- Update to 3.0.25a.

Major bug fixes included in Samba 3.0.25a are:

  o Missing supplementary Unix group membership when using "force
    group".
  o Premature expiration of domain user passwords when using a
    Samba domain controller.
  o Failure to open the Windows object picker against a server
    configured to use "security = domain".
  * Authentication failures when using security = server.

Plus additional local fixes.

PR:		ports/113358
Submitted by:	maintainer

14 files changed, 657 insertions, 47 deletions

diff --git a/net/samba3/Makefile b/net/samba3/Makefile
index d9cf70dc6ecc..2b8737b47bce 100644
--- a/net/samba3/Makefile
+++ b/net/samba3/Makefile
@@ -6,7 +6,7 @@
 #
 
 PORTNAME=		samba
-PORTVERSION?=		3.0.25
+PORTVERSION?=		3.0.25a
 PORTREVISION?=		0
 PORTEPOCH?=		1
 CATEGORIES?=		net
@@ -76,7 +76,8 @@ OPTIONS=	LDAP		"With LDAP support" on \
 		DNSUPDATE	"With dynamic DNS update" off \
 		EXP_MODULES	"With experimental modules" off \
 		POPT		"With system-wide POPT library" on \
-		MAX_DEBUG	"With maximum debuging" off
+		MAX_DEBUG	"With maximum debuging" off \
+		SMBTORTURE	"With smbtorture" off
 .endif
 
 .include <bsd.port.pre.mk>
@@ -180,9 +181,10 @@ WANT_EXP_MODULES=	idmap_ad idmap_rid charset_weird
 .		if !defined(WITH_MAX_DEBUG)
 WANT_EXP_MODULES+=	rpc_echo
 .		endif
+WANT_EXP_MODULES+=	vfs_catia vfs_cacheprime vfs_commit
 .	endif
-WANT_EXP_MODULES!=	${ECHO_CMD} ${WANT_EXP_MODULES} | ${SED} -E 's/ +/,/g'
-CONFIGURE_ARGS+=	--with-shared-modules="${WANT_EXP_MODULES}"
+USE_EXP_MODULES!=	${ECHO_CMD} ${WANT_EXP_MODULES} | ${SED} -E 's/ +/,/g'
+CONFIGURE_ARGS+=	--with-shared-modules="${USE_EXP_MODULES}"
 .endif
 
 .if defined(WITH_PAM_SMBPASS)
@@ -218,6 +220,9 @@ CONFIGURE_ARGS+=	--without-cluster-support
 .endif
 
 .if defined(WITH_DNSUPDATE)
+.	if !defined(WITH_ADS)
+IGNORE=			dynamic DNS updates require ADS support
+.	endif
 LIB_DEPENDS+=		uuid.1:${PORTSDIR}/misc/e2fsprogs-libuuid
 CONFIGURE_ARGS+=	--with-dnsupdate
 .else
@@ -283,6 +288,12 @@ CONFIGURE_ARGS+=	--with-ldap
 CONFIGURE_ARGS+=	--without-ldap
 .endif
 
+.if defined(WITH_SMBTORTURE)
+PLIST_SUB+=		SMBTORTURE=""
+.else
+PLIST_SUB+=		SMBTORTURE="@comment "
+.endif
+
 .if !defined(SAMBA_SUBPORT)
 # Samba server itself
 MAN1=		findsmb.1 log2pcap.1 nmblookup.1 ntlm_auth.1 profiles.1 \
@@ -290,8 +301,14 @@ MAN1=		findsmb.1 log2pcap.1 nmblookup.1 ntlm_auth.1 profiles.1 \
 		smbget.1 smbstatus.1 smbtar.1 smbtree.1 testparm.1 vfstest.1
 MAN5=		lmhosts.5 smb.conf.5 smbgetrc.5 smbpasswd.5
 MAN7=		samba.7
-MAN8=		net.8 nmbd.8 pdbedit.8 smbd.8 smbpasswd.8 smbspool.8 \
-		swat.8 tdbbackup.8 tdbdump.8
+MAN8=		eventlogadm.8 net.8 nmbd.8 pdbedit.8 smbd.8 smbpasswd.8 \
+		smbspool.8 swat.8 tdbbackup.8 tdbdump.8 tdbtool.8 \
+		idmap_nss.8 idmap_tdb.8 \
+		vfs_audit.8 vfs_cap.8 vfs_default_quota.8 vfs_extd_audit.8 \
+		vfs_fake_perms.8 vfs_full_audit.8 vfs_netatalk.8 \
+		vfs_readahead.8	vfs_readonly.8 vfs_recycle.8 \
+		vfs_shadow_copy.8
+
 .if defined(WITH_SMBSH)
 MAN1+=		smbsh.1
 .endif
@@ -301,6 +318,34 @@ MAN7+=		pam_winbind.7
 MAN8+=		winbindd.8
 .endif
 
+.if defined(WITH_FAM_SUPPORT)
+MAN8+=		vfs_notify_fam.8
+.endif
+
+.if defined(SAMBA_WANT_LDAP)
+MAN8+=		idmap_ldap.8
+.endif
+
+.if !empty(WANT_EXP_MODULES:Midmap_ad)
+MAN8+=		idmap_ad.8
+.endif
+
+.if !empty(WANT_EXP_MODULES:Midmap_rid)
+MAN8+=		idmap_rid.8
+.endif
+
+.if !empty(WANT_EXP_MODULES:Mvfs_cacheprime)
+MAN8+=		vfs_cacheprime.8
+.endif
+
+.if !empty(WANT_EXP_MODULES:Mvfs_catia)
+MAN8+=		vfs_catia.8
+.endif
+
+.if !empty(WANT_EXP_MODULES:Mvfs_commit)
+MAN8+=		vfs_commit.8
+.endif
+
 PLIST_SUB+=	SAMBA_LOGDIR="${SAMBA_LOGDIR}" \
 		SAMBA_LOCKDIR="${SAMBA_LOCKDIR}" \
 		SAMBA_CONFDIR="${SAMBA_CONFDIR}" \
@@ -346,6 +391,17 @@ post-patch:
 	@${FIND} ${WRKDIR}/${DISTNAME} -type d | ${XARGS} ${CHMOD} u+w,a+rx
 	@${FIND} ${WRKDIR}/${DISTNAME} -type f | ${XARGS} ${CHMOD} u+w,a+r
 
+# This would speedup compilation for gcc 3.4(available in FreeBSD 5.2) and higher
+.if ${OSVERSION} >= 502126
+pre-build:
+	cd ${WRKSRC} && ${MAKE} pch
+.endif
+
+.if defined(WITH_SMBTORTURE)
+post-build:
+	cd ${WRKSRC} && ${MAKE} smbtorture
+.endif
+
 pre-install:
 	-@${FIND} "${SAMBA_MODULEDIR}" -type f 2>/dev/null | ${SORT} | ${SED} -E 's|^${PREFIX}/?||;' >> ${WRKDIR}/.PLIST.exclude
 	@${CAT} ${PKGDIR}/pkg-plist > ${PLIST}
@@ -382,6 +438,10 @@ post-install:
 	${INSTALL_PROGRAM} "${WRKSRC}/bin/pam_smbpass.so" "${SAMBA_LIBDIR}"
 	@${ECHO_CMD} "${SAMBA_LIB}/pam_smbpass.so" >> ${TMPPLIST};
 .endif
+# smbtorture
+.if defined(WITH_SMBTORTURE)
+	${INSTALL_PROGRAM} "${WRKSRC}/bin/smbtorture" "${PREFIX}/bin"
+.endif
 # smbwrapper.so
 .if defined(WITH_SMBSH)
 	${INSTALL_PROGRAM} "${WRKSRC}/bin/smbsh" "${PREFIX}/bin"
diff --git a/net/samba3/distinfo b/net/samba3/distinfo
index 6a24ecb95d7f..8e6528892605 100644
--- a/net/samba3/distinfo
+++ b/net/samba3/distinfo
@@ -1,3 +1,3 @@
-MD5 (samba-3.0.25.tar.gz) = 267bd56b178a1b1285a41ec4cc1b75f0
-SHA256 (samba-3.0.25.tar.gz) = c88981d1ad221583ebcc96bcda81fb8f957ea82fe1828444fdef523ccf07db73
-SIZE (samba-3.0.25.tar.gz) = 18234944
+MD5 (samba-3.0.25a.tar.gz) = cbd33bb5d904ccd8a294a4019743745d
+SHA256 (samba-3.0.25a.tar.gz) = 12f4fa70b5131520b58f3b62450a2e304dd63efe2532905a0760c7f11a308470
+SIZE (samba-3.0.25a.tar.gz) = 18145636
diff --git a/net/samba3/files/patch-client_client.c b/net/samba3/files/patch-client_client.c
new file mode 100644
index 000000000000..59428ccd00a9
--- /dev/null
+++ b/net/samba3/files/patch-client_client.c
@@ -0,0 +1,20 @@
+--- client/client.c.orig	Tue Jun  5 02:42:29 2007
++++ client/client.c	Tue Jun  5 02:54:19 2007
+@@ -2443,7 +2443,7 @@
+ 				break;
+ 			case SMB_POSIX_ACL_GROUP:
+ 				uorg = IVAL(retbuf,SMB_POSIX_ACL_HEADER_SIZE+(i*SMB_POSIX_ACL_ENTRY_SIZE)+2);
+-				d_printf("group:%u", uorg);
++				d_printf("group:%u:", uorg);
+ 				break;
+ 			case SMB_POSIX_ACL_MASK:
+ 				d_printf("mask::");
+@@ -2480,7 +2480,7 @@
+ 				break;
+ 			case SMB_POSIX_ACL_GROUP:
+ 				uorg = IVAL(retbuf,SMB_POSIX_ACL_HEADER_SIZE+((i+num_file_acls)*SMB_POSIX_ACL_ENTRY_SIZE)+2);
+-				d_printf("default:group:%u", uorg);
++				d_printf("default:group:%u:", uorg);
+ 				break;
+ 			case SMB_POSIX_ACL_MASK:
+ 				d_printf("default:mask::");
diff --git a/net/samba3/files/patch-configure.in b/net/samba3/files/patch-configure.in
index 2b72cbd289b8..c639b90466ab 100644
--- a/net/samba3/files/patch-configure.in
+++ b/net/samba3/files/patch-configure.in
@@ -1,6 +1,6 @@
---- configure.in.orig	Mon Apr  9 19:31:00 2007
-+++ configure.in	Wed Apr 18 03:30:37 2007
-@@ -1040,6 +1040,21 @@
+--- configure.in.orig	Wed May 23 17:29:20 2007
++++ configure.in	Mon Jun  4 03:22:42 2007
+@@ -1041,6 +1041,21 @@
     AC_DEFINE(HAVE_SIG_ATOMIC_T_TYPE,1,[Whether we have the atomic_t variable type])
  fi
  
@@ -22,7 +22,22 @@
  AC_CACHE_CHECK([for struct timespec type],samba_cv_struct_timespec, [
      AC_TRY_COMPILE([
  #include <sys/types.h>
-@@ -5075,7 +5090,7 @@
+@@ -4033,10 +4048,10 @@
+ 
+   ################################################################
+   # first test for Active Directory support being enabled
+-  #if test x"$with_ads_support" = x"no"; then
+-  #		AC_MSG_ERROR(Active Directory support is required to enable DNS Update support)
+-  #		with_dnsupdate_support=no
+-  #fi	  	
++  if test x"$with_ads_support" = x"no"; then
++  		AC_MSG_ERROR(Active Directory support is required to enable DNS Update support)
++  		with_dnsupdate_support=no
++  fi	  	
+   ##################################################################
+   # then test for uuid.h (necessary to generate unique DNS keynames
+   # (uuid.h is required for this test)
+@@ -5107,7 +5122,7 @@
  #################################################
  # check for ACL support
  
@@ -31,7 +46,7 @@
  AC_ARG_WITH(acl-support,
  [  --with-acl-support      Include ACL support (default=no)],
  [ case "$withval" in
-@@ -5083,42 +5098,37 @@
+@@ -5115,43 +5130,37 @@
  
  	case "$host_os" in
  	*sysv5*)
@@ -77,11 +92,12 @@
 -		AC_MSG_RESULT(Using FreeBSD posix ACLs)
 -		AC_DEFINE(HAVE_POSIX_ACLS,1,[Whether FreeBSD POSIX ACLs are available])
 -		AC_DEFINE(HAVE_ACL_GET_PERM_NP,1,[Whether acl_get_perm_np() is available])
+-		default_static_modules="$default_static_modules vfs_posixacl"
 -		;;
  	*linux*)
  		AC_CHECK_LIB(attr,getxattr,[ACL_LIBS="$ACL_LIBS -lattr"])
         		AC_CHECK_LIB(acl,acl_get_file,[ACL_LIBS="$ACL_LIBS -lacl"])
-@@ -5139,7 +5149,7 @@
+@@ -5172,7 +5181,7 @@
  			LIBS=$acl_LIBS
  		])
  		if test x"$samba_cv_HAVE_POSIX_ACLS" = x"yes"; then
@@ -90,7 +106,7 @@
  			AC_DEFINE(HAVE_POSIX_ACLS,1,[Whether POSIX ACLs are available])
  			AC_CACHE_CHECK([for acl_get_perm_np],samba_cv_HAVE_ACL_GET_PERM_NP,[
  				acl_LIBS=$LIBS
-@@ -5160,12 +5170,18 @@
+@@ -5193,12 +5202,18 @@
  				AC_DEFINE(HAVE_ACL_GET_PERM_NP,1,[Whether acl_get_perm_np() is available])
  			fi
  		fi
@@ -113,7 +129,7 @@
  			AC_TRY_LINK([
  				#include <sys/types.h>
  				#include <sys/acl.h>
-@@ -5178,20 +5194,20 @@
+@@ -5211,20 +5226,20 @@
  			[samba_cv_HAVE_POSIX_ACLS=yes],
  			[samba_cv_HAVE_POSIX_ACLS=no])
  			LIBS=$acl_LIBS
@@ -139,7 +155,7 @@
  				],
  				[samba_cv_HAVE_ACL_GET_PERM_NP=yes],
  				[samba_cv_HAVE_ACL_GET_PERM_NP=no])
-@@ -5200,17 +5216,22 @@
+@@ -5233,17 +5248,22 @@
  			if test x"$samba_cv_HAVE_ACL_GET_PERM_NP" = x"yes"; then
  				AC_DEFINE(HAVE_ACL_GET_PERM_NP,1,[Whether acl_get_perm_np() is available])
  			fi
diff --git a/net/samba3/files/patch-lib_iconv.c b/net/samba3/files/patch-lib_iconv.c
new file mode 100644
index 000000000000..29f46869216f
--- /dev/null
+++ b/net/samba3/files/patch-lib_iconv.c
@@ -0,0 +1,11 @@
+--- lib/iconv.c.orig	Tue Jun  5 01:45:05 2007
++++ lib/iconv.c	Tue Jun  5 01:46:09 2007
+@@ -137,7 +137,7 @@
+ 			char **outbuf, size_t *outbytesleft)
+ {
+ 	size_t ret = iconv((iconv_t)cd, 
+-			   (char **)inbuf, inbytesleft, 
++			   inbuf, inbytesleft, 
+ 			   outbuf, outbytesleft);
+ 	if (ret == (size_t)-1) {
+ 		int saved_errno = errno;
diff --git a/net/samba3/files/patch-lib_replace_libreplace_cc.m4 b/net/samba3/files/patch-lib_replace_libreplace_cc.m4
new file mode 100644
index 000000000000..b4d3ae135c49
--- /dev/null
+++ b/net/samba3/files/patch-lib_replace_libreplace_cc.m4
@@ -0,0 +1,13 @@
+--- lib/replace/libreplace_cc.m4.orig	Thu Mar  1 05:54:23 2007
++++ lib/replace/libreplace_cc.m4	Mon Jun  4 21:20:13 2007
+@@ -131,6 +131,10 @@
+ AC_CHECK_TYPE(intptr_t, unsigned long long)
+ AC_CHECK_TYPE(ptrdiff_t, unsigned long long)
+ 
++if test x"$ac_cv_type_intptr_t" = x"yes"; then
++	AC_DEFINE(HAVE_INTPTR_T,1,[Whether the host has intptr_t])
++fi
++
+ if test x"$ac_cv_type_long_long" != x"yes";then
+ 	AC_MSG_ERROR([LIBREPLACE needs type 'long long'])
+ fi
diff --git a/net/samba3/files/patch-modules_vfs_posixacl.c b/net/samba3/files/patch-modules_vfs_posixacl.c
deleted file mode 100644
index faa908cd89be..000000000000
--- a/net/samba3/files/patch-modules_vfs_posixacl.c
+++ /dev/null
@@ -1,15 +0,0 @@
---- modules/vfs_posixacl.c.orig	Wed Apr 18 11:51:22 2007
-+++ modules/vfs_posixacl.c	Wed Apr 18 11:51:48 2007
-@@ -200,9 +200,9 @@
- 		return False;
- 	}
- 	ace->a_perm = 0;
--	ace->a_perm |= (acl_get_perm(permset, ACL_READ) ? SMB_ACL_READ : 0);
--	ace->a_perm |= (acl_get_perm(permset, ACL_WRITE) ? SMB_ACL_WRITE : 0);
--	ace->a_perm |= (acl_get_perm(permset, ACL_EXECUTE) ? SMB_ACL_EXECUTE : 0);
-+	ace->a_perm |= (acl_get_perm_np(permset, ACL_READ) ? SMB_ACL_READ : 0);
-+	ace->a_perm |= (acl_get_perm_np(permset, ACL_WRITE) ? SMB_ACL_WRITE : 0);
-+	ace->a_perm |= (acl_get_perm_np(permset, ACL_EXECUTE) ? SMB_ACL_EXECUTE : 0);
- 	return True;
- }
- 
diff --git a/net/samba3/files/patch-nsswitch_pam_winbind.c b/net/samba3/files/patch-nsswitch_pam_winbind.c
index 9c1a8f1bdee5..750963f12048 100644
--- a/net/samba3/files/patch-nsswitch_pam_winbind.c
+++ b/net/samba3/files/patch-nsswitch_pam_winbind.c
@@ -1,5 +1,150 @@
---- ./nsswitch/pam_winbind.c.orig	Mon Apr  9 19:30:57 2007
-+++ ./nsswitch/pam_winbind.c	Tue Apr 17 02:06:59 2007
+--- nsswitch/pam_winbind.c.orig	Sat Apr 21 03:48:07 2007
++++ nsswitch/pam_winbind.c	Mon Jun  4 02:56:34 2007
+@@ -14,13 +14,13 @@
+ 
+ #define _PAM_LOG_FUNCTION_ENTER(function, pamh, ctrl, flags) \
+ 	do { \
+-		_pam_log_debug(pamh, ctrl, LOG_DEBUG, "[pamh: 0x%08x] ENTER: " function " (flags: 0x%04x)", (uint32) pamh, flags); \
++		_pam_log_debug(pamh, ctrl, LOG_DEBUG, "[pamh: 0x%p] ENTER: " function " (flags: 0x%04x)", pamh, flags); \
+ 		_pam_log_state(pamh, ctrl); \
+ 	} while (0)
+ 
+ #define _PAM_LOG_FUNCTION_LEAVE(function, pamh, ctrl, retval) \
+ 	do { \
+-		_pam_log_debug(pamh, ctrl, LOG_DEBUG, "[pamh: 0x%08x] LEAVE: " function " returning %d", (uint32) pamh, retval); \
++		_pam_log_debug(pamh, ctrl, LOG_DEBUG, "[pamh: 0x%p] LEAVE: " function " returning %d", pamh, retval); \
+ 		_pam_log_state(pamh, ctrl); \
+ 	} while (0)
+ 
+@@ -32,16 +32,16 @@
+  * Work around the pam API that has functions with void ** as parameters.
+  * These lead to strict aliasing warnings with gcc.
+  */
+-static int _pam_get_item(const pam_handle_t *pamh, int item_type,
++static int _pam_get_item(pam_handle_t *pamh, int item_type,
+ 			 const void *_item)
+ {
+ 	const void **item = (const void **)_item;
+ 	return pam_get_item(pamh, item_type, item);
+ }
+-static int _pam_get_data(const pam_handle_t *pamh,
+-			 const char *module_data_name, const void *_data)
++static int _pam_get_data(pam_handle_t *pamh,
++			 const char *module_data_name, void *_data)
+ {
+-	const void **data = (const void **)_data;
++	void **data = (void **)_data;
+ 	return pam_get_data(pamh, module_data_name, data);
+ }
+ 
+@@ -53,7 +53,7 @@
+ 	pam_vsyslog(pamh, err, format, args);
+ }
+ #else
+-static void _pam_log_int(const pam_handle_t *pamh, int err, const char *format, va_list args)
++static void _pam_log_int(pam_handle_t *pamh, int err, const char *format, va_list args)
+ {
+ 	char *format2 = NULL;
+ 	const char *service;
+@@ -78,8 +78,8 @@
+ 	return on(ctrl, WINBIND_SILENT);
+ }
+ 
+-static void _pam_log(const pam_handle_t *pamh, int ctrl, int err, const char *format, ...) PRINTF_ATTRIBUTE(4,5);
+-static void _pam_log(const pam_handle_t *pamh, int ctrl, int err, const char *format, ...)
++static void _pam_log(pam_handle_t *pamh, int ctrl, int err, const char *format, ...) PRINTF_ATTRIBUTE(4,5);
++static void _pam_log(pam_handle_t *pamh, int ctrl, int err, const char *format, ...)
+ {
+ 	va_list args;
+ 
+@@ -118,8 +118,8 @@
+ 	return _pam_log_is_debug_enabled(ctrl);
+ }
+ 
+-static void _pam_log_debug(const pam_handle_t *pamh, int ctrl, int err, const char *format, ...) PRINTF_ATTRIBUTE(4,5);
+-static void _pam_log_debug(const pam_handle_t *pamh, int ctrl, int err, const char *format, ...)
++static void _pam_log_debug(pam_handle_t *pamh, int ctrl, int err, const char *format, ...) PRINTF_ATTRIBUTE(4,5);
++static void _pam_log_debug(pam_handle_t *pamh, int ctrl, int err, const char *format, ...)
+ {
+ 	va_list args;
+ 
+@@ -132,20 +132,20 @@
+ 	va_end(args);
+ }
+ 
+-static void _pam_log_state_datum(const pam_handle_t *pamh, int ctrl, int item_type, const char *key, int is_string)
++static void _pam_log_state_datum(pam_handle_t *pamh, int ctrl, int item_type, const char *key, int is_string)
+ {
+-	const void *data = NULL;
++	void *data = NULL;
+ 	if (item_type != 0) {
+-		pam_get_item(pamh, item_type, &data);
++		_pam_get_item(pamh, item_type, &data);
+ 	} else {
+ 		pam_get_data(pamh, key, &data);
+ 	}
+ 	if (data != NULL) {
+ 		const char *type = (item_type != 0) ? "ITEM" : "DATA";
+ 		if (is_string != 0) {
+-			_pam_log_debug(pamh, ctrl, LOG_DEBUG, "[pamh: 0x%08x] STATE: %s(%s) = \"%s\" (0x%08x)", (uint32) pamh, type, key, (const char *) data, (uint32) data);
++			_pam_log_debug(pamh, ctrl, LOG_DEBUG, "[pamh: 0x%p] STATE: %s(%s) = \"%s\" (0x%p)", pamh, type, key, (const char *) data, data);
+ 		} else {
+-			_pam_log_debug(pamh, ctrl, LOG_DEBUG, "[pamh: 0x%08x] STATE: %s(%s) = 0x%08x", (uint32) pamh, type, key, (uint32) data);
++			_pam_log_debug(pamh, ctrl, LOG_DEBUG, "[pamh: 0x%p] STATE: %s(%s) = 0x%p", pamh, type, key, data);
+ 		}
+ 	}
+ }
+@@ -171,7 +171,7 @@
+ #define _PAM_LOG_STATE_ITEM_PASSWORD(pamh, ctrl, item_type) \
+ 	_pam_log_state_datum(pamh, ctrl, item_type, #item_type, _LOG_PASSWORD_AS_STRING)
+ 
+-static void _pam_log_state(const pam_handle_t *pamh, int ctrl)
++static void _pam_log_state(pam_handle_t *pamh, int ctrl)
+ {
+ 	if (!_pam_log_is_debug_state_enabled(ctrl)) {
+ 		return;
+@@ -202,7 +202,7 @@
+ 	_PAM_LOG_STATE_DATA_POINTER(pamh, ctrl, PAM_WINBIND_PWD_LAST_SET);
+ }
+ 
+-static int _pam_parse(const pam_handle_t *pamh, int flags, int argc, const char **argv, dictionary **result_d)
++static int _pam_parse(pam_handle_t *pamh, int flags, int argc, const char **argv, dictionary **result_d)
+ {
+ 	int ctrl = 0;
+ 	const char *config_file = NULL;
+@@ -313,7 +313,7 @@
+ {
+ 	int ctrl = _pam_parse(pamh, 0, 0, NULL, NULL);
+ 	if (_pam_log_is_debug_state_enabled(ctrl)) {
+-		_pam_log_debug(pamh, ctrl, LOG_DEBUG, "[pamh: 0x%08x] CLEAN: cleaning up PAM data 0x%08x (error_status = %d)", (uint32) pamh, (uint32) data, error_status);
++		_pam_log_debug(pamh, ctrl, LOG_DEBUG, "[pamh: 0x%p] CLEAN: cleaning up PAM data 0x%p (error_status = %d)", pamh, data, error_status);
+ 	}
+ 	SAFE_FREE(data);
+ }
+@@ -1441,7 +1441,7 @@
+ 	return PAM_SUCCESS;
+ }
+ 
+-const char *get_conf_item_string(const pam_handle_t *pamh,
++const char *get_conf_item_string(pam_handle_t *pamh,
+ 				 int argc, 
+ 				 const char **argv, 
+ 				 int ctrl,
+@@ -1490,12 +1490,12 @@
+ 	return parm_opt;
+ }
+ 
+-const char *get_krb5_cc_type_from_config(const pam_handle_t *pamh, int argc, const char **argv, int ctrl, dictionary *d)
++const char *get_krb5_cc_type_from_config(pam_handle_t *pamh, int argc, const char **argv, int ctrl, dictionary *d)
+ {
+ 	return get_conf_item_string(pamh, argc, argv, ctrl, d, "krb5_ccache_type", WINBIND_KRB5_CCACHE_TYPE);
+ }
+ 
+-const char *get_member_from_config(const pam_handle_t *pamh, int argc, const char **argv, int ctrl, dictionary *d)
++const char *get_member_from_config(pam_handle_t *pamh, int argc, const char **argv, int ctrl, dictionary *d)
+ {
+ 	const char *ret = NULL;
+ 	ret = get_conf_item_string(pamh, argc, argv, ctrl, d, "require_membership_of", WINBIND_REQUIRED_MEMBERSHIP);
 @@ -1735,7 +1735,7 @@
  		ret = PAM_USER_UNKNOWN;
  		goto out;
diff --git a/net/samba3/files/patch-nsswitch_winbindd.c b/net/samba3/files/patch-nsswitch_winbindd.c
new file mode 100644
index 000000000000..efbb4402f818
--- /dev/null
+++ b/net/samba3/files/patch-nsswitch_winbindd.c
@@ -0,0 +1,12 @@
+--- nsswitch/winbindd.c.orig	Sun Apr 22 01:00:32 2007
++++ nsswitch/winbindd.c	Mon Jun  4 02:59:13 2007
+@@ -303,6 +303,9 @@
+ 	if (state->mem_ctx == NULL)
+ 		return;
+ 
++	/* Remember who asked us. */
++	state->pid = state->request.pid;
++
+ 	/* Process command */
+ 
+ 	for (table = dispatch_table; table->fn; table++) {
diff --git a/net/samba3/files/patch-python_setup.py b/net/samba3/files/patch-python_setup.py
deleted file mode 100644
index fa195e473657..000000000000
--- a/net/samba3/files/patch-python_setup.py
+++ /dev/null
@@ -1,11 +0,0 @@
---- python/setup.py.orig	Tue May 15 13:41:41 2007
-+++ python/setup.py	Tue May 15 13:43:03 2007
-@@ -67,6 +67,8 @@
-         libraries.append(lib[2:])
-     elif lib[0:8] == ("-pthread"):
-         pass # Skip linker flags
-+    elif lib[0:4] == ("-pie"):
-+        pass # Skip linker flags
-     elif lib[0:2] == "-L":
-         library_dirs.append(lib[2:])
-     elif lib[0:2] in ("-W","-s"):
diff --git a/net/samba3/files/patch-smbd_sec_ctx.c b/net/samba3/files/patch-smbd_sec_ctx.c
new file mode 100644
index 000000000000..46c6d55c4c2c
--- /dev/null
+++ b/net/samba3/files/patch-smbd_sec_ctx.c
@@ -0,0 +1,63 @@
+--- smbd/sec_ctx.c.orig	Thu Mar  1 05:54:08 2007
++++ smbd/sec_ctx.c	Tue Jun  5 01:16:32 2007
+@@ -192,7 +192,7 @@
+ 
+ 	if (sec_ctx_stack_ndx == MAX_SEC_CTX_DEPTH) {
+ 		DEBUG(0, ("Security context stack overflow!\n"));
+-		smb_panic("Security context stack overflow!\n");
++		smb_panic("Security context stack overflow!");
+ 	}
+ 
+ 	/* Store previous user context */
+@@ -234,7 +234,9 @@
+ void set_sec_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups, NT_USER_TOKEN *token)
+ {
+ 	struct sec_ctx *ctx_p = &sec_ctx_stack[sec_ctx_stack_ndx];
+-	
++#ifdef HAVE_SETGROUPS
++	gid_t *new_groups = NULL;
++#endif
+ 	/* Set the security context */
+ 
+ 	DEBUG(3, ("setting sec ctx (%u, %u) - sec_ctx_stack_ndx = %d\n", 
+@@ -246,12 +248,20 @@
+ 	gain_root();
+ 
+ #ifdef HAVE_SETGROUPS
+-	sys_setgroups(ngroups, groups);
++	if (!(new_groups = SMB_MALLOC_ARRAY(gid_t, ngroups+1))) {
++	    smb_panic("malloc for groups failed");
++	}
++	new_groups[0] = gid;
++	if(ngroups) {
++		memcpy(&new_groups[1], groups, sizeof(gid_t) * ngroups);
++	}
++	sys_setgroups(ngroups+1, new_groups);
++	SAFE_FREE(new_groups);
+ #endif
+ 
+ 	ctx_p->ut.ngroups = ngroups;
+-
+ 	SAFE_FREE(ctx_p->ut.groups);
++
+ 	if (token && (token == ctx_p->token)) {
+ 		smb_panic("DUPLICATE_TOKEN");
+ 	}
+@@ -262,7 +272,7 @@
+ 		ctx_p->ut.groups = (gid_t *)memdup(groups,
+ 						   sizeof(gid_t) * ngroups);
+ 		if (!ctx_p->ut.groups) {
+-			smb_panic("memdup failed");
++			smb_panic("memdup for groups failed");
+ 		}
+ 	} else {
+ 		ctx_p->ut.groups = NULL;
+@@ -315,7 +325,7 @@
+ 
+ 	if (sec_ctx_stack_ndx == 0) {
+ 		DEBUG(0, ("Security context stack underflow!\n"));
+-		smb_panic("Security context stack underflow!\n");
++		smb_panic("Security context stack underflow!");
+ 	}
+ 
+ 	ctx_p = &sec_ctx_stack[sec_ctx_stack_ndx];
diff --git a/net/samba3/files/patch-utils_ntlm_auth.c b/net/samba3/files/patch-utils_ntlm_auth.c
new file mode 100644
index 000000000000..828d1d1a38f5
--- /dev/null
+++ b/net/samba3/files/patch-utils_ntlm_auth.c
@@ -0,0 +1,295 @@
+--- utils/ntlm_auth.c.orig	Sun Jun  3 04:28:29 2007
++++ utils/ntlm_auth.c	Sun Jun  3 04:47:26 2007
+@@ -689,8 +689,8 @@
+ 	NTSTATUS nt_status;
+ 
+ 	if (strlen(buf) < 2) {
+-		DEBUG(1, ("NTLMSSP query [%s] invalid", buf));
+-		x_fprintf(x_stdout, "BH\n");
++		DEBUG(1, ("NTLMSSP query [%s] invalid\n", buf));
++		x_fprintf(x_stdout, "BH NTLMSSP query [%s] invalid\n", buf);
+ 		return;
+ 	}
+ 
+@@ -714,7 +714,7 @@
+ 
+ 		if (opt_password == NULL) {
+ 			DEBUG(1, ("Out of memory\n"));
+-			x_fprintf(x_stdout, "BH\n");
++			x_fprintf(x_stdout, "BH Out of memory\n");
+ 			data_blob_free(&request);
+ 			return;
+ 		}
+@@ -741,14 +741,14 @@
+ 			x_fprintf(x_stdout, "GK %s\n", key64?key64:"<NULL>");
+ 			SAFE_FREE(key64);
+ 		} else {
+-			x_fprintf(x_stdout, "BH\n");
++			x_fprintf(x_stdout, "BH missing NTLMSSP session key\n");
+ 		}
+ 			
+ 		data_blob_free(&request);
+ 		return;
+ 	} else {
+-		DEBUG(1, ("NTLMSSP query [%s] invalid", buf));
+-		x_fprintf(x_stdout, "BH\n");
++		DEBUG(1, ("NTLMSSP query [%s] invalid\n", buf));
++		x_fprintf(x_stdout, "BH NTLMSSP query [%s] invalid\n", buf);
+ 		return;
+ 	}
+ 
+@@ -817,8 +817,8 @@
+ 	}
+ 
+ 	if (strlen(buf) < 2) {
+-		DEBUG(1, ("NTLMSSP query [%s] invalid", buf));
+-		x_fprintf(x_stdout, "BH\n");
++		DEBUG(1, ("NTLMSSP query [%s] invalid\n", buf));
++		x_fprintf(x_stdout, "BH NTLMSSP query [%s] invalid\n", buf);
+ 		return;
+ 	}
+ 
+@@ -842,7 +842,7 @@
+ 
+ 		if (opt_password == NULL) {
+ 			DEBUG(1, ("Out of memory\n"));
+-			x_fprintf(x_stdout, "BH\n");
++			x_fprintf(x_stdout, "BH Out of memory\n");
+ 			data_blob_free(&request);
+ 			return;
+ 		}
+@@ -892,14 +892,14 @@
+ 			SAFE_FREE(key64);
+ 		}
+ 		else {
+-			x_fprintf(x_stdout, "BH\n");
++			x_fprintf(x_stdout, "BH missing session key\n");
+ 		}
+ 
+ 		data_blob_free(&request);
+ 		return;
+ 	} else {
+-		DEBUG(1, ("NTLMSSP query [%s] invalid", buf));
+-		x_fprintf(x_stdout, "BH\n");
++		DEBUG(1, ("NTLMSSP query [%s] invalid\n", buf));
++		x_fprintf(x_stdout, "BH NTLMSSP query [%s] invalid\n", buf);
+ 		return;
+ 	}
+ 
+@@ -1027,7 +1027,7 @@
+ 
+ 	if (len == -1) {
+ 		DEBUG(1, ("Could not write SPNEGO data blob\n"));
+-		x_fprintf(x_stdout, "BH\n");
++		x_fprintf(x_stdout, "BH Could not write SPNEGO data blob\n");
+ 		return;
+ 	}
+ 
+@@ -1057,8 +1057,8 @@
+ 	pstring     reply_argument;
+ 
+ 	if (strlen(buf) < 2) {
+-		DEBUG(1, ("SPENGO query [%s] invalid", buf));
+-		x_fprintf(x_stdout, "BH\n");
++		DEBUG(1, ("SPNEGO query [%s] invalid\n", buf));
++		x_fprintf(x_stdout, "BH SPNEGO query [%s] invalid\n", buf);
+ 		return;
+ 	}
+ 
+@@ -1068,8 +1068,8 @@
+ 	} else if (strncmp(buf, "KK", 2) == 0) {
+ 		
+ 	} else {
+-		DEBUG(1, ("SPENGO query [%s] invalid", buf));
+-		x_fprintf(x_stdout, "BH\n");
++		DEBUG(1, ("SPNEGO query [%s] invalid\n", buf));
++		x_fprintf(x_stdout, "BH SPNEGO query [%s] invalid\n", buf);
+ 		return;
+ 	}
+ 
+@@ -1086,7 +1086,7 @@
+ 
+ 	if (strlen(buf) <= 3) {
+ 		DEBUG(1, ("GSS-SPNEGO query [%s] invalid\n", buf));
+-		x_fprintf(x_stdout, "BH\n");
++		x_fprintf(x_stdout, "BH GSS-SPENEGO query [%s] invalid\n", buf);
+ 		return;
+ 	}
+ 
+@@ -1096,7 +1096,7 @@
+ 
+ 	if (len == -1) {
+ 		DEBUG(1, ("GSS-SPNEGO query [%s] invalid", buf));
+-		x_fprintf(x_stdout, "BH\n");
++		x_fprintf(x_stdout, "BH GSS-SPNEGO query [%s] invalid", buf);
+ 		return;
+ 	}
+ 
+@@ -1107,8 +1107,8 @@
+ 
+ 		if ( (request.negTokenInit.mechTypes == NULL) ||
+ 		     (request.negTokenInit.mechTypes[0] == NULL) ) {
+-			DEBUG(1, ("Client did not offer any mechanism"));
+-			x_fprintf(x_stdout, "BH\n");
++			DEBUG(1, ("Client did not offer any mechanism\n"));
++			x_fprintf(x_stdout, "BH Client did not offer any mechanism\n");
+ 			return;
+ 		}
+ 
+@@ -1116,15 +1116,15 @@
+ 		if (strcmp(request.negTokenInit.mechTypes[0], OID_NTLMSSP) == 0) {
+ 
+ 			if ( request.negTokenInit.mechToken.data == NULL ) {
+-				DEBUG(1, ("Client did not provide  NTLMSSP data\n"));
+-				x_fprintf(x_stdout, "BH\n");
++				DEBUG(1, ("Client did not provide NTLMSSP data\n"));
++				x_fprintf(x_stdout, "BH Client did not provide NTLMSSP data\n");
+ 				return;
+ 			}
+ 
+ 			if ( ntlmssp_state != NULL ) {
+ 				DEBUG(1, ("Client wants a new NTLMSSP challenge, but "
+ 					  "already got one\n"));
+-				x_fprintf(x_stdout, "BH\n");
++				x_fprintf(x_stdout, "BH Client wants a new NTLMSSP challenge, but already got one\n");
+ 				ntlmssp_end(&ntlmssp_state);
+ 				return;
+ 			}
+@@ -1157,7 +1157,7 @@
+ 
+ 			if ( request.negTokenInit.mechToken.data == NULL ) {
+ 				DEBUG(1, ("Client did not provide Kerberos data\n"));
+-				x_fprintf(x_stdout, "BH\n");
++				x_fprintf(x_stdout, "BH Client did not provide Kerberos data\n");
+ 				return;
+ 			}
+ 
+@@ -1183,7 +1183,7 @@
+ 				if (domain == NULL) {
+ 					DEBUG(1, ("Did not get a valid principal "
+ 						  "from ads_verify_ticket\n"));
+-					x_fprintf(x_stdout, "BH\n");
++					x_fprintf(x_stdout, "BH Did not get a valid principal from ads_verify_ticket\n");
+ 					return;
+ 				}
+ 
+@@ -1206,13 +1206,14 @@
+ 			   is the only one we support that sends this stuff */
+ 			DEBUG(1, ("Got a negTokenTarg for something non-NTLMSSP: %s\n",
+ 				  request.negTokenTarg.supportedMech));
+-			x_fprintf(x_stdout, "BH\n");
++			x_fprintf(x_stdout, "BH Got a negTokenTarg for something non-NTLMSSP: %s\n",
++				  request.negTokenTarg.supportedMech);
+ 			return;
+ 		}
+ 
+ 		if (request.negTokenTarg.responseToken.data == NULL) {
+ 			DEBUG(1, ("Got a negTokenTarg without a responseToken!\n"));
+-			x_fprintf(x_stdout, "BH\n");
++			x_fprintf(x_stdout, "BH Got a negTokenTarg without a responseToken!\n");
+ 			return;
+ 		}
+ 
+@@ -1256,7 +1257,7 @@
+ 
+ 	if (len == -1) {
+ 		DEBUG(1, ("Could not write SPNEGO data blob\n"));
+-		x_fprintf(x_stdout, "BH\n");
++		x_fprintf(x_stdout, "BH Could not write SPNEGO data blob\n");
+ 		return;
+ 	}
+ 
+@@ -1346,7 +1347,7 @@
+ 
+ 	if (client_ntlmssp_state == NULL) {
+ 		DEBUG(1, ("Got NTLMSSP tArg without a client state\n"));
+-		x_fprintf(x_stdout, "BH\n");
++		x_fprintf(x_stdout, "BH Got NTLMSSP tArg without a client state\n");
+ 		return;
+ 	}
+ 
+@@ -1370,7 +1371,9 @@
+ 		DEBUG(1, ("Expected MORE_PROCESSING_REQUIRED from "
+ 			  "ntlmssp_client_update, got: %s\n",
+ 			  nt_errstr(status)));
+-		x_fprintf(x_stdout, "BH\n");
++		x_fprintf(x_stdout, "BH Expected MORE_PROCESSING_REQUIRED from "
++			  "ntlmssp_client_update, got: %s\n",
++			  nt_errstr(status));
+ 		data_blob_free(&request);
+ 		ntlmssp_end(&client_ntlmssp_state);
+ 		return;
+@@ -1486,7 +1489,7 @@
+ 	switch (spnego.negTokenTarg.negResult) {
+ 	case SPNEGO_ACCEPT_INCOMPLETE:
+ 		DEBUG(1, ("Got a Kerberos negTokenTarg with ACCEPT_INCOMPLETE\n"));
+-		x_fprintf(x_stdout, "BH\n");
++		x_fprintf(x_stdout, "BH Got a Kerberos negTokenTarg with ACCEPT_INCOMPLETE\n");
+ 		break;
+ 	case SPNEGO_ACCEPT_COMPLETED:
+ 		DEBUG(10, ("Accept completed\n"));
+@@ -1518,7 +1521,7 @@
+ 
+ 	if (strlen(buf) <= 3) {
+ 		DEBUG(1, ("SPNEGO query [%s] too short\n", buf));
+-		x_fprintf(x_stdout, "BH\n");
++		x_fprintf(x_stdout, "BH SPNEGO query [%s] too short\n", buf);
+ 		return;
+ 	}
+ 
+@@ -1532,7 +1535,7 @@
+ 		
+ 		if (opt_password == NULL) {
+ 			DEBUG(1, ("Out of memory\n"));
+-			x_fprintf(x_stdout, "BH\n");
++			x_fprintf(x_stdout, "BH Out of memory\n");
+ 			data_blob_free(&request);
+ 			return;
+ 		}
+@@ -1546,7 +1549,7 @@
+ 	     (strncmp(buf, "AF ", 3) != 0) &&
+ 	     (strncmp(buf, "NA ", 3) != 0) ) {
+ 		DEBUG(1, ("SPNEGO request [%s] invalid\n", buf));
+-		x_fprintf(x_stdout, "BH\n");
++		x_fprintf(x_stdout, "BH SPNEGO request [%s] invalid\n", buf);
+ 		data_blob_free(&request);
+ 		return;
+ 	}
+@@ -1559,7 +1562,7 @@
+ 
+ 	if (len == -1) {
+ 		DEBUG(1, ("Could not read SPNEGO data for [%s]\n", buf));
+-		x_fprintf(x_stdout, "BH\n");
++		x_fprintf(x_stdout, "BH Could not read SPNEGO data for [%s]\n", buf);
+ 		return;
+ 	}
+ 
+@@ -1588,7 +1591,7 @@
+ 		}
+ 
+ 		DEBUG(1, ("Server offered no compatible mechanism\n"));
+-		x_fprintf(x_stdout, "BH\n");
++		x_fprintf(x_stdout, "BH Server offered no compatible mechanism\n");
+ 		return;
+ 	}
+ 
+@@ -1610,7 +1613,9 @@
+ 				DEBUG(1, ("Got a negTokenTarg with no mech and an "
+ 					  "unknown negResult: %d\n",
+ 					  spnego.negTokenTarg.negResult));
+-				x_fprintf(x_stdout, "BH\n");
++				x_fprintf(x_stdout, "BH Got a negTokenTarg with no mech and an "
++					  "unknown negResult: %d\n",
++					  spnego.negTokenTarg.negResult);
+ 			}
+ 
+ 			ntlmssp_end(&client_ntlmssp_state);
+@@ -1634,7 +1639,7 @@
+ 	}
+ 
+ 	DEBUG(1, ("Got an SPNEGO token I could not handle [%s]!\n", buf));
+-	x_fprintf(x_stdout, "BH\n");
++	x_fprintf(x_stdout, "BH Got an SPNEGO token I could not handle [%s]!\n", buf);
+ 	return;
+ 
+  out:
diff --git a/net/samba3/files/samba.in b/net/samba3/files/samba.in
index 37725be15457..38799d3e1c55 100644
--- a/net/samba3/files/samba.in
+++ b/net/samba3/files/samba.in
@@ -135,7 +135,7 @@ samba_reload_cmd() {
 		debug "reloading ${name} configuration"
 		echo "Reloading ${name}."
 		# XXX: Hack with pid_extra
-		"${smbcontrol_command}" "${name}${pid_extra}" 'reload-config' ${command_args}
+		"${smbcontrol_command}" "${name}${pid_extra}" 'reload-config' ${command_args} >/dev/null 2>&1
 	    fi
 	fi
     done
diff --git a/net/samba3/pkg-plist b/net/samba3/pkg-plist
index 37f7c4fba2f0..00a2c3b9ba1d 100644
--- a/net/samba3/pkg-plist
+++ b/net/samba3/pkg-plist
@@ -22,6 +22,7 @@ bin/tdbdump
 bin/tdbtool
 bin/testparm
 %%SMBSH%%bin/smbsh
+%%SMBTORTURE%%bin/smbtorture
 %%WINBIND%%bin/wbinfo
 sbin/smbd
 sbin/nmbd