From owner-svn-ports-head@freebsd.org Fri Jun 8 01:09:14 2018 Return-Path: Delivered-To: svn-ports-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9AD80100A83D; Fri, 8 Jun 2018 01:09:13 +0000 (UTC) (envelope-from timur@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4ECA369CB4; Fri, 8 Jun 2018 01:09:13 +0000 (UTC) (envelope-from timur@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 15A9D27DA7; Fri, 8 Jun 2018 01:09:13 +0000 (UTC) (envelope-from timur@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w5819Cb0087531; Fri, 8 Jun 2018 01:09:12 GMT (envelope-from timur@FreeBSD.org) Received: (from timur@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w5819AH8087517; Fri, 8 Jun 2018 01:09:10 GMT (envelope-from timur@FreeBSD.org) Message-Id: <201806080109.w5819AH8087517@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: timur set sender to timur@FreeBSD.org using -f From: "Timur I. Bakeyev" Date: Fri, 8 Jun 2018 01:09:10 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r471963 - in head/net/samba48: . files X-SVN-Group: ports-head X-SVN-Commit-Author: timur X-SVN-Commit-Paths: in head/net/samba48: . files X-SVN-Commit-Revision: 471963 X-SVN-Commit-Repository: ports MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Jun 2018 01:09:14 -0000 Author: timur Date: Fri Jun 8 01:09:10 2018 New Revision: 471963 URL: https://svnweb.freebsd.org/changeset/ports/471963 Log: Update port to 4.8.2 version. That fixes major bug with the AD/DC upgrade from the previous versions: * After update to 4.8.0 DC failed with "Failed to find our own NTDS Settings objectGUID" (bug #13335). * Fix to the vfs_streams_xattr module which was corrupting AFP_AfpInfo attributes. * Fix provisioning on the UFS2. * Allow access to the .zfs/ hidden directory. * Fix logging to the UTMP Sponsored by: iXsystems Inc. Added: head/net/samba48/files/0001-bug-13175.patch (contents, props changed) head/net/samba48/files/0001-bug-13427.patch (contents, props changed) head/net/samba48/files/0001-bug-228462.patch (contents, props changed) head/net/samba48/files/patch-dbwrap (contents, props changed) head/net/samba48/files/patch-includes.h (contents, props changed) head/net/samba48/files/patch-libgpo__wscript_build (contents, props changed) head/net/samba48/files/patch-source3__smbd__utmp.c (contents, props changed) head/net/samba48/files/patch-source4__kdc__kdc-service-mit.c (contents, props changed) head/net/samba48/files/patch-vfs_full_audit.c (contents, props changed) Deleted: head/net/samba48/files/patch-source4__dsdb__samdb__ldb_modules__encrypted_secrets.c Modified: head/net/samba48/Makefile head/net/samba48/distinfo head/net/samba48/files/0001-Zfs-provision-1.patch head/net/samba48/files/patch-source3__wscript head/net/samba48/files/patch-source3__wscript_build head/net/samba48/files/patch-vfs_freebsd.c head/net/samba48/files/patch-vfs_virusfilter head/net/samba48/pkg-plist Modified: head/net/samba48/Makefile ============================================================================== --- head/net/samba48/Makefile Fri Jun 8 01:01:08 2018 (r471962) +++ head/net/samba48/Makefile Fri Jun 8 01:09:10 2018 (r471963) @@ -19,10 +19,13 @@ CONFLICTS_INSTALL?= samba4-4.0.* samba4[1-79]-4.* p5- EXTRA_PATCHES+= ${PATCHDIR}/0001-Zfs-provision-1.patch:-p1 EXTRA_PATCHES+= ${PATCHDIR}/0001-Freenas-master-mdns-fixes-22.patch:-p1 +EXTRA_PATCHES+= ${PATCHDIR}/0001-bug-13427.patch:-p1 +EXTRA_PATCHES+= ${PATCHDIR}/0001-bug-13175.patch:-p1 +EXTRA_PATCHES+= ${PATCHDIR}/0001-bug-228462.patch:-p1 SAMBA4_BASENAME= samba SAMBA4_PORTNAME= ${SAMBA4_BASENAME}4 -SAMBA4_VERSION= 4.8.0 +SAMBA4_VERSION= 4.8.2 SAMBA4_DISTNAME= ${SAMBA4_BASENAME}-${SAMBA4_VERSION:S|.p|pre|:S|.r|rc|:S|.t|tp|:S|.a|alpha|} WRKSRC?= ${WRKDIR}/${DISTNAME} @@ -86,7 +89,7 @@ OPTIONS_SUB= yes OPTIONS_DEFINE= AD_DC ADS DEBUG DOCS FAM LDAP \ QUOTAS SYSLOG UTMP PROFILE # Make those default options -OPTIONS_DEFAULT:= ${OPTIONS_DEFINE} +OPTIONS_DEFAULT:= ${OPTIONS_DEFINE} GSSAPI_BUILTIN # This shouldn't be default in the release OPTIONS_DEFINE+= DEVELOPER MANDOC @@ -94,12 +97,17 @@ OPTIONS_DEFINE_amd64= AESNI OPTIONS_DEFAULT_amd64= AESNI OPTIONS_DEFINE+= CUPS GPGME NTVFS SPOTLIGHT +#OPTIONS_DEFINE+= MEMORY_DEBUG +OPTIONS_SINGLE= GSSAPI +# GSSAPI_HEIMDAL +OPTIONS_SINGLE_GSSAPI= GSSAPI_BUILTIN GSSAPI_MIT + OPTIONS_RADIO= DNS ZEROCONF OPTIONS_RADIO_DNS= NSUPDATE BIND99 BIND910 BIND911 OPTIONS_RADIO_ZEROCONF= MDNSRESPONDER AVAHI ############################################################################## -AD_DC_DESC= Active Directory Domain Controller +AD_DC_DESC= Active Directory Domain Controller(implies LDAP) ADS_DESC= Active Directory client(implies LDAP) AESNI_DESC= Accelerated AES crypto functions(amd64 only) CLUSTER_DESC= Clustering @@ -111,12 +119,15 @@ LDAP_DESC= LDAP client LIBZFS_DESC= LibZFS SPOTLIGHT_DESC= Spotlight MANDOC_DESC= Build manpages from DOCBOOK templates +MEMORY_DEBUG_DESC= Debug memory allocation NTVFS_DESC= Build *DEPRECATED* NTVFS file server PICKY_DEVELOPER_DESC= Treat compiler warnings as errors(implies DEVELOPER) PROFILE_DESC= Profiling data QUOTAS_DESC= Disk quota UTMP_DESC= UTMP accounting +GSSAPI_BUILTIN_DESC= GSSAPI support via bundled Heimdal + BIND99_DESC= Use Bind 9.9 as AD DC DNS server frontend BIND910_DESC= Use Bind 9.10 as AD DC DNS server frontend BIND911_DESC= Use Bind 9.11 as AD DC DNS server frontend @@ -171,8 +182,8 @@ PLIST_SUB+= SAMBA4_BUNDLED_TALLOC="" SUB_LIST+= SAMBA4_BUNDLED_TALLOC="" .else SAMBA4_BUNDLED_LIBS+= !talloc -BUILD_DEPENDS+= talloc>=2.1.11:devel/talloc -RUN_DEPENDS+= talloc>=2.1.11:devel/talloc +BUILD_DEPENDS+= talloc>=2.1.13:devel/talloc +RUN_DEPENDS+= talloc>=2.1.13:devel/talloc PLIST_SUB+= SAMBA4_BUNDLED_TALLOC="@comment " SUB_LIST+= SAMBA4_BUNDLED_TALLOC="@comment " .endif @@ -211,8 +222,8 @@ PLIST_SUB+= SAMBA4_BUNDLED_LDB="" SUB_LIST+= SAMBA4_BUNDLED_LDB="" .else . if ${SAMBA4_LDB} == 13 -BUILD_DEPENDS+= ldb13>=1.3.2:databases/ldb13 -RUN_DEPENDS+= ldb13>=1.3.2:databases/ldb13 +BUILD_DEPENDS+= ldb13>=1.3.3:databases/ldb13 +RUN_DEPENDS+= ldb13>=1.3.3:databases/ldb13 . elif ${SAMBA4_LDB} == 12 BUILD_DEPENDS+= ldb12>=1.2.3:databases/ldb12 RUN_DEPENDS+= ldb12>=1.2.3:databases/ldb12 @@ -256,7 +267,6 @@ CONFIGURE_ARGS+= \ --with-sendfile-support \ --disable-ctdb-tests \ ${ICONV_CONFIGURE_BASE} - ############################################################################## BIND99_RUN_DEPENDS= bind99>=9.9.0.0:dns/bind99 BIND910_RUN_DEPENDS= bind910>=9.10.0.0:dns/bind910 @@ -272,6 +282,10 @@ MDNSRESPONDER_LIB_DEPENDS= libdns_sd.so:net/mDNSRespon DEBUG_CONFIGURE_ON= --verbose --enable-debug DEBUG_MAKE_ARGS= --verbose DEBUG_FLAGS= -g -ggdb3 -O0 + +MEMORY_DEBUG_IMPLIES= DEBUG +MEMORY_DEBUG_CONFIGURE_ENV= ADDITIONAL_CFLAGS="-DENABLE_JEMALLOC `pkg-config --cflags jemalloc`" ADDITIONAL_LDFLAGS="`pkg-config --libs jemalloc`" +MEMORY_DEBUG_LIB_DEPENDS= libjemalloc.so.2:devel/jemalloc # https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=194046 GDB_CMD?= ${LOCALBASE}/bin/gdb # https://bugzilla.samba.org/show_bug.cgi?id=8969 @@ -328,6 +342,10 @@ LDAP_CONFIGURE_ON= --with-openldap=${LOCALBASE} LDAP_USE= OPENLDAP=yes LDAP_VARS= SAMBA4_MODULES+=idmap_ldap +GSSAPI_MIT_CONFIGURE_ON= --with-system-mitkrb5 ${GSSAPIBASEDIR} \ + --with-system-mitkdc=${GSSAPIBASEDIR}/sbin/krb5kdc +GSSAPI_MIT_USES= gssapi:mit + LIBZFS_CONFIGURE_WITH= libzfs LIBZFS_VARS= SAMBA4_MODULES+=vfs_zfs_space @@ -459,6 +477,10 @@ PLIST_FILES+= lib/samba4/private/libaesni-intel-samb .else CONFIGURE_ARGS+= --accel-aes=none .endif + +.if ${PORT_OPTIONS:MAD_DC} && ${PORT_OPTIONS:MGSSAPI_MIT} +PLIST_FILES+= lib/samba4/krb5/plugins/kdb/samba.so +.endif # for libexecinfo: (so that __builtin_frame_address() finds the top of the stack) CFLAGS_amd64+= -fno-omit-frame-pointer # No fancy color error messages @@ -508,6 +530,12 @@ post-patch: # Use threading (or multiprocessing) but not thread (renamed in python 3+). pre-configure: +.if ! ${PORT_OPTIONS:MAD_DC} && ${PORT_OPTIONS:MNTVFS} + @${ECHO_CMD}; \ + ${ECHO_MSG} "===> NTVFS option requires AD_DC to be set"; \ + ${ECHO_CMD}; \ + ${FALSE} +.endif @if ! ${PYTHON_CMD} -c "import multiprocessing;" 2>/dev/null; then \ ${ECHO_CMD}; \ ${ECHO_MSG} "===> ${PKGNAME} "${IGNORE_NONTHREAD_PYTHON:Q}.; \ Modified: head/net/samba48/distinfo ============================================================================== --- head/net/samba48/distinfo Fri Jun 8 01:01:08 2018 (r471962) +++ head/net/samba48/distinfo Fri Jun 8 01:09:10 2018 (r471963) @@ -1,3 +1,3 @@ -TIMESTAMP = 1520983130 -SHA256 (samba-4.8.0.tar.gz) = 87d9b585dbd8628e79aabb6e621a94bd20a072a00762e78e0899fad22fc18fb7 -SIZE (samba-4.8.0.tar.gz) = 17659751 +TIMESTAMP = 1526478569 +SHA256 (samba-4.8.2.tar.gz) = 62e552296d49e6ab44bb87d120a288813fa52e42435d53a1f71b77596512bf22 +SIZE (samba-4.8.2.tar.gz) = 17675145 Modified: head/net/samba48/files/0001-Zfs-provision-1.patch ============================================================================== --- head/net/samba48/files/0001-Zfs-provision-1.patch Fri Jun 8 01:01:08 2018 (r471962) +++ head/net/samba48/files/0001-Zfs-provision-1.patch Fri Jun 8 01:09:10 2018 (r471963) @@ -26,16 +26,15 @@ diff --git a/python/samba/provision/__init__.py b/pyth index 5de986463a5..cd3b91f41b9 100644 --- a/python/samba/provision/__init__.py +++ b/python/samba/provision/__init__.py -@@ -1556,19 +1556,25 @@ def setsysvolacl(samdb, netlogon, sysvol, uid, gid, domainsid, dnsdomain, +@@ -1556,19 +1556,24 @@ def setsysvolacl(samdb, netlogon, sysvol, uid, gid, domainsid, dnsdomain, s3conf = s3param.get_context() s3conf.load(lp.configfile) - file = tempfile.NamedTemporaryFile(dir=os.path.abspath(sysvol)) + sysvol_dir = os.path.abspath(sysvol) + -+ if smbd.has_posix_acls(sysvol_dir): -+ set_simple_acl = smbd.set_simple_acl -+ elif smbd.has_nfsv4_acls(sysvol_dir): ++ set_simple_acl = smbd.set_simple_acl ++ if smbd.has_nfsv4_acls(sysvol_dir): + set_simple_acl = smbd.set_simple_nfsv4_acl + + file = tempfile.NamedTemporaryFile(dir=sysvol_dir) Added: head/net/samba48/files/0001-bug-13175.patch ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net/samba48/files/0001-bug-13175.patch Fri Jun 8 01:09:10 2018 (r471963) @@ -0,0 +1,143 @@ +From 60bdced298831b2750ce785e01891e4aeb79f0dc Mon Sep 17 00:00:00 2001 +From: Ralph Boehme +Date: Fri, 18 May 2018 13:14:57 +0200 +Subject: [PATCH 1/2] s3:smbd: make psbuf arg to make_default_acl_posix() const + +Bug: https://bugzilla.samba.org/show_bug.cgi?id=13175 + +Signed-off-by: Ralph Boehme +--- + source3/smbd/posix_acls.c | 8 ++++---- + source3/smbd/proto.h | 2 +- + 2 files changed, 5 insertions(+), 5 deletions(-) + +diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c +index 8d42535d877..6396f818176 100644 +--- a/source3/smbd/posix_acls.c ++++ b/source3/smbd/posix_acls.c +@@ -4779,7 +4779,7 @@ int posix_sys_acl_blob_get_fd(vfs_handle_struct *handle, + + static NTSTATUS make_default_acl_posix(TALLOC_CTX *ctx, + const char *name, +- SMB_STRUCT_STAT *psbuf, ++ const SMB_STRUCT_STAT *psbuf, + struct security_descriptor **ppdesc) + { + struct dom_sid owner_sid, group_sid; +@@ -4886,7 +4886,7 @@ static NTSTATUS make_default_acl_posix(TALLOC_CTX *ctx, + + static NTSTATUS make_default_acl_windows(TALLOC_CTX *ctx, + const char *name, +- SMB_STRUCT_STAT *psbuf, ++ const SMB_STRUCT_STAT *psbuf, + struct security_descriptor **ppdesc) + { + struct dom_sid owner_sid, group_sid; +@@ -4958,7 +4958,7 @@ static NTSTATUS make_default_acl_windows(TALLOC_CTX *ctx, + + static NTSTATUS make_default_acl_everyone(TALLOC_CTX *ctx, + const char *name, +- SMB_STRUCT_STAT *psbuf, ++ const SMB_STRUCT_STAT *psbuf, + struct security_descriptor **ppdesc) + { + struct dom_sid owner_sid, group_sid; +@@ -5022,7 +5022,7 @@ NTSTATUS make_default_filesystem_acl( + TALLOC_CTX *ctx, + enum default_acl_style acl_style, + const char *name, +- SMB_STRUCT_STAT *psbuf, ++ const SMB_STRUCT_STAT *psbuf, + struct security_descriptor **ppdesc) + { + NTSTATUS status; +diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h +index bee7acadeea..262338d81e4 100644 +--- a/source3/smbd/proto.h ++++ b/source3/smbd/proto.h +@@ -819,7 +819,7 @@ NTSTATUS make_default_filesystem_acl( + TALLOC_CTX *ctx, + enum default_acl_style acl_style, + const char *name, +- SMB_STRUCT_STAT *psbuf, ++ const SMB_STRUCT_STAT *psbuf, + struct security_descriptor **ppdesc); + + /* The following definitions come from smbd/process.c */ +-- +2.13.6 + + +From 0918370e20156e4a21a0c244b963b672ed6b46b1 Mon Sep 17 00:00:00 2001 +From: Ralph Boehme +Date: Tue, 5 Dec 2017 08:28:28 +0100 +Subject: [PATCH 2/2] vfs_zfsacl: return synthesized ACL when ZFS return + ENOTSUP + +This allows accessing the ZFS .snapshots directory where ZFS returns +ENOTSUP when calling acl(".snapshots"). + +Bug: https://bugzilla.samba.org/show_bug.cgi?id=13175 + +Signed-off-by: Ralph Boehme +--- + source3/modules/vfs_zfsacl.c | 36 ++++++++++++++++++++++++++++++++++-- + 1 file changed, 34 insertions(+), 2 deletions(-) + +diff --git a/source3/modules/vfs_zfsacl.c b/source3/modules/vfs_zfsacl.c +index 0bc4ba6604f..43e41f95c1a 100644 +--- a/source3/modules/vfs_zfsacl.c ++++ b/source3/modules/vfs_zfsacl.c +@@ -238,7 +238,20 @@ static NTSTATUS zfsacl_fget_nt_acl(struct vfs_handle_struct *handle, + fsp->fsp_name, &pacl); + if (!NT_STATUS_IS_OK(status)) { + TALLOC_FREE(frame); +- return status; ++ if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) { ++ return status; ++ } ++ ++ status = make_default_filesystem_acl(mem_ctx, ++ DEFAULT_ACL_POSIX, ++ fsp->fsp_name->base_name, ++ &fsp->fsp_name->st, ++ ppdesc); ++ if (!NT_STATUS_IS_OK(status)) { ++ return status; ++ } ++ (*ppdesc)->type |= SEC_DESC_DACL_PROTECTED; ++ return NT_STATUS_OK; + } + + status = smb_fget_nt_acl_nfs4(fsp, NULL, security_info, mem_ctx, +@@ -260,7 +273,26 @@ static NTSTATUS zfsacl_get_nt_acl(struct vfs_handle_struct *handle, + status = zfs_get_nt_acl_common(handle->conn, frame, smb_fname, &pacl); + if (!NT_STATUS_IS_OK(status)) { + TALLOC_FREE(frame); +- return status; ++ if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) { ++ return status; ++ } ++ ++ if (!VALID_STAT(smb_fname->st)) { ++ DBG_ERR("No stat info for [%s]\n", ++ smb_fname_str_dbg(smb_fname)); ++ return NT_STATUS_INTERNAL_ERROR; ++ } ++ ++ status = make_default_filesystem_acl(mem_ctx, ++ DEFAULT_ACL_POSIX, ++ smb_fname->base_name, ++ &smb_fname->st, ++ ppdesc); ++ if (!NT_STATUS_IS_OK(status)) { ++ return status; ++ } ++ (*ppdesc)->type |= SEC_DESC_DACL_PROTECTED; ++ return NT_STATUS_OK; + } + + status = smb_get_nt_acl_nfs4(handle->conn, +-- +2.13.6 + Added: head/net/samba48/files/0001-bug-13427.patch ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net/samba48/files/0001-bug-13427.patch Fri Jun 8 01:09:10 2018 (r471963) @@ -0,0 +1,213 @@ +From 31e168958987826ab7cce61b854daf2a8f3f2adb Mon Sep 17 00:00:00 2001 +From: Stefan Metzmacher +Date: Wed, 9 May 2018 13:30:13 +0200 +Subject: [PATCH 1/3] auth/ntlmssp: add ntlmssp_client:ldap_style_send_seal + option + +This will be used to similate a Windows client only +using NTLMSSP_NEGOTIATE_SIGN without NTLMSSP_NEGOTIATE_SEAL +on an LDAP connection, which is indicated internally by +GENSEC_FEATURE_LDAP_STYLE. + +Bug: https://bugzilla.samba.org/show_bug.cgi?id=13427 + +Signed-off-by: Stefan Metzmacher +Reviewed-by: Andrew Bartlett +(cherry picked from commit 7f2bebf09cd8056b3f901dd9ff1fc9e9525f3e9d) +--- + auth/ntlmssp/ntlmssp_client.c | 24 +++++++++++++++++------- + 1 file changed, 17 insertions(+), 7 deletions(-) + +diff --git a/auth/ntlmssp/ntlmssp_client.c b/auth/ntlmssp/ntlmssp_client.c +index db2003f0d6b..54fda41b534 100644 +--- a/auth/ntlmssp/ntlmssp_client.c ++++ b/auth/ntlmssp/ntlmssp_client.c +@@ -865,13 +865,23 @@ NTSTATUS gensec_ntlmssp_client_start(struct gensec_security *gensec_security) + * is requested. + */ + ntlmssp_state->force_wrap_seal = true; +- /* +- * We want also work against old Samba servers +- * which didn't had GENSEC_FEATURE_LDAP_STYLE +- * we negotiate SEAL too. We may remove this +- * in a few years. As all servers should have +- * GENSEC_FEATURE_LDAP_STYLE by then. +- */ ++ } ++ } ++ if (ntlmssp_state->force_wrap_seal) { ++ bool ret; ++ ++ /* ++ * We want also work against old Samba servers ++ * which didn't had GENSEC_FEATURE_LDAP_STYLE ++ * we negotiate SEAL too. We may remove this ++ * in a few years. As all servers should have ++ * GENSEC_FEATURE_LDAP_STYLE by then. ++ */ ++ ret = gensec_setting_bool(gensec_security->settings, ++ "ntlmssp_client", ++ "ldap_style_send_seal", ++ true); ++ if (ret) { + ntlmssp_state->required_flags |= NTLMSSP_NEGOTIATE_SEAL; + } + } +-- +2.14.3 + + +From 1734791570ff0eb57a04fef779a093c20c83ed9d Mon Sep 17 00:00:00 2001 +From: Stefan Metzmacher +Date: Wed, 9 May 2018 13:33:05 +0200 +Subject: [PATCH 2/3] s4:selftest: run test_ldb_simple.sh with more auth + options + +This demonstrates the broken GENSEC_FEATURE_LDAP_STYLE +handling in our LDAP server. + +Bug: https://bugzilla.samba.org/show_bug.cgi?id=13427 + +Signed-off-by: Stefan Metzmacher +Reviewed-by: Andrew Bartlett +(cherry picked from commit fc1c5bd3be2c3f90eab2f31e43cf053f7ff13782) +--- + selftest/knownfail.d/ntlmssp_ldap_style_send_seal | 1 + + source4/selftest/tests.py | 7 +++++++ + 2 files changed, 8 insertions(+) + create mode 100644 selftest/knownfail.d/ntlmssp_ldap_style_send_seal + +diff --git a/selftest/knownfail.d/ntlmssp_ldap_style_send_seal b/selftest/knownfail.d/ntlmssp_ldap_style_send_seal +new file mode 100644 +index 00000000000..0cd7cc2ea39 +--- /dev/null ++++ b/selftest/knownfail.d/ntlmssp_ldap_style_send_seal +@@ -0,0 +1 @@ ++^samba4.ldb.simple.ldap.*ldap_style_send_seal=no +diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py +index 621a61347bc..226617f3b6a 100755 +--- a/source4/selftest/tests.py ++++ b/source4/selftest/tests.py +@@ -116,6 +116,13 @@ for env in ["ad_dc_ntvfs", "fl2008r2dc", "fl2003dc"]: + '--option=clientldapsaslwrapping=plain', + '--sign', + '--encrypt', ++ '-k yes --option=clientldapsaslwrapping=plain', ++ '-k yes --sign', ++ '-k yes --encrypt', ++ '-k no --option=clientldapsaslwrapping=plain', ++ '-k no --sign --option=ntlmssp_client:ldap_style_send_seal=no', ++ '-k no --sign', ++ '-k no --encrypt', + ] + + for auth_option in auth_options: +-- +2.14.3 + + +From 4b612bcfb938a49b2725e913a95004bd9fa6c3c3 Mon Sep 17 00:00:00 2001 +From: Stefan Metzmacher +Date: Mon, 7 May 2018 14:50:27 +0200 +Subject: [PATCH 3/3] auth/ntlmssp: fix handling of GENSEC_FEATURE_LDAP_STYLE + as a server + +This fixes "NTLMSSP NTLM2 packet check failed due to invalid signature!" +error messages, which were generated if the client only sends +NTLMSSP_NEGOTIATE_SIGN without NTLMSSP_NEGOTIATE_SEAL on an LDAP +connection. + +This fixes a regession in the combination of commits +77adac8c3cd2f7419894d18db735782c9646a202 and +3a0b835408a6efa339e8b34333906bfe3aacd6e3. + +We need to evaluate GENSEC_FEATURE_LDAP_STYLE at the end +of the authentication (as a server, while we already +do so at the beginning as a client). + +As a reminder I introduced GENSEC_FEATURE_LDAP_STYLE +(as an internal flag) in order to let us work as a +Windows using NTLMSSP for LDAP. Even if only signing is +negotiated during the authentication the following PDUs +will still be encrypted if NTLMSSP is used. This is exactly the +same as if the client would have negotiated NTLMSSP_NEGOTIATE_SEAL. +I guess it's a bug in Windows, but we have to reimplement that +bug. Note this only applies to NTLMSSP and only to LDAP! +Signing only works fine for LDAP with Kerberos +or DCERPC and NTLMSSP. + +Bug: https://bugzilla.samba.org/show_bug.cgi?id=13427 + +Signed-off-by: Stefan Metzmacher +Reviewed-by: Andrew Bartlett + +Autobuild-User(master): Andrew Bartlett +Autobuild-Date(master): Wed May 16 03:26:03 CEST 2018 on sn-devel-144 + +(cherry picked from commit c7a3ce95ac4ce837d8fde36578b3b1f56c3ac2fa) +--- + auth/ntlmssp/gensec_ntlmssp_server.c | 19 ------------------- + auth/ntlmssp/ntlmssp_server.c | 8 ++++++++ + selftest/knownfail.d/ntlmssp_ldap_style_send_seal | 1 - + 3 files changed, 8 insertions(+), 20 deletions(-) + delete mode 100644 selftest/knownfail.d/ntlmssp_ldap_style_send_seal + +diff --git a/auth/ntlmssp/gensec_ntlmssp_server.c b/auth/ntlmssp/gensec_ntlmssp_server.c +index c0e6cff5952..ab92f4d0c09 100644 +--- a/auth/ntlmssp/gensec_ntlmssp_server.c ++++ b/auth/ntlmssp/gensec_ntlmssp_server.c +@@ -179,25 +179,6 @@ NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_security) + ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN; + ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL; + +- if (gensec_security->want_features & GENSEC_FEATURE_SESSION_KEY) { +- ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN; +- } +- if (gensec_security->want_features & GENSEC_FEATURE_SIGN) { +- ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN; +- +- if (gensec_security->want_features & GENSEC_FEATURE_LDAP_STYLE) { +- /* +- * We need to handle NTLMSSP_NEGOTIATE_SIGN as +- * NTLMSSP_NEGOTIATE_SEAL if GENSEC_FEATURE_LDAP_STYLE +- * is requested. +- */ +- ntlmssp_state->force_wrap_seal = true; +- } +- } +- if (gensec_security->want_features & GENSEC_FEATURE_SEAL) { +- ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN; +- ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL; +- } + + if (role == ROLE_STANDALONE) { + ntlmssp_state->server.is_standalone = true; +diff --git a/auth/ntlmssp/ntlmssp_server.c b/auth/ntlmssp/ntlmssp_server.c +index 37ed2bc9565..140e89daeb1 100644 +--- a/auth/ntlmssp/ntlmssp_server.c ++++ b/auth/ntlmssp/ntlmssp_server.c +@@ -1080,6 +1080,14 @@ static NTSTATUS ntlmssp_server_postauth(struct gensec_security *gensec_security, + data_blob_free(&ntlmssp_state->challenge_blob); + + if (gensec_ntlmssp_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) { ++ if (gensec_security->want_features & GENSEC_FEATURE_LDAP_STYLE) { ++ /* ++ * We need to handle NTLMSSP_NEGOTIATE_SIGN as ++ * NTLMSSP_NEGOTIATE_SEAL if GENSEC_FEATURE_LDAP_STYLE ++ * is requested. ++ */ ++ ntlmssp_state->force_wrap_seal = true; ++ } + nt_status = ntlmssp_sign_init(ntlmssp_state); + } + +diff --git a/selftest/knownfail.d/ntlmssp_ldap_style_send_seal b/selftest/knownfail.d/ntlmssp_ldap_style_send_seal +deleted file mode 100644 +index 0cd7cc2ea39..00000000000 +--- a/selftest/knownfail.d/ntlmssp_ldap_style_send_seal ++++ /dev/null +@@ -1 +0,0 @@ +-^samba4.ldb.simple.ldap.*ldap_style_send_seal=no +-- +2.14.3 + Added: head/net/samba48/files/0001-bug-228462.patch ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net/samba48/files/0001-bug-228462.patch Fri Jun 8 01:09:10 2018 (r471963) @@ -0,0 +1,146 @@ +From d9b748869a8f4018ebee302aae8246bf29f60309 Mon Sep 17 00:00:00 2001 +From: "Timur I. Bakeyev" +Date: Fri, 1 Jun 2018 01:35:08 +0800 +Subject: [PATCH 1/2] vfs_fruit: allow broken AFP_Signature where the first + byte is 0 + +FreeBSD bug ... caused the first byte of the AFP_AfpInfo xattr to be 0 +instead of 'A'. This hack allows such broken AFP_AfpInfo blobs to be +parsed by afpinfo_unpack(). + +FreeBSD Bug: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=228462 + +Signed-off-by: Ralph Boehme +--- + source3/modules/vfs_fruit.c | 32 ++++++++++++++++++++++++-------- + 1 file changed, 24 insertions(+), 8 deletions(-) + +diff --git a/source3/modules/vfs_fruit.c b/source3/modules/vfs_fruit.c +index df3cd0c899e..d84e6991036 100644 +--- a/source3/modules/vfs_fruit.c ++++ b/source3/modules/vfs_fruit.c +@@ -485,8 +485,9 @@ static int adouble_path(TALLOC_CTX *ctx, + struct smb_filename **ppsmb_fname_out); + static AfpInfo *afpinfo_new(TALLOC_CTX *ctx); + static ssize_t afpinfo_pack(const AfpInfo *ai, char *buf); +-static AfpInfo *afpinfo_unpack(TALLOC_CTX *ctx, const void *data); +- ++static AfpInfo *afpinfo_unpack(TALLOC_CTX *ctx, ++ const void *data, ++ const struct smb_filename *smb_fname); + + /** + * Return a pointer to an AppleDouble entry +@@ -2073,13 +2074,17 @@ static ssize_t afpinfo_pack(const AfpInfo *ai, char *buf) + return AFP_INFO_SIZE; + } + ++#define BROKEN_FREEBSD_AFP_Signature 0x00465000 ++ + /** + * Unpack a buffer into a AfpInfo structure + * + * Buffer size must be at least AFP_INFO_SIZE + * Returns allocated AfpInfo struct + **/ +-static AfpInfo *afpinfo_unpack(TALLOC_CTX *ctx, const void *data) ++static AfpInfo *afpinfo_unpack(TALLOC_CTX *ctx, ++ const void *data, ++ const struct smb_filename *smb_fname) + { + AfpInfo *ai = talloc_zero(ctx, AfpInfo); + if (ai == NULL) { +@@ -2092,10 +2097,21 @@ static AfpInfo *afpinfo_unpack(TALLOC_CTX *ctx, const void *data) + memcpy(ai->afpi_FinderInfo, (const char *)data + 16, + sizeof(ai->afpi_FinderInfo)); + +- if (ai->afpi_Signature != AFP_Signature +- || ai->afpi_Version != AFP_Version) { +- DEBUG(1, ("Bad AfpInfo signature or version\n")); ++ if (ai->afpi_Signature != AFP_Signature) { ++ DBG_WARNING("Bad signature [%x] on [%s]\n", ++ ai->afpi_Signature, smb_fname_str_dbg(smb_fname)); ++ ++ if (ai->afpi_Signature != BROKEN_FREEBSD_AFP_Signature) { ++ DBG_ERR("Bad AfpInfo signature\n"); ++ TALLOC_FREE(ai); ++ return NULL; ++ } ++ } ++ ++ if (ai->afpi_Version != AFP_Version) { ++ DBG_ERR("Bad AfpInfo version\n"); + TALLOC_FREE(ai); ++ return NULL; + } + + return ai; +@@ -4222,7 +4238,7 @@ static ssize_t fruit_pwrite_meta_stream(vfs_handle_struct *handle, + size_t nwritten; + bool ok; + +- ai = afpinfo_unpack(talloc_tos(), data); ++ ai = afpinfo_unpack(talloc_tos(), data, fsp->fsp_name); + if (ai == NULL) { + return -1; + } +@@ -4260,7 +4276,7 @@ static ssize_t fruit_pwrite_meta_netatalk(vfs_handle_struct *handle, + int ret; + bool ok; + +- ai = afpinfo_unpack(talloc_tos(), data); ++ ai = afpinfo_unpack(talloc_tos(), data, fsp->fsp_name); + if (ai == NULL) { + return -1; + } +-- +2.16.3 + + +From 83ce03a278ec9d15b595f4daf8da1641d27ebdd6 Mon Sep 17 00:00:00 2001 +From: "Timur I. Bakeyev" +Date: Fri, 1 Jun 2018 01:35:58 +0800 +Subject: [PATCH 2/2] vfs_streams_xattr: don't append 0 byte when creating + xattr + +Upstream Samba always appends an internal 0-byte to xattrs to cope +with filesytems or systems that don't support 0-byte sized xattrs. + +An older patch already remove this behaviour from the read and write +code paths, but didn't remove it from the create codepath. + +FreeBSD Bug: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=228462 + +Signed-off-by: Ralph Boehme +--- + source3/modules/vfs_streams_xattr.c | 8 +------- + 1 file changed, 1 insertion(+), 7 deletions(-) + +diff --git a/source3/modules/vfs_streams_xattr.c b/source3/modules/vfs_streams_xattr.c +index 8714007cb8d..5f3dfb30beb 100644 +--- a/source3/modules/vfs_streams_xattr.c ++++ b/source3/modules/vfs_streams_xattr.c +@@ -476,19 +476,13 @@ static int streams_xattr_open(vfs_handle_struct *handle, + /* + * The attribute does not exist or needs to be truncated + */ +- +- /* +- * Darn, xattrs need at least 1 byte +- */ +- char null = '\0'; +- + DEBUG(10, ("creating or truncating attribute %s on file %s\n", + xattr_name, smb_fname->base_name)); + + ret = SMB_VFS_SETXATTR(fsp->conn, + smb_fname, + xattr_name, +- &null, sizeof(null), ++ NULL, 0, + flags & O_EXCL ? XATTR_CREATE : 0); + if (ret != 0) { + goto fail; +-- +2.16.3 + Added: head/net/samba48/files/patch-dbwrap ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net/samba48/files/patch-dbwrap Fri Jun 8 01:09:10 2018 (r471963) @@ -0,0 +1,96 @@ +--- lib/dbwrap/dbwrap.c.orig 2018-01-17 10:08:39 UTC ++++ lib/dbwrap/dbwrap.c +@@ -28,6 +28,9 @@ + #include "lib/util/util_tdb.h" + #include "lib/util/tevent_ntstatus.h" + ++#undef DBGC_CLASS ++#define DBGC_CLASS DBGC_LOCKING ++ + /* + * Fall back using fetch if no genuine exists operation is provided + */ +--- lib/dbwrap/dbwrap_local_open.c.orig 2018-01-14 21:41:58.000000000 +0100 ++++ lib/dbwrap/dbwrap_local_open.c 2018-03-29 23:49:51.888588000 +0200 +@@ -24,6 +24,9 @@ + #include "tdb.h" + #include "lib/param/param.h" + ++#undef DBGC_CLASS ++#define DBGC_CLASS DBGC_LOCKING ++ + struct db_context *dbwrap_local_open(TALLOC_CTX *mem_ctx, + struct loadparm_context *lp_ctx, + const char *name, +--- lib/dbwrap/dbwrap_rbt.c.orig 2018-01-17 09:08:39.000000000 +0100 ++++ lib/dbwrap/dbwrap_rbt.c 2018-03-29 23:50:13.427755000 +0200 +@@ -24,6 +24,9 @@ + #include "../lib/util/rbtree.h" + #include "../lib/util/dlinklist.h" + ++#undef DBGC_CLASS ++#define DBGC_CLASS DBGC_LOCKING ++ + #define DBWRAP_RBT_ALIGN(_size_) (((_size_)+15)&~15) + + struct db_rbt_ctx { +--- lib/dbwrap/dbwrap_tdb.c.orig 2018-01-17 09:08:39.000000000 +0100 ++++ lib/dbwrap/dbwrap_tdb.c 2018-03-29 23:50:40.789642000 +0200 +@@ -27,6 +27,9 @@ + #include "lib/param/param.h" + #include "libcli/util/error.h" + ++#undef DBGC_CLASS ++#define DBGC_CLASS DBGC_LOCKING ++ + struct db_tdb_ctx { + struct tdb_wrap *wtdb; + +--- lib/dbwrap/dbwrap_util.c.orig 2018-01-17 09:08:39.000000000 +0100 ++++ lib/dbwrap/dbwrap_util.c 2018-03-29 23:51:35.907061000 +0200 +@@ -26,6 +26,9 @@ + #include "dbwrap.h" + #include "lib/util/util_tdb.h" + ++#undef DBGC_CLASS ++#define DBGC_CLASS DBGC_LOCKING ++ + struct dbwrap_fetch_int32_state { + NTSTATUS status; + int32_t result; +--- source3/lib/dbwrap/dbwrap_ctdb.c.orig 2018-01-17 09:08:39.000000000 +0100 ++++ source3/lib/dbwrap/dbwrap_ctdb.c 2018-03-29 23:57:41.784931000 +0200 +@@ -38,6 +38,9 @@ + #include "lib/cluster_support.h" + #include "lib/util/tevent_ntstatus.h" + ++#undef DBGC_CLASS ++#define DBGC_CLASS DBGC_LOCKING ++ + struct db_ctdb_transaction_handle { + struct db_ctdb_ctx *ctx; + /* +--- source3/lib/dbwrap/dbwrap_open.c.orig 2018-01-17 09:08:39.000000000 +0100 ++++ source3/lib/dbwrap/dbwrap_open.c 2018-03-29 23:57:54.680614000 +0200 +@@ -31,6 +31,9 @@ + #include "ctdbd_conn.h" + #include "messages.h" + ++#undef DBGC_CLASS ++#define DBGC_CLASS DBGC_LOCKING ++ + bool db_is_local(const char *name) + { + const char *sockname = lp_ctdbd_socket(); +--- source3/lib/dbwrap/dbwrap_watch.c.orig 2018-01-17 09:08:39.000000000 +0100 ++++ source3/lib/dbwrap/dbwrap_watch.c 2018-03-29 23:58:09.746298000 +0200 +@@ -28,6 +28,9 @@ + #include "server_id_watch.h" + #include "lib/dbwrap/dbwrap_private.h" + ++#undef DBGC_CLASS ++#define DBGC_CLASS DBGC_LOCKING ++ + static ssize_t dbwrap_record_watchers_key(struct db_context *db, + struct db_record *rec, + uint8_t *wkey, size_t wkey_len) Added: head/net/samba48/files/patch-includes.h ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net/samba48/files/patch-includes.h Fri Jun 8 01:09:10 2018 (r471963) @@ -0,0 +1,11 @@ +--- source3/include/includes.h.orig 2018-04-03 05:23:35 UTC ++++ source3/include/includes.h +@@ -323,6 +323,8 @@ typedef char fstring[FSTRING_LEN]; + * the *bottom* of include files so as not to conflict. */ + #ifdef ENABLE_DMALLOC + # include ++#elif ENABLE_JEMALLOC ++# include + #endif + + Added: head/net/samba48/files/patch-libgpo__wscript_build ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net/samba48/files/patch-libgpo__wscript_build Fri Jun 8 01:09:10 2018 (r471963) @@ -0,0 +1,9 @@ +--- libgpo/wscript_build.orig 2018-05-22 10:47:26 UTC ++++ libgpo/wscript_build +@@ -10,4 +10,5 @@ bld.SAMBA3_LIBRARY('gpext', + bld.SAMBA3_PYTHON('python_samba_libgpo', 'pygpo.c', + deps='''pyparam_util gpext talloc ads TOKEN_UTIL + auth pyrpc_util''', +- realname='samba/gpo.so') ++ realname='samba/gpo.so', ++ enabled=bld.CONFIG_SET('HAVE_LDAP')) Added: head/net/samba48/files/patch-source3__smbd__utmp.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net/samba48/files/patch-source3__smbd__utmp.c Fri Jun 8 01:09:10 2018 (r471963) @@ -0,0 +1,261 @@ +--- source3/smbd/utmp.c.orig 2018-01-15 04:41:58.000000000 +0800 ++++ source3/smbd/utmp.c 2018-05-25 14:06:42.746302000 +0800 +@@ -257,7 +257,7 @@ static char *uw_pathname(TALLOC_CTX *ctx + Update utmp file directly. No subroutine interface: probably a BSD system. + ****************************************************************************/ + +-static void pututline_my(const char *uname, struct utmp *u, bool claim) ++static void pututline_my(const char *uname, STRUCT_UTMP *u, bool claim) + { + DEBUG(1,("pututline_my: not yet implemented\n")); + /* BSD implementor: may want to consider (or not) adjusting "lastlog" */ +@@ -271,7 +271,7 @@ static void pututline_my(const char *una + Credit: Michail Vidiassov + ****************************************************************************/ + +-static void updwtmp_my(const char *wname, struct utmp *u, bool claim) ++static void updwtmp_my(const char *wname, STRUCT_UTMP *u, bool claim) + { + int fd; + struct stat buf; +@@ -303,7 +303,7 @@ static void updwtmp_my(const char *wname + if ((fd = open(wname, O_WRONLY|O_APPEND, 0)) < 0) + return; + if (fstat(fd, &buf) == 0) { +- if (write(fd, (char *)u, sizeof(struct utmp)) != sizeof(struct utmp)) ++ if (write(fd, (char *)u, sizeof(STRUCT_UTMP)) != sizeof(STRUCT_UTMP)) + (void) ftruncate(fd, buf.st_size); + } + (void) close(fd); +@@ -314,12 +314,12 @@ static void updwtmp_my(const char *wname + Update via utmp/wtmp (not utmpx/wtmpx). + ****************************************************************************/ + +-static void utmp_nox_update(struct utmp *u, bool claim) ++static void utmp_nox_update(STRUCT_UTMP *u, bool claim) + { + char *uname = NULL; + char *wname = NULL; + #if defined(PUTUTLINE_RETURNS_UTMP) +- struct utmp *urc; ++ STRUCT_UTMP *urc; + #endif /* PUTUTLINE_RETURNS_UTMP */ + + uname = uw_pathname(talloc_tos(), "utmp", ut_pathname); +@@ -376,127 +376,52 @@ static void utmp_nox_update(struct utmp + } + } + +-/**************************************************************************** +- Copy a string in the utmp structure. +-****************************************************************************/ + +-static void utmp_strcpy(char *dest, const char *src, size_t n) +-{ +- size_t len = 0; + +- memset(dest, '\0', n); +- if (src) +- len = strlen(src); +- if (len >= n) { +- memcpy(dest, src, n); +- } else { +- if (len) +- memcpy(dest, src, len); +- } +-} ++ + + /**************************************************************************** + Update via utmpx/wtmpx (preferred) or via utmp/wtmp. + ****************************************************************************/ + +-static void sys_utmp_update(struct utmp *u, const char *hostname, bool claim) ++static void sys_utmp_update(STRUCT_UTMP *u, const char *hostname, bool claim) + { +-#if !defined(HAVE_UTMPX_H) +- /* No utmpx stuff. Drop to non-x stuff */ +- utmp_nox_update(u, claim); +-#elif !defined(HAVE_PUTUTXLINE) +- /* Odd. Have utmpx.h but no "pututxline()". Drop to non-x stuff */ +- DEBUG(1,("utmp_update: have utmpx.h but no pututxline() function\n")); +- utmp_nox_update(u, claim); +-#elif !defined(HAVE_GETUTMPX) +- /* Odd. Have utmpx.h but no "getutmpx()". Drop to non-x stuff */ +- DEBUG(1,("utmp_update: have utmpx.h but no getutmpx() function\n")); +- utmp_nox_update(u, claim); +-#elif !defined(HAVE_UPDWTMPX) +- /* Have utmpx.h but no "updwtmpx()". Drop to non-x stuff */ +- DEBUG(1,("utmp_update: have utmpx.h but no updwtmpx() function\n")); +- utmp_nox_update(u, claim); +-#else +- char *uname = NULL; +- char *wname = NULL; +- struct utmpx ux, *uxrc; +- +- getutmpx(u, &ux); +- +-#if defined(HAVE_UX_UT_SYSLEN) +- if (hostname) +- ux.ut_syslen = strlen(hostname) + 1; /* include end NULL */ +- else +- ux.ut_syslen = 0; +-#endif +-#if defined(HAVE_UT_UT_HOST) +- utmp_strcpy(ux.ut_host, hostname, sizeof(ux.ut_host)); +-#endif +- +- uname = uw_pathname(talloc_tos(), "utmpx", ux_pathname); +- wname = uw_pathname(talloc_tos(), "wtmpx", wx_pathname); +- if (uname && wname) { +- DEBUG(2,("utmp_update: uname:%s wname:%s\n", uname, wname)); +- } ++ STRUCT_UTMP *urc; + +- /* +- * Check for either uname or wname being empty. +- * Some systems, such as Redhat 6, have a "utmpx.h" which doesn't +- * define default filenames. +- * Also, our local installation has not provided an override. +- * Drop to non-x method. (E.g. RH6 has good defaults in "utmp.h".) +- */ +- if (!uname || !wname || (strlen(uname) == 0) || (strlen(wname) == 0)) { +- utmp_nox_update(u, claim); +- } else { +- utmpxname(uname); +- setutxent(); +- uxrc = pututxline(&ux); +- endutxent(); +- if (uxrc == NULL) { +- DEBUG(2,("utmp_update: pututxline() failed\n")); +- return; +- } +- updwtmpx(wname, &ux); ++ setutxent(); ++ urc = pututxline(u); ++ endutxent(); ++ if (urc == NULL) { ++ DEBUG(2,("utmp_update: pututxline() failed\n")); ++ return; + } +-#endif /* HAVE_UTMPX_H */ + } + + #if defined(HAVE_UT_UT_ID) + /**************************************************************************** + Encode the unique connection number into "ut_id". + ****************************************************************************/ +- +-static int ut_id_encode(int i, char *fourbyte) ++static void ut_id_encode(char *buf, int id, size_t buf_size) + { +- int nbase; +- const char *ut_id_encstr = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"; +- +-/* +- * 'ut_id_encstr' is the character set on which modulo arithmetic is done. +- * Example: digits would produce the base-10 numbers from '001'. +- */ +- nbase = strlen(ut_id_encstr); ++ const char ut_id_encstr[] = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"; + +- fourbyte[0] = ut_id_encstr[i % nbase]; +- i /= nbase; +- fourbyte[1] = ut_id_encstr[i % nbase]; +- i /= nbase; +- fourbyte[3] = ut_id_encstr[i % nbase]; +- i /= nbase; +- fourbyte[2] = ut_id_encstr[i % nbase]; +- i /= nbase; ++ int nbase = sizeof(ut_id_encstr) - 1; ++ /* ++ * 'ut_id_encstr' is the character set on which modulo arithmetic is done. ++ * Example: digits would produce the base-10 numbers from '001'. ++ */ + +- /* we do not care about overflows as i is a random number */ +- return 0; ++ for(int i = 0; i < buf_size; i++) { ++ buf[i] = ut_id_encstr[id % nbase]; ++ id /= nbase; ++ } + } + #endif /* defined(HAVE_UT_UT_ID) */ + +- + /* + fill a system utmp structure given all the info we can gather + */ +-static bool sys_utmp_fill(struct utmp *u, ++static bool sys_utmp_fill(STRUCT_UTMP *u, + const char *username, const char *hostname, + const char *id_str, int id_num) + { *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***