Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 25 Mar 2018 00:34:28 +0000 (UTC)
From:      "Timur I. Bakeyev" <timur@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r465492 - in head/net/samba48: . files files/man
Message-ID:  <201803250034.w2P0YS7M071019@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: timur
Date: Sun Mar 25 00:34:28 2018
New Revision: 465492
URL: https://svnweb.freebsd.org/changeset/ports/465492

Log:
  Initial attempt to bring Samba 4.8 to FreeBSD. Still, there could be rough edges. Don't try it in the production environment yet.
  
  Sponsored by:	ixSystems Inc.

Added:
  head/net/samba48/files/man/samba_gpoupdate.8   (contents, props changed)
  head/net/samba48/files/patch-quickfix__in__progress   (contents, props changed)
  head/net/samba48/files/patch-source3__modules__wscript_build   (contents, props changed)
  head/net/samba48/files/patch-source4__dsdb__samdb__ldb_modules__encrypted_secrets.c   (contents, props changed)
  head/net/samba48/files/patch-vfs_freebsd.c   (contents, props changed)
  head/net/samba48/files/patch-vfs_virusfilter   (contents, props changed)
Modified:
  head/net/samba48/Makefile
  head/net/samba48/distinfo
  head/net/samba48/files/README.FreeBSD.in
  head/net/samba48/files/samba_server.in
  head/net/samba48/pkg-descr
  head/net/samba48/pkg-plist

Modified: head/net/samba48/Makefile
==============================================================================
--- head/net/samba48/Makefile	Sat Mar 24 22:27:38 2018	(r465491)
+++ head/net/samba48/Makefile	Sun Mar 25 00:34:28 2018	(r465492)
@@ -1,7 +1,7 @@
 # Created by: timur@FreeBSD.org
 # $FreeBSD$
 
-PORTNAME=			${SAMBA4_BASENAME}47
+PORTNAME=			${SAMBA4_BASENAME}48
 PORTVERSION=			${SAMBA4_VERSION}
 PORTREVISION=			0
 CATEGORIES?=			net
@@ -15,14 +15,14 @@ LICENSE=			GPLv3
 
 IGNORE_NONTHREAD_PYTHON=	needs port lang/python${PYTHON_SUFFIX} to be build with THREADS support
 
-CONFLICTS_INSTALL?=		samba4-4.0.* samba4[1-689]-4.* p5-Parse-Pidl-4.*
+CONFLICTS_INSTALL?=		samba4-4.0.* samba4[1-79]-4.* p5-Parse-Pidl-4.*
 
 EXTRA_PATCHES+=			${PATCHDIR}/0001-Zfs-provision-1.patch:-p1
 EXTRA_PATCHES+=			${PATCHDIR}/0001-Freenas-master-mdns-fixes-22.patch:-p1
 
 SAMBA4_BASENAME=		samba
 SAMBA4_PORTNAME=		${SAMBA4_BASENAME}4
-SAMBA4_VERSION=			4.7.6
+SAMBA4_VERSION=			4.8.0
 SAMBA4_DISTNAME=		${SAMBA4_BASENAME}-${SAMBA4_VERSION:S|.p|pre|:S|.r|rc|:S|.t|tp|:S|.a|alpha|}
 
 WRKSRC?=			${WRKDIR}/${DISTNAME}
@@ -60,6 +60,7 @@ CONFIGURE_ARGS+=		--mandir="${MANPREFIX}/man" \
 				--with-lockdir="${SAMBA4_LOCKDIR}" \
 				--with-statedir="${SAMBA4_LOCKDIR}" \
 				--with-cachedir="${SAMBA4_LOCKDIR}" \
+				--with-bind-dns-dir=${SAMBA4_BINDDNSDIR} \
 				--with-privatedir="${SAMBA4_PRIVATEDIR}" \
 				--with-logfilebase="${SAMBA4_LOGDIR}"
 # XXX: Flags
@@ -92,7 +93,7 @@ OPTIONS_DEFINE+=		DEVELOPER MANDOC
 OPTIONS_DEFINE_amd64=		AESNI
 OPTIONS_DEFAULT_amd64=		AESNI
 
-OPTIONS_DEFINE+=		CLUSTER CUPS GLUSTERFS GPGME NTVFS SPOTLIGHT
+OPTIONS_DEFINE+=		CUPS GPGME NTVFS SPOTLIGHT
 
 OPTIONS_RADIO=			DNS ZEROCONF
 OPTIONS_RADIO_DNS=		NSUPDATE BIND99 BIND910 BIND911
@@ -121,6 +122,8 @@ BIND910_DESC=			Use Bind 9.10 as AD DC DNS server fron
 BIND911_DESC=			Use Bind 9.11 as AD DC DNS server frontend
 NSUPDATE_DESC=			Use samba NSUPDATE utility for AD DC
 ##############################################################################
+PLIST_SUB+=			CLUSTER="@comment "
+SUB_LIST+=			CLUSTER="@comment "
 # XXX: Unconditional dependencies which can't be switched off(if present in the system)
 # popt
 LIB_DEPENDS+=			libpopt.so:devel/popt
@@ -146,7 +149,7 @@ RUN_DEPENDS+=			libarchive>=3.1.2:archivers/libarchive
 #SAMBA4_BUNDLED_TEVENT=		yes
 #SAMBA4_BUNDLED_TDB=		yes
 #SAMBA4_BUNDLED_LDB=		yes
-SAMBA4_LDB=			12
+SAMBA4_LDB=			13
 # cmocka
 .if defined(SAMBA4_BUNDLED_CMOCKA)
 SAMBA4_BUNDLED_LIBS+=		cmocka
@@ -350,7 +353,7 @@ LIB_DEPENDS+=			libdbus-1.so:devel/dbus
 LIB_DEPENDS+=			libdbus-glib-1.so:devel/dbus-glib
 .endif
 
-#SAMBA4_MODULES+=		vfs_freebsd
+SAMBA4_MODULES+=		vfs_freebsd
 
 SAMBA4_MODULES+=		idmap_nss idmap_autorid idmap_rid idmap_hash idmap_tdb idmap_tdb2 idmap_script nss-info_hash
 # List of extra modules taken from RHEL build
@@ -362,7 +365,7 @@ SAMBA4_MODULES+=		idmap_ad idmap_rfc2307 nss-info_temp
 .if ${PORT_OPTIONS:MDEVELOPER}
 SAMBA4_MODULES+=		auth_skel pdb_test gpext_security gpext_registry gpext_scripts perfcount_test \
 				vfs_fake_dfq vfs_skel_opaque vfs_skel_transparent vfs_shadow_copy_test vfs_fake_acls \
-				vfs_nfs4acl_xattr
+				vfs_nfs4acl_xattr vfs_error_inject
 .endif
 
 .if defined(WANT_EXP_MODULES) && !empty(WANT_EXP_MODULES)
@@ -521,6 +524,7 @@ pre-build-MANDOC-off:
 				source4/lib/registry/man/regpatch.1 \
 				source4/lib/registry/man/regshell.1 \
 				source4/lib/registry/man/regtree.1 \
+				source4/scripting/man/samba_gpoupdate.8 \
 				source4/torture/man/gentest.1 \
 				source4/torture/man/locktest.1 \
 				source4/torture/man/masktest.1 \

Modified: head/net/samba48/distinfo
==============================================================================
--- head/net/samba48/distinfo	Sat Mar 24 22:27:38 2018	(r465491)
+++ head/net/samba48/distinfo	Sun Mar 25 00:34:28 2018	(r465492)
@@ -1,3 +1,3 @@
-TIMESTAMP = 1520935629
-SHA256 (samba-4.7.6.tar.gz) = 1eede30fc8ef6504e24602fb72b00baa0a7b73b59f16d25cb0771dc8c7c57d6e
-SIZE (samba-4.7.6.tar.gz) = 16864824
+TIMESTAMP = 1520983130
+SHA256 (samba-4.8.0.tar.gz) = 87d9b585dbd8628e79aabb6e621a94bd20a072a00762e78e0899fad22fc18fb7
+SIZE (samba-4.8.0.tar.gz) = 17659751

Modified: head/net/samba48/files/README.FreeBSD.in
==============================================================================
--- head/net/samba48/files/README.FreeBSD.in	Sat Mar 24 22:27:38 2018	(r465491)
+++ head/net/samba48/files/README.FreeBSD.in	Sun Mar 25 00:34:28 2018	(r465492)
@@ -23,28 +23,22 @@ FreeBSD specific information
 
 * Provisioning script is: %%PREFIX%%/bin/samba-tool
 
-Samba4 provisioning requires file system(s) with POSIX ACLs support. At
-the moment that is UFS2 only. You have to add 'acls' option to the mount
-flags to get things working.
+Samba4 provisioning requires file system(s) with the ACLs support. On
+UFS2 you need to enable POSIX ACLs by adding 'acls' option to the mount
+flags, on ZFS you need to use NFSv4 ACLs and `zfsacl` VFS module to get
+provisioning work.
 
-It is known that ZFS-only installations don't work out of the box with
-Samba4. In partucular, s3fs service requires POSIX ACLs during provi-
-sioning. It is possible to work around that requirement by specifying:
+There is a hack in the code, that makes provisioning work on UFS2 and in
+the jails on the price of using USER extattr(2) namespace, which is less
+secure than SYSTEM namespace, as can be edited not only by root user, but
+also by the owner of the file.
 
-    # samba-tool domain provision --interactive --use-xattrs=no --use-ntvfs
+For the provisioning on ZFS you need to use additional parameters to the
+samba-tool, that would explicitly add `zfsacl` to the default `vfs objects`:
 
-And removing later in '%%SAMBA4_CONFIG%%' options like:
+    # samba-tool domain provision --interactive \
+            --option="vfs objects"="dfs_samba4 zfsacl"
 
-    'server services', 'dcerpc endpoint servers', 'posix:eadb'
-
-and adding 'vfs objects = zfsacl' as well. Still this isn't supported
-and tested configuration, so use it at your own risk.
-
-You may find this tutorial useful, if you happen to run Samba4 on
-ZFS-root:
-
-    o http://glsan.com/community/samba4
-
 To run this port you need to perform the following steps:
 ---------------------------------------------------------
 
@@ -52,9 +46,6 @@ To run this port you need to perform the following ste
 all the relevant files. That includes 'smb.conf' file and all the
 content of the '/var/db/samba/' directory.
 
-If you had Samba4-devel installation before to my knowledge the best
-option would be to start from scratch.
-
 1a. Create new '%%SAMBA4_CONFDIR%%/%%SAMBA4_CONFIG%%' file by running:
 
     # samba-tool domain provision
@@ -75,8 +66,8 @@ Stop them, if necessary.
 
 4. Run '%%PREFIX%%/etc/rc.d/samba_server start' or reboot.
 
-WARNING! This port is still experimental and if you need any asistance,
-please, check archives of samba@lists.samba.org and ask there for help.
+Please, check archives of samba@lists.samba.org and ask there for help,
+if necessary:
 
     https://lists.samba.org/archive/samba/
 

Added: head/net/samba48/files/man/samba_gpoupdate.8
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/net/samba48/files/man/samba_gpoupdate.8	Sun Mar 25 00:34:28 2018	(r465492)
@@ -0,0 +1,113 @@
+'\" t
+.\"     Title: SAMBA_GPOUPDATE
+.\"    Author: [see the "AUTHOR" section]
+.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>;
+.\"      Date: 2017-07-11
+.\"    Manual: System Administration tools
+.\"    Source: Samba 4.8.0
+.\"  Language: English
+.\"
+.TH "SAMBA_GPOUPDATE" "8" "2017\-07\-11" "Samba 4\&.8\&.0" "System Administration tools"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+samba_gpoupdate \- apply group policy
+.SH "SYNOPSIS"
+.HP \w'\fBsamba_gpoupdate\fR\ 'u
+\fBsamba_gpoupdate\fR
+.HP \w'\fBsamba_gpoupdate\fR\ 'u
+\fBsamba_gpoupdate\fR [\fIoptions\fR]
+.SH "DESCRIPTION"
+.PP
+This tool is part of the
+\fBsamba\fR(1)
+suite\&.
+.PP
+\fBsamba_gpoupdate\fR
+a script for applying and unapplying Group Policy\&. Group Policy application is experimental\&. Currently this applies password policies (minimum/maximum password age, minimum password length, and password complexity) and kerberos policies (user/service ticket lifetime and renew lifetime)\&.
+.SH "OPTIONS"
+.PP
+\fB\-h\fR,
+\fB\-\-help\fR
+show this help message and exit
+.PP
+\fB\-H \fRURL,
+\fB\-\-url\fR=\fIURL\fR
+URL for the samdb
+.PP
+\fB\-X\fR,
+\fB\-\-unapply\fR
+Unapply Group Policy
+.PP
+Samba Common Options:
+.PP
+\fB\-s \fRFILE,
+\fB\-\-configfile\fR=\fIFILE\fR
+Configuration file
+.PP
+\fB\-d \fRDEBUGLEVEL,
+\fB\-\-debuglevel\fR=\fIDEBUGLEVEL\fR
+debug level
+.PP
+\fB\-\-option\fR=\fIOPTION\fR
+set smb\&.conf option from command line
+.PP
+\fB\-\-realm\fR=\fIREALM\fR
+set the realm name
+.PP
+Version Options:
+.PP
+\fB\-V\fR,
+\fB\-\-version\fR
+Display version number
+.PP
+Credentials Options:
+.PP
+\fB\-\-simple\-bind\-dn\fR=\fIDN\fR
+DN to use for a simple bind
+.PP
+\fB\-\-password\fR=\fIPASSWORD\fR
+Password
+.PP
+\fB\-U \fRUSERNAME,
+\fB\-\-username\fR=\fIUSERNAME\fR
+Username
+.PP
+\fB\-W \fRWORKGROUP,
+\fB\-\-workgroup\fR=\fIWORKGROUP\fR
+Workgroup
+.PP
+\fB\-N\fR,
+\fB\-\-no\-pass\fR
+Don\*(Aqt ask for a password
+.PP
+\fB\-k \fRKERBEROS,
+\fB\-\-kerberos\fR=\fIKERBEROS\fR
+Use Kerberos
+.PP
+\fB\-\-ipaddress\fR=\fIIPADDRESS\fR
+IP address of server
+.PP
+\fB\-P\fR,
+\fB\-\-machine\-pass\fR
+Use stored machine account password
+.SH "AUTHOR"
+.PP
+The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.

Added: head/net/samba48/files/patch-quickfix__in__progress
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/net/samba48/files/patch-quickfix__in__progress	Sun Mar 25 00:34:28 2018	(r465492)
@@ -0,0 +1,24 @@
+--- source3/libnet/libnet_join.c.orig	2018-02-25 04:01:39 UTC
++++ source3/libnet/libnet_join.c
+@@ -2652,9 +2652,9 @@ static WERROR libnet_DomainJoin(TALLOC_C
+ 		DEBUG(5, ("failed to precreate account in ou %s: %s",
+ 			r->in.account_ou, ads_errstr(ads_status)));
+ 	}
+-#endif /* HAVE_ADS */
+ 
+  rpc_join:
++#endif /* HAVE_ADS */
+ 	if ((r->in.join_flags & WKSSVC_JOIN_FLAGS_JOIN_UNSECURE) &&
+ 	    (r->in.join_flags & WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED)) {
+ 		status = libnet_join_joindomain_rpc_unsecure(mem_ctx, r, cli);
+--- source3/libsmb/namequery_dc.c.orig	2018-02-25 02:59:41.002983000 +0100
++++ source3/libsmb/namequery_dc.c	2018-02-25 02:59:56.770533000 +0100
+@@ -32,7 +32,7 @@
+  Is this our primary domain ?
+ **********************************************************************/
+ 
+-#ifdef HAVE_KRB5
++#ifdef HAVE_ADS
+ static bool is_our_primary_domain(const char *domain)
+ {
+ 	int role = lp_server_role();

Added: head/net/samba48/files/patch-source3__modules__wscript_build
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/net/samba48/files/patch-source3__modules__wscript_build	Sun Mar 25 00:34:28 2018	(r465492)
@@ -0,0 +1,17 @@
+--- source3/modules/wscript_build.orig	2018-02-25 05:33:23 UTC
++++ source3/modules/wscript_build
+@@ -222,6 +222,14 @@ bld.SAMBA3_MODULE('vfs_zfsacl',
+                  internal_module=bld.SAMBA3_IS_STATIC_MODULE('vfs_zfsacl'),
+                  enabled=bld.SAMBA3_IS_ENABLED_MODULE('vfs_zfsacl'))
+ 
++bld.SAMBA3_MODULE('vfs_freebsd',
++                 subsystem='vfs',
++                 source='vfs_freebsd.c',
++                 deps='samba-util',
++                 init_function='',
++                 internal_module=bld.SAMBA3_IS_STATIC_MODULE('vfs_freebsd'),
++                 enabled=bld.SAMBA3_IS_ENABLED_MODULE('vfs_freebsd'))
++
+ xdr_buf_hack = 'sed -e "s@^\([ \t]*register int32_t \*buf\);@\\1 = buf;@"'
+ 
+ bld.SAMBA_GENERATOR('nfs41acl-xdr-c',

Added: head/net/samba48/files/patch-source4__dsdb__samdb__ldb_modules__encrypted_secrets.c
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/net/samba48/files/patch-source4__dsdb__samdb__ldb_modules__encrypted_secrets.c	Sun Mar 25 00:34:28 2018	(r465492)
@@ -0,0 +1,22 @@
+--- source4/dsdb/samdb/ldb_modules/encrypted_secrets.c.orig	2018-03-01 22:18:10 UTC
++++ source4/dsdb/samdb/ldb_modules/encrypted_secrets.c
+@@ -750,16 +750,16 @@ static struct ldb_val gnutls_encrypt_aea
+ 	 * Encrypt the value.
+ 	 */
+ 	{
+-		size_t el;
+-		const unsigned block_size = gnutls_cipher_get_tag_size(
++		const unsigned block_size = gnutls_cipher_get_block_size(
+ 			data->encryption_algorithm);
+-		const unsigned tag_size = gnutls_cipher_get_block_size(
++		const unsigned tag_size = gnutls_cipher_get_tag_size(
+ 			data->encryption_algorithm);
+ 		const size_t ed_size = round_to_block_size(
+ 			block_size,
+ 			sizeof(struct PlaintextSecret) + val.length);
+ 		const size_t en_size = ed_size + tag_size;
+ 		uint8_t *ct = talloc_zero_size(frame, en_size);
++		size_t el = en_size;
+ 
+ 		if (ct == NULL) {
+ 			ldb_set_errstring(ldb,

Added: head/net/samba48/files/patch-vfs_freebsd.c
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/net/samba48/files/patch-vfs_freebsd.c	Sun Mar 25 00:34:28 2018	(r465492)
@@ -0,0 +1,1785 @@
+--- /dev/null	2018-03-05 02:00:00 UTC
++++ source3/modules/vfs_freebsd.c	2018-03-05 02:04:19.982828000 +0100
+@@ -0,0 +1,1782 @@
++/*
++ * This module implements VFS calls specific to FreeBSD
++ *
++ * Copyright (C) Timur I. Bakeyev, 2018
++ *
++ * This program is free software; you can redistribute it and/or modify
++ * it under the terms of the GNU General Public License as published by
++ * the Free Software Foundation; either version 3 of the License, or
++ * (at your option) any later version.
++ *  
++ * This program is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ * GNU General Public License for more details.
++ *  
++ * You should have received a copy of the GNU General Public License
++ * along with this program; if not, see <http://www.gnu.org/licenses/>.
++ */
++
++#include "includes.h"
++
++//#include "../source3/include/includes.h"
++#include "lib/util/tevent_unix.h"
++#include "lib/util/tevent_ntstatus.h"
++#include "system/filesys.h"
++
++#include <sys/sysctl.h>
++
++
++#ifndef EXTATTR_MAXNAMELEN
++#define EXTATTR_MAXNAMELEN		UINT8_MAX
++#endif
++
++#define EXTATTR_NAMESPACE(NS)		EXTATTR_NAMESPACE_ ## NS, \
++					EXTATTR_NAMESPACE_ ## NS ## _STRING ".", \
++					.data.len = (sizeof(EXTATTR_NAMESPACE_ ## NS ## _STRING ".") - 1)
++
++#define EXTATTR_EMPTY			0x00
++#define EXTATTR_USER			0x01
++#define EXTATTR_SYSTEM			0x02
++#define EXTATTR_SECURITY		0x03
++#define EXTATTR_TRUSTED			0x04
++
++
++static bool is_secure = true;
++static bool is_legacy = false;
++
++typedef struct {
++	int namespace;
++	char name[EXTATTR_MAXNAMELEN+1];
++	union {
++		uint16_t len;
++		uint16_t flags;
++	} data;
++} extattr_attr;
++
++
++/* XXX: This order doesn't match namespace ids order! */
++static extattr_attr extattr[] = {
++	{ EXTATTR_NAMESPACE(EMPTY) },
++	{ EXTATTR_NAMESPACE(SYSTEM) },
++	{ EXTATTR_NAMESPACE(USER) },
++};
++
++typedef struct {
++	enum {
++		FILE, LINK, FDES
++	} method;
++	union {
++		const char *path;
++		int filedes;
++	} param;
++} extattr_arg;
++
++
++
++static bool freebsd_in_jail(void) {
++	int val = 0;
++	size_t val_len = sizeof(val);
++
++	if((sysctlbyname("security.jail.jailed", &val, &val_len, NULL, 0) != -1) && val == 1) {
++		return true;
++	}
++	return false;
++}
++
++static uint16_t freebsd_map_attrname(const char *name)
++{
++	if(name == NULL || name[0] == '\0') {
++		return EXTATTR_EMPTY;
++	}
++
++	switch(name[0]) {
++		case 'u':
++			if(strncmp(name, "user.", 5) == 0)
++				return EXTATTR_USER;
++			break;
++		case 't':
++			if(strncmp(name, "trusted.", 8) == 0)
++				return EXTATTR_TRUSTED;
++			break;
++		case 's':
++			/* name[1] could be any character, including '\0' */
++			switch(name[1]) {
++				case 'e':
++					if(strncmp(name, "security.", 9) == 0)
++						return EXTATTR_SECURITY;
++					break;
++				case 'y':
++					if(strncmp(name, "system.", 7) == 0)
++						return EXTATTR_SYSTEM;
++					break;
++			}
++			break;
++	}
++	return EXTATTR_USER;
++}
++
++/* security, system, trusted or user */
++static extattr_attr* freebsd_map_xattr(const char *name, extattr_attr *attr)
++{
++	int attrnamespace = EXTATTR_NAMESPACE_EMPTY;
++	const char *attrname = name;
++
++	if(name == NULL || name[0] == '\0') {
++		return NULL;
++	}
++
++	if(attr == NULL) {
++		return NULL;
++	}
++
++	uint16_t flags = freebsd_map_attrname(name);
++
++	switch(flags) {
++		case EXTATTR_USER:
++			attrnamespace = EXTATTR_NAMESPACE_USER;
++			if(is_legacy)
++				attrname = name + 5;
++			break;
++		case EXTATTR_SECURITY:
++		case EXTATTR_TRUSTED:
++			attrnamespace = (is_secure) ?
++					EXTATTR_NAMESPACE_SYSTEM :
++					EXTATTR_NAMESPACE_USER;
++			break;
++		case EXTATTR_SYSTEM:
++			attrnamespace = (is_secure) ?
++					EXTATTR_NAMESPACE_SYSTEM :
++					EXTATTR_NAMESPACE_USER;
++			if (is_legacy)
++				attrname = name + 7;
++			break;
++		default:
++			/* Default to "user" namespace if nothing else was specified */
++			attrnamespace = EXTATTR_NAMESPACE_USER;
++			flags = EXTATTR_USER;
++	}
++
++	attr->namespace = attrnamespace;
++	attr->data.flags = flags;
++	strlcpy(attr->name, attrname, EXTATTR_MAXNAMELEN+1);
++
++	return attr;
++}
++
++static ssize_t extattr_size(extattr_arg arg, extattr_attr *attr)
++{
++	ssize_t result;
++
++	switch(arg.method) {
++#if defined(HAVE_EXTATTR_GET_FILE)
++		case FILE:
++			result = extattr_get_file(arg.param.path, attr->namespace, attr->name, NULL, 0);
++			break;
++#endif
++#if defined(HAVE_EXTATTR_GET_LINK)
++		case LINK:
++			result = extattr_get_link(arg.param.path, attr->namespace, attr->name, NULL, 0);
++			break;
++#endif
++#if defined(HAVE_EXTATTR_GET_FD)
++		case FDES:
++			result = extattr_get_fd(arg.param.filedes, attr->namespace, attr->name, NULL, 0);
++			break;
++#endif
++		default:
++			errno = ENOSYS;
++			return -1;
++	}
++
++	if(result < 0) {
++		errno = EINVAL;
++		return -1;
++	}
++
++	return result;
++}
++
++
++/*
++ * The list of names is returned as an unordered array of NULL-terminated
++ * character strings (attribute names are separated by NULL characters),
++ * like this:
++ *      user.name1\0system.name1\0user.name2\0
++ *
++ * Filesystems like ext2, ext3 and XFS which implement POSIX ACLs using
++ * extended attributes, might return a list like this:
++ *      system.posix_acl_access\0system.posix_acl_default\0
++ */
++/*
++ * The extattr_list_file() returns a list of attributes present in the
++ * requested namespace. Each list entry consists of a single byte containing
++ * the length of the attribute name, followed by the attribute name. The
++ * attribute name is not terminated by ASCII 0 (nul).
++*/
++
++static ssize_t freebsd_extattr_list(extattr_arg arg, char *list, size_t size)
++{
++	ssize_t list_size, total_size = 0;
++	char *p, *q, *list_end;
++	int len;
++	/*
++	 Ignore all but user namespace when we are not root or in jail
++	 See: https://bugzilla.samba.org/show_bug.cgi?id=10247
++	*/
++	bool as_root = (geteuid() == 0);
++
++	int ns = (is_secure && as_root) ? 1 : 2;
++
++	/* Iterate through extattr(2) namespaces */
++	for(; ns < ARRAY_SIZE(extattr); ns++) {
++		switch(arg.method) {
++#if defined(HAVE_EXTATTR_LIST_FILE)
++			case FILE:
++				list_size = extattr_list_file(arg.param.path, extattr[ns].namespace, list, size);
++				break;
++#endif
++#if defined(HAVE_EXTATTR_LIST_LINK)
++			case LINK:
++				list_size = extattr_list_link(arg.param.path, extattr[ns].namespace, list, size);
++				break;
++#endif
++#if defined(HAVE_EXTATTR_LIST_FD)
++			case FDES:
++				list_size = extattr_list_fd(arg.param.filedes, extattr[ns].namespace, list, size);
++				break;
++#endif
++			default:
++				errno = ENOSYS;
++				return -1;
++		}
++		/* Some error happend. Errno should be set by the previous call */
++		if(list_size < 0)
++			return -1;
++		/* No attributes in this namespace */
++		if(list_size == 0)
++			continue;
++		/*
++		 Call with an empty buffer may be used to calculate
++		 necessary buffer size.
++		*/
++		if(list == NULL) {
++			/*
++			 XXX: Unfortunately, we can't say, how many attributes were
++			 returned, so here is the potential problem with the emulation.
++			*/
++			if(is_legacy) {
++				/*
++				 Take the worse case of one char attribute names -
++				 two bytes per name plus one more for sanity.
++				*/
++				total_size += list_size + (list_size/2 + 1)*extattr[ns].data.len;
++			}
++			else {
++				total_size += list_size;
++			}
++			continue;
++		}
++
++		if(is_legacy) {
++			/* Count necessary offset to fit namespace prefixes */
++			int extra_len = 0;
++			uint16_t flags;
++			list_end = list + list_size;
++			for(list_size = 0, p = q = list; p < list_end; p += len) {
++				len = p[0] + 1;
++				(void)strlcpy(q, p + 1, len);
++				flags = freebsd_map_attrname(q);
++				/* Skip secure attributes for non-root user */
++				if(!is_secure && !as_root && flags > EXTATTR_USER) {
++					continue;
++				}
++				if(flags <= EXTATTR_USER) {
++					/* Don't count trailing '\0' */
++					extra_len += extattr[ns].data.len;
++				}
++				list_size += len;
++				q += len;
++			}
++			total_size += list_size + extra_len;
++			/* Buffer is too small to fit the results */
++			if(total_size > size) {
++				errno = ERANGE;
++				return -1;
++			}
++			/* Shift results backwards, so we can prepend prefixes */
++			list_end = list + extra_len;
++			p = (char*)memmove(list_end, list, list_size);
++			/*
++			 We enter the loop with `p` pointing to the shifted list and
++			 `extra_len` having the total margin between `list` and `p`
++			*/
++			for(list_end += list_size; p < list_end; p += len) {
++				len = strlen(p) + 1;
++				flags = freebsd_map_attrname(p);
++				if(flags <= EXTATTR_USER) {
++					/* Add namespace prefix */
++					(void)strncpy(list, extattr[ns].name, extattr[ns].data.len);
++					list += extattr[ns].data.len;
++				}
++				/* Append attribute name */
++				(void)strlcpy(list, p, len);
++				list += len;
++			}
++		}
++		else {
++			/* Convert UCSD strings into nul-terminated strings */
++			for(list_end = list + list_size; list < list_end; list += len) {
++				len = list[0] + 1;
++				(void)strlcpy(list, list + 1, len);
++			}
++			total_size += list_size;
++		}
++	}
++	return total_size;
++}
++
++/*
++static ssize_t freebsd_getxattr_size(vfs_handle_struct *handle,
++				const struct smb_filename *smb_fname,
++				const char *name)
++{
++	extattr_arg arg = { FILE, smb_fname->base_name };
++	extattr_attr attr;
++
++	if(!freebsd_map_xattr(name, &attr)) {
++		errno = EINVAL;
++		return -1;
++	}
++
++	if(!is_secure && geteuid() != 0 && attr.data.flags > EXTATTR_USER) {
++		errno = ENOATTR;
++		return -1;
++	}
++
++	return extattr_size(arg, &attr);
++}
++*/
++
++/* VFS entries */
++static ssize_t freebsd_getxattr(vfs_handle_struct *handle,
++				const struct smb_filename *smb_fname,
++				const char *name,
++				void *value,
++				size_t size)
++{
++#if defined(HAVE_EXTATTR_GET_FILE)
++	extattr_arg arg = { FILE, .param.path = smb_fname->base_name };
++	extattr_attr attr;
++	ssize_t res;
++
++	if(!freebsd_map_xattr(name, &attr)) {
++		errno = EINVAL;
++		return -1;
++	}
++
++	/* Filter out 'secure' entries */
++	if(!is_secure && geteuid() != 0 && attr.data.flags > EXTATTR_USER) {
++		errno = ENOATTR;
++		return -1;
++	}
++
++	/*
++	 * The BSD implementation has a nasty habit of silently truncating
++	 * the returned value to the size of the buffer, so we have to check
++	 * that the buffer is large enough to fit the returned value.
++	 */
++	if((res=extattr_size(arg, &attr)) < 0) {
++		return -1;
++	}
++
++	if (size == 0) {
++		return res;
++	}
++	else if (res > size) {
++		errno = ERANGE;
++		return -1;
++	}
++
++	if((res=extattr_get_file(smb_fname->base_name, attr.namespace, attr.name, value, size)) >= 0) {
++		return res;
++	}
++	return -1;
++#else
++	errno = ENOSYS;
++	return -1;
++#endif
++}
++
++
++static ssize_t freebsd_fgetxattr(vfs_handle_struct *handle,
++			      struct files_struct *fsp, const char *name,
++			      void *value, size_t size)
++{
++#if defined(HAVE_EXTATTR_GET_FD)
++	extattr_arg arg = { FDES, .param.filedes = fsp->fh->fd };
++	extattr_attr attr;
++	ssize_t res;
++
++	if(!freebsd_map_xattr(name, &attr)) {
++		errno = EINVAL;
++		return -1;
++	}
++
++	/* Filter out 'secure' entries */
++	if(!is_secure && geteuid() != 0 && attr.data.flags > EXTATTR_USER) {
++		errno = ENOATTR;
++		return -1;
++	}
++
++	/*
++	 * The BSD implementation has a nasty habit of silently truncating
++	 * the returned value to the size of the buffer, so we have to check
++	 * that the buffer is large enough to fit the returned value.
++	 */
++	if((res=extattr_size(arg, &attr)) < 0) {
++		return -1;
++	}
++
++	if (size == 0) {
++		return res;
++	}
++	else if (res > size) {
++		errno = ERANGE;
++		return -1;
++	}
++
++	if((res=extattr_get_fd(fsp->fh->fd, attr.namespace, attr.name, value, size)) >= 0) {
++		return res;
++	}
++	return -1;
++#else
++	errno = ENOSYS;
++	return -1;
++#endif
++}
++
++
++static ssize_t freebsd_listxattr(vfs_handle_struct *handle,
++				const struct smb_filename *smb_fname,
++				char *list,
++				size_t size)
++{
++#if defined(HAVE_EXTATTR_LIST_FILE)
++	extattr_arg arg = { FILE, .param.path = smb_fname->base_name };
++
++	return freebsd_extattr_list(arg, list, size);
++#else
++	errno = ENOSYS;
++	return -1;
++#endif
++}
++
++
++static ssize_t freebsd_flistxattr(vfs_handle_struct *handle,
++			       struct files_struct *fsp, char *list,
++			       size_t size)
++{
++#if defined(HAVE_EXTATTR_LIST_FD)
++	extattr_arg arg = { FDES, .param.filedes = fsp->fh->fd };
++
++	return freebsd_extattr_list(arg, list, size);
++#else
++	errno = ENOSYS;
++	return -1;
++#endif
++}
++
++static int freebsd_removexattr(vfs_handle_struct *handle,
++			const struct smb_filename *smb_fname,
++			const char *name)
++{
++#if defined(HAVE_EXTATTR_DELETE_FILE)
++	extattr_attr attr;
++
++	if(!freebsd_map_xattr(name, &attr)) {
++		errno = EINVAL;
++		return -1;
++	}
++
++	/* Filter out 'secure' entries */
++	if(!is_secure && geteuid() != 0 && attr.data.flags > EXTATTR_USER) {
++		errno = ENOATTR;
++		return -1;
++	}
++
++	return extattr_delete_file(smb_fname->base_name, attr.namespace, attr.name);
++#else
++	errno = ENOSYS;
++	return -1;
++#endif
++}
++
++
++static int freebsd_fremovexattr(vfs_handle_struct *handle,
++			     struct files_struct *fsp, const char *name)
++{
++#if defined(HAVE_EXTATTR_DELETE_FD)
++	extattr_attr attr;
++
++	if(!freebsd_map_xattr(name, &attr)) {
++		errno = EINVAL;
++		return -1;
++	}
++
++	/* Filter out 'secure' entries */
++	if(!is_secure && geteuid() != 0 && attr.data.flags > EXTATTR_USER) {
++		errno = ENOATTR;
++		return -1;
++	}
++
++	return extattr_delete_fd(fsp->fh->fd, attr.namespace, attr.name);
++#else
++	errno = ENOSYS;
++	return -1;
++#endif
++}
++
++
++static int freebsd_setxattr(vfs_handle_struct *handle,
++			const struct smb_filename *smb_fname,
++			const char *name,
++			const void *value,
++			size_t size,
++			int flags)
++{
++#if defined(HAVE_EXTATTR_SET_FILE)
++	extattr_attr attr;
++	ssize_t res;
++
++	if(!freebsd_map_xattr(name, &attr)) {
++		errno = EINVAL;
++		return -1;
++	}
++
++	/* Filter out 'secure' entries */
++	if(!is_secure && geteuid() != 0 && attr.data.flags > EXTATTR_USER) {
++		errno = ENOATTR;
++		return -1;
++	}
++
++	if (flags) {
++		extattr_arg arg = { FILE, .param.path = smb_fname->base_name };
++		/* Check attribute existence */
++		res = extattr_size(arg, &attr);
++		if (res < 0) {
++			/* REPLACE attribute, that doesn't exist */
++			if ((flags & XATTR_REPLACE) && errno == ENOATTR) {
++				errno = ENOATTR;
++				return -1;
++			}
++			/* Ignore other errors */
++		}
++		else {
++			/* CREATE attribute, that already exists */
++			if (flags & XATTR_CREATE) {
++				errno = EEXIST;
++				return -1;
++			}
++		}
++	}
++	res = extattr_set_file(smb_fname->base_name, attr.namespace, attr.name, value, size);
++
++	return (res >= 0) ? 0 : -1;
++#else
++	errno = ENOSYS;
++	return -1;
++#endif
++}
++
++
++static int freebsd_fsetxattr(vfs_handle_struct *handle, struct files_struct *fsp,
++			  const char *name, const void *value, size_t size,
++			  int flags)
++{
++#if defined(HAVE_EXTATTR_SET_FD)
++	extattr_attr attr;
++	ssize_t res;
++
++	if(!freebsd_map_xattr(name, &attr)) {
++		errno = EINVAL;
++		return -1;
++	}
++
++	/* Filter out 'secure' entries */
++	if(!is_secure && geteuid() != 0 && attr.data.flags > EXTATTR_USER) {
++		errno = ENOATTR;
++		return -1;
++	}
++
++	if (flags) {
++		extattr_arg arg = { FDES, .param.filedes = fsp->fh->fd };
++		/* Check attribute existence */
++		res = extattr_size(arg, &attr);
++		if (res < 0) {
++			/* REPLACE attribute, that doesn't exist */
++			if ((flags & XATTR_REPLACE) && errno == ENOATTR) {
++				errno = ENOATTR;
++				return -1;
++			}
++			/* Ignore other errors */
++		}
++		else {
++			/* CREATE attribute, that already exists */
++			if (flags & XATTR_CREATE) {
++				errno = EEXIST;
++				return -1;
++			}
++		}
++	}
++
++	res = extattr_set_fd(fsp->fh->fd, attr.namespace, attr.name, value, size);
++
++	return (res >= 0) ? 0 : -1;
++#else
++	errno = ENOSYS;
++	return -1;
++#endif
++}
++
++
++
++

*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201803250034.w2P0YS7M071019>