Attachment #234864 for bug #263874




# Created by: timur@FreeBSD.org

PORTNAME=			${SAMBA4_BASENAME}415
PORTVERSION=			${SAMBA4_VERSION}
PORTREVISION=			1
CATEGORIES?=			net
MASTER_SITES=			SAMBA/samba/stable SAMBA/samba/rc
DISTNAME=			${SAMBA4_DISTNAME}

MAINTAINER=			timur@FreeBSD.org
COMMENT=			Free SMB/CIFS and AD/DC server and client for Unix

LICENSE=			GPLv3+
LICENSE_FILE=			${WRKSRC}/COPYING

IGNORE_NONTHREAD_PYTHON=	needs port lang/python${PYTHON_SUFFIX} to be build with THREADS support
CONFLICTS_INSTALL?=		samba4* # bin/cifsdd bin/dbwrap_tool bin/dumpmscat bin/findsmb bin/gentest

USES=				cpe

# EXTRA_PATCHES+=			${PATCHDIR}/0001-Zfs-provision-1.patch:-p1

SAMBA4_BASENAME=		samba
SAMBA4_PORTNAME=		${SAMBA4_BASENAME}4
SAMBA4_VERSION=			4.15.7
SAMBA4_DISTNAME=		${SAMBA4_BASENAME}-${SAMBA4_VERSION:S|.p|pre|:S|.r|rc|:S|.t|tp|:S|.a|alpha|}

WRKSRC?=			${WRKDIR}/${DISTNAME}
PLIST?=				${PKGDIR}/pkg-plist

CPE_VENDOR=			samba
CPE_PRODUCT=			samba
# Directories
VARDIR=				${DESTDIR}/var
SAMBA4_RUNDIR=			${VARDIR}/run/${SAMBA4_PORTNAME}
SAMBA4_LOGDIR=			${VARDIR}/log/${SAMBA4_PORTNAME}
SAMBA4_LOCKDIR=			${VARDIR}/db/${SAMBA4_PORTNAME}
SAMBA4_BINDDNSDIR=		${SAMBA4_LOCKDIR}/bind-dns
SAMBA4_PRIVATEDIR=		${SAMBA4_LOCKDIR}/private
SAMBA4_PAMDIR=			${PREFIX}/lib
SAMBA4_LIBDIR=			${PREFIX}/lib/${SAMBA4_PORTNAME}
SAMBA4_INCLUDEDIR=		${PREFIX}/include/${SAMBA4_PORTNAME}
SAMBA4_CONFDIR=			${PREFIX}/etc
SAMBA4_CONFIG=			smb4.conf
SAMBA4_MODULES_CLASS=		auth bind9 gensec gpext idmap ldb nss_info \
				pdb perfcount process_model service vfs

CONFIGURE_ARGS+=		--mandir="${MANPREFIX}/man" \
				--sysconfdir="${SAMBA4_CONFDIR}" \
				--includedir="${SAMBA4_INCLUDEDIR}" \
				--datadir="${DATADIR}" \
				--libdir="${SAMBA4_LIBDIR}" \
				--with-privatelibdir="${SAMBA4_LIBDIR}/private" \
				--with-pammodulesdir="${SAMBA4_PAMDIR}" \
				--with-modulesdir="${SAMBA4_MODULEDIR}" \
				--localstatedir="${VARDIR}" \
				--with-piddir="${SAMBA4_RUNDIR}" \
				--with-sockets-dir="${SAMBA4_RUNDIR}" \
				--with-privileged-socket-dir="${SAMBA4_RUNDIR}" \
				--with-lockdir="${SAMBA4_LOCKDIR}" \
				--with-statedir="${SAMBA4_LOCKDIR}" \
				--with-cachedir="${SAMBA4_LOCKDIR}" \
				--with-bind-dns-dir=${SAMBA4_BINDDNSDIR} \
				--with-privatedir="${SAMBA4_PRIVATEDIR}" \
				--with-logfilebase="${SAMBA4_LOGDIR}" \
				--enable-fhs

# 				--with-pkgconfigdir="${PKGCONFIGDIR}" \

# XXX: Flags
CONFIGURE_ENV+=			PTHREAD_LDFLAGS="-lpthread"
MAKE_ENV+=			PYTHONHASHSEED=1

USES+=				compiler:c++11-lang iconv localbase:ldflags \
				perl5 pkgconfig shebangfix waf gettext-runtime
USE_PERL5=			build
USE_LDCONFIG=			${SAMBA4_LIBDIR}
WAF_CMD=			buildtools/bin/waf
CONFIGURE_LOG=			bin/config.log

PKGCONFIGDIR?=			${PREFIX}/libdata/pkgconfig
PKGCONFIGDIR_REL?=		${PKGCONFIGDIR:S,^${PREFIX}/,,}
PLIST_SUB+=			PKGCONFIGDIR=${PKGCONFIGDIR_REL}
SUB_LIST+=			PKGCONFIGDIR=${PKGCONFIGDIR_REL}
##############################################################################
OPTIONS_SUB=			yes

OPTIONS_DEFINE=			AD_DC ADS CLUSTER CUPS DOCS FAM GPGME \
				LDAP MANDOC PROFILE PYTHON3 QUOTAS \
				SPOTLIGHT SYSLOG UTMP
#OPTIONS_DEFINE+=		DEVELOPER MEMORY_DEBUG

OPTIONS_GROUP=			VFS
OPTIONS_GROUP_VFS=		FRUIT GLUSTERFS

OPTIONS_SINGLE=			GSSAPI ZEROCONF

OPTIONS_SINGLE_GSSAPI=		GSSAPI_BUILTIN GSSAPI_MIT
#GSSAPI_HEIMDAL
OPTIONS_SINGLE_ZEROCONF=	ZEROCONF_NONE AVAHI MDNSRESPONDER

OPTIONS_RADIO=			DNS
OPTIONS_RADIO_DNS=		NSUPDATE BIND911 BIND916
# Make those default options
OPTIONS_DEFAULT=		AD_DC ADS DOCS FAM LDAP \
				PROFILE PYTHON3 QUOTAS SYSLOG UTMP \
				FRUIT GSSAPI_BUILTIN AVAHI
##############################################################################
ADS_DESC=			Active Directory client(implies LDAP)
AD_DC_DESC=			Active Directory Domain Controller(implies PYTHON3)
CLUSTER_DESC=			Clustering support
DEVELOPER_DESC=			With developer framework
FAM_DESC=			File Alteration Monitor
GPGME_DESC=			GpgME support
LDAP_DESC=			LDAP client
LIBZFS_DESC=			LibZFS
SPOTLIGHT_DESC=			Spotlight server-side search support
MANDOC_DESC=			Build manpages from DOCBOOK templates
MEMORY_DEBUG_DESC=		Debug memory allocator
PICKY_DEVELOPER_DESC=		Treat compiler warnings as errors(implies DEVELOPER)
PROFILE_DESC=			Profiling data
QUOTAS_DESC=			Disk quota support
UTMP_DESC=			UTMP accounting

VFS_DESC=			VFS modules
GLUSTERFS_DESC=			GlusterFS support
FRUIT_DESC=			MacOSX and TimeMachine support

GSSAPI_BUILTIN_DESC=		GSSAPI support via bundled Heimdal

ZEROCONF_DESC=			Zero configuration networking
ZEROCONF_NONE_DESC=		Zeroconf support is absent

DNS_DESC=			DNS frontend
BIND911_DESC=			Use Bind 9.11 as AD DC DNS server frontend
BIND916_DESC=			Use Bind 9.16 as AD DC DNS server frontend
NSUPDATE_DESC=			Use samba NSUPDATE utility for AD DC
##############################################################################
# XXX: Unconditional dependencies which can't be switched off(if present in
# the system)

# Iconv(picked up unconditionaly)
LIB_DEPENDS+=			libiconv.so:converters/libiconv
# unwind
LIB_DEPENDS+=			libunwind.so:devel/libunwind
# Readline(sponsored by Python)
# XXX: USES=readline pollutes CPPFLAGS, so we explicitly put dependency
LIB_DEPENDS+=			libreadline.so:devel/readline
# popt
LIB_DEPENDS+=			libpopt.so:devel/popt
# inotify
LIB_DEPENDS+=			libinotify.so:devel/libinotify
# GNUTLS
LIB_DEPENDS+=			libgnutls.so:security/gnutls
LIB_DEPENDS+=			libgcrypt.so:security/libgcrypt
# NFSv4 ACL glue
LIB_DEPENDS+=			libsunacl.so:sysutils/libsunacl
# Jansson
BUILD_DEPENDS+=			jansson>=2.10:devel/jansson
RUN_DEPENDS+=			jansson>=2.10:devel/jansson
# Bison
BUILD_DEPENDS+=			bison>=3.8:devel/bison
# py-markdown
BUILD_DEPENDS+=			py38-markdown>=3.3:textproc/py-markdown
# py-dnspython
BUILD_DEPENDS+=			py38-dnspython>=2.2:dns/py-dnspython

# tasn1
BUILD_DEPENDS+=			libtasn1>=3.8:security/libtasn1
RUN_DEPENDS+=			libtasn1>=3.8:security/libtasn1
# External Samba dependencies
# Needed for IDL compiler
BUILD_DEPENDS+=			p5-Parse-Yapp>=0:devel/p5-Parse-Yapp
# Libarchive
SAMBA4_BUNDLED_LIBS+=		!libarchive
BUILD_DEPENDS+=			libarchive>=3.1.2:archivers/libarchive
RUN_DEPENDS+=			libarchive>=3.1.2:archivers/libarchive

### Bundled libraries
SAMBA4_BUNDLED_CMOCKA?=		no
SAMBA4_BUNDLED_TALLOC?=		no
SAMBA4_BUNDLED_TEVENT?=		no
SAMBA4_BUNDLED_TDB?=		no
SAMBA4_BUNDLED_LDB?=		yes
# cmocka
.if defined(SAMBA4_BUNDLED_CMOCKA) && ${SAMBA4_BUNDLED_CMOCKA} == yes
SAMBA4_BUNDLED_LIBS+=		cmocka
CONFLICTS_INSTALL+=		cmocka-1.*
PLIST_SUB+=			SAMBA4_BUNDLED_CMOCKA=""
SUB_LIST+=			SAMBA4_BUNDLED_CMOCKA=""
.else
SAMBA4_BUNDLED_LIBS+=		!cmocka
BUILD_DEPENDS+=			cmocka>=1.1.3:sysutils/cmocka
TEST_DEPENDS+=			cmocka>=1.1.3:sysutils/cmocka
PLIST_SUB+=			SAMBA4_BUNDLED_CMOCKA="@comment "
SUB_LIST+=			SAMBA4_BUNDLED_CMOCKA="@comment "
.endif
# talloc
.if defined(SAMBA4_BUNDLED_TALLOC) && ${SAMBA4_BUNDLED_TALLOC} == yes
SAMBA4_BUNDLED_LIBS+=		talloc
CONFLICTS_INSTALL+=		talloc-* talloc1-*
PLIST_SUB+=			SAMBA4_BUNDLED_TALLOC=""
SUB_LIST+=			SAMBA4_BUNDLED_TALLOC=""
.else
SAMBA4_BUNDLED_LIBS+=		!talloc
BUILD_DEPENDS+=			talloc>=2.3.1:devel/talloc
RUN_DEPENDS+=			talloc>=2.3.1:devel/talloc
PLIST_SUB+=			SAMBA4_BUNDLED_TALLOC="@comment "
SUB_LIST+=			SAMBA4_BUNDLED_TALLOC="@comment "
.endif
# tevent
.if defined(SAMBA4_BUNDLED_TEVENT) && ${SAMBA4_BUNDLED_TEVENT} == yes
SAMBA4_BUNDLED_LIBS+=		tevent
CONFLICTS_INSTALL+=		tevent-* tevent1-*
PLIST_SUB+=			SAMBA4_BUNDLED_TEVENT=""
SUB_LIST+=			SAMBA4_BUNDLED_TEVENT=""
.else
SAMBA4_BUNDLED_LIBS+=		!tevent
BUILD_DEPENDS+=			tevent>=0.10.2:devel/tevent
RUN_DEPENDS+=			tevent>=0.10.2:devel/tevent
PLIST_SUB+=			SAMBA4_BUNDLED_TEVENT="@comment "
SUB_LIST+=			SAMBA4_BUNDLED_TEVENT="@comment "
.endif
# tdb
.if defined(SAMBA4_BUNDLED_TDB) && ${SAMBA4_BUNDLED_TDB} == yes
SAMBA4_BUNDLED_LIBS+=		tdb
CONFLICTS_INSTALL+=		tdb-* tdb1-*
PLIST_SUB+=			SAMBA4_BUNDLED_TDB=""
SUB_LIST+=			SAMBA4_BUNDLED_TDB=""
.else
SAMBA4_BUNDLED_LIBS+=		!tdb
BUILD_DEPENDS+=			tdb>=1.4.4:databases/tdb
RUN_DEPENDS+=			tdb>=1.4.4:databases/tdb
PLIST_SUB+=			SAMBA4_BUNDLED_TDB="@comment "
SUB_LIST+=			SAMBA4_BUNDLED_TDB="@comment "
.endif
# ldb
.if defined(SAMBA4_BUNDLED_LDB) && ${SAMBA4_BUNDLED_LDB} == yes
SAMBA4_BUNDLED_LDB=		yes
SAMBA4_BUNDLED_LIBS+=		ldb
PLIST_SUB+=			SAMBA4_BUNDLED_LDB=""
SUB_LIST+=			SAMBA4_BUNDLED_LDB=""
SAMBA4_MODULEDIR=		${SAMBA4_LIBDIR}/modules
.else
SAMBA4_BUNDLED_LIBS+=		!ldb
BUILD_DEPENDS+=			ldb22>=2.2.0:databases/ldb22
RUN_DEPENDS+=			ldb22>=2.2.0:databases/ldb22
PLIST_SUB+=			SAMBA4_BUNDLED_LDB="@comment "
SUB_LIST+=			SAMBA4_BUNDLED_LDB="@comment "
SAMBA4_MODULEDIR=		${PREFIX}/lib/shared-modules
.endif

.if (defined(SAMBA4_BUNDLED_TALLOC) && ${SAMBA4_BUNDLED_TALLOC} == yes) \
	|| (defined(SAMBA4_BUNDLED_TDB) && ${SAMBA4_BUNDLED_TDB} == yes) \
	|| (defined(SAMBA4_BUNDLED_LDB) && ${SAMBA4_BUNDLED_LDB} == yes) \
	|| (defined(SAMBA4_BUNDLED_TEVENT) && ${SAMBA4_BUNDLED_TEVENT} == yes)
SAMBA4_BUNDLED_LIBS+=		replace
.endif
# Don't use external libcom_err
SAMBA4_BUNDLED_LIBS+=		com_err
# Set the test environment variables
TEST_USES=			python
TEST_ENV+=			PYTHON="${PYTHON_CMD}" \
				SHA1SUM=/sbin/sha1 \
				SHA256SUM=/sbin/sha256 \
				MD5SUM=/sbin/md5 \
				PYTHONDONTWRITEBYTECODE=1

TEST_DEPENDS+=			bash:shells/bash \
				tshark:net/tshark
# External Python modules
TEST_BUILD_DEPENDS+=		${PYTHON_PKGNAMEPREFIX}iso8601>=0.1.11:devel/py-iso8601@${PY_FLAVOR}
TEST_RUN_DEPENDS+=		${PYTHON_PKGNAMEPREFIX}iso8601>=0.1.11:devel/py-iso8601@${PY_FLAVOR}
##############################################################################
CONFIGURE_ARGS+=		\
				--with-pam \
				--with-iconv \
				--with-winbind \
				--with-regedit \
				--disable-rpath \
				--without-lttng \
				--without-gettext \
				--enable-pthreadpool \
				--without-fake-kaserver \
				--without-systemd \
				--with-libarchive \
				--with-acl-support \
				--with-sendfile-support

#				--disable-ctdb-tests
#				${ICONV_CONFIGURE_BASE}

##############################################################################
FRUIT_PREVENTS=			ZEROCONF_NONE
FRUIT_PREVENTS_MSG=		MacOSX support requires Zeroconf(AVAHI or MDNSRESPONDER)
FRUIT_VARS=			SAMBA4_MODULES+=vfs_fruit
FRUIT_PLIST_FILES=		man/man8/vfs_fruit.8.gz

GLUSTERFS_CONFIGURE_ENABLE=	glusterfs
GLUSTERFS_LIB_DEPENDS=		libglusterfs.so:net/glusterfs
GLUSTERFS_VARS=			SAMBA4_MODULES+=vfs_glusterfs
GLUSTERFS_PLIST_FILES=		man/man8/vfs_glusterfs.8.gz

ZEROCONF_NONE_MAKE_ENV=		ZEROCONF=none
##############################################################################
AVAHI_CONFIGURE_ENABLE=		avahi
AVAHI_LIB_DEPENDS=		libavahi-client.so:net/avahi-app
AVAHI_VARS=			SAMBA4_SERVICES+=avahi_daemon

#MDNSRESPONDER_CONFIGURE_ENABLE=	dnssd
#MDNSRESPONDER_LIB_DEPENDS=	libdns_sd.so:net/mDNSResponder
#MDNSRESPONDER_VARS=		SAMBA4_SERVICES+=mdnsd
##############################################################################
BIND911_RUN_DEPENDS=		bind911>=9.11.0.0:dns/bind911
BIND916_RUN_DEPENDS=		bind916>=9.16.0.0:dns/bind916
NSUPDATE_RUN_DEPENDS=		samba-nsupdate:dns/samba-nsupdate
##############################################################################
MEMORY_DEBUG_IMPLIES=		DEBUG
MEMORY_DEBUG_CONFIGURE_ENV=	ADDITIONAL_CFLAGS="-DENABLE_JEMALLOC `pkg-config --cflags jemalloc`" ADDITIONAL_LDFLAGS="`pkg-config --libs jemalloc`"
MEMORY_DEBUG_LIB_DEPENDS=	libjemalloc.so.2:devel/jemalloc
# https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=194046
GDB_CMD?=			${LOCALBASE}/bin/gdb
# https://bugzilla.samba.org/show_bug.cgi?id=8969
PICKY_DEVELOPER_IMPLIES=	DEVELOPER
PICKY_DEVELOPER_CONFIGURE_ON=	--picky-developer

DEVELOPER_IMPLIES=
DEVELOPER_CONFIGURE_ON=		--enable-developer --enable-selftest --abi-check-disable
DEVELOPER_CONFIGURE_ENV=	WAF_CMD_FORMAT=string
DEVELOPER_RUN_DEPENDS=		${SAMBA4_LMDB_DEPENDS}
DEVELOPER_BUILD_DEPENDS=	${GDB_CMD}:devel/gdb \
				${SAMBA4_LMDB_DEPENDS}
DEVELOPER_TEST_DEPENDS=		${GDB_CMD}:devel/gdb
DEVELOPER_VARS_OFF=		GDB_CMD=true

##############################################################################
AD_DC_IMPLIES=			PYTHON3
AD_DC_CONFIGURE_OFF=		--without-ad-dc
AD_DC_BUILD_DEPENDS=		${SAMBA4_LMDB_DEPENDS}
AD_DC_RUN_DEPENDS=		${SAMBA4_LMDB_DEPENDS}
AD_DC_VARS=			PLIST+=${PKGDIR}/pkg-plist.ad_dc

ADS_IMPLIES=			LDAP
ADS_CONFIGURE_WITH=		ads
# ADS_CONFIGURE_WITH=		ads dnsupdate

CLUSTER_CONFIGURE_WITH=		cluster-support
CLUSTER_VARS=			PLIST+=${PKGDIR}/pkg-plist.cluster

CUPS_CONFIGURE_ENABLE=		cups iprint
CUPS_LIB_DEPENDS=		libcups.so:print/cups
# https://bugzilla.samba.org/show_bug.cgi?id=9545
FAM_USES=			fam
FAM_CONFIGURE_WITH=		fam

GPGME_CONFIGURE_WITH=		gpgme
GPGME_LIB_DEPENDS=		libgpgme.so:security/gpgme

GSSAPI_MIT_CONFIGURE_ON=	--with-system-mitkrb5 ${GSSAPIBASEDIR} \
				--with-system-mitkdc=${GSSAPIBASEDIR}/sbin/krb5kdc \
				--with-experimental-mit-ad-dc
GSSAPI_MIT_USES=		gssapi:mit

GSSAPI_HEIMDAL_CONFIGURE_ON=	--with-system-heimdalkrb5 ${GSSAPIBASEDIR}
GSSAPI_HEIMDAL_USES=		gssapi:heimdal
GSSAPI_HEIMDAL_PREVENTS=	AD_DC
GSSAPI_HEIMDAL_PREVENTS_MSG=	GSSAPI_HEIMDAL and AD_DC enable conflicting options

LDAP_CONFIGURE_WITH=		ldap
LDAP_CONFIGURE_ON=		--with-ldap
LDAP_USE=			OPENLDAP=yes
LDAP_VARS=			SAMBA4_MODULES+=idmap_ldap

LIBZFS_CONFIGURE_WITH=		libzfs
LIBZFS_VARS=			SAMBA4_MODULES+=vfs_zfs_space

MANDOC_BUILD_DEPENDS=		${LOCALBASE}/share/xsl/docbook/manpages/docbook.xsl:textproc/docbook-xsl \
				xsltproc:textproc/libxslt
MANDOC_CONFIGURE_ENV_OFF=	XSLTPROC="true"

PROFILE_CONFIGURE_WITH=		profiling-data

QUOTAS_CONFIGURE_WITH=		quotas

SPOTLIGHT_CONFIGURE_ENABLE=	spotlight
SPOTLIGHT_BUILD_DEPENDS=	tracker>=1.4.1:sysutils/tracker
SPOTLIGHT_RUN_DEPENDS=		tracker>=1.4.1:sysutils/tracker
# ICU
SPOTLIGHT_LIB_DEPENDS=		libicuuc.so:devel/icu
SPOTLIGHT_USES=			bison gnome
SPOTLIGHT_USE=			gnome=glib20

SYSLOG_CONFIGURE_WITH=		syslog

UTMP_CONFIGURE_WITH=		utmp

##############################################################################
.include <bsd.port.options.mk>
##############################################################################

.if !defined(WANT_EXP_MODULES) || empty(WANT_EXP_MODULES)
WANT_EXP_MODULES=		vfs_cacheprime
.endif

.if ${WANT_EXP_MODULES:Mvfs_snapper}
# snapper needs dbus
LIB_DEPENDS+=			libdbus-1.so:devel/dbus
LIB_DEPENDS+=			libdbus-glib-1.so:devel/dbus-glib
.endif

SAMBA4_MODULES+=		krb5_winbind_krb5_locator idmap_nss idmap_autorid \
				idmap_rid idmap_hash idmap_tdb idmap_tdb2 idmap_script \
				nss-info_hash
# List of extra modules taken from RHEL build
# https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=197320
.if ${PORT_OPTIONS:MADS}
SAMBA4_MODULES+=		idmap_ad idmap_rfc2307 nss-info_template \
				nss-info_rfc2307 nss-info_sfu nss-info_sfu20
.endif
# This kind of special for this distribution
# SAMBA4_MODULES+=		vfs_freebsd

SAMBA4_MODULES+=		vfs_acl_tdb vfs_acl_xattr vfs_aio_fork vfs_aio_pthread \
				vfs_audit vfs_cap vfs_catia vfs_commit vfs_crossrename \
				vfs_default_quota vfs_dirsort vfs_expand_msdfs \
				vfs_extd_audit vfs_fake_perms vfs_full_audit \
				vfs_linux_xfs_sgid vfs_media_harmony vfs_offline \
				vfs_preopen vfs_readahead vfs_readonly vfs_recycle \
				vfs_shadow_copy vfs_shadow_copy2 vfs_shell_snap \
				vfs_streams_depot vfs_streams_xattr vfs_syncops \
				vfs_time_audit vfs_unityed_media vfs_virusfilter \
				vfs_widelinks vfs_worm vfs_xattr_tdb vfs_zfsacl

.if ${PORT_OPTIONS:MDEVELOPER}
SAMBA4_MODULES+=		auth_skel pdb_test gpext_security gpext_registry \
				gpext_scripts perfcount_test vfs_fake_dfq \
				vfs_skel_opaque vfs_skel_transparent \
				vfs_shadow_copy_test vfs_fake_acls \
				vfs_nfs4acl_xattr vfs_error_inject vfs_delay_inject
.endif
# Python bindings
.if ! ${PORT_OPTIONS:MPYTHON3} || defined(NO_PYTHON)
USES+=				python:build,test
CONFIGURE_ARGS+=		--disable-python
.else
USES+=				python:3.6+
PLIST+=				${PKGDIR}/pkg-plist.python
# Don't cache Python modules
CONFIGURE_ARGS+=		--nopycache
MAKE_ENV+=			PYTHONDONTWRITEBYTECODE=1

.	if defined(SAMBA4_BUNDLED_TALLOC) && ${SAMBA4_BUNDLED_TALLOC} == yes
SAMBA4_BUNDLED_LIBS+=		pytalloc-util
.	else
SAMBA4_BUNDLED_LIBS+=		!pytalloc-util
.	endif

.	if defined(SAMBA4_BUNDLED_TEVENT) && ${SAMBA4_BUNDLED_TEVENT} == yes
SAMBA4_BUNDLED_LIBS+=		pytevent
.	else
SAMBA4_BUNDLED_LIBS+=		!pytevent
.	endif

.	if defined(SAMBA4_BUNDLED_TDB) && ${SAMBA4_BUNDLED_TDB} == yes
SAMBA4_BUNDLED_LIBS+=		pytdb
.	else
SAMBA4_BUNDLED_LIBS+=		!pytdb
.	endif

.	if defined(SAMBA4_BUNDLED_LDB) && ${SAMBA4_BUNDLED_LDB} == yes
SAMBA4_BUNDLED_LIBS+=		pyldb pyldb-util
.	else
SAMBA4_BUNDLED_LIBS+=		!pyldb !pyldb-util
.	endif
# samba-tool requires those for *upgrade
.	if ${PORT_OPTIONS:MAD_DC}
RUN_DEPENDS+=			${PYTHON_PKGNAMEPREFIX}dnspython>=1.15.0:dns/py-dnspython@${PY_FLAVOR}
RUN_DEPENDS+=			${PYTHON_PKGNAMEPREFIX}markdown>=2.6.11:textproc/py-markdown@${PY_FLAVOR}
.		if ${PORT_OPTIONS:MGPGME}
RUN_DEPENDS+=			${PYTHON_PKGNAMEPREFIX}gpgme>=1.14.0:security/py-gpgme@${PY_FLAVOR}
.		endif
.	endif
.endif

.if defined(WANT_EXP_MODULES) && !empty(WANT_EXP_MODULES)
SAMBA4_MODULES+=		${WANT_EXP_MODULES}
.endif

.if defined(SAMBA4_BUNDLED_LIBS) && !empty(SAMBA4_BUNDLED_LIBS)
CONFIGURE_ARGS+=		--bundled-libraries="${SAMBA4_BUNDLED_LIBS:Q:C|(\\\\ )+|,|g:S|\\||g}"
.endif

.if defined(SAMBA4_MODULES) && !empty(SAMBA4_MODULES)
CONFIGURE_ARGS+=		--with-shared-modules="${SAMBA4_MODULES:C|-|_|:Q:C|(\\\\ )+|,|g:S|\\||g}"
.endif
# XXX: Hack for nss-info_* -> nss_info/* modules
# Add selected modules to the plist
.for module in ${SAMBA4_MODULES}
PLIST_FILES+=			${SAMBA4_MODULEDIR}/${module:C|_|/|:C|-|_|}.so
.endfor

.for module_class in ${SAMBA4_MODULES_CLASS}
PLIST_DIRS+=			${SAMBA4_MODULEDIR}/${module_class}
.endfor
PLIST_DIRS+=			${SAMBA4_MODULEDIR}

.if defined(WITH_DEBUG)
CONFIGURE_ARGS+=		--verbose --enable-debug
MAKE_ARGS+=			--verbose
DEBUG_FLAGS?=			-g -ggdb3 -O0
.endif

##############################################################################
.include <bsd.port.pre.mk>
##############################################################################
# Implemented in the gcrypt on AMD64
.if ${ARCH} == "amd64"
CONFIGURE_ARGS+=		--accel-aes=intelaesni
.else
CONFIGURE_ARGS+=		--accel-aes=none
.endif

# Only for 64-bit architectures
.if ${ARCH} != armv6 && ${ARCH} != armv7 && ${ARCH} != i386 && ${ARCH} != mips && ${ARCH} != powerpc && ${ARCH} != powerpcspe
.	if defined(SAMBA4_BUNDLED_LDB) && ${SAMBA4_BUNDLED_LDB} == yes && (${PORT_OPTIONS:MAD_DC} || ${PORT_OPTIONS:MDEVELOPER})
# LMDB
SAMBA4_LMDB_DEPENDS=		lmdb>=0.9.16:databases/lmdb
PLIST_FILES+=			${SAMBA4_LIBDIR}/private/libldb-mdb-int-samba4.so \
				${SAMBA4_MODULEDIR}/ldb/mdb.so
.	endif
.endif

.if ${PORT_OPTIONS:MGSSAPI_MIT}
PLIST_FILES+=			${SAMBA4_MODULEDIR}/krb5/winbind_krb5_localauth.so \
				man/man8/winbind_krb5_localauth.8.gz
.	if ${PORT_OPTIONS:MAD_DC}
PLIST_FILES+=			${SAMBA4_LIBDIR}/krb5/plugins/kdb/samba.so
.	endif
.endif
# for libexecinfo: (so that __builtin_frame_address() finds the top of the stack)
CFLAGS_amd64+=			-fno-omit-frame-pointer
# No fancy color error messages
CONFIGURE_ENV+=			NOCOLOR=yes WAF_LOG_FORMAT='%(c1)s%(zone)s%(c2)s %(message)s'
MAKE_ENV+=			NOCOLOR=yes WAF_LOG_FORMAT='%(c1)s%(zone)s%(c2)s %(message)s'
.if ${CHOSEN_COMPILER_TYPE} == clang
CFLAGS+=			-fno-color-diagnostics
.endif
# Allow rpcgen to find proper CPP
MAKE_ENV+=			RPCGEN_CPP="${CPP}"
#.if ${readline_ARGS} == port
#CFLAGS+=			-D_FUNCTION_DEF
#.endif

# Make sure that the right version of Python is used by the tools
# https://bugzilla.samba.org/show_bug.cgi?id=7305
SHEBANG_FILES=			${PATCH_WRKSRC}/source4/scripting/bin/* ${PATCH_WRKSRC}/selftest/*

SAMBA4_SUB=			SAMBA4_LOGDIR="${SAMBA4_LOGDIR}" \
				SAMBA4_RUNDIR="${SAMBA4_RUNDIR}" \
				SAMBA4_LOCKDIR="${SAMBA4_LOCKDIR}" \
				SAMBA4_LIBDIR="${SAMBA4_LIBDIR}" \
				SAMBA4_MODULEDIR="${SAMBA4_MODULEDIR}" \
				SAMBA4_BINDDNSDIR="${SAMBA4_BINDDNSDIR}" \
				SAMBA4_PRIVATEDIR="${SAMBA4_PRIVATEDIR}" \
				SAMBA4_CONFDIR="${SAMBA4_CONFDIR}" \
				SAMBA4_CONFIG="${SAMBA4_CONFIG}" \
				SAMBA4_SERVICES="${SAMBA4_SERVICES}"

PLIST_SUB+=			${SAMBA4_SUB}
SUB_LIST+=			${SAMBA4_SUB}

USE_RC_SUBR=			samba_server
SUB_FILES=			pkg-message README.FreeBSD

PORTDOCS=			README.FreeBSD

post-extract:
				@${RM} -r ${WRKSRC}/pidl/lib/Parse/Yapp

post-patch:
				@${REINPLACE_CMD} -e 's|$${PKGCONFIGDIR}|${PKGCONFIGDIR}|g' \
					${PATCH_WRKSRC}/buildtools/wafsamba/pkgconfig.py
				@${REINPLACE_CMD} -e 's|%%LOCALBASE%%|${LOCALBASE}|g' \
					${PATCH_WRKSRC}/buildtools/wafsamba/wafsamba.py
				@${REINPLACE_CMD} -e 's|%%GDB_CMD%%|${GDB_CMD}|g' \
					${PATCH_WRKSRC}/buildtools/scripts/abi_gen.sh
				@${REINPLACE_CMD} -e 's|%%SAMBA4_CONFIG%%|${SAMBA4_CONFIG}|g' \
					${PATCH_WRKSRC}/dynconfig/wscript

# Use threading (or multiprocessing) but not thread (renamed in python 3+).
pre-configure:
.if (!${PORT_OPTIONS:MPYTHON3} || defined(NO_PYTHON)) && ${PORT_OPTIONS:MAD_DC}
				@${ECHO_CMD}; \
				${ECHO_MSG} "===>  AD_DC option requires PYTHON3 to be set"; \
				${ECHO_CMD}; \
				${FALSE}
.endif
				@if ! ${PYTHON_CMD} -c "import multiprocessing;" 2>/dev/null; then \
					${ECHO_CMD}; \
					${ECHO_MSG} "===>  ${PKGNAME} "${IGNORE_NONTHREAD_PYTHON:Q}.; \
					${ECHO_CMD}; \
					${FALSE}; \
				fi

pre-build-MANDOC-off:
				${MKDIR} ${BUILD_WRKSRC}/bin/default/docs-xml/
				${CP} -rp ${BUILD_WRKSRC}/docs/manpages ${BUILD_WRKSRC}/bin/default/docs-xml/
.for man in			libcli/nbt/man/nmblookup4.1 \
				librpc/tools/ndrdump.1 \
				source4/lib/registry/man/regdiff.1 \
				source4/lib/registry/man/regpatch.1 \
				source4/lib/registry/man/regshell.1 \
				source4/lib/registry/man/regtree.1 \
				source4/scripting/man/samba-gpupdate.8 \
				source4/torture/man/gentest.1 \
				source4/torture/man/locktest.1 \
				source4/torture/man/masktest.1 \
				source4/torture/man/smbtorture.1 \
				source4/utils/man/ntlm_auth4.1 \
				source4/utils/oLschema2ldif/oLschema2ldif.1 \
				lib/tdb/man/tdbdump.8 \
				lib/tdb/man/tdbbackup.8 \
				lib/tdb/man/tdbtool.8 \
				lib/talloc/man/talloc.3 \
				lib/tdb/man/tdbrestore.8 \
				lib/ldb/man/ldbadd.1 \
				lib/ldb/man/ldbsearch.1 \
				lib/ldb/man/ldbmodify.1 \
				lib/ldb/man/ldbrename.1 \
				lib/ldb/man/ldbdel.1 \
				lib/ldb/man/ldbedit.1 \
				docs-xml/manpages/vfs_freebsd.8
					${MKDIR} `dirname ${BUILD_WRKSRC}/bin/default/${man}`
					${INSTALL_MAN} ${FILESDIR}/man/`basename ${man}` ${BUILD_WRKSRC}/bin/default/${man}
.endfor
.if ${PORT_OPTIONS:MCLUSTER}
				${MKDIR} ${BUILD_WRKSRC}/bin/default/ctdb/
.	for man in		ctdb_diagnostics.1 ctdb.1 ctdbd_wrapper.1 ctdbd.1 ltdbtool.1 onnode.1 ping_pong.1 \
				ctdb.conf.5 ctdb.sysconfig.5 ctdb-script.options.5 \
				ctdb.7 ctdb-statistics.7 ctdb-tunables.7
					${INSTALL_MAN} ${FILESDIR}/man/${man} ${BUILD_WRKSRC}/bin/default/ctdb/
.	endfor
.endif

post-install-rm-junk:
				${RM} -r ${STAGEDIR}${PYTHON_SITELIBDIR}/samba/third_party
				${FIND} ${STAGEDIR}${PYTHON_SITELIBDIR} -name __pycache__ \
					-type d -print0 | ${XARGS} -0 -n 1 -t ${RM} -r

post-install-fix-manpages:
.for f in vfs_aio_linux.8 vfs_btrfs.8 vfs_ceph.8 vfs_gpfs.8
				${RM} ${STAGEDIR}${PREFIX}/man/man8/${f}
.endfor
.if defined(SAMBA4_BUNDLED_LDB) && ${SAMBA4_BUNDLED_LDB} == yes
.	for f in ldbadd.1 ldbdel.1 ldbedit.1 ldbmodify.1 ldbrename.1 ldbsearch.1
				${MV} ${STAGEDIR}${PREFIX}/man/man1/${f} ${STAGEDIR}${PREFIX}/man/man1/samba-${f}
.	endfor
.endif
.if defined(SAMBA4_BUNDLED_TDB) && ${SAMBA4_BUNDLED_TDB} == yes
.	for f in tdbbackup.8 tdbdump.8 tdbrestore.8 tdbtool.8
				${MV} ${STAGEDIR}${PREFIX}/man/man8/${f} ${STAGEDIR}${PREFIX}/man/man8/samba-${f}
.	endfor
.endif

post-install: post-install-rm-junk post-install-fix-manpages
				${LN} -sf smb.conf.5.gz ${STAGEDIR}${PREFIX}/man/man5/smb4.conf.5.gz
# Run post-install script
.for dir in			${SAMBA4_LOGDIR} ${SAMBA4_RUNDIR} ${SAMBA4_LOCKDIR} ${SAMBA4_MODULEDIR}
					${INSTALL} -d -m 0755 "${STAGEDIR}${dir}"
.endfor
				${INSTALL} -d -m 0750 "${STAGEDIR}${SAMBA4_BINDDNSDIR}"
				${INSTALL} -d -m 0750 "${STAGEDIR}${SAMBA4_PRIVATEDIR}"
.for module_class in			${SAMBA4_MODULES_CLASS}
					${INSTALL} -d -m 0755 "${STAGEDIR}${SAMBA4_MODULEDIR}/${module_class}"
.endfor
.if !defined(WITH_DEBUG)
				-${FIND} ${STAGEDIR}${PREFIX}/bin ${STAGEDIR}${PREFIX}/sbin ${STAGEDIR}${PREFIX}/libexec \
					-type f -print0 | ${XARGS} -0 -n 1 -t ${STRIP_CMD}
				-${FIND} ${STAGEDIR}${PREFIX}/lib -name '*.so*' \
					-type f -print0 | ${XARGS} -0 -n 1 -t ${STRIP_CMD}
.endif

post-install-FRUIT-off:
				${RM} ${STAGEDIR}${SAMBA4_MODULEDIR}/vfs/fruit.so
				${RM} ${STAGEDIR}${PREFIX}/man/man8/vfs_fruit.8

post-install-DOCS-on:
				${MKDIR} ${STAGEDIR}${DOCSDIR}
.for doc in			${PORTDOCS}
				${INSTALL_DATA} ${WRKDIR}/${doc} ${STAGEDIR}${DOCSDIR}
.endfor

post-install-CLUSTER-on:
				${LN} -nfs ../../../../share/ctdb/events/legacy/00.ctdb.script		${STAGEDIR}${PREFIX}/etc/ctdb/events/legacy/00.ctdb.script
				${LN} -nfs ../../../../share/ctdb/events/legacy/10.interface.script	${STAGEDIR}${PREFIX}/etc/ctdb/events/legacy/10.interface.script
				${LN} -nfs ../../../../share/ctdb/events/legacy/05.system.script	${STAGEDIR}${PREFIX}/etc/ctdb/events/legacy/05.system.script
				${LN} -nfs ../../../../share/ctdb/events/legacy/01.reclock.script	${STAGEDIR}${PREFIX}/etc/ctdb/events/legacy/01.reclock.script

.include <bsd.port.post.mk>

Added Link Here

(-)b/net/samba415/distinfo (+3 lines)
1	TIMESTAMP = 1655906020
2	SHA256 (samba-4.15.7.tar.gz) = 76d0096c16ed0265b337d5731f3c0b32eed3adab6fa8b7585c055b287cd05d6b
3	SIZE (samba-4.15.7.tar.gz) = 19290930




From 2664c997587416a2c8c911a75158485a5c98b70b Mon Sep 17 00:00:00 2001
From: John Hixon <john@ixsystems.com>
Date: Sat, 20 May 2017 04:39:37 +0200
Subject: [PATCH] Zfs provision (#1)

Cherry-pick ZFS provisioning code by iXsystems Inc.

* Check if sysvol is on filesystem with NFSv4 ACL's
(cherry picked from commit ca86f52b78a7b6e7537454a69cf93e7b96210cba)

* Only check targetdir if it is defined (I had assumed it was)
(cherry picked from commit a29050cb2978ce23e3c04a859340dc2664c77a8a)

* Kick samba a little bit into understanding NFSv4 ACL's
(cherry picked from commit 1c7542ff4904b729e311e17464ee76582760c219)

Signed-off-by: Timur I. Bakeyev <timur@iXsystems.com>
---
 python/samba/provision/__init__.py |  25 ++++--
 source3/lib/sysacls.c              |  10 +++
 source3/param/loadparm.c           |   7 ++
 source3/smbd/pysmbd.c              | 156 ++++++++++++++++++++++++++++++++++++-
 4 files changed, 191 insertions(+), 7 deletions(-)

diff --git a/python/samba/provision/__init__.py b/python/samba/provision/__init__.py
index 5de986463a5..cd3b91f41b9 100644
--- a/python/samba/provision/__init__.py
+++ b/python/samba/provision/__init__.py
@@ -1695,19 +1695,25 @@ def setsysvolacl(samdb, netlogon, sysvol, uid, gid, do
         s3conf = s3param.get_context()
         s3conf.load(lp.configfile)

-        file = tempfile.NamedTemporaryFile(dir=os.path.abspath(sysvol))
+        sysvol_dir = os.path.abspath(sysvol)
+
+        set_simple_acl = smbd.set_simple_acl
+        if smbd.has_nfsv4_acls(sysvol_dir):
+            set_simple_acl = smbd.set_simple_nfsv4_acl
+
+        file = tempfile.NamedTemporaryFile(dir=sysvol_dir)
         try:
             try:
-                smbd.set_simple_acl(file.name, 0o755, system_session_unix(), gid)
+                set_simple_acl(file.name, 0o755, system_session_unix(), gid)
             except OSError:
-                if not smbd.have_posix_acls():
+                if not smbd.have_posix_acls() and not smbd.have_nfsv4_acls():
                     # This clue is only strictly correct for RPM and
                     # Debian-like Linux systems, but hopefully other users
                     # will get enough clue from it.
-                    raise ProvisioningError("Samba was compiled without the posix ACL support that s3fs requires.  "
+                    raise ProvisioningError("Samba was compiled without the ACL support that s3fs requires.  "
                                             "Try installing libacl1-dev or libacl-devel, then re-run configure and make.")

-                raise ProvisioningError("Your filesystem or build does not support posix ACLs, which s3fs requires.  "
+                raise ProvisioningError("Your filesystem or build does not support ACLs, which s3fs requires.  "
                                         "Try the mounting the filesystem with the 'acl' option.")
             try:
                 smbd.chown(file.name, uid, gid, system_session_unix())
@@ -1984,6 +1990,9 @@ def provision_fill(samdb, secrets_ldb, logger, names,
         samdb.transaction_commit()

     if serverrole == "active directory domain controller":
+        if targetdir and smbd.have_nfsv4_acls() and smbd.has_nfsv4_acls(targetdir):
+            smbd.set_nfsv4_defaults()
+
         # Continue setting up sysvol for GPO. This appears to require being
         # outside a transaction.
         if not skip_sysvolacl:
@@ -2340,6 +2349,9 @@ def provision(logger, session_info, smbconf=None,

             if not os.path.isdir(paths.netlogon):
                 os.makedirs(paths.netlogon, 0o755)
+
+            if smbd.have_nfsv4_acls() and smbd.has_nfsv4_acls(paths.sysvol):
+                smbd.set_nfsv4_defaults()

         if adminpass is None:
             adminpass = samba.generate_random_password(12, 32)
diff --git a/source3/lib/sysacls.c b/source3/lib/sysacls.c
index 0bf3c37edfa..786cd39b5bc 100644
--- a/source3/lib/sysacls.c
+++ b/source3/lib/sysacls.c
@@ -38,6 +38,16 @@
 #include "modules/vfs_hpuxacl.h"
 #endif

+/*
+ * NFSv4 ACL's should be understood and a first class citizen. Work
+ * needs to be done in librpc/idl/smb_acl.idl for this to occur.
+ */
+#if defined(HAVE_LIBSUNACL) && defined(FREEBSD)
+#if 0
+#include "modules/nfs4_acls.h"
+#endif
+#endif
+
 #undef  DBGC_CLASS
 #define DBGC_CLASS DBGC_ACLS

diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index a2fcc4246c9..4b676897fc1 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -2801,9 +2801,29 @@ static void init_locals(void)
		} else {
			if (lp_parm_const_string(-1, "xattr_tdb", "file", NULL)) {
				lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr xattr_tdb");
+			/*
+			 * By default, the samba sysvol is located in the statedir. Provisioning will fail in setntacl
+			 * unless we have zfacl enabled. Unfortunately, at this point the smb.conf has not been generated.
+			 * This workaround is freebsd-specific.
+			 */
+#if defined(_PC_ACL_EXTENDED)
+			} else if (pathconf(lp_state_directory(), _PC_ACL_EXTENDED) == 1) {
+				lp_do_parameter(-1, "vfs objects", "dfs_samba4 freebsd");
+#endif
+#if defined(_PC_ACL_NFS4)
+			} else if (pathconf(lp_state_directory(), _PC_ACL_NFS4) == 1) {
+				lp_do_parameter(-1, "vfs objects", "dfs_samba4 zfsacl");
+#endif
			} else if (lp_parm_const_string(-1, "posix", "eadb", NULL)) {
				lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr posix_eadb");
			} else {
+				/*
+				 * This should only set dfs_samba4 and leave acl_xattr
+				 * to be set later (or zfsacl). The only reason the decision
+				 * can't be made here to load acl_xattr or zfsacl is
+				 * that we don't have access to what the target
+				 * directory is.
+				 */
				lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr");
			}
		}
diff --git a/source3/smbd/pysmbd.c b/source3/smbd/pysmbd.c
index 63fc5d68c33..f5a536ee186 100644
--- a/source3/smbd/pysmbd.c
+++ b/source3/smbd/pysmbd.c
@@ -419,6 +419,20 @@ static SMB_ACL_T make_simple_acl(TALLOC_CTX *mem_ctx,
	return acl;
 }

+static SMB_ACL_T make_simple_nfsv4_acl(TALLOC_CTX *mem_ctx,
+					gid_t gid,
+					mode_t chmod_mode)
+{
+	/*
+	 * This function needs to create an NFSv4 ACL. Currently, the only way
+	 * to do so is to use the operating system interface, or to use the
+	 * functions in source3/modules/nfs4_acls.c. These seems ugly and
+	 * hacky. NFSv4 ACL's should be a first class citizen and
+	 * librpc/idl/smb_acl.idl should be modified accordingly.
+	 */
+	return NULL;
+}
+
 /*
   set a simple ACL on a file, as a test
  */
@@ -491,7 +505,85 @@ static PyObject *py_smbd_set_simple_acl(PyObject *self
	Py_RETURN_NONE;
 }

+
 /*
+  set a simple NFSv4 ACL on a file, as a test
+ */
+static PyObject *py_smbd_set_simple_nfsv4_acl(PyObject *self, PyObject *args, PyObject *kwargs)
+{
+	const char * const kwnames[] = {
+		"fname",
+		"mode",
+		"session_info",
+		"gid",
+		"service",
+		NULL
+	};
+	char *fname, *service = NULL;
+	PyObject *py_session = Py_None;
+	struct auth_session_info *session_info = NULL;
+	int ret;
+	int mode, gid = -1;
+	SMB_ACL_T acl;
+	TALLOC_CTX *frame;
+	connection_struct *conn;
+
+	if (!PyArg_ParseTupleAndKeywords(args, kwargs, "siO|iz",
+					 discard_const_p(char *, kwnames),
+					 &fname,
+					 &mode,
+					 &py_session,
+					 &gid,
+					 &service))
+		return NULL;
+
+	if (!py_check_dcerpc_type(py_session,
+				  "samba.dcerpc.auth",
+				  "session_info")) {
+		return NULL;
+	}
+	session_info = pytalloc_get_type(py_session,
+					 struct auth_session_info);
+	if (session_info == NULL) {
+		PyErr_Format(PyExc_TypeError,
+			     "Expected auth_session_info for session_info argument got %s",
+			     pytalloc_get_name(py_session));
+		return NULL;
+	}
+
+	frame = talloc_stackframe();
+
+	acl = make_simple_nfsv4_acl(frame, gid, mode);
+	if (acl == NULL) {
+		TALLOC_FREE(frame);
+		Py_RETURN_NONE;
+	}
+
+	conn = get_conn_tos(service, session_info);
+	if (!conn) {
+		TALLOC_FREE(frame);
+		Py_RETURN_NONE;
+	}
+
+	/*
+	 * SMB_ACL_TYPE_ACCESS -> ACL_TYPE_ACCESS -> Not valid for NFSv4 ACL
+	 */
+	ret = 0;
+
+	/* ret = set_sys_acl_conn(fname, SMB_ACL_TYPE_ACCESS, acl, conn); */
+
+	if (ret != 0) {
+		TALLOC_FREE(frame);
+		errno = ret;
+		return PyErr_SetFromErrno(PyExc_OSError);
+	}
+
+	TALLOC_FREE(frame);
+
+	Py_RETURN_NONE;
+}
+
+/*
   chown a file
  */
 static PyObject *py_smbd_chown(PyObject *self, PyObject *args, PyObject *kwargs)
@@ -665,7 +757,7 @@ static PyObject *py_smbd_unlink(PyObject *self, PyObje
 }

 /*
-  check if we have ACL support
+  check if we have POSIX.1e ACL support
  */
 static PyObject *py_smbd_have_posix_acls(PyObject *self,
		PyObject *Py_UNUSED(ignored))
@@ -677,7 +769,84 @@ static PyObject *py_smbd_have_posix_acls(PyObject *sel
 #endif
 }

+static PyObject *py_smbd_has_posix_acls(PyObject *self, PyObject *args, PyObject *kwargs)
+{
+	const char * const kwnames[] = { "path", NULL };
+	char *path = NULL;
+	TALLOC_CTX *frame;
+	struct statfs fs;
+	int ret = false;
+
+	frame = talloc_stackframe();
+
+	if (!PyArg_ParseTupleAndKeywords(args, kwargs, "s|z",
+					 discard_const_p(char *, kwnames), &path)) {
+		TALLOC_FREE(frame);
+		return NULL;
+	}
+
+	if (statfs(path, &fs) != 0) {
+		TALLOC_FREE(frame);
+		return NULL;
+	}
+
+	if (fs.f_flags & MNT_ACLS)
+		ret = true;
+
+	TALLOC_FREE(frame);
+	return PyBool_FromLong(ret);
+}
+
 /*
+  check if we have NFSv4 ACL support
+ */
+static PyObject *py_smbd_have_nfsv4_acls(PyObject *self)
+{
+#ifdef HAVE_LIBSUNACL
+	return PyBool_FromLong(true);
+#else
+	return PyBool_FromLong(false);
+#endif
+}
+
+static PyObject *py_smbd_has_nfsv4_acls(PyObject *self, PyObject *args, PyObject *kwargs)
+{
+	const char * const kwnames[] = { "path", NULL };
+	char *path = NULL;
+	TALLOC_CTX *frame;
+	struct statfs fs;
+	int ret = false;
+
+	frame = talloc_stackframe();
+
+	if (!PyArg_ParseTupleAndKeywords(args, kwargs, "s|z",
+					 discard_const_p(char *, kwnames), &path)) {
+		TALLOC_FREE(frame);
+		return NULL;
+	}
+
+	if (statfs(path, &fs) != 0) {
+		TALLOC_FREE(frame);
+		return NULL;
+	}
+
+	if (fs.f_flags & MNT_NFS4ACLS)
+		ret = true;
+
+	TALLOC_FREE(frame);
+	return PyBool_FromLong(ret);
+}
+
+
+static PyObject *py_smbd_set_nfsv4_defaults(PyObject *self)
+{
+	/*
+	 * It is really be done in source3/param/loadparm.c
+	 */
+	Py_RETURN_NONE;
+}
+
+/*
   set the NT ACL on a file
  */
 static PyObject *py_smbd_set_nt_acl(PyObject *self, PyObject *args, PyObject *kwargs)
@@ -1124,8 +1296,26 @@ static PyMethodDef py_smbd_methods[] = {
	{ "have_posix_acls",
		(PyCFunction)py_smbd_have_posix_acls, METH_NOARGS,
		NULL },
+	{ "has_posix_acls",
+		PY_DISCARD_FUNC_SIG(PyCFunction, py_smbd_has_posix_acls),
+		METH_VARARGS|METH_KEYWORDS,
+		NULL },
+	{ "have_nfsv4_acls",
+		(PyCFunction)py_smbd_have_nfsv4_acls, METH_NOARGS,
+		NULL },
+	{ "has_nfsv4_acls",
+		PY_DISCARD_FUNC_SIG(PyCFunction, py_smbd_has_nfsv4_acls),
+		METH_VARARGS|METH_KEYWORDS,
+		NULL },
+	{ "set_nfsv4_defaults",
+		(PyCFunction)py_smbd_set_nfsv4_defaults, METH_NOARGS,
+		NULL },
	{ "set_simple_acl",
		PY_DISCARD_FUNC_SIG(PyCFunction, py_smbd_set_simple_acl),
+		METH_VARARGS|METH_KEYWORDS,
+		NULL },
+	{ "set_simple_nfsv4_acl",
+		PY_DISCARD_FUNC_SIG(PyCFunction, py_smbd_set_simple_nfsv4_acl),
		METH_VARARGS|METH_KEYWORDS,
		NULL },
	{ "set_nt_acl",
--
2.14.2





              !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
              !!! Please read before runing any tools !!!
              !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Documentation
=============

    o https://wiki.samba.org/index.php/Samba4/HOWTO

    o https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO

    o https://wiki.samba.org/index.php/Samba4/samba-tool/domain/classicupgrade/HOWTO

FreeBSD specific information
============================

* Your configuration is in: %%SAMBA4_CONFDIR%%/%%SAMBA4_CONFIG%%

* All the logs are under: %%SAMBA4_LOGDIR%%

* All the relevant databases are under: %%SAMBA4_LOCKDIR%%

* Provisioning script is: %%PREFIX%%/bin/samba-tool

Samba4 provisioning requires file system(s) with the ACLs support. On
UFS2 you need to enable POSIX ACLs by adding 'acls' option to the mount
flags, on ZFS you need to use NFSv4 ACLs and `zfsacl` VFS module to get
provisioning work.

There is a hack in the code, that makes provisioning work on UFS2 and in
the jails on the price of using USER extattr(2) namespace, which is less
secure than SYSTEM namespace, as can be edited not only by root user, but
also by the owner of the file.

For the provisioning on ZFS you need to use additional parameters to the
samba-tool, that would explicitly add `zfsacl` to the default `vfs objects`:

    # samba-tool domain provision --interactive \
            --option="vfs objects"="dfs_samba4 zfsacl"

To run this port you need to perform the following steps:
---------------------------------------------------------

0. If you had Samba3 port installed before, please, *take backups* of
all the relevant files. That includes 'smb.conf' file and all the
content of the '/var/db/samba/' directory.

1a. Create new '%%SAMBA4_CONFDIR%%/%%SAMBA4_CONFIG%%' file by running:

    # samba-tool domain provision

1b. Or upgrade from the Samba3 'smb.conf' file by running:

    # samba-tool domain classicupgrade

%%NSUPDATE%%1c. You will need to specify location of the 'nsupdate' command in the
%%NSUPDATE%%'%%SAMBA4_CONFIG%%' file:
%%NSUPDATE%%
%%NSUPDATE%%      nsupdate command = %%PREFIX%%/bin/samba-nsupdate -g
%%NSUPDATE%%
2. Put string 'samba_server_enable="YES"' into your /etc/rc.conf.

3. Make sure that your server doesn't run Samba3, OpenLDAP and named.
Stop them, if necessary.

4. Run '%%PREFIX%%/etc/rc.d/samba_server start' or reboot.

Please, check archives of samba@lists.samba.org and ask there for help,
if necessary:

    https://lists.samba.org/archive/samba/

In case you found a bug which is clearly not related to the port build
process itself, plese file a bug report at:

    https://bugzilla.samba.org/

And add me to CC list.

You may find those tools helpful:
---------------------------------

Microsoft Remote Server Administration Tools (RSAT) for:

* Vista: http://www.microsoft.com/en-us/download/details.aspx?id=21090
* Windows 7: http://www.microsoft.com/en-us/download/details.aspx?id=7887


FreeBSD Samba4 port maintainer: Timur I. Bakeyev <timur@FreeBSD.org>




--- python/samba/provision/sambadns.py.orig	2020-11-03 14:33:19 UTC
+++ python/samba/provision/sambadns.py
@@ -27,6 +27,7 @@ import time
 import ldb
 from base64 import b64encode
 import subprocess
+import re
 import samba
 from samba.tdb_util import tdb_copy
 from samba.mdb_util import mdb_copy
@@ -957,47 +958,38 @@ def create_named_conf(paths, realm, dnsdomain, dns_bac
                                      stderr=subprocess.STDOUT,
                                      cwd='.').communicate()[0]
         bind_info = get_string(bind_info)
-        bind9_8 = '#'
-        bind9_9 = '#'
-        bind9_10 = '#'
-        bind9_11 = '#'
-        bind9_12 = '#'
-        bind9_14 = '#'
-        bind9_16 = '#'
-        if bind_info.upper().find('BIND 9.8') != -1:
-            bind9_8 = ''
-        elif bind_info.upper().find('BIND 9.9') != -1:
-            bind9_9 = ''
-        elif bind_info.upper().find('BIND 9.10') != -1:
-            bind9_10 = ''
-        elif bind_info.upper().find('BIND 9.11') != -1:
-            bind9_11 = ''
-        elif bind_info.upper().find('BIND 9.12') != -1:
-            bind9_12 = ''
-        elif bind_info.upper().find('BIND 9.14') != -1:
-            bind9_14 = ''
-        elif bind_info.upper().find('BIND 9.16') != -1:
-            bind9_16 = ''
-        elif bind_info.upper().find('BIND 9.7') != -1:
-            raise ProvisioningError("DLZ option incompatible with BIND 9.7.")
-        elif bind_info.upper().find('BIND_9.13') != -1:
-            raise ProvisioningError("Only stable/esv releases of BIND are supported.")
-        elif bind_info.upper().find('BIND_9.15') != -1:
-            raise ProvisioningError("Only stable/esv releases of BIND are supported.")
-        elif bind_info.upper().find('BIND_9.17') != -1:
-            raise ProvisioningError("Only stable/esv releases of BIND are supported.")
+
+        bind9_release = re.search('BIND (9)\.(\d+)\.', bind_info, re.I)
+        if bind9_release:
+            bind9_disabled = ''
+            bind9_version = bind9_release.group(0) + "x"
+            bind9_version_major = int(bind9_release.group(1))
+            bind9_version_minor = int(bind9_release.group(2))
+            if bind9_version_minor == 7:
+                raise ProvisioningError("DLZ option incompatible with BIND 9.7.")
+            elif bind9_version_minor == 8:
+                bind9_dlz_version = "9"
+            elif bind9_version_minor in [13, 15, 17]:
+                raise ProvisioningError("Only stable/esv releases of BIND are supported.")
+            else:
+                bind9_dlz_version = "%d_%d" % (bind9_version_major, bind9_version_minor)
         else:
+            bind9_disabled = '# '
+            bind9_version = "BIND z.y.x"
+            bind9_dlz_version = "z_y"
             logger.warning("BIND version unknown, please modify %s manually." % paths.namedconf)
+
+        bind9_dlz = (
+            '    # For %s\n'
+            '    %sdatabase "dlopen %s/bind9/dlz_bind%s.so";'
+        ) % (
+            bind9_version, bind9_disabled, samba.param.modules_dir(), bind9_dlz_version
+        )
+
         setup_file(setup_path("named.conf.dlz"), paths.namedconf, {
                     "NAMED_CONF": paths.namedconf,
                     "MODULESDIR": samba.param.modules_dir(),
-                    "BIND9_8": bind9_8,
-                    "BIND9_9": bind9_9,
-                    "BIND9_10": bind9_10,
-                    "BIND9_11": bind9_11,
-                    "BIND9_12": bind9_12,
-                    "BIND9_14": bind9_14,
-                    "BIND9_16": bind9_16
+                    "BIND9_DLZ": bind9_dlz
                     })


--- source4/dns_server/dlz_minimal.h.orig	2019-12-06 10:10:30 UTC
+++ source4/dns_server/dlz_minimal.h
@@ -26,32 +26,31 @@
 #include <stdint.h>
 #include <stdbool.h>

-#if defined (BIND_VERSION_9_8)
-# define DLZ_DLOPEN_VERSION 1
-#elif defined (BIND_VERSION_9_9)
-# define DLZ_DLOPEN_VERSION 2
-# define DNS_CLIENTINFO_VERSION 1
-# define ISC_BOOLEAN_AS_BOOL 0
-#elif defined (BIND_VERSION_9_10)
-# define DLZ_DLOPEN_VERSION 3
-# define DNS_CLIENTINFO_VERSION 1
-# define ISC_BOOLEAN_AS_BOOL 0
-#elif defined (BIND_VERSION_9_11)
-# define DLZ_DLOPEN_VERSION 3
-# define DNS_CLIENTINFO_VERSION 2
-# define ISC_BOOLEAN_AS_BOOL 0
-#elif defined (BIND_VERSION_9_12)
-# define DLZ_DLOPEN_VERSION 3
-# define DNS_CLIENTINFO_VERSION 2
-# define ISC_BOOLEAN_AS_BOOL 0
-#elif defined (BIND_VERSION_9_14)
-# define DLZ_DLOPEN_VERSION 3
-# define DNS_CLIENTINFO_VERSION 2
-#elif defined (BIND_VERSION_9_16)
-# define DLZ_DLOPEN_VERSION 3
-# define DNS_CLIENTINFO_VERSION 2
+#if defined (BIND_VERSION)
+# if BIND_VERSION == 908
+#  define DLZ_DLOPEN_VERSION 1
+# elif BIND_VERSION == 909
+#  define DLZ_DLOPEN_VERSION 2
+#  define DNS_CLIENTINFO_VERSION 1
+#  define ISC_BOOLEAN_AS_BOOL 0
+# elif BIND_VERSION == 910
+#  define DLZ_DLOPEN_VERSION 3
+#  define DNS_CLIENTINFO_VERSION 1
+#  define ISC_BOOLEAN_AS_BOOL 0
+# elif BIND_VERSION == 911 || BIND_VERSION == 912
+#  define DLZ_DLOPEN_VERSION 3
+#  define DNS_CLIENTINFO_VERSION 2
+#  define ISC_BOOLEAN_AS_BOOL 0
+# elif BIND_VERSION >= 914
+#  define DLZ_DLOPEN_VERSION 3
+#  define DNS_CLIENTINFO_VERSION 2
+#  define ISC_BOOLEAN_AS_BOOL 1
+# else
+#  error Unsupported BIND version
+# endif
 #else
 # error Unsupported BIND version
+# error BIND_VERSION undefined
 #endif

 #ifndef ISC_BOOLEAN_AS_BOOL
--- source4/dns_server/wscript_build.orig	2019-12-06 10:11:08 UTC
+++ source4/dns_server/wscript_build
@@ -20,7 +20,7 @@ bld.SAMBA_MODULE('service_dns',
 # a bind9 dlz module giving access to the Samba DNS SAM
 bld.SAMBA_LIBRARY('dlz_bind9',
                   source='dlz_bind9.c',
-                  cflags='-DBIND_VERSION_9_8',
+                  cflags='-DBIND_VERSION=908',
                   private_library=True,
                   link_name='modules/bind9/dlz_bind9.so',
                   realname='dlz_bind9.so',
@@ -28,69 +28,21 @@ bld.SAMBA_LIBRARY('dlz_bind9',
                   deps='samba-hostconfig samdb-common gensec popt dnsserver_common',
                   enabled=bld.AD_DC_BUILD_IS_ENABLED())

-bld.SAMBA_LIBRARY('dlz_bind9_9',
+for bind_version in (909, 910, 911, 912, 914, 916):
+    string_version='%d_%d' % (bind_version//100, bind_version % 100)
+    bld.SAMBA_LIBRARY('dlz_bind%s' % (string_version),
                   source='dlz_bind9.c',
-                  cflags='-DBIND_VERSION_9_9',
+                  cflags='-DBIND_VERSION=%d' % bind_version,
                   private_library=True,
-                  link_name='modules/bind9/dlz_bind9_9.so',
-                  realname='dlz_bind9_9.so',
+                  link_name='modules/bind9/dlz_bind%s.so' % (string_version),
+                  realname='dlz_bind%s.so' % (string_version),
                   install_path='${MODULESDIR}/bind9',
                   deps='samba-hostconfig samdb-common gensec popt dnsserver_common',
                   enabled=bld.AD_DC_BUILD_IS_ENABLED())

-bld.SAMBA_LIBRARY('dlz_bind9_10',
-                  source='dlz_bind9.c',
-                  cflags='-DBIND_VERSION_9_10',
-                  private_library=True,
-                  link_name='modules/bind9/dlz_bind9_10.so',
-                  realname='dlz_bind9_10.so',
-                  install_path='${MODULESDIR}/bind9',
-                  deps='samba-hostconfig samdb-common gensec popt dnsserver_common',
-                  enabled=bld.AD_DC_BUILD_IS_ENABLED())
-
-bld.SAMBA_LIBRARY('dlz_bind9_11',
-                  source='dlz_bind9.c',
-                  cflags='-DBIND_VERSION_9_11',
-                  private_library=True,
-                  link_name='modules/bind9/dlz_bind9_11.so',
-                  realname='dlz_bind9_11.so',
-                  install_path='${MODULESDIR}/bind9',
-                  deps='samba-hostconfig samdb-common gensec popt dnsserver_common',
-                  enabled=bld.AD_DC_BUILD_IS_ENABLED())
-
-bld.SAMBA_LIBRARY('dlz_bind9_12',
-                  source='dlz_bind9.c',
-                  cflags='-DBIND_VERSION_9_12',
-                  private_library=True,
-                  link_name='modules/bind9/dlz_bind9_12.so',
-                  realname='dlz_bind9_12.so',
-                  install_path='${MODULESDIR}/bind9',
-                  deps='samba-hostconfig samdb-common gensec popt dnsserver_common',
-                  enabled=bld.AD_DC_BUILD_IS_ENABLED())
-
-bld.SAMBA_LIBRARY('dlz_bind9_14',
-                  source='dlz_bind9.c',
-                  cflags='-DBIND_VERSION_9_14',
-                  private_library=True,
-                  link_name='modules/bind9/dlz_bind9_14.so',
-                  realname='dlz_bind9_14.so',
-                  install_path='${MODULESDIR}/bind9',
-                  deps='samba-hostconfig samdb-common gensec popt dnsserver_common',
-                  enabled=bld.AD_DC_BUILD_IS_ENABLED())
-
-bld.SAMBA_LIBRARY('dlz_bind9_16',
-                  source='dlz_bind9.c',
-                  cflags='-DBIND_VERSION_9_16',
-                  private_library=True,
-                  link_name='modules/bind9/dlz_bind9_16.so',
-                  realname='dlz_bind9_16.so',
-                  install_path='${MODULESDIR}/bind9',
-                  deps='samba-hostconfig samdb-common gensec popt dnsserver_common',
-                  enabled=bld.AD_DC_BUILD_IS_ENABLED())
-
 bld.SAMBA_LIBRARY('dlz_bind9_for_torture',
                   source='dlz_bind9.c',
-                  cflags='-DBIND_VERSION_9_8',
+                  cflags='-DBIND_VERSION=908',
                   private_library=True,
                   deps='samba-hostconfig samdb-common gensec popt dnsserver_common',
                   enabled=bld.AD_DC_BUILD_IS_ENABLED())
--- source4/setup/named.conf.dlz.orig	2019-12-06 10:10:31 UTC
+++ source4/setup/named.conf.dlz
@@ -7,28 +7,10 @@

 #
 # This configures dynamically loadable zones (DLZ) from AD schema
-# Uncomment only single database line, depending on your BIND version
 #
 dlz "AD DNS Zone" {
-    # For BIND 9.8.x
-    ${BIND9_8} database "dlopen ${MODULESDIR}/bind9/dlz_bind9.so";

-    # For BIND 9.9.x
-    ${BIND9_9} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_9.so";
+${BIND9_DLZ}

-    # For BIND 9.10.x
-    ${BIND9_10} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_10.so";
-
-    # For BIND 9.11.x
-    ${BIND9_11} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_11.so";
-
-    # For BIND 9.12.x
-    ${BIND9_12} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_12.so";
-
-    # For BIND 9.14.x
-    ${BIND9_14} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_14.so";
-
-    # For BIND 9.16.x
-    ${BIND9_16} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_16.so";
 };

--- source4/torture/dns/wscript_build.orig	2020-04-11 03:26:46 UTC
+++ source4/torture/dns/wscript_build
@@ -5,7 +5,7 @@ if bld.AD_DC_BUILD_IS_ENABLED():
		source='dlz_bind9.c',
		subsystem='smbtorture',
		init_function='torture_bind_dns_init',
-		cflags='-DBIND_VERSION_9_8',
+		cflags='-DBIND_VERSION=908',
		deps='torture talloc torturemain dlz_bind9_for_torture',
		internal_module=True
		)




--- buildtools/scripts/abi_gen.sh.orig	2019-01-15 10:07:00 UTC
+++ buildtools/scripts/abi_gen.sh
@@ -9,13 +9,14 @@ GDBSCRIPT="gdb_syms.$$"
 cat <<EOF
 set height 0
 set width 0
+set print sevenbit-strings on
 EOF
-nm "$SHAREDLIB" | cut -d' ' -f2- | egrep '^[BDGTRVWS]' | grep -v @ | egrep -v ' (__bss_start|_edata|_init|_fini|_end)' | cut -c3- | sort | while read s; do
-    echo "echo $s: "
-    echo p $s
+nm "$SHAREDLIB" | cut -d" "  -f2- | awk '/^[BDGTRVWS]/ && !/@|__bss_start|_edata|_init|_fini|_end/ { print $2 }' | sort | while read s; do
+    echo "echo $s:\\ "
+    echo whatis $s
 done
 ) > $GDBSCRIPT

 # forcing the terminal avoids a problem on Fedora12
-TERM=none gdb -n -batch -x $GDBSCRIPT "$SHAREDLIB" < /dev/null
+TERM=none %%GDB_CMD%% -n -batch -x $GDBSCRIPT "$SHAREDLIB" < /dev/null | sed -e 's/:type =/:/g'
 rm -f $GDBSCRIPT




--- buildtools/wafsamba/samba_autoconf.py.orig	2019-08-20 15:35:08 UTC
+++ buildtools/wafsamba/samba_autoconf.py
@@ -573,7 +573,7 @@ def library_flags(self, libs):


 @conf
-def CHECK_LIB(conf, libs, mandatory=False, empty_decl=True, set_target=True, shlib=False):
+def CHECK_LIB(conf, libs, mandatory=False, empty_decl=True, set_target=True, shlib=False, msg=None):
     '''check if a set of libraries exist as system libraries

     returns the sublist of libs that do exist as a syslib or []
@@ -593,11 +593,14 @@ int foo()
             ret.append(lib)
             continue

+        if msg is None:
+            msg = 'Checking for library %s' % lib
+
         (ccflags, ldflags, cpppath) = library_flags(conf, lib)
         if shlib:
-            res = conf.check(features='c cshlib', fragment=fragment, lib=lib, uselib_store=lib, cflags=ccflags, ldflags=ldflags, uselib=lib.upper(), mandatory=False)
+            res = conf.check(features='c cshlib', fragment=fragment, lib=lib, uselib_store=lib, cflags=ccflags, ldflags=ldflags, uselib=lib.upper(), mandatory=False, msg=msg)
         else:
-            res = conf.check(lib=lib, uselib_store=lib, cflags=ccflags, ldflags=ldflags, uselib=lib.upper(), mandatory=False)
+            res = conf.check(lib=lib, uselib_store=lib, cflags=ccflags, ldflags=ldflags, uselib=lib.upper(), mandatory=False, msg=msg)

         if not res:
             if mandatory:
@@ -949,5 +952,5 @@ def SAMBA_CHECK_UNDEFINED_SYMBOL_FLAGS(c
         conf.env.undefined_ldflags = conf.ADD_LDFLAGS('-Wl,-no-undefined', testflags=True)

         if (conf.env.undefined_ignore_ldflags == [] and
-            conf.CHECK_LDFLAGS(['-undefined', 'dynamic_lookup'])):
+            conf.CHECK_LDFLAGS(['-undefined', 'dynamic_lookup'] + conf.env.WERROR_CFLAGS)):
             conf.env.undefined_ignore_ldflags = ['-undefined', 'dynamic_lookup']

Added Link Here

(-)b/net/samba415/files/disabled/patch-buildtools_wafsamba_samba__install.py (+11 lines)
1	--- buildtools/wafsamba/samba_install.py.orig 2019-01-15 10:07:00 UTC
2	+++ buildtools/wafsamba/samba_install.py
3	@@ -118,7 +118,7 @@ def install_library(self):
4	inst_name = bld.make_libname(t.target)
5	elif self.vnum:
6	vnum_base = self.vnum.split('.')[0]
7	- install_name = bld.make_libname(target_name, version=self.vnum)
8	+ install_name = bld.make_libname(target_name, version=vnum_base)
9	install_link = bld.make_libname(target_name, version=vnum_base)
10	inst_name = bld.make_libname(t.target)
11	if not self.private_library or not t.env.SONAME_ST:

Added Link Here

(-)b/net/samba415/files/disabled/patch-buildtools_wafsamba_wafsamba.py (+11 lines)
1	--- ./buildtools/wafsamba/wafsamba.py.orig 2015-07-21 09:47:48 UTC
2	+++ ./buildtools/wafsamba/wafsamba.py
3	@@ -919,7 +919,7 @@ def SAMBAMANPAGES(bld, manpages, extra_s
4	bld.env.SAMBA_EXPAND_XSL = bld.srcnode.abspath() + '/docs-xml/xslt/expand-sambadoc.xsl'
5	bld.env.SAMBA_MAN_XSL = bld.srcnode.abspath() + '/docs-xml/xslt/man.xsl'
6	bld.env.SAMBA_CATALOG = bld.bldnode.abspath() + '/docs-xml/build/catalog.xml'
7	- bld.env.SAMBA_CATALOGS = 'file:///etc/xml/catalog file:///usr/local/share/xml/catalog file://' + bld.env.SAMBA_CATALOG
8	+ bld.env.SAMBA_CATALOGS = 'file:///etc/xml/catalog file://%%LOCALBASE%%/share/xml/catalog file://' + bld.env.SAMBA_CATALOG
9
10	for m in manpages.split():
11	source = m + '.xml'




--- buildtools/wafsamba/wscript.orig	2019-01-15 10:07:00 UTC
+++ buildtools/wafsamba/wscript
@@ -80,12 +80,17 @@ def options(opt):
                    help=("private library directory [PREFIX/lib/%s]" % Context.g_module.APPNAME),
                    action="store", dest='PRIVATELIBDIR', default=None)

+    opt.add_option('--with-openldap',
+                   help='additional directory to search for OpenLDAP libs',
+                   action='store', dest='ldap_open', default=None,
+                   match = ['Checking for library lber', 'Checking for library ldap'])
+
     opt.add_option('--with-libiconv',
                    help='additional directory to search for libiconv',
-                   action='store', dest='iconv_open', default='/usr/local',
+                   action='store', dest='iconv_open', default=None,
                    match = ['Checking for library iconv', 'Checking for iconv_open', 'Checking for header iconv.h'])
     opt.add_option('--without-gettext',
-                   help=("Disable use of gettext"),
+                   help=("disable use of gettext"),
                    action="store_true", dest='disable_gettext', default=False)

     gr = opt.option_group('developer options')




--- ctdb/wscript.orig	2020-01-31 10:25:36 UTC
+++ ctdb/wscript
@@ -104,6 +104,9 @@ def options(opt):
     opt.add_option('--enable-ceph-reclock',
                    help=("Enable Ceph CTDB recovery lock helper (default=no)"),
                    action="store_true", dest='ctdb_ceph_reclock', default=False)
+    opt.add_option('--disable-ctdb-tests',
+                   help=("Disable CTDB tests (default=no)"),
+                   action="store_true", dest='ctdb_no_tests', default=False)

     opt.add_option('--with-logdir',
                    help=("Path to log directory"),
@@ -261,7 +264,7 @@ def configure(conf):

     if Options.options.ctdb_ceph_reclock:
         if (conf.CHECK_HEADERS('rados/librados.h', False, False, 'rados') and
-					conf.CHECK_LIB('rados', shlib=True)):
+                                         conf.CHECK_LIB('rados', shlib=True)):
             Logs.info('Building with Ceph librados recovery lock support')
             conf.define('HAVE_LIBRADOS', 1)
         else:
@@ -300,9 +303,15 @@ def configure(conf):
                     conf.env.CTDB_VARDIR,
                     conf.env.CTDB_RUNDIR))

-    conf.env.CTDB_TEST_DATADIR = os.path.join(conf.env.CTDB_DATADIR, 'tests')
-    conf.env.CTDB_TEST_LIBEXECDIR = os.path.join(conf.env.LIBEXECDIR, 'ctdb/tests')
+    if Options.options.ctdb_no_tests:
+        conf.env.ctdb_tests = False
+    else:
+        conf.env.ctdb_tests = True

+    if conf.env.ctdb_tests:
+        conf.env.CTDB_TEST_DATADIR = os.path.join(conf.env.CTDB_DATADIR, 'tests')
+        conf.env.CTDB_TEST_LIBEXECDIR = os.path.join(conf.env.LIBEXECDIR, 'ctdb/tests')
+
     # Allow unified compilation and separate compilation of utilities
     # to find includes
     if not conf.env.standalone_ctdb:
@@ -681,9 +690,9 @@ def build(bld):
     if bld.env.HAVE_LIBRADOS:
         bld.SAMBA_BINARY('ctdb_mutex_ceph_rados_helper',
                          source='utils/ceph/ctdb_mutex_ceph_rados_helper.c',
-			 deps='talloc tevent rados',
-			 includes='include',
-			 install_path='${CTDB_HELPER_BINDIR}')
+                         deps='talloc tevent rados',
+                         includes='include',
+                         install_path='${CTDB_HELPER_BINDIR}')

     sed_expr1 = 's|/usr/local/var/lib/ctdb|%s|g'  % (bld.env.CTDB_VARDIR)
     sed_expr2 = 's|/usr/local/etc/ctdb|%s|g'      % (bld.env.CTDB_ETCDIR)
@@ -859,6 +868,9 @@ def build(bld):

     for d in ['volatile', 'persistent', 'state']:
         bld.INSTALL_DIR(os.path.join(bld.env.CTDB_VARDIR, d))
+
+    if not bld.env.ctdb_tests:
+        return

     bld.SAMBA_BINARY('errcode',
                      source='tests/src/errcode.c',




--- lib/dbwrap/dbwrap.c.orig	2019-01-15 10:07:00 UTC
+++ lib/dbwrap/dbwrap.c
@@ -28,6 +28,9 @@
 #include "lib/util/util_tdb.h"
 #include "lib/util/tevent_ntstatus.h"

+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_LOCKING
+
 /*
  * Fall back using fetch if no genuine exists operation is provided
  */
--- lib/dbwrap/dbwrap_local_open.c.orig	2019-01-15 10:07:00 UTC
+++ lib/dbwrap/dbwrap_local_open.c
@@ -23,6 +23,9 @@
 #include "dbwrap/dbwrap_tdb.h"
 #include "tdb.h"

+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_LOCKING
+
 struct db_context *dbwrap_local_open(TALLOC_CTX *mem_ctx,
				     const char *name,
				     int hash_size, int tdb_flags,
--- lib/dbwrap/dbwrap_rbt.c.orig	2019-01-15 10:07:00 UTC
+++ lib/dbwrap/dbwrap_rbt.c
@@ -24,6 +24,9 @@
 #include "../lib/util/rbtree.h"
 #include "../lib/util/dlinklist.h"

+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_LOCKING
+
 #define DBWRAP_RBT_ALIGN(_size_) (((_size_)+15)&~15)

 struct db_rbt_ctx {
--- lib/dbwrap/dbwrap_tdb.c.orig	2019-01-15 10:07:00 UTC
+++ lib/dbwrap/dbwrap_tdb.c
@@ -27,6 +27,9 @@
 #include "lib/param/param.h"
 #include "libcli/util/error.h"

+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_LOCKING
+
 struct db_tdb_ctx {
	struct tdb_wrap *wtdb;

--- lib/dbwrap/dbwrap_util.c.orig	2019-01-15 10:07:00 UTC
+++ lib/dbwrap/dbwrap_util.c
@@ -26,6 +26,9 @@
 #include "dbwrap.h"
 #include "lib/util/util_tdb.h"

+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_LOCKING
+
 struct dbwrap_fetch_int32_state {
	NTSTATUS status;
	int32_t result;
--- source3/lib/dbwrap/dbwrap_ctdb.c.orig	2019-01-15 10:07:00 UTC
+++ source3/lib/dbwrap/dbwrap_ctdb.c
@@ -38,6 +38,9 @@
 #include "lib/cluster_support.h"
 #include "lib/util/tevent_ntstatus.h"

+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_LOCKING
+
 struct db_ctdb_transaction_handle {
	struct db_ctdb_ctx *ctx;
	/*
--- source3/lib/dbwrap/dbwrap_open.c.orig	2019-01-15 10:07:00 UTC
+++ source3/lib/dbwrap/dbwrap_open.c
@@ -31,6 +31,9 @@
 #include "ctdbd_conn.h"
 #include "messages.h"

+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_LOCKING
+
 bool db_is_local(const char *name)
 {
	const char *sockname = lp_ctdbd_socket();
--- source3/lib/dbwrap/dbwrap_watch.c.orig	2019-01-15 10:07:00 UTC
+++ source3/lib/dbwrap/dbwrap_watch.c
@@ -28,6 +28,9 @@
 #include "server_id_watch.h"
 #include "lib/dbwrap/dbwrap_private.h"

+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_LOCKING
+
 struct dbwrap_watcher {
	/*
	 * Process watching this record




--- dynconfig/wscript.orig	2019-01-15 10:07:00 UTC
+++ dynconfig/wscript
@@ -141,6 +141,8 @@ dynconfig = {
     'PKGCONFIGDIR' : {
          'STD-PATH':  '${LIBDIR}/pkgconfig',
          'FHS-PATH':  '${LIBDIR}/pkgconfig',
+         'OPTION':    '--with-pkgconfigdir',
+         'HELPTEXT':  'Where to put .pc files',
     },
     'CODEPAGEDIR' : {
          'STD-PATH':  '${DATADIR}/codepages',
@@ -247,8 +249,8 @@ dynconfig = {
          'DELAY':     True,
     },
     'CONFIGFILE' : {
-         'STD-PATH':  '${CONFIGDIR}/smb.conf',
-         'FHS-PATH':  '${CONFIGDIR}/smb.conf',
+         'STD-PATH':  '${CONFIGDIR}/%%SAMBA4_CONFIG%%',
+         'FHS-PATH':  '${CONFIGDIR}/%%SAMBA4_CONFIG%%',
          'DELAY':     True,
     },
     'LMHOSTSFILE' : {
@@ -307,9 +309,6 @@ def configure(conf):
         flavor = 'FHS-PATH'
     else:
         flavor = 'STD-PATH'
-        if conf.env.PREFIX == '/usr' or conf.env.PREFIX == '/usr/local':
-           Logs.error("Don't install directly under /usr or /usr/local without using the FHS option (--enable-fhs)")
-           raise Errors.WafError("ERROR: invalid --prefix=%s value" % (conf.env.PREFIX))

     explicit_set ={}

Added Link Here

(-)b/net/samba415/files/disabled/patch-examples_pdb_wscript__build (+11 lines)
1	--- examples/pdb/wscript_build.orig 2019-01-15 10:07:00 UTC
2	+++ examples/pdb/wscript_build
3	@@ -3,7 +3,7 @@
4	bld.SAMBA3_MODULE('pdb_test',
5	subsystem='pdb',
6	source='test.c',
7	- deps='samba-util',
8	+ deps='samba-util samba-debug',
9	init_function='',
10	internal_module=bld.SAMBA3_IS_STATIC_MODULE('pdb_test'),
11	enabled=bld.SAMBA3_IS_ENABLED_MODULE('pdb_test'))




--- lib/ldb/ldb_key_value/ldb_kv_cache.c.orig	2019-01-15 10:07:00 UTC
+++ lib/ldb/ldb_key_value/ldb_kv_cache.c
@@ -90,7 +90,9 @@ static int ldb_schema_attribute_compare(
 {
	const struct ldb_schema_attribute *sa1 = (const struct ldb_schema_attribute *)p1;
	const struct ldb_schema_attribute *sa2 = (const struct ldb_schema_attribute *)p2;
-	return ldb_attr_cmp(sa1->name, sa2->name);
+	int res = ldb_attr_cmp(sa1->name, sa2->name);
+
+	return (res) ? res : (sa1->flags > sa2->flags) ? 1 : (sa1->flags < sa2->flags) ? -1 : 0;
 }

 /*




--- lib/ldb/wscript.orig	2019-07-08 12:47:51 UTC
+++ lib/ldb/wscript
@@ -207,7 +207,7 @@ def build(bld):
     if bld.env.standalone_ldb:
         if not 'PACKAGE_VERSION' in bld.env:
             bld.env.PACKAGE_VERSION = VERSION
-        bld.env.PKGCONFIGDIR = '${LIBDIR}/pkgconfig'
+        bld.env.PKGCONFIGDIR = '%%PKGCONFIGDIR%%'
         private_library = False
     else:
         private_library = True
@@ -284,7 +284,6 @@ def build(bld):
                           pc_files='ldb.pc',
                           vnum=VERSION,
                           private_library=private_library,
-                          manpages='man/ldb.3',
                           abi_directory='ABI',
                           abi_match = abi_match)

@@ -437,7 +436,7 @@ def build(bld):

         LDB_TOOLS='ldbadd ldbsearch ldbdel ldbmodify ldbedit ldbrename'
         for t in LDB_TOOLS.split():
-            bld.SAMBA_BINARY(t, 'tools/%s.c' % t, deps='ldb-cmdline ldb',
+            bld.SAMBA_BINARY('samba-%s' % t, 'tools/%s.c' % t, deps='ldb-cmdline ldb',
                              manpages='man/%s.1' % t)

         # ldbtest doesn't get installed
@@ -449,10 +448,10 @@ def build(bld):
         else:
             lmdb_deps = ''
         # ldbdump doesn't get installed
-        bld.SAMBA_BINARY('ldbdump',
+        bld.SAMBA_BINARY('samba-ldbdump',
                          'tools/ldbdump.c',
                          deps='ldb-cmdline ldb' + lmdb_deps,
-                         install=False)
+                         install=True)

         bld.SAMBA_LIBRARY('ldb-cmdline',
                           source='tools/ldbutil.c tools/cmdline.c',
@@ -497,11 +496,6 @@ def build(bld):
                          deps='cmocka ldb',
                          install=False)

-        bld.SAMBA_BINARY('ldb_match_test',
-                         source='tests/ldb_match_test.c',
-                         deps='cmocka ldb',
-                         install=False)
-
         bld.SAMBA_BINARY('ldb_key_value_test',
                          source='tests/ldb_key_value_test.c',
                          deps='cmocka ldb ldb_tdb_err_map',
@@ -609,7 +603,6 @@ def test(ctx):
                  'ldb_msg_test',
                  'ldb_tdb_kv_ops_test',
                  'ldb_tdb_test',
-                 'ldb_match_test',
                  'ldb_key_value_test',
                  # we currently don't run ldb_key_value_sub_txn_tdb_test as it
                  # tests the nested/sub transaction handling

Added Link Here

(-)b/net/samba415/files/disabled/patch-lib_replace_wscript (+11 lines)
1	--- lib/replace/wscript.orig 2019-01-15 10:07:00 UTC
2	+++ lib/replace/wscript
3	@@ -119,7 +119,7 @@ def configure(conf):
4	conf.CHECK_HEADERS('sys/atomic.h stdatomic.h')
5	conf.CHECK_HEADERS('libgen.h')
6
7	- if conf.CHECK_CFLAGS('-Wno-format-truncation'):
8	+ if conf.CHECK_CFLAGS(['-Wno-format-truncation'] + conf.env.WERROR_CFLAGS):
9	conf.define('HAVE_WNO_FORMAT_TRUNCATION', '1')
10
11	if conf.CHECK_CFLAGS('-Wno-unused-function'):




--- lib/talloc/talloc.c.orig	2019-01-15 10:07:00 UTC
+++ lib/talloc/talloc.c
@@ -391,6 +391,9 @@ void talloc_lib_init(void) __attribute__
 void talloc_lib_init(void)
 {
	uint32_t random_value;
+#if defined(HAVE_ARC4RANDOM)
+	random_value = arc4random();
+#else
 #if defined(HAVE_GETAUXVAL) && defined(AT_RANDOM)
	uint8_t *p;
	/*
@@ -424,6 +427,7 @@ void talloc_lib_init(void)
		 */
		random_value = ((uintptr_t)talloc_lib_init & 0xFFFFFFFF);
	}
+#endif /* HAVE_ARC4RANDOM */
	talloc_magic = random_value & ~TALLOC_FLAG_MASK;
 }
 #else




--- lib/talloc/wscript.orig	2019-05-07 08:38:21 UTC
+++ lib/talloc/wscript
@@ -45,13 +45,14 @@ def configure(conf):
     conf.env.TALLOC_COMPAT1 = False
     if conf.env.standalone_talloc:
         conf.env.TALLOC_COMPAT1 = Options.options.TALLOC_COMPAT1
-        conf.env.PKGCONFIGDIR = '${LIBDIR}/pkgconfig'
+        conf.env.PKGCONFIGDIR = '%%PKGCONFIGDIR%%'
         conf.env.TALLOC_VERSION = VERSION

     conf.CHECK_XSLTPROC_MANPAGES()

     conf.CHECK_HEADERS('sys/auxv.h')
     conf.CHECK_FUNCS('getauxval')
+    conf.CHECK_FUNCS('arc4random')

     conf.SAMBA_CONFIG_H()




--- lib/tdb/wscript.orig	2019-07-02 22:39:54 UTC
+++ lib/tdb/wscript
@@ -145,20 +145,20 @@ def build(bld):
                          'tdb',
                          install=False)

-        bld.SAMBA_BINARY('tdbrestore',
+        bld.SAMBA_BINARY('samba-tdbrestore',
                          'tools/tdbrestore.c',
                          'tdb', manpages='man/tdbrestore.8')

-        bld.SAMBA_BINARY('tdbdump',
+        bld.SAMBA_BINARY('samba-tdbdump',
                          'tools/tdbdump.c',
                          'tdb', manpages='man/tdbdump.8')

-        bld.SAMBA_BINARY('tdbbackup',
+        bld.SAMBA_BINARY('samba-tdbbackup',
                          'tools/tdbbackup.c',
                          'tdb',
                          manpages='man/tdbbackup.8')

-        bld.SAMBA_BINARY('tdbtool',
+        bld.SAMBA_BINARY('samba-tdbtool',
                          'tools/tdbtool.c',
                          'tdb', manpages='man/tdbtool.8')

Added Link Here

(-)b/net/samba415/files/disabled/patch-lib_util_wscript__build (+10 lines)
1	--- lib/util/wscript_build.orig 2019-05-07 08:38:21 UTC
2	+++ lib/util/wscript_build
3	@@ -151,7 +151,7 @@ else:
4
5	bld.SAMBA_LIBRARY('samba-modules',
6	source='modules.c',
7	- deps='samba-errors samba-util',
8	+ deps='samba-errors samba-util samba-debug',
9	local_include=False,
10	private_library=True)




--- libcli/http/http.c.orig	2020-07-09 13:33:56
+++ libcli/http/http.c
@@ -141,7 +141,19 @@ static enum http_read_status http_parse_headers(struct
		return HTTP_ALL_DATA_READ;
	}

+#ifdef FREEBSD
+	int s0, s1, s2, s3; s0 = s1 = s2 = s3 = 0;
+	n = sscanf(line, "%n%*[^:]%n: %n%*[^\r\n]%n\r\n", &s0, &s1, &s2, &s3);
+
+	if(n >= 0) {
+		key = calloc(sizeof(char), s1-s0+1);
+		value = calloc(sizeof(char), s3-s2+1);
+
+		n = sscanf(line, "%[^:]: %[^\r\n]\r\n", key, value);
+	}
+#else
	n = sscanf(line, "%m[^:]: %m[^\r\n]\r\n", &key, &value);
+#endif
	if (n != 2) {
		DEBUG(0, ("%s: Error parsing header '%s'\n", __func__, line));
		status = HTTP_DATA_CORRUPTED;
@@ -167,7 +179,7 @@ error:
 static bool http_parse_response_line(struct http_read_response_state *state)
 {
	bool	status = true;
-	char	*protocol;
+	char	*protocol = NULL;
	char	*msg = NULL;
	char	major;
	char	minor;
@@ -187,18 +199,32 @@ static bool http_parse_response_line(struct http_read_
		return false;
	}

+#ifdef FREEBSD
+	int s0, s1, s2, s3; s0 = s1 = s2 = s3 = 0;
+	n = sscanf(line, "%n%*[^/]%n/%c.%c %d %n%*[^\r\n]%n\r\n",
+		   &s0, &s1, &major, &minor, &code, &s2, &s3);
+
+	if(n == 3) {
+		protocol = calloc(sizeof(char), s1-s0+1);
+		msg = calloc(sizeof(char), s3-s2+1);
+
+		n = sscanf(line, "%[^/]/%c.%c %d %[^\r\n]\r\n",
+			protocol, &major, &minor, &code, msg);
+	}
+#else
	n = sscanf(line, "%m[^/]/%c.%c %d %m[^\r\n]\r\n",
		   &protocol, &major, &minor, &code, &msg);
+#endif

-	DEBUG(11, ("%s: Header parsed(%i): protocol->%s, major->%c, minor->%c, "
-		   "code->%d, message->%s\n", __func__, n, protocol, major, minor,
-		   code, msg));
-
	if (n != 5) {
		DEBUG(0, ("%s: Error parsing header\n",	__func__));
		status = false;
		goto error;
	}
+
+	DEBUG(11, ("%s: Header parsed(%i): protocol->%s, major->%c, minor->%c, "
+		   "code->%d, message->%s\n", __func__, n, protocol, major, minor,
+		   code, msg));

	if (major != '1') {
		DEBUG(0, ("%s: Bad HTTP major number '%c'\n", __func__, major));
--- source4/libcli/ldap/ldap_client.c.orig	2020-07-09 13:33:56
+++ source4/libcli/ldap/ldap_client.c
@@ -402,8 +402,20 @@ static int ldap_parse_basic_url(
		*pport = port;
		return 0;
	}
+#ifdef FREEBSD
+	int s0, s1; s0 = s1 = 0;
+	ret = sscanf(url, "%n%*[^:/]%n:%d", &s0, &s1, &port);

+	if(ret >= 0) {
+		host = calloc(sizeof(char), s1 - s0 + 1);
+		if (host == NULL) {
+			return ENOMEM;
+		}
+		ret = sscanf(url, "%[^:/]:%d", host, &port);
+	}
+#else
	ret = sscanf(url, "%m[^:/]:%d", &host, &port);
+#endif
	if (ret < 1) {
		return EINVAL;
	}




--- lib/tevent/echo_server.c.orig	2019-01-15 10:07:00 UTC
+++ lib/tevent/echo_server.c
@@ -633,7 +633,7 @@ int main(int argc, const char **argv)
		exit(1);
	}

-	ret = listen(listen_sock, 5);
+	ret = listen(listen_sock, DEFAULT_LISTEN_BACKLOG);
	if (ret == -1) {
		perror("listen() failed");
		exit(1);
--- source3/include/local.h.orig	2019-01-15 10:07:00 UTC
+++ source3/include/local.h
@@ -173,7 +173,18 @@
 #define WINBIND_SERVER_MUTEX_WAIT_TIME (( ((NUM_CLI_AUTH_CONNECT_RETRIES) * ((CLI_AUTH_TIMEOUT)/1000)) + 5)*2)

 /* size of listen() backlog in smbd */
+#if defined (FREEBSD)
+#define SMBD_LISTEN_BACKLOG -1
+#else
 #define SMBD_LISTEN_BACKLOG 50
+#endif
+
+/* size of listen() default backlog */
+#if defined (FREEBSD)
+#define DEFAULT_LISTEN_BACKLOG -1
+#else
+#define DEFAULT_LISTEN_BACKLOG 5
+#endif

 /* Number of microseconds to wait before a sharing violation. */
 #define SHARING_VIOLATION_USEC_WAIT 950000
--- source3/libsmb/unexpected.c.orig	2019-01-15 10:07:00 UTC
+++ source3/libsmb/unexpected.c
@@ -95,7 +95,7 @@ NTSTATUS nb_packet_server_create(TALLOC_
		status = map_nt_error_from_unix(errno);
		goto fail;
	}
-	rc = listen(result->listen_sock, 5);
+	rc = listen(result->listen_sock, DEFAULT_LISTEN_BACKLOG);
	if (rc < 0) {
		status = map_nt_error_from_unix(errno);
		goto fail;
--- source3/rpc_server/rpc_server.c.orig	2019-01-15 10:07:00 UTC
+++ source3/rpc_server/rpc_server.c
@@ -158,7 +158,7 @@ bool setup_named_pipe_socket(const char
		goto out;
	}

-	rc = listen(state->fd, 5);
+	rc = listen(state->fd, DEFAULT_LISTEN_BACKLOG);
	if (rc < 0) {
		DEBUG(0, ("Failed to listen on pipe socket %s: %s\n",
			  pipe_name, strerror(errno)));
@@ -830,7 +830,7 @@ bool setup_dcerpc_ncalrpc_socket(struct
		goto out;
	}

-	rc = listen(state->fd, 5);
+	rc = listen(state->fd, DEFAULT_LISTEN_BACKLOG);
	if (rc < 0) {
		DEBUG(0, ("Failed to listen on ncalrpc socket %s: %s\n",
			  name, strerror(errno)));
--- source3/utils/smbfilter.c.orig	2019-01-15 10:07:00 UTC
+++ source3/utils/smbfilter.c
@@ -291,7 +291,7 @@ static void start_filter(char *desthost)
		exit(1);
	}

-	if (listen(s, 5) == -1) {
+	if (listen(s, DEFAULT_LISTEN_BACKLOG) == -1) {
		d_printf("listen failed\n");
	}

--- source3/winbindd/winbindd.c.orig	2019-01-15 10:07:00 UTC
+++ source3/winbindd/winbindd.c
@@ -1317,7 +1317,7 @@ static bool winbindd_setup_listeners(voi
	if (pub_state->fd == -1) {
		goto failed;
	}
-	rc = listen(pub_state->fd, 5);
+	rc = listen(pub_state->fd, DEFAULT_LISTEN_BACKLOG);
	if (rc < 0) {
		goto failed;
	}
@@ -1349,7 +1349,7 @@ static bool winbindd_setup_listeners(voi
	if (priv_state->fd == -1) {
		goto failed;
	}
-	rc = listen(priv_state->fd, 5);
+	rc = listen(priv_state->fd, DEFAULT_LISTEN_BACKLOG);
	if (rc < 0) {
		goto failed;
	}




From 923bc7a1afeb0b920e60e14846987ae1d2d7dca4 Mon Sep 17 00:00:00 2001
From: John Hixson <john@ixsystems.com>
Date: Thu, 7 Dec 2017 09:36:32 -0500
Subject: [PATCH] Freenas/master mdns fixes (#22)

* mDNS fixes for Samba (work in progress).

* Fix mDNS - Can advertise on individual interfaces

* Fix mDNS browsing in smbclient

Signed-off-by: Timur I. Bakeyev <timur@iXsystems.com>

--- source3/client/dnsbrowse.c.orig	2019-01-15 10:07:00 UTC
+++ source3/client/dnsbrowse.c
@@ -39,6 +39,7 @@ struct mdns_smbsrv_result
 struct mdns_browse_state
 {
	struct mdns_smbsrv_result *listhead; /* Browse result list head */
+	TALLOC_CTX * ctx;
	int browseDone;

 };
@@ -64,7 +65,7 @@ static void do_smb_resolve(struct mdns_s
	struct timeval tv;
	DNSServiceErrorType err;

-	TALLOC_CTX * ctx = talloc_tos();
+	TALLOC_CTX * ctx = talloc_new(NULL);

	err = DNSServiceResolve(&mdns_conn_sdref, 0 /* flags */,
		browsesrv->ifIndex,
@@ -91,7 +92,7 @@ static void do_smb_resolve(struct mdns_s
		}
	}

-	TALLOC_FREE(fdset);
+	TALLOC_FREE(ctx);
	DNSServiceRefDeallocate(mdns_conn_sdref);
 }

@@ -124,18 +125,19 @@ do_smb_browse_reply(DNSServiceRef sdRef,
		return;
	}

-	bresult = talloc_array(talloc_tos(), struct mdns_smbsrv_result, 1);
+	bresult = talloc_array(bstatep->ctx, struct mdns_smbsrv_result, 1);
	if (bresult == NULL) {
		return;
	}

+	bresult->nextResult = NULL;
	if (bstatep->listhead != NULL) {
		bresult->nextResult = bstatep->listhead;
	}

-	bresult->serviceName = talloc_strdup(talloc_tos(), serviceName);
-	bresult->regType = talloc_strdup(talloc_tos(), regtype);
-	bresult->domain = talloc_strdup(talloc_tos(), replyDomain);
+	bresult->serviceName = talloc_strdup(bstatep->ctx, serviceName);
+	bresult->regType = talloc_strdup(bstatep->ctx, regtype);
+	bresult->domain = talloc_strdup(bstatep->ctx, replyDomain);
	bresult->ifIndex = interfaceIndex;
	bstatep->listhead = bresult;
 }
@@ -151,10 +153,13 @@ int do_smb_browse(void)
	DNSServiceRef mdns_conn_sdref = NULL;
	DNSServiceErrorType err;

-	TALLOC_CTX * ctx = talloc_stackframe();
+	TALLOC_CTX * ctx = talloc_new(NULL);

	ZERO_STRUCT(bstate);

+	bstate.ctx = ctx;
+	bstate.listhead = NULL;
+
	err = DNSServiceBrowse(&mdns_conn_sdref, 0, 0, "_smb._tcp", "",
			do_smb_browse_reply, &bstate);

--- source3/smbd/dnsregister.c.orig	2019-01-15 10:07:00 UTC
+++ source3/smbd/dnsregister.c
@@ -29,6 +29,29 @@
  * browse for advertised SMB services.
  */

+/*
+ * Time Machine Errata:
+ * sys=adVF=0x100 -- this is required when ._adisk._tcp is present on device. When it is
+ * set, the MacOS client will send a NetShareEnumAll IOCTL and shares will be visible.
+ * Otherwise, Finder will only see the Time Machine share. In the absence of ._adisk._tcp
+ * MacOS will _always_ send NetShareEnumAll IOCTL.
+ *
+ * waMa=0 -- MacOS server uses waMa=0, while embedded devices have it set to their Mac Address.
+ * Speculation in Samba-Technical indicates that this stands for "Wireless AirDisk Mac Address".
+ *
+ * adVU -- AirDisk Volume UUID. Mac OS servers generate a UUID. Time machine over SMB works without one
+ * set. Netatalk generates a UUID and stores it persistently in afp_voluuid.conf. This can be
+ * set by adding the share parameter "fruit:volume_uuid = "
+ *
+ * dk(n)=adVF=
+ *      0xa1, 0x81 - AFP support
+ *      0xa2, 0x82 - SMB support
+ *      0xa3, 0x83 - AFP and SMB support
+ *
+ * adVN -- AirDisk Volume Name. We set this to the share name.
+ *
+ */
+
 #define DNS_REG_RETRY_INTERVAL (5*60)  /* in seconds */

 #ifdef WITH_DNSSD_SUPPORT
@@ -36,85 +59,177 @@
 #include <dns_sd.h>

 struct dns_reg_state {
-	struct tevent_context *event_ctx;
-	uint16_t port;
-	DNSServiceRef srv_ref;
-	struct tevent_timer *te;
-	int fd;
-	struct tevent_fd *fde;
+	int count;
+	struct reg_state {
+		DNSServiceRef srv_ref;
+		TALLOC_CTX *mem_ctx;
+		struct tevent_context *event_ctx;
+		struct tevent_timer *te;
+		struct tevent_fd *fde;
+		uint16_t port;
+		int if_index;
+		int fd;
+	} *drs;
 };

-static int dns_reg_state_destructor(struct dns_reg_state *dns_state)
+static void dns_register_smbd_retry(struct tevent_context *ctx,
+				    struct tevent_timer *te,
+				    struct timeval now,
+				    void *private_data);
+static void dns_register_smbd_fde_handler(struct tevent_context *ev,
+					  struct tevent_fd *fde,
+					  uint16_t flags,
+					  void *private_data);
+
+
+static int reg_state_destructor(struct reg_state *state)
 {
-	if (dns_state->srv_ref != NULL) {
+	if (state == NULL) {
+		return -1;
+	}
+
+	if (state->srv_ref != NULL) {
		/* Close connection to the mDNS daemon */
-		DNSServiceRefDeallocate(dns_state->srv_ref);
-		dns_state->srv_ref = NULL;
+		DNSServiceRefDeallocate(state->srv_ref);
+		state->srv_ref = NULL;
	}

	/* Clear event handler */
-	TALLOC_FREE(dns_state->te);
-	TALLOC_FREE(dns_state->fde);
-	dns_state->fd = -1;
+	TALLOC_FREE(state->te);
+	TALLOC_FREE(state->fde);
+	state->fd = -1;

	return 0;
 }

-static void dns_register_smbd_retry(struct tevent_context *ctx,
-				    struct tevent_timer *te,
-				    struct timeval now,
-				    void *private_data);
-static void dns_register_smbd_fde_handler(struct tevent_context *ev,
-					  struct tevent_fd *fde,
-					  uint16_t flags,
-					  void *private_data);
+int TXTRecordPrintf(TXTRecordRef * rec, const char * key, const char * fmt, ... )
+{
+	int ret = 0;
+	char *str;
+	va_list ap;
+	va_start( ap, fmt );

-static bool dns_register_smbd_schedule(struct dns_reg_state *dns_state,
+	if( 0 > vasprintf(&str, fmt, ap ) ) {
+		va_end(ap);
+		return -1;
+	}
+	va_end(ap);
+
+	if( kDNSServiceErr_NoError != TXTRecordSetValue(rec, key, strlen(str), str) ) {
+		ret = -1;
+	}
+
+	free(str);
+	return ret;
+}
+
+int TXTRecordKeyPrintf(TXTRecordRef * rec, const char * key_fmt, int key_var, const char * fmt, ...)
+{
+	int ret = 0;
+	char *key = NULL, *str = NULL;
+	va_list ap;
+
+	if( 0 > asprintf(&key, key_fmt, key_var)) {
+		DEBUG(1, ("Failed in asprintf\n"));
+		return -1;
+	}
+
+	va_start( ap, fmt );
+	if( 0 > vasprintf(&str, fmt, ap )) {
+		va_end(ap);
+		DEBUG(1, ("Failed in vasprintf\n"));
+		ret = -1;
+		goto exit;
+	}
+	va_end(ap);
+
+	if( kDNSServiceErr_NoError != TXTRecordSetValue(rec, key, strlen(str), str) ) {
+		DEBUG(1, ("Failed in TXTRecordSetValuen"));
+		ret = -1;
+		goto exit;
+	}
+
+	exit:
+	if (str)
+		free(str);
+	if (key)
+		free(key);
+	return ret;
+}
+
+
+static bool dns_register_smbd_schedule(struct reg_state *state,
				       struct timeval tval)
 {
-	dns_reg_state_destructor(dns_state);
+	reg_state_destructor(state);

-	dns_state->te = tevent_add_timer(dns_state->event_ctx,
-					 dns_state,
+	state->te = tevent_add_timer(state->event_ctx,
+					 state->mem_ctx,
					 tval,
					 dns_register_smbd_retry,
-					 dns_state);
-	if (!dns_state->te) {
+					 state);
+	if (!state->te) {
		return false;
	}

	return true;
 }

+static void dns_register_smbd_callback(DNSServiceRef service,
+				       DNSServiceFlags flags,
+				       DNSServiceErrorType errorCode,
+				       const char *name,
+				       const char *type,
+				       const char *domain,
+				       void *context)
+{
+	if (errorCode != kDNSServiceErr_NoError) {
+		DEBUG(6, ("error=%d\n", errorCode));
+	} else {
+		DEBUG(6, ("%-15s %s.%s%s\n", "REGISTER", name, type, domain));
+	}
+}
+
 static void dns_register_smbd_retry(struct tevent_context *ctx,
				    struct tevent_timer *te,
				    struct timeval now,
				    void *private_data)
 {
-	struct dns_reg_state *dns_state = talloc_get_type_abort(private_data,
-					  struct dns_reg_state);
+	struct reg_state *state = (struct reg_state *)private_data;
	DNSServiceErrorType err;
+	int snum;
+	size_t dk = 0;
+	bool sys_txt_created = false;
+	TXTRecordRef txt_adisk;
+	TXTRecordRef txt_devinfo;
+	char *servname;
+	char *v_uuid;
+	int num_services = lp_numservices();

-	dns_reg_state_destructor(dns_state);
+	reg_state_destructor(state);

-	DEBUG(6, ("registering _smb._tcp service on port %d\n",
-		  dns_state->port));
+	TXTRecordCreate(&txt_adisk, 0, NULL);
+
+	DEBUG(6, ("registering _smb._tcp service on port %d index %d\n",
+		  state->port, state->if_index));

	/* Register service with DNS. Connects with the mDNS
	 * daemon running on the local system to perform DNS
	 * service registration.
	 */
-	err = DNSServiceRegister(&dns_state->srv_ref, 0 /* flags */,
-			kDNSServiceInterfaceIndexAny,
-			NULL /* service name */,
-			"_smb._tcp" /* service type */,
-			NULL /* domain */,
-			"" /* SRV target host name */,
-			htons(dns_state->port),
-			0 /* TXT record len */,
-			NULL /* TXT record data */,
-			NULL /* callback func */,
-			NULL /* callback context */);
+	err = DNSServiceRegister(&state->srv_ref,
+			0		/* flags */,
+			state->if_index /* interface index */,
+			NULL		/* service name */,
+			"_smb._tcp"	/* service type */,
+			NULL		/* domain */,
+			""		/* SRV target host name */,
+			htons(state->port) /* port */,
+			0		/* TXT record len */,
+			NULL		/* TXT record data */,
+			dns_register_smbd_callback /* callback func */,
+			NULL		/* callback context */);
+

	if (err != kDNSServiceErr_NoError) {
		/* Failed to register service. Schedule a re-try attempt.
@@ -123,24 +238,96 @@ static void dns_register_smbd_retry(stru
		goto retry;
	}

-	dns_state->fd = DNSServiceRefSockFD(dns_state->srv_ref);
-	if (dns_state->fd == -1) {
+	/*
+	 * Check for services that are configured as Time Machine targets
+	 *
+	 */
+	for (snum = 0; snum < num_services; snum++) {
+		if (lp_snum_ok(snum) && lp_parm_bool(snum, "fruit", "time machine", false))
+		{
+			if (!sys_txt_created) {
+				if( 0 > TXTRecordPrintf(&txt_adisk, "sys", "adVF=0x100") ) {
+					DEBUG(1, ("Failed to create Zeroconf TXTRecord for sys") );
+					goto retry;
+				}
+				else
+				{
+					sys_txt_created = true;
+				}
+			}
+
+			v_uuid = lp_parm_const_string(snum, "fruit", "volume_uuid", NULL);
+			servname = lp_const_servicename(snum);
+			DEBUG(1, ("Registering volume %s for TimeMachine\n", servname));
+			if (v_uuid) {
+				if( 0 > TXTRecordKeyPrintf(&txt_adisk, "dk%zu", dk++, "adVN=%s,adVF=0x82,adVU=%s",
+					servname, v_uuid) ) {
+					DEBUG(1, ("Could not set Zeroconf TXTRecord for dk%zu \n", dk));
+					goto retry;
+				}
+				DEBUG(1, ("Registering TimeMachine with the following TXT parameters: "
+					  "dk%zu,adVN=%s,adVF=0x82,adVU=%s\n", dk, servname, v_uuid) );
+			}
+			else {
+				if( 0 > TXTRecordKeyPrintf(&txt_adisk, "dk%zu", dk++, "adVN=%s,adVF=0x82",
+					servname) ) {
+					DEBUG(1, ("Could not set Zeroconf TXTRecord for dk%zu \n", dk));
+					goto retry;
+				}
+				DEBUG(1, ("Registering TimeMachine with the following TXT parameters: "
+					  "dk%zu,adVN=%s,adVF=0x82\n", dk, servname) );
+			}
+		}
+	}
+
+	if (dk) {
+		err = DNSServiceRegister(&state->srv_ref,
+				0		/* flags */,
+				state->if_index /* interface index */,
+				NULL		/* service name */,
+				"_adisk._tcp"	/* service type */,
+				NULL		/* domain */,
+				""		/* SRV target host name */,
+				/*
+				 * We would probably use port 0 zero, but we can't, from man DNSServiceRegister:
+				 *   "A value of 0 for a port is passed to register placeholder services.
+				 *    Place holder services are not found  when browsing, but other
+				 *    clients cannot register with the same name as the placeholder service."
+				 * We therefor use port 9 which is used by the adisk service type.
+				 */
+				htons(9)	/* port */,
+				TXTRecordGetLength(&txt_adisk)		/* TXT record len */,
+				TXTRecordGetBytesPtr(&txt_adisk)	/* TXT record data */,
+				dns_register_smbd_callback /* callback func */,
+				NULL		/* callback context */);
+
+
+		if (err != kDNSServiceErr_NoError) {
+			/* Failed to register service. Schedule a re-try attempt.
+			 */
+			DEBUG(1, ("unable to register with mDNS (err %d)\n", err));
+			goto retry;
+		}
+	}
+
+	state->fd = DNSServiceRefSockFD(state->srv_ref);
+	if (state->fd == -1) {
		goto retry;
	}

-	dns_state->fde = tevent_add_fd(dns_state->event_ctx,
-				       dns_state,
-				       dns_state->fd,
-				       TEVENT_FD_READ,
-				       dns_register_smbd_fde_handler,
-				       dns_state);
-	if (!dns_state->fde) {
+	state->fde = tevent_add_fd(state->event_ctx,
+				   state->mem_ctx,
+				   state->fd,
+				   TEVENT_FD_READ,
+				   dns_register_smbd_fde_handler,
+				   state);
+	if (!state->fde) {
		goto retry;
	}

	return;
  retry:
-	dns_register_smbd_schedule(dns_state,
+	dns_register_smbd_schedule(state,
		timeval_current_ofs(DNS_REG_RETRY_INTERVAL, 0));
 }

@@ -150,44 +337,77 @@ static void dns_register_smbd_fde_handle
					  uint16_t flags,
					  void *private_data)
 {
-	struct dns_reg_state *dns_state = talloc_get_type_abort(private_data,
-					  struct dns_reg_state);
+	struct reg_state *state = (struct reg_state *)private_data;
	DNSServiceErrorType err;

-	err = DNSServiceProcessResult(dns_state->srv_ref);
+	err = DNSServiceProcessResult(state->srv_ref);
	if (err != kDNSServiceErr_NoError) {
-		DEBUG(3, ("failed to process mDNS result (err %d), re-trying\n",
-			    err));
+		DEBUG(3, ("failed to process mDNS result (err %d), re-trying\n", err));
		goto retry;
	}

-	talloc_free(dns_state);
	return;

  retry:
-	dns_register_smbd_schedule(dns_state,
-		timeval_current_ofs(DNS_REG_RETRY_INTERVAL, 0));
+	dns_register_smbd_schedule(state, timeval_zero());
+}
+
+static int dns_reg_state_destructor(struct dns_reg_state *state)
+{
+	if (state != NULL) {
+		talloc_free(state);
+	}
+	return 0;
 }

+
 bool smbd_setup_mdns_registration(struct tevent_context *ev,
				  TALLOC_CTX *mem_ctx,
				  uint16_t port)
 {
	struct dns_reg_state *dns_state;
+	bool bind_all = true;
+	int i;

	dns_state = talloc_zero(mem_ctx, struct dns_reg_state);
-	if (dns_state == NULL) {
+	if (dns_state == NULL)
+		return false;
+
+	if (lp_interfaces() && lp_bind_interfaces_only())
+		bind_all = false;
+
+	dns_state->count = iface_count();
+	if (dns_state->count <= 0 || bind_all == true)
+		dns_state->count = 1;
+
+	dns_state->drs = talloc_array(mem_ctx, struct reg_state, dns_state->count);
+	if (dns_state->drs == NULL) {
+		talloc_free(dns_state);
		return false;
	}
-	dns_state->event_ctx = ev;
-	dns_state->port = port;
-	dns_state->fd = -1;

-	talloc_set_destructor(dns_state, dns_reg_state_destructor);
+	for (i = 0; i < dns_state->count; i++) {
+		struct interface *iface = get_interface(i);
+		struct reg_state *state = &dns_state->drs[i];

-	return dns_register_smbd_schedule(dns_state, timeval_zero());
+		state->mem_ctx = mem_ctx;
+		state->srv_ref = NULL;
+		state->event_ctx = ev;
+		state->te = NULL;
+		state->fde = NULL;
+		state->port = port;
+		state->fd = -1;
+
+		state->if_index = bind_all ? kDNSServiceInterfaceIndexAny : iface->if_index;
+
+		dns_register_smbd_schedule(&dns_state->drs[i], timeval_zero());
+	}
+
+	talloc_set_destructor(dns_state, dns_reg_state_destructor);
+	return true;
 }

+
 #else /* WITH_DNSSD_SUPPORT */

 bool smbd_setup_mdns_registration(struct tevent_context *ev,




--- nsswitch/wscript_build.orig	2019-01-15 10:07:00 UTC
+++ nsswitch/wscript_build
@@ -61,12 +61,14 @@ elif (host_os.rfind('freebsd') > -1):
			  source='winbind_nss_linux.c winbind_nss_freebsd.c',
			  deps='winbind-client',
			  realname='nss_winbind.so.1',
+			  install_path='${PAMMODULESDIR}',
			  vnum='1')

	bld.SAMBA3_LIBRARY('nss_wins',
			  source='wins.c wins_freebsd.c',
			  deps='''wbclient''',
			  realname='nss_wins.so.1',
+			  install_path='${PAMMODULESDIR}',
			  vnum='1')

 elif (host_os.rfind('netbsd') > -1):

Added Link Here

(-)b/net/samba415/files/disabled/patch-source3_include_includes.h (+9 lines)
1	--- source3/include/includes.h.orig 2019-01-15 10:07:00 UTC
2	+++ source3/include/includes.h
3	@@ -322,6 +322,8 @@ typedef char fstring[FSTRING_LEN];
4	* the bottom of include files so as not to conflict. */
5	#ifdef ENABLE_DMALLOC
6	# include <dmalloc.h>
7	+#elif ENABLE_JEMALLOC
8	+# include <jemalloc/jemalloc.h>
9	#endif




--- source3/lib/sysquotas_4B.c.orig	2019-01-15 10:07:00 UTC
+++ source3/lib/sysquotas_4B.c
@@ -140,7 +140,14 @@ static int sys_quotactl_4B(const char *
		/* ENOTSUP means quota support is not compiled in. EINVAL
		 * means that quotas are not configured (commonly).
		 */
-		if (errno != ENOTSUP && errno != EINVAL) {
+		if (errno != ENOTSUP && errno != EINVAL
+/*
+ * FreeBSD 12 between r336017 and r342928 wrongfuly return ENOENT for the not enabled qoutas on ZFS.
+ */
+#if defined(__FreeBSD__) && ((__FreeBSD_version >= 1102503 && __FreeBSD_version <= 1102506) || (__FreeBSD_version >= 1200072 && __FreeBSD_version <= 1200503) || (__FreeBSD_version >= 1300000 && __FreeBSD_version <= 1300009))
+			&& errno != ENOENT
+#endif
+		) {
			DEBUG(5, ("failed to %s quota for %s ID %u on %s: %s\n",
				    (cmd & QCMD(Q_GETQUOTA, 0)) ? "get" : "set",
				    (cmd & QCMD(0, GRPQUOTA)) ? "group" : "user",




--- source3/lib/util.c.orig	2019-05-07 08:38:21 UTC
+++ source3/lib/util.c
@@ -1916,7 +1916,10 @@ bool any_nt_status_not_ok(NTSTATUS err1,

 int timeval_to_msec(struct timeval t)
 {
-	return t.tv_sec * 1000 + (t.tv_usec+999) / 1000;
+	unsigned long result;
+
+	result = t.tv_sec * 1000 + (t.tv_usec+999) / 1000;
+	return result > INT_MAX ? INT_MAX : result;
 }

 /*******************************************************************




--- source3/librpc/crypto/gse.c.orig	2019-01-15 10:07:00 UTC
+++ source3/librpc/crypto/gse.c
@@ -621,11 +621,12 @@ static NTSTATUS gse_get_server_auth_toke
	struct gse_context *gse_ctx =
		talloc_get_type_abort(gensec_security->private_data,
				      struct gse_context);
-	OM_uint32 gss_maj, gss_min;
+	OM_uint32 gss_min;
	gss_buffer_desc in_data;
	gss_buffer_desc out_data;
	DATA_BLOB blob = data_blob_null;
	NTSTATUS status;
+	OM_uint32 gss_maj = -1;
	OM_uint32 time_rec = 0;
	struct timeval tv;




From d9b748869a8f4018ebee302aae8246bf29f60309 Mon Sep 17 00:00:00 2001
From: "Timur I. Bakeyev" <timur@iXsystems.com>
Date: Fri, 1 Jun 2018 01:35:08 +0800
Subject: [PATCH] vfs_fruit: allow broken AFP_Signature where the first
 byte is 0

FreeBSD bug ... caused the first byte of the AFP_AfpInfo xattr to be 0
instead of 'A'. This hack allows such broken AFP_AfpInfo blobs to be
parsed by afpinfo_unpack().

FreeBSD Bug: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=228462

Signed-off-by: Ralph Boehme <slow@samba.org>

--- source3/lib/adouble.c.orig	2020-05-08 09:30:43 UTC
+++ source3/lib/adouble.c
@@ -2662,6 +2662,8 @@ ssize_t afpinfo_pack(const AfpInfo *ai, char *buf)
	return AFP_INFO_SIZE;
 }

+#define BROKEN_FREEBSD_AFP_Signature 0x00465000
+
 /**
  * Unpack a buffer into a AfpInfo structure
  *
@@ -2679,12 +2681,22 @@ AfpInfo *afpinfo_unpack(TALLOC_CTX *ctx, const void *d
	ai->afpi_Version = RIVAL(data, 4);
	ai->afpi_BackupTime = RIVAL(data, 12);
	memcpy(ai->afpi_FinderInfo, (const char *)data + 16,
-	       sizeof(ai->afpi_FinderInfo));
+		sizeof(ai->afpi_FinderInfo));

-	if (ai->afpi_Signature != AFP_Signature
-	    || ai->afpi_Version != AFP_Version) {
-		DEBUG(1, ("Bad AfpInfo signature or version\n"));
+	if (ai->afpi_Signature != AFP_Signature) {
+		DBG_WARNING("Bad AFP signature [%x]\n", ai->afpi_Signature);
+
+		if (ai->afpi_Signature != BROKEN_FREEBSD_AFP_Signature) {
+			DBG_ERR("Bad AfpInfo signature\n");
+			TALLOC_FREE(ai);
+			return NULL;
+		}
+	}
+
+	if (ai->afpi_Version != AFP_Version) {
+		DBG_ERR("Bad AfpInfo version\n");
		TALLOC_FREE(ai);
+		return NULL;
	}

	return ai;
--- source3/modules/vfs_fruit.c.orig	2021-01-26 08:16:58 UTC
+++ source3/modules/vfs_fruit.c
@@ -2146,13 +2146,30 @@ static ssize_t fruit_pread_meta_stream(vfs_handle_stru
	struct fio *fio = (struct fio *)VFS_FETCH_FSP_EXTENSION(handle, fsp);
	ssize_t nread;
	int ret;
+	char *p = (char *)data;

	if (fio->fake_fd) {
		return -1;
	}

	nread = SMB_VFS_NEXT_PREAD(handle, fsp, data, n, offset);
-	if (nread == -1 || nread == n) {
+	if (nread <= 0) {
+		/*
+		 * fruit_meta_open_stream() removes O_CREAT flag
+		 * from xattr open. This results in vfs_streams_xattr
+		 * not generating an FSP extension for the files_struct
+		 * and causes subsequent pread() of stream to return
+		 * nread=0 if pread() occurs before pwrite().
+		 */
+		return nread;
+	}
+
+	if (nread == n) {
+		if (offset == 0 && nread > 3 && p[0] == 0 && p[1] == 'F' && p[2] == 'P') {
+			DBG_NOTICE("Fixing AFP_Info of [%s]\n",
+				    fsp_str_dbg(fsp));
+			p[0] = 'A';
+		}
		return nread;
	}




--- source3/modules/vfs_streams_xattr.c.orig	2019-01-15 10:07:00 UTC
+++ source3/modules/vfs_streams_xattr.c
@@ -1,10 +1,10 @@
 /*
  * Store streams in xattrs
  *
- * Copyright (C) Volker Lendecke, 2008
+ * Copyright (C) Volker Lendecke,  2008
+ * Copyright (C) Timur I. Bakeyev, 2017
  *
  * Partly based on James Peach's Darwin module, which is
- *
  * Copyright (C) James Peach 2006-2007
  *
  * This program is free software; you can redistribute it and/or modify
@@ -79,25 +79,79 @@ static SMB_INO_T stream_inode(const SMB_
 }

 static ssize_t get_xattr_size(connection_struct *conn,
-				const struct smb_filename *smb_fname,
-				const char *xattr_name)
+			      const struct smb_filename *smb_fname,
+			      const char *xattr_name)
 {
-	NTSTATUS status;
-	struct ea_struct ea;
	ssize_t result;

-	status = get_ea_value(talloc_tos(), conn, NULL, smb_fname,
-			      xattr_name, &ea);
+	result = SMB_VFS_GETXATTR(conn, smb_fname, xattr_name, NULL, 0);
+	// ? -1
+	return result;
+}

-	if (!NT_STATUS_IS_OK(status)) {
-		return -1;
+static NTSTATUS get_xattr_value(TALLOC_CTX *mem_ctx,
+			connection_struct *conn,
+			const struct smb_filename *smb_fname,
+			const char *ea_name,
+			struct ea_struct *pea)
+{
+	ssize_t attr_size;
+
+	attr_size = get_xattr_size(conn, smb_fname, ea_name);
+
+	if (attr_size == -1) {
+		return map_nt_error_from_unix(errno);
	}

-	result = ea.value.length-1;
-	TALLOC_FREE(ea.value.data);
-	return result;
+	pea->value = data_blob_talloc(mem_ctx, NULL, attr_size);
+	/* We may have xattr of a 0 size */
+	if(pea->value.data == NULL && attr_size) {
+		DEBUG(5,
+			("get_xattr_value: for EA '%s' failed to allocate %lu bytes\n",
+			ea_name, (unsigned long)attr_size)
+		);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	attr_size = SMB_VFS_GETXATTR(conn, smb_fname, ea_name, pea->value.data, pea->value.length);
+
+	if (attr_size == -1) {
+		return map_nt_error_from_unix(errno);
+	}
+
+	if(pea->value.length != attr_size) {
+		DEBUG(5,
+			("get_xattr_value: for EA '%s' requested %lu, read %lu bytes\n",
+			ea_name, (unsigned long)pea->value.length, (unsigned long)attr_size)
+		);
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	DEBUG(10,("get_xattr_value: EA '%s' is of length %lu\n", ea_name, (unsigned long)attr_size));
+	/*
+	 * This can dump huge amount of data multiple times. For example
+	 * for 1Mb ADS and chunk size 64Kb the same 1Mb dump will be
+	 * logged 16 times!
+	 */
+	dump_data(50, (uint8_t *)pea->value.data, pea->value.length);
+
+	pea->flags = 0;
+	// ? user.
+	if (strnequal(ea_name, "user.", 5)) {
+		pea->name = talloc_strdup(mem_ctx, &ea_name[5]);
+	} else {
+		pea->name = talloc_strdup(mem_ctx, ea_name);
+	}
+
+	if (pea->name == NULL) {
+		data_blob_free(&pea->value);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	return NT_STATUS_OK;
 }

+
 /**
  * Given a stream name, populate xattr_name with the xattr name to use for
  * accessing the stream.
@@ -114,6 +168,7 @@ static NTSTATUS streams_xattr_get_name(v
	SMB_VFS_HANDLE_GET_DATA(handle, config, struct streams_xattr_config,
				return NT_STATUS_UNSUCCESSFUL);

+        // stream_name is passed as ':stream', so skip leading ':'
	sname = talloc_strdup(ctx, stream_name + 1);
	if (sname == NULL) {
		return NT_STATUS_NO_MEMORY;
@@ -125,7 +180,7 @@ static NTSTATUS streams_xattr_get_name(v
	 * characters from their on-the-wire Unicode Private Range
	 * encoding to their native ASCII representation.
	 *
-	 * As as result the name of xattrs storing the streams (via
+	 * As a result the name of xattrs storing the streams (via
	 * vfs_streams_xattr) may contain a colon, so we have to use
	 * strrchr_m() instead of strchr_m() for matching the stream
	 * type suffix.
@@ -157,7 +212,7 @@ static NTSTATUS streams_xattr_get_name(v
		return NT_STATUS_NO_MEMORY;
	}

-	DEBUG(10, ("xattr_name: %s, stream_name: %s\n", *xattr_name,
+	DEBUG(10, ("xattr_name: '%s', stream_name: '%s'\n", *xattr_name,
		   stream_name));

	talloc_free(sname);
@@ -270,8 +325,8 @@ static int streams_xattr_fstat(vfs_handl
		return -1;
	}

-	sbuf->st_ex_size = get_xattr_size(handle->conn,
-					smb_fname_base, io->xattr_name);
+	sbuf->st_ex_size = get_xattr_size(handle->conn, smb_fname_base,
+					  io->xattr_name);
	if (sbuf->st_ex_size == -1) {
		TALLOC_FREE(smb_fname_base);
		SET_STAT_INVALID(*sbuf);
@@ -446,10 +501,10 @@ static int streams_xattr_open(vfs_handle
		goto fail;
	}

-	status = get_ea_value(talloc_tos(), handle->conn, NULL,
-			      smb_fname, xattr_name, &ea);
+	status = get_xattr_value(talloc_tos(), handle->conn,
+				 smb_fname, xattr_name, &ea);

-	DEBUG(10, ("get_ea_value returned %s\n", nt_errstr(status)));
+	DEBUG(10, ("get_xattr_value returned %s\n", nt_errstr(status)));

	if (!NT_STATUS_IS_OK(status)) {
		if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
@@ -480,19 +535,13 @@ static int streams_xattr_open(vfs_handle
		/*
		 * The attribute does not exist or needs to be truncated
		 */
-
-		/*
-		 * Darn, xattrs need at least 1 byte
-		 */
-		char null = '\0';
-
		DEBUG(10, ("creating or truncating attribute %s on file %s\n",
			   xattr_name, smb_fname->base_name));

		ret = SMB_VFS_SETXATTR(fsp->conn,
				       smb_fname,
				       xattr_name,
-				       &null, sizeof(null),
+				       NULL, 0,
				       flags & O_EXCL ? XATTR_CREATE : 0);
		if (ret != 0) {
			goto fail;
@@ -678,8 +727,8 @@ static int streams_xattr_rename(vfs_hand
	}

	/* read the old stream */
-	status = get_ea_value(talloc_tos(), handle->conn, NULL,
-			      smb_fname_src, src_xattr_name, &ea);
+	status = get_xattr_value(talloc_tos(), handle->conn,
+				 smb_fname_src, src_xattr_name, &ea);
	if (!NT_STATUS_IS_OK(status)) {
		errno = ENOENT;
		goto fail;
@@ -766,14 +815,13 @@ static NTSTATUS walk_xattr_streams(vfs_h
			continue;
		}

-		status = get_ea_value(names,
+		status = get_xattr_value(names,
					handle->conn,
-					NULL,
					smb_fname,
					names[i],
					&ea);
		if (!NT_STATUS_IS_OK(status)) {
-			DEBUG(10, ("Could not get ea %s for file %s: %s\n",
+			DEBUG(10, ("Could not get EA %s for file %s: %s\n",
				names[i],
				smb_fname->base_name,
				nt_errstr(status)));
@@ -835,16 +883,17 @@ struct streaminfo_state {
	NTSTATUS status;
 };

-static bool collect_one_stream(struct ea_struct *ea, void *private_data)
+static bool collect_one_stream(struct ea_struct *pea, void *private_data)
 {
	struct streaminfo_state *state =
		(struct streaminfo_state *)private_data;

+	// ? -1
	if (!add_one_stream(state->mem_ctx,
			    &state->num_streams, &state->streams,
-			    ea->name, ea->value.length-1,
+			    pea->name, pea->value.length,
			    smb_roundup(state->handle->conn,
-					ea->value.length-1))) {
+					pea->value.length))) {
		state->status = NT_STATUS_NO_MEMORY;
		return false;
	}
@@ -964,14 +1013,17 @@ static ssize_t streams_xattr_pwrite(vfs_
				    files_struct *fsp, const void *data,
				    size_t n, off_t offset)
 {
-        struct stream_io *sio =
+	struct stream_io *sio =
		(struct stream_io *)VFS_FETCH_FSP_EXTENSION(handle, fsp);
+	struct smb_filename *smb_fname_base = NULL;
+	TALLOC_CTX *frame = NULL;
+
	struct ea_struct ea;
	NTSTATUS status;
-	struct smb_filename *smb_fname_base = NULL;
	int ret;

-	DEBUG(10, ("streams_xattr_pwrite called for %d bytes\n", (int)n));
+	DEBUG(10, ("streams_xattr_pwrite: offset=%lu, size=%lu\n",
+		   (unsigned long)offset, (unsigned long)n));

	if (sio == NULL) {
		return SMB_VFS_NEXT_PWRITE(handle, fsp, data, n, offset);
@@ -981,6 +1033,8 @@ static ssize_t streams_xattr_pwrite(vfs_
		return -1;
	}

+	frame = talloc_stackframe();
+
	/* Create an smb_filename with stream_name == NULL. */
	smb_fname_base = synthetic_smb_fname(talloc_tos(),
					sio->base,
@@ -988,39 +1042,55 @@ static ssize_t streams_xattr_pwrite(vfs_
					NULL,
					fsp->fsp_name->flags);
	if (smb_fname_base == NULL) {
+		TALLOC_FREE(frame);
		errno = ENOMEM;
		return -1;
	}

-	status = get_ea_value(talloc_tos(), handle->conn, NULL,
-			      smb_fname_base, sio->xattr_name, &ea);
-	if (!NT_STATUS_IS_OK(status)) {
-		return -1;
-	}
-
-        if ((offset + n) > ea.value.length-1) {
-		uint8_t *tmp;
+	status = get_xattr_value(talloc_tos(), handle->conn,
+				 smb_fname_base, sio->xattr_name, &ea);

-		tmp = talloc_realloc(talloc_tos(), ea.value.data, uint8_t,
-					   offset + n + 1);
+	if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
+		/*
+		 * This can happen if we sit behind vfs_fruit:
+		 * fruit_ftruncate calls UNLINK on an attribute
+		 * truncating the "file" to zero length. A later
+		 * pwrite faces a non-existing attribute, we need to
+		 * cope with that here.
+		 *
+		 * This might be not the last word on this.
+		 */

-		if (tmp == NULL) {
-			TALLOC_FREE(ea.value.data);
-                        errno = ENOMEM;
-                        return -1;
-                }
-		ea.value.data = tmp;
-		ea.value.length = offset + n + 1;
-		ea.value.data[offset+n] = 0;
-        }
+		ea = (struct ea_struct) {0};
+		ea.name = talloc_strdup(talloc_tos(), sio->xattr_name);
+		if (ea.name == NULL) {
+			TALLOC_FREE(frame);
+			errno = ENOMEM;
+			return -1;
+		}
+		status = NT_STATUS_OK;
+	}

-        memcpy(ea.value.data + offset, data, n);
+	if (!NT_STATUS_IS_OK(status)) {
+		TALLOC_FREE(frame);
+		return -1;
+	}
+	// ? -1
+	if ((offset + n) > ea.value.length) {
+		if(!data_blob_realloc(talloc_tos(), &ea.value, offset + n)) {
+			TALLOC_FREE(frame);
+			errno = ENOMEM;
+			return -1;
+		}
+	}
+	memcpy(ea.value.data + offset, data, n);

	ret = SMB_VFS_SETXATTR(fsp->conn,
			       fsp->fsp_name,
			       sio->xattr_name,
			       ea.value.data, ea.value.length, 0);
-	TALLOC_FREE(ea.value.data);
+
+	TALLOC_FREE(frame);

	if (ret == -1) {
		return -1;
@@ -1033,15 +1103,17 @@ static ssize_t streams_xattr_pread(vfs_h
				   files_struct *fsp, void *data,
				   size_t n, off_t offset)
 {
-        struct stream_io *sio =
+	struct stream_io *sio =
		(struct stream_io *)VFS_FETCH_FSP_EXTENSION(handle, fsp);
+	struct smb_filename *smb_fname_base = NULL;
+	TALLOC_CTX *frame = NULL;
+
	struct ea_struct ea;
	NTSTATUS status;
-	size_t length, overlap;
-	struct smb_filename *smb_fname_base = NULL;
+	size_t overlap;

-	DEBUG(10, ("streams_xattr_pread: offset=%d, size=%d\n",
-		   (int)offset, (int)n));
+	DEBUG(10, ("streams_xattr_pread: offset=%lu, size=%lu\n",
+		   (unsigned long)offset, (unsigned long)n));

	if (sio == NULL) {
		return SMB_VFS_NEXT_PREAD(handle, fsp, data, n, offset);
@@ -1051,6 +1123,8 @@ static ssize_t streams_xattr_pread(vfs_h
		return -1;
	}

+	frame = talloc_stackframe();
+
	/* Create an smb_filename with stream_name == NULL. */
	smb_fname_base = synthetic_smb_fname(talloc_tos(),
					sio->base,
@@ -1058,31 +1132,35 @@ static ssize_t streams_xattr_pread(vfs_h
					NULL,
					fsp->fsp_name->flags);
	if (smb_fname_base == NULL) {
+		TALLOC_FREE(frame);
		errno = ENOMEM;
		return -1;
	}

-	status = get_ea_value(talloc_tos(), handle->conn, NULL,
-			      smb_fname_base, sio->xattr_name, &ea);
+	status = get_xattr_value(talloc_tos(), handle->conn,
+				 smb_fname_base, sio->xattr_name, &ea);
	if (!NT_STATUS_IS_OK(status)) {
+		TALLOC_FREE(frame);
		return -1;
	}
+	// ? -1
+	//length = ea.value.length-1;

-	length = ea.value.length-1;
+	DEBUG(10, ("streams_xattr_pread: get_xattr_value() returned %lu bytes\n",
+		   (unsigned long)ea.value.length));

-	DEBUG(10, ("streams_xattr_pread: get_ea_value returned %d bytes\n",
-		   (int)length));
+	/* Attempt to read past EOF. */
+	if (ea.value.length <= offset) {
+		TALLOC_FREE(frame);
+		return 0;
+	}

-        /* Attempt to read past EOF. */
-        if (length <= offset) {
-                return 0;
-        }
+	overlap = (offset + n) > ea.value.length ? (ea.value.length - offset) : n;
+	memcpy(data, ea.value.data + offset, overlap);

-        overlap = (offset + n) > length ? (length - offset) : n;
-        memcpy(data, ea.value.data + offset, overlap);
+	TALLOC_FREE(frame);

-	TALLOC_FREE(ea.value.data);
-        return overlap;
+	return overlap;
 }

 struct streams_xattr_pread_state {
@@ -1249,16 +1327,18 @@ static int streams_xattr_ftruncate(struc
					struct files_struct *fsp,
					off_t offset)
 {
-	int ret;
-	uint8_t *tmp;
-	struct ea_struct ea;
-	NTSTATUS status;
-        struct stream_io *sio =
+	struct stream_io *sio =
		(struct stream_io *)VFS_FETCH_FSP_EXTENSION(handle, fsp);
	struct smb_filename *smb_fname_base = NULL;
+	TALLOC_CTX *frame = NULL;

-	DEBUG(10, ("streams_xattr_ftruncate called for file %s offset %.0f\n",
-		   fsp_str_dbg(fsp), (double)offset));
+	struct ea_struct ea;
+	NTSTATUS status;
+	size_t orig_length;
+	int ret;
+
+	DEBUG(10, ("streams_xattr_ftruncate: called for file '%s' with offset %lu\n",
+		   fsp_str_dbg(fsp), (unsigned long)offset));

	if (sio == NULL) {
		return SMB_VFS_NEXT_FTRUNCATE(handle, fsp, offset);
@@ -1268,6 +1348,8 @@ static int streams_xattr_ftruncate(struc
		return -1;
	}

+	frame = talloc_stackframe();
+
	/* Create an smb_filename with stream_name == NULL. */
	smb_fname_base = synthetic_smb_fname(talloc_tos(),
					sio->base,
@@ -1275,40 +1357,46 @@ static int streams_xattr_ftruncate(struc
					NULL,
					fsp->fsp_name->flags);
	if (smb_fname_base == NULL) {
+		TALLOC_FREE(frame);
		errno = ENOMEM;
		return -1;
	}

-	status = get_ea_value(talloc_tos(), handle->conn, NULL,
-			      smb_fname_base, sio->xattr_name, &ea);
+	status = get_xattr_value(talloc_tos(), handle->conn,
+				 smb_fname_base, sio->xattr_name, &ea);
	if (!NT_STATUS_IS_OK(status)) {
+		TALLOC_FREE(frame);
		return -1;
	}
+	orig_length = ea.value.length;

-	tmp = talloc_realloc(talloc_tos(), ea.value.data, uint8_t,
-				   offset + 1);
+	/* Requested size matches the original size */
+	if(orig_length == offset) {
+		TALLOC_FREE(frame);
+		return 0;
+	}

-	if (tmp == NULL) {
-		TALLOC_FREE(ea.value.data);
+	/* That can both shrink and expand */
+	/* XXX: If offset == 0 the result of talloc_realloc is NULL, but still valid */
+	if(offset && !data_blob_realloc(talloc_tos(), &ea.value, offset)) {
+		TALLOC_FREE(frame);
		errno = ENOMEM;
		return -1;
	}

-	/* Did we expand ? */
-	if (ea.value.length < offset + 1) {
-		memset(&tmp[ea.value.length], '\0',
-			offset + 1 - ea.value.length);
+	/* If we expanded, fill up extra space with zeros */
+	if (orig_length < offset) {
+		memset(ea.value.data + orig_length, 0,
+			offset - orig_length);
	}

-	ea.value.data = tmp;
-	ea.value.length = offset + 1;
-	ea.value.data[offset] = 0;
-
+	/* XXX: We should use ea.value.length here, but when offset == 0
+	   it's not reset to 0 in data_blob_realloc() */
	ret = SMB_VFS_SETXATTR(fsp->conn,
			       fsp->fsp_name,
			       sio->xattr_name,
-			       ea.value.data, ea.value.length, 0);
-	TALLOC_FREE(ea.value.data);
+			       ea.value.data, offset, 0);
+	TALLOC_FREE(frame);

	if (ret == -1) {
		return -1;
@@ -1326,9 +1414,9 @@ static int streams_xattr_fallocate(struc
         struct stream_io *sio =
		(struct stream_io *)VFS_FETCH_FSP_EXTENSION(handle, fsp);

-	DEBUG(10, ("streams_xattr_fallocate called for file %s offset %.0f"
-		"len = %.0f\n",
-		fsp_str_dbg(fsp), (double)offset, (double)len));
+	DEBUG(10, ("streams_xattr_fallocate: called for file '%s' with offset %lu"
+		"len = %lu\n",
+		fsp_str_dbg(fsp), (unsigned long)offset, (unsigned long)len));

	if (sio == NULL) {
		return SMB_VFS_NEXT_FALLOCATE(handle, fsp, mode, offset, len);




--- source3/modules/vfs_virusfilter_utils.c.orig	2019-01-15 10:07:00 UTC
+++ source3/modules/vfs_virusfilter_utils.c
@@ -392,6 +392,10 @@ bool virusfilter_io_writel(

 bool virusfilter_io_writefl(
	struct virusfilter_io_handle *io_h,
+	const char *data_fmt, ...) PRINTF_ATTRIBUTE(2, 3);
+
+bool virusfilter_io_writefl(
+	struct virusfilter_io_handle *io_h,
	const char *data_fmt, ...)
 {
	va_list ap;
@@ -415,6 +419,10 @@ bool virusfilter_io_writefl(

 bool virusfilter_io_vwritefl(
	struct virusfilter_io_handle *io_h,
+	const char *data_fmt, va_list ap) PRINTF_ATTRIBUTE(2, 0);
+
+bool virusfilter_io_vwritefl(
+	struct virusfilter_io_handle *io_h,
	const char *data_fmt, va_list ap)
 {
	char data[VIRUSFILTER_IO_BUFFER_SIZE + VIRUSFILTER_IO_EOL_SIZE];
@@ -666,6 +674,11 @@ bool virusfilter_io_readl(TALLOC_CTX *ct
 bool virusfilter_io_writefl_readl(
	struct virusfilter_io_handle *io_h,
	char **read_line,
+	const char *fmt, ...) PRINTF_ATTRIBUTE(3, 4);
+
+bool virusfilter_io_writefl_readl(
+	struct virusfilter_io_handle *io_h,
+	char **read_line,
	const char *fmt, ...)
 {
	bool ok;

Added Link Here

(-)b/net/samba415/files/disabled/patch-source3_registry_tests_test__regfio.c (+10 lines)
1	--- source3/registry/tests/test_regfio.c.orig 2019-05-07 08:38:21 UTC
2	+++ source3/registry/tests/test_regfio.c
3	@@ -24,6 +24,7 @@
4
5	#include <errno.h>
6	#include <stdlib.h>
7	+#include <unistd.h>
8	#include <sys/types.h>
9	#include <sys/stat.h>
10	#include <fcntl.h>




--- source3/smbd/quotas.c.orig	2019-01-15 10:07:00 UTC
+++ source3/smbd/quotas.c
@@ -125,6 +125,7 @@ static bool nfs_quotas(char *nfspath, ui
	if (!cutstr)
		return False;

+	memset(&D, '\0', sizeof(D));
	memset(cutstr, '\0', len+1);
	host = strncat(cutstr,mnttype, sizeof(char) * len );
	DEBUG(5,("nfs_quotas: looking for mount on \"%s\"\n", cutstr));
@@ -133,7 +134,7 @@ static bool nfs_quotas(char *nfspath, ui
	args.gqa_pathp = testpath+1;
	args.gqa_uid = uid;

-	DEBUG(5,("nfs_quotas: Asking for host \"%s\" rpcprog \"%i\" rpcvers \"%i\" network \"%s\"\n", host, RQUOTAPROG, RQUOTAVERS, "udp"));
+	DEBUG(5,("nfs_quotas: Asking for host \"%s\" rpcprog \"%lu\" rpcvers \"%lu\" network \"%s\"\n", host, RQUOTAPROG, RQUOTAVERS, "udp"));

	if ((clnt = clnt_create(host, RQUOTAPROG, RQUOTAVERS, "udp")) == NULL) {
		ret = False;




--- source3/smbd/utmp.c.orig	2019-01-15 10:07:00 UTC
+++ source3/smbd/utmp.c
@@ -257,7 +257,7 @@ static char *uw_pathname(TALLOC_CTX *ctx
  Update utmp file directly.  No subroutine interface: probably a BSD system.
 ****************************************************************************/

-static void pututline_my(const char *uname, struct utmp *u, bool claim)
+static void pututline_my(const char *uname, STRUCT_UTMP *u, bool claim)
 {
	DEBUG(1,("pututline_my: not yet implemented\n"));
	/* BSD implementor: may want to consider (or not) adjusting "lastlog" */
@@ -271,7 +271,7 @@ static void pututline_my(const char *una
  Credit: Michail Vidiassov <master@iaas.msu.ru>
 ****************************************************************************/

-static void updwtmp_my(const char *wname, struct utmp *u, bool claim)
+static void updwtmp_my(const char *wname, STRUCT_UTMP *u, bool claim)
 {
	int fd;
	struct stat buf;
@@ -303,7 +303,7 @@ static void updwtmp_my(const char *wname
	if ((fd = open(wname, O_WRONLY|O_APPEND, 0)) < 0)
		return;
	if (fstat(fd, &buf) == 0) {
-		if (write(fd, (char *)u, sizeof(struct utmp)) != sizeof(struct utmp))
+		if (write(fd, (char *)u, sizeof(STRUCT_UTMP)) != sizeof(STRUCT_UTMP))
		(void) ftruncate(fd, buf.st_size);
	}
	(void) close(fd);
@@ -314,12 +314,12 @@ static void updwtmp_my(const char *wname
  Update via utmp/wtmp (not utmpx/wtmpx).
 ****************************************************************************/

-static void utmp_nox_update(struct utmp *u, bool claim)
+static void utmp_nox_update(STRUCT_UTMP *u, bool claim)
 {
	char *uname = NULL;
	char *wname = NULL;
 #if defined(PUTUTLINE_RETURNS_UTMP)
-	struct utmp *urc;
+	STRUCT_UTMP *urc;
 #endif /* PUTUTLINE_RETURNS_UTMP */

	uname = uw_pathname(talloc_tos(), "utmp", ut_pathname);
@@ -376,127 +376,52 @@ static void utmp_nox_update(struct utmp
	}
 }

-/****************************************************************************
- Copy a string in the utmp structure.
-****************************************************************************/

-static void utmp_strcpy(char *dest, const char *src, size_t n)
-{
-	size_t len = 0;

-	memset(dest, '\0', n);
-	if (src)
-		len = strlen(src);
-	if (len >= n) {
-		memcpy(dest, src, n);
-	} else {
-		if (len)
-			memcpy(dest, src, len);
-	}
-}
+

 /****************************************************************************
  Update via utmpx/wtmpx (preferred) or via utmp/wtmp.
 ****************************************************************************/

-static void sys_utmp_update(struct utmp *u, const char *hostname, bool claim)
+static void sys_utmp_update(STRUCT_UTMP *u, const char *hostname, bool claim)
 {
-#if !defined(HAVE_UTMPX_H)
-	/* No utmpx stuff.  Drop to non-x stuff */
-	utmp_nox_update(u, claim);
-#elif !defined(HAVE_PUTUTXLINE)
-	/* Odd.  Have utmpx.h but no "pututxline()".  Drop to non-x stuff */
-	DEBUG(1,("utmp_update: have utmpx.h but no pututxline() function\n"));
-	utmp_nox_update(u, claim);
-#elif !defined(HAVE_GETUTMPX)
-	/* Odd.  Have utmpx.h but no "getutmpx()".  Drop to non-x stuff */
-	DEBUG(1,("utmp_update: have utmpx.h but no getutmpx() function\n"));
-	utmp_nox_update(u, claim);
-#elif !defined(HAVE_UPDWTMPX)
-	/* Have utmpx.h but no "updwtmpx()".  Drop to non-x stuff */
-	DEBUG(1,("utmp_update: have utmpx.h but no updwtmpx() function\n"));
-	utmp_nox_update(u, claim);
-#else
-	char *uname = NULL;
-	char *wname = NULL;
-	struct utmpx ux, *uxrc;
-
-	getutmpx(u, &ux);
-
-#if defined(HAVE_UX_UT_SYSLEN)
-	if (hostname)
-		ux.ut_syslen = strlen(hostname) + 1;	/* include end NULL */
-	else
-		ux.ut_syslen = 0;
-#endif
-#if defined(HAVE_UX_UT_HOST)
-	utmp_strcpy(ux.ut_host, hostname, sizeof(ux.ut_host));
-#endif
-
-	uname = uw_pathname(talloc_tos(), "utmpx", ux_pathname);
-	wname = uw_pathname(talloc_tos(), "wtmpx", wx_pathname);
-	if (uname && wname) {
-		DEBUG(2,("utmp_update: uname:%s wname:%s\n", uname, wname));
-	}
+	STRUCT_UTMP *urc;

-	/*
-	 * Check for either uname or wname being empty.
-	 * Some systems, such as Redhat 6, have a "utmpx.h" which doesn't
-	 * define default filenames.
-	 * Also, our local installation has not provided an override.
-	 * Drop to non-x method.  (E.g. RH6 has good defaults in "utmp.h".)
-	 */
-	if (!uname || !wname || (strlen(uname) == 0) || (strlen(wname) == 0)) {
-		utmp_nox_update(u, claim);
-	} else {
-		utmpxname(uname);
-		setutxent();
-		uxrc = pututxline(&ux);
-		endutxent();
-		if (uxrc == NULL) {
-			DEBUG(2,("utmp_update: pututxline() failed\n"));
-			return;
-		}
-		updwtmpx(wname, &ux);
+	setutxent();
+	urc = pututxline(u);
+	endutxent();
+	if (urc == NULL) {
+		DEBUG(2,("utmp_update: pututxline() failed\n"));
+		return;
	}
-#endif /* HAVE_UTMPX_H */
 }

 #if defined(HAVE_UT_UT_ID)
 /****************************************************************************
  Encode the unique connection number into "ut_id".
 ****************************************************************************/
-
-static int ut_id_encode(int i, char *fourbyte)
+static void ut_id_encode(char *buf, int id, size_t buf_size)
 {
-	int nbase;
-	const char *ut_id_encstr = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
-
-/*
- * 'ut_id_encstr' is the character set on which modulo arithmetic is done.
- * Example: digits would produce the base-10 numbers from '001'.
- */
-	nbase = strlen(ut_id_encstr);
+	const char ut_id_encstr[] = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";

-	fourbyte[0] = ut_id_encstr[i % nbase];
-	i /= nbase;
-	fourbyte[1] = ut_id_encstr[i % nbase];
-	i /= nbase;
-	fourbyte[3] = ut_id_encstr[i % nbase];
-	i /= nbase;
-	fourbyte[2] = ut_id_encstr[i % nbase];
-	i /= nbase;
+	int nbase = sizeof(ut_id_encstr) - 1;
+	/*
+	 * 'ut_id_encstr' is the character set on which modulo arithmetic is done.
+	 * Example: digits would produce the base-10 numbers from '001'.
+	 */

-	/* we do not care about overflows as i is a random number */
-	return 0;
+	for(int i = 0; i < buf_size; i++) {
+		buf[i] = ut_id_encstr[id % nbase];
+		id /= nbase;
+	}
 }
 #endif /* defined(HAVE_UT_UT_ID) */

-
 /*
   fill a system utmp structure given all the info we can gather
 */
-static bool sys_utmp_fill(struct utmp *u,
+static bool sys_utmp_fill(STRUCT_UTMP *u,
			const char *username, const char *hostname,
			const char *id_str, int id_num)
 {
@@ -509,16 +434,16 @@ static bool sys_utmp_fill(struct utmp *u
	 *	rather than to try to detect and optimise.
	 */
 #if defined(HAVE_UT_UT_USER)
-	utmp_strcpy(u->ut_user, username, sizeof(u->ut_user));
+	strncpy(u->ut_user, username, sizeof(u->ut_user));
 #elif defined(HAVE_UT_UT_NAME)
-	utmp_strcpy(u->ut_name, username, sizeof(u->ut_name));
+	strncpy(u->ut_name, username, sizeof(u->ut_name));
 #endif

	/*
	 * ut_line:
	 *	If size limit proves troublesome, then perhaps use "ut_id_encode()".
	 */
-	utmp_strcpy(u->ut_line, id_str, sizeof(u->ut_line));
+	strncpy(u->ut_line, id_str, sizeof(u->ut_line));

 #if defined(HAVE_UT_UT_PID)
	u->ut_pid = getpid();
@@ -535,20 +460,23 @@ static bool sys_utmp_fill(struct utmp *u
	u->ut_time = timeval.tv_sec;
 #elif defined(HAVE_UT_UT_TV)
	GetTimeOfDay(&timeval);
-	u->ut_tv = timeval;
+	u->ut_tv.tv_sec = timeval.tv_sec;
+	u->ut_tv.tv_usec = timeval.tv_usec;
 #else
 #error "with-utmp must have UT_TIME or UT_TV"
 #endif

 #if defined(HAVE_UT_UT_HOST)
-	utmp_strcpy(u->ut_host, hostname, sizeof(u->ut_host));
+	if(hostname != NULL) {
+		strncpy(u->ut_host, hostname, sizeof(u->ut_host));
+#if defined(HAVE_UT_UT_SYSLEN)
+		u->ut_syslen = strlen(hostname) + 1;	/* include trailing NULL */
+#endif
+	}
 #endif

 #if defined(HAVE_UT_UT_ID)
-	if (ut_id_encode(id_num, u->ut_id) != 0) {
-		DEBUG(1,("utmp_fill: cannot encode id %d\n", id_num));
-		return False;
-	}
+	ut_id_encode(u->ut_id, id_num, sizeof(u->ut_id));
 #endif

	return True;
@@ -561,7 +489,7 @@ static bool sys_utmp_fill(struct utmp *u
 void sys_utmp_yield(const char *username, const char *hostname,
		    const char *id_str, int id_num)
 {
-	struct utmp u;
+	STRUCT_UTMP u;

	ZERO_STRUCT(u);

@@ -587,7 +515,7 @@ void sys_utmp_yield(const char *username
 void sys_utmp_claim(const char *username, const char *hostname,
		    const char *id_str, int id_num)
 {
-	struct utmp u;
+	STRUCT_UTMP u;

	ZERO_STRUCT(u);




--- source3/torture/cmd_vfs.c.orig	2019-01-15 10:07:00 UTC
+++ source3/torture/cmd_vfs.c
@@ -145,7 +145,84 @@ static NTSTATUS cmd_disk_free(struct vfs_state *vfs, T
	return NT_STATUS_OK;
 }

+static NTSTATUS cmd_get_quota(struct vfs_state *vfs, TALLOC_CTX *mem_ctx, int argc, const char **argv)
+{
+	struct smb_filename *smb_fname = NULL;
+	uint64_t quota, bsize, dfree, dsize;
+	enum SMB_QUOTA_TYPE qtype;
+	SMB_DISK_QUOTA D;
+	unid_t id;
+	int r;

+	if (argc != 4) {
+		printf("Usage: get_quota <path> [user|group] id\n");
+		return NT_STATUS_OK;
+	}
+
+	smb_fname = synthetic_smb_fname(talloc_tos(),
+					argv[1],
+					NULL,
+					NULL,
+					0,
+					ssf_flags());
+	if (smb_fname == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	if(strcmp(argv[2], "user") == 0) {
+		qtype = SMB_USER_FS_QUOTA_TYPE;
+	}
+	else if(strcmp(argv[2], "group") == 0) {
+		qtype = SMB_GROUP_FS_QUOTA_TYPE;
+	}
+	else {
+		printf("Usage: get_quota <path> [user|group] id\n");
+		return NT_STATUS_OK;
+	}
+
+	id.uid = atoi(argv[3]);
+
+	ZERO_STRUCT(D);
+
+	r = SMB_VFS_GET_QUOTA(vfs->conn, smb_fname, qtype, id, &D);
+
+	if (r == -1 && errno != ENOSYS) {
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	if (r == 0 && (D.qflags & QUOTAS_DENY_DISK) == 0) {
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	bsize = D.bsize;
+	/* Use softlimit to determine disk space, except when it has been exceeded */
+	if (
+		(D.softlimit && D.curblocks >= D.softlimit) ||
+		(D.hardlimit && D.curblocks >= D.hardlimit) ||
+		(D.isoftlimit && D.curinodes >= D.isoftlimit) ||
+		(D.ihardlimit && D.curinodes>=D.ihardlimit)
+	) {
+		dfree = 0;
+		dsize = D.curblocks;
+	} else if (D.softlimit==0 && D.hardlimit==0) {
+		return NT_STATUS_UNSUCCESSFUL;
+	} else {
+		if (D.softlimit == 0) {
+			D.softlimit = D.hardlimit;
+		}
+		dfree = D.softlimit - D.curblocks;
+		dsize = D.softlimit;
+	}
+
+	printf("get_quota: bsize = %lu, dfree = %lu, dsize = %lu\n",
+			(unsigned long)bsize,
+			(unsigned long)dfree,
+			(unsigned long)dsize);
+
+	return NT_STATUS_OK;
+}
+
+
 static NTSTATUS cmd_opendir(struct vfs_state *vfs, TALLOC_CTX *mem_ctx, int argc, const char **argv)
 {
	struct smb_filename *smb_fname = NULL;
@@ -2028,6 +2105,7 @@ struct cmd_set vfs_commands[] = {
	{ "connect",   cmd_connect,   "VFS connect()",    "connect" },
	{ "disconnect",   cmd_disconnect,   "VFS disconnect()",    "disconnect" },
	{ "disk_free",   cmd_disk_free,   "VFS disk_free()",    "disk_free <path>" },
+	{ "get_quota",   cmd_get_quota,   "VFS get_quota()",    "get_quota <path> [user|group] id" },
	{ "opendir",   cmd_opendir,   "VFS opendir()",    "opendir <fname>" },
	{ "readdir",   cmd_readdir,   "VFS readdir()",    "readdir" },
	{ "mkdir",   cmd_mkdir,   "VFS mkdir()",    "mkdir <path>" },
@@ -2057,33 +2135,22 @@ struct cmd_set vfs_commands[] = {
	{ "link",   cmd_link,   "VFS link()",    "link <oldpath> <newpath>" },
	{ "mknod",   cmd_mknod,   "VFS mknod()",    "mknod <path> <mode> <dev>" },
	{ "realpath",   cmd_realpath,   "VFS realpath()",    "realpath <path>" },
-	{ "getxattr", cmd_getxattr, "VFS getxattr()",
-	  "getxattr <path> <name>" },
-	{ "listxattr", cmd_listxattr, "VFS listxattr()",
-	  "listxattr <path>" },
-	{ "setxattr", cmd_setxattr, "VFS setxattr()",
-	  "setxattr <path> <name> <value> [<flags>]" },
-	{ "removexattr", cmd_removexattr, "VFS removexattr()",
-	  "removexattr <path> <name>\n" },
-	{ "fget_nt_acl", cmd_fget_nt_acl, "VFS fget_nt_acl()",
-	  "fget_nt_acl <fd>\n" },
-	{ "get_nt_acl", cmd_get_nt_acl, "VFS get_nt_acl()",
-	  "get_nt_acl <path>\n" },
-	{ "fset_nt_acl", cmd_fset_nt_acl, "VFS fset_nt_acl()",
-	  "fset_nt_acl <fd>\n" },
-	{ "set_nt_acl", cmd_set_nt_acl, "VFS open() and fset_nt_acl()",
-	  "set_nt_acl <file>\n" },
+	{ "getxattr", cmd_getxattr, "VFS getxattr()", "getxattr <path> <name>" },
+	{ "listxattr", cmd_listxattr, "VFS listxattr()", "listxattr <path>" },
+	{ "setxattr", cmd_setxattr, "VFS setxattr()", "setxattr <path> <name> <value> [<flags>]" },
+	{ "removexattr", cmd_removexattr, "VFS removexattr()", "removexattr <path> <name>\n" },
+	{ "fget_nt_acl", cmd_fget_nt_acl, "VFS fget_nt_acl()", "fget_nt_acl <fd>\n" },
+	{ "get_nt_acl", cmd_get_nt_acl, "VFS get_nt_acl()", "get_nt_acl <path>\n" },
+	{ "fset_nt_acl", cmd_fset_nt_acl, "VFS fset_nt_acl()", "fset_nt_acl <fd>\n" },
+	{ "set_nt_acl", cmd_set_nt_acl, "VFS open() and fset_nt_acl()", "set_nt_acl <file>\n" },
	{ "sys_acl_get_file", cmd_sys_acl_get_file, "VFS sys_acl_get_file()", "sys_acl_get_file <path>" },
	{ "sys_acl_get_fd", cmd_sys_acl_get_fd, "VFS sys_acl_get_fd()", "sys_acl_get_fd <fd>" },
-	{ "sys_acl_blob_get_file", cmd_sys_acl_blob_get_file,
-	  "VFS sys_acl_blob_get_file()", "sys_acl_blob_get_file <path>" },
-	{ "sys_acl_blob_get_fd", cmd_sys_acl_blob_get_fd,
-	  "VFS sys_acl_blob_get_fd()", "sys_acl_blob_get_fd <path>" },
+	{ "sys_acl_blob_get_file", cmd_sys_acl_blob_get_file, "VFS sys_acl_blob_get_file()", "sys_acl_blob_get_file <path>" },
+	{ "sys_acl_blob_get_fd", cmd_sys_acl_blob_get_fd, "VFS sys_acl_blob_get_fd()", "sys_acl_blob_get_fd <path>" },
	{ "sys_acl_delete_def_file", cmd_sys_acl_delete_def_file, "VFS sys_acl_delete_def_file()", "sys_acl_delete_def_file <path>" },


-	{ "test_chain", cmd_test_chain, "test chain code",
-	  "test_chain" },
+	{ "test_chain", cmd_test_chain, "test chain code", "test_chain" },
	{ "translate_name", cmd_translate_name, "VFS translate_name()", "translate_name unix_filename" },
	{0}
 };




--- source3/utils/net.c.orig	2019-01-15 10:07:00 UTC
+++ source3/utils/net.c
@@ -1096,8 +1096,13 @@ static void get_credentials_file(struct
		lp_set_cmdline("netbios name", c->opt_requester_name);
	}

-	if (!c->opt_user_name && getenv("LOGNAME")) {
-		c->opt_user_name = getenv("LOGNAME");
+	if (!c->opt_user_name) {
+		if(getenv("LOGNAME"))
+			c->opt_user_name = getenv("LOGNAME");
+		else
+			d_fprintf(stderr,
+				_("Environment LOGNAME is not defined."
+			          " Trying anonymous access.\n"));
	}

	if (!c->opt_workgroup) {




--- source3/utils/net_time.c.orig	2019-01-15 10:07:00 UTC
+++ source3/utils/net_time.c
@@ -81,10 +81,15 @@ static const char *systime(time_t t)
	if (!tm) {
		return "unknown";
	}
-
+#if defined(FREEBSD)
+	return talloc_asprintf(talloc_tos(), "%02d%02d%02d%02d%02d.%02d",
+				tm->tm_year + 1900, tm->tm_mon+1, tm->tm_mday,
+				tm->tm_hour, tm->tm_min, tm->tm_sec);
+#else
	return talloc_asprintf(talloc_tos(), "%02d%02d%02d%02d%04d.%02d",
			       tm->tm_mon+1, tm->tm_mday, tm->tm_hour,
			       tm->tm_min, tm->tm_year + 1900, tm->tm_sec);
+#endif
 }

 int net_time_usage(struct net_context *c, int argc, const char **argv)

Added Link Here

(-)b/net/samba415/files/disabled/patch-source3_winbindd_wscript__build (+10 lines)
1	--- source3/winbindd/wscript_build.orig 2019-01-15 10:07:00 UTC
2	+++ source3/winbindd/wscript_build
3	@@ -2,7 +2,7 @@
4
5	bld.SAMBA3_LIBRARY('idmap',
6	source='idmap.c idmap_util.c',
7	- deps='samba-util pdb',
8	+ deps='pdb samba-modules secrets3',
9	allow_undefined_symbols=True,
10	private_library=True)




--- source3/wscript.orig	2019-07-09 10:08:41 UTC
+++ source3/wscript
@@ -50,6 +50,7 @@ def options(opt):
     opt.samba_add_onoff_option('sendfile-support', default=None)
     opt.samba_add_onoff_option('utmp')
     opt.samba_add_onoff_option('avahi', with_name="enable", without_name="disable")
+    opt.samba_add_onoff_option('dnssd', with_name="enable", without_name="disable")
     opt.samba_add_onoff_option('iconv')
     opt.samba_add_onoff_option('acl-support')
     opt.samba_add_onoff_option('dnsupdate')
@@ -784,34 +785,39 @@ msg.msg_accrightslen = sizeof(fd);

     if Options.options.with_utmp:
         conf.env.with_utmp = True
-        if not conf.CHECK_HEADERS('utmp.h'): conf.env.with_utmp = False
-        conf.CHECK_FUNCS('pututline pututxline updwtmp updwtmpx getutmpx getutxent')
-        conf.CHECK_STRUCTURE_MEMBER('struct utmp', 'ut_name', headers='utmp.h',
+        if not conf.CHECK_HEADERS('utmpx.h') and not conf.CHECK_HEADERS('utmp.h'):
+            conf.env.with_utmp = False
+        if conf.CONFIG_SET('HAVE_UTMPX_H'):
+            conf.DEFINE('STRUCT_UTMP', 'struct utmpx')
+        elif conf.CONFIG_SET('HAVE_UTMP_H'):
+            conf.DEFINE('STRUCT_UTMP', 'struct utmp')
+        conf.CHECK_FUNCS('pututxline getutxid getutxline updwtmpx getutmpx setutxent endutxent')
+        conf.CHECK_FUNCS('pututline getutid getutline updwtmp getutmp setutent endutent')
+        conf.CHECK_STRUCTURE_MEMBER('STRUCT_UTMP', 'ut_name', headers='utmpx.h utmp.h',
                                     define='HAVE_UT_UT_NAME')
-        conf.CHECK_STRUCTURE_MEMBER('struct utmp', 'ut_user', headers='utmp.h',
+
+        conf.CHECK_STRUCTURE_MEMBER('STRUCT_UTMP', 'ut_user', headers='utmpx.h utmp.h',
                                     define='HAVE_UT_UT_USER')
-        conf.CHECK_STRUCTURE_MEMBER('struct utmp', 'ut_id', headers='utmp.h',
+        conf.CHECK_STRUCTURE_MEMBER('STRUCT_UTMP', 'ut_id', headers='utmpx.h utmp.h',
                                     define='HAVE_UT_UT_ID')
-        conf.CHECK_STRUCTURE_MEMBER('struct utmp', 'ut_host', headers='utmp.h',
+        conf.CHECK_STRUCTURE_MEMBER('STRUCT_UTMP', 'ut_host', headers='utmpx.h utmp.h',
                                     define='HAVE_UT_UT_HOST')
-        conf.CHECK_STRUCTURE_MEMBER('struct utmp', 'ut_time', headers='utmp.h',
+        conf.CHECK_STRUCTURE_MEMBER('STRUCT_UTMP', 'ut_time', headers='utmpx.h utmp.h',
                                     define='HAVE_UT_UT_TIME')
-        conf.CHECK_STRUCTURE_MEMBER('struct utmp', 'ut_tv', headers='utmp.h',
+        conf.CHECK_STRUCTURE_MEMBER('STRUCT_UTMP', 'ut_tv', headers='utmpx.h utmp.h',
                                     define='HAVE_UT_UT_TV')
-        conf.CHECK_STRUCTURE_MEMBER('struct utmp', 'ut_type', headers='utmp.h',
+        conf.CHECK_STRUCTURE_MEMBER('STRUCT_UTMP', 'ut_type', headers='utmpx.h utmp.h',
                                     define='HAVE_UT_UT_TYPE')
-        conf.CHECK_STRUCTURE_MEMBER('struct utmp', 'ut_pid', headers='utmp.h',
+        conf.CHECK_STRUCTURE_MEMBER('STRUCT_UTMP', 'ut_pid', headers='utmpx.h utmp.h',
                                     define='HAVE_UT_UT_PID')
-        conf.CHECK_STRUCTURE_MEMBER('struct utmp', 'ut_exit.e_exit', headers='utmp.h',
+        conf.CHECK_STRUCTURE_MEMBER('STRUCT_UTMP', 'ut_exit.e_exit', headers='utmpx.h utmp.h',
                                     define='HAVE_UT_UT_EXIT')
-        conf.CHECK_STRUCTURE_MEMBER('struct utmpx', 'ut_syslen', headers='utmpx.h',
-                                    define='HAVE_UX_UT_SYSLEN')
-        conf.CHECK_STRUCTURE_MEMBER('struct utmpx', 'ut_host', headers='utmpx.h',
-                                    define='HAVE_UX_UT_HOST')
+        conf.CHECK_STRUCTURE_MEMBER('STRUCT_UTMP', 'ut_syslen', headers='utmpx.h utmp.h',
+                                    define='HAVE_UT_UT_SYSLEN')
         conf.CHECK_CODE('struct utmp utarg; struct utmp *utreturn; utreturn = pututline(&utarg);',
                         'PUTUTLINE_RETURNS_UTMP', headers='utmp.h',
                         msg="Checking whether pututline returns pointer")
-        conf.CHECK_SIZEOF(['((struct utmp *)NULL)->ut_line'], headers='utmp.h',
+        conf.CHECK_SIZEOF(['((STRUCT_UTMP *)NULL)->ut_line'], headers='utmpx.h utmp.h',
                           define='SIZEOF_UTMP_UT_LINE', critical=False)
         if not conf.CONFIG_SET('SIZEOF_UTMP_UT_LINE'):
             conf.env.with_utmp = False
@@ -833,6 +839,17 @@ msg.msg_accrightslen = sizeof(fd);
         conf.SET_TARGET_TYPE('avahi-common', 'EMPTY')
         conf.SET_TARGET_TYPE('avahi-client', 'EMPTY')

+    if Options.options.with_dnssd:
+        conf.env.with_dnssd = True
+        if not conf.CHECK_HEADERS('dns_sd.h'):
+            conf.env.with_dnssd = False
+        if not conf.CHECK_FUNCS_IN('DNSServiceRegister', 'dns_sd'):
+            conf.env.with_dnssd = False
+        if conf.env.with_dnssd:
+            conf.DEFINE('WITH_DNSSD_SUPPORT', 1)
+    else:
+        conf.SET_TARGET_TYPE('dns_sd', 'EMPTY')
+
     if Options.options.with_iconv:
         conf.env.with_iconv = True
         if not conf.CHECK_FUNCS_IN('iconv_open', 'iconv', headers='iconv.h'):




--- source3/wscript_build.orig	2020-07-09 13:33:56 UTC
+++ source3/wscript_build
@@ -233,11 +233,9 @@ bld.SAMBA3_SUBSYSTEM('SMBREGISTRY',
                         talloc
                         replace
                         util_reg
-                        samba-util
-                        samba-security
                         errors3
                         dbwrap
-                        samba3-util
+                        samba3util
                         ''')

 # Do not link against this use 'smbconf'
@@ -495,7 +493,7 @@ bld.SAMBA3_LIBRARY('secrets3',

 bld.SAMBA3_LIBRARY('smbldap',
                     source='lib/smbldap.c',
-                    deps='ldap lber samba-util smbconf',
+                    deps='ldap lber samba3util smbd_shim samba-debug smbconf',
                     enabled=bld.CONFIG_SET("HAVE_LDAP"),
                     private_library=False,
                     abi_directory='lib/ABI',
@@ -721,6 +719,7 @@ bld.SAMBA3_LIBRARY('smbd_base',
                         smbd_conn
                         param_service
                         AVAHI
+                        dns_sd
                         PRINTBASE
                         PROFILE
                         LOCKING
@@ -1129,6 +1128,7 @@ bld.SAMBA3_BINARY('client/smbclient',
                       msrpc3
                       RPC_NDR_SRVSVC
                       cli_smb_common
+                      dns_sd
                       archive
                       ''')

@@ -1153,8 +1153,8 @@ bld.SAMBA3_BINARY('smbspool_krb5_wrapper',
                  enabled=bld.CONFIG_SET('HAVE_CUPS'))

 bld.SAMBA3_BINARY('smbspool_argv_wrapper',
-		  source='script/tests/smbspool_argv_wrapper.c',
-		  for_selftest=True)
+                  source='script/tests/smbspool_argv_wrapper.c',
+                  for_selftest=True)

 bld.SAMBA3_BINARY('locktest2',
                  source='torture/locktest2.c',
@@ -1303,7 +1303,7 @@ bld.SAMBA3_BINARY('vfstest',
                       smbconf
                       SMBREADLINE
                       ''',
-                 for_selftest=True)
+                 install=True)

 bld.SAMBA3_BINARY('versiontest',
                  source='lib/version_test.c',

Added Link Here

(-)b/net/samba415/files/disabled/patch-source4_heimdal_lib_roken_rand.c (+10 lines)
1	--- source4/heimdal/lib/roken/rand.c.orig 2019-01-15 10:07:00 UTC
2	+++ source4/heimdal/lib/roken/rand.c
3	@@ -37,7 +37,6 @@ void ROKEN_LIB_FUNCTION
4	rk_random_init(void)
5	{
6	#if defined(HAVE_ARC4RANDOM)
7	- arc4random_stir();
8	#elif defined(HAVE_SRANDOMDEV)
9	srandomdev();
10	#elif defined(HAVE_RANDOM)




--- source4/kdc/kdc-service-mit.c.orig	2019-01-15 10:07:00 UTC
+++ source4/kdc/kdc-service-mit.c
@@ -36,9 +36,13 @@
 #include "kdc/samba_kdc.h"
 #include "kdc/kdc-server.h"
 #include "kdc/kpasswd-service.h"
-#include <kadm5/admin.h>
 #include <kdb.h>

+#pragma clang diagnostic push
+#pragma clang diagnostic ignored "-Wstrict-prototypes"
+#include <kadm5/admin.h>
+#pragma clang diagnostic pop
+
 #include "source4/kdc/mit_kdc_irpc.h"

 /* PROTOTYPES */

Added Link Here

(-)b/net/samba415/files/disabled/patch-third__party_wscript (+8 lines)
1	--- third_party/wscript.orig 2020-09-15 22:45:54 UTC
2	+++ third_party/wscript
3	@@ -7,7 +7,6 @@ from waflib import Options, Errors
4
5	# work out what python external libraries we need to install
6	external_pkgs = {
7	- "iso8601": "pyiso8601/iso8601",
8	}




--- docs-xml/wscript_build.orig	2019-06-25 00:52:38 UTC
+++ docs-xml/wscript_build
@@ -79,6 +79,7 @@ vfs_module_manpages = ['vfs_acl_tdb',
                        'vfs_extd_audit',
                        'vfs_fake_perms',
                        'vfs_fileid',
+                       'vfs_freebsd',
                        'vfs_fruit',
                        'vfs_full_audit',
                        'vfs_glusterfs',
--- source3/modules/wscript_build.orig	2019-05-07 08:38:21 UTC
+++ source3/modules/wscript_build
@@ -630,6 +630,14 @@ bld.SAMBA3_MODULE('vfs_delay_inject',
                  enabled=bld.SAMBA3_IS_ENABLED_MODULE('vfs_delay_inject'),
                  install=False)

+bld.SAMBA3_MODULE('vfs_freebsd',
+                 subsystem='vfs',
+                 source='vfs_freebsd.c',
+                 deps='samba-util',
+                 init_function='',
+                 internal_module=bld.SAMBA3_IS_STATIC_MODULE('vfs_freebsd'),
+                 enabled=bld.SAMBA3_IS_ENABLED_MODULE('vfs_freebsd'))
+
 bld.SAMBA3_MODULE('vfs_widelinks',
                  subsystem='vfs',
                  source='vfs_widelinks.c',
--- source3/modules/vfs_freebsd.c.orig	2019-06-22 11:56:57 UTC
+++ source3/modules/vfs_freebsd.c
@@ -0,0 +1,800 @@
+/*
+ * This module implements VFS calls specific to FreeBSD
+ *
+ * Copyright (C) Timur I. Bakeyev, 2018
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "includes.h"
+
+#include "lib/util/tevent_unix.h"
+#include "lib/util/tevent_ntstatus.h"
+#include "system/filesys.h"
+
+#include <sys/sysctl.h>
+
+static int vfs_freebsd_debug_level = DBGC_VFS;
+
+#undef DBGC_CLASS
+#define DBGC_CLASS vfs_freebsd_debug_level
+
+#ifndef EXTATTR_MAXNAMELEN
+#define EXTATTR_MAXNAMELEN		UINT8_MAX
+#endif
+
+#define EXTATTR_NAMESPACE(NS)		EXTATTR_NAMESPACE_ ## NS, \
+					EXTATTR_NAMESPACE_ ## NS ## _STRING ".", \
+					.data.len = (sizeof(EXTATTR_NAMESPACE_ ## NS ## _STRING ".") - 1)
+
+#define EXTATTR_EMPTY			0x00
+#define EXTATTR_USER			0x01
+#define EXTATTR_SYSTEM			0x02
+#define EXTATTR_SECURITY		0x03
+#define EXTATTR_TRUSTED			0x04
+
+enum extattr_mode {
+	FREEBSD_EXTATTR_SECURE,
+	FREEBSD_EXTATTR_COMPAT,
+	FREEBSD_EXTATTR_LEGACY
+};
+
+typedef struct {
+	int namespace;
+	char name[EXTATTR_MAXNAMELEN+1];
+	union {
+		uint16_t len;
+		uint16_t flags;
+	} data;
+} extattr_attr;
+
+typedef struct {
+	enum {
+		EXTATTR_FILE, EXTATTR_LINK, EXTATTR_FDES
+	} method;
+	union {
+		const char *path;
+		int filedes;
+	} param;
+} extattr_arg;
+
+static const struct enum_list extattr_mode_param[] = {
+	{ FREEBSD_EXTATTR_SECURE, "secure" },		/*  */
+	{ FREEBSD_EXTATTR_COMPAT, "compat" },		/*  */
+	{ FREEBSD_EXTATTR_LEGACY, "legacy" },		/*  */
+	{ -1, NULL }
+};
+
+
+/* */
+struct freebsd_handle_data {
+	enum extattr_mode extattr_mode;
+};
+
+
+/* XXX: This order doesn't match namespace ids order! */
+static extattr_attr extattr[] = {
+	{ EXTATTR_NAMESPACE(EMPTY) },
+	{ EXTATTR_NAMESPACE(SYSTEM) },
+	{ EXTATTR_NAMESPACE(USER) },
+};
+
+
+static bool freebsd_in_jail(void) {
+	int val = 0;
+	size_t val_len = sizeof(val);
+
+	if((sysctlbyname("security.jail.jailed", &val, &val_len, NULL, 0) != -1) && val == 1) {
+		return true;
+	}
+	return false;
+}
+
+static uint16_t freebsd_map_attrname(const char *name)
+{
+	if(name == NULL || name[0] == '\0') {
+		return EXTATTR_EMPTY;
+	}
+
+	switch(name[0]) {
+		case 'u':
+			if(strncmp(name, "user.", 5) == 0)
+				return EXTATTR_USER;
+			break;
+		case 't':
+			if(strncmp(name, "trusted.", 8) == 0)
+				return EXTATTR_TRUSTED;
+			break;
+		case 's':
+			/* name[1] could be any character, including '\0' */
+			switch(name[1]) {
+				case 'e':
+					if(strncmp(name, "security.", 9) == 0)
+						return EXTATTR_SECURITY;
+					break;
+				case 'y':
+					if(strncmp(name, "system.", 7) == 0)
+						return EXTATTR_SYSTEM;
+					break;
+			}
+			break;
+	}
+	return EXTATTR_USER;
+}
+
+/* security, system, trusted or user */
+static extattr_attr* freebsd_map_xattr(enum extattr_mode extattr_mode, const char *name, extattr_attr *attr)
+{
+	int attrnamespace = EXTATTR_NAMESPACE_EMPTY;
+	const char *p, *attrname = name;
+
+	if(name == NULL || name[0] == '\0') {
+		return NULL;
+	}
+
+	if(attr == NULL) {
+		return NULL;
+	}
+
+	uint16_t flags = freebsd_map_attrname(name);
+
+	switch(flags) {
+		case EXTATTR_SECURITY:
+		case EXTATTR_TRUSTED:
+		case EXTATTR_SYSTEM:
+			attrnamespace = (extattr_mode == FREEBSD_EXTATTR_SECURE) ?
+					EXTATTR_NAMESPACE_SYSTEM :
+					EXTATTR_NAMESPACE_USER;
+			break;
+		case EXTATTR_USER:
+			attrnamespace = EXTATTR_NAMESPACE_USER;
+			break;
+		default:
+			/* Default to "user" namespace if nothing else was specified */
+			attrnamespace = EXTATTR_NAMESPACE_USER;
+			flags = EXTATTR_USER;
+			break;
+	}
+
+	if (extattr_mode == FREEBSD_EXTATTR_LEGACY) {
+		switch(flags) {
+			case EXTATTR_SECURITY:
+				attrname = name + 9;
+				break;
+			case EXTATTR_TRUSTED:
+				attrname = name + 8;
+				break;
+			case EXTATTR_SYSTEM:
+				attrname = name + 7;
+				break;
+			case EXTATTR_USER:
+				attrname = name + 5;
+				break;
+			default:
+				attrname = ((p=strchr(name, '.')) != NULL) ? p + 1 : name;
+				break;
+		}
+	}
+
+	attr->namespace = attrnamespace;
+	attr->data.flags = flags;
+	strlcpy(attr->name, attrname, EXTATTR_MAXNAMELEN + 1);
+
+	return attr;
+}
+
+static ssize_t extattr_size(extattr_arg arg, extattr_attr *attr)
+{
+	ssize_t result;
+
+	switch(arg.method) {
+#if defined(HAVE_XATTR_EXTATTR)
+		case EXTATTR_FILE:
+			result = extattr_get_file(arg.param.path, attr->namespace, attr->name, NULL, 0);
+			break;
+		case EXTATTR_LINK:
+			result = extattr_get_link(arg.param.path, attr->namespace, attr->name, NULL, 0);
+			break;
+		case EXTATTR_FDES:
+			result = extattr_get_fd(arg.param.filedes, attr->namespace, attr->name, NULL, 0);
+			break;
+#endif
+		default:
+			errno = ENOSYS;
+			return -1;
+	}
+
+	if(result < 0) {
+		errno = EINVAL;
+		return -1;
+	}
+
+	return result;
+}
+
+
+/*
+ * The list of names is returned as an unordered array of NULL-terminated
+ * character strings (attribute names are separated by NULL characters),
+ * like this:
+ *      user.name1\0system.name1\0user.name2\0
+ *
+ * Filesystems like ext2, ext3 and XFS which implement POSIX ACLs using
+ * extended attributes, might return a list like this:
+ *      system.posix_acl_access\0system.posix_acl_default\0
+ */
+/*
+ * The extattr_list_file() returns a list of attributes present in the
+ * requested namespace. Each list entry consists of a single byte containing
+ * the length of the attribute name, followed by the attribute name. The
+ * attribute name is not terminated by ASCII 0 (nul).
+*/
+
+static ssize_t freebsd_extattr_list(extattr_arg arg, enum extattr_mode extattr_mode, char *list, size_t size)
+{
+	ssize_t list_size, total_size = 0;
+	char *p, *q, *list_end;
+	int len;
+	/*
+	 Ignore all but user namespace when we are not root or in jail
+	 See: https://bugzilla.samba.org/show_bug.cgi?id=10247
+	*/
+	bool as_root = (geteuid() == 0);
+
+	int ns = (extattr_mode == FREEBSD_EXTATTR_SECURE && as_root) ? 1 : 2;
+
+	/* Iterate through extattr(2) namespaces */
+	for(; ns < ARRAY_SIZE(extattr); ns++) {
+		switch(arg.method) {
+#if defined(HAVE_XATTR_EXTATTR)
+			case EXTATTR_FILE:
+				list_size = extattr_list_file(arg.param.path, extattr[ns].namespace, list, size);
+				break;
+			case EXTATTR_LINK:
+				list_size = extattr_list_link(arg.param.path, extattr[ns].namespace, list, size);
+				break;
+			case EXTATTR_FDES:
+				list_size = extattr_list_fd(arg.param.filedes, extattr[ns].namespace, list, size);
+				break;
+#endif
+			default:
+				errno = ENOSYS;
+				return -1;
+		}
+		/* Some error happend. Errno should be set by the previous call */
+		if(list_size < 0)
+			return -1;
+		/* No attributes in this namespace */
+		if(list_size == 0)
+			continue;
+		/*
+		 Call with an empty buffer may be used to calculate
+		 necessary buffer size.
+		*/
+		if(list == NULL) {
+			/*
+			 XXX: Unfortunately, we can't say, how many attributes were
+			 returned, so here is the potential problem with the emulation.
+			*/
+			if(extattr_mode == FREEBSD_EXTATTR_LEGACY) {
+				/*
+				 Take the worse case of one char attribute names -
+				 two bytes per name plus one more for sanity.
+				*/
+				total_size += list_size + (list_size/2 + 1)*extattr[ns].data.len;
+			}
+			else {
+				total_size += list_size;
+			}
+			continue;
+		}
+
+		if(extattr_mode == FREEBSD_EXTATTR_LEGACY) {
+			/* Count necessary offset to fit namespace prefixes */
+			int extra_len = 0;
+			uint16_t flags;
+			list_end = list + list_size;
+			for(list_size = 0, p = q = list; p < list_end; p += len) {
+				len = p[0] + 1;
+				(void)strlcpy(q, p + 1, len);
+				flags = freebsd_map_attrname(q);
+				/* Skip secure attributes for non-root user */
+				if(extattr_mode != FREEBSD_EXTATTR_SECURE && !as_root && flags > EXTATTR_USER) {
+					continue;
+				}
+				if(flags <= EXTATTR_USER) {
+					/* Don't count trailing '\0' */
+					extra_len += extattr[ns].data.len;
+				}
+				list_size += len;
+				q += len;
+			}
+			total_size += list_size + extra_len;
+			/* Buffer is too small to fit the results */
+			if(total_size > size) {
+				errno = ERANGE;
+				return -1;
+			}
+			/* Shift results backwards, so we can prepend prefixes */
+			list_end = list + extra_len;
+			p = (char*)memmove(list_end, list, list_size);
+			/*
+			 We enter the loop with `p` pointing to the shifted list and
+			 `extra_len` having the total margin between `list` and `p`
+			*/
+			for(list_end += list_size; p < list_end; p += len) {
+				len = strlen(p) + 1;
+				flags = freebsd_map_attrname(p);
+				if(flags <= EXTATTR_USER) {
+					/* Add namespace prefix */
+					(void)strncpy(list, extattr[ns].name, extattr[ns].data.len);
+					list += extattr[ns].data.len;
+				}
+				/* Append attribute name */
+				(void)strlcpy(list, p, len);
+				list += len;
+			}
+		}
+		else {
+			/* Convert UCSD strings into nul-terminated strings */
+			for(list_end = list + list_size; list < list_end; list += len) {
+				len = list[0] + 1;
+				(void)strlcpy(list, list + 1, len);
+			}
+			total_size += list_size;
+		}
+	}
+	return total_size;
+}
+
+/*
+static ssize_t freebsd_getxattr_size(vfs_handle_struct *handle,
+				const struct smb_filename *smb_fname,
+				const char *name)
+{
+	struct freebsd_handle_data *data;
+	extattr_arg arg = { EXTATTR_FILE, smb_fname->base_name };
+	extattr_attr attr;
+
+
+	SMB_VFS_HANDLE_GET_DATA(handle, data,
+				struct freebsd_handle_data,
+				return -1);
+
+	if(!freebsd_map_xattr(data->extattr_mode, name, &attr)) {
+		errno = EINVAL;
+		return -1;
+	}
+
+	if(data->extattr_mode != FREEBSD_EXTATTR_SECURE && geteuid() != 0 && attr.data.flags > EXTATTR_USER) {
+		errno = ENOATTR;
+		return -1;
+	}
+
+	return extattr_size(arg, &attr);
+}
+*/
+
+/* VFS entries */
+static ssize_t freebsd_getxattr(vfs_handle_struct *handle,
+				const struct smb_filename *smb_fname,
+				const char *name,
+				void *value,
+				size_t size)
+{
+#if defined(HAVE_XATTR_EXTATTR)
+	struct freebsd_handle_data *data;
+	extattr_arg arg = { EXTATTR_FILE, .param.path = smb_fname->base_name };
+	extattr_attr attr;
+	ssize_t res;
+
+	SMB_VFS_HANDLE_GET_DATA(handle, data,
+				struct freebsd_handle_data,
+				return -1);
+
+	if(!freebsd_map_xattr(data->extattr_mode, name, &attr)) {
+		errno = EINVAL;
+		return -1;
+	}
+
+	/* Filter out 'secure' entries */
+	if(data->extattr_mode != FREEBSD_EXTATTR_SECURE && geteuid() != 0 && attr.data.flags > EXTATTR_USER) {
+		errno = ENOATTR;
+		return -1;
+	}
+
+	/*
+	 * The BSD implementation has a nasty habit of silently truncating
+	 * the returned value to the size of the buffer, so we have to check
+	 * that the buffer is large enough to fit the returned value.
+	 */
+	if((res=extattr_size(arg, &attr)) < 0) {
+		return -1;
+	}
+
+	if (size == 0) {
+		return res;
+	}
+	else if (res > size) {
+		errno = ERANGE;
+		return -1;
+	}
+
+	if((res=extattr_get_file(smb_fname->base_name, attr.namespace, attr.name, value, size)) >= 0) {
+		return res;
+	}
+	return -1;
+#else
+	errno = ENOSYS;
+	return -1;
+#endif
+}
+
+
+static ssize_t freebsd_fgetxattr(vfs_handle_struct *handle,
+			      struct files_struct *fsp, const char *name,
+			      void *value, size_t size)
+{
+#if defined(HAVE_XATTR_EXTATTR)
+	struct freebsd_handle_data *data;
+	extattr_arg arg = { EXTATTR_FDES, .param.filedes = fsp->fh->fd };
+	extattr_attr attr;
+	ssize_t res;
+
+	SMB_VFS_HANDLE_GET_DATA(handle, data,
+				struct freebsd_handle_data,
+				return -1);
+
+	if(!freebsd_map_xattr(data->extattr_mode, name, &attr)) {
+		errno = EINVAL;
+		return -1;
+	}
+
+	/* Filter out 'secure' entries */
+	if(data->extattr_mode != FREEBSD_EXTATTR_SECURE && geteuid() != 0 && attr.data.flags > EXTATTR_USER) {
+		errno = ENOATTR;
+		return -1;
+	}
+
+	/*
+	 * The BSD implementation has a nasty habit of silently truncating
+	 * the returned value to the size of the buffer, so we have to check
+	 * that the buffer is large enough to fit the returned value.
+	 */
+	if((res=extattr_size(arg, &attr)) < 0) {
+		return -1;
+	}
+
+	if (size == 0) {
+		return res;
+	}
+	else if (res > size) {
+		errno = ERANGE;
+		return -1;
+	}
+
+	if((res=extattr_get_fd(fsp->fh->fd, attr.namespace, attr.name, value, size)) >= 0) {
+		return res;
+	}
+	return -1;
+#else
+	errno = ENOSYS;
+	return -1;
+#endif
+}
+
+
+static ssize_t freebsd_listxattr(vfs_handle_struct *handle,
+				const struct smb_filename *smb_fname,
+				char *list,
+				size_t size)
+{
+#if defined(HAVE_XATTR_EXTATTR)
+	struct freebsd_handle_data *data;
+
+	SMB_VFS_HANDLE_GET_DATA(handle, data,
+				struct freebsd_handle_data,
+				return -1);
+
+	extattr_arg arg = { EXTATTR_FILE, .param.path = smb_fname->base_name };
+
+	return freebsd_extattr_list(arg, data->extattr_mode, list, size);
+#else
+	errno = ENOSYS;
+	return -1;
+#endif
+}
+
+
+static ssize_t freebsd_flistxattr(vfs_handle_struct *handle,
+			       struct files_struct *fsp, char *list,
+			       size_t size)
+{
+#if defined(HAVE_XATTR_EXTATTR)
+	struct freebsd_handle_data *data;
+	extattr_arg arg = { EXTATTR_FDES, .param.filedes = fsp->fh->fd };
+
+	SMB_VFS_HANDLE_GET_DATA(handle, data,
+				struct freebsd_handle_data,
+				return -1);
+
+	return freebsd_extattr_list(arg, data->extattr_mode, list, size);
+#else
+	errno = ENOSYS;
+	return -1;
+#endif
+}
+
+static int freebsd_removexattr(vfs_handle_struct *handle,
+			const struct smb_filename *smb_fname,
+			const char *name)
+{
+#if defined(HAVE_XATTR_EXTATTR)
+	struct freebsd_handle_data *data;
+	extattr_attr attr;
+
+	SMB_VFS_HANDLE_GET_DATA(handle, data,
+				struct freebsd_handle_data,
+				return -1);
+
+
+	/* Filter out 'secure' entries */
+	if(data->extattr_mode != FREEBSD_EXTATTR_SECURE && geteuid() != 0 && attr.data.flags > EXTATTR_USER) {
+		errno = ENOATTR;
+		return -1;
+	}
+
+	return extattr_delete_file(smb_fname->base_name, attr.namespace, attr.name);
+#else
+	errno = ENOSYS;
+	return -1;
+#endif
+}
+
+
+static int freebsd_fremovexattr(vfs_handle_struct *handle,
+			     struct files_struct *fsp, const char *name)
+{
+#if defined(HAVE_XATTR_EXTATTR)
+	struct freebsd_handle_data *data;
+	extattr_attr attr;
+
+	SMB_VFS_HANDLE_GET_DATA(handle, data,
+				struct freebsd_handle_data,
+				return -1);
+
+	if(!freebsd_map_xattr(data->extattr_mode, name, &attr)) {
+		errno = EINVAL;
+		return -1;
+	}
+
+	/* Filter out 'secure' entries */
+	if(data->extattr_mode != FREEBSD_EXTATTR_SECURE && geteuid() != 0 && attr.data.flags > EXTATTR_USER) {
+		errno = ENOATTR;
+		return -1;
+	}
+
+	return extattr_delete_fd(fsp->fh->fd, attr.namespace, attr.name);
+#else
+	errno = ENOSYS;
+	return -1;
+#endif
+}
+
+
+static int freebsd_setxattr(vfs_handle_struct *handle,
+			const struct smb_filename *smb_fname,
+			const char *name,
+			const void *value,
+			size_t size,
+			int flags)
+{
+#if defined(HAVE_XATTR_EXTATTR)
+	struct freebsd_handle_data *data;
+	extattr_attr attr;
+	ssize_t res;
+
+	SMB_VFS_HANDLE_GET_DATA(handle, data,
+				struct freebsd_handle_data,
+				return -1);
+
+	if(!freebsd_map_xattr(data->extattr_mode, name, &attr)) {
+		errno = EINVAL;
+		return -1;
+	}
+
+	/* Filter out 'secure' entries */
+	if(data->extattr_mode != FREEBSD_EXTATTR_SECURE && geteuid() != 0 && attr.data.flags > EXTATTR_USER) {
+		errno = ENOATTR;
+		return -1;
+	}
+
+	if (flags) {
+		extattr_arg arg = { EXTATTR_FILE, .param.path = smb_fname->base_name };
+		/* Check attribute existence */
+		res = extattr_size(arg, &attr);
+		if (res < 0) {
+			/* REPLACE attribute, that doesn't exist */
+			if ((flags & XATTR_REPLACE) && errno == ENOATTR) {
+				errno = ENOATTR;
+				return -1;
+			}
+			/* Ignore other errors */
+		}
+		else {
+			/* CREATE attribute, that already exists */
+			if (flags & XATTR_CREATE) {
+				errno = EEXIST;
+				return -1;
+			}
+		}
+	}
+	res = extattr_set_file(smb_fname->base_name, attr.namespace, attr.name, value, size);
+
+	return (res >= 0) ? 0 : -1;
+#else
+	errno = ENOSYS;
+	return -1;
+#endif
+}
+
+
+static int freebsd_fsetxattr(vfs_handle_struct *handle, struct files_struct *fsp,
+			  const char *name, const void *value, size_t size,
+			  int flags)
+{
+#if defined(HAVE_XATTR_EXTATTR)
+	struct freebsd_handle_data *data;
+	extattr_attr attr;
+	ssize_t res;
+
+	SMB_VFS_HANDLE_GET_DATA(handle, data,
+				struct freebsd_handle_data,
+				return -1);
+
+	if(!freebsd_map_xattr(data->extattr_mode, name, &attr)) {
+		errno = EINVAL;
+		return -1;
+	}
+
+	/* Filter out 'secure' entries */
+	if(data->extattr_mode != FREEBSD_EXTATTR_SECURE && geteuid() != 0 && attr.data.flags > EXTATTR_USER) {
+		errno = ENOATTR;
+		return -1;
+	}
+
+	if (flags) {
+		extattr_arg arg = { EXTATTR_FDES, .param.filedes = fsp->fh->fd };
+		/* Check attribute existence */
+		res = extattr_size(arg, &attr);
+		if (res < 0) {
+			/* REPLACE attribute, that doesn't exist */
+			if ((flags & XATTR_REPLACE) && errno == ENOATTR) {
+				errno = ENOATTR;
+				return -1;
+			}
+			/* Ignore other errors */
+		}
+		else {
+			/* CREATE attribute, that already exists */
+			if (flags & XATTR_CREATE) {
+				errno = EEXIST;
+				return -1;
+			}
+		}
+	}
+
+	res = extattr_set_fd(fsp->fh->fd, attr.namespace, attr.name, value, size);
+
+	return (res >= 0) ? 0 : -1;
+#else
+	errno = ENOSYS;
+	return -1;
+#endif
+}
+
+static int freebsd_connect(vfs_handle_struct *handle, const char *service,
+			const char *user)
+{
+	struct freebsd_handle_data *data;
+	int enumval, saved_errno;
+
+	int ret = SMB_VFS_NEXT_CONNECT(handle, service, user);
+
+	if (ret < 0) {
+		return ret;
+	}
+
+	data = talloc_zero(handle->conn, struct freebsd_handle_data);
+	if (!data) {
+		saved_errno = errno;
+		SMB_VFS_NEXT_DISCONNECT(handle);
+		DEBUG(0, ("talloc_zero() failed\n"));
+		errno = saved_errno;
+		return -1;
+	}
+
+	enumval = lp_parm_enum(SNUM(handle->conn), "freebsd",
+			       "extattr mode", extattr_mode_param, FREEBSD_EXTATTR_LEGACY);
+	if (enumval == -1) {
+		saved_errno = errno;
+		SMB_VFS_NEXT_DISCONNECT(handle);
+		DBG_DEBUG("value for freebsd: 'extattr mode' is unknown\n");
+		errno = saved_errno;
+		return -1;
+	}
+
+	if(freebsd_in_jail()) {
+		enumval = FREEBSD_EXTATTR_COMPAT;
+		DBG_WARNING("running in jail, enforcing 'compat' mode\n");
+	}
+
+	data->extattr_mode = (enum extattr_mode)enumval;
+
+	SMB_VFS_HANDLE_SET_DATA(handle, data, NULL,
+				struct freebsd_handle_data,
+				return -1);
+
+	DBG_DEBUG("connect to service[%s] with '%s' extattr mode\n",
+		  service, extattr_mode_param[data->extattr_mode].name);
+
+	return 0;
+}
+
+static void freebsd_disconnect(vfs_handle_struct *handle)
+{
+	SMB_VFS_NEXT_DISCONNECT(handle);
+}
+
+/* VFS operations structure */
+
+struct vfs_fn_pointers freebsd_fns = {
+	/* Disk operations */
+
+	.connect_fn = freebsd_connect,
+	.disconnect_fn = freebsd_disconnect,
+
+	/* EA operations. */
+	.getxattr_fn = freebsd_getxattr,
+	.fgetxattr_fn = freebsd_fgetxattr,
+	.listxattr_fn = freebsd_listxattr,
+	.flistxattr_fn = freebsd_flistxattr,
+	.removexattr_fn = freebsd_removexattr,
+	.fremovexattr_fn = freebsd_fremovexattr,
+	.setxattr_fn = freebsd_setxattr,
+	.fsetxattr_fn = freebsd_fsetxattr,
+};
+
+static_decl_vfs;
+NTSTATUS vfs_freebsd_init(TALLOC_CTX *ctx)
+{
+	NTSTATUS ret;
+
+	ret = smb_register_vfs(SMB_VFS_INTERFACE_VERSION, "freebsd",
+				&freebsd_fns);
+
+	if (!NT_STATUS_IS_OK(ret)) {
+		return ret;
+	}
+
+	vfs_freebsd_debug_level = debug_add_class("freebsd");
+	if (vfs_freebsd_debug_level == -1) {
+		vfs_freebsd_debug_level = DBGC_VFS;
+		DEBUG(0, ("vfs_freebsd: Couldn't register custom debugging class!\n"));
+	} else {
+		DEBUG(10, ("vfs_freebsd: Debug class number of 'fileid': %d\n", vfs_freebsd_debug_level));
+	}
+
+	return ret;
+}
--- docs-xml/manpages/vfs_freebsd.8.xml.orig	2019-06-25 00:51:54 UTC
+++ docs-xml/manpages/vfs_freebsd.8.xml
@@ -0,0 +1,169 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
+<refentry id="vfs_freebsd.8">
+
+<refmeta>
+	<refentrytitle>vfs_freebsd</refentrytitle>
+	<manvolnum>8</manvolnum>
+	<refmiscinfo class="source">Samba</refmiscinfo>
+	<refmiscinfo class="manual">System Administration tools</refmiscinfo>
+	<refmiscinfo class="version">&doc.version;</refmiscinfo>
+</refmeta>
+
+<refnamediv>
+	<refname>vfs_freebsd</refname>
+	<refpurpose>FreeBSD-specific VFS functions</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+	<cmdsynopsis>
+		<command>vfs objects = freebsd</command>
+	</cmdsynopsis>
+</refsynopsisdiv>
+
+<refsect1>
+	<title>DESCRIPTION</title>
+
+	<para>This VFS module is part of the <citerefentry><refentrytitle>samba</refentrytitle>
+	<manvolnum>7</manvolnum></citerefentry> suite.</para>
+
+	<para>The <command>vfs_freebsd</command> module implements some of the FreeBSD-specific VFS functions.</para>
+
+	<para>This module is stackable.</para>
+</refsect1>
+
+
+<refsect1>
+	<title>OPTIONS</title>
+
+	<variablelist>
+
+	<varlistentry>
+		<term>freebsd:extattr mode=[legacy|compat|secure]</term>
+		<listitem>
+		<para>This parameter defines how the emulation of the Linux attr(5) extended attributes
+		is performed through the FreeBSD native extattr(9) system calls.</para>
+
+		<para>Currently the <emphasis>security</emphasis>, <emphasis>system</emphasis>,
+		<emphasis>trusted</emphasis> and <emphasis>user</emphasis> extended attribute(xattr)
+		classes are defined in Linux. Contrary FreeBSD has only <emphasis>USER</emphasis>
+		and <emphasis>SYSTEM</emphasis> extended attribute(extattr) namespaces, so mapping
+		of one set into another isn't straightforward and can be done in different ways.</para>
+
+		<para>Historically the Samba(7) built-in xattr mapping implementation simply converted
+		<emphasis>system</emphasis> and <emphasis>user</emphasis> xattr into corresponding
+		<emphasis>SYSTEM</emphasis> and <emphasis>USER</emphasis> extattr namespaces, dropping
+		the class prefix name with the separating dot and using attribute name only within the
+		mapped namespace. It also rejected any other xattr classes, like <emphasis>security</emphasis>
+		and <emphasis>trusted</emphasis> as invalid. Such behavior in particular broke AD
+		provisioning on UFS2 file systems as essential <emphasis>security.NTACL</emphasis>
+		xattr was rejected as invalid.</para>
+
+		<para>This module tries to address this problem and provide secure, where it's possible,
+		way to map Linux xattr into FreeBSD's extattr.</para>
+
+		<para>When <emphasis>mode</emphasis> is set to the <emphasis>legacy (default)</emphasis>
+		then modified version of built-in mapping is used, where <emphasis>system</emphasis> xattr
+		is mapped into SYSTEM namespace, while <emphasis>secure</emphasis>, <emphasis>trusted</emphasis>
+		and <emphasis>user</emphasis> xattr are all mapped into the USER namespace, dropping class
+		prefixes and mix them all together. This is the way how Samba FreeBSD ports were patched
+		up to the 4.9 version and that created multiple potential security issues. This mode is aimed for
+		the compatibility with the legacy installations only and should be avoided in new setups.</para>
+
+		<para>The <emphasis>compat</emphasis> mode is mostly designed for the jailed environments,
+		where it's not possible to write extattrs into the secure SYSTEM namespace, so all four
+		classes are mapped into the USER namespace. To preserve information about origin of the
+		extended attribute it is stored together with the class preffix in the <emphasis>class.attribute</emphasis>
+		format.</para>
+
+		<para>The <emphasis>secure</emphasis> mode is meant for storing extended attributes in a secure
+		manner, so that <emphasis>security</emphasis>, <emphasis>system</emphasis> and <emphasis>trusted</emphasis>
+		are stored in the SYSTEM namespace, which can be modified only by root.
+		</para>
+		</listitem>
+	</varlistentry>
+
+
+	</variablelist>
+</refsect1>
+
+<refsect1>
+	<table frame="all" rowheader="firstcol">
+		<title>Attributes mapping</title>
+		<tgroup cols='5' align='left' colsep='1' rowsep='1'>
+		<thead>
+			<row>
+			<entry> </entry>
+			<entry>built-in</entry>
+			<entry>legacy</entry>
+			<entry>compat/jail</entry>
+			<entry>secure</entry>
+			</row>
+		</thead>
+		<tbody>
+			<row>
+			<entry>user</entry>
+			<entry>USER; attribute</entry>
+			<entry>USER; attribute</entry>
+			<entry>USER; user.attribute</entry>
+			<entry>USER; user.attribute</entry>
+			</row>
+			<row>
+			<entry>system</entry>
+			<entry>SYSTEM; attribute</entry>
+			<entry>SYSTEM; attribute</entry>
+			<entry>USER; system.attribute</entry>
+			<entry>SYSTEM; system.attribute</entry>
+			</row>
+			<row>
+			<entry>trusted</entry>
+			<entry>FAIL</entry>
+			<entry>USER; attribute</entry>
+			<entry>USER; trusted.attribute</entry>
+			<entry>SYSTEM; trusted.attribute</entry>
+			</row>
+			<row>
+			<entry>security</entry>
+			<entry>FAIL</entry>
+			<entry>USER; attribute</entry>
+			<entry>USER; security.attribute</entry>
+			<entry>SYSTEM; security.attribute</entry>
+			</row>
+		</tbody>
+		</tgroup>
+	</table>
+</refsect1>
+
+<refsect1>
+	<title>EXAMPLES</title>
+
+	<para>Use secure method of setting extended attributes on the share:</para>
+
+<programlisting>
+	<smbconfsection name="[sysvol]"/>
+	<smbconfoption name="vfs objects">freebsd</smbconfoption>
+	<smbconfoption name="freebsd:extattr mode">secure</smbconfoption>
+</programlisting>
+
+</refsect1>
+
+<refsect1>
+	<title>VERSION</title>
+
+	<para>This man page is part of version &doc.version; of the Samba suite.
+	</para>
+</refsect1>
+
+<refsect1>
+	<title>AUTHOR</title>
+
+	<para>The original Samba software and related utilities
+	were created by Andrew Tridgell. Samba is now developed
+	by the Samba Team as an Open Source project similar
+	to the way the Linux kernel is developed.</para>
+
+	<para>This module was written by Timur I. Bakeyev</para>
+
+</refsect1>
+
+</refentry>




'\" t
.\"     Title: ctdb-script.options
.\"    Author:
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\"      Date: 09/23/2020
.\"    Manual: CTDB - clustered TDB database
.\"    Source: ctdb
.\"  Language: English
.\"
.TH "CTDB\-SCRIPT\&.OPTIO" "5" "09/23/2020" "ctdb" "CTDB \- clustered TDB database"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
ctdb-script.options \- CTDB scripts configuration files
.SH "DESCRIPTION"
.PP
Each CTDB script has 2 possible locations for its configuration options:
.PP
/usr/local/etc/ctdb/script\&.options
.RS 4
This is a catch\-all global file for general purpose scripts and for options that are used in multiple event scripts\&.
.RE
.PP
\fISCRIPT\fR\&.options
.RS 4
That is, options for
\fISCRIPT\fR
are placed in a file alongside the script, with a "\&.script" suffix added\&. This style is usually recommended for event scripts\&.
.sp
Options in this script\-specific file override those in the global file\&.
.RE
.PP
These files should include simple shell\-style variable assignments and shell\-style comments\&.
.SH "NETWORK CONFIGURATION"
.SS "10\&.interface"
.PP
This event script handles monitoring of interfaces using by public IP addresses\&.
.PP
CTDB_PARTIALLY_ONLINE_INTERFACES=yes|no
.RS 4
Whether one or more offline interfaces should cause a monitor event to fail if there are other interfaces that are up\&. If this is "yes" and a node has some interfaces that are down then
\fBctdb status\fR
will display the node as "PARTIALLYONLINE"\&.
.sp
Note that CTDB_PARTIALLY_ONLINE_INTERFACES=yes is not generally compatible with NAT gateway or LVS\&. NAT gateway relies on the interface configured by CTDB_NATGW_PUBLIC_IFACE to be up and LVS replies on CTDB_LVS_PUBLIC_IFACE to be up\&. CTDB does not check if these options are set in an incompatible way so care is needed to understand the interaction\&.
.sp
Default is "no"\&.
.RE
.SS "11\&.natgw"
.PP
Provides CTDB\*(Aqs NAT gateway functionality\&.
.PP
NAT gateway is used to configure fallback routing for nodes when they do not host any public IP addresses\&. For example, it allows unhealthy nodes to reliably communicate with external infrastructure\&. One node in a NAT gateway group will be designated as the NAT gateway master node and other (slave) nodes will be configured with fallback routes via the NAT gateway master node\&. For more information, see the
NAT GATEWAY
section in
\fBctdb\fR(7)\&.
.PP
CTDB_NATGW_DEFAULT_GATEWAY=\fIIPADDR\fR
.RS 4
IPADDR is an alternate network gateway to use on the NAT gateway master node\&. If set, a fallback default route is added via this network gateway\&.
.sp
No default\&. Setting this variable is optional \- if not set that no route is created on the NAT gateway master node\&.
.RE
.PP
CTDB_NATGW_NODES=\fIFILENAME\fR
.RS 4
FILENAME contains the list of nodes that belong to the same NAT gateway group\&.
.sp
File format:
.sp
.if n \{\
.RS 4
.\}
.nf
\fIIPADDR\fR [slave\-only]

.fi
.if n \{\
.RE
.\}
.sp
IPADDR is the private IP address of each node in the NAT gateway group\&.
.sp
If "slave\-only" is specified then the corresponding node can not be the NAT gateway master node\&. In this case
\fICTDB_NATGW_PUBLIC_IFACE\fR
and
\fICTDB_NATGW_PUBLIC_IP\fR
are optional and unused\&.
.sp
No default, usually
/usr/local/etc/ctdb/natgw_nodes
when enabled\&.
.RE
.PP
CTDB_NATGW_PRIVATE_NETWORK=\fIIPADDR/MASK\fR
.RS 4
IPADDR/MASK is the private sub\-network that is internally routed via the NAT gateway master node\&. This is usually the private network that is used for node addresses\&.
.sp
No default\&.
.RE
.PP
CTDB_NATGW_PUBLIC_IFACE=\fIIFACE\fR
.RS 4
IFACE is the network interface on which the CTDB_NATGW_PUBLIC_IP will be configured\&.
.sp
No default\&.
.RE
.PP
CTDB_NATGW_PUBLIC_IP=\fIIPADDR/MASK\fR
.RS 4
IPADDR/MASK indicates the IP address that is used for outgoing traffic (originating from CTDB_NATGW_PRIVATE_NETWORK) on the NAT gateway master node\&. This
\fImust not\fR
be a configured public IP address\&.
.sp
No default\&.
.RE
.PP
CTDB_NATGW_STATIC_ROUTES=\fIIPADDR/MASK[@GATEWAY]\fR \&.\&.\&.
.RS 4
Each IPADDR/MASK identifies a network or host to which NATGW should create a fallback route, instead of creating a single default route\&. This can be used when there is already a default route, via an interface that can not reach required infrastructure, that overrides the NAT gateway default route\&.
.sp
If GATEWAY is specified then the corresponding route on the NATGW master node will be via GATEWAY\&. Such routes are created even if
\fICTDB_NATGW_DEFAULT_GATEWAY\fR
is not specified\&. If GATEWAY is not specified for some networks then routes are only created on the NATGW master node for those networks if
\fICTDB_NATGW_DEFAULT_GATEWAY\fR
is specified\&.
.sp
This should be used with care to avoid causing traffic to unnecessarily double\-hop through the NAT gateway master, even when a node is hosting public IP addresses\&. Each specified network or host should probably have a corresponding automatically created link route or static route to avoid this\&.
.sp
No default\&.
.RE
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBExample\fR
.RS 4
.sp
.if n \{\
.RS 4
.\}
.nf
CTDB_NATGW_NODES=/usr/local/etc/ctdb/natgw_nodes
CTDB_NATGW_PRIVATE_NETWORK=192\&.168\&.1\&.0/24
CTDB_NATGW_DEFAULT_GATEWAY=10\&.0\&.0\&.1
CTDB_NATGW_PUBLIC_IP=10\&.0\&.0\&.227/24
CTDB_NATGW_PUBLIC_IFACE=eth0

.fi
.if n \{\
.RE
.\}
.PP
A variation that ensures that infrastructure (ADS, DNS, \&.\&.\&.) directly attached to the public network (10\&.0\&.0\&.0/24) is always reachable would look like this:
.sp
.if n \{\
.RS 4
.\}
.nf
CTDB_NATGW_NODES=/usr/local/etc/ctdb/natgw_nodes
CTDB_NATGW_PRIVATE_NETWORK=192\&.168\&.1\&.0/24
CTDB_NATGW_PUBLIC_IP=10\&.0\&.0\&.227/24
CTDB_NATGW_PUBLIC_IFACE=eth0
CTDB_NATGW_STATIC_ROUTES=10\&.0\&.0\&.0/24

.fi
.if n \{\
.RE
.\}
.PP
Note that
\fICTDB_NATGW_DEFAULT_GATEWAY\fR
is not specified\&.
.RE
.SS "13\&.per_ip_routing"
.PP
Provides CTDB\*(Aqs policy routing functionality\&.
.PP
A node running CTDB may be a component of a complex network topology\&. In particular, public addresses may be spread across several different networks (or VLANs) and it may not be possible to route packets from these public addresses via the system\*(Aqs default route\&. Therefore, CTDB has support for policy routing via the
13\&.per_ip_routing
eventscript\&. This allows routing to be specified for packets sourced from each public address\&. The routes are added and removed as CTDB moves public addresses between nodes\&.
.PP
For more information, see the
POLICY ROUTING
section in
\fBctdb\fR(7)\&.
.PP
CTDB_PER_IP_ROUTING_CONF=\fIFILENAME\fR
.RS 4
FILENAME contains elements for constructing the desired routes for each source address\&.
.sp
The special FILENAME value
\fB__auto_link_local__\fR
indicates that no configuration file is provided and that CTDB should generate reasonable link\-local routes for each public IP address\&.
.sp
File format:
.sp
.if n \{\
.RS 4
.\}
.nf
		\fIIPADDR\fR \fIDEST\-IPADDR/MASK\fR [\fIGATEWAY\-IPADDR\fR]

.fi
.if n \{\
.RE
.\}
.sp
No default, usually
/usr/local/etc/ctdb/policy_routing
when enabled\&.
.RE
.PP
CTDB_PER_IP_ROUTING_RULE_PREF=\fINUM\fR
.RS 4
NUM sets the priority (or preference) for the routing rules that are added by CTDB\&.
.sp
This should be (strictly) greater than 0 and (strictly) less than 32766\&. A priority of 100 is recommended, unless this conflicts with a priority already in use on the system\&. See
\fBip\fR(8), for more details\&.
.RE
.PP
CTDB_PER_IP_ROUTING_TABLE_ID_LOW=\fILOW\-NUM\fR, CTDB_PER_IP_ROUTING_TABLE_ID_HIGH=\fIHIGH\-NUM\fR
.RS 4
CTDB determines a unique routing table number to use for the routing related to each public address\&. LOW\-NUM and HIGH\-NUM indicate the minimum and maximum routing table numbers that are used\&.
.sp
\fBip\fR(8)
uses some reserved routing table numbers below 255\&. Therefore, CTDB_PER_IP_ROUTING_TABLE_ID_LOW should be (strictly) greater than 255\&.
.sp
CTDB uses the standard file
/etc/iproute2/rt_tables
to maintain a mapping between the routing table numbers and labels\&. The label for a public address
\fIADDR\fR
will look like ctdb\&.\fIaddr\fR\&. This means that the associated rules and routes are easy to read (and manipulate)\&.
.sp
No default, usually 1000 and 9000\&.
.RE
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBExample\fR
.RS 4
.sp
.if n \{\
.RS 4
.\}
.nf
CTDB_PER_IP_ROUTING_CONF=/usr/local/etc/ctdb/policy_routing
CTDB_PER_IP_ROUTING_RULE_PREF=100
CTDB_PER_IP_ROUTING_TABLE_ID_LOW=1000
CTDB_PER_IP_ROUTING_TABLE_ID_HIGH=9000

.fi
.if n \{\
.RE
.\}
.RE
.SS "91\&.lvs"
.PP
Provides CTDB\*(Aqs LVS functionality\&.
.PP
For a general description see the
LVS
section in
\fBctdb\fR(7)\&.
.PP
CTDB_LVS_NODES=\fIFILENAME\fR
.RS 4
FILENAME contains the list of nodes that belong to the same LVS group\&.
.sp
File format:
.sp
.if n \{\
.RS 4
.\}
.nf
\fIIPADDR\fR [slave\-only]

.fi
.if n \{\
.RE
.\}
.sp
IPADDR is the private IP address of each node in the LVS group\&.
.sp
If "slave\-only" is specified then the corresponding node can not be the LVS master node\&. In this case
\fICTDB_LVS_PUBLIC_IFACE\fR
and
\fICTDB_LVS_PUBLIC_IP\fR
are optional and unused\&.
.sp
No default, usually
/usr/local/etc/ctdb/lvs_nodes
when enabled\&.
.RE
.PP
CTDB_LVS_PUBLIC_IFACE=\fIINTERFACE\fR
.RS 4
INTERFACE is the network interface that clients will use to connection to
\fICTDB_LVS_PUBLIC_IP\fR\&. This is optional for slave\-only nodes\&. No default\&.
.RE
.PP
CTDB_LVS_PUBLIC_IP=\fIIPADDR\fR
.RS 4
CTDB_LVS_PUBLIC_IP is the LVS public address\&. No default\&.
.RE
.SH "SERVICE CONFIGURATION"
.PP
CTDB can be configured to manage and/or monitor various NAS (and other) services via its eventscripts\&.
.PP
In the simplest case CTDB will manage a service\&. This means the service will be started and stopped along with CTDB, CTDB will monitor the service and CTDB will do any required reconfiguration of the service when public IP addresses are failed over\&.
.SS "20\&.multipathd"
.PP
Provides CTDB\*(Aqs Linux multipathd service management\&.
.PP
It can monitor multipath devices to ensure that active paths are available\&.
.PP
CTDB_MONITOR_MPDEVICES=\fIMP\-DEVICE\-LIST\fR
.RS 4
MP\-DEVICE\-LIST is a list of multipath devices for CTDB to monitor?
.sp
No default\&.
.RE
.SS "31\&.clamd"
.PP
This event script provide CTDB\*(Aqs ClamAV anti\-virus service management\&.
.PP
This eventscript is not enabled by default\&. Use
\fBctdb enablescript\fR
to enable it\&.
.PP
CTDB_CLAMD_SOCKET=\fIFILENAME\fR
.RS 4
FILENAME is the socket to monitor ClamAV\&.
.sp
No default\&.
.RE
.SS "49\&.winbind"
.PP
Provides CTDB\*(Aqs Samba winbind service management\&.
.PP
CTDB_SERVICE_WINBIND=\fISERVICE\fR
.RS 4
Distribution specific SERVICE for managing winbindd\&.
.sp
Default is "winbind"\&.
.RE
.SS "50\&.samba"
.PP
Provides the core of CTDB\*(Aqs Samba file service management\&.
.PP
CTDB_SAMBA_CHECK_PORTS=\fIPORT\-LIST\fR
.RS 4
When monitoring Samba, check TCP ports in space\-separated PORT\-LIST\&.
.sp
Default is to monitor ports that Samba is configured to listen on\&.
.RE
.PP
CTDB_SAMBA_SKIP_SHARE_CHECK=yes|no
.RS 4
As part of monitoring, should CTDB skip the check for the existence of each directory configured as share in Samba\&. This may be desirable if there is a large number of shares\&.
.sp
Default is no\&.
.RE
.PP
CTDB_SERVICE_NMB=\fISERVICE\fR
.RS 4
Distribution specific SERVICE for managing nmbd\&.
.sp
Default is distribution\-dependant\&.
.RE
.PP
CTDB_SERVICE_SMB=\fISERVICE\fR
.RS 4
Distribution specific SERVICE for managing smbd\&.
.sp
Default is distribution\-dependant\&.
.RE
.SS "60\&.nfs"
.PP
This event script (along with 06\&.nfs) provides CTDB\*(Aqs NFS service management\&.
.PP
This includes parameters for the kernel NFS server\&. Alternative NFS subsystems (such as
\m[blue]\fBNFS\-Ganesha\fR\m[]\&\s-2\u[1]\d\s+2) can be integrated using
\fICTDB_NFS_CALLOUT\fR\&.
.PP
CTDB_NFS_CALLOUT=\fICOMMAND\fR
.RS 4
COMMAND specifies the path to a callout to handle interactions with the configured NFS system, including startup, shutdown, monitoring\&.
.sp
Default is the included
\fBnfs\-linux\-kernel\-callout\fR\&.
.RE
.PP
CTDB_NFS_CHECKS_DIR=\fIDIRECTORY\fR
.RS 4
Specifies the path to a DIRECTORY containing files that describe how to monitor the responsiveness of NFS RPC services\&. See the README file for this directory for an explanation of the contents of these "check" files\&.
.sp
CTDB_NFS_CHECKS_DIR can be used to point to different sets of checks for different NFS servers\&.
.sp
One way of using this is to have it point to, say,
/usr/local/etc/ctdb/nfs\-checks\-enabled\&.d
and populate it with symbolic links to the desired check files\&. This avoids duplication and is upgrade\-safe\&.
.sp
Default is
/usr/local/etc/ctdb/nfs\-checks\&.d, which contains NFS RPC checks suitable for Linux kernel NFS\&.
.RE
.PP
CTDB_NFS_SKIP_SHARE_CHECK=yes|no
.RS 4
As part of monitoring, should CTDB skip the check for the existence of each directory exported via NFS\&. This may be desirable if there is a large number of exports\&.
.sp
Default is no\&.
.RE
.PP
CTDB_RPCINFO_LOCALHOST=\fIIPADDR\fR|\fIHOSTNAME\fR
.RS 4
IPADDR or HOSTNAME indicates the address that
\fBrpcinfo\fR
should connect to when doing
\fBrpcinfo\fR
check on IPv4 RPC service during monitoring\&. Optimally this would be "localhost"\&. However, this can add some performance overheads\&.
.sp
Default is "127\&.0\&.0\&.1"\&.
.RE
.PP
CTDB_RPCINFO_LOCALHOST6=\fIIPADDR\fR|\fIHOSTNAME\fR
.RS 4
IPADDR or HOSTNAME indicates the address that
\fBrpcinfo\fR
should connect to when doing
\fBrpcinfo\fR
check on IPv6 RPC service during monitoring\&. Optimally this would be "localhost6" (or similar)\&. However, this can add some performance overheads\&.
.sp
Default is "::1"\&.
.RE
.PP
CTDB_NFS_STATE_FS_TYPE=\fITYPE\fR
.RS 4
The type of filesystem used for a clustered NFS\*(Aq shared state\&. No default\&.
.RE
.PP
CTDB_NFS_STATE_MNT=\fIDIR\fR
.RS 4
The directory where a clustered NFS\*(Aq shared state will be located\&. No default\&.
.RE
.SS "70\&.iscsi"
.PP
Provides CTDB\*(Aqs Linux iSCSI tgtd service management\&.
.PP
CTDB_START_ISCSI_SCRIPTS=\fIDIRECTORY\fR
.RS 4
DIRECTORY on shared storage containing scripts to start tgtd for each public IP address\&.
.sp
No default\&.
.RE
.SH "DATABASE SETUP"
.PP
CTDB checks the consistency of databases during startup\&.
.SS "00\&.ctdb"
.PP
CTDB_MAX_CORRUPT_DB_BACKUPS=\fINUM\fR
.RS 4
NUM is the maximum number of volatile TDB database backups to be kept (for each database) when a corrupt database is found during startup\&. Volatile TDBs are zeroed during startup so backups are needed to debug any corruption that occurs before a restart\&.
.sp
Default is 10\&.
.RE
.SH "SYSTEM RESOURCE MONITORING"
.SS "05\&.system"
.PP
Provides CTDB\*(Aqs filesystem and memory usage monitoring\&.
.PP
CTDB can experience seemingly random (performance and other) issues if system resources become too constrained\&. Options in this section can be enabled to allow certain system resources to be checked\&. They allows warnings to be logged and nodes to be marked unhealthy when system resource usage reaches the configured thresholds\&.
.PP
Some checks are enabled by default\&. It is recommended that these checks remain enabled or are augmented by extra checks\&. There is no supported way of completely disabling the checks\&.
.PP
CTDB_MONITOR_FILESYSTEM_USAGE=\fIFS\-LIMIT\-LIST\fR
.RS 4
FS\-LIMIT\-LIST is a space\-separated list of
\fIFILESYSTEM\fR:\fIWARN_LIMIT\fR[:\fIUNHEALTHY_LIMIT\fR]
triples indicating that warnings should be logged if the space used on FILESYSTEM reaches WARN_LIMIT%\&. If usage reaches UNHEALTHY_LIMIT then the node should be flagged unhealthy\&. Either WARN_LIMIT or UNHEALTHY_LIMIT may be left blank, meaning that check will be omitted\&.
.sp
Default is to warn for each filesystem containing a database directory (volatile\ \&database\ \&directory,
persistent\ \&database\ \&directory,
state\ \&database\ \&directory) with a threshold of 90%\&.
.RE
.PP
CTDB_MONITOR_MEMORY_USAGE=\fIMEM\-LIMITS\fR
.RS 4
MEM\-LIMITS takes the form
\fIWARN_LIMIT\fR[:\fIUNHEALTHY_LIMIT\fR]
indicating that warnings should be logged if memory usage reaches WARN_LIMIT%\&. If usage reaches UNHEALTHY_LIMIT then the node should be flagged unhealthy\&. Either WARN_LIMIT or UNHEALTHY_LIMIT may be left blank, meaning that check will be omitted\&.
.sp
Default is 80, so warnings will be logged when memory usage reaches 80%\&.
.RE
.SH "EVENT SCRIPT DEBUGGING"
.SS "debug\-hung\-script\&.sh"
.PP
CTDB_DEBUG_HUNG_SCRIPT_STACKPAT=\fIREGEXP\fR
.RS 4
REGEXP specifies interesting processes for which stack traces should be logged when debugging hung eventscripts and those processes are matched in pstree output\&. REGEXP is an extended regexp so choices are separated by pipes (\*(Aq|\*(Aq)\&. However, REGEXP should not contain parentheses\&. See also the
\fBctdb.conf\fR(5)
[event] "debug\ \&script" option\&.
.sp
Default is "exportfs|rpcinfo"\&.
.RE
.SH "FILES"
.RS 4
/usr/local/etc/ctdb/script\&.options
.RE
.SH "SEE ALSO"
.PP
\fBctdbd\fR(1),
\fBctdb\fR(7),
\m[blue]\fB\%http://ctdb.samba.org/\fR\m[]
.SH "AUTHOR"
.br
.PP
This documentation was written by Amitay Isaacs, Martin Schwenke
.SH "COPYRIGHT"
.br
Copyright \(co 2007 Andrew Tridgell, Ronnie Sahlberg
.br
.PP
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version\&.
.PP
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE\&. See the GNU General Public License for more details\&.
.PP
You should have received a copy of the GNU General Public License along with this program; if not, see
\m[blue]\fB\%http://www.gnu.org/licenses\fR\m[]\&.
.sp
.SH "NOTES"
.IP " 1." 4
NFS-Ganesha
.RS 4
\%https://github.com/nfs-ganesha/nfs-ganesha/wiki
.RE




'\" t
.\"     Title: ctdb-statistics
.\"    Author:
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\"      Date: 09/23/2020
.\"    Manual: CTDB - clustered TDB database
.\"    Source: ctdb
.\"  Language: English
.\"
.TH "CTDB\-STATISTICS" "7" "09/23/2020" "ctdb" "CTDB \- clustered TDB database"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
ctdb-statistics \- CTDB statistics output
.SH "OVERALL STATISTICS"
.PP
CTDB maintains information about various messages communicated and some of the important operations per node\&. See the
\fBctdb\fR(1)
commands
\fBstatistics\fR
and
\fBstatisticsreset\fR
for displaying statistics\&.
.SS "Example: ctdb statistics"
.sp
.if n \{\
.RS 4
.\}
.nf
CTDB version 1
Current time of statistics  :                Fri Sep 12 13:32:32 2014
Statistics collected since  : (000 01:49:20) Fri Sep 12 11:43:12 2014
 num_clients                        6
 frozen                             0
 recovering                         0
 num_recoveries                     2
 client_packets_sent           281293
 client_packets_recv           296317
 node_packets_sent             452387
 node_packets_recv             182394
 keepalive_packets_sent          3927
 keepalive_packets_recv          3928
 node
     req_call                   48605
     reply_call                     1
     req_dmaster                23404
     reply_dmaster              24917
     reply_error                    0
     req_message                  958
     req_control               197513
     reply_control             153705
 client
     req_call                  130866
     req_message                  770
     req_control               168921
 timeouts
     call                           0
     control                        0
     traverse                       0
 locks
     num_calls                    220
     num_current                    0
     num_pending                    0
     num_failed                     0
 total_calls                   130866
 pending_calls                      0
 childwrite_calls                   1
 pending_childwrite_calls             0
 memory_used                   334490
 max_hop_count                     18
 total_ro_delegations               2
 total_ro_revokes                   2
 hop_count_buckets: 42816 5464 26 1 0 0 0 0 0 0 0 0 0 0 0 0
 lock_buckets: 9 165 14 15 7 2 2 0 0 0 0 0 0 0 0 0
 locks_latency      MIN/AVG/MAX     0\&.000685/0\&.160302/6\&.369342 sec out of 214
 reclock_ctdbd      MIN/AVG/MAX     0\&.004940/0\&.004969/0\&.004998 sec out of 2
 reclock_recd       MIN/AVG/MAX     0\&.000000/0\&.000000/0\&.000000 sec out of 0
 call_latency       MIN/AVG/MAX     0\&.000006/0\&.000719/4\&.562991 sec out of 126626
 childwrite_latency MIN/AVG/MAX     0\&.014527/0\&.014527/0\&.014527 sec out of 1

.fi
.if n \{\
.RE
.\}
.SS "CTDB version"
.PP
Version of the ctdb protocol used by the node\&.
.SS "Current time of statistics"
.PP
Time when the statistics are generated\&.
.PP
This is useful when collecting statistics output periodically for post\-processing\&.
.SS "Statistics collected since"
.PP
Time when ctdb was started or the last time statistics was reset\&. The output shows the duration and the timestamp\&.
.SS "num_clients"
.PP
Number of processes currently connected to CTDB\*(Aqs unix socket\&. This includes recovery daemon, ctdb tool and samba processes (smbd, winbindd)\&.
.SS "frozen"
.PP
1 if the databases are currently frozen, 0 otherwise\&.
.SS "recovering"
.PP
1 if recovery is active, 0 otherwise\&.
.SS "num_recoveries"
.PP
Number of recoveries since the start of ctdb or since the last statistics reset\&.
.SS "client_packets_sent"
.PP
Number of packets sent to client processes via unix domain socket\&.
.SS "client_packets_recv"
.PP
Number of packets received from client processes via unix domain socket\&.
.SS "node_packets_sent"
.PP
Number of packets sent to the other nodes in the cluster via TCP\&.
.SS "node_packets_recv"
.PP
Number of packets received from the other nodes in the cluster via TCP\&.
.SS "keepalive_packets_sent"
.PP
Number of keepalive messages sent to other nodes\&.
.PP
CTDB periodically sends keepalive messages to other nodes\&. See
KeepaliveInterval
tunable in
\fBctdb-tunables\fR(7)
for more details\&.
.SS "keepalive_packets_recv"
.PP
Number of keepalive messages received from other nodes\&.
.SS "node"
.PP
This section lists various types of messages processed which originated from other nodes via TCP\&.
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBreq_call\fR
.RS 4
.PP
Number of REQ_CALL messages from the other nodes\&.
.RE
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBreply_call\fR
.RS 4
.PP
Number of REPLY_CALL messages from the other nodes\&.
.RE
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBreq_dmaster\fR
.RS 4
.PP
Number of REQ_DMASTER messages from the other nodes\&.
.RE
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBreply_dmaster\fR
.RS 4
.PP
Number of REPLY_DMASTER messages from the other nodes\&.
.RE
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBreply_error\fR
.RS 4
.PP
Number of REPLY_ERROR messages from the other nodes\&.
.RE
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBreq_message\fR
.RS 4
.PP
Number of REQ_MESSAGE messages from the other nodes\&.
.RE
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBreq_control\fR
.RS 4
.PP
Number of REQ_CONTROL messages from the other nodes\&.
.RE
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBreply_control\fR
.RS 4
.PP
Number of REPLY_CONTROL messages from the other nodes\&.
.RE
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBreq_tunnel\fR
.RS 4
.PP
Number of REQ_TUNNEL messages from the other nodes\&.
.RE
.SS "client"
.PP
This section lists various types of messages processed which originated from clients via unix domain socket\&.
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBreq_call\fR
.RS 4
.PP
Number of REQ_CALL messages from the clients\&.
.RE
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBreq_message\fR
.RS 4
.PP
Number of REQ_MESSAGE messages from the clients\&.
.RE
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBreq_control\fR
.RS 4
.PP
Number of REQ_CONTROL messages from the clients\&.
.RE
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBreq_tunnel\fR
.RS 4
.PP
Number of REQ_TUNNEL messages from the clients\&.
.RE
.SS "timeouts"
.PP
This section lists timeouts occurred when sending various messages\&.
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBcall\fR
.RS 4
.PP
Number of timeouts for REQ_CALL messages\&.
.RE
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBcontrol\fR
.RS 4
.PP
Number of timeouts for REQ_CONTROL messages\&.
.RE
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBtraverse\fR
.RS 4
.PP
Number of timeouts for database traverse operations\&.
.RE
.SS "locks"
.PP
This section lists locking statistics\&.
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBnum_calls\fR
.RS 4
.PP
Number of completed lock calls\&. This includes database locks and record locks\&.
.RE
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBnum_current\fR
.RS 4
.PP
Number of scheduled lock calls\&. This includes database locks and record locks\&.
.RE
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBnum_pending\fR
.RS 4
.PP
Number of queued lock calls\&. This includes database locks and record locks\&.
.RE
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBnum_failed\fR
.RS 4
.PP
Number of failed lock calls\&. This includes database locks and record locks\&.
.RE
.SS "total_calls"
.PP
Number of req_call messages processed from clients\&. This number should be same as client \-\-> req_call\&.
.SS "pending_calls"
.PP
Number of req_call messages which are currently being processed\&. This number indicates the number of record migrations in flight\&.
.SS "childwrite_calls"
.PP
Number of record update calls\&. Record update calls are used to update a record under a transaction\&.
.SS "pending_childwrite_calls"
.PP
Number of record update calls currently active\&.
.SS "memory_used"
.PP
The amount of memory in bytes currently used by CTDB using talloc\&. This includes all the memory used for CTDB\*(Aqs internal data structures\&. This does not include the memory mapped TDB databases\&.
.SS "max_hop_count"
.PP
The maximum number of hops required for a record migration request to obtain the record\&. High numbers indicate record contention\&.
.SS "total_ro_delegations"
.PP
Number of readonly delegations created\&.
.SS "total_ro_revokes"
.PP
Number of readonly delegations that were revoked\&. The difference between total_ro_revokes and total_ro_delegations gives the number of currently active readonly delegations\&.
.SS "hop_count_buckets"
.PP
Distribution of migration requests based on hop counts values\&. Buckets are 0, <\ \&2, <\ \&4, <\ \&8, <\ \&16, <\ \&32, <\ \&64, <\ \&128, <\ \&256, <\ \&512, <\ \&1024, <\ \&2048, <\ \&4096, <\ \&8192, <\ \&16384, ≥\ \&16384\&.
.SS "lock_buckets"
.PP
Distribution of record lock requests based on time required to obtain locks\&. Buckets are <\ \&1ms, <\ \&10ms, <\ \&100ms, <\ \&1s, <\ \&2s, <\ \&4s, <\ \&8s, <\ \&16s, <\ \&32s, <\ \&64s, ≥\ \&64s\&.
.SS "locks_latency"
.PP
The minimum, the average and the maximum time (in seconds) required to obtain record locks\&.
.SS "reclock_ctdbd"
.PP
The minimum, the average and the maximum time (in seconds) required to check if recovery lock is still held by recovery daemon when recovery mode is changed\&. This check is done in ctdb daemon\&.
.SS "reclock_recd"
.PP
The minimum, the average and the maximum time (in seconds) required to check if recovery lock is still held by recovery daemon during recovery\&. This check is done in recovery daemon\&.
.SS "call_latency"
.PP
The minimum, the average and the maximum time (in seconds) required to process a REQ_CALL message from client\&. This includes the time required to migrate a record from remote node, if the record is not available on the local node\&.
.SS "childwrite_latency"
.PP
Default: 0
.PP
The minimum, the average and the maximum time (in seconds) required to update records under a transaction\&.
.SH "DATABASE STATISTICS"
.PP
CTDB maintains per database statistics about important operations\&. See the
\fBctdb\fR(1)
command
\fBdbstatistics\fR
for displaying database statistics\&.
.SS "Example: ctdb dbstatistics notify_index\&.tdb"
.sp
.if n \{\
.RS 4
.\}
.nf
DB Statistics: notify_index\&.tdb
 ro_delegations                     0
 ro_revokes                         0
 locks
     total                        131
     failed                         0
     current                        0
     pending                        0
 hop_count_buckets: 9890 5454 26 1 0 0 0 0 0 0 0 0 0 0 0 0
 lock_buckets: 4 117 10 0 0 0 0 0 0 0 0 0 0 0 0 0
 locks_latency      MIN/AVG/MAX     0\&.000683/0\&.004198/0\&.014730 sec out of 131
 Num Hot Keys:     3
     Count:7 Key:2f636c75737465726673
     Count:18 Key:2f636c757374657266732f64617461
     Count:7 Key:2f636c757374657266732f646174612f636c69656e7473

.fi
.if n \{\
.RE
.\}
.SS "DB Statistics"
.PP
Name of the database\&.
.SS "ro_delegations"
.PP
Number of readonly delegations created in the database\&.
.SS "ro_revokes"
.PP
Number of readonly delegations revoked\&. The difference in ro_delegations and ro_revokes indicates the currently active readonly delegations\&.
.SS "locks"
.PP
This section lists locking statistics\&.
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBtotal\fR
.RS 4
.PP
Number of completed lock calls\&. This includes database locks and record locks\&.
.RE
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBfailed\fR
.RS 4
.PP
Number of failed lock calls\&. This includes database locks and record locks\&.
.RE
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBcurrent\fR
.RS 4
.PP
Number of scheduled lock calls\&. This includes database locks and record locks\&.
.RE
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBpending\fR
.RS 4
.PP
Number of queued lock calls\&. This includes database locks and record locks\&.
.RE
.SS "hop_count_buckets"
.PP
Distribution of migration requests based on hop counts values\&. Buckets are 0, <\ \&2, <\ \&4, <\ \&8, <\ \&16, <\ \&32, <\ \&64, <\ \&128, <\ \&256, <\ \&512, <\ \&1024, <\ \&2048, <\ \&4096, <\ \&8192, <\ \&16384, ≥\ \&16384\&.
.SS "lock_buckets"
.PP
Distribution of record lock requests based on time required to obtain locks\&. Buckets are <\ \&1ms, <\ \&10ms, <\ \&100ms, <\ \&1s, <\ \&2s, <\ \&4s, <\ \&8s, <\ \&16s, <\ \&32s, <\ \&64s, ≥\ \&64s\&.
.SS "locks_latency"
.PP
The minimum, the average and the maximum time (in seconds) required to obtain record locks\&.
.SS "Num Hot Keys"
.PP
Number of contended records determined by hop count\&. CTDB keeps track of top 10 hot records and the output shows hex encoded keys for the hot records\&.
.SH "SEE ALSO"
.PP
\fBctdb\fR(1),
\fBctdbd\fR(1),
\fBctdb-tunables\fR(7),
\m[blue]\fB\%http://ctdb.samba.org/\fR\m[]
.SH "AUTHOR"
.br
.PP
This documentation was written by Amitay Isaacs, Martin Schwenke
.SH "COPYRIGHT"
.br
Copyright \(co 2007 Andrew Tridgell, Ronnie Sahlberg
.br
.PP
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version\&.
.PP
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE\&. See the GNU General Public License for more details\&.
.PP
You should have received a copy of the GNU General Public License along with this program; if not, see
\m[blue]\fB\%http://www.gnu.org/licenses\fR\m[]\&.
.sp




'\" t
.\"     Title: ctdb-tunables
.\"    Author:
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\"      Date: 09/23/2020
.\"    Manual: CTDB - clustered TDB database
.\"    Source: ctdb
.\"  Language: English
.\"
.TH "CTDB\-TUNABLES" "7" "09/23/2020" "ctdb" "CTDB \- clustered TDB database"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
ctdb-tunables \- CTDB tunable configuration variables
.SH "DESCRIPTION"
.PP
CTDB\*(Aqs behaviour can be configured by setting run\-time tunable variables\&. This lists and describes all tunables\&. See the
\fBctdb\fR(1)
\fBlistvars\fR,
\fBsetvar\fR
and
\fBgetvar\fR
commands for more details\&.
.PP
Unless otherwise stated, tunables should be set to the same value on all nodes\&. Setting tunables to different values across nodes may produce unexpected results\&. Future releases may set (some or most) tunables globally across the cluster but doing so is currently a manual process\&.
.PP
Tunables can be set at startup from the
/usr/local/etc/ctdb/ctdb\&.tunables
configuration file\&.
.sp
.if n \{\
.RS 4
.\}
.nf
\fITUNABLE\fR=\fIVALUE\fR

.fi
.if n \{\
.RE
.\}
.PP
For example:
.sp
.if n \{\
.RS 4
.\}
.nf
MonitorInterval=20

.fi
.if n \{\
.RE
.\}
.PP
The available tunable variables are listed alphabetically below\&.
.SS "AllowClientDBAttach"
.PP
Default: 1
.PP
When set to 0, clients are not allowed to attach to any databases\&. This can be used to temporarily block any new processes from attaching to and accessing the databases\&. This is mainly used for detaching a volatile database using \*(Aqctdb detach\*(Aq\&.
.SS "AllowMixedVersions"
.PP
Default: 0
.PP
CTDB will not allow incompatible versions to co\-exist in a cluster\&. If a version mismatch is found, then losing CTDB will shutdown\&. To disable the incompatible version check, set this tunable to 1\&.
.PP
For version checking, CTDB uses major and minor version\&. For example, CTDB 4\&.6\&.1 and CTDB 4\&.6\&.2 are matching versions; CTDB 4\&.5\&.x and CTDB 4\&.6\&.y do not match\&.
.PP
CTDB with version check support will lose to CTDB without version check support\&. Between two different CTDB versions with version check support, one running for less time will lose\&. If the running time for both CTDB versions with version check support is equal (to seconds), then the older version will lose\&. The losing CTDB daemon will shutdown\&.
.SS "AllowUnhealthyDBRead"
.PP
Default: 0
.PP
When set to 1, ctdb allows database traverses to read unhealthy databases\&. By default, ctdb does not allow reading records from unhealthy databases\&.
.SS "ControlTimeout"
.PP
Default: 60
.PP
This is the default setting for timeout for when sending a control message to either the local or a remote ctdb daemon\&.
.SS "DatabaseHashSize"
.PP
Default: 100001
.PP
Number of the hash chains for the local store of the tdbs that ctdb manages\&.
.SS "DatabaseMaxDead"
.PP
Default: 5
.PP
Maximum number of dead records per hash chain for the tdb databses managed by ctdb\&.
.SS "DBRecordCountWarn"
.PP
Default: 100000
.PP
When set to non\-zero, ctdb will log a warning during recovery if a database has more than this many records\&. This will produce a warning if a database grows uncontrollably with orphaned records\&.
.SS "DBRecordSizeWarn"
.PP
Default: 10000000
.PP
When set to non\-zero, ctdb will log a warning during recovery if a single record is bigger than this size\&. This will produce a warning if a database record grows uncontrollably\&.
.SS "DBSizeWarn"
.PP
Default: 1000000000
.PP
When set to non\-zero, ctdb will log a warning during recovery if a database size is bigger than this\&. This will produce a warning if a database grows uncontrollably\&.
.SS "DeferredAttachTO"
.PP
Default: 120
.PP
When databases are frozen we do not allow clients to attach to the databases\&. Instead of returning an error immediately to the client, the attach request from the client is deferred until the database becomes available again at which stage we respond to the client\&.
.PP
This timeout controls how long we will defer the request from the client before timing it out and returning an error to the client\&.
.SS "ElectionTimeout"
.PP
Default: 3
.PP
The number of seconds to wait for the election of recovery master to complete\&. If the election is not completed during this interval, then that round of election fails and ctdb starts a new election\&.
.SS "EnableBans"
.PP
Default: 1
.PP
This parameter allows ctdb to ban a node if the node is misbehaving\&.
.PP
When set to 0, this disables banning completely in the cluster and thus nodes can not get banned, even it they break\&. Don\*(Aqt set to 0 unless you know what you are doing\&.
.SS "EventScriptTimeout"
.PP
Default: 30
.PP
Maximum time in seconds to allow an event to run before timing out\&. This is the total time for all enabled scripts that are run for an event, not just a single event script\&.
.PP
Note that timeouts are ignored for some events ("takeip", "releaseip", "startrecovery", "recovered") and converted to success\&. The logic here is that the callers of these events implement their own additional timeout\&.
.SS "FetchCollapse"
.PP
Default: 1
.PP
This parameter is used to avoid multiple migration requests for the same record from a single node\&. All the record requests for the same record are queued up and processed when the record is migrated to the current node\&.
.PP
When many clients across many nodes try to access the same record at the same time this can lead to a fetch storm where the record becomes very active and bounces between nodes very fast\&. This leads to high CPU utilization of the ctdbd daemon, trying to bounce that record around very fast, and poor performance\&. This can improve performance and reduce CPU utilization for certain workloads\&.
.SS "HopcountMakeSticky"
.PP
Default: 50
.PP
For database(s) marked STICKY (using \*(Aqctdb setdbsticky\*(Aq), any record that is migrating so fast that hopcount exceeds this limit is marked as STICKY record for
\fIStickyDuration\fR
seconds\&. This means that after each migration the sticky record will be kept on the node
\fIStickyPindown\fRmilliseconds and prevented from being migrated off the node\&.
.PP
This will improve performance for certain workloads, such as locking\&.tdb if many clients are opening/closing the same file concurrently\&.
.SS "IPAllocAlgorithm"
.PP
Default: 2
.PP
Selects the algorithm that CTDB should use when doing public IP address allocation\&. Meaningful values are:
.PP
0
.RS 4
Deterministic IP address allocation\&.
.sp
This is a simple and fast option\&. However, it can cause unnecessary address movement during fail\-over because each address has a "home" node\&. Works badly when some nodes do not have any addresses defined\&. Should be used with care when addresses are defined across multiple networks\&.
.RE
.PP
1
.RS 4
Non\-deterministic IP address allocation\&.
.sp
This is a relatively fast option that attempts to do a minimise unnecessary address movements\&. Addresses do not have a "home" node\&. Rebalancing is limited but it usually adequate\&. Works badly when addresses are defined across multiple networks\&.
.RE
.PP
2
.RS 4
LCP2 IP address allocation\&.
.sp
Uses a heuristic to assign addresses defined across multiple networks, usually balancing addresses on each network evenly across nodes\&. Addresses do not have a "home" node\&. Minimises unnecessary address movements\&. The algorithm is complex, so is slower than other choices for a large number of addresses\&. However, it can calculate an optimal assignment of 900 addresses in under 10 seconds on modern hardware\&.
.RE
.PP
If the specified value is not one of these then the default will be used\&.
.SS "KeepaliveInterval"
.PP
Default: 5
.PP
How often in seconds should the nodes send keep\-alive packets to each other\&.
.SS "KeepaliveLimit"
.PP
Default: 5
.PP
After how many keepalive intervals without any traffic should a node wait until marking the peer as DISCONNECTED\&.
.PP
If a node has hung, it can take
\fIKeepaliveInterval\fR
* (\fIKeepaliveLimit\fR
+ 1) seconds before ctdb determines that the node is DISCONNECTED and performs a recovery\&. This limit should not be set too high to enable early detection and avoid any application timeouts (e\&.g\&. SMB1) to kick in before the fail over is completed\&.
.SS "LockProcessesPerDB"
.PP
Default: 200
.PP
This is the maximum number of lock helper processes ctdb will create for obtaining record locks\&. When ctdb cannot get a record lock without blocking, it creates a helper process that waits for the lock to be obtained\&.
.SS "LogLatencyMs"
.PP
Default: 0
.PP
When set to non\-zero, ctdb will log if certains operations take longer than this value, in milliseconds, to complete\&. These operations include "process a record request from client", "take a record or database lock", "update a persistent database record" and "vacuum a database"\&.
.SS "MaxQueueDropMsg"
.PP
Default: 1000000
.PP
This is the maximum number of messages to be queued up for a client before ctdb will treat the client as hung and will terminate the client connection\&.
.SS "MonitorInterval"
.PP
Default: 15
.PP
How often should ctdb run the \*(Aqmonitor\*(Aq event in seconds to check for a node\*(Aqs health\&.
.SS "MonitorTimeoutCount"
.PP
Default: 20
.PP
How many \*(Aqmonitor\*(Aq events in a row need to timeout before a node is flagged as UNHEALTHY\&. This setting is useful if scripts can not be written so that they do not hang for benign reasons\&.
.SS "NoIPFailback"
.PP
Default: 0
.PP
When set to 1, ctdb will not perform failback of IP addresses when a node becomes healthy\&. When a node becomes UNHEALTHY, ctdb WILL perform failover of public IP addresses, but when the node becomes HEALTHY again, ctdb will not fail the addresses back\&.
.PP
Use with caution! Normally when a node becomes available to the cluster ctdb will try to reassign public IP addresses onto the new node as a way to distribute the workload evenly across the clusternode\&. Ctdb tries to make sure that all running nodes have approximately the same number of public addresses it hosts\&.
.PP
When you enable this tunable, ctdb will no longer attempt to rebalance the cluster by failing IP addresses back to the new nodes\&. An unbalanced cluster will therefore remain unbalanced until there is manual intervention from the administrator\&. When this parameter is set, you can manually fail public IP addresses over to the new node(s) using the \*(Aqctdb moveip\*(Aq command\&.
.SS "NoIPTakeover"
.PP
Default: 0
.PP
When set to 1, ctdb will not allow IP addresses to be failed over to other nodes\&. Any IP addresses already hosted on healthy nodes will remain\&. Any IP addresses hosted on unhealthy nodes will be released by unhealthy nodes and will become un\-hosted\&.
.SS "PullDBPreallocation"
.PP
Default: 10*1024*1024
.PP
This is the size of a record buffer to pre\-allocate for sending reply to PULLDB control\&. Usually record buffer starts with size of the first record and gets reallocated every time a new record is added to the record buffer\&. For a large number of records, this can be very inefficient to grow the record buffer one record at a time\&.
.SS "QueueBufferSize"
.PP
Default: 1024
.PP
This is the maximum amount of data (in bytes) ctdb will read from a socket at a time\&.
.PP
For a busy setup, if ctdb is not able to process the TCP sockets fast enough (large amount of data in Recv\-Q for tcp sockets), then this tunable value should be increased\&. However, large values can keep ctdb busy processing packets and prevent ctdb from handling other events\&.
.SS "RecBufferSizeLimit"
.PP
Default: 1000000
.PP
This is the limit on the size of the record buffer to be sent in various controls\&. This limit is used by new controls used for recovery and controls used in vacuuming\&.
.SS "RecdFailCount"
.PP
Default: 10
.PP
If the recovery daemon has failed to ping the main daemon for this many consecutive intervals, the main daemon will consider the recovery daemon as hung and will try to restart it to recover\&.
.SS "RecdPingTimeout"
.PP
Default: 60
.PP
If the main daemon has not heard a "ping" from the recovery daemon for this many seconds, the main daemon will log a message that the recovery daemon is potentially hung\&. This also increments a counter which is checked against
\fIRecdFailCount\fR
for detection of hung recovery daemon\&.
.SS "RecLockLatencyMs"
.PP
Default: 1000
.PP
When using a reclock file for split brain prevention, if set to non\-zero this tunable will make the recovery daemon log a message if the fcntl() call to lock/testlock the recovery file takes longer than this number of milliseconds\&.
.SS "RecoverInterval"
.PP
Default: 1
.PP
How frequently in seconds should the recovery daemon perform the consistency checks to determine if it should perform a recovery\&.
.SS "RecoverTimeout"
.PP
Default: 120
.PP
This is the default setting for timeouts for controls when sent from the recovery daemon\&. We allow longer control timeouts from the recovery daemon than from normal use since the recovery daemon often use controls that can take a lot longer than normal controls\&.
.SS "RecoveryBanPeriod"
.PP
Default: 300
.PP
The duration in seconds for which a node is banned if the node fails during recovery\&. After this time has elapsed the node will automatically get unbanned and will attempt to rejoin the cluster\&.
.PP
A node usually gets banned due to real problems with the node\&. Don\*(Aqt set this value too small\&. Otherwise, a problematic node will try to re\-join cluster too soon causing unnecessary recoveries\&.
.SS "RecoveryDropAllIPs"
.PP
Default: 120
.PP
If a node is stuck in recovery, or stopped, or banned, for this many seconds, then ctdb will release all public addresses on that node\&.
.SS "RecoveryGracePeriod"
.PP
Default: 120
.PP
During recoveries, if a node has not caused recovery failures during the last grace period in seconds, any records of transgressions that the node has caused recovery failures will be forgiven\&. This resets the ban\-counter back to zero for that node\&.
.SS "RepackLimit"
.PP
Default: 10000
.PP
During vacuuming, if the number of freelist records are more than
\fIRepackLimit\fR, then the database is repacked to get rid of the freelist records to avoid fragmentation\&.
.SS "RerecoveryTimeout"
.PP
Default: 10
.PP
Once a recovery has completed, no additional recoveries are permitted until this timeout in seconds has expired\&.
.SS "SeqnumInterval"
.PP
Default: 1000
.PP
Some databases have seqnum tracking enabled, so that samba will be able to detect asynchronously when there has been updates to the database\&. Every time a database is updated its sequence number is increased\&.
.PP
This tunable is used to specify in milliseconds how frequently ctdb will send out updates to remote nodes to inform them that the sequence number is increased\&.
.SS "StatHistoryInterval"
.PP
Default: 1
.PP
Granularity of the statistics collected in the statistics history\&. This is reported by \*(Aqctdb stats\*(Aq command\&.
.SS "StickyDuration"
.PP
Default: 600
.PP
Once a record has been marked STICKY, this is the duration in seconds, the record will be flagged as a STICKY record\&.
.SS "StickyPindown"
.PP
Default: 200
.PP
Once a STICKY record has been migrated onto a node, it will be pinned down on that node for this number of milliseconds\&. Any request from other nodes to migrate the record off the node will be deferred\&.
.SS "TakeoverTimeout"
.PP
Default: 9
.PP
This is the duration in seconds in which ctdb tries to complete IP failover\&.
.SS "TickleUpdateInterval"
.PP
Default: 20
.PP
Every
\fITickleUpdateInterval\fR
seconds, ctdb synchronizes the client connection information across nodes\&.
.SS "TraverseTimeout"
.PP
Default: 20
.PP
This is the duration in seconds for which a database traverse is allowed to run\&. If the traverse does not complete during this interval, ctdb will abort the traverse\&.
.SS "VacuumFastPathCount"
.PP
Default: 60
.PP
During a vacuuming run, ctdb usually processes only the records marked for deletion also called the fast path vacuuming\&. After finishing
\fIVacuumFastPathCount\fR
number of fast path vacuuming runs, ctdb will trigger a scan of complete database for any empty records that need to be deleted\&.
.SS "VacuumInterval"
.PP
Default: 10
.PP
Periodic interval in seconds when vacuuming is triggered for volatile databases\&.
.SS "VacuumMaxRunTime"
.PP
Default: 120
.PP
The maximum time in seconds for which the vacuuming process is allowed to run\&. If vacuuming process takes longer than this value, then the vacuuming process is terminated\&.
.SS "VerboseMemoryNames"
.PP
Default: 0
.PP
When set to non\-zero, ctdb assigns verbose names for some of the talloc allocated memory objects\&. These names are visible in the talloc memory report generated by \*(Aqctdb dumpmemory\*(Aq\&.
.SH "FILES>"
.RS 4
/usr/local/etc/ctdb/ctdb\&.tunables
.RE
.SH "SEE ALSO"
.PP
\fBctdb\fR(1),
\fBctdbd\fR(1),
\fBctdb.conf\fR(5),
\fBctdb\fR(7),
\m[blue]\fB\%http://ctdb.samba.org/\fR\m[]
.SH "AUTHOR"
.br
.PP
This documentation was written by Ronnie Sahlberg, Amitay Isaacs, Martin Schwenke
.SH "COPYRIGHT"
.br
Copyright \(co 2007 Andrew Tridgell, Ronnie Sahlberg
.br
.PP
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version\&.
.PP
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE\&. See the GNU General Public License for more details\&.
.PP
You should have received a copy of the GNU General Public License along with this program; if not, see
\m[blue]\fB\%http://www.gnu.org/licenses\fR\m[]\&.
.sp




'\" t
.\"     Title: ctdb
.\"    Author:
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\"      Date: 09/23/2020
.\"    Manual: CTDB - clustered TDB database
.\"    Source: ctdb
.\"  Language: English
.\"
.TH "CTDB" "1" "09/23/2020" "ctdb" "CTDB \- clustered TDB database"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
ctdb \- CTDB management utility
.SH "SYNOPSIS"
.HP \w'\fBctdb\fR\ 'u
\fBctdb\fR [\fIOPTION\fR...] {\fICOMMAND\fR} [\fICOMMAND\-ARGS\fR]
.SH "DESCRIPTION"
.PP
ctdb is a utility to view and manage a CTDB cluster\&.
.PP
The following terms are used when referring to nodes in a cluster:
.PP
PNN
.RS 4
Physical Node Number\&. The physical node number is an integer that describes the node in the cluster\&. The first node has physical node number 0\&. in a cluster\&.
.RE
.PP
PNN\-LIST
.RS 4
This is either a single PNN, a comma\-separate list of PNNs or "all"\&.
.RE
.PP
Commands that reference a database use the following terms:
.PP
DB
.RS 4
This is either a database name, such as
locking\&.tdb
or a database ID such as "0x42fe72c5"\&.
.RE
.PP
DB\-LIST
.RS 4
A space separated list of at least one
\fIDB\fR\&.
.RE
.SH "OPTIONS"
.PP
\-n \fIPNN\fR
.RS 4
The node specified by PNN should be queried for the requested information\&. Default is to query the daemon running on the local host\&.
.RE
.PP
\-Y
.RS 4
Produce output in machine readable form for easier parsing by scripts\&. This uses a field delimiter of \*(Aq:\*(Aq\&. Not all commands support this option\&.
.RE
.PP
\-x \fISEPARATOR\fR
.RS 4
Use SEPARATOR to delimit fields in machine readable output\&. This implies \-Y\&.
.RE
.PP
\-X
.RS 4
Produce output in machine readable form for easier parsing by scripts\&. This uses a field delimiter of \*(Aq|\*(Aq\&. Not all commands support this option\&.
.sp
This is equivalent to "\-x|" and avoids some shell quoting issues\&.
.RE
.PP
\-t \fITIMEOUT\fR
.RS 4
Indicates that ctdb should wait up to TIMEOUT seconds for a response to most commands sent to the CTDB daemon\&. The default is 10 seconds\&.
.RE
.PP
\-T \fITIMELIMIT\fR
.RS 4
Indicates that TIMELIMIT is the maximum run time (in seconds) for the ctdb command\&. When TIMELIMIT is exceeded the ctdb command will terminate with an error\&. The default is 120 seconds\&.
.RE
.PP
\-? \-\-help
.RS 4
Print some help text to the screen\&.
.RE
.PP
\-\-usage
.RS 4
Print usage information to the screen\&.
.RE
.PP
\-d \-\-debug=\fIDEBUGLEVEL\fR
.RS 4
Change the debug level for the command\&. Default is NOTICE\&.
.RE
.SH "ADMINISTRATIVE COMMANDS"
.PP
These are commands used to monitor and administer a CTDB cluster\&.
.SS "pnn"
.PP
This command displays the PNN of the current node\&.
.SS "status"
.PP
This command shows the current status of all CTDB nodes based on information from the queried node\&.
.PP
Note: If the queried node is INACTIVE then the status might not be current\&.
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBNode status\fR
.RS 4
.PP
This includes the number of physical nodes and the status of each node\&. See
\fBctdb\fR(7)
for information about node states\&.
.RE
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBGeneration\fR
.RS 4
.PP
The generation id is a number that indicates the current generation of a cluster instance\&. Each time a cluster goes through a reconfiguration or a recovery its generation id will be changed\&.
.PP
This number does not have any particular meaning other than to keep track of when a cluster has gone through a recovery\&. It is a random number that represents the current instance of a ctdb cluster and its databases\&. The CTDB daemon uses this number internally to be able to tell when commands to operate on the cluster and the databases was issued in a different generation of the cluster, to ensure that commands that operate on the databases will not survive across a cluster database recovery\&. After a recovery, all old outstanding commands will automatically become invalid\&.
.PP
Sometimes this number will be shown as "INVALID"\&. This only means that the ctdbd daemon has started but it has not yet merged with the cluster through a recovery\&. All nodes start with generation "INVALID" and are not assigned a real generation id until they have successfully been merged with a cluster through a recovery\&.
.RE
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBVirtual Node Number (VNN) map\fR
.RS 4
.PP
Consists of the number of virtual nodes and mapping from virtual node numbers to physical node numbers\&. Only nodes that are participating in the VNN map can become lmaster for database records\&.
.RE
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBRecovery mode\fR
.RS 4
.PP
This is the current recovery mode of the cluster\&. There are two possible modes:
.PP
NORMAL \- The cluster is fully operational\&.
.PP
RECOVERY \- The cluster databases have all been frozen, pausing all services while the cluster awaits a recovery process to complete\&. A recovery process should finish within seconds\&. If a cluster is stuck in the RECOVERY state this would indicate a cluster malfunction which needs to be investigated\&.
.PP
Once the recovery master detects an inconsistency, for example a node becomes disconnected/connected, the recovery daemon will trigger a cluster recovery process, where all databases are remerged across the cluster\&. When this process starts, the recovery master will first "freeze" all databases to prevent applications such as samba from accessing the databases and it will also mark the recovery mode as RECOVERY\&.
.PP
When the CTDB daemon starts up, it will start in RECOVERY mode\&. Once the node has been merged into a cluster and all databases have been recovered, the node mode will change into NORMAL mode and the databases will be "thawed", allowing samba to access the databases again\&.
.RE
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBRecovery master\fR
.RS 4
.PP
This is the cluster node that is currently designated as the recovery master\&. This node is responsible of monitoring the consistency of the cluster and to perform the actual recovery process when reqired\&.
.PP
Only one node at a time can be the designated recovery master\&. Which node is designated the recovery master is decided by an election process in the recovery daemons running on each node\&.
.RE
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBExample\fR
.RS 4
.sp
.if n \{\
.RS 4
.\}
.nf
# ctdb status
Number of nodes:4
pnn:0 192\&.168\&.2\&.200       OK (THIS NODE)
pnn:1 192\&.168\&.2\&.201       OK
pnn:2 192\&.168\&.2\&.202       OK
pnn:3 192\&.168\&.2\&.203       OK
Generation:1362079228
Size:4
hash:0 lmaster:0
hash:1 lmaster:1
hash:2 lmaster:2
hash:3 lmaster:3
Recovery mode:NORMAL (0)
Recovery master:0

.fi
.if n \{\
.RE
.\}
.RE
.SS "nodestatus [\fIPNN\-LIST\fR]"
.PP
This command is similar to the
\fBstatus\fR
command\&. It displays the "node status" subset of output\&. The main differences are:
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
The exit code is the bitwise\-OR of the flags for each specified node, while
\fBctdb status\fR
exits with 0 if it was able to retrieve status for all nodes\&.
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fBctdb status\fR
provides status information for all nodes\&.
\fBctdb nodestatus\fR
defaults to providing status for only the current node\&. If PNN\-LIST is provided then status is given for the indicated node(s)\&.
.RE
.PP
A common invocation in scripts is
\fBctdb nodestatus all\fR
to check whether all nodes in a cluster are healthy\&.
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBExample\fR
.RS 4
.sp
.if n \{\
.RS 4
.\}
.nf
# ctdb nodestatus
pnn:0 10\&.0\&.0\&.30        OK (THIS NODE)

# ctdb nodestatus all
Number of nodes:2
pnn:0 10\&.0\&.0\&.30        OK (THIS NODE)
pnn:1 10\&.0\&.0\&.31        OK

.fi
.if n \{\
.RE
.\}
.RE
.SS "recmaster"
.PP
This command shows the pnn of the node which is currently the recmaster\&.
.PP
Note: If the queried node is INACTIVE then the status might not be current\&.
.SS "uptime"
.PP
This command shows the uptime for the ctdb daemon\&. When the last recovery or ip\-failover completed and how long it took\&. If the "duration" is shown as a negative number, this indicates that there is a recovery/failover in progress and it started that many seconds ago\&.
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBExample\fR
.RS 4
.sp
.if n \{\
.RS 4
.\}
.nf
# ctdb uptime
Current time of node          :                Thu Oct 29 10:38:54 2009
Ctdbd start time              : (000 16:54:28) Wed Oct 28 17:44:26 2009
Time of last recovery/failover: (000 16:53:31) Wed Oct 28 17:45:23 2009
Duration of last recovery/failover: 2\&.248552 seconds

.fi
.if n \{\
.RE
.\}
.RE
.SS "listnodes"
.PP
This command shows lists the ip addresses of all the nodes in the cluster\&.
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBExample\fR
.RS 4
.sp
.if n \{\
.RS 4
.\}
.nf
# ctdb listnodes
192\&.168\&.2\&.200
192\&.168\&.2\&.201
192\&.168\&.2\&.202
192\&.168\&.2\&.203

.fi
.if n \{\
.RE
.\}
.RE
.SS "natgw {master|list|status}"
.PP
This command shows different aspects of NAT gateway status\&. For an overview of CTDB\*(Aqs NAT gateway functionality please see the
NAT GATEWAY
section in
\fBctdb\fR(7)\&.
.PP
master
.RS 4
Show the PNN and private IP address of the current NAT gateway master node\&.
.sp
Example output:
.sp
.if n \{\
.RS 4
.\}
.nf
1 192\&.168\&.2\&.201

.fi
.if n \{\
.RE
.\}
.RE
.PP
list
.RS 4
List the private IP addresses of nodes in the current NAT gateway group, annotating the master node\&.
.sp
Example output:
.sp
.if n \{\
.RS 4
.\}
.nf
192\&.168\&.2\&.200
192\&.168\&.2\&.201	MASTER
192\&.168\&.2\&.202
192\&.168\&.2\&.203

.fi
.if n \{\
.RE
.\}
.RE
.PP
status
.RS 4
List the nodes in the current NAT gateway group and their status\&.
.sp
Example output:
.sp
.if n \{\
.RS 4
.\}
.nf
pnn:0 192\&.168\&.2\&.200       UNHEALTHY (THIS NODE)
pnn:1 192\&.168\&.2\&.201       OK
pnn:2 192\&.168\&.2\&.202       OK
pnn:3 192\&.168\&.2\&.203       OK

.fi
.if n \{\
.RE
.\}
.RE
.SS "ping"
.PP
This command will "ping" specified CTDB nodes in the cluster to verify that they are running\&.
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBExample\fR
.RS 4
.sp
.if n \{\
.RS 4
.\}
.nf
# ctdb ping
response from 0 time=0\&.000054 sec  (3 clients)

.fi
.if n \{\
.RE
.\}
.RE
.SS "ifaces"
.PP
This command will display the list of network interfaces, which could host public addresses, along with their status\&.
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBExample\fR
.RS 4
.sp
.if n \{\
.RS 4
.\}
.nf
# ctdb ifaces
Interfaces on node 0
name:eth5 link:up references:2
name:eth4 link:down references:0
name:eth3 link:up references:1
name:eth2 link:up references:1

# ctdb \-X ifaces
|Name|LinkStatus|References|
|eth5|1|2|
|eth4|0|0|
|eth3|1|1|
|eth2|1|1|

.fi
.if n \{\
.RE
.\}
.RE
.SS "ip"
.PP
This command will display the list of public addresses that are provided by the cluster and which physical node is currently serving this ip\&. By default this command will ONLY show those public addresses that are known to the node itself\&. To see the full list of all public ips across the cluster you must use "ctdb ip all"\&.
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBExample\fR
.RS 4
.sp
.if n \{\
.RS 4
.\}
.nf
# ctdb ip \-v
Public IPs on node 0
172\&.31\&.91\&.82 node[1] active[] available[eth2,eth3] configured[eth2,eth3]
172\&.31\&.91\&.83 node[0] active[eth3] available[eth2,eth3] configured[eth2,eth3]
172\&.31\&.91\&.84 node[1] active[] available[eth2,eth3] configured[eth2,eth3]
172\&.31\&.91\&.85 node[0] active[eth2] available[eth2,eth3] configured[eth2,eth3]
172\&.31\&.92\&.82 node[1] active[] available[eth5] configured[eth4,eth5]
172\&.31\&.92\&.83 node[0] active[eth5] available[eth5] configured[eth4,eth5]
172\&.31\&.92\&.84 node[1] active[] available[eth5] configured[eth4,eth5]
172\&.31\&.92\&.85 node[0] active[eth5] available[eth5] configured[eth4,eth5]

# ctdb \-X ip \-v
|Public IP|Node|ActiveInterface|AvailableInterfaces|ConfiguredInterfaces|
|172\&.31\&.91\&.82|1||eth2,eth3|eth2,eth3|
|172\&.31\&.91\&.83|0|eth3|eth2,eth3|eth2,eth3|
|172\&.31\&.91\&.84|1||eth2,eth3|eth2,eth3|
|172\&.31\&.91\&.85|0|eth2|eth2,eth3|eth2,eth3|
|172\&.31\&.92\&.82|1||eth5|eth4,eth5|
|172\&.31\&.92\&.83|0|eth5|eth5|eth4,eth5|
|172\&.31\&.92\&.84|1||eth5|eth4,eth5|
|172\&.31\&.92\&.85|0|eth5|eth5|eth4,eth5|

.fi
.if n \{\
.RE
.\}
.RE
.SS "ipinfo \fIIP\fR"
.PP
This command will display details about the specified public addresses\&.
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBExample\fR
.RS 4
.sp
.if n \{\
.RS 4
.\}
.nf
# ctdb ipinfo 172\&.31\&.92\&.85
Public IP[172\&.31\&.92\&.85] info on node 0
IP:172\&.31\&.92\&.85
CurrentNode:0
NumInterfaces:2
Interface[1]: Name:eth4 Link:down References:0
Interface[2]: Name:eth5 Link:up References:2 (active)

.fi
.if n \{\
.RE
.\}
.RE
.SS "event run|status|script list|script enable|script disable"
.PP
This command is used to control event daemon and to inspect status of various events\&.
.PP
The commands below require a component to be specified\&. In the current version the only valid component is
legacy\&.
.PP
run \fITIMEOUT\fR \fICOMPONENT\fR \fIEVENT\fR [\fIARGUMENTS\fR]
.RS 4
This command can be used to manually run specified EVENT in COMPONENT with optional ARGUMENTS\&. The event will be allowed to run a maximum of TIMEOUT seconds\&. If TIMEOUT is 0, then there is no time limit for running the event\&.
.RE
.PP
status \fICOMPONENT\fR \fIEVENT\fR
.RS 4
This command displays the last execution status of the specified EVENT in COMPONENT\&.
.sp
The command will terminate with the exit status corresponding to the overall status of event that is displayed\&.
.sp
The output is the list of event scripts executed\&. Each line shows the name, status, duration and start time for each script\&.
.sp
Example output:
.sp
.if n \{\
.RS 4
.\}
.nf
00\&.ctdb              OK         0\&.014 Sat Dec 17 19:39:11 2016
01\&.reclock           OK         0\&.013 Sat Dec 17 19:39:11 2016
05\&.system            OK         0\&.029 Sat Dec 17 19:39:11 2016
06\&.nfs               OK         0\&.014 Sat Dec 17 19:39:11 2016
10\&.interface         OK         0\&.037 Sat Dec 17 19:39:11 2016
11\&.natgw             OK         0\&.011 Sat Dec 17 19:39:11 2016
11\&.routing           OK         0\&.007 Sat Dec 17 19:39:11 2016
13\&.per_ip_routing    OK         0\&.007 Sat Dec 17 19:39:11 2016
20\&.multipathd        OK         0\&.007 Sat Dec 17 19:39:11 2016
31\&.clamd             OK         0\&.007 Sat Dec 17 19:39:11 2016
40\&.vsftpd            OK         0\&.013 Sat Dec 17 19:39:11 2016
41\&.httpd             OK         0\&.018 Sat Dec 17 19:39:11 2016
49\&.winbind           OK         0\&.023 Sat Dec 17 19:39:11 2016
50\&.samba             OK         0\&.100 Sat Dec 17 19:39:12 2016
60\&.nfs               OK         0\&.376 Sat Dec 17 19:39:12 2016
70\&.iscsi             OK         0\&.009 Sat Dec 17 19:39:12 2016
91\&.lvs               OK         0\&.007 Sat Dec 17 19:39:12 2016

.fi
.if n \{\
.RE
.\}
.RE
.PP
script list \fICOMPONENT\fR
.RS 4
List the available event scripts in COMPONENT\&. Enabled scripts are flagged with a \*(Aq*\*(Aq\&.
.sp
Generally, event scripts are provided by CTDB\&. However, local or 3rd party event scripts may also be available\&. These are shown in a separate section after those provided by CTDB\&.
.sp
Example output:
.sp
.if n \{\
.RS 4
.\}
.nf
* 00\&.ctdb
* 01\&.reclock
* 05\&.system
* 06\&.nfs
* 10\&.interface
  11\&.natgw
  11\&.routing
  13\&.per_ip_routing
  20\&.multipathd
  31\&.clamd
  40\&.vsftpd
  41\&.httpd
* 49\&.winbind
* 50\&.samba
* 60\&.nfs
  70\&.iscsi
  91\&.lvs

* 02\&.local

.fi
.if n \{\
.RE
.\}
.RE
.PP
script enable \fICOMPONENT\fR \fISCRIPT\fR
.RS 4
Enable the specified event SCRIPT in COMPONENT\&. Only enabled scripts will be executed when running any event\&.
.RE
.PP
script disable \fICOMPONENT\fR \fISCRIPT\fR
.RS 4
Disable the specified event SCRIPT in COMPONENT\&. This will prevent the script from executing when running any event\&.
.RE
.SS "scriptstatus"
.PP
This command displays which event scripts where run in the previous monitoring cycle and the result of each script\&. If a script failed with an error, causing the node to become unhealthy, the output from that script is also shown\&.
.PP
This command is deprecated\&. It\*(Aqs provided for backward compatibility\&. In place of
\fBctdb scriptstatus\fR, use
\fBctdb event status\fR\&.
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBExample\fR
.RS 4
.sp
.if n \{\
.RS 4
.\}
.nf
# ctdb scriptstatus
00\&.ctdb              OK         0\&.011 Sat Dec 17 19:40:46 2016
01\&.reclock           OK         0\&.010 Sat Dec 17 19:40:46 2016
05\&.system            OK         0\&.030 Sat Dec 17 19:40:46 2016
06\&.nfs               OK         0\&.014 Sat Dec 17 19:40:46 2016
10\&.interface         OK         0\&.041 Sat Dec 17 19:40:46 2016
11\&.natgw             OK         0\&.008 Sat Dec 17 19:40:46 2016
11\&.routing           OK         0\&.007 Sat Dec 17 19:40:46 2016
13\&.per_ip_routing    OK         0\&.007 Sat Dec 17 19:40:46 2016
20\&.multipathd        OK         0\&.007 Sat Dec 17 19:40:46 2016
31\&.clamd             OK         0\&.007 Sat Dec 17 19:40:46 2016
40\&.vsftpd            OK         0\&.013 Sat Dec 17 19:40:46 2016
41\&.httpd             OK         0\&.015 Sat Dec 17 19:40:46 2016
49\&.winbind           OK         0\&.022 Sat Dec 17 19:40:46 2016
50\&.samba             ERROR      0\&.077 Sat Dec 17 19:40:46 2016
  OUTPUT: ERROR: samba tcp port 445 is not responding

.fi
.if n \{\
.RE
.\}
.RE
.SS "listvars"
.PP
List all tuneable variables, except the values of the obsolete tunables like VacuumMinInterval\&. The obsolete tunables can be retrieved only explicitly with the "ctdb getvar" command\&.
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBExample\fR
.RS 4
.sp
.if n \{\
.RS 4
.\}
.nf
# ctdb listvars
SeqnumInterval          = 1000
ControlTimeout          = 60
TraverseTimeout         = 20
KeepaliveInterval       = 5
KeepaliveLimit          = 5
RecoverTimeout          = 120
RecoverInterval         = 1
ElectionTimeout         = 3
TakeoverTimeout         = 9
MonitorInterval         = 15
TickleUpdateInterval    = 20
EventScriptTimeout      = 30
MonitorTimeoutCount     = 20
RecoveryGracePeriod     = 120
RecoveryBanPeriod       = 300
DatabaseHashSize        = 100001
DatabaseMaxDead         = 5
RerecoveryTimeout       = 10
EnableBans              = 1
NoIPFailback            = 0
VerboseMemoryNames      = 0
RecdPingTimeout         = 60
RecdFailCount           = 10
LogLatencyMs            = 0
RecLockLatencyMs        = 1000
RecoveryDropAllIPs      = 120
VacuumInterval          = 10
VacuumMaxRunTime        = 120
RepackLimit             = 10000
VacuumFastPathCount     = 60
MaxQueueDropMsg         = 1000000
AllowUnhealthyDBRead    = 0
StatHistoryInterval     = 1
DeferredAttachTO        = 120
AllowClientDBAttach     = 1
RecoverPDBBySeqNum      = 1
DeferredRebalanceOnNodeAdd = 300
FetchCollapse           = 1
HopcountMakeSticky      = 50
StickyDuration          = 600
StickyPindown           = 200
NoIPTakeover            = 0
DBRecordCountWarn       = 100000
DBRecordSizeWarn        = 10000000
DBSizeWarn              = 100000000
PullDBPreallocation     = 10485760
LockProcessesPerDB      = 200
RecBufferSizeLimit      = 1000000
QueueBufferSize         = 1024
IPAllocAlgorithm        = 2

.fi
.if n \{\
.RE
.\}
.RE
.SS "getvar \fINAME\fR"
.PP
Get the runtime value of a tuneable variable\&.
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBExample\fR
.RS 4
.sp
.if n \{\
.RS 4
.\}
.nf
# ctdb getvar MonitorInterval
MonitorInterval         = 15

.fi
.if n \{\
.RE
.\}
.RE
.SS "setvar \fINAME\fR \fIVALUE\fR"
.PP
Set the runtime value of a tuneable variable\&.
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBExample\fR
.RS 4
.sp
.if n \{\
.RS 4
.\}
.nf
# ctdb setvar MonitorInterval 20

.fi
.if n \{\
.RE
.\}
.RE
.SS "lvs {master|list|status}"
.PP
This command shows different aspects of LVS status\&. For an overview of CTDB\*(Aqs LVS functionality please see the
LVS
section in
\fBctdb\fR(7)\&.
.PP
master
.RS 4
Shows the PNN of the current LVS master node\&.
.sp
Example output:
.sp
.if n \{\
.RS 4
.\}
.nf
2

.fi
.if n \{\
.RE
.\}
.RE
.PP
list
.RS 4
Lists the currently usable LVS nodes\&.
.sp
Example output:
.sp
.if n \{\
.RS 4
.\}
.nf
2 10\&.0\&.0\&.13
3 10\&.0\&.0\&.14

.fi
.if n \{\
.RE
.\}
.RE
.PP
status
.RS 4
List the nodes in the current LVS group and their status\&.
.sp
Example output:
.sp
.if n \{\
.RS 4
.\}
.nf
pnn:0 10\&.0\&.0\&.11        UNHEALTHY (THIS NODE)
pnn:1 10\&.0\&.0\&.12        UNHEALTHY
pnn:2 10\&.0\&.0\&.13        OK
pnn:3 10\&.0\&.0\&.14        OK

.fi
.if n \{\
.RE
.\}
.RE
.SS "getcapabilities"
.PP
This command shows the capabilities of the current node\&. See the
CAPABILITIES
section in
\fBctdb\fR(7)
for more details\&.
.PP
Example output:
.sp
.if n \{\
.RS 4
.\}
.nf
RECMASTER: YES
LMASTER: YES

.fi
.if n \{\
.RE
.\}
.SS "statistics"
.PP
Collect statistics from the CTDB daemon about how many calls it has served\&. Information about various fields in statistics can be found in
\fBctdb-statistics\fR(7)\&.
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBExample\fR
.RS 4
.sp
.if n \{\
.RS 4
.\}
.nf
# ctdb statistics
CTDB version 1
Current time of statistics  :                Tue Mar  8 15:18:51 2016
Statistics collected since  : (003 21:31:32) Fri Mar  4 17:47:19 2016
 num_clients                        9
 frozen                             0
 recovering                         0
 num_recoveries                     2
 client_packets_sent          8170534
 client_packets_recv          7166132
 node_packets_sent           16549998
 node_packets_recv            5244418
 keepalive_packets_sent        201969
 keepalive_packets_recv        201969
 node
     req_call                      26
     reply_call                     0
     req_dmaster                    9
     reply_dmaster                 12
     reply_error                    0
     req_message              1339231
     req_control              8177506
     reply_control            6831284
 client
     req_call                      15
     req_message               334809
     req_control              6831308
 timeouts
     call                           0
     control                        0
     traverse                       0
 locks
     num_calls                      8
     num_current                    0
     num_pending                    0
     num_failed                     0
 total_calls                       15
 pending_calls                      0
 childwrite_calls                   0
 pending_childwrite_calls             0
 memory_used                   394879
 max_hop_count                      1
 total_ro_delegations               0
 total_ro_revokes                   0
 hop_count_buckets: 8 5 0 0 0 0 0 0 0 0 0 0 0 0 0 0
 lock_buckets: 0 0 8 0 0 0 0 0 0 0 0 0 0 0 0 0
 locks_latency      MIN/AVG/MAX     0\&.010005/0\&.010418/0\&.011010 sec out of 8
 reclock_ctdbd      MIN/AVG/MAX     0\&.002538/0\&.002538/0\&.002538 sec out of 1
 reclock_recd       MIN/AVG/MAX     0\&.000000/0\&.000000/0\&.000000 sec out of 0
 call_latency       MIN/AVG/MAX     0\&.000044/0\&.002142/0\&.011702 sec out of 15
 childwrite_latency MIN/AVG/MAX     0\&.000000/0\&.000000/0\&.000000 sec out of 0

.fi
.if n \{\
.RE
.\}
.RE
.SS "statisticsreset"
.PP
This command is used to clear all statistics counters in a node\&.
.PP
Example: ctdb statisticsreset
.SS "dbstatistics \fIDB\fR"
.PP
Display statistics about the database DB\&. Information about various fields in dbstatistics can be found in
\fBctdb-statistics\fR(7)\&.
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBExample\fR
.RS 4
.sp
.if n \{\
.RS 4
.\}
.nf
# ctdb dbstatistics locking\&.tdb
DB Statistics: locking\&.tdb
 ro_delegations                     0
 ro_revokes                         0
 locks
     total                      14356
     failed                         0
     current                        0
     pending                        0
 hop_count_buckets: 28087 2 1 0 0 0 0 0 0 0 0 0 0 0 0 0
 lock_buckets: 0 14188 38 76 32 19 3 0 0 0 0 0 0 0 0 0
 locks_latency      MIN/AVG/MAX     0\&.001066/0\&.012686/4\&.202292 sec out of 14356
 vacuum_latency     MIN/AVG/MAX     0\&.000472/0\&.002207/15\&.243570 sec out of 224530
 Num Hot Keys:     1
     Count:8 Key:ff5bd7cb3ee3822edc1f0000000000000000000000000000

.fi
.if n \{\
.RE
.\}
.RE
.SS "getreclock"
.PP
Show details of the recovery lock, if any\&.
.PP
Example output:
.sp
.if n \{\
.RS 4
.\}
.nf
	/clusterfs/\&.ctdb/recovery\&.lock

.fi
.if n \{\
.RE
.\}
.SS "getdebug"
.PP
Get the current debug level for the node\&. the debug level controls what information is written to the log file\&.
.PP
The debug levels are mapped to the corresponding syslog levels\&. When a debug level is set, only those messages at that level and higher levels will be printed\&.
.PP
The list of debug levels from highest to lowest are :
.PP
ERROR WARNING NOTICE INFO DEBUG
.SS "setdebug \fIDEBUGLEVEL\fR"
.PP
Set the debug level of a node\&. This controls what information will be logged\&.
.PP
The debuglevel is one of ERROR WARNING NOTICE INFO DEBUG
.SS "getpid"
.PP
This command will return the process id of the ctdb daemon\&.
.SS "disable"
.PP
This command is used to administratively disable a node in the cluster\&. A disabled node will still participate in the cluster and host clustered TDB records but its public ip address has been taken over by a different node and it no longer hosts any services\&.
.SS "enable"
.PP
Re\-enable a node that has been administratively disabled\&.
.SS "stop"
.PP
This command is used to administratively STOP a node in the cluster\&. A STOPPED node is connected to the cluster but will not host any public ip addresse, nor does it participate in the VNNMAP\&. The difference between a DISABLED node and a STOPPED node is that a STOPPED node does not host any parts of the database which means that a recovery is required to stop/continue nodes\&.
.SS "continue"
.PP
Re\-start a node that has been administratively stopped\&.
.SS "addip \fIIPADDR\fR/\fImask\fR \fIIFACE\fR"
.PP
This command is used to add a new public ip to a node during runtime\&. It should be followed by a
\fBctdb ipreallocate\fR\&. This allows public addresses to be added to a cluster without having to restart the ctdb daemons\&.
.PP
Note that this only updates the runtime instance of ctdb\&. Any changes will be lost next time ctdb is restarted and the public addresses file is re\-read\&. If you want this change to be permanent you must also update the public addresses file manually\&.
.SS "delip \fIIPADDR\fR"
.PP
This command flags IPADDR for deletion from a node at runtime\&. It should be followed by a
\fBctdb ipreallocate\fR\&. If IPADDR is currently hosted by the node it is being removed from, this ensures that the IP will first be failed over to another node, if possible, and that it is then actually removed\&.
.PP
Note that this only updates the runtime instance of CTDB\&. Any changes will be lost next time CTDB is restarted and the public addresses file is re\-read\&. If you want this change to be permanent you must also update the public addresses file manually\&.
.SS "moveip \fIIPADDR\fR \fIPNN\fR"
.PP
This command can be used to manually fail a public ip address to a specific node\&.
.PP
In order to manually override the "automatic" distribution of public ip addresses that ctdb normally provides, this command only works when you have changed the tunables for the daemon to:
.PP
IPAllocAlgorithm != 0
.PP
NoIPFailback = 1
.SS "shutdown"
.PP
This command will shutdown a specific CTDB daemon\&.
.SS "setlmasterrole on|off"
.PP
This command is used to enable/disable the LMASTER capability for a node at runtime\&. This capability determines whether or not a node can be used as an LMASTER for records in the database\&. A node that does not have the LMASTER capability will not show up in the vnnmap\&.
.PP
Nodes will by default have this capability, but it can be stripped off nodes by the setting in the sysconfig file or by using this command\&.
.PP
Once this setting has been enabled/disabled, you need to perform a recovery for it to take effect\&.
.PP
See also "ctdb getcapabilities"
.SS "setrecmasterrole on|off"
.PP
This command is used to enable/disable the RECMASTER capability for a node at runtime\&. This capability determines whether or not a node can be used as an RECMASTER for the cluster\&. A node that does not have the RECMASTER capability can not win a recmaster election\&. A node that already is the recmaster for the cluster when the capability is stripped off the node will remain the recmaster until the next cluster election\&.
.PP
Nodes will by default have this capability, but it can be stripped off nodes by the setting in the sysconfig file or by using this command\&.
.PP
See also "ctdb getcapabilities"
.SS "reloadnodes"
.PP
This command is used when adding new nodes, or removing existing nodes from an existing cluster\&.
.PP
Procedure to add nodes:
.sp
.RS 4
.ie n \{\
\h'-04' 1.\h'+01'\c
.\}
.el \{\
.sp -1
.IP "  1." 4.2
.\}
To expand an existing cluster, first ensure with
\fBctdb status\fR
that all nodes are up and running and that they are all healthy\&. Do not try to expand a cluster unless it is completely healthy!
.RE
.sp
.RS 4
.ie n \{\
\h'-04' 2.\h'+01'\c
.\}
.el \{\
.sp -1
.IP "  2." 4.2
.\}
On all nodes, edit
/usr/local/etc/ctdb/nodes
and
\fIadd the new nodes at the end of this file\fR\&.
.RE
.sp
.RS 4
.ie n \{\
\h'-04' 3.\h'+01'\c
.\}
.el \{\
.sp -1
.IP "  3." 4.2
.\}
Verify that all the nodes have identical
/usr/local/etc/ctdb/nodes
files after adding the new nodes\&.
.RE
.sp
.RS 4
.ie n \{\
\h'-04' 4.\h'+01'\c
.\}
.el \{\
.sp -1
.IP "  4." 4.2
.\}
Run
\fBctdb reloadnodes\fR
to force all nodes to reload the nodes file\&.
.RE
.sp
.RS 4
.ie n \{\
\h'-04' 5.\h'+01'\c
.\}
.el \{\
.sp -1
.IP "  5." 4.2
.\}
Use
\fBctdb status\fR
on all nodes and verify that they now show the additional nodes\&.
.RE
.sp
.RS 4
.ie n \{\
\h'-04' 6.\h'+01'\c
.\}
.el \{\
.sp -1
.IP "  6." 4.2
.\}
Install and configure the new node and bring it online\&.
.RE
.PP
Procedure to remove nodes:
.sp
.RS 4
.ie n \{\
\h'-04' 1.\h'+01'\c
.\}
.el \{\
.sp -1
.IP "  1." 4.2
.\}
To remove nodes from an existing cluster, first ensure with
\fBctdb status\fR
that all nodes, except the node to be deleted, are up and running and that they are all healthy\&. Do not try to remove nodes from a cluster unless the cluster is completely healthy!
.RE
.sp
.RS 4
.ie n \{\
\h'-04' 2.\h'+01'\c
.\}
.el \{\
.sp -1
.IP "  2." 4.2
.\}
Shutdown and power off the node to be removed\&.
.RE
.sp
.RS 4
.ie n \{\
\h'-04' 3.\h'+01'\c
.\}
.el \{\
.sp -1
.IP "  3." 4.2
.\}
On all other nodes, edit the
/usr/local/etc/ctdb/nodes
file and
\fIcomment out\fR
the nodes to be removed\&.
\fIDo not delete the lines for the deleted nodes\fR, just comment them out by adding a \*(Aq#\*(Aq at the beginning of the lines\&.
.RE
.sp
.RS 4
.ie n \{\
\h'-04' 4.\h'+01'\c
.\}
.el \{\
.sp -1
.IP "  4." 4.2
.\}
Run
\fBctdb reloadnodes\fR
to force all nodes to reload the nodes file\&.
.RE
.sp
.RS 4
.ie n \{\
\h'-04' 5.\h'+01'\c
.\}
.el \{\
.sp -1
.IP "  5." 4.2
.\}
Use
\fBctdb status\fR
on all nodes and verify that the deleted nodes are no longer listed\&.
.RE
.SS "reloadips [\fIPNN\-LIST\fR]"
.PP
This command reloads the public addresses configuration file on the specified nodes\&. When it completes addresses will be reconfigured and reassigned across the cluster as necessary\&.
.PP
This command is currently unable to make changes to the netmask or interfaces associated with existing addresses\&. Such changes must be made in 2 steps by deleting addresses in question and re\-adding then\&. Unfortunately this will disrupt connections to the changed addresses\&.
.SS "getdbmap"
.PP
This command lists all clustered TDB databases that the CTDB daemon has attached to\&. Some databases are flagged as PERSISTENT, this means that the database stores data persistently and the data will remain across reboots\&. One example of such a database is secrets\&.tdb where information about how the cluster was joined to the domain is stored\&. Some database are flagged as REPLICATED, this means that the data in that database is replicated across all the nodes\&. But the data will not remain across reboots\&. This type of database is used by CTDB to store it\*(Aqs internal state\&.
.PP
If a PERSISTENT database is not in a healthy state the database is flagged as UNHEALTHY\&. If there\*(Aqs at least one completely healthy node running in the cluster, it\*(Aqs possible that the content is restored by a recovery run automatically\&. Otherwise an administrator needs to analyze the problem\&.
.PP
See also "ctdb getdbstatus", "ctdb backupdb", "ctdb restoredb", "ctdb dumpbackup", "ctdb wipedb", "ctdb setvar AllowUnhealthyDBRead 1" and (if samba or tdb\-utils are installed) "tdbtool check"\&.
.PP
Most databases are not persistent and only store the state information that the currently running samba daemons need\&. These databases are always wiped when ctdb/samba starts and when a node is rebooted\&.
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBExample\fR
.RS 4
.sp
.if n \{\
.RS 4
.\}
.nf
# ctdb getdbmap
Number of databases:10
dbid:0x435d3410 name:notify\&.tdb path:/var/lib/ctdb/notify\&.tdb\&.0
dbid:0x42fe72c5 name:locking\&.tdb path:/var/lib/ctdb/locking\&.tdb\&.0
dbid:0x1421fb78 name:brlock\&.tdb path:/var/lib/ctdb/brlock\&.tdb\&.0
dbid:0x17055d90 name:connections\&.tdb path:/var/lib/ctdb/connections\&.tdb\&.0
dbid:0xc0bdde6a name:sessionid\&.tdb path:/var/lib/ctdb/sessionid\&.tdb\&.0
dbid:0x122224da name:test\&.tdb path:/var/lib/ctdb/test\&.tdb\&.0
dbid:0x2672a57f name:idmap2\&.tdb path:/var/lib/ctdb/persistent/idmap2\&.tdb\&.0 PERSISTENT
dbid:0xb775fff6 name:secrets\&.tdb path:/var/lib/ctdb/persistent/secrets\&.tdb\&.0 PERSISTENT
dbid:0xe98e08b6 name:group_mapping\&.tdb path:/var/lib/ctdb/persistent/group_mapping\&.tdb\&.0 PERSISTENT
dbid:0x7bbbd26c name:passdb\&.tdb path:/var/lib/ctdb/persistent/passdb\&.tdb\&.0 PERSISTENT

# ctdb getdbmap  # example for unhealthy database
Number of databases:1
dbid:0xb775fff6 name:secrets\&.tdb path:/var/lib/ctdb/persistent/secrets\&.tdb\&.0 PERSISTENT UNHEALTHY

# ctdb \-X getdbmap
|ID|Name|Path|Persistent|Unhealthy|
|0x7bbbd26c|passdb\&.tdb|/var/lib/ctdb/persistent/passdb\&.tdb\&.0|1|0|

.fi
.if n \{\
.RE
.\}
.RE
.SS "backupdb \fIDB\fR \fIFILE\fR"
.PP
Copy the contents of database DB to FILE\&. FILE can later be read back using
\fBrestoredb\fR\&. This is mainly useful for backing up persistent databases such as
secrets\&.tdb
and similar\&.
.SS "restoredb \fIFILE\fR [\fIDB\fR]"
.PP
This command restores a persistent database that was previously backed up using backupdb\&. By default the data will be restored back into the same database as it was created from\&. By specifying dbname you can restore the data into a different database\&.
.SS "setdbreadonly \fIDB\fR"
.PP
This command will enable the read\-only record support for a database\&. This is an experimental feature to improve performance for contended records primarily in locking\&.tdb and brlock\&.tdb\&. When enabling this feature you must set it on all nodes in the cluster\&.
.SS "setdbsticky \fIDB\fR"
.PP
This command will enable the sticky record support for the specified database\&. This is an experimental feature to improve performance for contended records primarily in locking\&.tdb and brlock\&.tdb\&. When enabling this feature you must set it on all nodes in the cluster\&.
.SH "INTERNAL COMMANDS"
.PP
Internal commands are used by CTDB\*(Aqs scripts and are not required for managing a CTDB cluster\&. Their parameters and behaviour are subject to change\&.
.SS "gettickles \fIIPADDR\fR"
.PP
Show TCP connections that are registered with CTDB to be "tickled" if there is a failover\&.
.SS "gratarp \fIIPADDR\fR \fIINTERFACE\fR"
.PP
Send out a gratuitous ARP for the specified interface through the specified interface\&. This command is mainly used by the ctdb eventscripts\&.
.SS "pdelete \fIDB\fR \fIKEY\fR"
.PP
Delete KEY from DB\&.
.SS "pfetch \fIDB\fR \fIKEY\fR"
.PP
Print the value associated with KEY in DB\&.
.SS "pstore \fIDB\fR \fIKEY\fR \fIFILE\fR"
.PP
Store KEY in DB with contents of FILE as the associated value\&.
.SS "ptrans \fIDB\fR [\fIFILE\fR]"
.PP
Read a list of key\-value pairs, one per line from FILE, and store them in DB using a single transaction\&. An empty value is equivalent to deleting the given key\&.
.PP
The key and value should be separated by spaces or tabs\&. Each key/value should be a printable string enclosed in double\-quotes\&.
.SS "runstate [setup|first_recovery|startup|running]"
.PP
Print the runstate of the specified node\&. Runstates are used to serialise important state transitions in CTDB, particularly during startup\&.
.PP
If one or more optional runstate arguments are specified then the node must be in one of these runstates for the command to succeed\&.
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBExample\fR
.RS 4
.sp
.if n \{\
.RS 4
.\}
.nf
# ctdb runstate
RUNNING

.fi
.if n \{\
.RE
.\}
.RE
.SS "setifacelink \fIIFACE\fR up|down"
.PP
Set the internal state of network interface IFACE\&. This is typically used in the
10\&.interface
script in the "monitor" event\&.
.PP
Example: ctdb setifacelink eth0 up
.SS "tickle"
.PP
Read a list of TCP connections, one per line, from standard input and send a TCP tickle to the source host for each connection\&. A connection is specified as:
.sp
.if n \{\
.RS 4
.\}
.nf
	\fISRC\-IPADDR\fR:\fISRC\-PORT\fR \fIDST\-IPADDR\fR:\fIDST\-PORT\fR

.fi
.if n \{\
.RE
.\}
.PP
A single connection can be specified on the command\-line rather than on standard input\&.
.PP
A TCP tickle is a TCP ACK packet with an invalid sequence and acknowledge number and will when received by the source host result in it sending an immediate correct ACK back to the other end\&.
.PP
TCP tickles are useful to "tickle" clients after a IP failover has occurred since this will make the client immediately recognize the TCP connection has been disrupted and that the client will need to reestablish\&. This greatly speeds up the time it takes for a client to detect and reestablish after an IP failover in the ctdb cluster\&.
.SS "version"
.PP
Display the CTDB version\&.
.SH "DEBUGGING COMMANDS"
.PP
These commands are primarily used for CTDB development and testing and should not be used for normal administration\&.
.SS "OPTIONS"
.PP
\-\-print\-emptyrecords
.RS 4
This enables printing of empty records when dumping databases with the catdb, cattbd and dumpdbbackup commands\&. Records with empty data segment are considered deleted by ctdb and cleaned by the vacuuming mechanism, so this switch can come in handy for debugging the vacuuming behaviour\&.
.RE
.PP
\-\-print\-datasize
.RS 4
This lets database dumps (catdb, cattdb, dumpdbbackup) print the size of the record data instead of dumping the data contents\&.
.RE
.PP
\-\-print\-lmaster
.RS 4
This lets catdb print the lmaster for each record\&.
.RE
.PP
\-\-print\-hash
.RS 4
This lets database dumps (catdb, cattdb, dumpdbbackup) print the hash for each record\&.
.RE
.PP
\-\-print\-recordflags
.RS 4
This lets catdb and dumpdbbackup print the record flags for each record\&. Note that cattdb always prints the flags\&.
.RE
.SS "process\-exists \fIPID\fR \fI[SRVID]\fR"
.PP
This command checks if a specific process exists on the CTDB host\&. This is mainly used by Samba to check if remote instances of samba are still running or not\&. When the optional SRVID argument is specified, the command check if a specific process exists on the CTDB host and has registered for specified SRVID\&.
.SS "getdbstatus \fIDB\fR"
.PP
This command displays more details about a database\&.
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBExample\fR
.RS 4
.sp
.if n \{\
.RS 4
.\}
.nf
# ctdb getdbstatus test\&.tdb\&.0
dbid: 0x122224da
name: test\&.tdb
path: /var/lib/ctdb/test\&.tdb\&.0
PERSISTENT: no
HEALTH: OK

# ctdb getdbstatus registry\&.tdb  # with a corrupted TDB
dbid: 0xf2a58948
name: registry\&.tdb
path: /var/lib/ctdb/persistent/registry\&.tdb\&.0
PERSISTENT: yes
HEALTH: NO\-HEALTHY\-NODES \- ERROR \- Backup of corrupted TDB in \*(Aq/var/lib/ctdb/persistent/registry\&.tdb\&.0\&.corrupted\&.20091208091949\&.0Z\*(Aq

.fi
.if n \{\
.RE
.\}
.RE
.SS "catdb \fIDB\fR"
.PP
Print a dump of the clustered TDB database DB\&.
.SS "cattdb \fIDB\fR"
.PP
Print a dump of the contents of the local TDB database DB\&.
.SS "dumpdbbackup \fIFILE\fR"
.PP
Print a dump of the contents from database backup FILE, similar to
\fBcatdb\fR\&.
.SS "wipedb \fIDB\fR"
.PP
Remove all contents of database DB\&.
.SS "recover"
.PP
This command will trigger the recovery daemon to do a cluster recovery\&.
.SS "ipreallocate, sync"
.PP
This command will force the recovery master to perform a full ip reallocation process and redistribute all ip addresses\&. This is useful to "reset" the allocations back to its default state if they have been changed using the "moveip" command\&. While a "recover" will also perform this reallocation, a recovery is much more hevyweight since it will also rebuild all the databases\&.
.SS "attach \fIDBNAME\fR [persistent|replicated]"
.PP
Create a new CTDB database called DBNAME and attach to it on all nodes\&.
.SS "detach \fIDB\-LIST\fR"
.PP
Detach specified non\-persistent database(s) from the cluster\&. This command will disconnect specified database(s) on all nodes in the cluster\&. This command should only be used when none of the specified database(s) are in use\&.
.PP
All nodes should be active and tunable AllowClientDBAccess should be disabled on all nodes before detaching databases\&.
.SS "dumpmemory"
.PP
This is a debugging command\&. This command will make the ctdb daemon to write a fill memory allocation map to standard output\&.
.SS "rddumpmemory"
.PP
This is a debugging command\&. This command will dump the talloc memory allocation tree for the recovery daemon to standard output\&.
.SS "ban \fIBANTIME\fR"
.PP
Administratively ban a node for BANTIME seconds\&. The node will be unbanned after BANTIME seconds have elapsed\&.
.PP
A banned node does not participate in the cluster\&. It does not host any records for the clustered TDB and does not host any public IP addresses\&.
.PP
Nodes are automatically banned if they misbehave\&. For example, a node may be banned if it causes too many cluster recoveries\&.
.PP
To administratively exclude a node from a cluster use the
\fBstop\fR
command\&.
.SS "unban"
.PP
This command is used to unban a node that has either been administratively banned using the ban command or has been automatically banned\&.
.SH "SEE ALSO"
.PP
\fBctdbd\fR(1),
\fBonnode\fR(1),
\fBctdb\fR(7),
\fBctdb-statistics\fR(7),
\fBctdb-tunables\fR(7),
\m[blue]\fB\%http://ctdb.samba.org/\fR\m[]
.SH "AUTHOR"
.br
.PP
This documentation was written by Ronnie Sahlberg, Amitay Isaacs, Martin Schwenke
.SH "COPYRIGHT"
.br
Copyright \(co 2007 Andrew Tridgell, Ronnie Sahlberg
.br
.PP
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version\&.
.PP
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE\&. See the GNU General Public License for more details\&.
.PP
You should have received a copy of the GNU General Public License along with this program; if not, see
\m[blue]\fB\%http://www.gnu.org/licenses\fR\m[]\&.
.sp




'\" t
.\"     Title: ctdb
.\"    Author:
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\"      Date: 09/23/2020
.\"    Manual: CTDB - clustered TDB database
.\"    Source: ctdb
.\"  Language: English
.\"
.TH "CTDB" "7" "09/23/2020" "ctdb" "CTDB \- clustered TDB database"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
ctdb \- Clustered TDB
.SH "DESCRIPTION"
.PP
CTDB is a clustered database component in clustered Samba that provides a high\-availability load\-sharing CIFS server cluster\&.
.PP
The main functions of CTDB are:
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
Provide a clustered version of the TDB database with automatic rebuild/recovery of the databases upon node failures\&.
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
Monitor nodes in the cluster and services running on each node\&.
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
Manage a pool of public IP addresses that are used to provide services to clients\&. Alternatively, CTDB can be used with LVS\&.
.RE
.PP
Combined with a cluster filesystem CTDB provides a full high\-availablity (HA) environment for services such as clustered Samba, NFS and other services\&.
.SH "ANATOMY OF A CTDB CLUSTER"
.PP
A CTDB cluster is a collection of nodes with 2 or more network interfaces\&. All nodes provide network (usually file/NAS) services to clients\&. Data served by file services is stored on shared storage (usually a cluster filesystem) that is accessible by all nodes\&.
.PP
CTDB provides an "all active" cluster, where services are load balanced across all nodes\&.
.SH "RECOVERY LOCK"
.PP
CTDB uses a
\fIrecovery lock\fR
to avoid a
\fIsplit brain\fR, where a cluster becomes partitioned and each partition attempts to operate independently\&. Issues that can result from a split brain include file data corruption, because file locking metadata may not be tracked correctly\&.
.PP
CTDB uses a
\fIcluster leader and follower\fR
model of cluster management\&. All nodes in a cluster elect one node to be the leader\&. The leader node coordinates privileged operations such as database recovery and IP address failover\&. CTDB refers to the leader node as the
\fIrecovery master\fR\&. This node takes and holds the recovery lock to assert its privileged role in the cluster\&.
.PP
By default, the recovery lock is implemented using a file (specified by
\fIrecovery lock\fR
in the
[cluster]
section of
\fBctdb.conf\fR(5)) residing in shared storage (usually) on a cluster filesystem\&. To support a recovery lock the cluster filesystem must support lock coherence\&. See
\fBping_pong\fR(1)
for more details\&.
.PP
The recovery lock can also be implemented using an arbitrary cluster mutex call\-out by using an exclamation point (\*(Aq!\*(Aq) as the first character of
\fIrecovery lock\fR\&. For example, a value of
\fB!/usr/local/bin/myhelper recovery\fR
would run the given helper with the specified arguments\&. See the source code relating to cluster mutexes for clues about writing call\-outs\&.
.PP
If a cluster becomes partitioned (for example, due to a communication failure) and a different recovery master is elected by the nodes in each partition, then only one of these recovery masters will be able to take the recovery lock\&. The recovery master in the "losing" partition will not be able to take the recovery lock and will be excluded from the cluster\&. The nodes in the "losing" partition will elect each node in turn as their recovery master so eventually all the nodes in that partition will be excluded\&.
.PP
CTDB does sanity checks to ensure that the recovery lock is held as expected\&.
.PP
CTDB can run without a recovery lock but this is not recommended as there will be no protection from split brains\&.
.SH "PRIVATE VS PUBLIC ADDRESSES"
.PP
Each node in a CTDB cluster has multiple IP addresses assigned to it:
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
A single private IP address that is used for communication between nodes\&.
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
One or more public IP addresses that are used to provide NAS or other services\&.
.RE
.sp
.SS "Private address"
.PP
Each node is configured with a unique, permanently assigned private address\&. This address is configured by the operating system\&. This address uniquely identifies a physical node in the cluster and is the address that CTDB daemons will use to communicate with the CTDB daemons on other nodes\&.
.PP
Private addresses are listed in the file
/usr/local/etc/ctdb/nodes)\&. This file contains the list of private addresses for all nodes in the cluster, one per line\&. This file must be the same on all nodes in the cluster\&.
.PP
Some users like to put this configuration file in their cluster filesystem\&. A symbolic link should be used in this case\&.
.PP
Private addresses should not be used by clients to connect to services provided by the cluster\&.
.PP
It is strongly recommended that the private addresses are configured on a private network that is separate from client networks\&. This is because the CTDB protocol is both unauthenticated and unencrypted\&. If clients share the private network then steps need to be taken to stop injection of packets to relevant ports on the private addresses\&. It is also likely that CTDB protocol traffic between nodes could leak sensitive information if it can be intercepted\&.
.PP
Example
/usr/local/etc/ctdb/nodes
for a four node cluster:
.sp
.if n \{\
.RS 4
.\}
.nf
192\&.168\&.1\&.1
192\&.168\&.1\&.2
192\&.168\&.1\&.3
192\&.168\&.1\&.4

.fi
.if n \{\
.RE
.\}
.SS "Public addresses"
.PP
Public addresses are used to provide services to clients\&. Public addresses are not configured at the operating system level and are not permanently associated with a particular node\&. Instead, they are managed by CTDB and are assigned to interfaces on physical nodes at runtime\&.
.PP
The CTDB cluster will assign/reassign these public addresses across the available healthy nodes in the cluster\&. When one node fails, its public addresses will be taken over by one or more other nodes in the cluster\&. This ensures that services provided by all public addresses are always available to clients, as long as there are nodes available capable of hosting this address\&.
.PP
The public address configuration is stored in
/usr/local/etc/ctdb/public_addresses
on each node\&. This file contains a list of the public addresses that the node is capable of hosting, one per line\&. Each entry also contains the netmask and the interface to which the address should be assigned\&. If this file is missing then no public addresses are configured\&.
.PP
Some users who have the same public addresses on all nodes like to put this configuration file in their cluster filesystem\&. A symbolic link should be used in this case\&.
.PP
Example
/usr/local/etc/ctdb/public_addresses
for a node that can host 4 public addresses, on 2 different interfaces:
.sp
.if n \{\
.RS 4
.\}
.nf
10\&.1\&.1\&.1/24 eth1
10\&.1\&.1\&.2/24 eth1
10\&.1\&.2\&.1/24 eth2
10\&.1\&.2\&.2/24 eth2

.fi
.if n \{\
.RE
.\}
.PP
In many cases the public addresses file will be the same on all nodes\&. However, it is possible to use different public address configurations on different nodes\&.
.PP
Example: 4 nodes partitioned into two subgroups:
.sp
.if n \{\
.RS 4
.\}
.nf
Node 0:/usr/local/etc/ctdb/public_addresses
	10\&.1\&.1\&.1/24 eth1
	10\&.1\&.1\&.2/24 eth1

Node 1:/usr/local/etc/ctdb/public_addresses
	10\&.1\&.1\&.1/24 eth1
	10\&.1\&.1\&.2/24 eth1

Node 2:/usr/local/etc/ctdb/public_addresses
	10\&.1\&.2\&.1/24 eth2
	10\&.1\&.2\&.2/24 eth2

Node 3:/usr/local/etc/ctdb/public_addresses
	10\&.1\&.2\&.1/24 eth2
	10\&.1\&.2\&.2/24 eth2

.fi
.if n \{\
.RE
.\}
.PP
In this example nodes 0 and 1 host two public addresses on the 10\&.1\&.1\&.x network while nodes 2 and 3 host two public addresses for the 10\&.1\&.2\&.x network\&.
.PP
Public address 10\&.1\&.1\&.1 can be hosted by either of nodes 0 or 1 and will be available to clients as long as at least one of these two nodes are available\&.
.PP
If both nodes 0 and 1 become unavailable then public address 10\&.1\&.1\&.1 also becomes unavailable\&. 10\&.1\&.1\&.1 can not be failed over to nodes 2 or 3 since these nodes do not have this public address configured\&.
.PP
The
\fBctdb ip\fR
command can be used to view the current assignment of public addresses to physical nodes\&.
.SH "NODE STATUS"
.PP
The current status of each node in the cluster can be viewed by the
\fBctdb status\fR
command\&.
.PP
A node can be in one of the following states:
.PP
OK
.RS 4
This node is healthy and fully functional\&. It hosts public addresses to provide services\&.
.RE
.PP
DISCONNECTED
.RS 4
This node is not reachable by other nodes via the private network\&. It is not currently participating in the cluster\&. It
\fIdoes not\fR
host public addresses to provide services\&. It might be shut down\&.
.RE
.PP
DISABLED
.RS 4
This node has been administratively disabled\&. This node is partially functional and participates in the cluster\&. However, it
\fIdoes not\fR
host public addresses to provide services\&.
.RE
.PP
UNHEALTHY
.RS 4
A service provided by this node has failed a health check and should be investigated\&. This node is partially functional and participates in the cluster\&. However, it
\fIdoes not\fR
host public addresses to provide services\&. Unhealthy nodes should be investigated and may require an administrative action to rectify\&.
.RE
.PP
BANNED
.RS 4
CTDB is not behaving as designed on this node\&. For example, it may have failed too many recovery attempts\&. Such nodes are banned from participating in the cluster for a configurable time period before they attempt to rejoin the cluster\&. A banned node
\fIdoes not\fR
host public addresses to provide services\&. All banned nodes should be investigated and may require an administrative action to rectify\&.
.RE
.PP
STOPPED
.RS 4
This node has been administratively exclude from the cluster\&. A stopped node does no participate in the cluster and
\fIdoes not\fR
host public addresses to provide services\&. This state can be used while performing maintenance on a node\&.
.RE
.PP
PARTIALLYONLINE
.RS 4
A node that is partially online participates in a cluster like a healthy (OK) node\&. Some interfaces to serve public addresses are down, but at least one interface is up\&. See also
\fBctdb ifaces\fR\&.
.RE
.SH "CAPABILITIES"
.PP
Cluster nodes can have several different capabilities enabled\&. These are listed below\&.
.PP
RECMASTER
.RS 4
Indicates that a node can become the CTDB cluster recovery master\&. The current recovery master is decided via an election held by all active nodes with this capability\&.
.sp
Default is YES\&.
.RE
.PP
LMASTER
.RS 4
Indicates that a node can be the location master (LMASTER) for database records\&. The LMASTER always knows which node has the latest copy of a record in a volatile database\&.
.sp
Default is YES\&.
.RE
.PP
The RECMASTER and LMASTER capabilities can be disabled when CTDB is used to create a cluster spanning across WAN links\&. In this case CTDB acts as a WAN accelerator\&.
.SH "LVS"
.PP
LVS is a mode where CTDB presents one single IP address for the entire cluster\&. This is an alternative to using public IP addresses and round\-robin DNS to loadbalance clients across the cluster\&.
.PP
This is similar to using a layer\-4 loadbalancing switch but with some restrictions\&.
.PP
One extra LVS public address is assigned on the public network to each LVS group\&. Each LVS group is a set of nodes in the cluster that presents the same LVS address public address to the outside world\&. Normally there would only be one LVS group spanning an entire cluster, but in situations where one CTDB cluster spans multiple physical sites it might be useful to have one LVS group for each site\&. There can be multiple LVS groups in a cluster but each node can only be member of one LVS group\&.
.PP
Client access to the cluster is load\-balanced across the HEALTHY nodes in an LVS group\&. If no HEALTHY nodes exists then all nodes in the group are used, regardless of health status\&. CTDB will, however never load\-balance LVS traffic to nodes that are BANNED, STOPPED, DISABLED or DISCONNECTED\&. The
\fBctdb lvs\fR
command is used to show which nodes are currently load\-balanced across\&.
.PP
In each LVS group, one of the nodes is selected by CTDB to be the LVS master\&. This node receives all traffic from clients coming in to the LVS public address and multiplexes it across the internal network to one of the nodes that LVS is using\&. When responding to the client, that node will send the data back directly to the client, bypassing the LVS master node\&. The command
\fBctdb lvs master\fR
will show which node is the current LVS master\&.
.PP
The path used for a client I/O is:
.sp
.RS 4
.ie n \{\
\h'-04' 1.\h'+01'\c
.\}
.el \{\
.sp -1
.IP "  1." 4.2
.\}
Client sends request packet to LVSMASTER\&.
.RE
.sp
.RS 4
.ie n \{\
\h'-04' 2.\h'+01'\c
.\}
.el \{\
.sp -1
.IP "  2." 4.2
.\}
LVSMASTER passes the request on to one node across the internal network\&.
.RE
.sp
.RS 4
.ie n \{\
\h'-04' 3.\h'+01'\c
.\}
.el \{\
.sp -1
.IP "  3." 4.2
.\}
Selected node processes the request\&.
.RE
.sp
.RS 4
.ie n \{\
\h'-04' 4.\h'+01'\c
.\}
.el \{\
.sp -1
.IP "  4." 4.2
.\}
Node responds back to client\&.
.RE
.PP
This means that all incoming traffic to the cluster will pass through one physical node, which limits scalability\&. You can send more data to the LVS address that one physical node can multiplex\&. This means that you should not use LVS if your I/O pattern is write\-intensive since you will be limited in the available network bandwidth that node can handle\&. LVS does work very well for read\-intensive workloads where only smallish READ requests are going through the LVSMASTER bottleneck and the majority of the traffic volume (the data in the read replies) goes straight from the processing node back to the clients\&. For read\-intensive i/o patterns you can achieve very high throughput rates in this mode\&.
.PP
Note: you can use LVS and public addresses at the same time\&.
.PP
If you use LVS, you must have a permanent address configured for the public interface on each node\&. This address must be routable and the cluster nodes must be configured so that all traffic back to client hosts are routed through this interface\&. This is also required in order to allow samba/winbind on the node to talk to the domain controller\&. This LVS IP address can not be used to initiate outgoing traffic\&.
.PP
Make sure that the domain controller and the clients are reachable from a node
\fIbefore\fR
you enable LVS\&. Also ensure that outgoing traffic to these hosts is routed out through the configured public interface\&.
.SS "Configuration"
.PP
To activate LVS on a CTDB node you must specify the
\fICTDB_LVS_PUBLIC_IFACE\fR,
\fICTDB_LVS_PUBLIC_IP\fR
and
\fICTDB_LVS_NODES\fR
configuration variables\&.
\fICTDB_LVS_NODES\fR
specifies a file containing the private address of all nodes in the current node\*(Aqs LVS group\&.
.PP
Example:
.sp
.if n \{\
.RS 4
.\}
.nf
CTDB_LVS_PUBLIC_IFACE=eth1
CTDB_LVS_PUBLIC_IP=10\&.1\&.1\&.237
CTDB_LVS_NODES=/usr/local/etc/ctdb/lvs_nodes

.fi
.if n \{\
.RE
.\}
.PP
Example
/usr/local/etc/ctdb/lvs_nodes:
.sp
.if n \{\
.RS 4
.\}
.nf
192\&.168\&.1\&.2
192\&.168\&.1\&.3
192\&.168\&.1\&.4

.fi
.if n \{\
.RE
.\}
.PP
Normally any node in an LVS group can act as the LVS master\&. Nodes that are highly loaded due to other demands maybe flagged with the "slave\-only" option in the
\fICTDB_LVS_NODES\fR
file to limit the LVS functionality of those nodes\&.
.PP
LVS nodes file that excludes 192\&.168\&.1\&.4 from being the LVS master node:
.sp
.if n \{\
.RS 4
.\}
.nf
192\&.168\&.1\&.2
192\&.168\&.1\&.3
192\&.168\&.1\&.4 slave\-only

.fi
.if n \{\
.RE
.\}
.SH "TRACKING AND RESETTING TCP CONNECTIONS"
.PP
CTDB tracks TCP connections from clients to public IP addresses, on known ports\&. When an IP address moves from one node to another, all existing TCP connections to that IP address are reset\&. The node taking over this IP address will also send gratuitous ARPs (for IPv4, or neighbour advertisement, for IPv6)\&. This allows clients to reconnect quickly, rather than waiting for TCP timeouts, which can be very long\&.
.PP
It is important that established TCP connections do not survive a release and take of a public IP address on the same node\&. Such connections can get out of sync with sequence and ACK numbers, potentially causing a disruptive ACK storm\&.
.SH "NAT GATEWAY"
.PP
NAT gateway (NATGW) is an optional feature that is used to configure fallback routing for nodes\&. This allows cluster nodes to connect to external services (e\&.g\&. DNS, AD, NIS and LDAP) when they do not host any public addresses (e\&.g\&. when they are unhealthy)\&.
.PP
This also applies to node startup because CTDB marks nodes as UNHEALTHY until they have passed a "monitor" event\&. In this context, NAT gateway helps to avoid a "chicken and egg" situation where a node needs to access an external service to become healthy\&.
.PP
Another way of solving this type of problem is to assign an extra static IP address to a public interface on every node\&. This is simpler but it uses an extra IP address per node, while NAT gateway generally uses only one extra IP address\&.
.SS "Operation"
.PP
One extra NATGW public address is assigned on the public network to each NATGW group\&. Each NATGW group is a set of nodes in the cluster that shares the same NATGW address to talk to the outside world\&. Normally there would only be one NATGW group spanning an entire cluster, but in situations where one CTDB cluster spans multiple physical sites it might be useful to have one NATGW group for each site\&.
.PP
There can be multiple NATGW groups in a cluster but each node can only be member of one NATGW group\&.
.PP
In each NATGW group, one of the nodes is selected by CTDB to be the NATGW master and the other nodes are consider to be NATGW slaves\&. NATGW slaves establish a fallback default route to the NATGW master via the private network\&. When a NATGW slave hosts no public IP addresses then it will use this route for outbound connections\&. The NATGW master hosts the NATGW public IP address and routes outgoing connections from slave nodes via this IP address\&. It also establishes a fallback default route\&.
.SS "Configuration"
.PP
NATGW is usually configured similar to the following example configuration:
.sp
.if n \{\
.RS 4
.\}
.nf
CTDB_NATGW_NODES=/usr/local/etc/ctdb/natgw_nodes
CTDB_NATGW_PRIVATE_NETWORK=192\&.168\&.1\&.0/24
CTDB_NATGW_PUBLIC_IP=10\&.0\&.0\&.227/24
CTDB_NATGW_PUBLIC_IFACE=eth0
CTDB_NATGW_DEFAULT_GATEWAY=10\&.0\&.0\&.1

.fi
.if n \{\
.RE
.\}
.PP
Normally any node in a NATGW group can act as the NATGW master\&. Some configurations may have special nodes that lack connectivity to a public network\&. In such cases, those nodes can be flagged with the "slave\-only" option in the
\fICTDB_NATGW_NODES\fR
file to limit the NATGW functionality of those nodes\&.
.PP
See the
NAT GATEWAY
section in
\fBctdb-script.options\fR(5)
for more details of NATGW configuration\&.
.SS "Implementation details"
.PP
When the NATGW functionality is used, one of the nodes is selected to act as a NAT gateway for all the other nodes in the group when they need to communicate with the external services\&. The NATGW master is selected to be a node that is most likely to have usable networks\&.
.PP
The NATGW master hosts the NATGW public IP address
\fICTDB_NATGW_PUBLIC_IP\fR
on the configured public interfaces
\fICTDB_NATGW_PUBLIC_IFACE\fR
and acts as a router, masquerading outgoing connections from slave nodes via this IP address\&. If
\fICTDB_NATGW_DEFAULT_GATEWAY\fR
is set then it also establishes a fallback default route to the configured this gateway with a metric of 10\&. A metric 10 route is used so it can co\-exist with other default routes that may be available\&.
.PP
A NATGW slave establishes its fallback default route to the NATGW master via the private network
\fICTDB_NATGW_PRIVATE_NETWORK\fRwith a metric of 10\&. This route is used for outbound connections when no other default route is available because the node hosts no public addresses\&. A metric 10 routes is used so that it can co\-exist with other default routes that may be available when the node is hosting public addresses\&.
.PP
\fICTDB_NATGW_STATIC_ROUTES\fR
can be used to have NATGW create more specific routes instead of just default routes\&.
.PP
This is implemented in the
11\&.natgw
eventscript\&. Please see the eventscript file and the
NAT GATEWAY
section in
\fBctdb-script.options\fR(5)
for more details\&.
.SH "POLICY ROUTING"
.PP
Policy routing is an optional CTDB feature to support complex network topologies\&. Public addresses may be spread across several different networks (or VLANs) and it may not be possible to route packets from these public addresses via the system\*(Aqs default route\&. Therefore, CTDB has support for policy routing via the
13\&.per_ip_routing
eventscript\&. This allows routing to be specified for packets sourced from each public address\&. The routes are added and removed as CTDB moves public addresses between nodes\&.
.SS "Configuration variables"
.PP
There are 4 configuration variables related to policy routing:
\fICTDB_PER_IP_ROUTING_CONF\fR,
\fICTDB_PER_IP_ROUTING_RULE_PREF\fR,
\fICTDB_PER_IP_ROUTING_TABLE_ID_LOW\fR,
\fICTDB_PER_IP_ROUTING_TABLE_ID_HIGH\fR\&. See the
POLICY ROUTING
section in
\fBctdb-script.options\fR(5)
for more details\&.
.SS "Configuration"
.PP
The format of each line of
\fICTDB_PER_IP_ROUTING_CONF\fR
is:
.sp
.if n \{\
.RS 4
.\}
.nf
<public_address> <network> [ <gateway> ]

.fi
.if n \{\
.RE
.\}
.PP
Leading whitespace is ignored and arbitrary whitespace may be used as a separator\&. Lines that have a "public address" item that doesn\*(Aqt match an actual public address are ignored\&. This means that comment lines can be added using a leading character such as \*(Aq#\*(Aq, since this will never match an IP address\&.
.PP
A line without a gateway indicates a link local route\&.
.PP
For example, consider the configuration line:
.sp
.if n \{\
.RS 4
.\}
.nf
  192\&.168\&.1\&.99	192\&.168\&.1\&.1/24

.fi
.if n \{\
.RE
.\}
.PP
If the corresponding public_addresses line is:
.sp
.if n \{\
.RS 4
.\}
.nf
  192\&.168\&.1\&.99/24     eth2,eth3

.fi
.if n \{\
.RE
.\}
.PP
\fICTDB_PER_IP_ROUTING_RULE_PREF\fR
is 100, and CTDB adds the address to eth2 then the following routing information is added:
.sp
.if n \{\
.RS 4
.\}
.nf
  ip rule add from 192\&.168\&.1\&.99 pref 100 table ctdb\&.192\&.168\&.1\&.99
  ip route add 192\&.168\&.1\&.0/24 dev eth2 table ctdb\&.192\&.168\&.1\&.99

.fi
.if n \{\
.RE
.\}
.PP
This causes traffic from 192\&.168\&.1\&.1 to 192\&.168\&.1\&.0/24 go via eth2\&.
.PP
The
\fBip rule\fR
command will show (something like \- depending on other public addresses and other routes on the system):
.sp
.if n \{\
.RS 4
.\}
.nf
  0:		from all lookup local
  100:		from 192\&.168\&.1\&.99 lookup ctdb\&.192\&.168\&.1\&.99
  32766:	from all lookup main
  32767:	from all lookup default

.fi
.if n \{\
.RE
.\}
.PP
\fBip route show table ctdb\&.192\&.168\&.1\&.99\fR
will show:
.sp
.if n \{\
.RS 4
.\}
.nf
  192\&.168\&.1\&.0/24 dev eth2 scope link

.fi
.if n \{\
.RE
.\}
.PP
The usual use for a line containing a gateway is to add a default route corresponding to a particular source address\&. Consider this line of configuration:
.sp
.if n \{\
.RS 4
.\}
.nf
  192\&.168\&.1\&.99	0\&.0\&.0\&.0/0	192\&.168\&.1\&.1

.fi
.if n \{\
.RE
.\}
.PP
In the situation described above this will cause an extra routing command to be executed:
.sp
.if n \{\
.RS 4
.\}
.nf
  ip route add 0\&.0\&.0\&.0/0 via 192\&.168\&.1\&.1 dev eth2 table ctdb\&.192\&.168\&.1\&.99

.fi
.if n \{\
.RE
.\}
.PP
With both configuration lines,
\fBip route show table ctdb\&.192\&.168\&.1\&.99\fR
will show:
.sp
.if n \{\
.RS 4
.\}
.nf
  192\&.168\&.1\&.0/24 dev eth2 scope link
  default via 192\&.168\&.1\&.1 dev eth2

.fi
.if n \{\
.RE
.\}
.SS "Sample configuration"
.PP
Here is a more complete example configuration\&.
.sp
.if n \{\
.RS 4
.\}
.nf
/usr/local/etc/ctdb/public_addresses:

  192\&.168\&.1\&.98	eth2,eth3
  192\&.168\&.1\&.99	eth2,eth3

/usr/local/etc/ctdb/policy_routing:

  192\&.168\&.1\&.98 192\&.168\&.1\&.0/24
  192\&.168\&.1\&.98 192\&.168\&.200\&.0/24	192\&.168\&.1\&.254
  192\&.168\&.1\&.98 0\&.0\&.0\&.0/0 	192\&.168\&.1\&.1
  192\&.168\&.1\&.99 192\&.168\&.1\&.0/24
  192\&.168\&.1\&.99 192\&.168\&.200\&.0/24	192\&.168\&.1\&.254
  192\&.168\&.1\&.99 0\&.0\&.0\&.0/0 	192\&.168\&.1\&.1

.fi
.if n \{\
.RE
.\}
.PP
The routes local packets as expected, the default route is as previously discussed, but packets to 192\&.168\&.200\&.0/24 are routed via the alternate gateway 192\&.168\&.1\&.254\&.
.SH "NOTIFICATIONS"
.PP
When certain state changes occur in CTDB, it can be configured to perform arbitrary actions via notifications\&. For example, sending SNMP traps or emails when a node becomes unhealthy or similar\&.
.PP
The notification mechanism runs all executable files ending in "\&.script" in
/usr/local/etc/ctdb/events/notification/, ignoring any failures and continuing to run all files\&.
.PP
CTDB currently generates notifications after CTDB changes to these states:
.RS 4
init
.RE
.RS 4
setup
.RE
.RS 4
startup
.RE
.RS 4
healthy
.RE
.RS 4
unhealthy
.RE
.SH "LOG LEVELS"
.PP
Valid log levels, in increasing order of verbosity, are:
.RS 4
ERROR
.RE
.RS 4
WARNING
.RE
.RS 4
NOTICE
.RE
.RS 4
INFO
.RE
.RS 4
DEBUG
.RE
.SH "REMOTE CLUSTER NODES"
.PP
It is possible to have a CTDB cluster that spans across a WAN link\&. For example where you have a CTDB cluster in your datacentre but you also want to have one additional CTDB node located at a remote branch site\&. This is similar to how a WAN accelerator works but with the difference that while a WAN\-accelerator often acts as a Proxy or a MitM, in the ctdb remote cluster node configuration the Samba instance at the remote site IS the genuine server, not a proxy and not a MitM, and thus provides 100% correct CIFS semantics to clients\&.
.PP
See the cluster as one single multihomed samba server where one of the NICs (the remote node) is very far away\&.
.PP
NOTE: This does require that the cluster filesystem you use can cope with WAN\-link latencies\&. Not all cluster filesystems can handle WAN\-link latencies! Whether this will provide very good WAN\-accelerator performance or it will perform very poorly depends entirely on how optimized your cluster filesystem is in handling high latency for data and metadata operations\&.
.PP
To activate a node as being a remote cluster node you need to set the following two parameters in /usr/local/etc/ctdb/ctdb\&.conf for the remote node:
.sp
.if n \{\
.RS 4
.\}
.nf
[legacy]
  lmaster capability = false
  recmaster capability = false

.fi
.if n \{\
.RE
.\}
.PP
Verify with the command "ctdb getcapabilities" that that node no longer has the recmaster or the lmaster capabilities\&.
.SH "SEE ALSO"
.PP
\fBctdb\fR(1),
\fBctdbd\fR(1),
\fBctdbd_wrapper\fR(1),
\fBctdb_diagnostics\fR(1),
\fBltdbtool\fR(1),
\fBonnode\fR(1),
\fBping_pong\fR(1),
\fBctdb.conf\fR(5),
\fBctdb-script.options\fR(5),
\fBctdb.sysconfig\fR(5),
\fBctdb-statistics\fR(7),
\fBctdb-tunables\fR(7),
\m[blue]\fB\%http://ctdb.samba.org/\fR\m[]
.SH "AUTHOR"
.br
.PP
This documentation was written by Ronnie Sahlberg, Amitay Isaacs, Martin Schwenke
.SH "COPYRIGHT"
.br
Copyright \(co 2007 Andrew Tridgell, Ronnie Sahlberg
.br
.PP
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version\&.
.PP
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE\&. See the GNU General Public License for more details\&.
.PP
You should have received a copy of the GNU General Public License along with this program; if not, see
\m[blue]\fB\%http://www.gnu.org/licenses\fR\m[]\&.
.sp




'\" t
.\"     Title: ctdb.conf
.\"    Author:
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\"      Date: 09/23/2020
.\"    Manual: CTDB - clustered TDB database
.\"    Source: ctdb
.\"  Language: English
.\"
.TH "CTDB\&.CONF" "5" "09/23/2020" "ctdb" "CTDB \- clustered TDB database"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
ctdb.conf \- CTDB configuration file
.SH "DESCRIPTION"
.PP
This file contains CTDB configuration options that affect the operation of CTDB daemons and command\-line tools\&. The default location of this file is
/usr/local/etc/ctdb/ctdb\&.conf\&.
.PP
Note that this is a Samba\-style configuration file, so it has a very different syntax to previous CTDB configuration files\&.
.PP
For event script options please see
\fBctdb-script.options\fR(5)\&.
.PP
Configuration options are grouped into several sections below\&. There are only a few options in each section, allowing them to be ordered (approximately) in decreasing order of importance\&.
.SH "LOGGING CONFIGURATION"
.PP
Options in this section control CTDB\*(Aqs logging\&. They are valid within the
\fIlogging\fR
section of file, indicated by
[logging]\&.
.PP
log level = \fILOGLEVEL\fR
.RS 4
LOGLEVEL is a string that controls the verbosity of ctdbd\*(Aqs logging\&. See the
LOG LEVELS
section in
\fBctdb\fR(7)
for more details\&.
.sp
Default:
NOTICE
.RE
.PP
location = \fISTRING\fR
.RS 4
STRING specifies where ctdbd will write its log\&.
.sp
Valid values are:
.PP
file:\fIFILENAME\fR
.RS 4
FILENAME where ctdbd will write its log\&. This is usually
/var/log/log\&.ctdb\&.
.RE
.PP
syslog[:\fIMETHOD\fR]
.RS 4
CTDB will log to syslog\&. By default this will use the syslog(3) API\&.
.sp
If METHOD is specified then it specifies an extension that causes logging to be done in a non\-blocking fashion\&. This can be useful under heavy loads that might cause the syslog daemon to dequeue messages too slowly, which would otherwise cause CTDB to block when logging\&. METHOD must be one of:
.PP
nonblocking
.RS 4
CTDB will log to syslog via
/dev/log
in non\-blocking mode\&.
.RE
.PP
udp
.RS 4
CTDB will log to syslog via UDP to localhost:514\&. The syslog daemon must be configured to listen on (at least) localhost:514\&. Most implementations will log the messages against hostname "localhost" \- this is a limit of the implementation for compatibility with more syslog daemon implementations\&.
.RE
.PP
udp\-rfc5424
.RS 4
As with "udp" but messages are sent in RFC5424 format\&. This method will log the correct hostname but is not as widely implemented in syslog daemons\&.
.RE
.RE
.sp
Default: file:/var/log/log\&.ctdb
.RE
.SH "CLUSTER CONFIGURATION"
.PP
Options in this section affect the CTDB cluster setup\&. They are valid within the
\fIcluster\fR
section of file, indicated by
[cluster]\&.
.PP
recovery lock = \fILOCK\fR
.RS 4
LOCK specifies the cluster\-wide mutex used to detect and prevent a partitioned cluster (or "split brain")\&.
.sp
For information about the recovery lock please see the
RECOVERY LOCK
section in
\fBctdb\fR(7)\&.
.sp
Default: NONE\&. However, uses of a recovery lock is
\fIstrongly recommended\fR\&.
.RE
.PP
node address = \fIIPADDR\fR
.RS 4
IPADDR is the private IP address that ctdbd will bind to\&.
.sp
This option is only required when automatic address detection can not be used\&. This can be the case when running multiple ctdbd daemons/nodes on the same physical host (usually for testing), using InfiniBand for the private network or on Linux when sysctl net\&.ipv4\&.ip_nonlocal_bind=1\&.
.sp
Default: CTDB selects the first address from the nodes list that it can bind to\&. See also the
PRIVATE ADDRESS
section in
\fBctdb\fR(7)\&.
.RE
.PP
transport = tcp|ib
.RS 4
This option specifies which transport to use for ctdbd internode communications on the private network\&.
.sp
ib
means InfiniBand\&. The InfiniBand support is not regularly tested\&. If it is known to be broken then it may be disabled so that a value of
ib
is considered invalid\&.
.sp
Default:
tcp
.RE
.SH "DATABASE CONFIGURATION"
.PP
Options in this section affect the CTDB database setup\&. They are valid within the
\fIdatabase\fR
section of file, indicated by
[database]\&.
.PP
volatile database directory = \fIDIRECTORY\fR
.RS 4
DIRECTORY on local storage where CTDB keeps a local copy of volatile TDB databases\&. This directory is local for each node and should not be stored on the shared cluster filesystem\&.
.sp
Mounting a tmpfs (or similar memory filesystem) on this directory can provide a significant performance improvement when there is I/O contention on the local disk\&.
.sp
Default:
/var/lib/ctdb/volatile
.RE
.PP
persistent database directory=\fIDIRECTORY\fR
.RS 4
DIRECTORY on local storage where CTDB keeps a local copy of persistent TDB databases\&. This directory is local for each node and should not be stored on the shared cluster filesystem\&.
.sp
Default:
/var/lib/ctdb/persistent
.RE
.PP
state database directory = \fIDIRECTORY\fR
.RS 4
DIRECTORY on local storage where CTDB keeps a local copy of internal state TDB databases\&. This directory is local for each node and should not be stored on the shared cluster filesystem\&.
.sp
Default:
/var/lib/ctdb/state
.RE
.PP
tdb mutexes = true|false
.RS 4
This parameter enables TDB_MUTEX_LOCKING feature on volatile databases if the robust mutexes are supported\&. This optimizes the record locking using robust mutexes and is much more efficient that using posix locks\&.
.sp
If robust mutexes are unreliable on the platform being used then they can be disabled by setting this to
false\&.
.RE
.PP
lock debug script = \fIFILENAME\fR
.RS 4
FILENAME is a script used by CTDB\*(Aqs database locking code to attempt to provide debugging information when CTDB is unable to lock an entire database or a record\&.
.sp
This script should be a bare filename relative to the CTDB configuration directory (/usr/local/etc/ctdb/)\&. Any directory prefix is ignored and the path is calculated relative to this directory\&.
.sp
CTDB provides a lock debugging script and installs it as
/usr/local/etc/ctdb/debug_locks\&.sh\&.
.sp
Default: NONE
.RE
.SH "EVENT HANDLING CONFIGURATION"
.PP
Options in this section affect CTDB event handling\&. They are valid within the
\fIevent\fR
section of file, indicated by
[event]\&.
.PP
debug script = \fIFILENAME\fR
.RS 4
FILENAME is a script used by CTDB\*(Aqs event handling code to attempt to provide debugging information when an event times out\&.
.sp
This script should be a bare filename relative to the CTDB configuration directory (/usr/local/etc/ctdb/)\&. Any directory prefix is ignored and the path is calculated relative to this directory\&.
.sp
CTDB provides a script for debugging timed out event scripts and installs it as
/usr/local/etc/ctdb/debug\-hung\-script\&.sh\&.
.sp
Default: NONE
.RE
.SH "FAILOVER CONFIGURATION"
.PP
Options in this section affect CTDB failover\&. They are valid within the
\fIfailover\fR
section of file, indicated by
[failover]\&.
.PP
disabled = true|false
.RS 4
If set to
true
then public IP failover is disabled\&.
.sp
Default:
false
.RE
.SH "LEGACY CONFIGURATION"
.PP
Options in this section affect legacy CTDB setup\&. They are valid within the
\fIlegacy\fR
section of file, indicated by
[legacy]\&.
.PP
ctdb start as stopped = true|false
.RS 4
If set to
true
CTDB starts in the STOPPED state\&.
.sp
To allow the node to take part in the cluster it must be manually continued with the
\fBctdb continue\fR
command\&.
.sp
Please see the
NODE STATES
section in
\fBctdb\fR(7)
for more information about the STOPPED state\&.
.sp
Default:
false
.RE
.PP
start as disabled = true|false
.RS 4
If set to
true
CTDB starts in the DISABLED state\&.
.sp
To allow the node to host public IP addresses and services, it must be manually enabled using the
\fBctdb enable\fR
command\&.
.sp
Please see the
NODE STATES
section in
\fBctdb\fR(7)
for more information about the DISABLED state\&.
.sp
Default:
false
.RE
.PP
realtime scheduling = true|false
.RS 4
Usually CTDB runs with real\-time priority\&. This helps it to perform effectively on a busy system, such as when there are thousands of Samba clients\&. If you are running CTDB on a platform that does not support real\-time priority, you can set this to
false\&.
.sp
Default:
true
.RE
.PP
recmaster capability = true|false
.RS 4
Indicates whether a node can become the recovery master for the cluster\&. If this is set to
false
then the node will not be able to become the recovery master for the cluster\&. This feature is primarily used for making a cluster span across a WAN link and use CTDB as a WAN\-accelerator\&.
.sp
Please see the
REMOTE CLUSTER NODES
section in
\fBctdb\fR(7)
for more information\&.
.sp
Default:
true
.RE
.PP
lmaster capability = true|false
.RS 4
Indicates whether a node can become a location master for records in a database\&. If this is set to
false
then the node will not be part of the vnnmap\&. This feature is primarily used for making a cluster span across a WAN link and use CTDB as a WAN\-accelerator\&.
.sp
Please see the
REMOTE CLUSTER NODES
section in
\fBctdb\fR(7)
for more information\&.
.sp
Default:
true
.RE
.PP
script log level = \fILOGLEVEL\fR
.RS 4
This option sets the debug level of event script output to LOGLEVEL\&.
.sp
See the
DEBUG LEVELS
section in
\fBctdb\fR(7)
for more information\&.
.sp
Default:
ERROR
.RE
.SH "FILES"
.RS 4
/usr/local/etc/ctdb/ctdb\&.conf
.RE
.SH "SEE ALSO"
.PP
\fBctdbd\fR(1),
\fBonnode\fR(1),
\fBctdb.sysconfig\fR(5),
\fBctdb-script.options\fR(5),
\fBctdb\fR(7),
\fBctdb-tunables\fR(7),
\m[blue]\fB\%http://ctdb.samba.org/\fR\m[]
.SH "AUTHOR"
.br
.PP
This documentation was written by Amitay Isaacs, Martin Schwenke
.SH "COPYRIGHT"
.br
Copyright \(co 2007 Andrew Tridgell, Ronnie Sahlberg
.br
.PP
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version\&.
.PP
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE\&. See the GNU General Public License for more details\&.
.PP
You should have received a copy of the GNU General Public License along with this program; if not, see
\m[blue]\fB\%http://www.gnu.org/licenses\fR\m[]\&.
.sp




'\" t
.\"     Title: ctdb.sysconfig
.\"    Author:
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\"      Date: 09/23/2020
.\"    Manual: CTDB - clustered TDB database
.\"    Source: ctdb
.\"  Language: English
.\"
.TH "CTDB\&.SYSCONFIG" "5" "09/23/2020" "ctdb" "CTDB \- clustered TDB database"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
ctdb.sysconfig \- CTDB daemon configuration file
.SH "DESCRIPTION"
.PP
This file contains configuration that affects the operation of CTDB\&. This is a distribution\-specific service configuration file such as
/etc/sysconfig/ctdb
(Red Hat) or
/etc/default/ctdb
(Debian) and is a shell script (see
\fBsh\fR(1))\&.
.SH "GLOBAL CONFIGURATION"
.PP
CTDB_INIT_STYLE=debian|redhat|suse
.RS 4
This is the init style used by the Linux distribution (or other operating system) being used\&. This is usually determined dynamically by checking the system\&. This variable is used by the initscript to determine which init system primitives to use\&. It is also used by some eventscripts to choose the name of initscripts for certain services, since these can vary between distributions\&.
.sp
If using CTDB\*(Aqs event scripts are unable to determine an appropriate default then this option can also be placed in a relevant
\fBctdb-script.options\fR(5)
file\&.
.sp
Default: NONE\&. Guessed, based on features of distribution\&.
.RE
.PP
CTDB_STARTUP_TIMEOUT=\fINUM\fR
.RS 4
NUM is the number of seconds to wait for
\fBctdbd\fR(1)
complete early initialisation up to a point where it is unlikely to abort\&. If
\fBctdbd\fR
doesn\*(Aqt complete the "setup" event before this timeout then it is killed\&.
.sp
Defaults: 10
.RE
.SH "RESOURCE LIMITS"
.SS "Maximum number of open files"
.PP
CTDB can use a lot of file descriptors, especially when used with Samba\&. If there are thousands of smbd processes connected to CTDB when this can mean that thousands of file descriptors are used\&. For CTDB, it is often necessary to increase limit on the maximum number of open files\&.
.PP
The maximum number of open files should be configured using an operating system mechanism\&.
.PP
systemd
.RS 4
The
LimitNOFILE=\fBLIMIT\fR
option can be used in a unit/service file increase the maximum number of open files\&. See
\fBsystemd.exec\fR(5)
for details\&.
.RE
.PP
SYSV init
.RS 4
Use a command like
\fBulimit \-n \fR\fB\fBLIMIT\fR\fR
to increase the maximum number of open files\&. This command can be put in the relevant distribution\-specific service configuration file\&.
.RE
.SS "Allowing core dumps"
.PP
Many distributions do not allow core dump files to be generated by default\&. To assist with debugging, core files can be enabled\&. This should be configured using an operating system mechanism\&.
.PP
systemd
.RS 4
The
LimitCORE=0|unlimited
option can be used in a unit/service file\&.
0
disallows core files,
unlimited
allows them\&. maximum number of open files\&. See
\fBsystemd.exec\fR(5)
for details\&.
.RE
.PP
SYSV init
.RS 4
Use a command like
\fBulimit \-c 0|unlimited\fR
to disable or enable core files as required\&. This command can be put in the relevant distribution\-specific service configuration file\&.
.RE
.SH "FILES"
.RS 4
/etc/sysconfig/ctdb
.RE
.RS 4
/etc/default/ctdb
.RE
.RS 4
/usr/local/etc/ctdb/script\&.options
.RE
.SH "SEE ALSO"
.PP
\fBctdbd\fR(1),
\fBctdb-script.options\fR(5),
\fBctdb\fR(7),
\m[blue]\fB\%http://ctdb.samba.org/\fR\m[]
.SH "AUTHOR"
.br
.PP
This documentation was written by Martin Schwenke
.SH "COPYRIGHT"
.br
Copyright \(co 2007 Andrew Tridgell, Ronnie Sahlberg
.br
.PP
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version\&.
.PP
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE\&. See the GNU General Public License for more details\&.
.PP
You should have received a copy of the GNU General Public License along with this program; if not, see
\m[blue]\fB\%http://www.gnu.org/licenses\fR\m[]\&.
.sp




'\" t
.\"     Title: ctdb_diagnostics
.\"    Author:
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\"      Date: 11/18/2018
.\"    Manual: CTDB - clustered TDB database
.\"    Source: ctdb
.\"  Language: English
.\"
.TH "CTDB_DIAGNOSTICS" "1" "11/18/2018" "ctdb" "CTDB \- clustered TDB database"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
ctdb_diagnostics \- dump diagnostic information about CTDB/Samba installation
.SH "SYNOPSIS"
.HP \w'\fBctdb_diagnostics\fR\ 'u
\fBctdb_diagnostics\fR [OPTIONS] \&.\&.\&.
.SH "DESCRIPTION"
.PP
ctdb_diagnostics is used to dump diagnostic information about a clustered Samba installation\&. This includes configuration files, output of relevant commands and logs\&. This information can be used to check the correctness of the configuration and to diagnose problems\&.
.SH "OPTIONS"
.PP
\-n <nodes>
.RS 4
Comma separated list of nodes to operate on
.RE
.PP
\-c
.RS 4
Ignore comment lines (starting with \*(Aq#\*(Aq) in file comparisons
.RE
.PP
\-w
.RS 4
Ignore whitespace in file comparisons
.RE
.PP
\-\-no\-ads
.RS 4
Do not use commands that assume an Active Directory Server
.RE
.SH "SEE ALSO"
.PP
\fBctdb\fR(1),
\fBctdb\fR(7),
\m[blue]\fB\%https://ctdb.samba.org/\fR\m[]
.SH "AUTHOR"
.br
.PP
This documentation was written by Martijn van Brummelen
.SH "COPYRIGHT"
.br
Copyright \(co 2015 Martijn van Brummelen
.br
.PP
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version\&.
.PP
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE\&. See the GNU General Public License for more details\&.
.PP
You should have received a copy of the GNU General Public License along with this program; if not, see
\m[blue]\fB\%http://www.gnu.org/licenses\fR\m[]\&.
.sp




'\" t
.\"     Title: ctdbd
.\"    Author:
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\"      Date: 09/23/2020
.\"    Manual: CTDB - clustered TDB database
.\"    Source: ctdb
.\"  Language: English
.\"
.TH "CTDBD" "1" "09/23/2020" "ctdb" "CTDB \- clustered TDB database"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
ctdbd \- The CTDB cluster daemon
.SH "SYNOPSIS"
.HP \w'\fBctdbd\fR\ 'u
\fBctdbd\fR [\fIOPTION\fR...]
.SH "DESCRIPTION"
.PP
ctdbd is the main CTDB daemon\&.
.PP
Note that ctdbd is not usually invoked directly\&. It is invoked via
\fBctdbd_wrapper\fR(1)
or via the initscript\&.
.PP
See
\fBctdb\fR(7)
for an overview of CTDB\&.
.SH "GENERAL OPTIONS"
.PP
\-i, \-\-interactive
.RS 4
Enable interactive mode\&. This will make ctdbd run in the foreground and not detach from the terminal\&. In this mode ctdbd will log to stderr\&.
.sp
By default ctdbd will detach itself and run in the background as a daemon, logging to the configured destination\&.
.RE
.PP
\-?, \-\-help
.RS 4
Display a summary of options\&.
.RE
.SH "SEE ALSO"
.PP
\fBctdb\fR(1),
\fBctdbd_wrapper\fR(1),
\fBonnode\fR(1),
\fBctdb.conf\fR(5),
\fBctdb\fR(7),
\fBctdb-tunables\fR(7),
\m[blue]\fB\%http://ctdb.samba.org/\fR\m[]
.SH "AUTHOR"
.br
.PP
This documentation was written by Ronnie Sahlberg, Amitay Isaacs, Martin Schwenke
.SH "COPYRIGHT"
.br
Copyright \(co 2007 Andrew Tridgell, Ronnie Sahlberg
.br
.PP
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version\&.
.PP
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE\&. See the GNU General Public License for more details\&.
.PP
You should have received a copy of the GNU General Public License along with this program; if not, see
\m[blue]\fB\%http://www.gnu.org/licenses\fR\m[]\&.
.sp




'\" t
.\"     Title: ctdbd_wrapper
.\"    Author:
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\"      Date: 09/23/2020
.\"    Manual: CTDB - clustered TDB database
.\"    Source: ctdb
.\"  Language: English
.\"
.TH "CTDBD_WRAPPER" "1" "09/23/2020" "ctdb" "CTDB \- clustered TDB database"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
ctdbd_wrapper \- Wrapper for ctdbd
.SH "SYNOPSIS"
.HP \w'\fBctdbd_wrapper\fR\ 'u
\fBctdbd_wrapper\fR {start | stop}
.SH "DESCRIPTION"
.PP
ctdbd_wrapper is used to start or stop the main CTDB daemon\&.
.PP
See
\fBctdb\fR(7)
for an overview of CTDB\&.
.SH "SEE ALSO"
.PP
\fBctdbd\fR(1),
\fBctdb.sysconfig\fR(5),
\fBctdb\fR(7),
\m[blue]\fB\%http://ctdb.samba.org/\fR\m[]
.SH "AUTHOR"
.br
.PP
This documentation was written by Amitay Isaacs, Martin Schwenke
.SH "COPYRIGHT"
.br
Copyright \(co 2007 Andrew Tridgell, Ronnie Sahlberg
.br
.PP
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version\&.
.PP
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE\&. See the GNU General Public License for more details\&.
.PP
You should have received a copy of the GNU General Public License along with this program; if not, see
\m[blue]\fB\%http://www.gnu.org/licenses\fR\m[]\&.
.sp




'\" t
.\"     Title: gentest
.\"    Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\"      Date: 09/23/2020
.\"    Manual: Test Suite
.\"    Source: Samba 4.0
.\"  Language: English
.\"
.TH "GENTEST" "1" "09/23/2020" "Samba 4\&.0" "Test Suite"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
gentest \- Run random generic SMB operations against two SMB servers and show the differences in behavior
.SH "SYNOPSIS"
.HP \w'\fBgentest\fR\ 'u
\fBgentest\fR {//server1/share1} {//server2/share2} {\-U\ user%pass} {\-U\ user%pass} [\-s\ seed] [\-o\ numops] [\-a] [\-A] [\-i\ FILE] [\-O] [\-S\ FILE] [\-L] [\-F] [\-C] [\-X]
.SH "DESCRIPTION"
.PP
gentest
is a utility for detecting differences in behaviour between SMB servers\&. It will run a random set of generic operations against
\fI//server1/share1\fR
and then the same random set against
\fI//server2/share2\fR
and display the differences in the responses it gets\&.
.PP
This utility is used by the Samba team to find differences in behaviour between Samba and Windows servers\&.
.SH "OPTIONS"
.PP
\-U user%pass
.RS 4
Specify the user and password to use when logging on on the shares\&. This parameter is mandatory and has to be specified twice\&.
.RE
.PP
\-s seed
.RS 4
Seed the random number generator with the specified value\&.
.RE
.PP
\-o numops
.RS 4
Set the number of operations to perform\&.
.RE
.PP
\-a
.RS 4
Print the operations that are performed\&.
.RE
.PP
\-A
.RS 4
Backtrack to find minimal number of operations required to make the response to a certain call differ\&.
.RE
.PP
\-i FILE
.RS 4
Specify a file containing the names of fields that have to be ignored (such as time fields)\&. See below for a description of the file format\&.
.RE
.PP
\-O
.RS 4
Enable oplocks\&.
.RE
.PP
\-S FILE
.RS 4
Set preset seeds file\&. The default is
gentest_seeds\&.dat\&.
.RE
.PP
\-L
.RS 4
Use preset seeds
.RE
.PP
\-F
.RS 4
Fast reconnect (just close files)
.RE
.PP
\-C
.RS 4
Continuous analysis mode
.RE
.PP
\-X
.RS 4
Analyse even when the test succeeded\&.
.RE
.SH "VERSION"
.PP
This man page is correct for version 4\&.0 of the Samba suite\&.
.SH "SEE ALSO"
.PP
Samba
.SH "AUTHOR"
.PP
This utility is part of the
\m[blue]\fBSamba\fR\m[]\&\s-2\u[1]\d\s+2
suite, which is developed by the global
\m[blue]\fBSamba Team\fR\m[]\&\s-2\u[2]\d\s+2\&.
.PP
gentest was written by Andrew Tridgell\&.
.PP
This manpage was written by Jelmer Vernooij\&.
.SH "NOTES"
.IP " 1." 4
Samba
.RS 4
\%http://www.samba.org/
.RE
.IP " 2." 4
Samba Team
.RS 4
\%http://www.samba.org/samba/team/
.RE




'\" t
.\"     Title: ldbadd
.\"    Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\"      Date: 09/23/2020
.\"    Manual: System Administration tools
.\"    Source: LDB 1.1
.\"  Language: English
.\"
.TH "LDBADD" "1" "09/23/2020" "LDB 1\&.1" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
ldbadd \- Command\-line utility for adding records to an LDB
.SH "SYNOPSIS"
.HP \w'\fBldbadd\fR\ 'u
\fBldbadd\fR [\-h] [\-H\ LDB\-URL] [ldif\-file1] [ldif\-file2] [\&.\&.\&.]
.SH "DESCRIPTION"
.PP
ldbadd adds records to an ldb(3) database\&. It reads the ldif(5) files specified on the command line and adds the records from these files to the LDB database, which is specified by the \-H option or the LDB_URL environment variable\&.
.PP
If \- is specified as a ldb file, the ldif input is read from standard input\&.
.SH "OPTIONS"
.PP
\-h
.RS 4
Show list of available options\&.
.RE
.PP
\-H <ldb\-url>
.RS 4
LDB URL to connect to\&. See ldb(3) for details\&.
.RE
.SH "ENVIRONMENT"
.PP
LDB_URL
.RS 4
LDB URL to connect to (can be overridden by using the \-H command\-line option\&.)
.RE
.SH "VERSION"
.PP
This man page is correct for version 1\&.1 of LDB\&.
.SH "SEE ALSO"
.PP
ldb(3), ldbmodify, ldbdel, ldif(5)
.SH "AUTHOR"
.PP
ldb was written by
\m[blue]\fBAndrew Tridgell\fR\m[]\&\s-2\u[1]\d\s+2\&.
.PP
If you wish to report a problem or make a suggestion then please see the
\m[blue]\fB\%http://ldb.samba.org/\fR\m[]
web site for current contact and maintainer information\&.
.PP
This manpage was written by Jelmer Vernooij\&.
.SH "NOTES"
.IP " 1." 4
Andrew Tridgell
.RS 4
\%https://www.samba.org/~tridge/
.RE




'\" t
.\"     Title: ldbdel
.\"    Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\"      Date: 09/23/2020
.\"    Manual: System Administration tools
.\"    Source: LDB 1.1
.\"  Language: English
.\"
.TH "LDBDEL" "1" "09/23/2020" "LDB 1\&.1" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
ldbdel \- Command\-line program for deleting LDB records
.SH "SYNOPSIS"
.HP \w'\fBldbdel\fR\ 'u
\fBldbdel\fR [\-h] [\-H\ LDB\-URL] [dn] [\&.\&.\&.]
.SH "DESCRIPTION"
.PP
ldbdel deletes records from an ldb(3) database\&. It deletes the records identified by the dn\*(Aqs specified on the command\-line\&.
.PP
ldbdel uses either the database that is specified with the \-H option or the database specified by the LDB_URL environment variable\&.
.SH "OPTIONS"
.PP
\-h
.RS 4
Show list of available options\&.
.RE
.PP
\-H <ldb\-url>
.RS 4
LDB URL to connect to\&. See ldb(3) for details\&.
.RE
.SH "ENVIRONMENT"
.PP
LDB_URL
.RS 4
LDB URL to connect to (can be overridden by using the \-H command\-line option\&.)
.RE
.SH "VERSION"
.PP
This man page is correct for version 1\&.1 of LDB\&.
.SH "SEE ALSO"
.PP
ldb(3), ldbmodify, ldbadd, ldif(5)
.SH "AUTHOR"
.PP
ldb was written by
\m[blue]\fBAndrew Tridgell\fR\m[]\&\s-2\u[1]\d\s+2\&.
.PP
If you wish to report a problem or make a suggestion then please see the
\m[blue]\fB\%http://ldb.samba.org/\fR\m[]
web site for current contact and maintainer information\&.
.PP
ldbdel was written by Andrew Tridgell\&.
.PP
This manpage was written by Jelmer Vernooij\&.
.SH "NOTES"
.IP " 1." 4
Andrew Tridgell
.RS 4
\%https://www.samba.org/~tridge/
.RE




'\" t
.\"     Title: ldbedit
.\"    Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\"      Date: 09/23/2020
.\"    Manual: System Administration tools
.\"    Source: LDB 1.1
.\"  Language: English
.\"
.TH "LDBEDIT" "1" "09/23/2020" "LDB 1\&.1" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
ldbedit \- Edit LDB databases using your preferred editor
.SH "SYNOPSIS"
.HP \w'\fBldbedit\fR\ 'u
\fBldbedit\fR [\-?] [\-\-usage] [\-s\ base|one|sub] [\-b\ basedn] [\-a] [\-e\ editor] [\-H\ LDB\-URL] [expression] [attributes...]
.SH "DESCRIPTION"
.PP
ldbedit is a utility that allows you to edit LDB entries (in tdb files, sqlite files or LDAP servers) using your preferred editor\&. ldbedit generates an LDIF file based on your query, allows you to edit the LDIF, and then merges that LDIF back into the LDB backend\&.
.SH "OPTIONS"
.PP
\-?, \-\-help
.RS 4
Show list of available options, and a phrase describing what that option does\&.
.RE
.PP
\-\-usage
.RS 4
Show list of available options\&. This is similar to the help option, however it does not provide any description, and is hence shorter\&.
.RE
.PP
\-H <ldb\-url>
.RS 4
LDB URL to connect to\&. For a tdb database, this will be of the form tdb://\fIfilename\fR\&. For a LDAP connection over unix domain sockets, this will be of the form ldapi://\fIsocket\fR\&. For a (potentially remote) LDAP connection over TCP, this will be of the form ldap://\fIhostname\fR\&. For an SQLite database, this will be of the form sqlite://\fIfilename\fR\&.
.RE
.PP
\-s one|sub|base
.RS 4
Search scope to use\&. One\-level, subtree or base\&.
.RE
.PP
\-a, \-all
.RS 4
Edit all records\&. This allows you to apply the same change to a number of records at once\&. You probably want to combine this with an expression of the form "objectclass=*"\&.
.RE
.PP
\-e editor, \-\-editor editor
.RS 4
Specify the editor that should be used (overrides the VISUAL and EDITOR environment variables)\&. If this option is not used, and neither VISUAL nor EDITOR environment variables are set, then the vi editor will be used\&.
.RE
.PP
\-b basedn
.RS 4
Specify Base Distinguished Name to use\&.
.RE
.PP
\-v, \-\-verbose
.RS 4
Make ldbedit more verbose about the operations that are being performed\&. Without this option, ldbedit will only provide a summary change line\&.
.RE
.SH "ENVIRONMENT"
.PP
LDB_URL
.RS 4
LDB URL to connect to\&. This can be overridden by using the \-H command\-line option\&.)
.RE
.PP
VISUAL and EDITOR
.RS 4
Environment variables used to determine what editor to use\&. VISUAL takes precedence over EDITOR, and both are overridden by the \-e command\-line option\&.
.RE
.SH "VERSION"
.PP
This man page is correct for version 1\&.1 of LDB\&.
.SH "SEE ALSO"
.PP
ldb(3), ldbmodify(1), ldbdel(1), ldif(5), vi(1)
.SH "AUTHOR"
.PP
ldb was written by
\m[blue]\fBAndrew Tridgell\fR\m[]\&\s-2\u[1]\d\s+2\&.
.PP
If you wish to report a problem or make a suggestion then please see the
\m[blue]\fB\%http://ldb.samba.org/\fR\m[]
web site for current contact and maintainer information\&.
.PP
This manpage was written by Jelmer Vernooij and updated by Brad Hards\&.
.SH "NOTES"
.IP " 1." 4
Andrew Tridgell
.RS 4
\%https://www.samba.org/~tridge/
.RE




'\" t
.\"     Title: ldbmodify
.\"    Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\"      Date: 09/23/2020
.\"    Manual: System Administration tools
.\"    Source: LDB 1.1
.\"  Language: English
.\"
.TH "LDBMODIFY" "1" "09/23/2020" "LDB 1\&.1" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
ldbmodify \- Modify records in a LDB database
.SH "SYNOPSIS"
.HP \w'\fBldbmodify\fR\ 'u
\fBldbmodify\fR [\-H\ LDB\-URL] [ldif\-file]
.SH "DESCRIPTION"
.PP
ldbmodify changes, adds and deletes records in a LDB database\&. The changes that should be made to the LDB database are read from the specified LDIF\-file\&. If \- is specified as the filename, input is read from stdin\&.
.PP
For now, see ldapmodify(1) for details on the LDIF file format\&.
.SH "OPTIONS"
.PP
\-H <ldb\-url>
.RS 4
LDB URL to connect to\&. See ldb(3) for details\&.
.RE
.SH "ENVIRONMENT"
.PP
LDB_URL
.RS 4
LDB URL to connect to (can be overridden by using the \-H command\-line option\&.)
.RE
.SH "VERSION"
.PP
This man page is correct for version 1\&.1 of LDB\&.
.SH "SEE ALSO"
.PP
ldb(3), ldbedit
.SH "AUTHOR"
.PP
ldb was written by
\m[blue]\fBAndrew Tridgell\fR\m[]\&\s-2\u[1]\d\s+2\&.
.PP
If you wish to report a problem or make a suggestion then please see the
\m[blue]\fB\%http://ldb.samba.org/\fR\m[]
web site for current contact and maintainer information\&.
.PP
This manpage was written by Jelmer Vernooij\&.
.SH "NOTES"
.IP " 1." 4
Andrew Tridgell
.RS 4
\%https://www.samba.org/~tridge/
.RE

Added Link Here

(-)b/net/samba415/files/man/ldbrename.1 (+81 lines)
1	'\" t
2	.\" Title: ldbrename
3	.\" Author: [see the "AUTHOR" section]
4	.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
5	.\" Date: 09/23/2020
6	.\" Manual: System Administration tools
7	.\" Source: LDB 1.1
8	.\" Language: English
9	.\"
10	.TH "LDBRENAME" "1" "09/23/2020" "LDB 1\&.1" "System Administration tools"
11	.\" -----------------------------------------------------------------
12	.\" * Define some portability stuff
13	.\" -----------------------------------------------------------------
14	.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
15	.\" http://bugs.debian.org/507673
16	.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
17	.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
18	.ie \n(.g .ds Aq \(aq
19	.el .ds Aq '
20	.\" -----------------------------------------------------------------
21	.\" * set default formatting
22	.\" -----------------------------------------------------------------
23	.\" disable hyphenation
24	.nh
25	.\" disable justification (adjust text to left margin only)
26	.ad l
27	.\" -----------------------------------------------------------------
28	.\" * MAIN CONTENT STARTS HERE *
29	.\" -----------------------------------------------------------------
30	.SH "NAME"
31	ldbrename \- Edit LDB databases using your favorite editor
32	.SH "SYNOPSIS"
33	.HP \w'\fBldbrename\fR\ 'u
34	\fBldbrename\fR [\-h] [\-o\ options] {olddn} {newdn}
35	.SH "DESCRIPTION"
36	.PP
37	ldbrename is a utility that allows you to rename trees in an LDB database based by DN\&. This utility takes two arguments: the original DN name of the top element and the DN to change it to\&.
38	.SH "OPTIONS"
39	.PP
40	\-h
41	.RS 4
42	Show list of available options\&.
43	.RE
44	.PP
45	\-H <ldb\-url>
46	.RS 4
47	LDB URL to connect to\&. See ldb(3) for details\&.
48	.RE
49	.PP
50	\-o options
51	.RS 4
52	Extra ldb options, such as modules\&.
53	.RE
54	.SH "ENVIRONMENT"
55	.PP
56	LDB_URL
57	.RS 4
58	LDB URL to connect to (can be overridden by using the \-H command\-line option\&.)
59	.RE
60	.SH "VERSION"
61	.PP
62	This man page is correct for version 1\&.1 of LDB\&.
63	.SH "SEE ALSO"
64	.PP
65	ldb(3), ldbmodify, ldbdel, ldif(5)
66	.SH "AUTHOR"
67	.PP
68	ldb was written by
69	\m[blue]\fBAndrew Tridgell\fR\m[]\&\s-2\u[1]\d\s+2\&.
70	.PP
71	If you wish to report a problem or make a suggestion then please see the
72	\m[blue]\fB\%http://ldb.samba.org/\fR\m[]
73	web site for current contact and maintainer information\&.
74	.PP
75	This manpage was written by Jelmer Vernooij\&.
76	.SH "NOTES"
77	.IP " 1." 4
78	Andrew Tridgell
79	.RS 4
80	\%https://www.samba.org/~tridge/
81	.RE




'\" t
.\"     Title: ldbsearch
.\"    Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\"      Date: 09/23/2020
.\"    Manual: System Administration tools
.\"    Source: LDB 1.1
.\"  Language: English
.\"
.TH "LDBSEARCH" "1" "09/23/2020" "LDB 1\&.1" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
ldbsearch \- Search for records in a LDB database
.SH "SYNOPSIS"
.HP \w'\fBldbsearch\fR\ 'u
\fBldbsearch\fR [\-h] [\-s\ base|one|sub] [\-b\ basedn] [\-i] [\-H\ LDB\-URL] [expression] [attributes]
.SH "DESCRIPTION"
.PP
ldbsearch searches a LDB database for records matching the specified expression (see the ldapsearch(1) manpage for a description of the expression format)\&. For each record, the specified attributes are printed\&.
.SH "OPTIONS"
.PP
\-h
.RS 4
Show list of available options\&.
.RE
.PP
\-H <ldb\-url>
.RS 4
LDB URL to connect to\&. See ldb(3) for details\&.
.RE
.PP
\-s one|sub|base
.RS 4
Search scope to use\&. One\-level, subtree or base\&.
.RE
.PP
\-i
.RS 4
Read search expressions from stdin\&.
.RE
.PP
\-b basedn
.RS 4
Specify Base DN to use\&.
.RE
.SH "ENVIRONMENT"
.PP
LDB_URL
.RS 4
LDB URL to connect to (can be overridden by using the \-H command\-line option\&.)
.RE
.SH "VERSION"
.PP
This man page is correct for version 1\&.1 of LDB\&.
.SH "SEE ALSO"
.PP
ldb(3), ldbedit(1)
.SH "AUTHOR"
.PP
ldb was written by
\m[blue]\fBAndrew Tridgell\fR\m[]\&\s-2\u[1]\d\s+2\&.
.PP
If you wish to report a problem or make a suggestion then please see the
\m[blue]\fB\%http://ldb.samba.org/\fR\m[]
web site for current contact and maintainer information\&.
.PP
This manpage was written by Jelmer Vernooij\&.
.SH "NOTES"
.IP " 1." 4
Andrew Tridgell
.RS 4
\%https://www.samba.org/~tridge/
.RE




'\" t
.\"     Title: locktest
.\"    Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\"      Date: 09/23/2020
.\"    Manual: Test Suite
.\"    Source: Samba 4.0
.\"  Language: English
.\"
.TH "LOCKTEST" "1" "09/23/2020" "Samba 4\&.0" "Test Suite"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
locktest \- Find differences in locking between two SMB servers
.SH "SYNOPSIS"
.HP \w'\fBlocktest\fR\ 'u
\fBlocktest\fR {//server1/share1} {//server2/share2} [\-U\ user%pass] [\-U\ user%pass] [\-s\ seed] [\-o\ numops] [\-a] [\-O] [\-E] [\-Z] [\-R\ range] [\-B\ base] [\-M\ min]
.SH "DESCRIPTION"
.PP
locktest
is a utility for detecting differences in behaviour in locking between SMB servers\&. It will run a random set of locking operations against
\fI//server1/share1\fR
and then the same random set against
\fI//server2/share2\fR
and display the differences in the responses it gets\&.
.PP
This utility is used by the Samba team to find differences in behaviour between Samba and Windows servers\&.
.SH "OPTIONS"
.PP
\-U user%pass
.RS 4
Specify the user and password to use when logging on on the shares\&. This parameter can be specified twice (once for the first server, once for the second)\&.
.RE
.PP
\-s seed
.RS 4
Seed the random number generator with the specified value\&.
.RE
.PP
\-o numops
.RS 4
Set the number of operations to perform\&.
.RE
.PP
\-a
.RS 4
Print the operations that are performed\&.
.RE
.PP
\-A
.RS 4
Backtrack to find minimal number of operations required to make the response to a certain call differ\&.
.RE
.PP
\-O
.RS 4
Enable oplocks\&.
.RE
.PP
\-u
.RS 4
Hide unlock fails\&.
.RE
.PP
\-E
.RS 4
enable exact error code checking
.RE
.PP
\-Z
.RS 4
enable the zero/zero lock
.RE
.PP
\-R range
.RS 4
set lock range
.RE
.PP
\-B base
.RS 4
set lock base
.RE
.PP
\-M min
.RS 4
set min lock length
.RE
.PP
\-k
.RS 4
Use kerberos
.RE
.SH "VERSION"
.PP
This man page is correct for version 4\&.0 of the Samba suite\&.
.SH "SEE ALSO"
.PP
Samba
.SH "AUTHOR"
.PP
This utility is part of the
\m[blue]\fBSamba\fR\m[]\&\s-2\u[1]\d\s+2
suite, which is developed by the global
\m[blue]\fBSamba Team\fR\m[]\&\s-2\u[2]\d\s+2\&.
.PP
locktest was written by Andrew Tridgell\&.
.PP
This manpage was written by Jelmer Vernooij\&.
.SH "NOTES"
.IP " 1." 4
Samba
.RS 4
\%http://www.samba.org/
.RE
.IP " 2." 4
Samba Team
.RS 4
\%http://www.samba.org/samba/team/
.RE




'\" t
.\"     Title: ltdbtool
.\"    Author:
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\"      Date: 09/23/2020
.\"    Manual: CTDB - clustered TDB database
.\"    Source: ctdb
.\"  Language: English
.\"
.TH "LTDBTOOL" "1" "09/23/2020" "ctdb" "CTDB \- clustered TDB database"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
ltdbtool \- manipulate CTDB\*(Aqs local TDB files
.SH "SYNOPSIS"
.HP \w'\fBltdbtool\fR\ 'u
\fBltdbtool\fR [\fIOPTION\fR...] {\fICOMMAND\fR} [\fICOMMAND\-ARGS\fR]
.SH "DESCRIPTION"
.PP
ltdbtool is a utility to manipulate CTDB\*(Aqs local TDB databases (LTDBs) without connecting to a CTDB daemon\&.
.PP
It can be used to:
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
dump the contents of a LTDB, optionally printing the CTDB record header information,
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
convert between an LTDB and a non\-clustered tdb by adding or removing CTDB headers and
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
convert between 64 and 32 bit LTDBs where the CTDB record headers differ by 4 bytes of padding\&.
.RE
.SH "OPTIONS"
.PP
\-e
.RS 4
Dump empty records\&. These are normally excluded\&.
.RE
.PP
\-p
.RS 4
Dump with header information, similar to "ctdb catdb"\&.
.RE
.PP
\-s {0 | 32 | 64}
.RS 4
Specify how to determine the CTDB record header size for the input database:
.PP
0
.RS 4
no CTDB header
.RE
.PP
32
.RS 4
CTDB header size of a 32 bit system (20 bytes)
.RE
.PP
64
.RS 4
CTDB header size of a 64 bit system (24 bytes)
.RE
.sp
The default is 32 or 64 depending on the system architecture\&.
.RE
.PP
\-o {0 | 32 | 64}
.RS 4
Specify how to determine the CTDB record header size for the output database, see \-s\&.
.RE
.PP
\-S \fISIZE\fR
.RS 4
Explicitly specify the CTDB record header SIZE of the input database in bytes\&.
.RE
.PP
\-O \fISIZE\fR
.RS 4
Explicitly specify the CTDB record header SIZE for the output database in bytes\&.
.RE
.PP
\-h
.RS 4
Print help text\&.
.RE
.SH "COMMANDS"
.PP
help
.RS 4
Print help text\&.
.RE
.PP
dump \fIIDB\fR
.RS 4
Dump the contents of an LTDB input file IDB to standard output in a human\-readable format\&.
.RE
.PP
convert \fIIDB\fR \fIODB\fR
.RS 4
Copy an LTDB input file IDB to output file ODB, optionally adding or removing CTDB headers\&.
.RE
.SH "EXAMPLES"
.PP
Print a local tdb in "tdbdump" style:
.sp
.if n \{\
.RS 4
.\}
.nf
      ltdbtool dump idmap2\&.tdb\&.0

.fi
.if n \{\
.RE
.\}
.PP
Print a local tdb with header information similar to "ctdb catdb":
.sp
.if n \{\
.RS 4
.\}
.nf
      ltdbtool dump \-p idmap2\&.tdb\&.0

.fi
.if n \{\
.RE
.\}
.PP
Strip the CTDB headers from records:
.sp
.if n \{\
.RS 4
.\}
.nf
      ltdbtool convert \-o0 idmap2\&.tdb\&.0 idmap\&.tdb

.fi
.if n \{\
.RE
.\}
.PP
Strip 64 bit CTDB headers from records, running on i386:
.sp
.if n \{\
.RS 4
.\}
.nf
      ltdbtool convert \-s64 \-o0 idmap2\&.tdb\&.0 idmap\&.tdb

.fi
.if n \{\
.RE
.\}
.PP
Strip the CTDB headers from records by piping through tdbrestore:
.sp
.if n \{\
.RS 4
.\}
.nf
      ltdbtool dump idmap2\&.tdb\&.0 | tdbrestore idmap\&.tdb

.fi
.if n \{\
.RE
.\}
.PP
Convert a local tdb from a 64 bit system for usage on a 32 bit system:
.sp
.if n \{\
.RS 4
.\}
.nf
      ltdbtool convert \-s64 \-o32 idmap2\&.tdb\&.0 idmap2\&.tdb\&.1

.fi
.if n \{\
.RE
.\}
.PP
Add a default header:
.sp
.if n \{\
.RS 4
.\}
.nf
      ltdbtool convert \-s0 idmap\&.tdb idmap2\&.tdb\&.0

.fi
.if n \{\
.RE
.\}
.SH "SEE ALSO"
.PP
\fBctdb\fR(1),
\fBtdbdump\fR(1),
\fBtdbrestore\fR(1),
\fBctdb\fR(7),
\m[blue]\fB\%http://ctdb.samba.org/\fR\m[]
.SH "AUTHOR"
.br
.PP
This documentation was written by Gregor Beck
.SH "COPYRIGHT"
.br
Copyright \(co 2011 Gregor Beck, Michael Adam
.br
.PP
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version\&.
.PP
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE\&. See the GNU General Public License for more details\&.
.PP
You should have received a copy of the GNU General Public License along with this program; if not, see
\m[blue]\fB\%http://www.gnu.org/licenses\fR\m[]\&.
.sp




'\" t
.\"     Title: masktest
.\"    Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\"      Date: 09/23/2020
.\"    Manual: Test Suite
.\"    Source: Samba 4.0
.\"  Language: English
.\"
.TH "MASKTEST" "1" "09/23/2020" "Samba 4\&.0" "Test Suite"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
masktest \- Find differences in wildcard matching between Samba\*(Aqs implementation and that of a remote server\&.
.SH "SYNOPSIS"
.HP \w'\fBmasktest\fR\ 'u
\fBmasktest\fR {//server/share} [\-U\ user%pass] [\-d\ debuglevel] [\-W\ workgroup] [\-n\ numloops] [\-s\ seed] [\-a] [\-E] [\-M\ max\ protocol] [\-f\ filechars] [\-m\ maskchars] [\-v]
.SH "DESCRIPTION"
.PP
masktest
is a utility for detecting differences in behaviour between Samba\*(Aqs own implementation and that of a remote server\&. It will run generate random filenames/masks and check if these match the same files they do on the remote file as they do on the local server\&. It will display any differences it finds\&.
.PP
This utility is used by the Samba team to find differences in behaviour between Samba and Windows servers\&.
.SH "OPTIONS"
.PP
\-U user%pass
.RS 4
Specify the user and password to use when logging on on the shares\&. This parameter can be specified twice (once for the first server, once for the second)\&.
.RE
.PP
\-s seed
.RS 4
Seed the random number generator with the specified value\&.
.RE
.PP
\-n numops
.RS 4
Set the number of operations to perform\&.
.RE
.PP
\-a
.RS 4
Print the operations that are performed\&.
.RE
.PP
\-M max_protocol
.RS 4
Maximum protocol to use\&.
.RE
.PP
\-f
.RS 4
Specify characters that can be used when generating file names\&. Default: abcdefghijklm\&.
.RE
.PP
\-E
.RS 4
Abort when difference in behaviour is found\&.
.RE
.PP
\-m maskchars
.RS 4
Specify characters used for wildcards\&.
.RE
.PP
\-v
.RS 4
Be verbose
.RE
.SH "VERSION"
.PP
This man page is correct for version 4\&.0 of the Samba suite\&.
.SH "SEE ALSO"
.PP
Samba
.SH "AUTHOR"
.PP
This utility is part of the
\m[blue]\fBSamba\fR\m[]\&\s-2\u[1]\d\s+2
suite, which is developed by the global
\m[blue]\fBSamba Team\fR\m[]\&\s-2\u[2]\d\s+2\&.
.PP
masktest was written by Andrew Tridgell\&.
.PP
This manpage was written by Jelmer Vernooij\&.
.SH "NOTES"
.IP " 1." 4
Samba
.RS 4
\%http://www.samba.org/
.RE
.IP " 2." 4
Samba Team
.RS 4
\%http://www.samba.org/samba/team/
.RE




'\" t
.\"     Title: mdfind
.\"    Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\"      Date: 09/23/2020
.\"    Manual: User Commands
.\"    Source: Samba 4.12.7
.\"  Language: English
.\"
.TH "MDFIND" "1" "09/23/2020" "Samba 4\&.12\&.7" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
mdfind \- Run Spotlight searches against an SMB server
.SH "SYNOPSIS"
.HP \w'\ 'u
mvxattr {server} {sharename} {query} [\-p,\ \-\-path] [\-L,\ \-\-live]
.SH "DESCRIPTION"
.PP
This tool is part of the
\fBsamba\fR(1)
suite\&.
.PP
mdfind is a simple utility to run Spotlight searches against an SMB server that runs the Spotlight
\fImdssvc\fR
RPC service\&.
.SH "OPTIONS"
.PP
server
.RS 4
The SMB server name or IP address to connect to\&.
.RE
.PP
sharename
.RS 4
The name of a share on the server\&.
.RE
.PP
query
.RS 4
The query expression syntax is a simplified form of filename globbing familiar to shell users\&. Queries have the following format:
.sp
attribute=="value"
.sp
For queries against a Samba server with Spotlight enabled using the Elasticsearch backend, the list of supported metadata attributes is given by the JSON attribute mapping file, typically installed at
/usr/share/samba/mdssvc/elasticsearch_mappings\&.json
.RE
.PP
\-p PATH, \-\-path=PATH
.RS 4
Server side path to search, defaults to
\fI"/"\fR
.RE
.PP
\-L, \-\-live
.RS 4
Query remains running\&.
.RE
.SH "EXAMPLES"
.PP
Search all indexed metadata attributes, exact match:
.sp
.if n \{\
.RS 4
.\}
.nf
      \*(Aq*=="Samba"\*(Aq

.fi
.if n \{\
.RE
.\}
.PP
Search all indexed metadata attributes, prefix match:
.sp
.if n \{\
.RS 4
.\}
.nf
      \*(Aq*=="Samba*"\*(Aq

.fi
.if n \{\
.RE
.\}
.PP
Search by filename:
.sp
.if n \{\
.RS 4
.\}
.nf
      \*(AqkMDItemFSName=="Samba*"\*(Aq

.fi
.if n \{\
.RE
.\}
.PP
Search by date:
.sp
.if n \{\
.RS 4
.\}
.nf
      \*(AqkMDItemFSContentChangeDate<$time\&.iso(2018\-10\-01T10:00:00Z)\*(Aq

.fi
.if n \{\
.RE
.\}
.PP
Search files\*(Aqs content:
.sp
.if n \{\
.RS 4
.\}
.nf
      \*(AqkMDItemTextContent=="Samba*"\*(Aq

.fi
.if n \{\
.RE
.\}
.PP
Expressions:
.sp
.if n \{\
.RS 4
.\}
.nf
      kMDItemFSName=="Samba*"||kMDItemTextContent=="Tango*"\*(Aq

.fi
.if n \{\
.RE
.\}
.SH "SEE ALSO"
.PP
File Metadata Search Programming Guide
https://developer\&.apple\&.com/library/archive/documentation/Carbon/Conceptual/SpotlightQuery/Concepts/Introduction\&.html
.SH "VERSION"
.PP
This man page is part of version 4\&.12\&.7 of the Samba suite\&.
.SH "AUTHOR"
.PP
The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
.PP
The mdfind manpage was written by Ralph Boehme\&.




'\" t
.\"     Title: ndrdump
.\"    Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\"      Date: 09/23/2020
.\"    Manual: System Administration tools
.\"    Source: Samba 4.0
.\"  Language: English
.\"
.TH "NDRDUMP" "1" "09/23/2020" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
ndrdump \- DCE/RPC Packet Parser and Dumper
.SH "SYNOPSIS"
.HP \w'\fBndrdump\fR\ 'u
\fBndrdump\fR [\-c\ context] {pipe} {format} {in|out|struct} {filename}
.HP \w'\fBndrdump\fR\ 'u
\fBndrdump\fR [pipe]
.HP \w'\fBndrdump\fR\ 'u
\fBndrdump\fR
.SH "DESCRIPTION"
.PP
ndrdump tries to parse the specified
\fIfilename\fR
using Samba\*(Aqs parser for the specified pipe and format\&. The third argument should be either
\fIin\fR,
\fIout\fR
or
\fIstruct\fRdepending on whether the data should be parsed as a request, reply or a public structure\&.
.PP
Running ndrdump without arguments will list the pipes for which parsers are available\&.
.PP
Running ndrdump with one argument will list the functions and public structures that Samba can parse for the specified pipe\&.
.PP
The primary function of ndrdump is debugging Samba\*(Aqs internal DCE/RPC parsing functions\&. The file being parsed is usually one exported by wiresharks
\(lqExport selected packet bytes\(rq
function\&.
.PP
The context argument can be used to load context data from the request packet when parsing reply packets (such as array lengths)\&.
.SH "VERSION"
.PP
This man page is correct for version 4\&.0 of the Samba suite\&.
.SH "SEE ALSO"
.PP
wireshark, pidl
.SH "AUTHOR"
.PP
This utility is part of the
\m[blue]\fBSamba\fR\m[]\&\s-2\u[1]\d\s+2
suite, which is developed by the global
\m[blue]\fBSamba Team\fR\m[]\&\s-2\u[2]\d\s+2\&.
.PP
ndrdump was written by Andrew Tridgell\&.
.PP
This manpage was written by Jelmer Vernooij\&.
.SH "NOTES"
.IP " 1." 4
Samba
.RS 4
\%http://www.samba.org/
.RE
.IP " 2." 4
Samba Team
.RS 4
\%http://www.samba.org/samba/team/
.RE




'\" t
.\"     Title: nmblookup
.\"    Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\"      Date: 09/23/2020
.\"    Manual: User Commands
.\"    Source: Samba 4.12.7
.\"  Language: English
.\"
.TH "NMBLOOKUP" "1" "09/23/2020" "Samba 4\&.12\&.7" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
nmblookup \- NetBIOS over TCP/IP client used to lookup NetBIOS names
.SH "SYNOPSIS"
.HP \w'\ 'u
nmblookup [\-M|\-\-master\-browser] [\-R|\-\-recursion] [\-S|\-\-status] [\-r|\-\-root\-port] [\-A|\-\-lookup\-by\-ip] [\-B|\-\-broadcast\ <broadcast\ address>] [\-U|\-\-unicast\ <unicast\ address>] [\-d\ <debug\ level>] [\-s\ <smb\ config\ file>] [\-i\ <NetBIOS\ scope>] [\-T|\-\-translate] [\-f|\-\-flags] {name}
.SH "DESCRIPTION"
.PP
This tool is part of the
\fBsamba\fR(7)
suite\&.
.PP
nmblookup
is used to query NetBIOS names and map them to IP addresses in a network using NetBIOS over TCP/IP queries\&. The options allow the name queries to be directed at a particular IP broadcast area or to a particular machine\&. All queries are done over UDP\&.
.SH "OPTIONS"
.PP
\-M|\-\-master\-browser
.RS 4
Searches for a master browser by looking up the NetBIOS
\fIname\fR
with a type of
\fB0x1d\fR\&. If
\fI name\fR
is "\-" then it does a lookup on the special name
\fB__MSBROWSE__\fR\&. Please note that in order to use the name "\-", you need to make sure "\-" isn\*(Aqt parsed as an argument, e\&.g\&. use :
\fBnmblookup \-M \-\- \-\fR\&.
.RE
.PP
\-R|\-\-recursion
.RS 4
Set the recursion desired bit in the packet to do a recursive lookup\&. This is used when sending a name query to a machine running a WINS server and the user wishes to query the names in the WINS server\&. If this bit is unset the normal (broadcast responding) NetBIOS processing code on a machine is used instead\&. See RFC1001, RFC1002 for details\&.
.RE
.PP
\-S|\-\-status
.RS 4
Once the name query has returned an IP address then do a node status query as well\&. A node status query returns the NetBIOS names registered by a host\&.
.RE
.PP
\-r|\-\-root\-port
.RS 4
Try and bind to UDP port 137 to send and receive UDP datagrams\&. The reason for this option is a bug in Windows 95 where it ignores the source port of the requesting packet and only replies to UDP port 137\&. Unfortunately, on most UNIX systems root privilege is needed to bind to this port, and in addition, if the
\fBnmbd\fR(8)
daemon is running on this machine it also binds to this port\&.
.RE
.PP
\-A|\-\-lookup\-by\-ip
.RS 4
Interpret
\fIname\fR
as an IP Address and do a node status query on this address\&.
.RE
.PP
\-n|\-\-netbiosname <primary NetBIOS name>
.RS 4
This option allows you to override the NetBIOS name that Samba uses for itself\&. This is identical to setting the
\m[blue]\fBnetbios name\fR\m[]
parameter in the
smb\&.conf
file\&. However, a command line setting will take precedence over settings in
smb\&.conf\&.
.RE
.PP
\-i|\-\-scope <scope>
.RS 4
This specifies a NetBIOS scope that
nmblookup
will use to communicate with when generating NetBIOS names\&. For details on the use of NetBIOS scopes, see rfc1001\&.txt and rfc1002\&.txt\&. NetBIOS scopes are
\fIvery\fR
rarely used, only set this parameter if you are the system administrator in charge of all the NetBIOS systems you communicate with\&.
.RE
.PP
\-W|\-\-workgroup=domain
.RS 4
Set the SMB domain of the username\&. This overrides the default domain which is the domain defined in smb\&.conf\&. If the domain specified is the same as the servers NetBIOS name, it causes the client to log on using the servers local SAM (as opposed to the Domain SAM)\&.
.RE
.PP
\-O|\-\-socket\-options socket options
.RS 4
TCP socket options to set on the client socket\&. See the socket options parameter in the
smb\&.conf
manual page for the list of valid options\&.
.RE
.PP
\-?|\-\-help
.RS 4
Print a summary of command line options\&.
.RE
.PP
\-\-usage
.RS 4
Display brief usage message\&.
.RE
.PP
\-B|\-\-broadcast <broadcast address>
.RS 4
Send the query to the given broadcast address\&. Without this option the default behavior of nmblookup is to send the query to the broadcast address of the network interfaces as either auto\-detected or defined in the
\fIinterfaces\fR
parameter of the
\fBsmb.conf\fR(5)
file\&.
.RE
.PP
\-U|\-\-unicast <unicast address>
.RS 4
Do a unicast query to the specified address or host
\fIunicast address\fR\&. This option (along with the
\fI\-R\fR
option) is needed to query a WINS server\&.
.RE
.PP
\-d|\-\-debuglevel=level
.RS 4
\fIlevel\fR
is an integer from 0 to 10\&. The default value if this parameter is not specified is 0\&.
.sp
The higher this value, the more detail will be logged to the log files about the activities of the server\&. At level 0, only critical errors and serious warnings will be logged\&. Level 1 is a reasonable level for day\-to\-day running \- it generates a small amount of information about operations carried out\&.
.sp
Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&.
.sp
Note that specifying this parameter here will override the
\m[blue]\fBlog level\fR\m[]
parameter in the
smb\&.conf
file\&.
.RE
.PP
\-V|\-\-version
.RS 4
Prints the program version number\&.
.RE
.PP
\-s|\-\-configfile=<configuration file>
.RS 4
The file specified contains the configuration details required by the server\&. The information in this file includes server\-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See
smb\&.conf
for more information\&. The default configuration file name is determined at compile time\&.
.RE
.PP
\-l|\-\-log\-basename=logdirectory
.RS 4
Base directory name for log/debug files\&. The extension
\fB"\&.progname"\fR
will be appended (e\&.g\&. log\&.smbclient, log\&.smbd, etc\&.\&.\&.)\&. The log file is never removed by the client\&.
.RE
.PP
\-\-option=<name>=<value>
.RS 4
Set the
\fBsmb.conf\fR(5)
option "<name>" to value "<value>" from the command line\&. This overrides compiled\-in defaults and options read from the configuration file\&.
.RE
.PP
\-T|\-\-translate
.RS 4
This causes any IP addresses found in the lookup to be looked up via a reverse DNS lookup into a DNS name, and printed out before each
.sp
\fIIP address \&.\&.\&.\&. NetBIOS name\fR
.sp
pair that is the normal output\&.
.RE
.PP
\-f|\-\-flags
.RS 4
Show which flags apply to the name that has been looked up\&. Possible answers are zero or more of: Response, Authoritative, Truncated, Recursion_Desired, Recursion_Available, Broadcast\&.
.RE
.PP
name
.RS 4
This is the NetBIOS name being queried\&. Depending upon the previous options this may be a NetBIOS name or IP address\&. If a NetBIOS name then the different name types may be specified by appending \*(Aq#<type>\*(Aq to the name\&. This name may also be \*(Aq*\*(Aq, which will return all registered names within a broadcast area\&.
.RE
.SH "EXAMPLES"
.PP
nmblookup
can be used to query a WINS server (in the same way
nslookup
is used to query DNS servers)\&. To query a WINS server,
nmblookup
must be called like this:
.PP
nmblookup \-U server \-R \*(Aqname\*(Aq
.PP
For example, running :
.PP
nmblookup \-U samba\&.org \-R \*(AqIRIX#1B\*(Aq
.PP
would query the WINS server samba\&.org for the domain master browser (1B name type) for the IRIX workgroup\&.
.SH "VERSION"
.PP
This man page is part of version 4\&.12\&.7 of the Samba suite\&.
.SH "SEE ALSO"
.PP
\fBnmbd\fR(8),
\fBsamba\fR(7), and
\fBsmb.conf\fR(5)\&.
.SH "AUTHOR"
.PP
The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.




'\" t
.\"     Title: nmblookup4
.\"    Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
.\"      Date: 03/24/2017
.\"    Manual: User Commands
.\"    Source: Samba 3.2
.\"  Language: English
.\"
.TH "NMBLOOKUP4" "1" "03/24/2017" "Samba 3\&.2" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
nmblookup4 \- NetBIOS over TCP/IP client used to lookup NetBIOS names
.SH "SYNOPSIS"
.HP \w'\fBnmblookup4\fR\ 'u
\fBnmblookup4\fR [\-M] [\-R] [\-S] [\-r] [\-A] [\-h] [\-B\ <broadcast\ address>] [\-U\ <unicast\ address>] [\-d\ <debug\ level>] [\-s\ <smb\ config\ file>] [\-i\ <NetBIOS\ scope>] [\-T] [\-f] {name}
.SH "DESCRIPTION"
.PP
This tool is part of the
\fBsamba\fR(7)
suite\&.
.PP
\fBnmblookup4\fR
is used to query NetBIOS names and map them to IP addresses in a network using NetBIOS over TCP/IP queries\&. The options allow the name queries to be directed at a particular IP broadcast area or to a particular machine\&. All queries are done over UDP\&.
.SH "OPTIONS"
.PP
\-M
.RS 4
Searches for a master browser by looking up the NetBIOS
\fIname\fR
with a type of
\fB0x1d\fR\&. If
\fI name\fR
is "\-" then it does a lookup on the special name
\fB__MSBROWSE__\fR\&. Please note that in order to use the name "\-", you need to make sure "\-" isn\*(Aqt parsed as an argument, e\&.g\&. use :
\fBnmblookup4 \-M \-\- \-\fR\&.
.RE
.PP
\-R
.RS 4
Set the recursion desired bit in the packet to do a recursive lookup\&. This is used when sending a name query to a machine running a WINS server and the user wishes to query the names in the WINS server\&. If this bit is unset the normal (broadcast responding) NetBIOS processing code on a machine is used instead\&. See RFC1001, RFC1002 for details\&.
.RE
.PP
\-S
.RS 4
Once the name query has returned an IP address then do a node status query as well\&. A node status query returns the NetBIOS names registered by a host\&.
.RE
.PP
\-r
.RS 4
Try and bind to UDP port 137 to send and receive UDP datagrams\&. The reason for this option is a bug in Windows 95 where it ignores the source port of the requesting packet and only replies to UDP port 137\&. Unfortunately, on most UNIX systems root privilege is needed to bind to this port, and in addition, if the
\fBnmbd\fR(8)
daemon is running on this machine it also binds to this port\&.
.RE
.PP
\-A
.RS 4
Interpret
\fIname\fR
as an IP Address and do a node status query on this address\&.
.RE
.PP
\-B <broadcast address>
.RS 4
Send the query to the given broadcast address\&. Without this option the default behavior of nmblookup4 is to send the query to the broadcast address of the network interfaces as either auto\-detected or defined in the
\m[blue]\fB\fIinterfaces\fR\fR\m[]\&\s-2\u[1]\d\s+2
parameter of the
\fBsmb.conf\fR(5)
file\&.
.RE
.PP
\-U <unicast address>
.RS 4
Do a unicast query to the specified address or host
\fIunicast address\fR\&. This option (along with the
\fI\-R\fR
option) is needed to query a WINS server\&.
.RE
.PP
\-T
.RS 4
This causes any IP addresses found in the lookup to be looked up via a reverse DNS lookup into a DNS name, and printed out before each
.sp
\fIIP address \&.\&.\&.\&. NetBIOS name\fR
.sp
pair that is the normal output\&.
.RE
.PP
\-f
.RS 4
Show which flags apply to the name that has been looked up\&. Possible answers are zero or more of: Response, Authoritative, Truncated, Recursion_Desired, Recursion_Available, Broadcast\&.
.RE
.PP
name
.RS 4
This is the NetBIOS name being queried\&. Depending upon the previous options this may be a NetBIOS name or IP address\&. If a NetBIOS name then the different name types may be specified by appending \*(Aq#<type>\*(Aq to the name\&. This name may also be \*(Aq*\*(Aq, which will return all registered names within a broadcast area\&.
.RE
.SH "EXAMPLES"
.PP
\fBnmblookup4\fR
can be used to query a WINS server (in the same way
\fBnslookup\fR
is used to query DNS servers)\&. To query a WINS server,
\fBnmblookup4\fR
must be called like this:
.PP
\fBnmblookup4 \-U server \-R \*(Aqname\*(Aq\fR
.PP
For example, running :
.PP
\fBnmblookup4 \-U samba\&.org \-R \*(AqIRIX#1B\*(Aq\fR
.PP
would query the WINS server samba\&.org for the domain master browser (1B name type) for the IRIX workgroup\&.
.SH "VERSION"
.PP
This man page is correct for version 3 of the Samba suite\&.
.SH "SEE ALSO"
.PP
\fBnmbd\fR(8),
\fBsamba\fR(7), and
\fBsmb.conf\fR(5)\&.
.SH "AUTHOR"
.PP
The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
.PP
The original Samba man pages were written by Karl Auer\&. The man page sources were converted to YODL format (another excellent piece of Open Source software, available at
\m[blue]\fBftp://ftp\&.icce\&.rug\&.nl/pub/unix/\fR\m[]\&\s-2\u[2]\d\s+2) and updated for the Samba 2\&.0 release by Jeremy Allison\&. The conversion to DocBook for Samba 2\&.2 was done by Gerald Carter\&. The conversion to DocBook XML 4\&.2 for Samba 3\&.0 was done by Alexander Bokovoy\&.
.SH "NOTES"
.IP " 1." 4
\fIinterfaces\fR

.RS 4
\%[set $man.base.url.for.relative.links]/smb.conf.5.html#INTERFACES
.RE
.IP " 2." 4
ftp://ftp.icce.rug.nl/pub/unix/
.RS 4
\%ftp://ftp.icce.rug.nl/pub/unix/
.RE




'\" t
.\"     Title: ntlm_auth
.\"    Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\"      Date: 09/23/2020
.\"    Manual: User Commands
.\"    Source: Samba 4.12.7
.\"  Language: English
.\"
.TH "NTLM_AUTH" "1" "09/23/2020" "Samba 4\&.12\&.7" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
ntlm_auth \- tool to allow external access to Winbind\*(Aqs NTLM authentication function
.SH "SYNOPSIS"
.HP \w'\ 'u
ntlm_auth
.SH "DESCRIPTION"
.PP
This tool is part of the
\fBsamba\fR(7)
suite\&.
.PP
ntlm_auth
is a helper utility that authenticates users using NT/LM authentication\&. It returns 0 if the users is authenticated successfully and 1 if access was denied\&. ntlm_auth uses winbind to access the user and authentication data for a domain\&. This utility is only intended to be used by other programs (currently
Squid
and
mod_ntlm_winbind)
.SH "OPERATIONAL REQUIREMENTS"
.PP
The
\fBwinbindd\fR(8)
daemon must be operational for many of these commands to function\&.
.PP
Some of these commands also require access to the directory
winbindd_privileged
in
$LOCKDIR\&. This should be done either by running this command as root or providing group access to the
winbindd_privileged
directory\&. For security reasons, this directory should not be world\-accessable\&.
.SH "OPTIONS"
.PP
\-\-helper\-protocol=PROTO
.RS 4
Operate as a stdio\-based helper\&. Valid helper protocols are:
.PP
squid\-2\&.4\-basic
.RS 4
Server\-side helper for use with Squid 2\&.4\*(Aqs basic (plaintext) authentication\&.
.RE
.PP
squid\-2\&.5\-basic
.RS 4
Server\-side helper for use with Squid 2\&.5\*(Aqs basic (plaintext) authentication\&.
.RE
.PP
squid\-2\&.5\-ntlmssp
.RS 4
Server\-side helper for use with Squid 2\&.5\*(Aqs NTLMSSP authentication\&.
.sp
Requires access to the directory
winbindd_privileged
in
$LOCKDIR\&. The protocol used is described here:
http://devel\&.squid\-cache\&.org/ntlm/squid_helper_protocol\&.html\&. This protocol has been extended to allow the NTLMSSP Negotiate packet to be included as an argument to the
YR
command\&. (Thus avoiding loss of information in the protocol exchange)\&.
.RE
.PP
ntlmssp\-client\-1
.RS 4
Client\-side helper for use with arbitrary external programs that may wish to use Samba\*(Aqs NTLMSSP authentication knowledge\&.
.sp
This helper is a client, and as such may be run by any user\&. The protocol used is effectively the reverse of the previous protocol\&. A
YR
command (without any arguments) starts the authentication exchange\&.
.RE
.PP
gss\-spnego
.RS 4
Server\-side helper that implements GSS\-SPNEGO\&. This uses a protocol that is almost the same as
squid\-2\&.5\-ntlmssp, but has some subtle differences that are undocumented outside the source at this stage\&.
.sp
Requires access to the directory
winbindd_privileged
in
$LOCKDIR\&.
.RE
.PP
gss\-spnego\-client
.RS 4
Client\-side helper that implements GSS\-SPNEGO\&. This also uses a protocol similar to the above helpers, but is currently undocumented\&.
.RE
.PP
ntlm\-server\-1
.RS 4
Server\-side helper protocol, intended for use by a RADIUS server or the \*(Aqwinbind\*(Aq plugin for pppd, for the provision of MSCHAP and MSCHAPv2 authentication\&.
.sp
This protocol consists of lines in the form:
Parameter: value
and
Parameter:: Base64\-encode value\&. The presence of a single period
\&.
indicates that one side has finished supplying data to the other\&. (Which in turn could cause the helper to authenticate the user)\&.
.sp
Currently implemented parameters from the external program to the helper are:
.PP
Username
.RS 4
The username, expected to be in Samba\*(Aqs
\m[blue]\fBunix charset\fR\m[]\&.
.PP
Examples:
.RS 4
Username: bob
.sp
Username:: Ym9i
.RE
.RE
.PP
NT\-Domain
.RS 4
The user\*(Aqs domain, expected to be in Samba\*(Aqs
\m[blue]\fBunix charset\fR\m[]\&.
.PP
Examples:
.RS 4
NT\-Domain: WORKGROUP
.sp
NT\-Domain:: V09SS0dST1VQ
.RE
.RE
.PP
Full\-Username
.RS 4
The fully qualified username, expected to be in Samba\*(Aqs
\m[blue]\fBunix charset\fR\m[]
and qualified with the
\m[blue]\fBwinbind separator\fR\m[]\&.
.PP
Examples:
.RS 4
Full\-Username: WORKGROUP\ebob
.sp
Full\-Username:: V09SS0dST1VQYm9i
.RE
.RE
.PP
LANMAN\-Challenge
.RS 4
The 8 byte
LANMAN Challenge
value, generated randomly by the server, or (in cases such as MSCHAPv2) generated in some way by both the server and the client\&.
.PP
Examples:
.RS 4
LANMAN\-Challenge: 0102030405060708
.RE
.RE
.PP
LANMAN\-Response
.RS 4
The 24 byte
LANMAN Response
value, calculated from the user\*(Aqs password and the supplied
LANMAN Challenge\&. Typically, this is provided over the network by a client wishing to authenticate\&.
.PP
Examples:
.RS 4
LANMAN\-Response: 0102030405060708090A0B0C0D0E0F101112131415161718
.RE
.RE
.PP
NT\-Response
.RS 4
The >= 24 byte
NT Response
calculated from the user\*(Aqs password and the supplied
LANMAN Challenge\&. Typically, this is provided over the network by a client wishing to authenticate\&.
.PP
Examples:
.RS 4
NT\-Response: 0102030405060708090A0B0C0D0E0F10111213141516171
.RE
.RE
.PP
Password
.RS 4
The user\*(Aqs password\&. This would be provided by a network client, if the helper is being used in a legacy situation that exposes plaintext passwords in this way\&.
.PP
Examples:
.RS 4
Password: samba2
.sp
Password:: c2FtYmEy
.RE
.RE
.PP
Request\-User\-Session\-Key
.RS 4
Upon successful authentication, return the user session key associated with the login\&.
.PP
Examples:
.RS 4
Request\-User\-Session\-Key: Yes
.RE
.RE
.PP
Request\-LanMan\-Session\-Key
.RS 4
Upon successful authentication, return the LANMAN session key associated with the login\&.
.PP
Examples:
.RS 4
Request\-LanMan\-Session\-Key: Yes
.RE
.RE
.RE
.sp
.if n \{\
.sp
.\}
.RS 4
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBWarning\fR
.ps -1
.br
Implementers should take care to base64 encode any data (such as usernames/passwords) that may contain malicious user data, such as a newline\&. They may also need to decode strings from the helper, which likewise may have been base64 encoded\&.
.sp .5v
.RE
.RE
.PP
\-\-username=USERNAME
.RS 4
Specify username of user to authenticate
.RE
.PP
\-\-domain=DOMAIN
.RS 4
Specify domain of user to authenticate
.RE
.PP
\-\-workstation=WORKSTATION
.RS 4
Specify the workstation the user authenticated from
.RE
.PP
\-\-challenge=STRING
.RS 4
NTLM challenge (in HEXADECIMAL)
.RE
.PP
\-\-lm\-response=RESPONSE
.RS 4
LM Response to the challenge (in HEXADECIMAL)
.RE
.PP
\-\-nt\-response=RESPONSE
.RS 4
NT or NTLMv2 Response to the challenge (in HEXADECIMAL)
.RE
.PP
\-\-password=PASSWORD
.RS 4
User\*(Aqs plaintext password
.sp
If not specified on the command line, this is prompted for when required\&.
.sp
For the NTLMSSP based server roles, this parameter specifies the expected password, allowing testing without winbindd operational\&.
.RE
.PP
\-\-request\-lm\-key
.RS 4
Retrieve LM session key
.RE
.PP
\-\-request\-nt\-key
.RS 4
Request NT key
.RE
.PP
\-\-diagnostics
.RS 4
Perform Diagnostics on the authentication chain\&. Uses the password from
\-\-password
or prompts for one\&.
.RE
.PP
\-\-require\-membership\-of={SID|Name}
.RS 4
Require that a user be a member of specified group (either name or SID) for authentication to succeed\&.
.RE
.PP
\-\-pam\-winbind\-conf=FILENAME
.RS 4
Define the path to the pam_winbind\&.conf file\&.
.RE
.PP
\-\-target\-hostname=HOSTNAME
.RS 4
Define the target hostname\&.
.RE
.PP
\-\-target\-service=SERVICE
.RS 4
Define the target service\&.
.RE
.PP
\-\-use\-cached\-creds
.RS 4
Whether to use credentials cached by winbindd\&.
.RE
.PP
\-\-allow\-mschapv2
.RS 4
Explicitly allow MSCHAPv2\&.
.RE
.PP
\-\-offline\-logon
.RS 4
Allow offline logons for plain text auth\&.
.RE
.PP
\-\-configfile=<configuration file>
.RS 4
The file specified contains the configuration details required by the server\&. The information in this file includes server\-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See
smb\&.conf
for more information\&. The default configuration file name is determined at compile time\&.
.RE
.PP
\-V|\-\-version
.RS 4
Prints the program version number\&.
.RE
.PP
\-?|\-\-help
.RS 4
Print a summary of command line options\&.
.RE
.PP
\-\-usage
.RS 4
Display brief usage message\&.
.RE
.SH "EXAMPLE SETUP"
.PP
To setup ntlm_auth for use by squid 2\&.5, with both basic and NTLMSSP authentication, the following should be placed in the
squid\&.conf
file\&.
.sp
.if n \{\
.RS 4
.\}
.nf
auth_param ntlm program ntlm_auth \-\-helper\-protocol=squid\-2\&.5\-ntlmssp
auth_param basic program ntlm_auth \-\-helper\-protocol=squid\-2\&.5\-basic
auth_param basic children 5
auth_param basic realm Squid proxy\-caching web server
auth_param basic credentialsttl 2 hours
.fi
.if n \{\
.RE
.\}
.if n \{\
.sp
.\}
.RS 4
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBNote\fR
.ps -1
.br
.PP
This example assumes that ntlm_auth has been installed into your path, and that the group permissions on
winbindd_privileged
are as described above\&.
.sp .5v
.RE
.PP
To setup ntlm_auth for use by squid 2\&.5 with group limitation in addition to the above example, the following should be added to the
squid\&.conf
file\&.
.sp
.if n \{\
.RS 4
.\}
.nf
auth_param ntlm program ntlm_auth \-\-helper\-protocol=squid\-2\&.5\-ntlmssp \-\-require\-membership\-of=\*(AqWORKGROUP\eDomain Users\*(Aq
auth_param basic program ntlm_auth \-\-helper\-protocol=squid\-2\&.5\-basic \-\-require\-membership\-of=\*(AqWORKGROUP\eDomain Users\*(Aq
.fi
.if n \{\
.RE
.\}
.SH "TROUBLESHOOTING"
.PP
If you\*(Aqre experiencing problems with authenticating Internet Explorer running under MS Windows 9X or Millennium Edition against ntlm_auth\*(Aqs NTLMSSP authentication helper (\-\-helper\-protocol=squid\-2\&.5\-ntlmssp), then please read
the Microsoft Knowledge Base article #239869 and follow instructions described there\&.
.SH "VERSION"
.PP
This man page is part of version 4\&.12\&.7 of the Samba suite\&.
.SH "AUTHOR"
.PP
The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
.PP
The ntlm_auth manpage was written by Jelmer Vernooij and Andrew Bartlett\&.




'\" t
.\"     Title: ntlm_auth4
.\"    Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
.\"      Date: 03/24/2017
.\"    Manual: User Commands
.\"    Source: Samba 4.0
.\"  Language: English
.\"
.TH "NTLM_AUTH4" "1" "03/24/2017" "Samba 4\&.0" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
ntlm_auth4 \- tool to allow external access to Winbind\*(Aqs NTLM authentication function
.SH "SYNOPSIS"
.HP \w'\fBntlm_auth4\fR\ 'u
\fBntlm_auth4\fR [\-d\ debuglevel] [\-l\ logdir] [\-s\ <smb\ config\ file>]
.SH "DESCRIPTION"
.PP
This tool is part of the
\fBsamba\fR(7)
suite\&.
.PP
\fBntlm_auth4\fR
is a helper utility that authenticates users using NT/LM authentication\&. It returns 0 if the users is authenticated successfully and 1 if access was denied\&. ntlm_auth4 uses winbind to access the user and authentication data for a domain\&. This utility is only indended to be used by other programs (currently squid)\&.
.SH "OPERATIONAL REQUIREMENTS"
.PP
The
\fBwinbindd\fR(8)
daemon must be operational for many of these commands to function\&.
.PP
Some of these commands also require access to the directory
winbindd_privileged
in
$LOCKDIR\&. This should be done either by running this command as root or providing group access to the
winbindd_privileged
directory\&. For security reasons, this directory should not be world\-accessable\&.
.SH "OPTIONS"
.PP
\-\-helper\-protocol=PROTO
.RS 4
Operate as a stdio\-based helper\&. Valid helper protocols are:
.PP
squid\-2\&.4\-basic
.RS 4
Server\-side helper for use with Squid 2\&.4\*(Aqs basic (plaintext) authentication\&.
.RE
.PP
squid\-2\&.5\-basic
.RS 4
Server\-side helper for use with Squid 2\&.5\*(Aqs basic (plaintext) authentication\&.
.RE
.PP
squid\-2\&.5\-ntlmssp
.RS 4
Server\-side helper for use with Squid 2\&.5\*(Aqs NTLMSSP authentication\&.
.sp
Requires access to the directory
winbindd_privileged
in
$LOCKDIR\&. The protocol used is described here:
\m[blue]\fBhttp://devel\&.squid\-cache\&.org/ntlm/squid_helper_protocol\&.html\fR\m[]
.RE
.PP
ntlmssp\-client\-1
.RS 4
Cleint\-side helper for use with arbitary external programs that may wish to use Samba\*(Aqs NTLMSSP authentication knowlege\&.
.sp
This helper is a client, and as such may be run by any user\&. The protocol used is effectivly the reverse of the previous protocol\&.
.RE
.PP
gss\-spnego
.RS 4
Server\-side helper that implements GSS\-SPNEGO\&. This uses a protocol that is almost the same as
\fBsquid\-2\&.5\-ntlmssp\fR, but has some subtle differences that are undocumented outside the source at this stage\&.
.sp
Requires access to the directory
winbindd_privileged
in
$LOCKDIR\&.
.RE
.PP
gss\-spnego\-client
.RS 4
Client\-side helper that implements GSS\-SPNEGO\&. This also uses a protocol similar to the above helpers, but is currently undocumented\&.
.RE
.RE
.PP
\-\-username=USERNAME
.RS 4
Specify username of user to authenticate
.RE
.PP
\-\-domain=DOMAIN
.RS 4
Specify domain of user to authenticate
.RE
.PP
\-\-workstation=WORKSTATION
.RS 4
Specify the workstation the user authenticated from
.RE
.PP
\-\-challenge=STRING
.RS 4
NTLM challenge (in HEXADECIMAL)
.RE
.PP
\-\-lm\-response=RESPONSE
.RS 4
LM Response to the challenge (in HEXADECIMAL)
.RE
.PP
\-\-nt\-response=RESPONSE
.RS 4
NT or NTLMv2 Response to the challenge (in HEXADECIMAL)
.RE
.PP
\-\-password=PASSWORD
.RS 4
User\*(Aqs plaintext password
.sp
If not specified on the command line, this is prompted for when required\&.
.RE
.PP
\-\-request\-lm\-key
.RS 4
Retrieve LM session key
.RE
.PP
\-\-request\-nt\-key
.RS 4
Request NT key
.RE
.PP
\-\-diagnostics
.RS 4
Perform Diagnostics on the authentication chain\&. Uses the password from
\fB\-\-password\fR
or prompts for one\&.
.RE
.PP
\-\-require\-membership\-of={SID|Name}
.RS 4
Require that a user be a member of specified group (either name or SID) for authentication to succeed\&.
.RE
.SH "EXAMPLE SETUP"
.PP
To setup ntlm_auth4 for use by squid 2\&.5, with both basic and NTLMSSP authentication, the following should be placed in the
squid\&.conf
file\&.
.sp
.if n \{\
.RS 4
.\}
.nf
auth_param ntlm program ntlm_auth4 \-\-helper\-protocol=squid\-2\&.5\-ntlmssp
auth_param basic program ntlm_auth4 \-\-helper\-protocol=squid\-2\&.5\-basic
auth_param basic children 5
auth_param basic realm Squid proxy\-caching web server
auth_param basic credentialsttl 2 hours
.fi
.if n \{\
.RE
.\}
.if n \{\
.sp
.\}
.RS 4
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBNote\fR
.ps -1
.br
.PP
This example assumes that ntlm_auth4 has been installed into your path, and that the group permissions on
winbindd_privileged
are as described above\&.
.sp .5v
.RE
.PP
To setup ntlm_auth4 for use by squid 2\&.5 with group limitation in addition to the above example, the following should be added to the
squid\&.conf
file\&.
.sp
.if n \{\
.RS 4
.\}
.nf
auth_param ntlm program ntlm_auth4 \-\-helper\-protocol=squid\-2\&.5\-ntlmssp \-\-require\-membership\-of=\*(AqWORKGROUP\eDomain Users\*(Aq
auth_param basic program ntlm_auth4 \-\-helper\-protocol=squid\-2\&.5\-basic \-\-require\-membership\-of=\*(AqWORKGROUP\eDomain Users\*(Aq
.fi
.if n \{\
.RE
.\}
.SH "TROUBLESHOOTING"
.PP
If you\*(Aqre experiencing problems with authenticating Internet Explorer running under MS Windows 9X or Millenium Edition against ntlm_auth4\*(Aqs NTLMSSP authentication helper (\-\-helper\-protocol=squid\-2\&.5\-ntlmssp), then please read
\m[blue]\fBthe Microsoft Knowledge Base article #239869 and follow instructions described there\fR\m[]\&\s-2\u[1]\d\s+2\&.
.SH "VERSION"
.PP
This man page is correct for version 3\&.0 of the Samba suite\&.
.SH "AUTHOR"
.PP
The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
.PP
The ntlm_auth4 manpage was written by Jelmer Vernooij and Andrew Bartlett\&.
.SH "NOTES"
.IP " 1." 4
the Microsoft Knowledge Base article #239869 and follow instructions described there
.RS 4
\%http://support.microsoft.com/support/kb/articles/Q239/8/69.ASP
.RE

Added Link Here

(-)b/net/samba415/files/man/oLschema2ldif.1 (+74 lines)
1	'\" t
2	.\" Title: oLschema2ldif
3	.\" Author: [see the "AUTHOR" section]
4	.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
5	.\" Date: 09/23/2020
6	.\" Manual: System Administration tools
7	.\" Source: Samba 4.0
8	.\" Language: English
9	.\"
10	.TH "OLSCHEMA2LDIF" "1" "09/23/2020" "Samba 4\&.0" "System Administration tools"
11	.\" -----------------------------------------------------------------
12	.\" * Define some portability stuff
13	.\" -----------------------------------------------------------------
14	.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
15	.\" http://bugs.debian.org/507673
16	.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
17	.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
18	.ie \n(.g .ds Aq \(aq
19	.el .ds Aq '
20	.\" -----------------------------------------------------------------
21	.\" * set default formatting
22	.\" -----------------------------------------------------------------
23	.\" disable hyphenation
24	.nh
25	.\" disable justification (adjust text to left margin only)
26	.ad l
27	.\" -----------------------------------------------------------------
28	.\" * MAIN CONTENT STARTS HERE *
29	.\" -----------------------------------------------------------------
30	.SH "NAME"
31	oLschema2ldif \- Converts LDAP schema\*(Aqs to LDB\-compatible LDIF
32	.SH "SYNOPSIS"
33	.HP \w'\fBoLschema2ldif\fR\ 'u
34	\fBoLschema2ldif\fR [\-I\ INPUT\-FILE] [\-O\ OUTPUT\-FILE]
35	.SH "DESCRIPTION"
36	.PP
37	oLschema2ldif is a simple tool that converts standard OpenLDAP schema files to a LDIF format that is understood by LDB\&.
38	.SH "OPTIONS"
39	.PP
40	\-I input\-file
41	.RS 4
42	OpenLDAP schema to read\&. If none are specified, the schema file will be read from standard input\&.
43	.RE
44	.PP
45	\-O output\-file
46	.RS 4
47	File to write ldif version of schema to\&.
48	.RE
49	.SH "VERSION"
50	.PP
51	This man page is correct for version 4\&.0 of the Samba suite\&.
52	.SH "SEE ALSO"
53	.PP
54	ldb(7), ldbmodify, ldbdel, ldif(5)
55	.SH "AUTHOR"
56	.PP
57	ldb was written by
58	\m[blue]\fBAndrew Tridgell\fR\m[]\&\s-2\u[1]\d\s+2\&. oLschema2ldif was written by
59	\m[blue]\fBSimo Sorce\fR\m[]\&\s-2\u[2]\d\s+2\&.
60	.PP
61	If you wish to report a problem or make a suggestion then please see the
62	\m[blue]\fB\%http://ldb.samba.org/\fR\m[]
63	web site for current contact and maintainer information\&.
64	.SH "NOTES"
65	.IP " 1." 4
66	Andrew Tridgell
67	.RS 4
68	\%https://www.samba.org/~tridge/
69	.RE
70	.IP " 2." 4
71	Simo Sorce
72	.RS 4
73	\%mailto:idra@samba.org
74	.RE




'\" t
.\"     Title: onnode
.\"    Author:
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\"      Date: 09/23/2020
.\"    Manual: CTDB - clustered TDB database
.\"    Source: ctdb
.\"  Language: English
.\"
.TH "ONNODE" "1" "09/23/2020" "ctdb" "CTDB \- clustered TDB database"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
onnode \- run commands on CTDB cluster nodes
.SH "SYNOPSIS"
.HP \w'\fBonnode\fR\ 'u
\fBonnode\fR [\fIOPTION\fR...] {\fINODES\fR} {\fICOMMAND\fR}
.SH "DESCRIPTION"
.PP
onnode is a utility to run commands on a specific node of a CTDB cluster, or on all nodes\&.
.PP
\fINODES\fR
specifies which node(s) to run a command on\&. See section
NODES SPECIFICATION
for details\&.
.PP
\fICOMMAND\fR
can be any shell command\&. The onnode utility uses ssh or rsh to connect to the remote nodes and run the command\&.
.SH "OPTIONS"
.PP
\-c
.RS 4
Execute COMMAND in the current working directory on the specified nodes\&.
.RE
.PP
\-f \fIFILENAME\fR
.RS 4
Specify an alternative nodes FILENAME to use instead of the default\&. See the discussion of
/usr/local/etc/ctdb/nodes
in the FILES section for more details\&.
.RE
.PP
\-i
.RS 4
Keep standard input open, allowing data to be piped to onnode\&. Normally onnode closes stdin to avoid surprises when scripting\&. Note that this option is ignored when using
\fB\-p\fR
or if
\fBONNODE_SSH\fR
is set to anything other than "ssh"\&.
.RE
.PP
\-n
.RS 4
Allow nodes to be specified by name rather than node numbers\&. These nodes don\*(Aqt need to be listed in the nodes file\&. You can avoid the nodes file entirely by combining this with
\-f /dev/null\&.
.RE
.PP
\-p
.RS 4
Run COMMAND in parallel on the specified nodes\&. The default is to run COMMAND sequentially on each node\&.
.RE
.PP
\-P
.RS 4
Push files to nodes\&. Names of files to push are specified rather than the usual command\&. Quoting is fragile/broken \- filenames with whitespace in them are not supported\&.
.RE
.PP
\-q
.RS 4
Do not print node addresses\&. Normally, onnode prints informational node addresses if more than one node is specified\&. This overrides \-v\&.
.RE
.PP
\-v
.RS 4
Print node addresses even if only one node is specified\&. Normally, onnode prints informational node addresses when more than one node is specified\&.
.RE
.PP
\-h, \-\-help
.RS 4
Show a short usage guide\&.
.RE
.SH "NODES SPECIFICATION"
.PP
Nodes can be specified via numeric node numbers (from 0 to N\-1) or mnemonics\&. Multiple nodes are specified using lists of nodes, separated by commas, and ranges of numeric node numbers, separated by dashes\&. If nodes are specified multiple times then the command will be executed multiple times on those nodes\&. The order of nodes is significant\&.
.PP
The following mnemonics are available:
.PP
all
.RS 4
All nodes\&.
.RE
.PP
any
.RS 4
A node where ctdbd is running\&. This semi\-random but there is a bias towards choosing a low numbered node\&.
.RE
.PP
ok | healthy
.RS 4
All nodes that are not disconnected, banned, disabled or unhealthy\&.
.RE
.PP
con | connected
.RS 4
All nodes that are not disconnected\&.
.RE
.SH "EXAMPLES"
.PP
The following command would show the process ID of ctdbd on all nodes
.sp
.if n \{\
.RS 4
.\}
.nf
      onnode all ctdb getpid

.fi
.if n \{\
.RE
.\}
.PP
The following command would show the last 5 lines of log on each node, preceded by the node\*(Aqs hostname
.sp
.if n \{\
.RS 4
.\}
.nf
      onnode all "hostname; tail \-5 /var/log/log\&.ctdb"

.fi
.if n \{\
.RE
.\}
.PP
The following command would restart the ctdb service on all nodes, in parallel\&.
.sp
.if n \{\
.RS 4
.\}
.nf
      onnode \-p all service ctdb restart

.fi
.if n \{\
.RE
.\}
.PP
The following command would run \&./foo in the current working directory, in parallel, on nodes 0, 2, 3 and 4\&.
.sp
.if n \{\
.RS 4
.\}
.nf
      onnode \-c \-p 0,2\-4 \&./foo

.fi
.if n \{\
.RE
.\}
.SH "FILES"
.PP
/usr/local/etc/ctdb/nodes
.RS 4
Default file containing a list of each node\*(Aqs IP address or hostname\&.
.sp
As above, a file specified via the
\fB\-f\fR
is given precedence\&. If a relative path is specified and no corresponding file exists relative to the current directory then the file is also searched for in the CTDB configuration directory\&.
.sp
Otherwise the default is
/usr/local/etc/ctdb/nodes\&.
.RE
.PP
/usr/local/etc/ctdb/onnode\&.conf
.RS 4
If this file exists it is sourced by onnode\&. The main purpose is to allow the administrator to set
\fBONNODE_SSH\fR
to something other than "ssh"\&. In this case the \-t option is ignored\&.
.RE
.SH "SEE ALSO"
.PP
\fBctdb\fR(7),
\m[blue]\fB\%http://ctdb.samba.org/\fR\m[]
.SH "AUTHOR"
.br
.PP
This documentation was written by Andrew Tridgell, Martin Schwenke
.SH "COPYRIGHT"
.br
Copyright \(co 2007 Andrew Tridgell, Ronnie Sahlberg
.br
Copyright \(co 2008 Martin Schwenke
.br
.PP
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version\&.
.PP
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE\&. See the GNU General Public License for more details\&.
.PP
You should have received a copy of the GNU General Public License along with this program; if not, see
\m[blue]\fB\%http://www.gnu.org/licenses\fR\m[]\&.
.sp




'\" t
.\"     Title: ping_pong
.\"    Author:
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\"      Date: 09/23/2020
.\"    Manual: CTDB - clustered TDB database
.\"    Source: ctdb
.\"  Language: English
.\"
.TH "PING_PONG" "1" "09/23/2020" "ctdb" "CTDB \- clustered TDB database"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
ping_pong \- measures the ping\-pong byte range lock latency
.SH "SYNOPSIS"
.HP \w'\fBping_pong\fR\ 'u
\fBping_pong\fR {\-r | \-w | \-rw} [\-m] [\-c] {\fIFILENAME\fR} {\fINUM\-LOCKS\fR}
.SH "DESCRIPTION"
.PP
ping_pong measures the byte range lock latency\&. It is especially useful on a cluster of nodes sharing a common lock manager as it will give some indication of the lock manager\*(Aqs performance under stress\&.
.PP
FILENAME is a file on shared storage to use for byte range locking tests\&.
.PP
NUM\-LOCKS is the number of byte range locks, so needs to be (strictly) greater than the number of nodes in the cluster\&.
.SH "OPTIONS"
.PP
\-r
.RS 4
test read performance
.RE
.PP
\-w
.RS 4
test write performance
.RE
.PP
\-m
.RS 4
use mmap
.RE
.PP
\-c
.RS 4
validate the locks
.RE
.SH "EXAMPLES"
.PP
Testing lock coherence
.sp
.if n \{\
.RS 4
.\}
.nf
      ping_pong test\&.dat N

.fi
.if n \{\
.RE
.\}
.PP
Testing lock coherence with lock validation
.sp
.if n \{\
.RS 4
.\}
.nf
      ping_pong \-c test\&.dat N

.fi
.if n \{\
.RE
.\}
.PP
Testing IO coherence
.sp
.if n \{\
.RS 4
.\}
.nf
      ping_pong \-rw test\&.dat N

.fi
.if n \{\
.RE
.\}
.SH "SEE ALSO"
.PP
\fBctdb\fR(7),
\m[blue]\fB\%https://wiki.samba.org/index.php/Ping_pong\fR\m[]
.SH "AUTHOR"
.br
.PP
This documentation was written by Mathieu Parent
.SH "COPYRIGHT"
.br
Copyright \(co 2002 Andrew Tridgell
.br
.PP
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version\&.
.PP
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE\&. See the GNU General Public License for more details\&.
.PP
You should have received a copy of the GNU General Public License along with this program; if not, see
\m[blue]\fB\%http://www.gnu.org/licenses\fR\m[]\&.
.sp




'\" t
.\"     Title: regdiff
.\"    Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\"      Date: 09/23/2020
.\"    Manual: System Administration tools
.\"    Source: Samba 4.0
.\"  Language: English
.\"
.TH "REGDIFF" "1" "09/23/2020" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
regdiff \- Diff program for Windows registry files
.SH "SYNOPSIS"
.HP \w'\fBregdiff\fR\ 'u
\fBregdiff\fR [\-\-help] [\-\-backend=BACKEND] [\-\-credentials=CREDENTIALS] [location]
.SH "DESCRIPTION"
.PP
regdiff compares two Windows registry files key by key and value by value and generates a text file that contains the differences between the two files\&.
.PP
A file generated by regdiff can later be applied to a registry file by the regpatch utility\&.
.PP
regdiff and regpatch use the same file format as the regedit32\&.exe utility from Windows\&.
.SH "OPTIONS"
.PP
\-\-help
.RS 4
Show list of available options\&.
.RE
.PP
\-\-backend BACKEND
.RS 4
Name of backend to load\&. Possible values are: creg, regf, dir and rpc\&. The default is
\fIdir\fR\&.
.sp
This argument can be specified twice: once for the first registry file and once for the second\&.
.RE
.PP
\-\-credentials=CREDENTIALS
.RS 4
Credentials to use, if any\&. Password should be separated from user name by a percent sign\&.
.sp
This argument can be specified twice: once for the first registry file and once for the second\&.
.RE
.SH "VERSION"
.PP
This man page is correct for version 4\&.0 of the Samba suite\&.
.SH "SEE ALSO"
.PP
gregedit, regshell, regpatch, regtree, samba, patch, diff
.SH "AUTHOR"
.PP
This utility is part of the
\m[blue]\fBSamba\fR\m[]\&\s-2\u[1]\d\s+2
suite, which is developed by the global
\m[blue]\fBSamba Team\fR\m[]\&\s-2\u[2]\d\s+2\&.
.PP
This manpage and regdiff were written by Jelmer Vernooij\&.
.SH "NOTES"
.IP " 1." 4
Samba
.RS 4
\%http://www.samba.org/
.RE
.IP " 2." 4
Samba Team
.RS 4
\%http://www.samba.org/samba/team/
.RE




'\" t
.\"     Title: regpatch
.\"    Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\"      Date: 09/23/2020
.\"    Manual: System Administration tools
.\"    Source: Samba 4.0
.\"  Language: English
.\"
.TH "REGPATCH" "1" "09/23/2020" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
regpatch \- Applies registry patches to registry files
.SH "SYNOPSIS"
.HP \w'\fBregpatch\fR\ 'u
\fBregpatch\fR [\-\-help] [\-\-backend=BACKEND] [\-\-credentials=CREDENTIALS] [location] [patch\-file]
.SH "DESCRIPTION"
.PP
The regpatch utility applies registry patches to Windows registry files\&. The patch files should have the same format as is being used by the regdiff utility and regedit32\&.exe from Windows\&.
.PP
If no patch file is specified on the command line, regpatch attempts to read it from standard input\&.
.SH "OPTIONS"
.PP
\-\-help
.RS 4
Show list of available options\&.
.RE
.PP
\-\-backend BACKEND
.RS 4
Name of backend to load\&. Possible values are: creg, regf, dir and rpc\&. The default is
\fIdir\fR\&.
.RE
.PP
\-\-credentials=CREDENTIALS
.RS 4
Credentials to use, if any\&. Password should be separated from user name by a percent sign\&.
.RE
.SH "VERSION"
.PP
This man page is correct for version 4\&.0 of the Samba suite\&.
.SH "SEE ALSO"
.PP
regdiff, regtree, regshell, gregedit, samba, diff, patch
.SH "AUTHOR"
.PP
This utility is part of the
\m[blue]\fBSamba\fR\m[]\&\s-2\u[1]\d\s+2
suite, which is developed by the global
\m[blue]\fBSamba Team\fR\m[]\&\s-2\u[2]\d\s+2\&.
.PP
This manpage and regpatch were written by Jelmer Vernooij\&.
.SH "NOTES"
.IP " 1." 4
Samba
.RS 4
\%http://www.samba.org/
.RE
.IP " 2." 4
Samba Team
.RS 4
\%http://www.samba.org/samba/team/
.RE




'\" t
.\"     Title: regshell
.\"    Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\"      Date: 09/23/2020
.\"    Manual: System Administration tools
.\"    Source: Samba 4.0
.\"  Language: English
.\"
.TH "REGSHELL" "1" "09/23/2020" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
regshell \- Windows registry file browser using readline
.SH "SYNOPSIS"
.HP \w'\fBregshell\fR\ 'u
\fBregshell\fR [\-\-help] [\-\-backend=BACKEND] [\-\-credentials=CREDENTIALS] [location]
.SH "DESCRIPTION"
.PP
regshell is a utility that lets you browse thru a Windows registry file as if you were using a regular unix shell to browse thru a file system\&.
.SH "OPTIONS"
.PP
\-\-help
.RS 4
Show list of available options\&.
.RE
.PP
\-\-backend BACKEND
.RS 4
Name of backend to load\&. Possible values are: creg, regf, dir and rpc\&. The default is
\fIdir\fR\&.
.RE
.PP
\-\-credentials=CREDENTIALS
.RS 4
Credentials to use, if any\&. Password should be separated from user name by a percent sign\&.
.RE
.SH "COMMANDS"
.PP
ck|cd <keyname>
.RS 4
Go to the specified subkey\&.
.RE
.PP
ch|predef [predefined\-key\-name]
.RS 4
Go to the specified predefined key\&.
.RE
.PP
list|ls
.RS 4
List subkeys and values of the current key\&.
.RE
.PP
mkkey|mkdir <keyname>
.RS 4
Create a key with the specified
\fIkeyname\fR
as a subkey of the current key\&.
.RE
.PP
rmval|rm <valname>
.RS 4
Delete the specified value\&.
.RE
.PP
rmkey|rmdir <keyname>
.RS 4
Delete the specified subkey recursively\&.
.RE
.PP
pwd|pwk
.RS 4
Print the full name of the current key\&.
.RE
.PP
set|update
.RS 4
Update the value of a key value\&. Not implemented at the moment\&.
.RE
.PP
help|?
.RS 4
Print a list of available commands\&.
.RE
.PP
exit|quit
.RS 4
Leave regshell\&.
.RE
.SH "EXAMPLES"
.PP
Browsing thru a nt4 registry file
.sp
.if n \{\
.RS 4
.\}
.nf
\fBregshell \-b nt4 NTUSER\&.DAT\fR
$$$PROTO\&.HIV> \fBls\fR
K AppEvents
K Console
K Control Panel
K Environment
K Identities
K Keyboard Layout
K Network
K Printers
K Software
K UNICODE Program Groups
K Windows 3\&.1 Migration Status
$$$PROTO\&.HIV> \fBexit\fR
.fi
.if n \{\
.RE
.\}
.PP
Listing the subkeys of HKEY_CURRENT_USER\eAppEvents on a remote computer:
.sp
.if n \{\
.RS 4
.\}
.nf
\fBregshell \-\-remote=ncacn_np:aurelia \-c "jelmer%secret"\fR
HKEY_CURRENT_MACHINE> \fBpredef HKEY_CURRENT_USER\fR
HKEY_CURRENT_USER> \fBcd AppEvents\fR
Current path is: HKEY_CURRENT_USER\eAppEvents
HKEY_CURRENT_USER\eAppEvents> \fBls\fR
K EventLabels
K Schemes
HKEY_CURRENT_USER\eAppEvents> \fBexit\fR
.fi
.if n \{\
.RE
.\}
.SH "VERSION"
.PP
This man page is correct for version 4\&.0 of the Samba suite\&.
.SH "SEE ALSO"
.PP
regtree, regdiff, regpatch, gregedit, samba
.SH "AUTHOR"
.PP
This utility is part of the
\m[blue]\fBSamba\fR\m[]\&\s-2\u[1]\d\s+2
suite, which is developed by the global
\m[blue]\fBSamba Team\fR\m[]\&\s-2\u[2]\d\s+2\&.
.PP
This manpage and regshell were written by Jelmer Vernooij\&.
.SH "NOTES"
.IP " 1." 4
Samba
.RS 4
\%http://www.samba.org/
.RE
.IP " 2." 4
Samba Team
.RS 4
\%http://www.samba.org/samba/team/
.RE




'\" t
.\"     Title: regtree
.\"    Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\"      Date: 09/23/2020
.\"    Manual: System Administration tools
.\"    Source: Samba 4.0
.\"  Language: English
.\"
.TH "REGTREE" "1" "09/23/2020" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
regtree \- Text\-mode registry viewer
.SH "SYNOPSIS"
.HP \w'\fBregtree\fR\ 'u
\fBregtree\fR [\-\-help] [\-\-backend=BACKEND] [\-\-fullpath] [\-\-no\-values] [\-\-credentials=CREDENTIALS] [location]
.SH "DESCRIPTION"
.PP
The regtree utility prints out all the contents of a Windows registry file\&. Subkeys are printed with one level more indentation than their parents\&.
.SH "OPTIONS"
.PP
\-\-help
.RS 4
Show list of available options\&.
.RE
.PP
\-\-backend BACKEND
.RS 4
Name of backend to load\&. Possible values are: creg, regf, dir and rpc\&. The default is
\fIdir\fR\&.
.RE
.PP
\-\-credentials=CREDENTIALS
.RS 4
Credentials to use, if any\&. Password should be separated from user name by a percent sign\&.
.RE
.PP
\-\-fullpath
.RS 4
Print the full path to each key instead of only its name\&.
.RE
.PP
\-\-no\-values
.RS 4
Don\*(Aqt print values, just keys\&.
.RE
.SH "VERSION"
.PP
This man page is correct for version 4\&.0 of the Samba suite\&.
.SH "SEE ALSO"
.PP
gregedit, regshell, regdiff, regpatch, samba
.SH "AUTHOR"
.PP
This utility is part of the
\m[blue]\fBSamba\fR\m[]\&\s-2\u[1]\d\s+2
suite, which is developed by the global
\m[blue]\fBSamba Team\fR\m[]\&\s-2\u[2]\d\s+2\&.
.PP
This manpage and regtree were written by Jelmer Vernooij\&.
.SH "NOTES"
.IP " 1." 4
Samba
.RS 4
\%http://www.samba.org/
.RE
.IP " 2." 4
Samba Team
.RS 4
\%http://www.samba.org/samba/team/
.RE




'\" t
.\"     Title: SAMBA_GPOUPDATE
.\"    Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\"      Date: 2017-07-11
.\"    Manual: System Administration tools
.\"    Source: Samba 4.8.0
.\"  Language: English
.\"
.TH "SAMBA_GPOUPDATE" "8" "2017\-07\-11" "Samba 4\&.8\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
samba-gpupdate \- apply group policy
.SH "SYNOPSIS"
.HP \w'\fBsamba\-gpupdate\fR\ 'u
\fBsamba\-gpupdate\fR
.HP \w'\fBsamba\-gpupdate\fR\ 'u
\fBsamba\-gpupdate\fR [\fIoptions\fR]
.SH "DESCRIPTION"
.PP
This tool is part of the
\fBsamba\fR(1)
suite\&.
.PP
\fBsamba\-gpupdate\fR
a script for applying and unapplying Group Policy\&. Group Policy application is experimental\&. Currently this applies password policies (minimum/maximum password age, minimum password length, and password complexity) and kerberos policies (user/service ticket lifetime and renew lifetime)\&.
.SH "OPTIONS"
.PP
\fB\-h\fR,
\fB\-\-help\fR
show this help message and exit
.PP
\fB\-H \fRURL,
\fB\-\-url\fR=\fIURL\fR
URL for the samdb
.PP
\fB\-X\fR,
\fB\-\-unapply\fR
Unapply Group Policy
.PP
\fB\-\-target\fR
{Computer | User}
.PP
Samba Common Options:
.PP
\fB\-s \fRFILE,
\fB\-\-configfile\fR=\fIFILE\fR
Configuration file
.PP
\fB\-d \fRDEBUGLEVEL,
\fB\-\-debuglevel\fR=\fIDEBUGLEVEL\fR
debug level
.PP
\fB\-\-option\fR=\fIOPTION\fR
set smb\&.conf option from command line
.PP
\fB\-\-realm\fR=\fIREALM\fR
set the realm name
.PP
Version Options:
.PP
\fB\-V\fR,
\fB\-\-version\fR
Display version number
.PP
Credentials Options:
.PP
\fB\-\-simple\-bind\-dn\fR=\fIDN\fR
DN to use for a simple bind
.PP
\fB\-\-password\fR=\fIPASSWORD\fR
Password
.PP
\fB\-U \fRUSERNAME,
\fB\-\-username\fR=\fIUSERNAME\fR
Username
.PP
\fB\-W \fRWORKGROUP,
\fB\-\-workgroup\fR=\fIWORKGROUP\fR
Workgroup
.PP
\fB\-N\fR,
\fB\-\-no\-pass\fR
Don\*(Aqt ask for a password
.PP
\fB\-k \fRKERBEROS,
\fB\-\-kerberos\fR=\fIKERBEROS\fR
Use Kerberos
.PP
\fB\-\-ipaddress\fR=\fIIPADDRESS\fR
IP address of server
.PP
\fB\-P\fR,
\fB\-\-machine\-pass\fR
Use stored machine account password
.SH "AUTHOR"
.PP
The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.




'\" t
.\"     Title: smbtorture
.\"    Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\"      Date: 09/23/2020
.\"    Manual: Test Suite
.\"    Source: Samba 4.0
.\"  Language: English
.\"
.TH "SMBTORTURE" "1" "09/23/2020" "Samba 4\&.0" "Test Suite"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
smbtorture \- Run a series of tests against a SMB server
.SH "SYNOPSIS"
.HP \w'\fBsmbtorture\fR\ 'u
\fBsmbtorture\fR {//server/share} [\-d\ debuglevel] [\-U\ user%pass] [\-k] [\-N\ numprocs] [\-n\ netbios_name] [\-W\ workgroup] [\-e\ num\ files(entries)] [\-O\ socket_options] [\-m\ maximum_protocol] [\-L] [\-c\ CLIENT\&.TXT] [\-t\ timelimit] [\-C\ filename] [\-A] [\-p\ port] [\-s\ seed] [\-f\ max_failures] [\-X] {BINDING\-STRING|UNC} {TEST1} [TEST2] [\&.\&.\&.]
.SH "DESCRIPTION"
.PP
smbtorture is a testsuite that runs several tests against a SMB server\&. All tests are known to succeed against a Windows 2003 server (?)\&. Smbtorture\*(Aqs primary goal is finding differences in implementations of the SMB protocol and testing SMB servers\&.
.PP
Any number of tests can be specified on the command\-line\&. If no tests are specified, all tests are run\&.
.PP
If no arguments are specified at all, all available options and tests are listed\&.
.SS "Binding string format"
.PP
The binding string format is:
.PP
TRANSPORT:host[flags]
.PP
Where TRANSPORT is either ncacn_np for SMB, ncacn_ip_tcp for RPC/TCP or ncalrpc for local connections\&.
.PP
\*(Aqhost\*(Aq is an IP or hostname or netbios name\&. If the binding string identifies the server side of an endpoint, \*(Aqhost\*(Aq may be an empty string\&.
.PP
\*(Aqflags\*(Aq can include a SMB pipe name if using the ncacn_np transport or a TCP port number if using the ncacn_ip_tcp transport, otherwise they will be auto\-determined\&.
.PP
other recognised flags are:
.PP
sign
.RS 4
enable ntlmssp signing
.RE
.PP
seal
.RS 4
enable ntlmssp sealing
.RE
.PP
connect
.RS 4
enable rpc connect level auth (auth, but no sign or seal)
.RE
.PP
validate
.RS 4
enable the NDR validator
.RE
.PP
print
.RS 4
enable debugging of the packets
.RE
.PP
bigendian
.RS 4
use bigendian RPC
.RE
.PP
padcheck
.RS 4
check reply data for non\-zero pad bytes
.RE
.PP
For example, these all connect to the samr pipe:
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
ncacn_np:myserver
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
ncacn_np:myserver[samr]
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
ncacn_np:myserver[\e\epipe\e\esamr]
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
ncacn_np:myserver[/pipe/samr]
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
ncacn_np:myserver[samr,sign,print]
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
ncacn_np:myserver[\e\epipe\e\esamr,sign,seal,bigendian]
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
ncacn_np:myserver[/pipe/samr,seal,validate]
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
ncacn_np:
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
ncacn_np:[/pipe/samr]
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
ncacn_ip_tcp:myserver
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
ncacn_ip_tcp:myserver[1024]
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
ncacn_ip_tcp:myserver[1024,sign,seal]
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
ncalrpc:
.RE
.SS "UNC Format"
.PP
The UNC format is:
.PP
//server/share
.SH "OPTIONS"
.PP
\-d debuglevel
.RS 4
Use the specified Samba debug level\&. A higher debug level means more output\&.
.RE
.PP
\-U user%pass
.RS 4
Use the specified username/password combination when logging in to a remote server\&.
.RE
.PP
\-k
.RS 4
Use kerberos when authenticating\&.
.RE
.PP
\-W workgroup
.RS 4
Use specified name as our workgroup name\&.
.RE
.PP
\-n netbios_name
.RS 4
Use specified name as our NetBIOS name\&.
.RE
.PP
\-O socket_options
.RS 4
Use specified socket options, equivalent of the smb\&.conf option
\(lqsocket options\(rq\&. See the smb\&.conf(5) manpage for details\&.
.RE
.PP
\-m max_protocol
.RS 4
Specify the maximum SMB dialect that should be used\&. Possible values are: CORE, COREPLUS, LANMAN1, LANMAN2, NT1
.RE
.PP
\-s seed
.RS 4
Initialize the randomizer using
\fIseed\fR
as seed\&.
.RE
.PP
\-L
.RS 4
Use oplocks\&.
.RE
.PP
\-X
.RS 4
Enable dangerous tests\&. Use with care! This might crash your server\&.\&.\&.
.RE
.PP
\-t timelimit
.RS 4
Specify the NBENCH time limit in seconds\&. Defaults to 600\&.
.RE
.PP
\-p ports
.RS 4
Specify ports to connect to\&.
.RE
.PP
\-c file
.RS 4
Read NBENCH commands from
\fIfile\fR
instead of from CLIENT\&.TXT\&.
.RE
.PP
\-A
.RS 4
Show not just OK or FAILED but more detailed output\&. Used only by DENY test at the moment\&.
.RE
.PP
\-C filename
.RS 4
Load a list of UNC names from the specified filename\&. Smbtorture instances will connect to a random host from this list\&.
.RE
.PP
\-N numprocs
.RS 4
Specify number of smbtorture processes to launch\&.
.RE
.PP
\-e num_files
.RS 4
Number of entries to use in certain tests (such as creating X files) (default: 1000)\&.
.RE
.PP
\-f max_failures
.RS 4
Number of failures before aborting a test (default: 1)\&.
.RE
.SH "VERSION"
.PP
This man page is correct for version 4\&.0 of the Samba suite\&.
.SH "SEE ALSO"
.PP
Samba
.SH "AUTHOR"
.PP
This utility is part of the
\m[blue]\fBSamba\fR\m[]\&\s-2\u[1]\d\s+2
suite, which is developed by the global
\m[blue]\fBSamba Team\fR\m[]\&\s-2\u[2]\d\s+2\&.
.PP
smbtorture was written by Andrew Tridgell\&.
.PP
This manpage was written by Jelmer Vernooij\&.
.SH "NOTES"
.IP " 1." 4
Samba
.RS 4
\%http://www.samba.org/
.RE
.IP " 2." 4
Samba Team
.RS 4
\%http://www.samba.org/samba/team/
.RE




'\" t
.\"     Title: talloc
.\"    Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
.\"      Date: 2015-04-10
.\"    Manual: System Administration tools
.\"    Source: Samba 4.0
.\"  Language: English
.\"
.TH "TALLOC" "3" "2015\-04\-10" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
talloc \- hierarchical reference counted memory pool system with destructors
.SH "SYNOPSIS"
.sp
.nf
#include <talloc\&.h>
.fi
.SH "DESCRIPTION"
.PP
If you are used to talloc from Samba3 then please read this carefully, as talloc has changed a lot\&.
.PP
The new talloc is a hierarchical, reference counted memory pool system with destructors\&. Quite a mouthful really, but not too bad once you get used to it\&.
.PP
Perhaps the biggest change from Samba3 is that there is no distinction between a "talloc context" and a "talloc pointer"\&. Any pointer returned from talloc() is itself a valid talloc context\&. This means you can do this:
.sp
.if n \{\
.RS 4
.\}
.nf
    struct foo *X = talloc(mem_ctx, struct foo);
    X\->name = talloc_strdup(X, "foo");

.fi
.if n \{\
.RE
.\}
.PP
and the pointer
X\->name
would be a "child" of the talloc context
X
which is itself a child of
mem_ctx\&. So if you do
talloc_free(mem_ctx)
then it is all destroyed, whereas if you do
talloc_free(X)
then just
X
and
X\->name
are destroyed, and if you do
talloc_free(X\->name)
then just the name element of
X
is destroyed\&.
.PP
If you think about this, then what this effectively gives you is an n\-ary tree, where you can free any part of the tree with talloc_free()\&.
.PP
If you find this confusing, then I suggest you run the
testsuite
program to watch talloc in action\&. You may also like to add your own tests to
testsuite\&.c
to clarify how some particular situation is handled\&.
.SH "TALLOC API"
.PP
The following is a complete guide to the talloc API\&. Read it all at least twice\&.
.SS "(type *)talloc(const void *ctx, type);"
.PP
The talloc() macro is the core of the talloc library\&. It takes a memory
\fIctx\fR
and a
\fItype\fR, and returns a pointer to a new area of memory of the given
\fItype\fR\&.
.PP
The returned pointer is itself a talloc context, so you can use it as the
\fIctx\fR
argument to more calls to talloc() if you wish\&.
.PP
The returned pointer is a "child" of the supplied context\&. This means that if you talloc_free() the
\fIctx\fR
then the new child disappears as well\&. Alternatively you can free just the child\&.
.PP
The
\fIctx\fR
argument to talloc() can be NULL, in which case a new top level context is created\&.
.SS "void *talloc_size(const void *ctx, size_t size);"
.PP
The function talloc_size() should be used when you don\*(Aqt have a convenient type to pass to talloc()\&. Unlike talloc(), it is not type safe (as it returns a void *), so you are on your own for type checking\&.
.SS "(typeof(ptr)) talloc_ptrtype(const void *ctx, ptr);"
.PP
The talloc_ptrtype() macro should be used when you have a pointer and want to allocate memory to point at with this pointer\&. When compiling with gcc >= 3 it is typesafe\&. Note this is a wrapper of talloc_size() and talloc_get_name() will return the current location in the source file\&. and not the type\&.
.SS "int talloc_free(void *ptr);"
.PP
The talloc_free() function frees a piece of talloc memory, and all its children\&. You can call talloc_free() on any pointer returned by talloc()\&.
.PP
The return value of talloc_free() indicates success or failure, with 0 returned for success and \-1 for failure\&. The only possible failure condition is if
\fIptr\fR
had a destructor attached to it and the destructor returned \-1\&. See
\(lqtalloc_set_destructor()\(rq
for details on destructors\&.
.PP
If this pointer has an additional parent when talloc_free() is called then the memory is not actually released, but instead the most recently established parent is destroyed\&. See
\(lqtalloc_reference()\(rq
for details on establishing additional parents\&.
.PP
For more control on which parent is removed, see
\(lqtalloc_unlink()\(rq\&.
.PP
talloc_free() operates recursively on its children\&.
.PP
From the 2\&.0 version of talloc, as a special case, talloc_free() is refused on pointers that have more than one parent, as talloc would have no way of knowing which parent should be removed\&. To free a pointer that has more than one parent please use talloc_unlink()\&.
.PP
To help you find problems in your code caused by this behaviour, if you do try and free a pointer with more than one parent then the talloc logging function will be called to give output like this:
.PP

.sp
.if n \{\
.RS 4
.\}
.nf
	    ERROR: talloc_free with references at some_dir/source/foo\&.c:123
		reference at some_dir/source/other\&.c:325
		reference at some_dir/source/third\&.c:121

.fi
.if n \{\
.RE
.\}
.PP
Please see the documentation for talloc_set_log_fn() and talloc_set_log_stderr() for more information on talloc logging functions\&.
.SS "void *talloc_reference(const void *ctx, const void *ptr);"
.PP
The talloc_reference() function makes
\fIctx\fR
an additional parent of
\fIptr\fR\&.
.PP
The return value of talloc_reference() is always the original pointer
\fIptr\fR, unless talloc ran out of memory in creating the reference in which case it will return NULL (each additional reference consumes around 48 bytes of memory on intel x86 platforms)\&.
.PP
If
\fIptr\fR
is NULL, then the function is a no\-op, and simply returns NULL\&.
.PP
After creating a reference you can free it in one of the following ways:
.PP

.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
you can talloc_free() any parent of the original pointer\&. That will reduce the number of parents of this pointer by 1, and will cause this pointer to be freed if it runs out of parents\&.
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
you can talloc_free() the pointer itself if it has at maximum one parent\&. This behaviour has been changed since the release of version 2\&.0\&. Further informations in the description of "talloc_free"\&.
.RE
.PP
For more control on which parent to remove, see
\(lqtalloc_unlink()\(rq\&.
.SS "int talloc_unlink(const void *ctx, void *ptr);"
.PP
The talloc_unlink() function removes a specific parent from
\fIptr\fR\&. The
\fIctx\fR
passed must either be a context used in talloc_reference() with this pointer, or must be a direct parent of ptr\&.
.PP
Note that if the parent has already been removed using talloc_free() then this function will fail and will return \-1\&. Likewise, if
\fIptr\fR
is NULL, then the function will make no modifications and return \-1\&.
.PP
Usually you can just use talloc_free() instead of talloc_unlink(), but sometimes it is useful to have the additional control on which parent is removed\&.
.SS "void talloc_set_destructor(const void *ptr, int (*destructor)(void *));"
.PP
The function talloc_set_destructor() sets the
\fIdestructor\fR
for the pointer
\fIptr\fR\&. A
\fIdestructor\fR
is a function that is called when the memory used by a pointer is about to be released\&. The destructor receives
\fIptr\fR
as an argument, and should return 0 for success and \-1 for failure\&.
.PP
The
\fIdestructor\fR
can do anything it wants to, including freeing other pieces of memory\&. A common use for destructors is to clean up operating system resources (such as open file descriptors) contained in the structure the destructor is placed on\&.
.PP
You can only place one destructor on a pointer\&. If you need more than one destructor then you can create a zero\-length child of the pointer and place an additional destructor on that\&.
.PP
To remove a destructor call talloc_set_destructor() with NULL for the destructor\&.
.PP
If your destructor attempts to talloc_free() the pointer that it is the destructor for then talloc_free() will return \-1 and the free will be ignored\&. This would be a pointless operation anyway, as the destructor is only called when the memory is just about to go away\&.
.SS "int talloc_increase_ref_count(const void *\fIptr\fR);"
.PP
The talloc_increase_ref_count(\fIptr\fR) function is exactly equivalent to:
.sp
.if n \{\
.RS 4
.\}
.nf
talloc_reference(NULL, ptr);
.fi
.if n \{\
.RE
.\}
.PP
You can use either syntax, depending on which you think is clearer in your code\&.
.PP
It returns 0 on success and \-1 on failure\&.
.SS "size_t talloc_reference_count(const void *\fIptr\fR);"
.PP
Return the number of references to the pointer\&.
.SS "void talloc_set_name(const void *ptr, const char *fmt, \&.\&.\&.);"
.PP
Each talloc pointer has a "name"\&. The name is used principally for debugging purposes, although it is also possible to set and get the name on a pointer in as a way of "marking" pointers in your code\&.
.PP
The main use for names on pointer is for "talloc reports"\&. See
\(lqtalloc_report_depth_cb()\(rq,
\(lqtalloc_report_depth_file()\(rq,
\(lqtalloc_report()\(rq
\(lqtalloc_report()\(rq
and
\(lqtalloc_report_full()\(rq
for details\&. Also see
\(lqtalloc_enable_leak_report()\(rq
and
\(lqtalloc_enable_leak_report_full()\(rq\&.
.PP
The talloc_set_name() function allocates memory as a child of the pointer\&. It is logically equivalent to:
.sp
.if n \{\
.RS 4
.\}
.nf
talloc_set_name_const(ptr, talloc_asprintf(ptr, fmt, \&.\&.\&.));
.fi
.if n \{\
.RE
.\}
.PP
Note that multiple calls to talloc_set_name() will allocate more memory without releasing the name\&. All of the memory is released when the ptr is freed using talloc_free()\&.
.SS "void talloc_set_name_const(const void *\fIptr\fR, const char *\fIname\fR);"
.PP
The function talloc_set_name_const() is just like talloc_set_name(), but it takes a string constant, and is much faster\&. It is extensively used by the "auto naming" macros, such as talloc_p()\&.
.PP
This function does not allocate any memory\&. It just copies the supplied pointer into the internal representation of the talloc ptr\&. This means you must not pass a
\fIname\fR
pointer to memory that will disappear before
\fIptr\fR
is freed with talloc_free()\&.
.SS "void *talloc_named(const void *\fIctx\fR, size_t \fIsize\fR, const char *\fIfmt\fR, \&.\&.\&.);"
.PP
The talloc_named() function creates a named talloc pointer\&. It is equivalent to:
.sp
.if n \{\
.RS 4
.\}
.nf
ptr = talloc_size(ctx, size);
talloc_set_name(ptr, fmt, \&.\&.\&.\&.);
.fi
.if n \{\
.RE
.\}
.SS "void *talloc_named_const(const void *\fIctx\fR, size_t \fIsize\fR, const char *\fIname\fR);"
.PP
This is equivalent to:
.sp
.if n \{\
.RS 4
.\}
.nf
ptr = talloc_size(ctx, size);
talloc_set_name_const(ptr, name);
.fi
.if n \{\
.RE
.\}
.SS "const char *talloc_get_name(const void *\fIptr\fR);"
.PP
This returns the current name for the given talloc pointer,
\fIptr\fR\&. See
\(lqtalloc_set_name()\(rq
for details\&.
.SS "void *talloc_init(const char *\fIfmt\fR, \&.\&.\&.);"
.PP
This function creates a zero length named talloc context as a top level context\&. It is equivalent to:
.sp
.if n \{\
.RS 4
.\}
.nf
talloc_named(NULL, 0, fmt, \&.\&.\&.);
.fi
.if n \{\
.RE
.\}
.SS "void *talloc_new(void *\fIctx\fR);"
.PP
This is a utility macro that creates a new memory context hanging off an existing context, automatically naming it "talloc_new: __location__" where __location__ is the source line it is called from\&. It is particularly useful for creating a new temporary working context\&.
.SS "(\fItype\fR *)talloc_realloc(const void *\fIctx\fR, void *\fIptr\fR, \fItype\fR, \fIcount\fR);"
.PP
The talloc_realloc() macro changes the size of a talloc pointer\&. It has the following equivalences:
.sp
.if n \{\
.RS 4
.\}
.nf
talloc_realloc(ctx, NULL, type, 1) ==> talloc(ctx, type);
talloc_realloc(ctx, ptr, type, 0)  ==> talloc_free(ptr);
.fi
.if n \{\
.RE
.\}
.PP
The
\fIctx\fR
argument is only used if
\fIptr\fR
is not NULL, otherwise it is ignored\&.
.PP
talloc_realloc() returns the new pointer, or NULL on failure\&. The call will fail either due to a lack of memory, or because the pointer has more than one parent (see
\(lqtalloc_reference()\(rq)\&.
.SS "void *talloc_realloc_size(const void *ctx, void *ptr, size_t size);"
.PP
the talloc_realloc_size() function is useful when the type is not known so the type\-safe talloc_realloc() cannot be used\&.
.SS "TYPE *talloc_steal(const void *\fInew_ctx\fR, const TYPE *\fIptr\fR);"
.PP
The talloc_steal() function changes the parent context of a talloc pointer\&. It is typically used when the context that the pointer is currently a child of is going to be freed and you wish to keep the memory for a longer time\&.
.PP
The talloc_steal() function returns the pointer that you pass it\&. It does not have any failure modes\&.
.PP
It is possible to produce loops in the parent/child relationship if you are not careful with talloc_steal()\&. No guarantees are provided as to your sanity or the safety of your data if you do this\&.
.PP
Note that if you try and call talloc_steal() on a pointer that has more than one parent then the result is ambiguous\&. Talloc will choose to remove the parent that is currently indicated by talloc_parent() and replace it with the chosen parent\&. You will also get a message like this via the talloc logging functions:
.PP

.sp
.if n \{\
.RS 4
.\}
.nf
	  WARNING: talloc_steal with references at some_dir/source/foo\&.c:123
		reference at some_dir/source/other\&.c:325
		reference at some_dir/source/third\&.c:121

.fi
.if n \{\
.RE
.\}
.PP
To unambiguously change the parent of a pointer please see the function
\(lqtalloc_reparent()\(rq\&. See the talloc_set_log_fn() documentation for more information on talloc logging\&.
.SS "TYPE *talloc_reparent(const void *\fIold_parent\fR, const void *\fInew_parent\fR, const TYPE *\fIptr\fR);"
.PP
The talloc_reparent() function changes the parent context of a talloc pointer\&. It is typically used when the context that the pointer is currently a child of is going to be freed and you wish to keep the memory for a longer time\&.
.PP
The talloc_reparent() function returns the pointer that you pass it\&. It does not have any failure modes\&.
.PP
The difference between talloc_reparent() and talloc_steal() is that talloc_reparent() can specify which parent you wish to change\&. This is useful when a pointer has multiple parents via references\&.
.SS "TYPE *talloc_move(const void *\fInew_ctx\fR, TYPE **\fIptr\fR);"
.PP
The talloc_move() function is a wrapper around talloc_steal() which zeros the source pointer after the move\&. This avoids a potential source of bugs where a programmer leaves a pointer in two structures, and uses the pointer from the old structure after it has been moved to a new one\&.
.SS "size_t talloc_total_size(const void *\fIptr\fR);"
.PP
The talloc_total_size() function returns the total size in bytes used by this pointer and all child pointers\&. Mostly useful for debugging\&.
.PP
Passing NULL is allowed, but it will only give a meaningful result if talloc_enable_leak_report() or talloc_enable_leak_report_full() has been called\&.
.SS "size_t talloc_total_blocks(const void *\fIptr\fR);"
.PP
The talloc_total_blocks() function returns the total memory block count used by this pointer and all child pointers\&. Mostly useful for debugging\&.
.PP
Passing NULL is allowed, but it will only give a meaningful result if talloc_enable_leak_report() or talloc_enable_leak_report_full() has been called\&.
.SS "void talloc_report(const void *ptr, FILE *f);"
.PP
The talloc_report() function prints a summary report of all memory used by
\fIptr\fR\&. One line of report is printed for each immediate child of ptr, showing the total memory and number of blocks used by that child\&.
.PP
You can pass NULL for the pointer, in which case a report is printed for the top level memory context, but only if talloc_enable_leak_report() or talloc_enable_leak_report_full() has been called\&.
.SS "void talloc_report_full(const void *\fIptr\fR, FILE *\fIf\fR);"
.PP
This provides a more detailed report than talloc_report()\&. It will recursively print the entire tree of memory referenced by the pointer\&. References in the tree are shown by giving the name of the pointer that is referenced\&.
.PP
You can pass NULL for the pointer, in which case a report is printed for the top level memory context, but only if talloc_enable_leak_report() or talloc_enable_leak_report_full() has been called\&.
.SS ""
.HP \w'void\ talloc_report_depth_cb('u
.BI "void talloc_report_depth_cb(" "const\ void\ *ptr" ", " "int\ depth" ", " "int\ max_depth" ", " "void\ (*callback)(const\ void\ *ptr,\ int\ depth,\ int\ max_depth,\ int\ is_ref,\ void\ *priv)" ", " "void\ *priv" ");"
.PP
This provides a more flexible reports than talloc_report()\&. It will recursively call the callback for the entire tree of memory referenced by the pointer\&. References in the tree are passed with
\fIis_ref = 1\fR
and the pointer that is referenced\&.
.PP
You can pass NULL for the pointer, in which case a report is printed for the top level memory context, but only if talloc_enable_leak_report() or talloc_enable_leak_report_full() has been called\&.
.PP
The recursion is stopped when depth >= max_depth\&. max_depth = \-1 means only stop at leaf nodes\&.
.SS ""
.HP \w'void\ talloc_report_depth_file('u
.BI "void talloc_report_depth_file(" "const\ void\ *ptr" ", " "int\ depth" ", " "int\ max_depth" ", " "FILE\ *f" ");"
.PP
This provides a more flexible reports than talloc_report()\&. It will let you specify the depth and max_depth\&.
.SS "void talloc_enable_leak_report(void);"
.PP
This enables calling of talloc_report(NULL, stderr) when the program exits\&. In Samba4 this is enabled by using the \-\-leak\-report command line option\&.
.PP
For it to be useful, this function must be called before any other talloc function as it establishes a "null context" that acts as the top of the tree\&. If you don\*(Aqt call this function first then passing NULL to talloc_report() or talloc_report_full() won\*(Aqt give you the full tree printout\&.
.PP
Here is a typical talloc report:
.sp
.if n \{\
.RS 4
.\}
.nf
talloc report on \*(Aqnull_context\*(Aq (total 267 bytes in 15 blocks)
libcli/auth/spnego_parse\&.c:55  contains   31 bytes in   2 blocks
libcli/auth/spnego_parse\&.c:55  contains   31 bytes in   2 blocks
iconv(UTF8,CP850)              contains   42 bytes in   2 blocks
libcli/auth/spnego_parse\&.c:55  contains   31 bytes in   2 blocks
iconv(CP850,UTF8)              contains   42 bytes in   2 blocks
iconv(UTF8,UTF\-16LE)           contains   45 bytes in   2 blocks
iconv(UTF\-16LE,UTF8)           contains   45 bytes in   2 blocks

.fi
.if n \{\
.RE
.\}
.SS "void talloc_enable_leak_report_full(void);"
.PP
This enables calling of talloc_report_full(NULL, stderr) when the program exits\&. In Samba4 this is enabled by using the \-\-leak\-report\-full command line option\&.
.PP
For it to be useful, this function must be called before any other talloc function as it establishes a "null context" that acts as the top of the tree\&. If you don\*(Aqt call this function first then passing NULL to talloc_report() or talloc_report_full() won\*(Aqt give you the full tree printout\&.
.PP
Here is a typical full report:
.sp
.if n \{\
.RS 4
.\}
.nf
full talloc report on \*(Aqroot\*(Aq (total 18 bytes in 8 blocks)
p1               contains     18 bytes in   7 blocks (ref 0)
    r1               contains     13 bytes in   2 blocks (ref 0)
        reference to: p2
    p2               contains      1 bytes in   1 blocks (ref 1)
    x3               contains      1 bytes in   1 blocks (ref 0)
    x2               contains      1 bytes in   1 blocks (ref 0)
    x1               contains      1 bytes in   1 blocks (ref 0)

.fi
.if n \{\
.RE
.\}
.SS "(\fItype\fR *)talloc_zero(const void *\fIctx\fR, \fItype\fR);"
.PP
The talloc_zero() macro is equivalent to:
.sp
.if n \{\
.RS 4
.\}
.nf
ptr = talloc(ctx, type);
if (ptr) memset(ptr, 0, sizeof(type));
.fi
.if n \{\
.RE
.\}
.SS "void *talloc_zero_size(const void *\fIctx\fR, size_t \fIsize\fR)"
.PP
The talloc_zero_size() function is useful when you don\*(Aqt have a known type\&.
.SS "void *talloc_memdup(const void *\fIctx\fR, const void *\fIp\fR, size_t size);"
.PP
The talloc_memdup() function is equivalent to:
.sp
.if n \{\
.RS 4
.\}
.nf
ptr = talloc_size(ctx, size);
if (ptr) memcpy(ptr, p, size);
.fi
.if n \{\
.RE
.\}
.SS "char *talloc_strdup(const void *\fIctx\fR, const char *\fIp\fR);"
.PP
The talloc_strdup() function is equivalent to:
.sp
.if n \{\
.RS 4
.\}
.nf
ptr = talloc_size(ctx, strlen(p)+1);
if (ptr) memcpy(ptr, p, strlen(p)+1);
.fi
.if n \{\
.RE
.\}
.PP
This function sets the name of the new pointer to the passed string\&. This is equivalent to:
.sp
.if n \{\
.RS 4
.\}
.nf
talloc_set_name_const(ptr, ptr)
.fi
.if n \{\
.RE
.\}
.SS "char *talloc_strndup(const void *\fIt\fR, const char *\fIp\fR, size_t \fIn\fR);"
.PP
The talloc_strndup() function is the talloc equivalent of the C library function strndup(3)\&.
.PP
This function sets the name of the new pointer to the passed string\&. This is equivalent to:
.sp
.if n \{\
.RS 4
.\}
.nf
talloc_set_name_const(ptr, ptr)
.fi
.if n \{\
.RE
.\}
.SS "char *talloc_vasprintf(const void *\fIt\fR, const char *\fIfmt\fR, va_list \fIap\fR);"
.PP
The talloc_vasprintf() function is the talloc equivalent of the C library function vasprintf(3)\&.
.PP
This function sets the name of the new pointer to the new string\&. This is equivalent to:
.sp
.if n \{\
.RS 4
.\}
.nf
talloc_set_name_const(ptr, ptr)
.fi
.if n \{\
.RE
.\}
.SS "char *talloc_asprintf(const void *\fIt\fR, const char *\fIfmt\fR, \&.\&.\&.);"
.PP
The talloc_asprintf() function is the talloc equivalent of the C library function asprintf(3)\&.
.PP
This function sets the name of the new pointer to the passed string\&. This is equivalent to:
.sp
.if n \{\
.RS 4
.\}
.nf
talloc_set_name_const(ptr, ptr)
.fi
.if n \{\
.RE
.\}
.SS "char *talloc_asprintf_append(char *s, const char *fmt, \&.\&.\&.);"
.PP
The talloc_asprintf_append() function appends the given formatted string to the given string\&.
.PP
This function sets the name of the new pointer to the new string\&. This is equivalent to:
.sp
.if n \{\
.RS 4
.\}
.nf
talloc_set_name_const(ptr, ptr)
.fi
.if n \{\
.RE
.\}
.SS "(type *)talloc_array(const void *ctx, type, unsigned int count);"
.PP
The talloc_array() macro is equivalent to:
.sp
.if n \{\
.RS 4
.\}
.nf
(type *)talloc_size(ctx, sizeof(type) * count);
.fi
.if n \{\
.RE
.\}
.PP
except that it provides integer overflow protection for the multiply, returning NULL if the multiply overflows\&.
.SS "void *talloc_array_size(const void *ctx, size_t size, unsigned int count);"
.PP
The talloc_array_size() function is useful when the type is not known\&. It operates in the same way as talloc_array(), but takes a size instead of a type\&.
.SS "(typeof(ptr)) talloc_array_ptrtype(const void *ctx, ptr, unsigned int count);"
.PP
The talloc_ptrtype() macro should be used when you have a pointer to an array and want to allocate memory of an array to point at with this pointer\&. When compiling with gcc >= 3 it is typesafe\&. Note this is a wrapper of talloc_array_size() and talloc_get_name() will return the current location in the source file\&. and not the type\&.
.SS "void *talloc_realloc_fn(const void *ctx, void *ptr, size_t size)"
.PP
This is a non\-macro version of talloc_realloc(), which is useful as libraries sometimes want a realloc function pointer\&. A realloc(3) implementation encapsulates the functionality of malloc(3), free(3) and realloc(3) in one call, which is why it is useful to be able to pass around a single function pointer\&.
.SS "void *talloc_autofree_context(void);"
.PP
This is a handy utility function that returns a talloc context which will be automatically freed on program exit\&. This can be used to reduce the noise in memory leak reports\&.
.SS "void *talloc_check_name(const void *ptr, const char *name);"
.PP
This function checks if a pointer has the specified
\fIname\fR\&. If it does then the pointer is returned\&. It it doesn\*(Aqt then NULL is returned\&.
.SS "(type *)talloc_get_type(const void *ptr, type);"
.PP
This macro allows you to do type checking on talloc pointers\&. It is particularly useful for void* private pointers\&. It is equivalent to this:
.sp
.if n \{\
.RS 4
.\}
.nf
(type *)talloc_check_name(ptr, #type)
.fi
.if n \{\
.RE
.\}
.SS "talloc_set_type(const void *ptr, type);"
.PP
This macro allows you to force the name of a pointer to be a particular
\fItype\fR\&. This can be used in conjunction with talloc_get_type() to do type checking on void* pointers\&.
.PP
It is equivalent to this:
.sp
.if n \{\
.RS 4
.\}
.nf
talloc_set_name_const(ptr, #type)
.fi
.if n \{\
.RE
.\}
.SS "talloc_set_log_fn(void (*log_fn)(const char *message));"
.PP
This function sets a logging function that talloc will use for warnings and errors\&. By default talloc will not print any warnings or errors\&.
.SS "talloc_set_log_stderr(void);"
.PP
This sets the talloc log function to write log messages to stderr
.SH "PERFORMANCE"
.PP
All the additional features of talloc(3) over malloc(3) do come at a price\&. We have a simple performance test in Samba4 that measures talloc() versus malloc() performance, and it seems that talloc() is about 10% slower than malloc() on my x86 Debian Linux box\&. For Samba, the great reduction in code complexity that we get by using talloc makes this worthwhile, especially as the total overhead of talloc/malloc in Samba is already quite small\&.
.SH "SEE ALSO"
.PP
malloc(3), strndup(3), vasprintf(3), asprintf(3),
\m[blue]\fB\%http://talloc.samba.org/\fR\m[]
.SH "AUTHOR"
.PP
The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
.SH "COPYRIGHT/LICENSE"
.PP
Copyright (C) Andrew Tridgell 2004
.PP
This program is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version\&.
.PP
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE\&. See the GNU General Public License for more details\&.
.PP
You should have received a copy of the GNU General Public License along with this program; if not, see http://www\&.gnu\&.org/licenses/\&.




'\" t
.\"     Title: tdbbackup
.\"    Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
.\"      Date: 2015-04-25
.\"    Manual: System Administration tools
.\"    Source: Samba 3.6
.\"  Language: English
.\"
.TH "TDBBACKUP" "8" "2015\-04\-25" "Samba 3\&.6" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
tdbbackup \- tool for backing up and for validating the integrity of samba \&.tdb files
.SH "SYNOPSIS"
.HP \w'\fBtdbbackup\fR\ 'u
\fBtdbbackup\fR [\-s\ suffix] [\-v] [\-h] [\-l]
.SH "DESCRIPTION"
.PP
This tool is part of the
\fBsamba\fR(1)
suite\&.
.PP
\fBtdbbackup\fR
is a tool that may be used to backup samba \&.tdb files\&. This tool may also be used to verify the integrity of the \&.tdb files prior to samba startup or during normal operation\&. If it finds file damage and it finds a prior backup the backup file will be restored\&.
.SH "OPTIONS"
.PP
\-h
.RS 4
Get help information\&.
.RE
.PP
\-s suffix
.RS 4
The
\fB\-s\fR
option allows the administrator to specify a file backup extension\&. This way it is possible to keep a history of tdb backup files by using a new suffix for each backup\&.
.RE
.PP
\-v
.RS 4
The
\fB\-v\fR
will check the database for damages (corrupt data) which if detected causes the backup to be restored\&.
.RE
.PP
\-l
.RS 4
This options disables any locking, by passing TDB_NOLOCK to tdb_open_ex()\&. Only use this for database files which are not used by any other process! And also only if it is otherwise not possible to open the database, e\&.g\&. databases which were created with mutex locking\&.
.RE
.SH "COMMANDS"
.PP
\fIGENERAL INFORMATION\fR
.PP
The
\fBtdbbackup\fR
utility can safely be run at any time\&. It was designed so that it can be used at any time to validate the integrity of tdb files, even during Samba operation\&. Typical usage for the command will be:
.PP
tdbbackup [\-s suffix] *\&.tdb
.PP
Before restarting samba the following command may be run to validate \&.tdb files:
.PP
tdbbackup \-v [\-s suffix] *\&.tdb
.PP
Samba \&.tdb files are stored in various locations, be sure to run backup all \&.tdb file on the system\&. Important files includes:
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}

\fBsecrets\&.tdb\fR
\- usual location is in the /usr/local/samba/private directory, or on some systems in /etc/samba\&.
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}

\fBpassdb\&.tdb\fR
\- usual location is in the /usr/local/samba/private directory, or on some systems in /etc/samba\&.
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}

\fB*\&.tdb\fR
located in the /usr/local/samba/var directory or on some systems in the /var/cache or /var/lib/samba directories\&.
.RE
.SH "VERSION"
.PP
This man page is correct for version 3 of the Samba suite\&.
.SH "AUTHOR"
.PP
The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
.PP
The tdbbackup man page was written by John H Terpstra\&.




'\" t
.\"     Title: tdbdump
.\"    Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
.\"      Date: 2015-04-25
.\"    Manual: System Administration tools
.\"    Source: Samba 3.6
.\"  Language: English
.\"
.TH "TDBDUMP" "8" "2015\-04\-25" "Samba 3\&.6" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
tdbdump \- tool for printing the contents of a TDB file
.SH "SYNOPSIS"
.HP \w'\fBtdbdump\fR\ 'u
\fBtdbdump\fR [\-k\ \fIkeyname\fR] [\-e] [\-h] {filename}
.SH "DESCRIPTION"
.PP
This tool is part of the
\fBsamba\fR(1)
suite\&.
.PP
\fBtdbdump\fR
is a very simple utility that \*(Aqdumps\*(Aq the contents of a TDB (Trivial DataBase) file to standard output in a human\-readable format\&.
.PP
This tool can be used when debugging problems with TDB files\&. It is intended for those who are somewhat familiar with Samba internals\&.
.SH "OPTIONS"
.PP
\-h
.RS 4
Get help information\&.
.RE
.PP
\-k \fIkeyname\fR
.RS 4
The
\fB\-k\fR
option restricts dumping to a single key, if found\&.
.RE
.PP
\-e
.RS 4
The
\fB\-e\fR
tries to dump out from a corrupt database\&. Naturally, such a dump is unreliable, at best\&.
.RE
.SH "VERSION"
.PP
This man page is correct for version 3 of the Samba suite\&.
.SH "AUTHOR"
.PP
The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
.PP
The tdbdump man page was written by Jelmer Vernooij\&.




'\" t
.\"     Title: tdbrestore
.\"    Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
.\"      Date: 2015-04-25
.\"    Manual: System Administration tools
.\"    Source: Samba 3.6
.\"  Language: English
.\"
.TH "TDBRESTORE" "8" "2015\-04\-25" "Samba 3\&.6" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
tdbrestore \- tool for creating a TDB file out of a tdbdump output
.SH "SYNOPSIS"
.HP \w'\fBtdbrestore\fR\ 'u
\fBtdbrestore\fR {tdbfilename}
.SH "DESCRIPTION"
.PP
This tool is part of the
\fBsamba\fR(1)
suite\&.
.PP
\fBtdbrestore\fR
is a very simple utility that \*(Aqrestores\*(Aq the contents of dump file into TDB (Trivial DataBase) file\&. The dump file is obtained from the tdbdump command\&.
.PP
This tool wait on the standard input for the content of the dump and will write the tdb in the tdbfilename parameter\&.
.PP
This tool can be used for unpacking the content of tdb as backup mean\&.
.SH "VERSION"
.PP
This man page is correct for version 3 of the Samba suite\&.
.SH "AUTHOR"
.PP
The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&. This tool was initially written by Volker Lendecke based on an idea by Simon McVittie\&.
.PP
The tdbrestore man page was written by Matthieu Patou\&.




'\" t
.\"     Title: tdbtool
.\"    Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
.\"      Date: 2015-04-25
.\"    Manual: System Administration tools
.\"    Source: Samba 4.0
.\"  Language: English
.\"
.TH "TDBTOOL" "8" "2015\-04\-25" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
tdbtool \- manipulate the contents TDB files
.SH "SYNOPSIS"
.HP \w'\fBtdbtool\fR\ 'u
\fBtdbtool\fR
.HP \w'\fBtdbtool\fR\ 'u
\fBtdbtool\fR [\-l] \fITDBFILE\fR [\fICOMMANDS\fR...]
.SH "DESCRIPTION"
.PP
This tool is part of the
\fBsamba\fR(1)
suite\&.
.PP
\fBtdbtool\fR
a tool for displaying and altering the contents of Samba TDB (Trivial DataBase) files\&. Each of the commands listed below can be entered interactively or provided on the command line\&.
.SH "OPTIONS"
.PP
\-l
.RS 4
This options disables any locking, by passing TDB_NOLOCK to tdb_open_ex()\&. Only use this for database files which are not used by any other process! And also only if it is otherwise not possible to open the database, e\&.g\&. databases which were created with mutex locking\&.
.RE
.SH "COMMANDS"
.PP
\fBcreate\fR \fITDBFILE\fR
.RS 4
Create a new database named
\fITDBFILE\fR\&.
.RE
.PP
\fBopen\fR \fITDBFILE\fR
.RS 4
Open an existing database named
\fITDBFILE\fR\&.
.RE
.PP
\fBerase\fR
.RS 4
Erase the current database\&.
.RE
.PP
\fBdump\fR
.RS 4
Dump the current database as strings\&.
.RE
.PP
\fBcdump\fR
.RS 4
Dump the current database as connection records\&.
.RE
.PP
\fBkeys\fR
.RS 4
Dump the current database keys as strings\&.
.RE
.PP
\fBhexkeys\fR
.RS 4
Dump the current database keys as hex values\&.
.RE
.PP
\fBinfo\fR
.RS 4
Print summary information about the current database\&.
.RE
.PP
\fBinsert\fR \fIKEY\fR \fIDATA\fR
.RS 4
Insert a record into the current database\&.
.RE
.PP
\fBmove\fR \fIKEY\fR \fITDBFILE\fR
.RS 4
Move a record from the current database into
\fITDBFILE\fR\&.
.RE
.PP
\fBstore\fR \fIKEY\fR \fIDATA\fR
.RS 4
Store (replace) a record in the current database\&.
.RE
.PP
\fBshow\fR \fIKEY\fR
.RS 4
Show a record by key\&.
.RE
.PP
\fBdelete\fR \fIKEY\fR
.RS 4
Delete a record by key\&.
.RE
.PP
\fBlist\fR
.RS 4
Print the current database hash table and free list\&.
.RE
.PP
\fBfree\fR
.RS 4
Print the current database and free list\&.
.RE
.PP
\fB!\fR \fICOMMAND\fR
.RS 4
Execute the given system command\&.
.RE
.PP
\fBfirst\fR
.RS 4
Print the first record in the current database\&.
.RE
.PP
\fBnext\fR
.RS 4
Print the next record in the current database\&.
.RE
.PP
\fBcheck\fR
.RS 4
Check the integrity of the current database\&.
.RE
.PP
\fBrepack\fR
.RS 4
Repack a database using a temporary file to remove fragmentation\&.
.RE
.PP
\fBquit\fR
.RS 4
Exit
\fBtdbtool\fR\&.
.RE
.SH "CAVEATS"
.PP
The contents of the Samba TDB files are private to the implementation and should not be altered with
\fBtdbtool\fR\&.
.SH "VERSION"
.PP
This man page is correct for version 3\&.6 of the Samba suite\&.
.SH "AUTHOR"
.PP
The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.




'\" t
.\"     Title: vfs_freebsd
.\"    Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\"      Date: 06/24/2019
.\"    Manual: System Administration tools
.\"    Source: Samba 4.10.5
.\"  Language: English
.\"
.TH "VFS_FREEBSD" "8" "06/24/2019" "Samba 4\&.10\&.5" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
vfs_freebsd \- FreeBSD\-specific VFS functions
.SH "SYNOPSIS"
.HP \w'\ 'u
vfs objects = freebsd
.SH "DESCRIPTION"
.PP
This VFS module is part of the
\fBsamba\fR(7)
suite\&.
.PP
The
vfs_freebsd
module implements some of the FreeBSD\-specific VFS functions\&.
.PP
This module is stackable\&.
.SH "OPTIONS"
.PP
freebsd:extattr mode=[legacy|compat|secure]
.RS 4
This parameter defines how the emulation of the Linux attr(5) extended attributes is performed through the FreeBSD native extattr(9) system calls\&.
.sp
Currently the
\fIsecurity\fR,
\fIsystem\fR,
\fItrusted\fR
and
\fIuser\fR
extended attribute(xattr) classes are defined in Linux\&. Contrary FreeBSD has only
\fIUSER\fR
and
\fISYSTEM\fR
extended attribute(extattr) namespaces, so mapping of one set into another isn\*(Aqt straightforward and can be done in different ways\&.
.sp
Historically the Samba(7) built\-in xattr mapping implementation simply converted
\fIsystem\fR
and
\fIuser\fR
xattr into corresponding
\fISYSTEM\fR
and
\fIUSER\fR
extattr namespaces, dropping the class prefix name with the separating dot and using attribute name only within the mapped namespace\&. It also rejected any other xattr classes, like
\fIsecurity\fR
and
\fItrusted\fR
as invalid\&. Such behavior in particular broke AD provisioning on UFS2 file systems as essential
\fIsecurity\&.NTACL\fR
xattr was rejected as invalid\&.
.sp
This module tries to address this problem and provide secure, where it\*(Aqs possible, way to map Linux xattr into FreeBSD\*(Aqs extattr\&.
.sp
When
\fImode\fR
is set to the
\fIlegacy (default)\fR
then modified version of built\-in mapping is used, where
\fIsystem\fR
xattr is mapped into SYSTEM namespace, while
\fIsecure\fR,
\fItrusted\fR
and
\fIuser\fR
xattr are all mapped into the USER namespace, dropping class prefixes and mix them all together\&. This is the way how Samba FreeBSD ports were patched up to the 4\&.9 version and that created multiple potential security issues\&. This mode is aimed for the compatibility with the legacy installations only and should be avoided in new setups\&.
.sp
The
\fIcompat\fR
mode is mostly designed for the jailed environments, where it\*(Aqs not possible to write extattrs into the secure SYSTEM namespace, so all four classes are mapped into the USER namespace\&. To preserve information about origin of the extended attribute it is stored together with the class preffix in the
\fIclass\&.attribute\fR
format\&.
.sp
The
\fIsecure\fR
mode is meant for storing extended attributes in a secure manner, so that
\fIsecurity\fR,
\fIsystem\fR
and
\fItrusted\fR
are stored in the SYSTEM namespace, which can be modified only by root\&.
.RE
.SH ""
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.B Table\ \&1.\ \&Attributes mapping
.TS
allbox tab(:);
lB lB lB lB lB.
T{

T}:T{
built\-in
T}:T{
legacy
T}:T{
compat/jail
T}:T{
secure
T}
.T&
lB l l l l
lB l l l l
lB l l l l
lB l l l l.
T{
user
T}:T{
USER; attribute
T}:T{
USER; attribute
T}:T{
USER; user\&.attribute
T}:T{
USER; user\&.attribute
T}
T{
system
T}:T{
SYSTEM; attribute
T}:T{
SYSTEM; attribute
T}:T{
USER; system\&.attribute
T}:T{
SYSTEM; system\&.attribute
T}
T{
trusted
T}:T{
FAIL
T}:T{
USER; attribute
T}:T{
USER; trusted\&.attribute
T}:T{
SYSTEM; trusted\&.attribute
T}
T{
security
T}:T{
FAIL
T}:T{
USER; attribute
T}:T{
USER; security\&.attribute
T}:T{
SYSTEM; security\&.attribute
T}
.TE
.sp 1
.SH "EXAMPLES"
.PP
Use secure method of setting extended attributes on the share:
.sp
.if n \{\
.RS 4
.\}
.nf
	\fI[sysvol]\fR
	\m[blue]\fBvfs objects = freebsd\fR\m[]
	\m[blue]\fBfreebsd:extattr mode = secure\fR\m[]
.fi
.if n \{\
.RE
.\}
.SH "VERSION"
.PP
This man page is part of version 4\&.10\&.5 of the Samba suite\&.
.SH "AUTHOR"
.PP
The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
.PP
This module was written by Timur I\&. Bakeyev




[
{ type: install
  message: <<EOM
How to start: http://wiki.samba.org/index.php/Samba4/HOWTO

* Your configuration is: %%SAMBA4_CONFDIR%%/%%SAMBA4_CONFIG%%

* All the relevant databases are under: %%SAMBA4_LOCKDIR%%

* All the logs are under: %%SAMBA4_LOGDIR%%

%%AD_DC%%* Provisioning script is: %%PREFIX%%/bin/samba-tool
%%AD_DC%%
%%NSUPDATE%%You will need to specify location of the 'nsupdate' command in the
%%NSUPDATE%%%%SAMBA4_CONFIG%% file:
%%NSUPDATE%%
%%NSUPDATE%%      nsupdate command = %%PREFIX%%/bin/samba-nsupdate -g
%%NSUPDATE%%
For additional documentation check: http://wiki.samba.org/index.php/Samba4

Bug reports should go to the: https://bugzilla.samba.org/
EOM
}
]




#!/bin/sh

# PROVIDE: samba_server
# REQUIRE: NETWORKING SERVERS DAEMON ldconfig resolv ntpd %%SAMBA4_SERVICES%%
# BEFORE: LOGIN
# KEYWORD: shutdown
#
# Add the following lines to /etc/rc.conf.local or /etc/rc.conf
# to enable this service:
#
#samba_server_enable="YES"
#
# You can disable/enable any of the Samba daemons by specifying:
#samba_enable="NO"
#nmbd_enable="NO"
#smbd_enable="NO"
# You need to enable winbindd separately, by adding:
#winbindd_enable="YES"
# Configuration file can be set with:
#samba_server_config="%%SAMBA4_CONFDIR%%/%%SAMBA4_CONFIG%%"
#

. /etc/rc.subr

name="samba_server"
rcvar=${name}_enable
# Defaults
samba_server_config_default="%%SAMBA4_CONFDIR%%/%%SAMBA4_CONFIG%%"
smbcontrol_command="%%PREFIX%%/bin/smbcontrol"
# Custom commands
extra_commands="reload status configtest"

start_precmd="samba_server_prestart"
restart_precmd="samba_server_checkconfig"
reload_precmd="samba_server_checkconfig"
start_cmd="samba_server_cmd"
stop_cmd="samba_server_cmd"
status_cmd="samba_server_cmd"
configtest_cmd="samba_server_checkconfig"
reload_cmd="samba_server_reload_cmd"
rcvar_cmd="samba_server_rcvar_cmd"

samba_server_checkconfig() {
    echo -n "Performing sanity check on Samba configuration: "
    if ${testparm_command} >/dev/null 2>&1; then
	echo "OK"
    else
	echo "FAILED"
	return 1
    fi
}

samba_server_prestart() {
    # Make sure we have our RUNDIR, even if it's on a tmpfs
    if [ -d "${samba_server_piddir}" -o ! -e "${samba_server_piddir}" ]; then
	install -d -m 0755 "${samba_server_piddir}"
    fi
    # https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=200186
    if [ -d "${samba_server_privatedir}" -o ! -e "${samba_server_privatedir}" ]; then
	install -d -m 0700 "${samba_server_privatedir}"
    fi
    samba_server_checkconfig
}

samba_server_rcvar_cmd() {
    local name rcvar
    rcvar=${name}_enable
    # Prevent recursive calling
    unset "${rc_arg}_cmd" "${rc_arg}_precmd" "${rc_arg}_postcmd"
    # Check master variable
    run_rc_command "${_rc_prefix}${rc_arg}" ${rc_extra_args}
    # Check dependent variables
    for name in ${samba_daemons}; do
	# XXX
	rcvars=''; v=''
	rcvar=${name}_enable
	run_rc_command "${_rc_prefix}${rc_arg}" ${rc_extra_args}
    done
}

samba_server_reload_cmd() {
    local name rcvar command pidfile force_run
    # Prevent recursive calling
    unset "${rc_arg}_cmd" "${rc_arg}_precmd" "${rc_arg}_postcmd"
    # Ignore rcvar and run command
    if [ -n "${_rc_prefix}" -a "${_rc_prefix}" = "one" ] || [ -n "${rc_force}" ] || [ -n "${rc_fast}" ]; then
	force_run=yes
    fi
    # Apply to all daemons
    for name in ${samba_daemons}; do
	rcvar=${name}_enable
	command="%%PREFIX%%/sbin/${name}"
	pidfile="${samba_server_piddir}/${name}.pid"
	# Daemon should be enabled and running
	if ( [ -n "${rcvar}" ] && checkyesno "${rcvar}" ) || [ -n "$force_run" ]; then
	    if [ -n "$(check_pidfile "${pidfile}" "${command}")" ]; then
		debug "reloading ${name} configuration"
		echo "Reloading ${name}."
		${smbcontrol_command} "${name}" 'reload-config' ${command_args} >/dev/null 2>&1
	    fi
	fi
    done
}

samba_server_cmd() {
    local name rcvar rcvars v command pidfile samba_daemons result force_run
    # Prevent recursive calling
    unset "${rc_arg}_cmd" "${rc_arg}_precmd" "${rc_arg}_postcmd"
    # Stop processes in the reverse order
    if [ "${rc_arg}" = "stop" ] ; then
	samba_daemons=$(reverse_list ${samba_daemons})
    fi
    # Ignore rcvar and run command
    if [ -n "${_rc_prefix}" -a "${_rc_prefix}" = "one" ] || [ -n "${rc_force}" ] || [ -n "${rc_fast}" ]; then
	force_run=yes
    fi
    # Assume success
    result=0
    # Apply to all daemons
    for name in ${samba_daemons}; do
	# XXX
	rcvars=''; v=''
	rcvar=${name}_enable
	command="%%PREFIX%%/sbin/${name}"
	pidfile="${samba_server_piddir}/${name}.pid"
	# Daemon should be enabled and running
	if ( [ -n "${rcvar}" ] && checkyesno "${rcvar}" ) || [ -n "$force_run" ]; then
	    run_rc_command "${_rc_prefix}${rc_arg}" ${rc_extra_args}
	    # If any of the commands failed, take it as a global result
	    result=$((${result} || $?))
	fi
    done
    return ${result}
}

samba_server_config_init() {
    local name
    # Load configuration
    load_rc_config "${name}"
    # Defaults
    samba_server_enable=${samba_server_enable:=NO}
    samba_server_config=${samba_server_config=${samba_server_config_default}}
    samba_server_configfile_arg=${samba_server_config:+--configfile="${samba_server_config}"}			#"
    #testparm_command="%%PREFIX%%/bin/samba-tool testparm --suppress-prompt --verbose ${samba_server_configfile_arg}"
    testparm_command="%%PREFIX%%/bin/testparm --suppress-prompt --verbose ${samba_server_config}"
    # Determine what daemons are necessary to run Samba in the current role
    samba_server_role=$(${testparm_command} --parameter-name='server role' 2>/dev/null)
    case "${samba_server_role}" in
	active\ directory\ domain\ controller)
	    samba_daemons="samba"
	    ;;
	auto|*)
	    samba_daemons="nmbd smbd winbindd"
	    ;;
    esac
    # Load daemons configuration
    for name in ${samba_daemons}; do
	load_rc_config "${name}"
	# If samba_server_enable is 'YES'
	if [ -n "${rcvar}" ] && checkyesno "${rcvar}"; then
	    if [ "${name}" != "winbindd" ]; then
		# Set variable to 'YES' only if it is unset
		eval ${name}_enable=\${${name}_enable-YES}
	    else
		# Winbindd
		samba_server_idmap=$(${testparm_command} --parameter-name='idmap uid' 2>/dev/null)
		if [ -n "${samba_server_idmap}" ]; then
		    winbindd_enable="YES"
		fi
	    fi
	fi
	# If variable is empty, set it to 'NO'
	eval ${name}_enable=\${${name}_enable:-NO}
    done
    # Fetch parameters from configuration file
    samba_server_lockdir="$(${testparm_command} --parameter-name='lock directory' 2>/dev/null)"
    samba_server_lockdir=${samba_server_lockdir:=%%SAMBA4_LOCKDIR%%}
    samba_server_piddir="$(${testparm_command} --parameter-name='pid directory' 2>/dev/null)"
    samba_server_piddir=${samba_server_piddir:=%%SAMBA4_RUNDIR%%}
    samba_server_privatedir="$(${testparm_command} --parameter-name='private dir' 2>/dev/null)"
    samba_server_privatedir=${samba_server_privatedir:=%%SAMBA4_PRIVATEDIR%%}
}

# Load configuration variables
samba_server_config_init
# Common flags
command_args=${samba_server_configfile_arg}
samba_flags=${samba_flags="--daemon"}
nmbd_flags=${nmbd_flags="--daemon"}
smbd_flags=${smbd_flags="--daemon"}
winbindd_flags=${winbindd_flags="--daemon"}
# Requirements
required_files="${samba_server_config}"
required_dirs="${samba_server_lockdir}"

run_rc_command "$1"

Added Link Here

(-)b/net/samba415/pkg-descr (+8 lines)
1	Samba4 is an attempt to implement an Active Directory compatible Domain
2	Controller.
3
4	In short, you can join a WinNT, Win2000, WinXP or Win 2003 - 2016 member
5	server to a Samba4 domain, and it will behave much as it does in AD,
6	including Kerberos domain logins where applicable.
7
8	WWW: https://www.samba.org/




bin/cifsdd
bin/dbwrap_tool
bin/dumpmscat
bin/findsmb
bin/gentest
bin/locktest
bin/masktest
bin/mdfind
bin/mvxattr
bin/ndrdump
bin/net
bin/nmblookup
bin/ntlm_auth
bin/oLschema2ldif
bin/pdbedit
bin/profiles
bin/regdiff
bin/regpatch
bin/regshell
bin/regtree
bin/rpcclient
bin/samba-regedit
bin/sharesec
bin/smbcacls
bin/smbclient
bin/smbcontrol
bin/smbcquotas
bin/smbget
bin/smbpasswd
bin/smbspool
bin/smbstatus
bin/smbtar
bin/smbtree
bin/testparm
bin/vfstest
bin/wbinfo
sbin/eventlogadm
sbin/nmbd
sbin/smbd
sbin/winbindd
include/samba4/charset.h
include/samba4/core/doserr.h
include/samba4/core/error.h
include/samba4/core/hresult.h
include/samba4/core/ntstatus_gen.h
include/samba4/core/ntstatus.h
include/samba4/core/werror_gen.h
include/samba4/core/werror.h
include/samba4/credentials.h
include/samba4/dcerpc.h
include/samba4/dcesrv_core.h
%%LDAP%%include/samba4/smb_ldap.h
%%LDAP%%include/samba4/smbldap.h
include/samba4/domain_credentials.h
include/samba4/gen_ndr/atsvc.h
include/samba4/gen_ndr/auth.h
include/samba4/gen_ndr/dcerpc.h
include/samba4/gen_ndr/drsblobs.h
include/samba4/gen_ndr/drsuapi.h
include/samba4/gen_ndr/krb5pac.h
include/samba4/gen_ndr/lsa.h
include/samba4/gen_ndr/misc.h
include/samba4/gen_ndr/nbt.h
include/samba4/gen_ndr/ndr_atsvc.h
include/samba4/gen_ndr/ndr_dcerpc.h
include/samba4/gen_ndr/ndr_drsblobs.h
include/samba4/gen_ndr/ndr_drsuapi.h
include/samba4/gen_ndr/ndr_krb5pac.h
include/samba4/gen_ndr/ndr_misc.h
include/samba4/gen_ndr/ndr_nbt.h
include/samba4/gen_ndr/ndr_samr_c.h
include/samba4/gen_ndr/ndr_samr.h
include/samba4/gen_ndr/ndr_svcctl_c.h
include/samba4/gen_ndr/ndr_svcctl.h
include/samba4/gen_ndr/netlogon.h
include/samba4/gen_ndr/samr.h
include/samba4/gen_ndr/security.h
include/samba4/gen_ndr/server_id.h
include/samba4/gen_ndr/svcctl.h
include/samba4/ldb_wrap.h
include/samba4/libsmbclient.h
include/samba4/lookup_sid.h
include/samba4/machine_sid.h
include/samba4/ndr.h
include/samba4/ndr/ndr_dcerpc.h
include/samba4/ndr/ndr_drsblobs.h
include/samba4/ndr/ndr_drsuapi.h
include/samba4/ndr/ndr_krb5pac.h
include/samba4/ndr/ndr_nbt.h
include/samba4/ndr/ndr_svcctl.h
include/samba4/netapi.h
include/samba4/param.h
include/samba4/passdb.h
include/samba4/rpc_common.h
include/samba4/samba/session.h
include/samba4/samba/version.h
include/samba4/share.h
include/samba4/smb2_lease_struct.h
include/samba4/smbconf.h
include/samba4/tdr.h
include/samba4/tsocket_internal.h
include/samba4/tsocket.h
include/samba4/util_ldb.h
include/samba4/util/attr.h
include/samba4/util/blocking.h
include/samba4/util/data_blob.h
include/samba4/util/debug.h
include/samba4/util/discard.h
include/samba4/util/fault.h
include/samba4/util/genrand.h
include/samba4/util/idtree_random.h
include/samba4/util/idtree.h
include/samba4/util/signal.h
include/samba4/util/string_wrappers.h
include/samba4/util/substitute.h
include/samba4/util/tevent_ntstatus.h
include/samba4/util/tevent_unix.h
include/samba4/util/tevent_werror.h
include/samba4/util/tfork.h
include/samba4/util/time.h
include/samba4/wbclient.h
@dir include/samba4/util
@dir include/samba4/samba
@dir include/samba4/ndr
@dir include/samba4/gen_ndr
@dir include/samba4/core
@dir include/samba4
%%SAMBA4_LIBDIR%%/libdcerpc-binding.so
%%SAMBA4_LIBDIR%%/libdcerpc-binding.so.0
%%SAMBA4_LIBDIR%%/libdcerpc-samr.so
%%SAMBA4_LIBDIR%%/libdcerpc-samr.so.0
%%SAMBA4_LIBDIR%%/libdcerpc-server-core.so
%%SAMBA4_LIBDIR%%/libdcerpc-server-core.so.0
%%SAMBA4_LIBDIR%%/libdcerpc.so
%%SAMBA4_LIBDIR%%/libdcerpc.so.0
%%SAMBA4_LIBDIR%%/libndr-krb5pac.so
%%SAMBA4_LIBDIR%%/libndr-krb5pac.so.0
%%SAMBA4_LIBDIR%%/libndr-nbt.so
%%SAMBA4_LIBDIR%%/libndr-nbt.so.0
%%SAMBA4_LIBDIR%%/libndr-standard.so
%%SAMBA4_LIBDIR%%/libndr-standard.so.0
%%SAMBA4_LIBDIR%%/libndr.so
%%SAMBA4_LIBDIR%%/libndr.so.1
%%SAMBA4_LIBDIR%%/libnetapi.so
%%SAMBA4_LIBDIR%%/libnetapi.so.0
%%SAMBA4_LIBDIR%%/libsamba-credentials.so
%%SAMBA4_LIBDIR%%/libsamba-credentials.so.0
%%SAMBA4_LIBDIR%%/libsamba-errors.so
%%SAMBA4_LIBDIR%%/libsamba-errors.so.1
%%SAMBA4_LIBDIR%%/libsamba-hostconfig.so
%%SAMBA4_LIBDIR%%/libsamba-hostconfig.so.0
%%SAMBA4_LIBDIR%%/libsamba-passdb.so
%%SAMBA4_LIBDIR%%/libsamba-passdb.so.0
%%SAMBA4_LIBDIR%%/libsamba-util.so
%%SAMBA4_LIBDIR%%/libsamba-util.so.0
%%SAMBA4_LIBDIR%%/libsamdb.so
%%SAMBA4_LIBDIR%%/libsamdb.so.0
%%SAMBA4_LIBDIR%%/libsmbclient.so
%%SAMBA4_LIBDIR%%/libsmbclient.so.0
%%SAMBA4_LIBDIR%%/libsmbconf.so
%%SAMBA4_LIBDIR%%/libsmbconf.so.0
%%LDAP%%%%SAMBA4_LIBDIR%%/libsmbldap.so
%%LDAP%%%%SAMBA4_LIBDIR%%/libsmbldap.so.2
%%SAMBA4_LIBDIR%%/libtevent-util.so
%%SAMBA4_LIBDIR%%/libtevent-util.so.0
%%SAMBA4_LIBDIR%%/libwbclient.so
%%SAMBA4_LIBDIR%%/libwbclient.so.0
lib/nss_winbind.so.1
lib/nss_wins.so.1
lib/pam_winbind.so
%%CUPS%%libexec/samba/smbspool_krb5_wrapper
%%SAMBA4_LIBDIR%%/private/libCHARSET3-samba4.so
%%SAMBA4_LIBDIR%%/private/libLIBWBCLIENT-OLD-samba4.so
%%SAMBA4_LIBDIR%%/private/libMESSAGING-samba4.so
%%SAMBA4_LIBDIR%%/private/libMESSAGING-SEND-samba4.so
%%SAMBA4_LIBDIR%%/private/libaddns-samba4.so
%%SAMBA4_LIBDIR%%/private/libads-samba4.so
%%GSSAPI_BUILTIN%%%%SAMBA4_LIBDIR%%/private/libasn1-samba4.so.8
%%SAMBA4_LIBDIR%%/private/libasn1util-samba4.so
%%SAMBA4_LIBDIR%%/private/libauth-samba4.so
%%SAMBA4_LIBDIR%%/private/libauth-unix-token-samba4.so
%%SAMBA4_LIBDIR%%/private/libauth4-samba4.so
%%SAMBA4_LIBDIR%%/private/libauthkrb5-samba4.so
%%SAMBA4_LIBDIR%%/private/libcli-cldap-samba4.so
%%SAMBA4_LIBDIR%%/private/libcli-ldap-common-samba4.so
%%SAMBA4_LIBDIR%%/private/libcli-ldap-samba4.so
%%SAMBA4_LIBDIR%%/private/libcli-nbt-samba4.so
%%SAMBA4_LIBDIR%%/private/libcli-smb-common-samba4.so
%%SAMBA4_LIBDIR%%/private/libclidns-samba4.so
%%SAMBA4_LIBDIR%%/private/libcli-spoolss-samba4.so
%%SAMBA4_LIBDIR%%/private/libcliauth-samba4.so
%%SAMBA4_LIBDIR%%/private/libcluster-samba4.so
%%SAMBA4_LIBDIR%%/private/libcmdline-contexts-samba4.so
%%SAMBA4_LIBDIR%%/private/libcmdline-credentials-samba4.so
%%GSSAPI_BUILTIN%%%%SAMBA4_LIBDIR%%/private/libcom_err-samba4.so.0
%%SAMBA4_LIBDIR%%/private/libcommon-auth-samba4.so
%%SAMBA4_LIBDIR%%/private/libdbwrap-samba4.so
%%SAMBA4_LIBDIR%%/private/libdcerpc-pkt-auth-samba4.so
%%SAMBA4_LIBDIR%%/private/libdcerpc-samba-samba4.so
%%SAMBA4_LIBDIR%%/private/libdcerpc-samba4.so
%%SAMBA4_LIBDIR%%/private/libdsdb-module-samba4.so
%%SAMBA4_LIBDIR%%/private/libevents-samba4.so
%%SAMBA4_LIBDIR%%/private/libflag-mapping-samba4.so
%%SAMBA4_LIBDIR%%/private/libgenrand-samba4.so
%%SAMBA4_LIBDIR%%/private/libgensec-samba4.so
%%SAMBA4_LIBDIR%%/private/libgpext-samba4.so
%%SAMBA4_LIBDIR%%/private/libgpo-samba4.so
%%SAMBA4_LIBDIR%%/private/libgse-samba4.so
%%GSSAPI_BUILTIN%%%%SAMBA4_LIBDIR%%/private/libgssapi-samba4.so.2
%%GSSAPI_BUILTIN%%%%SAMBA4_LIBDIR%%/private/libhcrypto-samba4.so.5
%%GSSAPI_BUILTIN%%%%SAMBA4_LIBDIR%%/private/libhdb-samba4.so.11
%%GSSAPI_BUILTIN%%%%SAMBA4_LIBDIR%%/private/libheimbase-samba4.so.1
%%GSSAPI_BUILTIN%%%%SAMBA4_LIBDIR%%/private/libheimntlm-samba4.so.1
%%SAMBA4_LIBDIR%%/private/libhttp-samba4.so
%%GSSAPI_BUILTIN%%%%SAMBA4_LIBDIR%%/private/libhx509-samba4.so.5
%%SAMBA4_LIBDIR%%/private/libidmap-samba4.so
%%SAMBA4_LIBDIR%%/private/libinterfaces-samba4.so
%%SAMBA4_LIBDIR%%/private/libiov-buf-samba4.so
%%GSSAPI_BUILTIN%%%%SAMBA4_LIBDIR%%/private/libkdc-samba4.so.2
%%GSSAPI_BUILTIN%%%%SAMBA4_LIBDIR%%/private/libkrb5-samba4.so.26
%%SAMBA4_LIBDIR%%/private/libkrb5samba-samba4.so
%%SAMBA4_LIBDIR%%/private/libldbsamba-samba4.so
%%SAMBA4_LIBDIR%%/private/liblibcli-lsa3-samba4.so
%%SAMBA4_LIBDIR%%/private/liblibcli-netlogon3-samba4.so
%%SAMBA4_LIBDIR%%/private/liblibsmb-samba4.so
%%SAMBA4_LIBDIR%%/private/libmessages-dgm-samba4.so
%%SAMBA4_LIBDIR%%/private/libmessages-util-samba4.so
%%SAMBA4_LIBDIR%%/private/libmscat-samba4.so
%%SAMBA4_LIBDIR%%/private/libmsghdr-samba4.so
%%SAMBA4_LIBDIR%%/private/libmsrpc3-samba4.so
%%SAMBA4_LIBDIR%%/private/libndr-samba-samba4.so
%%SAMBA4_LIBDIR%%/private/libndr-samba4.so
%%SAMBA4_LIBDIR%%/private/libnet-keytab-samba4.so
%%SAMBA4_LIBDIR%%/private/libnetif-samba4.so
%%SAMBA4_LIBDIR%%/private/libnpa-tstream-samba4.so
%%SAMBA4_LIBDIR%%/private/libnss-info-samba4.so
%%SAMBA4_LIBDIR%%/private/libpopt-samba3-cmdline-samba4.so
%%SAMBA4_LIBDIR%%/private/libpopt-samba3-samba4.so
%%SAMBA4_LIBDIR%%/private/libposix-eadb-samba4.so
%%SAMBA4_LIBDIR%%/private/libprinter-driver-samba4.so
%%SAMBA4_LIBDIR%%/private/libprinting-migrate-samba4.so
%%SAMBA4_LIBDIR%%/private/libregistry-samba4.so
%%SAMBA4_LIBDIR%%/private/libreplace-samba4.so
%%GSSAPI_BUILTIN%%%%SAMBA4_LIBDIR%%/private/libroken-samba4.so.19
%%SAMBA4_LIBDIR%%/private/libsamba-cluster-support-samba4.so
%%SAMBA4_LIBDIR%%/private/libsamba-debug-samba4.so
%%SAMBA4_LIBDIR%%/private/libsamba-modules-samba4.so
%%SAMBA4_LIBDIR%%/private/libsamba-security-samba4.so
%%SAMBA4_LIBDIR%%/private/libsamba-sockets-samba4.so
%%SAMBA4_LIBDIR%%/private/libsamba3-util-samba4.so
%%SAMBA4_LIBDIR%%/private/libsamdb-common-samba4.so
%%SAMBA4_LIBDIR%%/private/libsecrets3-samba4.so
%%SAMBA4_LIBDIR%%/private/libserver-id-db-samba4.so
%%SAMBA4_LIBDIR%%/private/libserver-role-samba4.so
%%SAMBA4_LIBDIR%%/private/libshares-samba4.so
%%SAMBA4_LIBDIR%%/private/libsmb-transport-samba4.so
%%SAMBA4_LIBDIR%%/private/libsmbclient-raw-samba4.so
%%SAMBA4_LIBDIR%%/private/libsmbd-base-samba4.so
%%SAMBA4_LIBDIR%%/private/libsmbd-shim-samba4.so
%%LDAP%%%%SAMBA4_LIBDIR%%/private/libsmbldaphelper-samba4.so
%%SAMBA4_LIBDIR%%/private/libsmbpasswdparser-samba4.so
%%SAMBA4_LIBDIR%%/private/libsocket-blocking-samba4.so
%%SAMBA4_LIBDIR%%/private/libsys-rw-samba4.so
%%SAMBA4_LIBDIR%%/private/libtalloc-report-printf-samba4.so
%%SAMBA4_LIBDIR%%/private/libtalloc-report-samba4.so
%%SAMBA4_LIBDIR%%/private/libtdb-wrap-samba4.so
%%SAMBA4_LIBDIR%%/private/libtime-basic-samba4.so
%%SAMBA4_LIBDIR%%/private/libtorture-samba4.so
%%SAMBA4_LIBDIR%%/private/libtrusts-util-samba4.so
%%SAMBA4_LIBDIR%%/private/libutil-cmdline-samba4.so
%%SAMBA4_LIBDIR%%/private/libutil-reg-samba4.so
%%SAMBA4_LIBDIR%%/private/libutil-setid-samba4.so
%%SAMBA4_LIBDIR%%/private/libutil-tdb-samba4.so
%%SAMBA4_LIBDIR%%/private/libwinbind-client-samba4.so
%%GSSAPI_BUILTIN%%%%SAMBA4_LIBDIR%%/private/libwind-samba4.so.0
%%SAMBA4_LIBDIR%%/private/libxattr-tdb-samba4.so
@dir %%SAMBA4_LIBDIR%%/private
@dir %%SAMBA4_LIBDIR%%
%%PKGCONFIGDIR%%/dcerpc.pc
%%PKGCONFIGDIR%%/dcerpc_samr.pc
%%PKGCONFIGDIR%%/ndr.pc
%%PKGCONFIGDIR%%/ndr_krb5pac.pc
%%PKGCONFIGDIR%%/ndr_nbt.pc
%%PKGCONFIGDIR%%/ndr_standard.pc
%%PKGCONFIGDIR%%/netapi.pc
%%PKGCONFIGDIR%%/samba-credentials.pc
%%PKGCONFIGDIR%%/samba-hostconfig.pc
%%PKGCONFIGDIR%%/samba-util.pc
%%PKGCONFIGDIR%%/samdb.pc
%%PKGCONFIGDIR%%/smbclient.pc
%%PKGCONFIGDIR%%/wbclient.pc
@comment Setup files
%%SPOTLIGHT%%%%DATADIR%%/samba/mdssvc/elasticsearch_mappings.json
@comment Man pages
man/man1/dbwrap_tool.1.gz
man/man1/findsmb.1.gz
man/man1/gentest.1.gz
man/man1/locktest.1.gz
man/man1/log2pcap.1.gz
man/man1/masktest.1.gz
man/man1/mdfind.1.gz
man/man1/mvxattr.1.gz
man/man1/ndrdump.1.gz
man/man1/nmblookup.1.gz
man/man1/ntlm_auth.1.gz
man/man1/oLschema2ldif.1.gz
man/man1/profiles.1.gz
man/man1/regdiff.1.gz
man/man1/regpatch.1.gz
man/man1/regshell.1.gz
man/man1/regtree.1.gz
man/man1/rpcclient.1.gz
man/man1/sharesec.1.gz
man/man1/smbcacls.1.gz
man/man1/smbclient.1.gz
man/man1/smbcontrol.1.gz
man/man1/smbcquotas.1.gz
man/man1/smbget.1.gz
man/man1/smbstatus.1.gz
man/man1/smbtar.1.gz
man/man1/smbtree.1.gz
man/man1/testparm.1.gz
man/man1/vfstest.1.gz
man/man1/wbinfo.1.gz
man/man5/lmhosts.5.gz
man/man5/pam_winbind.conf.5.gz
man/man5/smb.conf.5.gz
man/man5/smb4.conf.5.gz
man/man5/smbgetrc.5.gz
man/man5/smbpasswd.5.gz
man/man7/libsmbclient.7.gz
man/man7/samba.7.gz
man/man7/traffic_learner.7.gz
man/man7/traffic_replay.7.gz
man/man8/cifsdd.8.gz
man/man8/eventlogadm.8.gz
man/man8/idmap_ad.8.gz
man/man8/idmap_autorid.8.gz
man/man8/idmap_hash.8.gz
man/man8/idmap_ldap.8.gz
man/man8/idmap_nss.8.gz
man/man8/idmap_rfc2307.8.gz
man/man8/idmap_rid.8.gz
man/man8/idmap_script.8.gz
man/man8/idmap_tdb.8.gz
man/man8/idmap_tdb2.8.gz
man/man8/net.8.gz
man/man8/nmbd.8.gz
man/man8/pam_winbind.8.gz
man/man8/pdbedit.8.gz
man/man8/samba_downgrade_db.8.gz
man/man8/samba-regedit.8.gz
man/man8/samba-tool.8.gz
man/man8/samba.8.gz
man/man8/smbd.8.gz
man/man8/smbpasswd.8.gz
%%CUPS%%man/man8/smbspool_krb5_wrapper.8.gz
man/man8/smbspool.8.gz
man/man8/vfs_acl_tdb.8.gz
man/man8/vfs_acl_xattr.8.gz
man/man8/vfs_aio_fork.8.gz
man/man8/vfs_aio_pthread.8.gz
man/man8/vfs_audit.8.gz
man/man8/vfs_cacheprime.8.gz
man/man8/vfs_cap.8.gz
man/man8/vfs_catia.8.gz
man/man8/vfs_commit.8.gz
man/man8/vfs_crossrename.8.gz
man/man8/vfs_default_quota.8.gz
man/man8/vfs_dirsort.8.gz
man/man8/vfs_extd_audit.8.gz
man/man8/vfs_fake_perms.8.gz
man/man8/vfs_freebsd.8.gz
man/man8/vfs_full_audit.8.gz
man/man8/vfs_linux_xfs_sgid.8.gz
man/man8/vfs_media_harmony.8.gz
man/man8/vfs_offline.8.gz
man/man8/vfs_preopen.8.gz
man/man8/vfs_readahead.8.gz
man/man8/vfs_readonly.8.gz
man/man8/vfs_recycle.8.gz
man/man8/vfs_shadow_copy.8.gz
man/man8/vfs_shadow_copy2.8.gz
man/man8/vfs_shell_snap.8.gz
man/man8/vfs_streams_depot.8.gz
man/man8/vfs_streams_xattr.8.gz
man/man8/vfs_syncops.8.gz
man/man8/vfs_time_audit.8.gz
man/man8/vfs_unityed_media.8.gz
man/man8/vfs_virusfilter.8.gz
man/man8/vfs_widelinks.8.gz
man/man8/vfs_worm.8.gz
man/man8/vfs_xattr_tdb.8.gz
man/man8/vfs_zfsacl.8.gz
man/man8/winbind_krb5_locator.8.gz
man/man8/winbindd.8.gz
@dir %%SAMBA4_RUNDIR%%
@dir %%SAMBA4_LOGDIR%%
@dir %%SAMBA4_LOCKDIR%%
@dir %%SAMBA4_PRIVATEDIR%%
@dir %%SAMBA4_BINDDNSDIR%%
@comment Use bundled libraries
%%SAMBA4_BUNDLED_CMOCKA%%%%SAMBA4_LIBDIR%%/private/libcmocka-samba4.so
%%SAMBA4_BUNDLED_LDB%%%%PYTHON3%%%%PYTHON_SITELIBDIR%%/_ldb_text.py
%%SAMBA4_BUNDLED_LDB%%%%PYTHON3%%%%PYTHON_SITELIBDIR%%/ldb%%PYTHON_EXT_SUFFIX%%.so
%%SAMBA4_BUNDLED_LDB%%%%PYTHON3%%%%SAMBA4_LIBDIR%%/private/libpyldb-util%%PYTHON_EXT_SUFFIX%%.so.2
%%SAMBA4_BUNDLED_LDB%%bin/samba-ldbdump
%%SAMBA4_BUNDLED_LDB%%bin/samba-ldbadd
%%SAMBA4_BUNDLED_LDB%%bin/samba-ldbdel
%%SAMBA4_BUNDLED_LDB%%bin/samba-ldbedit
%%SAMBA4_BUNDLED_LDB%%bin/samba-ldbmodify
%%SAMBA4_BUNDLED_LDB%%bin/samba-ldbrename
%%SAMBA4_BUNDLED_LDB%%bin/samba-ldbsearch
%%SAMBA4_BUNDLED_LDB%%%%SAMBA4_LIBDIR%%/private/libldb-cmdline-samba4.so
%%SAMBA4_BUNDLED_LDB%%%%SAMBA4_LIBDIR%%/private/libldb-key-value-samba4.so
%%SAMBA4_BUNDLED_LDB%%%%SAMBA4_LIBDIR%%/private/libldb-tdb-err-map-samba4.so
%%SAMBA4_BUNDLED_LDB%%%%SAMBA4_LIBDIR%%/private/libldb-tdb-int-samba4.so
%%SAMBA4_BUNDLED_LDB%%%%SAMBA4_LIBDIR%%/private/libldb.so.2
%%AD_DC%%%%SAMBA4_BUNDLED_LDB%%%%SAMBA4_MODULEDIR%%/ldb/count_attrs.so
%%SAMBA4_BUNDLED_LDB%%%%SAMBA4_MODULEDIR%%/ldb/asq.so
%%SAMBA4_BUNDLED_LDB%%%%SAMBA4_MODULEDIR%%/ldb/ildap.so
%%SAMBA4_BUNDLED_LDB%%%%SAMBA4_MODULEDIR%%/ldb/ldb.so
%%SAMBA4_BUNDLED_LDB%%%%SAMBA4_MODULEDIR%%/ldb/ldbsamba_extensions.so
%%SAMBA4_BUNDLED_LDB%%%%SAMBA4_MODULEDIR%%/ldb/paged_searches.so
%%SAMBA4_BUNDLED_LDB%%%%SAMBA4_MODULEDIR%%/ldb/rdn_name.so
%%SAMBA4_BUNDLED_LDB%%%%SAMBA4_MODULEDIR%%/ldb/sample.so
%%SAMBA4_BUNDLED_LDB%%%%SAMBA4_MODULEDIR%%/ldb/server_sort.so
%%SAMBA4_BUNDLED_LDB%%%%SAMBA4_MODULEDIR%%/ldb/skel.so
%%SAMBA4_BUNDLED_LDB%%%%SAMBA4_MODULEDIR%%/ldb/tdb.so
%%SAMBA4_BUNDLED_TALLOC%%%%PYTHON3%%%%PYTHON_SITELIBDIR%%/talloc%%PYTHON_EXT_SUFFIX%%.so
%%SAMBA4_BUNDLED_TALLOC%%%%PYTHON3%%%%SAMBA4_LIBDIR%%/private/libpytalloc-util%%PYTHON_EXT_SUFFIX%%.so.2
%%SAMBA4_BUNDLED_TALLOC%%%%SAMBA4_LIBDIR%%/private/libtalloc.so.2
%%SAMBA4_BUNDLED_TALLOC%%man/man3/talloc.3.gz
%%SAMBA4_BUNDLED_TDB%%%%PYTHON3%%%%PYTHON_SITELIBDIR%%/_tdb_text.py
%%SAMBA4_BUNDLED_TDB%%%%PYTHON3%%%%PYTHON_SITELIBDIR%%/tdb%%PYTHON_EXT_SUFFIX%%.so
%%SAMBA4_BUNDLED_TDB%%bin/samba-tdbbackup
%%SAMBA4_BUNDLED_TDB%%bin/samba-tdbdump
%%SAMBA4_BUNDLED_TDB%%bin/samba-tdbrestore
%%SAMBA4_BUNDLED_TDB%%bin/samba-tdbtool
%%SAMBA4_BUNDLED_TDB%%%%SAMBA4_LIBDIR%%/private/libtdb.so.1
%%SAMBA4_BUNDLED_TEVENT%%%%PYTHON3%%%%PYTHON_SITELIBDIR%%/_tevent%%PYTHON_EXT_SUFFIX%%.so
%%SAMBA4_BUNDLED_TEVENT%%%%PYTHON3%%%%PYTHON_SITELIBDIR%%/tevent.py
%%SAMBA4_BUNDLED_TEVENT%%%%SAMBA4_LIBDIR%%/private/libtevent.so.0
%%SAMBA4_BUNDLED_LDB%%man/man1/samba-ldbadd.1.gz
%%SAMBA4_BUNDLED_LDB%%man/man1/samba-ldbdel.1.gz
%%SAMBA4_BUNDLED_LDB%%man/man1/samba-ldbedit.1.gz
%%SAMBA4_BUNDLED_LDB%%man/man1/samba-ldbmodify.1.gz
%%SAMBA4_BUNDLED_LDB%%man/man1/samba-ldbrename.1.gz
%%SAMBA4_BUNDLED_LDB%%man/man1/samba-ldbsearch.1.gz
%%SAMBA4_BUNDLED_TDB%%man/man8/samba-tdbbackup.8.gz
%%SAMBA4_BUNDLED_TDB%%man/man8/samba-tdbdump.8.gz
%%SAMBA4_BUNDLED_TDB%%man/man8/samba-tdbrestore.8.gz
%%SAMBA4_BUNDLED_TDB%%man/man8/samba-tdbtool.8.gz




bin/samba-tool
sbin/samba_downgrade_db
sbin/samba
sbin/samba_dnsupdate
sbin/samba_kcc
sbin/samba_spnupdate
sbin/samba_upgradedns
sbin/samba-gpupdate
include/samba4/dcerpc_server.h
lib/samba4/libdcerpc-server.so
lib/samba4/libdcerpc-server.so.0
lib/samba4/private/libdlz-bind9-for-torture-samba4.so
lib/samba4/private/libprocess-model-samba4.so
lib/samba4/private/libservice-samba4.so
%%GSSAPI_BUILTIN%%lib/samba4/private/libHDB-SAMBA4-samba4.so
lib/samba4/private/libdb-glue-samba4.so
lib/samba4/private/libdfs-server-ad-samba4.so
lib/samba4/private/libdnsserver-common-samba4.so
lib/samba4/private/libdsdb-garbage-collect-tombstones-samba4.so
lib/samba4/private/libpac-samba4.so
lib/samba4/private/libscavenge-dns-records-samba4.so
%%SAMBA4_MODULEDIR%%/bind9/dlz_bind9.so
%%SAMBA4_MODULEDIR%%/bind9/dlz_bind9_9.so
%%SAMBA4_MODULEDIR%%/bind9/dlz_bind9_10.so
%%SAMBA4_MODULEDIR%%/bind9/dlz_bind9_11.so
%%SAMBA4_MODULEDIR%%/bind9/dlz_bind9_12.so
%%SAMBA4_MODULEDIR%%/bind9/dlz_bind9_14.so
%%SAMBA4_MODULEDIR%%/bind9/dlz_bind9_16.so
%%SAMBA4_MODULEDIR%%/gensec/krb5.so
%%SAMBA4_MODULEDIR%%/ldb/acl.so
%%SAMBA4_MODULEDIR%%/ldb/aclread.so
%%SAMBA4_MODULEDIR%%/ldb/anr.so
%%SAMBA4_MODULEDIR%%/ldb/audit_log.so
%%SAMBA4_MODULEDIR%%/ldb/descriptor.so
%%SAMBA4_MODULEDIR%%/ldb/dirsync.so
%%SAMBA4_MODULEDIR%%/ldb/dns_notify.so
%%SAMBA4_MODULEDIR%%/ldb/dsdb_notification.so
%%SAMBA4_MODULEDIR%%/ldb/encrypted_secrets.so
%%SAMBA4_MODULEDIR%%/ldb/extended_dn_in.so
%%SAMBA4_MODULEDIR%%/ldb/extended_dn_out.so
%%SAMBA4_MODULEDIR%%/ldb/extended_dn_store.so
%%SAMBA4_MODULEDIR%%/ldb/group_audit_log.so
%%SAMBA4_MODULEDIR%%/ldb/instancetype.so
%%SAMBA4_MODULEDIR%%/ldb/lazy_commit.so
%%SAMBA4_MODULEDIR%%/ldb/linked_attributes.so
%%SAMBA4_MODULEDIR%%/ldb/new_partition.so
%%SAMBA4_MODULEDIR%%/ldb/objectclass_attrs.so
%%SAMBA4_MODULEDIR%%/ldb/objectclass.so
%%SAMBA4_MODULEDIR%%/ldb/objectguid.so
%%SAMBA4_MODULEDIR%%/ldb/operational.so
%%SAMBA4_MODULEDIR%%/ldb/paged_results.so
%%SAMBA4_MODULEDIR%%/ldb/partition.so
%%SAMBA4_MODULEDIR%%/ldb/password_hash.so
%%SAMBA4_MODULEDIR%%/ldb/ranged_results.so
%%SAMBA4_MODULEDIR%%/ldb/repl_meta_data.so
%%SAMBA4_MODULEDIR%%/ldb/resolve_oids.so
%%SAMBA4_MODULEDIR%%/ldb/rootdse.so
%%SAMBA4_MODULEDIR%%/ldb/samba_dsdb.so
%%SAMBA4_MODULEDIR%%/ldb/samba_secrets.so
%%SAMBA4_MODULEDIR%%/ldb/samba3sam.so
%%SAMBA4_MODULEDIR%%/ldb/samba3sid.so
%%SAMBA4_MODULEDIR%%/ldb/samldb.so
%%SAMBA4_MODULEDIR%%/ldb/schema_data.so
%%SAMBA4_MODULEDIR%%/ldb/schema_load.so
%%SAMBA4_MODULEDIR%%/ldb/secrets_tdb_sync.so
%%SAMBA4_MODULEDIR%%/ldb/show_deleted.so
%%SAMBA4_MODULEDIR%%/ldb/subtree_delete.so
%%SAMBA4_MODULEDIR%%/ldb/subtree_rename.so
%%SAMBA4_MODULEDIR%%/ldb/tombstone_reanimate.so
%%SAMBA4_MODULEDIR%%/ldb/unique_object_sids.so
%%SAMBA4_MODULEDIR%%/ldb/update_keytab.so
%%SAMBA4_MODULEDIR%%/ldb/vlv.so
%%SAMBA4_MODULEDIR%%/ldb/wins_ldb.so
%%SAMBA4_MODULEDIR%%/process_model/prefork.so
%%SAMBA4_MODULEDIR%%/process_model/standard.so
%%SAMBA4_MODULEDIR%%/service/cldap.so
%%SAMBA4_MODULEDIR%%/service/dcerpc.so
%%SAMBA4_MODULEDIR%%/service/dns_update.so
%%SAMBA4_MODULEDIR%%/service/dns.so
%%SAMBA4_MODULEDIR%%/service/drepl.so
%%SAMBA4_MODULEDIR%%/service/kcc.so
%%SAMBA4_MODULEDIR%%/service/kdc.so
%%SAMBA4_MODULEDIR%%/service/ldap.so
%%SAMBA4_MODULEDIR%%/service/nbtd.so
%%SAMBA4_MODULEDIR%%/service/ntp_signd.so
%%SAMBA4_MODULEDIR%%/service/s3fs.so
%%SAMBA4_MODULEDIR%%/service/winbindd.so
%%SAMBA4_MODULEDIR%%/service/wrepl.so
%%SAMBA4_MODULEDIR%%/vfs/posix_eadb.so
%%PKGCONFIGDIR%%/dcerpc_server.pc
%%DATADIR%%/samba/admx/en-US/samba.adml
%%DATADIR%%/samba/admx/samba.admx
%%DATADIR%%/setup/ad-schema/AD_DS_Attributes__Windows_Server_2012_R2.ldf
%%DATADIR%%/setup/ad-schema/AD_DS_Attributes__Windows_Server_2016.ldf
%%DATADIR%%/setup/ad-schema/AD_DS_Classes__Windows_Server_2012_R2.ldf
%%DATADIR%%/setup/ad-schema/AD_DS_Classes__Windows_Server_2016.ldf
%%DATADIR%%/setup/ad-schema/Attributes_for_AD_DS__Windows_Server_2008_R2.ldf
%%DATADIR%%/setup/ad-schema/Attributes_for_AD_DS__Windows_Server_2012.ldf
%%DATADIR%%/setup/ad-schema/Classes_for_AD_DS__Windows_Server_2008_R2.ldf
%%DATADIR%%/setup/ad-schema/Classes_for_AD_DS__Windows_Server_2012.ldf
%%DATADIR%%/setup/ad-schema/licence.txt
%%DATADIR%%/setup/ad-schema/MS-AD_Schema_2K8_Attributes.txt
%%DATADIR%%/setup/ad-schema/MS-AD_Schema_2K8_Classes.txt
%%DATADIR%%/setup/ad-schema/MS-AD_Schema_2K8_R2_Attributes.txt
%%DATADIR%%/setup/ad-schema/MS-AD_Schema_2K8_R2_Classes.txt
%%DATADIR%%/setup/adprep/fix-forest-rev.ldf
%%DATADIR%%/setup/adprep/WindowsServerDocs/Forest-Wide-Updates.md
%%DATADIR%%/setup/adprep/WindowsServerDocs/Sch49.ldf.diff
%%DATADIR%%/setup/adprep/WindowsServerDocs/Sch50.ldf.diff
%%DATADIR%%/setup/adprep/WindowsServerDocs/Sch51.ldf.diff
%%DATADIR%%/setup/adprep/WindowsServerDocs/Sch57.ldf.diff
%%DATADIR%%/setup/adprep/WindowsServerDocs/Sch59.ldf.diff
%%DATADIR%%/setup/adprep/WindowsServerDocs/Schema-Updates.md
%%DATADIR%%/setup/aggregate_schema.ldif
%%DATADIR%%/setup/display-specifiers/DisplaySpecifiers-Win2k0.txt
%%DATADIR%%/setup/display-specifiers/DisplaySpecifiers-Win2k3.txt
%%DATADIR%%/setup/display-specifiers/DisplaySpecifiers-Win2k3R2.txt
%%DATADIR%%/setup/display-specifiers/DisplaySpecifiers-Win2k8.txt
%%DATADIR%%/setup/display-specifiers/DisplaySpecifiers-Win2k8R2.txt
%%DATADIR%%/setup/dns_update_list
%%DATADIR%%/setup/extended-rights.ldif
%%DATADIR%%/setup/idmap_init.ldif
%%DATADIR%%/setup/krb5.conf
%%DATADIR%%/setup/named.conf
%%DATADIR%%/setup/named.conf.dlz
%%DATADIR%%/setup/named.conf.update
%%DATADIR%%/setup/named.txt
%%DATADIR%%/setup/prefixMap.txt
%%DATADIR%%/setup/provision_basedn_modify.ldif
%%DATADIR%%/setup/provision_basedn_options.ldif
%%DATADIR%%/setup/provision_basedn_references.ldif
%%DATADIR%%/setup/provision_basedn.ldif
%%DATADIR%%/setup/provision_computers_add.ldif
%%DATADIR%%/setup/provision_computers_modify.ldif
%%DATADIR%%/setup/provision_configuration_basedn.ldif
%%DATADIR%%/setup/provision_configuration_modify.ldif
%%DATADIR%%/setup/provision_configuration_references.ldif
%%DATADIR%%/setup/provision_configuration.ldif
%%DATADIR%%/setup/provision_dns_accounts_add.ldif
%%DATADIR%%/setup/provision_dns_add_samba.ldif
%%DATADIR%%/setup/provision_dnszones_add.ldif
%%DATADIR%%/setup/provision_dnszones_modify.ldif
%%DATADIR%%/setup/provision_dnszones_partitions.ldif
%%DATADIR%%/setup/provision_group_policy.ldif
%%DATADIR%%/setup/provision_init.ldif
%%DATADIR%%/setup/provision_partitions.ldif
%%DATADIR%%/setup/provision_privilege.ldif
%%DATADIR%%/setup/provision_rootdse_add.ldif
%%DATADIR%%/setup/provision_rootdse_modify.ldif
%%DATADIR%%/setup/provision_schema_basedn_modify.ldif
%%DATADIR%%/setup/provision_schema_basedn.ldif
%%DATADIR%%/setup/provision_self_join_config.ldif
%%DATADIR%%/setup/provision_self_join_modify_config.ldif
%%DATADIR%%/setup/provision_self_join_modify_schema.ldif
%%DATADIR%%/setup/provision_self_join_modify.ldif
%%DATADIR%%/setup/provision_self_join.ldif
%%DATADIR%%/setup/provision_users_add.ldif
%%DATADIR%%/setup/provision_users_modify.ldif
%%DATADIR%%/setup/provision_users.ldif
%%DATADIR%%/setup/provision_well_known_sec_princ.ldif
%%DATADIR%%/setup/provision.ldif
%%DATADIR%%/setup/provision.reg
%%DATADIR%%/setup/provision.zone
%%DATADIR%%/setup/schema_samba4.ldif
%%DATADIR%%/setup/secrets_dns.ldif
%%DATADIR%%/setup/secrets_init.ldif
%%DATADIR%%/setup/secrets.ldif
%%DATADIR%%/setup/share.ldif
%%DATADIR%%/setup/spn_update_list
%%DATADIR%%/setup/ypServ30.ldif
@dir %%DATADIR%%/setup/display-specifiers
@dir %%DATADIR%%/setup/ad-schema
@dir %%DATADIR%%/setup
@dir %%DATADIR%%
man/man8/samba-gpupdate.8.gz




@comment Cluster
bin/ctdb
bin/ctdb_diagnostics
bin/ltdbtool
bin/onnode
bin/ping_pong
etc/ctdb/ctdb-crash-cleanup.sh
etc/ctdb/debug_locks.sh
etc/ctdb/debug-hung-script.sh
etc/ctdb/events/legacy/00.ctdb.script
etc/ctdb/events/legacy/01.reclock.script
etc/ctdb/events/legacy/05.system.script
etc/ctdb/events/legacy/10.interface.script
etc/ctdb/events/notification/README
etc/ctdb/functions
etc/ctdb/nfs-checks.d/00.portmapper.check
etc/ctdb/nfs-checks.d/10.status.check
etc/ctdb/nfs-checks.d/20.nfs.check
etc/ctdb/nfs-checks.d/30.nlockmgr.check
etc/ctdb/nfs-checks.d/40.mountd.check
etc/ctdb/nfs-checks.d/50.rquotad.check
etc/ctdb/nfs-checks.d/README
etc/ctdb/nfs-linux-kernel-callout
etc/ctdb/notify.sh
etc/ctdb/statd-callout
etc/sudoers.d/ctdb
lib/samba4/private/libctdb-event-client-samba4.so
libexec/ctdb/ctdb_killtcp
libexec/ctdb/ctdb_lock_helper
libexec/ctdb/ctdb_lvs
libexec/ctdb/ctdb_mutex_fcntl_helper
libexec/ctdb/ctdb_natgw
libexec/ctdb/ctdb_recovery_helper
libexec/ctdb/ctdb_takeover_helper
libexec/ctdb/ctdb-config
libexec/ctdb/ctdb-event
libexec/ctdb/ctdb-eventd
libexec/ctdb/ctdb-path
libexec/ctdb/smnotify
man/man1/ctdb_diagnostics.1.gz
man/man1/ctdb.1.gz
man/man1/ctdbd_wrapper.1.gz
man/man1/ctdbd.1.gz
man/man1/ltdbtool.1.gz
man/man1/onnode.1.gz
man/man1/ping_pong.1.gz
man/man5/ctdb-script.options.5.gz
man/man5/ctdb.conf.5.gz
man/man5/ctdb.sysconfig.5.gz
man/man7/ctdb-statistics.7.gz
man/man7/ctdb-tunables.7.gz
man/man7/ctdb.7.gz
sbin/ctdbd
sbin/ctdbd_wrapper
share/ctdb/events/legacy/00.ctdb.script
share/ctdb/events/legacy/01.reclock.script
share/ctdb/events/legacy/05.system.script
share/ctdb/events/legacy/06.nfs.script
share/ctdb/events/legacy/10.interface.script
share/ctdb/events/legacy/11.natgw.script
share/ctdb/events/legacy/11.routing.script
share/ctdb/events/legacy/13.per_ip_routing.script
share/ctdb/events/legacy/20.multipathd.script
share/ctdb/events/legacy/31.clamd.script
share/ctdb/events/legacy/40.vsftpd.script
share/ctdb/events/legacy/41.httpd.script
share/ctdb/events/legacy/48.netbios.script
share/ctdb/events/legacy/49.winbind.script
share/ctdb/events/legacy/50.samba.script
share/ctdb/events/legacy/60.nfs.script
share/ctdb/events/legacy/70.iscsi.script
share/ctdb/events/legacy/91.lvs.script
@dir /var/lib/ctdb/volatile
@dir /var/lib/ctdb/state
@dir /var/lib/ctdb/persistent
@dir /var/lib/ctdb
@dir /var/lib
@dir /var/run/ctdb




bin/smbtorture
man/man1/smbtorture.1.gz
include/samba4/policy.h
lib/samba4/libsamba-policy%%PYTHON_EXT_SUFFIX%%.so
lib/samba4/libsamba-policy%%PYTHON_EXT_SUFFIX%%.so.0
lib/samba4/private/libsamba-net%%PYTHON_EXT_SUFFIX%%-samba4.so
lib/samba4/private/libsamba-python%%PYTHON_EXT_SUFFIX%%-samba4.so
%%PKGCONFIGDIR%%/samba-policy%%PYTHON_EXT_SUFFIX%%.pc
@comment Python block
%%AD_DC%%%%PYTHON_SITELIBDIR%%/samba/dckeytab%%PYTHON_EXT_SUFFIX%%.so
%%AD_DC%%%%PYTHON_SITELIBDIR%%/samba/posix_eadb%%PYTHON_EXT_SUFFIX%%.so
%%AD_DC%%%%PYTHON_SITELIBDIR%%/samba/xattr_native%%PYTHON_EXT_SUFFIX%%.so
%%AD_DC%%%%PYTHON_SITELIBDIR%%/samba/xattr_tdb%%PYTHON_EXT_SUFFIX%%.so
%%AD_DC%%%%PYTHON_SITELIBDIR%%/samba/dsdb_dns%%PYTHON_EXT_SUFFIX%%.so
%%AD_DC%%%%PYTHON_SITELIBDIR%%/samba/dsdb%%PYTHON_EXT_SUFFIX%%.so
%%PYTHON_SITELIBDIR%%/samba/__init__.py
%%PYTHON_SITELIBDIR%%/samba/_glue%%PYTHON_EXT_SUFFIX%%.so
%%PYTHON_SITELIBDIR%%/samba/_ldb%%PYTHON_EXT_SUFFIX%%.so
%%PYTHON_SITELIBDIR%%/samba/auth_util.py
%%PYTHON_SITELIBDIR%%/samba/auth%%PYTHON_EXT_SUFFIX%%.so
%%PYTHON_SITELIBDIR%%/samba/colour.py
%%PYTHON_SITELIBDIR%%/samba/common.py
%%PYTHON_SITELIBDIR%%/samba/compat.py
%%PYTHON_SITELIBDIR%%/samba/credentials%%PYTHON_EXT_SUFFIX%%.so
%%PYTHON_SITELIBDIR%%/samba/crypto%%PYTHON_EXT_SUFFIX%%.so
%%PYTHON_SITELIBDIR%%/samba/dbchecker.py
%%PYTHON_SITELIBDIR%%/samba/dcerpc/__init__.py
%%PYTHON_SITELIBDIR%%/samba/dcerpc/atsvc%%PYTHON_EXT_SUFFIX%%.so
%%PYTHON_SITELIBDIR%%/samba/dcerpc/auth%%PYTHON_EXT_SUFFIX%%.so
%%PYTHON_SITELIBDIR%%/samba/dcerpc/base%%PYTHON_EXT_SUFFIX%%.so
%%PYTHON_SITELIBDIR%%/samba/dcerpc/dcerpc%%PYTHON_EXT_SUFFIX%%.so
%%PYTHON_SITELIBDIR%%/samba/dcerpc/dfs%%PYTHON_EXT_SUFFIX%%.so
%%PYTHON_SITELIBDIR%%/samba/dcerpc/dns%%PYTHON_EXT_SUFFIX%%.so
%%PYTHON_SITELIBDIR%%/samba/dcerpc/dnsp%%PYTHON_EXT_SUFFIX%%.so
%%PYTHON_SITELIBDIR%%/samba/dcerpc/dnsserver%%PYTHON_EXT_SUFFIX%%.so
%%PYTHON_SITELIBDIR%%/samba/dcerpc/drsblobs%%PYTHON_EXT_SUFFIX%%.so
%%PYTHON_SITELIBDIR%%/samba/dcerpc/drsuapi%%PYTHON_EXT_SUFFIX%%.so
%%PYTHON_SITELIBDIR%%/samba/dcerpc/echo%%PYTHON_EXT_SUFFIX%%.so
%%PYTHON_SITELIBDIR%%/samba/dcerpc/epmapper%%PYTHON_EXT_SUFFIX%%.so
%%PYTHON_SITELIBDIR%%/samba/dcerpc/idmap%%PYTHON_EXT_SUFFIX%%.so
%%PYTHON_SITELIBDIR%%/samba/dcerpc/initshutdown%%PYTHON_EXT_SUFFIX%%.so
%%PYTHON_SITELIBDIR%%/samba/dcerpc/irpc%%PYTHON_EXT_SUFFIX%%.so
%%PYTHON_SITELIBDIR%%/samba/dcerpc/krb5ccache%%PYTHON_EXT_SUFFIX%%.so
%%PYTHON_SITELIBDIR%%/samba/dcerpc/krb5pac%%PYTHON_EXT_SUFFIX%%.so
%%PYTHON_SITELIBDIR%%/samba/dcerpc/lsa%%PYTHON_EXT_SUFFIX%%.so
%%PYTHON_SITELIBDIR%%/samba/dcerpc/mdssvc%%PYTHON_EXT_SUFFIX%%.so
%%PYTHON_SITELIBDIR%%/samba/dcerpc/messaging%%PYTHON_EXT_SUFFIX%%.so
%%PYTHON_SITELIBDIR%%/samba/dcerpc/mgmt%%PYTHON_EXT_SUFFIX%%.so
%%PYTHON_SITELIBDIR%%/samba/dcerpc/misc%%PYTHON_EXT_SUFFIX%%.so
%%PYTHON_SITELIBDIR%%/samba/dcerpc/nbt%%PYTHON_EXT_SUFFIX%%.so
%%PYTHON_SITELIBDIR%%/samba/dcerpc/netlogon%%PYTHON_EXT_SUFFIX%%.so
%%PYTHON_SITELIBDIR%%/samba/dcerpc/ntlmssp%%PYTHON_EXT_SUFFIX%%.so
%%PYTHON_SITELIBDIR%%/samba/dcerpc/preg%%PYTHON_EXT_SUFFIX%%.so
%%PYTHON_SITELIBDIR%%/samba/dcerpc/samr%%PYTHON_EXT_SUFFIX%%.so
%%PYTHON_SITELIBDIR%%/samba/dcerpc/security%%PYTHON_EXT_SUFFIX%%.so
%%PYTHON_SITELIBDIR%%/samba/dcerpc/server_id%%PYTHON_EXT_SUFFIX%%.so
%%PYTHON_SITELIBDIR%%/samba/dcerpc/smb_acl%%PYTHON_EXT_SUFFIX%%.so
%%PYTHON_SITELIBDIR%%/samba/dcerpc/spoolss%%PYTHON_EXT_SUFFIX%%.so
%%PYTHON_SITELIBDIR%%/samba/dcerpc/srvsvc%%PYTHON_EXT_SUFFIX%%.so
%%PYTHON_SITELIBDIR%%/samba/dcerpc/svcctl%%PYTHON_EXT_SUFFIX%%.so
%%PYTHON_SITELIBDIR%%/samba/dcerpc/unixinfo%%PYTHON_EXT_SUFFIX%%.so
%%PYTHON_SITELIBDIR%%/samba/dcerpc/winbind%%PYTHON_EXT_SUFFIX%%.so
%%PYTHON_SITELIBDIR%%/samba/dcerpc/windows_event_ids%%PYTHON_EXT_SUFFIX%%.so
%%PYTHON_SITELIBDIR%%/samba/dcerpc/winreg%%PYTHON_EXT_SUFFIX%%.so
%%PYTHON_SITELIBDIR%%/samba/dcerpc/winspool%%PYTHON_EXT_SUFFIX%%.so
%%PYTHON_SITELIBDIR%%/samba/dcerpc/witness%%PYTHON_EXT_SUFFIX%%.so
%%PYTHON_SITELIBDIR%%/samba/dcerpc/wkssvc%%PYTHON_EXT_SUFFIX%%.so
%%PYTHON_SITELIBDIR%%/samba/dcerpc/xattr%%PYTHON_EXT_SUFFIX%%.so
%%PYTHON_SITELIBDIR%%/samba/descriptor.py
%%PYTHON_SITELIBDIR%%/samba/dnsresolver.py
%%PYTHON_SITELIBDIR%%/samba/dnsserver.py
%%PYTHON_SITELIBDIR%%/samba/domain_update.py
%%PYTHON_SITELIBDIR%%/samba/drs_utils.py
%%PYTHON_SITELIBDIR%%/samba/emulate/__init__.py
%%PYTHON_SITELIBDIR%%/samba/emulate/traffic_packets.py
%%PYTHON_SITELIBDIR%%/samba/emulate/traffic.py
%%PYTHON_SITELIBDIR%%/samba/forest_update.py
%%PYTHON_SITELIBDIR%%/samba/gensec%%PYTHON_EXT_SUFFIX%%.so
%%PYTHON_SITELIBDIR%%/samba/getopt.py
%%PYTHON_SITELIBDIR%%/samba/gp_ext_loader.py
%%PYTHON_SITELIBDIR%%/samba/gp_parse/__init__.py
%%PYTHON_SITELIBDIR%%/samba/gp_parse/gp_aas.py
%%PYTHON_SITELIBDIR%%/samba/gp_parse/gp_csv.py
%%PYTHON_SITELIBDIR%%/samba/gp_scripts_ext.py
%%PYTHON_SITELIBDIR%%/samba/gp_parse/gp_inf.py
%%PYTHON_SITELIBDIR%%/samba/gp_parse/gp_ini.py
%%PYTHON_SITELIBDIR%%/samba/gp_parse/gp_pol.py
%%PYTHON_SITELIBDIR%%/samba/gp_sec_ext.py
%%PYTHON_SITELIBDIR%%/samba/gpclass.py
%%PYTHON_SITELIBDIR%%/samba/gpo%%PYTHON_EXT_SUFFIX%%.so
%%PYTHON_SITELIBDIR%%/samba/graph.py
%%PYTHON_SITELIBDIR%%/samba/hostconfig.py
%%PYTHON_SITELIBDIR%%/samba/idmap.py
%%PYTHON_SITELIBDIR%%/samba/join.py
%%PYTHON_SITELIBDIR%%/samba/kcc/__init__.py
%%PYTHON_SITELIBDIR%%/samba/kcc/debug.py
%%PYTHON_SITELIBDIR%%/samba/kcc/graph_utils.py
%%PYTHON_SITELIBDIR%%/samba/kcc/graph.py
%%PYTHON_SITELIBDIR%%/samba/kcc/kcc_utils.py
%%PYTHON_SITELIBDIR%%/samba/kcc/ldif_import_export.py
%%PYTHON_SITELIBDIR%%/samba/logger.py
%%PYTHON_SITELIBDIR%%/samba/mdb_util.py
%%PYTHON_SITELIBDIR%%/samba/messaging%%PYTHON_EXT_SUFFIX%%.so
%%PYTHON_SITELIBDIR%%/samba/ms_display_specifiers.py
%%PYTHON_SITELIBDIR%%/samba/ms_forest_updates_markdown.py
%%PYTHON_SITELIBDIR%%/samba/ms_schema_markdown.py
%%PYTHON_SITELIBDIR%%/samba/ms_schema.py
%%PYTHON_SITELIBDIR%%/samba/ndr.py
%%PYTHON_SITELIBDIR%%/samba/net%%PYTHON_EXT_SUFFIX%%.so
%%PYTHON_SITELIBDIR%%/samba/netbios%%PYTHON_EXT_SUFFIX%%.so
%%PYTHON_SITELIBDIR%%/samba/netcmd/__init__.py
%%PYTHON_SITELIBDIR%%/samba/netcmd/common.py
%%PYTHON_SITELIBDIR%%/samba/netcmd/computer.py
%%PYTHON_SITELIBDIR%%/samba/netcmd/contact.py
%%PYTHON_SITELIBDIR%%/samba/netcmd/dbcheck.py
%%PYTHON_SITELIBDIR%%/samba/netcmd/delegation.py
%%PYTHON_SITELIBDIR%%/samba/netcmd/dns.py
%%PYTHON_SITELIBDIR%%/samba/netcmd/domain_backup.py
%%PYTHON_SITELIBDIR%%/samba/netcmd/domain.py
%%PYTHON_SITELIBDIR%%/samba/netcmd/drs.py
%%PYTHON_SITELIBDIR%%/samba/netcmd/dsacl.py
%%PYTHON_SITELIBDIR%%/samba/netcmd/forest.py
%%PYTHON_SITELIBDIR%%/samba/netcmd/fsmo.py
%%PYTHON_SITELIBDIR%%/samba/netcmd/gpo.py
%%PYTHON_SITELIBDIR%%/samba/netcmd/group.py
%%PYTHON_SITELIBDIR%%/samba/netcmd/ldapcmp.py
%%PYTHON_SITELIBDIR%%/samba/netcmd/main.py
%%PYTHON_SITELIBDIR%%/samba/netcmd/nettime.py
%%PYTHON_SITELIBDIR%%/samba/netcmd/ntacl.py
%%PYTHON_SITELIBDIR%%/samba/netcmd/ou.py
%%PYTHON_SITELIBDIR%%/samba/netcmd/processes.py
%%PYTHON_SITELIBDIR%%/samba/netcmd/pso.py
%%PYTHON_SITELIBDIR%%/samba/netcmd/rodc.py
%%PYTHON_SITELIBDIR%%/samba/netcmd/schema.py
%%PYTHON_SITELIBDIR%%/samba/netcmd/sites.py
%%PYTHON_SITELIBDIR%%/samba/netcmd/spn.py
%%PYTHON_SITELIBDIR%%/samba/netcmd/testparm.py
%%PYTHON_SITELIBDIR%%/samba/netcmd/user.py
%%PYTHON_SITELIBDIR%%/samba/netcmd/visualize.py
%%PYTHON_SITELIBDIR%%/samba/ntacls.py
%%PYTHON_SITELIBDIR%%/samba/ntstatus%%PYTHON_EXT_SUFFIX%%.so
%%PYTHON_SITELIBDIR%%/samba/param%%PYTHON_EXT_SUFFIX%%.so
%%PYTHON_SITELIBDIR%%/samba/policy%%PYTHON_EXT_SUFFIX%%.so
%%PYTHON_SITELIBDIR%%/samba/provision/__init__.py
%%PYTHON_SITELIBDIR%%/samba/provision/backend.py
%%PYTHON_SITELIBDIR%%/samba/provision/common.py
%%PYTHON_SITELIBDIR%%/samba/provision/kerberos_implementation.py
%%PYTHON_SITELIBDIR%%/samba/provision/kerberos.py
%%PYTHON_SITELIBDIR%%/samba/provision/sambadns.py
%%PYTHON_SITELIBDIR%%/samba/registry%%PYTHON_EXT_SUFFIX%%.so
%%PYTHON_SITELIBDIR%%/samba/remove_dc.py
%%PYTHON_SITELIBDIR%%/samba/samba3/__init__.py
%%PYTHON_SITELIBDIR%%/samba/samba3/libsmb_samba_internal%%PYTHON_EXT_SUFFIX%%.so
%%PYTHON_SITELIBDIR%%/samba/samba3/mdscli%%PYTHON_EXT_SUFFIX%%.so
%%PYTHON_SITELIBDIR%%/samba/samba3/param%%PYTHON_EXT_SUFFIX%%.so
%%PYTHON_SITELIBDIR%%/samba/samba3/passdb%%PYTHON_EXT_SUFFIX%%.so
%%PYTHON_SITELIBDIR%%/samba/samba3/smbd%%PYTHON_EXT_SUFFIX%%.so
%%PYTHON_SITELIBDIR%%/samba/samdb.py
%%PYTHON_SITELIBDIR%%/samba/schema.py
%%PYTHON_SITELIBDIR%%/samba/sd_utils.py
%%PYTHON_SITELIBDIR%%/samba/security%%PYTHON_EXT_SUFFIX%%.so
%%PYTHON_SITELIBDIR%%/samba/sites.py
%%PYTHON_SITELIBDIR%%/samba/subnets.py
%%PYTHON_SITELIBDIR%%/samba/subunit/__init__.py
%%PYTHON_SITELIBDIR%%/samba/subunit/run.py
%%PYTHON_SITELIBDIR%%/samba/tdb_util.py
%%PYTHON_SITELIBDIR%%/samba/tests/__init__.py
%%PYTHON_SITELIBDIR%%/samba/tests/audit_log_base.py
%%PYTHON_SITELIBDIR%%/samba/tests/audit_log_dsdb.py
%%PYTHON_SITELIBDIR%%/samba/tests/audit_log_pass_change.py
%%PYTHON_SITELIBDIR%%/samba/tests/auth_log_base.py
%%PYTHON_SITELIBDIR%%/samba/tests/auth_log_ncalrpc.py
%%PYTHON_SITELIBDIR%%/samba/tests/auth_log_netlogon_bad_creds.py
%%PYTHON_SITELIBDIR%%/samba/tests/auth_log_netlogon.py
%%PYTHON_SITELIBDIR%%/samba/tests/auth_log_pass_change.py
%%PYTHON_SITELIBDIR%%/samba/tests/auth_log_samlogon.py
%%PYTHON_SITELIBDIR%%/samba/tests/auth_log_winbind.py
%%PYTHON_SITELIBDIR%%/samba/tests/auth_log.py
%%PYTHON_SITELIBDIR%%/samba/tests/auth.py
%%PYTHON_SITELIBDIR%%/samba/tests/blackbox/__init__.py
%%PYTHON_SITELIBDIR%%/samba/tests/blackbox/bug13653.py
%%PYTHON_SITELIBDIR%%/samba/tests/blackbox/check_output.py
%%PYTHON_SITELIBDIR%%/samba/tests/blackbox/downgradedatabase.py
%%PYTHON_SITELIBDIR%%/samba/tests/blackbox/mdfind.py
%%PYTHON_SITELIBDIR%%/samba/tests/blackbox/ndrdump.py
%%PYTHON_SITELIBDIR%%/samba/tests/blackbox/netads_json.py
%%PYTHON_SITELIBDIR%%/samba/tests/blackbox/samba_dnsupdate.py
%%PYTHON_SITELIBDIR%%/samba/tests/blackbox/smbcacls_basic.py
%%PYTHON_SITELIBDIR%%/samba/tests/blackbox/smbcacls.py
%%PYTHON_SITELIBDIR%%/samba/tests/blackbox/smbcontrol_process.py
%%PYTHON_SITELIBDIR%%/samba/tests/blackbox/smbcontrol.py
%%PYTHON_SITELIBDIR%%/samba/tests/blackbox/traffic_learner.py
%%PYTHON_SITELIBDIR%%/samba/tests/blackbox/traffic_replay.py
%%PYTHON_SITELIBDIR%%/samba/tests/blackbox/traffic_summary.py
%%PYTHON_SITELIBDIR%%/samba/tests/common.py
%%PYTHON_SITELIBDIR%%/samba/tests/complex_expressions.py
%%PYTHON_SITELIBDIR%%/samba/tests/core.py
%%PYTHON_SITELIBDIR%%/samba/tests/credentials.py
%%PYTHON_SITELIBDIR%%/samba/tests/dcerpc/__init__.py
%%PYTHON_SITELIBDIR%%/samba/tests/dcerpc/array.py
%%PYTHON_SITELIBDIR%%/samba/tests/dcerpc/bare.py
%%PYTHON_SITELIBDIR%%/samba/tests/dcerpc/dnsserver.py
%%PYTHON_SITELIBDIR%%/samba/tests/dcerpc/integer.py
%%PYTHON_SITELIBDIR%%/samba/tests/dcerpc/lsa.py
%%PYTHON_SITELIBDIR%%/samba/tests/dcerpc/mdssvc.py
%%PYTHON_SITELIBDIR%%/samba/tests/dcerpc/misc.py
%%PYTHON_SITELIBDIR%%/samba/tests/dcerpc/raw_protocol.py
%%PYTHON_SITELIBDIR%%/samba/tests/dcerpc/raw_testcase.py
%%PYTHON_SITELIBDIR%%/samba/tests/dcerpc/registry.py
%%PYTHON_SITELIBDIR%%/samba/tests/dcerpc/rpc_talloc.py
%%PYTHON_SITELIBDIR%%/samba/tests/dcerpc/rpcecho.py
%%PYTHON_SITELIBDIR%%/samba/tests/dcerpc/sam.py
%%PYTHON_SITELIBDIR%%/samba/tests/dcerpc/srvsvc.py
%%PYTHON_SITELIBDIR%%/samba/tests/dcerpc/string_tests.py
%%PYTHON_SITELIBDIR%%/samba/tests/dcerpc/testrpc.py
%%PYTHON_SITELIBDIR%%/samba/tests/dcerpc/unix.py
%%PYTHON_SITELIBDIR%%/samba/tests/dckeytab.py
%%PYTHON_SITELIBDIR%%/samba/tests/dns_base.py
%%PYTHON_SITELIBDIR%%/samba/tests/dns_forwarder_helpers/server.py
%%PYTHON_SITELIBDIR%%/samba/tests/dns_forwarder.py
%%PYTHON_SITELIBDIR%%/samba/tests/dns_invalid.py
%%PYTHON_SITELIBDIR%%/samba/tests/dns_packet.py
%%PYTHON_SITELIBDIR%%/samba/tests/dns_tkey.py
%%PYTHON_SITELIBDIR%%/samba/tests/dns_wildcard.py
%%PYTHON_SITELIBDIR%%/samba/tests/dns.py
%%PYTHON_SITELIBDIR%%/samba/tests/docs.py
%%PYTHON_SITELIBDIR%%/samba/tests/domain_backup_offline.py
%%PYTHON_SITELIBDIR%%/samba/tests/domain_backup.py
%%PYTHON_SITELIBDIR%%/samba/tests/dsdb_api.py
%%PYTHON_SITELIBDIR%%/samba/tests/dsdb_lock.py
%%PYTHON_SITELIBDIR%%/samba/tests/dsdb_schema_attributes.py
%%PYTHON_SITELIBDIR%%/samba/tests/dsdb.py
%%PYTHON_SITELIBDIR%%/samba/tests/emulate/__init__.py
%%PYTHON_SITELIBDIR%%/samba/tests/emulate/traffic_packet.py
%%PYTHON_SITELIBDIR%%/samba/tests/emulate/traffic.py
%%PYTHON_SITELIBDIR%%/samba/tests/encrypted_secrets.py
%%PYTHON_SITELIBDIR%%/samba/tests/gensec.py
%%PYTHON_SITELIBDIR%%/samba/tests/get_opt.py
%%PYTHON_SITELIBDIR%%/samba/tests/getdcname.py
%%PYTHON_SITELIBDIR%%/samba/tests/glue.py
%%PYTHON_SITELIBDIR%%/samba/tests/gpo.py
%%PYTHON_SITELIBDIR%%/samba/tests/graph.py
%%PYTHON_SITELIBDIR%%/samba/tests/group_audit.py
%%PYTHON_SITELIBDIR%%/samba/tests/hostconfig.py
%%PYTHON_SITELIBDIR%%/samba/tests/join.py
%%PYTHON_SITELIBDIR%%/samba/tests/kcc/__init__.py
%%PYTHON_SITELIBDIR%%/samba/tests/kcc/graph_utils.py
%%PYTHON_SITELIBDIR%%/samba/tests/kcc/graph.py
%%PYTHON_SITELIBDIR%%/samba/tests/kcc/kcc_utils.py
%%PYTHON_SITELIBDIR%%/samba/tests/kcc/ldif_import_export.py
%%PYTHON_SITELIBDIR%%/samba/tests/krb5_credentials.py
%%PYTHON_SITELIBDIR%%/samba/tests/krb5/alias_tests.py
%%PYTHON_SITELIBDIR%%/samba/tests/krb5/as_canonicalization_tests.py
%%PYTHON_SITELIBDIR%%/samba/tests/krb5/as_req_tests.py
%%PYTHON_SITELIBDIR%%/samba/tests/krb5/compatability_tests.py
%%PYTHON_SITELIBDIR%%/samba/tests/krb5/fast_tests.py
%%PYTHON_SITELIBDIR%%/samba/tests/krb5/kcrypto.py
%%PYTHON_SITELIBDIR%%/samba/tests/krb5/kdc_base_test.py
%%PYTHON_SITELIBDIR%%/samba/tests/krb5/kdc_tests.py
%%PYTHON_SITELIBDIR%%/samba/tests/krb5/kdc_tgs_tests.py
%%PYTHON_SITELIBDIR%%/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py
%%PYTHON_SITELIBDIR%%/samba/tests/krb5/raw_testcase.py
%%PYTHON_SITELIBDIR%%/samba/tests/krb5/rfc4120_constants.py
%%PYTHON_SITELIBDIR%%/samba/tests/krb5/rfc4120_pyasn1.py
%%PYTHON_SITELIBDIR%%/samba/tests/krb5/rodc_tests.py
%%PYTHON_SITELIBDIR%%/samba/tests/krb5/s4u_tests.py
%%PYTHON_SITELIBDIR%%/samba/tests/krb5/salt_tests.py
%%PYTHON_SITELIBDIR%%/samba/tests/krb5/simple_tests.py
%%PYTHON_SITELIBDIR%%/samba/tests/krb5/spn_tests.py
%%PYTHON_SITELIBDIR%%/samba/tests/krb5/test_ccache.py
%%PYTHON_SITELIBDIR%%/samba/tests/krb5/test_idmap_nss.py
%%PYTHON_SITELIBDIR%%/samba/tests/krb5/test_ldap.py
%%PYTHON_SITELIBDIR%%/samba/tests/krb5/test_min_domain_uid.py
%%PYTHON_SITELIBDIR%%/samba/tests/krb5/test_rpc.py
%%PYTHON_SITELIBDIR%%/samba/tests/krb5/test_smb.py
%%PYTHON_SITELIBDIR%%/samba/tests/krb5/xrealm_tests.py
%%PYTHON_SITELIBDIR%%/samba/tests/ldap_raw.py
%%PYTHON_SITELIBDIR%%/samba/tests/ldap_referrals.py
%%PYTHON_SITELIBDIR%%/samba/tests/ldap_spn.py
%%PYTHON_SITELIBDIR%%/samba/tests/ldap_upn_sam_account.py
%%PYTHON_SITELIBDIR%%/samba/tests/libsmb.py
%%PYTHON_SITELIBDIR%%/samba/tests/loadparm.py
%%PYTHON_SITELIBDIR%%/samba/tests/lsa_string.py
%%PYTHON_SITELIBDIR%%/samba/tests/messaging.py
%%PYTHON_SITELIBDIR%%/samba/tests/net_join_no_spnego.py
%%PYTHON_SITELIBDIR%%/samba/tests/net_join.py
%%PYTHON_SITELIBDIR%%/samba/tests/netbios.py
%%PYTHON_SITELIBDIR%%/samba/tests/netcmd.py
%%PYTHON_SITELIBDIR%%/samba/tests/netlogonsvc.py
%%PYTHON_SITELIBDIR%%/samba/tests/ntacls_backup.py
%%PYTHON_SITELIBDIR%%/samba/tests/ntacls.py
%%PYTHON_SITELIBDIR%%/samba/tests/ntlm_auth_base.py
%%PYTHON_SITELIBDIR%%/samba/tests/ntlm_auth_krb5.py
%%PYTHON_SITELIBDIR%%/samba/tests/ntlm_auth.py
%%PYTHON_SITELIBDIR%%/samba/tests/ntlmdisabled.py
%%PYTHON_SITELIBDIR%%/samba/tests/pam_winbind_chauthtok.py
%%PYTHON_SITELIBDIR%%/samba/tests/pam_winbind_warn_pwd_expire.py
%%PYTHON_SITELIBDIR%%/samba/tests/pam_winbind.py
%%PYTHON_SITELIBDIR%%/samba/tests/param.py
%%PYTHON_SITELIBDIR%%/samba/tests/password_hash_fl2003.py
%%PYTHON_SITELIBDIR%%/samba/tests/password_hash_fl2008.py
%%PYTHON_SITELIBDIR%%/samba/tests/password_hash_gpgme.py
%%PYTHON_SITELIBDIR%%/samba/tests/password_hash_ldap.py
%%PYTHON_SITELIBDIR%%/samba/tests/password_hash.py
%%PYTHON_SITELIBDIR%%/samba/tests/password_quality.py
%%PYTHON_SITELIBDIR%%/samba/tests/password_test.py
%%PYTHON_SITELIBDIR%%/samba/tests/policy.py
%%PYTHON_SITELIBDIR%%/samba/tests/posixacl.py
%%PYTHON_SITELIBDIR%%/samba/tests/prefork_restart.py
%%PYTHON_SITELIBDIR%%/samba/tests/process_limits.py
%%PYTHON_SITELIBDIR%%/samba/tests/provision.py
%%PYTHON_SITELIBDIR%%/samba/tests/pso.py
%%PYTHON_SITELIBDIR%%/samba/tests/py_credentials.py
%%PYTHON_SITELIBDIR%%/samba/tests/registry.py
%%PYTHON_SITELIBDIR%%/samba/tests/s3idmapdb.py
%%PYTHON_SITELIBDIR%%/samba/tests/s3param.py
%%PYTHON_SITELIBDIR%%/samba/tests/s3passdb.py
%%PYTHON_SITELIBDIR%%/samba/tests/s3registry.py
%%PYTHON_SITELIBDIR%%/samba/tests/s3windb.py
%%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/__init__.py
%%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/base.py
%%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/computer.py
%%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/contact.py
%%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/demote.py
%%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/dnscmd.py
%%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/drs_clone_dc_data_lmdb_size.py
%%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/dsacl.py
%%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/forest.py
%%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/fsmo.py
%%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/gpo.py
%%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/group.py
%%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/help.py
%%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/join_lmdb_size.py
%%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/join.py
%%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/ntacl.py
%%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/ou.py
%%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/passwordsettings.py
%%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/processes.py
%%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/promote_dc_lmdb_size.py
%%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/provision_lmdb_size.py
%%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/provision_password_check.py
%%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/rodc.py
%%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/schema.py
%%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/sites.py
%%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/timecmd.py
%%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/user_check_password_script.py
%%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/user_virtualCryptSHA_base.py
%%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/user_virtualCryptSHA_gpg.py
%%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/user_virtualCryptSHA_userPassword.py
%%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/user_virtualCryptSHA.py
%%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/user_wdigest.py
%%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/user.py
%%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/visualize_drs.py
%%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/visualize.py
%%PYTHON_SITELIBDIR%%/samba/tests/samba_upgradedns_lmdb.py
%%PYTHON_SITELIBDIR%%/samba/tests/samba3sam.py
%%PYTHON_SITELIBDIR%%/samba/tests/samdb_api.py
%%PYTHON_SITELIBDIR%%/samba/tests/samdb.py
%%PYTHON_SITELIBDIR%%/samba/tests/security.py
%%PYTHON_SITELIBDIR%%/samba/tests/segfault.py
%%PYTHON_SITELIBDIR%%/samba/tests/smb.py
%%PYTHON_SITELIBDIR%%/samba/tests/smbd_base.py
%%PYTHON_SITELIBDIR%%/samba/tests/smbd_fuzztest.py
%%PYTHON_SITELIBDIR%%/samba/tests/source.py
%%PYTHON_SITELIBDIR%%/samba/tests/strings.py
%%PYTHON_SITELIBDIR%%/samba/tests/subunitrun.py
%%PYTHON_SITELIBDIR%%/samba/tests/tdb_util.py
%%PYTHON_SITELIBDIR%%/samba/tests/upgrade.py
%%PYTHON_SITELIBDIR%%/samba/tests/upgradeprovision.py
%%PYTHON_SITELIBDIR%%/samba/tests/upgradeprovisionneeddc.py
%%PYTHON_SITELIBDIR%%/samba/tests/usage.py
%%PYTHON_SITELIBDIR%%/samba/tests/xattr.py
%%PYTHON_SITELIBDIR%%/samba/upgrade.py
%%PYTHON_SITELIBDIR%%/samba/upgradehelpers.py
%%PYTHON_SITELIBDIR%%/samba/uptodateness.py
%%PYTHON_SITELIBDIR%%/samba/werror%%PYTHON_EXT_SUFFIX%%.so
%%PYTHON_SITELIBDIR%%/samba/xattr.py
@dir %%PYTHON_SITELIBDIR%%/samba/tests/samba_tool
@dir %%PYTHON_SITELIBDIR%%/samba/tests/dcerpc
@dir %%PYTHON_SITELIBDIR%%/samba/tests/blackbox
@dir %%PYTHON_SITELIBDIR%%/samba/tests
@dir %%PYTHON_SITELIBDIR%%/samba/samba3
@dir %%PYTHON_SITELIBDIR%%/samba/provision
@dir %%PYTHON_SITELIBDIR%%/samba/netcmd
@dir %%PYTHON_SITELIBDIR%%/samba/dcerpc
@dir %%PYTHON_SITELIBDIR%%/samba

Return to bug 263874

Added Link Here

(-)b/net/samba415/files/0001-Zfs-provision-1.patch (+368 lines)
1	From 2664c997587416a2c8c911a75158485a5c98b70b Mon Sep 17 00:00:00 2001
2	From: John Hixon <john@ixsystems.com>
3	Date: Sat, 20 May 2017 04:39:37 +0200
4	Subject: [PATCH] Zfs provision (#1)
5
6	Cherry-pick ZFS provisioning code by iXsystems Inc.
7
8	* Check if sysvol is on filesystem with NFSv4 ACL's
9	(cherry picked from commit ca86f52b78a7b6e7537454a69cf93e7b96210cba)
10
11	* Only check targetdir if it is defined (I had assumed it was)
12	(cherry picked from commit a29050cb2978ce23e3c04a859340dc2664c77a8a)
13
14	* Kick samba a little bit into understanding NFSv4 ACL's
15	(cherry picked from commit 1c7542ff4904b729e311e17464ee76582760c219)
16
17	Signed-off-by: Timur I. Bakeyev <timur@iXsystems.com>
18	---
19	python/samba/provision/__init__.py \| 25 ++++--
20	source3/lib/sysacls.c \| 10 +++
21	source3/param/loadparm.c \| 7 ++
22	source3/smbd/pysmbd.c \| 156 ++++++++++++++++++++++++++++++++++++-
23	4 files changed, 191 insertions(+), 7 deletions(-)
24
25	diff --git a/python/samba/provision/__init__.py b/python/samba/provision/__init__.py
26	index 5de986463a5..cd3b91f41b9 100644
27	--- a/python/samba/provision/__init__.py
28	+++ b/python/samba/provision/__init__.py
29	@@ -1695,19 +1695,25 @@ def setsysvolacl(samdb, netlogon, sysvol, uid, gid, do
30	s3conf = s3param.get_context()
31	s3conf.load(lp.configfile)
32
33	- file = tempfile.NamedTemporaryFile(dir=os.path.abspath(sysvol))
34	+ sysvol_dir = os.path.abspath(sysvol)
35	+
36	+ set_simple_acl = smbd.set_simple_acl
37	+ if smbd.has_nfsv4_acls(sysvol_dir):
38	+ set_simple_acl = smbd.set_simple_nfsv4_acl
39	+
40	+ file = tempfile.NamedTemporaryFile(dir=sysvol_dir)
41	try:
42	try:
43	- smbd.set_simple_acl(file.name, 0o755, system_session_unix(), gid)
44	+ set_simple_acl(file.name, 0o755, system_session_unix(), gid)
45	except OSError:
46	- if not smbd.have_posix_acls():
47	+ if not smbd.have_posix_acls() and not smbd.have_nfsv4_acls():
48	# This clue is only strictly correct for RPM and
49	# Debian-like Linux systems, but hopefully other users
50	# will get enough clue from it.
51	- raise ProvisioningError("Samba was compiled without the posix ACL support that s3fs requires. "
52	+ raise ProvisioningError("Samba was compiled without the ACL support that s3fs requires. "
53	"Try installing libacl1-dev or libacl-devel, then re-run configure and make.")
54
55	- raise ProvisioningError("Your filesystem or build does not support posix ACLs, which s3fs requires. "
56	+ raise ProvisioningError("Your filesystem or build does not support ACLs, which s3fs requires. "
57	"Try the mounting the filesystem with the 'acl' option.")
58	try:
59	smbd.chown(file.name, uid, gid, system_session_unix())
60	@@ -1984,6 +1990,9 @@ def provision_fill(samdb, secrets_ldb, logger, names,
61	samdb.transaction_commit()
62
63	if serverrole == "active directory domain controller":
64	+ if targetdir and smbd.have_nfsv4_acls() and smbd.has_nfsv4_acls(targetdir):
65	+ smbd.set_nfsv4_defaults()
66	+
67	# Continue setting up sysvol for GPO. This appears to require being
68	# outside a transaction.
69	if not skip_sysvolacl:
70	@@ -2340,6 +2349,9 @@ def provision(logger, session_info, smbconf=None,
71
72	if not os.path.isdir(paths.netlogon):
73	os.makedirs(paths.netlogon, 0o755)
74	+
75	+ if smbd.have_nfsv4_acls() and smbd.has_nfsv4_acls(paths.sysvol):
76	+ smbd.set_nfsv4_defaults()
77
78	if adminpass is None:
79	adminpass = samba.generate_random_password(12, 32)
80	diff --git a/source3/lib/sysacls.c b/source3/lib/sysacls.c
81	index 0bf3c37edfa..786cd39b5bc 100644
82	--- a/source3/lib/sysacls.c
83	+++ b/source3/lib/sysacls.c
84	@@ -38,6 +38,16 @@
85	#include "modules/vfs_hpuxacl.h"
86	#endif
87
88	+/*
89	+ * NFSv4 ACL's should be understood and a first class citizen. Work
90	+ * needs to be done in librpc/idl/smb_acl.idl for this to occur.
91	+ */
92	+#if defined(HAVE_LIBSUNACL) && defined(FREEBSD)
93	+#if 0
94	+#include "modules/nfs4_acls.h"
95	+#endif
96	+#endif
97	+
98	#undef DBGC_CLASS
99	#define DBGC_CLASS DBGC_ACLS
100
101	diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
102	index a2fcc4246c9..4b676897fc1 100644
103	--- a/source3/param/loadparm.c
104	+++ b/source3/param/loadparm.c
105	@@ -2801,9 +2801,29 @@ static void init_locals(void)
106	} else {
107	if (lp_parm_const_string(-1, "xattr_tdb", "file", NULL)) {
108	lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr xattr_tdb");
109	+ /*
110	+ * By default, the samba sysvol is located in the statedir. Provisioning will fail in setntacl
111	+ * unless we have zfacl enabled. Unfortunately, at this point the smb.conf has not been generated.
112	+ * This workaround is freebsd-specific.
113	+ */
114	+#if defined(_PC_ACL_EXTENDED)
115	+ } else if (pathconf(lp_state_directory(), _PC_ACL_EXTENDED) == 1) {
116	+ lp_do_parameter(-1, "vfs objects", "dfs_samba4 freebsd");
117	+#endif
118	+#if defined(_PC_ACL_NFS4)
119	+ } else if (pathconf(lp_state_directory(), _PC_ACL_NFS4) == 1) {
120	+ lp_do_parameter(-1, "vfs objects", "dfs_samba4 zfsacl");
121	+#endif
122	} else if (lp_parm_const_string(-1, "posix", "eadb", NULL)) {
123	lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr posix_eadb");
124	} else {
125	+ /*
126	+ * This should only set dfs_samba4 and leave acl_xattr
127	+ * to be set later (or zfsacl). The only reason the decision
128	+ * can't be made here to load acl_xattr or zfsacl is
129	+ * that we don't have access to what the target
130	+ * directory is.
131	+ */
132	lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr");
133	}
134	}
135	diff --git a/source3/smbd/pysmbd.c b/source3/smbd/pysmbd.c
136	index 63fc5d68c33..f5a536ee186 100644
137	--- a/source3/smbd/pysmbd.c
138	+++ b/source3/smbd/pysmbd.c
139	@@ -419,6 +419,20 @@ static SMB_ACL_T make_simple_acl(TALLOC_CTX *mem_ctx,
140	return acl;
141	}
142
143	+static SMB_ACL_T make_simple_nfsv4_acl(TALLOC_CTX *mem_ctx,
144	+ gid_t gid,
145	+ mode_t chmod_mode)
146	+{
147	+ /*
148	+ * This function needs to create an NFSv4 ACL. Currently, the only way
149	+ * to do so is to use the operating system interface, or to use the
150	+ * functions in source3/modules/nfs4_acls.c. These seems ugly and
151	+ * hacky. NFSv4 ACL's should be a first class citizen and
152	+ * librpc/idl/smb_acl.idl should be modified accordingly.
153	+ */
154	+ return NULL;
155	+}
156	+
157	/*
158	set a simple ACL on a file, as a test
159	*/
160	@@ -491,7 +505,85 @@ static PyObject py_smbd_set_simple_acl(PyObject self
161	Py_RETURN_NONE;
162	}
163
164	+
165	/*
166	+ set a simple NFSv4 ACL on a file, as a test
167	+ */
168	+static PyObject py_smbd_set_simple_nfsv4_acl(PyObject self, PyObject args, PyObject kwargs)
169	+{
170	+ const char * const kwnames[] = {
171	+ "fname",
172	+ "mode",
173	+ "session_info",
174	+ "gid",
175	+ "service",
176	+ NULL
177	+ };
178	+ char fname, service = NULL;
179	+ PyObject *py_session = Py_None;
180	+ struct auth_session_info *session_info = NULL;
181	+ int ret;
182	+ int mode, gid = -1;
183	+ SMB_ACL_T acl;
184	+ TALLOC_CTX *frame;
185	+ connection_struct *conn;
186	+
187	+ if (!PyArg_ParseTupleAndKeywords(args, kwargs, "siO\|iz",
188	+ discard_const_p(char *, kwnames),
189	+ &fname,
190	+ &mode,
191	+ &py_session,
192	+ &gid,
193	+ &service))
194	+ return NULL;
195	+
196	+ if (!py_check_dcerpc_type(py_session,
197	+ "samba.dcerpc.auth",
198	+ "session_info")) {
199	+ return NULL;
200	+ }
201	+ session_info = pytalloc_get_type(py_session,
202	+ struct auth_session_info);
203	+ if (session_info == NULL) {
204	+ PyErr_Format(PyExc_TypeError,
205	+ "Expected auth_session_info for session_info argument got %s",
206	+ pytalloc_get_name(py_session));
207	+ return NULL;
208	+ }
209	+
210	+ frame = talloc_stackframe();
211	+
212	+ acl = make_simple_nfsv4_acl(frame, gid, mode);
213	+ if (acl == NULL) {
214	+ TALLOC_FREE(frame);
215	+ Py_RETURN_NONE;
216	+ }
217	+
218	+ conn = get_conn_tos(service, session_info);
219	+ if (!conn) {
220	+ TALLOC_FREE(frame);
221	+ Py_RETURN_NONE;
222	+ }
223	+
224	+ /*
225	+ * SMB_ACL_TYPE_ACCESS -> ACL_TYPE_ACCESS -> Not valid for NFSv4 ACL
226	+ */
227	+ ret = 0;
228	+
229	+ /* ret = set_sys_acl_conn(fname, SMB_ACL_TYPE_ACCESS, acl, conn); */
230	+
231	+ if (ret != 0) {
232	+ TALLOC_FREE(frame);
233	+ errno = ret;
234	+ return PyErr_SetFromErrno(PyExc_OSError);
235	+ }
236	+
237	+ TALLOC_FREE(frame);
238	+
239	+ Py_RETURN_NONE;
240	+}
241	+
242	+/*
243	chown a file
244	*/
245	static PyObject py_smbd_chown(PyObject self, PyObject args, PyObject kwargs)
246	@@ -665,7 +757,7 @@ static PyObject py_smbd_unlink(PyObject self, PyObje
247	}
248
249	/*
250	- check if we have ACL support
251	+ check if we have POSIX.1e ACL support
252	*/
253	static PyObject py_smbd_have_posix_acls(PyObject self,
254	PyObject *Py_UNUSED(ignored))
255	@@ -677,7 +769,84 @@ static PyObject py_smbd_have_posix_acls(PyObject sel
256	#endif
257	}
258
259	+static PyObject py_smbd_has_posix_acls(PyObject self, PyObject args, PyObject kwargs)
260	+{
261	+ const char * const kwnames[] = { "path", NULL };
262	+ char *path = NULL;
263	+ TALLOC_CTX *frame;
264	+ struct statfs fs;
265	+ int ret = false;
266	+
267	+ frame = talloc_stackframe();
268	+
269	+ if (!PyArg_ParseTupleAndKeywords(args, kwargs, "s\|z",
270	+ discard_const_p(char *, kwnames), &path)) {
271	+ TALLOC_FREE(frame);
272	+ return NULL;
273	+ }
274	+
275	+ if (statfs(path, &fs) != 0) {
276	+ TALLOC_FREE(frame);
277	+ return NULL;
278	+ }
279	+
280	+ if (fs.f_flags & MNT_ACLS)
281	+ ret = true;
282	+
283	+ TALLOC_FREE(frame);
284	+ return PyBool_FromLong(ret);
285	+}
286	+
287	/*
288	+ check if we have NFSv4 ACL support
289	+ */
290	+static PyObject py_smbd_have_nfsv4_acls(PyObject self)
291	+{
292	+#ifdef HAVE_LIBSUNACL
293	+ return PyBool_FromLong(true);
294	+#else
295	+ return PyBool_FromLong(false);
296	+#endif
297	+}
298	+
299	+static PyObject py_smbd_has_nfsv4_acls(PyObject self, PyObject args, PyObject kwargs)
300	+{
301	+ const char * const kwnames[] = { "path", NULL };
302	+ char *path = NULL;
303	+ TALLOC_CTX *frame;
304	+ struct statfs fs;
305	+ int ret = false;
306	+
307	+ frame = talloc_stackframe();
308	+
309	+ if (!PyArg_ParseTupleAndKeywords(args, kwargs, "s\|z",
310	+ discard_const_p(char *, kwnames), &path)) {
311	+ TALLOC_FREE(frame);
312	+ return NULL;
313	+ }
314	+
315	+ if (statfs(path, &fs) != 0) {
316	+ TALLOC_FREE(frame);
317	+ return NULL;
318	+ }
319	+
320	+ if (fs.f_flags & MNT_NFS4ACLS)
321	+ ret = true;
322	+
323	+ TALLOC_FREE(frame);
324	+ return PyBool_FromLong(ret);
325	+}
326	+
327	+
328	+static PyObject py_smbd_set_nfsv4_defaults(PyObject self)
329	+{
330	+ /*
331	+ * It is really be done in source3/param/loadparm.c
332	+ */
333	+ Py_RETURN_NONE;
334	+}
335	+
336	+/*
337	set the NT ACL on a file
338	*/
339	static PyObject py_smbd_set_nt_acl(PyObject self, PyObject args, PyObject kwargs)
340	@@ -1124,8 +1296,26 @@ static PyMethodDef py_smbd_methods[] = {
341	{ "have_posix_acls",
342	(PyCFunction)py_smbd_have_posix_acls, METH_NOARGS,
343	NULL },
344	+ { "has_posix_acls",
345	+ PY_DISCARD_FUNC_SIG(PyCFunction, py_smbd_has_posix_acls),
346	+ METH_VARARGS\|METH_KEYWORDS,
347	+ NULL },
348	+ { "have_nfsv4_acls",
349	+ (PyCFunction)py_smbd_have_nfsv4_acls, METH_NOARGS,
350	+ NULL },
351	+ { "has_nfsv4_acls",
352	+ PY_DISCARD_FUNC_SIG(PyCFunction, py_smbd_has_nfsv4_acls),
353	+ METH_VARARGS\|METH_KEYWORDS,
354	+ NULL },
355	+ { "set_nfsv4_defaults",
356	+ (PyCFunction)py_smbd_set_nfsv4_defaults, METH_NOARGS,
357	+ NULL },
358	{ "set_simple_acl",
359	PY_DISCARD_FUNC_SIG(PyCFunction, py_smbd_set_simple_acl),
360	+ METH_VARARGS\|METH_KEYWORDS,
361	+ NULL },
362	+ { "set_simple_nfsv4_acl",
363	+ PY_DISCARD_FUNC_SIG(PyCFunction, py_smbd_set_simple_nfsv4_acl),
364	METH_VARARGS\|METH_KEYWORDS,
365	NULL },
366	{ "set_nt_acl",
367	--
368	2.14.2

Added Link Here

(-)b/net/samba415/files/README.FreeBSD.in (+90 lines)
1
2	!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
3	!!! Please read before runing any tools !!!
4	!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
5
6	Documentation
7	=============
8
9	o https://wiki.samba.org/index.php/Samba4/HOWTO
10
11	o https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO
12
13	o https://wiki.samba.org/index.php/Samba4/samba-tool/domain/classicupgrade/HOWTO
14
15	FreeBSD specific information
16	============================
17
18	* Your configuration is in: %%SAMBA4_CONFDIR%%/%%SAMBA4_CONFIG%%
19
20	* All the logs are under: %%SAMBA4_LOGDIR%%
21
22	* All the relevant databases are under: %%SAMBA4_LOCKDIR%%
23
24	* Provisioning script is: %%PREFIX%%/bin/samba-tool
25
26	Samba4 provisioning requires file system(s) with the ACLs support. On
27	UFS2 you need to enable POSIX ACLs by adding 'acls' option to the mount
28	flags, on ZFS you need to use NFSv4 ACLs and `zfsacl` VFS module to get
29	provisioning work.
30
31	There is a hack in the code, that makes provisioning work on UFS2 and in
32	the jails on the price of using USER extattr(2) namespace, which is less
33	secure than SYSTEM namespace, as can be edited not only by root user, but
34	also by the owner of the file.
35
36	For the provisioning on ZFS you need to use additional parameters to the
37	samba-tool, that would explicitly add `zfsacl` to the default `vfs objects`:
38
39	# samba-tool domain provision --interactive \
40	--option="vfs objects"="dfs_samba4 zfsacl"
41
42	To run this port you need to perform the following steps:
43	---------------------------------------------------------
44
45	0. If you had Samba3 port installed before, please, take backups of
46	all the relevant files. That includes 'smb.conf' file and all the
47	content of the '/var/db/samba/' directory.
48
49	1a. Create new '%%SAMBA4_CONFDIR%%/%%SAMBA4_CONFIG%%' file by running:
50
51	# samba-tool domain provision
52
53	1b. Or upgrade from the Samba3 'smb.conf' file by running:
54
55	# samba-tool domain classicupgrade
56
57	%%NSUPDATE%%1c. You will need to specify location of the 'nsupdate' command in the
58	%%NSUPDATE%%'%%SAMBA4_CONFIG%%' file:
59	%%NSUPDATE%%
60	%%NSUPDATE%% nsupdate command = %%PREFIX%%/bin/samba-nsupdate -g
61	%%NSUPDATE%%
62	2. Put string 'samba_server_enable="YES"' into your /etc/rc.conf.
63
64	3. Make sure that your server doesn't run Samba3, OpenLDAP and named.
65	Stop them, if necessary.
66
67	4. Run '%%PREFIX%%/etc/rc.d/samba_server start' or reboot.
68
69	Please, check archives of samba@lists.samba.org and ask there for help,
70	if necessary:
71
72	https://lists.samba.org/archive/samba/
73
74	In case you found a bug which is clearly not related to the port build
75	process itself, plese file a bug report at:
76
77	https://bugzilla.samba.org/
78
79	And add me to CC list.
80
81	You may find those tools helpful:
82	---------------------------------
83
84	Microsoft Remote Server Administration Tools (RSAT) for:
85
86	* Vista: http://www.microsoft.com/en-us/download/details.aspx?id=21090
87	* Windows 7: http://www.microsoft.com/en-us/download/details.aspx?id=7887
88
89
90	FreeBSD Samba4 port maintainer: Timur I. Bakeyev <timur@FreeBSD.org>

Added Link Here

(-)b/net/samba415/files/disabled/patch-bind (+274 lines)
1	--- python/samba/provision/sambadns.py.orig 2020-11-03 14:33:19 UTC
2	+++ python/samba/provision/sambadns.py
3	@@ -27,6 +27,7 @@ import time
4	import ldb
5	from base64 import b64encode
6	import subprocess
7	+import re
8	import samba
9	from samba.tdb_util import tdb_copy
10	from samba.mdb_util import mdb_copy
11	@@ -957,47 +958,38 @@ def create_named_conf(paths, realm, dnsdomain, dns_bac
12	stderr=subprocess.STDOUT,
13	cwd='.').communicate()[0]
14	bind_info = get_string(bind_info)
15	- bind9_8 = '#'
16	- bind9_9 = '#'
17	- bind9_10 = '#'
18	- bind9_11 = '#'
19	- bind9_12 = '#'
20	- bind9_14 = '#'
21	- bind9_16 = '#'
22	- if bind_info.upper().find('BIND 9.8') != -1:
23	- bind9_8 = ''
24	- elif bind_info.upper().find('BIND 9.9') != -1:
25	- bind9_9 = ''
26	- elif bind_info.upper().find('BIND 9.10') != -1:
27	- bind9_10 = ''
28	- elif bind_info.upper().find('BIND 9.11') != -1:
29	- bind9_11 = ''
30	- elif bind_info.upper().find('BIND 9.12') != -1:
31	- bind9_12 = ''
32	- elif bind_info.upper().find('BIND 9.14') != -1:
33	- bind9_14 = ''
34	- elif bind_info.upper().find('BIND 9.16') != -1:
35	- bind9_16 = ''
36	- elif bind_info.upper().find('BIND 9.7') != -1:
37	- raise ProvisioningError("DLZ option incompatible with BIND 9.7.")
38	- elif bind_info.upper().find('BIND_9.13') != -1:
39	- raise ProvisioningError("Only stable/esv releases of BIND are supported.")
40	- elif bind_info.upper().find('BIND_9.15') != -1:
41	- raise ProvisioningError("Only stable/esv releases of BIND are supported.")
42	- elif bind_info.upper().find('BIND_9.17') != -1:
43	- raise ProvisioningError("Only stable/esv releases of BIND are supported.")
44	+
45	+ bind9_release = re.search('BIND (9)\.(\d+)\.', bind_info, re.I)
46	+ if bind9_release:
47	+ bind9_disabled = ''
48	+ bind9_version = bind9_release.group(0) + "x"
49	+ bind9_version_major = int(bind9_release.group(1))
50	+ bind9_version_minor = int(bind9_release.group(2))
51	+ if bind9_version_minor == 7:
52	+ raise ProvisioningError("DLZ option incompatible with BIND 9.7.")
53	+ elif bind9_version_minor == 8:
54	+ bind9_dlz_version = "9"
55	+ elif bind9_version_minor in [13, 15, 17]:
56	+ raise ProvisioningError("Only stable/esv releases of BIND are supported.")
57	+ else:
58	+ bind9_dlz_version = "%d_%d" % (bind9_version_major, bind9_version_minor)
59	else:
60	+ bind9_disabled = '# '
61	+ bind9_version = "BIND z.y.x"
62	+ bind9_dlz_version = "z_y"
63	logger.warning("BIND version unknown, please modify %s manually." % paths.namedconf)
64	+
65	+ bind9_dlz = (
66	+ ' # For %s\n'
67	+ ' %sdatabase "dlopen %s/bind9/dlz_bind%s.so";'
68	+ ) % (
69	+ bind9_version, bind9_disabled, samba.param.modules_dir(), bind9_dlz_version
70	+ )
71	+
72	setup_file(setup_path("named.conf.dlz"), paths.namedconf, {
73	"NAMED_CONF": paths.namedconf,
74	"MODULESDIR": samba.param.modules_dir(),
75	- "BIND9_8": bind9_8,
76	- "BIND9_9": bind9_9,
77	- "BIND9_10": bind9_10,
78	- "BIND9_11": bind9_11,
79	- "BIND9_12": bind9_12,
80	- "BIND9_14": bind9_14,
81	- "BIND9_16": bind9_16
82	+ "BIND9_DLZ": bind9_dlz
83	})
84
85
86	--- source4/dns_server/dlz_minimal.h.orig 2019-12-06 10:10:30 UTC
87	+++ source4/dns_server/dlz_minimal.h
88	@@ -26,32 +26,31 @@
89	#include <stdint.h>
90	#include <stdbool.h>
91
92	-#if defined (BIND_VERSION_9_8)
93	-# define DLZ_DLOPEN_VERSION 1
94	-#elif defined (BIND_VERSION_9_9)
95	-# define DLZ_DLOPEN_VERSION 2
96	-# define DNS_CLIENTINFO_VERSION 1
97	-# define ISC_BOOLEAN_AS_BOOL 0
98	-#elif defined (BIND_VERSION_9_10)
99	-# define DLZ_DLOPEN_VERSION 3
100	-# define DNS_CLIENTINFO_VERSION 1
101	-# define ISC_BOOLEAN_AS_BOOL 0
102	-#elif defined (BIND_VERSION_9_11)
103	-# define DLZ_DLOPEN_VERSION 3
104	-# define DNS_CLIENTINFO_VERSION 2
105	-# define ISC_BOOLEAN_AS_BOOL 0
106	-#elif defined (BIND_VERSION_9_12)
107	-# define DLZ_DLOPEN_VERSION 3
108	-# define DNS_CLIENTINFO_VERSION 2
109	-# define ISC_BOOLEAN_AS_BOOL 0
110	-#elif defined (BIND_VERSION_9_14)
111	-# define DLZ_DLOPEN_VERSION 3
112	-# define DNS_CLIENTINFO_VERSION 2
113	-#elif defined (BIND_VERSION_9_16)
114	-# define DLZ_DLOPEN_VERSION 3
115	-# define DNS_CLIENTINFO_VERSION 2
116	+#if defined (BIND_VERSION)
117	+# if BIND_VERSION == 908
118	+# define DLZ_DLOPEN_VERSION 1
119	+# elif BIND_VERSION == 909
120	+# define DLZ_DLOPEN_VERSION 2
121	+# define DNS_CLIENTINFO_VERSION 1
122	+# define ISC_BOOLEAN_AS_BOOL 0
123	+# elif BIND_VERSION == 910
124	+# define DLZ_DLOPEN_VERSION 3
125	+# define DNS_CLIENTINFO_VERSION 1
126	+# define ISC_BOOLEAN_AS_BOOL 0
127	+# elif BIND_VERSION == 911 \|\| BIND_VERSION == 912
128	+# define DLZ_DLOPEN_VERSION 3
129	+# define DNS_CLIENTINFO_VERSION 2
130	+# define ISC_BOOLEAN_AS_BOOL 0
131	+# elif BIND_VERSION >= 914
132	+# define DLZ_DLOPEN_VERSION 3
133	+# define DNS_CLIENTINFO_VERSION 2
134	+# define ISC_BOOLEAN_AS_BOOL 1
135	+# else
136	+# error Unsupported BIND version
137	+# endif
138	#else
139	# error Unsupported BIND version
140	+# error BIND_VERSION undefined
141	#endif
142
143	#ifndef ISC_BOOLEAN_AS_BOOL
144	--- source4/dns_server/wscript_build.orig 2019-12-06 10:11:08 UTC
145	+++ source4/dns_server/wscript_build
146	@@ -20,7 +20,7 @@ bld.SAMBA_MODULE('service_dns',
147	# a bind9 dlz module giving access to the Samba DNS SAM
148	bld.SAMBA_LIBRARY('dlz_bind9',
149	source='dlz_bind9.c',
150	- cflags='-DBIND_VERSION_9_8',
151	+ cflags='-DBIND_VERSION=908',
152	private_library=True,
153	link_name='modules/bind9/dlz_bind9.so',
154	realname='dlz_bind9.so',
155	@@ -28,69 +28,21 @@ bld.SAMBA_LIBRARY('dlz_bind9',
156	deps='samba-hostconfig samdb-common gensec popt dnsserver_common',
157	enabled=bld.AD_DC_BUILD_IS_ENABLED())
158
159	-bld.SAMBA_LIBRARY('dlz_bind9_9',
160	+for bind_version in (909, 910, 911, 912, 914, 916):
161	+ string_version='%d_%d' % (bind_version//100, bind_version % 100)
162	+ bld.SAMBA_LIBRARY('dlz_bind%s' % (string_version),
163	source='dlz_bind9.c',
164	- cflags='-DBIND_VERSION_9_9',
165	+ cflags='-DBIND_VERSION=%d' % bind_version,
166	private_library=True,
167	- link_name='modules/bind9/dlz_bind9_9.so',
168	- realname='dlz_bind9_9.so',
169	+ link_name='modules/bind9/dlz_bind%s.so' % (string_version),
170	+ realname='dlz_bind%s.so' % (string_version),
171	install_path='${MODULESDIR}/bind9',
172	deps='samba-hostconfig samdb-common gensec popt dnsserver_common',
173	enabled=bld.AD_DC_BUILD_IS_ENABLED())
174
175	-bld.SAMBA_LIBRARY('dlz_bind9_10',
176	- source='dlz_bind9.c',
177	- cflags='-DBIND_VERSION_9_10',
178	- private_library=True,
179	- link_name='modules/bind9/dlz_bind9_10.so',
180	- realname='dlz_bind9_10.so',
181	- install_path='${MODULESDIR}/bind9',
182	- deps='samba-hostconfig samdb-common gensec popt dnsserver_common',
183	- enabled=bld.AD_DC_BUILD_IS_ENABLED())
184	-
185	-bld.SAMBA_LIBRARY('dlz_bind9_11',
186	- source='dlz_bind9.c',
187	- cflags='-DBIND_VERSION_9_11',
188	- private_library=True,
189	- link_name='modules/bind9/dlz_bind9_11.so',
190	- realname='dlz_bind9_11.so',
191	- install_path='${MODULESDIR}/bind9',
192	- deps='samba-hostconfig samdb-common gensec popt dnsserver_common',
193	- enabled=bld.AD_DC_BUILD_IS_ENABLED())
194	-
195	-bld.SAMBA_LIBRARY('dlz_bind9_12',
196	- source='dlz_bind9.c',
197	- cflags='-DBIND_VERSION_9_12',
198	- private_library=True,
199	- link_name='modules/bind9/dlz_bind9_12.so',
200	- realname='dlz_bind9_12.so',
201	- install_path='${MODULESDIR}/bind9',
202	- deps='samba-hostconfig samdb-common gensec popt dnsserver_common',
203	- enabled=bld.AD_DC_BUILD_IS_ENABLED())
204	-
205	-bld.SAMBA_LIBRARY('dlz_bind9_14',
206	- source='dlz_bind9.c',
207	- cflags='-DBIND_VERSION_9_14',
208	- private_library=True,
209	- link_name='modules/bind9/dlz_bind9_14.so',
210	- realname='dlz_bind9_14.so',
211	- install_path='${MODULESDIR}/bind9',
212	- deps='samba-hostconfig samdb-common gensec popt dnsserver_common',
213	- enabled=bld.AD_DC_BUILD_IS_ENABLED())
214	-
215	-bld.SAMBA_LIBRARY('dlz_bind9_16',
216	- source='dlz_bind9.c',
217	- cflags='-DBIND_VERSION_9_16',
218	- private_library=True,
219	- link_name='modules/bind9/dlz_bind9_16.so',
220	- realname='dlz_bind9_16.so',
221	- install_path='${MODULESDIR}/bind9',
222	- deps='samba-hostconfig samdb-common gensec popt dnsserver_common',
223	- enabled=bld.AD_DC_BUILD_IS_ENABLED())
224	-
225	bld.SAMBA_LIBRARY('dlz_bind9_for_torture',
226	source='dlz_bind9.c',
227	- cflags='-DBIND_VERSION_9_8',
228	+ cflags='-DBIND_VERSION=908',
229	private_library=True,
230	deps='samba-hostconfig samdb-common gensec popt dnsserver_common',
231	enabled=bld.AD_DC_BUILD_IS_ENABLED())
232	--- source4/setup/named.conf.dlz.orig 2019-12-06 10:10:31 UTC
233	+++ source4/setup/named.conf.dlz
234	@@ -7,28 +7,10 @@
235
236	#
237	# This configures dynamically loadable zones (DLZ) from AD schema
238	-# Uncomment only single database line, depending on your BIND version
239	#
240	dlz "AD DNS Zone" {
241	- # For BIND 9.8.x
242	- ${BIND9_8} database "dlopen ${MODULESDIR}/bind9/dlz_bind9.so";
243
244	- # For BIND 9.9.x
245	- ${BIND9_9} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_9.so";
246	+${BIND9_DLZ}
247
248	- # For BIND 9.10.x
249	- ${BIND9_10} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_10.so";
250	-
251	- # For BIND 9.11.x
252	- ${BIND9_11} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_11.so";
253	-
254	- # For BIND 9.12.x
255	- ${BIND9_12} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_12.so";
256	-
257	- # For BIND 9.14.x
258	- ${BIND9_14} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_14.so";
259	-
260	- # For BIND 9.16.x
261	- ${BIND9_16} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_16.so";
262	};
263
264	--- source4/torture/dns/wscript_build.orig 2020-04-11 03:26:46 UTC
265	+++ source4/torture/dns/wscript_build
266	@@ -5,7 +5,7 @@ if bld.AD_DC_BUILD_IS_ENABLED():
267	source='dlz_bind9.c',
268	subsystem='smbtorture',
269	init_function='torture_bind_dns_init',
270	- cflags='-DBIND_VERSION_9_8',
271	+ cflags='-DBIND_VERSION=908',
272	deps='torture talloc torturemain dlz_bind9_for_torture',
273	internal_module=True
274	)

Added Link Here

(-)b/net/samba415/files/disabled/patch-buildtools_scripts_abi__gen.sh (+21 lines)
1	--- buildtools/scripts/abi_gen.sh.orig 2019-01-15 10:07:00 UTC
2	+++ buildtools/scripts/abi_gen.sh
3	@@ -9,13 +9,14 @@ GDBSCRIPT="gdb_syms.$$"
4	cat <<EOF
5	set height 0
6	set width 0
7	+set print sevenbit-strings on
8	EOF
9	-nm "$SHAREDLIB" \| cut -d' ' -f2- \| egrep '^[BDGTRVWS]' \| grep -v @ \| egrep -v ' (__bss_start\|_edata\|_init\|_fini\|_end)' \| cut -c3- \| sort \| while read s; do
10	- echo "echo $s: "
11	- echo p $s
12	+nm "$SHAREDLIB" \| cut -d" " -f2- \| awk '/^[BDGTRVWS]/ && !/@\|__bss_start\|_edata\|_init\|_fini\|_end/ { print $2 }' \| sort \| while read s; do
13	+ echo "echo $s:\\ "
14	+ echo whatis $s
15	done
16	) > $GDBSCRIPT
17
18	# forcing the terminal avoids a problem on Fedora12
19	-TERM=none gdb -n -batch -x $GDBSCRIPT "$SHAREDLIB" < /dev/null
20	+TERM=none %%GDB_CMD%% -n -batch -x $GDBSCRIPT "$SHAREDLIB" < /dev/null \| sed -e 's/:type =/:/g'
21	rm -f $GDBSCRIPT

Added Link Here

(-)b/net/samba415/files/disabled/patch-buildtools_wafsamba_samba__autoconf.py (+35 lines)
1	--- buildtools/wafsamba/samba_autoconf.py.orig 2019-08-20 15:35:08 UTC
2	+++ buildtools/wafsamba/samba_autoconf.py
3	@@ -573,7 +573,7 @@ def library_flags(self, libs):
4
5
6	@conf
7	-def CHECK_LIB(conf, libs, mandatory=False, empty_decl=True, set_target=True, shlib=False):
8	+def CHECK_LIB(conf, libs, mandatory=False, empty_decl=True, set_target=True, shlib=False, msg=None):
9	'''check if a set of libraries exist as system libraries
10
11	returns the sublist of libs that do exist as a syslib or []
12	@@ -593,11 +593,14 @@ int foo()
13	ret.append(lib)
14	continue
15
16	+ if msg is None:
17	+ msg = 'Checking for library %s' % lib
18	+
19	(ccflags, ldflags, cpppath) = library_flags(conf, lib)
20	if shlib:
21	- res = conf.check(features='c cshlib', fragment=fragment, lib=lib, uselib_store=lib, cflags=ccflags, ldflags=ldflags, uselib=lib.upper(), mandatory=False)
22	+ res = conf.check(features='c cshlib', fragment=fragment, lib=lib, uselib_store=lib, cflags=ccflags, ldflags=ldflags, uselib=lib.upper(), mandatory=False, msg=msg)
23	else:
24	- res = conf.check(lib=lib, uselib_store=lib, cflags=ccflags, ldflags=ldflags, uselib=lib.upper(), mandatory=False)
25	+ res = conf.check(lib=lib, uselib_store=lib, cflags=ccflags, ldflags=ldflags, uselib=lib.upper(), mandatory=False, msg=msg)
26
27	if not res:
28	if mandatory:
29	@@ -949,5 +952,5 @@ def SAMBA_CHECK_UNDEFINED_SYMBOL_FLAGS(c
30	conf.env.undefined_ldflags = conf.ADD_LDFLAGS('-Wl,-no-undefined', testflags=True)
31
32	if (conf.env.undefined_ignore_ldflags == [] and
33	- conf.CHECK_LDFLAGS(['-undefined', 'dynamic_lookup'])):
34	+ conf.CHECK_LDFLAGS(['-undefined', 'dynamic_lookup'] + conf.env.WERROR_CFLAGS)):
35	conf.env.undefined_ignore_ldflags = ['-undefined', 'dynamic_lookup']

Added Link Here

(-)b/net/samba415/files/disabled/patch-buildtools_wafsamba_wscript (+22 lines)
1	--- buildtools/wafsamba/wscript.orig 2019-01-15 10:07:00 UTC
2	+++ buildtools/wafsamba/wscript
3	@@ -80,12 +80,17 @@ def options(opt):
4	help=("private library directory [PREFIX/lib/%s]" % Context.g_module.APPNAME),
5	action="store", dest='PRIVATELIBDIR', default=None)
6
7	+ opt.add_option('--with-openldap',
8	+ help='additional directory to search for OpenLDAP libs',
9	+ action='store', dest='ldap_open', default=None,
10	+ match = ['Checking for library lber', 'Checking for library ldap'])
11	+
12	opt.add_option('--with-libiconv',
13	help='additional directory to search for libiconv',
14	- action='store', dest='iconv_open', default='/usr/local',
15	+ action='store', dest='iconv_open', default=None,
16	match = ['Checking for library iconv', 'Checking for iconv_open', 'Checking for header iconv.h'])
17	opt.add_option('--without-gettext',
18	- help=("Disable use of gettext"),
19	+ help=("disable use of gettext"),
20	action="store_true", dest='disable_gettext', default=False)
21
22	gr = opt.option_group('developer options')

Added Link Here

(-)b/net/samba415/files/disabled/patch-ctdb_wscript (+62 lines)
1	--- ctdb/wscript.orig 2020-01-31 10:25:36 UTC
2	+++ ctdb/wscript
3	@@ -104,6 +104,9 @@ def options(opt):
4	opt.add_option('--enable-ceph-reclock',
5	help=("Enable Ceph CTDB recovery lock helper (default=no)"),
6	action="store_true", dest='ctdb_ceph_reclock', default=False)
7	+ opt.add_option('--disable-ctdb-tests',
8	+ help=("Disable CTDB tests (default=no)"),
9	+ action="store_true", dest='ctdb_no_tests', default=False)
10
11	opt.add_option('--with-logdir',
12	help=("Path to log directory"),
13	@@ -261,7 +264,7 @@ def configure(conf):
14
15	if Options.options.ctdb_ceph_reclock:
16	if (conf.CHECK_HEADERS('rados/librados.h', False, False, 'rados') and
17	- conf.CHECK_LIB('rados', shlib=True)):
18	+ conf.CHECK_LIB('rados', shlib=True)):
19	Logs.info('Building with Ceph librados recovery lock support')
20	conf.define('HAVE_LIBRADOS', 1)
21	else:
22	@@ -300,9 +303,15 @@ def configure(conf):
23	conf.env.CTDB_VARDIR,
24	conf.env.CTDB_RUNDIR))
25
26	- conf.env.CTDB_TEST_DATADIR = os.path.join(conf.env.CTDB_DATADIR, 'tests')
27	- conf.env.CTDB_TEST_LIBEXECDIR = os.path.join(conf.env.LIBEXECDIR, 'ctdb/tests')
28	+ if Options.options.ctdb_no_tests:
29	+ conf.env.ctdb_tests = False
30	+ else:
31	+ conf.env.ctdb_tests = True
32
33	+ if conf.env.ctdb_tests:
34	+ conf.env.CTDB_TEST_DATADIR = os.path.join(conf.env.CTDB_DATADIR, 'tests')
35	+ conf.env.CTDB_TEST_LIBEXECDIR = os.path.join(conf.env.LIBEXECDIR, 'ctdb/tests')
36	+
37	# Allow unified compilation and separate compilation of utilities
38	# to find includes
39	if not conf.env.standalone_ctdb:
40	@@ -681,9 +690,9 @@ def build(bld):
41	if bld.env.HAVE_LIBRADOS:
42	bld.SAMBA_BINARY('ctdb_mutex_ceph_rados_helper',
43	source='utils/ceph/ctdb_mutex_ceph_rados_helper.c',
44	- deps='talloc tevent rados',
45	- includes='include',
46	- install_path='${CTDB_HELPER_BINDIR}')
47	+ deps='talloc tevent rados',
48	+ includes='include',
49	+ install_path='${CTDB_HELPER_BINDIR}')
50
51	sed_expr1 = 's\|/usr/local/var/lib/ctdb\|%s\|g' % (bld.env.CTDB_VARDIR)
52	sed_expr2 = 's\|/usr/local/etc/ctdb\|%s\|g' % (bld.env.CTDB_ETCDIR)
53	@@ -859,6 +868,9 @@ def build(bld):
54
55	for d in ['volatile', 'persistent', 'state']:
56	bld.INSTALL_DIR(os.path.join(bld.env.CTDB_VARDIR, d))
57	+
58	+ if not bld.env.ctdb_tests:
59	+ return
60
61	bld.SAMBA_BINARY('errcode',
62	source='tests/src/errcode.c',

Added Link Here

(-)b/net/samba415/files/disabled/patch-dwrap (+96 lines)
1	--- lib/dbwrap/dbwrap.c.orig 2019-01-15 10:07:00 UTC
2	+++ lib/dbwrap/dbwrap.c
3	@@ -28,6 +28,9 @@
4	#include "lib/util/util_tdb.h"
5	#include "lib/util/tevent_ntstatus.h"
6
7	+#undef DBGC_CLASS
8	+#define DBGC_CLASS DBGC_LOCKING
9	+
10	/*
11	* Fall back using fetch if no genuine exists operation is provided
12	*/
13	--- lib/dbwrap/dbwrap_local_open.c.orig 2019-01-15 10:07:00 UTC
14	+++ lib/dbwrap/dbwrap_local_open.c
15	@@ -23,6 +23,9 @@
16	#include "dbwrap/dbwrap_tdb.h"
17	#include "tdb.h"
18
19	+#undef DBGC_CLASS
20	+#define DBGC_CLASS DBGC_LOCKING
21	+
22	struct db_context dbwrap_local_open(TALLOC_CTX mem_ctx,
23	const char *name,
24	int hash_size, int tdb_flags,
25	--- lib/dbwrap/dbwrap_rbt.c.orig 2019-01-15 10:07:00 UTC
26	+++ lib/dbwrap/dbwrap_rbt.c
27	@@ -24,6 +24,9 @@
28	#include "../lib/util/rbtree.h"
29	#include "../lib/util/dlinklist.h"
30
31	+#undef DBGC_CLASS
32	+#define DBGC_CLASS DBGC_LOCKING
33	+
34	#define DBWRAP_RBT_ALIGN(_size_) (((_size_)+15)&~15)
35
36	struct db_rbt_ctx {
37	--- lib/dbwrap/dbwrap_tdb.c.orig 2019-01-15 10:07:00 UTC
38	+++ lib/dbwrap/dbwrap_tdb.c
39	@@ -27,6 +27,9 @@
40	#include "lib/param/param.h"
41	#include "libcli/util/error.h"
42
43	+#undef DBGC_CLASS
44	+#define DBGC_CLASS DBGC_LOCKING
45	+
46	struct db_tdb_ctx {
47	struct tdb_wrap *wtdb;
48
49	--- lib/dbwrap/dbwrap_util.c.orig 2019-01-15 10:07:00 UTC
50	+++ lib/dbwrap/dbwrap_util.c
51	@@ -26,6 +26,9 @@
52	#include "dbwrap.h"
53	#include "lib/util/util_tdb.h"
54
55	+#undef DBGC_CLASS
56	+#define DBGC_CLASS DBGC_LOCKING
57	+
58	struct dbwrap_fetch_int32_state {
59	NTSTATUS status;
60	int32_t result;
61	--- source3/lib/dbwrap/dbwrap_ctdb.c.orig 2019-01-15 10:07:00 UTC
62	+++ source3/lib/dbwrap/dbwrap_ctdb.c
63	@@ -38,6 +38,9 @@
64	#include "lib/cluster_support.h"
65	#include "lib/util/tevent_ntstatus.h"
66
67	+#undef DBGC_CLASS
68	+#define DBGC_CLASS DBGC_LOCKING
69	+
70	struct db_ctdb_transaction_handle {
71	struct db_ctdb_ctx *ctx;
72	/*
73	--- source3/lib/dbwrap/dbwrap_open.c.orig 2019-01-15 10:07:00 UTC
74	+++ source3/lib/dbwrap/dbwrap_open.c
75	@@ -31,6 +31,9 @@
76	#include "ctdbd_conn.h"
77	#include "messages.h"
78
79	+#undef DBGC_CLASS
80	+#define DBGC_CLASS DBGC_LOCKING
81	+
82	bool db_is_local(const char *name)
83	{
84	const char *sockname = lp_ctdbd_socket();
85	--- source3/lib/dbwrap/dbwrap_watch.c.orig 2019-01-15 10:07:00 UTC
86	+++ source3/lib/dbwrap/dbwrap_watch.c
87	@@ -28,6 +28,9 @@
88	#include "server_id_watch.h"
89	#include "lib/dbwrap/dbwrap_private.h"
90
91	+#undef DBGC_CLASS
92	+#define DBGC_CLASS DBGC_LOCKING
93	+
94	struct dbwrap_watcher {
95	/*
96	* Process watching this record

Added Link Here

(-)b/net/samba415/files/disabled/patch-dynconfig_wscript (+31 lines)
1	--- dynconfig/wscript.orig 2019-01-15 10:07:00 UTC
2	+++ dynconfig/wscript
3	@@ -141,6 +141,8 @@ dynconfig = {
4	'PKGCONFIGDIR' : {
5	'STD-PATH': '${LIBDIR}/pkgconfig',
6	'FHS-PATH': '${LIBDIR}/pkgconfig',
7	+ 'OPTION': '--with-pkgconfigdir',
8	+ 'HELPTEXT': 'Where to put .pc files',
9	},
10	'CODEPAGEDIR' : {
11	'STD-PATH': '${DATADIR}/codepages',
12	@@ -247,8 +249,8 @@ dynconfig = {
13	'DELAY': True,
14	},
15	'CONFIGFILE' : {
16	- 'STD-PATH': '${CONFIGDIR}/smb.conf',
17	- 'FHS-PATH': '${CONFIGDIR}/smb.conf',
18	+ 'STD-PATH': '${CONFIGDIR}/%%SAMBA4_CONFIG%%',
19	+ 'FHS-PATH': '${CONFIGDIR}/%%SAMBA4_CONFIG%%',
20	'DELAY': True,
21	},
22	'LMHOSTSFILE' : {
23	@@ -307,9 +309,6 @@ def configure(conf):
24	flavor = 'FHS-PATH'
25	else:
26	flavor = 'STD-PATH'
27	- if conf.env.PREFIX == '/usr' or conf.env.PREFIX == '/usr/local':
28	- Logs.error("Don't install directly under /usr or /usr/local without using the FHS option (--enable-fhs)")
29	- raise Errors.WafError("ERROR: invalid --prefix=%s value" % (conf.env.PREFIX))
30
31	explicit_set ={}

Added Link Here

(-)b/net/samba415/files/disabled/patch-lib_ldb_ldb__key__value_ldb__kv__cache.c (+13 lines)
1	--- lib/ldb/ldb_key_value/ldb_kv_cache.c.orig 2019-01-15 10:07:00 UTC
2	+++ lib/ldb/ldb_key_value/ldb_kv_cache.c
3	@@ -90,7 +90,9 @@ static int ldb_schema_attribute_compare(
4	{
5	const struct ldb_schema_attribute sa1 = (const struct ldb_schema_attribute )p1;
6	const struct ldb_schema_attribute sa2 = (const struct ldb_schema_attribute )p2;
7	- return ldb_attr_cmp(sa1->name, sa2->name);
8	+ int res = ldb_attr_cmp(sa1->name, sa2->name);
9	+
10	+ return (res) ? res : (sa1->flags > sa2->flags) ? 1 : (sa1->flags < sa2->flags) ? -1 : 0;
11	}
12
13	/*

Added Link Here

(-)b/net/samba415/files/disabled/patch-lib_ldb_wscript (+61 lines)
1	--- lib/ldb/wscript.orig 2019-07-08 12:47:51 UTC
2	+++ lib/ldb/wscript
3	@@ -207,7 +207,7 @@ def build(bld):
4	if bld.env.standalone_ldb:
5	if not 'PACKAGE_VERSION' in bld.env:
6	bld.env.PACKAGE_VERSION = VERSION
7	- bld.env.PKGCONFIGDIR = '${LIBDIR}/pkgconfig'
8	+ bld.env.PKGCONFIGDIR = '%%PKGCONFIGDIR%%'
9	private_library = False
10	else:
11	private_library = True
12	@@ -284,7 +284,6 @@ def build(bld):
13	pc_files='ldb.pc',
14	vnum=VERSION,
15	private_library=private_library,
16	- manpages='man/ldb.3',
17	abi_directory='ABI',
18	abi_match = abi_match)
19
20	@@ -437,7 +436,7 @@ def build(bld):
21
22	LDB_TOOLS='ldbadd ldbsearch ldbdel ldbmodify ldbedit ldbrename'
23	for t in LDB_TOOLS.split():
24	- bld.SAMBA_BINARY(t, 'tools/%s.c' % t, deps='ldb-cmdline ldb',
25	+ bld.SAMBA_BINARY('samba-%s' % t, 'tools/%s.c' % t, deps='ldb-cmdline ldb',
26	manpages='man/%s.1' % t)
27
28	# ldbtest doesn't get installed
29	@@ -449,10 +448,10 @@ def build(bld):
30	else:
31	lmdb_deps = ''
32	# ldbdump doesn't get installed
33	- bld.SAMBA_BINARY('ldbdump',
34	+ bld.SAMBA_BINARY('samba-ldbdump',
35	'tools/ldbdump.c',
36	deps='ldb-cmdline ldb' + lmdb_deps,
37	- install=False)
38	+ install=True)
39
40	bld.SAMBA_LIBRARY('ldb-cmdline',
41	source='tools/ldbutil.c tools/cmdline.c',
42	@@ -497,11 +496,6 @@ def build(bld):
43	deps='cmocka ldb',
44	install=False)
45
46	- bld.SAMBA_BINARY('ldb_match_test',
47	- source='tests/ldb_match_test.c',
48	- deps='cmocka ldb',
49	- install=False)
50	-
51	bld.SAMBA_BINARY('ldb_key_value_test',
52	source='tests/ldb_key_value_test.c',
53	deps='cmocka ldb ldb_tdb_err_map',
54	@@ -609,7 +603,6 @@ def test(ctx):
55	'ldb_msg_test',
56	'ldb_tdb_kv_ops_test',
57	'ldb_tdb_test',
58	- 'ldb_match_test',
59	'ldb_key_value_test',
60	# we currently don't run ldb_key_value_sub_txn_tdb_test as it
61	# tests the nested/sub transaction handling

Added Link Here

(-)b/net/samba415/files/disabled/patch-lib_talloc_talloc.c (+20 lines)
1	--- lib/talloc/talloc.c.orig 2019-01-15 10:07:00 UTC
2	+++ lib/talloc/talloc.c
3	@@ -391,6 +391,9 @@ void talloc_lib_init(void) __attribute__
4	void talloc_lib_init(void)
5	{
6	uint32_t random_value;
7	+#if defined(HAVE_ARC4RANDOM)
8	+ random_value = arc4random();
9	+#else
10	#if defined(HAVE_GETAUXVAL) && defined(AT_RANDOM)
11	uint8_t *p;
12	/*
13	@@ -424,6 +427,7 @@ void talloc_lib_init(void)
14	*/
15	random_value = ((uintptr_t)talloc_lib_init & 0xFFFFFFFF);
16	}
17	+#endif /* HAVE_ARC4RANDOM */
18	talloc_magic = random_value & ~TALLOC_FLAG_MASK;
19	}
20	#else

Added Link Here

(-)b/net/samba415/files/disabled/patch-lib_talloc_wscript (+17 lines)
1	--- lib/talloc/wscript.orig 2019-05-07 08:38:21 UTC
2	+++ lib/talloc/wscript
3	@@ -45,13 +45,14 @@ def configure(conf):
4	conf.env.TALLOC_COMPAT1 = False
5	if conf.env.standalone_talloc:
6	conf.env.TALLOC_COMPAT1 = Options.options.TALLOC_COMPAT1
7	- conf.env.PKGCONFIGDIR = '${LIBDIR}/pkgconfig'
8	+ conf.env.PKGCONFIGDIR = '%%PKGCONFIGDIR%%'
9	conf.env.TALLOC_VERSION = VERSION
10
11	conf.CHECK_XSLTPROC_MANPAGES()
12
13	conf.CHECK_HEADERS('sys/auxv.h')
14	conf.CHECK_FUNCS('getauxval')
15	+ conf.CHECK_FUNCS('arc4random')
16
17	conf.SAMBA_CONFIG_H()

Added Link Here

(-)b/net/samba415/files/disabled/patch-lib_tdb_wscript (+26 lines)
1	--- lib/tdb/wscript.orig 2019-07-02 22:39:54 UTC
2	+++ lib/tdb/wscript
3	@@ -145,20 +145,20 @@ def build(bld):
4	'tdb',
5	install=False)
6
7	- bld.SAMBA_BINARY('tdbrestore',
8	+ bld.SAMBA_BINARY('samba-tdbrestore',
9	'tools/tdbrestore.c',
10	'tdb', manpages='man/tdbrestore.8')
11
12	- bld.SAMBA_BINARY('tdbdump',
13	+ bld.SAMBA_BINARY('samba-tdbdump',
14	'tools/tdbdump.c',
15	'tdb', manpages='man/tdbdump.8')
16
17	- bld.SAMBA_BINARY('tdbbackup',
18	+ bld.SAMBA_BINARY('samba-tdbbackup',
19	'tools/tdbbackup.c',
20	'tdb',
21	manpages='man/tdbbackup.8')
22
23	- bld.SAMBA_BINARY('tdbtool',
24	+ bld.SAMBA_BINARY('samba-tdbtool',
25	'tools/tdbtool.c',
26	'tdb', manpages='man/tdbtool.8')

Added Link Here

(-)b/net/samba415/files/disabled/patch-linuxisms (+91 lines)
1	--- libcli/http/http.c.orig 2020-07-09 13:33:56
2	+++ libcli/http/http.c
3	@@ -141,7 +141,19 @@ static enum http_read_status http_parse_headers(struct
4	return HTTP_ALL_DATA_READ;
5	}
6
7	+#ifdef FREEBSD
8	+ int s0, s1, s2, s3; s0 = s1 = s2 = s3 = 0;
9	+ n = sscanf(line, "%n%[^:]%n: %n%[^\r\n]%n\r\n", &s0, &s1, &s2, &s3);
10	+
11	+ if(n >= 0) {
12	+ key = calloc(sizeof(char), s1-s0+1);
13	+ value = calloc(sizeof(char), s3-s2+1);
14	+
15	+ n = sscanf(line, "%[^:]: %[^\r\n]\r\n", key, value);
16	+ }
17	+#else
18	n = sscanf(line, "%m[^:]: %m[^\r\n]\r\n", &key, &value);
19	+#endif
20	if (n != 2) {
21	DEBUG(0, ("%s: Error parsing header '%s'\n", __func__, line));
22	status = HTTP_DATA_CORRUPTED;
23	@@ -167,7 +179,7 @@ error:
24	static bool http_parse_response_line(struct http_read_response_state *state)
25	{
26	bool status = true;
27	- char *protocol;
28	+ char *protocol = NULL;
29	char *msg = NULL;
30	char major;
31	char minor;
32	@@ -187,18 +199,32 @@ static bool http_parse_response_line(struct http_read_
33	return false;
34	}
35
36	+#ifdef FREEBSD
37	+ int s0, s1, s2, s3; s0 = s1 = s2 = s3 = 0;
38	+ n = sscanf(line, "%n%[^/]%n/%c.%c %d %n%[^\r\n]%n\r\n",
39	+ &s0, &s1, &major, &minor, &code, &s2, &s3);
40	+
41	+ if(n == 3) {
42	+ protocol = calloc(sizeof(char), s1-s0+1);
43	+ msg = calloc(sizeof(char), s3-s2+1);
44	+
45	+ n = sscanf(line, "%[^/]/%c.%c %d %[^\r\n]\r\n",
46	+ protocol, &major, &minor, &code, msg);
47	+ }
48	+#else
49	n = sscanf(line, "%m[^/]/%c.%c %d %m[^\r\n]\r\n",
50	&protocol, &major, &minor, &code, &msg);
51	+#endif
52
53	- DEBUG(11, ("%s: Header parsed(%i): protocol->%s, major->%c, minor->%c, "
54	- "code->%d, message->%s\n", __func__, n, protocol, major, minor,
55	- code, msg));
56	-
57	if (n != 5) {
58	DEBUG(0, ("%s: Error parsing header\n", __func__));
59	status = false;
60	goto error;
61	}
62	+
63	+ DEBUG(11, ("%s: Header parsed(%i): protocol->%s, major->%c, minor->%c, "
64	+ "code->%d, message->%s\n", __func__, n, protocol, major, minor,
65	+ code, msg));
66
67	if (major != '1') {
68	DEBUG(0, ("%s: Bad HTTP major number '%c'\n", __func__, major));
69	--- source4/libcli/ldap/ldap_client.c.orig 2020-07-09 13:33:56
70	+++ source4/libcli/ldap/ldap_client.c
71	@@ -402,8 +402,20 @@ static int ldap_parse_basic_url(
72	*pport = port;
73	return 0;
74	}
75	+#ifdef FREEBSD
76	+ int s0, s1; s0 = s1 = 0;
77	+ ret = sscanf(url, "%n%*[^:/]%n:%d", &s0, &s1, &port);
78
79	+ if(ret >= 0) {
80	+ host = calloc(sizeof(char), s1 - s0 + 1);
81	+ if (host == NULL) {
82	+ return ENOMEM;
83	+ }
84	+ ret = sscanf(url, "%[^:/]:%d", host, &port);
85	+ }
86	+#else
87	ret = sscanf(url, "%m[^:/]:%d", &host, &port);
88	+#endif
89	if (ret < 1) {
90	return EINVAL;
91	}

Added Link Here

(-)b/net/samba415/files/disabled/patch-listen-backlog (+94 lines)
1	--- lib/tevent/echo_server.c.orig 2019-01-15 10:07:00 UTC
2	+++ lib/tevent/echo_server.c
3	@@ -633,7 +633,7 @@ int main(int argc, const char **argv)
4	exit(1);
5	}
6
7	- ret = listen(listen_sock, 5);
8	+ ret = listen(listen_sock, DEFAULT_LISTEN_BACKLOG);
9	if (ret == -1) {
10	perror("listen() failed");
11	exit(1);
12	--- source3/include/local.h.orig 2019-01-15 10:07:00 UTC
13	+++ source3/include/local.h
14	@@ -173,7 +173,18 @@
15	#define WINBIND_SERVER_MUTEX_WAIT_TIME (( ((NUM_CLI_AUTH_CONNECT_RETRIES) * ((CLI_AUTH_TIMEOUT)/1000)) + 5)*2)
16
17	/* size of listen() backlog in smbd */
18	+#if defined (FREEBSD)
19	+#define SMBD_LISTEN_BACKLOG -1
20	+#else
21	#define SMBD_LISTEN_BACKLOG 50
22	+#endif
23	+
24	+/* size of listen() default backlog */
25	+#if defined (FREEBSD)
26	+#define DEFAULT_LISTEN_BACKLOG -1
27	+#else
28	+#define DEFAULT_LISTEN_BACKLOG 5
29	+#endif
30
31	/* Number of microseconds to wait before a sharing violation. */
32	#define SHARING_VIOLATION_USEC_WAIT 950000
33	--- source3/libsmb/unexpected.c.orig 2019-01-15 10:07:00 UTC
34	+++ source3/libsmb/unexpected.c
35	@@ -95,7 +95,7 @@ NTSTATUS nb_packet_server_create(TALLOC_
36	status = map_nt_error_from_unix(errno);
37	goto fail;
38	}
39	- rc = listen(result->listen_sock, 5);
40	+ rc = listen(result->listen_sock, DEFAULT_LISTEN_BACKLOG);
41	if (rc < 0) {
42	status = map_nt_error_from_unix(errno);
43	goto fail;
44	--- source3/rpc_server/rpc_server.c.orig 2019-01-15 10:07:00 UTC
45	+++ source3/rpc_server/rpc_server.c
46	@@ -158,7 +158,7 @@ bool setup_named_pipe_socket(const char
47	goto out;
48	}
49
50	- rc = listen(state->fd, 5);
51	+ rc = listen(state->fd, DEFAULT_LISTEN_BACKLOG);
52	if (rc < 0) {
53	DEBUG(0, ("Failed to listen on pipe socket %s: %s\n",
54	pipe_name, strerror(errno)));
55	@@ -830,7 +830,7 @@ bool setup_dcerpc_ncalrpc_socket(struct
56	goto out;
57	}
58
59	- rc = listen(state->fd, 5);
60	+ rc = listen(state->fd, DEFAULT_LISTEN_BACKLOG);
61	if (rc < 0) {
62	DEBUG(0, ("Failed to listen on ncalrpc socket %s: %s\n",
63	name, strerror(errno)));
64	--- source3/utils/smbfilter.c.orig 2019-01-15 10:07:00 UTC
65	+++ source3/utils/smbfilter.c
66	@@ -291,7 +291,7 @@ static void start_filter(char *desthost)
67	exit(1);
68	}
69
70	- if (listen(s, 5) == -1) {
71	+ if (listen(s, DEFAULT_LISTEN_BACKLOG) == -1) {
72	d_printf("listen failed\n");
73	}
74
75	--- source3/winbindd/winbindd.c.orig 2019-01-15 10:07:00 UTC
76	+++ source3/winbindd/winbindd.c
77	@@ -1317,7 +1317,7 @@ static bool winbindd_setup_listeners(voi
78	if (pub_state->fd == -1) {
79	goto failed;
80	}
81	- rc = listen(pub_state->fd, 5);
82	+ rc = listen(pub_state->fd, DEFAULT_LISTEN_BACKLOG);
83	if (rc < 0) {
84	goto failed;
85	}
86	@@ -1349,7 +1349,7 @@ static bool winbindd_setup_listeners(voi
87	if (priv_state->fd == -1) {
88	goto failed;
89	}
90	- rc = listen(priv_state->fd, 5);
91	+ rc = listen(priv_state->fd, DEFAULT_LISTEN_BACKLOG);
92	if (rc < 0) {
93	goto failed;
94	}

Added Link Here

(-)b/net/samba415/files/disabled/patch-mdns (+532 lines)
1	From 923bc7a1afeb0b920e60e14846987ae1d2d7dca4 Mon Sep 17 00:00:00 2001
2	From: John Hixson <john@ixsystems.com>
3	Date: Thu, 7 Dec 2017 09:36:32 -0500
4	Subject: [PATCH] Freenas/master mdns fixes (#22)
5
6	* mDNS fixes for Samba (work in progress).
7
8	* Fix mDNS - Can advertise on individual interfaces
9
10	* Fix mDNS browsing in smbclient
11
12	Signed-off-by: Timur I. Bakeyev <timur@iXsystems.com>
13
14	--- source3/client/dnsbrowse.c.orig 2019-01-15 10:07:00 UTC
15	+++ source3/client/dnsbrowse.c
16	@@ -39,6 +39,7 @@ struct mdns_smbsrv_result
17	struct mdns_browse_state
18	{
19	struct mdns_smbsrv_result listhead; / Browse result list head */
20	+ TALLOC_CTX * ctx;
21	int browseDone;
22
23	};
24	@@ -64,7 +65,7 @@ static void do_smb_resolve(struct mdns_s
25	struct timeval tv;
26	DNSServiceErrorType err;
27
28	- TALLOC_CTX * ctx = talloc_tos();
29	+ TALLOC_CTX * ctx = talloc_new(NULL);
30
31	err = DNSServiceResolve(&mdns_conn_sdref, 0 /* flags */,
32	browsesrv->ifIndex,
33	@@ -91,7 +92,7 @@ static void do_smb_resolve(struct mdns_s
34	}
35	}
36
37	- TALLOC_FREE(fdset);
38	+ TALLOC_FREE(ctx);
39	DNSServiceRefDeallocate(mdns_conn_sdref);
40	}
41
42	@@ -124,18 +125,19 @@ do_smb_browse_reply(DNSServiceRef sdRef,
43	return;
44	}
45
46	- bresult = talloc_array(talloc_tos(), struct mdns_smbsrv_result, 1);
47	+ bresult = talloc_array(bstatep->ctx, struct mdns_smbsrv_result, 1);
48	if (bresult == NULL) {
49	return;
50	}
51
52	+ bresult->nextResult = NULL;
53	if (bstatep->listhead != NULL) {
54	bresult->nextResult = bstatep->listhead;
55	}
56
57	- bresult->serviceName = talloc_strdup(talloc_tos(), serviceName);
58	- bresult->regType = talloc_strdup(talloc_tos(), regtype);
59	- bresult->domain = talloc_strdup(talloc_tos(), replyDomain);
60	+ bresult->serviceName = talloc_strdup(bstatep->ctx, serviceName);
61	+ bresult->regType = talloc_strdup(bstatep->ctx, regtype);
62	+ bresult->domain = talloc_strdup(bstatep->ctx, replyDomain);
63	bresult->ifIndex = interfaceIndex;
64	bstatep->listhead = bresult;
65	}
66	@@ -151,10 +153,13 @@ int do_smb_browse(void)
67	DNSServiceRef mdns_conn_sdref = NULL;
68	DNSServiceErrorType err;
69
70	- TALLOC_CTX * ctx = talloc_stackframe();
71	+ TALLOC_CTX * ctx = talloc_new(NULL);
72
73	ZERO_STRUCT(bstate);
74
75	+ bstate.ctx = ctx;
76	+ bstate.listhead = NULL;
77	+
78	err = DNSServiceBrowse(&mdns_conn_sdref, 0, 0, "_smb._tcp", "",
79	do_smb_browse_reply, &bstate);
80
81	--- source3/smbd/dnsregister.c.orig 2019-01-15 10:07:00 UTC
82	+++ source3/smbd/dnsregister.c
83	@@ -29,6 +29,29 @@
84	* browse for advertised SMB services.
85	*/
86
87	+/*
88	+ * Time Machine Errata:
89	+ * sys=adVF=0x100 -- this is required when ._adisk._tcp is present on device. When it is
90	+ * set, the MacOS client will send a NetShareEnumAll IOCTL and shares will be visible.
91	+ * Otherwise, Finder will only see the Time Machine share. In the absence of ._adisk._tcp
92	+ * MacOS will _always_ send NetShareEnumAll IOCTL.
93	+ *
94	+ * waMa=0 -- MacOS server uses waMa=0, while embedded devices have it set to their Mac Address.
95	+ * Speculation in Samba-Technical indicates that this stands for "Wireless AirDisk Mac Address".
96	+ *
97	+ * adVU -- AirDisk Volume UUID. Mac OS servers generate a UUID. Time machine over SMB works without one
98	+ * set. Netatalk generates a UUID and stores it persistently in afp_voluuid.conf. This can be
99	+ * set by adding the share parameter "fruit:volume_uuid = "
100	+ *
101	+ * dk(n)=adVF=
102	+ * 0xa1, 0x81 - AFP support
103	+ * 0xa2, 0x82 - SMB support
104	+ * 0xa3, 0x83 - AFP and SMB support
105	+ *
106	+ * adVN -- AirDisk Volume Name. We set this to the share name.
107	+ *
108	+ */
109	+
110	#define DNS_REG_RETRY_INTERVAL (560) / in seconds */
111
112	#ifdef WITH_DNSSD_SUPPORT
113	@@ -36,85 +59,177 @@
114	#include <dns_sd.h>
115
116	struct dns_reg_state {
117	- struct tevent_context *event_ctx;
118	- uint16_t port;
119	- DNSServiceRef srv_ref;
120	- struct tevent_timer *te;
121	- int fd;
122	- struct tevent_fd *fde;
123	+ int count;
124	+ struct reg_state {
125	+ DNSServiceRef srv_ref;
126	+ TALLOC_CTX *mem_ctx;
127	+ struct tevent_context *event_ctx;
128	+ struct tevent_timer *te;
129	+ struct tevent_fd *fde;
130	+ uint16_t port;
131	+ int if_index;
132	+ int fd;
133	+ } *drs;
134	};
135
136	-static int dns_reg_state_destructor(struct dns_reg_state *dns_state)
137	+static void dns_register_smbd_retry(struct tevent_context *ctx,
138	+ struct tevent_timer *te,
139	+ struct timeval now,
140	+ void *private_data);
141	+static void dns_register_smbd_fde_handler(struct tevent_context *ev,
142	+ struct tevent_fd *fde,
143	+ uint16_t flags,
144	+ void *private_data);
145	+
146	+
147	+static int reg_state_destructor(struct reg_state *state)
148	{
149	- if (dns_state->srv_ref != NULL) {
150	+ if (state == NULL) {
151	+ return -1;
152	+ }
153	+
154	+ if (state->srv_ref != NULL) {
155	/* Close connection to the mDNS daemon */
156	- DNSServiceRefDeallocate(dns_state->srv_ref);
157	- dns_state->srv_ref = NULL;
158	+ DNSServiceRefDeallocate(state->srv_ref);
159	+ state->srv_ref = NULL;
160	}
161
162	/* Clear event handler */
163	- TALLOC_FREE(dns_state->te);
164	- TALLOC_FREE(dns_state->fde);
165	- dns_state->fd = -1;
166	+ TALLOC_FREE(state->te);
167	+ TALLOC_FREE(state->fde);
168	+ state->fd = -1;
169
170	return 0;
171	}
172
173	-static void dns_register_smbd_retry(struct tevent_context *ctx,
174	- struct tevent_timer *te,
175	- struct timeval now,
176	- void *private_data);
177	-static void dns_register_smbd_fde_handler(struct tevent_context *ev,
178	- struct tevent_fd *fde,
179	- uint16_t flags,
180	- void *private_data);
181	+int TXTRecordPrintf(TXTRecordRef * rec, const char * key, const char * fmt, ... )
182	+{
183	+ int ret = 0;
184	+ char *str;
185	+ va_list ap;
186	+ va_start( ap, fmt );
187
188	-static bool dns_register_smbd_schedule(struct dns_reg_state *dns_state,
189	+ if( 0 > vasprintf(&str, fmt, ap ) ) {
190	+ va_end(ap);
191	+ return -1;
192	+ }
193	+ va_end(ap);
194	+
195	+ if( kDNSServiceErr_NoError != TXTRecordSetValue(rec, key, strlen(str), str) ) {
196	+ ret = -1;
197	+ }
198	+
199	+ free(str);
200	+ return ret;
201	+}
202	+
203	+int TXTRecordKeyPrintf(TXTRecordRef * rec, const char * key_fmt, int key_var, const char * fmt, ...)
204	+{
205	+ int ret = 0;
206	+ char key = NULL, str = NULL;
207	+ va_list ap;
208	+
209	+ if( 0 > asprintf(&key, key_fmt, key_var)) {
210	+ DEBUG(1, ("Failed in asprintf\n"));
211	+ return -1;
212	+ }
213	+
214	+ va_start( ap, fmt );
215	+ if( 0 > vasprintf(&str, fmt, ap )) {
216	+ va_end(ap);
217	+ DEBUG(1, ("Failed in vasprintf\n"));
218	+ ret = -1;
219	+ goto exit;
220	+ }
221	+ va_end(ap);
222	+
223	+ if( kDNSServiceErr_NoError != TXTRecordSetValue(rec, key, strlen(str), str) ) {
224	+ DEBUG(1, ("Failed in TXTRecordSetValuen"));
225	+ ret = -1;
226	+ goto exit;
227	+ }
228	+
229	+ exit:
230	+ if (str)
231	+ free(str);
232	+ if (key)
233	+ free(key);
234	+ return ret;
235	+}
236	+
237	+
238	+static bool dns_register_smbd_schedule(struct reg_state *state,
239	struct timeval tval)
240	{
241	- dns_reg_state_destructor(dns_state);
242	+ reg_state_destructor(state);
243
244	- dns_state->te = tevent_add_timer(dns_state->event_ctx,
245	- dns_state,
246	+ state->te = tevent_add_timer(state->event_ctx,
247	+ state->mem_ctx,
248	tval,
249	dns_register_smbd_retry,
250	- dns_state);
251	- if (!dns_state->te) {
252	+ state);
253	+ if (!state->te) {
254	return false;
255	}
256
257	return true;
258	}
259
260	+static void dns_register_smbd_callback(DNSServiceRef service,
261	+ DNSServiceFlags flags,
262	+ DNSServiceErrorType errorCode,
263	+ const char *name,
264	+ const char *type,
265	+ const char *domain,
266	+ void *context)
267	+{
268	+ if (errorCode != kDNSServiceErr_NoError) {
269	+ DEBUG(6, ("error=%d\n", errorCode));
270	+ } else {
271	+ DEBUG(6, ("%-15s %s.%s%s\n", "REGISTER", name, type, domain));
272	+ }
273	+}
274	+
275	static void dns_register_smbd_retry(struct tevent_context *ctx,
276	struct tevent_timer *te,
277	struct timeval now,
278	void *private_data)
279	{
280	- struct dns_reg_state *dns_state = talloc_get_type_abort(private_data,
281	- struct dns_reg_state);
282	+ struct reg_state state = (struct reg_state )private_data;
283	DNSServiceErrorType err;
284	+ int snum;
285	+ size_t dk = 0;
286	+ bool sys_txt_created = false;
287	+ TXTRecordRef txt_adisk;
288	+ TXTRecordRef txt_devinfo;
289	+ char *servname;
290	+ char *v_uuid;
291	+ int num_services = lp_numservices();
292
293	- dns_reg_state_destructor(dns_state);
294	+ reg_state_destructor(state);
295
296	- DEBUG(6, ("registering _smb._tcp service on port %d\n",
297	- dns_state->port));
298	+ TXTRecordCreate(&txt_adisk, 0, NULL);
299	+
300	+ DEBUG(6, ("registering _smb._tcp service on port %d index %d\n",
301	+ state->port, state->if_index));
302
303	/* Register service with DNS. Connects with the mDNS
304	* daemon running on the local system to perform DNS
305	* service registration.
306	*/
307	- err = DNSServiceRegister(&dns_state->srv_ref, 0 /* flags */,
308	- kDNSServiceInterfaceIndexAny,
309	- NULL /* service name */,
310	- "_smb._tcp" /* service type */,
311	- NULL /* domain */,
312	- "" /* SRV target host name */,
313	- htons(dns_state->port),
314	- 0 /* TXT record len */,
315	- NULL /* TXT record data */,
316	- NULL /* callback func */,
317	- NULL /* callback context */);
318	+ err = DNSServiceRegister(&state->srv_ref,
319	+ 0 /* flags */,
320	+ state->if_index /* interface index */,
321	+ NULL /* service name */,
322	+ "_smb._tcp" /* service type */,
323	+ NULL /* domain */,
324	+ "" /* SRV target host name */,
325	+ htons(state->port) /* port */,
326	+ 0 /* TXT record len */,
327	+ NULL /* TXT record data */,
328	+ dns_register_smbd_callback /* callback func */,
329	+ NULL /* callback context */);
330	+
331
332	if (err != kDNSServiceErr_NoError) {
333	/* Failed to register service. Schedule a re-try attempt.
334	@@ -123,24 +238,96 @@ static void dns_register_smbd_retry(stru
335	goto retry;
336	}
337
338	- dns_state->fd = DNSServiceRefSockFD(dns_state->srv_ref);
339	- if (dns_state->fd == -1) {
340	+ /*
341	+ * Check for services that are configured as Time Machine targets
342	+ *
343	+ */
344	+ for (snum = 0; snum < num_services; snum++) {
345	+ if (lp_snum_ok(snum) && lp_parm_bool(snum, "fruit", "time machine", false))
346	+ {
347	+ if (!sys_txt_created) {
348	+ if( 0 > TXTRecordPrintf(&txt_adisk, "sys", "adVF=0x100") ) {
349	+ DEBUG(1, ("Failed to create Zeroconf TXTRecord for sys") );
350	+ goto retry;
351	+ }
352	+ else
353	+ {
354	+ sys_txt_created = true;
355	+ }
356	+ }
357	+
358	+ v_uuid = lp_parm_const_string(snum, "fruit", "volume_uuid", NULL);
359	+ servname = lp_const_servicename(snum);
360	+ DEBUG(1, ("Registering volume %s for TimeMachine\n", servname));
361	+ if (v_uuid) {
362	+ if( 0 > TXTRecordKeyPrintf(&txt_adisk, "dk%zu", dk++, "adVN=%s,adVF=0x82,adVU=%s",
363	+ servname, v_uuid) ) {
364	+ DEBUG(1, ("Could not set Zeroconf TXTRecord for dk%zu \n", dk));
365	+ goto retry;
366	+ }
367	+ DEBUG(1, ("Registering TimeMachine with the following TXT parameters: "
368	+ "dk%zu,adVN=%s,adVF=0x82,adVU=%s\n", dk, servname, v_uuid) );
369	+ }
370	+ else {
371	+ if( 0 > TXTRecordKeyPrintf(&txt_adisk, "dk%zu", dk++, "adVN=%s,adVF=0x82",
372	+ servname) ) {
373	+ DEBUG(1, ("Could not set Zeroconf TXTRecord for dk%zu \n", dk));
374	+ goto retry;
375	+ }
376	+ DEBUG(1, ("Registering TimeMachine with the following TXT parameters: "
377	+ "dk%zu,adVN=%s,adVF=0x82\n", dk, servname) );
378	+ }
379	+ }
380	+ }
381	+
382	+ if (dk) {
383	+ err = DNSServiceRegister(&state->srv_ref,
384	+ 0 /* flags */,
385	+ state->if_index /* interface index */,
386	+ NULL /* service name */,
387	+ "_adisk._tcp" /* service type */,
388	+ NULL /* domain */,
389	+ "" /* SRV target host name */,
390	+ /*
391	+ * We would probably use port 0 zero, but we can't, from man DNSServiceRegister:
392	+ * "A value of 0 for a port is passed to register placeholder services.
393	+ * Place holder services are not found when browsing, but other
394	+ * clients cannot register with the same name as the placeholder service."
395	+ * We therefor use port 9 which is used by the adisk service type.
396	+ */
397	+ htons(9) /* port */,
398	+ TXTRecordGetLength(&txt_adisk) /* TXT record len */,
399	+ TXTRecordGetBytesPtr(&txt_adisk) /* TXT record data */,
400	+ dns_register_smbd_callback /* callback func */,
401	+ NULL /* callback context */);
402	+
403	+
404	+ if (err != kDNSServiceErr_NoError) {
405	+ /* Failed to register service. Schedule a re-try attempt.
406	+ */
407	+ DEBUG(1, ("unable to register with mDNS (err %d)\n", err));
408	+ goto retry;
409	+ }
410	+ }
411	+
412	+ state->fd = DNSServiceRefSockFD(state->srv_ref);
413	+ if (state->fd == -1) {
414	goto retry;
415	}
416
417	- dns_state->fde = tevent_add_fd(dns_state->event_ctx,
418	- dns_state,
419	- dns_state->fd,
420	- TEVENT_FD_READ,
421	- dns_register_smbd_fde_handler,
422	- dns_state);
423	- if (!dns_state->fde) {
424	+ state->fde = tevent_add_fd(state->event_ctx,
425	+ state->mem_ctx,
426	+ state->fd,
427	+ TEVENT_FD_READ,
428	+ dns_register_smbd_fde_handler,
429	+ state);
430	+ if (!state->fde) {
431	goto retry;
432	}
433
434	return;
435	retry:
436	- dns_register_smbd_schedule(dns_state,
437	+ dns_register_smbd_schedule(state,
438	timeval_current_ofs(DNS_REG_RETRY_INTERVAL, 0));
439	}
440
441	@@ -150,44 +337,77 @@ static void dns_register_smbd_fde_handle
442	uint16_t flags,
443	void *private_data)
444	{
445	- struct dns_reg_state *dns_state = talloc_get_type_abort(private_data,
446	- struct dns_reg_state);
447	+ struct reg_state state = (struct reg_state )private_data;
448	DNSServiceErrorType err;
449
450	- err = DNSServiceProcessResult(dns_state->srv_ref);
451	+ err = DNSServiceProcessResult(state->srv_ref);
452	if (err != kDNSServiceErr_NoError) {
453	- DEBUG(3, ("failed to process mDNS result (err %d), re-trying\n",
454	- err));
455	+ DEBUG(3, ("failed to process mDNS result (err %d), re-trying\n", err));
456	goto retry;
457	}
458
459	- talloc_free(dns_state);
460	return;
461
462	retry:
463	- dns_register_smbd_schedule(dns_state,
464	- timeval_current_ofs(DNS_REG_RETRY_INTERVAL, 0));
465	+ dns_register_smbd_schedule(state, timeval_zero());
466	+}
467	+
468	+static int dns_reg_state_destructor(struct dns_reg_state *state)
469	+{
470	+ if (state != NULL) {
471	+ talloc_free(state);
472	+ }
473	+ return 0;
474	}
475
476	+
477	bool smbd_setup_mdns_registration(struct tevent_context *ev,
478	TALLOC_CTX *mem_ctx,
479	uint16_t port)
480	{
481	struct dns_reg_state *dns_state;
482	+ bool bind_all = true;
483	+ int i;
484
485	dns_state = talloc_zero(mem_ctx, struct dns_reg_state);
486	- if (dns_state == NULL) {
487	+ if (dns_state == NULL)
488	+ return false;
489	+
490	+ if (lp_interfaces() && lp_bind_interfaces_only())
491	+ bind_all = false;
492	+
493	+ dns_state->count = iface_count();
494	+ if (dns_state->count <= 0 \|\| bind_all == true)
495	+ dns_state->count = 1;
496	+
497	+ dns_state->drs = talloc_array(mem_ctx, struct reg_state, dns_state->count);
498	+ if (dns_state->drs == NULL) {
499	+ talloc_free(dns_state);
500	return false;
501	}
502	- dns_state->event_ctx = ev;
503	- dns_state->port = port;
504	- dns_state->fd = -1;
505
506	- talloc_set_destructor(dns_state, dns_reg_state_destructor);
507	+ for (i = 0; i < dns_state->count; i++) {
508	+ struct interface *iface = get_interface(i);
509	+ struct reg_state *state = &dns_state->drs[i];
510
511	- return dns_register_smbd_schedule(dns_state, timeval_zero());
512	+ state->mem_ctx = mem_ctx;
513	+ state->srv_ref = NULL;
514	+ state->event_ctx = ev;
515	+ state->te = NULL;
516	+ state->fde = NULL;
517	+ state->port = port;
518	+ state->fd = -1;
519	+
520	+ state->if_index = bind_all ? kDNSServiceInterfaceIndexAny : iface->if_index;
521	+
522	+ dns_register_smbd_schedule(&dns_state->drs[i], timeval_zero());
523	+ }
524	+
525	+ talloc_set_destructor(dns_state, dns_reg_state_destructor);
526	+ return true;
527	}
528
529	+
530	#else /* WITH_DNSSD_SUPPORT */
531
532	bool smbd_setup_mdns_registration(struct tevent_context *ev,

Added Link Here

(-)b/net/samba415/files/disabled/patch-nsswitch_wscript__build (+17 lines)
1	--- nsswitch/wscript_build.orig 2019-01-15 10:07:00 UTC
2	+++ nsswitch/wscript_build
3	@@ -61,12 +61,14 @@ elif (host_os.rfind('freebsd') > -1):
4	source='winbind_nss_linux.c winbind_nss_freebsd.c',
5	deps='winbind-client',
6	realname='nss_winbind.so.1',
7	+ install_path='${PAMMODULESDIR}',
8	vnum='1')
9
10	bld.SAMBA3_LIBRARY('nss_wins',
11	source='wins.c wins_freebsd.c',
12	deps='''wbclient''',
13	realname='nss_wins.so.1',
14	+ install_path='${PAMMODULESDIR}',
15	vnum='1')
16
17	elif (host_os.rfind('netbsd') > -1):

Added Link Here

(-)b/net/samba415/files/disabled/patch-source3_lib_sysquotas__4B.c (+18 lines)
1	--- source3/lib/sysquotas_4B.c.orig 2019-01-15 10:07:00 UTC
2	+++ source3/lib/sysquotas_4B.c
3	@@ -140,7 +140,14 @@ static int sys_quotactl_4B(const char *
4	/* ENOTSUP means quota support is not compiled in. EINVAL
5	* means that quotas are not configured (commonly).
6	*/
7	- if (errno != ENOTSUP && errno != EINVAL) {
8	+ if (errno != ENOTSUP && errno != EINVAL
9	+/*
10	+ * FreeBSD 12 between r336017 and r342928 wrongfuly return ENOENT for the not enabled qoutas on ZFS.
11	+ */
12	+#if defined(__FreeBSD__) && ((__FreeBSD_version >= 1102503 && __FreeBSD_version <= 1102506) \|\| (__FreeBSD_version >= 1200072 && __FreeBSD_version <= 1200503) \|\| (__FreeBSD_version >= 1300000 && __FreeBSD_version <= 1300009))
13	+ && errno != ENOENT
14	+#endif
15	+ ) {
16	DEBUG(5, ("failed to %s quota for %s ID %u on %s: %s\n",
17	(cmd & QCMD(Q_GETQUOTA, 0)) ? "get" : "set",
18	(cmd & QCMD(0, GRPQUOTA)) ? "group" : "user",

Added Link Here

(-)b/net/samba415/files/disabled/patch-source3_lib_util.c (+14 lines)
1	--- source3/lib/util.c.orig 2019-05-07 08:38:21 UTC
2	+++ source3/lib/util.c
3	@@ -1916,7 +1916,10 @@ bool any_nt_status_not_ok(NTSTATUS err1,
4
5	int timeval_to_msec(struct timeval t)
6	{
7	- return t.tv_sec * 1000 + (t.tv_usec+999) / 1000;
8	+ unsigned long result;
9	+
10	+ result = t.tv_sec * 1000 + (t.tv_usec+999) / 1000;
11	+ return result > INT_MAX ? INT_MAX : result;
12	}
13
14	/*******************************************************************

Added Link Here

(-)b/net/samba415/files/disabled/patch-source3_librpc_crypto_gse.c (+15 lines)
1	--- source3/librpc/crypto/gse.c.orig 2019-01-15 10:07:00 UTC
2	+++ source3/librpc/crypto/gse.c
3	@@ -621,11 +621,12 @@ static NTSTATUS gse_get_server_auth_toke
4	struct gse_context *gse_ctx =
5	talloc_get_type_abort(gensec_security->private_data,
6	struct gse_context);
7	- OM_uint32 gss_maj, gss_min;
8	+ OM_uint32 gss_min;
9	gss_buffer_desc in_data;
10	gss_buffer_desc out_data;
11	DATA_BLOB blob = data_blob_null;
12	NTSTATUS status;
13	+ OM_uint32 gss_maj = -1;
14	OM_uint32 time_rec = 0;
15	struct timeval tv;

Added Link Here

(-)b/net/samba415/files/disabled/patch-source3_modules_vfs__fruit.c (+85 lines)
1	From d9b748869a8f4018ebee302aae8246bf29f60309 Mon Sep 17 00:00:00 2001
2	From: "Timur I. Bakeyev" <timur@iXsystems.com>
3	Date: Fri, 1 Jun 2018 01:35:08 +0800
4	Subject: [PATCH] vfs_fruit: allow broken AFP_Signature where the first
5	byte is 0
6
7	FreeBSD bug ... caused the first byte of the AFP_AfpInfo xattr to be 0
8	instead of 'A'. This hack allows such broken AFP_AfpInfo blobs to be
9	parsed by afpinfo_unpack().
10
11	FreeBSD Bug: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=228462
12
13	Signed-off-by: Ralph Boehme <slow@samba.org>
14
15	--- source3/lib/adouble.c.orig 2020-05-08 09:30:43 UTC
16	+++ source3/lib/adouble.c
17	@@ -2662,6 +2662,8 @@ ssize_t afpinfo_pack(const AfpInfo ai, char buf)
18	return AFP_INFO_SIZE;
19	}
20
21	+#define BROKEN_FREEBSD_AFP_Signature 0x00465000
22	+
23	/**
24	* Unpack a buffer into a AfpInfo structure
25	*
26	@@ -2679,12 +2681,22 @@ AfpInfo afpinfo_unpack(TALLOC_CTX ctx, const void *d
27	ai->afpi_Version = RIVAL(data, 4);
28	ai->afpi_BackupTime = RIVAL(data, 12);
29	memcpy(ai->afpi_FinderInfo, (const char *)data + 16,
30	- sizeof(ai->afpi_FinderInfo));
31	+ sizeof(ai->afpi_FinderInfo));
32
33	- if (ai->afpi_Signature != AFP_Signature
34	- \|\| ai->afpi_Version != AFP_Version) {
35	- DEBUG(1, ("Bad AfpInfo signature or version\n"));
36	+ if (ai->afpi_Signature != AFP_Signature) {
37	+ DBG_WARNING("Bad AFP signature [%x]\n", ai->afpi_Signature);
38	+
39	+ if (ai->afpi_Signature != BROKEN_FREEBSD_AFP_Signature) {
40	+ DBG_ERR("Bad AfpInfo signature\n");
41	+ TALLOC_FREE(ai);
42	+ return NULL;
43	+ }
44	+ }
45	+
46	+ if (ai->afpi_Version != AFP_Version) {
47	+ DBG_ERR("Bad AfpInfo version\n");
48	TALLOC_FREE(ai);
49	+ return NULL;
50	}
51
52	return ai;
53	--- source3/modules/vfs_fruit.c.orig 2021-01-26 08:16:58 UTC
54	+++ source3/modules/vfs_fruit.c
55	@@ -2146,13 +2146,30 @@ static ssize_t fruit_pread_meta_stream(vfs_handle_stru
56	struct fio fio = (struct fio )VFS_FETCH_FSP_EXTENSION(handle, fsp);
57	ssize_t nread;
58	int ret;
59	+ char p = (char )data;
60
61	if (fio->fake_fd) {
62	return -1;
63	}
64
65	nread = SMB_VFS_NEXT_PREAD(handle, fsp, data, n, offset);
66	- if (nread == -1 \|\| nread == n) {
67	+ if (nread <= 0) {
68	+ /*
69	+ * fruit_meta_open_stream() removes O_CREAT flag
70	+ * from xattr open. This results in vfs_streams_xattr
71	+ * not generating an FSP extension for the files_struct
72	+ * and causes subsequent pread() of stream to return
73	+ * nread=0 if pread() occurs before pwrite().
74	+ */
75	+ return nread;
76	+ }
77	+
78	+ if (nread == n) {
79	+ if (offset == 0 && nread > 3 && p[0] == 0 && p[1] == 'F' && p[2] == 'P') {
80	+ DBG_NOTICE("Fixing AFP_Info of [%s]\n",
81	+ fsp_str_dbg(fsp));
82	+ p[0] = 'A';
83	+ }
84	return nread;
85	}

Added Link Here

(-)b/net/samba415/files/disabled/patch-source3_modules_vfs__streams__xattr.c (+526 lines)
1	--- source3/modules/vfs_streams_xattr.c.orig 2019-01-15 10:07:00 UTC
2	+++ source3/modules/vfs_streams_xattr.c
3	@@ -1,10 +1,10 @@
4	/*
5	* Store streams in xattrs
6	*
7	- * Copyright (C) Volker Lendecke, 2008
8	+ * Copyright (C) Volker Lendecke, 2008
9	+ * Copyright (C) Timur I. Bakeyev, 2017
10	*
11	* Partly based on James Peach's Darwin module, which is
12	- *
13	* Copyright (C) James Peach 2006-2007
14	*
15	* This program is free software; you can redistribute it and/or modify
16	@@ -79,25 +79,79 @@ static SMB_INO_T stream_inode(const SMB_
17	}
18
19	static ssize_t get_xattr_size(connection_struct *conn,
20	- const struct smb_filename *smb_fname,
21	- const char *xattr_name)
22	+ const struct smb_filename *smb_fname,
23	+ const char *xattr_name)
24	{
25	- NTSTATUS status;
26	- struct ea_struct ea;
27	ssize_t result;
28
29	- status = get_ea_value(talloc_tos(), conn, NULL, smb_fname,
30	- xattr_name, &ea);
31	+ result = SMB_VFS_GETXATTR(conn, smb_fname, xattr_name, NULL, 0);
32	+ // ? -1
33	+ return result;
34	+}
35
36	- if (!NT_STATUS_IS_OK(status)) {
37	- return -1;
38	+static NTSTATUS get_xattr_value(TALLOC_CTX *mem_ctx,
39	+ connection_struct *conn,
40	+ const struct smb_filename *smb_fname,
41	+ const char *ea_name,
42	+ struct ea_struct *pea)
43	+{
44	+ ssize_t attr_size;
45	+
46	+ attr_size = get_xattr_size(conn, smb_fname, ea_name);
47	+
48	+ if (attr_size == -1) {
49	+ return map_nt_error_from_unix(errno);
50	}
51
52	- result = ea.value.length-1;
53	- TALLOC_FREE(ea.value.data);
54	- return result;
55	+ pea->value = data_blob_talloc(mem_ctx, NULL, attr_size);
56	+ /* We may have xattr of a 0 size */
57	+ if(pea->value.data == NULL && attr_size) {
58	+ DEBUG(5,
59	+ ("get_xattr_value: for EA '%s' failed to allocate %lu bytes\n",
60	+ ea_name, (unsigned long)attr_size)
61	+ );
62	+ return NT_STATUS_NO_MEMORY;
63	+ }
64	+
65	+ attr_size = SMB_VFS_GETXATTR(conn, smb_fname, ea_name, pea->value.data, pea->value.length);
66	+
67	+ if (attr_size == -1) {
68	+ return map_nt_error_from_unix(errno);
69	+ }
70	+
71	+ if(pea->value.length != attr_size) {
72	+ DEBUG(5,
73	+ ("get_xattr_value: for EA '%s' requested %lu, read %lu bytes\n",
74	+ ea_name, (unsigned long)pea->value.length, (unsigned long)attr_size)
75	+ );
76	+ return NT_STATUS_UNSUCCESSFUL;
77	+ }
78	+
79	+ DEBUG(10,("get_xattr_value: EA '%s' is of length %lu\n", ea_name, (unsigned long)attr_size));
80	+ /*
81	+ * This can dump huge amount of data multiple times. For example
82	+ * for 1Mb ADS and chunk size 64Kb the same 1Mb dump will be
83	+ * logged 16 times!
84	+ */
85	+ dump_data(50, (uint8_t *)pea->value.data, pea->value.length);
86	+
87	+ pea->flags = 0;
88	+ // ? user.
89	+ if (strnequal(ea_name, "user.", 5)) {
90	+ pea->name = talloc_strdup(mem_ctx, &ea_name[5]);
91	+ } else {
92	+ pea->name = talloc_strdup(mem_ctx, ea_name);
93	+ }
94	+
95	+ if (pea->name == NULL) {
96	+ data_blob_free(&pea->value);
97	+ return NT_STATUS_NO_MEMORY;
98	+ }
99	+
100	+ return NT_STATUS_OK;
101	}
102
103	+
104	/**
105	* Given a stream name, populate xattr_name with the xattr name to use for
106	* accessing the stream.
107	@@ -114,6 +168,7 @@ static NTSTATUS streams_xattr_get_name(v
108	SMB_VFS_HANDLE_GET_DATA(handle, config, struct streams_xattr_config,
109	return NT_STATUS_UNSUCCESSFUL);
110
111	+ // stream_name is passed as ':stream', so skip leading ':'
112	sname = talloc_strdup(ctx, stream_name + 1);
113	if (sname == NULL) {
114	return NT_STATUS_NO_MEMORY;
115	@@ -125,7 +180,7 @@ static NTSTATUS streams_xattr_get_name(v
116	* characters from their on-the-wire Unicode Private Range
117	* encoding to their native ASCII representation.
118	*
119	- * As as result the name of xattrs storing the streams (via
120	+ * As a result the name of xattrs storing the streams (via
121	* vfs_streams_xattr) may contain a colon, so we have to use
122	* strrchr_m() instead of strchr_m() for matching the stream
123	* type suffix.
124	@@ -157,7 +212,7 @@ static NTSTATUS streams_xattr_get_name(v
125	return NT_STATUS_NO_MEMORY;
126	}
127
128	- DEBUG(10, ("xattr_name: %s, stream_name: %s\n", *xattr_name,
129	+ DEBUG(10, ("xattr_name: '%s', stream_name: '%s'\n", *xattr_name,
130	stream_name));
131
132	talloc_free(sname);
133	@@ -270,8 +325,8 @@ static int streams_xattr_fstat(vfs_handl
134	return -1;
135	}
136
137	- sbuf->st_ex_size = get_xattr_size(handle->conn,
138	- smb_fname_base, io->xattr_name);
139	+ sbuf->st_ex_size = get_xattr_size(handle->conn, smb_fname_base,
140	+ io->xattr_name);
141	if (sbuf->st_ex_size == -1) {
142	TALLOC_FREE(smb_fname_base);
143	SET_STAT_INVALID(*sbuf);
144	@@ -446,10 +501,10 @@ static int streams_xattr_open(vfs_handle
145	goto fail;
146	}
147
148	- status = get_ea_value(talloc_tos(), handle->conn, NULL,
149	- smb_fname, xattr_name, &ea);
150	+ status = get_xattr_value(talloc_tos(), handle->conn,
151	+ smb_fname, xattr_name, &ea);
152
153	- DEBUG(10, ("get_ea_value returned %s\n", nt_errstr(status)));
154	+ DEBUG(10, ("get_xattr_value returned %s\n", nt_errstr(status)));
155
156	if (!NT_STATUS_IS_OK(status)) {
157	if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
158	@@ -480,19 +535,13 @@ static int streams_xattr_open(vfs_handle
159	/*
160	* The attribute does not exist or needs to be truncated
161	*/
162	-
163	- /*
164	- * Darn, xattrs need at least 1 byte
165	- */
166	- char null = '\0';
167	-
168	DEBUG(10, ("creating or truncating attribute %s on file %s\n",
169	xattr_name, smb_fname->base_name));
170
171	ret = SMB_VFS_SETXATTR(fsp->conn,
172	smb_fname,
173	xattr_name,
174	- &null, sizeof(null),
175	+ NULL, 0,
176	flags & O_EXCL ? XATTR_CREATE : 0);
177	if (ret != 0) {
178	goto fail;
179	@@ -678,8 +727,8 @@ static int streams_xattr_rename(vfs_hand
180	}
181
182	/* read the old stream */
183	- status = get_ea_value(talloc_tos(), handle->conn, NULL,
184	- smb_fname_src, src_xattr_name, &ea);
185	+ status = get_xattr_value(talloc_tos(), handle->conn,
186	+ smb_fname_src, src_xattr_name, &ea);
187	if (!NT_STATUS_IS_OK(status)) {
188	errno = ENOENT;
189	goto fail;
190	@@ -766,14 +815,13 @@ static NTSTATUS walk_xattr_streams(vfs_h
191	continue;
192	}
193
194	- status = get_ea_value(names,
195	+ status = get_xattr_value(names,
196	handle->conn,
197	- NULL,
198	smb_fname,
199	names[i],
200	&ea);
201	if (!NT_STATUS_IS_OK(status)) {
202	- DEBUG(10, ("Could not get ea %s for file %s: %s\n",
203	+ DEBUG(10, ("Could not get EA %s for file %s: %s\n",
204	names[i],
205	smb_fname->base_name,
206	nt_errstr(status)));
207	@@ -835,16 +883,17 @@ struct streaminfo_state {
208	NTSTATUS status;
209	};
210
211	-static bool collect_one_stream(struct ea_struct ea, void private_data)
212	+static bool collect_one_stream(struct ea_struct pea, void private_data)
213	{
214	struct streaminfo_state *state =
215	(struct streaminfo_state *)private_data;
216
217	+ // ? -1
218	if (!add_one_stream(state->mem_ctx,
219	&state->num_streams, &state->streams,
220	- ea->name, ea->value.length-1,
221	+ pea->name, pea->value.length,
222	smb_roundup(state->handle->conn,
223	- ea->value.length-1))) {
224	+ pea->value.length))) {
225	state->status = NT_STATUS_NO_MEMORY;
226	return false;
227	}
228	@@ -964,14 +1013,17 @@ static ssize_t streams_xattr_pwrite(vfs_
229	files_struct fsp, const void data,
230	size_t n, off_t offset)
231	{
232	- struct stream_io *sio =
233	+ struct stream_io *sio =
234	(struct stream_io *)VFS_FETCH_FSP_EXTENSION(handle, fsp);
235	+ struct smb_filename *smb_fname_base = NULL;
236	+ TALLOC_CTX *frame = NULL;
237	+
238	struct ea_struct ea;
239	NTSTATUS status;
240	- struct smb_filename *smb_fname_base = NULL;
241	int ret;
242
243	- DEBUG(10, ("streams_xattr_pwrite called for %d bytes\n", (int)n));
244	+ DEBUG(10, ("streams_xattr_pwrite: offset=%lu, size=%lu\n",
245	+ (unsigned long)offset, (unsigned long)n));
246
247	if (sio == NULL) {
248	return SMB_VFS_NEXT_PWRITE(handle, fsp, data, n, offset);
249	@@ -981,6 +1033,8 @@ static ssize_t streams_xattr_pwrite(vfs_
250	return -1;
251	}
252
253	+ frame = talloc_stackframe();
254	+
255	/* Create an smb_filename with stream_name == NULL. */
256	smb_fname_base = synthetic_smb_fname(talloc_tos(),
257	sio->base,
258	@@ -988,39 +1042,55 @@ static ssize_t streams_xattr_pwrite(vfs_
259	NULL,
260	fsp->fsp_name->flags);
261	if (smb_fname_base == NULL) {
262	+ TALLOC_FREE(frame);
263	errno = ENOMEM;
264	return -1;
265	}
266
267	- status = get_ea_value(talloc_tos(), handle->conn, NULL,
268	- smb_fname_base, sio->xattr_name, &ea);
269	- if (!NT_STATUS_IS_OK(status)) {
270	- return -1;
271	- }
272	-
273	- if ((offset + n) > ea.value.length-1) {
274	- uint8_t *tmp;
275	+ status = get_xattr_value(talloc_tos(), handle->conn,
276	+ smb_fname_base, sio->xattr_name, &ea);
277
278	- tmp = talloc_realloc(talloc_tos(), ea.value.data, uint8_t,
279	- offset + n + 1);
280	+ if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
281	+ /*
282	+ * This can happen if we sit behind vfs_fruit:
283	+ * fruit_ftruncate calls UNLINK on an attribute
284	+ * truncating the "file" to zero length. A later
285	+ * pwrite faces a non-existing attribute, we need to
286	+ * cope with that here.
287	+ *
288	+ * This might be not the last word on this.
289	+ */
290
291	- if (tmp == NULL) {
292	- TALLOC_FREE(ea.value.data);
293	- errno = ENOMEM;
294	- return -1;
295	- }
296	- ea.value.data = tmp;
297	- ea.value.length = offset + n + 1;
298	- ea.value.data[offset+n] = 0;
299	- }
300	+ ea = (struct ea_struct) {0};
301	+ ea.name = talloc_strdup(talloc_tos(), sio->xattr_name);
302	+ if (ea.name == NULL) {
303	+ TALLOC_FREE(frame);
304	+ errno = ENOMEM;
305	+ return -1;
306	+ }
307	+ status = NT_STATUS_OK;
308	+ }
309
310	- memcpy(ea.value.data + offset, data, n);
311	+ if (!NT_STATUS_IS_OK(status)) {
312	+ TALLOC_FREE(frame);
313	+ return -1;
314	+ }
315	+ // ? -1
316	+ if ((offset + n) > ea.value.length) {
317	+ if(!data_blob_realloc(talloc_tos(), &ea.value, offset + n)) {
318	+ TALLOC_FREE(frame);
319	+ errno = ENOMEM;
320	+ return -1;
321	+ }
322	+ }
323	+ memcpy(ea.value.data + offset, data, n);
324
325	ret = SMB_VFS_SETXATTR(fsp->conn,
326	fsp->fsp_name,
327	sio->xattr_name,
328	ea.value.data, ea.value.length, 0);
329	- TALLOC_FREE(ea.value.data);
330	+
331	+ TALLOC_FREE(frame);
332
333	if (ret == -1) {
334	return -1;
335	@@ -1033,15 +1103,17 @@ static ssize_t streams_xattr_pread(vfs_h
336	files_struct fsp, void data,
337	size_t n, off_t offset)
338	{
339	- struct stream_io *sio =
340	+ struct stream_io *sio =
341	(struct stream_io *)VFS_FETCH_FSP_EXTENSION(handle, fsp);
342	+ struct smb_filename *smb_fname_base = NULL;
343	+ TALLOC_CTX *frame = NULL;
344	+
345	struct ea_struct ea;
346	NTSTATUS status;
347	- size_t length, overlap;
348	- struct smb_filename *smb_fname_base = NULL;
349	+ size_t overlap;
350
351	- DEBUG(10, ("streams_xattr_pread: offset=%d, size=%d\n",
352	- (int)offset, (int)n));
353	+ DEBUG(10, ("streams_xattr_pread: offset=%lu, size=%lu\n",
354	+ (unsigned long)offset, (unsigned long)n));
355
356	if (sio == NULL) {
357	return SMB_VFS_NEXT_PREAD(handle, fsp, data, n, offset);
358	@@ -1051,6 +1123,8 @@ static ssize_t streams_xattr_pread(vfs_h
359	return -1;
360	}
361
362	+ frame = talloc_stackframe();
363	+
364	/* Create an smb_filename with stream_name == NULL. */
365	smb_fname_base = synthetic_smb_fname(talloc_tos(),
366	sio->base,
367	@@ -1058,31 +1132,35 @@ static ssize_t streams_xattr_pread(vfs_h
368	NULL,
369	fsp->fsp_name->flags);
370	if (smb_fname_base == NULL) {
371	+ TALLOC_FREE(frame);
372	errno = ENOMEM;
373	return -1;
374	}
375
376	- status = get_ea_value(talloc_tos(), handle->conn, NULL,
377	- smb_fname_base, sio->xattr_name, &ea);
378	+ status = get_xattr_value(talloc_tos(), handle->conn,
379	+ smb_fname_base, sio->xattr_name, &ea);
380	if (!NT_STATUS_IS_OK(status)) {
381	+ TALLOC_FREE(frame);
382	return -1;
383	}
384	+ // ? -1
385	+ //length = ea.value.length-1;
386
387	- length = ea.value.length-1;
388	+ DEBUG(10, ("streams_xattr_pread: get_xattr_value() returned %lu bytes\n",
389	+ (unsigned long)ea.value.length));
390
391	- DEBUG(10, ("streams_xattr_pread: get_ea_value returned %d bytes\n",
392	- (int)length));
393	+ /* Attempt to read past EOF. */
394	+ if (ea.value.length <= offset) {
395	+ TALLOC_FREE(frame);
396	+ return 0;
397	+ }
398
399	- /* Attempt to read past EOF. */
400	- if (length <= offset) {
401	- return 0;
402	- }
403	+ overlap = (offset + n) > ea.value.length ? (ea.value.length - offset) : n;
404	+ memcpy(data, ea.value.data + offset, overlap);
405
406	- overlap = (offset + n) > length ? (length - offset) : n;
407	- memcpy(data, ea.value.data + offset, overlap);
408	+ TALLOC_FREE(frame);
409
410	- TALLOC_FREE(ea.value.data);
411	- return overlap;
412	+ return overlap;
413	}
414
415	struct streams_xattr_pread_state {
416	@@ -1249,16 +1327,18 @@ static int streams_xattr_ftruncate(struc
417	struct files_struct *fsp,
418	off_t offset)
419	{
420	- int ret;
421	- uint8_t *tmp;
422	- struct ea_struct ea;
423	- NTSTATUS status;
424	- struct stream_io *sio =
425	+ struct stream_io *sio =
426	(struct stream_io *)VFS_FETCH_FSP_EXTENSION(handle, fsp);
427	struct smb_filename *smb_fname_base = NULL;
428	+ TALLOC_CTX *frame = NULL;
429
430	- DEBUG(10, ("streams_xattr_ftruncate called for file %s offset %.0f\n",
431	- fsp_str_dbg(fsp), (double)offset));
432	+ struct ea_struct ea;
433	+ NTSTATUS status;
434	+ size_t orig_length;
435	+ int ret;
436	+
437	+ DEBUG(10, ("streams_xattr_ftruncate: called for file '%s' with offset %lu\n",
438	+ fsp_str_dbg(fsp), (unsigned long)offset));
439
440	if (sio == NULL) {
441	return SMB_VFS_NEXT_FTRUNCATE(handle, fsp, offset);
442	@@ -1268,6 +1348,8 @@ static int streams_xattr_ftruncate(struc
443	return -1;
444	}
445
446	+ frame = talloc_stackframe();
447	+
448	/* Create an smb_filename with stream_name == NULL. */
449	smb_fname_base = synthetic_smb_fname(talloc_tos(),
450	sio->base,
451	@@ -1275,40 +1357,46 @@ static int streams_xattr_ftruncate(struc
452	NULL,
453	fsp->fsp_name->flags);
454	if (smb_fname_base == NULL) {
455	+ TALLOC_FREE(frame);
456	errno = ENOMEM;
457	return -1;
458	}
459
460	- status = get_ea_value(talloc_tos(), handle->conn, NULL,
461	- smb_fname_base, sio->xattr_name, &ea);
462	+ status = get_xattr_value(talloc_tos(), handle->conn,
463	+ smb_fname_base, sio->xattr_name, &ea);
464	if (!NT_STATUS_IS_OK(status)) {
465	+ TALLOC_FREE(frame);
466	return -1;
467	}
468	+ orig_length = ea.value.length;
469
470	- tmp = talloc_realloc(talloc_tos(), ea.value.data, uint8_t,
471	- offset + 1);
472	+ /* Requested size matches the original size */
473	+ if(orig_length == offset) {
474	+ TALLOC_FREE(frame);
475	+ return 0;
476	+ }
477
478	- if (tmp == NULL) {
479	- TALLOC_FREE(ea.value.data);
480	+ /* That can both shrink and expand */
481	+ /* XXX: If offset == 0 the result of talloc_realloc is NULL, but still valid */
482	+ if(offset && !data_blob_realloc(talloc_tos(), &ea.value, offset)) {
483	+ TALLOC_FREE(frame);
484	errno = ENOMEM;
485	return -1;
486	}
487
488	- /* Did we expand ? */
489	- if (ea.value.length < offset + 1) {
490	- memset(&tmp[ea.value.length], '\0',
491	- offset + 1 - ea.value.length);
492	+ /* If we expanded, fill up extra space with zeros */
493	+ if (orig_length < offset) {
494	+ memset(ea.value.data + orig_length, 0,
495	+ offset - orig_length);
496	}
497
498	- ea.value.data = tmp;
499	- ea.value.length = offset + 1;
500	- ea.value.data[offset] = 0;
501	-
502	+ /* XXX: We should use ea.value.length here, but when offset == 0
503	+ it's not reset to 0 in data_blob_realloc() */
504	ret = SMB_VFS_SETXATTR(fsp->conn,
505	fsp->fsp_name,
506	sio->xattr_name,
507	- ea.value.data, ea.value.length, 0);
508	- TALLOC_FREE(ea.value.data);
509	+ ea.value.data, offset, 0);
510	+ TALLOC_FREE(frame);
511
512	if (ret == -1) {
513	return -1;
514	@@ -1326,9 +1414,9 @@ static int streams_xattr_fallocate(struc
515	struct stream_io *sio =
516	(struct stream_io *)VFS_FETCH_FSP_EXTENSION(handle, fsp);
517
518	- DEBUG(10, ("streams_xattr_fallocate called for file %s offset %.0f"
519	- "len = %.0f\n",
520	- fsp_str_dbg(fsp), (double)offset, (double)len));
521	+ DEBUG(10, ("streams_xattr_fallocate: called for file '%s' with offset %lu"
522	+ "len = %lu\n",
523	+ fsp_str_dbg(fsp), (unsigned long)offset, (unsigned long)len));
524
525	if (sio == NULL) {
526	return SMB_VFS_NEXT_FALLOCATE(handle, fsp, mode, offset, len);

Added Link Here

(-)b/net/samba415/files/disabled/patch-source3_modules_vfs__virusfilter__utils.c (+36 lines)
1	--- source3/modules/vfs_virusfilter_utils.c.orig 2019-01-15 10:07:00 UTC
2	+++ source3/modules/vfs_virusfilter_utils.c
3	@@ -392,6 +392,10 @@ bool virusfilter_io_writel(
4
5	bool virusfilter_io_writefl(
6	struct virusfilter_io_handle *io_h,
7	+ const char *data_fmt, ...) PRINTF_ATTRIBUTE(2, 3);
8	+
9	+bool virusfilter_io_writefl(
10	+ struct virusfilter_io_handle *io_h,
11	const char *data_fmt, ...)
12	{
13	va_list ap;
14	@@ -415,6 +419,10 @@ bool virusfilter_io_writefl(
15
16	bool virusfilter_io_vwritefl(
17	struct virusfilter_io_handle *io_h,
18	+ const char *data_fmt, va_list ap) PRINTF_ATTRIBUTE(2, 0);
19	+
20	+bool virusfilter_io_vwritefl(
21	+ struct virusfilter_io_handle *io_h,
22	const char *data_fmt, va_list ap)
23	{
24	char data[VIRUSFILTER_IO_BUFFER_SIZE + VIRUSFILTER_IO_EOL_SIZE];
25	@@ -666,6 +674,11 @@ bool virusfilter_io_readl(TALLOC_CTX *ct
26	bool virusfilter_io_writefl_readl(
27	struct virusfilter_io_handle *io_h,
28	char **read_line,
29	+ const char *fmt, ...) PRINTF_ATTRIBUTE(3, 4);
30	+
31	+bool virusfilter_io_writefl_readl(
32	+ struct virusfilter_io_handle *io_h,
33	+ char **read_line,
34	const char *fmt, ...)
35	{
36	bool ok;

Added Link Here

(-)b/net/samba415/files/disabled/patch-source3_smbd_quotas.c (+19 lines)
1	--- source3/smbd/quotas.c.orig 2019-01-15 10:07:00 UTC
2	+++ source3/smbd/quotas.c
3	@@ -125,6 +125,7 @@ static bool nfs_quotas(char *nfspath, ui
4	if (!cutstr)
5	return False;
6
7	+ memset(&D, '\0', sizeof(D));
8	memset(cutstr, '\0', len+1);
9	host = strncat(cutstr,mnttype, sizeof(char) * len );
10	DEBUG(5,("nfs_quotas: looking for mount on \"%s\"\n", cutstr));
11	@@ -133,7 +134,7 @@ static bool nfs_quotas(char *nfspath, ui
12	args.gqa_pathp = testpath+1;
13	args.gqa_uid = uid;
14
15	- DEBUG(5,("nfs_quotas: Asking for host \"%s\" rpcprog \"%i\" rpcvers \"%i\" network \"%s\"\n", host, RQUOTAPROG, RQUOTAVERS, "udp"));
16	+ DEBUG(5,("nfs_quotas: Asking for host \"%s\" rpcprog \"%lu\" rpcvers \"%lu\" network \"%s\"\n", host, RQUOTAPROG, RQUOTAVERS, "udp"));
17
18	if ((clnt = clnt_create(host, RQUOTAPROG, RQUOTAVERS, "udp")) == NULL) {
19	ret = False;

Added Link Here

(-)b/net/samba415/files/disabled/patch-source3_smbd_utmp.c (+260 lines)
1	--- source3/smbd/utmp.c.orig 2019-01-15 10:07:00 UTC
2	+++ source3/smbd/utmp.c
3	@@ -257,7 +257,7 @@ static char uw_pathname(TALLOC_CTX ctx
4	Update utmp file directly. No subroutine interface: probably a BSD system.
5	****************************************************************************/
6
7	-static void pututline_my(const char uname, struct utmp u, bool claim)
8	+static void pututline_my(const char uname, STRUCT_UTMP u, bool claim)
9	{
10	DEBUG(1,("pututline_my: not yet implemented\n"));
11	/* BSD implementor: may want to consider (or not) adjusting "lastlog" */
12	@@ -271,7 +271,7 @@ static void pututline_my(const char *una
13	Credit: Michail Vidiassov <master@iaas.msu.ru>
14	****************************************************************************/
15
16	-static void updwtmp_my(const char wname, struct utmp u, bool claim)
17	+static void updwtmp_my(const char wname, STRUCT_UTMP u, bool claim)
18	{
19	int fd;
20	struct stat buf;
21	@@ -303,7 +303,7 @@ static void updwtmp_my(const char *wname
22	if ((fd = open(wname, O_WRONLY\|O_APPEND, 0)) < 0)
23	return;
24	if (fstat(fd, &buf) == 0) {
25	- if (write(fd, (char *)u, sizeof(struct utmp)) != sizeof(struct utmp))
26	+ if (write(fd, (char *)u, sizeof(STRUCT_UTMP)) != sizeof(STRUCT_UTMP))
27	(void) ftruncate(fd, buf.st_size);
28	}
29	(void) close(fd);
30	@@ -314,12 +314,12 @@ static void updwtmp_my(const char *wname
31	Update via utmp/wtmp (not utmpx/wtmpx).
32	****************************************************************************/
33
34	-static void utmp_nox_update(struct utmp *u, bool claim)
35	+static void utmp_nox_update(STRUCT_UTMP *u, bool claim)
36	{
37	char *uname = NULL;
38	char *wname = NULL;
39	#if defined(PUTUTLINE_RETURNS_UTMP)
40	- struct utmp *urc;
41	+ STRUCT_UTMP *urc;
42	#endif /* PUTUTLINE_RETURNS_UTMP */
43
44	uname = uw_pathname(talloc_tos(), "utmp", ut_pathname);
45	@@ -376,127 +376,52 @@ static void utmp_nox_update(struct utmp
46	}
47	}
48
49	-/****************************************************************************
50	- Copy a string in the utmp structure.
51	-****************************************************************************/
52
53	-static void utmp_strcpy(char dest, const char src, size_t n)
54	-{
55	- size_t len = 0;
56
57	- memset(dest, '\0', n);
58	- if (src)
59	- len = strlen(src);
60	- if (len >= n) {
61	- memcpy(dest, src, n);
62	- } else {
63	- if (len)
64	- memcpy(dest, src, len);
65	- }
66	-}
67	+
68
69	/****************************************************************************
70	Update via utmpx/wtmpx (preferred) or via utmp/wtmp.
71	****************************************************************************/
72
73	-static void sys_utmp_update(struct utmp u, const char hostname, bool claim)
74	+static void sys_utmp_update(STRUCT_UTMP u, const char hostname, bool claim)
75	{
76	-#if !defined(HAVE_UTMPX_H)
77	- /* No utmpx stuff. Drop to non-x stuff */
78	- utmp_nox_update(u, claim);
79	-#elif !defined(HAVE_PUTUTXLINE)
80	- /* Odd. Have utmpx.h but no "pututxline()". Drop to non-x stuff */
81	- DEBUG(1,("utmp_update: have utmpx.h but no pututxline() function\n"));
82	- utmp_nox_update(u, claim);
83	-#elif !defined(HAVE_GETUTMPX)
84	- /* Odd. Have utmpx.h but no "getutmpx()". Drop to non-x stuff */
85	- DEBUG(1,("utmp_update: have utmpx.h but no getutmpx() function\n"));
86	- utmp_nox_update(u, claim);
87	-#elif !defined(HAVE_UPDWTMPX)
88	- /* Have utmpx.h but no "updwtmpx()". Drop to non-x stuff */
89	- DEBUG(1,("utmp_update: have utmpx.h but no updwtmpx() function\n"));
90	- utmp_nox_update(u, claim);
91	-#else
92	- char *uname = NULL;
93	- char *wname = NULL;
94	- struct utmpx ux, *uxrc;
95	-
96	- getutmpx(u, &ux);
97	-
98	-#if defined(HAVE_UX_UT_SYSLEN)
99	- if (hostname)
100	- ux.ut_syslen = strlen(hostname) + 1; /* include end NULL */
101	- else
102	- ux.ut_syslen = 0;
103	-#endif
104	-#if defined(HAVE_UX_UT_HOST)
105	- utmp_strcpy(ux.ut_host, hostname, sizeof(ux.ut_host));
106	-#endif
107	-
108	- uname = uw_pathname(talloc_tos(), "utmpx", ux_pathname);
109	- wname = uw_pathname(talloc_tos(), "wtmpx", wx_pathname);
110	- if (uname && wname) {
111	- DEBUG(2,("utmp_update: uname:%s wname:%s\n", uname, wname));
112	- }
113	+ STRUCT_UTMP *urc;
114
115	- /*
116	- * Check for either uname or wname being empty.
117	- * Some systems, such as Redhat 6, have a "utmpx.h" which doesn't
118	- * define default filenames.
119	- * Also, our local installation has not provided an override.
120	- * Drop to non-x method. (E.g. RH6 has good defaults in "utmp.h".)
121	- */
122	- if (!uname \|\| !wname \|\| (strlen(uname) == 0) \|\| (strlen(wname) == 0)) {
123	- utmp_nox_update(u, claim);
124	- } else {
125	- utmpxname(uname);
126	- setutxent();
127	- uxrc = pututxline(&ux);
128	- endutxent();
129	- if (uxrc == NULL) {
130	- DEBUG(2,("utmp_update: pututxline() failed\n"));
131	- return;
132	- }
133	- updwtmpx(wname, &ux);
134	+ setutxent();
135	+ urc = pututxline(u);
136	+ endutxent();
137	+ if (urc == NULL) {
138	+ DEBUG(2,("utmp_update: pututxline() failed\n"));
139	+ return;
140	}
141	-#endif /* HAVE_UTMPX_H */
142	}
143
144	#if defined(HAVE_UT_UT_ID)
145	/****************************************************************************
146	Encode the unique connection number into "ut_id".
147	****************************************************************************/
148	-
149	-static int ut_id_encode(int i, char *fourbyte)
150	+static void ut_id_encode(char *buf, int id, size_t buf_size)
151	{
152	- int nbase;
153	- const char *ut_id_encstr = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
154	-
155	-/*
156	- * 'ut_id_encstr' is the character set on which modulo arithmetic is done.
157	- * Example: digits would produce the base-10 numbers from '001'.
158	- */
159	- nbase = strlen(ut_id_encstr);
160	+ const char ut_id_encstr[] = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
161
162	- fourbyte[0] = ut_id_encstr[i % nbase];
163	- i /= nbase;
164	- fourbyte[1] = ut_id_encstr[i % nbase];
165	- i /= nbase;
166	- fourbyte[3] = ut_id_encstr[i % nbase];
167	- i /= nbase;
168	- fourbyte[2] = ut_id_encstr[i % nbase];
169	- i /= nbase;
170	+ int nbase = sizeof(ut_id_encstr) - 1;
171	+ /*
172	+ * 'ut_id_encstr' is the character set on which modulo arithmetic is done.
173	+ * Example: digits would produce the base-10 numbers from '001'.
174	+ */
175
176	- /* we do not care about overflows as i is a random number */
177	- return 0;
178	+ for(int i = 0; i < buf_size; i++) {
179	+ buf[i] = ut_id_encstr[id % nbase];
180	+ id /= nbase;
181	+ }
182	}
183	#endif /* defined(HAVE_UT_UT_ID) */
184
185	-
186	/*
187	fill a system utmp structure given all the info we can gather
188	*/
189	-static bool sys_utmp_fill(struct utmp *u,
190	+static bool sys_utmp_fill(STRUCT_UTMP *u,
191	const char username, const char hostname,
192	const char *id_str, int id_num)
193	{
194	@@ -509,16 +434,16 @@ static bool sys_utmp_fill(struct utmp *u
195	* rather than to try to detect and optimise.
196	*/
197	#if defined(HAVE_UT_UT_USER)
198	- utmp_strcpy(u->ut_user, username, sizeof(u->ut_user));
199	+ strncpy(u->ut_user, username, sizeof(u->ut_user));
200	#elif defined(HAVE_UT_UT_NAME)
201	- utmp_strcpy(u->ut_name, username, sizeof(u->ut_name));
202	+ strncpy(u->ut_name, username, sizeof(u->ut_name));
203	#endif
204
205	/*
206	* ut_line:
207	* If size limit proves troublesome, then perhaps use "ut_id_encode()".
208	*/
209	- utmp_strcpy(u->ut_line, id_str, sizeof(u->ut_line));
210	+ strncpy(u->ut_line, id_str, sizeof(u->ut_line));
211
212	#if defined(HAVE_UT_UT_PID)
213	u->ut_pid = getpid();
214	@@ -535,20 +460,23 @@ static bool sys_utmp_fill(struct utmp *u
215	u->ut_time = timeval.tv_sec;
216	#elif defined(HAVE_UT_UT_TV)
217	GetTimeOfDay(&timeval);
218	- u->ut_tv = timeval;
219	+ u->ut_tv.tv_sec = timeval.tv_sec;
220	+ u->ut_tv.tv_usec = timeval.tv_usec;
221	#else
222	#error "with-utmp must have UT_TIME or UT_TV"
223	#endif
224
225	#if defined(HAVE_UT_UT_HOST)
226	- utmp_strcpy(u->ut_host, hostname, sizeof(u->ut_host));
227	+ if(hostname != NULL) {
228	+ strncpy(u->ut_host, hostname, sizeof(u->ut_host));
229	+#if defined(HAVE_UT_UT_SYSLEN)
230	+ u->ut_syslen = strlen(hostname) + 1; /* include trailing NULL */
231	+#endif
232	+ }
233	#endif
234
235	#if defined(HAVE_UT_UT_ID)
236	- if (ut_id_encode(id_num, u->ut_id) != 0) {
237	- DEBUG(1,("utmp_fill: cannot encode id %d\n", id_num));
238	- return False;
239	- }
240	+ ut_id_encode(u->ut_id, id_num, sizeof(u->ut_id));
241	#endif
242
243	return True;
244	@@ -561,7 +489,7 @@ static bool sys_utmp_fill(struct utmp *u
245	void sys_utmp_yield(const char username, const char hostname,
246	const char *id_str, int id_num)
247	{
248	- struct utmp u;
249	+ STRUCT_UTMP u;
250
251	ZERO_STRUCT(u);
252
253	@@ -587,7 +515,7 @@ void sys_utmp_yield(const char *username
254	void sys_utmp_claim(const char username, const char hostname,
255	const char *id_str, int id_num)
256	{
257	- struct utmp u;
258	+ STRUCT_UTMP u;
259
260	ZERO_STRUCT(u);

Added Link Here

(-)b/net/samba415/files/disabled/patch-source3_torture_cmd__vfs.c (+140 lines)
1	--- source3/torture/cmd_vfs.c.orig 2019-01-15 10:07:00 UTC
2	+++ source3/torture/cmd_vfs.c
3	@@ -145,7 +145,84 @@ static NTSTATUS cmd_disk_free(struct vfs_state *vfs, T
4	return NT_STATUS_OK;
5	}
6
7	+static NTSTATUS cmd_get_quota(struct vfs_state vfs, TALLOC_CTX mem_ctx, int argc, const char **argv)
8	+{
9	+ struct smb_filename *smb_fname = NULL;
10	+ uint64_t quota, bsize, dfree, dsize;
11	+ enum SMB_QUOTA_TYPE qtype;
12	+ SMB_DISK_QUOTA D;
13	+ unid_t id;
14	+ int r;
15
16	+ if (argc != 4) {
17	+ printf("Usage: get_quota <path> [user\|group] id\n");
18	+ return NT_STATUS_OK;
19	+ }
20	+
21	+ smb_fname = synthetic_smb_fname(talloc_tos(),
22	+ argv[1],
23	+ NULL,
24	+ NULL,
25	+ 0,
26	+ ssf_flags());
27	+ if (smb_fname == NULL) {
28	+ return NT_STATUS_NO_MEMORY;
29	+ }
30	+
31	+ if(strcmp(argv[2], "user") == 0) {
32	+ qtype = SMB_USER_FS_QUOTA_TYPE;
33	+ }
34	+ else if(strcmp(argv[2], "group") == 0) {
35	+ qtype = SMB_GROUP_FS_QUOTA_TYPE;
36	+ }
37	+ else {
38	+ printf("Usage: get_quota <path> [user\|group] id\n");
39	+ return NT_STATUS_OK;
40	+ }
41	+
42	+ id.uid = atoi(argv[3]);
43	+
44	+ ZERO_STRUCT(D);
45	+
46	+ r = SMB_VFS_GET_QUOTA(vfs->conn, smb_fname, qtype, id, &D);
47	+
48	+ if (r == -1 && errno != ENOSYS) {
49	+ return NT_STATUS_UNSUCCESSFUL;
50	+ }
51	+
52	+ if (r == 0 && (D.qflags & QUOTAS_DENY_DISK) == 0) {
53	+ return NT_STATUS_UNSUCCESSFUL;
54	+ }
55	+
56	+ bsize = D.bsize;
57	+ /* Use softlimit to determine disk space, except when it has been exceeded */
58	+ if (
59	+ (D.softlimit && D.curblocks >= D.softlimit) \|\|
60	+ (D.hardlimit && D.curblocks >= D.hardlimit) \|\|
61	+ (D.isoftlimit && D.curinodes >= D.isoftlimit) \|\|
62	+ (D.ihardlimit && D.curinodes>=D.ihardlimit)
63	+ ) {
64	+ dfree = 0;
65	+ dsize = D.curblocks;
66	+ } else if (D.softlimit==0 && D.hardlimit==0) {
67	+ return NT_STATUS_UNSUCCESSFUL;
68	+ } else {
69	+ if (D.softlimit == 0) {
70	+ D.softlimit = D.hardlimit;
71	+ }
72	+ dfree = D.softlimit - D.curblocks;
73	+ dsize = D.softlimit;
74	+ }
75	+
76	+ printf("get_quota: bsize = %lu, dfree = %lu, dsize = %lu\n",
77	+ (unsigned long)bsize,
78	+ (unsigned long)dfree,
79	+ (unsigned long)dsize);
80	+
81	+ return NT_STATUS_OK;
82	+}
83	+
84	+
85	static NTSTATUS cmd_opendir(struct vfs_state vfs, TALLOC_CTX mem_ctx, int argc, const char **argv)
86	{
87	struct smb_filename *smb_fname = NULL;
88	@@ -2028,6 +2105,7 @@ struct cmd_set vfs_commands[] = {
89	{ "connect", cmd_connect, "VFS connect()", "connect" },
90	{ "disconnect", cmd_disconnect, "VFS disconnect()", "disconnect" },
91	{ "disk_free", cmd_disk_free, "VFS disk_free()", "disk_free <path>" },
92	+ { "get_quota", cmd_get_quota, "VFS get_quota()", "get_quota <path> [user\|group] id" },
93	{ "opendir", cmd_opendir, "VFS opendir()", "opendir <fname>" },
94	{ "readdir", cmd_readdir, "VFS readdir()", "readdir" },
95	{ "mkdir", cmd_mkdir, "VFS mkdir()", "mkdir <path>" },
96	@@ -2057,33 +2135,22 @@ struct cmd_set vfs_commands[] = {
97	{ "link", cmd_link, "VFS link()", "link <oldpath> <newpath>" },
98	{ "mknod", cmd_mknod, "VFS mknod()", "mknod <path> <mode> <dev>" },
99	{ "realpath", cmd_realpath, "VFS realpath()", "realpath <path>" },
100	- { "getxattr", cmd_getxattr, "VFS getxattr()",
101	- "getxattr <path> <name>" },
102	- { "listxattr", cmd_listxattr, "VFS listxattr()",
103	- "listxattr <path>" },
104	- { "setxattr", cmd_setxattr, "VFS setxattr()",
105	- "setxattr <path> <name> <value> [<flags>]" },
106	- { "removexattr", cmd_removexattr, "VFS removexattr()",
107	- "removexattr <path> <name>\n" },
108	- { "fget_nt_acl", cmd_fget_nt_acl, "VFS fget_nt_acl()",
109	- "fget_nt_acl <fd>\n" },
110	- { "get_nt_acl", cmd_get_nt_acl, "VFS get_nt_acl()",
111	- "get_nt_acl <path>\n" },
112	- { "fset_nt_acl", cmd_fset_nt_acl, "VFS fset_nt_acl()",
113	- "fset_nt_acl <fd>\n" },
114	- { "set_nt_acl", cmd_set_nt_acl, "VFS open() and fset_nt_acl()",
115	- "set_nt_acl <file>\n" },
116	+ { "getxattr", cmd_getxattr, "VFS getxattr()", "getxattr <path> <name>" },
117	+ { "listxattr", cmd_listxattr, "VFS listxattr()", "listxattr <path>" },
118	+ { "setxattr", cmd_setxattr, "VFS setxattr()", "setxattr <path> <name> <value> [<flags>]" },
119	+ { "removexattr", cmd_removexattr, "VFS removexattr()", "removexattr <path> <name>\n" },
120	+ { "fget_nt_acl", cmd_fget_nt_acl, "VFS fget_nt_acl()", "fget_nt_acl <fd>\n" },
121	+ { "get_nt_acl", cmd_get_nt_acl, "VFS get_nt_acl()", "get_nt_acl <path>\n" },
122	+ { "fset_nt_acl", cmd_fset_nt_acl, "VFS fset_nt_acl()", "fset_nt_acl <fd>\n" },
123	+ { "set_nt_acl", cmd_set_nt_acl, "VFS open() and fset_nt_acl()", "set_nt_acl <file>\n" },
124	{ "sys_acl_get_file", cmd_sys_acl_get_file, "VFS sys_acl_get_file()", "sys_acl_get_file <path>" },
125	{ "sys_acl_get_fd", cmd_sys_acl_get_fd, "VFS sys_acl_get_fd()", "sys_acl_get_fd <fd>" },
126	- { "sys_acl_blob_get_file", cmd_sys_acl_blob_get_file,
127	- "VFS sys_acl_blob_get_file()", "sys_acl_blob_get_file <path>" },
128	- { "sys_acl_blob_get_fd", cmd_sys_acl_blob_get_fd,
129	- "VFS sys_acl_blob_get_fd()", "sys_acl_blob_get_fd <path>" },
130	+ { "sys_acl_blob_get_file", cmd_sys_acl_blob_get_file, "VFS sys_acl_blob_get_file()", "sys_acl_blob_get_file <path>" },
131	+ { "sys_acl_blob_get_fd", cmd_sys_acl_blob_get_fd, "VFS sys_acl_blob_get_fd()", "sys_acl_blob_get_fd <path>" },
132	{ "sys_acl_delete_def_file", cmd_sys_acl_delete_def_file, "VFS sys_acl_delete_def_file()", "sys_acl_delete_def_file <path>" },
133
134
135	- { "test_chain", cmd_test_chain, "test chain code",
136	- "test_chain" },
137	+ { "test_chain", cmd_test_chain, "test chain code", "test_chain" },
138	{ "translate_name", cmd_translate_name, "VFS translate_name()", "translate_name unix_filename" },
139	{0}
140	};

Added Link Here

(-)b/net/samba415/files/disabled/patch-source3_utils_net.c (+18 lines)
1	--- source3/utils/net.c.orig 2019-01-15 10:07:00 UTC
2	+++ source3/utils/net.c
3	@@ -1096,8 +1096,13 @@ static void get_credentials_file(struct
4	lp_set_cmdline("netbios name", c->opt_requester_name);
5	}
6
7	- if (!c->opt_user_name && getenv("LOGNAME")) {
8	- c->opt_user_name = getenv("LOGNAME");
9	+ if (!c->opt_user_name) {
10	+ if(getenv("LOGNAME"))
11	+ c->opt_user_name = getenv("LOGNAME");
12	+ else
13	+ d_fprintf(stderr,
14	+ _("Environment LOGNAME is not defined."
15	+ " Trying anonymous access.\n"));
16	}
17
18	if (!c->opt_workgroup) {

Added Link Here

(-)b/net/samba415/files/disabled/patch-source3_utils_net__time.c (+19 lines)
1	--- source3/utils/net_time.c.orig 2019-01-15 10:07:00 UTC
2	+++ source3/utils/net_time.c
3	@@ -81,10 +81,15 @@ static const char *systime(time_t t)
4	if (!tm) {
5	return "unknown";
6	}
7	-
8	+#if defined(FREEBSD)
9	+ return talloc_asprintf(talloc_tos(), "%02d%02d%02d%02d%02d.%02d",
10	+ tm->tm_year + 1900, tm->tm_mon+1, tm->tm_mday,
11	+ tm->tm_hour, tm->tm_min, tm->tm_sec);
12	+#else
13	return talloc_asprintf(talloc_tos(), "%02d%02d%02d%02d%04d.%02d",
14	tm->tm_mon+1, tm->tm_mday, tm->tm_hour,
15	tm->tm_min, tm->tm_year + 1900, tm->tm_sec);
16	+#endif
17	}
18
19	int net_time_usage(struct net_context c, int argc, const char *argv)

Added Link Here

(-)b/net/samba415/files/disabled/patch-source3_wscript (+84 lines)
1	--- source3/wscript.orig 2019-07-09 10:08:41 UTC
2	+++ source3/wscript
3	@@ -50,6 +50,7 @@ def options(opt):
4	opt.samba_add_onoff_option('sendfile-support', default=None)
5	opt.samba_add_onoff_option('utmp')
6	opt.samba_add_onoff_option('avahi', with_name="enable", without_name="disable")
7	+ opt.samba_add_onoff_option('dnssd', with_name="enable", without_name="disable")
8	opt.samba_add_onoff_option('iconv')
9	opt.samba_add_onoff_option('acl-support')
10	opt.samba_add_onoff_option('dnsupdate')
11	@@ -784,34 +785,39 @@ msg.msg_accrightslen = sizeof(fd);
12
13	if Options.options.with_utmp:
14	conf.env.with_utmp = True
15	- if not conf.CHECK_HEADERS('utmp.h'): conf.env.with_utmp = False
16	- conf.CHECK_FUNCS('pututline pututxline updwtmp updwtmpx getutmpx getutxent')
17	- conf.CHECK_STRUCTURE_MEMBER('struct utmp', 'ut_name', headers='utmp.h',
18	+ if not conf.CHECK_HEADERS('utmpx.h') and not conf.CHECK_HEADERS('utmp.h'):
19	+ conf.env.with_utmp = False
20	+ if conf.CONFIG_SET('HAVE_UTMPX_H'):
21	+ conf.DEFINE('STRUCT_UTMP', 'struct utmpx')
22	+ elif conf.CONFIG_SET('HAVE_UTMP_H'):
23	+ conf.DEFINE('STRUCT_UTMP', 'struct utmp')
24	+ conf.CHECK_FUNCS('pututxline getutxid getutxline updwtmpx getutmpx setutxent endutxent')
25	+ conf.CHECK_FUNCS('pututline getutid getutline updwtmp getutmp setutent endutent')
26	+ conf.CHECK_STRUCTURE_MEMBER('STRUCT_UTMP', 'ut_name', headers='utmpx.h utmp.h',
27	define='HAVE_UT_UT_NAME')
28	- conf.CHECK_STRUCTURE_MEMBER('struct utmp', 'ut_user', headers='utmp.h',
29	+
30	+ conf.CHECK_STRUCTURE_MEMBER('STRUCT_UTMP', 'ut_user', headers='utmpx.h utmp.h',
31	define='HAVE_UT_UT_USER')
32	- conf.CHECK_STRUCTURE_MEMBER('struct utmp', 'ut_id', headers='utmp.h',
33	+ conf.CHECK_STRUCTURE_MEMBER('STRUCT_UTMP', 'ut_id', headers='utmpx.h utmp.h',
34	define='HAVE_UT_UT_ID')
35	- conf.CHECK_STRUCTURE_MEMBER('struct utmp', 'ut_host', headers='utmp.h',
36	+ conf.CHECK_STRUCTURE_MEMBER('STRUCT_UTMP', 'ut_host', headers='utmpx.h utmp.h',
37	define='HAVE_UT_UT_HOST')
38	- conf.CHECK_STRUCTURE_MEMBER('struct utmp', 'ut_time', headers='utmp.h',
39	+ conf.CHECK_STRUCTURE_MEMBER('STRUCT_UTMP', 'ut_time', headers='utmpx.h utmp.h',
40	define='HAVE_UT_UT_TIME')
41	- conf.CHECK_STRUCTURE_MEMBER('struct utmp', 'ut_tv', headers='utmp.h',
42	+ conf.CHECK_STRUCTURE_MEMBER('STRUCT_UTMP', 'ut_tv', headers='utmpx.h utmp.h',
43	define='HAVE_UT_UT_TV')
44	- conf.CHECK_STRUCTURE_MEMBER('struct utmp', 'ut_type', headers='utmp.h',
45	+ conf.CHECK_STRUCTURE_MEMBER('STRUCT_UTMP', 'ut_type', headers='utmpx.h utmp.h',
46	define='HAVE_UT_UT_TYPE')
47	- conf.CHECK_STRUCTURE_MEMBER('struct utmp', 'ut_pid', headers='utmp.h',
48	+ conf.CHECK_STRUCTURE_MEMBER('STRUCT_UTMP', 'ut_pid', headers='utmpx.h utmp.h',
49	define='HAVE_UT_UT_PID')
50	- conf.CHECK_STRUCTURE_MEMBER('struct utmp', 'ut_exit.e_exit', headers='utmp.h',
51	+ conf.CHECK_STRUCTURE_MEMBER('STRUCT_UTMP', 'ut_exit.e_exit', headers='utmpx.h utmp.h',
52	define='HAVE_UT_UT_EXIT')
53	- conf.CHECK_STRUCTURE_MEMBER('struct utmpx', 'ut_syslen', headers='utmpx.h',
54	- define='HAVE_UX_UT_SYSLEN')
55	- conf.CHECK_STRUCTURE_MEMBER('struct utmpx', 'ut_host', headers='utmpx.h',
56	- define='HAVE_UX_UT_HOST')
57	+ conf.CHECK_STRUCTURE_MEMBER('STRUCT_UTMP', 'ut_syslen', headers='utmpx.h utmp.h',
58	+ define='HAVE_UT_UT_SYSLEN')
59	conf.CHECK_CODE('struct utmp utarg; struct utmp *utreturn; utreturn = pututline(&utarg);',
60	'PUTUTLINE_RETURNS_UTMP', headers='utmp.h',
61	msg="Checking whether pututline returns pointer")
62	- conf.CHECK_SIZEOF(['((struct utmp *)NULL)->ut_line'], headers='utmp.h',
63	+ conf.CHECK_SIZEOF(['((STRUCT_UTMP *)NULL)->ut_line'], headers='utmpx.h utmp.h',
64	define='SIZEOF_UTMP_UT_LINE', critical=False)
65	if not conf.CONFIG_SET('SIZEOF_UTMP_UT_LINE'):
66	conf.env.with_utmp = False
67	@@ -833,6 +839,17 @@ msg.msg_accrightslen = sizeof(fd);
68	conf.SET_TARGET_TYPE('avahi-common', 'EMPTY')
69	conf.SET_TARGET_TYPE('avahi-client', 'EMPTY')
70
71	+ if Options.options.with_dnssd:
72	+ conf.env.with_dnssd = True
73	+ if not conf.CHECK_HEADERS('dns_sd.h'):
74	+ conf.env.with_dnssd = False
75	+ if not conf.CHECK_FUNCS_IN('DNSServiceRegister', 'dns_sd'):
76	+ conf.env.with_dnssd = False
77	+ if conf.env.with_dnssd:
78	+ conf.DEFINE('WITH_DNSSD_SUPPORT', 1)
79	+ else:
80	+ conf.SET_TARGET_TYPE('dns_sd', 'EMPTY')
81	+
82	if Options.options.with_iconv:
83	conf.env.with_iconv = True
84	if not conf.CHECK_FUNCS_IN('iconv_open', 'iconv', headers='iconv.h'):