def options(opt):
opt.add_option('--enable-ceph-reclock',
help=("Enable Ceph CTDB recovery lock helper (default=no)"),
action="store_true", dest='ctdb_ceph_reclock', default=False)
+ opt.add_option('--disable-ctdb-tests',
+ help=("Disable CTDB tests (default=no)"),
+ action="store_true", dest='ctdb_no_tests', default=False)
opt.add_option('--with-logdir',
help=("Path to log directory"),
@@ -278,7 +281,7 @@ def configure(conf):
if Options.options.ctdb_ceph_reclock:
if (conf.CHECK_HEADERS('rados/librados.h', False, False, 'rados') and
- conf.CHECK_LIB('rados', shlib=True)):
+ conf.CHECK_LIB('rados', shlib=True)):
Logs.info('Building with Ceph librados recovery lock support')
conf.define('HAVE_LIBRADOS', 1)
else:
@@ -317,8 +320,14 @@ def configure(conf):
conf.env.CTDB_VARDIR,
conf.env.CTDB_RUNDIR))
- conf.env.CTDB_TEST_DATADIR = os.path.join(conf.env.CTDB_DATADIR, 'tests')
- conf.env.CTDB_TEST_LIBEXECDIR = os.path.join(conf.env.LIBEXECDIR, 'ctdb/tests')
+ if Options.options.ctdb_no_tests:
+ conf.env.ctdb_tests = False
+ else:
+ conf.env.ctdb_tests = True
+
+ if conf.env.ctdb_tests:
+ conf.env.CTDB_TEST_DATADIR = os.path.join(conf.env.CTDB_DATADIR, 'tests')
+ conf.env.CTDB_TEST_LIBEXECDIR = os.path.join(conf.env.LIBEXECDIR, 'ctdb/tests')
# Allow unified compilation and separate compilation of utilities
# to find includes
@@ -706,9 +715,9 @@ def build(bld):
if bld.env.HAVE_LIBRADOS:
bld.SAMBA_BINARY('ctdb_mutex_ceph_rados_helper',
source='utils/ceph/ctdb_mutex_ceph_rados_helper.c',
- deps='talloc tevent rados',
- includes='include',
- install_path='${CTDB_HELPER_BINDIR}')
+ deps='talloc tevent rados',
+ includes='include',
+ install_path='${CTDB_HELPER_BINDIR}')
sed_expr1 = 's|/usr/local/var/lib/ctdb|%s|g' % (bld.env.CTDB_VARDIR)
sed_expr2 = 's|/usr/local/etc/ctdb|%s|g' % (bld.env.CTDB_ETCDIR)
@@ -885,6 +894,9 @@ def build(bld):
for d in ['volatile', 'persistent', 'state']:
bld.INSTALL_DIR(os.path.join(bld.env.CTDB_VARDIR, d))
+ if not bld.env.ctdb_tests:
+ return
+
#
# Test-only below this point
#
--
2.37.1

132
net/samba422/files/0015-Add-extra-debug-class-to-trck-down-DB-locking-code.patch Normal file
View File

@ -0,0 +1,132 @@
From 08e648c899e5023f337d2fa56e4e758f62f31ec4 Mon Sep 17 00:00:00 2001
From: "Timur I. Bakeyev" <timur@FreeBSD.org>
Date: Mon, 31 May 2021 00:38:38 +0200
Subject: [PATCH 15/28] Add extra debug class to trck down DB locking code.
Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
---
lib/dbwrap/dbwrap.c | 3 +++
lib/dbwrap/dbwrap_local_open.c | 3 +++
lib/dbwrap/dbwrap_rbt.c | 3 +++
lib/dbwrap/dbwrap_tdb.c | 3 +++
lib/dbwrap/dbwrap_util.c | 3 +++
source3/lib/dbwrap/dbwrap_ctdb.c | 3 +++
source3/lib/dbwrap/dbwrap_open.c | 3 +++
source3/lib/dbwrap/dbwrap_watch.c | 3 +++
8 files changed, 24 insertions(+)
diff --git a/lib/dbwrap/dbwrap.c b/lib/dbwrap/dbwrap.c
index 7555efaa3ab..51f58fea851 100644
--- a/lib/dbwrap/dbwrap.c
+++ b/lib/dbwrap/dbwrap.c
@@ -28,6 +28,9 @@
#include "lib/util/util_tdb.h"
#include "lib/util/tevent_ntstatus.h"
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_LOCKING
+
/*
* Fall back using fetch if no genuine exists operation is provided
*/
diff --git a/lib/dbwrap/dbwrap_local_open.c b/lib/dbwrap/dbwrap_local_open.c
index 20c5fa0e1d2..b834bbd0e41 100644
--- a/lib/dbwrap/dbwrap_local_open.c
+++ b/lib/dbwrap/dbwrap_local_open.c
@@ -23,6 +23,9 @@
#include "dbwrap/dbwrap_tdb.h"
#include "tdb.h"
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_LOCKING
+
struct db_context *dbwrap_local_open(TALLOC_CTX *mem_ctx,
const char *name,
int hash_size, int tdb_flags,
diff --git a/lib/dbwrap/dbwrap_rbt.c b/lib/dbwrap/dbwrap_rbt.c
index db456dfffba..483558a6dc7 100644
--- a/lib/dbwrap/dbwrap_rbt.c
+++ b/lib/dbwrap/dbwrap_rbt.c
@@ -24,6 +24,9 @@
#include "../lib/util/rbtree.h"
#include "../lib/util/dlinklist.h"
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_LOCKING
+
#define DBWRAP_RBT_ALIGN(_size_) (((_size_)+15)&~15)
struct db_rbt_ctx {
diff --git a/lib/dbwrap/dbwrap_tdb.c b/lib/dbwrap/dbwrap_tdb.c
index 6cd95fa25ad..4a75cd80256 100644
--- a/lib/dbwrap/dbwrap_tdb.c
+++ b/lib/dbwrap/dbwrap_tdb.c
@@ -29,6 +29,9 @@
#include "lib/param/param.h"
#include "libcli/util/error.h"
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_LOCKING
+
struct db_tdb_ctx {
struct tdb_wrap *wtdb;
diff --git a/lib/dbwrap/dbwrap_util.c b/lib/dbwrap/dbwrap_util.c
index df6dea40097..465814f0952 100644
--- a/lib/dbwrap/dbwrap_util.c
+++ b/lib/dbwrap/dbwrap_util.c
@@ -26,6 +26,9 @@
#include "dbwrap.h"
#include "lib/util/util_tdb.h"
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_LOCKING
+
struct dbwrap_fetch_int32_state {
NTSTATUS status;
int32_t result;
diff --git a/source3/lib/dbwrap/dbwrap_ctdb.c b/source3/lib/dbwrap/dbwrap_ctdb.c
index 0907089164a..9fc771d1217 100644
--- a/source3/lib/dbwrap/dbwrap_ctdb.c
+++ b/source3/lib/dbwrap/dbwrap_ctdb.c
@@ -38,6 +38,9 @@
#include "lib/cluster_support.h"
#include "lib/util/tevent_ntstatus.h"
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_LOCKING
+
struct db_ctdb_transaction_handle {
struct db_ctdb_ctx *ctx;
/*
diff --git a/source3/lib/dbwrap/dbwrap_open.c b/source3/lib/dbwrap/dbwrap_open.c
index 52c8a94aeff..caefb579058 100644
--- a/source3/lib/dbwrap/dbwrap_open.c
+++ b/source3/lib/dbwrap/dbwrap_open.c
@@ -31,6 +31,9 @@
#include "ctdbd_conn.h"
#include "global_contexts.h"
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_LOCKING
+
bool db_is_local(const char *name)
{
const char *sockname = lp_ctdbd_socket();
diff --git a/source3/lib/dbwrap/dbwrap_watch.c b/source3/lib/dbwrap/dbwrap_watch.c
index 17a52de37cc..77f7b178229 100644
--- a/source3/lib/dbwrap/dbwrap_watch.c
+++ b/source3/lib/dbwrap/dbwrap_watch.c
@@ -28,6 +28,9 @@
#include "server_id_watch.h"
#include "lib/dbwrap/dbwrap_private.h"
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_LOCKING
+
struct dbwrap_watcher {
/*
* Process watching this record
--
2.37.1

29
net/samba422/files/0016-Make-ldb_schema_attribute_compare-a-stable-comparisi.patch Normal file
View File

@ -0,0 +1,29 @@
From 2b3ee747cdf83b80d07aaf1b261956bc9894ff36 Mon Sep 17 00:00:00 2001
From: "Timur I. Bakeyev" <timur@FreeBSD.org>
Date: Thu, 8 Sep 2022 00:06:37 +0200
Subject: [PATCH 16/28] Make ldb_schema_attribute_compare() a stable
comparision function.
Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
---
lib/ldb/ldb_key_value/ldb_kv_cache.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/lib/ldb/ldb_key_value/ldb_kv_cache.c b/lib/ldb/ldb_key_value/ldb_kv_cache.c
index 4a3c9f29020..cb200aeb9ba 100644
--- a/lib/ldb/ldb_key_value/ldb_kv_cache.c
+++ b/lib/ldb/ldb_key_value/ldb_kv_cache.c
@@ -92,7 +92,9 @@ static int ldb_schema_attribute_compare(const void *p1, const void *p2)
{
const struct ldb_schema_attribute *sa1 = (const struct ldb_schema_attribute *)p1;
const struct ldb_schema_attribute *sa2 = (const struct ldb_schema_attribute *)p2;
- return ldb_attr_cmp(sa1->name, sa2->name);
+ int res = ldb_attr_cmp(sa1->name, sa2->name);
+
+ return (res) ? res : (sa1->flags > sa2->flags) ? 1 : (sa1->flags < sa2->flags) ? -1 : 0;
}
/*
--
2.37.1

49
net/samba422/files/0017-Use-arc4random-when-available-to-generate-random-tal.patch Normal file
View File

@ -0,0 +1,49 @@
From 42c9490dd346ee2f4369cbed4c37cb43f06e5d19 Mon Sep 17 00:00:00 2001
From: "Timur I. Bakeyev" <timur@FreeBSD.org>
Date: Wed, 7 Sep 2022 23:52:43 +0200
Subject: [PATCH 17/28] Use arc4random() when available to generate random
talloc slab signature.
Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
---
lib/talloc/talloc.c | 4 ++++
lib/talloc/wscript | 1 +
2 files changed, 5 insertions(+)
diff --git a/lib/talloc/talloc.c b/lib/talloc/talloc.c
index 29da190880a..79c76fd9e35 100644
--- a/lib/talloc/talloc.c
+++ b/lib/talloc/talloc.c
@@ -397,6 +397,9 @@ void talloc_lib_init(void) CONSTRUCTOR;
void talloc_lib_init(void)
{
uint32_t random_value;
+#if defined(HAVE_ARC4RANDOM)
+ random_value = arc4random();
+#else
#if defined(HAVE_GETAUXVAL) && defined(AT_RANDOM)
uint8_t *p;
/*
@@ -430,6 +433,7 @@ void talloc_lib_init(void)
*/
random_value = ((uintptr_t)talloc_lib_init & 0xFFFFFFFF);
}
+#endif /* HAVE_ARC4RANDOM */
talloc_magic = random_value & ~TALLOC_FLAG_MASK;
}
#else
diff --git a/lib/talloc/wscript b/lib/talloc/wscript
index f0c266a7878..c75ec0505df 100644
--- a/lib/talloc/wscript
+++ b/lib/talloc/wscript
@@ -52,6 +52,7 @@ def configure(conf):
conf.CHECK_HEADERS('sys/auxv.h')
conf.CHECK_FUNCS('getauxval')
+ conf.CHECK_FUNCS('arc4random')
conf.SAMBA_CONFIG_H()
--
2.37.1

65
net/samba422/files/0018-Add-configuration-option-that-allows-to-choose-alter.patch Normal file
View File

@ -0,0 +1,65 @@
From b81d399aa6d9e2bdbb9db0efa8109c41aad4d025 Mon Sep 17 00:00:00 2001
From: "Timur I. Bakeyev" <timur@FreeBSD.org>
Date: Mon, 31 May 2021 02:49:20 +0200
Subject: [PATCH 18/28] Add configuration option that allows to choose
alternative mDNS implementation dns_sd library.
Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
---
source3/wscript | 12 ++++++++++++
source3/wscript_build | 2 ++
2 files changed, 14 insertions(+)
diff --git a/source3/wscript b/source3/wscript
index 2121b8b6510..6209472c6c8 100644
--- a/source3/wscript
+++ b/source3/wscript
@@ -70,6 +70,7 @@ def options(opt):
opt.samba_add_onoff_option('sendfile-support', default=None)
opt.samba_add_onoff_option('utmp')
opt.samba_add_onoff_option('avahi', with_name="enable", without_name="disable")
+ opt.samba_add_onoff_option('dnssd', with_name="enable", without_name="disable")
opt.samba_add_onoff_option('iconv')
opt.samba_add_onoff_option('acl-support')
opt.samba_add_onoff_option('syslog')
@@ -855,6 +856,17 @@ msg.msg_accrightslen = sizeof(fd);
conf.SET_TARGET_TYPE('avahi-common', 'EMPTY')
conf.SET_TARGET_TYPE('avahi-client', 'EMPTY')
+ if Options.options.with_dnssd:
+ conf.env.with_dnssd = True
+ if not conf.CHECK_HEADERS('dns_sd.h'):
+ conf.env.with_dnssd = False
+ if not conf.CHECK_FUNCS_IN('DNSServiceRegister', 'dns_sd'):
+ conf.env.with_dnssd = False
+ if conf.env.with_dnssd:
+ conf.DEFINE('WITH_DNSSD_SUPPORT', 1)
+ else:
+ conf.SET_TARGET_TYPE('dns_sd', 'EMPTY')
+
if Options.options.with_iconv:
conf.env.with_iconv = True
if not conf.CHECK_FUNCS_IN('iconv_open', 'iconv', headers='iconv.h'):
diff --git a/source3/wscript_build b/source3/wscript_build
index 5cf965dc45d..edd7985e648 100644
--- a/source3/wscript_build
+++ b/source3/wscript_build
@@ -709,6 +709,7 @@ bld.SAMBA3_LIBRARY('smbd_base',
samba3core
param_service
AVAHI
+ dns_sd
PROFILE
LOCKING
LIBADS_SERVER
@@ -1128,6 +1129,7 @@ bld.SAMBA3_BINARY('client/smbclient',
msrpc3
RPC_NDR_SRVSVC
cli_smb_common
+ dns_sd
archive
''')
--
2.37.1

544
net/samba422/files/0019-From-923bc7a1afeb0b920e60e14846987ae1d2d7dca4-Mon-Se.patch Normal file
View File

@ -0,0 +1,544 @@
From 5aabf82dfaf325bf682db85d80476224e7005a41 Mon Sep 17 00:00:00 2001
From: "Timur I. Bakeyev" <timur@FreeBSD.org>
Date: Mon, 31 May 2021 00:46:16 +0200
Subject: [PATCH 19/28] From 923bc7a1afeb0b920e60e14846987ae1d2d7dca4 Mon Sep
17 00:00:00 2001 From: John Hixson <john@ixsystems.com> Date: Thu, 7 Dec 2017
09:36:32 -0500 Subject: [PATCH] Freenas/master mdns fixes (#22)
* mDNS fixes for Samba (work in progress).
* Fix mDNS - Can advertise on individual interfaces
* Fix mDNS browsing in smbclient
Signed-off-by: Timur I. Bakeyev <timur@iXsystems.com>
Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
---
source3/client/dnsbrowse.c | 19 +-
source3/smbd/dnsregister.c | 354 ++++++++++++++++++++++++++++++-------
2 files changed, 299 insertions(+), 74 deletions(-)
diff --git a/source3/client/dnsbrowse.c b/source3/client/dnsbrowse.c
index be6eb881cf1..83aef966d2a 100644
--- a/source3/client/dnsbrowse.c
+++ b/source3/client/dnsbrowse.c
@@ -39,6 +39,7 @@ struct mdns_smbsrv_result
struct mdns_browse_state
{
struct mdns_smbsrv_result *listhead; /* Browse result list head */
+ TALLOC_CTX * ctx;
int browseDone;
};
@@ -64,7 +65,7 @@ static void do_smb_resolve(struct mdns_smbsrv_result *browsesrv)
struct timeval tv;
DNSServiceErrorType err;
- TALLOC_CTX * ctx = talloc_tos();
+ TALLOC_CTX * ctx = talloc_new(NULL);
err = DNSServiceResolve(&mdns_conn_sdref, 0 /* flags */,
browsesrv->ifIndex,
@@ -91,7 +92,7 @@ static void do_smb_resolve(struct mdns_smbsrv_result *browsesrv)
}
}
- TALLOC_FREE(fdset);
+ TALLOC_FREE(ctx);
DNSServiceRefDeallocate(mdns_conn_sdref);
}
@@ -124,18 +125,19 @@ do_smb_browse_reply(DNSServiceRef sdRef, DNSServiceFlags flags,
return;
}
- bresult = talloc_array(talloc_tos(), struct mdns_smbsrv_result, 1);
+ bresult = talloc_array(bstatep->ctx, struct mdns_smbsrv_result, 1);
if (bresult == NULL) {
return;
}
+ bresult->nextResult = NULL;
if (bstatep->listhead != NULL) {
bresult->nextResult = bstatep->listhead;
}
- bresult->serviceName = talloc_strdup(talloc_tos(), serviceName);
- bresult->regType = talloc_strdup(talloc_tos(), regtype);
- bresult->domain = talloc_strdup(talloc_tos(), replyDomain);
+ bresult->serviceName = talloc_strdup(bstatep->ctx, serviceName);
+ bresult->regType = talloc_strdup(bstatep->ctx, regtype);
+ bresult->domain = talloc_strdup(bstatep->ctx, replyDomain);
bresult->ifIndex = interfaceIndex;
bstatep->listhead = bresult;
}
@@ -151,10 +153,13 @@ int do_smb_browse(void)
DNSServiceRef mdns_conn_sdref = NULL;
DNSServiceErrorType err;
- TALLOC_CTX * ctx = talloc_stackframe();
+ TALLOC_CTX * ctx = talloc_new(NULL);
ZERO_STRUCT(bstate);
+ bstate.ctx = ctx;
+ bstate.listhead = NULL;
+
err = DNSServiceBrowse(&mdns_conn_sdref, 0, 0, "_smb._tcp", "",
do_smb_browse_reply, &bstate);
diff --git a/source3/smbd/dnsregister.c b/source3/smbd/dnsregister.c
index df189001a09..389a4278f64 100644
--- a/source3/smbd/dnsregister.c
+++ b/source3/smbd/dnsregister.c
@@ -29,6 +29,29 @@
* browse for advertised SMB services.
*/
+/*
+ * Time Machine Errata:
+ * sys=adVF=0x100 -- this is required when ._adisk._tcp is present on device. When it is
+ * set, the MacOS client will send a NetShareEnumAll IOCTL and shares will be visible.
+ * Otherwise, Finder will only see the Time Machine share. In the absence of ._adisk._tcp
+ * MacOS will _always_ send NetShareEnumAll IOCTL.
+ *
+ * waMa=0 -- MacOS server uses waMa=0, while embedded devices have it set to their Mac Address.
+ * Speculation in Samba-Technical indicates that this stands for "Wireless AirDisk Mac Address".
+ *
+ * adVU -- AirDisk Volume UUID. Mac OS servers generate a UUID. Time machine over SMB works without one
+ * set. Netatalk generates a UUID and stores it persistently in afp_voluuid.conf. This can be
+ * set by adding the share parameter "fruit:volume_uuid = "
+ *
+ * dk(n)=adVF=
+ * 0xa1, 0x81 - AFP support
+ * 0xa2, 0x82 - SMB support
+ * 0xa3, 0x83 - AFP and SMB support
+ *
+ * adVN -- AirDisk Volume Name. We set this to the share name.
+ *
+ */
+
#define DNS_REG_RETRY_INTERVAL (5*60) /* in seconds */
#ifdef WITH_DNSSD_SUPPORT
@@ -36,85 +59,177 @@
#include <dns_sd.h>
struct dns_reg_state {
- struct tevent_context *event_ctx;
- uint16_t port;
- DNSServiceRef srv_ref;
- struct tevent_timer *te;
- int fd;
- struct tevent_fd *fde;
+ int count;
+ struct reg_state {
+ DNSServiceRef srv_ref;
+ TALLOC_CTX *mem_ctx;
+ struct tevent_context *event_ctx;
+ struct tevent_timer *te;
+ struct tevent_fd *fde;
+ uint16_t port;
+ int if_index;
+ int fd;
+ } *drs;
};
-static int dns_reg_state_destructor(struct dns_reg_state *dns_state)
+static void dns_register_smbd_retry(struct tevent_context *ctx,
+ struct tevent_timer *te,
+ struct timeval now,
+ void *private_data);
+static void dns_register_smbd_fde_handler(struct tevent_context *ev,
+ struct tevent_fd *fde,
+ uint16_t flags,
+ void *private_data);
+
+
+static int reg_state_destructor(struct reg_state *state)
{
- if (dns_state->srv_ref != NULL) {
+ if (state == NULL) {
+ return -1;
+ }
+
+ if (state->srv_ref != NULL) {
/* Close connection to the mDNS daemon */
- DNSServiceRefDeallocate(dns_state->srv_ref);
- dns_state->srv_ref = NULL;
+ DNSServiceRefDeallocate(state->srv_ref);
+ state->srv_ref = NULL;
}
/* Clear event handler */
- TALLOC_FREE(dns_state->te);
- TALLOC_FREE(dns_state->fde);
- dns_state->fd = -1;
+ TALLOC_FREE(state->te);
+ TALLOC_FREE(state->fde);
+ state->fd = -1;
return 0;
}
-static void dns_register_smbd_retry(struct tevent_context *ctx,
- struct tevent_timer *te,
- struct timeval now,
- void *private_data);
-static void dns_register_smbd_fde_handler(struct tevent_context *ev,
- struct tevent_fd *fde,
- uint16_t flags,
- void *private_data);
+int TXTRecordPrintf(TXTRecordRef * rec, const char * key, const char * fmt, ... )
+{
+ int ret = 0;
+ char *str;
+ va_list ap;
+ va_start( ap, fmt );
+
+ if( 0 > vasprintf(&str, fmt, ap ) ) {
+ va_end(ap);
+ return -1;
+ }
+ va_end(ap);
+
+ if( kDNSServiceErr_NoError != TXTRecordSetValue(rec, key, strlen(str), str) ) {
+ ret = -1;
+ }
+
+ free(str);
+ return ret;
+}
+
+int TXTRecordKeyPrintf(TXTRecordRef * rec, const char * key_fmt, int key_var, const char * fmt, ...)
+{
+ int ret = 0;
+ char *key = NULL, *str = NULL;
+ va_list ap;
+
+ if( 0 > asprintf(&key, key_fmt, key_var)) {
+ DEBUG(1, ("Failed in asprintf\n"));
+ return -1;
+ }
-static bool dns_register_smbd_schedule(struct dns_reg_state *dns_state,
+ va_start( ap, fmt );
+ if( 0 > vasprintf(&str, fmt, ap )) {
+ va_end(ap);
+ DEBUG(1, ("Failed in vasprintf\n"));
+ ret = -1;
+ goto exit;
+ }
+ va_end(ap);
+
+ if( kDNSServiceErr_NoError != TXTRecordSetValue(rec, key, strlen(str), str) ) {
+ DEBUG(1, ("Failed in TXTRecordSetValuen"));
+ ret = -1;
+ goto exit;
+ }
+
+ exit:
+ if (str)
+ free(str);
+ if (key)
+ free(key);
+ return ret;
+}
+
+
+static bool dns_register_smbd_schedule(struct reg_state *state,
struct timeval tval)
{
- dns_reg_state_destructor(dns_state);
+ reg_state_destructor(state);
- dns_state->te = tevent_add_timer(dns_state->event_ctx,
- dns_state,
+ state->te = tevent_add_timer(state->event_ctx,
+ state->mem_ctx,
tval,
dns_register_smbd_retry,
- dns_state);
- if (!dns_state->te) {
+ state);
+ if (!state->te) {
return false;
}
return true;
}
+static void dns_register_smbd_callback(DNSServiceRef service,
+ DNSServiceFlags flags,
+ DNSServiceErrorType errorCode,
+ const char *name,
+ const char *type,
+ const char *domain,
+ void *context)
+{
+ if (errorCode != kDNSServiceErr_NoError) {
+ DEBUG(6, ("error=%d\n", errorCode));
+ } else {
+ DEBUG(6, ("%-15s %s.%s%s\n", "REGISTER", name, type, domain));
+ }
+}
+
static void dns_register_smbd_retry(struct tevent_context *ctx,
struct tevent_timer *te,
struct timeval now,
void *private_data)
{
- struct dns_reg_state *dns_state = talloc_get_type_abort(private_data,
- struct dns_reg_state);
+ struct reg_state *state = (struct reg_state *)private_data;
DNSServiceErrorType err;
+ int snum;
+ size_t dk = 0;
+ bool sys_txt_created = false;
+ TXTRecordRef txt_adisk;
+ TXTRecordRef txt_devinfo;
+ char *servname;
+ char *v_uuid;
+ int num_services = lp_numservices();
+
+ reg_state_destructor(state);
- dns_reg_state_destructor(dns_state);
+ TXTRecordCreate(&txt_adisk, 0, NULL);
- DEBUG(6, ("registering _smb._tcp service on port %d\n",
- dns_state->port));
+ DEBUG(6, ("registering _smb._tcp service on port %d index %d\n",
+ state->port, state->if_index));
/* Register service with DNS. Connects with the mDNS
* daemon running on the local system to perform DNS
* service registration.
*/
- err = DNSServiceRegister(&dns_state->srv_ref, 0 /* flags */,
- kDNSServiceInterfaceIndexAny,
- NULL /* service name */,
- "_smb._tcp" /* service type */,
- NULL /* domain */,
- "" /* SRV target host name */,
- htons(dns_state->port),
- 0 /* TXT record len */,
- NULL /* TXT record data */,
- NULL /* callback func */,
- NULL /* callback context */);
+ err = DNSServiceRegister(&state->srv_ref,
+ 0 /* flags */,
+ state->if_index /* interface index */,
+ NULL /* service name */,
+ "_smb._tcp" /* service type */,
+ NULL /* domain */,
+ "" /* SRV target host name */,
+ htons(state->port) /* port */,
+ 0 /* TXT record len */,
+ NULL /* TXT record data */,
+ dns_register_smbd_callback /* callback func */,
+ NULL /* callback context */);
+
if (err != kDNSServiceErr_NoError) {
/* Failed to register service. Schedule a re-try attempt.
@@ -123,24 +238,96 @@ static void dns_register_smbd_retry(struct tevent_context *ctx,
goto retry;
}
- dns_state->fd = DNSServiceRefSockFD(dns_state->srv_ref);
- if (dns_state->fd == -1) {
+ /*
+ * Check for services that are configured as Time Machine targets
+ *
+ */
+ for (snum = 0; snum < num_services; snum++) {
+ if (lp_snum_ok(snum) && lp_parm_bool(snum, "fruit", "time machine", false))
+ {
+ if (!sys_txt_created) {
+ if( 0 > TXTRecordPrintf(&txt_adisk, "sys", "adVF=0x100") ) {
+ DEBUG(1, ("Failed to create Zeroconf TXTRecord for sys") );
+ goto retry;
+ }
+ else
+ {
+ sys_txt_created = true;
+ }
+ }
+
+ v_uuid = lp_parm_const_string(snum, "fruit", "volume_uuid", NULL);
+ servname = lp_const_servicename(snum);
+ DEBUG(1, ("Registering volume %s for TimeMachine\n", servname));
+ if (v_uuid) {
+ if( 0 > TXTRecordKeyPrintf(&txt_adisk, "dk%zu", dk++, "adVN=%s,adVF=0x82,adVU=%s",
+ servname, v_uuid) ) {
+ DEBUG(1, ("Could not set Zeroconf TXTRecord for dk%zu \n", dk));
+ goto retry;
+ }
+ DEBUG(1, ("Registering TimeMachine with the following TXT parameters: "
+ "dk%zu,adVN=%s,adVF=0x82,adVU=%s\n", dk, servname, v_uuid) );
+ }
+ else {
+ if( 0 > TXTRecordKeyPrintf(&txt_adisk, "dk%zu", dk++, "adVN=%s,adVF=0x82",
+ servname) ) {
+ DEBUG(1, ("Could not set Zeroconf TXTRecord for dk%zu \n", dk));
+ goto retry;
+ }
+ DEBUG(1, ("Registering TimeMachine with the following TXT parameters: "
+ "dk%zu,adVN=%s,adVF=0x82\n", dk, servname) );
+ }
+ }
+ }
+
+ if (dk) {
+ err = DNSServiceRegister(&state->srv_ref,
+ 0 /* flags */,
+ state->if_index /* interface index */,
+ NULL /* service name */,
+ "_adisk._tcp" /* service type */,
+ NULL /* domain */,
+ "" /* SRV target host name */,
+ /*
+ * We would probably use port 0 zero, but we can't, from man DNSServiceRegister:
+ * "A value of 0 for a port is passed to register placeholder services.
+ * Place holder services are not found when browsing, but other
+ * clients cannot register with the same name as the placeholder service."
+ * We therefor use port 9 which is used by the adisk service type.
+ */
+ htons(9) /* port */,
+ TXTRecordGetLength(&txt_adisk) /* TXT record len */,
+ TXTRecordGetBytesPtr(&txt_adisk) /* TXT record data */,
+ dns_register_smbd_callback /* callback func */,
+ NULL /* callback context */);
+
+
+ if (err != kDNSServiceErr_NoError) {
+ /* Failed to register service. Schedule a re-try attempt.
+ */
+ DEBUG(1, ("unable to register with mDNS (err %d)\n", err));
+ goto retry;
+ }
+ }
+
+ state->fd = DNSServiceRefSockFD(state->srv_ref);
+ if (state->fd == -1) {
goto retry;
}
- dns_state->fde = tevent_add_fd(dns_state->event_ctx,
- dns_state,
- dns_state->fd,
- TEVENT_FD_READ,
- dns_register_smbd_fde_handler,
- dns_state);
- if (!dns_state->fde) {
+ state->fde = tevent_add_fd(state->event_ctx,
+ state->mem_ctx,
+ state->fd,
+ TEVENT_FD_READ,
+ dns_register_smbd_fde_handler,
+ state);
+ if (!state->fde) {
goto retry;
}
return;
retry:
- dns_register_smbd_schedule(dns_state,
+ dns_register_smbd_schedule(state,
timeval_current_ofs(DNS_REG_RETRY_INTERVAL, 0));
}
@@ -150,44 +337,77 @@ static void dns_register_smbd_fde_handler(struct tevent_context *ev,
uint16_t flags,
void *private_data)
{
- struct dns_reg_state *dns_state = talloc_get_type_abort(private_data,
- struct dns_reg_state);
+ struct reg_state *state = (struct reg_state *)private_data;
DNSServiceErrorType err;
- err = DNSServiceProcessResult(dns_state->srv_ref);
+ err = DNSServiceProcessResult(state->srv_ref);
if (err != kDNSServiceErr_NoError) {
- DEBUG(3, ("failed to process mDNS result (err %d), re-trying\n",
- err));
+ DEBUG(3, ("failed to process mDNS result (err %d), re-trying\n", err));
goto retry;
}
- talloc_free(dns_state);
return;
retry:
- dns_register_smbd_schedule(dns_state,
- timeval_current_ofs(DNS_REG_RETRY_INTERVAL, 0));
+ dns_register_smbd_schedule(state, timeval_zero());
}
+static int dns_reg_state_destructor(struct dns_reg_state *state)
+{
+ if (state != NULL) {
+ talloc_free(state);
+ }
+ return 0;
+}
+
+
bool smbd_setup_mdns_registration(struct tevent_context *ev,
TALLOC_CTX *mem_ctx,
uint16_t port)
{
struct dns_reg_state *dns_state;
+ bool bind_all = true;
+ int i;
dns_state = talloc_zero(mem_ctx, struct dns_reg_state);
- if (dns_state == NULL) {
+ if (dns_state == NULL)
+ return false;
+
+ if (lp_interfaces() && lp_bind_interfaces_only())
+ bind_all = false;
+
+ dns_state->count = iface_count();
+ if (dns_state->count <= 0 || bind_all == true)
+ dns_state->count = 1;
+
+ dns_state->drs = talloc_array(mem_ctx, struct reg_state, dns_state->count);
+ if (dns_state->drs == NULL) {
+ talloc_free(dns_state);
return false;
}
- dns_state->event_ctx = ev;
- dns_state->port = port;
- dns_state->fd = -1;
- talloc_set_destructor(dns_state, dns_reg_state_destructor);
+ for (i = 0; i < dns_state->count; i++) {
+ struct interface *iface = get_interface(i);
+ struct reg_state *state = &dns_state->drs[i];
+
+ state->mem_ctx = mem_ctx;
+ state->srv_ref = NULL;
+ state->event_ctx = ev;
+ state->te = NULL;
+ state->fde = NULL;
+ state->port = port;
+ state->fd = -1;
- return dns_register_smbd_schedule(dns_state, timeval_zero());
+ state->if_index = bind_all ? kDNSServiceInterfaceIndexAny : iface->if_index;
+
+ dns_register_smbd_schedule(&dns_state->drs[i], timeval_zero());
+ }
+
+ talloc_set_destructor(dns_state, dns_reg_state_destructor);
+ return true;
}
+
#else /* WITH_DNSSD_SUPPORT */
bool smbd_setup_mdns_registration(struct tevent_context *ev,
--
2.37.1

35
net/samba422/files/0020-FreeBSD-12-between-r336017-and-r342928-wrongfuly-ret.patch Normal file
View File

@ -0,0 +1,35 @@
From 02b599cc740490fa6f433b0c455fe458fdc1db61 Mon Sep 17 00:00:00 2001
From: "Timur I. Bakeyev" <timur@FreeBSD.org>
Date: Mon, 31 May 2021 02:45:11 +0200
Subject: [PATCH 20/28] FreeBSD 12 between r336017 and r342928 wrongfuly return
ENOENT for the not enabled qoutas on ZFS. Wrap relevant error code check with
the versioning ifdef's.
Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
---
source3/lib/sysquotas_4B.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/source3/lib/sysquotas_4B.c b/source3/lib/sysquotas_4B.c
index d9beb924ad9..c41cac02e5f 100644
--- a/source3/lib/sysquotas_4B.c
+++ b/source3/lib/sysquotas_4B.c
@@ -140,7 +140,14 @@ static int sys_quotactl_4B(const char * path, int cmd,
/* ENOTSUP means quota support is not compiled in. EINVAL
* means that quotas are not configured (commonly).
*/
- if (errno != ENOTSUP && errno != EINVAL) {
+ if (errno != ENOTSUP && errno != EINVAL
+/*
+ * FreeBSD 12 between r336017 and r342928 wrongfuly return ENOENT for the not enabled qoutas on ZFS.
+ */
+#if defined(__FreeBSD__) && ((__FreeBSD_version >= 1102503 && __FreeBSD_version <= 1102506) || (__FreeBSD_version >= 1200072 && __FreeBSD_version <= 1200503) || (__FreeBSD_version >= 1300000 && __FreeBSD_version <= 1300009))
+ && errno != ENOENT
+#endif
+ ) {
DEBUG(5, ("failed to %s quota for %s ID %u on %s: %s\n",
(cmd & QCMD(Q_GETQUOTA, 0)) ? "get" : "set",
(cmd & QCMD(0, GRPQUOTA)) ? "group" : "user",
--
2.37.1

36
net/samba422/files/0021-Fix-casting-warnings-in-the-nfs_quota-debug-message.patch Normal file
View File

@ -0,0 +1,36 @@
From 46f5b54aa5761541a16108d66764d662f37f04d2 Mon Sep 17 00:00:00 2001
From: "Timur I. Bakeyev" <timur@FreeBSD.org>
Date: Mon, 31 May 2021 02:41:48 +0200
Subject: [PATCH 21/28] Fix casting warnings in the nfs_quota debug message.
Initialize quota structure with zeros.
Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
---
source3/smbd/quotas.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/source3/smbd/quotas.c b/source3/smbd/quotas.c
index 604631f81d6..c23fa49b3b0 100644
--- a/source3/smbd/quotas.c
+++ b/source3/smbd/quotas.c
@@ -125,6 +125,7 @@ static bool nfs_quotas(char *nfspath, uid_t euser_id, uint64_t *bsize, uint64_t
if (!cutstr)
return False;
+ memset(&D, '\0', sizeof(D));
memset(cutstr, '\0', len+1);
host = strncat(cutstr,mnttype, sizeof(char) * len );
DEBUG(5,("nfs_quotas: looking for mount on \"%s\"\n", cutstr));
@@ -133,7 +134,7 @@ static bool nfs_quotas(char *nfspath, uid_t euser_id, uint64_t *bsize, uint64_t
args.gqa_pathp = testpath+1;
args.gqa_uid = uid;
- DEBUG(5,("nfs_quotas: Asking for host \"%s\" rpcprog \"%i\" rpcvers \"%i\" network \"%s\"\n", host, RQUOTAPROG, RQUOTAVERS, "udp"));
+ DEBUG(5,("nfs_quotas: Asking for host \"%s\" rpcprog \"%lu\" rpcvers \"%lu\" network \"%s\"\n", host, RQUOTAPROG, RQUOTAVERS, "udp"));
if ((clnt = clnt_create(host, RQUOTAPROG, RQUOTAVERS, "udp")) == NULL) {
ret = False;
--
2.37.1

332
net/samba422/files/0022-Clean-up-UTMP-handling-code-and-add-FreeBSD-support..patch Normal file
View File

@ -0,0 +1,332 @@
From 5019ad026f106d51dc2bb4c410a05b2f63b56cd0 Mon Sep 17 00:00:00 2001
From: "Timur I. Bakeyev" <timur@FreeBSD.org>
Date: Mon, 31 May 2021 01:43:13 +0200
Subject: [PATCH 22/28] Clean up UTMP handling code and add FreeBSD support.
Some really legacy platforms may have been dropped as a result.
Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
---
source3/smbd/utmp.c | 152 +++++++++++-------------------------------
source3/wscript | 36 +++++----
2 files changed, 60 insertions(+), 128 deletions(-)
diff -Naurp a/source3/smbd/utmp.c b/source3/smbd/utmp.c
--- a/source3/smbd/utmp.c 2024-02-02 04:33:51.316490200 -0500
+++ b/source3/smbd/utmp.c 2024-08-05 12:50:57.691687000 -0400
@@ -257,7 +257,7 @@ static char *uw_pathname(TALLOC_CTX *ctx,
Update utmp file directly. No subroutine interface: probably a BSD system.
****************************************************************************/
-static void pututline_my(const char *uname, struct utmp *u, bool claim)
+static void pututline_my(const char *uname, STRUCT_UTMP *u, bool claim)
{
DEBUG(1,("pututline_my: not yet implemented\n"));
/* BSD implementor: may want to consider (or not) adjusting "lastlog" */
@@ -271,7 +271,7 @@ static void pututline_my(const char *uname, struct utm
Credit: Michail Vidiassov <master@iaas.msu.ru>
****************************************************************************/
-static void updwtmp_my(const char *wname, struct utmp *u, bool claim)
+static void updwtmp_my(const char *wname, STRUCT_UTMP *u, bool claim)
{
int fd;
struct stat buf;
@@ -303,7 +303,7 @@ static void updwtmp_my(const char *wname, struct utmp
if ((fd = open(wname, O_WRONLY|O_APPEND, 0)) < 0)
return;
if (fstat(fd, &buf) == 0) {
- if (write(fd, (char *)u, sizeof(struct utmp)) != sizeof(struct utmp))
+ if (write(fd, (char *)u, sizeof(STRUCT_UTMP)) != sizeof(STRUCT_UTMP))
(void) ftruncate(fd, buf.st_size);
}
(void) close(fd);
@@ -314,12 +314,12 @@ static void updwtmp_my(const char *wname, struct utmp
Update via utmp/wtmp (not utmpx/wtmpx).
****************************************************************************/
-static void utmp_nox_update(struct utmp *u, bool claim)
+static void utmp_nox_update(STRUCT_UTMP *u, bool claim)
{
char *uname = NULL;
char *wname = NULL;
#if defined(PUTUTLINE_RETURNS_UTMP)
- struct utmp *urc;
+ STRUCT_UTMP *urc;
#endif /* PUTUTLINE_RETURNS_UTMP */
uname = uw_pathname(talloc_tos(), "utmp", ut_pathname);
@@ -376,127 +376,52 @@ static void utmp_nox_update(struct utmp *u, bool claim
}
}
-/****************************************************************************
- Copy a string in the utmp structure.
-****************************************************************************/
-static void utmp_strcpy(char *dest, const char *src, size_t n)
-{
- size_t len = 0;
- memset(dest, '\0', n);
- if (src)
- len = strlen(src);
- if (len >= n) {
- memcpy(dest, src, n);
- } else {
- if (len)
- memcpy(dest, src, len);
- }
-}
+
/****************************************************************************
Update via utmpx/wtmpx (preferred) or via utmp/wtmp.
****************************************************************************/
-static void sys_utmp_update(struct utmp *u, const char *hostname, bool claim)
+static void sys_utmp_update(STRUCT_UTMP *u, const char *hostname, bool claim)
{
-#if !defined(HAVE_UTMPX_H)
- /* No utmpx stuff. Drop to non-x stuff */
- utmp_nox_update(u, claim);
-#elif !defined(HAVE_PUTUTXLINE)
- /* Odd. Have utmpx.h but no "pututxline()". Drop to non-x stuff */
- DEBUG(1,("utmp_update: have utmpx.h but no pututxline() function\n"));
- utmp_nox_update(u, claim);
-#elif !defined(HAVE_GETUTMPX)
- /* Odd. Have utmpx.h but no "getutmpx()". Drop to non-x stuff */
- DEBUG(1,("utmp_update: have utmpx.h but no getutmpx() function\n"));
- utmp_nox_update(u, claim);
-#elif !defined(HAVE_UPDWTMPX)
- /* Have utmpx.h but no "updwtmpx()". Drop to non-x stuff */
- DEBUG(1,("utmp_update: have utmpx.h but no updwtmpx() function\n"));
- utmp_nox_update(u, claim);
-#else
- char *uname = NULL;
- char *wname = NULL;
- struct utmpx ux, *uxrc;
+ STRUCT_UTMP *urc;
- getutmpx(u, &ux);
-
-#if defined(HAVE_UX_UT_SYSLEN)
- if (hostname)
- ux.ut_syslen = strlen(hostname) + 1; /* include end NULL */
- else
- ux.ut_syslen = 0;
-#endif
-#if defined(HAVE_UX_UT_HOST)
- utmp_strcpy(ux.ut_host, hostname, sizeof(ux.ut_host));
-#endif
-
- uname = uw_pathname(talloc_tos(), "utmpx", ux_pathname);
- wname = uw_pathname(talloc_tos(), "wtmpx", wx_pathname);
- if (uname && wname) {
- DEBUG(2,("utmp_update: uname:%s wname:%s\n", uname, wname));
+ setutxent();
+ urc = pututxline(u);
+ endutxent();
+ if (urc == NULL) {
+ DEBUG(2,("utmp_update: pututxline() failed\n"));
+ return;
}
-
- /*
- * Check for either uname or wname being empty.
- * Some systems, such as Redhat 6, have a "utmpx.h" which doesn't
- * define default filenames.
- * Also, our local installation has not provided an override.
- * Drop to non-x method. (E.g. RH6 has good defaults in "utmp.h".)
- */
- if (!uname || !wname || (strlen(uname) == 0) || (strlen(wname) == 0)) {
- utmp_nox_update(u, claim);
- } else {
- utmpxname(uname);
- setutxent();
- uxrc = pututxline(&ux);
- endutxent();
- if (uxrc == NULL) {
- DEBUG(2,("utmp_update: pututxline() failed\n"));
- return;
- }
- updwtmpx(wname, &ux);
- }
-#endif /* HAVE_UTMPX_H */
}
#if defined(HAVE_UT_UT_ID)
/****************************************************************************
Encode the unique connection number into "ut_id".
****************************************************************************/
-
-static int ut_id_encode(int i, char *fourbyte)
+static void ut_id_encode(char *buf, int id, size_t buf_size)
{
- int nbase;
- const char *ut_id_encstr = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
+ const char ut_id_encstr[] = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
-/*
- * 'ut_id_encstr' is the character set on which modulo arithmetic is done.
- * Example: digits would produce the base-10 numbers from '001'.
- */
- nbase = strlen(ut_id_encstr);
+ int nbase = sizeof(ut_id_encstr) - 1;
+ /*
+ * 'ut_id_encstr' is the character set on which modulo arithmetic is done.
+ * Example: digits would produce the base-10 numbers from '001'.
+ */
- fourbyte[0] = ut_id_encstr[i % nbase];
- i /= nbase;
- fourbyte[1] = ut_id_encstr[i % nbase];
- i /= nbase;
- fourbyte[3] = ut_id_encstr[i % nbase];
- i /= nbase;
- fourbyte[2] = ut_id_encstr[i % nbase];
- i /= nbase;
-
- /* we do not care about overflows as i is a random number */
- return 0;
+ for(int i = 0; i < buf_size; i++) {
+ buf[i] = ut_id_encstr[id % nbase];
+ id /= nbase;
+ }
}
#endif /* defined(HAVE_UT_UT_ID) */
-
/*
fill a system utmp structure given all the info we can gather
*/
-static bool sys_utmp_fill(struct utmp *u,
+static bool sys_utmp_fill(STRUCT_UTMP *u,
const char *username, const char *hostname,
const char *id_str, int id_num)
{
@@ -509,16 +434,16 @@ static bool sys_utmp_fill(struct utmp *u,
* rather than to try to detect and optimise.
*/
#if defined(HAVE_UT_UT_USER)
- utmp_strcpy(u->ut_user, username, sizeof(u->ut_user));
+ strncpy(u->ut_user, username, sizeof(u->ut_user));
#elif defined(HAVE_UT_UT_NAME)
- utmp_strcpy(u->ut_name, username, sizeof(u->ut_name));
+ strncpy(u->ut_name, username, sizeof(u->ut_name));
#endif
/*
* ut_line:
* If size limit proves troublesome, then perhaps use "ut_id_encode()".
*/
- utmp_strcpy(u->ut_line, id_str, sizeof(u->ut_line));
+ strncpy(u->ut_line, id_str, sizeof(u->ut_line));
#if defined(HAVE_UT_UT_PID)
u->ut_pid = getpid();
@@ -535,20 +460,23 @@ static bool sys_utmp_fill(struct utmp *u,
u->ut_time = timeval.tv_sec;
#elif defined(HAVE_UT_UT_TV)
GetTimeOfDay(&timeval);
- u->ut_tv = timeval;
+ u->ut_tv.tv_sec = timeval.tv_sec;
+ u->ut_tv.tv_usec = timeval.tv_usec;
#else
#error "with-utmp must have UT_TIME or UT_TV"
#endif
#if defined(HAVE_UT_UT_HOST)
- utmp_strcpy(u->ut_host, hostname, sizeof(u->ut_host));
+ if(hostname != NULL) {
+ strncpy(u->ut_host, hostname, sizeof(u->ut_host));
+#if defined(HAVE_UT_UT_SYSLEN)
+ u->ut_syslen = strlen(hostname) + 1; /* include trailing NULL */
#endif
+ }
+#endif
#if defined(HAVE_UT_UT_ID)
- if (ut_id_encode(id_num, u->ut_id) != 0) {
- DEBUG(1,("utmp_fill: cannot encode id %d\n", id_num));
- return False;
- }
+ ut_id_encode(u->ut_id, id_num, sizeof(u->ut_id));
#endif
return True;
@@ -561,7 +489,7 @@ void sys_utmp_yield(const char *username, const char *
void sys_utmp_yield(const char *username, const char *hostname,
const char *id_str, int id_num)
{
- struct utmp u;
+ STRUCT_UTMP u;
ZERO_STRUCT(u);
@@ -587,7 +515,7 @@ void sys_utmp_claim(const char *username, const char *
void sys_utmp_claim(const char *username, const char *hostname,
const char *id_str, int id_num)
{
- struct utmp u;
+ STRUCT_UTMP u;
ZERO_STRUCT(u);
diff -Naurp a/source3/wscript b/source3/wscript
--- a/source3/wscript 2024-08-05 12:50:16.286549000 -0400
+++ b/source3/wscript 2024-08-05 13:02:31.909769000 -0400
@@ -804,34 +804,38 @@ msg.msg_accrightslen = sizeof(fd);
if Options.options.with_utmp:
conf.env.with_utmp = True
- if not conf.CHECK_HEADERS('utmp.h'): conf.env.with_utmp = False
- conf.CHECK_FUNCS('pututline pututxline updwtmp updwtmpx getutmpx')
- conf.CHECK_STRUCTURE_MEMBER('struct utmp', 'ut_name', headers='utmp.h',
+ if not conf.CHECK_HEADERS('utmpx.h') and not conf.CHECK_HEADERS('utmp.h'):
+ conf.env.with_utmp = False
+ if conf.CONFIG_SET('HAVE_UTMPX_H'):
+ conf.DEFINE('STRUCT_UTMP', 'struct utmpx')
+ elif conf.CONFIG_SET('HAVE_UTMP_H'):
+ conf.DEFINE('STRUCT_UTMP', 'struct utmp')
+ conf.CHECK_FUNCS('pututxline getutxid getutxline updwtmpx getutmpx setutxent endutxent')
+ conf.CHECK_FUNCS('pututline getutid getutline updwtmp getutmp setutent endutent')
+ conf.CHECK_STRUCTURE_MEMBER('STRUCT_UTMP', 'ut_name', headers='utmpx.h utmp.h',
define='HAVE_UT_UT_NAME')
- conf.CHECK_STRUCTURE_MEMBER('struct utmp', 'ut_user', headers='utmp.h',
+ conf.CHECK_STRUCTURE_MEMBER('STRUCT_UTMP', 'ut_user', headers='utmpx.h utmp.h',
define='HAVE_UT_UT_USER')
- conf.CHECK_STRUCTURE_MEMBER('struct utmp', 'ut_id', headers='utmp.h',
+ conf.CHECK_STRUCTURE_MEMBER('STRUCT_UTMP', 'ut_id', headers='utmpx.h utmp.h',
define='HAVE_UT_UT_ID')
- conf.CHECK_STRUCTURE_MEMBER('struct utmp', 'ut_host', headers='utmp.h',
+ conf.CHECK_STRUCTURE_MEMBER('STRUCT_UTMP', 'ut_host', headers='utmpx.h utmp.h',
define='HAVE_UT_UT_HOST')
- conf.CHECK_STRUCTURE_MEMBER('struct utmp', 'ut_time', headers='utmp.h',
+ conf.CHECK_STRUCTURE_MEMBER('STRUCT_UTMP', 'ut_time', headers='utmpx.h utmp.h',
define='HAVE_UT_UT_TIME')
- conf.CHECK_STRUCTURE_MEMBER('struct utmp', 'ut_tv', headers='utmp.h',
+ conf.CHECK_STRUCTURE_MEMBER('STRUCT_UTMP', 'ut_tv', headers='utmpx.h utmp.h',
define='HAVE_UT_UT_TV')
- conf.CHECK_STRUCTURE_MEMBER('struct utmp', 'ut_type', headers='utmp.h',
+ conf.CHECK_STRUCTURE_MEMBER('STRUCT_UTMP', 'ut_type', headers='utmpx.h utmp.h',
define='HAVE_UT_UT_TYPE')
- conf.CHECK_STRUCTURE_MEMBER('struct utmp', 'ut_pid', headers='utmp.h',
+ conf.CHECK_STRUCTURE_MEMBER('STRUCT_UTMP', 'ut_pid', headers='utmpx.h utmp.h',
define='HAVE_UT_UT_PID')
- conf.CHECK_STRUCTURE_MEMBER('struct utmp', 'ut_exit.e_exit', headers='utmp.h',
+ conf.CHECK_STRUCTURE_MEMBER('STRUCT_UTMP', 'ut_exit.e_exit', headers='utmpx.h utmp.h',
define='HAVE_UT_UT_EXIT')
- conf.CHECK_STRUCTURE_MEMBER('struct utmpx', 'ut_syslen', headers='utmpx.h',
- define='HAVE_UX_UT_SYSLEN')
- conf.CHECK_STRUCTURE_MEMBER('struct utmpx', 'ut_host', headers='utmpx.h',
- define='HAVE_UX_UT_HOST')
+ conf.CHECK_STRUCTURE_MEMBER('STRUCT_UTMP', 'ut_syslen', headers='utmpx.h utmp.h',
+ define='HAVE_UT_UT_SYSLEN')
conf.CHECK_CODE('struct utmp utarg; struct utmp *utreturn; utreturn = pututline(&utarg);',
'PUTUTLINE_RETURNS_UTMP', headers='utmp.h',
msg="Checking whether pututline returns pointer")
- conf.CHECK_SIZEOF(['((struct utmp *)NULL)->ut_line'], headers='utmp.h',
+ conf.CHECK_SIZEOF(['((STRUCT_UTMP *)NULL)->ut_line'], headers='utmpx.h utmp.h',
define='SIZEOF_UTMP_UT_LINE', critical=False)
if not conf.CONFIG_SET('SIZEOF_UTMP_UT_LINE'):
conf.env.with_utmp = False

121
net/samba422/files/0023-Add-cmd_get_quota-test-function-into-vfstest-to-test.patch Normal file
View File

@ -0,0 +1,121 @@
From 2e927425e04d65027db5348b3e89a69a5e447556 Mon Sep 17 00:00:00 2001
From: "Timur I. Bakeyev" <timur@FreeBSD.org>
Date: Mon, 31 May 2021 03:07:40 +0200
Subject: [PATCH 23/28] Add `cmd_get_quota()` test function into vfstest, to
test disk quota interface.
Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
---
source3/torture/cmd_vfs.c | 78 +++++++++++++++++++++++++++++++++++
source3/torture/wscript_build | 2 +-
2 files changed, 79 insertions(+), 1 deletion(-)
diff --git a/source3/torture/cmd_vfs.c b/source3/torture/cmd_vfs.c
index 38ce0dc4ff6..1bc4639d2a2 100644
--- a/source3/torture/cmd_vfs.c
+++ b/source3/torture/cmd_vfs.c
@@ -145,6 +145,83 @@ static NTSTATUS cmd_disk_free(struct vfs_state *vfs, TALLOC_CTX *mem_ctx, int ar
return NT_STATUS_OK;
}
+static NTSTATUS cmd_get_quota(struct vfs_state *vfs, TALLOC_CTX *mem_ctx, int argc, const char **argv)
+{
+ struct smb_filename *smb_fname = NULL;
+ uint64_t bsize, dfree, dsize;
+ enum SMB_QUOTA_TYPE qtype;
+ SMB_DISK_QUOTA D;
+ unid_t id;
+ int r;
+
+ if (argc != 4) {
+ printf("Usage: get_quota <path> [user|group] id\n");
+ return NT_STATUS_OK;
+ }
+
+ smb_fname = synthetic_smb_fname(talloc_tos(),
+ argv[1],
+ NULL,
+ NULL,
+ 0,
+ ssf_flags());
+ if (smb_fname == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ if(strcmp(argv[2], "user") == 0) {
+ qtype = SMB_USER_FS_QUOTA_TYPE;
+ }
+ else if(strcmp(argv[2], "group") == 0) {
+ qtype = SMB_GROUP_FS_QUOTA_TYPE;
+ }
+ else {
+ printf("Usage: get_quota <path> [user|group] id\n");
+ return NT_STATUS_OK;
+ }
+
+ id.uid = atoi(argv[3]);
+
+ ZERO_STRUCT(D);
+
+ r = SMB_VFS_GET_QUOTA(vfs->conn, smb_fname, qtype, id, &D);
+
+ if (r == -1 && errno != ENOSYS) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ if (r == 0 && (D.qflags & QUOTAS_DENY_DISK) == 0) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ bsize = D.bsize;
+ /* Use softlimit to determine disk space, except when it has been exceeded */
+ if (
+ (D.softlimit && D.curblocks >= D.softlimit) ||
+ (D.hardlimit && D.curblocks >= D.hardlimit) ||
+ (D.isoftlimit && D.curinodes >= D.isoftlimit) ||
+ (D.ihardlimit && D.curinodes>=D.ihardlimit)
+ ) {
+ dfree = 0;
+ dsize = D.curblocks;
+ } else if (D.softlimit==0 && D.hardlimit==0) {
+ return NT_STATUS_UNSUCCESSFUL;
+ } else {
+ if (D.softlimit == 0) {
+ D.softlimit = D.hardlimit;
+ }
+ dfree = D.softlimit - D.curblocks;
+ dsize = D.softlimit;
+ }
+
+ printf("get_quota: bsize = %lu, dfree = %lu, dsize = %lu\n",
+ (unsigned long)bsize,
+ (unsigned long)dfree,
+ (unsigned long)dsize);
+
+ return NT_STATUS_OK;
+}
+
static NTSTATUS cmd_opendir(struct vfs_state *vfs, TALLOC_CTX *mem_ctx, int argc, const char **argv)
{
@@ -2257,6 +2334,7 @@ struct cmd_set vfs_commands[] = {
{ "connect", cmd_connect, "VFS connect()", "connect" },
{ "disconnect", cmd_disconnect, "VFS disconnect()", "disconnect" },
{ "disk_free", cmd_disk_free, "VFS disk_free()", "disk_free <path>" },
+ { "get_quota", cmd_get_quota, "VFS get_quota()", "get_quota <path> [user|group] id" },
{ "opendir", cmd_opendir, "VFS opendir()", "opendir <fname>" },
{ "readdir", cmd_readdir, "VFS readdir()", "readdir" },
{ "mkdir", cmd_mkdir, "VFS mkdir()", "mkdir <path>" },
diff --git a/source3/torture/wscript_build b/source3/torture/wscript_build
index 0c4275de795..f75c4bfe2be 100644
--- a/source3/torture/wscript_build
+++ b/source3/torture/wscript_build
@@ -124,4 +124,4 @@ bld.SAMBA3_BINARY('vfstest',
smbconf
SMBREADLINE
''',
- for_selftest=True)
+ install=True)
--
2.37.1

94
net/samba422/files/0025-From-d9b748869a8f4018ebee302aae8246bf29f60309-Mon-Se.patch Normal file
View File

@ -0,0 +1,94 @@
From 6e79023af14210a6435ab18ada8097253b8b16b6 Mon Sep 17 00:00:00 2001
From: "Timur I. Bakeyev" <timur@FreeBSD.org>
Date: Mon, 31 May 2021 01:38:49 +0200
Subject: [PATCH 25/28] From d9b748869a8f4018ebee302aae8246bf29f60309 Mon Sep
17 00:00:00 2001 From: "Timur I. Bakeyev" <timur@iXsystems.com> Date: Fri, 1
Jun 2018 01:35:08 +0800 Subject: [PATCH] vfs_fruit: allow broken
AFP_Signature where the first byte is 0
FreeBSD bug ... caused the first byte of the AFP_AfpInfo xattr to be 0
instead of 'A'. This hack allows such broken AFP_AfpInfo blobs to be
parsed by afpinfo_unpack().
FreeBSD Bug: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=228462
Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
---
source3/lib/adouble.c | 19 +++++++++++++++----
source3/modules/vfs_fruit.c | 19 ++++++++++++++++++-
2 files changed, 33 insertions(+), 5 deletions(-)
diff -Naurp a/source3/lib/adouble.c b/source3/lib/adouble.c
--- a/source3/lib/adouble.c 2024-02-02 04:33:51.172489400 -0500
+++ b/source3/lib/adouble.c 2024-08-05 13:53:43.952688000 -0400
@@ -2821,6 +2821,8 @@ ssize_t afpinfo_pack(const AfpInfo *ai, char *buf)
return AFP_INFO_SIZE;
}
+#define BROKEN_FREEBSD_AFP_Signature 0x00465000
+
/**
* Unpack a buffer into a AfpInfo structure
*
@@ -2841,11 +2843,20 @@ AfpInfo *afpinfo_unpack(TALLOC_CTX *ctx, const void *d
sizeof(ai->afpi_FinderInfo));
if (validate) {
- if (ai->afpi_Signature != AFP_Signature
- || ai->afpi_Version != AFP_Version)
- {
- DEBUG(1, ("Bad AfpInfo signature or version\n"));
+ if (ai->afpi_Signature != AFP_Signature) {
+ DBG_WARNING("Bad AFP signature [%x]\n", ai->afpi_Signature);
+
+ if (ai->afpi_Signature != BROKEN_FREEBSD_AFP_Signature) {
+ DBG_ERR("Bad AfpInfo signature\n");
+ TALLOC_FREE(ai);
+ return NULL;
+ }
+ }
+
+ if (ai->afpi_Version != AFP_Version) {
+ DBG_ERR("Bad AfpInfo version\n");
TALLOC_FREE(ai);
+ return NULL;
}
} else {
ai->afpi_Signature = AFP_Signature;
diff -Naurp a/source3/modules/vfs_fruit.c b/source3/modules/vfs_fruit.c
--- a/source3/modules/vfs_fruit.c 2024-02-02 04:33:51.228489600 -0500
+++ b/source3/modules/vfs_fruit.c 2024-08-05 13:12:29.220129000 -0400
@@ -2305,6 +2305,7 @@ static ssize_t fruit_pread_meta_stream(vfs_handle_stru
size_t n, off_t offset)
{
struct fio *fio = fruit_get_complete_fio(handle, fsp);
+ char *p = (char *)data;
ssize_t nread;
int ret;
@@ -2313,7 +2314,23 @@ static ssize_t fruit_pread_meta_stream(vfs_handle_stru
}
nread = SMB_VFS_NEXT_PREAD(handle, fsp, data, n, offset);
- if (nread == -1 || nread == n) {
+ if (nread <= 0) {
+ /*
+ * fruit_meta_open_stream() removes O_CREAT flag
+ * from xattr open. This results in vfs_streams_xattr
+ * not generating an FSP extension for the files_struct
+ * and causes subsequent pread() of stream to return
+ * nread=0 if pread() occurs before pwrite().
+ */
+ return nread;
+ }
+
+ if (nread == n) {
+ if (offset == 0 && nread > 3 && p[0] == 0 && p[1] == 'F' && p[2] == 'P') {
+ DBG_NOTICE("Fixing AFP_Info of [%s]\n",
+ fsp_str_dbg(fsp));
+ p[0] = 'A';
+ }
return nread;
}

335
net/samba422/files/0026-vfs-add-a-compatibility-option-to-the-vfs_streams_xa.patch Normal file
View File

@ -0,0 +1,335 @@
From 2d73ccb27ffcdf419d569260fcca6e9ee3b9538a Mon Sep 17 00:00:00 2001
From: "Timur I. Bakeyev" <timur@FreeBSD.org>
Date: Thu, 29 Sep 2022 03:24:26 +0200
Subject: [PATCH 26/28] vfs: add a compatibility option to the
vfs_streams_xattr
When enabled, the module does not append a trailing 0
byte to the end of the extended attribute data.
This is primarily a consideration when the administrator
wishes to expose extended attributes that have been written
by another application as alternate data streams via
Samba.
An example where this parameter may be required is when
migrating a netatalk share to Samba. See manpage for
vfs_fruit for additional considerations regarding
Netatalk and Samba compatibility.
Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
---
docs-xml/manpages/vfs_streams_xattr.8.xml | 25 ++++++
source3/modules/vfs_streams_xattr.c | 95 +++++++++++++++++------
2 files changed, 97 insertions(+), 23 deletions(-)
diff --git a/docs-xml/manpages/vfs_streams_xattr.8.xml b/docs-xml/manpages/vfs_streams_xattr.8.xml
index 6645928c016..0f38d510a82 100644
--- a/docs-xml/manpages/vfs_streams_xattr.8.xml
+++ b/docs-xml/manpages/vfs_streams_xattr.8.xml
@@ -71,6 +71,31 @@
</listitem>
</varlistentry>
+ <varlistentry>
+ <term>streams_xattr:xattr_compat = [yes|no]</term>
+ <listitem>
+ <para>When enabled, the module does not append a trailing 0
+ byte to the end of the extended attribute data. This parameter
+ must not be changed once data has been written to the share
+ since it may result in dropping the last byte from xattr data.
+
+ This is primarily a consideration when the administrator
+ wishes to expose extended attributes that have been written
+ by another application as alternate data streams via
+ Samba.
+
+ An example where this parameter may be required is when
+ migrating a netatalk share to Samba. See manpage for
+ vfs_fruit for additional considerations regarding
+ Netatalk and Samba compatibility.
+
+ WARNING: this parameter must not be changed on existing
+ Samba shares or new shares that export paths currently
+ or previously have been shared by Samba.
+ The default is <command>yes</command>.</para>
+ </listitem>
+ </varlistentry>
+
</variablelist>
</refsect1>
diff --git a/source3/modules/vfs_streams_xattr.c b/source3/modules/vfs_streams_xattr.c
index b69a4f342f5..070111e3ee9 100644
--- a/source3/modules/vfs_streams_xattr.c
+++ b/source3/modules/vfs_streams_xattr.c
@@ -35,6 +35,7 @@ struct streams_xattr_config {
const char *prefix;
size_t prefix_len;
bool store_stream_type;
+ int xattr_compat_bytes;
};
struct stream_io {
@@ -45,22 +46,28 @@ struct stream_io {
vfs_handle_struct *handle;
};
-static ssize_t get_xattr_size_fsp(struct files_struct *fsp,
+static ssize_t get_xattr_size_fsp(vfs_handle_struct *handle,
+ struct files_struct *fsp,
const char *xattr_name)
{
NTSTATUS status;
struct ea_struct ea;
ssize_t result;
+ struct streams_xattr_config *config = NULL;
+ SMB_VFS_HANDLE_GET_DATA(handle, config, struct streams_xattr_config,
+ return -1);
+
status = get_ea_value_fsp(talloc_tos(),
fsp,
xattr_name,
&ea);
+
if (!NT_STATUS_IS_OK(status)) {
return -1;
}
- result = ea.value.length-1;
+ result = ea.value.length - config->xattr_compat_bytes;
TALLOC_FREE(ea.value.data);
return result;
}
@@ -197,7 +204,8 @@ static int streams_xattr_fstat(vfs_handle_struct *hand
return -1;
}
- sbuf->st_ex_size = get_xattr_size_fsp(fsp->base_fsp,
+ sbuf->st_ex_size = get_xattr_size_fsp(handle,
+ fsp->base_fsp,
io->xattr_name);
if (sbuf->st_ex_size == -1) {
SET_STAT_INVALID(*sbuf);
@@ -273,7 +281,7 @@ static int streams_xattr_stat(vfs_handle_struct *handl
fsp = fsp->base_fsp;
}
- smb_fname->st.st_ex_size = get_xattr_size_fsp(fsp,
+ smb_fname->st.st_ex_size = get_xattr_size_fsp(handle, fsp,
xattr_name);
if (smb_fname->st.st_ex_size == -1) {
TALLOC_FREE(xattr_name);
@@ -308,6 +316,7 @@ static int streams_xattr_lstat(vfs_handle_struct *hand
errno = ENOENT;
return -1;
}
+
return SMB_VFS_NEXT_LSTAT(handle, smb_fname);
}
@@ -341,6 +350,12 @@ static int streams_xattr_openat(struct vfs_handle_stru
how);
}
+#ifdef O_EMPTY_PATH
+ if (how->flags & O_EMPTY_PATH) {
+ return vfs_fake_fd();
+ }
+#endif
+
if (how->resolve != 0) {
errno = ENOSYS;
return -1;
@@ -356,6 +371,8 @@ static int streams_xattr_openat(struct vfs_handle_stru
goto fail;
}
+ fsp->fsp_flags.have_proc_fds = fsp->conn->have_proc_fds;
+
status = get_ea_value_fsp(talloc_tos(),
fsp->base_fsp,
xattr_name,
@@ -394,7 +411,8 @@ static int streams_xattr_openat(struct vfs_handle_stru
*/
/*
- * Darn, xattrs need at least 1 byte
+ * If xattr_compat_bytes is set we need to
+ * provide one extra trailing byte
*/
char null = '\0';
@@ -403,7 +421,8 @@ static int streams_xattr_openat(struct vfs_handle_stru
ret = SMB_VFS_FSETXATTR(fsp->base_fsp,
xattr_name,
- &null, sizeof(null),
+ (config->xattr_compat_bytes) ? &null : NULL,
+ (config->xattr_compat_bytes) ? sizeof(null) : 0,
how->flags & O_EXCL ? XATTR_CREATE : 0);
if (ret != 0) {
goto fail;
@@ -412,13 +431,13 @@ static int streams_xattr_openat(struct vfs_handle_stru
fakefd = vfs_fake_fd();
- sio = VFS_ADD_FSP_EXTENSION(handle, fsp, struct stream_io, NULL);
- if (sio == NULL) {
- errno = ENOMEM;
- goto fail;
- }
+ sio = VFS_ADD_FSP_EXTENSION(handle, fsp, struct stream_io, NULL);
+ if (sio == NULL) {
+ errno = ENOMEM;
+ goto fail;
+ }
- sio->xattr_name = talloc_strdup(VFS_MEMCTX_FSP_EXTENSION(handle, fsp),
+ sio->xattr_name = talloc_strdup(VFS_MEMCTX_FSP_EXTENSION(handle, fsp),
xattr_name);
if (sio->xattr_name == NULL) {
errno = ENOMEM;
@@ -808,12 +827,16 @@ static bool collect_one_stream(struct ea_struct *ea, v
{
struct streaminfo_state *state =
(struct streaminfo_state *)private_data;
+ struct streams_xattr_config *config = NULL;
+ SMB_VFS_HANDLE_GET_DATA(state->handle, config, struct streams_xattr_config,
+ return false);
+
if (!add_one_stream(state->mem_ctx,
&state->num_streams, &state->streams,
- ea->name, ea->value.length-1,
+ ea->name, ea->value.length - config->xattr_compat_bytes,
smb_roundup(state->handle->conn,
- ea->value.length-1))) {
+ ea->value.length - config->xattr_compat_bytes))) {
state->status = NT_STATUS_NO_MEMORY;
return false;
}
@@ -875,6 +898,7 @@ static int streams_xattr_connect(vfs_handle_struct *ha
const char *default_prefix = SAMBA_XATTR_DOSSTREAM_PREFIX;
const char *prefix;
int rc;
+ bool xattr_compat;
rc = SMB_VFS_NEXT_CONNECT(handle, service, user);
if (rc != 0) {
@@ -905,6 +929,13 @@ static int streams_xattr_connect(vfs_handle_struct *ha
"store_stream_type",
true);
+ xattr_compat = lp_parm_bool(SNUM(handle->conn),
+ "streams_xattr",
+ "xattr_compat",
+ true);
+
+ config->xattr_compat_bytes = xattr_compat ? 0 : 1;
+
SMB_VFS_HANDLE_SET_DATA(handle, config,
NULL, struct stream_xattr_config,
return -1);
@@ -921,6 +952,7 @@ static ssize_t streams_xattr_pwrite(vfs_handle_struct
struct ea_struct ea;
NTSTATUS status;
int ret;
+ struct streams_xattr_config *config = NULL;
DEBUG(10, ("streams_xattr_pwrite called for %d bytes\n", (int)n));
@@ -932,6 +964,9 @@ static ssize_t streams_xattr_pwrite(vfs_handle_struct
return -1;
}
+ SMB_VFS_HANDLE_GET_DATA(handle, config, struct streams_xattr_config,
+ return -1);
+
if ((offset + n) >= lp_smbd_max_xattr_size(SNUM(handle->conn))) {
/*
* Requested write is beyond what can be read based on
@@ -961,11 +996,11 @@ static ssize_t streams_xattr_pwrite(vfs_handle_struct
return -1;
}
- if ((offset + n) > ea.value.length-1) {
+ if ((offset + n) > ea.value.length - config->xattr_compat_bytes) {
uint8_t *tmp;
tmp = talloc_realloc(talloc_tos(), ea.value.data, uint8_t,
- offset + n + 1);
+ offset + n + config->xattr_compat_bytes);
if (tmp == NULL) {
TALLOC_FREE(ea.value.data);
@@ -973,8 +1008,10 @@ static ssize_t streams_xattr_pwrite(vfs_handle_struct
return -1;
}
ea.value.data = tmp;
- ea.value.length = offset + n + 1;
- ea.value.data[offset+n] = 0;
+ ea.value.length = offset + n + config->xattr_compat_bytes;
+ if (config->xattr_compat_bytes) {
+ ea.value.data[offset+n] = 0;
+ }
}
memcpy(ea.value.data + offset, data, n);
@@ -1002,7 +1039,12 @@ static ssize_t streams_xattr_pread(vfs_handle_struct *
struct ea_struct ea;
NTSTATUS status;
size_t length, overlap;
+ struct smb_filename *smb_fname_base = NULL;
+ struct streams_xattr_config *config = NULL;
+ SMB_VFS_HANDLE_GET_DATA(handle, config, struct streams_xattr_config,
+ return -1);
+
DEBUG(10, ("streams_xattr_pread: offset=%d, size=%d\n",
(int)offset, (int)n));
@@ -1022,7 +1064,7 @@ static ssize_t streams_xattr_pread(vfs_handle_struct *
return -1;
}
- length = ea.value.length-1;
+ length = ea.value.length - config->xattr_compat_bytes;
DBG_DEBUG("get_ea_value_fsp returned %d bytes\n",
(int)length);
@@ -1210,6 +1252,12 @@ static int streams_xattr_ftruncate(struct vfs_handle_s
struct stream_io *sio =
(struct stream_io *)VFS_FETCH_FSP_EXTENSION(handle, fsp);
+ struct smb_filename *smb_fname_base = NULL;
+ struct streams_xattr_config *config = NULL;
+
+ SMB_VFS_HANDLE_GET_DATA(handle, config, struct streams_xattr_config,
+ return -1);
+
DEBUG(10, ("streams_xattr_ftruncate called for file %s offset %.0f\n",
fsp_str_dbg(fsp), (double)offset));
@@ -1239,14 +1287,16 @@ static int streams_xattr_ftruncate(struct vfs_handle_s
}
/* Did we expand ? */
- if (ea.value.length < offset + 1) {
+ if (ea.value.length < offset + config->xattr_compat_bytes) {
memset(&tmp[ea.value.length], '\0',
- offset + 1 - ea.value.length);
+ offset + config->xattr_compat_bytes - ea.value.length);
}
ea.value.data = tmp;
- ea.value.length = offset + 1;
- ea.value.data[offset] = 0;
+ ea.value.length = offset + config->xattr_compat_bytes;
+ if (config->xattr_compat_bytes) {
+ ea.value.data[offset] = 0;
+ }
ret = SMB_VFS_FSETXATTR(fsp->base_fsp,
sio->xattr_name,

121
net/samba422/files/0028-s3-lib-system-add-FreeBSD-proc_fd_pattern.patch Normal file
View File

@ -0,0 +1,121 @@
From 584c69e77abb537a7345222648a397a9963c01b7 Mon Sep 17 00:00:00 2001
From: "Timur I. Bakeyev" <timur@FreeBSD.org>
Date: Sat, 15 Oct 2022 04:02:43 +0200
Subject: [PATCH 28/28] s3:lib:system - add FreeBSD proc_fd_pattern
Add support for FreeBSD equivalent of /proc/self/fd through a special
fdescfs mount with option "nodup". This filesystem should be mounted
either to the private $PIDDIR/fd/ directory or to /dev/fd in order to
provide security and performance characteristics similar to Linux.
Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
Adapted for Samba 4.20 by: Andrea venturoli <ml@netfence.it>
---
--- source3/lib/system.c.orig 2025-06-27 15:05:05 UTC
+++ source3/lib/system.c
@@ -1047,6 +1047,68 @@ int sys_get_number_of_cores(void)
}
#endif
+static bool freebsd_fdesc_check(const char *pattern)
+{
+ char fdesc_path[PATH_MAX];
+ int fd, fd2;
+
+ fd = open(lp_pid_directory(), O_DIRECTORY);
+ if (fd == -1) {
+ DBG_ERR("%s: failed to open pid directory: %s\n",
+ lp_pid_directory(), strerror(errno));
+ return false;
+ }
+
+ snprintf(fdesc_path, sizeof(fdesc_path), pattern, fd);
+
+ fd2 = open(fdesc_path, O_DIRECTORY);
+ if (fd2 == -1) {
+ /*
+ * Setting O_DIRECTORY on open of fdescfs mount
+ * without 'nodup' option will fail with ENOTDIR.
+ */
+ if (errno == ENOTDIR) {
+ DBG_ERR("%s: fdescfs filesystem is not mounted with "
+ "'nodup' option. This specific mount option is "
+ "required in order to enable race-free handling "
+ "of paths.\n"
+ "See documentation for Samba's New VFS' "
+ "for more details. The 'nodup' mount option was "
+ "introduced in FreeBSD 13.\n", fdesc_path);
+ close(fd);
+ return false;
+ }
+ DBG_ERR("%s: failed to open fdescfs path: %s\n",
+ fdesc_path, strerror(errno));
+ close(fd);
+ return false;
+ }
+ close(fd);
+ close(fd2);
+
+ return true;
+}
+
+static char* freebsd_pattern(char *buf, size_t bufsize) {
+ const char** base;
+ const char* base_dir[] = {
+ lp_pid_directory(), /* This is a preferred location */
+ "/dev",
+ NULL
+ };
+
+ for(base = &base_dir[0]; *base != NULL; base++) {
+ snprintf(buf, bufsize, "%s/fd/%%lu", *base);
+ if(freebsd_fdesc_check(buf)) {
+ return buf;
+ }
+ }
+ return NULL;
+}
+
+static char proc_fd_pattern_buf[PATH_MAX];
+static const char *proc_fd_pattern = NULL;
+
bool sys_have_proc_fds(void)
{
static bool checked = false;
@@ -1058,8 +1078,12 @@ bool sys_have_proc_fds(void)
return have_proc_fds;
}
- ret = stat("/proc/self/fd/0", &sb);
- have_proc_fds = (ret == 0);
+ if (freebsd_pattern(proc_fd_pattern_buf, sizeof(proc_fd_pattern_buf)) != NULL) {
+ have_proc_fds = true;
+ proc_fd_pattern = proc_fd_pattern_buf;
+ } else
+ have_proc_fds = false;
+
checked = true;
return have_proc_fds;
@@ -1067,10 +1091,18 @@ char *sys_proc_fd_path(int fd, struct sys_proc_fd_path
char *sys_proc_fd_path(int fd, struct sys_proc_fd_path_buf *buf)
{
+ bool have_proc_fds = sys_have_proc_fds();
+ SMB_ASSERT(have_proc_fds);
+#if defined(__clang__)
+#pragma clang diagnostic push
+#pragma clang diagnostic ignored "-Wformat-nonliteral"
+#endif
int written =
- snprintf(buf->buf, sizeof(buf->buf), "/proc/self/fd/%d", fd);
-
- SMB_ASSERT(sys_have_proc_fds() && (written >= 0));
+ snprintf(buf->buf, sizeof(buf->buf), proc_fd_pattern, fd);
+#if defined(__clang__)
+#pragma clang diagnostic pop
+#endif
+ SMB_ASSERT(written >= 0);
return buf->buf;
}

94
net/samba422/files/README.FreeBSD.in Normal file
View File

@ -0,0 +1,94 @@
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please read before runing any tools !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Documentation
=============
o https://wiki.samba.org/index.php/Samba4/HOWTO
o https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO
o https://wiki.samba.org/index.php/Samba4/samba-tool/domain/classicupgrade/HOWTO
FreeBSD specific information
============================
* Your configuration is in: %%SAMBA4_CONFDIR%%/%%SAMBA4_CONFIG%%
* All the logs are under: %%SAMBA4_LOGDIR%%
* All the relevant databases are under: %%SAMBA4_LOCKDIR%%
* Provisioning script is: %%PREFIX%%/bin/samba-tool
Samba4 provisioning requires file system(s) with the ACLs support. On
UFS2 you need to enable POSIX ACLs by adding 'acls' option to the mount
flags, on ZFS you need to use NFSv4 ACLs and `zfsacl` VFS module to get
provisioning work.
There is a hack in the code, that makes provisioning work on UFS2 and in
the jails on the price of using USER extattr(2) namespace, which is less
secure than SYSTEM namespace, as can be edited not only by root user, but
also by the owner of the file.
For the provisioning on ZFS you need to use additional parameters to the
samba-tool, that would explicitly add `zfsacl` to the default `vfs objects`:
# samba-tool domain provision --interactive \
--option="vfs objects"="dfs_samba4 zfsacl"
To run this port you need to perform the following steps:
---------------------------------------------------------
0. If you had Samba3 port installed before, please, *take backups* of
all the relevant files. That includes 'smb.conf' file and all the
content of the '/var/db/samba/' directory.
1a. Create new '%%SAMBA4_CONFDIR%%/%%SAMBA4_CONFIG%%' file by running:
# samba-tool domain provision
1b. Or upgrade from the Samba3 'smb.conf' file by running:
# samba-tool domain classicupgrade
%%AC_DC%%1c. You will need to specify location of the 'nsupdate' command in the
%%AC_DC%%'%%SAMBA4_CONFIG%%' file:
%%AC_DC%%
%%AC_DC%% nsupdate command = %%PREFIX%%/bin/samba-nsupdate -g
%%AC_DC%%
2. Put string 'samba_server_enable="YES"' into your /etc/rc.conf.
3. Make sure that your server doesn't run Samba3, OpenLDAP and named.
Stop them, if necessary.
4. Run '%%PREFIX%%/etc/rc.d/samba_server start' or reboot.
Please, check archives of samba@lists.samba.org and ask there for help,
if necessary:
https://lists.samba.org/archive/samba/
Port related bugs can be reported to the FreeBSD Bugzilla or directly to:
https://gitlab.com/samba-freebsd/ports/-/issues
In case you found a bug which is clearly not related to the port build
process itself, plese file a bug report at:
https://bugzilla.samba.org/
And add me to CC list.
You may find those tools helpful:
---------------------------------
Microsoft Remote Server Administration Tools (RSAT) for:
* Vista: http://www.microsoft.com/en-us/download/details.aspx?id=21090
* Windows 7: http://www.microsoft.com/en-us/download/details.aspx?id=7887
FreeBSD Samba4 port maintainer: Timur I. Bakeyev <timur@FreeBSD.org>

172
net/samba422/files/patch-docs-xml_manpages_vfs__freebsd.8.xml Normal file
View File

@ -0,0 +1,172 @@
--- docs-xml/manpages/vfs_freebsd.8.xml.orig 2025-07-11 10:55:41 UTC
+++ docs-xml/manpages/vfs_freebsd.8.xml
@@ -0,0 +1,169 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
+<refentry id="vfs_freebsd.8">
+
+<refmeta>
+ <refentrytitle>vfs_freebsd</refentrytitle>
+ <manvolnum>8</manvolnum>
+ <refmiscinfo class="source">Samba</refmiscinfo>
+ <refmiscinfo class="manual">System Administration tools</refmiscinfo>
+ <refmiscinfo class="version">&doc.version;</refmiscinfo>
+</refmeta>
+
+<refnamediv>
+ <refname>vfs_freebsd</refname>
+ <refpurpose>FreeBSD-specific VFS functions</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+ <cmdsynopsis>
+ <command>vfs objects = freebsd</command>
+ </cmdsynopsis>
+</refsynopsisdiv>
+
+<refsect1>
+ <title>DESCRIPTION</title>
+
+ <para>This VFS module is part of the <citerefentry><refentrytitle>samba</refentrytitle>
+ <manvolnum>7</manvolnum></citerefentry> suite.</para>
+
+ <para>The <command>vfs_freebsd</command> module implements some of the FreeBSD-specific VFS functions.</para>
+
+ <para>This module is stackable.</para>
+</refsect1>
+
+
+<refsect1>
+ <title>OPTIONS</title>
+
+ <variablelist>
+
+ <varlistentry>
+ <term>freebsd:extattr mode=[legacy|compat|secure]</term>
+ <listitem>
+ <para>This parameter defines how the emulation of the Linux attr(5) extended attributes
+ is performed through the FreeBSD native extattr(9) system calls.</para>
+
+ <para>Currently the <emphasis>security</emphasis>, <emphasis>system</emphasis>,
+ <emphasis>trusted</emphasis> and <emphasis>user</emphasis> extended attribute(xattr)
+ classes are defined in Linux. Contrary FreeBSD has only <emphasis>USER</emphasis>
+ and <emphasis>SYSTEM</emphasis> extended attribute(extattr) namespaces, so mapping
+ of one set into another isn't straightforward and can be done in different ways.</para>
+
+ <para>Historically the Samba(7) built-in xattr mapping implementation simply converted
+ <emphasis>system</emphasis> and <emphasis>user</emphasis> xattr into corresponding
+ <emphasis>SYSTEM</emphasis> and <emphasis>USER</emphasis> extattr namespaces, dropping
+ the class prefix name with the separating dot and using attribute name only within the
+ mapped namespace. It also rejected any other xattr classes, like <emphasis>security</emphasis>
+ and <emphasis>trusted</emphasis> as invalid. Such behavior in particular broke AD
+ provisioning on UFS2 file systems as essential <emphasis>security.NTACL</emphasis>
+ xattr was rejected as invalid.</para>
+
+ <para>This module tries to address this problem and provide secure, where it's possible,
+ way to map Linux xattr into FreeBSD's extattr.</para>
+
+ <para>When <emphasis>mode</emphasis> is set to the <emphasis>legacy (default)</emphasis>
+ then modified version of built-in mapping is used, where <emphasis>system</emphasis> xattr
+ is mapped into SYSTEM namespace, while <emphasis>secure</emphasis>, <emphasis>trusted</emphasis>
+ and <emphasis>user</emphasis> xattr are all mapped into the USER namespace, dropping class
+ prefixes and mix them all together. This is the way how Samba FreeBSD ports were patched
+ up to the 4.9 version and that created multiple potential security issues. This mode is aimed for
+ the compatibility with the legacy installations only and should be avoided in new setups.</para>
+
+ <para>The <emphasis>compat</emphasis> mode is mostly designed for the jailed environments,
+ where it's not possible to write extattrs into the secure SYSTEM namespace, so all four
+ classes are mapped into the USER namespace. To preserve information about origin of the
+ extended attribute it is stored together with the class preffix in the <emphasis>class.attribute</emphasis>
+ format.</para>
+
+ <para>The <emphasis>secure</emphasis> mode is meant for storing extended attributes in a secure
+ manner, so that <emphasis>security</emphasis>, <emphasis>system</emphasis> and <emphasis>trusted</emphasis>
+ are stored in the SYSTEM namespace, which can be modified only by root.
+ </para>
+ </listitem>
+ </varlistentry>
+
+
+ </variablelist>
+</refsect1>
+
+<refsect1>
+ <table frame="all" rowheader="firstcol">
+ <title>Attributes mapping</title>
+ <tgroup cols='5' align='left' colsep='1' rowsep='1'>
+ <thead>
+ <row>
+ <entry> </entry>
+ <entry>built-in</entry>
+ <entry>legacy</entry>
+ <entry>compat/jail</entry>
+ <entry>secure</entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry>user</entry>
+ <entry>USER; attribute</entry>
+ <entry>USER; attribute</entry>
+ <entry>USER; user.attribute</entry>
+ <entry>USER; user.attribute</entry>
+ </row>
+ <row>
+ <entry>system</entry>
+ <entry>SYSTEM; attribute</entry>
+ <entry>SYSTEM; attribute</entry>
+ <entry>USER; system.attribute</entry>
+ <entry>SYSTEM; system.attribute</entry>
+ </row>
+ <row>
+ <entry>trusted</entry>
+ <entry>FAIL</entry>
+ <entry>USER; attribute</entry>
+ <entry>USER; trusted.attribute</entry>
+ <entry>SYSTEM; trusted.attribute</entry>
+ </row>
+ <row>
+ <entry>security</entry>
+ <entry>FAIL</entry>
+ <entry>USER; attribute</entry>
+ <entry>USER; security.attribute</entry>
+ <entry>SYSTEM; security.attribute</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </table>
+</refsect1>
+
+<refsect1>
+ <title>EXAMPLES</title>
+
+ <para>Use secure method of setting extended attributes on the share:</para>
+
+<programlisting>
+ <smbconfsection name="[sysvol]"/>
+ <smbconfoption name="vfs objects">freebsd</smbconfoption>
+ <smbconfoption name="freebsd:extattr mode">secure</smbconfoption>
+</programlisting>
+
+</refsect1>
+
+<refsect1>
+ <title>VERSION</title>
+
+ <para>This man page is part of version &doc.version; of the Samba suite.
+ </para>
+</refsect1>
+
+<refsect1>
+ <title>AUTHOR</title>
+
+ <para>The original Samba software and related utilities
+ were created by Andrew Tridgell. Samba is now developed
+ by the Samba Team as an Open Source project similar
+ to the way the Linux kernel is developed.</para>
+
+ <para>This module was written by Timur I. Bakeyev</para>
+
+</refsect1>
+
+</refentry>

10
net/samba422/files/patch-docs-xml_wscript__build Normal file
View File

@ -0,0 +1,10 @@
--- docs-xml/wscript_build.orig 2025-02-06 10:31:53 UTC
+++ docs-xml/wscript_build
@@ -88,6 +88,7 @@ vfs_module_manpages = ['vfs_acl_tdb',
'vfs_extd_audit',
'vfs_fake_perms',
'vfs_fileid',
+ 'vfs_freebsd',
'vfs_fruit',
'vfs_full_audit',
'vfs_glusterfs',

11
net/samba422/files/patch-examples_pdb_wscript__build Normal file
View File

@ -0,0 +1,11 @@
--- examples/pdb/wscript_build.orig 2019-01-15 10:07:00 UTC
+++ examples/pdb/wscript_build
@@ -3,7 +3,7 @@
bld.SAMBA3_MODULE('pdb_test',
subsystem='pdb',
source='test.c',
- deps='samba-util',
+ deps='samba-util samba-debug',
init_function='',
internal_module=bld.SAMBA3_IS_STATIC_MODULE('pdb_test'),
enabled=bld.SAMBA3_IS_ENABLED_MODULE('pdb_test'))

11
net/samba422/files/patch-lib_talloc_wscript Normal file
View File

@ -0,0 +1,11 @@
--- lib/talloc/wscript.orig 2024-01-23 10:24:15.072250000 +0100
+++ lib/talloc/wscript 2024-01-23 10:26:17.242921000 +0100
@@ -45,7 +45,7 @@ def configure(conf):
conf.env.TALLOC_COMPAT1 = False
if conf.env.standalone_talloc:
conf.env.TALLOC_COMPAT1 = Options.options.TALLOC_COMPAT1
- conf.env.PKGCONFIGDIR = '${LIBDIR}/pkgconfig'
+ conf.env.PKGCONFIGDIR = '%%PKGCONFIGDIR%%'
conf.env.TALLOC_VERSION = VERSION
conf.CHECK_XSLTPROC_MANPAGES()

15
net/samba422/files/patch-lib_util_util_crypt_c Normal file
View File

@ -0,0 +1,15 @@
Index: lib/util/util_crypt.c
--- lib/util/util_crypt.c.orig
+++ lib/util/util_crypt.c
@@ -2,7 +2,11 @@
#include "data_blob.h"
#include "discard.h"
#include <talloc.h>
+#ifdef __FreeBSD__
+#include <unistd.h>
+#else
#include <crypt.h>
+#endif
#include "util_crypt.h"

11
net/samba422/files/patch-python_samba_join.py Normal file
View File

@ -0,0 +1,11 @@
--- python/samba/join.py.orig 2025-02-06 10:31:54 UTC
+++ python/samba/join.py
@@ -917,7 +917,7 @@ class DCJoinContext(object):
secrets_ldb = Ldb(ctx.paths.secrets, session_info=system_session(), lp=ctx.lp)
provision_fill(ctx.local_samdb, secrets_ldb,
- ctx.logger, ctx.names, ctx.paths,
+ ctx.logger, ctx.names, ctx.targetdir, ctx.paths,
dom_for_fun_level=ctx.behavior_version,
samdb_fill=FILL_SUBDOMAIN,
machinepass=ctx.acct_pass, serverrole="active directory domain controller",

71
net/samba422/files/patch-python_samba_provision_____init____.py Normal file
View File

@ -0,0 +1,71 @@
--- python/samba/provision/__init__.py.orig 2025-02-06 10:31:54 UTC
+++ python/samba/provision/__init__.py
@@ -1671,19 +1671,25 @@ def setsysvolacl(samdb, sysvol, uid, gid, domainsid, d
s3conf = s3param.get_context()
s3conf.load(lp.configfile)
- file = tempfile.NamedTemporaryFile(dir=os.path.abspath(sysvol))
+ sysvol_dir = os.path.abspath(sysvol)
+
+ set_simple_acl = smbd.set_simple_acl
+ if smbd.has_nfsv4_acls(sysvol_dir):
+ set_simple_acl = smbd.set_simple_nfsv4_acl
+
+ file = tempfile.NamedTemporaryFile(dir=sysvol_dir)
try:
try:
- smbd.set_simple_acl(file.name, 0o755, system_session_unix(), gid)
+ set_simple_acl(file.name, 0o755, system_session_unix(), gid)
except OSError:
- if not smbd.have_posix_acls():
+ if not smbd.have_posix_acls() and not smbd.have_nfsv4_acls():
# This clue is only strictly correct for RPM and
# Debian-like Linux systems, but hopefully other users
# will get enough clue from it.
- raise ProvisioningError("Samba was compiled without the posix ACL support that s3fs requires. "
+ raise ProvisioningError("Samba was compiled without the ACL support that s3fs requires. "
"Try installing libacl1-dev or libacl-devel, then re-run configure and make.")
- raise ProvisioningError("Your filesystem or build does not support posix ACLs, which s3fs requires. "
+ raise ProvisioningError("Your filesystem or build does not support ACLs, which s3fs requires. "
"Try the mounting the filesystem with the 'acl' option.")
try:
smbd.chown(file.name, uid, gid, system_session_unix())
@@ -1906,7 +1912,7 @@ def interface_ips_v6(lp):
return ret
-def provision_fill(samdb, secrets_ldb, logger, names, paths,
+def provision_fill(samdb, secrets_ldb, logger, names, paths, targetdir,
schema=None,
samdb_fill=FILL_FULL,
hostip=None, hostip6=None,
@@ -1965,6 +1971,9 @@ def provision_fill(samdb, secrets_ldb, logger, names,
samdb.transaction_commit()
if serverrole == "active directory domain controller":
+ if targetdir and smbd.have_nfsv4_acls() and smbd.has_nfsv4_acls(targetdir):
+ smbd.set_nfsv4_defaults()
+
# Continue setting up sysvol for GPO. This appears to require being
# outside a transaction.
if not skip_sysvolacl:
@@ -2341,6 +2350,9 @@ def provision(logger, session_info, smbconf=None,
if not os.path.isdir(paths.netlogon):
os.makedirs(paths.netlogon, 0o755)
+ if smbd.have_nfsv4_acls() and smbd.has_nfsv4_acls(paths.sysvol):
+ smbd.set_nfsv4_defaults()
+
if adminpass is None:
adminpass = samba.generate_random_password(12, 32)
adminpass_generated = True
@@ -2350,7 +2362,7 @@ def provision(logger, session_info, smbconf=None,
adminpass_generated = False
if samdb_fill == FILL_FULL:
- provision_fill(samdb, secrets_ldb, logger, names, paths,
+ provision_fill(samdb, secrets_ldb, logger, names, paths, targetdir,
schema=schema, samdb_fill=samdb_fill,
hostip=hostip, hostip6=hostip6,
next_rid=next_rid, dc_rid=dc_rid, adminpass=adminpass,

19
net/samba422/files/patch-source3_lib_sysacls.c Normal file
View File

@ -0,0 +1,19 @@
--- source3/lib/sysacls.c.orig 2025-02-06 10:31:54 UTC
+++ source3/lib/sysacls.c
@@ -38,6 +38,16 @@
#include "modules/vfs_aixacl.h"
#endif
+/*
+ * NFSv4 ACL's should be understood and a first class citizen. Work
+ * needs to be done in librpc/idl/smb_acl.idl for this to occur.
+ */
+#if defined(HAVE_LIBSUNACL) && defined(FREEBSD)
+#if 0
+#include "modules/nfs4_acls.h"
+#endif
+#endif
+
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_ACLS

14
net/samba422/files/patch-source3_lib_util.c Normal file
View File

@ -0,0 +1,14 @@
--- source3/lib/util.c.orig 2019-05-07 08:38:21 UTC
+++ source3/lib/util.c
@@ -1916,7 +1916,10 @@ bool any_nt_status_not_ok(NTSTATUS err1,
int timeval_to_msec(struct timeval t)
{
- return t.tv_sec * 1000 + (t.tv_usec+999) / 1000;
+ unsigned long result;
+
+ result = t.tv_sec * 1000 + (t.tv_usec+999) / 1000;
+ return result > INT_MAX ? INT_MAX : result;
}
/*******************************************************************

16
net/samba422/files/patch-source3_librpc_crypto_gse.c Normal file
View File

@ -0,0 +1,16 @@
--- source3/librpc/crypto/gse.c.orig 2019-01-15 10:07:00 UTC
+++ source3/librpc/crypto/gse.c
@@ -621,11 +621,12 @@ static NTSTATUS gse_get_server_auth_toke
struct gse_context *gse_ctx =
talloc_get_type_abort(gensec_security->private_data,
struct gse_context);
- OM_uint32 gss_maj, gss_min;
+ OM_uint32 gss_min;
gss_buffer_desc in_data;
gss_buffer_desc out_data;
DATA_BLOB blob = data_blob_null;
NTSTATUS status;
+ OM_uint32 gss_maj = -1;
OM_uint32 time_rec = 0;
struct timeval tv;

702
net/samba422/files/patch-source3_modules_vfs__freebsd.c Normal file
View File

@ -0,0 +1,702 @@
--- source3/modules/vfs_freebsd.c.orig 2025-07-11 10:55:17 UTC
+++ source3/modules/vfs_freebsd.c
@@ -0,0 +1,699 @@
+/*
+ * This module implements VFS calls specific to FreeBSD
+ *
+ * Copyright (C) Timur I. Bakeyev, 2018
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "includes.h"
+
+#include "lib/util/tevent_unix.h"
+#include "lib/util/tevent_ntstatus.h"
+#include "system/filesys.h"
+#include "smbd/smbd.h"
+
+#include <sys/sysctl.h>
+
+static int vfs_freebsd_debug_level = DBGC_VFS;
+
+#undef DBGC_CLASS
+#define DBGC_CLASS vfs_freebsd_debug_level
+
+#ifndef EXTATTR_MAXNAMELEN
+#define EXTATTR_MAXNAMELEN UINT8_MAX
+#endif
+
+#define EXTATTR_NAMESPACE(NS) EXTATTR_NAMESPACE_ ## NS, \
+ EXTATTR_NAMESPACE_ ## NS ## _STRING ".", \
+ .data.len = (sizeof(EXTATTR_NAMESPACE_ ## NS ## _STRING ".") - 1)
+
+#define EXTATTR_EMPTY 0x00
+#define EXTATTR_USER 0x01
+#define EXTATTR_SYSTEM 0x02
+#define EXTATTR_SECURITY 0x03
+#define EXTATTR_TRUSTED 0x04
+
+enum extattr_mode {
+ FREEBSD_EXTATTR_SECURE,
+ FREEBSD_EXTATTR_COMPAT,
+ FREEBSD_EXTATTR_LEGACY
+};
+
+struct freebsd_handle_data {
+ enum extattr_mode extattr_mode;
+};
+
+typedef struct {
+ int namespace;
+ char name[EXTATTR_MAXNAMELEN+1];
+ union {
+ uint16_t len;
+ uint16_t flags;
+ } data;
+} extattr_attr;
+
+static const struct enum_list extattr_mode_param[] = {
+ { FREEBSD_EXTATTR_SECURE, "secure" }, /* */
+ { FREEBSD_EXTATTR_COMPAT, "compat" }, /* */
+ { FREEBSD_EXTATTR_LEGACY, "legacy" }, /* */
+ { -1, NULL }
+};
+
+/* XXX: This order doesn't match namespace ids order! */
+static extattr_attr extattr[] = {
+ { EXTATTR_NAMESPACE(EMPTY) },
+ { EXTATTR_NAMESPACE(SYSTEM) },
+ { EXTATTR_NAMESPACE(USER) },
+};
+
+
+static bool freebsd_in_jail(void) {
+ int val = 0;
+ size_t val_len = sizeof(val);
+
+ if((sysctlbyname("security.jail.jailed", &val, &val_len, NULL, 0) != -1) && val == 1) {
+ return true;
+ }
+ return false;
+}
+
+
+static uint16_t freebsd_map_attrname(const char *name)
+{
+ if(name == NULL || name[0] == '\0') {
+ return EXTATTR_EMPTY;
+ }
+
+ switch(name[0]) {
+ case 'u':
+ if(strncmp(name, "user.", 5) == 0)
+ return EXTATTR_USER;
+ break;
+ case 't':
+ if(strncmp(name, "trusted.", 8) == 0)
+ return EXTATTR_TRUSTED;
+ break;
+ case 's':
+ /* name[1] could be any character, including '\0' */
+ switch(name[1]) {
+ case 'e':
+ if(strncmp(name, "security.", 9) == 0)
+ return EXTATTR_SECURITY;
+ break;
+ case 'y':
+ if(strncmp(name, "system.", 7) == 0)
+ return EXTATTR_SYSTEM;
+ break;
+ }
+ break;
+ }
+ return EXTATTR_USER;
+}
+
+
+/* security, system, trusted or user */
+static extattr_attr* freebsd_map_xattr(enum extattr_mode extattr_mode, const char *name, extattr_attr *attr)
+{
+ int attrnamespace = EXTATTR_NAMESPACE_EMPTY;
+ const char *p, *attrname = name;
+
+ if(name == NULL || name[0] == '\0') {
+ return NULL;
+ }
+
+ if(attr == NULL) {
+ return NULL;
+ }
+
+ uint16_t flags = freebsd_map_attrname(name);
+
+ switch(flags) {
+ case EXTATTR_SECURITY:
+ case EXTATTR_TRUSTED:
+ case EXTATTR_SYSTEM:
+ attrnamespace = (extattr_mode == FREEBSD_EXTATTR_SECURE) ?
+ EXTATTR_NAMESPACE_SYSTEM :
+ EXTATTR_NAMESPACE_USER;
+ break;
+ case EXTATTR_USER:
+ attrnamespace = EXTATTR_NAMESPACE_USER;
+ break;
+ default:
+ /* Default to "user" namespace if nothing else was specified */
+ attrnamespace = EXTATTR_NAMESPACE_USER;
+ flags = EXTATTR_USER;
+ break;
+ }
+
+ if (extattr_mode == FREEBSD_EXTATTR_LEGACY) {
+ switch(flags) {
+ case EXTATTR_SECURITY:
+ attrname = name + 9;
+ break;
+ case EXTATTR_TRUSTED:
+ attrname = name + 8;
+ break;
+ case EXTATTR_SYSTEM:
+ attrname = name + 7;
+ break;
+ case EXTATTR_USER:
+ attrname = name + 5;
+ break;
+ default:
+ attrname = ((p=strchr(name, '.')) != NULL) ? p + 1 : name;
+ break;
+ }
+ }
+
+ attr->namespace = attrnamespace;
+ attr->data.flags = flags;
+ strlcpy(attr->name, attrname, EXTATTR_MAXNAMELEN + 1);
+
+ return attr;
+}
+
+
+static ssize_t extattr_size(struct files_struct *fsp, extattr_attr *attr)
+{
+ ssize_t result;
+
+ SMB_ASSERT(!fsp_is_alternate_stream(fsp));
+
+ int fd = fsp_get_pathref_fd(fsp);
+
+ if (fsp->fsp_flags.is_pathref) {
+ const char *path = fsp->fsp_name->base_name;
+ if (fsp->fsp_flags.have_proc_fds) {
+ char buf[PATH_MAX];
+ path = sys_proc_fd_path(fd, &buf);
+ if (path == NULL) {
+ return -1;
+ }
+ }
+ /*
+ * This is no longer a handle based call.
+ */
+ return extattr_get_file(path, attr->namespace, attr->name, NULL, 0);
+ }
+ else {
+ return extattr_get_fd(fd, attr->namespace, attr->name, NULL, 0);
+ }
+}
+
+/*
+ * The list of names is returned as an unordered array of NULL-terminated
+ * character strings (attribute names are separated by NULL characters),
+ * like this:
+ * user.name1\0system.name1\0user.name2\0
+ *
+ * Filesystems like ext2, ext3 and XFS which implement POSIX ACLs using
+ * extended attributes, might return a list like this:
+ * system.posix_acl_access\0system.posix_acl_default\0
+ */
+/*
+ * The extattr_list_file() returns a list of attributes present in the
+ * requested namespace. Each list entry consists of a single byte containing
+ * the length of the attribute name, followed by the attribute name. The
+ * attribute name is not terminated by ASCII 0 (nul).
+*/
+static ssize_t freebsd_extattr_list(struct files_struct *fsp, enum extattr_mode extattr_mode, char *list, size_t size)
+{
+ ssize_t list_size, total_size = 0;
+ char *p, *q, *list_end;
+ int len;
+ /*
+ Ignore all but user namespace when we are not root or in jail
+ See: https://bugzilla.samba.org/show_bug.cgi?id=10247
+ */
+ bool as_root = (geteuid() == 0);
+
+ int ns = (extattr_mode == FREEBSD_EXTATTR_SECURE && as_root) ? 1 : 2;
+
+ int fd = fsp_get_pathref_fd(fsp);
+
+ /* Iterate through extattr(2) namespaces */
+ for(; ns < ARRAY_SIZE(extattr); ns++) {
+ list_size = -1;
+
+ if (fsp->fsp_flags.is_pathref) {
+ const char *path = fsp->fsp_name->base_name;
+ if (fsp->fsp_flags.have_proc_fds) {
+ char buf[PATH_MAX];
+ path = sys_proc_fd_path(fd, &buf);
+ if (path == NULL) {
+ return -1;
+ }
+ }
+ /*
+ * This is no longer a handle based call.
+ */
+ list_size = extattr_list_file(path, extattr[ns].namespace, list, size);
+ }
+ else {
+ list_size = extattr_list_fd(fd, extattr[ns].namespace, list, size);
+ }
+ /* Some error happend. Errno should be set by the previous call */
+ if(list_size < 0)
+ return -1;
+ /* No attributes in this namespace */
+ if(list_size == 0)
+ continue;
+ /*
+ Call with an empty buffer may be used to calculate
+ necessary buffer size.
+ */
+ if(list == NULL) {
+ /*
+ XXX: Unfortunately, we can't say, how many attributes were
+ returned, so here is the potential problem with the emulation.
+ */
+ if(extattr_mode == FREEBSD_EXTATTR_LEGACY) {
+ /*
+ Take the worse case of one char attribute names -
+ two bytes per name plus one more for sanity.
+ */
+ total_size += list_size + (list_size/2 + 1)*extattr[ns].data.len;
+ }
+ else {
+ total_size += list_size;
+ }
+ continue;
+ }
+
+ if(extattr_mode == FREEBSD_EXTATTR_LEGACY) {
+ /* Count necessary offset to fit namespace prefixes */
+ int extra_len = 0;
+ uint16_t flags;
+ list_end = list + list_size;
+ for(list_size = 0, p = q = list; p < list_end; p += len) {
+ len = p[0] + 1;
+ (void)strlcpy(q, p + 1, len);
+ flags = freebsd_map_attrname(q);
+ /* Skip secure attributes for non-root user */
+ if(extattr_mode != FREEBSD_EXTATTR_SECURE && !as_root && flags > EXTATTR_USER) {
+ continue;
+ }
+ if(flags <= EXTATTR_USER) {
+ /* Don't count trailing '\0' */
+ extra_len += extattr[ns].data.len;
+ }
+ list_size += len;
+ q += len;
+ }
+ total_size += list_size + extra_len;
+ /* Buffer is too small to fit the results */
+ if(total_size > size) {
+ errno = ERANGE;
+ return -1;
+ }
+ /* Shift results backwards, so we can prepend prefixes */
+ list_end = list + extra_len;
+ p = (char*)memmove(list_end, list, list_size);
+ /*
+ We enter the loop with `p` pointing to the shifted list and
+ `extra_len` having the total margin between `list` and `p`
+ */
+ for(list_end += list_size; p < list_end; p += len) {
+ len = strlen(p) + 1;
+ flags = freebsd_map_attrname(p);
+ if(flags <= EXTATTR_USER) {
+ /* Add namespace prefix */
+ (void)strncpy(list, extattr[ns].name, extattr[ns].data.len);
+ list += extattr[ns].data.len;
+ }
+ /* Append attribute name */
+ (void)strlcpy(list, p, len);
+ list += len;
+ }
+ }
+ else {
+ /* Convert UCSD strings into nul-terminated strings */
+ for(list_end = list + list_size; list < list_end; list += len) {
+ len = list[0] + 1;
+ (void)strlcpy(list, list + 1, len);
+ }
+ total_size += list_size;
+ }
+ }
+ return total_size;
+}
+
+/*
+static ssize_t freebsd_fgetxattr_size(struct vfs_handle_struct *handle,
+ struct files_struct *fsp,
+ const char *name)
+{
+ struct freebsd_handle_data *data;
+ extattr_attr attr;
+
+ SMB_ASSERT(!fsp_is_alternate_stream(fsp));
+
+ SMB_VFS_HANDLE_GET_DATA(handle, data,
+ struct freebsd_handle_data,
+ return -1);
+
+ if(!freebsd_map_xattr(data->extattr_mode, name, &attr)) {
+ errno = EINVAL;
+ return -1;
+ }
+
+ if(data->extattr_mode != FREEBSD_EXTATTR_SECURE && geteuid() != 0 && attr.data.flags > EXTATTR_USER) {
+ errno = ENOATTR;
+ return -1;
+ }
+
+ return extattr_size(fsp, &attr);
+}
+*/
+
+/* VFS entries */
+static ssize_t freebsd_fgetxattr(struct vfs_handle_struct *handle,
+ struct files_struct *fsp,
+ const char *name,
+ void *value,
+ size_t size)
+{
+#if defined(HAVE_XATTR_EXTATTR)
+ struct freebsd_handle_data *data;
+ extattr_attr attr;
+ ssize_t res;
+ int fd;
+
+ SMB_ASSERT(!fsp_is_alternate_stream(fsp));
+
+ SMB_VFS_HANDLE_GET_DATA(handle, data,
+ struct freebsd_handle_data,
+ return -1);
+
+ if(!freebsd_map_xattr(data->extattr_mode, name, &attr)) {
+ errno = EINVAL;
+ return -1;
+ }
+
+ /* Filter out 'secure' entries */
+ if(data->extattr_mode != FREEBSD_EXTATTR_SECURE && geteuid() != 0 && attr.data.flags > EXTATTR_USER) {
+ errno = ENOATTR;
+ return -1;
+ }
+
+ /*
+ * The BSD implementation has a nasty habit of silently truncating
+ * the returned value to the size of the buffer, so we have to check
+ * that the buffer is large enough to fit the returned value.
+ */
+ if((res=extattr_size(fsp, &attr)) < 0) {
+ return -1;
+ }
+
+ if (size == 0) {
+ return res;
+ }
+ else if (res > size) {
+ errno = ERANGE;
+ return -1;
+ }
+
+ fd = fsp_get_pathref_fd(fsp);
+
+ if (fsp->fsp_flags.is_pathref) {
+ const char *path = fsp->fsp_name->base_name;
+ if (fsp->fsp_flags.have_proc_fds) {
+ char buf[PATH_MAX];
+ path = sys_proc_fd_path(fd, &buf);
+ if (path == NULL) {
+ return -1;
+ }
+ }
+ /*
+ * This is no longer a handle based call.
+ */
+ return extattr_get_file(path, attr.namespace, attr.name, value, size);
+ }
+ else {
+ return extattr_get_fd(fd, attr.namespace, attr.name, value, size);
+ }
+ return -1;
+#else
+ errno = ENOSYS;
+ return -1;
+#endif
+}
+
+
+static ssize_t freebsd_flistxattr(struct vfs_handle_struct *handle,
+ struct files_struct *fsp,
+ char *list,
+ size_t size)
+{
+#if defined(HAVE_XATTR_EXTATTR)
+ struct freebsd_handle_data *data;
+
+ SMB_ASSERT(!fsp_is_alternate_stream(fsp));
+
+ SMB_VFS_HANDLE_GET_DATA(handle, data,
+ struct freebsd_handle_data,
+ return -1);
+
+ return freebsd_extattr_list(fsp, data->extattr_mode, list, size);
+#else
+ errno = ENOSYS;
+ return -1;
+#endif
+}
+
+
+static int freebsd_fremovexattr(struct vfs_handle_struct *handle,
+ struct files_struct *fsp,
+ const char *name)
+{
+#if defined(HAVE_XATTR_EXTATTR)
+ struct freebsd_handle_data *data;
+ extattr_attr attr;
+ int fd;
+
+ SMB_ASSERT(!fsp_is_alternate_stream(fsp));
+
+ SMB_VFS_HANDLE_GET_DATA(handle, data,
+ struct freebsd_handle_data,
+ return -1);
+
+ if(!freebsd_map_xattr(data->extattr_mode, name, &attr)) {
+ errno = EINVAL;
+ return -1;
+ }
+
+ /* Filter out 'secure' entries */
+ if(data->extattr_mode != FREEBSD_EXTATTR_SECURE && geteuid() != 0 && attr.data.flags > EXTATTR_USER) {
+ errno = ENOATTR;
+ return -1;
+ }
+
+ fd = fsp_get_pathref_fd(fsp);
+
+ if (fsp->fsp_flags.is_pathref) {
+ const char *path = fsp->fsp_name->base_name;
+ if (fsp->fsp_flags.have_proc_fds) {
+ char buf[PATH_MAX];
+ path = sys_proc_fd_path(fd, &buf);
+ if (path == NULL) {
+ return -1;
+ }
+ }
+ /*
+ * This is no longer a handle based call.
+ */
+ return extattr_delete_file(path, attr.namespace, attr.name);
+ }
+ else {
+ return extattr_delete_fd(fd, attr.namespace, attr.name);
+ }
+ return -1;
+#else
+ errno = ENOSYS;
+ return -1;
+#endif
+}
+
+
+static int freebsd_fsetxattr(struct vfs_handle_struct *handle,
+ struct files_struct *fsp,
+ const char *name,
+ const void *value,
+ size_t size,
+ int flags)
+{
+#if defined(HAVE_XATTR_EXTATTR)
+ struct freebsd_handle_data *data;
+ extattr_attr attr;
+ ssize_t res;
+ int fd;
+
+ SMB_ASSERT(!fsp_is_alternate_stream(fsp));
+
+ SMB_VFS_HANDLE_GET_DATA(handle, data,
+ struct freebsd_handle_data,
+ return -1);
+
+ if(!freebsd_map_xattr(data->extattr_mode, name, &attr)) {
+ errno = EINVAL;
+ return -1;
+ }
+
+ /* Filter out 'secure' entries */
+ if(data->extattr_mode != FREEBSD_EXTATTR_SECURE && geteuid() != 0 && attr.data.flags > EXTATTR_USER) {
+ errno = ENOATTR;
+ return -1;
+ }
+
+ if (flags) {
+ /* Check attribute existence */
+ res = extattr_size(fsp, &attr);
+ if (res < 0) {
+ /* REPLACE attribute, that doesn't exist */
+ if ((flags & XATTR_REPLACE) && errno == ENOATTR) {
+ errno = ENOATTR;
+ return -1;
+ }
+ /* Ignore other errors */
+ }
+ else {
+ /* CREATE attribute, that already exists */
+ if (flags & XATTR_CREATE) {
+ errno = EEXIST;
+ return -1;
+ }
+ }
+ }
+
+ fd = fsp_get_pathref_fd(fsp);
+
+ if (fsp->fsp_flags.is_pathref) {
+ const char *path = fsp->fsp_name->base_name;
+ if (fsp->fsp_flags.have_proc_fds) {
+ char buf[PATH_MAX];
+ path = sys_proc_fd_path(fd, &buf);
+ if (path == NULL) {
+ return -1;
+ }
+ }
+ /*
+ * This is no longer a handle based call.
+ */
+ res = extattr_set_file(path, attr.namespace, attr.name, value, size);
+ }
+ else {
+ res = extattr_set_fd(fd, attr.namespace, attr.name, value, size);
+ }
+ return (res >= 0) ? 0 : -1;
+#else
+ errno = ENOSYS;
+ return -1;
+#endif
+}
+
+
+static int freebsd_connect(struct vfs_handle_struct *handle,
+ const char *service,
+ const char *user)
+{
+ struct freebsd_handle_data *data;
+ int enumval, saved_errno;
+
+ int ret = SMB_VFS_NEXT_CONNECT(handle, service, user);
+
+ if (ret < 0) {
+ return ret;
+ }
+
+ data = talloc_zero(handle->conn, struct freebsd_handle_data);
+ if (!data) {
+ saved_errno = errno;
+ SMB_VFS_NEXT_DISCONNECT(handle);
+ DEBUG(0, ("talloc_zero() failed\n"));
+ errno = saved_errno;
+ return -1;
+ }
+
+ enumval = lp_parm_enum(SNUM(handle->conn), "freebsd",
+ "extattr mode", extattr_mode_param, FREEBSD_EXTATTR_LEGACY);
+ if (enumval == -1) {
+ saved_errno = errno;
+ SMB_VFS_NEXT_DISCONNECT(handle);
+ DBG_DEBUG("value for freebsd: 'extattr mode' is unknown\n");
+ errno = saved_errno;
+ return -1;
+ }
+
+ if(freebsd_in_jail()) {
+ enumval = FREEBSD_EXTATTR_COMPAT;
+ DBG_WARNING("running in jail, enforcing 'compat' mode\n");
+ }
+
+ data->extattr_mode = (enum extattr_mode)enumval;
+
+ SMB_VFS_HANDLE_SET_DATA(handle, data, NULL,
+ struct freebsd_handle_data,
+ return -1);
+
+ DBG_DEBUG("connect to service[%s] with '%s' extattr mode\n",
+ service, extattr_mode_param[data->extattr_mode].name);
+
+ return 0;
+}
+
+
+static void freebsd_disconnect(vfs_handle_struct *handle)
+{
+ SMB_VFS_NEXT_DISCONNECT(handle);
+}
+
+/* VFS operations structure */
+
+struct vfs_fn_pointers freebsd_fns = {
+ /* Disk operations */
+ .connect_fn = freebsd_connect,
+ .disconnect_fn = freebsd_disconnect,
+
+ /* EA operations. */
+ .getxattrat_send_fn = vfs_not_implemented_getxattrat_send,
+ .getxattrat_recv_fn = vfs_not_implemented_getxattrat_recv,
+ .fgetxattr_fn = freebsd_fgetxattr,
+ .flistxattr_fn = freebsd_flistxattr,
+ .fremovexattr_fn = freebsd_fremovexattr,
+ .fsetxattr_fn = freebsd_fsetxattr,
+};
+
+static_decl_vfs;
+NTSTATUS vfs_freebsd_init(TALLOC_CTX *ctx)
+{
+ NTSTATUS ret;
+
+ ret = smb_register_vfs(SMB_VFS_INTERFACE_VERSION, "freebsd",
+ &freebsd_fns);
+
+ if (!NT_STATUS_IS_OK(ret)) {
+ return ret;
+ }
+
+ vfs_freebsd_debug_level = debug_add_class("freebsd");
+ if (vfs_freebsd_debug_level == -1) {
+ vfs_freebsd_debug_level = DBGC_VFS;
+ DEBUG(0, ("vfs_freebsd: Couldn't register custom debugging class!\n"));
+ } else {
+ DEBUG(10, ("vfs_freebsd: Debug class number of 'fileid': %d\n", vfs_freebsd_debug_level));
+ }
+
+ return ret;
+}

36
net/samba422/files/patch-source3_modules_vfs__virusfilter__utils.c Normal file
View File

@ -0,0 +1,36 @@
--- source3/modules/vfs_virusfilter_utils.c.orig 2019-01-15 10:07:00 UTC
+++ source3/modules/vfs_virusfilter_utils.c
@@ -392,6 +392,10 @@ bool virusfilter_io_writel(
bool virusfilter_io_writefl(
struct virusfilter_io_handle *io_h,
+ const char *data_fmt, ...) PRINTF_ATTRIBUTE(2, 3);
+
+bool virusfilter_io_writefl(
+ struct virusfilter_io_handle *io_h,
const char *data_fmt, ...)
{
va_list ap;
@@ -415,6 +419,10 @@ bool virusfilter_io_writefl(
bool virusfilter_io_vwritefl(
struct virusfilter_io_handle *io_h,
+ const char *data_fmt, va_list ap) PRINTF_ATTRIBUTE(2, 0);
+
+bool virusfilter_io_vwritefl(
+ struct virusfilter_io_handle *io_h,
const char *data_fmt, va_list ap)
{
char data[VIRUSFILTER_IO_BUFFER_SIZE + VIRUSFILTER_IO_EOL_SIZE];
@@ -666,6 +674,11 @@ bool virusfilter_io_readl(TALLOC_CTX *ct
bool virusfilter_io_writefl_readl(
struct virusfilter_io_handle *io_h,
char **read_line,
+ const char *fmt, ...) PRINTF_ATTRIBUTE(3, 4);
+
+bool virusfilter_io_writefl_readl(
+ struct virusfilter_io_handle *io_h,
+ char **read_line,
const char *fmt, ...)
{
bool ok;

182
net/samba422/files/patch-source3_modules_vfs__zfsacl.c Normal file
View File

@ -0,0 +1,182 @@
--- source3/modules/vfs_zfsacl.c 2024-07-29 11:03:15.390630700 +0200
+++ source3/modules/vfs_zfsacl.c 2025-01-07 15:56:32.048227000 +0100
@@ -169,6 +169,7 @@
bool must_add_empty_ace = false;
struct zfsacl_config_data *config = NULL;
int fd;
+ struct sys_proc_fd_path_buf buf;
SMB_VFS_HANDLE_GET_DATA(handle, config,
struct zfsacl_config_data,
@@ -235,24 +236,52 @@
SMB_ASSERT(i == naces);
/* store acl */
- fd = fsp_get_pathref_fd(fsp);
- if (fd == -1) {
+
+ if (!fsp->fsp_flags.is_pathref) {
+ fd = fsp_get_io_fd(fsp);
+
+ rv = facl(fd, ACE_SETACL, naces, acebuf);
+ if (rv != 0) {
+ DEBUG(8, ("zfs_process_smbacl(%s): Not PATHREF: facl(ACE_SETACL, %d): %s\n",
+ fsp_str_dbg(fsp), naces,
+ strerror(errno)));
+ return false;
+ }
+ DEBUG(10, ("zfs_process_smbacl(%s): Not PATHREF: facl(ACE_SETACL, %d) -> %d\n",
+ fsp_str_dbg(fsp), naces,
+ rv));
+
+ } else if (fsp->fsp_flags.have_proc_fds) {
+ fd = fsp_get_pathref_fd(fsp);
+ if (fd == -1) {
+ DEBUG(8, ("zfs_process_smbacl(%s): PATHREF(proc_fd): fsp_get_pathref_fd=-1: %s\n",
+ fsp_str_dbg(fsp), strerror(errno)));
errno = EBADF;
return false;
- }
- rv = facl(fd, ACE_SETACL, naces, acebuf);
- if (rv != 0) {
- if(errno == ENOSYS) {
- DEBUG(9, ("acl(ACE_SETACL, %s): Operation is not "
- "supported on the filesystem where the file "
- "resides\n", fsp_str_dbg(fsp)));
- } else {
- DEBUG(9, ("acl(ACE_SETACL, %s): %s\n", fsp_str_dbg(fsp),
- strerror(errno)));
- }
+ }
+ rv = acl(sys_proc_fd_path(fd, &buf), ACE_SETACL, naces, acebuf);
+ if (rv != 0) {
+ DEBUG(8, ("zfs_process_smbacl(%s): acl(ACE_SETACL, %d): %s\n",
+ fsp_str_dbg(fsp), naces,
+ strerror(errno)));
return false;
+ }
+ DEBUG(10, ("zfs_process_smbacl(%s): PATHREF(proc_fd): acl(ACE_SETACL, %d) -> %d\n",
+ fsp_str_dbg(fsp), naces,
+ rv));
+ } else {
+ rv = acl(fsp->fsp_name->base_name, ACE_SETACL, naces, acebuf);
+ if (rv != 0) {
+ DEBUG(8, ("zfs_process_smbacl(%s): PATHREF(base_name): acl(ACE_SETACL, %d): %s\n",
+ fsp_str_dbg(fsp), naces,
+ strerror(errno)));
+ return false;
+ }
+ DEBUG(10, ("zfs_process_smbacl(%s): PATHREF(base_name): facl(ACE_SETACL, %d) -> %d\n",
+ fsp_str_dbg(fsp), naces,
+ rv));
}
-
+
return True;
}
@@ -282,25 +311,46 @@
struct files_struct *fsp,
ace_t **outbuf)
{
- int naces, rv;
+ int naces, rv = -1, fd = -1;
ace_t *acebuf = NULL;
- int fd;
+ struct sys_proc_fd_path_buf buf;
- fd = fsp_get_pathref_fd(fsp);
- if (fd == -1) {
+
+ if (!fsp->fsp_flags.is_pathref) {
+ fd = fsp_get_io_fd(fsp);
+ if (fd == -1) {
+ DEBUG(8, ("fget_zfsacl(%s): Not PATHREF: fsp_get_io_fd=-1: %s\n",
+ fsp_str_dbg(fsp), strerror(errno)));
errno = EBADF;
return -1;
- }
- naces = facl(fd, ACE_GETACLCNT, 0, NULL);
- if (naces == -1) {
- int dbg_level = 10;
-
- if (errno == ENOSYS) {
- dbg_level = 1;
- }
- DEBUG(dbg_level, ("facl(ACE_GETACLCNT, %s): %s\n",
+ }
+ naces = facl(fd, ACE_GETACLCNT, 0, NULL);
+ if (naces == -1) {
+ DEBUG(8, ("fget_zfsacl(%s): Not PATHREF: facl(ACE_GETACLCNT): %s\n",
+ fsp_str_dbg(fsp), strerror(errno)));
+ return -1;
+ }
+ } else if (fsp->fsp_flags.have_proc_fds) {
+ fd = fsp_get_pathref_fd(fsp);
+ if (fd == -1) {
+ DEBUG(8, ("fget_zfsacl(%s): PATHREF(proc_fd): fsp_get_pathref_fd=-1: %s\n",
+ fsp_str_dbg(fsp), strerror(errno)));
+ errno = EBADF;
+ return -1;
+ }
+ naces = acl(sys_proc_fd_path(fd, &buf), ACE_GETACLCNT, 0, NULL);
+ if (naces == -1) {
+ DEBUG(8, ("fget_zfsacl(%s): PATHREF(proc_fd): acl(ACE_GETACLCNT): %s\n",
fsp_str_dbg(fsp), strerror(errno)));
- return naces;
+ return -1;
+ }
+ } else {
+ naces = acl(fsp->fsp_name->base_name, ACE_GETACLCNT, 0, NULL);
+ if (naces == -1) {
+ DEBUG(8, ("fget_zfsacl(%s): PATHREF(base_name): acl(ACE_GETACLCNT): %s\n",
+ fsp_str_dbg(fsp), strerror(errno)));
+ return -1;
+ }
}
acebuf = talloc_size(mem_ctx, sizeof(ace_t)*naces);
@@ -309,15 +359,37 @@
return -1;
}
- rv = facl(fd, ACE_GETACL, naces, acebuf);
- if (rv == -1) {
- DBG_DEBUG("acl(ACE_GETACL, %s): %s\n",
- fsp_str_dbg(fsp), strerror(errno));
+ if (!fsp->fsp_flags.is_pathref) {
+ rv = facl(fd, ACE_GETACL, naces, acebuf);
+ if (rv == -1) {
+ DEBUG(8, ("fget_zfsacl(%s): Not PATHREF: facl(ACE_GETACL): %s\n",
+ fsp_str_dbg(fsp), strerror(errno)));
return -1;
+ }
+ DEBUG(10, ("fget_zfsacl(%s): Not PATHREF: facl(ACE_GETACL) -> %d entries\n",
+ fsp_str_dbg(fsp), rv));
+ } else if (fsp->fsp_flags.have_proc_fds) {
+ rv = acl(sys_proc_fd_path(fd, &buf), ACE_GETACL, naces, acebuf);
+ if (rv == -1) {
+ DEBUG(8, ("fget_zfsacl(%s): PATHREF(proc_fd): acl(ACE_GETACL): %s\n",
+ fsp_str_dbg(fsp), strerror(errno)));
+ return -1;
+ }
+ DEBUG(10, ("fget_zfsacl(%s): PATHREF(proc_fd): acl(ACE_GETACL) -> %d entries\n",
+ fsp_str_dbg(fsp), rv));
+ } else {
+ rv = acl(fsp->fsp_name->base_name, ACE_GETACL, naces, acebuf);
+ if (rv == -1) {
+ DEBUG(8, ("fget_zfsacl(%s): PATHREF(base_name): acl(ACE_GETACL): %s\n",
+ fsp_str_dbg(fsp), strerror(errno)));
+ return -1;
+ }
+ DEBUG(10, ("fget_zfsacl(%s): PATHREF(base_name): acl(ACE_GETACL) -> %d entries\n",
+ fsp_str_dbg(fsp), rv));
}
-
+
*outbuf = acebuf;
- return naces;
+ return rv;
}
static NTSTATUS zfsacl_fget_nt_acl(struct vfs_handle_struct *handle,

16
net/samba422/files/patch-source3_modules_wscript__build Normal file
View File

@ -0,0 +1,16 @@
--- source3/modules/wscript_build.orig 2025-02-06 10:31:54 UTC
+++ source3/modules/wscript_build
@@ -641,6 +641,13 @@ bld.SAMBA3_MODULE('vfs_delay_inject',
enabled=bld.SAMBA3_IS_ENABLED_MODULE('vfs_delay_inject'),
install=False)
+bld.SAMBA3_MODULE('vfs_freebsd',
+ subsystem='vfs',
+ source='vfs_freebsd.c',
+ init_function='',
+ internal_module=bld.SAMBA3_IS_STATIC_MODULE('vfs_freebsd'),
+ enabled=bld.SAMBA3_IS_ENABLED_MODULE('vfs_freebsd'))
+
bld.SAMBA3_MODULE('vfs_widelinks',
subsystem='vfs',
source='vfs_widelinks.c',

32
net/samba422/files/patch-source3_param_loadparm.c Normal file
View File

@ -0,0 +1,32 @@
--- source3/param/loadparm.c.orig 2025-02-06 10:31:54 UTC
+++ source3/param/loadparm.c
@@ -2890,9 +2890,29 @@ static void init_locals(void)
} else {
if (lp_parm_const_string(-1, "xattr_tdb", "file", NULL)) {
lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr xattr_tdb");
+ /*
+ * By default, the samba sysvol is located in the statedir. Provisioning will fail in setntacl
+ * unless we have zfacl enabled. Unfortunately, at this point the smb.conf has not been generated.
+ * This workaround is freebsd-specific.
+ */
+#if defined(_PC_ACL_EXTENDED)
+ } else if (pathconf(lp_state_directory(), _PC_ACL_EXTENDED) == 1) {
+ lp_do_parameter(-1, "vfs objects", "dfs_samba4 freebsd");
+#endif
+#if defined(_PC_ACL_NFS4)
+ } else if (pathconf(lp_state_directory(), _PC_ACL_NFS4) == 1) {
+ lp_do_parameter(-1, "vfs objects", "dfs_samba4 zfsacl");
+#endif
} else if (lp_parm_const_string(-1, "posix", "eadb", NULL)) {
lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr posix_eadb");
} else {
+ /*
+ * This should only set dfs_samba4 and leave acl_xattr
+ * to be set later (or zfsacl). The only reason the decision
+ * can't be made here to load acl_xattr or zfsacl is
+ * that we don't have access to what the target
+ * directory is.
+ */
lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr");
}
}

10
net/samba422/files/patch-source3_registry_tests_test__regfio.c Normal file
View File

@ -0,0 +1,10 @@
--- source3/registry/tests/test_regfio.c.orig 2019-05-07 08:38:21 UTC
+++ source3/registry/tests/test_regfio.c
@@ -24,6 +24,7 @@
#include <errno.h>
#include <stdlib.h>
+#include <unistd.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>

230
net/samba422/files/patch-source3_smbd_pysmbd.c Normal file
View File

@ -0,0 +1,230 @@
--- source3/smbd/pysmbd.c.orig 2025-02-20 12:58:50 UTC
+++ source3/smbd/pysmbd.c
@@ -507,6 +507,20 @@ static SMB_ACL_T make_simple_acl(TALLOC_CTX *mem_ctx,
return acl;
}
+static SMB_ACL_T make_simple_nfsv4_acl(TALLOC_CTX *mem_ctx,
+ gid_t gid,
+ mode_t chmod_mode)
+{
+ /*
+ * This function needs to create an NFSv4 ACL. Currently, the only way
+ * to do so is to use the operating system interface, or to use the
+ * functions in source3/modules/nfs4_acls.c. These seems ugly and
+ * hacky. NFSv4 ACL's should be a first class citizen and
+ * librpc/idl/smb_acl.idl should be modified accordingly.
+ */
+ return NULL;
+}
+
/*
set a simple ACL on a file, as a test
*/
@@ -579,7 +593,85 @@ static PyObject *py_smbd_set_simple_acl(PyObject *self
Py_RETURN_NONE;
}
+
/*
+ set a simple NFSv4 ACL on a file, as a test
+ */
+static PyObject *py_smbd_set_simple_nfsv4_acl(PyObject *self, PyObject *args, PyObject *kwargs)
+{
+ const char * const kwnames[] = {
+ "fname",
+ "mode",
+ "session_info",
+ "gid",
+ "service",
+ NULL
+ };
+ char *fname, *service = NULL;
+ PyObject *py_session = Py_None;
+ struct auth_session_info *session_info = NULL;
+ int ret;
+ int mode, gid = -1;
+ SMB_ACL_T acl;
+ TALLOC_CTX *frame;
+ connection_struct *conn;
+
+ if (!PyArg_ParseTupleAndKeywords(args, kwargs, "siO|iz",
+ discard_const_p(char *, kwnames),
+ &fname,
+ &mode,
+ &py_session,
+ &gid,
+ &service))
+ return NULL;
+
+ if (!py_check_dcerpc_type(py_session,
+ "samba.dcerpc.auth",
+ "session_info")) {
+ return NULL;
+ }
+ session_info = pytalloc_get_type(py_session,
+ struct auth_session_info);
+ if (session_info == NULL) {
+ PyErr_Format(PyExc_TypeError,
+ "Expected auth_session_info for session_info argument got %s",
+ pytalloc_get_name(py_session));
+ return NULL;
+ }
+
+ frame = talloc_stackframe();
+
+ acl = make_simple_nfsv4_acl(frame, gid, mode);
+ if (acl == NULL) {
+ TALLOC_FREE(frame);
+ Py_RETURN_NONE;
+ }
+
+ conn = get_conn_tos(service, session_info);
+ if (!conn) {
+ TALLOC_FREE(frame);
+ Py_RETURN_NONE;
+ }
+
+ /*
+ * SMB_ACL_TYPE_ACCESS -> ACL_TYPE_ACCESS -> Not valid for NFSv4 ACL
+ */
+ ret = 0;
+
+ /* ret = set_sys_acl_conn(fname, SMB_ACL_TYPE_ACCESS, acl, conn); */
+
+ if (ret != 0) {
+ TALLOC_FREE(frame);
+ errno = ret;
+ return PyErr_SetFromErrno(PyExc_OSError);
+ }
+
+ TALLOC_FREE(frame);
+
+ Py_RETURN_NONE;
+}
+
+/*
chown a file
*/
static PyObject *py_smbd_chown(PyObject *self, PyObject *args, PyObject *kwargs)
@@ -767,7 +859,7 @@ static PyObject *py_smbd_unlink(PyObject *self, PyObje
}
/*
- check if we have ACL support
+ check if we have POSIX.1e ACL support
*/
static PyObject *py_smbd_have_posix_acls(PyObject *self,
PyObject *Py_UNUSED(ignored))
@@ -779,7 +871,84 @@ static PyObject *py_smbd_have_posix_acls(PyObject *sel
#endif
}
+static PyObject *py_smbd_has_posix_acls(PyObject *self, PyObject *args, PyObject *kwargs)
+{
+ const char * const kwnames[] = { "path", NULL };
+ char *path = NULL;
+ TALLOC_CTX *frame;
+ struct statfs fs;
+ int ret = false;
+
+ frame = talloc_stackframe();
+
+ if (!PyArg_ParseTupleAndKeywords(args, kwargs, "s|z",
+ discard_const_p(char *, kwnames), &path)) {
+ TALLOC_FREE(frame);
+ return NULL;
+ }
+
+ if (statfs(path, &fs) != 0) {
+ TALLOC_FREE(frame);
+ return NULL;
+ }
+
+ if (fs.f_flags & MNT_ACLS)
+ ret = true;
+
+ TALLOC_FREE(frame);
+ return PyBool_FromLong(ret);
+}
+
/*
+ check if we have NFSv4 ACL support
+ */
+static PyObject *py_smbd_have_nfsv4_acls(PyObject *self)
+{
+#ifdef HAVE_LIBSUNACL
+ return PyBool_FromLong(true);
+#else
+ return PyBool_FromLong(false);
+#endif
+}
+
+static PyObject *py_smbd_has_nfsv4_acls(PyObject *self, PyObject *args, PyObject *kwargs)
+{
+ const char * const kwnames[] = { "path", NULL };
+ char *path = NULL;
+ TALLOC_CTX *frame;
+ struct statfs fs;
+ int ret = false;
+
+ frame = talloc_stackframe();
+
+ if (!PyArg_ParseTupleAndKeywords(args, kwargs, "s|z",
+ discard_const_p(char *, kwnames), &path)) {
+ TALLOC_FREE(frame);
+ return NULL;
+ }
+
+ if (statfs(path, &fs) != 0) {
+ TALLOC_FREE(frame);
+ return NULL;
+ }
+
+ if (fs.f_flags & MNT_NFS4ACLS)
+ ret = true;
+
+ TALLOC_FREE(frame);
+ return PyBool_FromLong(ret);
+}
+
+
+static PyObject *py_smbd_set_nfsv4_defaults(PyObject *self)
+{
+ /*
+ * It is really be done in source3/param/loadparm.c
+ */
+ Py_RETURN_NONE;
+}
+
+/*
set the NT ACL on a file
*/
static PyObject *py_smbd_set_nt_acl(PyObject *self, PyObject *args, PyObject *kwargs)
@@ -1284,8 +1453,26 @@ static PyMethodDef py_smbd_methods[] = {
{ "have_posix_acls",
(PyCFunction)py_smbd_have_posix_acls, METH_NOARGS,
NULL },
+ { "has_posix_acls",
+ PY_DISCARD_FUNC_SIG(PyCFunction, py_smbd_has_posix_acls),
+ METH_VARARGS|METH_KEYWORDS,
+ NULL },
+ { "have_nfsv4_acls",
+ (PyCFunction)py_smbd_have_nfsv4_acls, METH_NOARGS,
+ NULL },
+ { "has_nfsv4_acls",
+ PY_DISCARD_FUNC_SIG(PyCFunction, py_smbd_has_nfsv4_acls),
+ METH_VARARGS|METH_KEYWORDS,
+ NULL },
+ { "set_nfsv4_defaults",
+ (PyCFunction)py_smbd_set_nfsv4_defaults, METH_NOARGS,
+ NULL },
{ "set_simple_acl",
PY_DISCARD_FUNC_SIG(PyCFunction, py_smbd_set_simple_acl),
+ METH_VARARGS|METH_KEYWORDS,
+ NULL },
+ { "set_simple_nfsv4_acl",
+ PY_DISCARD_FUNC_SIG(PyCFunction, py_smbd_set_simple_nfsv4_acl),
METH_VARARGS|METH_KEYWORDS,
NULL },
{ "set_nt_acl",

11
net/samba422/files/patch-source3_winbindd_wscript__build Normal file
View File

@ -0,0 +1,11 @@
--- source3/winbindd/wscript_build.orig 2019-01-15 10:07:00 UTC
+++ source3/winbindd/wscript_build
@@ -2,7 +2,7 @@
bld.SAMBA3_LIBRARY('idmap',
source='idmap.c idmap_util.c',
- deps='samba-util pdb',
+ deps='pdb samba-modules secrets3',
allow_undefined_symbols=True,
private_library=True)

31
net/samba422/files/pkg-message.in Normal file
View File

@ -0,0 +1,31 @@
[
{ type: install
message: <<EOM
How to start: http://wiki.samba.org/index.php/Samba4/HOWTO
* Your configuration is: %%SAMBA4_CONFDIR%%/%%SAMBA4_CONFIG%%
* All the relevant databases are under: %%SAMBA4_LOCKDIR%%
* All the logs are under: %%SAMBA4_LOGDIR%%
%%AD_DC%%* Provisioning script is: %%PREFIX%%/bin/samba-tool
%%AD_DC%%
%%AD_DC%%For the working DNS updates you will need to either build dns/bind9*
%%AD_DC%%with the enabled GSSAPI(GSSAPI_MIT5 is recommended) or install
%%AD_DC%%dns/samba-nsupdate package, which is preconfigured with such a support.
%%AD_DC%%
%%AD_DC%%You will need to specify location of the 'nsupdate' command in the
%%AD_DC%%%%SAMBA4_CONFIG%% file:
%%AD_DC%%
%%AD_DC%% nsupdate command = %%PREFIX%%/bin/samba-nsupdate -g
%%AD_DC%%
%%AD_DC%%For additional documentation check: https://wiki.samba.org/index.php/User_Documentation
Port related bug reports can go to the https://gitlab.com/samba-freebsd/ports/-/issues or
to the FreeBSD Bugzilla https://bugs.freebsd.org/
All Samba related bug reports should go to the: https://bugzilla.samba.org/
EOM
}
]

253
net/samba422/files/samba_server.in Normal file
View File

@ -0,0 +1,253 @@
#!/bin/sh
# PROVIDE: samba_server
# REQUIRE: NETWORKING SERVERS DAEMON ldconfig resolv ntpd %%SAMBA4_SERVICES%%
# BEFORE: LOGIN
# KEYWORD: shutdown
# Add the following lines to /etc/rc.conf.local or /etc/rc.conf
# to enable this service:
#
#samba_server_enable=YES
#
# You can disable/enable any of the Samba daemons by specifying:
#samba_enable=NO
#nmbd_enable=NO
#smbd_enable=NO
# You need to enable winbindd separately, by adding:
#winbindd_enable=YES
# Configuration file can be set with:
#samba_server_config=%%SAMBA4_CONFDIR%%/%%SAMBA4_CONFIG%%
#
# shellcheck disable=SC2034,SC2086,SC3043
# shellcheck source=/dev/null
. /etc/rc.subr
name=samba_server
rcvar=samba_server_enable
desc="Samba4 server startup script"
# Load configuration
load_rc_config "${name}"
# Custom commands
extra_commands="reload status configtest"
start_precmd=samba_server_prestart
restart_precmd=samba_server_checkconfig
reload_precmd=samba_server_checkconfig
start_cmd=samba_server_cmd
stop_cmd=samba_server_cmd
status_cmd=samba_server_cmd
configtest_cmd=samba_server_checkconfig
reload_cmd=samba_server_reload_cmd
rcvar_cmd=samba_server_rcvar_cmd
stop_postcmd=samba_server_poststop
# Defaults
samba_server_config_default=%%SAMBA4_CONFDIR%%/%%SAMBA4_CONFIG%%
smbcontrol_command=%%PREFIX%%/bin/smbcontrol
samba_server_checkconfig()
{
printf "Performing sanity check on Samba configuration: "
if ${testparm_command} >/dev/null 2>&1; then
echo "OK"
else
echo "FAILED"
return 1
fi
}
samba_server_prestart()
{
samba_server_checkconfig
# Make sure we have our RUNDIR, even if it's on a tmpfs
if [ -d "${samba_server_piddir}" ] || [ ! -e "${samba_server_piddir}" ]; then
install -d -m 0755 "${samba_server_piddir}"
fi
# https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=200186
if [ -d "${samba_server_privatedir}" ] || [ ! -e "${samba_server_privatedir}" ]; then
install -d -m 0700 "${samba_server_privatedir}"
fi
#
if ! df -t fdescfs -T "${samba_server_piddir}/fd" >/dev/null 2>&1; then
install -d -m 0555 "${samba_server_piddir}/fd"
if can_mount fdescfs; then
mount -t fdescfs -o nodup none "${samba_server_piddir}/fd"
else
warn "${name}: cannot fdescfs mount to ${samba_server_piddir}/fd"
fi
fi
}
samba_server_poststop()
{
if df -t fdescfs -T "${samba_server_piddir}/fd" >/dev/null 2>&1; then
if can_mount fdescfs; then
umount "${samba_server_piddir}/fd"
fi
fi
}
samba_server_rcvar_cmd()
{
local name rcvar desc
rcvar=${name}_enable
# Prevent recursive calling
unset "${rc_arg}_cmd" "${rc_arg}_precmd" "${rc_arg}_postcmd"
# Check master variable
run_rc_command "${_rc_prefix}${rc_arg}" ${rc_extra_args}
# Check dependent variables
#unset desc
for name in ${samba_daemons}; do
# reset loop vars
rcvars=''; v=''
rcvar=${name}_enable
eval "desc=\${${name}_desc}"
run_rc_command "${_rc_prefix}${rc_arg}" ${rc_extra_args}
done
}
samba_server_reload_cmd()
{
local name rcvar command pidfile force_run
# Prevent recursive calling
unset "${rc_arg}_cmd" "${rc_arg}_precmd" "${rc_arg}_postcmd"
# Ignore rcvar and run command
if [ -n "${_rc_prefix}" ] && [ "${_rc_prefix}" = "one" ] || [ -n "${rc_force}" ] || [ -n "${rc_fast}" ]; then
force_run=yes
fi
# Apply to all daemons
for name in ${samba_daemons}; do
rcvar=${name}_enable
command="%%PREFIX%%/sbin/${name}"
pidfile="${samba_server_piddir}/${name}.pid"
# Daemon should be enabled and running
if ( [ -n "${rcvar}" ] && checkyesno "${rcvar}" ) || [ -n "$force_run" ]; then
if [ -n "$(check_pidfile "${pidfile}" "${command}")" ]; then
debug "reloading ${name} configuration"
echo "Reloading ${name}."
${smbcontrol_command} "${name}" 'reload-config' ${command_args} >/dev/null 2>&1
fi
fi
done
}
samba_server_cmd()
{
local name rcvar rcvars v command pidfile samba_daemons samba_postcmd result force_run
# Stop processes in the reverse order
if [ "${rc_arg}" = "stop" ] ; then
samba_daemons=$(reverse_list ${samba_daemons})
fi
# Within the cmd itself we operate with the global _precmd, _cmd and _postcmd
samba_postcmd=$_postcmd
# Prevent recursive calling
unset "${rc_arg}_cmd" "${rc_arg}_precmd" "${rc_arg}_postcmd"
# Ignore rcvar and run command
if [ -n "${_rc_prefix}" ] && [ "${_rc_prefix}" = "one" ] || [ -n "${rc_force}" ] || [ -n "${rc_fast}" ]; then
force_run=yes
fi
# Assume success
result=0
# Apply to all daemons
for name in ${samba_daemons}; do
# XXX
#rcvars=''; v=''
rcvar=${name}_enable
command="%%PREFIX%%/sbin/${name}"
pidfile="${samba_server_piddir}/${name}.pid"
# Daemon should be enabled and running
if ( [ -n "${rcvar}" ] && checkyesno "${rcvar}" ) || [ -n "$force_run" ]; then
run_rc_command "${_rc_prefix}${rc_arg}" ${rc_extra_args}
# If any of the commands failed, take it as a global result
result=$((result || $?))
fi
done
if [ -n "${samba_postcmd}" ]; then
eval "_postcmd=${samba_postcmd}"
fi
return $result
}
samba_server_config_init()
{
local name
# Defaults
samba_server_enable=${samba_server_enable:=NO}
samba_server_config=${samba_server_config=${samba_server_config_default}}
samba_server_configfile_arg=${samba_server_config:+--configfile="${samba_server_config}"} #"
#testparm_command="%%PREFIX%%/bin/samba-tool testparm --suppress-prompt --verbose ${samba_server_configfile_arg}"
testparm_command="%%PREFIX%%/bin/testparm --suppress-prompt --verbose ${samba_server_config}"
# Determine what daemons are necessary to run Samba in the current role
samba_server_role=$(${testparm_command} --parameter-name='server role' 2>/dev/null)
case "${samba_server_role}" in
active\ directory\ domain\ controller)
samba_daemons="samba"
;;
auto|*)
samba_daemons="nmbd smbd winbindd"
;;
esac
# Load daemons configuration
for name in ${samba_daemons}; do
load_rc_config "${name}"
# If samba_server_enable is 'YES'
if [ -n "${rcvar}" ] && checkyesno "${rcvar}"; then
if [ "${name}" != "winbindd" ]; then
# Set variable to 'YES' only if it is unset
eval "${name}_enable=\${${name}_enable-YES}"
else
# Winbindd
samba_server_idmap=$(${testparm_command} --parameter-name='idmap uid' 2>/dev/null)
if [ -n "${samba_server_idmap}" ]; then
winbindd_enable="YES"
fi
fi
fi
# If variable is empty, set it to 'NO'
eval "${name}_enable=\${${name}_enable:-NO}"
done
# Fetch parameters from configuration file
samba_server_lockdir="$(${testparm_command} --parameter-name='lock directory' 2>/dev/null)"
samba_server_lockdir=${samba_server_lockdir:=%%SAMBA4_LOCKDIR%%}
samba_server_piddir="$(${testparm_command} --parameter-name='pid directory' 2>/dev/null)"
samba_server_piddir=${samba_server_piddir:=%%SAMBA4_RUNDIR%%}
samba_server_privatedir="$(${testparm_command} --parameter-name='private dir' 2>/dev/null)"
samba_server_privatedir=${samba_server_privatedir:=%%SAMBA4_PRIVATEDIR%%}
}
can_mount()
{
local kld
kld=$1
if ! load_kld $kld; then
return 1
fi
if [ $(${SYSCTL_N} security.jail.jailed) -eq 0 ]; then
return 0
fi
if [ $(${SYSCTL_N} security.jail.mount_allowed) -eq 1 ] &&
[ $(${SYSCTL_N} security.jail.mount_${kld}_allowed) -eq 1 ]; then
return 0
fi
return 1
}
# Load configuration variables
samba_server_config_init
nmbd_desc="NetBIOS name server"
smbd_desc="SMB/CIFS services server"
winbindd_desc="Name Service Switch server"
# Common flags
command_args=${samba_server_configfile_arg}
samba_flags=${samba_flags="--daemon"}
nmbd_flags=${nmbd_flags="--daemon"}
smbd_flags=${smbd_flags="--daemon"}
winbindd_flags=${winbindd_flags="--daemon"}
# Requirements
required_files="${samba_server_config}"
required_dirs="${samba_server_lockdir}"
run_rc_command "$1"