diff options
Diffstat (limited to '')
4 files changed, 111 insertions, 175 deletions
diff --git a/net/samba420/files/0028-s3-lib-system-add-FreeBSD-proc_fd_pattern.patch b/net/samba420/files/0028-s3-lib-system-add-FreeBSD-proc_fd_pattern.patch index cda9c7ed1c95..2721be912c76 100644 --- a/net/samba420/files/0028-s3-lib-system-add-FreeBSD-proc_fd_pattern.patch +++ b/net/samba420/files/0028-s3-lib-system-add-FreeBSD-proc_fd_pattern.patch @@ -1,14 +1,24 @@ ---- source3/lib/system.c.orig 2024-02-02 10:33:51.188489400 +0100 -+++ source3/lib/system.c 2025-01-22 17:39:58.625028000 +0100 -@@ -1047,22 +1047,108 @@ +From 584c69e77abb537a7345222648a397a9963c01b7 Mon Sep 17 00:00:00 2001 +From: "Timur I. Bakeyev" <timur@FreeBSD.org> +Date: Sat, 15 Oct 2022 04:02:43 +0200 +Subject: [PATCH 28/28] s3:lib:system - add FreeBSD proc_fd_pattern + +Add support for FreeBSD equivalent of /proc/self/fd through a special +fdescfs mount with option "nodup". This filesystem should be mounted +either to the private $PIDDIR/fd/ directory or to /dev/fd in order to +provide security and performance characteristics similar to Linux. + +Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org> +Adapted for Samba 4.20 by: Andrea venturoli <ml@netfence.it> +--- +--- source3/lib/system.c.orig 2025-06-27 15:05:05 UTC ++++ source3/lib/system.c +@@ -1047,6 +1047,68 @@ int sys_get_number_of_cores(void) } #endif --bool sys_have_proc_fds(void) +static bool freebsd_fdesc_check(const char *pattern) - { -- static bool checked = false; -- static bool have_proc_fds = false; ++{ + char fdesc_path[PATH_MAX]; + int fd, fd2; + @@ -49,26 +59,6 @@ + return true; +} + -+static char* linux_pattern(char *buf, size_t bufsize) -+{ -+ char proc_fd_path[PATH_MAX]; -+ const char *pattern = "/proc/self/fd/%lu"; - struct stat sb; -- int ret; - -- if (checked) { -- return have_proc_fds; -+ snprintf(proc_fd_path, sizeof(proc_fd_path), pattern, 0); -+ if(stat(proc_fd_path, &sb) == 0) { -+ snprintf(buf, bufsize, "%s", pattern); -+ return buf; - } -+ return NULL; -+} - -- ret = stat("/proc/self/fd/0", &sb); -- have_proc_fds = (ret == 0); -- checked = true; +static char* freebsd_pattern(char *buf, size_t bufsize) { + const char** base; + const char* base_dir[] = { @@ -76,8 +66,7 @@ + "/dev", + NULL + }; - -- return have_proc_fds; ++ + for(base = &base_dir[0]; *base != NULL; base++) { + snprintf(buf, bufsize, "%s/fd/%%lu", *base); + if(freebsd_fdesc_check(buf)) { @@ -87,35 +76,46 @@ + return NULL; +} + -+static char* (*proc_fd_patterns[])(char *, size_t) = { -+ linux_pattern, -+ freebsd_pattern, -+ NULL -+}; -+ +static char proc_fd_pattern_buf[PATH_MAX]; +static const char *proc_fd_pattern = NULL; -+ -+bool sys_have_proc_fds(void) -+{ -+ static bool checked = false; -+ static bool have_proc_fds = false; -+ char* (**pattern_func)(char *, size_t) = NULL; -+ -+ if (checked) { -+ return have_proc_fds; -+ } -+ -+ for (pattern_func = &proc_fd_patterns[0]; *pattern_func != NULL; pattern_func++) { -+ if((*pattern_func)(proc_fd_pattern_buf, sizeof(proc_fd_pattern_buf)) != NULL) { -+ have_proc_fds = true; -+ proc_fd_pattern = proc_fd_pattern_buf; -+ break; -+ } -+ } + -+ checked = true; -+ return have_proc_fds; - } + bool sys_have_proc_fds(void) + { + static bool checked = false; +@@ -1058,8 +1078,12 @@ bool sys_have_proc_fds(void) + return have_proc_fds; + } + +- ret = stat("/proc/self/fd/0", &sb); +- have_proc_fds = (ret == 0); ++ if (freebsd_pattern(proc_fd_pattern_buf, sizeof(proc_fd_pattern_buf)) != NULL) { ++ have_proc_fds = true; ++ proc_fd_pattern = proc_fd_pattern_buf; ++ } else ++ have_proc_fds = false; ++ + checked = true; + + return have_proc_fds; +@@ -1067,10 +1091,18 @@ char *sys_proc_fd_path(int fd, struct sys_proc_fd_path char *sys_proc_fd_path(int fd, struct sys_proc_fd_path_buf *buf) + { ++ bool have_proc_fds = sys_have_proc_fds(); ++ SMB_ASSERT(have_proc_fds); ++#if defined(__clang__) ++#pragma clang diagnostic push ++#pragma clang diagnostic ignored "-Wformat-nonliteral" ++#endif + int written = +- snprintf(buf->buf, sizeof(buf->buf), "/proc/self/fd/%d", fd); +- +- SMB_ASSERT(sys_have_proc_fds() && (written >= 0)); ++ snprintf(buf->buf, sizeof(buf->buf), proc_fd_pattern, fd); ++#if defined(__clang__) ++#pragma clang diagnostic pop ++#endif ++ SMB_ASSERT(written >= 0); + + return buf->buf; + } diff --git a/net/samba420/files/0100-Fix-pathref-handling-for-FreeBSD-13plus_samba42x.patch b/net/samba420/files/0100-Fix-pathref-handling-for-FreeBSD-13plus_samba42x.patch index 3e2a44d1acab..3a185fe80175 100644 --- a/net/samba420/files/0100-Fix-pathref-handling-for-FreeBSD-13plus_samba42x.patch +++ b/net/samba420/files/0100-Fix-pathref-handling-for-FreeBSD-13plus_samba42x.patch @@ -421,19 +421,27 @@ diff -Naurp a/source3/modules/vfs_zfsacl.c b/source3/modules/vfs_zfsacl.c diff -Naurp a/source3/smbd/open.c b/source3/smbd/open.c --- a/source3/smbd/open.c 2024-08-02 07:54:09.637892500 -0400 +++ b/source3/smbd/open.c 2024-08-05 21:27:26.052148000 -0400 -@@ -1165,47 +1165,52 @@ static NTSTATUS reopen_from_fsp(struct files_struct *d +@@ -1169,51 +1169,54 @@ static NTSTATUS reopen_from_fsp(struct files_struct *d + const struct vfs_open_how *how, bool *p_file_created) { - NTSTATUS status; -+ int new_fd; - int old_fd; +- NTSTATUS status; +- int old_fd; ++ NTSTATUS status; ++ int old_fd; - if (fsp->fsp_flags.have_proc_fds && - ((old_fd = fsp_get_pathref_fd(fsp)) != -1)) { -+ old_fd = fsp_get_pathref_fd(fsp); -+ if (old_fd == -1) { -+ return NT_STATUS_MORE_PROCESSING_REQUIRED; -+ } ++ old_fd = fsp_get_pathref_fd(fsp); ++ if (old_fd == -1) { ++ int new_fd; ++ if (sys_open_real_fd_from_pathref_fd(old_fd, &new_fd, how->flags) != 0) { ++ if (fsp->fsp_flags.have_proc_fds) { ++ struct sys_proc_fd_path_buf buf; ++ struct smb_filename proc_fname = (struct smb_filename){ ++ .base_name = sys_proc_fd_path(old_fd, &buf), ++ }; ++ mode_t mode = fsp->fsp_name->st.st_ex_mode; - struct sys_proc_fd_path_buf buf; - struct smb_filename proc_fname = (struct smb_filename){ @@ -441,16 +449,15 @@ diff -Naurp a/source3/smbd/open.c b/source3/smbd/open.c - }; - mode_t mode = fsp->fsp_name->st.st_ex_mode; - int new_fd; -+ if (sys_open_real_fd_from_pathref_fd(old_fd, &new_fd, how->flags) != 0) { -+ if (fsp->fsp_flags.have_proc_fds) { -+ struct sys_proc_fd_path_buf buf; -+ struct smb_filename proc_fname = (struct smb_filename){ -+ .base_name = sys_proc_fd_path(old_fd, &buf), -+ }; -+ mode_t mode = fsp->fsp_name->st.st_ex_mode; ++ SMB_ASSERT(fsp->fsp_flags.is_pathref); - SMB_ASSERT(fsp->fsp_flags.is_pathref); -+ SMB_ASSERT(fsp->fsp_flags.is_pathref); ++ if (S_ISLNK(mode)) { ++ return NT_STATUS_STOPPED_ON_SYMLINK; ++ } ++ if (!(S_ISREG(mode) || S_ISDIR(mode))) { ++ return NT_STATUS_IO_REPARSE_TAG_NOT_HANDLED; ++ } - if (S_ISLNK(mode)) { - return NT_STATUS_STOPPED_ON_SYMLINK; @@ -458,24 +465,22 @@ diff -Naurp a/source3/smbd/open.c b/source3/smbd/open.c - if (!(S_ISREG(mode) || S_ISDIR(mode))) { - return NT_STATUS_IO_REPARSE_TAG_NOT_HANDLED; - } -+ if (S_ISLNK(mode)) { -+ return NT_STATUS_STOPPED_ON_SYMLINK; -+ } -+ if (!(S_ISREG(mode) || S_ISDIR(mode))) { -+ return NT_STATUS_IO_REPARSE_TAG_NOT_HANDLED; -+ } ++ new_fd = SMB_VFS_OPENAT(fsp->conn, ++ fsp->conn->cwd_fsp, ++ &proc_fname, ++ fsp, ++ how); ++ if (new_fd == -1) { ++ status = map_nt_error_from_unix(errno); ++ fd_close(fsp); ++ return status; ++ } - fsp->fsp_flags.is_pathref = false; -+ new_fd = SMB_VFS_OPENAT(fsp->conn, -+ fsp->conn->cwd_fsp, -+ &proc_fname, -+ fsp, -+ how); -+ if (new_fd == -1) { -+ status = map_nt_error_from_unix(errno); -+ fd_close(fsp); -+ return status; -+ } ++ status = fd_close(fsp); ++ if (!NT_STATUS_IS_OK(status)) { ++ return status; ++ } - new_fd = SMB_VFS_OPENAT(fsp->conn, - fsp->conn->cwd_fsp, @@ -487,22 +492,24 @@ diff -Naurp a/source3/smbd/open.c b/source3/smbd/open.c - fd_close(fsp); - return status; - } -+ status = fd_close(fsp); -+ if (!NT_STATUS_IS_OK(status)) { -+ return status; -+ } ++ fsp_set_fd(fsp, new_fd); ++ fsp->fsp_flags.is_pathref = false; - status = fd_close(fsp); - if (!NT_STATUS_IS_OK(status)) { - return status; - } -+ fsp_set_fd(fsp, new_fd); -+ fsp->fsp_flags.is_pathref = false; ++ return NT_STATUS_OK; ++ } ++ } ++ } - fsp_set_fd(fsp, new_fd); - return NT_STATUS_OK; -+ return NT_STATUS_OK; -+ } - } - - /* +- } +- +- /* ++ /* + * Close the existing pathref fd and set the fsp flag + * is_pathref to false so we get a "normal" fd this time. + */ diff --git a/net/samba420/files/0101-FreeBSD-add-fdescfs-paths-workaround.patch b/net/samba420/files/0101-FreeBSD-add-fdescfs-paths-workaround.patch deleted file mode 100644 index 714ad6ae52ef..000000000000 --- a/net/samba420/files/0101-FreeBSD-add-fdescfs-paths-workaround.patch +++ /dev/null @@ -1,71 +0,0 @@ -# 2024-08-05 -# NOTE: Upstream Samba commit 9f63fad392f3 removed the static array defining Linux and FreeBSD -# fdescfs paths and hardcoded a Linux-specific /proc path, with the note that if any -# others need to be added, they can be done so via #ifdef's. This patch attempts to -# do that, but in a way that minimizes the necessary #ifdefs by defining a simplistic -# #define macro to generate the appropriate path for fdescfs based on the running OS. -# -# See: https://git.samba.org/?p=samba.git;a=commitdiff;h=9f63fad392f3cff34d6a8e318e0427499170c417 - -diff -Naurp a/lib/fuzzing/fuzz_regfio.c b/lib/fuzzing/fuzz_regfio.c ---- a/lib/fuzzing/fuzz_regfio.c 2024-02-02 04:33:50.952488000 -0500 -+++ b/lib/fuzzing/fuzz_regfio.c 2024-08-05 20:41:16.624793000 -0400 -@@ -31,7 +31,7 @@ int LLVMFuzzerInitialize(int *argc, char ***argv) - { - fp = tmpfile(); - -- (void)snprintf(filename, sizeof(filename), "/proc/self/fd/%d", fileno(fp)); -+ (void)snprintf(filename, sizeof(filename), PROC_FD_PATH_MKSTR(%d), fileno(fp)); - - return 0; - } -diff -Naurp a/lib/replace/closefrom.c b/lib/replace/closefrom.c ---- a/lib/replace/closefrom.c 2024-02-02 04:33:50.984488200 -0500 -+++ b/lib/replace/closefrom.c 2024-08-05 20:41:16.625141000 -0400 -@@ -53,7 +53,7 @@ static int closefrom_procfs(int lower) - size_t i; - int ret = ENOMEM; - -- dirp = opendir("/proc/self/fd"); -+ dirp = opendir(PROC_FD_PATH_MKSTR()); - if (dirp == NULL) { - return errno; - } -diff -Naurp a/source3/include/proto.h b/source3/include/proto.h ---- a/source3/include/proto.h 2024-08-05 20:40:38.434560000 -0400 -+++ b/source3/include/proto.h 2024-08-05 20:41:26.063626000 -0400 -@@ -205,8 +205,21 @@ int sys_get_number_of_cores(void); - int sys_get_number_of_cores(void); - #endif - -+#ifdef __FreeBSD__ -+#define PROC_FD_PATH_STR "/compat/linux/dev/fd/" -+#define PROC_FD_PATH_SZ 42 -+#else /* Linux */ -+#define PROC_FD_PATH_STR "/proc/self/fd/" -+#define PROC_FD_PATH_SZ 35 -+#endif -+ -+#define _S(_t) #_t -+#define _V(...) _S(__VA_ARGS__) -+#define _X(_t) _t -+#define PROC_FD_PATH_MKSTR(_fd) _V(_X(PROC_FD_PATH_STR)_X(_fd)) -+ - struct sys_proc_fd_path_buf { -- char buf[35]; /* "/proc/self/fd/" + strlen(2^64) + 0-terminator */ -+ char buf[PROC_FD_PATH_SZ]; /* strlen(PROC_FD_PATH_STR) + strlen(2^64) + 0-terminator */ - }; - bool sys_have_proc_fds(void); - char *sys_proc_fd_path(int fd, struct sys_proc_fd_path_buf *buf); -diff -Naurp a/source3/lib/system.c b/source3/lib/system.c ---- a/source3/lib/system.c 2024-08-05 20:40:38.434801000 -0400 -+++ b/source3/lib/system.c 2024-08-05 20:41:16.625938000 -0400 -@@ -1068,7 +1068,7 @@ char *sys_proc_fd_path(int fd, struct sys_proc_fd_path - char *sys_proc_fd_path(int fd, struct sys_proc_fd_path_buf *buf) - { - int written = -- snprintf(buf->buf, sizeof(buf->buf), "/proc/self/fd/%d", fd); -+ snprintf(buf->buf, sizeof(buf->buf), PROC_FD_PATH_MKSTR(%d), fd); - - SMB_ASSERT(sys_have_proc_fds() && (written >= 0)); - diff --git a/net/samba420/files/README.FreeBSD.in b/net/samba420/files/README.FreeBSD.in index 9ab4faaeef80..d89cfe72b143 100644 --- a/net/samba420/files/README.FreeBSD.in +++ b/net/samba420/files/README.FreeBSD.in @@ -54,11 +54,11 @@ content of the '/var/db/samba/' directory. # samba-tool domain classicupgrade -%%AC_DC%%1c. You will need to specify location of the 'nsupdate' command in the -%%AC_DC%%'%%SAMBA4_CONFIG%%' file: -%%AC_DC%% -%%AC_DC%% nsupdate command = %%PREFIX%%/bin/samba-nsupdate -g -%%AC_DC%% +%%AD_DC%%1c. You will need to specify location of the 'nsupdate' command in the +%%AD_DC%%'%%SAMBA4_CONFIG%%' file: +%%AD_DC%% +%%AD_DC%% nsupdate command = %%PREFIX%%/bin/samba-nsupdate -g +%%AD_DC%% 2. Put string 'samba_server_enable="YES"' into your /etc/rc.conf. 3. Make sure that your server doesn't run Samba3, OpenLDAP and named. |