kpriv/freebsd-ports
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

net/samba419: Add new port

Browse source 
Many thanks to Joshua Kinard, Siva Mahadevan, Yasuhiro Kimura, Andrew Walker, and Peter Eriksson for their patches.

PR:		270383
This commit is contained in:
Mikael Urankar 2024-02-05 13:56:27 +01:00
parent 1e1b3d42f5
commit b0a4fa4a12
120 changed files with 40779 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
Mk/Uses/samba.mk
View file

@ -21,7 +21,7 @@ IGNORE= USES=samba has invalid arguments: ${samba_ARGS:Nbuild:Nenv:Nlib:Nrun}
SAMBAPORT= net/samba${SAMBA_DEFAULT:S/.//}
SAMBAINCLUDES= ${LOCALBASE}/include/samba4
. if ${SAMBA_DEFAULT} == 4.13 || ${SAMBA_DEFAULT} == 4.16
. if ${SAMBA_DEFAULT} == 4.13 || ${SAMBA_DEFAULT} == 4.16 || ${SAMBA_DEFAULT} == 4.19
SAMBALIBS= ${LOCALBASE}/lib/samba4
. else
IGNORE= Invalid version of samba: ${SAMBA_DEFAULT}

2
Mk/bsd.default-versions.mk
View file

@ -142,7 +142,7 @@ PYTHON2_DEFAULT?= 2.7
RUBY_DEFAULT?= 3.1
# Possible values: rust, rust-nightly
RUST_DEFAULT?= rust
# Possible values: 4.13, 4.16
# Possible values: 4.13, 4.16, 4.19
SAMBA_DEFAULT?= 4.16
# Possible values: base, openssl, openssl111, openssl31, openssl32, libressl, libressl-devel
. if !defined(SSL_DEFAULT)

1
net/Makefile
View file

@ -1435,6 +1435,7 @@
SUBDIR += sakisafecli
SUBDIR += samba413
SUBDIR += samba416
SUBDIR += samba419
SUBDIR += samplicator
SUBDIR += savvycan
SUBDIR += sbd

701
net/samba419/Makefile Normal file
View file

@ -0,0 +1,701 @@
PORTNAME= ${SAMBA4_BASENAME}419
PORTVERSION= ${SAMBA4_VERSION}
PORTREVISION= 0
CATEGORIES?= net
MASTER_SITES= SAMBA/samba/stable SAMBA/samba/rc
DISTNAME= ${SAMBA4_DISTNAME}
MAINTAINER= mikael@FreeBSD.org
COMMENT= Free SMB/CIFS and AD/DC server and client for Unix
WWW= https://gitlab.com/samba-freebsd/
LICENSE= GPLv3+
LICENSE_FILE= ${WRKSRC}/COPYING
USES= cpe
CONFLICTS_INSTALL?= samba4*
EXTRA_PATCHES= \
${PATCHDIR}/0001-Compact-and-simplify-modules-build-and-config-genera.patch:-p1 \
${PATCHDIR}/0002-Adjust-abi_gen.sh-script-to-run-under-FreeBSD-with-i.patch:-p1 \
${PATCHDIR}/0003-Mask-CLang-prototype-warnings-in-kadm5-admin.h.patch:-p1 \
${PATCHDIR}/0004-On-FreeBSD-date-1-has-different-semantics-than-on-Li.patch:-p1 \
${PATCHDIR}/0005-Include-jemalloc-jemalloc.h-if-ENABLE_JEMALLOC-is-se.patch:-p1 \
${PATCHDIR}/0006-Install-nss_-modules-into-PAMMODULESDIR-path.patch:-p1 \
${PATCHDIR}/0007-Use-macro-value-as-a-default-backlog-size-for-the-li.patch:-p1 \
${PATCHDIR}/0008-Brute-force-work-around-usage-of-Linux-specific-m-fl.patch:-p1 \
${PATCHDIR}/0009-Make-sure-that-config-checks-fail-if-the-warning-is-.patch:-p1 \
${PATCHDIR}/0010-Add-option-with-pkgconfigdir-to-specify-alternative-.patch:-p1 \
${PATCHDIR}/0011-Use-provided-by-port-location-of-the-XML-catalog.patch:-p1 \
${PATCHDIR}/0012-Create-shared-libraries-according-to-the-FreeBSD-spe.patch:-p1 \
${PATCHDIR}/0013-Pass-additional-msg-parameter-to-CHECK_LIB-so-it-can.patch:-p1 \
${PATCHDIR}/0014-Add-option-to-disable-CTDB-tests-failing-on-FreeBSD-.patch:-p1 \
${PATCHDIR}/0015-Add-extra-debug-class-to-trck-down-DB-locking-code.patch:-p1 \
${PATCHDIR}/0016-Make-ldb_schema_attribute_compare-a-stable-comparisi.patch:-p1 \
${PATCHDIR}/0017-Use-arc4random-when-available-to-generate-random-tal.patch:-p1 \
${PATCHDIR}/0018-Add-configuration-option-that-allows-to-choose-alter.patch:-p1 \
${PATCHDIR}/0019-From-923bc7a1afeb0b920e60e14846987ae1d2d7dca4-Mon-Se.patch:-p1 \
${PATCHDIR}/0020-FreeBSD-12-between-r336017-and-r342928-wrongfuly-ret.patch:-p1 \
${PATCHDIR}/0021-Fix-casting-warnings-in-the-nfs_quota-debug-message.patch:-p1 \
${PATCHDIR}/0022-Clean-up-UTMP-handling-code-and-add-FreeBSD-support..patch:-p1 \
${PATCHDIR}/0023-Add-cmd_get_quota-test-function-into-vfstest-to-test.patch:-p1 \
${PATCHDIR}/0024-Cherry-pick-ZFS-provisioning-code-by-iXsystems-Inc.patch:-p1 \
${PATCHDIR}/0025-From-d9b748869a8f4018ebee302aae8246bf29f60309-Mon-Se.patch:-p1 \
${PATCHDIR}/0026-vfs-add-a-compatibility-option-to-the-vfs_streams_xa.patch:-p1 \
${PATCHDIR}/0027-Add-VFS-module-vfs_freebsd-that-implements-FreeBSD-s.patch:-p1 \
${PATCHDIR}/0100-Fix-pathref-handling-for-FreeBSD-13plus.patch
SAMBA4_BASENAME= samba
SAMBA4_PORTNAME= ${SAMBA4_BASENAME}4
SAMBA4_VERSION= 4.19.4
SAMBA4_DISTNAME= ${SAMBA4_BASENAME}-${SAMBA4_VERSION:S|.p|pre|:S|.r|rc|:S|.t|tp|:S|.a|alpha|}
WRKSRC?= ${WRKDIR}/${DISTNAME}
PLIST?= ${PKGDIR}/pkg-plist
CPE_VENDOR= samba
CPE_PRODUCT= samba
# Directories
VARDIR= ${DESTDIR}/var
SAMBA4_RUNDIR= ${VARDIR}/run/${SAMBA4_PORTNAME}
SAMBA4_LOGDIR= ${VARDIR}/log/${SAMBA4_PORTNAME}
SAMBA4_LOCKDIR= ${VARDIR}/db/${SAMBA4_PORTNAME}
SAMBA4_BINDDNSDIR= ${SAMBA4_LOCKDIR}/bind-dns
SAMBA4_PRIVATEDIR= ${SAMBA4_LOCKDIR}/private
SAMBA4_PAMDIR= ${PREFIX}/lib
SAMBA4_LIBDIR= ${PREFIX}/lib/${SAMBA4_PORTNAME}
SAMBA4_INCLUDEDIR= ${PREFIX}/include/${SAMBA4_PORTNAME}
SAMBA4_CONFDIR= ${PREFIX}/etc
SAMBA4_CONFIG= smb4.conf
SAMBA4_MODULES_CLASS= auth bind9 gensec gpext idmap ldb nss_info \
pdb perfcount process_model service vfs
CONFIGURE_ARGS= --mandir="${PREFIX}/share/man" \
--sysconfdir="${SAMBA4_CONFDIR}" \
--includedir="${SAMBA4_INCLUDEDIR}" \
--datadir="${DATADIR}" \
--libdir="${SAMBA4_LIBDIR}" \
--with-privatelibdir="${SAMBA4_LIBDIR}/private" \
--with-pammodulesdir="${SAMBA4_PAMDIR}" \
--with-modulesdir="${SAMBA4_MODULEDIR}" \
--with-pkgconfigdir="${PKGCONFIGDIR}" \
--localstatedir="${VARDIR}" \
--with-piddir="${SAMBA4_RUNDIR}" \
--with-sockets-dir="${SAMBA4_RUNDIR}" \
--with-privileged-socket-dir="${SAMBA4_RUNDIR}" \
--with-lockdir="${SAMBA4_LOCKDIR}" \
--with-statedir="${SAMBA4_LOCKDIR}" \
--with-cachedir="${SAMBA4_LOCKDIR}" \
--with-bind-dns-dir=${SAMBA4_BINDDNSDIR} \
--with-privatedir="${SAMBA4_PRIVATEDIR}" \
--with-logfilebase="${SAMBA4_LOGDIR}"
# XXX: Flags
CONFIGURE_ENV= PTHREAD_LDFLAGS="-lpthread" \
PYTHONHASHSEED=1
MAKE_ENV= PYTHONHASHSEED=1
USES= compiler:c++11-lang iconv localbase:ldflags \
perl5 pkgconfig shebangfix waf gettext-runtime
USE_PERL5= build
USE_LDCONFIG= ${SAMBA4_LIBDIR}
WAF_CMD= buildtools/bin/waf
CONFIGURE_LOG= bin/config.log
# Make sure that the right version of Python is used by the tools
# https://bugzilla.samba.org/show_bug.cgi?id=7305
SHEBANG_FILES= source3/script* source4/scripting/bin/* selftest/*
PKGCONFIGDIR?= ${PREFIX}/libdata/pkgconfig
PKGCONFIGDIR_REL?= ${PKGCONFIGDIR:S,^${PREFIX}/,,}
PLIST_SUB= PKGCONFIGDIR=${PKGCONFIGDIR_REL}
SUB_LIST= PKGCONFIGDIR=${PKGCONFIGDIR_REL}
##############################################################################
OPTIONS_SUB= yes
OPTIONS_DEFINE= AD_DC ADS CLUSTER CUPS DOCS FAM GPGME \
LDAP MANDOC PROFILE PYTHON3 QUOTAS \
SPOTLIGHT SYSLOG UTMP
#OPTIONS_DEFINE+= DEVELOPER MEMORY_DEBUG
OPTIONS_GROUP= VFS
OPTIONS_GROUP_VFS= FRUIT GLUSTERFS
OPTIONS_SINGLE= GSSAPI ZEROCONF
OPTIONS_SINGLE_GSSAPI= GSSAPI_BUILTIN GSSAPI_MIT
#GSSAPI_HEIMDAL
OPTIONS_SINGLE_ZEROCONF= ZEROCONF_NONE AVAHI MDNSRESPONDER
# Make those default options
OPTIONS_DEFAULT= AD_DC ADS DOCS FAM LDAP \
PROFILE PYTHON3 QUOTAS SYSLOG UTMP \
FRUIT GSSAPI_BUILTIN AVAHI
##############################################################################
ADS_DESC= Active Directory client(implies LDAP)
AD_DC_DESC= Active Directory Domain Controller(implies PYTHON3)
CLUSTER_DESC= Clustering support
DEVELOPER_DESC= With developer framework
FAM_DESC= File Alteration Monitor
GPGME_DESC= GpgME support
LDAP_DESC= LDAP client
LIBZFS_DESC= LibZFS
SPOTLIGHT_DESC= Spotlight server-side search support
MANDOC_DESC= Build manpages from DOCBOOK templates
MEMORY_DEBUG_DESC= Debug memory allocator
PICKY_DEVELOPER_DESC= Treat compiler warnings as errors(implies DEVELOPER)
PROFILE_DESC= Profiling data
QUOTAS_DESC= Disk quota support
UTMP_DESC= UTMP accounting
VFS_DESC= VFS modules
FRUIT_DESC= MacOSX and TimeMachine support
GLUSTERFS_DESC= GlusterFS support
GSSAPI_BUILTIN_DESC= GSSAPI support via bundled Heimdal
ZEROCONF_DESC= Zero configuration networking
ZEROCONF_NONE_DESC= Zeroconf support is absent
##############################################################################
# XXX: Unconditional dependencies which can't be switched off(if present in
# the system)
# Iconv(picked up unconditionaly)
LIB_DEPENDS= libiconv.so:converters/libiconv
# unwind
LIB_DEPENDS+= libunwind.so:devel/libunwind
# Readline(sponsored by Python)
# XXX: USES=readline pollutes CPPFLAGS, so we explicitly put dependency
LIB_DEPENDS+= libreadline.so:devel/readline
# popt
LIB_DEPENDS+= libpopt.so:devel/popt
# inotify
LIB_DEPENDS+= libinotify.so:devel/libinotify
# GNUTLS
LIB_DEPENDS+= libgnutls.so:security/gnutls
LIB_DEPENDS+= libgcrypt.so:security/libgcrypt
# NFSv4 ACL glue
LIB_DEPENDS+= libsunacl.so:sysutils/libsunacl
# Jansson
BUILD_DEPENDS+= jansson>=2.10:devel/jansson
RUN_DEPENDS+= jansson>=2.10:devel/jansson
# tasn1
BUILD_DEPENDS+= libtasn1>=3.8:security/libtasn1
RUN_DEPENDS+= libtasn1>=3.8:security/libtasn1
# External Samba dependencies
# Needed for IDL compiler
BUILD_DEPENDS+= p5-Parse-Yapp>=0:devel/p5-Parse-Yapp
# Libarchive
SAMBA4_BUNDLED_LIBS= !libarchive
BUILD_DEPENDS+= libarchive>=3.1.2:archivers/libarchive
RUN_DEPENDS+= libarchive>=3.1.2:archivers/libarchive
### Bundled libraries
SAMBA4_BUNDLED_CMOCKA= yes
SAMBA4_BUNDLED_TALLOC= yes
SAMBA4_BUNDLED_TEVENT= yes
SAMBA4_BUNDLED_TDB= yes
SAMBA4_BUNDLED_LDB= yes
# cmocka
.if defined(SAMBA4_BUNDLED_CMOCKA) && ${SAMBA4_BUNDLED_CMOCKA} == yes
SAMBA4_BUNDLED_LIBS+= cmocka
CONFLICTS_INSTALL+= cmocka-1.*
PLIST_SUB+= SAMBA4_BUNDLED_CMOCKA=""
SUB_LIST+= SAMBA4_BUNDLED_CMOCKA=""
.else
SAMBA4_BUNDLED_LIBS+= !cmocka
BUILD_DEPENDS+= cmocka>=1.1.3:sysutils/cmocka
TEST_DEPENDS+= cmocka>=1.1.3:sysutils/cmocka
PLIST_SUB+= SAMBA4_BUNDLED_CMOCKA="@comment "
SUB_LIST+= SAMBA4_BUNDLED_CMOCKA="@comment "
.endif
# talloc
.if defined(SAMBA4_BUNDLED_TALLOC) && ${SAMBA4_BUNDLED_TALLOC} == yes
SAMBA4_BUNDLED_LIBS+= talloc
CONFLICTS_INSTALL+= talloc-* talloc1-*
PLIST_SUB+= SAMBA4_BUNDLED_TALLOC=""
SUB_LIST+= SAMBA4_BUNDLED_TALLOC=""
.else
SAMBA4_BUNDLED_LIBS+= !talloc
BUILD_DEPENDS+= talloc>=2.3.3:devel/talloc
RUN_DEPENDS+= talloc>=2.3.3:devel/talloc
PLIST_SUB+= SAMBA4_BUNDLED_TALLOC="@comment "
SUB_LIST+= SAMBA4_BUNDLED_TALLOC="@comment "
.endif
# tevent
.if defined(SAMBA4_BUNDLED_TEVENT) && ${SAMBA4_BUNDLED_TEVENT} == yes
SAMBA4_BUNDLED_LIBS+= tevent
CONFLICTS_INSTALL+= tevent-* tevent1-*
PLIST_SUB+= SAMBA4_BUNDLED_TEVENT=""
SUB_LIST+= SAMBA4_BUNDLED_TEVENT=""
.else
SAMBA4_BUNDLED_LIBS+= !tevent
BUILD_DEPENDS+= tevent>=0.11.0:devel/tevent
RUN_DEPENDS+= tevent>=0.11.0:devel/tevent
PLIST_SUB+= SAMBA4_BUNDLED_TEVENT="@comment "
SUB_LIST+= SAMBA4_BUNDLED_TEVENT="@comment "
.endif
# tdb
.if defined(SAMBA4_BUNDLED_TDB) && ${SAMBA4_BUNDLED_TDB} == yes
SAMBA4_BUNDLED_LIBS+= tdb
CONFLICTS_INSTALL+= tdb-* tdb1-*
PLIST_SUB+= SAMBA4_BUNDLED_TDB=""
SUB_LIST+= SAMBA4_BUNDLED_TDB=""
.else
SAMBA4_BUNDLED_LIBS+= !tdb
BUILD_DEPENDS+= tdb>=1.4.6:databases/tdb
RUN_DEPENDS+= tdb>=1.4.6:databases/tdb
PLIST_SUB+= SAMBA4_BUNDLED_TDB="@comment "
SUB_LIST+= SAMBA4_BUNDLED_TDB="@comment "
.endif
# ldb
.if defined(SAMBA4_BUNDLED_LDB) && ${SAMBA4_BUNDLED_LDB} == yes
SAMBA4_BUNDLED_LDB= yes
SAMBA4_BUNDLED_LIBS+= ldb
PLIST_SUB+= SAMBA4_BUNDLED_LDB=""
SUB_LIST+= SAMBA4_BUNDLED_LDB=""
SAMBA4_MODULEDIR= ${SAMBA4_LIBDIR}/modules
.else
SAMBA4_BUNDLED_LIBS+= !ldb
BUILD_DEPENDS+= ldb25>=2.5.2:databases/ldb25
RUN_DEPENDS+= ldb25>=2.5.2:databases/ldb25
PLIST_SUB+= SAMBA4_BUNDLED_LDB="@comment "
SUB_LIST+= SAMBA4_BUNDLED_LDB="@comment "
SAMBA4_MODULEDIR= ${PREFIX}/lib/shared-modules
.endif
.if (defined(SAMBA4_BUNDLED_TALLOC) && ${SAMBA4_BUNDLED_TALLOC} == yes) \
|| (defined(SAMBA4_BUNDLED_TDB) && ${SAMBA4_BUNDLED_TDB} == yes) \
|| (defined(SAMBA4_BUNDLED_LDB) && ${SAMBA4_BUNDLED_LDB} == yes) \
|| (defined(SAMBA4_BUNDLED_TEVENT) && ${SAMBA4_BUNDLED_TEVENT} == yes)
SAMBA4_BUNDLED_LIBS+= replace
.endif
# Don't use external libcom_err
SAMBA4_BUNDLED_LIBS+= com_err
# Set the test environment variables
TEST_USES= python
TEST_ENV= PYTHON="${PYTHON_CMD}" \
SHA1SUM=/sbin/sha1 \
SHA256SUM=/sbin/sha256 \
MD5SUM=/sbin/md5 \
PYTHONDONTWRITEBYTECODE=1
TEST_DEPENDS= bash:shells/bash \
tshark:net/wireshark@nox11
# External Python modules
TEST_BUILD_DEPENDS= ${PYTHON_PKGNAMEPREFIX}iso8601>=0.1.11:devel/py-iso8601@${PY_FLAVOR}
TEST_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}iso8601>=0.1.11:devel/py-iso8601@${PY_FLAVOR}
##############################################################################
CONFIGURE_ARGS+= \
--with-pam \
--with-iconv \
--with-winbind \
--with-regedit \
--disable-rpath \
--without-lttng \
--without-gettext \
--enable-pthreadpool \
--without-fake-kaserver \
--without-systemd \
--with-libarchive \
--with-acl-support \
--with-sendfile-support \
--disable-ctdb-tests
# ${ICONV_CONFIGURE_BASE}
##############################################################################
FRUIT_PREVENTS= ZEROCONF_NONE
FRUIT_PREVENTS_MSG= MacOSX support requires Zeroconf(AVAHI or MDNSRESPONDER)
FRUIT_VARS= SAMBA4_MODULES+=vfs_fruit
FRUIT_PLIST_FILES= share/man/man8/vfs_fruit.8.gz
GLUSTERFS_CONFIGURE_ENABLE= glusterfs
GLUSTERFS_LIB_DEPENDS= libglusterfs.so:net/glusterfs
GLUSTERFS_VARS= SAMBA4_MODULES+=vfs_glusterfs
GLUSTERFS_PLIST_FILES= share/man/man8/vfs_glusterfs.8.gz
ZEROCONF_NONE_MAKE_ENV= ZEROCONF=none
##############################################################################
AVAHI_CONFIGURE_ENABLE= avahi
AVAHI_LIB_DEPENDS= libavahi-client.so:net/avahi-app
AVAHI_VARS= SAMBA4_SERVICES+=avahi_daemon
MDNSRESPONDER_CONFIGURE_ENABLE= dnssd
MDNSRESPONDER_LIB_DEPENDS= libdns_sd.so:net/mDNSResponder
MDNSRESPONDER_VARS= SAMBA4_SERVICES+=mdnsd
##############################################################################
MEMORY_DEBUG_IMPLIES= DEBUG
MEMORY_DEBUG_CONFIGURE_ENV= ADDITIONAL_CFLAGS="-DENABLE_JEMALLOC `pkg-config --cflags jemalloc`" ADDITIONAL_LDFLAGS="`pkg-config --libs jemalloc`"
MEMORY_DEBUG_LIB_DEPENDS= libjemalloc.so.2:devel/jemalloc
# https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=194046
GDB_CMD?= ${LOCALBASE}/bin/gdb
# https://bugzilla.samba.org/show_bug.cgi?id=8969
PICKY_DEVELOPER_IMPLIES= DEVELOPER
PICKY_DEVELOPER_CONFIGURE_ON= --picky-developer
DEVELOPER_CONFIGURE_ON= --enable-developer --enable-selftest --abi-check-disable
DEVELOPER_CONFIGURE_ENV= WAF_CMD_FORMAT=string
DEVELOPER_BUILD_DEPENDS= ${SAMBA4_LMDB_DEPENDS} \
${GDB_CMD}:devel/gdb
DEVELOPER_RUN_DEPENDS= ${SAMBA4_LMDB_DEPENDS}
DEVELOPER_TEST_DEPENDS= ${GDB_CMD}:devel/gdb
DEVELOPER_VARS_OFF= GDB_CMD=true
##############################################################################
AD_DC_IMPLIES= PYTHON3
AD_DC_CONFIGURE_OFF= --without-ad-dc
AD_DC_BUILD_DEPENDS= ${SAMBA4_LMDB_DEPENDS}
AD_DC_RUN_DEPENDS= ${SAMBA4_LMDB_DEPENDS}
AD_DC_VARS= PLIST+=${PKGDIR}/pkg-plist.ad_dc
# samba-tool requires those for *upgrade
AD_DC_BUILD_DEPENDS+= ${PYTHON_PKGNAMEPREFIX}markdown>=3.3.7:textproc/py-markdown@${PY_FLAVOR} \
${PYTHON_PKGNAMEPREFIX}dnspython>=2.2.1:dns/py-dnspython@${PY_FLAVOR}
AD_DC_RUN_DEPENDS+= ${PYTHON_PKGNAMEPREFIX}markdown>=3.3.7:textproc/py-markdown@${PY_FLAVOR} \
${PYTHON_PKGNAMEPREFIX}dnspython>=2.2.1:dns/py-dnspython@${PY_FLAVOR}
ADS_IMPLIES= LDAP
ADS_CONFIGURE_WITH= ads
CLUSTER_CONFIGURE_WITH= cluster-support
CLUSTER_VARS= PLIST+=${PKGDIR}/pkg-plist.cluster
CUPS_CONFIGURE_ENABLE= cups iprint
CUPS_LIB_DEPENDS= libcups.so:print/cups
# https://bugzilla.samba.org/show_bug.cgi?id=9545
FAM_USES= fam
FAM_CONFIGURE_WITH= fam
GPGME_CONFIGURE_WITH= gpgme
GPGME_LIB_DEPENDS= libgpgme.so:security/gpgme
GPGME_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}gpgme>=1.14.0:security/py-gpgme@${PY_FLAVOR}
GSSAPI_BUILTIN_USES= bison
GSSAPI_BUILTIN_BUILD_DEPENDS= p5-JSON>=4.0:converters/p5-JSON
GSSAPI_MIT_CONFIGURE_ON= --with-system-mitkrb5 ${GSSAPIBASEDIR} \
--with-system-mitkdc=${GSSAPIBASEDIR}/sbin/krb5kdc \
--with-experimental-mit-ad-dc
GSSAPI_MIT_USES= gssapi:mit
GSSAPI_HEIMDAL_CONFIGURE_ON= --with-system-heimdalkrb5 ${GSSAPIBASEDIR}
GSSAPI_HEIMDAL_USES= gssapi:heimdal
GSSAPI_HEIMDAL_PREVENTS= AD_DC
GSSAPI_HEIMDAL_PREVENTS_MSG= GSSAPI_HEIMDAL and AD_DC enable conflicting options
LDAP_CONFIGURE_WITH= ldap
LDAP_CONFIGURE_ON= --with-openldap=${LOCALBASE}
LDAP_USES= ldap
LDAP_VARS= SAMBA4_MODULES+=idmap_ldap
LIBZFS_CONFIGURE_WITH= libzfs
LIBZFS_VARS= SAMBA4_MODULES+=vfs_zfs_space
MANDOC_BUILD_DEPENDS= ${LOCALBASE}/share/xsl/docbook/manpages/docbook.xsl:textproc/docbook-xsl \
xsltproc:textproc/libxslt
MANDOC_CONFIGURE_ENV_OFF= XSLTPROC="true"
PROFILE_CONFIGURE_WITH= profiling-data
QUOTAS_CONFIGURE_WITH= quotas
SPOTLIGHT_CONFIGURE_ENABLE= spotlight
SPOTLIGHT_BUILD_DEPENDS= tracker>=1.4.1:sysutils/tracker
SPOTLIGHT_RUN_DEPENDS= tracker>=1.4.1:sysutils/tracker
# ICU
SPOTLIGHT_LIB_DEPENDS= libicuuc.so:devel/icu
SPOTLIGHT_USES= bison gnome
SPOTLIGHT_USE= gnome=glib20
SYSLOG_CONFIGURE_WITH= syslog
UTMP_CONFIGURE_WITH= utmp
##############################################################################
.include <bsd.port.options.mk>
##############################################################################
.if ${OPSYS} == FreeBSD && ${OSVERSION} < 1300076
IGNORE=runs only on FreeBSD 13.1 and above due use of O_EMPTY_PATH
.endif
.if !${PORT_OPTIONS:MADS} && ${PORT_OPTIONS:MAD_DC}
IGNORE=To disable ADS option you also need to disable AD_DC option
.endif
.if !defined(WANT_EXP_MODULES) || empty(WANT_EXP_MODULES)
WANT_EXP_MODULES= vfs_cacheprime
.endif
.if ${WANT_EXP_MODULES:Mvfs_snapper}
# snapper needs dbus
LIB_DEPENDS+= libdbus-1.so:devel/dbus
LIB_DEPENDS+= libdbus-glib-1.so:devel/dbus-glib
.endif
SAMBA4_MODULES+= krb5_async_dns_krb5_locator krb5_winbind_krb5_locator idmap_nss idmap_autorid \
idmap_rid idmap_hash idmap_tdb idmap_tdb2 idmap_script \
nss-info_hash
# List of extra modules taken from RHEL build
# https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=197320
.if ${PORT_OPTIONS:MADS}
SAMBA4_MODULES+= idmap_ad idmap_rfc2307 nss-info_template \
nss-info_rfc2307 nss-info_sfu nss-info_sfu20
.endif
# This kind of special for this distribution
SAMBA4_MODULES+= vfs_freebsd
SAMBA4_MODULES+= vfs_acl_tdb vfs_acl_xattr vfs_aio_fork vfs_aio_pthread \
vfs_audit vfs_cap vfs_catia vfs_commit vfs_crossrename \
vfs_default_quota vfs_dirsort vfs_expand_msdfs \
vfs_extd_audit vfs_fake_perms vfs_full_audit \
vfs_linux_xfs_sgid vfs_media_harmony vfs_offline \
vfs_preopen vfs_readahead vfs_readonly vfs_recycle \
vfs_shadow_copy vfs_shadow_copy2 vfs_shell_snap \
vfs_streams_depot vfs_streams_xattr vfs_syncops \
vfs_time_audit vfs_unityed_media vfs_virusfilter \
vfs_widelinks vfs_worm vfs_xattr_tdb vfs_zfsacl
.if ${PORT_OPTIONS:MDEVELOPER}
SAMBA4_MODULES+= auth_skel pdb_test gpext_security gpext_registry \
gpext_scripts perfcount_test vfs_fake_dfq \
vfs_skel_opaque vfs_skel_transparent \
vfs_shadow_copy_test vfs_fake_acls \
vfs_nfs4acl_xattr vfs_error_inject vfs_delay_inject
.endif
# Python bindings
.if ! ${PORT_OPTIONS:MPYTHON3} || defined(NO_PYTHON)
USES+= python:build,test
CONFIGURE_ARGS+= --disable-python
.else
USES+= python
PLIST+= ${PKGDIR}/pkg-plist.python
# Don't cache Python modules
CONFIGURE_ARGS+= --nopycache
MAKE_ENV+= PYTHONDONTWRITEBYTECODE=1
. if defined(SAMBA4_BUNDLED_TALLOC) && ${SAMBA4_BUNDLED_TALLOC} == yes
SAMBA4_BUNDLED_LIBS+= pytalloc-util
. else
SAMBA4_BUNDLED_LIBS+= !pytalloc-util
. endif
. if defined(SAMBA4_BUNDLED_TEVENT) && ${SAMBA4_BUNDLED_TEVENT} == yes
SAMBA4_BUNDLED_LIBS+= pytevent
. else
SAMBA4_BUNDLED_LIBS+= !pytevent
. endif
. if defined(SAMBA4_BUNDLED_TDB) && ${SAMBA4_BUNDLED_TDB} == yes
SAMBA4_BUNDLED_LIBS+= pytdb
. else
SAMBA4_BUNDLED_LIBS+= !pytdb
. endif
. if defined(SAMBA4_BUNDLED_LDB) && ${SAMBA4_BUNDLED_LDB} == yes
SAMBA4_BUNDLED_LIBS+= pyldb pyldb-util
. else
SAMBA4_BUNDLED_LIBS+= !pyldb !pyldb-util
. endif
.endif
.if defined(WANT_EXP_MODULES) && !empty(WANT_EXP_MODULES)
SAMBA4_MODULES+= ${WANT_EXP_MODULES}
.endif
.if defined(SAMBA4_BUNDLED_LIBS) && !empty(SAMBA4_BUNDLED_LIBS)
CONFIGURE_ARGS+= --bundled-libraries="${SAMBA4_BUNDLED_LIBS:Q:C|(\\\\ )+|,|g:S|\\||g}"
.endif
.if defined(SAMBA4_MODULES) && !empty(SAMBA4_MODULES)
CONFIGURE_ARGS+= --with-shared-modules="${SAMBA4_MODULES:C|-|_|:Q:C|(\\\\ )+|,|g:S|\\||g}"
.endif
# XXX: Hack for nss-info_* -> nss_info/* modules
# Add selected modules to the plist
.for module in ${SAMBA4_MODULES}
PLIST_FILES+= ${SAMBA4_MODULEDIR}/${module:C|_|/|:C|-|_|}.so
.endfor
.for module_class in ${SAMBA4_MODULES_CLASS}
PLIST_DIRS+= ${SAMBA4_MODULEDIR}/${module_class}
.endfor
PLIST_DIRS+= ${SAMBA4_MODULEDIR}
.if defined(WITH_DEBUG)
CONFIGURE_ARGS+= --verbose --enable-debug
MAKE_ARGS+= --verbose
DEBUG_FLAGS?= -g -ggdb3 -O0
.endif
##############################################################################
.include <bsd.port.pre.mk>
##############################################################################
# Only for 64-bit architectures
.if ${ARCH} != armv6 && ${ARCH} != armv7 && ${ARCH} != i386 && ${ARCH} != mips && ${ARCH} != powerpc && ${ARCH} != powerpcspe
. if defined(SAMBA4_BUNDLED_LDB) && ${SAMBA4_BUNDLED_LDB} == yes && (${PORT_OPTIONS:MAD_DC} || ${PORT_OPTIONS:MDEVELOPER})
# LMDB
SAMBA4_LMDB_DEPENDS= lmdb>=0.9.16:databases/lmdb
PLIST_FILES+= ${SAMBA4_LIBDIR}/private/libldb-mdb-int-samba4.so \
${SAMBA4_MODULEDIR}/ldb/mdb.so
. endif
.endif
.if ${PORT_OPTIONS:MGSSAPI_MIT}
PLIST_FILES+= ${SAMBA4_MODULEDIR}/krb5/winbind_krb5_localauth.so \
share/man/man8/winbind_krb5_localauth.8.gz
. if ${PORT_OPTIONS:MAD_DC}
PLIST_FILES+= ${SAMBA4_LIBDIR}/krb5/plugins/kdb/samba.so
. endif
.endif
# for libexecinfo: (so that __builtin_frame_address() finds the top of the stack)
CFLAGS_amd64+= -fno-omit-frame-pointer
# No fancy color error messages
CFLAGS+= ${CFLAGS_${CHOSEN_COMPILER_TYPE}}
CFLAGS_clang= -fno-color-diagnostics
CONFIGURE_ENV+= NOCOLOR=yes WAF_LOG_FORMAT='%(c1)s%(zone)s%(c2)s %(message)s'
MAKE_ENV+= NOCOLOR=yes WAF_LOG_FORMAT='%(c1)s%(zone)s%(c2)s %(message)s'
# Allow rpcgen to find proper CPP
MAKE_ENV+= RPCGEN_CPP="${CPP}"
#.if ${readline_ARGS} == port
#CFLAGS+= -D_FUNCTION_DEF
#.endif
# Some symbols in samba's linker version scripts are not defined, but since the
# scripts are generated dynamically, suppress errors with lld >= 17 due to these
# undefined symbols.
LDFLAGS+= -Wl,--undefined-version
SAMBA4_SUB= SAMBA4_LOGDIR="${SAMBA4_LOGDIR}" \
SAMBA4_RUNDIR="${SAMBA4_RUNDIR}" \
SAMBA4_LOCKDIR="${SAMBA4_LOCKDIR}" \
SAMBA4_LIBDIR="${SAMBA4_LIBDIR}" \
SAMBA4_MODULEDIR="${SAMBA4_MODULEDIR}" \
SAMBA4_BINDDNSDIR="${SAMBA4_BINDDNSDIR}" \
SAMBA4_PRIVATEDIR="${SAMBA4_PRIVATEDIR}" \
SAMBA4_CONFDIR="${SAMBA4_CONFDIR}" \
SAMBA4_CONFIG="${SAMBA4_CONFIG}" \
SAMBA4_SERVICES="${SAMBA4_SERVICES}"
PLIST_SUB+= ${SAMBA4_SUB}
SUB_LIST+= ${SAMBA4_SUB}
USE_RC_SUBR= samba_server
SUB_FILES= pkg-message README.FreeBSD
PORTDOCS= README.FreeBSD
post-extract:
@${RM} -r ${WRKSRC}/pidl/lib/Parse/Yapp
post-patch:
@${REINPLACE_CMD} -e 's|$${PKGCONFIGDIR}|${PKGCONFIGDIR}|g' \
${PATCH_WRKSRC}/buildtools/wafsamba/pkgconfig.py
@${REINPLACE_CMD} -e 's|%%LOCALBASE%%|${LOCALBASE}|g' \
${PATCH_WRKSRC}/buildtools/wafsamba/wafsamba.py
@${REINPLACE_CMD} -e 's|%%GDB_CMD%%|${GDB_CMD}|g' \
${PATCH_WRKSRC}/buildtools/scripts/abi_gen.sh
@${REINPLACE_CMD} -e 's|%%SAMBA4_CONFIG%%|${SAMBA4_CONFIG}|g' \
${PATCH_WRKSRC}/dynconfig/wscript
# Use threading (or multiprocessing) but not thread (renamed in python 3+).
pre-configure:
.if (!${PORT_OPTIONS:MPYTHON3} || defined(NO_PYTHON)) && ${PORT_OPTIONS:MAD_DC}
@${ECHO_CMD}; \
${ECHO_MSG} "===> AD_DC option requires PYTHON3 to be set"; \
${ECHO_CMD}; \
${FALSE}
.endif
pre-build-MANDOC-off:
${MKDIR} ${BUILD_WRKSRC}/bin/default/docs-xml/
${CP} -rp ${BUILD_WRKSRC}/docs/manpages ${BUILD_WRKSRC}/bin/default/docs-xml/
.for man in libcli/nbt/man/nmblookup4.1 \
librpc/tools/ndrdump.1 \
source4/lib/registry/man/regdiff.1 \
source4/lib/registry/man/regpatch.1 \
source4/lib/registry/man/regshell.1 \
source4/lib/registry/man/regtree.1 \
source4/scripting/man/samba-gpupdate.8 \
source4/torture/man/gentest.1 \
source4/torture/man/locktest.1 \
source4/torture/man/masktest.1 \
source4/torture/man/smbtorture.1 \
source4/utils/man/ntlm_auth4.1 \
source4/utils/oLschema2ldif/oLschema2ldif.1 \
lib/tdb/man/tdbdump.8 \
lib/tdb/man/tdbbackup.8 \
lib/tdb/man/tdbtool.8 \
lib/talloc/man/talloc.3 \
lib/tdb/man/tdbrestore.8 \
lib/ldb/man/ldb.3 \
lib/ldb/man/ldbadd.1 \
lib/ldb/man/ldbdel.1 \
lib/ldb/man/ldbedit.1 \
lib/ldb/man/ldbmodify.1 \
lib/ldb/man/ldbrename.1 \
lib/ldb/man/ldbsearch.1 \
docs-xml/manpages/vfs_freebsd.8
${MKDIR} `dirname ${BUILD_WRKSRC}/bin/default/${man}`
${INSTALL_MAN} ${FILESDIR}/man/`basename ${man}` ${BUILD_WRKSRC}/bin/default/${man}
.endfor
.if ${PORT_OPTIONS:MCLUSTER}
${MKDIR} ${BUILD_WRKSRC}/bin/default/ctdb/
. for man in ctdb_diagnostics.1 ctdb.1 ctdbd_wrapper.1 ctdbd.1 ltdbtool.1 onnode.1 ping_pong.1 \
ctdb.conf.5 ctdb.sysconfig.5 ctdb-script.options.5 \
ctdb.7 ctdb-statistics.7 ctdb-tunables.7
${INSTALL_MAN} ${FILESDIR}/man/${man} ${BUILD_WRKSRC}/bin/default/ctdb/
. endfor
.endif
post-install-rm-junk:
${RM} -r ${STAGEDIR}${PYTHON_SITELIBDIR}/samba/third_party
${FIND} ${STAGEDIR}${PYTHON_SITELIBDIR} -name __pycache__ \
-type d -print0 | ${XARGS} -0 -n 1 -t ${RM} -r
${FIND} ${STAGEDIR} -type f -empty -delete
post-install-fix-manpages:
.for f in vfs_aio_linux.8 vfs_btrfs.8 vfs_ceph.8 vfs_gpfs.8
${RM} ${STAGEDIR}${PREFIX}/share/man/man8/${f}
.endfor
.if defined(SAMBA4_BUNDLED_LDB) && ${SAMBA4_BUNDLED_LDB} == yes
. for f in ldbadd.1 ldbdel.1 ldbedit.1 ldbmodify.1 ldbrename.1 ldbsearch.1
${MV} ${STAGEDIR}${PREFIX}/share/man/man1/${f} ${STAGEDIR}${PREFIX}/share/man/man1/samba-${f}
. endfor
.endif
.if defined(SAMBA4_BUNDLED_TDB) && ${SAMBA4_BUNDLED_TDB} == yes
. for f in tdbbackup.8 tdbdump.8 tdbrestore.8 tdbtool.8
${MV} ${STAGEDIR}${PREFIX}/share/man/man8/${f} ${STAGEDIR}${PREFIX}/share/man/man8/samba-${f}
. endfor
.endif
post-install: post-install-rm-junk post-install-fix-manpages
${LN} -sf smb.conf.5.gz ${STAGEDIR}${PREFIX}/share/man/man5/smb4.conf.5.gz
# Run post-install script
.for dir in ${SAMBA4_LOGDIR} ${SAMBA4_RUNDIR} ${SAMBA4_LOCKDIR} ${SAMBA4_MODULEDIR}
${INSTALL} -d -m 0755 "${STAGEDIR}${dir}"
.endfor
${INSTALL} -d -m 0750 "${STAGEDIR}${SAMBA4_BINDDNSDIR}"
${INSTALL} -d -m 0750 "${STAGEDIR}${SAMBA4_PRIVATEDIR}"
.for module_class in ${SAMBA4_MODULES_CLASS}
${INSTALL} -d -m 0755 "${STAGEDIR}${SAMBA4_MODULEDIR}/${module_class}"
.endfor
.if !defined(WITH_DEBUG)
-${FIND} ${STAGEDIR}${PREFIX}/bin ${STAGEDIR}${PREFIX}/sbin ${STAGEDIR}${PREFIX}/libexec \
-type f -print0 | ${XARGS} -0 -n 1 -t ${STRIP_CMD}
-${FIND} ${STAGEDIR}${PREFIX}/lib -name '*.so*' \
-type f -print0 | ${XARGS} -0 -n 1 -t ${STRIP_CMD}
.endif
post-install-FRUIT-off:
${RM} ${STAGEDIR}${SAMBA4_MODULEDIR}/vfs/fruit.so
${RM} ${STAGEDIR}${PREFIX}/share/man/man8/vfs_fruit.8
post-install-DOCS-on:
${MKDIR} ${STAGEDIR}${DOCSDIR}
.for doc in ${PORTDOCS}
${INSTALL_DATA} ${WRKDIR}/${doc} ${STAGEDIR}${DOCSDIR}
.endfor
post-install-CLUSTER-on:
${LN} -nfs ../../../../share/ctdb/events/legacy/00.ctdb.script ${STAGEDIR}${PREFIX}/etc/ctdb/events/legacy/00.ctdb.script
${LN} -nfs ../../../../share/ctdb/events/legacy/10.interface.script ${STAGEDIR}${PREFIX}/etc/ctdb/events/legacy/10.interface.script
${LN} -nfs ../../../../share/ctdb/events/legacy/05.system.script ${STAGEDIR}${PREFIX}/etc/ctdb/events/legacy/05.system.script
${LN} -nfs ../../../../share/ctdb/events/legacy/01.reclock.script ${STAGEDIR}${PREFIX}/etc/ctdb/events/legacy/01.reclock.script
.include <bsd.port.post.mk>

3
net/samba419/distinfo Normal file
View file

@ -0,0 +1,3 @@
TIMESTAMP = 1705944756
SHA256 (samba-4.19.4.tar.gz) = 4026d93b866db198c8ca1685b0f5d52793f65c6e63cb364163af661fdff0968c
SIZE (samba-4.19.4.tar.gz) = 41839810

292
net/samba419/files/0001-Compact-and-simplify-modules-build-and-config-genera.patch Normal file
View file

@ -0,0 +1,292 @@
From 05e3cc236406680a55e19b204202b63cdaf48ea1 Mon Sep 17 00:00:00 2001
From: "Timur I. Bakeyev" <timur@FreeBSD.org>
Date: Mon, 1 Aug 2022 04:15:43 +0200
Subject: [PATCH 01/28] Compact and simplify modules build and config
generation for Bind 9.x AD DLZ.
Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
---
python/samba/provision/sambadns.py | 68 ++++++++++++------------------
source4/dns_server/dlz_minimal.h | 44 +++++++++----------
source4/dns_server/wscript_build | 62 +++------------------------
source4/setup/named.conf.dlz | 25 +----------
source4/torture/dns/wscript_build | 2 +-
5 files changed, 55 insertions(+), 146 deletions(-)
diff --git a/python/samba/provision/sambadns.py b/python/samba/provision/sambadns.py
index 404b346a885..8e5a8ba5f25 100644
--- a/python/samba/provision/sambadns.py
+++ b/python/samba/provision/sambadns.py
@@ -21,6 +21,7 @@
"""DNS-related provisioning"""
import os
+import re
import uuid
import shutil
import time
@@ -1010,52 +1011,37 @@ def create_named_conf(paths, realm, dnsdomain, dns_backend, logger):
stderr=subprocess.STDOUT,
cwd='.').communicate()[0]
bind_info = get_string(bind_info)
- bind9_8 = '#'
- bind9_9 = '#'
- bind9_10 = '#'
- bind9_11 = '#'
- bind9_12 = '#'
- bind9_14 = '#'
- bind9_16 = '#'
- bind9_18 = '#'
- if bind_info.upper().find('BIND 9.8') != -1:
- bind9_8 = ''
- elif bind_info.upper().find('BIND 9.9') != -1:
- bind9_9 = ''
- elif bind_info.upper().find('BIND 9.10') != -1:
- bind9_10 = ''
- elif bind_info.upper().find('BIND 9.11') != -1:
- bind9_11 = ''
- elif bind_info.upper().find('BIND 9.12') != -1:
- bind9_12 = ''
- elif bind_info.upper().find('BIND 9.14') != -1:
- bind9_14 = ''
- elif bind_info.upper().find('BIND 9.16') != -1:
- bind9_16 = ''
- elif bind_info.upper().find('BIND 9.18') != -1:
- bind9_18 = ''
- elif bind_info.upper().find('BIND 9.7') != -1:
- raise ProvisioningError("DLZ option incompatible with BIND 9.7.")
- elif bind_info.upper().find('BIND_9.13') != -1:
- raise ProvisioningError("Only stable/esv releases of BIND are supported.")
- elif bind_info.upper().find('BIND_9.15') != -1:
- raise ProvisioningError("Only stable/esv releases of BIND are supported.")
- elif bind_info.upper().find('BIND_9.17') != -1:
- raise ProvisioningError("Only stable/esv releases of BIND are supported.")
+ bind9_release = re.search('BIND (9)\.(\d+)\.', bind_info, re.I)
+ if bind9_release:
+ bind9_disabled = ''
+ bind9_version = bind9_release.group(0) + "x"
+ bind9_version_major = int(bind9_release.group(1))
+ bind9_version_minor = int(bind9_release.group(2))
+ if bind9_version_minor == 7:
+ raise ProvisioningError("DLZ option incompatible with BIND 9.7.")
+ elif bind9_version_minor == 8:
+ bind9_dlz_version = "9"
+ elif bind9_version_minor in [13, 15, 17]:
+ raise ProvisioningError("Only stable/esv releases of BIND are supported.")
+ else:
+ bind9_dlz_version = "%d_%d" % (bind9_version_major, bind9_version_minor)
else:
+ bind9_disabled = '# '
+ bind9_version = "BIND z.y.x"
+ bind9_dlz_version = "z_y"
logger.warning("BIND version unknown, please modify %s manually." % paths.namedconf)
+
+ bind9_dlz = (
+ ' # For %s\n'
+ ' %sdatabase "dlopen %s/bind9/dlz_bind%s.so";'
+ ) % (
+ bind9_version, bind9_disabled, samba.param.modules_dir(), bind9_dlz_version
+ )
setup_file(setup_path("named.conf.dlz"), paths.namedconf, {
"NAMED_CONF": paths.namedconf,
"MODULESDIR": samba.param.modules_dir(),
- "BIND9_8": bind9_8,
- "BIND9_9": bind9_9,
- "BIND9_10": bind9_10,
- "BIND9_11": bind9_11,
- "BIND9_12": bind9_12,
- "BIND9_14": bind9_14,
- "BIND9_16": bind9_16,
- "BIND9_18": bind9_18
- })
+ "BIND9_DLZ": bind9_dlz
+ })
def create_named_txt(path, realm, dnsdomain, dnsname, binddns_dir,
diff --git a/source4/dns_server/dlz_minimal.h b/source4/dns_server/dlz_minimal.h
index b7e36e7f8e6..bbdb616deb2 100644
--- a/source4/dns_server/dlz_minimal.h
+++ b/source4/dns_server/dlz_minimal.h
@@ -26,31 +26,25 @@
#include <stdint.h>
#include <stdbool.h>
-#if defined (BIND_VERSION_9_8)
-# error Bind 9.8 is not supported!
-#elif defined (BIND_VERSION_9_9)
-# error Bind 9.9 is not supported!
-#elif defined (BIND_VERSION_9_10)
-# define DLZ_DLOPEN_VERSION 3
-# define DNS_CLIENTINFO_VERSION 1
-# define ISC_BOOLEAN_AS_BOOL 0
-#elif defined (BIND_VERSION_9_11)
-# define DLZ_DLOPEN_VERSION 3
-# define DNS_CLIENTINFO_VERSION 2
-# define ISC_BOOLEAN_AS_BOOL 0
-#elif defined (BIND_VERSION_9_12)
-# define DLZ_DLOPEN_VERSION 3
-# define DNS_CLIENTINFO_VERSION 2
-# define ISC_BOOLEAN_AS_BOOL 0
-#elif defined (BIND_VERSION_9_14)
-# define DLZ_DLOPEN_VERSION 3
-# define DNS_CLIENTINFO_VERSION 2
-#elif defined (BIND_VERSION_9_16)
-# define DLZ_DLOPEN_VERSION 3
-# define DNS_CLIENTINFO_VERSION 2
-#elif defined (BIND_VERSION_9_18)
-# define DLZ_DLOPEN_VERSION 3
-# define DNS_CLIENTINFO_VERSION 2
+#if defined (BIND_VERSION)
+# if BIND_VERSION == 908
+# error Bind 9.8 is not supported!
+# elif BIND_VERSION == 909
+# error Bind 9.9 is not supported!
+# elif BIND_VERSION == 910
+# define DLZ_DLOPEN_VERSION 3
+# define DNS_CLIENTINFO_VERSION 1
+# define ISC_BOOLEAN_AS_BOOL 0
+# elif BIND_VERSION == 911 || BIND_VERSION == 912
+# define DLZ_DLOPEN_VERSION 3
+# define DNS_CLIENTINFO_VERSION 2
+# define ISC_BOOLEAN_AS_BOOL 0
+# elif BIND_VERSION >= 914
+# define DLZ_DLOPEN_VERSION 3
+# define DNS_CLIENTINFO_VERSION 2
+# else
+# error Unsupported BIND version
+# endif
#else
# error Unsupported BIND version
#endif
diff --git a/source4/dns_server/wscript_build b/source4/dns_server/wscript_build
index ab0a241b937..3743753504c 100644
--- a/source4/dns_server/wscript_build
+++ b/source4/dns_server/wscript_build
@@ -20,69 +20,21 @@ bld.SAMBA_MODULE('service_dns',
)
# a bind9 dlz module giving access to the Samba DNS SAM
-bld.SAMBA_LIBRARY('dlz_bind9_10',
+for bind_version in (910, 911, 912, 914, 916, 918):
+ string_version='%d_%d' % (bind_version // 100, bind_version % 100)
+ bld.SAMBA_LIBRARY('dlz_bind%s' % (string_version),
source='dlz_bind9.c',
- cflags='-DBIND_VERSION_9_10',
+ cflags='-DBIND_VERSION=%d' % bind_version,
private_library=True,
- link_name='modules/bind9/dlz_bind9_10.so',
- realname='dlz_bind9_10.so',
- install_path='${MODULESDIR}/bind9',
- deps='samba-hostconfig samdb-common gensec popt dnsserver_common',
- enabled=bld.AD_DC_BUILD_IS_ENABLED())
-
-bld.SAMBA_LIBRARY('dlz_bind9_11',
- source='dlz_bind9.c',
- cflags='-DBIND_VERSION_9_11',
- private_library=True,
- link_name='modules/bind9/dlz_bind9_11.so',
- realname='dlz_bind9_11.so',
- install_path='${MODULESDIR}/bind9',
- deps='samba-hostconfig samdb-common gensec popt dnsserver_common',
- enabled=bld.AD_DC_BUILD_IS_ENABLED())
-
-bld.SAMBA_LIBRARY('dlz_bind9_12',
- source='dlz_bind9.c',
- cflags='-DBIND_VERSION_9_12',
- private_library=True,
- link_name='modules/bind9/dlz_bind9_12.so',
- realname='dlz_bind9_12.so',
- install_path='${MODULESDIR}/bind9',
- deps='samba-hostconfig samdb-common gensec popt dnsserver_common',
- enabled=bld.AD_DC_BUILD_IS_ENABLED())
-
-bld.SAMBA_LIBRARY('dlz_bind9_14',
- source='dlz_bind9.c',
- cflags='-DBIND_VERSION_9_14',
- private_library=True,
- link_name='modules/bind9/dlz_bind9_14.so',
- realname='dlz_bind9_14.so',
- install_path='${MODULESDIR}/bind9',
- deps='samba-hostconfig samdb-common gensec popt dnsserver_common',
- enabled=bld.AD_DC_BUILD_IS_ENABLED())
-
-bld.SAMBA_LIBRARY('dlz_bind9_16',
- source='dlz_bind9.c',
- cflags='-DBIND_VERSION_9_16',
- private_library=True,
- link_name='modules/bind9/dlz_bind9_16.so',
- realname='dlz_bind9_16.so',
- install_path='${MODULESDIR}/bind9',
- deps='samba-hostconfig samdb-common gensec popt dnsserver_common',
- enabled=bld.AD_DC_BUILD_IS_ENABLED())
-
-bld.SAMBA_LIBRARY('dlz_bind9_18',
- source='dlz_bind9.c',
- cflags='-DBIND_VERSION_9_18',
- private_library=True,
- link_name='modules/bind9/dlz_bind9_18.so',
- realname='dlz_bind9_18.so',
+ link_name='modules/bind9/dlz_bind%s.so' % (string_version),
+ realname='dlz_bind%s.so' % (string_version),
install_path='${MODULESDIR}/bind9',
deps='samba-hostconfig samdb-common gensec popt dnsserver_common',
enabled=bld.AD_DC_BUILD_IS_ENABLED())
bld.SAMBA_LIBRARY('dlz_bind9_for_torture',
source='dlz_bind9.c',
- cflags='-DBIND_VERSION_9_16',
+ cflags='-DBIND_VERSION=918',
private_library=True,
deps='samba-hostconfig samdb-common gensec popt dnsserver_common',
enabled=bld.AD_DC_BUILD_IS_ENABLED())
diff --git a/source4/setup/named.conf.dlz b/source4/setup/named.conf.dlz
index cbe7d805f58..32672768af4 100644
--- a/source4/setup/named.conf.dlz
+++ b/source4/setup/named.conf.dlz
@@ -10,28 +10,5 @@
# Uncomment only single database line, depending on your BIND version
#
dlz "AD DNS Zone" {
- # For BIND 9.8.x
- ${BIND9_8} database "dlopen ${MODULESDIR}/bind9/dlz_bind9.so";
-
- # For BIND 9.9.x
- ${BIND9_9} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_9.so";
-
- # For BIND 9.10.x
- ${BIND9_10} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_10.so";
-
- # For BIND 9.11.x
- ${BIND9_11} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_11.so";
-
- # For BIND 9.12.x
- ${BIND9_12} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_12.so";
-
- # For BIND 9.14.x
- ${BIND9_14} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_14.so";
-
- # For BIND 9.16.x
- ${BIND9_16} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_16.so";
- #
- # For BIND 9.18.x
- ${BIND9_18} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_18.so";
+${BIND9_DLZ}
};
-
diff --git a/source4/torture/dns/wscript_build b/source4/torture/dns/wscript_build
index 0b40e03e370..bf7415ff88a 100644
--- a/source4/torture/dns/wscript_build
+++ b/source4/torture/dns/wscript_build
@@ -5,7 +5,7 @@ if bld.AD_DC_BUILD_IS_ENABLED():
source='dlz_bind9.c',
subsystem='smbtorture',
init_function='torture_bind_dns_init',
- cflags='-DBIND_VERSION_9_16',
+ cflags='-DBIND_VERSION=918',
deps='torture talloc torturemain dlz_bind9_for_torture',
internal_module=True
)
--
2.37.1

35
net/samba419/files/0002-Adjust-abi_gen.sh-script-to-run-under-FreeBSD-with-i.patch Normal file
View file

@ -0,0 +1,35 @@
From 639b8d650685476016a6d5b1c996a04ac54f8a6f Mon Sep 17 00:00:00 2001
From: "Timur I. Bakeyev" <timur@FreeBSD.org>
Date: Sun, 30 May 2021 04:00:08 +0200
Subject: [PATCH 02/28] Adjust abi_gen.sh script to run under FreeBSD with it's
own bintools and slightly different output of GDB.
Substitution: yes
Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
---
buildtools/scripts/abi_gen.sh | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/buildtools/scripts/abi_gen.sh b/buildtools/scripts/abi_gen.sh
index ddb0a7cc36f..d2750705ff9 100755
--- a/buildtools/scripts/abi_gen.sh
+++ b/buildtools/scripts/abi_gen.sh
@@ -9,6 +9,7 @@ GDBSCRIPT="gdb_syms.$$"
cat <<EOF
set height 0
set width 0
+set print sevenbit-strings on
EOF
# On older linker versions _init|_fini symbols are not hidden.
@@ -22,5 +23,5 @@ done
) > $GDBSCRIPT
# forcing the terminal avoids a problem on Fedora12
-TERM=none gdb -n -batch -x $GDBSCRIPT "$SHAREDLIB" < /dev/null
+TERM=none %%GDB_CMD%% -n -batch -x $GDBSCRIPT "$SHAREDLIB" < /dev/null
rm -f $GDBSCRIPT
--
2.37.1

32
net/samba419/files/0003-Mask-CLang-prototype-warnings-in-kadm5-admin.h.patch Normal file
View file

@ -0,0 +1,32 @@
From 382c3edc95a1747e0a6edd05c76adc0ec21a66c7 Mon Sep 17 00:00:00 2001
From: "Timur I. Bakeyev" <timur@FreeBSD.org>
Date: Sun, 30 May 2021 03:50:17 +0200
Subject: [PATCH 03/28] Mask CLang prototype warnings in kadm5/admin.h
Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
---
source4/kdc/kdc-service-mit.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/source4/kdc/kdc-service-mit.c b/source4/kdc/kdc-service-mit.c
index 22663b6ecc8..5bef125206a 100644
--- a/source4/kdc/kdc-service-mit.c
+++ b/source4/kdc/kdc-service-mit.c
@@ -36,9 +36,13 @@
#include "kdc/samba_kdc.h"
#include "kdc/kdc-server.h"
#include "kdc/kpasswd-service.h"
-#include <kadm5/admin.h>
#include <kdb.h>
+#pragma clang diagnostic push
+#pragma clang diagnostic ignored "-Wstrict-prototypes"
+#include <kadm5/admin.h>
+#pragma clang diagnostic pop
+
#include "source4/kdc/mit_kdc_irpc.h"
/* PROTOTYPES */
--
2.37.1

38
net/samba419/files/0004-On-FreeBSD-date-1-has-different-semantics-than-on-Li.patch Normal file
View file

@ -0,0 +1,38 @@
From 0eb28116ceefee7bdafabac18a1763f13cb71883 Mon Sep 17 00:00:00 2001
From: "Timur I. Bakeyev" <timur@FreeBSD.org>
Date: Sun, 30 May 2021 03:42:31 +0200
Subject: [PATCH 04/28] On FreeBSD `date(1)` has different semantics than on
Linux. Generate call parameter accordingly.
FreeBSD: `date [[[[[cc]yy]mm]dd]HH]MM[.ss]`
Linux: `date [mmddHHMM[[cc]yy][.ss]]`
Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
---
source3/utils/net_time.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/source3/utils/net_time.c b/source3/utils/net_time.c
index d102f84614f..f679000a979 100644
--- a/source3/utils/net_time.c
+++ b/source3/utils/net_time.c
@@ -82,10 +82,15 @@ static const char *systime(time_t t)
if (!tm) {
return "unknown";
}
-
+#if defined(FREEBSD)
+ return talloc_asprintf(talloc_tos(), "%04d%02d%02d%02d%02d.%02d",
+ tm->tm_year + 1900, tm->tm_mon+1, tm->tm_mday,
+ tm->tm_hour, tm->tm_min, tm->tm_sec);
+#else
return talloc_asprintf(talloc_tos(), "%02d%02d%02d%02d%04d.%02d",
tm->tm_mon+1, tm->tm_mday, tm->tm_hour,
tm->tm_min, tm->tm_year + 1900, tm->tm_sec);
+#endif
}
int net_time_usage(struct net_context *c, int argc, const char **argv)
--
2.37.1

26
net/samba419/files/0005-Include-jemalloc-jemalloc.h-if-ENABLE_JEMALLOC-is-se.patch Normal file
View file

@ -0,0 +1,26 @@
From 3cc67018c560d32b98523618d16902c1a670ed40 Mon Sep 17 00:00:00 2001
From: "Timur I. Bakeyev" <timur@FreeBSD.org>
Date: Sun, 30 May 2021 03:33:51 +0200
Subject: [PATCH 05/28] Include jemalloc/jemalloc.h if ENABLE_JEMALLOC is set.
Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
---
source3/include/includes.h | 2 ++
1 file changed, 2 insertions(+)
diff --git a/source3/include/includes.h b/source3/include/includes.h
index 510a0b96539..94a076de11e 100644
--- a/source3/include/includes.h
+++ b/source3/include/includes.h
@@ -326,6 +326,8 @@ typedef char fstring[FSTRING_LEN];
* the *bottom* of include files so as not to conflict. */
#ifdef ENABLE_DMALLOC
# include <dmalloc.h>
+#elif ENABLE_JEMALLOC
+# include <jemalloc/jemalloc.h>
#endif
--
2.37.1

32
net/samba419/files/0006-Install-nss_-modules-into-PAMMODULESDIR-path.patch Normal file
View file

@ -0,0 +1,32 @@
From 406621efcd26d48b5e8f1e5df4082c8bf2cc8bab Mon Sep 17 00:00:00 2001
From: "Timur I. Bakeyev" <timur@FreeBSD.org>
Date: Sun, 30 May 2021 03:32:21 +0200
Subject: [PATCH 06/28] Install nss_* modules into PAMMODULESDIR path.
Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
---
nsswitch/wscript_build | 2 ++
1 file changed, 2 insertions(+)
diff --git a/nsswitch/wscript_build b/nsswitch/wscript_build
index 3247b6c2b7c..df2fc3b97ea 100644
--- a/nsswitch/wscript_build
+++ b/nsswitch/wscript_build
@@ -54,12 +54,14 @@ elif (host_os.rfind('freebsd') > -1):
source='winbind_nss_linux.c winbind_nss_freebsd.c',
deps='wbclient',
realname='nss_winbind.so.1',
+ install_path='${PAMMODULESDIR}',
vnum='1')
bld.SAMBA3_PLUGIN('nss_wins',
source='wins.c wins_freebsd.c',
deps='''wbclient''',
realname='nss_wins.so.1',
+ install_path='${PAMMODULESDIR}',
vnum='1')
elif (host_os.rfind('netbsd') > -1):
--
2.37.1

105
net/samba419/files/0007-Use-macro-value-as-a-default-backlog-size-for-the-li.patch Normal file
View file

@ -0,0 +1,105 @@
From 75f20f8e144a926873b619e1c0918896689d39a0 Mon Sep 17 00:00:00 2001
From: "Timur I. Bakeyev" <timur@FreeBSD.org>
Date: Sun, 30 May 2021 03:28:09 +0200
Subject: [PATCH 07/28] Use macro value as a default backlog size for the
`listen()` syscall.
Set that macro to -1 on FreeBSD, specifying maximum kernel configured
allowed backlog size.
Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
---
lib/tevent/echo_server.c | 2 +-
source3/include/local.h | 11 +++++++++++
source3/libsmb/unexpected.c | 2 +-
source3/utils/smbfilter.c | 2 +-
source3/winbindd/winbindd.c | 4 ++--
5 files changed, 16 insertions(+), 5 deletions(-)
diff --git a/lib/tevent/echo_server.c b/lib/tevent/echo_server.c
index f93d8bcdee7..49354dbf0e5 100644
--- a/lib/tevent/echo_server.c
+++ b/lib/tevent/echo_server.c
@@ -633,7 +633,7 @@ int main(int argc, const char **argv)
exit(1);
}
- ret = listen(listen_sock, 5);
+ ret = listen(listen_sock, DEFAULT_LISTEN_BACKLOG);
if (ret == -1) {
perror("listen() failed");
exit(1);
diff --git a/source3/include/local.h b/source3/include/local.h
index 297e5572fdb..d85aab09f9f 100644
--- a/source3/include/local.h
+++ b/source3/include/local.h
@@ -163,7 +163,18 @@
#define WINBIND_SERVER_MUTEX_WAIT_TIME (( ((NUM_CLI_AUTH_CONNECT_RETRIES) * ((CLI_AUTH_TIMEOUT)/1000)) + 5)*2)
/* size of listen() backlog in smbd */
+#if defined (FREEBSD)
+#define SMBD_LISTEN_BACKLOG -1
+#else
#define SMBD_LISTEN_BACKLOG 50
+#endif
+
+/* size of listen() default backlog */
+#if defined (FREEBSD)
+#define DEFAULT_LISTEN_BACKLOG -1
+#else
+#define DEFAULT_LISTEN_BACKLOG 5
+#endif
/* Number of microseconds to wait before a sharing violation. */
#define SHARING_VIOLATION_USEC_WAIT 950000
diff --git a/source3/libsmb/unexpected.c b/source3/libsmb/unexpected.c
index ced46969b88..317d6b1e0e2 100644
--- a/source3/libsmb/unexpected.c
+++ b/source3/libsmb/unexpected.c
@@ -95,7 +95,7 @@ NTSTATUS nb_packet_server_create(TALLOC_CTX *mem_ctx,
status = map_nt_error_from_unix(errno);
goto fail;
}
- rc = listen(result->listen_sock, 5);
+ rc = listen(result->listen_sock, DEFAULT_LISTEN_BACKLOG);
if (rc < 0) {
status = map_nt_error_from_unix(errno);
goto fail;
diff --git a/source3/utils/smbfilter.c b/source3/utils/smbfilter.c
index 3fbd63975c9..b2d90f993fc 100644
--- a/source3/utils/smbfilter.c
+++ b/source3/utils/smbfilter.c
@@ -291,7 +291,7 @@ static void start_filter(char *desthost)
exit(1);
}
- if (listen(s, 5) == -1) {
+ if (listen(s, DEFAULT_LISTEN_BACKLOG) == -1) {
d_printf("listen failed\n");
}
diff --git a/source3/winbindd/winbindd.c b/source3/winbindd/winbindd.c
index 0f9c6449a5a..c2df0c92372 100644
--- a/source3/winbindd/winbindd.c
+++ b/source3/winbindd/winbindd.c
@@ -1312,7 +1312,7 @@ static bool winbindd_setup_listeners(void)
if (pub_state->fd == -1) {
goto failed;
}
- rc = listen(pub_state->fd, 5);
+ rc = listen(pub_state->fd, DEFAULT_LISTEN_BACKLOG);
if (rc < 0) {
goto failed;
}
@@ -1344,7 +1344,7 @@ static bool winbindd_setup_listeners(void)
if (priv_state->fd == -1) {
goto failed;
}
- rc = listen(priv_state->fd, 5);
+ rc = listen(priv_state->fd, DEFAULT_LISTEN_BACKLOG);
if (rc < 0) {
goto failed;
}
--
2.37.1

111
net/samba419/files/0008-Brute-force-work-around-usage-of-Linux-specific-m-fl.patch Normal file
View file

@ -0,0 +1,111 @@
From 29d0b3479f61f33356d6cc82099085b5c412f949 Mon Sep 17 00:00:00 2001
From: "Timur I. Bakeyev" <timur@FreeBSD.org>
Date: Sun, 30 May 2021 03:24:48 +0200
Subject: [PATCH 08/28] Brute force work around usage of Linux-specific `%m`
flag in `sscanf()`.
Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
---
libcli/http/http.c | 36 ++++++++++++++++++++++++++-----
source4/libcli/ldap/ldap_client.c | 12 +++++++++++
2 files changed, 43 insertions(+), 5 deletions(-)
diff --git a/libcli/http/http.c b/libcli/http/http.c
index d20fc25f9e2..a28caca0045 100644
--- a/libcli/http/http.c
+++ b/libcli/http/http.c
@@ -142,7 +142,19 @@ static enum http_read_status http_parse_headers(struct http_read_response_state
return HTTP_ALL_DATA_READ;
}
+#ifdef FREEBSD
+ int s0, s1, s2, s3; s0 = s1 = s2 = s3 = 0;
+ n = sscanf(line, "%n%*[^:]%n: %n%*[^\r\n]%n\r\n", &s0, &s1, &s2, &s3);
+
+ if(n >= 0) {
+ key = calloc(sizeof(char), s1-s0+1);
+ value = calloc(sizeof(char), s3-s2+1);
+
+ n = sscanf(line, "%[^:]: %[^\r\n]\r\n", key, value);
+ }
+#else
n = sscanf(line, "%m[^:]: %m[^\r\n]\r\n", &key, &value);
+#endif
if (n != 2) {
DEBUG(0, ("%s: Error parsing header '%s'\n", __func__, line));
status = HTTP_DATA_CORRUPTED;
@@ -168,7 +180,7 @@ error:
static bool http_parse_response_line(struct http_read_response_state *state)
{
bool status = true;
- char *protocol;
+ char *protocol = NULL;
char *msg = NULL;
char major;
char minor;
@@ -188,12 +200,22 @@ static bool http_parse_response_line(struct http_read_response_state *state)
return false;
}
+#ifdef FREEBSD
+ int s0, s1, s2, s3; s0 = s1 = s2 = s3 = 0;
+ n = sscanf(line, "%n%*[^/]%n/%c.%c %d %n%*[^\r\n]%n\r\n",
+ &s0, &s1, &major, &minor, &code, &s2, &s3);
+
+ if(n == 3) {
+ protocol = calloc(sizeof(char), s1-s0+1);
+ msg = calloc(sizeof(char), s3-s2+1);
+
+ n = sscanf(line, "%[^/]/%c.%c %d %[^\r\n]\r\n",
+ protocol, &major, &minor, &code, msg);
+ }
+#else
n = sscanf(line, "%m[^/]/%c.%c %d %m[^\r\n]\r\n",
&protocol, &major, &minor, &code, &msg);
-
- DEBUG(11, ("%s: Header parsed(%i): protocol->%s, major->%c, minor->%c, "
- "code->%d, message->%s\n", __func__, n, protocol, major, minor,
- code, msg));
+#endif
if (n != 5) {
DEBUG(0, ("%s: Error parsing header\n", __func__));
@@ -201,6 +223,10 @@ static bool http_parse_response_line(struct http_read_response_state *state)
goto error;
}
+ DEBUG(11, ("%s: Header parsed(%i): protocol->%s, major->%c, minor->%c, "
+ "code->%d, message->%s\n", __func__, n, protocol, major, minor,
+ code, msg));
+
if (major != '1') {
DEBUG(0, ("%s: Bad HTTP major number '%c'\n", __func__, major));
status = false;
diff --git a/source4/libcli/ldap/ldap_client.c b/source4/libcli/ldap/ldap_client.c
index 8614ccdfd54..2630d3c8859 100644
--- a/source4/libcli/ldap/ldap_client.c
+++ b/source4/libcli/ldap/ldap_client.c
@@ -402,8 +402,20 @@ static int ldap_parse_basic_url(
*pport = port;
return 0;
}
+#ifdef FREEBSD
+ int s0, s1; s0 = s1 = 0;
+ ret = sscanf(url, "%n%*[^:/]%n:%d", &s0, &s1, &port);
+ if(ret >= 0) {
+ host = calloc(sizeof(char), s1 - s0 + 1);
+ if (host == NULL) {
+ return ENOMEM;
+ }
+ ret = sscanf(url, "%[^:/]:%d", host, &port);
+ }
+#else
ret = sscanf(url, "%m[^:/]:%d", &host, &port);
+#endif
if (ret < 1) {
return EINVAL;
}
--
2.37.1

39
net/samba419/files/0009-Make-sure-that-config-checks-fail-if-the-warning-is-.patch Normal file
View file

@ -0,0 +1,39 @@
From 3189d57e9c6cf8d5d25566f2760cfa4f822d7a2c Mon Sep 17 00:00:00 2001
From: "Timur I. Bakeyev" <timur@FreeBSD.org>
Date: Sun, 30 May 2021 03:21:19 +0200
Subject: [PATCH 09/28] Make sure that config checks fail if the warning is
raised, by adding -Werror flag to the CFLAGS(WERROR_CFLAGS)
Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
---
buildtools/wafsamba/samba_autoconf.py | 2 +-
lib/replace/wscript | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/buildtools/wafsamba/samba_autoconf.py b/buildtools/wafsamba/samba_autoconf.py
index 78927d85193..cf87c8bb9ff 100644
--- a/buildtools/wafsamba/samba_autoconf.py
+++ b/buildtools/wafsamba/samba_autoconf.py
@@ -987,5 +987,5 @@ def SAMBA_CHECK_UNDEFINED_SYMBOL_FLAGS(conf):
conf.env.undefined_ldflags = conf.ADD_LDFLAGS('-Wl,-no-undefined', testflags=True)
if (conf.env.undefined_ignore_ldflags == [] and
- conf.CHECK_LDFLAGS(['-undefined', 'dynamic_lookup'])):
+ conf.CHECK_LDFLAGS(['-undefined', 'dynamic_lookup'] + conf.env.WERROR_CFLAGS)):
conf.env.undefined_ignore_ldflags = ['-undefined', 'dynamic_lookup']
diff --git a/lib/replace/wscript b/lib/replace/wscript
index 0db93d8caf1..1f9806f1dd7 100644
--- a/lib/replace/wscript
+++ b/lib/replace/wscript
@@ -122,7 +122,7 @@ def configure(conf):
conf.CHECK_HEADERS('sys/atomic.h stdatomic.h')
conf.CHECK_HEADERS('libgen.h')
- if conf.CHECK_CFLAGS('-Wno-format-truncation'):
+ if conf.CHECK_CFLAGS(['-Wno-format-truncation'] + conf.env.WERROR_CFLAGS):
conf.define('HAVE_WNO_FORMAT_TRUNCATION', '1')
if conf.CHECK_CFLAGS('-Wno-unused-function'):
--
2.37.1

54
net/samba419/files/0010-Add-option-with-pkgconfigdir-to-specify-alternative-.patch Normal file
View file

@ -0,0 +1,54 @@
From 5b0d17a5b7849f40f59fb0daedd62e8f5a1b0fba Mon Sep 17 00:00:00 2001
From: "Timur I. Bakeyev" <timur@FreeBSD.org>
Date: Sun, 30 May 2021 03:16:37 +0200
Subject: [PATCH 10/28] Add option --with-pkgconfigdir, to specify alternative
location.
Override name of the config file.
Remove code that doesn't allow direct install into /usr
Substitution: yes
Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
---
dynconfig/wscript | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/dynconfig/wscript b/dynconfig/wscript
index c62afa25399..29cacf1b92c 100644
--- a/dynconfig/wscript
+++ b/dynconfig/wscript
@@ -151,6 +151,8 @@ dynconfig = {
'PKGCONFIGDIR' : {
'STD-PATH': '${LIBDIR}/pkgconfig',
'FHS-PATH': '${LIBDIR}/pkgconfig',
+ 'OPTION': '--with-pkgconfigdir',
+ 'HELPTEXT': 'Where to put .pc files',
},
'CODEPAGEDIR' : {
'STD-PATH': '${DATADIR}/codepages',
@@ -257,8 +259,8 @@ dynconfig = {
'DELAY': True,
},
'CONFIGFILE' : {
- 'STD-PATH': '${CONFIGDIR}/smb.conf',
- 'FHS-PATH': '${CONFIGDIR}/smb.conf',
+ 'STD-PATH': '${CONFIGDIR}/%%SAMBA4_CONFIG%%',
+ 'FHS-PATH': '${CONFIGDIR}/%%SAMBA4_CONFIG%%',
'DELAY': True,
},
'LMHOSTSFILE' : {
@@ -317,9 +319,6 @@ def configure(conf):
flavor = 'FHS-PATH'
else:
flavor = 'STD-PATH'
- if conf.env.PREFIX == '/usr' or conf.env.PREFIX == '/usr/local':
- Logs.error("Don't install directly under /usr or /usr/local without using the FHS option (--enable-fhs)")
- raise Errors.WafError("ERROR: invalid --prefix=%s value" % (conf.env.PREFIX))
explicit_set ={}
--
2.37.1

28
net/samba419/files/0011-Use-provided-by-port-location-of-the-XML-catalog.patch Normal file
View file

@ -0,0 +1,28 @@
From 6c68907dcd9abd82cc95c842380a8e817b8f0e7f Mon Sep 17 00:00:00 2001
From: "Timur I. Bakeyev" <timur@FreeBSD.org>
Date: Sun, 30 May 2021 02:54:28 +0200
Subject: [PATCH 11/28] Use provided by port location of the XML catalog.
Substitution: yes
Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
---
buildtools/wafsamba/wafsamba.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/buildtools/wafsamba/wafsamba.py b/buildtools/wafsamba/wafsamba.py
index 7885ee720be..c42a021bc01 100644
--- a/buildtools/wafsamba/wafsamba.py
+++ b/buildtools/wafsamba/wafsamba.py
@@ -1174,7 +1174,7 @@ def SAMBAMANPAGES(bld, manpages, extra_source=None):
bld.env.SAMBA_EXPAND_XSL = bld.srcnode.abspath() + '/docs-xml/xslt/expand-sambadoc.xsl'
bld.env.SAMBA_MAN_XSL = bld.srcnode.abspath() + '/docs-xml/xslt/man.xsl'
bld.env.SAMBA_CATALOG = bld.bldnode.abspath() + '/docs-xml/build/catalog.xml'
- bld.env.SAMBA_CATALOGS = os.getenv('XML_CATALOG_FILES', 'file:///etc/xml/catalog file:///usr/local/share/xml/catalog') + ' file://' + bld.env.SAMBA_CATALOG
+ bld.env.SAMBA_CATALOGS = os.getenv('XML_CATALOG_FILES', 'file:///etc/xml/catalog file://%%LOCALBASE%%/share/xml/catalog') + ' file://' + bld.env.SAMBA_CATALOG
for m in manpages.split():
source = [m + '.xml']
--
2.37.1

29
net/samba419/files/0012-Create-shared-libraries-according-to-the-FreeBSD-spe.patch Normal file
View file

@ -0,0 +1,29 @@
From 9731cc810b50b6694ff931135df398a6772200ae Mon Sep 17 00:00:00 2001
From: "Timur I. Bakeyev" <timur@FreeBSD.org>
Date: Sun, 30 May 2021 02:51:47 +0200
Subject: [PATCH 12/28] Create shared libraries according to the
FreeBSD-specific naming schema, where only major.minor versions are used.
https://docs.freebsd.org/en/books/developers-handbook/policies/#policies-shlib
Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
---
buildtools/wafsamba/samba_install.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/buildtools/wafsamba/samba_install.py b/buildtools/wafsamba/samba_install.py
index 2957e16c3da..82abbf893e2 100644
--- a/buildtools/wafsamba/samba_install.py
+++ b/buildtools/wafsamba/samba_install.py
@@ -115,7 +115,7 @@ def install_library(self):
inst_name = bld.make_libname(t.target)
elif self.vnum:
vnum_base = self.vnum.split('.')[0]
- install_name = bld.make_libname(target_name, version=self.vnum)
+ install_name = bld.make_libname(target_name, version=vnum_base)
install_link = bld.make_libname(target_name, version=vnum_base)
inst_name = bld.make_libname(t.target)
if not self.private_library or not t.env.SONAME_ST:
--
2.37.1

70
net/samba419/files/0013-Pass-additional-msg-parameter-to-CHECK_LIB-so-it-can.patch Normal file
View file

@ -0,0 +1,70 @@
From 6be12b41eb0f71cfc25b5df6659dd176bd681621 Mon Sep 17 00:00:00 2001
From: "Timur I. Bakeyev" <timur@FreeBSD.org>
Date: Thu, 8 Sep 2022 00:25:05 +0200
Subject: [PATCH 13/28] Pass additional msg parameter to CHECK_LIB(), so it can
be transited to the conf.check(), which allows us to specify `match`
parameter to opt.add_option().
Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
---
buildtools/wafsamba/samba_autoconf.py | 9 ++++++---
buildtools/wafsamba/wscript | 9 +++++++--
2 files changed, 13 insertions(+), 5 deletions(-)
diff --git a/buildtools/wafsamba/samba_autoconf.py b/buildtools/wafsamba/samba_autoconf.py
index cf87c8bb9ff..f6c72d99125 100644
--- a/buildtools/wafsamba/samba_autoconf.py
+++ b/buildtools/wafsamba/samba_autoconf.py
@@ -593,7 +593,7 @@ def library_flags(self, libs):
@conf
-def CHECK_LIB(conf, libs, mandatory=False, empty_decl=True, set_target=True, shlib=False):
+def CHECK_LIB(conf, libs, mandatory=False, empty_decl=True, set_target=True, shlib=False, msg=None):
'''check if a set of libraries exist as system libraries
returns the sublist of libs that do exist as a syslib or []
@@ -613,11 +613,14 @@ int foo()
ret.append(lib)
continue
+ if msg is None:
+ msg = 'Checking for library %s' % lib
+
(ccflags, ldflags, cpppath) = library_flags(conf, lib)
if shlib:
- res = conf.check(features='c cshlib', fragment=fragment, lib=lib, uselib_store=lib, cflags=ccflags, ldflags=ldflags, uselib=lib.upper(), mandatory=False)
+ res = conf.check(features='c cshlib', fragment=fragment, lib=lib, uselib_store=lib, cflags=ccflags, ldflags=ldflags, uselib=lib.upper(), mandatory=False, msg=msg)
else:
- res = conf.check(lib=lib, uselib_store=lib, cflags=ccflags, ldflags=ldflags, uselib=lib.upper(), mandatory=False)
+ res = conf.check(lib=lib, uselib_store=lib, cflags=ccflags, ldflags=ldflags, uselib=lib.upper(), mandatory=False, msg=msg)
if not res:
if mandatory:
diff --git a/buildtools/wafsamba/wscript b/buildtools/wafsamba/wscript
index a4d6f3e5c49..c047e1e8b5a 100644
--- a/buildtools/wafsamba/wscript
+++ b/buildtools/wafsamba/wscript
@@ -133,12 +133,17 @@ Currently the only tested value is 'smbtorture,smbd/smbd' for Samba'''),
help=("private library directory [PREFIX/lib/%s]" % Context.g_module.APPNAME),
action="store", dest='PRIVATELIBDIR', default=None)
+ opt.add_option('--with-openldap',
+ help='additional directory to search for OpenLDAP libs',
+ action='store', dest='ldap_open', default=None,
+ match = ['Checking for library lber', 'Checking for library ldap'])
+
opt.add_option('--with-libiconv',
help='additional directory to search for libiconv',
- action='store', dest='iconv_open', default='/usr/local',
+ action='store', dest='iconv_open', default=None,
match = ['Checking for library iconv', 'Checking for iconv_open', 'Checking for header iconv.h'])
opt.add_option('--without-gettext',
- help=("Disable use of gettext"),
+ help=("disable use of gettext"),
action="store_true", dest='disable_gettext', default=False)
gr = opt.option_group('developer options')
--
2.37.1

77
net/samba419/files/0014-Add-option-to-disable-CTDB-tests-failing-on-FreeBSD-.patch Normal file
View file

@ -0,0 +1,77 @@
From 2f16c17b683655fe318a1e6d45aaad3857d1a512 Mon Sep 17 00:00:00 2001
From: "Timur I. Bakeyev" <timur@FreeBSD.org>
Date: Mon, 31 May 2021 00:35:36 +0200
Subject: [PATCH 14/28] Add option to disable CTDB tests - failing on FreeBSD
right now in too many places.
Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
---
ctdb/wscript | 24 ++++++++++++++++++------
1 file changed, 18 insertions(+), 6 deletions(-)
diff --git a/ctdb/wscript b/ctdb/wscript
index a9fef9241aa..c89c6decdd7 100644
--- a/ctdb/wscript
+++ b/ctdb/wscript
@@ -106,6 +106,9 @@ def options(opt):
opt.add_option('--enable-ceph-reclock',
help=("Enable Ceph CTDB recovery lock helper (default=no)"),
action="store_true", dest='ctdb_ceph_reclock', default=False)
+ opt.add_option('--disable-ctdb-tests',
+ help=("Disable CTDB tests (default=no)"),
+ action="store_true", dest='ctdb_no_tests', default=False)
opt.add_option('--with-logdir',
help=("Path to log directory"),
@@ -278,7 +281,7 @@ def configure(conf):
if Options.options.ctdb_ceph_reclock:
if (conf.CHECK_HEADERS('rados/librados.h', False, False, 'rados') and
- conf.CHECK_LIB('rados', shlib=True)):
+ conf.CHECK_LIB('rados', shlib=True)):
Logs.info('Building with Ceph librados recovery lock support')
conf.define('HAVE_LIBRADOS', 1)
else:
@@ -317,8 +320,14 @@ def configure(conf):
conf.env.CTDB_VARDIR,
conf.env.CTDB_RUNDIR))
- conf.env.CTDB_TEST_DATADIR = os.path.join(conf.env.CTDB_DATADIR, 'tests')
- conf.env.CTDB_TEST_LIBEXECDIR = os.path.join(conf.env.LIBEXECDIR, 'ctdb/tests')
+ if Options.options.ctdb_no_tests:
+ conf.env.ctdb_tests = False
+ else:
+ conf.env.ctdb_tests = True
+
+ if conf.env.ctdb_tests:
+ conf.env.CTDB_TEST_DATADIR = os.path.join(conf.env.CTDB_DATADIR, 'tests')
+ conf.env.CTDB_TEST_LIBEXECDIR = os.path.join(conf.env.LIBEXECDIR, 'ctdb/tests')
# Allow unified compilation and separate compilation of utilities
# to find includes
@@ -706,9 +715,9 @@ def build(bld):
if bld.env.HAVE_LIBRADOS:
bld.SAMBA_BINARY('ctdb_mutex_ceph_rados_helper',
source='utils/ceph/ctdb_mutex_ceph_rados_helper.c',
- deps='talloc tevent rados',
- includes='include',
- install_path='${CTDB_HELPER_BINDIR}')
+ deps='talloc tevent rados',
+ includes='include',
+ install_path='${CTDB_HELPER_BINDIR}')
sed_expr1 = 's|/usr/local/var/lib/ctdb|%s|g' % (bld.env.CTDB_VARDIR)
sed_expr2 = 's|/usr/local/etc/ctdb|%s|g' % (bld.env.CTDB_ETCDIR)
@@ -885,6 +894,9 @@ def build(bld):
for d in ['volatile', 'persistent', 'state']:
bld.INSTALL_DIR(os.path.join(bld.env.CTDB_VARDIR, d))
+ if not bld.env.ctdb_tests:
+ return
+
#
# Test-only below this point
#
--
2.37.1

132
net/samba419/files/0015-Add-extra-debug-class-to-trck-down-DB-locking-code.patch Normal file
View file

@ -0,0 +1,132 @@
From 08e648c899e5023f337d2fa56e4e758f62f31ec4 Mon Sep 17 00:00:00 2001
From: "Timur I. Bakeyev" <timur@FreeBSD.org>
Date: Mon, 31 May 2021 00:38:38 +0200
Subject: [PATCH 15/28] Add extra debug class to trck down DB locking code.
Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
---
lib/dbwrap/dbwrap.c | 3 +++
lib/dbwrap/dbwrap_local_open.c | 3 +++
lib/dbwrap/dbwrap_rbt.c | 3 +++
lib/dbwrap/dbwrap_tdb.c | 3 +++
lib/dbwrap/dbwrap_util.c | 3 +++
source3/lib/dbwrap/dbwrap_ctdb.c | 3 +++
source3/lib/dbwrap/dbwrap_open.c | 3 +++
source3/lib/dbwrap/dbwrap_watch.c | 3 +++
8 files changed, 24 insertions(+)
diff --git a/lib/dbwrap/dbwrap.c b/lib/dbwrap/dbwrap.c
index 7555efaa3ab..51f58fea851 100644
--- a/lib/dbwrap/dbwrap.c
+++ b/lib/dbwrap/dbwrap.c
@@ -28,6 +28,9 @@
#include "lib/util/util_tdb.h"
#include "lib/util/tevent_ntstatus.h"
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_LOCKING
+
/*
* Fall back using fetch if no genuine exists operation is provided
*/
diff --git a/lib/dbwrap/dbwrap_local_open.c b/lib/dbwrap/dbwrap_local_open.c
index 20c5fa0e1d2..b834bbd0e41 100644
--- a/lib/dbwrap/dbwrap_local_open.c
+++ b/lib/dbwrap/dbwrap_local_open.c
@@ -23,6 +23,9 @@
#include "dbwrap/dbwrap_tdb.h"
#include "tdb.h"
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_LOCKING
+
struct db_context *dbwrap_local_open(TALLOC_CTX *mem_ctx,
const char *name,
int hash_size, int tdb_flags,
diff --git a/lib/dbwrap/dbwrap_rbt.c b/lib/dbwrap/dbwrap_rbt.c
index db456dfffba..483558a6dc7 100644
--- a/lib/dbwrap/dbwrap_rbt.c
+++ b/lib/dbwrap/dbwrap_rbt.c
@@ -24,6 +24,9 @@
#include "../lib/util/rbtree.h"
#include "../lib/util/dlinklist.h"
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_LOCKING
+
#define DBWRAP_RBT_ALIGN(_size_) (((_size_)+15)&~15)
struct db_rbt_ctx {
diff --git a/lib/dbwrap/dbwrap_tdb.c b/lib/dbwrap/dbwrap_tdb.c
index 6cd95fa25ad..4a75cd80256 100644
--- a/lib/dbwrap/dbwrap_tdb.c
+++ b/lib/dbwrap/dbwrap_tdb.c
@@ -29,6 +29,9 @@
#include "lib/param/param.h"
#include "libcli/util/error.h"
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_LOCKING
+
struct db_tdb_ctx {
struct tdb_wrap *wtdb;
diff --git a/lib/dbwrap/dbwrap_util.c b/lib/dbwrap/dbwrap_util.c
index df6dea40097..465814f0952 100644
--- a/lib/dbwrap/dbwrap_util.c
+++ b/lib/dbwrap/dbwrap_util.c
@@ -26,6 +26,9 @@
#include "dbwrap.h"
#include "lib/util/util_tdb.h"
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_LOCKING
+
struct dbwrap_fetch_int32_state {
NTSTATUS status;
int32_t result;
diff --git a/source3/lib/dbwrap/dbwrap_ctdb.c b/source3/lib/dbwrap/dbwrap_ctdb.c
index 0907089164a..9fc771d1217 100644
--- a/source3/lib/dbwrap/dbwrap_ctdb.c
+++ b/source3/lib/dbwrap/dbwrap_ctdb.c
@@ -38,6 +38,9 @@
#include "lib/cluster_support.h"
#include "lib/util/tevent_ntstatus.h"
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_LOCKING
+
struct db_ctdb_transaction_handle {
struct db_ctdb_ctx *ctx;
/*
diff --git a/source3/lib/dbwrap/dbwrap_open.c b/source3/lib/dbwrap/dbwrap_open.c
index 52c8a94aeff..caefb579058 100644
--- a/source3/lib/dbwrap/dbwrap_open.c
+++ b/source3/lib/dbwrap/dbwrap_open.c
@@ -31,6 +31,9 @@
#include "ctdbd_conn.h"
#include "global_contexts.h"
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_LOCKING
+
bool db_is_local(const char *name)
{
const char *sockname = lp_ctdbd_socket();
diff --git a/source3/lib/dbwrap/dbwrap_watch.c b/source3/lib/dbwrap/dbwrap_watch.c
index 17a52de37cc..77f7b178229 100644
--- a/source3/lib/dbwrap/dbwrap_watch.c
+++ b/source3/lib/dbwrap/dbwrap_watch.c
@@ -28,6 +28,9 @@
#include "server_id_watch.h"
#include "lib/dbwrap/dbwrap_private.h"
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_LOCKING
+
struct dbwrap_watcher {
/*
* Process watching this record
--
2.37.1

29
net/samba419/files/0016-Make-ldb_schema_attribute_compare-a-stable-comparisi.patch Normal file
View file

@ -0,0 +1,29 @@
From 2b3ee747cdf83b80d07aaf1b261956bc9894ff36 Mon Sep 17 00:00:00 2001
From: "Timur I. Bakeyev" <timur@FreeBSD.org>
Date: Thu, 8 Sep 2022 00:06:37 +0200
Subject: [PATCH 16/28] Make ldb_schema_attribute_compare() a stable
comparision function.
Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
---
lib/ldb/ldb_key_value/ldb_kv_cache.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/lib/ldb/ldb_key_value/ldb_kv_cache.c b/lib/ldb/ldb_key_value/ldb_kv_cache.c
index 4a3c9f29020..cb200aeb9ba 100644
--- a/lib/ldb/ldb_key_value/ldb_kv_cache.c
+++ b/lib/ldb/ldb_key_value/ldb_kv_cache.c
@@ -92,7 +92,9 @@ static int ldb_schema_attribute_compare(const void *p1, const void *p2)
{
const struct ldb_schema_attribute *sa1 = (const struct ldb_schema_attribute *)p1;
const struct ldb_schema_attribute *sa2 = (const struct ldb_schema_attribute *)p2;
- return ldb_attr_cmp(sa1->name, sa2->name);
+ int res = ldb_attr_cmp(sa1->name, sa2->name);
+
+ return (res) ? res : (sa1->flags > sa2->flags) ? 1 : (sa1->flags < sa2->flags) ? -1 : 0;
}
/*
--
2.37.1

49
net/samba419/files/0017-Use-arc4random-when-available-to-generate-random-tal.patch Normal file
View file

@ -0,0 +1,49 @@
From 42c9490dd346ee2f4369cbed4c37cb43f06e5d19 Mon Sep 17 00:00:00 2001
From: "Timur I. Bakeyev" <timur@FreeBSD.org>
Date: Wed, 7 Sep 2022 23:52:43 +0200
Subject: [PATCH 17/28] Use arc4random() when available to generate random
talloc slab signature.
Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
---
lib/talloc/talloc.c | 4 ++++
lib/talloc/wscript | 1 +
2 files changed, 5 insertions(+)
diff --git a/lib/talloc/talloc.c b/lib/talloc/talloc.c
index 29da190880a..79c76fd9e35 100644
--- a/lib/talloc/talloc.c
+++ b/lib/talloc/talloc.c
@@ -397,6 +397,9 @@ void talloc_lib_init(void) CONSTRUCTOR;
void talloc_lib_init(void)
{
uint32_t random_value;
+#if defined(HAVE_ARC4RANDOM)
+ random_value = arc4random();
+#else
#if defined(HAVE_GETAUXVAL) && defined(AT_RANDOM)
uint8_t *p;
/*
@@ -430,6 +433,7 @@ void talloc_lib_init(void)
*/
random_value = ((uintptr_t)talloc_lib_init & 0xFFFFFFFF);
}
+#endif /* HAVE_ARC4RANDOM */
talloc_magic = random_value & ~TALLOC_FLAG_MASK;
}
#else
diff --git a/lib/talloc/wscript b/lib/talloc/wscript
index f0c266a7878..c75ec0505df 100644
--- a/lib/talloc/wscript
+++ b/lib/talloc/wscript
@@ -52,6 +52,7 @@ def configure(conf):
conf.CHECK_HEADERS('sys/auxv.h')
conf.CHECK_FUNCS('getauxval')
+ conf.CHECK_FUNCS('arc4random')
conf.SAMBA_CONFIG_H()
--
2.37.1

65
net/samba419/files/0018-Add-configuration-option-that-allows-to-choose-alter.patch Normal file
View file

@ -0,0 +1,65 @@
From b81d399aa6d9e2bdbb9db0efa8109c41aad4d025 Mon Sep 17 00:00:00 2001
From: "Timur I. Bakeyev" <timur@FreeBSD.org>
Date: Mon, 31 May 2021 02:49:20 +0200
Subject: [PATCH 18/28] Add configuration option that allows to choose
alternative mDNS implementation dns_sd library.
Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
---
source3/wscript | 12 ++++++++++++
source3/wscript_build | 2 ++
2 files changed, 14 insertions(+)
diff --git a/source3/wscript b/source3/wscript
index 2121b8b6510..6209472c6c8 100644
--- a/source3/wscript
+++ b/source3/wscript
@@ -70,6 +70,7 @@ def options(opt):
opt.samba_add_onoff_option('sendfile-support', default=None)
opt.samba_add_onoff_option('utmp')
opt.samba_add_onoff_option('avahi', with_name="enable", without_name="disable")
+ opt.samba_add_onoff_option('dnssd', with_name="enable", without_name="disable")
opt.samba_add_onoff_option('iconv')
opt.samba_add_onoff_option('acl-support')
opt.samba_add_onoff_option('syslog')
@@ -855,6 +856,17 @@ msg.msg_accrightslen = sizeof(fd);
conf.SET_TARGET_TYPE('avahi-common', 'EMPTY')
conf.SET_TARGET_TYPE('avahi-client', 'EMPTY')
+ if Options.options.with_dnssd:
+ conf.env.with_dnssd = True
+ if not conf.CHECK_HEADERS('dns_sd.h'):
+ conf.env.with_dnssd = False
+ if not conf.CHECK_FUNCS_IN('DNSServiceRegister', 'dns_sd'):
+ conf.env.with_dnssd = False
+ if conf.env.with_dnssd:
+ conf.DEFINE('WITH_DNSSD_SUPPORT', 1)
+ else:
+ conf.SET_TARGET_TYPE('dns_sd', 'EMPTY')
+
if Options.options.with_iconv:
conf.env.with_iconv = True
if not conf.CHECK_FUNCS_IN('iconv_open', 'iconv', headers='iconv.h'):
diff --git a/source3/wscript_build b/source3/wscript_build
index 5cf965dc45d..edd7985e648 100644
--- a/source3/wscript_build
+++ b/source3/wscript_build
@@ -709,6 +709,7 @@ bld.SAMBA3_LIBRARY('smbd_base',
samba3core
param_service
AVAHI
+ dns_sd
PROFILE
LOCKING
LIBADS_SERVER
@@ -1128,6 +1129,7 @@ bld.SAMBA3_BINARY('client/smbclient',
msrpc3
RPC_NDR_SRVSVC
cli_smb_common
+ dns_sd
archive
''')
--
2.37.1

544
net/samba419/files/0019-From-923bc7a1afeb0b920e60e14846987ae1d2d7dca4-Mon-Se.patch Normal file
View file

@ -0,0 +1,544 @@
From 5aabf82dfaf325bf682db85d80476224e7005a41 Mon Sep 17 00:00:00 2001
From: "Timur I. Bakeyev" <timur@FreeBSD.org>
Date: Mon, 31 May 2021 00:46:16 +0200
Subject: [PATCH 19/28] From 923bc7a1afeb0b920e60e14846987ae1d2d7dca4 Mon Sep
17 00:00:00 2001 From: John Hixson <john@ixsystems.com> Date: Thu, 7 Dec 2017
09:36:32 -0500 Subject: [PATCH] Freenas/master mdns fixes (#22)
* mDNS fixes for Samba (work in progress).
* Fix mDNS - Can advertise on individual interfaces
* Fix mDNS browsing in smbclient
Signed-off-by: Timur I. Bakeyev <timur@iXsystems.com>
Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
---
source3/client/dnsbrowse.c | 19 +-
source3/smbd/dnsregister.c | 354 ++++++++++++++++++++++++++++++-------
2 files changed, 299 insertions(+), 74 deletions(-)
diff --git a/source3/client/dnsbrowse.c b/source3/client/dnsbrowse.c
index be6eb881cf1..83aef966d2a 100644
--- a/source3/client/dnsbrowse.c
+++ b/source3/client/dnsbrowse.c
@@ -39,6 +39,7 @@ struct mdns_smbsrv_result
struct mdns_browse_state
{
struct mdns_smbsrv_result *listhead; /* Browse result list head */
+ TALLOC_CTX * ctx;
int browseDone;
};
@@ -64,7 +65,7 @@ static void do_smb_resolve(struct mdns_smbsrv_result *browsesrv)
struct timeval tv;
DNSServiceErrorType err;
- TALLOC_CTX * ctx = talloc_tos();
+ TALLOC_CTX * ctx = talloc_new(NULL);
err = DNSServiceResolve(&mdns_conn_sdref, 0 /* flags */,
browsesrv->ifIndex,
@@ -91,7 +92,7 @@ static void do_smb_resolve(struct mdns_smbsrv_result *browsesrv)
}
}
- TALLOC_FREE(fdset);
+ TALLOC_FREE(ctx);
DNSServiceRefDeallocate(mdns_conn_sdref);
}
@@ -124,18 +125,19 @@ do_smb_browse_reply(DNSServiceRef sdRef, DNSServiceFlags flags,
return;
}
- bresult = talloc_array(talloc_tos(), struct mdns_smbsrv_result, 1);
+ bresult = talloc_array(bstatep->ctx, struct mdns_smbsrv_result, 1);
if (bresult == NULL) {
return;
}
+ bresult->nextResult = NULL;
if (bstatep->listhead != NULL) {
bresult->nextResult = bstatep->listhead;
}
- bresult->serviceName = talloc_strdup(talloc_tos(), serviceName);
- bresult->regType = talloc_strdup(talloc_tos(), regtype);
- bresult->domain = talloc_strdup(talloc_tos(), replyDomain);
+ bresult->serviceName = talloc_strdup(bstatep->ctx, serviceName);
+ bresult->regType = talloc_strdup(bstatep->ctx, regtype);
+ bresult->domain = talloc_strdup(bstatep->ctx, replyDomain);
bresult->ifIndex = interfaceIndex;
bstatep->listhead = bresult;
}
@@ -151,10 +153,13 @@ int do_smb_browse(void)
DNSServiceRef mdns_conn_sdref = NULL;
DNSServiceErrorType err;
- TALLOC_CTX * ctx = talloc_stackframe();
+ TALLOC_CTX * ctx = talloc_new(NULL);
ZERO_STRUCT(bstate);
+ bstate.ctx = ctx;
+ bstate.listhead = NULL;
+
err = DNSServiceBrowse(&mdns_conn_sdref, 0, 0, "_smb._tcp", "",
do_smb_browse_reply, &bstate);
diff --git a/source3/smbd/dnsregister.c b/source3/smbd/dnsregister.c
index df189001a09..389a4278f64 100644
--- a/source3/smbd/dnsregister.c
+++ b/source3/smbd/dnsregister.c
@@ -29,6 +29,29 @@
* browse for advertised SMB services.
*/
+/*
+ * Time Machine Errata:
+ * sys=adVF=0x100 -- this is required when ._adisk._tcp is present on device. When it is
+ * set, the MacOS client will send a NetShareEnumAll IOCTL and shares will be visible.
+ * Otherwise, Finder will only see the Time Machine share. In the absence of ._adisk._tcp
+ * MacOS will _always_ send NetShareEnumAll IOCTL.
+ *
+ * waMa=0 -- MacOS server uses waMa=0, while embedded devices have it set to their Mac Address.
+ * Speculation in Samba-Technical indicates that this stands for "Wireless AirDisk Mac Address".
+ *
+ * adVU -- AirDisk Volume UUID. Mac OS servers generate a UUID. Time machine over SMB works without one
+ * set. Netatalk generates a UUID and stores it persistently in afp_voluuid.conf. This can be
+ * set by adding the share parameter "fruit:volume_uuid = "
+ *
+ * dk(n)=adVF=
+ * 0xa1, 0x81 - AFP support
+ * 0xa2, 0x82 - SMB support
+ * 0xa3, 0x83 - AFP and SMB support
+ *
+ * adVN -- AirDisk Volume Name. We set this to the share name.
+ *
+ */
+
#define DNS_REG_RETRY_INTERVAL (5*60) /* in seconds */
#ifdef WITH_DNSSD_SUPPORT
@@ -36,85 +59,177 @@
#include <dns_sd.h>
struct dns_reg_state {
- struct tevent_context *event_ctx;
- uint16_t port;
- DNSServiceRef srv_ref;
- struct tevent_timer *te;
- int fd;
- struct tevent_fd *fde;
+ int count;
+ struct reg_state {
+ DNSServiceRef srv_ref;
+ TALLOC_CTX *mem_ctx;
+ struct tevent_context *event_ctx;
+ struct tevent_timer *te;
+ struct tevent_fd *fde;
+ uint16_t port;
+ int if_index;
+ int fd;
+ } *drs;
};
-static int dns_reg_state_destructor(struct dns_reg_state *dns_state)
+static void dns_register_smbd_retry(struct tevent_context *ctx,
+ struct tevent_timer *te,
+ struct timeval now,
+ void *private_data);
+static void dns_register_smbd_fde_handler(struct tevent_context *ev,
+ struct tevent_fd *fde,
+ uint16_t flags,
+ void *private_data);
+
+
+static int reg_state_destructor(struct reg_state *state)
{
- if (dns_state->srv_ref != NULL) {
+ if (state == NULL) {
+ return -1;
+ }
+
+ if (state->srv_ref != NULL) {
/* Close connection to the mDNS daemon */
- DNSServiceRefDeallocate(dns_state->srv_ref);
- dns_state->srv_ref = NULL;
+ DNSServiceRefDeallocate(state->srv_ref);
+ state->srv_ref = NULL;
}
/* Clear event handler */
- TALLOC_FREE(dns_state->te);
- TALLOC_FREE(dns_state->fde);
- dns_state->fd = -1;
+ TALLOC_FREE(state->te);
+ TALLOC_FREE(state->fde);
+ state->fd = -1;
return 0;
}
-static void dns_register_smbd_retry(struct tevent_context *ctx,
- struct tevent_timer *te,
- struct timeval now,
- void *private_data);
-static void dns_register_smbd_fde_handler(struct tevent_context *ev,
- struct tevent_fd *fde,
- uint16_t flags,
- void *private_data);
+int TXTRecordPrintf(TXTRecordRef * rec, const char * key, const char * fmt, ... )
+{
+ int ret = 0;
+ char *str;
+ va_list ap;
+ va_start( ap, fmt );
+
+ if( 0 > vasprintf(&str, fmt, ap ) ) {
+ va_end(ap);
+ return -1;
+ }
+ va_end(ap);
+
+ if( kDNSServiceErr_NoError != TXTRecordSetValue(rec, key, strlen(str), str) ) {
+ ret = -1;
+ }
+
+ free(str);
+ return ret;
+}
+
+int TXTRecordKeyPrintf(TXTRecordRef * rec, const char * key_fmt, int key_var, const char * fmt, ...)
+{
+ int ret = 0;
+ char *key = NULL, *str = NULL;
+ va_list ap;
+
+ if( 0 > asprintf(&key, key_fmt, key_var)) {
+ DEBUG(1, ("Failed in asprintf\n"));
+ return -1;
+ }
-static bool dns_register_smbd_schedule(struct dns_reg_state *dns_state,
+ va_start( ap, fmt );
+ if( 0 > vasprintf(&str, fmt, ap )) {
+ va_end(ap);
+ DEBUG(1, ("Failed in vasprintf\n"));
+ ret = -1;
+ goto exit;
+ }
+ va_end(ap);
+
+ if( kDNSServiceErr_NoError != TXTRecordSetValue(rec, key, strlen(str), str) ) {
+ DEBUG(1, ("Failed in TXTRecordSetValuen"));
+ ret = -1;
+ goto exit;
+ }
+
+ exit:
+ if (str)
+ free(str);
+ if (key)
+ free(key);
+ return ret;
+}
+
+
+static bool dns_register_smbd_schedule(struct reg_state *state,
struct timeval tval)
{
- dns_reg_state_destructor(dns_state);
+ reg_state_destructor(state);
- dns_state->te = tevent_add_timer(dns_state->event_ctx,
- dns_state,
+ state->te = tevent_add_timer(state->event_ctx,
+ state->mem_ctx,
tval,
dns_register_smbd_retry,
- dns_state);
- if (!dns_state->te) {
+ state);
+ if (!state->te) {
return false;
}
return true;
}
+static void dns_register_smbd_callback(DNSServiceRef service,
+ DNSServiceFlags flags,
+ DNSServiceErrorType errorCode,
+ const char *name,
+ const char *type,
+ const char *domain,
+ void *context)
+{
+ if (errorCode != kDNSServiceErr_NoError) {
+ DEBUG(6, ("error=%d\n", errorCode));
+ } else {
+ DEBUG(6, ("%-15s %s.%s%s\n", "REGISTER", name, type, domain));
+ }
+}
+
static void dns_register_smbd_retry(struct tevent_context *ctx,
struct tevent_timer *te,
struct timeval now,
void *private_data)
{
- struct dns_reg_state *dns_state = talloc_get_type_abort(private_data,
- struct dns_reg_state);
+ struct reg_state *state = (struct reg_state *)private_data;
DNSServiceErrorType err;
+ int snum;
+ size_t dk = 0;
+ bool sys_txt_created = false;
+ TXTRecordRef txt_adisk;
+ TXTRecordRef txt_devinfo;
+ char *servname;
+ char *v_uuid;
+ int num_services = lp_numservices();
+
+ reg_state_destructor(state);
- dns_reg_state_destructor(dns_state);
+ TXTRecordCreate(&txt_adisk, 0, NULL);
- DEBUG(6, ("registering _smb._tcp service on port %d\n",
- dns_state->port));
+ DEBUG(6, ("registering _smb._tcp service on port %d index %d\n",
+ state->port, state->if_index));
/* Register service with DNS. Connects with the mDNS
* daemon running on the local system to perform DNS
* service registration.
*/
- err = DNSServiceRegister(&dns_state->srv_ref, 0 /* flags */,
- kDNSServiceInterfaceIndexAny,
- NULL /* service name */,
- "_smb._tcp" /* service type */,
- NULL /* domain */,
- "" /* SRV target host name */,
- htons(dns_state->port),
- 0 /* TXT record len */,
- NULL /* TXT record data */,
- NULL /* callback func */,
- NULL /* callback context */);
+ err = DNSServiceRegister(&state->srv_ref,
+ 0 /* flags */,
+ state->if_index /* interface index */,
+ NULL /* service name */,
+ "_smb._tcp" /* service type */,
+ NULL /* domain */,
+ "" /* SRV target host name */,
+ htons(state->port) /* port */,
+ 0 /* TXT record len */,
+ NULL /* TXT record data */,
+ dns_register_smbd_callback /* callback func */,
+ NULL /* callback context */);
+
if (err != kDNSServiceErr_NoError) {
/* Failed to register service. Schedule a re-try attempt.
@@ -123,24 +238,96 @@ static void dns_register_smbd_retry(struct tevent_context *ctx,
goto retry;
}
- dns_state->fd = DNSServiceRefSockFD(dns_state->srv_ref);
- if (dns_state->fd == -1) {
+ /*
+ * Check for services that are configured as Time Machine targets
+ *
+ */
+ for (snum = 0; snum < num_services; snum++) {
+ if (lp_snum_ok(snum) && lp_parm_bool(snum, "fruit", "time machine", false))
+ {
+ if (!sys_txt_created) {
+ if( 0 > TXTRecordPrintf(&txt_adisk, "sys", "adVF=0x100") ) {
+ DEBUG(1, ("Failed to create Zeroconf TXTRecord for sys") );
+ goto retry;
+ }
+ else
+ {
+ sys_txt_created = true;
+ }
+ }
+
+ v_uuid = lp_parm_const_string(snum, "fruit", "volume_uuid", NULL);
+ servname = lp_const_servicename(snum);
+ DEBUG(1, ("Registering volume %s for TimeMachine\n", servname));
+ if (v_uuid) {
+ if( 0 > TXTRecordKeyPrintf(&txt_adisk, "dk%zu", dk++, "adVN=%s,adVF=0x82,adVU=%s",
+ servname, v_uuid) ) {
+ DEBUG(1, ("Could not set Zeroconf TXTRecord for dk%zu \n", dk));
+ goto retry;
+ }
+ DEBUG(1, ("Registering TimeMachine with the following TXT parameters: "
+ "dk%zu,adVN=%s,adVF=0x82,adVU=%s\n", dk, servname, v_uuid) );
+ }
+ else {
+ if( 0 > TXTRecordKeyPrintf(&txt_adisk, "dk%zu", dk++, "adVN=%s,adVF=0x82",
+ servname) ) {
+ DEBUG(1, ("Could not set Zeroconf TXTRecord for dk%zu \n", dk));
+ goto retry;
+ }
+ DEBUG(1, ("Registering TimeMachine with the following TXT parameters: "
+ "dk%zu,adVN=%s,adVF=0x82\n", dk, servname) );
+ }
+ }
+ }
+
+ if (dk) {
+ err = DNSServiceRegister(&state->srv_ref,
+ 0 /* flags */,
+ state->if_index /* interface index */,
+ NULL /* service name */,
+ "_adisk._tcp" /* service type */,
+ NULL /* domain */,
+ "" /* SRV target host name */,
+ /*
+ * We would probably use port 0 zero, but we can't, from man DNSServiceRegister:
+ * "A value of 0 for a port is passed to register placeholder services.
+ * Place holder services are not found when browsing, but other
+ * clients cannot register with the same name as the placeholder service."
+ * We therefor use port 9 which is used by the adisk service type.
+ */
+ htons(9) /* port */,
+ TXTRecordGetLength(&txt_adisk) /* TXT record len */,
+ TXTRecordGetBytesPtr(&txt_adisk) /* TXT record data */,
+ dns_register_smbd_callback /* callback func */,
+ NULL /* callback context */);
+
+
+ if (err != kDNSServiceErr_NoError) {
+ /* Failed to register service. Schedule a re-try attempt.
+ */
+ DEBUG(1, ("unable to register with mDNS (err %d)\n", err));
+ goto retry;
+ }
+ }
+
+ state->fd = DNSServiceRefSockFD(state->srv_ref);
+ if (state->fd == -1) {
goto retry;
}
- dns_state->fde = tevent_add_fd(dns_state->event_ctx,
- dns_state,
- dns_state->fd,
- TEVENT_FD_READ,
- dns_register_smbd_fde_handler,
- dns_state);
- if (!dns_state->fde) {
+ state->fde = tevent_add_fd(state->event_ctx,
+ state->mem_ctx,
+ state->fd,
+ TEVENT_FD_READ,
+ dns_register_smbd_fde_handler,
+ state);
+ if (!state->fde) {
goto retry;
}
return;
retry:
- dns_register_smbd_schedule(dns_state,
+ dns_register_smbd_schedule(state,
timeval_current_ofs(DNS_REG_RETRY_INTERVAL, 0));
}
@@ -150,44 +337,77 @@ static void dns_register_smbd_fde_handler(struct tevent_context *ev,
uint16_t flags,
void *private_data)
{
- struct dns_reg_state *dns_state = talloc_get_type_abort(private_data,
- struct dns_reg_state);
+ struct reg_state *state = (struct reg_state *)private_data;
DNSServiceErrorType err;
- err = DNSServiceProcessResult(dns_state->srv_ref);
+ err = DNSServiceProcessResult(state->srv_ref);
if (err != kDNSServiceErr_NoError) {
- DEBUG(3, ("failed to process mDNS result (err %d), re-trying\n",
- err));
+ DEBUG(3, ("failed to process mDNS result (err %d), re-trying\n", err));
goto retry;
}
- talloc_free(dns_state);
return;
retry:
- dns_register_smbd_schedule(dns_state,
- timeval_current_ofs(DNS_REG_RETRY_INTERVAL, 0));
+ dns_register_smbd_schedule(state, timeval_zero());
}
+static int dns_reg_state_destructor(struct dns_reg_state *state)
+{
+ if (state != NULL) {
+ talloc_free(state);
+ }
+ return 0;
+}
+
+
bool smbd_setup_mdns_registration(struct tevent_context *ev,
TALLOC_CTX *mem_ctx,
uint16_t port)
{
struct dns_reg_state *dns_state;
+ bool bind_all = true;
+ int i;
dns_state = talloc_zero(mem_ctx, struct dns_reg_state);
- if (dns_state == NULL) {
+ if (dns_state == NULL)
+ return false;
+
+ if (lp_interfaces() && lp_bind_interfaces_only())
+ bind_all = false;
+
+ dns_state->count = iface_count();
+ if (dns_state->count <= 0 || bind_all == true)
+ dns_state->count = 1;
+
+ dns_state->drs = talloc_array(mem_ctx, struct reg_state, dns_state->count);
+ if (dns_state->drs == NULL) {
+ talloc_free(dns_state);
return false;
}
- dns_state->event_ctx = ev;
- dns_state->port = port;
- dns_state->fd = -1;
- talloc_set_destructor(dns_state, dns_reg_state_destructor);
+ for (i = 0; i < dns_state->count; i++) {
+ struct interface *iface = get_interface(i);
+ struct reg_state *state = &dns_state->drs[i];
+
+ state->mem_ctx = mem_ctx;
+ state->srv_ref = NULL;
+ state->event_ctx = ev;
+ state->te = NULL;
+ state->fde = NULL;
+ state->port = port;
+ state->fd = -1;
- return dns_register_smbd_schedule(dns_state, timeval_zero());
+ state->if_index = bind_all ? kDNSServiceInterfaceIndexAny : iface->if_index;
+
+ dns_register_smbd_schedule(&dns_state->drs[i], timeval_zero());
+ }
+
+ talloc_set_destructor(dns_state, dns_reg_state_destructor);
+ return true;
}
+
#else /* WITH_DNSSD_SUPPORT */
bool smbd_setup_mdns_registration(struct tevent_context *ev,
--
2.37.1

35
net/samba419/files/0020-FreeBSD-12-between-r336017-and-r342928-wrongfuly-ret.patch Normal file
View file

@ -0,0 +1,35 @@
From 02b599cc740490fa6f433b0c455fe458fdc1db61 Mon Sep 17 00:00:00 2001
From: "Timur I. Bakeyev" <timur@FreeBSD.org>
Date: Mon, 31 May 2021 02:45:11 +0200
Subject: [PATCH 20/28] FreeBSD 12 between r336017 and r342928 wrongfuly return
ENOENT for the not enabled qoutas on ZFS. Wrap relevant error code check with
the versioning ifdef's.
Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
---
source3/lib/sysquotas_4B.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/source3/lib/sysquotas_4B.c b/source3/lib/sysquotas_4B.c
index d9beb924ad9..c41cac02e5f 100644
--- a/source3/lib/sysquotas_4B.c
+++ b/source3/lib/sysquotas_4B.c
@@ -140,7 +140,14 @@ static int sys_quotactl_4B(const char * path, int cmd,
/* ENOTSUP means quota support is not compiled in. EINVAL
* means that quotas are not configured (commonly).
*/
- if (errno != ENOTSUP && errno != EINVAL) {
+ if (errno != ENOTSUP && errno != EINVAL
+/*
+ * FreeBSD 12 between r336017 and r342928 wrongfuly return ENOENT for the not enabled qoutas on ZFS.
+ */
+#if defined(__FreeBSD__) && ((__FreeBSD_version >= 1102503 && __FreeBSD_version <= 1102506) || (__FreeBSD_version >= 1200072 && __FreeBSD_version <= 1200503) || (__FreeBSD_version >= 1300000 && __FreeBSD_version <= 1300009))
+ && errno != ENOENT
+#endif
+ ) {
DEBUG(5, ("failed to %s quota for %s ID %u on %s: %s\n",
(cmd & QCMD(Q_GETQUOTA, 0)) ? "get" : "set",
(cmd & QCMD(0, GRPQUOTA)) ? "group" : "user",
--
2.37.1

36
net/samba419/files/0021-Fix-casting-warnings-in-the-nfs_quota-debug-message.patch Normal file
View file

@ -0,0 +1,36 @@
From 46f5b54aa5761541a16108d66764d662f37f04d2 Mon Sep 17 00:00:00 2001
From: "Timur I. Bakeyev" <timur@FreeBSD.org>
Date: Mon, 31 May 2021 02:41:48 +0200
Subject: [PATCH 21/28] Fix casting warnings in the nfs_quota debug message.
Initialize quota structure with zeros.
Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
---
source3/smbd/quotas.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/source3/smbd/quotas.c b/source3/smbd/quotas.c
index 604631f81d6..c23fa49b3b0 100644
--- a/source3/smbd/quotas.c
+++ b/source3/smbd/quotas.c
@@ -125,6 +125,7 @@ static bool nfs_quotas(char *nfspath, uid_t euser_id, uint64_t *bsize, uint64_t
if (!cutstr)
return False;
+ memset(&D, '\0', sizeof(D));
memset(cutstr, '\0', len+1);
host = strncat(cutstr,mnttype, sizeof(char) * len );
DEBUG(5,("nfs_quotas: looking for mount on \"%s\"\n", cutstr));
@@ -133,7 +134,7 @@ static bool nfs_quotas(char *nfspath, uid_t euser_id, uint64_t *bsize, uint64_t
args.gqa_pathp = testpath+1;
args.gqa_uid = uid;
- DEBUG(5,("nfs_quotas: Asking for host \"%s\" rpcprog \"%i\" rpcvers \"%i\" network \"%s\"\n", host, RQUOTAPROG, RQUOTAVERS, "udp"));
+ DEBUG(5,("nfs_quotas: Asking for host \"%s\" rpcprog \"%lu\" rpcvers \"%lu\" network \"%s\"\n", host, RQUOTAPROG, RQUOTAVERS, "udp"));
if ((clnt = clnt_create(host, RQUOTAPROG, RQUOTAVERS, "udp")) == NULL) {
ret = False;
--
2.37.1

340
net/samba419/files/0022-Clean-up-UTMP-handling-code-and-add-FreeBSD-support..patch Normal file
View file

@ -0,0 +1,340 @@
From 5019ad026f106d51dc2bb4c410a05b2f63b56cd0 Mon Sep 17 00:00:00 2001
From: "Timur I. Bakeyev" <timur@FreeBSD.org>
Date: Mon, 31 May 2021 01:43:13 +0200
Subject: [PATCH 22/28] Clean up UTMP handling code and add FreeBSD support.
Some really legacy platforms may have been dropped as a result.
Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
---
source3/smbd/utmp.c | 156 ++++++++++++--------------------------------
source3/wscript | 37 ++++++-----
2 files changed, 63 insertions(+), 130 deletions(-)
diff --git a/source3/smbd/utmp.c b/source3/smbd/utmp.c
index 4327301e3b1..f4a8362dd56 100644
--- a/source3/smbd/utmp.c
+++ b/source3/smbd/utmp.c
@@ -257,7 +257,7 @@ static char *uw_pathname(TALLOC_CTX *ctx,
Update utmp file directly. No subroutine interface: probably a BSD system.
****************************************************************************/
-static void pututline_my(const char *uname, struct utmp *u, bool claim)
+static void pututline_my(const char *uname, STRUCT_UTMP *u, bool claim)
{
DEBUG(1,("pututline_my: not yet implemented\n"));
/* BSD implementor: may want to consider (or not) adjusting "lastlog" */
@@ -271,7 +271,7 @@ static void pututline_my(const char *uname, struct utmp *u, bool claim)
Credit: Michail Vidiassov <master@iaas.msu.ru>
****************************************************************************/
-static void updwtmp_my(const char *wname, struct utmp *u, bool claim)
+static void updwtmp_my(const char *wname, STRUCT_UTMP *u, bool claim)
{
int fd;
struct stat buf;
@@ -303,7 +303,7 @@ static void updwtmp_my(const char *wname, struct utmp *u, bool claim)
if ((fd = open(wname, O_WRONLY|O_APPEND, 0)) < 0)
return;
if (fstat(fd, &buf) == 0) {
- if (write(fd, (char *)u, sizeof(struct utmp)) != sizeof(struct utmp))
+ if (write(fd, (char *)u, sizeof(STRUCT_UTMP)) != sizeof(STRUCT_UTMP))
(void) ftruncate(fd, buf.st_size);
}
(void) close(fd);
@@ -314,12 +314,12 @@ static void updwtmp_my(const char *wname, struct utmp *u, bool claim)
Update via utmp/wtmp (not utmpx/wtmpx).
****************************************************************************/
-static void utmp_nox_update(struct utmp *u, bool claim)
+static void utmp_nox_update(STRUCT_UTMP *u, bool claim)
{
char *uname = NULL;
char *wname = NULL;
#if defined(PUTUTLINE_RETURNS_UTMP)
- struct utmp *urc;
+ STRUCT_UTMP *urc;
#endif /* PUTUTLINE_RETURNS_UTMP */
uname = uw_pathname(talloc_tos(), "utmp", ut_pathname);
@@ -376,127 +376,52 @@ static void utmp_nox_update(struct utmp *u, bool claim)
}
}
-/****************************************************************************
- Copy a string in the utmp structure.
-****************************************************************************/
-static void utmp_strcpy(char *dest, const char *src, size_t n)
-{
- size_t len = 0;
-
- memset(dest, '\0', n);
- if (src)
- len = strlen(src);
- if (len >= n) {
- memcpy(dest, src, n);
- } else {
- if (len)
- memcpy(dest, src, len);
- }
-}
+
+
/****************************************************************************
Update via utmpx/wtmpx (preferred) or via utmp/wtmp.
****************************************************************************/
-static void sys_utmp_update(struct utmp *u, const char *hostname, bool claim)
+static void sys_utmp_update(STRUCT_UTMP *u, const char *hostname, bool claim)
{
-#if !defined(HAVE_UTMPX_H)
- /* No utmpx stuff. Drop to non-x stuff */
- utmp_nox_update(u, claim);
-#elif !defined(HAVE_PUTUTXLINE)
- /* Odd. Have utmpx.h but no "pututxline()". Drop to non-x stuff */
- DEBUG(1,("utmp_update: have utmpx.h but no pututxline() function\n"));
- utmp_nox_update(u, claim);
-#elif !defined(HAVE_GETUTMPX)
- /* Odd. Have utmpx.h but no "getutmpx()". Drop to non-x stuff */
- DEBUG(1,("utmp_update: have utmpx.h but no getutmpx() function\n"));
- utmp_nox_update(u, claim);
-#elif !defined(HAVE_UPDWTMPX)
- /* Have utmpx.h but no "updwtmpx()". Drop to non-x stuff */
- DEBUG(1,("utmp_update: have utmpx.h but no updwtmpx() function\n"));
- utmp_nox_update(u, claim);
-#else
- char *uname = NULL;
- char *wname = NULL;
- struct utmpx ux, *uxrc;
-
- getutmpx(u, &ux);
-
-#if defined(HAVE_UX_UT_SYSLEN)
- if (hostname)
- ux.ut_syslen = strlen(hostname) + 1; /* include end NULL */
- else
- ux.ut_syslen = 0;
-#endif
-#if defined(HAVE_UX_UT_HOST)
- utmp_strcpy(ux.ut_host, hostname, sizeof(ux.ut_host));
-#endif
-
- uname = uw_pathname(talloc_tos(), "utmpx", ux_pathname);
- wname = uw_pathname(talloc_tos(), "wtmpx", wx_pathname);
- if (uname && wname) {
- DEBUG(2,("utmp_update: uname:%s wname:%s\n", uname, wname));
- }
+ STRUCT_UTMP *urc;
- /*
- * Check for either uname or wname being empty.
- * Some systems, such as Redhat 6, have a "utmpx.h" which doesn't
- * define default filenames.
- * Also, our local installation has not provided an override.
- * Drop to non-x method. (E.g. RH6 has good defaults in "utmp.h".)
- */
- if (!uname || !wname || (strlen(uname) == 0) || (strlen(wname) == 0)) {
- utmp_nox_update(u, claim);
- } else {
- utmpxname(uname);
- setutxent();
- uxrc = pututxline(&ux);
- endutxent();
- if (uxrc == NULL) {
- DEBUG(2,("utmp_update: pututxline() failed\n"));
- return;
- }
- updwtmpx(wname, &ux);
+ setutxent();
+ urc = pututxline(u);
+ endutxent();
+ if (urc == NULL) {
+ DEBUG(2,("utmp_update: pututxline() failed\n"));
+ return;
}
-#endif /* HAVE_UTMPX_H */
}
#if defined(HAVE_UT_UT_ID)
/****************************************************************************
Encode the unique connection number into "ut_id".
****************************************************************************/
-
-static int ut_id_encode(int i, char *fourbyte)
+static void ut_id_encode(char *buf, int id, size_t buf_size)
{
- int nbase;
- const char *ut_id_encstr = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
+ const char ut_id_encstr[] = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
-/*
- * 'ut_id_encstr' is the character set on which modulo arithmetic is done.
- * Example: digits would produce the base-10 numbers from '001'.
- */
- nbase = strlen(ut_id_encstr);
-
- fourbyte[0] = ut_id_encstr[i % nbase];
- i /= nbase;
- fourbyte[1] = ut_id_encstr[i % nbase];
- i /= nbase;
- fourbyte[3] = ut_id_encstr[i % nbase];
- i /= nbase;
- fourbyte[2] = ut_id_encstr[i % nbase];
- i /= nbase;
-
- /* we do not care about overflows as i is a random number */
- return 0;
+ int nbase = sizeof(ut_id_encstr) - 1;
+ /*
+ * 'ut_id_encstr' is the character set on which modulo arithmetic is done.
+ * Example: digits would produce the base-10 numbers from '001'.
+ */
+
+ for(int i = 0; i < buf_size; i++) {
+ buf[i] = ut_id_encstr[id % nbase];
+ id /= nbase;
+ }
}
#endif /* defined(HAVE_UT_UT_ID) */
-
/*
fill a system utmp structure given all the info we can gather
*/
-static bool sys_utmp_fill(struct utmp *u,
+static bool sys_utmp_fill(STRUCT_UTMP *u,
const char *username, const char *hostname,
const char *id_str, int id_num)
{
@@ -509,16 +434,16 @@ static bool sys_utmp_fill(struct utmp *u,
* rather than to try to detect and optimise.
*/
#if defined(HAVE_UT_UT_USER)
- utmp_strcpy(u->ut_user, username, sizeof(u->ut_user));
+ strncpy(u->ut_user, username, sizeof(u->ut_user));
#elif defined(HAVE_UT_UT_NAME)
- utmp_strcpy(u->ut_name, username, sizeof(u->ut_name));
+ strncpy(u->ut_name, username, sizeof(u->ut_name));
#endif
/*
* ut_line:
* If size limit proves troublesome, then perhaps use "ut_id_encode()".
*/
- utmp_strcpy(u->ut_line, id_str, sizeof(u->ut_line));
+ strncpy(u->ut_line, id_str, sizeof(u->ut_line));
#if defined(HAVE_UT_UT_PID)
u->ut_pid = getpid();
@@ -535,20 +460,23 @@ static bool sys_utmp_fill(struct utmp *u,
u->ut_time = timeval.tv_sec;
#elif defined(HAVE_UT_UT_TV)
GetTimeOfDay(&timeval);
- u->ut_tv = timeval;
+ u->ut_tv.tv_sec = timeval.tv_sec;
+ u->ut_tv.tv_usec = timeval.tv_usec;
#else
#error "with-utmp must have UT_TIME or UT_TV"
#endif
#if defined(HAVE_UT_UT_HOST)
- utmp_strcpy(u->ut_host, hostname, sizeof(u->ut_host));
+ if(hostname != NULL) {
+ strncpy(u->ut_host, hostname, sizeof(u->ut_host));
+#if defined(HAVE_UT_UT_SYSLEN)
+ u->ut_syslen = strlen(hostname) + 1; /* include trailing NULL */
+#endif
+ }
#endif
#if defined(HAVE_UT_UT_ID)
- if (ut_id_encode(id_num, u->ut_id) != 0) {
- DEBUG(1,("utmp_fill: cannot encode id %d\n", id_num));
- return False;
- }
+ ut_id_encode(u->ut_id, id_num, sizeof(u->ut_id));
#endif
return True;
@@ -561,7 +489,7 @@ static bool sys_utmp_fill(struct utmp *u,
void sys_utmp_yield(const char *username, const char *hostname,
const char *id_str, int id_num)
{
- struct utmp u;
+ STRUCT_UTMP u;
ZERO_STRUCT(u);
@@ -587,7 +515,7 @@ void sys_utmp_yield(const char *username, const char *hostname,
void sys_utmp_claim(const char *username, const char *hostname,
const char *id_str, int id_num)
{
- struct utmp u;
+ STRUCT_UTMP u;
ZERO_STRUCT(u);
diff --git a/source3/wscript b/source3/wscript
index 6209472c6c8..65961851e17 100644
--- a/source3/wscript
+++ b/source3/wscript
@@ -807,34 +807,39 @@ msg.msg_accrightslen = sizeof(fd);
if Options.options.with_utmp:
conf.env.with_utmp = True
- if not conf.CHECK_HEADERS('utmp.h'): conf.env.with_utmp = False
- conf.CHECK_FUNCS('pututline pututxline updwtmp updwtmpx getutmpx getutxent')
- conf.CHECK_STRUCTURE_MEMBER('struct utmp', 'ut_name', headers='utmp.h',
+ if not conf.CHECK_HEADERS('utmpx.h') and not conf.CHECK_HEADERS('utmp.h'):
+ conf.env.with_utmp = False
+ if conf.CONFIG_SET('HAVE_UTMPX_H'):
+ conf.DEFINE('STRUCT_UTMP', 'struct utmpx')
+ elif conf.CONFIG_SET('HAVE_UTMP_H'):
+ conf.DEFINE('STRUCT_UTMP', 'struct utmp')
+ conf.CHECK_FUNCS('pututxline getutxid getutxline updwtmpx getutmpx setutxent endutxent')
+ conf.CHECK_FUNCS('pututline getutid getutline updwtmp getutmp setutent endutent')
+ conf.CHECK_STRUCTURE_MEMBER('STRUCT_UTMP', 'ut_name', headers='utmpx.h utmp.h',
define='HAVE_UT_UT_NAME')
- conf.CHECK_STRUCTURE_MEMBER('struct utmp', 'ut_user', headers='utmp.h',
+
+ conf.CHECK_STRUCTURE_MEMBER('STRUCT_UTMP', 'ut_user', headers='utmpx.h utmp.h',
define='HAVE_UT_UT_USER')
- conf.CHECK_STRUCTURE_MEMBER('struct utmp', 'ut_id', headers='utmp.h',
+ conf.CHECK_STRUCTURE_MEMBER('STRUCT_UTMP', 'ut_id', headers='utmpx.h utmp.h',
define='HAVE_UT_UT_ID')
- conf.CHECK_STRUCTURE_MEMBER('struct utmp', 'ut_host', headers='utmp.h',
+ conf.CHECK_STRUCTURE_MEMBER('STRUCT_UTMP', 'ut_host', headers='utmpx.h utmp.h',
define='HAVE_UT_UT_HOST')
- conf.CHECK_STRUCTURE_MEMBER('struct utmp', 'ut_time', headers='utmp.h',
+ conf.CHECK_STRUCTURE_MEMBER('STRUCT_UTMP', 'ut_time', headers='utmpx.h utmp.h',
define='HAVE_UT_UT_TIME')
- conf.CHECK_STRUCTURE_MEMBER('struct utmp', 'ut_tv', headers='utmp.h',
+ conf.CHECK_STRUCTURE_MEMBER('STRUCT_UTMP', 'ut_tv', headers='utmpx.h utmp.h',
define='HAVE_UT_UT_TV')
- conf.CHECK_STRUCTURE_MEMBER('struct utmp', 'ut_type', headers='utmp.h',
+ conf.CHECK_STRUCTURE_MEMBER('STRUCT_UTMP', 'ut_type', headers='utmpx.h utmp.h',
define='HAVE_UT_UT_TYPE')
- conf.CHECK_STRUCTURE_MEMBER('struct utmp', 'ut_pid', headers='utmp.h',
+ conf.CHECK_STRUCTURE_MEMBER('STRUCT_UTMP', 'ut_pid', headers='utmpx.h utmp.h',
define='HAVE_UT_UT_PID')
- conf.CHECK_STRUCTURE_MEMBER('struct utmp', 'ut_exit.e_exit', headers='utmp.h',
+ conf.CHECK_STRUCTURE_MEMBER('STRUCT_UTMP', 'ut_exit.e_exit', headers='utmpx.h utmp.h',
define='HAVE_UT_UT_EXIT')
- conf.CHECK_STRUCTURE_MEMBER('struct utmpx', 'ut_syslen', headers='utmpx.h',
- define='HAVE_UX_UT_SYSLEN')
- conf.CHECK_STRUCTURE_MEMBER('struct utmpx', 'ut_host', headers='utmpx.h',
- define='HAVE_UX_UT_HOST')
+ conf.CHECK_STRUCTURE_MEMBER('STRUCT_UTMP', 'ut_syslen', headers='utmpx.h utmp.h',
+ define='HAVE_UT_UT_SYSLEN')
conf.CHECK_CODE('struct utmp utarg; struct utmp *utreturn; utreturn = pututline(&utarg);',
'PUTUTLINE_RETURNS_UTMP', headers='utmp.h',
msg="Checking whether pututline returns pointer")
- conf.CHECK_SIZEOF(['((struct utmp *)NULL)->ut_line'], headers='utmp.h',
+ conf.CHECK_SIZEOF(['((STRUCT_UTMP *)NULL)->ut_line'], headers='utmpx.h utmp.h',
define='SIZEOF_UTMP_UT_LINE', critical=False)
if not conf.CONFIG_SET('SIZEOF_UTMP_UT_LINE'):
conf.env.with_utmp = False
--
2.37.1

121
net/samba419/files/0023-Add-cmd_get_quota-test-function-into-vfstest-to-test.patch Normal file
View file

@ -0,0 +1,121 @@
From 2e927425e04d65027db5348b3e89a69a5e447556 Mon Sep 17 00:00:00 2001
From: "Timur I. Bakeyev" <timur@FreeBSD.org>
Date: Mon, 31 May 2021 03:07:40 +0200
Subject: [PATCH 23/28] Add `cmd_get_quota()` test function into vfstest, to
test disk quota interface.
Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
---
source3/torture/cmd_vfs.c | 78 +++++++++++++++++++++++++++++++++++
source3/torture/wscript_build | 2 +-
2 files changed, 79 insertions(+), 1 deletion(-)
diff --git a/source3/torture/cmd_vfs.c b/source3/torture/cmd_vfs.c
index 38ce0dc4ff6..1bc4639d2a2 100644
--- a/source3/torture/cmd_vfs.c
+++ b/source3/torture/cmd_vfs.c
@@ -145,6 +145,83 @@ static NTSTATUS cmd_disk_free(struct vfs_state *vfs, TALLOC_CTX *mem_ctx, int ar
return NT_STATUS_OK;
}
+static NTSTATUS cmd_get_quota(struct vfs_state *vfs, TALLOC_CTX *mem_ctx, int argc, const char **argv)
+{
+ struct smb_filename *smb_fname = NULL;
+ uint64_t bsize, dfree, dsize;
+ enum SMB_QUOTA_TYPE qtype;
+ SMB_DISK_QUOTA D;
+ unid_t id;
+ int r;
+
+ if (argc != 4) {
+ printf("Usage: get_quota <path> [user|group] id\n");
+ return NT_STATUS_OK;
+ }
+
+ smb_fname = synthetic_smb_fname(talloc_tos(),
+ argv[1],
+ NULL,
+ NULL,
+ 0,
+ ssf_flags());
+ if (smb_fname == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ if(strcmp(argv[2], "user") == 0) {
+ qtype = SMB_USER_FS_QUOTA_TYPE;
+ }
+ else if(strcmp(argv[2], "group") == 0) {
+ qtype = SMB_GROUP_FS_QUOTA_TYPE;
+ }
+ else {
+ printf("Usage: get_quota <path> [user|group] id\n");
+ return NT_STATUS_OK;
+ }
+
+ id.uid = atoi(argv[3]);
+
+ ZERO_STRUCT(D);
+
+ r = SMB_VFS_GET_QUOTA(vfs->conn, smb_fname, qtype, id, &D);
+
+ if (r == -1 && errno != ENOSYS) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ if (r == 0 && (D.qflags & QUOTAS_DENY_DISK) == 0) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ bsize = D.bsize;
+ /* Use softlimit to determine disk space, except when it has been exceeded */
+ if (
+ (D.softlimit && D.curblocks >= D.softlimit) ||
+ (D.hardlimit && D.curblocks >= D.hardlimit) ||
+ (D.isoftlimit && D.curinodes >= D.isoftlimit) ||
+ (D.ihardlimit && D.curinodes>=D.ihardlimit)
+ ) {
+ dfree = 0;
+ dsize = D.curblocks;
+ } else if (D.softlimit==0 && D.hardlimit==0) {
+ return NT_STATUS_UNSUCCESSFUL;
+ } else {
+ if (D.softlimit == 0) {
+ D.softlimit = D.hardlimit;
+ }
+ dfree = D.softlimit - D.curblocks;
+ dsize = D.softlimit;
+ }
+
+ printf("get_quota: bsize = %lu, dfree = %lu, dsize = %lu\n",
+ (unsigned long)bsize,
+ (unsigned long)dfree,
+ (unsigned long)dsize);
+
+ return NT_STATUS_OK;
+}
+
static NTSTATUS cmd_opendir(struct vfs_state *vfs, TALLOC_CTX *mem_ctx, int argc, const char **argv)
{
@@ -2257,6 +2334,7 @@ struct cmd_set vfs_commands[] = {
{ "connect", cmd_connect, "VFS connect()", "connect" },
{ "disconnect", cmd_disconnect, "VFS disconnect()", "disconnect" },
{ "disk_free", cmd_disk_free, "VFS disk_free()", "disk_free <path>" },
+ { "get_quota", cmd_get_quota, "VFS get_quota()", "get_quota <path> [user|group] id" },
{ "opendir", cmd_opendir, "VFS opendir()", "opendir <fname>" },
{ "readdir", cmd_readdir, "VFS readdir()", "readdir" },
{ "mkdir", cmd_mkdir, "VFS mkdir()", "mkdir <path>" },
diff --git a/source3/torture/wscript_build b/source3/torture/wscript_build
index 0c4275de795..f75c4bfe2be 100644
--- a/source3/torture/wscript_build
+++ b/source3/torture/wscript_build
@@ -124,4 +124,4 @@ bld.SAMBA3_BINARY('vfstest',
smbconf
SMBREADLINE
''',
- for_selftest=True)
+ install=True)
--
2.37.1

367
net/samba419/files/0024-Cherry-pick-ZFS-provisioning-code-by-iXsystems-Inc.patch Normal file
View file

@ -0,0 +1,367 @@
From d3024a4a2ff8015932a26a9df08e8ea5ff12a959 Mon Sep 17 00:00:00 2001
From: "Timur I. Bakeyev" <timur@FreeBSD.org>
Date: Thu, 4 Aug 2022 05:15:33 +0200
Subject: [PATCH 24/28] Cherry-pick ZFS provisioning code by iXsystems Inc.
* Check if sysvol is on filesystem with NFSv4 ACL's
(cherry picked from commit ca86f52b78a7b6e7537454a69cf93e7b96210cba)
* Only check targetdir if it is defined (I had assumed it was)
(cherry picked from commit a29050cb2978ce23e3c04a859340dc2664c77a8a)
* Kick samba a little bit into understanding NFSv4 ACL's
(cherry picked from commit 1c7542ff4904b729e311e17464ee76582760c219)
Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
---
python/samba/provision/__init__.py | 22 +++-
source3/lib/sysacls.c | 10 ++
source3/param/loadparm.c | 20 +++
source3/smbd/pysmbd.c | 189 ++++++++++++++++++++++++++++-
4 files changed, 235 insertions(+), 6 deletions(-)
diff --git a/python/samba/provision/__init__.py b/python/samba/provision/__init__.py
index ff9b8fac916..20e41a9ad3e 100644
--- a/python/samba/provision/__init__.py
+++ b/python/samba/provision/__init__.py
@@ -1662,19 +1662,25 @@ def setsysvolacl(samdb, netlogon, sysvol, uid, gid, domainsid, dnsdomain,
s3conf = s3param.get_context()
s3conf.load(lp.configfile)
- file = tempfile.NamedTemporaryFile(dir=os.path.abspath(sysvol))
+ sysvol_dir = os.path.abspath(sysvol)
+
+ set_simple_acl = smbd.set_simple_acl
+ if smbd.has_nfsv4_acls(sysvol_dir):
+ set_simple_acl = smbd.set_simple_nfsv4_acl
+
+ file = tempfile.NamedTemporaryFile(dir=sysvol_dir)
try:
try:
- smbd.set_simple_acl(file.name, 0o755, system_session_unix(), gid)
+ set_simple_acl(file.name, 0o755, system_session_unix(), gid)
except OSError:
- if not smbd.have_posix_acls():
+ if not smbd.have_posix_acls() and not smbd.have_nfsv4_acls():
# This clue is only strictly correct for RPM and
# Debian-like Linux systems, but hopefully other users
# will get enough clue from it.
- raise ProvisioningError("Samba was compiled without the posix ACL support that s3fs requires. "
+ raise ProvisioningError("Samba was compiled without the ACL support that s3fs requires. "
"Try installing libacl1-dev or libacl-devel, then re-run configure and make.")
- raise ProvisioningError("Your filesystem or build does not support posix ACLs, which s3fs requires. "
+ raise ProvisioningError("Your filesystem or build does not support ACLs, which s3fs requires. "
"Try the mounting the filesystem with the 'acl' option.")
try:
smbd.chown(file.name, uid, gid, system_session_unix())
@@ -1959,6 +1965,9 @@ def provision_fill(samdb, secrets_ldb, logger, names, paths,
samdb.transaction_commit()
if serverrole == "active directory domain controller":
+ if targetdir and smbd.have_nfsv4_acls() and smbd.has_nfsv4_acls(targetdir):
+ smbd.set_nfsv4_defaults()
+
# Continue setting up sysvol for GPO. This appears to require being
# outside a transaction.
if not skip_sysvolacl:
@@ -2313,6 +2322,9 @@ def provision(logger, session_info, smbconf=None,
if not os.path.isdir(paths.netlogon):
os.makedirs(paths.netlogon, 0o755)
+ if smbd.have_nfsv4_acls() and smbd.has_nfsv4_acls(paths.sysvol):
+ smbd.set_nfsv4_defaults()
+
if adminpass is None:
adminpass = samba.generate_random_password(12, 32)
adminpass_generated = True
diff --git a/source3/lib/sysacls.c b/source3/lib/sysacls.c
index 891fabea21e..d1357a47bd0 100644
--- a/source3/lib/sysacls.c
+++ b/source3/lib/sysacls.c
@@ -38,6 +38,16 @@
#include "modules/vfs_aixacl.h"
#endif
+/*
+ * NFSv4 ACL's should be understood and a first class citizen. Work
+ * needs to be done in librpc/idl/smb_acl.idl for this to occur.
+ */
+#if defined(HAVE_LIBSUNACL) && defined(FREEBSD)
+#if 0
+#include "modules/nfs4_acls.h"
+#endif
+#endif
+
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_ACLS
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 21e061939e3..4e23fdaaf6d 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -2830,9 +2830,29 @@ static void init_locals(void)
} else {
if (lp_parm_const_string(-1, "xattr_tdb", "file", NULL)) {
lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr xattr_tdb");
+ /*
+ * By default, the samba sysvol is located in the statedir. Provisioning will fail in setntacl
+ * unless we have zfacl enabled. Unfortunately, at this point the smb.conf has not been generated.
+ * This workaround is freebsd-specific.
+ */
+#if defined(_PC_ACL_EXTENDED)
+ } else if (pathconf(lp_state_directory(), _PC_ACL_EXTENDED) == 1) {
+ lp_do_parameter(-1, "vfs objects", "dfs_samba4 freebsd");
+#endif
+#if defined(_PC_ACL_NFS4)
+ } else if (pathconf(lp_state_directory(), _PC_ACL_NFS4) == 1) {
+ lp_do_parameter(-1, "vfs objects", "dfs_samba4 zfsacl");
+#endif
} else if (lp_parm_const_string(-1, "posix", "eadb", NULL)) {
lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr posix_eadb");
} else {
+ /*
+ * This should only set dfs_samba4 and leave acl_xattr
+ * to be set later (or zfsacl). The only reason the decision
+ * can't be made here to load acl_xattr or zfsacl is
+ * that we don't have access to what the target
+ * directory is.
+ */
lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr");
}
}
diff --git a/source3/smbd/pysmbd.c b/source3/smbd/pysmbd.c
index 88cbf62a680..867010ea6cd 100644
--- a/source3/smbd/pysmbd.c
+++ b/source3/smbd/pysmbd.c
@@ -485,6 +485,20 @@ static SMB_ACL_T make_simple_acl(TALLOC_CTX *mem_ctx,
return acl;
}
+static SMB_ACL_T make_simple_nfsv4_acl(TALLOC_CTX *mem_ctx,
+ gid_t gid,
+ mode_t chmod_mode)
+{
+ /*
+ * This function needs to create an NFSv4 ACL. Currently, the only way
+ * to do so is to use the operating system interface, or to use the
+ * functions in source3/modules/nfs4_acls.c. These seems ugly and
+ * hacky. NFSv4 ACL's should be a first class citizen and
+ * librpc/idl/smb_acl.idl should be modified accordingly.
+ */
+ return NULL;
+}
+
/*
set a simple ACL on a file, as a test
*/
@@ -557,6 +571,84 @@ static PyObject *py_smbd_set_simple_acl(PyObject *self, PyObject *args, PyObject
Py_RETURN_NONE;
}
+
+/*
+ set a simple NFSv4 ACL on a file, as a test
+ */
+static PyObject *py_smbd_set_simple_nfsv4_acl(PyObject *self, PyObject *args, PyObject *kwargs)
+{
+ const char * const kwnames[] = {
+ "fname",
+ "mode",
+ "session_info",
+ "gid",
+ "service",
+ NULL
+ };
+ char *fname, *service = NULL;
+ PyObject *py_session = Py_None;
+ struct auth_session_info *session_info = NULL;
+ int ret;
+ int mode, gid = -1;
+ SMB_ACL_T acl;
+ TALLOC_CTX *frame;
+ connection_struct *conn;
+
+ if (!PyArg_ParseTupleAndKeywords(args, kwargs, "siO|iz",
+ discard_const_p(char *, kwnames),
+ &fname,
+ &mode,
+ &py_session,
+ &gid,
+ &service))
+ return NULL;
+
+ if (!py_check_dcerpc_type(py_session,
+ "samba.dcerpc.auth",
+ "session_info")) {
+ return NULL;
+ }
+ session_info = pytalloc_get_type(py_session,
+ struct auth_session_info);
+ if (session_info == NULL) {
+ PyErr_Format(PyExc_TypeError,
+ "Expected auth_session_info for session_info argument got %s",
+ pytalloc_get_name(py_session));
+ return NULL;
+ }
+
+ frame = talloc_stackframe();
+
+ acl = make_simple_nfsv4_acl(frame, gid, mode);
+ if (acl == NULL) {
+ TALLOC_FREE(frame);
+ Py_RETURN_NONE;
+ }
+
+ conn = get_conn_tos(service, session_info);
+ if (!conn) {
+ TALLOC_FREE(frame);
+ Py_RETURN_NONE;
+ }
+
+ /*
+ * SMB_ACL_TYPE_ACCESS -> ACL_TYPE_ACCESS -> Not valid for NFSv4 ACL
+ */
+ ret = 0;
+
+ /* ret = set_sys_acl_conn(fname, SMB_ACL_TYPE_ACCESS, acl, conn); */
+
+ if (ret != 0) {
+ TALLOC_FREE(frame);
+ errno = ret;
+ return PyErr_SetFromErrno(PyExc_OSError);
+ }
+
+ TALLOC_FREE(frame);
+
+ Py_RETURN_NONE;
+}
+
/*
chown a file
*/
@@ -744,7 +836,7 @@ static PyObject *py_smbd_unlink(PyObject *self, PyObject *args, PyObject *kwargs
}
/*
- check if we have ACL support
+ check if we have POSIX.1e ACL support
*/
static PyObject *py_smbd_have_posix_acls(PyObject *self,
PyObject *Py_UNUSED(ignored))
@@ -756,6 +848,83 @@ static PyObject *py_smbd_have_posix_acls(PyObject *self,
#endif
}
+static PyObject *py_smbd_has_posix_acls(PyObject *self, PyObject *args, PyObject *kwargs)
+{
+ const char * const kwnames[] = { "path", NULL };
+ char *path = NULL;
+ TALLOC_CTX *frame;
+ struct statfs fs;
+ int ret = false;
+
+ frame = talloc_stackframe();
+
+ if (!PyArg_ParseTupleAndKeywords(args, kwargs, "s|z",
+ discard_const_p(char *, kwnames), &path)) {
+ TALLOC_FREE(frame);
+ return NULL;
+ }
+
+ if (statfs(path, &fs) != 0) {
+ TALLOC_FREE(frame);
+ return NULL;
+ }
+
+ if (fs.f_flags & MNT_ACLS)
+ ret = true;
+
+ TALLOC_FREE(frame);
+ return PyBool_FromLong(ret);
+}
+
+/*
+ check if we have NFSv4 ACL support
+ */
+static PyObject *py_smbd_have_nfsv4_acls(PyObject *self)
+{
+#ifdef HAVE_LIBSUNACL
+ return PyBool_FromLong(true);
+#else
+ return PyBool_FromLong(false);
+#endif
+}
+
+static PyObject *py_smbd_has_nfsv4_acls(PyObject *self, PyObject *args, PyObject *kwargs)
+{
+ const char * const kwnames[] = { "path", NULL };
+ char *path = NULL;
+ TALLOC_CTX *frame;
+ struct statfs fs;
+ int ret = false;
+
+ frame = talloc_stackframe();
+
+ if (!PyArg_ParseTupleAndKeywords(args, kwargs, "s|z",
+ discard_const_p(char *, kwnames), &path)) {
+ TALLOC_FREE(frame);
+ return NULL;
+ }
+
+ if (statfs(path, &fs) != 0) {
+ TALLOC_FREE(frame);
+ return NULL;
+ }
+
+ if (fs.f_flags & MNT_NFS4ACLS)
+ ret = true;
+
+ TALLOC_FREE(frame);
+ return PyBool_FromLong(ret);
+}
+
+
+static PyObject *py_smbd_set_nfsv4_defaults(PyObject *self)
+{
+ /*
+ * It is really be done in source3/param/loadparm.c
+ */
+ Py_RETURN_NONE;
+}
+
/*
set the NT ACL on a file
*/
@@ -1242,10 +1411,28 @@ static PyMethodDef py_smbd_methods[] = {
{ "have_posix_acls",
(PyCFunction)py_smbd_have_posix_acls, METH_NOARGS,
NULL },
+ { "has_posix_acls",
+ PY_DISCARD_FUNC_SIG(PyCFunction, py_smbd_has_posix_acls),
+ METH_VARARGS|METH_KEYWORDS,
+ NULL },
+ { "have_nfsv4_acls",
+ (PyCFunction)py_smbd_have_nfsv4_acls, METH_NOARGS,
+ NULL },
+ { "has_nfsv4_acls",
+ PY_DISCARD_FUNC_SIG(PyCFunction, py_smbd_has_nfsv4_acls),
+ METH_VARARGS|METH_KEYWORDS,
+ NULL },
+ { "set_nfsv4_defaults",
+ (PyCFunction)py_smbd_set_nfsv4_defaults, METH_NOARGS,
+ NULL },
{ "set_simple_acl",
PY_DISCARD_FUNC_SIG(PyCFunction, py_smbd_set_simple_acl),
METH_VARARGS|METH_KEYWORDS,
NULL },
+ { "set_simple_nfsv4_acl",
+ PY_DISCARD_FUNC_SIG(PyCFunction, py_smbd_set_simple_nfsv4_acl),
+ METH_VARARGS|METH_KEYWORDS,
+ NULL },
{ "set_nt_acl",
PY_DISCARD_FUNC_SIG(PyCFunction, py_smbd_set_nt_acl),
METH_VARARGS|METH_KEYWORDS,
--
2.37.1

101
net/samba419/files/0025-From-d9b748869a8f4018ebee302aae8246bf29f60309-Mon-Se.patch Normal file
View file

@ -0,0 +1,101 @@
From 6e79023af14210a6435ab18ada8097253b8b16b6 Mon Sep 17 00:00:00 2001
From: "Timur I. Bakeyev" <timur@FreeBSD.org>
Date: Mon, 31 May 2021 01:38:49 +0200
Subject: [PATCH 25/28] From d9b748869a8f4018ebee302aae8246bf29f60309 Mon Sep
17 00:00:00 2001 From: "Timur I. Bakeyev" <timur@iXsystems.com> Date: Fri, 1
Jun 2018 01:35:08 +0800 Subject: [PATCH] vfs_fruit: allow broken
AFP_Signature where the first byte is 0
FreeBSD bug ... caused the first byte of the AFP_AfpInfo xattr to be 0
instead of 'A'. This hack allows such broken AFP_AfpInfo blobs to be
parsed by afpinfo_unpack().
FreeBSD Bug: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=228462
Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
---
source3/lib/adouble.c | 20 ++++++++++++++++----
source3/modules/vfs_fruit.c | 19 ++++++++++++++++++-
2 files changed, 34 insertions(+), 5 deletions(-)
diff --git a/source3/lib/adouble.c b/source3/lib/adouble.c
index aa78007dadd..ca99dcff193 100644
--- a/source3/lib/adouble.c
+++ b/source3/lib/adouble.c
@@ -2830,6 +2830,8 @@ ssize_t afpinfo_pack(const AfpInfo *ai, char *buf)
return AFP_INFO_SIZE;
}
+#define BROKEN_FREEBSD_AFP_Signature 0x00465000
+
/**
* Unpack a buffer into a AfpInfo structure
*
@@ -2847,12 +2849,22 @@ AfpInfo *afpinfo_unpack(TALLOC_CTX *ctx, const void *data)
ai->afpi_Version = RIVAL(data, 4);
ai->afpi_BackupTime = RIVAL(data, 12);
memcpy(ai->afpi_FinderInfo, (const char *)data + 16,
- sizeof(ai->afpi_FinderInfo));
+ sizeof(ai->afpi_FinderInfo));
+
+ if (ai->afpi_Signature != AFP_Signature) {
+ DBG_WARNING("Bad AFP signature [%x]\n", ai->afpi_Signature);
+
+ if (ai->afpi_Signature != BROKEN_FREEBSD_AFP_Signature) {
+ DBG_ERR("Bad AfpInfo signature\n");
+ TALLOC_FREE(ai);
+ return NULL;
+ }
+ }
- if (ai->afpi_Signature != AFP_Signature
- || ai->afpi_Version != AFP_Version) {
- DEBUG(1, ("Bad AfpInfo signature or version\n"));
+ if (ai->afpi_Version != AFP_Version) {
+ DBG_ERR("Bad AfpInfo version\n");
TALLOC_FREE(ai);
+ return NULL;
}
return ai;
diff --git a/source3/modules/vfs_fruit.c b/source3/modules/vfs_fruit.c
index 303df41258e..428f95fd7d9 100644
--- a/source3/modules/vfs_fruit.c
+++ b/source3/modules/vfs_fruit.c
@@ -2300,6 +2300,7 @@ static ssize_t fruit_pread_meta_stream(vfs_handle_struct *handle,
size_t n, off_t offset)
{
struct fio *fio = fruit_get_complete_fio(handle, fsp);
+ char *p = (char *)data;
ssize_t nread;
int ret;
@@ -2308,7 +2309,23 @@ static ssize_t fruit_pread_meta_stream(vfs_handle_struct *handle,
}
nread = SMB_VFS_NEXT_PREAD(handle, fsp, data, n, offset);
- if (nread == -1 || nread == n) {
+ if (nread <= 0) {
+ /*
+ * fruit_meta_open_stream() removes O_CREAT flag
+ * from xattr open. This results in vfs_streams_xattr
+ * not generating an FSP extension for the files_struct
+ * and causes subsequent pread() of stream to return
+ * nread=0 if pread() occurs before pwrite().
+ */
+ return nread;
+ }
+
+ if (nread == n) {
+ if (offset == 0 && nread > 3 && p[0] == 0 && p[1] == 'F' && p[2] == 'P') {
+ DBG_NOTICE("Fixing AFP_Info of [%s]\n",
+ fsp_str_dbg(fsp));
+ p[0] = 'A';
+ }
return nread;
}
--
2.37.1

335
net/samba419/files/0026-vfs-add-a-compatibility-option-to-the-vfs_streams_xa.patch Normal file
View file

@ -0,0 +1,335 @@
From 2d73ccb27ffcdf419d569260fcca6e9ee3b9538a Mon Sep 17 00:00:00 2001
From: "Timur I. Bakeyev" <timur@FreeBSD.org>
Date: Thu, 29 Sep 2022 03:24:26 +0200
Subject: [PATCH 26/28] vfs: add a compatibility option to the
vfs_streams_xattr
When enabled, the module does not append a trailing 0
byte to the end of the extended attribute data.
This is primarily a consideration when the administrator
wishes to expose extended attributes that have been written
by another application as alternate data streams via
Samba.
An example where this parameter may be required is when
migrating a netatalk share to Samba. See manpage for
vfs_fruit for additional considerations regarding
Netatalk and Samba compatibility.
Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
---
docs-xml/manpages/vfs_streams_xattr.8.xml | 25 ++++++
source3/modules/vfs_streams_xattr.c | 95 +++++++++++++++++------
2 files changed, 97 insertions(+), 23 deletions(-)
diff --git a/docs-xml/manpages/vfs_streams_xattr.8.xml b/docs-xml/manpages/vfs_streams_xattr.8.xml
index 6645928c016..0f38d510a82 100644
--- a/docs-xml/manpages/vfs_streams_xattr.8.xml
+++ b/docs-xml/manpages/vfs_streams_xattr.8.xml
@@ -71,6 +71,31 @@
</listitem>
</varlistentry>
+ <varlistentry>
+ <term>streams_xattr:xattr_compat = [yes|no]</term>
+ <listitem>
+ <para>When enabled, the module does not append a trailing 0
+ byte to the end of the extended attribute data. This parameter
+ must not be changed once data has been written to the share
+ since it may result in dropping the last byte from xattr data.
+
+ This is primarily a consideration when the administrator
+ wishes to expose extended attributes that have been written
+ by another application as alternate data streams via
+ Samba.
+
+ An example where this parameter may be required is when
+ migrating a netatalk share to Samba. See manpage for
+ vfs_fruit for additional considerations regarding
+ Netatalk and Samba compatibility.
+
+ WARNING: this parameter must not be changed on existing
+ Samba shares or new shares that export paths currently
+ or previously have been shared by Samba.
+ The default is <command>yes</command>.</para>
+ </listitem>
+ </varlistentry>
+
</variablelist>
</refsect1>
diff --git a/source3/modules/vfs_streams_xattr.c b/source3/modules/vfs_streams_xattr.c
index b69a4f342f5..070111e3ee9 100644
--- a/source3/modules/vfs_streams_xattr.c
+++ b/source3/modules/vfs_streams_xattr.c
@@ -35,6 +35,7 @@ struct streams_xattr_config {
const char *prefix;
size_t prefix_len;
bool store_stream_type;
+ int xattr_compat_bytes;
};
struct stream_io {
@@ -45,22 +46,28 @@ struct stream_io {
vfs_handle_struct *handle;
};
-static ssize_t get_xattr_size_fsp(struct files_struct *fsp,
+static ssize_t get_xattr_size_fsp(vfs_handle_struct *handle,
+ struct files_struct *fsp,
const char *xattr_name)
{
NTSTATUS status;
struct ea_struct ea;
ssize_t result;
+ struct streams_xattr_config *config = NULL;
+ SMB_VFS_HANDLE_GET_DATA(handle, config, struct streams_xattr_config,
+ return -1);
+
status = get_ea_value_fsp(talloc_tos(),
fsp,
xattr_name,
&ea);
+
if (!NT_STATUS_IS_OK(status)) {
return -1;
}
- result = ea.value.length-1;
+ result = ea.value.length - config->xattr_compat_bytes;
TALLOC_FREE(ea.value.data);
return result;
}
@@ -197,7 +204,8 @@ static int streams_xattr_fstat(vfs_handle_struct *hand
return -1;
}
- sbuf->st_ex_size = get_xattr_size_fsp(fsp->base_fsp,
+ sbuf->st_ex_size = get_xattr_size_fsp(handle,
+ fsp->base_fsp,
io->xattr_name);
if (sbuf->st_ex_size == -1) {
SET_STAT_INVALID(*sbuf);
@@ -273,7 +281,7 @@ static int streams_xattr_stat(vfs_handle_struct *handl
fsp = fsp->base_fsp;
}
- smb_fname->st.st_ex_size = get_xattr_size_fsp(fsp,
+ smb_fname->st.st_ex_size = get_xattr_size_fsp(handle, fsp,
xattr_name);
if (smb_fname->st.st_ex_size == -1) {
TALLOC_FREE(xattr_name);
@@ -308,6 +316,7 @@ static int streams_xattr_lstat(vfs_handle_struct *hand
errno = ENOENT;
return -1;
}
+
return SMB_VFS_NEXT_LSTAT(handle, smb_fname);
}
@@ -341,6 +350,12 @@ static int streams_xattr_openat(struct vfs_handle_stru
how);
}
+#ifdef O_EMPTY_PATH
+ if (how->flags & O_EMPTY_PATH) {
+ return vfs_fake_fd();
+ }
+#endif
+
if (how->resolve != 0) {
errno = ENOSYS;
return -1;
@@ -356,6 +371,8 @@ static int streams_xattr_openat(struct vfs_handle_stru
goto fail;
}
+ fsp->fsp_flags.have_proc_fds = fsp->conn->have_proc_fds;
+
status = get_ea_value_fsp(talloc_tos(),
fsp->base_fsp,
xattr_name,
@@ -394,7 +411,8 @@ static int streams_xattr_openat(struct vfs_handle_stru
*/
/*
- * Darn, xattrs need at least 1 byte
+ * If xattr_compat_bytes is set we need to
+ * provide one extra trailing byte
*/
char null = '\0';
@@ -403,7 +421,8 @@ static int streams_xattr_openat(struct vfs_handle_stru
ret = SMB_VFS_FSETXATTR(fsp->base_fsp,
xattr_name,
- &null, sizeof(null),
+ (config->xattr_compat_bytes) ? &null : NULL,
+ (config->xattr_compat_bytes) ? sizeof(null) : 0,
how->flags & O_EXCL ? XATTR_CREATE : 0);
if (ret != 0) {
goto fail;
@@ -412,13 +431,13 @@ static int streams_xattr_openat(struct vfs_handle_stru
fakefd = vfs_fake_fd();
- sio = VFS_ADD_FSP_EXTENSION(handle, fsp, struct stream_io, NULL);
- if (sio == NULL) {
- errno = ENOMEM;
- goto fail;
- }
+ sio = VFS_ADD_FSP_EXTENSION(handle, fsp, struct stream_io, NULL);
+ if (sio == NULL) {
+ errno = ENOMEM;
+ goto fail;
+ }
- sio->xattr_name = talloc_strdup(VFS_MEMCTX_FSP_EXTENSION(handle, fsp),
+ sio->xattr_name = talloc_strdup(VFS_MEMCTX_FSP_EXTENSION(handle, fsp),
xattr_name);
if (sio->xattr_name == NULL) {
errno = ENOMEM;
@@ -808,12 +827,16 @@ static bool collect_one_stream(struct ea_struct *ea, v
{
struct streaminfo_state *state =
(struct streaminfo_state *)private_data;
+ struct streams_xattr_config *config = NULL;
+ SMB_VFS_HANDLE_GET_DATA(state->handle, config, struct streams_xattr_config,
+ return false);
+
if (!add_one_stream(state->mem_ctx,
&state->num_streams, &state->streams,
- ea->name, ea->value.length-1,
+ ea->name, ea->value.length - config->xattr_compat_bytes,
smb_roundup(state->handle->conn,
- ea->value.length-1))) {
+ ea->value.length - config->xattr_compat_bytes))) {
state->status = NT_STATUS_NO_MEMORY;
return false;
}
@@ -875,6 +898,7 @@ static int streams_xattr_connect(vfs_handle_struct *ha
const char *default_prefix = SAMBA_XATTR_DOSSTREAM_PREFIX;
const char *prefix;
int rc;
+ bool xattr_compat;
rc = SMB_VFS_NEXT_CONNECT(handle, service, user);
if (rc != 0) {
@@ -905,6 +929,13 @@ static int streams_xattr_connect(vfs_handle_struct *ha
"store_stream_type",
true);
+ xattr_compat = lp_parm_bool(SNUM(handle->conn),
+ "streams_xattr",
+ "xattr_compat",
+ true);
+
+ config->xattr_compat_bytes = xattr_compat ? 0 : 1;
+
SMB_VFS_HANDLE_SET_DATA(handle, config,
NULL, struct stream_xattr_config,
return -1);
@@ -921,6 +952,7 @@ static ssize_t streams_xattr_pwrite(vfs_handle_struct
struct ea_struct ea;
NTSTATUS status;
int ret;
+ struct streams_xattr_config *config = NULL;
DEBUG(10, ("streams_xattr_pwrite called for %d bytes\n", (int)n));
@@ -932,6 +964,9 @@ static ssize_t streams_xattr_pwrite(vfs_handle_struct
return -1;
}
+ SMB_VFS_HANDLE_GET_DATA(handle, config, struct streams_xattr_config,
+ return -1);
+
if ((offset + n) >= lp_smbd_max_xattr_size(SNUM(handle->conn))) {
/*
* Requested write is beyond what can be read based on
@@ -961,11 +996,11 @@ static ssize_t streams_xattr_pwrite(vfs_handle_struct
return -1;
}
- if ((offset + n) > ea.value.length-1) {
+ if ((offset + n) > ea.value.length - config->xattr_compat_bytes) {
uint8_t *tmp;
tmp = talloc_realloc(talloc_tos(), ea.value.data, uint8_t,
- offset + n + 1);
+ offset + n + config->xattr_compat_bytes);
if (tmp == NULL) {
TALLOC_FREE(ea.value.data);
@@ -973,8 +1008,10 @@ static ssize_t streams_xattr_pwrite(vfs_handle_struct
return -1;
}
ea.value.data = tmp;
- ea.value.length = offset + n + 1;
- ea.value.data[offset+n] = 0;
+ ea.value.length = offset + n + config->xattr_compat_bytes;
+ if (config->xattr_compat_bytes) {
+ ea.value.data[offset+n] = 0;
+ }
}
memcpy(ea.value.data + offset, data, n);
@@ -1002,7 +1039,12 @@ static ssize_t streams_xattr_pread(vfs_handle_struct *
struct ea_struct ea;
NTSTATUS status;
size_t length, overlap;
+ struct smb_filename *smb_fname_base = NULL;
+ struct streams_xattr_config *config = NULL;
+ SMB_VFS_HANDLE_GET_DATA(handle, config, struct streams_xattr_config,
+ return -1);
+
DEBUG(10, ("streams_xattr_pread: offset=%d, size=%d\n",
(int)offset, (int)n));
@@ -1022,7 +1064,7 @@ static ssize_t streams_xattr_pread(vfs_handle_struct *
return -1;
}
- length = ea.value.length-1;
+ length = ea.value.length - config->xattr_compat_bytes;
DBG_DEBUG("get_ea_value_fsp returned %d bytes\n",
(int)length);
@@ -1210,6 +1252,12 @@ static int streams_xattr_ftruncate(struct vfs_handle_s
struct stream_io *sio =
(struct stream_io *)VFS_FETCH_FSP_EXTENSION(handle, fsp);
+ struct smb_filename *smb_fname_base = NULL;
+ struct streams_xattr_config *config = NULL;
+
+ SMB_VFS_HANDLE_GET_DATA(handle, config, struct streams_xattr_config,
+ return -1);
+
DEBUG(10, ("streams_xattr_ftruncate called for file %s offset %.0f\n",
fsp_str_dbg(fsp), (double)offset));
@@ -1239,14 +1287,16 @@ static int streams_xattr_ftruncate(struct vfs_handle_s
}
/* Did we expand ? */
- if (ea.value.length < offset + 1) {
+ if (ea.value.length < offset + config->xattr_compat_bytes) {
memset(&tmp[ea.value.length], '\0',
- offset + 1 - ea.value.length);
+ offset + config->xattr_compat_bytes - ea.value.length);
}
ea.value.data = tmp;
- ea.value.length = offset + 1;
- ea.value.data[offset] = 0;
+ ea.value.length = offset + config->xattr_compat_bytes;
+ if (config->xattr_compat_bytes) {
+ ea.value.data[offset] = 0;
+ }
ret = SMB_VFS_FSETXATTR(fsp->base_fsp,
sio->xattr_name,

932
net/samba419/files/0027-Add-VFS-module-vfs_freebsd-that-implements-FreeBSD-s.patch Normal file
View file

@ -0,0 +1,932 @@
From f07e384150e53b18c3ea298f9a1ea588fb89e19b Mon Sep 17 00:00:00 2001
From: "Timur I. Bakeyev" <timur@FreeBSD.org>
Date: Sat, 29 May 2021 03:58:01 +0200
Subject: [PATCH 27/28] Add VFS module vfs_freebsd that implements FreeBSD
specific wrappers to some VFS functions.
At the moment that is configurable mapping between Linux xattrs and
FreeBSD extended attributes.
Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
---
docs-xml/manpages/vfs_freebsd.8.xml | 169 +++++++
docs-xml/wscript_build | 1 +
source3/modules/vfs_freebsd.c | 699 ++++++++++++++++++++++++++++
source3/modules/wscript_build | 7 +
4 files changed, 876 insertions(+)
create mode 100644 docs-xml/manpages/vfs_freebsd.8.xml
create mode 100644 source3/modules/vfs_freebsd.c
diff --git a/docs-xml/manpages/vfs_freebsd.8.xml b/docs-xml/manpages/vfs_freebsd.8.xml
new file mode 100644
index 00000000000..6640a1c51f7
--- /dev/null
+++ b/docs-xml/manpages/vfs_freebsd.8.xml
@@ -0,0 +1,169 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
+<refentry id="vfs_freebsd.8">
+
+<refmeta>
+ <refentrytitle>vfs_freebsd</refentrytitle>
+ <manvolnum>8</manvolnum>
+ <refmiscinfo class="source">Samba</refmiscinfo>
+ <refmiscinfo class="manual">System Administration tools</refmiscinfo>
+ <refmiscinfo class="version">&doc.version;</refmiscinfo>
+</refmeta>
+
+<refnamediv>
+ <refname>vfs_freebsd</refname>
+ <refpurpose>FreeBSD-specific VFS functions</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+ <cmdsynopsis>
+ <command>vfs objects = freebsd</command>
+ </cmdsynopsis>
+</refsynopsisdiv>
+
+<refsect1>
+ <title>DESCRIPTION</title>
+
+ <para>This VFS module is part of the <citerefentry><refentrytitle>samba</refentrytitle>
+ <manvolnum>7</manvolnum></citerefentry> suite.</para>
+
+ <para>The <command>vfs_freebsd</command> module implements some of the FreeBSD-specific VFS functions.</para>
+
+ <para>This module is stackable.</para>
+</refsect1>
+
+
+<refsect1>
+ <title>OPTIONS</title>
+
+ <variablelist>
+
+ <varlistentry>
+ <term>freebsd:extattr mode=[legacy|compat|secure]</term>
+ <listitem>
+ <para>This parameter defines how the emulation of the Linux attr(5) extended attributes
+ is performed through the FreeBSD native extattr(9) system calls.</para>
+
+ <para>Currently the <emphasis>security</emphasis>, <emphasis>system</emphasis>,
+ <emphasis>trusted</emphasis> and <emphasis>user</emphasis> extended attribute(xattr)
+ classes are defined in Linux. Contrary FreeBSD has only <emphasis>USER</emphasis>
+ and <emphasis>SYSTEM</emphasis> extended attribute(extattr) namespaces, so mapping
+ of one set into another isn't straightforward and can be done in different ways.</para>
+
+ <para>Historically the Samba(7) built-in xattr mapping implementation simply converted
+ <emphasis>system</emphasis> and <emphasis>user</emphasis> xattr into corresponding
+ <emphasis>SYSTEM</emphasis> and <emphasis>USER</emphasis> extattr namespaces, dropping
+ the class prefix name with the separating dot and using attribute name only within the
+ mapped namespace. It also rejected any other xattr classes, like <emphasis>security</emphasis>
+ and <emphasis>trusted</emphasis> as invalid. Such behavior in particular broke AD
+ provisioning on UFS2 file systems as essential <emphasis>security.NTACL</emphasis>
+ xattr was rejected as invalid.</para>
+
+ <para>This module tries to address this problem and provide secure, where it's possible,
+ way to map Linux xattr into FreeBSD's extattr.</para>
+
+ <para>When <emphasis>mode</emphasis> is set to the <emphasis>legacy (default)</emphasis>
+ then modified version of built-in mapping is used, where <emphasis>system</emphasis> xattr
+ is mapped into SYSTEM namespace, while <emphasis>secure</emphasis>, <emphasis>trusted</emphasis>
+ and <emphasis>user</emphasis> xattr are all mapped into the USER namespace, dropping class
+ prefixes and mix them all together. This is the way how Samba FreeBSD ports were patched
+ up to the 4.9 version and that created multiple potential security issues. This mode is aimed for
+ the compatibility with the legacy installations only and should be avoided in new setups.</para>
+
+ <para>The <emphasis>compat</emphasis> mode is mostly designed for the jailed environments,
+ where it's not possible to write extattrs into the secure SYSTEM namespace, so all four
+ classes are mapped into the USER namespace. To preserve information about origin of the
+ extended attribute it is stored together with the class preffix in the <emphasis>class.attribute</emphasis>
+ format.</para>
+
+ <para>The <emphasis>secure</emphasis> mode is meant for storing extended attributes in a secure
+ manner, so that <emphasis>security</emphasis>, <emphasis>system</emphasis> and <emphasis>trusted</emphasis>
+ are stored in the SYSTEM namespace, which can be modified only by root.
+ </para>
+ </listitem>
+ </varlistentry>
+
+
+ </variablelist>
+</refsect1>
+
+<refsect1>
+ <table frame="all" rowheader="firstcol">
+ <title>Attributes mapping</title>
+ <tgroup cols='5' align='left' colsep='1' rowsep='1'>
+ <thead>
+ <row>
+ <entry> </entry>
+ <entry>built-in</entry>
+ <entry>legacy</entry>
+ <entry>compat/jail</entry>
+ <entry>secure</entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry>user</entry>
+ <entry>USER; attribute</entry>
+ <entry>USER; attribute</entry>
+ <entry>USER; user.attribute</entry>
+ <entry>USER; user.attribute</entry>
+ </row>
+ <row>
+ <entry>system</entry>
+ <entry>SYSTEM; attribute</entry>
+ <entry>SYSTEM; attribute</entry>
+ <entry>USER; system.attribute</entry>
+ <entry>SYSTEM; system.attribute</entry>
+ </row>
+ <row>
+ <entry>trusted</entry>
+ <entry>FAIL</entry>
+ <entry>USER; attribute</entry>
+ <entry>USER; trusted.attribute</entry>
+ <entry>SYSTEM; trusted.attribute</entry>
+ </row>
+ <row>
+ <entry>security</entry>
+ <entry>FAIL</entry>
+ <entry>USER; attribute</entry>
+ <entry>USER; security.attribute</entry>
+ <entry>SYSTEM; security.attribute</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </table>
+</refsect1>
+
+<refsect1>
+ <title>EXAMPLES</title>
+
+ <para>Use secure method of setting extended attributes on the share:</para>
+
+<programlisting>
+ <smbconfsection name="[sysvol]"/>
+ <smbconfoption name="vfs objects">freebsd</smbconfoption>
+ <smbconfoption name="freebsd:extattr mode">secure</smbconfoption>
+</programlisting>
+
+</refsect1>
+
+<refsect1>
+ <title>VERSION</title>
+
+ <para>This man page is part of version &doc.version; of the Samba suite.
+ </para>
+</refsect1>
+
+<refsect1>
+ <title>AUTHOR</title>
+
+ <para>The original Samba software and related utilities
+ were created by Andrew Tridgell. Samba is now developed
+ by the Samba Team as an Open Source project similar
+ to the way the Linux kernel is developed.</para>
+
+ <para>This module was written by Timur I. Bakeyev</para>
+
+</refsect1>
+
+</refentry>
diff --git a/docs-xml/wscript_build b/docs-xml/wscript_build
index c8c4b68e514..4dc4b34ca40 100644
--- a/docs-xml/wscript_build
+++ b/docs-xml/wscript_build
@@ -86,6 +86,7 @@ vfs_module_manpages = ['vfs_acl_tdb',
'vfs_extd_audit',
'vfs_fake_perms',
'vfs_fileid',
+ 'vfs_freebsd',
'vfs_fruit',
'vfs_full_audit',
'vfs_glusterfs',
diff --git a/source3/modules/vfs_freebsd.c b/source3/modules/vfs_freebsd.c
new file mode 100644
index 00000000000..07d26d9c516
--- /dev/null
+++ b/source3/modules/vfs_freebsd.c
@@ -0,0 +1,699 @@
+/*
+ * This module implements VFS calls specific to FreeBSD
+ *
+ * Copyright (C) Timur I. Bakeyev, 2018
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "includes.h"
+
+#include "lib/util/tevent_unix.h"
+#include "lib/util/tevent_ntstatus.h"
+#include "system/filesys.h"
+#include "smbd/smbd.h"
+
+#include <sys/sysctl.h>
+
+static int vfs_freebsd_debug_level = DBGC_VFS;
+
+#undef DBGC_CLASS
+#define DBGC_CLASS vfs_freebsd_debug_level
+
+#ifndef EXTATTR_MAXNAMELEN
+#define EXTATTR_MAXNAMELEN UINT8_MAX
+#endif
+
+#define EXTATTR_NAMESPACE(NS) EXTATTR_NAMESPACE_ ## NS, \
+ EXTATTR_NAMESPACE_ ## NS ## _STRING ".", \
+ .data.len = (sizeof(EXTATTR_NAMESPACE_ ## NS ## _STRING ".") - 1)
+
+#define EXTATTR_EMPTY 0x00
+#define EXTATTR_USER 0x01
+#define EXTATTR_SYSTEM 0x02
+#define EXTATTR_SECURITY 0x03
+#define EXTATTR_TRUSTED 0x04
+
+enum extattr_mode {
+ FREEBSD_EXTATTR_SECURE,
+ FREEBSD_EXTATTR_COMPAT,
+ FREEBSD_EXTATTR_LEGACY
+};
+
+struct freebsd_handle_data {
+ enum extattr_mode extattr_mode;
+};
+
+typedef struct {
+ int namespace;
+ char name[EXTATTR_MAXNAMELEN+1];
+ union {
+ uint16_t len;
+ uint16_t flags;
+ } data;
+} extattr_attr;
+
+static const struct enum_list extattr_mode_param[] = {
+ { FREEBSD_EXTATTR_SECURE, "secure" }, /* */
+ { FREEBSD_EXTATTR_COMPAT, "compat" }, /* */
+ { FREEBSD_EXTATTR_LEGACY, "legacy" }, /* */
+ { -1, NULL }
+};
+
+/* XXX: This order doesn't match namespace ids order! */
+static extattr_attr extattr[] = {
+ { EXTATTR_NAMESPACE(EMPTY) },
+ { EXTATTR_NAMESPACE(SYSTEM) },
+ { EXTATTR_NAMESPACE(USER) },
+};
+
+
+static bool freebsd_in_jail(void) {
+ int val = 0;
+ size_t val_len = sizeof(val);
+
+ if((sysctlbyname("security.jail.jailed", &val, &val_len, NULL, 0) != -1) && val == 1) {
+ return true;
+ }
+ return false;
+}
+
+
+static uint16_t freebsd_map_attrname(const char *name)
+{
+ if(name == NULL || name[0] == '\0') {
+ return EXTATTR_EMPTY;
+ }
+
+ switch(name[0]) {
+ case 'u':
+ if(strncmp(name, "user.", 5) == 0)
+ return EXTATTR_USER;
+ break;
+ case 't':
+ if(strncmp(name, "trusted.", 8) == 0)
+ return EXTATTR_TRUSTED;
+ break;
+ case 's':
+ /* name[1] could be any character, including '\0' */
+ switch(name[1]) {
+ case 'e':
+ if(strncmp(name, "security.", 9) == 0)
+ return EXTATTR_SECURITY;
+ break;
+ case 'y':
+ if(strncmp(name, "system.", 7) == 0)
+ return EXTATTR_SYSTEM;
+ break;
+ }
+ break;
+ }
+ return EXTATTR_USER;
+}
+
+
+/* security, system, trusted or user */
+static extattr_attr* freebsd_map_xattr(enum extattr_mode extattr_mode, const char *name, extattr_attr *attr)
+{
+ int attrnamespace = EXTATTR_NAMESPACE_EMPTY;
+ const char *p, *attrname = name;
+
+ if(name == NULL || name[0] == '\0') {
+ return NULL;
+ }
+
+ if(attr == NULL) {
+ return NULL;
+ }
+
+ uint16_t flags = freebsd_map_attrname(name);
+
+ switch(flags) {
+ case EXTATTR_SECURITY:
+ case EXTATTR_TRUSTED:
+ case EXTATTR_SYSTEM:
+ attrnamespace = (extattr_mode == FREEBSD_EXTATTR_SECURE) ?
+ EXTATTR_NAMESPACE_SYSTEM :
+ EXTATTR_NAMESPACE_USER;
+ break;
+ case EXTATTR_USER:
+ attrnamespace = EXTATTR_NAMESPACE_USER;
+ break;
+ default:
+ /* Default to "user" namespace if nothing else was specified */
+ attrnamespace = EXTATTR_NAMESPACE_USER;
+ flags = EXTATTR_USER;
+ break;
+ }
+
+ if (extattr_mode == FREEBSD_EXTATTR_LEGACY) {
+ switch(flags) {
+ case EXTATTR_SECURITY:
+ attrname = name + 9;
+ break;
+ case EXTATTR_TRUSTED:
+ attrname = name + 8;
+ break;
+ case EXTATTR_SYSTEM:
+ attrname = name + 7;
+ break;
+ case EXTATTR_USER:
+ attrname = name + 5;
+ break;
+ default:
+ attrname = ((p=strchr(name, '.')) != NULL) ? p + 1 : name;
+ break;
+ }
+ }
+
+ attr->namespace = attrnamespace;
+ attr->data.flags = flags;
+ strlcpy(attr->name, attrname, EXTATTR_MAXNAMELEN + 1);
+
+ return attr;
+}
+
+
+static ssize_t extattr_size(struct files_struct *fsp, extattr_attr *attr)
+{
+ ssize_t result;
+
+ SMB_ASSERT(!fsp_is_alternate_stream(fsp));
+
+ int fd = fsp_get_pathref_fd(fsp);
+
+ if (fsp->fsp_flags.is_pathref) {
+ const char *path = fsp->fsp_name->base_name;
+ if (fsp->fsp_flags.have_proc_fds) {
+ char buf[PATH_MAX];
+ path = sys_proc_fd_path(fd, buf, sizeof(buf));
+ if (path == NULL) {
+ return -1;
+ }
+ }
+ /*
+ * This is no longer a handle based call.
+ */
+ return extattr_get_file(path, attr->namespace, attr->name, NULL, 0);
+ }
+ else {
+ return extattr_get_fd(fd, attr->namespace, attr->name, NULL, 0);
+ }
+}
+
+/*
+ * The list of names is returned as an unordered array of NULL-terminated
+ * character strings (attribute names are separated by NULL characters),
+ * like this:
+ * user.name1\0system.name1\0user.name2\0
+ *
+ * Filesystems like ext2, ext3 and XFS which implement POSIX ACLs using
+ * extended attributes, might return a list like this:
+ * system.posix_acl_access\0system.posix_acl_default\0
+ */
+/*
+ * The extattr_list_file() returns a list of attributes present in the
+ * requested namespace. Each list entry consists of a single byte containing
+ * the length of the attribute name, followed by the attribute name. The
+ * attribute name is not terminated by ASCII 0 (nul).
+*/
+static ssize_t freebsd_extattr_list(struct files_struct *fsp, enum extattr_mode extattr_mode, char *list, size_t size)
+{
+ ssize_t list_size, total_size = 0;
+ char *p, *q, *list_end;
+ int len;
+ /*
+ Ignore all but user namespace when we are not root or in jail
+ See: https://bugzilla.samba.org/show_bug.cgi?id=10247
+ */
+ bool as_root = (geteuid() == 0);
+
+ int ns = (extattr_mode == FREEBSD_EXTATTR_SECURE && as_root) ? 1 : 2;
+
+ int fd = fsp_get_pathref_fd(fsp);
+
+ /* Iterate through extattr(2) namespaces */
+ for(; ns < ARRAY_SIZE(extattr); ns++) {
+ list_size = -1;
+
+ if (fsp->fsp_flags.is_pathref) {
+ const char *path = fsp->fsp_name->base_name;
+ if (fsp->fsp_flags.have_proc_fds) {
+ char buf[PATH_MAX];
+ path = sys_proc_fd_path(fd, buf, sizeof(buf));
+ if (path == NULL) {
+ return -1;
+ }
+ }
+ /*
+ * This is no longer a handle based call.
+ */
+ list_size = extattr_list_file(path, extattr[ns].namespace, list, size);
+ }
+ else {
+ list_size = extattr_list_fd(fd, extattr[ns].namespace, list, size);
+ }
+ /* Some error happend. Errno should be set by the previous call */
+ if(list_size < 0)
+ return -1;
+ /* No attributes in this namespace */
+ if(list_size == 0)
+ continue;
+ /*
+ Call with an empty buffer may be used to calculate
+ necessary buffer size.
+ */
+ if(list == NULL) {
+ /*
+ XXX: Unfortunately, we can't say, how many attributes were
+ returned, so here is the potential problem with the emulation.
+ */
+ if(extattr_mode == FREEBSD_EXTATTR_LEGACY) {
+ /*
+ Take the worse case of one char attribute names -
+ two bytes per name plus one more for sanity.
+ */
+ total_size += list_size + (list_size/2 + 1)*extattr[ns].data.len;
+ }
+ else {
+ total_size += list_size;
+ }
+ continue;
+ }
+
+ if(extattr_mode == FREEBSD_EXTATTR_LEGACY) {
+ /* Count necessary offset to fit namespace prefixes */
+ int extra_len = 0;
+ uint16_t flags;
+ list_end = list + list_size;
+ for(list_size = 0, p = q = list; p < list_end; p += len) {
+ len = p[0] + 1;
+ (void)strlcpy(q, p + 1, len);
+ flags = freebsd_map_attrname(q);
+ /* Skip secure attributes for non-root user */
+ if(extattr_mode != FREEBSD_EXTATTR_SECURE && !as_root && flags > EXTATTR_USER) {
+ continue;
+ }
+ if(flags <= EXTATTR_USER) {
+ /* Don't count trailing '\0' */
+ extra_len += extattr[ns].data.len;
+ }
+ list_size += len;
+ q += len;
+ }
+ total_size += list_size + extra_len;
+ /* Buffer is too small to fit the results */
+ if(total_size > size) {
+ errno = ERANGE;
+ return -1;
+ }
+ /* Shift results backwards, so we can prepend prefixes */
+ list_end = list + extra_len;
+ p = (char*)memmove(list_end, list, list_size);
+ /*
+ We enter the loop with `p` pointing to the shifted list and
+ `extra_len` having the total margin between `list` and `p`
+ */
+ for(list_end += list_size; p < list_end; p += len) {
+ len = strlen(p) + 1;
+ flags = freebsd_map_attrname(p);
+ if(flags <= EXTATTR_USER) {
+ /* Add namespace prefix */
+ (void)strncpy(list, extattr[ns].name, extattr[ns].data.len);
+ list += extattr[ns].data.len;
+ }
+ /* Append attribute name */
+ (void)strlcpy(list, p, len);
+ list += len;
+ }
+ }
+ else {
+ /* Convert UCSD strings into nul-terminated strings */
+ for(list_end = list + list_size; list < list_end; list += len) {
+ len = list[0] + 1;
+ (void)strlcpy(list, list + 1, len);
+ }
+ total_size += list_size;
+ }
+ }
+ return total_size;
+}
+
+/*
+static ssize_t freebsd_fgetxattr_size(struct vfs_handle_struct *handle,
+ struct files_struct *fsp,
+ const char *name)
+{
+ struct freebsd_handle_data *data;
+ extattr_attr attr;
+
+ SMB_ASSERT(!fsp_is_alternate_stream(fsp));
+
+ SMB_VFS_HANDLE_GET_DATA(handle, data,
+ struct freebsd_handle_data,
+ return -1);
+
+ if(!freebsd_map_xattr(data->extattr_mode, name, &attr)) {
+ errno = EINVAL;
+ return -1;
+ }
+
+ if(data->extattr_mode != FREEBSD_EXTATTR_SECURE && geteuid() != 0 && attr.data.flags > EXTATTR_USER) {
+ errno = ENOATTR;
+ return -1;
+ }
+
+ return extattr_size(fsp, &attr);
+}
+*/
+
+/* VFS entries */
+static ssize_t freebsd_fgetxattr(struct vfs_handle_struct *handle,
+ struct files_struct *fsp,
+ const char *name,
+ void *value,
+ size_t size)
+{
+#if defined(HAVE_XATTR_EXTATTR)
+ struct freebsd_handle_data *data;
+ extattr_attr attr;
+ ssize_t res;
+ int fd;
+
+ SMB_ASSERT(!fsp_is_alternate_stream(fsp));
+
+ SMB_VFS_HANDLE_GET_DATA(handle, data,
+ struct freebsd_handle_data,
+ return -1);
+
+ if(!freebsd_map_xattr(data->extattr_mode, name, &attr)) {
+ errno = EINVAL;
+ return -1;
+ }
+
+ /* Filter out 'secure' entries */
+ if(data->extattr_mode != FREEBSD_EXTATTR_SECURE && geteuid() != 0 && attr.data.flags > EXTATTR_USER) {
+ errno = ENOATTR;
+ return -1;
+ }
+
+ /*
+ * The BSD implementation has a nasty habit of silently truncating
+ * the returned value to the size of the buffer, so we have to check
+ * that the buffer is large enough to fit the returned value.
+ */
+ if((res=extattr_size(fsp, &attr)) < 0) {
+ return -1;
+ }
+
+ if (size == 0) {
+ return res;
+ }
+ else if (res > size) {
+ errno = ERANGE;
+ return -1;
+ }
+
+ fd = fsp_get_pathref_fd(fsp);
+
+ if (fsp->fsp_flags.is_pathref) {
+ const char *path = fsp->fsp_name->base_name;
+ if (fsp->fsp_flags.have_proc_fds) {
+ char buf[PATH_MAX];
+ path = sys_proc_fd_path(fd, buf, sizeof(buf));
+ if (path == NULL) {
+ return -1;
+ }
+ }
+ /*
+ * This is no longer a handle based call.
+ */
+ return extattr_get_file(path, attr.namespace, attr.name, value, size);
+ }
+ else {
+ return extattr_get_fd(fd, attr.namespace, attr.name, value, size);
+ }
+ return -1;
+#else
+ errno = ENOSYS;
+ return -1;
+#endif
+}
+
+
+static ssize_t freebsd_flistxattr(struct vfs_handle_struct *handle,
+ struct files_struct *fsp,
+ char *list,
+ size_t size)
+{
+#if defined(HAVE_XATTR_EXTATTR)
+ struct freebsd_handle_data *data;
+
+ SMB_ASSERT(!fsp_is_alternate_stream(fsp));
+
+ SMB_VFS_HANDLE_GET_DATA(handle, data,
+ struct freebsd_handle_data,
+ return -1);
+
+ return freebsd_extattr_list(fsp, data->extattr_mode, list, size);
+#else
+ errno = ENOSYS;
+ return -1;
+#endif
+}
+
+
+static int freebsd_fremovexattr(struct vfs_handle_struct *handle,
+ struct files_struct *fsp,
+ const char *name)
+{
+#if defined(HAVE_XATTR_EXTATTR)
+ struct freebsd_handle_data *data;
+ extattr_attr attr;
+ int fd;
+
+ SMB_ASSERT(!fsp_is_alternate_stream(fsp));
+
+ SMB_VFS_HANDLE_GET_DATA(handle, data,
+ struct freebsd_handle_data,
+ return -1);
+
+ if(!freebsd_map_xattr(data->extattr_mode, name, &attr)) {
+ errno = EINVAL;
+ return -1;
+ }
+
+ /* Filter out 'secure' entries */
+ if(data->extattr_mode != FREEBSD_EXTATTR_SECURE && geteuid() != 0 && attr.data.flags > EXTATTR_USER) {
+ errno = ENOATTR;
+ return -1;
+ }
+
+ fd = fsp_get_pathref_fd(fsp);
+
+ if (fsp->fsp_flags.is_pathref) {
+ const char *path = fsp->fsp_name->base_name;
+ if (fsp->fsp_flags.have_proc_fds) {
+ char buf[PATH_MAX];
+ path = sys_proc_fd_path(fd, buf, sizeof(buf));
+ if (path == NULL) {
+ return -1;
+ }
+ }
+ /*
+ * This is no longer a handle based call.
+ */
+ return extattr_delete_file(path, attr.namespace, attr.name);
+ }
+ else {
+ return extattr_delete_fd(fd, attr.namespace, attr.name);
+ }
+ return -1;
+#else
+ errno = ENOSYS;
+ return -1;
+#endif
+}
+
+
+static int freebsd_fsetxattr(struct vfs_handle_struct *handle,
+ struct files_struct *fsp,
+ const char *name,
+ const void *value,
+ size_t size,
+ int flags)
+{
+#if defined(HAVE_XATTR_EXTATTR)
+ struct freebsd_handle_data *data;
+ extattr_attr attr;
+ ssize_t res;
+ int fd;
+
+ SMB_ASSERT(!fsp_is_alternate_stream(fsp));
+
+ SMB_VFS_HANDLE_GET_DATA(handle, data,
+ struct freebsd_handle_data,
+ return -1);
+
+ if(!freebsd_map_xattr(data->extattr_mode, name, &attr)) {
+ errno = EINVAL;
+ return -1;
+ }
+
+ /* Filter out 'secure' entries */
+ if(data->extattr_mode != FREEBSD_EXTATTR_SECURE && geteuid() != 0 && attr.data.flags > EXTATTR_USER) {
+ errno = ENOATTR;
+ return -1;
+ }
+
+ if (flags) {
+ /* Check attribute existence */
+ res = extattr_size(fsp, &attr);
+ if (res < 0) {
+ /* REPLACE attribute, that doesn't exist */
+ if ((flags & XATTR_REPLACE) && errno == ENOATTR) {
+ errno = ENOATTR;
+ return -1;
+ }
+ /* Ignore other errors */
+ }
+ else {
+ /* CREATE attribute, that already exists */
+ if (flags & XATTR_CREATE) {
+ errno = EEXIST;
+ return -1;
+ }
+ }
+ }
+
+ fd = fsp_get_pathref_fd(fsp);
+
+ if (fsp->fsp_flags.is_pathref) {
+ const char *path = fsp->fsp_name->base_name;
+ if (fsp->fsp_flags.have_proc_fds) {
+ char buf[PATH_MAX];
+ path = sys_proc_fd_path(fd, buf, sizeof(buf));
+ if (path == NULL) {
+ return -1;
+ }
+ }
+ /*
+ * This is no longer a handle based call.
+ */
+ res = extattr_set_file(path, attr.namespace, attr.name, value, size);
+ }
+ else {
+ res = extattr_set_fd(fd, attr.namespace, attr.name, value, size);
+ }
+ return (res >= 0) ? 0 : -1;
+#else
+ errno = ENOSYS;
+ return -1;
+#endif
+}
+
+
+static int freebsd_connect(struct vfs_handle_struct *handle,
+ const char *service,
+ const char *user)
+{
+ struct freebsd_handle_data *data;
+ int enumval, saved_errno;
+
+ int ret = SMB_VFS_NEXT_CONNECT(handle, service, user);
+
+ if (ret < 0) {
+ return ret;
+ }
+
+ data = talloc_zero(handle->conn, struct freebsd_handle_data);
+ if (!data) {
+ saved_errno = errno;
+ SMB_VFS_NEXT_DISCONNECT(handle);
+ DEBUG(0, ("talloc_zero() failed\n"));
+ errno = saved_errno;
+ return -1;
+ }
+
+ enumval = lp_parm_enum(SNUM(handle->conn), "freebsd",
+ "extattr mode", extattr_mode_param, FREEBSD_EXTATTR_LEGACY);
+ if (enumval == -1) {
+ saved_errno = errno;
+ SMB_VFS_NEXT_DISCONNECT(handle);
+ DBG_DEBUG("value for freebsd: 'extattr mode' is unknown\n");
+ errno = saved_errno;
+ return -1;
+ }
+
+ if(freebsd_in_jail()) {
+ enumval = FREEBSD_EXTATTR_COMPAT;
+ DBG_WARNING("running in jail, enforcing 'compat' mode\n");
+ }
+
+ data->extattr_mode = (enum extattr_mode)enumval;
+
+ SMB_VFS_HANDLE_SET_DATA(handle, data, NULL,
+ struct freebsd_handle_data,
+ return -1);
+
+ DBG_DEBUG("connect to service[%s] with '%s' extattr mode\n",
+ service, extattr_mode_param[data->extattr_mode].name);
+
+ return 0;
+}
+
+
+static void freebsd_disconnect(vfs_handle_struct *handle)
+{
+ SMB_VFS_NEXT_DISCONNECT(handle);
+}
+
+/* VFS operations structure */
+
+struct vfs_fn_pointers freebsd_fns = {
+ /* Disk operations */
+ .connect_fn = freebsd_connect,
+ .disconnect_fn = freebsd_disconnect,
+
+ /* EA operations. */
+ .getxattrat_send_fn = vfs_not_implemented_getxattrat_send,
+ .getxattrat_recv_fn = vfs_not_implemented_getxattrat_recv,
+ .fgetxattr_fn = freebsd_fgetxattr,
+ .flistxattr_fn = freebsd_flistxattr,
+ .fremovexattr_fn = freebsd_fremovexattr,
+ .fsetxattr_fn = freebsd_fsetxattr,
+};
+
+static_decl_vfs;
+NTSTATUS vfs_freebsd_init(TALLOC_CTX *ctx)
+{
+ NTSTATUS ret;
+
+ ret = smb_register_vfs(SMB_VFS_INTERFACE_VERSION, "freebsd",
+ &freebsd_fns);
+
+ if (!NT_STATUS_IS_OK(ret)) {
+ return ret;
+ }
+
+ vfs_freebsd_debug_level = debug_add_class("freebsd");
+ if (vfs_freebsd_debug_level == -1) {
+ vfs_freebsd_debug_level = DBGC_VFS;
+ DEBUG(0, ("vfs_freebsd: Couldn't register custom debugging class!\n"));
+ } else {
+ DEBUG(10, ("vfs_freebsd: Debug class number of 'fileid': %d\n", vfs_freebsd_debug_level));
+ }
+
+ return ret;
+}
diff --git a/source3/modules/wscript_build b/source3/modules/wscript_build
index ff318c3fa06..f88d054d524 100644
--- a/source3/modules/wscript_build
+++ b/source3/modules/wscript_build
@@ -636,6 +636,13 @@ bld.SAMBA3_MODULE('vfs_delay_inject',
enabled=bld.SAMBA3_IS_ENABLED_MODULE('vfs_delay_inject'),
install=False)
+bld.SAMBA3_MODULE('vfs_freebsd',
+ subsystem='vfs',
+ source='vfs_freebsd.c',
+ init_function='',
+ internal_module=bld.SAMBA3_IS_STATIC_MODULE('vfs_freebsd'),
+ enabled=bld.SAMBA3_IS_ENABLED_MODULE('vfs_freebsd'))
+
bld.SAMBA3_MODULE('vfs_widelinks',
subsystem='vfs',
source='vfs_widelinks.c',
--
2.37.1

164
net/samba419/files/0099-s3-modules-zfsacl-fix-get-set-ACL-on-FreeBSD-13.patch Normal file
View file

@ -0,0 +1,164 @@
From ff8b27f6f0c67cbb0fb37f80f3336c1bd0f28430 Mon Sep 17 00:00:00 2001
From: Andrew Walker <awalker@ixsystems.com>
Date: Thu, 16 Mar 2023 09:05:45 -0700
Subject: [PATCH] Fixups for VFS changes in 4.18
---
debian/changelog | 24 ++++++------------
lib/audit_logging/audit_logging.c | 4 +--
source3/modules/vfs_shadow_copy_zfs.c | 24 ++++++++----------
source3/modules/vfs_tmprotect.c | 2 +-
source3/modules/vfs_zfsacl.c | 35 +++++++++++++++++++++++++++
source3/utils/net_groupmap.c | 6 ++---
6 files changed, 58 insertions(+), 37 deletions(-)
diff --git a/source3/modules/vfs_zfsacl.c b/source3/modules/vfs_zfsacl.c
index e24cb683d2..18f8dcb4b2 100644
--- a/source3/modules/vfs_zfsacl.c
+++ b/source3/modules/vfs_zfsacl.c
@@ -307,6 +307,41 @@ static NTSTATUS zfs_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
zfs_process_smbacl);
}
+static int get_zfsacl(TALLOC_CTX *mem_ctx,
+ const struct smb_filename *smb_fname,
+ ace_t **outbuf)
+{
+ int naces, rv;
+ ace_t *acebuf = NULL;
+
+ naces = acl(smb_fname->base_name, ACE_GETACLCNT, 0, NULL);
+ if (naces == -1) {
+ int dbg_level = 10;
+
+ if (errno == ENOSYS) {
+ dbg_level = 1;
+ }
+ DEBUG(dbg_level, ("acl(ACE_GETACLCNT, %s): %s ",
+ smb_fname->base_name, strerror(errno)));
+ return naces;
+ }
+ acebuf = talloc_size(mem_ctx, sizeof(ace_t)*naces);
+ if (acebuf == NULL) {
+ errno = ENOMEM;
+ return -1;
+ }
+
+ rv = acl(smb_fname->base_name, ACE_GETACL, naces, acebuf);
+ if (rv == -1) {
+ DBG_DEBUG("acl(ACE_GETACL, %s) failed: %s ",
+ smb_fname->base_name, strerror(errno));
+ return -1;
+ }
+
+ *outbuf = acebuf;
+ return naces;
+}
+
static int fget_zfsacl(TALLOC_CTX *mem_ctx,
struct files_struct *fsp,
ace_t **outbuf)
From 0c2c9f21cf01983d9001edef4983bc15b79a31ad Mon Sep 17 00:00:00 2001
From: Andrew <awalker@ixsystems.com>
Date: Mon, 29 Nov 2021 12:33:15 -0500
Subject: [PATCH] NAS-113538 / Fix procfd handling for xattr-based alternate
datastreams (#54)
vfs_streams_xattr openat() does not set fsp.flags.have_proc_fds. In open_streams_for_delete() the fsp is not allocated via talloc_zero() and so this may be unitialized memory.
This particular fix ensures vfs_streams_xattr sets the fsp have_proc_fds flag to the one defined in the associated tree connect for the fsp. In the case of vfs_ixnas, ensure that we read the NT ACL from fsp->base_fsp (file) rather than the fsp associated with the xattr.
This PR also fixes vfs_zfsacl for FreeBSD 13 (adding handling for procfd paths)
---
source3/modules/vfs_ixnas.c | 4 ++-
source3/modules/vfs_zfsacl.c | 62 ++++++++++++++++++++++++++++++++++++
2 files changed, 65 insertions(+), 1 deletion(-)
--- a/source3/modules/vfs_zfsacl.c
+++ b/source3/modules/vfs_zfsacl.c
@@ -235,12 +235,43 @@ static bool zfs_process_smbacl(vfs_handle_struct *handle, files_struct *fsp,
SMB_ASSERT(i == naces);
/* store acl */
+#ifdef O_PATH
+ if (fsp->fsp_flags.is_pathref) {
+ const char *proc_fd_path = NULL;
+ char buf[PATH_MAX];
+
+ if (!fsp->fsp_flags.have_proc_fds) {
+ DBG_ERR("fdescfs filesystem must be mounted with 'nodup' "
+ "option \n");
+ errno = EBADF;
+ return -1;
+ }
+
+ fd = fsp_get_pathref_fd(fsp);
+ proc_fd_path = sys_proc_fd_path(fd, buf, sizeof(buf));
+ if (proc_fd_path == NULL) {
+ DBG_ERR("%s: failed to generate pathref fd for %d\n",
+ fsp_str_dbg(fsp), fd);
+ errno = EBADF;
+ return -1;
+ }
+ rv = acl(proc_fd_path, ACE_SETACL, naces, acebuf);
+ } else {
+ fd = fsp_get_io_fd(fsp);
+ if (fd == -1) {
+ errno = EBADF;
+ return false;
+ }
+ rv = facl(fd, ACE_SETACL, naces, acebuf);
+ }
+#else
fd = fsp_get_pathref_fd(fsp);
if (fd == -1) {
errno = EBADF;
return false;
}
rv = facl(fd, ACE_SETACL, naces, acebuf);
+#endif
if (rv != 0) {
if(errno == ENOSYS) {
DEBUG(9, ("acl(ACE_SETACL, %s): Operation is not "
@@ -286,7 +317,38 @@ static int fget_zfsacl(TALLOC_CTX *mem_ctx,
ace_t *acebuf = NULL;
int fd;
+#ifdef O_PATH
+ if (fsp->fsp_flags.is_pathref) {
+ const char *proc_fd_path = NULL;
+ char buf[PATH_MAX];
+ struct smb_filename smb_fname;
+
+ if (!fsp->fsp_flags.have_proc_fds) {
+ DBG_ERR("fdescfs filesystem must be mounted with 'nodup' "
+ "option \n");
+ errno = EBADF;
+ return -1;
+ }
+
+ fd = fsp_get_pathref_fd(fsp);
+ proc_fd_path = sys_proc_fd_path(fd, buf, sizeof(buf));
+ if (proc_fd_path == NULL) {
+ DBG_ERR("%s: failed to generate pathref fd for %d\n",
+ fsp_str_dbg(fsp), fd);
+ errno = EBADF;
+ return -1;
+ }
+
+ smb_fname = (struct smb_filename) {
+ .base_name = discard_const_p(char, proc_fd_path)
+ };
+
+ return get_zfsacl(mem_ctx, &smb_fname, outbuf);
+ }
+ fd = fsp_get_io_fd(fsp);
+#else
fd = fsp_get_pathref_fd(fsp);
+#endif
if (fd == -1) {
errno = EBADF;
return -1;
--
2.43.0

485
net/samba419/files/0100-Fix-pathref-handling-for-FreeBSD-13plus.patch Normal file
View file

@ -0,0 +1,485 @@
https://bugzilla.samba.org/show_bug.cgi?id=15376
--- source3/smbd/open.c 2023-04-19 12:18:56.254875400 +0200
+++ source3/smbd/open.c 2023-06-20 08:29:06.210298000 +0200
@@ -1204,9 +1204,6 @@
int new_fd;
NTSTATUS status;
- if (!fsp->fsp_flags.have_proc_fds) {
- return NT_STATUS_MORE_PROCESSING_REQUIRED;
- }
old_fd = fsp_get_pathref_fd(fsp);
if (old_fd == -1) {
@@ -1222,22 +1219,28 @@
return NT_STATUS_INVALID_HANDLE;
}
- p = sys_proc_fd_path(old_fd, buf, sizeof(buf));
- if (p == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
+
+ if (sys_open_real_fd_from_pathref_fd(old_fd, &new_fd, flags) != 0) {
+ if (!fsp->fsp_flags.have_proc_fds) {
+ return NT_STATUS_MORE_PROCESSING_REQUIRED;
+ }
- proc_fname = (struct smb_filename) {
- .base_name = discard_const_p(char, p),
- };
+ p = sys_proc_fd_path(old_fd, buf, sizeof(buf));
+ if (p == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
- fsp->fsp_flags.is_pathref = false;
+ proc_fname = (struct smb_filename) {
+ .base_name = discard_const_p(char, p),
+ };
- new_fd = SMB_VFS_OPENAT(fsp->conn,
- fsp->conn->cwd_fsp,
- &proc_fname,
- fsp,
- &how);
+ new_fd = SMB_VFS_OPENAT(fsp->conn,
+ fsp->conn->cwd_fsp,
+ &proc_fname,
+ fsp,
+ &how);
+ }
+
if (new_fd == -1) {
status = map_nt_error_from_unix(errno);
fd_close(fsp);
@@ -1250,6 +1260,8 @@
}
fsp_set_fd(fsp, new_fd);
+ fsp->fsp_flags.is_pathref = false;
+
return NT_STATUS_OK;
}
--- source3/lib/system.c 2023-01-18 16:32:24.174553200 +0100
+++ source3/lib/system.c 2023-06-19 23:35:30.132465000 +0200
@@ -1022,6 +1022,8 @@
} proc_fd_patterns[] = {
/* Linux */
{ "/proc/self/fd/%d", "/proc/self/fd/0" },
+ /* FreeBSD */
+ { "/compat/linux/dev/fd/%d", "/compat/linux/dev/fd/0" },
{ NULL, NULL },
};
@@ -1077,4 +1079,27 @@
}
return buf;
+}
+
+
+/* Helper function that opens a usable fd for accessing data
+ (metadata & content) from a pathref fd */
+int sys_open_real_fd_from_pathref_fd(int fd,
+ int *rfd,
+ int flags) {
+ int tfd;
+
+#if defined(HAVE_OPENAT) && defined(O_EMPTY_PATH)
+ /* This works for FreeBSD 13+ atleast */
+
+ tfd = openat(fd, "", O_EMPTY_PATH|flags);
+ if (tfd < 0) {
+ return errno;
+ }
+
+ *rfd = tfd;
+ return 0;
+#else
+ return ENOSYS;
+#endif
}
--- source3/modules/vfs_default.c 2023-05-31 18:06:44.154299500 +0200
+++ source3/modules/vfs_default.c 2023-06-19 23:23:58.116903000 +0200
@@ -2721,7 +2721,7 @@
static int vfswrap_fchmod(vfs_handle_struct *handle, files_struct *fsp, mode_t mode)
{
- int result;
+ int result, fd, real_fd;
START_PROFILE(syscall_fchmod);
@@ -2731,8 +2731,9 @@
return result;
}
+ fd = fsp_get_pathref_fd(fsp);
+
if (fsp->fsp_flags.have_proc_fds) {
- int fd = fsp_get_pathref_fd(fsp);
const char *p = NULL;
char buf[PATH_MAX];
@@ -2746,6 +2747,17 @@
return result;
}
+ if (sys_open_real_fd_from_pathref_fd(fd, &real_fd, O_RDONLY|O_NONBLOCK) == 0) {
+ int saved_errno;
+
+ result = fchmod(real_fd, mode);
+ saved_errno = errno;
+ close(real_fd);
+ errno = saved_errno;
+ END_PROFILE(syscall_fchmod);
+ return result;
+ }
+
/*
* This is no longer a handle based call.
*/
@@ -2758,7 +2770,7 @@
static int vfswrap_fchown(vfs_handle_struct *handle, files_struct *fsp, uid_t uid, gid_t gid)
{
#ifdef HAVE_FCHOWN
- int result;
+ int result, fd, real_fd;
START_PROFILE(syscall_fchown);
if (!fsp->fsp_flags.is_pathref) {
@@ -2767,8 +2779,9 @@
return result;
}
+ fd = fsp_get_pathref_fd(fsp);
+
if (fsp->fsp_flags.have_proc_fds) {
- int fd = fsp_get_pathref_fd(fsp);
const char *p = NULL;
char buf[PATH_MAX];
@@ -2782,6 +2795,17 @@
return result;
}
+ if (sys_open_real_fd_from_pathref_fd(fd, &real_fd, O_RDONLY|O_NONBLOCK) == 0) {
+ int saved_errno;
+
+ result = fchown(real_fd, uid, gid);
+ saved_errno = errno;
+ close(real_fd);
+ errno = saved_errno;
+ END_PROFILE(syscall_fchown);
+ return result;
+ }
+
/*
* This is no longer a handle based call.
*/
@@ -2855,7 +2879,7 @@
files_struct *fsp,
struct smb_file_time *ft)
{
- int result = -1;
+ int result = -1, fd, real_fd;
struct timespec ts[2];
struct timespec *times = NULL;
@@ -2900,8 +2924,9 @@
goto out;
}
+ fd = fsp_get_pathref_fd(fsp);
+
if (fsp->fsp_flags.have_proc_fds) {
- int fd = fsp_get_pathref_fd(fsp);
const char *p = NULL;
char buf[PATH_MAX];
@@ -2919,6 +2944,16 @@
goto out;
}
+ if (sys_open_real_fd_from_pathref_fd(fd, &real_fd, O_RDONLY|O_NONBLOCK) == 0) {
+ int saved_errno;
+
+ result = futimens(real_fd, times);
+ saved_errno = errno;
+ close(real_fd);
+ errno = saved_errno;
+ goto out;
+ }
+
/*
* The fd is a pathref (opened with O_PATH) and there isn't fd to
* path translation mechanism. Fallback to path based call.
@@ -3322,6 +3357,7 @@
{
#ifdef HAVE_FCHFLAGS
int fd = fsp_get_pathref_fd(fsp);
+ int real_fd;
SMB_ASSERT(!fsp_is_alternate_stream(fsp));
@@ -3341,6 +3377,16 @@
return chflags(p, flags);
}
+ if (sys_open_real_fd_from_pathref_fd(fd, &real_fd, O_RDONLY|O_NONBLOCK) == 0) {
+ int saved_errno, result;
+
+ result = fchflags(real_fd, flags);
+ saved_errno = errno;
+ close(real_fd);
+ errno = saved_errno;
+ return result;
+ }
+
/*
* This is no longer a handle based call.
*/
@@ -3569,6 +3615,7 @@
size_t size)
{
int fd = fsp_get_pathref_fd(fsp);
+ int real_fd;
SMB_ASSERT(!fsp_is_alternate_stream(fsp));
@@ -3588,6 +3635,16 @@
return getxattr(p, name, value, size);
}
+ if (sys_open_real_fd_from_pathref_fd(fd, &real_fd, O_RDONLY|O_NONBLOCK) == 0) {
+ int saved_errno, result;
+
+ result = fgetxattr(real_fd, name, value, size);
+ saved_errno = errno;
+ close(real_fd);
+ errno = saved_errno;
+ return result;
+ }
+
/*
* This is no longer a handle based call.
*/
@@ -3895,6 +3952,7 @@
static ssize_t vfswrap_flistxattr(struct vfs_handle_struct *handle, struct files_struct *fsp, char *list, size_t size)
{
int fd = fsp_get_pathref_fd(fsp);
+ int real_fd;
SMB_ASSERT(!fsp_is_alternate_stream(fsp));
@@ -3914,6 +3972,16 @@
return listxattr(p, list, size);
}
+ if (sys_open_real_fd_from_pathref_fd(fd, &real_fd, O_RDONLY|O_NONBLOCK) == 0) {
+ int saved_errno, result;
+
+ result = flistxattr(real_fd, list, size);
+ saved_errno = errno;
+ close(real_fd);
+ errno = saved_errno;
+ return result;
+ }
+
/*
* This is no longer a handle based call.
*/
@@ -3923,6 +3991,7 @@
static int vfswrap_fremovexattr(struct vfs_handle_struct *handle, struct files_struct *fsp, const char *name)
{
int fd = fsp_get_pathref_fd(fsp);
+ int real_fd;
SMB_ASSERT(!fsp_is_alternate_stream(fsp));
@@ -3942,6 +4011,16 @@
return removexattr(p, name);
}
+ if (sys_open_real_fd_from_pathref_fd(fd, &real_fd, O_RDONLY|O_NONBLOCK) == 0) {
+ int saved_errno, result;
+
+ result = fremovexattr(real_fd, name);
+ saved_errno = errno;
+ close(real_fd);
+ errno = saved_errno;
+ return result;
+ }
+
/*
* This is no longer a handle based call.
*/
@@ -3951,6 +4030,7 @@
static int vfswrap_fsetxattr(struct vfs_handle_struct *handle, struct files_struct *fsp, const char *name, const void *value, size_t size, int flags)
{
int fd = fsp_get_pathref_fd(fsp);
+ int real_fd;
SMB_ASSERT(!fsp_is_alternate_stream(fsp));
@@ -3968,6 +4048,16 @@
}
return setxattr(p, name, value, size, flags);
+ }
+
+ if (sys_open_real_fd_from_pathref_fd(fd, &real_fd, O_RDONLY|O_NONBLOCK) == 0) {
+ int saved_errno, result;
+
+ result = fsetxattr(real_fd, name, value, size, flags);
+ saved_errno = errno;
+ close(real_fd);
+ errno = saved_errno;
+ return result;
}
/*
--- source3/modules/vfs_zfsacl.c 2023-01-18 16:32:24.210553400 +0100
+++ source3/modules/vfs_zfsacl.c 2023-06-20 08:51:53.077953000 +0200
@@ -234,13 +234,39 @@
SMB_ASSERT(i == naces);
- /* store acl */
- fd = fsp_get_pathref_fd(fsp);
- if (fd == -1) {
- errno = EBADF;
- return false;
+ if (!fsp->fsp_flags.is_pathref) {
+ rv = facl(fsp_get_io_fd(fsp), ACE_SETACL, naces, acebuf);
+ } else {
+ const char *procfd_p = NULL;
+ char buf[PATH_MAX];
+
+ fd = fsp_get_pathref_fd(fsp);
+ if (fsp->fsp_flags.have_proc_fds && (procfd_p = sys_proc_fd_path(fd, buf, sizeof(buf)))) {
+ rv = acl(procfd_p, ACE_SETACL, naces, acebuf);
+ } else {
+ int real_fd;
+
+ fd = fsp_get_pathref_fd(fsp);
+
+ /* First try this for versions of FreeBSD 13+ that allows facl() on O_PATH fd's */
+ rv = facl(fd, ACE_SETACL, naces, acebuf);
+
+ if (rv < 0 && errno == EBADF &&
+ sys_open_real_fd_from_pathref_fd(fd, &real_fd, O_RDONLY|O_NONBLOCK) == 0) {
+ /* Works on FreeBSD 13+ */
+ int saved_errno;
+
+ rv = facl(real_fd, ACE_SETACL, naces, acebuf);
+ saved_errno = errno;
+ close(real_fd);
+ errno = saved_errno;
+ } else {
+ /* Last ditch fallback */
+ rv = acl(fsp->fsp_name->base_name, ACE_SETACL, naces, acebuf);
+ }
+ }
}
- rv = facl(fd, ACE_SETACL, naces, acebuf);
+
if (rv != 0) {
if(errno == ENOSYS) {
DEBUG(9, ("acl(ACE_SETACL, %s): Operation is not "
@@ -284,14 +310,39 @@
{
int naces, rv;
ace_t *acebuf = NULL;
- int fd;
+ int fd = -1;
+ const char *procfd_p = NULL;
+ char buf[PATH_MAX];
- fd = fsp_get_pathref_fd(fsp);
- if (fd == -1) {
- errno = EBADF;
- return -1;
+ if (!fsp->fsp_flags.is_pathref) {
+ naces = facl(fsp_get_io_fd(fsp), ACE_GETACLCNT, 0, NULL);
+ } else {
+ fd = fsp_get_pathref_fd(fsp);
+
+ if (fsp->fsp_flags.have_proc_fds && (procfd_p = sys_proc_fd_path(fd, buf, sizeof(buf)))) {
+ /* If we have procfd support, try this first */
+ naces = acl(procfd_p, ACE_GETACLCNT, 0, NULL);
+ } else {
+ int real_fd;
+
+ /* First try this for versions of FreeBSD 13+ that allows facl() on O_PATH fd's */
+ naces = facl(fd, ACE_GETACLCNT, 0, NULL);
+ if (naces < 0 && errno == EBADF &&
+ sys_open_real_fd_from_pathref_fd(fd, &real_fd, O_RDONLY|O_NONBLOCK) == 0) {
+ /* Works on FreeBSD 13+ */
+ int saved_errno;
+
+ naces = facl(real_fd, ACE_GETACLCNT, 0, NULL);
+ saved_errno = errno;
+ close(real_fd);
+ errno = saved_errno;
+ } else {
+ /* Last ditch fallback */
+ naces = acl(fsp->fsp_name->base_name, ACE_GETACLCNT, 0, NULL);
+ }
+ }
}
- naces = facl(fd, ACE_GETACLCNT, 0, NULL);
+
if (naces == -1) {
int dbg_level = 10;
@@ -309,7 +360,32 @@
return -1;
}
- rv = facl(fd, ACE_GETACL, naces, acebuf);
+ if (!fsp->fsp_flags.is_pathref) {
+ rv = facl(fsp_get_io_fd(fsp), ACE_GETACL, naces, acebuf);
+ } else {
+ if (procfd_p) {
+ rv = acl(procfd_p, ACE_GETACL, naces, acebuf);
+ } else {
+ int real_fd;
+
+ /* First try this for versions of FreeBSD that allows facl() on O_PATH fd's */
+ rv = facl(fd, ACE_GETACL, naces, acebuf);
+ if (rv < 0 && errno == EBADF &&
+ sys_open_real_fd_from_pathref_fd(fd, &real_fd, O_RDONLY|O_NONBLOCK) == 0) {
+ /* Works on FreeBSD 13+ */
+ int saved_errno;
+
+ rv = facl(real_fd, ACE_GETACL, naces, acebuf);
+ saved_errno = errno;
+ close(real_fd);
+ errno = saved_errno;
+ } else {
+ /* Last ditch fallback */
+ rv = acl(fsp->fsp_name->base_name, ACE_GETACL, naces, acebuf);
+ }
+ }
+ }
+
if (rv == -1) {
DBG_DEBUG("acl(ACE_GETACL, %s): %s ",
fsp_str_dbg(fsp), strerror(errno));
--- source3/include/proto.h 2023-05-31 18:06:44.142299400 +0200
+++ source3/include/proto.h 2023-06-19 23:23:58.115127000 +0200
@@ -211,6 +211,10 @@
bool sys_have_proc_fds(void);
const char *sys_proc_fd_path(int fd, char *buf, size_t bufsize);
+int sys_open_real_fd_from_pathref_fd(int fd,
+ int *mfd,
+ int flags);
+
struct stat;
void init_stat_ex_from_stat (struct stat_ex *dst,
const struct stat *src,

94
net/samba419/files/README.FreeBSD.in Normal file
View file

@ -0,0 +1,94 @@
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please read before runing any tools !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Documentation
=============
o https://wiki.samba.org/index.php/Samba4/HOWTO
o https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO
o https://wiki.samba.org/index.php/Samba4/samba-tool/domain/classicupgrade/HOWTO
FreeBSD specific information
============================
* Your configuration is in: %%SAMBA4_CONFDIR%%/%%SAMBA4_CONFIG%%
* All the logs are under: %%SAMBA4_LOGDIR%%
* All the relevant databases are under: %%SAMBA4_LOCKDIR%%
* Provisioning script is: %%PREFIX%%/bin/samba-tool
Samba4 provisioning requires file system(s) with the ACLs support. On
UFS2 you need to enable POSIX ACLs by adding 'acls' option to the mount
flags, on ZFS you need to use NFSv4 ACLs and `zfsacl` VFS module to get
provisioning work.
There is a hack in the code, that makes provisioning work on UFS2 and in
the jails on the price of using USER extattr(2) namespace, which is less
secure than SYSTEM namespace, as can be edited not only by root user, but
also by the owner of the file.
For the provisioning on ZFS you need to use additional parameters to the
samba-tool, that would explicitly add `zfsacl` to the default `vfs objects`:
# samba-tool domain provision --interactive \
--option="vfs objects"="dfs_samba4 zfsacl"
To run this port you need to perform the following steps:
---------------------------------------------------------
0. If you had Samba3 port installed before, please, *take backups* of
all the relevant files. That includes 'smb.conf' file and all the
content of the '/var/db/samba/' directory.
1a. Create new '%%SAMBA4_CONFDIR%%/%%SAMBA4_CONFIG%%' file by running:
# samba-tool domain provision
1b. Or upgrade from the Samba3 'smb.conf' file by running:
# samba-tool domain classicupgrade
%%AC_DC%%1c. You will need to specify location of the 'nsupdate' command in the
%%AC_DC%%'%%SAMBA4_CONFIG%%' file:
%%AC_DC%%
%%AC_DC%% nsupdate command = %%PREFIX%%/bin/samba-nsupdate -g
%%AC_DC%%
2. Put string 'samba_server_enable="YES"' into your /etc/rc.conf.
3. Make sure that your server doesn't run Samba3, OpenLDAP and named.
Stop them, if necessary.
4. Run '%%PREFIX%%/etc/rc.d/samba_server start' or reboot.
Please, check archives of samba@lists.samba.org and ask there for help,
if necessary:
https://lists.samba.org/archive/samba/
Port related bugs can be reported to the FreeBSD Bugzilla or directly to:
https://gitlab.com/samba-freebsd/ports/-/issues
In case you found a bug which is clearly not related to the port build
process itself, plese file a bug report at:
https://bugzilla.samba.org/
And add me to CC list.
You may find those tools helpful:
---------------------------------
Microsoft Remote Server Administration Tools (RSAT) for:
* Vista: http://www.microsoft.com/en-us/download/details.aspx?id=21090
* Windows 7: http://www.microsoft.com/en-us/download/details.aspx?id=7887
FreeBSD Samba4 port maintainer: Timur I. Bakeyev <timur@FreeBSD.org>

558
net/samba419/files/man/ctdb-script.options.5 Normal file
View file

@ -0,0 +1,558 @@
'\" t
.\" Title: ctdb-script.options
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Date: 09/23/2020
.\" Manual: CTDB - clustered TDB database
.\" Source: ctdb
.\" Language: English
.\"
.TH "CTDB\-SCRIPT\&.OPTIO" "5" "09/23/2020" "ctdb" "CTDB \- clustered TDB database"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
ctdb-script.options \- CTDB scripts configuration files
.SH "DESCRIPTION"
.PP
Each CTDB script has 2 possible locations for its configuration options:
.PP
/usr/local/etc/ctdb/script\&.options
.RS 4
This is a catch\-all global file for general purpose scripts and for options that are used in multiple event scripts\&.
.RE
.PP
\fISCRIPT\fR\&.options
.RS 4
That is, options for
\fISCRIPT\fR
are placed in a file alongside the script, with a "\&.script" suffix added\&. This style is usually recommended for event scripts\&.
.sp
Options in this script\-specific file override those in the global file\&.
.RE
.PP
These files should include simple shell\-style variable assignments and shell\-style comments\&.
.SH "NETWORK CONFIGURATION"
.SS "10\&.interface"
.PP
This event script handles monitoring of interfaces using by public IP addresses\&.
.PP
CTDB_PARTIALLY_ONLINE_INTERFACES=yes|no
.RS 4
Whether one or more offline interfaces should cause a monitor event to fail if there are other interfaces that are up\&. If this is "yes" and a node has some interfaces that are down then
\fBctdb status\fR
will display the node as "PARTIALLYONLINE"\&.
.sp
Note that CTDB_PARTIALLY_ONLINE_INTERFACES=yes is not generally compatible with NAT gateway or LVS\&. NAT gateway relies on the interface configured by CTDB_NATGW_PUBLIC_IFACE to be up and LVS replies on CTDB_LVS_PUBLIC_IFACE to be up\&. CTDB does not check if these options are set in an incompatible way so care is needed to understand the interaction\&.
.sp
Default is "no"\&.
.RE
.SS "11\&.natgw"
.PP
Provides CTDB\*(Aqs NAT gateway functionality\&.
.PP
NAT gateway is used to configure fallback routing for nodes when they do not host any public IP addresses\&. For example, it allows unhealthy nodes to reliably communicate with external infrastructure\&. One node in a NAT gateway group will be designated as the NAT gateway master node and other (slave) nodes will be configured with fallback routes via the NAT gateway master node\&. For more information, see the
NAT GATEWAY
section in
\fBctdb\fR(7)\&.
.PP
CTDB_NATGW_DEFAULT_GATEWAY=\fIIPADDR\fR
.RS 4
IPADDR is an alternate network gateway to use on the NAT gateway master node\&. If set, a fallback default route is added via this network gateway\&.
.sp
No default\&. Setting this variable is optional \- if not set that no route is created on the NAT gateway master node\&.
.RE
.PP
CTDB_NATGW_NODES=\fIFILENAME\fR
.RS 4
FILENAME contains the list of nodes that belong to the same NAT gateway group\&.
.sp
File format:
.sp
.if n \{\
.RS 4
.\}
.nf
\fIIPADDR\fR [slave\-only]
.fi
.if n \{\
.RE
.\}
.sp
IPADDR is the private IP address of each node in the NAT gateway group\&.
.sp
If "slave\-only" is specified then the corresponding node can not be the NAT gateway master node\&. In this case
\fICTDB_NATGW_PUBLIC_IFACE\fR
and
\fICTDB_NATGW_PUBLIC_IP\fR
are optional and unused\&.
.sp
No default, usually
/usr/local/etc/ctdb/natgw_nodes
when enabled\&.
.RE
.PP
CTDB_NATGW_PRIVATE_NETWORK=\fIIPADDR/MASK\fR
.RS 4
IPADDR/MASK is the private sub\-network that is internally routed via the NAT gateway master node\&. This is usually the private network that is used for node addresses\&.
.sp
No default\&.
.RE
.PP
CTDB_NATGW_PUBLIC_IFACE=\fIIFACE\fR
.RS 4
IFACE is the network interface on which the CTDB_NATGW_PUBLIC_IP will be configured\&.
.sp
No default\&.
.RE
.PP
CTDB_NATGW_PUBLIC_IP=\fIIPADDR/MASK\fR
.RS 4
IPADDR/MASK indicates the IP address that is used for outgoing traffic (originating from CTDB_NATGW_PRIVATE_NETWORK) on the NAT gateway master node\&. This
\fImust not\fR
be a configured public IP address\&.
.sp
No default\&.
.RE
.PP
CTDB_NATGW_STATIC_ROUTES=\fIIPADDR/MASK[@GATEWAY]\fR \&.\&.\&.
.RS 4
Each IPADDR/MASK identifies a network or host to which NATGW should create a fallback route, instead of creating a single default route\&. This can be used when there is already a default route, via an interface that can not reach required infrastructure, that overrides the NAT gateway default route\&.
.sp
If GATEWAY is specified then the corresponding route on the NATGW master node will be via GATEWAY\&. Such routes are created even if
\fICTDB_NATGW_DEFAULT_GATEWAY\fR
is not specified\&. If GATEWAY is not specified for some networks then routes are only created on the NATGW master node for those networks if
\fICTDB_NATGW_DEFAULT_GATEWAY\fR
is specified\&.
.sp
This should be used with care to avoid causing traffic to unnecessarily double\-hop through the NAT gateway master, even when a node is hosting public IP addresses\&. Each specified network or host should probably have a corresponding automatically created link route or static route to avoid this\&.
.sp
No default\&.
.RE
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBExample\fR
.RS 4
.sp
.if n \{\
.RS 4
.\}
.nf
CTDB_NATGW_NODES=/usr/local/etc/ctdb/natgw_nodes
CTDB_NATGW_PRIVATE_NETWORK=192\&.168\&.1\&.0/24
CTDB_NATGW_DEFAULT_GATEWAY=10\&.0\&.0\&.1
CTDB_NATGW_PUBLIC_IP=10\&.0\&.0\&.227/24
CTDB_NATGW_PUBLIC_IFACE=eth0
.fi
.if n \{\
.RE
.\}
.PP
A variation that ensures that infrastructure (ADS, DNS, \&.\&.\&.) directly attached to the public network (10\&.0\&.0\&.0/24) is always reachable would look like this:
.sp
.if n \{\
.RS 4
.\}
.nf
CTDB_NATGW_NODES=/usr/local/etc/ctdb/natgw_nodes
CTDB_NATGW_PRIVATE_NETWORK=192\&.168\&.1\&.0/24
CTDB_NATGW_PUBLIC_IP=10\&.0\&.0\&.227/24
CTDB_NATGW_PUBLIC_IFACE=eth0
CTDB_NATGW_STATIC_ROUTES=10\&.0\&.0\&.0/24
.fi
.if n \{\
.RE
.\}
.PP
Note that
\fICTDB_NATGW_DEFAULT_GATEWAY\fR
is not specified\&.
.RE
.SS "13\&.per_ip_routing"
.PP
Provides CTDB\*(Aqs policy routing functionality\&.
.PP
A node running CTDB may be a component of a complex network topology\&. In particular, public addresses may be spread across several different networks (or VLANs) and it may not be possible to route packets from these public addresses via the system\*(Aqs default route\&. Therefore, CTDB has support for policy routing via the
13\&.per_ip_routing
eventscript\&. This allows routing to be specified for packets sourced from each public address\&. The routes are added and removed as CTDB moves public addresses between nodes\&.
.PP
For more information, see the
POLICY ROUTING
section in
\fBctdb\fR(7)\&.
.PP
CTDB_PER_IP_ROUTING_CONF=\fIFILENAME\fR
.RS 4
FILENAME contains elements for constructing the desired routes for each source address\&.
.sp
The special FILENAME value
\fB__auto_link_local__\fR
indicates that no configuration file is provided and that CTDB should generate reasonable link\-local routes for each public IP address\&.
.sp
File format:
.sp
.if n \{\
.RS 4
.\}
.nf
\fIIPADDR\fR \fIDEST\-IPADDR/MASK\fR [\fIGATEWAY\-IPADDR\fR]
.fi
.if n \{\
.RE
.\}
.sp
No default, usually
/usr/local/etc/ctdb/policy_routing
when enabled\&.
.RE
.PP
CTDB_PER_IP_ROUTING_RULE_PREF=\fINUM\fR
.RS 4
NUM sets the priority (or preference) for the routing rules that are added by CTDB\&.
.sp
This should be (strictly) greater than 0 and (strictly) less than 32766\&. A priority of 100 is recommended, unless this conflicts with a priority already in use on the system\&. See
\fBip\fR(8), for more details\&.
.RE
.PP
CTDB_PER_IP_ROUTING_TABLE_ID_LOW=\fILOW\-NUM\fR, CTDB_PER_IP_ROUTING_TABLE_ID_HIGH=\fIHIGH\-NUM\fR
.RS 4
CTDB determines a unique routing table number to use for the routing related to each public address\&. LOW\-NUM and HIGH\-NUM indicate the minimum and maximum routing table numbers that are used\&.
.sp
\fBip\fR(8)
uses some reserved routing table numbers below 255\&. Therefore, CTDB_PER_IP_ROUTING_TABLE_ID_LOW should be (strictly) greater than 255\&.
.sp
CTDB uses the standard file
/etc/iproute2/rt_tables
to maintain a mapping between the routing table numbers and labels\&. The label for a public address
\fIADDR\fR
will look like ctdb\&.\fIaddr\fR\&. This means that the associated rules and routes are easy to read (and manipulate)\&.
.sp
No default, usually 1000 and 9000\&.
.RE
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBExample\fR
.RS 4
.sp
.if n \{\
.RS 4
.\}
.nf
CTDB_PER_IP_ROUTING_CONF=/usr/local/etc/ctdb/policy_routing
CTDB_PER_IP_ROUTING_RULE_PREF=100
CTDB_PER_IP_ROUTING_TABLE_ID_LOW=1000
CTDB_PER_IP_ROUTING_TABLE_ID_HIGH=9000
.fi
.if n \{\
.RE
.\}
.RE
.SS "91\&.lvs"
.PP
Provides CTDB\*(Aqs LVS functionality\&.
.PP
For a general description see the
LVS
section in
\fBctdb\fR(7)\&.
.PP
CTDB_LVS_NODES=\fIFILENAME\fR
.RS 4
FILENAME contains the list of nodes that belong to the same LVS group\&.
.sp
File format:
.sp
.if n \{\
.RS 4
.\}
.nf
\fIIPADDR\fR [slave\-only]
.fi
.if n \{\
.RE
.\}
.sp
IPADDR is the private IP address of each node in the LVS group\&.
.sp
If "slave\-only" is specified then the corresponding node can not be the LVS master node\&. In this case
\fICTDB_LVS_PUBLIC_IFACE\fR
and
\fICTDB_LVS_PUBLIC_IP\fR
are optional and unused\&.
.sp
No default, usually
/usr/local/etc/ctdb/lvs_nodes
when enabled\&.
.RE
.PP
CTDB_LVS_PUBLIC_IFACE=\fIINTERFACE\fR
.RS 4
INTERFACE is the network interface that clients will use to connection to
\fICTDB_LVS_PUBLIC_IP\fR\&. This is optional for slave\-only nodes\&. No default\&.
.RE
.PP
CTDB_LVS_PUBLIC_IP=\fIIPADDR\fR
.RS 4
CTDB_LVS_PUBLIC_IP is the LVS public address\&. No default\&.
.RE
.SH "SERVICE CONFIGURATION"
.PP
CTDB can be configured to manage and/or monitor various NAS (and other) services via its eventscripts\&.
.PP
In the simplest case CTDB will manage a service\&. This means the service will be started and stopped along with CTDB, CTDB will monitor the service and CTDB will do any required reconfiguration of the service when public IP addresses are failed over\&.
.SS "20\&.multipathd"
.PP
Provides CTDB\*(Aqs Linux multipathd service management\&.
.PP
It can monitor multipath devices to ensure that active paths are available\&.
.PP
CTDB_MONITOR_MPDEVICES=\fIMP\-DEVICE\-LIST\fR
.RS 4
MP\-DEVICE\-LIST is a list of multipath devices for CTDB to monitor?
.sp
No default\&.
.RE
.SS "31\&.clamd"
.PP
This event script provide CTDB\*(Aqs ClamAV anti\-virus service management\&.
.PP
This eventscript is not enabled by default\&. Use
\fBctdb enablescript\fR
to enable it\&.
.PP
CTDB_CLAMD_SOCKET=\fIFILENAME\fR
.RS 4
FILENAME is the socket to monitor ClamAV\&.
.sp
No default\&.
.RE
.SS "49\&.winbind"
.PP
Provides CTDB\*(Aqs Samba winbind service management\&.
.PP
CTDB_SERVICE_WINBIND=\fISERVICE\fR
.RS 4
Distribution specific SERVICE for managing winbindd\&.
.sp
Default is "winbind"\&.
.RE
.SS "50\&.samba"
.PP
Provides the core of CTDB\*(Aqs Samba file service management\&.
.PP
CTDB_SAMBA_CHECK_PORTS=\fIPORT\-LIST\fR
.RS 4
When monitoring Samba, check TCP ports in space\-separated PORT\-LIST\&.
.sp
Default is to monitor ports that Samba is configured to listen on\&.
.RE
.PP
CTDB_SAMBA_SKIP_SHARE_CHECK=yes|no
.RS 4
As part of monitoring, should CTDB skip the check for the existence of each directory configured as share in Samba\&. This may be desirable if there is a large number of shares\&.
.sp
Default is no\&.
.RE
.PP
CTDB_SERVICE_NMB=\fISERVICE\fR
.RS 4
Distribution specific SERVICE for managing nmbd\&.
.sp
Default is distribution\-dependant\&.
.RE
.PP
CTDB_SERVICE_SMB=\fISERVICE\fR
.RS 4
Distribution specific SERVICE for managing smbd\&.
.sp
Default is distribution\-dependant\&.
.RE
.SS "60\&.nfs"
.PP
This event script (along with 06\&.nfs) provides CTDB\*(Aqs NFS service management\&.
.PP
This includes parameters for the kernel NFS server\&. Alternative NFS subsystems (such as
\m[blue]\fBNFS\-Ganesha\fR\m[]\&\s-2\u[1]\d\s+2) can be integrated using
\fICTDB_NFS_CALLOUT\fR\&.
.PP
CTDB_NFS_CALLOUT=\fICOMMAND\fR
.RS 4
COMMAND specifies the path to a callout to handle interactions with the configured NFS system, including startup, shutdown, monitoring\&.
.sp
Default is the included
\fBnfs\-linux\-kernel\-callout\fR\&.
.RE
.PP
CTDB_NFS_CHECKS_DIR=\fIDIRECTORY\fR
.RS 4
Specifies the path to a DIRECTORY containing files that describe how to monitor the responsiveness of NFS RPC services\&. See the README file for this directory for an explanation of the contents of these "check" files\&.
.sp
CTDB_NFS_CHECKS_DIR can be used to point to different sets of checks for different NFS servers\&.
.sp
One way of using this is to have it point to, say,
/usr/local/etc/ctdb/nfs\-checks\-enabled\&.d
and populate it with symbolic links to the desired check files\&. This avoids duplication and is upgrade\-safe\&.
.sp
Default is
/usr/local/etc/ctdb/nfs\-checks\&.d, which contains NFS RPC checks suitable for Linux kernel NFS\&.
.RE
.PP
CTDB_NFS_SKIP_SHARE_CHECK=yes|no
.RS 4
As part of monitoring, should CTDB skip the check for the existence of each directory exported via NFS\&. This may be desirable if there is a large number of exports\&.
.sp
Default is no\&.
.RE
.PP
CTDB_RPCINFO_LOCALHOST=\fIIPADDR\fR|\fIHOSTNAME\fR
.RS 4
IPADDR or HOSTNAME indicates the address that
\fBrpcinfo\fR
should connect to when doing
\fBrpcinfo\fR
check on IPv4 RPC service during monitoring\&. Optimally this would be "localhost"\&. However, this can add some performance overheads\&.
.sp
Default is "127\&.0\&.0\&.1"\&.
.RE
.PP
CTDB_RPCINFO_LOCALHOST6=\fIIPADDR\fR|\fIHOSTNAME\fR
.RS 4
IPADDR or HOSTNAME indicates the address that
\fBrpcinfo\fR
should connect to when doing
\fBrpcinfo\fR
check on IPv6 RPC service during monitoring\&. Optimally this would be "localhost6" (or similar)\&. However, this can add some performance overheads\&.
.sp
Default is "::1"\&.
.RE
.PP
CTDB_NFS_STATE_FS_TYPE=\fITYPE\fR
.RS 4
The type of filesystem used for a clustered NFS\*(Aq shared state\&. No default\&.
.RE
.PP
CTDB_NFS_STATE_MNT=\fIDIR\fR
.RS 4
The directory where a clustered NFS\*(Aq shared state will be located\&. No default\&.
.RE
.SS "70\&.iscsi"
.PP
Provides CTDB\*(Aqs Linux iSCSI tgtd service management\&.
.PP
CTDB_START_ISCSI_SCRIPTS=\fIDIRECTORY\fR
.RS 4
DIRECTORY on shared storage containing scripts to start tgtd for each public IP address\&.
.sp
No default\&.
.RE
.SH "DATABASE SETUP"
.PP
CTDB checks the consistency of databases during startup\&.
.SS "00\&.ctdb"
.PP
CTDB_MAX_CORRUPT_DB_BACKUPS=\fINUM\fR
.RS 4
NUM is the maximum number of volatile TDB database backups to be kept (for each database) when a corrupt database is found during startup\&. Volatile TDBs are zeroed during startup so backups are needed to debug any corruption that occurs before a restart\&.
.sp
Default is 10\&.
.RE
.SH "SYSTEM RESOURCE MONITORING"
.SS "05\&.system"
.PP
Provides CTDB\*(Aqs filesystem and memory usage monitoring\&.
.PP
CTDB can experience seemingly random (performance and other) issues if system resources become too constrained\&. Options in this section can be enabled to allow certain system resources to be checked\&. They allows warnings to be logged and nodes to be marked unhealthy when system resource usage reaches the configured thresholds\&.
.PP
Some checks are enabled by default\&. It is recommended that these checks remain enabled or are augmented by extra checks\&. There is no supported way of completely disabling the checks\&.
.PP
CTDB_MONITOR_FILESYSTEM_USAGE=\fIFS\-LIMIT\-LIST\fR
.RS 4
FS\-LIMIT\-LIST is a space\-separated list of
\fIFILESYSTEM\fR:\fIWARN_LIMIT\fR[:\fIUNHEALTHY_LIMIT\fR]
triples indicating that warnings should be logged if the space used on FILESYSTEM reaches WARN_LIMIT%\&. If usage reaches UNHEALTHY_LIMIT then the node should be flagged unhealthy\&. Either WARN_LIMIT or UNHEALTHY_LIMIT may be left blank, meaning that check will be omitted\&.
.sp
Default is to warn for each filesystem containing a database directory (volatile\ \&database\ \&directory,
persistent\ \&database\ \&directory,
state\ \&database\ \&directory) with a threshold of 90%\&.
.RE
.PP
CTDB_MONITOR_MEMORY_USAGE=\fIMEM\-LIMITS\fR
.RS 4
MEM\-LIMITS takes the form
\fIWARN_LIMIT\fR[:\fIUNHEALTHY_LIMIT\fR]
indicating that warnings should be logged if memory usage reaches WARN_LIMIT%\&. If usage reaches UNHEALTHY_LIMIT then the node should be flagged unhealthy\&. Either WARN_LIMIT or UNHEALTHY_LIMIT may be left blank, meaning that check will be omitted\&.
.sp
Default is 80, so warnings will be logged when memory usage reaches 80%\&.
.RE
.SH "EVENT SCRIPT DEBUGGING"
.SS "debug\-hung\-script\&.sh"
.PP
CTDB_DEBUG_HUNG_SCRIPT_STACKPAT=\fIREGEXP\fR
.RS 4
REGEXP specifies interesting processes for which stack traces should be logged when debugging hung eventscripts and those processes are matched in pstree output\&. REGEXP is an extended regexp so choices are separated by pipes (\*(Aq|\*(Aq)\&. However, REGEXP should not contain parentheses\&. See also the
\fBctdb.conf\fR(5)
[event] "debug\ \&script" option\&.
.sp
Default is "exportfs|rpcinfo"\&.
.RE
.SH "FILES"
.RS 4
/usr/local/etc/ctdb/script\&.options
.RE
.SH "SEE ALSO"
.PP
\fBctdbd\fR(1),
\fBctdb\fR(7),
\m[blue]\fB\%http://ctdb.samba.org/\fR\m[]
.SH "AUTHOR"
.br
.PP
This documentation was written by Amitay Isaacs, Martin Schwenke
.SH "COPYRIGHT"
.br
Copyright \(co 2007 Andrew Tridgell, Ronnie Sahlberg
.br
.PP
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version\&.
.PP
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE\&. See the GNU General Public License for more details\&.
.PP
You should have received a copy of the GNU General Public License along with this program; if not, see
\m[blue]\fB\%http://www.gnu.org/licenses\fR\m[]\&.
.sp
.SH "NOTES"
.IP " 1." 4
NFS-Ganesha
.RS 4
\%https://github.com/nfs-ganesha/nfs-ganesha/wiki
.RE

550
net/samba419/files/man/ctdb-statistics.7 Normal file
View file

@ -0,0 +1,550 @@
'\" t
.\" Title: ctdb-statistics
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Date: 09/23/2020
.\" Manual: CTDB - clustered TDB database
.\" Source: ctdb
.\" Language: English
.\"
.TH "CTDB\-STATISTICS" "7" "09/23/2020" "ctdb" "CTDB \- clustered TDB database"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
ctdb-statistics \- CTDB statistics output
.SH "OVERALL STATISTICS"
.PP
CTDB maintains information about various messages communicated and some of the important operations per node\&. See the
\fBctdb\fR(1)
commands
\fBstatistics\fR
and
\fBstatisticsreset\fR
for displaying statistics\&.
.SS "Example: ctdb statistics"
.sp
.if n \{\
.RS 4
.\}
.nf
CTDB version 1
Current time of statistics : Fri Sep 12 13:32:32 2014
Statistics collected since : (000 01:49:20) Fri Sep 12 11:43:12 2014
num_clients 6
frozen 0
recovering 0
num_recoveries 2
client_packets_sent 281293
client_packets_recv 296317
node_packets_sent 452387
node_packets_recv 182394
keepalive_packets_sent 3927
keepalive_packets_recv 3928
node
req_call 48605
reply_call 1
req_dmaster 23404
reply_dmaster 24917
reply_error 0
req_message 958
req_control 197513
reply_control 153705
client
req_call 130866
req_message 770
req_control 168921
timeouts
call 0
control 0
traverse 0
locks
num_calls 220
num_current 0
num_pending 0
num_failed 0
total_calls 130866
pending_calls 0
childwrite_calls 1
pending_childwrite_calls 0
memory_used 334490
max_hop_count 18
total_ro_delegations 2
total_ro_revokes 2
hop_count_buckets: 42816 5464 26 1 0 0 0 0 0 0 0 0 0 0 0 0
lock_buckets: 9 165 14 15 7 2 2 0 0 0 0 0 0 0 0 0
locks_latency MIN/AVG/MAX 0\&.000685/0\&.160302/6\&.369342 sec out of 214
reclock_ctdbd MIN/AVG/MAX 0\&.004940/0\&.004969/0\&.004998 sec out of 2
reclock_recd MIN/AVG/MAX 0\&.000000/0\&.000000/0\&.000000 sec out of 0
call_latency MIN/AVG/MAX 0\&.000006/0\&.000719/4\&.562991 sec out of 126626
childwrite_latency MIN/AVG/MAX 0\&.014527/0\&.014527/0\&.014527 sec out of 1
.fi
.if n \{\
.RE
.\}
.SS "CTDB version"
.PP
Version of the ctdb protocol used by the node\&.
.SS "Current time of statistics"
.PP
Time when the statistics are generated\&.
.PP
This is useful when collecting statistics output periodically for post\-processing\&.
.SS "Statistics collected since"
.PP
Time when ctdb was started or the last time statistics was reset\&. The output shows the duration and the timestamp\&.
.SS "num_clients"
.PP
Number of processes currently connected to CTDB\*(Aqs unix socket\&. This includes recovery daemon, ctdb tool and samba processes (smbd, winbindd)\&.
.SS "frozen"
.PP
1 if the databases are currently frozen, 0 otherwise\&.
.SS "recovering"
.PP
1 if recovery is active, 0 otherwise\&.
.SS "num_recoveries"
.PP
Number of recoveries since the start of ctdb or since the last statistics reset\&.
.SS "client_packets_sent"
.PP
Number of packets sent to client processes via unix domain socket\&.
.SS "client_packets_recv"
.PP
Number of packets received from client processes via unix domain socket\&.
.SS "node_packets_sent"
.PP
Number of packets sent to the other nodes in the cluster via TCP\&.
.SS "node_packets_recv"
.PP
Number of packets received from the other nodes in the cluster via TCP\&.
.SS "keepalive_packets_sent"
.PP
Number of keepalive messages sent to other nodes\&.
.PP
CTDB periodically sends keepalive messages to other nodes\&. See
KeepaliveInterval
tunable in
\fBctdb-tunables\fR(7)
for more details\&.
.SS "keepalive_packets_recv"
.PP
Number of keepalive messages received from other nodes\&.
.SS "node"
.PP
This section lists various types of messages processed which originated from other nodes via TCP\&.
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBreq_call\fR
.RS 4
.PP
Number of REQ_CALL messages from the other nodes\&.
.RE
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBreply_call\fR
.RS 4
.PP
Number of REPLY_CALL messages from the other nodes\&.
.RE
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBreq_dmaster\fR
.RS 4
.PP
Number of REQ_DMASTER messages from the other nodes\&.
.RE
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBreply_dmaster\fR
.RS 4
.PP
Number of REPLY_DMASTER messages from the other nodes\&.
.RE
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBreply_error\fR
.RS 4
.PP
Number of REPLY_ERROR messages from the other nodes\&.
.RE
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBreq_message\fR
.RS 4
.PP
Number of REQ_MESSAGE messages from the other nodes\&.
.RE
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBreq_control\fR
.RS 4
.PP
Number of REQ_CONTROL messages from the other nodes\&.
.RE
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBreply_control\fR
.RS 4
.PP
Number of REPLY_CONTROL messages from the other nodes\&.
.RE
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBreq_tunnel\fR
.RS 4
.PP
Number of REQ_TUNNEL messages from the other nodes\&.
.RE
.SS "client"
.PP
This section lists various types of messages processed which originated from clients via unix domain socket\&.
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBreq_call\fR
.RS 4
.PP
Number of REQ_CALL messages from the clients\&.
.RE
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBreq_message\fR
.RS 4
.PP
Number of REQ_MESSAGE messages from the clients\&.
.RE
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBreq_control\fR
.RS 4
.PP
Number of REQ_CONTROL messages from the clients\&.
.RE
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBreq_tunnel\fR
.RS 4
.PP
Number of REQ_TUNNEL messages from the clients\&.
.RE
.SS "timeouts"
.PP
This section lists timeouts occurred when sending various messages\&.
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBcall\fR
.RS 4
.PP
Number of timeouts for REQ_CALL messages\&.
.RE
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBcontrol\fR
.RS 4
.PP
Number of timeouts for REQ_CONTROL messages\&.
.RE
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBtraverse\fR
.RS 4
.PP
Number of timeouts for database traverse operations\&.
.RE
.SS "locks"
.PP
This section lists locking statistics\&.
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBnum_calls\fR
.RS 4
.PP
Number of completed lock calls\&. This includes database locks and record locks\&.
.RE
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBnum_current\fR
.RS 4
.PP
Number of scheduled lock calls\&. This includes database locks and record locks\&.
.RE
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBnum_pending\fR
.RS 4
.PP
Number of queued lock calls\&. This includes database locks and record locks\&.
.RE
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBnum_failed\fR
.RS 4
.PP
Number of failed lock calls\&. This includes database locks and record locks\&.
.RE
.SS "total_calls"
.PP
Number of req_call messages processed from clients\&. This number should be same as client \-\-> req_call\&.
.SS "pending_calls"
.PP
Number of req_call messages which are currently being processed\&. This number indicates the number of record migrations in flight\&.
.SS "childwrite_calls"
.PP
Number of record update calls\&. Record update calls are used to update a record under a transaction\&.
.SS "pending_childwrite_calls"
.PP
Number of record update calls currently active\&.
.SS "memory_used"
.PP
The amount of memory in bytes currently used by CTDB using talloc\&. This includes all the memory used for CTDB\*(Aqs internal data structures\&. This does not include the memory mapped TDB databases\&.
.SS "max_hop_count"
.PP
The maximum number of hops required for a record migration request to obtain the record\&. High numbers indicate record contention\&.
.SS "total_ro_delegations"
.PP
Number of readonly delegations created\&.
.SS "total_ro_revokes"
.PP
Number of readonly delegations that were revoked\&. The difference between total_ro_revokes and total_ro_delegations gives the number of currently active readonly delegations\&.
.SS "hop_count_buckets"
.PP
Distribution of migration requests based on hop counts values\&. Buckets are 0, <\ \&2, <\ \&4, <\ \&8, <\ \&16, <\ \&32, <\ \&64, <\ \&128, <\ \&256, <\ \&512, <\ \&1024, <\ \&2048, <\ \&4096, <\ \&8192, <\ \&16384, ≥\ \&16384\&.
.SS "lock_buckets"
.PP
Distribution of record lock requests based on time required to obtain locks\&. Buckets are <\ \&1ms, <\ \&10ms, <\ \&100ms, <\ \&1s, <\ \&2s, <\ \&4s, <\ \&8s, <\ \&16s, <\ \&32s, <\ \&64s, ≥\ \&64s\&.
.SS "locks_latency"
.PP
The minimum, the average and the maximum time (in seconds) required to obtain record locks\&.
.SS "reclock_ctdbd"
.PP
The minimum, the average and the maximum time (in seconds) required to check if recovery lock is still held by recovery daemon when recovery mode is changed\&. This check is done in ctdb daemon\&.
.SS "reclock_recd"
.PP
The minimum, the average and the maximum time (in seconds) required to check if recovery lock is still held by recovery daemon during recovery\&. This check is done in recovery daemon\&.
.SS "call_latency"
.PP
The minimum, the average and the maximum time (in seconds) required to process a REQ_CALL message from client\&. This includes the time required to migrate a record from remote node, if the record is not available on the local node\&.
.SS "childwrite_latency"
.PP
Default: 0
.PP
The minimum, the average and the maximum time (in seconds) required to update records under a transaction\&.
.SH "DATABASE STATISTICS"
.PP
CTDB maintains per database statistics about important operations\&. See the
\fBctdb\fR(1)
command
\fBdbstatistics\fR
for displaying database statistics\&.
.SS "Example: ctdb dbstatistics notify_index\&.tdb"
.sp
.if n \{\
.RS 4
.\}
.nf
DB Statistics: notify_index\&.tdb
ro_delegations 0
ro_revokes 0
locks
total 131
failed 0
current 0
pending 0
hop_count_buckets: 9890 5454 26 1 0 0 0 0 0 0 0 0 0 0 0 0
lock_buckets: 4 117 10 0 0 0 0 0 0 0 0 0 0 0 0 0
locks_latency MIN/AVG/MAX 0\&.000683/0\&.004198/0\&.014730 sec out of 131
Num Hot Keys: 3
Count:7 Key:2f636c75737465726673
Count:18 Key:2f636c757374657266732f64617461
Count:7 Key:2f636c757374657266732f646174612f636c69656e7473
.fi
.if n \{\
.RE
.\}
.SS "DB Statistics"
.PP
Name of the database\&.
.SS "ro_delegations"
.PP
Number of readonly delegations created in the database\&.
.SS "ro_revokes"
.PP
Number of readonly delegations revoked\&. The difference in ro_delegations and ro_revokes indicates the currently active readonly delegations\&.
.SS "locks"
.PP
This section lists locking statistics\&.
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBtotal\fR
.RS 4
.PP
Number of completed lock calls\&. This includes database locks and record locks\&.
.RE
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBfailed\fR
.RS 4
.PP
Number of failed lock calls\&. This includes database locks and record locks\&.
.RE
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBcurrent\fR
.RS 4
.PP
Number of scheduled lock calls\&. This includes database locks and record locks\&.
.RE
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBpending\fR
.RS 4
.PP
Number of queued lock calls\&. This includes database locks and record locks\&.
.RE
.SS "hop_count_buckets"
.PP
Distribution of migration requests based on hop counts values\&. Buckets are 0, <\ \&2, <\ \&4, <\ \&8, <\ \&16, <\ \&32, <\ \&64, <\ \&128, <\ \&256, <\ \&512, <\ \&1024, <\ \&2048, <\ \&4096, <\ \&8192, <\ \&16384, ≥\ \&16384\&.
.SS "lock_buckets"
.PP
Distribution of record lock requests based on time required to obtain locks\&. Buckets are <\ \&1ms, <\ \&10ms, <\ \&100ms, <\ \&1s, <\ \&2s, <\ \&4s, <\ \&8s, <\ \&16s, <\ \&32s, <\ \&64s, ≥\ \&64s\&.
.SS "locks_latency"
.PP
The minimum, the average and the maximum time (in seconds) required to obtain record locks\&.
.SS "Num Hot Keys"
.PP
Number of contended records determined by hop count\&. CTDB keeps track of top 10 hot records and the output shows hex encoded keys for the hot records\&.
.SH "SEE ALSO"
.PP
\fBctdb\fR(1),
\fBctdbd\fR(1),
\fBctdb-tunables\fR(7),
\m[blue]\fB\%http://ctdb.samba.org/\fR\m[]
.SH "AUTHOR"
.br
.PP
This documentation was written by Amitay Isaacs, Martin Schwenke
.SH "COPYRIGHT"
.br
Copyright \(co 2007 Andrew Tridgell, Ronnie Sahlberg
.br
.PP
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version\&.
.PP
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE\&. See the GNU General Public License for more details\&.
.PP
You should have received a copy of the GNU General Public License along with this program; if not, see
\m[blue]\fB\%http://www.gnu.org/licenses\fR\m[]\&.
.sp

406
net/samba419/files/man/ctdb-tunables.7 Normal file
View file

@ -0,0 +1,406 @@
'\" t
.\" Title: ctdb-tunables
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Date: 09/23/2020
.\" Manual: CTDB - clustered TDB database
.\" Source: ctdb
.\" Language: English
.\"
.TH "CTDB\-TUNABLES" "7" "09/23/2020" "ctdb" "CTDB \- clustered TDB database"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
ctdb-tunables \- CTDB tunable configuration variables
.SH "DESCRIPTION"
.PP
CTDB\*(Aqs behaviour can be configured by setting run\-time tunable variables\&. This lists and describes all tunables\&. See the
\fBctdb\fR(1)
\fBlistvars\fR,
\fBsetvar\fR
and
\fBgetvar\fR
commands for more details\&.
.PP
Unless otherwise stated, tunables should be set to the same value on all nodes\&. Setting tunables to different values across nodes may produce unexpected results\&. Future releases may set (some or most) tunables globally across the cluster but doing so is currently a manual process\&.
.PP
Tunables can be set at startup from the
/usr/local/etc/ctdb/ctdb\&.tunables
configuration file\&.
.sp
.if n \{\
.RS 4
.\}
.nf
\fITUNABLE\fR=\fIVALUE\fR
.fi
.if n \{\
.RE
.\}
.PP
For example:
.sp
.if n \{\
.RS 4
.\}
.nf
MonitorInterval=20
.fi
.if n \{\
.RE
.\}
.PP
The available tunable variables are listed alphabetically below\&.
.SS "AllowClientDBAttach"
.PP
Default: 1
.PP
When set to 0, clients are not allowed to attach to any databases\&. This can be used to temporarily block any new processes from attaching to and accessing the databases\&. This is mainly used for detaching a volatile database using \*(Aqctdb detach\*(Aq\&.
.SS "AllowMixedVersions"
.PP
Default: 0
.PP
CTDB will not allow incompatible versions to co\-exist in a cluster\&. If a version mismatch is found, then losing CTDB will shutdown\&. To disable the incompatible version check, set this tunable to 1\&.
.PP
For version checking, CTDB uses major and minor version\&. For example, CTDB 4\&.6\&.1 and CTDB 4\&.6\&.2 are matching versions; CTDB 4\&.5\&.x and CTDB 4\&.6\&.y do not match\&.
.PP
CTDB with version check support will lose to CTDB without version check support\&. Between two different CTDB versions with version check support, one running for less time will lose\&. If the running time for both CTDB versions with version check support is equal (to seconds), then the older version will lose\&. The losing CTDB daemon will shutdown\&.
.SS "AllowUnhealthyDBRead"
.PP
Default: 0
.PP
When set to 1, ctdb allows database traverses to read unhealthy databases\&. By default, ctdb does not allow reading records from unhealthy databases\&.
.SS "ControlTimeout"
.PP
Default: 60
.PP
This is the default setting for timeout for when sending a control message to either the local or a remote ctdb daemon\&.
.SS "DatabaseHashSize"
.PP
Default: 100001
.PP
Number of the hash chains for the local store of the tdbs that ctdb manages\&.
.SS "DatabaseMaxDead"
.PP
Default: 5
.PP
Maximum number of dead records per hash chain for the tdb databses managed by ctdb\&.
.SS "DBRecordCountWarn"
.PP
Default: 100000
.PP
When set to non\-zero, ctdb will log a warning during recovery if a database has more than this many records\&. This will produce a warning if a database grows uncontrollably with orphaned records\&.
.SS "DBRecordSizeWarn"
.PP
Default: 10000000
.PP
When set to non\-zero, ctdb will log a warning during recovery if a single record is bigger than this size\&. This will produce a warning if a database record grows uncontrollably\&.
.SS "DBSizeWarn"
.PP
Default: 1000000000
.PP
When set to non\-zero, ctdb will log a warning during recovery if a database size is bigger than this\&. This will produce a warning if a database grows uncontrollably\&.
.SS "DeferredAttachTO"
.PP
Default: 120
.PP
When databases are frozen we do not allow clients to attach to the databases\&. Instead of returning an error immediately to the client, the attach request from the client is deferred until the database becomes available again at which stage we respond to the client\&.
.PP
This timeout controls how long we will defer the request from the client before timing it out and returning an error to the client\&.
.SS "ElectionTimeout"
.PP
Default: 3
.PP
The number of seconds to wait for the election of recovery master to complete\&. If the election is not completed during this interval, then that round of election fails and ctdb starts a new election\&.
.SS "EnableBans"
.PP
Default: 1
.PP
This parameter allows ctdb to ban a node if the node is misbehaving\&.
.PP
When set to 0, this disables banning completely in the cluster and thus nodes can not get banned, even it they break\&. Don\*(Aqt set to 0 unless you know what you are doing\&.
.SS "EventScriptTimeout"
.PP
Default: 30
.PP
Maximum time in seconds to allow an event to run before timing out\&. This is the total time for all enabled scripts that are run for an event, not just a single event script\&.
.PP
Note that timeouts are ignored for some events ("takeip", "releaseip", "startrecovery", "recovered") and converted to success\&. The logic here is that the callers of these events implement their own additional timeout\&.
.SS "FetchCollapse"
.PP
Default: 1
.PP
This parameter is used to avoid multiple migration requests for the same record from a single node\&. All the record requests for the same record are queued up and processed when the record is migrated to the current node\&.
.PP
When many clients across many nodes try to access the same record at the same time this can lead to a fetch storm where the record becomes very active and bounces between nodes very fast\&. This leads to high CPU utilization of the ctdbd daemon, trying to bounce that record around very fast, and poor performance\&. This can improve performance and reduce CPU utilization for certain workloads\&.
.SS "HopcountMakeSticky"
.PP
Default: 50
.PP
For database(s) marked STICKY (using \*(Aqctdb setdbsticky\*(Aq), any record that is migrating so fast that hopcount exceeds this limit is marked as STICKY record for
\fIStickyDuration\fR
seconds\&. This means that after each migration the sticky record will be kept on the node
\fIStickyPindown\fRmilliseconds and prevented from being migrated off the node\&.
.PP
This will improve performance for certain workloads, such as locking\&.tdb if many clients are opening/closing the same file concurrently\&.
.SS "IPAllocAlgorithm"
.PP
Default: 2
.PP
Selects the algorithm that CTDB should use when doing public IP address allocation\&. Meaningful values are:
.PP
0
.RS 4
Deterministic IP address allocation\&.
.sp
This is a simple and fast option\&. However, it can cause unnecessary address movement during fail\-over because each address has a "home" node\&. Works badly when some nodes do not have any addresses defined\&. Should be used with care when addresses are defined across multiple networks\&.
.RE
.PP
1
.RS 4
Non\-deterministic IP address allocation\&.
.sp
This is a relatively fast option that attempts to do a minimise unnecessary address movements\&. Addresses do not have a "home" node\&. Rebalancing is limited but it usually adequate\&. Works badly when addresses are defined across multiple networks\&.
.RE
.PP
2
.RS 4
LCP2 IP address allocation\&.
.sp
Uses a heuristic to assign addresses defined across multiple networks, usually balancing addresses on each network evenly across nodes\&. Addresses do not have a "home" node\&. Minimises unnecessary address movements\&. The algorithm is complex, so is slower than other choices for a large number of addresses\&. However, it can calculate an optimal assignment of 900 addresses in under 10 seconds on modern hardware\&.
.RE
.PP
If the specified value is not one of these then the default will be used\&.
.SS "KeepaliveInterval"
.PP
Default: 5
.PP
How often in seconds should the nodes send keep\-alive packets to each other\&.
.SS "KeepaliveLimit"
.PP
Default: 5
.PP
After how many keepalive intervals without any traffic should a node wait until marking the peer as DISCONNECTED\&.
.PP
If a node has hung, it can take
\fIKeepaliveInterval\fR
* (\fIKeepaliveLimit\fR
+ 1) seconds before ctdb determines that the node is DISCONNECTED and performs a recovery\&. This limit should not be set too high to enable early detection and avoid any application timeouts (e\&.g\&. SMB1) to kick in before the fail over is completed\&.
.SS "LockProcessesPerDB"
.PP
Default: 200
.PP
This is the maximum number of lock helper processes ctdb will create for obtaining record locks\&. When ctdb cannot get a record lock without blocking, it creates a helper process that waits for the lock to be obtained\&.
.SS "LogLatencyMs"
.PP
Default: 0
.PP
When set to non\-zero, ctdb will log if certains operations take longer than this value, in milliseconds, to complete\&. These operations include "process a record request from client", "take a record or database lock", "update a persistent database record" and "vacuum a database"\&.
.SS "MaxQueueDropMsg"
.PP
Default: 1000000
.PP
This is the maximum number of messages to be queued up for a client before ctdb will treat the client as hung and will terminate the client connection\&.
.SS "MonitorInterval"
.PP
Default: 15
.PP
How often should ctdb run the \*(Aqmonitor\*(Aq event in seconds to check for a node\*(Aqs health\&.
.SS "MonitorTimeoutCount"
.PP
Default: 20
.PP
How many \*(Aqmonitor\*(Aq events in a row need to timeout before a node is flagged as UNHEALTHY\&. This setting is useful if scripts can not be written so that they do not hang for benign reasons\&.
.SS "NoIPFailback"
.PP
Default: 0
.PP
When set to 1, ctdb will not perform failback of IP addresses when a node becomes healthy\&. When a node becomes UNHEALTHY, ctdb WILL perform failover of public IP addresses, but when the node becomes HEALTHY again, ctdb will not fail the addresses back\&.
.PP
Use with caution! Normally when a node becomes available to the cluster ctdb will try to reassign public IP addresses onto the new node as a way to distribute the workload evenly across the clusternode\&. Ctdb tries to make sure that all running nodes have approximately the same number of public addresses it hosts\&.
.PP
When you enable this tunable, ctdb will no longer attempt to rebalance the cluster by failing IP addresses back to the new nodes\&. An unbalanced cluster will therefore remain unbalanced until there is manual intervention from the administrator\&. When this parameter is set, you can manually fail public IP addresses over to the new node(s) using the \*(Aqctdb moveip\*(Aq command\&.
.SS "NoIPTakeover"
.PP
Default: 0
.PP
When set to 1, ctdb will not allow IP addresses to be failed over to other nodes\&. Any IP addresses already hosted on healthy nodes will remain\&. Any IP addresses hosted on unhealthy nodes will be released by unhealthy nodes and will become un\-hosted\&.
.SS "PullDBPreallocation"
.PP
Default: 10*1024*1024
.PP
This is the size of a record buffer to pre\-allocate for sending reply to PULLDB control\&. Usually record buffer starts with size of the first record and gets reallocated every time a new record is added to the record buffer\&. For a large number of records, this can be very inefficient to grow the record buffer one record at a time\&.
.SS "QueueBufferSize"
.PP
Default: 1024
.PP
This is the maximum amount of data (in bytes) ctdb will read from a socket at a time\&.
.PP
For a busy setup, if ctdb is not able to process the TCP sockets fast enough (large amount of data in Recv\-Q for tcp sockets), then this tunable value should be increased\&. However, large values can keep ctdb busy processing packets and prevent ctdb from handling other events\&.
.SS "RecBufferSizeLimit"
.PP
Default: 1000000
.PP
This is the limit on the size of the record buffer to be sent in various controls\&. This limit is used by new controls used for recovery and controls used in vacuuming\&.
.SS "RecdFailCount"
.PP
Default: 10
.PP
If the recovery daemon has failed to ping the main daemon for this many consecutive intervals, the main daemon will consider the recovery daemon as hung and will try to restart it to recover\&.
.SS "RecdPingTimeout"
.PP
Default: 60
.PP
If the main daemon has not heard a "ping" from the recovery daemon for this many seconds, the main daemon will log a message that the recovery daemon is potentially hung\&. This also increments a counter which is checked against
\fIRecdFailCount\fR
for detection of hung recovery daemon\&.
.SS "RecLockLatencyMs"
.PP
Default: 1000
.PP
When using a reclock file for split brain prevention, if set to non\-zero this tunable will make the recovery daemon log a message if the fcntl() call to lock/testlock the recovery file takes longer than this number of milliseconds\&.
.SS "RecoverInterval"
.PP
Default: 1
.PP
How frequently in seconds should the recovery daemon perform the consistency checks to determine if it should perform a recovery\&.
.SS "RecoverTimeout"
.PP
Default: 120
.PP
This is the default setting for timeouts for controls when sent from the recovery daemon\&. We allow longer control timeouts from the recovery daemon than from normal use since the recovery daemon often use controls that can take a lot longer than normal controls\&.
.SS "RecoveryBanPeriod"
.PP
Default: 300
.PP
The duration in seconds for which a node is banned if the node fails during recovery\&. After this time has elapsed the node will automatically get unbanned and will attempt to rejoin the cluster\&.
.PP
A node usually gets banned due to real problems with the node\&. Don\*(Aqt set this value too small\&. Otherwise, a problematic node will try to re\-join cluster too soon causing unnecessary recoveries\&.
.SS "RecoveryDropAllIPs"
.PP
Default: 120
.PP
If a node is stuck in recovery, or stopped, or banned, for this many seconds, then ctdb will release all public addresses on that node\&.
.SS "RecoveryGracePeriod"
.PP
Default: 120
.PP
During recoveries, if a node has not caused recovery failures during the last grace period in seconds, any records of transgressions that the node has caused recovery failures will be forgiven\&. This resets the ban\-counter back to zero for that node\&.
.SS "RepackLimit"
.PP
Default: 10000
.PP
During vacuuming, if the number of freelist records are more than
\fIRepackLimit\fR, then the database is repacked to get rid of the freelist records to avoid fragmentation\&.
.SS "RerecoveryTimeout"
.PP
Default: 10
.PP
Once a recovery has completed, no additional recoveries are permitted until this timeout in seconds has expired\&.
.SS "SeqnumInterval"
.PP
Default: 1000
.PP
Some databases have seqnum tracking enabled, so that samba will be able to detect asynchronously when there has been updates to the database\&. Every time a database is updated its sequence number is increased\&.
.PP
This tunable is used to specify in milliseconds how frequently ctdb will send out updates to remote nodes to inform them that the sequence number is increased\&.
.SS "StatHistoryInterval"
.PP
Default: 1
.PP
Granularity of the statistics collected in the statistics history\&. This is reported by \*(Aqctdb stats\*(Aq command\&.
.SS "StickyDuration"
.PP
Default: 600
.PP
Once a record has been marked STICKY, this is the duration in seconds, the record will be flagged as a STICKY record\&.
.SS "StickyPindown"
.PP
Default: 200
.PP
Once a STICKY record has been migrated onto a node, it will be pinned down on that node for this number of milliseconds\&. Any request from other nodes to migrate the record off the node will be deferred\&.
.SS "TakeoverTimeout"
.PP
Default: 9
.PP
This is the duration in seconds in which ctdb tries to complete IP failover\&.
.SS "TickleUpdateInterval"
.PP
Default: 20
.PP
Every
\fITickleUpdateInterval\fR
seconds, ctdb synchronizes the client connection information across nodes\&.
.SS "TraverseTimeout"
.PP
Default: 20
.PP
This is the duration in seconds for which a database traverse is allowed to run\&. If the traverse does not complete during this interval, ctdb will abort the traverse\&.
.SS "VacuumFastPathCount"
.PP
Default: 60
.PP
During a vacuuming run, ctdb usually processes only the records marked for deletion also called the fast path vacuuming\&. After finishing
\fIVacuumFastPathCount\fR
number of fast path vacuuming runs, ctdb will trigger a scan of complete database for any empty records that need to be deleted\&.
.SS "VacuumInterval"
.PP
Default: 10
.PP
Periodic interval in seconds when vacuuming is triggered for volatile databases\&.
.SS "VacuumMaxRunTime"
.PP
Default: 120
.PP
The maximum time in seconds for which the vacuuming process is allowed to run\&. If vacuuming process takes longer than this value, then the vacuuming process is terminated\&.
.SS "VerboseMemoryNames"
.PP
Default: 0
.PP
When set to non\-zero, ctdb assigns verbose names for some of the talloc allocated memory objects\&. These names are visible in the talloc memory report generated by \*(Aqctdb dumpmemory\*(Aq\&.
.SH "FILES>"
.RS 4
/usr/local/etc/ctdb/ctdb\&.tunables
.RE
.SH "SEE ALSO"
.PP
\fBctdb\fR(1),
\fBctdbd\fR(1),
\fBctdb.conf\fR(5),
\fBctdb\fR(7),
\m[blue]\fB\%http://ctdb.samba.org/\fR\m[]
.SH "AUTHOR"
.br
.PP
This documentation was written by Ronnie Sahlberg, Amitay Isaacs, Martin Schwenke
.SH "COPYRIGHT"
.br
Copyright \(co 2007 Andrew Tridgell, Ronnie Sahlberg
.br
.PP
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version\&.
.PP
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE\&. See the GNU General Public License for more details\&.
.PP
You should have received a copy of the GNU General Public License along with this program; if not, see
\m[blue]\fB\%http://www.gnu.org/licenses\fR\m[]\&.
.sp

1526
net/samba419/files/man/ctdb.1 Normal file
View file

File diff suppressed because it is too large Load diff

783
net/samba419/files/man/ctdb.7 Normal file
View file

@ -0,0 +1,783 @@
'\" t
.\" Title: ctdb
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Date: 09/23/2020
.\" Manual: CTDB - clustered TDB database
.\" Source: ctdb
.\" Language: English
.\"
.TH "CTDB" "7" "09/23/2020" "ctdb" "CTDB \- clustered TDB database"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
ctdb \- Clustered TDB
.SH "DESCRIPTION"
.PP
CTDB is a clustered database component in clustered Samba that provides a high\-availability load\-sharing CIFS server cluster\&.
.PP
The main functions of CTDB are:
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
Provide a clustered version of the TDB database with automatic rebuild/recovery of the databases upon node failures\&.
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
Monitor nodes in the cluster and services running on each node\&.
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
Manage a pool of public IP addresses that are used to provide services to clients\&. Alternatively, CTDB can be used with LVS\&.
.RE
.PP
Combined with a cluster filesystem CTDB provides a full high\-availablity (HA) environment for services such as clustered Samba, NFS and other services\&.
.SH "ANATOMY OF A CTDB CLUSTER"
.PP
A CTDB cluster is a collection of nodes with 2 or more network interfaces\&. All nodes provide network (usually file/NAS) services to clients\&. Data served by file services is stored on shared storage (usually a cluster filesystem) that is accessible by all nodes\&.
.PP
CTDB provides an "all active" cluster, where services are load balanced across all nodes\&.
.SH "RECOVERY LOCK"
.PP
CTDB uses a
\fIrecovery lock\fR
to avoid a
\fIsplit brain\fR, where a cluster becomes partitioned and each partition attempts to operate independently\&. Issues that can result from a split brain include file data corruption, because file locking metadata may not be tracked correctly\&.
.PP
CTDB uses a
\fIcluster leader and follower\fR
model of cluster management\&. All nodes in a cluster elect one node to be the leader\&. The leader node coordinates privileged operations such as database recovery and IP address failover\&. CTDB refers to the leader node as the
\fIrecovery master\fR\&. This node takes and holds the recovery lock to assert its privileged role in the cluster\&.
.PP
By default, the recovery lock is implemented using a file (specified by
\fIrecovery lock\fR
in the
[cluster]
section of
\fBctdb.conf\fR(5)) residing in shared storage (usually) on a cluster filesystem\&. To support a recovery lock the cluster filesystem must support lock coherence\&. See
\fBping_pong\fR(1)
for more details\&.
.PP
The recovery lock can also be implemented using an arbitrary cluster mutex call\-out by using an exclamation point (\*(Aq!\*(Aq) as the first character of
\fIrecovery lock\fR\&. For example, a value of
\fB!/usr/local/bin/myhelper recovery\fR
would run the given helper with the specified arguments\&. See the source code relating to cluster mutexes for clues about writing call\-outs\&.
.PP
If a cluster becomes partitioned (for example, due to a communication failure) and a different recovery master is elected by the nodes in each partition, then only one of these recovery masters will be able to take the recovery lock\&. The recovery master in the "losing" partition will not be able to take the recovery lock and will be excluded from the cluster\&. The nodes in the "losing" partition will elect each node in turn as their recovery master so eventually all the nodes in that partition will be excluded\&.
.PP
CTDB does sanity checks to ensure that the recovery lock is held as expected\&.
.PP
CTDB can run without a recovery lock but this is not recommended as there will be no protection from split brains\&.
.SH "PRIVATE VS PUBLIC ADDRESSES"
.PP
Each node in a CTDB cluster has multiple IP addresses assigned to it:
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
A single private IP address that is used for communication between nodes\&.
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
One or more public IP addresses that are used to provide NAS or other services\&.
.RE
.sp
.SS "Private address"
.PP
Each node is configured with a unique, permanently assigned private address\&. This address is configured by the operating system\&. This address uniquely identifies a physical node in the cluster and is the address that CTDB daemons will use to communicate with the CTDB daemons on other nodes\&.
.PP
Private addresses are listed in the file
/usr/local/etc/ctdb/nodes)\&. This file contains the list of private addresses for all nodes in the cluster, one per line\&. This file must be the same on all nodes in the cluster\&.
.PP
Some users like to put this configuration file in their cluster filesystem\&. A symbolic link should be used in this case\&.
.PP
Private addresses should not be used by clients to connect to services provided by the cluster\&.
.PP
It is strongly recommended that the private addresses are configured on a private network that is separate from client networks\&. This is because the CTDB protocol is both unauthenticated and unencrypted\&. If clients share the private network then steps need to be taken to stop injection of packets to relevant ports on the private addresses\&. It is also likely that CTDB protocol traffic between nodes could leak sensitive information if it can be intercepted\&.
.PP
Example
/usr/local/etc/ctdb/nodes
for a four node cluster:
.sp
.if n \{\
.RS 4
.\}
.nf
192\&.168\&.1\&.1
192\&.168\&.1\&.2
192\&.168\&.1\&.3
192\&.168\&.1\&.4
.fi
.if n \{\
.RE
.\}
.SS "Public addresses"
.PP
Public addresses are used to provide services to clients\&. Public addresses are not configured at the operating system level and are not permanently associated with a particular node\&. Instead, they are managed by CTDB and are assigned to interfaces on physical nodes at runtime\&.
.PP
The CTDB cluster will assign/reassign these public addresses across the available healthy nodes in the cluster\&. When one node fails, its public addresses will be taken over by one or more other nodes in the cluster\&. This ensures that services provided by all public addresses are always available to clients, as long as there are nodes available capable of hosting this address\&.
.PP
The public address configuration is stored in
/usr/local/etc/ctdb/public_addresses
on each node\&. This file contains a list of the public addresses that the node is capable of hosting, one per line\&. Each entry also contains the netmask and the interface to which the address should be assigned\&. If this file is missing then no public addresses are configured\&.
.PP
Some users who have the same public addresses on all nodes like to put this configuration file in their cluster filesystem\&. A symbolic link should be used in this case\&.
.PP
Example
/usr/local/etc/ctdb/public_addresses
for a node that can host 4 public addresses, on 2 different interfaces:
.sp
.if n \{\
.RS 4
.\}
.nf
10\&.1\&.1\&.1/24 eth1
10\&.1\&.1\&.2/24 eth1
10\&.1\&.2\&.1/24 eth2
10\&.1\&.2\&.2/24 eth2
.fi
.if n \{\
.RE
.\}
.PP
In many cases the public addresses file will be the same on all nodes\&. However, it is possible to use different public address configurations on different nodes\&.
.PP
Example: 4 nodes partitioned into two subgroups:
.sp
.if n \{\
.RS 4
.\}
.nf
Node 0:/usr/local/etc/ctdb/public_addresses
10\&.1\&.1\&.1/24 eth1
10\&.1\&.1\&.2/24 eth1
Node 1:/usr/local/etc/ctdb/public_addresses
10\&.1\&.1\&.1/24 eth1
10\&.1\&.1\&.2/24 eth1
Node 2:/usr/local/etc/ctdb/public_addresses
10\&.1\&.2\&.1/24 eth2
10\&.1\&.2\&.2/24 eth2
Node 3:/usr/local/etc/ctdb/public_addresses
10\&.1\&.2\&.1/24 eth2
10\&.1\&.2\&.2/24 eth2
.fi
.if n \{\
.RE
.\}
.PP
In this example nodes 0 and 1 host two public addresses on the 10\&.1\&.1\&.x network while nodes 2 and 3 host two public addresses for the 10\&.1\&.2\&.x network\&.
.PP
Public address 10\&.1\&.1\&.1 can be hosted by either of nodes 0 or 1 and will be available to clients as long as at least one of these two nodes are available\&.
.PP
If both nodes 0 and 1 become unavailable then public address 10\&.1\&.1\&.1 also becomes unavailable\&. 10\&.1\&.1\&.1 can not be failed over to nodes 2 or 3 since these nodes do not have this public address configured\&.
.PP
The
\fBctdb ip\fR
command can be used to view the current assignment of public addresses to physical nodes\&.
.SH "NODE STATUS"
.PP
The current status of each node in the cluster can be viewed by the
\fBctdb status\fR
command\&.
.PP
A node can be in one of the following states:
.PP
OK
.RS 4
This node is healthy and fully functional\&. It hosts public addresses to provide services\&.
.RE
.PP
DISCONNECTED
.RS 4
This node is not reachable by other nodes via the private network\&. It is not currently participating in the cluster\&. It
\fIdoes not\fR
host public addresses to provide services\&. It might be shut down\&.
.RE
.PP
DISABLED
.RS 4
This node has been administratively disabled\&. This node is partially functional and participates in the cluster\&. However, it
\fIdoes not\fR
host public addresses to provide services\&.
.RE
.PP
UNHEALTHY
.RS 4
A service provided by this node has failed a health check and should be investigated\&. This node is partially functional and participates in the cluster\&. However, it
\fIdoes not\fR
host public addresses to provide services\&. Unhealthy nodes should be investigated and may require an administrative action to rectify\&.
.RE
.PP
BANNED
.RS 4
CTDB is not behaving as designed on this node\&. For example, it may have failed too many recovery attempts\&. Such nodes are banned from participating in the cluster for a configurable time period before they attempt to rejoin the cluster\&. A banned node
\fIdoes not\fR
host public addresses to provide services\&. All banned nodes should be investigated and may require an administrative action to rectify\&.
.RE
.PP
STOPPED
.RS 4
This node has been administratively exclude from the cluster\&. A stopped node does no participate in the cluster and
\fIdoes not\fR
host public addresses to provide services\&. This state can be used while performing maintenance on a node\&.
.RE
.PP
PARTIALLYONLINE
.RS 4
A node that is partially online participates in a cluster like a healthy (OK) node\&. Some interfaces to serve public addresses are down, but at least one interface is up\&. See also
\fBctdb ifaces\fR\&.
.RE
.SH "CAPABILITIES"
.PP
Cluster nodes can have several different capabilities enabled\&. These are listed below\&.
.PP
RECMASTER
.RS 4
Indicates that a node can become the CTDB cluster recovery master\&. The current recovery master is decided via an election held by all active nodes with this capability\&.
.sp
Default is YES\&.
.RE
.PP
LMASTER
.RS 4
Indicates that a node can be the location master (LMASTER) for database records\&. The LMASTER always knows which node has the latest copy of a record in a volatile database\&.
.sp
Default is YES\&.
.RE
.PP
The RECMASTER and LMASTER capabilities can be disabled when CTDB is used to create a cluster spanning across WAN links\&. In this case CTDB acts as a WAN accelerator\&.
.SH "LVS"
.PP
LVS is a mode where CTDB presents one single IP address for the entire cluster\&. This is an alternative to using public IP addresses and round\-robin DNS to loadbalance clients across the cluster\&.
.PP
This is similar to using a layer\-4 loadbalancing switch but with some restrictions\&.
.PP
One extra LVS public address is assigned on the public network to each LVS group\&. Each LVS group is a set of nodes in the cluster that presents the same LVS address public address to the outside world\&. Normally there would only be one LVS group spanning an entire cluster, but in situations where one CTDB cluster spans multiple physical sites it might be useful to have one LVS group for each site\&. There can be multiple LVS groups in a cluster but each node can only be member of one LVS group\&.
.PP
Client access to the cluster is load\-balanced across the HEALTHY nodes in an LVS group\&. If no HEALTHY nodes exists then all nodes in the group are used, regardless of health status\&. CTDB will, however never load\-balance LVS traffic to nodes that are BANNED, STOPPED, DISABLED or DISCONNECTED\&. The
\fBctdb lvs\fR
command is used to show which nodes are currently load\-balanced across\&.
.PP
In each LVS group, one of the nodes is selected by CTDB to be the LVS master\&. This node receives all traffic from clients coming in to the LVS public address and multiplexes it across the internal network to one of the nodes that LVS is using\&. When responding to the client, that node will send the data back directly to the client, bypassing the LVS master node\&. The command
\fBctdb lvs master\fR
will show which node is the current LVS master\&.
.PP
The path used for a client I/O is:
.sp
.RS 4
.ie n \{\
\h'-04' 1.\h'+01'\c
.\}
.el \{\
.sp -1
.IP " 1." 4.2
.\}
Client sends request packet to LVSMASTER\&.
.RE
.sp
.RS 4
.ie n \{\
\h'-04' 2.\h'+01'\c
.\}
.el \{\
.sp -1
.IP " 2." 4.2
.\}
LVSMASTER passes the request on to one node across the internal network\&.
.RE
.sp
.RS 4
.ie n \{\
\h'-04' 3.\h'+01'\c
.\}
.el \{\
.sp -1
.IP " 3." 4.2
.\}
Selected node processes the request\&.
.RE
.sp
.RS 4
.ie n \{\
\h'-04' 4.\h'+01'\c
.\}
.el \{\
.sp -1
.IP " 4." 4.2
.\}
Node responds back to client\&.
.RE
.PP
This means that all incoming traffic to the cluster will pass through one physical node, which limits scalability\&. You can send more data to the LVS address that one physical node can multiplex\&. This means that you should not use LVS if your I/O pattern is write\-intensive since you will be limited in the available network bandwidth that node can handle\&. LVS does work very well for read\-intensive workloads where only smallish READ requests are going through the LVSMASTER bottleneck and the majority of the traffic volume (the data in the read replies) goes straight from the processing node back to the clients\&. For read\-intensive i/o patterns you can achieve very high throughput rates in this mode\&.
.PP
Note: you can use LVS and public addresses at the same time\&.
.PP
If you use LVS, you must have a permanent address configured for the public interface on each node\&. This address must be routable and the cluster nodes must be configured so that all traffic back to client hosts are routed through this interface\&. This is also required in order to allow samba/winbind on the node to talk to the domain controller\&. This LVS IP address can not be used to initiate outgoing traffic\&.
.PP
Make sure that the domain controller and the clients are reachable from a node
\fIbefore\fR
you enable LVS\&. Also ensure that outgoing traffic to these hosts is routed out through the configured public interface\&.
.SS "Configuration"
.PP
To activate LVS on a CTDB node you must specify the
\fICTDB_LVS_PUBLIC_IFACE\fR,
\fICTDB_LVS_PUBLIC_IP\fR
and
\fICTDB_LVS_NODES\fR
configuration variables\&.
\fICTDB_LVS_NODES\fR
specifies a file containing the private address of all nodes in the current node\*(Aqs LVS group\&.
.PP
Example:
.sp
.if n \{\
.RS 4
.\}
.nf
CTDB_LVS_PUBLIC_IFACE=eth1
CTDB_LVS_PUBLIC_IP=10\&.1\&.1\&.237
CTDB_LVS_NODES=/usr/local/etc/ctdb/lvs_nodes
.fi
.if n \{\
.RE
.\}
.PP
Example
/usr/local/etc/ctdb/lvs_nodes:
.sp
.if n \{\
.RS 4
.\}
.nf
192\&.168\&.1\&.2
192\&.168\&.1\&.3
192\&.168\&.1\&.4
.fi
.if n \{\
.RE
.\}
.PP
Normally any node in an LVS group can act as the LVS master\&. Nodes that are highly loaded due to other demands maybe flagged with the "slave\-only" option in the
\fICTDB_LVS_NODES\fR
file to limit the LVS functionality of those nodes\&.
.PP
LVS nodes file that excludes 192\&.168\&.1\&.4 from being the LVS master node:
.sp
.if n \{\
.RS 4
.\}
.nf
192\&.168\&.1\&.2
192\&.168\&.1\&.3
192\&.168\&.1\&.4 slave\-only
.fi
.if n \{\
.RE
.\}
.SH "TRACKING AND RESETTING TCP CONNECTIONS"
.PP
CTDB tracks TCP connections from clients to public IP addresses, on known ports\&. When an IP address moves from one node to another, all existing TCP connections to that IP address are reset\&. The node taking over this IP address will also send gratuitous ARPs (for IPv4, or neighbour advertisement, for IPv6)\&. This allows clients to reconnect quickly, rather than waiting for TCP timeouts, which can be very long\&.
.PP
It is important that established TCP connections do not survive a release and take of a public IP address on the same node\&. Such connections can get out of sync with sequence and ACK numbers, potentially causing a disruptive ACK storm\&.
.SH "NAT GATEWAY"
.PP
NAT gateway (NATGW) is an optional feature that is used to configure fallback routing for nodes\&. This allows cluster nodes to connect to external services (e\&.g\&. DNS, AD, NIS and LDAP) when they do not host any public addresses (e\&.g\&. when they are unhealthy)\&.
.PP
This also applies to node startup because CTDB marks nodes as UNHEALTHY until they have passed a "monitor" event\&. In this context, NAT gateway helps to avoid a "chicken and egg" situation where a node needs to access an external service to become healthy\&.
.PP
Another way of solving this type of problem is to assign an extra static IP address to a public interface on every node\&. This is simpler but it uses an extra IP address per node, while NAT gateway generally uses only one extra IP address\&.
.SS "Operation"
.PP
One extra NATGW public address is assigned on the public network to each NATGW group\&. Each NATGW group is a set of nodes in the cluster that shares the same NATGW address to talk to the outside world\&. Normally there would only be one NATGW group spanning an entire cluster, but in situations where one CTDB cluster spans multiple physical sites it might be useful to have one NATGW group for each site\&.
.PP
There can be multiple NATGW groups in a cluster but each node can only be member of one NATGW group\&.
.PP
In each NATGW group, one of the nodes is selected by CTDB to be the NATGW master and the other nodes are consider to be NATGW slaves\&. NATGW slaves establish a fallback default route to the NATGW master via the private network\&. When a NATGW slave hosts no public IP addresses then it will use this route for outbound connections\&. The NATGW master hosts the NATGW public IP address and routes outgoing connections from slave nodes via this IP address\&. It also establishes a fallback default route\&.
.SS "Configuration"
.PP
NATGW is usually configured similar to the following example configuration:
.sp
.if n \{\
.RS 4
.\}
.nf
CTDB_NATGW_NODES=/usr/local/etc/ctdb/natgw_nodes
CTDB_NATGW_PRIVATE_NETWORK=192\&.168\&.1\&.0/24
CTDB_NATGW_PUBLIC_IP=10\&.0\&.0\&.227/24
CTDB_NATGW_PUBLIC_IFACE=eth0
CTDB_NATGW_DEFAULT_GATEWAY=10\&.0\&.0\&.1
.fi
.if n \{\
.RE
.\}
.PP
Normally any node in a NATGW group can act as the NATGW master\&. Some configurations may have special nodes that lack connectivity to a public network\&. In such cases, those nodes can be flagged with the "slave\-only" option in the
\fICTDB_NATGW_NODES\fR
file to limit the NATGW functionality of those nodes\&.
.PP
See the
NAT GATEWAY
section in
\fBctdb-script.options\fR(5)
for more details of NATGW configuration\&.
.SS "Implementation details"
.PP
When the NATGW functionality is used, one of the nodes is selected to act as a NAT gateway for all the other nodes in the group when they need to communicate with the external services\&. The NATGW master is selected to be a node that is most likely to have usable networks\&.
.PP
The NATGW master hosts the NATGW public IP address
\fICTDB_NATGW_PUBLIC_IP\fR
on the configured public interfaces
\fICTDB_NATGW_PUBLIC_IFACE\fR
and acts as a router, masquerading outgoing connections from slave nodes via this IP address\&. If
\fICTDB_NATGW_DEFAULT_GATEWAY\fR
is set then it also establishes a fallback default route to the configured this gateway with a metric of 10\&. A metric 10 route is used so it can co\-exist with other default routes that may be available\&.
.PP
A NATGW slave establishes its fallback default route to the NATGW master via the private network
\fICTDB_NATGW_PRIVATE_NETWORK\fRwith a metric of 10\&. This route is used for outbound connections when no other default route is available because the node hosts no public addresses\&. A metric 10 routes is used so that it can co\-exist with other default routes that may be available when the node is hosting public addresses\&.
.PP
\fICTDB_NATGW_STATIC_ROUTES\fR
can be used to have NATGW create more specific routes instead of just default routes\&.
.PP
This is implemented in the
11\&.natgw
eventscript\&. Please see the eventscript file and the
NAT GATEWAY
section in
\fBctdb-script.options\fR(5)
for more details\&.
.SH "POLICY ROUTING"
.PP
Policy routing is an optional CTDB feature to support complex network topologies\&. Public addresses may be spread across several different networks (or VLANs) and it may not be possible to route packets from these public addresses via the system\*(Aqs default route\&. Therefore, CTDB has support for policy routing via the
13\&.per_ip_routing
eventscript\&. This allows routing to be specified for packets sourced from each public address\&. The routes are added and removed as CTDB moves public addresses between nodes\&.
.SS "Configuration variables"
.PP
There are 4 configuration variables related to policy routing:
\fICTDB_PER_IP_ROUTING_CONF\fR,
\fICTDB_PER_IP_ROUTING_RULE_PREF\fR,
\fICTDB_PER_IP_ROUTING_TABLE_ID_LOW\fR,
\fICTDB_PER_IP_ROUTING_TABLE_ID_HIGH\fR\&. See the
POLICY ROUTING
section in
\fBctdb-script.options\fR(5)
for more details\&.
.SS "Configuration"
.PP
The format of each line of
\fICTDB_PER_IP_ROUTING_CONF\fR
is:
.sp
.if n \{\
.RS 4
.\}
.nf
<public_address> <network> [ <gateway> ]
.fi
.if n \{\
.RE
.\}
.PP
Leading whitespace is ignored and arbitrary whitespace may be used as a separator\&. Lines that have a "public address" item that doesn\*(Aqt match an actual public address are ignored\&. This means that comment lines can be added using a leading character such as \*(Aq#\*(Aq, since this will never match an IP address\&.
.PP
A line without a gateway indicates a link local route\&.
.PP
For example, consider the configuration line:
.sp
.if n \{\
.RS 4
.\}
.nf
192\&.168\&.1\&.99 192\&.168\&.1\&.1/24
.fi
.if n \{\
.RE
.\}
.PP
If the corresponding public_addresses line is:
.sp
.if n \{\
.RS 4
.\}
.nf
192\&.168\&.1\&.99/24 eth2,eth3
.fi
.if n \{\
.RE
.\}
.PP
\fICTDB_PER_IP_ROUTING_RULE_PREF\fR
is 100, and CTDB adds the address to eth2 then the following routing information is added:
.sp
.if n \{\
.RS 4
.\}
.nf
ip rule add from 192\&.168\&.1\&.99 pref 100 table ctdb\&.192\&.168\&.1\&.99
ip route add 192\&.168\&.1\&.0/24 dev eth2 table ctdb\&.192\&.168\&.1\&.99
.fi
.if n \{\
.RE
.\}
.PP
This causes traffic from 192\&.168\&.1\&.1 to 192\&.168\&.1\&.0/24 go via eth2\&.
.PP
The
\fBip rule\fR
command will show (something like \- depending on other public addresses and other routes on the system):
.sp
.if n \{\
.RS 4
.\}
.nf
0: from all lookup local
100: from 192\&.168\&.1\&.99 lookup ctdb\&.192\&.168\&.1\&.99
32766: from all lookup main
32767: from all lookup default
.fi
.if n \{\
.RE
.\}
.PP
\fBip route show table ctdb\&.192\&.168\&.1\&.99\fR
will show:
.sp
.if n \{\
.RS 4
.\}
.nf
192\&.168\&.1\&.0/24 dev eth2 scope link
.fi
.if n \{\
.RE
.\}
.PP
The usual use for a line containing a gateway is to add a default route corresponding to a particular source address\&. Consider this line of configuration:
.sp
.if n \{\
.RS 4
.\}
.nf
192\&.168\&.1\&.99 0\&.0\&.0\&.0/0 192\&.168\&.1\&.1
.fi
.if n \{\
.RE
.\}
.PP
In the situation described above this will cause an extra routing command to be executed:
.sp
.if n \{\
.RS 4
.\}
.nf
ip route add 0\&.0\&.0\&.0/0 via 192\&.168\&.1\&.1 dev eth2 table ctdb\&.192\&.168\&.1\&.99
.fi
.if n \{\
.RE
.\}
.PP
With both configuration lines,
\fBip route show table ctdb\&.192\&.168\&.1\&.99\fR
will show:
.sp
.if n \{\
.RS 4
.\}
.nf
192\&.168\&.1\&.0/24 dev eth2 scope link
default via 192\&.168\&.1\&.1 dev eth2
.fi
.if n \{\
.RE
.\}
.SS "Sample configuration"
.PP
Here is a more complete example configuration\&.
.sp
.if n \{\
.RS 4
.\}
.nf
/usr/local/etc/ctdb/public_addresses:
192\&.168\&.1\&.98 eth2,eth3
192\&.168\&.1\&.99 eth2,eth3
/usr/local/etc/ctdb/policy_routing:
192\&.168\&.1\&.98 192\&.168\&.1\&.0/24
192\&.168\&.1\&.98 192\&.168\&.200\&.0/24 192\&.168\&.1\&.254
192\&.168\&.1\&.98 0\&.0\&.0\&.0/0 192\&.168\&.1\&.1
192\&.168\&.1\&.99 192\&.168\&.1\&.0/24
192\&.168\&.1\&.99 192\&.168\&.200\&.0/24 192\&.168\&.1\&.254
192\&.168\&.1\&.99 0\&.0\&.0\&.0/0 192\&.168\&.1\&.1
.fi
.if n \{\
.RE
.\}
.PP
The routes local packets as expected, the default route is as previously discussed, but packets to 192\&.168\&.200\&.0/24 are routed via the alternate gateway 192\&.168\&.1\&.254\&.
.SH "NOTIFICATIONS"
.PP
When certain state changes occur in CTDB, it can be configured to perform arbitrary actions via notifications\&. For example, sending SNMP traps or emails when a node becomes unhealthy or similar\&.
.PP
The notification mechanism runs all executable files ending in "\&.script" in
/usr/local/etc/ctdb/events/notification/, ignoring any failures and continuing to run all files\&.
.PP
CTDB currently generates notifications after CTDB changes to these states:
.RS 4
init
.RE
.RS 4
setup
.RE
.RS 4
startup
.RE
.RS 4
healthy
.RE
.RS 4
unhealthy
.RE
.SH "LOG LEVELS"
.PP
Valid log levels, in increasing order of verbosity, are:
.RS 4
ERROR
.RE
.RS 4
WARNING
.RE
.RS 4
NOTICE
.RE
.RS 4
INFO
.RE
.RS 4
DEBUG
.RE
.SH "REMOTE CLUSTER NODES"
.PP
It is possible to have a CTDB cluster that spans across a WAN link\&. For example where you have a CTDB cluster in your datacentre but you also want to have one additional CTDB node located at a remote branch site\&. This is similar to how a WAN accelerator works but with the difference that while a WAN\-accelerator often acts as a Proxy or a MitM, in the ctdb remote cluster node configuration the Samba instance at the remote site IS the genuine server, not a proxy and not a MitM, and thus provides 100% correct CIFS semantics to clients\&.
.PP
See the cluster as one single multihomed samba server where one of the NICs (the remote node) is very far away\&.
.PP
NOTE: This does require that the cluster filesystem you use can cope with WAN\-link latencies\&. Not all cluster filesystems can handle WAN\-link latencies! Whether this will provide very good WAN\-accelerator performance or it will perform very poorly depends entirely on how optimized your cluster filesystem is in handling high latency for data and metadata operations\&.
.PP
To activate a node as being a remote cluster node you need to set the following two parameters in /usr/local/etc/ctdb/ctdb\&.conf for the remote node:
.sp
.if n \{\
.RS 4
.\}
.nf
[legacy]
lmaster capability = false
recmaster capability = false
.fi
.if n \{\
.RE
.\}
.PP
Verify with the command "ctdb getcapabilities" that that node no longer has the recmaster or the lmaster capabilities\&.
.SH "SEE ALSO"
.PP
\fBctdb\fR(1),
\fBctdbd\fR(1),
\fBctdbd_wrapper\fR(1),
\fBctdb_diagnostics\fR(1),
\fBltdbtool\fR(1),
\fBonnode\fR(1),
\fBping_pong\fR(1),
\fBctdb.conf\fR(5),
\fBctdb-script.options\fR(5),
\fBctdb.sysconfig\fR(5),
\fBctdb-statistics\fR(7),
\fBctdb-tunables\fR(7),
\m[blue]\fB\%http://ctdb.samba.org/\fR\m[]
.SH "AUTHOR"
.br
.PP
This documentation was written by Ronnie Sahlberg, Amitay Isaacs, Martin Schwenke
.SH "COPYRIGHT"
.br
Copyright \(co 2007 Andrew Tridgell, Ronnie Sahlberg
.br
.PP
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version\&.
.PP
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE\&. See the GNU General Public License for more details\&.
.PP
You should have received a copy of the GNU General Public License along with this program; if not, see
\m[blue]\fB\%http://www.gnu.org/licenses\fR\m[]\&.
.sp

359
net/samba419/files/man/ctdb.conf.5 Normal file
View file

@ -0,0 +1,359 @@
'\" t
.\" Title: ctdb.conf
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Date: 09/23/2020
.\" Manual: CTDB - clustered TDB database
.\" Source: ctdb
.\" Language: English
.\"
.TH "CTDB\&.CONF" "5" "09/23/2020" "ctdb" "CTDB \- clustered TDB database"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
ctdb.conf \- CTDB configuration file
.SH "DESCRIPTION"
.PP
This file contains CTDB configuration options that affect the operation of CTDB daemons and command\-line tools\&. The default location of this file is
/usr/local/etc/ctdb/ctdb\&.conf\&.
.PP
Note that this is a Samba\-style configuration file, so it has a very different syntax to previous CTDB configuration files\&.
.PP
For event script options please see
\fBctdb-script.options\fR(5)\&.
.PP
Configuration options are grouped into several sections below\&. There are only a few options in each section, allowing them to be ordered (approximately) in decreasing order of importance\&.
.SH "LOGGING CONFIGURATION"
.PP
Options in this section control CTDB\*(Aqs logging\&. They are valid within the
\fIlogging\fR
section of file, indicated by
[logging]\&.
.PP
log level = \fILOGLEVEL\fR
.RS 4
LOGLEVEL is a string that controls the verbosity of ctdbd\*(Aqs logging\&. See the
LOG LEVELS
section in
\fBctdb\fR(7)
for more details\&.
.sp
Default:
NOTICE
.RE
.PP
location = \fISTRING\fR
.RS 4
STRING specifies where ctdbd will write its log\&.
.sp
Valid values are:
.PP
file:\fIFILENAME\fR
.RS 4
FILENAME where ctdbd will write its log\&. This is usually
/var/log/log\&.ctdb\&.
.RE
.PP
syslog[:\fIMETHOD\fR]
.RS 4
CTDB will log to syslog\&. By default this will use the syslog(3) API\&.
.sp
If METHOD is specified then it specifies an extension that causes logging to be done in a non\-blocking fashion\&. This can be useful under heavy loads that might cause the syslog daemon to dequeue messages too slowly, which would otherwise cause CTDB to block when logging\&. METHOD must be one of:
.PP
nonblocking
.RS 4
CTDB will log to syslog via
/dev/log
in non\-blocking mode\&.
.RE
.PP
udp
.RS 4
CTDB will log to syslog via UDP to localhost:514\&. The syslog daemon must be configured to listen on (at least) localhost:514\&. Most implementations will log the messages against hostname "localhost" \- this is a limit of the implementation for compatibility with more syslog daemon implementations\&.
.RE
.PP
udp\-rfc5424
.RS 4
As with "udp" but messages are sent in RFC5424 format\&. This method will log the correct hostname but is not as widely implemented in syslog daemons\&.
.RE
.RE
.sp
Default: file:/var/log/log\&.ctdb
.RE
.SH "CLUSTER CONFIGURATION"
.PP
Options in this section affect the CTDB cluster setup\&. They are valid within the
\fIcluster\fR
section of file, indicated by
[cluster]\&.
.PP
recovery lock = \fILOCK\fR
.RS 4
LOCK specifies the cluster\-wide mutex used to detect and prevent a partitioned cluster (or "split brain")\&.
.sp
For information about the recovery lock please see the
RECOVERY LOCK
section in
\fBctdb\fR(7)\&.
.sp
Default: NONE\&. However, uses of a recovery lock is
\fIstrongly recommended\fR\&.
.RE
.PP
node address = \fIIPADDR\fR
.RS 4
IPADDR is the private IP address that ctdbd will bind to\&.
.sp
This option is only required when automatic address detection can not be used\&. This can be the case when running multiple ctdbd daemons/nodes on the same physical host (usually for testing), using InfiniBand for the private network or on Linux when sysctl net\&.ipv4\&.ip_nonlocal_bind=1\&.
.sp
Default: CTDB selects the first address from the nodes list that it can bind to\&. See also the
PRIVATE ADDRESS
section in
\fBctdb\fR(7)\&.
.RE
.PP
transport = tcp|ib
.RS 4
This option specifies which transport to use for ctdbd internode communications on the private network\&.
.sp
ib
means InfiniBand\&. The InfiniBand support is not regularly tested\&. If it is known to be broken then it may be disabled so that a value of
ib
is considered invalid\&.
.sp
Default:
tcp
.RE
.SH "DATABASE CONFIGURATION"
.PP
Options in this section affect the CTDB database setup\&. They are valid within the
\fIdatabase\fR
section of file, indicated by
[database]\&.
.PP
volatile database directory = \fIDIRECTORY\fR
.RS 4
DIRECTORY on local storage where CTDB keeps a local copy of volatile TDB databases\&. This directory is local for each node and should not be stored on the shared cluster filesystem\&.
.sp
Mounting a tmpfs (or similar memory filesystem) on this directory can provide a significant performance improvement when there is I/O contention on the local disk\&.
.sp
Default:
/var/lib/ctdb/volatile
.RE
.PP
persistent database directory=\fIDIRECTORY\fR
.RS 4
DIRECTORY on local storage where CTDB keeps a local copy of persistent TDB databases\&. This directory is local for each node and should not be stored on the shared cluster filesystem\&.
.sp
Default:
/var/lib/ctdb/persistent
.RE
.PP
state database directory = \fIDIRECTORY\fR
.RS 4
DIRECTORY on local storage where CTDB keeps a local copy of internal state TDB databases\&. This directory is local for each node and should not be stored on the shared cluster filesystem\&.
.sp
Default:
/var/lib/ctdb/state
.RE
.PP
tdb mutexes = true|false
.RS 4
This parameter enables TDB_MUTEX_LOCKING feature on volatile databases if the robust mutexes are supported\&. This optimizes the record locking using robust mutexes and is much more efficient that using posix locks\&.
.sp
If robust mutexes are unreliable on the platform being used then they can be disabled by setting this to
false\&.
.RE
.PP
lock debug script = \fIFILENAME\fR
.RS 4
FILENAME is a script used by CTDB\*(Aqs database locking code to attempt to provide debugging information when CTDB is unable to lock an entire database or a record\&.
.sp
This script should be a bare filename relative to the CTDB configuration directory (/usr/local/etc/ctdb/)\&. Any directory prefix is ignored and the path is calculated relative to this directory\&.
.sp
CTDB provides a lock debugging script and installs it as
/usr/local/etc/ctdb/debug_locks\&.sh\&.
.sp
Default: NONE
.RE
.SH "EVENT HANDLING CONFIGURATION"
.PP
Options in this section affect CTDB event handling\&. They are valid within the
\fIevent\fR
section of file, indicated by
[event]\&.
.PP
debug script = \fIFILENAME\fR
.RS 4
FILENAME is a script used by CTDB\*(Aqs event handling code to attempt to provide debugging information when an event times out\&.
.sp
This script should be a bare filename relative to the CTDB configuration directory (/usr/local/etc/ctdb/)\&. Any directory prefix is ignored and the path is calculated relative to this directory\&.
.sp
CTDB provides a script for debugging timed out event scripts and installs it as
/usr/local/etc/ctdb/debug\-hung\-script\&.sh\&.
.sp
Default: NONE
.RE
.SH "FAILOVER CONFIGURATION"
.PP
Options in this section affect CTDB failover\&. They are valid within the
\fIfailover\fR
section of file, indicated by
[failover]\&.
.PP
disabled = true|false
.RS 4
If set to
true
then public IP failover is disabled\&.
.sp
Default:
false
.RE
.SH "LEGACY CONFIGURATION"
.PP
Options in this section affect legacy CTDB setup\&. They are valid within the
\fIlegacy\fR
section of file, indicated by
[legacy]\&.
.PP
ctdb start as stopped = true|false
.RS 4
If set to
true
CTDB starts in the STOPPED state\&.
.sp
To allow the node to take part in the cluster it must be manually continued with the
\fBctdb continue\fR
command\&.
.sp
Please see the
NODE STATES
section in
\fBctdb\fR(7)
for more information about the STOPPED state\&.
.sp
Default:
false
.RE
.PP
start as disabled = true|false
.RS 4
If set to
true
CTDB starts in the DISABLED state\&.
.sp
To allow the node to host public IP addresses and services, it must be manually enabled using the
\fBctdb enable\fR
command\&.
.sp
Please see the
NODE STATES
section in
\fBctdb\fR(7)
for more information about the DISABLED state\&.
.sp
Default:
false
.RE
.PP
realtime scheduling = true|false
.RS 4
Usually CTDB runs with real\-time priority\&. This helps it to perform effectively on a busy system, such as when there are thousands of Samba clients\&. If you are running CTDB on a platform that does not support real\-time priority, you can set this to
false\&.
.sp
Default:
true
.RE
.PP
recmaster capability = true|false
.RS 4
Indicates whether a node can become the recovery master for the cluster\&. If this is set to
false
then the node will not be able to become the recovery master for the cluster\&. This feature is primarily used for making a cluster span across a WAN link and use CTDB as a WAN\-accelerator\&.
.sp
Please see the
REMOTE CLUSTER NODES
section in
\fBctdb\fR(7)
for more information\&.
.sp
Default:
true
.RE
.PP
lmaster capability = true|false
.RS 4
Indicates whether a node can become a location master for records in a database\&. If this is set to
false
then the node will not be part of the vnnmap\&. This feature is primarily used for making a cluster span across a WAN link and use CTDB as a WAN\-accelerator\&.
.sp
Please see the
REMOTE CLUSTER NODES
section in
\fBctdb\fR(7)
for more information\&.
.sp
Default:
true
.RE
.PP
script log level = \fILOGLEVEL\fR
.RS 4
This option sets the debug level of event script output to LOGLEVEL\&.
.sp
See the
DEBUG LEVELS
section in
\fBctdb\fR(7)
for more information\&.
.sp
Default:
ERROR
.RE
.SH "FILES"
.RS 4
/usr/local/etc/ctdb/ctdb\&.conf
.RE
.SH "SEE ALSO"
.PP
\fBctdbd\fR(1),
\fBonnode\fR(1),
\fBctdb.sysconfig\fR(5),
\fBctdb-script.options\fR(5),
\fBctdb\fR(7),
\fBctdb-tunables\fR(7),
\m[blue]\fB\%http://ctdb.samba.org/\fR\m[]
.SH "AUTHOR"
.br
.PP
This documentation was written by Amitay Isaacs, Martin Schwenke
.SH "COPYRIGHT"
.br
Copyright \(co 2007 Andrew Tridgell, Ronnie Sahlberg
.br
.PP
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version\&.
.PP
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE\&. See the GNU General Public License for more details\&.
.PP
You should have received a copy of the GNU General Public License along with this program; if not, see
\m[blue]\fB\%http://www.gnu.org/licenses\fR\m[]\&.
.sp

139
net/samba419/files/man/ctdb.sysconfig.5 Normal file
View file

@ -0,0 +1,139 @@
'\" t
.\" Title: ctdb.sysconfig
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Date: 09/23/2020
.\" Manual: CTDB - clustered TDB database
.\" Source: ctdb
.\" Language: English
.\"
.TH "CTDB\&.SYSCONFIG" "5" "09/23/2020" "ctdb" "CTDB \- clustered TDB database"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
ctdb.sysconfig \- CTDB daemon configuration file
.SH "DESCRIPTION"
.PP
This file contains configuration that affects the operation of CTDB\&. This is a distribution\-specific service configuration file such as
/etc/sysconfig/ctdb
(Red Hat) or
/etc/default/ctdb
(Debian) and is a shell script (see
\fBsh\fR(1))\&.
.SH "GLOBAL CONFIGURATION"
.PP
CTDB_INIT_STYLE=debian|redhat|suse
.RS 4
This is the init style used by the Linux distribution (or other operating system) being used\&. This is usually determined dynamically by checking the system\&. This variable is used by the initscript to determine which init system primitives to use\&. It is also used by some eventscripts to choose the name of initscripts for certain services, since these can vary between distributions\&.
.sp
If using CTDB\*(Aqs event scripts are unable to determine an appropriate default then this option can also be placed in a relevant
\fBctdb-script.options\fR(5)
file\&.
.sp
Default: NONE\&. Guessed, based on features of distribution\&.
.RE
.PP
CTDB_STARTUP_TIMEOUT=\fINUM\fR
.RS 4
NUM is the number of seconds to wait for
\fBctdbd\fR(1)
complete early initialisation up to a point where it is unlikely to abort\&. If
\fBctdbd\fR
doesn\*(Aqt complete the "setup" event before this timeout then it is killed\&.
.sp
Defaults: 10
.RE
.SH "RESOURCE LIMITS"
.SS "Maximum number of open files"
.PP
CTDB can use a lot of file descriptors, especially when used with Samba\&. If there are thousands of smbd processes connected to CTDB when this can mean that thousands of file descriptors are used\&. For CTDB, it is often necessary to increase limit on the maximum number of open files\&.
.PP
The maximum number of open files should be configured using an operating system mechanism\&.
.PP
systemd
.RS 4
The
LimitNOFILE=\fBLIMIT\fR
option can be used in a unit/service file increase the maximum number of open files\&. See
\fBsystemd.exec\fR(5)
for details\&.
.RE
.PP
SYSV init
.RS 4
Use a command like
\fBulimit \-n \fR\fB\fBLIMIT\fR\fR
to increase the maximum number of open files\&. This command can be put in the relevant distribution\-specific service configuration file\&.
.RE
.SS "Allowing core dumps"
.PP
Many distributions do not allow core dump files to be generated by default\&. To assist with debugging, core files can be enabled\&. This should be configured using an operating system mechanism\&.
.PP
systemd
.RS 4
The
LimitCORE=0|unlimited
option can be used in a unit/service file\&.
0
disallows core files,
unlimited
allows them\&. maximum number of open files\&. See
\fBsystemd.exec\fR(5)
for details\&.
.RE
.PP
SYSV init
.RS 4
Use a command like
\fBulimit \-c 0|unlimited\fR
to disable or enable core files as required\&. This command can be put in the relevant distribution\-specific service configuration file\&.
.RE
.SH "FILES"
.RS 4
/etc/sysconfig/ctdb
.RE
.RS 4
/etc/default/ctdb
.RE
.RS 4
/usr/local/etc/ctdb/script\&.options
.RE
.SH "SEE ALSO"
.PP
\fBctdbd\fR(1),
\fBctdb-script.options\fR(5),
\fBctdb\fR(7),
\m[blue]\fB\%http://ctdb.samba.org/\fR\m[]
.SH "AUTHOR"
.br
.PP
This documentation was written by Martin Schwenke
.SH "COPYRIGHT"
.br
Copyright \(co 2007 Andrew Tridgell, Ronnie Sahlberg
.br
.PP
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version\&.
.PP
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE\&. See the GNU General Public License for more details\&.
.PP
You should have received a copy of the GNU General Public License along with this program; if not, see
\m[blue]\fB\%http://www.gnu.org/licenses\fR\m[]\&.
.sp

79
net/samba419/files/man/ctdb_diagnostics.1 Normal file
View file

@ -0,0 +1,79 @@
'\" t
.\" Title: ctdb_diagnostics
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Date: 11/18/2018
.\" Manual: CTDB - clustered TDB database
.\" Source: ctdb
.\" Language: English
.\"
.TH "CTDB_DIAGNOSTICS" "1" "11/18/2018" "ctdb" "CTDB \- clustered TDB database"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
ctdb_diagnostics \- dump diagnostic information about CTDB/Samba installation
.SH "SYNOPSIS"
.HP \w'\fBctdb_diagnostics\fR\ 'u
\fBctdb_diagnostics\fR [OPTIONS] \&.\&.\&.
.SH "DESCRIPTION"
.PP
ctdb_diagnostics is used to dump diagnostic information about a clustered Samba installation\&. This includes configuration files, output of relevant commands and logs\&. This information can be used to check the correctness of the configuration and to diagnose problems\&.
.SH "OPTIONS"
.PP
\-n <nodes>
.RS 4
Comma separated list of nodes to operate on
.RE
.PP
\-c
.RS 4
Ignore comment lines (starting with \*(Aq#\*(Aq) in file comparisons
.RE
.PP
\-w
.RS 4
Ignore whitespace in file comparisons
.RE
.PP
\-\-no\-ads
.RS 4
Do not use commands that assume an Active Directory Server
.RE
.SH "SEE ALSO"
.PP
\fBctdb\fR(1),
\fBctdb\fR(7),
\m[blue]\fB\%https://ctdb.samba.org/\fR\m[]
.SH "AUTHOR"
.br
.PP
This documentation was written by Martijn van Brummelen
.SH "COPYRIGHT"
.br
Copyright \(co 2015 Martijn van Brummelen
.br
.PP
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version\&.
.PP
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE\&. See the GNU General Public License for more details\&.
.PP
You should have received a copy of the GNU General Public License along with this program; if not, see
\m[blue]\fB\%http://www.gnu.org/licenses\fR\m[]\&.
.sp

83
net/samba419/files/man/ctdbd.1 Normal file
View file

@ -0,0 +1,83 @@
'\" t
.\" Title: ctdbd
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Date: 09/23/2020
.\" Manual: CTDB - clustered TDB database
.\" Source: ctdb
.\" Language: English
.\"
.TH "CTDBD" "1" "09/23/2020" "ctdb" "CTDB \- clustered TDB database"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
ctdbd \- The CTDB cluster daemon
.SH "SYNOPSIS"
.HP \w'\fBctdbd\fR\ 'u
\fBctdbd\fR [\fIOPTION\fR...]
.SH "DESCRIPTION"
.PP
ctdbd is the main CTDB daemon\&.
.PP
Note that ctdbd is not usually invoked directly\&. It is invoked via
\fBctdbd_wrapper\fR(1)
or via the initscript\&.
.PP
See
\fBctdb\fR(7)
for an overview of CTDB\&.
.SH "GENERAL OPTIONS"
.PP
\-i, \-\-interactive
.RS 4
Enable interactive mode\&. This will make ctdbd run in the foreground and not detach from the terminal\&. In this mode ctdbd will log to stderr\&.
.sp
By default ctdbd will detach itself and run in the background as a daemon, logging to the configured destination\&.
.RE
.PP
\-?, \-\-help
.RS 4
Display a summary of options\&.
.RE
.SH "SEE ALSO"
.PP
\fBctdb\fR(1),
\fBctdbd_wrapper\fR(1),
\fBonnode\fR(1),
\fBctdb.conf\fR(5),
\fBctdb\fR(7),
\fBctdb-tunables\fR(7),
\m[blue]\fB\%http://ctdb.samba.org/\fR\m[]
.SH "AUTHOR"
.br
.PP
This documentation was written by Ronnie Sahlberg, Amitay Isaacs, Martin Schwenke
.SH "COPYRIGHT"
.br
Copyright \(co 2007 Andrew Tridgell, Ronnie Sahlberg
.br
.PP
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version\&.
.PP
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE\&. See the GNU General Public License for more details\&.
.PP
You should have received a copy of the GNU General Public License along with this program; if not, see
\m[blue]\fB\%http://www.gnu.org/licenses\fR\m[]\&.
.sp

63
net/samba419/files/man/ctdbd_wrapper.1 Normal file
View file

@ -0,0 +1,63 @@
'\" t
.\" Title: ctdbd_wrapper
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Date: 09/23/2020
.\" Manual: CTDB - clustered TDB database
.\" Source: ctdb
.\" Language: English
.\"
.TH "CTDBD_WRAPPER" "1" "09/23/2020" "ctdb" "CTDB \- clustered TDB database"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
ctdbd_wrapper \- Wrapper for ctdbd
.SH "SYNOPSIS"
.HP \w'\fBctdbd_wrapper\fR\ 'u
\fBctdbd_wrapper\fR {start | stop}
.SH "DESCRIPTION"
.PP
ctdbd_wrapper is used to start or stop the main CTDB daemon\&.
.PP
See
\fBctdb\fR(7)
for an overview of CTDB\&.
.SH "SEE ALSO"
.PP
\fBctdbd\fR(1),
\fBctdb.sysconfig\fR(5),
\fBctdb\fR(7),
\m[blue]\fB\%http://ctdb.samba.org/\fR\m[]
.SH "AUTHOR"
.br
.PP
This documentation was written by Amitay Isaacs, Martin Schwenke
.SH "COPYRIGHT"
.br
Copyright \(co 2007 Andrew Tridgell, Ronnie Sahlberg
.br
.PP
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version\&.
.PP
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE\&. See the GNU General Public License for more details\&.
.PP
You should have received a copy of the GNU General Public License along with this program; if not, see
\m[blue]\fB\%http://www.gnu.org/licenses\fR\m[]\&.
.sp

329
net/samba419/files/man/dbwrap_tool.1 Normal file
View file

@ -0,0 +1,329 @@
'\" t
.\" Title: dbwrap_tool
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Date: 08/09/2022
.\" Manual: System Administration tools
.\" Source: Samba 4.16.4
.\" Language: English
.\"
.TH "DBWRAP_TOOL" "1" "08/09/2022" "Samba 4\&.16\&.4" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
dbwrap_tool \- low level TDB/CTDB manipulation tool using the dbwrap interface
.SH "SYNOPSIS"
.HP \w'\ 'u
dbwrap_tool [\-?|\-\-help] [\-\-usage] [\-\-persistent] [\-\-non\-persistent] [\-d|\-\-debuglevel=DEBUGLEVEL] [\-\-debug\-stdout] [\-\-configfile=CONFIGFILE] [\-\-option=name=value] [\-l|\-\-log\-basename=LOGFILEBASE] [\-\-leak\-report] [\-\-leak\-report\-full] {<database>} {<operation>} [<key>\ [<type>\ [<value>]]]
.SH "DESCRIPTION"
.PP
This tool is part of the
\fBsamba\fR(7)
suite\&.
.PP
The dbwrap_tool program is used to read and manipulate TDB/CTDB databases using the dbwrap interface\&.
.PP
The following database operations are available:
.RS
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
fetch: fetch a record
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
store: create or modify a record
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
delete: remove a record
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
exists: test for existence of a record
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
erase: remove all records
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
listkeys: list all available records
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
listwatchers: list processes, which are waiting for changes in a record
.RE
.sp
.RE
.PP
The following types are available:
.RS
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
int32: signed 32bit integer
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
uint32: unsigned 32bit integer
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
string: "hello world"
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
hex: hex strings like "68656C6C6F20776F726C6400" ("hello world")
.RE
.sp
.RE
.SH "OPTIONS"
.PP
\-\-persistent
.RS 4
Open the database as a persistent database\&.
.sp
Exactly one of \-\-persistent and \-\-non\-persistent must be specified\&.
.RE
.PP
\-\-non\-persistent
.RS 4
Open the database as a non\-persistent database\&.
.sp
Caveat: opening a database as non\-persistent when there is currently no other opener will wipe the database\&.
.sp
Exactly one of \-\-persistent and \-\-non\-persistent must be specified\&.
.RE
.PP
\-?|\-\-help
.RS 4
Print a summary of command line options\&.
.RE
.PP
\-\-usage
.RS 4
Display brief usage message\&.
.RE
.PP
\-d|\-\-debuglevel=DEBUGLEVEL
.RS 4
\fIlevel\fR
is an integer from 0 to 10\&. The default value if this parameter is not specified is 1 for client applications\&.
.sp
The higher this value, the more detail will be logged to the log files about the activities of the server\&. At level 0, only critical errors and serious warnings will be logged\&. Level 1 is a reasonable level for day\-to\-day running \- it generates a small amount of information about operations carried out\&.
.sp
Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&.
.sp
Note that specifying this parameter here will override the
\m[blue]\fBlog level\fR\m[]
parameter in the
smb\&.conf
file\&.
.RE
.PP
\-\-debug\-stdout
.RS 4
This will redirect debug output to STDOUT\&. By default all clients are logging to STDERR\&.
.RE
.PP
\-\-configfile=<configuration file>
.RS 4
The file specified contains the configuration details required by the client\&. The information in this file can be general for client and server or only provide client specific like options such as
\m[blue]\fBclient smb encrypt\fR\m[]\&. See
smb\&.conf
for more information\&. The default configuration file name is determined at compile time\&.
.RE
.PP
\-\-option=<name>=<value>
.RS 4
Set the
\fBsmb.conf\fR(5)
option "<name>" to value "<value>" from the command line\&. This overrides compiled\-in defaults and options read from the configuration file\&. If a name or a value includes a space, wrap whole \-\-option=name=value into quotes\&.
.RE
.PP
\-l|\-\-log\-basename=logdirectory
.RS 4
Base directory name for log/debug files\&. The extension
\fB"\&.progname"\fR
will be appended (e\&.g\&. log\&.smbclient, log\&.smbd, etc\&.\&.\&.)\&. The log file is never removed by the client\&.
.RE
.PP
\-\-leak\-report
.RS 4
Enable talloc leak reporting on exit\&.
.RE
.PP
\-\-leak\-report\-full
.RS 4
Enable full talloc leak reporting on exit\&.
.RE
.PP
\-V|\-\-version
.RS 4
Prints the program version number\&.
.RE
.SH "COMMANDS"
.SS "fetch"
.HP \w'\ 'u
dbwrap_tool <database> fetch <key> <type>
.SS "store"
.HP \w'\ 'u
dbwrap_tool <database> store <key> <type> <value>
.SS "delete"
.HP \w'\ 'u
dbwrap_tool <database> delete <key>
.SS "exists"
.HP \w'\ 'u
dbwrap_tool <database> exists <key>
.SS "erase"
.HP \w'\ 'u
dbwrap_tool <database> erase
.SS "listkeys"
.HP \w'\ 'u
dbwrap_tool <database> listkeys
.SS "listwatchers"
.HP \w'\ 'u
dbwrap_tool <database> listwatchers
.SH "EXAMPLES"
.PP
List all keys from winbindd_idmap\&.tdb
.RS 4
dbwrap_tool
\-\-persistent winbindd_idmap\&.tdb listkeys
.RE
.PP
Fetch record with key "USER HWM" as uint32
.RS 4
dbwrap_tool
\-\-persistent winbindd_idmap\&.tdb fetch "USER HWM" uint32
.RE
.PP
Remove record with key "USER HWM"
.RS 4
dbwrap_tool
\-\-persistent winbindd_idmap\&.tdb remove "USER HWM"
.RE
.PP
Store and overwrite record "USER HWM" with value 214
.RS 4
uint32:
dbwrap_tool
\-\-persistent winbindd_idmap\&.tdb store "USER HWM" uint32 214
hex:
dbwrap_tool
\-\-persistent winbindd_idmap\&.tdb store "USER HWM" hex D6000000
.RE
.SH "NOTES"
.PP
Use with caution!
.SH "VERSION"
.PP
This man page is part of version 4\&.16\&.4 of the Samba suite\&.
.SH "SEE ALSO"
.PP
\fBsmbd\fR(8),
\fBsamba\fR(7)
.SH "AUTHOR"
.PP
The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
.PP
The dbwrap_tool manpage was written by Bjoern Baumbach\&.

133
net/samba419/files/man/gentest.1 Normal file
View file

@ -0,0 +1,133 @@
'\" t
.\" Title: gentest
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Date: 08/09/2022
.\" Manual: Test Suite
.\" Source: Samba 4.0
.\" Language: English
.\"
.TH "GENTEST" "1" "08/09/2022" "Samba 4\&.0" "Test Suite"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
gentest \- Run random generic SMB operations against two SMB servers and show the differences in behavior
.SH "SYNOPSIS"
.HP \w'\fBgentest\fR\ 'u
\fBgentest\fR {//server1/share1} {//server2/share2} {\-U\ user%pass} {\-U\ user%pass} [\-s\ seed] [\-o\ numops] [\-a] [\-A] [\-i\ FILE] [\-O] [\-S\ FILE] [\-L] [\-F] [\-C] [\-X]
.SH "DESCRIPTION"
.PP
gentest
is a utility for detecting differences in behaviour between SMB servers\&. It will run a random set of generic operations against
\fI//server1/share1\fR
and then the same random set against
\fI//server2/share2\fR
and display the differences in the responses it gets\&.
.PP
This utility is used by the Samba team to find differences in behaviour between Samba and Windows servers\&.
.SH "OPTIONS"
.PP
\-U user%pass
.RS 4
Specify the user and password to use when logging on on the shares\&. This parameter is mandatory and has to be specified twice\&.
.RE
.PP
\-s seed
.RS 4
Seed the random number generator with the specified value\&.
.RE
.PP
\-o numops
.RS 4
Set the number of operations to perform\&.
.RE
.PP
\-a
.RS 4
Print the operations that are performed\&.
.RE
.PP
\-A
.RS 4
Backtrack to find minimal number of operations required to make the response to a certain call differ\&.
.RE
.PP
\-i FILE
.RS 4
Specify a file containing the names of fields that have to be ignored (such as time fields)\&. See below for a description of the file format\&.
.RE
.PP
\-O
.RS 4
Enable oplocks\&.
.RE
.PP
\-S FILE
.RS 4
Set preset seeds file\&. The default is
gentest_seeds\&.dat\&.
.RE
.PP
\-L
.RS 4
Use preset seeds
.RE
.PP
\-F
.RS 4
Fast reconnect (just close files)
.RE
.PP
\-C
.RS 4
Continuous analysis mode
.RE
.PP
\-X
.RS 4
Analyse even when the test succeeded\&.
.RE
.SH "VERSION"
.PP
This man page is correct for version 4\&.0 of the Samba suite\&.
.SH "SEE ALSO"
.PP
Samba
.SH "AUTHOR"
.PP
This utility is part of the
\m[blue]\fBSamba\fR\m[]\&\s-2\u[1]\d\s+2
suite, which is developed by the global
\m[blue]\fBSamba Team\fR\m[]\&\s-2\u[2]\d\s+2\&.
.PP
gentest was written by Andrew Tridgell\&.
.PP
This manpage was written by Jelmer Vernooij\&.
.SH "NOTES"
.IP " 1." 4
Samba
.RS 4
\%http://www.samba.org/
.RE
.IP " 2." 4
Samba Team
.RS 4
\%http://www.samba.org/samba/team/
.RE

427
net/samba419/files/man/ldb.3 Normal file
View file

@ -0,0 +1,427 @@
'\" t
.\" Title: ldb
.\" Author: [see the "Author" section]
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Date: 08/09/2022
.\" Manual: System Administration tools
.\" Source: LDB 1.1
.\" Language: English
.\"
.TH "LDB" "3" "08/09/2022" "LDB 1\&.1" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
ldb \- A light\-weight database library
.SH "SYNOPSIS"
.sp
.nf
#include <ldb\&.h>
.fi
.SH "DESCRIPTION"
.PP
ldb is a light weight embedded database library and API\&. With a programming interface that is very similar to LDAP, ldb can store its data either in a tdb(3) database or in a real LDAP database\&.
.PP
When used with the tdb backend ldb does not require any database daemon\&. Instead, ldb function calls are processed immediately by the ldb library, which does IO directly on the database, while allowing multiple readers/writers using operating system byte range locks\&. This leads to an API with very low overheads, often resulting in speeds of more than 10x what can be achieved with a more traditional LDAP architecture\&.
.PP
In a taxonomy of databases ldb would sit half way between key/value pair databases (such as berkley db or tdb) and a full LDAP database\&. With a structured attribute oriented API like LDAP and good indexing capabilities, ldb can be used for quite sophisticated applications that need a light weight database, without the administrative overhead of a full LDAP installation\&.
.PP
Included with ldb are a number of useful command line tools for manipulating a ldb database\&. These tools are similar in style to the equivalent ldap command line tools\&.
.PP
In its default mode of operation with a tdb backend, ldb can also be seen as a "schema\-less LDAP"\&. By default ldb does not require a schema, which greatly reduces the complexity of getting started with ldb databases\&. As the complexity of you application grows you can take advantage of some of the optional schema\-like attributes that ldb offers, or you can migrate to using the full LDAP api while keeping your exiting ldb code\&.
.PP
If you are new to ldb, then I suggest starting with the manual pages for ldbsearch(1) and ldbedit(1), and experimenting with a local database\&. Then I suggest you look at the ldb_connect(3) and ldb_search(3) manual pages\&.
.SH "TOOLS"
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
ldbsearch(1)
\- command line ldb search utility
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
ldbedit(1)
\- edit all or part of a ldb database using your favourite editor
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
ldbadd(1)
\- add records to a ldb database using LDIF formatted input
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
ldbdel(1)
\- delete records from a ldb database
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
ldbmodify(1)
\- modify records in a ldb database using LDIF formatted input
.RE
.SH "FUNCTIONS"
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fBldb_connect(3)\fR
\- connect to a ldb backend
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fBldb_search(3)\fR
\- perform a database search
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fBldb_add(3)\fR
\- add a record to the database
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fBldb_delete(3)\fR
\- delete a record from the database
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fBldb_modify(3)\fR
\- modify a record in the database
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fBldb_errstring(3)\fR
\- retrieve extended error information from the last operation
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fBldb_ldif_write(3)\fR
\- write a LDIF formatted message
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fBldb_ldif_write_file(3)\fR
\- write a LDIF formatted message to a file
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fBldb_ldif_read(3)\fR
\- read a LDIF formatted message
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fBldb_ldif_read_free(3)\fR
\- free the result of a ldb_ldif_read()
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fBldb_ldif_read_file(3)\fR
\- read a LDIF message from a file
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fBldb_ldif_read_string(3)\fR
\- read a LDIF message from a string
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fBldb_msg_find_element(3)\fR
\- find an element in a ldb_message
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fBldb_val_equal_exact(3)\fR
\- compare two ldb_val structures
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fBldb_msg_find_val(3)\fR
\- find an element by value
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fBldb_msg_add_empty(3)\fR
\- add an empty message element to a ldb_message
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fBldb_msg_add(3)\fR
\- add a non\-empty message element to a ldb_message
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fBldb_msg_element_compare(3)\fR
\- compare two ldb_message_element structures
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fBldb_msg_find_int(3)\fR
\- return an integer value from a ldb_message
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fBldb_msg_find_uint(3)\fR
\- return an unsigned integer value from a ldb_message
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fBldb_msg_find_double(3)\fR
\- return a double value from a ldb_message
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fBldb_msg_find_string(3)\fR
\- return a string value from a ldb_message
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fBldb_set_alloc(3)\fR
\- set the memory allocation function to be used by ldb
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fBldb_set_debug(3)\fR
\- set a debug handler to be used by ldb
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fBldb_set_debug_stderr(3)\fR
\- set a debug handler for stderr output
.RE
.SH "AUTHOR"
.PP
ldb was written by
\m[blue]\fBAndrew Tridgell\fR\m[]\&\s-2\u[1]\d\s+2\&.
.PP
If you wish to report a problem or make a suggestion then please see the
\m[blue]\fB\%http://ldb.samba.org/\fR\m[]
web site for current contact and maintainer information\&.
.PP
ldb is released under the GNU Lesser General Public License version 2 or later\&. Please see the file COPYING for license details\&.
.SH "NOTES"
.IP " 1." 4
Andrew Tridgell
.RS 4
\%https://www.samba.org/~tridge/
.RE

78
net/samba419/files/man/ldbadd.1 Normal file
View file

@ -0,0 +1,78 @@
'\" t
.\" Title: ldbadd
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Date: 08/09/2022
.\" Manual: System Administration tools
.\" Source: LDB 1.1
.\" Language: English
.\"
.TH "LDBADD" "1" "08/09/2022" "LDB 1\&.1" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
ldbadd \- Command\-line utility for adding records to an LDB
.SH "SYNOPSIS"
.HP \w'\fBldbadd\fR\ 'u
\fBldbadd\fR [\-h] [\-H\ LDB\-URL] [ldif\-file1] [ldif\-file2] [\&.\&.\&.]
.SH "DESCRIPTION"
.PP
ldbadd adds records to an ldb(3) database\&. It reads the ldif(5) files specified on the command line and adds the records from these files to the LDB database, which is specified by the \-H option or the LDB_URL environment variable\&.
.PP
If \- is specified as a ldb file, the ldif input is read from standard input\&.
.SH "OPTIONS"
.PP
\-h
.RS 4
Show list of available options\&.
.RE
.PP
\-H <ldb\-url>
.RS 4
LDB URL to connect to\&. See ldb(3) for details\&.
.RE
.SH "ENVIRONMENT"
.PP
LDB_URL
.RS 4
LDB URL to connect to (can be overridden by using the \-H command\-line option\&.)
.RE
.SH "VERSION"
.PP
This man page is correct for version 1\&.1 of LDB\&.
.SH "SEE ALSO"
.PP
ldb(3), ldbmodify, ldbdel, ldif(5)
.SH "AUTHOR"
.PP
ldb was written by
\m[blue]\fBAndrew Tridgell\fR\m[]\&\s-2\u[1]\d\s+2\&.
.PP
If you wish to report a problem or make a suggestion then please see the
\m[blue]\fB\%http://ldb.samba.org/\fR\m[]
web site for current contact and maintainer information\&.
.PP
This manpage was written by Jelmer Vernooij\&.
.SH "NOTES"
.IP " 1." 4
Andrew Tridgell
.RS 4
\%https://www.samba.org/~tridge/
.RE

80
net/samba419/files/man/ldbdel.1 Normal file
View file

@ -0,0 +1,80 @@
'\" t
.\" Title: ldbdel
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Date: 08/09/2022
.\" Manual: System Administration tools
.\" Source: LDB 1.1
.\" Language: English
.\"
.TH "LDBDEL" "1" "08/09/2022" "LDB 1\&.1" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
ldbdel \- Command\-line program for deleting LDB records
.SH "SYNOPSIS"
.HP \w'\fBldbdel\fR\ 'u
\fBldbdel\fR [\-h] [\-H\ LDB\-URL] [dn] [\&.\&.\&.]
.SH "DESCRIPTION"
.PP
ldbdel deletes records from an ldb(3) database\&. It deletes the records identified by the dn\*(Aqs specified on the command\-line\&.
.PP
ldbdel uses either the database that is specified with the \-H option or the database specified by the LDB_URL environment variable\&.
.SH "OPTIONS"
.PP
\-h
.RS 4
Show list of available options\&.
.RE
.PP
\-H <ldb\-url>
.RS 4
LDB URL to connect to\&. See ldb(3) for details\&.
.RE
.SH "ENVIRONMENT"
.PP
LDB_URL
.RS 4
LDB URL to connect to (can be overridden by using the \-H command\-line option\&.)
.RE
.SH "VERSION"
.PP
This man page is correct for version 1\&.1 of LDB\&.
.SH "SEE ALSO"
.PP
ldb(3), ldbmodify, ldbadd, ldif(5)
.SH "AUTHOR"
.PP
ldb was written by
\m[blue]\fBAndrew Tridgell\fR\m[]\&\s-2\u[1]\d\s+2\&.
.PP
If you wish to report a problem or make a suggestion then please see the
\m[blue]\fB\%http://ldb.samba.org/\fR\m[]
web site for current contact and maintainer information\&.
.PP
ldbdel was written by Andrew Tridgell\&.
.PP
This manpage was written by Jelmer Vernooij\&.
.SH "NOTES"
.IP " 1." 4
Andrew Tridgell
.RS 4
\%https://www.samba.org/~tridge/
.RE

111
net/samba419/files/man/ldbedit.1 Normal file
View file

@ -0,0 +1,111 @@
'\" t
.\" Title: ldbedit
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Date: 08/09/2022
.\" Manual: System Administration tools
.\" Source: LDB 1.1
.\" Language: English
.\"
.TH "LDBEDIT" "1" "08/09/2022" "LDB 1\&.1" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
ldbedit \- Edit LDB databases using your preferred editor
.SH "SYNOPSIS"
.HP \w'\fBldbedit\fR\ 'u
\fBldbedit\fR [\-?] [\-\-usage] [\-s\ base|one|sub] [\-b\ basedn] [\-a] [\-e\ editor] [\-H\ LDB\-URL] [expression] [attributes...]
.SH "DESCRIPTION"
.PP
ldbedit is a utility that allows you to edit LDB entries (in tdb files, sqlite files or LDAP servers) using your preferred editor\&. ldbedit generates an LDIF file based on your query, allows you to edit the LDIF, and then merges that LDIF back into the LDB backend\&.
.SH "OPTIONS"
.PP
\-?, \-\-help
.RS 4
Show list of available options, and a phrase describing what that option does\&.
.RE
.PP
\-\-usage
.RS 4
Show list of available options\&. This is similar to the help option, however it does not provide any description, and is hence shorter\&.
.RE
.PP
\-H <ldb\-url>
.RS 4
LDB URL to connect to\&. For a tdb database, this will be of the form tdb://\fIfilename\fR\&. For a LDAP connection over unix domain sockets, this will be of the form ldapi://\fIsocket\fR\&. For a (potentially remote) LDAP connection over TCP, this will be of the form ldap://\fIhostname\fR\&. For an SQLite database, this will be of the form sqlite://\fIfilename\fR\&.
.RE
.PP
\-s one|sub|base
.RS 4
Search scope to use\&. One\-level, subtree or base\&.
.RE
.PP
\-a, \-all
.RS 4
Edit all records\&. This allows you to apply the same change to a number of records at once\&. You probably want to combine this with an expression of the form "objectclass=*"\&.
.RE
.PP
\-e editor, \-\-editor editor
.RS 4
Specify the editor that should be used (overrides the VISUAL and EDITOR environment variables)\&. If this option is not used, and neither VISUAL nor EDITOR environment variables are set, then the vi editor will be used\&.
.RE
.PP
\-b basedn
.RS 4
Specify Base Distinguished Name to use\&.
.RE
.PP
\-v, \-\-verbose
.RS 4
Make ldbedit more verbose about the operations that are being performed\&. Without this option, ldbedit will only provide a summary change line\&.
.RE
.SH "ENVIRONMENT"
.PP
LDB_URL
.RS 4
LDB URL to connect to\&. This can be overridden by using the \-H command\-line option\&.)
.RE
.PP
VISUAL and EDITOR
.RS 4
Environment variables used to determine what editor to use\&. VISUAL takes precedence over EDITOR, and both are overridden by the \-e command\-line option\&.
.RE
.SH "VERSION"
.PP
This man page is correct for version 1\&.1 of LDB\&.
.SH "SEE ALSO"
.PP
ldb(3), ldbmodify(1), ldbdel(1), ldif(5), vi(1)
.SH "AUTHOR"
.PP
ldb was written by
\m[blue]\fBAndrew Tridgell\fR\m[]\&\s-2\u[1]\d\s+2\&.
.PP
If you wish to report a problem or make a suggestion then please see the
\m[blue]\fB\%http://ldb.samba.org/\fR\m[]
web site for current contact and maintainer information\&.
.PP
This manpage was written by Jelmer Vernooij and updated by Brad Hards\&.
.SH "NOTES"
.IP " 1." 4
Andrew Tridgell
.RS 4
\%https://www.samba.org/~tridge/
.RE

73
net/samba419/files/man/ldbmodify.1 Normal file
View file

@ -0,0 +1,73 @@
'\" t
.\" Title: ldbmodify
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Date: 08/09/2022
.\" Manual: System Administration tools
.\" Source: LDB 1.1
.\" Language: English
.\"
.TH "LDBMODIFY" "1" "08/09/2022" "LDB 1\&.1" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
ldbmodify \- Modify records in a LDB database
.SH "SYNOPSIS"
.HP \w'\fBldbmodify\fR\ 'u
\fBldbmodify\fR [\-H\ LDB\-URL] [ldif\-file]
.SH "DESCRIPTION"
.PP
ldbmodify changes, adds and deletes records in a LDB database\&. The changes that should be made to the LDB database are read from the specified LDIF\-file\&. If \- is specified as the filename, input is read from stdin\&.
.PP
For now, see ldapmodify(1) for details on the LDIF file format\&.
.SH "OPTIONS"
.PP
\-H <ldb\-url>
.RS 4
LDB URL to connect to\&. See ldb(3) for details\&.
.RE
.SH "ENVIRONMENT"
.PP
LDB_URL
.RS 4
LDB URL to connect to (can be overridden by using the \-H command\-line option\&.)
.RE
.SH "VERSION"
.PP
This man page is correct for version 1\&.1 of LDB\&.
.SH "SEE ALSO"
.PP
ldb(3), ldbedit
.SH "AUTHOR"
.PP
ldb was written by
\m[blue]\fBAndrew Tridgell\fR\m[]\&\s-2\u[1]\d\s+2\&.
.PP
If you wish to report a problem or make a suggestion then please see the
\m[blue]\fB\%http://ldb.samba.org/\fR\m[]
web site for current contact and maintainer information\&.
.PP
This manpage was written by Jelmer Vernooij\&.
.SH "NOTES"
.IP " 1." 4
Andrew Tridgell
.RS 4
\%https://www.samba.org/~tridge/
.RE

81
net/samba419/files/man/ldbrename.1 Normal file
View file

@ -0,0 +1,81 @@
'\" t
.\" Title: ldbrename
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Date: 08/09/2022
.\" Manual: System Administration tools
.\" Source: LDB 1.1
.\" Language: English
.\"
.TH "LDBRENAME" "1" "08/09/2022" "LDB 1\&.1" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
ldbrename \- Edit LDB databases using your favorite editor
.SH "SYNOPSIS"
.HP \w'\fBldbrename\fR\ 'u
\fBldbrename\fR [\-h] [\-o\ options] {olddn} {newdn}
.SH "DESCRIPTION"
.PP
ldbrename is a utility that allows you to rename trees in an LDB database based by DN\&. This utility takes two arguments: the original DN name of the top element and the DN to change it to\&.
.SH "OPTIONS"
.PP
\-h
.RS 4
Show list of available options\&.
.RE
.PP
\-H <ldb\-url>
.RS 4
LDB URL to connect to\&. See ldb(3) for details\&.
.RE
.PP
\-o options
.RS 4
Extra ldb options, such as modules\&.
.RE
.SH "ENVIRONMENT"
.PP
LDB_URL
.RS 4
LDB URL to connect to (can be overridden by using the \-H command\-line option\&.)
.RE
.SH "VERSION"
.PP
This man page is correct for version 1\&.1 of LDB\&.
.SH "SEE ALSO"
.PP
ldb(3), ldbmodify, ldbdel, ldif(5)
.SH "AUTHOR"
.PP
ldb was written by
\m[blue]\fBAndrew Tridgell\fR\m[]\&\s-2\u[1]\d\s+2\&.
.PP
If you wish to report a problem or make a suggestion then please see the
\m[blue]\fB\%http://ldb.samba.org/\fR\m[]
web site for current contact and maintainer information\&.
.PP
This manpage was written by Jelmer Vernooij\&.
.SH "NOTES"
.IP " 1." 4
Andrew Tridgell
.RS 4
\%https://www.samba.org/~tridge/
.RE

91
net/samba419/files/man/ldbsearch.1 Normal file
View file

@ -0,0 +1,91 @@
'\" t
.\" Title: ldbsearch
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Date: 08/09/2022
.\" Manual: System Administration tools
.\" Source: LDB 1.1
.\" Language: English
.\"
.TH "LDBSEARCH" "1" "08/09/2022" "LDB 1\&.1" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
ldbsearch \- Search for records in a LDB database
.SH "SYNOPSIS"
.HP \w'\fBldbsearch\fR\ 'u
\fBldbsearch\fR [\-h] [\-s\ base|one|sub] [\-b\ basedn] [\-i] [\-H\ LDB\-URL] [expression] [attributes]
.SH "DESCRIPTION"
.PP
ldbsearch searches a LDB database for records matching the specified expression (see the ldapsearch(1) manpage for a description of the expression format)\&. For each record, the specified attributes are printed\&.
.SH "OPTIONS"
.PP
\-h
.RS 4
Show list of available options\&.
.RE
.PP
\-H <ldb\-url>
.RS 4
LDB URL to connect to\&. See ldb(3) for details\&.
.RE
.PP
\-s one|sub|base
.RS 4
Search scope to use\&. One\-level, subtree or base\&.
.RE
.PP
\-i
.RS 4
Read search expressions from stdin\&.
.RE
.PP
\-b basedn
.RS 4
Specify Base DN to use\&.
.RE
.SH "ENVIRONMENT"
.PP
LDB_URL
.RS 4
LDB URL to connect to (can be overridden by using the \-H command\-line option\&.)
.RE
.SH "VERSION"
.PP
This man page is correct for version 1\&.1 of LDB\&.
.SH "SEE ALSO"
.PP
ldb(3), ldbedit(1)
.SH "AUTHOR"
.PP
ldb was written by
\m[blue]\fBAndrew Tridgell\fR\m[]\&\s-2\u[1]\d\s+2\&.
.PP
If you wish to report a problem or make a suggestion then please see the
\m[blue]\fB\%http://ldb.samba.org/\fR\m[]
web site for current contact and maintainer information\&.
.PP
This manpage was written by Jelmer Vernooij\&.
.SH "NOTES"
.IP " 1." 4
Andrew Tridgell
.RS 4
\%https://www.samba.org/~tridge/
.RE

94
net/samba419/files/man/libsmbclient.7 Normal file
View file

@ -0,0 +1,94 @@
'\" t
.\" Title: libsmbclient
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Date: 08/09/2022
.\" Manual: 7
.\" Source: Samba 4.16.4
.\" Language: English
.\"
.TH "LIBSMBCLIENT" "7" "08/09/2022" "Samba 4\&.16\&.4" "7"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
libsmbclient \- An extension library for browsers and that can be used as a generic browsing API\&.
.SH "SYNOPSIS"
.HP \w'\ 'u
.PP
Browser URL:
smb://[[[domain:]user[:password@]]server[/share[/path[/file]]]] [?options]
.SH "DESCRIPTION"
.PP
This tool is part of the
\fBsamba\fR(7)
suite\&.
.PP
libsmbclient
is a library toolset that permits applications to manipulate CIFS/SMB network resources using many of the standards POSIX functions available for manipulating local UNIX/Linux files\&. It permits much more than just browsing, files can be opened and read or written, permissions changed, file times modified, attributes and ACL\*(Aqs can be manipulated, and so on\&. Of course, its functionality includes all the capabilities commonly called browsing\&.
.PP
libsmbclient
can not be used directly from the command line, instead it provides an extension of the capabilities of tools such as file managers and browsers\&. This man page describes the configuration options for this tool so that the user may obtain greatest utility of use\&.
.SH "OPTIONS"
.PP
What the URLs mean:
.PP
smb://
.RS 4
Shows all workgroups or domains that are visible in the network\&. The behavior matches that of the Microsoft Windows Explorer\&.
.sp
The method of locating the list of workgroups (domains also) varies depending on the setting of the context variable
(context\->options\&.browse_max_lmb_count)\&. It is the responsibility of the application that calls this library to set this to a sensible value\&. This is a compile\-time option\&. This value determines the maximum number of local master browsers to query for the list of workgroups\&. In order to ensure that the list is complete for those present on the network, all master browsers must be queried\&. If there are a large number of workgroups on the network, the time spent querying will be significant\&. For small networks (just a few workgroups), it is suggested to set this value to 0, instructing libsmbclient to query all local master browsers\&. In an environment that has many workgroups a more reasonable setting may be around 3\&.
.RE
.PP
smb://name/
.RS 4
This command causes libsmbclient to perform a name look\-up\&. If the NAME<1D> or NAME<1B> exists (workgroup name), libsmbclient will list all servers in the workgroup (or domain)\&. Otherwise, a name look\-up for the NAME<20> (machine name) will be performed, and the list of shared resources on the server will be displayed\&.
.RE
.PP
When libsmbclient is invoked by an application it searches for a directory called
\&.smb
in the $HOME directory that is specified in the users shell environment\&. It then searches for a file called
smb\&.conf
which, if present, will fully over\-ride the system
/etc/samba/smb\&.conf
file\&. If instead libsmbclient finds a file called
~/\&.smb/smb\&.conf\&.append, it will read the system
/etc/samba/smb\&.conf
and then append the contents of the
~/\&.smb/smb\&.conf\&.append
to it\&.
.PP
libsmbclient
will check the users shell environment for the
USER
parameter and will use its value when if the
user
parameter was not included in the URL\&.
.SH "PROGRAMMERS GUIDE"
.PP
Watch this space for future updates\&.
.SH "VERSION"
.PP
This man page is part of version 4\&.16\&.4 of the Samba suite\&.
.SH "AUTHOR"
.PP
The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
.PP
The libsmbclient manpage page was written by John H Terpstra\&.

123
net/samba419/files/man/lmhosts.5 Normal file
View file

@ -0,0 +1,123 @@
'\" t
.\" Title: lmhosts
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Date: 08/09/2022
.\" Manual: File Formats and Conventions
.\" Source: Samba 4.16.4
.\" Language: English
.\"
.TH "LMHOSTS" "5" "08/09/2022" "Samba 4\&.16\&.4" "File Formats and Conventions"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
lmhosts \- The Samba NetBIOS hosts file
.SH "SYNOPSIS"
.PP
lmhosts
is the
\fBsamba\fR(7)
NetBIOS name to IP address mapping file\&.
.SH "DESCRIPTION"
.PP
This file is part of the
\fBsamba\fR(7)
suite\&.
.PP
lmhosts
is the
\fISamba \fR
NetBIOS name to IP address mapping file\&. It is very similar to the
/etc/hosts
file format, except that the hostname component must correspond to the NetBIOS naming format\&.
.SH "FILE FORMAT"
.PP
It is an ASCII file containing one line for NetBIOS name\&. The two fields on each line are separated from each other by white space\&. Any entry beginning with \*(Aq#\*(Aq is ignored\&. Each line in the lmhosts file contains the following information:
.RS
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
IP Address \- in dotted decimal format\&.
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
NetBIOS Name \- This name format is a maximum fifteen character host name, with an optional trailing \*(Aq#\*(Aq character followed by the NetBIOS name type as two hexadecimal digits\&.
.sp
If the trailing \*(Aq#\*(Aq is omitted then the given IP address will be returned for all names that match the given name, whatever the NetBIOS name type in the lookup\&.
.RE
.sp
.RE
.PP
An example follows:
.sp
.if n \{\
.RS 4
.\}
.nf
#
# Sample Samba lmhosts file\&.
#
192\&.9\&.200\&.1 TESTPC
192\&.9\&.200\&.20 NTSERVER#20
192\&.9\&.200\&.21 SAMBASERVER
.fi
.if n \{\
.RE
.\}
.PP
Contains three IP to NetBIOS name mappings\&. The first and third will be returned for any queries for the names "TESTPC" and "SAMBASERVER" respectively, whatever the type component of the NetBIOS name requested\&.
.PP
The second mapping will be returned only when the "0x20" name type for a name "NTSERVER" is queried\&. Any other name type will not be resolved\&.
.PP
The default location of the
lmhosts
file is in the same directory as the
\fBsmb.conf\fR(5)
file\&.
.SH "FILES"
.PP
lmhosts is loaded from the configuration directory\&. This is usually
/etc/samba
or
/usr/local/samba/lib\&.
.SH "VERSION"
.PP
This man page is part of version 4\&.16\&.4 of the Samba suite\&.
.SH "SEE ALSO"
.PP
\fBsmbclient\fR(1),
\fBsmb.conf\fR(5), and
\fBsmbpasswd\fR(8)
.SH "AUTHOR"
.PP
The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.

137
net/samba419/files/man/locktest.1 Normal file
View file

@ -0,0 +1,137 @@
'\" t
.\" Title: locktest
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Date: 08/09/2022
.\" Manual: Test Suite
.\" Source: Samba 4.0
.\" Language: English
.\"
.TH "LOCKTEST" "1" "08/09/2022" "Samba 4\&.0" "Test Suite"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
locktest \- Find differences in locking between two SMB servers
.SH "SYNOPSIS"
.HP \w'\fBlocktest\fR\ 'u
\fBlocktest\fR {//server1/share1} {//server2/share2} [\-U\ user%pass] [\-U\ user%pass] [\-s\ seed] [\-o\ numops] [\-a] [\-O] [\-E] [\-Z] [\-R\ range] [\-B\ base] [\-M\ min]
.SH "DESCRIPTION"
.PP
locktest
is a utility for detecting differences in behaviour in locking between SMB servers\&. It will run a random set of locking operations against
\fI//server1/share1\fR
and then the same random set against
\fI//server2/share2\fR
and display the differences in the responses it gets\&.
.PP
This utility is used by the Samba team to find differences in behaviour between Samba and Windows servers\&.
.SH "OPTIONS"
.PP
\-U user%pass
.RS 4
Specify the user and password to use when logging on on the shares\&. This parameter can be specified twice (once for the first server, once for the second)\&.
.RE
.PP
\-s seed
.RS 4
Seed the random number generator with the specified value\&.
.RE
.PP
\-o numops
.RS 4
Set the number of operations to perform\&.
.RE
.PP
\-a
.RS 4
Print the operations that are performed\&.
.RE
.PP
\-A
.RS 4
Backtrack to find minimal number of operations required to make the response to a certain call differ\&.
.RE
.PP
\-O
.RS 4
Enable oplocks\&.
.RE
.PP
\-u
.RS 4
Hide unlock fails\&.
.RE
.PP
\-E
.RS 4
enable exact error code checking
.RE
.PP
\-Z
.RS 4
enable the zero/zero lock
.RE
.PP
\-R range
.RS 4
set lock range
.RE
.PP
\-B base
.RS 4
set lock base
.RE
.PP
\-M min
.RS 4
set min lock length
.RE
.PP
\-k
.RS 4
Use kerberos
.RE
.SH "VERSION"
.PP
This man page is correct for version 4\&.0 of the Samba suite\&.
.SH "SEE ALSO"
.PP
Samba
.SH "AUTHOR"
.PP
This utility is part of the
\m[blue]\fBSamba\fR\m[]\&\s-2\u[1]\d\s+2
suite, which is developed by the global
\m[blue]\fBSamba Team\fR\m[]\&\s-2\u[2]\d\s+2\&.
.PP
locktest was written by Andrew Tridgell\&.
.PP
This manpage was written by Jelmer Vernooij\&.
.SH "NOTES"
.IP " 1." 4
Samba
.RS 4
\%http://www.samba.org/
.RE
.IP " 2." 4
Samba Team
.RS 4
\%http://www.samba.org/samba/team/
.RE

124
net/samba419/files/man/log2pcap.1 Normal file
View file

@ -0,0 +1,124 @@
'\" t
.\" Title: log2pcap
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Date: 08/09/2022
.\" Manual: User Commands
.\" Source: Samba 4.16.4
.\" Language: English
.\"
.TH "LOG2PCAP" "1" "08/09/2022" "Samba 4\&.16\&.4" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
log2pcap \- Extract network traces from Samba log files
.SH "SYNOPSIS"
.HP \w'\ 'u
log2pcap [\-h] [\-q] [logfile] [pcap_file]
.SH "DESCRIPTION"
.PP
This tool is part of the
\fBsamba\fR(7)
suite\&.
.PP
log2pcap
reads in a samba log file and generates a pcap file (readable by most sniffers, such as ethereal or tcpdump) based on the packet dumps in the log file\&.
.PP
The log file must have a
\fIlog level\fR
of at least
\fB5\fR
to get the SMB header/parameters right,
\fB10\fR
to get the first 512 data bytes of the packet and
\fB50\fR
to get the whole packet\&.
.SH "OPTIONS"
.PP
\-h
.RS 4
If this parameter is specified the output file will be a hex dump, in a format that is readable by the
text2pcap
utility\&.
.RE
.PP
\-q
.RS 4
Be quiet\&. No warning messages about missing or incomplete data will be given\&.
.RE
.PP
logfile
.RS 4
Samba log file\&. log2pcap will try to read the log from stdin if the log file is not specified\&.
.RE
.PP
pcap_file
.RS 4
Name of the output file to write the pcap (or hexdump) data to\&. If this argument is not specified, output data will be written to stdout\&.
.RE
.PP
\-?|\-\-help
.RS 4
Print a summary of command line options\&.
.RE
.SH "EXAMPLES"
.PP
Extract all network traffic from all samba log files:
.PP
.if n \{\
.RS 4
.\}
.nf
$ log2pcap < /var/log/* > trace\&.pcap
.fi
.if n \{\
.RE
.\}
.PP
Convert to pcap using text2pcap:
.PP
.if n \{\
.RS 4
.\}
.nf
$ log2pcap \-h samba\&.log | text2pcap \-T 139,139 \- trace\&.pcap
.fi
.if n \{\
.RE
.\}
.SH "VERSION"
.PP
This man page is part of version 4\&.16\&.4 of the Samba suite\&.
.SH "BUGS"
.PP
Only SMB data is extracted from the samba logs, no LDAP, NetBIOS lookup or other data\&.
.PP
The generated TCP and IP headers don\*(Aqt contain a valid checksum\&.
.SH "SEE ALSO"
.PP
\fBtext2pcap\fR(1),
\fBethereal\fR(1)
.SH "AUTHOR"
.PP
The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
.PP
This manpage was written by Jelmer Vernooij\&.

256
net/samba419/files/man/ltdbtool.1 Normal file
View file

@ -0,0 +1,256 @@
'\" t
.\" Title: ltdbtool
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Date: 09/23/2020
.\" Manual: CTDB - clustered TDB database
.\" Source: ctdb
.\" Language: English
.\"
.TH "LTDBTOOL" "1" "09/23/2020" "ctdb" "CTDB \- clustered TDB database"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
ltdbtool \- manipulate CTDB\*(Aqs local TDB files
.SH "SYNOPSIS"
.HP \w'\fBltdbtool\fR\ 'u
\fBltdbtool\fR [\fIOPTION\fR...] {\fICOMMAND\fR} [\fICOMMAND\-ARGS\fR]
.SH "DESCRIPTION"
.PP
ltdbtool is a utility to manipulate CTDB\*(Aqs local TDB databases (LTDBs) without connecting to a CTDB daemon\&.
.PP
It can be used to:
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
dump the contents of a LTDB, optionally printing the CTDB record header information,
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
convert between an LTDB and a non\-clustered tdb by adding or removing CTDB headers and
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
convert between 64 and 32 bit LTDBs where the CTDB record headers differ by 4 bytes of padding\&.
.RE
.SH "OPTIONS"
.PP
\-e
.RS 4
Dump empty records\&. These are normally excluded\&.
.RE
.PP
\-p
.RS 4
Dump with header information, similar to "ctdb catdb"\&.
.RE
.PP
\-s {0 | 32 | 64}
.RS 4
Specify how to determine the CTDB record header size for the input database:
.PP
0
.RS 4
no CTDB header
.RE
.PP
32
.RS 4
CTDB header size of a 32 bit system (20 bytes)
.RE
.PP
64
.RS 4
CTDB header size of a 64 bit system (24 bytes)
.RE
.sp
The default is 32 or 64 depending on the system architecture\&.
.RE
.PP
\-o {0 | 32 | 64}
.RS 4
Specify how to determine the CTDB record header size for the output database, see \-s\&.
.RE
.PP
\-S \fISIZE\fR
.RS 4
Explicitly specify the CTDB record header SIZE of the input database in bytes\&.
.RE
.PP
\-O \fISIZE\fR
.RS 4
Explicitly specify the CTDB record header SIZE for the output database in bytes\&.
.RE
.PP
\-h
.RS 4
Print help text\&.
.RE
.SH "COMMANDS"
.PP
help
.RS 4
Print help text\&.
.RE
.PP
dump \fIIDB\fR
.RS 4
Dump the contents of an LTDB input file IDB to standard output in a human\-readable format\&.
.RE
.PP
convert \fIIDB\fR \fIODB\fR
.RS 4
Copy an LTDB input file IDB to output file ODB, optionally adding or removing CTDB headers\&.
.RE
.SH "EXAMPLES"
.PP
Print a local tdb in "tdbdump" style:
.sp
.if n \{\
.RS 4
.\}
.nf
ltdbtool dump idmap2\&.tdb\&.0
.fi
.if n \{\
.RE
.\}
.PP
Print a local tdb with header information similar to "ctdb catdb":
.sp
.if n \{\
.RS 4
.\}
.nf
ltdbtool dump \-p idmap2\&.tdb\&.0
.fi
.if n \{\
.RE
.\}
.PP
Strip the CTDB headers from records:
.sp
.if n \{\
.RS 4
.\}
.nf
ltdbtool convert \-o0 idmap2\&.tdb\&.0 idmap\&.tdb
.fi
.if n \{\
.RE
.\}
.PP
Strip 64 bit CTDB headers from records, running on i386:
.sp
.if n \{\
.RS 4
.\}
.nf
ltdbtool convert \-s64 \-o0 idmap2\&.tdb\&.0 idmap\&.tdb
.fi
.if n \{\
.RE
.\}
.PP
Strip the CTDB headers from records by piping through tdbrestore:
.sp
.if n \{\
.RS 4
.\}
.nf
ltdbtool dump idmap2\&.tdb\&.0 | tdbrestore idmap\&.tdb
.fi
.if n \{\
.RE
.\}
.PP
Convert a local tdb from a 64 bit system for usage on a 32 bit system:
.sp
.if n \{\
.RS 4
.\}
.nf
ltdbtool convert \-s64 \-o32 idmap2\&.tdb\&.0 idmap2\&.tdb\&.1
.fi
.if n \{\
.RE
.\}
.PP
Add a default header:
.sp
.if n \{\
.RS 4
.\}
.nf
ltdbtool convert \-s0 idmap\&.tdb idmap2\&.tdb\&.0
.fi
.if n \{\
.RE
.\}
.SH "SEE ALSO"
.PP
\fBctdb\fR(1),
\fBtdbdump\fR(1),
\fBtdbrestore\fR(1),
\fBctdb\fR(7),
\m[blue]\fB\%http://ctdb.samba.org/\fR\m[]
.SH "AUTHOR"
.br
.PP
This documentation was written by Gregor Beck
.SH "COPYRIGHT"
.br
Copyright \(co 2011 Gregor Beck, Michael Adam
.br
.PP
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version\&.
.PP
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE\&. See the GNU General Public License for more details\&.
.PP
You should have received a copy of the GNU General Public License along with this program; if not, see
\m[blue]\fB\%http://www.gnu.org/licenses\fR\m[]\&.
.sp

113
net/samba419/files/man/masktest.1 Normal file
View file

@ -0,0 +1,113 @@
'\" t
.\" Title: masktest
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Date: 08/09/2022
.\" Manual: Test Suite
.\" Source: Samba 4.0
.\" Language: English
.\"
.TH "MASKTEST" "1" "08/09/2022" "Samba 4\&.0" "Test Suite"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
masktest \- Find differences in wildcard matching between Samba\*(Aqs implementation and that of a remote server\&.
.SH "SYNOPSIS"
.HP \w'\fBmasktest\fR\ 'u
\fBmasktest\fR {//server/share} [\-U\ user%pass] [\-d\ debuglevel] [\-W\ workgroup] [\-n\ numloops] [\-s\ seed] [\-a] [\-E] [\-M\ max\ protocol] [\-f\ filechars] [\-m\ maskchars] [\-v]
.SH "DESCRIPTION"
.PP
masktest
is a utility for detecting differences in behaviour between Samba\*(Aqs own implementation and that of a remote server\&. It will run generate random filenames/masks and check if these match the same files they do on the remote file as they do on the local server\&. It will display any differences it finds\&.
.PP
This utility is used by the Samba team to find differences in behaviour between Samba and Windows servers\&.
.SH "OPTIONS"
.PP
\-U user%pass
.RS 4
Specify the user and password to use when logging on on the shares\&. This parameter can be specified twice (once for the first server, once for the second)\&.
.RE
.PP
\-s seed
.RS 4
Seed the random number generator with the specified value\&.
.RE
.PP
\-n numops
.RS 4
Set the number of operations to perform\&.
.RE
.PP
\-a
.RS 4
Print the operations that are performed\&.
.RE
.PP
\-M max_protocol
.RS 4
Maximum protocol to use\&.
.RE
.PP
\-f
.RS 4
Specify characters that can be used when generating file names\&. Default: abcdefghijklm\&.
.RE
.PP
\-E
.RS 4
Abort when difference in behaviour is found\&.
.RE
.PP
\-m maskchars
.RS 4
Specify characters used for wildcards\&.
.RE
.PP
\-v
.RS 4
Be verbose
.RE
.SH "VERSION"
.PP
This man page is correct for version 4\&.0 of the Samba suite\&.
.SH "SEE ALSO"
.PP
Samba
.SH "AUTHOR"
.PP
This utility is part of the
\m[blue]\fBSamba\fR\m[]\&\s-2\u[1]\d\s+2
suite, which is developed by the global
\m[blue]\fBSamba Team\fR\m[]\&\s-2\u[2]\d\s+2\&.
.PP
masktest was written by Andrew Tridgell\&.
.PP
This manpage was written by Jelmer Vernooij\&.
.SH "NOTES"
.IP " 1." 4
Samba
.RS 4
\%http://www.samba.org/
.RE
.IP " 2." 4
Samba Team
.RS 4
\%http://www.samba.org/samba/team/
.RE

166
net/samba419/files/man/mdfind.1 Normal file
View file

@ -0,0 +1,166 @@
'\" t
.\" Title: mdfind
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Date: 09/23/2020
.\" Manual: User Commands
.\" Source: Samba 4.12.7
.\" Language: English
.\"
.TH "MDFIND" "1" "09/23/2020" "Samba 4\&.12\&.7" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
mdfind \- Run Spotlight searches against an SMB server
.SH "SYNOPSIS"
.HP \w'\ 'u
mvxattr {server} {sharename} {query} [\-p,\ \-\-path] [\-L,\ \-\-live]
.SH "DESCRIPTION"
.PP
This tool is part of the
\fBsamba\fR(1)
suite\&.
.PP
mdfind is a simple utility to run Spotlight searches against an SMB server that runs the Spotlight
\fImdssvc\fR
RPC service\&.
.SH "OPTIONS"
.PP
server
.RS 4
The SMB server name or IP address to connect to\&.
.RE
.PP
sharename
.RS 4
The name of a share on the server\&.
.RE
.PP
query
.RS 4
The query expression syntax is a simplified form of filename globbing familiar to shell users\&. Queries have the following format:
.sp
attribute=="value"
.sp
For queries against a Samba server with Spotlight enabled using the Elasticsearch backend, the list of supported metadata attributes is given by the JSON attribute mapping file, typically installed at
/usr/share/samba/mdssvc/elasticsearch_mappings\&.json
.RE
.PP
\-p PATH, \-\-path=PATH
.RS 4
Server side path to search, defaults to
\fI"/"\fR
.RE
.PP
\-L, \-\-live
.RS 4
Query remains running\&.
.RE
.SH "EXAMPLES"
.PP
Search all indexed metadata attributes, exact match:
.sp
.if n \{\
.RS 4
.\}
.nf
\*(Aq*=="Samba"\*(Aq
.fi
.if n \{\
.RE
.\}
.PP
Search all indexed metadata attributes, prefix match:
.sp
.if n \{\
.RS 4
.\}
.nf
\*(Aq*=="Samba*"\*(Aq
.fi
.if n \{\
.RE
.\}
.PP
Search by filename:
.sp
.if n \{\
.RS 4
.\}
.nf
\*(AqkMDItemFSName=="Samba*"\*(Aq
.fi
.if n \{\
.RE
.\}
.PP
Search by date:
.sp
.if n \{\
.RS 4
.\}
.nf
\*(AqkMDItemFSContentChangeDate<$time\&.iso(2018\-10\-01T10:00:00Z)\*(Aq
.fi
.if n \{\
.RE
.\}
.PP
Search files\*(Aqs content:
.sp
.if n \{\
.RS 4
.\}
.nf
\*(AqkMDItemTextContent=="Samba*"\*(Aq
.fi
.if n \{\
.RE
.\}
.PP
Expressions:
.sp
.if n \{\
.RS 4
.\}
.nf
kMDItemFSName=="Samba*"||kMDItemTextContent=="Tango*"\*(Aq
.fi
.if n \{\
.RE
.\}
.SH "SEE ALSO"
.PP
File Metadata Search Programming Guide
https://developer\&.apple\&.com/library/archive/documentation/Carbon/Conceptual/SpotlightQuery/Concepts/Introduction\&.html
.SH "VERSION"
.PP
This man page is part of version 4\&.12\&.7 of the Samba suite\&.
.SH "AUTHOR"
.PP
The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
.PP
The mdfind manpage was written by Ralph Boehme\&.

357
net/samba419/files/man/mdsearch.1 Normal file
View file

@ -0,0 +1,357 @@
'\" t
.\" Title: mdsearch
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Date: 08/09/2022
.\" Manual: User Commands
.\" Source: Samba 4.16.4
.\" Language: English
.\"
.TH "MDSEARCH" "1" "08/09/2022" "Samba 4\&.16\&.4" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
mdsearch \- Run Spotlight searches against an SMB server
.SH "SYNOPSIS"
.HP \w'\ 'u
mdfine {server} {sharename} {query} [\-p,\ \-\-path=STRING] [\-L,\ \-\-live] [\-?|\-\-help] [\-\-usage] [\-d|\-\-debuglevel=DEBUGLEVEL] [\-\-debug\-stdout] [\-\-configfile=CONFIGFILE] [\-\-option=name=value] [\-l|\-\-log\-basename=LOGFILEBASE] [\-\-leak\-report] [\-\-leak\-report\-full] [\-R|\-\-name\-resolve=NAME\-RESOLVE\-ORDER] [\-O|\-\-socket\-options=SOCKETOPTIONS] [\-m|\-\-max\-protocol=MAXPROTOCOL] [\-n|\-\-netbiosname=NETBIOSNAME] [\-\-netbios\-scope=SCOPE] [\-W|\-\-workgroup=WORKGROUP] [\-\-realm=REALM] [\-U|\-\-user=[DOMAIN/]USERNAME[%PASSWORD]] [\-N|\-\-no\-pass] [\-\-password=STRING] [\-\-pw\-nt\-hash] [\-A|\-\-authentication\-file=FILE] [\-P|\-\-machine\-pass] [\-\-simple\-bind\-dn=DN] [\-\-use\-kerberos=desired|required|off] [\-\-use\-krb5\-ccache=CCACHE] [\-\-use\-winbind\-ccache] [\-\-client\-protection=sign|encrypt|off] [\-V|\-\-version]
.SH "DESCRIPTION"
.PP
This tool is part of the
\fBsamba\fR(1)
suite\&.
.PP
mdsearch is a simple utility to run Spotlight searches against an SMB server that runs the Spotlight
\fImdssvc\fR
RPC service\&.
.SH "OPTIONS"
.PP
server
.RS 4
The SMB server name or IP address to connect to\&.
.RE
.PP
sharename
.RS 4
The name of a share on the server\&.
.RE
.PP
query
.RS 4
The query expression syntax is a simplified form of filename globbing familiar to shell users\&. Queries have the following format:
.sp
attribute=="value"
.sp
For queries against a Samba server with Spotlight enabled using the Elasticsearch backend, the list of supported metadata attributes is given by the JSON attribute mapping file, typically installed at
/usr/share/samba/mdssvc/elasticsearch_mappings\&.json
.RE
.PP
\-p PATH, \-\-path=PATH
.RS 4
Server side path to search, defaults to
\fI"/"\fR
.RE
.PP
\-L, \-\-live
.RS 4
Query remains running\&.
.RE
.PP
\-?|\-\-help
.RS 4
Print a summary of command line options\&.
.RE
.PP
\-\-usage
.RS 4
Display brief usage message\&.
.RE
.PP
\-d|\-\-debuglevel=DEBUGLEVEL
.RS 4
\fIlevel\fR
is an integer from 0 to 10\&. The default value if this parameter is not specified is 1 for client applications\&.
.sp
The higher this value, the more detail will be logged to the log files about the activities of the server\&. At level 0, only critical errors and serious warnings will be logged\&. Level 1 is a reasonable level for day\-to\-day running \- it generates a small amount of information about operations carried out\&.
.sp
Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&.
.sp
Note that specifying this parameter here will override the
\m[blue]\fBlog level\fR\m[]
parameter in the
smb\&.conf
file\&.
.RE
.PP
\-\-debug\-stdout
.RS 4
This will redirect debug output to STDOUT\&. By default all clients are logging to STDERR\&.
.RE
.PP
\-\-configfile=<configuration file>
.RS 4
The file specified contains the configuration details required by the client\&. The information in this file can be general for client and server or only provide client specific like options such as
\m[blue]\fBclient smb encrypt\fR\m[]\&. See
smb\&.conf
for more information\&. The default configuration file name is determined at compile time\&.
.RE
.PP
\-\-option=<name>=<value>
.RS 4
Set the
\fBsmb.conf\fR(5)
option "<name>" to value "<value>" from the command line\&. This overrides compiled\-in defaults and options read from the configuration file\&. If a name or a value includes a space, wrap whole \-\-option=name=value into quotes\&.
.RE
.PP
\-l|\-\-log\-basename=logdirectory
.RS 4
Base directory name for log/debug files\&. The extension
\fB"\&.progname"\fR
will be appended (e\&.g\&. log\&.smbclient, log\&.smbd, etc\&.\&.\&.)\&. The log file is never removed by the client\&.
.RE
.PP
\-\-leak\-report
.RS 4
Enable talloc leak reporting on exit\&.
.RE
.PP
\-\-leak\-report\-full
.RS 4
Enable full talloc leak reporting on exit\&.
.RE
.PP
\-V|\-\-version
.RS 4
Prints the program version number\&.
.RE
.PP
\-U|\-\-user=[DOMAIN\e]USERNAME[%PASSWORD]
.RS 4
Sets the SMB username or username and password\&.
.sp
If %PASSWORD is not specified, the user will be prompted\&. The client will first check the
\fBUSER\fR
environment variable (which is also permitted to also contain the password seperated by a %), then the
\fBLOGNAME\fR
variable (which is not permitted to contain a password) and if either exists, the value is used\&. If these environmental variables are not found, the username found in a Kerberos Credentials cache may be used\&.
.sp
A third option is to use a credentials file which contains the plaintext of the username and password\&. This option is mainly provided for scripts where the admin does not wish to pass the credentials on the command line or via environment variables\&. If this method is used, make certain that the permissions on the file restrict access from unwanted users\&. See the
\fI\-A\fR
for more details\&.
.sp
Be cautious about including passwords in scripts or passing user\-supplied values onto the command line\&. For security it is better to let the Samba client tool ask for the password if needed, or obtain the password once with
kinit\&.
.sp
While Samba will attempt to scrub the password from the process title (as seen in ps), this is after startup and so is subject to a race\&.
.RE
.PP
\-N|\-\-no\-pass
.RS 4
If specified, this parameter suppresses the normal password prompt from the client to the user\&. This is useful when accessing a service that does not require a password\&.
.sp
Unless a password is specified on the command line or this parameter is specified, the client will request a password\&.
.sp
If a password is specified on the command line and this option is also defined the password on the command line will be silently ignored and no password will be used\&.
.RE
.PP
\-\-password
.RS 4
Specify the password on the commandline\&.
.sp
Be cautious about including passwords in scripts or passing user\-supplied values onto the command line\&. For security it is better to let the Samba client tool ask for the password if needed, or obtain the password once with
kinit\&.
.sp
If \-\-password is not specified, the tool will check the
\fBPASSWD\fR
environment variable, followed by
\fBPASSWD_FD\fR
which is expected to contain an open file descriptor (FD) number\&.
.sp
Finally it will check
\fBPASSWD_FILE\fR
(containing a file path to be opened)\&. The file should only contain the password\&. Make certain that the permissions on the file restrict access from unwanted users!
.sp
While Samba will attempt to scrub the password from the process title (as seen in ps), this is after startup and so is subject to a race\&.
.RE
.PP
\-\-pw\-nt\-hash
.RS 4
The supplied password is the NT hash\&.
.RE
.PP
\-A|\-\-authentication\-file=filename
.RS 4
This option allows you to specify a file from which to read the username and password used in the connection\&. The format of the file is:
.sp
.if n \{\
.RS 4
.\}
.nf
username = <value>
password = <value>
domain = <value>
.fi
.if n \{\
.RE
.\}
.sp
Make certain that the permissions on the file restrict access from unwanted users!
.RE
.PP
\-P|\-\-machine\-pass
.RS 4
Use stored machine account password\&.
.RE
.PP
\-\-simple\-bind\-dn=DN
.RS 4
DN to use for a simple bind\&.
.RE
.PP
\-\-use\-kerberos=desired|required|off
.RS 4
This parameter determines whether Samba client tools will try to authenticate using Kerberos\&. For Kerberos authentication you need to use dns names instead of IP addresses when connnecting to a service\&.
.sp
Note that specifying this parameter here will override the
\m[blue]\fBclient use kerberos\fR\m[]
parameter in the
smb\&.conf
file\&.
.RE
.PP
\-\-use\-krb5\-ccache=CCACHE
.RS 4
Specifies the credential cache location for Kerberos authentication\&.
.sp
This will set \-\-use\-kerberos=required too\&.
.RE
.PP
\-\-use\-winbind\-ccache
.RS 4
Try to use the credential cache by winbind\&.
.RE
.PP
\-\-client\-protection=sign|encrypt|off
.RS 4
Sets the connection protection the client tool should use\&.
.sp
Note that specifying this parameter here will override the
\m[blue]\fBclient protection\fR\m[]
parameter in the
smb\&.conf
file\&.
.sp
In case you need more fine grained control you can use:
\-\-option=clientsmbencrypt=OPTION,
\-\-option=clientipcsigning=OPTION,
\-\-option=clientsigning=OPTION\&.
.RE
.SH "EXAMPLES"
.PP
Search all indexed metadata attributes, exact match:
.sp
.if n \{\
.RS 4
.\}
.nf
\*(Aq*=="Samba"\*(Aq
.fi
.if n \{\
.RE
.\}
.PP
Search all indexed metadata attributes, prefix match:
.sp
.if n \{\
.RS 4
.\}
.nf
\*(Aq*=="Samba*"\*(Aq
.fi
.if n \{\
.RE
.\}
.PP
Search by filename:
.sp
.if n \{\
.RS 4
.\}
.nf
\*(AqkMDItemFSName=="Samba*"\*(Aq
.fi
.if n \{\
.RE
.\}
.PP
Search by date:
.sp
.if n \{\
.RS 4
.\}
.nf
\*(AqkMDItemFSContentChangeDate<$time\&.iso(2018\-10\-01T10:00:00Z)\*(Aq
.fi
.if n \{\
.RE
.\}
.PP
Search files\*(Aqs content:
.sp
.if n \{\
.RS 4
.\}
.nf
\*(AqkMDItemTextContent=="Samba*"\*(Aq
.fi
.if n \{\
.RE
.\}
.PP
Expressions:
.sp
.if n \{\
.RS 4
.\}
.nf
kMDItemFSName=="Samba*"||kMDItemTextContent=="Tango*"\*(Aq
.fi
.if n \{\
.RE
.\}
.SH "SEE ALSO"
.PP
File Metadata Search Programming Guide
https://developer\&.apple\&.com/library/archive/documentation/Carbon/Conceptual/SpotlightQuery/Concepts/Introduction\&.html
.SH "VERSION"
.PP
This man page is part of version 4\&.16\&.4 of the Samba suite\&.
.SH "AUTHOR"
.PP
The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
.PP
The mdsearch manpage was written by Ralph Boehme\&.

84
net/samba419/files/man/mvxattr.1 Normal file
View file

@ -0,0 +1,84 @@
'\" t
.\" Title: mvxattr
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Date: 08/09/2022
.\" Manual: User Commands
.\" Source: Samba 4.16.4
.\" Language: English
.\"
.TH "MVXATTR" "1" "08/09/2022" "Samba 4\&.16\&.4" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
mvxattr \- Recursively rename extended attributes
.SH "SYNOPSIS"
.HP \w'\ 'u
mvxattr {\-s\ STRING,\ \-\-from=STRING} {\-d\ STRING,\ \-\-to=STRING} [\-l,\ \-\-follow\-symlinks] [\-p,\ \-\-print] [\-v,\ \-\-verbose] [\-f,\ \-\-force] {PATH\ [PATH\ \&.\&.\&.]}
.SH "DESCRIPTION"
.PP
This tool is part of the
\fBsamba\fR(1)
suite\&.
.PP
mvxattr is a simple utility to recursively rename extended attributes\&.
.PP
By default all symlinks are ignored, use
\fB\-l\fR
to follow them\&.
.SH "OPTIONS"
.PP
\-s STRING, \-\-from=STRING
.RS 4
Source xattr name
.RE
.PP
\-d STRING, \-\-to=STRING
.RS 4
Destination xattr name
.RE
.PP
\-l, \-\-follow\-symlinks
.RS 4
Follow symlinks, the default is to ignore them\&.
.RE
.PP
\-p, \-\-print
.RS 4
Print files where the xattr got renamed\&.
.RE
.PP
\-v, \-\-verbose
.RS 4
Print files as they are checked\&.
.RE
.PP
\-f, \-\-force
.RS 4
Force overwriting of destination xattr\&.
.RE
.SH "VERSION"
.PP
This man page is part of version 4\&.16\&.4 of the Samba suite\&.
.SH "AUTHOR"
.PP
The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
.PP
The mvxattr manpage was written by Ralph Boehme\&.

84
net/samba419/files/man/ndrdump.1 Normal file
View file

@ -0,0 +1,84 @@
'\" t
.\" Title: ndrdump
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Date: 08/09/2022
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
.TH "NDRDUMP" "1" "08/09/2022" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
ndrdump \- DCE/RPC Packet Parser and Dumper
.SH "SYNOPSIS"
.HP \w'\fBndrdump\fR\ 'u
\fBndrdump\fR [\-c\ context] {pipe} {format} {in|out|struct} {filename}
.HP \w'\fBndrdump\fR\ 'u
\fBndrdump\fR [pipe]
.HP \w'\fBndrdump\fR\ 'u
\fBndrdump\fR
.SH "DESCRIPTION"
.PP
ndrdump tries to parse the specified
\fIfilename\fR
using Samba\*(Aqs parser for the specified pipe and format\&. The third argument should be either
\fIin\fR,
\fIout\fR
or
\fIstruct\fRdepending on whether the data should be parsed as a request, reply or a public structure\&.
.PP
Running ndrdump without arguments will list the pipes for which parsers are available\&.
.PP
Running ndrdump with one argument will list the functions and public structures that Samba can parse for the specified pipe\&.
.PP
The primary function of ndrdump is debugging Samba\*(Aqs internal DCE/RPC parsing functions\&. The file being parsed is usually one exported by wiresharks
\(lqExport selected packet bytes\(rq
function\&.
.PP
The context argument can be used to load context data from the request packet when parsing reply packets (such as array lengths)\&.
.SH "VERSION"
.PP
This man page is correct for version 4\&.0 of the Samba suite\&.
.SH "SEE ALSO"
.PP
wireshark, pidl
.SH "AUTHOR"
.PP
This utility is part of the
\m[blue]\fBSamba\fR\m[]\&\s-2\u[1]\d\s+2
suite, which is developed by the global
\m[blue]\fBSamba Team\fR\m[]\&\s-2\u[2]\d\s+2\&.
.PP
ndrdump was written by Andrew Tridgell\&.
.PP
This manpage was written by Jelmer Vernooij\&.
.SH "NOTES"
.IP " 1." 4
Samba
.RS 4
\%http://www.samba.org/
.RE
.IP " 2." 4
Samba Team
.RS 4
\%http://www.samba.org/samba/team/
.RE

341
net/samba419/files/man/nmblookup.1 Normal file
View file

@ -0,0 +1,341 @@
'\" t
.\" Title: nmblookup
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Date: 08/09/2022
.\" Manual: User Commands
.\" Source: Samba 4.16.4
.\" Language: English
.\"
.TH "NMBLOOKUP" "1" "08/09/2022" "Samba 4\&.16\&.4" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
nmblookup \- NetBIOS over TCP/IP client used to lookup NetBIOS names
.SH "SYNOPSIS"
.HP \w'\ 'u
nmblookup [\-M|\-\-master\-browser] [\-\-recursion] [\-S|\-\-status] [\-r|\-\-root\-port] [\-A|\-\-lookup\-by\-ip] [\-B|\-\-broadcast=BROADCAST\-ADDRESS] [\-U|\-\-unicast=UNICAST\-ADDRESS] [\-T|\-\-translate] [\-f|\-\-flags] [\-?|\-\-help] [\-\-usage] [\-d|\-\-debuglevel=DEBUGLEVEL] [\-\-debug\-stdout] [\-\-configfile=CONFIGFILE] [\-\-option=name=value] [\-l|\-\-log\-basename=LOGFILEBASE] [\-\-leak\-report] [\-\-leak\-report\-full] [\-R|\-\-name\-resolve=NAME\-RESOLVE\-ORDER] [\-O|\-\-socket\-options=SOCKETOPTIONS] [\-m|\-\-max\-protocol=MAXPROTOCOL] [\-n|\-\-netbiosname=NETBIOSNAME] [\-\-netbios\-scope=SCOPE] [\-W|\-\-workgroup=WORKGROUP] [\-\-realm=REALM] {name}
.SH "DESCRIPTION"
.PP
This tool is part of the
\fBsamba\fR(7)
suite\&.
.PP
nmblookup
is used to query NetBIOS names and map them to IP addresses in a network using NetBIOS over TCP/IP queries\&. The options allow the name queries to be directed at a particular IP broadcast area or to a particular machine\&. All queries are done over UDP\&.
.SH "OPTIONS"
.PP
\-M|\-\-master\-browser
.RS 4
Searches for a master browser by looking up the NetBIOS
\fIname\fR
with a type of
\fB0x1d\fR\&. If
\fI name\fR
is "\-" then it does a lookup on the special name
\fB__MSBROWSE__\fR\&. Please note that in order to use the name "\-", you need to make sure "\-" isn\*(Aqt parsed as an argument, e\&.g\&. use :
\fBnmblookup \-M \-\- \-\fR\&.
.RE
.PP
\-\-recursion
.RS 4
Set the recursion desired bit in the packet to do a recursive lookup\&. This is used when sending a name query to a machine running a WINS server and the user wishes to query the names in the WINS server\&. If this bit is unset the normal (broadcast responding) NetBIOS processing code on a machine is used instead\&. See RFC1001, RFC1002 for details\&.
.RE
.PP
\-S|\-\-status
.RS 4
Once the name query has returned an IP address then do a node status query as well\&. A node status query returns the NetBIOS names registered by a host\&.
.RE
.PP
\-r|\-\-root\-port
.RS 4
Try and bind to UDP port 137 to send and receive UDP datagrams\&. The reason for this option is a bug in Windows 95 where it ignores the source port of the requesting packet and only replies to UDP port 137\&. Unfortunately, on most UNIX systems root privilege is needed to bind to this port, and in addition, if the
\fBnmbd\fR(8)
daemon is running on this machine it also binds to this port\&.
.RE
.PP
\-A|\-\-lookup\-by\-ip
.RS 4
Interpret
\fIname\fR
as an IP Address and do a node status query on this address\&.
.RE
.PP
\-B|\-\-broadcast <broadcast address>
.RS 4
Send the query to the given broadcast address\&. Without this option the default behavior of nmblookup is to send the query to the broadcast address of the network interfaces as either auto\-detected or defined in the
\fIinterfaces\fR
parameter of the
\fBsmb.conf\fR(5)
file\&.
.RE
.PP
\-U|\-\-unicast <unicast address>
.RS 4
Do a unicast query to the specified address or host
\fIunicast address\fR\&. This option (along with the
\fI\-R\fR
option) is needed to query a WINS server\&.
.RE
.PP
\-T|\-\-translate
.RS 4
This causes any IP addresses found in the lookup to be looked up via a reverse DNS lookup into a DNS name, and printed out before each
.sp
\fIIP address \&.\&.\&.\&. NetBIOS name\fR
.sp
pair that is the normal output\&.
.RE
.PP
\-f|\-\-flags
.RS 4
Show which flags apply to the name that has been looked up\&. Possible answers are zero or more of: Response, Authoritative, Truncated, Recursion_Desired, Recursion_Available, Broadcast\&.
.RE
.PP
name
.RS 4
This is the NetBIOS name being queried\&. Depending upon the previous options this may be a NetBIOS name or IP address\&. If a NetBIOS name then the different name types may be specified by appending \*(Aq#<type>\*(Aq to the name\&. This name may also be \*(Aq*\*(Aq, which will return all registered names within a broadcast area\&.
.RE
.PP
\-d|\-\-debuglevel=DEBUGLEVEL
.RS 4
\fIlevel\fR
is an integer from 0 to 10\&. The default value if this parameter is not specified is 1 for client applications\&.
.sp
The higher this value, the more detail will be logged to the log files about the activities of the server\&. At level 0, only critical errors and serious warnings will be logged\&. Level 1 is a reasonable level for day\-to\-day running \- it generates a small amount of information about operations carried out\&.
.sp
Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&.
.sp
Note that specifying this parameter here will override the
\m[blue]\fBlog level\fR\m[]
parameter in the
smb\&.conf
file\&.
.RE
.PP
\-\-debug\-stdout
.RS 4
This will redirect debug output to STDOUT\&. By default all clients are logging to STDERR\&.
.RE
.PP
\-\-configfile=<configuration file>
.RS 4
The file specified contains the configuration details required by the client\&. The information in this file can be general for client and server or only provide client specific like options such as
\m[blue]\fBclient smb encrypt\fR\m[]\&. See
smb\&.conf
for more information\&. The default configuration file name is determined at compile time\&.
.RE
.PP
\-\-option=<name>=<value>
.RS 4
Set the
\fBsmb.conf\fR(5)
option "<name>" to value "<value>" from the command line\&. This overrides compiled\-in defaults and options read from the configuration file\&. If a name or a value includes a space, wrap whole \-\-option=name=value into quotes\&.
.RE
.PP
\-l|\-\-log\-basename=logdirectory
.RS 4
Base directory name for log/debug files\&. The extension
\fB"\&.progname"\fR
will be appended (e\&.g\&. log\&.smbclient, log\&.smbd, etc\&.\&.\&.)\&. The log file is never removed by the client\&.
.RE
.PP
\-\-leak\-report
.RS 4
Enable talloc leak reporting on exit\&.
.RE
.PP
\-\-leak\-report\-full
.RS 4
Enable full talloc leak reporting on exit\&.
.RE
.PP
\-V|\-\-version
.RS 4
Prints the program version number\&.
.RE
.PP
\-R|\-\-name\-resolve=NAME\-RESOLVE\-ORDER
.RS 4
This option is used to determine what naming services and in what order to resolve host names to IP addresses\&. The option takes a space\-separated string of different name resolution options\&. The best ist to wrap the whole \-\-name\-resolve=NAME\-RESOLVE\-ORDER into quotes\&.
.sp
The options are: "lmhosts", "host", "wins" and "bcast"\&. They cause names to be resolved as follows:
.RS
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fBlmhosts\fR: Lookup an IP address in the Samba lmhosts file\&. If the line in lmhosts has no name type attached to the NetBIOS name (see the
\fBlmhosts\fR(5)
for details) then any name type matches for lookup\&.
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fBhost\fR: Do a standard host name to IP address resolution, using the system
/etc/hosts, NIS, or DNS lookups\&. This method of name resolution is operating system dependent, for instance on IRIX or Solaris this may be controlled by the
/etc/nsswitch\&.conf
file)\&. Note that this method is only used if the NetBIOS name type being queried is the 0x20 (server) name type, otherwise it is ignored\&.
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fBwins\fR: Query a name with the IP address listed in the
\fIwins server\fR
parameter\&. If no WINS server has been specified this method will be ignored\&.
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fBbcast\fR: Do a broadcast on each of the known local interfaces listed in the
\fIinterfaces\fR
parameter\&. This is the least reliable of the name resolution methods as it depends on the target host being on a locally connected subnet\&.
.RE
.sp
.RE
If this parameter is not set then the name resolve order defined in the
smb\&.conf
file parameter (\m[blue]\fBname resolve order\fR\m[]) will be used\&.
.sp
The default order is lmhosts, host, wins, bcast\&. Without this parameter or any entry in the
\m[blue]\fBname resolve order\fR\m[]
parameter of the
smb\&.conf
file, the name resolution methods will be attempted in this order\&.
.RE
.PP
\-O|\-\-socket\-options=SOCKETOPTIONS
.RS 4
TCP socket options to set on the client socket\&. See the socket options parameter in the
smb\&.conf
manual page for the list of valid options\&.
.RE
.PP
\-m|\-\-max\-protocol=MAXPROTOCOL
.RS 4
The value of the parameter (a string) is the highest protocol level that will be supported by the client\&.
.sp
Note that specifying this parameter here will override the
\m[blue]\fBclient max protocol\fR\m[]
parameter in the
smb\&.conf
file\&.
.RE
.PP
\-n|\-\-netbiosname=NETBIOSNAME
.RS 4
This option allows you to override the NetBIOS name that Samba uses for itself\&. This is identical to setting the
\m[blue]\fBnetbios name\fR\m[]
parameter in the
smb\&.conf
file\&. However, a command line setting will take precedence over settings in
smb\&.conf\&.
.RE
.PP
\-\-netbios\-scope=SCOPE
.RS 4
This specifies a NetBIOS scope that
nmblookup
will use to communicate with when generating NetBIOS names\&. For details on the use of NetBIOS scopes, see rfc1001\&.txt and rfc1002\&.txt\&. NetBIOS scopes are
\fIvery\fR
rarely used, only set this parameter if you are the system administrator in charge of all the NetBIOS systems you communicate with\&.
.RE
.PP
\-W|\-\-workgroup=WORKGROUP
.RS 4
Set the SMB domain of the username\&. This overrides the default domain which is the domain defined in smb\&.conf\&. If the domain specified is the same as the servers NetBIOS name, it causes the client to log on using the servers local SAM (as opposed to the Domain SAM)\&.
.sp
Note that specifying this parameter here will override the
\m[blue]\fBworkgroup\fR\m[]
parameter in the
smb\&.conf
file\&.
.RE
.PP
\-r|\-\-realm=REALM
.RS 4
Set the realm for the domain\&.
.sp
Note that specifying this parameter here will override the
\m[blue]\fBrealm\fR\m[]
parameter in the
smb\&.conf
file\&.
.RE
.PP
\-?|\-\-help
.RS 4
Print a summary of command line options\&.
.RE
.PP
\-\-usage
.RS 4
Display brief usage message\&.
.RE
.SH "EXAMPLES"
.PP
nmblookup
can be used to query a WINS server (in the same way
nslookup
is used to query DNS servers)\&. To query a WINS server,
nmblookup
must be called like this:
.PP
nmblookup \-U server \-R \*(Aqname\*(Aq
.PP
For example, running :
.PP
nmblookup \-U samba\&.org \-R \*(AqIRIX#1B\*(Aq
.PP
would query the WINS server samba\&.org for the domain master browser (1B name type) for the IRIX workgroup\&.
.SH "VERSION"
.PP
This man page is part of version 4\&.16\&.4 of the Samba suite\&.
.SH "SEE ALSO"
.PP
\fBnmbd\fR(8),
\fBsamba\fR(7), and
\fBsmb.conf\fR(5)\&.
.SH "AUTHOR"
.PP
The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.

157
net/samba419/files/man/nmblookup4.1 Normal file
View file

@ -0,0 +1,157 @@
'\" t
.\" Title: nmblookup4
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
.\" Date: 03/24/2017
.\" Manual: User Commands
.\" Source: Samba 3.2
.\" Language: English
.\"
.TH "NMBLOOKUP4" "1" "03/24/2017" "Samba 3\&.2" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
nmblookup4 \- NetBIOS over TCP/IP client used to lookup NetBIOS names
.SH "SYNOPSIS"
.HP \w'\fBnmblookup4\fR\ 'u
\fBnmblookup4\fR [\-M] [\-R] [\-S] [\-r] [\-A] [\-h] [\-B\ <broadcast\ address>] [\-U\ <unicast\ address>] [\-d\ <debug\ level>] [\-s\ <smb\ config\ file>] [\-i\ <NetBIOS\ scope>] [\-T] [\-f] {name}
.SH "DESCRIPTION"
.PP
This tool is part of the
\fBsamba\fR(7)
suite\&.
.PP
\fBnmblookup4\fR
is used to query NetBIOS names and map them to IP addresses in a network using NetBIOS over TCP/IP queries\&. The options allow the name queries to be directed at a particular IP broadcast area or to a particular machine\&. All queries are done over UDP\&.
.SH "OPTIONS"
.PP
\-M
.RS 4
Searches for a master browser by looking up the NetBIOS
\fIname\fR
with a type of
\fB0x1d\fR\&. If
\fI name\fR
is "\-" then it does a lookup on the special name
\fB__MSBROWSE__\fR\&. Please note that in order to use the name "\-", you need to make sure "\-" isn\*(Aqt parsed as an argument, e\&.g\&. use :
\fBnmblookup4 \-M \-\- \-\fR\&.
.RE
.PP
\-R
.RS 4
Set the recursion desired bit in the packet to do a recursive lookup\&. This is used when sending a name query to a machine running a WINS server and the user wishes to query the names in the WINS server\&. If this bit is unset the normal (broadcast responding) NetBIOS processing code on a machine is used instead\&. See RFC1001, RFC1002 for details\&.
.RE
.PP
\-S
.RS 4
Once the name query has returned an IP address then do a node status query as well\&. A node status query returns the NetBIOS names registered by a host\&.
.RE
.PP
\-r
.RS 4
Try and bind to UDP port 137 to send and receive UDP datagrams\&. The reason for this option is a bug in Windows 95 where it ignores the source port of the requesting packet and only replies to UDP port 137\&. Unfortunately, on most UNIX systems root privilege is needed to bind to this port, and in addition, if the
\fBnmbd\fR(8)
daemon is running on this machine it also binds to this port\&.
.RE
.PP
\-A
.RS 4
Interpret
\fIname\fR
as an IP Address and do a node status query on this address\&.
.RE
.PP
\-B <broadcast address>
.RS 4
Send the query to the given broadcast address\&. Without this option the default behavior of nmblookup4 is to send the query to the broadcast address of the network interfaces as either auto\-detected or defined in the
\m[blue]\fB\fIinterfaces\fR\fR\m[]\&\s-2\u[1]\d\s+2
parameter of the
\fBsmb.conf\fR(5)
file\&.
.RE
.PP
\-U <unicast address>
.RS 4
Do a unicast query to the specified address or host
\fIunicast address\fR\&. This option (along with the
\fI\-R\fR
option) is needed to query a WINS server\&.
.RE
.PP
\-T
.RS 4
This causes any IP addresses found in the lookup to be looked up via a reverse DNS lookup into a DNS name, and printed out before each
.sp
\fIIP address \&.\&.\&.\&. NetBIOS name\fR
.sp
pair that is the normal output\&.
.RE
.PP
\-f
.RS 4
Show which flags apply to the name that has been looked up\&. Possible answers are zero or more of: Response, Authoritative, Truncated, Recursion_Desired, Recursion_Available, Broadcast\&.
.RE
.PP
name
.RS 4
This is the NetBIOS name being queried\&. Depending upon the previous options this may be a NetBIOS name or IP address\&. If a NetBIOS name then the different name types may be specified by appending \*(Aq#<type>\*(Aq to the name\&. This name may also be \*(Aq*\*(Aq, which will return all registered names within a broadcast area\&.
.RE
.SH "EXAMPLES"
.PP
\fBnmblookup4\fR
can be used to query a WINS server (in the same way
\fBnslookup\fR
is used to query DNS servers)\&. To query a WINS server,
\fBnmblookup4\fR
must be called like this:
.PP
\fBnmblookup4 \-U server \-R \*(Aqname\*(Aq\fR
.PP
For example, running :
.PP
\fBnmblookup4 \-U samba\&.org \-R \*(AqIRIX#1B\*(Aq\fR
.PP
would query the WINS server samba\&.org for the domain master browser (1B name type) for the IRIX workgroup\&.
.SH "VERSION"
.PP
This man page is correct for version 3 of the Samba suite\&.
.SH "SEE ALSO"
.PP
\fBnmbd\fR(8),
\fBsamba\fR(7), and
\fBsmb.conf\fR(5)\&.
.SH "AUTHOR"
.PP
The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
.PP
The original Samba man pages were written by Karl Auer\&. The man page sources were converted to YODL format (another excellent piece of Open Source software, available at
\m[blue]\fBftp://ftp\&.icce\&.rug\&.nl/pub/unix/\fR\m[]\&\s-2\u[2]\d\s+2) and updated for the Samba 2\&.0 release by Jeremy Allison\&. The conversion to DocBook for Samba 2\&.2 was done by Gerald Carter\&. The conversion to DocBook XML 4\&.2 for Samba 3\&.0 was done by Alexander Bokovoy\&.
.SH "NOTES"
.IP " 1." 4
\fIinterfaces\fR
.RS 4
\%[set $man.base.url.for.relative.links]/smb.conf.5.html#INTERFACES
.RE
.IP " 2." 4
ftp://ftp.icce.rug.nl/pub/unix/
.RS 4
\%ftp://ftp.icce.rug.nl/pub/unix/
.RE

458
net/samba419/files/man/ntlm_auth.1 Normal file
View file

@ -0,0 +1,458 @@
'\" t
.\" Title: ntlm_auth
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Date: 08/09/2022
.\" Manual: User Commands
.\" Source: Samba 4.16.4
.\" Language: English
.\"
.TH "NTLM_AUTH" "1" "08/09/2022" "Samba 4\&.16\&.4" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
ntlm_auth \- tool to allow external access to Winbind\*(Aqs NTLM authentication function
.SH "SYNOPSIS"
.HP \w'\ 'u
ntlm_auth
.SH "DESCRIPTION"
.PP
This tool is part of the
\fBsamba\fR(7)
suite\&.
.PP
ntlm_auth
is a helper utility that authenticates users using NT/LM authentication\&. It returns 0 if the users is authenticated successfully and 1 if access was denied\&. ntlm_auth uses winbind to access the user and authentication data for a domain\&. This utility is only intended to be used by other programs (currently
Squid
and
mod_ntlm_winbind)
.SH "OPERATIONAL REQUIREMENTS"
.PP
The
\fBwinbindd\fR(8)
daemon must be operational for many of these commands to function\&.
.PP
Some of these commands also require access to the directory
winbindd_privileged
in
$LOCKDIR\&. This should be done either by running this command as root or providing group access to the
winbindd_privileged
directory\&. For security reasons, this directory should not be world\-accessable\&.
.SH "OPTIONS"
.PP
\-\-helper\-protocol=PROTO
.RS 4
Operate as a stdio\-based helper\&. Valid helper protocols are:
.PP
squid\-2\&.4\-basic
.RS 4
Server\-side helper for use with Squid 2\&.4\*(Aqs basic (plaintext) authentication\&.
.RE
.PP
squid\-2\&.5\-basic
.RS 4
Server\-side helper for use with Squid 2\&.5\*(Aqs basic (plaintext) authentication\&.
.RE
.PP
squid\-2\&.5\-ntlmssp
.RS 4
Server\-side helper for use with Squid 2\&.5\*(Aqs NTLMSSP authentication\&.
.sp
Requires access to the directory
winbindd_privileged
in
$LOCKDIR\&. The protocol used is described here:
http://devel\&.squid\-cache\&.org/ntlm/squid_helper_protocol\&.html\&. This protocol has been extended to allow the NTLMSSP Negotiate packet to be included as an argument to the
YR
command\&. (Thus avoiding loss of information in the protocol exchange)\&.
.RE
.PP
ntlmssp\-client\-1
.RS 4
Client\-side helper for use with arbitrary external programs that may wish to use Samba\*(Aqs NTLMSSP authentication knowledge\&.
.sp
This helper is a client, and as such may be run by any user\&. The protocol used is effectively the reverse of the previous protocol\&. A
YR
command (without any arguments) starts the authentication exchange\&.
.RE
.PP
gss\-spnego
.RS 4
Server\-side helper that implements GSS\-SPNEGO\&. This uses a protocol that is almost the same as
squid\-2\&.5\-ntlmssp, but has some subtle differences that are undocumented outside the source at this stage\&.
.sp
Requires access to the directory
winbindd_privileged
in
$LOCKDIR\&.
.RE
.PP
gss\-spnego\-client
.RS 4
Client\-side helper that implements GSS\-SPNEGO\&. This also uses a protocol similar to the above helpers, but is currently undocumented\&.
.RE
.PP
ntlm\-server\-1
.RS 4
Server\-side helper protocol, intended for use by a RADIUS server or the \*(Aqwinbind\*(Aq plugin for pppd, for the provision of MSCHAP and MSCHAPv2 authentication\&.
.sp
This protocol consists of lines in the form:
Parameter: value
and
Parameter:: Base64\-encode value\&. The presence of a single period
\&.
indicates that one side has finished supplying data to the other\&. (Which in turn could cause the helper to authenticate the user)\&.
.sp
Currently implemented parameters from the external program to the helper are:
.PP
Username
.RS 4
The username, expected to be in Samba\*(Aqs
\m[blue]\fBunix charset\fR\m[]\&.
.PP
Examples:
.RS 4
Username: bob
.sp
Username:: Ym9i
.RE
.RE
.PP
NT\-Domain
.RS 4
The user\*(Aqs domain, expected to be in Samba\*(Aqs
\m[blue]\fBunix charset\fR\m[]\&.
.PP
Examples:
.RS 4
NT\-Domain: WORKGROUP
.sp
NT\-Domain:: V09SS0dST1VQ
.RE
.RE
.PP
Full\-Username
.RS 4
The fully qualified username, expected to be in Samba\*(Aqs
\m[blue]\fBunix charset\fR\m[]
and qualified with the
\m[blue]\fBwinbind separator\fR\m[]\&.
.PP
Examples:
.RS 4
Full\-Username: WORKGROUP\ebob
.sp
Full\-Username:: V09SS0dST1VQYm9i
.RE
.RE
.PP
LANMAN\-Challenge
.RS 4
The 8 byte
LANMAN Challenge
value, generated randomly by the server, or (in cases such as MSCHAPv2) generated in some way by both the server and the client\&.
.PP
Examples:
.RS 4
LANMAN\-Challenge: 0102030405060708
.RE
.RE
.PP
LANMAN\-Response
.RS 4
The 24 byte
LANMAN Response
value, calculated from the user\*(Aqs password and the supplied
LANMAN Challenge\&. Typically, this is provided over the network by a client wishing to authenticate\&.
.PP
Examples:
.RS 4
LANMAN\-Response: 0102030405060708090A0B0C0D0E0F101112131415161718
.RE
.RE
.PP
NT\-Response
.RS 4
The >= 24 byte
NT Response
calculated from the user\*(Aqs password and the supplied
LANMAN Challenge\&. Typically, this is provided over the network by a client wishing to authenticate\&.
.PP
Examples:
.RS 4
NT\-Response: 0102030405060708090A0B0C0D0E0F10111213141516171
.RE
.RE
.PP
Password
.RS 4
The user\*(Aqs password\&. This would be provided by a network client, if the helper is being used in a legacy situation that exposes plaintext passwords in this way\&.
.PP
Examples:
.RS 4
Password: samba2
.sp
Password:: c2FtYmEy
.RE
.RE
.PP
Request\-User\-Session\-Key
.RS 4
Upon successful authentication, return the user session key associated with the login\&.
.PP
Examples:
.RS 4
Request\-User\-Session\-Key: Yes
.RE
.RE
.PP
Request\-LanMan\-Session\-Key
.RS 4
Upon successful authentication, return the LANMAN session key associated with the login\&.
.PP
Examples:
.RS 4
Request\-LanMan\-Session\-Key: Yes
.RE
.RE
.RE
.sp
.if n \{\
.sp
.\}
.RS 4
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBWarning\fR
.ps -1
.br
Implementers should take care to base64 encode any data (such as usernames/passwords) that may contain malicious user data, such as a newline\&. They may also need to decode strings from the helper, which likewise may have been base64 encoded\&.
.sp .5v
.RE
.RE
.PP
\-\-username=USERNAME
.RS 4
Specify username of user to authenticate
.RE
.PP
\-\-domain=DOMAIN
.RS 4
Specify domain of user to authenticate
.RE
.PP
\-\-workstation=WORKSTATION
.RS 4
Specify the workstation the user authenticated from
.RE
.PP
\-\-challenge=STRING
.RS 4
NTLM challenge (in HEXADECIMAL)
.RE
.PP
\-\-lm\-response=RESPONSE
.RS 4
LM Response to the challenge (in HEXADECIMAL)
.RE
.PP
\-\-nt\-response=RESPONSE
.RS 4
NT or NTLMv2 Response to the challenge (in HEXADECIMAL)
.RE
.PP
\-\-password=PASSWORD
.RS 4
User\*(Aqs plaintext password
.sp
If not specified on the command line, this is prompted for when required\&.
.sp
For the NTLMSSP based server roles, this parameter specifies the expected password, allowing testing without winbindd operational\&.
.RE
.PP
\-\-request\-lm\-key
.RS 4
Retrieve LM session key
.RE
.PP
\-\-request\-nt\-key
.RS 4
Request NT key
.RE
.PP
\-\-diagnostics
.RS 4
Perform Diagnostics on the authentication chain\&. Uses the password from
\-\-password
or prompts for one\&.
.RE
.PP
\-\-require\-membership\-of={SID|Name}
.RS 4
Require that a user be a member of specified group (either name or SID) for authentication to succeed\&.
.RE
.PP
\-\-pam\-winbind\-conf=FILENAME
.RS 4
Define the path to the pam_winbind\&.conf file\&.
.RE
.PP
\-\-target\-hostname=HOSTNAME
.RS 4
Define the target hostname\&.
.RE
.PP
\-\-target\-service=SERVICE
.RS 4
Define the target service\&.
.RE
.PP
\-\-use\-cached\-creds
.RS 4
Whether to use credentials cached by winbindd\&.
.RE
.PP
\-\-allow\-mschapv2
.RS 4
Explicitly allow MSCHAPv2\&.
.RE
.PP
\-\-offline\-logon
.RS 4
Allow offline logons for plain text auth\&.
.RE
.PP
\-?|\-\-help
.RS 4
Print a summary of command line options\&.
.RE
.PP
\-\-usage
.RS 4
Display brief usage message\&.
.RE
.PP
\-d|\-\-debuglevel=DEBUGLEVEL
.RS 4
\fIlevel\fR
is an integer from 0 to 10\&. The default value if this parameter is not specified is 1 for client applications\&.
.sp
The higher this value, the more detail will be logged to the log files about the activities of the server\&. At level 0, only critical errors and serious warnings will be logged\&. Level 1 is a reasonable level for day\-to\-day running \- it generates a small amount of information about operations carried out\&.
.sp
Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&.
.sp
Note that specifying this parameter here will override the
\m[blue]\fBlog level\fR\m[]
parameter in the
smb\&.conf
file\&.
.RE
.PP
\-\-debug\-stdout
.RS 4
This will redirect debug output to STDOUT\&. By default all clients are logging to STDERR\&.
.RE
.PP
\-\-configfile=<configuration file>
.RS 4
The file specified contains the configuration details required by the client\&. The information in this file can be general for client and server or only provide client specific like options such as
\m[blue]\fBclient smb encrypt\fR\m[]\&. See
smb\&.conf
for more information\&. The default configuration file name is determined at compile time\&.
.RE
.PP
\-\-option=<name>=<value>
.RS 4
Set the
\fBsmb.conf\fR(5)
option "<name>" to value "<value>" from the command line\&. This overrides compiled\-in defaults and options read from the configuration file\&. If a name or a value includes a space, wrap whole \-\-option=name=value into quotes\&.
.RE
.PP
\-V|\-\-version
.RS 4
Prints the program version number\&.
.RE
.SH "EXAMPLE SETUP"
.PP
To setup ntlm_auth for use by squid 2\&.5, with both basic and NTLMSSP authentication, the following should be placed in the
squid\&.conf
file\&.
.sp
.if n \{\
.RS 4
.\}
.nf
auth_param ntlm program ntlm_auth \-\-helper\-protocol=squid\-2\&.5\-ntlmssp
auth_param basic program ntlm_auth \-\-helper\-protocol=squid\-2\&.5\-basic
auth_param basic children 5
auth_param basic realm Squid proxy\-caching web server
auth_param basic credentialsttl 2 hours
.fi
.if n \{\
.RE
.\}
.if n \{\
.sp
.\}
.RS 4
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBNote\fR
.ps -1
.br
.PP
This example assumes that ntlm_auth has been installed into your path, and that the group permissions on
winbindd_privileged
are as described above\&.
.sp .5v
.RE
.PP
To setup ntlm_auth for use by squid 2\&.5 with group limitation in addition to the above example, the following should be added to the
squid\&.conf
file\&.
.sp
.if n \{\
.RS 4
.\}
.nf
auth_param ntlm program ntlm_auth \-\-helper\-protocol=squid\-2\&.5\-ntlmssp \-\-require\-membership\-of=\*(AqWORKGROUP\eDomain Users\*(Aq
auth_param basic program ntlm_auth \-\-helper\-protocol=squid\-2\&.5\-basic \-\-require\-membership\-of=\*(AqWORKGROUP\eDomain Users\*(Aq
.fi
.if n \{\
.RE
.\}
.SH "TROUBLESHOOTING"
.PP
If you\*(Aqre experiencing problems with authenticating Internet Explorer running under MS Windows 9X or Millennium Edition against ntlm_auth\*(Aqs NTLMSSP authentication helper (\-\-helper\-protocol=squid\-2\&.5\-ntlmssp), then please read
the Microsoft Knowledge Base article #239869 and follow instructions described there\&.
.SH "VERSION"
.PP
This man page is part of version 4\&.16\&.4 of the Samba suite\&.
.SH "AUTHOR"
.PP
The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
.PP
The ntlm_auth manpage was written by Jelmer Vernooij and Andrew Bartlett\&.

233
net/samba419/files/man/ntlm_auth4.1 Normal file
View file

@ -0,0 +1,233 @@
'\" t
.\" Title: ntlm_auth4
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
.\" Date: 03/24/2017
.\" Manual: User Commands
.\" Source: Samba 4.0
.\" Language: English
.\"
.TH "NTLM_AUTH4" "1" "03/24/2017" "Samba 4\&.0" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
ntlm_auth4 \- tool to allow external access to Winbind\*(Aqs NTLM authentication function
.SH "SYNOPSIS"
.HP \w'\fBntlm_auth4\fR\ 'u
\fBntlm_auth4\fR [\-d\ debuglevel] [\-l\ logdir] [\-s\ <smb\ config\ file>]
.SH "DESCRIPTION"
.PP
This tool is part of the
\fBsamba\fR(7)
suite\&.
.PP
\fBntlm_auth4\fR
is a helper utility that authenticates users using NT/LM authentication\&. It returns 0 if the users is authenticated successfully and 1 if access was denied\&. ntlm_auth4 uses winbind to access the user and authentication data for a domain\&. This utility is only indended to be used by other programs (currently squid)\&.
.SH "OPERATIONAL REQUIREMENTS"
.PP
The
\fBwinbindd\fR(8)
daemon must be operational for many of these commands to function\&.
.PP
Some of these commands also require access to the directory
winbindd_privileged
in
$LOCKDIR\&. This should be done either by running this command as root or providing group access to the
winbindd_privileged
directory\&. For security reasons, this directory should not be world\-accessable\&.
.SH "OPTIONS"
.PP
\-\-helper\-protocol=PROTO
.RS 4
Operate as a stdio\-based helper\&. Valid helper protocols are:
.PP
squid\-2\&.4\-basic
.RS 4
Server\-side helper for use with Squid 2\&.4\*(Aqs basic (plaintext) authentication\&.
.RE
.PP
squid\-2\&.5\-basic
.RS 4
Server\-side helper for use with Squid 2\&.5\*(Aqs basic (plaintext) authentication\&.
.RE
.PP
squid\-2\&.5\-ntlmssp
.RS 4
Server\-side helper for use with Squid 2\&.5\*(Aqs NTLMSSP authentication\&.
.sp
Requires access to the directory
winbindd_privileged
in
$LOCKDIR\&. The protocol used is described here:
\m[blue]\fBhttp://devel\&.squid\-cache\&.org/ntlm/squid_helper_protocol\&.html\fR\m[]
.RE
.PP
ntlmssp\-client\-1
.RS 4
Cleint\-side helper for use with arbitary external programs that may wish to use Samba\*(Aqs NTLMSSP authentication knowlege\&.
.sp
This helper is a client, and as such may be run by any user\&. The protocol used is effectivly the reverse of the previous protocol\&.
.RE
.PP
gss\-spnego
.RS 4
Server\-side helper that implements GSS\-SPNEGO\&. This uses a protocol that is almost the same as
\fBsquid\-2\&.5\-ntlmssp\fR, but has some subtle differences that are undocumented outside the source at this stage\&.
.sp
Requires access to the directory
winbindd_privileged
in
$LOCKDIR\&.
.RE
.PP
gss\-spnego\-client
.RS 4
Client\-side helper that implements GSS\-SPNEGO\&. This also uses a protocol similar to the above helpers, but is currently undocumented\&.
.RE
.RE
.PP
\-\-username=USERNAME
.RS 4
Specify username of user to authenticate
.RE
.PP
\-\-domain=DOMAIN
.RS 4
Specify domain of user to authenticate
.RE
.PP
\-\-workstation=WORKSTATION
.RS 4
Specify the workstation the user authenticated from
.RE
.PP
\-\-challenge=STRING
.RS 4
NTLM challenge (in HEXADECIMAL)
.RE
.PP
\-\-lm\-response=RESPONSE
.RS 4
LM Response to the challenge (in HEXADECIMAL)
.RE
.PP
\-\-nt\-response=RESPONSE
.RS 4
NT or NTLMv2 Response to the challenge (in HEXADECIMAL)
.RE
.PP
\-\-password=PASSWORD
.RS 4
User\*(Aqs plaintext password
.sp
If not specified on the command line, this is prompted for when required\&.
.RE
.PP
\-\-request\-lm\-key
.RS 4
Retrieve LM session key
.RE
.PP
\-\-request\-nt\-key
.RS 4
Request NT key
.RE
.PP
\-\-diagnostics
.RS 4
Perform Diagnostics on the authentication chain\&. Uses the password from
\fB\-\-password\fR
or prompts for one\&.
.RE
.PP
\-\-require\-membership\-of={SID|Name}
.RS 4
Require that a user be a member of specified group (either name or SID) for authentication to succeed\&.
.RE
.SH "EXAMPLE SETUP"
.PP
To setup ntlm_auth4 for use by squid 2\&.5, with both basic and NTLMSSP authentication, the following should be placed in the
squid\&.conf
file\&.
.sp
.if n \{\
.RS 4
.\}
.nf
auth_param ntlm program ntlm_auth4 \-\-helper\-protocol=squid\-2\&.5\-ntlmssp
auth_param basic program ntlm_auth4 \-\-helper\-protocol=squid\-2\&.5\-basic
auth_param basic children 5
auth_param basic realm Squid proxy\-caching web server
auth_param basic credentialsttl 2 hours
.fi
.if n \{\
.RE
.\}
.if n \{\
.sp
.\}
.RS 4
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBNote\fR
.ps -1
.br
.PP
This example assumes that ntlm_auth4 has been installed into your path, and that the group permissions on
winbindd_privileged
are as described above\&.
.sp .5v
.RE
.PP
To setup ntlm_auth4 for use by squid 2\&.5 with group limitation in addition to the above example, the following should be added to the
squid\&.conf
file\&.
.sp
.if n \{\
.RS 4
.\}
.nf
auth_param ntlm program ntlm_auth4 \-\-helper\-protocol=squid\-2\&.5\-ntlmssp \-\-require\-membership\-of=\*(AqWORKGROUP\eDomain Users\*(Aq
auth_param basic program ntlm_auth4 \-\-helper\-protocol=squid\-2\&.5\-basic \-\-require\-membership\-of=\*(AqWORKGROUP\eDomain Users\*(Aq
.fi
.if n \{\
.RE
.\}
.SH "TROUBLESHOOTING"
.PP
If you\*(Aqre experiencing problems with authenticating Internet Explorer running under MS Windows 9X or Millenium Edition against ntlm_auth4\*(Aqs NTLMSSP authentication helper (\-\-helper\-protocol=squid\-2\&.5\-ntlmssp), then please read
\m[blue]\fBthe Microsoft Knowledge Base article #239869 and follow instructions described there\fR\m[]\&\s-2\u[1]\d\s+2\&.
.SH "VERSION"
.PP
This man page is correct for version 3\&.0 of the Samba suite\&.
.SH "AUTHOR"
.PP
The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
.PP
The ntlm_auth4 manpage was written by Jelmer Vernooij and Andrew Bartlett\&.
.SH "NOTES"
.IP " 1." 4
the Microsoft Knowledge Base article #239869 and follow instructions described there
.RS 4
\%http://support.microsoft.com/support/kb/articles/Q239/8/69.ASP
.RE

74
net/samba419/files/man/oLschema2ldif.1 Normal file
View file

@ -0,0 +1,74 @@
'\" t
.\" Title: oLschema2ldif
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Date: 08/09/2022
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
.TH "OLSCHEMA2LDIF" "1" "08/09/2022" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
oLschema2ldif \- Converts LDAP schema\*(Aqs to LDB\-compatible LDIF
.SH "SYNOPSIS"
.HP \w'\fBoLschema2ldif\fR\ 'u
\fBoLschema2ldif\fR [\-I\ INPUT\-FILE] [\-O\ OUTPUT\-FILE]
.SH "DESCRIPTION"
.PP
oLschema2ldif is a simple tool that converts standard OpenLDAP schema files to a LDIF format that is understood by LDB\&.
.SH "OPTIONS"
.PP
\-I input\-file
.RS 4
OpenLDAP schema to read\&. If none are specified, the schema file will be read from standard input\&.
.RE
.PP
\-O output\-file
.RS 4
File to write ldif version of schema to\&.
.RE
.SH "VERSION"
.PP
This man page is correct for version 4\&.0 of the Samba suite\&.
.SH "SEE ALSO"
.PP
ldb(7), ldbmodify, ldbdel, ldif(5)
.SH "AUTHOR"
.PP
ldb was written by
\m[blue]\fBAndrew Tridgell\fR\m[]\&\s-2\u[1]\d\s+2\&. oLschema2ldif was written by
\m[blue]\fBSimo Sorce\fR\m[]\&\s-2\u[2]\d\s+2\&.
.PP
If you wish to report a problem or make a suggestion then please see the
\m[blue]\fB\%http://ldb.samba.org/\fR\m[]
web site for current contact and maintainer information\&.
.SH "NOTES"
.IP " 1." 4
Andrew Tridgell
.RS 4
\%https://www.samba.org/~tridge/
.RE
.IP " 2." 4
Simo Sorce
.RS 4
\%mailto:idra@samba.org
.RE

218
net/samba419/files/man/onnode.1 Normal file
View file

@ -0,0 +1,218 @@
'\" t
.\" Title: onnode
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Date: 09/23/2020
.\" Manual: CTDB - clustered TDB database
.\" Source: ctdb
.\" Language: English
.\"
.TH "ONNODE" "1" "09/23/2020" "ctdb" "CTDB \- clustered TDB database"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
onnode \- run commands on CTDB cluster nodes
.SH "SYNOPSIS"
.HP \w'\fBonnode\fR\ 'u
\fBonnode\fR [\fIOPTION\fR...] {\fINODES\fR} {\fICOMMAND\fR}
.SH "DESCRIPTION"
.PP
onnode is a utility to run commands on a specific node of a CTDB cluster, or on all nodes\&.
.PP
\fINODES\fR
specifies which node(s) to run a command on\&. See section
NODES SPECIFICATION
for details\&.
.PP
\fICOMMAND\fR
can be any shell command\&. The onnode utility uses ssh or rsh to connect to the remote nodes and run the command\&.
.SH "OPTIONS"
.PP
\-c
.RS 4
Execute COMMAND in the current working directory on the specified nodes\&.
.RE
.PP
\-f \fIFILENAME\fR
.RS 4
Specify an alternative nodes FILENAME to use instead of the default\&. See the discussion of
/usr/local/etc/ctdb/nodes
in the FILES section for more details\&.
.RE
.PP
\-i
.RS 4
Keep standard input open, allowing data to be piped to onnode\&. Normally onnode closes stdin to avoid surprises when scripting\&. Note that this option is ignored when using
\fB\-p\fR
or if
\fBONNODE_SSH\fR
is set to anything other than "ssh"\&.
.RE
.PP
\-n
.RS 4
Allow nodes to be specified by name rather than node numbers\&. These nodes don\*(Aqt need to be listed in the nodes file\&. You can avoid the nodes file entirely by combining this with
\-f /dev/null\&.
.RE
.PP
\-p
.RS 4
Run COMMAND in parallel on the specified nodes\&. The default is to run COMMAND sequentially on each node\&.
.RE
.PP
\-P
.RS 4
Push files to nodes\&. Names of files to push are specified rather than the usual command\&. Quoting is fragile/broken \- filenames with whitespace in them are not supported\&.
.RE
.PP
\-q
.RS 4
Do not print node addresses\&. Normally, onnode prints informational node addresses if more than one node is specified\&. This overrides \-v\&.
.RE
.PP
\-v
.RS 4
Print node addresses even if only one node is specified\&. Normally, onnode prints informational node addresses when more than one node is specified\&.
.RE
.PP
\-h, \-\-help
.RS 4
Show a short usage guide\&.
.RE
.SH "NODES SPECIFICATION"
.PP
Nodes can be specified via numeric node numbers (from 0 to N\-1) or mnemonics\&. Multiple nodes are specified using lists of nodes, separated by commas, and ranges of numeric node numbers, separated by dashes\&. If nodes are specified multiple times then the command will be executed multiple times on those nodes\&. The order of nodes is significant\&.
.PP
The following mnemonics are available:
.PP
all
.RS 4
All nodes\&.
.RE
.PP
any
.RS 4
A node where ctdbd is running\&. This semi\-random but there is a bias towards choosing a low numbered node\&.
.RE
.PP
ok | healthy
.RS 4
All nodes that are not disconnected, banned, disabled or unhealthy\&.
.RE
.PP
con | connected
.RS 4
All nodes that are not disconnected\&.
.RE
.SH "EXAMPLES"
.PP
The following command would show the process ID of ctdbd on all nodes
.sp
.if n \{\
.RS 4
.\}
.nf
onnode all ctdb getpid
.fi
.if n \{\
.RE
.\}
.PP
The following command would show the last 5 lines of log on each node, preceded by the node\*(Aqs hostname
.sp
.if n \{\
.RS 4
.\}
.nf
onnode all "hostname; tail \-5 /var/log/log\&.ctdb"
.fi
.if n \{\
.RE
.\}
.PP
The following command would restart the ctdb service on all nodes, in parallel\&.
.sp
.if n \{\
.RS 4
.\}
.nf
onnode \-p all service ctdb restart
.fi
.if n \{\
.RE
.\}
.PP
The following command would run \&./foo in the current working directory, in parallel, on nodes 0, 2, 3 and 4\&.
.sp
.if n \{\
.RS 4
.\}
.nf
onnode \-c \-p 0,2\-4 \&./foo
.fi
.if n \{\
.RE
.\}
.SH "FILES"
.PP
/usr/local/etc/ctdb/nodes
.RS 4
Default file containing a list of each node\*(Aqs IP address or hostname\&.
.sp
As above, a file specified via the
\fB\-f\fR
is given precedence\&. If a relative path is specified and no corresponding file exists relative to the current directory then the file is also searched for in the CTDB configuration directory\&.
.sp
Otherwise the default is
/usr/local/etc/ctdb/nodes\&.
.RE
.PP
/usr/local/etc/ctdb/onnode\&.conf
.RS 4
If this file exists it is sourced by onnode\&. The main purpose is to allow the administrator to set
\fBONNODE_SSH\fR
to something other than "ssh"\&. In this case the \-t option is ignored\&.
.RE
.SH "SEE ALSO"
.PP
\fBctdb\fR(7),
\m[blue]\fB\%http://ctdb.samba.org/\fR\m[]
.SH "AUTHOR"
.br
.PP
This documentation was written by Andrew Tridgell, Martin Schwenke
.SH "COPYRIGHT"
.br
Copyright \(co 2007 Andrew Tridgell, Ronnie Sahlberg
.br
Copyright \(co 2008 Martin Schwenke
.br
.PP
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version\&.
.PP
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE\&. See the GNU General Public License for more details\&.
.PP
You should have received a copy of the GNU General Public License along with this program; if not, see
\m[blue]\fB\%http://www.gnu.org/licenses\fR\m[]\&.
.sp

161
net/samba419/files/man/pam_winbind.conf.5 Normal file
View file

@ -0,0 +1,161 @@
'\" t
.\" Title: pam_winbind.conf
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Date: 08/09/2022
.\" Manual: 5
.\" Source: Samba 4.16.4
.\" Language: English
.\"
.TH "PAM_WINBIND\&.CONF" "5" "08/09/2022" "Samba 4\&.16\&.4" "5"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
pam_winbind.conf \- Configuration file of PAM module for Winbind
.SH "DESCRIPTION"
.PP
This configuration file is part of the
\fBsamba\fR(7)
suite\&.
.PP
pam_winbind\&.conf is the configuration file for the pam_winbind PAM module\&. See
\fBpam_winbind\fR(8)
for further details\&.
.SH "SYNOPSIS"
.PP
The pam_winbind\&.conf configuration file is a classic ini\-style configuration file\&. There is only one section (global) where various options are defined\&.
.SH "OPTIONS"
.PP
pam_winbind supports several options which can either be set in the PAM configuration files or in the pam_winbind configuration file situated at
/etc/security/pam_winbind\&.conf\&. Options from the PAM configuration file take precedence to those from the pam_winbind\&.conf configuration file\&.
.PP
debug = yes|no
.RS 4
Gives debugging output to syslog\&. Defaults to "no"\&.
.RE
.PP
debug_state = yes|no
.RS 4
Gives detailed PAM state debugging output to syslog\&. Defaults to "no"\&.
.RE
.PP
require_membership_of = [SID or NAME]
.RS 4
If this option is set, pam_winbind will only succeed if the user is a member of the given SID or NAME\&. A SID can be either a group\-SID, an alias\-SID or even an user\-SID\&. It is also possible to give a NAME instead of the SID\&. That name must have the form:
\fIMYDOMAIN\emygroup\fR
or
\fIMYDOMAIN\emyuser\fR
(where \*(Aq\e\*(Aq character corresponds to the value of
\fIwinbind separator\fR
parameter)\&. It is also possible to use a UPN in the form
\fIuser@REALM\fR
or
\fIgroup@REALM\fR\&. pam_winbind will, in that case, lookup the SID internally\&. Note that NAME may not contain any spaces\&. It is thus recommended to only use SIDs\&. You can verify the list of SIDs a user is a member of with
wbinfo \-\-user\-sids=SID\&. This setting is empty by default\&.
.sp
This option only operates during password authentication, and will not restrict access if a password is not required for any reason (such as SSH key\-based login)\&.
.RE
.PP
try_first_pass = yes|no
.RS 4
By default, pam_winbind tries to get the authentication token from a previous module\&. If no token is available it asks the user for the old password\&. With this option, pam_winbind aborts with an error if no authentication token from a previous module is available\&. If a primary password is not valid, PAM will prompt for a password\&. Default to "no"\&.
.RE
.PP
krb5_auth = yes|no
.RS 4
pam_winbind can authenticate using Kerberos when winbindd is talking to an Active Directory domain controller\&. Kerberos authentication must be enabled with this parameter\&. When Kerberos authentication can not succeed (e\&.g\&. due to clock skew), winbindd will fallback to samlogon authentication over MSRPC\&. When this parameter is used in conjunction with
\fIwinbind refresh tickets\fR, winbind will keep your Ticket Granting Ticket (TGT) up\-to\-date by refreshing it whenever necessary\&. Defaults to "no"\&.
.RE
.PP
krb5_ccache_type = [type]
.RS 4
When pam_winbind is configured to try kerberos authentication by enabling the
\fIkrb5_auth\fR
option, it can store the retrieved Ticket Granting Ticket (TGT) in a credential cache\&. The type of credential cache can be controlled with this option\&. The supported values are:
\fIKCM\fR
or
\fIKEYRING\fR
(when supported by the system\*(Aqs Kerberos library and operating system),
\fIFILE\fR
and
\fIDIR\fR
(when the DIR type is supported by the system\*(Aqs Kerberos library)\&. In case of FILE a credential cache in the form of /tmp/krb5cc_UID will be created \- in case of DIR you NEED to specify a directory\&. UID is replaced with the numeric user id\&. The UID directory is being created\&. The path up to the directory should already exist\&. Check the details of the Kerberos implmentation\&.
.sp
When using the KEYRING type, the supported mechanism is
\(lqKEYRING:persistent:UID\(rq, which uses the Linux kernel keyring to store credentials on a per\-UID basis\&. The KEYRING has its limitations\&. As it is secure kernel memory, for example bulk sorage of credentils is for not possible\&.
.sp
When using th KCM type, the supported mechanism is
\(lqKCM:UID\(rq, which uses a Kerberos credential manaager to store credentials on a per\-UID basis similar to KEYRING\&. This is the recommended choice on latest Linux distributions, offering a Kerberos Credential Manager\&. If not we suggest to use KEYRING as those are the most secure and predictable method\&.
.sp
It is also possible to define custom filepaths and use the "%u" pattern in order to substitute the numeric user id\&. Examples:
.PP
krb5_ccache_type = DIR:/run/user/%u/krb5cc
.RS 4
This will create a credential cache file in the specified directory\&.
.RE
.PP
krb5_ccache_type = FILE:/tmp/krb5cc_%u
.RS 4
This will create a credential cache file\&.
.RE
.sp
Leave empty to just do kerberos authentication without having a ticket cache after the logon has succeeded\&. This setting is empty by default\&.
.RE
.PP
cached_login = yes|no
.RS 4
Winbind allows one to logon using cached credentials when
\fIwinbind offline logon\fR
is enabled\&. To use this feature from the PAM module this option must be set\&. Defaults to "no"\&.
.RE
.PP
silent = yes|no
.RS 4
Do not emit any messages\&. Defaults to "no"\&.
.RE
.PP
mkhomedir = yes|no
.RS 4
Create homedirectory for a user on\-the\-fly, option is valid in PAM session block\&. Defaults to "no"\&.
.RE
.PP
warn_pwd_expire = days
.RS 4
Defines number of days before pam_winbind starts to warn about passwords that are going to expire\&. Defaults to 14 days\&.
.RE
.PP
pwd_change_prompt = yes|no
.RS 4
Generate prompt for changing an expired password\&. Defaults to "no"\&.
.RE
.SH "SEE ALSO"
.PP
\fBpam_winbind\fR(8),
\fBwbinfo\fR(1),
\fBwinbindd\fR(8),
\fBsmb.conf\fR(5)
.SH "VERSION"
.PP
This man page is part of version 4\&.16\&.4 of Samba\&.
.SH "AUTHOR"
.PP
The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
.PP
This manpage was written by Jelmer Vernooij and Guenther Deschner\&.

122
net/samba419/files/man/ping_pong.1 Normal file
View file

@ -0,0 +1,122 @@
'\" t
.\" Title: ping_pong
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Date: 09/23/2020
.\" Manual: CTDB - clustered TDB database
.\" Source: ctdb
.\" Language: English
.\"
.TH "PING_PONG" "1" "09/23/2020" "ctdb" "CTDB \- clustered TDB database"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
ping_pong \- measures the ping\-pong byte range lock latency
.SH "SYNOPSIS"
.HP \w'\fBping_pong\fR\ 'u
\fBping_pong\fR {\-r | \-w | \-rw} [\-m] [\-c] {\fIFILENAME\fR} {\fINUM\-LOCKS\fR}
.SH "DESCRIPTION"
.PP
ping_pong measures the byte range lock latency\&. It is especially useful on a cluster of nodes sharing a common lock manager as it will give some indication of the lock manager\*(Aqs performance under stress\&.
.PP
FILENAME is a file on shared storage to use for byte range locking tests\&.
.PP
NUM\-LOCKS is the number of byte range locks, so needs to be (strictly) greater than the number of nodes in the cluster\&.
.SH "OPTIONS"
.PP
\-r
.RS 4
test read performance
.RE
.PP
\-w
.RS 4
test write performance
.RE
.PP
\-m
.RS 4
use mmap
.RE
.PP
\-c
.RS 4
validate the locks
.RE
.SH "EXAMPLES"
.PP
Testing lock coherence
.sp
.if n \{\
.RS 4
.\}
.nf
ping_pong test\&.dat N
.fi
.if n \{\
.RE
.\}
.PP
Testing lock coherence with lock validation
.sp
.if n \{\
.RS 4
.\}
.nf
ping_pong \-c test\&.dat N
.fi
.if n \{\
.RE
.\}
.PP
Testing IO coherence
.sp
.if n \{\
.RS 4
.\}
.nf
ping_pong \-rw test\&.dat N
.fi
.if n \{\
.RE
.\}
.SH "SEE ALSO"
.PP
\fBctdb\fR(7),
\m[blue]\fB\%https://wiki.samba.org/index.php/Ping_pong\fR\m[]
.SH "AUTHOR"
.br
.PP
This documentation was written by Mathieu Parent
.SH "COPYRIGHT"
.br
Copyright \(co 2002 Andrew Tridgell
.br
.PP
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version\&.
.PP
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE\&. See the GNU General Public License for more details\&.
.PP
You should have received a copy of the GNU General Public License along with this program; if not, see
\m[blue]\fB\%http://www.gnu.org/licenses\fR\m[]\&.
.sp

136
net/samba419/files/man/profiles.1 Normal file
View file

@ -0,0 +1,136 @@
'\" t
.\" Title: profiles
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Date: 08/09/2022
.\" Manual: User Commands
.\" Source: Samba 4.16.4
.\" Language: English
.\"
.TH "PROFILES" "1" "08/09/2022" "Samba 4\&.16\&.4" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
profiles \- A utility to report and change SIDs in registry files
.SH "SYNOPSIS"
.HP \w'\ 'u
profiles [\-c|\-\-change\-sid=STRING] [\-n|\-\-new\-sid=STRING] [\-v|\-\-verbose] [\-?|\-\-help] [\-\-usage] [\-d|\-\-debuglevel=DEBUGLEVEL] [\-\-debug\-stdout] [\-\-configfile=CONFIGFILE] [\-\-option=name=value] [\-l|\-\-log\-basename=LOGFILEBASE] [\-\-leak\-report] [\-\-leak\-report\-full] {FILE}
.SH "DESCRIPTION"
.PP
This tool is part of the
\fBsamba\fR(7)
suite\&.
.PP
profiles
is a utility that reports and changes SIDs in windows registry files\&. It currently only supports NT\&.
.SH "OPTIONS"
.PP
file
.RS 4
Registry file to view or edit\&.
.RE
.PP
\-v,\-\-verbose
.RS 4
Increases verbosity of messages\&.
.RE
.PP
\-c SID1 \-n SID2, \-\-change\-sid SID1 \-\-new\-sid SID2
.RS 4
Change all occurrences of SID1 in
file
by SID2\&.
.RE
.PP
\-d|\-\-debuglevel=DEBUGLEVEL
.RS 4
\fIlevel\fR
is an integer from 0 to 10\&. The default value if this parameter is not specified is 1 for client applications\&.
.sp
The higher this value, the more detail will be logged to the log files about the activities of the server\&. At level 0, only critical errors and serious warnings will be logged\&. Level 1 is a reasonable level for day\-to\-day running \- it generates a small amount of information about operations carried out\&.
.sp
Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&.
.sp
Note that specifying this parameter here will override the
\m[blue]\fBlog level\fR\m[]
parameter in the
smb\&.conf
file\&.
.RE
.PP
\-\-debug\-stdout
.RS 4
This will redirect debug output to STDOUT\&. By default all clients are logging to STDERR\&.
.RE
.PP
\-\-configfile=<configuration file>
.RS 4
The file specified contains the configuration details required by the client\&. The information in this file can be general for client and server or only provide client specific like options such as
\m[blue]\fBclient smb encrypt\fR\m[]\&. See
smb\&.conf
for more information\&. The default configuration file name is determined at compile time\&.
.RE
.PP
\-\-option=<name>=<value>
.RS 4
Set the
\fBsmb.conf\fR(5)
option "<name>" to value "<value>" from the command line\&. This overrides compiled\-in defaults and options read from the configuration file\&. If a name or a value includes a space, wrap whole \-\-option=name=value into quotes\&.
.RE
.PP
\-l|\-\-log\-basename=logdirectory
.RS 4
Base directory name for log/debug files\&. The extension
\fB"\&.progname"\fR
will be appended (e\&.g\&. log\&.smbclient, log\&.smbd, etc\&.\&.\&.)\&. The log file is never removed by the client\&.
.RE
.PP
\-\-leak\-report
.RS 4
Enable talloc leak reporting on exit\&.
.RE
.PP
\-\-leak\-report\-full
.RS 4
Enable full talloc leak reporting on exit\&.
.RE
.PP
\-V|\-\-version
.RS 4
Prints the program version number\&.
.RE
.PP
\-?|\-\-help
.RS 4
Print a summary of command line options\&.
.RE
.PP
\-\-usage
.RS 4
Display brief usage message\&.
.RE
.SH "VERSION"
.PP
This man page is part of version 4\&.16\&.4 of the Samba suite\&.
.SH "AUTHOR"
.PP
The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
.PP
The profiles man page was written by Jelmer Vernooij\&.

87
net/samba419/files/man/regdiff.1 Normal file
View file

@ -0,0 +1,87 @@
'\" t
.\" Title: regdiff
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Date: 08/09/2022
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
.TH "REGDIFF" "1" "08/09/2022" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
regdiff \- Diff program for Windows registry files
.SH "SYNOPSIS"
.HP \w'\fBregdiff\fR\ 'u
\fBregdiff\fR [\-\-help] [\-\-backend=BACKEND] [\-\-credentials=CREDENTIALS] [location]
.SH "DESCRIPTION"
.PP
regdiff compares two Windows registry files key by key and value by value and generates a text file that contains the differences between the two files\&.
.PP
A file generated by regdiff can later be applied to a registry file by the regpatch utility\&.
.PP
regdiff and regpatch use the same file format as the regedit32\&.exe utility from Windows\&.
.SH "OPTIONS"
.PP
\-\-help
.RS 4
Show list of available options\&.
.RE
.PP
\-\-backend BACKEND
.RS 4
Name of backend to load\&. Possible values are: creg, regf, dir and rpc\&. The default is
\fIdir\fR\&.
.sp
This argument can be specified twice: once for the first registry file and once for the second\&.
.RE
.PP
\-\-credentials=CREDENTIALS
.RS 4
Credentials to use, if any\&. Password should be separated from user name by a percent sign\&.
.sp
This argument can be specified twice: once for the first registry file and once for the second\&.
.RE
.SH "VERSION"
.PP
This man page is correct for version 4\&.0 of the Samba suite\&.
.SH "SEE ALSO"
.PP
gregedit, regshell, regpatch, regtree, samba, patch, diff
.SH "AUTHOR"
.PP
This utility is part of the
\m[blue]\fBSamba\fR\m[]\&\s-2\u[1]\d\s+2
suite, which is developed by the global
\m[blue]\fBSamba Team\fR\m[]\&\s-2\u[2]\d\s+2\&.
.PP
This manpage and regdiff were written by Jelmer Vernooij\&.
.SH "NOTES"
.IP " 1." 4
Samba
.RS 4
\%http://www.samba.org/
.RE
.IP " 2." 4
Samba Team
.RS 4
\%http://www.samba.org/samba/team/
.RE

81
net/samba419/files/man/regpatch.1 Normal file
View file

@ -0,0 +1,81 @@
'\" t
.\" Title: regpatch
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Date: 08/09/2022
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
.TH "REGPATCH" "1" "08/09/2022" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
regpatch \- Applies registry patches to registry files
.SH "SYNOPSIS"
.HP \w'\fBregpatch\fR\ 'u
\fBregpatch\fR [\-\-help] [\-\-backend=BACKEND] [\-\-credentials=CREDENTIALS] [location] [patch\-file]
.SH "DESCRIPTION"
.PP
The regpatch utility applies registry patches to Windows registry files\&. The patch files should have the same format as is being used by the regdiff utility and regedit32\&.exe from Windows\&.
.PP
If no patch file is specified on the command line, regpatch attempts to read it from standard input\&.
.SH "OPTIONS"
.PP
\-\-help
.RS 4
Show list of available options\&.
.RE
.PP
\-\-backend BACKEND
.RS 4
Name of backend to load\&. Possible values are: creg, regf, dir and rpc\&. The default is
\fIdir\fR\&.
.RE
.PP
\-\-credentials=CREDENTIALS
.RS 4
Credentials to use, if any\&. Password should be separated from user name by a percent sign\&.
.RE
.SH "VERSION"
.PP
This man page is correct for version 4\&.0 of the Samba suite\&.
.SH "SEE ALSO"
.PP
regdiff, regtree, regshell, gregedit, samba, diff, patch
.SH "AUTHOR"
.PP
This utility is part of the
\m[blue]\fBSamba\fR\m[]\&\s-2\u[1]\d\s+2
suite, which is developed by the global
\m[blue]\fBSamba Team\fR\m[]\&\s-2\u[2]\d\s+2\&.
.PP
This manpage and regpatch were written by Jelmer Vernooij\&.
.SH "NOTES"
.IP " 1." 4
Samba
.RS 4
\%http://www.samba.org/
.RE
.IP " 2." 4
Samba Team
.RS 4
\%http://www.samba.org/samba/team/
.RE

177
net/samba419/files/man/regshell.1 Normal file
View file

@ -0,0 +1,177 @@
'\" t
.\" Title: regshell
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Date: 08/09/2022
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
.TH "REGSHELL" "1" "08/09/2022" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
regshell \- Windows registry file browser using readline
.SH "SYNOPSIS"
.HP \w'\fBregshell\fR\ 'u
\fBregshell\fR [\-\-help] [\-\-backend=BACKEND] [\-\-credentials=CREDENTIALS] [location]
.SH "DESCRIPTION"
.PP
regshell is a utility that lets you browse thru a Windows registry file as if you were using a regular unix shell to browse thru a file system\&.
.SH "OPTIONS"
.PP
\-\-help
.RS 4
Show list of available options\&.
.RE
.PP
\-\-backend BACKEND
.RS 4
Name of backend to load\&. Possible values are: creg, regf, dir and rpc\&. The default is
\fIdir\fR\&.
.RE
.PP
\-\-credentials=CREDENTIALS
.RS 4
Credentials to use, if any\&. Password should be separated from user name by a percent sign\&.
.RE
.SH "COMMANDS"
.PP
ck|cd <keyname>
.RS 4
Go to the specified subkey\&.
.RE
.PP
ch|predef [predefined\-key\-name]
.RS 4
Go to the specified predefined key\&.
.RE
.PP
list|ls
.RS 4
List subkeys and values of the current key\&.
.RE
.PP
mkkey|mkdir <keyname>
.RS 4
Create a key with the specified
\fIkeyname\fR
as a subkey of the current key\&.
.RE
.PP
rmval|rm <valname>
.RS 4
Delete the specified value\&.
.RE
.PP
rmkey|rmdir <keyname>
.RS 4
Delete the specified subkey recursively\&.
.RE
.PP
pwd|pwk
.RS 4
Print the full name of the current key\&.
.RE
.PP
set|update
.RS 4
Update the value of a key value\&. Not implemented at the moment\&.
.RE
.PP
help|?
.RS 4
Print a list of available commands\&.
.RE
.PP
exit|quit
.RS 4
Leave regshell\&.
.RE
.SH "EXAMPLES"
.PP
Browsing thru a nt4 registry file
.sp
.if n \{\
.RS 4
.\}
.nf
\fBregshell \-b nt4 NTUSER\&.DAT\fR
$$$PROTO\&.HIV> \fBls\fR
K AppEvents
K Console
K Control Panel
K Environment
K Identities
K Keyboard Layout
K Network
K Printers
K Software
K UNICODE Program Groups
K Windows 3\&.1 Migration Status
$$$PROTO\&.HIV> \fBexit\fR
.fi
.if n \{\
.RE
.\}
.PP
Listing the subkeys of HKEY_CURRENT_USER\eAppEvents on a remote computer:
.sp
.if n \{\
.RS 4
.\}
.nf
\fBregshell \-\-remote=ncacn_np:aurelia \-c "jelmer%secret"\fR
HKEY_CURRENT_MACHINE> \fBpredef HKEY_CURRENT_USER\fR
HKEY_CURRENT_USER> \fBcd AppEvents\fR
Current path is: HKEY_CURRENT_USER\eAppEvents
HKEY_CURRENT_USER\eAppEvents> \fBls\fR
K EventLabels
K Schemes
HKEY_CURRENT_USER\eAppEvents> \fBexit\fR
.fi
.if n \{\
.RE
.\}
.SH "VERSION"
.PP
This man page is correct for version 4\&.0 of the Samba suite\&.
.SH "SEE ALSO"
.PP
regtree, regdiff, regpatch, gregedit, samba
.SH "AUTHOR"
.PP
This utility is part of the
\m[blue]\fBSamba\fR\m[]\&\s-2\u[1]\d\s+2
suite, which is developed by the global
\m[blue]\fBSamba Team\fR\m[]\&\s-2\u[2]\d\s+2\&.
.PP
This manpage and regshell were written by Jelmer Vernooij\&.
.SH "NOTES"
.IP " 1." 4
Samba
.RS 4
\%http://www.samba.org/
.RE
.IP " 2." 4
Samba Team
.RS 4
\%http://www.samba.org/samba/team/
.RE

89
net/samba419/files/man/regtree.1 Normal file
View file

@ -0,0 +1,89 @@
'\" t
.\" Title: regtree
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Date: 08/09/2022
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
.TH "REGTREE" "1" "08/09/2022" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
regtree \- Text\-mode registry viewer
.SH "SYNOPSIS"
.HP \w'\fBregtree\fR\ 'u
\fBregtree\fR [\-\-help] [\-\-backend=BACKEND] [\-\-fullpath] [\-\-no\-values] [\-\-credentials=CREDENTIALS] [location]
.SH "DESCRIPTION"
.PP
The regtree utility prints out all the contents of a Windows registry file\&. Subkeys are printed with one level more indentation than their parents\&.
.SH "OPTIONS"
.PP
\-\-help
.RS 4
Show list of available options\&.
.RE
.PP
\-\-backend BACKEND
.RS 4
Name of backend to load\&. Possible values are: creg, regf, dir and rpc\&. The default is
\fIdir\fR\&.
.RE
.PP
\-\-credentials=CREDENTIALS
.RS 4
Credentials to use, if any\&. Password should be separated from user name by a percent sign\&.
.RE
.PP
\-\-fullpath
.RS 4
Print the full path to each key instead of only its name\&.
.RE
.PP
\-\-no\-values
.RS 4
Don\*(Aqt print values, just keys\&.
.RE
.SH "VERSION"
.PP
This man page is correct for version 4\&.0 of the Samba suite\&.
.SH "SEE ALSO"
.PP
gregedit, regshell, regdiff, regpatch, samba
.SH "AUTHOR"
.PP
This utility is part of the
\m[blue]\fBSamba\fR\m[]\&\s-2\u[1]\d\s+2
suite, which is developed by the global
\m[blue]\fBSamba Team\fR\m[]\&\s-2\u[2]\d\s+2\&.
.PP
This manpage and regtree were written by Jelmer Vernooij\&.
.SH "NOTES"
.IP " 1." 4
Samba
.RS 4
\%http://www.samba.org/
.RE
.IP " 2." 4
Samba Team
.RS 4
\%http://www.samba.org/samba/team/
.RE

1961
net/samba419/files/man/rpcclient.1 Normal file
View file

File diff suppressed because it is too large Load diff

122
net/samba419/files/man/samba-gpupdate.8 Normal file
View file

@ -0,0 +1,122 @@
'\" t
.\" Title: SAMBA_GPOUPDATE
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Date: 2017-07-11
.\" Manual: System Administration tools
.\" Source: Samba 4.8.0
.\" Language: English
.\"
.TH "SAMBA_GPOUPDATE" "8" "2017\-07\-11" "Samba 4\&.8\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
samba-gpupdate \- apply group policy
.SH "SYNOPSIS"
.HP \w'\fBsamba\-gpupdate\fR\ 'u
\fBsamba\-gpupdate\fR
.HP \w'\fBsamba\-gpupdate\fR\ 'u
\fBsamba\-gpupdate\fR [\fIoptions\fR]
.SH "DESCRIPTION"
.PP
This tool is part of the
\fBsamba\fR(1)
suite\&.
.PP
\fBsamba\-gpupdate\fR
a script for applying and unapplying Group Policy\&. This applies password policies (minimum/maximum password age, minimum password length, and password complexity), kerberos policies (user/service ticket lifetime and renew lifetime), smb\&.conf policies, hourly/daily/weekly/monthly cron scripts, Sudo Privileges, Message of the Day and Logon Prompt messages, etc\&.
.SH "OPTIONS"
.PP
\fB\-h\fR,
\fB\-\-help\fR
show this help message and exit
.PP
\fB\-H \fRURL,
\fB\-\-url\fR=\fIURL\fR
URL for the samdb
.PP
\fB\-X\fR,
\fB\-\-unapply\fR
Unapply Group Policy
.PP
\fB\-\-target\fR
{Computer | User}
.PP
\fB\-\-force\fR
Reapplies all policy settings
.PP
\fB\-\-rsop\fR
Print the Resultant Set of Policy
.PP
Samba Common Options:
.PP
\fB\-s \fRFILE,
\fB\-\-configfile\fR=\fIFILE\fR
Configuration file
.PP
\fB\-d \fRDEBUGLEVEL,
\fB\-\-debuglevel\fR=\fIDEBUGLEVEL\fR
debug level
.PP
\fB\-\-option\fR=\fIOPTION\fR
set smb\&.conf option from command line
.PP
\fB\-\-realm\fR=\fIREALM\fR
set the realm name
.PP
Version Options:
.PP
\fB\-V\fR,
\fB\-\-version\fR
Display version number
.PP
Credentials Options:
.PP
\fB\-\-simple\-bind\-dn\fR=\fIDN\fR
DN to use for a simple bind
.PP
\fB\-\-password\fR=\fIPASSWORD\fR
Password
.PP
\fB\-U \fRUSERNAME,
\fB\-\-username\fR=\fIUSERNAME\fR
Username
.PP
\fB\-W \fRWORKGROUP,
\fB\-\-workgroup\fR=\fIWORKGROUP\fR
Workgroup
.PP
\fB\-N\fR,
\fB\-\-no\-pass\fR
Don\*(Aqt ask for a password
.PP
\fB\-k \fRKERBEROS,
\fB\-\-kerberos\fR=\fIKERBEROS\fR
Use Kerberos
.PP
\fB\-\-ipaddress\fR=\fIIPADDRESS\fR
IP address of server
.PP
\fB\-P\fR,
\fB\-\-machine\-pass\fR
Use stored machine account password
.SH "AUTHOR"
.PP
The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.

254
net/samba419/files/man/samba.7 Normal file
View file

@ -0,0 +1,254 @@
'\" t
.\" Title: samba
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Date: 08/09/2022
.\" Manual: Miscellanea
.\" Source: Samba 4.16.4
.\" Language: English
.\"
.TH "SAMBA" "7" "08/09/2022" "Samba 4\&.16\&.4" "Miscellanea"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
samba \- A Windows AD and SMB/CIFS fileserver for UNIX
.SH "SYNOPSIS"
.HP \w'\ 'u
samba
.SH "DESCRIPTION"
.PP
The Samba software suite is a collection of programs that implements the Server Message Block (commonly abbreviated as SMB) protocol for UNIX systems and provides Active Directory services\&. The first version of the SMB protocol is sometimes also referred to as the Common Internet File System (CIFS)\&. For a more thorough description, see
http://www\&.ubiqx\&.org/cifs/\&. Samba also implements the NetBIOS protocol in nmbd\&.
.PP
\fBsamba\fR(8)
.RS 4
The
samba
daemon provides the Active Directory services and file and print services to SMB clients\&. The configuration file for this daemon is described in
\fBsmb.conf\fR(5)\&.
.RE
.PP
\fBsmbd\fR(8)
.RS 4
The
smbd
daemon provides the file and print services to SMB clients\&. The configuration file for this daemon is described in
\fBsmb.conf\fR(5)\&.
.RE
.PP
\fBnmbd\fR(8)
.RS 4
The
nmbd
daemon provides NetBIOS nameservice and browsing support\&. The configuration file for this daemon is described in
\fBsmb.conf\fR(5)\&.
.RE
.PP
\fBwinbindd\fR(8)
.RS 4
winbindd
is a daemon that is used for integrating authentication and the user database into unix\&.
.RE
.PP
\fBsmbclient\fR(1)
.RS 4
The
smbclient
program implements a simple ftp\-like client\&. This is useful for accessing SMB shares on other compatible SMB servers, and can also be used to allow a UNIX box to print to a printer attached to any SMB server\&.
.RE
.PP
\fBsamba-tool\fR(8)
.RS 4
The
samba\-tool
is the main Samba Administration tool regarding Active Directory services\&.
.RE
.PP
\fBtestparm\fR(1)
.RS 4
The
testparm
utility is a simple syntax checker for Samba\*(Aqs
\fBsmb.conf\fR(5)
configuration file\&. In AD server mode
samba\-tool testparm
should be used though\&.
.RE
.PP
\fBsmbstatus\fR(1)
.RS 4
The
smbstatus
tool provides access to information about the current connections to
smbd\&.
.RE
.PP
\fBnmblookup\fR(1)
.RS 4
The
nmblookup
tool allows NetBIOS name queries to be made\&.
.RE
.PP
\fBsmbpasswd\fR(8)
.RS 4
The
smbpasswd
command is a tool for setting passwords on local Samba but also on remote SMB servers\&.
.RE
.PP
\fBsmbcacls\fR(1)
.RS 4
The
smbcacls
command is a tool to set ACL\*(Aqs on remote SMB servers\&.
.RE
.PP
\fBsmbtree\fR(1)
.RS 4
The
smbtree
command is a text\-based network neighborhood tool\&.
.RE
.PP
\fBsmbtar\fR(1)
.RS 4
The
smbtar
can make backups of data directly from SMB servers\&.
.RE
.PP
\fBsmbspool\fR(8)
.RS 4
smbspool
is a helper utility for printing on printers connected to SMB servers\&.
.RE
.PP
\fBsmbcontrol\fR(1)
.RS 4
smbcontrol
is a utility that can change the behaviour of running
samba,
smbd,
nmbd
and
winbindd
daemons\&.
.RE
.PP
\fBrpcclient\fR(1)
.RS 4
rpcclient
is a utility that can be used to execute RPC commands on remote SMB servers\&.
.RE
.PP
\fBpdbedit\fR(8)
.RS 4
The
pdbedit
command can be used to maintain the local user database on a Samba server\&.
.RE
.PP
\fBnet\fR(8)
.RS 4
The
net
command is the main administration tool for Samba member and standalone servers\&.
.RE
.PP
\fBwbinfo\fR(1)
.RS 4
wbinfo
is a utility that retrieves and stores information related to winbind\&.
.RE
.PP
\fBprofiles\fR(1)
.RS 4
profiles
is a command\-line utility that can be used to replace all occurrences of a certain SID with another SID\&.
.RE
.PP
\fBlog2pcap\fR(1)
.RS 4
log2pcap
is a utility for generating pcap trace files from Samba log files\&.
.RE
.PP
\fBvfstest\fR(1)
.RS 4
vfstest
is a utility that can be used to test vfs modules\&.
.RE
.PP
\fBntlm_auth\fR(1)
.RS 4
ntlm_auth
is a helper\-utility for external programs wanting to do NTLM\-authentication\&.
.RE
.PP
\fBsmbcquotas\fR(1)
.RS 4
smbcquotas
is a tool to manage quotas on remote SMB servers\&.
.RE
.SH "COMPONENTS"
.PP
The Samba suite is made up of several components\&. Each component is described in a separate manual page\&. It is strongly recommended that you read the documentation that comes with Samba and the manual pages of those components that you use\&. If the manual pages and documents aren\*(Aqt clear enough then please visit
https://devel\&.samba\&.org
for information on how to file a bug report or submit a patch\&.
.PP
If you require help, visit the Samba webpage at
https://www\&.samba\&.org/
and explore the many option available to you\&.
.SH "AVAILABILITY"
.PP
The Samba software suite is licensed under the GNU Public License(GPL)\&. A copy of that license should have come with the package in the file COPYING\&. You are encouraged to distribute copies of the Samba suite, but please obey the terms of this license\&.
.PP
The latest version of the Samba suite can be obtained from
https://download\&.samba\&.org/pub/samba/\&.
.PP
The Samba Wiki at
https://wiki\&.samba\&.org
has also a lot of useful information\&. On the Samba mailing list at
https://lists\&.samba\&.org
you can find a lot of information in the archives and you can subscribe to the samba list and ask for help or discuss things\&.
.SH "VERSION"
.PP
This man page is part of version 4\&.16\&.4 of the Samba suite\&.
.SH "CONTRIBUTIONS"
.PP
If you wish to contribute to the Samba project, then I suggest you join the Samba mailing list at
https://lists\&.samba\&.org\&.
.PP
If you have patches to submit, visit
https://devel\&.samba\&.org/
for information on how to do it properly\&. We prefer patches in
git format\-patch
format\&.
.SH "CONTRIBUTORS"
.PP
Contributors to the project are now too numerous to mention here but all deserve the thanks of all Samba users\&. To see a full list, look at the
change\-log
in the source package for the pre\-CVS changes and at
https://git\&.samba\&.org/
for the contributors to Samba post\-GIT\&. GIT is the Open Source source code control system used by the Samba Team to develop Samba\&. The project would have been unmanageable without it\&.
.SH "AUTHOR"
.PP
The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.

364
net/samba419/files/man/sharesec.1 Normal file
View file

@ -0,0 +1,364 @@
'\" t
.\" Title: sharesec
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Date: 08/09/2022
.\" Manual: User Commands
.\" Source: Samba 4.16.4
.\" Language: English
.\"
.TH "SHARESEC" "1" "08/09/2022" "Samba 4\&.16\&.4" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
sharesec \- Set or get share ACLs
.SH "SYNOPSIS"
.HP \w'\ 'u
sharesec {sharename} [\-r,\ \-\-remove=ACL] [\-m,\ \-\-modify=ACL] [\-a,\ \-\-add=ACL] [\-R,\ \-\-replace=ACLs] [\-D,\ \-\-delete] [\-v,\ \-\-view] [\-\-view\-all] [\-M,\ \-\-machine\-sid] [\-F,\ \-\-force] [\-d,\ \-\-debuglevel=DEBUGLEVEL] [\-s,\ \-\-configfile=CONFIGFILE] [\-l,\ \-\-log\-basename=LOGFILEBASE] [\-S,\ \-\-setsddl=STRING] [\-\-viewsddl] [\-?|\-\-help] [\-\-usage] [\-d|\-\-debuglevel=DEBUGLEVEL] [\-\-debug\-stdout] [\-\-configfile=CONFIGFILE] [\-\-option=name=value] [\-l|\-\-log\-basename=LOGFILEBASE] [\-\-leak\-report] [\-\-leak\-report\-full]
.SH "DESCRIPTION"
.PP
This tool is part of the
\fBsamba\fR(7)
suite\&.
.PP
The
sharesec
program manipulates share permissions on SMB file shares\&.
.SH "OPTIONS"
.PP
The following options are available to the
sharesec
program\&. The format of ACLs is described in the section ACL FORMAT
.PP
\-a|\-\-add=ACL
.RS 4
Add the ACEs specified to the ACL list\&.
.RE
.PP
\-D|\-\-delete
.RS 4
Delete the entire security descriptor\&.
.RE
.PP
\-F|\-\-force
.RS 4
Force storing the ACL\&.
.RE
.PP
\-m|\-\-modify=ACL
.RS 4
Modify existing ACEs\&.
.RE
.PP
\-M|\-\-machine\-sid
.RS 4
Initialize the machine SID\&.
.RE
.PP
\-r|\-\-remove=ACL
.RS 4
Remove ACEs\&.
.RE
.PP
\-R|\-\-replace=ACLS
.RS 4
Overwrite an existing share permission ACL\&.
.RE
.PP
\-v|\-\-view
.RS 4
List a share acl
.RE
.PP
\-\-view\-all
.RS 4
List all share acls
.RE
.PP
\-S|\-\-setsddl=STRING
.RS 4
Set security descriptor by providing ACL in SDDL format\&.
.RE
.PP
\-\-viewsddl
.RS 4
List a share acl in SDDL format\&.
.RE
.PP
\-?|\-\-help
.RS 4
Print a summary of command line options\&.
.RE
.PP
\-\-usage
.RS 4
Display brief usage message\&.
.RE
.PP
\-d|\-\-debuglevel=DEBUGLEVEL
.RS 4
\fIlevel\fR
is an integer from 0 to 10\&. The default value if this parameter is not specified is 1 for client applications\&.
.sp
The higher this value, the more detail will be logged to the log files about the activities of the server\&. At level 0, only critical errors and serious warnings will be logged\&. Level 1 is a reasonable level for day\-to\-day running \- it generates a small amount of information about operations carried out\&.
.sp
Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&.
.sp
Note that specifying this parameter here will override the
\m[blue]\fBlog level\fR\m[]
parameter in the
smb\&.conf
file\&.
.RE
.PP
\-\-debug\-stdout
.RS 4
This will redirect debug output to STDOUT\&. By default all clients are logging to STDERR\&.
.RE
.PP
\-\-configfile=<configuration file>
.RS 4
The file specified contains the configuration details required by the client\&. The information in this file can be general for client and server or only provide client specific like options such as
\m[blue]\fBclient smb encrypt\fR\m[]\&. See
smb\&.conf
for more information\&. The default configuration file name is determined at compile time\&.
.RE
.PP
\-\-option=<name>=<value>
.RS 4
Set the
\fBsmb.conf\fR(5)
option "<name>" to value "<value>" from the command line\&. This overrides compiled\-in defaults and options read from the configuration file\&. If a name or a value includes a space, wrap whole \-\-option=name=value into quotes\&.
.RE
.PP
\-l|\-\-log\-basename=logdirectory
.RS 4
Base directory name for log/debug files\&. The extension
\fB"\&.progname"\fR
will be appended (e\&.g\&. log\&.smbclient, log\&.smbd, etc\&.\&.\&.)\&. The log file is never removed by the client\&.
.RE
.PP
\-\-leak\-report
.RS 4
Enable talloc leak reporting on exit\&.
.RE
.PP
\-\-leak\-report\-full
.RS 4
Enable full talloc leak reporting on exit\&.
.RE
.PP
\-V|\-\-version
.RS 4
Prints the program version number\&.
.RE
.SH "ACL FORMAT"
.PP
The format of an ACL is one or more ACL entries separated by either commas or newlines\&. An ACL entry is one of the following:
.PP
.if n \{\
.RS 4
.\}
.nf
REVISION:<revision number>
OWNER:<sid or name>
GROUP:<sid or name>
ACL:<sid or name>:<type>/<flags>/<mask>
.fi
.if n \{\
.RE
.\}
.PP
The revision of the ACL specifies the internal Windows NT ACL revision for the security descriptor\&. If not specified it defaults to 1\&. Using values other than 1 may cause strange behaviour\&.
.PP
The owner and group specify the owner and group SIDs for the object\&. Share ACLs do not specify an owner or a group, so these fields are empty\&.
.PP
ACLs specify permissions granted to the SID\&. This SID can be specified in S\-1\-x\-y\-z format or as a name in which case it is resolved against the server on which the file or directory resides\&. The type, flags and mask values determine the type of access granted to the SID\&.
.PP
The type can be either ALLOWED or DENIED to allow/deny access to the SID\&. The flags values are generally zero for share ACLs\&.
.PP
The mask is a value which expresses the access right granted to the SID\&. It can be given as a decimal or hexadecimal value, or by using one of the following text strings which map to the NT file permissions of the same name\&.
.RS
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fIR\fR
\- Allow read access
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fIW\fR
\- Allow write access
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fIX\fR
\- Execute permission on the object
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fID\fR
\- Delete the object
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fIP\fR
\- Change permissions
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fIO\fR
\- Take ownership
.RE
.sp
.RE
.PP
The following combined permissions can be specified:
.RS
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fIREAD\fR
\- Equivalent to \*(AqRX\*(Aq permissions
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fICHANGE\fR
\- Equivalent to \*(AqRXWD\*(Aq permissions
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fIFULL\fR
\- Equivalent to \*(AqRWXDPO\*(Aq permissions
.RE
.SH "EXIT STATUS"
.PP
The
sharesec
program sets the exit status depending on the success or otherwise of the operations performed\&. The exit status may be one of the following values\&.
.PP
If the operation succeeded, sharesec returns and exit status of 0\&. If
sharesec
couldn\*(Aqt connect to the specified server, or there was an error getting or setting the ACLs, an exit status of 1 is returned\&. If there was an error parsing any command line arguments, an exit status of 2 is returned\&.
.SH "EXAMPLES"
.PP
Add full access for SID
\fIS\-1\-5\-21\-1866488690\-1365729215\-3963860297\-17724\fR
on
\fIshare\fR:
.sp
.if n \{\
.RS 4
.\}
.nf
host:~ # sharesec share \-a S\-1\-5\-21\-1866488690\-1365729215\-3963860297\-17724:ALLOWED/0/FULL
.fi
.if n \{\
.RE
.\}
.PP
List all ACEs for
\fIshare\fR:
.sp
.if n \{\
.RS 4
.\}
.nf
host:~ # sharesec share \-v
REVISION:1
CONTROL:SR|DP
OWNER:
GROUP:
ACL:S\-1\-1\-0:ALLOWED/0x0/FULL
ACL:S\-1\-5\-21\-1866488690\-1365729215\-3963860297\-17724:ALLOWED/0x0/FULL
.fi
.if n \{\
.RE
.\}
.SH "VERSION"
.PP
This man page is part of version 4\&.16\&.4 of the Samba suite\&.
.SH "AUTHOR"
.PP
The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.

13994
net/samba419/files/man/smb.conf.5 Normal file
View file

File diff suppressed because it is too large Load diff

1044
net/samba419/files/man/smbcacls.1 Normal file
View file

File diff suppressed because it is too large Load diff

1253
net/samba419/files/man/smbclient.1 Normal file
View file

File diff suppressed because it is too large Load diff

343
net/samba419/files/man/smbcontrol.1 Normal file
View file

@ -0,0 +1,343 @@
'\" t
.\" Title: smbcontrol
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Date: 08/09/2022
.\" Manual: User Commands
.\" Source: Samba 4.16.4
.\" Language: English
.\"
.TH "SMBCONTROL" "1" "08/09/2022" "Samba 4\&.16\&.4" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
smbcontrol \- send messages to smbd, nmbd or winbindd processes
.SH "SYNOPSIS"
.HP \w'\ 'u
smbcontrol [\-?|\-\-help] [\-\-usage] [\-t|\-\-timeout] [\-d|\-\-debuglevel=DEBUGLEVEL] [\-\-debug\-stdout] [\-\-configfile=CONFIGFILE] [\-\-option=name=value] [\-l|\-\-log\-basename=LOGFILEBASE] [\-\-leak\-report] [\-\-leak\-report\-full]
.HP \w'\ 'u
smbcontrol [destination] [message\-type] [parameter]
.SH "DESCRIPTION"
.PP
This tool is part of the
\fBsamba\fR(7)
suite\&.
.PP
smbcontrol
is a very small program, which sends messages to a
\fBsmbd\fR(8), a
\fBnmbd\fR(8), or a
\fBwinbindd\fR(8)
daemon running on the system\&.
.SH "OPTIONS"
.PP
\-t|\-\-timeout
.RS 4
Set timeout to seconds\&.
.RE
.PP
destination
.RS 4
One of
\fInmbd\fR,
\fIsmbd\fR,
\fIwinbindd\fR
or a process ID\&.
.sp
The
\fIall\fR
destination causes the message to "broadcast" to all running daemons including nmbd and winbind\&. This is a change for Samba 3\&.3, prior to this the parameter smbd used to do this\&.
.sp
The
\fIsmbd\fR
destination causes the message to be sent to the smbd daemon specified in the
smbd\&.pid
file\&.
.sp
The
\fInmbd\fR
destination causes the message to be sent to the nmbd daemon specified in the
nmbd\&.pid
file\&.
.sp
The
\fIwinbindd\fR
destination causes the message to be sent to the winbind daemon specified in the
winbindd\&.pid
file\&.
.sp
If a single process ID is given, the message is sent to only that process\&.
.RE
.PP
message\-type
.RS 4
Type of message to send\&. See the section
\fBMESSAGE\-TYPES\fR
for details\&.
.RE
.PP
parameters
.RS 4
any parameters required for the message\-type
.RE
.PP
\-?|\-\-help
.RS 4
Print a summary of command line options\&.
.RE
.PP
\-\-usage
.RS 4
Display brief usage message\&.
.RE
.PP
\-d|\-\-debuglevel=DEBUGLEVEL
.RS 4
\fIlevel\fR
is an integer from 0 to 10\&. The default value if this parameter is not specified is 1 for client applications\&.
.sp
The higher this value, the more detail will be logged to the log files about the activities of the server\&. At level 0, only critical errors and serious warnings will be logged\&. Level 1 is a reasonable level for day\-to\-day running \- it generates a small amount of information about operations carried out\&.
.sp
Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&.
.sp
Note that specifying this parameter here will override the
\m[blue]\fBlog level\fR\m[]
parameter in the
smb\&.conf
file\&.
.RE
.PP
\-\-debug\-stdout
.RS 4
This will redirect debug output to STDOUT\&. By default all clients are logging to STDERR\&.
.RE
.PP
\-\-configfile=<configuration file>
.RS 4
The file specified contains the configuration details required by the client\&. The information in this file can be general for client and server or only provide client specific like options such as
\m[blue]\fBclient smb encrypt\fR\m[]\&. See
smb\&.conf
for more information\&. The default configuration file name is determined at compile time\&.
.RE
.PP
\-\-option=<name>=<value>
.RS 4
Set the
\fBsmb.conf\fR(5)
option "<name>" to value "<value>" from the command line\&. This overrides compiled\-in defaults and options read from the configuration file\&. If a name or a value includes a space, wrap whole \-\-option=name=value into quotes\&.
.RE
.PP
\-l|\-\-log\-basename=logdirectory
.RS 4
Base directory name for log/debug files\&. The extension
\fB"\&.progname"\fR
will be appended (e\&.g\&. log\&.smbclient, log\&.smbd, etc\&.\&.\&.)\&. The log file is never removed by the client\&.
.RE
.PP
\-\-leak\-report
.RS 4
Enable talloc leak reporting on exit\&.
.RE
.PP
\-\-leak\-report\-full
.RS 4
Enable full talloc leak reporting on exit\&.
.RE
.PP
\-V|\-\-version
.RS 4
Prints the program version number\&.
.RE
.SH "MESSAGE\-TYPES"
.PP
Available message types are:
.PP
close\-share
.RS 4
Order smbd to close the client connections to the named share\&. Note that this doesn\*(Aqt affect client connections to any other shares\&. This message\-type takes an argument of the share name for which client connections will be closed, or the "*" character which will close all currently open shares\&. This may be useful if you made changes to the access controls on the share\&. This message can only be sent to
\fBsmbd\fR\&.
.RE
.PP
close\-denied\-share
.RS 4
Behave like
\fBclose\-share\fR, but don\*(Aqt disconnect users that are still allowed to access the share\&. It can safely be sent to all smbds after changing share access controls\&. It will only affect users who have been denied access since having connected initially\&. This message can only be sent to
\fBsmbd\fR\&.
.RE
.PP
debug
.RS 4
Set debug level to the value specified by the parameter\&. This can be sent to any of the destinations\&. If this message is sent to either the smbd or winbindd daemons, the parent process will rebroadcast the message to all child processes changing the debug level in each one\&.
.RE
.PP
kill\-client\-ip
.RS 4
Order smbd to close the client connections from a given IP address\&. This message\-type takes an argument of the IP address from which client connections will be closed\&. This message can only be sent to
\fBsmbd\fR\&.
.RE
.PP
force\-election
.RS 4
This message causes the
nmbd
daemon to force a new browse master election\&.
.RE
.PP
ping
.RS 4
Send specified number of "ping" messages and wait for the same number of reply "pong" messages\&. This can be sent to any of the destinations\&.
.RE
.PP
profile
.RS 4
Change profile settings of a daemon, based on the parameter\&. The parameter can be "on" to turn on profile stats collection, "off" to turn off profile stats collection, "count" to enable only collection of count stats (time stats are disabled), and "flush" to zero the current profile stats\&. This can be sent to any smbd or nmbd destinations\&.
.RE
.PP
debuglevel
.RS 4
Request debuglevel of a certain daemon and write it to stdout\&. This can be sent to any of the destinations\&.
.RE
.PP
profilelevel
.RS 4
Request profilelevel of a certain daemon and write it to stdout\&. This can be sent to any smbd or nmbd destinations\&.
.RE
.PP
printnotify
.RS 4
Order smbd to send a printer notify message to any Windows NT clients connected to a printer\&. This message\-type takes the following arguments:
.PP
queuepause printername
.RS 4
Send a queue pause change notify message to the printer specified\&.
.RE
.PP
queueresume printername
.RS 4
Send a queue resume change notify message for the printer specified\&.
.RE
.PP
jobpause printername unixjobid
.RS 4
Send a job pause change notify message for the printer and unix jobid specified\&.
.RE
.PP
jobresume printername unixjobid
.RS 4
Send a job resume change notify message for the printer and unix jobid specified\&.
.RE
.PP
jobdelete printername unixjobid
.RS 4
Send a job delete change notify message for the printer and unix jobid specified\&.
.RE
.sp
Note that this message only sends notification that an event has occurred\&. It doesn\*(Aqt actually cause the event to happen\&.
.sp
This message can only be sent to
\fBsmbd\fR\&.
.RE
.PP
dmalloc\-mark
.RS 4
Set a mark for dmalloc\&. Can be sent to both smbd and nmbd\&. Only available if samba is built with dmalloc support\&.
.RE
.PP
dmalloc\-log\-changed
.RS 4
Dump the pointers that have changed since the mark set by dmalloc\-mark\&. Can be sent to both smbd and nmbd\&. Only available if samba is built with dmalloc support\&.
.RE
.PP
shutdown
.RS 4
Shut down specified daemon\&. Can be sent to both smbd and nmbd\&.
.RE
.PP
pool\-usage
.RS 4
Print a human\-readable description of all talloc(pool) memory usage by the specified daemon/process\&. Available for both smbd and nmbd\&.
.RE
.PP
ringbuf\-log
.RS 4
Fetch and print the ringbuf log\&. Requires
\fIlogging = ringbuf\fR\&. Available for smbd, winbindd and nmbd\&.
.RE
.PP
drvupgrade
.RS 4
Force clients of printers using specified driver to update their local version of the driver\&. Can only be sent to smbd\&.
.RE
.PP
reload\-config
.RS 4
Force daemon to reload smb\&.conf configuration file\&. Can be sent to
\fBsmbd\fR,
\fBnmbd\fR, or
\fBwinbindd\fR\&.
.RE
.PP
reload\-printers
.RS 4
Force smbd to reload printers\&. Can only be sent to
\fBsmbd\fR\&.
.RE
.PP
idmap
.RS 4
Notify about changes of id mapping\&. Can be sent to
\fBsmbd\fR
or (not implemented yet)
\fBwinbindd\fR\&.
.PP
flush [uid|gid]
.RS 4
Flush caches for sid <\-> gid and/or sid <\-> uid mapping\&.
.RE
.PP
delete <ID>
.RS 4
Remove a mapping from cache\&. The mapping is given by <ID> which may either be a sid: S\-x\-\&.\&.\&., a gid: "GID number" or a uid: "UID number"\&.
.RE
.PP
kill <ID>
.RS 4
Remove a mapping from cache\&. Terminate
\fBsmbd\fR
if the id is currently in use\&.
.RE
.RE
.PP
num\-children
.RS 4
Query the number of smbd child processes\&. This message can only be sent to
\fBsmbd\fR\&.
.RE
.SH "VERSION"
.PP
This man page is part of version 4\&.16\&.4 of the Samba suite\&.
.SH "SEE ALSO"
.PP
\fBnmbd\fR(8)
and
\fBsmbd\fR(8)\&.
.SH "AUTHOR"
.PP
The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.

440
net/samba419/files/man/smbcquotas.1 Normal file
View file

@ -0,0 +1,440 @@
'\" t
.\" Title: smbcquotas
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Date: 08/09/2022
.\" Manual: User Commands
.\" Source: Samba 4.16.4
.\" Language: English
.\"
.TH "SMBCQUOTAS" "1" "08/09/2022" "Samba 4\&.16\&.4" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
smbcquotas \- Set or get QUOTAs of NTFS 5 shares
.SH "SYNOPSIS"
.HP \w'\ 'u
smbcquotas {//server/share} [\-u|\-\-quota\-user=USER] [\-L|\-\-list] [\-F|\-\-fs] [\-S|\-\-set=SETSTRING] [\-n|\-\-numeric] [\-v|\-\-verbose] [\-t|\-\-test\-args] [\-?|\-\-help] [\-\-usage] [\-d|\-\-debuglevel=DEBUGLEVEL] [\-\-debug\-stdout] [\-\-configfile=CONFIGFILE] [\-\-option=name=value] [\-l|\-\-log\-basename=LOGFILEBASE] [\-\-leak\-report] [\-\-leak\-report\-full] [\-R|\-\-name\-resolve=NAME\-RESOLVE\-ORDER] [\-O|\-\-socket\-options=SOCKETOPTIONS] [\-m|\-\-max\-protocol=MAXPROTOCOL] [\-n|\-\-netbiosname=NETBIOSNAME] [\-\-netbios\-scope=SCOPE] [\-W|\-\-workgroup=WORKGROUP] [\-\-realm=REALM] [\-U|\-\-user=[DOMAIN/]USERNAME[%PASSWORD]] [\-N|\-\-no\-pass] [\-\-password=STRING] [\-\-pw\-nt\-hash] [\-A|\-\-authentication\-file=FILE] [\-P|\-\-machine\-pass] [\-\-simple\-bind\-dn=DN] [\-\-use\-kerberos=desired|required|off] [\-\-use\-krb5\-ccache=CCACHE] [\-\-use\-winbind\-ccache] [\-\-client\-protection=sign|encrypt|off] [\-V|\-\-version]
.SH "DESCRIPTION"
.PP
This tool is part of the
\fBsamba\fR(7)
suite\&.
.PP
The
smbcquotas
program manipulates NT Quotas on SMB file shares\&.
.SH "OPTIONS"
.PP
The following options are available to the
smbcquotas
program\&.
.PP
\-u|\-\-quota\-user user
.RS 4
Specifies the user of whom the quotas are get or set\&. By default the current user\*(Aqs username will be used\&.
.RE
.PP
\-L|\-\-list
.RS 4
Lists all quota records of the share\&.
.RE
.PP
\-F|\-\-fs
.RS 4
Show the share quota status and default limits\&.
.RE
.PP
\-S|\-\-set QUOTA_SET_COMMAND
.RS 4
This command sets/modifies quotas for a user or on the share, depending on the QUOTA_SET_COMMAND parameter which is described later\&.
.RE
.PP
\-n|\-\-numeric
.RS 4
This option displays all QUOTA information in numeric format\&. The default is to convert SIDs to names and QUOTA limits to a readable string format\&.
.RE
.PP
\-t|\-\-test\-args
.RS 4
Don\*(Aqt actually do anything, only validate the correctness of the arguments\&.
.RE
.PP
\-v|\-\-verbose
.RS 4
Be verbose\&.
.RE
.PP
\-?|\-\-help
.RS 4
Print a summary of command line options\&.
.RE
.PP
\-\-usage
.RS 4
Display brief usage message\&.
.RE
.PP
\-d|\-\-debuglevel=DEBUGLEVEL
.RS 4
\fIlevel\fR
is an integer from 0 to 10\&. The default value if this parameter is not specified is 1 for client applications\&.
.sp
The higher this value, the more detail will be logged to the log files about the activities of the server\&. At level 0, only critical errors and serious warnings will be logged\&. Level 1 is a reasonable level for day\-to\-day running \- it generates a small amount of information about operations carried out\&.
.sp
Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&.
.sp
Note that specifying this parameter here will override the
\m[blue]\fBlog level\fR\m[]
parameter in the
smb\&.conf
file\&.
.RE
.PP
\-\-debug\-stdout
.RS 4
This will redirect debug output to STDOUT\&. By default all clients are logging to STDERR\&.
.RE
.PP
\-\-configfile=<configuration file>
.RS 4
The file specified contains the configuration details required by the client\&. The information in this file can be general for client and server or only provide client specific like options such as
\m[blue]\fBclient smb encrypt\fR\m[]\&. See
smb\&.conf
for more information\&. The default configuration file name is determined at compile time\&.
.RE
.PP
\-\-option=<name>=<value>
.RS 4
Set the
\fBsmb.conf\fR(5)
option "<name>" to value "<value>" from the command line\&. This overrides compiled\-in defaults and options read from the configuration file\&. If a name or a value includes a space, wrap whole \-\-option=name=value into quotes\&.
.RE
.PP
\-l|\-\-log\-basename=logdirectory
.RS 4
Base directory name for log/debug files\&. The extension
\fB"\&.progname"\fR
will be appended (e\&.g\&. log\&.smbclient, log\&.smbd, etc\&.\&.\&.)\&. The log file is never removed by the client\&.
.RE
.PP
\-\-leak\-report
.RS 4
Enable talloc leak reporting on exit\&.
.RE
.PP
\-\-leak\-report\-full
.RS 4
Enable full talloc leak reporting on exit\&.
.RE
.PP
\-V|\-\-version
.RS 4
Prints the program version number\&.
.RE
.PP
\-R|\-\-name\-resolve=NAME\-RESOLVE\-ORDER
.RS 4
This option is used to determine what naming services and in what order to resolve host names to IP addresses\&. The option takes a space\-separated string of different name resolution options\&. The best ist to wrap the whole \-\-name\-resolve=NAME\-RESOLVE\-ORDER into quotes\&.
.sp
The options are: "lmhosts", "host", "wins" and "bcast"\&. They cause names to be resolved as follows:
.RS
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fBlmhosts\fR: Lookup an IP address in the Samba lmhosts file\&. If the line in lmhosts has no name type attached to the NetBIOS name (see the
\fBlmhosts\fR(5)
for details) then any name type matches for lookup\&.
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fBhost\fR: Do a standard host name to IP address resolution, using the system
/etc/hosts, NIS, or DNS lookups\&. This method of name resolution is operating system dependent, for instance on IRIX or Solaris this may be controlled by the
/etc/nsswitch\&.conf
file)\&. Note that this method is only used if the NetBIOS name type being queried is the 0x20 (server) name type, otherwise it is ignored\&.
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fBwins\fR: Query a name with the IP address listed in the
\fIwins server\fR
parameter\&. If no WINS server has been specified this method will be ignored\&.
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fBbcast\fR: Do a broadcast on each of the known local interfaces listed in the
\fIinterfaces\fR
parameter\&. This is the least reliable of the name resolution methods as it depends on the target host being on a locally connected subnet\&.
.RE
.sp
.RE
If this parameter is not set then the name resolve order defined in the
smb\&.conf
file parameter (\m[blue]\fBname resolve order\fR\m[]) will be used\&.
.sp
The default order is lmhosts, host, wins, bcast\&. Without this parameter or any entry in the
\m[blue]\fBname resolve order\fR\m[]
parameter of the
smb\&.conf
file, the name resolution methods will be attempted in this order\&.
.RE
.PP
\-O|\-\-socket\-options=SOCKETOPTIONS
.RS 4
TCP socket options to set on the client socket\&. See the socket options parameter in the
smb\&.conf
manual page for the list of valid options\&.
.RE
.PP
\-m|\-\-max\-protocol=MAXPROTOCOL
.RS 4
The value of the parameter (a string) is the highest protocol level that will be supported by the client\&.
.sp
Note that specifying this parameter here will override the
\m[blue]\fBclient max protocol\fR\m[]
parameter in the
smb\&.conf
file\&.
.RE
.PP
\-n|\-\-netbiosname=NETBIOSNAME
.RS 4
This option allows you to override the NetBIOS name that Samba uses for itself\&. This is identical to setting the
\m[blue]\fBnetbios name\fR\m[]
parameter in the
smb\&.conf
file\&. However, a command line setting will take precedence over settings in
smb\&.conf\&.
.RE
.PP
\-\-netbios\-scope=SCOPE
.RS 4
This specifies a NetBIOS scope that
nmblookup
will use to communicate with when generating NetBIOS names\&. For details on the use of NetBIOS scopes, see rfc1001\&.txt and rfc1002\&.txt\&. NetBIOS scopes are
\fIvery\fR
rarely used, only set this parameter if you are the system administrator in charge of all the NetBIOS systems you communicate with\&.
.RE
.PP
\-W|\-\-workgroup=WORKGROUP
.RS 4
Set the SMB domain of the username\&. This overrides the default domain which is the domain defined in smb\&.conf\&. If the domain specified is the same as the servers NetBIOS name, it causes the client to log on using the servers local SAM (as opposed to the Domain SAM)\&.
.sp
Note that specifying this parameter here will override the
\m[blue]\fBworkgroup\fR\m[]
parameter in the
smb\&.conf
file\&.
.RE
.PP
\-r|\-\-realm=REALM
.RS 4
Set the realm for the domain\&.
.sp
Note that specifying this parameter here will override the
\m[blue]\fBrealm\fR\m[]
parameter in the
smb\&.conf
file\&.
.RE
.PP
\-U|\-\-user=[DOMAIN\e]USERNAME[%PASSWORD]
.RS 4
Sets the SMB username or username and password\&.
.sp
If %PASSWORD is not specified, the user will be prompted\&. The client will first check the
\fBUSER\fR
environment variable (which is also permitted to also contain the password seperated by a %), then the
\fBLOGNAME\fR
variable (which is not permitted to contain a password) and if either exists, the value is used\&. If these environmental variables are not found, the username found in a Kerberos Credentials cache may be used\&.
.sp
A third option is to use a credentials file which contains the plaintext of the username and password\&. This option is mainly provided for scripts where the admin does not wish to pass the credentials on the command line or via environment variables\&. If this method is used, make certain that the permissions on the file restrict access from unwanted users\&. See the
\fI\-A\fR
for more details\&.
.sp
Be cautious about including passwords in scripts or passing user\-supplied values onto the command line\&. For security it is better to let the Samba client tool ask for the password if needed, or obtain the password once with
kinit\&.
.sp
While Samba will attempt to scrub the password from the process title (as seen in ps), this is after startup and so is subject to a race\&.
.RE
.PP
\-N|\-\-no\-pass
.RS 4
If specified, this parameter suppresses the normal password prompt from the client to the user\&. This is useful when accessing a service that does not require a password\&.
.sp
Unless a password is specified on the command line or this parameter is specified, the client will request a password\&.
.sp
If a password is specified on the command line and this option is also defined the password on the command line will be silently ignored and no password will be used\&.
.RE
.PP
\-\-password
.RS 4
Specify the password on the commandline\&.
.sp
Be cautious about including passwords in scripts or passing user\-supplied values onto the command line\&. For security it is better to let the Samba client tool ask for the password if needed, or obtain the password once with
kinit\&.
.sp
If \-\-password is not specified, the tool will check the
\fBPASSWD\fR
environment variable, followed by
\fBPASSWD_FD\fR
which is expected to contain an open file descriptor (FD) number\&.
.sp
Finally it will check
\fBPASSWD_FILE\fR
(containing a file path to be opened)\&. The file should only contain the password\&. Make certain that the permissions on the file restrict access from unwanted users!
.sp
While Samba will attempt to scrub the password from the process title (as seen in ps), this is after startup and so is subject to a race\&.
.RE
.PP
\-\-pw\-nt\-hash
.RS 4
The supplied password is the NT hash\&.
.RE
.PP
\-A|\-\-authentication\-file=filename
.RS 4
This option allows you to specify a file from which to read the username and password used in the connection\&. The format of the file is:
.sp
.if n \{\
.RS 4
.\}
.nf
username = <value>
password = <value>
domain = <value>
.fi
.if n \{\
.RE
.\}
.sp
Make certain that the permissions on the file restrict access from unwanted users!
.RE
.PP
\-P|\-\-machine\-pass
.RS 4
Use stored machine account password\&.
.RE
.PP
\-\-simple\-bind\-dn=DN
.RS 4
DN to use for a simple bind\&.
.RE
.PP
\-\-use\-kerberos=desired|required|off
.RS 4
This parameter determines whether Samba client tools will try to authenticate using Kerberos\&. For Kerberos authentication you need to use dns names instead of IP addresses when connnecting to a service\&.
.sp
Note that specifying this parameter here will override the
\m[blue]\fBclient use kerberos\fR\m[]
parameter in the
smb\&.conf
file\&.
.RE
.PP
\-\-use\-krb5\-ccache=CCACHE
.RS 4
Specifies the credential cache location for Kerberos authentication\&.
.sp
This will set \-\-use\-kerberos=required too\&.
.RE
.PP
\-\-use\-winbind\-ccache
.RS 4
Try to use the credential cache by winbind\&.
.RE
.PP
\-\-client\-protection=sign|encrypt|off
.RS 4
Sets the connection protection the client tool should use\&.
.sp
Note that specifying this parameter here will override the
\m[blue]\fBclient protection\fR\m[]
parameter in the
smb\&.conf
file\&.
.sp
In case you need more fine grained control you can use:
\-\-option=clientsmbencrypt=OPTION,
\-\-option=clientipcsigning=OPTION,
\-\-option=clientsigning=OPTION\&.
.RE
.SH "QUOTA_SET_COMMAND"
.PP
The format of an the QUOTA_SET_COMMAND is an operation name followed by a set of parameters specific to that operation\&.
.PP
To set user quotas for the user specified by \-u or for the current username:
.PP
\fB UQLIM:<username>:<softlimit>/<hardlimit> \fR
.PP
To set the default quotas for a share:
.PP
\fB FSQLIM:<softlimit>/<hardlimit> \fR
.PP
To change the share quota settings:
.PP
\fB FSQFLAGS:QUOTA_ENABLED/DENY_DISK/LOG_SOFTLIMIT/LOG_HARD_LIMIT \fR
.PP
All limits are specified as a number of bytes\&.
.SH "EXIT STATUS"
.PP
The
smbcquotas
program sets the exit status depending on the success or otherwise of the operations performed\&. The exit status may be one of the following values\&.
.PP
If the operation succeeded, smbcquotas returns an exit status of 0\&. If
smbcquotas
couldn\*(Aqt connect to the specified server, or when there was an error getting or setting the quota(s), an exit status of 1 is returned\&. If there was an error parsing any command line arguments, an exit status of 2 is returned\&.
.SH "VERSION"
.PP
This man page is part of version 4\&.16\&.4 of the Samba suite\&.
.SH "AUTHOR"
.PP
The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
.PP
smbcquotas
was written by Stefan Metzmacher\&.

197
net/samba419/files/man/smbget.1 Normal file
View file

@ -0,0 +1,197 @@
'\" t
.\" Title: smbget
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Date: 08/09/2022
.\" Manual: User Commands
.\" Source: Samba 4.16.4
.\" Language: English
.\"
.TH "SMBGET" "1" "08/09/2022" "Samba 4\&.16\&.4" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
smbget \- wget\-like utility for download files over SMB
.SH "SYNOPSIS"
.HP \w'\ 'u
smbget [\-a,\ \-\-guest] [\-r,\ \-\-resume] [\-R,\ \-\-recursive] [\-U,\ \-\-user=STRING] [\-w,\ \-\-workgroup=STRING] [\-n,\ \-\-nonprompt] [\-d,\ \-\-debuglevel=INT] [\-D,\ \-\-dots] [\-o,\ \-\-outputfile] [\-f,\ \-\-rcfile] [\-q,\ \-\-quiet] [\-v,\ \-\-verbose] [\-b,\ \-\-blocksize] [\-O,\ \-\-stdout] [\-u,\ \-\-update] [\-e,\ \-\-encrypt] [\-?,\ \-\-help] [\-\-usage] {smb://host/share/path/to/file} [smb://url2/] [\&.\&.\&.]
.SH "DESCRIPTION"
.PP
This tool is part of the
\fBsamba\fR(7)
suite\&.
.PP
smbget is a simple utility with wget\-like semantics, that can download files from SMB servers\&. You can specify the files you would like to download on the command\-line\&.
.PP
The files should be in the smb\-URL standard, e\&.g\&. use smb://host/share/file for the UNC path
\fI\e\e\e\eHOST\e\eSHARE\e\efile\fR\&.
.SH "OPTIONS"
.PP
\-a, \-\-guest
.RS 4
Work as user guest
.RE
.PP
\-r, \-\-resume
.RS 4
Automatically resume aborted files
.RE
.PP
\-R, \-\-recursive
.RS 4
Recursively download files
.RE
.PP
\-U, \-\-user=\fIusername[%password]\fR
.RS 4
Username (and password) to use
.RE
.PP
\-w, \-\-workgroup=STRING
.RS 4
Workgroup to use (optional)
.RE
.PP
\-n, \-\-nonprompt
.RS 4
Don\*(Aqt ask anything (non\-interactive)
.RE
.PP
\-d, \-\-debuglevel=INT
.RS 4
Debuglevel to use
.RE
.PP
\-D, \-\-dots
.RS 4
Show dots as progress indication
.RE
.PP
\-o, \-\-outputfile
.RS 4
Write the file that is being downloaded to the specified file\&. Can not be used together with \-R\&.
.RE
.PP
\-O, \-\-stdout
.RS 4
Write the file that is being downloaded to standard output\&.
.RE
.PP
\-f, \-\-rcfile
.RS 4
Use specified rcfile\&. This will be loaded in the order it was specified \- e\&.g\&. if you specify any options before this one, they might get overridden by the contents of the rcfile\&.
.RE
.PP
\-q, \-\-quiet
.RS 4
Be quiet
.RE
.PP
\-v, \-\-verbose
.RS 4
Be verbose
.RE
.PP
\-b, \-\-blocksize
.RS 4
Number of bytes to download in a block\&. Defaults to 64000\&.
.RE
.PP
\-?, \-\-help
.RS 4
Show help message
.RE
.PP
\-\-usage
.RS 4
Display brief usage message
.RE
.PP
\-u, \-\-update
.RS 4
Download only when remote file is newer than local file or local file is missing\&.
.RE
.PP
\-e, \-\-encrypt
.RS 4
Enable SMB encryption\&.
.RE
.SH "SMB URLS"
.PP
SMB URL\*(Aqs should be specified in the following format:
.PP
.if n \{\
.RS 4
.\}
.nf
smb://[[[domain;]user[:password@]]server[/share[/path[/file]]]]
.fi
.if n \{\
.RE
.\}
.PP
.if n \{\
.RS 4
.\}
.nf
smb:// means all the workgroups
.fi
.if n \{\
.RE
.\}
.PP
.if n \{\
.RS 4
.\}
.nf
smb://name/ means, if \fIname\fR is a workgroup, all the servers in this workgroup, or if \fIname\fR is a server, all the shares on this server\&.
.fi
.if n \{\
.RE
.\}
.SH "EXAMPLES"
.sp
.if n \{\
.RS 4
.\}
.nf
# Recursively download \*(Aqsrc\*(Aq directory
smbget \-R smb://rhonwyn/jelmer/src
# Download FreeBSD ISO and enable resuming
smbget \-r smb://rhonwyn/isos/FreeBSD5\&.1\&.iso
# Recursively download all ISOs
smbget \-Rr smb://rhonwyn/isos
# Backup my data on rhonwyn
smbget \-Rr smb://rhonwyn/
.fi
.if n \{\
.RE
.\}
.SH "BUGS"
.PP
Permission denied is returned in some cases where the cause of the error is unknown (such as an illegally formatted smb:// url or trying to get a directory without \-R turned on)\&.
.SH "VERSION"
.PP
This man page is part of version 4\&.16\&.4 of the Samba suite\&.
.SH "AUTHOR"
.PP
The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
.PP
The smbget manpage was written by Jelmer Vernooij\&.

100
net/samba419/files/man/smbgetrc.5 Normal file
View file

@ -0,0 +1,100 @@
'\" t
.\" Title: smbgetrc
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Date: 08/09/2022
.\" Manual: File Formats and Conventions
.\" Source: Samba 4.16.4
.\" Language: English
.\"
.TH "SMBGETRC" "5" "08/09/2022" "Samba 4\&.16\&.4" "File Formats and Conventions"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
smbgetrc \- configuration file for smbget
.SH "SYNOPSIS"
.PP
smbgetrc
.SH "DESCRIPTION"
.PP
This manual page documents the format and options of the
\fIsmbgetrc\fR
file\&. This is the configuration file used by the
\fBsmbget\fR(1)
utility\&. The file contains of key\-value pairs, one pair on each line\&. The key and value should be separated by a space\&.
.PP
By default, smbget reads its configuration from
\fI$HOME/\&.smbgetrc\fR, though other locations can be specified using the command\-line options\&.
.SH "OPTIONS"
.PP
The following keys can be set:
.PP
resume on|off
.RS 4
Whether aborted downloads should be automatically resumed\&.
.RE
.PP
recursive on|off
.RS 4
Whether directories should be downloaded recursively
.RE
.PP
user \fIname[%password]\fR
.RS 4
Username (and password) to use when logging in to the remote server\&. Use an empty string for anonymous access\&.
.RE
.PP
workgroup \fIwg\fR
.RS 4
Workgroup to use when logging in
.RE
.PP
nonprompt on|off
.RS 4
Turns off asking for username and password\&. Useful for scripts\&.
.RE
.PP
debuglevel \fIint\fR
.RS 4
(Samba) debuglevel to run at\&. Useful for tracking down protocol level problems\&.
.RE
.PP
dots on|off
.RS 4
Whether a single dot should be printed for each block that has been downloaded, instead of the default progress indicator\&.
.RE
.PP
blocksize \fIint\fR
.RS 4
Number of bytes to put in a block\&.
.RE
.SH "VERSION"
.PP
This man page is part of version 4\&.16\&.4 of the Samba suite\&.
.SH "SEE ALSO"
.PP
\fBsmbget\fR(1)
and
\fBSamba\fR(7)\&.
.SH "AUTHOR"
.PP
The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
.PP
This manual page was written by Jelmer Vernooij

175
net/samba419/files/man/smbpasswd.5 Normal file
View file

@ -0,0 +1,175 @@
'\" t
.\" Title: smbpasswd
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Date: 08/09/2022
.\" Manual: File Formats and Conventions
.\" Source: Samba 4.16.4
.\" Language: English
.\"
.TH "SMBPASSWD" "5" "08/09/2022" "Samba 4\&.16\&.4" "File Formats and Conventions"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
smbpasswd \- The Samba encrypted password file
.SH "SYNOPSIS"
.PP
smbpasswd
.SH "DESCRIPTION"
.PP
This tool is part of the
\fBsamba\fR(7)
suite\&.
.PP
smbpasswd is the Samba encrypted password file\&. It contains the username, Unix user id and the SMB hashed passwords of the user, as well as account flag information and the time the password was last changed\&. This file format has been evolving with Samba and has had several different formats in the past\&.
.SH "FILE FORMAT"
.PP
The format of the smbpasswd file used by Samba 2\&.2 is very similar to the familiar Unix
passwd(5)
file\&. It is an ASCII file containing one line for each user\&. Each field within each line is separated from the next by a colon\&. Any entry beginning with \*(Aq#\*(Aq is ignored\&. The smbpasswd file contains the following information for each user:
.PP
name
.RS 4
This is the user name\&. It must be a name that already exists in the standard UNIX passwd file\&.
.RE
.PP
uid
.RS 4
This is the UNIX uid\&. It must match the uid field for the same user entry in the standard UNIX passwd file\&. If this does not match then Samba will refuse to recognize this smbpasswd file entry as being valid for a user\&.
.RE
.PP
Lanman Password Hash
.RS 4
This is the LANMAN hash of the user\*(Aqs password, encoded as 32 hex digits\&. The LANMAN hash is created by DES encrypting a well known string with the user\*(Aqs password as the DES key\&. This is the same password used by Windows 95/98 machines\&. Note that this password hash is regarded as weak as it is vulnerable to dictionary attacks and if two users choose the same password this entry will be identical (i\&.e\&. the password is not "salted" as the UNIX password is)\&. If the user has a null password this field will contain the characters "NO PASSWORD" as the start of the hex string\&. If the hex string is equal to 32 \*(AqX\*(Aq characters then the user\*(Aqs account is marked as
\fBdisabled\fR
and the user will not be able to log onto the Samba server\&.
.sp
\fIWARNING !!\fR
Note that, due to the challenge\-response nature of the SMB/CIFS authentication protocol, anyone with a knowledge of this password hash will be able to impersonate the user on the network\&. For this reason these hashes are known as
\fIplain text equivalents\fR
and must
\fINOT\fR
be made available to anyone but the root user\&. To protect these passwords the smbpasswd file is placed in a directory with read and traverse access only to the root user and the smbpasswd file itself must be set to be read/write only by root, with no other access\&.
.RE
.PP
NT Password Hash
.RS 4
This is the Windows NT hash of the user\*(Aqs password, encoded as 32 hex digits\&. The Windows NT hash is created by taking the user\*(Aqs password as represented in 16\-bit, little\-endian UNICODE and then applying the MD4 (internet rfc1321) hashing algorithm to it\&.
.sp
This password hash is considered more secure than the LANMAN Password Hash as it preserves the case of the password and uses a much higher quality hashing algorithm\&. However, it is still the case that if two users choose the same password this entry will be identical (i\&.e\&. the password is not "salted" as the UNIX password is)\&.
.sp
\fIWARNING !!\fR\&. Note that, due to the challenge\-response nature of the SMB/CIFS authentication protocol, anyone with a knowledge of this password hash will be able to impersonate the user on the network\&. For this reason these hashes are known as
\fIplain text equivalents\fR
and must
\fINOT\fR
be made available to anyone but the root user\&. To protect these passwords the smbpasswd file is placed in a directory with read and traverse access only to the root user and the smbpasswd file itself must be set to be read/write only by root, with no other access\&.
.RE
.PP
Account Flags
.RS 4
This section contains flags that describe the attributes of the users account\&. This field is bracketed by \*(Aq[\*(Aq and \*(Aq]\*(Aq characters and is always 13 characters in length (including the \*(Aq[\*(Aq and \*(Aq]\*(Aq characters)\&. The contents of this field may be any of the following characters:
.RS
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fIU\fR
\- This means this is a "User" account, i\&.e\&. an ordinary user\&.
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fIN\fR
\- This means the account has no password (the passwords in the fields LANMAN Password Hash and NT Password Hash are ignored)\&. Note that this will only allow users to log on with no password if the
\fI null passwords\fR
parameter is set in the
\fBsmb.conf\fR(5)
config file\&.
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fID\fR
\- This means the account is disabled and no SMB/CIFS logins will be allowed for this user\&.
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fIX\fR
\- This means the password does not expire\&.
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fIW\fR
\- This means this account is a "Workstation Trust" account\&. This kind of account is used in the Samba PDC code stream to allow Windows NT Workstations and Servers to join a Domain hosted by a Samba PDC\&.
.RE
.sp
.RE
Other flags may be added as the code is extended in future\&. The rest of this field space is filled in with spaces\&. For further information regarding the flags that are supported please refer to the man page for the
pdbedit
command\&.
.RE
.PP
Last Change Time
.RS 4
This field consists of the time the account was last modified\&. It consists of the characters \*(AqLCT\-\*(Aq (standing for "Last Change Time") followed by a numeric encoding of the UNIX time in seconds since the epoch (1970) that the last change was made\&.
.RE
.PP
All other colon separated fields are ignored at this time\&.
.SH "VERSION"
.PP
This man page is part of version 4\&.16\&.4 of the Samba suite\&.
.SH "SEE ALSO"
.PP
\fBsmbpasswd\fR(8),
\fBSamba\fR(7), and the Internet RFC1321 for details on the MD4 algorithm\&.
.SH "AUTHOR"
.PP
The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.

186
net/samba419/files/man/smbstatus.1 Normal file
View file

@ -0,0 +1,186 @@
'\" t
.\" Title: smbstatus
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Date: 08/09/2022
.\" Manual: User Commands
.\" Source: Samba 4.16.4
.\" Language: English
.\"
.TH "SMBSTATUS" "1" "08/09/2022" "Samba 4\&.16\&.4" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
smbstatus \- report on current Samba connections
.SH "SYNOPSIS"
.HP \w'\ 'u
smbstatus [\-p|\-\-processes] [\-v|\-\-verbose] [\-L|\-\-locks] [\-S|\-\-shares] [\-N|\-\-notify] [\-u|\-\-user=STRING] [\-b|\-\-brief] [\-P|\-\-profile] [\-R|\-\-profile\-rates] [\-B|\-\-byterange] [\-n|\-\-numeric] [\-f|\-\-fast] [\-\-resolve\-uids] [\-?|\-\-help] [\-\-usage] [\-d|\-\-debuglevel=DEBUGLEVEL] [\-\-debug\-stdout] [\-\-configfile=CONFIGFILE] [\-\-option=name=value] [\-l|\-\-log\-basename=LOGFILEBASE] [\-\-leak\-report] [\-\-leak\-report\-full]
.SH "DESCRIPTION"
.PP
This tool is part of the
\fBsamba\fR(7)
suite\&.
.PP
smbstatus
is a very simple program to list the current Samba connections\&.
.SH "OPTIONS"
.PP
\-P|\-\-profile
.RS 4
If samba has been compiled with the profiling option, print only the contents of the profiling shared memory area\&.
.RE
.PP
\-R|\-\-profile\-rates
.RS 4
If samba has been compiled with the profiling option, print the contents of the profiling shared memory area and the call rates\&.
.RE
.PP
\-b|\-\-brief
.RS 4
gives brief output\&.
.RE
.PP
\-v|\-\-verbose
.RS 4
gives verbose output\&.
.RE
.PP
\-L|\-\-locks
.RS 4
causes smbstatus to only list locks\&.
.RE
.PP
\-B|\-\-byterange
.RS 4
causes smbstatus to include byte range locks\&.
.RE
.PP
\-p|\-\-processes
.RS 4
print a list of
\fBsmbd\fR(8)
processes and exit\&. Useful for scripting\&.
.RE
.PP
\-S|\-\-shares
.RS 4
causes smbstatus to only list shares\&.
.RE
.PP
\-N|\-\-notify
.RS 4
causes smbstatus to display registered file notifications
.RE
.PP
\-f|\-\-fast
.RS 4
causes smbstatus to not check if the status data is valid by checking if the processes that the status data refer to all still exist\&. This speeds up execution on busy systems and clusters but might display stale data of processes that died without cleaning up properly\&.
.RE
.PP
\-u|\-\-user=<username>
.RS 4
selects information relevant to
\fIusername\fR
only\&.
.RE
.PP
\-n|\-\-numeric
.RS 4
causes smbstatus to display numeric UIDs and GIDs instead of resolving them to names\&.
.RE
.PP
\-?|\-\-help
.RS 4
Print a summary of command line options\&.
.RE
.PP
\-\-usage
.RS 4
Display brief usage message\&.
.RE
.PP
\-d|\-\-debuglevel=DEBUGLEVEL
.RS 4
\fIlevel\fR
is an integer from 0 to 10\&. The default value if this parameter is not specified is 1 for client applications\&.
.sp
The higher this value, the more detail will be logged to the log files about the activities of the server\&. At level 0, only critical errors and serious warnings will be logged\&. Level 1 is a reasonable level for day\-to\-day running \- it generates a small amount of information about operations carried out\&.
.sp
Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&.
.sp
Note that specifying this parameter here will override the
\m[blue]\fBlog level\fR\m[]
parameter in the
smb\&.conf
file\&.
.RE
.PP
\-\-debug\-stdout
.RS 4
This will redirect debug output to STDOUT\&. By default all clients are logging to STDERR\&.
.RE
.PP
\-\-configfile=<configuration file>
.RS 4
The file specified contains the configuration details required by the client\&. The information in this file can be general for client and server or only provide client specific like options such as
\m[blue]\fBclient smb encrypt\fR\m[]\&. See
smb\&.conf
for more information\&. The default configuration file name is determined at compile time\&.
.RE
.PP
\-\-option=<name>=<value>
.RS 4
Set the
\fBsmb.conf\fR(5)
option "<name>" to value "<value>" from the command line\&. This overrides compiled\-in defaults and options read from the configuration file\&. If a name or a value includes a space, wrap whole \-\-option=name=value into quotes\&.
.RE
.PP
\-l|\-\-log\-basename=logdirectory
.RS 4
Base directory name for log/debug files\&. The extension
\fB"\&.progname"\fR
will be appended (e\&.g\&. log\&.smbclient, log\&.smbd, etc\&.\&.\&.)\&. The log file is never removed by the client\&.
.RE
.PP
\-\-leak\-report
.RS 4
Enable talloc leak reporting on exit\&.
.RE
.PP
\-\-leak\-report\-full
.RS 4
Enable full talloc leak reporting on exit\&.
.RE
.PP
\-V|\-\-version
.RS 4
Prints the program version number\&.
.RE
.SH "VERSION"
.PP
This man page is part of version 4\&.16\&.4 of the Samba suite\&.
.SH "SEE ALSO"
.PP
\fBsmbd\fR(8)
and
\fBsmb.conf\fR(5)\&.
.SH "AUTHOR"
.PP
The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.

163
net/samba419/files/man/smbtar.1 Normal file
View file

@ -0,0 +1,163 @@
'\" t
.\" Title: smbtar
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Date: 08/09/2022
.\" Manual: User Commands
.\" Source: Samba 4.16.4
.\" Language: English
.\"
.TH "SMBTAR" "1" "08/09/2022" "Samba 4\&.16\&.4" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
smbtar \- shell script for backing up SMB/CIFS shares directly to UNIX tape drives
.SH "SYNOPSIS"
.HP \w'\ 'u
smbtar [\-r] [\-i] [\-a] [\-v] {\-s\ server} [\-p\ password] [\-x\ services] [\-X] [\-N\ filename] [\-b\ blocksize] [\-d\ directory] [\-l\ loglevel] [\-u\ user] [\-t\ tape] {filenames}
.SH "DESCRIPTION"
.PP
This tool is part of the
\fBsamba\fR(7)
suite\&.
.PP
smbtar
is a very small shell script on top of
\fBsmbclient\fR(1)
which dumps SMB shares directly to tape\&.
.SH "OPTIONS"
.PP
\-s server
.RS 4
The SMB/CIFS server that the share resides upon\&.
.RE
.PP
\-x service
.RS 4
The share name on the server to connect to\&. The default is "backup"\&.
.RE
.PP
\-X
.RS 4
Exclude mode\&. Exclude filenames\&.\&.\&. from tar create or restore\&.
.RE
.PP
\-d directory
.RS 4
Change to initial
\fIdirectory \fR
before restoring / backing up files\&.
.RE
.PP
\-v
.RS 4
Verbose mode\&.
.RE
.PP
\-p password
.RS 4
The password to use to access a share\&. Default: none
.RE
.PP
\-u user
.RS 4
The user id to connect as\&. Default: UNIX login name\&.
.RE
.PP
\-a
.RS 4
Reset DOS archive bit mode to indicate file has been archived\&.
.RE
.PP
\-t tape
.RS 4
Tape device\&. May be regular file or tape device\&. Default:
\fI$TAPE\fR
environmental variable; if not set, a file called
tar\&.out\&.
.RE
.PP
\-b blocksize
.RS 4
Blocking factor\&. Defaults to 20\&. See
tar(1)
for a fuller explanation\&.
.RE
.PP
\-N filename
.RS 4
Backup only files newer than filename\&. Could be used (for example) on a log file to implement incremental backups\&.
.RE
.PP
\-i
.RS 4
Incremental mode; tar files are only backed up if they have the archive bit set\&. The archive bit is reset after each file is read\&.
.RE
.PP
\-r
.RS 4
Restore\&. Files are restored to the share from the tar file\&.
.RE
.PP
\-l log level
.RS 4
Log (debug) level\&. Corresponds to the
\fI\-d\fR
flag of
\fBsmbclient\fR(1)\&.
.RE
.SH "ENVIRONMENT VARIABLES"
.PP
The
\fI$TAPE\fR
variable specifies the default tape device to write to\&. May be overridden with the \-t option\&.
.SH "BUGS"
.PP
The
smbtar
script has different options from ordinary tar and from smbclient\*(Aqs tar command\&.
.SH "CAVEATS"
.PP
Sites that are more careful about security may not like the way the script handles PC passwords\&. Backup and restore work on entire shares; should work on file lists\&. smbtar works best with GNU tar and may not work well with other versions\&.
.SH "DIAGNOSTICS"
.PP
See the
\fIDIAGNOSTICS\fR
section for the
\fBsmbclient\fR(1)
command\&.
.SH "VERSION"
.PP
This man page is part of version 4\&.16\&.4 of the Samba suite\&.
.SH "SEE ALSO"
.PP
\fBsmbd\fR(8),
\fBsmbclient\fR(1),
\fBsmb.conf\fR(5)\&.
.SH "AUTHOR"
.PP
The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
.PP
Ricky Poulten
wrote the tar extension and this man page\&. The
smbtar
script was heavily rewritten and improved by
Martin Kraemer\&. Many thanks to everyone who suggested extensions, improvements, bug fixes, etc\&. The man page sources were converted to YODL format (another excellent piece of Open Source software, available at
ftp://ftp\&.icce\&.rug\&.nl/pub/unix/) and updated for the Samba 2\&.0 release by Jeremy Allison\&. The conversion to DocBook for Samba 2\&.2 was done by Gerald Carter\&. The conversion to DocBook XML 4\&.2 for Samba 3\&.0 was done by Alexander Bokovoy\&.

362
net/samba419/files/man/smbtorture.1 Normal file
View file

@ -0,0 +1,362 @@
'\" t
.\" Title: smbtorture
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Date: 08/09/2022
.\" Manual: Test Suite
.\" Source: Samba 4.0
.\" Language: English
.\"
.TH "SMBTORTURE" "1" "08/09/2022" "Samba 4\&.0" "Test Suite"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
smbtorture \- Run a series of tests against a SMB server
.SH "SYNOPSIS"
.HP \w'\fBsmbtorture\fR\ 'u
\fBsmbtorture\fR {//server/share} [\-d\ debuglevel] [\-U\ user%pass] [\-k] [\-N\ numprocs] [\-n\ netbios_name] [\-W\ workgroup] [\-e\ num\ files(entries)] [\-O\ socket_options] [\-m\ maximum_protocol] [\-L] [\-c\ CLIENT\&.TXT] [\-t\ timelimit] [\-C\ filename] [\-A] [\-p\ port] [\-s\ seed] [\-f\ max_failures] [\-X] {BINDING\-STRING|UNC} {TEST1} [TEST2] [\&.\&.\&.]
.SH "DESCRIPTION"
.PP
smbtorture is a testsuite that runs several tests against a SMB server\&. All tests are known to succeed against a Windows 2003 server (?)\&. Smbtorture\*(Aqs primary goal is finding differences in implementations of the SMB protocol and testing SMB servers\&.
.PP
Any number of tests can be specified on the command\-line\&. If no tests are specified, all tests are run\&.
.PP
If no arguments are specified at all, all available options and tests are listed\&.
.SS "Binding string format"
.PP
The binding string format is:
.PP
TRANSPORT:host[flags]
.PP
Where TRANSPORT is either ncacn_np for SMB, ncacn_ip_tcp for RPC/TCP or ncalrpc for local connections\&.
.PP
\*(Aqhost\*(Aq is an IP or hostname or netbios name\&. If the binding string identifies the server side of an endpoint, \*(Aqhost\*(Aq may be an empty string\&.
.PP
\*(Aqflags\*(Aq can include a SMB pipe name if using the ncacn_np transport or a TCP port number if using the ncacn_ip_tcp transport, otherwise they will be auto\-determined\&.
.PP
other recognised flags are:
.PP
sign
.RS 4
enable ntlmssp signing
.RE
.PP
seal
.RS 4
enable ntlmssp sealing
.RE
.PP
connect
.RS 4
enable rpc connect level auth (auth, but no sign or seal)
.RE
.PP
validate
.RS 4
enable the NDR validator
.RE
.PP
print
.RS 4
enable debugging of the packets
.RE
.PP
bigendian
.RS 4
use bigendian RPC
.RE
.PP
padcheck
.RS 4
check reply data for non\-zero pad bytes
.RE
.PP
For example, these all connect to the samr pipe:
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
ncacn_np:myserver
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
ncacn_np:myserver[samr]
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
ncacn_np:myserver[\e\epipe\e\esamr]
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
ncacn_np:myserver[/pipe/samr]
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
ncacn_np:myserver[samr,sign,print]
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
ncacn_np:myserver[\e\epipe\e\esamr,sign,seal,bigendian]
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
ncacn_np:myserver[/pipe/samr,seal,validate]
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
ncacn_np:
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
ncacn_np:[/pipe/samr]
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
ncacn_ip_tcp:myserver
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
ncacn_ip_tcp:myserver[1024]
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
ncacn_ip_tcp:myserver[1024,sign,seal]
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
ncalrpc:
.RE
.SS "UNC Format"
.PP
The UNC format is:
.PP
//server/share
.SH "OPTIONS"
.PP
\-d debuglevel
.RS 4
Use the specified Samba debug level\&. A higher debug level means more output\&.
.RE
.PP
\-U user%pass
.RS 4
Use the specified username/password combination when logging in to a remote server\&.
.RE
.PP
\-k
.RS 4
Use kerberos when authenticating\&.
.RE
.PP
\-W workgroup
.RS 4
Use specified name as our workgroup name\&.
.RE
.PP
\-n netbios_name
.RS 4
Use specified name as our NetBIOS name\&.
.RE
.PP
\-O socket_options
.RS 4
Use specified socket options, equivalent of the smb\&.conf option
\(lqsocket options\(rq\&. See the smb\&.conf(5) manpage for details\&.
.RE
.PP
\-m max_protocol
.RS 4
Specify the maximum SMB dialect that should be used\&. Possible values are: CORE, COREPLUS, LANMAN1, LANMAN2, NT1
.RE
.PP
\-s seed
.RS 4
Initialize the randomizer using
\fIseed\fR
as seed\&.
.RE
.PP
\-L
.RS 4
Use oplocks\&.
.RE
.PP
\-X
.RS 4
Enable dangerous tests\&. Use with care! This might crash your server\&.\&.\&.
.RE
.PP
\-t timelimit
.RS 4
Specify the NBENCH time limit in seconds\&. Defaults to 600\&.
.RE
.PP
\-p ports
.RS 4
Specify ports to connect to\&.
.RE
.PP
\-c file
.RS 4
Read NBENCH commands from
\fIfile\fR
instead of from CLIENT\&.TXT\&.
.RE
.PP
\-A
.RS 4
Show not just OK or FAILED but more detailed output\&. Used only by DENY test at the moment\&.
.RE
.PP
\-C filename
.RS 4
Load a list of UNC names from the specified filename\&. Smbtorture instances will connect to a random host from this list\&.
.RE
.PP
\-N numprocs
.RS 4
Specify number of smbtorture processes to launch\&.
.RE
.PP
\-e num_files
.RS 4
Number of entries to use in certain tests (such as creating X files) (default: 1000)\&.
.RE
.PP
\-f max_failures
.RS 4
Number of failures before aborting a test (default: 1)\&.
.RE
.SH "VERSION"
.PP
This man page is correct for version 4\&.0 of the Samba suite\&.
.SH "SEE ALSO"
.PP
Samba
.SH "AUTHOR"
.PP
This utility is part of the
\m[blue]\fBSamba\fR\m[]\&\s-2\u[1]\d\s+2
suite, which is developed by the global
\m[blue]\fBSamba Team\fR\m[]\&\s-2\u[2]\d\s+2\&.
.PP
smbtorture was written by Andrew Tridgell\&.
.PP
This manpage was written by Jelmer Vernooij\&.
.SH "NOTES"
.IP " 1." 4
Samba
.RS 4
\%http://www.samba.org/
.RE
.IP " 2." 4
Samba Team
.RS 4
\%http://www.samba.org/samba/team/
.RE

252
net/samba419/files/man/smbtree.1 Normal file
View file

@ -0,0 +1,252 @@
'\" t
.\" Title: smbtree
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Date: 08/09/2022
.\" Manual: User Commands
.\" Source: Samba 4.16.4
.\" Language: English
.\"
.TH "SMBTREE" "1" "08/09/2022" "Samba 4\&.16\&.4" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
smbtree \- A text based smb network browser
.SH "SYNOPSIS"
.HP \w'\ 'u
smbtree [\-D|\-\-domains] [\-S|\-\-servers] [\-?|\-\-help] [\-\-usage] [\-d|\-\-debuglevel=DEBUGLEVEL] [\-\-debug\-stdout] [\-\-configfile=CONFIGFILE] [\-\-option=name=value] [\-l|\-\-log\-basename=LOGFILEBASE] [\-\-leak\-report] [\-\-leak\-report\-full] [\-U|\-\-user=[DOMAIN/]USERNAME[%PASSWORD]] [\-N|\-\-no\-pass] [\-\-password=STRING] [\-\-pw\-nt\-hash] [\-A|\-\-authentication\-file=FILE] [\-P|\-\-machine\-pass] [\-\-simple\-bind\-dn=DN] [\-\-use\-kerberos=desired|required|off] [\-\-use\-krb5\-ccache=CCACHE] [\-\-use\-winbind\-ccache] [\-\-client\-protection=sign|encrypt|off] [\-V|\-\-version]
.SH "DESCRIPTION"
.PP
This tool is part of the
\fBsamba\fR(7)
suite\&.
.PP
smbtree
is a smb browser program in text mode\&. It is similar to the "Network Neighborhood" found on Windows computers\&. It prints a tree with all the known domains, the servers in those domains and the shares on the servers\&.
.SH "OPTIONS"
.PP
\-D|\-\-domains
.RS 4
Only print a list of all the domains known on broadcast or by the master browser
.RE
.PP
\-S|\-\-servers
.RS 4
Only print a list of all the domains and servers responding on broadcast or known by the master browser\&.
.RE
.PP
\-?|\-\-help
.RS 4
Print a summary of command line options\&.
.RE
.PP
\-\-usage
.RS 4
Display brief usage message\&.
.RE
.PP
\-d|\-\-debuglevel=DEBUGLEVEL
.RS 4
\fIlevel\fR
is an integer from 0 to 10\&. The default value if this parameter is not specified is 1 for client applications\&.
.sp
The higher this value, the more detail will be logged to the log files about the activities of the server\&. At level 0, only critical errors and serious warnings will be logged\&. Level 1 is a reasonable level for day\-to\-day running \- it generates a small amount of information about operations carried out\&.
.sp
Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&.
.sp
Note that specifying this parameter here will override the
\m[blue]\fBlog level\fR\m[]
parameter in the
smb\&.conf
file\&.
.RE
.PP
\-\-debug\-stdout
.RS 4
This will redirect debug output to STDOUT\&. By default all clients are logging to STDERR\&.
.RE
.PP
\-\-configfile=<configuration file>
.RS 4
The file specified contains the configuration details required by the client\&. The information in this file can be general for client and server or only provide client specific like options such as
\m[blue]\fBclient smb encrypt\fR\m[]\&. See
smb\&.conf
for more information\&. The default configuration file name is determined at compile time\&.
.RE
.PP
\-\-option=<name>=<value>
.RS 4
Set the
\fBsmb.conf\fR(5)
option "<name>" to value "<value>" from the command line\&. This overrides compiled\-in defaults and options read from the configuration file\&. If a name or a value includes a space, wrap whole \-\-option=name=value into quotes\&.
.RE
.PP
\-l|\-\-log\-basename=logdirectory
.RS 4
Base directory name for log/debug files\&. The extension
\fB"\&.progname"\fR
will be appended (e\&.g\&. log\&.smbclient, log\&.smbd, etc\&.\&.\&.)\&. The log file is never removed by the client\&.
.RE
.PP
\-\-leak\-report
.RS 4
Enable talloc leak reporting on exit\&.
.RE
.PP
\-\-leak\-report\-full
.RS 4
Enable full talloc leak reporting on exit\&.
.RE
.PP
\-V|\-\-version
.RS 4
Prints the program version number\&.
.RE
.PP
\-U|\-\-user=[DOMAIN\e]USERNAME[%PASSWORD]
.RS 4
Sets the SMB username or username and password\&.
.sp
If %PASSWORD is not specified, the user will be prompted\&. The client will first check the
\fBUSER\fR
environment variable (which is also permitted to also contain the password seperated by a %), then the
\fBLOGNAME\fR
variable (which is not permitted to contain a password) and if either exists, the value is used\&. If these environmental variables are not found, the username found in a Kerberos Credentials cache may be used\&.
.sp
A third option is to use a credentials file which contains the plaintext of the username and password\&. This option is mainly provided for scripts where the admin does not wish to pass the credentials on the command line or via environment variables\&. If this method is used, make certain that the permissions on the file restrict access from unwanted users\&. See the
\fI\-A\fR
for more details\&.
.sp
Be cautious about including passwords in scripts or passing user\-supplied values onto the command line\&. For security it is better to let the Samba client tool ask for the password if needed, or obtain the password once with
kinit\&.
.sp
While Samba will attempt to scrub the password from the process title (as seen in ps), this is after startup and so is subject to a race\&.
.RE
.PP
\-N|\-\-no\-pass
.RS 4
If specified, this parameter suppresses the normal password prompt from the client to the user\&. This is useful when accessing a service that does not require a password\&.
.sp
Unless a password is specified on the command line or this parameter is specified, the client will request a password\&.
.sp
If a password is specified on the command line and this option is also defined the password on the command line will be silently ignored and no password will be used\&.
.RE
.PP
\-\-password
.RS 4
Specify the password on the commandline\&.
.sp
Be cautious about including passwords in scripts or passing user\-supplied values onto the command line\&. For security it is better to let the Samba client tool ask for the password if needed, or obtain the password once with
kinit\&.
.sp
If \-\-password is not specified, the tool will check the
\fBPASSWD\fR
environment variable, followed by
\fBPASSWD_FD\fR
which is expected to contain an open file descriptor (FD) number\&.
.sp
Finally it will check
\fBPASSWD_FILE\fR
(containing a file path to be opened)\&. The file should only contain the password\&. Make certain that the permissions on the file restrict access from unwanted users!
.sp
While Samba will attempt to scrub the password from the process title (as seen in ps), this is after startup and so is subject to a race\&.
.RE
.PP
\-\-pw\-nt\-hash
.RS 4
The supplied password is the NT hash\&.
.RE
.PP
\-A|\-\-authentication\-file=filename
.RS 4
This option allows you to specify a file from which to read the username and password used in the connection\&. The format of the file is:
.sp
.if n \{\
.RS 4
.\}
.nf
username = <value>
password = <value>
domain = <value>
.fi
.if n \{\
.RE
.\}
.sp
Make certain that the permissions on the file restrict access from unwanted users!
.RE
.PP
\-P|\-\-machine\-pass
.RS 4
Use stored machine account password\&.
.RE
.PP
\-\-simple\-bind\-dn=DN
.RS 4
DN to use for a simple bind\&.
.RE
.PP
\-\-use\-kerberos=desired|required|off
.RS 4
This parameter determines whether Samba client tools will try to authenticate using Kerberos\&. For Kerberos authentication you need to use dns names instead of IP addresses when connnecting to a service\&.
.sp
Note that specifying this parameter here will override the
\m[blue]\fBclient use kerberos\fR\m[]
parameter in the
smb\&.conf
file\&.
.RE
.PP
\-\-use\-krb5\-ccache=CCACHE
.RS 4
Specifies the credential cache location for Kerberos authentication\&.
.sp
This will set \-\-use\-kerberos=required too\&.
.RE
.PP
\-\-use\-winbind\-ccache
.RS 4
Try to use the credential cache by winbind\&.
.RE
.PP
\-\-client\-protection=sign|encrypt|off
.RS 4
Sets the connection protection the client tool should use\&.
.sp
Note that specifying this parameter here will override the
\m[blue]\fBclient protection\fR\m[]
parameter in the
smb\&.conf
file\&.
.sp
In case you need more fine grained control you can use:
\-\-option=clientsmbencrypt=OPTION,
\-\-option=clientipcsigning=OPTION,
\-\-option=clientsigning=OPTION\&.
.RE
.SH "VERSION"
.PP
This man page is part of version 4\&.16\&.4 of the Samba suite\&.
.SH "AUTHOR"
.PP
The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
.PP
The smbtree man page was written by Jelmer Vernooij\&.

683
net/samba419/files/man/talloc.3 Normal file
View file

@ -0,0 +1,683 @@
'\" t
.\" Title: talloc
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
.\" Date: 2015-04-10
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
.TH "TALLOC" "3" "2015\-04\-10" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
talloc \- hierarchical reference counted memory pool system with destructors
.SH "SYNOPSIS"
.sp
.nf
#include <talloc\&.h>
.fi
.SH "DESCRIPTION"
.PP
If you are used to talloc from Samba3 then please read this carefully, as talloc has changed a lot\&.
.PP
The new talloc is a hierarchical, reference counted memory pool system with destructors\&. Quite a mouthful really, but not too bad once you get used to it\&.
.PP
Perhaps the biggest change from Samba3 is that there is no distinction between a "talloc context" and a "talloc pointer"\&. Any pointer returned from talloc() is itself a valid talloc context\&. This means you can do this:
.sp
.if n \{\
.RS 4
.\}
.nf
struct foo *X = talloc(mem_ctx, struct foo);
X\->name = talloc_strdup(X, "foo");
.fi
.if n \{\
.RE
.\}
.PP
and the pointer
X\->name
would be a "child" of the talloc context
X
which is itself a child of
mem_ctx\&. So if you do
talloc_free(mem_ctx)
then it is all destroyed, whereas if you do
talloc_free(X)
then just
X
and
X\->name
are destroyed, and if you do
talloc_free(X\->name)
then just the name element of
X
is destroyed\&.
.PP
If you think about this, then what this effectively gives you is an n\-ary tree, where you can free any part of the tree with talloc_free()\&.
.PP
If you find this confusing, then I suggest you run the
testsuite
program to watch talloc in action\&. You may also like to add your own tests to
testsuite\&.c
to clarify how some particular situation is handled\&.
.SH "TALLOC API"
.PP
The following is a complete guide to the talloc API\&. Read it all at least twice\&.
.SS "(type *)talloc(const void *ctx, type);"
.PP
The talloc() macro is the core of the talloc library\&. It takes a memory
\fIctx\fR
and a
\fItype\fR, and returns a pointer to a new area of memory of the given
\fItype\fR\&.
.PP
The returned pointer is itself a talloc context, so you can use it as the
\fIctx\fR
argument to more calls to talloc() if you wish\&.
.PP
The returned pointer is a "child" of the supplied context\&. This means that if you talloc_free() the
\fIctx\fR
then the new child disappears as well\&. Alternatively you can free just the child\&.
.PP
The
\fIctx\fR
argument to talloc() can be NULL, in which case a new top level context is created\&.
.SS "void *talloc_size(const void *ctx, size_t size);"
.PP
The function talloc_size() should be used when you don\*(Aqt have a convenient type to pass to talloc()\&. Unlike talloc(), it is not type safe (as it returns a void *), so you are on your own for type checking\&.
.SS "(typeof(ptr)) talloc_ptrtype(const void *ctx, ptr);"
.PP
The talloc_ptrtype() macro should be used when you have a pointer and want to allocate memory to point at with this pointer\&. When compiling with gcc >= 3 it is typesafe\&. Note this is a wrapper of talloc_size() and talloc_get_name() will return the current location in the source file\&. and not the type\&.
.SS "int talloc_free(void *ptr);"
.PP
The talloc_free() function frees a piece of talloc memory, and all its children\&. You can call talloc_free() on any pointer returned by talloc()\&.
.PP
The return value of talloc_free() indicates success or failure, with 0 returned for success and \-1 for failure\&. The only possible failure condition is if
\fIptr\fR
had a destructor attached to it and the destructor returned \-1\&. See
\(lqtalloc_set_destructor()\(rq
for details on destructors\&.
.PP
If this pointer has an additional parent when talloc_free() is called then the memory is not actually released, but instead the most recently established parent is destroyed\&. See
\(lqtalloc_reference()\(rq
for details on establishing additional parents\&.
.PP
For more control on which parent is removed, see
\(lqtalloc_unlink()\(rq\&.
.PP
talloc_free() operates recursively on its children\&.
.PP
From the 2\&.0 version of talloc, as a special case, talloc_free() is refused on pointers that have more than one parent, as talloc would have no way of knowing which parent should be removed\&. To free a pointer that has more than one parent please use talloc_unlink()\&.
.PP
To help you find problems in your code caused by this behaviour, if you do try and free a pointer with more than one parent then the talloc logging function will be called to give output like this:
.PP
.sp
.if n \{\
.RS 4
.\}
.nf
ERROR: talloc_free with references at some_dir/source/foo\&.c:123
reference at some_dir/source/other\&.c:325
reference at some_dir/source/third\&.c:121
.fi
.if n \{\
.RE
.\}
.PP
Please see the documentation for talloc_set_log_fn() and talloc_set_log_stderr() for more information on talloc logging functions\&.
.SS "void *talloc_reference(const void *ctx, const void *ptr);"
.PP
The talloc_reference() function makes
\fIctx\fR
an additional parent of
\fIptr\fR\&.
.PP
The return value of talloc_reference() is always the original pointer
\fIptr\fR, unless talloc ran out of memory in creating the reference in which case it will return NULL (each additional reference consumes around 48 bytes of memory on intel x86 platforms)\&.
.PP
If
\fIptr\fR
is NULL, then the function is a no\-op, and simply returns NULL\&.
.PP
After creating a reference you can free it in one of the following ways:
.PP
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
you can talloc_free() any parent of the original pointer\&. That will reduce the number of parents of this pointer by 1, and will cause this pointer to be freed if it runs out of parents\&.
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
you can talloc_free() the pointer itself if it has at maximum one parent\&. This behaviour has been changed since the release of version 2\&.0\&. Further informations in the description of "talloc_free"\&.
.RE
.PP
For more control on which parent to remove, see
\(lqtalloc_unlink()\(rq\&.
.SS "int talloc_unlink(const void *ctx, void *ptr);"
.PP
The talloc_unlink() function removes a specific parent from
\fIptr\fR\&. The
\fIctx\fR
passed must either be a context used in talloc_reference() with this pointer, or must be a direct parent of ptr\&.
.PP
Note that if the parent has already been removed using talloc_free() then this function will fail and will return \-1\&. Likewise, if
\fIptr\fR
is NULL, then the function will make no modifications and return \-1\&.
.PP
Usually you can just use talloc_free() instead of talloc_unlink(), but sometimes it is useful to have the additional control on which parent is removed\&.
.SS "void talloc_set_destructor(const void *ptr, int (*destructor)(void *));"
.PP
The function talloc_set_destructor() sets the
\fIdestructor\fR
for the pointer
\fIptr\fR\&. A
\fIdestructor\fR
is a function that is called when the memory used by a pointer is about to be released\&. The destructor receives
\fIptr\fR
as an argument, and should return 0 for success and \-1 for failure\&.
.PP
The
\fIdestructor\fR
can do anything it wants to, including freeing other pieces of memory\&. A common use for destructors is to clean up operating system resources (such as open file descriptors) contained in the structure the destructor is placed on\&.
.PP
You can only place one destructor on a pointer\&. If you need more than one destructor then you can create a zero\-length child of the pointer and place an additional destructor on that\&.
.PP
To remove a destructor call talloc_set_destructor() with NULL for the destructor\&.
.PP
If your destructor attempts to talloc_free() the pointer that it is the destructor for then talloc_free() will return \-1 and the free will be ignored\&. This would be a pointless operation anyway, as the destructor is only called when the memory is just about to go away\&.
.SS "int talloc_increase_ref_count(const void *\fIptr\fR);"
.PP
The talloc_increase_ref_count(\fIptr\fR) function is exactly equivalent to:
.sp
.if n \{\
.RS 4
.\}
.nf
talloc_reference(NULL, ptr);
.fi
.if n \{\
.RE
.\}
.PP
You can use either syntax, depending on which you think is clearer in your code\&.
.PP
It returns 0 on success and \-1 on failure\&.
.SS "size_t talloc_reference_count(const void *\fIptr\fR);"
.PP
Return the number of references to the pointer\&.
.SS "void talloc_set_name(const void *ptr, const char *fmt, \&.\&.\&.);"
.PP
Each talloc pointer has a "name"\&. The name is used principally for debugging purposes, although it is also possible to set and get the name on a pointer in as a way of "marking" pointers in your code\&.
.PP
The main use for names on pointer is for "talloc reports"\&. See
\(lqtalloc_report_depth_cb()\(rq,
\(lqtalloc_report_depth_file()\(rq,
\(lqtalloc_report()\(rq
\(lqtalloc_report()\(rq
and
\(lqtalloc_report_full()\(rq
for details\&. Also see
\(lqtalloc_enable_leak_report()\(rq
and
\(lqtalloc_enable_leak_report_full()\(rq\&.
.PP
The talloc_set_name() function allocates memory as a child of the pointer\&. It is logically equivalent to:
.sp
.if n \{\
.RS 4
.\}
.nf
talloc_set_name_const(ptr, talloc_asprintf(ptr, fmt, \&.\&.\&.));
.fi
.if n \{\
.RE
.\}
.PP
Note that multiple calls to talloc_set_name() will allocate more memory without releasing the name\&. All of the memory is released when the ptr is freed using talloc_free()\&.
.SS "void talloc_set_name_const(const void *\fIptr\fR, const char *\fIname\fR);"
.PP
The function talloc_set_name_const() is just like talloc_set_name(), but it takes a string constant, and is much faster\&. It is extensively used by the "auto naming" macros, such as talloc_p()\&.
.PP
This function does not allocate any memory\&. It just copies the supplied pointer into the internal representation of the talloc ptr\&. This means you must not pass a
\fIname\fR
pointer to memory that will disappear before
\fIptr\fR
is freed with talloc_free()\&.
.SS "void *talloc_named(const void *\fIctx\fR, size_t \fIsize\fR, const char *\fIfmt\fR, \&.\&.\&.);"
.PP
The talloc_named() function creates a named talloc pointer\&. It is equivalent to:
.sp
.if n \{\
.RS 4
.\}
.nf
ptr = talloc_size(ctx, size);
talloc_set_name(ptr, fmt, \&.\&.\&.\&.);
.fi
.if n \{\
.RE
.\}
.SS "void *talloc_named_const(const void *\fIctx\fR, size_t \fIsize\fR, const char *\fIname\fR);"
.PP
This is equivalent to:
.sp
.if n \{\
.RS 4
.\}
.nf
ptr = talloc_size(ctx, size);
talloc_set_name_const(ptr, name);
.fi
.if n \{\
.RE
.\}
.SS "const char *talloc_get_name(const void *\fIptr\fR);"
.PP
This returns the current name for the given talloc pointer,
\fIptr\fR\&. See
\(lqtalloc_set_name()\(rq
for details\&.
.SS "void *talloc_init(const char *\fIfmt\fR, \&.\&.\&.);"
.PP
This function creates a zero length named talloc context as a top level context\&. It is equivalent to:
.sp
.if n \{\
.RS 4
.\}
.nf
talloc_named(NULL, 0, fmt, \&.\&.\&.);
.fi
.if n \{\
.RE
.\}
.SS "void *talloc_new(void *\fIctx\fR);"
.PP
This is a utility macro that creates a new memory context hanging off an existing context, automatically naming it "talloc_new: __location__" where __location__ is the source line it is called from\&. It is particularly useful for creating a new temporary working context\&.
.SS "(\fItype\fR *)talloc_realloc(const void *\fIctx\fR, void *\fIptr\fR, \fItype\fR, \fIcount\fR);"
.PP
The talloc_realloc() macro changes the size of a talloc pointer\&. It has the following equivalences:
.sp
.if n \{\
.RS 4
.\}
.nf
talloc_realloc(ctx, NULL, type, 1) ==> talloc(ctx, type);
talloc_realloc(ctx, ptr, type, 0) ==> talloc_free(ptr);
.fi
.if n \{\
.RE
.\}
.PP
The
\fIctx\fR
argument is only used if
\fIptr\fR
is not NULL, otherwise it is ignored\&.
.PP
talloc_realloc() returns the new pointer, or NULL on failure\&. The call will fail either due to a lack of memory, or because the pointer has more than one parent (see
\(lqtalloc_reference()\(rq)\&.
.SS "void *talloc_realloc_size(const void *ctx, void *ptr, size_t size);"
.PP
the talloc_realloc_size() function is useful when the type is not known so the type\-safe talloc_realloc() cannot be used\&.
.SS "TYPE *talloc_steal(const void *\fInew_ctx\fR, const TYPE *\fIptr\fR);"
.PP
The talloc_steal() function changes the parent context of a talloc pointer\&. It is typically used when the context that the pointer is currently a child of is going to be freed and you wish to keep the memory for a longer time\&.
.PP
The talloc_steal() function returns the pointer that you pass it\&. It does not have any failure modes\&.
.PP
It is possible to produce loops in the parent/child relationship if you are not careful with talloc_steal()\&. No guarantees are provided as to your sanity or the safety of your data if you do this\&.
.PP
Note that if you try and call talloc_steal() on a pointer that has more than one parent then the result is ambiguous\&. Talloc will choose to remove the parent that is currently indicated by talloc_parent() and replace it with the chosen parent\&. You will also get a message like this via the talloc logging functions:
.PP
.sp
.if n \{\
.RS 4
.\}
.nf
WARNING: talloc_steal with references at some_dir/source/foo\&.c:123
reference at some_dir/source/other\&.c:325
reference at some_dir/source/third\&.c:121
.fi
.if n \{\
.RE
.\}
.PP
To unambiguously change the parent of a pointer please see the function
\(lqtalloc_reparent()\(rq\&. See the talloc_set_log_fn() documentation for more information on talloc logging\&.
.SS "TYPE *talloc_reparent(const void *\fIold_parent\fR, const void *\fInew_parent\fR, const TYPE *\fIptr\fR);"
.PP
The talloc_reparent() function changes the parent context of a talloc pointer\&. It is typically used when the context that the pointer is currently a child of is going to be freed and you wish to keep the memory for a longer time\&.
.PP
The talloc_reparent() function returns the pointer that you pass it\&. It does not have any failure modes\&.
.PP
The difference between talloc_reparent() and talloc_steal() is that talloc_reparent() can specify which parent you wish to change\&. This is useful when a pointer has multiple parents via references\&.
.SS "TYPE *talloc_move(const void *\fInew_ctx\fR, TYPE **\fIptr\fR);"
.PP
The talloc_move() function is a wrapper around talloc_steal() which zeros the source pointer after the move\&. This avoids a potential source of bugs where a programmer leaves a pointer in two structures, and uses the pointer from the old structure after it has been moved to a new one\&.
.SS "size_t talloc_total_size(const void *\fIptr\fR);"
.PP
The talloc_total_size() function returns the total size in bytes used by this pointer and all child pointers\&. Mostly useful for debugging\&.
.PP
Passing NULL is allowed, but it will only give a meaningful result if talloc_enable_leak_report() or talloc_enable_leak_report_full() has been called\&.
.SS "size_t talloc_total_blocks(const void *\fIptr\fR);"
.PP
The talloc_total_blocks() function returns the total memory block count used by this pointer and all child pointers\&. Mostly useful for debugging\&.
.PP
Passing NULL is allowed, but it will only give a meaningful result if talloc_enable_leak_report() or talloc_enable_leak_report_full() has been called\&.
.SS "void talloc_report(const void *ptr, FILE *f);"
.PP
The talloc_report() function prints a summary report of all memory used by
\fIptr\fR\&. One line of report is printed for each immediate child of ptr, showing the total memory and number of blocks used by that child\&.
.PP
You can pass NULL for the pointer, in which case a report is printed for the top level memory context, but only if talloc_enable_leak_report() or talloc_enable_leak_report_full() has been called\&.
.SS "void talloc_report_full(const void *\fIptr\fR, FILE *\fIf\fR);"
.PP
This provides a more detailed report than talloc_report()\&. It will recursively print the entire tree of memory referenced by the pointer\&. References in the tree are shown by giving the name of the pointer that is referenced\&.
.PP
You can pass NULL for the pointer, in which case a report is printed for the top level memory context, but only if talloc_enable_leak_report() or talloc_enable_leak_report_full() has been called\&.
.SS ""
.HP \w'void\ talloc_report_depth_cb('u
.BI "void talloc_report_depth_cb(" "const\ void\ *ptr" ", " "int\ depth" ", " "int\ max_depth" ", " "void\ (*callback)(const\ void\ *ptr,\ int\ depth,\ int\ max_depth,\ int\ is_ref,\ void\ *priv)" ", " "void\ *priv" ");"
.PP
This provides a more flexible reports than talloc_report()\&. It will recursively call the callback for the entire tree of memory referenced by the pointer\&. References in the tree are passed with
\fIis_ref = 1\fR
and the pointer that is referenced\&.
.PP
You can pass NULL for the pointer, in which case a report is printed for the top level memory context, but only if talloc_enable_leak_report() or talloc_enable_leak_report_full() has been called\&.
.PP
The recursion is stopped when depth >= max_depth\&. max_depth = \-1 means only stop at leaf nodes\&.
.SS ""
.HP \w'void\ talloc_report_depth_file('u
.BI "void talloc_report_depth_file(" "const\ void\ *ptr" ", " "int\ depth" ", " "int\ max_depth" ", " "FILE\ *f" ");"
.PP
This provides a more flexible reports than talloc_report()\&. It will let you specify the depth and max_depth\&.
.SS "void talloc_enable_leak_report(void);"
.PP
This enables calling of talloc_report(NULL, stderr) when the program exits\&. In Samba4 this is enabled by using the \-\-leak\-report command line option\&.
.PP
For it to be useful, this function must be called before any other talloc function as it establishes a "null context" that acts as the top of the tree\&. If you don\*(Aqt call this function first then passing NULL to talloc_report() or talloc_report_full() won\*(Aqt give you the full tree printout\&.
.PP
Here is a typical talloc report:
.sp
.if n \{\
.RS 4
.\}
.nf
talloc report on \*(Aqnull_context\*(Aq (total 267 bytes in 15 blocks)
libcli/auth/spnego_parse\&.c:55 contains 31 bytes in 2 blocks
libcli/auth/spnego_parse\&.c:55 contains 31 bytes in 2 blocks
iconv(UTF8,CP850) contains 42 bytes in 2 blocks
libcli/auth/spnego_parse\&.c:55 contains 31 bytes in 2 blocks
iconv(CP850,UTF8) contains 42 bytes in 2 blocks
iconv(UTF8,UTF\-16LE) contains 45 bytes in 2 blocks
iconv(UTF\-16LE,UTF8) contains 45 bytes in 2 blocks
.fi
.if n \{\
.RE
.\}
.SS "void talloc_enable_leak_report_full(void);"
.PP
This enables calling of talloc_report_full(NULL, stderr) when the program exits\&. In Samba4 this is enabled by using the \-\-leak\-report\-full command line option\&.
.PP
For it to be useful, this function must be called before any other talloc function as it establishes a "null context" that acts as the top of the tree\&. If you don\*(Aqt call this function first then passing NULL to talloc_report() or talloc_report_full() won\*(Aqt give you the full tree printout\&.
.PP
Here is a typical full report:
.sp
.if n \{\
.RS 4
.\}
.nf
full talloc report on \*(Aqroot\*(Aq (total 18 bytes in 8 blocks)
p1 contains 18 bytes in 7 blocks (ref 0)
r1 contains 13 bytes in 2 blocks (ref 0)
reference to: p2
p2 contains 1 bytes in 1 blocks (ref 1)
x3 contains 1 bytes in 1 blocks (ref 0)
x2 contains 1 bytes in 1 blocks (ref 0)
x1 contains 1 bytes in 1 blocks (ref 0)
.fi
.if n \{\
.RE
.\}
.SS "(\fItype\fR *)talloc_zero(const void *\fIctx\fR, \fItype\fR);"
.PP
The talloc_zero() macro is equivalent to:
.sp
.if n \{\
.RS 4
.\}
.nf
ptr = talloc(ctx, type);
if (ptr) memset(ptr, 0, sizeof(type));
.fi
.if n \{\
.RE
.\}
.SS "void *talloc_zero_size(const void *\fIctx\fR, size_t \fIsize\fR)"
.PP
The talloc_zero_size() function is useful when you don\*(Aqt have a known type\&.
.SS "void *talloc_memdup(const void *\fIctx\fR, const void *\fIp\fR, size_t size);"
.PP
The talloc_memdup() function is equivalent to:
.sp
.if n \{\
.RS 4
.\}
.nf
ptr = talloc_size(ctx, size);
if (ptr) memcpy(ptr, p, size);
.fi
.if n \{\
.RE
.\}
.SS "char *talloc_strdup(const void *\fIctx\fR, const char *\fIp\fR);"
.PP
The talloc_strdup() function is equivalent to:
.sp
.if n \{\
.RS 4
.\}
.nf
ptr = talloc_size(ctx, strlen(p)+1);
if (ptr) memcpy(ptr, p, strlen(p)+1);
.fi
.if n \{\
.RE
.\}
.PP
This function sets the name of the new pointer to the passed string\&. This is equivalent to:
.sp
.if n \{\
.RS 4
.\}
.nf
talloc_set_name_const(ptr, ptr)
.fi
.if n \{\
.RE
.\}
.SS "char *talloc_strndup(const void *\fIt\fR, const char *\fIp\fR, size_t \fIn\fR);"
.PP
The talloc_strndup() function is the talloc equivalent of the C library function strndup(3)\&.
.PP
This function sets the name of the new pointer to the passed string\&. This is equivalent to:
.sp
.if n \{\
.RS 4
.\}
.nf
talloc_set_name_const(ptr, ptr)
.fi
.if n \{\
.RE
.\}
.SS "char *talloc_vasprintf(const void *\fIt\fR, const char *\fIfmt\fR, va_list \fIap\fR);"
.PP
The talloc_vasprintf() function is the talloc equivalent of the C library function vasprintf(3)\&.
.PP
This function sets the name of the new pointer to the new string\&. This is equivalent to:
.sp
.if n \{\
.RS 4
.\}
.nf
talloc_set_name_const(ptr, ptr)
.fi
.if n \{\
.RE
.\}
.SS "char *talloc_asprintf(const void *\fIt\fR, const char *\fIfmt\fR, \&.\&.\&.);"
.PP
The talloc_asprintf() function is the talloc equivalent of the C library function asprintf(3)\&.
.PP
This function sets the name of the new pointer to the passed string\&. This is equivalent to:
.sp
.if n \{\
.RS 4
.\}
.nf
talloc_set_name_const(ptr, ptr)
.fi
.if n \{\
.RE
.\}
.SS "char *talloc_asprintf_append(char *s, const char *fmt, \&.\&.\&.);"
.PP
The talloc_asprintf_append() function appends the given formatted string to the given string\&.
.PP
This function sets the name of the new pointer to the new string\&. This is equivalent to:
.sp
.if n \{\
.RS 4
.\}
.nf
talloc_set_name_const(ptr, ptr)
.fi
.if n \{\
.RE
.\}
.SS "(type *)talloc_array(const void *ctx, type, unsigned int count);"
.PP
The talloc_array() macro is equivalent to:
.sp
.if n \{\
.RS 4
.\}
.nf
(type *)talloc_size(ctx, sizeof(type) * count);
.fi
.if n \{\
.RE
.\}
.PP
except that it provides integer overflow protection for the multiply, returning NULL if the multiply overflows\&.
.SS "void *talloc_array_size(const void *ctx, size_t size, unsigned int count);"
.PP
The talloc_array_size() function is useful when the type is not known\&. It operates in the same way as talloc_array(), but takes a size instead of a type\&.
.SS "(typeof(ptr)) talloc_array_ptrtype(const void *ctx, ptr, unsigned int count);"
.PP
The talloc_ptrtype() macro should be used when you have a pointer to an array and want to allocate memory of an array to point at with this pointer\&. When compiling with gcc >= 3 it is typesafe\&. Note this is a wrapper of talloc_array_size() and talloc_get_name() will return the current location in the source file\&. and not the type\&.
.SS "void *talloc_realloc_fn(const void *ctx, void *ptr, size_t size)"
.PP
This is a non\-macro version of talloc_realloc(), which is useful as libraries sometimes want a realloc function pointer\&. A realloc(3) implementation encapsulates the functionality of malloc(3), free(3) and realloc(3) in one call, which is why it is useful to be able to pass around a single function pointer\&.
.SS "void *talloc_autofree_context(void);"
.PP
This is a handy utility function that returns a talloc context which will be automatically freed on program exit\&. This can be used to reduce the noise in memory leak reports\&.
.SS "void *talloc_check_name(const void *ptr, const char *name);"
.PP
This function checks if a pointer has the specified
\fIname\fR\&. If it does then the pointer is returned\&. It it doesn\*(Aqt then NULL is returned\&.
.SS "(type *)talloc_get_type(const void *ptr, type);"
.PP
This macro allows you to do type checking on talloc pointers\&. It is particularly useful for void* private pointers\&. It is equivalent to this:
.sp
.if n \{\
.RS 4
.\}
.nf
(type *)talloc_check_name(ptr, #type)
.fi
.if n \{\
.RE
.\}
.SS "talloc_set_type(const void *ptr, type);"
.PP
This macro allows you to force the name of a pointer to be a particular
\fItype\fR\&. This can be used in conjunction with talloc_get_type() to do type checking on void* pointers\&.
.PP
It is equivalent to this:
.sp
.if n \{\
.RS 4
.\}
.nf
talloc_set_name_const(ptr, #type)
.fi
.if n \{\
.RE
.\}
.SS "talloc_set_log_fn(void (*log_fn)(const char *message));"
.PP
This function sets a logging function that talloc will use for warnings and errors\&. By default talloc will not print any warnings or errors\&.
.SS "talloc_set_log_stderr(void);"
.PP
This sets the talloc log function to write log messages to stderr
.SH "PERFORMANCE"
.PP
All the additional features of talloc(3) over malloc(3) do come at a price\&. We have a simple performance test in Samba4 that measures talloc() versus malloc() performance, and it seems that talloc() is about 10% slower than malloc() on my x86 Debian Linux box\&. For Samba, the great reduction in code complexity that we get by using talloc makes this worthwhile, especially as the total overhead of talloc/malloc in Samba is already quite small\&.
.SH "SEE ALSO"
.PP
malloc(3), strndup(3), vasprintf(3), asprintf(3),
\m[blue]\fB\%http://talloc.samba.org/\fR\m[]
.SH "AUTHOR"
.PP
The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
.SH "COPYRIGHT/LICENSE"
.PP
Copyright (C) Andrew Tridgell 2004
.PP
This program is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version\&.
.PP
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE\&. See the GNU General Public License for more details\&.
.PP
You should have received a copy of the GNU General Public License along with this program; if not, see http://www\&.gnu\&.org/licenses/\&.

129
net/samba419/files/man/tdbbackup.8 Normal file
View file

@ -0,0 +1,129 @@
'\" t
.\" Title: tdbbackup
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
.\" Date: 2015-04-25
.\" Manual: System Administration tools
.\" Source: Samba 3.6
.\" Language: English
.\"
.TH "TDBBACKUP" "8" "2015\-04\-25" "Samba 3\&.6" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
tdbbackup \- tool for backing up and for validating the integrity of samba \&.tdb files
.SH "SYNOPSIS"
.HP \w'\fBtdbbackup\fR\ 'u
\fBtdbbackup\fR [\-s\ suffix] [\-v] [\-h] [\-l]
.SH "DESCRIPTION"
.PP
This tool is part of the
\fBsamba\fR(1)
suite\&.
.PP
\fBtdbbackup\fR
is a tool that may be used to backup samba \&.tdb files\&. This tool may also be used to verify the integrity of the \&.tdb files prior to samba startup or during normal operation\&. If it finds file damage and it finds a prior backup the backup file will be restored\&.
.SH "OPTIONS"
.PP
\-h
.RS 4
Get help information\&.
.RE
.PP
\-s suffix
.RS 4
The
\fB\-s\fR
option allows the administrator to specify a file backup extension\&. This way it is possible to keep a history of tdb backup files by using a new suffix for each backup\&.
.RE
.PP
\-v
.RS 4
The
\fB\-v\fR
will check the database for damages (corrupt data) which if detected causes the backup to be restored\&.
.RE
.PP
\-l
.RS 4
This options disables any locking, by passing TDB_NOLOCK to tdb_open_ex()\&. Only use this for database files which are not used by any other process! And also only if it is otherwise not possible to open the database, e\&.g\&. databases which were created with mutex locking\&.
.RE
.SH "COMMANDS"
.PP
\fIGENERAL INFORMATION\fR
.PP
The
\fBtdbbackup\fR
utility can safely be run at any time\&. It was designed so that it can be used at any time to validate the integrity of tdb files, even during Samba operation\&. Typical usage for the command will be:
.PP
tdbbackup [\-s suffix] *\&.tdb
.PP
Before restarting samba the following command may be run to validate \&.tdb files:
.PP
tdbbackup \-v [\-s suffix] *\&.tdb
.PP
Samba \&.tdb files are stored in various locations, be sure to run backup all \&.tdb file on the system\&. Important files includes:
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fBsecrets\&.tdb\fR
\- usual location is in the /usr/local/samba/private directory, or on some systems in /etc/samba\&.
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fBpassdb\&.tdb\fR
\- usual location is in the /usr/local/samba/private directory, or on some systems in /etc/samba\&.
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fB*\&.tdb\fR
located in the /usr/local/samba/var directory or on some systems in the /var/cache or /var/lib/samba directories\&.
.RE
.SH "VERSION"
.PP
This man page is correct for version 3 of the Samba suite\&.
.SH "AUTHOR"
.PP
The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
.PP
The tdbbackup man page was written by John H Terpstra\&.

72
net/samba419/files/man/tdbdump.8 Normal file
View file

@ -0,0 +1,72 @@
'\" t
.\" Title: tdbdump
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
.\" Date: 2015-04-25
.\" Manual: System Administration tools
.\" Source: Samba 3.6
.\" Language: English
.\"
.TH "TDBDUMP" "8" "2015\-04\-25" "Samba 3\&.6" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
tdbdump \- tool for printing the contents of a TDB file
.SH "SYNOPSIS"
.HP \w'\fBtdbdump\fR\ 'u
\fBtdbdump\fR [\-k\ \fIkeyname\fR] [\-e] [\-h] {filename}
.SH "DESCRIPTION"
.PP
This tool is part of the
\fBsamba\fR(1)
suite\&.
.PP
\fBtdbdump\fR
is a very simple utility that \*(Aqdumps\*(Aq the contents of a TDB (Trivial DataBase) file to standard output in a human\-readable format\&.
.PP
This tool can be used when debugging problems with TDB files\&. It is intended for those who are somewhat familiar with Samba internals\&.
.SH "OPTIONS"
.PP
\-h
.RS 4
Get help information\&.
.RE
.PP
\-k \fIkeyname\fR
.RS 4
The
\fB\-k\fR
option restricts dumping to a single key, if found\&.
.RE
.PP
\-e
.RS 4
The
\fB\-e\fR
tries to dump out from a corrupt database\&. Naturally, such a dump is unreliable, at best\&.
.RE
.SH "VERSION"
.PP
This man page is correct for version 3 of the Samba suite\&.
.SH "AUTHOR"
.PP
The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
.PP
The tdbdump man page was written by Jelmer Vernooij\&.

54
net/samba419/files/man/tdbrestore.8 Normal file
View file

@ -0,0 +1,54 @@
'\" t
.\" Title: tdbrestore
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
.\" Date: 2015-04-25
.\" Manual: System Administration tools
.\" Source: Samba 3.6
.\" Language: English
.\"
.TH "TDBRESTORE" "8" "2015\-04\-25" "Samba 3\&.6" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
tdbrestore \- tool for creating a TDB file out of a tdbdump output
.SH "SYNOPSIS"
.HP \w'\fBtdbrestore\fR\ 'u
\fBtdbrestore\fR {tdbfilename}
.SH "DESCRIPTION"
.PP
This tool is part of the
\fBsamba\fR(1)
suite\&.
.PP
\fBtdbrestore\fR
is a very simple utility that \*(Aqrestores\*(Aq the contents of dump file into TDB (Trivial DataBase) file\&. The dump file is obtained from the tdbdump command\&.
.PP
This tool wait on the standard input for the content of the dump and will write the tdb in the tdbfilename parameter\&.
.PP
This tool can be used for unpacking the content of tdb as backup mean\&.
.SH "VERSION"
.PP
This man page is correct for version 3 of the Samba suite\&.
.SH "AUTHOR"
.PP
The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&. This tool was initially written by Volker Lendecke based on an idea by Simon McVittie\&.
.PP
The tdbrestore man page was written by Matthieu Patou\&.

170
net/samba419/files/man/tdbtool.8 Normal file
View file

@ -0,0 +1,170 @@
'\" t
.\" Title: tdbtool
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
.\" Date: 2015-04-25
.\" Manual: System Administration tools
.\" Source: Samba 4.0
.\" Language: English
.\"
.TH "TDBTOOL" "8" "2015\-04\-25" "Samba 4\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
tdbtool \- manipulate the contents TDB files
.SH "SYNOPSIS"
.HP \w'\fBtdbtool\fR\ 'u
\fBtdbtool\fR
.HP \w'\fBtdbtool\fR\ 'u
\fBtdbtool\fR [\-l] \fITDBFILE\fR [\fICOMMANDS\fR...]
.SH "DESCRIPTION"
.PP
This tool is part of the
\fBsamba\fR(1)
suite\&.
.PP
\fBtdbtool\fR
a tool for displaying and altering the contents of Samba TDB (Trivial DataBase) files\&. Each of the commands listed below can be entered interactively or provided on the command line\&.
.SH "OPTIONS"
.PP
\-l
.RS 4
This options disables any locking, by passing TDB_NOLOCK to tdb_open_ex()\&. Only use this for database files which are not used by any other process! And also only if it is otherwise not possible to open the database, e\&.g\&. databases which were created with mutex locking\&.
.RE
.SH "COMMANDS"
.PP
\fBcreate\fR \fITDBFILE\fR
.RS 4
Create a new database named
\fITDBFILE\fR\&.
.RE
.PP
\fBopen\fR \fITDBFILE\fR
.RS 4
Open an existing database named
\fITDBFILE\fR\&.
.RE
.PP
\fBerase\fR
.RS 4
Erase the current database\&.
.RE
.PP
\fBdump\fR
.RS 4
Dump the current database as strings\&.
.RE
.PP
\fBcdump\fR
.RS 4
Dump the current database as connection records\&.
.RE
.PP
\fBkeys\fR
.RS 4
Dump the current database keys as strings\&.
.RE
.PP
\fBhexkeys\fR
.RS 4
Dump the current database keys as hex values\&.
.RE
.PP
\fBinfo\fR
.RS 4
Print summary information about the current database\&.
.RE
.PP
\fBinsert\fR \fIKEY\fR \fIDATA\fR
.RS 4
Insert a record into the current database\&.
.RE
.PP
\fBmove\fR \fIKEY\fR \fITDBFILE\fR
.RS 4
Move a record from the current database into
\fITDBFILE\fR\&.
.RE
.PP
\fBstore\fR \fIKEY\fR \fIDATA\fR
.RS 4
Store (replace) a record in the current database\&.
.RE
.PP
\fBshow\fR \fIKEY\fR
.RS 4
Show a record by key\&.
.RE
.PP
\fBdelete\fR \fIKEY\fR
.RS 4
Delete a record by key\&.
.RE
.PP
\fBlist\fR
.RS 4
Print the current database hash table and free list\&.
.RE
.PP
\fBfree\fR
.RS 4
Print the current database and free list\&.
.RE
.PP
\fB!\fR \fICOMMAND\fR
.RS 4
Execute the given system command\&.
.RE
.PP
\fBfirst\fR
.RS 4
Print the first record in the current database\&.
.RE
.PP
\fBnext\fR
.RS 4
Print the next record in the current database\&.
.RE
.PP
\fBcheck\fR
.RS 4
Check the integrity of the current database\&.
.RE
.PP
\fBrepack\fR
.RS 4
Repack a database using a temporary file to remove fragmentation\&.
.RE
.PP
\fBquit\fR
.RS 4
Exit
\fBtdbtool\fR\&.
.RE
.SH "CAVEATS"
.PP
The contents of the Samba TDB files are private to the implementation and should not be altered with
\fBtdbtool\fR\&.
.SH "VERSION"
.PP
This man page is correct for version 3\&.6 of the Samba suite\&.
.SH "AUTHOR"
.PP
The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.

194
net/samba419/files/man/testparm.1 Normal file
View file

@ -0,0 +1,194 @@
'\" t
.\" Title: testparm
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Date: 08/09/2022
.\" Manual: User Commands
.\" Source: Samba 4.16.4
.\" Language: English
.\"
.TH "TESTPARM" "1" "08/09/2022" "Samba 4\&.16\&.4" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
testparm \- check an smb\&.conf configuration file for internal correctness
.SH "SYNOPSIS"
.HP \w'\ 'u
testparm [\-s|\-\-suppress\-prompt] [\-v|\-\-verbose] [\-?|\-\-help] [\-\-usage] [\-d|\-\-debuglevel=DEBUGLEVEL] [\-\-debug\-stdout] {config\ filename} [hostname\ hostIP]
.SH "DESCRIPTION"
.PP
This tool is part of the
\fBsamba\fR(7)
suite\&.
.PP
testparm
is a very simple test program to check an
\fBsmbd\fR(8)
configuration file for internal correctness\&. If this program reports no problems, you can use the configuration file with confidence that
smbd
will successfully load the configuration file\&.
.PP
Note that this is
\fINOT\fR
a guarantee that the services specified in the configuration file will be available or will operate as expected\&.
.PP
If the optional host name and host IP address are specified on the command line, this test program will run through the service entries reporting whether the specified host has access to each service\&.
.PP
If
testparm
finds an error in the
smb\&.conf
file it returns an exit code of 1 to the calling program, else it returns an exit code of 0\&. This allows shell scripts to test the output from
testparm\&.
.SH "OPTIONS"
.PP
\-s|\-\-suppress\-prompt
.RS 4
Without this option,
testparm
will prompt for a carriage return after printing the service names and before dumping the service definitions\&.
.RE
.PP
\-v|\-\-verbose
.RS 4
If this option is specified, testparm will also output all options that were not used in
\fBsmb.conf\fR(5)
and are thus set to their defaults\&.
.RE
.PP
\-\-parameter\-name parametername
.RS 4
Dumps the named parameter\&. If no section\-name is set the view is limited by default to the global section\&. It is also possible to dump a parametrical option\&. Therefore the option has to be separated by a colon from the parametername\&.
.RE
.PP
\-\-section\-name sectionname
.RS 4
Dumps the named section\&.
.RE
.PP
\-\-show\-all\-parameters
.RS 4
Show the parameters, type, possible values\&.
.RE
.PP
\-l|\-\-skip\-logic\-checks
.RS 4
Skip the global checks\&.
.RE
.PP
\-?|\-\-help
.RS 4
Print a summary of command line options\&.
.RE
.PP
\-\-usage
.RS 4
Display brief usage message\&.
.RE
.PP
\-d|\-\-debuglevel=DEBUGLEVEL
.RS 4
\fIlevel\fR
is an integer from 0 to 10\&. The default value if this parameter is not specified is 1 for client applications\&.
.sp
The higher this value, the more detail will be logged to the log files about the activities of the server\&. At level 0, only critical errors and serious warnings will be logged\&. Level 1 is a reasonable level for day\-to\-day running \- it generates a small amount of information about operations carried out\&.
.sp
Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&.
.sp
Note that specifying this parameter here will override the
\m[blue]\fBlog level\fR\m[]
parameter in the
smb\&.conf
file\&.
.RE
.PP
\-\-debug\-stdout
.RS 4
This will redirect debug output to STDOUT\&. By default all clients are logging to STDERR\&.
.RE
.PP
\-\-configfile=<configuration file>
.RS 4
The file specified contains the configuration details required by the client\&. The information in this file can be general for client and server or only provide client specific like options such as
\m[blue]\fBclient smb encrypt\fR\m[]\&. See
smb\&.conf
for more information\&. The default configuration file name is determined at compile time\&.
.RE
.PP
\-\-option=<name>=<value>
.RS 4
Set the
\fBsmb.conf\fR(5)
option "<name>" to value "<value>" from the command line\&. This overrides compiled\-in defaults and options read from the configuration file\&. If a name or a value includes a space, wrap whole \-\-option=name=value into quotes\&.
.RE
.PP
\-V|\-\-version
.RS 4
Prints the program version number\&.
.RE
.PP
configfilename
.RS 4
This is the name of the configuration file to check\&. If this parameter is not present then the default
\fBsmb.conf\fR(5)
file will be checked\&.
.RE
.PP
hostname
.RS 4
If this parameter and the following are specified, then
testparm
will examine the
\fIhosts allow\fR
and
\fIhosts deny\fR
parameters in the
\fBsmb.conf\fR(5)
file to determine if the hostname with this IP address would be allowed access to the
smbd
server\&. If this parameter is supplied, the hostIP parameter must also be supplied\&.
.RE
.PP
hostIP
.RS 4
This is the IP address of the host specified in the previous parameter\&. This address must be supplied if the hostname parameter is supplied\&.
.RE
.SH "FILES"
.PP
\fBsmb.conf\fR(5)
.RS 4
This is usually the name of the configuration file used by
\fBsmbd\fR(8)\&.
.RE
.SH "DIAGNOSTICS"
.PP
The program will issue a message saying whether the configuration file loaded OK or not\&. This message may be preceded by errors and warnings if the file did not load\&. If the file was loaded OK, the program then dumps all known service details to stdout\&.
.PP
For certain use cases, SMB protocol requires use of cryptographic algorithms which are known to be weak and already broken\&. DES and ARCFOUR (RC4) ciphers and the SHA1 and MD5 hash algorithms are considered weak but they are required for backward compatibility\&. The testparm utility shows whether the Samba tools will fall back to these weak crypto algorithms if it is not possible to use strong cryptography by default\&. In FIPS mode weak crypto cannot be enabled\&.
.SH "VERSION"
.PP
This man page is part of version 4\&.16\&.4 of the Samba suite\&.
.SH "SEE ALSO"
.PP
\fBsmb.conf\fR(5),
\fBsmbd\fR(8)
.SH "AUTHOR"
.PP
The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.

128
net/samba419/files/man/traffic_learner.7 Normal file
View file

@ -0,0 +1,128 @@
'\" t
.\" Title: traffic_learner
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Date: 08/09/2022
.\" Manual: User Commands
.\" Source: Samba 4.16.4
.\" Language: English
.\"
.TH "TRAFFIC_LEARNER" "7" "08/09/2022" "Samba 4\&.16\&.4" "User Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
traffic_learner \- Samba tool to assist with traffic generation\&.
.SH "SYNOPSIS"
.HP \w'\ 'u
traffic_learner {\-o\ OUTPUT_FILE\ \&.\&.\&.} [\-h] [\-\-dns\-mode\ {inline|count}] [SUMMARY_FILE] [SUMMARY_FILE\ \&.\&.\&.]
.SH "DESCRIPTION"
.PP
This tool is part of the
\fBsamba\fR(7)
suite\&.
.PP
This tool assists with generation of Samba traffic\&. It takes a traffic\-summary file (produced by
traffic_summary\&.pl) as input and produces a traffic\-model file that can be used by
traffic_replay
for traffic generation\&.
.PP
The model file summarizes the types of traffic (\*(Aqconversations\*(Aq between a host and a Samba DC) that occur on a network\&. The model file describes the traffic in a way that allows it to be scaled so that either more (or fewer) packets get sent, and the packets can be sent at a faster (or slower) rate than that seen in the network\&.
.SH "OPTIONS"
.PP
\-h|\-\-help
.RS 4
Print a summary of command line options\&.
.RE
.PP
SUMMARY_FILE
.RS 4
File containing a network traffic\-summary\&. The traffic\-summary file should be generated by
traffic_summary\&.pl
from a packet capture of actual network traffic\&. More than one file can be specified, in which case the traffic will be combined into a single traffic\-model\&. If no SUMMARY_FILE is specified, this tool will read the traffic\-summary from STDIN, i\&.e\&. you can pipe the output from traffic_summary\&.pl directly to this tool\&.
.RE
.PP
\-o|\-\-out OUTPUT_FILE
.RS 4
The traffic\-model that is produced will be written to this file\&. The OUTPUT_FILE can then be passed to
traffic_replay
to generate (and manipulate) Samba network traffic\&.
.RE
.PP
\-\-dns\-mode [inline|count]
.RS 4
How DNS traffic should be handled by the model\&.
.RE
.SH "EXAMPLES"
.PP
To take a traffic\-summary file and produce a traffic\-model file, use:
.PP
traffic_learner traffic\-summary\&.txt \-o traffic\-model\&.txt
.PP
To generate a traffic\-model from a packet capture, you can pipe the traffic summary to STDIN using:
.PP
tshark \-r capture\&.pcapng \-T pdml | traffic_summary\&.pl | traffic_learner \-o traffic\-model\&.txt
.SH "OUTPUT FILE FORMAT"
.PP
The output model file describes a Markov model estimating the probability of a packet occurring given the last two packets\&.
.PP
The count of each continuation after a pair of successive packets is stored, and the ratios of these counts is used to calculate probabilities for the next packet\&.
.PP
The model is stored in JSON format, and also contains information about the packet rate and DNS traffic rate\&.
.SS "Example ngram listing"
.PP
The following listing shows a contrived example of a single ngram entry\&.
.sp
.if n \{\
.RS 4
.\}
.nf
"ngrams": {
"ldap:0\etdcerpc:11": {
"lsarpc:77": 1,
"ldap:2": 370,
"ldap:3": 62,
"wait:3": 2,
"\-": 1
}, [\&.\&.\&.]
}
.fi
.if n \{\
.RE
.\}
.PP
This counts the observed continuations after an ldap packet with opcode 0 (a bind) followed by a dcerpc packet with opcode 11 (also a bind)\&. The most common next packet is "ldap:2" which is an unbind, so this is the most likely packet type to be selected in replay\&. At the other extreme, lsarpc opcode 77 (lookup names) has been seen only once, and it is unlikely but possible that this will be selected in replay\&.
.PP
There are two special packet types here\&. "wait:3" refers to a temporary pause in the conversation, where the "3" pseudo\-opcode indicates the length of the wait on an exponential scale\&. That is, a "wait:4" pause would be about 2\&.7 times longer that a "wait:3", which in turn would be similarly longer than a "wait:2"\&.
.PP
The other special packet is "\-", which represents the limit of the conversation\&. In the example, this indicates that one observed conversation ended after this particular ngram\&. This special opcode is also used at the beginning of conversations, which are indicated by the ngram "\-\et\-"\&.
.SH "VERSION"
.PP
This man page is complete for version 4\&.16\&.4 of the Samba suite\&.
.SH "SEE ALSO"
.PP
\fBtraffic_replay\fR(7)\&.
.SH "AUTHOR"
.PP
The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
.PP
The traffic_learner tool was developed by the Samba team at Catalyst IT Ltd\&.
.PP
The traffic_learner manpage was written by Tim Beale\&.

Some files were not shown because too many files have changed in this diff Show more