Update

(some of them don't applies correctly)

devel/gmake3/Makefile

@@ -0,0 +1,29 @@
+PORTNAME=	make
+DISTVERSION=	3.81
+CATEGORIES=	devel
+MASTER_SITES=	GNU
+PKGNAMEPREFIX=	g
+PKGNAMESUFFIX=	3
+
+# note: before committing to this port, contact portmgr to arrange for an
+# experimental ports run.  Untested commits may be backed out at portmgr's
+# discretion.
+MAINTAINER=	allanjude@FreeBSD.org
+COMMENT=	Last GPLv2 version of GNU 'make' utility
+WWW=		https://www.gnu.org/software/make/
+
+LICENSE=	GPLv2
+LICENSE_FILE=	${WRKSRC}/COPYING
+
+USES=		cpe tar:bz2
+CPE_VENDOR=	gnu
+
+GNU_CONFIGURE=	yes
+GNU_CONFIGURE_MANPREFIX=${PREFIX}/share
+CONFIGURE_ARGS=	--program-prefix=g \
+		--program-suffix=3 \
+		--disable-nls \
+		--disable-info \
+		--without-guile
+
+.include <bsd.port.mk>

devel/gmake3/distinfo

@@ -0,0 +1,3 @@
+TIMESTAMP = 1747413857
+SHA256 (make-3.81.tar.bz2) = f3e69023771e23908f5d5592954d8271d3d6af09693cecfd29cee6fde8550dc8
+SIZE (make-3.81.tar.bz2) = 1151445

devel/gmake3/pkg-descr

@@ -0,0 +1,4 @@
+This is the last GPLv2 licensed version of GNU make.
+GNU make is a tool that controls the generation of executables and other
+non-source files from source files.  Its purpose is the same as that
+of the utility make(1).

devel/gmake3/pkg-plist

@@ -0,0 +1,2 @@
+bin/gmake3
+share/man/man1/gmake3.1.gz

devel/kati/Makefile

@@ -0,0 +1,38 @@
+PORTNAME=	kati
+MASTER_SITES=	http://yhm1.klara.systems/kati/
+PORTVERSION=	0.1
+CATEGORIES=	devel
+
+MAINTAINER=	allanjude@FreeBSD.org
+COMMENT=	Apache licensed replacement for GNU make
+WWW=		https://github.com/google/kati
+
+LICENSE=	APACHE20
+LICENSE_FILE=	${WRKSRC}/LICENSE
+
+#Kati is pretending to be gmake, so we can't USES gmake here
+##USES=		gmake
+
+BUILD_DEPENDS+=		gmake>=4.4.1:devel/gmake
+CONFIGURE_ENV+=		MAKE=gmake
+MAKE_CMD=		gmake
+
+CONFLICTS_INSTALL=	gmake
+
+# PROJECT TOKEN:
+#   Name: kati-port-ci
+#   Token: glpat-m9-NUmzPFAWfDFhur99s
+#   Scopes: read_repository
+#USE_GITLAB=	yes
+#GL_SITE=	https://gitlab.klara.systems
+#GL_SITE=        https://xavier.beaudouin\@klarasystems.com:xMwy3nX7PTwUudg@gitlab.klara.systems
+#GL_ACCOUNT=	prettybsd
+#GL_PROJECT=	kati
+#GL_TAGNAME=	1dc6868c0a4a6d17bf5527e06a5cb23cac5a6043
+
+NO_CHECKSUM=	yes
+
+do-install:
+	${INSTALL_PROGRAM} ${WRKSRC}/ckati ${STAGEDIR}${PREFIX}/bin/gmake
+
+.include <bsd.port.mk>

devel/kati/pkg-descr

@@ -0,0 +1 @@
+Kati is an apache licensed replacement for GNU make

devel/kati/pkg-plist

@@ -0,0 +1 @@
+bin/gmake

mail/exim-ldap2/Makefile

@@ -0,0 +1,6 @@
+PKGNAMESUFFIX=	-ldap2
+MASTERDIR=	${.CURDIR}/../exim
+
+OPTIONS_SLAVE=	OPENLDAP
+
+.include "${MASTERDIR}/Makefile"

mail/exim-monitor/Makefile

@@ -0,0 +1,15 @@
+PKGNAMESUFFIX=	-monitor
+
+COMMENT=	The Exim monitor for the Exim MTA
+
+MASTERDIR=	${.CURDIR}/../exim
+
+EXIMON_ONLY=	yes
+OPTIONS_SLAVE=	EXIMON
+
+# This dependency is disabled, because it prevents package users from
+# using the exim-monitor package with any of the exim slave packages.
+#
+#RUN_DEPENDS=	${LOCALBASE}/sbin/exim:mail/exim
+
+.include "${MASTERDIR}/Makefile"

mail/exim-monitor/files/patch-OS__Makefile-Base

@@ -0,0 +1,12 @@
+--- OS/Makefile-Base.orig	Wed Aug 15 13:09:05 2001
++++ OS/Makefile-Base	Mon Aug 27 14:59:04 2001
+@@ -19,7 +19,8 @@
+ # up-to-date. Then the os-specific source files and the C configuration file
+ # are set up, and finally it goes to the main Exim target.
+ 
+-all:    $(EDITME) checklocalmake Makefile os.h os.c config.h allexim
++all:    $(EDITME) checklocalmake Makefile os.h os.c config.h buildpcre \
++	eximon.bin
+ 
+ checklocalmake:
+ 	@if $(SHELL) $(SCRIPTS)/newer $(EDITME)-$(OSTYPE) $(EDITME) || \

mail/exim-monitor/files/patch-OS__Makefile-FreeBSD

@@ -0,0 +1,10 @@
+--- OS/Makefile-FreeBSD.orig	Mon Jun 11 12:04:05 2001
++++ OS/Makefile-FreeBSD	Mon Jun 11 12:04:33 2001
+@@ -5,6 +5,7 @@
+ PORTOBJFORMAT!= test -x /usr/bin/objformat && /usr/bin/objformat || echo aout
+ 
+ CHOWN_COMMAND=/usr/sbin/chown
++STRIP_COMMAND=/usr/bin/strip
+ 
+ HAVE_SA_LEN=YES
+ 

mail/exim-monitor/files/patch-src__EDITME

@@ -0,0 +1,55 @@
+--- src/EDITME.orig	Mon Aug 27 14:35:47 2001
++++ src/EDITME	Mon Aug 27 14:37:31 2001
+@@ -98,7 +98,7 @@
+ # /usr/local/sbin. The installation script will try to create this directory,
+ # and any superior directories, if they do not exist.
+ 
+-BIN_DIRECTORY=/usr/exim/bin
++BIN_DIRECTORY=XX_PREFIX_XX/sbin
+ 
+ 
+ #------------------------------------------------------------------------------
+@@ -113,7 +113,7 @@
+ # directories if they don't exist. It will also install a default run time
+ # configuration if this file does not exist.
+ 
+-CONFIGURE_FILE=/usr/exim/configure
++CONFIGURE_FILE=XX_PREFIX_XX/etc/exim/configure
+ 
+ 
+ #------------------------------------------------------------------------------
+@@ -126,14 +126,14 @@
+ # owner of a local mailbox.) Specifying these values as root is very strongly
+ # discouraged. These values are compiled into the binary.
+ 
+-EXIM_USER=
++EXIM_USER=mailnull
+ 
+ # If the setting of EXIM_USER is numeric (e.g. EXIM_USER=42), there must
+ # also be a setting of EXIM_GROUP. If, on the other hand, you use a name
+ # for EXIM_USER (e.g. EXIM_USER=exim), you don't need to set EXIM_GROUP unless
+ # you want to use a group other than the default group for the given user.
+ 
+-# EXIM_GROUP=
++EXIM_GROUP=mail
+ 
+ # Many sites define a user called "exim", with an appropriate default group,
+ # and use
+@@ -371,7 +373,7 @@
+ # %s. This will be replaced by one of the strings "main", "panic", or "reject"
+ # to form the final file names. Some installations may want something like this:
+ 
+-# LOG_FILE_PATH=/var/log/exim_%slog
++LOG_FILE_PATH=/var/log/exim/%slog
+ 
+ # which results in files with names /var/log/exim_mainlog, etc. The directory
+ # in which the log files are placed must exist; Exim does not try to create
+@@ -695,7 +705,7 @@
+ # (process id) to a file so that it can easily be identified. The path of the
+ # file can be specified here. Some installations may want something like this:
+ 
+-# PID_FILE_PATH=/var/lock/exim.pid
++PID_FILE_PATH=/var/run/exim.pid
+ 
+ # If PID_FILE_PATH is not defined, Exim writes a file in its spool directory
+ # using the name "exim-daemon.pid".

mail/exim-monitor/pkg-descr

@@ -0,0 +1,7 @@
+The Exim monitor (eximon) is a graphical user interface for the Exim
+mail transfer agent for Unix systems.  Eximon is distributed as part
+of the standard Exim distribution, but its dependency on XFree86
+annoys many administrators.
+
+For this reason, it is available as its own package to allow
+administrators to easily install Exim without installing XFree86.

mail/exim-monitor/pkg-message

@@ -0,0 +1,14 @@
+[
+{ type: install
+  message: <<EOM
+Although the Exim monitor has been correctly installed, please note
+that it is useless without the Exim MTA.  Install one of the Exim
+packages available, which include documentation for the Exim monitor:
+
+	exim
+	exim-ldap2
+	exim-mysql
+	exim-postgresql
+EOM
+}
+]

mail/exim-mysql/Makefile

@@ -0,0 +1,6 @@
+PKGNAMESUFFIX=	-mysql
+MASTERDIR=	${.CURDIR}/../exim
+
+OPTIONS_SLAVE=	MYSQL
+
+.include "${MASTERDIR}/Makefile"

mail/exim-postgresql/Makefile

@@ -0,0 +1,7 @@
+PORTREVISION=	1
+PKGNAMESUFFIX=	-postgresql
+MASTERDIR=	${.CURDIR}/../exim
+
+OPTIONS_SLAVE=	PGSQL
+
+.include "${MASTERDIR}/Makefile"

mail/exim-sqlite/Makefile

@@ -0,0 +1,7 @@
+PORTREVISION=	1
+PKGNAMESUFFIX=	-sqlite
+MASTERDIR=	${.CURDIR}/../exim
+
+OPTIONS_SLAVE=	SQLITE
+
+.include "${MASTERDIR}/Makefile"

mail/exim/Makefile

@@ -0,0 +1,648 @@
+PORTNAME=	exim
+PORTVERSION?=	${EXIM_VERSION}
+PORTREVISION?=	0
+CATEGORIES=	mail
+MASTER_SITES=	EXIM:exim
+MASTER_SITE_SUBDIR=	/exim4/:exim \
+			/exim4/fixes/:exim \
+			/exim4/old/:exim
+DISTNAME=	${PORTNAME}-${EXIM_VERSION}
+DISTFILES=	${DISTNAME}${EXTRACT_SUFX}:exim
+DIST_SUBDIR=	exim
+EXTRACT_ONLY=	${DISTNAME}${EXTRACT_SUFX}
+
+MAINTAINER=	fluffy@FreeBSD.org
+COMMENT?=	High performance MTA for Unix systems on the Internet
+WWW=		https://www.exim.org/
+
+LICENSE=	GPLv2
+
+BUILD_DEPENDS=	p5-File-FcntlLock>0:devel/p5-File-FcntlLock
+RUN_DEPENDS=	p5-File-FcntlLock>0:devel/p5-File-FcntlLock
+
+USES=		compiler cpe tar:bzip2 perl5
+USE_CSTD=	c99
+
+# Exim build system is job unsafe atm
+MAKE_JOBS_UNSAFE=	yes
+# One can tune the following "hidden" knobs:
+# - EXIM_USER: user exim is running as;
+# - EXIM_GROUP: ditto for the group;
+# - LOGDIR: where Exim logs will be put;
+# - LOG_FILE_PATH: path where '%s' will be substituted with
+#                  the target name (main, reject, etc);
+# - CONFIG_FILE_PATH: path to the default configuration file;
+# - ALT_CONFIG_PREFIX: path to the default prefix for all
+#                      configuration files, excluding the main one;
+#                      will be effective only when WITH_ALT_CONFIG_PREFIX
+#                      will be set via OPTIONS.
+
+.if make(makesum) && !defined(FETCH_ALL)
+.error "You forgot to define FETCH_ALL to create the sane distinfo"
+.endif
+
+.include "options"
+
+OPTIONS_SUB=	yes
+
+AUTH_SASL_LIB_DEPENDS=	libsasl2.so:security/cyrus-sasl2
+BDB_USES=	bdb
+DMARC_LIB_DEPENDS=	libopendmarc.so:mail/opendmarc
+EXIMON_USES=	xorg
+EXIMON_USE=	xorg=x11,xaw,xext,xmu,xt
+GNUTLS_LIB_DEPENDS=	libgnutls.so:security/gnutls
+ICONV_USES=	iconv:lib,build
+INTERNATIONAL_LIB_DEPENDS=	libidn.so:dns/libidn libidn2.so:dns/libidn2
+LMDB_LIB_DEPENDS=	liblmdb.so:databases/lmdb
+MYSQL_USES=	mysql
+OPENLDAP_USES=	ldap
+PGSQL_LIB_DEPENDS=	libicudata.so:devel/icu
+PGSQL_USES=	pgsql pkgconfig
+REDIS_LIB_DEPENDS=	libhiredis.so:databases/hiredis
+SASLAUTHD_RUN_DEPENDS=	${LOCALBASE}/sbin/saslauthd:security/cyrus-sasl2-saslauthd
+SA_EXIM_RUN_DEPENDS=	${LOCALBASE}/bin/spamc:mail/spamassassin
+SPF_LIB_DEPENDS=	libspf2.so:mail/libspf2
+SQLITE_LIB_DEPENDS=	libicudata.so:devel/icu
+SQLITE_USES=	pkgconfig sqlite
+
+#DEBIAN_PATCHES_PREFIX=	${FILESDIR}/debian/75
+#EXTRA_PATCHES= \
+#		${DEBIAN_PATCHES_PREFIX}_01-Fix-exit-on-attempt-to-rewrite-a-malformed-address.-.patch:-p1 \
+#		${DEBIAN_PATCHES_PREFIX}_05-SPF-fix-memory-accounting-for-error-case.patch:-p1
+
+.include <bsd.port.options.mk>
+
+# OCSP is supported for openssl only
+.if ${PORT_OPTIONS:MOCSP}
+.if ! ${PORT_OPTIONS:MTLS}
+IGNORE=	you cannot enable OCSP stapling without TLS support
+.elif ${PORT_OPTIONS:MGNUTLS}
+IGNORE=	you cannot enable OCSP stapling with gnutls
+.endif
+.endif
+
+# DMARC implies SPF and DKIM
+.if ${PORT_OPTIONS:MDMARC}
+.if ! ${PORT_OPTIONS:MSPF} || ! ${PORT_OPTIONS:MDKIM}
+IGNORE=	you cannot enable DMARC without SPF and DKIM support
+.endif
+.endif
+
+# ARC implies SPF and DKIM
+.if ${PORT_OPTIONS:MARC}
+.if ! ${PORT_OPTIONS:MSPF} || ! ${PORT_OPTIONS:MDKIM}
+IGNORE=	you cannot enable ARC without SPF and DKIM support
+.endif
+.endif
+# DANE implies DNSSEC
+.if ${PORT_OPTIONS:MDANE}
+.if ! ${PORT_OPTIONS:MDNSSEC} || ! ${PORT_OPTIONS:MTLS}
+IGNORE=	you cannot enable DANE without DNSSEC support or without TLS support
+.endif
+.endif
+
+.if ${PORT_OPTIONS:MSA_EXIM} || defined(FETCH_ALL)
+BROKEN=		Unmaintained extension
+MASTER_SITES+=	http://marc.merlins.org/linux/exim/files/:sa_exim \
+		SF/sa-exim/sa-exim/${SA_EXIM_VERSION}:sa_exim
+DISTFILES+=	sa-exim-${SA_EXIM_VERSION}.tar.gz:sa_exim
+EXTRA_PATCHES+=	${FILESDIR}/extra-patch-Local-sa-exim.c
+EXTRA_PATCHES+=	${FILESDIR}/extra-patch-Local-sa-exim.conf
+.endif
+
+EXIM_VERSION=	4.99.1
+SA_EXIM_VERSION=4.2.1
+EXIM_INSTALL_ARG+=	"-no_chown" "-no_symlink"
+EXTRA_PATCHES+=	`${FIND} ${PATCHDIR} -name '74_*.patch'|${SORT} -h`
+
+.if !defined(EXIMON_ONLY)
+PLIST_SUB+=	EXIM=""
+.if defined(PKGNAMESUFFIX)
+CONFLICTS+=	${PKGNAMEPREFIX}${PORTNAME}-4.*
+.endif
+.for suffix in -ldap2 -mysql -postgresql -sa-exim -sqlite
+.if !defined(PKGNAMESUFFIX) || ${PKGNAMESUFFIX} != ${suffix}
+CONFLICTS+=	${PKGNAMEPREFIX}${PORTNAME}${suffix}-4.*
+.endif
+.endfor
+.if ${PORT_OPTIONS:MEXIMON}
+CONFLICTS+=	${PKGNAMEPREFIX}${PORTNAME}-monitor-4.*
+.endif
+PKGMESSAGE=	${WRKDIR}/POST-INSTALL-NOTES
+.else # !EXIMON_ONLY
+PLIST_SUB+=	EXIM="@comment "
+PORT_OPTIONS+=	EXIMON
+PKGMESSAGE=	${WRKDIR}/pkg-message
+EXIM_INSTALL_ARG+=	"eximon" "eximon.bin"
+.endif # !EXIMON_ONLY
+
+PORTDOC_BASE=	ACKNOWLEDGMENTS NOTICE README.UPDATING
+PORTDOC_FILES=	ChangeLog NewStuff DANE-draft-notes \
+		OptionLists.txt README README.SIEVE dbm.discuss.txt \
+		experimental-spec.txt filter.txt spec.txt
+
+PORT_EXAMPLES=	transport-filter.pl
+
+DAILY_SCRIPTS=	150.exim-tidydb 460.exim-mail-rejects
+
+MAKE_ENV+=	OSTYPE="${OPSYS}" ARCHTYPE="${ARCH}" DUMMY_LDFLAGS="${DUMMY_LDFLAGS}" STRIP_COMMAND="${STRIP_CMD}"
+
+EXIM_USER?=	mailnull
+EXIM_GROUP?=	mail
+
+# Default user/group are system ones, so we don't want to check them
+.if ${EXIM_USER} != "mailnull"
+USERS=	${EXIM_USER}
+.endif
+.if ${EXIM_GROUP} != "mail"
+GROUPS=	${EXIM_GROUP}
+.endif
+
+LOGDIR?=		/var/log/exim
+LOG_FILE_PATH?=		${LOGDIR}/%slog
+CONFIG_FILE_PATH?=	${PREFIX}/etc/exim/configure
+ALT_CONFIG_PREFIX?=	${PREFIX}/etc/exim/
+
+EXIM_DYNAMIC_LDFLAGS=	-fPIC -rdynamic -Wl,--export-dynamic
+
+SED_SCRIPT=	-e 's,%%PREFIX%%,${PREFIX},g' \
+		-e 's,%%DOCSDIR%%,${DOCSDIR},g' \
+		-e 's,%%EXAMPLESDIR%%,${EXAMPLESDIR},g' \
+		-e 's,%%EXIM_USER%%,${EXIM_USER},g' \
+		-e 's,%%EXIM_GROUP%%,${EXIM_GROUP},g' \
+		-e 's,%%LOGDIR%%,${LOGDIR},g'
+
+SEDLIST+=	-e 's,XX_CFLAGS_XX,${CFLAGS:S/,/\\,/g},' \
+		-e 's,XX_PREFIX_XX,${PREFIX:S/,/\\,/g},' \
+		-e 's,XX_LOCALBASE_XX,${LOCALBASE:S/,/\\,/g},' \
+		-e 's,XX_LOG_FILE_PATH_XX,${LOG_FILE_PATH:S/,/\\,/g},' \
+		-e 's,XX_CONFIG_FILE_PATH_XX,${CONFIG_FILE_PATH:S/,/\\,/g},' \
+		-e 's,XX_ALT_CONFIG_PREFIX_XX,${ALT_CONFIG_PREFIX:S/,/\\,/g},' \
+		-e 's,XX_EXIM_USER_XX,${EXIM_USER:S/,/\\,/g},' \
+		-e 's,XX_EXIM_GROUP_XX,${EXIM_GROUP:S/,/\\,/g},' \
+		-e 's,XX_DEFAULT_CHARSET_XX,${WITH_DEFAULT_CHARSET:S/,/\\,/g},' \
+		-e 's,XX_DYNAMIC_LDFLAGS_XX,${EXIM_DYNAMIC_LDFLAGS:S/,/\\,/g},'
+
+PLIST_SUB+=	EXIM_VERSION="${EXIM_VERSION}-${PORTREVISION}" \
+		EXIM_USER=${EXIM_USER} \
+		EXIM_GROUP=${EXIM_GROUP} \
+		LOGDIR="${LOGDIR:S/^\///}"
+
+# Exim refuses to run local deliveries as root by default.  You can
+# add other users to this colon-separated list that cannot be
+# overridden at runtime below, but are advised not to remove "root".
+#WITH_FIXED_NEVER_USERS=	root:daemon:bin
+
+# When Exim is decoding MIME "words" in header lines it converts any foreign
+# character sets to the one that is set in the headers_charset option.
+# The default setting is defined by this setting:
+WITH_DEFAULT_CHARSET?=	ISO-8859-1
+
+# You should not need to fiddle with anything below this point.
+
+LIB_DEPENDS+=	libpcre2-posix.so:devel/pcre2
+
+.if ! ${PORT_OPTIONS:MDKIM}
+SEDLIST+=	-e 's,^\# (DISABLE_DKIM=),\1,'
+.endif
+
+.if ${PORT_OPTIONS:MLISTMATCH_RHS}
+SEDLIST+=	-e 's,^\# (EXPAND_LISTMATCH_RHS=),\1,'
+.endif
+
+.if ${PORT_OPTIONS:MDCC}
+SEDLIST+=	-e 's,^\# (EXPERIMENTAL_DCC=),\1,'
+.endif
+
+.if ${PORT_OPTIONS:MPROXY}
+SEDLIST+=	-e 's,^\# (SUPPORT_PROXY=),\1,'
+.endif
+
+.if ${PORT_OPTIONS:MCERTNAMES}
+SEDLIST+=	-e 's,^\# (EXPERIMENTAL_CERTNAMES=),\1,'
+.endif
+
+.if ${PORT_OPTIONS:MDSN}
+SEDLIST+=	-e 's,^\# (EXPERIMENTAL_DSN=),\1,'
+.endif
+
+.if !${PORT_OPTIONS:MDANE}
+SEDLIST+=	-e 's,^(SUPPORT_DANE=),\#\1,'
+.endif
+
+.if ${PORT_OPTIONS:MARC}
+SEDLIST+=	-e 's,^\# (EXPERIMENTAL_ARC=),\1,'
+.endif
+
+.if !${PORT_OPTIONS:MEVENT}
+SEDLIST+=	-e 's,^\# (DISABLE_EVENT=),\1,'
+.endif
+
+.if ${PORT_OPTIONS:MINTERNATIONAL}
+SEDLIST+=	-e 's,^\# (SUPPORT_I18N=),\1,' \
+		-e 's,^\# (SUPPORT_I18N_2008=),\1,' \
+		-e 's,XX_IDN_LIBS_XX,-L${LOCALBASE}/lib -lidn -lidn2,'
+.else
+SEDLIST+=	-e 's,XX_IDN_LIBS_XX,,'
+.endif
+
+.if ${PORT_OPTIONS:MSOCKS}
+SEDLIST+=	-e 's,^\# (SUPPORT_SOCKS=),\1,'
+.endif
+
+.if !${PORT_OPTIONS:MPRDR}
+SEDLIST+=	-e 's,^\# (DISABLE_PRDR=),\1,'
+.endif
+
+.if !${PORT_OPTIONS:MOCSP}
+SEDLIST+=	-e 's,^\# (DISABLE_OCSP=),\1,'
+.endif
+
+.if !${PORT_OPTIONS:MDNSSEC}
+SEDLIST+=	-e 's,^\# (DISABLE_DNSSEC=),\1,'
+.endif
+
+.if ${PORT_OPTIONS:MDMARC}
+SEDLIST+=	-e 's,XX_DMARC_LIBS_XX,-L${LOCALBASE}/lib -lopendmarc,' \
+		-e 's,^\# (SUPPORT_DMARC=),\1,'
+.else
+SEDLIST+=	-e 's,XX_DMARC_LIBS_XX,,'
+.endif
+
+.if ${PORT_OPTIONS:MWISHLIST}
+EXTRA_PATCHES+=	`${FIND} ${PATCHDIR} -name 'wishlist-*.patch'`
+.endif
+
+.if ${PORT_OPTIONS:MFIXED_NEVER_USERS}
+SEDLIST+=	-e 's,^(FIXED_NEVER_USERS=).*,\1${WITH_FIXED_NEVER_USERS:S/,/\\,/g},'
+.endif
+
+.if ${PORT_OPTIONS:MEXIMON}
+SEDLIST+=	-e 's,^\# (EXIM_MONITOR=),\1,'
+.endif
+
+.if ${PORT_OPTIONS:MTLS}
+.if ! ${PORT_OPTIONS:MGNUTLS}
+USES+=		ssl
+SEDLIST+=	-e 's,^\# (USE_OPENSSL=),\1,'
+SEDLIST+=	-e 's,^\# (TLS_LIBS=.*-lssl[[:space:]]),\1,'
+BROKEN_SSL=	openssl31
+BROKEN_SSL_REASON=	error: token is not a valid binary operator in a preprocessor subexpression
+.else
+SEDLIST+=	-e 's,^\# (USE_GNUTLS=),\1,'
+SEDLIST+=	-e 's,^\# (TLS_LIBS=.*-lgnutls[[:space:]]),\1,'
+.endif
+.else # TLS support
+SEDLIST+=	-e 's,^\# (DISABLE_TLS=),\1,'
+.endif
+
+.if ${PORT_OPTIONS:MEMBEDDED_PERL}
+SEDLIST+=	-e 's,^\# (EXIM_PERL=),\1,'
+.endif
+
+.if ${PORT_OPTIONS:MICONV}
+SEDLIST+=	-e 's,XX_ICONV_LIBS_XX,-L${LOCALBASE:S/,/\\,/g}/lib ${ICONV_LIB},' \
+		-e 's,^\# (HAVE_ICONV=),\1,'
+.else
+SEDLIST+=	-e 's,XX_ICONV_LIBS_XX,,'
+.endif
+
+.if ${PORT_OPTIONS:MOPENLDAP}
+LDAP_LIB_TYPE=	OPENLDAP2
+SEDLIST+=	-e 's,XX_LDAP_LIBS_XX,-L${LOCALBASE:S/,/\\,/g}/lib -llber -lldap,' \
+		-e 's,XX_LDAP_INCLUDE_XX,-I${LOCALBASE:S/,/\\,/g}/include,' \
+		-e 's,XX_LDAP_TYPE_XX,${LDAP_LIB_TYPE:S/,/\\,/g},' \
+		-e 's,^\# (LOOKUP_LDAP=),\1,'
+.else
+SEDLIST+=	-e 's,XX_LDAP_[^ ]*_XX,,' \
+		-e 's,^(LDAP_LIB_TYPE=),\# \1,'
+.endif
+
+.if ${PORT_OPTIONS:MBDB}
+INVALID_BDB_VER=	2 3 6 18
+DB_LIBS=	-L${BDB_LIB_DIR} -l${BDB_LIB_NAME}
+DB_INCLUDES=	-I${BDB_INCLUDE_DIR}
+.else
+DB_LIBS=
+DB_INCLUDES=
+SEDLIST+=	-e 's,^(DBMLIB=),\# \1,'
+.endif
+SEDLIST+=	-e 's,XX_DB_LIBS_XX,${DB_LIBS:S/,/\\,/g},' \
+		-e 's,XX_DB_INCLUDES_XX,${DB_INCLUDES:S/,/\\,/g},'
+
+.if ${PORT_OPTIONS:MLMDB}
+_LMDB_LIBS=	-L${LOCALBASE}/lib -llmdb
+_LMDB_INCLUDES=	-I${LOCALBASE}/include
+SEDLIST+=	-e 's,^\# (EXPERIMENTAL_LMDB=),\1,'
+.else
+_LMDB_LIBS=
+_LMDB_INCLUDES=
+.endif
+SEDLIST+=	-e 's,XX_LMDB_LIBS_XX,${_LMDB_LIBS:S/,/\\,/g},' \
+		-e 's,XX_LMDB_INCLUDES_XX,${_LMDB_INCLUDES:S/,/\\,/g},'
+
+.if ${PORT_OPTIONS:MMYSQL}
+SEDLIST+=	-e 's,XX_MYSQL_LIBS_XX,-L${LOCALBASE:S/,/\\,/g}/lib/mysql -l${_MYSQL_SHLIB:S/lib//},' \
+		-e 's,XX_MYSQL_INCLUDE_XX,-I${LOCALBASE:S/,/\\,/g}/include/mysql,' \
+		-e 's,^\# (LOOKUP_MYSQL=),\1,'
+.else
+SEDLIST+=	-e 's,XX_MYSQL_[^ ]*_XX,,'
+.endif
+
+.if ${PORT_OPTIONS:MSASLAUTHD}
+SASLAUTHD_SOCKET?=	/var/run/saslauthd/mux
+SEDLIST+=	-e 's,^\# (CYRUS_SASLAUTHD_SOCKET=).*,\1${SASLAUTHD_SOCKET:S/,/\\,/g},'
+.endif
+
+.if ${PORT_OPTIONS:MPAM}
+SEDLIST+=	-e 's,XX_PAM_LIBS_XX,-lpam,' \
+		-e 's,^\# (SUPPORT_PAM=),\1,'
+.else
+SEDLIST+=	-e 's,XX_PAM_LIBS_XX,,'
+.endif
+
+.if ${PORT_OPTIONS:MAUTH_CRAM_MD5}
+SEDLIST+=	-e 's,^\# (AUTH_CRAM_MD5=),\1,'
+.endif
+
+.if ${PORT_OPTIONS:MAUTH_PLAINTEXT}
+SEDLIST+=	-e 's,^\# (AUTH_PLAINTEXT=),\1,'
+.endif
+
+.if ${PORT_OPTIONS:MAUTH_DOVECOT}
+SEDLIST+=	-e 's,^\# (AUTH_DOVECOT=),\1,'
+.endif
+
+.if ${PORT_OPTIONS:MAUTH_SPA}
+SEDLIST+=	-e 's,^\# (AUTH_SPA=),\1,'
+.endif
+
+.if ${PORT_OPTIONS:MAUTH_SASL}
+SEDLIST+=	-e 's,^\# (AUTH_CYRUS_SASL=),\1,' \
+		-e 's,^\# (AUTH_LIBS=.*-lsasl2),\1,'
+.endif
+
+.if ${PORT_OPTIONS:MAUTH_TLS}
+SEDLIST+=	-e 's,^\# (AUTH_TLS=),\1,'
+.endif
+
+.if ${PORT_OPTIONS:MAUTH_RADIUS}
+WITH_RADIUS_TYPE?=	RADLIB
+.if ${WITH_RADIUS_TYPE:tl} == radlib
+SEDLIST+=	-e 's,XX_RADIUS_LIBS_XX,-lradius,' \
+		-e 's,^\# (RADIUS_CONFIG_FILE=).*,\1/etc/radius.conf,' \
+		-e 's,^\# (RADIUS_LIB_TYPE=).*,\1RADLIB,'
+.elif ${WITH_RADIUS_TYPE:tl} == radiusclient
+LIB_DEPENDS+=	libfreeradius-client.so:net/freeradius-client
+SEDLIST+=	-e 's,XX_RADIUS_LIBS_XX,-L${LOCALBASE:S/,/\\,/g}/lib -lfreeradius-client,' \
+		-e 's,^\# (RADIUS_CONFIG_FILE=).*,\1${LOCALBASE:S/,/\\,/g}/etc/radiusclient/radiusclient.conf,' \
+		-e 's,^\# (RADIUS_LIB_TYPE=).*,\1RADIUSCLIENTNEW,'
+.else
+IGNORE=		the variable WITH_RADIUS_TYPE must be either RADLIB or RADIUSCLIENT
+.endif
+.else
+SEDLIST+=	-e 's,XX_RADIUS_LIBS_XX,,'
+.endif
+
+.if ${PORT_OPTIONS:MPGSQL}
+SEDLIST+=	-e 's,XX_PGSQL_LIBS_XX,-L${LOCALBASE:S/,/\\,/g}/lib -lpq,' \
+		-e 's,XX_PGSQL_INCLUDE_XX,-I${LOCALBASE:S/,/\\,/g}/include/pgsql,' \
+		-e 's,^\# (LOOKUP_PGSQL=),\1,'
+.else
+SEDLIST+=	-e 's,XX_PGSQL_[^ ]*_XX,,'
+.endif
+
+.if ! ${PORT_OPTIONS:MPGSQL} && ! ${PORT_OPTIONS:MMYSQL} && !defined(LDAP_LIB_TYPE) && \
+    ! ${PORT_OPTIONS:MBDB} && ! ${PORT_OPTIONS:MLMDB}
+SEDLIST+=	-e 's,^(LOOKUP_LIBS=),\# \1,' \
+		-e 's,^(LOOKUP_INCLUDE=),\# \1,'
+.endif
+
+.if ! ${PORT_OPTIONS:MDNSDB}
+SEDLIST+=	-e 's,^(LOOKUP_DNSDB=),\# \1,'
+.endif
+
+.if ${PORT_OPTIONS:MMAILDIR}
+SEDLIST+=	-e 's,^\# (SUPPORT_MAILDIR=),\1,'
+.endif
+
+.if ${PORT_OPTIONS:MMAILSTORE}
+SEDLIST+=	-e 's,^\# (SUPPORT_MAILSTORE=),\1,'
+.endif
+
+.if ${PORT_OPTIONS:MMBX}
+SEDLIST+=	-e 's,^\# (SUPPORT_MBX=),\1,'
+.endif
+
+.if ${PORT_OPTIONS:MCDB}
+SEDLIST+=	-e 's,^\# (LOOKUP_CDB=),\1,'
+.endif
+
+.if ${PORT_OPTIONS:MDSEARCH}
+SEDLIST+=	-e 's,^\# (LOOKUP_DSEARCH=),\1,'
+.endif
+
+.if ! ${PORT_OPTIONS:MLSEARCH}
+SEDLIST+=	-e 's,^(LOOKUP_LSEARCH=),\# \1,'
+.endif
+
+.if ${PORT_OPTIONS:MNIS}
+SEDLIST+=	-e 's,^\# (LOOKUP_NIS=),\1,'
+.endif
+
+.if ${PORT_OPTIONS:MPASSWD}
+SEDLIST+=	-e 's,^\# (LOOKUP_PASSWD=),\1,'
+.endif
+
+.if ${PORT_OPTIONS:MSQLITE}
+SEDLIST+=	-e 's,XX_SQLITE_LIBS_XX,`pkg-config --static --libs sqlite3`,' \
+		-e 's,XX_SQLITE_FLAGS_XX,`pkg-config --cflags sqlite3`,' \
+		-e 's,^\# (LOOKUP_SQLITE=),\1,'
+.else
+SEDLIST+=	-e 's,XX_SQLITE_LIBS_XX,,' \
+		-e 's,XX_SQLITE_FLAGS_XX,,'
+.endif
+
+.if ${PORT_OPTIONS:MREDIS}
+SEDLIST+=	-e 's,XX_REDIS_LIBS_XX,-L${LOCALBASE}/lib -lhiredis,' \
+		-e 's,^\# (LOOKUP_REDIS=),\1,' \
+		-e 's,^\# (REDIS=),\1,'
+.else
+SEDLIST+=	-e 's,XX_REDIS_LIBS_XX,,'
+.endif
+
+.if ${PORT_OPTIONS:MLMTP}
+SEDLIST+=	-e 's,^\# (TRANSPORT_LMTP=),\1,'
+.endif
+
+.if ! ${PORT_OPTIONS:MALT_CONFIG_PREFIX}
+SEDLIST+=	-e 's,^(ALT_CONFIG_PREFIX=),\# \1,'
+.endif
+
+.if ${PORT_OPTIONS:MSPF}
+SEDLIST+=	-e 's,XX_SPF_FLAGS_XX,-DSPF,' \
+		-e 's,XX_SPF_LIBS_XX,-L${LOCALBASE}/lib -lspf2 -lpthread,' \
+		-e 's,^\# (SUPPORT_SPF=),\1,'
+.else
+SEDLIST+=	-e 's,XX_SPF_FLAGS_XX,,' \
+		-e 's,XX_SPF_LIBS_XX,,'
+.endif
+
+.if ${PORT_OPTIONS:MSRS}
+SEDLIST+=	-e 's,XX_SRS_FLAGS_XX,-DSUPPORT_SRS,' \
+		-e 's,XX_SRS_LIBS_XX,,'
+.elif ${PORT_OPTIONS:MOLD_SRS}
+LIB_DEPENDS+=	libsrs_alt.so:mail/libsrs_alt
+SEDLIST+=	-e 's,XX_SRS_FLAGS_XX,-DEXPERIMENTAL_SRS_ALT,' \
+		-e 's,XX_SRS_LIBS_XX,-L${LOCALBASE}/lib -lsrs_alt,'
+.else
+SEDLIST+=	-e 's,XX_SRS_FLAGS_XX,,' \
+		-e 's,XX_SRS_LIBS_XX,,'
+.endif
+
+.if ${PORT_OPTIONS:MREADLINE}
+SEDLIST+=	-e 's,^\# (USE_READLINE=),\1,'
+.endif
+
+.if ${PORT_OPTIONS:MCONTENT_SCAN}
+SEDLIST+=	-e 's,^\# (WITH_CONTENT_SCAN=),\1,'
+.endif
+
+.if !defined(EXIMON_ONLY) && ${PORT_OPTIONS:MDAEMON}
+USE_RC_SUBR=	exim
+PLIST_SUB+=	EXIMDAEMON=""
+SUB_LIST+=	LOGDIR="${LOGDIR}"
+.else
+PLIST_SUB+=	EXIMDAEMON="@comment "
+.endif
+
+.if ${PORT_OPTIONS:MIPV6}
+SEDLIST+=	-e 's,^\# (HAVE_IPV6=),\1,'
+.endif
+
+.if ${PORT_OPTIONS:MDISABLE_D_OPT}
+SEDLIST+=	-e 's,^\# (DISABLE_D_OPTION=),\1,'
+.else
+.if defined(WHITELIST_D_MACROS)
+SEDLIST+=	-e 's,^\# (WHITELIST_D_MACROS=).*$$,\1${WHITELIST_D_MACROS:S/,/\\,/g},'
+.endif
+.endif
+
+.if defined(TRUSTED_CONFIG_LIST)
+SEDLIST+=	-e 's,^\# (TRUSTED_CONFIG_LIST=).*$$,\1${TRUSTED_CONFIG_LIST:S/,/\\,/g},'
+.endif
+
+.if ${PORT_OPTIONS:MQUEUEFILE}
+SEDLIST+=	-e 's,^\# (EXPERIMENTAL_QUEUEFILE=),\1,'
+.endif
+
+MAKE_ENV+=	INSTALL_ARG="${EXIM_INSTALL_ARG}"
+DUMMY_LDFLAGS!=	${ECHO_CMD} ${LDFLAGS} | ${SED} -e 's|-Wl,-rpath|-Wl,-DUMMYrpath|g; s|-rpath|-Wl,-rpath|g; s|-DUMMYrpath|-rpath|g'
+
+pre-everything::
+	@${ECHO} 'Exim now drops privileges when alternate configuration'
+	@${ECHO} 'files are used.  You can set make variable TRUSTED_CONFIG_LIST'
+	@${ECHO} 'to specify the list of configuration files for which'
+	@${ECHO} 'root privileges will be retained.'
+	@${ECHO} ''
+	@${ECHO} 'You can whitelist some macros using the make variable'
+	@${ECHO} 'WHITELIST_D_MACROS.  This is useful if you are running'
+	@${ECHO} 'with DISABLE_D_OPT set, but macros whitelisting will be'
+	@${ECHO} 'removed in some future Exim release, so it is better'
+	@${ECHO} 'to use TRUSTED_CONFIG_LIST to set the list of trusted'
+	@${ECHO} 'configuration files.'
+.if empty(.MAKEFLAGS:M-s) && ${PORT_OPTIONS:MWISHLIST}
+	@${ECHO} ''
+	@${ECHO} 'Included extra patches:'
+	@${FIND} ${PATCHDIR} -name 'wishlist-*.patch' \
+	    -exec ${SED} -ne 's,^# , ,p' {} \;
+	@${ECHO} ''
+.endif
+
+post-extract:
+.if ${PORT_OPTIONS:MSA_EXIM}
+	@cd ${WRKDIR} && ${TAR} ${EXTRACT_BEFORE_ARGS} ${_DISTDIR}/sa-exim-${SA_EXIM_VERSION}.tar.gz ${EXTRACT_AFTER_ARGS}
+	@@${CP} ${WRKDIR}/sa-exim-${SA_EXIM_VERSION}/sa-exim.c ${WRKSRC}/Local
+	@@${CP} ${WRKDIR}/sa-exim-${SA_EXIM_VERSION}/sa-exim.conf ${WRKSRC}/Local
+.endif
+
+do-configure:
+	@${MKDIR} ${WRKSRC}/Local
+	@${SED} -E ${SEDLIST} ${WRKSRC}/src/EDITME > ${WRKSRC}/Local/Makefile
+.if ${PORT_OPTIONS:MEXIMON}
+	@${CP} ${WRKSRC}/exim_monitor/EDITME ${WRKSRC}/Local/eximon.conf
+.endif
+	@${REINPLACE_CMD} -E ${SEDLIST} ${WRKSRC}/src/configure.default
+	@${REINPLACE_CMD} -e 's!$$(LDFLAGS)!$$(DUMMY_LDFLAGS) -L$${LOCALBASE}/lib!' ${WRKSRC}/OS/Makefile-Base
+	@${REINPLACE_CMD} -e 's/"(Exim $$version_number)\\n\\t"/"(Exim $$version_number (${OPSYS}))\\n\\t"/' \
+		${WRKSRC}/src/globals.c
+	@${REINPLACE_CMD} -e 's/Exim version %s \(#%s \)\{0,1\}/&(${OPSYS} ${OSREL}) /' ${WRKSRC}/src/exim.c
+	@${REINPLACE_CMD} -e 's/^#include "cnumber\.h"$$/${PORTREVISION}/' ${WRKSRC}/src/version.c
+	@${REINPLACE_CMD} -E -e 's/^(PERL_COMMAND=).*/\1${PERL:S,/,\/,g}/' \
+		-e 's/^(CC=).*/\1${CC:S,/,\/,g}/' ${WRKSRC}/OS/Makefile-Default
+.if ${PORT_OPTIONS:MSA_EXIM}
+	@${REINPLACE_CMD} -E -e 's/^\# (HAVE_LOCAL_SCAN=).*/\1yes/' \
+		${WRKSRC}/OS/Makefile-Default
+	@${REINPLACE_CMD} -E -e 's/^(LOCAL_SCAN_SOURCE=).*/\1Local\/sa-exim.c/' \
+		${WRKSRC}/OS/Makefile-Default
+	@{ \
+	    ${ECHO_CMD} "char *version=\"${SA_EXIM_VERSION}\";"; \
+	    ${ECHO_CMD} "#define SPAMC_LOCATION		\"${LOCALBASE}/bin/spamc\""; \
+	    ${ECHO_CMD} "#define SPAMASSASSIN_CONF	\"${PREFIX}/etc/exim/sa-exim.conf\""; \
+	} > ${WRKSRC}/Local/sa-exim.h
+	@${REINPLACE_CMD} -e 's,/usr/bin/spamc,${LOCALBASE}/bin/spamc,' \
+	    ${WRKSRC}/Local/sa-exim.conf
+.endif
+	@(cd ${WRKSRC}; ${SETENV} ${MAKE_ENV} ${MAKE} ${MAKE_FLAGS} ${MAKEFILE} ${MAKE_ARGS} configure)
+
+post-build:
+.for script in ${DAILY_SCRIPTS}
+	@${SED} ${SED_SCRIPT} ${FILESDIR}/${script}.sh > ${WRKDIR}/${script}.sh
+.endfor
+	@${SED} ${SED_SCRIPT} ${FILESDIR}/POST-INSTALL-NOTES > \
+		${WRKDIR}/POST-INSTALL-NOTES
+	@${SED} ${SED_SCRIPT} ${FILESDIR}/POST-INSTALL-NOTES.clamd > ${WRKDIR}/POST-INSTALL-NOTES.clamd
+	@${SED} ${SED_SCRIPT} ${FILESDIR}/POST-INSTALL-NOTES > ${WRKDIR}/POST-INSTALL-NOTES
+	@[ ! -f ${PKGDIR}/pkg-message ] || ${SED} ${SED_SCRIPT} ${PKGDIR}/pkg-message > ${WRKDIR}/pkg-message
+
+.if !defined(EXIMON_ONLY)
+post-install:
+.if ${PORT_OPTIONS:MDAEMON}
+	${MKDIR} ${STAGEDIR}${PREFIX}/etc/periodic/daily
+.for script in ${DAILY_SCRIPTS}
+	${INSTALL_SCRIPT} ${WRKDIR}/${script}.sh ${STAGEDIR}${PREFIX}/etc/periodic/daily/${script}
+.endfor
+.endif
+	@${MKDIR} -m 750 ${STAGEDIR}${LOGDIR}
+	${INSTALL_MAN} ${WRKSRC}/doc/exim.8 ${STAGEDIR}${PREFIX}/share/man/man8
+.if ${PORT_OPTIONS:MDOCS}
+	@${MKDIR} ${STAGEDIR}${DOCSDIR}
+	${INSTALL_DATA} ${WRKDIR}/POST-INSTALL-NOTES ${STAGEDIR}${DOCSDIR}
+	${INSTALL_DATA} ${WRKDIR}/POST-INSTALL-NOTES.clamd ${STAGEDIR}${DOCSDIR}
+.for docfile in ${PORTDOC_BASE}
+	${INSTALL_DATA} ${WRKSRC}/${docfile} ${STAGEDIR}${DOCSDIR}
+.endfor
+.for docfile in ${PORTDOC_FILES}
+	${INSTALL_DATA} ${WRKSRC}/doc/${docfile} ${STAGEDIR}${DOCSDIR}
+.endfor
+	@${MKDIR} ${STAGEDIR}${EXAMPLESDIR}
+.for example in ${PORT_EXAMPLES}
+	${INSTALL_SCRIPT} ${WRKSRC}/build-${OPSYS}-${ARCH}/${example} ${STAGEDIR}${EXAMPLESDIR}
+.endfor
+.endif
+.if ${PORT_OPTIONS:MSA_EXIM}
+	${INSTALL_DATA} ${WRKSRC}/Local/sa-exim.conf \
+		${STAGEDIR}${PREFIX}/etc/exim/sa-exim.conf.sample
+.endif
+
+.endif # ! defined(EXIMON_ONLY)
+
+.include <bsd.port.pre.mk>
+
+# If using clang, avoid too many warnings due to Exim code style
+.if ${CHOSEN_COMPILER_TYPE} == "clang"
+EXIM_WARN_FLAGS?=	-Wno-logical-op-parentheses -Wno-macro-redefined -Wno-parentheses -Wno-dangling-else
+.endif
+CFLAGS+=	${EXIM_WARN_FLAGS}
+
+.include <bsd.port.post.mk>

mail/exim/distinfo

@@ -0,0 +1,5 @@
+TIMESTAMP = 1765991031
+SHA256 (exim/exim-4.99.1.tar.bz2) = 9152a6e8a76103b33ea3fef255d8b296f368c9b0f710cd4ef4fd54fca6a742ae
+SIZE (exim/exim-4.99.1.tar.bz2) = 2135201
+SHA256 (exim/sa-exim-4.2.1.tar.gz) = 24d4bf7b0fdddaea11f132981cebb6a86a4ab20ef54111a8ebd481b421c6e2c1
+SIZE (exim/sa-exim-4.2.1.tar.gz) = 68933

mail/exim/files/150.exim-tidydb.sh

@@ -0,0 +1,49 @@
+#!/bin/sh
+#
+# Exim hints database maintenance
+# 
+#   contributed by: Oliver Eikemeier <eikemeier@fillmore-labs.com>
+#
+
+# If there is a global system configuration file, suck it in.
+#
+if [ -r /etc/defaults/periodic.conf ]; then
+    . /etc/defaults/periodic.conf
+    source_periodic_confs
+fi
+
+: ${exim_tidydb_enable="YES"}
+: ${exim_tidydb="%%PREFIX%%/sbin/exim_tidydb"}
+# Set this to arbitrary shell command to filter
+# the output from this periodic script, for example,
+# exim_tidydb_filter="| tail -100".
+: ${exim_tidydb_filter=""}
+: ${exim_dbdir="/var/spool/exim"}
+
+tidy () {
+	for db in "$exim_dbdir"/db/*.lockfile; do
+	    [ "$db" = "$exim_dbdir/db/*.lockfile" ] && continue
+	    echo
+	    db_name=`basename "$db" .lockfile`
+	    if [ -e "${exim_dbdir}/db/${db_name}.db" ]; then
+	        "$exim_tidydb" "$exim_dbdir" "$db_name"
+	    fi
+	done
+}
+
+case "$exim_tidydb_enable" in
+    [Yy][Ee][Ss])
+	echo ""
+	echo "Tidying Exim hints databases:"
+	eval tidy "$exim_tidydb_filter"
+	if [ $? = 0 ]; then
+		rc=0
+	else
+		rc=1
+	fi
+	;;
+
+    *)  rc=0;;
+esac
+
+exit $rc

mail/exim/files/460.exim-mail-rejects.sh

@@ -0,0 +1,66 @@
+#!/bin/sh
+#
+# Check for rejected mail
+# Log lines that end with ' : IGNORE' will not be reported
+# 
+#   contributed by: Oliver Eikemeier <eikemeier@fillmore-labs.com>
+#
+
+# If there is a global system configuration file, suck it in.
+#
+if [ -r /etc/defaults/periodic.conf ]
+then
+    . /etc/defaults/periodic.conf
+    source_periodic_confs
+fi
+
+: ${exim_status_mail_rejects_enable="YES"}
+: ${exim_status_mail_rejects_logs=2}
+: ${exim_rejectlog="%%LOGDIR%%/rejectlog"}
+
+case "$exim_status_mail_rejects_enable" in
+    [Yy][Ee][Ss])
+	if [ ! -d `dirname "$exim_rejectlog"` ]
+	then
+	    echo '$exim_status_mail_rejects_enable is set but' \
+		"`dirname "$exim_rejectlog"` doesn't exist"
+	    rc=2
+	elif [ "$exim_status_mail_rejects_logs" -le 0 ]
+	then
+	    echo '$exim_status_mail_rejects_enable is set but' \
+		'$exim_status_mail_rejects_logs is not greater than zero'
+	    rc=2
+	else
+	    echo
+	    echo "Checking for rejected mail:"
+
+	    start=`date -v-1d '+%Y-%m-%d'`
+	    n=$(($exim_status_mail_rejects_logs - 2))
+	    rc=$({
+		while [ $n -ge 0 ]
+		do
+		    if [ -f "$exim_rejectlog.$n" ]
+		    then
+			cat "$exim_rejectlog.$n"
+		    elif [ -f "$exim_rejectlog.$n.gz" ]
+		    then
+			zcat -fc "$exim_rejectlog.$n.gz"
+		    elif [ -f "$exim_rejectlog.$n.bz2" ]
+		    then
+			bzcat -fc "$exim_rejectlog.$n.bz2"
+		    fi
+		    n=$(($n - 1))
+		done
+		if [ -f "$exim_rejectlog" ]
+		then
+		    cat "$exim_rejectlog"
+		fi
+	    } |
+		grep -e "^$start" | grep -v ' : IGNORE$' | tee /dev/stderr | wc -l)
+	    [ $rc -gt 0 ] && rc=1
+	fi;;
+
+    *)  rc=0;;
+esac
+
+exit $rc

mail/exim/files/POST-INSTALL-NOTES

@@ -0,0 +1,48 @@
+[
+{ type: install
+  message: <<EOM
+The following documentation has been installed:
+
+  man exim                              -> Exim options (command line)
+  %%DOCSDIR%%/spec.txt    -> Exim Specification (User Guide)
+  %%DOCSDIR%%/filter.txt  -> Exim Filter Specification (for end-users)
+
+Postscript, PDF, HTML and texinfo versions of these documents can be
+installed via one of the mail/exim-doc-* ports.
+
+An online version as well as a comprehensive FAQ and a mailing list
+archive is available at:
+
+  http://www.exim.org/
+
+Descriptions of new features not available it the manual, and a listing
+of all changes, including bug fixes are documented in:
+
+  %%DOCSDIR%%/NewStuff
+  %%DOCSDIR%%/ChangeLog
+
+To use Exim instead of sendmail on startup:
+
+*) Clear the sendmail queue and stop the sendmail daemon.
+*) Adjust mailer.conf(5) as appropriate.
+*) Set the 'sendmail_enable' rc.conf(5) variable to 'NONE'.
+*) Set the 'daily_status_include_submit_mailq' and
+   'daily_clean_hoststat_enable' periodic.conf(5)
+   variables to 'NO'.
+*) Consider setting 'daily_queuerun_enable' and
+   'daily_submit_queuerun' to "NO" in periodic.conf(5),
+   if you intend to manage queue runners / deliveries closely.
+*) Set the 'exim_enable' rc.conf(5) variable to 'YES'.
+*) Start exim with '%%PREFIX%%/etc/rc.d/exim start'.
+
+You may also want to configure newsyslog(8) to rotate Exim log files:
+
+%%LOGDIR%%/mainlog	mailnull:mail 640 7 * @T00 ZN
+%%LOGDIR%%/rejectlog	mailnull:mail 640 7 * @T00 ZN
+
+Additional scripts to help upgrading are installed in:
+
+  %%EXAMPLESDIR%%
+EOM
+}
+]

mail/exim/files/POST-INSTALL-NOTES.clamd

@@ -0,0 +1,52 @@
+[
+{ type: install
+  message: <<EOM
+The following steps will enable clamd malware scanning using exiscan ACLs.
+It is important to follow them in sequence.
+
+*  Install security/clamav from the ports tree.
+
+*  Confirm that user clamav was added to the mail group in /etc/group.
+
+*  Confirm that /var/log/clamav and /var/run/clamav exist and are owned
+   by clamav:clamav.
+
+*  In Exim's configure file, set av_scanner=clamd:/var/run/clamav/clamd
+
+*  Adjust the exiscan ACLs in Exim's configure file.  Make sure you use
+   the demime option with the malware check, e.g.:
+
+   deny message = This message contains malware ($malware_name)
+	demime  = *
+	malware = *
+
+*  Edit clamav.conf as follows:
+
+	LogFile /var/log/clamav/clamd.log
+	PidFile /var/run/clamav/clamd.pid
+	LocalSocket /var/run/clamav/clamd
+	User clamav
+	AllowSupplementaryGroups
+	ScanArchive
+	ScanMail
+
+   You may wish to make other changes as well.
+
+*  Make sure clamd_enable="YES" has been added to /etc/rc.conf; this is
+   required by the clamav port's startup script,
+   %%RC_DIR%%/clamd%%RC_SUFX%% .
+
+*  Run freshclam.
+
+*  Add a cron job that runs freshclam --daemon-notify --quiet at least
+   once a day.
+
+*  Start clamd with %%RC_DIR%%/clamd%%RC_SUFX%% start .
+
+*  Start Exim with %%RC_DIR%%/exim%%RC_SUFX%% start .
+
+Sheldon Hearn <sheldonh@FreeBSD.org>
+
+EOM
+}
+]

mail/exim/files/exim.in

@@ -0,0 +1,60 @@
+#!/bin/sh
+
+# PROVIDE: mail
+# REQUIRE: LOGIN
+# KEYWORD: shutdown
+#	we make mail start late, so that things like .forward's are not
+#	processed until the system is fully operational
+
+#
+# Add the following lines to /etc/rc.conf to enable exim:
+#
+#exim_enable="YES"
+#
+# See exim(8) for flags
+#
+
+. /etc/rc.subr
+
+name=exim
+rcvar=exim_enable
+
+command=%%PREFIX%%/sbin/exim
+pidfile=/var/run/exim.pid
+required_dirs=%%LOGDIR%%
+required_files=%%PREFIX%%/etc/exim/configure
+
+start_precmd=start_precmd
+stop_postcmd=stop_postcmd
+
+extra_commands="reload"
+
+start_precmd()
+{
+  case $sendmail_enable in
+  [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1)
+    warn "sendmail_enable should be set to NONE"
+    ;;
+  [Nn][Oo]|[Ff][Aa][Ll][Ss][Ee]|[Oo][Ff][Ff]|0)
+    case $sendmail_submit_enable in
+    [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1)
+      warn "sendmail_submit_enable should be set to NO"
+      ;;
+    esac
+    ;;
+  [Nn][Oo][Nn][Ee])
+    ;;
+  esac
+}
+
+stop_postcmd()
+{
+  rm -f $pidfile
+}
+
+# read settings, set default values
+load_rc_config $name
+: ${exim_enable="NO"}
+: ${exim_flags="-bd -q30m"}
+
+run_rc_command "$1"

mail/exim/files/extra-patch-Local-sa-exim.c

@@ -0,0 +1,225 @@
+--- Local/sa-exim.c.orig	2025-12-18 04:08:13.593344000 +0100
++++ Local/sa-exim.c	2025-12-18 04:10:17.527828000 +0100
+@@ -29,10 +29,7 @@
+ #include "sa-exim.h"
+ 
+ /* Exim includes */
+-#include "local_scan.h"
+-extern FILE   *smtp_out;               /* Exim's incoming SMTP output file */
+-extern int     body_linecount;         /* Line count in body */
+-extern uschar *primary_hostname;
++#include <local_scan.h>
+ 
+ #ifdef DLOPEN_LOCAL_SCAN
+ 
+@@ -409,6 +406,11 @@
+ 	    if (buffer[strlen(buffer)-1] == '\n')
+ 	    {
+ 		buffer[strlen(buffer)-1]=0;
++		/* and any carriage return */
++		if (buffer[strlen(buffer)-1] == '\r')
++		{
++		    buffer[strlen(buffer)-1]=0;
++		}
+ 	    }
+ 	    if (SAEximDebug > 5)
+ 	    {
+@@ -515,6 +517,7 @@
+     int pid;
+     int writefd[2];
+     int readfd[2];
++    char *spamc_argv[10];
+     int i;
+     /* These are the only values that we want working after the longjmp 
+      * The automatic ones can be clobbered, but we don't really care */
+@@ -536,8 +539,8 @@
+     time_t beforescan;
+     time_t afterscan;
+     time_t afterwait;
+-    time_t scantime=0;
+-    time_t fulltime=0;
++    int scantime=0;
++    int fulltime=0;
+     struct stat stbuf;
+ 
+     uschar *expand;
+@@ -550,8 +553,9 @@
+     static char *SAspamcpath=SPAMC_LOCATION;
+     static char *SAsafemesgidchars=SAFEMESGIDCHARS
+     static char *SAspamcSockPath=NULL;
+-    static char *SAspamcPort="783";
+-    static char *SAspamcHost="127.0.0.1";
++    static char *SAspamcPort=NULL;
++    static char *SAspamcHost=NULL;
++    static char *SAspamcUser=NULL;
+     static char *SAEximRunCond="0";
+     static char *SAEximRejCond="1";
+     static int SAmaxbody=250*1024;
+@@ -602,6 +606,10 @@
+     /* Do not put a %s in there, or you'll segfault */
+     static char *SAmsgerror="Temporary local error while processing message, please contact postmaster";
+ 
++    /* This needs to be retrieved through expand_string in order
++       not to violate the API. */
++    uschar *primary_hostname=expand_string("$primary_hostname");
++
+     /* New values we read from spamassassin */
+     char *xspamstatus=NULL;
+     char *xspamflag=NULL;
+@@ -712,6 +720,7 @@
+ 	    M_CHECKFORSTR(SAspamcSockPath);
+ 	    M_CHECKFORSTR(SAspamcPort);
+ 	    M_CHECKFORSTR(SAspamcHost);
++	    M_CHECKFORSTR(SAspamcUser);
+ 	    M_CHECKFORSTR(SAEximRunCond);
+ 	    M_CHECKFORSTR(SAEximRejCond);
+ 	    M_CHECKFORVAR(SAmaxbody, "%d");
+@@ -914,6 +923,22 @@
+ 	ret=dup2(readfd[1],2);
+ 	CHECKERR(ret,"dup2 stderr",__LINE__);
+ 
++	i = 0;
++	spamc_argv[i++] = "spamc";
++	if (SAspamcUser && SAspamcUser[0])
++	{
++	    expand=expand_string(SAspamcUser);
++	    if (expand == NULL)
++	    {
++		log_write(0, LOG_MAIN | LOG_PANIC, "SA: SAspamcUser expansion failure on %s, will run as Exim user instead.", SAspamcUser);
++	    }
++	    else if (expand[0] != '\0')
++	    {
++		spamc_argv[i++] = "-u";
++		spamc_argv[i++] = expand;
++	    }
++	}
++
+ 	/* 
+          * I could implement the spamc protocol and talk to spamd directly
+          * instead of forking spamc, but considering the overhead spent
+@@ -924,17 +949,30 @@
+ 	/* Ok, we cheat, spamc cares about how big the whole message is and
+          * we only know about the body size, so I'll  give an extra 16K
+          * to account for any headers that can accompany the message */
++
++	spamc_argv[i++] = "-s";
++	spamc_argv[i++] = string_sprintf("%d", SAmaxbody+16384);
++
+ 	if(SAspamcSockPath)
+ 	{
+-	    ret=execl(SAspamcpath, "spamc", "-s", string_sprintf("%d", SAmaxbody+16384), "-U", SAspamcSockPath, NULL);
+-	    CHECKERR(ret,string_sprintf("exec %s", SAspamcpath),__LINE__);
++    	    spamc_argv[i++] = "-U";
++	    spamc_argv[i++] = SAspamcSockPath;
+ 	}
+ 	else
+ 	{
+-	    ret=execl(SAspamcpath, "spamc", "-s", string_sprintf("%d", SAmaxbody+16384), "-d", SAspamcHost, "-p", SAspamcPort, NULL);
+-	    CHECKERR(ret,string_sprintf("exec %s", SAspamcpath),__LINE__);
++	    if (SAspamcHost) {
++		spamc_argv[i++] = "-d";
++		spamc_argv[i++] = SAspamcHost;
++	    }
++	    if (SAspamcPort) {
++		spamc_argv[i++] = "-p";
++		spamc_argv[i++] = SAspamcPort;
++	    }
+ 	}
+-	
++	spamc_argv[i++] = NULL;
++
++	ret=execv(SAspamcpath, spamc_argv);
++	CHECKERR(ret,string_sprintf("exec %s", SAspamcpath),__LINE__);
+     }
+ 
+     if (SAEximDebug > 8)
+@@ -1045,6 +1083,11 @@
+ 	if (buffer[strlen(buffer)-1] == '\n')
+ 	{
+ 	    buffer[strlen(buffer)-1]=0;
++	    /* and any carriage return */
++	    if (buffer[strlen(buffer)-1] == '\r')
++	    {
++		buffer[strlen(buffer)-1]=0;
++	    }
+ 	}
+ restart:
+ 	if (SAEximDebug > 5)
+@@ -1154,7 +1197,7 @@
+ 	{
+ 	    if (SAEximDebug > 5)
+ 	    {
+-		log_write(0, LOG_MAIN, "SA: Debug6: spamc read got newline, end of headers", buffer);
++		log_write(0, LOG_MAIN, "SA: Debug6: spamc read got newline, end of headers");
+ 	    }
+ 	    goto exit;
+ 	}
+@@ -1214,11 +1257,11 @@
+ 	{
+ 	    if (SAEximDebug > 8)
+ 	    {
+-		log_write(0, LOG_MAIN, "SA: Debug9: Read body from SA; line %d (read %d)", line, strlen(buffer));
++		log_write(0, LOG_MAIN, "SA: Debug9: Read body from SA; line %d (read %zd)", line, strlen(buffer));
+ 	    }
+ 
+ 	    stret=write(fd, buffer, strlen(buffer));
+-	    CHECKERR(stret,string_sprintf("SA body write to msg"),__LINE__);
++	    CHECKERR(stret,string_sprintf("%s", "SA body write to msg"),__LINE__);
+ 	    if (SAEximDebug > 8)
+ 	    {
+ 		log_write(0, LOG_MAIN, "SA: Debug9: Wrote to msg; line %d (wrote %d)", line, ret);
+@@ -1229,18 +1272,20 @@
+ 	    }
+ 	}
+ 
++	
+ 	if (SAEximDebug > 1)
+ 	{
+ 	    log_write(0, LOG_MAIN, "SA: Debug2: body_linecount before SA: %d", body_linecount);
+ 	}
+ 
+ 	/* update global variable $body_linecount to reflect the new body size*/
+-	body_linecount = (line - 1);
++	if (body_linecount > 0) body_linecount = (line - 1); // Not updating if zero, indicating spool_wireformat
+ 
+ 	if (SAEximDebug > 1)
+ 	{
+ 	    log_write(0, LOG_MAIN, "SA: Debug2: body_linecount after SA: %d", body_linecount);
+ 	}
++
+     }
+ 
+     fclose((FILE *)readfh);
+@@ -1331,6 +1376,9 @@
+ 	
+ 	if (dorej && doteergrube)
+ 	{
++	    char *teergrubewaitstr;
++	    teergrubewaitstr=string_sprintf(SAmsgteergrubewait, spamstatus);
++
+ 	    /* By default, we'll only save temp bounces by message ID so
+ 	     * that when the same message is submitted several times, we
+ 	     * overwrite the same file on disk and not create a brand new
+@@ -1353,20 +1401,8 @@
+ 
+ 	    for (i=0;i<SAteergrubetime/10;i++)
+ 	    {
+-		char *str;
+-		
+-		/* Unfortunately, we can't use exim's smtp_printf because it
+-		 * doesn't return an error code if the write gets an EPIPE.
+-		 * So, we write ourselves, but this won't work if you have a
+-		 * TLS connection opened (that said, if you are teergrubing
+-		 * a TLS connection, it's probably a relay host, not a
+-		 * spammer, and in this case you should not teergrube a
+-		 * friendly relay, so basically we should be ok).
+-		 * If you do teergrube an SSL connection with the current
+-		 * code, you will break it, but that's acceptable */
+-		str=string_sprintf(string_sprintf("451- %s\r\n",SAmsgteergrubewait), spamstatus);
+-		fprintf(smtp_out, str);
+-		ret=fflush(smtp_out);
++		smtp_printf("451-%s\r\n", FALSE, teergrubewaitstr);
++		ret=smtp_fflush(TRUE);
+ 		if (ret != 0)
+ 		{
+ 		    log_write(0, LOG_MAIN | LOG_REJECT, "SA: Action: teergrubed sender for %d secs until it closed the connection: %s (scanned in %d/%d secs | Message-Id: %s). %s", i*10, spamstatus, scantime, fulltime, safemesgid, mailinfo);

mail/exim/files/extra-patch-Local-sa-exim.conf

@@ -0,0 +1,24 @@
+--- Local/sa-exim.conf.orig	2005-03-08 20:35:43 UTC
++++ Local/sa-exim.conf
+@@ -49,11 +49,17 @@ SAspamcpath: /usr/bin/spamc
+ # you set it, it will override the two TCP connect options below
+ #SAspamcSockPath: /var/run/spamd.sock
+ 
+-# SAspamcHost / SAspamcPort: TCP socket where your spamd is listening
+-# Shown below are the defaults:
+-SAspamcHost: 127.0.0.1
+-SAspamcPort: 783
++# SAspamcHost / SAspamcPort: TCP socket where your spamd is listening.
++# Default is to let spamc use any settings in spamc.conf.
++#SAspamcHost: 127.0.0.1
++#SAspamcPort: 783
+ 
++# SAspamcUser: The username passed to spamc. Some tricks are needed to 
++# decide on one user when there are many recipients. This string is of
++# course expanded. If unset or empty, spamc will use the user Exim 
++# runs as. We suggest that you decide what username to use in the ACLs
++# and set an ACL variable.
++#SAspamcUser: $acl_m2
+ 
+ # Exim configuration string to run before running SA against the message
+ # This decides whether SA gets run against the message or not.  This

mail/exim/files/patch-Makefile

@@ -0,0 +1,11 @@
+--- Makefile.orig	2025-12-17 18:05:41.764604000 +0100
++++ Makefile	2025-12-17 18:08:15.055964000 +0100
+@@ -70,7 +70,7 @@
+ # Configure-Makefile script. This does its own dependency checking because of
+ # the optional files.
+ 
+-configure: checks build-directory \
++configure: build-directory \
+ 		scripts/lookups-Makefile scripts/drivers-Makefile
+ 	@cd build-$(buildname); \
+ 	  build=$(build) $(SHELL) ../scripts/Configure-Makefile

mail/exim/files/patch-OS__Makefile-FreeBSD

@@ -0,0 +1,13 @@
+--- OS/Makefile-FreeBSD.orig	2023-04-09 09:45:04.226201000 +0200
++++ OS/Makefile-FreeBSD	2023-04-09 09:48:01.819463000 +0200
+@@ -18,8 +18,8 @@
+ # Dynamically loaded modules need to be built with -fPIC
+ CFLAGS_DYNAMIC=-shared -rdynamic -fPIC
+ 
+-# FreeBSD always ships with Berkeley DB
+-USE_DB=yes
++# FreeBSD ships with Berkeley DB until 13.1, but ndbm is always included
++USE_NDBM=yes
+ 
+ # This code for building outside ports suggested by Richard Clayton
+ .ifdef   X11BASE

mail/exim/files/patch-exim_monitor-em_hdr.h

@@ -0,0 +1,11 @@
+--- exim_monitor/em_hdr.h.orig	2019-12-08 12:53:48 UTC
++++ exim_monitor/em_hdr.h
+@@ -95,6 +95,8 @@ this interface so that this kind of kludge isn't neede
+ #endif
+ typedef void hctx;
+ 
++typedef unsigned long ulong;
++
+ #include "local_scan.h"
+ #include "macros.h"
+ #include "structs.h"

mail/exim/files/patch-scripts__exim_install

@@ -0,0 +1,111 @@
+--- scripts/exim_install.orig	2016-12-18 14:02:28.000000000 +0000
++++ scripts/exim_install	2017-01-02 11:48:46.939703000 +0000
+@@ -29,6 +29,7 @@
+ 
+ do_chown=yes
+ do_symlink=yes
++do_info=yes
+ 
+ while [ $# -gt 0 ] ; do
+   case "$1" in
+@@ -51,6 +52,10 @@
+       do_symlink=no
+       ;;
+ 
++	-no_info)
++	  do_info=no
++	  ;;
++
+     *)
+       break
+       ;;
+@@ -117,9 +122,7 @@
+ CONFIGURE_FILE=${DESTDIR}${CONFIGURE_FILE}
+ SYSTEM_ALIASES_FILE=${DESTDIR}${SYSTEM_ALIASES_FILE}
+ 
+-if [ "${INFO_DIRECTORY}" != "" ] ; then
+-  INFO_DIRECTORY=${DESTDIR}${INFO_DIRECTORY}
+-fi
++INFO_DIRECTORY=${DESTDIR}${INFO_DIRECTORY}
+ 
+ # Overrides of other things
+ case "$inst_uid"     in ?*) INST_UID="$inst_uid";; esac
+@@ -218,8 +221,7 @@
+ 
+   if [ $name = exim${EXE} ]; then
+     exim="./exim -bV -C /dev/null"
+-    version=exim-`$exim 2>/dev/null | \
+-      awk '/Exim version/ { OFS=""; print $3,"-",substr($4,2,length($4)-1) }'`${EXE}
++    version=exim
+ 
+     if [ "${version}" = "exim-${EXE}" ]; then
+       echo $com ""
+@@ -384,9 +386,8 @@
+   echo $com ' ' ${CONFIGURE_FILE}
+   echo $com Therefore, skipping automatic installation.
+ 
+-elif [ ! -f ${CONFIGURE_FILE} ]; then
+-  echo $com Installing default configuration in ${CONFIGURE_FILE}
+-  echo $com because there is no existing configuration file.
++else
++  echo $com Installing default configuration in ${CONFIGURE_FILE}.sample
+   if [ "${SYSTEM_ALIASES_FILE}" = "" ] ; then
+     SYSTEM_ALIASES_FILE=/etc/aliases
+     echo $com This configuration has system aliases in ${SYSTEM_ALIASES_FILE}.
+@@ -396,8 +397,8 @@
+   ${real} ${MKDIR} -p `${DIRNAME} ${CONFIGURE_FILE}`
+ 
+   echo sed -e '\\'
+-  echo "  \"/SYSTEM_ALIASES_FILE/ s'SYSTEM_ALIASES_FILE'${ACTUAL_SYSTEM_ALIASES_FILE}'\"" '\\'
+-  echo "  ../src/configure.default > \${CONFIGURE_FILE}"
++  echo "  \"/SYSTEM_ALIASES_FILE/ s'SYSTEM_ALIASES_FILE'/etc/aliases'\"" '\\'
++  echo "  ../src/configure.default > \${CONFIGURE_FILE}.sample"
+ 
+   # I can't find a way of writing this using the ${real} feature because
+   # it seems that the output redirection always happens, even when -n was
+@@ -405,8 +406,8 @@
+ 
+   if [ "$real" = "" ] ; then
+     sed -e \
+-      "/SYSTEM_ALIASES_FILE/ s'SYSTEM_ALIASES_FILE'${ACTUAL_SYSTEM_ALIASES_FILE}'" \
+-      ../src/configure.default > ${CONFIGURE_FILE}
++      "/SYSTEM_ALIASES_FILE/ s'SYSTEM_ALIASES_FILE'/etc/aliases'" \
++      ../src/configure.default > ${CONFIGURE_FILE}.sample
+   else
+     true
+   fi
+@@ -416,24 +417,22 @@
+     echo $com "*** Exim installation ${ver}failed ***"
+     exit 1
+   fi
+-  if [ ! -f ${SYSTEM_ALIASES_FILE} ]; then
+-    echo $com '****'
+-    echo $com Installing a dummy ${SYSTEM_ALIASES_FILE} file because you do not have
+-    echo $com one, and the default configuration requires it. You should
+-    echo $com edit ${SYSTEM_ALIASES_FILE} and at least create an alias for postmaster.
+-    echo $com '***'
+-    echo ${CP} ../src/aliases.default ${SYSTEM_ALIASES_FILE}
+-    ${real} ${CP} ../src/aliases.default ${SYSTEM_ALIASES_FILE}
+-  fi
++#  if [ ! -f ${SYSTEM_ALIASES_FILE} ]; then
++#    echo $com '****'
++#    echo $com Installing a dummy ${SYSTEM_ALIASES_FILE} file because you do not have
++#    echo $com one, and the default configuration requires it. You should
++#    echo $com edit ${SYSTEM_ALIASES_FILE} and at least create an alias for postmaster.
++#    echo $com '***'
++#    echo ${CP} ../src/aliases.default ${SYSTEM_ALIASES_FILE}
++#    ${real} ${CP} ../src/aliases.default ${SYSTEM_ALIASES_FILE}
++#  fi
+ 
+-else
+-  echo $com Configuration file ${CONFIGURE_FILE} already exists
+ fi
+ 
+ # Install info files if the directory is defined and the Texinfo
+ # source documentation is present.
+ 
+-if [ "${INFO_DIRECTORY}" != "" -a -f ../doc/spec.texinfo ] ; then
++if [ "$do_info" != "no" -a -f ../doc/spec.texinfo ] ; then
+   echo $com ""
+   if [ ! -d "${INFO_DIRECTORY}" ] ; then
+     echo mkdir -p ${INFO_DIRECTORY}

mail/exim/files/patch-src-lookups-mysql.c

@@ -0,0 +1,10 @@
+--- src/lookups/mysql.c.orig	2017-03-05 00:21:35.000000000 +0300
++++ src/lookups/mysql.c	2017-08-15 01:12:26.508519000 +0300
+@@ -13,6 +13,7 @@
+ #include "lf_functions.h"
+ 
+ #include <mysql.h>       /* The system header */
++#include <mysql_version.h>
+ 
+ 
+ /* Structure and anchor for caching connections. */

mail/exim/files/patch-src__EDITME

@@ -0,0 +1,146 @@
+--- src/EDITME.orig	2025-12-14 13:38:51.000000000 +0100
++++ src/EDITME	2025-12-18 03:31:28.070641000 +0100
+@@ -104,7 +104,7 @@
+ # /usr/local/sbin. The installation script will try to create this directory,
+ # and any superior directories, if they do not exist.
+ 
+-BIN_DIRECTORY=/usr/exim/bin
++BIN_DIRECTORY=XX_PREFIX_XX/sbin
+ 
+ 
+ #------------------------------------------------------------------------------
+@@ -120,7 +120,7 @@
+ # don't exist. It will also install a default runtime configuration if this
+ # file does not exist.
+ 
+-CONFIGURE_FILE=/usr/exim/configure
++CONFIGURE_FILE=XX_CONFIG_FILE_PATH_XX
+ 
+ # It is possible to specify a colon-separated list of files for CONFIGURE_FILE.
+ # In this case, Exim will use the first of them that exists when it is run.
+@@ -137,7 +137,7 @@
+ # deliveries. (Local deliveries run as various non-root users, typically as the
+ # owner of a local mailbox.) Specifying these values as root is not supported.
+ 
+-EXIM_USER=
++EXIM_USER=ref:XX_EXIM_USER_XX
+ 
+ # If you specify EXIM_USER as a name, this is looked up at build time, and the
+ # uid number is built into the binary. However, you can specify that this
+@@ -158,7 +158,7 @@
+ # for EXIM_USER (e.g. EXIM_USER=exim), you don't need to set EXIM_GROUP unless
+ # you want to use a group other than the default group for the given user.
+ 
+-# EXIM_GROUP=
++EXIM_GROUP=ref:XX_EXIM_GROUP_XX
+ 
+ # Many sites define a user called "exim", with an appropriate default group,
+ # and use
+@@ -476,6 +476,7 @@
+ # LDAP_LIB_TYPE=OPENLDAP2
+ # LDAP_LIB_TYPE=NETSCAPE
+ # LDAP_LIB_TYPE=SOLARIS
++LDAP_LIB_TYPE=XX_LDAP_TYPE_XX
+ 
+ # If you don't set any of these, Exim assumes the original University of
+ # Michigan (OpenLDAP 1) library.
+@@ -524,9 +525,10 @@
+ # LSEARCH, DSEARCH & CDB have no external library needs.
+ # DNSDB needs the resolver library which the core uses anyway.
+ 
+-# LOOKUP_INCLUDE=-I /usr/local/ldap/include -I /usr/local/mysql/include -I /usr/local/pgsql/include
+-# LOOKUP_INCLUDE +=-I /usr/local/include
+-# LOOKUP_LIBS=-L/usr/local/lib -lldap -llber -lmysqlclient -lpq -lgds -lsqlite3 -llmdb
++INCLUDE=-IXX_LOCALBASE_XX/include XX_DB_INCLUDES_XX XX_LMDB_INCLUDES_XX
++LOOKUP_INCLUDE=XX_MYSQL_INCLUDE_XX XX_PGSQL_INCLUDE_XX XX_LDAP_INCLUDE_XX
++LOOKUP_LIBS=XX_MYSQL_LIBS_XX XX_PGSQL_LIBS_XX XX_LDAP_LIBS_XX XX_LMDB_LIBS_XX
++DBMLIB=XX_DB_LIBS_XX
+ 
+ # LOOKUP_LIBS=-L/usr/local/lib -lldap -llber
+ # Some platforms may need this for LOOKUP_NIS:
+@@ -715,6 +717,7 @@
+ # Uncomment the following line to add XCLIENT support
+ # EXPERIMENTAL_XCLIENT=yes
+ 
++# EXPERIMENTAL_DCC=yes
+ ###############################################################################
+ #                 THESE ARE THINGS YOU MIGHT WANT TO SPECIFY                  #
+ ###############################################################################
+@@ -809,6 +812,7 @@
+ 
+ # ALT_CONFIG_PREFIX=/some/directory/
+ # ALT_CONFIG_PREFIX=/some/directory/exim.conf-
++ALT_CONFIG_PREFIX=XX_ALT_CONFIG_PREFIX_XX
+ 
+ 
+ #------------------------------------------------------------------------------
+@@ -917,7 +921,7 @@
+ # one that is set in the headers_charset option. The default setting is
+ # defined by this setting:
+ 
+-HEADERS_CHARSET="ISO-8859-1"
++HEADERS_CHARSET="XX_DEFAULT_CHARSET_XX"
+ 
+ # If you are going to make use of $header_xxx expansions in your configuration
+ # file, or if your users are going to use them in filter files, and the normal
+@@ -950,6 +954,8 @@
+ #
+ # but of course there may need to be other things in CFLAGS and EXTRALIBS_EXIM
+ # as well.
++CFLAGS=XX_CFLAGS_XX XX_SPF_FLAGS_XX XX_SRS_FLAGS_XX XX_SQLITE_FLAGS_XX
++EXTRALIBS=XX_PAM_LIBS_XX XX_ICONV_LIBS_XX XX_SPF_LIBS_XX XX_SRS_LIBS_XX XX_RADIUS_LIBS_XX XX_SQLITE_LIBS_XX XX_DMARC_LIBS_XX XX_REDIS_LIBS_XX XX_DYNAMIC_LDFLAGS_XX XX_IDN_LIBS_XX
+ #
+ # nb: FreeBSD as of 4.89 defines LIBICONV_PLUG to pick up the system iconv
+ # more reliably.  If you explicitly want the libiconv Port then as well
+@@ -1013,7 +1019,7 @@
+ # Once you have done this, "make install" will build the info files and
+ # install them in the directory you have defined.
+ 
+-# INFO_DIRECTORY=/usr/share/info
++INFO_DIRECTORY=XX_PREFIX_XX/share/info
+ 
+ 
+ #------------------------------------------------------------------------------
+@@ -1026,7 +1032,7 @@
+ # %s. This will be replaced by one of the strings "main", "panic", or "reject"
+ # to form the final file names. Some installations may want something like this:
+ 
+-# LOG_FILE_PATH=/var/log/exim_%slog
++LOG_FILE_PATH=XX_LOG_FILE_PATH_XX
+ 
+ # which results in files with names /var/log/exim_mainlog, etc. The directory
+ # in which the log files are placed must exist; Exim does not try to create
+@@ -1114,7 +1120,7 @@
+ # that the local_scan API is made available by the linker. You may also need
+ # to add -ldl to EXTRALIBS so that dlopen() is available to Exim.
+ 
+-# EXPAND_DLFUNC=yes
++EXPAND_DLFUNC=yes
+ 
+ 
+ #------------------------------------------------------------------------------
+@@ -1180,7 +1186,15 @@
+ # CFLAGS  += -I/usr/local/include
+ # LDFLAGS += -lspf2
+ 
++# IPv6 is coming. Exim has experimental support that has been tried out on
++# one or two OS. See the file README.IPV6 for the current status of this
++# support. Do not set this option unless you are working on IPv6 and know
++# what you are doing.
+ 
++# HAVE_IPV6=YES
++
++
++
+ #------------------------------------------------------------------------------
+ # Support for authentication via Radius is also available. The Exim support,
+ # which is intended for use in conjunction with the SMTP AUTH facilities,
+@@ -1534,7 +1548,7 @@
+ # (process id) to a file so that it can easily be identified. The path of the
+ # file can be specified here. Some installations may want something like this:
+ 
+-# PID_FILE_PATH=/var/lock/exim.pid
++PID_FILE_PATH=/var/run/exim.pid
+ 
+ # If PID_FILE_PATH is not defined, Exim writes a file in its spool directory
+ # using the name "exim-daemon.pid".

mail/exim/files/patch-src__configure.default

@@ -0,0 +1,42 @@
+--- src/configure.default.orig	Wed May  5 12:08:35 2004
++++ src/configure.default	Wed May  5 15:09:40 2004
+@@ -153,6 +153,8 @@
+ # as if it were a normal user. This isn't usually a problem, as most sites have
+ # an alias for root that redirects such mail to a human administrator.
+ 
++exim_user = XX_EXIM_USER_XX
++exim_group = XX_EXIM_GROUP_XX
+ never_users = root
+ 
+ 
+@@ -412,7 +414,8 @@
+   allow_fail
+   allow_defer
+   data = ${lookup{$local_part}lsearch{SYSTEM_ALIASES_FILE}}
+-# user = exim
++  user = XX_EXIM_USER_XX
++  group = XX_EXIM_GROUP_XX
+   file_transport = address_file
+   pipe_transport = address_pipe
+ 
+@@ -454,6 +457,7 @@
+   file_transport = address_file
+   pipe_transport = address_pipe
+   reply_transport = address_reply
++  condition = ${if exists{$home/.forward} {yes} {no} }
+ 
+ 
+ # This router matches local user mailboxes. If the router fails, the error
+@@ -506,8 +510,10 @@
+   delivery_date_add
+   envelope_to_add
+   return_path_add
+-# group = mail
+-# mode = 0660
++  group = XX_EXIM_GROUP_XX
++  user = $local_part
++  mode = 0660
++  no_mode_fail_narrower
+ 
+ 
+ # This transport is used for handling pipe deliveries generated by alias or

mail/exim/files/patch-src_miscmods_radius.c

@@ -0,0 +1,92 @@
+--- src/miscmods/radius.c.orig	2025-12-18 03:23:48.333630000 +0100
++++ src/miscmods/radius.c	2025-12-18 03:28:22.528909000 +0100
+@@ -104,37 +104,37 @@
+ 
+ #ifdef RADIUS_LIB_RADIUSCLIENT
+ if (rc_read_config(RADIUS_CONFIG_FILE) != 0)
+-  *errptr = string_sprintf("RADIUS: can't open %s", RADIUS_CONFIG_FILE);
++  *errptr = string_sprintf("%s","RADIUS: can't open %s", RADIUS_CONFIG_FILE);
+ 
+ else if (rc_read_dictionary(rc_conf_str("dictionary")) != 0)
+-  *errptr = US"RADIUS: can't read dictionary";
++  *errptr = string_sprintf("%","RADIUS: can't read dictionary");
+ 
+ else if (!rc_avpair_add(&send, PW_USER_NAME, user, 0))
+-  *errptr = US"RADIUS: add user name failed";
++  *errptr = string_sprintf("%","RADIUS: add user name failed");
+ 
+ else if (!rc_avpair_add(&send, PW_USER_PASSWORD, CS radius_args, 0))
+-  *errptr = US"RADIUS: add password failed");
++  *errptr = string_sprintf("%","RADIUS: add password failed");
+ 
+ else if (!rc_avpair_add(&send, PW_SERVICE_TYPE, &service, 0))
+-  *errptr = US"RADIUS: add service type failed";
++  *errptr = string_sprintf("%","RADIUS: add service type failed");
+ 
+ #else  /* RADIUS_LIB_RADIUSCLIENT unset => RADIUS_LIB_RADIUSCLIENT2 */
+ 
+ if (!(h = rc_read_config(RADIUS_CONFIG_FILE)))
+-  *errptr = string_sprintf("RADIUS: can't open %s", RADIUS_CONFIG_FILE);
++  *errptr = string_sprintf("%","RADIUS: can't open %s", RADIUS_CONFIG_FILE);
+ 
+ else if (rc_read_dictionary(h, rc_conf_str(h, "dictionary")) != 0)
+-  *errptr = US"RADIUS: can't read dictionary";
++  *errptr = string_sprintf("%","RADIUS: can't read dictionary");
+ 
+ else if (!rc_avpair_add(h, &send, PW_USER_NAME, user, Ustrlen(user), 0))
+-  *errptr = US"RADIUS: add user name failed";
++  *errptr = string_sprintf("%","RADIUS: add user name failed");
+ 
+ else if (!rc_avpair_add(h, &send, PW_USER_PASSWORD, CS radius_args,
+     Ustrlen(radius_args), 0))
+-  *errptr = US"RADIUS: add password failed";
++  *errptr = string_sprintf("%","RADIUS: add password failed");
+ 
+ else if (!rc_avpair_add(h, &send, PW_SERVICE_TYPE, &service, 0, 0))
+-  *errptr = US"RADIUS: add service type failed";
++  *errptr = string_sprintf("%","RADIUS: add service type failed");
+ 
+ #endif  /* RADIUS_LIB_RADIUSCLIENT */
+ 
+@@ -167,7 +167,7 @@
+ 
+   case BADRESP_RC:
+   default:
+-    *errptr = string_sprintf("RADIUS: unexpected response (%d)", result);
++    *errptr = string_sprintf("%s","RADIUS: unexpected response (%d)", result);
+     return ERROR;
+   }
+ 
+@@ -177,7 +177,7 @@
+ 
+ if (!(h = rad_auth_open()))
+   {
+-  *errptr = string_sprintf("RADIUS: can't initialise libradius");
++  *errptr = string_sprintf("%s","RADIUS: can't initialise libradius");
+   return ERROR;
+   }
+ if (rad_config(h, RADIUS_CONFIG_FILE) != 0 ||
+@@ -187,7 +187,7 @@
+     rad_put_int(h, RAD_SERVICE_TYPE, RAD_AUTHENTICATE_ONLY) != 0 ||
+     rad_put_string(h, RAD_NAS_IDENTIFIER, CS primary_hostname) != 0)
+   {
+-  *errptr = string_sprintf("RADIUS: %s", rad_strerror(h));
++  *errptr = string_sprintf("%s","RADIUS: %s", rad_strerror(h));
+   result = ERROR;
+   }
+ else
+@@ -202,12 +202,12 @@
+       break;
+ 
+     case -1:
+-      *errptr = string_sprintf("RADIUS: %s", rad_strerror(h));
++      *errptr = string_sprintf("%s","RADIUS: %s", rad_strerror(h));
+       result = ERROR;
+       break;
+ 
+     default:
+-      *errptr = string_sprintf("RADIUS: unexpected response (%d)", result);
++      *errptr = string_sprintf("%s","RADIUS: unexpected response (%d)", result);
+       result= ERROR;
+       break;
+     }

mail/exim/files/patch-sys-file-include

@@ -0,0 +1,20 @@
+--- src/exim.h.orig	2017-02-14 19:13:41.381402389 +0200
++++ src/exim.h	2017-02-14 19:13:53.330916377 +0200
+@@ -129,7 +129,6 @@
+ #endif
+ 
+ #include <sys/types.h>
+-#include <sys/file.h>
+ #include <dirent.h>
+ #include <netdb.h>
+ #ifndef NO_POLL_H
+--- src/exim_lock.c.orig	2017-02-14 19:21:09.709389008 +0200
++++ src/exim_lock.c	2017-02-14 19:21:23.994407794 +0200
+@@ -27,7 +27,6 @@
+ #include <utime.h>
+ #include <sys/utsname.h>
+ #include <sys/stat.h>
+-#include <sys/file.h>
+ #include <pwd.h>
+ 
+ /* Not all systems have flock() available. Those that do must define LOCK_SH

mail/exim/options

@@ -0,0 +1,132 @@
+OPTIONS_DEFINE+=	ALT_CONFIG_PREFIX \
+			CONTENT_SCAN \
+			DAEMON \
+			DANE \
+			DEBUG \
+			DISABLE_D_OPT \
+			DKIM \
+			SPF \
+			DNSSEC \
+			DOCS \
+			EMBEDDED_PERL \
+			EXIMON \
+			ICONV \
+			IPV6 \
+			LISTMATCH_RHS \
+			LMTP \
+			OCSP \
+			PRDR \
+			READLINE \
+			SUID \
+			WISHLIST \
+			EVENT \
+			PROXY \
+			SOCKS \
+			INTERNATIONAL
+
+OPTIONS_DEFAULT+=	AUTH_CRAM_MD5 \
+			AUTH_DOVECOT \
+			AUTH_PLAINTEXT \
+			AUTH_SPA \
+			CDB \
+			CONTENT_SCAN \
+			DAEMON \
+			DISABLE_D_OPT \
+			DKIM \
+			DMARC \
+			DNSDB \
+			DNSSEC \
+			DSEARCH \
+			EMBEDDED_PERL \
+			EVENT \
+			ICONV \
+			INTERNATIONAL \
+			LMTP \
+			LSEARCH \
+			MAILDIR \
+			MAILSTORE \
+			MBX \
+			OCSP \
+			PAM \
+			PASSWD \
+			PRDR \
+			SPF \
+			SUID \
+			TLS
+
+OPTIONS_RADIO_TLS=	TLS GNUTLS
+TLS_DESC=	TLS support
+OPTIONS_RADIO_LS=	SA_EXIM
+LS_DESC=	Local scan patch
+OPTIONS_RADIO_SRSR=	SRS OLD_SRS
+SRSR_DESC=	Sender Rewriting Scheme
+OLD_SRS_DESC=	Enable Alternative Sender Rewriting Scheme
+OPTIONS_RADIO=	TLS LS SRSR
+
+OPTIONS_GROUP_AUTH=	AUTH_CRAM_MD5 AUTH_DOVECOT AUTH_PLAINTEXT AUTH_RADIUS AUTH_SASL AUTH_SPA AUTH_TLS SASLAUTHD PAM PASSWD
+AUTH_DESC=	SMTP Authorization
+OPTIONS_GROUP_LOOKUP=	CDB BDB DNSDB DSEARCH LSEARCH MYSQL NIS OPENLDAP PGSQL REDIS SQLITE
+LOOKUP_DESC=	Lookup support
+OPTIONS_GROUP_STORAGE=	MAILDIR MAILSTORE MBX
+STORAGE_DESC=	Supported storage formats
+OPTIONS_GROUP_EXPERIMENTAL= CERTNAMES DCC DMARC DSN ARC LMDB QUEUEFILE
+EXPERIMENTAL_DESC=	Experimental options
+OPTIONS_GROUP=	AUTH LOOKUP STORAGE EXPERIMENTAL
+
+ALT_CONFIG_PREFIX_DESC=	Restrict the set of configuration files
+ARC_DESC=		Enable experimental ARC support
+AUTH_CRAM_MD5_DESC=	Enable CRAM-MD5 authentication mechanisms
+AUTH_DOVECOT_DESC=	Enable Dovecot authentication mechanisms
+AUTH_PLAINTEXT_DESC=	Enable plaintext authentication
+AUTH_RADIUS_DESC=	Enable radius (RFC 2865) authentication
+AUTH_SASL_DESC=		Enable use of Cyrus SASL auth library
+AUTH_SPA_DESC=		Enable Secure Password Authentication
+AUTH_TLS_DESC=		Enable TLS client certificate authentication
+CERTNAMES_DESC=		Check certiticates ownership
+BDB_DESC=		Enable Berkeley DB lookups
+CDB_DESC=		Enable CDB-style lookups
+CONTENT_SCAN_DESC=	Enable exiscan email content scanner
+DAEMON_DESC=		Install scripts to run as a daemon
+DANE_DESC=		Enable experimental DANE support
+DCC_DESC=		Enable DCC at ACL support via dccifd
+DISABLE_D_OPT_DESC=	Disable macros overrides using option -D
+DKIM_DESC=		Enable support for DKIM
+DMARC_DESC=		Enable DMARC support
+DNSDB_DESC=		Enable DNS-style lookups
+DNSSEC_DESC=	Enable DNSSEC validation
+DSEARCH_DESC=		Enable directory-list lookups
+DSN_DESC=		Enable Delivery Status Notifications
+EMBEDDED_PERL_DESC=	Enable embedded Perl interpreter
+EVENT_DESC=		Messages events support (TPDA namely)
+EXIMON_DESC=		Build eximon monitor (requires X libraries)
+ICONV_DESC=		Enable header charset conversion
+INTERNATIONAL_DESC=	Enable support for the transmission of UTF-8 envelope addresses
+LISTMATCH_RHS_DESC=	Enable pre-4.77 behaviour for match_*
+LMDB_DESC=		Enable LMDB lookups
+LMTP_DESC=		RFC2033 SMTP over command pipe transport
+LSEARCH_DESC=		Enable wildcarded-file lookups
+MAILDIR_DESC=		Enable Maildir mailbox format
+MAILSTORE_DESC=		Enable Mailstore mailbox format
+MBX_DESC=		Enable MBX mailbox format
+MYSQL_DESC=		Enable mysql lookups
+NIS_DESC=		Enable NIS-style lookups
+OPENLDAP_DESC=		Enable LDAP lookups
+OCSP_DESC=		Enable OCSP stapling
+QUEUEFILE_DESC=		Enable queuefile transport
+PAM_DESC=		Enable PAM authentication mechanisms
+PASSWD_DESC=		Enable /etc/passwd lookups
+PGSQL_DESC=		Enable postgresql lookups
+PRDR_DESC=		Enable Per-Recipient-Data-Response support
+PROXY_DESC=		Enable Experimental Proxy Protocol
+READLINE_DESC=		Enable readline(3) library
+REDIS_DESC=		Enable redis lookups
+SASLAUTHD_DESC=		Enable use of Cyrus SASL auth daemon
+SA_EXIM_DESC=		Build with Spamassassin local scan (BROKEN)
+SOCKS_DESC=		Enable smtp transport via socks5 proxies
+SPF_DESC=		Enable Sender Policy Framework checking
+SQLITE_DESC=		Enable SQLite lookups
+SRS_DESC=		Enable Sender Rewriting Scheme
+SUID_DESC=		Install the exim binary suid root
+TAINTWARN_DESC=		Allow insecure tainted data (pre-4.93 config style, deprecated)
+GNUTLS_DESC=		Use GnuTLS instead of OpenSSL for TLS
+WISHLIST_DESC=		Include the unsupported patches

mail/exim/pkg-descr

@@ -0,0 +1,7 @@
+Exim is a mail transfer agent for Unix systems connected to the Internet.
+It is a monolithic MTA designed to be a command line compatible drop-in
+replacement for Sendmail.
+
+Exim is an excellent mailer for an ISP, as its control and flexibility
+are very good and its requeueing and retry algorithms are very powerful.
+Exim's configuration syntax is well documented.

mail/exim/pkg-message

@@ -0,0 +1,57 @@
+[
+{ type: install
+  message: <<EOM
+All installations having Exim set-uid root and using 'perl_startup' are
+vulnerable to a local privilege escalation. Any user who can start an
+instance of Exim (and this is normally *any* user) can gain root
+privileges. If you do not use 'perl_startup' you *should* be safe.
+
+New options
+-----------
+
+We had to introduce two new configuration options:
+
+    keep_environment =
+    add_environment =
+
+Both options are empty per default. That is, Exim cleans the complete
+environment on startup. This affects Exim itself and any subprocesses,
+as transports, that may call other programs via some alias mechanisms,
+as routers (queryprogram), lookups, and so on. This may affect used
+libraries (e.g. LDAP).
+
+** THIS MAY BREAK your existing installation **
+
+New behaviour
+-------------
+
+Now Exim changes it's working directory to / right after startup,
+even before reading it's configuration. (Later Exim changes it's working
+directory to $spool_directory, as usual.)
+
+Exim only accepts an absolute configuration file path now, when using
+the -C option.
+
+EOM
+}
+{ type: upgrade
+  maximum_version: 4.80
+  message: <<EOM
+Upgrades to Exim 4.80
+=====================
+
+Exim 4.80 contains some backward-incompatible changes.
+
+OpenSSL default options have changed to be more secure, including
+disabling of SSLv2 by default (and adding support for TLSv1.1 and
+TLSv1.2 if using OpenSSL 1.0.1 or newer); GnuTLS has been updated to use
+a new API and stop honouring some options starting gnutls_*; users of
+LDAP can now distinguish "comma in data" from "multi-valued attribute".
+There are more details, covering more changes, in README.UPDATING.
+
+We now enable accept_8bitmime by default, as the Exim maintainers agree
+with Dan Bernstein about the best way to deal with the 8BITMIME
+extension.
+EOM
+}
+]

mail/exim/pkg-plist

@@ -0,0 +1,43 @@
+%%SUID%%@mode 4755
+%%EXIM%%sbin/exim
+%%SUID%%@mode
+%%EXIM%%sbin/exim_checkaccess
+%%EXIM%%sbin/exim_dbmbuild
+%%EXIM%%sbin/exim_dumpdb
+%%EXIM%%sbin/exim_fixdb
+%%EXIM%%sbin/exim_id_update
+%%EXIM%%sbin/exim_lock
+%%EXIM%%sbin/exim_msgdate
+%%EXIM%%sbin/exim_tidydb
+%%EXIM%%sbin/exicyclog
+%%EXIM%%sbin/exigrep
+%%EXIM%%sbin/eximstats
+%%EXIM%%sbin/exinext
+%%EXIM%%sbin/exipick
+%%EXIM%%sbin/exiqgrep
+%%EXIM%%sbin/exiqsumm
+%%EXIM%%sbin/exiwhat
+%%EXIM%%share/man/man8/exim.8.gz
+%%EXIMON%%sbin/eximon
+%%EXIMON%%sbin/eximon.bin
+%%EXIM%%%%PORTDOCS%%%%DOCSDIR%%/ACKNOWLEDGMENTS
+%%EXIM%%%%PORTDOCS%%%%DOCSDIR%%/NOTICE
+%%EXIM%%%%PORTDOCS%%%%DOCSDIR%%/README.UPDATING
+%%EXIM%%%%PORTDOCS%%%%DOCSDIR%%/ChangeLog
+%%EXIM%%%%PORTDOCS%%%%DOCSDIR%%/DANE-draft-notes
+%%EXIM%%%%PORTDOCS%%%%DOCSDIR%%/NewStuff
+%%EXIM%%%%PORTDOCS%%%%DOCSDIR%%/OptionLists.txt
+%%EXIM%%%%PORTDOCS%%%%DOCSDIR%%/POST-INSTALL-NOTES
+%%EXIM%%%%PORTDOCS%%%%DOCSDIR%%/POST-INSTALL-NOTES.clamd
+%%EXIM%%%%PORTDOCS%%%%DOCSDIR%%/README
+%%EXIM%%%%PORTDOCS%%%%DOCSDIR%%/README.SIEVE
+%%EXIM%%%%PORTDOCS%%%%DOCSDIR%%/dbm.discuss.txt
+%%EXIM%%%%PORTDOCS%%%%DOCSDIR%%/experimental-spec.txt
+%%EXIM%%%%PORTDOCS%%%%DOCSDIR%%/filter.txt
+%%EXIM%%%%PORTDOCS%%%%DOCSDIR%%/spec.txt
+%%EXIM%%%%PORTDOCS%%%%EXAMPLESDIR%%/transport-filter.pl
+%%EXIMDAEMON%%etc/periodic/daily/150.exim-tidydb
+%%EXIMDAEMON%%etc/periodic/daily/460.exim-mail-rejects
+@sample %%ETCDIR%%/configure.sample
+%%SA_EXIM%%@sample %%ETCDIR%%/sa-exim.conf.sample
+%%EXIM%%@dir(%%EXIM_USER%%,%%EXIM_GROUP%%,) /%%LOGDIR%%

math/blis/Makefile

@@ -1,74 +0,0 @@
-PORTNAME=	blis
-PORTVERSION=	0.9.0
-PORTREVISION=	3
-CATEGORIES=	math
-PKGNAMEPREFIX=	${PYHON_PKGNAMEPREFIX}
-
-MAINTAINER=	jmd@FreeBSD.org
-COMMENT=	Software framework for high-performance BLAS-like libraries
-WWW=		https://github.com/flame/blis
-
-LICENSE=	BSD3CLAUSE
-LICENSE_FILE=	${WRKSRC}/LICENSE
-
-BUILD_DEPENDS=	bash:shells/bash
-
-USES=		compiler gmake perl5 python shebangfix
-USE_PYTHON=	flavors
-
-USE_GITHUB=	yes
-GH_ACCOUNT=	flame
-USE_LDCONFIG=	yes
-USE_PERL5=	build
-SHEBANG_FILES=	build/flatten-headers.py
-
-OPTIONS_DEFINE=	PARA CBLAS
-PARA_DESC=	use pthread parallelization
-CBLAS_DESC=	build the CBLAS compatibility layer
-OPTIONS_DEFAULT=	PARA CBLAS
-OPTIONS_SUB=		yes
-
-CFLAGS_riscv64=	-mno-relax
-HAS_CONFIGURE=	yes
-
-TEST_TARGET=	test
-
-.include <bsd.port.options.mk>
-
-# enable BLAS and static/shared libs by default
-CONFIGURE_ARGS+=	--enable-blas \
-			--prefix=${PREFIX} \
-			--enable-shared \
-			--enable-static
-#--prefix=PREFIX
-
-.if ${PORT_OPTIONS:MPARA}
-CONFIGURE_ARGS+=	-t pthreads
-.endif
-
-.if ${PORT_OPTIONS:MCBLAS}
-CONFIGURE_ARGS+=	--enable-cblas
-.endif
-
-.if ${ARCH} == amd64
-CONFIGURE_ARGS+=	x86_64
-PLIST_SUB+=	ARCH="x86_64"
-.elif ${ARCH:Mpowerpc64*}
-CONFIGURE_ARGS+=	power9
-PLIST_SUB+=	ARCH="power9"
-USE_GCC=	yes
-.else
-CONFIGURE_ARGS+=	generic
-PLIST_SUB+=	ARCH="generic"
-.endif
-
-.include <bsd.port.pre.mk>
-
-.if ${CHOSEN_COMPILER_TYPE} == gcc
-USE_GCC=	yes
-.endif
-
-post-install:
-	@${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/libblis.so.4.0.0
-
-.include <bsd.port.post.mk>

math/blis/distinfo

@@ -1,3 +0,0 @@
-TIMESTAMP = 1672884949
-SHA256 (flame-blis-0.9.0_GH0.tar.gz) = 1135f664be7355427b91025075562805cdc6cc730d3173f83533b2c5dcc2f308
-SIZE (flame-blis-0.9.0_GH0.tar.gz) = 15078619

math/blis/pkg-descr

@@ -1,7 +0,0 @@
-software framework for high-performance BLAS-like libraries
-
-BLIS is a portable software framework for instantiating high-performance
-BLAS-like dense linear algebra libraries. The framework was designed
-to isolate essential kernels of computation that, when optimized,
-immediately enable optimized implementations of most of its commonly
-used and computationally intensive operations.

math/blis/pkg-plist

@@ -1,10 +0,0 @@
-include/blis/blis.h
-%%CBLAS%%include/blis/cblas.h
-lib/libblis.a
-lib/libblis.so
-lib/libblis.so.4
-lib/libblis.so.4.0.0
-share/pkgconfig/blis.pc
-%%DATADIR%%/common.mk
-%%DATADIR%%/config.mk
-%%DATADIR%%/config/%%ARCH%%/make_defs.mk

net/freeipa-client/Makefile

@@ -0,0 +1,54 @@
+PORTNAME=	freeipa-client
+DISTVERSION=	4.13.0
+CATEGORIES=	net
+MASTER_SITES=	https://releases.pagure.org/freeipa/
+DISTNAME=	freeipa-${DISTVERSION}
+
+MAINTAINER=	kiwi@FreeBSD.org
+COMMENT=	FreeIPA Client tools
+WWW=		https://www.freeipa.org/
+
+LICENSE=	GPLv3+
+LICENSE_FILE=	${WRKSRC}/COPYING
+
+BUILD_DEPENDS=	${PY_SETUPTOOLS} \
+		${PYTHON_PKGNAMEPREFIX}pip>0:devel/py-pip@${PY_FLAVOR}
+
+LIB_DEPENDS=	libcmocka.so:sysutils/cmocka \
+		libcurl.so:ftp/curl \
+		libini_config.so:devel/ding-libs \
+		libjansson.so:devel/jansson \
+		libnspr4.so:devel/nspr \
+		libnss3.so:security/nss \
+		libpopt.so:devel/popt \
+		libpwquality.so:security/libpwquality \
+		libsasl2.so:security/cyrus-sasl2 \
+		libxmlrpc.so:net/xmlrpc-c
+
+USES=		autoreconf gettext gmake gssapi:mit ldap libtool \
+		localbase:ldflags pkgconfig python
+
+GNU_CONFIGURE=	yes
+GNU_CONFIGURE_MANPREFIX=${PREFIX}/share
+CONFIGURE_ARGS=	--disable-dependency-tracking \
+		--disable-server \
+		--with-ipaplatform=freebsd \
+		--without-ipatests \
+		--without-server
+
+# Don't bytecode python files
+MAKE_ENV=	PYTHONDONTWRITEBYTECODE=1
+
+# Remove all systemd dependant things
+EXTRACT_AFTER_ARGS=	--exclude client/systemd --exclude daemons/dnssec \
+			--exclude daemons/ipa-otpd --exclude \
+			daemons/ipa-slapi-plugins --exclude init/systemd \
+			--exclude init/tmpfilesd
+
+PLIST_SUB=	DISTVERSION=${DISTVERSION}
+
+# Make sample configuration file
+post-install:
+	@${MV} ${STAGEDIR}${PREFIX}/etc/ipa/epn.conf ${STAGEDIR}${PREFIX}/etc/ipa/epn.conf.sample
+
+.include <bsd.port.mk>

net/freeipa-client/distinfo

@@ -0,0 +1,3 @@
+TIMESTAMP = 1767596852
+SHA256 (freeipa-4.13.0.tar.gz) = e2fe3bec07d258ae25a558c23d4c12e7a47874f269850856f9217e8fd9b19080
+SIZE (freeipa-4.13.0.tar.gz) = 41442218

net/freeipa-client/files/patch-asn1_asn1c_INTEGER.c

@@ -0,0 +1,10 @@
+--- asn1/asn1c/INTEGER.c.orig	2024-08-21 15:06:37 UTC
++++ asn1/asn1c/INTEGER.c
+@@ -7,6 +7,7 @@
+ #include <INTEGER.h>
+ #include <asn_codecs_prim.h>	/* Encoder and decoder of a primitive type */
+ #include <errno.h>
++#include <stdlib.h>
+ 
+ /*
+  * INTEGER basic type description.

net/freeipa-client/files/patch-asn1_asn1c_Makefile.am

@@ -0,0 +1,11 @@
+--- asn1/asn1c/Makefile.am.orig	2021-11-25 17:34:42 UTC
++++ asn1/asn1c/Makefile.am
+@@ -70,7 +70,7 @@ libasn1c_la_SOURCES =		\
+ 
+ EXTRA_DIST = ipa.asn1
+ 
+-AM_CPPFLAGS = -I$(top_srcdir)/util
++AM_CPPFLAGS = -I$(top_srcdir)/util -D_GNU_SOURCE
+ 
+ noinst_LTLIBRARIES=libasn1c.la
+ 

net/freeipa-client/files/patch-asn1_asn1c_NativeEnumerated.c

@@ -0,0 +1,10 @@
+--- asn1/asn1c/NativeEnumerated.c.orig	2024-08-21 15:06:37 UTC
++++ asn1/asn1c/NativeEnumerated.c
+@@ -11,6 +11,7 @@
+  */
+ #include <asn_internal.h>
+ #include <NativeEnumerated.h>
++#include <stdlib.h>
+ 
+ /*
+  * NativeEnumerated basic type description.

net/freeipa-client/files/patch-asn1_asn1c_der__encoder.c

@@ -0,0 +1,10 @@
+--- asn1/asn1c/der_encoder.c.orig	2024-08-21 15:06:37 UTC
++++ asn1/asn1c/der_encoder.c
+@@ -4,6 +4,7 @@
+  */
+ #include <asn_internal.h>
+ #include <errno.h>
++#include <stdlib.h>
+ 
+ static ssize_t der_write_TL(ber_tlv_tag_t tag, ber_tlv_len_t len,
+ 	asn_app_consume_bytes_f *cb, void *app_key, int constructed);

net/freeipa-client/files/patch-client_Makefile.am

@@ -0,0 +1,11 @@
+--- client/Makefile.am.orig	2024-08-21 15:06:37 UTC
++++ client/Makefile.am
+@@ -94,8 +94,6 @@ SUBDIRS =			\
+ SUBDIRS =			\
+ 	share		        \
+ 	man			\
+-	sysconfig	        \
+-	systemd			\
+ 	$(NULL)
+ #       init                    
+ 

net/freeipa-client/files/patch-client_ipa-getkeytab.c

@@ -0,0 +1,16 @@
+--- client/ipa-getkeytab.c.orig	2023-08-21 14:29:00 UTC
++++ client/ipa-getkeytab.c
+@@ -34,6 +34,13 @@
+ #include <time.h>
+ #include <krb5.h>
+ #include <ldap.h>
++typedef unsigned char   u_char;
++typedef unsigned short  u_short;
++typedef unsigned int    u_int;
++typedef unsigned long   u_long;
++#include <sys/types.h>
++#include <netinet/in.h>
++#include <arpa/nameser.h>
+ #include <resolv.h>
+ #include <sasl/sasl.h>
+ #include <popt.h>

net/freeipa-client/files/patch-configure.ac

@@ -0,0 +1,112 @@
+--- configure.ac.orig	2024-08-21 15:06:37 UTC
++++ configure.ac
+@@ -25,9 +25,12 @@ dnl fail hard when includes statements are missing
+ dnl Enable features like strndup()
+ CFLAGS="$CFLAGS -D_POSIX_C_SOURCE=200809L"
+ dnl fail hard when includes statements are missing
+-CFLAGS="$CFLAGS -Werror=implicit-function-declaration"
++dnl Removing this failing hard because on implicit declaration of 
++dnl alloca() used several plaice in the code.
++dnl CFLAGS="$CFLAGS -Werror=implicit-function-declaration"
+ 
+ AC_PROG_CC_C99
++AC_GNU_SOURCE
+ AC_DISABLE_STATIC
+ LT_INIT
+ 
+@@ -211,14 +214,7 @@ SAVE_LIBS="$LIBS"
+ dnl - Check for libintl
+ dnl ---------------------------------------------------------------------------
+ SAVE_LIBS="$LIBS"
+-LIBINTL_LIBS=
+-AC_CHECK_HEADER(libintl.h, [], [AC_MSG_ERROR([libintl.h not found, please install xgettext])])
+-AC_SEARCH_LIBS([bindtextdomain], [libintl],[], [])
+-if test "x$ac_cv_search_bindtextdomain" = "xno" ; then
+-  AC_MSG_ERROR([libintl is not found and your libc does not support gettext, please install xgettext])
+-elif test "x$ac_cv_search_bindtextdomain" != "xnone required" ; then
+-  LIBINTL_LIBS="$ac_cv_search_bindtextdomain"
+-fi
++LIBINTL_LIBS="-lintl"
+ LIBS="$SAVELIBS"
+ AC_SUBST(LIBINTL_LIBS)
+ 
+@@ -249,39 +245,13 @@ dnl --------------------------------------------------
+ AC_SUBST([runstatedir])
+ 
+ dnl ---------------------------------------------------------------------------
+-dnl - Check for systemd directories
+-dnl ---------------------------------------------------------------------------
+-
+-PKG_CHECK_EXISTS([systemd], [], [AC_MSG_ERROR([systemd not found])])
+-AC_ARG_WITH([systemdsystemunitdir],
+-            AS_HELP_STRING([--with-systemdsystemunitdir=DIR],
+-               [Directory for systemd service files]),
+-            [systemdsystemunitdir=$with_systemdsystemunitdir],
+-        [systemdsystemunitdir=$($PKG_CONFIG --define-variable=prefix='${prefix}' --variable=systemdsystemunitdir systemd)])
+-AC_SUBST([systemdsystemunitdir])
+-
+-AC_ARG_WITH([systemdtmpfilesdir],
+-            AS_HELP_STRING([--with-systemdtmpfilesdir=DIR],
+-               [Directory for systemd-tmpfiles configuration files]),
+-            [systemdtmpfilesdir=$with_systemdtmpfilesdir],
+-        [systemdtmpfilesdir=$($PKG_CONFIG --define-variable=prefix='${prefix}' --variable=tmpfilesdir systemd)])
+-AC_SUBST([systemdtmpfilesdir])
+-
+-AC_ARG_WITH([systemdcatalogdir],
+-            AS_HELP_STRING([--with-systemdcatalogdir=DIR],
+-               [Directory for systemd journal catalog files]),
+-            [systemdcatalogdir=$with_systemdcatalogdir],
+-        [systemdcatalogdir=$($PKG_CONFIG --define-variable=prefix='${prefix}' --variable=catalogdir systemd)])
+-AC_SUBST([systemdcatalogdir])
+-
+-dnl ---------------------------------------------------------------------------
+ dnl - Server-only configuration
+ dnl ---------------------------------------------------------------------------
+ 
+-AM_COND_IF([ENABLE_SERVER], [
+-    m4_include(server.m4)
+-])
+-AM_CONDITIONAL([USE_SSS_NSS_TIMEOUT], [test "x$ac_cv_have_decl_sss_nss_getpwnam_timeout" = xyes])
++dnl AM_COND_IF([ENABLE_SERVER], [
++dnl     m4_include(server.m4)
++dnl ])
++dnl AM_CONDITIONAL([USE_SSS_NSS_TIMEOUT], [test "x$ac_cv_have_decl_sss_nss_getpwnam_timeout" = xyes])
+ 
+ dnl ---------------------------------------------------------------------------
+ dnl - Check if IPA certauth plugin can be build
+@@ -625,35 +595,11 @@ AC_CONFIG_FILES([
+     client/Makefile
+     client/share/Makefile
+     client/man/Makefile
+-    client/sysconfig/Makefile
+-    client/systemd/Makefile
+     contrib/completion/Makefile
+     contrib/Makefile
+-    daemons/dnssec/Makefile
+     daemons/Makefile
+     daemons/ipa-kdb/Makefile
+     daemons/ipa-sam/Makefile
+-    daemons/ipa-otpd/Makefile
+-    daemons/ipa-slapi-plugins/Makefile
+-    daemons/ipa-slapi-plugins/libotp/Makefile
+-    daemons/ipa-slapi-plugins/ipa-cldap/Makefile
+-    daemons/ipa-slapi-plugins/ipa-dns/Makefile
+-    daemons/ipa-slapi-plugins/ipa-enrollment/Makefile
+-    daemons/ipa-slapi-plugins/ipa-graceperiod/Makefile
+-    daemons/ipa-slapi-plugins/ipa-lockout/Makefile
+-    daemons/ipa-slapi-plugins/ipa-otp-counter/Makefile
+-    daemons/ipa-slapi-plugins/ipa-otp-lasttoken/Makefile
+-    daemons/ipa-slapi-plugins/ipa-pwd-extop/Makefile
+-    daemons/ipa-slapi-plugins/ipa-extdom-extop/Makefile
+-    daemons/ipa-slapi-plugins/ipa-winsync/Makefile
+-    daemons/ipa-slapi-plugins/ipa-version/Makefile
+-    daemons/ipa-slapi-plugins/ipa-uuid/Makefile
+-    daemons/ipa-slapi-plugins/ipa-modrdn/Makefile
+-    daemons/ipa-slapi-plugins/ipa-sidgen/Makefile
+-    daemons/ipa-slapi-plugins/ipa-range-check/Makefile
+-    daemons/ipa-slapi-plugins/topology/Makefile
+-    init/systemd/Makefile
+-    init/tmpfilesd/Makefile
+     init/Makefile
+     install/Makefile
+     install/certmonger/Makefile

net/freeipa-client/files/patch-daemons_Makefile.am

@@ -0,0 +1,14 @@
+--- daemons/Makefile.am.orig	2023-08-21 16:29:00.040643147 +0200
++++ daemons/Makefile.am	2023-10-24 17:56:44.164932000 +0200
+@@ -9,11 +9,8 @@
+ 
+ SUBDIRS =			\
+ 	.			\
+-	dnssec			\
+ 	ipa-kdb			\
+-	ipa-slapi-plugins	\
+ 	ipa-sam			\
+-	ipa-otpd		\
+ 	$(NULL)
+ 
+ ipa-version.h: ipa-version.h.in $(top_builddir)/$(CONFIG_STATUS)

net/freeipa-client/files/patch-init_Makefile.am

@@ -0,0 +1,11 @@
+--- init/Makefile.am.orig	2023-10-24 17:29:14.662539000 +0200
++++ init/Makefile.am	2023-10-24 17:29:28.779983000 +0200
+@@ -2,7 +2,7 @@
+ #
+ AUTOMAKE_OPTIONS = 1.7
+ 
+-SUBDIRS = systemd tmpfilesd
++#SUBDIRS = systemd tmpfilesd
+ 
+ dist_sysconfenv_DATA = 		\
+ 	ipa-dnskeysyncd		\

net/freeipa-client/files/patch-ipaplatform_freebsd___init__.py

@@ -0,0 +1,4 @@
+--- /dev/null	2023-10-25 10:42:48.658581000 +0200
++++ ipaplatform/freebsd/__init__.py	2023-10-25 10:42:03.380066000 +0200
+@@ -0,0 +1 @@
++NAME = 'freebsd'

net/freeipa-client/files/patch-ipaplatform_setup.py

@@ -0,0 +1,10 @@
+--- ipaplatform/setup.py.orig	2023-10-03 12:48:36 UTC
++++ ipaplatform/setup.py
+@@ -37,6 +37,7 @@ if __name__ == '__main__':
+             "ipaplatform.debian",
+             "ipaplatform.fedora",
+             "ipaplatform.fedora_container",
++            "ipaplatform.freebsd",
+             "ipaplatform.nixos",
+             "ipaplatform.redhat",
+             "ipaplatform.rhel",

net/freeipa-client/files/patch-util_ipa__krb5.c

@@ -0,0 +1,10 @@
+--- util/ipa_krb5.c.orig	2021-11-25 17:34:42 UTC
++++ util/ipa_krb5.c
+@@ -25,6 +25,7 @@
+ #include <errno.h>
+ #include <lber.h>
+ #include <errno.h>
++#include <sys/endian.h>
+ 
+ #include <libintl.h>
+ #define _(STRING) gettext(STRING)

net/freeipa-client/pkg-descr

@@ -0,0 +1,2 @@
+FreeIPA is a free and open source identity management system. This
+package provides its command-line administration tools.

net/freeipa-client/pkg-plist

@@ -0,0 +1,446 @@
+bin/ipa
+etc/bash_completion.d/ipa
+@sample etc/ipa/epn.conf.sample
+etc/ipa/epn/expire_msg.template
+%%PYTHON_SITELIBDIR%%/ipaclient-%%DISTVERSION%%-py%%PYTHON_VER%%.egg-info/PKG-INFO
+%%PYTHON_SITELIBDIR%%/ipaclient-%%DISTVERSION%%-py%%PYTHON_VER%%.egg-info/SOURCES.txt
+%%PYTHON_SITELIBDIR%%/ipaclient-%%DISTVERSION%%-py%%PYTHON_VER%%.egg-info/dependency_links.txt
+%%PYTHON_SITELIBDIR%%/ipaclient-%%DISTVERSION%%-py%%PYTHON_VER%%.egg-info/entry_points.txt
+%%PYTHON_SITELIBDIR%%/ipaclient-%%DISTVERSION%%-py%%PYTHON_VER%%.egg-info/not-zip-safe
+%%PYTHON_SITELIBDIR%%/ipaclient-%%DISTVERSION%%-py%%PYTHON_VER%%.egg-info/requires.txt
+%%PYTHON_SITELIBDIR%%/ipaclient-%%DISTVERSION%%-py%%PYTHON_VER%%.egg-info/top_level.txt
+%%PYTHON_SITELIBDIR%%/ipaclient/__init__.py
+%%PYTHON_SITELIBDIR%%/ipaclient/__main__.py
+%%PYTHON_SITELIBDIR%%/ipaclient/discovery.py
+%%PYTHON_SITELIBDIR%%/ipaclient/frontend.py
+%%PYTHON_SITELIBDIR%%/ipaclient/install/__init__.py
+%%PYTHON_SITELIBDIR%%/ipaclient/install/automount.py
+%%PYTHON_SITELIBDIR%%/ipaclient/install/client.py
+%%PYTHON_SITELIBDIR%%/ipaclient/install/ipa_certupdate.py
+%%PYTHON_SITELIBDIR%%/ipaclient/install/ipa_client_automount.py
+%%PYTHON_SITELIBDIR%%/ipaclient/install/ipa_client_install.py
+%%PYTHON_SITELIBDIR%%/ipaclient/install/ipa_client_samba.py
+%%PYTHON_SITELIBDIR%%/ipaclient/install/ipa_epn.py
+%%PYTHON_SITELIBDIR%%/ipaclient/install/ipachangeconf.py
+%%PYTHON_SITELIBDIR%%/ipaclient/install/ipadiscovery.py
+%%PYTHON_SITELIBDIR%%/ipaclient/install/sssd.py
+%%PYTHON_SITELIBDIR%%/ipaclient/install/timeconf.py
+%%PYTHON_SITELIBDIR%%/ipaclient/install_files.txt
+%%PYTHON_SITELIBDIR%%/ipaclient/plugins/__init__.py
+%%PYTHON_SITELIBDIR%%/ipaclient/plugins/automember.py
+%%PYTHON_SITELIBDIR%%/ipaclient/plugins/automount.py
+%%PYTHON_SITELIBDIR%%/ipaclient/plugins/baseuser.py
+%%PYTHON_SITELIBDIR%%/ipaclient/plugins/ca.py
+%%PYTHON_SITELIBDIR%%/ipaclient/plugins/cert.py
+%%PYTHON_SITELIBDIR%%/ipaclient/plugins/certmap.py
+%%PYTHON_SITELIBDIR%%/ipaclient/plugins/certprofile.py
+%%PYTHON_SITELIBDIR%%/ipaclient/plugins/dns.py
+%%PYTHON_SITELIBDIR%%/ipaclient/plugins/hbacrule.py
+%%PYTHON_SITELIBDIR%%/ipaclient/plugins/hbactest.py
+%%PYTHON_SITELIBDIR%%/ipaclient/plugins/host.py
+%%PYTHON_SITELIBDIR%%/ipaclient/plugins/idrange.py
+%%PYTHON_SITELIBDIR%%/ipaclient/plugins/internal.py
+%%PYTHON_SITELIBDIR%%/ipaclient/plugins/location.py
+%%PYTHON_SITELIBDIR%%/ipaclient/plugins/migration.py
+%%PYTHON_SITELIBDIR%%/ipaclient/plugins/misc.py
+%%PYTHON_SITELIBDIR%%/ipaclient/plugins/otptoken.py
+%%PYTHON_SITELIBDIR%%/ipaclient/plugins/otptoken_yubikey.py
+%%PYTHON_SITELIBDIR%%/ipaclient/plugins/passwd.py
+%%PYTHON_SITELIBDIR%%/ipaclient/plugins/permission.py
+%%PYTHON_SITELIBDIR%%/ipaclient/plugins/rpcclient.py
+%%PYTHON_SITELIBDIR%%/ipaclient/plugins/server.py
+%%PYTHON_SITELIBDIR%%/ipaclient/plugins/service.py
+%%PYTHON_SITELIBDIR%%/ipaclient/plugins/stageuser.py
+%%PYTHON_SITELIBDIR%%/ipaclient/plugins/sudorule.py
+%%PYTHON_SITELIBDIR%%/ipaclient/plugins/topology.py
+%%PYTHON_SITELIBDIR%%/ipaclient/plugins/trust.py
+%%PYTHON_SITELIBDIR%%/ipaclient/plugins/user.py
+%%PYTHON_SITELIBDIR%%/ipaclient/plugins/vault.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/__init__.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/aci.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/automember.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/automount.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/batch.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/cert.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/config.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/delegation.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/dns.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/group.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/hbacrule.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/hbacsvc.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/hbacsvcgroup.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/hbactest.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/host.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/hostgroup.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/idrange.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/idviews.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/internal.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/join.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/krbtpolicy.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/migration.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/misc.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/netgroup.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/otpconfig.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/otptoken.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/otptoken_yubikey.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/passwd.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/permission.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/ping.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/pkinit.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/privilege.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/pwpolicy.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/radiusproxy.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/realmdomains.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/role.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/selfservice.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/selinuxusermap.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/service.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/session.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/sudocmd.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/sudocmdgroup.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/sudorule.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/trust.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/user.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/__init__.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/aci.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/automember.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/automount.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/batch.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/caacl.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/cert.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/certprofile.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/config.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/delegation.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/dns.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/domainlevel.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/group.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/hbacrule.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/hbacsvc.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/hbacsvcgroup.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/hbactest.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/host.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/hostgroup.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/idrange.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/idviews.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/internal.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/join.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/krbtpolicy.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/migration.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/misc.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/netgroup.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/otpconfig.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/otptoken.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/otptoken_yubikey.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/passwd.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/permission.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/ping.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/pkinit.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/privilege.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/pwpolicy.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/radiusproxy.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/realmdomains.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/role.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/selfservice.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/selinuxusermap.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/server.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/service.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/servicedelegation.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/session.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/stageuser.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/sudocmd.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/sudocmdgroup.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/sudorule.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/topology.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/trust.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/user.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/vault.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/__init__.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/aci.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/automember.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/automount.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/batch.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/caacl.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/cert.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/certprofile.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/config.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/delegation.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/dns.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/domainlevel.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/group.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/hbacrule.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/hbacsvc.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/hbacsvcgroup.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/hbactest.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/host.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/hostgroup.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/idrange.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/idviews.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/internal.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/join.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/krbtpolicy.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/migration.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/misc.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/netgroup.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/otpconfig.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/otptoken.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/otptoken_yubikey.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/passwd.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/permission.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/ping.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/pkinit.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/privilege.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/pwpolicy.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/radiusproxy.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/realmdomains.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/role.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/selfservice.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/selinuxusermap.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/server.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/service.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/servicedelegation.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/session.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/stageuser.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/sudocmd.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/sudocmdgroup.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/sudorule.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/topology.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/trust.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/user.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/vault.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_49/__init__.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_49/aci.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_49/automember.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_49/automount.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_49/batch.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_49/cert.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_49/config.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_49/delegation.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_49/dns.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_49/entitle.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_49/group.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_49/hbacrule.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_49/hbacsvc.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_49/hbacsvcgroup.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_49/hbactest.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_49/host.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_49/hostgroup.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_49/idrange.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_49/internal.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_49/join.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_49/krbtpolicy.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_49/migration.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_49/misc.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_49/netgroup.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_49/passwd.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_49/permission.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_49/ping.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_49/pkinit.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_49/privilege.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_49/pwpolicy.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_49/role.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_49/selfservice.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_49/selinuxusermap.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_49/service.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_49/session.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_49/sudocmd.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_49/sudocmdgroup.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_49/sudorule.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_49/trust.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_49/user.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/__init__.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/compat.py
+%%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/schema.py
+%%PYTHON_SITELIBDIR%%/ipalib-%%DISTVERSION%%-py%%PYTHON_VER%%.egg-info/PKG-INFO
+%%PYTHON_SITELIBDIR%%/ipalib-%%DISTVERSION%%-py%%PYTHON_VER%%.egg-info/SOURCES.txt
+%%PYTHON_SITELIBDIR%%/ipalib-%%DISTVERSION%%-py%%PYTHON_VER%%.egg-info/dependency_links.txt
+%%PYTHON_SITELIBDIR%%/ipalib-%%DISTVERSION%%-py%%PYTHON_VER%%.egg-info/requires.txt
+%%PYTHON_SITELIBDIR%%/ipalib-%%DISTVERSION%%-py%%PYTHON_VER%%.egg-info/top_level.txt
+%%PYTHON_SITELIBDIR%%/ipalib/__init__.py
+%%PYTHON_SITELIBDIR%%/ipalib/aci.py
+%%PYTHON_SITELIBDIR%%/ipalib/backend.py
+%%PYTHON_SITELIBDIR%%/ipalib/base.py
+%%PYTHON_SITELIBDIR%%/ipalib/capabilities.py
+%%PYTHON_SITELIBDIR%%/ipalib/cli.py
+%%PYTHON_SITELIBDIR%%/ipalib/config.py
+%%PYTHON_SITELIBDIR%%/ipalib/constants.py
+%%PYTHON_SITELIBDIR%%/ipalib/crud.py
+%%PYTHON_SITELIBDIR%%/ipalib/dns.py
+%%PYTHON_SITELIBDIR%%/ipalib/errors.py
+%%PYTHON_SITELIBDIR%%/ipalib/facts.py
+%%PYTHON_SITELIBDIR%%/ipalib/frontend.py
+%%PYTHON_SITELIBDIR%%/ipalib/install/__init__.py
+%%PYTHON_SITELIBDIR%%/ipalib/install/certmonger.py
+%%PYTHON_SITELIBDIR%%/ipalib/install/certstore.py
+%%PYTHON_SITELIBDIR%%/ipalib/install/dnsforwarders.py
+%%PYTHON_SITELIBDIR%%/ipalib/install/hostname.py
+%%PYTHON_SITELIBDIR%%/ipalib/install/kinit.py
+%%PYTHON_SITELIBDIR%%/ipalib/install/service.py
+%%PYTHON_SITELIBDIR%%/ipalib/install/sysrestore.py
+%%PYTHON_SITELIBDIR%%/ipalib/install_files.txt
+%%PYTHON_SITELIBDIR%%/ipalib/krb_utils.py
+%%PYTHON_SITELIBDIR%%/ipalib/messages.py
+%%PYTHON_SITELIBDIR%%/ipalib/misc.py
+%%PYTHON_SITELIBDIR%%/ipalib/output.py
+%%PYTHON_SITELIBDIR%%/ipalib/parameters.py
+%%PYTHON_SITELIBDIR%%/ipalib/pkcs10.py
+%%PYTHON_SITELIBDIR%%/ipalib/plugable.py
+%%PYTHON_SITELIBDIR%%/ipalib/request.py
+%%PYTHON_SITELIBDIR%%/ipalib/rpc.py
+%%PYTHON_SITELIBDIR%%/ipalib/sysrestore.py
+%%PYTHON_SITELIBDIR%%/ipalib/text.py
+%%PYTHON_SITELIBDIR%%/ipalib/util.py
+%%PYTHON_SITELIBDIR%%/ipalib/x509.py
+%%PYTHON_SITELIBDIR%%/ipaplatform-%%DISTVERSION%%-py%%PYTHON_VER%%.egg-info/PKG-INFO
+%%PYTHON_SITELIBDIR%%/ipaplatform-%%DISTVERSION%%-py%%PYTHON_VER%%.egg-info/SOURCES.txt
+%%PYTHON_SITELIBDIR%%/ipaplatform-%%DISTVERSION%%-py%%PYTHON_VER%%.egg-info/dependency_links.txt
+%%PYTHON_SITELIBDIR%%/ipaplatform-%%DISTVERSION%%-py%%PYTHON_VER%%.egg-info/requires.txt
+%%PYTHON_SITELIBDIR%%/ipaplatform-%%DISTVERSION%%-py%%PYTHON_VER%%.egg-info/top_level.txt
+%%PYTHON_SITELIBDIR%%/ipaplatform/__init__.py
+%%PYTHON_SITELIBDIR%%/ipaplatform/_importhook.py
+%%PYTHON_SITELIBDIR%%/ipaplatform/base/__init__.py
+%%PYTHON_SITELIBDIR%%/ipaplatform/base/constants.py
+%%PYTHON_SITELIBDIR%%/ipaplatform/base/paths.py
+%%PYTHON_SITELIBDIR%%/ipaplatform/base/services.py
+%%PYTHON_SITELIBDIR%%/ipaplatform/base/tasks.py
+%%PYTHON_SITELIBDIR%%/ipaplatform/constants.py
+%%PYTHON_SITELIBDIR%%/ipaplatform/debian/__init__.py
+%%PYTHON_SITELIBDIR%%/ipaplatform/debian/constants.py
+%%PYTHON_SITELIBDIR%%/ipaplatform/debian/paths.py
+%%PYTHON_SITELIBDIR%%/ipaplatform/debian/services.py
+%%PYTHON_SITELIBDIR%%/ipaplatform/debian/tasks.py
+%%PYTHON_SITELIBDIR%%/ipaplatform/fedora/__init__.py
+%%PYTHON_SITELIBDIR%%/ipaplatform/fedora/constants.py
+%%PYTHON_SITELIBDIR%%/ipaplatform/fedora/paths.py
+%%PYTHON_SITELIBDIR%%/ipaplatform/fedora/services.py
+%%PYTHON_SITELIBDIR%%/ipaplatform/fedora/tasks.py
+%%PYTHON_SITELIBDIR%%/ipaplatform/fedora_container/__init__.py
+%%PYTHON_SITELIBDIR%%/ipaplatform/fedora_container/constants.py
+%%PYTHON_SITELIBDIR%%/ipaplatform/fedora_container/paths.py
+%%PYTHON_SITELIBDIR%%/ipaplatform/fedora_container/services.py
+%%PYTHON_SITELIBDIR%%/ipaplatform/fedora_container/tasks.py
+%%PYTHON_SITELIBDIR%%/ipaplatform/freebsd/__init__.py
+%%PYTHON_SITELIBDIR%%/ipaplatform/install_files.txt
+%%PYTHON_SITELIBDIR%%/ipaplatform/nixos/__init__.py
+%%PYTHON_SITELIBDIR%%/ipaplatform/nixos/constants.py
+%%PYTHON_SITELIBDIR%%/ipaplatform/nixos/paths.py
+%%PYTHON_SITELIBDIR%%/ipaplatform/nixos/services.py
+%%PYTHON_SITELIBDIR%%/ipaplatform/nixos/tasks.py
+%%PYTHON_SITELIBDIR%%/ipaplatform/osinfo.py
+%%PYTHON_SITELIBDIR%%/ipaplatform/override.py
+%%PYTHON_SITELIBDIR%%/ipaplatform/paths.py
+%%PYTHON_SITELIBDIR%%/ipaplatform/redhat/__init__.py
+%%PYTHON_SITELIBDIR%%/ipaplatform/redhat/authconfig.py
+%%PYTHON_SITELIBDIR%%/ipaplatform/redhat/constants.py
+%%PYTHON_SITELIBDIR%%/ipaplatform/redhat/paths.py
+%%PYTHON_SITELIBDIR%%/ipaplatform/redhat/services.py
+%%PYTHON_SITELIBDIR%%/ipaplatform/redhat/tasks.py
+%%PYTHON_SITELIBDIR%%/ipaplatform/rhel/__init__.py
+%%PYTHON_SITELIBDIR%%/ipaplatform/rhel/constants.py
+%%PYTHON_SITELIBDIR%%/ipaplatform/rhel/paths.py
+%%PYTHON_SITELIBDIR%%/ipaplatform/rhel/services.py
+%%PYTHON_SITELIBDIR%%/ipaplatform/rhel/tasks.py
+%%PYTHON_SITELIBDIR%%/ipaplatform/rhel_container/__init__.py
+%%PYTHON_SITELIBDIR%%/ipaplatform/rhel_container/constants.py
+%%PYTHON_SITELIBDIR%%/ipaplatform/rhel_container/paths.py
+%%PYTHON_SITELIBDIR%%/ipaplatform/rhel_container/services.py
+%%PYTHON_SITELIBDIR%%/ipaplatform/rhel_container/tasks.py
+%%PYTHON_SITELIBDIR%%/ipaplatform/services.py
+%%PYTHON_SITELIBDIR%%/ipaplatform/suse/__init__.py
+%%PYTHON_SITELIBDIR%%/ipaplatform/suse/constants.py
+%%PYTHON_SITELIBDIR%%/ipaplatform/suse/paths.py
+%%PYTHON_SITELIBDIR%%/ipaplatform/suse/services.py
+%%PYTHON_SITELIBDIR%%/ipaplatform/suse/tasks.py
+%%PYTHON_SITELIBDIR%%/ipaplatform/tasks.py
+%%PYTHON_SITELIBDIR%%/ipapython-%%DISTVERSION%%-py%%PYTHON_VER%%.egg-info/PKG-INFO
+%%PYTHON_SITELIBDIR%%/ipapython-%%DISTVERSION%%-py%%PYTHON_VER%%.egg-info/SOURCES.txt
+%%PYTHON_SITELIBDIR%%/ipapython-%%DISTVERSION%%-py%%PYTHON_VER%%.egg-info/dependency_links.txt
+%%PYTHON_SITELIBDIR%%/ipapython-%%DISTVERSION%%-py%%PYTHON_VER%%.egg-info/requires.txt
+%%PYTHON_SITELIBDIR%%/ipapython-%%DISTVERSION%%-py%%PYTHON_VER%%.egg-info/top_level.txt
+%%PYTHON_SITELIBDIR%%/ipapython/__init__.py
+%%PYTHON_SITELIBDIR%%/ipapython/admintool.py
+%%PYTHON_SITELIBDIR%%/ipapython/certdb.py
+%%PYTHON_SITELIBDIR%%/ipapython/config.py
+%%PYTHON_SITELIBDIR%%/ipapython/cookie.py
+%%PYTHON_SITELIBDIR%%/ipapython/directivesetter.py
+%%PYTHON_SITELIBDIR%%/ipapython/dn.py
+%%PYTHON_SITELIBDIR%%/ipapython/dn_ctypes.py
+%%PYTHON_SITELIBDIR%%/ipapython/dnsutil.py
+%%PYTHON_SITELIBDIR%%/ipapython/dogtag.py
+%%PYTHON_SITELIBDIR%%/ipapython/errors.py
+%%PYTHON_SITELIBDIR%%/ipapython/fqdn.py
+%%PYTHON_SITELIBDIR%%/ipapython/graph.py
+%%PYTHON_SITELIBDIR%%/ipapython/install/__init__.py
+%%PYTHON_SITELIBDIR%%/ipapython/install/cli.py
+%%PYTHON_SITELIBDIR%%/ipapython/install/common.py
+%%PYTHON_SITELIBDIR%%/ipapython/install/core.py
+%%PYTHON_SITELIBDIR%%/ipapython/install/typing.py
+%%PYTHON_SITELIBDIR%%/ipapython/install/util.py
+%%PYTHON_SITELIBDIR%%/ipapython/install_files.txt
+%%PYTHON_SITELIBDIR%%/ipapython/ipa_log_manager.py
+%%PYTHON_SITELIBDIR%%/ipapython/ipachangeconf.py
+%%PYTHON_SITELIBDIR%%/ipapython/ipaldap.py
+%%PYTHON_SITELIBDIR%%/ipapython/ipautil.py
+%%PYTHON_SITELIBDIR%%/ipapython/ipavalidate.py
+%%PYTHON_SITELIBDIR%%/ipapython/kerberos.py
+%%PYTHON_SITELIBDIR%%/ipapython/kernel_keyring.py
+%%PYTHON_SITELIBDIR%%/ipapython/nsslib.py
+%%PYTHON_SITELIBDIR%%/ipapython/session_storage.py
+%%PYTHON_SITELIBDIR%%/ipapython/ssh.py
+%%PYTHON_SITELIBDIR%%/ipapython/version.py
+libexec/ipa/acme/certbot-dns-ipa
+share/man/man1/ipa-certupdate.1.gz
+share/man/man1/ipa-client-automount.1.gz
+share/man/man1/ipa-client-install.1.gz
+share/man/man1/ipa-client-samba.1.gz
+share/man/man1/ipa-epn.1.gz
+share/man/man1/ipa-getkeytab.1.gz
+share/man/man1/ipa-join.1.gz
+share/man/man1/ipa-rmkeytab.1.gz
+share/man/man1/ipa.1.gz
+share/man/man5/default.conf.5.gz
+share/man/man5/epn.conf.5.gz
+sbin/ipa-certupdate
+sbin/ipa-client-automount
+sbin/ipa-client-install
+sbin/ipa-client-samba
+sbin/ipa-epn
+sbin/ipa-getkeytab
+sbin/ipa-join
+sbin/ipa-rmkeytab
+share/ipa/client/freeipa.template
+share/ipa/client/ssh_ipa.conf.template
+share/ipa/client/sshd_ipa.conf.template
+share/locale/bn_IN/LC_MESSAGES/ipa.mo
+share/locale/ca/LC_MESSAGES/ipa.mo
+share/locale/cs/LC_MESSAGES/ipa.mo
+share/locale/de/LC_MESSAGES/ipa.mo
+share/locale/en_GB/LC_MESSAGES/ipa.mo
+share/locale/es/LC_MESSAGES/ipa.mo
+share/locale/eu/LC_MESSAGES/ipa.mo
+share/locale/fi/LC_MESSAGES/ipa.mo
+share/locale/fr/LC_MESSAGES/ipa.mo
+share/locale/hi/LC_MESSAGES/ipa.mo
+share/locale/hu/LC_MESSAGES/ipa.mo
+share/locale/id/LC_MESSAGES/ipa.mo
+share/locale/ja/LC_MESSAGES/ipa.mo
+share/locale/ka/LC_MESSAGES/ipa.mo
+share/locale/kn/LC_MESSAGES/ipa.mo
+share/locale/ko/LC_MESSAGES/ipa.mo
+share/locale/mr/LC_MESSAGES/ipa.mo
+share/locale/nl/LC_MESSAGES/ipa.mo
+share/locale/pa/LC_MESSAGES/ipa.mo
+share/locale/pl/LC_MESSAGES/ipa.mo
+share/locale/pt/LC_MESSAGES/ipa.mo
+share/locale/pt_BR/LC_MESSAGES/ipa.mo
+share/locale/ru/LC_MESSAGES/ipa.mo
+share/locale/sk/LC_MESSAGES/ipa.mo
+share/locale/tg/LC_MESSAGES/ipa.mo
+share/locale/tr/LC_MESSAGES/ipa.mo
+share/locale/uk/LC_MESSAGES/ipa.mo
+share/locale/zh_CN/LC_MESSAGES/ipa.mo
+@dir etc/ipa/nssdb
+@dir share/selinux/packages/targeted
+@dir /var/lib/ipa-client/pki
+@dir /var/lib/ipa-client/sysrestore
+@dir /var/lib/ipa-client
+@dir /var/lib

net/relayd.old/Makefile

@@ -1,64 +0,0 @@
-PORTNAME=	relayd
-DISTVERSION=	7.3.2024.01.15
-CATEGORIES=	net
-#MASTER_SITES=	https://github.com/KlaraSystems/freebsd-relayd/releases/download/${DISTVERSION}/
-
-USE_GITHUB=	yes
-GH_ACCOUNT=	0mp
-GH_PROJECT=	freebsd-relayd
-GH_TAGNAME=	44c1ed0
-
-MAINTAINER=	0mp@FreeBSD.org
-COMMENT=	OpenBSD relay daemon
-WWW=		https://github.com/KlaraSystems/freebsd-relayd
-
-LICENSE=	ISCL
-
-LIB_DEPENDS=	libpfctl.so:net/libpfctl
-
-USES=		localbase:ldflags ssl uidfix
-USE_RC_SUBR=	relayd
-
-HAS_CONFIGURE=	yes
-
-LDFLAGS+=	-lpfctl
-
-USERS=		_relayd
-GROUPS=		_relayd
-
-.include <bsd.port.pre.mk>
-
-.if !${SSL_DEFAULT:Mlibressl*}
-#_LIBRESSL_ORIGIN=	security/libressl
-_LIBRESSL_ORIGIN=	security/libressl-devel
-. ifnmake describe
-STAGEDIR_libressl!=	${MAKE} -V STAGEDIR -C ${PORTSDIR}/${_LIBRESSL_ORIGIN}
-. endif
-BUILD_DEPENDS+=		${NONEXISTENT}:${_LIBRESSL_ORIGIN}:stage
-.endif # SSL_DEFAULT
-
-MAKE_ENV=	LIBCRYPTO=${STAGEDIR_libressl}${LOCALBASE}/lib/libcrypto.a \
-		LIBSSL=${STAGEDIR_libressl}${LOCALBASE}/lib/libssl.a \
-		LIBTLS=${STAGEDIR_libressl}${LOCALBASE}/lib/libtls.a \
-		OPENSSLINCDIR=${STAGEDIR_libressl}${LOCALBASE}/include
-
-post-patch:
-	${REINPLACE_CMD} -e 's|%%PREFIX%%|${PREFIX}|g' \
-		${WRKSRC}/usr.sbin/relayd/relayd.conf.5 \
-		${WRKSRC}/usr.sbin/relayd/relayd.8
-
-do-install:
-	${INSTALL_DATA} ${WRKSRC}/etc/examples/relayd.conf \
-		${STAGEDIR}${PREFIX}/etc/relayd.conf.sample
-	${INSTALL_MAN} ${WRKSRC}/usr.sbin/relayctl/relayctl.8 \
-		${STAGEDIR}${PREFIX}/share/man/man8/
-	${INSTALL_MAN} ${WRKSRC}/usr.sbin/relayd/relayd.8 \
-		${STAGEDIR}${PREFIX}/share/man/man8/
-	${INSTALL_MAN} ${WRKSRC}/usr.sbin/relayd/relayd.conf.5 \
-		${STAGEDIR}${PREFIX}/share/man/man5/
-	${INSTALL_PROGRAM} ${WRKSRC}/usr.sbin/relayctl/relayctl \
-		${STAGEDIR}${PREFIX}/sbin/
-	${INSTALL_PROGRAM} ${WRKSRC}/usr.sbin/relayd/relayd \
-		${STAGEDIR}${PREFIX}/sbin/
-
-.include <bsd.port.post.mk>

net/relayd.old/distinfo

@@ -1,3 +0,0 @@
-TIMESTAMP = 1709219928
-SHA256 (0mp-freebsd-relayd-7.3.2024.01.15-44c1ed0_GH0.tar.gz) = 3f155b63141b9143a9f57cac1536a81b1592c9d5b5c0d5716912edf3169ab812
-SIZE (0mp-freebsd-relayd-7.3.2024.01.15-44c1ed0_GH0.tar.gz) = 257538830

net/relayd.old/files/patch-share_mk_bsd.own.mk

@@ -1,11 +0,0 @@
---- share/mk/bsd.own.mk.orig	2023-11-02 07:25:02 UTC
-+++ share/mk/bsd.own.mk
-@@ -15,7 +15,7 @@ SKEY?=		yes
- # Set `YP' to `yes' to build with support for NIS/YP.
- YP?=		yes
- 
--CLANG_ARCH=aarch64 amd64 arm i386 mips64 mips64el powerpc powerpc64 riscv64 sparc64
-+CLANG_ARCH=aarch64 amd64 arm armv6 armv7 i386 mips64 mips64el powerpc powerpc64 riscv64 sparc64
- GCC4_ARCH=alpha hppa sh sparc64
- GCC3_ARCH=m88k
- LLD_ARCH=aarch64 amd64 arm i386 powerpc powerpc64 riscv64

net/relayd.old/files/relayd.in

@@ -1,39 +0,0 @@
-#!/bin/sh
-
-# PROVIDE: relayd
-# REQUIRE: NETWORKING syslogd
-# BEFORE:  DAEMON
-# KEYWORD: shutdown
-
-# Add the following lines to /etc/rc.conf to enable relayd:
-# relayd_enable="YES"
-# relayd_flags="<set as needed>"
-
-. /etc/rc.subr
-
-name=relayd
-rcvar=relayd_enable
-
-load_rc_config $name
-
-: ${relayd_enable="NO"}
-
-command="%%PREFIX%%/sbin/relayd"
-relayctl="%%PREFIX%%/sbin/relayctl"
-start_precmd="relayd_checkconfig"
-reload_precmd="relayd_checkconfig"
-restart_precmd="relayd_checkconfig"
-reload_cmd="relayd_reload_cmd"
-extra_commands="reload"
-
-relayd_checkconfig()
-{
-	echo "Performing sanity check on relayd configuration:"
-	eval ${command} ${relayd_flags} -n
-}
-
-relayd_reload_cmd () {
-	${relayctl} reload
-}
-
-run_rc_command "$1"

net/relayd.old/pkg-descr

@@ -1,18 +0,0 @@
-This is the FreeBSD port of the OpenBSD relayd and relayctl.
-
-relayd is a daemon to relay and dynamically redirect incoming connections
-to a target host.  Its main purposes are to run as a load-balancer,
-application layer gateway, or transparent proxy.  The daemon is able to
-monitor groups of hosts for availability, which is determined by checking
-for a specific service common to a host group.  When availability is con-
-firmed, Layer 3 and/or layer 7 forwarding services are set up by relayd.
-
-Layer 3 redirection happens at the packet level; to configure it, relayd
-communicates with pf(4).
-
-The following relayd functionality is not (yet) implemented in FreeBSD:
-- carp demote
-- modifying routing tables
-- snmp traps
-
-The relayctl program controls the relayd(8) daemon.

net/relayd.old/pkg-plist

@@ -1,6 +0,0 @@
-@sample etc/relayd.conf.sample
-share/man/man5/relayd.conf.5.gz
-share/man/man8/relayctl.8.gz
-share/man/man8/relayd.8.gz
-sbin/relayctl
-sbin/relayd

net/samba416.old/Makefile

@@ -1,708 +0,0 @@
-PORTNAME=			${SAMBA4_BASENAME}416
-PORTVERSION=			${SAMBA4_VERSION}
-PORTREVISION=			5
-CATEGORIES?=			net
-MASTER_SITES=			SAMBA/samba/stable SAMBA/samba/rc
-DISTNAME=			${SAMBA4_DISTNAME}
-
-MAINTAINER=			timur@FreeBSD.org
-COMMENT=			Free SMB/CIFS and AD/DC server and client for Unix
-WWW=				https://gitlab.com/samba-freebsd/
-
-LICENSE=			GPLv3+
-LICENSE_FILE=			${WRKSRC}/COPYING
-
-USES=				cpe
-
-CONFLICTS_INSTALL?=		samba4*
-
-EXTRA_PATCHES=			\
-				${PATCHDIR}/0001-Compact-and-simplify-modules-build-and-config-genera.patch:-p1 \
-				${PATCHDIR}/0002-Adjust-abi_gen.sh-script-to-run-under-FreeBSD-with-i.patch:-p1 \
-				${PATCHDIR}/0003-Mask-CLang-prototype-warnings-in-kadm5-admin.h.patch:-p1 \
-				${PATCHDIR}/0004-On-FreeBSD-date-1-has-different-semantics-than-on-Li.patch:-p1 \
-				${PATCHDIR}/0005-Include-jemalloc-jemalloc.h-if-ENABLE_JEMALLOC-is-se.patch:-p1 \
-				${PATCHDIR}/0006-Install-nss_-modules-into-PAMMODULESDIR-path.patch:-p1 \
-				${PATCHDIR}/0007-Use-macro-value-as-a-default-backlog-size-for-the-li.patch:-p1 \
-				${PATCHDIR}/0008-Brute-force-work-around-usage-of-Linux-specific-m-fl.patch:-p1 \
-				${PATCHDIR}/0009-Make-sure-that-config-checks-fail-if-the-warning-is-.patch:-p1 \
-				${PATCHDIR}/0010-Add-option-with-pkgconfigdir-to-specify-alternative-.patch:-p1 \
-				${PATCHDIR}/0011-Use-provided-by-port-location-of-the-XML-catalog.patch:-p1 \
-				${PATCHDIR}/0012-Create-shared-libraries-according-to-the-FreeBSD-spe.patch:-p1 \
-				${PATCHDIR}/0013-Pass-additional-msg-parameter-to-CHECK_LIB-so-it-can.patch:-p1 \
-				${PATCHDIR}/0014-Add-option-to-disable-CTDB-tests-failing-on-FreeBSD-.patch:-p1 \
-				${PATCHDIR}/0015-Add-extra-debug-class-to-trck-down-DB-locking-code.patch:-p1 \
-				${PATCHDIR}/0016-Make-ldb_schema_attribute_compare-a-stable-comparisi.patch:-p1 \
-				${PATCHDIR}/0017-Use-arc4random-when-available-to-generate-random-tal.patch:-p1 \
-				${PATCHDIR}/0018-Add-configuration-option-that-allows-to-choose-alter.patch:-p1 \
-				${PATCHDIR}/0019-From-923bc7a1afeb0b920e60e14846987ae1d2d7dca4-Mon-Se.patch:-p1 \
-				${PATCHDIR}/0020-FreeBSD-12-between-r336017-and-r342928-wrongfuly-ret.patch:-p1 \
-				${PATCHDIR}/0021-Fix-casting-warnings-in-the-nfs_quota-debug-message.patch:-p1 \
-				${PATCHDIR}/0022-Clean-up-UTMP-handling-code-and-add-FreeBSD-support..patch:-p1 \
-				${PATCHDIR}/0023-Add-cmd_get_quota-test-function-into-vfstest-to-test.patch:-p1 \
-				${PATCHDIR}/0024-Cherry-pick-ZFS-provisioning-code-by-iXsystems-Inc.patch:-p1 \
-				${PATCHDIR}/0025-From-d9b748869a8f4018ebee302aae8246bf29f60309-Mon-Se.patch:-p1 \
-				${PATCHDIR}/0026-vfs-add-a-compatibility-option-to-the-vfs_streams_xa.patch:-p1 \
-				${PATCHDIR}/0027-Add-VFS-module-vfs_freebsd-that-implements-FreeBSD-s.patch:-p1 \
-				${PATCHDIR}/0028-s3-lib-system-add-FreeBSD-proc_fd_pattern.patch:-p1 \
-				${PATCHDIR}/0099-s3-modules-zfsacl-fix-get-set-ACL-on-FreeBSD-13.patch:-p1 \
-				${PATCHDIR}/0099-s4-mitkdc-Add-support-for-MIT-Kerberos-1.20.patch:-p1
-
-SAMBA4_BASENAME=		samba
-SAMBA4_PORTNAME=		${SAMBA4_BASENAME}4
-SAMBA4_VERSION=			4.16.11
-SAMBA4_DISTNAME=		${SAMBA4_BASENAME}-${SAMBA4_VERSION:S|.p|pre|:S|.r|rc|:S|.t|tp|:S|.a|alpha|}
-
-WRKSRC?=			${WRKDIR}/${DISTNAME}
-PLIST?=				${PKGDIR}/pkg-plist
-
-CPE_VENDOR=			samba
-CPE_PRODUCT=			samba
-# Directories
-VARDIR=				${DESTDIR}/var
-SAMBA4_RUNDIR=			${VARDIR}/run/${SAMBA4_PORTNAME}
-SAMBA4_LOGDIR=			${VARDIR}/log/${SAMBA4_PORTNAME}
-SAMBA4_LOCKDIR=			${VARDIR}/db/${SAMBA4_PORTNAME}
-SAMBA4_BINDDNSDIR=		${SAMBA4_LOCKDIR}/bind-dns
-SAMBA4_PRIVATEDIR=		${SAMBA4_LOCKDIR}/private
-SAMBA4_PAMDIR=			${PREFIX}/lib
-SAMBA4_LIBDIR=			${PREFIX}/lib/${SAMBA4_PORTNAME}
-SAMBA4_INCLUDEDIR=		${PREFIX}/include/${SAMBA4_PORTNAME}
-SAMBA4_CONFDIR=			${PREFIX}/etc
-SAMBA4_CONFIG=			smb4.conf
-SAMBA4_MODULES_CLASS=		auth bind9 gensec gpext idmap ldb nss_info \
-				pdb perfcount process_model service vfs
-
-CONFIGURE_ARGS=			--mandir="${PREFIX}/share/man" \
-				--sysconfdir="${SAMBA4_CONFDIR}" \
-				--includedir="${SAMBA4_INCLUDEDIR}" \
-				--datadir="${DATADIR}" \
-				--libdir="${SAMBA4_LIBDIR}" \
-				--with-privatelibdir="${SAMBA4_LIBDIR}/private" \
-				--with-pammodulesdir="${SAMBA4_PAMDIR}" \
-				--with-modulesdir="${SAMBA4_MODULEDIR}" \
-				--with-pkgconfigdir="${PKGCONFIGDIR}" \
-				--localstatedir="${VARDIR}" \
-				--with-piddir="${SAMBA4_RUNDIR}" \
-				--with-sockets-dir="${SAMBA4_RUNDIR}" \
-				--with-privileged-socket-dir="${SAMBA4_RUNDIR}" \
-				--with-lockdir="${SAMBA4_LOCKDIR}" \
-				--with-statedir="${SAMBA4_LOCKDIR}" \
-				--with-cachedir="${SAMBA4_LOCKDIR}" \
-				--with-bind-dns-dir=${SAMBA4_BINDDNSDIR} \
-				--with-privatedir="${SAMBA4_PRIVATEDIR}" \
-				--with-logfilebase="${SAMBA4_LOGDIR}"
-# XXX: Flags
-CONFIGURE_ENV=			PTHREAD_LDFLAGS="-lpthread"
-MAKE_ENV=			PYTHONHASHSEED=1
-
-USES=				compiler:c++11-lang iconv localbase:ldflags \
-				perl5 pkgconfig shebangfix waf gettext-runtime
-USE_PERL5=			build
-USE_LDCONFIG=			${SAMBA4_LIBDIR}
-WAF_CMD=			buildtools/bin/waf
-CONFIGURE_LOG=			bin/config.log
-
-FLAVORS=			default noldb
-noldb_PKGNAMESUFFIX=		-noldb
-
-# Make sure that the right version of Python is used by the tools
-# https://bugzilla.samba.org/show_bug.cgi?id=7305
-SHEBANG_FILES=			${PATCH_WRKSRC}/source4/scripting/bin/* ${PATCH_WRKSRC}/selftest/*
-
-PKGCONFIGDIR?=			${PREFIX}/libdata/pkgconfig
-PKGCONFIGDIR_REL?=		${PKGCONFIGDIR:S,^${PREFIX}/,,}
-PLIST_SUB=			PKGCONFIGDIR=${PKGCONFIGDIR_REL}
-SUB_LIST=			PKGCONFIGDIR=${PKGCONFIGDIR_REL}
-##############################################################################
-OPTIONS_SUB=			yes
-
-OPTIONS_DEFINE=			AD_DC ADS CLUSTER CUPS DOCS FAM GPGME \
-				LDAP MANDOC PROFILE PYTHON3 QUOTAS \
-				SPOTLIGHT SYSLOG UTMP
-#OPTIONS_DEFINE+=		DEVELOPER MEMORY_DEBUG
-
-OPTIONS_GROUP=			VFS
-OPTIONS_GROUP_VFS=		FRUIT GLUSTERFS
-
-OPTIONS_SINGLE=			GSSAPI ZEROCONF
-
-OPTIONS_SINGLE_GSSAPI=		GSSAPI_BUILTIN GSSAPI_MIT
-#GSSAPI_HEIMDAL
-OPTIONS_SINGLE_ZEROCONF=	ZEROCONF_NONE AVAHI MDNSRESPONDER
-
-# Make those default options
-OPTIONS_DEFAULT=		AD_DC ADS DOCS FAM LDAP \
-				PROFILE PYTHON3 QUOTAS SYSLOG UTMP \
-				FRUIT GSSAPI_BUILTIN AVAHI
-##############################################################################
-ADS_DESC=			Active Directory client(implies LDAP)
-AD_DC_DESC=			Active Directory Domain Controller(implies PYTHON3)
-CLUSTER_DESC=			Clustering support
-DEVELOPER_DESC=			With developer framework
-FAM_DESC=			File Alteration Monitor
-GPGME_DESC=			GpgME support
-LDAP_DESC=			LDAP client
-LIBZFS_DESC=			LibZFS
-SPOTLIGHT_DESC=			Spotlight server-side search support
-MANDOC_DESC=			Build manpages from DOCBOOK templates
-MEMORY_DEBUG_DESC=		Debug memory allocator
-PICKY_DEVELOPER_DESC=		Treat compiler warnings as errors(implies DEVELOPER)
-PROFILE_DESC=			Profiling data
-QUOTAS_DESC=			Disk quota support
-UTMP_DESC=			UTMP accounting
-
-VFS_DESC=			VFS modules
-FRUIT_DESC=			MacOSX and TimeMachine support
-GLUSTERFS_DESC=			GlusterFS support
-
-GSSAPI_BUILTIN_DESC=		GSSAPI support via bundled Heimdal
-
-ZEROCONF_DESC=			Zero configuration networking
-ZEROCONF_NONE_DESC=		Zeroconf support is absent
-##############################################################################
-# XXX: Unconditional dependencies which can't be switched off(if present in
-# the system)
-
-# Iconv(picked up unconditionaly)
-LIB_DEPENDS=			libiconv.so:converters/libiconv
-# unwind
-LIB_DEPENDS+=			libunwind.so:devel/libunwind
-# Readline(sponsored by Python)
-# XXX: USES=readline pollutes CPPFLAGS, so we explicitly put dependency
-LIB_DEPENDS+=			libreadline.so:devel/readline
-# popt
-LIB_DEPENDS+=			libpopt.so:devel/popt
-# inotify
-LIB_DEPENDS+=			libinotify.so:devel/libinotify
-# GNUTLS
-LIB_DEPENDS+=			libgnutls.so:security/gnutls
-LIB_DEPENDS+=			libgcrypt.so:security/libgcrypt
-# NFSv4 ACL glue
-LIB_DEPENDS+=			libsunacl.so:sysutils/libsunacl
-# Jansson
-BUILD_DEPENDS+=			jansson>=2.10:devel/jansson
-RUN_DEPENDS+=			jansson>=2.10:devel/jansson
-# tasn1
-BUILD_DEPENDS+=			libtasn1>=3.8:security/libtasn1
-RUN_DEPENDS+=			libtasn1>=3.8:security/libtasn1
-# External Samba dependencies
-# Needed for IDL compiler
-BUILD_DEPENDS+=			p5-Parse-Yapp>=0:devel/p5-Parse-Yapp
-
-# Libarchive
-SAMBA4_BUNDLED_LIBS=		!libarchive
-BUILD_DEPENDS+=			libarchive>=3.1.2:archivers/libarchive
-RUN_DEPENDS+=			libarchive>=3.1.2:archivers/libarchive
-
-### Bundled libraries
-SAMBA4_BUNDLED_CMOCKA?=		no
-SAMBA4_BUNDLED_TALLOC?=		no
-SAMBA4_BUNDLED_TEVENT?=		no
-SAMBA4_BUNDLED_TDB?=		no
-.if ${FLAVOR:U} != noldb
-SAMBA4_BUNDLED_LDB?=		yes
-.else
-SAMBA4_BUNDLED_LDB?=		no
-.endif
-# cmocka
-.if defined(SAMBA4_BUNDLED_CMOCKA) && ${SAMBA4_BUNDLED_CMOCKA} == yes
-SAMBA4_BUNDLED_LIBS+=		cmocka
-CONFLICTS_INSTALL+=		cmocka-1.*
-PLIST_SUB+=			SAMBA4_BUNDLED_CMOCKA=""
-SUB_LIST+=			SAMBA4_BUNDLED_CMOCKA=""
-.else
-SAMBA4_BUNDLED_LIBS+=		!cmocka
-BUILD_DEPENDS+=			cmocka>=1.1.3:sysutils/cmocka
-TEST_DEPENDS+=			cmocka>=1.1.3:sysutils/cmocka
-PLIST_SUB+=			SAMBA4_BUNDLED_CMOCKA="@comment "
-SUB_LIST+=			SAMBA4_BUNDLED_CMOCKA="@comment "
-.endif
-# talloc
-.if defined(SAMBA4_BUNDLED_TALLOC) && ${SAMBA4_BUNDLED_TALLOC} == yes
-SAMBA4_BUNDLED_LIBS+=		talloc
-CONFLICTS_INSTALL+=		talloc-* talloc1-*
-PLIST_SUB+=			SAMBA4_BUNDLED_TALLOC=""
-SUB_LIST+=			SAMBA4_BUNDLED_TALLOC=""
-.else
-SAMBA4_BUNDLED_LIBS+=		!talloc
-BUILD_DEPENDS+=			talloc>=2.3.3:devel/talloc
-RUN_DEPENDS+=			talloc>=2.3.3:devel/talloc
-PLIST_SUB+=			SAMBA4_BUNDLED_TALLOC="@comment "
-SUB_LIST+=			SAMBA4_BUNDLED_TALLOC="@comment "
-.endif
-# tevent
-.if defined(SAMBA4_BUNDLED_TEVENT) && ${SAMBA4_BUNDLED_TEVENT} == yes
-SAMBA4_BUNDLED_LIBS+=		tevent
-CONFLICTS_INSTALL+=		tevent-* tevent1-*
-PLIST_SUB+=			SAMBA4_BUNDLED_TEVENT=""
-SUB_LIST+=			SAMBA4_BUNDLED_TEVENT=""
-.else
-SAMBA4_BUNDLED_LIBS+=		!tevent
-BUILD_DEPENDS+=			tevent>=0.11.0:devel/tevent
-RUN_DEPENDS+=			tevent>=0.11.0:devel/tevent
-PLIST_SUB+=			SAMBA4_BUNDLED_TEVENT="@comment "
-SUB_LIST+=			SAMBA4_BUNDLED_TEVENT="@comment "
-.endif
-# tdb
-.if defined(SAMBA4_BUNDLED_TDB) && ${SAMBA4_BUNDLED_TDB} == yes
-SAMBA4_BUNDLED_LIBS+=		tdb
-CONFLICTS_INSTALL+=		tdb-* tdb1-*
-PLIST_SUB+=			SAMBA4_BUNDLED_TDB=""
-SUB_LIST+=			SAMBA4_BUNDLED_TDB=""
-.else
-SAMBA4_BUNDLED_LIBS+=		!tdb
-BUILD_DEPENDS+=			tdb>=1.4.6:databases/tdb
-RUN_DEPENDS+=			tdb>=1.4.6:databases/tdb
-PLIST_SUB+=			SAMBA4_BUNDLED_TDB="@comment "
-SUB_LIST+=			SAMBA4_BUNDLED_TDB="@comment "
-.endif
-# ldb
-.if defined(SAMBA4_BUNDLED_LDB) && ${SAMBA4_BUNDLED_LDB} == yes
-SAMBA4_BUNDLED_LDB=		yes
-SAMBA4_BUNDLED_LIBS+=		ldb
-PLIST_SUB+=			SAMBA4_BUNDLED_LDB=""
-SUB_LIST+=			SAMBA4_BUNDLED_LDB=""
-SAMBA4_MODULEDIR=		${SAMBA4_LIBDIR}/modules
-.else
-SAMBA4_BUNDLED_LIBS+=		!ldb
-BUILD_DEPENDS+=			ldb25>=2.5.2:databases/ldb25
-RUN_DEPENDS+=			ldb25>=2.5.2:databases/ldb25
-PLIST_SUB+=			SAMBA4_BUNDLED_LDB="@comment "
-SUB_LIST+=			SAMBA4_BUNDLED_LDB="@comment "
-SAMBA4_MODULEDIR=		${PREFIX}/lib/shared-modules
-.endif
-
-.if (defined(SAMBA4_BUNDLED_TALLOC) && ${SAMBA4_BUNDLED_TALLOC} == yes) \
-	|| (defined(SAMBA4_BUNDLED_TDB) && ${SAMBA4_BUNDLED_TDB} == yes) \
-	|| (defined(SAMBA4_BUNDLED_LDB) && ${SAMBA4_BUNDLED_LDB} == yes) \
-	|| (defined(SAMBA4_BUNDLED_TEVENT) && ${SAMBA4_BUNDLED_TEVENT} == yes)
-SAMBA4_BUNDLED_LIBS+=		replace
-.endif
-# Don't use external libcom_err
-SAMBA4_BUNDLED_LIBS+=		com_err
-# Set the test environment variables
-TEST_USES=			python
-TEST_ENV=			PYTHON="${PYTHON_CMD}" \
-				SHA1SUM=/sbin/sha1 \
-				SHA256SUM=/sbin/sha256 \
-				MD5SUM=/sbin/md5 \
-				PYTHONDONTWRITEBYTECODE=1
-
-TEST_DEPENDS=			bash:shells/bash \
-				tshark:net/wireshark@nox11
-# External Python modules
-TEST_BUILD_DEPENDS=		${PYTHON_PKGNAMEPREFIX}iso8601>=0.1.11:devel/py-iso8601@${PY_FLAVOR}
-TEST_RUN_DEPENDS=		${PYTHON_PKGNAMEPREFIX}iso8601>=0.1.11:devel/py-iso8601@${PY_FLAVOR}
-##############################################################################
-CONFIGURE_ARGS+=		\
-				--with-pam \
-				--with-iconv \
-				--with-winbind \
-				--with-regedit \
-				--disable-rpath \
-				--without-lttng \
-				--without-gettext \
-				--enable-pthreadpool \
-				--without-fake-kaserver \
-				--without-systemd \
-				--with-libarchive \
-				--with-acl-support \
-				--with-sendfile-support \
-				--disable-ctdb-tests
-#				${ICONV_CONFIGURE_BASE}
-##############################################################################
-FRUIT_PREVENTS=			ZEROCONF_NONE
-FRUIT_PREVENTS_MSG=		MacOSX support requires Zeroconf(AVAHI or MDNSRESPONDER)
-FRUIT_VARS=			SAMBA4_MODULES+=vfs_fruit
-FRUIT_PLIST_FILES=		share/man/man8/vfs_fruit.8.gz
-
-GLUSTERFS_CONFIGURE_ENABLE=	glusterfs
-GLUSTERFS_LIB_DEPENDS=		libglusterfs.so:net/glusterfs
-GLUSTERFS_VARS=			SAMBA4_MODULES+=vfs_glusterfs
-GLUSTERFS_PLIST_FILES=		share/man/man8/vfs_glusterfs.8.gz
-
-ZEROCONF_NONE_MAKE_ENV=		ZEROCONF=none
-##############################################################################
-AVAHI_CONFIGURE_ENABLE=		avahi
-AVAHI_LIB_DEPENDS=		libavahi-client.so:net/avahi-app
-AVAHI_VARS=			SAMBA4_SERVICES+=avahi_daemon
-
-MDNSRESPONDER_CONFIGURE_ENABLE=	dnssd
-MDNSRESPONDER_LIB_DEPENDS=	libdns_sd.so:net/mDNSResponder
-MDNSRESPONDER_VARS=		SAMBA4_SERVICES+=mdnsd
-##############################################################################
-MEMORY_DEBUG_IMPLIES=		DEBUG
-MEMORY_DEBUG_CONFIGURE_ENV=	ADDITIONAL_CFLAGS="-DENABLE_JEMALLOC `pkg-config --cflags jemalloc`" ADDITIONAL_LDFLAGS="`pkg-config --libs jemalloc`"
-MEMORY_DEBUG_LIB_DEPENDS=	libjemalloc.so.2:devel/jemalloc
-# https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=194046
-GDB_CMD?=			${LOCALBASE}/bin/gdb
-# https://bugzilla.samba.org/show_bug.cgi?id=8969
-PICKY_DEVELOPER_IMPLIES=	DEVELOPER
-PICKY_DEVELOPER_CONFIGURE_ON=	--picky-developer
-
-DEVELOPER_CONFIGURE_ON=		--enable-developer --enable-selftest --abi-check-disable
-DEVELOPER_CONFIGURE_ENV=	WAF_CMD_FORMAT=string
-DEVELOPER_BUILD_DEPENDS=	${SAMBA4_LMDB_DEPENDS} \
-				${GDB_CMD}:devel/gdb
-DEVELOPER_RUN_DEPENDS=		${SAMBA4_LMDB_DEPENDS}
-DEVELOPER_TEST_DEPENDS=		${GDB_CMD}:devel/gdb
-DEVELOPER_VARS_OFF=		GDB_CMD=true
-##############################################################################
-AD_DC_IMPLIES=			PYTHON3
-AD_DC_CONFIGURE_OFF=		--without-ad-dc
-AD_DC_BUILD_DEPENDS=		${SAMBA4_LMDB_DEPENDS}
-AD_DC_RUN_DEPENDS=		${SAMBA4_LMDB_DEPENDS}
-AD_DC_VARS=			PLIST+=${PKGDIR}/pkg-plist.ad_dc
-# samba-tool requires those for *upgrade
-AD_DC_BUILD_DEPENDS+=		${PYTHON_PKGNAMEPREFIX}markdown>=3.3.7:textproc/py-markdown@${PY_FLAVOR} \
-				${PYTHON_PKGNAMEPREFIX}dnspython>=2.2.1:dns/py-dnspython@${PY_FLAVOR}
-AD_DC_RUN_DEPENDS+=		${PYTHON_PKGNAMEPREFIX}markdown>=3.3.7:textproc/py-markdown@${PY_FLAVOR} \
-				${PYTHON_PKGNAMEPREFIX}dnspython>=2.2.1:dns/py-dnspython@${PY_FLAVOR}
-
-ADS_IMPLIES=			LDAP
-ADS_CONFIGURE_WITH=		ads
-
-CLUSTER_CONFIGURE_WITH=		cluster-support
-CLUSTER_VARS=			PLIST+=${PKGDIR}/pkg-plist.cluster
-
-CUPS_CONFIGURE_ENABLE=		cups iprint
-CUPS_LIB_DEPENDS=		libcups.so:print/cups
-# https://bugzilla.samba.org/show_bug.cgi?id=9545
-FAM_USES=			fam
-FAM_CONFIGURE_WITH=		fam
-
-GPGME_CONFIGURE_WITH=		gpgme
-GPGME_LIB_DEPENDS=		libgpgme.so:security/gpgme
-GPGME_RUN_DEPENDS=		${PYTHON_PKGNAMEPREFIX}gpgme>=1.14.0:security/py-gpgme@${PY_FLAVOR}
-
-GSSAPI_BUILTIN_USES=		bison
-GSSAPI_BUILTIN_BUILD_DEPENDS=	p5-JSON>=4.0:converters/p5-JSON
-
-GSSAPI_MIT_CONFIGURE_ON=	--with-system-mitkrb5 ${GSSAPIBASEDIR} \
-				--with-system-mitkdc=${GSSAPIBASEDIR}/sbin/krb5kdc \
-				--with-experimental-mit-ad-dc
-GSSAPI_MIT_USES=		gssapi:mit
-
-GSSAPI_HEIMDAL_CONFIGURE_ON=	--with-system-heimdalkrb5 ${GSSAPIBASEDIR}
-GSSAPI_HEIMDAL_USES=		gssapi:heimdal
-GSSAPI_HEIMDAL_PREVENTS=	AD_DC
-GSSAPI_HEIMDAL_PREVENTS_MSG=	GSSAPI_HEIMDAL and AD_DC enable conflicting options
-
-LDAP_CONFIGURE_WITH=		ldap
-LDAP_CONFIGURE_ON=		--with-openldap=${LOCALBASE}
-LDAP_USES=			ldap
-LDAP_VARS=			SAMBA4_MODULES+=idmap_ldap
-
-LIBZFS_CONFIGURE_WITH=		libzfs
-LIBZFS_VARS=			SAMBA4_MODULES+=vfs_zfs_space
-
-MANDOC_BUILD_DEPENDS=		${LOCALBASE}/share/xsl/docbook/manpages/docbook.xsl:textproc/docbook-xsl \
-				xsltproc:textproc/libxslt
-MANDOC_CONFIGURE_ENV_OFF=	XSLTPROC="true"
-
-PROFILE_CONFIGURE_WITH=		profiling-data
-
-QUOTAS_CONFIGURE_WITH=		quotas
-
-SPOTLIGHT_CONFIGURE_ENABLE=	spotlight
-SPOTLIGHT_BUILD_DEPENDS=	tracker>=1.4.1:sysutils/tracker
-SPOTLIGHT_RUN_DEPENDS=		tracker>=1.4.1:sysutils/tracker
-# ICU
-SPOTLIGHT_LIB_DEPENDS=		libicuuc.so:devel/icu
-SPOTLIGHT_USES=			bison gnome
-SPOTLIGHT_USE=			gnome=glib20
-
-SYSLOG_CONFIGURE_WITH=		syslog
-
-UTMP_CONFIGURE_WITH=		utmp
-
-##############################################################################
-.include <bsd.port.options.mk>
-##############################################################################
-.if !defined(WANT_EXP_MODULES) || empty(WANT_EXP_MODULES)
-WANT_EXP_MODULES=		vfs_cacheprime
-.endif
-
-.if ${WANT_EXP_MODULES:Mvfs_snapper}
-# snapper needs dbus
-LIB_DEPENDS+=			libdbus-1.so:devel/dbus
-LIB_DEPENDS+=			libdbus-glib-1.so:devel/dbus-glib
-.endif
-
-SAMBA4_MODULES+=		krb5_async_dns_krb5_locator krb5_winbind_krb5_locator idmap_nss idmap_autorid \
-				idmap_rid idmap_hash idmap_tdb idmap_tdb2 idmap_script \
-				nss-info_hash
-# List of extra modules taken from RHEL build
-# https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=197320
-.if ${PORT_OPTIONS:MADS}
-SAMBA4_MODULES+=		idmap_ad idmap_rfc2307 nss-info_template \
-				nss-info_rfc2307 nss-info_sfu nss-info_sfu20
-.endif
-# This kind of special for this distribution
-SAMBA4_MODULES+=		vfs_freebsd
-
-SAMBA4_MODULES+=		vfs_acl_tdb vfs_acl_xattr vfs_aio_fork vfs_aio_pthread \
-				vfs_audit vfs_cap vfs_catia vfs_commit vfs_crossrename \
-				vfs_default_quota vfs_dirsort vfs_expand_msdfs \
-				vfs_extd_audit vfs_fake_perms vfs_full_audit \
-				vfs_linux_xfs_sgid vfs_media_harmony vfs_offline \
-				vfs_preopen vfs_readahead vfs_readonly vfs_recycle \
-				vfs_shadow_copy vfs_shadow_copy2 vfs_shell_snap \
-				vfs_streams_depot vfs_streams_xattr vfs_syncops \
-				vfs_time_audit vfs_unityed_media vfs_virusfilter \
-				vfs_widelinks vfs_worm vfs_xattr_tdb vfs_zfsacl
-
-.if ${PORT_OPTIONS:MDEVELOPER}
-SAMBA4_MODULES+=		auth_skel pdb_test gpext_security gpext_registry \
-				gpext_scripts perfcount_test vfs_fake_dfq \
-				vfs_skel_opaque vfs_skel_transparent \
-				vfs_shadow_copy_test vfs_fake_acls \
-				vfs_nfs4acl_xattr vfs_error_inject vfs_delay_inject
-.endif
-# Python bindings
-.if ! ${PORT_OPTIONS:MPYTHON3} || defined(NO_PYTHON)
-USES+=				python:build,test
-CONFIGURE_ARGS+=		--disable-python
-.else
-USES+=				python
-PLIST+=				${PKGDIR}/pkg-plist.python
-# Don't cache Python modules
-CONFIGURE_ARGS+=		--nopycache
-MAKE_ENV+=			PYTHONDONTWRITEBYTECODE=1
-
-.	if defined(SAMBA4_BUNDLED_TALLOC) && ${SAMBA4_BUNDLED_TALLOC} == yes
-SAMBA4_BUNDLED_LIBS+=		pytalloc-util
-.	else
-SAMBA4_BUNDLED_LIBS+=		!pytalloc-util
-.	endif
-
-.	if defined(SAMBA4_BUNDLED_TEVENT) && ${SAMBA4_BUNDLED_TEVENT} == yes
-SAMBA4_BUNDLED_LIBS+=		pytevent
-.	else
-SAMBA4_BUNDLED_LIBS+=		!pytevent
-.	endif
-
-.	if defined(SAMBA4_BUNDLED_TDB) && ${SAMBA4_BUNDLED_TDB} == yes
-SAMBA4_BUNDLED_LIBS+=		pytdb
-.	else
-SAMBA4_BUNDLED_LIBS+=		!pytdb
-.	endif
-
-.	if defined(SAMBA4_BUNDLED_LDB) && ${SAMBA4_BUNDLED_LDB} == yes
-SAMBA4_BUNDLED_LIBS+=		pyldb pyldb-util
-.	else
-SAMBA4_BUNDLED_LIBS+=		!pyldb !pyldb-util
-.	endif
-.endif
-
-.if defined(WANT_EXP_MODULES) && !empty(WANT_EXP_MODULES)
-SAMBA4_MODULES+=		${WANT_EXP_MODULES}
-.endif
-
-.if defined(SAMBA4_BUNDLED_LIBS) && !empty(SAMBA4_BUNDLED_LIBS)
-CONFIGURE_ARGS+=		--bundled-libraries="${SAMBA4_BUNDLED_LIBS:Q:C|(\\\\ )+|,|g:S|\\||g}"
-.endif
-
-.if defined(SAMBA4_MODULES) && !empty(SAMBA4_MODULES)
-CONFIGURE_ARGS+=		--with-shared-modules="${SAMBA4_MODULES:C|-|_|:Q:C|(\\\\ )+|,|g:S|\\||g}"
-.endif
-# XXX: Hack for nss-info_* -> nss_info/* modules
-# Add selected modules to the plist
-.for module in ${SAMBA4_MODULES}
-PLIST_FILES+=			${SAMBA4_MODULEDIR}/${module:C|_|/|:C|-|_|}.so
-.endfor
-
-.for module_class in ${SAMBA4_MODULES_CLASS}
-PLIST_DIRS+=			${SAMBA4_MODULEDIR}/${module_class}
-.endfor
-PLIST_DIRS+=			${SAMBA4_MODULEDIR}
-
-.if defined(WITH_DEBUG)
-CONFIGURE_ARGS+=		--verbose --enable-debug
-MAKE_ARGS+=			--verbose
-DEBUG_FLAGS?=			-g -ggdb3 -O0
-.endif
-
-##############################################################################
-.include <bsd.port.pre.mk>
-##############################################################################
-# Implemented in the gcrypt on AMD64
-.if ${ARCH} == "amd64"
-CONFIGURE_ARGS+=		--accel-aes=intelaesni
-.else
-CONFIGURE_ARGS+=		--accel-aes=none
-.endif
-
-# Only for 64-bit architectures
-.if ${ARCH} != armv6 && ${ARCH} != armv7 && ${ARCH} != i386 && ${ARCH} != mips && ${ARCH} != powerpc && ${ARCH} != powerpcspe
-.	if defined(SAMBA4_BUNDLED_LDB) && ${SAMBA4_BUNDLED_LDB} == yes && (${PORT_OPTIONS:MAD_DC} || ${PORT_OPTIONS:MDEVELOPER})
-# LMDB
-SAMBA4_LMDB_DEPENDS=		lmdb>=0.9.16:databases/lmdb
-PLIST_FILES+=			${SAMBA4_LIBDIR}/private/libldb-mdb-int-samba4.so \
-				${SAMBA4_MODULEDIR}/ldb/mdb.so
-.	endif
-.endif
-
-.if ${PORT_OPTIONS:MGSSAPI_MIT}
-PLIST_FILES+=			${SAMBA4_MODULEDIR}/krb5/winbind_krb5_localauth.so \
-				share/man/man8/winbind_krb5_localauth.8.gz
-.	if ${PORT_OPTIONS:MAD_DC}
-PLIST_FILES+=			${SAMBA4_LIBDIR}/krb5/plugins/kdb/samba.so
-.	endif
-.endif
-# for libexecinfo: (so that __builtin_frame_address() finds the top of the stack)
-CFLAGS_amd64+=			-fno-omit-frame-pointer
-# No fancy color error messages
-CFLAGS+=			${CFLAGS_${CHOSEN_COMPILER_TYPE}}
-CFLAGS_clang=			-fno-color-diagnostics
-CONFIGURE_ENV+=			NOCOLOR=yes WAF_LOG_FORMAT='%(c1)s%(zone)s%(c2)s %(message)s'
-MAKE_ENV+=			NOCOLOR=yes WAF_LOG_FORMAT='%(c1)s%(zone)s%(c2)s %(message)s'
-# Allow rpcgen to find proper CPP
-MAKE_ENV+=			RPCGEN_CPP="${CPP}"
-#.if ${readline_ARGS} == port
-#CFLAGS+=			-D_FUNCTION_DEF
-#.endif
-# Some symbols in samba's linker version scripts are not defined, but since the
-# scripts are generated dynamically, suppress errors with lld >= 17 due to these
-# undefined symbols.
-LDFLAGS+=			-Wl,--undefined-version
-
-SAMBA4_SUB=			SAMBA4_LOGDIR="${SAMBA4_LOGDIR}" \
-				SAMBA4_RUNDIR="${SAMBA4_RUNDIR}" \
-				SAMBA4_LOCKDIR="${SAMBA4_LOCKDIR}" \
-				SAMBA4_LIBDIR="${SAMBA4_LIBDIR}" \
-				SAMBA4_MODULEDIR="${SAMBA4_MODULEDIR}" \
-				SAMBA4_BINDDNSDIR="${SAMBA4_BINDDNSDIR}" \
-				SAMBA4_PRIVATEDIR="${SAMBA4_PRIVATEDIR}" \
-				SAMBA4_CONFDIR="${SAMBA4_CONFDIR}" \
-				SAMBA4_CONFIG="${SAMBA4_CONFIG}" \
-				SAMBA4_SERVICES="${SAMBA4_SERVICES}"
-
-PLIST_SUB+=			${SAMBA4_SUB}
-SUB_LIST+=			${SAMBA4_SUB}
-
-USE_RC_SUBR=			samba_server
-SUB_FILES=			pkg-message README.FreeBSD
-
-PORTDOCS=			README.FreeBSD
-
-post-extract:
-				@${RM} -r ${WRKSRC}/pidl/lib/Parse/Yapp
-
-post-patch:
-				@${REINPLACE_CMD} -e 's|$${PKGCONFIGDIR}|${PKGCONFIGDIR}|g' \
-					${PATCH_WRKSRC}/buildtools/wafsamba/pkgconfig.py
-				@${REINPLACE_CMD} -e 's|%%LOCALBASE%%|${LOCALBASE}|g' \
-					${PATCH_WRKSRC}/buildtools/wafsamba/wafsamba.py
-				@${REINPLACE_CMD} -e 's|%%GDB_CMD%%|${GDB_CMD}|g' \
-					${PATCH_WRKSRC}/buildtools/scripts/abi_gen.sh
-				@${REINPLACE_CMD} -e 's|%%SAMBA4_CONFIG%%|${SAMBA4_CONFIG}|g' \
-					${PATCH_WRKSRC}/dynconfig/wscript
-
-# Use threading (or multiprocessing) but not thread (renamed in python 3+).
-pre-configure:
-.if (!${PORT_OPTIONS:MPYTHON3} || defined(NO_PYTHON)) && ${PORT_OPTIONS:MAD_DC}
-				@${ECHO_CMD}; \
-				${ECHO_MSG} "===>  AD_DC option requires PYTHON3 to be set"; \
-				${ECHO_CMD}; \
-				${FALSE}
-.endif
-
-pre-build-MANDOC-off:
-				${MKDIR} ${BUILD_WRKSRC}/bin/default/docs-xml/
-				${CP} -rp ${BUILD_WRKSRC}/docs/manpages ${BUILD_WRKSRC}/bin/default/docs-xml/
-.for man in			libcli/nbt/man/nmblookup4.1 \
-				librpc/tools/ndrdump.1 \
-				source4/lib/registry/man/regdiff.1 \
-				source4/lib/registry/man/regpatch.1 \
-				source4/lib/registry/man/regshell.1 \
-				source4/lib/registry/man/regtree.1 \
-				source4/scripting/man/samba-gpupdate.8 \
-				source4/torture/man/gentest.1 \
-				source4/torture/man/locktest.1 \
-				source4/torture/man/masktest.1 \
-				source4/torture/man/smbtorture.1 \
-				source4/utils/man/ntlm_auth4.1 \
-				source4/utils/oLschema2ldif/oLschema2ldif.1 \
-				lib/tdb/man/tdbdump.8 \
-				lib/tdb/man/tdbbackup.8 \
-				lib/tdb/man/tdbtool.8 \
-				lib/talloc/man/talloc.3 \
-				lib/tdb/man/tdbrestore.8 \
-				lib/ldb/man/ldb.3 \
-				lib/ldb/man/ldbadd.1 \
-				lib/ldb/man/ldbdel.1 \
-				lib/ldb/man/ldbedit.1 \
-				lib/ldb/man/ldbmodify.1 \
-				lib/ldb/man/ldbrename.1 \
-				lib/ldb/man/ldbsearch.1 \
-				docs-xml/manpages/vfs_freebsd.8
-					${MKDIR} `dirname ${BUILD_WRKSRC}/bin/default/${man}`
-					${INSTALL_MAN} ${FILESDIR}/man/`basename ${man}` ${BUILD_WRKSRC}/bin/default/${man}
-.endfor
-.if ${PORT_OPTIONS:MCLUSTER}
-				${MKDIR} ${BUILD_WRKSRC}/bin/default/ctdb/
-.	for man in		ctdb_diagnostics.1 ctdb.1 ctdbd_wrapper.1 ctdbd.1 ltdbtool.1 onnode.1 ping_pong.1 \
-				ctdb.conf.5 ctdb.sysconfig.5 ctdb-script.options.5 \
-				ctdb.7 ctdb-statistics.7 ctdb-tunables.7
-					${INSTALL_MAN} ${FILESDIR}/man/${man} ${BUILD_WRKSRC}/bin/default/ctdb/
-.	endfor
-.endif
-
-post-install-rm-junk:
-				${RM} -r ${STAGEDIR}${PYTHON_SITELIBDIR}/samba/third_party
-				${FIND} ${STAGEDIR}${PYTHON_SITELIBDIR} -name __pycache__ \
-					-type d -print0 | ${XARGS} -0 -n 1 -t ${RM} -r
-				${FIND} ${STAGEDIR} -type f -empty -delete
-
-post-install-fix-manpages:
-.for f in vfs_aio_linux.8 vfs_btrfs.8 vfs_ceph.8 vfs_gpfs.8
-				${RM} ${STAGEDIR}${PREFIX}/share/man/man8/${f}
-.endfor
-.if defined(SAMBA4_BUNDLED_LDB) && ${SAMBA4_BUNDLED_LDB} == yes
-.	for f in ldbadd.1 ldbdel.1 ldbedit.1 ldbmodify.1 ldbrename.1 ldbsearch.1
-				${MV} ${STAGEDIR}${PREFIX}/share/man/man1/${f} ${STAGEDIR}${PREFIX}/share/man/man1/samba-${f}
-.	endfor
-.endif
-.if defined(SAMBA4_BUNDLED_TDB) && ${SAMBA4_BUNDLED_TDB} == yes
-.	for f in tdbbackup.8 tdbdump.8 tdbrestore.8 tdbtool.8
-				${MV} ${STAGEDIR}${PREFIX}/share/man/man8/${f} ${STAGEDIR}${PREFIX}/share/man/man8/samba-${f}
-.	endfor
-.endif
-
-post-install: post-install-rm-junk post-install-fix-manpages
-				${LN} -sf smb.conf.5.gz ${STAGEDIR}${PREFIX}/share/man/man5/smb4.conf.5.gz
-# Run post-install script
-.for dir in			${SAMBA4_LOGDIR} ${SAMBA4_RUNDIR} ${SAMBA4_LOCKDIR} ${SAMBA4_MODULEDIR}
-					${INSTALL} -d -m 0755 "${STAGEDIR}${dir}"
-.endfor
-				${INSTALL} -d -m 0750 "${STAGEDIR}${SAMBA4_BINDDNSDIR}"
-				${INSTALL} -d -m 0750 "${STAGEDIR}${SAMBA4_PRIVATEDIR}"
-.for module_class in			${SAMBA4_MODULES_CLASS}
-					${INSTALL} -d -m 0755 "${STAGEDIR}${SAMBA4_MODULEDIR}/${module_class}"
-.endfor
-.if !defined(WITH_DEBUG)
-				-${FIND} ${STAGEDIR}${PREFIX}/bin ${STAGEDIR}${PREFIX}/sbin ${STAGEDIR}${PREFIX}/libexec \
-					-type f -print0 | ${XARGS} -0 -n 1 -t ${STRIP_CMD}
-				-${FIND} ${STAGEDIR}${PREFIX}/lib -name '*.so*' \
-					-type f -print0 | ${XARGS} -0 -n 1 -t ${STRIP_CMD}
-.endif
-
-post-install-FRUIT-off:
-				${RM} ${STAGEDIR}${SAMBA4_MODULEDIR}/vfs/fruit.so
-				${RM} ${STAGEDIR}${PREFIX}/share/man/man8/vfs_fruit.8
-
-post-install-DOCS-on:
-				${MKDIR} ${STAGEDIR}${DOCSDIR}
-.for doc in			${PORTDOCS}
-				${INSTALL_DATA} ${WRKDIR}/${doc} ${STAGEDIR}${DOCSDIR}
-.endfor
-
-post-install-CLUSTER-on:
-				${LN} -nfs ../../../../share/ctdb/events/legacy/00.ctdb.script		${STAGEDIR}${PREFIX}/etc/ctdb/events/legacy/00.ctdb.script
-				${LN} -nfs ../../../../share/ctdb/events/legacy/10.interface.script	${STAGEDIR}${PREFIX}/etc/ctdb/events/legacy/10.interface.script
-				${LN} -nfs ../../../../share/ctdb/events/legacy/05.system.script	${STAGEDIR}${PREFIX}/etc/ctdb/events/legacy/05.system.script
-				${LN} -nfs ../../../../share/ctdb/events/legacy/01.reclock.script	${STAGEDIR}${PREFIX}/etc/ctdb/events/legacy/01.reclock.script
-
-.include <bsd.port.post.mk>

net/samba416.old/distinfo

@@ -1,3 +0,0 @@
-TIMESTAMP = 1689931801
-SHA256 (samba-4.16.11.tar.gz) = 5218878cdcc01aa8e83d2c84ad16c5f37a01ea5e1a93f640f9ee282053c46e12
-SIZE (samba-4.16.11.tar.gz) = 30721388

net/samba416.old/files/0001-Compact-and-simplify-modules-build-and-config-genera.patch

@@ -1,292 +0,0 @@
-From 05e3cc236406680a55e19b204202b63cdaf48ea1 Mon Sep 17 00:00:00 2001
-From: "Timur I. Bakeyev" <timur@FreeBSD.org>
-Date: Mon, 1 Aug 2022 04:15:43 +0200
-Subject: [PATCH 01/28] Compact and simplify modules build and config
- generation for Bind 9.x AD DLZ.
-
-Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
----
- python/samba/provision/sambadns.py | 68 ++++++++++++------------------
- source4/dns_server/dlz_minimal.h   | 44 +++++++++----------
- source4/dns_server/wscript_build   | 62 +++------------------------
- source4/setup/named.conf.dlz       | 25 +----------
- source4/torture/dns/wscript_build  |  2 +-
- 5 files changed, 55 insertions(+), 146 deletions(-)
-
-diff --git a/python/samba/provision/sambadns.py b/python/samba/provision/sambadns.py
-index 404b346a885..8e5a8ba5f25 100644
---- a/python/samba/provision/sambadns.py
-+++ b/python/samba/provision/sambadns.py
-@@ -21,6 +21,7 @@
- """DNS-related provisioning"""
- 
- import os
-+import re
- import uuid
- import shutil
- import time
-@@ -1010,52 +1011,37 @@ def create_named_conf(paths, realm, dnsdomain, dns_backend, logger):
-                                      stderr=subprocess.STDOUT,
-                                      cwd='.').communicate()[0]
-         bind_info = get_string(bind_info)
--        bind9_8 = '#'
--        bind9_9 = '#'
--        bind9_10 = '#'
--        bind9_11 = '#'
--        bind9_12 = '#'
--        bind9_14 = '#'
--        bind9_16 = '#'
--        bind9_18 = '#'
--        if bind_info.upper().find('BIND 9.8') != -1:
--            bind9_8 = ''
--        elif bind_info.upper().find('BIND 9.9') != -1:
--            bind9_9 = ''
--        elif bind_info.upper().find('BIND 9.10') != -1:
--            bind9_10 = ''
--        elif bind_info.upper().find('BIND 9.11') != -1:
--            bind9_11 = ''
--        elif bind_info.upper().find('BIND 9.12') != -1:
--            bind9_12 = ''
--        elif bind_info.upper().find('BIND 9.14') != -1:
--            bind9_14 = ''
--        elif bind_info.upper().find('BIND 9.16') != -1:
--            bind9_16 = ''
--        elif bind_info.upper().find('BIND 9.18') != -1:
--            bind9_18 = ''
--        elif bind_info.upper().find('BIND 9.7') != -1:
--            raise ProvisioningError("DLZ option incompatible with BIND 9.7.")
--        elif bind_info.upper().find('BIND_9.13') != -1:
--            raise ProvisioningError("Only stable/esv releases of BIND are supported.")
--        elif bind_info.upper().find('BIND_9.15') != -1:
--            raise ProvisioningError("Only stable/esv releases of BIND are supported.")
--        elif bind_info.upper().find('BIND_9.17') != -1:
--            raise ProvisioningError("Only stable/esv releases of BIND are supported.")
-+        bind9_release = re.search('BIND (9)\.(\d+)\.', bind_info, re.I)
-+        if bind9_release:
-+            bind9_disabled = ''
-+            bind9_version = bind9_release.group(0) + "x"
-+            bind9_version_major = int(bind9_release.group(1))
-+            bind9_version_minor = int(bind9_release.group(2))
-+            if bind9_version_minor == 7:
-+                raise ProvisioningError("DLZ option incompatible with BIND 9.7.")
-+            elif bind9_version_minor == 8:
-+                bind9_dlz_version = "9"
-+            elif bind9_version_minor in [13, 15, 17]:
-+                raise ProvisioningError("Only stable/esv releases of BIND are supported.")
-+            else:
-+                bind9_dlz_version = "%d_%d" % (bind9_version_major, bind9_version_minor)
-         else:
-+            bind9_disabled = '# '
-+            bind9_version = "BIND z.y.x"
-+            bind9_dlz_version = "z_y"
-             logger.warning("BIND version unknown, please modify %s manually." % paths.namedconf)
-+
-+        bind9_dlz = (
-+            '    # For %s\n'
-+            '    %sdatabase "dlopen %s/bind9/dlz_bind%s.so";'
-+        ) % (
-+            bind9_version, bind9_disabled, samba.param.modules_dir(), bind9_dlz_version
-+        )
-         setup_file(setup_path("named.conf.dlz"), paths.namedconf, {
-                     "NAMED_CONF": paths.namedconf,
-                     "MODULESDIR": samba.param.modules_dir(),
--                    "BIND9_8": bind9_8,
--                    "BIND9_9": bind9_9,
--                    "BIND9_10": bind9_10,
--                    "BIND9_11": bind9_11,
--                    "BIND9_12": bind9_12,
--                    "BIND9_14": bind9_14,
--                    "BIND9_16": bind9_16,
--                    "BIND9_18": bind9_18
--                    })
-+                    "BIND9_DLZ": bind9_dlz
-+                 })
- 
- 
- def create_named_txt(path, realm, dnsdomain, dnsname, binddns_dir,
-diff --git a/source4/dns_server/dlz_minimal.h b/source4/dns_server/dlz_minimal.h
-index b7e36e7f8e6..bbdb616deb2 100644
---- a/source4/dns_server/dlz_minimal.h
-+++ b/source4/dns_server/dlz_minimal.h
-@@ -26,31 +26,25 @@
- #include <stdint.h>
- #include <stdbool.h>
- 
--#if defined (BIND_VERSION_9_8)
--# error Bind 9.8 is not supported!
--#elif defined (BIND_VERSION_9_9)
--# error Bind 9.9 is not supported!
--#elif defined (BIND_VERSION_9_10)
--# define DLZ_DLOPEN_VERSION 3
--# define DNS_CLIENTINFO_VERSION 1
--# define ISC_BOOLEAN_AS_BOOL 0
--#elif defined (BIND_VERSION_9_11)
--# define DLZ_DLOPEN_VERSION 3
--# define DNS_CLIENTINFO_VERSION 2
--# define ISC_BOOLEAN_AS_BOOL 0
--#elif defined (BIND_VERSION_9_12)
--# define DLZ_DLOPEN_VERSION 3
--# define DNS_CLIENTINFO_VERSION 2
--# define ISC_BOOLEAN_AS_BOOL 0
--#elif defined (BIND_VERSION_9_14)
--# define DLZ_DLOPEN_VERSION 3
--# define DNS_CLIENTINFO_VERSION 2
--#elif defined (BIND_VERSION_9_16)
--# define DLZ_DLOPEN_VERSION 3
--# define DNS_CLIENTINFO_VERSION 2
--#elif defined (BIND_VERSION_9_18)
--# define DLZ_DLOPEN_VERSION 3
--# define DNS_CLIENTINFO_VERSION 2
-+#if defined (BIND_VERSION)
-+# if BIND_VERSION == 908
-+#  error Bind 9.8 is not supported!
-+# elif BIND_VERSION == 909
-+#  error Bind 9.9 is not supported!
-+# elif BIND_VERSION == 910
-+#  define DLZ_DLOPEN_VERSION 3
-+#  define DNS_CLIENTINFO_VERSION 1
-+#  define ISC_BOOLEAN_AS_BOOL 0
-+# elif BIND_VERSION == 911 || BIND_VERSION == 912
-+#  define DLZ_DLOPEN_VERSION 3
-+#  define DNS_CLIENTINFO_VERSION 2
-+#  define ISC_BOOLEAN_AS_BOOL 0
-+# elif BIND_VERSION >= 914
-+#  define DLZ_DLOPEN_VERSION 3
-+#  define DNS_CLIENTINFO_VERSION 2
-+# else
-+#  error Unsupported BIND version
-+# endif
- #else
- # error Unsupported BIND version
- #endif
-diff --git a/source4/dns_server/wscript_build b/source4/dns_server/wscript_build
-index ab0a241b937..3743753504c 100644
---- a/source4/dns_server/wscript_build
-+++ b/source4/dns_server/wscript_build
-@@ -20,69 +20,21 @@ bld.SAMBA_MODULE('service_dns',
-         )
- 
- # a bind9 dlz module giving access to the Samba DNS SAM
--bld.SAMBA_LIBRARY('dlz_bind9_10',
-+for bind_version in (910, 911, 912, 914, 916, 918):
-+    string_version='%d_%d' % (bind_version // 100, bind_version % 100)
-+    bld.SAMBA_LIBRARY('dlz_bind%s' % (string_version),
-                   source='dlz_bind9.c',
--                  cflags='-DBIND_VERSION_9_10',
-+                  cflags='-DBIND_VERSION=%d' % bind_version,
-                   private_library=True,
--                  link_name='modules/bind9/dlz_bind9_10.so',
--                  realname='dlz_bind9_10.so',
--                  install_path='${MODULESDIR}/bind9',
--                  deps='samba-hostconfig samdb-common gensec popt dnsserver_common',
--                  enabled=bld.AD_DC_BUILD_IS_ENABLED())
--
--bld.SAMBA_LIBRARY('dlz_bind9_11',
--                  source='dlz_bind9.c',
--                  cflags='-DBIND_VERSION_9_11',
--                  private_library=True,
--                  link_name='modules/bind9/dlz_bind9_11.so',
--                  realname='dlz_bind9_11.so',
--                  install_path='${MODULESDIR}/bind9',
--                  deps='samba-hostconfig samdb-common gensec popt dnsserver_common',
--                  enabled=bld.AD_DC_BUILD_IS_ENABLED())
--
--bld.SAMBA_LIBRARY('dlz_bind9_12',
--                  source='dlz_bind9.c',
--                  cflags='-DBIND_VERSION_9_12',
--                  private_library=True,
--                  link_name='modules/bind9/dlz_bind9_12.so',
--                  realname='dlz_bind9_12.so',
--                  install_path='${MODULESDIR}/bind9',
--                  deps='samba-hostconfig samdb-common gensec popt dnsserver_common',
--                  enabled=bld.AD_DC_BUILD_IS_ENABLED())
--
--bld.SAMBA_LIBRARY('dlz_bind9_14',
--                  source='dlz_bind9.c',
--                  cflags='-DBIND_VERSION_9_14',
--                  private_library=True,
--                  link_name='modules/bind9/dlz_bind9_14.so',
--                  realname='dlz_bind9_14.so',
--                  install_path='${MODULESDIR}/bind9',
--                  deps='samba-hostconfig samdb-common gensec popt dnsserver_common',
--                  enabled=bld.AD_DC_BUILD_IS_ENABLED())
--
--bld.SAMBA_LIBRARY('dlz_bind9_16',
--                  source='dlz_bind9.c',
--                  cflags='-DBIND_VERSION_9_16',
--                  private_library=True,
--                  link_name='modules/bind9/dlz_bind9_16.so',
--                  realname='dlz_bind9_16.so',
--                  install_path='${MODULESDIR}/bind9',
--                  deps='samba-hostconfig samdb-common gensec popt dnsserver_common',
--                  enabled=bld.AD_DC_BUILD_IS_ENABLED())
--
--bld.SAMBA_LIBRARY('dlz_bind9_18',
--                  source='dlz_bind9.c',
--                  cflags='-DBIND_VERSION_9_18',
--                  private_library=True,
--                  link_name='modules/bind9/dlz_bind9_18.so',
--                  realname='dlz_bind9_18.so',
-+                  link_name='modules/bind9/dlz_bind%s.so' % (string_version),
-+                  realname='dlz_bind%s.so' % (string_version),
-                   install_path='${MODULESDIR}/bind9',
-                   deps='samba-hostconfig samdb-common gensec popt dnsserver_common',
-                   enabled=bld.AD_DC_BUILD_IS_ENABLED())
- 
- bld.SAMBA_LIBRARY('dlz_bind9_for_torture',
-                   source='dlz_bind9.c',
--                  cflags='-DBIND_VERSION_9_16',
-+                  cflags='-DBIND_VERSION=918',
-                   private_library=True,
-                   deps='samba-hostconfig samdb-common gensec popt dnsserver_common',
-                   enabled=bld.AD_DC_BUILD_IS_ENABLED())
-diff --git a/source4/setup/named.conf.dlz b/source4/setup/named.conf.dlz
-index cbe7d805f58..32672768af4 100644
---- a/source4/setup/named.conf.dlz
-+++ b/source4/setup/named.conf.dlz
-@@ -10,28 +10,5 @@
- # Uncomment only single database line, depending on your BIND version
- #
- dlz "AD DNS Zone" {
--    # For BIND 9.8.x
--    ${BIND9_8} database "dlopen ${MODULESDIR}/bind9/dlz_bind9.so";
--
--    # For BIND 9.9.x
--    ${BIND9_9} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_9.so";
--
--    # For BIND 9.10.x
--    ${BIND9_10} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_10.so";
--
--    # For BIND 9.11.x
--    ${BIND9_11} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_11.so";
--
--    # For BIND 9.12.x
--    ${BIND9_12} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_12.so";
--
--    # For BIND 9.14.x
--    ${BIND9_14} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_14.so";
--
--    # For BIND 9.16.x
--    ${BIND9_16} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_16.so";
--    #
--    # For BIND 9.18.x
--    ${BIND9_18} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_18.so";
-+${BIND9_DLZ}
- };
--
-diff --git a/source4/torture/dns/wscript_build b/source4/torture/dns/wscript_build
-index 0b40e03e370..bf7415ff88a 100644
---- a/source4/torture/dns/wscript_build
-+++ b/source4/torture/dns/wscript_build
-@@ -5,7 +5,7 @@ if bld.AD_DC_BUILD_IS_ENABLED():
- 		source='dlz_bind9.c',
- 		subsystem='smbtorture',
- 		init_function='torture_bind_dns_init',
--		cflags='-DBIND_VERSION_9_16',
-+		cflags='-DBIND_VERSION=918',
- 		deps='torture talloc torturemain dlz_bind9_for_torture',
- 		internal_module=True
- 		)
--- 
-2.37.1
-

net/samba416.old/files/0002-Adjust-abi_gen.sh-script-to-run-under-FreeBSD-with-i.patch

@@ -1,35 +0,0 @@
-From 639b8d650685476016a6d5b1c996a04ac54f8a6f Mon Sep 17 00:00:00 2001
-From: "Timur I. Bakeyev" <timur@FreeBSD.org>
-Date: Sun, 30 May 2021 04:00:08 +0200
-Subject: [PATCH 02/28] Adjust abi_gen.sh script to run under FreeBSD with it's
- own bintools and slightly different output of GDB.
-
-Substitution: yes
-
-Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
----
- buildtools/scripts/abi_gen.sh | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/buildtools/scripts/abi_gen.sh b/buildtools/scripts/abi_gen.sh
-index ddb0a7cc36f..d2750705ff9 100755
---- a/buildtools/scripts/abi_gen.sh
-+++ b/buildtools/scripts/abi_gen.sh
-@@ -9,6 +9,7 @@ GDBSCRIPT="gdb_syms.$$"
- cat <<EOF
- set height 0
- set width 0
-+set print sevenbit-strings on
- EOF
- 
- # On older linker versions _init|_fini symbols are not hidden.
-@@ -22,5 +23,5 @@ done
- ) > $GDBSCRIPT
- 
- # forcing the terminal avoids a problem on Fedora12
--TERM=none gdb -n -batch -x $GDBSCRIPT "$SHAREDLIB" < /dev/null
-+TERM=none %%GDB_CMD%% -n -batch -x $GDBSCRIPT "$SHAREDLIB" < /dev/null
- rm -f $GDBSCRIPT
--- 
-2.37.1
-

net/samba416.old/files/0003-Mask-CLang-prototype-warnings-in-kadm5-admin.h.patch

@@ -1,32 +0,0 @@
-From 382c3edc95a1747e0a6edd05c76adc0ec21a66c7 Mon Sep 17 00:00:00 2001
-From: "Timur I. Bakeyev" <timur@FreeBSD.org>
-Date: Sun, 30 May 2021 03:50:17 +0200
-Subject: [PATCH 03/28] Mask CLang prototype warnings in kadm5/admin.h
-
-Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
----
- source4/kdc/kdc-service-mit.c | 6 +++++-
- 1 file changed, 5 insertions(+), 1 deletion(-)
-
-diff --git a/source4/kdc/kdc-service-mit.c b/source4/kdc/kdc-service-mit.c
-index 22663b6ecc8..5bef125206a 100644
---- a/source4/kdc/kdc-service-mit.c
-+++ b/source4/kdc/kdc-service-mit.c
-@@ -36,9 +36,13 @@
- #include "kdc/samba_kdc.h"
- #include "kdc/kdc-server.h"
- #include "kdc/kpasswd-service.h"
--#include <kadm5/admin.h>
- #include <kdb.h>
- 
-+#pragma clang diagnostic push
-+#pragma clang diagnostic ignored "-Wstrict-prototypes"
-+#include <kadm5/admin.h>
-+#pragma clang diagnostic pop
-+
- #include "source4/kdc/mit_kdc_irpc.h"
- 
- /* PROTOTYPES */
--- 
-2.37.1
-

net/samba416.old/files/0004-On-FreeBSD-date-1-has-different-semantics-than-on-Li.patch

@@ -1,38 +0,0 @@
-From 0eb28116ceefee7bdafabac18a1763f13cb71883 Mon Sep 17 00:00:00 2001
-From: "Timur I. Bakeyev" <timur@FreeBSD.org>
-Date: Sun, 30 May 2021 03:42:31 +0200
-Subject: [PATCH 04/28] On FreeBSD `date(1)` has different semantics than on
- Linux. Generate call parameter accordingly.
-
-FreeBSD: `date [[[[[cc]yy]mm]dd]HH]MM[.ss]`
-Linux:   `date [mmddHHMM[[cc]yy][.ss]]`
-
-Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
----
- source3/utils/net_time.c | 7 ++++++-
- 1 file changed, 6 insertions(+), 1 deletion(-)
-
-diff --git a/source3/utils/net_time.c b/source3/utils/net_time.c
-index d102f84614f..f679000a979 100644
---- a/source3/utils/net_time.c
-+++ b/source3/utils/net_time.c
-@@ -82,10 +82,15 @@ static const char *systime(time_t t)
- 	if (!tm) {
- 		return "unknown";
- 	}
--
-+#if defined(FREEBSD)
-+	return talloc_asprintf(talloc_tos(), "%04d%02d%02d%02d%02d.%02d",
-+				tm->tm_year + 1900, tm->tm_mon+1, tm->tm_mday,
-+				tm->tm_hour, tm->tm_min, tm->tm_sec);
-+#else
- 	return talloc_asprintf(talloc_tos(), "%02d%02d%02d%02d%04d.%02d",
- 			       tm->tm_mon+1, tm->tm_mday, tm->tm_hour,
- 			       tm->tm_min, tm->tm_year + 1900, tm->tm_sec);
-+#endif
- }
- 
- int net_time_usage(struct net_context *c, int argc, const char **argv)
--- 
-2.37.1
-

net/samba416.old/files/0005-Include-jemalloc-jemalloc.h-if-ENABLE_JEMALLOC-is-se.patch

@@ -1,26 +0,0 @@
-From 3cc67018c560d32b98523618d16902c1a670ed40 Mon Sep 17 00:00:00 2001
-From: "Timur I. Bakeyev" <timur@FreeBSD.org>
-Date: Sun, 30 May 2021 03:33:51 +0200
-Subject: [PATCH 05/28] Include jemalloc/jemalloc.h if ENABLE_JEMALLOC is set.
-
-Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
----
- source3/include/includes.h | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/source3/include/includes.h b/source3/include/includes.h
-index 510a0b96539..94a076de11e 100644
---- a/source3/include/includes.h
-+++ b/source3/include/includes.h
-@@ -326,6 +326,8 @@ typedef char fstring[FSTRING_LEN];
-  * the *bottom* of include files so as not to conflict. */
- #ifdef ENABLE_DMALLOC
- #  include <dmalloc.h>
-+#elif ENABLE_JEMALLOC
-+#  include <jemalloc/jemalloc.h>
- #endif
- 
- 
--- 
-2.37.1
-

net/samba416.old/files/0006-Install-nss_-modules-into-PAMMODULESDIR-path.patch

@@ -1,32 +0,0 @@
-From 406621efcd26d48b5e8f1e5df4082c8bf2cc8bab Mon Sep 17 00:00:00 2001
-From: "Timur I. Bakeyev" <timur@FreeBSD.org>
-Date: Sun, 30 May 2021 03:32:21 +0200
-Subject: [PATCH 06/28] Install nss_* modules into PAMMODULESDIR path.
-
-Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
----
- nsswitch/wscript_build | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/nsswitch/wscript_build b/nsswitch/wscript_build
-index 3247b6c2b7c..df2fc3b97ea 100644
---- a/nsswitch/wscript_build
-+++ b/nsswitch/wscript_build
-@@ -54,12 +54,14 @@ elif (host_os.rfind('freebsd') > -1):
- 			  source='winbind_nss_linux.c winbind_nss_freebsd.c',
- 			  deps='wbclient',
- 			  realname='nss_winbind.so.1',
-+			  install_path='${PAMMODULESDIR}',
- 			  vnum='1')
- 
- 	bld.SAMBA3_PLUGIN('nss_wins',
- 			  source='wins.c wins_freebsd.c',
- 			  deps='''wbclient''',
- 			  realname='nss_wins.so.1',
-+			  install_path='${PAMMODULESDIR}',
- 			  vnum='1')
- 
- elif (host_os.rfind('netbsd') > -1):
--- 
-2.37.1
-

net/samba416.old/files/0007-Use-macro-value-as-a-default-backlog-size-for-the-li.patch

@@ -1,105 +0,0 @@
-From 75f20f8e144a926873b619e1c0918896689d39a0 Mon Sep 17 00:00:00 2001
-From: "Timur I. Bakeyev" <timur@FreeBSD.org>
-Date: Sun, 30 May 2021 03:28:09 +0200
-Subject: [PATCH 07/28] Use macro value as a default backlog size for the
- `listen()` syscall.
-
-Set that macro to -1 on FreeBSD, specifying maximum kernel configured
-allowed backlog size.
-
-Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
----
- lib/tevent/echo_server.c    |  2 +-
- source3/include/local.h     | 11 +++++++++++
- source3/libsmb/unexpected.c |  2 +-
- source3/utils/smbfilter.c   |  2 +-
- source3/winbindd/winbindd.c |  4 ++--
- 5 files changed, 16 insertions(+), 5 deletions(-)
-
-diff --git a/lib/tevent/echo_server.c b/lib/tevent/echo_server.c
-index f93d8bcdee7..49354dbf0e5 100644
---- a/lib/tevent/echo_server.c
-+++ b/lib/tevent/echo_server.c
-@@ -633,7 +633,7 @@ int main(int argc, const char **argv)
- 		exit(1);
- 	}
- 
--	ret = listen(listen_sock, 5);
-+	ret = listen(listen_sock, DEFAULT_LISTEN_BACKLOG);
- 	if (ret == -1) {
- 		perror("listen() failed");
- 		exit(1);
-diff --git a/source3/include/local.h b/source3/include/local.h
-index 297e5572fdb..d85aab09f9f 100644
---- a/source3/include/local.h
-+++ b/source3/include/local.h
-@@ -163,7 +163,18 @@
- #define WINBIND_SERVER_MUTEX_WAIT_TIME (( ((NUM_CLI_AUTH_CONNECT_RETRIES) * ((CLI_AUTH_TIMEOUT)/1000)) + 5)*2)
- 
- /* size of listen() backlog in smbd */
-+#if defined (FREEBSD)
-+#define SMBD_LISTEN_BACKLOG -1
-+#else
- #define SMBD_LISTEN_BACKLOG 50
-+#endif
-+
-+/* size of listen() default backlog */
-+#if defined (FREEBSD)
-+#define DEFAULT_LISTEN_BACKLOG -1
-+#else
-+#define DEFAULT_LISTEN_BACKLOG 5
-+#endif
- 
- /* Number of microseconds to wait before a sharing violation. */
- #define SHARING_VIOLATION_USEC_WAIT 950000
-diff --git a/source3/libsmb/unexpected.c b/source3/libsmb/unexpected.c
-index ced46969b88..317d6b1e0e2 100644
---- a/source3/libsmb/unexpected.c
-+++ b/source3/libsmb/unexpected.c
-@@ -95,7 +95,7 @@ NTSTATUS nb_packet_server_create(TALLOC_CTX *mem_ctx,
- 		status = map_nt_error_from_unix(errno);
- 		goto fail;
- 	}
--	rc = listen(result->listen_sock, 5);
-+	rc = listen(result->listen_sock, DEFAULT_LISTEN_BACKLOG);
- 	if (rc < 0) {
- 		status = map_nt_error_from_unix(errno);
- 		goto fail;
-diff --git a/source3/utils/smbfilter.c b/source3/utils/smbfilter.c
-index 3fbd63975c9..b2d90f993fc 100644
---- a/source3/utils/smbfilter.c
-+++ b/source3/utils/smbfilter.c
-@@ -291,7 +291,7 @@ static void start_filter(char *desthost)
- 		exit(1);
- 	}
- 
--	if (listen(s, 5) == -1) {
-+	if (listen(s, DEFAULT_LISTEN_BACKLOG) == -1) {
- 		d_printf("listen failed\n");
- 	}
- 
-diff --git a/source3/winbindd/winbindd.c b/source3/winbindd/winbindd.c
-index 0f9c6449a5a..c2df0c92372 100644
---- a/source3/winbindd/winbindd.c
-+++ b/source3/winbindd/winbindd.c
-@@ -1312,7 +1312,7 @@ static bool winbindd_setup_listeners(void)
- 	if (pub_state->fd == -1) {
- 		goto failed;
- 	}
--	rc = listen(pub_state->fd, 5);
-+	rc = listen(pub_state->fd, DEFAULT_LISTEN_BACKLOG);
- 	if (rc < 0) {
- 		goto failed;
- 	}
-@@ -1344,7 +1344,7 @@ static bool winbindd_setup_listeners(void)
- 	if (priv_state->fd == -1) {
- 		goto failed;
- 	}
--	rc = listen(priv_state->fd, 5);
-+	rc = listen(priv_state->fd, DEFAULT_LISTEN_BACKLOG);
- 	if (rc < 0) {
- 		goto failed;
- 	}
--- 
-2.37.1
-

net/samba416.old/files/0008-Brute-force-work-around-usage-of-Linux-specific-m-fl.patch

@@ -1,111 +0,0 @@
-From 29d0b3479f61f33356d6cc82099085b5c412f949 Mon Sep 17 00:00:00 2001
-From: "Timur I. Bakeyev" <timur@FreeBSD.org>
-Date: Sun, 30 May 2021 03:24:48 +0200
-Subject: [PATCH 08/28] Brute force work around usage of Linux-specific `%m`
- flag in `sscanf()`.
-
-Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
----
- libcli/http/http.c                | 36 ++++++++++++++++++++++++++-----
- source4/libcli/ldap/ldap_client.c | 12 +++++++++++
- 2 files changed, 43 insertions(+), 5 deletions(-)
-
-diff --git a/libcli/http/http.c b/libcli/http/http.c
-index d20fc25f9e2..a28caca0045 100644
---- a/libcli/http/http.c
-+++ b/libcli/http/http.c
-@@ -142,7 +142,19 @@ static enum http_read_status http_parse_headers(struct http_read_response_state
- 		return HTTP_ALL_DATA_READ;
- 	}
- 
-+#ifdef FREEBSD
-+	int s0, s1, s2, s3; s0 = s1 = s2 = s3 = 0;
-+	n = sscanf(line, "%n%*[^:]%n: %n%*[^\r\n]%n\r\n", &s0, &s1, &s2, &s3);
-+
-+	if(n >= 0) {
-+		key = calloc(sizeof(char), s1-s0+1);
-+		value = calloc(sizeof(char), s3-s2+1);
-+
-+		n = sscanf(line, "%[^:]: %[^\r\n]\r\n", key, value);
-+	}
-+#else
- 	n = sscanf(line, "%m[^:]: %m[^\r\n]\r\n", &key, &value);
-+#endif
- 	if (n != 2) {
- 		DEBUG(0, ("%s: Error parsing header '%s'\n", __func__, line));
- 		status = HTTP_DATA_CORRUPTED;
-@@ -168,7 +180,7 @@ error:
- static bool http_parse_response_line(struct http_read_response_state *state)
- {
- 	bool	status = true;
--	char	*protocol;
-+	char	*protocol = NULL;
- 	char	*msg = NULL;
- 	char	major;
- 	char	minor;
-@@ -188,12 +200,22 @@ static bool http_parse_response_line(struct http_read_response_state *state)
- 		return false;
- 	}
- 
-+#ifdef FREEBSD
-+	int s0, s1, s2, s3; s0 = s1 = s2 = s3 = 0;
-+	n = sscanf(line, "%n%*[^/]%n/%c.%c %d %n%*[^\r\n]%n\r\n",
-+		   &s0, &s1, &major, &minor, &code, &s2, &s3);
-+
-+	if(n == 3) {
-+		protocol = calloc(sizeof(char), s1-s0+1);
-+		msg = calloc(sizeof(char), s3-s2+1);
-+
-+		n = sscanf(line, "%[^/]/%c.%c %d %[^\r\n]\r\n",
-+			protocol, &major, &minor, &code, msg);
-+	}
-+#else
- 	n = sscanf(line, "%m[^/]/%c.%c %d %m[^\r\n]\r\n",
- 		   &protocol, &major, &minor, &code, &msg);
--
--	DEBUG(11, ("%s: Header parsed(%i): protocol->%s, major->%c, minor->%c, "
--		   "code->%d, message->%s\n", __func__, n, protocol, major, minor,
--		   code, msg));
-+#endif
- 
- 	if (n != 5) {
- 		DEBUG(0, ("%s: Error parsing header\n",	__func__));
-@@ -201,6 +223,10 @@ static bool http_parse_response_line(struct http_read_response_state *state)
- 		goto error;
- 	}
- 
-+	DEBUG(11, ("%s: Header parsed(%i): protocol->%s, major->%c, minor->%c, "
-+		   "code->%d, message->%s\n", __func__, n, protocol, major, minor,
-+		   code, msg));
-+
- 	if (major != '1') {
- 		DEBUG(0, ("%s: Bad HTTP major number '%c'\n", __func__, major));
- 		status = false;
-diff --git a/source4/libcli/ldap/ldap_client.c b/source4/libcli/ldap/ldap_client.c
-index 8614ccdfd54..2630d3c8859 100644
---- a/source4/libcli/ldap/ldap_client.c
-+++ b/source4/libcli/ldap/ldap_client.c
-@@ -402,8 +402,20 @@ static int ldap_parse_basic_url(
- 		*pport = port;
- 		return 0;
- 	}
-+#ifdef FREEBSD
-+	int s0, s1; s0 = s1 = 0;
-+	ret = sscanf(url, "%n%*[^:/]%n:%d", &s0, &s1, &port);
- 
-+	if(ret >= 0) {
-+		host = calloc(sizeof(char), s1 - s0 + 1);
-+		if (host == NULL) {
-+			return ENOMEM;
-+		}
-+		ret = sscanf(url, "%[^:/]:%d", host, &port);
-+	}
-+#else
- 	ret = sscanf(url, "%m[^:/]:%d", &host, &port);
-+#endif
- 	if (ret < 1) {
- 		return EINVAL;
- 	}
--- 
-2.37.1
-

net/samba416.old/files/0009-Make-sure-that-config-checks-fail-if-the-warning-is-.patch

@@ -1,39 +0,0 @@
-From 3189d57e9c6cf8d5d25566f2760cfa4f822d7a2c Mon Sep 17 00:00:00 2001
-From: "Timur I. Bakeyev" <timur@FreeBSD.org>
-Date: Sun, 30 May 2021 03:21:19 +0200
-Subject: [PATCH 09/28] Make sure that config checks fail if the warning is
- raised, by adding -Werror flag to the CFLAGS(WERROR_CFLAGS)
-
-Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
----
- buildtools/wafsamba/samba_autoconf.py | 2 +-
- lib/replace/wscript                   | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/buildtools/wafsamba/samba_autoconf.py b/buildtools/wafsamba/samba_autoconf.py
-index 78927d85193..cf87c8bb9ff 100644
---- a/buildtools/wafsamba/samba_autoconf.py
-+++ b/buildtools/wafsamba/samba_autoconf.py
-@@ -987,5 +987,5 @@ def SAMBA_CHECK_UNDEFINED_SYMBOL_FLAGS(conf):
-         conf.env.undefined_ldflags = conf.ADD_LDFLAGS('-Wl,-no-undefined', testflags=True)
- 
-         if (conf.env.undefined_ignore_ldflags == [] and
--            conf.CHECK_LDFLAGS(['-undefined', 'dynamic_lookup'])):
-+            conf.CHECK_LDFLAGS(['-undefined', 'dynamic_lookup'] + conf.env.WERROR_CFLAGS)):
-             conf.env.undefined_ignore_ldflags = ['-undefined', 'dynamic_lookup']
-diff --git a/lib/replace/wscript b/lib/replace/wscript
-index 0db93d8caf1..1f9806f1dd7 100644
---- a/lib/replace/wscript
-+++ b/lib/replace/wscript
-@@ -122,7 +122,7 @@ def configure(conf):
-     conf.CHECK_HEADERS('sys/atomic.h stdatomic.h')
-     conf.CHECK_HEADERS('libgen.h')
- 
--    if conf.CHECK_CFLAGS('-Wno-format-truncation'):
-+    if conf.CHECK_CFLAGS(['-Wno-format-truncation'] + conf.env.WERROR_CFLAGS):
-         conf.define('HAVE_WNO_FORMAT_TRUNCATION', '1')
- 
-     if conf.CHECK_CFLAGS('-Wno-unused-function'):
--- 
-2.37.1
-

net/samba416.old/files/0010-Add-option-with-pkgconfigdir-to-specify-alternative-.patch

@@ -1,54 +0,0 @@
-From 5b0d17a5b7849f40f59fb0daedd62e8f5a1b0fba Mon Sep 17 00:00:00 2001
-From: "Timur I. Bakeyev" <timur@FreeBSD.org>
-Date: Sun, 30 May 2021 03:16:37 +0200
-Subject: [PATCH 10/28] Add option --with-pkgconfigdir, to specify alternative
- location.
-
-Override name of the config file.
-
-Remove code that doesn't allow direct install into /usr
-
-Substitution: yes
-
-Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
----
- dynconfig/wscript | 9 ++++-----
- 1 file changed, 4 insertions(+), 5 deletions(-)
-
-diff --git a/dynconfig/wscript b/dynconfig/wscript
-index c62afa25399..29cacf1b92c 100644
---- a/dynconfig/wscript
-+++ b/dynconfig/wscript
-@@ -151,6 +151,8 @@ dynconfig = {
-     'PKGCONFIGDIR' : {
-          'STD-PATH':  '${LIBDIR}/pkgconfig',
-          'FHS-PATH':  '${LIBDIR}/pkgconfig',
-+         'OPTION':    '--with-pkgconfigdir',
-+         'HELPTEXT':  'Where to put .pc files',
-     },
-     'CODEPAGEDIR' : {
-          'STD-PATH':  '${DATADIR}/codepages',
-@@ -257,8 +259,8 @@ dynconfig = {
-          'DELAY':     True,
-     },
-     'CONFIGFILE' : {
--         'STD-PATH':  '${CONFIGDIR}/smb.conf',
--         'FHS-PATH':  '${CONFIGDIR}/smb.conf',
-+         'STD-PATH':  '${CONFIGDIR}/%%SAMBA4_CONFIG%%',
-+         'FHS-PATH':  '${CONFIGDIR}/%%SAMBA4_CONFIG%%',
-          'DELAY':     True,
-     },
-     'LMHOSTSFILE' : {
-@@ -317,9 +319,6 @@ def configure(conf):
-         flavor = 'FHS-PATH'
-     else:
-         flavor = 'STD-PATH'
--        if conf.env.PREFIX == '/usr' or conf.env.PREFIX == '/usr/local':
--           Logs.error("Don't install directly under /usr or /usr/local without using the FHS option (--enable-fhs)")
--           raise Errors.WafError("ERROR: invalid --prefix=%s value" % (conf.env.PREFIX))
- 
-     explicit_set ={}
- 
--- 
-2.37.1
-

net/samba416.old/files/0011-Use-provided-by-port-location-of-the-XML-catalog.patch

@@ -1,28 +0,0 @@
-From 6c68907dcd9abd82cc95c842380a8e817b8f0e7f Mon Sep 17 00:00:00 2001
-From: "Timur I. Bakeyev" <timur@FreeBSD.org>
-Date: Sun, 30 May 2021 02:54:28 +0200
-Subject: [PATCH 11/28] Use provided by port location of the XML catalog.
-
-Substitution: yes
-
-Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
----
- buildtools/wafsamba/wafsamba.py | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/buildtools/wafsamba/wafsamba.py b/buildtools/wafsamba/wafsamba.py
-index 7885ee720be..c42a021bc01 100644
---- a/buildtools/wafsamba/wafsamba.py
-+++ b/buildtools/wafsamba/wafsamba.py
-@@ -1174,7 +1174,7 @@ def SAMBAMANPAGES(bld, manpages, extra_source=None):
-     bld.env.SAMBA_EXPAND_XSL = bld.srcnode.abspath() + '/docs-xml/xslt/expand-sambadoc.xsl'
-     bld.env.SAMBA_MAN_XSL = bld.srcnode.abspath() + '/docs-xml/xslt/man.xsl'
-     bld.env.SAMBA_CATALOG = bld.bldnode.abspath() + '/docs-xml/build/catalog.xml'
--    bld.env.SAMBA_CATALOGS = 'file:///etc/xml/catalog file:///usr/local/share/xml/catalog file://' + bld.env.SAMBA_CATALOG
-+    bld.env.SAMBA_CATALOGS = 'file:///etc/xml/catalog file://%%LOCALBASE%%/share/xml/catalog file://' + bld.env.SAMBA_CATALOG
- 
-     for m in manpages.split():
-         source = [m + '.xml']
--- 
-2.37.1
-

net/samba416.old/files/0012-Create-shared-libraries-according-to-the-FreeBSD-spe.patch

@@ -1,29 +0,0 @@
-From 9731cc810b50b6694ff931135df398a6772200ae Mon Sep 17 00:00:00 2001
-From: "Timur I. Bakeyev" <timur@FreeBSD.org>
-Date: Sun, 30 May 2021 02:51:47 +0200
-Subject: [PATCH 12/28] Create shared libraries according to the
- FreeBSD-specific naming schema, where only major.minor versions are used.
-
-https://docs.freebsd.org/en/books/developers-handbook/policies/#policies-shlib
-
-Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
----
- buildtools/wafsamba/samba_install.py | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/buildtools/wafsamba/samba_install.py b/buildtools/wafsamba/samba_install.py
-index 2957e16c3da..82abbf893e2 100644
---- a/buildtools/wafsamba/samba_install.py
-+++ b/buildtools/wafsamba/samba_install.py
-@@ -115,7 +115,7 @@ def install_library(self):
-                 inst_name    = bld.make_libname(t.target)
-         elif self.vnum:
-             vnum_base    = self.vnum.split('.')[0]
--            install_name = bld.make_libname(target_name, version=self.vnum)
-+            install_name = bld.make_libname(target_name, version=vnum_base)
-             install_link = bld.make_libname(target_name, version=vnum_base)
-             inst_name    = bld.make_libname(t.target)
-             if not self.private_library or not t.env.SONAME_ST:
--- 
-2.37.1
-

net/samba416.old/files/0013-Pass-additional-msg-parameter-to-CHECK_LIB-so-it-can.patch

@@ -1,70 +0,0 @@
-From 6be12b41eb0f71cfc25b5df6659dd176bd681621 Mon Sep 17 00:00:00 2001
-From: "Timur I. Bakeyev" <timur@FreeBSD.org>
-Date: Thu, 8 Sep 2022 00:25:05 +0200
-Subject: [PATCH 13/28] Pass additional msg parameter to CHECK_LIB(), so it can
- be transited to the conf.check(), which allows us to specify `match`
- parameter to opt.add_option().
-
-Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
----
- buildtools/wafsamba/samba_autoconf.py | 9 ++++++---
- buildtools/wafsamba/wscript           | 9 +++++++--
- 2 files changed, 13 insertions(+), 5 deletions(-)
-
-diff --git a/buildtools/wafsamba/samba_autoconf.py b/buildtools/wafsamba/samba_autoconf.py
-index cf87c8bb9ff..f6c72d99125 100644
---- a/buildtools/wafsamba/samba_autoconf.py
-+++ b/buildtools/wafsamba/samba_autoconf.py
-@@ -593,7 +593,7 @@ def library_flags(self, libs):
- 
- 
- @conf
--def CHECK_LIB(conf, libs, mandatory=False, empty_decl=True, set_target=True, shlib=False):
-+def CHECK_LIB(conf, libs, mandatory=False, empty_decl=True, set_target=True, shlib=False, msg=None):
-     '''check if a set of libraries exist as system libraries
- 
-     returns the sublist of libs that do exist as a syslib or []
-@@ -613,11 +613,14 @@ int foo()
-             ret.append(lib)
-             continue
- 
-+        if msg is None:
-+            msg = 'Checking for library %s' % lib
-+
-         (ccflags, ldflags, cpppath) = library_flags(conf, lib)
-         if shlib:
--            res = conf.check(features='c cshlib', fragment=fragment, lib=lib, uselib_store=lib, cflags=ccflags, ldflags=ldflags, uselib=lib.upper(), mandatory=False)
-+            res = conf.check(features='c cshlib', fragment=fragment, lib=lib, uselib_store=lib, cflags=ccflags, ldflags=ldflags, uselib=lib.upper(), mandatory=False, msg=msg)
-         else:
--            res = conf.check(lib=lib, uselib_store=lib, cflags=ccflags, ldflags=ldflags, uselib=lib.upper(), mandatory=False)
-+            res = conf.check(lib=lib, uselib_store=lib, cflags=ccflags, ldflags=ldflags, uselib=lib.upper(), mandatory=False, msg=msg)
- 
-         if not res:
-             if mandatory:
-diff --git a/buildtools/wafsamba/wscript b/buildtools/wafsamba/wscript
-index a4d6f3e5c49..c047e1e8b5a 100644
---- a/buildtools/wafsamba/wscript
-+++ b/buildtools/wafsamba/wscript
-@@ -133,12 +133,17 @@ Currently the only tested value is 'smbtorture,smbd/smbd' for Samba'''),
-                    help=("private library directory [PREFIX/lib/%s]" % Context.g_module.APPNAME),
-                    action="store", dest='PRIVATELIBDIR', default=None)
- 
-+    opt.add_option('--with-openldap',
-+                   help='additional directory to search for OpenLDAP libs',
-+                   action='store', dest='ldap_open', default=None,
-+                   match = ['Checking for library lber', 'Checking for library ldap'])
-+
-     opt.add_option('--with-libiconv',
-                    help='additional directory to search for libiconv',
--                   action='store', dest='iconv_open', default='/usr/local',
-+                   action='store', dest='iconv_open', default=None,
-                    match = ['Checking for library iconv', 'Checking for iconv_open', 'Checking for header iconv.h'])
-     opt.add_option('--without-gettext',
--                   help=("Disable use of gettext"),
-+                   help=("disable use of gettext"),
-                    action="store_true", dest='disable_gettext', default=False)
- 
-     gr = opt.option_group('developer options')
--- 
-2.37.1
-

net/samba416.old/files/0014-Add-option-to-disable-CTDB-tests-failing-on-FreeBSD-.patch

@@ -1,77 +0,0 @@
-From 2f16c17b683655fe318a1e6d45aaad3857d1a512 Mon Sep 17 00:00:00 2001
-From: "Timur I. Bakeyev" <timur@FreeBSD.org>
-Date: Mon, 31 May 2021 00:35:36 +0200
-Subject: [PATCH 14/28] Add option to disable CTDB tests - failing on FreeBSD
- right now in too many places.
-
-Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
----
- ctdb/wscript | 24 ++++++++++++++++++------
- 1 file changed, 18 insertions(+), 6 deletions(-)
-
-diff --git a/ctdb/wscript b/ctdb/wscript
-index a9fef9241aa..c89c6decdd7 100644
---- a/ctdb/wscript
-+++ b/ctdb/wscript
-@@ -106,6 +106,9 @@ def options(opt):
-     opt.add_option('--enable-ceph-reclock',
-                    help=("Enable Ceph CTDB recovery lock helper (default=no)"),
-                    action="store_true", dest='ctdb_ceph_reclock', default=False)
-+    opt.add_option('--disable-ctdb-tests',
-+                   help=("Disable CTDB tests (default=no)"),
-+                   action="store_true", dest='ctdb_no_tests', default=False)
- 
-     opt.add_option('--with-logdir',
-                    help=("Path to log directory"),
-@@ -278,7 +281,7 @@ def configure(conf):
- 
-     if Options.options.ctdb_ceph_reclock:
-         if (conf.CHECK_HEADERS('rados/librados.h', False, False, 'rados') and
--					conf.CHECK_LIB('rados', shlib=True)):
-+                                         conf.CHECK_LIB('rados', shlib=True)):
-             Logs.info('Building with Ceph librados recovery lock support')
-             conf.define('HAVE_LIBRADOS', 1)
-         else:
-@@ -317,8 +320,14 @@ def configure(conf):
-                     conf.env.CTDB_VARDIR,
-                     conf.env.CTDB_RUNDIR))
- 
--    conf.env.CTDB_TEST_DATADIR = os.path.join(conf.env.CTDB_DATADIR, 'tests')
--    conf.env.CTDB_TEST_LIBEXECDIR = os.path.join(conf.env.LIBEXECDIR, 'ctdb/tests')
-+    if Options.options.ctdb_no_tests:
-+        conf.env.ctdb_tests = False
-+    else:
-+        conf.env.ctdb_tests = True
-+
-+    if conf.env.ctdb_tests:
-+        conf.env.CTDB_TEST_DATADIR = os.path.join(conf.env.CTDB_DATADIR, 'tests')
-+        conf.env.CTDB_TEST_LIBEXECDIR = os.path.join(conf.env.LIBEXECDIR, 'ctdb/tests')
- 
-     # Allow unified compilation and separate compilation of utilities
-     # to find includes
-@@ -706,9 +715,9 @@ def build(bld):
-     if bld.env.HAVE_LIBRADOS:
-         bld.SAMBA_BINARY('ctdb_mutex_ceph_rados_helper',
-                          source='utils/ceph/ctdb_mutex_ceph_rados_helper.c',
--			 deps='talloc tevent rados',
--			 includes='include',
--			 install_path='${CTDB_HELPER_BINDIR}')
-+                         deps='talloc tevent rados',
-+                         includes='include',
-+                         install_path='${CTDB_HELPER_BINDIR}')
- 
-     sed_expr1 = 's|/usr/local/var/lib/ctdb|%s|g'  % (bld.env.CTDB_VARDIR)
-     sed_expr2 = 's|/usr/local/etc/ctdb|%s|g'      % (bld.env.CTDB_ETCDIR)
-@@ -885,6 +894,9 @@ def build(bld):
-     for d in ['volatile', 'persistent', 'state']:
-         bld.INSTALL_DIR(os.path.join(bld.env.CTDB_VARDIR, d))
- 
-+    if not bld.env.ctdb_tests:
-+        return
-+
-     #
-     # Test-only below this point
-     #
--- 
-2.37.1
-

net/samba416.old/files/0015-Add-extra-debug-class-to-trck-down-DB-locking-code.patch

@@ -1,132 +0,0 @@
-From 08e648c899e5023f337d2fa56e4e758f62f31ec4 Mon Sep 17 00:00:00 2001
-From: "Timur I. Bakeyev" <timur@FreeBSD.org>
-Date: Mon, 31 May 2021 00:38:38 +0200
-Subject: [PATCH 15/28] Add extra debug class to trck down DB locking code.
-
-Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
----
- lib/dbwrap/dbwrap.c               | 3 +++
- lib/dbwrap/dbwrap_local_open.c    | 3 +++
- lib/dbwrap/dbwrap_rbt.c           | 3 +++
- lib/dbwrap/dbwrap_tdb.c           | 3 +++
- lib/dbwrap/dbwrap_util.c          | 3 +++
- source3/lib/dbwrap/dbwrap_ctdb.c  | 3 +++
- source3/lib/dbwrap/dbwrap_open.c  | 3 +++
- source3/lib/dbwrap/dbwrap_watch.c | 3 +++
- 8 files changed, 24 insertions(+)
-
-diff --git a/lib/dbwrap/dbwrap.c b/lib/dbwrap/dbwrap.c
-index 7555efaa3ab..51f58fea851 100644
---- a/lib/dbwrap/dbwrap.c
-+++ b/lib/dbwrap/dbwrap.c
-@@ -28,6 +28,9 @@
- #include "lib/util/util_tdb.h"
- #include "lib/util/tevent_ntstatus.h"
- 
-+#undef DBGC_CLASS
-+#define DBGC_CLASS DBGC_LOCKING
-+
- /*
-  * Fall back using fetch if no genuine exists operation is provided
-  */
-diff --git a/lib/dbwrap/dbwrap_local_open.c b/lib/dbwrap/dbwrap_local_open.c
-index 20c5fa0e1d2..b834bbd0e41 100644
---- a/lib/dbwrap/dbwrap_local_open.c
-+++ b/lib/dbwrap/dbwrap_local_open.c
-@@ -23,6 +23,9 @@
- #include "dbwrap/dbwrap_tdb.h"
- #include "tdb.h"
- 
-+#undef DBGC_CLASS
-+#define DBGC_CLASS DBGC_LOCKING
-+
- struct db_context *dbwrap_local_open(TALLOC_CTX *mem_ctx,
- 				     const char *name,
- 				     int hash_size, int tdb_flags,
-diff --git a/lib/dbwrap/dbwrap_rbt.c b/lib/dbwrap/dbwrap_rbt.c
-index db456dfffba..483558a6dc7 100644
---- a/lib/dbwrap/dbwrap_rbt.c
-+++ b/lib/dbwrap/dbwrap_rbt.c
-@@ -24,6 +24,9 @@
- #include "../lib/util/rbtree.h"
- #include "../lib/util/dlinklist.h"
- 
-+#undef DBGC_CLASS
-+#define DBGC_CLASS DBGC_LOCKING
-+
- #define DBWRAP_RBT_ALIGN(_size_) (((_size_)+15)&~15)
- 
- struct db_rbt_ctx {
-diff --git a/lib/dbwrap/dbwrap_tdb.c b/lib/dbwrap/dbwrap_tdb.c
-index 6cd95fa25ad..4a75cd80256 100644
---- a/lib/dbwrap/dbwrap_tdb.c
-+++ b/lib/dbwrap/dbwrap_tdb.c
-@@ -29,6 +29,9 @@
- #include "lib/param/param.h"
- #include "libcli/util/error.h"
- 
-+#undef DBGC_CLASS
-+#define DBGC_CLASS DBGC_LOCKING
-+
- struct db_tdb_ctx {
- 	struct tdb_wrap *wtdb;
- 
-diff --git a/lib/dbwrap/dbwrap_util.c b/lib/dbwrap/dbwrap_util.c
-index df6dea40097..465814f0952 100644
---- a/lib/dbwrap/dbwrap_util.c
-+++ b/lib/dbwrap/dbwrap_util.c
-@@ -26,6 +26,9 @@
- #include "dbwrap.h"
- #include "lib/util/util_tdb.h"
- 
-+#undef DBGC_CLASS
-+#define DBGC_CLASS DBGC_LOCKING
-+
- struct dbwrap_fetch_int32_state {
- 	NTSTATUS status;
- 	int32_t result;
-diff --git a/source3/lib/dbwrap/dbwrap_ctdb.c b/source3/lib/dbwrap/dbwrap_ctdb.c
-index 0907089164a..9fc771d1217 100644
---- a/source3/lib/dbwrap/dbwrap_ctdb.c
-+++ b/source3/lib/dbwrap/dbwrap_ctdb.c
-@@ -38,6 +38,9 @@
- #include "lib/cluster_support.h"
- #include "lib/util/tevent_ntstatus.h"
- 
-+#undef DBGC_CLASS
-+#define DBGC_CLASS DBGC_LOCKING
-+
- struct db_ctdb_transaction_handle {
- 	struct db_ctdb_ctx *ctx;
- 	/*
-diff --git a/source3/lib/dbwrap/dbwrap_open.c b/source3/lib/dbwrap/dbwrap_open.c
-index 52c8a94aeff..caefb579058 100644
---- a/source3/lib/dbwrap/dbwrap_open.c
-+++ b/source3/lib/dbwrap/dbwrap_open.c
-@@ -31,6 +31,9 @@
- #include "ctdbd_conn.h"
- #include "global_contexts.h"
- 
-+#undef DBGC_CLASS
-+#define DBGC_CLASS DBGC_LOCKING
-+
- bool db_is_local(const char *name)
- {
- 	const char *sockname = lp_ctdbd_socket();
-diff --git a/source3/lib/dbwrap/dbwrap_watch.c b/source3/lib/dbwrap/dbwrap_watch.c
-index 17a52de37cc..77f7b178229 100644
---- a/source3/lib/dbwrap/dbwrap_watch.c
-+++ b/source3/lib/dbwrap/dbwrap_watch.c
-@@ -28,6 +28,9 @@
- #include "server_id_watch.h"
- #include "lib/dbwrap/dbwrap_private.h"
- 
-+#undef DBGC_CLASS
-+#define DBGC_CLASS DBGC_LOCKING
-+
- struct dbwrap_watcher {
- 	/*
- 	 * Process watching this record
--- 
-2.37.1
-

net/samba416.old/files/0016-Make-ldb_schema_attribute_compare-a-stable-comparisi.patch

@@ -1,29 +0,0 @@
-From 2b3ee747cdf83b80d07aaf1b261956bc9894ff36 Mon Sep 17 00:00:00 2001
-From: "Timur I. Bakeyev" <timur@FreeBSD.org>
-Date: Thu, 8 Sep 2022 00:06:37 +0200
-Subject: [PATCH 16/28] Make ldb_schema_attribute_compare() a stable
- comparision function.
-
-Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
----
- lib/ldb/ldb_key_value/ldb_kv_cache.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/lib/ldb/ldb_key_value/ldb_kv_cache.c b/lib/ldb/ldb_key_value/ldb_kv_cache.c
-index 4a3c9f29020..cb200aeb9ba 100644
---- a/lib/ldb/ldb_key_value/ldb_kv_cache.c
-+++ b/lib/ldb/ldb_key_value/ldb_kv_cache.c
-@@ -92,7 +92,9 @@ static int ldb_schema_attribute_compare(const void *p1, const void *p2)
- {
- 	const struct ldb_schema_attribute *sa1 = (const struct ldb_schema_attribute *)p1;
- 	const struct ldb_schema_attribute *sa2 = (const struct ldb_schema_attribute *)p2;
--	return ldb_attr_cmp(sa1->name, sa2->name);
-+	int res = ldb_attr_cmp(sa1->name, sa2->name);
-+
-+	return (res) ? res : (sa1->flags > sa2->flags) ? 1 : (sa1->flags < sa2->flags) ? -1 : 0;
- }
- 
- /*
--- 
-2.37.1
-

net/samba416.old/files/0017-Use-arc4random-when-available-to-generate-random-tal.patch

@@ -1,49 +0,0 @@
-From 42c9490dd346ee2f4369cbed4c37cb43f06e5d19 Mon Sep 17 00:00:00 2001
-From: "Timur I. Bakeyev" <timur@FreeBSD.org>
-Date: Wed, 7 Sep 2022 23:52:43 +0200
-Subject: [PATCH 17/28] Use arc4random() when available to generate random
- talloc slab signature.
-
-Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
----
- lib/talloc/talloc.c | 4 ++++
- lib/talloc/wscript  | 1 +
- 2 files changed, 5 insertions(+)
-
-diff --git a/lib/talloc/talloc.c b/lib/talloc/talloc.c
-index 29da190880a..79c76fd9e35 100644
---- a/lib/talloc/talloc.c
-+++ b/lib/talloc/talloc.c
-@@ -397,6 +397,9 @@ void talloc_lib_init(void) CONSTRUCTOR;
- void talloc_lib_init(void)
- {
- 	uint32_t random_value;
-+#if defined(HAVE_ARC4RANDOM)
-+	random_value = arc4random();
-+#else
- #if defined(HAVE_GETAUXVAL) && defined(AT_RANDOM)
- 	uint8_t *p;
- 	/*
-@@ -430,6 +433,7 @@ void talloc_lib_init(void)
- 		 */
- 		random_value = ((uintptr_t)talloc_lib_init & 0xFFFFFFFF);
- 	}
-+#endif /* HAVE_ARC4RANDOM */
- 	talloc_magic = random_value & ~TALLOC_FLAG_MASK;
- }
- #else
-diff --git a/lib/talloc/wscript b/lib/talloc/wscript
-index f0c266a7878..c75ec0505df 100644
---- a/lib/talloc/wscript
-+++ b/lib/talloc/wscript
-@@ -52,6 +52,7 @@ def configure(conf):
- 
-     conf.CHECK_HEADERS('sys/auxv.h')
-     conf.CHECK_FUNCS('getauxval')
-+    conf.CHECK_FUNCS('arc4random')
- 
-     conf.SAMBA_CONFIG_H()
- 
--- 
-2.37.1
-

net/samba416.old/files/0018-Add-configuration-option-that-allows-to-choose-alter.patch

@@ -1,65 +0,0 @@
-From b81d399aa6d9e2bdbb9db0efa8109c41aad4d025 Mon Sep 17 00:00:00 2001
-From: "Timur I. Bakeyev" <timur@FreeBSD.org>
-Date: Mon, 31 May 2021 02:49:20 +0200
-Subject: [PATCH 18/28] Add configuration option that allows to choose
- alternative mDNS implementation dns_sd library.
-
-Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
----
- source3/wscript       | 12 ++++++++++++
- source3/wscript_build |  2 ++
- 2 files changed, 14 insertions(+)
-
-diff --git a/source3/wscript b/source3/wscript
-index 2121b8b6510..6209472c6c8 100644
---- a/source3/wscript
-+++ b/source3/wscript
-@@ -70,6 +70,7 @@ def options(opt):
-     opt.samba_add_onoff_option('sendfile-support', default=None)
-     opt.samba_add_onoff_option('utmp')
-     opt.samba_add_onoff_option('avahi', with_name="enable", without_name="disable")
-+    opt.samba_add_onoff_option('dnssd', with_name="enable", without_name="disable")
-     opt.samba_add_onoff_option('iconv')
-     opt.samba_add_onoff_option('acl-support')
-     opt.samba_add_onoff_option('syslog')
-@@ -855,6 +856,17 @@ msg.msg_accrightslen = sizeof(fd);
-         conf.SET_TARGET_TYPE('avahi-common', 'EMPTY')
-         conf.SET_TARGET_TYPE('avahi-client', 'EMPTY')
- 
-+    if Options.options.with_dnssd:
-+        conf.env.with_dnssd = True
-+        if not conf.CHECK_HEADERS('dns_sd.h'):
-+            conf.env.with_dnssd = False
-+        if not conf.CHECK_FUNCS_IN('DNSServiceRegister', 'dns_sd'):
-+            conf.env.with_dnssd = False
-+        if conf.env.with_dnssd:
-+            conf.DEFINE('WITH_DNSSD_SUPPORT', 1)
-+    else:
-+        conf.SET_TARGET_TYPE('dns_sd', 'EMPTY')
-+
-     if Options.options.with_iconv:
-         conf.env.with_iconv = True
-         if not conf.CHECK_FUNCS_IN('iconv_open', 'iconv', headers='iconv.h'):
-diff --git a/source3/wscript_build b/source3/wscript_build
-index 5cf965dc45d..edd7985e648 100644
---- a/source3/wscript_build
-+++ b/source3/wscript_build
-@@ -709,6 +709,7 @@ bld.SAMBA3_LIBRARY('smbd_base',
-                         samba3core
-                         param_service
-                         AVAHI
-+                        dns_sd
-                         PROFILE
-                         LOCKING
-                         LIBADS_SERVER
-@@ -1128,6 +1129,7 @@ bld.SAMBA3_BINARY('client/smbclient',
-                       msrpc3
-                       RPC_NDR_SRVSVC
-                       cli_smb_common
-+                      dns_sd
-                       archive
-                       ''')
- 
--- 
-2.37.1
-

net/samba416.old/files/0019-From-923bc7a1afeb0b920e60e14846987ae1d2d7dca4-Mon-Se.patch

@@ -1,544 +0,0 @@
-From 5aabf82dfaf325bf682db85d80476224e7005a41 Mon Sep 17 00:00:00 2001
-From: "Timur I. Bakeyev" <timur@FreeBSD.org>
-Date: Mon, 31 May 2021 00:46:16 +0200
-Subject: [PATCH 19/28] From 923bc7a1afeb0b920e60e14846987ae1d2d7dca4 Mon Sep
- 17 00:00:00 2001 From: John Hixson <john@ixsystems.com> Date: Thu, 7 Dec 2017
- 09:36:32 -0500 Subject: [PATCH] Freenas/master mdns fixes (#22)
-
-* mDNS fixes for Samba (work in progress).
-* Fix mDNS - Can advertise on individual interfaces
-* Fix mDNS browsing in smbclient
-
-Signed-off-by: Timur I. Bakeyev <timur@iXsystems.com>
-Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
----
- source3/client/dnsbrowse.c |  19 +-
- source3/smbd/dnsregister.c | 354 ++++++++++++++++++++++++++++++-------
- 2 files changed, 299 insertions(+), 74 deletions(-)
-
-diff --git a/source3/client/dnsbrowse.c b/source3/client/dnsbrowse.c
-index be6eb881cf1..83aef966d2a 100644
---- a/source3/client/dnsbrowse.c
-+++ b/source3/client/dnsbrowse.c
-@@ -39,6 +39,7 @@ struct mdns_smbsrv_result
- struct mdns_browse_state
- {
- 	struct mdns_smbsrv_result *listhead; /* Browse result list head */
-+	TALLOC_CTX * ctx;
- 	int browseDone;
- 
- };
-@@ -64,7 +65,7 @@ static void do_smb_resolve(struct mdns_smbsrv_result *browsesrv)
- 	struct timeval tv;
- 	DNSServiceErrorType err;
- 
--	TALLOC_CTX * ctx = talloc_tos();
-+	TALLOC_CTX * ctx = talloc_new(NULL);
- 
- 	err = DNSServiceResolve(&mdns_conn_sdref, 0 /* flags */,
- 		browsesrv->ifIndex,
-@@ -91,7 +92,7 @@ static void do_smb_resolve(struct mdns_smbsrv_result *browsesrv)
- 		}
- 	}
- 
--	TALLOC_FREE(fdset);
-+	TALLOC_FREE(ctx);
- 	DNSServiceRefDeallocate(mdns_conn_sdref);
- }
- 
-@@ -124,18 +125,19 @@ do_smb_browse_reply(DNSServiceRef sdRef, DNSServiceFlags flags,
- 		return;
- 	}
- 
--	bresult = talloc_array(talloc_tos(), struct mdns_smbsrv_result, 1);
-+	bresult = talloc_array(bstatep->ctx, struct mdns_smbsrv_result, 1);
- 	if (bresult == NULL) {
- 		return;
- 	}
- 
-+	bresult->nextResult = NULL;
- 	if (bstatep->listhead != NULL) {
- 		bresult->nextResult = bstatep->listhead;
- 	}
- 
--	bresult->serviceName = talloc_strdup(talloc_tos(), serviceName);
--	bresult->regType = talloc_strdup(talloc_tos(), regtype);
--	bresult->domain = talloc_strdup(talloc_tos(), replyDomain);
-+	bresult->serviceName = talloc_strdup(bstatep->ctx, serviceName);
-+	bresult->regType = talloc_strdup(bstatep->ctx, regtype);
-+	bresult->domain = talloc_strdup(bstatep->ctx, replyDomain);
- 	bresult->ifIndex = interfaceIndex;
- 	bstatep->listhead = bresult;
- }
-@@ -151,10 +153,13 @@ int do_smb_browse(void)
- 	DNSServiceRef mdns_conn_sdref = NULL;
- 	DNSServiceErrorType err;
- 
--	TALLOC_CTX * ctx = talloc_stackframe();
-+	TALLOC_CTX * ctx = talloc_new(NULL);
- 
- 	ZERO_STRUCT(bstate);
- 
-+	bstate.ctx = ctx;
-+	bstate.listhead = NULL;
-+
- 	err = DNSServiceBrowse(&mdns_conn_sdref, 0, 0, "_smb._tcp", "",
- 			do_smb_browse_reply, &bstate);
- 
-diff --git a/source3/smbd/dnsregister.c b/source3/smbd/dnsregister.c
-index df189001a09..389a4278f64 100644
---- a/source3/smbd/dnsregister.c
-+++ b/source3/smbd/dnsregister.c
-@@ -29,6 +29,29 @@
-  * browse for advertised SMB services.
-  */
- 
-+/*
-+ * Time Machine Errata:
-+ * sys=adVF=0x100 -- this is required when ._adisk._tcp is present on device. When it is
-+ * set, the MacOS client will send a NetShareEnumAll IOCTL and shares will be visible.
-+ * Otherwise, Finder will only see the Time Machine share. In the absence of ._adisk._tcp
-+ * MacOS will _always_ send NetShareEnumAll IOCTL.
-+ *
-+ * waMa=0 -- MacOS server uses waMa=0, while embedded devices have it set to their Mac Address.
-+ * Speculation in Samba-Technical indicates that this stands for "Wireless AirDisk Mac Address".
-+ *
-+ * adVU -- AirDisk Volume UUID. Mac OS servers generate a UUID. Time machine over SMB works without one
-+ * set. Netatalk generates a UUID and stores it persistently in afp_voluuid.conf. This can be
-+ * set by adding the share parameter "fruit:volume_uuid = "
-+ *
-+ * dk(n)=adVF=
-+ *      0xa1, 0x81 - AFP support
-+ *      0xa2, 0x82 - SMB support
-+ *      0xa3, 0x83 - AFP and SMB support
-+ *
-+ * adVN -- AirDisk Volume Name. We set this to the share name.
-+ *
-+ */
-+
- #define DNS_REG_RETRY_INTERVAL (5*60)  /* in seconds */
- 
- #ifdef WITH_DNSSD_SUPPORT
-@@ -36,85 +59,177 @@
- #include <dns_sd.h>
- 
- struct dns_reg_state {
--	struct tevent_context *event_ctx;
--	uint16_t port;
--	DNSServiceRef srv_ref;
--	struct tevent_timer *te;
--	int fd;
--	struct tevent_fd *fde;
-+	int count;
-+	struct reg_state {
-+		DNSServiceRef srv_ref;
-+		TALLOC_CTX *mem_ctx;
-+		struct tevent_context *event_ctx;
-+		struct tevent_timer *te;
-+		struct tevent_fd *fde;
-+		uint16_t port;
-+		int if_index;
-+		int fd;
-+	} *drs;
- };
- 
--static int dns_reg_state_destructor(struct dns_reg_state *dns_state)
-+static void dns_register_smbd_retry(struct tevent_context *ctx,
-+				    struct tevent_timer *te,
-+				    struct timeval now,
-+				    void *private_data);
-+static void dns_register_smbd_fde_handler(struct tevent_context *ev,
-+					  struct tevent_fd *fde,
-+					  uint16_t flags,
-+					  void *private_data);
-+
-+
-+static int reg_state_destructor(struct reg_state *state)
- {
--	if (dns_state->srv_ref != NULL) {
-+	if (state == NULL) {
-+		return -1;
-+	}
-+
-+	if (state->srv_ref != NULL) {
- 		/* Close connection to the mDNS daemon */
--		DNSServiceRefDeallocate(dns_state->srv_ref);
--		dns_state->srv_ref = NULL;
-+		DNSServiceRefDeallocate(state->srv_ref);
-+		state->srv_ref = NULL;
- 	}
- 
- 	/* Clear event handler */
--	TALLOC_FREE(dns_state->te);
--	TALLOC_FREE(dns_state->fde);
--	dns_state->fd = -1;
-+	TALLOC_FREE(state->te);
-+	TALLOC_FREE(state->fde);
-+	state->fd = -1;
- 
- 	return 0;
- }
- 
--static void dns_register_smbd_retry(struct tevent_context *ctx,
--				    struct tevent_timer *te,
--				    struct timeval now,
--				    void *private_data);
--static void dns_register_smbd_fde_handler(struct tevent_context *ev,
--					  struct tevent_fd *fde,
--					  uint16_t flags,
--					  void *private_data);
-+int TXTRecordPrintf(TXTRecordRef * rec, const char * key, const char * fmt, ... )
-+{
-+	int ret = 0;
-+	char *str;
-+	va_list ap;
-+	va_start( ap, fmt );
-+
-+	if( 0 > vasprintf(&str, fmt, ap ) ) {
-+		va_end(ap);
-+		return -1;
-+	}
-+	va_end(ap);
-+
-+	if( kDNSServiceErr_NoError != TXTRecordSetValue(rec, key, strlen(str), str) ) {
-+		ret = -1;
-+	}
-+
-+	free(str);
-+	return ret;
-+}
-+
-+int TXTRecordKeyPrintf(TXTRecordRef * rec, const char * key_fmt, int key_var, const char * fmt, ...)
-+{
-+	int ret = 0;
-+	char *key = NULL, *str = NULL;
-+	va_list ap;
-+
-+	if( 0 > asprintf(&key, key_fmt, key_var)) {
-+		DEBUG(1, ("Failed in asprintf\n"));
-+		return -1;
-+	}
- 
--static bool dns_register_smbd_schedule(struct dns_reg_state *dns_state,
-+	va_start( ap, fmt );
-+	if( 0 > vasprintf(&str, fmt, ap )) {
-+		va_end(ap);
-+		DEBUG(1, ("Failed in vasprintf\n"));
-+		ret = -1;
-+		goto exit;
-+	}
-+	va_end(ap);
-+
-+	if( kDNSServiceErr_NoError != TXTRecordSetValue(rec, key, strlen(str), str) ) {
-+		DEBUG(1, ("Failed in TXTRecordSetValuen"));
-+		ret = -1;
-+		goto exit;
-+	}
-+
-+	exit:
-+	if (str)
-+		free(str);
-+	if (key)
-+		free(key);
-+	return ret;
-+}
-+
-+
-+static bool dns_register_smbd_schedule(struct reg_state *state,
- 				       struct timeval tval)
- {
--	dns_reg_state_destructor(dns_state);
-+	reg_state_destructor(state);
- 
--	dns_state->te = tevent_add_timer(dns_state->event_ctx,
--					 dns_state,
-+	state->te = tevent_add_timer(state->event_ctx,
-+					 state->mem_ctx,
- 					 tval,
- 					 dns_register_smbd_retry,
--					 dns_state);
--	if (!dns_state->te) {
-+					 state);
-+	if (!state->te) {
- 		return false;
- 	}
- 
- 	return true;
- }
- 
-+static void dns_register_smbd_callback(DNSServiceRef service,
-+				       DNSServiceFlags flags,
-+				       DNSServiceErrorType errorCode,
-+				       const char *name,
-+				       const char *type,
-+				       const char *domain,
-+				       void *context)
-+{
-+	if (errorCode != kDNSServiceErr_NoError) {
-+		DEBUG(6, ("error=%d\n", errorCode));
-+	} else {
-+		DEBUG(6, ("%-15s %s.%s%s\n", "REGISTER", name, type, domain));
-+	}
-+}
-+
- static void dns_register_smbd_retry(struct tevent_context *ctx,
- 				    struct tevent_timer *te,
- 				    struct timeval now,
- 				    void *private_data)
- {
--	struct dns_reg_state *dns_state = talloc_get_type_abort(private_data,
--					  struct dns_reg_state);
-+	struct reg_state *state = (struct reg_state *)private_data;
- 	DNSServiceErrorType err;
-+	int snum;
-+	size_t dk = 0;
-+	bool sys_txt_created = false;
-+	TXTRecordRef txt_adisk;
-+	TXTRecordRef txt_devinfo;
-+	char *servname;
-+	char *v_uuid;
-+	int num_services = lp_numservices();
-+
-+	reg_state_destructor(state);
- 
--	dns_reg_state_destructor(dns_state);
-+	TXTRecordCreate(&txt_adisk, 0, NULL);
- 
--	DEBUG(6, ("registering _smb._tcp service on port %d\n",
--		  dns_state->port));
-+	DEBUG(6, ("registering _smb._tcp service on port %d index %d\n",
-+		  state->port, state->if_index));
- 
- 	/* Register service with DNS. Connects with the mDNS
- 	 * daemon running on the local system to perform DNS
- 	 * service registration.
- 	 */
--	err = DNSServiceRegister(&dns_state->srv_ref, 0 /* flags */,
--			kDNSServiceInterfaceIndexAny,
--			NULL /* service name */,
--			"_smb._tcp" /* service type */,
--			NULL /* domain */,
--			"" /* SRV target host name */,
--			htons(dns_state->port),
--			0 /* TXT record len */,
--			NULL /* TXT record data */,
--			NULL /* callback func */,
--			NULL /* callback context */);
-+	err = DNSServiceRegister(&state->srv_ref,
-+			0		/* flags */,
-+			state->if_index /* interface index */,
-+			NULL		/* service name */,
-+			"_smb._tcp"	/* service type */,
-+			NULL		/* domain */,
-+			""		/* SRV target host name */,
-+			htons(state->port) /* port */,
-+			0		/* TXT record len */,
-+			NULL		/* TXT record data */,
-+			dns_register_smbd_callback /* callback func */,
-+			NULL		/* callback context */);
-+
- 
- 	if (err != kDNSServiceErr_NoError) {
- 		/* Failed to register service. Schedule a re-try attempt.
-@@ -123,24 +238,96 @@ static void dns_register_smbd_retry(struct tevent_context *ctx,
- 		goto retry;
- 	}
- 
--	dns_state->fd = DNSServiceRefSockFD(dns_state->srv_ref);
--	if (dns_state->fd == -1) {
-+	/*
-+	 * Check for services that are configured as Time Machine targets
-+	 *
-+	 */
-+	for (snum = 0; snum < num_services; snum++) {
-+		if (lp_snum_ok(snum) && lp_parm_bool(snum, "fruit", "time machine", false))
-+		{
-+			if (!sys_txt_created) {
-+				if( 0 > TXTRecordPrintf(&txt_adisk, "sys", "adVF=0x100") ) {
-+					DEBUG(1, ("Failed to create Zeroconf TXTRecord for sys") );
-+					goto retry;
-+				}
-+				else
-+				{
-+					sys_txt_created = true;
-+				}
-+			}
-+
-+			v_uuid = lp_parm_const_string(snum, "fruit", "volume_uuid", NULL);
-+			servname = lp_const_servicename(snum);
-+			DEBUG(1, ("Registering volume %s for TimeMachine\n", servname));
-+			if (v_uuid) {
-+				if( 0 > TXTRecordKeyPrintf(&txt_adisk, "dk%zu", dk++, "adVN=%s,adVF=0x82,adVU=%s",
-+					servname, v_uuid) ) {
-+					DEBUG(1, ("Could not set Zeroconf TXTRecord for dk%zu \n", dk));
-+					goto retry;
-+				}
-+				DEBUG(1, ("Registering TimeMachine with the following TXT parameters: "
-+					  "dk%zu,adVN=%s,adVF=0x82,adVU=%s\n", dk, servname, v_uuid) );
-+			}
-+			else {
-+				if( 0 > TXTRecordKeyPrintf(&txt_adisk, "dk%zu", dk++, "adVN=%s,adVF=0x82",
-+					servname) ) {
-+					DEBUG(1, ("Could not set Zeroconf TXTRecord for dk%zu \n", dk));
-+					goto retry;
-+				}
-+				DEBUG(1, ("Registering TimeMachine with the following TXT parameters: "
-+					  "dk%zu,adVN=%s,adVF=0x82\n", dk, servname) );
-+			}
-+		}
-+	}
-+
-+	if (dk) {
-+		err = DNSServiceRegister(&state->srv_ref,
-+				0		/* flags */,
-+				state->if_index /* interface index */,
-+				NULL		/* service name */,
-+				"_adisk._tcp"	/* service type */,
-+				NULL		/* domain */,
-+				""		/* SRV target host name */,
-+				/*
-+				 * We would probably use port 0 zero, but we can't, from man DNSServiceRegister:
-+				 *   "A value of 0 for a port is passed to register placeholder services.
-+				 *    Place holder services are not found  when browsing, but other
-+				 *    clients cannot register with the same name as the placeholder service."
-+				 * We therefor use port 9 which is used by the adisk service type.
-+				 */
-+				htons(9)	/* port */,
-+				TXTRecordGetLength(&txt_adisk)		/* TXT record len */,
-+				TXTRecordGetBytesPtr(&txt_adisk)	/* TXT record data */,
-+				dns_register_smbd_callback /* callback func */,
-+				NULL		/* callback context */);
-+
-+
-+		if (err != kDNSServiceErr_NoError) {
-+			/* Failed to register service. Schedule a re-try attempt.
-+			 */
-+			DEBUG(1, ("unable to register with mDNS (err %d)\n", err));
-+			goto retry;
-+		}
-+	}
-+
-+	state->fd = DNSServiceRefSockFD(state->srv_ref);
-+	if (state->fd == -1) {
- 		goto retry;
- 	}
- 
--	dns_state->fde = tevent_add_fd(dns_state->event_ctx,
--				       dns_state,
--				       dns_state->fd,
--				       TEVENT_FD_READ,
--				       dns_register_smbd_fde_handler,
--				       dns_state);
--	if (!dns_state->fde) {
-+	state->fde = tevent_add_fd(state->event_ctx,
-+				   state->mem_ctx,
-+				   state->fd,
-+				   TEVENT_FD_READ,
-+				   dns_register_smbd_fde_handler,
-+				   state);
-+	if (!state->fde) {
- 		goto retry;
- 	}
- 
- 	return;
-  retry:
--	dns_register_smbd_schedule(dns_state,
-+	dns_register_smbd_schedule(state,
- 		timeval_current_ofs(DNS_REG_RETRY_INTERVAL, 0));
- }
- 
-@@ -150,44 +337,77 @@ static void dns_register_smbd_fde_handler(struct tevent_context *ev,
- 					  uint16_t flags,
- 					  void *private_data)
- {
--	struct dns_reg_state *dns_state = talloc_get_type_abort(private_data,
--					  struct dns_reg_state);
-+	struct reg_state *state = (struct reg_state *)private_data;
- 	DNSServiceErrorType err;
- 
--	err = DNSServiceProcessResult(dns_state->srv_ref);
-+	err = DNSServiceProcessResult(state->srv_ref);
- 	if (err != kDNSServiceErr_NoError) {
--		DEBUG(3, ("failed to process mDNS result (err %d), re-trying\n",
--			    err));
-+		DEBUG(3, ("failed to process mDNS result (err %d), re-trying\n", err));
- 		goto retry;
- 	}
- 
--	talloc_free(dns_state);
- 	return;
- 
-  retry:
--	dns_register_smbd_schedule(dns_state,
--		timeval_current_ofs(DNS_REG_RETRY_INTERVAL, 0));
-+	dns_register_smbd_schedule(state, timeval_zero());
- }
- 
-+static int dns_reg_state_destructor(struct dns_reg_state *state)
-+{
-+	if (state != NULL) {
-+		talloc_free(state);
-+	}
-+	return 0;
-+}
-+
-+
- bool smbd_setup_mdns_registration(struct tevent_context *ev,
- 				  TALLOC_CTX *mem_ctx,
- 				  uint16_t port)
- {
- 	struct dns_reg_state *dns_state;
-+	bool bind_all = true;
-+	int i;
- 
- 	dns_state = talloc_zero(mem_ctx, struct dns_reg_state);
--	if (dns_state == NULL) {
-+	if (dns_state == NULL)
-+		return false;
-+
-+	if (lp_interfaces() && lp_bind_interfaces_only())
-+		bind_all = false;
-+
-+	dns_state->count = iface_count();
-+	if (dns_state->count <= 0 || bind_all == true)
-+		dns_state->count = 1;
-+
-+	dns_state->drs = talloc_array(mem_ctx, struct reg_state, dns_state->count);
-+	if (dns_state->drs == NULL) {
-+		talloc_free(dns_state);
- 		return false;
- 	}
--	dns_state->event_ctx = ev;
--	dns_state->port = port;
--	dns_state->fd = -1;
- 
--	talloc_set_destructor(dns_state, dns_reg_state_destructor);
-+	for (i = 0; i < dns_state->count; i++) {
-+		struct interface *iface = get_interface(i);
-+		struct reg_state *state = &dns_state->drs[i];
-+
-+		state->mem_ctx = mem_ctx;
-+		state->srv_ref = NULL;
-+		state->event_ctx = ev;
-+		state->te = NULL;
-+		state->fde = NULL;
-+		state->port = port;
-+		state->fd = -1;
- 
--	return dns_register_smbd_schedule(dns_state, timeval_zero());
-+		state->if_index = bind_all ? kDNSServiceInterfaceIndexAny : iface->if_index;
-+
-+		dns_register_smbd_schedule(&dns_state->drs[i], timeval_zero());
-+	}
-+
-+	talloc_set_destructor(dns_state, dns_reg_state_destructor);
-+	return true;
- }
- 
-+
- #else /* WITH_DNSSD_SUPPORT */
- 
- bool smbd_setup_mdns_registration(struct tevent_context *ev,
--- 
-2.37.1
-

net/samba416.old/files/0020-FreeBSD-12-between-r336017-and-r342928-wrongfuly-ret.patch

@@ -1,35 +0,0 @@
-From 02b599cc740490fa6f433b0c455fe458fdc1db61 Mon Sep 17 00:00:00 2001
-From: "Timur I. Bakeyev" <timur@FreeBSD.org>
-Date: Mon, 31 May 2021 02:45:11 +0200
-Subject: [PATCH 20/28] FreeBSD 12 between r336017 and r342928 wrongfuly return
- ENOENT for the not enabled qoutas on ZFS. Wrap relevant error code check with
- the versioning ifdef's.
-
-Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
----
- source3/lib/sysquotas_4B.c | 9 ++++++++-
- 1 file changed, 8 insertions(+), 1 deletion(-)
-
-diff --git a/source3/lib/sysquotas_4B.c b/source3/lib/sysquotas_4B.c
-index d9beb924ad9..c41cac02e5f 100644
---- a/source3/lib/sysquotas_4B.c
-+++ b/source3/lib/sysquotas_4B.c
-@@ -140,7 +140,14 @@ static int sys_quotactl_4B(const char * path, int cmd,
- 		/* ENOTSUP means quota support is not compiled in. EINVAL
- 		 * means that quotas are not configured (commonly).
- 		 */
--		if (errno != ENOTSUP && errno != EINVAL) {
-+		if (errno != ENOTSUP && errno != EINVAL
-+/*
-+ * FreeBSD 12 between r336017 and r342928 wrongfuly return ENOENT for the not enabled qoutas on ZFS.
-+ */
-+#if defined(__FreeBSD__) && ((__FreeBSD_version >= 1102503 && __FreeBSD_version <= 1102506) || (__FreeBSD_version >= 1200072 && __FreeBSD_version <= 1200503) || (__FreeBSD_version >= 1300000 && __FreeBSD_version <= 1300009))
-+			&& errno != ENOENT
-+#endif
-+		) {
- 			DEBUG(5, ("failed to %s quota for %s ID %u on %s: %s\n",
- 				    (cmd & QCMD(Q_GETQUOTA, 0)) ? "get" : "set",
- 				    (cmd & QCMD(0, GRPQUOTA)) ? "group" : "user",
--- 
-2.37.1
-

net/samba416.old/files/0021-Fix-casting-warnings-in-the-nfs_quota-debug-message.patch

@@ -1,36 +0,0 @@
-From 46f5b54aa5761541a16108d66764d662f37f04d2 Mon Sep 17 00:00:00 2001
-From: "Timur I. Bakeyev" <timur@FreeBSD.org>
-Date: Mon, 31 May 2021 02:41:48 +0200
-Subject: [PATCH 21/28] Fix casting warnings in the nfs_quota debug message.
-
-Initialize quota structure with zeros.
-
-Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
----
- source3/smbd/quotas.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/source3/smbd/quotas.c b/source3/smbd/quotas.c
-index 604631f81d6..c23fa49b3b0 100644
---- a/source3/smbd/quotas.c
-+++ b/source3/smbd/quotas.c
-@@ -125,6 +125,7 @@ static bool nfs_quotas(char *nfspath, uid_t euser_id, uint64_t *bsize, uint64_t
- 	if (!cutstr)
- 		return False;
- 
-+	memset(&D, '\0', sizeof(D));
- 	memset(cutstr, '\0', len+1);
- 	host = strncat(cutstr,mnttype, sizeof(char) * len );
- 	DEBUG(5,("nfs_quotas: looking for mount on \"%s\"\n", cutstr));
-@@ -133,7 +134,7 @@ static bool nfs_quotas(char *nfspath, uid_t euser_id, uint64_t *bsize, uint64_t
- 	args.gqa_pathp = testpath+1;
- 	args.gqa_uid = uid;
- 
--	DEBUG(5,("nfs_quotas: Asking for host \"%s\" rpcprog \"%i\" rpcvers \"%i\" network \"%s\"\n", host, RQUOTAPROG, RQUOTAVERS, "udp"));
-+	DEBUG(5,("nfs_quotas: Asking for host \"%s\" rpcprog \"%lu\" rpcvers \"%lu\" network \"%s\"\n", host, RQUOTAPROG, RQUOTAVERS, "udp"));
- 
- 	if ((clnt = clnt_create(host, RQUOTAPROG, RQUOTAVERS, "udp")) == NULL) {
- 		ret = False;
--- 
-2.37.1
-

net/samba416.old/files/0022-Clean-up-UTMP-handling-code-and-add-FreeBSD-support..patch

@@ -1,340 +0,0 @@
-From 5019ad026f106d51dc2bb4c410a05b2f63b56cd0 Mon Sep 17 00:00:00 2001
-From: "Timur I. Bakeyev" <timur@FreeBSD.org>
-Date: Mon, 31 May 2021 01:43:13 +0200
-Subject: [PATCH 22/28] Clean up UTMP handling code and add FreeBSD support.
- Some really legacy platforms may have been dropped as a result.
-
-Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
----
- source3/smbd/utmp.c | 156 ++++++++++++--------------------------------
- source3/wscript     |  37 ++++++-----
- 2 files changed, 63 insertions(+), 130 deletions(-)
-
-diff --git a/source3/smbd/utmp.c b/source3/smbd/utmp.c
-index 4327301e3b1..f4a8362dd56 100644
---- a/source3/smbd/utmp.c
-+++ b/source3/smbd/utmp.c
-@@ -257,7 +257,7 @@ static char *uw_pathname(TALLOC_CTX *ctx,
-  Update utmp file directly.  No subroutine interface: probably a BSD system.
- ****************************************************************************/
- 
--static void pututline_my(const char *uname, struct utmp *u, bool claim)
-+static void pututline_my(const char *uname, STRUCT_UTMP *u, bool claim)
- {
- 	DEBUG(1,("pututline_my: not yet implemented\n"));
- 	/* BSD implementor: may want to consider (or not) adjusting "lastlog" */
-@@ -271,7 +271,7 @@ static void pututline_my(const char *uname, struct utmp *u, bool claim)
-  Credit: Michail Vidiassov <master@iaas.msu.ru>
- ****************************************************************************/
- 
--static void updwtmp_my(const char *wname, struct utmp *u, bool claim)
-+static void updwtmp_my(const char *wname, STRUCT_UTMP *u, bool claim)
- {
- 	int fd;
- 	struct stat buf;
-@@ -303,7 +303,7 @@ static void updwtmp_my(const char *wname, struct utmp *u, bool claim)
- 	if ((fd = open(wname, O_WRONLY|O_APPEND, 0)) < 0)
- 		return;
- 	if (fstat(fd, &buf) == 0) {
--		if (write(fd, (char *)u, sizeof(struct utmp)) != sizeof(struct utmp))
-+		if (write(fd, (char *)u, sizeof(STRUCT_UTMP)) != sizeof(STRUCT_UTMP))
- 		(void) ftruncate(fd, buf.st_size);
- 	}
- 	(void) close(fd);
-@@ -314,12 +314,12 @@ static void updwtmp_my(const char *wname, struct utmp *u, bool claim)
-  Update via utmp/wtmp (not utmpx/wtmpx).
- ****************************************************************************/
- 
--static void utmp_nox_update(struct utmp *u, bool claim)
-+static void utmp_nox_update(STRUCT_UTMP *u, bool claim)
- {
- 	char *uname = NULL;
- 	char *wname = NULL;
- #if defined(PUTUTLINE_RETURNS_UTMP)
--	struct utmp *urc;
-+	STRUCT_UTMP *urc;
- #endif /* PUTUTLINE_RETURNS_UTMP */
- 
- 	uname = uw_pathname(talloc_tos(), "utmp", ut_pathname);
-@@ -376,127 +376,52 @@ static void utmp_nox_update(struct utmp *u, bool claim)
- 	}
- }
- 
--/****************************************************************************
-- Copy a string in the utmp structure.
--****************************************************************************/
- 
--static void utmp_strcpy(char *dest, const char *src, size_t n)
--{
--	size_t len = 0;
--
--	memset(dest, '\0', n);
--	if (src)
--		len = strlen(src);
--	if (len >= n) {
--		memcpy(dest, src, n);
--	} else {
--		if (len)
--			memcpy(dest, src, len);
--	}
--}
-+
-+
- 
- /****************************************************************************
-  Update via utmpx/wtmpx (preferred) or via utmp/wtmp.
- ****************************************************************************/
- 
--static void sys_utmp_update(struct utmp *u, const char *hostname, bool claim)
-+static void sys_utmp_update(STRUCT_UTMP *u, const char *hostname, bool claim)
- {
--#if !defined(HAVE_UTMPX_H)
--	/* No utmpx stuff.  Drop to non-x stuff */
--	utmp_nox_update(u, claim);
--#elif !defined(HAVE_PUTUTXLINE)
--	/* Odd.  Have utmpx.h but no "pututxline()".  Drop to non-x stuff */
--	DEBUG(1,("utmp_update: have utmpx.h but no pututxline() function\n"));
--	utmp_nox_update(u, claim);
--#elif !defined(HAVE_GETUTMPX)
--	/* Odd.  Have utmpx.h but no "getutmpx()".  Drop to non-x stuff */
--	DEBUG(1,("utmp_update: have utmpx.h but no getutmpx() function\n"));
--	utmp_nox_update(u, claim);
--#elif !defined(HAVE_UPDWTMPX)
--	/* Have utmpx.h but no "updwtmpx()".  Drop to non-x stuff */
--	DEBUG(1,("utmp_update: have utmpx.h but no updwtmpx() function\n"));
--	utmp_nox_update(u, claim);
--#else
--	char *uname = NULL;
--	char *wname = NULL;
--	struct utmpx ux, *uxrc;
--
--	getutmpx(u, &ux);
--
--#if defined(HAVE_UX_UT_SYSLEN)
--	if (hostname)
--		ux.ut_syslen = strlen(hostname) + 1;	/* include end NULL */
--	else
--		ux.ut_syslen = 0;
--#endif
--#if defined(HAVE_UX_UT_HOST)
--	utmp_strcpy(ux.ut_host, hostname, sizeof(ux.ut_host));
--#endif
--
--	uname = uw_pathname(talloc_tos(), "utmpx", ux_pathname);
--	wname = uw_pathname(talloc_tos(), "wtmpx", wx_pathname);
--	if (uname && wname) {
--		DEBUG(2,("utmp_update: uname:%s wname:%s\n", uname, wname));
--	}
-+	STRUCT_UTMP *urc;
- 
--	/*
--	 * Check for either uname or wname being empty.
--	 * Some systems, such as Redhat 6, have a "utmpx.h" which doesn't
--	 * define default filenames.
--	 * Also, our local installation has not provided an override.
--	 * Drop to non-x method.  (E.g. RH6 has good defaults in "utmp.h".)
--	 */
--	if (!uname || !wname || (strlen(uname) == 0) || (strlen(wname) == 0)) {
--		utmp_nox_update(u, claim);
--	} else {
--		utmpxname(uname);
--		setutxent();
--		uxrc = pututxline(&ux);
--		endutxent();
--		if (uxrc == NULL) {
--			DEBUG(2,("utmp_update: pututxline() failed\n"));
--			return;
--		}
--		updwtmpx(wname, &ux);
-+	setutxent();
-+	urc = pututxline(u);
-+	endutxent();
-+	if (urc == NULL) {
-+		DEBUG(2,("utmp_update: pututxline() failed\n"));
-+		return;
- 	}
--#endif /* HAVE_UTMPX_H */
- }
- 
- #if defined(HAVE_UT_UT_ID)
- /****************************************************************************
-  Encode the unique connection number into "ut_id".
- ****************************************************************************/
--
--static int ut_id_encode(int i, char *fourbyte)
-+static void ut_id_encode(char *buf, int id, size_t buf_size)
- {
--	int nbase;
--	const char *ut_id_encstr = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
-+	const char ut_id_encstr[] = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
- 
--/*
-- * 'ut_id_encstr' is the character set on which modulo arithmetic is done.
-- * Example: digits would produce the base-10 numbers from '001'.
-- */
--	nbase = strlen(ut_id_encstr);
--
--	fourbyte[0] = ut_id_encstr[i % nbase];
--	i /= nbase;
--	fourbyte[1] = ut_id_encstr[i % nbase];
--	i /= nbase;
--	fourbyte[3] = ut_id_encstr[i % nbase];
--	i /= nbase;
--	fourbyte[2] = ut_id_encstr[i % nbase];
--	i /= nbase;
--
--	/* we do not care about overflows as i is a random number */
--	return 0;
-+	int nbase = sizeof(ut_id_encstr) - 1;
-+	/*
-+	 * 'ut_id_encstr' is the character set on which modulo arithmetic is done.
-+	 * Example: digits would produce the base-10 numbers from '001'.
-+	 */
-+
-+	for(int i = 0; i < buf_size; i++) {
-+		buf[i] = ut_id_encstr[id % nbase];
-+		id /= nbase;
-+	}
- }
- #endif /* defined(HAVE_UT_UT_ID) */
- 
--
- /*
-   fill a system utmp structure given all the info we can gather
- */
--static bool sys_utmp_fill(struct utmp *u,
-+static bool sys_utmp_fill(STRUCT_UTMP *u,
- 			const char *username, const char *hostname,
- 			const char *id_str, int id_num)
- {
-@@ -509,16 +434,16 @@ static bool sys_utmp_fill(struct utmp *u,
- 	 *	rather than to try to detect and optimise.
- 	 */
- #if defined(HAVE_UT_UT_USER)
--	utmp_strcpy(u->ut_user, username, sizeof(u->ut_user));
-+	strncpy(u->ut_user, username, sizeof(u->ut_user));
- #elif defined(HAVE_UT_UT_NAME)
--	utmp_strcpy(u->ut_name, username, sizeof(u->ut_name));
-+	strncpy(u->ut_name, username, sizeof(u->ut_name));
- #endif
- 
- 	/*
- 	 * ut_line:
- 	 *	If size limit proves troublesome, then perhaps use "ut_id_encode()".
- 	 */
--	utmp_strcpy(u->ut_line, id_str, sizeof(u->ut_line));
-+	strncpy(u->ut_line, id_str, sizeof(u->ut_line));
- 
- #if defined(HAVE_UT_UT_PID)
- 	u->ut_pid = getpid();
-@@ -535,20 +460,23 @@ static bool sys_utmp_fill(struct utmp *u,
- 	u->ut_time = timeval.tv_sec;
- #elif defined(HAVE_UT_UT_TV)
- 	GetTimeOfDay(&timeval);
--	u->ut_tv = timeval;
-+	u->ut_tv.tv_sec = timeval.tv_sec;
-+	u->ut_tv.tv_usec = timeval.tv_usec;
- #else
- #error "with-utmp must have UT_TIME or UT_TV"
- #endif
- 
- #if defined(HAVE_UT_UT_HOST)
--	utmp_strcpy(u->ut_host, hostname, sizeof(u->ut_host));
-+	if(hostname != NULL) {
-+		strncpy(u->ut_host, hostname, sizeof(u->ut_host));
-+#if defined(HAVE_UT_UT_SYSLEN)
-+		u->ut_syslen = strlen(hostname) + 1;	/* include trailing NULL */
-+#endif
-+	}
- #endif
- 
- #if defined(HAVE_UT_UT_ID)
--	if (ut_id_encode(id_num, u->ut_id) != 0) {
--		DEBUG(1,("utmp_fill: cannot encode id %d\n", id_num));
--		return False;
--	}
-+	ut_id_encode(u->ut_id, id_num, sizeof(u->ut_id));
- #endif
- 
- 	return True;
-@@ -561,7 +489,7 @@ static bool sys_utmp_fill(struct utmp *u,
- void sys_utmp_yield(const char *username, const char *hostname,
- 		    const char *id_str, int id_num)
- {
--	struct utmp u;
-+	STRUCT_UTMP u;
- 
- 	ZERO_STRUCT(u);
- 
-@@ -587,7 +515,7 @@ void sys_utmp_yield(const char *username, const char *hostname,
- void sys_utmp_claim(const char *username, const char *hostname,
- 		    const char *id_str, int id_num)
- {
--	struct utmp u;
-+	STRUCT_UTMP u;
- 
- 	ZERO_STRUCT(u);
- 
-diff --git a/source3/wscript b/source3/wscript
-index 6209472c6c8..65961851e17 100644
---- a/source3/wscript
-+++ b/source3/wscript
-@@ -807,34 +807,39 @@ msg.msg_accrightslen = sizeof(fd);
- 
-     if Options.options.with_utmp:
-         conf.env.with_utmp = True
--        if not conf.CHECK_HEADERS('utmp.h'): conf.env.with_utmp = False
--        conf.CHECK_FUNCS('pututline pututxline updwtmp updwtmpx getutmpx getutxent')
--        conf.CHECK_STRUCTURE_MEMBER('struct utmp', 'ut_name', headers='utmp.h',
-+        if not conf.CHECK_HEADERS('utmpx.h') and not conf.CHECK_HEADERS('utmp.h'):
-+            conf.env.with_utmp = False
-+        if conf.CONFIG_SET('HAVE_UTMPX_H'):
-+            conf.DEFINE('STRUCT_UTMP', 'struct utmpx')
-+        elif conf.CONFIG_SET('HAVE_UTMP_H'):
-+            conf.DEFINE('STRUCT_UTMP', 'struct utmp')
-+        conf.CHECK_FUNCS('pututxline getutxid getutxline updwtmpx getutmpx setutxent endutxent')
-+        conf.CHECK_FUNCS('pututline getutid getutline updwtmp getutmp setutent endutent')
-+        conf.CHECK_STRUCTURE_MEMBER('STRUCT_UTMP', 'ut_name', headers='utmpx.h utmp.h',
-                                     define='HAVE_UT_UT_NAME')
--        conf.CHECK_STRUCTURE_MEMBER('struct utmp', 'ut_user', headers='utmp.h',
-+
-+        conf.CHECK_STRUCTURE_MEMBER('STRUCT_UTMP', 'ut_user', headers='utmpx.h utmp.h',
-                                     define='HAVE_UT_UT_USER')
--        conf.CHECK_STRUCTURE_MEMBER('struct utmp', 'ut_id', headers='utmp.h',
-+        conf.CHECK_STRUCTURE_MEMBER('STRUCT_UTMP', 'ut_id', headers='utmpx.h utmp.h',
-                                     define='HAVE_UT_UT_ID')
--        conf.CHECK_STRUCTURE_MEMBER('struct utmp', 'ut_host', headers='utmp.h',
-+        conf.CHECK_STRUCTURE_MEMBER('STRUCT_UTMP', 'ut_host', headers='utmpx.h utmp.h',
-                                     define='HAVE_UT_UT_HOST')
--        conf.CHECK_STRUCTURE_MEMBER('struct utmp', 'ut_time', headers='utmp.h',
-+        conf.CHECK_STRUCTURE_MEMBER('STRUCT_UTMP', 'ut_time', headers='utmpx.h utmp.h',
-                                     define='HAVE_UT_UT_TIME')
--        conf.CHECK_STRUCTURE_MEMBER('struct utmp', 'ut_tv', headers='utmp.h',
-+        conf.CHECK_STRUCTURE_MEMBER('STRUCT_UTMP', 'ut_tv', headers='utmpx.h utmp.h',
-                                     define='HAVE_UT_UT_TV')
--        conf.CHECK_STRUCTURE_MEMBER('struct utmp', 'ut_type', headers='utmp.h',
-+        conf.CHECK_STRUCTURE_MEMBER('STRUCT_UTMP', 'ut_type', headers='utmpx.h utmp.h',
-                                     define='HAVE_UT_UT_TYPE')
--        conf.CHECK_STRUCTURE_MEMBER('struct utmp', 'ut_pid', headers='utmp.h',
-+        conf.CHECK_STRUCTURE_MEMBER('STRUCT_UTMP', 'ut_pid', headers='utmpx.h utmp.h',
-                                     define='HAVE_UT_UT_PID')
--        conf.CHECK_STRUCTURE_MEMBER('struct utmp', 'ut_exit.e_exit', headers='utmp.h',
-+        conf.CHECK_STRUCTURE_MEMBER('STRUCT_UTMP', 'ut_exit.e_exit', headers='utmpx.h utmp.h',
-                                     define='HAVE_UT_UT_EXIT')
--        conf.CHECK_STRUCTURE_MEMBER('struct utmpx', 'ut_syslen', headers='utmpx.h',
--                                    define='HAVE_UX_UT_SYSLEN')
--        conf.CHECK_STRUCTURE_MEMBER('struct utmpx', 'ut_host', headers='utmpx.h',
--                                    define='HAVE_UX_UT_HOST')
-+        conf.CHECK_STRUCTURE_MEMBER('STRUCT_UTMP', 'ut_syslen', headers='utmpx.h utmp.h',
-+                                    define='HAVE_UT_UT_SYSLEN')
-         conf.CHECK_CODE('struct utmp utarg; struct utmp *utreturn; utreturn = pututline(&utarg);',
-                         'PUTUTLINE_RETURNS_UTMP', headers='utmp.h',
-                         msg="Checking whether pututline returns pointer")
--        conf.CHECK_SIZEOF(['((struct utmp *)NULL)->ut_line'], headers='utmp.h',
-+        conf.CHECK_SIZEOF(['((STRUCT_UTMP *)NULL)->ut_line'], headers='utmpx.h utmp.h',
-                           define='SIZEOF_UTMP_UT_LINE', critical=False)
-         if not conf.CONFIG_SET('SIZEOF_UTMP_UT_LINE'):
-             conf.env.with_utmp = False
--- 
-2.37.1
-

net/samba416.old/files/0023-Add-cmd_get_quota-test-function-into-vfstest-to-test.patch

@@ -1,121 +0,0 @@
-From 2e927425e04d65027db5348b3e89a69a5e447556 Mon Sep 17 00:00:00 2001
-From: "Timur I. Bakeyev" <timur@FreeBSD.org>
-Date: Mon, 31 May 2021 03:07:40 +0200
-Subject: [PATCH 23/28] Add `cmd_get_quota()` test function into vfstest, to
- test disk quota interface.
-
-Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
----
- source3/torture/cmd_vfs.c     | 78 +++++++++++++++++++++++++++++++++++
- source3/torture/wscript_build |  2 +-
- 2 files changed, 79 insertions(+), 1 deletion(-)
-
-diff --git a/source3/torture/cmd_vfs.c b/source3/torture/cmd_vfs.c
-index 38ce0dc4ff6..1bc4639d2a2 100644
---- a/source3/torture/cmd_vfs.c
-+++ b/source3/torture/cmd_vfs.c
-@@ -145,6 +145,83 @@ static NTSTATUS cmd_disk_free(struct vfs_state *vfs, TALLOC_CTX *mem_ctx, int ar
- 	return NT_STATUS_OK;
- }
- 
-+static NTSTATUS cmd_get_quota(struct vfs_state *vfs, TALLOC_CTX *mem_ctx, int argc, const char **argv)
-+{
-+	struct smb_filename *smb_fname = NULL;
-+	uint64_t bsize, dfree, dsize;
-+	enum SMB_QUOTA_TYPE qtype;
-+	SMB_DISK_QUOTA D;
-+	unid_t id;
-+	int r;
-+
-+	if (argc != 4) {
-+		printf("Usage: get_quota <path> [user|group] id\n");
-+		return NT_STATUS_OK;
-+	}
-+
-+	smb_fname = synthetic_smb_fname(talloc_tos(),
-+					argv[1],
-+					NULL,
-+					NULL,
-+					0,
-+					ssf_flags());
-+	if (smb_fname == NULL) {
-+		return NT_STATUS_NO_MEMORY;
-+	}
-+
-+	if(strcmp(argv[2], "user") == 0) {
-+		qtype = SMB_USER_FS_QUOTA_TYPE;
-+	}
-+	else if(strcmp(argv[2], "group") == 0) {
-+		qtype = SMB_GROUP_FS_QUOTA_TYPE;
-+	}
-+	else {
-+		printf("Usage: get_quota <path> [user|group] id\n");
-+		return NT_STATUS_OK;
-+	}
-+
-+	id.uid = atoi(argv[3]);
-+
-+	ZERO_STRUCT(D);
-+
-+	r = SMB_VFS_GET_QUOTA(vfs->conn, smb_fname, qtype, id, &D);
-+
-+	if (r == -1 && errno != ENOSYS) {
-+		return NT_STATUS_UNSUCCESSFUL;
-+	}
-+
-+	if (r == 0 && (D.qflags & QUOTAS_DENY_DISK) == 0) {
-+		return NT_STATUS_UNSUCCESSFUL;
-+	}
-+
-+	bsize = D.bsize;
-+	/* Use softlimit to determine disk space, except when it has been exceeded */
-+	if (
-+		(D.softlimit && D.curblocks >= D.softlimit) ||
-+		(D.hardlimit && D.curblocks >= D.hardlimit) ||
-+		(D.isoftlimit && D.curinodes >= D.isoftlimit) ||
-+		(D.ihardlimit && D.curinodes>=D.ihardlimit)
-+	) {
-+		dfree = 0;
-+		dsize = D.curblocks;
-+	} else if (D.softlimit==0 && D.hardlimit==0) {
-+		return NT_STATUS_UNSUCCESSFUL;
-+	} else {
-+		if (D.softlimit == 0) {
-+			D.softlimit = D.hardlimit;
-+		}
-+		dfree = D.softlimit - D.curblocks;
-+		dsize = D.softlimit;
-+	}
-+
-+	printf("get_quota: bsize = %lu, dfree = %lu, dsize = %lu\n",
-+			(unsigned long)bsize,
-+			(unsigned long)dfree,
-+			(unsigned long)dsize);
-+
-+	return NT_STATUS_OK;
-+}
-+
- 
- static NTSTATUS cmd_opendir(struct vfs_state *vfs, TALLOC_CTX *mem_ctx, int argc, const char **argv)
- {
-@@ -2257,6 +2334,7 @@ struct cmd_set vfs_commands[] = {
- 	{ "connect",   cmd_connect,   "VFS connect()",    "connect" },
- 	{ "disconnect",   cmd_disconnect,   "VFS disconnect()",    "disconnect" },
- 	{ "disk_free",   cmd_disk_free,   "VFS disk_free()",    "disk_free <path>" },
-+	{ "get_quota",   cmd_get_quota,   "VFS get_quota()",    "get_quota <path> [user|group] id" },
- 	{ "opendir",   cmd_opendir,   "VFS opendir()",    "opendir <fname>" },
- 	{ "readdir",   cmd_readdir,   "VFS readdir()",    "readdir" },
- 	{ "mkdir",   cmd_mkdir,   "VFS mkdir()",    "mkdir <path>" },
-diff --git a/source3/torture/wscript_build b/source3/torture/wscript_build
-index 0c4275de795..f75c4bfe2be 100644
---- a/source3/torture/wscript_build
-+++ b/source3/torture/wscript_build
-@@ -124,4 +124,4 @@ bld.SAMBA3_BINARY('vfstest',
-                       smbconf
-                       SMBREADLINE
-                       ''',
--                 for_selftest=True)
-+                 install=True)
--- 
-2.37.1
-

net/samba416.old/files/0024-Cherry-pick-ZFS-provisioning-code-by-iXsystems-Inc.patch

@@ -1,367 +0,0 @@
-From d3024a4a2ff8015932a26a9df08e8ea5ff12a959 Mon Sep 17 00:00:00 2001
-From: "Timur I. Bakeyev" <timur@FreeBSD.org>
-Date: Thu, 4 Aug 2022 05:15:33 +0200
-Subject: [PATCH 24/28] Cherry-pick ZFS provisioning code by iXsystems Inc.
-
-* Check if sysvol is on filesystem with NFSv4 ACL's
-(cherry picked from commit ca86f52b78a7b6e7537454a69cf93e7b96210cba)
-
-* Only check targetdir if it is defined (I had assumed it was)
-(cherry picked from commit a29050cb2978ce23e3c04a859340dc2664c77a8a)
-
-* Kick samba a little bit into understanding NFSv4 ACL's
-(cherry picked from commit 1c7542ff4904b729e311e17464ee76582760c219)
-
-Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
----
- python/samba/provision/__init__.py |  22 +++-
- source3/lib/sysacls.c              |  10 ++
- source3/param/loadparm.c           |  20 +++
- source3/smbd/pysmbd.c              | 189 ++++++++++++++++++++++++++++-
- 4 files changed, 235 insertions(+), 6 deletions(-)
-
-diff --git a/python/samba/provision/__init__.py b/python/samba/provision/__init__.py
-index ff9b8fac916..20e41a9ad3e 100644
---- a/python/samba/provision/__init__.py
-+++ b/python/samba/provision/__init__.py
-@@ -1662,19 +1662,25 @@ def setsysvolacl(samdb, netlogon, sysvol, uid, gid, domainsid, dnsdomain,
-         s3conf = s3param.get_context()
-         s3conf.load(lp.configfile)
- 
--        file = tempfile.NamedTemporaryFile(dir=os.path.abspath(sysvol))
-+        sysvol_dir = os.path.abspath(sysvol)
-+
-+        set_simple_acl = smbd.set_simple_acl
-+        if smbd.has_nfsv4_acls(sysvol_dir):
-+            set_simple_acl = smbd.set_simple_nfsv4_acl
-+
-+        file = tempfile.NamedTemporaryFile(dir=sysvol_dir)
-         try:
-             try:
--                smbd.set_simple_acl(file.name, 0o755, system_session_unix(), gid)
-+                set_simple_acl(file.name, 0o755, system_session_unix(), gid)
-             except OSError:
--                if not smbd.have_posix_acls():
-+                if not smbd.have_posix_acls() and not smbd.have_nfsv4_acls():
-                     # This clue is only strictly correct for RPM and
-                     # Debian-like Linux systems, but hopefully other users
-                     # will get enough clue from it.
--                    raise ProvisioningError("Samba was compiled without the posix ACL support that s3fs requires.  "
-+                    raise ProvisioningError("Samba was compiled without the ACL support that s3fs requires.  "
-                                             "Try installing libacl1-dev or libacl-devel, then re-run configure and make.")
- 
--                raise ProvisioningError("Your filesystem or build does not support posix ACLs, which s3fs requires.  "
-+                raise ProvisioningError("Your filesystem or build does not support ACLs, which s3fs requires.  "
-                                         "Try the mounting the filesystem with the 'acl' option.")
-             try:
-                 smbd.chown(file.name, uid, gid, system_session_unix())
-@@ -1959,6 +1965,9 @@ def provision_fill(samdb, secrets_ldb, logger, names, paths,
-         samdb.transaction_commit()
- 
-     if serverrole == "active directory domain controller":
-+        if targetdir and smbd.have_nfsv4_acls() and smbd.has_nfsv4_acls(targetdir):
-+            smbd.set_nfsv4_defaults()
-+
-         # Continue setting up sysvol for GPO. This appears to require being
-         # outside a transaction.
-         if not skip_sysvolacl:
-@@ -2313,6 +2322,9 @@ def provision(logger, session_info, smbconf=None,
-             if not os.path.isdir(paths.netlogon):
-                 os.makedirs(paths.netlogon, 0o755)
- 
-+            if smbd.have_nfsv4_acls() and smbd.has_nfsv4_acls(paths.sysvol):
-+                smbd.set_nfsv4_defaults()
-+
-         if adminpass is None:
-             adminpass = samba.generate_random_password(12, 32)
-             adminpass_generated = True
-diff --git a/source3/lib/sysacls.c b/source3/lib/sysacls.c
-index 891fabea21e..d1357a47bd0 100644
---- a/source3/lib/sysacls.c
-+++ b/source3/lib/sysacls.c
-@@ -38,6 +38,16 @@
- #include "modules/vfs_aixacl.h"
- #endif
- 
-+/*
-+ * NFSv4 ACL's should be understood and a first class citizen. Work
-+ * needs to be done in librpc/idl/smb_acl.idl for this to occur.
-+ */
-+#if defined(HAVE_LIBSUNACL) && defined(FREEBSD)
-+#if 0
-+#include "modules/nfs4_acls.h"
-+#endif
-+#endif
-+
- #undef  DBGC_CLASS
- #define DBGC_CLASS DBGC_ACLS
- 
-diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
-index 21e061939e3..4e23fdaaf6d 100644
---- a/source3/param/loadparm.c
-+++ b/source3/param/loadparm.c
-@@ -2830,9 +2830,29 @@ static void init_locals(void)
- 		} else {
- 			if (lp_parm_const_string(-1, "xattr_tdb", "file", NULL)) {
- 				lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr xattr_tdb");
-+			/*
-+			 * By default, the samba sysvol is located in the statedir. Provisioning will fail in setntacl
-+			 * unless we have zfacl enabled. Unfortunately, at this point the smb.conf has not been generated.
-+			 * This workaround is freebsd-specific.
-+			 */
-+#if defined(_PC_ACL_EXTENDED)
-+			} else if (pathconf(lp_state_directory(), _PC_ACL_EXTENDED) == 1) {
-+				lp_do_parameter(-1, "vfs objects", "dfs_samba4 freebsd");
-+#endif
-+#if defined(_PC_ACL_NFS4)
-+			} else if (pathconf(lp_state_directory(), _PC_ACL_NFS4) == 1) {
-+				lp_do_parameter(-1, "vfs objects", "dfs_samba4 zfsacl");
-+#endif
- 			} else if (lp_parm_const_string(-1, "posix", "eadb", NULL)) {
- 				lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr posix_eadb");
- 			} else {
-+				/*
-+				 * This should only set dfs_samba4 and leave acl_xattr
-+				 * to be set later (or zfsacl). The only reason the decision
-+				 * can't be made here to load acl_xattr or zfsacl is
-+				 * that we don't have access to what the target
-+				 * directory is.
-+				 */
- 				lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr");
- 			}
- 		}
-diff --git a/source3/smbd/pysmbd.c b/source3/smbd/pysmbd.c
-index 88cbf62a680..867010ea6cd 100644
---- a/source3/smbd/pysmbd.c
-+++ b/source3/smbd/pysmbd.c
-@@ -485,6 +485,20 @@ static SMB_ACL_T make_simple_acl(TALLOC_CTX *mem_ctx,
- 	return acl;
- }
- 
-+static SMB_ACL_T make_simple_nfsv4_acl(TALLOC_CTX *mem_ctx,
-+					gid_t gid,
-+					mode_t chmod_mode)
-+{
-+	/*
-+	 * This function needs to create an NFSv4 ACL. Currently, the only way
-+	 * to do so is to use the operating system interface, or to use the
-+	 * functions in source3/modules/nfs4_acls.c. These seems ugly and
-+	 * hacky. NFSv4 ACL's should be a first class citizen and
-+	 * librpc/idl/smb_acl.idl should be modified accordingly.
-+	 */
-+	return NULL;
-+}
-+
- /*
-   set a simple ACL on a file, as a test
-  */
-@@ -557,6 +571,84 @@ static PyObject *py_smbd_set_simple_acl(PyObject *self, PyObject *args, PyObject
- 	Py_RETURN_NONE;
- }
- 
-+
-+/*
-+  set a simple NFSv4 ACL on a file, as a test
-+ */
-+static PyObject *py_smbd_set_simple_nfsv4_acl(PyObject *self, PyObject *args, PyObject *kwargs)
-+{
-+	const char * const kwnames[] = {
-+		"fname",
-+		"mode",
-+		"session_info",
-+		"gid",
-+		"service",
-+		NULL
-+	};
-+	char *fname, *service = NULL;
-+	PyObject *py_session = Py_None;
-+	struct auth_session_info *session_info = NULL;
-+	int ret;
-+	int mode, gid = -1;
-+	SMB_ACL_T acl;
-+	TALLOC_CTX *frame;
-+	connection_struct *conn;
-+
-+	if (!PyArg_ParseTupleAndKeywords(args, kwargs, "siO|iz",
-+					 discard_const_p(char *, kwnames),
-+					 &fname,
-+					 &mode,
-+					 &py_session,
-+					 &gid,
-+					 &service))
-+		return NULL;
-+
-+	if (!py_check_dcerpc_type(py_session,
-+				  "samba.dcerpc.auth",
-+				  "session_info")) {
-+		return NULL;
-+	}
-+	session_info = pytalloc_get_type(py_session,
-+					 struct auth_session_info);
-+	if (session_info == NULL) {
-+		PyErr_Format(PyExc_TypeError,
-+			     "Expected auth_session_info for session_info argument got %s",
-+			     pytalloc_get_name(py_session));
-+		return NULL;
-+	}
-+
-+	frame = talloc_stackframe();
-+
-+	acl = make_simple_nfsv4_acl(frame, gid, mode);
-+	if (acl == NULL) {
-+		TALLOC_FREE(frame);
-+		Py_RETURN_NONE;
-+	}
-+
-+	conn = get_conn_tos(service, session_info);
-+	if (!conn) {
-+		TALLOC_FREE(frame);
-+		Py_RETURN_NONE;
-+	}
-+
-+	/*
-+	 * SMB_ACL_TYPE_ACCESS -> ACL_TYPE_ACCESS -> Not valid for NFSv4 ACL
-+	 */
-+	ret = 0;
-+
-+	/* ret = set_sys_acl_conn(fname, SMB_ACL_TYPE_ACCESS, acl, conn); */
-+
-+	if (ret != 0) {
-+		TALLOC_FREE(frame);
-+		errno = ret;
-+		return PyErr_SetFromErrno(PyExc_OSError);
-+	}
-+
-+	TALLOC_FREE(frame);
-+
-+	Py_RETURN_NONE;
-+}
-+
- /*
-   chown a file
-  */
-@@ -744,7 +836,7 @@ static PyObject *py_smbd_unlink(PyObject *self, PyObject *args, PyObject *kwargs
- }
- 
- /*
--  check if we have ACL support
-+  check if we have POSIX.1e ACL support
-  */
- static PyObject *py_smbd_have_posix_acls(PyObject *self,
- 		PyObject *Py_UNUSED(ignored))
-@@ -756,6 +848,83 @@ static PyObject *py_smbd_have_posix_acls(PyObject *self,
- #endif
- }
- 
-+static PyObject *py_smbd_has_posix_acls(PyObject *self, PyObject *args, PyObject *kwargs)
-+{
-+	const char * const kwnames[] = { "path", NULL };
-+	char *path = NULL;
-+	TALLOC_CTX *frame;
-+	struct statfs fs;
-+	int ret = false;
-+
-+	frame = talloc_stackframe();
-+
-+	if (!PyArg_ParseTupleAndKeywords(args, kwargs, "s|z",
-+					 discard_const_p(char *, kwnames), &path)) {
-+		TALLOC_FREE(frame);
-+		return NULL;
-+	}
-+
-+	if (statfs(path, &fs) != 0) {
-+		TALLOC_FREE(frame);
-+		return NULL;
-+	}
-+
-+	if (fs.f_flags & MNT_ACLS)
-+		ret = true;
-+
-+	TALLOC_FREE(frame);
-+	return PyBool_FromLong(ret);
-+}
-+
-+/*
-+  check if we have NFSv4 ACL support
-+ */
-+static PyObject *py_smbd_have_nfsv4_acls(PyObject *self)
-+{
-+#ifdef HAVE_LIBSUNACL
-+	return PyBool_FromLong(true);
-+#else
-+	return PyBool_FromLong(false);
-+#endif
-+}
-+
-+static PyObject *py_smbd_has_nfsv4_acls(PyObject *self, PyObject *args, PyObject *kwargs)
-+{
-+	const char * const kwnames[] = { "path", NULL };
-+	char *path = NULL;
-+	TALLOC_CTX *frame;
-+	struct statfs fs;
-+	int ret = false;
-+
-+	frame = talloc_stackframe();
-+
-+	if (!PyArg_ParseTupleAndKeywords(args, kwargs, "s|z",
-+					 discard_const_p(char *, kwnames), &path)) {
-+		TALLOC_FREE(frame);
-+		return NULL;
-+	}
-+
-+	if (statfs(path, &fs) != 0) {
-+		TALLOC_FREE(frame);
-+		return NULL;
-+	}
-+
-+	if (fs.f_flags & MNT_NFS4ACLS)
-+		ret = true;
-+
-+	TALLOC_FREE(frame);
-+	return PyBool_FromLong(ret);
-+}
-+
-+
-+static PyObject *py_smbd_set_nfsv4_defaults(PyObject *self)
-+{
-+	/*
-+	 * It is really be done in source3/param/loadparm.c
-+	 */
-+	Py_RETURN_NONE;
-+}
-+
- /*
-   set the NT ACL on a file
-  */
-@@ -1242,10 +1411,28 @@ static PyMethodDef py_smbd_methods[] = {
- 	{ "have_posix_acls",
- 		(PyCFunction)py_smbd_have_posix_acls, METH_NOARGS,
- 		NULL },
-+	{ "has_posix_acls",
-+		PY_DISCARD_FUNC_SIG(PyCFunction, py_smbd_has_posix_acls),
-+		METH_VARARGS|METH_KEYWORDS,
-+		NULL },
-+	{ "have_nfsv4_acls",
-+		(PyCFunction)py_smbd_have_nfsv4_acls, METH_NOARGS,
-+		NULL },
-+	{ "has_nfsv4_acls",
-+		PY_DISCARD_FUNC_SIG(PyCFunction, py_smbd_has_nfsv4_acls),
-+		METH_VARARGS|METH_KEYWORDS,
-+		NULL },
-+	{ "set_nfsv4_defaults",
-+		(PyCFunction)py_smbd_set_nfsv4_defaults, METH_NOARGS,
-+		NULL },
- 	{ "set_simple_acl",
- 		PY_DISCARD_FUNC_SIG(PyCFunction, py_smbd_set_simple_acl),
- 		METH_VARARGS|METH_KEYWORDS,
- 		NULL },
-+	{ "set_simple_nfsv4_acl",
-+		PY_DISCARD_FUNC_SIG(PyCFunction, py_smbd_set_simple_nfsv4_acl),
-+		METH_VARARGS|METH_KEYWORDS,
-+		NULL },
- 	{ "set_nt_acl",
- 		PY_DISCARD_FUNC_SIG(PyCFunction, py_smbd_set_nt_acl),
- 		METH_VARARGS|METH_KEYWORDS,
--- 
-2.37.1
-

net/samba416.old/files/0025-From-d9b748869a8f4018ebee302aae8246bf29f60309-Mon-Se.patch

@@ -1,101 +0,0 @@
-From 6e79023af14210a6435ab18ada8097253b8b16b6 Mon Sep 17 00:00:00 2001
-From: "Timur I. Bakeyev" <timur@FreeBSD.org>
-Date: Mon, 31 May 2021 01:38:49 +0200
-Subject: [PATCH 25/28] From d9b748869a8f4018ebee302aae8246bf29f60309 Mon Sep
- 17 00:00:00 2001 From: "Timur I. Bakeyev" <timur@iXsystems.com> Date: Fri, 1
- Jun 2018 01:35:08 +0800 Subject: [PATCH] vfs_fruit: allow broken
- AFP_Signature where the first byte is 0
-
-FreeBSD bug ... caused the first byte of the AFP_AfpInfo xattr to be 0
-instead of 'A'. This hack allows such broken AFP_AfpInfo blobs to be
-parsed by afpinfo_unpack().
-
-FreeBSD Bug: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=228462
-
-Signed-off-by: Ralph Boehme <slow@samba.org>
-Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
----
- source3/lib/adouble.c       | 20 ++++++++++++++++----
- source3/modules/vfs_fruit.c | 19 ++++++++++++++++++-
- 2 files changed, 34 insertions(+), 5 deletions(-)
-
-diff --git a/source3/lib/adouble.c b/source3/lib/adouble.c
-index aa78007dadd..ca99dcff193 100644
---- a/source3/lib/adouble.c
-+++ b/source3/lib/adouble.c
-@@ -2830,6 +2830,8 @@ ssize_t afpinfo_pack(const AfpInfo *ai, char *buf)
- 	return AFP_INFO_SIZE;
- }
- 
-+#define BROKEN_FREEBSD_AFP_Signature 0x00465000
-+
- /**
-  * Unpack a buffer into a AfpInfo structure
-  *
-@@ -2847,12 +2849,22 @@ AfpInfo *afpinfo_unpack(TALLOC_CTX *ctx, const void *data)
- 	ai->afpi_Version = RIVAL(data, 4);
- 	ai->afpi_BackupTime = RIVAL(data, 12);
- 	memcpy(ai->afpi_FinderInfo, (const char *)data + 16,
--	       sizeof(ai->afpi_FinderInfo));
-+		sizeof(ai->afpi_FinderInfo));
-+
-+	if (ai->afpi_Signature != AFP_Signature) {
-+		DBG_WARNING("Bad AFP signature [%x]\n", ai->afpi_Signature);
-+
-+		if (ai->afpi_Signature != BROKEN_FREEBSD_AFP_Signature) {
-+			DBG_ERR("Bad AfpInfo signature\n");
-+			TALLOC_FREE(ai);
-+			return NULL;
-+		}
-+	}
- 
--	if (ai->afpi_Signature != AFP_Signature
--	    || ai->afpi_Version != AFP_Version) {
--		DEBUG(1, ("Bad AfpInfo signature or version\n"));
-+	if (ai->afpi_Version != AFP_Version) {
-+		DBG_ERR("Bad AfpInfo version\n");
- 		TALLOC_FREE(ai);
-+		return NULL;
- 	}
- 
- 	return ai;
-diff --git a/source3/modules/vfs_fruit.c b/source3/modules/vfs_fruit.c
-index 303df41258e..428f95fd7d9 100644
---- a/source3/modules/vfs_fruit.c
-+++ b/source3/modules/vfs_fruit.c
-@@ -2300,6 +2300,7 @@ static ssize_t fruit_pread_meta_stream(vfs_handle_struct *handle,
- 				       size_t n, off_t offset)
- {
- 	struct fio *fio = fruit_get_complete_fio(handle, fsp);
-+	char *p = (char *)data;
- 	ssize_t nread;
- 	int ret;
- 
-@@ -2308,7 +2309,23 @@ static ssize_t fruit_pread_meta_stream(vfs_handle_struct *handle,
- 	}
- 
- 	nread = SMB_VFS_NEXT_PREAD(handle, fsp, data, n, offset);
--	if (nread == -1 || nread == n) {
-+	if (nread <= 0) {
-+		/*
-+		 * fruit_meta_open_stream() removes O_CREAT flag
-+		 * from xattr open. This results in vfs_streams_xattr
-+		 * not generating an FSP extension for the files_struct
-+		 * and causes subsequent pread() of stream to return
-+		 * nread=0 if pread() occurs before pwrite().
-+		 */
-+		return nread;
-+	}
-+
-+	if (nread == n) {
-+		if (offset == 0 && nread > 3 && p[0] == 0 && p[1] == 'F' && p[2] == 'P') {
-+			DBG_NOTICE("Fixing AFP_Info of [%s]\n",
-+				    fsp_str_dbg(fsp));
-+			p[0] = 'A';
-+		}
- 		return nread;
- 	}
- 
--- 
-2.37.1
-

net/samba416.old/files/0026-vfs-add-a-compatibility-option-to-the-vfs_streams_xa.patch

@@ -1,336 +0,0 @@
-From 2d73ccb27ffcdf419d569260fcca6e9ee3b9538a Mon Sep 17 00:00:00 2001
-From: "Timur I. Bakeyev" <timur@FreeBSD.org>
-Date: Thu, 29 Sep 2022 03:24:26 +0200
-Subject: [PATCH 26/28] vfs: add a compatibility option to the
- vfs_streams_xattr
-
-When enabled, the module does not append a trailing 0
-byte to the end of the extended attribute data.
-
-This is primarily a consideration when the administrator
-wishes to expose extended attributes that have been written
-by another application as alternate data streams via
-Samba.
-
-An example where this parameter may be required is when
-migrating a netatalk share to Samba. See manpage for
-vfs_fruit for additional considerations regarding
-Netatalk and Samba compatibility.
-
-Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
----
- docs-xml/manpages/vfs_streams_xattr.8.xml | 25 ++++++
- source3/modules/vfs_streams_xattr.c       | 95 +++++++++++++++++------
- 2 files changed, 97 insertions(+), 23 deletions(-)
-
-diff --git a/docs-xml/manpages/vfs_streams_xattr.8.xml b/docs-xml/manpages/vfs_streams_xattr.8.xml
-index 6645928c016..0f38d510a82 100644
---- a/docs-xml/manpages/vfs_streams_xattr.8.xml
-+++ b/docs-xml/manpages/vfs_streams_xattr.8.xml
-@@ -71,6 +71,31 @@
- 	    </listitem>
- 	  </varlistentry>
- 
-+	  <varlistentry>
-+	    <term>streams_xattr:xattr_compat = [yes|no]</term>
-+	    <listitem>
-+	      <para>When enabled, the module does not append a trailing 0
-+	      byte to the end of the extended attribute data. This parameter
-+	      must not be changed once data has been written to the share
-+	      since it may result in dropping the last byte from xattr data.
-+
-+	      This is primarily a consideration when the administrator
-+	      wishes to expose extended attributes that have been written
-+	      by another application as alternate data streams via
-+	      Samba.
-+
-+	      An example where this parameter may be required is when
-+	      migrating a netatalk share to Samba. See manpage for
-+	      vfs_fruit for additional considerations regarding
-+	      Netatalk and Samba compatibility.
-+
-+	      WARNING: this parameter must not be changed on existing
-+	      Samba shares or new shares that export paths currently
-+	      or previously have been shared by Samba.
-+	      The default is <command>yes</command>.</para>
-+	    </listitem>
-+	  </varlistentry>
-+
- 	</variablelist>
- 
- </refsect1>
-diff --git a/source3/modules/vfs_streams_xattr.c b/source3/modules/vfs_streams_xattr.c
-index b69a4f342f5..070111e3ee9 100644
---- a/source3/modules/vfs_streams_xattr.c
-+++ b/source3/modules/vfs_streams_xattr.c
-@@ -35,6 +35,7 @@ struct streams_xattr_config {
- 	const char *prefix;
- 	size_t prefix_len;
- 	bool store_stream_type;
-+	int xattr_compat_bytes;
- };
- 
- struct stream_io {
-@@ -45,22 +46,28 @@ struct stream_io {
- 	vfs_handle_struct *handle;
- };
- 
--static ssize_t get_xattr_size_fsp(struct files_struct *fsp,
-+static ssize_t get_xattr_size_fsp(vfs_handle_struct *handle,
-+				  struct files_struct *fsp,
- 			          const char *xattr_name)
- {
- 	NTSTATUS status;
- 	struct ea_struct ea;
- 	ssize_t result;
-+	struct streams_xattr_config *config = NULL;
-+
-+	SMB_VFS_HANDLE_GET_DATA(handle, config, struct streams_xattr_config,
-+				return -1);
- 
- 	status = get_ea_value_fsp(talloc_tos(),
- 				  fsp,
- 				  xattr_name,
- 				  &ea);
-+
- 	if (!NT_STATUS_IS_OK(status)) {
- 		return -1;
- 	}
- 
--	result = ea.value.length-1;
-+	result = ea.value.length - config->xattr_compat_bytes;
- 	TALLOC_FREE(ea.value.data);
- 	return result;
- }
-@@ -197,7 +204,8 @@ static int streams_xattr_fstat(vfs_handle_struct *handle, files_struct *fsp,
- 		return -1;
- 	}
- 
--	sbuf->st_ex_size = get_xattr_size_fsp(fsp->base_fsp,
-+	sbuf->st_ex_size = get_xattr_size_fsp(handle,
-+					      fsp->base_fsp,
- 					      io->xattr_name);
- 	if (sbuf->st_ex_size == -1) {
- 		SET_STAT_INVALID(*sbuf);
-@@ -273,7 +281,7 @@ static int streams_xattr_stat(vfs_handle_struct *handle,
- 		fsp = fsp->base_fsp;
- 	}
- 
--	smb_fname->st.st_ex_size = get_xattr_size_fsp(fsp,
-+	smb_fname->st.st_ex_size = get_xattr_size_fsp(handle, fsp,
- 						      xattr_name);
- 	if (smb_fname->st.st_ex_size == -1) {
- 		TALLOC_FREE(xattr_name);
-@@ -308,6 +316,7 @@ static int streams_xattr_lstat(vfs_handle_struct *handle,
- 		errno = ENOENT;
- 		return -1;
- 	}
-+
- 	return SMB_VFS_NEXT_LSTAT(handle, smb_fname);
- }
- 
-@@ -346,6 +355,11 @@ static int streams_xattr_openat(struct vfs_handle_struct *handle,
- 	/*
- 	 * For now assert this, so the below SMB_VFS_SETXATTR() works.
- 	 */
-+#ifdef O_EMPTY_PATH
-+	if (flags & O_EMPTY_PATH) {
-+		return vfs_fake_fd();
-+	}
-+#endif
- 	SMB_ASSERT(fsp_get_pathref_fd(dirfsp) == AT_FDCWD);
- 
- 	status = streams_xattr_get_name(handle, talloc_tos(),
-@@ -355,6 +369,8 @@ static int streams_xattr_openat(struct vfs_handle_struct *handle,
- 		goto fail;
- 	}
- 
-+	fsp->fsp_flags.have_proc_fds = fsp->conn->have_proc_fds;
-+
- 	status = get_ea_value_fsp(talloc_tos(),
- 				  fsp->base_fsp,
- 				  xattr_name,
-@@ -393,7 +409,8 @@ static int streams_xattr_openat(struct vfs_handle_struct *handle,
- 		 */
- 
- 		/*
--		 * Darn, xattrs need at least 1 byte
-+		 * If xattr_compat_bytes is set we need to
-+		 * provide one extra trailing byte
- 		 */
- 		char null = '\0';
- 
-@@ -402,7 +419,8 @@ static int streams_xattr_openat(struct vfs_handle_struct *handle,
- 
- 		ret = SMB_VFS_FSETXATTR(fsp->base_fsp,
- 				       xattr_name,
--				       &null, sizeof(null),
-+				       (config->xattr_compat_bytes) ? &null : NULL,
-+				       (config->xattr_compat_bytes) ? sizeof(null) : 0,
- 				       flags & O_EXCL ? XATTR_CREATE : 0);
- 		if (ret != 0) {
- 			goto fail;
-@@ -411,13 +429,13 @@ static int streams_xattr_openat(struct vfs_handle_struct *handle,
- 
- 	fakefd = vfs_fake_fd();
- 
--        sio = VFS_ADD_FSP_EXTENSION(handle, fsp, struct stream_io, NULL);
--        if (sio == NULL) {
--                errno = ENOMEM;
--                goto fail;
--        }
-+	sio = VFS_ADD_FSP_EXTENSION(handle, fsp, struct stream_io, NULL);
-+	if (sio == NULL) {
-+		errno = ENOMEM;
-+		goto fail;
-+	}
- 
--        sio->xattr_name = talloc_strdup(VFS_MEMCTX_FSP_EXTENSION(handle, fsp),
-+	sio->xattr_name = talloc_strdup(VFS_MEMCTX_FSP_EXTENSION(handle, fsp),
- 					xattr_name);
- 	if (sio->xattr_name == NULL) {
- 		errno = ENOMEM;
-@@ -823,12 +841,16 @@ static bool collect_one_stream(struct ea_struct *ea, void *private_data)
- {
- 	struct streaminfo_state *state =
- 		(struct streaminfo_state *)private_data;
-+	struct streams_xattr_config *config = NULL;
-+
-+	SMB_VFS_HANDLE_GET_DATA(state->handle, config, struct streams_xattr_config,
-+				return false);
- 
- 	if (!add_one_stream(state->mem_ctx,
- 			    &state->num_streams, &state->streams,
--			    ea->name, ea->value.length-1,
-+			    ea->name, ea->value.length - config->xattr_compat_bytes,
- 			    smb_roundup(state->handle->conn,
--					ea->value.length-1))) {
-+					ea->value.length - config->xattr_compat_bytes))) {
- 		state->status = NT_STATUS_NO_MEMORY;
- 		return false;
- 	}
-@@ -890,6 +912,7 @@ static int streams_xattr_connect(vfs_handle_struct *handle,
- 	const char *default_prefix = SAMBA_XATTR_DOSSTREAM_PREFIX;
- 	const char *prefix;
- 	int rc;
-+	bool xattr_compat;
- 
- 	rc = SMB_VFS_NEXT_CONNECT(handle, service, user);
- 	if (rc != 0) {
-@@ -920,6 +943,13 @@ static int streams_xattr_connect(vfs_handle_struct *handle,
- 						 "store_stream_type",
- 						 true);
- 
-+	xattr_compat = lp_parm_bool(SNUM(handle->conn),
-+				    "streams_xattr",
-+				    "xattr_compat",
-+				    true);
-+
-+        config->xattr_compat_bytes = xattr_compat ? 0 : 1;
-+
- 	SMB_VFS_HANDLE_SET_DATA(handle, config,
- 				NULL, struct stream_xattr_config,
- 				return -1);
-@@ -936,6 +966,7 @@ static ssize_t streams_xattr_pwrite(vfs_handle_struct *handle,
- 	struct ea_struct ea;
- 	NTSTATUS status;
- 	int ret;
-+	struct streams_xattr_config *config = NULL;
- 
- 	DEBUG(10, ("streams_xattr_pwrite called for %d bytes\n", (int)n));
- 
-@@ -947,6 +978,9 @@ static ssize_t streams_xattr_pwrite(vfs_handle_struct *handle,
- 		return -1;
- 	}
- 
-+	SMB_VFS_HANDLE_GET_DATA(handle, config, struct streams_xattr_config,
-+				return -1);
-+
- 	if ((offset + n) >= lp_smbd_max_xattr_size(SNUM(handle->conn))) {
- 		/*
- 		 * Requested write is beyond what can be read based on
-@@ -976,11 +1010,11 @@ static ssize_t streams_xattr_pwrite(vfs_handle_struct *handle,
- 		return -1;
- 	}
- 
--        if ((offset + n) > ea.value.length-1) {
-+        if ((offset + n) > ea.value.length - config->xattr_compat_bytes) {
- 		uint8_t *tmp;
- 
- 		tmp = talloc_realloc(talloc_tos(), ea.value.data, uint8_t,
--					   offset + n + 1);
-+					   offset + n + config->xattr_compat_bytes);
- 
- 		if (tmp == NULL) {
- 			TALLOC_FREE(ea.value.data);
-@@ -988,8 +1022,10 @@ static ssize_t streams_xattr_pwrite(vfs_handle_struct *handle,
-                         return -1;
-                 }
- 		ea.value.data = tmp;
--		ea.value.length = offset + n + 1;
--		ea.value.data[offset+n] = 0;
-+		ea.value.length = offset + n + config->xattr_compat_bytes;
-+		if (config->xattr_compat_bytes) {
-+			ea.value.data[offset+n] = 0;
-+		}
-         }
- 
-         memcpy(ea.value.data + offset, data, n);
-@@ -1017,6 +1053,11 @@ static ssize_t streams_xattr_pread(vfs_handle_struct *handle,
- 	struct ea_struct ea;
- 	NTSTATUS status;
- 	size_t length, overlap;
-+	struct smb_filename *smb_fname_base = NULL;
-+	struct streams_xattr_config *config = NULL;
-+
-+	SMB_VFS_HANDLE_GET_DATA(handle, config, struct streams_xattr_config,
-+				return -1);
- 
- 	DEBUG(10, ("streams_xattr_pread: offset=%d, size=%d\n",
- 		   (int)offset, (int)n));
-@@ -1037,7 +1078,7 @@ static ssize_t streams_xattr_pread(vfs_handle_struct *handle,
- 		return -1;
- 	}
- 
--	length = ea.value.length-1;
-+	length = ea.value.length - config->xattr_compat_bytes;
- 
- 	DBG_DEBUG("get_ea_value_fsp returned %d bytes\n",
- 		   (int)length);
-@@ -1225,6 +1266,12 @@ static int streams_xattr_ftruncate(struct vfs_handle_struct *handle,
-         struct stream_io *sio =
- 		(struct stream_io *)VFS_FETCH_FSP_EXTENSION(handle, fsp);
- 
-+	struct smb_filename *smb_fname_base = NULL;
-+	struct streams_xattr_config *config = NULL;
-+
-+	SMB_VFS_HANDLE_GET_DATA(handle, config, struct streams_xattr_config,
-+				return -1);
-+
- 	DEBUG(10, ("streams_xattr_ftruncate called for file %s offset %.0f\n",
- 		   fsp_str_dbg(fsp), (double)offset));
- 
-@@ -1254,14 +1301,16 @@ static int streams_xattr_ftruncate(struct vfs_handle_struct *handle,
- 	}
- 
- 	/* Did we expand ? */
--	if (ea.value.length < offset + 1) {
-+	if (ea.value.length < offset + config->xattr_compat_bytes) {
- 		memset(&tmp[ea.value.length], '\0',
--			offset + 1 - ea.value.length);
-+			offset + config->xattr_compat_bytes - ea.value.length);
- 	}
- 
- 	ea.value.data = tmp;
--	ea.value.length = offset + 1;
--	ea.value.data[offset] = 0;
-+	ea.value.length = offset + config->xattr_compat_bytes;
-+	if (config->xattr_compat_bytes) {
-+		ea.value.data[offset] = 0;
-+	}
- 
- 	ret = SMB_VFS_FSETXATTR(fsp->base_fsp,
- 				sio->xattr_name,
--- 
-2.37.1
-

net/samba416.old/files/0027-Add-VFS-module-vfs_freebsd-that-implements-FreeBSD-s.patch

@@ -1,932 +0,0 @@
-From f07e384150e53b18c3ea298f9a1ea588fb89e19b Mon Sep 17 00:00:00 2001
-From: "Timur I. Bakeyev" <timur@FreeBSD.org>
-Date: Sat, 29 May 2021 03:58:01 +0200
-Subject: [PATCH 27/28] Add VFS module vfs_freebsd that implements FreeBSD
- specific wrappers to some VFS functions.
-
-At the moment that is configurable mapping between Linux xattrs and
-FreeBSD extended attributes.
-
-Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
----
- docs-xml/manpages/vfs_freebsd.8.xml | 169 +++++++
- docs-xml/wscript_build              |   1 +
- source3/modules/vfs_freebsd.c       | 699 ++++++++++++++++++++++++++++
- source3/modules/wscript_build       |   7 +
- 4 files changed, 876 insertions(+)
- create mode 100644 docs-xml/manpages/vfs_freebsd.8.xml
- create mode 100644 source3/modules/vfs_freebsd.c
-
-diff --git a/docs-xml/manpages/vfs_freebsd.8.xml b/docs-xml/manpages/vfs_freebsd.8.xml
-new file mode 100644
-index 00000000000..6640a1c51f7
---- /dev/null
-+++ b/docs-xml/manpages/vfs_freebsd.8.xml
-@@ -0,0 +1,169 @@
-+<?xml version="1.0" encoding="iso-8859-1"?>
-+<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
-+<refentry id="vfs_freebsd.8">
-+
-+<refmeta>
-+	<refentrytitle>vfs_freebsd</refentrytitle>
-+	<manvolnum>8</manvolnum>
-+	<refmiscinfo class="source">Samba</refmiscinfo>
-+	<refmiscinfo class="manual">System Administration tools</refmiscinfo>
-+	<refmiscinfo class="version">&doc.version;</refmiscinfo>
-+</refmeta>
-+
-+<refnamediv>
-+	<refname>vfs_freebsd</refname>
-+	<refpurpose>FreeBSD-specific VFS functions</refpurpose>
-+</refnamediv>
-+
-+<refsynopsisdiv>
-+	<cmdsynopsis>
-+		<command>vfs objects = freebsd</command>
-+	</cmdsynopsis>
-+</refsynopsisdiv>
-+
-+<refsect1>
-+	<title>DESCRIPTION</title>
-+
-+	<para>This VFS module is part of the <citerefentry><refentrytitle>samba</refentrytitle>
-+	<manvolnum>7</manvolnum></citerefentry> suite.</para>
-+
-+	<para>The <command>vfs_freebsd</command> module implements some of the FreeBSD-specific VFS functions.</para>
-+
-+	<para>This module is stackable.</para>
-+</refsect1>
-+
-+
-+<refsect1>
-+	<title>OPTIONS</title>
-+
-+	<variablelist>
-+
-+	<varlistentry>
-+		<term>freebsd:extattr mode=[legacy|compat|secure]</term>
-+		<listitem>
-+		<para>This parameter defines how the emulation of the Linux attr(5) extended attributes
-+		is performed through the FreeBSD native extattr(9) system calls.</para>
-+
-+		<para>Currently the <emphasis>security</emphasis>, <emphasis>system</emphasis>,
-+		<emphasis>trusted</emphasis> and <emphasis>user</emphasis> extended attribute(xattr)
-+		classes are defined in Linux. Contrary FreeBSD has only <emphasis>USER</emphasis>
-+		and <emphasis>SYSTEM</emphasis> extended attribute(extattr) namespaces, so mapping
-+		of one set into another isn't straightforward and can be done in different ways.</para>
-+
-+		<para>Historically the Samba(7) built-in xattr mapping implementation simply converted
-+		<emphasis>system</emphasis> and <emphasis>user</emphasis> xattr into corresponding
-+		<emphasis>SYSTEM</emphasis> and <emphasis>USER</emphasis> extattr namespaces, dropping
-+		the class prefix name with the separating dot and using attribute name only within the
-+		mapped namespace. It also rejected any other xattr classes, like <emphasis>security</emphasis>
-+		and <emphasis>trusted</emphasis> as invalid. Such behavior in particular broke AD
-+		provisioning on UFS2 file systems as essential <emphasis>security.NTACL</emphasis>
-+		xattr was rejected as invalid.</para>
-+
-+		<para>This module tries to address this problem and provide secure, where it's possible,
-+		way to map Linux xattr into FreeBSD's extattr.</para>
-+
-+		<para>When <emphasis>mode</emphasis> is set to the <emphasis>legacy (default)</emphasis>
-+		then modified version of built-in mapping is used, where <emphasis>system</emphasis> xattr
-+		is mapped into SYSTEM namespace, while <emphasis>secure</emphasis>, <emphasis>trusted</emphasis>
-+		and <emphasis>user</emphasis> xattr are all mapped into the USER namespace, dropping class
-+		prefixes and mix them all together. This is the way how Samba FreeBSD ports were patched
-+		up to the 4.9 version and that created multiple potential security issues. This mode is aimed for
-+		the compatibility with the legacy installations only and should be avoided in new setups.</para>
-+
-+		<para>The <emphasis>compat</emphasis> mode is mostly designed for the jailed environments,
-+		where it's not possible to write extattrs into the secure SYSTEM namespace, so all four
-+		classes are mapped into the USER namespace. To preserve information about origin of the
-+		extended attribute it is stored together with the class preffix in the <emphasis>class.attribute</emphasis>
-+		format.</para>
-+
-+		<para>The <emphasis>secure</emphasis> mode is meant for storing extended attributes in a secure
-+		manner, so that <emphasis>security</emphasis>, <emphasis>system</emphasis> and <emphasis>trusted</emphasis>
-+		are stored in the SYSTEM namespace, which can be modified only by root.
-+		</para>
-+		</listitem>
-+	</varlistentry>
-+
-+
-+	</variablelist>
-+</refsect1>
-+
-+<refsect1>
-+	<table frame="all" rowheader="firstcol">
-+		<title>Attributes mapping</title>
-+		<tgroup cols='5' align='left' colsep='1' rowsep='1'>
-+		<thead>
-+			<row>
-+			<entry> </entry>
-+			<entry>built-in</entry>
-+			<entry>legacy</entry>
-+			<entry>compat/jail</entry>
-+			<entry>secure</entry>
-+			</row>
-+		</thead>
-+		<tbody>
-+			<row>
-+			<entry>user</entry>
-+			<entry>USER; attribute</entry>
-+			<entry>USER; attribute</entry>
-+			<entry>USER; user.attribute</entry>
-+			<entry>USER; user.attribute</entry>
-+			</row>
-+			<row>
-+			<entry>system</entry>
-+			<entry>SYSTEM; attribute</entry>
-+			<entry>SYSTEM; attribute</entry>
-+			<entry>USER; system.attribute</entry>
-+			<entry>SYSTEM; system.attribute</entry>
-+			</row>
-+			<row>
-+			<entry>trusted</entry>
-+			<entry>FAIL</entry>
-+			<entry>USER; attribute</entry>
-+			<entry>USER; trusted.attribute</entry>
-+			<entry>SYSTEM; trusted.attribute</entry>
-+			</row>
-+			<row>
-+			<entry>security</entry>
-+			<entry>FAIL</entry>
-+			<entry>USER; attribute</entry>
-+			<entry>USER; security.attribute</entry>
-+			<entry>SYSTEM; security.attribute</entry>
-+			</row>
-+		</tbody>
-+		</tgroup>
-+	</table>
-+</refsect1>
-+
-+<refsect1>
-+	<title>EXAMPLES</title>
-+
-+	<para>Use secure method of setting extended attributes on the share:</para>
-+
-+<programlisting>
-+	<smbconfsection name="[sysvol]"/>
-+	<smbconfoption name="vfs objects">freebsd</smbconfoption>
-+	<smbconfoption name="freebsd:extattr mode">secure</smbconfoption>
-+</programlisting>
-+
-+</refsect1>
-+
-+<refsect1>
-+	<title>VERSION</title>
-+
-+	<para>This man page is part of version &doc.version; of the Samba suite.
-+	</para>
-+</refsect1>
-+
-+<refsect1>
-+	<title>AUTHOR</title>
-+
-+	<para>The original Samba software and related utilities
-+	were created by Andrew Tridgell. Samba is now developed
-+	by the Samba Team as an Open Source project similar
-+	to the way the Linux kernel is developed.</para>
-+
-+	<para>This module was written by Timur I. Bakeyev</para>
-+
-+</refsect1>
-+
-+</refentry>
-diff --git a/docs-xml/wscript_build b/docs-xml/wscript_build
-index c8c4b68e514..4dc4b34ca40 100644
---- a/docs-xml/wscript_build
-+++ b/docs-xml/wscript_build
-@@ -86,6 +86,7 @@ vfs_module_manpages = ['vfs_acl_tdb',
-                        'vfs_extd_audit',
-                        'vfs_fake_perms',
-                        'vfs_fileid',
-+                       'vfs_freebsd',
-                        'vfs_fruit',
-                        'vfs_full_audit',
-                        'vfs_glusterfs',
-diff --git a/source3/modules/vfs_freebsd.c b/source3/modules/vfs_freebsd.c
-new file mode 100644
-index 00000000000..07d26d9c516
---- /dev/null
-+++ b/source3/modules/vfs_freebsd.c
-@@ -0,0 +1,699 @@
-+/*
-+ * This module implements VFS calls specific to FreeBSD
-+ *
-+ * Copyright (C) Timur I. Bakeyev, 2018
-+ *
-+ * This program is free software; you can redistribute it and/or modify
-+ * it under the terms of the GNU General Public License as published by
-+ * the Free Software Foundation; either version 3 of the License, or
-+ * (at your option) any later version.
-+ *
-+ * This program is distributed in the hope that it will be useful,
-+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-+ * GNU General Public License for more details.
-+ *
-+ * You should have received a copy of the GNU General Public License
-+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ */
-+
-+#include "includes.h"
-+
-+#include "lib/util/tevent_unix.h"
-+#include "lib/util/tevent_ntstatus.h"
-+#include "system/filesys.h"
-+#include "smbd/smbd.h"
-+
-+#include <sys/sysctl.h>
-+
-+static int vfs_freebsd_debug_level = DBGC_VFS;
-+
-+#undef DBGC_CLASS
-+#define DBGC_CLASS vfs_freebsd_debug_level
-+
-+#ifndef EXTATTR_MAXNAMELEN
-+#define EXTATTR_MAXNAMELEN		UINT8_MAX
-+#endif
-+
-+#define EXTATTR_NAMESPACE(NS)		EXTATTR_NAMESPACE_ ## NS, \
-+					EXTATTR_NAMESPACE_ ## NS ## _STRING ".", \
-+					.data.len = (sizeof(EXTATTR_NAMESPACE_ ## NS ## _STRING ".") - 1)
-+
-+#define EXTATTR_EMPTY			0x00
-+#define EXTATTR_USER			0x01
-+#define EXTATTR_SYSTEM			0x02
-+#define EXTATTR_SECURITY		0x03
-+#define EXTATTR_TRUSTED			0x04
-+
-+enum extattr_mode {
-+	FREEBSD_EXTATTR_SECURE,
-+	FREEBSD_EXTATTR_COMPAT,
-+	FREEBSD_EXTATTR_LEGACY
-+};
-+
-+struct freebsd_handle_data {
-+	enum extattr_mode extattr_mode;
-+};
-+
-+typedef struct {
-+	int namespace;
-+	char name[EXTATTR_MAXNAMELEN+1];
-+	union {
-+		uint16_t len;
-+		uint16_t flags;
-+	} data;
-+} extattr_attr;
-+
-+static const struct enum_list extattr_mode_param[] = {
-+	{ FREEBSD_EXTATTR_SECURE, "secure" },		/*  */
-+	{ FREEBSD_EXTATTR_COMPAT, "compat" },		/*  */
-+	{ FREEBSD_EXTATTR_LEGACY, "legacy" },		/*  */
-+	{ -1, NULL }
-+};
-+
-+/* XXX: This order doesn't match namespace ids order! */
-+static extattr_attr extattr[] = {
-+	{ EXTATTR_NAMESPACE(EMPTY) },
-+	{ EXTATTR_NAMESPACE(SYSTEM) },
-+	{ EXTATTR_NAMESPACE(USER) },
-+};
-+
-+
-+static bool freebsd_in_jail(void) {
-+	int val = 0;
-+	size_t val_len = sizeof(val);
-+
-+	if((sysctlbyname("security.jail.jailed", &val, &val_len, NULL, 0) != -1) && val == 1) {
-+		return true;
-+	}
-+	return false;
-+}
-+
-+
-+static uint16_t freebsd_map_attrname(const char *name)
-+{
-+	if(name == NULL || name[0] == '\0') {
-+		return EXTATTR_EMPTY;
-+	}
-+
-+	switch(name[0]) {
-+		case 'u':
-+			if(strncmp(name, "user.", 5) == 0)
-+				return EXTATTR_USER;
-+			break;
-+		case 't':
-+			if(strncmp(name, "trusted.", 8) == 0)
-+				return EXTATTR_TRUSTED;
-+			break;
-+		case 's':
-+			/* name[1] could be any character, including '\0' */
-+			switch(name[1]) {
-+				case 'e':
-+					if(strncmp(name, "security.", 9) == 0)
-+						return EXTATTR_SECURITY;
-+					break;
-+				case 'y':
-+					if(strncmp(name, "system.", 7) == 0)
-+						return EXTATTR_SYSTEM;
-+					break;
-+			}
-+			break;
-+	}
-+	return EXTATTR_USER;
-+}
-+
-+
-+/* security, system, trusted or user */
-+static extattr_attr* freebsd_map_xattr(enum extattr_mode extattr_mode, const char *name, extattr_attr *attr)
-+{
-+	int attrnamespace = EXTATTR_NAMESPACE_EMPTY;
-+	const char *p, *attrname = name;
-+
-+	if(name == NULL || name[0] == '\0') {
-+		return NULL;
-+	}
-+
-+	if(attr == NULL) {
-+		return NULL;
-+	}
-+
-+	uint16_t flags = freebsd_map_attrname(name);
-+
-+	switch(flags) {
-+		case EXTATTR_SECURITY:
-+		case EXTATTR_TRUSTED:
-+		case EXTATTR_SYSTEM:
-+			attrnamespace = (extattr_mode == FREEBSD_EXTATTR_SECURE) ?
-+					EXTATTR_NAMESPACE_SYSTEM :
-+					EXTATTR_NAMESPACE_USER;
-+			break;
-+		case EXTATTR_USER:
-+			attrnamespace = EXTATTR_NAMESPACE_USER;
-+			break;
-+		default:
-+			/* Default to "user" namespace if nothing else was specified */
-+			attrnamespace = EXTATTR_NAMESPACE_USER;
-+			flags = EXTATTR_USER;
-+			break;
-+	}
-+
-+	if (extattr_mode == FREEBSD_EXTATTR_LEGACY) {
-+		switch(flags) {
-+			case EXTATTR_SECURITY:
-+				attrname = name + 9;
-+				break;
-+			case EXTATTR_TRUSTED:
-+				attrname = name + 8;
-+				break;
-+			case EXTATTR_SYSTEM:
-+				attrname = name + 7;
-+				break;
-+			case EXTATTR_USER:
-+				attrname = name + 5;
-+				break;
-+			default:
-+				attrname = ((p=strchr(name, '.')) != NULL) ? p + 1 : name;
-+				break;
-+		}
-+	}
-+
-+	attr->namespace = attrnamespace;
-+	attr->data.flags = flags;
-+	strlcpy(attr->name, attrname, EXTATTR_MAXNAMELEN + 1);
-+
-+	return attr;
-+}
-+
-+
-+static ssize_t extattr_size(struct files_struct *fsp, extattr_attr *attr)
-+{
-+	ssize_t result;
-+
-+	SMB_ASSERT(!fsp_is_alternate_stream(fsp));
-+
-+	int fd = fsp_get_pathref_fd(fsp);
-+
-+	if (fsp->fsp_flags.is_pathref) {
-+		const char *path = fsp->fsp_name->base_name;
-+		if (fsp->fsp_flags.have_proc_fds) {
-+			char buf[PATH_MAX];
-+			path = sys_proc_fd_path(fd, buf, sizeof(buf));
-+			if (path == NULL) {
-+				return -1;
-+			}
-+		}
-+		/*
-+		 * This is no longer a handle based call.
-+		 */
-+		return extattr_get_file(path, attr->namespace, attr->name, NULL, 0);
-+	}
-+	else {
-+		return extattr_get_fd(fd, attr->namespace, attr->name, NULL, 0);
-+	}
-+}
-+
-+/*
-+ * The list of names is returned as an unordered array of NULL-terminated
-+ * character strings (attribute names are separated by NULL characters),
-+ * like this:
-+ *      user.name1\0system.name1\0user.name2\0
-+ *
-+ * Filesystems like ext2, ext3 and XFS which implement POSIX ACLs using
-+ * extended attributes, might return a list like this:
-+ *      system.posix_acl_access\0system.posix_acl_default\0
-+ */
-+/*
-+ * The extattr_list_file() returns a list of attributes present in the
-+ * requested namespace. Each list entry consists of a single byte containing
-+ * the length of the attribute name, followed by the attribute name. The
-+ * attribute name is not terminated by ASCII 0 (nul).
-+*/
-+static ssize_t freebsd_extattr_list(struct files_struct *fsp, enum extattr_mode extattr_mode, char *list, size_t size)
-+{
-+	ssize_t list_size, total_size = 0;
-+	char *p, *q, *list_end;
-+	int len;
-+	/*
-+	 Ignore all but user namespace when we are not root or in jail
-+	 See: https://bugzilla.samba.org/show_bug.cgi?id=10247
-+	*/
-+	bool as_root = (geteuid() == 0);
-+
-+	int ns = (extattr_mode == FREEBSD_EXTATTR_SECURE && as_root) ? 1 : 2;
-+
-+	int fd = fsp_get_pathref_fd(fsp);
-+
-+	/* Iterate through extattr(2) namespaces */
-+	for(; ns < ARRAY_SIZE(extattr); ns++) {
-+		list_size = -1;
-+
-+		if (fsp->fsp_flags.is_pathref) {
-+			const char *path = fsp->fsp_name->base_name;
-+			if (fsp->fsp_flags.have_proc_fds) {
-+				char buf[PATH_MAX];
-+				path = sys_proc_fd_path(fd, buf, sizeof(buf));
-+				if (path == NULL) {
-+					return -1;
-+				}
-+			}
-+			/*
-+			 * This is no longer a handle based call.
-+			 */
-+			list_size = extattr_list_file(path, extattr[ns].namespace, list, size);
-+		}
-+		else {
-+			list_size = extattr_list_fd(fd, extattr[ns].namespace, list, size);
-+		}
-+		/* Some error happend. Errno should be set by the previous call */
-+		if(list_size < 0)
-+			return -1;
-+		/* No attributes in this namespace */
-+		if(list_size == 0)
-+			continue;
-+		/*
-+		 Call with an empty buffer may be used to calculate
-+		 necessary buffer size.
-+		*/
-+		if(list == NULL) {
-+			/*
-+			 XXX: Unfortunately, we can't say, how many attributes were
-+			 returned, so here is the potential problem with the emulation.
-+			*/
-+			if(extattr_mode == FREEBSD_EXTATTR_LEGACY) {
-+				/*
-+				 Take the worse case of one char attribute names -
-+				 two bytes per name plus one more for sanity.
-+				*/
-+				total_size += list_size + (list_size/2 + 1)*extattr[ns].data.len;
-+			}
-+			else {
-+				total_size += list_size;
-+			}
-+			continue;
-+		}
-+
-+		if(extattr_mode == FREEBSD_EXTATTR_LEGACY) {
-+			/* Count necessary offset to fit namespace prefixes */
-+			int extra_len = 0;
-+			uint16_t flags;
-+			list_end = list + list_size;
-+			for(list_size = 0, p = q = list; p < list_end; p += len) {
-+				len = p[0] + 1;
-+				(void)strlcpy(q, p + 1, len);
-+				flags = freebsd_map_attrname(q);
-+				/* Skip secure attributes for non-root user */
-+				if(extattr_mode != FREEBSD_EXTATTR_SECURE && !as_root && flags > EXTATTR_USER) {
-+					continue;
-+				}
-+				if(flags <= EXTATTR_USER) {
-+					/* Don't count trailing '\0' */
-+					extra_len += extattr[ns].data.len;
-+				}
-+				list_size += len;
-+				q += len;
-+			}
-+			total_size += list_size + extra_len;
-+			/* Buffer is too small to fit the results */
-+			if(total_size > size) {
-+				errno = ERANGE;
-+				return -1;
-+			}
-+			/* Shift results backwards, so we can prepend prefixes */
-+			list_end = list + extra_len;
-+			p = (char*)memmove(list_end, list, list_size);
-+			/*
-+			 We enter the loop with `p` pointing to the shifted list and
-+			 `extra_len` having the total margin between `list` and `p`
-+			*/
-+			for(list_end += list_size; p < list_end; p += len) {
-+				len = strlen(p) + 1;
-+				flags = freebsd_map_attrname(p);
-+				if(flags <= EXTATTR_USER) {
-+					/* Add namespace prefix */
-+					(void)strncpy(list, extattr[ns].name, extattr[ns].data.len);
-+					list += extattr[ns].data.len;
-+				}
-+				/* Append attribute name */
-+				(void)strlcpy(list, p, len);
-+				list += len;
-+			}
-+		}
-+		else {
-+			/* Convert UCSD strings into nul-terminated strings */
-+			for(list_end = list + list_size; list < list_end; list += len) {
-+				len = list[0] + 1;
-+				(void)strlcpy(list, list + 1, len);
-+			}
-+			total_size += list_size;
-+		}
-+	}
-+	return total_size;
-+}
-+
-+/*
-+static ssize_t freebsd_fgetxattr_size(struct vfs_handle_struct *handle,
-+				     struct files_struct *fsp,
-+				     const char *name)
-+{
-+	struct freebsd_handle_data *data;
-+	extattr_attr attr;
-+
-+	SMB_ASSERT(!fsp_is_alternate_stream(fsp));
-+
-+	SMB_VFS_HANDLE_GET_DATA(handle, data,
-+				struct freebsd_handle_data,
-+				return -1);
-+
-+	if(!freebsd_map_xattr(data->extattr_mode, name, &attr)) {
-+		errno = EINVAL;
-+		return -1;
-+	}
-+
-+	if(data->extattr_mode != FREEBSD_EXTATTR_SECURE && geteuid() != 0 && attr.data.flags > EXTATTR_USER) {
-+		errno = ENOATTR;
-+		return -1;
-+	}
-+
-+	return extattr_size(fsp, &attr);
-+}
-+*/
-+
-+/* VFS entries */
-+static ssize_t freebsd_fgetxattr(struct vfs_handle_struct *handle,
-+				 struct files_struct *fsp,
-+				 const char *name,
-+				 void *value,
-+				 size_t size)
-+{
-+#if defined(HAVE_XATTR_EXTATTR)
-+	struct freebsd_handle_data *data;
-+	extattr_attr attr;
-+	ssize_t res;
-+	int fd;
-+
-+	SMB_ASSERT(!fsp_is_alternate_stream(fsp));
-+
-+	SMB_VFS_HANDLE_GET_DATA(handle, data,
-+				struct freebsd_handle_data,
-+				return -1);
-+
-+	if(!freebsd_map_xattr(data->extattr_mode, name, &attr)) {
-+		errno = EINVAL;
-+		return -1;
-+	}
-+
-+	/* Filter out 'secure' entries */
-+	if(data->extattr_mode != FREEBSD_EXTATTR_SECURE && geteuid() != 0 && attr.data.flags > EXTATTR_USER) {
-+		errno = ENOATTR;
-+		return -1;
-+	}
-+
-+	/*
-+	 * The BSD implementation has a nasty habit of silently truncating
-+	 * the returned value to the size of the buffer, so we have to check
-+	 * that the buffer is large enough to fit the returned value.
-+	 */
-+	if((res=extattr_size(fsp, &attr)) < 0) {
-+		return -1;
-+	}
-+
-+	if (size == 0) {
-+		return res;
-+	}
-+	else if (res > size) {
-+		errno = ERANGE;
-+		return -1;
-+	}
-+
-+	fd = fsp_get_pathref_fd(fsp);
-+
-+	if (fsp->fsp_flags.is_pathref) {
-+		const char *path = fsp->fsp_name->base_name;
-+		if (fsp->fsp_flags.have_proc_fds) {
-+			char buf[PATH_MAX];
-+			path = sys_proc_fd_path(fd, buf, sizeof(buf));
-+			if (path == NULL) {
-+				return -1;
-+			}
-+		}
-+		/*
-+		 * This is no longer a handle based call.
-+		 */
-+		return extattr_get_file(path, attr.namespace, attr.name, value, size);
-+	}
-+	else {
-+		return extattr_get_fd(fd, attr.namespace, attr.name, value, size);
-+	}
-+	return -1;
-+#else
-+	errno = ENOSYS;
-+	return -1;
-+#endif
-+}
-+
-+
-+static ssize_t freebsd_flistxattr(struct vfs_handle_struct *handle,
-+				  struct files_struct *fsp,
-+				  char *list,
-+				  size_t size)
-+{
-+#if defined(HAVE_XATTR_EXTATTR)
-+	struct freebsd_handle_data *data;
-+
-+	SMB_ASSERT(!fsp_is_alternate_stream(fsp));
-+
-+	SMB_VFS_HANDLE_GET_DATA(handle, data,
-+				struct freebsd_handle_data,
-+				return -1);
-+
-+	return freebsd_extattr_list(fsp, data->extattr_mode, list, size);
-+#else
-+	errno = ENOSYS;
-+	return -1;
-+#endif
-+}
-+
-+
-+static int freebsd_fremovexattr(struct vfs_handle_struct *handle,
-+				struct files_struct *fsp,
-+				const char *name)
-+{
-+#if defined(HAVE_XATTR_EXTATTR)
-+	struct freebsd_handle_data *data;
-+	extattr_attr attr;
-+	int fd;
-+
-+	SMB_ASSERT(!fsp_is_alternate_stream(fsp));
-+
-+	SMB_VFS_HANDLE_GET_DATA(handle, data,
-+				struct freebsd_handle_data,
-+				return -1);
-+
-+	if(!freebsd_map_xattr(data->extattr_mode, name, &attr)) {
-+		errno = EINVAL;
-+		return -1;
-+	}
-+
-+	/* Filter out 'secure' entries */
-+	if(data->extattr_mode != FREEBSD_EXTATTR_SECURE && geteuid() != 0 && attr.data.flags > EXTATTR_USER) {
-+		errno = ENOATTR;
-+		return -1;
-+	}
-+
-+	fd = fsp_get_pathref_fd(fsp);
-+
-+	if (fsp->fsp_flags.is_pathref) {
-+		const char *path = fsp->fsp_name->base_name;
-+		if (fsp->fsp_flags.have_proc_fds) {
-+			char buf[PATH_MAX];
-+			path = sys_proc_fd_path(fd, buf, sizeof(buf));
-+			if (path == NULL) {
-+				return -1;
-+			}
-+		}
-+		/*
-+		 * This is no longer a handle based call.
-+		 */
-+		return extattr_delete_file(path, attr.namespace, attr.name);
-+	}
-+	else {
-+		return extattr_delete_fd(fd, attr.namespace, attr.name);
-+	}
-+	return -1;
-+#else
-+	errno = ENOSYS;
-+	return -1;
-+#endif
-+}
-+
-+
-+static int freebsd_fsetxattr(struct vfs_handle_struct *handle,
-+			     struct files_struct *fsp,
-+			     const char *name,
-+			     const void *value,
-+			     size_t size,
-+			     int flags)
-+{
-+#if defined(HAVE_XATTR_EXTATTR)
-+	struct freebsd_handle_data *data;
-+	extattr_attr attr;
-+	ssize_t res;
-+	int fd;
-+
-+	SMB_ASSERT(!fsp_is_alternate_stream(fsp));
-+
-+	SMB_VFS_HANDLE_GET_DATA(handle, data,
-+				struct freebsd_handle_data,
-+				return -1);
-+
-+	if(!freebsd_map_xattr(data->extattr_mode, name, &attr)) {
-+		errno = EINVAL;
-+		return -1;
-+	}
-+
-+	/* Filter out 'secure' entries */
-+	if(data->extattr_mode != FREEBSD_EXTATTR_SECURE && geteuid() != 0 && attr.data.flags > EXTATTR_USER) {
-+		errno = ENOATTR;
-+		return -1;
-+	}
-+
-+	if (flags) {
-+		/* Check attribute existence */
-+		res = extattr_size(fsp, &attr);
-+		if (res < 0) {
-+			/* REPLACE attribute, that doesn't exist */
-+			if ((flags & XATTR_REPLACE) && errno == ENOATTR) {
-+				errno = ENOATTR;
-+				return -1;
-+			}
-+			/* Ignore other errors */
-+		}
-+		else {
-+			/* CREATE attribute, that already exists */
-+			if (flags & XATTR_CREATE) {
-+				errno = EEXIST;
-+				return -1;
-+			}
-+		}
-+	}
-+
-+	fd = fsp_get_pathref_fd(fsp);
-+
-+	if (fsp->fsp_flags.is_pathref) {
-+		const char *path = fsp->fsp_name->base_name;
-+		if (fsp->fsp_flags.have_proc_fds) {
-+			char buf[PATH_MAX];
-+			path = sys_proc_fd_path(fd, buf, sizeof(buf));
-+			if (path == NULL) {
-+				return -1;
-+			}
-+		}
-+		/*
-+		 * This is no longer a handle based call.
-+		 */
-+		res = extattr_set_file(path, attr.namespace, attr.name, value, size);
-+	}
-+	else {
-+		res = extattr_set_fd(fd, attr.namespace, attr.name, value, size);
-+	}
-+	return (res >= 0) ? 0 : -1;
-+#else
-+	errno = ENOSYS;
-+	return -1;
-+#endif
-+}
-+
-+
-+static int freebsd_connect(struct vfs_handle_struct *handle,
-+			   const char *service,
-+			   const char *user)
-+{
-+	struct freebsd_handle_data *data;
-+	int enumval, saved_errno;
-+
-+	int ret = SMB_VFS_NEXT_CONNECT(handle, service, user);
-+
-+	if (ret < 0) {
-+		return ret;
-+	}
-+
-+	data = talloc_zero(handle->conn, struct freebsd_handle_data);
-+	if (!data) {
-+		saved_errno = errno;
-+		SMB_VFS_NEXT_DISCONNECT(handle);
-+		DEBUG(0, ("talloc_zero() failed\n"));
-+		errno = saved_errno;
-+		return -1;
-+	}
-+
-+	enumval = lp_parm_enum(SNUM(handle->conn), "freebsd",
-+			       "extattr mode", extattr_mode_param, FREEBSD_EXTATTR_LEGACY);
-+	if (enumval == -1) {
-+		saved_errno = errno;
-+		SMB_VFS_NEXT_DISCONNECT(handle);
-+		DBG_DEBUG("value for freebsd: 'extattr mode' is unknown\n");
-+		errno = saved_errno;
-+		return -1;
-+	}
-+
-+	if(freebsd_in_jail()) {
-+		enumval = FREEBSD_EXTATTR_COMPAT;
-+		DBG_WARNING("running in jail, enforcing 'compat' mode\n");
-+	}
-+
-+	data->extattr_mode = (enum extattr_mode)enumval;
-+
-+	SMB_VFS_HANDLE_SET_DATA(handle, data, NULL,
-+				struct freebsd_handle_data,
-+				return -1);
-+
-+	DBG_DEBUG("connect to service[%s] with '%s' extattr mode\n",
-+		  service, extattr_mode_param[data->extattr_mode].name);
-+
-+	return 0;
-+}
-+
-+
-+static void freebsd_disconnect(vfs_handle_struct *handle)
-+{
-+	SMB_VFS_NEXT_DISCONNECT(handle);
-+}
-+
-+/* VFS operations structure */
-+
-+struct vfs_fn_pointers freebsd_fns = {
-+	/* Disk operations */
-+	.connect_fn = freebsd_connect,
-+	.disconnect_fn = freebsd_disconnect,
-+
-+	/* EA operations. */
-+	.getxattrat_send_fn = vfs_not_implemented_getxattrat_send,
-+	.getxattrat_recv_fn = vfs_not_implemented_getxattrat_recv,
-+	.fgetxattr_fn = freebsd_fgetxattr,
-+	.flistxattr_fn = freebsd_flistxattr,
-+	.fremovexattr_fn = freebsd_fremovexattr,
-+	.fsetxattr_fn = freebsd_fsetxattr,
-+};
-+
-+static_decl_vfs;
-+NTSTATUS vfs_freebsd_init(TALLOC_CTX *ctx)
-+{
-+	NTSTATUS ret;
-+
-+	ret = smb_register_vfs(SMB_VFS_INTERFACE_VERSION, "freebsd",
-+				&freebsd_fns);
-+
-+	if (!NT_STATUS_IS_OK(ret)) {
-+		return ret;
-+	}
-+
-+	vfs_freebsd_debug_level = debug_add_class("freebsd");
-+	if (vfs_freebsd_debug_level == -1) {
-+		vfs_freebsd_debug_level = DBGC_VFS;
-+		DEBUG(0, ("vfs_freebsd: Couldn't register custom debugging class!\n"));
-+	} else {
-+		DEBUG(10, ("vfs_freebsd: Debug class number of 'fileid': %d\n", vfs_freebsd_debug_level));
-+	}
-+
-+	return ret;
-+}
-diff --git a/source3/modules/wscript_build b/source3/modules/wscript_build
-index ff318c3fa06..f88d054d524 100644
---- a/source3/modules/wscript_build
-+++ b/source3/modules/wscript_build
-@@ -636,6 +636,13 @@ bld.SAMBA3_MODULE('vfs_delay_inject',
-                  enabled=bld.SAMBA3_IS_ENABLED_MODULE('vfs_delay_inject'),
-                  install=False)
- 
-+bld.SAMBA3_MODULE('vfs_freebsd',
-+                 subsystem='vfs',
-+                 source='vfs_freebsd.c',
-+                 init_function='',
-+                 internal_module=bld.SAMBA3_IS_STATIC_MODULE('vfs_freebsd'),
-+                 enabled=bld.SAMBA3_IS_ENABLED_MODULE('vfs_freebsd'))
-+
- bld.SAMBA3_MODULE('vfs_widelinks',
-                  subsystem='vfs',
-                  source='vfs_widelinks.c',
--- 
-2.37.1
-

net/samba416.old/files/0028-s3-lib-system-add-FreeBSD-proc_fd_pattern.patch

@@ -1,149 +0,0 @@
-From 584c69e77abb537a7345222648a397a9963c01b7 Mon Sep 17 00:00:00 2001
-From: "Timur I. Bakeyev" <timur@FreeBSD.org>
-Date: Sat, 15 Oct 2022 04:02:43 +0200
-Subject: [PATCH 28/28] s3:lib:system - add FreeBSD proc_fd_pattern
-
-Add support for FreeBSD equivalent of /proc/self/fd through a special
-fdescfs mount with option "nodup". This filesystem should be mounted
-either to the private $PIDDIR/fd/ directory or to /dev/fd in order to
-provide security and performance characteristics similar to Linux.
-
-Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
----
- source3/lib/system.c | 108 ++++++++++++++++++++++++++++++++++---------
- 1 file changed, 87 insertions(+), 21 deletions(-)
-
-diff --git a/source3/lib/system.c b/source3/lib/system.c
-index 00d31692e00..d22ec08361c 100644
---- a/source3/lib/system.c
-+++ b/source3/lib/system.c
-@@ -1094,39 +1094,105 @@ int sys_get_number_of_cores(void)
- }
- #endif
- 
--static struct proc_fd_pattern {
--	const char *pattern;
--	const char *test_path;
--} proc_fd_patterns[] = {
--	/* Linux */
--	{ "/proc/self/fd/%d", "/proc/self/fd/0" },
--	{ NULL, NULL },
-+static bool freebsd_fdesc_check(const char *pattern)
-+{
-+	char fdesc_path[PATH_MAX];
-+	int fd, fd2;
-+
-+	fd = open(lp_pid_directory(), O_DIRECTORY);
-+	if (fd == -1) {
-+		DBG_ERR("%s: failed to open pid directory: %s\n",
-+			lp_pid_directory(), strerror(errno));
-+		return false;
-+	}
-+
-+	snprintf(fdesc_path, sizeof(fdesc_path), pattern, fd);
-+
-+	fd2 = open(fdesc_path, O_DIRECTORY);
-+	if (fd2 == -1) {
-+		/*
-+		 * Setting O_DIRECTORY on open of fdescfs mount
-+		 * without `nodup` option will fail with ENOTDIR.
-+		 */
-+		if (errno == ENOTDIR) {
-+			DBG_ERR("%s: fdescfs filesystem is not mounted with "
-+				"'nodup' option. This specific mount option is "
-+				"required in order to enable race-free handling "
-+				"of paths.\n"
-+				"See documentation for Samba's New VFS' "
-+				"for more details. The `nodup` mount option was "
-+				"introduced in FreeBSD 13.\n", fdesc_path);
-+			close(fd);
-+			return false;
-+		}
-+		DBG_ERR("%s: failed to open fdescfs path: %s\n",
-+			fdesc_path, strerror(errno));
-+		close(fd);
-+		return false;
-+	}
-+	close(fd);
-+	close(fd2);
-+
-+	return true;
-+}
-+
-+static char* linux_pattern(char *buf, size_t bufsize)
-+{
-+	char proc_fd_path[PATH_MAX];
-+	const char *pattern = "/proc/self/fd/%lu";
-+	struct stat sb;
-+
-+	snprintf(proc_fd_path, sizeof(proc_fd_path), pattern, 0);
-+	if(stat(proc_fd_path, &sb) == 0) {
-+		snprintf(buf, bufsize, "%s", pattern);
-+		return buf;
-+	}
-+	return NULL;
-+}
-+
-+static char* freebsd_pattern(char *buf, size_t bufsize) {
-+	const char** base;
-+	const char* base_dir[] = {
-+		lp_pid_directory(), /* This is a preffered location */
-+		"/dev",
-+		NULL
-+	};
-+
-+	for(base = &base_dir[0]; *base != NULL; base++) {
-+		snprintf(buf, bufsize, "%s/fd/%%lu", *base);
-+		if(freebsd_fdesc_check(buf)) {
-+			return buf;
-+		}
-+	}
-+	return NULL;
-+}
-+
-+static char* (*proc_fd_patterns[])(char *, size_t) = {
-+	linux_pattern,
-+	freebsd_pattern,
-+	NULL
- };
- 
--static const char *proc_fd_pattern;
-+static char proc_fd_pattern_buf[PATH_MAX];
-+static const char *proc_fd_pattern = NULL;
- 
- bool sys_have_proc_fds(void)
- {
--	static bool checked;
--	static bool have_proc_fds;
--	struct proc_fd_pattern *p = NULL;
--	struct stat sb;
--	int ret;
-+	static bool checked = false;
-+	static bool have_proc_fds = false;
-+	char* (**pattern_func)(char *, size_t) = NULL;
- 
- 	if (checked) {
- 		return have_proc_fds;
- 	}
- 
--	for (p = &proc_fd_patterns[0]; p->test_path != NULL; p++) {
--		ret = stat(p->test_path, &sb);
--		if (ret != 0) {
--			continue;
-+	for (pattern_func = &proc_fd_patterns[0]; *pattern_func != NULL; pattern_func++) {
-+		if((*pattern_func)(proc_fd_pattern_buf, sizeof(proc_fd_pattern_buf)) != NULL) {
-+			have_proc_fds = true;
-+			proc_fd_pattern = proc_fd_pattern_buf;
-+			break;
- 		}
--		have_proc_fds = true;
--		proc_fd_pattern = p->pattern;
--		break;
- 	}
--
- 	checked = true;
- 	return have_proc_fds;
- }
--- 
-2.37.1
-

net/samba416.old/files/0099-s3-modules-zfsacl-fix-get-set-ACL-on-FreeBSD-13.patch

@@ -1,105 +0,0 @@
-From 4d27a5990311fdd4c73918781f91a3c18196b24c Mon Sep 17 00:00:00 2001
-From: Andrew Walker <awalker@ixsystems.com>
-Date: Fri, 12 Nov 2021 14:48:25 -0500
-Subject: [PATCH] s3:modules:zfsacl - fix get/set ACL on FreeBSD 13+
-
-FreeBSD 13 added support for O_PATH, which means
-that fsp being used in get_nt_acl() and set_nt_acl()
-will have O_PATH opens and we must use either the IO
-fd or use a procfd path for this.
-
-Signed-off-by: Andrew Walker <awalker@ixsystems.com>
----
- source3/modules/vfs_zfsacl.c | 62 ++++++++++++++++++++++++++++++++++++
- 1 file changed, 62 insertions(+)
-
-diff --git a/source3/modules/vfs_zfsacl.c b/source3/modules/vfs_zfsacl.c
-index 69a1db59249..0472de23825 100644
---- a/source3/modules/vfs_zfsacl.c
-+++ b/source3/modules/vfs_zfsacl.c
-@@ -235,12 +235,43 @@ static bool zfs_process_smbacl(vfs_handle_struct *handle, files_struct *fsp,
- 	SMB_ASSERT(i == naces);
- 
- 	/* store acl */
-+#ifdef O_PATH
-+	if (fsp->fsp_flags.is_pathref) {
-+		const char *proc_fd_path = NULL;
-+		char buf[PATH_MAX];
-+
-+		if (!fsp->fsp_flags.have_proc_fds) {
-+			DBG_ERR("fdescfs filesystem must be mounted with 'nodup' "
-+				"option \n");
-+			errno = EBADF;
-+			return -1;
-+		}
-+
-+		fd = fsp_get_pathref_fd(fsp);
-+		proc_fd_path = sys_proc_fd_path(fd, buf, sizeof(buf));
-+		if (proc_fd_path == NULL) {
-+			DBG_ERR("%s: failed to generate pathref fd for %d\n",
-+				fsp_str_dbg(fsp), fd);
-+			errno = EBADF;
-+			return -1;
-+		}
-+		rv = acl(proc_fd_path, ACE_SETACL, naces, acebuf);
-+	} else {
-+		fd = fsp_get_io_fd(fsp);
-+		if (fd == -1) {
-+			errno = EBADF;
-+			return false;
-+		}
-+		rv = facl(fd, ACE_SETACL, naces, acebuf);
-+	}
-+#else
- 	fd = fsp_get_pathref_fd(fsp);
- 	if (fd == -1) {
- 		errno = EBADF;
- 		return false;
- 	}
- 	rv = facl(fd, ACE_SETACL, naces, acebuf);
-+#endif
- 	if (rv != 0) {
- 		if(errno == ENOSYS) {
- 			DEBUG(9, ("acl(ACE_SETACL, %s): Operation is not "
-@@ -321,7 +352,38 @@ static int fget_zfsacl(TALLOC_CTX *mem_ctx,
- 	ace_t *acebuf = NULL;
- 	int fd;
- 
-+#ifdef O_PATH
-+	if (fsp->fsp_flags.is_pathref) {
-+		const char *proc_fd_path = NULL;
-+		char buf[PATH_MAX];
-+		struct smb_filename smb_fname;
-+
-+		if (!fsp->fsp_flags.have_proc_fds) {
-+			DBG_ERR("fdescfs filesystem must be mounted with 'nodup' "
-+				"option \n");
-+			errno = EBADF;
-+			return -1;
-+		}
-+
-+		fd = fsp_get_pathref_fd(fsp);
-+		proc_fd_path = sys_proc_fd_path(fd, buf, sizeof(buf));
-+		if (proc_fd_path == NULL) {
-+			DBG_ERR("%s: failed to generate pathref fd for %d\n",
-+				fsp_str_dbg(fsp), fd);
-+			errno = EBADF;
-+			return -1;
-+		}
-+
-+		smb_fname = (struct smb_filename) {
-+			.base_name = discard_const_p(char, proc_fd_path)
-+		};
-+
-+		return get_zfsacl(mem_ctx, &smb_fname, outbuf);
-+	}
-+	fd = fsp_get_io_fd(fsp);
-+#else
- 	fd = fsp_get_pathref_fd(fsp);
-+#endif
- 	if (fd == -1) {
- 		errno = EBADF;
- 		return -1;
--- 
-2.37.1
-

net/samba416.old/files/0099-s4-mitkdc-Add-support-for-MIT-Kerberos-1.20.patch

@@ -1,942 +0,0 @@
-From 74f71d2e97bc15350b05967e6cff590a6b287a21 Mon Sep 17 00:00:00 2001
-From: Andreas Schneider <asn@samba.org>
-Date: Mon, 4 Oct 2021 11:53:55 +0200
-Subject: [PATCH] s4:mitkdc: Add support for MIT Kerberos 1.20
-
-This also addresses CVE-2020-17049.
-
-MIT Kerberos 1.20 is in pre-release state at the time writing this commit. It
-will be released in autumn 2022. We need to support MIT Kerberos 1.19 till
-enough distributions have been released with MIT Kerberos 1.20.
-
-Pair-Programmed-With: Robbie Harwood <rharwood@redhat.com>
-Signed-off-by: Andreas Schneider <asn@samba.org>
-Signed-off-by: Robbie Harwood <rharwood@redhat.com>
-Reviewed-by: Stefan Metzmacher <metze@samba.org>
----
- .../samba/tests/krb5/compatability_tests.py   |   9 +-
- selftest/knownfail_mit_kdc                    |  25 +-
- selftest/knownfail_mit_kdc_1_20               |   9 +
- selftest/wscript                              |   6 +
- source4/kdc/mit-kdb/kdb_samba.c               |   7 +-
- source4/kdc/mit-kdb/kdb_samba.h               |  10 +
- source4/kdc/mit-kdb/kdb_samba_policies.c      | 125 ++++-
- source4/kdc/mit_samba.c                       | 481 +++++++++++++++++-
- source4/kdc/mit_samba.h                       |  11 +-
- source4/selftest/tests.py                     |   7 +-
- wscript_configure_system_mitkrb5              |   4 +
- 11 files changed, 661 insertions(+), 33 deletions(-)
- create mode 100644 selftest/knownfail_mit_kdc_1_20
-
-diff --git a/python/samba/tests/krb5/compatability_tests.py b/python/samba/tests/krb5/compatability_tests.py
-index 44c2afd41dc..b862f381bc5 100755
---- a/python/samba/tests/krb5/compatability_tests.py
-+++ b/python/samba/tests/krb5/compatability_tests.py
-@@ -120,7 +120,12 @@ class SimpleKerberosTests(KDCBaseTest):
-             self.fail(
-                 "(Heimdal) Salt populated for ARCFOUR_HMAC_MD5 encryption")
- 
--    def test_heimdal_ticket_signature(self):
-+    # This tests also passes again Samba AD built with MIT Kerberos 1.20 which
-+    # is not released yet.
-+    #
-+    # FIXME: Should be moved to to a new kdc_tgt_tests.py once MIT KRB5 1.20
-+    # is released.
-+    def test_ticket_signature(self):
-         # Ensure that a DC correctly issues tickets signed with its krbtgt key.
-         user_creds = self.get_client_creds()
-         target_creds = self.get_service_creds()
-@@ -141,7 +146,7 @@ class SimpleKerberosTests(KDCBaseTest):
-         self.verify_ticket(service_ticket, key, service_ticket=True,
-                            expect_ticket_checksum=True)
- 
--    def test_mit_ticket_signature(self):
-+    def test_mit_pre_1_20_ticket_signature(self):
-         # Ensure that a DC does not issue tickets signed with its krbtgt key.
-         user_creds = self.get_client_creds()
-         target_creds = self.get_service_creds()
-diff --git a/selftest/knownfail_mit_kdc b/selftest/knownfail_mit_kdc
-index 6d07ca4efb6..f9d5c4b0b46 100644
---- a/selftest/knownfail_mit_kdc
-+++ b/selftest/knownfail_mit_kdc
-@@ -294,8 +294,6 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_
- #
- # KDC TGS PAC tests
- #
--^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_client_no_auth_data_required\(ad_dc\)
--^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_no_pac_client_no_auth_data_required\(ad_dc\)
- ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_no_pac_service_no_auth_data_required\(ad_dc\)
- ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_remove_pac\(ad_dc\)
- ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_remove_pac_client_no_auth_data_required\(ad_dc\)
-@@ -321,7 +319,10 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_
- #
- ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_enc_timestamp_spn(?!_)
- ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_enc_timestamp_spn_realm
--
-+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_enc_timestamp_aes128_rc4.*fl2003dc
-+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_enc_timestamp_mac_aes128_rc4.*fl2003dc
-+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth.*aes.*rc4.*fl2003dc
-+^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth.*rc4.*aes.*fl2003dc
- # Differences in our KDC compared to windows
- #
- ^samba4.krb5.kdc .*.as-req-pac-request # We should reply to a request for a PAC over UDP with KRB5KRB_ERR_RESPONSE_TOO_BIG unconditionally
-@@ -373,30 +374,14 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_
- ^samba4.blackbox.pkinit_pac.netr-mem-arcfour.s4u2proxy-arcfour.ad_dc_ntvfs:local
- ^samba4.blackbox.pkinit_pac.netr-mem-arcfour.verify-sig-arcfour.ad_dc:local
- ^samba4.blackbox.pkinit_pac.netr-mem-arcfour.verify-sig-arcfour.ad_dc_ntvfs:local
--^samba4.rpc.pac on ncacn_np.netr-bdc-aes.verify-sig-aes.fl2000dc
--^samba4.rpc.pac on ncacn_np.netr-bdc-aes.verify-sig-aes.fl2003dc
--^samba4.rpc.pac on ncacn_np.netr-bdc-aes.verify-sig-aes.fl2008dc
--^samba4.rpc.pac on ncacn_np.netr-bdc-aes.verify-sig-aes.fl2008r2dc
--^samba4.rpc.pac on ncacn_np.netr-bdc-arcfour.verify-sig-arcfour.fl2000dc
--^samba4.rpc.pac on ncacn_np.netr-bdc-arcfour.verify-sig-arcfour.fl2003dc
--^samba4.rpc.pac on ncacn_np.netr-bdc-arcfour.verify-sig-arcfour.fl2008dc
--^samba4.rpc.pac on ncacn_np.netr-bdc-arcfour.verify-sig-arcfour.fl2008r2dc
- ^samba4.rpc.pac on ncacn_np.netr-mem-aes.s4u2proxy-aes.fl2000dc
- ^samba4.rpc.pac on ncacn_np.netr-mem-aes.s4u2proxy-aes.fl2003dc
- ^samba4.rpc.pac on ncacn_np.netr-mem-aes.s4u2proxy-aes.fl2008dc
- ^samba4.rpc.pac on ncacn_np.netr-mem-aes.s4u2proxy-aes.fl2008r2dc
--^samba4.rpc.pac on ncacn_np.netr-mem-aes.verify-sig-aes.fl2000dc
--^samba4.rpc.pac on ncacn_np.netr-mem-aes.verify-sig-aes.fl2003dc
--^samba4.rpc.pac on ncacn_np.netr-mem-aes.verify-sig-aes.fl2008dc
--^samba4.rpc.pac on ncacn_np.netr-mem-aes.verify-sig-aes.fl2008r2dc
- ^samba4.rpc.pac on ncacn_np.netr-mem-arcfour.s4u2proxy-arcfour.fl2000dc
- ^samba4.rpc.pac on ncacn_np.netr-mem-arcfour.s4u2proxy-arcfour.fl2003dc
- ^samba4.rpc.pac on ncacn_np.netr-mem-arcfour.s4u2proxy-arcfour.fl2008dc
- ^samba4.rpc.pac on ncacn_np.netr-mem-arcfour.s4u2proxy-arcfour.fl2008r2dc
--^samba4.rpc.pac on ncacn_np.netr-mem-arcfour.verify-sig-arcfour.fl2000dc
--^samba4.rpc.pac on ncacn_np.netr-mem-arcfour.verify-sig-arcfour.fl2003dc
--^samba4.rpc.pac on ncacn_np.netr-mem-arcfour.verify-sig-arcfour.fl2008dc
--^samba4.rpc.pac on ncacn_np.netr-mem-arcfour.verify-sig-arcfour.fl2008r2dc
- #
- # Alias tests
- #
-@@ -444,8 +429,6 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_
- ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_rodc_validate_pac_request_false
- ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_rodc_validate_pac_request_none
- ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_rodc_validate_pac_request_true
--^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_s4u2self_authdata_no_pac
--^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_s4u2self_no_pac
- ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_s4u2self_req(?!_invalid)
- ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_s4u2self_rodc_allowed_denied
- ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_s4u2self_rodc_denied
-diff --git a/selftest/knownfail_mit_kdc_1_20 b/selftest/knownfail_mit_kdc_1_20
-new file mode 100644
-index 00000000000..4a47ab974ae
---- /dev/null
-+++ b/selftest/knownfail_mit_kdc_1_20
-@@ -0,0 +1,9 @@
-+^samba.tests.krb5.compatability_tests.samba.tests.krb5.compatability_tests.SimpleKerberosTests.test_mit_pre_1_20_ticket_signature
-+#
-+# FAST tests
-+# https://github.com/krb5/krb5/pull/1225#issuecomment-996418770
-+#
-+^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_fast_encrypted_challenge_as_req_self\(
-+^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_simple_as_req_self\(
-+^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_simple_as_req_self_pac_request_none\(
-+^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_simple_as_req_self_pac_request_true\(
-diff --git a/selftest/wscript b/selftest/wscript
-index e207b87eeb8..c92b37bd5e1 100644
---- a/selftest/wscript
-+++ b/selftest/wscript
-@@ -260,6 +260,12 @@ def cmd_testonly(opt):
-         env.OPTIONS += " --mitkrb5 --exclude=${srcdir}/selftest/skip_mit_kdc"
-         env.FILTER_XFAIL += " --expected-failures=${srcdir}/selftest/"\
-                             "knownfail_mit_kdc"
-+
-+        if CONFIG_GET(opt, 'HAVE_MIT_KRB5_PRE_1_20'):
-+            env.FILTER_XFAIL += ' --expected-failures=${srcdir}/selftest/knownfail_mit_kdc_pre_1_20'
-+
-+        if CONFIG_GET(opt, 'HAVE_MIT_KRB5_1_20'):
-+            env.FILTER_XFAIL += ' --expected-failures=${srcdir}/selftest/knownfail_mit_kdc_1_20'
-     else:
-         env.FILTER_XFAIL += " --expected-failures=${srcdir}/selftest/"\
-                             "knownfail_heimdal_kdc"
-diff --git a/source4/kdc/mit-kdb/kdb_samba.c b/source4/kdc/mit-kdb/kdb_samba.c
-index 02bbdca9f54..f5092f75873 100644
---- a/source4/kdc/mit-kdb/kdb_samba.c
-+++ b/source4/kdc/mit-kdb/kdb_samba.c
-@@ -166,10 +166,15 @@ kdb_vftabl kdb_function_table = {
- 	.decrypt_key_data          = kdb_samba_dbekd_decrypt_key_data,
- 	.encrypt_key_data          = kdb_samba_dbekd_encrypt_key_data,
- 
--	.sign_authdata             = kdb_samba_db_sign_auth_data,
- 	.check_policy_as           = kdb_samba_db_check_policy_as,
- 	.audit_as_req              = kdb_samba_db_audit_as_req,
- 	.check_allowed_to_delegate = kdb_samba_db_check_allowed_to_delegate,
- 
- 	.free_principal_e_data     = kdb_samba_db_free_principal_e_data,
-+
-+#if KRB5_KDB_DAL_MAJOR_VERSION >= 9
-+	.issue_pac                 = kdb_samba_db_issue_pac,
-+#else
-+	.sign_authdata             = kdb_samba_db_sign_auth_data,
-+#endif
- };
-diff --git a/source4/kdc/mit-kdb/kdb_samba.h b/source4/kdc/mit-kdb/kdb_samba.h
-index e9613e2fc7e..dd97061130c 100644
---- a/source4/kdc/mit-kdb/kdb_samba.h
-+++ b/source4/kdc/mit-kdb/kdb_samba.h
-@@ -113,6 +113,16 @@ krb5_error_code kdb_samba_dbekd_encrypt_key_data(krb5_context context,
- 						 krb5_key_data *key_data);
- 
- /* from kdb_samba_policies.c */
-+krb5_error_code kdb_samba_db_issue_pac(krb5_context context,
-+				       unsigned int flags,
-+				       krb5_db_entry *client,
-+				       krb5_keyblock *replaced_reply_key,
-+				       krb5_db_entry *server,
-+				       krb5_db_entry *signing_krbtgt,
-+				       krb5_timestamp authtime,
-+				       krb5_pac old_pac,
-+				       krb5_pac new_pac,
-+				       krb5_data ***auth_indicators);
- 
- krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
- 					    unsigned int flags,
-diff --git a/source4/kdc/mit-kdb/kdb_samba_policies.c b/source4/kdc/mit-kdb/kdb_samba_policies.c
-index 793fe366c35..cbc9bbb9dae 100644
---- a/source4/kdc/mit-kdb/kdb_samba_policies.c
-+++ b/source4/kdc/mit-kdb/kdb_samba_policies.c
-@@ -190,6 +190,7 @@ static krb5_error_code ks_get_pac(krb5_context context,
- 	return code;
- }
- 
-+#if KRB5_KDB_DAL_MAJOR_VERSION < 9
- static krb5_error_code ks_verify_pac(krb5_context context,
- 				     unsigned int flags,
- 				     krb5_const_principal client_princ,
-@@ -557,6 +558,128 @@ done:
- 
- 	return code;
- }
-+#else /* KRB5_KDB_DAL_MAJOR_VERSION >= 9 */
-+static krb5_error_code ks_update_pac(krb5_context context,
-+				     int flags,
-+				     krb5_db_entry *client,
-+				     krb5_db_entry *server,
-+				     krb5_db_entry *signing_krbtgt,
-+				     krb5_pac old_pac,
-+				     krb5_pac new_pac)
-+{
-+	struct mit_samba_context *mit_ctx = NULL;
-+	krb5_error_code code;
-+
-+	mit_ctx = ks_get_context(context);
-+	if (mit_ctx == NULL) {
-+		return KRB5_KDB_DBNOTINITED;
-+	}
-+
-+	code = mit_samba_update_pac(mit_ctx,
-+				    context,
-+				    flags,
-+				    client,
-+				    server,
-+				    signing_krbtgt,
-+				    old_pac,
-+				    new_pac);
-+	if (code != 0) {
-+		return code;
-+	}
-+
-+	return code;
-+}
-+
-+krb5_error_code kdb_samba_db_issue_pac(krb5_context context,
-+				       unsigned int flags,
-+				       krb5_db_entry *client,
-+				       krb5_keyblock *replaced_reply_key,
-+				       krb5_db_entry *server,
-+				       krb5_db_entry *signing_krbtgt,
-+				       krb5_timestamp authtime,
-+				       krb5_pac old_pac,
-+				       krb5_pac new_pac,
-+				       krb5_data ***auth_indicators)
-+{
-+	char *client_name = NULL;
-+	char *server_name = NULL;
-+	krb5_error_code code = EINVAL;
-+
-+	/* The KDC handles both signing and verification for us. */
-+
-+	if (client != NULL) {
-+		code = krb5_unparse_name(context,
-+					 client->princ,
-+					 &client_name);
-+		if (code != 0) {
-+			return code;
-+		}
-+	}
-+
-+	if (server != NULL) {
-+		code = krb5_unparse_name(context,
-+					 server->princ,
-+					 &server_name);
-+		if (code != 0) {
-+			SAFE_FREE(client_name);
-+			return code;
-+		}
-+	}
-+
-+	/*
-+	 * Get a new PAC for AS-REQ or S4U2Self for our realm.
-+	 *
-+	 * For a simple cross-realm S4U2Proxy there will be the following TGS
-+	 * requests after the client realm is identified:
-+	 *
-+	 * 1. server@SREALM to SREALM for krbtgt/CREALM@SREALM -- a regular TGS
-+	 *    request with server's normal TGT and no S4U2Self padata.
-+	 * 2. server@SREALM to CREALM for server@SREALM (expressed as an
-+	 *    enterprise principal), with the TGT from #1 as header ticket and
-+	 *    S4U2Self padata identifying the client.
-+	 * 3. server@SREALM to SREALM for server@SREALM with S4U2Self padata,
-+	 *    with the referral TGT from #2 as header ticket
-+	 *
-+	 * In request 2 the PROTOCOL_TRANSITION and CROSS_REALM flags are set,
-+	 * and the request is for a local client (so client != NULL) and we
-+	 * want to make a new PAC.
-+	 *
-+	 * In request 3 the PROTOCOL_TRANSITION and CROSS_REALM flags are also
-+	 * set, but the request is for a non-local client (so client == NULL)
-+	 * and we want to copy the subject PAC contained in the referral TGT.
-+	 */
-+	if (old_pac == NULL ||
-+	    (client != NULL && (flags & KRB5_KDB_FLAG_PROTOCOL_TRANSITION))) {
-+		DBG_NOTICE("Generate PAC for AS-REQ [client=%s, flags=%#08x]\n",
-+			   client_name != NULL ? client_name : "<unknown>",
-+			   flags);
-+
-+		code = ks_get_pac(context,
-+				  client,
-+				  server,
-+				  replaced_reply_key,
-+				  &new_pac);
-+	} else {
-+		DBG_NOTICE("Update PAC for TGS-REQ [client=%s, server=%s, "
-+			   "flags=%#08x]\n",
-+			   client_name != NULL ? client_name : "<unknown>",
-+			   server_name != NULL ? server_name : "<unknown>",
-+			   flags);
-+
-+		code = ks_update_pac(context,
-+				flags,
-+				client,
-+				server,
-+				signing_krbtgt,
-+				old_pac,
-+				new_pac);
-+	}
-+	SAFE_FREE(client_name);
-+	SAFE_FREE(server_name);
-+
-+	return code;
-+}
-+#endif /* KRB5_KDB_DAL_MAJOR_VERSION */
- 
- krb5_error_code kdb_samba_db_check_allowed_to_delegate(krb5_context context,
- 						       krb5_const_principal client,
-@@ -635,4 +758,4 @@ void kdb_samba_db_audit_as_req(krb5_context context,
- 	samba_bad_password_count(client, error_code);
- 
- 	/* TODO: perform proper audit logging for addresses */
--}
-+}
-\ No newline at end of file
-diff --git a/source4/kdc/mit_samba.c b/source4/kdc/mit_samba.c
-index cb72b5de294..d58bbea4a5d 100644
---- a/source4/kdc/mit_samba.c
-+++ b/source4/kdc/mit_samba.c
-@@ -229,6 +229,27 @@ int mit_samba_get_principal(struct mit_samba_context *ctx,
- 	sflags |= SDB_F_FORCE_CANON;
- #endif
- 
-+#if KRB5_KDB_DAL_MAJOR_VERSION >= 9
-+	if (kflags & KRB5_KDB_FLAG_REFERRAL_OK) {
-+		sflags |= SDB_F_CANON;
-+	}
-+
-+	if (kflags & KRB5_KDB_FLAG_CLIENT) {
-+		sflags |= SDB_F_GET_CLIENT;
-+
-+		if (!(kflags & KRB5_KDB_FLAG_REFERRAL_OK)) {
-+			sflags |= SDB_F_FOR_AS_REQ;
-+		}
-+	} else if (ks_is_tgs_principal(ctx, principal)) {
-+		sflags |= SDB_F_GET_KRBTGT;
-+	} else {
-+		sflags |= SDB_F_GET_SERVER;
-+
-+		if (!(kflags & KRB5_KDB_FLAG_REFERRAL_OK)) {
-+			sflags |= SDB_F_FOR_TGS_REQ;
-+		}
-+	}
-+#else /* KRB5_KDB_DAL_MAJOR_VERSION < 9 */
- 	if (kflags & KRB5_KDB_FLAG_CANONICALIZE) {
- 		sflags |= SDB_F_CANON;
- 	}
-@@ -247,6 +268,7 @@ int mit_samba_get_principal(struct mit_samba_context *ctx,
- 	} else {
- 		sflags |= SDB_F_GET_SERVER|SDB_F_FOR_TGS_REQ;
- 	}
-+#endif /* KRB5_KDB_DAL_MAJOR_VERSION */
- 
- 	/* always set this or the created_by data will not be populated by samba's
- 	 * backend and we will fail to parse the entry later */
-@@ -434,7 +456,7 @@ int mit_samba_get_pac(struct mit_samba_context *smb_ctx,
- 		      krb5_context context,
- 		      krb5_db_entry *client,
- 		      krb5_db_entry *server,
--		      krb5_keyblock *client_key,
-+		      krb5_keyblock *replaced_reply_key,
- 		      krb5_pac *pac)
- {
- 	TALLOC_CTX *tmp_ctx;
-@@ -461,12 +483,10 @@ int mit_samba_get_pac(struct mit_samba_context *smb_ctx,
- 		return ENOMEM;
- 	}
- 
--#if 0 /* TODO Find out if this is a pkinit_reply key */
- 	/* Check if we have a PREAUTH key */
--	if (client_key != NULL) {
-+	if (replaced_reply_key != NULL) {
- 		cred_ndr_ptr = &cred_ndr;
- 	}
--#endif
- 
- 	is_krbtgt = ks_is_tgs_principal(smb_ctx, server->princ);
- 
-@@ -488,9 +508,9 @@ int mit_samba_get_pac(struct mit_samba_context *smb_ctx,
- 		return EINVAL;
- 	}
- 
--	if (cred_ndr != NULL) {
-+	if (replaced_reply_key != NULL && cred_ndr != NULL) {
- 		code = samba_kdc_encrypt_pac_credentials(context,
--							 client_key,
-+							 replaced_reply_key,
- 							 cred_ndr,
- 							 tmp_ctx,
- 							 &cred_blob);
-@@ -514,6 +534,7 @@ int mit_samba_get_pac(struct mit_samba_context *smb_ctx,
- 	return code;
- }
- 
-+#if KRB5_KDB_DAL_MAJOR_VERSION < 9
- krb5_error_code mit_samba_reget_pac(struct mit_samba_context *ctx,
- 				    krb5_context context,
- 				    int flags,
-@@ -999,6 +1020,454 @@ done:
- 	talloc_free(tmp_ctx);
- 	return code;
- }
-+#else
-+krb5_error_code mit_samba_update_pac(struct mit_samba_context *ctx,
-+				    krb5_context context,
-+				    int flags,
-+				    krb5_db_entry *client,
-+				    krb5_db_entry *server,
-+				    krb5_db_entry *krbtgt,
-+				    krb5_pac old_pac,
-+				    krb5_pac new_pac)
-+{
-+	TALLOC_CTX *tmp_ctx = NULL;
-+	krb5_error_code code;
-+	NTSTATUS nt_status;
-+	DATA_BLOB *pac_blob = NULL;
-+	DATA_BLOB *upn_blob = NULL;
-+	DATA_BLOB *requester_sid_blob = NULL;
-+	struct samba_kdc_entry *client_skdc_entry = NULL;
-+	struct samba_kdc_entry *server_skdc_entry = NULL;
-+	struct samba_kdc_entry *krbtgt_skdc_entry = NULL;
-+	bool is_in_db = false;
-+	bool is_untrusted = false;
-+	bool is_krbtgt = false;
-+	size_t num_types = 0;
-+	uint32_t *types = NULL;
-+	size_t i = 0;
-+	ssize_t logon_info_idx = -1;
-+	ssize_t delegation_idx = -1;
-+	ssize_t logon_name_idx = -1;
-+	ssize_t upn_dns_info_idx = -1;
-+	ssize_t srv_checksum_idx = -1;
-+	ssize_t kdc_checksum_idx = -1;
-+	ssize_t tkt_checksum_idx = -1;
-+	ssize_t attrs_info_idx = -1;
-+	ssize_t requester_sid_idx = -1;
-+
-+	/* Create a memory context early so code can use talloc_stackframe() */
-+	tmp_ctx = talloc_named(ctx, 0, "mit_samba_update_pac context");
-+	if (tmp_ctx == NULL) {
-+		return ENOMEM;
-+	}
-+
-+	if (client != NULL) {
-+		client_skdc_entry =
-+			talloc_get_type_abort(client->e_data,
-+					      struct samba_kdc_entry);
-+
-+		/*
-+		 * Check the objectSID of the client and pac data are the same.
-+		 * Does a parse and SID check, but no crypto.
-+		 */
-+		code = samba_kdc_validate_pac_blob(context,
-+						   client_skdc_entry,
-+						   old_pac);
-+		if (code != 0) {
-+			goto done;
-+		}
-+	}
-+
-+	if (krbtgt == NULL) {
-+		code = EINVAL;
-+		goto done;
-+	}
-+	krbtgt_skdc_entry =
-+		talloc_get_type_abort(krbtgt->e_data,
-+				      struct samba_kdc_entry);
-+
-+	/*
-+	 * If the krbtgt was generated by an RODC, and we are not that
-+	 * RODC, then we need to regenerate the PAC - we can't trust
-+	 * it, and confirm that the RODC was permitted to print this ticket
-+	 *
-+	 * Because of the samba_kdc_validate_pac_blob() step we can be
-+	 * sure that the record in 'client' or 'server' matches the SID in the
-+	 * original PAC.
-+	 */
-+	code = samba_krbtgt_is_in_db(krbtgt_skdc_entry,
-+				     &is_in_db,
-+				     &is_untrusted);
-+	if (code != 0) {
-+		goto done;
-+	}
-+
-+	if (is_untrusted) {
-+		struct auth_user_info_dc *user_info_dc = NULL;
-+		WERROR werr;
-+
-+		if (client == NULL) {
-+			code = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
-+			goto done;
-+		}
-+
-+		nt_status = samba_kdc_get_pac_blobs(tmp_ctx,
-+						    client_skdc_entry,
-+						    &pac_blob,
-+						    NULL,
-+						    &upn_blob,
-+						    NULL,
-+						    PAC_ATTRIBUTE_FLAG_PAC_WAS_GIVEN_IMPLICITLY,
-+						    &requester_sid_blob,
-+						    &user_info_dc);
-+		if (!NT_STATUS_IS_OK(nt_status)) {
-+			code = EINVAL;
-+			goto done;
-+		}
-+
-+		/*
-+		 * Check if the SID list in the user_info_dc intersects
-+		 * correctly with the RODC allow/deny lists.
-+		 */
-+		werr = samba_rodc_confirm_user_is_allowed(user_info_dc->num_sids,
-+							  user_info_dc->sids,
-+							  krbtgt_skdc_entry,
-+							  client_skdc_entry);
-+		if (!W_ERROR_IS_OK(werr)) {
-+			code = KRB5KDC_ERR_TGT_REVOKED;
-+			if (W_ERROR_EQUAL(werr,
-+					  WERR_DOMAIN_CONTROLLER_NOT_FOUND)) {
-+				code = KRB5KDC_ERR_POLICY;
-+			}
-+			goto done;
-+		}
-+	} else {
-+		pac_blob = talloc_zero(tmp_ctx, DATA_BLOB);
-+		if (pac_blob == NULL) {
-+			code = ENOMEM;
-+			goto done;
-+		}
-+
-+		nt_status = samba_kdc_update_pac_blob(tmp_ctx,
-+						      context,
-+						      krbtgt_skdc_entry->kdc_db_ctx->samdb,
-+						      old_pac,
-+						      pac_blob,
-+						      NULL,
-+						      NULL);
-+		if (!NT_STATUS_IS_OK(nt_status)) {
-+			DEBUG(0, ("Update PAC blob failed: %s\n",
-+				  nt_errstr(nt_status)));
-+			code = EINVAL;
-+			goto done;
-+		}
-+	}
-+
-+	/* Check the types of the given PAC */
-+	code = krb5_pac_get_types(context, old_pac, &num_types, &types);
-+	if (code != 0) {
-+		goto done;
-+	}
-+
-+	for (i = 0; i < num_types; i++) {
-+		switch (types[i]) {
-+		case PAC_TYPE_LOGON_INFO:
-+			if (logon_info_idx != -1) {
-+				DBG_WARNING("logon info type[%u] twice [%zd] and "
-+					    "[%zu]: \n",
-+					    types[i],
-+					    logon_info_idx,
-+					    i);
-+				code = EINVAL;
-+				goto done;
-+			}
-+			logon_info_idx = i;
-+			break;
-+		case PAC_TYPE_CONSTRAINED_DELEGATION:
-+			if (delegation_idx != -1) {
-+				DBG_WARNING("constrained delegation type[%u] "
-+					    "twice [%zd] and [%zu]: \n",
-+					    types[i],
-+					    delegation_idx,
-+					    i);
-+				code = EINVAL;
-+				goto done;
-+			}
-+			delegation_idx = i;
-+			break;
-+		case PAC_TYPE_LOGON_NAME:
-+			if (logon_name_idx != -1) {
-+				DBG_WARNING("logon name type[%u] twice [%zd] "
-+					    "and [%zu]: \n",
-+					    types[i],
-+					    logon_name_idx,
-+					    i);
-+				code = EINVAL;
-+				goto done;
-+			}
-+			logon_name_idx = i;
-+			break;
-+		case PAC_TYPE_UPN_DNS_INFO:
-+			if (upn_dns_info_idx != -1) {
-+				DBG_WARNING("upn dns info type[%u] twice [%zd] "
-+					    "and [%zu]: \n",
-+					    types[i],
-+					    upn_dns_info_idx,
-+					    i);
-+				code = EINVAL;
-+				goto done;
-+			}
-+			upn_dns_info_idx = i;
-+			break;
-+		case PAC_TYPE_SRV_CHECKSUM:
-+			if (srv_checksum_idx != -1) {
-+				DBG_WARNING("srv checksum type[%u] twice [%zd] "
-+					    "and [%zu]: \n",
-+					    types[i],
-+					    srv_checksum_idx,
-+					    i);
-+				code = EINVAL;
-+				goto done;
-+			}
-+			srv_checksum_idx = i;
-+			break;
-+		case PAC_TYPE_KDC_CHECKSUM:
-+			if (kdc_checksum_idx != -1) {
-+				DBG_WARNING("kdc checksum type[%u] twice [%zd] "
-+					    "and [%zu]: \n",
-+					    types[i],
-+					    kdc_checksum_idx,
-+					    i);
-+				code = EINVAL;
-+				goto done;
-+			}
-+			kdc_checksum_idx = i;
-+			break;
-+		case PAC_TYPE_TICKET_CHECKSUM:
-+			if (tkt_checksum_idx != -1) {
-+				DBG_WARNING("ticket checksum type[%u] twice "
-+					    "[%zd] and [%zu]: \n",
-+					    types[i],
-+					    tkt_checksum_idx,
-+					    i);
-+				code = EINVAL;
-+				goto done;
-+			}
-+			tkt_checksum_idx = i;
-+			break;
-+		case PAC_TYPE_ATTRIBUTES_INFO:
-+			if (attrs_info_idx != -1) {
-+				DBG_WARNING("attributes info type[%u] twice "
-+					    "[%zd] and [%zu]: \n",
-+					    types[i],
-+					    attrs_info_idx,
-+					    i);
-+				code = EINVAL;
-+				goto done;
-+			}
-+			attrs_info_idx = i;
-+			break;
-+		case PAC_TYPE_REQUESTER_SID:
-+			if (requester_sid_idx != -1) {
-+				DBG_WARNING("requester sid type[%u] twice"
-+					    "[%zd] and [%zu]: \n",
-+					    types[i],
-+					    requester_sid_idx,
-+					    i);
-+				code = EINVAL;
-+				goto done;
-+			}
-+			requester_sid_idx = i;
-+			break;
-+		default:
-+			continue;
-+		}
-+	}
-+
-+	if (logon_info_idx == -1) {
-+		DBG_WARNING("PAC_TYPE_LOGON_INFO missing\n");
-+		code = EINVAL;
-+		goto done;
-+	}
-+	if (logon_name_idx == -1) {
-+		DBG_WARNING("PAC_TYPE_LOGON_NAME missing\n");
-+		code = EINVAL;
-+		goto done;
-+	}
-+	if (srv_checksum_idx == -1) {
-+		DBG_WARNING("PAC_TYPE_SRV_CHECKSUM missing\n");
-+		code = EINVAL;
-+		goto done;
-+	}
-+	if (kdc_checksum_idx == -1) {
-+		DBG_WARNING("PAC_TYPE_KDC_CHECKSUM missing\n");
-+		code = EINVAL;
-+		goto done;
-+	}
-+	if (!(flags & KRB5_KDB_FLAG_CONSTRAINED_DELEGATION) &&
-+	    requester_sid_idx == -1) {
-+		DBG_WARNING("PAC_TYPE_REQUESTER_SID missing\n");
-+		code = KRB5KDC_ERR_TGT_REVOKED;
-+		goto done;
-+	}
-+
-+	server_skdc_entry = talloc_get_type_abort(server->e_data,
-+						  struct samba_kdc_entry);
-+
-+	/*
-+	 * The server account may be set not to want the PAC.
-+	 *
-+	 * While this is wasteful if the above cacluations were done
-+	 * and now thrown away, this is cleaner as we do any ticket
-+	 * signature checking etc always.
-+	 *
-+	 * UF_NO_AUTH_DATA_REQUIRED is the rare case and most of the
-+	 * time (eg not accepting a ticket from the RODC) we do not
-+	 * need to re-generate anything anyway.
-+	 */
-+	if (!samba_princ_needs_pac(server_skdc_entry)) {
-+		code = 0;
-+		goto done;
-+	}
-+
-+	is_krbtgt = ks_is_tgs_principal(ctx, server->princ);
-+
-+	if (!is_untrusted && !is_krbtgt) {
-+		/*
-+		 * The client may have requested no PAC when obtaining the
-+		 * TGT.
-+		 */
-+		bool requested_pac = false;
-+
-+		code = samba_client_requested_pac(context,
-+						  &old_pac,
-+						  tmp_ctx,
-+						  &requested_pac);
-+		if (code != 0 || !requested_pac) {
-+			goto done;
-+		}
-+	}
-+
-+#define MAX_PAC_BUFFERS 64 /* Avoid infinite loops */
-+
-+	for (i = 0; i < MAX_PAC_BUFFERS;) {
-+		krb5_data type_data;
-+		DATA_BLOB type_blob = data_blob_null;
-+		uint32_t type;
-+
-+		if (i < num_types) {
-+			type = types[i];
-+			i++;
-+		} else {
-+			break;
-+		}
-+
-+		switch (type) {
-+		case PAC_TYPE_LOGON_INFO:
-+			type_blob = *pac_blob;
-+			break;
-+		case PAC_TYPE_CREDENTIAL_INFO:
-+			/*
-+			 * Note that we copy the credential blob,
-+			 * as it's only usable with the PKINIT based
-+			 * AS-REP reply key, it's only available on the
-+			 * host which did the AS-REQ/AS-REP exchange.
-+			 *
-+			 * This matches Windows 2008R2...
-+			 */
-+			break;
-+		case PAC_TYPE_LOGON_NAME:
-+			/*
-+			 * This is generated in the main KDC code
-+			 */
-+			continue;
-+		case PAC_TYPE_UPN_DNS_INFO:
-+			/*
-+			 * Replace in the RODC case, otherwise
-+			 * upn_blob is NULL and we just copy.
-+			 */
-+			if (upn_blob != NULL) {
-+				type_blob = *upn_blob;
-+			}
-+			break;
-+		case PAC_TYPE_SRV_CHECKSUM:
-+			/*
-+			 * This is generated in the main KDC code
-+			 */
-+			continue;
-+		case PAC_TYPE_KDC_CHECKSUM:
-+			/*
-+			 * This is generated in the main KDC code
-+			 */
-+			continue;
-+		case PAC_TYPE_TICKET_CHECKSUM:
-+			/*
-+			 * This is generated in the main KDC code
-+			 */
-+			continue;
-+		case PAC_TYPE_CONSTRAINED_DELEGATION:
-+			/*
-+			 * This is generated in the main KDC code
-+			 */
-+			continue;
-+		case PAC_TYPE_ATTRIBUTES_INFO:
-+			if (!is_untrusted && is_krbtgt) {
-+				/* just copy... */
-+				break;
-+			} else {
-+				continue;
-+			}
-+		case PAC_TYPE_REQUESTER_SID:
-+			if (is_krbtgt) {
-+				/*
-+				 * Replace in the RODC case, otherwise
-+				 * requester_sid_blob is NULL and we just copy.
-+				 */
-+				if (requester_sid_blob != NULL) {
-+					type_blob = *requester_sid_blob;
-+				}
-+				break;
-+			} else {
-+				continue;
-+			}
-+		default:
-+			/* just copy... */
-+			break;
-+		}
-+
-+		if (type_blob.length != 0) {
-+			code = smb_krb5_copy_data_contents(&type_data,
-+							   type_blob.data,
-+							   type_blob.length);
-+			if (code != 0) {
-+				goto done;
-+			}
-+		} else {
-+			code = krb5_pac_get_buffer(context,
-+						   old_pac,
-+						   type,
-+						   &type_data);
-+			if (code != 0) {
-+				goto done;
-+			}
-+		}
-+
-+		code = krb5_pac_add_buffer(context,
-+					   new_pac,
-+					   type,
-+					   &type_data);
-+		smb_krb5_free_data_contents(context, &type_data);
-+		if (code != 0) {
-+			goto done;
-+		}
-+	}
-+
-+done:
-+	SAFE_FREE(types);
-+	talloc_free(tmp_ctx);
-+	return code;
-+}
-+#endif
- 
- /* provide header, function is exported but there are no public headers */
- 
-diff --git a/source4/kdc/mit_samba.h b/source4/kdc/mit_samba.h
-index 4431e82a1b2..f34fb1bbfd5 100644
---- a/source4/kdc/mit_samba.h
-+++ b/source4/kdc/mit_samba.h
-@@ -51,7 +51,7 @@ int mit_samba_get_pac(struct mit_samba_context *smb_ctx,
- 		      krb5_context context,
- 		      krb5_db_entry *client,
- 		      krb5_db_entry *server,
--		      krb5_keyblock *client_key,
-+		      krb5_keyblock *replaced_reply_key,
- 		      krb5_pac *pac);
- 
- krb5_error_code mit_samba_reget_pac(struct mit_samba_context *ctx,
-@@ -64,6 +64,15 @@ krb5_error_code mit_samba_reget_pac(struct mit_samba_context *ctx,
- 				    krb5_keyblock *krbtgt_keyblock,
- 				    krb5_pac *pac);
- 
-+krb5_error_code mit_samba_update_pac(struct mit_samba_context *ctx,
-+				    krb5_context context,
-+				    int flags,
-+				    krb5_db_entry *client,
-+				    krb5_db_entry *server,
-+				    krb5_db_entry *signing_krbtgt,
-+				    krb5_pac old_pac,
-+				    krb5_pac new_pac);
-+
- int mit_samba_check_client_access(struct mit_samba_context *ctx,
- 				  krb5_db_entry *client,
- 				  const char *client_name,
-diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py
-index 3af8e92d7f2..f451ad1cec2 100755
---- a/source4/selftest/tests.py
-+++ b/source4/selftest/tests.py
-@@ -964,7 +964,7 @@ for env in ['fileserver_smb1', 'nt4_member', 'clustere
- have_fast_support = 1
- claims_support = 0
- compound_id_support = 0
--tkt_sig_support = int('SAMBA4_USES_HEIMDAL' in config_hash)
-+tkt_sig_support = 1 if('SAMBA4_USES_HEIMDAL' in config_hash or 'HAVE_MIT_KRB5_1_20' in config_hash) else 0
- full_sig_support = int('SAMBA4_USES_HEIMDAL' in config_hash)
- expect_pac = int('SAMBA4_USES_HEIMDAL' in config_hash)
- extra_pac_buffers = int('SAMBA4_USES_HEIMDAL' in config_hash)
-diff --git a/wscript_configure_system_mitkrb5 b/wscript_configure_system_mitkrb5
-index efdbced6e78..b0640654260 100644
---- a/wscript_configure_system_mitkrb5
-+++ b/wscript_configure_system_mitkrb5
-@@ -98,6 +98,10 @@ if conf.env.KRB5_CONFIG:
-     else:
-         Logs.info('MIT Kerberos %s detected, MIT krb5 build can proceed' % (krb5_version))
- 
-+    if parse_version(krb5_version) < parse_version('1.20'):
-+        conf.DEFINE('HAVE_MIT_KRB5_PRE_1_20', 1)
-+    if parse_version(krb5_version) >= parse_version('1.20'):
-+        conf.DEFINE('HAVE_MIT_KRB5_1_20', 1)
-     conf.define('USING_SYSTEM_MITKRB5', '"%s"' % krb5_version)
- 
- conf.CHECK_HEADERS('krb5.h krb5/locate_plugin.h', lib='krb5')
--- 
-2.37.1
-

net/samba416.old/files/README.FreeBSD.in

@@ -1,94 +0,0 @@
-
-              !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-              !!! Please read before runing any tools !!!
-              !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-
-Documentation
-=============
-
-    o https://wiki.samba.org/index.php/Samba4/HOWTO
-
-    o https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO
-
-    o https://wiki.samba.org/index.php/Samba4/samba-tool/domain/classicupgrade/HOWTO
-
-FreeBSD specific information
-============================
-
-* Your configuration is in: %%SAMBA4_CONFDIR%%/%%SAMBA4_CONFIG%%
-
-* All the logs are under: %%SAMBA4_LOGDIR%%
-
-* All the relevant databases are under: %%SAMBA4_LOCKDIR%%
-
-* Provisioning script is: %%PREFIX%%/bin/samba-tool
-
-Samba4 provisioning requires file system(s) with the ACLs support. On
-UFS2 you need to enable POSIX ACLs by adding 'acls' option to the mount
-flags, on ZFS you need to use NFSv4 ACLs and `zfsacl` VFS module to get
-provisioning work.
-
-There is a hack in the code, that makes provisioning work on UFS2 and in
-the jails on the price of using USER extattr(2) namespace, which is less
-secure than SYSTEM namespace, as can be edited not only by root user, but
-also by the owner of the file.
-
-For the provisioning on ZFS you need to use additional parameters to the
-samba-tool, that would explicitly add `zfsacl` to the default `vfs objects`:
-
-    # samba-tool domain provision --interactive \
-            --option="vfs objects"="dfs_samba4 zfsacl"
-
-To run this port you need to perform the following steps:
----------------------------------------------------------
-
-0. If you had Samba3 port installed before, please, *take backups* of
-all the relevant files. That includes 'smb.conf' file and all the
-content of the '/var/db/samba/' directory.
-
-1a. Create new '%%SAMBA4_CONFDIR%%/%%SAMBA4_CONFIG%%' file by running:
-
-    # samba-tool domain provision
-
-1b. Or upgrade from the Samba3 'smb.conf' file by running:
-
-    # samba-tool domain classicupgrade
-
-%%AC_DC%%1c. You will need to specify location of the 'nsupdate' command in the
-%%AC_DC%%'%%SAMBA4_CONFIG%%' file:
-%%AC_DC%%
-%%AC_DC%%      nsupdate command = %%PREFIX%%/bin/samba-nsupdate -g
-%%AC_DC%%
-2. Put string 'samba_server_enable="YES"' into your /etc/rc.conf.
-
-3. Make sure that your server doesn't run Samba3, OpenLDAP and named.
-Stop them, if necessary.
-
-4. Run '%%PREFIX%%/etc/rc.d/samba_server start' or reboot.
-
-Please, check archives of samba@lists.samba.org and ask there for help,
-if necessary:
-
-    https://lists.samba.org/archive/samba/
-
-Port related bugs can be reported to the FreeBSD Bugzilla or directly to:
-
-    https://gitlab.com/samba-freebsd/ports/-/issues
-
-In case you found a bug which is clearly not related to the port build
-process itself, plese file a bug report at:
-
-    https://bugzilla.samba.org/
-
-And add me to CC list.
-
-You may find those tools helpful:
----------------------------------
-
-Microsoft Remote Server Administration Tools (RSAT) for:
-
-* Vista: http://www.microsoft.com/en-us/download/details.aspx?id=21090
-* Windows 7: http://www.microsoft.com/en-us/download/details.aspx?id=7887
-
-
-FreeBSD Samba4 port maintainer: Timur I. Bakeyev <timur@FreeBSD.org>

net/samba416.old/files/man/ctdb-script.options.5

@@ -1,558 +0,0 @@
-'\" t
-.\"     Title: ctdb-script.options
-.\"    Author: 
-.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 09/23/2020
-.\"    Manual: CTDB - clustered TDB database
-.\"    Source: ctdb
-.\"  Language: English
-.\"
-.TH "CTDB\-SCRIPT\&.OPTIO" "5" "09/23/2020" "ctdb" "CTDB \- clustered TDB database"
-.\" -----------------------------------------------------------------
-.\" * Define some portability stuff
-.\" -----------------------------------------------------------------
-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-.\" http://bugs.debian.org/507673
-.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-.ie \n(.g .ds Aq \(aq
-.el       .ds Aq '
-.\" -----------------------------------------------------------------
-.\" * set default formatting
-.\" -----------------------------------------------------------------
-.\" disable hyphenation
-.nh
-.\" disable justification (adjust text to left margin only)
-.ad l
-.\" -----------------------------------------------------------------
-.\" * MAIN CONTENT STARTS HERE *
-.\" -----------------------------------------------------------------
-.SH "NAME"
-ctdb-script.options \- CTDB scripts configuration files
-.SH "DESCRIPTION"
-.PP
-Each CTDB script has 2 possible locations for its configuration options:
-.PP
-/usr/local/etc/ctdb/script\&.options
-.RS 4
-This is a catch\-all global file for general purpose scripts and for options that are used in multiple event scripts\&.
-.RE
-.PP
-\fISCRIPT\fR\&.options
-.RS 4
-That is, options for
-\fISCRIPT\fR
-are placed in a file alongside the script, with a "\&.script" suffix added\&. This style is usually recommended for event scripts\&.
-.sp
-Options in this script\-specific file override those in the global file\&.
-.RE
-.PP
-These files should include simple shell\-style variable assignments and shell\-style comments\&.
-.SH "NETWORK CONFIGURATION"
-.SS "10\&.interface"
-.PP
-This event script handles monitoring of interfaces using by public IP addresses\&.
-.PP
-CTDB_PARTIALLY_ONLINE_INTERFACES=yes|no
-.RS 4
-Whether one or more offline interfaces should cause a monitor event to fail if there are other interfaces that are up\&. If this is "yes" and a node has some interfaces that are down then
-\fBctdb status\fR
-will display the node as "PARTIALLYONLINE"\&.
-.sp
-Note that CTDB_PARTIALLY_ONLINE_INTERFACES=yes is not generally compatible with NAT gateway or LVS\&. NAT gateway relies on the interface configured by CTDB_NATGW_PUBLIC_IFACE to be up and LVS replies on CTDB_LVS_PUBLIC_IFACE to be up\&. CTDB does not check if these options are set in an incompatible way so care is needed to understand the interaction\&.
-.sp
-Default is "no"\&.
-.RE
-.SS "11\&.natgw"
-.PP
-Provides CTDB\*(Aqs NAT gateway functionality\&.
-.PP
-NAT gateway is used to configure fallback routing for nodes when they do not host any public IP addresses\&. For example, it allows unhealthy nodes to reliably communicate with external infrastructure\&. One node in a NAT gateway group will be designated as the NAT gateway master node and other (slave) nodes will be configured with fallback routes via the NAT gateway master node\&. For more information, see the
-NAT GATEWAY
-section in
-\fBctdb\fR(7)\&.
-.PP
-CTDB_NATGW_DEFAULT_GATEWAY=\fIIPADDR\fR
-.RS 4
-IPADDR is an alternate network gateway to use on the NAT gateway master node\&. If set, a fallback default route is added via this network gateway\&.
-.sp
-No default\&. Setting this variable is optional \- if not set that no route is created on the NAT gateway master node\&.
-.RE
-.PP
-CTDB_NATGW_NODES=\fIFILENAME\fR
-.RS 4
-FILENAME contains the list of nodes that belong to the same NAT gateway group\&.
-.sp
-File format:
-.sp
-.if n \{\
-.RS 4
-.\}
-.nf
-\fIIPADDR\fR [slave\-only]
-	      
-.fi
-.if n \{\
-.RE
-.\}
-.sp
-IPADDR is the private IP address of each node in the NAT gateway group\&.
-.sp
-If "slave\-only" is specified then the corresponding node can not be the NAT gateway master node\&. In this case
-\fICTDB_NATGW_PUBLIC_IFACE\fR
-and
-\fICTDB_NATGW_PUBLIC_IP\fR
-are optional and unused\&.
-.sp
-No default, usually
-/usr/local/etc/ctdb/natgw_nodes
-when enabled\&.
-.RE
-.PP
-CTDB_NATGW_PRIVATE_NETWORK=\fIIPADDR/MASK\fR
-.RS 4
-IPADDR/MASK is the private sub\-network that is internally routed via the NAT gateway master node\&. This is usually the private network that is used for node addresses\&.
-.sp
-No default\&.
-.RE
-.PP
-CTDB_NATGW_PUBLIC_IFACE=\fIIFACE\fR
-.RS 4
-IFACE is the network interface on which the CTDB_NATGW_PUBLIC_IP will be configured\&.
-.sp
-No default\&.
-.RE
-.PP
-CTDB_NATGW_PUBLIC_IP=\fIIPADDR/MASK\fR
-.RS 4
-IPADDR/MASK indicates the IP address that is used for outgoing traffic (originating from CTDB_NATGW_PRIVATE_NETWORK) on the NAT gateway master node\&. This
-\fImust not\fR
-be a configured public IP address\&.
-.sp
-No default\&.
-.RE
-.PP
-CTDB_NATGW_STATIC_ROUTES=\fIIPADDR/MASK[@GATEWAY]\fR \&.\&.\&.
-.RS 4
-Each IPADDR/MASK identifies a network or host to which NATGW should create a fallback route, instead of creating a single default route\&. This can be used when there is already a default route, via an interface that can not reach required infrastructure, that overrides the NAT gateway default route\&.
-.sp
-If GATEWAY is specified then the corresponding route on the NATGW master node will be via GATEWAY\&. Such routes are created even if
-\fICTDB_NATGW_DEFAULT_GATEWAY\fR
-is not specified\&. If GATEWAY is not specified for some networks then routes are only created on the NATGW master node for those networks if
-\fICTDB_NATGW_DEFAULT_GATEWAY\fR
-is specified\&.
-.sp
-This should be used with care to avoid causing traffic to unnecessarily double\-hop through the NAT gateway master, even when a node is hosting public IP addresses\&. Each specified network or host should probably have a corresponding automatically created link route or static route to avoid this\&.
-.sp
-No default\&.
-.RE
-.sp
-.it 1 an-trap
-.nr an-no-space-flag 1
-.nr an-break-flag 1
-.br
-.ps +1
-\fBExample\fR
-.RS 4
-.sp
-.if n \{\
-.RS 4
-.\}
-.nf
-CTDB_NATGW_NODES=/usr/local/etc/ctdb/natgw_nodes
-CTDB_NATGW_PRIVATE_NETWORK=192\&.168\&.1\&.0/24
-CTDB_NATGW_DEFAULT_GATEWAY=10\&.0\&.0\&.1
-CTDB_NATGW_PUBLIC_IP=10\&.0\&.0\&.227/24
-CTDB_NATGW_PUBLIC_IFACE=eth0
-	
-.fi
-.if n \{\
-.RE
-.\}
-.PP
-A variation that ensures that infrastructure (ADS, DNS, \&.\&.\&.) directly attached to the public network (10\&.0\&.0\&.0/24) is always reachable would look like this:
-.sp
-.if n \{\
-.RS 4
-.\}
-.nf
-CTDB_NATGW_NODES=/usr/local/etc/ctdb/natgw_nodes
-CTDB_NATGW_PRIVATE_NETWORK=192\&.168\&.1\&.0/24
-CTDB_NATGW_PUBLIC_IP=10\&.0\&.0\&.227/24
-CTDB_NATGW_PUBLIC_IFACE=eth0
-CTDB_NATGW_STATIC_ROUTES=10\&.0\&.0\&.0/24
-	
-.fi
-.if n \{\
-.RE
-.\}
-.PP
-Note that
-\fICTDB_NATGW_DEFAULT_GATEWAY\fR
-is not specified\&.
-.RE
-.SS "13\&.per_ip_routing"
-.PP
-Provides CTDB\*(Aqs policy routing functionality\&.
-.PP
-A node running CTDB may be a component of a complex network topology\&. In particular, public addresses may be spread across several different networks (or VLANs) and it may not be possible to route packets from these public addresses via the system\*(Aqs default route\&. Therefore, CTDB has support for policy routing via the
-13\&.per_ip_routing
-eventscript\&. This allows routing to be specified for packets sourced from each public address\&. The routes are added and removed as CTDB moves public addresses between nodes\&.
-.PP
-For more information, see the
-POLICY ROUTING
-section in
-\fBctdb\fR(7)\&.
-.PP
-CTDB_PER_IP_ROUTING_CONF=\fIFILENAME\fR
-.RS 4
-FILENAME contains elements for constructing the desired routes for each source address\&.
-.sp
-The special FILENAME value
-\fB__auto_link_local__\fR
-indicates that no configuration file is provided and that CTDB should generate reasonable link\-local routes for each public IP address\&.
-.sp
-File format:
-.sp
-.if n \{\
-.RS 4
-.\}
-.nf
-		\fIIPADDR\fR \fIDEST\-IPADDR/MASK\fR [\fIGATEWAY\-IPADDR\fR]
-	      
-.fi
-.if n \{\
-.RE
-.\}
-.sp
-No default, usually
-/usr/local/etc/ctdb/policy_routing
-when enabled\&.
-.RE
-.PP
-CTDB_PER_IP_ROUTING_RULE_PREF=\fINUM\fR
-.RS 4
-NUM sets the priority (or preference) for the routing rules that are added by CTDB\&.
-.sp
-This should be (strictly) greater than 0 and (strictly) less than 32766\&. A priority of 100 is recommended, unless this conflicts with a priority already in use on the system\&. See
-\fBip\fR(8), for more details\&.
-.RE
-.PP
-CTDB_PER_IP_ROUTING_TABLE_ID_LOW=\fILOW\-NUM\fR, CTDB_PER_IP_ROUTING_TABLE_ID_HIGH=\fIHIGH\-NUM\fR
-.RS 4
-CTDB determines a unique routing table number to use for the routing related to each public address\&. LOW\-NUM and HIGH\-NUM indicate the minimum and maximum routing table numbers that are used\&.
-.sp
-\fBip\fR(8)
-uses some reserved routing table numbers below 255\&. Therefore, CTDB_PER_IP_ROUTING_TABLE_ID_LOW should be (strictly) greater than 255\&.
-.sp
-CTDB uses the standard file
-/etc/iproute2/rt_tables
-to maintain a mapping between the routing table numbers and labels\&. The label for a public address
-\fIADDR\fR
-will look like ctdb\&.\fIaddr\fR\&. This means that the associated rules and routes are easy to read (and manipulate)\&.
-.sp
-No default, usually 1000 and 9000\&.
-.RE
-.sp
-.it 1 an-trap
-.nr an-no-space-flag 1
-.nr an-break-flag 1
-.br
-.ps +1
-\fBExample\fR
-.RS 4
-.sp
-.if n \{\
-.RS 4
-.\}
-.nf
-CTDB_PER_IP_ROUTING_CONF=/usr/local/etc/ctdb/policy_routing
-CTDB_PER_IP_ROUTING_RULE_PREF=100
-CTDB_PER_IP_ROUTING_TABLE_ID_LOW=1000
-CTDB_PER_IP_ROUTING_TABLE_ID_HIGH=9000
-	
-.fi
-.if n \{\
-.RE
-.\}
-.RE
-.SS "91\&.lvs"
-.PP
-Provides CTDB\*(Aqs LVS functionality\&.
-.PP
-For a general description see the
-LVS
-section in
-\fBctdb\fR(7)\&.
-.PP
-CTDB_LVS_NODES=\fIFILENAME\fR
-.RS 4
-FILENAME contains the list of nodes that belong to the same LVS group\&.
-.sp
-File format:
-.sp
-.if n \{\
-.RS 4
-.\}
-.nf
-\fIIPADDR\fR [slave\-only]
-	      
-.fi
-.if n \{\
-.RE
-.\}
-.sp
-IPADDR is the private IP address of each node in the LVS group\&.
-.sp
-If "slave\-only" is specified then the corresponding node can not be the LVS master node\&. In this case
-\fICTDB_LVS_PUBLIC_IFACE\fR
-and
-\fICTDB_LVS_PUBLIC_IP\fR
-are optional and unused\&.
-.sp
-No default, usually
-/usr/local/etc/ctdb/lvs_nodes
-when enabled\&.
-.RE
-.PP
-CTDB_LVS_PUBLIC_IFACE=\fIINTERFACE\fR
-.RS 4
-INTERFACE is the network interface that clients will use to connection to
-\fICTDB_LVS_PUBLIC_IP\fR\&. This is optional for slave\-only nodes\&. No default\&.
-.RE
-.PP
-CTDB_LVS_PUBLIC_IP=\fIIPADDR\fR
-.RS 4
-CTDB_LVS_PUBLIC_IP is the LVS public address\&. No default\&.
-.RE
-.SH "SERVICE CONFIGURATION"
-.PP
-CTDB can be configured to manage and/or monitor various NAS (and other) services via its eventscripts\&.
-.PP
-In the simplest case CTDB will manage a service\&. This means the service will be started and stopped along with CTDB, CTDB will monitor the service and CTDB will do any required reconfiguration of the service when public IP addresses are failed over\&.
-.SS "20\&.multipathd"
-.PP
-Provides CTDB\*(Aqs Linux multipathd service management\&.
-.PP
-It can monitor multipath devices to ensure that active paths are available\&.
-.PP
-CTDB_MONITOR_MPDEVICES=\fIMP\-DEVICE\-LIST\fR
-.RS 4
-MP\-DEVICE\-LIST is a list of multipath devices for CTDB to monitor?
-.sp
-No default\&.
-.RE
-.SS "31\&.clamd"
-.PP
-This event script provide CTDB\*(Aqs ClamAV anti\-virus service management\&.
-.PP
-This eventscript is not enabled by default\&. Use
-\fBctdb enablescript\fR
-to enable it\&.
-.PP
-CTDB_CLAMD_SOCKET=\fIFILENAME\fR
-.RS 4
-FILENAME is the socket to monitor ClamAV\&.
-.sp
-No default\&.
-.RE
-.SS "49\&.winbind"
-.PP
-Provides CTDB\*(Aqs Samba winbind service management\&.
-.PP
-CTDB_SERVICE_WINBIND=\fISERVICE\fR
-.RS 4
-Distribution specific SERVICE for managing winbindd\&.
-.sp
-Default is "winbind"\&.
-.RE
-.SS "50\&.samba"
-.PP
-Provides the core of CTDB\*(Aqs Samba file service management\&.
-.PP
-CTDB_SAMBA_CHECK_PORTS=\fIPORT\-LIST\fR
-.RS 4
-When monitoring Samba, check TCP ports in space\-separated PORT\-LIST\&.
-.sp
-Default is to monitor ports that Samba is configured to listen on\&.
-.RE
-.PP
-CTDB_SAMBA_SKIP_SHARE_CHECK=yes|no
-.RS 4
-As part of monitoring, should CTDB skip the check for the existence of each directory configured as share in Samba\&. This may be desirable if there is a large number of shares\&.
-.sp
-Default is no\&.
-.RE
-.PP
-CTDB_SERVICE_NMB=\fISERVICE\fR
-.RS 4
-Distribution specific SERVICE for managing nmbd\&.
-.sp
-Default is distribution\-dependant\&.
-.RE
-.PP
-CTDB_SERVICE_SMB=\fISERVICE\fR
-.RS 4
-Distribution specific SERVICE for managing smbd\&.
-.sp
-Default is distribution\-dependant\&.
-.RE
-.SS "60\&.nfs"
-.PP
-This event script (along with 06\&.nfs) provides CTDB\*(Aqs NFS service management\&.
-.PP
-This includes parameters for the kernel NFS server\&. Alternative NFS subsystems (such as
-\m[blue]\fBNFS\-Ganesha\fR\m[]\&\s-2\u[1]\d\s+2) can be integrated using
-\fICTDB_NFS_CALLOUT\fR\&.
-.PP
-CTDB_NFS_CALLOUT=\fICOMMAND\fR
-.RS 4
-COMMAND specifies the path to a callout to handle interactions with the configured NFS system, including startup, shutdown, monitoring\&.
-.sp
-Default is the included
-\fBnfs\-linux\-kernel\-callout\fR\&.
-.RE
-.PP
-CTDB_NFS_CHECKS_DIR=\fIDIRECTORY\fR
-.RS 4
-Specifies the path to a DIRECTORY containing files that describe how to monitor the responsiveness of NFS RPC services\&. See the README file for this directory for an explanation of the contents of these "check" files\&.
-.sp
-CTDB_NFS_CHECKS_DIR can be used to point to different sets of checks for different NFS servers\&.
-.sp
-One way of using this is to have it point to, say,
-/usr/local/etc/ctdb/nfs\-checks\-enabled\&.d
-and populate it with symbolic links to the desired check files\&. This avoids duplication and is upgrade\-safe\&.
-.sp
-Default is
-/usr/local/etc/ctdb/nfs\-checks\&.d, which contains NFS RPC checks suitable for Linux kernel NFS\&.
-.RE
-.PP
-CTDB_NFS_SKIP_SHARE_CHECK=yes|no
-.RS 4
-As part of monitoring, should CTDB skip the check for the existence of each directory exported via NFS\&. This may be desirable if there is a large number of exports\&.
-.sp
-Default is no\&.
-.RE
-.PP
-CTDB_RPCINFO_LOCALHOST=\fIIPADDR\fR|\fIHOSTNAME\fR
-.RS 4
-IPADDR or HOSTNAME indicates the address that
-\fBrpcinfo\fR
-should connect to when doing
-\fBrpcinfo\fR
-check on IPv4 RPC service during monitoring\&. Optimally this would be "localhost"\&. However, this can add some performance overheads\&.
-.sp
-Default is "127\&.0\&.0\&.1"\&.
-.RE
-.PP
-CTDB_RPCINFO_LOCALHOST6=\fIIPADDR\fR|\fIHOSTNAME\fR
-.RS 4
-IPADDR or HOSTNAME indicates the address that
-\fBrpcinfo\fR
-should connect to when doing
-\fBrpcinfo\fR
-check on IPv6 RPC service during monitoring\&. Optimally this would be "localhost6" (or similar)\&. However, this can add some performance overheads\&.
-.sp
-Default is "::1"\&.
-.RE
-.PP
-CTDB_NFS_STATE_FS_TYPE=\fITYPE\fR
-.RS 4
-The type of filesystem used for a clustered NFS\*(Aq shared state\&. No default\&.
-.RE
-.PP
-CTDB_NFS_STATE_MNT=\fIDIR\fR
-.RS 4
-The directory where a clustered NFS\*(Aq shared state will be located\&. No default\&.
-.RE
-.SS "70\&.iscsi"
-.PP
-Provides CTDB\*(Aqs Linux iSCSI tgtd service management\&.
-.PP
-CTDB_START_ISCSI_SCRIPTS=\fIDIRECTORY\fR
-.RS 4
-DIRECTORY on shared storage containing scripts to start tgtd for each public IP address\&.
-.sp
-No default\&.
-.RE
-.SH "DATABASE SETUP"
-.PP
-CTDB checks the consistency of databases during startup\&.
-.SS "00\&.ctdb"
-.PP
-CTDB_MAX_CORRUPT_DB_BACKUPS=\fINUM\fR
-.RS 4
-NUM is the maximum number of volatile TDB database backups to be kept (for each database) when a corrupt database is found during startup\&. Volatile TDBs are zeroed during startup so backups are needed to debug any corruption that occurs before a restart\&.
-.sp
-Default is 10\&.
-.RE
-.SH "SYSTEM RESOURCE MONITORING"
-.SS "05\&.system"
-.PP
-Provides CTDB\*(Aqs filesystem and memory usage monitoring\&.
-.PP
-CTDB can experience seemingly random (performance and other) issues if system resources become too constrained\&. Options in this section can be enabled to allow certain system resources to be checked\&. They allows warnings to be logged and nodes to be marked unhealthy when system resource usage reaches the configured thresholds\&.
-.PP
-Some checks are enabled by default\&. It is recommended that these checks remain enabled or are augmented by extra checks\&. There is no supported way of completely disabling the checks\&.
-.PP
-CTDB_MONITOR_FILESYSTEM_USAGE=\fIFS\-LIMIT\-LIST\fR
-.RS 4
-FS\-LIMIT\-LIST is a space\-separated list of
-\fIFILESYSTEM\fR:\fIWARN_LIMIT\fR[:\fIUNHEALTHY_LIMIT\fR]
-triples indicating that warnings should be logged if the space used on FILESYSTEM reaches WARN_LIMIT%\&. If usage reaches UNHEALTHY_LIMIT then the node should be flagged unhealthy\&. Either WARN_LIMIT or UNHEALTHY_LIMIT may be left blank, meaning that check will be omitted\&.
-.sp
-Default is to warn for each filesystem containing a database directory (volatile\ \&database\ \&directory,
-persistent\ \&database\ \&directory,
-state\ \&database\ \&directory) with a threshold of 90%\&.
-.RE
-.PP
-CTDB_MONITOR_MEMORY_USAGE=\fIMEM\-LIMITS\fR
-.RS 4
-MEM\-LIMITS takes the form
-\fIWARN_LIMIT\fR[:\fIUNHEALTHY_LIMIT\fR]
-indicating that warnings should be logged if memory usage reaches WARN_LIMIT%\&. If usage reaches UNHEALTHY_LIMIT then the node should be flagged unhealthy\&. Either WARN_LIMIT or UNHEALTHY_LIMIT may be left blank, meaning that check will be omitted\&.
-.sp
-Default is 80, so warnings will be logged when memory usage reaches 80%\&.
-.RE
-.SH "EVENT SCRIPT DEBUGGING"
-.SS "debug\-hung\-script\&.sh"
-.PP
-CTDB_DEBUG_HUNG_SCRIPT_STACKPAT=\fIREGEXP\fR
-.RS 4
-REGEXP specifies interesting processes for which stack traces should be logged when debugging hung eventscripts and those processes are matched in pstree output\&. REGEXP is an extended regexp so choices are separated by pipes (\*(Aq|\*(Aq)\&. However, REGEXP should not contain parentheses\&. See also the
-\fBctdb.conf\fR(5)
-[event] "debug\ \&script" option\&.
-.sp
-Default is "exportfs|rpcinfo"\&.
-.RE
-.SH "FILES"
-.RS 4
-/usr/local/etc/ctdb/script\&.options
-.RE
-.SH "SEE ALSO"
-.PP
-\fBctdbd\fR(1),
-\fBctdb\fR(7),
-\m[blue]\fB\%http://ctdb.samba.org/\fR\m[]
-.SH "AUTHOR"
-.br
-.PP
-This documentation was written by Amitay Isaacs, Martin Schwenke
-.SH "COPYRIGHT"
-.br
-Copyright \(co 2007 Andrew Tridgell, Ronnie Sahlberg
-.br
-.PP
-This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version\&.
-.PP
-This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE\&. See the GNU General Public License for more details\&.
-.PP
-You should have received a copy of the GNU General Public License along with this program; if not, see
-\m[blue]\fB\%http://www.gnu.org/licenses\fR\m[]\&.
-.sp
-.SH "NOTES"
-.IP " 1." 4
-NFS-Ganesha
-.RS 4
-\%https://github.com/nfs-ganesha/nfs-ganesha/wiki
-.RE

net/samba416.old/files/man/ctdb-statistics.7

@@ -1,550 +0,0 @@
-'\" t
-.\"     Title: ctdb-statistics
-.\"    Author: 
-.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 09/23/2020
-.\"    Manual: CTDB - clustered TDB database
-.\"    Source: ctdb
-.\"  Language: English
-.\"
-.TH "CTDB\-STATISTICS" "7" "09/23/2020" "ctdb" "CTDB \- clustered TDB database"
-.\" -----------------------------------------------------------------
-.\" * Define some portability stuff
-.\" -----------------------------------------------------------------
-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-.\" http://bugs.debian.org/507673
-.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-.ie \n(.g .ds Aq \(aq
-.el       .ds Aq '
-.\" -----------------------------------------------------------------
-.\" * set default formatting
-.\" -----------------------------------------------------------------
-.\" disable hyphenation
-.nh
-.\" disable justification (adjust text to left margin only)
-.ad l
-.\" -----------------------------------------------------------------
-.\" * MAIN CONTENT STARTS HERE *
-.\" -----------------------------------------------------------------
-.SH "NAME"
-ctdb-statistics \- CTDB statistics output
-.SH "OVERALL STATISTICS"
-.PP
-CTDB maintains information about various messages communicated and some of the important operations per node\&. See the
-\fBctdb\fR(1)
-commands
-\fBstatistics\fR
-and
-\fBstatisticsreset\fR
-for displaying statistics\&.
-.SS "Example: ctdb statistics"
-.sp
-.if n \{\
-.RS 4
-.\}
-.nf
-CTDB version 1
-Current time of statistics  :                Fri Sep 12 13:32:32 2014
-Statistics collected since  : (000 01:49:20) Fri Sep 12 11:43:12 2014
- num_clients                        6
- frozen                             0
- recovering                         0
- num_recoveries                     2
- client_packets_sent           281293
- client_packets_recv           296317
- node_packets_sent             452387
- node_packets_recv             182394
- keepalive_packets_sent          3927
- keepalive_packets_recv          3928
- node
-     req_call                   48605
-     reply_call                     1
-     req_dmaster                23404
-     reply_dmaster              24917
-     reply_error                    0
-     req_message                  958
-     req_control               197513
-     reply_control             153705
- client
-     req_call                  130866
-     req_message                  770
-     req_control               168921
- timeouts
-     call                           0
-     control                        0
-     traverse                       0
- locks
-     num_calls                    220
-     num_current                    0
-     num_pending                    0
-     num_failed                     0
- total_calls                   130866
- pending_calls                      0
- childwrite_calls                   1
- pending_childwrite_calls             0
- memory_used                   334490
- max_hop_count                     18
- total_ro_delegations               2
- total_ro_revokes                   2
- hop_count_buckets: 42816 5464 26 1 0 0 0 0 0 0 0 0 0 0 0 0
- lock_buckets: 9 165 14 15 7 2 2 0 0 0 0 0 0 0 0 0
- locks_latency      MIN/AVG/MAX     0\&.000685/0\&.160302/6\&.369342 sec out of 214
- reclock_ctdbd      MIN/AVG/MAX     0\&.004940/0\&.004969/0\&.004998 sec out of 2
- reclock_recd       MIN/AVG/MAX     0\&.000000/0\&.000000/0\&.000000 sec out of 0
- call_latency       MIN/AVG/MAX     0\&.000006/0\&.000719/4\&.562991 sec out of 126626
- childwrite_latency MIN/AVG/MAX     0\&.014527/0\&.014527/0\&.014527 sec out of 1
-	
-.fi
-.if n \{\
-.RE
-.\}
-.SS "CTDB version"
-.PP
-Version of the ctdb protocol used by the node\&.
-.SS "Current time of statistics"
-.PP
-Time when the statistics are generated\&.
-.PP
-This is useful when collecting statistics output periodically for post\-processing\&.
-.SS "Statistics collected since"
-.PP
-Time when ctdb was started or the last time statistics was reset\&. The output shows the duration and the timestamp\&.
-.SS "num_clients"
-.PP
-Number of processes currently connected to CTDB\*(Aqs unix socket\&. This includes recovery daemon, ctdb tool and samba processes (smbd, winbindd)\&.
-.SS "frozen"
-.PP
-1 if the databases are currently frozen, 0 otherwise\&.
-.SS "recovering"
-.PP
-1 if recovery is active, 0 otherwise\&.
-.SS "num_recoveries"
-.PP
-Number of recoveries since the start of ctdb or since the last statistics reset\&.
-.SS "client_packets_sent"
-.PP
-Number of packets sent to client processes via unix domain socket\&.
-.SS "client_packets_recv"
-.PP
-Number of packets received from client processes via unix domain socket\&.
-.SS "node_packets_sent"
-.PP
-Number of packets sent to the other nodes in the cluster via TCP\&.
-.SS "node_packets_recv"
-.PP
-Number of packets received from the other nodes in the cluster via TCP\&.
-.SS "keepalive_packets_sent"
-.PP
-Number of keepalive messages sent to other nodes\&.
-.PP
-CTDB periodically sends keepalive messages to other nodes\&. See
-KeepaliveInterval
-tunable in
-\fBctdb-tunables\fR(7)
-for more details\&.
-.SS "keepalive_packets_recv"
-.PP
-Number of keepalive messages received from other nodes\&.
-.SS "node"
-.PP
-This section lists various types of messages processed which originated from other nodes via TCP\&.
-.sp
-.it 1 an-trap
-.nr an-no-space-flag 1
-.nr an-break-flag 1
-.br
-.ps +1
-\fBreq_call\fR
-.RS 4
-.PP
-Number of REQ_CALL messages from the other nodes\&.
-.RE
-.sp
-.it 1 an-trap
-.nr an-no-space-flag 1
-.nr an-break-flag 1
-.br
-.ps +1
-\fBreply_call\fR
-.RS 4
-.PP
-Number of REPLY_CALL messages from the other nodes\&.
-.RE
-.sp
-.it 1 an-trap
-.nr an-no-space-flag 1
-.nr an-break-flag 1
-.br
-.ps +1
-\fBreq_dmaster\fR
-.RS 4
-.PP
-Number of REQ_DMASTER messages from the other nodes\&.
-.RE
-.sp
-.it 1 an-trap
-.nr an-no-space-flag 1
-.nr an-break-flag 1
-.br
-.ps +1
-\fBreply_dmaster\fR
-.RS 4
-.PP
-Number of REPLY_DMASTER messages from the other nodes\&.
-.RE
-.sp
-.it 1 an-trap
-.nr an-no-space-flag 1
-.nr an-break-flag 1
-.br
-.ps +1
-\fBreply_error\fR
-.RS 4
-.PP
-Number of REPLY_ERROR messages from the other nodes\&.
-.RE
-.sp
-.it 1 an-trap
-.nr an-no-space-flag 1
-.nr an-break-flag 1
-.br
-.ps +1
-\fBreq_message\fR
-.RS 4
-.PP
-Number of REQ_MESSAGE messages from the other nodes\&.
-.RE
-.sp
-.it 1 an-trap
-.nr an-no-space-flag 1
-.nr an-break-flag 1
-.br
-.ps +1
-\fBreq_control\fR
-.RS 4
-.PP
-Number of REQ_CONTROL messages from the other nodes\&.
-.RE
-.sp
-.it 1 an-trap
-.nr an-no-space-flag 1
-.nr an-break-flag 1
-.br
-.ps +1
-\fBreply_control\fR
-.RS 4
-.PP
-Number of REPLY_CONTROL messages from the other nodes\&.
-.RE
-.sp
-.it 1 an-trap
-.nr an-no-space-flag 1
-.nr an-break-flag 1
-.br
-.ps +1
-\fBreq_tunnel\fR
-.RS 4
-.PP
-Number of REQ_TUNNEL messages from the other nodes\&.
-.RE
-.SS "client"
-.PP
-This section lists various types of messages processed which originated from clients via unix domain socket\&.
-.sp
-.it 1 an-trap
-.nr an-no-space-flag 1
-.nr an-break-flag 1
-.br
-.ps +1
-\fBreq_call\fR
-.RS 4
-.PP
-Number of REQ_CALL messages from the clients\&.
-.RE
-.sp
-.it 1 an-trap
-.nr an-no-space-flag 1
-.nr an-break-flag 1
-.br
-.ps +1
-\fBreq_message\fR
-.RS 4
-.PP
-Number of REQ_MESSAGE messages from the clients\&.
-.RE
-.sp
-.it 1 an-trap
-.nr an-no-space-flag 1
-.nr an-break-flag 1
-.br
-.ps +1
-\fBreq_control\fR
-.RS 4
-.PP
-Number of REQ_CONTROL messages from the clients\&.
-.RE
-.sp
-.it 1 an-trap
-.nr an-no-space-flag 1
-.nr an-break-flag 1
-.br
-.ps +1
-\fBreq_tunnel\fR
-.RS 4
-.PP
-Number of REQ_TUNNEL messages from the clients\&.
-.RE
-.SS "timeouts"
-.PP
-This section lists timeouts occurred when sending various messages\&.
-.sp
-.it 1 an-trap
-.nr an-no-space-flag 1
-.nr an-break-flag 1
-.br
-.ps +1
-\fBcall\fR
-.RS 4
-.PP
-Number of timeouts for REQ_CALL messages\&.
-.RE
-.sp
-.it 1 an-trap
-.nr an-no-space-flag 1
-.nr an-break-flag 1
-.br
-.ps +1
-\fBcontrol\fR
-.RS 4
-.PP
-Number of timeouts for REQ_CONTROL messages\&.
-.RE
-.sp
-.it 1 an-trap
-.nr an-no-space-flag 1
-.nr an-break-flag 1
-.br
-.ps +1
-\fBtraverse\fR
-.RS 4
-.PP
-Number of timeouts for database traverse operations\&.
-.RE
-.SS "locks"
-.PP
-This section lists locking statistics\&.
-.sp
-.it 1 an-trap
-.nr an-no-space-flag 1
-.nr an-break-flag 1
-.br
-.ps +1
-\fBnum_calls\fR
-.RS 4
-.PP
-Number of completed lock calls\&. This includes database locks and record locks\&.
-.RE
-.sp
-.it 1 an-trap
-.nr an-no-space-flag 1
-.nr an-break-flag 1
-.br
-.ps +1
-\fBnum_current\fR
-.RS 4
-.PP
-Number of scheduled lock calls\&. This includes database locks and record locks\&.
-.RE
-.sp
-.it 1 an-trap
-.nr an-no-space-flag 1
-.nr an-break-flag 1
-.br
-.ps +1
-\fBnum_pending\fR
-.RS 4
-.PP
-Number of queued lock calls\&. This includes database locks and record locks\&.
-.RE
-.sp
-.it 1 an-trap
-.nr an-no-space-flag 1
-.nr an-break-flag 1
-.br
-.ps +1
-\fBnum_failed\fR
-.RS 4
-.PP
-Number of failed lock calls\&. This includes database locks and record locks\&.
-.RE
-.SS "total_calls"
-.PP
-Number of req_call messages processed from clients\&. This number should be same as client \-\-> req_call\&.
-.SS "pending_calls"
-.PP
-Number of req_call messages which are currently being processed\&. This number indicates the number of record migrations in flight\&.
-.SS "childwrite_calls"
-.PP
-Number of record update calls\&. Record update calls are used to update a record under a transaction\&.
-.SS "pending_childwrite_calls"
-.PP
-Number of record update calls currently active\&.
-.SS "memory_used"
-.PP
-The amount of memory in bytes currently used by CTDB using talloc\&. This includes all the memory used for CTDB\*(Aqs internal data structures\&. This does not include the memory mapped TDB databases\&.
-.SS "max_hop_count"
-.PP
-The maximum number of hops required for a record migration request to obtain the record\&. High numbers indicate record contention\&.
-.SS "total_ro_delegations"
-.PP
-Number of readonly delegations created\&.
-.SS "total_ro_revokes"
-.PP
-Number of readonly delegations that were revoked\&. The difference between total_ro_revokes and total_ro_delegations gives the number of currently active readonly delegations\&.
-.SS "hop_count_buckets"
-.PP
-Distribution of migration requests based on hop counts values\&. Buckets are 0, <\ \&2, <\ \&4, <\ \&8, <\ \&16, <\ \&32, <\ \&64, <\ \&128, <\ \&256, <\ \&512, <\ \&1024, <\ \&2048, <\ \&4096, <\ \&8192, <\ \&16384, ≥\ \&16384\&.
-.SS "lock_buckets"
-.PP
-Distribution of record lock requests based on time required to obtain locks\&. Buckets are <\ \&1ms, <\ \&10ms, <\ \&100ms, <\ \&1s, <\ \&2s, <\ \&4s, <\ \&8s, <\ \&16s, <\ \&32s, <\ \&64s, ≥\ \&64s\&.
-.SS "locks_latency"
-.PP
-The minimum, the average and the maximum time (in seconds) required to obtain record locks\&.
-.SS "reclock_ctdbd"
-.PP
-The minimum, the average and the maximum time (in seconds) required to check if recovery lock is still held by recovery daemon when recovery mode is changed\&. This check is done in ctdb daemon\&.
-.SS "reclock_recd"
-.PP
-The minimum, the average and the maximum time (in seconds) required to check if recovery lock is still held by recovery daemon during recovery\&. This check is done in recovery daemon\&.
-.SS "call_latency"
-.PP
-The minimum, the average and the maximum time (in seconds) required to process a REQ_CALL message from client\&. This includes the time required to migrate a record from remote node, if the record is not available on the local node\&.
-.SS "childwrite_latency"
-.PP
-Default: 0
-.PP
-The minimum, the average and the maximum time (in seconds) required to update records under a transaction\&.
-.SH "DATABASE STATISTICS"
-.PP
-CTDB maintains per database statistics about important operations\&. See the
-\fBctdb\fR(1)
-command
-\fBdbstatistics\fR
-for displaying database statistics\&.
-.SS "Example: ctdb dbstatistics notify_index\&.tdb"
-.sp
-.if n \{\
-.RS 4
-.\}
-.nf
-DB Statistics: notify_index\&.tdb
- ro_delegations                     0
- ro_revokes                         0
- locks
-     total                        131
-     failed                         0
-     current                        0
-     pending                        0
- hop_count_buckets: 9890 5454 26 1 0 0 0 0 0 0 0 0 0 0 0 0
- lock_buckets: 4 117 10 0 0 0 0 0 0 0 0 0 0 0 0 0
- locks_latency      MIN/AVG/MAX     0\&.000683/0\&.004198/0\&.014730 sec out of 131
- Num Hot Keys:     3
-     Count:7 Key:2f636c75737465726673
-     Count:18 Key:2f636c757374657266732f64617461
-     Count:7 Key:2f636c757374657266732f646174612f636c69656e7473
-	
-.fi
-.if n \{\
-.RE
-.\}
-.SS "DB Statistics"
-.PP
-Name of the database\&.
-.SS "ro_delegations"
-.PP
-Number of readonly delegations created in the database\&.
-.SS "ro_revokes"
-.PP
-Number of readonly delegations revoked\&. The difference in ro_delegations and ro_revokes indicates the currently active readonly delegations\&.
-.SS "locks"
-.PP
-This section lists locking statistics\&.
-.sp
-.it 1 an-trap
-.nr an-no-space-flag 1
-.nr an-break-flag 1
-.br
-.ps +1
-\fBtotal\fR
-.RS 4
-.PP
-Number of completed lock calls\&. This includes database locks and record locks\&.
-.RE
-.sp
-.it 1 an-trap
-.nr an-no-space-flag 1
-.nr an-break-flag 1
-.br
-.ps +1
-\fBfailed\fR
-.RS 4
-.PP
-Number of failed lock calls\&. This includes database locks and record locks\&.
-.RE
-.sp
-.it 1 an-trap
-.nr an-no-space-flag 1
-.nr an-break-flag 1
-.br
-.ps +1
-\fBcurrent\fR
-.RS 4
-.PP
-Number of scheduled lock calls\&. This includes database locks and record locks\&.
-.RE
-.sp
-.it 1 an-trap
-.nr an-no-space-flag 1
-.nr an-break-flag 1
-.br
-.ps +1
-\fBpending\fR
-.RS 4
-.PP
-Number of queued lock calls\&. This includes database locks and record locks\&.
-.RE
-.SS "hop_count_buckets"
-.PP
-Distribution of migration requests based on hop counts values\&. Buckets are 0, <\ \&2, <\ \&4, <\ \&8, <\ \&16, <\ \&32, <\ \&64, <\ \&128, <\ \&256, <\ \&512, <\ \&1024, <\ \&2048, <\ \&4096, <\ \&8192, <\ \&16384, ≥\ \&16384\&.
-.SS "lock_buckets"
-.PP
-Distribution of record lock requests based on time required to obtain locks\&. Buckets are <\ \&1ms, <\ \&10ms, <\ \&100ms, <\ \&1s, <\ \&2s, <\ \&4s, <\ \&8s, <\ \&16s, <\ \&32s, <\ \&64s, ≥\ \&64s\&.
-.SS "locks_latency"
-.PP
-The minimum, the average and the maximum time (in seconds) required to obtain record locks\&.
-.SS "Num Hot Keys"
-.PP
-Number of contended records determined by hop count\&. CTDB keeps track of top 10 hot records and the output shows hex encoded keys for the hot records\&.
-.SH "SEE ALSO"
-.PP
-\fBctdb\fR(1),
-\fBctdbd\fR(1),
-\fBctdb-tunables\fR(7),
-\m[blue]\fB\%http://ctdb.samba.org/\fR\m[]
-.SH "AUTHOR"
-.br
-.PP
-This documentation was written by Amitay Isaacs, Martin Schwenke
-.SH "COPYRIGHT"
-.br
-Copyright \(co 2007 Andrew Tridgell, Ronnie Sahlberg
-.br
-.PP
-This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version\&.
-.PP
-This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE\&. See the GNU General Public License for more details\&.
-.PP
-You should have received a copy of the GNU General Public License along with this program; if not, see
-\m[blue]\fB\%http://www.gnu.org/licenses\fR\m[]\&.
-.sp