diff options
authortimur <timur@FreeBSD.org>2010-02-05 09:08:29 +0800
committertimur <timur@FreeBSD.org>2010-02-05 09:08:29 +0800
commit3a1c64c0f73ec9ab91d14af04a92e71e2607f465 (patch)
parentd93131aa6d3744e104d32e76096c2e0acf80cddd (diff)
New 3.4.x branch of the Samba server. New features, new bugs :)
26 files changed, 3850 insertions, 0 deletions
diff --git a/net/Makefile b/net/Makefile
index c38c3e55930c..1f0776ab8136 100644
--- a/net/Makefile
+++ b/net/Makefile
@@ -899,6 +899,7 @@
SUBDIR += samba3
SUBDIR += samba32
SUBDIR += samba33
+ SUBDIR += samba34
SUBDIR += samba4-devel
SUBDIR += samba4wins
SUBDIR += sambasentinel
diff --git a/net/samba34/Makefile b/net/samba34/Makefile
new file mode 100644
index 000000000000..bb2eaadbfe2f
--- /dev/null
+++ b/net/samba34/Makefile
@@ -0,0 +1,532 @@
+# New ports collection makefile for: samba34
+# Date created: 1 May 2009
+# Whom: timur@FreeBSD.org
+# $FreeBSD$
+MASTER_SITE_SUBDIR= . old-versions rc pre
+MAINTAINER?= timur@FreeBSD.org
+COMMENT?= A free SMB and CIFS client and server for UNIX
+CONFLICTS?= ja-samba-[23].* samba-[23].* sharity-light-1.* tdb-1.*
+SAMBA_DISTNAME= ${SAMBA_PORTNAME:S|34$||}-${SAMBA_VERSION:S|.p|pre|:S|.r|rc|:S|.t|tp|:S|.a|alpha|}
+# Additional patches from Sernet.de
+EXTRA_PATCHES= ${PATCHDIR}/sernet.patch
+IPATHS= -I${WRKDIR}/${DISTNAME}/source3/m4 -I${WRKDIR}/${DISTNAME}/m4 -I${WRKDIR}/${DISTNAME}/lib/replace -I${WRKDIR}/${DISTNAME}/source4
+USE_AUTOTOOLS= autoconf:262 autoheader:262
+# directories
+VARDIR?= /var
+SAMBA_CONFIG?= smb.conf
+RC_DIR= ${PREFIX}/etc/rc.d
+SAMBA_SWATDIR= ${PREFIX}/share/swat
+PKGCONFIGDIR?= ${PREFIX}/libdata/pkgconfig
+CONFIGURE_ARGS+= --exec-prefix="${PREFIX}" \
+ --with-fhs \
+ --sysconfdir="${SAMBA_CONFDIR}" \
+ --with-configdir="${SAMBA_CONFDIR}" \
+ --includedir="${SAMBA_INCLUDEDIR}" \
+ --datadir="${DATADIR}" \
+ --with-swatdir="${SAMBA_SWATDIR}" \
+ --libdir="${SAMBA_LIBDIR}" \
+ --with-modulesdir="${SAMBA_MODULEDIR}" \
+ --with-pammodulesdir="${SAMBA_LIBDIR}" \
+ --localstatedir="${VARDIR}" \
+ --with-piddir="${SAMBA_RUNDIR}" \
+ --with-lockdir="${SAMBA_LOCKDIR}" \
+ --with-privatedir="${SAMBA_PRIVATEDIR}" \
+ --with-logfilebase="${SAMBA_LOGDIR}"
+# Let process generate meaningful backtrace on a core dump
+LIB_DEPENDS+= execinfo.1:${PORTSDIR}/devel/libexecinfo
+# Always use external libtalloc
+LIB_DEPENDS+= talloc.2:${PORTSDIR}/devel/talloc
+CONFIGURE_ARGS+= --without-libtalloc --enable-external-libtalloc
+# These options are common for all (sub)ports
+CONFIGURE_ARGS+= --without-libtdb --with-libiconv="${LOCALBASE}"
+.if !defined(SAMBA_SUBPORT)
+OPTIONS= LDAP "With LDAP support" on \
+ ADS "With Active Directory support" off \
+ CUPS "With CUPS printing support" on \
+ WINBIND "With WinBIND support" on \
+ SWAT "With SWAT WebGUI" off \
+ ACL_SUPPORT "With ACL support" off \
+ AIO_SUPPORT "With Asyncronous IO support" off \
+ FAM_SUPPORT "With File Alteration Monitor" off \
+ SYSLOG "With Syslog support" off \
+ QUOTAS "With Disk quota support" off \
+ UTMP "With UTMP accounting support" off \
+ PAM_SMBPASS "With PAM authentication vs passdb backends" off \
+ DNSUPDATE "With dynamic DNS update(require ADS)" off \
+ DNSSD "With DNS service discovery support" off \
+ EXP_MODULES "With experimental modules" off \
+ POPT "With system-wide POPT library" on \
+ MAX_DEBUG "With maximum debugging" off \
+ SMBTORTURE "With smbtorture" off
+.include <bsd.port.options.mk>
+.if ${OSVERSION} >= 701000 && ${OSVERSION} < 702000
+IGNORE= databases/tdb crashes on FreeBSD 7.1. Please, consider upgrading to 7.2 or higher
+.if defined(SAMBA_SUBPORT)
+# Switch off all extra functionality
+CONFIGURE_ARGS+= --disable-cups --disable-fam --without-winbind \
+ --without-syslog --without-quotas --without-utmp \
+ --without-pam --without-pam_smbpass \
+ --without-aio-support
+# Dirty hack to work around usage of OPTIONS in slave ports
+. if exists(${.CURDIR}/Makefile.inc)
+. include "${.CURDIR}/Makefile.inc"
+. endif
+# Samba server itself
+USE_RC_SUBR= samba
+SUB_FILES= pkg-install pkg-message pkg-deinstall smb.conf.sample
+# We don't (yet) have clustered FS for cluster support
+CONFIGURE_ARGS+= --with-pam --with-readline=/usr \
+ --with-included-iniparser \
+ --with-sendfile-support \
+ --enable-largefile \
+ --without-cluster-support \
+ --without-libsmbclient \
+ --without-libaddns \
+ --without-libnetapi \
+ --without-libsmbsharemodes
+.if !defined(WITHOUT_LDAP)
+.if !defined(WITHOUT_CUPS)
+LIB_DEPENDS+= cups.2:${PORTSDIR}/print/cups-client
+CONFIGURE_ARGS+= --enable-cups --enable-iprint
+CONFIGURE_ARGS+= --disable-cups --disable-iprint
+SUB_LIST+= CUPS="@comment "
+.if defined(WITH_MAX_DEBUG)
+LIB_DEPENDS+= dmalloc.1:${PORTSDIR}/devel/dmalloc
+CONFIGURE_ARGS+= --enable-debug \
+ --enable-socket-wrapper --enable-nss-wrapper \
+ --enable-developer --enable-krb5developer \
+ --enable-dmalloc --with-profiling-data
+CONFIGURE_ARGS+= --with-smbtorture4-path=${WRKDIR}/${DISTNAME}/source4/torture
+CONFIGURE_ARGS+= --disable-debug \
+ --disable-socket-wrapper --disable-nss-wrapper \
+ --disable-developer --disable-krb5developer \
+ --disable-dmalloc --without-profiling-data
+.if defined(WITH_SYSLOG)
+CONFIGURE_ARGS+= --with-syslog
+CONFIGURE_ARGS+= --without-syslog
+.if defined(WITH_QUOTAS)
+CONFIGURE_ARGS+= --with-quotas
+CONFIGURE_ARGS+= --without-quotas
+.if !defined(WITHOUT_UTMP)
+CONFIGURE_ARGS+= --with-utmp
+CONFIGURE_ARGS+= --without-utmp
+.if !defined(WITHOUT_WINBIND)
+CONFIGURE_ARGS+= --with-winbind
+CONFIGURE_ARGS+= --without-winbind
+PLIST_SUB+= WINBIND="@comment "
+SUB_LIST+= WINBIND="@comment "
+.if !defined(WITHOUT_SWAT)
+CONFIGURE_ARGS+= --enable-swat
+CONFIGURE_ARGS+= --disable-swat
+PLIST_SUB+= SWAT="@comment "
+# Add some shared modules
+.if defined(WITH_EXP_MODULES)
+. if !defined(WANT_EXP_MODULES) || empty(WANT_EXP_MODULES)
+WANT_EXP_MODULES= idmap_tdb2 idmap_ad idmap_adex idmap_hash idmap_rid \
+ charset_weird
+. if !defined(WITH_MAX_DEBUG)
+WANT_EXP_MODULES+= rpc_echo
+. endif
+WANT_EXP_MODULES+= vfs_cacheprime vfs_catia vfs_commit vfs_dirsort \
+ vfs_readahead vfs_streams_depot vfs_syncops
+. endif
+.if defined(WITH_FAM_SUPPORT)
+USE_FAM= yes
+WANT_EXP_MODULES+= vfs_notify_fam
+CONFIGURE_ARGS+= --enable-fam
+CONFIGURE_ARGS+= --disable-fam
+.if defined(WITH_ACL_SUPPORT)
+CONFIGURE_ARGS+= --with-acl-support
+CONFIGURE_ARGS+= --without-acl-support
+.if defined(WITH_AIO_SUPPORT)
+.if ${OSVERSION} < 700055
+IGNORE= an AIO support requires 7.0-RELEASE or later. Disable AIO support
+CONFIGURE_ARGS+= --with-aio-support
+CONFIGURE_ARGS+= --without-aio-support
+.if defined(WITH_PAM_SMBPASS)
+CONFIGURE_ARGS+= --with-pam_smbpass
+CONFIGURE_ARGS+= --without-pam_smbpass
+PLIST_SUB+= SMBPASS="@comment "
+.if defined(WITH_DNSUPDATE)
+. if !defined(WITH_ADS)
+IGNORE= dynamic DNS updates require ADS support. Disable DNSUPDATE support
+. endif
+LIB_DEPENDS+= uuid.1:${PORTSDIR}/misc/e2fsprogs-libuuid
+CONFIGURE_ARGS+= --with-dnsupdate
+CONFIGURE_ARGS+= --without-dnsupdate
+.if defined(WITH_DNSSD)
+CPPFLAGS+= `${PKG_CONFIG} --cflags avahi-compat-libdns_sd`
+DNSSD_LIBS= `${PKG_CONFIG} --libs avahi-compat-libdns_sd`
+LIB_DEPENDS+= dns_sd.1:${PORTSDIR}/net/avahi-libdns
+CONFIGURE_ARGS+= --enable-dnssd
+CONFIGURE_ARGS+= --disable-dnssd
+.if !defined(WITHOUT_POPT)
+LIB_DEPENDS+= popt.0:${PORTSDIR}/devel/popt
+CONFIGURE_ARGS+= --without-included-popt
+CONFIGURE_ARGS+= --with-included-popt
+.if defined(WITH_SMBTORTURE)
+### Common part for port and it's subports
+.if defined(WITH_ADS)
+CONFIGURE_ARGS+= --with-ads
+CONFIGURE_ARGS+= --without-ads
+# Kerberos5 is necessary for ADS
+.if defined(SAMBA_WANT_KRB5)
+.if defined(KRB5_HOME) && exists(${KRB5_HOME}/lib/libgssapi_krb5.so)
+CONFIGURE_ARGS+= --with-krb5="${KRB5_HOME}"
+.elif defined(HEIMDAL_HOME) && exists(${HEIMDAL_HOME}/lib/libgssapi.so)
+.elif exists(/usr/lib/libkrb5.so) && exists(/usr/bin/krb5-config)
+CONFIGURE_ARGS+= --with-krb5="/usr"
+LIB_DEPENDS+= krb5:${PORTSDIR}/security/heimdal
+CONFIGURE_ARGS+= --with-krb5="${LOCALBASE}"
+CONFIGURE_ARGS+= --without-krb5
+.if defined(SAMBA_WANT_LDAP)
+CONFIGURE_ARGS+= --with-ldap
+CONFIGURE_ARGS+= --without-ldap
+PKG_CONFIG?= ${LOCALBASE}/bin/pkg-config
+BUILD_DEPENDS+= pkg-config:${PORTSDIR}/devel/pkg-config
+.if defined(WANT_EXP_MODULES) && !empty(WANT_EXP_MODULES)
+CONFIGURE_ARGS+= --with-shared-modules="${WANT_EXP_MODULES:Q:C/(\\\\ )+/,/g}"
+.include <bsd.port.pre.mk>
+ ${WRKSRC}/Makefile.in
+### end of common part
+.if !defined(SAMBA_SUBPORT)
+# Samba server only
+MAN1= findsmb.1 \
+ ldbadd.1 ldbdel.1 ldbedit.1 ldbmodify.1 ldbrename.1 ldbsearch.1 \
+ log2pcap.1 nmblookup.1 ntlm_auth.1 profiles.1 rpcclient.1 \
+ sharesec.1 smbcacls.1 smbclient.1 smbcontrol.1 smbcquotas.1 \
+ smbget.1 smbstatus.1 smbtar.1 smbtree.1 testparm.1 vfstest.1
+MAN3= ldb.3
+MAN5= lmhosts.5 smb.conf.5 smbgetrc.5 smbpasswd.5
+MAN7= samba.7
+MAN8= eventlogadm.8 net.8 nmbd.8 pdbedit.8 smbd.8 smbpasswd.8 \
+ smbspool.8 tdbbackup.8 tdbdump.8 tdbtool.8 \
+ idmap_nss.8 idmap_tdb.8 idmap_tdb2.8 \
+ vfs_acl_tdb.8 vfs_acl_xattr.8 \
+ vfs_audit.8 vfs_cap.8 vfs_default_quota.8 vfs_extd_audit.8 \
+ vfs_fake_perms.8 vfs_full_audit.8 vfs_netatalk.8 \
+ vfs_preopen.8 \
+ vfs_readahead.8 vfs_readonly.8 vfs_recycle.8 vfs_shadow_copy.8 \
+ vfs_shadow_copy2.8 vfs_smb_traffic_analyzer.8 \
+ vfs_streams_xattr.8 vfs_xattr_tdb.8
+.if !defined(WITHOUT_WINBIND)
+MAN1+= wbinfo.1
+MAN7+= winbind_krb5_locator.7
+MAN8+= pam_winbind.8 winbindd.8
+.if !defined(WITHOUT_SWAT)
+MAN8+= swat.8
+.if defined(WITH_FAM_SUPPORT)
+MAN8+= vfs_notify_fam.8
+.if defined(SAMBA_WANT_LDAP)
+MAN8+= idmap_ldap.8
+.if !empty(WANT_EXP_MODULES:Midmap_ad)
+MAN8+= idmap_ad.8
+.if !empty(WANT_EXP_MODULES:Midmap_adex)
+MAN8+= idmap_adex.8
+.if !empty(WANT_EXP_MODULES:Midmap_hash)
+MAN8+= idmap_hash.8
+.if !empty(WANT_EXP_MODULES:Midmap_rid)
+MAN8+= idmap_rid.8
+.if !empty(WANT_EXP_MODULES:Mvfs_cacheprime)
+MAN8+= vfs_cacheprime.8
+.if !empty(WANT_EXP_MODULES:Mvfs_catia)
+MAN8+= vfs_catia.8
+.if !empty(WANT_EXP_MODULES:Mvfs_commit)
+MAN8+= vfs_commit.8
+.if !empty(WANT_EXP_MODULES:Mvfs_dirsort)
+MAN8+= vfs_dirsort.8
+.if !empty(WANT_EXP_MODULES:Mvfs_streams_depot)
+MAN8+= vfs_streams_depot.8
+.if defined(WITH_SMBTORTURE)
+ALL_TARGET+= smbtorture
+# What will be installed
+INSTALL_TARGET= installservers installbin installscripts installdat \
+ installmodules installlibs
+.if !defined(WITHOUT_SWAT)
+.if defined(OPTIONS)
+ @${ECHO_MSG} "===> -------------------------------------------"
+ @${ECHO_MSG} "===> Run 'make config' to (re)configure the port"
+ @${ECHO_MSG} "===> -------------------------------------------"
+ @${FIND} ${WRKDIR}/${DISTNAME} -type d | ${XARGS} ${CHMOD} u+w,a+rx
+ @${FIND} ${WRKDIR}/${DISTNAME} -type f | ${XARGS} ${CHMOD} u+w,a+r
+# It's in another port
+ @${RM} -f ${WRKDIR}/${DISTNAME}/docs/htmldocs/manpages/libsmbclient.7.html
+ @${RM} -rf ${WRKDIR}/${DISTNAME}/examples/libsmbclient
+# This would speedup compilation
+.if !defined(WITHOUT_PCH)
+ cd ${WRKSRC} && ${MAKE} pch
+ -@${FIND} "${SAMBA_MODULEDIR}" -type f -o -type l 2>/dev/null | ${SORT} | ${SED} -E 's|^${PREFIX}/?||;' > ${WRKDIR}/.PLIST.exclude
+ @${CAT} ${PKGDIR}/pkg-plist > ${PLIST}
+.if !defined(WITHOUT_SWAT)
+ @${CAT} ${PKGDIR}/pkg-plist.swat >> ${PLIST}
+.for sect in 1 3 5 7 8
+ @${MKDIR} ${MAN${sect}PREFIX}/man/man${sect}
+. for man in ${MAN${sect}}
+ @${INSTALL_MAN} "${WRKDIR}/${DISTNAME}/docs/manpages/${man}" "${MAN${sect}PREFIX}/man/man${sect}"
+. endfor
+# Put examples in place
+ @${CP} -Rp ${WRKDIR}/${DISTNAME}/examples/* "${EXAMPLESDIR}"
+.if defined(WITH_PAM_SMBPASS)
+ @${MKDIR} "${EXAMPLESDIR}/pam_smbpass"
+ @${CP} -Rp ${WRKSRC}/pam_smbpass/samples/* "${EXAMPLESDIR}/pam_smbpass"
+ ${INSTALL_DATA} "${WRKDIR}/smb.conf.sample" "${EXAMPLESDIR}/${SAMBA_CONFIG}.sample"
+ ${INSTALL_SCRIPT} "${WRKSRC}/script/mksmbpasswd.sh" "${PREFIX}/bin/make_smbpasswd"
+# Winbind
+.if !defined(WITHOUT_WINBIND)
+ ${INSTALL_PROGRAM} "${WRKDIR}/${DISTNAME}/nsswitch/nss_winbind.so" "${SAMBA_LIBDIR}/nss_winbind.so.1"
+ ${INSTALL_PROGRAM} "${WRKDIR}/${DISTNAME}/nsswitch/nss_wins.so" "${SAMBA_LIBDIR}/nss_wins.so.1"
+ ${INSTALL_PROGRAM} "${WRKSRC}/bin/pam_winbind.so" "${SAMBA_LIBDIR}"
+.if defined(WITH_PAM_SMBPASS)
+ ${INSTALL_PROGRAM} "${WRKSRC}/bin/pam_smbpass.so" "${SAMBA_LIBDIR}"
+# smbtorture
+.if defined(WITH_SMBTORTURE)
+ ${INSTALL_PROGRAM} "${WRKSRC}/bin/smbtorture" "${PREFIX}/bin"
+# Lib
+ @${FIND} "${SAMBA_MODULEDIR}" -type f -o -type l | ${SED} -E 's|^${PREFIX}/?||;' | ${EGREP} -F -v -f ${WRKDIR}/.PLIST.exclude | ${SORT} >> ${TMPPLIST}
+ @for d in `${FIND} "${SAMBA_MODULEDIR}" -type d | ${SORT} -r`; do \
+ ${ECHO_CMD} "@unexec ${RMDIR} \"$$d\" 2>/dev/null || true" >> ${TMPPLIST}; \
+ done
+# Documentation
+.if !defined(NOPORTDOCS)
+ @${CP} -Rp "${WRKDIR}/${DISTNAME}/docs/registry" "${DOCSDIR}"
+. for f in Samba3-ByExample.pdf Samba3-HOWTO.pdf Samba3-Developers-Guide.pdf
+ @${INSTALL_DATA} "${WRKDIR}/${DISTNAME}/docs/${f}" "${DOCSDIR}"
+. endfor
+. for f in README COPYING MAINTAINERS PFIF.txt Manifest Roadmap \
+ WHATSNEW.txt docs/THANKS docs/history
+. endfor
+# Run post-install script
+.if defined(WITH_MAX_DEBUG)
+ (cd ${WRKSRC} && ${GMAKE} test_nss_modules test_pam_modules && ${GMAKE} test)
+.include <bsd.port.post.mk>
diff --git a/net/samba34/distinfo b/net/samba34/distinfo
new file mode 100644
index 000000000000..7b24ba8af2dd
--- /dev/null
+++ b/net/samba34/distinfo
@@ -0,0 +1,3 @@
+MD5 (samba-3.4.5.tar.gz) = 8e8a484782f2b7716b6c6bd9a7d2bf71
+SHA256 (samba-3.4.5.tar.gz) = 7e4ead58a7c1c0dd1811d6f1df22c6ecf7a1dabf0e46ea7f20a6da9cd457d1ca
+SIZE (samba-3.4.5.tar.gz) = 35377777
diff --git a/net/samba34/files/README.FreeBSD b/net/samba34/files/README.FreeBSD
new file mode 100644
index 000000000000..6070b61c81b7
--- /dev/null
+++ b/net/samba34/files/README.FreeBSD
@@ -0,0 +1,32 @@
+If you want to run this port:
+1. Copy /usr/local/etc/smb.conf.default to /usr/local/etc/smb.conf and edit
+ it.
+2. Put string 'samba_enable="YES"' into your /etc/rc.conf.
+3. Run '/usr/local/etc/rc.d/samba start' or reboot.
+This port doesn't create 'smbpasswd' file automatically anymore. Users
+are encouraged to use 'tdbsam' backend instead:
+ [global]
+ passdb backend = tdbsam, smbpasswd
+You can use pdbedit to migrate accounts from 'smbpasswd' to 'tdbsam',
+see the Samba3-HOWTO-Collection.
+You still can create 'smbpasswd' file with the supplied 'make_smbpasswd'
+ cat /etc/passwd | grep -v "^#" | make_smbpasswd > smbpasswd
+ chmod 600 smbpasswd
+But the usage of it is deprecated.
+See document files in /usr/local/share/doc/samba and example config files in
+/usr/local/share/examples/samba for details.
+This port doesn't come anymore with the IDEALX Samba LDAP management tools.
+They are a separate port now, net/smbldap-tools. Please, install it, if you
+are going to use Samba LDAP back end.
+FreeBSD Samba3 port maintainer: Timur I. Bakeyev <timur@FreeBSD.org>
diff --git a/net/samba34/files/patch-lib__tevent__tevent_signal.c b/net/samba34/files/patch-lib__tevent__tevent_signal.c
new file mode 100644
index 000000000000..6a31808f9eef
--- /dev/null
+++ b/net/samba34/files/patch-lib__tevent__tevent_signal.c
@@ -0,0 +1,11 @@
+--- ./lib/tevent/tevent_signal.c.orig 2010-01-22 02:45:28.000000000 +0100
++++ ./lib/tevent/tevent_signal.c 2010-01-22 02:45:54.000000000 +0100
+@@ -30,7 +30,7 @@
+ #include "tevent_internal.h"
+ #include "tevent_util.h"
+-#define NUM_SIGNALS 64
+ /* maximum number of SA_SIGINFO signals to hold in the queue.
+ NB. This *MUST* be a power of 2, in order for the ring buffer
diff --git a/net/samba34/files/patch-nsswitch__pam_winbind.c b/net/samba34/files/patch-nsswitch__pam_winbind.c
new file mode 100644
index 000000000000..5b66ad4ff516
--- /dev/null
+++ b/net/samba34/files/patch-nsswitch__pam_winbind.c
@@ -0,0 +1,89 @@
+--- ./nsswitch/pam_winbind.c.orig 2010-01-18 12:38:09.000000000 +0100
++++ ./nsswitch/pam_winbind.c 2010-01-22 02:42:50.000000000 +0100
+@@ -161,7 +161,6 @@
+ }
+ #endif
+ /*
+ * Work around the pam API that has functions with void ** as parameters
+ * These lead to strict aliasing warnings with gcc.
+@@ -171,14 +170,20 @@
+ const void *_item)
+ {
+ const void **item = (const void **)_item;
+- return pam_get_item(pamh, item_type, item);
++ return pam_get_item((pam_handle_t *)pamh, item_type, item);
+ }
+ static int _pam_get_data(const pam_handle_t *pamh,
+ const char *module_data_name,
+ const void *_data)
+ {
+ const void **data = (const void **)_data;
+- return pam_get_data(pamh, module_data_name, data);
++ return pam_get_data((pam_handle_t *)pamh, module_data_name, data);
++ void **data = (void **)_data;
++ return pam_get_data((pam_handle_t *)pamh, module_data_name, data);
+ }
+ /* some syslogging */
+@@ -309,7 +314,7 @@
+ if (item_type != 0) {
+ pam_get_item(ctx->pamh, item_type, &data);
+ } else {
+- pam_get_data(ctx->pamh, key, &data);
++ _pam_get_data(ctx->pamh, key, data);
+ }
+ if (data != NULL) {
+ const char *type = (item_type != 0) ? "ITEM" : "DATA";
+@@ -1321,12 +1326,12 @@
+ static bool _pam_check_remark_auth_err(struct pwb_context *ctx,
+ const struct wbcAuthErrorInfo *e,
+ const char *nt_status_string,
+- int *pam_error)
++ int *pam_err)
+ {
+ const char *ntstatus = NULL;
+ const char *error_string = NULL;
+- if (!e || !pam_error) {
++ if (!e || !pam_err) {
+ return false;
+ }
+@@ -1340,18 +1345,18 @@
+ error_string = _get_ntstatus_error_string(nt_status_string);
+ if (error_string) {
+ _make_remark(ctx, PAM_ERROR_MSG, error_string);
+- *pam_error = e->pam_error;
++ *pam_err = e->pam_error;
+ return true;
+ }
+ if (e->display_string) {
+ _make_remark(ctx, PAM_ERROR_MSG, e->display_string);
+- *pam_error = e->pam_error;
++ *pam_err = e->pam_error;
+ return true;
+ }
+ _make_remark(ctx, PAM_ERROR_MSG, nt_status_string);
+- *pam_error = e->pam_error;
++ *pam_err = e->pam_error;
+ return true;
+ }
+@@ -2729,8 +2734,7 @@
+ goto out;
+ case 0:
+- pam_get_data(pamh, PAM_WINBIND_NEW_AUTHTOK_REQD,
+- (const void **)&tmp);
++ _pam_get_data(pamh, PAM_WINBIND_NEW_AUTHTOK_REQD, tmp);
+ if (tmp != NULL) {
+ ret = atoi((const char *)tmp);
+ switch (ret) {
diff --git a/net/samba34/files/patch-nsswitch__wins_freebsd.c b/net/samba34/files/patch-nsswitch__wins_freebsd.c
new file mode 100644
index 000000000000..956fc788cd39
--- /dev/null
+++ b/net/samba34/files/patch-nsswitch__wins_freebsd.c
@@ -0,0 +1,111 @@
+--- ./nsswitch/wins_freebsd.c.orig 2010-01-22 02:42:50.000000000 +0100
++++ ./nsswitch/wins_freebsd.c 2010-01-22 02:42:50.000000000 +0100
+@@ -0,0 +1,108 @@
++ Unix SMB/CIFS implementation.
++ Copyright (C) Timur I. Bakeyev 2007
++ This library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Library General Public
++ License as published by the Free Software Foundation; either
++ version 2 of the License, or (at your option) any later version.
++ This library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ Library General Public License for more details.
++ You should have received a copy of the GNU Library General Public
++ License along with this library; if not, write to the
++ Free Software Foundation, Inc., 59 Temple Place - Suite 330,
++ Boston, MA 02111-1307, USA.
++#include "winbind_client.h"
++NSS_STATUS _nss_wins_gethostbyname_r(const char *hostname, struct hostent *he,
++ char *buffer, size_t buflen, int *h_errnop);
++NSS_STATUS _nss_wins_gethostbyname2_r(const char *name, int af, struct hostent *he,
++ char *buffer, size_t buflen, int *h_errnop);
++static ns_mtab methods[] =
++ { NSDB_HOSTS, "getaddrinfo", NULL, NULL },
++ { NSDB_HOSTS, "ghbyname", NULL, NULL },
++ { NSDB_HOSTS, "ghbyaddr", NULL, NULL },
++ { NSDB_HOSTS, "gethostbyaddr_r", __nss_wins_freebsd_gethostbyname_r, _nss_wins_gethostbyname_r },
++ { NSDB_HOSTS, "gethostbyname2_r", __nss_wins_freebsd_gethostbyname2_r, _nss_wins_gethostbyname2_r },
++ { NSDB_HOSTS, "getnetbyname_r", NULL, NULL },
++ { NSDB_HOSTS, "getnetbyaddr_r", NULL, NULL },
++ { NSDB_HOSTS, "gethostbyname", NULL, NULL },
++ { NSDB_HOSTS, "gethostbyaddr", NULL, NULL },
++ { NSDB_HOSTS, "getnetbyname", NULL, NULL },
++ { NSDB_HOSTS, "getnetbyaddr", NULL, NULL }
++__nss_wins_freebsd_gethostbyname_r(void *retval, void *mdata, va_list ap)
++ int (*fn)(const char *, struct hostent *, char *, size_t, int *);
++ const char *hostname;
++ struct hostent *he;
++ char *buffer;
++ size_t buflen;
++ int *h_errnop;
++ enum nss_status status;
++ fn = mdata;
++ hostname = va_arg(ap, const char *);
++ he = va_arg(ap, struct hostent *);
++ buffer = va_arg(ap, char *);
++ buflen = va_arg(ap, size_t);
++ h_errnop = va_arg(ap, int *);
++ status = fn(hostname, he, buffer, buflen, h_errnop);
++ status = __nss_compat_result(status, *h_errnop);
++ if (status == NS_SUCCESS)
++ *(struct hostent **)retval = he;
++ return (status);
++__nss_wins_freebsd_gethostbyname2_r(void *retval, void *mdata, va_list ap)
++ int (*fn)(const char *, int, struct hostent *, char *, size_t, int *);
++ const char *hostname;
++ int af;
++ struct hostent *he;
++ char *buffer;
++ size_t buflen;
++ int *h_errnop;
++ enum nss_status status;
++ fn = mdata;
++ hostname = va_arg(ap, const char *);
++ af = va_arg(ap, int);
++ he = va_arg(ap, struct hostent *);
++ buffer = va_arg(ap, char *);
++ buflen = va_arg(ap, size_t);
++ h_errnop = va_arg(ap, int *);
++ status = fn(hostname, af, he, buffer, buflen, h_errnop);
++ status = __nss_compat_result(status, *h_errnop);
++ if (status == NS_SUCCESS)
++ *(struct hostent **)retval = he;
++ return (status);
++ns_mtab *
++nss_module_register(const char *source __unused, unsigned int *mtabsize,
++ nss_module_unregister_fn *unreg)
++ *mtabsize = sizeof(methods) / sizeof(methods[0]);
++ *unreg = NULL;
++ return (methods);
diff --git a/net/samba34/files/patch-source3__Makefile.in b/net/samba34/files/patch-source3__Makefile.in
new file mode 100644
index 000000000000..4a67d137a0f5
--- /dev/null
+++ b/net/samba34/files/patch-source3__Makefile.in
@@ -0,0 +1,56 @@
+--- ./source3/Makefile.in.orig 2010-01-18 12:38:09.000000000 +0100
++++ ./source3/Makefile.in 2010-01-22 02:42:51.000000000 +0100
+@@ -851,6 +851,7 @@
+ PAM_WINBIND_OBJ = ../nsswitch/pam_winbind.o localedir.o $(WBCOMMON_OBJ) \
+ libsmb/libsmb_cache.o \
+ libsmb/libsmb_compat.o \
+@@ -1028,7 +1029,7 @@
+-TALLOCTORT_OBJ = @tallocdir@/testsuite.o @tallocdir@/testsuite_main.o \
++TALLOCTORT_OBJ = ../lib/talloc/testsuite.o ../lib/talloc/testsuite_main.o \
+ REPLACETORT_OBJ = @libreplacedir@/test/testsuite.o \
+@@ -1281,6 +1282,7 @@
+ .SUFFIXES: .c .o .lo
++.SUFFIXES: .h .h.gch
+ .PHONY: showflags SHOWFLAGS
+@@ -1342,6 +1344,9 @@
+ $(COMPILE_CC) >/dev/null 2>&1
+ @BROKEN_CC@ -mv `echo $@ | sed 's%^.*/%%g'` $@
++ @echo Compiling $*.h
+ PRECOMPILED_HEADER = $(builddir)/include/includes.h.gch
+ # this adds support for precompiled headers. To use it, install a snapshot
+@@ -2705,7 +2710,8 @@
+ @echo "Linking shared library $@"
+ @$(SHLD) $(LDSHFLAGS) -o $@ $(PAM_SMBPASS_OBJ) -lpam $(DYNEXP) \
++ @SONAMEFLAG@`basename $@`
+ @echo Linking $@
+@@ -3028,7 +3034,7 @@
+ @$(LIB_PATH_VAR)=./bin && \
+ export $(LIB_PATH_VAR) && \
+ for module in $(PAM_MODULES); do \
+- ./script/tests/dlopen.sh -lpam -ldl bin/$${module}.@SHLIBEXT@ \
++ ./script/tests/dlopen.sh -lpam bin/$${module}.@SHLIBEXT@ \
+ || exit 1; \
+ done
diff --git a/net/samba34/files/patch-source3__configure.in b/net/samba34/files/patch-source3__configure.in
new file mode 100644
index 000000000000..fcd1013fed13
--- /dev/null
+++ b/net/samba34/files/patch-source3__configure.in
@@ -0,0 +1,214 @@
+--- ./source3/configure.in.orig 2010-01-18 12:38:09.000000000 +0100
++++ ./source3/configure.in 2010-01-22 02:42:50.000000000 +0100
+@@ -210,16 +210,6 @@
+ fi
+ fi
+-AC_ARG_ENABLE(dmalloc, [AS_HELP_STRING([--enable-dmalloc], [Enable heap debugging [default=no]])])
+-if test "x$enable_dmalloc" = xyes
+- AC_DEFINE(ENABLE_DMALLOC, 1, [Define to turn on dmalloc debugging])
+- [Define to check invariants around some common functions])
+- LIBS="$LIBS -ldmalloc"
+ #################################################
+ # check for a shared memory profiling support
+ AC_MSG_CHECKING(whether to use profiling)
+@@ -1747,9 +1737,6 @@
+ AC_CACHE_CHECK([whether building shared libraries actually works],
+ [ac_cv_shlib_works],[
+ # try building a trivial shared library
+@@ -3959,10 +3946,10 @@
+ ################################################################
+ # first test for Active Directory support being enabled
+- #if test x"$with_ads_support" = x"no"; then
+- # AC_MSG_ERROR(Active Directory support is required to enable DNS Update support)
+- # with_dnsupdate_support=no
+- #fi
++ if test x"$with_ads_support" = x"no"; then
++ AC_MSG_ERROR(Active Directory support is required to enable DNS Update support)
++ with_dnsupdate_support=no
++ fi
+ ##################################################################
+ # then test for uuid.h (necessary to generate unique DNS keynames
+ # (uuid.h is required for this test)
+@@ -4179,15 +4166,51 @@
+ x"$ac_cv_header_pam_pam_modules_h" = x"no" ; then
+ if test x"${try_pam}" = x"yes";then
+ AC_MSG_ERROR([--with-pam=yes but pam_modules.h not found])
+- fi
++ fi
+ create_pam_modules=no
+- fi
++ fi
+ if test x"$use_pam" = x"yes"; then
+- AC_DEFINE(WITH_PAM,1,[Whether to include PAM support])
++ AC_DEFINE(WITH_PAM,1,[Whether to include PAM support])
+ AC_DEFINE(HAVE_LIBPAM,1,[Whether libpam is available])
+- with_pam_for_crypt=yes
++ with_pam_for_crypt=yes
++ [int pam_get_data(const pam_handle_t *pamh, const char *module_data_name, const void **data)],
++ [return 0;],
++ [AC_DEFINE(PAM_GET_DATA_ARG3_CONST_VOID_PP, 1, [Whether pam_get_data 3 argument is a const pointer to pointer])],
++ [
++ dnl Old OpenPAM declaration
++ [int pam_get_data(pam_handle_t *pamh, const char *module_data_name, void **data)],
++ [return 0;],
++ [AC_DEFINE(PAM_GET_DATA_ARG3_VOID_PP, 1, [Whether pam_get_data 3 argument is a void pointer to pointer])],
++ [], [
++ #include <sys/types.h>
++ #include <security/pam_appl.h>
++ #endif
++ #include <pam/pam_appl.h>
++ #endif
++ #include <security/pam_modules.h>
++ #endif
++ ]
++ )],[
++ #include <sys/types.h>
++ #include <security/pam_appl.h>
++ #endif
++ #include <pam/pam_appl.h>
++ #endif
++ #include <security/pam_modules.h>
++ #endif
++ ]
++ )
+ if test x"$create_pam_modules" = x"yes"; then
+ AC_DEFINE(WITH_PAM_MODULES,1,[Whether to include PAM MODULES support])
+@@ -4197,7 +4220,7 @@
+ AC_CHECK_HEADERS(pam/pam_ext.h pam/_pam_macros.h)
+ AC_CHECK_FUNC_EXT(pam_vsyslog,$PAM_LIBS)
+ else
+- AC_MSG_WARN([PAM support detected but PAM MODULES support is missing])
++ AC_MSG_WARN([PAM support detected but PAM MODULES support is missing])
+ fi
+ fi
+ AC_MSG_CHECKING(whether to use PAM support)
+@@ -5794,6 +5817,7 @@
+ WINBIND_NSS_EXTRA_OBJS="../nsswitch/winbind_nss_freebsd.o \
+ ../nsswitch/winbind_nss_linux.o"
++ WINBIND_WINS_NSS_EXTRA_OBJS="nsswitch/wins_freebsd.o"
+ WINBIND_NSS="../nsswitch/nss_winbind.$SHLIBEXT"
+ WINBIND_WINS_NSS="../nsswitch/nss_wins.$SHLIBEXT"
+ ;;
+@@ -5886,17 +5910,10 @@
+ AC_DEFINE(WITH_WINBIND,1,[Whether to link to wbclient])
+ else
+- if test x"$enable_developer" = x"yes" -a x"$LINK_LIBWBCLIENT" = x"STATIC" ; then
+- else
+- fi
+ if test $BLDSHARED = true -a x"$HAVE_WINBIND" = x"yes" -a x"$BUILD_LIBWBCLIENT_SHARED" = x"yes"; then
+ ## Only worry about libwbclient if we have shared
+ # library support
+@@ -5918,26 +5935,34 @@
+- if test $BLDSHARED = true -a x"$create_pam_modules" = x"yes"; then
++ if test $BLDSHARED = true; then
++ if test x"$create_pam_modules" = x"yes"; then
+ PAM_MODULES="$PAM_MODULES pam_winbind"
+ INSTALL_PAM_MODULES="installpammodules"
+ UNINSTALL_PAM_MODULES="uninstallpammodules"
++ fi
+ fi
+ else
+ AC_MSG_RESULT(no$winbind_no_reason)
+ fi
+-AC_CHECK_LIB(pthread, pthread_mutex_lock, [WINBIND_NSS_PTHREAD="-lpthread"
++AC_CHECK_LIB(pthread, pthread_mutex_lock, [WINBIND_NSS_PTHREAD="${PTHREAD_LIBS}"
+ AC_DEFINE(HAVE_PTHREAD, 1, [whether pthread exists])])
+@@ -6129,13 +6154,21 @@
+ # Start
+ AC_CHECK_FUNC(getmntent)
++AC_CHECK_HEADERS(sys/statfs.h sys/mount.h)
+ AC_MSG_CHECKING([vfs_fileid: checking for statfs() and struct statfs.f_fsid)])
+ AC_CACHE_VAL(vfsfileid_cv_statfs,[
+ #include <sys/types.h>
++ #ifdef HAVE_SYS_PARAM_H
++ #include <sys/param.h>
++ #endif
++ #ifdef HAVE_SYS_MOUNT_H
++ #include <sys/mount.h>
++ #endif
+ #include <sys/statfs.h>
++ #endif
+ int main(void)
+ {
+ struct statfs fsd;
+@@ -6447,6 +6480,16 @@
+ CFLAGS="-I../lib/zlib $CFLAGS"
+ ])
++AC_ARG_ENABLE(dmalloc, [AS_HELP_STRING([--enable-dmalloc], [Enable heap debugging [default=no]])])
++if test "x$enable_dmalloc" = xyes
++ AC_DEFINE(ENABLE_DMALLOC, 1, [Define to turn on dmalloc debugging])
++ [Define to check invariants around some common functions])
++ LIBS="$LIBS -ldmalloc"
+ dnl Remove -L/usr/lib/? from LDFLAGS and LIBS
diff --git a/net/samba34/files/patch-source3__include__includes.h b/net/samba34/files/patch-source3__include__includes.h
new file mode 100644
index 000000000000..d63e88c69868
--- /dev/null
+++ b/net/samba34/files/patch-source3__include__includes.h
@@ -0,0 +1,22 @@
+--- ./source3/include/includes.h.orig 2010-01-18 12:38:09.000000000 +0100
++++ ./source3/include/includes.h 2010-01-22 02:42:50.000000000 +0100
+@@ -222,6 +222,10 @@
+ #include <sys/uio.h>
+ #endif
++#include <sys/sysctl.h>
+ #include <langinfo.h>
+ #endif
+@@ -756,7 +760,7 @@
+ #endif
+ #ifndef SIGRTMIN
+-#define SIGRTMIN 32
+ #endif
+ #ifndef MAP_FILE
diff --git a/net/samba34/files/patch-source3__lib__fault.c b/net/samba34/files/patch-source3__lib__fault.c
new file mode 100644
index 000000000000..a48207eb2376
--- /dev/null
+++ b/net/samba34/files/patch-source3__lib__fault.c
@@ -0,0 +1,164 @@
+--- ./source3/lib/fault.c.orig 2010-01-18 12:38:09.000000000 +0100
++++ ./source3/lib/fault.c 2010-01-22 02:42:50.000000000 +0100
+@@ -25,6 +25,10 @@
+ #endif
++#include <sys/sysctl.h>
+ #include <sys/prctl.h>
+ #endif
+@@ -143,52 +147,93 @@
+ * before dump_core() calls abort.
+ */
+ #if (defined(FREEBSD) && defined(HAVE_SYSCTLBYNAME))
+-static char *get_freebsd_corepath(void)
++ * Expand the name described in corefilename, using name, uid, and pid.
++ * corefilename is a printf-like string, with three format specifiers:
++ * %N name of process ("name")
++ * %P process id (pid)
++ * %U user id (uid)
++ * For example, "%N.core" is the default; they can be disabled completely
++ * by using "/dev/null", or all core files can be stored in "/cores/%U/%N-%P".
++ */
++static char *get_freebsd_corepath(const char *name)
+ {
+- char *tmp_corepath = NULL;
+- char *end = NULL;
+- size_t len = 128;
++ TALLOC_CTX *tmp_ctx;
++ char format[MAXPATHLEN];
++ char *freebsd_corepath = NULL, *buffer = NULL;
++ char *start, *end;
++ size_t len;
+ int ret;
+- /* Loop with increasing sizes so we don't allocate too much. */
+- do {
+- if (len > 1024) {
+- goto err_out;
+- }
+- tmp_corepath = (char *)talloc_realloc(NULL, tmp_corepath,
+- char, len);
+- if (!tmp_corepath) {
+- return NULL;
+- }
+- ret = sysctlbyname("kern.corefile", tmp_corepath, &len, NULL,
+- 0);
+- if (ret == -1) {
+- if (errno != ENOMEM) {
+- DEBUG(0, ("sysctlbyname failed getting "
+- "kern.corefile %s\n",
+- strerror(errno)));
+- goto err_out;
+- }
+- /* Not a large enough array, try a bigger one. */
+- len = len << 1;
+- }
+- } while (ret == -1);
++ len = sizeof(format);
++ /* Read format string */
++ if((ret = sysctlbyname("kern.corefile", format, &len, NULL, 0)) == -1) {
++ return NULL;
++ }
+ /* Strip off the common filename expansion */
+- if ((end = strrchr_m(tmp_corepath, '/'))) {
++ if ((end=strrchr_m(format, '/')) != NULL) {
+ *end = '\0';
+ }
++ /* Core file is relative to the cwd */
++ if(!format[0] || format[0] != '/') {
++ return NULL;
++ }
+- return tmp_corepath;
+- err_out:
+- if (tmp_corepath) {
+- talloc_free(tmp_corepath);
++ if((tmp_ctx = talloc_new(NULL)) == NULL) {
++ DEBUG(0, ("talloc_new failed\n"));
++ return NULL;
+ }
+- return NULL;
++ if((buffer = talloc_strdup(tmp_ctx, "")) == NULL) {
++ DEBUG(0, ("talloc_strdup: Out of memory!\n"));
++ goto failed;
++ }
++ /* Parse format string and expand variables */
++ start = format;
++ while((end=strchr_m(start, '%')) != NULL) {
++ /* Copy part of the string without format arguments */
++ if(end != start) {
++ buffer = talloc_strndup_append_buffer(buffer, start, end - start);
++ if(buffer == NULL) {
++ DEBUG(0, ("talloc_strdup: Out of memory!\n"));
++ goto failed;
++ }
++ }
++ start = end + 1;
++ switch (*start) {
++ case '%':
++ buffer = talloc_strdup_append_buffer(buffer, "%%");
++ break;
++ case 'N': /* process name */
++ buffer = talloc_asprintf_append_buffer(buffer, "%s", name);
++ break;
++ case 'P': /* process id */
++ buffer = talloc_asprintf_append_buffer(buffer, "%u", getpid());
++ break;
++ case 'U': /* user id */
++ buffer = talloc_asprintf_append_buffer(buffer, "%u", getuid());
++ break;
++ default:
++ DEBUG(0,(
++ "Unknown format character %c in "
++ "corename `%s'\n", *start, format));
++ }
++ if(buffer == NULL) {
++ DEBUG(0, ("talloc_asprintf_append_buffer: Out of memory!\n"));
++ goto failed;
++ }
++ start++;
++ }
++ /* Copy remaining part, if any */
++ if((buffer = talloc_strdup_append_buffer(buffer, start)) == NULL) {
++ DEBUG(0, ("talloc_strdup_append_buffer: Out of memory!\n"));
++ goto failed;
++ }
++ /* Duplicate assembled string in the unattached contenxt */
++ freebsd_corepath = talloc_strdup(NULL, buffer);
++ TALLOC_FREE(tmp_ctx);
++ return freebsd_corepath;
+ }
+ #endif
+@@ -204,8 +249,7 @@
+ /* @todo: Add support for the linux corepath. */
+ char *tmp_corepath = NULL;
+- tmp_corepath = get_freebsd_corepath();
++ tmp_corepath = get_freebsd_corepath(progname);
+ /* If this has been set correctly, we're done. */
+ if (tmp_corepath) {
+ return tmp_corepath;
+@@ -281,7 +325,7 @@
+ SAFE_FREE(logbase);
+ }
+- void dump_core(void)
++void dump_core(void)
+ {
+ static bool called;
diff --git a/net/samba34/files/patch-source3__m4__aclocal.m4 b/net/samba34/files/patch-source3__m4__aclocal.m4
new file mode 100644
index 000000000000..095316e0d0b4
--- /dev/null
+++ b/net/samba34/files/patch-source3__m4__aclocal.m4
@@ -0,0 +1,180 @@
+--- ./source3/m4/aclocal.m4.orig 2010-01-18 12:38:09.000000000 +0100
++++ ./source3/m4/aclocal.m4 2010-01-22 02:42:50.000000000 +0100
+@@ -99,14 +99,14 @@
+ build_lib=yes
+ ;;
+ *)
+ build_lib=no
+ ;;
+ esac
+ ],
+ [
+ # if unspecified, default is not to build
+ build_lib=no
+ ]
+ )
+@@ -429,104 +429,81 @@
+ dnl those with the standalone portable libiconv installed).
+ AC_MSG_CHECKING(for iconv in $1)
+ jm_cv_func_iconv="no"
++ jm_cv_include=""
+ jm_cv_lib_iconv=""
+- jm_cv_giconv=no
++ jm_cv_giconv="no"
+ jm_save_LIBS="$LIBS"
+- dnl Check for include in giconv.h but no lib needed
+- if test "$jm_cv_func_iconv" != yes; then
+- AC_TRY_LINK([#include <stdlib.h>
++ dnl Check for include in funny place but no lib needed
++ if test "$jm_cv_func_iconv" != yes; then
++ AC_TRY_LINK([#include <stdlib.h>
+ #include <giconv.h>],
+ [iconv_t cd = iconv_open("","");
+ iconv(cd,NULL,NULL,NULL,NULL);
+ iconv_close(cd);],
+- jm_cv_func_iconv=yes
+- jm_cv_include="giconv.h"
+- jm_cv_giconv="yes"
+- jm_cv_lib_iconv="")
++ jm_cv_func_iconv=yes
++ jm_cv_include="giconv.h"
++ jm_cv_lib_iconv=""
++ jm_cv_giconv="yes")
+- dnl Standard iconv.h include, lib in glibc or libc ...
+- if test "$jm_cv_func_iconv" != yes; then
+- AC_TRY_LINK([#include <stdlib.h>
++ dnl Standard iconv.h include, lib in glibc or libc ...
++ if test "$jm_cv_func_iconv" != yes; then
++ AC_TRY_LINK([#include <stdlib.h>
+ #include <iconv.h>],
+- [iconv_t cd = iconv_open("","");
++ [iconv_t cd = iconv_open("","");
+ iconv(cd,NULL,NULL,NULL,NULL);
+ iconv_close(cd);],
+- jm_cv_include="iconv.h"
+- jm_cv_func_iconv=yes
+- jm_cv_lib_iconv="")
++ jm_cv_func_iconv=yes
++ jm_cv_include="iconv.h"
++ jm_cv_lib_iconv="")
+- dnl Include in giconv.h, libgiconv needed to link
+- if test "$jm_cv_func_iconv" != yes; then
+- jm_save_LIBS="$LIBS"
+- LIBS="$LIBS -lgiconv"
+- AC_TRY_LINK([#include <stdlib.h>
++ dnl Include in giconv.h, libgiconv needed to link
++ if test "$jm_cv_func_iconv" != yes; then
++ jm_save_LIBS="$LIBS"
++ LIBS="$LIBS -lgiconv"
++ AC_TRY_LINK([#include <stdlib.h>
+ #include <giconv.h>],
+- [iconv_t cd = iconv_open("","");
++ [iconv_t cd = iconv_open("","");
+ iconv(cd,NULL,NULL,NULL,NULL);
+ iconv_close(cd);],
+- jm_cv_lib_iconv=yes
+ jm_cv_func_iconv=yes
+ jm_cv_include="giconv.h"
+- jm_cv_giconv=yes
+- jm_cv_lib_iconv="giconv")
++ jm_cv_lib_iconv="giconv"
++ jm_cv_giconv=yes)
+- LIBS="$jm_save_LIBS"
++ LIBS="$jm_save_LIBS"
+- dnl Include in iconv.h, libiconv needed to link
+- if test "$jm_cv_func_iconv" != yes; then
+- jm_save_LIBS="$LIBS"
+- LIBS="$LIBS -liconv"
+- AC_TRY_LINK([#include <stdlib.h>
++ dnl Include in iconv.h, libiconv needed to link
++ if test "$jm_cv_func_iconv" != yes; then
++ jm_save_LIBS="$LIBS"
++ LIBS="$LIBS -liconv"
++ AC_TRY_LINK([#include <stdlib.h>
+ #include <iconv.h>],
+- [iconv_t cd = iconv_open("","");
+- iconv(cd,NULL,NULL,NULL,NULL);
+- iconv_close(cd);],
+- jm_cv_include="iconv.h"
+- jm_cv_func_iconv=yes
+- jm_cv_lib_iconv="iconv")
+- LIBS="$jm_save_LIBS"
+- dnl Include in biconv.h, libbiconv needed to link
+- if test "$jm_cv_func_iconv" != yes; then
+- jm_save_LIBS="$LIBS"
+- LIBS="$LIBS -lbiconv"
+- AC_TRY_LINK([#include <stdlib.h>
+-#include <biconv.h>],
+- [iconv_t cd = iconv_open("","");
+- iconv(cd,NULL,NULL,NULL,NULL);
+- iconv_close(cd);],
+- jm_cv_lib_iconv=yes
+- jm_cv_func_iconv=yes
+- jm_cv_include="biconv.h"
+- jm_cv_biconv=yes
+- jm_cv_lib_iconv="biconv")
++ [iconv_t cd = iconv_open("","");
++ iconv(cd,NULL,NULL,NULL,NULL);
++ iconv_close(cd);],
++ jm_cv_func_iconv=yes
++ jm_cv_include="iconv.h"
++ jm_cv_lib_iconv="iconv")
+- LIBS="$jm_save_LIBS"
+- fi
+- fi
++ LIBS="$jm_save_LIBS"
++ fi
++ fi
+ fi
+ fi
+- fi
+- if test "$jm_cv_func_iconv" = yes; then
+- if test "$jm_cv_giconv" = yes; then
+- AC_DEFINE(HAVE_GICONV, 1, [What header to include for iconv() function: giconv.h])
+- else
+- if test "$jm_cv_biconv" = yes; then
+- AC_DEFINE(HAVE_BICONV, 1, [What header to include for iconv() function: biconv.h])
++ if test "$jm_cv_func_iconv" = yes; then
++ if test "$jm_cv_giconv" = yes; then
++ AC_DEFINE(HAVE_GICONV, 1, [What header to include for iconv() function: giconv.h])
+ else
+ AC_DEFINE(HAVE_ICONV, 1, [What header to include for iconv() function: iconv.h])
+ fi
++ else
+ fi
+- else
+- fi
+ ])
+@@ -831,6 +808,9 @@
+ #include <fcntl.h>
+ #include <signal.h>
++#ifndef SIGRTMIN
+ /* from smbd/notify_kernel.c */
diff --git a/net/samba34/files/patch-source3__script__tests__dlopen.sh b/net/samba34/files/patch-source3__script__tests__dlopen.sh
new file mode 100644
index 000000000000..a65db7a2e22b
--- /dev/null
+++ b/net/samba34/files/patch-source3__script__tests__dlopen.sh
@@ -0,0 +1,11 @@
+--- ./source3/script/tests/dlopen.sh.orig 2010-01-18 12:38:09.000000000 +0100
++++ ./source3/script/tests/dlopen.sh 2010-01-22 02:42:50.000000000 +0100
+@@ -67,7 +67,7 @@
+ esac
+ done
+-${CC:-gcc} $RPM_OPT_FLAGS $CFLAGS -o $tempdir/dlopen $cflags $tempdir/dlopen.c $ldflags -ldl
++${CC:-gcc} $RPM_OPT_FLAGS $CFLAGS -o $tempdir/dlopen $cflags $tempdir/dlopen.c $ldflags
+ retval=0
+ for module in $modules ; do
diff --git a/net/samba34/files/patch-source3__smbd__aio.c b/net/samba34/files/patch-source3__smbd__aio.c
new file mode 100644
index 000000000000..ce644b5b20c4
--- /dev/null
+++ b/net/samba34/files/patch-source3__smbd__aio.c
@@ -0,0 +1,12 @@
+--- ./source3/smbd/aio.c.orig 2010-01-18 12:38:09.000000000 +0100
++++ ./source3/smbd/aio.c 2010-01-22 02:42:50.000000000 +0100
+@@ -25,9 +25,6 @@
+ /* The signal we'll use to signify aio done. */
+ #ifndef RT_SIGNAL_AIO
+-#ifndef SIGRTMIN
+ #endif
diff --git a/net/samba34/files/patch-source3__smbd__quotas.c b/net/samba34/files/patch-source3__smbd__quotas.c
new file mode 100644
index 000000000000..70b540720e31
--- /dev/null
+++ b/net/samba34/files/patch-source3__smbd__quotas.c
@@ -0,0 +1,19 @@
+--- ./source3/smbd/quotas.c.orig 2010-01-18 12:38:09.000000000 +0100
++++ ./source3/smbd/quotas.c 2010-01-22 02:42:50.000000000 +0100
+@@ -1035,6 +1035,7 @@
+ if (!cutstr)
+ return False;
++ memset(&D, '\0', sizeof(D));
+ memset(cutstr, '\0', len+1);
+ host = strncat(cutstr,mnttype, sizeof(char) * len );
+ DEBUG(5,("nfs_quotas: looking for mount on \"%s\"\n", cutstr));
+@@ -1043,7 +1044,7 @@
+ args.gqa_pathp = testpath+1;
+ args.gqa_uid = uid;
+- DEBUG(5,("nfs_quotas: Asking for host \"%s\" rpcprog \"%i\" rpcvers \"%i\" network \"%s\"\n", host, RQUOTAPROG, RQUOTAVERS, "udp"));
++ DEBUG(5,("nfs_quotas: Asking for host \"%s\" rpcprog \"%lu\" rpcvers \"%lu\" network \"%s\"\n", host, RQUOTAPROG, RQUOTAVERS, "udp"));
+ if ((clnt = clnt_create(host, RQUOTAPROG, RQUOTAVERS, "udp")) == NULL) {
+ ret = False;
diff --git a/net/samba34/files/patch-source3__smbd__statvfs.c b/net/samba34/files/patch-source3__smbd__statvfs.c
new file mode 100644
index 000000000000..19009e5b7381
--- /dev/null
+++ b/net/samba34/files/patch-source3__smbd__statvfs.c
@@ -0,0 +1,64 @@
+--- ./source3/smbd/statvfs.c.orig 2010-01-18 12:38:09.000000000 +0100
++++ ./source3/smbd/statvfs.c 2010-01-22 02:42:51.000000000 +0100
+@@ -3,6 +3,7 @@
+ VFS API's statvfs abstraction
+ Copyright (C) Alexander Bokovoy 2005
+ Copyright (C) Steve French 2005
++ Copyright (C) Timur I. Bakeyev 2005
+ Copyright (C) James Peach 2006
+ This program is free software; you can redistribute it and/or modify
+@@ -47,9 +48,42 @@
+ }
+ return result;
+ }
++#elif defined(FREEBSD)
++static int bsd_statvfs(const char *path, vfs_statvfs_struct *statbuf)
++ struct statfs statfs_buf;
++ int result;
+-#if defined(DARWINOS)
++ result = statfs(path, &statfs_buf);
++ if(result != 0) {
++ return result;
++ }
++ statbuf->OptimalTransferSize = statfs_buf.f_iosize;
++ statbuf->BlockSize = statfs_buf.f_bsize;
++ statbuf->TotalBlocks = statfs_buf.f_blocks;
++ statbuf->BlocksAvail = statfs_buf.f_bfree;
++ statbuf->UserBlocksAvail = statfs_buf.f_bavail;
++ statbuf->TotalFileNodes = statfs_buf.f_files;
++ statbuf->FreeFileNodes = statfs_buf.f_ffree;
++ statbuf->FsIdentifier =
++ (((uint64_t)statfs_buf.f_fsid.val[0]<<32) & 0xffffffff00000000LL) | (uint64_t)statfs_buf.f_fsid.val[1];
++ /* Try to extrapolate some of the fs flags into the
++ * capabilities
++ */
++ statbuf->FsCapabilities =
++ if(statfs_buf.f_flags & MNT_ACLS)
++ statbuf->FsCapabilities |= FILE_PERSISTENT_ACLS;
++ if(statfs_buf.f_flags & MNT_QUOTA)
++ statbuf->FsCapabilities |= FILE_VOLUME_QUOTAS;
++ if(statfs_buf.f_flags & MNT_RDONLY)
++ statbuf->FsCapabilities |= FILE_READ_ONLY_VOLUME;
++ return 0;
++#elif defined(DARWINOS)
+ #include <sys/attr.h>
+@@ -135,6 +169,8 @@
+ {
+ #if defined(LINUX) && defined(HAVE_FSID_INT)
+ return linux_statvfs(path, statbuf);
++#elif defined(FREEBSD)
++ return bsd_statvfs(path, statbuf);
+ #elif defined(DARWINOS)
+ return darwin_statvfs(path, statbuf);
+ #else
diff --git a/net/samba34/files/patch-source3__utils__net_time.c b/net/samba34/files/patch-source3__utils__net_time.c
new file mode 100644
index 000000000000..51ec57722a15
--- /dev/null
+++ b/net/samba34/files/patch-source3__utils__net_time.c
@@ -0,0 +1,18 @@
+--- ./source3/utils/net_time.c.orig 2010-01-18 12:38:09.000000000 +0100
++++ ./source3/utils/net_time.c 2010-01-22 02:42:51.000000000 +0100
+@@ -86,9 +86,15 @@
+ return "unknown";
+ }
++#if defined(FREEBSD)
++ fstr_sprintf(s, "%02d%02d%02d%02d%02d.%02d",
++ tm->tm_year+1900,tm->tm_mon+1,tm->tm_mday,
++ tm->tm_hour,tm->tm_min,tm->tm_sec);
+ fstr_sprintf(s, "%02d%02d%02d%02d%04d.%02d",
+ tm->tm_mon+1, tm->tm_mday, tm->tm_hour,
+ tm->tm_min, tm->tm_year + 1900, tm->tm_sec);
++#endif /* !FREEBSD */
+ return s;
+ }
diff --git a/net/samba34/files/pkg-deinstall.in b/net/samba34/files/pkg-deinstall.in
new file mode 100644
index 000000000000..e881cdc438d2
--- /dev/null
+++ b/net/samba34/files/pkg-deinstall.in
@@ -0,0 +1,44 @@
+#! /bin/sh
+post-deinstall() {
+ fi
+ ${RM} -f ${SAMBA_CONFDIR}/${SAMBA_CONFIG}.sample
+ ${RM} -rf ${SAMBA_SPOOL}
+ ${RMDIR} ${SAMBA_LOGDIR} 2>/dev/null || true
+ for f in connections.tdb locking.tdb messages.tdb sessionid.tdb \
+ unexpected.tdb brlock.tdb namelist.debug
+ do
+ ${RM} -f "${SAMBA_LOCKDIR}/${f}"
+ done
+ ${RMDIR} ${SAMBA_LOCKDIR} 2>/dev/null || true
+ ${RMDIR} ${SAMBA_PRIVATEDIR} 2>/dev/null || true
+ ${ECHO_CMD} "WARNING: If you will *NOT* use this package anymore, please remove the"
+ ${ECHO_CMD} " following directories manually:"
+case $2 in
+ post-deinstall
+ ;;
diff --git a/net/samba34/files/pkg-install.in b/net/samba34/files/pkg-install.in
new file mode 100644
index 000000000000..4272647e0b45
--- /dev/null
+++ b/net/samba34/files/pkg-install.in
@@ -0,0 +1,41 @@
+#! /bin/sh
+INSTALL_DATA="install -c -m 0444"
+MKDIR="mkdir -p"
+post-install() {
+ if [ $(id -u) -eq 0 ]; then
+ fi
+ if [ ! -f ${SAMBA_CONFDIR}/${SAMBA_CONFIG} ]; then
+ fi
+case $2 in
+ post-install
+ ;;
diff --git a/net/samba34/files/pkg-message.in b/net/samba34/files/pkg-message.in
new file mode 100644
index 000000000000..e0f463aacaa3
--- /dev/null
+++ b/net/samba34/files/pkg-message.in
@@ -0,0 +1,7 @@
+Samba3 *package* now doesn't include ADS support due the portability problems
+with Kerberos5 libraries on different installations. You need to compile port
+yourself to get this functionality.
+For additional hints and directions, please, look into the README.FreeBSD file.
diff --git a/net/samba34/files/samba.in b/net/samba34/files/samba.in
new file mode 100644
index 000000000000..d3a119d33753
--- /dev/null
+++ b/net/samba34/files/samba.in
@@ -0,0 +1,159 @@
+# $FreeBSD$
+# PROVIDE: nmbd smbd
+%%WINBIND%%# PROVIDE: winbindd
+%%CUPS%%# REQUIRE: cupsd
+# KEYWORD: shutdown
+# Add the following lines to /etc/rc.conf.local or /etc/rc.conf
+# to enable this service:
+# or, for fine grain control:
+%%WINBIND%%# You need to enable winbindd separately, by adding:
+# Configuration file can be set with:
+. %%RC_SUBR%%
+load_rc_config "${name}"
+# Custom commands
+extra_commands="reload status"
+# Defaults
+command_args=${samba_config:+-s "${samba_config}"}
+# Fetch parameters from configuration file
+samba_parm="${testparm_command} -s -v --parameter-name"
+%%WINBIND%%samba_idmap=$(${samba_parm} 'idmap uid' "${samba_config}" 2>/dev/null)
+samba_lockdir=$(${samba_parm} 'lock directory' "${samba_config}" 2>/dev/null)
+# Setup dependent variables
+if [ -n "${rcvar}" ] && checkyesno "${rcvar}"; then
+ nmbd_enable=${nmbd_enable=YES}
+ smbd_enable=${smbd_enable=YES}
+%%WINBIND%% # Check that winbindd is actually configured
+%%WINBIND%% if [ -n "${samba_idmap}" ]; then
+%%WINBIND%% winbindd_enable=${winbindd_enable=YES}
+%%WINBIND%% fi
+# Defaults for dependent variables
+samba_daemons="nmbd smbd"
+%%WINBIND%%samba_daemons="${samba_daemons} winbindd"
+# Hack to enable check of dependent variables
+eval real_${rcvar}="\${${rcvar}:=NO}" ${rcvar}=YES
+# Requirements
+samba_checkconfig() {
+ echo -n "Performing sanity check on Samba configuration: "
+ if ${testparm_command} -s ${samba_config:+"${samba_config}"} >/dev/null 2>&1; then
+ echo "OK"
+ else
+ echo "FAILED"
+ return 1
+ fi
+samba_start_precmd() {
+ # XXX: Never delete winbindd_idmap, winbindd_cache and group_mapping
+ if [ -n "${samba_lockdir}" -a -d "${samba_lockdir}" ]; then
+ echo -n "Removing stale Samba tdb files: "
+ for file in brlock.tdb browse.dat connections.tdb gencache.tdb \
+ locking.tdb messages.tdb namelist.debug sessionid.tdb \
+ unexpected.tdb
+ do
+ rm "${samba_lockdir}/${file}" </dev/null 2>/dev/null && echo -n '.'
+ done
+ echo " done"
+ fi
+samba_rcvar_cmd() {
+ # Prevent recursive calling
+ unset "${rc_arg}_cmd" "${rc_arg}_precmd" "${rc_arg}_postcmd"
+ # Check master variable
+ echo "# ${name}"
+ if [ -n "${rcvar}" ]; then
+ # Use original configured value
+ if checkyesno "real_${rcvar}"; then
+ echo "\$${rcvar}=YES"
+ else
+ echo "\$${rcvar}=NO"
+ fi
+ fi
+ # Check dependent variables
+ samba_cmd "${_rc_prefix}${rc_arg}" ${rc_extra_args}
+samba_reload_cmd() {
+ local name rcvar command pidfile
+ # Prevent recursive calling
+ unset "${rc_arg}_cmd" "${rc_arg}_precmd" "${rc_arg}_postcmd"
+ # Apply to all daemons
+ for name in ${samba_daemons}; do
+ rcvar=$(set_rcvar)
+ command="%%PREFIX%%/sbin/${name}"
+ pidfile="%%SAMBA_RUNDIR%%/${name}${pid_extra}.pid"
+ # Daemon should be enabled and running
+ if [ -n "${rcvar}" ] && checkyesno "${rcvar}"; then
+ if [ -n "$(check_pidfile "${pidfile}" "${command}")" ]; then
+ debug "reloading ${name} configuration"
+ echo "Reloading ${name}."
+ # XXX: Hack with pid_extra
+ ${smbcontrol_command} "${name}${pid_extra}" 'reload-config' ${command_args} >/dev/null 2>&1
+ fi
+ fi
+ done
+samba_cmd() {
+ local name rcvar command pidfile samba_daemons
+ # Prevent recursive calling
+ unset "${rc_arg}_cmd" "${rc_arg}_precmd" "${rc_arg}_postcmd"
+ # Stop processes in the reverse to order
+ if [ "${rc_arg}" = "stop" ] ; then
+ samba_daemons=$(reverse_list ${samba_daemons})
+ fi
+ # Apply to all daemons
+ for name in ${samba_daemons}; do
+ rcvar=$(set_rcvar)
+ command="%%PREFIX%%/sbin/${name}"
+ pidfile="%%SAMBA_RUNDIR%%/${name}${pid_extra}.pid"
+ # Daemon should be enabled and running
+ if [ -n "${rcvar}" ] && checkyesno "${rcvar}"; then
+ run_rc_command "${_rc_prefix}${rc_arg}" ${rc_extra_args}
+ fi
+ done
+run_rc_command "$1"
diff --git a/net/samba34/files/sernet.patch b/net/samba34/files/sernet.patch
new file mode 100644
index 000000000000..2c11e7c88bcd
--- /dev/null
+++ b/net/samba34/files/sernet.patch
@@ -0,0 +1,1027 @@
+ source3/auth/auth_sam.c | 159 +++++++++++++++++++++++++++++++++---------
+ source3/include/proto.h | 3 +
+ source3/passdb/pdb_get_set.c | 132 +++++++++++++++++++----------------
+ source3/smbd/chgpasswd.c | 87 ++++++++++++++++-------
+ 4 files changed, 262 insertions(+), 119 deletions(-)
+diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c
+index fdfa292..24e7898 100644
+--- a/source3/auth/auth_sam.c
++++ b/source3/auth/auth_sam.c
+@@ -32,16 +32,14 @@
+ static NTSTATUS sam_password_ok(const struct auth_context *auth_context,
+ TALLOC_CTX *mem_ctx,
+- struct samu *sampass,
++ const char *username,
++ uint32_t acct_ctrl,
++ const uint8_t *lm_pw,
++ const uint8_t *nt_pw,
+ const auth_usersupplied_info *user_info,
+ DATA_BLOB *user_sess_key,
+ DATA_BLOB *lm_sess_key)
+ {
+- uint32 acct_ctrl;
+- const uint8 *lm_pw, *nt_pw;
+- const char *username = pdb_get_username(sampass);
+- acct_ctrl = pdb_get_acct_ctrl(sampass);
+ if (acct_ctrl & ACB_PWNOTREQ) {
+ if (lp_null_passwords()) {
+ DEBUG(3,("Account for user '%s' has no password and null passwords are allowed.\n", username));
+@@ -52,9 +50,6 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context,
+ }
+ }
+- lm_pw = pdb_get_lanman_passwd(sampass);
+- nt_pw = pdb_get_nt_passwd(sampass);
+ return ntlm_password_check(mem_ctx, &auth_context->challenge,
+ &user_info->lm_resp, &user_info->nt_resp,
+ &user_info->lm_interactive_pwd, &user_info->nt_interactive_pwd,
+@@ -240,6 +235,75 @@ static NTSTATUS sam_account_ok(TALLOC_CTX *mem_ctx,
+ return NT_STATUS_OK;
+ }
++ * Check whether the given password is one of the last two
++ * password history entries. If so, the bad pwcount should
++ * not be incremented even thought the actual password check
++ * failed.
++ */
++static bool need_to_increment_bad_pw_count(
++ const struct auth_context *auth_context,
++ struct samu* sampass,
++ const auth_usersupplied_info *user_info)
++ uint8_t i;
++ const uint8_t *pwhistory;
++ uint32_t pwhistory_len;
++ uint32_t policy_pwhistory_len;
++ uint32_t acct_ctrl;
++ const char *username;
++ TALLOC_CTX *mem_ctx = talloc_stackframe();
++ bool result = true;
++ pdb_get_account_policy(AP_PASSWORD_HISTORY,
++ &policy_pwhistory_len);
++ if (policy_pwhistory_len == 0) {
++ goto done;
++ }
++ pwhistory = pdb_get_pw_history(sampass, &pwhistory_len);
++ if (!pwhistory || pwhistory_len == 0) {
++ goto done;
++ }
++ acct_ctrl = pdb_get_acct_ctrl(sampass);
++ username = pdb_get_username(sampass);
++ for (i=1; i < MIN(MIN(3, policy_pwhistory_len), pwhistory_len); i++) {
++ static const uint8_t zero16[SALTED_MD5_HASH_LEN];
++ const uint8_t *salt;
++ const uint8_t *nt_pw;
++ NTSTATUS status;
++ DATA_BLOB user_sess_key = data_blob_null;
++ DATA_BLOB lm_sess_key = data_blob_null;
++ salt = &pwhistory[i*PW_HISTORY_ENTRY_LEN];
++ nt_pw = salt + PW_HISTORY_SALT_LEN;
++ if (memcmp(zero16, nt_pw, NT_HASH_LEN) == 0) {
++ /* skip zero password hash */
++ continue;
++ }
++ if (memcmp(zero16, salt, PW_HISTORY_SALT_LEN) != 0) {
++ /* skip nonzero salt (old format entry) */
++ continue;
++ }
++ status = sam_password_ok(auth_context, mem_ctx,
++ username, acct_ctrl, NULL, nt_pw,
++ user_info, &user_sess_key, &lm_sess_key);
++ if (NT_STATUS_IS_OK(status)) {
++ result = false;
++ break;
++ }
++ }
++ TALLOC_FREE(mem_ctx);
++ return result;
+ /****************************************************************************
+ check if a username/password is OK assuming the password is a 24 byte
+ SMB hash supplied in the user_info structure
+@@ -259,6 +323,10 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context,
+ DATA_BLOB user_sess_key = data_blob_null;
+ DATA_BLOB lm_sess_key = data_blob_null;
+ bool updated_autolock = False, updated_badpw = False;
++ uint32_t acct_ctrl;
++ const char *username;
++ const uint8_t *nt_pw;
++ const uint8_t *lm_pw;
+ if (!user_info || !auth_context) {
+@@ -267,7 +335,8 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context,
+ /* the returned struct gets kept on the server_info, by means
+ of a steal further down */
+- if ( !(sampass = samu_new( mem_ctx )) ) {
++ sampass = samu_new(mem_ctx);
++ if (sampass == NULL) {
+ }
+@@ -284,16 +353,22 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context,
+ }
++ acct_ctrl = pdb_get_acct_ctrl(sampass);
++ username = pdb_get_username(sampass);
++ nt_pw = pdb_get_nt_passwd(sampass);
++ lm_pw = pdb_get_lanman_passwd(sampass);
+ /* see if autolock flag needs to be updated */
+- if (pdb_get_acct_ctrl(sampass) & ACB_NORMAL)
++ if (acct_ctrl & ACB_NORMAL)
+ pdb_update_autolock_flag(sampass, &updated_autolock);
+ /* Quit if the account was locked out. */
+- if (pdb_get_acct_ctrl(sampass) & ACB_AUTOLOCK) {
+- DEBUG(3,("check_sam_security: Account for user %s was locked out.\n", pdb_get_username(sampass)));
++ if (acct_ctrl & ACB_AUTOLOCK) {
++ DEBUG(3,("check_sam_security: Account for user %s was locked out.\n", username));
+ }
+- nt_status = sam_password_ok(auth_context, mem_ctx, sampass,
++ nt_status = sam_password_ok(auth_context, mem_ctx,
++ username, acct_ctrl, lm_pw, nt_pw,
+ user_info, &user_sess_key, &lm_sess_key);
+ /* Notify passdb backend of login success/failure. If not
+@@ -302,10 +377,19 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context,
+ update_login_attempts_status = pdb_update_login_attempts(sampass, NT_STATUS_IS_OK(nt_status));
+ if (!NT_STATUS_IS_OK(nt_status)) {
++ bool increment_bad_pw_count = false;
+- pdb_get_acct_ctrl(sampass) &ACB_NORMAL &&
++ acct_ctrl & ACB_NORMAL &&
+ NT_STATUS_IS_OK(update_login_attempts_status))
+- {
++ {
++ increment_bad_pw_count =
++ need_to_increment_bad_pw_count(auth_context,
++ sampass,
++ user_info);
++ }
++ if (increment_bad_pw_count) {
+ pdb_increment_bad_password_count(sampass);
+ updated_badpw = True;
+ } else {
+@@ -313,18 +397,21 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context,
+ &updated_badpw);
+ }
+ if (updated_autolock || updated_badpw){
++ NTSTATUS status;
+ become_root();
+- if(!NT_STATUS_IS_OK(pdb_update_sam_account(sampass)))
+- DEBUG(1, ("Failed to modify entry.\n"));
++ status = pdb_update_sam_account(sampass);
+ unbecome_root();
++ if (!NT_STATUS_IS_OK(status)) {
++ DEBUG(1, ("Failed to modify entry: %s\n",
++ nt_errstr(status)));
++ }
+ }
+- data_blob_free(&user_sess_key);
+- data_blob_free(&lm_sess_key);
+- TALLOC_FREE(sampass);
+- return nt_status;
++ goto done;
+ }
+- if ((pdb_get_acct_ctrl(sampass) & ACB_NORMAL) &&
++ if ((acct_ctrl & ACB_NORMAL) &&
+ (pdb_get_bad_password_count(sampass) > 0)){
+ pdb_set_bad_password_count(sampass, 0, PDB_CHANGED);
+ pdb_set_bad_password_time(sampass, 0, PDB_CHANGED);
+@@ -332,30 +419,32 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context,
+ }
+ if (updated_autolock || updated_badpw){
++ NTSTATUS status;
+ become_root();
+- if(!NT_STATUS_IS_OK(pdb_update_sam_account(sampass)))
+- DEBUG(1, ("Failed to modify entry.\n"));
++ status = pdb_update_sam_account(sampass);
+ unbecome_root();
+- }
++ if (!NT_STATUS_IS_OK(status)) {
++ DEBUG(1, ("Failed to modify entry: %s\n",
++ nt_errstr(status)));
++ }
++ }
+ nt_status = sam_account_ok(mem_ctx, sampass, user_info);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+- TALLOC_FREE(sampass);
+- data_blob_free(&user_sess_key);
+- data_blob_free(&lm_sess_key);
+- return nt_status;
++ goto done;
+ }
+ become_root();
+ nt_status = make_server_info_sam(server_info, sampass);
+ unbecome_root();
++ sampass = NULL;
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ DEBUG(0,("check_sam_security: make_server_info_sam() failed with '%s'\n", nt_errstr(nt_status)));
+- data_blob_free(&user_sess_key);
+- data_blob_free(&lm_sess_key);
+- return nt_status;
++ goto done;
+ }
+ (*server_info)->user_session_key =
+@@ -370,6 +459,10 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context,
+ (*server_info)->nss_token |= user_info->was_mapped;
++ TALLOC_FREE(sampass);
++ data_blob_free(&user_sess_key);
++ data_blob_free(&lm_sess_key);
+ return nt_status;
+ }
+diff --git a/source3/include/proto.h b/source3/include/proto.h
+index d2ae62c..2c72bc6 100644
+--- a/source3/include/proto.h
++++ b/source3/include/proto.h
+@@ -6179,6 +6179,9 @@ NTSTATUS pass_oem_change(char *user,
+ uchar password_encrypted_with_nt_hash[516],
+ const uchar old_nt_hash_encrypted[16],
+ uint32 *reject_reason);
++bool password_in_history(uint8_t nt_pw[NT_HASH_LEN],
++ uint32_t pw_history_len,
++ const uint8_t *pw_history);
+ NTSTATUS change_oem_password(struct samu *hnd, char *old_passwd, char *new_passwd, bool as_root, uint32 *samr_reject_reason);
+ /* The following definitions come from smbd/close.c */
+diff --git a/source3/passdb/pdb_get_set.c b/source3/passdb/pdb_get_set.c
+index c79caf2..6e6b82b 100644
+--- a/source3/passdb/pdb_get_set.c
++++ b/source3/passdb/pdb_get_set.c
+@@ -979,6 +979,9 @@ bool pdb_set_plaintext_passwd(struct samu *sampass, const char *plaintext)
+ {
+ uchar new_lanman_p16[LM_HASH_LEN];
+ uchar new_nt_p16[NT_HASH_LEN];
++ uchar *pwhistory;
++ uint32 pwHistLen;
++ uint32 current_history_len;
+ if (!plaintext)
+ return False;
+@@ -1008,68 +1011,79 @@ bool pdb_set_plaintext_passwd(struct samu *sampass, const char *plaintext)
+ if (!pdb_set_pass_last_set_time (sampass, time(NULL), PDB_CHANGED))
+ return False;
+- /* Store the password history. */
+- if (pdb_get_acct_ctrl(sampass) & ACB_NORMAL) {
+- uchar *pwhistory;
+- uint32 pwHistLen;
+- pdb_get_account_policy(AP_PASSWORD_HISTORY, &pwHistLen);
+- if (pwHistLen != 0){
+- uint32 current_history_len;
+- /* We need to make sure we don't have a race condition here - the
+- account policy history length can change between when the pw_history
+- was first loaded into the struct samu struct and now.... JRA. */
+- pwhistory = (uchar *)pdb_get_pw_history(sampass, &current_history_len);
+- if (current_history_len != pwHistLen) {
+- /* After closing and reopening struct samu the history
+- values will sync up. We can't do this here. */
+- /* current_history_len > pwHistLen is not a problem - we
+- have more history than we need. */
+- if (current_history_len < pwHistLen) {
+- /* Ensure we have space for the needed history. */
+- uchar *new_history = (uchar *)TALLOC(sampass,
+- if (!new_history) {
+- return False;
+- }
+- /* And copy it into the new buffer. */
+- if (current_history_len) {
+- memcpy(new_history, pwhistory,
+- current_history_len*PW_HISTORY_ENTRY_LEN);
+- }
+- /* Clearing out any extra space. */
+- memset(&new_history[current_history_len*PW_HISTORY_ENTRY_LEN],
+- '\0', (pwHistLen-current_history_len)*PW_HISTORY_ENTRY_LEN);
+- /* Finally replace it. */
+- pwhistory = new_history;
+- }
+- }
+- if (pwhistory && pwHistLen){
+- /* Make room for the new password in the history list. */
+- if (pwHistLen > 1) {
+- memmove(&pwhistory[PW_HISTORY_ENTRY_LEN],
+- pwhistory, (pwHistLen -1)*PW_HISTORY_ENTRY_LEN );
+- }
+- /* Create the new salt as the first part of the history entry. */
+- generate_random_buffer(pwhistory, PW_HISTORY_SALT_LEN);
+- /* Generate the md5 hash of the salt+new password as the second
+- part of the history entry. */
+- E_md5hash(pwhistory, new_nt_p16, &pwhistory[PW_HISTORY_SALT_LEN]);
+- pdb_set_pw_history(sampass, pwhistory, pwHistLen, PDB_CHANGED);
+- } else {
+- DEBUG (10,("pdb_get_set.c: pdb_set_plaintext_passwd: pwhistory was NULL!\n"));
+- }
+- } else {
+- /* Set the history length to zero. */
+- pdb_set_pw_history(sampass, NULL, 0, PDB_CHANGED);
++ if ((pdb_get_acct_ctrl(sampass) & ACB_NORMAL) == 0) {
++ /*
++ * No password history for non-user accounts
++ */
++ return true;
++ }
++ pdb_get_account_policy(AP_PASSWORD_HISTORY, &pwHistLen);
++ if (pwHistLen == 0) {
++ /* Set the history length to zero. */
++ pdb_set_pw_history(sampass, NULL, 0, PDB_CHANGED);
++ return true;
++ }
++ /*
++ * We need to make sure we don't have a race condition here -
++ * the account policy history length can change between when
++ * the pw_history was first loaded into the struct samu struct
++ * and now.... JRA.
++ */
++ pwhistory = (uchar *)pdb_get_pw_history(sampass, &current_history_len);
++ if ((current_history_len != 0) && (pwhistory == NULL)) {
++ DEBUG(1, ("pdb_set_plaintext_passwd: pwhistory == NULL!\n"));
++ return false;
++ }
++ if (current_history_len < pwHistLen) {
++ /*
++ * Ensure we have space for the needed history. This
++ * also takes care of an account which did not have
++ * any history at all so far, i.e. pwhistory==NULL
++ */
++ uchar *new_history = talloc_zero_array(
++ sampass, uchar,
++ if (!new_history) {
++ return False;
+ }
++ memcpy(new_history, pwhistory,
++ current_history_len*PW_HISTORY_ENTRY_LEN);
++ pwhistory = new_history;
+ }
++ /*
++ * Make room for the new password in the history list.
++ */
++ if (pwHistLen > 1) {
++ memmove(&pwhistory[PW_HISTORY_ENTRY_LEN], pwhistory,
++ (pwHistLen-1)*PW_HISTORY_ENTRY_LEN );
++ }
++ /*
++ * Fill the salt area with 0-s: this indicates that
++ * a plain nt has is stored in the has area.
++ * The old format was to store a 16 byte salt and
++ * then an md5hash of the nt_hash concatenated with
++ * the salt.
++ */
++ memset(pwhistory, 0, PW_HISTORY_SALT_LEN);
++ /*
++ * Generate the md5 hash of the salt+new password as the
++ * second part of the history entry.
++ */
++ memcpy(&pwhistory[PW_HISTORY_SALT_LEN], new_nt_p16, SALTED_MD5_HASH_LEN);
++ pdb_set_pw_history(sampass, pwhistory, pwHistLen, PDB_CHANGED);
+ return True;
+ }
+diff --git a/source3/smbd/chgpasswd.c b/source3/smbd/chgpasswd.c
+index 61c3afb..046cc2c 100644
+--- a/source3/smbd/chgpasswd.c
++++ b/source3/smbd/chgpasswd.c
+@@ -1007,6 +1007,59 @@ static NTSTATUS check_oem_password(const char *user,
+ }
++bool password_in_history(uint8_t nt_pw[NT_HASH_LEN],
++ uint32_t pw_history_len,
++ const uint8_t *pw_history)
++ static const uint8_t zero_md5_nt_pw[SALTED_MD5_HASH_LEN] = { 0, };
++ int i;
++ dump_data(100, nt_pw, NT_HASH_LEN);
++ dump_data(100, pw_history, PW_HISTORY_ENTRY_LEN * pw_history_len);
++ for (i=0; i<pw_history_len; i++) {
++ uint8_t new_nt_pw_salted_md5_hash[SALTED_MD5_HASH_LEN];
++ const uint8_t *current_salt;
++ const uint8_t *old_nt_pw_salted_md5_hash;
++ current_salt = &pw_history[i*PW_HISTORY_ENTRY_LEN];
++ old_nt_pw_salted_md5_hash = current_salt + PW_HISTORY_SALT_LEN;
++ if (memcmp(zero_md5_nt_pw, old_nt_pw_salted_md5_hash,
++ SALTED_MD5_HASH_LEN) == 0) {
++ /* Ignore zero valued entries. */
++ continue;
++ }
++ if (memcmp(zero_md5_nt_pw, current_salt,
++ {
++ /*
++ * New format: zero salt and then plain nt hash.
++ * Directly compare the hashes.
++ */
++ if (memcmp(nt_pw, old_nt_pw_salted_md5_hash,
++ {
++ return true;
++ }
++ } else {
++ /*
++ * Old format: md5sum of salted nt hash.
++ * Create salted version of new pw to compare.
++ */
++ E_md5hash(current_salt, nt_pw, new_nt_pw_salted_md5_hash);
++ if (memcmp(new_nt_pw_salted_md5_hash,
++ old_nt_pw_salted_md5_hash,
++ SALTED_MD5_HASH_LEN) == 0) {
++ return true;
++ }
++ }
++ }
++ return false;
+ /***********************************************************
+ This routine takes the given password and checks it against
+ the password history. Returns True if this password has been
+@@ -1016,11 +1069,8 @@ static NTSTATUS check_oem_password(const char *user,
+ static bool check_passwd_history(struct samu *sampass, const char *plaintext)
+ {
+ uchar new_nt_p16[NT_HASH_LEN];
+- uchar zero_md5_nt_pw[SALTED_MD5_HASH_LEN];
+ const uint8 *nt_pw;
+ const uint8 *pwhistory;
+- bool found = False;
+- int i;
+ uint32 pwHisLen, curr_pwHisLen;
+ pdb_get_account_policy(AP_PASSWORD_HISTORY, &pwHisLen);
+@@ -1047,30 +1097,13 @@ static bool check_passwd_history(struct samu *sampass, const char *plaintext)
+ return True;
+ }
+- dump_data(100, new_nt_p16, NT_HASH_LEN);
+- dump_data(100, pwhistory, PW_HISTORY_ENTRY_LEN*pwHisLen);
+- memset(zero_md5_nt_pw, '\0', SALTED_MD5_HASH_LEN);
+- for (i=0; i<pwHisLen; i++) {
+- uchar new_nt_pw_salted_md5_hash[SALTED_MD5_HASH_LEN];
+- const uchar *current_salt = &pwhistory[i*PW_HISTORY_ENTRY_LEN];
+- const uchar *old_nt_pw_salted_md5_hash = &pwhistory[(i*PW_HISTORY_ENTRY_LEN)+
+- if (!memcmp(zero_md5_nt_pw, old_nt_pw_salted_md5_hash, SALTED_MD5_HASH_LEN)) {
+- /* Ignore zero valued entries. */
+- continue;
+- }
+- /* Create salted versions of new to compare. */
+- E_md5hash(current_salt, new_nt_p16, new_nt_pw_salted_md5_hash);
+- if (!memcmp(new_nt_pw_salted_md5_hash, old_nt_pw_salted_md5_hash, SALTED_MD5_HASH_LEN)) {
+- DEBUG(1,("check_passwd_history: proposed new password for user %s found in history list !\n",
+- pdb_get_username(sampass) ));
+- found = True;
+- break;
+- }
++ if (password_in_history(new_nt_p16, pwHisLen, pwhistory)) {
++ DEBUG(1,("check_passwd_history: proposed new password for "
++ "user %s found in history list !\n",
++ pdb_get_username(sampass) ));
++ return true;
+ }
+- return found;
++ return false;
+ }
+ /***********************************************************
+@@ -1116,7 +1149,7 @@ NTSTATUS change_oem_password(struct samu *hnd, char *old_passwd, char *new_passw
+ }
+ }
+- /* removed calculation here, becuase passdb now calculates
++ /* removed calculation here, because passdb now calculates
+ based on policy. jmcd */
+ if ((can_change_time != 0) && (time(NULL) < can_change_time)) {
+ DEBUG(1, ("user %s cannot change password now, must "
+commit 70063522065ab3e5a21fb11db0097b808aa11100
+Author: Björn Jacke <bj@sernet.de>
+Date: Sat Oct 31 00:45:09 2009 +0100
+ s3:ldap: don't search when no values where found
+diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
+index 54cb03d..87df75e 100644
+--- a/source3/passdb/pdb_ldap.c
++++ b/source3/passdb/pdb_ldap.c
+@@ -2683,7 +2683,7 @@ static NTSTATUS ldapsam_enum_group_members(struct pdb_methods *methods,
+ values = ldap_get_values(conn->ldap_struct, entry, "memberUid");
+- if (values) {
++ if ((values != NULL) && (values[0] != NULL)) {
+ filter = talloc_asprintf(mem_ctx, "(&(objectClass=%s)(|", LDAP_OBJ_SAMBASAMACCOUNT);
+ if (filter == NULL) {
+--- a/source3/utils/net_rpc.c 2009-10-28 11:37:35.336126630 +0100
++++ b/source3/utils/net_rpc.c 2009-10-28 14:18:50.555361309 +0100
+@@ -5709,7 +5709,9 @@
+ const char **argv)
+ {
+ fstring str_sid;
+- sid_to_fstring(str_sid, domain_sid);
++ if (!sid_to_fstring(str_sid, domain_sid)) {
++ }
+ d_printf("%s\n", str_sid);
+ return NT_STATUS_OK;
+ }
+@@ -6182,14 +6184,14 @@
+ &ndr_table_lsarpc.syntax_id, 0,
+ rpc_query_domain_sid, argc,
+ argv))
+- d_fprintf(stderr, "couldn't get domain's sid\n");
++ d_printf("strange - couldn't get domain's sid\n");
+ cli_shutdown(remote_cli);
+ } else {
+ d_fprintf(stderr, "domain controller is not "
+ "responding: %s\n",
+ nt_errstr(nt_status));
++ d_printf("couldn't get domain's sid\n");
+ };
+ };
+commit 72cec4a03145e11d299a5b679bb4a7ed6818032b
+Author: Björn Jacke <bj@sernet.de>
+Date: Fri Oct 30 21:50:41 2009 +0100
+ Ñ•3:ldap: search for account policies in objectclass sambaDomain, not *
+diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
+index c464a88..54cb03d 100644
+--- a/source3/passdb/pdb_ldap.c
++++ b/source3/passdb/pdb_ldap.c
+@@ -3864,6 +3864,7 @@ static NTSTATUS ldapsam_get_account_policy_from_ldap(struct pdb_methods *methods
+ int count;
+ int rc;
+ char **vals = NULL;
++ char *filter;
+ const char *policy_attr = NULL;
+ struct ldapsam_privates *ldap_state =
+@@ -3887,8 +3888,12 @@ static NTSTATUS ldapsam_get_account_policy_from_ldap(struct pdb_methods *methods
+ attrs[0] = policy_attr;
+ attrs[1] = NULL;
++ filter = talloc_asprintf(NULL, "(objectClass=%s)", LDAP_OBJ_DOMINFO);
++ if (filter == NULL) {
++ }
+ rc = smbldap_search(ldap_state->smbldap_state, ldap_state->domain_dn,
+- LDAP_SCOPE_BASE, "(objectclass=*)", attrs, 0,
++ LDAP_SCOPE_BASE, filter, attrs, 0,
+ &result);
+ if (rc != LDAP_SUCCESS) {
+commit b6afe7ef236a454d8a6abf104b8846f817378f73
+Author: Björn Jacke <bj@sernet.de>
+Date: Thu Oct 15 02:02:30 2009 +0200
+ util: cope the all loopback addresses IPv4 knows
+ The fact that we just recogniced as loopback IP address and not the
+ rest of the IP address range we used the lo interface for sending
+ packages even though we should send them to some more physical interface. This
+ way we ended up with failing WINS registration and so on like in #6348.
+ On the lo interface sendto() returned "Invalid Argument" (EINVAL).
+diff --git a/lib/util/util_net.c b/lib/util/util_net.c
+index 0ce495e..0511a28 100644
+--- a/lib/util/util_net.c
++++ b/lib/util/util_net.c
+@@ -351,13 +351,11 @@ bool is_broadcast_addr(const struct sockaddr *pss)
+ }
+ /**
+- * Check if an IPv7 is
++ * Check if an IPv4 is in IN_LOOPBACKNET (
+ */
+ bool is_loopback_ip_v4(struct in_addr ip)
+ {
+- struct in_addr a;
+- a.s_addr = htonl(INADDR_LOOPBACK);
+- return(ip.s_addr == a.s_addr);
++ return ((ntohl(ip.s_addr) & IN_CLASSA_NET) == (IN_LOOPBACKNET << IN_CLASSA_NSHIFT));
+ }
+ /**
+From 144c23893ec580eed1a38b2fd577b4bd4ebf491d Mon Sep 17 00:00:00 2001
+From: Michael Adam <obnox@samba.org>
+Date: Sat, 14 Nov 2009 01:12:22 +0100
+Subject: [PATCH] s3:is_trusted_domain: shortcut if domain name is NULL or empty
+This saves some roundtrips to LDAP in an ldapsm setup.
+ source3/auth/auth_util.c | 4 ++++
+ 1 files changed, 4 insertions(+), 0 deletions(-)
+diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
+index 1d25e22..512cae0 100644
+--- a/source3/auth/auth_util.c
++++ b/source3/auth/auth_util.c
+@@ -2181,6 +2181,10 @@ bool is_trusted_domain(const char* dom_name)
+ if ( lp_server_role() == ROLE_STANDALONE )
+ return False;
++ if (dom_name == NULL || dom_name[0] == '\0') {
++ return false;
++ }
+ /* if we are a DC, then check for a direct trust relationships */
+ if ( IS_DC ) {
+From 2e3d9abeafebffa6ff1c7b3de80525cd5f6deb49 Mon Sep 17 00:00:00 2001
+From: Michael Adam <obnox@samba.org>
+Date: Sat, 14 Nov 2009 01:21:42 +0100
+Subject: [PATCH] s3:is_trusted_domain: shortcut if domain name == global_sam_name
+A domain can't have a trust with itself.
+This saves some roundtrips to the ldap server for ldapsam.
+ source3/auth/auth_util.c | 4 ++++
+ 1 files changed, 4 insertions(+), 0 deletions(-)
+diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
+index 512cae0..118f41c 100644
+--- a/source3/auth/auth_util.c
++++ b/source3/auth/auth_util.c
+@@ -2185,6 +2185,10 @@ bool is_trusted_domain(const char* dom_name)
+ return false;
+ }
++ if (strequal(dom_name, get_global_sam_name())) {
++ return false;
++ }
+ /* if we are a DC, then check for a direct trust relationships */
+ if ( IS_DC ) {
+From 1f88d2b729a273b0d10e3b57695037dede290baf Mon Sep 17 00:00:00 2001
+From: Michael Adam <obnox@samba.org>
+Date: Fri, 13 Nov 2009 15:51:33 +0100
+Subject: [PATCH] s3:smbd: make idmap cache persistent for "ldapsam:trusted".
+This stores the mappings found in the idmap cache (which lives
+inside gencache). This cache is already read in sid_to_Xid()
+and Xid_to_sid() for ldapsam:trusted, this fills the opposite
+direction, massively reducing the number of ldap roundtrips
+across smbd restarts.
+ source3/passdb/pdb_ldap.c | 4 ++++
+ 1 files changed, 4 insertions(+), 0 deletions(-)
+diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
+index d4a2fbe..7fda72e 100644
+--- a/source3/passdb/pdb_ldap.c
++++ b/source3/passdb/pdb_ldap.c
+@@ -1038,6 +1038,7 @@ static bool init_sam_from_ldap(struct ldapsam_privates *ldap_state,
+ /* We've got a uid, feed the cache */
+ uid_t uid = strtoul(temp, NULL, 10);
+ store_uid_sid_cache(pdb_get_user_sid(sampass), uid);
++ idmap_cache_set_sid2uid(pdb_get_user_sid(sampass), uid);
+ }
+ }
+@@ -2449,6 +2450,7 @@ for gidNumber(%lu)\n",(unsigned long)map->gid));
+ if (lp_parm_bool(-1, "ldapsam", "trusted", false)) {
+ store_gid_sid_cache(&map->sid, map->gid);
++ idmap_cache_set_sid2gid(&map->sid, map->gid);
+ }
+@@ -4967,6 +4969,7 @@ static bool ldapsam_sid_to_id(struct pdb_methods *methods,
+ id->gid = strtoul(gid_str, NULL, 10);
+ *type = (enum lsa_SidType)strtoul(value, NULL, 10);
++ idmap_cache_set_sid2gid(sid, id->gid);
+ ret = True;
+ goto done;
+ }
+@@ -4983,6 +4986,7 @@ static bool ldapsam_sid_to_id(struct pdb_methods *methods,
+ id->uid = strtoul(value, NULL, 10);
+ *type = SID_NAME_USER;
++ idmap_cache_set_sid2uid(sid, id->uid);
+ ret = True;
+ done:
+From a582d52c6180d334d42f4e3d27a455e5fce53d53 Mon Sep 17 00:00:00 2001
+From: Michael Adam <obnox@samba.org>
+Date: Fri, 13 Nov 2009 16:16:50 +0100
+Subject: [PATCH] s3:smbd: also fill the memcache with sid<->id mappings in ldapsam_sid_to_id()
+not only the persistent idmap cache.
+ source3/passdb/pdb_ldap.c | 2 ++
+ 1 files changed, 2 insertions(+), 0 deletions(-)
+diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
+index 7fda72e..cce2cf1 100644
+--- a/source3/passdb/pdb_ldap.c
++++ b/source3/passdb/pdb_ldap.c
+@@ -4969,6 +4969,7 @@ static bool ldapsam_sid_to_id(struct pdb_methods *methods,
+ id->gid = strtoul(gid_str, NULL, 10);
+ *type = (enum lsa_SidType)strtoul(value, NULL, 10);
++ store_gid_sid_cache(sid, id->gid);
+ idmap_cache_set_sid2gid(sid, id->gid);
+ ret = True;
+ goto done;
+@@ -4986,6 +4987,7 @@ static bool ldapsam_sid_to_id(struct pdb_methods *methods,
+ id->uid = strtoul(value, NULL, 10);
+ *type = SID_NAME_USER;
++ store_uid_sid_cache(sid, id->uid);
+ idmap_cache_set_sid2uid(sid, id->uid);
+ ret = True;
+From d90798e8fa1f56a60cf0260dd8679bc11c41603b Mon Sep 17 00:00:00 2001
+From: Michael Adam <obnox@samba.org>
+Date: Mon, 16 Nov 2009 11:37:18 +0100
+Subject: [PATCH] s3: shortcut uid_to_sid when "ldapsam:trusted = yes"
+The normal uid_to_sid behaviour is to call sys_getpwuid()
+to get the name for the given uid and then call the
+getsampwnam passdb method for the resulting name.
+In the ldapsam:trusted case we can reduce the uid_to_sid
+operation to one simple search for the uidNumber attribute
+and only get the sambaSID attribute from the correspoinding
+LDAP object. This reduces the number of ldap roundtrips
+for this operation.
+ source3/passdb/pdb_ldap.c | 75 +++++++++++++++++++++++++++++++++++++++++++++
+ 1 files changed, 75 insertions(+), 0 deletions(-)
+diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
+index cce2cf1..401bf95 100644
+--- a/source3/passdb/pdb_ldap.c
++++ b/source3/passdb/pdb_ldap.c
+@@ -4996,6 +4996,80 @@ static bool ldapsam_sid_to_id(struct pdb_methods *methods,
+ return ret;
+ }
++ * Find the SID for a uid.
++ * This is shortcut is only used if ldapsam:trusted is set to true.
++ */
++static bool ldapsam_uid_to_sid(struct pdb_methods *methods, uid_t uid,
++ DOM_SID *sid)
++ struct ldapsam_privates *priv =
++ (struct ldapsam_privates *)methods->private_data;
++ char *filter;
++ const char *attrs[] = { "sambaSID", NULL };
++ LDAPMessage *result = NULL;
++ LDAPMessage *entry = NULL;
++ bool ret = false;
++ char *user_sid_string;
++ DOM_SID *user_sid;
++ int rc;
++ TALLOC_CTX *tmp_ctx = talloc_stackframe();
++ filter = talloc_asprintf(tmp_ctx,
++ "(&(uidNumber=%u)"
++ "(objectClass=%s)"
++ "(objectClass=%s))",
++ (unsigned int)uid,
++ if (filter == NULL) {
++ DEBUG(3, ("talloc_asprintf failed\n"));
++ goto done;
++ }
++ rc = smbldap_search_suffix(priv->smbldap_state, filter, attrs, &result);
++ if (rc != LDAP_SUCCESS) {
++ goto done;
++ }
++ talloc_autofree_ldapmsg(tmp_ctx, result);
++ if (ldap_count_entries(priv2ld(priv), result) != 1) {
++ DEBUG(3, ("ERROR: Got %d entries for uid %u, expected one\n",
++ ldap_count_entries(priv2ld(priv), result),
++ (unsigned int)uid));
++ goto done;
++ }
++ entry = ldap_first_entry(priv2ld(priv), result);
++ user_sid_string = smbldap_talloc_single_attribute(priv2ld(priv), entry,
++ "sambaSID", tmp_ctx);
++ if (user_sid_string == NULL) {
++ DEBUG(1, ("Could not find sambaSID in object '%s'\n",
++ smbldap_talloc_dn(tmp_ctx, priv2ld(priv), entry)));
++ goto done;
++ }
++ user_sid = string_sid_talloc(tmp_ctx, user_sid_string);
++ if (user_sid == NULL) {
++ DEBUG(3, ("Error calling sid_string_talloc for sid '%s'\n",
++ user_sid_string));
++ goto done;
++ }
++ sid_copy(sid, user_sid);
++ store_uid_sid_cache(sid, uid);
++ idmap_cache_set_sid2uid(sid, uid);
++ ret = true;
++ done:
++ TALLOC_FREE(tmp_ctx);
++ return ret;
+ /*
+ * The following functions is called only if
+ * ldapsam:trusted and ldapsam:editposix are
+@@ -6344,6 +6418,7 @@ NTSTATUS pdb_init_ldapsam(struct pdb_methods **pdb_method, const char *location)
+ ldapsam_enum_group_memberships;
+ (*pdb_method)->lookup_rids = ldapsam_lookup_rids;
+ (*pdb_method)->sid_to_id = ldapsam_sid_to_id;
++ (*pdb_method)->uid_to_sid = ldapsam_uid_to_sid;
+ if (lp_parm_bool(-1, "ldapsam", "editposix", False)) {
+ (*pdb_method)->create_user = ldapsam_create_user;
+From 179e63ae9aa93984ea3d237c1039460c5acf01a5 Mon Sep 17 00:00:00 2001
+From: Michael Adam <obnox@samba.org>
+Date: Thu, 14 Jan 2010 14:24:35 +0100
+Subject: [PATCH] s3:auth: fix account unlock regression introduced with fix for bug #4347
+MIME-Version: 1.0
+Content-Type: text/plain; charset=utf-8
+Content-Transfer-Encoding: 8bit
+By an oversight, the patchset for #4347 made the unlocking of a locked
+account after the lockout duration ineffective.
+Thanks to Björn for finding this!
+ source3/auth/auth_sam.c | 12 +++++-------
+ 1 files changed, 5 insertions(+), 7 deletions(-)
+diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c
+index 1dd8fc9..01b2517 100644
+--- a/source3/auth/auth_sam.c
++++ b/source3/auth/auth_sam.c
+@@ -369,7 +369,6 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context,
+ DATA_BLOB user_sess_key = data_blob_null;
+ DATA_BLOB lm_sess_key = data_blob_null;
+ bool updated_autolock = False, updated_badpw = False;
+- uint32_t acct_ctrl;
+ const char *username;
+ const uint8_t *nt_pw;
+ const uint8_t *lm_pw;
+@@ -399,22 +398,21 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context,
+ }
+- acct_ctrl = pdb_get_acct_ctrl(sampass);
+ username = pdb_get_username(sampass);
+ nt_pw = pdb_get_nt_passwd(sampass);
+ lm_pw = pdb_get_lanman_passwd(sampass);
+ /* see if autolock flag needs to be updated */
+- if (acct_ctrl & ACB_NORMAL)
++ if (pdb_get_acct_ctrl(sampass) & ACB_NORMAL)
+ pdb_update_autolock_flag(sampass, &updated_autolock);
+ /* Quit if the account was locked out. */
+- if (acct_ctrl & ACB_AUTOLOCK) {
++ if (pdb_get_acct_ctrl(sampass) & ACB_AUTOLOCK) {
+ DEBUG(3,("check_sam_security: Account for user %s was locked out.\n", username));
+ }
+ nt_status = sam_password_ok(auth_context, mem_ctx,
+- username, acct_ctrl, lm_pw, nt_pw,
++ username, pdb_get_acct_ctrl(sampass), lm_pw, nt_pw,
+ user_info, &user_sess_key, &lm_sess_key);
+ /* Notify passdb backend of login success/failure. If not
+@@ -426,7 +424,7 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context,
+ bool increment_bad_pw_count = false;
+- acct_ctrl & ACB_NORMAL &&
++ pdb_get_acct_ctrl(sampass) & ACB_NORMAL &&
+ NT_STATUS_IS_OK(update_login_attempts_status))
+ {
+ increment_bad_pw_count =
+@@ -457,7 +455,7 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context,
+ goto done;
+ }
+- if ((acct_ctrl & ACB_NORMAL) &&
++ if ((pdb_get_acct_ctrl(sampass) & ACB_NORMAL) &&
+ (pdb_get_bad_password_count(sampass) > 0)){
+ pdb_set_bad_password_count(sampass, 0, PDB_CHANGED);
+ pdb_set_bad_password_time(sampass, 0, PDB_CHANGED);
diff --git a/net/samba34/files/smb.conf.sample.in b/net/samba34/files/smb.conf.sample.in
new file mode 100644
index 000000000000..b55405bd56b4
--- /dev/null
+++ b/net/samba34/files/smb.conf.sample.in
@@ -0,0 +1,291 @@
+# This is the main Samba configuration file. You should read the
+# smb.conf(5) manual page in order to understand the options listed
+# here. Samba has a huge number of configurable options (perhaps too
+# many!) most of which are not shown in this example
+# For a step to step guide on installing, configuring and using samba,
+# read the Samba-HOWTO-Collection. This may be obtained from:
+# http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf
+# Many working examples of smb.conf files can be found in the
+# Samba-Guide which is generated daily and can be downloaded from:
+# http://www.samba.org/samba/docs/Samba-Guide.pdf
+# Any line which starts with a ; (semi-colon) or a # (hash)
+# is a comment and is ignored. In this example we will use a #
+# for commentry and a ; for parts of the config file that you
+# may wish to enable
+# NOTE: Whenever you modify this file you should run the command "testparm"
+# to check that you have not made any basic syntactic errors.
+#======================= Global Settings =====================================
+# workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH
+ workgroup = MYGROUP
+# server string is the equivalent of the NT Description field
+ server string = Samba Server
+# Security mode. Defines in which mode Samba will operate. Possible
+# values are share, user, server, domain and ads. Most people will want
+# user level security. See the Samba-HOWTO-Collection for details.
+ security = user
+# This option is important for security. It allows you to restrict
+# connections to machines which are on your local network. The
+# following example restricts access to two C class networks and
+# the "loopback" interface. For more examples of the syntax see
+# the smb.conf man page
+; hosts allow = 192.168.1. 192.168.2. 127.
+# If you want to automatically load your printer list rather
+# than setting them up individually then you'll need this
+ load printers = yes
+# you may wish to override the location of the printcap file
+; printcap name = /etc/printcap
+# on SystemV system setting printcap name to lpstat should allow
+# you to automatically obtain a printer list from the SystemV spool
+# system
+; printcap name = lpstat
+# It should not be necessary to specify the print system type unless
+# it is non-standard. Currently supported print systems include:
+# bsd, cups, sysv, plp, lprng, aix, hpux, qnx
+; printing = cups
+# Uncomment this if you want a guest account, you must add this to /etc/passwd
+# otherwise the user "nobody" is used
+; guest account = pcguest
+# this tells Samba to use a separate log file for each machine
+# that connects
+ log file = %%SAMBA_LOGDIR%%/log.%m
+# Put a capping on the size of the log files (in Kb).
+ max log size = 50
+# Use password server option only with security = server
+# The argument list may include:
+# password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
+# or to auto-locate the domain controller/s
+# password server = *
+; password server = <NT-Server-Name>
+# Use the realm option only with security = ads
+# Specifies the Active Directory realm the host is part of
+; realm = MY_REALM
+# Backend to store user information in. New installations should
+# use either tdbsam or ldapsam. smbpasswd is available for backwards
+# compatibility. tdbsam requires no further configuration.
+; passdb backend = tdbsam
+# Using the following line enables you to customise your configuration
+# on a per machine basis. The %m gets replaced with the netbios name
+# of the machine that is connecting.
+# Note: Consider carefully the location in the configuration file of
+# this line. The included file is read at that point.
+; include = %%SAMBA_CONFDIR%%/smb.conf.%m
+# Most people will find that this option gives better performance.
+# See the chapter 'Samba performance issues' in the Samba HOWTO Collection
+# and the manual pages for details.
+# You may want to add the following on a Linux system:
+; socket options = SO_RCVBUF=8192 SO_SNDBUF=8192
+# Configure Samba to use multiple interfaces
+# If you have multiple network interfaces then you must list them
+# here. See the man page for details.
+; interfaces =
+# Browser Control Options:
+# set local master to no if you don't want Samba to become a master
+# browser on your network. Otherwise the normal election rules apply
+; local master = no
+# OS Level determines the precedence of this server in master browser
+# elections. The default value should be reasonable
+; os level = 33
+# Domain Master specifies Samba to be the Domain Master Browser. This
+# allows Samba to collate browse lists between subnets. Don't use this
+# if you already have a Windows NT domain controller doing this job
+; domain master = yes
+# Preferred Master causes Samba to force a local browser election on startup
+# and gives it a slightly higher chance of winning the election
+; preferred master = yes
+# Enable this if you want Samba to be a domain logon server for
+# Windows95 workstations.
+; domain logons = yes
+# if you enable domain logons then you may want a per-machine or
+# per user logon script
+# run a specific logon batch file per workstation (machine)
+; logon script = %m.bat
+# run a specific logon batch file per username
+; logon script = %U.bat
+# Where to store roving profiles (only for Win95 and WinNT)
+# %L substitutes for this servers netbios name, %U is username
+# You must uncomment the [Profiles] share below
+; logon path = \\%L\Profiles\%U
+# Windows Internet Name Serving Support Section:
+# WINS Support - Tells the NMBD component of Samba to enable it's WINS Server
+; wins support = yes
+# WINS Server - Tells the NMBD components of Samba to be a WINS Client
+# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
+; wins server = w.x.y.z
+# WINS Proxy - Tells Samba to answer name resolution queries on
+# behalf of a non WINS capable client, for this to work there must be
+# at least one WINS Server on the network. The default is NO.
+; wins proxy = yes
+# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
+# via DNS nslookups. The default is NO.
+ dns proxy = no
+# Charset settings
+; display charset = koi8-r
+; unix charset = koi8-r
+; dos charset = cp866
+# Use extended attributes to store file modes
+; store dos attributes = yes
+; map hidden = no
+; map system = no
+; map archive = no
+# Use inherited ACLs for directories
+; nt acl support = yes
+; inherit acls = yes
+; map acl inherit = yes
+# These scripts are used on a domain controller or stand-alone
+# machine to add or delete corresponding unix accounts
+; add user script = /usr/sbin/useradd %u
+; add group script = /usr/sbin/groupadd %g
+; add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %u
+; delete user script = /usr/sbin/userdel %u
+; delete user from group script = /usr/sbin/deluser %u %g
+; delete group script = /usr/sbin/groupdel %g
+#============================ Share Definitions ==============================
+ comment = Home Directories
+ browseable = no
+ writable = yes
+# Un-comment the following and create the netlogon directory for Domain Logons
+; [netlogon]
+; comment = Network Logon Service
+; path = /usr/local/samba/lib/netlogon
+; guest ok = yes
+; writable = no
+; share modes = no
+# Un-comment the following to provide a specific roving profile share
+# the default is to use the user's home directory
+; path = /usr/local/samba/profiles
+; browseable = no
+; guest ok = yes
+# NOTE: If you have a BSD-style print system there is no need to
+# specifically define each individual printer
+ comment = All Printers
+ path = %%SAMBA_SPOOL%%
+ browseable = no
+# Set public = yes to allow user 'guest account' to print
+ guest ok = no
+ writable = no
+ printable = yes
+# This one is useful for people to share files
+; comment = Temporary file space
+; path = /tmp
+; read only = no
+; public = yes
+# A publicly accessible directory, but read only, except for people in
+# the "staff" group
+; comment = Public Stuff
+; path = /home/samba
+; public = yes
+; writable = yes
+; printable = no
+; write list = @staff
+# Other examples.
+# A private printer, usable only by fred. Spool data will be placed in fred's
+# home directory. Note that fred must have write access to the spool directory,
+# wherever it is.
+; comment = Fred's Printer
+; valid users = fred
+; path = /homes/fred
+; printer = freds_printer
+; public = no
+; writable = no
+; printable = yes
+# A private directory, usable only by fred. Note that fred requires write
+# access to the directory.
+; comment = Fred's Service
+; path = /usr/somewhere/private
+; valid users = fred
+; public = no
+; writable = yes
+; printable = no
+# a service which has a different directory for each machine that connects
+# this allows you to tailor configurations to incoming machines. You could
+# also use the %U option to tailor it by user name.
+# The %m gets replaced with the machine name that is connecting.
+; comment = PC Directories
+; path = /usr/pc/%m
+; public = no
+; writable = yes
+# A publicly accessible directory, read/write to all users. Note that all files
+# created in the directory by users will be owned by the default user, so
+# any user with access can delete any other user's files. Obviously this
+# directory must be writable by the default user. Another user could of course
+# be specified, in which case all files would be owned by that user instead.
+; path = /usr/somewhere/else/public
+; public = yes
+; only guest = yes
+; writable = yes
+; printable = no
+# The following two entries demonstrate how to share a directory so that two
+# users can place files there that will be owned by the specific users. In this
+# setup, the directory should be writable by both users and should have the
+# sticky bit set on it to prevent abuse. Obviously this could be extended to
+# as many users as required.
+; comment = Mary's and Fred's stuff
+; path = /usr/somewhere/shared
+; valid users = mary fred
+; public = no
+; writable = yes
+; printable = no
+; create mask = 0765
diff --git a/net/samba34/pkg-descr b/net/samba34/pkg-descr
new file mode 100644
index 000000000000..28f431acf0f7
--- /dev/null
+++ b/net/samba34/pkg-descr
@@ -0,0 +1,12 @@
+The Samba suite is a set of programs which run under the FreeBSD
+operating system. These programs deliver most of the important
+functionality of a Microsoft Lan Manager server. That is, they support
+remote access to FreeBSD filespace and FreeBSD printers from Lan Manager
+compatible clients. In practical terms, this means that such clients can
+connect to and use FreeBSD filespace as if it was a local disk drive, or
+FreeBSD printers as if they were local printers.
+Some of the most popular Lan Manager compatible clients include Lan
+Manager itself, Windows for Workgroups, OS/2 and Windows NT.
+WWW: http://www.samba.org/
diff --git a/net/samba34/pkg-plist b/net/samba34/pkg-plist
new file mode 100644
index 000000000000..72f047d15e1b
--- /dev/null
+++ b/net/samba34/pkg-plist
@@ -0,0 +1,231 @@
+@dirrm %%EXAMPLESDIR%%/validchars
+@dirrm %%EXAMPLESDIR%%/tridge
+@dirrm %%EXAMPLESDIR%%/scripts/wins_hook
+@dirrm %%EXAMPLESDIR%%/scripts/users_and_groups
+@dirrm %%EXAMPLESDIR%%/scripts/shares/python
+@dirrm %%EXAMPLESDIR%%/scripts/shares/perl
+@dirrm %%EXAMPLESDIR%%/scripts/shares
+@dirrm %%EXAMPLESDIR%%/scripts/printing/cups
+@dirrm %%EXAMPLESDIR%%/scripts/printing
+@dirrm %%EXAMPLESDIR%%/scripts/mount
+@dirrm %%EXAMPLESDIR%%/scripts/eventlog
+@dirrm %%EXAMPLESDIR%%/scripts/debugging/solaris
+@dirrm %%EXAMPLESDIR%%/scripts/debugging/linux
+@dirrm %%EXAMPLESDIR%%/scripts/debugging
+@dirrm %%EXAMPLESDIR%%/scripts
+@dirrm %%EXAMPLESDIR%%/printing
+@dirrm %%EXAMPLESDIR%%/printer-accounting
+@dirrm %%EXAMPLESDIR%%/perfcounter
+@dirrm %%EXAMPLESDIR%%/pdb
+@dirrm %%EXAMPLESDIR%%/pcap2nbench
+@dirrm %%EXAMPLESDIR%%/pam_winbind
+%%SMBPASS%%@dirrm %%EXAMPLESDIR%%/pam_smbpass
+@dirrm %%EXAMPLESDIR%%/nss
+@dirrm %%EXAMPLESDIR%%/misc
+@dirrm %%EXAMPLESDIR%%/logon/ntlogon
+@dirrm %%EXAMPLESDIR%%/logon/mklogon
+@dirrm %%EXAMPLESDIR%%/logon/genlogon
+@dirrm %%EXAMPLESDIR%%/logon
+@dirrm %%EXAMPLESDIR%%/dce-dfs
+@dirrm %%EXAMPLESDIR%%/autofs
+@dirrm %%EXAMPLESDIR%%/auth/crackcheck
+@dirrm %%EXAMPLESDIR%%/auth
+@dirrm %%EXAMPLESDIR%%
+%%PORTDOCS%%@dirrm %%DOCSDIR%%/registry
+%%PORTDOCS%%@dirrm %%DOCSDIR%%
diff --git a/net/samba34/pkg-plist.swat b/net/samba34/pkg-plist.swat
new file mode 100644
index 000000000000..9155587b6844
--- /dev/null
+++ b/net/samba34/pkg-plist.swat
@@ -0,0 +1,499 @@
+@dirrm share/swat/using_samba/figs
+@dirrm share/swat/using_samba
+@dirrm share/swat/lang/tr/js
+@dirrm share/swat/lang/tr/include
+@dirrm share/swat/lang/tr/images
+@dirrm share/swat/lang/tr/help
+@dirrm share/swat/lang/tr
+@dirrm share/swat/lang/ja/js
+@dirrm share/swat/lang/ja/include
+@dirrm share/swat/lang/ja/images
+@dirrm share/swat/lang/ja/help
+@dirrm share/swat/lang/ja
+@dirrm share/swat/lang
+@dirrm share/swat/js
+@dirrm share/swat/include
+@dirrm share/swat/images
+@dirrm share/swat/help/manpages
+@dirrm share/swat/help/Samba3-HOWTO/images
+@dirrm share/swat/help/Samba3-HOWTO
+@dirrm share/swat/help/Samba3-Developers-Guide
+@dirrm share/swat/help/Samba3-ByExample/images
+@dirrm share/swat/help/Samba3-ByExample
+@dirrm share/swat/help
+@dirrm share/swat