FreeBSD provides a jail(2) functionality which separates process groups from each other and offers only those resources for manipulation which are unique to this jail (i.e. when it's safe and others are not harmed by the manipulation). Unfortunately this means that some things "don't work as expected in a normal UNIX environment". Since some resources are handled by the "host" the jailed processes are not allowed to manipulate or even access them. Samba, wwwoffle, and squid are some of the applications assuming that "every machine I run on has an interface named localhost with the address of 127.0.0.1 and it's always possible to bind to it". That's why they don't run well in a jail(2). Some don't start up successfully, some do and fail to operate on incoming requests. Fix: I understand that jail(2) can _never_ provide address 127.0.0.1 into the locked in processes group (without virtualizing this lo0 interface, which is too much of an effort and contradicts the goal and design of the mechanism -- it was never meant to be a virtual machine). So all that's left is to bind the applications' sockets to the "official" / "external" address of the jail. But since some feel it to be quite unusual to not have a localhost interface, they start hardcoding this name all over the place and even don't ask the user if he wants it. :( The patch cited below tries to - bundle all the names and addresses in a single spot - have all the previously hardcoded references use the new declaration - produce a declaration with the previously used names and addresses for the straight case and fall off the "localhost" name and "127.0.0.1" address when the application is probably run in a jail to use an available interface This decision is carried out at compile time. Sorry, but without the application's help there's no runtime switch possible. And it seems to be not this necessary, I feel the app will get compiled (from the ports) on the machine to be run at. This particular patch will help samba to run successfully in a jail. And it could provide a skeleton for other ports, too (I'm positive about squid and wwwoffle having the very same problem, but samba is the one I solved in the proper and clean(? see below) way to publish it here). But I'm not sure if other solutions are more appropriate in the long run: Maybe a jailed environment should export the definition in netinet/in.h customized to local circumstances already? But it would disqualify the machine for cross compiling and binary distribution. Hmmm ... The only painless (from the application POV) solution would be 127.0.0.1 support in jails. Especially when one considers the many ways developers come up with about how to spell "localhost". Keep in mind that providing any other interface different from the "official" jail interface with an address like 127.0.0.2 or the like in future jail versions to have a local loopback again would still require the below cited special treatment ... The patch needs correction from somebody more familiar with the port than me in terms of where to invoke the loopback.h creation. Without the hack in the CHECK target and with the loopback.h target only it won't happen before compiling the sources -- and compilation will fail due to the missing header file. And I failed to identify which programs (i.e. targets) depend on this particular #include ("include/includes.h"). The mkloopback.sh script is not streamlined but should be of general enough form to maybe get incorporated (in the current or any better, faster, more portable, more flexible or more embedded form) into the ports base somewhere when it turns out that other ports would benefit from it, too. Writing to stdout and redirecting this code into the header file in the particular port provides the needed flexibility to not clobber existing files. Maybe the #define identifier for one time inclusion needs to be a parameter / an option. And it shouldn't matter how the surrounding jail gets detected or where the IP and hostname are derived from, since this logic is in the ports base the concrete port doesn't have to know about the involved methods. Although one should keep in mind that a /proc filesystem might not always be there -- that is why I decided to use the expensive way with lots of external programs. dig(1) would be terrible to parse, dnsip - having the most appropriate output format for this task - is not available everywhere (yet?). BTW: Can a jail have more than one IP or none at all? I don't think so. But "normal" hosts could ... I understand that the samba development team is not aware of the "problem" described in this PR and neither is it in desparate need of a fix for their overall tarball. But they could as well incorporate the "bundling" and deliver a loopback.h file with the "localhost", "127.0.0.1" and "0x7f000001" assumptions. This would degrade the FreeBSD special hook into overwriting the header file somewhere in between "make extract", "make patch", "make configure" and "make all". But for judging this I'm not enough of a ports expert. And I didn't contact the Samba team on this yet since I wanted to learn before whether this solution provided here for discussion is a viable way. virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76 Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@gmx.net -- If you don't understand or are scared by any of the above ask your parents or an adult to help you.--tZwrsR3JeYLDJ53eNUC7sJISrbUlSxFEoo6zWlh1X2q4I13j Content-Type: text/plain; name="file.diff" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="file.diff" diff -uwb -r -N Makefile.in Makefile.in --- Makefile.in Tue Oct 24 09:23:31 2000 +++ Makefile.in Thu Oct 26 14:41:50 2000 @@ -293,7 +293,7 @@ .SUFFIXES: .SUFFIXES: .c .o .po .po32 -CHECK: +CHECK: $(srcdir)/include/loopback.h # YES, it's dirty ... @echo "Using FLAGS = $(FLAGS)" @echo "Using FLAGS32 = $(FLAGS32)" @echo "Using LIBS = $(LIBS)" @@ -576,6 +576,9 @@ $(srcdir)/include/stamp-h.in: @MAINT@ $(srcdir)/acconfig.h $(srcdir)/configure.in cd $(srcdir) && $(AUTOHEADER) @date -u > $@ + +$(srcdir)/include/loopback.h: + cd $(srcdir) && $(SHELL) ./script/mkloopback.sh > $@ # automatic dependency tracking rules .deps/.dummy: diff -uwb -r -N include/includes.h include/includes.h --- include/includes.h Wed Apr 26 01:06:46 2000 +++ include/includes.h Thu Oct 26 13:54:01 2000 @@ -788,9 +788,11 @@ #define SEEK_SET 0 #endif -#ifndef INADDR_LOOPBACK -#define INADDR_LOOPBACK 0x7f000001 -#endif +/* + * NO, 127.0.0.1 is *NOT* always there! + * and how many ways do you know of to spell "localhost"? + */ +#include "loopback.h" #ifndef INADDR_NONE #define INADDR_NONE 0xffffffff diff -uwb -r -N lib/access.c lib/access.c --- lib/access.c Wed Jul 21 03:25:08 1999 +++ lib/access.c Thu Oct 26 13:50:31 2000 @@ -202,7 +202,7 @@ client[1] = caddr; /* if it is loopback then always allow unless specifically denied */ - if (strcmp(caddr, "127.0.0.1") == 0) { + if (strcmp(caddr, INTEXT_LOOPBACK) == 0) { if (deny_list && list_match(deny_list,(char *)client,client_match)) { return False; diff -uwb -r -N lib/interface.c lib/interface.c --- lib/interface.c Wed Oct 13 07:26:48 1999 +++ lib/interface.c Thu Oct 26 13:50:41 2000 @@ -175,7 +175,7 @@ ipzero = *interpret_addr2("0.0.0.0"); allones_ip = *interpret_addr2("255.255.255.255"); - loopback_ip = *interpret_addr2("127.0.0.1"); + loopback_ip = *interpret_addr2(INTEXT_LOOPBACK); if (probed_ifaces) { free(probed_ifaces); diff -uwb -r -N param/loadparm.c param/loadparm.c --- param/loadparm.c Tue Oct 24 09:23:31 2000 +++ param/loadparm.c Thu Oct 26 13:49:42 2000 @@ -1004,7 +1004,7 @@ #ifdef WITH_LDAP /* default values for ldap */ - string_set(&Globals.szLdapServer, "localhost"); + string_set(&Globals.szLdapServer, INNAME_LOOPBACK); Globals.ldap_port=389; #endif /* WITH_LDAP */ @@ -2826,7 +2826,7 @@ if (in_client && Globals.bWINSsupport) { - string_set(&Globals.szWINSserver, "127.0.0.1"); + string_set(&Globals.szWINSserver, INTEXT_LOOPBACK); } diff -uwb -r -N printing/print_cups.c printing/print_cups.c --- printing/print_cups.c Tue Oct 19 06:36:42 1999 +++ printing/print_cups.c Thu Oct 26 13:48:22 2000 @@ -171,7 +171,7 @@ ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_LANGUAGE, "attributes-natural-language", NULL, language->language); - snprintf(uri, sizeof(uri), "ipp://localhost/printers/%s", name); + snprintf(uri, sizeof(uri), "ipp://" INNAME_LOOPBACK "/printers/%s", name); ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_URI, "printer-uri", NULL, uri); diff -uwb -r -N script/mkloopback.sh script/mkloopback.sh --- script/mkloopback.sh Thu Jan 1 01:00:00 1970 +++ script/mkloopback.sh Thu Oct 26 13:39:49 2000 @@ -0,0 +1,53 @@ +#!/bin/sh +# ----- mkloopback.sh ------------------------------------------- +# aid in making samba (2.0.7) run in a jail(2)ed environment; +# other ports (squid, wwwoffle) are known to have the same problem + +ME=`basename $0` + +# defaults (Samba's original assumption) +LO_HOSTNAME="localhost." + +# see if we're jailed -- then there will be no lo0 available +PSSTAT=`ps $$ | tail -1 | awk '{ print $3 }'` +case "$PSSTAT" in +*J*) LO_HOSTNAME=`hostname`;; +esac + +# now determine an address to use +LO_ADDR_TXT=`host $LO_HOSTNAME | sed 's/.* has address //' | sort -u` +if [ -z "$LO_ADDR_TXT" ]; then + echo "$ME: warning: " \ + "no IP address found, bailing out ..." 1>&2 + exit 1 +fi +if [ `echo "$LO_ADDR_TXT" | wc -w` -ne 1 ]; then + echo "$ME: warning: " \ + "more than one IP address found ($LO_ADDR_TXT), " \ + "using the first value only ..." 1>&2 + LO_ADDR_TXT=`echo $LO_ADDR_TXT | sed 's/[ ].*$//'` +fi + +# make the dotted quad a 32bit int (hex) value +LO_ADDR_NUM=`echo $LO_ADDR_TXT | tr '.' ' '` +LO_ADDR_NUM=`printf "0x%02X%02X%02X%02X" $LO_ADDR_NUM` + +# create an #include file +cat <<E_O_F +#ifndef _LOOPBACK_H_ +#define _LOOPBACK_H_ + +/* quiet a warning about "redefined" against netinet/in.h */ +#ifdef INADDR_LOOPBACK +#undef INADDR_LOOPBACK +#endif /* INADDR_LOOPBACK */ + +/* maybe loopback is not always at localhost/127.0.0.1 */ +#define INNAME_LOOPBACK "$LO_HOSTNAME" +#define INTEXT_LOOPBACK "$LO_ADDR_TXT" +#define INADDR_LOOPBACK $LO_ADDR_NUM + +#endif /* _LOOPBACK_H_ */ +E_O_F + +# ----- E O F --------------------------------------------------- diff -uwb -r -N smbd/oplock.c smbd/oplock.c --- smbd/oplock.c Wed Apr 26 01:07:11 2000 +++ smbd/oplock.c Thu Oct 26 13:50:09 2000 @@ -259,7 +259,7 @@ /* Validate message from address (must be localhost). */ if(from.sin_addr.s_addr != htonl(INADDR_LOOPBACK)) { DEBUG(0,("receive_local_message: invalid 'from' address \ -(was %lx should be 127.0.0.1\n", (long)from.sin_addr.s_addr)); +(was %lx should be " INTEXT_LOOPBACK "\n", (long)from.sin_addr.s_addr)); return False; } diff -uwb -r -N utils/smbpasswd.c utils/smbpasswd.c --- utils/smbpasswd.c Wed Apr 26 01:07:16 2000 +++ utils/smbpasswd.c Thu Oct 26 13:50:55 2000 @@ -507,7 +507,7 @@ * localhost). */ if (remote_machine == NULL) { - remote_machine = "127.0.0.1"; + remote_machine = INTEXT_LOOPBACK; } diff -uwb -r -N web/diagnose.c web/diagnose.c --- web/diagnose.c Mon Feb 22 20:27:05 1999 +++ web/diagnose.c Thu Oct 26 13:49:34 2000 @@ -32,7 +32,7 @@ struct in_addr *ip_list; if ((fd = open_socket_in(SOCK_DGRAM, 0, 3, - interpret_addr("127.0.0.1"), True)) != -1) { + interpret_addr(INTEXT_LOOPBACK), True)) != -1) { if ((ip_list = name_query(fd, "__SAMBA__", 0, True, True, loopback_ip, &count,0)) != NULL) { @@ -57,7 +57,7 @@ if (!cli_initialise(&cli)) return False; - if (!cli_connect(&cli, "localhost", &loopback_ip)) { + if (!cli_connect(&cli, INNAME_LOOPBACK, &loopback_ip)) { cli_shutdown(&cli); return False; } diff -uwb -r -N web/swat.c web/swat.c --- web/swat.c Wed Apr 26 01:07:17 2000 +++ web/swat.c Thu Oct 26 13:50:48 2000 @@ -709,7 +709,7 @@ } else if (am_root()) { host = NULL; } else { - host = "127.0.0.1"; + host = INTEXT_LOOPBACK; } /* How-To-Repeat: Set up a jail as described in jail(8), install samba in it and try the following sequence: smbclient -L `hostname` -U% tail /var/log/log.smb It will spit out error messages about failed connection attempts and the log shows that IPC won't work since a UDP socket cannot be established at address 127.0.0.1. Editing smb.conf and adding options "bind interfaces only", "interfaces" and "socket address" don't help here (what are they meant for when there's always some implicit "localhost" binding?). Searching in the freebsd-ports ML archive (via the web interface) for some combination of "jail", "loopback", "localhost", "port" didn't turn up any hits. But I doubt that I'm the first one to step over this effect ...
Responsible Changed From-To: freebsd-ports->hosokawa Over to maintainer.
On Thu, Oct 26, 2000 at 20:54 +0200, Gerhard Sittig wrote: > > >Description: > > Samba, wwwoffle, and squid are some of the applications > assuming that "every machine I run on has an interface named > localhost with the address of 127.0.0.1 and it's always > possible to bind to it". That's why they don't run well in a > jail(2). Some don't start up successfully, some do and fail to > operate on incoming requests. > > [ ... ] > > The patch cited below tries to > - bundle all the names and addresses in a single spot > - have all the previously hardcoded references use the new > declaration > - produce a declaration with the previously used names and > addresses for the straight case and fall off the "localhost" > name and "127.0.0.1" address when the application is probably > run in a jail to use an available interface > > [ ... a little more to the bottom of the initial PR ... ] > > I understand that the samba development team is not aware of > the "problem" described in this PR and neither is it in > desparate need of a fix for their overall tarball. But they > could as well incorporate the "bundling" and deliver a > loopback.h file with the "localhost", "127.0.0.1" and > "0x7f000001" assumptions. This would degrade the FreeBSD > special hook into overwriting the header file somewhere in > between "make extract", "make patch", "make configure" and > "make all". [ ... ] I didn't contact the Samba team on this > yet since I wanted to learn before whether this solution > provided here for discussion is a viable way. Well, I tried to contact the authors after nobody from -ports told me the proposed solution is absolutely wrong. :> My message to the samba-technical@lists.samba.org list (that's what I got from the www.samba.org pages as the appropriate list for this kind of topic) as of Nov 16th 2000 as well as my f'up to samba@samba.org (referring to BUGS.txt: the one address to report bugs and enhancing patches to) as of Dec 14th 2000 haven't seen any response -- no rejection, no acceptance, no hint what's missing or wrong. :( See the details at: http://lists.samba.org/pipermail/samba-technical/2000-November/01007 http://lists.samba.org/pipermail/samba/2000-December/027221.html I'm sorry for this (lack of) reaction, but still I feel that the FreeBSD port could benefit from the patch and thus would like to ask you again to consider accepting it. > The patch needs correction from somebody more familiar with the > port than me in terms of where to invoke the loopback.h creation. Glimpsing over the ports makefile skeleton hooking into the "pre-build" target could be the place to (delete and) create the loopback.h header file. But as I told you, I'm not a ports expert ... Everything else besides the header file creation seems clear and clean to me and most of all acceptabe. :) virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76 Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@gmx.net -- If you don't understand or are scared by any of the above ask your parents or an adult to help you.
On Tue, Dec 19, 2000 at 20:19 +0100, Gerhard Sittig wrote: > > Well, I tried to contact the authors after nobody from -ports > told me the proposed solution is absolutely wrong. :> > > [ ... ] > > http://lists.samba.org/pipermail/samba-technical/2000-November/01007 > http://lists.samba.org/pipermail/samba/2000-December/027221.html Oops, the first link got shortened somehow. It should read http://lists.samba.org/pipermail/samba-technical/2000-November/010071.html virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76 Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@gmx.net -- If you don't understand or are scared by any of the above ask your parents or an adult to help you.
Responsible Changed From-To: hosokawa->dwcjr I'll decide what I want to do with this.
Does this patch still apply or is it valid any more?
On Thu, Jun 07, 2001 at 22:05 -0500, David W. Chapman Jr. wrote: > > Does this patch still apply or is it valid any more? I don't know. Since I don't offer SMB services to the public, I didn't bother updating the samba software since. My patch might apply to later sources cleanly or with some fuzz, but I'm not sure. There are chances, too, that even more occurences of the hardwired values crept into new code. You might want to do some grep(1) or glimpse(1) for yourself. Changing current Samba sources is rather simple -- while tedious: Change the Makefile to produce the header file, include this header file instead of hardcoding localhost in the central include, and change every "localhost", "127.0.0.1" and "0x7f000001" in the source files. Honestly speaking: Getting absolutely no response from the Samba project (after posting to two of their technical lists, providing a patch for the current software, as well as offering to update the patch to the 2.2 branch released shortly after my post) I've lost much of the interest in following up for this very software. But I'm still interested in "jail(2)ifying" other ports, too. It's just that the approach discussed for this Samba example is somewhat clumsy: You have to manually produce the loopback.h file for cross-compilation or you have to compile the port inside the jail it is to run in. Packaging doesn't work at all. :( So I'm really interested in discussing different approaches and getting the work done in other ports once there's a real solution and not just a hack. Looking at the Samba example one will notice that it's not just getting one variable assigned a value in the initialization phase without changing all the places where complete strings are built at compile time. Best would be to raise awareness at the original software authors of the ports. But that's hard and didn't work in the Samba case ("Huh? There's no localhost and no loopback interface? Then there's no IP at all."). virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76 Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@gmx.net -- If you don't understand or are scared by any of the above ask your parents or an adult to help you.
State Changed From-To: open->closed This is something the samba team should implement, but sadly they are impossible to get a hold of or reply to requests
On Thu, Jun 07, 2001 at 22:05 -0500, David W. Chapman Jr. wrote: > > Does this patch still apply or is it valid any more? Here's an update for the 2.0.9 and the 2.2.0 trees. This time I tried to separate the Samba stuff (parameters collapsed into one spot while providing a declaration with all the previously used parameters) from the FreeBSD jail stuff (recreating the loopback.h declaration with differing values when jailed, but identical to Samba's idea when done on a regular host). This message includes the Samba stuff only, while the loopback.sh script and the Makefile hook can be used from the message which started this PR. I still fail to see where the strength of their assumption (see .../docs/htmldocs/using_samba/ch03_01.html#ch03-pgfId-942097) comes from: We can disqualify the other address because every Unix machine has a localhost address of 127.0.0.1 whether it is connected to a network or not. This address is required for some system tools to operate correctly. I don't know which "system tools require this address for their correct operation". I can't come up with any essential tool for administration which thinks like this. I'm aware of the fact that my patches only touch source code but no doc file. Yet I was searching over the whole tarball for the "localhost" and "127.0.0.1" patterns. From the context in the docs I judged that all of them wouldn't need a change -- except maybe for an entry in the ./docs/textdocs/GOTCHAS.txt file stating the fact that Samba too strongly assumes the existence of a loopback device and thus fails to run in FreeBSD jail(2)s without modification. Here's a proposal: ---------------------------------------------------------------- Description: loopback device 127.0.0.1 is not available Symptom: Samba starts but refuses to serve requests OS: FreeBSD 4.0 and above with jail(2) setups Platform: any FreeBSD platform Date: November 16, 2000 (first report to a public Samba forum) Submitted By: Gerhard Sittig Details: The Samba code assumes that "localhost" and an "127.0.0.1" interface always are available. But the above mentioned jail(2) mechanism doesn't provide these. Details and a solution can be found at http://www.freebsd.org/cgi/query-pr.cgi?pr=22316 Corrective Action: change all occurences of "localhost" and "127.0.0.1" to the appropriate values for your jail environment (the above URL contains a patch to collapse them all into one single header file) ---------------------------------------------------------------- This one and a general note in the spot people are expected to look at before compiling Samba themselves from the source should suffice to make them aware that "localhost" and "127.0.0.1" are assumptions fitting most environments and yet can be adjusted (so the "localhost" term in the doc is to be read as "the local interface of the machine the Samba software runs on"). The following commands led to the patch: $ cd $PORTSDIR/net/samba $ make patch $ cp -R work work.orig $ mv work work.jail $ find work.jail -type f -print > filelist $ cat filelist | xargs grep -l -w localhost > foundlist.localhost $ cat filelist | xargs grep -l '127\.0\.0\.1' > foundlist.127001 $ cat foundlist.localhost foundlist.127001 | sort -u > foundlist.combined $ $EDITOR `cat foundlist.combined` \ work.jail/samba-2.0.9/source/include/{includes,loopback}.h $ cd work.jail/samba-2.0.9 $ diff -uN -r ../../work.orig/samba-2.0.9 . > samba-2.0.9-jail.diff 2>&1 and it was proven to not change the Samba binary distribution and thus its behaviour: $ cd $PORTSDIR/net/samba : N.B. I don't know if symlinks work for a port's work/ dir $ mv work.orig work $ make all $ mv work work.orig $ mv work.jail work $ make all $ mv work work.jail $ $PAGER work.jail/samba-2.0.9/source/Makefile (or maybe "grep PROG") $ for PROG in \ bin/smbd bin/nmbd bin/swat \ bin/smbclient bin/smbspool bin/testparm bin/testprns bin/smbstatus \ bin/rpcclient bin/smbpasswd bin/make_smbcodepage bin/make_unicodemap \ bin/nmblookup bin/make_printerdef \ ; do cmp work*/samba-2.0.9/source/$PROG; echo $? md5 work*/samba-2.0.9/source/$PROG done > compare-2.0.9.log 2>&1 The same steps were done in $PORTSDIR/net/samba-devel where the PROG list has two additional entries for "bin/smbcontrol" and "bin/smbcacls". # This is a shell archive. Save it in a file, remove anything before # this line, and then unpack it by entering "sh file". Note, it may # create directories; files and directories will be owned by you and # have default permissions. # # This archive contains: # # samba-2.0.9-jail.diff # compare-2.0.9.log # echo x - samba-2.0.9-jail.diff sed 's/^X//' >samba-2.0.9-jail.diff << 'END-of-samba-2.0.9-jail.diff' Xdiff -uN -r ../../work.orig/samba-2.0.9/packaging/PHT/TurboLinux/nss_makefile.patch ./packaging/PHT/TurboLinux/nss_makefile.patch X--- ../../work.orig/samba-2.0.9/packaging/PHT/TurboLinux/nss_makefile.patch Sat Jun 9 09:35:51 2001 X+++ ./packaging/PHT/TurboLinux/nss_makefile.patch Sat Jun 9 17:35:17 2001 X@@ -92,7 +92,7 @@ X + X + if (lp_wins_support()) { X + /* we are our own WINS server */ X-+ ret = name_query(fd,name,0x20,False,True, *interpret_addr2("127.0.0.1"), count,NULL); X++ ret = name_query(fd,name,0x20,False,True, *interpret_addr2(INTEXT_LOOPBACK), count,NULL); X + goto out; X + } X + Xdiff -uN -r ../../work.orig/samba-2.0.9/source/include/includes.h ./source/include/includes.h X--- ../../work.orig/samba-2.0.9/source/include/includes.h Sat Jun 9 09:35:40 2001 X+++ ./source/include/includes.h Sat Jun 9 18:13:45 2001 X@@ -788,9 +788,12 @@ X #define SEEK_SET 0 X #endif X X-#ifndef INADDR_LOOPBACK X-#define INADDR_LOOPBACK 0x7f000001 X-#endif X+/* X+ * NO, 127.0.0.1 is *NOT* always there. So let's X+ * source the configured parameters here from an X+ * easy to create / adjust external header file. X+ */ X+#include "loopback.h" X X #ifndef INADDR_NONE X #define INADDR_NONE 0xffffffff Xdiff -uN -r ../../work.orig/samba-2.0.9/source/include/loopback.h ./source/include/loopback.h X--- ../../work.orig/samba-2.0.9/source/include/loopback.h Thu Jan 1 01:00:00 1970 X+++ ./source/include/loopback.h Sat Jun 9 18:17:01 2001 X@@ -0,0 +1,14 @@ X+#ifndef _LOOPBACK_H_ X+#define _LOOPBACK_H_ X+ X+/* quiet a warning about "redefined" against netinet/in.h */ X+#ifdef INADDR_LOOPBACK X+#undef INADDR_LOOPBACK X+#endif /* INADDR_LOOPBACK */ X+ X+/* maybe loopback is not always at localhost/127.0.0.1 */ X+#define INNAME_LOOPBACK "localhost" X+#define INTEXT_LOOPBACK "127.0.0.1" X+#define INADDR_LOOPBACK 0x7f000001 X+ X+#endif /* _LOOPBACK_H_ */ Xdiff -uN -r ../../work.orig/samba-2.0.9/source/lib/access.c ./source/lib/access.c X--- ../../work.orig/samba-2.0.9/source/lib/access.c Sat Jun 9 09:35:41 2001 X+++ ./source/lib/access.c Sat Jun 9 17:36:12 2001 X@@ -202,7 +202,7 @@ X client[1] = caddr; X X /* if it is loopback then always allow unless specifically denied */ X- if (strcmp(caddr, "127.0.0.1") == 0) { X+ if (strcmp(caddr, INTEXT_LOOPBACK) == 0) { X if (deny_list && X list_match(deny_list,(char *)client,client_match)) { X return False; Xdiff -uN -r ../../work.orig/samba-2.0.9/source/lib/interface.c ./source/lib/interface.c X--- ../../work.orig/samba-2.0.9/source/lib/interface.c Sat Jun 9 09:35:41 2001 X+++ ./source/lib/interface.c Sat Jun 9 17:36:49 2001 X@@ -175,7 +175,7 @@ X X ipzero = *interpret_addr2("0.0.0.0"); X allones_ip = *interpret_addr2("255.255.255.255"); X- loopback_ip = *interpret_addr2("127.0.0.1"); X+ loopback_ip = *interpret_addr2(INTEXT_LOOPBACK); X X if (probed_ifaces) { X free(probed_ifaces); Xdiff -uN -r ../../work.orig/samba-2.0.9/source/param/loadparm.c ./source/param/loadparm.c X--- ../../work.orig/samba-2.0.9/source/param/loadparm.c Sat Jun 9 09:35:42 2001 X+++ ./source/param/loadparm.c Sat Jun 9 17:40:21 2001 X@@ -1004,7 +1004,7 @@ X X #ifdef WITH_LDAP X /* default values for ldap */ X- string_set(&Globals.szLdapServer, "localhost"); X+ string_set(&Globals.szLdapServer, INNAME_LOOPBACK); X Globals.ldap_port=389; X #endif /* WITH_LDAP */ X X@@ -2826,7 +2826,7 @@ X X if (in_client && Globals.bWINSsupport) { X X- string_set(&Globals.szWINSserver, "127.0.0.1"); X+ string_set(&Globals.szWINSserver, INTEXT_LOOPBACK); X X } X Xdiff -uN -r ../../work.orig/samba-2.0.9/source/printing/print_cups.c ./source/printing/print_cups.c X--- ../../work.orig/samba-2.0.9/source/printing/print_cups.c Sat Jun 9 09:35:43 2001 X+++ ./source/printing/print_cups.c Sat Jun 9 16:45:05 2001 X@@ -171,7 +171,7 @@ X ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_LANGUAGE, X "attributes-natural-language", NULL, language->language); X X- snprintf(uri, sizeof(uri), "ipp://localhost/printers/%s", name); X+ snprintf(uri, sizeof(uri), "ipp://" INNAME_LOOPBACK "/printers/%s", name); X X ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_URI, X "printer-uri", NULL, uri); Xdiff -uN -r ../../work.orig/samba-2.0.9/source/smbd/oplock.c ./source/smbd/oplock.c X--- ../../work.orig/samba-2.0.9/source/smbd/oplock.c Sat Jun 9 09:35:44 2001 X+++ ./source/smbd/oplock.c Sat Jun 9 17:41:16 2001 X@@ -259,7 +259,7 @@ X /* Validate message from address (must be localhost). */ X if(from.sin_addr.s_addr != htonl(INADDR_LOOPBACK)) { X DEBUG(0,("receive_local_message: invalid 'from' address \ X-(was %lx should be 127.0.0.1\n", (long)from.sin_addr.s_addr)); X+(was %lx should be " INTEXT_LOOPBACK "\n", (long)from.sin_addr.s_addr)); X return False; X } X Xdiff -uN -r ../../work.orig/samba-2.0.9/source/utils/smbpasswd.c ./source/utils/smbpasswd.c X--- ../../work.orig/samba-2.0.9/source/utils/smbpasswd.c Sat Jun 9 09:35:45 2001 X+++ ./source/utils/smbpasswd.c Sat Jun 9 17:41:47 2001 X@@ -507,7 +507,7 @@ X * localhost). X */ X if (remote_machine == NULL) { X- remote_machine = "127.0.0.1"; X+ remote_machine = INTEXT_LOOPBACK; X } X X Xdiff -uN -r ../../work.orig/samba-2.0.9/source/web/diagnose.c ./source/web/diagnose.c X--- ../../work.orig/samba-2.0.9/source/web/diagnose.c Sat Jun 9 09:35:45 2001 X+++ ./source/web/diagnose.c Sat Jun 9 17:42:24 2001 X@@ -32,7 +32,7 @@ X struct in_addr *ip_list; X X if ((fd = open_socket_in(SOCK_DGRAM, 0, 3, X- interpret_addr("127.0.0.1"), True)) != -1) { X+ interpret_addr(INTEXT_LOOPBACK), True)) != -1) { X if ((ip_list = name_query(fd, "__SAMBA__", 0, X True, True, loopback_ip, X &count,0)) != NULL) { X@@ -57,7 +57,7 @@ X if (!cli_initialise(&cli)) X return False; X X- if (!cli_connect(&cli, "localhost", &loopback_ip)) { X+ if (!cli_connect(&cli, INNAME_LOOPBACK, &loopback_ip)) { X cli_shutdown(&cli); X return False; X } Xdiff -uN -r ../../work.orig/samba-2.0.9/source/web/swat.c ./source/web/swat.c X--- ../../work.orig/samba-2.0.9/source/web/swat.c Sat Jun 9 09:35:45 2001 X+++ ./source/web/swat.c Sat Jun 9 17:43:32 2001 X@@ -709,7 +709,7 @@ X } else if (am_root()) { X host = NULL; X } else { X- host = "127.0.0.1"; X+ host = INTEXT_LOOPBACK; X } X X /* END-of-samba-2.0.9-jail.diff echo x - compare-2.0.9.log sed 's/^X//' >compare-2.0.9.log << 'END-of-compare-2.0.9.log' X0 XMD5 (work.jail/samba-2.0.9/source/bin/smbd) = 6054bfacc4d6a434001870ed76d01c8a XMD5 (work.orig/samba-2.0.9/source/bin/smbd) = 6054bfacc4d6a434001870ed76d01c8a X0 XMD5 (work.jail/samba-2.0.9/source/bin/nmbd) = 2f6832a7d648e5c996d6654043d01eee XMD5 (work.orig/samba-2.0.9/source/bin/nmbd) = 2f6832a7d648e5c996d6654043d01eee X0 XMD5 (work.jail/samba-2.0.9/source/bin/swat) = feae1c1d0431a74e8153da16754ba5eb XMD5 (work.orig/samba-2.0.9/source/bin/swat) = feae1c1d0431a74e8153da16754ba5eb X0 XMD5 (work.jail/samba-2.0.9/source/bin/smbclient) = d52d27c62f3ee773079f98add651f9a2 XMD5 (work.orig/samba-2.0.9/source/bin/smbclient) = d52d27c62f3ee773079f98add651f9a2 X0 XMD5 (work.jail/samba-2.0.9/source/bin/smbspool) = 9a180e56e3fa45aad88f794d06f9b531 XMD5 (work.orig/samba-2.0.9/source/bin/smbspool) = 9a180e56e3fa45aad88f794d06f9b531 X0 XMD5 (work.jail/samba-2.0.9/source/bin/testparm) = a3ab89bf4e99be95b5dbb728c75ef5ec XMD5 (work.orig/samba-2.0.9/source/bin/testparm) = a3ab89bf4e99be95b5dbb728c75ef5ec X0 XMD5 (work.jail/samba-2.0.9/source/bin/testprns) = 52a3976f08e3a31ad0a83f9eba6b8eff XMD5 (work.orig/samba-2.0.9/source/bin/testprns) = 52a3976f08e3a31ad0a83f9eba6b8eff X0 XMD5 (work.jail/samba-2.0.9/source/bin/smbstatus) = e6b31d850e785aa1f70723577c928339 XMD5 (work.orig/samba-2.0.9/source/bin/smbstatus) = e6b31d850e785aa1f70723577c928339 X0 XMD5 (work.jail/samba-2.0.9/source/bin/rpcclient) = 7ee8b8b9d901aba9edc282b028c64ded XMD5 (work.orig/samba-2.0.9/source/bin/rpcclient) = 7ee8b8b9d901aba9edc282b028c64ded X0 XMD5 (work.jail/samba-2.0.9/source/bin/smbpasswd) = 6cffb3ffd138eac07b3b1a9c3b3149c9 XMD5 (work.orig/samba-2.0.9/source/bin/smbpasswd) = 6cffb3ffd138eac07b3b1a9c3b3149c9 X0 XMD5 (work.jail/samba-2.0.9/source/bin/make_smbcodepage) = 210d3dfb743eb89a6c5f1ff6775bfe4e XMD5 (work.orig/samba-2.0.9/source/bin/make_smbcodepage) = 210d3dfb743eb89a6c5f1ff6775bfe4e X0 XMD5 (work.jail/samba-2.0.9/source/bin/make_unicodemap) = 3a1f2dd1705b57b00b4aec2c2ffa3ab1 XMD5 (work.orig/samba-2.0.9/source/bin/make_unicodemap) = 3a1f2dd1705b57b00b4aec2c2ffa3ab1 X0 XMD5 (work.jail/samba-2.0.9/source/bin/nmblookup) = d5fdcf838a3006777f1badb28a1b8645 XMD5 (work.orig/samba-2.0.9/source/bin/nmblookup) = d5fdcf838a3006777f1badb28a1b8645 X0 XMD5 (work.jail/samba-2.0.9/source/bin/make_printerdef) = dfd0ff5b62cec5cbc65b0bcae5eefd83 XMD5 (work.orig/samba-2.0.9/source/bin/make_printerdef) = dfd0ff5b62cec5cbc65b0bcae5eefd83 END-of-compare-2.0.9.log exit # This is a shell archive. Save it in a file, remove anything before # this line, and then unpack it by entering "sh file". Note, it may # create directories; files and directories will be owned by you and # have default permissions. # # This archive contains: # # samba-2.2.0-jail.diff # compare-2.2.0.log # echo x - samba-2.2.0-jail.diff sed 's/^X//' >samba-2.2.0-jail.diff << 'END-of-samba-2.2.0-jail.diff' Xdiff -uN -r ../../work.orig/samba-2.2.0/source/include/includes.h ./source/include/includes.h X--- ../../work.orig/samba-2.2.0/source/include/includes.h Sat Jun 9 19:53:53 2001 X+++ ./source/include/includes.h Sat Jun 9 20:58:48 2001 X@@ -773,9 +773,12 @@ X #define SEEK_SET 0 X #endif X X-#ifndef INADDR_LOOPBACK X-#define INADDR_LOOPBACK 0x7f000001 X-#endif X+/* X+ * NO, 127.0.0.1 is *NOT* always there. So let's X+ * source the configured parameters here from an X+ * easy to create / adjust external header file. X+ */ X+#include "loopback.h" X X #ifndef INADDR_NONE X #define INADDR_NONE 0xffffffff Xdiff -uN -r ../../work.orig/samba-2.2.0/source/include/loopback.h ./source/include/loopback.h X--- ../../work.orig/samba-2.2.0/source/include/loopback.h Thu Jan 1 01:00:00 1970 X+++ ./source/include/loopback.h Sat Jun 9 20:22:51 2001 X@@ -0,0 +1,14 @@ X+#ifndef _LOOPBACK_H_ X+#define _LOOPBACK_H_ X+ X+/* quiet a warning about "redefined" against netinet/in.h */ X+#ifdef INADDR_LOOPBACK X+#undef INADDR_LOOPBACK X+#endif /* INADDR_LOOPBACK */ X+ X+/* maybe loopback is not always at localhost/127.0.0.1 */ X+#define INNAME_LOOPBACK "localhost" X+#define INTEXT_LOOPBACK "127.0.0.1" X+#define INADDR_LOOPBACK 0x7f000001 X+ X+#endif /* _LOOPBACK_H_ */ Xdiff -uN -r ../../work.orig/samba-2.2.0/source/lib/access.c ./source/lib/access.c X--- ../../work.orig/samba-2.2.0/source/lib/access.c Sat Jun 9 19:53:54 2001 X+++ ./source/lib/access.c Sat Jun 9 20:52:26 2001 X@@ -202,7 +202,7 @@ X client[1] = caddr; X X /* if it is loopback then always allow unless specifically denied */ X- if (strcmp(caddr, "127.0.0.1") == 0) { X+ if (strcmp(caddr, INTEXT_LOOPBACK) == 0) { X if (deny_list && X list_match(deny_list,(char *)client,client_match)) { X return False; Xdiff -uN -r ../../work.orig/samba-2.2.0/source/lib/interface.c ./source/lib/interface.c X--- ../../work.orig/samba-2.2.0/source/lib/interface.c Sat Jun 9 19:53:55 2001 X+++ ./source/lib/interface.c Sat Jun 9 20:52:41 2001 X@@ -177,7 +177,7 @@ X X ipzero = *interpret_addr2("0.0.0.0"); X allones_ip = *interpret_addr2("255.255.255.255"); X- loopback_ip = *interpret_addr2("127.0.0.1"); X+ loopback_ip = *interpret_addr2(INTEXT_LOOPBACK); X X if (probed_ifaces) { X free(probed_ifaces); Xdiff -uN -r ../../work.orig/samba-2.2.0/source/libsmb/namequery.c ./source/libsmb/namequery.c X--- ../../work.orig/samba-2.2.0/source/libsmb/namequery.c Sat Jun 9 19:53:56 2001 X+++ ./source/libsmb/namequery.c Sat Jun 9 20:53:20 2001 X@@ -749,7 +749,7 @@ X { X extern pstring global_myname; X fstrcpy(dest_host, global_myname); X- ip = interpret_addr2("127.0.0.1"); X+ ip = interpret_addr2(INTEXT_LOOPBACK); X return True; X } X Xdiff -uN -r ../../work.orig/samba-2.2.0/source/nsswitch/wins.c ./source/nsswitch/wins.c X--- ../../work.orig/samba-2.2.0/source/nsswitch/wins.c Sat Jun 9 19:53:50 2001 X+++ ./source/nsswitch/wins.c Sat Jun 9 20:53:39 2001 X@@ -71,7 +71,7 @@ X X if (lp_wins_support()) { X /* we are our own WINS server */ X- ret = name_query(fd,name,0x20,False,True, *interpret_addr2("127.0.0.1"), count); X+ ret = name_query(fd,name,0x20,False,True, *interpret_addr2(INTEXT_LOOPBACK), count); X goto out; X } X Xdiff -uN -r ../../work.orig/samba-2.2.0/source/param/loadparm.c ./source/param/loadparm.c X--- ../../work.orig/samba-2.2.0/source/param/loadparm.c Sat Jun 9 19:53:50 2001 X+++ ./source/param/loadparm.c Sat Jun 9 20:53:56 2001 X@@ -1297,7 +1297,7 @@ X X #ifdef WITH_LDAP X /* default values for ldap */ X- string_set(&Globals.szLdapServer, "localhost"); X+ string_set(&Globals.szLdapServer, INNAME_LOOPBACK); X Globals.ldap_port = 389; X #endif /* WITH_LDAP */ X X@@ -3308,7 +3308,7 @@ X if (in_client && Globals.bWINSsupport) X { X X- string_set(&Globals.szWINSserver, "127.0.0.1"); X+ string_set(&Globals.szWINSserver, INTEXT_LOOPBACK); X X } X Xdiff -uN -r ../../work.orig/samba-2.2.0/source/printing/print_cups.c ./source/printing/print_cups.c X--- ../../work.orig/samba-2.2.0/source/printing/print_cups.c Sat Jun 9 19:53:45 2001 X+++ ./source/printing/print_cups.c Sat Jun 9 20:21:19 2001 X@@ -268,7 +268,7 @@ X ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_NAME, X "requested-attributes", NULL, "printer-uri"); X X- slprintf(uri, sizeof(uri) - 1, "ipp://localhost/printers/%s", X+ slprintf(uri, sizeof(uri) - 1, "ipp://" INNAME_LOOPBACK "/printers/%s", X dos_to_unix(name, False)); X X ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_URI, X@@ -360,7 +360,7 @@ X ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_LANGUAGE, X "attributes-natural-language", NULL, language->language); X X- slprintf(uri, sizeof(uri) - 1, "ipp://localhost/jobs/%d", pjob->sysjob); X+ slprintf(uri, sizeof(uri) - 1, "ipp://" INNAME_LOOPBACK "/jobs/%d", pjob->sysjob); X X ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_URI, "job-uri", NULL, uri); X X@@ -450,7 +450,7 @@ X ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_LANGUAGE, X "attributes-natural-language", NULL, language->language); X X- slprintf(uri, sizeof(uri) - 1, "ipp://localhost/jobs/%d", pjob->sysjob); X+ slprintf(uri, sizeof(uri) - 1, "ipp://" INNAME_LOOPBACK "/jobs/%d", pjob->sysjob); X X ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_URI, "job-uri", NULL, uri); X X@@ -540,7 +540,7 @@ X ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_LANGUAGE, X "attributes-natural-language", NULL, language->language); X X- slprintf(uri, sizeof(uri) - 1, "ipp://localhost/jobs/%d", pjob->sysjob); X+ slprintf(uri, sizeof(uri) - 1, "ipp://" INNAME_LOOPBACK "/jobs/%d", pjob->sysjob); X X ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_URI, "job-uri", NULL, uri); X X@@ -631,7 +631,7 @@ X ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_LANGUAGE, X "attributes-natural-language", NULL, language->language); X X- slprintf(uri, sizeof(uri) - 1, "ipp://localhost/printers/%s", X+ slprintf(uri, sizeof(uri) - 1, "ipp://" INNAME_LOOPBACK "/printers/%s", X PRINTERNAME(snum)); X X ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_URI, X@@ -735,7 +735,7 @@ X * Generate the printer URI... X */ X X- slprintf(uri, sizeof(uri) - 1, "ipp://localhost/printers/%s", X+ slprintf(uri, sizeof(uri) - 1, "ipp://" INNAME_LOOPBACK "/printers/%s", X PRINTERNAME(snum)); X X /* X@@ -1058,7 +1058,7 @@ X ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_LANGUAGE, X "attributes-natural-language", NULL, language->language); X X- slprintf(uri, sizeof(uri) - 1, "ipp://localhost/printers/%s", X+ slprintf(uri, sizeof(uri) - 1, "ipp://" INNAME_LOOPBACK "/printers/%s", X PRINTERNAME(snum)); X X ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_URI, "printer-uri", NULL, uri); X@@ -1149,7 +1149,7 @@ X ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_LANGUAGE, X "attributes-natural-language", NULL, language->language); X X- slprintf(uri, sizeof(uri) - 1, "ipp://localhost/printers/%s", X+ slprintf(uri, sizeof(uri) - 1, "ipp://" INNAME_LOOPBACK "/printers/%s", X PRINTERNAME(snum)); X X ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_URI, "printer-uri", NULL, uri); Xdiff -uN -r ../../work.orig/samba-2.2.0/source/smbd/oplock.c ./source/smbd/oplock.c X--- ../../work.orig/samba-2.2.0/source/smbd/oplock.c Sat Jun 9 19:53:47 2001 X+++ ./source/smbd/oplock.c Sat Jun 9 20:54:45 2001 X@@ -138,7 +138,7 @@ X /* Validate message from address (must be localhost). */ X if(from.sin_addr.s_addr != htonl(INADDR_LOOPBACK)) { X DEBUG(0,("receive_local_message: invalid 'from' address \ X-(was %lx should be 127.0.0.1\n", (long)from.sin_addr.s_addr)); X+(was %lx should be " INTEXT_LOOPBACK "\n", (long)from.sin_addr.s_addr)); X return False; X } X Xdiff -uN -r ../../work.orig/samba-2.2.0/source/utils/smbpasswd.c ./source/utils/smbpasswd.c X--- ../../work.orig/samba-2.2.0/source/utils/smbpasswd.c Sat Jun 9 19:53:45 2001 X+++ ./source/utils/smbpasswd.c Sat Jun 9 20:54:59 2001 X@@ -511,7 +511,7 @@ X load_interfaces(); /* Delayed from main() */ X X if (remote_machine == NULL) { X- remote_machine = "127.0.0.1"; X+ remote_machine = INTEXT_LOOPBACK; X } X X if (remote_machine != NULL) { Xdiff -uN -r ../../work.orig/samba-2.2.0/source/web/diagnose.c ./source/web/diagnose.c X--- ../../work.orig/samba-2.2.0/source/web/diagnose.c Sat Jun 9 19:53:45 2001 X+++ ./source/web/diagnose.c Sat Jun 9 20:55:16 2001 X@@ -32,7 +32,7 @@ X struct in_addr *ip_list; X X if ((fd = open_socket_in(SOCK_DGRAM, 0, 3, X- interpret_addr("127.0.0.1"), True)) != -1) { X+ interpret_addr(INTEXT_LOOPBACK), True)) != -1) { X if ((ip_list = name_query(fd, "__SAMBA__", 0, X True, True, loopback_ip, X &count)) != NULL) { X@@ -57,7 +57,7 @@ X if (!cli_initialise(&cli)) X return False; X X- if (!cli_connect(&cli, "localhost", &loopback_ip)) { X+ if (!cli_connect(&cli, INNAME_LOOPBACK, &loopback_ip)) { X cli_shutdown(&cli); X return False; X } Xdiff -uN -r ../../work.orig/samba-2.2.0/source/web/swat.c ./source/web/swat.c X--- ../../work.orig/samba-2.2.0/source/web/swat.c Sat Jun 9 19:53:45 2001 X+++ ./source/web/swat.c Sat Jun 9 20:55:22 2001 X@@ -724,7 +724,7 @@ X } else if (am_root()) { X host = NULL; X } else { X- host = "127.0.0.1"; X+ host = INTEXT_LOOPBACK; X } X X /* END-of-samba-2.2.0-jail.diff echo x - compare-2.2.0.log sed 's/^X//' >compare-2.2.0.log << 'END-of-compare-2.2.0.log' X0 XMD5 (work.jail/samba-2.2.0/source/bin/smbd) = 5c2a0abcdac33aceb1923c91b056a271 XMD5 (work.orig/samba-2.2.0/source/bin/smbd) = 5c2a0abcdac33aceb1923c91b056a271 X0 XMD5 (work.jail/samba-2.2.0/source/bin/nmbd) = 4591b9e344aace5ffb4b60ed37b98d4a XMD5 (work.orig/samba-2.2.0/source/bin/nmbd) = 4591b9e344aace5ffb4b60ed37b98d4a X0 XMD5 (work.jail/samba-2.2.0/source/bin/swat) = 99868a11ec42ff95e7d7dddcf67edbb2 XMD5 (work.orig/samba-2.2.0/source/bin/swat) = 99868a11ec42ff95e7d7dddcf67edbb2 X0 XMD5 (work.jail/samba-2.2.0/source/bin/smbclient) = f511fc942b3931e10e641e871f05de1b XMD5 (work.orig/samba-2.2.0/source/bin/smbclient) = f511fc942b3931e10e641e871f05de1b X0 XMD5 (work.jail/samba-2.2.0/source/bin/smbspool) = a46854ebc4724625d2cba95ed40bdf2a XMD5 (work.orig/samba-2.2.0/source/bin/smbspool) = a46854ebc4724625d2cba95ed40bdf2a X0 XMD5 (work.jail/samba-2.2.0/source/bin/testparm) = 01e2a9e3a42beff6b8a1860e3250f66f XMD5 (work.orig/samba-2.2.0/source/bin/testparm) = 01e2a9e3a42beff6b8a1860e3250f66f X0 XMD5 (work.jail/samba-2.2.0/source/bin/testprns) = 726ca7b66a72a270f50062b7717e45e2 XMD5 (work.orig/samba-2.2.0/source/bin/testprns) = 726ca7b66a72a270f50062b7717e45e2 X0 XMD5 (work.jail/samba-2.2.0/source/bin/smbstatus) = a7f841ae64fb62254a073e3331c63b5a XMD5 (work.orig/samba-2.2.0/source/bin/smbstatus) = a7f841ae64fb62254a073e3331c63b5a X0 XMD5 (work.jail/samba-2.2.0/source/bin/rpcclient) = cac9bddbf52715a59aa8246f7c97c9e3 XMD5 (work.orig/samba-2.2.0/source/bin/rpcclient) = cac9bddbf52715a59aa8246f7c97c9e3 X0 XMD5 (work.jail/samba-2.2.0/source/bin/smbpasswd) = 95d83f3d483c96db558e4c0aef6718a6 XMD5 (work.orig/samba-2.2.0/source/bin/smbpasswd) = 95d83f3d483c96db558e4c0aef6718a6 X0 XMD5 (work.jail/samba-2.2.0/source/bin/make_smbcodepage) = c978147c7b564c1b200101e266f6eebc XMD5 (work.orig/samba-2.2.0/source/bin/make_smbcodepage) = c978147c7b564c1b200101e266f6eebc X0 XMD5 (work.jail/samba-2.2.0/source/bin/make_unicodemap) = 7400ab7a74b64c09fb100cdd5a9166bf XMD5 (work.orig/samba-2.2.0/source/bin/make_unicodemap) = 7400ab7a74b64c09fb100cdd5a9166bf X0 XMD5 (work.jail/samba-2.2.0/source/bin/nmblookup) = 8206f1cbf483e36f33a6d2875c03546d XMD5 (work.orig/samba-2.2.0/source/bin/nmblookup) = 8206f1cbf483e36f33a6d2875c03546d X0 XMD5 (work.jail/samba-2.2.0/source/bin/make_printerdef) = 89d7ea2da63babc236ff45b18ee8f596 XMD5 (work.orig/samba-2.2.0/source/bin/make_printerdef) = 89d7ea2da63babc236ff45b18ee8f596 X0 XMD5 (work.jail/samba-2.2.0/source/bin/smbcontrol) = 9bbc750f496ca520aa0f247380c754bb XMD5 (work.orig/samba-2.2.0/source/bin/smbcontrol) = 9bbc750f496ca520aa0f247380c754bb X0 XMD5 (work.jail/samba-2.2.0/source/bin/smbcacls) = 2c158310a9a9649dece20c0eec133445 XMD5 (work.orig/samba-2.2.0/source/bin/smbcacls) = 2c158310a9a9649dece20c0eec133445 END-of-compare-2.2.0.log exit If the Samba team would accept the patch they had the benefit of cleaner sources in regards to hardwired values spread all over the source files now collapsed into one single spot. The FreeBSD project (as well as any other platform Samba runs on) had the benefit of easily overriding the inappropriate values with a mkloopback.sh run in the pre-build stage. The real solution although would be to not assume any fixed address to be available and appropriate for internal communication with helpers or subsystems, but to take the admin seriously and obey the config file parameters while _maybe_ falling back to scanning the machine's interfaces. virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76 Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@gmx.net -- If you don't understand or are scared by any of the above ask your parents or an adult to help you.
Hi, I updated the patch to apply for Samba 2.2.8a. Downloadable from http://anders.fix.no/test/samba-2.2.8a-jail.diff. Works for me at least. I think we should leave this PR open if it's useful, or incorporate the patch as an option for this port. Cheers, -- Anders.