diff options
Diffstat (limited to 'net/samba3')
| -rw-r--r-- | net/samba3/Makefile | 38 | ||||
| -rw-r--r-- | net/samba3/distinfo | 6 | ||||
| -rw-r--r-- | net/samba3/files/patch-Makefile.in | 26 | ||||
| -rw-r--r-- | net/samba3/files/patch-aclocal.m4 | 138 | ||||
| -rw-r--r-- | net/samba3/files/patch-configure.in | 34 | ||||
| -rw-r--r-- | net/samba3/files/patch-lib__replace__repdir_getdirentries.c | 15 | ||||
| -rw-r--r-- | net/samba3/files/patch-lib__system.c | 212 | ||||
| -rw-r--r-- | net/samba3/files/patch-lib__system_smbd.c | 17 | ||||
| -rw-r--r-- | net/samba3/files/patch-libaddns__dnsgss.c | 55 | ||||
| -rw-r--r-- | net/samba3/files/patch-nsswitch_winbindd.c | 12 | ||||
| -rw-r--r-- | net/samba3/files/patch-samba3-undo_the_right_thing2.patch | 14 | ||||
| -rw-r--r-- | net/samba3/files/patch-smbd_sec_ctx.c | 170 | ||||
| -rw-r--r-- | net/samba3/files/patch-vfs_zfsacl.c | 190 | ||||
| -rw-r--r-- | net/samba3/pkg-plist.swat | 1 |
14 files changed, 851 insertions, 77 deletions
diff --git a/net/samba3/Makefile b/net/samba3/Makefile index ef0021ee576c..fd4769c8d399 100644 --- a/net/samba3/Makefile +++ b/net/samba3/Makefile @@ -6,15 +6,15 @@ # PORTNAME= samba -PORTVERSION?= 3.0.25a -PORTREVISION?= 1 +PORTVERSION?= 3.0.26a +PORTREVISION?= 0 PORTEPOCH?= 1 CATEGORIES?= net MASTER_SITES= ${MASTER_SITE_SAMBA} MASTER_SITE_SUBDIR= . old-versions rc pre DISTNAME= ${PORTNAME}-${PORTVERSION:S/.p/pre/:S/.r/rc/} -MAINTAINER?= timur@gnu.org +MAINTAINER?= timur@FreeBSD.org COMMENT?= A free SMB and CIFS client and server for UNIX CONFLICTS?= ja-samba-2.* ja-samba-3.* samba-2.* sharity-light-1.* @@ -70,13 +70,13 @@ OPTIONS= LDAP "With LDAP support" on \ SYSLOG "With Syslog support" off \ QUOTAS "With Disk quota support" off \ UTMP "With UTMP accounting support" on \ - MSDFS "With MSDFS support" off \ + MSDFS "With MSDFS support" on \ PAM_SMBPASS "With PAM authentication vs passdb backends" off \ CLUSTER "With experimental cluster support" off \ DNSUPDATE "With dynamic DNS update" off \ EXP_MODULES "With experimental modules" off \ POPT "With system-wide POPT library" on \ - MAX_DEBUG "With maximum debuging" off \ + MAX_DEBUG "With maximum debugging" off \ SMBTORTURE "With smbtorture" off .endif @@ -105,6 +105,9 @@ CONFIGURE_ARGS+= --with-pam --with-readline --with-sendfile-support \ --without-libaddns --with-included-iniparser \ --enable-largefile +# Let proccess generate meaningful backtrace on core dump +LIB_DEPENDS+= execinfo.1:${PORTSDIR}/devel/libexecinfo + .if !defined(WITHOUT_LDAP) SAMBA_WANT_LDAP= yes .endif @@ -120,12 +123,16 @@ SUB_LIST+= CUPSD="@comment " .if defined(WITH_MAX_DEBUG) LIB_DEPENDS+= dmalloc.1:${PORTSDIR}/devel/dmalloc -CPPFLAGS+= -I${LOCALBASE}/include -LDFLAGS+= -L${LOCALBASE}/lib +CPPFLAGS+= -g -I${LOCALBASE}/include +LDFLAGS+= -g -L${LOCALBASE}/lib CONFIGURE_ENV+= CPPFLAGS="${CPPFLAGS}" LDFLAGS="${LDFLAGS}" -CONFIGURE_ARGS+= --enable-debug --enable-developer --enable-krb5developer --enable-dmalloc --with-profiling-data +CONFIGURE_ARGS+= --enable-debug --enable-socket-wrapper \ + --enable-developer --enable-krb5developer \ + --enable-dmalloc --with-profiling-data .else -CONFIGURE_ARGS+= --disable-debug --disable-developer --disable-krb5developer --disable-dmalloc --without-profiling-data +CONFIGURE_ARGS+= --disable-debug --disable-socket-wrapper \ + --disable-developer --disable-krb5developer \ + --disable-dmalloc --without-profiling-data .endif .if defined(WITH_SYSLOG) @@ -164,8 +171,8 @@ PLIST_SUB+= WINBIND_NSS="@comment " . endif .else CONFIGURE_ARGS+= --without-winbind -PLIST_SUB+= WINBIND="@comment " -SUB_LIST+= WINBIND="@comment " +PLIST_SUB+= WINBIND="@comment " WINBIND_NSS="@comment " +SUB_LIST+= WINBIND="@comment " WINBIND_NSS="@comment " .endif .if defined(WITH_FAM_SUPPORT) @@ -221,7 +228,7 @@ CONFIGURE_ARGS+= --without-cluster-support .if defined(WITH_DNSUPDATE) . if !defined(WITH_ADS) -IGNORE= dynamic DNS updates require ADS support +IGNORE= dynamic DNS updates require ADS support. Disable DNSUPDATE support . endif LIB_DEPENDS+= uuid.1:${PORTSDIR}/misc/e2fsprogs-libuuid CONFIGURE_ARGS+= --with-dnsupdate @@ -294,6 +301,10 @@ PLIST_SUB+= SMBTORTURE="" PLIST_SUB+= SMBTORTURE="@comment " .endif +.if defined(WITH_SMBTORTURE4_PATH) && exists(${WITH_SMBTORTURE4_PATH}) +CONFIGURE_ARGS+= --with-smbtorture4-path=${WITH_SMBTORTURE4_PATH} +.endif + .if !defined(SAMBA_SUBPORT) # Samba server itself MAN1= findsmb.1 log2pcap.1 nmblookup.1 ntlm_auth.1 profiles.1 \ @@ -471,4 +482,7 @@ post-install: # !SAMBA_SUBPORT .endif +test: + cd ${WRKSRC} && ${MAKE} test + .include <bsd.port.post.mk> diff --git a/net/samba3/distinfo b/net/samba3/distinfo index 8e6528892605..41e6bbb825ff 100644 --- a/net/samba3/distinfo +++ b/net/samba3/distinfo @@ -1,3 +1,3 @@ -MD5 (samba-3.0.25a.tar.gz) = cbd33bb5d904ccd8a294a4019743745d -SHA256 (samba-3.0.25a.tar.gz) = 12f4fa70b5131520b58f3b62450a2e304dd63efe2532905a0760c7f11a308470 -SIZE (samba-3.0.25a.tar.gz) = 18145636 +MD5 (samba-3.0.26a.tar.gz) = 16b47e6add332e5ac4523fc88c381d06 +SHA256 (samba-3.0.26a.tar.gz) = 41e11f69288b2291f12f8db093e2c55dc1360555d4542c83c0758c4c7a3d4d37 +SIZE (samba-3.0.26a.tar.gz) = 18180031 diff --git a/net/samba3/files/patch-Makefile.in b/net/samba3/files/patch-Makefile.in index fec7b561bcd8..7eed1927ae02 100644 --- a/net/samba3/files/patch-Makefile.in +++ b/net/samba3/files/patch-Makefile.in @@ -1,6 +1,26 @@ ---- ./Makefile.in.orig Mon Apr 9 19:31:00 2007 -+++ ./Makefile.in Tue Apr 17 02:06:59 2007 -@@ -1558,8 +1558,7 @@ +--- Makefile.in.orig Tue Jun 19 19:11:39 2007 ++++ Makefile.in Thu Aug 30 23:19:54 2007 +@@ -424,6 +424,7 @@ + VFS_HPUXACL_OBJ = modules/vfs_hpuxacl.o + VFS_IRIXACL_OBJ = modules/vfs_irixacl.o + VFS_TRU64ACL_OBJ = modules/vfs_tru64acl.o ++VFS_ZFSACL_OBJ = modules/vfs_zfsacl.o + VFS_CATIA_OBJ = modules/vfs_catia.o + VFS_CACHEPRIME_OBJ = modules/vfs_cacheprime.o + VFS_PREALLOC_OBJ = modules/vfs_prealloc.o +@@ -1477,6 +1478,11 @@ + @$(SHLD) $(LDSHFLAGS) -o $@ $(VFS_TRU64ACL_OBJ) \ + @SONAMEFLAG@`basename $@` + ++bin/zfsacl.@SHLIBEXT@: $(VFS_ZFSACL_OBJ) ++ @echo "Building plugin $@" ++ @$(SHLD) $(LDSHFLAGS) -o $@ $(VFS_ZFSACL_OBJ) \ ++ @SONAMEFLAG@`basename $@` ++ + bin/catia.@SHLIBEXT@: proto_exists $(VFS_CATIA_OBJ) + @echo "Building plugin $@" + @$(SHLD) $(LDSHFLAGS) -o $@ $(VFS_CATIA_OBJ) \ +@@ -1566,8 +1572,7 @@ @echo Linking $@ @$(CC) $(FLAGS) -o $@ $(DYNEXP) script/tests/timelimit.o diff --git a/net/samba3/files/patch-aclocal.m4 b/net/samba3/files/patch-aclocal.m4 new file mode 100644 index 000000000000..030bc17a97bd --- /dev/null +++ b/net/samba3/files/patch-aclocal.m4 @@ -0,0 +1,138 @@ +--- aclocal.m4.orig Thu Aug 30 21:19:57 2007 ++++ aclocal.m4 Thu Aug 30 21:40:52 2007 +@@ -307,84 +307,79 @@ + dnl those with the standalone portable libiconv installed). + AC_MSG_CHECKING(for iconv in $1) + jm_cv_func_iconv="no" ++ jm_cv_include="" + jm_cv_lib_iconv="" +- jm_cv_giconv=no ++ jm_cv_giconv="no" + jm_save_LIBS="$LIBS" + + dnl Check for include in funny place but no lib needed + if test "$jm_cv_func_iconv" != yes; then + AC_TRY_LINK([#include <stdlib.h> + #include <giconv.h>], +- [iconv_t cd = iconv_open("",""); +- iconv(cd,NULL,NULL,NULL,NULL); +- iconv_close(cd);], +- jm_cv_func_iconv=yes +- jm_cv_include="giconv.h" +- jm_cv_giconv="yes" +- jm_cv_lib_iconv="") ++ [iconv_t cd = iconv_open("",""); ++ iconv(cd,NULL,NULL,NULL,NULL); ++ iconv_close(cd);], ++ jm_cv_func_iconv=yes ++ jm_cv_include="giconv.h" ++ jm_cv_lib_iconv="" ++ jm_cv_giconv="yes") + + dnl Standard iconv.h include, lib in glibc or libc ... + if test "$jm_cv_func_iconv" != yes; then +- AC_TRY_LINK([#include <stdlib.h> ++ AC_TRY_LINK([#include <stdlib.h> + #include <iconv.h>], +- [iconv_t cd = iconv_open("",""); ++ [iconv_t cd = iconv_open("",""); ++ iconv(cd,NULL,NULL,NULL,NULL); ++ iconv_close(cd);], ++ jm_cv_func_iconv=yes ++ jm_cv_include="iconv.h" ++ jm_cv_lib_iconv="") ++ ++ if test "$jm_cv_func_iconv" != yes; then ++ jm_save_LIBS="$LIBS" ++ LIBS="$LIBS -lgiconv" ++ AC_TRY_LINK([#include <stdlib.h> ++#include <giconv.h>], ++ [iconv_t cd = iconv_open("",""); + iconv(cd,NULL,NULL,NULL,NULL); + iconv_close(cd);], +- jm_cv_include="iconv.h" +- jm_cv_func_iconv=yes +- jm_cv_lib_iconv="") +- +- if test "$jm_cv_lib_iconv" != yes; then +- jm_save_LIBS="$LIBS" +- LIBS="$LIBS -lgiconv" +- AC_TRY_LINK([#include <stdlib.h> +-#include <giconv.h>], +- [iconv_t cd = iconv_open("",""); +- iconv(cd,NULL,NULL,NULL,NULL); +- iconv_close(cd);], +- jm_cv_lib_iconv=yes +- jm_cv_func_iconv=yes +- jm_cv_include="giconv.h" +- jm_cv_giconv=yes +- jm_cv_lib_iconv="giconv") +- +- LIBS="$jm_save_LIBS" +- +- if test "$jm_cv_func_iconv" != yes; then +- jm_save_LIBS="$LIBS" +- LIBS="$LIBS -liconv" +- AC_TRY_LINK([#include <stdlib.h> ++ jm_cv_func_iconv=yes ++ jm_cv_include="giconv.h" ++ jm_cv_lib_iconv="giconv" ++ jm_cv_giconv=yes) ++ ++ LIBS="$jm_save_LIBS" ++ ++ if test "$jm_cv_func_iconv" != yes; then ++ jm_save_LIBS="$LIBS" ++ LIBS="$LIBS -liconv" ++ AC_TRY_LINK([#include <stdlib.h> + #include <iconv.h>], +- [iconv_t cd = iconv_open("",""); +- iconv(cd,NULL,NULL,NULL,NULL); +- iconv_close(cd);], +- jm_cv_include="iconv.h" +- jm_cv_func_iconv=yes +- jm_cv_lib_iconv="iconv") +- LIBS="$jm_save_LIBS" +- fi ++ [iconv_t cd = iconv_open("",""); ++ iconv(cd,NULL,NULL,NULL,NULL); ++ iconv_close(cd);], ++ jm_cv_func_iconv=yes ++ jm_cv_include="iconv.h" ++ jm_cv_lib_iconv="iconv") ++ ++ LIBS="$jm_save_LIBS" ++ fi ++ fi + fi + fi +- fi +- if test "$jm_cv_func_iconv" = yes; then +- if test "$jm_cv_giconv" = yes; then +- AC_DEFINE(HAVE_GICONV, 1, [What header to include for iconv() function: giconv.h]) +- AC_MSG_RESULT(yes) +- ICONV_FOUND=yes +- else +- if test "$jm_cv_biconv" = yes; then +- AC_DEFINE(HAVE_BICONV, 1, [What header to include for iconv() function: biconv.h]) +- AC_MSG_RESULT(yes) +- ICONV_FOUND=yes ++ if test "$jm_cv_func_iconv" = yes; then ++ if test "$jm_cv_giconv" = yes; then ++ AC_DEFINE(HAVE_GICONV, 1, [What header to include for iconv() function: giconv.h]) ++ AC_MSG_RESULT(yes) ++ ICONV_FOUND=yes + else + AC_DEFINE(HAVE_ICONV, 1, [What header to include for iconv() function: iconv.h]) + AC_MSG_RESULT(yes) + ICONV_FOUND=yes + fi ++ else ++ AC_MSG_RESULT(no) + fi +- else +- AC_MSG_RESULT(no) +- fi + ]) + + AC_DEFUN(rjs_CHARSET,[ diff --git a/net/samba3/files/patch-configure.in b/net/samba3/files/patch-configure.in index c639b90466ab..83cd1371ccdb 100644 --- a/net/samba3/files/patch-configure.in +++ b/net/samba3/files/patch-configure.in @@ -1,5 +1,5 @@ ---- configure.in.orig Wed May 23 17:29:20 2007 -+++ configure.in Mon Jun 4 03:22:42 2007 +--- configure.in.orig Mon Aug 20 15:04:51 2007 ++++ configure.in Fri Aug 31 00:59:33 2007 @@ -1041,6 +1041,21 @@ AC_DEFINE(HAVE_SIG_ATOMIC_T_TYPE,1,[Whether we have the atomic_t variable type]) fi @@ -22,7 +22,15 @@ AC_CACHE_CHECK([for struct timespec type],samba_cv_struct_timespec, [ AC_TRY_COMPILE([ #include <sys/types.h> -@@ -4033,10 +4048,10 @@ +@@ -1244,6 +1259,7 @@ + + # Find a method of generating a stack trace + AC_CHECK_HEADERS(execinfo.h libexc.h libunwind.h) ++AC_SEARCH_LIBS(backtrace_symbols, [execinfo]) + AC_CHECK_FUNCS(backtrace_symbols) + AC_CHECK_LIB(exc, trace_back_stack) + +@@ -4041,10 +4057,10 @@ ################################################################ # first test for Active Directory support being enabled @@ -37,7 +45,7 @@ ################################################################## # then test for uuid.h (necessary to generate unique DNS keynames # (uuid.h is required for this test) -@@ -5107,7 +5122,7 @@ +@@ -5115,7 +5131,7 @@ ################################################# # check for ACL support @@ -46,7 +54,7 @@ AC_ARG_WITH(acl-support, [ --with-acl-support Include ACL support (default=no)], [ case "$withval" in -@@ -5115,43 +5130,37 @@ +@@ -5123,43 +5139,37 @@ case "$host_os" in *sysv5*) @@ -97,7 +105,7 @@ *linux*) AC_CHECK_LIB(attr,getxattr,[ACL_LIBS="$ACL_LIBS -lattr"]) AC_CHECK_LIB(acl,acl_get_file,[ACL_LIBS="$ACL_LIBS -lacl"]) -@@ -5172,7 +5181,7 @@ +@@ -5180,7 +5190,7 @@ LIBS=$acl_LIBS ]) if test x"$samba_cv_HAVE_POSIX_ACLS" = x"yes"; then @@ -106,7 +114,7 @@ AC_DEFINE(HAVE_POSIX_ACLS,1,[Whether POSIX ACLs are available]) AC_CACHE_CHECK([for acl_get_perm_np],samba_cv_HAVE_ACL_GET_PERM_NP,[ acl_LIBS=$LIBS -@@ -5193,12 +5202,18 @@ +@@ -5201,12 +5211,18 @@ AC_DEFINE(HAVE_ACL_GET_PERM_NP,1,[Whether acl_get_perm_np() is available]) fi fi @@ -129,7 +137,7 @@ AC_TRY_LINK([ #include <sys/types.h> #include <sys/acl.h> -@@ -5211,20 +5226,20 @@ +@@ -5219,20 +5235,20 @@ [samba_cv_HAVE_POSIX_ACLS=yes], [samba_cv_HAVE_POSIX_ACLS=no]) LIBS=$acl_LIBS @@ -155,7 +163,7 @@ ], [samba_cv_HAVE_ACL_GET_PERM_NP=yes], [samba_cv_HAVE_ACL_GET_PERM_NP=no]) -@@ -5233,17 +5248,22 @@ +@@ -5241,17 +5257,22 @@ if test x"$samba_cv_HAVE_ACL_GET_PERM_NP" = x"yes"; then AC_DEFINE(HAVE_ACL_GET_PERM_NP,1,[Whether acl_get_perm_np() is available]) fi @@ -180,3 +188,11 @@ ) if test x"$samba_cv_HAVE_POSIX_ACLS" = x"yes"; then +@@ -6082,6 +6103,7 @@ + SMB_MODULE(vfs_irixacl, \$(VFS_IRIXACL_OBJ), "bin/irixacl.$SHLIBEXT", VFS) + SMB_MODULE(vfs_hpuxacl, \$(VFS_HPUXACL_OBJ), "bin/hpuxacl.$SHLIBEXT", VFS) + SMB_MODULE(vfs_tru64acl, \$(VFS_TRU64ACL_OBJ), "bin/tru64acl.$SHLIBEXT", VFS) ++SMB_MODULE(vfs_zfsacl, \$(VFS_ZFSACL_OBJ), "bin/zfsacl.$SHLIBEXT", VFS) + SMB_MODULE(vfs_catia, \$(VFS_CATIA_OBJ), "bin/catia.$SHLIBEXT", VFS) + SMB_MODULE(vfs_cacheprime, \$(VFS_CACHEPRIME_OBJ), "bin/cacheprime.$SHLIBEXT", VFS) + SMB_MODULE(vfs_prealloc, \$(VFS_PREALLOC_OBJ), "bin/prealloc.$SHLIBEXT", VFS) diff --git a/net/samba3/files/patch-lib__replace__repdir_getdirentries.c b/net/samba3/files/patch-lib__replace__repdir_getdirentries.c new file mode 100644 index 000000000000..87072b5fb43b --- /dev/null +++ b/net/samba3/files/patch-lib__replace__repdir_getdirentries.c @@ -0,0 +1,15 @@ +--- lib/replace/repdir_getdirentries.c.orig Fri Sep 14 05:21:51 2007 ++++ lib/replace/repdir_getdirentries.c Fri Sep 14 05:22:13 2007 +@@ -129,11 +129,7 @@ + d->ofs = 0; + d->nbytes = 0; + } +- /* this relies on seekpos always being a multiple of +- DIR_BUF_SIZE. Is that always true on BSD systems? */ +- if (d->seekpos & (DIR_BUF_SIZE-1)) { +- abort(); +- } ++ /* abort() */ + return d->seekpos + d->ofs; + } + diff --git a/net/samba3/files/patch-lib__system.c b/net/samba3/files/patch-lib__system.c new file mode 100644 index 000000000000..340be871c1f7 --- /dev/null +++ b/net/samba3/files/patch-lib__system.c @@ -0,0 +1,212 @@ +--- lib/system.c.orig Mon Aug 20 15:04:50 2007 ++++ lib/system.c Sun Sep 16 04:25:55 2007 +@@ -574,7 +574,11 @@ + { + char *wd; + #ifdef HAVE_GETCWD ++#ifdef PATH_MAX ++ wd = (char *)getcwd(s, PATH_MAX); ++#else + wd = (char *)getcwd(s, sizeof (pstring)); ++#endif + #else + wd = (char *)getwd(s); + #endif +@@ -643,6 +647,25 @@ + } + + /******************************************************************* ++ Wrapper for lchown. ++********************************************************************/ ++ ++int sys_lchown(const char *fname,uid_t uid,gid_t gid) ++{ ++#ifndef HAVE_LCHOWN ++ static int done; ++ if (!done) { ++ DEBUG(1,("WARNING: no lchown!\n")); ++ done=1; ++ } ++ errno = ENOSYS; ++ return -1; ++#else ++ return(lchown(fname,uid,gid)); ++#endif ++} ++ ++/******************************************************************* + os/2 also doesn't have chroot + ********************************************************************/ + int sys_chroot(const char *dname) +@@ -871,15 +894,13 @@ + } + + /************************************************************************** +- Wrapper for getgroups. Deals with broken (int) case. ++ Wrap setgroups and getgroups for systems that declare getgroups() as ++ returning an array of gid_t, but actuall return an array of int. + ****************************************************************************/ + +-int sys_getgroups(int setlen, gid_t *gidset) ++#if defined(HAVE_BROKEN_GETGROUPS) ++static int sys_broken_getgroups(int setlen, gid_t *gidset) + { +-#if !defined(HAVE_BROKEN_GETGROUPS) +- return getgroups(setlen, gidset); +-#else +- + GID_T gid; + GID_T *group_list; + int i, ngroups; +@@ -901,7 +922,7 @@ + if (setlen == 0) + setlen = groups_max(); + +- if((group_list = (GID_T *)malloc(setlen * sizeof(GID_T))) == NULL) { ++ if((group_list = SMB_MALLOC_ARRAY(GID_T, setlen)) == NULL) { + DEBUG(0,("sys_getgroups: Malloc fail.\n")); + return -1; + } +@@ -918,26 +939,10 @@ + + SAFE_FREE(group_list); + return ngroups; +-#endif /* HAVE_BROKEN_GETGROUPS */ + } + +- +-/************************************************************************** +- Wrapper for setgroups. Deals with broken (int) case. Automatically used +- if we have broken getgroups. +-****************************************************************************/ +- +-int sys_setgroups(int setlen, gid_t *gidset) ++static int sys_broken_setgroups(int setlen, gid_t *gidset) + { +-#if !defined(HAVE_SETGROUPS) +- errno = ENOSYS; +- return -1; +-#endif /* HAVE_SETGROUPS */ +- +-#if !defined(HAVE_BROKEN_GETGROUPS) +- return setgroups(setlen, gidset); +-#else +- + GID_T *group_list; + int i ; + +@@ -954,7 +959,7 @@ + * GID_T array of size setlen. + */ + +- if((group_list = (GID_T *)malloc(setlen * sizeof(GID_T))) == NULL) { ++ if((group_list = SMB_MALLOC_ARRAY(GID_T, setlen)) == NULL) { + DEBUG(0,("sys_setgroups: Malloc fail.\n")); + return -1; + } +@@ -971,7 +976,105 @@ + + SAFE_FREE(group_list); + return 0 ; ++} ++ + #endif /* HAVE_BROKEN_GETGROUPS */ ++ ++/* This is a list of systems that require the first GID passed to setgroups(2) ++ * to be the effective GID. If your system is one of these, add it here. ++ */ ++#if defined (FREEBSD) || defined (DARWINOS) ++#define USE_BSD_SETGROUPS ++#endif ++ ++#if defined(USE_BSD_SETGROUPS) ++/* Depending on the particular BSD implementation, the first GID that is ++ * passed to setgroups(2) will either be ignored or will set the credential's ++ * effective GID. In either case, the right thing to do is to guarantee that ++ * gidset[0] is the effective GID. ++ */ ++static int sys_bsd_setgroups(gid_t primary_gid, int setlen, const gid_t *gidset) ++{ ++ gid_t *new_gidset = NULL; ++ int max; ++ int ret; ++ ++ /* setgroups(2) will fail with EINVAL if we pass too many groups. */ ++ max = groups_max(); ++ ++ /* No group list, just make sure we are setting the efective GID. */ ++ if (setlen == 0) { ++ return setgroups(1, &primary_gid); ++ } ++ ++ /* If the primary gid is not the first array element, grow the array ++ * and insert it at the front. ++ */ ++ if (gidset[0] != primary_gid) { ++ new_gidset = SMB_MALLOC_ARRAY(gid_t, setlen + 1); ++ if (new_gidset == NULL) { ++ return -1; ++ } ++ ++ memcpy(new_gidset + 1, gidset, (setlen * sizeof(gid_t))); ++ new_gidset[0] = primary_gid; ++ setlen++; ++ } ++ ++ if (setlen > max) { ++ DEBUG(3, ("forced to truncate group list from %d to %d\n", ++ setlen, max)); ++ setlen = max; ++ } ++ ++#if defined(HAVE_BROKEN_GETGROUPS) ++ ret = sys_broken_setgroups(setlen, new_gidset ? new_gidset : gidset); ++#else ++ ret = setgroups(setlen, new_gidset ? new_gidset : gidset); ++#endif ++ ++ if (new_gidset) { ++ int errsav = errno; ++ SAFE_FREE(new_gidset); ++ errno = errsav; ++ } ++ ++ return ret; ++} ++ ++#endif /* USE_BSD_SETGROUPS */ ++ ++/************************************************************************** ++ Wrapper for getgroups. Deals with broken (int) case. ++****************************************************************************/ ++ ++int sys_getgroups(int setlen, gid_t *gidset) ++{ ++#if defined(HAVE_BROKEN_GETGROUPS) ++ return sys_broken_getgroups(setlen, gidset); ++#else ++ return getgroups(setlen, gidset); ++#endif ++} ++ ++/************************************************************************** ++ Wrapper for setgroups. Deals with broken (int) case and BSD case. ++****************************************************************************/ ++ ++int sys_setgroups(gid_t UNUSED(primary_gid), int setlen, gid_t *gidset) ++{ ++#if !defined(HAVE_SETGROUPS) ++ errno = ENOSYS; ++ return -1; ++#endif /* HAVE_SETGROUPS */ ++ ++#if defined(USE_BSD_SETGROUPS) ++ return sys_bsd_setgroups(primary_gid, setlen, gidset); ++#elif defined(HAVE_BROKEN_GETGROUPS) ++ return sys_broken_setgroups(setlen, gidset); ++#else ++ return setgroups(setlen, gidset); ++#endif + } + + /************************************************************************** diff --git a/net/samba3/files/patch-lib__system_smbd.c b/net/samba3/files/patch-lib__system_smbd.c new file mode 100644 index 000000000000..edc1c797251d --- /dev/null +++ b/net/samba3/files/patch-lib__system_smbd.c @@ -0,0 +1,17 @@ +--- lib/system_smbd.c.orig Sun Sep 16 04:29:55 2007 ++++ lib/system_smbd.c Sun Sep 16 04:31:21 2007 +@@ -104,12 +104,10 @@ + + restore_re_gid(); + +- if (sys_setgroups(ngrp_saved, gids_saved) != 0) { ++ if (sys_setgroups(gid, ngrp_saved, gids_saved) != 0) { + /* yikes! */ + DEBUG(0,("ERROR: getgrouplist: failed to reset group list!\n")); +- smb_panic("getgrouplist: failed to reset group list!\n"); +- free(gids_saved); +- return -1; ++ smb_panic("getgrouplist: failed to reset group list!"); + } + + free(gids_saved); diff --git a/net/samba3/files/patch-libaddns__dnsgss.c b/net/samba3/files/patch-libaddns__dnsgss.c new file mode 100644 index 000000000000..7d0bae94fc7e --- /dev/null +++ b/net/samba3/files/patch-libaddns__dnsgss.c @@ -0,0 +1,55 @@ +Index: libaddns/dnsgss.c +=================================================================== +--- libaddns/dnsgss.c (revision 25080) ++++ libaddns/dnsgss.c (working copy) +@@ -219,11 +219,8 @@ DNS_ERROR dns_negotiate_sec_ctx( const c + + gss_name_t targ_name; + +- krb5_principal host_principal; +- krb5_context krb_ctx = NULL; +- + gss_OID_desc nt_host_oid_desc = +- { 10, (char *)"\052\206\110\206\367\022\001\002\002\002" }; ++ {10, (char *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x01"}; + + TALLOC_CTX *mem_ctx; + +@@ -247,23 +244,13 @@ DNS_ERROR dns_negotiate_sec_ctx( const c + goto error; + } + +- krb5_init_context( &krb_ctx ); +- krb5_parse_name( krb_ctx, targetname, &host_principal ); +- +- /* don't free the principal until after you call +- gss_release_name() or else you'll get a segv +- as the krb5_copy_principal() does a structure +- copy and not a deep copy. --jerry*/ +- +- input_name.value = &host_principal; +- input_name.length = sizeof( host_principal ); ++ input_name.value = targetname; ++ input_name.length = strlen(targetname); + + major = gss_import_name( &minor, &input_name, + &nt_host_oid_desc, &targ_name ); + + if (major) { +- krb5_free_principal( krb_ctx, host_principal ); +- krb5_free_context( krb_ctx ); + err = ERROR_DNS_GSS_ERROR; + goto error; + } +@@ -273,11 +260,6 @@ DNS_ERROR dns_negotiate_sec_ctx( const c + + gss_release_name( &minor, &targ_name ); + +- /* now we can free the principal */ +- +- krb5_free_principal( krb_ctx, host_principal ); +- krb5_free_context( krb_ctx ); +- + error: + TALLOC_FREE(mem_ctx); + diff --git a/net/samba3/files/patch-nsswitch_winbindd.c b/net/samba3/files/patch-nsswitch_winbindd.c deleted file mode 100644 index efbb4402f818..000000000000 --- a/net/samba3/files/patch-nsswitch_winbindd.c +++ /dev/null @@ -1,12 +0,0 @@ ---- nsswitch/winbindd.c.orig Sun Apr 22 01:00:32 2007 -+++ nsswitch/winbindd.c Mon Jun 4 02:59:13 2007 -@@ -303,6 +303,9 @@ - if (state->mem_ctx == NULL) - return; - -+ /* Remember who asked us. */ -+ state->pid = state->request.pid; -+ - /* Process command */ - - for (table = dispatch_table; table->fn; table++) { diff --git a/net/samba3/files/patch-samba3-undo_the_right_thing2.patch b/net/samba3/files/patch-samba3-undo_the_right_thing2.patch new file mode 100644 index 000000000000..c679c403b42a --- /dev/null +++ b/net/samba3/files/patch-samba3-undo_the_right_thing2.patch @@ -0,0 +1,14 @@ +Index: nsswitch/winbindd_cache.c +=================================================================== +--- nsswitch/winbindd_cache.c (Revision 15137) ++++ nsswitch/winbindd_cache.c (Arbeitskopie) +@@ -121,7 +121,8 @@ + if ( !domain->primary ) + our_domain = find_our_domain(); + +- if ( (our_domain->active_directory || IS_DC) && domain->active_directory ) { ++ if ( (our_domain->active_directory || IS_DC) && domain->active_directory && ++ (lp_security()==SEC_ADS)) { + DEBUG(5,("get_cache: Setting ADS methods for domain %s\n", domain->name)); + domain->backend = &ads_methods; + } else { diff --git a/net/samba3/files/patch-smbd_sec_ctx.c b/net/samba3/files/patch-smbd_sec_ctx.c index 46c6d55c4c2c..cd754ad56e45 100644 --- a/net/samba3/files/patch-smbd_sec_ctx.c +++ b/net/samba3/files/patch-smbd_sec_ctx.c @@ -1,6 +1,25 @@ --- smbd/sec_ctx.c.orig Thu Mar 1 05:54:08 2007 -+++ smbd/sec_ctx.c Tue Jun 5 01:16:32 2007 -@@ -192,7 +192,7 @@ ++++ smbd/sec_ctx.c Sat Sep 15 02:49:24 2007 +@@ -5,7 +5,7 @@ + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by +- the Free Software Foundation; either version 2 of the License, or ++ the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, +@@ -14,8 +14,7 @@ + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License +- along with this program; if not, write to the Free Software +- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. ++ along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + + #include "includes.h" +@@ -192,7 +191,7 @@ if (sec_ctx_stack_ndx == MAX_SEC_CTX_DEPTH) { DEBUG(0, ("Security context stack overflow!\n")); @@ -9,50 +28,104 @@ } /* Store previous user context */ -@@ -234,7 +234,9 @@ - void set_sec_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups, NT_USER_TOKEN *token) - { - struct sec_ctx *ctx_p = &sec_ctx_stack[sec_ctx_stack_ndx]; -- +@@ -228,6 +227,73 @@ + } + + /**************************************************************************** ++ Change UNIX security context. Calls panic if not successful so no return value. ++****************************************************************************/ ++ ++#ifndef HAVE_DARWIN_INITGROUPS ++ ++/* Normal credential switch path. */ ++ ++static void set_unix_security_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups) ++{ ++ /* Start context switch */ ++ gain_root(); +#ifdef HAVE_SETGROUPS -+ gid_t *new_groups = NULL; ++ if (sys_setgroups(gid, ngroups, groups) != 0 && !non_root_mode()) { ++ smb_panic("sys_setgroups failed"); ++ } +#endif - /* Set the security context */ ++ become_id(uid, gid); ++ /* end context switch */ ++} ++ ++#else /* HAVE_DARWIN_INITGROUPS */ ++ ++/* The Darwin groups implementation is a little unusual. The list of ++* groups in the kernel credential is not exhaustive, but more like ++* a cache. The full group list is held in userspace and checked ++* dynamically. ++* ++* This is an optional mechanism, and setgroups(2) opts out ++* of it. That is, if you call setgroups, then the list of groups you ++* set are the only groups that are ever checked. This is not what we ++* want. We want to opt in to the dynamic resolution mechanism, so we ++* need to specify the uid of the user whose group list (cache) we are ++* setting. ++* ++* The Darwin rules are: ++* 1. Thou shalt setegid, initgroups and seteuid IN THAT ORDER ++* 2. Thou shalt not pass more that NGROUPS_MAX to initgroups ++* 3. Thou shalt leave the first entry in the groups list well alone ++*/ ++ ++#include <sys/syscall.h> ++ ++static void set_unix_security_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups) ++{ ++ int max = groups_max(); ++ ++ /* Start context switch */ ++ gain_root(); ++ ++ become_gid(gid); ++ ++ ++ if (syscall(SYS_initgroups, (ngroups > max) ? max : ngroups, ++ groups, uid) == -1 && !non_root_mode()) { ++ DEBUG(0, ("WARNING: failed to set group list " ++ "(%d groups) for UID %ld: %s\n", ++ ngroups, uid, strerror(errno))); ++ smb_panic("sys_setgroups failed"); ++ } ++ ++ become_uid(uid); ++ /* end context switch */ ++} ++ ++#endif /* HAVE_DARWIN_INITGROUPS */ ++ ++/**************************************************************************** + Set the current security context to a given user. + ****************************************************************************/ - DEBUG(3, ("setting sec ctx (%u, %u) - sec_ctx_stack_ndx = %d\n", -@@ -246,12 +248,20 @@ - gain_root(); +@@ -243,11 +309,8 @@ + debug_nt_user_token(DBGC_CLASS, 5, token); + debug_unix_user_token(DBGC_CLASS, 5, uid, gid, ngroups, groups); - #ifdef HAVE_SETGROUPS +- gain_root(); +- +-#ifdef HAVE_SETGROUPS - sys_setgroups(ngroups, groups); -+ if (!(new_groups = SMB_MALLOC_ARRAY(gid_t, ngroups+1))) { -+ smb_panic("malloc for groups failed"); -+ } -+ new_groups[0] = gid; -+ if(ngroups) { -+ memcpy(&new_groups[1], groups, sizeof(gid_t) * ngroups); -+ } -+ sys_setgroups(ngroups+1, new_groups); -+ SAFE_FREE(new_groups); - #endif +-#endif ++ /* Change uid, gid and supplementary group list. */ ++ set_unix_security_ctx(uid, gid, ngroups, groups); ctx_p->ut.ngroups = ngroups; -- - SAFE_FREE(ctx_p->ut.groups); -+ - if (token && (token == ctx_p->token)) { - smb_panic("DUPLICATE_TOKEN"); + +@@ -277,8 +340,6 @@ + ctx_p->token = NULL; } -@@ -262,7 +272,7 @@ - ctx_p->ut.groups = (gid_t *)memdup(groups, - sizeof(gid_t) * ngroups); - if (!ctx_p->ut.groups) { -- smb_panic("memdup failed"); -+ smb_panic("memdup for groups failed"); - } - } else { - ctx_p->ut.groups = NULL; -@@ -315,7 +325,7 @@ + +- become_id(uid, gid); +- + ctx_p->ut.uid = uid; + ctx_p->ut.gid = gid; + +@@ -315,7 +376,7 @@ if (sec_ctx_stack_ndx == 0) { DEBUG(0, ("Security context stack underflow!\n")); @@ -61,3 +134,24 @@ } ctx_p = &sec_ctx_stack[sec_ctx_stack_ndx]; +@@ -334,15 +395,13 @@ + + sec_ctx_stack_ndx--; + +- gain_root(); +- + prev_ctx_p = &sec_ctx_stack[sec_ctx_stack_ndx]; + +-#ifdef HAVE_SETGROUPS +- sys_setgroups(prev_ctx_p->ut.ngroups, prev_ctx_p->ut.groups); +-#endif +- +- become_id(prev_ctx_p->ut.uid, prev_ctx_p->ut.gid); ++ /* Change uid, gid and supplementary group list. */ ++ set_unix_security_ctx(prev_ctx_p->ut.uid, ++ prev_ctx_p->ut.gid, ++ prev_ctx_p->ut.ngroups, ++ prev_ctx_p->ut.groups); + + /* Update current_user stuff */ + diff --git a/net/samba3/files/patch-vfs_zfsacl.c b/net/samba3/files/patch-vfs_zfsacl.c new file mode 100644 index 000000000000..2b243f580800 --- /dev/null +++ b/net/samba3/files/patch-vfs_zfsacl.c @@ -0,0 +1,190 @@ +--- /dev/null Thu Aug 30 22:11:01 2007 ++++ modules/vfs_zfsacl.c Thu Aug 30 16:33:06 2007 +@@ -0,0 +1,187 @@ ++/* ++ * Convert ZFS/NFSv4 acls to NT acls and vice versa. ++ * ++ * Copyright (C) Jiri Sasek, 2007 ++ * based on the foobar.c module which is copyrighted by Volker Lendecke ++ * ++ * This program is free software; you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation; either version 2 of the License, or ++ * (at your option) any later version. ++ * ++ * This program is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with this program; if not, write to the Free Software ++ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. ++ * ++ */ ++ ++#include "includes.h" ++#include "nfs4_acls.h" ++ ++#undef DBGC_CLASS ++#define DBGC_CLASS DBGC_VFS ++ ++#define ZFSACL_MODULE_NAME "zfsacl" ++ ++/* zfs_get_nt_acl() ++ * read the local file's acls and return it in NT form ++ * using the NFSv4 format conversion ++ */ ++static size_t zfs_get_nt_acl(struct files_struct *fsp, uint32 security_info, ++ struct security_descriptor **ppdesc) ++{ ++ int naces, i; ++ ace_t *acebuf; ++ SMB4ACL_T *pacl; ++ TALLOC_CTX *mem_ctx; ++ ++ /* read the number of file aces */ ++ if((naces = acl(fsp->fsp_name, ACE_GETACLCNT, 0, NULL)) == -1) { ++ if(errno == ENOSYS) { ++ DEBUG(9, ("acl(ACE_GETACLCNT, %s): Operation is not supported on the filesystem where the file reside")); ++ } else { ++ DEBUG(9, ("acl(ACE_GETACLCNT, %s): %s ", fsp->fsp_name, ++ strerror(errno))); ++ } ++ return 0; ++ } ++ /* allocate the field of ZFS aces */ ++ mem_ctx = main_loop_talloc_get(); ++ acebuf = (ace_t *) talloc_size(mem_ctx, sizeof(ace_t)*naces); ++ if(acebuf == NULL) { ++ errno = ENOMEM; ++ return 0; ++ } ++ /* read the aces into the field */ ++ if(acl(fsp->fsp_name, ACE_GETACL, naces, acebuf) < 0) { ++ DEBUG(9, ("acl(ACE_GETACL, %s): %s ", fsp->fsp_name, ++ strerror(errno))); ++ return 0; ++ } ++ /* create SMB4ACL data */ ++ if((pacl = smb_create_smb4acl()) == NULL) return 0; ++ for(i=0; i<naces; i++) { ++ SMB_ACE4PROP_T aceprop; ++ ++ aceprop.aceType = (uint32) acebuf[i].a_type; ++ aceprop.aceFlags = (uint32) acebuf[i].a_flags; ++ aceprop.aceMask = (uint32) acebuf[i].a_access_mask; ++ aceprop.who.id = (uint32) acebuf[i].a_who; ++ aceprop.flags = 0; ++ if(smb_add_ace4(pacl, &aceprop) == NULL) return 0; ++ } ++ ++ return smb_get_nt_acl_nfs4(fsp, security_info, ppdesc, pacl); ++} ++ ++/* call-back function processing the NT acl -> ZFS acl using NFSv4 conv. */ ++static BOOL zfs_process_smbacl(files_struct *fsp, SMB4ACL_T *smbacl) ++{ ++ int naces = smb_get_naces(smbacl), i; ++ ace_t *acebuf; ++ SMB4ACE_T *smbace; ++ TALLOC_CTX *mem_ctx; ++ ++ /* allocate the field of ZFS aces */ ++ mem_ctx = main_loop_talloc_get(); ++ acebuf = (ace_t *) talloc_size(mem_ctx, sizeof(ace_t)*naces); ++ if(acebuf == NULL) { ++ errno = ENOMEM; ++ return False; ++ } ++ /* handle all aces */ ++ for(smbace = smb_first_ace4(smbacl), i = 0; ++ smbace!=NULL; ++ smbace = smb_next_ace4(smbace), i++) { ++ SMB_ACE4PROP_T *aceprop = smb_get_ace4(smbace); ++ ++ acebuf[i].a_type = aceprop->aceType; ++ acebuf[i].a_flags = aceprop->aceFlags; ++ acebuf[i].a_access_mask = aceprop->aceMask; ++ acebuf[i].a_who = aceprop->who.id; ++ } ++ SMB_ASSERT(i == naces); ++ ++ /* store acl */ ++ if(acl(fsp->fsp_name, ACE_SETACL, naces, acebuf)) { ++ if(errno == ENOSYS) { ++ DEBUG(9, ("acl(ACE_SETACL, %s): Operation is not supported on the filesystem where the file reside")); ++ } else { ++ DEBUG(9, ("acl(ACE_SETACL, %s): %s ", fsp->fsp_name, ++ strerror(errno))); ++ } ++ return 0; ++ } ++ ++ return True; ++} ++ ++/* zfs_set_nt_acl() ++ * set the local file's acls obtaining it in NT form ++ * using the NFSv4 format conversion ++ */ ++static NTSTATUS zfs_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp, ++ uint32 security_info_sent, ++ struct security_descriptor *psd) ++{ ++ return smb_set_nt_acl_nfs4(fsp, security_info_sent, psd, ++ zfs_process_smbacl); ++} ++ ++static size_t zfsacl_fget_nt_acl(struct vfs_handle_struct *handle, ++ struct files_struct *fsp, ++ int fd, uint32 security_info, ++ struct security_descriptor **ppdesc) ++{ ++ return zfs_get_nt_acl(fsp, security_info, ppdesc); ++} ++ ++static size_t zfsacl_get_nt_acl(struct vfs_handle_struct *handle, ++ struct files_struct *fsp, ++ const char *name, uint32 security_info, ++ struct security_descriptor **ppdesc) ++{ ++ return zfs_get_nt_acl(fsp, security_info, ppdesc); ++} ++ ++static NTSTATUS zfsacl_fset_nt_acl(vfs_handle_struct *handle, ++ files_struct *fsp, ++ int fd, uint32 security_info_sent, ++ SEC_DESC *psd) ++{ ++ return zfs_set_nt_acl(handle, fsp, security_info_sent, psd); ++} ++ ++static NTSTATUS zfsacl_set_nt_acl(vfs_handle_struct *handle, ++ files_struct *fsp, ++ const char *name, uint32 security_info_sent, ++ SEC_DESC *psd) ++{ ++ return zfs_set_nt_acl(handle, fsp, security_info_sent, psd); ++} ++ ++/* VFS operations structure */ ++ ++static vfs_op_tuple zfsacl_ops[] = { ++ {SMB_VFS_OP(zfsacl_fget_nt_acl), SMB_VFS_OP_FGET_NT_ACL, ++ SMB_VFS_LAYER_OPAQUE}, ++ {SMB_VFS_OP(zfsacl_get_nt_acl), SMB_VFS_OP_GET_NT_ACL, ++ SMB_VFS_LAYER_OPAQUE}, ++ {SMB_VFS_OP(zfsacl_fset_nt_acl), SMB_VFS_OP_FSET_NT_ACL, ++ SMB_VFS_LAYER_OPAQUE}, ++ {SMB_VFS_OP(zfsacl_set_nt_acl), SMB_VFS_OP_SET_NT_ACL, ++ SMB_VFS_LAYER_OPAQUE}, ++ {SMB_VFS_OP(NULL), SMB_VFS_OP_NOOP, SMB_VFS_LAYER_NOOP} ++}; ++ ++NTSTATUS vfs_zfsacl_init(void); ++NTSTATUS vfs_zfsacl_init(void) ++{ ++ return smb_register_vfs(SMB_VFS_INTERFACE_VERSION, "zfsacl", ++ zfsacl_ops); ++} diff --git a/net/samba3/pkg-plist.swat b/net/samba3/pkg-plist.swat index 90b01b772957..7ccfa14ca48d 100644 --- a/net/samba3/pkg-plist.swat +++ b/net/samba3/pkg-plist.swat @@ -75,6 +75,7 @@ share/swat/help/Samba3-Developers-Guide/internals.html share/swat/help/Samba3-Developers-Guide/modules.html share/swat/help/Samba3-Developers-Guide/ntdomain.html share/swat/help/Samba3-Developers-Guide/parsing.html +share/swat/help/Samba3-Developers-Guide/pr01.html share/swat/help/Samba3-Developers-Guide/pt01.html share/swat/help/Samba3-Developers-Guide/pt02.html share/swat/help/Samba3-Developers-Guide/pt03.html |