Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 8 Jun 2018 01:09:10 +0000 (UTC)
From:      "Timur I. Bakeyev" <timur@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r471963 - in head/net/samba48: . files
Message-ID:  <201806080109.w5819AH8087517@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: timur
Date: Fri Jun  8 01:09:10 2018
New Revision: 471963
URL: https://svnweb.freebsd.org/changeset/ports/471963

Log:
  Update port to 4.8.2 version. That fixes major bug with the AD/DC upgrade from the previous versions:
  
  * After update to 4.8.0 DC failed with "Failed to find our own NTDS Settings objectGUID" (bug #13335).
  * Fix to the vfs_streams_xattr module which was corrupting AFP_AfpInfo attributes.
  * Fix provisioning on the UFS2.
  * Allow access to the .zfs/ hidden directory.
  * Fix logging to the UTMP
  
  Sponsored by:	iXsystems Inc.

Added:
  head/net/samba48/files/0001-bug-13175.patch   (contents, props changed)
  head/net/samba48/files/0001-bug-13427.patch   (contents, props changed)
  head/net/samba48/files/0001-bug-228462.patch   (contents, props changed)
  head/net/samba48/files/patch-dbwrap   (contents, props changed)
  head/net/samba48/files/patch-includes.h   (contents, props changed)
  head/net/samba48/files/patch-libgpo__wscript_build   (contents, props changed)
  head/net/samba48/files/patch-source3__smbd__utmp.c   (contents, props changed)
  head/net/samba48/files/patch-source4__kdc__kdc-service-mit.c   (contents, props changed)
  head/net/samba48/files/patch-vfs_full_audit.c   (contents, props changed)
Deleted:
  head/net/samba48/files/patch-source4__dsdb__samdb__ldb_modules__encrypted_secrets.c
Modified:
  head/net/samba48/Makefile
  head/net/samba48/distinfo
  head/net/samba48/files/0001-Zfs-provision-1.patch
  head/net/samba48/files/patch-source3__wscript
  head/net/samba48/files/patch-source3__wscript_build
  head/net/samba48/files/patch-vfs_freebsd.c
  head/net/samba48/files/patch-vfs_virusfilter
  head/net/samba48/pkg-plist

Modified: head/net/samba48/Makefile
==============================================================================
--- head/net/samba48/Makefile	Fri Jun  8 01:01:08 2018	(r471962)
+++ head/net/samba48/Makefile	Fri Jun  8 01:09:10 2018	(r471963)
@@ -19,10 +19,13 @@ CONFLICTS_INSTALL?=		samba4-4.0.* samba4[1-79]-4.* p5-
 
 EXTRA_PATCHES+=			${PATCHDIR}/0001-Zfs-provision-1.patch:-p1
 EXTRA_PATCHES+=			${PATCHDIR}/0001-Freenas-master-mdns-fixes-22.patch:-p1
+EXTRA_PATCHES+=			${PATCHDIR}/0001-bug-13427.patch:-p1
+EXTRA_PATCHES+=			${PATCHDIR}/0001-bug-13175.patch:-p1
+EXTRA_PATCHES+=			${PATCHDIR}/0001-bug-228462.patch:-p1
 
 SAMBA4_BASENAME=		samba
 SAMBA4_PORTNAME=		${SAMBA4_BASENAME}4
-SAMBA4_VERSION=			4.8.0
+SAMBA4_VERSION=			4.8.2
 SAMBA4_DISTNAME=		${SAMBA4_BASENAME}-${SAMBA4_VERSION:S|.p|pre|:S|.r|rc|:S|.t|tp|:S|.a|alpha|}
 
 WRKSRC?=			${WRKDIR}/${DISTNAME}
@@ -86,7 +89,7 @@ OPTIONS_SUB=			yes
 OPTIONS_DEFINE=			AD_DC ADS DEBUG DOCS FAM LDAP \
 				QUOTAS SYSLOG UTMP PROFILE
 # Make those default options
-OPTIONS_DEFAULT:=		${OPTIONS_DEFINE}
+OPTIONS_DEFAULT:=		${OPTIONS_DEFINE} GSSAPI_BUILTIN
 # This shouldn't be default in the release
 OPTIONS_DEFINE+=		DEVELOPER MANDOC
 
@@ -94,12 +97,17 @@ OPTIONS_DEFINE_amd64=		AESNI
 OPTIONS_DEFAULT_amd64=		AESNI
 
 OPTIONS_DEFINE+=		CUPS GPGME NTVFS SPOTLIGHT
+#OPTIONS_DEFINE+=		MEMORY_DEBUG
 
+OPTIONS_SINGLE=			GSSAPI
+# GSSAPI_HEIMDAL
+OPTIONS_SINGLE_GSSAPI=		GSSAPI_BUILTIN GSSAPI_MIT
+
 OPTIONS_RADIO=			DNS ZEROCONF
 OPTIONS_RADIO_DNS=		NSUPDATE BIND99 BIND910 BIND911
 OPTIONS_RADIO_ZEROCONF=		MDNSRESPONDER AVAHI
 ##############################################################################
-AD_DC_DESC=			Active Directory Domain Controller
+AD_DC_DESC=			Active Directory Domain Controller(implies LDAP)
 ADS_DESC=			Active Directory client(implies LDAP)
 AESNI_DESC=			Accelerated AES crypto functions(amd64 only)
 CLUSTER_DESC=			Clustering
@@ -111,12 +119,15 @@ LDAP_DESC=			LDAP client
 LIBZFS_DESC=			LibZFS
 SPOTLIGHT_DESC=			Spotlight
 MANDOC_DESC=			Build manpages from DOCBOOK templates
+MEMORY_DEBUG_DESC=		Debug memory allocation
 NTVFS_DESC=			Build *DEPRECATED* NTVFS file server
 PICKY_DEVELOPER_DESC=		Treat compiler warnings as errors(implies DEVELOPER)
 PROFILE_DESC=			Profiling data
 QUOTAS_DESC=			Disk quota
 UTMP_DESC=			UTMP accounting
 
+GSSAPI_BUILTIN_DESC=		GSSAPI support via bundled Heimdal
+
 BIND99_DESC=			Use Bind 9.9 as AD DC DNS server frontend
 BIND910_DESC=			Use Bind 9.10 as AD DC DNS server frontend
 BIND911_DESC=			Use Bind 9.11 as AD DC DNS server frontend
@@ -171,8 +182,8 @@ PLIST_SUB+=			SAMBA4_BUNDLED_TALLOC=""
 SUB_LIST+=			SAMBA4_BUNDLED_TALLOC=""
 .else
 SAMBA4_BUNDLED_LIBS+=		!talloc
-BUILD_DEPENDS+=			talloc>=2.1.11:devel/talloc
-RUN_DEPENDS+=			talloc>=2.1.11:devel/talloc
+BUILD_DEPENDS+=			talloc>=2.1.13:devel/talloc
+RUN_DEPENDS+=			talloc>=2.1.13:devel/talloc
 PLIST_SUB+=			SAMBA4_BUNDLED_TALLOC="@comment "
 SUB_LIST+=			SAMBA4_BUNDLED_TALLOC="@comment "
 .endif
@@ -211,8 +222,8 @@ PLIST_SUB+=			SAMBA4_BUNDLED_LDB=""
 SUB_LIST+=			SAMBA4_BUNDLED_LDB=""
 .else
 .       if ${SAMBA4_LDB} == 13
-BUILD_DEPENDS+=			ldb13>=1.3.2:databases/ldb13
-RUN_DEPENDS+=			ldb13>=1.3.2:databases/ldb13
+BUILD_DEPENDS+=			ldb13>=1.3.3:databases/ldb13
+RUN_DEPENDS+=			ldb13>=1.3.3:databases/ldb13
 .       elif ${SAMBA4_LDB} == 12
 BUILD_DEPENDS+=			ldb12>=1.2.3:databases/ldb12
 RUN_DEPENDS+=			ldb12>=1.2.3:databases/ldb12
@@ -256,7 +267,6 @@ CONFIGURE_ARGS+=		\
 				--with-sendfile-support \
 				--disable-ctdb-tests \
 				${ICONV_CONFIGURE_BASE}
-
 ##############################################################################
 BIND99_RUN_DEPENDS=		bind99>=9.9.0.0:dns/bind99
 BIND910_RUN_DEPENDS=		bind910>=9.10.0.0:dns/bind910
@@ -272,6 +282,10 @@ MDNSRESPONDER_LIB_DEPENDS=	libdns_sd.so:net/mDNSRespon
 DEBUG_CONFIGURE_ON=		--verbose --enable-debug
 DEBUG_MAKE_ARGS=		--verbose
 DEBUG_FLAGS=			-g -ggdb3 -O0
+
+MEMORY_DEBUG_IMPLIES=		DEBUG
+MEMORY_DEBUG_CONFIGURE_ENV=	ADDITIONAL_CFLAGS="-DENABLE_JEMALLOC `pkg-config --cflags jemalloc`" ADDITIONAL_LDFLAGS="`pkg-config --libs jemalloc`"
+MEMORY_DEBUG_LIB_DEPENDS=	libjemalloc.so.2:devel/jemalloc
 # https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=194046
 GDB_CMD?=			${LOCALBASE}/bin/gdb
 # https://bugzilla.samba.org/show_bug.cgi?id=8969
@@ -328,6 +342,10 @@ LDAP_CONFIGURE_ON=		--with-openldap=${LOCALBASE}
 LDAP_USE=			OPENLDAP=yes
 LDAP_VARS=			SAMBA4_MODULES+=idmap_ldap
 
+GSSAPI_MIT_CONFIGURE_ON=	--with-system-mitkrb5 ${GSSAPIBASEDIR} \
+				--with-system-mitkdc=${GSSAPIBASEDIR}/sbin/krb5kdc
+GSSAPI_MIT_USES=		gssapi:mit
+
 LIBZFS_CONFIGURE_WITH=		libzfs
 LIBZFS_VARS=			SAMBA4_MODULES+=vfs_zfs_space
 
@@ -459,6 +477,10 @@ PLIST_FILES+=			lib/samba4/private/libaesni-intel-samb
 .else
 CONFIGURE_ARGS+=		--accel-aes=none
 .endif
+
+.if ${PORT_OPTIONS:MAD_DC} && ${PORT_OPTIONS:MGSSAPI_MIT}
+PLIST_FILES+=			lib/samba4/krb5/plugins/kdb/samba.so
+.endif
 # for libexecinfo: (so that __builtin_frame_address() finds the top of the stack)
 CFLAGS_amd64+=			-fno-omit-frame-pointer
 # No fancy color error messages
@@ -508,6 +530,12 @@ post-patch:
 
 # Use threading (or multiprocessing) but not thread (renamed in python 3+).
 pre-configure:
+.if ! ${PORT_OPTIONS:MAD_DC} && ${PORT_OPTIONS:MNTVFS}
+				@${ECHO_CMD}; \
+				${ECHO_MSG} "===>  NTVFS option requires AD_DC to be set"; \
+				${ECHO_CMD}; \
+				${FALSE}
+.endif
 				@if ! ${PYTHON_CMD} -c "import multiprocessing;" 2>/dev/null; then \
 					${ECHO_CMD}; \
 					${ECHO_MSG} "===>  ${PKGNAME} "${IGNORE_NONTHREAD_PYTHON:Q}.; \

Modified: head/net/samba48/distinfo
==============================================================================
--- head/net/samba48/distinfo	Fri Jun  8 01:01:08 2018	(r471962)
+++ head/net/samba48/distinfo	Fri Jun  8 01:09:10 2018	(r471963)
@@ -1,3 +1,3 @@
-TIMESTAMP = 1520983130
-SHA256 (samba-4.8.0.tar.gz) = 87d9b585dbd8628e79aabb6e621a94bd20a072a00762e78e0899fad22fc18fb7
-SIZE (samba-4.8.0.tar.gz) = 17659751
+TIMESTAMP = 1526478569
+SHA256 (samba-4.8.2.tar.gz) = 62e552296d49e6ab44bb87d120a288813fa52e42435d53a1f71b77596512bf22
+SIZE (samba-4.8.2.tar.gz) = 17675145

Modified: head/net/samba48/files/0001-Zfs-provision-1.patch
==============================================================================
--- head/net/samba48/files/0001-Zfs-provision-1.patch	Fri Jun  8 01:01:08 2018	(r471962)
+++ head/net/samba48/files/0001-Zfs-provision-1.patch	Fri Jun  8 01:09:10 2018	(r471963)
@@ -26,16 +26,15 @@ diff --git a/python/samba/provision/__init__.py b/pyth
 index 5de986463a5..cd3b91f41b9 100644
 --- a/python/samba/provision/__init__.py
 +++ b/python/samba/provision/__init__.py
-@@ -1556,19 +1556,25 @@ def setsysvolacl(samdb, netlogon, sysvol, uid, gid, domainsid, dnsdomain,
+@@ -1556,19 +1556,24 @@ def setsysvolacl(samdb, netlogon, sysvol, uid, gid, domainsid, dnsdomain,
          s3conf = s3param.get_context()
          s3conf.load(lp.configfile)
  
 -        file = tempfile.NamedTemporaryFile(dir=os.path.abspath(sysvol))
 +        sysvol_dir = os.path.abspath(sysvol)
 +
-+        if smbd.has_posix_acls(sysvol_dir):
-+            set_simple_acl = smbd.set_simple_acl
-+        elif smbd.has_nfsv4_acls(sysvol_dir):
++        set_simple_acl = smbd.set_simple_acl
++        if smbd.has_nfsv4_acls(sysvol_dir):
 +            set_simple_acl = smbd.set_simple_nfsv4_acl
 +
 +        file = tempfile.NamedTemporaryFile(dir=sysvol_dir)

Added: head/net/samba48/files/0001-bug-13175.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/net/samba48/files/0001-bug-13175.patch	Fri Jun  8 01:09:10 2018	(r471963)
@@ -0,0 +1,143 @@
+From 60bdced298831b2750ce785e01891e4aeb79f0dc Mon Sep 17 00:00:00 2001
+From: Ralph Boehme <slow@samba.org>
+Date: Fri, 18 May 2018 13:14:57 +0200
+Subject: [PATCH 1/2] s3:smbd: make psbuf arg to make_default_acl_posix() const
+
+Bug: https://bugzilla.samba.org/show_bug.cgi?id=13175
+
+Signed-off-by: Ralph Boehme <slow@samba.org>
+---
+ source3/smbd/posix_acls.c | 8 ++++----
+ source3/smbd/proto.h      | 2 +-
+ 2 files changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
+index 8d42535d877..6396f818176 100644
+--- a/source3/smbd/posix_acls.c
++++ b/source3/smbd/posix_acls.c
+@@ -4779,7 +4779,7 @@ int posix_sys_acl_blob_get_fd(vfs_handle_struct *handle,
+ 
+ static NTSTATUS make_default_acl_posix(TALLOC_CTX *ctx,
+ 				       const char *name,
+-				       SMB_STRUCT_STAT *psbuf,
++				       const SMB_STRUCT_STAT *psbuf,
+ 				       struct security_descriptor **ppdesc)
+ {
+ 	struct dom_sid owner_sid, group_sid;
+@@ -4886,7 +4886,7 @@ static NTSTATUS make_default_acl_posix(TALLOC_CTX *ctx,
+ 
+ static NTSTATUS make_default_acl_windows(TALLOC_CTX *ctx,
+ 					 const char *name,
+-					 SMB_STRUCT_STAT *psbuf,
++					 const SMB_STRUCT_STAT *psbuf,
+ 					 struct security_descriptor **ppdesc)
+ {
+ 	struct dom_sid owner_sid, group_sid;
+@@ -4958,7 +4958,7 @@ static NTSTATUS make_default_acl_windows(TALLOC_CTX *ctx,
+ 
+ static NTSTATUS make_default_acl_everyone(TALLOC_CTX *ctx,
+ 					  const char *name,
+-					  SMB_STRUCT_STAT *psbuf,
++					  const SMB_STRUCT_STAT *psbuf,
+ 					  struct security_descriptor **ppdesc)
+ {
+ 	struct dom_sid owner_sid, group_sid;
+@@ -5022,7 +5022,7 @@ NTSTATUS make_default_filesystem_acl(
+ 	TALLOC_CTX *ctx,
+ 	enum default_acl_style acl_style,
+ 	const char *name,
+-	SMB_STRUCT_STAT *psbuf,
++	const SMB_STRUCT_STAT *psbuf,
+ 	struct security_descriptor **ppdesc)
+ {
+ 	NTSTATUS status;
+diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h
+index bee7acadeea..262338d81e4 100644
+--- a/source3/smbd/proto.h
++++ b/source3/smbd/proto.h
+@@ -819,7 +819,7 @@ NTSTATUS make_default_filesystem_acl(
+ 	TALLOC_CTX *ctx,
+ 	enum default_acl_style acl_style,
+ 	const char *name,
+-	SMB_STRUCT_STAT *psbuf,
++	const SMB_STRUCT_STAT *psbuf,
+ 	struct security_descriptor **ppdesc);
+ 
+ /* The following definitions come from smbd/process.c  */
+-- 
+2.13.6
+
+
+From 0918370e20156e4a21a0c244b963b672ed6b46b1 Mon Sep 17 00:00:00 2001
+From: Ralph Boehme <slow@samba.org>
+Date: Tue, 5 Dec 2017 08:28:28 +0100
+Subject: [PATCH 2/2] vfs_zfsacl: return synthesized ACL when ZFS return
+ ENOTSUP
+
+This allows accessing the ZFS .snapshots directory where ZFS returns
+ENOTSUP when calling acl(".snapshots").
+
+Bug: https://bugzilla.samba.org/show_bug.cgi?id=13175
+
+Signed-off-by: Ralph Boehme <slow@samba.org>
+---
+ source3/modules/vfs_zfsacl.c | 36 ++++++++++++++++++++++++++++++++++--
+ 1 file changed, 34 insertions(+), 2 deletions(-)
+
+diff --git a/source3/modules/vfs_zfsacl.c b/source3/modules/vfs_zfsacl.c
+index 0bc4ba6604f..43e41f95c1a 100644
+--- a/source3/modules/vfs_zfsacl.c
++++ b/source3/modules/vfs_zfsacl.c
+@@ -238,7 +238,20 @@ static NTSTATUS zfsacl_fget_nt_acl(struct vfs_handle_struct *handle,
+ 				       fsp->fsp_name, &pacl);
+ 	if (!NT_STATUS_IS_OK(status)) {
+ 		TALLOC_FREE(frame);
+-		return status;
++		if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) {
++			return status;
++		}
++
++		status = make_default_filesystem_acl(mem_ctx,
++						     DEFAULT_ACL_POSIX,
++						     fsp->fsp_name->base_name,
++						     &fsp->fsp_name->st,
++						     ppdesc);
++		if (!NT_STATUS_IS_OK(status)) {
++			return status;
++		}
++		(*ppdesc)->type |= SEC_DESC_DACL_PROTECTED;
++		return NT_STATUS_OK;
+ 	}
+ 
+ 	status = smb_fget_nt_acl_nfs4(fsp, NULL, security_info, mem_ctx,
+@@ -260,7 +273,26 @@ static NTSTATUS zfsacl_get_nt_acl(struct vfs_handle_struct *handle,
+ 	status = zfs_get_nt_acl_common(handle->conn, frame, smb_fname, &pacl);
+ 	if (!NT_STATUS_IS_OK(status)) {
+ 		TALLOC_FREE(frame);
+-		return status;
++		if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) {
++			return status;
++		}
++
++		if (!VALID_STAT(smb_fname->st)) {
++			DBG_ERR("No stat info for [%s]\n",
++				smb_fname_str_dbg(smb_fname));
++			return NT_STATUS_INTERNAL_ERROR;
++		}
++
++		status = make_default_filesystem_acl(mem_ctx,
++						     DEFAULT_ACL_POSIX,
++						     smb_fname->base_name,
++						     &smb_fname->st,
++						     ppdesc);
++		if (!NT_STATUS_IS_OK(status)) {
++			return status;
++		}
++		(*ppdesc)->type |= SEC_DESC_DACL_PROTECTED;
++		return NT_STATUS_OK;
+ 	}
+ 
+ 	status = smb_get_nt_acl_nfs4(handle->conn,
+-- 
+2.13.6
+

Added: head/net/samba48/files/0001-bug-13427.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/net/samba48/files/0001-bug-13427.patch	Fri Jun  8 01:09:10 2018	(r471963)
@@ -0,0 +1,213 @@
+From 31e168958987826ab7cce61b854daf2a8f3f2adb Mon Sep 17 00:00:00 2001
+From: Stefan Metzmacher <metze@samba.org>
+Date: Wed, 9 May 2018 13:30:13 +0200
+Subject: [PATCH 1/3] auth/ntlmssp: add ntlmssp_client:ldap_style_send_seal
+ option
+
+This will be used to similate a Windows client only
+using NTLMSSP_NEGOTIATE_SIGN without NTLMSSP_NEGOTIATE_SEAL
+on an LDAP connection, which is indicated internally by
+GENSEC_FEATURE_LDAP_STYLE.
+
+Bug: https://bugzilla.samba.org/show_bug.cgi?id=13427
+
+Signed-off-by: Stefan Metzmacher <metze@samba.org>
+Reviewed-by: Andrew Bartlett <abartlet@samba.org>
+(cherry picked from commit 7f2bebf09cd8056b3f901dd9ff1fc9e9525f3e9d)
+---
+ auth/ntlmssp/ntlmssp_client.c | 24 +++++++++++++++++-------
+ 1 file changed, 17 insertions(+), 7 deletions(-)
+
+diff --git a/auth/ntlmssp/ntlmssp_client.c b/auth/ntlmssp/ntlmssp_client.c
+index db2003f0d6b..54fda41b534 100644
+--- a/auth/ntlmssp/ntlmssp_client.c
++++ b/auth/ntlmssp/ntlmssp_client.c
+@@ -865,13 +865,23 @@ NTSTATUS gensec_ntlmssp_client_start(struct gensec_security *gensec_security)
+ 			 * is requested.
+ 			 */
+ 			ntlmssp_state->force_wrap_seal = true;
+-			/*
+-			 * We want also work against old Samba servers
+-			 * which didn't had GENSEC_FEATURE_LDAP_STYLE
+-			 * we negotiate SEAL too. We may remove this
+-			 * in a few years. As all servers should have
+-			 * GENSEC_FEATURE_LDAP_STYLE by then.
+-			 */
++		}
++	}
++	if (ntlmssp_state->force_wrap_seal) {
++		bool ret;
++
++		/*
++		 * We want also work against old Samba servers
++		 * which didn't had GENSEC_FEATURE_LDAP_STYLE
++		 * we negotiate SEAL too. We may remove this
++		 * in a few years. As all servers should have
++		 * GENSEC_FEATURE_LDAP_STYLE by then.
++		 */
++		ret = gensec_setting_bool(gensec_security->settings,
++					  "ntlmssp_client",
++					  "ldap_style_send_seal",
++					  true);
++		if (ret) {
+ 			ntlmssp_state->required_flags |= NTLMSSP_NEGOTIATE_SEAL;
+ 		}
+ 	}
+-- 
+2.14.3
+
+
+From 1734791570ff0eb57a04fef779a093c20c83ed9d Mon Sep 17 00:00:00 2001
+From: Stefan Metzmacher <metze@samba.org>
+Date: Wed, 9 May 2018 13:33:05 +0200
+Subject: [PATCH 2/3] s4:selftest: run test_ldb_simple.sh with more auth
+ options
+
+This demonstrates the broken GENSEC_FEATURE_LDAP_STYLE
+handling in our LDAP server.
+
+Bug: https://bugzilla.samba.org/show_bug.cgi?id=13427
+
+Signed-off-by: Stefan Metzmacher <metze@samba.org>
+Reviewed-by: Andrew Bartlett <abartlet@samba.org>
+(cherry picked from commit fc1c5bd3be2c3f90eab2f31e43cf053f7ff13782)
+---
+ selftest/knownfail.d/ntlmssp_ldap_style_send_seal | 1 +
+ source4/selftest/tests.py                         | 7 +++++++
+ 2 files changed, 8 insertions(+)
+ create mode 100644 selftest/knownfail.d/ntlmssp_ldap_style_send_seal
+
+diff --git a/selftest/knownfail.d/ntlmssp_ldap_style_send_seal b/selftest/knownfail.d/ntlmssp_ldap_style_send_seal
+new file mode 100644
+index 00000000000..0cd7cc2ea39
+--- /dev/null
++++ b/selftest/knownfail.d/ntlmssp_ldap_style_send_seal
+@@ -0,0 +1 @@
++^samba4.ldb.simple.ldap.*ldap_style_send_seal=no
+diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py
+index 621a61347bc..226617f3b6a 100755
+--- a/source4/selftest/tests.py
++++ b/source4/selftest/tests.py
+@@ -116,6 +116,13 @@ for env in ["ad_dc_ntvfs", "fl2008r2dc", "fl2003dc"]:
+         '--option=clientldapsaslwrapping=plain',
+         '--sign',
+         '--encrypt',
++        '-k yes --option=clientldapsaslwrapping=plain',
++        '-k yes --sign',
++        '-k yes --encrypt',
++        '-k no --option=clientldapsaslwrapping=plain',
++        '-k no --sign --option=ntlmssp_client:ldap_style_send_seal=no',
++        '-k no --sign',
++        '-k no --encrypt',
+     ]
+ 
+     for auth_option in auth_options:
+-- 
+2.14.3
+
+
+From 4b612bcfb938a49b2725e913a95004bd9fa6c3c3 Mon Sep 17 00:00:00 2001
+From: Stefan Metzmacher <metze@samba.org>
+Date: Mon, 7 May 2018 14:50:27 +0200
+Subject: [PATCH 3/3] auth/ntlmssp: fix handling of GENSEC_FEATURE_LDAP_STYLE
+ as a server
+
+This fixes "NTLMSSP NTLM2 packet check failed due to invalid signature!"
+error messages, which were generated if the client only sends
+NTLMSSP_NEGOTIATE_SIGN without NTLMSSP_NEGOTIATE_SEAL on an LDAP
+connection.
+
+This fixes a regession in the combination of commits
+77adac8c3cd2f7419894d18db735782c9646a202 and
+3a0b835408a6efa339e8b34333906bfe3aacd6e3.
+
+We need to evaluate GENSEC_FEATURE_LDAP_STYLE at the end
+of the authentication (as a server, while we already
+do so at the beginning as a client).
+
+As a reminder I introduced GENSEC_FEATURE_LDAP_STYLE
+(as an internal flag) in order to let us work as a
+Windows using NTLMSSP for LDAP. Even if only signing is
+negotiated during the authentication the following PDUs
+will still be encrypted if NTLMSSP is used. This is exactly the
+same as if the client would have negotiated NTLMSSP_NEGOTIATE_SEAL.
+I guess it's a bug in Windows, but we have to reimplement that
+bug. Note this only applies to NTLMSSP and only to LDAP!
+Signing only works fine for LDAP with Kerberos
+or DCERPC and NTLMSSP.
+
+Bug: https://bugzilla.samba.org/show_bug.cgi?id=13427
+
+Signed-off-by: Stefan Metzmacher <metze@samba.org>
+Reviewed-by: Andrew Bartlett <abartlet@samba.org>
+
+Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
+Autobuild-Date(master): Wed May 16 03:26:03 CEST 2018 on sn-devel-144
+
+(cherry picked from commit c7a3ce95ac4ce837d8fde36578b3b1f56c3ac2fa)
+---
+ auth/ntlmssp/gensec_ntlmssp_server.c              | 19 -------------------
+ auth/ntlmssp/ntlmssp_server.c                     |  8 ++++++++
+ selftest/knownfail.d/ntlmssp_ldap_style_send_seal |  1 -
+ 3 files changed, 8 insertions(+), 20 deletions(-)
+ delete mode 100644 selftest/knownfail.d/ntlmssp_ldap_style_send_seal
+
+diff --git a/auth/ntlmssp/gensec_ntlmssp_server.c b/auth/ntlmssp/gensec_ntlmssp_server.c
+index c0e6cff5952..ab92f4d0c09 100644
+--- a/auth/ntlmssp/gensec_ntlmssp_server.c
++++ b/auth/ntlmssp/gensec_ntlmssp_server.c
+@@ -179,25 +179,6 @@ NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_security)
+ 	ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
+ 	ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL;
+ 
+-	if (gensec_security->want_features & GENSEC_FEATURE_SESSION_KEY) {
+-		ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
+-	}
+-	if (gensec_security->want_features & GENSEC_FEATURE_SIGN) {
+-		ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
+-
+-		if (gensec_security->want_features & GENSEC_FEATURE_LDAP_STYLE) {
+-			/*
+-			 * We need to handle NTLMSSP_NEGOTIATE_SIGN as
+-			 * NTLMSSP_NEGOTIATE_SEAL if GENSEC_FEATURE_LDAP_STYLE
+-			 * is requested.
+-			 */
+-			ntlmssp_state->force_wrap_seal = true;
+-		}
+-	}
+-	if (gensec_security->want_features & GENSEC_FEATURE_SEAL) {
+-		ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
+-		ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL;
+-	}
+ 
+ 	if (role == ROLE_STANDALONE) {
+ 		ntlmssp_state->server.is_standalone = true;
+diff --git a/auth/ntlmssp/ntlmssp_server.c b/auth/ntlmssp/ntlmssp_server.c
+index 37ed2bc9565..140e89daeb1 100644
+--- a/auth/ntlmssp/ntlmssp_server.c
++++ b/auth/ntlmssp/ntlmssp_server.c
+@@ -1080,6 +1080,14 @@ static NTSTATUS ntlmssp_server_postauth(struct gensec_security *gensec_security,
+ 	data_blob_free(&ntlmssp_state->challenge_blob);
+ 
+ 	if (gensec_ntlmssp_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) {
++		if (gensec_security->want_features & GENSEC_FEATURE_LDAP_STYLE) {
++			/*
++			 * We need to handle NTLMSSP_NEGOTIATE_SIGN as
++			 * NTLMSSP_NEGOTIATE_SEAL if GENSEC_FEATURE_LDAP_STYLE
++			 * is requested.
++			 */
++			ntlmssp_state->force_wrap_seal = true;
++		}
+ 		nt_status = ntlmssp_sign_init(ntlmssp_state);
+ 	}
+ 
+diff --git a/selftest/knownfail.d/ntlmssp_ldap_style_send_seal b/selftest/knownfail.d/ntlmssp_ldap_style_send_seal
+deleted file mode 100644
+index 0cd7cc2ea39..00000000000
+--- a/selftest/knownfail.d/ntlmssp_ldap_style_send_seal
++++ /dev/null
+@@ -1 +0,0 @@
+-^samba4.ldb.simple.ldap.*ldap_style_send_seal=no
+-- 
+2.14.3
+

Added: head/net/samba48/files/0001-bug-228462.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/net/samba48/files/0001-bug-228462.patch	Fri Jun  8 01:09:10 2018	(r471963)
@@ -0,0 +1,146 @@
+From d9b748869a8f4018ebee302aae8246bf29f60309 Mon Sep 17 00:00:00 2001
+From: "Timur I. Bakeyev" <timur@iXsystems.com>
+Date: Fri, 1 Jun 2018 01:35:08 +0800
+Subject: [PATCH 1/2] vfs_fruit: allow broken AFP_Signature where the first
+ byte is 0
+
+FreeBSD bug ... caused the first byte of the AFP_AfpInfo xattr to be 0
+instead of 'A'. This hack allows such broken AFP_AfpInfo blobs to be
+parsed by afpinfo_unpack().
+
+FreeBSD Bug: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=228462
+
+Signed-off-by: Ralph Boehme <slow@samba.org>
+---
+ source3/modules/vfs_fruit.c | 32 ++++++++++++++++++++++++--------
+ 1 file changed, 24 insertions(+), 8 deletions(-)
+
+diff --git a/source3/modules/vfs_fruit.c b/source3/modules/vfs_fruit.c
+index df3cd0c899e..d84e6991036 100644
+--- a/source3/modules/vfs_fruit.c
++++ b/source3/modules/vfs_fruit.c
+@@ -485,8 +485,9 @@ static int adouble_path(TALLOC_CTX *ctx,
+ 			struct smb_filename **ppsmb_fname_out);
+ static AfpInfo *afpinfo_new(TALLOC_CTX *ctx);
+ static ssize_t afpinfo_pack(const AfpInfo *ai, char *buf);
+-static AfpInfo *afpinfo_unpack(TALLOC_CTX *ctx, const void *data);
+-
++static AfpInfo *afpinfo_unpack(TALLOC_CTX *ctx,
++			       const void *data,
++			       const struct smb_filename *smb_fname);
+ 
+ /**
+  * Return a pointer to an AppleDouble entry
+@@ -2073,13 +2074,17 @@ static ssize_t afpinfo_pack(const AfpInfo *ai, char *buf)
+ 	return AFP_INFO_SIZE;
+ }
+ 
++#define BROKEN_FREEBSD_AFP_Signature 0x00465000
++
+ /**
+  * Unpack a buffer into a AfpInfo structure
+  *
+  * Buffer size must be at least AFP_INFO_SIZE
+  * Returns allocated AfpInfo struct
+  **/
+-static AfpInfo *afpinfo_unpack(TALLOC_CTX *ctx, const void *data)
++static AfpInfo *afpinfo_unpack(TALLOC_CTX *ctx,
++			       const void *data,
++			       const struct smb_filename *smb_fname)
+ {
+ 	AfpInfo *ai = talloc_zero(ctx, AfpInfo);
+ 	if (ai == NULL) {
+@@ -2092,10 +2097,21 @@ static AfpInfo *afpinfo_unpack(TALLOC_CTX *ctx, const void *data)
+ 	memcpy(ai->afpi_FinderInfo, (const char *)data + 16,
+ 	       sizeof(ai->afpi_FinderInfo));
+ 
+-	if (ai->afpi_Signature != AFP_Signature
+-	    || ai->afpi_Version != AFP_Version) {
+-		DEBUG(1, ("Bad AfpInfo signature or version\n"));
++	if (ai->afpi_Signature != AFP_Signature) {
++		DBG_WARNING("Bad signature [%x] on [%s]\n",
++			    ai->afpi_Signature, smb_fname_str_dbg(smb_fname));
++
++		if (ai->afpi_Signature != BROKEN_FREEBSD_AFP_Signature) {
++			DBG_ERR("Bad AfpInfo signature\n");
++			TALLOC_FREE(ai);
++			return NULL;
++		}
++	}
++
++	if (ai->afpi_Version != AFP_Version) {
++		DBG_ERR("Bad AfpInfo version\n");
+ 		TALLOC_FREE(ai);
++		return NULL;
+ 	}
+ 
+ 	return ai;
+@@ -4222,7 +4238,7 @@ static ssize_t fruit_pwrite_meta_stream(vfs_handle_struct *handle,
+ 	size_t nwritten;
+ 	bool ok;
+ 
+-	ai = afpinfo_unpack(talloc_tos(), data);
++	ai = afpinfo_unpack(talloc_tos(), data, fsp->fsp_name);
+ 	if (ai == NULL) {
+ 		return -1;
+ 	}
+@@ -4260,7 +4276,7 @@ static ssize_t fruit_pwrite_meta_netatalk(vfs_handle_struct *handle,
+ 	int ret;
+ 	bool ok;
+ 
+-	ai = afpinfo_unpack(talloc_tos(), data);
++	ai = afpinfo_unpack(talloc_tos(), data, fsp->fsp_name);
+ 	if (ai == NULL) {
+ 		return -1;
+ 	}
+-- 
+2.16.3
+
+
+From 83ce03a278ec9d15b595f4daf8da1641d27ebdd6 Mon Sep 17 00:00:00 2001
+From: "Timur I. Bakeyev" <timur@iXsystems.com>
+Date: Fri, 1 Jun 2018 01:35:58 +0800
+Subject: [PATCH 2/2] vfs_streams_xattr: don't append 0 byte when creating
+ xattr
+
+Upstream Samba always appends an internal 0-byte to xattrs to cope
+with filesytems or systems that don't support 0-byte sized xattrs.
+
+An older patch already remove this behaviour from the read and write
+code paths, but didn't remove it from the create codepath.
+
+FreeBSD Bug: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=228462
+
+Signed-off-by: Ralph Boehme <slow@samba.org>
+---
+ source3/modules/vfs_streams_xattr.c | 8 +-------
+ 1 file changed, 1 insertion(+), 7 deletions(-)
+
+diff --git a/source3/modules/vfs_streams_xattr.c b/source3/modules/vfs_streams_xattr.c
+index 8714007cb8d..5f3dfb30beb 100644
+--- a/source3/modules/vfs_streams_xattr.c
++++ b/source3/modules/vfs_streams_xattr.c
+@@ -476,19 +476,13 @@ static int streams_xattr_open(vfs_handle_struct *handle,
+ 		/*
+ 		 * The attribute does not exist or needs to be truncated
+ 		 */
+-
+-		/*
+-		 * Darn, xattrs need at least 1 byte
+-		 */
+-		char null = '\0';
+-
+ 		DEBUG(10, ("creating or truncating attribute %s on file %s\n",
+ 			   xattr_name, smb_fname->base_name));
+ 
+ 		ret = SMB_VFS_SETXATTR(fsp->conn,
+ 				       smb_fname,
+ 				       xattr_name,
+-				       &null, sizeof(null),
++				       NULL, 0,
+ 				       flags & O_EXCL ? XATTR_CREATE : 0);
+ 		if (ret != 0) {
+ 			goto fail;
+-- 
+2.16.3
+

Added: head/net/samba48/files/patch-dbwrap
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/net/samba48/files/patch-dbwrap	Fri Jun  8 01:09:10 2018	(r471963)
@@ -0,0 +1,96 @@
+--- lib/dbwrap/dbwrap.c.orig	2018-01-17 10:08:39 UTC
++++ lib/dbwrap/dbwrap.c
+@@ -28,6 +28,9 @@
+ #include "lib/util/util_tdb.h"
+ #include "lib/util/tevent_ntstatus.h"
+ 
++#undef DBGC_CLASS
++#define DBGC_CLASS DBGC_LOCKING
++
+ /*
+  * Fall back using fetch if no genuine exists operation is provided
+  */
+--- lib/dbwrap/dbwrap_local_open.c.orig	2018-01-14 21:41:58.000000000 +0100
++++ lib/dbwrap/dbwrap_local_open.c	2018-03-29 23:49:51.888588000 +0200
+@@ -24,6 +24,9 @@
+ #include "tdb.h"
+ #include "lib/param/param.h"
+ 
++#undef DBGC_CLASS
++#define DBGC_CLASS DBGC_LOCKING
++
+ struct db_context *dbwrap_local_open(TALLOC_CTX *mem_ctx,
+ 				     struct loadparm_context *lp_ctx,
+ 				     const char *name,
+--- lib/dbwrap/dbwrap_rbt.c.orig	2018-01-17 09:08:39.000000000 +0100
++++ lib/dbwrap/dbwrap_rbt.c	2018-03-29 23:50:13.427755000 +0200
+@@ -24,6 +24,9 @@
+ #include "../lib/util/rbtree.h"
+ #include "../lib/util/dlinklist.h"
+ 
++#undef DBGC_CLASS
++#define DBGC_CLASS DBGC_LOCKING
++
+ #define DBWRAP_RBT_ALIGN(_size_) (((_size_)+15)&~15)
+ 
+ struct db_rbt_ctx {
+--- lib/dbwrap/dbwrap_tdb.c.orig	2018-01-17 09:08:39.000000000 +0100
++++ lib/dbwrap/dbwrap_tdb.c	2018-03-29 23:50:40.789642000 +0200
+@@ -27,6 +27,9 @@
+ #include "lib/param/param.h"
+ #include "libcli/util/error.h"
+ 
++#undef DBGC_CLASS
++#define DBGC_CLASS DBGC_LOCKING
++
+ struct db_tdb_ctx {
+ 	struct tdb_wrap *wtdb;
+ 
+--- lib/dbwrap/dbwrap_util.c.orig	2018-01-17 09:08:39.000000000 +0100
++++ lib/dbwrap/dbwrap_util.c	2018-03-29 23:51:35.907061000 +0200
+@@ -26,6 +26,9 @@
+ #include "dbwrap.h"
+ #include "lib/util/util_tdb.h"
+ 
++#undef DBGC_CLASS
++#define DBGC_CLASS DBGC_LOCKING
++
+ struct dbwrap_fetch_int32_state {
+ 	NTSTATUS status;
+ 	int32_t result;
+--- source3/lib/dbwrap/dbwrap_ctdb.c.orig	2018-01-17 09:08:39.000000000 +0100
++++ source3/lib/dbwrap/dbwrap_ctdb.c	2018-03-29 23:57:41.784931000 +0200
+@@ -38,6 +38,9 @@
+ #include "lib/cluster_support.h"
+ #include "lib/util/tevent_ntstatus.h"
+ 
++#undef DBGC_CLASS
++#define DBGC_CLASS DBGC_LOCKING
++
+ struct db_ctdb_transaction_handle {
+ 	struct db_ctdb_ctx *ctx;
+ 	/*
+--- source3/lib/dbwrap/dbwrap_open.c.orig	2018-01-17 09:08:39.000000000 +0100
++++ source3/lib/dbwrap/dbwrap_open.c	2018-03-29 23:57:54.680614000 +0200
+@@ -31,6 +31,9 @@
+ #include "ctdbd_conn.h"
+ #include "messages.h"
+ 
++#undef DBGC_CLASS
++#define DBGC_CLASS DBGC_LOCKING
++
+ bool db_is_local(const char *name)
+ {
+ 	const char *sockname = lp_ctdbd_socket();
+--- source3/lib/dbwrap/dbwrap_watch.c.orig	2018-01-17 09:08:39.000000000 +0100
++++ source3/lib/dbwrap/dbwrap_watch.c	2018-03-29 23:58:09.746298000 +0200
+@@ -28,6 +28,9 @@
+ #include "server_id_watch.h"
+ #include "lib/dbwrap/dbwrap_private.h"
+ 
++#undef DBGC_CLASS
++#define DBGC_CLASS DBGC_LOCKING
++
+ static ssize_t dbwrap_record_watchers_key(struct db_context *db,
+ 					  struct db_record *rec,
+ 					  uint8_t *wkey, size_t wkey_len)

Added: head/net/samba48/files/patch-includes.h
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/net/samba48/files/patch-includes.h	Fri Jun  8 01:09:10 2018	(r471963)
@@ -0,0 +1,11 @@
+--- source3/include/includes.h.orig	2018-04-03 05:23:35 UTC
++++ source3/include/includes.h
+@@ -323,6 +323,8 @@ typedef char fstring[FSTRING_LEN];
+  * the *bottom* of include files so as not to conflict. */
+ #ifdef ENABLE_DMALLOC
+ #  include <dmalloc.h>
++#elif ENABLE_JEMALLOC
++#  include <jemalloc/jemalloc.h>
+ #endif
+ 
+ 

Added: head/net/samba48/files/patch-libgpo__wscript_build
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/net/samba48/files/patch-libgpo__wscript_build	Fri Jun  8 01:09:10 2018	(r471963)
@@ -0,0 +1,9 @@
+--- libgpo/wscript_build.orig	2018-05-22 10:47:26 UTC
++++ libgpo/wscript_build
+@@ -10,4 +10,5 @@ bld.SAMBA3_LIBRARY('gpext',
+ bld.SAMBA3_PYTHON('python_samba_libgpo', 'pygpo.c',
+                  deps='''pyparam_util gpext talloc ads TOKEN_UTIL
+                  auth pyrpc_util''',
+-                 realname='samba/gpo.so')
++                 realname='samba/gpo.so',
++                 enabled=bld.CONFIG_SET('HAVE_LDAP'))

Added: head/net/samba48/files/patch-source3__smbd__utmp.c
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/net/samba48/files/patch-source3__smbd__utmp.c	Fri Jun  8 01:09:10 2018	(r471963)
@@ -0,0 +1,261 @@
+--- source3/smbd/utmp.c.orig	2018-01-15 04:41:58.000000000 +0800
++++ source3/smbd/utmp.c	2018-05-25 14:06:42.746302000 +0800
+@@ -257,7 +257,7 @@ static char *uw_pathname(TALLOC_CTX *ctx
+  Update utmp file directly.  No subroutine interface: probably a BSD system.
+ ****************************************************************************/
+ 
+-static void pututline_my(const char *uname, struct utmp *u, bool claim)
++static void pututline_my(const char *uname, STRUCT_UTMP *u, bool claim)
+ {
+ 	DEBUG(1,("pututline_my: not yet implemented\n"));
+ 	/* BSD implementor: may want to consider (or not) adjusting "lastlog" */
+@@ -271,7 +271,7 @@ static void pututline_my(const char *una
+  Credit: Michail Vidiassov <master@iaas.msu.ru>
+ ****************************************************************************/
+ 
+-static void updwtmp_my(const char *wname, struct utmp *u, bool claim)
++static void updwtmp_my(const char *wname, STRUCT_UTMP *u, bool claim)
+ {
+ 	int fd;
+ 	struct stat buf;
+@@ -303,7 +303,7 @@ static void updwtmp_my(const char *wname
+ 	if ((fd = open(wname, O_WRONLY|O_APPEND, 0)) < 0)
+ 		return;
+ 	if (fstat(fd, &buf) == 0) {
+-		if (write(fd, (char *)u, sizeof(struct utmp)) != sizeof(struct utmp))
++		if (write(fd, (char *)u, sizeof(STRUCT_UTMP)) != sizeof(STRUCT_UTMP))
+ 		(void) ftruncate(fd, buf.st_size);
+ 	}
+ 	(void) close(fd);
+@@ -314,12 +314,12 @@ static void updwtmp_my(const char *wname
+  Update via utmp/wtmp (not utmpx/wtmpx).
+ ****************************************************************************/
+ 
+-static void utmp_nox_update(struct utmp *u, bool claim)
++static void utmp_nox_update(STRUCT_UTMP *u, bool claim)
+ {
+ 	char *uname = NULL;
+ 	char *wname = NULL;
+ #if defined(PUTUTLINE_RETURNS_UTMP)
+-	struct utmp *urc;
++	STRUCT_UTMP *urc;
+ #endif /* PUTUTLINE_RETURNS_UTMP */
+ 
+ 	uname = uw_pathname(talloc_tos(), "utmp", ut_pathname);
+@@ -376,127 +376,52 @@ static void utmp_nox_update(struct utmp 
+ 	}
+ }
+ 
+-/****************************************************************************
+- Copy a string in the utmp structure.
+-****************************************************************************/
+ 
+-static void utmp_strcpy(char *dest, const char *src, size_t n)
+-{
+-	size_t len = 0;
+ 
+-	memset(dest, '\0', n);
+-	if (src)
+-		len = strlen(src);
+-	if (len >= n) {
+-		memcpy(dest, src, n);
+-	} else {
+-		if (len)
+-			memcpy(dest, src, len);
+-	}
+-}
++
+ 
+ /****************************************************************************
+  Update via utmpx/wtmpx (preferred) or via utmp/wtmp.
+ ****************************************************************************/
+ 
+-static void sys_utmp_update(struct utmp *u, const char *hostname, bool claim)
++static void sys_utmp_update(STRUCT_UTMP *u, const char *hostname, bool claim)
+ {
+-#if !defined(HAVE_UTMPX_H)
+-	/* No utmpx stuff.  Drop to non-x stuff */
+-	utmp_nox_update(u, claim);
+-#elif !defined(HAVE_PUTUTXLINE)
+-	/* Odd.  Have utmpx.h but no "pututxline()".  Drop to non-x stuff */
+-	DEBUG(1,("utmp_update: have utmpx.h but no pututxline() function\n"));
+-	utmp_nox_update(u, claim);
+-#elif !defined(HAVE_GETUTMPX)
+-	/* Odd.  Have utmpx.h but no "getutmpx()".  Drop to non-x stuff */
+-	DEBUG(1,("utmp_update: have utmpx.h but no getutmpx() function\n"));
+-	utmp_nox_update(u, claim);
+-#elif !defined(HAVE_UPDWTMPX)
+-	/* Have utmpx.h but no "updwtmpx()".  Drop to non-x stuff */
+-	DEBUG(1,("utmp_update: have utmpx.h but no updwtmpx() function\n"));
+-	utmp_nox_update(u, claim);
+-#else
+-	char *uname = NULL;
+-	char *wname = NULL;
+-	struct utmpx ux, *uxrc;
+-
+-	getutmpx(u, &ux);
+-
+-#if defined(HAVE_UX_UT_SYSLEN)
+-	if (hostname)
+-		ux.ut_syslen = strlen(hostname) + 1;	/* include end NULL */
+-	else
+-		ux.ut_syslen = 0;
+-#endif
+-#if defined(HAVE_UT_UT_HOST)
+-	utmp_strcpy(ux.ut_host, hostname, sizeof(ux.ut_host));
+-#endif
+-
+-	uname = uw_pathname(talloc_tos(), "utmpx", ux_pathname);
+-	wname = uw_pathname(talloc_tos(), "wtmpx", wx_pathname);
+-	if (uname && wname) {
+-		DEBUG(2,("utmp_update: uname:%s wname:%s\n", uname, wname));
+-	}
++	STRUCT_UTMP *urc;
+ 
+-	/*
+-	 * Check for either uname or wname being empty.
+-	 * Some systems, such as Redhat 6, have a "utmpx.h" which doesn't
+-	 * define default filenames.
+-	 * Also, our local installation has not provided an override.
+-	 * Drop to non-x method.  (E.g. RH6 has good defaults in "utmp.h".)
+-	 */
+-	if (!uname || !wname || (strlen(uname) == 0) || (strlen(wname) == 0)) {
+-		utmp_nox_update(u, claim);
+-	} else {
+-		utmpxname(uname);
+-		setutxent();
+-		uxrc = pututxline(&ux);
+-		endutxent();
+-		if (uxrc == NULL) {
+-			DEBUG(2,("utmp_update: pututxline() failed\n"));
+-			return;
+-		}
+-		updwtmpx(wname, &ux);
++	setutxent();
++	urc = pututxline(u);
++	endutxent();
++	if (urc == NULL) {
++		DEBUG(2,("utmp_update: pututxline() failed\n"));
++		return;
+ 	}
+-#endif /* HAVE_UTMPX_H */
+ }
+ 
+ #if defined(HAVE_UT_UT_ID)
+ /****************************************************************************
+  Encode the unique connection number into "ut_id".
+ ****************************************************************************/
+-
+-static int ut_id_encode(int i, char *fourbyte)
++static void ut_id_encode(char *buf, int id, size_t buf_size)
+ {
+-	int nbase;
+-	const char *ut_id_encstr = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
+-
+-/*
+- * 'ut_id_encstr' is the character set on which modulo arithmetic is done.
+- * Example: digits would produce the base-10 numbers from '001'.
+- */
+-	nbase = strlen(ut_id_encstr);
++	const char ut_id_encstr[] = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
+ 
+-	fourbyte[0] = ut_id_encstr[i % nbase];
+-	i /= nbase;
+-	fourbyte[1] = ut_id_encstr[i % nbase];
+-	i /= nbase;
+-	fourbyte[3] = ut_id_encstr[i % nbase];
+-	i /= nbase;
+-	fourbyte[2] = ut_id_encstr[i % nbase];
+-	i /= nbase;
++	int nbase = sizeof(ut_id_encstr) - 1;
++	/*
++	 * 'ut_id_encstr' is the character set on which modulo arithmetic is done.
++	 * Example: digits would produce the base-10 numbers from '001'.
++	 */
+ 
+-	/* we do not care about overflows as i is a random number */
+-	return 0;
++	for(int i = 0; i < buf_size; i++) {
++		buf[i] = ut_id_encstr[id % nbase];
++		id /= nbase;
++	}
+ }
+ #endif /* defined(HAVE_UT_UT_ID) */
+ 
+-
+ /*
+   fill a system utmp structure given all the info we can gather
+ */
+-static bool sys_utmp_fill(struct utmp *u,
++static bool sys_utmp_fill(STRUCT_UTMP *u,
+ 			const char *username, const char *hostname,
+ 			const char *id_str, int id_num)
+ {

*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201806080109.w5819AH8087517>