diff options
author | Mikael Urankar <mikael@FreeBSD.org> | 2024-02-05 12:56:27 +0000 |
---|---|---|
committer | Mikael Urankar <mikael@FreeBSD.org> | 2024-02-09 15:33:54 +0000 |
commit | b0a4fa4a12b096897f347755106940220e94c114 (patch) | |
tree | 11303760ec4eb164f16c80fd630dc1bea51d2d02 | |
parent | 1e1b3d42f560254a9c6e533d20e1c081c184cf5b (diff) | |
download | ports-b0a4fa4a12b096897f347755106940220e94c114.tar.gz ports-b0a4fa4a12b096897f347755106940220e94c114.zip |
net/samba419: Add new port
Many thanks to Joshua Kinard, Siva Mahadevan, Yasuhiro Kimura, Andrew Walker, and Peter Eriksson for their patches.
PR: 270383
120 files changed, 40779 insertions, 2 deletions
diff --git a/Mk/Uses/samba.mk b/Mk/Uses/samba.mk index bd4ccb0a6189..40e8cac30403 100644 --- a/Mk/Uses/samba.mk +++ b/Mk/Uses/samba.mk @@ -21,7 +21,7 @@ IGNORE= USES=samba has invalid arguments: ${samba_ARGS:Nbuild:Nenv:Nlib:Nrun} SAMBAPORT= net/samba${SAMBA_DEFAULT:S/.//} SAMBAINCLUDES= ${LOCALBASE}/include/samba4 -. if ${SAMBA_DEFAULT} == 4.13 || ${SAMBA_DEFAULT} == 4.16 +. if ${SAMBA_DEFAULT} == 4.13 || ${SAMBA_DEFAULT} == 4.16 || ${SAMBA_DEFAULT} == 4.19 SAMBALIBS= ${LOCALBASE}/lib/samba4 . else IGNORE= Invalid version of samba: ${SAMBA_DEFAULT} diff --git a/Mk/bsd.default-versions.mk b/Mk/bsd.default-versions.mk index 4747af6c8296..40ffd9a959b2 100644 --- a/Mk/bsd.default-versions.mk +++ b/Mk/bsd.default-versions.mk @@ -142,7 +142,7 @@ PYTHON2_DEFAULT?= 2.7 RUBY_DEFAULT?= 3.1 # Possible values: rust, rust-nightly RUST_DEFAULT?= rust -# Possible values: 4.13, 4.16 +# Possible values: 4.13, 4.16, 4.19 SAMBA_DEFAULT?= 4.16 # Possible values: base, openssl, openssl111, openssl31, openssl32, libressl, libressl-devel . if !defined(SSL_DEFAULT) diff --git a/net/Makefile b/net/Makefile index 85d381a126b4..fe3e44a9f8a4 100644 --- a/net/Makefile +++ b/net/Makefile @@ -1435,6 +1435,7 @@ SUBDIR += sakisafecli SUBDIR += samba413 SUBDIR += samba416 + SUBDIR += samba419 SUBDIR += samplicator SUBDIR += savvycan SUBDIR += sbd diff --git a/net/samba419/Makefile b/net/samba419/Makefile new file mode 100644 index 000000000000..de9c52a381a1 --- /dev/null +++ b/net/samba419/Makefile @@ -0,0 +1,701 @@ +PORTNAME= ${SAMBA4_BASENAME}419 +PORTVERSION= ${SAMBA4_VERSION} +PORTREVISION= 0 +CATEGORIES?= net +MASTER_SITES= SAMBA/samba/stable SAMBA/samba/rc +DISTNAME= ${SAMBA4_DISTNAME} + +MAINTAINER= mikael@FreeBSD.org +COMMENT= Free SMB/CIFS and AD/DC server and client for Unix +WWW= https://gitlab.com/samba-freebsd/ + +LICENSE= GPLv3+ +LICENSE_FILE= ${WRKSRC}/COPYING + +USES= cpe + +CONFLICTS_INSTALL?= samba4* + +EXTRA_PATCHES= \ + ${PATCHDIR}/0001-Compact-and-simplify-modules-build-and-config-genera.patch:-p1 \ + ${PATCHDIR}/0002-Adjust-abi_gen.sh-script-to-run-under-FreeBSD-with-i.patch:-p1 \ + ${PATCHDIR}/0003-Mask-CLang-prototype-warnings-in-kadm5-admin.h.patch:-p1 \ + ${PATCHDIR}/0004-On-FreeBSD-date-1-has-different-semantics-than-on-Li.patch:-p1 \ + ${PATCHDIR}/0005-Include-jemalloc-jemalloc.h-if-ENABLE_JEMALLOC-is-se.patch:-p1 \ + ${PATCHDIR}/0006-Install-nss_-modules-into-PAMMODULESDIR-path.patch:-p1 \ + ${PATCHDIR}/0007-Use-macro-value-as-a-default-backlog-size-for-the-li.patch:-p1 \ + ${PATCHDIR}/0008-Brute-force-work-around-usage-of-Linux-specific-m-fl.patch:-p1 \ + ${PATCHDIR}/0009-Make-sure-that-config-checks-fail-if-the-warning-is-.patch:-p1 \ + ${PATCHDIR}/0010-Add-option-with-pkgconfigdir-to-specify-alternative-.patch:-p1 \ + ${PATCHDIR}/0011-Use-provided-by-port-location-of-the-XML-catalog.patch:-p1 \ + ${PATCHDIR}/0012-Create-shared-libraries-according-to-the-FreeBSD-spe.patch:-p1 \ + ${PATCHDIR}/0013-Pass-additional-msg-parameter-to-CHECK_LIB-so-it-can.patch:-p1 \ + ${PATCHDIR}/0014-Add-option-to-disable-CTDB-tests-failing-on-FreeBSD-.patch:-p1 \ + ${PATCHDIR}/0015-Add-extra-debug-class-to-trck-down-DB-locking-code.patch:-p1 \ + ${PATCHDIR}/0016-Make-ldb_schema_attribute_compare-a-stable-comparisi.patch:-p1 \ + ${PATCHDIR}/0017-Use-arc4random-when-available-to-generate-random-tal.patch:-p1 \ + ${PATCHDIR}/0018-Add-configuration-option-that-allows-to-choose-alter.patch:-p1 \ + ${PATCHDIR}/0019-From-923bc7a1afeb0b920e60e14846987ae1d2d7dca4-Mon-Se.patch:-p1 \ + ${PATCHDIR}/0020-FreeBSD-12-between-r336017-and-r342928-wrongfuly-ret.patch:-p1 \ + ${PATCHDIR}/0021-Fix-casting-warnings-in-the-nfs_quota-debug-message.patch:-p1 \ + ${PATCHDIR}/0022-Clean-up-UTMP-handling-code-and-add-FreeBSD-support..patch:-p1 \ + ${PATCHDIR}/0023-Add-cmd_get_quota-test-function-into-vfstest-to-test.patch:-p1 \ + ${PATCHDIR}/0024-Cherry-pick-ZFS-provisioning-code-by-iXsystems-Inc.patch:-p1 \ + ${PATCHDIR}/0025-From-d9b748869a8f4018ebee302aae8246bf29f60309-Mon-Se.patch:-p1 \ + ${PATCHDIR}/0026-vfs-add-a-compatibility-option-to-the-vfs_streams_xa.patch:-p1 \ + ${PATCHDIR}/0027-Add-VFS-module-vfs_freebsd-that-implements-FreeBSD-s.patch:-p1 \ + ${PATCHDIR}/0100-Fix-pathref-handling-for-FreeBSD-13plus.patch + +SAMBA4_BASENAME= samba +SAMBA4_PORTNAME= ${SAMBA4_BASENAME}4 +SAMBA4_VERSION= 4.19.4 +SAMBA4_DISTNAME= ${SAMBA4_BASENAME}-${SAMBA4_VERSION:S|.p|pre|:S|.r|rc|:S|.t|tp|:S|.a|alpha|} + +WRKSRC?= ${WRKDIR}/${DISTNAME} +PLIST?= ${PKGDIR}/pkg-plist + +CPE_VENDOR= samba +CPE_PRODUCT= samba +# Directories +VARDIR= ${DESTDIR}/var +SAMBA4_RUNDIR= ${VARDIR}/run/${SAMBA4_PORTNAME} +SAMBA4_LOGDIR= ${VARDIR}/log/${SAMBA4_PORTNAME} +SAMBA4_LOCKDIR= ${VARDIR}/db/${SAMBA4_PORTNAME} +SAMBA4_BINDDNSDIR= ${SAMBA4_LOCKDIR}/bind-dns +SAMBA4_PRIVATEDIR= ${SAMBA4_LOCKDIR}/private +SAMBA4_PAMDIR= ${PREFIX}/lib +SAMBA4_LIBDIR= ${PREFIX}/lib/${SAMBA4_PORTNAME} +SAMBA4_INCLUDEDIR= ${PREFIX}/include/${SAMBA4_PORTNAME} +SAMBA4_CONFDIR= ${PREFIX}/etc +SAMBA4_CONFIG= smb4.conf +SAMBA4_MODULES_CLASS= auth bind9 gensec gpext idmap ldb nss_info \ + pdb perfcount process_model service vfs + +CONFIGURE_ARGS= --mandir="${PREFIX}/share/man" \ + --sysconfdir="${SAMBA4_CONFDIR}" \ + --includedir="${SAMBA4_INCLUDEDIR}" \ + --datadir="${DATADIR}" \ + --libdir="${SAMBA4_LIBDIR}" \ + --with-privatelibdir="${SAMBA4_LIBDIR}/private" \ + --with-pammodulesdir="${SAMBA4_PAMDIR}" \ + --with-modulesdir="${SAMBA4_MODULEDIR}" \ + --with-pkgconfigdir="${PKGCONFIGDIR}" \ + --localstatedir="${VARDIR}" \ + --with-piddir="${SAMBA4_RUNDIR}" \ + --with-sockets-dir="${SAMBA4_RUNDIR}" \ + --with-privileged-socket-dir="${SAMBA4_RUNDIR}" \ + --with-lockdir="${SAMBA4_LOCKDIR}" \ + --with-statedir="${SAMBA4_LOCKDIR}" \ + --with-cachedir="${SAMBA4_LOCKDIR}" \ + --with-bind-dns-dir=${SAMBA4_BINDDNSDIR} \ + --with-privatedir="${SAMBA4_PRIVATEDIR}" \ + --with-logfilebase="${SAMBA4_LOGDIR}" +# XXX: Flags +CONFIGURE_ENV= PTHREAD_LDFLAGS="-lpthread" \ + PYTHONHASHSEED=1 +MAKE_ENV= PYTHONHASHSEED=1 + +USES= compiler:c++11-lang iconv localbase:ldflags \ + perl5 pkgconfig shebangfix waf gettext-runtime +USE_PERL5= build +USE_LDCONFIG= ${SAMBA4_LIBDIR} +WAF_CMD= buildtools/bin/waf +CONFIGURE_LOG= bin/config.log + +# Make sure that the right version of Python is used by the tools +# https://bugzilla.samba.org/show_bug.cgi?id=7305 +SHEBANG_FILES= source3/script* source4/scripting/bin/* selftest/* + +PKGCONFIGDIR?= ${PREFIX}/libdata/pkgconfig +PKGCONFIGDIR_REL?= ${PKGCONFIGDIR:S,^${PREFIX}/,,} +PLIST_SUB= PKGCONFIGDIR=${PKGCONFIGDIR_REL} +SUB_LIST= PKGCONFIGDIR=${PKGCONFIGDIR_REL} +############################################################################## +OPTIONS_SUB= yes + +OPTIONS_DEFINE= AD_DC ADS CLUSTER CUPS DOCS FAM GPGME \ + LDAP MANDOC PROFILE PYTHON3 QUOTAS \ + SPOTLIGHT SYSLOG UTMP +#OPTIONS_DEFINE+= DEVELOPER MEMORY_DEBUG + +OPTIONS_GROUP= VFS +OPTIONS_GROUP_VFS= FRUIT GLUSTERFS + +OPTIONS_SINGLE= GSSAPI ZEROCONF + +OPTIONS_SINGLE_GSSAPI= GSSAPI_BUILTIN GSSAPI_MIT +#GSSAPI_HEIMDAL +OPTIONS_SINGLE_ZEROCONF= ZEROCONF_NONE AVAHI MDNSRESPONDER + +# Make those default options +OPTIONS_DEFAULT= AD_DC ADS DOCS FAM LDAP \ + PROFILE PYTHON3 QUOTAS SYSLOG UTMP \ + FRUIT GSSAPI_BUILTIN AVAHI +############################################################################## +ADS_DESC= Active Directory client(implies LDAP) +AD_DC_DESC= Active Directory Domain Controller(implies PYTHON3) +CLUSTER_DESC= Clustering support +DEVELOPER_DESC= With developer framework +FAM_DESC= File Alteration Monitor +GPGME_DESC= GpgME support +LDAP_DESC= LDAP client +LIBZFS_DESC= LibZFS +SPOTLIGHT_DESC= Spotlight server-side search support +MANDOC_DESC= Build manpages from DOCBOOK templates +MEMORY_DEBUG_DESC= Debug memory allocator +PICKY_DEVELOPER_DESC= Treat compiler warnings as errors(implies DEVELOPER) +PROFILE_DESC= Profiling data +QUOTAS_DESC= Disk quota support +UTMP_DESC= UTMP accounting + +VFS_DESC= VFS modules +FRUIT_DESC= MacOSX and TimeMachine support +GLUSTERFS_DESC= GlusterFS support + +GSSAPI_BUILTIN_DESC= GSSAPI support via bundled Heimdal + +ZEROCONF_DESC= Zero configuration networking +ZEROCONF_NONE_DESC= Zeroconf support is absent +############################################################################## +# XXX: Unconditional dependencies which can't be switched off(if present in +# the system) + +# Iconv(picked up unconditionaly) +LIB_DEPENDS= libiconv.so:converters/libiconv +# unwind +LIB_DEPENDS+= libunwind.so:devel/libunwind +# Readline(sponsored by Python) +# XXX: USES=readline pollutes CPPFLAGS, so we explicitly put dependency +LIB_DEPENDS+= libreadline.so:devel/readline +# popt +LIB_DEPENDS+= libpopt.so:devel/popt +# inotify +LIB_DEPENDS+= libinotify.so:devel/libinotify +# GNUTLS +LIB_DEPENDS+= libgnutls.so:security/gnutls +LIB_DEPENDS+= libgcrypt.so:security/libgcrypt +# NFSv4 ACL glue +LIB_DEPENDS+= libsunacl.so:sysutils/libsunacl +# Jansson +BUILD_DEPENDS+= jansson>=2.10:devel/jansson +RUN_DEPENDS+= jansson>=2.10:devel/jansson +# tasn1 +BUILD_DEPENDS+= libtasn1>=3.8:security/libtasn1 +RUN_DEPENDS+= libtasn1>=3.8:security/libtasn1 +# External Samba dependencies +# Needed for IDL compiler +BUILD_DEPENDS+= p5-Parse-Yapp>=0:devel/p5-Parse-Yapp + +# Libarchive +SAMBA4_BUNDLED_LIBS= !libarchive +BUILD_DEPENDS+= libarchive>=3.1.2:archivers/libarchive +RUN_DEPENDS+= libarchive>=3.1.2:archivers/libarchive + +### Bundled libraries +SAMBA4_BUNDLED_CMOCKA= yes +SAMBA4_BUNDLED_TALLOC= yes +SAMBA4_BUNDLED_TEVENT= yes +SAMBA4_BUNDLED_TDB= yes +SAMBA4_BUNDLED_LDB= yes +# cmocka +.if defined(SAMBA4_BUNDLED_CMOCKA) && ${SAMBA4_BUNDLED_CMOCKA} == yes +SAMBA4_BUNDLED_LIBS+= cmocka +CONFLICTS_INSTALL+= cmocka-1.* +PLIST_SUB+= SAMBA4_BUNDLED_CMOCKA="" +SUB_LIST+= SAMBA4_BUNDLED_CMOCKA="" +.else +SAMBA4_BUNDLED_LIBS+= !cmocka +BUILD_DEPENDS+= cmocka>=1.1.3:sysutils/cmocka +TEST_DEPENDS+= cmocka>=1.1.3:sysutils/cmocka +PLIST_SUB+= SAMBA4_BUNDLED_CMOCKA="@comment " +SUB_LIST+= SAMBA4_BUNDLED_CMOCKA="@comment " +.endif +# talloc +.if defined(SAMBA4_BUNDLED_TALLOC) && ${SAMBA4_BUNDLED_TALLOC} == yes +SAMBA4_BUNDLED_LIBS+= talloc +CONFLICTS_INSTALL+= talloc-* talloc1-* +PLIST_SUB+= SAMBA4_BUNDLED_TALLOC="" +SUB_LIST+= SAMBA4_BUNDLED_TALLOC="" +.else +SAMBA4_BUNDLED_LIBS+= !talloc +BUILD_DEPENDS+= talloc>=2.3.3:devel/talloc +RUN_DEPENDS+= talloc>=2.3.3:devel/talloc +PLIST_SUB+= SAMBA4_BUNDLED_TALLOC="@comment " +SUB_LIST+= SAMBA4_BUNDLED_TALLOC="@comment " +.endif +# tevent +.if defined(SAMBA4_BUNDLED_TEVENT) && ${SAMBA4_BUNDLED_TEVENT} == yes +SAMBA4_BUNDLED_LIBS+= tevent +CONFLICTS_INSTALL+= tevent-* tevent1-* +PLIST_SUB+= SAMBA4_BUNDLED_TEVENT="" +SUB_LIST+= SAMBA4_BUNDLED_TEVENT="" +.else +SAMBA4_BUNDLED_LIBS+= !tevent +BUILD_DEPENDS+= tevent>=0.11.0:devel/tevent +RUN_DEPENDS+= tevent>=0.11.0:devel/tevent +PLIST_SUB+= SAMBA4_BUNDLED_TEVENT="@comment " +SUB_LIST+= SAMBA4_BUNDLED_TEVENT="@comment " +.endif +# tdb +.if defined(SAMBA4_BUNDLED_TDB) && ${SAMBA4_BUNDLED_TDB} == yes +SAMBA4_BUNDLED_LIBS+= tdb +CONFLICTS_INSTALL+= tdb-* tdb1-* +PLIST_SUB+= SAMBA4_BUNDLED_TDB="" +SUB_LIST+= SAMBA4_BUNDLED_TDB="" +.else +SAMBA4_BUNDLED_LIBS+= !tdb +BUILD_DEPENDS+= tdb>=1.4.6:databases/tdb +RUN_DEPENDS+= tdb>=1.4.6:databases/tdb +PLIST_SUB+= SAMBA4_BUNDLED_TDB="@comment " +SUB_LIST+= SAMBA4_BUNDLED_TDB="@comment " +.endif +# ldb +.if defined(SAMBA4_BUNDLED_LDB) && ${SAMBA4_BUNDLED_LDB} == yes +SAMBA4_BUNDLED_LDB= yes +SAMBA4_BUNDLED_LIBS+= ldb +PLIST_SUB+= SAMBA4_BUNDLED_LDB="" +SUB_LIST+= SAMBA4_BUNDLED_LDB="" +SAMBA4_MODULEDIR= ${SAMBA4_LIBDIR}/modules +.else +SAMBA4_BUNDLED_LIBS+= !ldb +BUILD_DEPENDS+= ldb25>=2.5.2:databases/ldb25 +RUN_DEPENDS+= ldb25>=2.5.2:databases/ldb25 +PLIST_SUB+= SAMBA4_BUNDLED_LDB="@comment " +SUB_LIST+= SAMBA4_BUNDLED_LDB="@comment " +SAMBA4_MODULEDIR= ${PREFIX}/lib/shared-modules +.endif + +.if (defined(SAMBA4_BUNDLED_TALLOC) && ${SAMBA4_BUNDLED_TALLOC} == yes) \ + || (defined(SAMBA4_BUNDLED_TDB) && ${SAMBA4_BUNDLED_TDB} == yes) \ + || (defined(SAMBA4_BUNDLED_LDB) && ${SAMBA4_BUNDLED_LDB} == yes) \ + || (defined(SAMBA4_BUNDLED_TEVENT) && ${SAMBA4_BUNDLED_TEVENT} == yes) +SAMBA4_BUNDLED_LIBS+= replace +.endif +# Don't use external libcom_err +SAMBA4_BUNDLED_LIBS+= com_err +# Set the test environment variables +TEST_USES= python +TEST_ENV= PYTHON="${PYTHON_CMD}" \ + SHA1SUM=/sbin/sha1 \ + SHA256SUM=/sbin/sha256 \ + MD5SUM=/sbin/md5 \ + PYTHONDONTWRITEBYTECODE=1 + +TEST_DEPENDS= bash:shells/bash \ + tshark:net/wireshark@nox11 +# External Python modules +TEST_BUILD_DEPENDS= ${PYTHON_PKGNAMEPREFIX}iso8601>=0.1.11:devel/py-iso8601@${PY_FLAVOR} +TEST_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}iso8601>=0.1.11:devel/py-iso8601@${PY_FLAVOR} +############################################################################## +CONFIGURE_ARGS+= \ + --with-pam \ + --with-iconv \ + --with-winbind \ + --with-regedit \ + --disable-rpath \ + --without-lttng \ + --without-gettext \ + --enable-pthreadpool \ + --without-fake-kaserver \ + --without-systemd \ + --with-libarchive \ + --with-acl-support \ + --with-sendfile-support \ + --disable-ctdb-tests +# ${ICONV_CONFIGURE_BASE} +############################################################################## +FRUIT_PREVENTS= ZEROCONF_NONE +FRUIT_PREVENTS_MSG= MacOSX support requires Zeroconf(AVAHI or MDNSRESPONDER) +FRUIT_VARS= SAMBA4_MODULES+=vfs_fruit +FRUIT_PLIST_FILES= share/man/man8/vfs_fruit.8.gz + +GLUSTERFS_CONFIGURE_ENABLE= glusterfs +GLUSTERFS_LIB_DEPENDS= libglusterfs.so:net/glusterfs +GLUSTERFS_VARS= SAMBA4_MODULES+=vfs_glusterfs +GLUSTERFS_PLIST_FILES= share/man/man8/vfs_glusterfs.8.gz + +ZEROCONF_NONE_MAKE_ENV= ZEROCONF=none +############################################################################## +AVAHI_CONFIGURE_ENABLE= avahi +AVAHI_LIB_DEPENDS= libavahi-client.so:net/avahi-app +AVAHI_VARS= SAMBA4_SERVICES+=avahi_daemon + +MDNSRESPONDER_CONFIGURE_ENABLE= dnssd +MDNSRESPONDER_LIB_DEPENDS= libdns_sd.so:net/mDNSResponder +MDNSRESPONDER_VARS= SAMBA4_SERVICES+=mdnsd +############################################################################## +MEMORY_DEBUG_IMPLIES= DEBUG +MEMORY_DEBUG_CONFIGURE_ENV= ADDITIONAL_CFLAGS="-DENABLE_JEMALLOC `pkg-config --cflags jemalloc`" ADDITIONAL_LDFLAGS="`pkg-config --libs jemalloc`" +MEMORY_DEBUG_LIB_DEPENDS= libjemalloc.so.2:devel/jemalloc +# https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=194046 +GDB_CMD?= ${LOCALBASE}/bin/gdb +# https://bugzilla.samba.org/show_bug.cgi?id=8969 +PICKY_DEVELOPER_IMPLIES= DEVELOPER +PICKY_DEVELOPER_CONFIGURE_ON= --picky-developer + +DEVELOPER_CONFIGURE_ON= --enable-developer --enable-selftest --abi-check-disable +DEVELOPER_CONFIGURE_ENV= WAF_CMD_FORMAT=string +DEVELOPER_BUILD_DEPENDS= ${SAMBA4_LMDB_DEPENDS} \ + ${GDB_CMD}:devel/gdb +DEVELOPER_RUN_DEPENDS= ${SAMBA4_LMDB_DEPENDS} +DEVELOPER_TEST_DEPENDS= ${GDB_CMD}:devel/gdb +DEVELOPER_VARS_OFF= GDB_CMD=true +############################################################################## +AD_DC_IMPLIES= PYTHON3 +AD_DC_CONFIGURE_OFF= --without-ad-dc +AD_DC_BUILD_DEPENDS= ${SAMBA4_LMDB_DEPENDS} +AD_DC_RUN_DEPENDS= ${SAMBA4_LMDB_DEPENDS} +AD_DC_VARS= PLIST+=${PKGDIR}/pkg-plist.ad_dc +# samba-tool requires those for *upgrade +AD_DC_BUILD_DEPENDS+= ${PYTHON_PKGNAMEPREFIX}markdown>=3.3.7:textproc/py-markdown@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}dnspython>=2.2.1:dns/py-dnspython@${PY_FLAVOR} +AD_DC_RUN_DEPENDS+= ${PYTHON_PKGNAMEPREFIX}markdown>=3.3.7:textproc/py-markdown@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}dnspython>=2.2.1:dns/py-dnspython@${PY_FLAVOR} + +ADS_IMPLIES= LDAP +ADS_CONFIGURE_WITH= ads + +CLUSTER_CONFIGURE_WITH= cluster-support +CLUSTER_VARS= PLIST+=${PKGDIR}/pkg-plist.cluster + +CUPS_CONFIGURE_ENABLE= cups iprint +CUPS_LIB_DEPENDS= libcups.so:print/cups +# https://bugzilla.samba.org/show_bug.cgi?id=9545 +FAM_USES= fam +FAM_CONFIGURE_WITH= fam + +GPGME_CONFIGURE_WITH= gpgme +GPGME_LIB_DEPENDS= libgpgme.so:security/gpgme +GPGME_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}gpgme>=1.14.0:security/py-gpgme@${PY_FLAVOR} + +GSSAPI_BUILTIN_USES= bison +GSSAPI_BUILTIN_BUILD_DEPENDS= p5-JSON>=4.0:converters/p5-JSON + +GSSAPI_MIT_CONFIGURE_ON= --with-system-mitkrb5 ${GSSAPIBASEDIR} \ + --with-system-mitkdc=${GSSAPIBASEDIR}/sbin/krb5kdc \ + --with-experimental-mit-ad-dc +GSSAPI_MIT_USES= gssapi:mit + +GSSAPI_HEIMDAL_CONFIGURE_ON= --with-system-heimdalkrb5 ${GSSAPIBASEDIR} +GSSAPI_HEIMDAL_USES= gssapi:heimdal +GSSAPI_HEIMDAL_PREVENTS= AD_DC +GSSAPI_HEIMDAL_PREVENTS_MSG= GSSAPI_HEIMDAL and AD_DC enable conflicting options + +LDAP_CONFIGURE_WITH= ldap +LDAP_CONFIGURE_ON= --with-openldap=${LOCALBASE} +LDAP_USES= ldap +LDAP_VARS= SAMBA4_MODULES+=idmap_ldap + +LIBZFS_CONFIGURE_WITH= libzfs +LIBZFS_VARS= SAMBA4_MODULES+=vfs_zfs_space + +MANDOC_BUILD_DEPENDS= ${LOCALBASE}/share/xsl/docbook/manpages/docbook.xsl:textproc/docbook-xsl \ + xsltproc:textproc/libxslt +MANDOC_CONFIGURE_ENV_OFF= XSLTPROC="true" + +PROFILE_CONFIGURE_WITH= profiling-data + +QUOTAS_CONFIGURE_WITH= quotas + +SPOTLIGHT_CONFIGURE_ENABLE= spotlight +SPOTLIGHT_BUILD_DEPENDS= tracker>=1.4.1:sysutils/tracker +SPOTLIGHT_RUN_DEPENDS= tracker>=1.4.1:sysutils/tracker +# ICU +SPOTLIGHT_LIB_DEPENDS= libicuuc.so:devel/icu +SPOTLIGHT_USES= bison gnome +SPOTLIGHT_USE= gnome=glib20 + +SYSLOG_CONFIGURE_WITH= syslog + +UTMP_CONFIGURE_WITH= utmp + +############################################################################## +.include <bsd.port.options.mk> +############################################################################## +.if ${OPSYS} == FreeBSD && ${OSVERSION} < 1300076 +IGNORE=runs only on FreeBSD 13.1 and above due use of O_EMPTY_PATH +.endif + +.if !${PORT_OPTIONS:MADS} && ${PORT_OPTIONS:MAD_DC} +IGNORE=To disable ADS option you also need to disable AD_DC option +.endif + +.if !defined(WANT_EXP_MODULES) || empty(WANT_EXP_MODULES) +WANT_EXP_MODULES= vfs_cacheprime +.endif + +.if ${WANT_EXP_MODULES:Mvfs_snapper} +# snapper needs dbus +LIB_DEPENDS+= libdbus-1.so:devel/dbus +LIB_DEPENDS+= libdbus-glib-1.so:devel/dbus-glib +.endif + +SAMBA4_MODULES+= krb5_async_dns_krb5_locator krb5_winbind_krb5_locator idmap_nss idmap_autorid \ + idmap_rid idmap_hash idmap_tdb idmap_tdb2 idmap_script \ + nss-info_hash +# List of extra modules taken from RHEL build +# https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=197320 +.if ${PORT_OPTIONS:MADS} +SAMBA4_MODULES+= idmap_ad idmap_rfc2307 nss-info_template \ + nss-info_rfc2307 nss-info_sfu nss-info_sfu20 +.endif +# This kind of special for this distribution +SAMBA4_MODULES+= vfs_freebsd + +SAMBA4_MODULES+= vfs_acl_tdb vfs_acl_xattr vfs_aio_fork vfs_aio_pthread \ + vfs_audit vfs_cap vfs_catia vfs_commit vfs_crossrename \ + vfs_default_quota vfs_dirsort vfs_expand_msdfs \ + vfs_extd_audit vfs_fake_perms vfs_full_audit \ + vfs_linux_xfs_sgid vfs_media_harmony vfs_offline \ + vfs_preopen vfs_readahead vfs_readonly vfs_recycle \ + vfs_shadow_copy vfs_shadow_copy2 vfs_shell_snap \ + vfs_streams_depot vfs_streams_xattr vfs_syncops \ + vfs_time_audit vfs_unityed_media vfs_virusfilter \ + vfs_widelinks vfs_worm vfs_xattr_tdb vfs_zfsacl + +.if ${PORT_OPTIONS:MDEVELOPER} +SAMBA4_MODULES+= auth_skel pdb_test gpext_security gpext_registry \ + gpext_scripts perfcount_test vfs_fake_dfq \ + vfs_skel_opaque vfs_skel_transparent \ + vfs_shadow_copy_test vfs_fake_acls \ + vfs_nfs4acl_xattr vfs_error_inject vfs_delay_inject +.endif +# Python bindings +.if ! ${PORT_OPTIONS:MPYTHON3} || defined(NO_PYTHON) +USES+= python:build,test +CONFIGURE_ARGS+= --disable-python +.else +USES+= python +PLIST+= ${PKGDIR}/pkg-plist.python +# Don't cache Python modules +CONFIGURE_ARGS+= --nopycache +MAKE_ENV+= PYTHONDONTWRITEBYTECODE=1 + +. if defined(SAMBA4_BUNDLED_TALLOC) && ${SAMBA4_BUNDLED_TALLOC} == yes +SAMBA4_BUNDLED_LIBS+= pytalloc-util +. else +SAMBA4_BUNDLED_LIBS+= !pytalloc-util +. endif + +. if defined(SAMBA4_BUNDLED_TEVENT) && ${SAMBA4_BUNDLED_TEVENT} == yes +SAMBA4_BUNDLED_LIBS+= pytevent +. else +SAMBA4_BUNDLED_LIBS+= !pytevent +. endif + +. if defined(SAMBA4_BUNDLED_TDB) && ${SAMBA4_BUNDLED_TDB} == yes +SAMBA4_BUNDLED_LIBS+= pytdb +. else +SAMBA4_BUNDLED_LIBS+= !pytdb +. endif + +. if defined(SAMBA4_BUNDLED_LDB) && ${SAMBA4_BUNDLED_LDB} == yes +SAMBA4_BUNDLED_LIBS+= pyldb pyldb-util +. else +SAMBA4_BUNDLED_LIBS+= !pyldb !pyldb-util +. endif +.endif + +.if defined(WANT_EXP_MODULES) && !empty(WANT_EXP_MODULES) +SAMBA4_MODULES+= ${WANT_EXP_MODULES} +.endif + +.if defined(SAMBA4_BUNDLED_LIBS) && !empty(SAMBA4_BUNDLED_LIBS) +CONFIGURE_ARGS+= --bundled-libraries="${SAMBA4_BUNDLED_LIBS:Q:C|(\\\\ )+|,|g:S|\\||g}" +.endif + +.if defined(SAMBA4_MODULES) && !empty(SAMBA4_MODULES) +CONFIGURE_ARGS+= --with-shared-modules="${SAMBA4_MODULES:C|-|_|:Q:C|(\\\\ )+|,|g:S|\\||g}" +.endif +# XXX: Hack for nss-info_* -> nss_info/* modules +# Add selected modules to the plist +.for module in ${SAMBA4_MODULES} +PLIST_FILES+= ${SAMBA4_MODULEDIR}/${module:C|_|/|:C|-|_|}.so +.endfor + +.for module_class in ${SAMBA4_MODULES_CLASS} +PLIST_DIRS+= ${SAMBA4_MODULEDIR}/${module_class} +.endfor +PLIST_DIRS+= ${SAMBA4_MODULEDIR} + +.if defined(WITH_DEBUG) +CONFIGURE_ARGS+= --verbose --enable-debug +MAKE_ARGS+= --verbose +DEBUG_FLAGS?= -g -ggdb3 -O0 +.endif + +############################################################################## +.include <bsd.port.pre.mk> +############################################################################## +# Only for 64-bit architectures +.if ${ARCH} != armv6 && ${ARCH} != armv7 && ${ARCH} != i386 && ${ARCH} != mips && ${ARCH} != powerpc && ${ARCH} != powerpcspe +. if defined(SAMBA4_BUNDLED_LDB) && ${SAMBA4_BUNDLED_LDB} == yes && (${PORT_OPTIONS:MAD_DC} || ${PORT_OPTIONS:MDEVELOPER}) +# LMDB +SAMBA4_LMDB_DEPENDS= lmdb>=0.9.16:databases/lmdb +PLIST_FILES+= ${SAMBA4_LIBDIR}/private/libldb-mdb-int-samba4.so \ + ${SAMBA4_MODULEDIR}/ldb/mdb.so +. endif +.endif + +.if ${PORT_OPTIONS:MGSSAPI_MIT} +PLIST_FILES+= ${SAMBA4_MODULEDIR}/krb5/winbind_krb5_localauth.so \ + share/man/man8/winbind_krb5_localauth.8.gz +. if ${PORT_OPTIONS:MAD_DC} +PLIST_FILES+= ${SAMBA4_LIBDIR}/krb5/plugins/kdb/samba.so +. endif +.endif +# for libexecinfo: (so that __builtin_frame_address() finds the top of the stack) +CFLAGS_amd64+= -fno-omit-frame-pointer +# No fancy color error messages +CFLAGS+= ${CFLAGS_${CHOSEN_COMPILER_TYPE}} +CFLAGS_clang= -fno-color-diagnostics +CONFIGURE_ENV+= NOCOLOR=yes WAF_LOG_FORMAT='%(c1)s%(zone)s%(c2)s %(message)s' +MAKE_ENV+= NOCOLOR=yes WAF_LOG_FORMAT='%(c1)s%(zone)s%(c2)s %(message)s' +# Allow rpcgen to find proper CPP +MAKE_ENV+= RPCGEN_CPP="${CPP}" +#.if ${readline_ARGS} == port +#CFLAGS+= -D_FUNCTION_DEF +#.endif +# Some symbols in samba's linker version scripts are not defined, but since the +# scripts are generated dynamically, suppress errors with lld >= 17 due to these +# undefined symbols. +LDFLAGS+= -Wl,--undefined-version + +SAMBA4_SUB= SAMBA4_LOGDIR="${SAMBA4_LOGDIR}" \ + SAMBA4_RUNDIR="${SAMBA4_RUNDIR}" \ + SAMBA4_LOCKDIR="${SAMBA4_LOCKDIR}" \ + SAMBA4_LIBDIR="${SAMBA4_LIBDIR}" \ + SAMBA4_MODULEDIR="${SAMBA4_MODULEDIR}" \ + SAMBA4_BINDDNSDIR="${SAMBA4_BINDDNSDIR}" \ + SAMBA4_PRIVATEDIR="${SAMBA4_PRIVATEDIR}" \ + SAMBA4_CONFDIR="${SAMBA4_CONFDIR}" \ + SAMBA4_CONFIG="${SAMBA4_CONFIG}" \ + SAMBA4_SERVICES="${SAMBA4_SERVICES}" + +PLIST_SUB+= ${SAMBA4_SUB} +SUB_LIST+= ${SAMBA4_SUB} + +USE_RC_SUBR= samba_server +SUB_FILES= pkg-message README.FreeBSD + +PORTDOCS= README.FreeBSD + +post-extract: + @${RM} -r ${WRKSRC}/pidl/lib/Parse/Yapp + +post-patch: + @${REINPLACE_CMD} -e 's|$${PKGCONFIGDIR}|${PKGCONFIGDIR}|g' \ + ${PATCH_WRKSRC}/buildtools/wafsamba/pkgconfig.py + @${REINPLACE_CMD} -e 's|%%LOCALBASE%%|${LOCALBASE}|g' \ + ${PATCH_WRKSRC}/buildtools/wafsamba/wafsamba.py + @${REINPLACE_CMD} -e 's|%%GDB_CMD%%|${GDB_CMD}|g' \ + ${PATCH_WRKSRC}/buildtools/scripts/abi_gen.sh + @${REINPLACE_CMD} -e 's|%%SAMBA4_CONFIG%%|${SAMBA4_CONFIG}|g' \ + ${PATCH_WRKSRC}/dynconfig/wscript + +# Use threading (or multiprocessing) but not thread (renamed in python 3+). +pre-configure: +.if (!${PORT_OPTIONS:MPYTHON3} || defined(NO_PYTHON)) && ${PORT_OPTIONS:MAD_DC} + @${ECHO_CMD}; \ + ${ECHO_MSG} "===> AD_DC option requires PYTHON3 to be set"; \ + ${ECHO_CMD}; \ + ${FALSE} +.endif + +pre-build-MANDOC-off: + ${MKDIR} ${BUILD_WRKSRC}/bin/default/docs-xml/ + ${CP} -rp ${BUILD_WRKSRC}/docs/manpages ${BUILD_WRKSRC}/bin/default/docs-xml/ +.for man in libcli/nbt/man/nmblookup4.1 \ + librpc/tools/ndrdump.1 \ + source4/lib/registry/man/regdiff.1 \ + source4/lib/registry/man/regpatch.1 \ + source4/lib/registry/man/regshell.1 \ + source4/lib/registry/man/regtree.1 \ + source4/scripting/man/samba-gpupdate.8 \ + source4/torture/man/gentest.1 \ + source4/torture/man/locktest.1 \ + source4/torture/man/masktest.1 \ + source4/torture/man/smbtorture.1 \ + source4/utils/man/ntlm_auth4.1 \ + source4/utils/oLschema2ldif/oLschema2ldif.1 \ + lib/tdb/man/tdbdump.8 \ + lib/tdb/man/tdbbackup.8 \ + lib/tdb/man/tdbtool.8 \ + lib/talloc/man/talloc.3 \ + lib/tdb/man/tdbrestore.8 \ + lib/ldb/man/ldb.3 \ + lib/ldb/man/ldbadd.1 \ + lib/ldb/man/ldbdel.1 \ + lib/ldb/man/ldbedit.1 \ + lib/ldb/man/ldbmodify.1 \ + lib/ldb/man/ldbrename.1 \ + lib/ldb/man/ldbsearch.1 \ + docs-xml/manpages/vfs_freebsd.8 + ${MKDIR} `dirname ${BUILD_WRKSRC}/bin/default/${man}` + ${INSTALL_MAN} ${FILESDIR}/man/`basename ${man}` ${BUILD_WRKSRC}/bin/default/${man} +.endfor +.if ${PORT_OPTIONS:MCLUSTER} + ${MKDIR} ${BUILD_WRKSRC}/bin/default/ctdb/ +. for man in ctdb_diagnostics.1 ctdb.1 ctdbd_wrapper.1 ctdbd.1 ltdbtool.1 onnode.1 ping_pong.1 \ + ctdb.conf.5 ctdb.sysconfig.5 ctdb-script.options.5 \ + ctdb.7 ctdb-statistics.7 ctdb-tunables.7 + ${INSTALL_MAN} ${FILESDIR}/man/${man} ${BUILD_WRKSRC}/bin/default/ctdb/ +. endfor +.endif + +post-install-rm-junk: + ${RM} -r ${STAGEDIR}${PYTHON_SITELIBDIR}/samba/third_party + ${FIND} ${STAGEDIR}${PYTHON_SITELIBDIR} -name __pycache__ \ + -type d -print0 | ${XARGS} -0 -n 1 -t ${RM} -r + ${FIND} ${STAGEDIR} -type f -empty -delete + +post-install-fix-manpages: +.for f in vfs_aio_linux.8 vfs_btrfs.8 vfs_ceph.8 vfs_gpfs.8 + ${RM} ${STAGEDIR}${PREFIX}/share/man/man8/${f} +.endfor +.if defined(SAMBA4_BUNDLED_LDB) && ${SAMBA4_BUNDLED_LDB} == yes +. for f in ldbadd.1 ldbdel.1 ldbedit.1 ldbmodify.1 ldbrename.1 ldbsearch.1 + ${MV} ${STAGEDIR}${PREFIX}/share/man/man1/${f} ${STAGEDIR}${PREFIX}/share/man/man1/samba-${f} +. endfor +.endif +.if defined(SAMBA4_BUNDLED_TDB) && ${SAMBA4_BUNDLED_TDB} == yes +. for f in tdbbackup.8 tdbdump.8 tdbrestore.8 tdbtool.8 + ${MV} ${STAGEDIR}${PREFIX}/share/man/man8/${f} ${STAGEDIR}${PREFIX}/share/man/man8/samba-${f} +. endfor +.endif + +post-install: post-install-rm-junk post-install-fix-manpages + ${LN} -sf smb.conf.5.gz ${STAGEDIR}${PREFIX}/share/man/man5/smb4.conf.5.gz +# Run post-install script +.for dir in ${SAMBA4_LOGDIR} ${SAMBA4_RUNDIR} ${SAMBA4_LOCKDIR} ${SAMBA4_MODULEDIR} + ${INSTALL} -d -m 0755 "${STAGEDIR}${dir}" +.endfor + ${INSTALL} -d -m 0750 "${STAGEDIR}${SAMBA4_BINDDNSDIR}" + ${INSTALL} -d -m 0750 "${STAGEDIR}${SAMBA4_PRIVATEDIR}" +.for module_class in ${SAMBA4_MODULES_CLASS} + ${INSTALL} -d -m 0755 "${STAGEDIR}${SAMBA4_MODULEDIR}/${module_class}" +.endfor +.if !defined(WITH_DEBUG) + -${FIND} ${STAGEDIR}${PREFIX}/bin ${STAGEDIR}${PREFIX}/sbin ${STAGEDIR}${PREFIX}/libexec \ + -type f -print0 | ${XARGS} -0 -n 1 -t ${STRIP_CMD} + -${FIND} ${STAGEDIR}${PREFIX}/lib -name '*.so*' \ + -type f -print0 | ${XARGS} -0 -n 1 -t ${STRIP_CMD} +.endif + +post-install-FRUIT-off: + ${RM} ${STAGEDIR}${SAMBA4_MODULEDIR}/vfs/fruit.so + ${RM} ${STAGEDIR}${PREFIX}/share/man/man8/vfs_fruit.8 + +post-install-DOCS-on: + ${MKDIR} ${STAGEDIR}${DOCSDIR} +.for doc in ${PORTDOCS} + ${INSTALL_DATA} ${WRKDIR}/${doc} ${STAGEDIR}${DOCSDIR} +.endfor + +post-install-CLUSTER-on: + ${LN} -nfs ../../../../share/ctdb/events/legacy/00.ctdb.script ${STAGEDIR}${PREFIX}/etc/ctdb/events/legacy/00.ctdb.script + ${LN} -nfs ../../../../share/ctdb/events/legacy/10.interface.script ${STAGEDIR}${PREFIX}/etc/ctdb/events/legacy/10.interface.script + ${LN} -nfs ../../../../share/ctdb/events/legacy/05.system.script ${STAGEDIR}${PREFIX}/etc/ctdb/events/legacy/05.system.script + ${LN} -nfs ../../../../share/ctdb/events/legacy/01.reclock.script ${STAGEDIR}${PREFIX}/etc/ctdb/events/legacy/01.reclock.script + +.include <bsd.port.post.mk> diff --git a/net/samba419/distinfo b/net/samba419/distinfo new file mode 100644 index 000000000000..6f25c656ce50 --- /dev/null +++ b/net/samba419/distinfo @@ -0,0 +1,3 @@ +TIMESTAMP = 1705944756 +SHA256 (samba-4.19.4.tar.gz) = 4026d93b866db198c8ca1685b0f5d52793f65c6e63cb364163af661fdff0968c +SIZE (samba-4.19.4.tar.gz) = 41839810 diff --git a/net/samba419/files/0001-Compact-and-simplify-modules-build-and-config-genera.patch b/net/samba419/files/0001-Compact-and-simplify-modules-build-and-config-genera.patch new file mode 100644 index 000000000000..b4bc56519f7e --- /dev/null +++ b/net/samba419/files/0001-Compact-and-simplify-modules-build-and-config-genera.patch @@ -0,0 +1,292 @@ +From 05e3cc236406680a55e19b204202b63cdaf48ea1 Mon Sep 17 00:00:00 2001 +From: "Timur I. Bakeyev" <timur@FreeBSD.org> +Date: Mon, 1 Aug 2022 04:15:43 +0200 +Subject: [PATCH 01/28] Compact and simplify modules build and config + generation for Bind 9.x AD DLZ. + +Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org> +--- + python/samba/provision/sambadns.py | 68 ++++++++++++------------------ + source4/dns_server/dlz_minimal.h | 44 +++++++++---------- + source4/dns_server/wscript_build | 62 +++------------------------ + source4/setup/named.conf.dlz | 25 +---------- + source4/torture/dns/wscript_build | 2 +- + 5 files changed, 55 insertions(+), 146 deletions(-) + +diff --git a/python/samba/provision/sambadns.py b/python/samba/provision/sambadns.py +index 404b346a885..8e5a8ba5f25 100644 +--- a/python/samba/provision/sambadns.py ++++ b/python/samba/provision/sambadns.py +@@ -21,6 +21,7 @@ + """DNS-related provisioning""" + + import os ++import re + import uuid + import shutil + import time +@@ -1010,52 +1011,37 @@ def create_named_conf(paths, realm, dnsdomain, dns_backend, logger): + stderr=subprocess.STDOUT, + cwd='.').communicate()[0] + bind_info = get_string(bind_info) +- bind9_8 = '#' +- bind9_9 = '#' +- bind9_10 = '#' +- bind9_11 = '#' +- bind9_12 = '#' +- bind9_14 = '#' +- bind9_16 = '#' +- bind9_18 = '#' +- if bind_info.upper().find('BIND 9.8') != -1: +- bind9_8 = '' +- elif bind_info.upper().find('BIND 9.9') != -1: +- bind9_9 = '' +- elif bind_info.upper().find('BIND 9.10') != -1: +- bind9_10 = '' +- elif bind_info.upper().find('BIND 9.11') != -1: +- bind9_11 = '' +- elif bind_info.upper().find('BIND 9.12') != -1: +- bind9_12 = '' +- elif bind_info.upper().find('BIND 9.14') != -1: +- bind9_14 = '' +- elif bind_info.upper().find('BIND 9.16') != -1: +- bind9_16 = '' +- elif bind_info.upper().find('BIND 9.18') != -1: +- bind9_18 = '' +- elif bind_info.upper().find('BIND 9.7') != -1: +- raise ProvisioningError("DLZ option incompatible with BIND 9.7.") +- elif bind_info.upper().find('BIND_9.13') != -1: +- raise ProvisioningError("Only stable/esv releases of BIND are supported.") +- elif bind_info.upper().find('BIND_9.15') != -1: +- raise ProvisioningError("Only stable/esv releases of BIND are supported.") +- elif bind_info.upper().find('BIND_9.17') != -1: +- raise ProvisioningError("Only stable/esv releases of BIND are supported.") ++ bind9_release = re.search('BIND (9)\.(\d+)\.', bind_info, re.I) ++ if bind9_release: ++ bind9_disabled = '' ++ bind9_version = bind9_release.group(0) + "x" ++ bind9_version_major = int(bind9_release.group(1)) ++ bind9_version_minor = int(bind9_release.group(2)) ++ if bind9_version_minor == 7: ++ raise ProvisioningError("DLZ option incompatible with BIND 9.7.") ++ elif bind9_version_minor == 8: ++ bind9_dlz_version = "9" ++ elif bind9_version_minor in [13, 15, 17]: ++ raise ProvisioningError("Only stable/esv releases of BIND are supported.") ++ else: ++ bind9_dlz_version = "%d_%d" % (bind9_version_major, bind9_version_minor) + else: ++ bind9_disabled = '# ' ++ bind9_version = "BIND z.y.x" ++ bind9_dlz_version = "z_y" + logger.warning("BIND version unknown, please modify %s manually." % paths.namedconf) ++ ++ bind9_dlz = ( ++ ' # For %s\n' ++ ' %sdatabase "dlopen %s/bind9/dlz_bind%s.so";' ++ ) % ( ++ bind9_version, bind9_disabled, samba.param.modules_dir(), bind9_dlz_version ++ ) + setup_file(setup_path("named.conf.dlz"), paths.namedconf, { + "NAMED_CONF": paths.namedconf, + "MODULESDIR": samba.param.modules_dir(), +- "BIND9_8": bind9_8, +- "BIND9_9": bind9_9, +- "BIND9_10": bind9_10, +- "BIND9_11": bind9_11, +- "BIND9_12": bind9_12, +- "BIND9_14": bind9_14, +- "BIND9_16": bind9_16, +- "BIND9_18": bind9_18 +- }) ++ "BIND9_DLZ": bind9_dlz ++ }) + + + def create_named_txt(path, realm, dnsdomain, dnsname, binddns_dir, +diff --git a/source4/dns_server/dlz_minimal.h b/source4/dns_server/dlz_minimal.h +index b7e36e7f8e6..bbdb616deb2 100644 +--- a/source4/dns_server/dlz_minimal.h ++++ b/source4/dns_server/dlz_minimal.h +@@ -26,31 +26,25 @@ + #include <stdint.h> + #include <stdbool.h> + +-#if defined (BIND_VERSION_9_8) +-# error Bind 9.8 is not supported! +-#elif defined (BIND_VERSION_9_9) +-# error Bind 9.9 is not supported! +-#elif defined (BIND_VERSION_9_10) +-# define DLZ_DLOPEN_VERSION 3 +-# define DNS_CLIENTINFO_VERSION 1 +-# define ISC_BOOLEAN_AS_BOOL 0 +-#elif defined (BIND_VERSION_9_11) +-# define DLZ_DLOPEN_VERSION 3 +-# define DNS_CLIENTINFO_VERSION 2 +-# define ISC_BOOLEAN_AS_BOOL 0 +-#elif defined (BIND_VERSION_9_12) +-# define DLZ_DLOPEN_VERSION 3 +-# define DNS_CLIENTINFO_VERSION 2 +-# define ISC_BOOLEAN_AS_BOOL 0 +-#elif defined (BIND_VERSION_9_14) +-# define DLZ_DLOPEN_VERSION 3 +-# define DNS_CLIENTINFO_VERSION 2 +-#elif defined (BIND_VERSION_9_16) +-# define DLZ_DLOPEN_VERSION 3 +-# define DNS_CLIENTINFO_VERSION 2 +-#elif defined (BIND_VERSION_9_18) +-# define DLZ_DLOPEN_VERSION 3 +-# define DNS_CLIENTINFO_VERSION 2 ++#if defined (BIND_VERSION) ++# if BIND_VERSION == 908 ++# error Bind 9.8 is not supported! ++# elif BIND_VERSION == 909 ++# error Bind 9.9 is not supported! ++# elif BIND_VERSION == 910 ++# define DLZ_DLOPEN_VERSION 3 ++# define DNS_CLIENTINFO_VERSION 1 ++# define ISC_BOOLEAN_AS_BOOL 0 ++# elif BIND_VERSION == 911 || BIND_VERSION == 912 ++# define DLZ_DLOPEN_VERSION 3 ++# define DNS_CLIENTINFO_VERSION 2 ++# define ISC_BOOLEAN_AS_BOOL 0 ++# elif BIND_VERSION >= 914 ++# define DLZ_DLOPEN_VERSION 3 ++# define DNS_CLIENTINFO_VERSION 2 ++# else ++# error Unsupported BIND version ++# endif + #else + # error Unsupported BIND version + #endif +diff --git a/source4/dns_server/wscript_build b/source4/dns_server/wscript_build +index ab0a241b937..3743753504c 100644 +--- a/source4/dns_server/wscript_build ++++ b/source4/dns_server/wscript_build +@@ -20,69 +20,21 @@ bld.SAMBA_MODULE('service_dns', + ) + + # a bind9 dlz module giving access to the Samba DNS SAM +-bld.SAMBA_LIBRARY('dlz_bind9_10', ++for bind_version in (910, 911, 912, 914, 916, 918): ++ string_version='%d_%d' % (bind_version // 100, bind_version % 100) ++ bld.SAMBA_LIBRARY('dlz_bind%s' % (string_version), + source='dlz_bind9.c', +- cflags='-DBIND_VERSION_9_10', ++ cflags='-DBIND_VERSION=%d' % bind_version, + private_library=True, +- link_name='modules/bind9/dlz_bind9_10.so', +- realname='dlz_bind9_10.so', +- install_path='${MODULESDIR}/bind9', +- deps='samba-hostconfig samdb-common gensec popt dnsserver_common', +- enabled=bld.AD_DC_BUILD_IS_ENABLED()) +- +-bld.SAMBA_LIBRARY('dlz_bind9_11', +- source='dlz_bind9.c', +- cflags='-DBIND_VERSION_9_11', +- private_library=True, +- link_name='modules/bind9/dlz_bind9_11.so', +- realname='dlz_bind9_11.so', +- install_path='${MODULESDIR}/bind9', +- deps='samba-hostconfig samdb-common gensec popt dnsserver_common', +- enabled=bld.AD_DC_BUILD_IS_ENABLED()) +- +-bld.SAMBA_LIBRARY('dlz_bind9_12', +- source='dlz_bind9.c', +- cflags='-DBIND_VERSION_9_12', +- private_library=True, +- link_name='modules/bind9/dlz_bind9_12.so', +- realname='dlz_bind9_12.so', +- install_path='${MODULESDIR}/bind9', +- deps='samba-hostconfig samdb-common gensec popt dnsserver_common', +- enabled=bld.AD_DC_BUILD_IS_ENABLED()) +- +-bld.SAMBA_LIBRARY('dlz_bind9_14', +- source='dlz_bind9.c', +- cflags='-DBIND_VERSION_9_14', +- private_library=True, +- link_name='modules/bind9/dlz_bind9_14.so', +- realname='dlz_bind9_14.so', +- install_path='${MODULESDIR}/bind9', +- deps='samba-hostconfig samdb-common gensec popt dnsserver_common', +- enabled=bld.AD_DC_BUILD_IS_ENABLED()) +- +-bld.SAMBA_LIBRARY('dlz_bind9_16', +- source='dlz_bind9.c', +- cflags='-DBIND_VERSION_9_16', +- private_library=True, +- link_name='modules/bind9/dlz_bind9_16.so', +- realname='dlz_bind9_16.so', +- install_path='${MODULESDIR}/bind9', +- deps='samba-hostconfig samdb-common gensec popt dnsserver_common', +- enabled=bld.AD_DC_BUILD_IS_ENABLED()) +- +-bld.SAMBA_LIBRARY('dlz_bind9_18', +- source='dlz_bind9.c', +- cflags='-DBIND_VERSION_9_18', +- private_library=True, +- link_name='modules/bind9/dlz_bind9_18.so', +- realname='dlz_bind9_18.so', ++ link_name='modules/bind9/dlz_bind%s.so' % (string_version), ++ realname='dlz_bind%s.so' % (string_version), + install_path='${MODULESDIR}/bind9', + deps='samba-hostconfig samdb-common gensec popt dnsserver_common', + enabled=bld.AD_DC_BUILD_IS_ENABLED()) + + bld.SAMBA_LIBRARY('dlz_bind9_for_torture', + source='dlz_bind9.c', +- cflags='-DBIND_VERSION_9_16', ++ cflags='-DBIND_VERSION=918', + private_library=True, + deps='samba-hostconfig samdb-common gensec popt dnsserver_common', + enabled=bld.AD_DC_BUILD_IS_ENABLED()) +diff --git a/source4/setup/named.conf.dlz b/source4/setup/named.conf.dlz +index cbe7d805f58..32672768af4 100644 +--- a/source4/setup/named.conf.dlz ++++ b/source4/setup/named.conf.dlz +@@ -10,28 +10,5 @@ + # Uncomment only single database line, depending on your BIND version + # + dlz "AD DNS Zone" { +- # For BIND 9.8.x +- ${BIND9_8} database "dlopen ${MODULESDIR}/bind9/dlz_bind9.so"; +- +- # For BIND 9.9.x +- ${BIND9_9} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_9.so"; +- +- # For BIND 9.10.x +- ${BIND9_10} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_10.so"; +- +- # For BIND 9.11.x +- ${BIND9_11} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_11.so"; +- +- # For BIND 9.12.x +- ${BIND9_12} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_12.so"; +- +- # For BIND 9.14.x +- ${BIND9_14} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_14.so"; +- +- # For BIND 9.16.x +- ${BIND9_16} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_16.so"; +- # +- # For BIND 9.18.x +- ${BIND9_18} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_18.so"; ++${BIND9_DLZ} + }; +- +diff --git a/source4/torture/dns/wscript_build b/source4/torture/dns/wscript_build +index 0b40e03e370..bf7415ff88a 100644 +--- a/source4/torture/dns/wscript_build ++++ b/source4/torture/dns/wscript_build +@@ -5,7 +5,7 @@ if bld.AD_DC_BUILD_IS_ENABLED(): + source='dlz_bind9.c', + subsystem='smbtorture', + init_function='torture_bind_dns_init', +- cflags='-DBIND_VERSION_9_16', ++ cflags='-DBIND_VERSION=918', + deps='torture talloc torturemain dlz_bind9_for_torture', + internal_module=True + ) +-- +2.37.1 + diff --git a/net/samba419/files/0002-Adjust-abi_gen.sh-script-to-run-under-FreeBSD-with-i.patch b/net/samba419/files/0002-Adjust-abi_gen.sh-script-to-run-under-FreeBSD-with-i.patch new file mode 100644 index 000000000000..fec7b9d07172 --- /dev/null +++ b/net/samba419/files/0002-Adjust-abi_gen.sh-script-to-run-under-FreeBSD-with-i.patch @@ -0,0 +1,35 @@ +From 639b8d650685476016a6d5b1c996a04ac54f8a6f Mon Sep 17 00:00:00 2001 +From: "Timur I. Bakeyev" <timur@FreeBSD.org> +Date: Sun, 30 May 2021 04:00:08 +0200 +Subject: [PATCH 02/28] Adjust abi_gen.sh script to run under FreeBSD with it's + own bintools and slightly different output of GDB. + +Substitution: yes + +Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org> +--- + buildtools/scripts/abi_gen.sh | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/buildtools/scripts/abi_gen.sh b/buildtools/scripts/abi_gen.sh +index ddb0a7cc36f..d2750705ff9 100755 +--- a/buildtools/scripts/abi_gen.sh ++++ b/buildtools/scripts/abi_gen.sh +@@ -9,6 +9,7 @@ GDBSCRIPT="gdb_syms.$$" + cat <<EOF + set height 0 + set width 0 ++set print sevenbit-strings on + EOF + + # On older linker versions _init|_fini symbols are not hidden. +@@ -22,5 +23,5 @@ done + ) > $GDBSCRIPT + + # forcing the terminal avoids a problem on Fedora12 +-TERM=none gdb -n -batch -x $GDBSCRIPT "$SHAREDLIB" < /dev/null ++TERM=none %%GDB_CMD%% -n -batch -x $GDBSCRIPT "$SHAREDLIB" < /dev/null + rm -f $GDBSCRIPT +-- +2.37.1 + diff --git a/net/samba419/files/0003-Mask-CLang-prototype-warnings-in-kadm5-admin.h.patch b/net/samba419/files/0003-Mask-CLang-prototype-warnings-in-kadm5-admin.h.patch new file mode 100644 index 000000000000..8540609886da --- /dev/null +++ b/net/samba419/files/0003-Mask-CLang-prototype-warnings-in-kadm5-admin.h.patch @@ -0,0 +1,32 @@ +From 382c3edc95a1747e0a6edd05c76adc0ec21a66c7 Mon Sep 17 00:00:00 2001 +From: "Timur I. Bakeyev" <timur@FreeBSD.org> +Date: Sun, 30 May 2021 03:50:17 +0200 +Subject: [PATCH 03/28] Mask CLang prototype warnings in kadm5/admin.h + +Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org> +--- + source4/kdc/kdc-service-mit.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/source4/kdc/kdc-service-mit.c b/source4/kdc/kdc-service-mit.c +index 22663b6ecc8..5bef125206a 100644 +--- a/source4/kdc/kdc-service-mit.c ++++ b/source4/kdc/kdc-service-mit.c +@@ -36,9 +36,13 @@ + #include "kdc/samba_kdc.h" + #include "kdc/kdc-server.h" + #include "kdc/kpasswd-service.h" +-#include <kadm5/admin.h> + #include <kdb.h> + ++#pragma clang diagnostic push ++#pragma clang diagnostic ignored "-Wstrict-prototypes" ++#include <kadm5/admin.h> ++#pragma clang diagnostic pop ++ + #include "source4/kdc/mit_kdc_irpc.h" + + /* PROTOTYPES */ +-- +2.37.1 + diff --git a/net/samba419/files/0004-On-FreeBSD-date-1-has-different-semantics-than-on-Li.patch b/net/samba419/files/0004-On-FreeBSD-date-1-has-different-semantics-than-on-Li.patch new file mode 100644 index 000000000000..4df0249fced2 --- /dev/null +++ b/net/samba419/files/0004-On-FreeBSD-date-1-has-different-semantics-than-on-Li.patch @@ -0,0 +1,38 @@ +From 0eb28116ceefee7bdafabac18a1763f13cb71883 Mon Sep 17 00:00:00 2001 +From: "Timur I. Bakeyev" <timur@FreeBSD.org> +Date: Sun, 30 May 2021 03:42:31 +0200 +Subject: [PATCH 04/28] On FreeBSD `date(1)` has different semantics than on + Linux. Generate call parameter accordingly. + +FreeBSD: `date [[[[[cc]yy]mm]dd]HH]MM[.ss]` +Linux: `date [mmddHHMM[[cc]yy][.ss]]` + +Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org> +--- + source3/utils/net_time.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/source3/utils/net_time.c b/source3/utils/net_time.c +index d102f84614f..f679000a979 100644 +--- a/source3/utils/net_time.c ++++ b/source3/utils/net_time.c +@@ -82,10 +82,15 @@ static const char *systime(time_t t) + if (!tm) { + return "unknown"; + } +- ++#if defined(FREEBSD) ++ return talloc_asprintf(talloc_tos(), "%04d%02d%02d%02d%02d.%02d", ++ tm->tm_year + 1900, tm->tm_mon+1, tm->tm_mday, ++ tm->tm_hour, tm->tm_min, tm->tm_sec); ++#else + return talloc_asprintf(talloc_tos(), "%02d%02d%02d%02d%04d.%02d", + tm->tm_mon+1, tm->tm_mday, tm->tm_hour, + tm->tm_min, tm->tm_year + 1900, tm->tm_sec); ++#endif + } + + int net_time_usage(struct net_context *c, int argc, const char **argv) +-- +2.37.1 + diff --git a/net/samba419/files/0005-Include-jemalloc-jemalloc.h-if-ENABLE_JEMALLOC-is-se.patch b/net/samba419/files/0005-Include-jemalloc-jemalloc.h-if-ENABLE_JEMALLOC-is-se.patch new file mode 100644 index 000000000000..a898a50f9972 --- /dev/null +++ b/net/samba419/files/0005-Include-jemalloc-jemalloc.h-if-ENABLE_JEMALLOC-is-se.patch @@ -0,0 +1,26 @@ +From 3cc67018c560d32b98523618d16902c1a670ed40 Mon Sep 17 00:00:00 2001 +From: "Timur I. Bakeyev" <timur@FreeBSD.org> +Date: Sun, 30 May 2021 03:33:51 +0200 +Subject: [PATCH 05/28] Include jemalloc/jemalloc.h if ENABLE_JEMALLOC is set. + +Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org> +--- + source3/include/includes.h | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/source3/include/includes.h b/source3/include/includes.h +index 510a0b96539..94a076de11e 100644 +--- a/source3/include/includes.h ++++ b/source3/include/includes.h +@@ -326,6 +326,8 @@ typedef char fstring[FSTRING_LEN]; + * the *bottom* of include files so as not to conflict. */ + #ifdef ENABLE_DMALLOC + # include <dmalloc.h> ++#elif ENABLE_JEMALLOC ++# include <jemalloc/jemalloc.h> + #endif + + +-- +2.37.1 + diff --git a/net/samba419/files/0006-Install-nss_-modules-into-PAMMODULESDIR-path.patch b/net/samba419/files/0006-Install-nss_-modules-into-PAMMODULESDIR-path.patch new file mode 100644 index 000000000000..9fa102f09d75 --- /dev/null +++ b/net/samba419/files/0006-Install-nss_-modules-into-PAMMODULESDIR-path.patch @@ -0,0 +1,32 @@ +From 406621efcd26d48b5e8f1e5df4082c8bf2cc8bab Mon Sep 17 00:00:00 2001 +From: "Timur I. Bakeyev" <timur@FreeBSD.org> +Date: Sun, 30 May 2021 03:32:21 +0200 +Subject: [PATCH 06/28] Install nss_* modules into PAMMODULESDIR path. + +Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org> +--- + nsswitch/wscript_build | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/nsswitch/wscript_build b/nsswitch/wscript_build +index 3247b6c2b7c..df2fc3b97ea 100644 +--- a/nsswitch/wscript_build ++++ b/nsswitch/wscript_build +@@ -54,12 +54,14 @@ elif (host_os.rfind('freebsd') > -1): + source='winbind_nss_linux.c winbind_nss_freebsd.c', + deps='wbclient', + realname='nss_winbind.so.1', ++ install_path='${PAMMODULESDIR}', + vnum='1') + + bld.SAMBA3_PLUGIN('nss_wins', + source='wins.c wins_freebsd.c', + deps='''wbclient''', + realname='nss_wins.so.1', ++ install_path='${PAMMODULESDIR}', + vnum='1') + + elif (host_os.rfind('netbsd') > -1): +-- +2.37.1 + diff --git a/net/samba419/files/0007-Use-macro-value-as-a-default-backlog-size-for-the-li.patch b/net/samba419/files/0007-Use-macro-value-as-a-default-backlog-size-for-the-li.patch new file mode 100644 index 000000000000..96fa888f3784 --- /dev/null +++ b/net/samba419/files/0007-Use-macro-value-as-a-default-backlog-size-for-the-li.patch @@ -0,0 +1,105 @@ +From 75f20f8e144a926873b619e1c0918896689d39a0 Mon Sep 17 00:00:00 2001 +From: "Timur I. Bakeyev" <timur@FreeBSD.org> +Date: Sun, 30 May 2021 03:28:09 +0200 +Subject: [PATCH 07/28] Use macro value as a default backlog size for the + `listen()` syscall. + +Set that macro to -1 on FreeBSD, specifying maximum kernel configured +allowed backlog size. + +Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org> +--- + lib/tevent/echo_server.c | 2 +- + source3/include/local.h | 11 +++++++++++ + source3/libsmb/unexpected.c | 2 +- + source3/utils/smbfilter.c | 2 +- + source3/winbindd/winbindd.c | 4 ++-- + 5 files changed, 16 insertions(+), 5 deletions(-) + +diff --git a/lib/tevent/echo_server.c b/lib/tevent/echo_server.c +index f93d8bcdee7..49354dbf0e5 100644 +--- a/lib/tevent/echo_server.c ++++ b/lib/tevent/echo_server.c +@@ -633,7 +633,7 @@ int main(int argc, const char **argv) + exit(1); + } + +- ret = listen(listen_sock, 5); ++ ret = listen(listen_sock, DEFAULT_LISTEN_BACKLOG); + if (ret == -1) { + perror("listen() failed"); + exit(1); +diff --git a/source3/include/local.h b/source3/include/local.h +index 297e5572fdb..d85aab09f9f 100644 +--- a/source3/include/local.h ++++ b/source3/include/local.h +@@ -163,7 +163,18 @@ + #define WINBIND_SERVER_MUTEX_WAIT_TIME (( ((NUM_CLI_AUTH_CONNECT_RETRIES) * ((CLI_AUTH_TIMEOUT)/1000)) + 5)*2) + + /* size of listen() backlog in smbd */ ++#if defined (FREEBSD) ++#define SMBD_LISTEN_BACKLOG -1 ++#else + #define SMBD_LISTEN_BACKLOG 50 ++#endif ++ ++/* size of listen() default backlog */ ++#if defined (FREEBSD) ++#define DEFAULT_LISTEN_BACKLOG -1 ++#else ++#define DEFAULT_LISTEN_BACKLOG 5 ++#endif + + /* Number of microseconds to wait before a sharing violation. */ + #define SHARING_VIOLATION_USEC_WAIT 950000 +diff --git a/source3/libsmb/unexpected.c b/source3/libsmb/unexpected.c +index ced46969b88..317d6b1e0e2 100644 +--- a/source3/libsmb/unexpected.c ++++ b/source3/libsmb/unexpected.c +@@ -95,7 +95,7 @@ NTSTATUS nb_packet_server_create(TALLOC_CTX *mem_ctx, + status = map_nt_error_from_unix(errno); + goto fail; + } +- rc = listen(result->listen_sock, 5); ++ rc = listen(result->listen_sock, DEFAULT_LISTEN_BACKLOG); + if (rc < 0) { + status = map_nt_error_from_unix(errno); + goto fail; +diff --git a/source3/utils/smbfilter.c b/source3/utils/smbfilter.c +index 3fbd63975c9..b2d90f993fc 100644 +--- a/source3/utils/smbfilter.c ++++ b/source3/utils/smbfilter.c +@@ -291,7 +291,7 @@ static void start_filter(char *desthost) + exit(1); + } + +- if (listen(s, 5) == -1) { ++ if (listen(s, DEFAULT_LISTEN_BACKLOG) == -1) { + d_printf("listen failed\n"); + } + +diff --git a/source3/winbindd/winbindd.c b/source3/winbindd/winbindd.c +index 0f9c6449a5a..c2df0c92372 100644 +--- a/source3/winbindd/winbindd.c ++++ b/source3/winbindd/winbindd.c +@@ -1312,7 +1312,7 @@ static bool winbindd_setup_listeners(void) + if (pub_state->fd == -1) { + goto failed; + } +- rc = listen(pub_state->fd, 5); ++ rc = listen(pub_state->fd, DEFAULT_LISTEN_BACKLOG); + if (rc < 0) { + goto failed; + } +@@ -1344,7 +1344,7 @@ static bool winbindd_setup_listeners(void) + if (priv_state->fd == -1) { + goto failed; + } +- rc = listen(priv_state->fd, 5); ++ rc = listen(priv_state->fd, DEFAULT_LISTEN_BACKLOG); + if (rc < 0) { + goto failed; + } +-- +2.37.1 + diff --git a/net/samba419/files/0008-Brute-force-work-around-usage-of-Linux-specific-m-fl.patch b/net/samba419/files/0008-Brute-force-work-around-usage-of-Linux-specific-m-fl.patch new file mode 100644 index 000000000000..a9528247cec3 --- /dev/null +++ b/net/samba419/files/0008-Brute-force-work-around-usage-of-Linux-specific-m-fl.patch @@ -0,0 +1,111 @@ +From 29d0b3479f61f33356d6cc82099085b5c412f949 Mon Sep 17 00:00:00 2001 +From: "Timur I. Bakeyev" <timur@FreeBSD.org> +Date: Sun, 30 May 2021 03:24:48 +0200 +Subject: [PATCH 08/28] Brute force work around usage of Linux-specific `%m` + flag in `sscanf()`. + +Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org> +--- + libcli/http/http.c | 36 ++++++++++++++++++++++++++----- + source4/libcli/ldap/ldap_client.c | 12 +++++++++++ + 2 files changed, 43 insertions(+), 5 deletions(-) + +diff --git a/libcli/http/http.c b/libcli/http/http.c +index d20fc25f9e2..a28caca0045 100644 +--- a/libcli/http/http.c ++++ b/libcli/http/http.c +@@ -142,7 +142,19 @@ static enum http_read_status http_parse_headers(struct http_read_response_state + return HTTP_ALL_DATA_READ; + } + ++#ifdef FREEBSD ++ int s0, s1, s2, s3; s0 = s1 = s2 = s3 = 0; ++ n = sscanf(line, "%n%*[^:]%n: %n%*[^\r\n]%n\r\n", &s0, &s1, &s2, &s3); ++ ++ if(n >= 0) { ++ key = calloc(sizeof(char), s1-s0+1); ++ value = calloc(sizeof(char), s3-s2+1); ++ ++ n = sscanf(line, "%[^:]: %[^\r\n]\r\n", key, value); ++ } ++#else + n = sscanf(line, "%m[^:]: %m[^\r\n]\r\n", &key, &value); ++#endif + if (n != 2) { + DEBUG(0, ("%s: Error parsing header '%s'\n", __func__, line)); + status = HTTP_DATA_CORRUPTED; +@@ -168,7 +180,7 @@ error: + static bool http_parse_response_line(struct http_read_response_state *state) + { + bool status = true; +- char *protocol; ++ char *protocol = NULL; + char *msg = NULL; + char major; + char minor; +@@ -188,12 +200,22 @@ static bool http_parse_response_line(struct http_read_response_state *state) + return false; + } + ++#ifdef FREEBSD ++ int s0, s1, s2, s3; s0 = s1 = s2 = s3 = 0; ++ n = sscanf(line, "%n%*[^/]%n/%c.%c %d %n%*[^\r\n]%n\r\n", ++ &s0, &s1, &major, &minor, &code, &s2, &s3); ++ ++ if(n == 3) { ++ protocol = calloc(sizeof(char), s1-s0+1); ++ msg = calloc(sizeof(char), s3-s2+1); ++ ++ n = sscanf(line, "%[^/]/%c.%c %d %[^\r\n]\r\n", ++ protocol, &major, &minor, &code, msg); ++ } ++#else + n = sscanf(line, "%m[^/]/%c.%c %d %m[^\r\n]\r\n", + &protocol, &major, &minor, &code, &msg); +- +- DEBUG(11, ("%s: Header parsed(%i): protocol->%s, major->%c, minor->%c, " +- "code->%d, message->%s\n", __func__, n, protocol, major, minor, +- code, msg)); ++#endif + + if (n != 5) { + DEBUG(0, ("%s: Error parsing header\n", __func__)); +@@ -201,6 +223,10 @@ static bool http_parse_response_line(struct http_read_response_state *state) + goto error; + } + ++ DEBUG(11, ("%s: Header parsed(%i): protocol->%s, major->%c, minor->%c, " ++ "code->%d, message->%s\n", __func__, n, protocol, major, minor, ++ code, msg)); ++ + if (major != '1') { + DEBUG(0, ("%s: Bad HTTP major number '%c'\n", __func__, major)); + status = false; +diff --git a/source4/libcli/ldap/ldap_client.c b/source4/libcli/ldap/ldap_client.c +index 8614ccdfd54..2630d3c8859 100644 +--- a/source4/libcli/ldap/ldap_client.c ++++ b/source4/libcli/ldap/ldap_client.c +@@ -402,8 +402,20 @@ static int ldap_parse_basic_url( + *pport = port; + return 0; + } ++#ifdef FREEBSD ++ int s0, s1; s0 = s1 = 0; ++ ret = sscanf(url, "%n%*[^:/]%n:%d", &s0, &s1, &port); + ++ if(ret >= 0) { ++ host = calloc(sizeof(char), s1 - s0 + 1); ++ if (host == NULL) { ++ return ENOMEM; ++ } ++ ret = sscanf(url, "%[^:/]:%d", host, &port); ++ } ++#else + ret = sscanf(url, "%m[^:/]:%d", &host, &port); ++#endif + if (ret < 1) { + return EINVAL; + } +-- +2.37.1 + diff --git a/net/samba419/files/0009-Make-sure-that-config-checks-fail-if-the-warning-is-.patch b/net/samba419/files/0009-Make-sure-that-config-checks-fail-if-the-warning-is-.patch new file mode 100644 index 000000000000..eed200921c65 --- /dev/null +++ b/net/samba419/files/0009-Make-sure-that-config-checks-fail-if-the-warning-is-.patch @@ -0,0 +1,39 @@ +From 3189d57e9c6cf8d5d25566f2760cfa4f822d7a2c Mon Sep 17 00:00:00 2001 +From: "Timur I. Bakeyev" <timur@FreeBSD.org> +Date: Sun, 30 May 2021 03:21:19 +0200 +Subject: [PATCH 09/28] Make sure that config checks fail if the warning is + raised, by adding -Werror flag to the CFLAGS(WERROR_CFLAGS) + +Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org> +--- + buildtools/wafsamba/samba_autoconf.py | 2 +- + lib/replace/wscript | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/buildtools/wafsamba/samba_autoconf.py b/buildtools/wafsamba/samba_autoconf.py +index 78927d85193..cf87c8bb9ff 100644 +--- a/buildtools/wafsamba/samba_autoconf.py ++++ b/buildtools/wafsamba/samba_autoconf.py +@@ -987,5 +987,5 @@ def SAMBA_CHECK_UNDEFINED_SYMBOL_FLAGS(conf): + conf.env.undefined_ldflags = conf.ADD_LDFLAGS('-Wl,-no-undefined', testflags=True) + + if (conf.env.undefined_ignore_ldflags == [] and +- conf.CHECK_LDFLAGS(['-undefined', 'dynamic_lookup'])): ++ conf.CHECK_LDFLAGS(['-undefined', 'dynamic_lookup'] + conf.env.WERROR_CFLAGS)): + conf.env.undefined_ignore_ldflags = ['-undefined', 'dynamic_lookup'] +diff --git a/lib/replace/wscript b/lib/replace/wscript +index 0db93d8caf1..1f9806f1dd7 100644 +--- a/lib/replace/wscript ++++ b/lib/replace/wscript +@@ -122,7 +122,7 @@ def configure(conf): + conf.CHECK_HEADERS('sys/atomic.h stdatomic.h') + conf.CHECK_HEADERS('libgen.h') + +- if conf.CHECK_CFLAGS('-Wno-format-truncation'): ++ if conf.CHECK_CFLAGS(['-Wno-format-truncation'] + conf.env.WERROR_CFLAGS): + conf.define('HAVE_WNO_FORMAT_TRUNCATION', '1') + + if conf.CHECK_CFLAGS('-Wno-unused-function'): +-- +2.37.1 + diff --git a/net/samba419/files/0010-Add-option-with-pkgconfigdir-to-specify-alternative-.patch b/net/samba419/files/0010-Add-option-with-pkgconfigdir-to-specify-alternative-.patch new file mode 100644 index 000000000000..966af1c790f1 --- /dev/null +++ b/net/samba419/files/0010-Add-option-with-pkgconfigdir-to-specify-alternative-.patch @@ -0,0 +1,54 @@ +From 5b0d17a5b7849f40f59fb0daedd62e8f5a1b0fba Mon Sep 17 00:00:00 2001 +From: "Timur I. Bakeyev" <timur@FreeBSD.org> +Date: Sun, 30 May 2021 03:16:37 +0200 +Subject: [PATCH 10/28] Add option --with-pkgconfigdir, to specify alternative + location. + +Override name of the config file. + +Remove code that doesn't allow direct install into /usr + +Substitution: yes + +Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org> +--- + dynconfig/wscript | 9 ++++----- + 1 file changed, 4 insertions(+), 5 deletions(-) + +diff --git a/dynconfig/wscript b/dynconfig/wscript +index c62afa25399..29cacf1b92c 100644 +--- a/dynconfig/wscript ++++ b/dynconfig/wscript +@@ -151,6 +151,8 @@ dynconfig = { + 'PKGCONFIGDIR' : { + 'STD-PATH': '${LIBDIR}/pkgconfig', + 'FHS-PATH': '${LIBDIR}/pkgconfig', ++ 'OPTION': '--with-pkgconfigdir', ++ 'HELPTEXT': 'Where to put .pc files', + }, + 'CODEPAGEDIR' : { + 'STD-PATH': '${DATADIR}/codepages', +@@ -257,8 +259,8 @@ dynconfig = { + 'DELAY': True, + }, + 'CONFIGFILE' : { +- 'STD-PATH': '${CONFIGDIR}/smb.conf', +- 'FHS-PATH': '${CONFIGDIR}/smb.conf', ++ 'STD-PATH': '${CONFIGDIR}/%%SAMBA4_CONFIG%%', ++ 'FHS-PATH': '${CONFIGDIR}/%%SAMBA4_CONFIG%%', + 'DELAY': True, + }, + 'LMHOSTSFILE' : { +@@ -317,9 +319,6 @@ def configure(conf): + flavor = 'FHS-PATH' + else: + flavor = 'STD-PATH' +- if conf.env.PREFIX == '/usr' or conf.env.PREFIX == '/usr/local': +- Logs.error("Don't install directly under /usr or /usr/local without using the FHS option (--enable-fhs)") +- raise Errors.WafError("ERROR: invalid --prefix=%s value" % (conf.env.PREFIX)) + + explicit_set ={} + +-- +2.37.1 + diff --git a/net/samba419/files/0011-Use-provided-by-port-location-of-the-XML-catalog.patch b/net/samba419/files/0011-Use-provided-by-port-location-of-the-XML-catalog.patch new file mode 100644 index 000000000000..518da2e2f2ec --- /dev/null +++ b/net/samba419/files/0011-Use-provided-by-port-location-of-the-XML-catalog.patch @@ -0,0 +1,28 @@ +From 6c68907dcd9abd82cc95c842380a8e817b8f0e7f Mon Sep 17 00:00:00 2001 +From: "Timur I. Bakeyev" <timur@FreeBSD.org> +Date: Sun, 30 May 2021 02:54:28 +0200 +Subject: [PATCH 11/28] Use provided by port location of the XML catalog. + +Substitution: yes + +Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org> +--- + buildtools/wafsamba/wafsamba.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/buildtools/wafsamba/wafsamba.py b/buildtools/wafsamba/wafsamba.py +index 7885ee720be..c42a021bc01 100644 +--- a/buildtools/wafsamba/wafsamba.py ++++ b/buildtools/wafsamba/wafsamba.py +@@ -1174,7 +1174,7 @@ def SAMBAMANPAGES(bld, manpages, extra_source=None): + bld.env.SAMBA_EXPAND_XSL = bld.srcnode.abspath() + '/docs-xml/xslt/expand-sambadoc.xsl' + bld.env.SAMBA_MAN_XSL = bld.srcnode.abspath() + '/docs-xml/xslt/man.xsl' + bld.env.SAMBA_CATALOG = bld.bldnode.abspath() + '/docs-xml/build/catalog.xml' +- bld.env.SAMBA_CATALOGS = os.getenv('XML_CATALOG_FILES', 'file:///etc/xml/catalog file:///usr/local/share/xml/catalog') + ' file://' + bld.env.SAMBA_CATALOG ++ bld.env.SAMBA_CATALOGS = os.getenv('XML_CATALOG_FILES', 'file:///etc/xml/catalog file://%%LOCALBASE%%/share/xml/catalog') + ' file://' + bld.env.SAMBA_CATALOG + + for m in manpages.split(): + source = [m + '.xml'] +-- +2.37.1 + diff --git a/net/samba419/files/0012-Create-shared-libraries-according-to-the-FreeBSD-spe.patch b/net/samba419/files/0012-Create-shared-libraries-according-to-the-FreeBSD-spe.patch new file mode 100644 index 000000000000..240db55406c6 --- /dev/null +++ b/net/samba419/files/0012-Create-shared-libraries-according-to-the-FreeBSD-spe.patch @@ -0,0 +1,29 @@ +From 9731cc810b50b6694ff931135df398a6772200ae Mon Sep 17 00:00:00 2001 +From: "Timur I. Bakeyev" <timur@FreeBSD.org> +Date: Sun, 30 May 2021 02:51:47 +0200 +Subject: [PATCH 12/28] Create shared libraries according to the + FreeBSD-specific naming schema, where only major.minor versions are used. + +https://docs.freebsd.org/en/books/developers-handbook/policies/#policies-shlib + +Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org> +--- + buildtools/wafsamba/samba_install.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/buildtools/wafsamba/samba_install.py b/buildtools/wafsamba/samba_install.py +index 2957e16c3da..82abbf893e2 100644 +--- a/buildtools/wafsamba/samba_install.py ++++ b/buildtools/wafsamba/samba_install.py +@@ -115,7 +115,7 @@ def install_library(self): + inst_name = bld.make_libname(t.target) + elif self.vnum: + vnum_base = self.vnum.split('.')[0] +- install_name = bld.make_libname(target_name, version=self.vnum) ++ install_name = bld.make_libname(target_name, version=vnum_base) + install_link = bld.make_libname(target_name, version=vnum_base) + inst_name = bld.make_libname(t.target) + if not self.private_library or not t.env.SONAME_ST: +-- +2.37.1 + diff --git a/net/samba419/files/0013-Pass-additional-msg-parameter-to-CHECK_LIB-so-it-can.patch b/net/samba419/files/0013-Pass-additional-msg-parameter-to-CHECK_LIB-so-it-can.patch new file mode 100644 index 000000000000..0508ba5113dd --- /dev/null +++ b/net/samba419/files/0013-Pass-additional-msg-parameter-to-CHECK_LIB-so-it-can.patch @@ -0,0 +1,70 @@ +From 6be12b41eb0f71cfc25b5df6659dd176bd681621 Mon Sep 17 00:00:00 2001 +From: "Timur I. Bakeyev" <timur@FreeBSD.org> +Date: Thu, 8 Sep 2022 00:25:05 +0200 +Subject: [PATCH 13/28] Pass additional msg parameter to CHECK_LIB(), so it can + be transited to the conf.check(), which allows us to specify `match` + parameter to opt.add_option(). + +Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org> +--- + buildtools/wafsamba/samba_autoconf.py | 9 ++++++--- + buildtools/wafsamba/wscript | 9 +++++++-- + 2 files changed, 13 insertions(+), 5 deletions(-) + +diff --git a/buildtools/wafsamba/samba_autoconf.py b/buildtools/wafsamba/samba_autoconf.py +index cf87c8bb9ff..f6c72d99125 100644 +--- a/buildtools/wafsamba/samba_autoconf.py ++++ b/buildtools/wafsamba/samba_autoconf.py +@@ -593,7 +593,7 @@ def library_flags(self, libs): + + + @conf +-def CHECK_LIB(conf, libs, mandatory=False, empty_decl=True, set_target=True, shlib=False): ++def CHECK_LIB(conf, libs, mandatory=False, empty_decl=True, set_target=True, shlib=False, msg=None): + '''check if a set of libraries exist as system libraries + + returns the sublist of libs that do exist as a syslib or [] +@@ -613,11 +613,14 @@ int foo() + ret.append(lib) + continue + ++ if msg is None: ++ msg = 'Checking for library %s' % lib ++ + (ccflags, ldflags, cpppath) = library_flags(conf, lib) + if shlib: +- res = conf.check(features='c cshlib', fragment=fragment, lib=lib, uselib_store=lib, cflags=ccflags, ldflags=ldflags, uselib=lib.upper(), mandatory=False) ++ res = conf.check(features='c cshlib', fragment=fragment, lib=lib, uselib_store=lib, cflags=ccflags, ldflags=ldflags, uselib=lib.upper(), mandatory=False, msg=msg) + else: +- res = conf.check(lib=lib, uselib_store=lib, cflags=ccflags, ldflags=ldflags, uselib=lib.upper(), mandatory=False) ++ res = conf.check(lib=lib, uselib_store=lib, cflags=ccflags, ldflags=ldflags, uselib=lib.upper(), mandatory=False, msg=msg) + + if not res: + if mandatory: +diff --git a/buildtools/wafsamba/wscript b/buildtools/wafsamba/wscript +index a4d6f3e5c49..c047e1e8b5a 100644 +--- a/buildtools/wafsamba/wscript ++++ b/buildtools/wafsamba/wscript +@@ -133,12 +133,17 @@ Currently the only tested value is 'smbtorture,smbd/smbd' for Samba'''), + help=("private library directory [PREFIX/lib/%s]" % Context.g_module.APPNAME), + action="store", dest='PRIVATELIBDIR', default=None) + ++ opt.add_option('--with-openldap', ++ help='additional directory to search for OpenLDAP libs', ++ action='store', dest='ldap_open', default=None, ++ match = ['Checking for library lber', 'Checking for library ldap']) ++ + opt.add_option('--with-libiconv', + help='additional directory to search for libiconv', +- action='store', dest='iconv_open', default='/usr/local', ++ action='store', dest='iconv_open', default=None, + match = ['Checking for library iconv', 'Checking for iconv_open', 'Checking for header iconv.h']) + opt.add_option('--without-gettext', +- help=("Disable use of gettext"), ++ help=("disable use of gettext"), + action="store_true", dest='disable_gettext', default=False) + + gr = opt.option_group('developer options') +-- +2.37.1 + diff --git a/net/samba419/files/0014-Add-option-to-disable-CTDB-tests-failing-on-FreeBSD-.patch b/net/samba419/files/0014-Add-option-to-disable-CTDB-tests-failing-on-FreeBSD-.patch new file mode 100644 index 000000000000..32b02176de6b --- /dev/null +++ b/net/samba419/files/0014-Add-option-to-disable-CTDB-tests-failing-on-FreeBSD-.patch @@ -0,0 +1,77 @@ +From 2f16c17b683655fe318a1e6d45aaad3857d1a512 Mon Sep 17 00:00:00 2001 +From: "Timur I. Bakeyev" <timur@FreeBSD.org> +Date: Mon, 31 May 2021 00:35:36 +0200 +Subject: [PATCH 14/28] Add option to disable CTDB tests - failing on FreeBSD + right now in too many places. + +Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org> +--- + ctdb/wscript | 24 ++++++++++++++++++------ + 1 file changed, 18 insertions(+), 6 deletions(-) + +diff --git a/ctdb/wscript b/ctdb/wscript +index a9fef9241aa..c89c6decdd7 100644 +--- a/ctdb/wscript ++++ b/ctdb/wscript +@@ -106,6 +106,9 @@ def options(opt): + opt.add_option('--enable-ceph-reclock', + help=("Enable Ceph CTDB recovery lock helper (default=no)"), + action="store_true", dest='ctdb_ceph_reclock', default=False) ++ opt.add_option('--disable-ctdb-tests', ++ help=("Disable CTDB tests (default=no)"), ++ action="store_true", dest='ctdb_no_tests', default=False) + + opt.add_option('--with-logdir', + help=("Path to log directory"), +@@ -278,7 +281,7 @@ def configure(conf): + + if Options.options.ctdb_ceph_reclock: + if (conf.CHECK_HEADERS('rados/librados.h', False, False, 'rados') and +- conf.CHECK_LIB('rados', shlib=True)): ++ conf.CHECK_LIB('rados', shlib=True)): + Logs.info('Building with Ceph librados recovery lock support') + conf.define('HAVE_LIBRADOS', 1) + else: +@@ -317,8 +320,14 @@ def configure(conf): + conf.env.CTDB_VARDIR, + conf.env.CTDB_RUNDIR)) + +- conf.env.CTDB_TEST_DATADIR = os.path.join(conf.env.CTDB_DATADIR, 'tests') +- conf.env.CTDB_TEST_LIBEXECDIR = os.path.join(conf.env.LIBEXECDIR, 'ctdb/tests') ++ if Options.options.ctdb_no_tests: ++ conf.env.ctdb_tests = False ++ else: ++ conf.env.ctdb_tests = True ++ ++ if conf.env.ctdb_tests: ++ conf.env.CTDB_TEST_DATADIR = os.path.join(conf.env.CTDB_DATADIR, 'tests') ++ conf.env.CTDB_TEST_LIBEXECDIR = os.path.join(conf.env.LIBEXECDIR, 'ctdb/tests') + + # Allow unified compilation and separate compilation of utilities + # to find includes +@@ -706,9 +715,9 @@ def build(bld): + if bld.env.HAVE_LIBRADOS: + bld.SAMBA_BINARY('ctdb_mutex_ceph_rados_helper', + source='utils/ceph/ctdb_mutex_ceph_rados_helper.c', +- deps='talloc tevent rados', +- includes='include', +- install_path='${CTDB_HELPER_BINDIR}') ++ deps='talloc tevent rados', ++ includes='include', ++ install_path='${CTDB_HELPER_BINDIR}') + + sed_expr1 = 's|/usr/local/var/lib/ctdb|%s|g' % (bld.env.CTDB_VARDIR) + sed_expr2 = 's|/usr/local/etc/ctdb|%s|g' % (bld.env.CTDB_ETCDIR) +@@ -885,6 +894,9 @@ def build(bld): + for d in ['volatile', 'persistent', 'state']: + bld.INSTALL_DIR(os.path.join(bld.env.CTDB_VARDIR, d)) + ++ if not bld.env.ctdb_tests: ++ return ++ + # + # Test-only below this point + # +-- +2.37.1 + diff --git a/net/samba419/files/0015-Add-extra-debug-class-to-trck-down-DB-locking-code.patch b/net/samba419/files/0015-Add-extra-debug-class-to-trck-down-DB-locking-code.patch new file mode 100644 index 000000000000..30b6a7a34a6e --- /dev/null +++ b/net/samba419/files/0015-Add-extra-debug-class-to-trck-down-DB-locking-code.patch @@ -0,0 +1,132 @@ +From 08e648c899e5023f337d2fa56e4e758f62f31ec4 Mon Sep 17 00:00:00 2001 +From: "Timur I. Bakeyev" <timur@FreeBSD.org> +Date: Mon, 31 May 2021 00:38:38 +0200 +Subject: [PATCH 15/28] Add extra debug class to trck down DB locking code. + +Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org> +--- + lib/dbwrap/dbwrap.c | 3 +++ + lib/dbwrap/dbwrap_local_open.c | 3 +++ + lib/dbwrap/dbwrap_rbt.c | 3 +++ + lib/dbwrap/dbwrap_tdb.c | 3 +++ + lib/dbwrap/dbwrap_util.c | 3 +++ + source3/lib/dbwrap/dbwrap_ctdb.c | 3 +++ + source3/lib/dbwrap/dbwrap_open.c | 3 +++ + source3/lib/dbwrap/dbwrap_watch.c | 3 +++ + 8 files changed, 24 insertions(+) + +diff --git a/lib/dbwrap/dbwrap.c b/lib/dbwrap/dbwrap.c +index 7555efaa3ab..51f58fea851 100644 +--- a/lib/dbwrap/dbwrap.c ++++ b/lib/dbwrap/dbwrap.c +@@ -28,6 +28,9 @@ + #include "lib/util/util_tdb.h" + #include "lib/util/tevent_ntstatus.h" + ++#undef DBGC_CLASS ++#define DBGC_CLASS DBGC_LOCKING ++ + /* + * Fall back using fetch if no genuine exists operation is provided + */ +diff --git a/lib/dbwrap/dbwrap_local_open.c b/lib/dbwrap/dbwrap_local_open.c +index 20c5fa0e1d2..b834bbd0e41 100644 +--- a/lib/dbwrap/dbwrap_local_open.c ++++ b/lib/dbwrap/dbwrap_local_open.c +@@ -23,6 +23,9 @@ + #include "dbwrap/dbwrap_tdb.h" + #include "tdb.h" + ++#undef DBGC_CLASS ++#define DBGC_CLASS DBGC_LOCKING ++ + struct db_context *dbwrap_local_open(TALLOC_CTX *mem_ctx, + const char *name, + int hash_size, int tdb_flags, +diff --git a/lib/dbwrap/dbwrap_rbt.c b/lib/dbwrap/dbwrap_rbt.c +index db456dfffba..483558a6dc7 100644 +--- a/lib/dbwrap/dbwrap_rbt.c ++++ b/lib/dbwrap/dbwrap_rbt.c +@@ -24,6 +24,9 @@ + #include "../lib/util/rbtree.h" + #include "../lib/util/dlinklist.h" + ++#undef DBGC_CLASS ++#define DBGC_CLASS DBGC_LOCKING ++ + #define DBWRAP_RBT_ALIGN(_size_) (((_size_)+15)&~15) + + struct db_rbt_ctx { +diff --git a/lib/dbwrap/dbwrap_tdb.c b/lib/dbwrap/dbwrap_tdb.c +index 6cd95fa25ad..4a75cd80256 100644 +--- a/lib/dbwrap/dbwrap_tdb.c ++++ b/lib/dbwrap/dbwrap_tdb.c +@@ -29,6 +29,9 @@ + #include "lib/param/param.h" + #include "libcli/util/error.h" + ++#undef DBGC_CLASS ++#define DBGC_CLASS DBGC_LOCKING ++ + struct db_tdb_ctx { + struct tdb_wrap *wtdb; + +diff --git a/lib/dbwrap/dbwrap_util.c b/lib/dbwrap/dbwrap_util.c +index df6dea40097..465814f0952 100644 +--- a/lib/dbwrap/dbwrap_util.c ++++ b/lib/dbwrap/dbwrap_util.c +@@ -26,6 +26,9 @@ + #include "dbwrap.h" + #include "lib/util/util_tdb.h" + ++#undef DBGC_CLASS ++#define DBGC_CLASS DBGC_LOCKING ++ + struct dbwrap_fetch_int32_state { + NTSTATUS status; + int32_t result; +diff --git a/source3/lib/dbwrap/dbwrap_ctdb.c b/source3/lib/dbwrap/dbwrap_ctdb.c +index 0907089164a..9fc771d1217 100644 +--- a/source3/lib/dbwrap/dbwrap_ctdb.c ++++ b/source3/lib/dbwrap/dbwrap_ctdb.c +@@ -38,6 +38,9 @@ + #include "lib/cluster_support.h" + #include "lib/util/tevent_ntstatus.h" + ++#undef DBGC_CLASS ++#define DBGC_CLASS DBGC_LOCKING ++ + struct db_ctdb_transaction_handle { + struct db_ctdb_ctx *ctx; + /* +diff --git a/source3/lib/dbwrap/dbwrap_open.c b/source3/lib/dbwrap/dbwrap_open.c +index 52c8a94aeff..caefb579058 100644 +--- a/source3/lib/dbwrap/dbwrap_open.c ++++ b/source3/lib/dbwrap/dbwrap_open.c +@@ -31,6 +31,9 @@ + #include "ctdbd_conn.h" + #include "global_contexts.h" + ++#undef DBGC_CLASS ++#define DBGC_CLASS DBGC_LOCKING ++ + bool db_is_local(const char *name) + { + const char *sockname = lp_ctdbd_socket(); +diff --git a/source3/lib/dbwrap/dbwrap_watch.c b/source3/lib/dbwrap/dbwrap_watch.c +index 17a52de37cc..77f7b178229 100644 +--- a/source3/lib/dbwrap/dbwrap_watch.c ++++ b/source3/lib/dbwrap/dbwrap_watch.c +@@ -28,6 +28,9 @@ + #include "server_id_watch.h" + #include "lib/dbwrap/dbwrap_private.h" + ++#undef DBGC_CLASS ++#define DBGC_CLASS DBGC_LOCKING ++ + struct dbwrap_watcher { + /* + * Process watching this record +-- +2.37.1 + diff --git a/net/samba419/files/0016-Make-ldb_schema_attribute_compare-a-stable-comparisi.patch b/net/samba419/files/0016-Make-ldb_schema_attribute_compare-a-stable-comparisi.patch new file mode 100644 index 000000000000..3449ab2d17d9 --- /dev/null +++ b/net/samba419/files/0016-Make-ldb_schema_attribute_compare-a-stable-comparisi.patch @@ -0,0 +1,29 @@ +From 2b3ee747cdf83b80d07aaf1b261956bc9894ff36 Mon Sep 17 00:00:00 2001 +From: "Timur I. Bakeyev" <timur@FreeBSD.org> +Date: Thu, 8 Sep 2022 00:06:37 +0200 +Subject: [PATCH 16/28] Make ldb_schema_attribute_compare() a stable + comparision function. + +Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org> +--- + lib/ldb/ldb_key_value/ldb_kv_cache.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/lib/ldb/ldb_key_value/ldb_kv_cache.c b/lib/ldb/ldb_key_value/ldb_kv_cache.c +index 4a3c9f29020..cb200aeb9ba 100644 +--- a/lib/ldb/ldb_key_value/ldb_kv_cache.c ++++ b/lib/ldb/ldb_key_value/ldb_kv_cache.c +@@ -92,7 +92,9 @@ static int ldb_schema_attribute_compare(const void *p1, const void *p2) + { + const struct ldb_schema_attribute *sa1 = (const struct ldb_schema_attribute *)p1; + const struct ldb_schema_attribute *sa2 = (const struct ldb_schema_attribute *)p2; +- return ldb_attr_cmp(sa1->name, sa2->name); ++ int res = ldb_attr_cmp(sa1->name, sa2->name); ++ ++ return (res) ? res : (sa1->flags > sa2->flags) ? 1 : (sa1->flags < sa2->flags) ? -1 : 0; + } + + /* +-- +2.37.1 + diff --git a/net/samba419/files/0017-Use-arc4random-when-available-to-generate-random-tal.patch b/net/samba419/files/0017-Use-arc4random-when-available-to-generate-random-tal.patch new file mode 100644 index 000000000000..a7e7c7d99dbe --- /dev/null +++ b/net/samba419/files/0017-Use-arc4random-when-available-to-generate-random-tal.patch @@ -0,0 +1,49 @@ +From 42c9490dd346ee2f4369cbed4c37cb43f06e5d19 Mon Sep 17 00:00:00 2001 +From: "Timur I. Bakeyev" <timur@FreeBSD.org> +Date: Wed, 7 Sep 2022 23:52:43 +0200 +Subject: [PATCH 17/28] Use arc4random() when available to generate random + talloc slab signature. + +Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org> +--- + lib/talloc/talloc.c | 4 ++++ + lib/talloc/wscript | 1 + + 2 files changed, 5 insertions(+) + +diff --git a/lib/talloc/talloc.c b/lib/talloc/talloc.c +index 29da190880a..79c76fd9e35 100644 +--- a/lib/talloc/talloc.c ++++ b/lib/talloc/talloc.c +@@ -397,6 +397,9 @@ void talloc_lib_init(void) CONSTRUCTOR; + void talloc_lib_init(void) + { + uint32_t random_value; ++#if defined(HAVE_ARC4RANDOM) ++ random_value = arc4random(); ++#else + #if defined(HAVE_GETAUXVAL) && defined(AT_RANDOM) + uint8_t *p; + /* +@@ -430,6 +433,7 @@ void talloc_lib_init(void) + */ + random_value = ((uintptr_t)talloc_lib_init & 0xFFFFFFFF); + } ++#endif /* HAVE_ARC4RANDOM */ + talloc_magic = random_value & ~TALLOC_FLAG_MASK; + } + #else +diff --git a/lib/talloc/wscript b/lib/talloc/wscript +index f0c266a7878..c75ec0505df 100644 +--- a/lib/talloc/wscript ++++ b/lib/talloc/wscript +@@ -52,6 +52,7 @@ def configure(conf): + + conf.CHECK_HEADERS('sys/auxv.h') + conf.CHECK_FUNCS('getauxval') ++ conf.CHECK_FUNCS('arc4random') + + conf.SAMBA_CONFIG_H() + +-- +2.37.1 + diff --git a/net/samba419/files/0018-Add-configuration-option-that-allows-to-choose-alter.patch b/net/samba419/files/0018-Add-configuration-option-that-allows-to-choose-alter.patch new file mode 100644 index 000000000000..5f5aa4af3a96 --- /dev/null +++ b/net/samba419/files/0018-Add-configuration-option-that-allows-to-choose-alter.patch @@ -0,0 +1,65 @@ +From b81d399aa6d9e2bdbb9db0efa8109c41aad4d025 Mon Sep 17 00:00:00 2001 +From: "Timur I. Bakeyev" <timur@FreeBSD.org> +Date: Mon, 31 May 2021 02:49:20 +0200 +Subject: [PATCH 18/28] Add configuration option that allows to choose + alternative mDNS implementation dns_sd library. + +Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org> +--- + source3/wscript | 12 ++++++++++++ + source3/wscript_build | 2 ++ + 2 files changed, 14 insertions(+) + +diff --git a/source3/wscript b/source3/wscript +index 2121b8b6510..6209472c6c8 100644 +--- a/source3/wscript ++++ b/source3/wscript +@@ -70,6 +70,7 @@ def options(opt): + opt.samba_add_onoff_option('sendfile-support', default=None) + opt.samba_add_onoff_option('utmp') + opt.samba_add_onoff_option('avahi', with_name="enable", without_name="disable") ++ opt.samba_add_onoff_option('dnssd', with_name="enable", without_name="disable") + opt.samba_add_onoff_option('iconv') + opt.samba_add_onoff_option('acl-support') + opt.samba_add_onoff_option('syslog') +@@ -855,6 +856,17 @@ msg.msg_accrightslen = sizeof(fd); + conf.SET_TARGET_TYPE('avahi-common', 'EMPTY') + conf.SET_TARGET_TYPE('avahi-client', 'EMPTY') + ++ if Options.options.with_dnssd: ++ conf.env.with_dnssd = True ++ if not conf.CHECK_HEADERS('dns_sd.h'): ++ conf.env.with_dnssd = False ++ if not conf.CHECK_FUNCS_IN('DNSServiceRegister', 'dns_sd'): ++ conf.env.with_dnssd = False ++ if conf.env.with_dnssd: ++ conf.DEFINE('WITH_DNSSD_SUPPORT', 1) ++ else: ++ conf.SET_TARGET_TYPE('dns_sd', 'EMPTY') ++ + if Options.options.with_iconv: + conf.env.with_iconv = True + if not conf.CHECK_FUNCS_IN('iconv_open', 'iconv', headers='iconv.h'): +diff --git a/source3/wscript_build b/source3/wscript_build +index 5cf965dc45d..edd7985e648 100644 +--- a/source3/wscript_build ++++ b/source3/wscript_build +@@ -709,6 +709,7 @@ bld.SAMBA3_LIBRARY('smbd_base', + samba3core + param_service + AVAHI ++ dns_sd + PROFILE + LOCKING + LIBADS_SERVER +@@ -1128,6 +1129,7 @@ bld.SAMBA3_BINARY('client/smbclient', + msrpc3 + RPC_NDR_SRVSVC + cli_smb_common ++ dns_sd + archive + ''') + +-- +2.37.1 + diff --git a/net/samba419/files/0019-From-923bc7a1afeb0b920e60e14846987ae1d2d7dca4-Mon-Se.patch b/net/samba419/files/0019-From-923bc7a1afeb0b920e60e14846987ae1d2d7dca4-Mon-Se.patch new file mode 100644 index 000000000000..551acb212f55 --- /dev/null +++ b/net/samba419/files/0019-From-923bc7a1afeb0b920e60e14846987ae1d2d7dca4-Mon-Se.patch @@ -0,0 +1,544 @@ +From 5aabf82dfaf325bf682db85d80476224e7005a41 Mon Sep 17 00:00:00 2001 +From: "Timur I. Bakeyev" <timur@FreeBSD.org> +Date: Mon, 31 May 2021 00:46:16 +0200 +Subject: [PATCH 19/28] From 923bc7a1afeb0b920e60e14846987ae1d2d7dca4 Mon Sep + 17 00:00:00 2001 From: John Hixson <john@ixsystems.com> Date: Thu, 7 Dec 2017 + 09:36:32 -0500 Subject: [PATCH] Freenas/master mdns fixes (#22) + +* mDNS fixes for Samba (work in progress). +* Fix mDNS - Can advertise on individual interfaces +* Fix mDNS browsing in smbclient + +Signed-off-by: Timur I. Bakeyev <timur@iXsystems.com> +Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org> +--- + source3/client/dnsbrowse.c | 19 +- + source3/smbd/dnsregister.c | 354 ++++++++++++++++++++++++++++++------- + 2 files changed, 299 insertions(+), 74 deletions(-) + +diff --git a/source3/client/dnsbrowse.c b/source3/client/dnsbrowse.c +index be6eb881cf1..83aef966d2a 100644 +--- a/source3/client/dnsbrowse.c ++++ b/source3/client/dnsbrowse.c +@@ -39,6 +39,7 @@ struct mdns_smbsrv_result + struct mdns_browse_state + { + struct mdns_smbsrv_result *listhead; /* Browse result list head */ ++ TALLOC_CTX * ctx; + int browseDone; + + }; +@@ -64,7 +65,7 @@ static void do_smb_resolve(struct mdns_smbsrv_result *browsesrv) + struct timeval tv; + DNSServiceErrorType err; + +- TALLOC_CTX * ctx = talloc_tos(); ++ TALLOC_CTX * ctx = talloc_new(NULL); + + err = DNSServiceResolve(&mdns_conn_sdref, 0 /* flags */, + browsesrv->ifIndex, +@@ -91,7 +92,7 @@ static void do_smb_resolve(struct mdns_smbsrv_result *browsesrv) + } + } + +- TALLOC_FREE(fdset); ++ TALLOC_FREE(ctx); + DNSServiceRefDeallocate(mdns_conn_sdref); + } + +@@ -124,18 +125,19 @@ do_smb_browse_reply(DNSServiceRef sdRef, DNSServiceFlags flags, + return; + } + +- bresult = talloc_array(talloc_tos(), struct mdns_smbsrv_result, 1); ++ bresult = talloc_array(bstatep->ctx, struct mdns_smbsrv_result, 1); + if (bresult == NULL) { + return; + } + ++ bresult->nextResult = NULL; + if (bstatep->listhead != NULL) { + bresult->nextResult = bstatep->listhead; + } + +- bresult->serviceName = talloc_strdup(talloc_tos(), serviceName); +- bresult->regType = talloc_strdup(talloc_tos(), regtype); +- bresult->domain = talloc_strdup(talloc_tos(), replyDomain); ++ bresult->serviceName = talloc_strdup(bstatep->ctx, serviceName); ++ bresult->regType = talloc_strdup(bstatep->ctx, regtype); ++ bresult->domain = talloc_strdup(bstatep->ctx, replyDomain); + bresult->ifIndex = interfaceIndex; + bstatep->listhead = bresult; + } +@@ -151,10 +153,13 @@ int do_smb_browse(void) + DNSServiceRef mdns_conn_sdref = NULL; + DNSServiceErrorType err; + +- TALLOC_CTX * ctx = talloc_stackframe(); ++ TALLOC_CTX * ctx = talloc_new(NULL); + + ZERO_STRUCT(bstate); + ++ bstate.ctx = ctx; ++ bstate.listhead = NULL; ++ + err = DNSServiceBrowse(&mdns_conn_sdref, 0, 0, "_smb._tcp", "", + do_smb_browse_reply, &bstate); + +diff --git a/source3/smbd/dnsregister.c b/source3/smbd/dnsregister.c +index df189001a09..389a4278f64 100644 +--- a/source3/smbd/dnsregister.c ++++ b/source3/smbd/dnsregister.c +@@ -29,6 +29,29 @@ + * browse for advertised SMB services. + */ + ++/* ++ * Time Machine Errata: ++ * sys=adVF=0x100 -- this is required when ._adisk._tcp is present on device. When it is ++ * set, the MacOS client will send a NetShareEnumAll IOCTL and shares will be visible. ++ * Otherwise, Finder will only see the Time Machine share. In the absence of ._adisk._tcp ++ * MacOS will _always_ send NetShareEnumAll IOCTL. ++ * ++ * waMa=0 -- MacOS server uses waMa=0, while embedded devices have it set to their Mac Address. ++ * Speculation in Samba-Technical indicates that this stands for "Wireless AirDisk Mac Address". ++ * ++ * adVU -- AirDisk Volume UUID. Mac OS servers generate a UUID. Time machine over SMB works without one ++ * set. Netatalk generates a UUID and stores it persistently in afp_voluuid.conf. This can be ++ * set by adding the share parameter "fruit:volume_uuid = " ++ * ++ * dk(n)=adVF= ++ * 0xa1, 0x81 - AFP support ++ * 0xa2, 0x82 - SMB support ++ * 0xa3, 0x83 - AFP and SMB support ++ * ++ * adVN -- AirDisk Volume Name. We set this to the share name. ++ * ++ */ ++ + #define DNS_REG_RETRY_INTERVAL (5*60) /* in seconds */ + + #ifdef WITH_DNSSD_SUPPORT +@@ -36,85 +59,177 @@ + #include <dns_sd.h> + + struct dns_reg_state { +- struct tevent_context *event_ctx; +- uint16_t port; +- DNSServiceRef srv_ref; +- struct tevent_timer *te; +- int fd; +- struct tevent_fd *fde; ++ int count; ++ struct reg_state { ++ DNSServiceRef srv_ref; ++ TALLOC_CTX *mem_ctx; ++ struct tevent_context *event_ctx; ++ struct tevent_timer *te; ++ struct tevent_fd *fde; ++ uint16_t port; ++ int if_index; ++ int fd; ++ } *drs; + }; + +-static int dns_reg_state_destructor(struct dns_reg_state *dns_state) ++static void dns_register_smbd_retry(struct tevent_context *ctx, ++ struct tevent_timer *te, ++ struct timeval now, ++ void *private_data); ++static void dns_register_smbd_fde_handler(struct tevent_context *ev, ++ struct tevent_fd *fde, ++ uint16_t flags, ++ void *private_data); ++ ++ ++static int reg_state_destructor(struct reg_state *state) + { +- if (dns_state->srv_ref != NULL) { ++ if (state == NULL) { ++ return -1; ++ } ++ ++ if (state->srv_ref != NULL) { + /* Close connection to the mDNS daemon */ +- DNSServiceRefDeallocate(dns_state->srv_ref); +- dns_state->srv_ref = NULL; ++ DNSServiceRefDeallocate(state->srv_ref); ++ state->srv_ref = NULL; + } + + /* Clear event handler */ +- TALLOC_FREE(dns_state->te); +- TALLOC_FREE(dns_state->fde); +- dns_state->fd = -1; ++ TALLOC_FREE(state->te); ++ TALLOC_FREE(state->fde); ++ state->fd = -1; + + return 0; + } + +-static void dns_register_smbd_retry(struct tevent_context *ctx, +- struct tevent_timer *te, +- struct timeval now, +- void *private_data); +-static void dns_register_smbd_fde_handler(struct tevent_context *ev, +- struct tevent_fd *fde, +- uint16_t flags, +- void *private_data); ++int TXTRecordPrintf(TXTRecordRef * rec, const char * key, const char * fmt, ... ) ++{ ++ int ret = 0; ++ char *str; ++ va_list ap; ++ va_start( ap, fmt ); ++ ++ if( 0 > vasprintf(&str, fmt, ap ) ) { ++ va_end(ap); ++ return -1; ++ } ++ va_end(ap); ++ ++ if( kDNSServiceErr_NoError != TXTRecordSetValue(rec, key, strlen(str), str) ) { ++ ret = -1; ++ } ++ ++ free(str); ++ return ret; ++} ++ ++int TXTRecordKeyPrintf(TXTRecordRef * rec, const char * key_fmt, int key_var, const char * fmt, ...) ++{ ++ int ret = 0; ++ char *key = NULL, *str = NULL; ++ va_list ap; ++ ++ if( 0 > asprintf(&key, key_fmt, key_var)) { ++ DEBUG(1, ("Failed in asprintf\n")); ++ return -1; ++ } + +-static bool dns_register_smbd_schedule(struct dns_reg_state *dns_state, ++ va_start( ap, fmt ); ++ if( 0 > vasprintf(&str, fmt, ap )) { ++ va_end(ap); ++ DEBUG(1, ("Failed in vasprintf\n")); ++ ret = -1; ++ goto exit; ++ } ++ va_end(ap); ++ ++ if( kDNSServiceErr_NoError != TXTRecordSetValue(rec, key, strlen(str), str) ) { ++ DEBUG(1, ("Failed in TXTRecordSetValuen")); ++ ret = -1; ++ goto exit; ++ } ++ ++ exit: ++ if (str) ++ free(str); ++ if (key) ++ free(key); ++ return ret; ++} ++ ++ ++static bool dns_register_smbd_schedule(struct reg_state *state, + struct timeval tval) + { +- dns_reg_state_destructor(dns_state); ++ reg_state_destructor(state); + +- dns_state->te = tevent_add_timer(dns_state->event_ctx, +- dns_state, ++ state->te = tevent_add_timer(state->event_ctx, ++ state->mem_ctx, + tval, + dns_register_smbd_retry, +- dns_state); +- if (!dns_state->te) { ++ state); ++ if (!state->te) { + return false; + } + + return true; + } + ++static void dns_register_smbd_callback(DNSServiceRef service, ++ DNSServiceFlags flags, ++ DNSServiceErrorType errorCode, ++ const char *name, ++ const char *type, ++ const char *domain, ++ void *context) ++{ ++ if (errorCode != kDNSServiceErr_NoError) { ++ DEBUG(6, ("error=%d\n", errorCode)); ++ } else { ++ DEBUG(6, ("%-15s %s.%s%s\n", "REGISTER", name, type, domain)); ++ } ++} ++ + static void dns_register_smbd_retry(struct tevent_context *ctx, + struct tevent_timer *te, + struct timeval now, + void *private_data) + { +- struct dns_reg_state *dns_state = talloc_get_type_abort(private_data, +- struct dns_reg_state); ++ struct reg_state *state = (struct reg_state *)private_data; + DNSServiceErrorType err; ++ int snum; ++ size_t dk = 0; ++ bool sys_txt_created = false; ++ TXTRecordRef txt_adisk; ++ TXTRecordRef txt_devinfo; ++ char *servname; ++ char *v_uuid; ++ int num_services = lp_numservices(); ++ ++ reg_state_destructor(state); + +- dns_reg_state_destructor(dns_state); ++ TXTRecordCreate(&txt_adisk, 0, NULL); + +- DEBUG(6, ("registering _smb._tcp service on port %d\n", +- dns_state->port)); ++ DEBUG(6, ("registering _smb._tcp service on port %d index %d\n", ++ state->port, state->if_index)); + + /* Register service with DNS. Connects with the mDNS + * daemon running on the local system to perform DNS + * service registration. + */ +- err = DNSServiceRegister(&dns_state->srv_ref, 0 /* flags */, +- kDNSServiceInterfaceIndexAny, +- NULL /* service name */, +- "_smb._tcp" /* service type */, +- NULL /* domain */, +- "" /* SRV target host name */, +- htons(dns_state->port), +- 0 /* TXT record len */, +- NULL /* TXT record data */, +- NULL /* callback func */, +- NULL /* callback context */); ++ err = DNSServiceRegister(&state->srv_ref, ++ 0 /* flags */, ++ state->if_index /* interface index */, ++ NULL /* service name */, ++ "_smb._tcp" /* service type */, ++ NULL /* domain */, ++ "" /* SRV target host name */, ++ htons(state->port) /* port */, ++ 0 /* TXT record len */, ++ NULL /* TXT record data */, ++ dns_register_smbd_callback /* callback func */, ++ NULL /* callback context */); ++ + + if (err != kDNSServiceErr_NoError) { + /* Failed to register service. Schedule a re-try attempt. +@@ -123,24 +238,96 @@ static void dns_register_smbd_retry(struct tevent_context *ctx, + goto retry; + } + +- dns_state->fd = DNSServiceRefSockFD(dns_state->srv_ref); +- if (dns_state->fd == -1) { ++ /* ++ * Check for services that are configured as Time Machine targets ++ * ++ */ ++ for (snum = 0; snum < num_services; snum++) { ++ if (lp_snum_ok(snum) && lp_parm_bool(snum, "fruit", "time machine", false)) ++ { ++ if (!sys_txt_created) { ++ if( 0 > TXTRecordPrintf(&txt_adisk, "sys", "adVF=0x100") ) { ++ DEBUG(1, ("Failed to create Zeroconf TXTRecord for sys") ); ++ goto retry; ++ } ++ else ++ { ++ sys_txt_created = true; ++ } ++ } ++ ++ v_uuid = lp_parm_const_string(snum, "fruit", "volume_uuid", NULL); ++ servname = lp_const_servicename(snum); ++ DEBUG(1, ("Registering volume %s for TimeMachine\n", servname)); ++ if (v_uuid) { ++ if( 0 > TXTRecordKeyPrintf(&txt_adisk, "dk%zu", dk++, "adVN=%s,adVF=0x82,adVU=%s", ++ servname, v_uuid) ) { ++ DEBUG(1, ("Could not set Zeroconf TXTRecord for dk%zu \n", dk)); ++ goto retry; ++ } ++ DEBUG(1, ("Registering TimeMachine with the following TXT parameters: " ++ "dk%zu,adVN=%s,adVF=0x82,adVU=%s\n", dk, servname, v_uuid) ); ++ } ++ else { ++ if( 0 > TXTRecordKeyPrintf(&txt_adisk, "dk%zu", dk++, "adVN=%s,adVF=0x82", ++ servname) ) { ++ DEBUG(1, ("Could not set Zeroconf TXTRecord for dk%zu \n", dk)); ++ goto retry; ++ } ++ DEBUG(1, ("Registering TimeMachine with the following TXT parameters: " ++ "dk%zu,adVN=%s,adVF=0x82\n", dk, servname) ); ++ } ++ } ++ } ++ ++ if (dk) { ++ err = DNSServiceRegister(&state->srv_ref, ++ 0 /* flags */, ++ state->if_index /* interface index */, ++ NULL /* service name */, ++ "_adisk._tcp" /* service type */, ++ NULL /* domain */, ++ "" /* SRV target host name */, ++ /* ++ * We would probably use port 0 zero, but we can't, from man DNSServiceRegister: ++ * "A value of 0 for a port is passed to register placeholder services. ++ * Place holder services are not found when browsing, but other ++ * clients cannot register with the same name as the placeholder service." ++ * We therefor use port 9 which is used by the adisk service type. ++ */ ++ htons(9) /* port */, ++ TXTRecordGetLength(&txt_adisk) /* TXT record len */, ++ TXTRecordGetBytesPtr(&txt_adisk) /* TXT record data */, ++ dns_register_smbd_callback /* callback func */, ++ NULL /* callback context */); ++ ++ ++ if (err != kDNSServiceErr_NoError) { ++ /* Failed to register service. Schedule a re-try attempt. ++ */ ++ DEBUG(1, ("unable to register with mDNS (err %d)\n", err)); ++ goto retry; ++ } ++ } ++ ++ state->fd = DNSServiceRefSockFD(state->srv_ref); ++ if (state->fd == -1) { + goto retry; + } + +- dns_state->fde = tevent_add_fd(dns_state->event_ctx, +- dns_state, +- dns_state->fd, +- TEVENT_FD_READ, +- dns_register_smbd_fde_handler, +- dns_state); +- if (!dns_state->fde) { ++ state->fde = tevent_add_fd(state->event_ctx, ++ state->mem_ctx, ++ state->fd, ++ TEVENT_FD_READ, ++ dns_register_smbd_fde_handler, ++ state); ++ if (!state->fde) { + goto retry; + } + + return; + retry: +- dns_register_smbd_schedule(dns_state, ++ dns_register_smbd_schedule(state, + timeval_current_ofs(DNS_REG_RETRY_INTERVAL, 0)); + } + +@@ -150,44 +337,77 @@ static void dns_register_smbd_fde_handler(struct tevent_context *ev, + uint16_t flags, + void *private_data) + { +- struct dns_reg_state *dns_state = talloc_get_type_abort(private_data, +- struct dns_reg_state); ++ struct reg_state *state = (struct reg_state *)private_data; + DNSServiceErrorType err; + +- err = DNSServiceProcessResult(dns_state->srv_ref); ++ err = DNSServiceProcessResult(state->srv_ref); + if (err != kDNSServiceErr_NoError) { +- DEBUG(3, ("failed to process mDNS result (err %d), re-trying\n", +- err)); ++ DEBUG(3, ("failed to process mDNS result (err %d), re-trying\n", err)); + goto retry; + } + +- talloc_free(dns_state); + return; + + retry: +- dns_register_smbd_schedule(dns_state, +- timeval_current_ofs(DNS_REG_RETRY_INTERVAL, 0)); ++ dns_register_smbd_schedule(state, timeval_zero()); + } + ++static int dns_reg_state_destructor(struct dns_reg_state *state) ++{ ++ if (state != NULL) { ++ talloc_free(state); ++ } ++ return 0; ++} ++ ++ + bool smbd_setup_mdns_registration(struct tevent_context *ev, + TALLOC_CTX *mem_ctx, + uint16_t port) + { + struct dns_reg_state *dns_state; ++ bool bind_all = true; ++ int i; + + dns_state = talloc_zero(mem_ctx, struct dns_reg_state); +- if (dns_state == NULL) { ++ if (dns_state == NULL) ++ return false; ++ ++ if (lp_interfaces() && lp_bind_interfaces_only()) ++ bind_all = false; ++ ++ dns_state->count = iface_count(); ++ if (dns_state->count <= 0 || bind_all == true) ++ dns_state->count = 1; ++ ++ dns_state->drs = talloc_array(mem_ctx, struct reg_state, dns_state->count); ++ if (dns_state->drs == NULL) { ++ talloc_free(dns_state); + return false; + } +- dns_state->event_ctx = ev; +- dns_state->port = port; +- dns_state->fd = -1; + +- talloc_set_destructor(dns_state, dns_reg_state_destructor); ++ for (i = 0; i < dns_state->count; i++) { ++ struct interface *iface = get_interface(i); ++ struct reg_state *state = &dns_state->drs[i]; ++ ++ state->mem_ctx = mem_ctx; ++ state->srv_ref = NULL; ++ state->event_ctx = ev; ++ state->te = NULL; ++ state->fde = NULL; ++ state->port = port; ++ state->fd = -1; + +- return dns_register_smbd_schedule(dns_state, timeval_zero()); ++ state->if_index = bind_all ? kDNSServiceInterfaceIndexAny : iface->if_index; ++ ++ dns_register_smbd_schedule(&dns_state->drs[i], timeval_zero()); ++ } ++ ++ talloc_set_destructor(dns_state, dns_reg_state_destructor); ++ return true; + } + ++ + #else /* WITH_DNSSD_SUPPORT */ + + bool smbd_setup_mdns_registration(struct tevent_context *ev, +-- +2.37.1 + diff --git a/net/samba419/files/0020-FreeBSD-12-between-r336017-and-r342928-wrongfuly-ret.patch b/net/samba419/files/0020-FreeBSD-12-between-r336017-and-r342928-wrongfuly-ret.patch new file mode 100644 index 000000000000..33661270ce25 --- /dev/null +++ b/net/samba419/files/0020-FreeBSD-12-between-r336017-and-r342928-wrongfuly-ret.patch @@ -0,0 +1,35 @@ +From 02b599cc740490fa6f433b0c455fe458fdc1db61 Mon Sep 17 00:00:00 2001 +From: "Timur I. Bakeyev" <timur@FreeBSD.org> +Date: Mon, 31 May 2021 02:45:11 +0200 +Subject: [PATCH 20/28] FreeBSD 12 between r336017 and r342928 wrongfuly return + ENOENT for the not enabled qoutas on ZFS. Wrap relevant error code check with + the versioning ifdef's. + +Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org> +--- + source3/lib/sysquotas_4B.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/source3/lib/sysquotas_4B.c b/source3/lib/sysquotas_4B.c +index d9beb924ad9..c41cac02e5f 100644 +--- a/source3/lib/sysquotas_4B.c ++++ b/source3/lib/sysquotas_4B.c +@@ -140,7 +140,14 @@ static int sys_quotactl_4B(const char * path, int cmd, + /* ENOTSUP means quota support is not compiled in. EINVAL + * means that quotas are not configured (commonly). + */ +- if (errno != ENOTSUP && errno != EINVAL) { ++ if (errno != ENOTSUP && errno != EINVAL ++/* ++ * FreeBSD 12 between r336017 and r342928 wrongfuly return ENOENT for the not enabled qoutas on ZFS. ++ */ ++#if defined(__FreeBSD__) && ((__FreeBSD_version >= 1102503 && __FreeBSD_version <= 1102506) || (__FreeBSD_version >= 1200072 && __FreeBSD_version <= 1200503) || (__FreeBSD_version >= 1300000 && __FreeBSD_version <= 1300009)) ++ && errno != ENOENT ++#endif ++ ) { + DEBUG(5, ("failed to %s quota for %s ID %u on %s: %s\n", + (cmd & QCMD(Q_GETQUOTA, 0)) ? "get" : "set", + (cmd & QCMD(0, GRPQUOTA)) ? "group" : "user", +-- +2.37.1 + diff --git a/net/samba419/files/0021-Fix-casting-warnings-in-the-nfs_quota-debug-message.patch b/net/samba419/files/0021-Fix-casting-warnings-in-the-nfs_quota-debug-message.patch new file mode 100644 index 000000000000..c364031b4603 --- /dev/null +++ b/net/samba419/files/0021-Fix-casting-warnings-in-the-nfs_quota-debug-message.patch @@ -0,0 +1,36 @@ +From 46f5b54aa5761541a16108d66764d662f37f04d2 Mon Sep 17 00:00:00 2001 +From: "Timur I. Bakeyev" <timur@FreeBSD.org> +Date: Mon, 31 May 2021 02:41:48 +0200 +Subject: [PATCH 21/28] Fix casting warnings in the nfs_quota debug message. + +Initialize quota structure with zeros. + +Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org> +--- + source3/smbd/quotas.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/source3/smbd/quotas.c b/source3/smbd/quotas.c +index 604631f81d6..c23fa49b3b0 100644 +--- a/source3/smbd/quotas.c ++++ b/source3/smbd/quotas.c +@@ -125,6 +125,7 @@ static bool nfs_quotas(char *nfspath, uid_t euser_id, uint64_t *bsize, uint64_t + if (!cutstr) + return False; + ++ memset(&D, '\0', sizeof(D)); + memset(cutstr, '\0', len+1); + host = strncat(cutstr,mnttype, sizeof(char) * len ); + DEBUG(5,("nfs_quotas: looking for mount on \"%s\"\n", cutstr)); +@@ -133,7 +134,7 @@ static bool nfs_quotas(char *nfspath, uid_t euser_id, uint64_t *bsize, uint64_t + args.gqa_pathp = testpath+1; + args.gqa_uid = uid; + +- DEBUG(5,("nfs_quotas: Asking for host \"%s\" rpcprog \"%i\" rpcvers \"%i\" network \"%s\"\n", host, RQUOTAPROG, RQUOTAVERS, "udp")); ++ DEBUG(5,("nfs_quotas: Asking for host \"%s\" rpcprog \"%lu\" rpcvers \"%lu\" network \"%s\"\n", host, RQUOTAPROG, RQUOTAVERS, "udp")); + + if ((clnt = clnt_create(host, RQUOTAPROG, RQUOTAVERS, "udp")) == NULL) { + ret = False; +-- +2.37.1 + diff --git a/net/samba419/files/0022-Clean-up-UTMP-handling-code-and-add-FreeBSD-support..patch b/net/samba419/files/0022-Clean-up-UTMP-handling-code-and-add-FreeBSD-support..patch new file mode 100644 index 000000000000..9c430425138f --- /dev/null +++ b/net/samba419/files/0022-Clean-up-UTMP-handling-code-and-add-FreeBSD-support..patch @@ -0,0 +1,340 @@ +From 5019ad026f106d51dc2bb4c410a05b2f63b56cd0 Mon Sep 17 00:00:00 2001 +From: "Timur I. Bakeyev" <timur@FreeBSD.org> +Date: Mon, 31 May 2021 01:43:13 +0200 +Subject: [PATCH 22/28] Clean up UTMP handling code and add FreeBSD support. + Some really legacy platforms may have been dropped as a result. + +Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org> +--- + source3/smbd/utmp.c | 156 ++++++++++++-------------------------------- + source3/wscript | 37 ++++++----- + 2 files changed, 63 insertions(+), 130 deletions(-) + +diff --git a/source3/smbd/utmp.c b/source3/smbd/utmp.c +index 4327301e3b1..f4a8362dd56 100644 +--- a/source3/smbd/utmp.c ++++ b/source3/smbd/utmp.c +@@ -257,7 +257,7 @@ static char *uw_pathname(TALLOC_CTX *ctx, + Update utmp file directly. No subroutine interface: probably a BSD system. + ****************************************************************************/ + +-static void pututline_my(const char *uname, struct utmp *u, bool claim) ++static void pututline_my(const char *uname, STRUCT_UTMP *u, bool claim) + { + DEBUG(1,("pututline_my: not yet implemented\n")); + /* BSD implementor: may want to consider (or not) adjusting "lastlog" */ +@@ -271,7 +271,7 @@ static void pututline_my(const char *uname, struct utmp *u, bool claim) + Credit: Michail Vidiassov <master@iaas.msu.ru> + ****************************************************************************/ + +-static void updwtmp_my(const char *wname, struct utmp *u, bool claim) ++static void updwtmp_my(const char *wname, STRUCT_UTMP *u, bool claim) + { + int fd; + struct stat buf; +@@ -303,7 +303,7 @@ static void updwtmp_my(const char *wname, struct utmp *u, bool claim) + if ((fd = open(wname, O_WRONLY|O_APPEND, 0)) < 0) + return; + if (fstat(fd, &buf) == 0) { +- if (write(fd, (char *)u, sizeof(struct utmp)) != sizeof(struct utmp)) ++ if (write(fd, (char *)u, sizeof(STRUCT_UTMP)) != sizeof(STRUCT_UTMP)) + (void) ftruncate(fd, buf.st_size); + } + (void) close(fd); +@@ -314,12 +314,12 @@ static void updwtmp_my(const char *wname, struct utmp *u, bool claim) + Update via utmp/wtmp (not utmpx/wtmpx). + ****************************************************************************/ + +-static void utmp_nox_update(struct utmp *u, bool claim) ++static void utmp_nox_update(STRUCT_UTMP *u, bool claim) + { + char *uname = NULL; + char *wname = NULL; + #if defined(PUTUTLINE_RETURNS_UTMP) +- struct utmp *urc; ++ STRUCT_UTMP *urc; + #endif /* PUTUTLINE_RETURNS_UTMP */ + + uname = uw_pathname(talloc_tos(), "utmp", ut_pathname); +@@ -376,127 +376,52 @@ static void utmp_nox_update(struct utmp *u, bool claim) + } + } + +-/**************************************************************************** +- Copy a string in the utmp structure. +-****************************************************************************/ + +-static void utmp_strcpy(char *dest, const char *src, size_t n) +-{ +- size_t len = 0; +- +- memset(dest, '\0', n); +- if (src) +- len = strlen(src); +- if (len >= n) { +- memcpy(dest, src, n); +- } else { +- if (len) +- memcpy(dest, src, len); +- } +-} ++ ++ + + /**************************************************************************** + Update via utmpx/wtmpx (preferred) or via utmp/wtmp. + ****************************************************************************/ + +-static void sys_utmp_update(struct utmp *u, const char *hostname, bool claim) ++static void sys_utmp_update(STRUCT_UTMP *u, const char *hostname, bool claim) + { +-#if !defined(HAVE_UTMPX_H) +- /* No utmpx stuff. Drop to non-x stuff */ +- utmp_nox_update(u, claim); +-#elif !defined(HAVE_PUTUTXLINE) +- /* Odd. Have utmpx.h but no "pututxline()". Drop to non-x stuff */ +- DEBUG(1,("utmp_update: have utmpx.h but no pututxline() function\n")); +- utmp_nox_update(u, claim); +-#elif !defined(HAVE_GETUTMPX) +- /* Odd. Have utmpx.h but no "getutmpx()". Drop to non-x stuff */ +- DEBUG(1,("utmp_update: have utmpx.h but no getutmpx() function\n")); +- utmp_nox_update(u, claim); +-#elif !defined(HAVE_UPDWTMPX) +- /* Have utmpx.h but no "updwtmpx()". Drop to non-x stuff */ +- DEBUG(1,("utmp_update: have utmpx.h but no updwtmpx() function\n")); +- utmp_nox_update(u, claim); +-#else +- char *uname = NULL; +- char *wname = NULL; +- struct utmpx ux, *uxrc; +- +- getutmpx(u, &ux); +- +-#if defined(HAVE_UX_UT_SYSLEN) +- if (hostname) +- ux.ut_syslen = strlen(hostname) + 1; /* include end NULL */ +- else +- ux.ut_syslen = 0; +-#endif +-#if defined(HAVE_UX_UT_HOST) +- utmp_strcpy(ux.ut_host, hostname, sizeof(ux.ut_host)); +-#endif +- +- uname = uw_pathname(talloc_tos(), "utmpx", ux_pathname); +- wname = uw_pathname(talloc_tos(), "wtmpx", wx_pathname); +- if (uname && wname) { +- DEBUG(2,("utmp_update: uname:%s wname:%s\n", uname, wname)); +- } ++ STRUCT_UTMP *urc; + +- /* +- * Check for either uname or wname being empty. +- * Some systems, such as Redhat 6, have a "utmpx.h" which doesn't +- * define default filenames. +- * Also, our local installation has not provided an override. +- * Drop to non-x method. (E.g. RH6 has good defaults in "utmp.h".) +- */ +- if (!uname || !wname || (strlen(uname) == 0) || (strlen(wname) == 0)) { +- utmp_nox_update(u, claim); +- } else { +- utmpxname(uname); +- setutxent(); +- uxrc = pututxline(&ux); +- endutxent(); +- if (uxrc == NULL) { +- DEBUG(2,("utmp_update: pututxline() failed\n")); +- return; +- } +- updwtmpx(wname, &ux); ++ setutxent(); ++ urc = pututxline(u); ++ endutxent(); ++ if (urc == NULL) { ++ DEBUG(2,("utmp_update: pututxline() failed\n")); ++ return; + } +-#endif /* HAVE_UTMPX_H */ + } + + #if defined(HAVE_UT_UT_ID) + /**************************************************************************** + Encode the unique connection number into "ut_id". + ****************************************************************************/ +- +-static int ut_id_encode(int i, char *fourbyte) ++static void ut_id_encode(char *buf, int id, size_t buf_size) + { +- int nbase; +- const char *ut_id_encstr = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"; ++ const char ut_id_encstr[] = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"; + +-/* +- * 'ut_id_encstr' is the character set on which modulo arithmetic is done. +- * Example: digits would produce the base-10 numbers from '001'. +- */ +- nbase = strlen(ut_id_encstr); +- +- fourbyte[0] = ut_id_encstr[i % nbase]; +- i /= nbase; +- fourbyte[1] = ut_id_encstr[i % nbase]; +- i /= nbase; +- fourbyte[3] = ut_id_encstr[i % nbase]; +- i /= nbase; +- fourbyte[2] = ut_id_encstr[i % nbase]; +- i /= nbase; +- +- /* we do not care about overflows as i is a random number */ +- return 0; ++ int nbase = sizeof(ut_id_encstr) - 1; ++ /* ++ * 'ut_id_encstr' is the character set on which modulo arithmetic is done. ++ * Example: digits would produce the base-10 numbers from '001'. ++ */ ++ ++ for(int i = 0; i < buf_size; i++) { ++ buf[i] = ut_id_encstr[id % nbase]; ++ id /= nbase; ++ } + } + #endif /* defined(HAVE_UT_UT_ID) */ + +- + /* + fill a system utmp structure given all the info we can gather + */ +-static bool sys_utmp_fill(struct utmp *u, ++static bool sys_utmp_fill(STRUCT_UTMP *u, + const char *username, const char *hostname, + const char *id_str, int id_num) + { +@@ -509,16 +434,16 @@ static bool sys_utmp_fill(struct utmp *u, + * rather than to try to detect and optimise. + */ + #if defined(HAVE_UT_UT_USER) +- utmp_strcpy(u->ut_user, username, sizeof(u->ut_user)); ++ strncpy(u->ut_user, username, sizeof(u->ut_user)); + #elif defined(HAVE_UT_UT_NAME) +- utmp_strcpy(u->ut_name, username, sizeof(u->ut_name)); ++ strncpy(u->ut_name, username, sizeof(u->ut_name)); + #endif + + /* + * ut_line: + * If size limit proves troublesome, then perhaps use "ut_id_encode()". + */ +- utmp_strcpy(u->ut_line, id_str, sizeof(u->ut_line)); ++ strncpy(u->ut_line, id_str, sizeof(u->ut_line)); + + #if defined(HAVE_UT_UT_PID) + u->ut_pid = getpid(); +@@ -535,20 +460,23 @@ static bool sys_utmp_fill(struct utmp *u, + u->ut_time = timeval.tv_sec; + #elif defined(HAVE_UT_UT_TV) + GetTimeOfDay(&timeval); +- u->ut_tv = timeval; ++ u->ut_tv.tv_sec = timeval.tv_sec; ++ u->ut_tv.tv_usec = timeval.tv_usec; + #else + #error "with-utmp must have UT_TIME or UT_TV" + #endif + + #if defined(HAVE_UT_UT_HOST) +- utmp_strcpy(u->ut_host, hostname, sizeof(u->ut_host)); ++ if(hostname != NULL) { ++ strncpy(u->ut_host, hostname, sizeof(u->ut_host)); ++#if defined(HAVE_UT_UT_SYSLEN) ++ u->ut_syslen = strlen(hostname) + 1; /* include trailing NULL */ ++#endif ++ } + #endif + + #if defined(HAVE_UT_UT_ID) +- if (ut_id_encode(id_num, u->ut_id) != 0) { +- DEBUG(1,("utmp_fill: cannot encode id %d\n", id_num)); +- return False; +- } ++ ut_id_encode(u->ut_id, id_num, sizeof(u->ut_id)); + #endif + + return True; +@@ -561,7 +489,7 @@ static bool sys_utmp_fill(struct utmp *u, + void sys_utmp_yield(const char *username, const char *hostname, + const char *id_str, int id_num) + { +- struct utmp u; ++ STRUCT_UTMP u; + + ZERO_STRUCT(u); + +@@ -587,7 +515,7 @@ void sys_utmp_yield(const char *username, const char *hostname, + void sys_utmp_claim(const char *username, const char *hostname, + const char *id_str, int id_num) + { +- struct utmp u; ++ STRUCT_UTMP u; + + ZERO_STRUCT(u); + +diff --git a/source3/wscript b/source3/wscript +index 6209472c6c8..65961851e17 100644 +--- a/source3/wscript ++++ b/source3/wscript +@@ -807,34 +807,39 @@ msg.msg_accrightslen = sizeof(fd); + + if Options.options.with_utmp: + conf.env.with_utmp = True +- if not conf.CHECK_HEADERS('utmp.h'): conf.env.with_utmp = False +- conf.CHECK_FUNCS('pututline pututxline updwtmp updwtmpx getutmpx getutxent') +- conf.CHECK_STRUCTURE_MEMBER('struct utmp', 'ut_name', headers='utmp.h', ++ if not conf.CHECK_HEADERS('utmpx.h') and not conf.CHECK_HEADERS('utmp.h'): ++ conf.env.with_utmp = False ++ if conf.CONFIG_SET('HAVE_UTMPX_H'): ++ conf.DEFINE('STRUCT_UTMP', 'struct utmpx') ++ elif conf.CONFIG_SET('HAVE_UTMP_H'): ++ conf.DEFINE('STRUCT_UTMP', 'struct utmp') ++ conf.CHECK_FUNCS('pututxline getutxid getutxline updwtmpx getutmpx setutxent endutxent') ++ conf.CHECK_FUNCS('pututline getutid getutline updwtmp getutmp setutent endutent') ++ conf.CHECK_STRUCTURE_MEMBER('STRUCT_UTMP', 'ut_name', headers='utmpx.h utmp.h', + define='HAVE_UT_UT_NAME') +- conf.CHECK_STRUCTURE_MEMBER('struct utmp', 'ut_user', headers='utmp.h', ++ ++ conf.CHECK_STRUCTURE_MEMBER('STRUCT_UTMP', 'ut_user', headers='utmpx.h utmp.h', + define='HAVE_UT_UT_USER') +- conf.CHECK_STRUCTURE_MEMBER('struct utmp', 'ut_id', headers='utmp.h', ++ conf.CHECK_STRUCTURE_MEMBER('STRUCT_UTMP', 'ut_id', headers='utmpx.h utmp.h', + define='HAVE_UT_UT_ID') +- conf.CHECK_STRUCTURE_MEMBER('struct utmp', 'ut_host', headers='utmp.h', ++ conf.CHECK_STRUCTURE_MEMBER('STRUCT_UTMP', 'ut_host', headers='utmpx.h utmp.h', + define='HAVE_UT_UT_HOST') +- conf.CHECK_STRUCTURE_MEMBER('struct utmp', 'ut_time', headers='utmp.h', ++ conf.CHECK_STRUCTURE_MEMBER('STRUCT_UTMP', 'ut_time', headers='utmpx.h utmp.h', + define='HAVE_UT_UT_TIME') +- conf.CHECK_STRUCTURE_MEMBER('struct utmp', 'ut_tv', headers='utmp.h', ++ conf.CHECK_STRUCTURE_MEMBER('STRUCT_UTMP', 'ut_tv', headers='utmpx.h utmp.h', + define='HAVE_UT_UT_TV') +- conf.CHECK_STRUCTURE_MEMBER('struct utmp', 'ut_type', headers='utmp.h', ++ conf.CHECK_STRUCTURE_MEMBER('STRUCT_UTMP', 'ut_type', headers='utmpx.h utmp.h', + define='HAVE_UT_UT_TYPE') +- conf.CHECK_STRUCTURE_MEMBER('struct utmp', 'ut_pid', headers='utmp.h', ++ conf.CHECK_STRUCTURE_MEMBER('STRUCT_UTMP', 'ut_pid', headers='utmpx.h utmp.h', + define='HAVE_UT_UT_PID') +- conf.CHECK_STRUCTURE_MEMBER('struct utmp', 'ut_exit.e_exit', headers='utmp.h', ++ conf.CHECK_STRUCTURE_MEMBER('STRUCT_UTMP', 'ut_exit.e_exit', headers='utmpx.h utmp.h', + define='HAVE_UT_UT_EXIT') +- conf.CHECK_STRUCTURE_MEMBER('struct utmpx', 'ut_syslen', headers='utmpx.h', +- define='HAVE_UX_UT_SYSLEN') +- conf.CHECK_STRUCTURE_MEMBER('struct utmpx', 'ut_host', headers='utmpx.h', +- define='HAVE_UX_UT_HOST') ++ conf.CHECK_STRUCTURE_MEMBER('STRUCT_UTMP', 'ut_syslen', headers='utmpx.h utmp.h', ++ define='HAVE_UT_UT_SYSLEN') + conf.CHECK_CODE('struct utmp utarg; struct utmp *utreturn; utreturn = pututline(&utarg);', + 'PUTUTLINE_RETURNS_UTMP', headers='utmp.h', + msg="Checking whether pututline returns pointer") +- conf.CHECK_SIZEOF(['((struct utmp *)NULL)->ut_line'], headers='utmp.h', ++ conf.CHECK_SIZEOF(['((STRUCT_UTMP *)NULL)->ut_line'], headers='utmpx.h utmp.h', + define='SIZEOF_UTMP_UT_LINE', critical=False) + if not conf.CONFIG_SET('SIZEOF_UTMP_UT_LINE'): + conf.env.with_utmp = False +-- +2.37.1 + diff --git a/net/samba419/files/0023-Add-cmd_get_quota-test-function-into-vfstest-to-test.patch b/net/samba419/files/0023-Add-cmd_get_quota-test-function-into-vfstest-to-test.patch new file mode 100644 index 000000000000..581da64f6747 --- /dev/null +++ b/net/samba419/files/0023-Add-cmd_get_quota-test-function-into-vfstest-to-test.patch @@ -0,0 +1,121 @@ +From 2e927425e04d65027db5348b3e89a69a5e447556 Mon Sep 17 00:00:00 2001 +From: "Timur I. Bakeyev" <timur@FreeBSD.org> +Date: Mon, 31 May 2021 03:07:40 +0200 +Subject: [PATCH 23/28] Add `cmd_get_quota()` test function into vfstest, to + test disk quota interface. + +Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org> +--- + source3/torture/cmd_vfs.c | 78 +++++++++++++++++++++++++++++++++++ + source3/torture/wscript_build | 2 +- + 2 files changed, 79 insertions(+), 1 deletion(-) + +diff --git a/source3/torture/cmd_vfs.c b/source3/torture/cmd_vfs.c +index 38ce0dc4ff6..1bc4639d2a2 100644 +--- a/source3/torture/cmd_vfs.c ++++ b/source3/torture/cmd_vfs.c +@@ -145,6 +145,83 @@ static NTSTATUS cmd_disk_free(struct vfs_state *vfs, TALLOC_CTX *mem_ctx, int ar + return NT_STATUS_OK; + } + ++static NTSTATUS cmd_get_quota(struct vfs_state *vfs, TALLOC_CTX *mem_ctx, int argc, const char **argv) ++{ ++ struct smb_filename *smb_fname = NULL; ++ uint64_t bsize, dfree, dsize; ++ enum SMB_QUOTA_TYPE qtype; ++ SMB_DISK_QUOTA D; ++ unid_t id; ++ int r; ++ ++ if (argc != 4) { ++ printf("Usage: get_quota <path> [user|group] id\n"); ++ return NT_STATUS_OK; ++ } ++ ++ smb_fname = synthetic_smb_fname(talloc_tos(), ++ argv[1], ++ NULL, ++ NULL, ++ 0, ++ ssf_flags()); ++ if (smb_fname == NULL) { ++ return NT_STATUS_NO_MEMORY; ++ } ++ ++ if(strcmp(argv[2], "user") == 0) { ++ qtype = SMB_USER_FS_QUOTA_TYPE; ++ } ++ else if(strcmp(argv[2], "group") == 0) { ++ qtype = SMB_GROUP_FS_QUOTA_TYPE; ++ } ++ else { ++ printf("Usage: get_quota <path> [user|group] id\n"); ++ return NT_STATUS_OK; ++ } ++ ++ id.uid = atoi(argv[3]); ++ ++ ZERO_STRUCT(D); ++ ++ r = SMB_VFS_GET_QUOTA(vfs->conn, smb_fname, qtype, id, &D); ++ ++ if (r == -1 && errno != ENOSYS) { ++ return NT_STATUS_UNSUCCESSFUL; ++ } ++ ++ if (r == 0 && (D.qflags & QUOTAS_DENY_DISK) == 0) { ++ return NT_STATUS_UNSUCCESSFUL; ++ } ++ ++ bsize = D.bsize; ++ /* Use softlimit to determine disk space, except when it has been exceeded */ ++ if ( ++ (D.softlimit && D.curblocks >= D.softlimit) || ++ (D.hardlimit && D.curblocks >= D.hardlimit) || ++ (D.isoftlimit && D.curinodes >= D.isoftlimit) || ++ (D.ihardlimit && D.curinodes>=D.ihardlimit) ++ ) { ++ dfree = 0; ++ dsize = D.curblocks; ++ } else if (D.softlimit==0 && D.hardlimit==0) { ++ return NT_STATUS_UNSUCCESSFUL; ++ } else { ++ if (D.softlimit == 0) { ++ D.softlimit = D.hardlimit; ++ } ++ dfree = D.softlimit - D.curblocks; ++ dsize = D.softlimit; ++ } ++ ++ printf("get_quota: bsize = %lu, dfree = %lu, dsize = %lu\n", ++ (unsigned long)bsize, ++ (unsigned long)dfree, ++ (unsigned long)dsize); ++ ++ return NT_STATUS_OK; ++} ++ + + static NTSTATUS cmd_opendir(struct vfs_state *vfs, TALLOC_CTX *mem_ctx, int argc, const char **argv) + { +@@ -2257,6 +2334,7 @@ struct cmd_set vfs_commands[] = { + { "connect", cmd_connect, "VFS connect()", "connect" }, + { "disconnect", cmd_disconnect, "VFS disconnect()", "disconnect" }, + { "disk_free", cmd_disk_free, "VFS disk_free()", "disk_free <path>" }, ++ { "get_quota", cmd_get_quota, "VFS get_quota()", "get_quota <path> [user|group] id" }, + { "opendir", cmd_opendir, "VFS opendir()", "opendir <fname>" }, + { "readdir", cmd_readdir, "VFS readdir()", "readdir" }, + { "mkdir", cmd_mkdir, "VFS mkdir()", "mkdir <path>" }, +diff --git a/source3/torture/wscript_build b/source3/torture/wscript_build +index 0c4275de795..f75c4bfe2be 100644 +--- a/source3/torture/wscript_build ++++ b/source3/torture/wscript_build +@@ -124,4 +124,4 @@ bld.SAMBA3_BINARY('vfstest', + smbconf + SMBREADLINE + ''', +- for_selftest=True) ++ install=True) +-- +2.37.1 + diff --git a/net/samba419/files/0024-Cherry-pick-ZFS-provisioning-code-by-iXsystems-Inc.patch b/net/samba419/files/0024-Cherry-pick-ZFS-provisioning-code-by-iXsystems-Inc.patch new file mode 100644 index 000000000000..3746f0e479f6 --- /dev/null +++ b/net/samba419/files/0024-Cherry-pick-ZFS-provisioning-code-by-iXsystems-Inc.patch @@ -0,0 +1,367 @@ +From d3024a4a2ff8015932a26a9df08e8ea5ff12a959 Mon Sep 17 00:00:00 2001 +From: "Timur I. Bakeyev" <timur@FreeBSD.org> +Date: Thu, 4 Aug 2022 05:15:33 +0200 +Subject: [PATCH 24/28] Cherry-pick ZFS provisioning code by iXsystems Inc. + +* Check if sysvol is on filesystem with NFSv4 ACL's +(cherry picked from commit ca86f52b78a7b6e7537454a69cf93e7b96210cba) + +* Only check targetdir if it is defined (I had assumed it was) +(cherry picked from commit a29050cb2978ce23e3c04a859340dc2664c77a8a) + +* Kick samba a little bit into understanding NFSv4 ACL's +(cherry picked from commit 1c7542ff4904b729e311e17464ee76582760c219) + +Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org> +--- + python/samba/provision/__init__.py | 22 +++- + source3/lib/sysacls.c | 10 ++ + source3/param/loadparm.c | 20 +++ + source3/smbd/pysmbd.c | 189 ++++++++++++++++++++++++++++- + 4 files changed, 235 insertions(+), 6 deletions(-) + +diff --git a/python/samba/provision/__init__.py b/python/samba/provision/__init__.py +index ff9b8fac916..20e41a9ad3e 100644 +--- a/python/samba/provision/__init__.py ++++ b/python/samba/provision/__init__.py +@@ -1662,19 +1662,25 @@ def setsysvolacl(samdb, netlogon, sysvol, uid, gid, domainsid, dnsdomain, + s3conf = s3param.get_context() + s3conf.load(lp.configfile) + +- file = tempfile.NamedTemporaryFile(dir=os.path.abspath(sysvol)) ++ sysvol_dir = os.path.abspath(sysvol) ++ ++ set_simple_acl = smbd.set_simple_acl ++ if smbd.has_nfsv4_acls(sysvol_dir): ++ set_simple_acl = smbd.set_simple_nfsv4_acl ++ ++ file = tempfile.NamedTemporaryFile(dir=sysvol_dir) + try: + try: +- smbd.set_simple_acl(file.name, 0o755, system_session_unix(), gid) ++ set_simple_acl(file.name, 0o755, system_session_unix(), gid) + except OSError: +- if not smbd.have_posix_acls(): ++ if not smbd.have_posix_acls() and not smbd.have_nfsv4_acls(): + # This clue is only strictly correct for RPM and + # Debian-like Linux systems, but hopefully other users + # will get enough clue from it. +- raise ProvisioningError("Samba was compiled without the posix ACL support that s3fs requires. " ++ raise ProvisioningError("Samba was compiled without the ACL support that s3fs requires. " + "Try installing libacl1-dev or libacl-devel, then re-run configure and make.") + +- raise ProvisioningError("Your filesystem or build does not support posix ACLs, which s3fs requires. " ++ raise ProvisioningError("Your filesystem or build does not support ACLs, which s3fs requires. " + "Try the mounting the filesystem with the 'acl' option.") + try: + smbd.chown(file.name, uid, gid, system_session_unix()) +@@ -1959,6 +1965,9 @@ def provision_fill(samdb, secrets_ldb, logger, names, paths, + samdb.transaction_commit() + + if serverrole == "active directory domain controller": ++ if targetdir and smbd.have_nfsv4_acls() and smbd.has_nfsv4_acls(targetdir): ++ smbd.set_nfsv4_defaults() ++ + # Continue setting up sysvol for GPO. This appears to require being + # outside a transaction. + if not skip_sysvolacl: +@@ -2313,6 +2322,9 @@ def provision(logger, session_info, smbconf=None, + if not os.path.isdir(paths.netlogon): + os.makedirs(paths.netlogon, 0o755) + ++ if smbd.have_nfsv4_acls() and smbd.has_nfsv4_acls(paths.sysvol): ++ smbd.set_nfsv4_defaults() ++ + if adminpass is None: + adminpass = samba.generate_random_password(12, 32) + adminpass_generated = True +diff --git a/source3/lib/sysacls.c b/source3/lib/sysacls.c +index 891fabea21e..d1357a47bd0 100644 +--- a/source3/lib/sysacls.c ++++ b/source3/lib/sysacls.c +@@ -38,6 +38,16 @@ + #include "modules/vfs_aixacl.h" + #endif + ++/* ++ * NFSv4 ACL's should be understood and a first class citizen. Work ++ * needs to be done in librpc/idl/smb_acl.idl for this to occur. ++ */ ++#if defined(HAVE_LIBSUNACL) && defined(FREEBSD) ++#if 0 ++#include "modules/nfs4_acls.h" ++#endif ++#endif ++ + #undef DBGC_CLASS + #define DBGC_CLASS DBGC_ACLS + +diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c +index 21e061939e3..4e23fdaaf6d 100644 +--- a/source3/param/loadparm.c ++++ b/source3/param/loadparm.c +@@ -2830,9 +2830,29 @@ static void init_locals(void) + } else { + if (lp_parm_const_string(-1, "xattr_tdb", "file", NULL)) { + lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr xattr_tdb"); ++ /* ++ * By default, the samba sysvol is located in the statedir. Provisioning will fail in setntacl ++ * unless we have zfacl enabled. Unfortunately, at this point the smb.conf has not been generated. ++ * This workaround is freebsd-specific. ++ */ ++#if defined(_PC_ACL_EXTENDED) ++ } else if (pathconf(lp_state_directory(), _PC_ACL_EXTENDED) == 1) { ++ lp_do_parameter(-1, "vfs objects", "dfs_samba4 freebsd"); ++#endif ++#if defined(_PC_ACL_NFS4) ++ } else if (pathconf(lp_state_directory(), _PC_ACL_NFS4) == 1) { ++ lp_do_parameter(-1, "vfs objects", "dfs_samba4 zfsacl"); ++#endif + } else if (lp_parm_const_string(-1, "posix", "eadb", NULL)) { + lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr posix_eadb"); + } else { ++ /* ++ * This should only set dfs_samba4 and leave acl_xattr ++ * to be set later (or zfsacl). The only reason the decision ++ * can't be made here to load acl_xattr or zfsacl is ++ * that we don't have access to what the target ++ * directory is. ++ */ + lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr"); + } + } +diff --git a/source3/smbd/pysmbd.c b/source3/smbd/pysmbd.c +index 88cbf62a680..867010ea6cd 100644 +--- a/source3/smbd/pysmbd.c ++++ b/source3/smbd/pysmbd.c +@@ -485,6 +485,20 @@ static SMB_ACL_T make_simple_acl(TALLOC_CTX *mem_ctx, + return acl; + } + ++static SMB_ACL_T make_simple_nfsv4_acl(TALLOC_CTX *mem_ctx, ++ gid_t gid, ++ mode_t chmod_mode) ++{ ++ /* ++ * This function needs to create an NFSv4 ACL. Currently, the only way ++ * to do so is to use the operating system interface, or to use the ++ * functions in source3/modules/nfs4_acls.c. These seems ugly and ++ * hacky. NFSv4 ACL's should be a first class citizen and ++ * librpc/idl/smb_acl.idl should be modified accordingly. ++ */ ++ return NULL; ++} ++ + /* + set a simple ACL on a file, as a test + */ +@@ -557,6 +571,84 @@ static PyObject *py_smbd_set_simple_acl(PyObject *self, PyObject *args, PyObject + Py_RETURN_NONE; + } + ++ ++/* ++ set a simple NFSv4 ACL on a file, as a test ++ */ ++static PyObject *py_smbd_set_simple_nfsv4_acl(PyObject *self, PyObject *args, PyObject *kwargs) ++{ ++ const char * const kwnames[] = { ++ "fname", ++ "mode", ++ "session_info", ++ "gid", ++ "service", ++ NULL ++ }; ++ char *fname, *service = NULL; ++ PyObject *py_session = Py_None; ++ struct auth_session_info *session_info = NULL; ++ int ret; ++ int mode, gid = -1; ++ SMB_ACL_T acl; ++ TALLOC_CTX *frame; ++ connection_struct *conn; ++ ++ if (!PyArg_ParseTupleAndKeywords(args, kwargs, "siO|iz", ++ discard_const_p(char *, kwnames), ++ &fname, ++ &mode, ++ &py_session, ++ &gid, ++ &service)) ++ return NULL; ++ ++ if (!py_check_dcerpc_type(py_session, ++ "samba.dcerpc.auth", ++ "session_info")) { ++ return NULL; ++ } ++ session_info = pytalloc_get_type(py_session, ++ struct auth_session_info); ++ if (session_info == NULL) { ++ PyErr_Format(PyExc_TypeError, ++ "Expected auth_session_info for session_info argument got %s", ++ pytalloc_get_name(py_session)); ++ return NULL; ++ } ++ ++ frame = talloc_stackframe(); ++ ++ acl = make_simple_nfsv4_acl(frame, gid, mode); ++ if (acl == NULL) { ++ TALLOC_FREE(frame); ++ Py_RETURN_NONE; ++ } ++ ++ conn = get_conn_tos(service, session_info); ++ if (!conn) { ++ TALLOC_FREE(frame); ++ Py_RETURN_NONE; ++ } ++ ++ /* ++ * SMB_ACL_TYPE_ACCESS -> ACL_TYPE_ACCESS -> Not valid for NFSv4 ACL ++ */ ++ ret = 0; ++ ++ /* ret = set_sys_acl_conn(fname, SMB_ACL_TYPE_ACCESS, acl, conn); */ ++ ++ if (ret != 0) { ++ TALLOC_FREE(frame); ++ errno = ret; ++ return PyErr_SetFromErrno(PyExc_OSError); ++ } ++ ++ TALLOC_FREE(frame); ++ ++ Py_RETURN_NONE; ++} ++ + /* + chown a file + */ +@@ -744,7 +836,7 @@ static PyObject *py_smbd_unlink(PyObject *self, PyObject *args, PyObject *kwargs + } + + /* +- check if we have ACL support ++ check if we have POSIX.1e ACL support + */ + static PyObject *py_smbd_have_posix_acls(PyObject *self, + PyObject *Py_UNUSED(ignored)) +@@ -756,6 +848,83 @@ static PyObject *py_smbd_have_posix_acls(PyObject *self, + #endif + } + ++static PyObject *py_smbd_has_posix_acls(PyObject *self, PyObject *args, PyObject *kwargs) ++{ ++ const char * const kwnames[] = { "path", NULL }; ++ char *path = NULL; ++ TALLOC_CTX *frame; ++ struct statfs fs; ++ int ret = false; ++ ++ frame = talloc_stackframe(); ++ ++ if (!PyArg_ParseTupleAndKeywords(args, kwargs, "s|z", ++ discard_const_p(char *, kwnames), &path)) { ++ TALLOC_FREE(frame); ++ return NULL; ++ } ++ ++ if (statfs(path, &fs) != 0) { ++ TALLOC_FREE(frame); ++ return NULL; ++ } ++ ++ if (fs.f_flags & MNT_ACLS) ++ ret = true; ++ ++ TALLOC_FREE(frame); ++ return PyBool_FromLong(ret); ++} ++ ++/* ++ check if we have NFSv4 ACL support ++ */ ++static PyObject *py_smbd_have_nfsv4_acls(PyObject *self) ++{ ++#ifdef HAVE_LIBSUNACL ++ return PyBool_FromLong(true); ++#else ++ return PyBool_FromLong(false); ++#endif ++} ++ ++static PyObject *py_smbd_has_nfsv4_acls(PyObject *self, PyObject *args, PyObject *kwargs) ++{ ++ const char * const kwnames[] = { "path", NULL }; ++ char *path = NULL; ++ TALLOC_CTX *frame; ++ struct statfs fs; ++ int ret = false; ++ ++ frame = talloc_stackframe(); ++ ++ if (!PyArg_ParseTupleAndKeywords(args, kwargs, "s|z", ++ discard_const_p(char *, kwnames), &path)) { ++ TALLOC_FREE(frame); ++ return NULL; ++ } ++ ++ if (statfs(path, &fs) != 0) { ++ TALLOC_FREE(frame); ++ return NULL; ++ } ++ ++ if (fs.f_flags & MNT_NFS4ACLS) ++ ret = true; ++ ++ TALLOC_FREE(frame); ++ return PyBool_FromLong(ret); ++} ++ ++ ++static PyObject *py_smbd_set_nfsv4_defaults(PyObject *self) ++{ ++ /* ++ * It is really be done in source3/param/loadparm.c ++ */ ++ Py_RETURN_NONE; ++} ++ + /* + set the NT ACL on a file + */ +@@ -1242,10 +1411,28 @@ static PyMethodDef py_smbd_methods[] = { + { "have_posix_acls", + (PyCFunction)py_smbd_have_posix_acls, METH_NOARGS, + NULL }, ++ { "has_posix_acls", ++ PY_DISCARD_FUNC_SIG(PyCFunction, py_smbd_has_posix_acls), ++ METH_VARARGS|METH_KEYWORDS, ++ NULL }, ++ { "have_nfsv4_acls", ++ (PyCFunction)py_smbd_have_nfsv4_acls, METH_NOARGS, ++ NULL }, ++ { "has_nfsv4_acls", ++ PY_DISCARD_FUNC_SIG(PyCFunction, py_smbd_has_nfsv4_acls), ++ METH_VARARGS|METH_KEYWORDS, ++ NULL }, ++ { "set_nfsv4_defaults", ++ (PyCFunction)py_smbd_set_nfsv4_defaults, METH_NOARGS, ++ NULL }, + { "set_simple_acl", + PY_DISCARD_FUNC_SIG(PyCFunction, py_smbd_set_simple_acl), + METH_VARARGS|METH_KEYWORDS, + NULL }, ++ { "set_simple_nfsv4_acl", ++ PY_DISCARD_FUNC_SIG(PyCFunction, py_smbd_set_simple_nfsv4_acl), ++ METH_VARARGS|METH_KEYWORDS, ++ NULL }, + { "set_nt_acl", + PY_DISCARD_FUNC_SIG(PyCFunction, py_smbd_set_nt_acl), + METH_VARARGS|METH_KEYWORDS, +-- +2.37.1 + diff --git a/net/samba419/files/0025-From-d9b748869a8f4018ebee302aae8246bf29f60309-Mon-Se.patch b/net/samba419/files/0025-From-d9b748869a8f4018ebee302aae8246bf29f60309-Mon-Se.patch new file mode 100644 index 000000000000..b66e24b27910 --- /dev/null +++ b/net/samba419/files/0025-From-d9b748869a8f4018ebee302aae8246bf29f60309-Mon-Se.patch @@ -0,0 +1,101 @@ +From 6e79023af14210a6435ab18ada8097253b8b16b6 Mon Sep 17 00:00:00 2001 +From: "Timur I. Bakeyev" <timur@FreeBSD.org> +Date: Mon, 31 May 2021 01:38:49 +0200 +Subject: [PATCH 25/28] From d9b748869a8f4018ebee302aae8246bf29f60309 Mon Sep + 17 00:00:00 2001 From: "Timur I. Bakeyev" <timur@iXsystems.com> Date: Fri, 1 + Jun 2018 01:35:08 +0800 Subject: [PATCH] vfs_fruit: allow broken + AFP_Signature where the first byte is 0 + +FreeBSD bug ... caused the first byte of the AFP_AfpInfo xattr to be 0 +instead of 'A'. This hack allows such broken AFP_AfpInfo blobs to be +parsed by afpinfo_unpack(). + +FreeBSD Bug: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=228462 + +Signed-off-by: Ralph Boehme <slow@samba.org> +Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org> +--- + source3/lib/adouble.c | 20 ++++++++++++++++---- + source3/modules/vfs_fruit.c | 19 ++++++++++++++++++- + 2 files changed, 34 insertions(+), 5 deletions(-) + +diff --git a/source3/lib/adouble.c b/source3/lib/adouble.c +index aa78007dadd..ca99dcff193 100644 +--- a/source3/lib/adouble.c ++++ b/source3/lib/adouble.c +@@ -2830,6 +2830,8 @@ ssize_t afpinfo_pack(const AfpInfo *ai, char *buf) + return AFP_INFO_SIZE; + } + ++#define BROKEN_FREEBSD_AFP_Signature 0x00465000 ++ + /** + * Unpack a buffer into a AfpInfo structure + * +@@ -2847,12 +2849,22 @@ AfpInfo *afpinfo_unpack(TALLOC_CTX *ctx, const void *data) + ai->afpi_Version = RIVAL(data, 4); + ai->afpi_BackupTime = RIVAL(data, 12); + memcpy(ai->afpi_FinderInfo, (const char *)data + 16, +- sizeof(ai->afpi_FinderInfo)); ++ sizeof(ai->afpi_FinderInfo)); ++ ++ if (ai->afpi_Signature != AFP_Signature) { ++ DBG_WARNING("Bad AFP signature [%x]\n", ai->afpi_Signature); ++ ++ if (ai->afpi_Signature != BROKEN_FREEBSD_AFP_Signature) { ++ DBG_ERR("Bad AfpInfo signature\n"); ++ TALLOC_FREE(ai); ++ return NULL; ++ } ++ } + +- if (ai->afpi_Signature != AFP_Signature +- || ai->afpi_Version != AFP_Version) { +- DEBUG(1, ("Bad AfpInfo signature or version\n")); ++ if (ai->afpi_Version != AFP_Version) { ++ DBG_ERR("Bad AfpInfo version\n"); + TALLOC_FREE(ai); ++ return NULL; + } + + return ai; +diff --git a/source3/modules/vfs_fruit.c b/source3/modules/vfs_fruit.c +index 303df41258e..428f95fd7d9 100644 +--- a/source3/modules/vfs_fruit.c ++++ b/source3/modules/vfs_fruit.c +@@ -2300,6 +2300,7 @@ static ssize_t fruit_pread_meta_stream(vfs_handle_struct *handle, + size_t n, off_t offset) + { + struct fio *fio = fruit_get_complete_fio(handle, fsp); ++ char *p = (char *)data; + ssize_t nread; + int ret; + +@@ -2308,7 +2309,23 @@ static ssize_t fruit_pread_meta_stream(vfs_handle_struct *handle, + } + + nread = SMB_VFS_NEXT_PREAD(handle, fsp, data, n, offset); +- if (nread == -1 || nread == n) { ++ if (nread <= 0) { ++ /* ++ * fruit_meta_open_stream() removes O_CREAT flag ++ * from xattr open. This results in vfs_streams_xattr ++ * not generating an FSP extension for the files_struct ++ * and causes subsequent pread() of stream to return ++ * nread=0 if pread() occurs before pwrite(). ++ */ ++ return nread; ++ } ++ ++ if (nread == n) { ++ if (offset == 0 && nread > 3 && p[0] == 0 && p[1] == 'F' && p[2] == 'P') { ++ DBG_NOTICE("Fixing AFP_Info of [%s]\n", ++ fsp_str_dbg(fsp)); ++ p[0] = 'A'; ++ } + return nread; + } + +-- +2.37.1 + diff --git a/net/samba419/files/0026-vfs-add-a-compatibility-option-to-the-vfs_streams_xa.patch b/net/samba419/files/0026-vfs-add-a-compatibility-option-to-the-vfs_streams_xa.patch new file mode 100644 index 000000000000..38a7f0295b90 --- /dev/null +++ b/net/samba419/files/0026-vfs-add-a-compatibility-option-to-the-vfs_streams_xa.patch @@ -0,0 +1,335 @@ +From 2d73ccb27ffcdf419d569260fcca6e9ee3b9538a Mon Sep 17 00:00:00 2001 +From: "Timur I. Bakeyev" <timur@FreeBSD.org> +Date: Thu, 29 Sep 2022 03:24:26 +0200 +Subject: [PATCH 26/28] vfs: add a compatibility option to the + vfs_streams_xattr + +When enabled, the module does not append a trailing 0 +byte to the end of the extended attribute data. + +This is primarily a consideration when the administrator +wishes to expose extended attributes that have been written +by another application as alternate data streams via +Samba. + +An example where this parameter may be required is when +migrating a netatalk share to Samba. See manpage for +vfs_fruit for additional considerations regarding +Netatalk and Samba compatibility. + +Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org> +--- + docs-xml/manpages/vfs_streams_xattr.8.xml | 25 ++++++ + source3/modules/vfs_streams_xattr.c | 95 +++++++++++++++++------ + 2 files changed, 97 insertions(+), 23 deletions(-) + +diff --git a/docs-xml/manpages/vfs_streams_xattr.8.xml b/docs-xml/manpages/vfs_streams_xattr.8.xml +index 6645928c016..0f38d510a82 100644 +--- a/docs-xml/manpages/vfs_streams_xattr.8.xml ++++ b/docs-xml/manpages/vfs_streams_xattr.8.xml +@@ -71,6 +71,31 @@ + </listitem> + </varlistentry> + ++ <varlistentry> ++ <term>streams_xattr:xattr_compat = [yes|no]</term> ++ <listitem> ++ <para>When enabled, the module does not append a trailing 0 ++ byte to the end of the extended attribute data. This parameter ++ must not be changed once data has been written to the share ++ since it may result in dropping the last byte from xattr data. ++ ++ This is primarily a consideration when the administrator ++ wishes to expose extended attributes that have been written ++ by another application as alternate data streams via ++ Samba. ++ ++ An example where this parameter may be required is when ++ migrating a netatalk share to Samba. See manpage for ++ vfs_fruit for additional considerations regarding ++ Netatalk and Samba compatibility. ++ ++ WARNING: this parameter must not be changed on existing ++ Samba shares or new shares that export paths currently ++ or previously have been shared by Samba. ++ The default is <command>yes</command>.</para> ++ </listitem> ++ </varlistentry> ++ + </variablelist> + + </refsect1> +diff --git a/source3/modules/vfs_streams_xattr.c b/source3/modules/vfs_streams_xattr.c +index b69a4f342f5..070111e3ee9 100644 +--- a/source3/modules/vfs_streams_xattr.c ++++ b/source3/modules/vfs_streams_xattr.c +@@ -35,6 +35,7 @@ struct streams_xattr_config { + const char *prefix; + size_t prefix_len; + bool store_stream_type; ++ int xattr_compat_bytes; + }; + + struct stream_io { +@@ -45,22 +46,28 @@ struct stream_io { + vfs_handle_struct *handle; + }; + +-static ssize_t get_xattr_size_fsp(struct files_struct *fsp, ++static ssize_t get_xattr_size_fsp(vfs_handle_struct *handle, ++ struct files_struct *fsp, + const char *xattr_name) + { + NTSTATUS status; + struct ea_struct ea; + ssize_t result; ++ struct streams_xattr_config *config = NULL; + ++ SMB_VFS_HANDLE_GET_DATA(handle, config, struct streams_xattr_config, ++ return -1); ++ + status = get_ea_value_fsp(talloc_tos(), + fsp, + xattr_name, + &ea); ++ + if (!NT_STATUS_IS_OK(status)) { + return -1; + } + +- result = ea.value.length-1; ++ result = ea.value.length - config->xattr_compat_bytes; + TALLOC_FREE(ea.value.data); + return result; + } +@@ -197,7 +204,8 @@ static int streams_xattr_fstat(vfs_handle_struct *hand + return -1; + } + +- sbuf->st_ex_size = get_xattr_size_fsp(fsp->base_fsp, ++ sbuf->st_ex_size = get_xattr_size_fsp(handle, ++ fsp->base_fsp, + io->xattr_name); + if (sbuf->st_ex_size == -1) { + SET_STAT_INVALID(*sbuf); +@@ -273,7 +281,7 @@ static int streams_xattr_stat(vfs_handle_struct *handl + fsp = fsp->base_fsp; + } + +- smb_fname->st.st_ex_size = get_xattr_size_fsp(fsp, ++ smb_fname->st.st_ex_size = get_xattr_size_fsp(handle, fsp, + xattr_name); + if (smb_fname->st.st_ex_size == -1) { + TALLOC_FREE(xattr_name); +@@ -308,6 +316,7 @@ static int streams_xattr_lstat(vfs_handle_struct *hand + errno = ENOENT; + return -1; + } ++ + return SMB_VFS_NEXT_LSTAT(handle, smb_fname); + } + +@@ -341,6 +350,12 @@ static int streams_xattr_openat(struct vfs_handle_stru + how); + } + ++#ifdef O_EMPTY_PATH ++ if (how->flags & O_EMPTY_PATH) { ++ return vfs_fake_fd(); ++ } ++#endif ++ + if (how->resolve != 0) { + errno = ENOSYS; + return -1; +@@ -356,6 +371,8 @@ static int streams_xattr_openat(struct vfs_handle_stru + goto fail; + } + ++ fsp->fsp_flags.have_proc_fds = fsp->conn->have_proc_fds; ++ + status = get_ea_value_fsp(talloc_tos(), + fsp->base_fsp, + xattr_name, +@@ -394,7 +411,8 @@ static int streams_xattr_openat(struct vfs_handle_stru + */ + + /* +- * Darn, xattrs need at least 1 byte ++ * If xattr_compat_bytes is set we need to ++ * provide one extra trailing byte + */ + char null = '\0'; + +@@ -403,7 +421,8 @@ static int streams_xattr_openat(struct vfs_handle_stru + + ret = SMB_VFS_FSETXATTR(fsp->base_fsp, + xattr_name, +- &null, sizeof(null), ++ (config->xattr_compat_bytes) ? &null : NULL, ++ (config->xattr_compat_bytes) ? sizeof(null) : 0, + how->flags & O_EXCL ? XATTR_CREATE : 0); + if (ret != 0) { + goto fail; +@@ -412,13 +431,13 @@ static int streams_xattr_openat(struct vfs_handle_stru + + fakefd = vfs_fake_fd(); + +- sio = VFS_ADD_FSP_EXTENSION(handle, fsp, struct stream_io, NULL); +- if (sio == NULL) { +- errno = ENOMEM; +- goto fail; +- } ++ sio = VFS_ADD_FSP_EXTENSION(handle, fsp, struct stream_io, NULL); ++ if (sio == NULL) { ++ errno = ENOMEM; ++ goto fail; ++ } + +- sio->xattr_name = talloc_strdup(VFS_MEMCTX_FSP_EXTENSION(handle, fsp), ++ sio->xattr_name = talloc_strdup(VFS_MEMCTX_FSP_EXTENSION(handle, fsp), + xattr_name); + if (sio->xattr_name == NULL) { + errno = ENOMEM; +@@ -808,12 +827,16 @@ static bool collect_one_stream(struct ea_struct *ea, v + { + struct streaminfo_state *state = + (struct streaminfo_state *)private_data; ++ struct streams_xattr_config *config = NULL; + ++ SMB_VFS_HANDLE_GET_DATA(state->handle, config, struct streams_xattr_config, ++ return false); ++ + if (!add_one_stream(state->mem_ctx, + &state->num_streams, &state->streams, +- ea->name, ea->value.length-1, ++ ea->name, ea->value.length - config->xattr_compat_bytes, + smb_roundup(state->handle->conn, +- ea->value.length-1))) { ++ ea->value.length - config->xattr_compat_bytes))) { + state->status = NT_STATUS_NO_MEMORY; + return false; + } +@@ -875,6 +898,7 @@ static int streams_xattr_connect(vfs_handle_struct *ha + const char *default_prefix = SAMBA_XATTR_DOSSTREAM_PREFIX; + const char *prefix; + int rc; ++ bool xattr_compat; + + rc = SMB_VFS_NEXT_CONNECT(handle, service, user); + if (rc != 0) { +@@ -905,6 +929,13 @@ static int streams_xattr_connect(vfs_handle_struct *ha + "store_stream_type", + true); + ++ xattr_compat = lp_parm_bool(SNUM(handle->conn), ++ "streams_xattr", ++ "xattr_compat", ++ true); ++ ++ config->xattr_compat_bytes = xattr_compat ? 0 : 1; ++ + SMB_VFS_HANDLE_SET_DATA(handle, config, + NULL, struct stream_xattr_config, + return -1); +@@ -921,6 +952,7 @@ static ssize_t streams_xattr_pwrite(vfs_handle_struct + struct ea_struct ea; + NTSTATUS status; + int ret; ++ struct streams_xattr_config *config = NULL; + + DEBUG(10, ("streams_xattr_pwrite called for %d bytes\n", (int)n)); + +@@ -932,6 +964,9 @@ static ssize_t streams_xattr_pwrite(vfs_handle_struct + return -1; + } + ++ SMB_VFS_HANDLE_GET_DATA(handle, config, struct streams_xattr_config, ++ return -1); ++ + if ((offset + n) >= lp_smbd_max_xattr_size(SNUM(handle->conn))) { + /* + * Requested write is beyond what can be read based on +@@ -961,11 +996,11 @@ static ssize_t streams_xattr_pwrite(vfs_handle_struct + return -1; + } + +- if ((offset + n) > ea.value.length-1) { ++ if ((offset + n) > ea.value.length - config->xattr_compat_bytes) { + uint8_t *tmp; + + tmp = talloc_realloc(talloc_tos(), ea.value.data, uint8_t, +- offset + n + 1); ++ offset + n + config->xattr_compat_bytes); + + if (tmp == NULL) { + TALLOC_FREE(ea.value.data); +@@ -973,8 +1008,10 @@ static ssize_t streams_xattr_pwrite(vfs_handle_struct + return -1; + } + ea.value.data = tmp; +- ea.value.length = offset + n + 1; +- ea.value.data[offset+n] = 0; ++ ea.value.length = offset + n + config->xattr_compat_bytes; ++ if (config->xattr_compat_bytes) { ++ ea.value.data[offset+n] = 0; ++ } + } + + memcpy(ea.value.data + offset, data, n); +@@ -1002,7 +1039,12 @@ static ssize_t streams_xattr_pread(vfs_handle_struct * + struct ea_struct ea; + NTSTATUS status; + size_t length, overlap; ++ struct smb_filename *smb_fname_base = NULL; ++ struct streams_xattr_config *config = NULL; + ++ SMB_VFS_HANDLE_GET_DATA(handle, config, struct streams_xattr_config, ++ return -1); ++ + DEBUG(10, ("streams_xattr_pread: offset=%d, size=%d\n", + (int)offset, (int)n)); + +@@ -1022,7 +1064,7 @@ static ssize_t streams_xattr_pread(vfs_handle_struct * + return -1; + } + +- length = ea.value.length-1; ++ length = ea.value.length - config->xattr_compat_bytes; + + DBG_DEBUG("get_ea_value_fsp returned %d bytes\n", + (int)length); +@@ -1210,6 +1252,12 @@ static int streams_xattr_ftruncate(struct vfs_handle_s + struct stream_io *sio = + (struct stream_io *)VFS_FETCH_FSP_EXTENSION(handle, fsp); + ++ struct smb_filename *smb_fname_base = NULL; ++ struct streams_xattr_config *config = NULL; ++ ++ SMB_VFS_HANDLE_GET_DATA(handle, config, struct streams_xattr_config, ++ return -1); ++ + DEBUG(10, ("streams_xattr_ftruncate called for file %s offset %.0f\n", + fsp_str_dbg(fsp), (double)offset)); + +@@ -1239,14 +1287,16 @@ static int streams_xattr_ftruncate(struct vfs_handle_s + } + + /* Did we expand ? */ +- if (ea.value.length < offset + 1) { ++ if (ea.value.length < offset + config->xattr_compat_bytes) { + memset(&tmp[ea.value.length], '\0', +- offset + 1 - ea.value.length); ++ offset + config->xattr_compat_bytes - ea.value.length); + } + + ea.value.data = tmp; +- ea.value.length = offset + 1; +- ea.value.data[offset] = 0; ++ ea.value.length = offset + config->xattr_compat_bytes; ++ if (config->xattr_compat_bytes) { ++ ea.value.data[offset] = 0; ++ } + + ret = SMB_VFS_FSETXATTR(fsp->base_fsp, + sio->xattr_name, diff --git a/net/samba419/files/0027-Add-VFS-module-vfs_freebsd-that-implements-FreeBSD-s.patch b/net/samba419/files/0027-Add-VFS-module-vfs_freebsd-that-implements-FreeBSD-s.patch new file mode 100644 index 000000000000..109b3eb82c79 --- /dev/null +++ b/net/samba419/files/0027-Add-VFS-module-vfs_freebsd-that-implements-FreeBSD-s.patch @@ -0,0 +1,932 @@ +From f07e384150e53b18c3ea298f9a1ea588fb89e19b Mon Sep 17 00:00:00 2001 +From: "Timur I. Bakeyev" <timur@FreeBSD.org> +Date: Sat, 29 May 2021 03:58:01 +0200 +Subject: [PATCH 27/28] Add VFS module vfs_freebsd that implements FreeBSD + specific wrappers to some VFS functions. + +At the moment that is configurable mapping between Linux xattrs and +FreeBSD extended attributes. + +Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org> +--- + docs-xml/manpages/vfs_freebsd.8.xml | 169 +++++++ + docs-xml/wscript_build | 1 + + source3/modules/vfs_freebsd.c | 699 ++++++++++++++++++++++++++++ + source3/modules/wscript_build | 7 + + 4 files changed, 876 insertions(+) + create mode 100644 docs-xml/manpages/vfs_freebsd.8.xml + create mode 100644 source3/modules/vfs_freebsd.c + +diff --git a/docs-xml/manpages/vfs_freebsd.8.xml b/docs-xml/manpages/vfs_freebsd.8.xml +new file mode 100644 +index 00000000000..6640a1c51f7 +--- /dev/null ++++ b/docs-xml/manpages/vfs_freebsd.8.xml +@@ -0,0 +1,169 @@ ++<?xml version="1.0" encoding="iso-8859-1"?> ++<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc"> ++<refentry id="vfs_freebsd.8"> ++ ++<refmeta> ++ <refentrytitle>vfs_freebsd</refentrytitle> ++ <manvolnum>8</manvolnum> ++ <refmiscinfo class="source">Samba</refmiscinfo> ++ <refmiscinfo class="manual">System Administration tools</refmiscinfo> ++ <refmiscinfo class="version">&doc.version;</refmiscinfo> ++</refmeta> ++ ++<refnamediv> ++ <refname>vfs_freebsd</refname> ++ <refpurpose>FreeBSD-specific VFS functions</refpurpose> ++</refnamediv> ++ ++<refsynopsisdiv> ++ <cmdsynopsis> ++ <command>vfs objects = freebsd</command> ++ </cmdsynopsis> ++</refsynopsisdiv> ++ ++<refsect1> ++ <title>DESCRIPTION</title> ++ ++ <para>This VFS module is part of the <citerefentry><refentrytitle>samba</refentrytitle> ++ <manvolnum>7</manvolnum></citerefentry> suite.</para> ++ ++ <para>The <command>vfs_freebsd</command> module implements some of the FreeBSD-specific VFS functions.</para> ++ ++ <para>This module is stackable.</para> ++</refsect1> ++ ++ ++<refsect1> ++ <title>OPTIONS</title> ++ ++ <variablelist> ++ ++ <varlistentry> ++ <term>freebsd:extattr mode=[legacy|compat|secure]</term> ++ <listitem> ++ <para>This parameter defines how the emulation of the Linux attr(5) extended attributes ++ is performed through the FreeBSD native extattr(9) system calls.</para> ++ ++ <para>Currently the <emphasis>security</emphasis>, <emphasis>system</emphasis>, ++ <emphasis>trusted</emphasis> and <emphasis>user</emphasis> extended attribute(xattr) ++ classes are defined in Linux. Contrary FreeBSD has only <emphasis>USER</emphasis> ++ and <emphasis>SYSTEM</emphasis> extended attribute(extattr) namespaces, so mapping ++ of one set into another isn't straightforward and can be done in different ways.</para> ++ ++ <para>Historically the Samba(7) built-in xattr mapping implementation simply converted ++ <emphasis>system</emphasis> and <emphasis>user</emphasis> xattr into corresponding ++ <emphasis>SYSTEM</emphasis> and <emphasis>USER</emphasis> extattr namespaces, dropping ++ the class prefix name with the separating dot and using attribute name only within the ++ mapped namespace. It also rejected any other xattr classes, like <emphasis>security</emphasis> ++ and <emphasis>trusted</emphasis> as invalid. Such behavior in particular broke AD ++ provisioning on UFS2 file systems as essential <emphasis>security.NTACL</emphasis> ++ xattr was rejected as invalid.</para> ++ ++ <para>This module tries to address this problem and provide secure, where it's possible, ++ way to map Linux xattr into FreeBSD's extattr.</para> ++ ++ <para>When <emphasis>mode</emphasis> is set to the <emphasis>legacy (default)</emphasis> ++ then modified version of built-in mapping is used, where <emphasis>system</emphasis> xattr ++ is mapped into SYSTEM namespace, while <emphasis>secure</emphasis>, <emphasis>trusted</emphasis> ++ and <emphasis>user</emphasis> xattr are all mapped into the USER namespace, dropping class ++ prefixes and mix them all together. This is the way how Samba FreeBSD ports were patched ++ up to the 4.9 version and that created multiple potential security issues. This mode is aimed for ++ the compatibility with the legacy installations only and should be avoided in new setups.</para> ++ ++ <para>The <emphasis>compat</emphasis> mode is mostly designed for the jailed environments, ++ where it's not possible to write extattrs into the secure SYSTEM namespace, so all four ++ classes are mapped into the USER namespace. To preserve information about origin of the ++ extended attribute it is stored together with the class preffix in the <emphasis>class.attribute</emphasis> ++ format.</para> ++ ++ <para>The <emphasis>secure</emphasis> mode is meant for storing extended attributes in a secure ++ manner, so that <emphasis>security</emphasis>, <emphasis>system</emphasis> and <emphasis>trusted</emphasis> ++ are stored in the SYSTEM namespace, which can be modified only by root. ++ </para> ++ </listitem> ++ </varlistentry> ++ ++ ++ </variablelist> ++</refsect1> ++ ++<refsect1> ++ <table frame="all" rowheader="firstcol"> ++ <title>Attributes mapping</title> ++ <tgroup cols='5' align='left' colsep='1' rowsep='1'> ++ <thead> ++ <row> ++ <entry> </entry> ++ <entry>built-in</entry> ++ <entry>legacy</entry> ++ <entry>compat/jail</entry> ++ <entry>secure</entry> ++ </row> ++ </thead> ++ <tbody> ++ <row> ++ <entry>user</entry> ++ <entry>USER; attribute</entry> ++ <entry>USER; attribute</entry> ++ <entry>USER; user.attribute</entry> ++ <entry>USER; user.attribute</entry> ++ </row> ++ <row> ++ <entry>system</entry> ++ <entry>SYSTEM; attribute</entry> ++ <entry>SYSTEM; attribute</entry> ++ <entry>USER; system.attribute</entry> ++ <entry>SYSTEM; system.attribute</entry> ++ </row> ++ <row> ++ <entry>trusted</entry> ++ <entry>FAIL</entry> ++ <entry>USER; attribute</entry> ++ <entry>USER; trusted.attribute</entry> ++ <entry>SYSTEM; trusted.attribute</entry> ++ </row> ++ <row> ++ <entry>security</entry> ++ <entry>FAIL</entry> ++ <entry>USER; attribute</entry> ++ <entry>USER; security.attribute</entry> ++ <entry>SYSTEM; security.attribute</entry> ++ </row> ++ </tbody> ++ </tgroup> ++ </table> ++</refsect1> ++ ++<refsect1> ++ <title>EXAMPLES</title> ++ ++ <para>Use secure method of setting extended attributes on the share:</para> ++ ++<programlisting> ++ <smbconfsection name="[sysvol]"/> ++ <smbconfoption name="vfs objects">freebsd</smbconfoption> ++ <smbconfoption name="freebsd:extattr mode">secure</smbconfoption> ++</programlisting> ++ ++</refsect1> ++ ++<refsect1> ++ <title>VERSION</title> ++ ++ <para>This man page is part of version &doc.version; of the Samba suite. ++ </para> ++</refsect1> ++ ++<refsect1> ++ <title>AUTHOR</title> ++ ++ <para>The original Samba software and related utilities ++ were created by Andrew Tridgell. Samba is now developed ++ by the Samba Team as an Open Source project similar ++ to the way the Linux kernel is developed.</para> ++ ++ <para>This module was written by Timur I. Bakeyev</para> ++ ++</refsect1> ++ ++</refentry> +diff --git a/docs-xml/wscript_build b/docs-xml/wscript_build +index c8c4b68e514..4dc4b34ca40 100644 +--- a/docs-xml/wscript_build ++++ b/docs-xml/wscript_build +@@ -86,6 +86,7 @@ vfs_module_manpages = ['vfs_acl_tdb', + 'vfs_extd_audit', + 'vfs_fake_perms', + 'vfs_fileid', ++ 'vfs_freebsd', + 'vfs_fruit', + 'vfs_full_audit', + 'vfs_glusterfs', +diff --git a/source3/modules/vfs_freebsd.c b/source3/modules/vfs_freebsd.c +new file mode 100644 +index 00000000000..07d26d9c516 +--- /dev/null ++++ b/source3/modules/vfs_freebsd.c +@@ -0,0 +1,699 @@ ++/* ++ * This module implements VFS calls specific to FreeBSD ++ * ++ * Copyright (C) Timur I. Bakeyev, 2018 ++ * ++ * This program is free software; you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation; either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * This program is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with this program; if not, see <http://www.gnu.org/licenses/>. ++ */ ++ ++#include "includes.h" ++ ++#include "lib/util/tevent_unix.h" ++#include "lib/util/tevent_ntstatus.h" ++#include "system/filesys.h" ++#include "smbd/smbd.h" ++ ++#include <sys/sysctl.h> ++ ++static int vfs_freebsd_debug_level = DBGC_VFS; ++ ++#undef DBGC_CLASS ++#define DBGC_CLASS vfs_freebsd_debug_level ++ ++#ifndef EXTATTR_MAXNAMELEN ++#define EXTATTR_MAXNAMELEN UINT8_MAX ++#endif ++ ++#define EXTATTR_NAMESPACE(NS) EXTATTR_NAMESPACE_ ## NS, \ ++ EXTATTR_NAMESPACE_ ## NS ## _STRING ".", \ ++ .data.len = (sizeof(EXTATTR_NAMESPACE_ ## NS ## _STRING ".") - 1) ++ ++#define EXTATTR_EMPTY 0x00 ++#define EXTATTR_USER 0x01 ++#define EXTATTR_SYSTEM 0x02 ++#define EXTATTR_SECURITY 0x03 ++#define EXTATTR_TRUSTED 0x04 ++ ++enum extattr_mode { ++ FREEBSD_EXTATTR_SECURE, ++ FREEBSD_EXTATTR_COMPAT, ++ FREEBSD_EXTATTR_LEGACY ++}; ++ ++struct freebsd_handle_data { ++ enum extattr_mode extattr_mode; ++}; ++ ++typedef struct { ++ int namespace; ++ char name[EXTATTR_MAXNAMELEN+1]; ++ union { ++ uint16_t len; ++ uint16_t flags; ++ } data; ++} extattr_attr; ++ ++static const struct enum_list extattr_mode_param[] = { ++ { FREEBSD_EXTATTR_SECURE, "secure" }, /* */ ++ { FREEBSD_EXTATTR_COMPAT, "compat" }, /* */ ++ { FREEBSD_EXTATTR_LEGACY, "legacy" }, /* */ ++ { -1, NULL } ++}; ++ ++/* XXX: This order doesn't match namespace ids order! */ ++static extattr_attr extattr[] = { ++ { EXTATTR_NAMESPACE(EMPTY) }, ++ { EXTATTR_NAMESPACE(SYSTEM) }, ++ { EXTATTR_NAMESPACE(USER) }, ++}; ++ ++ ++static bool freebsd_in_jail(void) { ++ int val = 0; ++ size_t val_len = sizeof(val); ++ ++ if((sysctlbyname("security.jail.jailed", &val, &val_len, NULL, 0) != -1) && val == 1) { ++ return true; ++ } ++ return false; ++} ++ ++ ++static uint16_t freebsd_map_attrname(const char *name) ++{ ++ if(name == NULL || name[0] == '\0') { ++ return EXTATTR_EMPTY; ++ } ++ ++ switch(name[0]) { ++ case 'u': ++ if(strncmp(name, "user.", 5) == 0) ++ return EXTATTR_USER; ++ break; ++ case 't': ++ if(strncmp(name, "trusted.", 8) == 0) ++ return EXTATTR_TRUSTED; ++ break; ++ case 's': ++ /* name[1] could be any character, including '\0' */ ++ switch(name[1]) { ++ case 'e': ++ if(strncmp(name, "security.", 9) == 0) ++ return EXTATTR_SECURITY; ++ break; ++ case 'y': ++ if(strncmp(name, "system.", 7) == 0) ++ return EXTATTR_SYSTEM; ++ break; ++ } ++ break; ++ } ++ return EXTATTR_USER; ++} ++ ++ ++/* security, system, trusted or user */ ++static extattr_attr* freebsd_map_xattr(enum extattr_mode extattr_mode, const char *name, extattr_attr *attr) ++{ ++ int attrnamespace = EXTATTR_NAMESPACE_EMPTY; ++ const char *p, *attrname = name; ++ ++ if(name == NULL || name[0] == '\0') { ++ return NULL; ++ } ++ ++ if(attr == NULL) { ++ return NULL; ++ } ++ ++ uint16_t flags = freebsd_map_attrname(name); ++ ++ switch(flags) { ++ case EXTATTR_SECURITY: ++ case EXTATTR_TRUSTED: ++ case EXTATTR_SYSTEM: ++ attrnamespace = (extattr_mode == FREEBSD_EXTATTR_SECURE) ? ++ EXTATTR_NAMESPACE_SYSTEM : ++ EXTATTR_NAMESPACE_USER; ++ break; ++ case EXTATTR_USER: ++ attrnamespace = EXTATTR_NAMESPACE_USER; ++ break; ++ default: ++ /* Default to "user" namespace if nothing else was specified */ ++ attrnamespace = EXTATTR_NAMESPACE_USER; ++ flags = EXTATTR_USER; ++ break; ++ } ++ ++ if (extattr_mode == FREEBSD_EXTATTR_LEGACY) { ++ switch(flags) { ++ case EXTATTR_SECURITY: ++ attrname = name + 9; ++ break; ++ case EXTATTR_TRUSTED: ++ attrname = name + 8; ++ break; ++ case EXTATTR_SYSTEM: ++ attrname = name + 7; ++ break; ++ case EXTATTR_USER: ++ attrname = name + 5; ++ break; ++ default: ++ attrname = ((p=strchr(name, '.')) != NULL) ? p + 1 : name; ++ break; ++ } ++ } ++ ++ attr->namespace = attrnamespace; ++ attr->data.flags = flags; ++ strlcpy(attr->name, attrname, EXTATTR_MAXNAMELEN + 1); ++ ++ return attr; ++} ++ ++ ++static ssize_t extattr_size(struct files_struct *fsp, extattr_attr *attr) ++{ ++ ssize_t result; ++ ++ SMB_ASSERT(!fsp_is_alternate_stream(fsp)); ++ ++ int fd = fsp_get_pathref_fd(fsp); ++ ++ if (fsp->fsp_flags.is_pathref) { ++ const char *path = fsp->fsp_name->base_name; ++ if (fsp->fsp_flags.have_proc_fds) { ++ char buf[PATH_MAX]; ++ path = sys_proc_fd_path(fd, buf, sizeof(buf)); ++ if (path == NULL) { ++ return -1; ++ } ++ } ++ /* ++ * This is no longer a handle based call. ++ */ ++ return extattr_get_file(path, attr->namespace, attr->name, NULL, 0); ++ } ++ else { ++ return extattr_get_fd(fd, attr->namespace, attr->name, NULL, 0); ++ } ++} ++ ++/* ++ * The list of names is returned as an unordered array of NULL-terminated ++ * character strings (attribute names are separated by NULL characters), ++ * like this: ++ * user.name1\0system.name1\0user.name2\0 ++ * ++ * Filesystems like ext2, ext3 and XFS which implement POSIX ACLs using ++ * extended attributes, might return a list like this: ++ * system.posix_acl_access\0system.posix_acl_default\0 ++ */ ++/* ++ * The extattr_list_file() returns a list of attributes present in the ++ * requested namespace. Each list entry consists of a single byte containing ++ * the length of the attribute name, followed by the attribute name. The ++ * attribute name is not terminated by ASCII 0 (nul). ++*/ ++static ssize_t freebsd_extattr_list(struct files_struct *fsp, enum extattr_mode extattr_mode, char *list, size_t size) ++{ ++ ssize_t list_size, total_size = 0; ++ char *p, *q, *list_end; ++ int len; ++ /* ++ Ignore all but user namespace when we are not root or in jail ++ See: https://bugzilla.samba.org/show_bug.cgi?id=10247 ++ */ ++ bool as_root = (geteuid() == 0); ++ ++ int ns = (extattr_mode == FREEBSD_EXTATTR_SECURE && as_root) ? 1 : 2; ++ ++ int fd = fsp_get_pathref_fd(fsp); ++ ++ /* Iterate through extattr(2) namespaces */ ++ for(; ns < ARRAY_SIZE(extattr); ns++) { ++ list_size = -1; ++ ++ if (fsp->fsp_flags.is_pathref) { ++ const char *path = fsp->fsp_name->base_name; ++ if (fsp->fsp_flags.have_proc_fds) { ++ char buf[PATH_MAX]; ++ path = sys_proc_fd_path(fd, buf, sizeof(buf)); ++ if (path == NULL) { ++ return -1; ++ } ++ } ++ /* ++ * This is no longer a handle based call. ++ */ ++ list_size = extattr_list_file(path, extattr[ns].namespace, list, size); ++ } ++ else { ++ list_size = extattr_list_fd(fd, extattr[ns].namespace, list, size); ++ } ++ /* Some error happend. Errno should be set by the previous call */ ++ if(list_size < 0) ++ return -1; ++ /* No attributes in this namespace */ ++ if(list_size == 0) ++ continue; ++ /* ++ Call with an empty buffer may be used to calculate ++ necessary buffer size. ++ */ ++ if(list == NULL) { ++ /* ++ XXX: Unfortunately, we can't say, how many attributes were ++ returned, so here is the potential problem with the emulation. ++ */ ++ if(extattr_mode == FREEBSD_EXTATTR_LEGACY) { ++ /* ++ Take the worse case of one char attribute names - ++ two bytes per name plus one more for sanity. ++ */ ++ total_size += list_size + (list_size/2 + 1)*extattr[ns].data.len; ++ } ++ else { ++ total_size += list_size; ++ } ++ continue; ++ } ++ ++ if(extattr_mode == FREEBSD_EXTATTR_LEGACY) { ++ /* Count necessary offset to fit namespace prefixes */ ++ int extra_len = 0; ++ uint16_t flags; ++ list_end = list + list_size; ++ for(list_size = 0, p = q = list; p < list_end; p += len) { ++ len = p[0] + 1; ++ (void)strlcpy(q, p + 1, len); ++ flags = freebsd_map_attrname(q); ++ /* Skip secure attributes for non-root user */ ++ if(extattr_mode != FREEBSD_EXTATTR_SECURE && !as_root && flags > EXTATTR_USER) { ++ continue; ++ } ++ if(flags <= EXTATTR_USER) { ++ /* Don't count trailing '\0' */ ++ extra_len += extattr[ns].data.len; ++ } ++ list_size += len; ++ q += len; ++ } ++ total_size += list_size + extra_len; ++ /* Buffer is too small to fit the results */ ++ if(total_size > size) { ++ errno = ERANGE; ++ return -1; ++ } ++ /* Shift results backwards, so we can prepend prefixes */ ++ list_end = list + extra_len; ++ p = (char*)memmove(list_end, list, list_size); ++ /* ++ We enter the loop with `p` pointing to the shifted list and ++ `extra_len` having the total margin between `list` and `p` ++ */ ++ for(list_end += list_size; p < list_end; p += len) { ++ len = strlen(p) + 1; ++ flags = freebsd_map_attrname(p); ++ if(flags <= EXTATTR_USER) { ++ /* Add namespace prefix */ ++ (void)strncpy(list, extattr[ns].name, extattr[ns].data.len); ++ list += extattr[ns].data.len; ++ } ++ /* Append attribute name */ ++ (void)strlcpy(list, p, len); ++ list += len; ++ } ++ } ++ else { ++ /* Convert UCSD strings into nul-terminated strings */ ++ for(list_end = list + list_size; list < list_end; list += len) { ++ len = list[0] + 1; ++ (void)strlcpy(list, list + 1, len); ++ } ++ total_size += list_size; ++ } ++ } ++ return total_size; ++} ++ ++/* ++static ssize_t freebsd_fgetxattr_size(struct vfs_handle_struct *handle, ++ struct files_struct *fsp, ++ const char *name) ++{ ++ struct freebsd_handle_data *data; ++ extattr_attr attr; ++ ++ SMB_ASSERT(!fsp_is_alternate_stream(fsp)); ++ ++ SMB_VFS_HANDLE_GET_DATA(handle, data, ++ struct freebsd_handle_data, ++ return -1); ++ ++ if(!freebsd_map_xattr(data->extattr_mode, name, &attr)) { ++ errno = EINVAL; ++ return -1; ++ } ++ ++ if(data->extattr_mode != FREEBSD_EXTATTR_SECURE && geteuid() != 0 && attr.data.flags > EXTATTR_USER) { ++ errno = ENOATTR; ++ return -1; ++ } ++ ++ return extattr_size(fsp, &attr); ++} ++*/ ++ ++/* VFS entries */ ++static ssize_t freebsd_fgetxattr(struct vfs_handle_struct *handle, ++ struct files_struct *fsp, ++ const char *name, ++ void *value, ++ size_t size) ++{ ++#if defined(HAVE_XATTR_EXTATTR) ++ struct freebsd_handle_data *data; ++ extattr_attr attr; ++ ssize_t res; ++ int fd; ++ ++ SMB_ASSERT(!fsp_is_alternate_stream(fsp)); ++ ++ SMB_VFS_HANDLE_GET_DATA(handle, data, ++ struct freebsd_handle_data, ++ return -1); ++ ++ if(!freebsd_map_xattr(data->extattr_mode, name, &attr)) { ++ errno = EINVAL; ++ return -1; ++ } ++ ++ /* Filter out 'secure' entries */ ++ if(data->extattr_mode != FREEBSD_EXTATTR_SECURE && geteuid() != 0 && attr.data.flags > EXTATTR_USER) { ++ errno = ENOATTR; ++ return -1; ++ } ++ ++ /* ++ * The BSD implementation has a nasty habit of silently truncating ++ * the returned value to the size of the buffer, so we have to check ++ * that the buffer is large enough to fit the returned value. ++ */ ++ if((res=extattr_size(fsp, &attr)) < 0) { ++ return -1; ++ } ++ ++ if (size == 0) { ++ return res; ++ } ++ else if (res > size) { ++ errno = ERANGE; ++ return -1; ++ } ++ ++ fd = fsp_get_pathref_fd(fsp); ++ ++ if (fsp->fsp_flags.is_pathref) { ++ const char *path = fsp->fsp_name->base_name; ++ if (fsp->fsp_flags.have_proc_fds) { ++ char buf[PATH_MAX]; ++ path = sys_proc_fd_path(fd, buf, sizeof(buf)); ++ if (path == NULL) { ++ return -1; ++ } ++ } ++ /* ++ * This is no longer a handle based call. ++ */ ++ return extattr_get_file(path, attr.namespace, attr.name, value, size); ++ } ++ else { ++ return extattr_get_fd(fd, attr.namespace, attr.name, value, size); ++ } ++ return -1; ++#else ++ errno = ENOSYS; ++ return -1; ++#endif ++} ++ ++ ++static ssize_t freebsd_flistxattr(struct vfs_handle_struct *handle, ++ struct files_struct *fsp, ++ char *list, ++ size_t size) ++{ ++#if defined(HAVE_XATTR_EXTATTR) ++ struct freebsd_handle_data *data; ++ ++ SMB_ASSERT(!fsp_is_alternate_stream(fsp)); ++ ++ SMB_VFS_HANDLE_GET_DATA(handle, data, ++ struct freebsd_handle_data, ++ return -1); ++ ++ return freebsd_extattr_list(fsp, data->extattr_mode, list, size); ++#else ++ errno = ENOSYS; ++ return -1; ++#endif ++} ++ ++ ++static int freebsd_fremovexattr(struct vfs_handle_struct *handle, ++ struct files_struct *fsp, ++ const char *name) ++{ ++#if defined(HAVE_XATTR_EXTATTR) ++ struct freebsd_handle_data *data; ++ extattr_attr attr; ++ int fd; ++ ++ SMB_ASSERT(!fsp_is_alternate_stream(fsp)); ++ ++ SMB_VFS_HANDLE_GET_DATA(handle, data, ++ struct freebsd_handle_data, ++ return -1); ++ ++ if(!freebsd_map_xattr(data->extattr_mode, name, &attr)) { ++ errno = EINVAL; ++ return -1; ++ } ++ ++ /* Filter out 'secure' entries */ ++ if(data->extattr_mode != FREEBSD_EXTATTR_SECURE && geteuid() != 0 && attr.data.flags > EXTATTR_USER) { ++ errno = ENOATTR; ++ return -1; ++ } ++ ++ fd = fsp_get_pathref_fd(fsp); ++ ++ if (fsp->fsp_flags.is_pathref) { ++ const char *path = fsp->fsp_name->base_name; ++ if (fsp->fsp_flags.have_proc_fds) { ++ char buf[PATH_MAX]; ++ path = sys_proc_fd_path(fd, buf, sizeof(buf)); ++ if (path == NULL) { ++ return -1; ++ } ++ } ++ /* ++ * This is no longer a handle based call. ++ */ ++ return extattr_delete_file(path, attr.namespace, attr.name); ++ } ++ else { ++ return extattr_delete_fd(fd, attr.namespace, attr.name); ++ } ++ return -1; ++#else ++ errno = ENOSYS; ++ return -1; ++#endif ++} ++ ++ ++static int freebsd_fsetxattr(struct vfs_handle_struct *handle, ++ struct files_struct *fsp, ++ const char *name, ++ const void *value, ++ size_t size, ++ int flags) ++{ ++#if defined(HAVE_XATTR_EXTATTR) ++ struct freebsd_handle_data *data; ++ extattr_attr attr; ++ ssize_t res; ++ int fd; ++ ++ SMB_ASSERT(!fsp_is_alternate_stream(fsp)); ++ ++ SMB_VFS_HANDLE_GET_DATA(handle, data, ++ struct freebsd_handle_data, ++ return -1); ++ ++ if(!freebsd_map_xattr(data->extattr_mode, name, &attr)) { ++ errno = EINVAL; ++ return -1; ++ } ++ ++ /* Filter out 'secure' entries */ ++ if(data->extattr_mode != FREEBSD_EXTATTR_SECURE && geteuid() != 0 && attr.data.flags > EXTATTR_USER) { ++ errno = ENOATTR; ++ return -1; ++ } ++ ++ if (flags) { ++ /* Check attribute existence */ ++ res = extattr_size(fsp, &attr); ++ if (res < 0) { ++ /* REPLACE attribute, that doesn't exist */ ++ if ((flags & XATTR_REPLACE) && errno == ENOATTR) { ++ errno = ENOATTR; ++ return -1; ++ } ++ /* Ignore other errors */ ++ } ++ else { ++ /* CREATE attribute, that already exists */ ++ if (flags & XATTR_CREATE) { ++ errno = EEXIST; ++ return -1; ++ } ++ } ++ } ++ ++ fd = fsp_get_pathref_fd(fsp); ++ ++ if (fsp->fsp_flags.is_pathref) { ++ const char *path = fsp->fsp_name->base_name; ++ if (fsp->fsp_flags.have_proc_fds) { ++ char buf[PATH_MAX]; ++ path = sys_proc_fd_path(fd, buf, sizeof(buf)); ++ if (path == NULL) { ++ return -1; ++ } ++ } ++ /* ++ * This is no longer a handle based call. ++ */ ++ res = extattr_set_file(path, attr.namespace, attr.name, value, size); ++ } ++ else { ++ res = extattr_set_fd(fd, attr.namespace, attr.name, value, size); ++ } ++ return (res >= 0) ? 0 : -1; ++#else ++ errno = ENOSYS; ++ return -1; ++#endif ++} ++ ++ ++static int freebsd_connect(struct vfs_handle_struct *handle, ++ const char *service, ++ const char *user) ++{ ++ struct freebsd_handle_data *data; ++ int enumval, saved_errno; ++ ++ int ret = SMB_VFS_NEXT_CONNECT(handle, service, user); ++ ++ if (ret < 0) { ++ return ret; ++ } ++ ++ data = talloc_zero(handle->conn, struct freebsd_handle_data); ++ if (!data) { ++ saved_errno = errno; ++ SMB_VFS_NEXT_DISCONNECT(handle); ++ DEBUG(0, ("talloc_zero() failed\n")); ++ errno = saved_errno; ++ return -1; ++ } ++ ++ enumval = lp_parm_enum(SNUM(handle->conn), "freebsd", ++ "extattr mode", extattr_mode_param, FREEBSD_EXTATTR_LEGACY); ++ if (enumval == -1) { ++ saved_errno = errno; ++ SMB_VFS_NEXT_DISCONNECT(handle); ++ DBG_DEBUG("value for freebsd: 'extattr mode' is unknown\n"); ++ errno = saved_errno; ++ return -1; ++ } ++ ++ if(freebsd_in_jail()) { ++ enumval = FREEBSD_EXTATTR_COMPAT; ++ DBG_WARNING("running in jail, enforcing 'compat' mode\n"); ++ } ++ ++ data->extattr_mode = (enum extattr_mode)enumval; ++ ++ SMB_VFS_HANDLE_SET_DATA(handle, data, NULL, ++ struct freebsd_handle_data, ++ return -1); ++ ++ DBG_DEBUG("connect to service[%s] with '%s' extattr mode\n", ++ service, extattr_mode_param[data->extattr_mode].name); ++ ++ return 0; ++} ++ ++ ++static void freebsd_disconnect(vfs_handle_struct *handle) ++{ ++ SMB_VFS_NEXT_DISCONNECT(handle); ++} ++ ++/* VFS operations structure */ ++ ++struct vfs_fn_pointers freebsd_fns = { ++ /* Disk operations */ ++ .connect_fn = freebsd_connect, ++ .disconnect_fn = freebsd_disconnect, ++ ++ /* EA operations. */ ++ .getxattrat_send_fn = vfs_not_implemented_getxattrat_send, ++ .getxattrat_recv_fn = vfs_not_implemented_getxattrat_recv, ++ .fgetxattr_fn = freebsd_fgetxattr, ++ .flistxattr_fn = freebsd_flistxattr, ++ .fremovexattr_fn = freebsd_fremovexattr, ++ .fsetxattr_fn = freebsd_fsetxattr, ++}; ++ ++static_decl_vfs; ++NTSTATUS vfs_freebsd_init(TALLOC_CTX *ctx) ++{ ++ NTSTATUS ret; ++ ++ ret = smb_register_vfs(SMB_VFS_INTERFACE_VERSION, "freebsd", ++ &freebsd_fns); ++ ++ if (!NT_STATUS_IS_OK(ret)) { ++ return ret; ++ } ++ ++ vfs_freebsd_debug_level = debug_add_class("freebsd"); ++ if (vfs_freebsd_debug_level == -1) { ++ vfs_freebsd_debug_level = DBGC_VFS; ++ DEBUG(0, ("vfs_freebsd: Couldn't register custom debugging class!\n")); ++ } else { ++ DEBUG(10, ("vfs_freebsd: Debug class number of 'fileid': %d\n", vfs_freebsd_debug_level)); ++ } ++ ++ return ret; ++} +diff --git a/source3/modules/wscript_build b/source3/modules/wscript_build +index ff318c3fa06..f88d054d524 100644 +--- a/source3/modules/wscript_build ++++ b/source3/modules/wscript_build +@@ -636,6 +636,13 @@ bld.SAMBA3_MODULE('vfs_delay_inject', + enabled=bld.SAMBA3_IS_ENABLED_MODULE('vfs_delay_inject'), + install=False) + ++bld.SAMBA3_MODULE('vfs_freebsd', ++ subsystem='vfs', ++ source='vfs_freebsd.c', ++ init_function='', ++ internal_module=bld.SAMBA3_IS_STATIC_MODULE('vfs_freebsd'), ++ enabled=bld.SAMBA3_IS_ENABLED_MODULE('vfs_freebsd')) ++ + bld.SAMBA3_MODULE('vfs_widelinks', + subsystem='vfs', + source='vfs_widelinks.c', +-- +2.37.1 + diff --git a/net/samba419/files/0099-s3-modules-zfsacl-fix-get-set-ACL-on-FreeBSD-13.patch b/net/samba419/files/0099-s3-modules-zfsacl-fix-get-set-ACL-on-FreeBSD-13.patch new file mode 100644 index 000000000000..275e7e464456 --- /dev/null +++ b/net/samba419/files/0099-s3-modules-zfsacl-fix-get-set-ACL-on-FreeBSD-13.patch @@ -0,0 +1,164 @@ +From ff8b27f6f0c67cbb0fb37f80f3336c1bd0f28430 Mon Sep 17 00:00:00 2001 +From: Andrew Walker <awalker@ixsystems.com> +Date: Thu, 16 Mar 2023 09:05:45 -0700 +Subject: [PATCH] Fixups for VFS changes in 4.18 + +--- + debian/changelog | 24 ++++++------------ + lib/audit_logging/audit_logging.c | 4 +-- + source3/modules/vfs_shadow_copy_zfs.c | 24 ++++++++---------- + source3/modules/vfs_tmprotect.c | 2 +- + source3/modules/vfs_zfsacl.c | 35 +++++++++++++++++++++++++++ + source3/utils/net_groupmap.c | 6 ++--- + 6 files changed, 58 insertions(+), 37 deletions(-) + +diff --git a/source3/modules/vfs_zfsacl.c b/source3/modules/vfs_zfsacl.c +index e24cb683d2..18f8dcb4b2 100644 +--- a/source3/modules/vfs_zfsacl.c ++++ b/source3/modules/vfs_zfsacl.c +@@ -307,6 +307,41 @@ static NTSTATUS zfs_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp, + zfs_process_smbacl); + } + ++static int get_zfsacl(TALLOC_CTX *mem_ctx, ++ const struct smb_filename *smb_fname, ++ ace_t **outbuf) ++{ ++ int naces, rv; ++ ace_t *acebuf = NULL; ++ ++ naces = acl(smb_fname->base_name, ACE_GETACLCNT, 0, NULL); ++ if (naces == -1) { ++ int dbg_level = 10; ++ ++ if (errno == ENOSYS) { ++ dbg_level = 1; ++ } ++ DEBUG(dbg_level, ("acl(ACE_GETACLCNT, %s): %s ", ++ smb_fname->base_name, strerror(errno))); ++ return naces; ++ } ++ acebuf = talloc_size(mem_ctx, sizeof(ace_t)*naces); ++ if (acebuf == NULL) { ++ errno = ENOMEM; ++ return -1; ++ } ++ ++ rv = acl(smb_fname->base_name, ACE_GETACL, naces, acebuf); ++ if (rv == -1) { ++ DBG_DEBUG("acl(ACE_GETACL, %s) failed: %s ", ++ smb_fname->base_name, strerror(errno)); ++ return -1; ++ } ++ ++ *outbuf = acebuf; ++ return naces; ++} ++ + static int fget_zfsacl(TALLOC_CTX *mem_ctx, + struct files_struct *fsp, + ace_t **outbuf) +From 0c2c9f21cf01983d9001edef4983bc15b79a31ad Mon Sep 17 00:00:00 2001 +From: Andrew <awalker@ixsystems.com> +Date: Mon, 29 Nov 2021 12:33:15 -0500 +Subject: [PATCH] NAS-113538 / Fix procfd handling for xattr-based alternate + datastreams (#54) + +vfs_streams_xattr openat() does not set fsp.flags.have_proc_fds. In open_streams_for_delete() the fsp is not allocated via talloc_zero() and so this may be unitialized memory. + +This particular fix ensures vfs_streams_xattr sets the fsp have_proc_fds flag to the one defined in the associated tree connect for the fsp. In the case of vfs_ixnas, ensure that we read the NT ACL from fsp->base_fsp (file) rather than the fsp associated with the xattr. + +This PR also fixes vfs_zfsacl for FreeBSD 13 (adding handling for procfd paths) +--- + source3/modules/vfs_ixnas.c | 4 ++- + source3/modules/vfs_zfsacl.c | 62 ++++++++++++++++++++++++++++++++++++ + 2 files changed, 65 insertions(+), 1 deletion(-) + +--- a/source3/modules/vfs_zfsacl.c ++++ b/source3/modules/vfs_zfsacl.c +@@ -235,12 +235,43 @@ static bool zfs_process_smbacl(vfs_handle_struct *handle, files_struct *fsp, + SMB_ASSERT(i == naces); + + /* store acl */ ++#ifdef O_PATH ++ if (fsp->fsp_flags.is_pathref) { ++ const char *proc_fd_path = NULL; ++ char buf[PATH_MAX]; ++ ++ if (!fsp->fsp_flags.have_proc_fds) { ++ DBG_ERR("fdescfs filesystem must be mounted with 'nodup' " ++ "option \n"); ++ errno = EBADF; ++ return -1; ++ } ++ ++ fd = fsp_get_pathref_fd(fsp); ++ proc_fd_path = sys_proc_fd_path(fd, buf, sizeof(buf)); ++ if (proc_fd_path == NULL) { ++ DBG_ERR("%s: failed to generate pathref fd for %d\n", ++ fsp_str_dbg(fsp), fd); ++ errno = EBADF; ++ return -1; ++ } ++ rv = acl(proc_fd_path, ACE_SETACL, naces, acebuf); ++ } else { ++ fd = fsp_get_io_fd(fsp); ++ if (fd == -1) { ++ errno = EBADF; ++ return false; ++ } ++ rv = facl(fd, ACE_SETACL, naces, acebuf); ++ } ++#else + fd = fsp_get_pathref_fd(fsp); + if (fd == -1) { + errno = EBADF; + return false; + } + rv = facl(fd, ACE_SETACL, naces, acebuf); ++#endif + if (rv != 0) { + if(errno == ENOSYS) { + DEBUG(9, ("acl(ACE_SETACL, %s): Operation is not " +@@ -286,7 +317,38 @@ static int fget_zfsacl(TALLOC_CTX *mem_ctx, + ace_t *acebuf = NULL; + int fd; + ++#ifdef O_PATH ++ if (fsp->fsp_flags.is_pathref) { ++ const char *proc_fd_path = NULL; ++ char buf[PATH_MAX]; ++ struct smb_filename smb_fname; ++ ++ if (!fsp->fsp_flags.have_proc_fds) { ++ DBG_ERR("fdescfs filesystem must be mounted with 'nodup' " ++ "option \n"); ++ errno = EBADF; ++ return -1; ++ } ++ ++ fd = fsp_get_pathref_fd(fsp); ++ proc_fd_path = sys_proc_fd_path(fd, buf, sizeof(buf)); ++ if (proc_fd_path == NULL) { ++ DBG_ERR("%s: failed to generate pathref fd for %d\n", ++ fsp_str_dbg(fsp), fd); ++ errno = EBADF; ++ return -1; ++ } ++ ++ smb_fname = (struct smb_filename) { ++ .base_name = discard_const_p(char, proc_fd_path) ++ }; ++ ++ return get_zfsacl(mem_ctx, &smb_fname, outbuf); ++ } ++ fd = fsp_get_io_fd(fsp); ++#else + fd = fsp_get_pathref_fd(fsp); ++#endif + if (fd == -1) { + errno = EBADF; + return -1; +-- +2.43.0 + diff --git a/net/samba419/files/0100-Fix-pathref-handling-for-FreeBSD-13plus.patch b/net/samba419/files/0100-Fix-pathref-handling-for-FreeBSD-13plus.patch new file mode 100644 index 000000000000..b2a51efb7c73 --- /dev/null +++ b/net/samba419/files/0100-Fix-pathref-handling-for-FreeBSD-13plus.patch @@ -0,0 +1,485 @@ +https://bugzilla.samba.org/show_bug.cgi?id=15376 + +--- source3/smbd/open.c 2023-04-19 12:18:56.254875400 +0200 ++++ source3/smbd/open.c 2023-06-20 08:29:06.210298000 +0200 +@@ -1204,9 +1204,6 @@ + int new_fd; + NTSTATUS status; + +- if (!fsp->fsp_flags.have_proc_fds) { +- return NT_STATUS_MORE_PROCESSING_REQUIRED; +- } + + old_fd = fsp_get_pathref_fd(fsp); + if (old_fd == -1) { +@@ -1222,22 +1219,28 @@ + return NT_STATUS_INVALID_HANDLE; + } + +- p = sys_proc_fd_path(old_fd, buf, sizeof(buf)); +- if (p == NULL) { +- return NT_STATUS_NO_MEMORY; +- } ++ ++ if (sys_open_real_fd_from_pathref_fd(old_fd, &new_fd, flags) != 0) { ++ if (!fsp->fsp_flags.have_proc_fds) { ++ return NT_STATUS_MORE_PROCESSING_REQUIRED; ++ } + +- proc_fname = (struct smb_filename) { +- .base_name = discard_const_p(char, p), +- }; ++ p = sys_proc_fd_path(old_fd, buf, sizeof(buf)); ++ if (p == NULL) { ++ return NT_STATUS_NO_MEMORY; ++ } + +- fsp->fsp_flags.is_pathref = false; ++ proc_fname = (struct smb_filename) { ++ .base_name = discard_const_p(char, p), ++ }; + +- new_fd = SMB_VFS_OPENAT(fsp->conn, +- fsp->conn->cwd_fsp, +- &proc_fname, +- fsp, +- &how); ++ new_fd = SMB_VFS_OPENAT(fsp->conn, ++ fsp->conn->cwd_fsp, ++ &proc_fname, ++ fsp, ++ &how); ++ } ++ + if (new_fd == -1) { + status = map_nt_error_from_unix(errno); + fd_close(fsp); +@@ -1250,6 +1260,8 @@ + } + + fsp_set_fd(fsp, new_fd); ++ fsp->fsp_flags.is_pathref = false; ++ + return NT_STATUS_OK; + } + +--- source3/lib/system.c 2023-01-18 16:32:24.174553200 +0100 ++++ source3/lib/system.c 2023-06-19 23:35:30.132465000 +0200 +@@ -1022,6 +1022,8 @@ + } proc_fd_patterns[] = { + /* Linux */ + { "/proc/self/fd/%d", "/proc/self/fd/0" }, ++ /* FreeBSD */ ++ { "/compat/linux/dev/fd/%d", "/compat/linux/dev/fd/0" }, + { NULL, NULL }, + }; + +@@ -1077,4 +1079,27 @@ + } + + return buf; ++} ++ ++ ++/* Helper function that opens a usable fd for accessing data ++ (metadata & content) from a pathref fd */ ++int sys_open_real_fd_from_pathref_fd(int fd, ++ int *rfd, ++ int flags) { ++ int tfd; ++ ++#if defined(HAVE_OPENAT) && defined(O_EMPTY_PATH) ++ /* This works for FreeBSD 13+ atleast */ ++ ++ tfd = openat(fd, "", O_EMPTY_PATH|flags); ++ if (tfd < 0) { ++ return errno; ++ } ++ ++ *rfd = tfd; ++ return 0; ++#else ++ return ENOSYS; ++#endif + } +--- source3/modules/vfs_default.c 2023-05-31 18:06:44.154299500 +0200 ++++ source3/modules/vfs_default.c 2023-06-19 23:23:58.116903000 +0200 +@@ -2721,7 +2721,7 @@ + + static int vfswrap_fchmod(vfs_handle_struct *handle, files_struct *fsp, mode_t mode) + { +- int result; ++ int result, fd, real_fd; + + START_PROFILE(syscall_fchmod); + +@@ -2731,8 +2731,9 @@ + return result; + } + ++ fd = fsp_get_pathref_fd(fsp); ++ + if (fsp->fsp_flags.have_proc_fds) { +- int fd = fsp_get_pathref_fd(fsp); + const char *p = NULL; + char buf[PATH_MAX]; + +@@ -2746,6 +2747,17 @@ + return result; + } + ++ if (sys_open_real_fd_from_pathref_fd(fd, &real_fd, O_RDONLY|O_NONBLOCK) == 0) { ++ int saved_errno; ++ ++ result = fchmod(real_fd, mode); ++ saved_errno = errno; ++ close(real_fd); ++ errno = saved_errno; ++ END_PROFILE(syscall_fchmod); ++ return result; ++ } ++ + /* + * This is no longer a handle based call. + */ +@@ -2758,7 +2770,7 @@ + static int vfswrap_fchown(vfs_handle_struct *handle, files_struct *fsp, uid_t uid, gid_t gid) + { + #ifdef HAVE_FCHOWN +- int result; ++ int result, fd, real_fd; + + START_PROFILE(syscall_fchown); + if (!fsp->fsp_flags.is_pathref) { +@@ -2767,8 +2779,9 @@ + return result; + } + ++ fd = fsp_get_pathref_fd(fsp); ++ + if (fsp->fsp_flags.have_proc_fds) { +- int fd = fsp_get_pathref_fd(fsp); + const char *p = NULL; + char buf[PATH_MAX]; + +@@ -2782,6 +2795,17 @@ + return result; + } + ++ if (sys_open_real_fd_from_pathref_fd(fd, &real_fd, O_RDONLY|O_NONBLOCK) == 0) { ++ int saved_errno; ++ ++ result = fchown(real_fd, uid, gid); ++ saved_errno = errno; ++ close(real_fd); ++ errno = saved_errno; ++ END_PROFILE(syscall_fchown); ++ return result; ++ } ++ + /* + * This is no longer a handle based call. + */ +@@ -2855,7 +2879,7 @@ + files_struct *fsp, + struct smb_file_time *ft) + { +- int result = -1; ++ int result = -1, fd, real_fd; + struct timespec ts[2]; + struct timespec *times = NULL; + +@@ -2900,8 +2924,9 @@ + goto out; + } + ++ fd = fsp_get_pathref_fd(fsp); ++ + if (fsp->fsp_flags.have_proc_fds) { +- int fd = fsp_get_pathref_fd(fsp); + const char *p = NULL; + char buf[PATH_MAX]; + +@@ -2919,6 +2944,16 @@ + goto out; + } + ++ if (sys_open_real_fd_from_pathref_fd(fd, &real_fd, O_RDONLY|O_NONBLOCK) == 0) { ++ int saved_errno; ++ ++ result = futimens(real_fd, times); ++ saved_errno = errno; ++ close(real_fd); ++ errno = saved_errno; ++ goto out; ++ } ++ + /* + * The fd is a pathref (opened with O_PATH) and there isn't fd to + * path translation mechanism. Fallback to path based call. +@@ -3322,6 +3357,7 @@ + { + #ifdef HAVE_FCHFLAGS + int fd = fsp_get_pathref_fd(fsp); ++ int real_fd; + + SMB_ASSERT(!fsp_is_alternate_stream(fsp)); + +@@ -3341,6 +3377,16 @@ + return chflags(p, flags); + } + ++ if (sys_open_real_fd_from_pathref_fd(fd, &real_fd, O_RDONLY|O_NONBLOCK) == 0) { ++ int saved_errno, result; ++ ++ result = fchflags(real_fd, flags); ++ saved_errno = errno; ++ close(real_fd); ++ errno = saved_errno; ++ return result; ++ } ++ + /* + * This is no longer a handle based call. + */ +@@ -3569,6 +3615,7 @@ + size_t size) + { + int fd = fsp_get_pathref_fd(fsp); ++ int real_fd; + + SMB_ASSERT(!fsp_is_alternate_stream(fsp)); + +@@ -3588,6 +3635,16 @@ + return getxattr(p, name, value, size); + } + ++ if (sys_open_real_fd_from_pathref_fd(fd, &real_fd, O_RDONLY|O_NONBLOCK) == 0) { ++ int saved_errno, result; ++ ++ result = fgetxattr(real_fd, name, value, size); ++ saved_errno = errno; ++ close(real_fd); ++ errno = saved_errno; ++ return result; ++ } ++ + /* + * This is no longer a handle based call. + */ +@@ -3895,6 +3952,7 @@ + static ssize_t vfswrap_flistxattr(struct vfs_handle_struct *handle, struct files_struct *fsp, char *list, size_t size) + { + int fd = fsp_get_pathref_fd(fsp); ++ int real_fd; + + SMB_ASSERT(!fsp_is_alternate_stream(fsp)); + +@@ -3914,6 +3972,16 @@ + return listxattr(p, list, size); + } + ++ if (sys_open_real_fd_from_pathref_fd(fd, &real_fd, O_RDONLY|O_NONBLOCK) == 0) { ++ int saved_errno, result; ++ ++ result = flistxattr(real_fd, list, size); ++ saved_errno = errno; ++ close(real_fd); ++ errno = saved_errno; ++ return result; ++ } ++ + /* + * This is no longer a handle based call. + */ +@@ -3923,6 +3991,7 @@ + static int vfswrap_fremovexattr(struct vfs_handle_struct *handle, struct files_struct *fsp, const char *name) + { + int fd = fsp_get_pathref_fd(fsp); ++ int real_fd; + + SMB_ASSERT(!fsp_is_alternate_stream(fsp)); + +@@ -3942,6 +4011,16 @@ + return removexattr(p, name); + } + ++ if (sys_open_real_fd_from_pathref_fd(fd, &real_fd, O_RDONLY|O_NONBLOCK) == 0) { ++ int saved_errno, result; ++ ++ result = fremovexattr(real_fd, name); ++ saved_errno = errno; ++ close(real_fd); ++ errno = saved_errno; ++ return result; ++ } ++ + /* + * This is no longer a handle based call. + */ +@@ -3951,6 +4030,7 @@ + static int vfswrap_fsetxattr(struct vfs_handle_struct *handle, struct files_struct *fsp, const char *name, const void *value, size_t size, int flags) + { + int fd = fsp_get_pathref_fd(fsp); ++ int real_fd; + + SMB_ASSERT(!fsp_is_alternate_stream(fsp)); + +@@ -3968,6 +4048,16 @@ + } + + return setxattr(p, name, value, size, flags); ++ } ++ ++ if (sys_open_real_fd_from_pathref_fd(fd, &real_fd, O_RDONLY|O_NONBLOCK) == 0) { ++ int saved_errno, result; ++ ++ result = fsetxattr(real_fd, name, value, size, flags); ++ saved_errno = errno; ++ close(real_fd); ++ errno = saved_errno; ++ return result; + } + + /* +--- source3/modules/vfs_zfsacl.c 2023-01-18 16:32:24.210553400 +0100 ++++ source3/modules/vfs_zfsacl.c 2023-06-20 08:51:53.077953000 +0200 +@@ -234,13 +234,39 @@ + + SMB_ASSERT(i == naces); + +- /* store acl */ +- fd = fsp_get_pathref_fd(fsp); +- if (fd == -1) { +- errno = EBADF; +- return false; ++ if (!fsp->fsp_flags.is_pathref) { ++ rv = facl(fsp_get_io_fd(fsp), ACE_SETACL, naces, acebuf); ++ } else { ++ const char *procfd_p = NULL; ++ char buf[PATH_MAX]; ++ ++ fd = fsp_get_pathref_fd(fsp); ++ if (fsp->fsp_flags.have_proc_fds && (procfd_p = sys_proc_fd_path(fd, buf, sizeof(buf)))) { ++ rv = acl(procfd_p, ACE_SETACL, naces, acebuf); ++ } else { ++ int real_fd; ++ ++ fd = fsp_get_pathref_fd(fsp); ++ ++ /* First try this for versions of FreeBSD 13+ that allows facl() on O_PATH fd's */ ++ rv = facl(fd, ACE_SETACL, naces, acebuf); ++ ++ if (rv < 0 && errno == EBADF && ++ sys_open_real_fd_from_pathref_fd(fd, &real_fd, O_RDONLY|O_NONBLOCK) == 0) { ++ /* Works on FreeBSD 13+ */ ++ int saved_errno; ++ ++ rv = facl(real_fd, ACE_SETACL, naces, acebuf); ++ saved_errno = errno; ++ close(real_fd); ++ errno = saved_errno; ++ } else { ++ /* Last ditch fallback */ ++ rv = acl(fsp->fsp_name->base_name, ACE_SETACL, naces, acebuf); ++ } ++ } + } +- rv = facl(fd, ACE_SETACL, naces, acebuf); ++ + if (rv != 0) { + if(errno == ENOSYS) { + DEBUG(9, ("acl(ACE_SETACL, %s): Operation is not " +@@ -284,14 +310,39 @@ + { + int naces, rv; + ace_t *acebuf = NULL; +- int fd; ++ int fd = -1; ++ const char *procfd_p = NULL; ++ char buf[PATH_MAX]; + +- fd = fsp_get_pathref_fd(fsp); +- if (fd == -1) { +- errno = EBADF; +- return -1; ++ if (!fsp->fsp_flags.is_pathref) { ++ naces = facl(fsp_get_io_fd(fsp), ACE_GETACLCNT, 0, NULL); ++ } else { ++ fd = fsp_get_pathref_fd(fsp); ++ ++ if (fsp->fsp_flags.have_proc_fds && (procfd_p = sys_proc_fd_path(fd, buf, sizeof(buf)))) { ++ /* If we have procfd support, try this first */ ++ naces = acl(procfd_p, ACE_GETACLCNT, 0, NULL); ++ } else { ++ int real_fd; ++ ++ /* First try this for versions of FreeBSD 13+ that allows facl() on O_PATH fd's */ ++ naces = facl(fd, ACE_GETACLCNT, 0, NULL); ++ if (naces < 0 && errno == EBADF && ++ sys_open_real_fd_from_pathref_fd(fd, &real_fd, O_RDONLY|O_NONBLOCK) == 0) { ++ /* Works on FreeBSD 13+ */ ++ int saved_errno; ++ ++ naces = facl(real_fd, ACE_GETACLCNT, 0, NULL); ++ saved_errno = errno; ++ close(real_fd); ++ errno = saved_errno; ++ } else { ++ /* Last ditch fallback */ ++ naces = acl(fsp->fsp_name->base_name, ACE_GETACLCNT, 0, NULL); ++ } ++ } + } +- naces = facl(fd, ACE_GETACLCNT, 0, NULL); ++ + if (naces == -1) { + int dbg_level = 10; + +@@ -309,7 +360,32 @@ + return -1; + } + +- rv = facl(fd, ACE_GETACL, naces, acebuf); ++ if (!fsp->fsp_flags.is_pathref) { ++ rv = facl(fsp_get_io_fd(fsp), ACE_GETACL, naces, acebuf); ++ } else { ++ if (procfd_p) { ++ rv = acl(procfd_p, ACE_GETACL, naces, acebuf); ++ } else { ++ int real_fd; ++ ++ /* First try this for versions of FreeBSD that allows facl() on O_PATH fd's */ ++ rv = facl(fd, ACE_GETACL, naces, acebuf); ++ if (rv < 0 && errno == EBADF && ++ sys_open_real_fd_from_pathref_fd(fd, &real_fd, O_RDONLY|O_NONBLOCK) == 0) { ++ /* Works on FreeBSD 13+ */ ++ int saved_errno; ++ ++ rv = facl(real_fd, ACE_GETACL, naces, acebuf); ++ saved_errno = errno; ++ close(real_fd); ++ errno = saved_errno; ++ } else { ++ /* Last ditch fallback */ ++ rv = acl(fsp->fsp_name->base_name, ACE_GETACL, naces, acebuf); ++ } ++ } ++ } ++ + if (rv == -1) { + DBG_DEBUG("acl(ACE_GETACL, %s): %s ", + fsp_str_dbg(fsp), strerror(errno)); +--- source3/include/proto.h 2023-05-31 18:06:44.142299400 +0200 ++++ source3/include/proto.h 2023-06-19 23:23:58.115127000 +0200 +@@ -211,6 +211,10 @@ + bool sys_have_proc_fds(void); + const char *sys_proc_fd_path(int fd, char *buf, size_t bufsize); + ++int sys_open_real_fd_from_pathref_fd(int fd, ++ int *mfd, ++ int flags); ++ + struct stat; + void init_stat_ex_from_stat (struct stat_ex *dst, + const struct stat *src, diff --git a/net/samba419/files/README.FreeBSD.in b/net/samba419/files/README.FreeBSD.in new file mode 100644 index 000000000000..9ab4faaeef80 --- /dev/null +++ b/net/samba419/files/README.FreeBSD.in @@ -0,0 +1,94 @@ + + !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + !!! Please read before runing any tools !!! + !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + +Documentation +============= + + o https://wiki.samba.org/index.php/Samba4/HOWTO + + o https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO + + o https://wiki.samba.org/index.php/Samba4/samba-tool/domain/classicupgrade/HOWTO + +FreeBSD specific information +============================ + +* Your configuration is in: %%SAMBA4_CONFDIR%%/%%SAMBA4_CONFIG%% + +* All the logs are under: %%SAMBA4_LOGDIR%% + +* All the relevant databases are under: %%SAMBA4_LOCKDIR%% + +* Provisioning script is: %%PREFIX%%/bin/samba-tool + +Samba4 provisioning requires file system(s) with the ACLs support. On +UFS2 you need to enable POSIX ACLs by adding 'acls' option to the mount +flags, on ZFS you need to use NFSv4 ACLs and `zfsacl` VFS module to get +provisioning work. + +There is a hack in the code, that makes provisioning work on UFS2 and in +the jails on the price of using USER extattr(2) namespace, which is less +secure than SYSTEM namespace, as can be edited not only by root user, but +also by the owner of the file. + +For the provisioning on ZFS you need to use additional parameters to the +samba-tool, that would explicitly add `zfsacl` to the default `vfs objects`: + + # samba-tool domain provision --interactive \ + --option="vfs objects"="dfs_samba4 zfsacl" + +To run this port you need to perform the following steps: +--------------------------------------------------------- + +0. If you had Samba3 port installed before, please, *take backups* of +all the relevant files. That includes 'smb.conf' file and all the +content of the '/var/db/samba/' directory. + +1a. Create new '%%SAMBA4_CONFDIR%%/%%SAMBA4_CONFIG%%' file by running: + + # samba-tool domain provision + +1b. Or upgrade from the Samba3 'smb.conf' file by running: + + # samba-tool domain classicupgrade + +%%AC_DC%%1c. You will need to specify location of the 'nsupdate' command in the +%%AC_DC%%'%%SAMBA4_CONFIG%%' file: +%%AC_DC%% +%%AC_DC%% nsupdate command = %%PREFIX%%/bin/samba-nsupdate -g +%%AC_DC%% +2. Put string 'samba_server_enable="YES"' into your /etc/rc.conf. + +3. Make sure that your server doesn't run Samba3, OpenLDAP and named. +Stop them, if necessary. + +4. Run '%%PREFIX%%/etc/rc.d/samba_server start' or reboot. + +Please, check archives of samba@lists.samba.org and ask there for help, +if necessary: + + https://lists.samba.org/archive/samba/ + +Port related bugs can be reported to the FreeBSD Bugzilla or directly to: + + https://gitlab.com/samba-freebsd/ports/-/issues + +In case you found a bug which is clearly not related to the port build +process itself, plese file a bug report at: + + https://bugzilla.samba.org/ + +And add me to CC list. + +You may find those tools helpful: +--------------------------------- + +Microsoft Remote Server Administration Tools (RSAT) for: + +* Vista: http://www.microsoft.com/en-us/download/details.aspx?id=21090 +* Windows 7: http://www.microsoft.com/en-us/download/details.aspx?id=7887 + + +FreeBSD Samba4 port maintainer: Timur I. Bakeyev <timur@FreeBSD.org> diff --git a/net/samba419/files/man/ctdb-script.options.5 b/net/samba419/files/man/ctdb-script.options.5 new file mode 100644 index 000000000000..e58b2fd99163 --- /dev/null +++ b/net/samba419/files/man/ctdb-script.options.5 @@ -0,0 +1,558 @@ +'\" t +.\" Title: ctdb-script.options +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/> +.\" Date: 09/23/2020 +.\" Manual: CTDB - clustered TDB database +.\" Source: ctdb +.\" Language: English +.\" +.TH "CTDB\-SCRIPT\&.OPTIO" "5" "09/23/2020" "ctdb" "CTDB \- clustered TDB database" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +ctdb-script.options \- CTDB scripts configuration files +.SH "DESCRIPTION" +.PP +Each CTDB script has 2 possible locations for its configuration options: +.PP +/usr/local/etc/ctdb/script\&.options +.RS 4 +This is a catch\-all global file for general purpose scripts and for options that are used in multiple event scripts\&. +.RE +.PP +\fISCRIPT\fR\&.options +.RS 4 +That is, options for +\fISCRIPT\fR +are placed in a file alongside the script, with a "\&.script" suffix added\&. This style is usually recommended for event scripts\&. +.sp +Options in this script\-specific file override those in the global file\&. +.RE +.PP +These files should include simple shell\-style variable assignments and shell\-style comments\&. +.SH "NETWORK CONFIGURATION" +.SS "10\&.interface" +.PP +This event script handles monitoring of interfaces using by public IP addresses\&. +.PP +CTDB_PARTIALLY_ONLINE_INTERFACES=yes|no +.RS 4 +Whether one or more offline interfaces should cause a monitor event to fail if there are other interfaces that are up\&. If this is "yes" and a node has some interfaces that are down then +\fBctdb status\fR +will display the node as "PARTIALLYONLINE"\&. +.sp +Note that CTDB_PARTIALLY_ONLINE_INTERFACES=yes is not generally compatible with NAT gateway or LVS\&. NAT gateway relies on the interface configured by CTDB_NATGW_PUBLIC_IFACE to be up and LVS replies on CTDB_LVS_PUBLIC_IFACE to be up\&. CTDB does not check if these options are set in an incompatible way so care is needed to understand the interaction\&. +.sp +Default is "no"\&. +.RE +.SS "11\&.natgw" +.PP +Provides CTDB\*(Aqs NAT gateway functionality\&. +.PP +NAT gateway is used to configure fallback routing for nodes when they do not host any public IP addresses\&. For example, it allows unhealthy nodes to reliably communicate with external infrastructure\&. One node in a NAT gateway group will be designated as the NAT gateway master node and other (slave) nodes will be configured with fallback routes via the NAT gateway master node\&. For more information, see the +NAT GATEWAY +section in +\fBctdb\fR(7)\&. +.PP +CTDB_NATGW_DEFAULT_GATEWAY=\fIIPADDR\fR +.RS 4 +IPADDR is an alternate network gateway to use on the NAT gateway master node\&. If set, a fallback default route is added via this network gateway\&. +.sp +No default\&. Setting this variable is optional \- if not set that no route is created on the NAT gateway master node\&. +.RE +.PP +CTDB_NATGW_NODES=\fIFILENAME\fR +.RS 4 +FILENAME contains the list of nodes that belong to the same NAT gateway group\&. +.sp +File format: +.sp +.if n \{\ +.RS 4 +.\} +.nf +\fIIPADDR\fR [slave\-only] + +.fi +.if n \{\ +.RE +.\} +.sp +IPADDR is the private IP address of each node in the NAT gateway group\&. +.sp +If "slave\-only" is specified then the corresponding node can not be the NAT gateway master node\&. In this case +\fICTDB_NATGW_PUBLIC_IFACE\fR +and +\fICTDB_NATGW_PUBLIC_IP\fR +are optional and unused\&. +.sp +No default, usually +/usr/local/etc/ctdb/natgw_nodes +when enabled\&. +.RE +.PP +CTDB_NATGW_PRIVATE_NETWORK=\fIIPADDR/MASK\fR +.RS 4 +IPADDR/MASK is the private sub\-network that is internally routed via the NAT gateway master node\&. This is usually the private network that is used for node addresses\&. +.sp +No default\&. +.RE +.PP +CTDB_NATGW_PUBLIC_IFACE=\fIIFACE\fR +.RS 4 +IFACE is the network interface on which the CTDB_NATGW_PUBLIC_IP will be configured\&. +.sp +No default\&. +.RE +.PP +CTDB_NATGW_PUBLIC_IP=\fIIPADDR/MASK\fR +.RS 4 +IPADDR/MASK indicates the IP address that is used for outgoing traffic (originating from CTDB_NATGW_PRIVATE_NETWORK) on the NAT gateway master node\&. This +\fImust not\fR +be a configured public IP address\&. +.sp +No default\&. +.RE +.PP +CTDB_NATGW_STATIC_ROUTES=\fIIPADDR/MASK[@GATEWAY]\fR \&.\&.\&. +.RS 4 +Each IPADDR/MASK identifies a network or host to which NATGW should create a fallback route, instead of creating a single default route\&. This can be used when there is already a default route, via an interface that can not reach required infrastructure, that overrides the NAT gateway default route\&. +.sp +If GATEWAY is specified then the corresponding route on the NATGW master node will be via GATEWAY\&. Such routes are created even if +\fICTDB_NATGW_DEFAULT_GATEWAY\fR +is not specified\&. If GATEWAY is not specified for some networks then routes are only created on the NATGW master node for those networks if +\fICTDB_NATGW_DEFAULT_GATEWAY\fR +is specified\&. +.sp +This should be used with care to avoid causing traffic to unnecessarily double\-hop through the NAT gateway master, even when a node is hosting public IP addresses\&. Each specified network or host should probably have a corresponding automatically created link route or static route to avoid this\&. +.sp +No default\&. +.RE +.sp +.it 1 an-trap +.nr an-no-space-flag 1 +.nr an-break-flag 1 +.br +.ps +1 +\fBExample\fR +.RS 4 +.sp +.if n \{\ +.RS 4 +.\} +.nf +CTDB_NATGW_NODES=/usr/local/etc/ctdb/natgw_nodes +CTDB_NATGW_PRIVATE_NETWORK=192\&.168\&.1\&.0/24 +CTDB_NATGW_DEFAULT_GATEWAY=10\&.0\&.0\&.1 +CTDB_NATGW_PUBLIC_IP=10\&.0\&.0\&.227/24 +CTDB_NATGW_PUBLIC_IFACE=eth0 + +.fi +.if n \{\ +.RE +.\} +.PP +A variation that ensures that infrastructure (ADS, DNS, \&.\&.\&.) directly attached to the public network (10\&.0\&.0\&.0/24) is always reachable would look like this: +.sp +.if n \{\ +.RS 4 +.\} +.nf +CTDB_NATGW_NODES=/usr/local/etc/ctdb/natgw_nodes +CTDB_NATGW_PRIVATE_NETWORK=192\&.168\&.1\&.0/24 +CTDB_NATGW_PUBLIC_IP=10\&.0\&.0\&.227/24 +CTDB_NATGW_PUBLIC_IFACE=eth0 +CTDB_NATGW_STATIC_ROUTES=10\&.0\&.0\&.0/24 + +.fi +.if n \{\ +.RE +.\} +.PP +Note that +\fICTDB_NATGW_DEFAULT_GATEWAY\fR +is not specified\&. +.RE +.SS "13\&.per_ip_routing" +.PP +Provides CTDB\*(Aqs policy routing functionality\&. +.PP +A node running CTDB may be a component of a complex network topology\&. In particular, public addresses may be spread across several different networks (or VLANs) and it may not be possible to route packets from these public addresses via the system\*(Aqs default route\&. Therefore, CTDB has support for policy routing via the +13\&.per_ip_routing +eventscript\&. This allows routing to be specified for packets sourced from each public address\&. The routes are added and removed as CTDB moves public addresses between nodes\&. +.PP +For more information, see the +POLICY ROUTING +section in +\fBctdb\fR(7)\&. +.PP +CTDB_PER_IP_ROUTING_CONF=\fIFILENAME\fR +.RS 4 +FILENAME contains elements for constructing the desired routes for each source address\&. +.sp +The special FILENAME value +\fB__auto_link_local__\fR +indicates that no configuration file is provided and that CTDB should generate reasonable link\-local routes for each public IP address\&. +.sp +File format: +.sp +.if n \{\ +.RS 4 +.\} +.nf + \fIIPADDR\fR \fIDEST\-IPADDR/MASK\fR [\fIGATEWAY\-IPADDR\fR] + +.fi +.if n \{\ +.RE +.\} +.sp +No default, usually +/usr/local/etc/ctdb/policy_routing +when enabled\&. +.RE +.PP +CTDB_PER_IP_ROUTING_RULE_PREF=\fINUM\fR +.RS 4 +NUM sets the priority (or preference) for the routing rules that are added by CTDB\&. +.sp +This should be (strictly) greater than 0 and (strictly) less than 32766\&. A priority of 100 is recommended, unless this conflicts with a priority already in use on the system\&. See +\fBip\fR(8), for more details\&. +.RE +.PP +CTDB_PER_IP_ROUTING_TABLE_ID_LOW=\fILOW\-NUM\fR, CTDB_PER_IP_ROUTING_TABLE_ID_HIGH=\fIHIGH\-NUM\fR +.RS 4 +CTDB determines a unique routing table number to use for the routing related to each public address\&. LOW\-NUM and HIGH\-NUM indicate the minimum and maximum routing table numbers that are used\&. +.sp +\fBip\fR(8) +uses some reserved routing table numbers below 255\&. Therefore, CTDB_PER_IP_ROUTING_TABLE_ID_LOW should be (strictly) greater than 255\&. +.sp +CTDB uses the standard file +/etc/iproute2/rt_tables +to maintain a mapping between the routing table numbers and labels\&. The label for a public address +\fIADDR\fR +will look like ctdb\&.\fIaddr\fR\&. This means that the associated rules and routes are easy to read (and manipulate)\&. +.sp +No default, usually 1000 and 9000\&. +.RE +.sp +.it 1 an-trap +.nr an-no-space-flag 1 +.nr an-break-flag 1 +.br +.ps +1 +\fBExample\fR +.RS 4 +.sp +.if n \{\ +.RS 4 +.\} +.nf +CTDB_PER_IP_ROUTING_CONF=/usr/local/etc/ctdb/policy_routing +CTDB_PER_IP_ROUTING_RULE_PREF=100 +CTDB_PER_IP_ROUTING_TABLE_ID_LOW=1000 +CTDB_PER_IP_ROUTING_TABLE_ID_HIGH=9000 + +.fi +.if n \{\ +.RE +.\} +.RE +.SS "91\&.lvs" +.PP +Provides CTDB\*(Aqs LVS functionality\&. +.PP +For a general description see the +LVS +section in +\fBctdb\fR(7)\&. +.PP +CTDB_LVS_NODES=\fIFILENAME\fR +.RS 4 +FILENAME contains the list of nodes that belong to the same LVS group\&. +.sp +File format: +.sp +.if n \{\ +.RS 4 +.\} +.nf +\fIIPADDR\fR [slave\-only] + +.fi +.if n \{\ +.RE +.\} +.sp +IPADDR is the private IP address of each node in the LVS group\&. +.sp +If "slave\-only" is specified then the corresponding node can not be the LVS master node\&. In this case +\fICTDB_LVS_PUBLIC_IFACE\fR +and +\fICTDB_LVS_PUBLIC_IP\fR +are optional and unused\&. +.sp +No default, usually +/usr/local/etc/ctdb/lvs_nodes +when enabled\&. +.RE +.PP +CTDB_LVS_PUBLIC_IFACE=\fIINTERFACE\fR +.RS 4 +INTERFACE is the network interface that clients will use to connection to +\fICTDB_LVS_PUBLIC_IP\fR\&. This is optional for slave\-only nodes\&. No default\&. +.RE +.PP +CTDB_LVS_PUBLIC_IP=\fIIPADDR\fR +.RS 4 +CTDB_LVS_PUBLIC_IP is the LVS public address\&. No default\&. +.RE +.SH "SERVICE CONFIGURATION" +.PP +CTDB can be configured to manage and/or monitor various NAS (and other) services via its eventscripts\&. +.PP +In the simplest case CTDB will manage a service\&. This means the service will be started and stopped along with CTDB, CTDB will monitor the service and CTDB will do any required reconfiguration of the service when public IP addresses are failed over\&. +.SS "20\&.multipathd" +.PP +Provides CTDB\*(Aqs Linux multipathd service management\&. +.PP +It can monitor multipath devices to ensure that active paths are available\&. +.PP +CTDB_MONITOR_MPDEVICES=\fIMP\-DEVICE\-LIST\fR +.RS 4 +MP\-DEVICE\-LIST is a list of multipath devices for CTDB to monitor? +.sp +No default\&. +.RE +.SS "31\&.clamd" +.PP +This event script provide CTDB\*(Aqs ClamAV anti\-virus service management\&. +.PP +This eventscript is not enabled by default\&. Use +\fBctdb enablescript\fR +to enable it\&. +.PP +CTDB_CLAMD_SOCKET=\fIFILENAME\fR +.RS 4 +FILENAME is the socket to monitor ClamAV\&. +.sp +No default\&. +.RE +.SS "49\&.winbind" +.PP +Provides CTDB\*(Aqs Samba winbind service management\&. +.PP +CTDB_SERVICE_WINBIND=\fISERVICE\fR +.RS 4 +Distribution specific SERVICE for managing winbindd\&. +.sp +Default is "winbind"\&. +.RE +.SS "50\&.samba" +.PP +Provides the core of CTDB\*(Aqs Samba file service management\&. +.PP +CTDB_SAMBA_CHECK_PORTS=\fIPORT\-LIST\fR +.RS 4 +When monitoring Samba, check TCP ports in space\-separated PORT\-LIST\&. +.sp +Default is to monitor ports that Samba is configured to listen on\&. +.RE +.PP +CTDB_SAMBA_SKIP_SHARE_CHECK=yes|no +.RS 4 +As part of monitoring, should CTDB skip the check for the existence of each directory configured as share in Samba\&. This may be desirable if there is a large number of shares\&. +.sp +Default is no\&. +.RE +.PP +CTDB_SERVICE_NMB=\fISERVICE\fR +.RS 4 +Distribution specific SERVICE for managing nmbd\&. +.sp +Default is distribution\-dependant\&. +.RE +.PP +CTDB_SERVICE_SMB=\fISERVICE\fR +.RS 4 +Distribution specific SERVICE for managing smbd\&. +.sp +Default is distribution\-dependant\&. +.RE +.SS "60\&.nfs" +.PP +This event script (along with 06\&.nfs) provides CTDB\*(Aqs NFS service management\&. +.PP +This includes parameters for the kernel NFS server\&. Alternative NFS subsystems (such as +\m[blue]\fBNFS\-Ganesha\fR\m[]\&\s-2\u[1]\d\s+2) can be integrated using +\fICTDB_NFS_CALLOUT\fR\&. +.PP +CTDB_NFS_CALLOUT=\fICOMMAND\fR +.RS 4 +COMMAND specifies the path to a callout to handle interactions with the configured NFS system, including startup, shutdown, monitoring\&. +.sp +Default is the included +\fBnfs\-linux\-kernel\-callout\fR\&. +.RE +.PP +CTDB_NFS_CHECKS_DIR=\fIDIRECTORY\fR +.RS 4 +Specifies the path to a DIRECTORY containing files that describe how to monitor the responsiveness of NFS RPC services\&. See the README file for this directory for an explanation of the contents of these "check" files\&. +.sp +CTDB_NFS_CHECKS_DIR can be used to point to different sets of checks for different NFS servers\&. +.sp +One way of using this is to have it point to, say, +/usr/local/etc/ctdb/nfs\-checks\-enabled\&.d +and populate it with symbolic links to the desired check files\&. This avoids duplication and is upgrade\-safe\&. +.sp +Default is +/usr/local/etc/ctdb/nfs\-checks\&.d, which contains NFS RPC checks suitable for Linux kernel NFS\&. +.RE +.PP +CTDB_NFS_SKIP_SHARE_CHECK=yes|no +.RS 4 +As part of monitoring, should CTDB skip the check for the existence of each directory exported via NFS\&. This may be desirable if there is a large number of exports\&. +.sp +Default is no\&. +.RE +.PP +CTDB_RPCINFO_LOCALHOST=\fIIPADDR\fR|\fIHOSTNAME\fR +.RS 4 +IPADDR or HOSTNAME indicates the address that +\fBrpcinfo\fR +should connect to when doing +\fBrpcinfo\fR +check on IPv4 RPC service during monitoring\&. Optimally this would be "localhost"\&. However, this can add some performance overheads\&. +.sp +Default is "127\&.0\&.0\&.1"\&. +.RE +.PP +CTDB_RPCINFO_LOCALHOST6=\fIIPADDR\fR|\fIHOSTNAME\fR +.RS 4 +IPADDR or HOSTNAME indicates the address that +\fBrpcinfo\fR +should connect to when doing +\fBrpcinfo\fR +check on IPv6 RPC service during monitoring\&. Optimally this would be "localhost6" (or similar)\&. However, this can add some performance overheads\&. +.sp +Default is "::1"\&. +.RE +.PP +CTDB_NFS_STATE_FS_TYPE=\fITYPE\fR +.RS 4 +The type of filesystem used for a clustered NFS\*(Aq shared state\&. No default\&. +.RE +.PP +CTDB_NFS_STATE_MNT=\fIDIR\fR +.RS 4 +The directory where a clustered NFS\*(Aq shared state will be located\&. No default\&. +.RE +.SS "70\&.iscsi" +.PP +Provides CTDB\*(Aqs Linux iSCSI tgtd service management\&. +.PP +CTDB_START_ISCSI_SCRIPTS=\fIDIRECTORY\fR +.RS 4 +DIRECTORY on shared storage containing scripts to start tgtd for each public IP address\&. +.sp +No default\&. +.RE +.SH "DATABASE SETUP" +.PP +CTDB checks the consistency of databases during startup\&. +.SS "00\&.ctdb" +.PP +CTDB_MAX_CORRUPT_DB_BACKUPS=\fINUM\fR +.RS 4 +NUM is the maximum number of volatile TDB database backups to be kept (for each database) when a corrupt database is found during startup\&. Volatile TDBs are zeroed during startup so backups are needed to debug any corruption that occurs before a restart\&. +.sp +Default is 10\&. +.RE +.SH "SYSTEM RESOURCE MONITORING" +.SS "05\&.system" +.PP +Provides CTDB\*(Aqs filesystem and memory usage monitoring\&. +.PP +CTDB can experience seemingly random (performance and other) issues if system resources become too constrained\&. Options in this section can be enabled to allow certain system resources to be checked\&. They allows warnings to be logged and nodes to be marked unhealthy when system resource usage reaches the configured thresholds\&. +.PP +Some checks are enabled by default\&. It is recommended that these checks remain enabled or are augmented by extra checks\&. There is no supported way of completely disabling the checks\&. +.PP +CTDB_MONITOR_FILESYSTEM_USAGE=\fIFS\-LIMIT\-LIST\fR +.RS 4 +FS\-LIMIT\-LIST is a space\-separated list of +\fIFILESYSTEM\fR:\fIWARN_LIMIT\fR[:\fIUNHEALTHY_LIMIT\fR] +triples indicating that warnings should be logged if the space used on FILESYSTEM reaches WARN_LIMIT%\&. If usage reaches UNHEALTHY_LIMIT then the node should be flagged unhealthy\&. Either WARN_LIMIT or UNHEALTHY_LIMIT may be left blank, meaning that check will be omitted\&. +.sp +Default is to warn for each filesystem containing a database directory (volatile\ \&database\ \&directory, +persistent\ \&database\ \&directory, +state\ \&database\ \&directory) with a threshold of 90%\&. +.RE +.PP +CTDB_MONITOR_MEMORY_USAGE=\fIMEM\-LIMITS\fR +.RS 4 +MEM\-LIMITS takes the form +\fIWARN_LIMIT\fR[:\fIUNHEALTHY_LIMIT\fR] +indicating that warnings should be logged if memory usage reaches WARN_LIMIT%\&. If usage reaches UNHEALTHY_LIMIT then the node should be flagged unhealthy\&. Either WARN_LIMIT or UNHEALTHY_LIMIT may be left blank, meaning that check will be omitted\&. +.sp +Default is 80, so warnings will be logged when memory usage reaches 80%\&. +.RE +.SH "EVENT SCRIPT DEBUGGING" +.SS "debug\-hung\-script\&.sh" +.PP +CTDB_DEBUG_HUNG_SCRIPT_STACKPAT=\fIREGEXP\fR +.RS 4 +REGEXP specifies interesting processes for which stack traces should be logged when debugging hung eventscripts and those processes are matched in pstree output\&. REGEXP is an extended regexp so choices are separated by pipes (\*(Aq|\*(Aq)\&. However, REGEXP should not contain parentheses\&. See also the +\fBctdb.conf\fR(5) +[event] "debug\ \&script" option\&. +.sp +Default is "exportfs|rpcinfo"\&. +.RE +.SH "FILES" +.RS 4 +/usr/local/etc/ctdb/script\&.options +.RE +.SH "SEE ALSO" +.PP +\fBctdbd\fR(1), +\fBctdb\fR(7), +\m[blue]\fB\%http://ctdb.samba.org/\fR\m[] +.SH "AUTHOR" +.br +.PP +This documentation was written by Amitay Isaacs, Martin Schwenke +.SH "COPYRIGHT" +.br +Copyright \(co 2007 Andrew Tridgell, Ronnie Sahlberg +.br +.PP +This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version\&. +.PP +This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE\&. See the GNU General Public License for more details\&. +.PP +You should have received a copy of the GNU General Public License along with this program; if not, see +\m[blue]\fB\%http://www.gnu.org/licenses\fR\m[]\&. +.sp +.SH "NOTES" +.IP " 1." 4 +NFS-Ganesha +.RS 4 +\%https://github.com/nfs-ganesha/nfs-ganesha/wiki +.RE diff --git a/net/samba419/files/man/ctdb-statistics.7 b/net/samba419/files/man/ctdb-statistics.7 new file mode 100644 index 000000000000..a70061f0298b --- /dev/null +++ b/net/samba419/files/man/ctdb-statistics.7 @@ -0,0 +1,550 @@ +'\" t +.\" Title: ctdb-statistics +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/> +.\" Date: 09/23/2020 +.\" Manual: CTDB - clustered TDB database +.\" Source: ctdb +.\" Language: English +.\" +.TH "CTDB\-STATISTICS" "7" "09/23/2020" "ctdb" "CTDB \- clustered TDB database" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +ctdb-statistics \- CTDB statistics output +.SH "OVERALL STATISTICS" +.PP +CTDB maintains information about various messages communicated and some of the important operations per node\&. See the +\fBctdb\fR(1) +commands +\fBstatistics\fR +and +\fBstatisticsreset\fR +for displaying statistics\&. +.SS "Example: ctdb statistics" +.sp +.if n \{\ +.RS 4 +.\} +.nf +CTDB version 1 +Current time of statistics : Fri Sep 12 13:32:32 2014 +Statistics collected since : (000 01:49:20) Fri Sep 12 11:43:12 2014 + num_clients 6 + frozen 0 + recovering 0 + num_recoveries 2 + client_packets_sent 281293 + client_packets_recv 296317 + node_packets_sent 452387 + node_packets_recv 182394 + keepalive_packets_sent 3927 + keepalive_packets_recv 3928 + node + req_call 48605 + reply_call 1 + req_dmaster 23404 + reply_dmaster 24917 + reply_error 0 + req_message 958 + req_control 197513 + reply_control 153705 + client + req_call 130866 + req_message 770 + req_control 168921 + timeouts + call 0 + control 0 + traverse 0 + locks + num_calls 220 + num_current 0 + num_pending 0 + num_failed 0 + total_calls 130866 + pending_calls 0 + childwrite_calls 1 + pending_childwrite_calls 0 + memory_used 334490 + max_hop_count 18 + total_ro_delegations 2 + total_ro_revokes 2 + hop_count_buckets: 42816 5464 26 1 0 0 0 0 0 0 0 0 0 0 0 0 + lock_buckets: 9 165 14 15 7 2 2 0 0 0 0 0 0 0 0 0 + locks_latency MIN/AVG/MAX 0\&.000685/0\&.160302/6\&.369342 sec out of 214 + reclock_ctdbd MIN/AVG/MAX 0\&.004940/0\&.004969/0\&.004998 sec out of 2 + reclock_recd MIN/AVG/MAX 0\&.000000/0\&.000000/0\&.000000 sec out of 0 + call_latency MIN/AVG/MAX 0\&.000006/0\&.000719/4\&.562991 sec out of 126626 + childwrite_latency MIN/AVG/MAX 0\&.014527/0\&.014527/0\&.014527 sec out of 1 + +.fi +.if n \{\ +.RE +.\} +.SS "CTDB version" +.PP +Version of the ctdb protocol used by the node\&. +.SS "Current time of statistics" +.PP +Time when the statistics are generated\&. +.PP +This is useful when collecting statistics output periodically for post\-processing\&. +.SS "Statistics collected since" +.PP +Time when ctdb was started or the last time statistics was reset\&. The output shows the duration and the timestamp\&. +.SS "num_clients" +.PP +Number of processes currently connected to CTDB\*(Aqs unix socket\&. This includes recovery daemon, ctdb tool and samba processes (smbd, winbindd)\&. +.SS "frozen" +.PP +1 if the databases are currently frozen, 0 otherwise\&. +.SS "recovering" +.PP +1 if recovery is active, 0 otherwise\&. +.SS "num_recoveries" +.PP +Number of recoveries since the start of ctdb or since the last statistics reset\&. +.SS "client_packets_sent" +.PP +Number of packets sent to client processes via unix domain socket\&. +.SS "client_packets_recv" +.PP +Number of packets received from client processes via unix domain socket\&. +.SS "node_packets_sent" +.PP +Number of packets sent to the other nodes in the cluster via TCP\&. +.SS "node_packets_recv" +.PP +Number of packets received from the other nodes in the cluster via TCP\&. +.SS "keepalive_packets_sent" +.PP +Number of keepalive messages sent to other nodes\&. +.PP +CTDB periodically sends keepalive messages to other nodes\&. See +KeepaliveInterval +tunable in +\fBctdb-tunables\fR(7) +for more details\&. +.SS "keepalive_packets_recv" +.PP +Number of keepalive messages received from other nodes\&. +.SS "node" +.PP +This section lists various types of messages processed which originated from other nodes via TCP\&. +.sp +.it 1 an-trap +.nr an-no-space-flag 1 +.nr an-break-flag 1 +.br +.ps +1 +\fBreq_call\fR +.RS 4 +.PP +Number of REQ_CALL messages from the other nodes\&. +.RE +.sp +.it 1 an-trap +.nr an-no-space-flag 1 +.nr an-break-flag 1 +.br +.ps +1 +\fBreply_call\fR +.RS 4 +.PP +Number of REPLY_CALL messages from the other nodes\&. +.RE +.sp +.it 1 an-trap +.nr an-no-space-flag 1 +.nr an-break-flag 1 +.br +.ps +1 +\fBreq_dmaster\fR +.RS 4 +.PP +Number of REQ_DMASTER messages from the other nodes\&. +.RE +.sp +.it 1 an-trap +.nr an-no-space-flag 1 +.nr an-break-flag 1 +.br +.ps +1 +\fBreply_dmaster\fR +.RS 4 +.PP +Number of REPLY_DMASTER messages from the other nodes\&. +.RE +.sp +.it 1 an-trap +.nr an-no-space-flag 1 +.nr an-break-flag 1 +.br +.ps +1 +\fBreply_error\fR +.RS 4 +.PP +Number of REPLY_ERROR messages from the other nodes\&. +.RE +.sp +.it 1 an-trap +.nr an-no-space-flag 1 +.nr an-break-flag 1 +.br +.ps +1 +\fBreq_message\fR +.RS 4 +.PP +Number of REQ_MESSAGE messages from the other nodes\&. +.RE +.sp +.it 1 an-trap +.nr an-no-space-flag 1 +.nr an-break-flag 1 +.br +.ps +1 +\fBreq_control\fR +.RS 4 +.PP +Number of REQ_CONTROL messages from the other nodes\&. +.RE +.sp +.it 1 an-trap +.nr an-no-space-flag 1 +.nr an-break-flag 1 +.br +.ps +1 +\fBreply_control\fR +.RS 4 +.PP +Number of REPLY_CONTROL messages from the other nodes\&. +.RE +.sp +.it 1 an-trap +.nr an-no-space-flag 1 +.nr an-break-flag 1 +.br +.ps +1 +\fBreq_tunnel\fR +.RS 4 +.PP +Number of REQ_TUNNEL messages from the other nodes\&. +.RE +.SS "client" +.PP +This section lists various types of messages processed which originated from clients via unix domain socket\&. +.sp +.it 1 an-trap +.nr an-no-space-flag 1 +.nr an-break-flag 1 +.br +.ps +1 +\fBreq_call\fR +.RS 4 +.PP +Number of REQ_CALL messages from the clients\&. +.RE +.sp +.it 1 an-trap +.nr an-no-space-flag 1 +.nr an-break-flag 1 +.br +.ps +1 +\fBreq_message\fR +.RS 4 +.PP +Number of REQ_MESSAGE messages from the clients\&. +.RE +.sp +.it 1 an-trap +.nr an-no-space-flag 1 +.nr an-break-flag 1 +.br +.ps +1 +\fBreq_control\fR +.RS 4 +.PP +Number of REQ_CONTROL messages from the clients\&. +.RE +.sp +.it 1 an-trap +.nr an-no-space-flag 1 +.nr an-break-flag 1 +.br +.ps +1 +\fBreq_tunnel\fR +.RS 4 +.PP +Number of REQ_TUNNEL messages from the clients\&. +.RE +.SS "timeouts" +.PP +This section lists timeouts occurred when sending various messages\&. +.sp +.it 1 an-trap +.nr an-no-space-flag 1 +.nr an-break-flag 1 +.br +.ps +1 +\fBcall\fR +.RS 4 +.PP +Number of timeouts for REQ_CALL messages\&. +.RE +.sp +.it 1 an-trap +.nr an-no-space-flag 1 +.nr an-break-flag 1 +.br +.ps +1 +\fBcontrol\fR +.RS 4 +.PP +Number of timeouts for REQ_CONTROL messages\&. +.RE +.sp +.it 1 an-trap +.nr an-no-space-flag 1 +.nr an-break-flag 1 +.br +.ps +1 +\fBtraverse\fR +.RS 4 +.PP +Number of timeouts for database traverse operations\&. +.RE +.SS "locks" +.PP +This section lists locking statistics\&. +.sp +.it 1 an-trap +.nr an-no-space-flag 1 +.nr an-break-flag 1 +.br +.ps +1 +\fBnum_calls\fR +.RS 4 +.PP +Number of completed lock calls\&. This includes database locks and record locks\&. +.RE +.sp +.it 1 an-trap +.nr an-no-space-flag 1 +.nr an-break-flag 1 +.br +.ps +1 +\fBnum_current\fR +.RS 4 +.PP +Number of scheduled lock calls\&. This includes database locks and record locks\&. +.RE +.sp +.it 1 an-trap +.nr an-no-space-flag 1 +.nr an-break-flag 1 +.br +.ps +1 +\fBnum_pending\fR +.RS 4 +.PP +Number of queued lock calls\&. This includes database locks and record locks\&. +.RE +.sp +.it 1 an-trap +.nr an-no-space-flag 1 +.nr an-break-flag 1 +.br +.ps +1 +\fBnum_failed\fR +.RS 4 +.PP +Number of failed lock calls\&. This includes database locks and record locks\&. +.RE +.SS "total_calls" +.PP +Number of req_call messages processed from clients\&. This number should be same as client \-\-> req_call\&. +.SS "pending_calls" +.PP +Number of req_call messages which are currently being processed\&. This number indicates the number of record migrations in flight\&. +.SS "childwrite_calls" +.PP +Number of record update calls\&. Record update calls are used to update a record under a transaction\&. +.SS "pending_childwrite_calls" +.PP +Number of record update calls currently active\&. +.SS "memory_used" +.PP +The amount of memory in bytes currently used by CTDB using talloc\&. This includes all the memory used for CTDB\*(Aqs internal data structures\&. This does not include the memory mapped TDB databases\&. +.SS "max_hop_count" +.PP +The maximum number of hops required for a record migration request to obtain the record\&. High numbers indicate record contention\&. +.SS "total_ro_delegations" +.PP +Number of readonly delegations created\&. +.SS "total_ro_revokes" +.PP +Number of readonly delegations that were revoked\&. The difference between total_ro_revokes and total_ro_delegations gives the number of currently active readonly delegations\&. +.SS "hop_count_buckets" +.PP +Distribution of migration requests based on hop counts values\&. Buckets are 0, <\ \&2, <\ \&4, <\ \&8, <\ \&16, <\ \&32, <\ \&64, <\ \&128, <\ \&256, <\ \&512, <\ \&1024, <\ \&2048, <\ \&4096, <\ \&8192, <\ \&16384, ≥\ \&16384\&. +.SS "lock_buckets" +.PP +Distribution of record lock requests based on time required to obtain locks\&. Buckets are <\ \&1ms, <\ \&10ms, <\ \&100ms, <\ \&1s, <\ \&2s, <\ \&4s, <\ \&8s, <\ \&16s, <\ \&32s, <\ \&64s, ≥\ \&64s\&. +.SS "locks_latency" +.PP +The minimum, the average and the maximum time (in seconds) required to obtain record locks\&. +.SS "reclock_ctdbd" +.PP +The minimum, the average and the maximum time (in seconds) required to check if recovery lock is still held by recovery daemon when recovery mode is changed\&. This check is done in ctdb daemon\&. +.SS "reclock_recd" +.PP +The minimum, the average and the maximum time (in seconds) required to check if recovery lock is still held by recovery daemon during recovery\&. This check is done in recovery daemon\&. +.SS "call_latency" +.PP +The minimum, the average and the maximum time (in seconds) required to process a REQ_CALL message from client\&. This includes the time required to migrate a record from remote node, if the record is not available on the local node\&. +.SS "childwrite_latency" +.PP +Default: 0 +.PP +The minimum, the average and the maximum time (in seconds) required to update records under a transaction\&. +.SH "DATABASE STATISTICS" +.PP +CTDB maintains per database statistics about important operations\&. See the +\fBctdb\fR(1) +command +\fBdbstatistics\fR +for displaying database statistics\&. +.SS "Example: ctdb dbstatistics notify_index\&.tdb" +.sp +.if n \{\ +.RS 4 +.\} +.nf +DB Statistics: notify_index\&.tdb + ro_delegations 0 + ro_revokes 0 + locks + total 131 + failed 0 + current 0 + pending 0 + hop_count_buckets: 9890 5454 26 1 0 0 0 0 0 0 0 0 0 0 0 0 + lock_buckets: 4 117 10 0 0 0 0 0 0 0 0 0 0 0 0 0 + locks_latency MIN/AVG/MAX 0\&.000683/0\&.004198/0\&.014730 sec out of 131 + Num Hot Keys: 3 + Count:7 Key:2f636c75737465726673 + Count:18 Key:2f636c757374657266732f64617461 + Count:7 Key:2f636c757374657266732f646174612f636c69656e7473 + +.fi +.if n \{\ +.RE +.\} +.SS "DB Statistics" +.PP +Name of the database\&. +.SS "ro_delegations" +.PP +Number of readonly delegations created in the database\&. +.SS "ro_revokes" +.PP +Number of readonly delegations revoked\&. The difference in ro_delegations and ro_revokes indicates the currently active readonly delegations\&. +.SS "locks" +.PP +This section lists locking statistics\&. +.sp +.it 1 an-trap +.nr an-no-space-flag 1 +.nr an-break-flag 1 +.br +.ps +1 +\fBtotal\fR +.RS 4 +.PP +Number of completed lock calls\&. This includes database locks and record locks\&. +.RE +.sp +.it 1 an-trap +.nr an-no-space-flag 1 +.nr an-break-flag 1 +.br +.ps +1 +\fBfailed\fR +.RS 4 +.PP +Number of failed lock calls\&. This includes database locks and record locks\&. +.RE +.sp +.it 1 an-trap +.nr an-no-space-flag 1 +.nr an-break-flag 1 +.br +.ps +1 +\fBcurrent\fR +.RS 4 +.PP +Number of scheduled lock calls\&. This includes database locks and record locks\&. +.RE +.sp +.it 1 an-trap +.nr an-no-space-flag 1 +.nr an-break-flag 1 +.br +.ps +1 +\fBpending\fR +.RS 4 +.PP +Number of queued lock calls\&. This includes database locks and record locks\&. +.RE +.SS "hop_count_buckets" +.PP +Distribution of migration requests based on hop counts values\&. Buckets are 0, <\ \&2, <\ \&4, <\ \&8, <\ \&16, <\ \&32, <\ \&64, <\ \&128, <\ \&256, <\ \&512, <\ \&1024, <\ \&2048, <\ \&4096, <\ \&8192, <\ \&16384, ≥\ \&16384\&. +.SS "lock_buckets" +.PP +Distribution of record lock requests based on time required to obtain locks\&. Buckets are <\ \&1ms, <\ \&10ms, <\ \&100ms, <\ \&1s, <\ \&2s, <\ \&4s, <\ \&8s, <\ \&16s, <\ \&32s, <\ \&64s, ≥\ \&64s\&. +.SS "locks_latency" +.PP +The minimum, the average and the maximum time (in seconds) required to obtain record locks\&. +.SS "Num Hot Keys" +.PP +Number of contended records determined by hop count\&. CTDB keeps track of top 10 hot records and the output shows hex encoded keys for the hot records\&. +.SH "SEE ALSO" +.PP +\fBctdb\fR(1), +\fBctdbd\fR(1), +\fBctdb-tunables\fR(7), +\m[blue]\fB\%http://ctdb.samba.org/\fR\m[] +.SH "AUTHOR" +.br +.PP +This documentation was written by Amitay Isaacs, Martin Schwenke +.SH "COPYRIGHT" +.br +Copyright \(co 2007 Andrew Tridgell, Ronnie Sahlberg +.br +.PP +This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version\&. +.PP +This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE\&. See the GNU General Public License for more details\&. +.PP +You should have received a copy of the GNU General Public License along with this program; if not, see +\m[blue]\fB\%http://www.gnu.org/licenses\fR\m[]\&. +.sp diff --git a/net/samba419/files/man/ctdb-tunables.7 b/net/samba419/files/man/ctdb-tunables.7 new file mode 100644 index 000000000000..2de515b975c5 --- /dev/null +++ b/net/samba419/files/man/ctdb-tunables.7 @@ -0,0 +1,406 @@ +'\" t +.\" Title: ctdb-tunables +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/> +.\" Date: 09/23/2020 +.\" Manual: CTDB - clustered TDB database +.\" Source: ctdb +.\" Language: English +.\" +.TH "CTDB\-TUNABLES" "7" "09/23/2020" "ctdb" "CTDB \- clustered TDB database" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +ctdb-tunables \- CTDB tunable configuration variables +.SH "DESCRIPTION" +.PP +CTDB\*(Aqs behaviour can be configured by setting run\-time tunable variables\&. This lists and describes all tunables\&. See the +\fBctdb\fR(1) +\fBlistvars\fR, +\fBsetvar\fR +and +\fBgetvar\fR +commands for more details\&. +.PP +Unless otherwise stated, tunables should be set to the same value on all nodes\&. Setting tunables to different values across nodes may produce unexpected results\&. Future releases may set (some or most) tunables globally across the cluster but doing so is currently a manual process\&. +.PP +Tunables can be set at startup from the +/usr/local/etc/ctdb/ctdb\&.tunables +configuration file\&. +.sp +.if n \{\ +.RS 4 +.\} +.nf +\fITUNABLE\fR=\fIVALUE\fR + +.fi +.if n \{\ +.RE +.\} +.PP +For example: +.sp +.if n \{\ +.RS 4 +.\} +.nf +MonitorInterval=20 + +.fi +.if n \{\ +.RE +.\} +.PP +The available tunable variables are listed alphabetically below\&. +.SS "AllowClientDBAttach" +.PP +Default: 1 +.PP +When set to 0, clients are not allowed to attach to any databases\&. This can be used to temporarily block any new processes from attaching to and accessing the databases\&. This is mainly used for detaching a volatile database using \*(Aqctdb detach\*(Aq\&. +.SS "AllowMixedVersions" +.PP +Default: 0 +.PP +CTDB will not allow incompatible versions to co\-exist in a cluster\&. If a version mismatch is found, then losing CTDB will shutdown\&. To disable the incompatible version check, set this tunable to 1\&. +.PP +For version checking, CTDB uses major and minor version\&. For example, CTDB 4\&.6\&.1 and CTDB 4\&.6\&.2 are matching versions; CTDB 4\&.5\&.x and CTDB 4\&.6\&.y do not match\&. +.PP +CTDB with version check support will lose to CTDB without version check support\&. Between two different CTDB versions with version check support, one running for less time will lose\&. If the running time for both CTDB versions with version check support is equal (to seconds), then the older version will lose\&. The losing CTDB daemon will shutdown\&. +.SS "AllowUnhealthyDBRead" +.PP +Default: 0 +.PP +When set to 1, ctdb allows database traverses to read unhealthy databases\&. By default, ctdb does not allow reading records from unhealthy databases\&. +.SS "ControlTimeout" +.PP +Default: 60 +.PP +This is the default setting for timeout for when sending a control message to either the local or a remote ctdb daemon\&. +.SS "DatabaseHashSize" +.PP +Default: 100001 +.PP +Number of the hash chains for the local store of the tdbs that ctdb manages\&. +.SS "DatabaseMaxDead" +.PP +Default: 5 +.PP +Maximum number of dead records per hash chain for the tdb databses managed by ctdb\&. +.SS "DBRecordCountWarn" +.PP +Default: 100000 +.PP +When set to non\-zero, ctdb will log a warning during recovery if a database has more than this many records\&. This will produce a warning if a database grows uncontrollably with orphaned records\&. +.SS "DBRecordSizeWarn" +.PP +Default: 10000000 +.PP +When set to non\-zero, ctdb will log a warning during recovery if a single record is bigger than this size\&. This will produce a warning if a database record grows uncontrollably\&. +.SS "DBSizeWarn" +.PP +Default: 1000000000 +.PP +When set to non\-zero, ctdb will log a warning during recovery if a database size is bigger than this\&. This will produce a warning if a database grows uncontrollably\&. +.SS "DeferredAttachTO" +.PP +Default: 120 +.PP +When databases are frozen we do not allow clients to attach to the databases\&. Instead of returning an error immediately to the client, the attach request from the client is deferred until the database becomes available again at which stage we respond to the client\&. +.PP +This timeout controls how long we will defer the request from the client before timing it out and returning an error to the client\&. +.SS "ElectionTimeout" +.PP +Default: 3 +.PP +The number of seconds to wait for the election of recovery master to complete\&. If the election is not completed during this interval, then that round of election fails and ctdb starts a new election\&. +.SS "EnableBans" +.PP +Default: 1 +.PP +This parameter allows ctdb to ban a node if the node is misbehaving\&. +.PP +When set to 0, this disables banning completely in the cluster and thus nodes can not get banned, even it they break\&. Don\*(Aqt set to 0 unless you know what you are doing\&. +.SS "EventScriptTimeout" +.PP +Default: 30 +.PP +Maximum time in seconds to allow an event to run before timing out\&. This is the total time for all enabled scripts that are run for an event, not just a single event script\&. +.PP +Note that timeouts are ignored for some events ("takeip", "releaseip", "startrecovery", "recovered") and converted to success\&. The logic here is that the callers of these events implement their own additional timeout\&. +.SS "FetchCollapse" +.PP +Default: 1 +.PP +This parameter is used to avoid multiple migration requests for the same record from a single node\&. All the record requests for the same record are queued up and processed when the record is migrated to the current node\&. +.PP +When many clients across many nodes try to access the same record at the same time this can lead to a fetch storm where the record becomes very active and bounces between nodes very fast\&. This leads to high CPU utilization of the ctdbd daemon, trying to bounce that record around very fast, and poor performance\&. This can improve performance and reduce CPU utilization for certain workloads\&. +.SS "HopcountMakeSticky" +.PP +Default: 50 +.PP +For database(s) marked STICKY (using \*(Aqctdb setdbsticky\*(Aq), any record that is migrating so fast that hopcount exceeds this limit is marked as STICKY record for +\fIStickyDuration\fR +seconds\&. This means that after each migration the sticky record will be kept on the node +\fIStickyPindown\fRmilliseconds and prevented from being migrated off the node\&. +.PP +This will improve performance for certain workloads, such as locking\&.tdb if many clients are opening/closing the same file concurrently\&. +.SS "IPAllocAlgorithm" +.PP +Default: 2 +.PP +Selects the algorithm that CTDB should use when doing public IP address allocation\&. Meaningful values are: +.PP +0 +.RS 4 +Deterministic IP address allocation\&. +.sp +This is a simple and fast option\&. However, it can cause unnecessary address movement during fail\-over because each address has a "home" node\&. Works badly when some nodes do not have any addresses defined\&. Should be used with care when addresses are defined across multiple networks\&. +.RE +.PP +1 +.RS 4 +Non\-deterministic IP address allocation\&. +.sp +This is a relatively fast option that attempts to do a minimise unnecessary address movements\&. Addresses do not have a "home" node\&. Rebalancing is limited but it usually adequate\&. Works badly when addresses are defined across multiple networks\&. +.RE +.PP +2 +.RS 4 +LCP2 IP address allocation\&. +.sp +Uses a heuristic to assign addresses defined across multiple networks, usually balancing addresses on each network evenly across nodes\&. Addresses do not have a "home" node\&. Minimises unnecessary address movements\&. The algorithm is complex, so is slower than other choices for a large number of addresses\&. However, it can calculate an optimal assignment of 900 addresses in under 10 seconds on modern hardware\&. +.RE +.PP +If the specified value is not one of these then the default will be used\&. +.SS "KeepaliveInterval" +.PP +Default: 5 +.PP +How often in seconds should the nodes send keep\-alive packets to each other\&. +.SS "KeepaliveLimit" +.PP +Default: 5 +.PP +After how many keepalive intervals without any traffic should a node wait until marking the peer as DISCONNECTED\&. +.PP +If a node has hung, it can take +\fIKeepaliveInterval\fR +* (\fIKeepaliveLimit\fR ++ 1) seconds before ctdb determines that the node is DISCONNECTED and performs a recovery\&. This limit should not be set too high to enable early detection and avoid any application timeouts (e\&.g\&. SMB1) to kick in before the fail over is completed\&. +.SS "LockProcessesPerDB" +.PP +Default: 200 +.PP +This is the maximum number of lock helper processes ctdb will create for obtaining record locks\&. When ctdb cannot get a record lock without blocking, it creates a helper process that waits for the lock to be obtained\&. +.SS "LogLatencyMs" +.PP +Default: 0 +.PP +When set to non\-zero, ctdb will log if certains operations take longer than this value, in milliseconds, to complete\&. These operations include "process a record request from client", "take a record or database lock", "update a persistent database record" and "vacuum a database"\&. +.SS "MaxQueueDropMsg" +.PP +Default: 1000000 +.PP +This is the maximum number of messages to be queued up for a client before ctdb will treat the client as hung and will terminate the client connection\&. +.SS "MonitorInterval" +.PP +Default: 15 +.PP +How often should ctdb run the \*(Aqmonitor\*(Aq event in seconds to check for a node\*(Aqs health\&. +.SS "MonitorTimeoutCount" +.PP +Default: 20 +.PP +How many \*(Aqmonitor\*(Aq events in a row need to timeout before a node is flagged as UNHEALTHY\&. This setting is useful if scripts can not be written so that they do not hang for benign reasons\&. +.SS "NoIPFailback" +.PP +Default: 0 +.PP +When set to 1, ctdb will not perform failback of IP addresses when a node becomes healthy\&. When a node becomes UNHEALTHY, ctdb WILL perform failover of public IP addresses, but when the node becomes HEALTHY again, ctdb will not fail the addresses back\&. +.PP +Use with caution! Normally when a node becomes available to the cluster ctdb will try to reassign public IP addresses onto the new node as a way to distribute the workload evenly across the clusternode\&. Ctdb tries to make sure that all running nodes have approximately the same number of public addresses it hosts\&. +.PP +When you enable this tunable, ctdb will no longer attempt to rebalance the cluster by failing IP addresses back to the new nodes\&. An unbalanced cluster will therefore remain unbalanced until there is manual intervention from the administrator\&. When this parameter is set, you can manually fail public IP addresses over to the new node(s) using the \*(Aqctdb moveip\*(Aq command\&. +.SS "NoIPTakeover" +.PP +Default: 0 +.PP +When set to 1, ctdb will not allow IP addresses to be failed over to other nodes\&. Any IP addresses already hosted on healthy nodes will remain\&. Any IP addresses hosted on unhealthy nodes will be released by unhealthy nodes and will become un\-hosted\&. +.SS "PullDBPreallocation" +.PP +Default: 10*1024*1024 +.PP +This is the size of a record buffer to pre\-allocate for sending reply to PULLDB control\&. Usually record buffer starts with size of the first record and gets reallocated every time a new record is added to the record buffer\&. For a large number of records, this can be very inefficient to grow the record buffer one record at a time\&. +.SS "QueueBufferSize" +.PP +Default: 1024 +.PP +This is the maximum amount of data (in bytes) ctdb will read from a socket at a time\&. +.PP +For a busy setup, if ctdb is not able to process the TCP sockets fast enough (large amount of data in Recv\-Q for tcp sockets), then this tunable value should be increased\&. However, large values can keep ctdb busy processing packets and prevent ctdb from handling other events\&. +.SS "RecBufferSizeLimit" +.PP +Default: 1000000 +.PP +This is the limit on the size of the record buffer to be sent in various controls\&. This limit is used by new controls used for recovery and controls used in vacuuming\&. +.SS "RecdFailCount" +.PP +Default: 10 +.PP +If the recovery daemon has failed to ping the main daemon for this many consecutive intervals, the main daemon will consider the recovery daemon as hung and will try to restart it to recover\&. +.SS "RecdPingTimeout" +.PP +Default: 60 +.PP +If the main daemon has not heard a "ping" from the recovery daemon for this many seconds, the main daemon will log a message that the recovery daemon is potentially hung\&. This also increments a counter which is checked against +\fIRecdFailCount\fR +for detection of hung recovery daemon\&. +.SS "RecLockLatencyMs" +.PP +Default: 1000 +.PP +When using a reclock file for split brain prevention, if set to non\-zero this tunable will make the recovery daemon log a message if the fcntl() call to lock/testlock the recovery file takes longer than this number of milliseconds\&. +.SS "RecoverInterval" +.PP +Default: 1 +.PP +How frequently in seconds should the recovery daemon perform the consistency checks to determine if it should perform a recovery\&. +.SS "RecoverTimeout" +.PP +Default: 120 +.PP +This is the default setting for timeouts for controls when sent from the recovery daemon\&. We allow longer control timeouts from the recovery daemon than from normal use since the recovery daemon often use controls that can take a lot longer than normal controls\&. +.SS "RecoveryBanPeriod" +.PP +Default: 300 +.PP +The duration in seconds for which a node is banned if the node fails during recovery\&. After this time has elapsed the node will automatically get unbanned and will attempt to rejoin the cluster\&. +.PP +A node usually gets banned due to real problems with the node\&. Don\*(Aqt set this value too small\&. Otherwise, a problematic node will try to re\-join cluster too soon causing unnecessary recoveries\&. +.SS "RecoveryDropAllIPs" +.PP +Default: 120 +.PP +If a node is stuck in recovery, or stopped, or banned, for this many seconds, then ctdb will release all public addresses on that node\&. +.SS "RecoveryGracePeriod" +.PP +Default: 120 +.PP +During recoveries, if a node has not caused recovery failures during the last grace period in seconds, any records of transgressions that the node has caused recovery failures will be forgiven\&. This resets the ban\-counter back to zero for that node\&. +.SS "RepackLimit" +.PP +Default: 10000 +.PP +During vacuuming, if the number of freelist records are more than +\fIRepackLimit\fR, then the database is repacked to get rid of the freelist records to avoid fragmentation\&. +.SS "RerecoveryTimeout" +.PP +Default: 10 +.PP +Once a recovery has completed, no additional recoveries are permitted until this timeout in seconds has expired\&. +.SS "SeqnumInterval" +.PP +Default: 1000 +.PP +Some databases have seqnum tracking enabled, so that samba will be able to detect asynchronously when there has been updates to the database\&. Every time a database is updated its sequence number is increased\&. +.PP +This tunable is used to specify in milliseconds how frequently ctdb will send out updates to remote nodes to inform them that the sequence number is increased\&. +.SS "StatHistoryInterval" +.PP +Default: 1 +.PP +Granularity of the statistics collected in the statistics history\&. This is reported by \*(Aqctdb stats\*(Aq command\&. +.SS "StickyDuration" +.PP +Default: 600 +.PP +Once a record has been marked STICKY, this is the duration in seconds, the record will be flagged as a STICKY record\&. +.SS "StickyPindown" +.PP +Default: 200 +.PP +Once a STICKY record has been migrated onto a node, it will be pinned down on that node for this number of milliseconds\&. Any request from other nodes to migrate the record off the node will be deferred\&. +.SS "TakeoverTimeout" +.PP +Default: 9 +.PP +This is the duration in seconds in which ctdb tries to complete IP failover\&. +.SS "TickleUpdateInterval" +.PP +Default: 20 +.PP +Every +\fITickleUpdateInterval\fR +seconds, ctdb synchronizes the client connection information across nodes\&. +.SS "TraverseTimeout" +.PP +Default: 20 +.PP +This is the duration in seconds for which a database traverse is allowed to run\&. If the traverse does not complete during this interval, ctdb will abort the traverse\&. +.SS "VacuumFastPathCount" +.PP +Default: 60 +.PP +During a vacuuming run, ctdb usually processes only the records marked for deletion also called the fast path vacuuming\&. After finishing +\fIVacuumFastPathCount\fR +number of fast path vacuuming runs, ctdb will trigger a scan of complete database for any empty records that need to be deleted\&. +.SS "VacuumInterval" +.PP +Default: 10 +.PP +Periodic interval in seconds when vacuuming is triggered for volatile databases\&. +.SS "VacuumMaxRunTime" +.PP +Default: 120 +.PP +The maximum time in seconds for which the vacuuming process is allowed to run\&. If vacuuming process takes longer than this value, then the vacuuming process is terminated\&. +.SS "VerboseMemoryNames" +.PP +Default: 0 +.PP +When set to non\-zero, ctdb assigns verbose names for some of the talloc allocated memory objects\&. These names are visible in the talloc memory report generated by \*(Aqctdb dumpmemory\*(Aq\&. +.SH "FILES>" +.RS 4 +/usr/local/etc/ctdb/ctdb\&.tunables +.RE +.SH "SEE ALSO" +.PP +\fBctdb\fR(1), +\fBctdbd\fR(1), +\fBctdb.conf\fR(5), +\fBctdb\fR(7), +\m[blue]\fB\%http://ctdb.samba.org/\fR\m[] +.SH "AUTHOR" +.br +.PP +This documentation was written by Ronnie Sahlberg, Amitay Isaacs, Martin Schwenke +.SH "COPYRIGHT" +.br +Copyright \(co 2007 Andrew Tridgell, Ronnie Sahlberg +.br +.PP +This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version\&. +.PP +This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE\&. See the GNU General Public License for more details\&. +.PP +You should have received a copy of the GNU General Public License along with this program; if not, see +\m[blue]\fB\%http://www.gnu.org/licenses\fR\m[]\&. +.sp diff --git a/net/samba419/files/man/ctdb.1 b/net/samba419/files/man/ctdb.1 new file mode 100644 index 000000000000..ad254aa4404e --- /dev/null +++ b/net/samba419/files/man/ctdb.1 @@ -0,0 +1,1526 @@ +'\" t +.\" Title: ctdb +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/> +.\" Date: 09/23/2020 +.\" Manual: CTDB - clustered TDB database +.\" Source: ctdb +.\" Language: English +.\" +.TH "CTDB" "1" "09/23/2020" "ctdb" "CTDB \- clustered TDB database" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +ctdb \- CTDB management utility +.SH "SYNOPSIS" +.HP \w'\fBctdb\fR\ 'u +\fBctdb\fR [\fIOPTION\fR...] {\fICOMMAND\fR} [\fICOMMAND\-ARGS\fR] +.SH "DESCRIPTION" +.PP +ctdb is a utility to view and manage a CTDB cluster\&. +.PP +The following terms are used when referring to nodes in a cluster: +.PP +PNN +.RS 4 +Physical Node Number\&. The physical node number is an integer that describes the node in the cluster\&. The first node has physical node number 0\&. in a cluster\&. +.RE +.PP +PNN\-LIST +.RS 4 +This is either a single PNN, a comma\-separate list of PNNs or "all"\&. +.RE +.PP +Commands that reference a database use the following terms: +.PP +DB +.RS 4 +This is either a database name, such as +locking\&.tdb +or a database ID such as "0x42fe72c5"\&. +.RE +.PP +DB\-LIST +.RS 4 +A space separated list of at least one +\fIDB\fR\&. +.RE +.SH "OPTIONS" +.PP +\-n \fIPNN\fR +.RS 4 +The node specified by PNN should be queried for the requested information\&. Default is to query the daemon running on the local host\&. +.RE +.PP +\-Y +.RS 4 +Produce output in machine readable form for easier parsing by scripts\&. This uses a field delimiter of \*(Aq:\*(Aq\&. Not all commands support this option\&. +.RE +.PP +\-x \fISEPARATOR\fR +.RS 4 +Use SEPARATOR to delimit fields in machine readable output\&. This implies \-Y\&. +.RE +.PP +\-X +.RS 4 +Produce output in machine readable form for easier parsing by scripts\&. This uses a field delimiter of \*(Aq|\*(Aq\&. Not all commands support this option\&. +.sp +This is equivalent to "\-x|" and avoids some shell quoting issues\&. +.RE +.PP +\-t \fITIMEOUT\fR +.RS 4 +Indicates that ctdb should wait up to TIMEOUT seconds for a response to most commands sent to the CTDB daemon\&. The default is 10 seconds\&. +.RE +.PP +\-T \fITIMELIMIT\fR +.RS 4 +Indicates that TIMELIMIT is the maximum run time (in seconds) for the ctdb command\&. When TIMELIMIT is exceeded the ctdb command will terminate with an error\&. The default is 120 seconds\&. +.RE +.PP +\-? \-\-help +.RS 4 +Print some help text to the screen\&. +.RE +.PP +\-\-usage +.RS 4 +Print usage information to the screen\&. +.RE +.PP +\-d \-\-debug=\fIDEBUGLEVEL\fR +.RS 4 +Change the debug level for the command\&. Default is NOTICE\&. +.RE +.SH "ADMINISTRATIVE COMMANDS" +.PP +These are commands used to monitor and administer a CTDB cluster\&. +.SS "pnn" +.PP +This command displays the PNN of the current node\&. +.SS "status" +.PP +This command shows the current status of all CTDB nodes based on information from the queried node\&. +.PP +Note: If the queried node is INACTIVE then the status might not be current\&. +.sp +.it 1 an-trap +.nr an-no-space-flag 1 +.nr an-break-flag 1 +.br +.ps +1 +\fBNode status\fR +.RS 4 +.PP +This includes the number of physical nodes and the status of each node\&. See +\fBctdb\fR(7) +for information about node states\&. +.RE +.sp +.it 1 an-trap +.nr an-no-space-flag 1 +.nr an-break-flag 1 +.br +.ps +1 +\fBGeneration\fR +.RS 4 +.PP +The generation id is a number that indicates the current generation of a cluster instance\&. Each time a cluster goes through a reconfiguration or a recovery its generation id will be changed\&. +.PP +This number does not have any particular meaning other than to keep track of when a cluster has gone through a recovery\&. It is a random number that represents the current instance of a ctdb cluster and its databases\&. The CTDB daemon uses this number internally to be able to tell when commands to operate on the cluster and the databases was issued in a different generation of the cluster, to ensure that commands that operate on the databases will not survive across a cluster database recovery\&. After a recovery, all old outstanding commands will automatically become invalid\&. +.PP +Sometimes this number will be shown as "INVALID"\&. This only means that the ctdbd daemon has started but it has not yet merged with the cluster through a recovery\&. All nodes start with generation "INVALID" and are not assigned a real generation id until they have successfully been merged with a cluster through a recovery\&. +.RE +.sp +.it 1 an-trap +.nr an-no-space-flag 1 +.nr an-break-flag 1 +.br +.ps +1 +\fBVirtual Node Number (VNN) map\fR +.RS 4 +.PP +Consists of the number of virtual nodes and mapping from virtual node numbers to physical node numbers\&. Only nodes that are participating in the VNN map can become lmaster for database records\&. +.RE +.sp +.it 1 an-trap +.nr an-no-space-flag 1 +.nr an-break-flag 1 +.br +.ps +1 +\fBRecovery mode\fR +.RS 4 +.PP +This is the current recovery mode of the cluster\&. There are two possible modes: +.PP +NORMAL \- The cluster is fully operational\&. +.PP +RECOVERY \- The cluster databases have all been frozen, pausing all services while the cluster awaits a recovery process to complete\&. A recovery process should finish within seconds\&. If a cluster is stuck in the RECOVERY state this would indicate a cluster malfunction which needs to be investigated\&. +.PP +Once the recovery master detects an inconsistency, for example a node becomes disconnected/connected, the recovery daemon will trigger a cluster recovery process, where all databases are remerged across the cluster\&. When this process starts, the recovery master will first "freeze" all databases to prevent applications such as samba from accessing the databases and it will also mark the recovery mode as RECOVERY\&. +.PP +When the CTDB daemon starts up, it will start in RECOVERY mode\&. Once the node has been merged into a cluster and all databases have been recovered, the node mode will change into NORMAL mode and the databases will be "thawed", allowing samba to access the databases again\&. +.RE +.sp +.it 1 an-trap +.nr an-no-space-flag 1 +.nr an-break-flag 1 +.br +.ps +1 +\fBRecovery master\fR +.RS 4 +.PP +This is the cluster node that is currently designated as the recovery master\&. This node is responsible of monitoring the consistency of the cluster and to perform the actual recovery process when reqired\&. +.PP +Only one node at a time can be the designated recovery master\&. Which node is designated the recovery master is decided by an election process in the recovery daemons running on each node\&. +.RE +.sp +.it 1 an-trap +.nr an-no-space-flag 1 +.nr an-break-flag 1 +.br +.ps +1 +\fBExample\fR +.RS 4 +.sp +.if n \{\ +.RS 4 +.\} +.nf +# ctdb status +Number of nodes:4 +pnn:0 192\&.168\&.2\&.200 OK (THIS NODE) +pnn:1 192\&.168\&.2\&.201 OK +pnn:2 192\&.168\&.2\&.202 OK +pnn:3 192\&.168\&.2\&.203 OK +Generation:1362079228 +Size:4 +hash:0 lmaster:0 +hash:1 lmaster:1 +hash:2 lmaster:2 +hash:3 lmaster:3 +Recovery mode:NORMAL (0) +Recovery master:0 + +.fi +.if n \{\ +.RE +.\} +.RE +.SS "nodestatus [\fIPNN\-LIST\fR]" +.PP +This command is similar to the +\fBstatus\fR +command\&. It displays the "node status" subset of output\&. The main differences are: +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +The exit code is the bitwise\-OR of the flags for each specified node, while +\fBctdb status\fR +exits with 0 if it was able to retrieve status for all nodes\&. +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fBctdb status\fR +provides status information for all nodes\&. +\fBctdb nodestatus\fR +defaults to providing status for only the current node\&. If PNN\-LIST is provided then status is given for the indicated node(s)\&. +.RE +.PP +A common invocation in scripts is +\fBctdb nodestatus all\fR +to check whether all nodes in a cluster are healthy\&. +.sp +.it 1 an-trap +.nr an-no-space-flag 1 +.nr an-break-flag 1 +.br +.ps +1 +\fBExample\fR +.RS 4 +.sp +.if n \{\ +.RS 4 +.\} +.nf +# ctdb nodestatus +pnn:0 10\&.0\&.0\&.30 OK (THIS NODE) + +# ctdb nodestatus all +Number of nodes:2 +pnn:0 10\&.0\&.0\&.30 OK (THIS NODE) +pnn:1 10\&.0\&.0\&.31 OK + +.fi +.if n \{\ +.RE +.\} +.RE +.SS "recmaster" +.PP +This command shows the pnn of the node which is currently the recmaster\&. +.PP +Note: If the queried node is INACTIVE then the status might not be current\&. +.SS "uptime" +.PP +This command shows the uptime for the ctdb daemon\&. When the last recovery or ip\-failover completed and how long it took\&. If the "duration" is shown as a negative number, this indicates that there is a recovery/failover in progress and it started that many seconds ago\&. +.sp +.it 1 an-trap +.nr an-no-space-flag 1 +.nr an-break-flag 1 +.br +.ps +1 +\fBExample\fR +.RS 4 +.sp +.if n \{\ +.RS 4 +.\} +.nf +# ctdb uptime +Current time of node : Thu Oct 29 10:38:54 2009 +Ctdbd start time : (000 16:54:28) Wed Oct 28 17:44:26 2009 +Time of last recovery/failover: (000 16:53:31) Wed Oct 28 17:45:23 2009 +Duration of last recovery/failover: 2\&.248552 seconds + +.fi +.if n \{\ +.RE +.\} +.RE +.SS "listnodes" +.PP +This command shows lists the ip addresses of all the nodes in the cluster\&. +.sp +.it 1 an-trap +.nr an-no-space-flag 1 +.nr an-break-flag 1 +.br +.ps +1 +\fBExample\fR +.RS 4 +.sp +.if n \{\ +.RS 4 +.\} +.nf +# ctdb listnodes +192\&.168\&.2\&.200 +192\&.168\&.2\&.201 +192\&.168\&.2\&.202 +192\&.168\&.2\&.203 + +.fi +.if n \{\ +.RE +.\} +.RE +.SS "natgw {master|list|status}" +.PP +This command shows different aspects of NAT gateway status\&. For an overview of CTDB\*(Aqs NAT gateway functionality please see the +NAT GATEWAY +section in +\fBctdb\fR(7)\&. +.PP +master +.RS 4 +Show the PNN and private IP address of the current NAT gateway master node\&. +.sp +Example output: +.sp +.if n \{\ +.RS 4 +.\} +.nf +1 192\&.168\&.2\&.201 + +.fi +.if n \{\ +.RE +.\} +.RE +.PP +list +.RS 4 +List the private IP addresses of nodes in the current NAT gateway group, annotating the master node\&. +.sp +Example output: +.sp +.if n \{\ +.RS 4 +.\} +.nf +192\&.168\&.2\&.200 +192\&.168\&.2\&.201 MASTER +192\&.168\&.2\&.202 +192\&.168\&.2\&.203 + +.fi +.if n \{\ +.RE +.\} +.RE +.PP +status +.RS 4 +List the nodes in the current NAT gateway group and their status\&. +.sp +Example output: +.sp +.if n \{\ +.RS 4 +.\} +.nf +pnn:0 192\&.168\&.2\&.200 UNHEALTHY (THIS NODE) +pnn:1 192\&.168\&.2\&.201 OK +pnn:2 192\&.168\&.2\&.202 OK +pnn:3 192\&.168\&.2\&.203 OK + +.fi +.if n \{\ +.RE +.\} +.RE +.SS "ping" +.PP +This command will "ping" specified CTDB nodes in the cluster to verify that they are running\&. +.sp +.it 1 an-trap +.nr an-no-space-flag 1 +.nr an-break-flag 1 +.br +.ps +1 +\fBExample\fR +.RS 4 +.sp +.if n \{\ +.RS 4 +.\} +.nf +# ctdb ping +response from 0 time=0\&.000054 sec (3 clients) + +.fi +.if n \{\ +.RE +.\} +.RE +.SS "ifaces" +.PP +This command will display the list of network interfaces, which could host public addresses, along with their status\&. +.sp +.it 1 an-trap +.nr an-no-space-flag 1 +.nr an-break-flag 1 +.br +.ps +1 +\fBExample\fR +.RS 4 +.sp +.if n \{\ +.RS 4 +.\} +.nf +# ctdb ifaces +Interfaces on node 0 +name:eth5 link:up references:2 +name:eth4 link:down references:0 +name:eth3 link:up references:1 +name:eth2 link:up references:1 + +# ctdb \-X ifaces +|Name|LinkStatus|References| +|eth5|1|2| +|eth4|0|0| +|eth3|1|1| +|eth2|1|1| + +.fi +.if n \{\ +.RE +.\} +.RE +.SS "ip" +.PP +This command will display the list of public addresses that are provided by the cluster and which physical node is currently serving this ip\&. By default this command will ONLY show those public addresses that are known to the node itself\&. To see the full list of all public ips across the cluster you must use "ctdb ip all"\&. +.sp +.it 1 an-trap +.nr an-no-space-flag 1 +.nr an-break-flag 1 +.br +.ps +1 +\fBExample\fR +.RS 4 +.sp +.if n \{\ +.RS 4 +.\} +.nf +# ctdb ip \-v +Public IPs on node 0 +172\&.31\&.91\&.82 node[1] active[] available[eth2,eth3] configured[eth2,eth3] +172\&.31\&.91\&.83 node[0] active[eth3] available[eth2,eth3] configured[eth2,eth3] +172\&.31\&.91\&.84 node[1] active[] available[eth2,eth3] configured[eth2,eth3] +172\&.31\&.91\&.85 node[0] active[eth2] available[eth2,eth3] configured[eth2,eth3] +172\&.31\&.92\&.82 node[1] active[] available[eth5] configured[eth4,eth5] +172\&.31\&.92\&.83 node[0] active[eth5] available[eth5] configured[eth4,eth5] +172\&.31\&.92\&.84 node[1] active[] available[eth5] configured[eth4,eth5] +172\&.31\&.92\&.85 node[0] active[eth5] available[eth5] configured[eth4,eth5] + +# ctdb \-X ip \-v +|Public IP|Node|ActiveInterface|AvailableInterfaces|ConfiguredInterfaces| +|172\&.31\&.91\&.82|1||eth2,eth3|eth2,eth3| +|172\&.31\&.91\&.83|0|eth3|eth2,eth3|eth2,eth3| +|172\&.31\&.91\&.84|1||eth2,eth3|eth2,eth3| +|172\&.31\&.91\&.85|0|eth2|eth2,eth3|eth2,eth3| +|172\&.31\&.92\&.82|1||eth5|eth4,eth5| +|172\&.31\&.92\&.83|0|eth5|eth5|eth4,eth5| +|172\&.31\&.92\&.84|1||eth5|eth4,eth5| +|172\&.31\&.92\&.85|0|eth5|eth5|eth4,eth5| + +.fi +.if n \{\ +.RE +.\} +.RE +.SS "ipinfo \fIIP\fR" +.PP +This command will display details about the specified public addresses\&. +.sp +.it 1 an-trap +.nr an-no-space-flag 1 +.nr an-break-flag 1 +.br +.ps +1 +\fBExample\fR +.RS 4 +.sp +.if n \{\ +.RS 4 +.\} +.nf +# ctdb ipinfo 172\&.31\&.92\&.85 +Public IP[172\&.31\&.92\&.85] info on node 0 +IP:172\&.31\&.92\&.85 +CurrentNode:0 +NumInterfaces:2 +Interface[1]: Name:eth4 Link:down References:0 +Interface[2]: Name:eth5 Link:up References:2 (active) + +.fi +.if n \{\ +.RE +.\} +.RE +.SS "event run|status|script list|script enable|script disable" +.PP +This command is used to control event daemon and to inspect status of various events\&. +.PP +The commands below require a component to be specified\&. In the current version the only valid component is +legacy\&. +.PP +run \fITIMEOUT\fR \fICOMPONENT\fR \fIEVENT\fR [\fIARGUMENTS\fR] +.RS 4 +This command can be used to manually run specified EVENT in COMPONENT with optional ARGUMENTS\&. The event will be allowed to run a maximum of TIMEOUT seconds\&. If TIMEOUT is 0, then there is no time limit for running the event\&. +.RE +.PP +status \fICOMPONENT\fR \fIEVENT\fR +.RS 4 +This command displays the last execution status of the specified EVENT in COMPONENT\&. +.sp +The command will terminate with the exit status corresponding to the overall status of event that is displayed\&. +.sp +The output is the list of event scripts executed\&. Each line shows the name, status, duration and start time for each script\&. +.sp +Example output: +.sp +.if n \{\ +.RS 4 +.\} +.nf +00\&.ctdb OK 0\&.014 Sat Dec 17 19:39:11 2016 +01\&.reclock OK 0\&.013 Sat Dec 17 19:39:11 2016 +05\&.system OK 0\&.029 Sat Dec 17 19:39:11 2016 +06\&.nfs OK 0\&.014 Sat Dec 17 19:39:11 2016 +10\&.interface OK 0\&.037 Sat Dec 17 19:39:11 2016 +11\&.natgw OK 0\&.011 Sat Dec 17 19:39:11 2016 +11\&.routing OK 0\&.007 Sat Dec 17 19:39:11 2016 +13\&.per_ip_routing OK 0\&.007 Sat Dec 17 19:39:11 2016 +20\&.multipathd OK 0\&.007 Sat Dec 17 19:39:11 2016 +31\&.clamd OK 0\&.007 Sat Dec 17 19:39:11 2016 +40\&.vsftpd OK 0\&.013 Sat Dec 17 19:39:11 2016 +41\&.httpd OK 0\&.018 Sat Dec 17 19:39:11 2016 +49\&.winbind OK 0\&.023 Sat Dec 17 19:39:11 2016 +50\&.samba OK 0\&.100 Sat Dec 17 19:39:12 2016 +60\&.nfs OK 0\&.376 Sat Dec 17 19:39:12 2016 +70\&.iscsi OK 0\&.009 Sat Dec 17 19:39:12 2016 +91\&.lvs OK 0\&.007 Sat Dec 17 19:39:12 2016 + +.fi +.if n \{\ +.RE +.\} +.RE +.PP +script list \fICOMPONENT\fR +.RS 4 +List the available event scripts in COMPONENT\&. Enabled scripts are flagged with a \*(Aq*\*(Aq\&. +.sp +Generally, event scripts are provided by CTDB\&. However, local or 3rd party event scripts may also be available\&. These are shown in a separate section after those provided by CTDB\&. +.sp +Example output: +.sp +.if n \{\ +.RS 4 +.\} +.nf +* 00\&.ctdb +* 01\&.reclock +* 05\&.system +* 06\&.nfs +* 10\&.interface + 11\&.natgw + 11\&.routing + 13\&.per_ip_routing + 20\&.multipathd + 31\&.clamd + 40\&.vsftpd + 41\&.httpd +* 49\&.winbind +* 50\&.samba +* 60\&.nfs + 70\&.iscsi + 91\&.lvs + +* 02\&.local + +.fi +.if n \{\ +.RE +.\} +.RE +.PP +script enable \fICOMPONENT\fR \fISCRIPT\fR +.RS 4 +Enable the specified event SCRIPT in COMPONENT\&. Only enabled scripts will be executed when running any event\&. +.RE +.PP +script disable \fICOMPONENT\fR \fISCRIPT\fR +.RS 4 +Disable the specified event SCRIPT in COMPONENT\&. This will prevent the script from executing when running any event\&. +.RE +.SS "scriptstatus" +.PP +This command displays which event scripts where run in the previous monitoring cycle and the result of each script\&. If a script failed with an error, causing the node to become unhealthy, the output from that script is also shown\&. +.PP +This command is deprecated\&. It\*(Aqs provided for backward compatibility\&. In place of +\fBctdb scriptstatus\fR, use +\fBctdb event status\fR\&. +.sp +.it 1 an-trap +.nr an-no-space-flag 1 +.nr an-break-flag 1 +.br +.ps +1 +\fBExample\fR +.RS 4 +.sp +.if n \{\ +.RS 4 +.\} +.nf +# ctdb scriptstatus +00\&.ctdb OK 0\&.011 Sat Dec 17 19:40:46 2016 +01\&.reclock OK 0\&.010 Sat Dec 17 19:40:46 2016 +05\&.system OK 0\&.030 Sat Dec 17 19:40:46 2016 +06\&.nfs OK 0\&.014 Sat Dec 17 19:40:46 2016 +10\&.interface OK 0\&.041 Sat Dec 17 19:40:46 2016 +11\&.natgw OK 0\&.008 Sat Dec 17 19:40:46 2016 +11\&.routing OK 0\&.007 Sat Dec 17 19:40:46 2016 +13\&.per_ip_routing OK 0\&.007 Sat Dec 17 19:40:46 2016 +20\&.multipathd OK 0\&.007 Sat Dec 17 19:40:46 2016 +31\&.clamd OK 0\&.007 Sat Dec 17 19:40:46 2016 +40\&.vsftpd OK 0\&.013 Sat Dec 17 19:40:46 2016 +41\&.httpd OK 0\&.015 Sat Dec 17 19:40:46 2016 +49\&.winbind OK 0\&.022 Sat Dec 17 19:40:46 2016 +50\&.samba ERROR 0\&.077 Sat Dec 17 19:40:46 2016 + OUTPUT: ERROR: samba tcp port 445 is not responding + +.fi +.if n \{\ +.RE +.\} +.RE +.SS "listvars" +.PP +List all tuneable variables, except the values of the obsolete tunables like VacuumMinInterval\&. The obsolete tunables can be retrieved only explicitly with the "ctdb getvar" command\&. +.sp +.it 1 an-trap +.nr an-no-space-flag 1 +.nr an-break-flag 1 +.br +.ps +1 +\fBExample\fR +.RS 4 +.sp +.if n \{\ +.RS 4 +.\} +.nf +# ctdb listvars +SeqnumInterval = 1000 +ControlTimeout = 60 +TraverseTimeout = 20 +KeepaliveInterval = 5 +KeepaliveLimit = 5 +RecoverTimeout = 120 +RecoverInterval = 1 +ElectionTimeout = 3 +TakeoverTimeout = 9 +MonitorInterval = 15 +TickleUpdateInterval = 20 +EventScriptTimeout = 30 +MonitorTimeoutCount = 20 +RecoveryGracePeriod = 120 +RecoveryBanPeriod = 300 +DatabaseHashSize = 100001 +DatabaseMaxDead = 5 +RerecoveryTimeout = 10 +EnableBans = 1 +NoIPFailback = 0 +VerboseMemoryNames = 0 +RecdPingTimeout = 60 +RecdFailCount = 10 +LogLatencyMs = 0 +RecLockLatencyMs = 1000 +RecoveryDropAllIPs = 120 +VacuumInterval = 10 +VacuumMaxRunTime = 120 +RepackLimit = 10000 +VacuumFastPathCount = 60 +MaxQueueDropMsg = 1000000 +AllowUnhealthyDBRead = 0 +StatHistoryInterval = 1 +DeferredAttachTO = 120 +AllowClientDBAttach = 1 +RecoverPDBBySeqNum = 1 +DeferredRebalanceOnNodeAdd = 300 +FetchCollapse = 1 +HopcountMakeSticky = 50 +StickyDuration = 600 +StickyPindown = 200 +NoIPTakeover = 0 +DBRecordCountWarn = 100000 +DBRecordSizeWarn = 10000000 +DBSizeWarn = 100000000 +PullDBPreallocation = 10485760 +LockProcessesPerDB = 200 +RecBufferSizeLimit = 1000000 +QueueBufferSize = 1024 +IPAllocAlgorithm = 2 + +.fi +.if n \{\ +.RE +.\} +.RE +.SS "getvar \fINAME\fR" +.PP +Get the runtime value of a tuneable variable\&. +.sp +.it 1 an-trap +.nr an-no-space-flag 1 +.nr an-break-flag 1 +.br +.ps +1 +\fBExample\fR +.RS 4 +.sp +.if n \{\ +.RS 4 +.\} +.nf +# ctdb getvar MonitorInterval +MonitorInterval = 15 + +.fi +.if n \{\ +.RE +.\} +.RE +.SS "setvar \fINAME\fR \fIVALUE\fR" +.PP +Set the runtime value of a tuneable variable\&. +.sp +.it 1 an-trap +.nr an-no-space-flag 1 +.nr an-break-flag 1 +.br +.ps +1 +\fBExample\fR +.RS 4 +.sp +.if n \{\ +.RS 4 +.\} +.nf +# ctdb setvar MonitorInterval 20 + +.fi +.if n \{\ +.RE +.\} +.RE +.SS "lvs {master|list|status}" +.PP +This command shows different aspects of LVS status\&. For an overview of CTDB\*(Aqs LVS functionality please see the +LVS +section in +\fBctdb\fR(7)\&. +.PP +master +.RS 4 +Shows the PNN of the current LVS master node\&. +.sp +Example output: +.sp +.if n \{\ +.RS 4 +.\} +.nf +2 + +.fi +.if n \{\ +.RE +.\} +.RE +.PP +list +.RS 4 +Lists the currently usable LVS nodes\&. +.sp +Example output: +.sp +.if n \{\ +.RS 4 +.\} +.nf +2 10\&.0\&.0\&.13 +3 10\&.0\&.0\&.14 + +.fi +.if n \{\ +.RE +.\} +.RE +.PP +status +.RS 4 +List the nodes in the current LVS group and their status\&. +.sp +Example output: +.sp +.if n \{\ +.RS 4 +.\} +.nf +pnn:0 10\&.0\&.0\&.11 UNHEALTHY (THIS NODE) +pnn:1 10\&.0\&.0\&.12 UNHEALTHY +pnn:2 10\&.0\&.0\&.13 OK +pnn:3 10\&.0\&.0\&.14 OK + +.fi +.if n \{\ +.RE +.\} +.RE +.SS "getcapabilities" +.PP +This command shows the capabilities of the current node\&. See the +CAPABILITIES +section in +\fBctdb\fR(7) +for more details\&. +.PP +Example output: +.sp +.if n \{\ +.RS 4 +.\} +.nf +RECMASTER: YES +LMASTER: YES + +.fi +.if n \{\ +.RE +.\} +.SS "statistics" +.PP +Collect statistics from the CTDB daemon about how many calls it has served\&. Information about various fields in statistics can be found in +\fBctdb-statistics\fR(7)\&. +.sp +.it 1 an-trap +.nr an-no-space-flag 1 +.nr an-break-flag 1 +.br +.ps +1 +\fBExample\fR +.RS 4 +.sp +.if n \{\ +.RS 4 +.\} +.nf +# ctdb statistics +CTDB version 1 +Current time of statistics : Tue Mar 8 15:18:51 2016 +Statistics collected since : (003 21:31:32) Fri Mar 4 17:47:19 2016 + num_clients 9 + frozen 0 + recovering 0 + num_recoveries 2 + client_packets_sent 8170534 + client_packets_recv 7166132 + node_packets_sent 16549998 + node_packets_recv 5244418 + keepalive_packets_sent 201969 + keepalive_packets_recv 201969 + node + req_call 26 + reply_call 0 + req_dmaster 9 + reply_dmaster 12 + reply_error 0 + req_message 1339231 + req_control 8177506 + reply_control 6831284 + client + req_call 15 + req_message 334809 + req_control 6831308 + timeouts + call 0 + control 0 + traverse 0 + locks + num_calls 8 + num_current 0 + num_pending 0 + num_failed 0 + total_calls 15 + pending_calls 0 + childwrite_calls 0 + pending_childwrite_calls 0 + memory_used 394879 + max_hop_count 1 + total_ro_delegations 0 + total_ro_revokes 0 + hop_count_buckets: 8 5 0 0 0 0 0 0 0 0 0 0 0 0 0 0 + lock_buckets: 0 0 8 0 0 0 0 0 0 0 0 0 0 0 0 0 + locks_latency MIN/AVG/MAX 0\&.010005/0\&.010418/0\&.011010 sec out of 8 + reclock_ctdbd MIN/AVG/MAX 0\&.002538/0\&.002538/0\&.002538 sec out of 1 + reclock_recd MIN/AVG/MAX 0\&.000000/0\&.000000/0\&.000000 sec out of 0 + call_latency MIN/AVG/MAX 0\&.000044/0\&.002142/0\&.011702 sec out of 15 + childwrite_latency MIN/AVG/MAX 0\&.000000/0\&.000000/0\&.000000 sec out of 0 + +.fi +.if n \{\ +.RE +.\} +.RE +.SS "statisticsreset" +.PP +This command is used to clear all statistics counters in a node\&. +.PP +Example: ctdb statisticsreset +.SS "dbstatistics \fIDB\fR" +.PP +Display statistics about the database DB\&. Information about various fields in dbstatistics can be found in +\fBctdb-statistics\fR(7)\&. +.sp +.it 1 an-trap +.nr an-no-space-flag 1 +.nr an-break-flag 1 +.br +.ps +1 +\fBExample\fR +.RS 4 +.sp +.if n \{\ +.RS 4 +.\} +.nf +# ctdb dbstatistics locking\&.tdb +DB Statistics: locking\&.tdb + ro_delegations 0 + ro_revokes 0 + locks + total 14356 + failed 0 + current 0 + pending 0 + hop_count_buckets: 28087 2 1 0 0 0 0 0 0 0 0 0 0 0 0 0 + lock_buckets: 0 14188 38 76 32 19 3 0 0 0 0 0 0 0 0 0 + locks_latency MIN/AVG/MAX 0\&.001066/0\&.012686/4\&.202292 sec out of 14356 + vacuum_latency MIN/AVG/MAX 0\&.000472/0\&.002207/15\&.243570 sec out of 224530 + Num Hot Keys: 1 + Count:8 Key:ff5bd7cb3ee3822edc1f0000000000000000000000000000 + +.fi +.if n \{\ +.RE +.\} +.RE +.SS "getreclock" +.PP +Show details of the recovery lock, if any\&. +.PP +Example output: +.sp +.if n \{\ +.RS 4 +.\} +.nf + /clusterfs/\&.ctdb/recovery\&.lock + +.fi +.if n \{\ +.RE +.\} +.SS "getdebug" +.PP +Get the current debug level for the node\&. the debug level controls what information is written to the log file\&. +.PP +The debug levels are mapped to the corresponding syslog levels\&. When a debug level is set, only those messages at that level and higher levels will be printed\&. +.PP +The list of debug levels from highest to lowest are : +.PP +ERROR WARNING NOTICE INFO DEBUG +.SS "setdebug \fIDEBUGLEVEL\fR" +.PP +Set the debug level of a node\&. This controls what information will be logged\&. +.PP +The debuglevel is one of ERROR WARNING NOTICE INFO DEBUG +.SS "getpid" +.PP +This command will return the process id of the ctdb daemon\&. +.SS "disable" +.PP +This command is used to administratively disable a node in the cluster\&. A disabled node will still participate in the cluster and host clustered TDB records but its public ip address has been taken over by a different node and it no longer hosts any services\&. +.SS "enable" +.PP +Re\-enable a node that has been administratively disabled\&. +.SS "stop" +.PP +This command is used to administratively STOP a node in the cluster\&. A STOPPED node is connected to the cluster but will not host any public ip addresse, nor does it participate in the VNNMAP\&. The difference between a DISABLED node and a STOPPED node is that a STOPPED node does not host any parts of the database which means that a recovery is required to stop/continue nodes\&. +.SS "continue" +.PP +Re\-start a node that has been administratively stopped\&. +.SS "addip \fIIPADDR\fR/\fImask\fR \fIIFACE\fR" +.PP +This command is used to add a new public ip to a node during runtime\&. It should be followed by a +\fBctdb ipreallocate\fR\&. This allows public addresses to be added to a cluster without having to restart the ctdb daemons\&. +.PP +Note that this only updates the runtime instance of ctdb\&. Any changes will be lost next time ctdb is restarted and the public addresses file is re\-read\&. If you want this change to be permanent you must also update the public addresses file manually\&. +.SS "delip \fIIPADDR\fR" +.PP +This command flags IPADDR for deletion from a node at runtime\&. It should be followed by a +\fBctdb ipreallocate\fR\&. If IPADDR is currently hosted by the node it is being removed from, this ensures that the IP will first be failed over to another node, if possible, and that it is then actually removed\&. +.PP +Note that this only updates the runtime instance of CTDB\&. Any changes will be lost next time CTDB is restarted and the public addresses file is re\-read\&. If you want this change to be permanent you must also update the public addresses file manually\&. +.SS "moveip \fIIPADDR\fR \fIPNN\fR" +.PP +This command can be used to manually fail a public ip address to a specific node\&. +.PP +In order to manually override the "automatic" distribution of public ip addresses that ctdb normally provides, this command only works when you have changed the tunables for the daemon to: +.PP +IPAllocAlgorithm != 0 +.PP +NoIPFailback = 1 +.SS "shutdown" +.PP +This command will shutdown a specific CTDB daemon\&. +.SS "setlmasterrole on|off" +.PP +This command is used to enable/disable the LMASTER capability for a node at runtime\&. This capability determines whether or not a node can be used as an LMASTER for records in the database\&. A node that does not have the LMASTER capability will not show up in the vnnmap\&. +.PP +Nodes will by default have this capability, but it can be stripped off nodes by the setting in the sysconfig file or by using this command\&. +.PP +Once this setting has been enabled/disabled, you need to perform a recovery for it to take effect\&. +.PP +See also "ctdb getcapabilities" +.SS "setrecmasterrole on|off" +.PP +This command is used to enable/disable the RECMASTER capability for a node at runtime\&. This capability determines whether or not a node can be used as an RECMASTER for the cluster\&. A node that does not have the RECMASTER capability can not win a recmaster election\&. A node that already is the recmaster for the cluster when the capability is stripped off the node will remain the recmaster until the next cluster election\&. +.PP +Nodes will by default have this capability, but it can be stripped off nodes by the setting in the sysconfig file or by using this command\&. +.PP +See also "ctdb getcapabilities" +.SS "reloadnodes" +.PP +This command is used when adding new nodes, or removing existing nodes from an existing cluster\&. +.PP +Procedure to add nodes: +.sp +.RS 4 +.ie n \{\ +\h'-04' 1.\h'+01'\c +.\} +.el \{\ +.sp -1 +.IP " 1." 4.2 +.\} +To expand an existing cluster, first ensure with +\fBctdb status\fR +that all nodes are up and running and that they are all healthy\&. Do not try to expand a cluster unless it is completely healthy! +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04' 2.\h'+01'\c +.\} +.el \{\ +.sp -1 +.IP " 2." 4.2 +.\} +On all nodes, edit +/usr/local/etc/ctdb/nodes +and +\fIadd the new nodes at the end of this file\fR\&. +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04' 3.\h'+01'\c +.\} +.el \{\ +.sp -1 +.IP " 3." 4.2 +.\} +Verify that all the nodes have identical +/usr/local/etc/ctdb/nodes +files after adding the new nodes\&. +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04' 4.\h'+01'\c +.\} +.el \{\ +.sp -1 +.IP " 4." 4.2 +.\} +Run +\fBctdb reloadnodes\fR +to force all nodes to reload the nodes file\&. +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04' 5.\h'+01'\c +.\} +.el \{\ +.sp -1 +.IP " 5." 4.2 +.\} +Use +\fBctdb status\fR +on all nodes and verify that they now show the additional nodes\&. +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04' 6.\h'+01'\c +.\} +.el \{\ +.sp -1 +.IP " 6." 4.2 +.\} +Install and configure the new node and bring it online\&. +.RE +.PP +Procedure to remove nodes: +.sp +.RS 4 +.ie n \{\ +\h'-04' 1.\h'+01'\c +.\} +.el \{\ +.sp -1 +.IP " 1." 4.2 +.\} +To remove nodes from an existing cluster, first ensure with +\fBctdb status\fR +that all nodes, except the node to be deleted, are up and running and that they are all healthy\&. Do not try to remove nodes from a cluster unless the cluster is completely healthy! +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04' 2.\h'+01'\c +.\} +.el \{\ +.sp -1 +.IP " 2." 4.2 +.\} +Shutdown and power off the node to be removed\&. +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04' 3.\h'+01'\c +.\} +.el \{\ +.sp -1 +.IP " 3." 4.2 +.\} +On all other nodes, edit the +/usr/local/etc/ctdb/nodes +file and +\fIcomment out\fR +the nodes to be removed\&. +\fIDo not delete the lines for the deleted nodes\fR, just comment them out by adding a \*(Aq#\*(Aq at the beginning of the lines\&. +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04' 4.\h'+01'\c +.\} +.el \{\ +.sp -1 +.IP " 4." 4.2 +.\} +Run +\fBctdb reloadnodes\fR +to force all nodes to reload the nodes file\&. +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04' 5.\h'+01'\c +.\} +.el \{\ +.sp -1 +.IP " 5." 4.2 +.\} +Use +\fBctdb status\fR +on all nodes and verify that the deleted nodes are no longer listed\&. +.RE +.SS "reloadips [\fIPNN\-LIST\fR]" +.PP +This command reloads the public addresses configuration file on the specified nodes\&. When it completes addresses will be reconfigured and reassigned across the cluster as necessary\&. +.PP +This command is currently unable to make changes to the netmask or interfaces associated with existing addresses\&. Such changes must be made in 2 steps by deleting addresses in question and re\-adding then\&. Unfortunately this will disrupt connections to the changed addresses\&. +.SS "getdbmap" +.PP +This command lists all clustered TDB databases that the CTDB daemon has attached to\&. Some databases are flagged as PERSISTENT, this means that the database stores data persistently and the data will remain across reboots\&. One example of such a database is secrets\&.tdb where information about how the cluster was joined to the domain is stored\&. Some database are flagged as REPLICATED, this means that the data in that database is replicated across all the nodes\&. But the data will not remain across reboots\&. This type of database is used by CTDB to store it\*(Aqs internal state\&. +.PP +If a PERSISTENT database is not in a healthy state the database is flagged as UNHEALTHY\&. If there\*(Aqs at least one completely healthy node running in the cluster, it\*(Aqs possible that the content is restored by a recovery run automatically\&. Otherwise an administrator needs to analyze the problem\&. +.PP +See also "ctdb getdbstatus", "ctdb backupdb", "ctdb restoredb", "ctdb dumpbackup", "ctdb wipedb", "ctdb setvar AllowUnhealthyDBRead 1" and (if samba or tdb\-utils are installed) "tdbtool check"\&. +.PP +Most databases are not persistent and only store the state information that the currently running samba daemons need\&. These databases are always wiped when ctdb/samba starts and when a node is rebooted\&. +.sp +.it 1 an-trap +.nr an-no-space-flag 1 +.nr an-break-flag 1 +.br +.ps +1 +\fBExample\fR +.RS 4 +.sp +.if n \{\ +.RS 4 +.\} +.nf +# ctdb getdbmap +Number of databases:10 +dbid:0x435d3410 name:notify\&.tdb path:/var/lib/ctdb/notify\&.tdb\&.0 +dbid:0x42fe72c5 name:locking\&.tdb path:/var/lib/ctdb/locking\&.tdb\&.0 +dbid:0x1421fb78 name:brlock\&.tdb path:/var/lib/ctdb/brlock\&.tdb\&.0 +dbid:0x17055d90 name:connections\&.tdb path:/var/lib/ctdb/connections\&.tdb\&.0 +dbid:0xc0bdde6a name:sessionid\&.tdb path:/var/lib/ctdb/sessionid\&.tdb\&.0 +dbid:0x122224da name:test\&.tdb path:/var/lib/ctdb/test\&.tdb\&.0 +dbid:0x2672a57f name:idmap2\&.tdb path:/var/lib/ctdb/persistent/idmap2\&.tdb\&.0 PERSISTENT +dbid:0xb775fff6 name:secrets\&.tdb path:/var/lib/ctdb/persistent/secrets\&.tdb\&.0 PERSISTENT +dbid:0xe98e08b6 name:group_mapping\&.tdb path:/var/lib/ctdb/persistent/group_mapping\&.tdb\&.0 PERSISTENT +dbid:0x7bbbd26c name:passdb\&.tdb path:/var/lib/ctdb/persistent/passdb\&.tdb\&.0 PERSISTENT + +# ctdb getdbmap # example for unhealthy database +Number of databases:1 +dbid:0xb775fff6 name:secrets\&.tdb path:/var/lib/ctdb/persistent/secrets\&.tdb\&.0 PERSISTENT UNHEALTHY + +# ctdb \-X getdbmap +|ID|Name|Path|Persistent|Unhealthy| +|0x7bbbd26c|passdb\&.tdb|/var/lib/ctdb/persistent/passdb\&.tdb\&.0|1|0| + +.fi +.if n \{\ +.RE +.\} +.RE +.SS "backupdb \fIDB\fR \fIFILE\fR" +.PP +Copy the contents of database DB to FILE\&. FILE can later be read back using +\fBrestoredb\fR\&. This is mainly useful for backing up persistent databases such as +secrets\&.tdb +and similar\&. +.SS "restoredb \fIFILE\fR [\fIDB\fR]" +.PP +This command restores a persistent database that was previously backed up using backupdb\&. By default the data will be restored back into the same database as it was created from\&. By specifying dbname you can restore the data into a different database\&. +.SS "setdbreadonly \fIDB\fR" +.PP +This command will enable the read\-only record support for a database\&. This is an experimental feature to improve performance for contended records primarily in locking\&.tdb and brlock\&.tdb\&. When enabling this feature you must set it on all nodes in the cluster\&. +.SS "setdbsticky \fIDB\fR" +.PP +This command will enable the sticky record support for the specified database\&. This is an experimental feature to improve performance for contended records primarily in locking\&.tdb and brlock\&.tdb\&. When enabling this feature you must set it on all nodes in the cluster\&. +.SH "INTERNAL COMMANDS" +.PP +Internal commands are used by CTDB\*(Aqs scripts and are not required for managing a CTDB cluster\&. Their parameters and behaviour are subject to change\&. +.SS "gettickles \fIIPADDR\fR" +.PP +Show TCP connections that are registered with CTDB to be "tickled" if there is a failover\&. +.SS "gratarp \fIIPADDR\fR \fIINTERFACE\fR" +.PP +Send out a gratuitous ARP for the specified interface through the specified interface\&. This command is mainly used by the ctdb eventscripts\&. +.SS "pdelete \fIDB\fR \fIKEY\fR" +.PP +Delete KEY from DB\&. +.SS "pfetch \fIDB\fR \fIKEY\fR" +.PP +Print the value associated with KEY in DB\&. +.SS "pstore \fIDB\fR \fIKEY\fR \fIFILE\fR" +.PP +Store KEY in DB with contents of FILE as the associated value\&. +.SS "ptrans \fIDB\fR [\fIFILE\fR]" +.PP +Read a list of key\-value pairs, one per line from FILE, and store them in DB using a single transaction\&. An empty value is equivalent to deleting the given key\&. +.PP +The key and value should be separated by spaces or tabs\&. Each key/value should be a printable string enclosed in double\-quotes\&. +.SS "runstate [setup|first_recovery|startup|running]" +.PP +Print the runstate of the specified node\&. Runstates are used to serialise important state transitions in CTDB, particularly during startup\&. +.PP +If one or more optional runstate arguments are specified then the node must be in one of these runstates for the command to succeed\&. +.sp +.it 1 an-trap +.nr an-no-space-flag 1 +.nr an-break-flag 1 +.br +.ps +1 +\fBExample\fR +.RS 4 +.sp +.if n \{\ +.RS 4 +.\} +.nf +# ctdb runstate +RUNNING + +.fi +.if n \{\ +.RE +.\} +.RE +.SS "setifacelink \fIIFACE\fR up|down" +.PP +Set the internal state of network interface IFACE\&. This is typically used in the +10\&.interface +script in the "monitor" event\&. +.PP +Example: ctdb setifacelink eth0 up +.SS "tickle" +.PP +Read a list of TCP connections, one per line, from standard input and send a TCP tickle to the source host for each connection\&. A connection is specified as: +.sp +.if n \{\ +.RS 4 +.\} +.nf + \fISRC\-IPADDR\fR:\fISRC\-PORT\fR \fIDST\-IPADDR\fR:\fIDST\-PORT\fR + +.fi +.if n \{\ +.RE +.\} +.PP +A single connection can be specified on the command\-line rather than on standard input\&. +.PP +A TCP tickle is a TCP ACK packet with an invalid sequence and acknowledge number and will when received by the source host result in it sending an immediate correct ACK back to the other end\&. +.PP +TCP tickles are useful to "tickle" clients after a IP failover has occurred since this will make the client immediately recognize the TCP connection has been disrupted and that the client will need to reestablish\&. This greatly speeds up the time it takes for a client to detect and reestablish after an IP failover in the ctdb cluster\&. +.SS "version" +.PP +Display the CTDB version\&. +.SH "DEBUGGING COMMANDS" +.PP +These commands are primarily used for CTDB development and testing and should not be used for normal administration\&. +.SS "OPTIONS" +.PP +\-\-print\-emptyrecords +.RS 4 +This enables printing of empty records when dumping databases with the catdb, cattbd and dumpdbbackup commands\&. Records with empty data segment are considered deleted by ctdb and cleaned by the vacuuming mechanism, so this switch can come in handy for debugging the vacuuming behaviour\&. +.RE +.PP +\-\-print\-datasize +.RS 4 +This lets database dumps (catdb, cattdb, dumpdbbackup) print the size of the record data instead of dumping the data contents\&. +.RE +.PP +\-\-print\-lmaster +.RS 4 +This lets catdb print the lmaster for each record\&. +.RE +.PP +\-\-print\-hash +.RS 4 +This lets database dumps (catdb, cattdb, dumpdbbackup) print the hash for each record\&. +.RE +.PP +\-\-print\-recordflags +.RS 4 +This lets catdb and dumpdbbackup print the record flags for each record\&. Note that cattdb always prints the flags\&. +.RE +.SS "process\-exists \fIPID\fR \fI[SRVID]\fR" +.PP +This command checks if a specific process exists on the CTDB host\&. This is mainly used by Samba to check if remote instances of samba are still running or not\&. When the optional SRVID argument is specified, the command check if a specific process exists on the CTDB host and has registered for specified SRVID\&. +.SS "getdbstatus \fIDB\fR" +.PP +This command displays more details about a database\&. +.sp +.it 1 an-trap +.nr an-no-space-flag 1 +.nr an-break-flag 1 +.br +.ps +1 +\fBExample\fR +.RS 4 +.sp +.if n \{\ +.RS 4 +.\} +.nf +# ctdb getdbstatus test\&.tdb\&.0 +dbid: 0x122224da +name: test\&.tdb +path: /var/lib/ctdb/test\&.tdb\&.0 +PERSISTENT: no +HEALTH: OK + +# ctdb getdbstatus registry\&.tdb # with a corrupted TDB +dbid: 0xf2a58948 +name: registry\&.tdb +path: /var/lib/ctdb/persistent/registry\&.tdb\&.0 +PERSISTENT: yes +HEALTH: NO\-HEALTHY\-NODES \- ERROR \- Backup of corrupted TDB in \*(Aq/var/lib/ctdb/persistent/registry\&.tdb\&.0\&.corrupted\&.20091208091949\&.0Z\*(Aq + +.fi +.if n \{\ +.RE +.\} +.RE +.SS "catdb \fIDB\fR" +.PP +Print a dump of the clustered TDB database DB\&. +.SS "cattdb \fIDB\fR" +.PP +Print a dump of the contents of the local TDB database DB\&. +.SS "dumpdbbackup \fIFILE\fR" +.PP +Print a dump of the contents from database backup FILE, similar to +\fBcatdb\fR\&. +.SS "wipedb \fIDB\fR" +.PP +Remove all contents of database DB\&. +.SS "recover" +.PP +This command will trigger the recovery daemon to do a cluster recovery\&. +.SS "ipreallocate, sync" +.PP +This command will force the recovery master to perform a full ip reallocation process and redistribute all ip addresses\&. This is useful to "reset" the allocations back to its default state if they have been changed using the "moveip" command\&. While a "recover" will also perform this reallocation, a recovery is much more hevyweight since it will also rebuild all the databases\&. +.SS "attach \fIDBNAME\fR [persistent|replicated]" +.PP +Create a new CTDB database called DBNAME and attach to it on all nodes\&. +.SS "detach \fIDB\-LIST\fR" +.PP +Detach specified non\-persistent database(s) from the cluster\&. This command will disconnect specified database(s) on all nodes in the cluster\&. This command should only be used when none of the specified database(s) are in use\&. +.PP +All nodes should be active and tunable AllowClientDBAccess should be disabled on all nodes before detaching databases\&. +.SS "dumpmemory" +.PP +This is a debugging command\&. This command will make the ctdb daemon to write a fill memory allocation map to standard output\&. +.SS "rddumpmemory" +.PP +This is a debugging command\&. This command will dump the talloc memory allocation tree for the recovery daemon to standard output\&. +.SS "ban \fIBANTIME\fR" +.PP +Administratively ban a node for BANTIME seconds\&. The node will be unbanned after BANTIME seconds have elapsed\&. +.PP +A banned node does not participate in the cluster\&. It does not host any records for the clustered TDB and does not host any public IP addresses\&. +.PP +Nodes are automatically banned if they misbehave\&. For example, a node may be banned if it causes too many cluster recoveries\&. +.PP +To administratively exclude a node from a cluster use the +\fBstop\fR +command\&. +.SS "unban" +.PP +This command is used to unban a node that has either been administratively banned using the ban command or has been automatically banned\&. +.SH "SEE ALSO" +.PP +\fBctdbd\fR(1), +\fBonnode\fR(1), +\fBctdb\fR(7), +\fBctdb-statistics\fR(7), +\fBctdb-tunables\fR(7), +\m[blue]\fB\%http://ctdb.samba.org/\fR\m[] +.SH "AUTHOR" +.br +.PP +This documentation was written by Ronnie Sahlberg, Amitay Isaacs, Martin Schwenke +.SH "COPYRIGHT" +.br +Copyright \(co 2007 Andrew Tridgell, Ronnie Sahlberg +.br +.PP +This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version\&. +.PP +This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE\&. See the GNU General Public License for more details\&. +.PP +You should have received a copy of the GNU General Public License along with this program; if not, see +\m[blue]\fB\%http://www.gnu.org/licenses\fR\m[]\&. +.sp diff --git a/net/samba419/files/man/ctdb.7 b/net/samba419/files/man/ctdb.7 new file mode 100644 index 000000000000..b0f2df9f960e --- /dev/null +++ b/net/samba419/files/man/ctdb.7 @@ -0,0 +1,783 @@ +'\" t +.\" Title: ctdb +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/> +.\" Date: 09/23/2020 +.\" Manual: CTDB - clustered TDB database +.\" Source: ctdb +.\" Language: English +.\" +.TH "CTDB" "7" "09/23/2020" "ctdb" "CTDB \- clustered TDB database" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +ctdb \- Clustered TDB +.SH "DESCRIPTION" +.PP +CTDB is a clustered database component in clustered Samba that provides a high\-availability load\-sharing CIFS server cluster\&. +.PP +The main functions of CTDB are: +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +Provide a clustered version of the TDB database with automatic rebuild/recovery of the databases upon node failures\&. +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +Monitor nodes in the cluster and services running on each node\&. +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +Manage a pool of public IP addresses that are used to provide services to clients\&. Alternatively, CTDB can be used with LVS\&. +.RE +.PP +Combined with a cluster filesystem CTDB provides a full high\-availablity (HA) environment for services such as clustered Samba, NFS and other services\&. +.SH "ANATOMY OF A CTDB CLUSTER" +.PP +A CTDB cluster is a collection of nodes with 2 or more network interfaces\&. All nodes provide network (usually file/NAS) services to clients\&. Data served by file services is stored on shared storage (usually a cluster filesystem) that is accessible by all nodes\&. +.PP +CTDB provides an "all active" cluster, where services are load balanced across all nodes\&. +.SH "RECOVERY LOCK" +.PP +CTDB uses a +\fIrecovery lock\fR +to avoid a +\fIsplit brain\fR, where a cluster becomes partitioned and each partition attempts to operate independently\&. Issues that can result from a split brain include file data corruption, because file locking metadata may not be tracked correctly\&. +.PP +CTDB uses a +\fIcluster leader and follower\fR +model of cluster management\&. All nodes in a cluster elect one node to be the leader\&. The leader node coordinates privileged operations such as database recovery and IP address failover\&. CTDB refers to the leader node as the +\fIrecovery master\fR\&. This node takes and holds the recovery lock to assert its privileged role in the cluster\&. +.PP +By default, the recovery lock is implemented using a file (specified by +\fIrecovery lock\fR +in the +[cluster] +section of +\fBctdb.conf\fR(5)) residing in shared storage (usually) on a cluster filesystem\&. To support a recovery lock the cluster filesystem must support lock coherence\&. See +\fBping_pong\fR(1) +for more details\&. +.PP +The recovery lock can also be implemented using an arbitrary cluster mutex call\-out by using an exclamation point (\*(Aq!\*(Aq) as the first character of +\fIrecovery lock\fR\&. For example, a value of +\fB!/usr/local/bin/myhelper recovery\fR +would run the given helper with the specified arguments\&. See the source code relating to cluster mutexes for clues about writing call\-outs\&. +.PP +If a cluster becomes partitioned (for example, due to a communication failure) and a different recovery master is elected by the nodes in each partition, then only one of these recovery masters will be able to take the recovery lock\&. The recovery master in the "losing" partition will not be able to take the recovery lock and will be excluded from the cluster\&. The nodes in the "losing" partition will elect each node in turn as their recovery master so eventually all the nodes in that partition will be excluded\&. +.PP +CTDB does sanity checks to ensure that the recovery lock is held as expected\&. +.PP +CTDB can run without a recovery lock but this is not recommended as there will be no protection from split brains\&. +.SH "PRIVATE VS PUBLIC ADDRESSES" +.PP +Each node in a CTDB cluster has multiple IP addresses assigned to it: +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +A single private IP address that is used for communication between nodes\&. +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +One or more public IP addresses that are used to provide NAS or other services\&. +.RE +.sp +.SS "Private address" +.PP +Each node is configured with a unique, permanently assigned private address\&. This address is configured by the operating system\&. This address uniquely identifies a physical node in the cluster and is the address that CTDB daemons will use to communicate with the CTDB daemons on other nodes\&. +.PP +Private addresses are listed in the file +/usr/local/etc/ctdb/nodes)\&. This file contains the list of private addresses for all nodes in the cluster, one per line\&. This file must be the same on all nodes in the cluster\&. +.PP +Some users like to put this configuration file in their cluster filesystem\&. A symbolic link should be used in this case\&. +.PP +Private addresses should not be used by clients to connect to services provided by the cluster\&. +.PP +It is strongly recommended that the private addresses are configured on a private network that is separate from client networks\&. This is because the CTDB protocol is both unauthenticated and unencrypted\&. If clients share the private network then steps need to be taken to stop injection of packets to relevant ports on the private addresses\&. It is also likely that CTDB protocol traffic between nodes could leak sensitive information if it can be intercepted\&. +.PP +Example +/usr/local/etc/ctdb/nodes +for a four node cluster: +.sp +.if n \{\ +.RS 4 +.\} +.nf +192\&.168\&.1\&.1 +192\&.168\&.1\&.2 +192\&.168\&.1\&.3 +192\&.168\&.1\&.4 + +.fi +.if n \{\ +.RE +.\} +.SS "Public addresses" +.PP +Public addresses are used to provide services to clients\&. Public addresses are not configured at the operating system level and are not permanently associated with a particular node\&. Instead, they are managed by CTDB and are assigned to interfaces on physical nodes at runtime\&. +.PP +The CTDB cluster will assign/reassign these public addresses across the available healthy nodes in the cluster\&. When one node fails, its public addresses will be taken over by one or more other nodes in the cluster\&. This ensures that services provided by all public addresses are always available to clients, as long as there are nodes available capable of hosting this address\&. +.PP +The public address configuration is stored in +/usr/local/etc/ctdb/public_addresses +on each node\&. This file contains a list of the public addresses that the node is capable of hosting, one per line\&. Each entry also contains the netmask and the interface to which the address should be assigned\&. If this file is missing then no public addresses are configured\&. +.PP +Some users who have the same public addresses on all nodes like to put this configuration file in their cluster filesystem\&. A symbolic link should be used in this case\&. +.PP +Example +/usr/local/etc/ctdb/public_addresses +for a node that can host 4 public addresses, on 2 different interfaces: +.sp +.if n \{\ +.RS 4 +.\} +.nf +10\&.1\&.1\&.1/24 eth1 +10\&.1\&.1\&.2/24 eth1 +10\&.1\&.2\&.1/24 eth2 +10\&.1\&.2\&.2/24 eth2 + +.fi +.if n \{\ +.RE +.\} +.PP +In many cases the public addresses file will be the same on all nodes\&. However, it is possible to use different public address configurations on different nodes\&. +.PP +Example: 4 nodes partitioned into two subgroups: +.sp +.if n \{\ +.RS 4 +.\} +.nf +Node 0:/usr/local/etc/ctdb/public_addresses + 10\&.1\&.1\&.1/24 eth1 + 10\&.1\&.1\&.2/24 eth1 + +Node 1:/usr/local/etc/ctdb/public_addresses + 10\&.1\&.1\&.1/24 eth1 + 10\&.1\&.1\&.2/24 eth1 + +Node 2:/usr/local/etc/ctdb/public_addresses + 10\&.1\&.2\&.1/24 eth2 + 10\&.1\&.2\&.2/24 eth2 + +Node 3:/usr/local/etc/ctdb/public_addresses + 10\&.1\&.2\&.1/24 eth2 + 10\&.1\&.2\&.2/24 eth2 + +.fi +.if n \{\ +.RE +.\} +.PP +In this example nodes 0 and 1 host two public addresses on the 10\&.1\&.1\&.x network while nodes 2 and 3 host two public addresses for the 10\&.1\&.2\&.x network\&. +.PP +Public address 10\&.1\&.1\&.1 can be hosted by either of nodes 0 or 1 and will be available to clients as long as at least one of these two nodes are available\&. +.PP +If both nodes 0 and 1 become unavailable then public address 10\&.1\&.1\&.1 also becomes unavailable\&. 10\&.1\&.1\&.1 can not be failed over to nodes 2 or 3 since these nodes do not have this public address configured\&. +.PP +The +\fBctdb ip\fR +command can be used to view the current assignment of public addresses to physical nodes\&. +.SH "NODE STATUS" +.PP +The current status of each node in the cluster can be viewed by the +\fBctdb status\fR +command\&. +.PP +A node can be in one of the following states: +.PP +OK +.RS 4 +This node is healthy and fully functional\&. It hosts public addresses to provide services\&. +.RE +.PP +DISCONNECTED +.RS 4 +This node is not reachable by other nodes via the private network\&. It is not currently participating in the cluster\&. It +\fIdoes not\fR +host public addresses to provide services\&. It might be shut down\&. +.RE +.PP +DISABLED +.RS 4 +This node has been administratively disabled\&. This node is partially functional and participates in the cluster\&. However, it +\fIdoes not\fR +host public addresses to provide services\&. +.RE +.PP +UNHEALTHY +.RS 4 +A service provided by this node has failed a health check and should be investigated\&. This node is partially functional and participates in the cluster\&. However, it +\fIdoes not\fR +host public addresses to provide services\&. Unhealthy nodes should be investigated and may require an administrative action to rectify\&. +.RE +.PP +BANNED +.RS 4 +CTDB is not behaving as designed on this node\&. For example, it may have failed too many recovery attempts\&. Such nodes are banned from participating in the cluster for a configurable time period before they attempt to rejoin the cluster\&. A banned node +\fIdoes not\fR +host public addresses to provide services\&. All banned nodes should be investigated and may require an administrative action to rectify\&. +.RE +.PP +STOPPED +.RS 4 +This node has been administratively exclude from the cluster\&. A stopped node does no participate in the cluster and +\fIdoes not\fR +host public addresses to provide services\&. This state can be used while performing maintenance on a node\&. +.RE +.PP +PARTIALLYONLINE +.RS 4 +A node that is partially online participates in a cluster like a healthy (OK) node\&. Some interfaces to serve public addresses are down, but at least one interface is up\&. See also +\fBctdb ifaces\fR\&. +.RE +.SH "CAPABILITIES" +.PP +Cluster nodes can have several different capabilities enabled\&. These are listed below\&. +.PP +RECMASTER +.RS 4 +Indicates that a node can become the CTDB cluster recovery master\&. The current recovery master is decided via an election held by all active nodes with this capability\&. +.sp +Default is YES\&. +.RE +.PP +LMASTER +.RS 4 +Indicates that a node can be the location master (LMASTER) for database records\&. The LMASTER always knows which node has the latest copy of a record in a volatile database\&. +.sp +Default is YES\&. +.RE +.PP +The RECMASTER and LMASTER capabilities can be disabled when CTDB is used to create a cluster spanning across WAN links\&. In this case CTDB acts as a WAN accelerator\&. +.SH "LVS" +.PP +LVS is a mode where CTDB presents one single IP address for the entire cluster\&. This is an alternative to using public IP addresses and round\-robin DNS to loadbalance clients across the cluster\&. +.PP +This is similar to using a layer\-4 loadbalancing switch but with some restrictions\&. +.PP +One extra LVS public address is assigned on the public network to each LVS group\&. Each LVS group is a set of nodes in the cluster that presents the same LVS address public address to the outside world\&. Normally there would only be one LVS group spanning an entire cluster, but in situations where one CTDB cluster spans multiple physical sites it might be useful to have one LVS group for each site\&. There can be multiple LVS groups in a cluster but each node can only be member of one LVS group\&. +.PP +Client access to the cluster is load\-balanced across the HEALTHY nodes in an LVS group\&. If no HEALTHY nodes exists then all nodes in the group are used, regardless of health status\&. CTDB will, however never load\-balance LVS traffic to nodes that are BANNED, STOPPED, DISABLED or DISCONNECTED\&. The +\fBctdb lvs\fR +command is used to show which nodes are currently load\-balanced across\&. +.PP +In each LVS group, one of the nodes is selected by CTDB to be the LVS master\&. This node receives all traffic from clients coming in to the LVS public address and multiplexes it across the internal network to one of the nodes that LVS is using\&. When responding to the client, that node will send the data back directly to the client, bypassing the LVS master node\&. The command +\fBctdb lvs master\fR +will show which node is the current LVS master\&. +.PP +The path used for a client I/O is: +.sp +.RS 4 +.ie n \{\ +\h'-04' 1.\h'+01'\c +.\} +.el \{\ +.sp -1 +.IP " 1." 4.2 +.\} +Client sends request packet to LVSMASTER\&. +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04' 2.\h'+01'\c +.\} +.el \{\ +.sp -1 +.IP " 2." 4.2 +.\} +LVSMASTER passes the request on to one node across the internal network\&. +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04' 3.\h'+01'\c +.\} +.el \{\ +.sp -1 +.IP " 3." 4.2 +.\} +Selected node processes the request\&. +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04' 4.\h'+01'\c +.\} +.el \{\ +.sp -1 +.IP " 4." 4.2 +.\} +Node responds back to client\&. +.RE +.PP +This means that all incoming traffic to the cluster will pass through one physical node, which limits scalability\&. You can send more data to the LVS address that one physical node can multiplex\&. This means that you should not use LVS if your I/O pattern is write\-intensive since you will be limited in the available network bandwidth that node can handle\&. LVS does work very well for read\-intensive workloads where only smallish READ requests are going through the LVSMASTER bottleneck and the majority of the traffic volume (the data in the read replies) goes straight from the processing node back to the clients\&. For read\-intensive i/o patterns you can achieve very high throughput rates in this mode\&. +.PP +Note: you can use LVS and public addresses at the same time\&. +.PP +If you use LVS, you must have a permanent address configured for the public interface on each node\&. This address must be routable and the cluster nodes must be configured so that all traffic back to client hosts are routed through this interface\&. This is also required in order to allow samba/winbind on the node to talk to the domain controller\&. This LVS IP address can not be used to initiate outgoing traffic\&. +.PP +Make sure that the domain controller and the clients are reachable from a node +\fIbefore\fR +you enable LVS\&. Also ensure that outgoing traffic to these hosts is routed out through the configured public interface\&. +.SS "Configuration" +.PP +To activate LVS on a CTDB node you must specify the +\fICTDB_LVS_PUBLIC_IFACE\fR, +\fICTDB_LVS_PUBLIC_IP\fR +and +\fICTDB_LVS_NODES\fR +configuration variables\&. +\fICTDB_LVS_NODES\fR +specifies a file containing the private address of all nodes in the current node\*(Aqs LVS group\&. +.PP +Example: +.sp +.if n \{\ +.RS 4 +.\} +.nf +CTDB_LVS_PUBLIC_IFACE=eth1 +CTDB_LVS_PUBLIC_IP=10\&.1\&.1\&.237 +CTDB_LVS_NODES=/usr/local/etc/ctdb/lvs_nodes + +.fi +.if n \{\ +.RE +.\} +.PP +Example +/usr/local/etc/ctdb/lvs_nodes: +.sp +.if n \{\ +.RS 4 +.\} +.nf +192\&.168\&.1\&.2 +192\&.168\&.1\&.3 +192\&.168\&.1\&.4 + +.fi +.if n \{\ +.RE +.\} +.PP +Normally any node in an LVS group can act as the LVS master\&. Nodes that are highly loaded due to other demands maybe flagged with the "slave\-only" option in the +\fICTDB_LVS_NODES\fR +file to limit the LVS functionality of those nodes\&. +.PP +LVS nodes file that excludes 192\&.168\&.1\&.4 from being the LVS master node: +.sp +.if n \{\ +.RS 4 +.\} +.nf +192\&.168\&.1\&.2 +192\&.168\&.1\&.3 +192\&.168\&.1\&.4 slave\-only + +.fi +.if n \{\ +.RE +.\} +.SH "TRACKING AND RESETTING TCP CONNECTIONS" +.PP +CTDB tracks TCP connections from clients to public IP addresses, on known ports\&. When an IP address moves from one node to another, all existing TCP connections to that IP address are reset\&. The node taking over this IP address will also send gratuitous ARPs (for IPv4, or neighbour advertisement, for IPv6)\&. This allows clients to reconnect quickly, rather than waiting for TCP timeouts, which can be very long\&. +.PP +It is important that established TCP connections do not survive a release and take of a public IP address on the same node\&. Such connections can get out of sync with sequence and ACK numbers, potentially causing a disruptive ACK storm\&. +.SH "NAT GATEWAY" +.PP +NAT gateway (NATGW) is an optional feature that is used to configure fallback routing for nodes\&. This allows cluster nodes to connect to external services (e\&.g\&. DNS, AD, NIS and LDAP) when they do not host any public addresses (e\&.g\&. when they are unhealthy)\&. +.PP +This also applies to node startup because CTDB marks nodes as UNHEALTHY until they have passed a "monitor" event\&. In this context, NAT gateway helps to avoid a "chicken and egg" situation where a node needs to access an external service to become healthy\&. +.PP +Another way of solving this type of problem is to assign an extra static IP address to a public interface on every node\&. This is simpler but it uses an extra IP address per node, while NAT gateway generally uses only one extra IP address\&. +.SS "Operation" +.PP +One extra NATGW public address is assigned on the public network to each NATGW group\&. Each NATGW group is a set of nodes in the cluster that shares the same NATGW address to talk to the outside world\&. Normally there would only be one NATGW group spanning an entire cluster, but in situations where one CTDB cluster spans multiple physical sites it might be useful to have one NATGW group for each site\&. +.PP +There can be multiple NATGW groups in a cluster but each node can only be member of one NATGW group\&. +.PP +In each NATGW group, one of the nodes is selected by CTDB to be the NATGW master and the other nodes are consider to be NATGW slaves\&. NATGW slaves establish a fallback default route to the NATGW master via the private network\&. When a NATGW slave hosts no public IP addresses then it will use this route for outbound connections\&. The NATGW master hosts the NATGW public IP address and routes outgoing connections from slave nodes via this IP address\&. It also establishes a fallback default route\&. +.SS "Configuration" +.PP +NATGW is usually configured similar to the following example configuration: +.sp +.if n \{\ +.RS 4 +.\} +.nf +CTDB_NATGW_NODES=/usr/local/etc/ctdb/natgw_nodes +CTDB_NATGW_PRIVATE_NETWORK=192\&.168\&.1\&.0/24 +CTDB_NATGW_PUBLIC_IP=10\&.0\&.0\&.227/24 +CTDB_NATGW_PUBLIC_IFACE=eth0 +CTDB_NATGW_DEFAULT_GATEWAY=10\&.0\&.0\&.1 + +.fi +.if n \{\ +.RE +.\} +.PP +Normally any node in a NATGW group can act as the NATGW master\&. Some configurations may have special nodes that lack connectivity to a public network\&. In such cases, those nodes can be flagged with the "slave\-only" option in the +\fICTDB_NATGW_NODES\fR +file to limit the NATGW functionality of those nodes\&. +.PP +See the +NAT GATEWAY +section in +\fBctdb-script.options\fR(5) +for more details of NATGW configuration\&. +.SS "Implementation details" +.PP +When the NATGW functionality is used, one of the nodes is selected to act as a NAT gateway for all the other nodes in the group when they need to communicate with the external services\&. The NATGW master is selected to be a node that is most likely to have usable networks\&. +.PP +The NATGW master hosts the NATGW public IP address +\fICTDB_NATGW_PUBLIC_IP\fR +on the configured public interfaces +\fICTDB_NATGW_PUBLIC_IFACE\fR +and acts as a router, masquerading outgoing connections from slave nodes via this IP address\&. If +\fICTDB_NATGW_DEFAULT_GATEWAY\fR +is set then it also establishes a fallback default route to the configured this gateway with a metric of 10\&. A metric 10 route is used so it can co\-exist with other default routes that may be available\&. +.PP +A NATGW slave establishes its fallback default route to the NATGW master via the private network +\fICTDB_NATGW_PRIVATE_NETWORK\fRwith a metric of 10\&. This route is used for outbound connections when no other default route is available because the node hosts no public addresses\&. A metric 10 routes is used so that it can co\-exist with other default routes that may be available when the node is hosting public addresses\&. +.PP +\fICTDB_NATGW_STATIC_ROUTES\fR +can be used to have NATGW create more specific routes instead of just default routes\&. +.PP +This is implemented in the +11\&.natgw +eventscript\&. Please see the eventscript file and the +NAT GATEWAY +section in +\fBctdb-script.options\fR(5) +for more details\&. +.SH "POLICY ROUTING" +.PP +Policy routing is an optional CTDB feature to support complex network topologies\&. Public addresses may be spread across several different networks (or VLANs) and it may not be possible to route packets from these public addresses via the system\*(Aqs default route\&. Therefore, CTDB has support for policy routing via the +13\&.per_ip_routing +eventscript\&. This allows routing to be specified for packets sourced from each public address\&. The routes are added and removed as CTDB moves public addresses between nodes\&. +.SS "Configuration variables" +.PP +There are 4 configuration variables related to policy routing: +\fICTDB_PER_IP_ROUTING_CONF\fR, +\fICTDB_PER_IP_ROUTING_RULE_PREF\fR, +\fICTDB_PER_IP_ROUTING_TABLE_ID_LOW\fR, +\fICTDB_PER_IP_ROUTING_TABLE_ID_HIGH\fR\&. See the +POLICY ROUTING +section in +\fBctdb-script.options\fR(5) +for more details\&. +.SS "Configuration" +.PP +The format of each line of +\fICTDB_PER_IP_ROUTING_CONF\fR +is: +.sp +.if n \{\ +.RS 4 +.\} +.nf +<public_address> <network> [ <gateway> ] + +.fi +.if n \{\ +.RE +.\} +.PP +Leading whitespace is ignored and arbitrary whitespace may be used as a separator\&. Lines that have a "public address" item that doesn\*(Aqt match an actual public address are ignored\&. This means that comment lines can be added using a leading character such as \*(Aq#\*(Aq, since this will never match an IP address\&. +.PP +A line without a gateway indicates a link local route\&. +.PP +For example, consider the configuration line: +.sp +.if n \{\ +.RS 4 +.\} +.nf + 192\&.168\&.1\&.99 192\&.168\&.1\&.1/24 + +.fi +.if n \{\ +.RE +.\} +.PP +If the corresponding public_addresses line is: +.sp +.if n \{\ +.RS 4 +.\} +.nf + 192\&.168\&.1\&.99/24 eth2,eth3 + +.fi +.if n \{\ +.RE +.\} +.PP +\fICTDB_PER_IP_ROUTING_RULE_PREF\fR +is 100, and CTDB adds the address to eth2 then the following routing information is added: +.sp +.if n \{\ +.RS 4 +.\} +.nf + ip rule add from 192\&.168\&.1\&.99 pref 100 table ctdb\&.192\&.168\&.1\&.99 + ip route add 192\&.168\&.1\&.0/24 dev eth2 table ctdb\&.192\&.168\&.1\&.99 + +.fi +.if n \{\ +.RE +.\} +.PP +This causes traffic from 192\&.168\&.1\&.1 to 192\&.168\&.1\&.0/24 go via eth2\&. +.PP +The +\fBip rule\fR +command will show (something like \- depending on other public addresses and other routes on the system): +.sp +.if n \{\ +.RS 4 +.\} +.nf + 0: from all lookup local + 100: from 192\&.168\&.1\&.99 lookup ctdb\&.192\&.168\&.1\&.99 + 32766: from all lookup main + 32767: from all lookup default + +.fi +.if n \{\ +.RE +.\} +.PP +\fBip route show table ctdb\&.192\&.168\&.1\&.99\fR +will show: +.sp +.if n \{\ +.RS 4 +.\} +.nf + 192\&.168\&.1\&.0/24 dev eth2 scope link + +.fi +.if n \{\ +.RE +.\} +.PP +The usual use for a line containing a gateway is to add a default route corresponding to a particular source address\&. Consider this line of configuration: +.sp +.if n \{\ +.RS 4 +.\} +.nf + 192\&.168\&.1\&.99 0\&.0\&.0\&.0/0 192\&.168\&.1\&.1 + +.fi +.if n \{\ +.RE +.\} +.PP +In the situation described above this will cause an extra routing command to be executed: +.sp +.if n \{\ +.RS 4 +.\} +.nf + ip route add 0\&.0\&.0\&.0/0 via 192\&.168\&.1\&.1 dev eth2 table ctdb\&.192\&.168\&.1\&.99 + +.fi +.if n \{\ +.RE +.\} +.PP +With both configuration lines, +\fBip route show table ctdb\&.192\&.168\&.1\&.99\fR +will show: +.sp +.if n \{\ +.RS 4 +.\} +.nf + 192\&.168\&.1\&.0/24 dev eth2 scope link + default via 192\&.168\&.1\&.1 dev eth2 + +.fi +.if n \{\ +.RE +.\} +.SS "Sample configuration" +.PP +Here is a more complete example configuration\&. +.sp +.if n \{\ +.RS 4 +.\} +.nf +/usr/local/etc/ctdb/public_addresses: + + 192\&.168\&.1\&.98 eth2,eth3 + 192\&.168\&.1\&.99 eth2,eth3 + +/usr/local/etc/ctdb/policy_routing: + + 192\&.168\&.1\&.98 192\&.168\&.1\&.0/24 + 192\&.168\&.1\&.98 192\&.168\&.200\&.0/24 192\&.168\&.1\&.254 + 192\&.168\&.1\&.98 0\&.0\&.0\&.0/0 192\&.168\&.1\&.1 + 192\&.168\&.1\&.99 192\&.168\&.1\&.0/24 + 192\&.168\&.1\&.99 192\&.168\&.200\&.0/24 192\&.168\&.1\&.254 + 192\&.168\&.1\&.99 0\&.0\&.0\&.0/0 192\&.168\&.1\&.1 + +.fi +.if n \{\ +.RE +.\} +.PP +The routes local packets as expected, the default route is as previously discussed, but packets to 192\&.168\&.200\&.0/24 are routed via the alternate gateway 192\&.168\&.1\&.254\&. +.SH "NOTIFICATIONS" +.PP +When certain state changes occur in CTDB, it can be configured to perform arbitrary actions via notifications\&. For example, sending SNMP traps or emails when a node becomes unhealthy or similar\&. +.PP +The notification mechanism runs all executable files ending in "\&.script" in +/usr/local/etc/ctdb/events/notification/, ignoring any failures and continuing to run all files\&. +.PP +CTDB currently generates notifications after CTDB changes to these states: +.RS 4 +init +.RE +.RS 4 +setup +.RE +.RS 4 +startup +.RE +.RS 4 +healthy +.RE +.RS 4 +unhealthy +.RE +.SH "LOG LEVELS" +.PP +Valid log levels, in increasing order of verbosity, are: +.RS 4 +ERROR +.RE +.RS 4 +WARNING +.RE +.RS 4 +NOTICE +.RE +.RS 4 +INFO +.RE +.RS 4 +DEBUG +.RE +.SH "REMOTE CLUSTER NODES" +.PP +It is possible to have a CTDB cluster that spans across a WAN link\&. For example where you have a CTDB cluster in your datacentre but you also want to have one additional CTDB node located at a remote branch site\&. This is similar to how a WAN accelerator works but with the difference that while a WAN\-accelerator often acts as a Proxy or a MitM, in the ctdb remote cluster node configuration the Samba instance at the remote site IS the genuine server, not a proxy and not a MitM, and thus provides 100% correct CIFS semantics to clients\&. +.PP +See the cluster as one single multihomed samba server where one of the NICs (the remote node) is very far away\&. +.PP +NOTE: This does require that the cluster filesystem you use can cope with WAN\-link latencies\&. Not all cluster filesystems can handle WAN\-link latencies! Whether this will provide very good WAN\-accelerator performance or it will perform very poorly depends entirely on how optimized your cluster filesystem is in handling high latency for data and metadata operations\&. +.PP +To activate a node as being a remote cluster node you need to set the following two parameters in /usr/local/etc/ctdb/ctdb\&.conf for the remote node: +.sp +.if n \{\ +.RS 4 +.\} +.nf +[legacy] + lmaster capability = false + recmaster capability = false + +.fi +.if n \{\ +.RE +.\} +.PP +Verify with the command "ctdb getcapabilities" that that node no longer has the recmaster or the lmaster capabilities\&. +.SH "SEE ALSO" +.PP +\fBctdb\fR(1), +\fBctdbd\fR(1), +\fBctdbd_wrapper\fR(1), +\fBctdb_diagnostics\fR(1), +\fBltdbtool\fR(1), +\fBonnode\fR(1), +\fBping_pong\fR(1), +\fBctdb.conf\fR(5), +\fBctdb-script.options\fR(5), +\fBctdb.sysconfig\fR(5), +\fBctdb-statistics\fR(7), +\fBctdb-tunables\fR(7), +\m[blue]\fB\%http://ctdb.samba.org/\fR\m[] +.SH "AUTHOR" +.br +.PP +This documentation was written by Ronnie Sahlberg, Amitay Isaacs, Martin Schwenke +.SH "COPYRIGHT" +.br +Copyright \(co 2007 Andrew Tridgell, Ronnie Sahlberg +.br +.PP +This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version\&. +.PP +This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE\&. See the GNU General Public License for more details\&. +.PP +You should have received a copy of the GNU General Public License along with this program; if not, see +\m[blue]\fB\%http://www.gnu.org/licenses\fR\m[]\&. +.sp diff --git a/net/samba419/files/man/ctdb.conf.5 b/net/samba419/files/man/ctdb.conf.5 new file mode 100644 index 000000000000..ee36a518e920 --- /dev/null +++ b/net/samba419/files/man/ctdb.conf.5 @@ -0,0 +1,359 @@ +'\" t +.\" Title: ctdb.conf +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/> +.\" Date: 09/23/2020 +.\" Manual: CTDB - clustered TDB database +.\" Source: ctdb +.\" Language: English +.\" +.TH "CTDB\&.CONF" "5" "09/23/2020" "ctdb" "CTDB \- clustered TDB database" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +ctdb.conf \- CTDB configuration file +.SH "DESCRIPTION" +.PP +This file contains CTDB configuration options that affect the operation of CTDB daemons and command\-line tools\&. The default location of this file is +/usr/local/etc/ctdb/ctdb\&.conf\&. +.PP +Note that this is a Samba\-style configuration file, so it has a very different syntax to previous CTDB configuration files\&. +.PP +For event script options please see +\fBctdb-script.options\fR(5)\&. +.PP +Configuration options are grouped into several sections below\&. There are only a few options in each section, allowing them to be ordered (approximately) in decreasing order of importance\&. +.SH "LOGGING CONFIGURATION" +.PP +Options in this section control CTDB\*(Aqs logging\&. They are valid within the +\fIlogging\fR +section of file, indicated by +[logging]\&. +.PP +log level = \fILOGLEVEL\fR +.RS 4 +LOGLEVEL is a string that controls the verbosity of ctdbd\*(Aqs logging\&. See the +LOG LEVELS +section in +\fBctdb\fR(7) +for more details\&. +.sp +Default: +NOTICE +.RE +.PP +location = \fISTRING\fR +.RS 4 +STRING specifies where ctdbd will write its log\&. +.sp +Valid values are: +.PP +file:\fIFILENAME\fR +.RS 4 +FILENAME where ctdbd will write its log\&. This is usually +/var/log/log\&.ctdb\&. +.RE +.PP +syslog[:\fIMETHOD\fR] +.RS 4 +CTDB will log to syslog\&. By default this will use the syslog(3) API\&. +.sp +If METHOD is specified then it specifies an extension that causes logging to be done in a non\-blocking fashion\&. This can be useful under heavy loads that might cause the syslog daemon to dequeue messages too slowly, which would otherwise cause CTDB to block when logging\&. METHOD must be one of: +.PP +nonblocking +.RS 4 +CTDB will log to syslog via +/dev/log +in non\-blocking mode\&. +.RE +.PP +udp +.RS 4 +CTDB will log to syslog via UDP to localhost:514\&. The syslog daemon must be configured to listen on (at least) localhost:514\&. Most implementations will log the messages against hostname "localhost" \- this is a limit of the implementation for compatibility with more syslog daemon implementations\&. +.RE +.PP +udp\-rfc5424 +.RS 4 +As with "udp" but messages are sent in RFC5424 format\&. This method will log the correct hostname but is not as widely implemented in syslog daemons\&. +.RE +.RE +.sp +Default: file:/var/log/log\&.ctdb +.RE +.SH "CLUSTER CONFIGURATION" +.PP +Options in this section affect the CTDB cluster setup\&. They are valid within the +\fIcluster\fR +section of file, indicated by +[cluster]\&. +.PP +recovery lock = \fILOCK\fR +.RS 4 +LOCK specifies the cluster\-wide mutex used to detect and prevent a partitioned cluster (or "split brain")\&. +.sp +For information about the recovery lock please see the +RECOVERY LOCK +section in +\fBctdb\fR(7)\&. +.sp +Default: NONE\&. However, uses of a recovery lock is +\fIstrongly recommended\fR\&. +.RE +.PP +node address = \fIIPADDR\fR +.RS 4 +IPADDR is the private IP address that ctdbd will bind to\&. +.sp +This option is only required when automatic address detection can not be used\&. This can be the case when running multiple ctdbd daemons/nodes on the same physical host (usually for testing), using InfiniBand for the private network or on Linux when sysctl net\&.ipv4\&.ip_nonlocal_bind=1\&. +.sp +Default: CTDB selects the first address from the nodes list that it can bind to\&. See also the +PRIVATE ADDRESS +section in +\fBctdb\fR(7)\&. +.RE +.PP +transport = tcp|ib +.RS 4 +This option specifies which transport to use for ctdbd internode communications on the private network\&. +.sp +ib +means InfiniBand\&. The InfiniBand support is not regularly tested\&. If it is known to be broken then it may be disabled so that a value of +ib +is considered invalid\&. +.sp +Default: +tcp +.RE +.SH "DATABASE CONFIGURATION" +.PP +Options in this section affect the CTDB database setup\&. They are valid within the +\fIdatabase\fR +section of file, indicated by +[database]\&. +.PP +volatile database directory = \fIDIRECTORY\fR +.RS 4 +DIRECTORY on local storage where CTDB keeps a local copy of volatile TDB databases\&. This directory is local for each node and should not be stored on the shared cluster filesystem\&. +.sp +Mounting a tmpfs (or similar memory filesystem) on this directory can provide a significant performance improvement when there is I/O contention on the local disk\&. +.sp +Default: +/var/lib/ctdb/volatile +.RE +.PP +persistent database directory=\fIDIRECTORY\fR +.RS 4 +DIRECTORY on local storage where CTDB keeps a local copy of persistent TDB databases\&. This directory is local for each node and should not be stored on the shared cluster filesystem\&. +.sp +Default: +/var/lib/ctdb/persistent +.RE +.PP +state database directory = \fIDIRECTORY\fR +.RS 4 +DIRECTORY on local storage where CTDB keeps a local copy of internal state TDB databases\&. This directory is local for each node and should not be stored on the shared cluster filesystem\&. +.sp +Default: +/var/lib/ctdb/state +.RE +.PP +tdb mutexes = true|false +.RS 4 +This parameter enables TDB_MUTEX_LOCKING feature on volatile databases if the robust mutexes are supported\&. This optimizes the record locking using robust mutexes and is much more efficient that using posix locks\&. +.sp +If robust mutexes are unreliable on the platform being used then they can be disabled by setting this to +false\&. +.RE +.PP +lock debug script = \fIFILENAME\fR +.RS 4 +FILENAME is a script used by CTDB\*(Aqs database locking code to attempt to provide debugging information when CTDB is unable to lock an entire database or a record\&. +.sp +This script should be a bare filename relative to the CTDB configuration directory (/usr/local/etc/ctdb/)\&. Any directory prefix is ignored and the path is calculated relative to this directory\&. +.sp +CTDB provides a lock debugging script and installs it as +/usr/local/etc/ctdb/debug_locks\&.sh\&. +.sp +Default: NONE +.RE +.SH "EVENT HANDLING CONFIGURATION" +.PP +Options in this section affect CTDB event handling\&. They are valid within the +\fIevent\fR +section of file, indicated by +[event]\&. +.PP +debug script = \fIFILENAME\fR +.RS 4 +FILENAME is a script used by CTDB\*(Aqs event handling code to attempt to provide debugging information when an event times out\&. +.sp +This script should be a bare filename relative to the CTDB configuration directory (/usr/local/etc/ctdb/)\&. Any directory prefix is ignored and the path is calculated relative to this directory\&. +.sp +CTDB provides a script for debugging timed out event scripts and installs it as +/usr/local/etc/ctdb/debug\-hung\-script\&.sh\&. +.sp +Default: NONE +.RE +.SH "FAILOVER CONFIGURATION" +.PP +Options in this section affect CTDB failover\&. They are valid within the +\fIfailover\fR +section of file, indicated by +[failover]\&. +.PP +disabled = true|false +.RS 4 +If set to +true +then public IP failover is disabled\&. +.sp +Default: +false +.RE +.SH "LEGACY CONFIGURATION" +.PP +Options in this section affect legacy CTDB setup\&. They are valid within the +\fIlegacy\fR +section of file, indicated by +[legacy]\&. +.PP +ctdb start as stopped = true|false +.RS 4 +If set to +true +CTDB starts in the STOPPED state\&. +.sp +To allow the node to take part in the cluster it must be manually continued with the +\fBctdb continue\fR +command\&. +.sp +Please see the +NODE STATES +section in +\fBctdb\fR(7) +for more information about the STOPPED state\&. +.sp +Default: +false +.RE +.PP +start as disabled = true|false +.RS 4 +If set to +true +CTDB starts in the DISABLED state\&. +.sp +To allow the node to host public IP addresses and services, it must be manually enabled using the +\fBctdb enable\fR +command\&. +.sp +Please see the +NODE STATES +section in +\fBctdb\fR(7) +for more information about the DISABLED state\&. +.sp +Default: +false +.RE +.PP +realtime scheduling = true|false +.RS 4 +Usually CTDB runs with real\-time priority\&. This helps it to perform effectively on a busy system, such as when there are thousands of Samba clients\&. If you are running CTDB on a platform that does not support real\-time priority, you can set this to +false\&. +.sp +Default: +true +.RE +.PP +recmaster capability = true|false +.RS 4 +Indicates whether a node can become the recovery master for the cluster\&. If this is set to +false +then the node will not be able to become the recovery master for the cluster\&. This feature is primarily used for making a cluster span across a WAN link and use CTDB as a WAN\-accelerator\&. +.sp +Please see the +REMOTE CLUSTER NODES +section in +\fBctdb\fR(7) +for more information\&. +.sp +Default: +true +.RE +.PP +lmaster capability = true|false +.RS 4 +Indicates whether a node can become a location master for records in a database\&. If this is set to +false +then the node will not be part of the vnnmap\&. This feature is primarily used for making a cluster span across a WAN link and use CTDB as a WAN\-accelerator\&. +.sp +Please see the +REMOTE CLUSTER NODES +section in +\fBctdb\fR(7) +for more information\&. +.sp +Default: +true +.RE +.PP +script log level = \fILOGLEVEL\fR +.RS 4 +This option sets the debug level of event script output to LOGLEVEL\&. +.sp +See the +DEBUG LEVELS +section in +\fBctdb\fR(7) +for more information\&. +.sp +Default: +ERROR +.RE +.SH "FILES" +.RS 4 +/usr/local/etc/ctdb/ctdb\&.conf +.RE +.SH "SEE ALSO" +.PP +\fBctdbd\fR(1), +\fBonnode\fR(1), +\fBctdb.sysconfig\fR(5), +\fBctdb-script.options\fR(5), +\fBctdb\fR(7), +\fBctdb-tunables\fR(7), +\m[blue]\fB\%http://ctdb.samba.org/\fR\m[] +.SH "AUTHOR" +.br +.PP +This documentation was written by Amitay Isaacs, Martin Schwenke +.SH "COPYRIGHT" +.br +Copyright \(co 2007 Andrew Tridgell, Ronnie Sahlberg +.br +.PP +This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version\&. +.PP +This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE\&. See the GNU General Public License for more details\&. +.PP +You should have received a copy of the GNU General Public License along with this program; if not, see +\m[blue]\fB\%http://www.gnu.org/licenses\fR\m[]\&. +.sp diff --git a/net/samba419/files/man/ctdb.sysconfig.5 b/net/samba419/files/man/ctdb.sysconfig.5 new file mode 100644 index 000000000000..32afdb2bcf24 --- /dev/null +++ b/net/samba419/files/man/ctdb.sysconfig.5 @@ -0,0 +1,139 @@ +'\" t +.\" Title: ctdb.sysconfig +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/> +.\" Date: 09/23/2020 +.\" Manual: CTDB - clustered TDB database +.\" Source: ctdb +.\" Language: English +.\" +.TH "CTDB\&.SYSCONFIG" "5" "09/23/2020" "ctdb" "CTDB \- clustered TDB database" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +ctdb.sysconfig \- CTDB daemon configuration file +.SH "DESCRIPTION" +.PP +This file contains configuration that affects the operation of CTDB\&. This is a distribution\-specific service configuration file such as +/etc/sysconfig/ctdb +(Red Hat) or +/etc/default/ctdb +(Debian) and is a shell script (see +\fBsh\fR(1))\&. +.SH "GLOBAL CONFIGURATION" +.PP +CTDB_INIT_STYLE=debian|redhat|suse +.RS 4 +This is the init style used by the Linux distribution (or other operating system) being used\&. This is usually determined dynamically by checking the system\&. This variable is used by the initscript to determine which init system primitives to use\&. It is also used by some eventscripts to choose the name of initscripts for certain services, since these can vary between distributions\&. +.sp +If using CTDB\*(Aqs event scripts are unable to determine an appropriate default then this option can also be placed in a relevant +\fBctdb-script.options\fR(5) +file\&. +.sp +Default: NONE\&. Guessed, based on features of distribution\&. +.RE +.PP +CTDB_STARTUP_TIMEOUT=\fINUM\fR +.RS 4 +NUM is the number of seconds to wait for +\fBctdbd\fR(1) +complete early initialisation up to a point where it is unlikely to abort\&. If +\fBctdbd\fR +doesn\*(Aqt complete the "setup" event before this timeout then it is killed\&. +.sp +Defaults: 10 +.RE +.SH "RESOURCE LIMITS" +.SS "Maximum number of open files" +.PP +CTDB can use a lot of file descriptors, especially when used with Samba\&. If there are thousands of smbd processes connected to CTDB when this can mean that thousands of file descriptors are used\&. For CTDB, it is often necessary to increase limit on the maximum number of open files\&. +.PP +The maximum number of open files should be configured using an operating system mechanism\&. +.PP +systemd +.RS 4 +The +LimitNOFILE=\fBLIMIT\fR +option can be used in a unit/service file increase the maximum number of open files\&. See +\fBsystemd.exec\fR(5) +for details\&. +.RE +.PP +SYSV init +.RS 4 +Use a command like +\fBulimit \-n \fR\fB\fBLIMIT\fR\fR +to increase the maximum number of open files\&. This command can be put in the relevant distribution\-specific service configuration file\&. +.RE +.SS "Allowing core dumps" +.PP +Many distributions do not allow core dump files to be generated by default\&. To assist with debugging, core files can be enabled\&. This should be configured using an operating system mechanism\&. +.PP +systemd +.RS 4 +The +LimitCORE=0|unlimited +option can be used in a unit/service file\&. +0 +disallows core files, +unlimited +allows them\&. maximum number of open files\&. See +\fBsystemd.exec\fR(5) +for details\&. +.RE +.PP +SYSV init +.RS 4 +Use a command like +\fBulimit \-c 0|unlimited\fR +to disable or enable core files as required\&. This command can be put in the relevant distribution\-specific service configuration file\&. +.RE +.SH "FILES" +.RS 4 +/etc/sysconfig/ctdb +.RE +.RS 4 +/etc/default/ctdb +.RE +.RS 4 +/usr/local/etc/ctdb/script\&.options +.RE +.SH "SEE ALSO" +.PP +\fBctdbd\fR(1), +\fBctdb-script.options\fR(5), +\fBctdb\fR(7), +\m[blue]\fB\%http://ctdb.samba.org/\fR\m[] +.SH "AUTHOR" +.br +.PP +This documentation was written by Martin Schwenke +.SH "COPYRIGHT" +.br +Copyright \(co 2007 Andrew Tridgell, Ronnie Sahlberg +.br +.PP +This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version\&. +.PP +This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE\&. See the GNU General Public License for more details\&. +.PP +You should have received a copy of the GNU General Public License along with this program; if not, see +\m[blue]\fB\%http://www.gnu.org/licenses\fR\m[]\&. +.sp diff --git a/net/samba419/files/man/ctdb_diagnostics.1 b/net/samba419/files/man/ctdb_diagnostics.1 new file mode 100644 index 000000000000..b24c57d5acd6 --- /dev/null +++ b/net/samba419/files/man/ctdb_diagnostics.1 @@ -0,0 +1,79 @@ +'\" t +.\" Title: ctdb_diagnostics +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/> +.\" Date: 11/18/2018 +.\" Manual: CTDB - clustered TDB database +.\" Source: ctdb +.\" Language: English +.\" +.TH "CTDB_DIAGNOSTICS" "1" "11/18/2018" "ctdb" "CTDB \- clustered TDB database" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +ctdb_diagnostics \- dump diagnostic information about CTDB/Samba installation +.SH "SYNOPSIS" +.HP \w'\fBctdb_diagnostics\fR\ 'u +\fBctdb_diagnostics\fR [OPTIONS] \&.\&.\&. +.SH "DESCRIPTION" +.PP +ctdb_diagnostics is used to dump diagnostic information about a clustered Samba installation\&. This includes configuration files, output of relevant commands and logs\&. This information can be used to check the correctness of the configuration and to diagnose problems\&. +.SH "OPTIONS" +.PP +\-n <nodes> +.RS 4 +Comma separated list of nodes to operate on +.RE +.PP +\-c +.RS 4 +Ignore comment lines (starting with \*(Aq#\*(Aq) in file comparisons +.RE +.PP +\-w +.RS 4 +Ignore whitespace in file comparisons +.RE +.PP +\-\-no\-ads +.RS 4 +Do not use commands that assume an Active Directory Server +.RE +.SH "SEE ALSO" +.PP +\fBctdb\fR(1), +\fBctdb\fR(7), +\m[blue]\fB\%https://ctdb.samba.org/\fR\m[] +.SH "AUTHOR" +.br +.PP +This documentation was written by Martijn van Brummelen +.SH "COPYRIGHT" +.br +Copyright \(co 2015 Martijn van Brummelen +.br +.PP +This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version\&. +.PP +This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE\&. See the GNU General Public License for more details\&. +.PP +You should have received a copy of the GNU General Public License along with this program; if not, see +\m[blue]\fB\%http://www.gnu.org/licenses\fR\m[]\&. +.sp diff --git a/net/samba419/files/man/ctdbd.1 b/net/samba419/files/man/ctdbd.1 new file mode 100644 index 000000000000..394b632a0368 --- /dev/null +++ b/net/samba419/files/man/ctdbd.1 @@ -0,0 +1,83 @@ +'\" t +.\" Title: ctdbd +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/> +.\" Date: 09/23/2020 +.\" Manual: CTDB - clustered TDB database +.\" Source: ctdb +.\" Language: English +.\" +.TH "CTDBD" "1" "09/23/2020" "ctdb" "CTDB \- clustered TDB database" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +ctdbd \- The CTDB cluster daemon +.SH "SYNOPSIS" +.HP \w'\fBctdbd\fR\ 'u +\fBctdbd\fR [\fIOPTION\fR...] +.SH "DESCRIPTION" +.PP +ctdbd is the main CTDB daemon\&. +.PP +Note that ctdbd is not usually invoked directly\&. It is invoked via +\fBctdbd_wrapper\fR(1) +or via the initscript\&. +.PP +See +\fBctdb\fR(7) +for an overview of CTDB\&. +.SH "GENERAL OPTIONS" +.PP +\-i, \-\-interactive +.RS 4 +Enable interactive mode\&. This will make ctdbd run in the foreground and not detach from the terminal\&. In this mode ctdbd will log to stderr\&. +.sp +By default ctdbd will detach itself and run in the background as a daemon, logging to the configured destination\&. +.RE +.PP +\-?, \-\-help +.RS 4 +Display a summary of options\&. +.RE +.SH "SEE ALSO" +.PP +\fBctdb\fR(1), +\fBctdbd_wrapper\fR(1), +\fBonnode\fR(1), +\fBctdb.conf\fR(5), +\fBctdb\fR(7), +\fBctdb-tunables\fR(7), +\m[blue]\fB\%http://ctdb.samba.org/\fR\m[] +.SH "AUTHOR" +.br +.PP +This documentation was written by Ronnie Sahlberg, Amitay Isaacs, Martin Schwenke +.SH "COPYRIGHT" +.br +Copyright \(co 2007 Andrew Tridgell, Ronnie Sahlberg +.br +.PP +This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version\&. +.PP +This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE\&. See the GNU General Public License for more details\&. +.PP +You should have received a copy of the GNU General Public License along with this program; if not, see +\m[blue]\fB\%http://www.gnu.org/licenses\fR\m[]\&. +.sp diff --git a/net/samba419/files/man/ctdbd_wrapper.1 b/net/samba419/files/man/ctdbd_wrapper.1 new file mode 100644 index 000000000000..b0b1f9bd783a --- /dev/null +++ b/net/samba419/files/man/ctdbd_wrapper.1 @@ -0,0 +1,63 @@ +'\" t +.\" Title: ctdbd_wrapper +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/> +.\" Date: 09/23/2020 +.\" Manual: CTDB - clustered TDB database +.\" Source: ctdb +.\" Language: English +.\" +.TH "CTDBD_WRAPPER" "1" "09/23/2020" "ctdb" "CTDB \- clustered TDB database" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +ctdbd_wrapper \- Wrapper for ctdbd +.SH "SYNOPSIS" +.HP \w'\fBctdbd_wrapper\fR\ 'u +\fBctdbd_wrapper\fR {start | stop} +.SH "DESCRIPTION" +.PP +ctdbd_wrapper is used to start or stop the main CTDB daemon\&. +.PP +See +\fBctdb\fR(7) +for an overview of CTDB\&. +.SH "SEE ALSO" +.PP +\fBctdbd\fR(1), +\fBctdb.sysconfig\fR(5), +\fBctdb\fR(7), +\m[blue]\fB\%http://ctdb.samba.org/\fR\m[] +.SH "AUTHOR" +.br +.PP +This documentation was written by Amitay Isaacs, Martin Schwenke +.SH "COPYRIGHT" +.br +Copyright \(co 2007 Andrew Tridgell, Ronnie Sahlberg +.br +.PP +This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version\&. +.PP +This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE\&. See the GNU General Public License for more details\&. +.PP +You should have received a copy of the GNU General Public License along with this program; if not, see +\m[blue]\fB\%http://www.gnu.org/licenses\fR\m[]\&. +.sp diff --git a/net/samba419/files/man/dbwrap_tool.1 b/net/samba419/files/man/dbwrap_tool.1 new file mode 100644 index 000000000000..c6adf654f4b5 --- /dev/null +++ b/net/samba419/files/man/dbwrap_tool.1 @@ -0,0 +1,329 @@ +'\" t +.\" Title: dbwrap_tool +.\" Author: [see the "AUTHOR" section] +.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/> +.\" Date: 08/09/2022 +.\" Manual: System Administration tools +.\" Source: Samba 4.16.4 +.\" Language: English +.\" +.TH "DBWRAP_TOOL" "1" "08/09/2022" "Samba 4\&.16\&.4" "System Administration tools" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +dbwrap_tool \- low level TDB/CTDB manipulation tool using the dbwrap interface +.SH "SYNOPSIS" +.HP \w'\ 'u +dbwrap_tool [\-?|\-\-help] [\-\-usage] [\-\-persistent] [\-\-non\-persistent] [\-d|\-\-debuglevel=DEBUGLEVEL] [\-\-debug\-stdout] [\-\-configfile=CONFIGFILE] [\-\-option=name=value] [\-l|\-\-log\-basename=LOGFILEBASE] [\-\-leak\-report] [\-\-leak\-report\-full] {<database>} {<operation>} [<key>\ [<type>\ [<value>]]] +.SH "DESCRIPTION" +.PP +This tool is part of the +\fBsamba\fR(7) +suite\&. +.PP +The dbwrap_tool program is used to read and manipulate TDB/CTDB databases using the dbwrap interface\&. +.PP +The following database operations are available: +.RS +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +fetch: fetch a record +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +store: create or modify a record +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +delete: remove a record +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +exists: test for existence of a record +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +erase: remove all records +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +listkeys: list all available records +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +listwatchers: list processes, which are waiting for changes in a record +.RE +.sp +.RE +.PP +The following types are available: +.RS +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +int32: signed 32bit integer +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +uint32: unsigned 32bit integer +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +string: "hello world" +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +hex: hex strings like "68656C6C6F20776F726C6400" ("hello world") +.RE +.sp +.RE +.SH "OPTIONS" +.PP +\-\-persistent +.RS 4 +Open the database as a persistent database\&. +.sp +Exactly one of \-\-persistent and \-\-non\-persistent must be specified\&. +.RE +.PP +\-\-non\-persistent +.RS 4 +Open the database as a non\-persistent database\&. +.sp +Caveat: opening a database as non\-persistent when there is currently no other opener will wipe the database\&. +.sp +Exactly one of \-\-persistent and \-\-non\-persistent must be specified\&. +.RE +.PP +\-?|\-\-help +.RS 4 +Print a summary of command line options\&. +.RE +.PP +\-\-usage +.RS 4 +Display brief usage message\&. +.RE +.PP +\-d|\-\-debuglevel=DEBUGLEVEL +.RS 4 +\fIlevel\fR +is an integer from 0 to 10\&. The default value if this parameter is not specified is 1 for client applications\&. +.sp +The higher this value, the more detail will be logged to the log files about the activities of the server\&. At level 0, only critical errors and serious warnings will be logged\&. Level 1 is a reasonable level for day\-to\-day running \- it generates a small amount of information about operations carried out\&. +.sp +Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&. +.sp +Note that specifying this parameter here will override the +\m[blue]\fBlog level\fR\m[] +parameter in the +smb\&.conf +file\&. +.RE +.PP +\-\-debug\-stdout +.RS 4 +This will redirect debug output to STDOUT\&. By default all clients are logging to STDERR\&. +.RE +.PP +\-\-configfile=<configuration file> +.RS 4 +The file specified contains the configuration details required by the client\&. The information in this file can be general for client and server or only provide client specific like options such as +\m[blue]\fBclient smb encrypt\fR\m[]\&. See +smb\&.conf +for more information\&. The default configuration file name is determined at compile time\&. +.RE +.PP +\-\-option=<name>=<value> +.RS 4 +Set the +\fBsmb.conf\fR(5) +option "<name>" to value "<value>" from the command line\&. This overrides compiled\-in defaults and options read from the configuration file\&. If a name or a value includes a space, wrap whole \-\-option=name=value into quotes\&. +.RE +.PP +\-l|\-\-log\-basename=logdirectory +.RS 4 +Base directory name for log/debug files\&. The extension +\fB"\&.progname"\fR +will be appended (e\&.g\&. log\&.smbclient, log\&.smbd, etc\&.\&.\&.)\&. The log file is never removed by the client\&. +.RE +.PP +\-\-leak\-report +.RS 4 +Enable talloc leak reporting on exit\&. +.RE +.PP +\-\-leak\-report\-full +.RS 4 +Enable full talloc leak reporting on exit\&. +.RE +.PP +\-V|\-\-version +.RS 4 +Prints the program version number\&. +.RE +.SH "COMMANDS" +.SS "fetch" +.HP \w'\ 'u +dbwrap_tool <database> fetch <key> <type> + +.SS "store" +.HP \w'\ 'u +dbwrap_tool <database> store <key> <type> <value> + +.SS "delete" +.HP \w'\ 'u +dbwrap_tool <database> delete <key> + +.SS "exists" +.HP \w'\ 'u +dbwrap_tool <database> exists <key> + +.SS "erase" +.HP \w'\ 'u +dbwrap_tool <database> erase +.SS "listkeys" +.HP \w'\ 'u +dbwrap_tool <database> listkeys + +.SS "listwatchers" +.HP \w'\ 'u +dbwrap_tool <database> listwatchers + +.SH "EXAMPLES" +.PP +List all keys from winbindd_idmap\&.tdb +.RS 4 +dbwrap_tool +\-\-persistent winbindd_idmap\&.tdb listkeys +.RE +.PP +Fetch record with key "USER HWM" as uint32 +.RS 4 +dbwrap_tool +\-\-persistent winbindd_idmap\&.tdb fetch "USER HWM" uint32 +.RE +.PP +Remove record with key "USER HWM" +.RS 4 +dbwrap_tool +\-\-persistent winbindd_idmap\&.tdb remove "USER HWM" +.RE +.PP +Store and overwrite record "USER HWM" with value 214 +.RS 4 +uint32: +dbwrap_tool +\-\-persistent winbindd_idmap\&.tdb store "USER HWM" uint32 214 +hex: +dbwrap_tool +\-\-persistent winbindd_idmap\&.tdb store "USER HWM" hex D6000000 +.RE +.SH "NOTES" +.PP +Use with caution! +.SH "VERSION" +.PP +This man page is part of version 4\&.16\&.4 of the Samba suite\&. +.SH "SEE ALSO" +.PP +\fBsmbd\fR(8), +\fBsamba\fR(7) +.SH "AUTHOR" +.PP +The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&. +.PP +The dbwrap_tool manpage was written by Bjoern Baumbach\&. diff --git a/net/samba419/files/man/gentest.1 b/net/samba419/files/man/gentest.1 new file mode 100644 index 000000000000..35e301ed2918 --- /dev/null +++ b/net/samba419/files/man/gentest.1 @@ -0,0 +1,133 @@ +'\" t +.\" Title: gentest +.\" Author: [see the "AUTHOR" section] +.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/> +.\" Date: 08/09/2022 +.\" Manual: Test Suite +.\" Source: Samba 4.0 +.\" Language: English +.\" +.TH "GENTEST" "1" "08/09/2022" "Samba 4\&.0" "Test Suite" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +gentest \- Run random generic SMB operations against two SMB servers and show the differences in behavior +.SH "SYNOPSIS" +.HP \w'\fBgentest\fR\ 'u +\fBgentest\fR {//server1/share1} {//server2/share2} {\-U\ user%pass} {\-U\ user%pass} [\-s\ seed] [\-o\ numops] [\-a] [\-A] [\-i\ FILE] [\-O] [\-S\ FILE] [\-L] [\-F] [\-C] [\-X] +.SH "DESCRIPTION" +.PP +gentest +is a utility for detecting differences in behaviour between SMB servers\&. It will run a random set of generic operations against +\fI//server1/share1\fR +and then the same random set against +\fI//server2/share2\fR +and display the differences in the responses it gets\&. +.PP +This utility is used by the Samba team to find differences in behaviour between Samba and Windows servers\&. +.SH "OPTIONS" +.PP +\-U user%pass +.RS 4 +Specify the user and password to use when logging on on the shares\&. This parameter is mandatory and has to be specified twice\&. +.RE +.PP +\-s seed +.RS 4 +Seed the random number generator with the specified value\&. +.RE +.PP +\-o numops +.RS 4 +Set the number of operations to perform\&. +.RE +.PP +\-a +.RS 4 +Print the operations that are performed\&. +.RE +.PP +\-A +.RS 4 +Backtrack to find minimal number of operations required to make the response to a certain call differ\&. +.RE +.PP +\-i FILE +.RS 4 +Specify a file containing the names of fields that have to be ignored (such as time fields)\&. See below for a description of the file format\&. +.RE +.PP +\-O +.RS 4 +Enable oplocks\&. +.RE +.PP +\-S FILE +.RS 4 +Set preset seeds file\&. The default is +gentest_seeds\&.dat\&. +.RE +.PP +\-L +.RS 4 +Use preset seeds +.RE +.PP +\-F +.RS 4 +Fast reconnect (just close files) +.RE +.PP +\-C +.RS 4 +Continuous analysis mode +.RE +.PP +\-X +.RS 4 +Analyse even when the test succeeded\&. +.RE +.SH "VERSION" +.PP +This man page is correct for version 4\&.0 of the Samba suite\&. +.SH "SEE ALSO" +.PP +Samba +.SH "AUTHOR" +.PP +This utility is part of the +\m[blue]\fBSamba\fR\m[]\&\s-2\u[1]\d\s+2 +suite, which is developed by the global +\m[blue]\fBSamba Team\fR\m[]\&\s-2\u[2]\d\s+2\&. +.PP +gentest was written by Andrew Tridgell\&. +.PP +This manpage was written by Jelmer Vernooij\&. +.SH "NOTES" +.IP " 1." 4 +Samba +.RS 4 +\%http://www.samba.org/ +.RE +.IP " 2." 4 +Samba Team +.RS 4 +\%http://www.samba.org/samba/team/ +.RE diff --git a/net/samba419/files/man/ldb.3 b/net/samba419/files/man/ldb.3 new file mode 100644 index 000000000000..d535d8ab67e7 --- /dev/null +++ b/net/samba419/files/man/ldb.3 @@ -0,0 +1,427 @@ +'\" t +.\" Title: ldb +.\" Author: [see the "Author" section] +.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/> +.\" Date: 08/09/2022 +.\" Manual: System Administration tools +.\" Source: LDB 1.1 +.\" Language: English +.\" +.TH "LDB" "3" "08/09/2022" "LDB 1\&.1" "System Administration tools" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +ldb \- A light\-weight database library +.SH "SYNOPSIS" +.sp +.nf +#include <ldb\&.h> +.fi +.SH "DESCRIPTION" +.PP +ldb is a light weight embedded database library and API\&. With a programming interface that is very similar to LDAP, ldb can store its data either in a tdb(3) database or in a real LDAP database\&. +.PP +When used with the tdb backend ldb does not require any database daemon\&. Instead, ldb function calls are processed immediately by the ldb library, which does IO directly on the database, while allowing multiple readers/writers using operating system byte range locks\&. This leads to an API with very low overheads, often resulting in speeds of more than 10x what can be achieved with a more traditional LDAP architecture\&. +.PP +In a taxonomy of databases ldb would sit half way between key/value pair databases (such as berkley db or tdb) and a full LDAP database\&. With a structured attribute oriented API like LDAP and good indexing capabilities, ldb can be used for quite sophisticated applications that need a light weight database, without the administrative overhead of a full LDAP installation\&. +.PP +Included with ldb are a number of useful command line tools for manipulating a ldb database\&. These tools are similar in style to the equivalent ldap command line tools\&. +.PP +In its default mode of operation with a tdb backend, ldb can also be seen as a "schema\-less LDAP"\&. By default ldb does not require a schema, which greatly reduces the complexity of getting started with ldb databases\&. As the complexity of you application grows you can take advantage of some of the optional schema\-like attributes that ldb offers, or you can migrate to using the full LDAP api while keeping your exiting ldb code\&. +.PP +If you are new to ldb, then I suggest starting with the manual pages for ldbsearch(1) and ldbedit(1), and experimenting with a local database\&. Then I suggest you look at the ldb_connect(3) and ldb_search(3) manual pages\&. +.SH "TOOLS" +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +ldbsearch(1) +\- command line ldb search utility +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +ldbedit(1) +\- edit all or part of a ldb database using your favourite editor +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +ldbadd(1) +\- add records to a ldb database using LDIF formatted input +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +ldbdel(1) +\- delete records from a ldb database +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +ldbmodify(1) +\- modify records in a ldb database using LDIF formatted input +.RE +.SH "FUNCTIONS" +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fBldb_connect(3)\fR +\- connect to a ldb backend +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fBldb_search(3)\fR +\- perform a database search +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fBldb_add(3)\fR +\- add a record to the database +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fBldb_delete(3)\fR +\- delete a record from the database +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fBldb_modify(3)\fR +\- modify a record in the database +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fBldb_errstring(3)\fR +\- retrieve extended error information from the last operation +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fBldb_ldif_write(3)\fR +\- write a LDIF formatted message +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fBldb_ldif_write_file(3)\fR +\- write a LDIF formatted message to a file +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fBldb_ldif_read(3)\fR +\- read a LDIF formatted message +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fBldb_ldif_read_free(3)\fR +\- free the result of a ldb_ldif_read() +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fBldb_ldif_read_file(3)\fR +\- read a LDIF message from a file +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fBldb_ldif_read_string(3)\fR +\- read a LDIF message from a string +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fBldb_msg_find_element(3)\fR +\- find an element in a ldb_message +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fBldb_val_equal_exact(3)\fR +\- compare two ldb_val structures +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fBldb_msg_find_val(3)\fR +\- find an element by value +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fBldb_msg_add_empty(3)\fR +\- add an empty message element to a ldb_message +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fBldb_msg_add(3)\fR +\- add a non\-empty message element to a ldb_message +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fBldb_msg_element_compare(3)\fR +\- compare two ldb_message_element structures +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fBldb_msg_find_int(3)\fR +\- return an integer value from a ldb_message +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fBldb_msg_find_uint(3)\fR +\- return an unsigned integer value from a ldb_message +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fBldb_msg_find_double(3)\fR +\- return a double value from a ldb_message +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fBldb_msg_find_string(3)\fR +\- return a string value from a ldb_message +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fBldb_set_alloc(3)\fR +\- set the memory allocation function to be used by ldb +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fBldb_set_debug(3)\fR +\- set a debug handler to be used by ldb +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fBldb_set_debug_stderr(3)\fR +\- set a debug handler for stderr output +.RE +.SH "AUTHOR" +.PP +ldb was written by +\m[blue]\fBAndrew Tridgell\fR\m[]\&\s-2\u[1]\d\s+2\&. +.PP +If you wish to report a problem or make a suggestion then please see the +\m[blue]\fB\%http://ldb.samba.org/\fR\m[] +web site for current contact and maintainer information\&. +.PP +ldb is released under the GNU Lesser General Public License version 2 or later\&. Please see the file COPYING for license details\&. +.SH "NOTES" +.IP " 1." 4 +Andrew Tridgell +.RS 4 +\%https://www.samba.org/~tridge/ +.RE diff --git a/net/samba419/files/man/ldbadd.1 b/net/samba419/files/man/ldbadd.1 new file mode 100644 index 000000000000..105b5649632a --- /dev/null +++ b/net/samba419/files/man/ldbadd.1 @@ -0,0 +1,78 @@ +'\" t +.\" Title: ldbadd +.\" Author: [see the "AUTHOR" section] +.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/> +.\" Date: 08/09/2022 +.\" Manual: System Administration tools +.\" Source: LDB 1.1 +.\" Language: English +.\" +.TH "LDBADD" "1" "08/09/2022" "LDB 1\&.1" "System Administration tools" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +ldbadd \- Command\-line utility for adding records to an LDB +.SH "SYNOPSIS" +.HP \w'\fBldbadd\fR\ 'u +\fBldbadd\fR [\-h] [\-H\ LDB\-URL] [ldif\-file1] [ldif\-file2] [\&.\&.\&.] +.SH "DESCRIPTION" +.PP +ldbadd adds records to an ldb(3) database\&. It reads the ldif(5) files specified on the command line and adds the records from these files to the LDB database, which is specified by the \-H option or the LDB_URL environment variable\&. +.PP +If \- is specified as a ldb file, the ldif input is read from standard input\&. +.SH "OPTIONS" +.PP +\-h +.RS 4 +Show list of available options\&. +.RE +.PP +\-H <ldb\-url> +.RS 4 +LDB URL to connect to\&. See ldb(3) for details\&. +.RE +.SH "ENVIRONMENT" +.PP +LDB_URL +.RS 4 +LDB URL to connect to (can be overridden by using the \-H command\-line option\&.) +.RE +.SH "VERSION" +.PP +This man page is correct for version 1\&.1 of LDB\&. +.SH "SEE ALSO" +.PP +ldb(3), ldbmodify, ldbdel, ldif(5) +.SH "AUTHOR" +.PP +ldb was written by +\m[blue]\fBAndrew Tridgell\fR\m[]\&\s-2\u[1]\d\s+2\&. +.PP +If you wish to report a problem or make a suggestion then please see the +\m[blue]\fB\%http://ldb.samba.org/\fR\m[] +web site for current contact and maintainer information\&. +.PP +This manpage was written by Jelmer Vernooij\&. +.SH "NOTES" +.IP " 1." 4 +Andrew Tridgell +.RS 4 +\%https://www.samba.org/~tridge/ +.RE diff --git a/net/samba419/files/man/ldbdel.1 b/net/samba419/files/man/ldbdel.1 new file mode 100644 index 000000000000..947ee6136b9c --- /dev/null +++ b/net/samba419/files/man/ldbdel.1 @@ -0,0 +1,80 @@ +'\" t +.\" Title: ldbdel +.\" Author: [see the "AUTHOR" section] +.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/> +.\" Date: 08/09/2022 +.\" Manual: System Administration tools +.\" Source: LDB 1.1 +.\" Language: English +.\" +.TH "LDBDEL" "1" "08/09/2022" "LDB 1\&.1" "System Administration tools" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +ldbdel \- Command\-line program for deleting LDB records +.SH "SYNOPSIS" +.HP \w'\fBldbdel\fR\ 'u +\fBldbdel\fR [\-h] [\-H\ LDB\-URL] [dn] [\&.\&.\&.] +.SH "DESCRIPTION" +.PP +ldbdel deletes records from an ldb(3) database\&. It deletes the records identified by the dn\*(Aqs specified on the command\-line\&. +.PP +ldbdel uses either the database that is specified with the \-H option or the database specified by the LDB_URL environment variable\&. +.SH "OPTIONS" +.PP +\-h +.RS 4 +Show list of available options\&. +.RE +.PP +\-H <ldb\-url> +.RS 4 +LDB URL to connect to\&. See ldb(3) for details\&. +.RE +.SH "ENVIRONMENT" +.PP +LDB_URL +.RS 4 +LDB URL to connect to (can be overridden by using the \-H command\-line option\&.) +.RE +.SH "VERSION" +.PP +This man page is correct for version 1\&.1 of LDB\&. +.SH "SEE ALSO" +.PP +ldb(3), ldbmodify, ldbadd, ldif(5) +.SH "AUTHOR" +.PP +ldb was written by +\m[blue]\fBAndrew Tridgell\fR\m[]\&\s-2\u[1]\d\s+2\&. +.PP +If you wish to report a problem or make a suggestion then please see the +\m[blue]\fB\%http://ldb.samba.org/\fR\m[] +web site for current contact and maintainer information\&. +.PP +ldbdel was written by Andrew Tridgell\&. +.PP +This manpage was written by Jelmer Vernooij\&. +.SH "NOTES" +.IP " 1." 4 +Andrew Tridgell +.RS 4 +\%https://www.samba.org/~tridge/ +.RE diff --git a/net/samba419/files/man/ldbedit.1 b/net/samba419/files/man/ldbedit.1 new file mode 100644 index 000000000000..5267dd2556f2 --- /dev/null +++ b/net/samba419/files/man/ldbedit.1 @@ -0,0 +1,111 @@ +'\" t +.\" Title: ldbedit +.\" Author: [see the "AUTHOR" section] +.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/> +.\" Date: 08/09/2022 +.\" Manual: System Administration tools +.\" Source: LDB 1.1 +.\" Language: English +.\" +.TH "LDBEDIT" "1" "08/09/2022" "LDB 1\&.1" "System Administration tools" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +ldbedit \- Edit LDB databases using your preferred editor +.SH "SYNOPSIS" +.HP \w'\fBldbedit\fR\ 'u +\fBldbedit\fR [\-?] [\-\-usage] [\-s\ base|one|sub] [\-b\ basedn] [\-a] [\-e\ editor] [\-H\ LDB\-URL] [expression] [attributes...] +.SH "DESCRIPTION" +.PP +ldbedit is a utility that allows you to edit LDB entries (in tdb files, sqlite files or LDAP servers) using your preferred editor\&. ldbedit generates an LDIF file based on your query, allows you to edit the LDIF, and then merges that LDIF back into the LDB backend\&. +.SH "OPTIONS" +.PP +\-?, \-\-help +.RS 4 +Show list of available options, and a phrase describing what that option does\&. +.RE +.PP +\-\-usage +.RS 4 +Show list of available options\&. This is similar to the help option, however it does not provide any description, and is hence shorter\&. +.RE +.PP +\-H <ldb\-url> +.RS 4 +LDB URL to connect to\&. For a tdb database, this will be of the form tdb://\fIfilename\fR\&. For a LDAP connection over unix domain sockets, this will be of the form ldapi://\fIsocket\fR\&. For a (potentially remote) LDAP connection over TCP, this will be of the form ldap://\fIhostname\fR\&. For an SQLite database, this will be of the form sqlite://\fIfilename\fR\&. +.RE +.PP +\-s one|sub|base +.RS 4 +Search scope to use\&. One\-level, subtree or base\&. +.RE +.PP +\-a, \-all +.RS 4 +Edit all records\&. This allows you to apply the same change to a number of records at once\&. You probably want to combine this with an expression of the form "objectclass=*"\&. +.RE +.PP +\-e editor, \-\-editor editor +.RS 4 +Specify the editor that should be used (overrides the VISUAL and EDITOR environment variables)\&. If this option is not used, and neither VISUAL nor EDITOR environment variables are set, then the vi editor will be used\&. +.RE +.PP +\-b basedn +.RS 4 +Specify Base Distinguished Name to use\&. +.RE +.PP +\-v, \-\-verbose +.RS 4 +Make ldbedit more verbose about the operations that are being performed\&. Without this option, ldbedit will only provide a summary change line\&. +.RE +.SH "ENVIRONMENT" +.PP +LDB_URL +.RS 4 +LDB URL to connect to\&. This can be overridden by using the \-H command\-line option\&.) +.RE +.PP +VISUAL and EDITOR +.RS 4 +Environment variables used to determine what editor to use\&. VISUAL takes precedence over EDITOR, and both are overridden by the \-e command\-line option\&. +.RE +.SH "VERSION" +.PP +This man page is correct for version 1\&.1 of LDB\&. +.SH "SEE ALSO" +.PP +ldb(3), ldbmodify(1), ldbdel(1), ldif(5), vi(1) +.SH "AUTHOR" +.PP +ldb was written by +\m[blue]\fBAndrew Tridgell\fR\m[]\&\s-2\u[1]\d\s+2\&. +.PP +If you wish to report a problem or make a suggestion then please see the +\m[blue]\fB\%http://ldb.samba.org/\fR\m[] +web site for current contact and maintainer information\&. +.PP +This manpage was written by Jelmer Vernooij and updated by Brad Hards\&. +.SH "NOTES" +.IP " 1." 4 +Andrew Tridgell +.RS 4 +\%https://www.samba.org/~tridge/ +.RE diff --git a/net/samba419/files/man/ldbmodify.1 b/net/samba419/files/man/ldbmodify.1 new file mode 100644 index 000000000000..3e8f33b4bbe7 --- /dev/null +++ b/net/samba419/files/man/ldbmodify.1 @@ -0,0 +1,73 @@ +'\" t +.\" Title: ldbmodify +.\" Author: [see the "AUTHOR" section] +.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/> +.\" Date: 08/09/2022 +.\" Manual: System Administration tools +.\" Source: LDB 1.1 +.\" Language: English +.\" +.TH "LDBMODIFY" "1" "08/09/2022" "LDB 1\&.1" "System Administration tools" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +ldbmodify \- Modify records in a LDB database +.SH "SYNOPSIS" +.HP \w'\fBldbmodify\fR\ 'u +\fBldbmodify\fR [\-H\ LDB\-URL] [ldif\-file] +.SH "DESCRIPTION" +.PP +ldbmodify changes, adds and deletes records in a LDB database\&. The changes that should be made to the LDB database are read from the specified LDIF\-file\&. If \- is specified as the filename, input is read from stdin\&. +.PP +For now, see ldapmodify(1) for details on the LDIF file format\&. +.SH "OPTIONS" +.PP +\-H <ldb\-url> +.RS 4 +LDB URL to connect to\&. See ldb(3) for details\&. +.RE +.SH "ENVIRONMENT" +.PP +LDB_URL +.RS 4 +LDB URL to connect to (can be overridden by using the \-H command\-line option\&.) +.RE +.SH "VERSION" +.PP +This man page is correct for version 1\&.1 of LDB\&. +.SH "SEE ALSO" +.PP +ldb(3), ldbedit +.SH "AUTHOR" +.PP +ldb was written by +\m[blue]\fBAndrew Tridgell\fR\m[]\&\s-2\u[1]\d\s+2\&. +.PP +If you wish to report a problem or make a suggestion then please see the +\m[blue]\fB\%http://ldb.samba.org/\fR\m[] +web site for current contact and maintainer information\&. +.PP +This manpage was written by Jelmer Vernooij\&. +.SH "NOTES" +.IP " 1." 4 +Andrew Tridgell +.RS 4 +\%https://www.samba.org/~tridge/ +.RE diff --git a/net/samba419/files/man/ldbrename.1 b/net/samba419/files/man/ldbrename.1 new file mode 100644 index 000000000000..071db6e3c63e --- /dev/null +++ b/net/samba419/files/man/ldbrename.1 @@ -0,0 +1,81 @@ +'\" t +.\" Title: ldbrename +.\" Author: [see the "AUTHOR" section] +.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/> +.\" Date: 08/09/2022 +.\" Manual: System Administration tools +.\" Source: LDB 1.1 +.\" Language: English +.\" +.TH "LDBRENAME" "1" "08/09/2022" "LDB 1\&.1" "System Administration tools" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +ldbrename \- Edit LDB databases using your favorite editor +.SH "SYNOPSIS" +.HP \w'\fBldbrename\fR\ 'u +\fBldbrename\fR [\-h] [\-o\ options] {olddn} {newdn} +.SH "DESCRIPTION" +.PP +ldbrename is a utility that allows you to rename trees in an LDB database based by DN\&. This utility takes two arguments: the original DN name of the top element and the DN to change it to\&. +.SH "OPTIONS" +.PP +\-h +.RS 4 +Show list of available options\&. +.RE +.PP +\-H <ldb\-url> +.RS 4 +LDB URL to connect to\&. See ldb(3) for details\&. +.RE +.PP +\-o options +.RS 4 +Extra ldb options, such as modules\&. +.RE +.SH "ENVIRONMENT" +.PP +LDB_URL +.RS 4 +LDB URL to connect to (can be overridden by using the \-H command\-line option\&.) +.RE +.SH "VERSION" +.PP +This man page is correct for version 1\&.1 of LDB\&. +.SH "SEE ALSO" +.PP +ldb(3), ldbmodify, ldbdel, ldif(5) +.SH "AUTHOR" +.PP +ldb was written by +\m[blue]\fBAndrew Tridgell\fR\m[]\&\s-2\u[1]\d\s+2\&. +.PP +If you wish to report a problem or make a suggestion then please see the +\m[blue]\fB\%http://ldb.samba.org/\fR\m[] +web site for current contact and maintainer information\&. +.PP +This manpage was written by Jelmer Vernooij\&. +.SH "NOTES" +.IP " 1." 4 +Andrew Tridgell +.RS 4 +\%https://www.samba.org/~tridge/ +.RE diff --git a/net/samba419/files/man/ldbsearch.1 b/net/samba419/files/man/ldbsearch.1 new file mode 100644 index 000000000000..24b26c440fe5 --- /dev/null +++ b/net/samba419/files/man/ldbsearch.1 @@ -0,0 +1,91 @@ +'\" t +.\" Title: ldbsearch +.\" Author: [see the "AUTHOR" section] +.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/> +.\" Date: 08/09/2022 +.\" Manual: System Administration tools +.\" Source: LDB 1.1 +.\" Language: English +.\" +.TH "LDBSEARCH" "1" "08/09/2022" "LDB 1\&.1" "System Administration tools" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +ldbsearch \- Search for records in a LDB database +.SH "SYNOPSIS" +.HP \w'\fBldbsearch\fR\ 'u +\fBldbsearch\fR [\-h] [\-s\ base|one|sub] [\-b\ basedn] [\-i] [\-H\ LDB\-URL] [expression] [attributes] +.SH "DESCRIPTION" +.PP +ldbsearch searches a LDB database for records matching the specified expression (see the ldapsearch(1) manpage for a description of the expression format)\&. For each record, the specified attributes are printed\&. +.SH "OPTIONS" +.PP +\-h +.RS 4 +Show list of available options\&. +.RE +.PP +\-H <ldb\-url> +.RS 4 +LDB URL to connect to\&. See ldb(3) for details\&. +.RE +.PP +\-s one|sub|base +.RS 4 +Search scope to use\&. One\-level, subtree or base\&. +.RE +.PP +\-i +.RS 4 +Read search expressions from stdin\&. +.RE +.PP +\-b basedn +.RS 4 +Specify Base DN to use\&. +.RE +.SH "ENVIRONMENT" +.PP +LDB_URL +.RS 4 +LDB URL to connect to (can be overridden by using the \-H command\-line option\&.) +.RE +.SH "VERSION" +.PP +This man page is correct for version 1\&.1 of LDB\&. +.SH "SEE ALSO" +.PP +ldb(3), ldbedit(1) +.SH "AUTHOR" +.PP +ldb was written by +\m[blue]\fBAndrew Tridgell\fR\m[]\&\s-2\u[1]\d\s+2\&. +.PP +If you wish to report a problem or make a suggestion then please see the +\m[blue]\fB\%http://ldb.samba.org/\fR\m[] +web site for current contact and maintainer information\&. +.PP +This manpage was written by Jelmer Vernooij\&. +.SH "NOTES" +.IP " 1." 4 +Andrew Tridgell +.RS 4 +\%https://www.samba.org/~tridge/ +.RE diff --git a/net/samba419/files/man/libsmbclient.7 b/net/samba419/files/man/libsmbclient.7 new file mode 100644 index 000000000000..1195e50624a3 --- /dev/null +++ b/net/samba419/files/man/libsmbclient.7 @@ -0,0 +1,94 @@ +'\" t +.\" Title: libsmbclient +.\" Author: [see the "AUTHOR" section] +.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/> +.\" Date: 08/09/2022 +.\" Manual: 7 +.\" Source: Samba 4.16.4 +.\" Language: English +.\" +.TH "LIBSMBCLIENT" "7" "08/09/2022" "Samba 4\&.16\&.4" "7" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +libsmbclient \- An extension library for browsers and that can be used as a generic browsing API\&. +.SH "SYNOPSIS" +.HP \w'\ 'u +.PP +Browser URL: +smb://[[[domain:]user[:password@]]server[/share[/path[/file]]]] [?options] +.SH "DESCRIPTION" +.PP +This tool is part of the +\fBsamba\fR(7) +suite\&. +.PP +libsmbclient +is a library toolset that permits applications to manipulate CIFS/SMB network resources using many of the standards POSIX functions available for manipulating local UNIX/Linux files\&. It permits much more than just browsing, files can be opened and read or written, permissions changed, file times modified, attributes and ACL\*(Aqs can be manipulated, and so on\&. Of course, its functionality includes all the capabilities commonly called browsing\&. +.PP +libsmbclient +can not be used directly from the command line, instead it provides an extension of the capabilities of tools such as file managers and browsers\&. This man page describes the configuration options for this tool so that the user may obtain greatest utility of use\&. +.SH "OPTIONS" +.PP +What the URLs mean: +.PP +smb:// +.RS 4 +Shows all workgroups or domains that are visible in the network\&. The behavior matches that of the Microsoft Windows Explorer\&. +.sp +The method of locating the list of workgroups (domains also) varies depending on the setting of the context variable +(context\->options\&.browse_max_lmb_count)\&. It is the responsibility of the application that calls this library to set this to a sensible value\&. This is a compile\-time option\&. This value determines the maximum number of local master browsers to query for the list of workgroups\&. In order to ensure that the list is complete for those present on the network, all master browsers must be queried\&. If there are a large number of workgroups on the network, the time spent querying will be significant\&. For small networks (just a few workgroups), it is suggested to set this value to 0, instructing libsmbclient to query all local master browsers\&. In an environment that has many workgroups a more reasonable setting may be around 3\&. +.RE +.PP +smb://name/ +.RS 4 +This command causes libsmbclient to perform a name look\-up\&. If the NAME<1D> or NAME<1B> exists (workgroup name), libsmbclient will list all servers in the workgroup (or domain)\&. Otherwise, a name look\-up for the NAME<20> (machine name) will be performed, and the list of shared resources on the server will be displayed\&. +.RE +.PP +When libsmbclient is invoked by an application it searches for a directory called +\&.smb +in the $HOME directory that is specified in the users shell environment\&. It then searches for a file called +smb\&.conf +which, if present, will fully over\-ride the system +/etc/samba/smb\&.conf +file\&. If instead libsmbclient finds a file called +~/\&.smb/smb\&.conf\&.append, it will read the system +/etc/samba/smb\&.conf +and then append the contents of the +~/\&.smb/smb\&.conf\&.append +to it\&. +.PP +libsmbclient +will check the users shell environment for the +USER +parameter and will use its value when if the +user +parameter was not included in the URL\&. +.SH "PROGRAMMERS GUIDE" +.PP +Watch this space for future updates\&. +.SH "VERSION" +.PP +This man page is part of version 4\&.16\&.4 of the Samba suite\&. +.SH "AUTHOR" +.PP +The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&. +.PP +The libsmbclient manpage page was written by John H Terpstra\&. diff --git a/net/samba419/files/man/lmhosts.5 b/net/samba419/files/man/lmhosts.5 new file mode 100644 index 000000000000..5de2230cab67 --- /dev/null +++ b/net/samba419/files/man/lmhosts.5 @@ -0,0 +1,123 @@ +'\" t +.\" Title: lmhosts +.\" Author: [see the "AUTHOR" section] +.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/> +.\" Date: 08/09/2022 +.\" Manual: File Formats and Conventions +.\" Source: Samba 4.16.4 +.\" Language: English +.\" +.TH "LMHOSTS" "5" "08/09/2022" "Samba 4\&.16\&.4" "File Formats and Conventions" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +lmhosts \- The Samba NetBIOS hosts file +.SH "SYNOPSIS" +.PP +lmhosts +is the +\fBsamba\fR(7) +NetBIOS name to IP address mapping file\&. +.SH "DESCRIPTION" +.PP +This file is part of the +\fBsamba\fR(7) +suite\&. +.PP +lmhosts +is the +\fISamba \fR +NetBIOS name to IP address mapping file\&. It is very similar to the +/etc/hosts +file format, except that the hostname component must correspond to the NetBIOS naming format\&. +.SH "FILE FORMAT" +.PP +It is an ASCII file containing one line for NetBIOS name\&. The two fields on each line are separated from each other by white space\&. Any entry beginning with \*(Aq#\*(Aq is ignored\&. Each line in the lmhosts file contains the following information: +.RS +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +IP Address \- in dotted decimal format\&. +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +NetBIOS Name \- This name format is a maximum fifteen character host name, with an optional trailing \*(Aq#\*(Aq character followed by the NetBIOS name type as two hexadecimal digits\&. +.sp +If the trailing \*(Aq#\*(Aq is omitted then the given IP address will be returned for all names that match the given name, whatever the NetBIOS name type in the lookup\&. +.RE +.sp +.RE +.PP +An example follows: +.sp +.if n \{\ +.RS 4 +.\} +.nf +# +# Sample Samba lmhosts file\&. +# +192\&.9\&.200\&.1 TESTPC +192\&.9\&.200\&.20 NTSERVER#20 +192\&.9\&.200\&.21 SAMBASERVER +.fi +.if n \{\ +.RE +.\} +.PP +Contains three IP to NetBIOS name mappings\&. The first and third will be returned for any queries for the names "TESTPC" and "SAMBASERVER" respectively, whatever the type component of the NetBIOS name requested\&. +.PP +The second mapping will be returned only when the "0x20" name type for a name "NTSERVER" is queried\&. Any other name type will not be resolved\&. +.PP +The default location of the +lmhosts +file is in the same directory as the +\fBsmb.conf\fR(5) +file\&. +.SH "FILES" +.PP +lmhosts is loaded from the configuration directory\&. This is usually +/etc/samba +or +/usr/local/samba/lib\&. +.SH "VERSION" +.PP +This man page is part of version 4\&.16\&.4 of the Samba suite\&. +.SH "SEE ALSO" +.PP +\fBsmbclient\fR(1), +\fBsmb.conf\fR(5), and +\fBsmbpasswd\fR(8) +.SH "AUTHOR" +.PP +The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&. diff --git a/net/samba419/files/man/locktest.1 b/net/samba419/files/man/locktest.1 new file mode 100644 index 000000000000..e77256ceb5bc --- /dev/null +++ b/net/samba419/files/man/locktest.1 @@ -0,0 +1,137 @@ +'\" t +.\" Title: locktest +.\" Author: [see the "AUTHOR" section] +.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/> +.\" Date: 08/09/2022 +.\" Manual: Test Suite +.\" Source: Samba 4.0 +.\" Language: English +.\" +.TH "LOCKTEST" "1" "08/09/2022" "Samba 4\&.0" "Test Suite" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +locktest \- Find differences in locking between two SMB servers +.SH "SYNOPSIS" +.HP \w'\fBlocktest\fR\ 'u +\fBlocktest\fR {//server1/share1} {//server2/share2} [\-U\ user%pass] [\-U\ user%pass] [\-s\ seed] [\-o\ numops] [\-a] [\-O] [\-E] [\-Z] [\-R\ range] [\-B\ base] [\-M\ min] +.SH "DESCRIPTION" +.PP +locktest +is a utility for detecting differences in behaviour in locking between SMB servers\&. It will run a random set of locking operations against +\fI//server1/share1\fR +and then the same random set against +\fI//server2/share2\fR +and display the differences in the responses it gets\&. +.PP +This utility is used by the Samba team to find differences in behaviour between Samba and Windows servers\&. +.SH "OPTIONS" +.PP +\-U user%pass +.RS 4 +Specify the user and password to use when logging on on the shares\&. This parameter can be specified twice (once for the first server, once for the second)\&. +.RE +.PP +\-s seed +.RS 4 +Seed the random number generator with the specified value\&. +.RE +.PP +\-o numops +.RS 4 +Set the number of operations to perform\&. +.RE +.PP +\-a +.RS 4 +Print the operations that are performed\&. +.RE +.PP +\-A +.RS 4 +Backtrack to find minimal number of operations required to make the response to a certain call differ\&. +.RE +.PP +\-O +.RS 4 +Enable oplocks\&. +.RE +.PP +\-u +.RS 4 +Hide unlock fails\&. +.RE +.PP +\-E +.RS 4 +enable exact error code checking +.RE +.PP +\-Z +.RS 4 +enable the zero/zero lock +.RE +.PP +\-R range +.RS 4 +set lock range +.RE +.PP +\-B base +.RS 4 +set lock base +.RE +.PP +\-M min +.RS 4 +set min lock length +.RE +.PP +\-k +.RS 4 +Use kerberos +.RE +.SH "VERSION" +.PP +This man page is correct for version 4\&.0 of the Samba suite\&. +.SH "SEE ALSO" +.PP +Samba +.SH "AUTHOR" +.PP +This utility is part of the +\m[blue]\fBSamba\fR\m[]\&\s-2\u[1]\d\s+2 +suite, which is developed by the global +\m[blue]\fBSamba Team\fR\m[]\&\s-2\u[2]\d\s+2\&. +.PP +locktest was written by Andrew Tridgell\&. +.PP +This manpage was written by Jelmer Vernooij\&. +.SH "NOTES" +.IP " 1." 4 +Samba +.RS 4 +\%http://www.samba.org/ +.RE +.IP " 2." 4 +Samba Team +.RS 4 +\%http://www.samba.org/samba/team/ +.RE diff --git a/net/samba419/files/man/log2pcap.1 b/net/samba419/files/man/log2pcap.1 new file mode 100644 index 000000000000..0605cc9adf2b --- /dev/null +++ b/net/samba419/files/man/log2pcap.1 @@ -0,0 +1,124 @@ +'\" t +.\" Title: log2pcap +.\" Author: [see the "AUTHOR" section] +.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/> +.\" Date: 08/09/2022 +.\" Manual: User Commands +.\" Source: Samba 4.16.4 +.\" Language: English +.\" +.TH "LOG2PCAP" "1" "08/09/2022" "Samba 4\&.16\&.4" "User Commands" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +log2pcap \- Extract network traces from Samba log files +.SH "SYNOPSIS" +.HP \w'\ 'u +log2pcap [\-h] [\-q] [logfile] [pcap_file] +.SH "DESCRIPTION" +.PP +This tool is part of the +\fBsamba\fR(7) +suite\&. +.PP +log2pcap +reads in a samba log file and generates a pcap file (readable by most sniffers, such as ethereal or tcpdump) based on the packet dumps in the log file\&. +.PP +The log file must have a +\fIlog level\fR +of at least +\fB5\fR +to get the SMB header/parameters right, +\fB10\fR +to get the first 512 data bytes of the packet and +\fB50\fR +to get the whole packet\&. +.SH "OPTIONS" +.PP +\-h +.RS 4 +If this parameter is specified the output file will be a hex dump, in a format that is readable by the +text2pcap +utility\&. +.RE +.PP +\-q +.RS 4 +Be quiet\&. No warning messages about missing or incomplete data will be given\&. +.RE +.PP +logfile +.RS 4 +Samba log file\&. log2pcap will try to read the log from stdin if the log file is not specified\&. +.RE +.PP +pcap_file +.RS 4 +Name of the output file to write the pcap (or hexdump) data to\&. If this argument is not specified, output data will be written to stdout\&. +.RE +.PP +\-?|\-\-help +.RS 4 +Print a summary of command line options\&. +.RE +.SH "EXAMPLES" +.PP +Extract all network traffic from all samba log files: +.PP +.if n \{\ +.RS 4 +.\} +.nf + $ log2pcap < /var/log/* > trace\&.pcap + +.fi +.if n \{\ +.RE +.\} +.PP +Convert to pcap using text2pcap: +.PP +.if n \{\ +.RS 4 +.\} +.nf + $ log2pcap \-h samba\&.log | text2pcap \-T 139,139 \- trace\&.pcap + +.fi +.if n \{\ +.RE +.\} +.SH "VERSION" +.PP +This man page is part of version 4\&.16\&.4 of the Samba suite\&. +.SH "BUGS" +.PP +Only SMB data is extracted from the samba logs, no LDAP, NetBIOS lookup or other data\&. +.PP +The generated TCP and IP headers don\*(Aqt contain a valid checksum\&. +.SH "SEE ALSO" +.PP +\fBtext2pcap\fR(1), +\fBethereal\fR(1) +.SH "AUTHOR" +.PP +The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&. +.PP +This manpage was written by Jelmer Vernooij\&. diff --git a/net/samba419/files/man/ltdbtool.1 b/net/samba419/files/man/ltdbtool.1 new file mode 100644 index 000000000000..cfe19788d612 --- /dev/null +++ b/net/samba419/files/man/ltdbtool.1 @@ -0,0 +1,256 @@ +'\" t +.\" Title: ltdbtool +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/> +.\" Date: 09/23/2020 +.\" Manual: CTDB - clustered TDB database +.\" Source: ctdb +.\" Language: English +.\" +.TH "LTDBTOOL" "1" "09/23/2020" "ctdb" "CTDB \- clustered TDB database" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +ltdbtool \- manipulate CTDB\*(Aqs local TDB files +.SH "SYNOPSIS" +.HP \w'\fBltdbtool\fR\ 'u +\fBltdbtool\fR [\fIOPTION\fR...] {\fICOMMAND\fR} [\fICOMMAND\-ARGS\fR] +.SH "DESCRIPTION" +.PP +ltdbtool is a utility to manipulate CTDB\*(Aqs local TDB databases (LTDBs) without connecting to a CTDB daemon\&. +.PP +It can be used to: +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +dump the contents of a LTDB, optionally printing the CTDB record header information, +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +convert between an LTDB and a non\-clustered tdb by adding or removing CTDB headers and +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +convert between 64 and 32 bit LTDBs where the CTDB record headers differ by 4 bytes of padding\&. +.RE +.SH "OPTIONS" +.PP +\-e +.RS 4 +Dump empty records\&. These are normally excluded\&. +.RE +.PP +\-p +.RS 4 +Dump with header information, similar to "ctdb catdb"\&. +.RE +.PP +\-s {0 | 32 | 64} +.RS 4 +Specify how to determine the CTDB record header size for the input database: +.PP +0 +.RS 4 +no CTDB header +.RE +.PP +32 +.RS 4 +CTDB header size of a 32 bit system (20 bytes) +.RE +.PP +64 +.RS 4 +CTDB header size of a 64 bit system (24 bytes) +.RE +.sp +The default is 32 or 64 depending on the system architecture\&. +.RE +.PP +\-o {0 | 32 | 64} +.RS 4 +Specify how to determine the CTDB record header size for the output database, see \-s\&. +.RE +.PP +\-S \fISIZE\fR +.RS 4 +Explicitly specify the CTDB record header SIZE of the input database in bytes\&. +.RE +.PP +\-O \fISIZE\fR +.RS 4 +Explicitly specify the CTDB record header SIZE for the output database in bytes\&. +.RE +.PP +\-h +.RS 4 +Print help text\&. +.RE +.SH "COMMANDS" +.PP +help +.RS 4 +Print help text\&. +.RE +.PP +dump \fIIDB\fR +.RS 4 +Dump the contents of an LTDB input file IDB to standard output in a human\-readable format\&. +.RE +.PP +convert \fIIDB\fR \fIODB\fR +.RS 4 +Copy an LTDB input file IDB to output file ODB, optionally adding or removing CTDB headers\&. +.RE +.SH "EXAMPLES" +.PP +Print a local tdb in "tdbdump" style: +.sp +.if n \{\ +.RS 4 +.\} +.nf + ltdbtool dump idmap2\&.tdb\&.0 + +.fi +.if n \{\ +.RE +.\} +.PP +Print a local tdb with header information similar to "ctdb catdb": +.sp +.if n \{\ +.RS 4 +.\} +.nf + ltdbtool dump \-p idmap2\&.tdb\&.0 + +.fi +.if n \{\ +.RE +.\} +.PP +Strip the CTDB headers from records: +.sp +.if n \{\ +.RS 4 +.\} +.nf + ltdbtool convert \-o0 idmap2\&.tdb\&.0 idmap\&.tdb + +.fi +.if n \{\ +.RE +.\} +.PP +Strip 64 bit CTDB headers from records, running on i386: +.sp +.if n \{\ +.RS 4 +.\} +.nf + ltdbtool convert \-s64 \-o0 idmap2\&.tdb\&.0 idmap\&.tdb + +.fi +.if n \{\ +.RE +.\} +.PP +Strip the CTDB headers from records by piping through tdbrestore: +.sp +.if n \{\ +.RS 4 +.\} +.nf + ltdbtool dump idmap2\&.tdb\&.0 | tdbrestore idmap\&.tdb + +.fi +.if n \{\ +.RE +.\} +.PP +Convert a local tdb from a 64 bit system for usage on a 32 bit system: +.sp +.if n \{\ +.RS 4 +.\} +.nf + ltdbtool convert \-s64 \-o32 idmap2\&.tdb\&.0 idmap2\&.tdb\&.1 + +.fi +.if n \{\ +.RE +.\} +.PP +Add a default header: +.sp +.if n \{\ +.RS 4 +.\} +.nf + ltdbtool convert \-s0 idmap\&.tdb idmap2\&.tdb\&.0 + +.fi +.if n \{\ +.RE +.\} +.SH "SEE ALSO" +.PP +\fBctdb\fR(1), +\fBtdbdump\fR(1), +\fBtdbrestore\fR(1), +\fBctdb\fR(7), +\m[blue]\fB\%http://ctdb.samba.org/\fR\m[] +.SH "AUTHOR" +.br +.PP +This documentation was written by Gregor Beck +.SH "COPYRIGHT" +.br +Copyright \(co 2011 Gregor Beck, Michael Adam +.br +.PP +This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version\&. +.PP +This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE\&. See the GNU General Public License for more details\&. +.PP +You should have received a copy of the GNU General Public License along with this program; if not, see +\m[blue]\fB\%http://www.gnu.org/licenses\fR\m[]\&. +.sp diff --git a/net/samba419/files/man/masktest.1 b/net/samba419/files/man/masktest.1 new file mode 100644 index 000000000000..34f6f9b66814 --- /dev/null +++ b/net/samba419/files/man/masktest.1 @@ -0,0 +1,113 @@ +'\" t +.\" Title: masktest +.\" Author: [see the "AUTHOR" section] +.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/> +.\" Date: 08/09/2022 +.\" Manual: Test Suite +.\" Source: Samba 4.0 +.\" Language: English +.\" +.TH "MASKTEST" "1" "08/09/2022" "Samba 4\&.0" "Test Suite" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +masktest \- Find differences in wildcard matching between Samba\*(Aqs implementation and that of a remote server\&. +.SH "SYNOPSIS" +.HP \w'\fBmasktest\fR\ 'u +\fBmasktest\fR {//server/share} [\-U\ user%pass] [\-d\ debuglevel] [\-W\ workgroup] [\-n\ numloops] [\-s\ seed] [\-a] [\-E] [\-M\ max\ protocol] [\-f\ filechars] [\-m\ maskchars] [\-v] +.SH "DESCRIPTION" +.PP +masktest +is a utility for detecting differences in behaviour between Samba\*(Aqs own implementation and that of a remote server\&. It will run generate random filenames/masks and check if these match the same files they do on the remote file as they do on the local server\&. It will display any differences it finds\&. +.PP +This utility is used by the Samba team to find differences in behaviour between Samba and Windows servers\&. +.SH "OPTIONS" +.PP +\-U user%pass +.RS 4 +Specify the user and password to use when logging on on the shares\&. This parameter can be specified twice (once for the first server, once for the second)\&. +.RE +.PP +\-s seed +.RS 4 +Seed the random number generator with the specified value\&. +.RE +.PP +\-n numops +.RS 4 +Set the number of operations to perform\&. +.RE +.PP +\-a +.RS 4 +Print the operations that are performed\&. +.RE +.PP +\-M max_protocol +.RS 4 +Maximum protocol to use\&. +.RE +.PP +\-f +.RS 4 +Specify characters that can be used when generating file names\&. Default: abcdefghijklm\&. +.RE +.PP +\-E +.RS 4 +Abort when difference in behaviour is found\&. +.RE +.PP +\-m maskchars +.RS 4 +Specify characters used for wildcards\&. +.RE +.PP +\-v +.RS 4 +Be verbose +.RE +.SH "VERSION" +.PP +This man page is correct for version 4\&.0 of the Samba suite\&. +.SH "SEE ALSO" +.PP +Samba +.SH "AUTHOR" +.PP +This utility is part of the +\m[blue]\fBSamba\fR\m[]\&\s-2\u[1]\d\s+2 +suite, which is developed by the global +\m[blue]\fBSamba Team\fR\m[]\&\s-2\u[2]\d\s+2\&. +.PP +masktest was written by Andrew Tridgell\&. +.PP +This manpage was written by Jelmer Vernooij\&. +.SH "NOTES" +.IP " 1." 4 +Samba +.RS 4 +\%http://www.samba.org/ +.RE +.IP " 2." 4 +Samba Team +.RS 4 +\%http://www.samba.org/samba/team/ +.RE diff --git a/net/samba419/files/man/mdfind.1 b/net/samba419/files/man/mdfind.1 new file mode 100644 index 000000000000..c4aad9b659ff --- /dev/null +++ b/net/samba419/files/man/mdfind.1 @@ -0,0 +1,166 @@ +'\" t +.\" Title: mdfind +.\" Author: [see the "AUTHOR" section] +.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/> +.\" Date: 09/23/2020 +.\" Manual: User Commands +.\" Source: Samba 4.12.7 +.\" Language: English +.\" +.TH "MDFIND" "1" "09/23/2020" "Samba 4\&.12\&.7" "User Commands" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +mdfind \- Run Spotlight searches against an SMB server +.SH "SYNOPSIS" +.HP \w'\ 'u +mvxattr {server} {sharename} {query} [\-p,\ \-\-path] [\-L,\ \-\-live] +.SH "DESCRIPTION" +.PP +This tool is part of the +\fBsamba\fR(1) +suite\&. +.PP +mdfind is a simple utility to run Spotlight searches against an SMB server that runs the Spotlight +\fImdssvc\fR +RPC service\&. +.SH "OPTIONS" +.PP +server +.RS 4 +The SMB server name or IP address to connect to\&. +.RE +.PP +sharename +.RS 4 +The name of a share on the server\&. +.RE +.PP +query +.RS 4 +The query expression syntax is a simplified form of filename globbing familiar to shell users\&. Queries have the following format: +.sp +attribute=="value" +.sp +For queries against a Samba server with Spotlight enabled using the Elasticsearch backend, the list of supported metadata attributes is given by the JSON attribute mapping file, typically installed at +/usr/share/samba/mdssvc/elasticsearch_mappings\&.json +.RE +.PP +\-p PATH, \-\-path=PATH +.RS 4 +Server side path to search, defaults to +\fI"/"\fR +.RE +.PP +\-L, \-\-live +.RS 4 +Query remains running\&. +.RE +.SH "EXAMPLES" +.PP +Search all indexed metadata attributes, exact match: +.sp +.if n \{\ +.RS 4 +.\} +.nf + \*(Aq*=="Samba"\*(Aq + +.fi +.if n \{\ +.RE +.\} +.PP +Search all indexed metadata attributes, prefix match: +.sp +.if n \{\ +.RS 4 +.\} +.nf + \*(Aq*=="Samba*"\*(Aq + +.fi +.if n \{\ +.RE +.\} +.PP +Search by filename: +.sp +.if n \{\ +.RS 4 +.\} +.nf + \*(AqkMDItemFSName=="Samba*"\*(Aq + +.fi +.if n \{\ +.RE +.\} +.PP +Search by date: +.sp +.if n \{\ +.RS 4 +.\} +.nf + \*(AqkMDItemFSContentChangeDate<$time\&.iso(2018\-10\-01T10:00:00Z)\*(Aq + +.fi +.if n \{\ +.RE +.\} +.PP +Search files\*(Aqs content: +.sp +.if n \{\ +.RS 4 +.\} +.nf + \*(AqkMDItemTextContent=="Samba*"\*(Aq + +.fi +.if n \{\ +.RE +.\} +.PP +Expressions: +.sp +.if n \{\ +.RS 4 +.\} +.nf + kMDItemFSName=="Samba*"||kMDItemTextContent=="Tango*"\*(Aq + +.fi +.if n \{\ +.RE +.\} +.SH "SEE ALSO" +.PP +File Metadata Search Programming Guide +https://developer\&.apple\&.com/library/archive/documentation/Carbon/Conceptual/SpotlightQuery/Concepts/Introduction\&.html +.SH "VERSION" +.PP +This man page is part of version 4\&.12\&.7 of the Samba suite\&. +.SH "AUTHOR" +.PP +The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&. +.PP +The mdfind manpage was written by Ralph Boehme\&. diff --git a/net/samba419/files/man/mdsearch.1 b/net/samba419/files/man/mdsearch.1 new file mode 100644 index 000000000000..8cae83dca219 --- /dev/null +++ b/net/samba419/files/man/mdsearch.1 @@ -0,0 +1,357 @@ +'\" t +.\" Title: mdsearch +.\" Author: [see the "AUTHOR" section] +.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/> +.\" Date: 08/09/2022 +.\" Manual: User Commands +.\" Source: Samba 4.16.4 +.\" Language: English +.\" +.TH "MDSEARCH" "1" "08/09/2022" "Samba 4\&.16\&.4" "User Commands" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +mdsearch \- Run Spotlight searches against an SMB server +.SH "SYNOPSIS" +.HP \w'\ 'u +mdfine {server} {sharename} {query} [\-p,\ \-\-path=STRING] [\-L,\ \-\-live] [\-?|\-\-help] [\-\-usage] [\-d|\-\-debuglevel=DEBUGLEVEL] [\-\-debug\-stdout] [\-\-configfile=CONFIGFILE] [\-\-option=name=value] [\-l|\-\-log\-basename=LOGFILEBASE] [\-\-leak\-report] [\-\-leak\-report\-full] [\-R|\-\-name\-resolve=NAME\-RESOLVE\-ORDER] [\-O|\-\-socket\-options=SOCKETOPTIONS] [\-m|\-\-max\-protocol=MAXPROTOCOL] [\-n|\-\-netbiosname=NETBIOSNAME] [\-\-netbios\-scope=SCOPE] [\-W|\-\-workgroup=WORKGROUP] [\-\-realm=REALM] [\-U|\-\-user=[DOMAIN/]USERNAME[%PASSWORD]] [\-N|\-\-no\-pass] [\-\-password=STRING] [\-\-pw\-nt\-hash] [\-A|\-\-authentication\-file=FILE] [\-P|\-\-machine\-pass] [\-\-simple\-bind\-dn=DN] [\-\-use\-kerberos=desired|required|off] [\-\-use\-krb5\-ccache=CCACHE] [\-\-use\-winbind\-ccache] [\-\-client\-protection=sign|encrypt|off] [\-V|\-\-version] +.SH "DESCRIPTION" +.PP +This tool is part of the +\fBsamba\fR(1) +suite\&. +.PP +mdsearch is a simple utility to run Spotlight searches against an SMB server that runs the Spotlight +\fImdssvc\fR +RPC service\&. +.SH "OPTIONS" +.PP +server +.RS 4 +The SMB server name or IP address to connect to\&. +.RE +.PP +sharename +.RS 4 +The name of a share on the server\&. +.RE +.PP +query +.RS 4 +The query expression syntax is a simplified form of filename globbing familiar to shell users\&. Queries have the following format: +.sp +attribute=="value" +.sp +For queries against a Samba server with Spotlight enabled using the Elasticsearch backend, the list of supported metadata attributes is given by the JSON attribute mapping file, typically installed at +/usr/share/samba/mdssvc/elasticsearch_mappings\&.json +.RE +.PP +\-p PATH, \-\-path=PATH +.RS 4 +Server side path to search, defaults to +\fI"/"\fR +.RE +.PP +\-L, \-\-live +.RS 4 +Query remains running\&. +.RE +.PP +\-?|\-\-help +.RS 4 +Print a summary of command line options\&. +.RE +.PP +\-\-usage +.RS 4 +Display brief usage message\&. +.RE +.PP +\-d|\-\-debuglevel=DEBUGLEVEL +.RS 4 +\fIlevel\fR +is an integer from 0 to 10\&. The default value if this parameter is not specified is 1 for client applications\&. +.sp +The higher this value, the more detail will be logged to the log files about the activities of the server\&. At level 0, only critical errors and serious warnings will be logged\&. Level 1 is a reasonable level for day\-to\-day running \- it generates a small amount of information about operations carried out\&. +.sp +Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&. +.sp +Note that specifying this parameter here will override the +\m[blue]\fBlog level\fR\m[] +parameter in the +smb\&.conf +file\&. +.RE +.PP +\-\-debug\-stdout +.RS 4 +This will redirect debug output to STDOUT\&. By default all clients are logging to STDERR\&. +.RE +.PP +\-\-configfile=<configuration file> +.RS 4 +The file specified contains the configuration details required by the client\&. The information in this file can be general for client and server or only provide client specific like options such as +\m[blue]\fBclient smb encrypt\fR\m[]\&. See +smb\&.conf +for more information\&. The default configuration file name is determined at compile time\&. +.RE +.PP +\-\-option=<name>=<value> +.RS 4 +Set the +\fBsmb.conf\fR(5) +option "<name>" to value "<value>" from the command line\&. This overrides compiled\-in defaults and options read from the configuration file\&. If a name or a value includes a space, wrap whole \-\-option=name=value into quotes\&. +.RE +.PP +\-l|\-\-log\-basename=logdirectory +.RS 4 +Base directory name for log/debug files\&. The extension +\fB"\&.progname"\fR +will be appended (e\&.g\&. log\&.smbclient, log\&.smbd, etc\&.\&.\&.)\&. The log file is never removed by the client\&. +.RE +.PP +\-\-leak\-report +.RS 4 +Enable talloc leak reporting on exit\&. +.RE +.PP +\-\-leak\-report\-full +.RS 4 +Enable full talloc leak reporting on exit\&. +.RE +.PP +\-V|\-\-version +.RS 4 +Prints the program version number\&. +.RE +.PP +\-U|\-\-user=[DOMAIN\e]USERNAME[%PASSWORD] +.RS 4 +Sets the SMB username or username and password\&. +.sp +If %PASSWORD is not specified, the user will be prompted\&. The client will first check the +\fBUSER\fR +environment variable (which is also permitted to also contain the password seperated by a %), then the +\fBLOGNAME\fR +variable (which is not permitted to contain a password) and if either exists, the value is used\&. If these environmental variables are not found, the username found in a Kerberos Credentials cache may be used\&. +.sp +A third option is to use a credentials file which contains the plaintext of the username and password\&. This option is mainly provided for scripts where the admin does not wish to pass the credentials on the command line or via environment variables\&. If this method is used, make certain that the permissions on the file restrict access from unwanted users\&. See the +\fI\-A\fR +for more details\&. +.sp +Be cautious about including passwords in scripts or passing user\-supplied values onto the command line\&. For security it is better to let the Samba client tool ask for the password if needed, or obtain the password once with +kinit\&. +.sp +While Samba will attempt to scrub the password from the process title (as seen in ps), this is after startup and so is subject to a race\&. +.RE +.PP +\-N|\-\-no\-pass +.RS 4 +If specified, this parameter suppresses the normal password prompt from the client to the user\&. This is useful when accessing a service that does not require a password\&. +.sp +Unless a password is specified on the command line or this parameter is specified, the client will request a password\&. +.sp +If a password is specified on the command line and this option is also defined the password on the command line will be silently ignored and no password will be used\&. +.RE +.PP +\-\-password +.RS 4 +Specify the password on the commandline\&. +.sp +Be cautious about including passwords in scripts or passing user\-supplied values onto the command line\&. For security it is better to let the Samba client tool ask for the password if needed, or obtain the password once with +kinit\&. +.sp +If \-\-password is not specified, the tool will check the +\fBPASSWD\fR +environment variable, followed by +\fBPASSWD_FD\fR +which is expected to contain an open file descriptor (FD) number\&. +.sp +Finally it will check +\fBPASSWD_FILE\fR +(containing a file path to be opened)\&. The file should only contain the password\&. Make certain that the permissions on the file restrict access from unwanted users! +.sp +While Samba will attempt to scrub the password from the process title (as seen in ps), this is after startup and so is subject to a race\&. +.RE +.PP +\-\-pw\-nt\-hash +.RS 4 +The supplied password is the NT hash\&. +.RE +.PP +\-A|\-\-authentication\-file=filename +.RS 4 +This option allows you to specify a file from which to read the username and password used in the connection\&. The format of the file is: +.sp +.if n \{\ +.RS 4 +.\} +.nf + username = <value> + password = <value> + domain = <value> + +.fi +.if n \{\ +.RE +.\} +.sp +Make certain that the permissions on the file restrict access from unwanted users! +.RE +.PP +\-P|\-\-machine\-pass +.RS 4 +Use stored machine account password\&. +.RE +.PP +\-\-simple\-bind\-dn=DN +.RS 4 +DN to use for a simple bind\&. +.RE +.PP +\-\-use\-kerberos=desired|required|off +.RS 4 +This parameter determines whether Samba client tools will try to authenticate using Kerberos\&. For Kerberos authentication you need to use dns names instead of IP addresses when connnecting to a service\&. +.sp +Note that specifying this parameter here will override the +\m[blue]\fBclient use kerberos\fR\m[] +parameter in the +smb\&.conf +file\&. +.RE +.PP +\-\-use\-krb5\-ccache=CCACHE +.RS 4 +Specifies the credential cache location for Kerberos authentication\&. +.sp +This will set \-\-use\-kerberos=required too\&. +.RE +.PP +\-\-use\-winbind\-ccache +.RS 4 +Try to use the credential cache by winbind\&. +.RE +.PP +\-\-client\-protection=sign|encrypt|off +.RS 4 +Sets the connection protection the client tool should use\&. +.sp +Note that specifying this parameter here will override the +\m[blue]\fBclient protection\fR\m[] +parameter in the +smb\&.conf +file\&. +.sp +In case you need more fine grained control you can use: +\-\-option=clientsmbencrypt=OPTION, +\-\-option=clientipcsigning=OPTION, +\-\-option=clientsigning=OPTION\&. +.RE +.SH "EXAMPLES" +.PP +Search all indexed metadata attributes, exact match: +.sp +.if n \{\ +.RS 4 +.\} +.nf + \*(Aq*=="Samba"\*(Aq + +.fi +.if n \{\ +.RE +.\} +.PP +Search all indexed metadata attributes, prefix match: +.sp +.if n \{\ +.RS 4 +.\} +.nf + \*(Aq*=="Samba*"\*(Aq + +.fi +.if n \{\ +.RE +.\} +.PP +Search by filename: +.sp +.if n \{\ +.RS 4 +.\} +.nf + \*(AqkMDItemFSName=="Samba*"\*(Aq + +.fi +.if n \{\ +.RE +.\} +.PP +Search by date: +.sp +.if n \{\ +.RS 4 +.\} +.nf + \*(AqkMDItemFSContentChangeDate<$time\&.iso(2018\-10\-01T10:00:00Z)\*(Aq + +.fi +.if n \{\ +.RE +.\} +.PP +Search files\*(Aqs content: +.sp +.if n \{\ +.RS 4 +.\} +.nf + \*(AqkMDItemTextContent=="Samba*"\*(Aq + +.fi +.if n \{\ +.RE +.\} +.PP +Expressions: +.sp +.if n \{\ +.RS 4 +.\} +.nf + kMDItemFSName=="Samba*"||kMDItemTextContent=="Tango*"\*(Aq + +.fi +.if n \{\ +.RE +.\} +.SH "SEE ALSO" +.PP +File Metadata Search Programming Guide +https://developer\&.apple\&.com/library/archive/documentation/Carbon/Conceptual/SpotlightQuery/Concepts/Introduction\&.html +.SH "VERSION" +.PP +This man page is part of version 4\&.16\&.4 of the Samba suite\&. +.SH "AUTHOR" +.PP +The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&. +.PP +The mdsearch manpage was written by Ralph Boehme\&. diff --git a/net/samba419/files/man/mvxattr.1 b/net/samba419/files/man/mvxattr.1 new file mode 100644 index 000000000000..6f79803e779a --- /dev/null +++ b/net/samba419/files/man/mvxattr.1 @@ -0,0 +1,84 @@ +'\" t +.\" Title: mvxattr +.\" Author: [see the "AUTHOR" section] +.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/> +.\" Date: 08/09/2022 +.\" Manual: User Commands +.\" Source: Samba 4.16.4 +.\" Language: English +.\" +.TH "MVXATTR" "1" "08/09/2022" "Samba 4\&.16\&.4" "User Commands" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +mvxattr \- Recursively rename extended attributes +.SH "SYNOPSIS" +.HP \w'\ 'u +mvxattr {\-s\ STRING,\ \-\-from=STRING} {\-d\ STRING,\ \-\-to=STRING} [\-l,\ \-\-follow\-symlinks] [\-p,\ \-\-print] [\-v,\ \-\-verbose] [\-f,\ \-\-force] {PATH\ [PATH\ \&.\&.\&.]} +.SH "DESCRIPTION" +.PP +This tool is part of the +\fBsamba\fR(1) +suite\&. +.PP +mvxattr is a simple utility to recursively rename extended attributes\&. +.PP +By default all symlinks are ignored, use +\fB\-l\fR +to follow them\&. +.SH "OPTIONS" +.PP +\-s STRING, \-\-from=STRING +.RS 4 +Source xattr name +.RE +.PP +\-d STRING, \-\-to=STRING +.RS 4 +Destination xattr name +.RE +.PP +\-l, \-\-follow\-symlinks +.RS 4 +Follow symlinks, the default is to ignore them\&. +.RE +.PP +\-p, \-\-print +.RS 4 +Print files where the xattr got renamed\&. +.RE +.PP +\-v, \-\-verbose +.RS 4 +Print files as they are checked\&. +.RE +.PP +\-f, \-\-force +.RS 4 +Force overwriting of destination xattr\&. +.RE +.SH "VERSION" +.PP +This man page is part of version 4\&.16\&.4 of the Samba suite\&. +.SH "AUTHOR" +.PP +The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&. +.PP +The mvxattr manpage was written by Ralph Boehme\&. diff --git a/net/samba419/files/man/ndrdump.1 b/net/samba419/files/man/ndrdump.1 new file mode 100644 index 000000000000..bf6165f7dc2b --- /dev/null +++ b/net/samba419/files/man/ndrdump.1 @@ -0,0 +1,84 @@ +'\" t +.\" Title: ndrdump +.\" Author: [see the "AUTHOR" section] +.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/> +.\" Date: 08/09/2022 +.\" Manual: System Administration tools +.\" Source: Samba 4.0 +.\" Language: English +.\" +.TH "NDRDUMP" "1" "08/09/2022" "Samba 4\&.0" "System Administration tools" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +ndrdump \- DCE/RPC Packet Parser and Dumper +.SH "SYNOPSIS" +.HP \w'\fBndrdump\fR\ 'u +\fBndrdump\fR [\-c\ context] {pipe} {format} {in|out|struct} {filename} +.HP \w'\fBndrdump\fR\ 'u +\fBndrdump\fR [pipe] +.HP \w'\fBndrdump\fR\ 'u +\fBndrdump\fR +.SH "DESCRIPTION" +.PP +ndrdump tries to parse the specified +\fIfilename\fR +using Samba\*(Aqs parser for the specified pipe and format\&. The third argument should be either +\fIin\fR, +\fIout\fR +or +\fIstruct\fRdepending on whether the data should be parsed as a request, reply or a public structure\&. +.PP +Running ndrdump without arguments will list the pipes for which parsers are available\&. +.PP +Running ndrdump with one argument will list the functions and public structures that Samba can parse for the specified pipe\&. +.PP +The primary function of ndrdump is debugging Samba\*(Aqs internal DCE/RPC parsing functions\&. The file being parsed is usually one exported by wiresharks +\(lqExport selected packet bytes\(rq +function\&. +.PP +The context argument can be used to load context data from the request packet when parsing reply packets (such as array lengths)\&. +.SH "VERSION" +.PP +This man page is correct for version 4\&.0 of the Samba suite\&. +.SH "SEE ALSO" +.PP +wireshark, pidl +.SH "AUTHOR" +.PP +This utility is part of the +\m[blue]\fBSamba\fR\m[]\&\s-2\u[1]\d\s+2 +suite, which is developed by the global +\m[blue]\fBSamba Team\fR\m[]\&\s-2\u[2]\d\s+2\&. +.PP +ndrdump was written by Andrew Tridgell\&. +.PP +This manpage was written by Jelmer Vernooij\&. +.SH "NOTES" +.IP " 1." 4 +Samba +.RS 4 +\%http://www.samba.org/ +.RE +.IP " 2." 4 +Samba Team +.RS 4 +\%http://www.samba.org/samba/team/ +.RE diff --git a/net/samba419/files/man/nmblookup.1 b/net/samba419/files/man/nmblookup.1 new file mode 100644 index 000000000000..cedbd366a866 --- /dev/null +++ b/net/samba419/files/man/nmblookup.1 @@ -0,0 +1,341 @@ +'\" t +.\" Title: nmblookup +.\" Author: [see the "AUTHOR" section] +.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/> +.\" Date: 08/09/2022 +.\" Manual: User Commands +.\" Source: Samba 4.16.4 +.\" Language: English +.\" +.TH "NMBLOOKUP" "1" "08/09/2022" "Samba 4\&.16\&.4" "User Commands" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +nmblookup \- NetBIOS over TCP/IP client used to lookup NetBIOS names +.SH "SYNOPSIS" +.HP \w'\ 'u +nmblookup [\-M|\-\-master\-browser] [\-\-recursion] [\-S|\-\-status] [\-r|\-\-root\-port] [\-A|\-\-lookup\-by\-ip] [\-B|\-\-broadcast=BROADCAST\-ADDRESS] [\-U|\-\-unicast=UNICAST\-ADDRESS] [\-T|\-\-translate] [\-f|\-\-flags] [\-?|\-\-help] [\-\-usage] [\-d|\-\-debuglevel=DEBUGLEVEL] [\-\-debug\-stdout] [\-\-configfile=CONFIGFILE] [\-\-option=name=value] [\-l|\-\-log\-basename=LOGFILEBASE] [\-\-leak\-report] [\-\-leak\-report\-full] [\-R|\-\-name\-resolve=NAME\-RESOLVE\-ORDER] [\-O|\-\-socket\-options=SOCKETOPTIONS] [\-m|\-\-max\-protocol=MAXPROTOCOL] [\-n|\-\-netbiosname=NETBIOSNAME] [\-\-netbios\-scope=SCOPE] [\-W|\-\-workgroup=WORKGROUP] [\-\-realm=REALM] {name} +.SH "DESCRIPTION" +.PP +This tool is part of the +\fBsamba\fR(7) +suite\&. +.PP +nmblookup +is used to query NetBIOS names and map them to IP addresses in a network using NetBIOS over TCP/IP queries\&. The options allow the name queries to be directed at a particular IP broadcast area or to a particular machine\&. All queries are done over UDP\&. +.SH "OPTIONS" +.PP +\-M|\-\-master\-browser +.RS 4 +Searches for a master browser by looking up the NetBIOS +\fIname\fR +with a type of +\fB0x1d\fR\&. If +\fI name\fR +is "\-" then it does a lookup on the special name +\fB__MSBROWSE__\fR\&. Please note that in order to use the name "\-", you need to make sure "\-" isn\*(Aqt parsed as an argument, e\&.g\&. use : +\fBnmblookup \-M \-\- \-\fR\&. +.RE +.PP +\-\-recursion +.RS 4 +Set the recursion desired bit in the packet to do a recursive lookup\&. This is used when sending a name query to a machine running a WINS server and the user wishes to query the names in the WINS server\&. If this bit is unset the normal (broadcast responding) NetBIOS processing code on a machine is used instead\&. See RFC1001, RFC1002 for details\&. +.RE +.PP +\-S|\-\-status +.RS 4 +Once the name query has returned an IP address then do a node status query as well\&. A node status query returns the NetBIOS names registered by a host\&. +.RE +.PP +\-r|\-\-root\-port +.RS 4 +Try and bind to UDP port 137 to send and receive UDP datagrams\&. The reason for this option is a bug in Windows 95 where it ignores the source port of the requesting packet and only replies to UDP port 137\&. Unfortunately, on most UNIX systems root privilege is needed to bind to this port, and in addition, if the +\fBnmbd\fR(8) +daemon is running on this machine it also binds to this port\&. +.RE +.PP +\-A|\-\-lookup\-by\-ip +.RS 4 +Interpret +\fIname\fR +as an IP Address and do a node status query on this address\&. +.RE +.PP +\-B|\-\-broadcast <broadcast address> +.RS 4 +Send the query to the given broadcast address\&. Without this option the default behavior of nmblookup is to send the query to the broadcast address of the network interfaces as either auto\-detected or defined in the +\fIinterfaces\fR +parameter of the +\fBsmb.conf\fR(5) +file\&. +.RE +.PP +\-U|\-\-unicast <unicast address> +.RS 4 +Do a unicast query to the specified address or host +\fIunicast address\fR\&. This option (along with the +\fI\-R\fR +option) is needed to query a WINS server\&. +.RE +.PP +\-T|\-\-translate +.RS 4 +This causes any IP addresses found in the lookup to be looked up via a reverse DNS lookup into a DNS name, and printed out before each +.sp +\fIIP address \&.\&.\&.\&. NetBIOS name\fR +.sp +pair that is the normal output\&. +.RE +.PP +\-f|\-\-flags +.RS 4 +Show which flags apply to the name that has been looked up\&. Possible answers are zero or more of: Response, Authoritative, Truncated, Recursion_Desired, Recursion_Available, Broadcast\&. +.RE +.PP +name +.RS 4 +This is the NetBIOS name being queried\&. Depending upon the previous options this may be a NetBIOS name or IP address\&. If a NetBIOS name then the different name types may be specified by appending \*(Aq#<type>\*(Aq to the name\&. This name may also be \*(Aq*\*(Aq, which will return all registered names within a broadcast area\&. +.RE +.PP +\-d|\-\-debuglevel=DEBUGLEVEL +.RS 4 +\fIlevel\fR +is an integer from 0 to 10\&. The default value if this parameter is not specified is 1 for client applications\&. +.sp +The higher this value, the more detail will be logged to the log files about the activities of the server\&. At level 0, only critical errors and serious warnings will be logged\&. Level 1 is a reasonable level for day\-to\-day running \- it generates a small amount of information about operations carried out\&. +.sp +Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&. +.sp +Note that specifying this parameter here will override the +\m[blue]\fBlog level\fR\m[] +parameter in the +smb\&.conf +file\&. +.RE +.PP +\-\-debug\-stdout +.RS 4 +This will redirect debug output to STDOUT\&. By default all clients are logging to STDERR\&. +.RE +.PP +\-\-configfile=<configuration file> +.RS 4 +The file specified contains the configuration details required by the client\&. The information in this file can be general for client and server or only provide client specific like options such as +\m[blue]\fBclient smb encrypt\fR\m[]\&. See +smb\&.conf +for more information\&. The default configuration file name is determined at compile time\&. +.RE +.PP +\-\-option=<name>=<value> +.RS 4 +Set the +\fBsmb.conf\fR(5) +option "<name>" to value "<value>" from the command line\&. This overrides compiled\-in defaults and options read from the configuration file\&. If a name or a value includes a space, wrap whole \-\-option=name=value into quotes\&. +.RE +.PP +\-l|\-\-log\-basename=logdirectory +.RS 4 +Base directory name for log/debug files\&. The extension +\fB"\&.progname"\fR +will be appended (e\&.g\&. log\&.smbclient, log\&.smbd, etc\&.\&.\&.)\&. The log file is never removed by the client\&. +.RE +.PP +\-\-leak\-report +.RS 4 +Enable talloc leak reporting on exit\&. +.RE +.PP +\-\-leak\-report\-full +.RS 4 +Enable full talloc leak reporting on exit\&. +.RE +.PP +\-V|\-\-version +.RS 4 +Prints the program version number\&. +.RE +.PP +\-R|\-\-name\-resolve=NAME\-RESOLVE\-ORDER +.RS 4 +This option is used to determine what naming services and in what order to resolve host names to IP addresses\&. The option takes a space\-separated string of different name resolution options\&. The best ist to wrap the whole \-\-name\-resolve=NAME\-RESOLVE\-ORDER into quotes\&. +.sp +The options are: "lmhosts", "host", "wins" and "bcast"\&. They cause names to be resolved as follows: +.RS +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fBlmhosts\fR: Lookup an IP address in the Samba lmhosts file\&. If the line in lmhosts has no name type attached to the NetBIOS name (see the +\fBlmhosts\fR(5) +for details) then any name type matches for lookup\&. +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fBhost\fR: Do a standard host name to IP address resolution, using the system +/etc/hosts, NIS, or DNS lookups\&. This method of name resolution is operating system dependent, for instance on IRIX or Solaris this may be controlled by the +/etc/nsswitch\&.conf +file)\&. Note that this method is only used if the NetBIOS name type being queried is the 0x20 (server) name type, otherwise it is ignored\&. +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fBwins\fR: Query a name with the IP address listed in the +\fIwins server\fR +parameter\&. If no WINS server has been specified this method will be ignored\&. +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fBbcast\fR: Do a broadcast on each of the known local interfaces listed in the +\fIinterfaces\fR +parameter\&. This is the least reliable of the name resolution methods as it depends on the target host being on a locally connected subnet\&. +.RE +.sp +.RE +If this parameter is not set then the name resolve order defined in the +smb\&.conf +file parameter (\m[blue]\fBname resolve order\fR\m[]) will be used\&. +.sp +The default order is lmhosts, host, wins, bcast\&. Without this parameter or any entry in the +\m[blue]\fBname resolve order\fR\m[] +parameter of the +smb\&.conf +file, the name resolution methods will be attempted in this order\&. +.RE +.PP +\-O|\-\-socket\-options=SOCKETOPTIONS +.RS 4 +TCP socket options to set on the client socket\&. See the socket options parameter in the +smb\&.conf +manual page for the list of valid options\&. +.RE +.PP +\-m|\-\-max\-protocol=MAXPROTOCOL +.RS 4 +The value of the parameter (a string) is the highest protocol level that will be supported by the client\&. +.sp +Note that specifying this parameter here will override the +\m[blue]\fBclient max protocol\fR\m[] +parameter in the +smb\&.conf +file\&. +.RE +.PP +\-n|\-\-netbiosname=NETBIOSNAME +.RS 4 +This option allows you to override the NetBIOS name that Samba uses for itself\&. This is identical to setting the +\m[blue]\fBnetbios name\fR\m[] +parameter in the +smb\&.conf +file\&. However, a command line setting will take precedence over settings in +smb\&.conf\&. +.RE +.PP +\-\-netbios\-scope=SCOPE +.RS 4 +This specifies a NetBIOS scope that +nmblookup +will use to communicate with when generating NetBIOS names\&. For details on the use of NetBIOS scopes, see rfc1001\&.txt and rfc1002\&.txt\&. NetBIOS scopes are +\fIvery\fR +rarely used, only set this parameter if you are the system administrator in charge of all the NetBIOS systems you communicate with\&. +.RE +.PP +\-W|\-\-workgroup=WORKGROUP +.RS 4 +Set the SMB domain of the username\&. This overrides the default domain which is the domain defined in smb\&.conf\&. If the domain specified is the same as the servers NetBIOS name, it causes the client to log on using the servers local SAM (as opposed to the Domain SAM)\&. +.sp +Note that specifying this parameter here will override the +\m[blue]\fBworkgroup\fR\m[] +parameter in the +smb\&.conf +file\&. +.RE +.PP +\-r|\-\-realm=REALM +.RS 4 +Set the realm for the domain\&. +.sp +Note that specifying this parameter here will override the +\m[blue]\fBrealm\fR\m[] +parameter in the +smb\&.conf +file\&. +.RE +.PP +\-?|\-\-help +.RS 4 +Print a summary of command line options\&. +.RE +.PP +\-\-usage +.RS 4 +Display brief usage message\&. +.RE +.SH "EXAMPLES" +.PP +nmblookup +can be used to query a WINS server (in the same way +nslookup +is used to query DNS servers)\&. To query a WINS server, +nmblookup +must be called like this: +.PP +nmblookup \-U server \-R \*(Aqname\*(Aq +.PP +For example, running : +.PP +nmblookup \-U samba\&.org \-R \*(AqIRIX#1B\*(Aq +.PP +would query the WINS server samba\&.org for the domain master browser (1B name type) for the IRIX workgroup\&. +.SH "VERSION" +.PP +This man page is part of version 4\&.16\&.4 of the Samba suite\&. +.SH "SEE ALSO" +.PP +\fBnmbd\fR(8), +\fBsamba\fR(7), and +\fBsmb.conf\fR(5)\&. +.SH "AUTHOR" +.PP +The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&. diff --git a/net/samba419/files/man/nmblookup4.1 b/net/samba419/files/man/nmblookup4.1 new file mode 100644 index 000000000000..8b98f793c915 --- /dev/null +++ b/net/samba419/files/man/nmblookup4.1 @@ -0,0 +1,157 @@ +'\" t +.\" Title: nmblookup4 +.\" Author: [see the "AUTHOR" section] +.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/> +.\" Date: 03/24/2017 +.\" Manual: User Commands +.\" Source: Samba 3.2 +.\" Language: English +.\" +.TH "NMBLOOKUP4" "1" "03/24/2017" "Samba 3\&.2" "User Commands" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +nmblookup4 \- NetBIOS over TCP/IP client used to lookup NetBIOS names +.SH "SYNOPSIS" +.HP \w'\fBnmblookup4\fR\ 'u +\fBnmblookup4\fR [\-M] [\-R] [\-S] [\-r] [\-A] [\-h] [\-B\ <broadcast\ address>] [\-U\ <unicast\ address>] [\-d\ <debug\ level>] [\-s\ <smb\ config\ file>] [\-i\ <NetBIOS\ scope>] [\-T] [\-f] {name} +.SH "DESCRIPTION" +.PP +This tool is part of the +\fBsamba\fR(7) +suite\&. +.PP +\fBnmblookup4\fR +is used to query NetBIOS names and map them to IP addresses in a network using NetBIOS over TCP/IP queries\&. The options allow the name queries to be directed at a particular IP broadcast area or to a particular machine\&. All queries are done over UDP\&. +.SH "OPTIONS" +.PP +\-M +.RS 4 +Searches for a master browser by looking up the NetBIOS +\fIname\fR +with a type of +\fB0x1d\fR\&. If +\fI name\fR +is "\-" then it does a lookup on the special name +\fB__MSBROWSE__\fR\&. Please note that in order to use the name "\-", you need to make sure "\-" isn\*(Aqt parsed as an argument, e\&.g\&. use : +\fBnmblookup4 \-M \-\- \-\fR\&. +.RE +.PP +\-R +.RS 4 +Set the recursion desired bit in the packet to do a recursive lookup\&. This is used when sending a name query to a machine running a WINS server and the user wishes to query the names in the WINS server\&. If this bit is unset the normal (broadcast responding) NetBIOS processing code on a machine is used instead\&. See RFC1001, RFC1002 for details\&. +.RE +.PP +\-S +.RS 4 +Once the name query has returned an IP address then do a node status query as well\&. A node status query returns the NetBIOS names registered by a host\&. +.RE +.PP +\-r +.RS 4 +Try and bind to UDP port 137 to send and receive UDP datagrams\&. The reason for this option is a bug in Windows 95 where it ignores the source port of the requesting packet and only replies to UDP port 137\&. Unfortunately, on most UNIX systems root privilege is needed to bind to this port, and in addition, if the +\fBnmbd\fR(8) +daemon is running on this machine it also binds to this port\&. +.RE +.PP +\-A +.RS 4 +Interpret +\fIname\fR +as an IP Address and do a node status query on this address\&. +.RE +.PP +\-B <broadcast address> +.RS 4 +Send the query to the given broadcast address\&. Without this option the default behavior of nmblookup4 is to send the query to the broadcast address of the network interfaces as either auto\-detected or defined in the +\m[blue]\fB\fIinterfaces\fR\fR\m[]\&\s-2\u[1]\d\s+2 +parameter of the +\fBsmb.conf\fR(5) +file\&. +.RE +.PP +\-U <unicast address> +.RS 4 +Do a unicast query to the specified address or host +\fIunicast address\fR\&. This option (along with the +\fI\-R\fR +option) is needed to query a WINS server\&. +.RE +.PP +\-T +.RS 4 +This causes any IP addresses found in the lookup to be looked up via a reverse DNS lookup into a DNS name, and printed out before each +.sp +\fIIP address \&.\&.\&.\&. NetBIOS name\fR +.sp +pair that is the normal output\&. +.RE +.PP +\-f +.RS 4 +Show which flags apply to the name that has been looked up\&. Possible answers are zero or more of: Response, Authoritative, Truncated, Recursion_Desired, Recursion_Available, Broadcast\&. +.RE +.PP +name +.RS 4 +This is the NetBIOS name being queried\&. Depending upon the previous options this may be a NetBIOS name or IP address\&. If a NetBIOS name then the different name types may be specified by appending \*(Aq#<type>\*(Aq to the name\&. This name may also be \*(Aq*\*(Aq, which will return all registered names within a broadcast area\&. +.RE +.SH "EXAMPLES" +.PP +\fBnmblookup4\fR +can be used to query a WINS server (in the same way +\fBnslookup\fR +is used to query DNS servers)\&. To query a WINS server, +\fBnmblookup4\fR +must be called like this: +.PP +\fBnmblookup4 \-U server \-R \*(Aqname\*(Aq\fR +.PP +For example, running : +.PP +\fBnmblookup4 \-U samba\&.org \-R \*(AqIRIX#1B\*(Aq\fR +.PP +would query the WINS server samba\&.org for the domain master browser (1B name type) for the IRIX workgroup\&. +.SH "VERSION" +.PP +This man page is correct for version 3 of the Samba suite\&. +.SH "SEE ALSO" +.PP +\fBnmbd\fR(8), +\fBsamba\fR(7), and +\fBsmb.conf\fR(5)\&. +.SH "AUTHOR" +.PP +The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&. +.PP +The original Samba man pages were written by Karl Auer\&. The man page sources were converted to YODL format (another excellent piece of Open Source software, available at +\m[blue]\fBftp://ftp\&.icce\&.rug\&.nl/pub/unix/\fR\m[]\&\s-2\u[2]\d\s+2) and updated for the Samba 2\&.0 release by Jeremy Allison\&. The conversion to DocBook for Samba 2\&.2 was done by Gerald Carter\&. The conversion to DocBook XML 4\&.2 for Samba 3\&.0 was done by Alexander Bokovoy\&. +.SH "NOTES" +.IP " 1." 4 +\fIinterfaces\fR + +.RS 4 +\%[set $man.base.url.for.relative.links]/smb.conf.5.html#INTERFACES +.RE +.IP " 2." 4 +ftp://ftp.icce.rug.nl/pub/unix/ +.RS 4 +\%ftp://ftp.icce.rug.nl/pub/unix/ +.RE diff --git a/net/samba419/files/man/ntlm_auth.1 b/net/samba419/files/man/ntlm_auth.1 new file mode 100644 index 000000000000..932633931f3e --- /dev/null +++ b/net/samba419/files/man/ntlm_auth.1 @@ -0,0 +1,458 @@ +'\" t +.\" Title: ntlm_auth +.\" Author: [see the "AUTHOR" section] +.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/> +.\" Date: 08/09/2022 +.\" Manual: User Commands +.\" Source: Samba 4.16.4 +.\" Language: English +.\" +.TH "NTLM_AUTH" "1" "08/09/2022" "Samba 4\&.16\&.4" "User Commands" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +ntlm_auth \- tool to allow external access to Winbind\*(Aqs NTLM authentication function +.SH "SYNOPSIS" +.HP \w'\ 'u +ntlm_auth +.SH "DESCRIPTION" +.PP +This tool is part of the +\fBsamba\fR(7) +suite\&. +.PP +ntlm_auth +is a helper utility that authenticates users using NT/LM authentication\&. It returns 0 if the users is authenticated successfully and 1 if access was denied\&. ntlm_auth uses winbind to access the user and authentication data for a domain\&. This utility is only intended to be used by other programs (currently +Squid +and +mod_ntlm_winbind) +.SH "OPERATIONAL REQUIREMENTS" +.PP +The +\fBwinbindd\fR(8) +daemon must be operational for many of these commands to function\&. +.PP +Some of these commands also require access to the directory +winbindd_privileged +in +$LOCKDIR\&. This should be done either by running this command as root or providing group access to the +winbindd_privileged +directory\&. For security reasons, this directory should not be world\-accessable\&. +.SH "OPTIONS" +.PP +\-\-helper\-protocol=PROTO +.RS 4 +Operate as a stdio\-based helper\&. Valid helper protocols are: +.PP +squid\-2\&.4\-basic +.RS 4 +Server\-side helper for use with Squid 2\&.4\*(Aqs basic (plaintext) authentication\&. +.RE +.PP +squid\-2\&.5\-basic +.RS 4 +Server\-side helper for use with Squid 2\&.5\*(Aqs basic (plaintext) authentication\&. +.RE +.PP +squid\-2\&.5\-ntlmssp +.RS 4 +Server\-side helper for use with Squid 2\&.5\*(Aqs NTLMSSP authentication\&. +.sp +Requires access to the directory +winbindd_privileged +in +$LOCKDIR\&. The protocol used is described here: +http://devel\&.squid\-cache\&.org/ntlm/squid_helper_protocol\&.html\&. This protocol has been extended to allow the NTLMSSP Negotiate packet to be included as an argument to the +YR +command\&. (Thus avoiding loss of information in the protocol exchange)\&. +.RE +.PP +ntlmssp\-client\-1 +.RS 4 +Client\-side helper for use with arbitrary external programs that may wish to use Samba\*(Aqs NTLMSSP authentication knowledge\&. +.sp +This helper is a client, and as such may be run by any user\&. The protocol used is effectively the reverse of the previous protocol\&. A +YR +command (without any arguments) starts the authentication exchange\&. +.RE +.PP +gss\-spnego +.RS 4 +Server\-side helper that implements GSS\-SPNEGO\&. This uses a protocol that is almost the same as +squid\-2\&.5\-ntlmssp, but has some subtle differences that are undocumented outside the source at this stage\&. +.sp +Requires access to the directory +winbindd_privileged +in +$LOCKDIR\&. +.RE +.PP +gss\-spnego\-client +.RS 4 +Client\-side helper that implements GSS\-SPNEGO\&. This also uses a protocol similar to the above helpers, but is currently undocumented\&. +.RE +.PP +ntlm\-server\-1 +.RS 4 +Server\-side helper protocol, intended for use by a RADIUS server or the \*(Aqwinbind\*(Aq plugin for pppd, for the provision of MSCHAP and MSCHAPv2 authentication\&. +.sp +This protocol consists of lines in the form: +Parameter: value +and +Parameter:: Base64\-encode value\&. The presence of a single period +\&. +indicates that one side has finished supplying data to the other\&. (Which in turn could cause the helper to authenticate the user)\&. +.sp +Currently implemented parameters from the external program to the helper are: +.PP +Username +.RS 4 +The username, expected to be in Samba\*(Aqs +\m[blue]\fBunix charset\fR\m[]\&. +.PP +Examples: +.RS 4 +Username: bob +.sp +Username:: Ym9i +.RE +.RE +.PP +NT\-Domain +.RS 4 +The user\*(Aqs domain, expected to be in Samba\*(Aqs +\m[blue]\fBunix charset\fR\m[]\&. +.PP +Examples: +.RS 4 +NT\-Domain: WORKGROUP +.sp +NT\-Domain:: V09SS0dST1VQ +.RE +.RE +.PP +Full\-Username +.RS 4 +The fully qualified username, expected to be in Samba\*(Aqs +\m[blue]\fBunix charset\fR\m[] +and qualified with the +\m[blue]\fBwinbind separator\fR\m[]\&. +.PP +Examples: +.RS 4 +Full\-Username: WORKGROUP\ebob +.sp +Full\-Username:: V09SS0dST1VQYm9i +.RE +.RE +.PP +LANMAN\-Challenge +.RS 4 +The 8 byte +LANMAN Challenge +value, generated randomly by the server, or (in cases such as MSCHAPv2) generated in some way by both the server and the client\&. +.PP +Examples: +.RS 4 +LANMAN\-Challenge: 0102030405060708 +.RE +.RE +.PP +LANMAN\-Response +.RS 4 +The 24 byte +LANMAN Response +value, calculated from the user\*(Aqs password and the supplied +LANMAN Challenge\&. Typically, this is provided over the network by a client wishing to authenticate\&. +.PP +Examples: +.RS 4 +LANMAN\-Response: 0102030405060708090A0B0C0D0E0F101112131415161718 +.RE +.RE +.PP +NT\-Response +.RS 4 +The >= 24 byte +NT Response +calculated from the user\*(Aqs password and the supplied +LANMAN Challenge\&. Typically, this is provided over the network by a client wishing to authenticate\&. +.PP +Examples: +.RS 4 +NT\-Response: 0102030405060708090A0B0C0D0E0F10111213141516171 +.RE +.RE +.PP +Password +.RS 4 +The user\*(Aqs password\&. This would be provided by a network client, if the helper is being used in a legacy situation that exposes plaintext passwords in this way\&. +.PP +Examples: +.RS 4 +Password: samba2 +.sp +Password:: c2FtYmEy +.RE +.RE +.PP +Request\-User\-Session\-Key +.RS 4 +Upon successful authentication, return the user session key associated with the login\&. +.PP +Examples: +.RS 4 +Request\-User\-Session\-Key: Yes +.RE +.RE +.PP +Request\-LanMan\-Session\-Key +.RS 4 +Upon successful authentication, return the LANMAN session key associated with the login\&. +.PP +Examples: +.RS 4 +Request\-LanMan\-Session\-Key: Yes +.RE +.RE +.RE +.sp +.if n \{\ +.sp +.\} +.RS 4 +.it 1 an-trap +.nr an-no-space-flag 1 +.nr an-break-flag 1 +.br +.ps +1 +\fBWarning\fR +.ps -1 +.br +Implementers should take care to base64 encode any data (such as usernames/passwords) that may contain malicious user data, such as a newline\&. They may also need to decode strings from the helper, which likewise may have been base64 encoded\&. +.sp .5v +.RE +.RE +.PP +\-\-username=USERNAME +.RS 4 +Specify username of user to authenticate +.RE +.PP +\-\-domain=DOMAIN +.RS 4 +Specify domain of user to authenticate +.RE +.PP +\-\-workstation=WORKSTATION +.RS 4 +Specify the workstation the user authenticated from +.RE +.PP +\-\-challenge=STRING +.RS 4 +NTLM challenge (in HEXADECIMAL) +.RE +.PP +\-\-lm\-response=RESPONSE +.RS 4 +LM Response to the challenge (in HEXADECIMAL) +.RE +.PP +\-\-nt\-response=RESPONSE +.RS 4 +NT or NTLMv2 Response to the challenge (in HEXADECIMAL) +.RE +.PP +\-\-password=PASSWORD +.RS 4 +User\*(Aqs plaintext password +.sp +If not specified on the command line, this is prompted for when required\&. +.sp +For the NTLMSSP based server roles, this parameter specifies the expected password, allowing testing without winbindd operational\&. +.RE +.PP +\-\-request\-lm\-key +.RS 4 +Retrieve LM session key +.RE +.PP +\-\-request\-nt\-key +.RS 4 +Request NT key +.RE +.PP +\-\-diagnostics +.RS 4 +Perform Diagnostics on the authentication chain\&. Uses the password from +\-\-password +or prompts for one\&. +.RE +.PP +\-\-require\-membership\-of={SID|Name} +.RS 4 +Require that a user be a member of specified group (either name or SID) for authentication to succeed\&. +.RE +.PP +\-\-pam\-winbind\-conf=FILENAME +.RS 4 +Define the path to the pam_winbind\&.conf file\&. +.RE +.PP +\-\-target\-hostname=HOSTNAME +.RS 4 +Define the target hostname\&. +.RE +.PP +\-\-target\-service=SERVICE +.RS 4 +Define the target service\&. +.RE +.PP +\-\-use\-cached\-creds +.RS 4 +Whether to use credentials cached by winbindd\&. +.RE +.PP +\-\-allow\-mschapv2 +.RS 4 +Explicitly allow MSCHAPv2\&. +.RE +.PP +\-\-offline\-logon +.RS 4 +Allow offline logons for plain text auth\&. +.RE +.PP +\-?|\-\-help +.RS 4 +Print a summary of command line options\&. +.RE +.PP +\-\-usage +.RS 4 +Display brief usage message\&. +.RE +.PP +\-d|\-\-debuglevel=DEBUGLEVEL +.RS 4 +\fIlevel\fR +is an integer from 0 to 10\&. The default value if this parameter is not specified is 1 for client applications\&. +.sp +The higher this value, the more detail will be logged to the log files about the activities of the server\&. At level 0, only critical errors and serious warnings will be logged\&. Level 1 is a reasonable level for day\-to\-day running \- it generates a small amount of information about operations carried out\&. +.sp +Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&. +.sp +Note that specifying this parameter here will override the +\m[blue]\fBlog level\fR\m[] +parameter in the +smb\&.conf +file\&. +.RE +.PP +\-\-debug\-stdout +.RS 4 +This will redirect debug output to STDOUT\&. By default all clients are logging to STDERR\&. +.RE +.PP +\-\-configfile=<configuration file> +.RS 4 +The file specified contains the configuration details required by the client\&. The information in this file can be general for client and server or only provide client specific like options such as +\m[blue]\fBclient smb encrypt\fR\m[]\&. See +smb\&.conf +for more information\&. The default configuration file name is determined at compile time\&. +.RE +.PP +\-\-option=<name>=<value> +.RS 4 +Set the +\fBsmb.conf\fR(5) +option "<name>" to value "<value>" from the command line\&. This overrides compiled\-in defaults and options read from the configuration file\&. If a name or a value includes a space, wrap whole \-\-option=name=value into quotes\&. +.RE +.PP +\-V|\-\-version +.RS 4 +Prints the program version number\&. +.RE +.SH "EXAMPLE SETUP" +.PP +To setup ntlm_auth for use by squid 2\&.5, with both basic and NTLMSSP authentication, the following should be placed in the +squid\&.conf +file\&. +.sp +.if n \{\ +.RS 4 +.\} +.nf +auth_param ntlm program ntlm_auth \-\-helper\-protocol=squid\-2\&.5\-ntlmssp +auth_param basic program ntlm_auth \-\-helper\-protocol=squid\-2\&.5\-basic +auth_param basic children 5 +auth_param basic realm Squid proxy\-caching web server +auth_param basic credentialsttl 2 hours +.fi +.if n \{\ +.RE +.\} +.if n \{\ +.sp +.\} +.RS 4 +.it 1 an-trap +.nr an-no-space-flag 1 +.nr an-break-flag 1 +.br +.ps +1 +\fBNote\fR +.ps -1 +.br +.PP +This example assumes that ntlm_auth has been installed into your path, and that the group permissions on +winbindd_privileged +are as described above\&. +.sp .5v +.RE +.PP +To setup ntlm_auth for use by squid 2\&.5 with group limitation in addition to the above example, the following should be added to the +squid\&.conf +file\&. +.sp +.if n \{\ +.RS 4 +.\} +.nf +auth_param ntlm program ntlm_auth \-\-helper\-protocol=squid\-2\&.5\-ntlmssp \-\-require\-membership\-of=\*(AqWORKGROUP\eDomain Users\*(Aq +auth_param basic program ntlm_auth \-\-helper\-protocol=squid\-2\&.5\-basic \-\-require\-membership\-of=\*(AqWORKGROUP\eDomain Users\*(Aq +.fi +.if n \{\ +.RE +.\} +.SH "TROUBLESHOOTING" +.PP +If you\*(Aqre experiencing problems with authenticating Internet Explorer running under MS Windows 9X or Millennium Edition against ntlm_auth\*(Aqs NTLMSSP authentication helper (\-\-helper\-protocol=squid\-2\&.5\-ntlmssp), then please read +the Microsoft Knowledge Base article #239869 and follow instructions described there\&. +.SH "VERSION" +.PP +This man page is part of version 4\&.16\&.4 of the Samba suite\&. +.SH "AUTHOR" +.PP +The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&. +.PP +The ntlm_auth manpage was written by Jelmer Vernooij and Andrew Bartlett\&. diff --git a/net/samba419/files/man/ntlm_auth4.1 b/net/samba419/files/man/ntlm_auth4.1 new file mode 100644 index 000000000000..ad1863b7aa56 --- /dev/null +++ b/net/samba419/files/man/ntlm_auth4.1 @@ -0,0 +1,233 @@ +'\" t +.\" Title: ntlm_auth4 +.\" Author: [see the "AUTHOR" section] +.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/> +.\" Date: 03/24/2017 +.\" Manual: User Commands +.\" Source: Samba 4.0 +.\" Language: English +.\" +.TH "NTLM_AUTH4" "1" "03/24/2017" "Samba 4\&.0" "User Commands" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +ntlm_auth4 \- tool to allow external access to Winbind\*(Aqs NTLM authentication function +.SH "SYNOPSIS" +.HP \w'\fBntlm_auth4\fR\ 'u +\fBntlm_auth4\fR [\-d\ debuglevel] [\-l\ logdir] [\-s\ <smb\ config\ file>] +.SH "DESCRIPTION" +.PP +This tool is part of the +\fBsamba\fR(7) +suite\&. +.PP +\fBntlm_auth4\fR +is a helper utility that authenticates users using NT/LM authentication\&. It returns 0 if the users is authenticated successfully and 1 if access was denied\&. ntlm_auth4 uses winbind to access the user and authentication data for a domain\&. This utility is only indended to be used by other programs (currently squid)\&. +.SH "OPERATIONAL REQUIREMENTS" +.PP +The +\fBwinbindd\fR(8) +daemon must be operational for many of these commands to function\&. +.PP +Some of these commands also require access to the directory +winbindd_privileged +in +$LOCKDIR\&. This should be done either by running this command as root or providing group access to the +winbindd_privileged +directory\&. For security reasons, this directory should not be world\-accessable\&. +.SH "OPTIONS" +.PP +\-\-helper\-protocol=PROTO +.RS 4 +Operate as a stdio\-based helper\&. Valid helper protocols are: +.PP +squid\-2\&.4\-basic +.RS 4 +Server\-side helper for use with Squid 2\&.4\*(Aqs basic (plaintext) authentication\&. +.RE +.PP +squid\-2\&.5\-basic +.RS 4 +Server\-side helper for use with Squid 2\&.5\*(Aqs basic (plaintext) authentication\&. +.RE +.PP +squid\-2\&.5\-ntlmssp +.RS 4 +Server\-side helper for use with Squid 2\&.5\*(Aqs NTLMSSP authentication\&. +.sp +Requires access to the directory +winbindd_privileged +in +$LOCKDIR\&. The protocol used is described here: +\m[blue]\fBhttp://devel\&.squid\-cache\&.org/ntlm/squid_helper_protocol\&.html\fR\m[] +.RE +.PP +ntlmssp\-client\-1 +.RS 4 +Cleint\-side helper for use with arbitary external programs that may wish to use Samba\*(Aqs NTLMSSP authentication knowlege\&. +.sp +This helper is a client, and as such may be run by any user\&. The protocol used is effectivly the reverse of the previous protocol\&. +.RE +.PP +gss\-spnego +.RS 4 +Server\-side helper that implements GSS\-SPNEGO\&. This uses a protocol that is almost the same as +\fBsquid\-2\&.5\-ntlmssp\fR, but has some subtle differences that are undocumented outside the source at this stage\&. +.sp +Requires access to the directory +winbindd_privileged +in +$LOCKDIR\&. +.RE +.PP +gss\-spnego\-client +.RS 4 +Client\-side helper that implements GSS\-SPNEGO\&. This also uses a protocol similar to the above helpers, but is currently undocumented\&. +.RE +.RE +.PP +\-\-username=USERNAME +.RS 4 +Specify username of user to authenticate +.RE +.PP +\-\-domain=DOMAIN +.RS 4 +Specify domain of user to authenticate +.RE +.PP +\-\-workstation=WORKSTATION +.RS 4 +Specify the workstation the user authenticated from +.RE +.PP +\-\-challenge=STRING +.RS 4 +NTLM challenge (in HEXADECIMAL) +.RE +.PP +\-\-lm\-response=RESPONSE +.RS 4 +LM Response to the challenge (in HEXADECIMAL) +.RE +.PP +\-\-nt\-response=RESPONSE +.RS 4 +NT or NTLMv2 Response to the challenge (in HEXADECIMAL) +.RE +.PP +\-\-password=PASSWORD +.RS 4 +User\*(Aqs plaintext password +.sp +If not specified on the command line, this is prompted for when required\&. +.RE +.PP +\-\-request\-lm\-key +.RS 4 +Retrieve LM session key +.RE +.PP +\-\-request\-nt\-key +.RS 4 +Request NT key +.RE +.PP +\-\-diagnostics +.RS 4 +Perform Diagnostics on the authentication chain\&. Uses the password from +\fB\-\-password\fR +or prompts for one\&. +.RE +.PP +\-\-require\-membership\-of={SID|Name} +.RS 4 +Require that a user be a member of specified group (either name or SID) for authentication to succeed\&. +.RE +.SH "EXAMPLE SETUP" +.PP +To setup ntlm_auth4 for use by squid 2\&.5, with both basic and NTLMSSP authentication, the following should be placed in the +squid\&.conf +file\&. +.sp +.if n \{\ +.RS 4 +.\} +.nf +auth_param ntlm program ntlm_auth4 \-\-helper\-protocol=squid\-2\&.5\-ntlmssp +auth_param basic program ntlm_auth4 \-\-helper\-protocol=squid\-2\&.5\-basic +auth_param basic children 5 +auth_param basic realm Squid proxy\-caching web server +auth_param basic credentialsttl 2 hours +.fi +.if n \{\ +.RE +.\} +.if n \{\ +.sp +.\} +.RS 4 +.it 1 an-trap +.nr an-no-space-flag 1 +.nr an-break-flag 1 +.br +.ps +1 +\fBNote\fR +.ps -1 +.br +.PP +This example assumes that ntlm_auth4 has been installed into your path, and that the group permissions on +winbindd_privileged +are as described above\&. +.sp .5v +.RE +.PP +To setup ntlm_auth4 for use by squid 2\&.5 with group limitation in addition to the above example, the following should be added to the +squid\&.conf +file\&. +.sp +.if n \{\ +.RS 4 +.\} +.nf +auth_param ntlm program ntlm_auth4 \-\-helper\-protocol=squid\-2\&.5\-ntlmssp \-\-require\-membership\-of=\*(AqWORKGROUP\eDomain Users\*(Aq +auth_param basic program ntlm_auth4 \-\-helper\-protocol=squid\-2\&.5\-basic \-\-require\-membership\-of=\*(AqWORKGROUP\eDomain Users\*(Aq +.fi +.if n \{\ +.RE +.\} +.SH "TROUBLESHOOTING" +.PP +If you\*(Aqre experiencing problems with authenticating Internet Explorer running under MS Windows 9X or Millenium Edition against ntlm_auth4\*(Aqs NTLMSSP authentication helper (\-\-helper\-protocol=squid\-2\&.5\-ntlmssp), then please read +\m[blue]\fBthe Microsoft Knowledge Base article #239869 and follow instructions described there\fR\m[]\&\s-2\u[1]\d\s+2\&. +.SH "VERSION" +.PP +This man page is correct for version 3\&.0 of the Samba suite\&. +.SH "AUTHOR" +.PP +The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&. +.PP +The ntlm_auth4 manpage was written by Jelmer Vernooij and Andrew Bartlett\&. +.SH "NOTES" +.IP " 1." 4 +the Microsoft Knowledge Base article #239869 and follow instructions described there +.RS 4 +\%http://support.microsoft.com/support/kb/articles/Q239/8/69.ASP +.RE diff --git a/net/samba419/files/man/oLschema2ldif.1 b/net/samba419/files/man/oLschema2ldif.1 new file mode 100644 index 000000000000..962f5060d195 --- /dev/null +++ b/net/samba419/files/man/oLschema2ldif.1 @@ -0,0 +1,74 @@ +'\" t +.\" Title: oLschema2ldif +.\" Author: [see the "AUTHOR" section] +.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/> +.\" Date: 08/09/2022 +.\" Manual: System Administration tools +.\" Source: Samba 4.0 +.\" Language: English +.\" +.TH "OLSCHEMA2LDIF" "1" "08/09/2022" "Samba 4\&.0" "System Administration tools" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +oLschema2ldif \- Converts LDAP schema\*(Aqs to LDB\-compatible LDIF +.SH "SYNOPSIS" +.HP \w'\fBoLschema2ldif\fR\ 'u +\fBoLschema2ldif\fR [\-I\ INPUT\-FILE] [\-O\ OUTPUT\-FILE] +.SH "DESCRIPTION" +.PP +oLschema2ldif is a simple tool that converts standard OpenLDAP schema files to a LDIF format that is understood by LDB\&. +.SH "OPTIONS" +.PP +\-I input\-file +.RS 4 +OpenLDAP schema to read\&. If none are specified, the schema file will be read from standard input\&. +.RE +.PP +\-O output\-file +.RS 4 +File to write ldif version of schema to\&. +.RE +.SH "VERSION" +.PP +This man page is correct for version 4\&.0 of the Samba suite\&. +.SH "SEE ALSO" +.PP +ldb(7), ldbmodify, ldbdel, ldif(5) +.SH "AUTHOR" +.PP +ldb was written by +\m[blue]\fBAndrew Tridgell\fR\m[]\&\s-2\u[1]\d\s+2\&. oLschema2ldif was written by +\m[blue]\fBSimo Sorce\fR\m[]\&\s-2\u[2]\d\s+2\&. +.PP +If you wish to report a problem or make a suggestion then please see the +\m[blue]\fB\%http://ldb.samba.org/\fR\m[] +web site for current contact and maintainer information\&. +.SH "NOTES" +.IP " 1." 4 +Andrew Tridgell +.RS 4 +\%https://www.samba.org/~tridge/ +.RE +.IP " 2." 4 +Simo Sorce +.RS 4 +\%mailto:idra@samba.org +.RE diff --git a/net/samba419/files/man/onnode.1 b/net/samba419/files/man/onnode.1 new file mode 100644 index 000000000000..1fbd44b45ffc --- /dev/null +++ b/net/samba419/files/man/onnode.1 @@ -0,0 +1,218 @@ +'\" t +.\" Title: onnode +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/> +.\" Date: 09/23/2020 +.\" Manual: CTDB - clustered TDB database +.\" Source: ctdb +.\" Language: English +.\" +.TH "ONNODE" "1" "09/23/2020" "ctdb" "CTDB \- clustered TDB database" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +onnode \- run commands on CTDB cluster nodes +.SH "SYNOPSIS" +.HP \w'\fBonnode\fR\ 'u +\fBonnode\fR [\fIOPTION\fR...] {\fINODES\fR} {\fICOMMAND\fR} +.SH "DESCRIPTION" +.PP +onnode is a utility to run commands on a specific node of a CTDB cluster, or on all nodes\&. +.PP +\fINODES\fR +specifies which node(s) to run a command on\&. See section +NODES SPECIFICATION +for details\&. +.PP +\fICOMMAND\fR +can be any shell command\&. The onnode utility uses ssh or rsh to connect to the remote nodes and run the command\&. +.SH "OPTIONS" +.PP +\-c +.RS 4 +Execute COMMAND in the current working directory on the specified nodes\&. +.RE +.PP +\-f \fIFILENAME\fR +.RS 4 +Specify an alternative nodes FILENAME to use instead of the default\&. See the discussion of +/usr/local/etc/ctdb/nodes +in the FILES section for more details\&. +.RE +.PP +\-i +.RS 4 +Keep standard input open, allowing data to be piped to onnode\&. Normally onnode closes stdin to avoid surprises when scripting\&. Note that this option is ignored when using +\fB\-p\fR +or if +\fBONNODE_SSH\fR +is set to anything other than "ssh"\&. +.RE +.PP +\-n +.RS 4 +Allow nodes to be specified by name rather than node numbers\&. These nodes don\*(Aqt need to be listed in the nodes file\&. You can avoid the nodes file entirely by combining this with +\-f /dev/null\&. +.RE +.PP +\-p +.RS 4 +Run COMMAND in parallel on the specified nodes\&. The default is to run COMMAND sequentially on each node\&. +.RE +.PP +\-P +.RS 4 +Push files to nodes\&. Names of files to push are specified rather than the usual command\&. Quoting is fragile/broken \- filenames with whitespace in them are not supported\&. +.RE +.PP +\-q +.RS 4 +Do not print node addresses\&. Normally, onnode prints informational node addresses if more than one node is specified\&. This overrides \-v\&. +.RE +.PP +\-v +.RS 4 +Print node addresses even if only one node is specified\&. Normally, onnode prints informational node addresses when more than one node is specified\&. +.RE +.PP +\-h, \-\-help +.RS 4 +Show a short usage guide\&. +.RE +.SH "NODES SPECIFICATION" +.PP +Nodes can be specified via numeric node numbers (from 0 to N\-1) or mnemonics\&. Multiple nodes are specified using lists of nodes, separated by commas, and ranges of numeric node numbers, separated by dashes\&. If nodes are specified multiple times then the command will be executed multiple times on those nodes\&. The order of nodes is significant\&. +.PP +The following mnemonics are available: +.PP +all +.RS 4 +All nodes\&. +.RE +.PP +any +.RS 4 +A node where ctdbd is running\&. This semi\-random but there is a bias towards choosing a low numbered node\&. +.RE +.PP +ok | healthy +.RS 4 +All nodes that are not disconnected, banned, disabled or unhealthy\&. +.RE +.PP +con | connected +.RS 4 +All nodes that are not disconnected\&. +.RE +.SH "EXAMPLES" +.PP +The following command would show the process ID of ctdbd on all nodes +.sp +.if n \{\ +.RS 4 +.\} +.nf + onnode all ctdb getpid + +.fi +.if n \{\ +.RE +.\} +.PP +The following command would show the last 5 lines of log on each node, preceded by the node\*(Aqs hostname +.sp +.if n \{\ +.RS 4 +.\} +.nf + onnode all "hostname; tail \-5 /var/log/log\&.ctdb" + +.fi +.if n \{\ +.RE +.\} +.PP +The following command would restart the ctdb service on all nodes, in parallel\&. +.sp +.if n \{\ +.RS 4 +.\} +.nf + onnode \-p all service ctdb restart + +.fi +.if n \{\ +.RE +.\} +.PP +The following command would run \&./foo in the current working directory, in parallel, on nodes 0, 2, 3 and 4\&. +.sp +.if n \{\ +.RS 4 +.\} +.nf + onnode \-c \-p 0,2\-4 \&./foo + +.fi +.if n \{\ +.RE +.\} +.SH "FILES" +.PP +/usr/local/etc/ctdb/nodes +.RS 4 +Default file containing a list of each node\*(Aqs IP address or hostname\&. +.sp +As above, a file specified via the +\fB\-f\fR +is given precedence\&. If a relative path is specified and no corresponding file exists relative to the current directory then the file is also searched for in the CTDB configuration directory\&. +.sp +Otherwise the default is +/usr/local/etc/ctdb/nodes\&. +.RE +.PP +/usr/local/etc/ctdb/onnode\&.conf +.RS 4 +If this file exists it is sourced by onnode\&. The main purpose is to allow the administrator to set +\fBONNODE_SSH\fR +to something other than "ssh"\&. In this case the \-t option is ignored\&. +.RE +.SH "SEE ALSO" +.PP +\fBctdb\fR(7), +\m[blue]\fB\%http://ctdb.samba.org/\fR\m[] +.SH "AUTHOR" +.br +.PP +This documentation was written by Andrew Tridgell, Martin Schwenke +.SH "COPYRIGHT" +.br +Copyright \(co 2007 Andrew Tridgell, Ronnie Sahlberg +.br +Copyright \(co 2008 Martin Schwenke +.br +.PP +This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version\&. +.PP +This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE\&. See the GNU General Public License for more details\&. +.PP +You should have received a copy of the GNU General Public License along with this program; if not, see +\m[blue]\fB\%http://www.gnu.org/licenses\fR\m[]\&. +.sp diff --git a/net/samba419/files/man/pam_winbind.conf.5 b/net/samba419/files/man/pam_winbind.conf.5 new file mode 100644 index 000000000000..33adbaece735 --- /dev/null +++ b/net/samba419/files/man/pam_winbind.conf.5 @@ -0,0 +1,161 @@ +'\" t +.\" Title: pam_winbind.conf +.\" Author: [see the "AUTHOR" section] +.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/> +.\" Date: 08/09/2022 +.\" Manual: 5 +.\" Source: Samba 4.16.4 +.\" Language: English +.\" +.TH "PAM_WINBIND\&.CONF" "5" "08/09/2022" "Samba 4\&.16\&.4" "5" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +pam_winbind.conf \- Configuration file of PAM module for Winbind +.SH "DESCRIPTION" +.PP +This configuration file is part of the +\fBsamba\fR(7) +suite\&. +.PP +pam_winbind\&.conf is the configuration file for the pam_winbind PAM module\&. See +\fBpam_winbind\fR(8) +for further details\&. +.SH "SYNOPSIS" +.PP +The pam_winbind\&.conf configuration file is a classic ini\-style configuration file\&. There is only one section (global) where various options are defined\&. +.SH "OPTIONS" +.PP +pam_winbind supports several options which can either be set in the PAM configuration files or in the pam_winbind configuration file situated at +/etc/security/pam_winbind\&.conf\&. Options from the PAM configuration file take precedence to those from the pam_winbind\&.conf configuration file\&. +.PP +debug = yes|no +.RS 4 +Gives debugging output to syslog\&. Defaults to "no"\&. +.RE +.PP +debug_state = yes|no +.RS 4 +Gives detailed PAM state debugging output to syslog\&. Defaults to "no"\&. +.RE +.PP +require_membership_of = [SID or NAME] +.RS 4 +If this option is set, pam_winbind will only succeed if the user is a member of the given SID or NAME\&. A SID can be either a group\-SID, an alias\-SID or even an user\-SID\&. It is also possible to give a NAME instead of the SID\&. That name must have the form: +\fIMYDOMAIN\emygroup\fR +or +\fIMYDOMAIN\emyuser\fR +(where \*(Aq\e\*(Aq character corresponds to the value of +\fIwinbind separator\fR +parameter)\&. It is also possible to use a UPN in the form +\fIuser@REALM\fR +or +\fIgroup@REALM\fR\&. pam_winbind will, in that case, lookup the SID internally\&. Note that NAME may not contain any spaces\&. It is thus recommended to only use SIDs\&. You can verify the list of SIDs a user is a member of with +wbinfo \-\-user\-sids=SID\&. This setting is empty by default\&. +.sp +This option only operates during password authentication, and will not restrict access if a password is not required for any reason (such as SSH key\-based login)\&. +.RE +.PP +try_first_pass = yes|no +.RS 4 +By default, pam_winbind tries to get the authentication token from a previous module\&. If no token is available it asks the user for the old password\&. With this option, pam_winbind aborts with an error if no authentication token from a previous module is available\&. If a primary password is not valid, PAM will prompt for a password\&. Default to "no"\&. +.RE +.PP +krb5_auth = yes|no +.RS 4 +pam_winbind can authenticate using Kerberos when winbindd is talking to an Active Directory domain controller\&. Kerberos authentication must be enabled with this parameter\&. When Kerberos authentication can not succeed (e\&.g\&. due to clock skew), winbindd will fallback to samlogon authentication over MSRPC\&. When this parameter is used in conjunction with +\fIwinbind refresh tickets\fR, winbind will keep your Ticket Granting Ticket (TGT) up\-to\-date by refreshing it whenever necessary\&. Defaults to "no"\&. +.RE +.PP +krb5_ccache_type = [type] +.RS 4 +When pam_winbind is configured to try kerberos authentication by enabling the +\fIkrb5_auth\fR +option, it can store the retrieved Ticket Granting Ticket (TGT) in a credential cache\&. The type of credential cache can be controlled with this option\&. The supported values are: +\fIKCM\fR +or +\fIKEYRING\fR +(when supported by the system\*(Aqs Kerberos library and operating system), +\fIFILE\fR +and +\fIDIR\fR +(when the DIR type is supported by the system\*(Aqs Kerberos library)\&. In case of FILE a credential cache in the form of /tmp/krb5cc_UID will be created \- in case of DIR you NEED to specify a directory\&. UID is replaced with the numeric user id\&. The UID directory is being created\&. The path up to the directory should already exist\&. Check the details of the Kerberos implmentation\&. +.sp +When using the KEYRING type, the supported mechanism is +\(lqKEYRING:persistent:UID\(rq, which uses the Linux kernel keyring to store credentials on a per\-UID basis\&. The KEYRING has its limitations\&. As it is secure kernel memory, for example bulk sorage of credentils is for not possible\&. +.sp +When using th KCM type, the supported mechanism is +\(lqKCM:UID\(rq, which uses a Kerberos credential manaager to store credentials on a per\-UID basis similar to KEYRING\&. This is the recommended choice on latest Linux distributions, offering a Kerberos Credential Manager\&. If not we suggest to use KEYRING as those are the most secure and predictable method\&. +.sp +It is also possible to define custom filepaths and use the "%u" pattern in order to substitute the numeric user id\&. Examples: +.PP +krb5_ccache_type = DIR:/run/user/%u/krb5cc +.RS 4 +This will create a credential cache file in the specified directory\&. +.RE +.PP +krb5_ccache_type = FILE:/tmp/krb5cc_%u +.RS 4 +This will create a credential cache file\&. +.RE +.sp +Leave empty to just do kerberos authentication without having a ticket cache after the logon has succeeded\&. This setting is empty by default\&. +.RE +.PP +cached_login = yes|no +.RS 4 +Winbind allows one to logon using cached credentials when +\fIwinbind offline logon\fR +is enabled\&. To use this feature from the PAM module this option must be set\&. Defaults to "no"\&. +.RE +.PP +silent = yes|no +.RS 4 +Do not emit any messages\&. Defaults to "no"\&. +.RE +.PP +mkhomedir = yes|no +.RS 4 +Create homedirectory for a user on\-the\-fly, option is valid in PAM session block\&. Defaults to "no"\&. +.RE +.PP +warn_pwd_expire = days +.RS 4 +Defines number of days before pam_winbind starts to warn about passwords that are going to expire\&. Defaults to 14 days\&. +.RE +.PP +pwd_change_prompt = yes|no +.RS 4 +Generate prompt for changing an expired password\&. Defaults to "no"\&. +.RE +.SH "SEE ALSO" +.PP +\fBpam_winbind\fR(8), +\fBwbinfo\fR(1), +\fBwinbindd\fR(8), +\fBsmb.conf\fR(5) +.SH "VERSION" +.PP +This man page is part of version 4\&.16\&.4 of Samba\&. +.SH "AUTHOR" +.PP +The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&. +.PP +This manpage was written by Jelmer Vernooij and Guenther Deschner\&. diff --git a/net/samba419/files/man/ping_pong.1 b/net/samba419/files/man/ping_pong.1 new file mode 100644 index 000000000000..1ed9363b426c --- /dev/null +++ b/net/samba419/files/man/ping_pong.1 @@ -0,0 +1,122 @@ +'\" t +.\" Title: ping_pong +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/> +.\" Date: 09/23/2020 +.\" Manual: CTDB - clustered TDB database +.\" Source: ctdb +.\" Language: English +.\" +.TH "PING_PONG" "1" "09/23/2020" "ctdb" "CTDB \- clustered TDB database" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +ping_pong \- measures the ping\-pong byte range lock latency +.SH "SYNOPSIS" +.HP \w'\fBping_pong\fR\ 'u +\fBping_pong\fR {\-r | \-w | \-rw} [\-m] [\-c] {\fIFILENAME\fR} {\fINUM\-LOCKS\fR} +.SH "DESCRIPTION" +.PP +ping_pong measures the byte range lock latency\&. It is especially useful on a cluster of nodes sharing a common lock manager as it will give some indication of the lock manager\*(Aqs performance under stress\&. +.PP +FILENAME is a file on shared storage to use for byte range locking tests\&. +.PP +NUM\-LOCKS is the number of byte range locks, so needs to be (strictly) greater than the number of nodes in the cluster\&. +.SH "OPTIONS" +.PP +\-r +.RS 4 +test read performance +.RE +.PP +\-w +.RS 4 +test write performance +.RE +.PP +\-m +.RS 4 +use mmap +.RE +.PP +\-c +.RS 4 +validate the locks +.RE +.SH "EXAMPLES" +.PP +Testing lock coherence +.sp +.if n \{\ +.RS 4 +.\} +.nf + ping_pong test\&.dat N + +.fi +.if n \{\ +.RE +.\} +.PP +Testing lock coherence with lock validation +.sp +.if n \{\ +.RS 4 +.\} +.nf + ping_pong \-c test\&.dat N + +.fi +.if n \{\ +.RE +.\} +.PP +Testing IO coherence +.sp +.if n \{\ +.RS 4 +.\} +.nf + ping_pong \-rw test\&.dat N + +.fi +.if n \{\ +.RE +.\} +.SH "SEE ALSO" +.PP +\fBctdb\fR(7), +\m[blue]\fB\%https://wiki.samba.org/index.php/Ping_pong\fR\m[] +.SH "AUTHOR" +.br +.PP +This documentation was written by Mathieu Parent +.SH "COPYRIGHT" +.br +Copyright \(co 2002 Andrew Tridgell +.br +.PP +This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version\&. +.PP +This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE\&. See the GNU General Public License for more details\&. +.PP +You should have received a copy of the GNU General Public License along with this program; if not, see +\m[blue]\fB\%http://www.gnu.org/licenses\fR\m[]\&. +.sp diff --git a/net/samba419/files/man/profiles.1 b/net/samba419/files/man/profiles.1 new file mode 100644 index 000000000000..46d81a7f8952 --- /dev/null +++ b/net/samba419/files/man/profiles.1 @@ -0,0 +1,136 @@ +'\" t +.\" Title: profiles +.\" Author: [see the "AUTHOR" section] +.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/> +.\" Date: 08/09/2022 +.\" Manual: User Commands +.\" Source: Samba 4.16.4 +.\" Language: English +.\" +.TH "PROFILES" "1" "08/09/2022" "Samba 4\&.16\&.4" "User Commands" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +profiles \- A utility to report and change SIDs in registry files +.SH "SYNOPSIS" +.HP \w'\ 'u +profiles [\-c|\-\-change\-sid=STRING] [\-n|\-\-new\-sid=STRING] [\-v|\-\-verbose] [\-?|\-\-help] [\-\-usage] [\-d|\-\-debuglevel=DEBUGLEVEL] [\-\-debug\-stdout] [\-\-configfile=CONFIGFILE] [\-\-option=name=value] [\-l|\-\-log\-basename=LOGFILEBASE] [\-\-leak\-report] [\-\-leak\-report\-full] {FILE} +.SH "DESCRIPTION" +.PP +This tool is part of the +\fBsamba\fR(7) +suite\&. +.PP +profiles +is a utility that reports and changes SIDs in windows registry files\&. It currently only supports NT\&. +.SH "OPTIONS" +.PP +file +.RS 4 +Registry file to view or edit\&. +.RE +.PP +\-v,\-\-verbose +.RS 4 +Increases verbosity of messages\&. +.RE +.PP +\-c SID1 \-n SID2, \-\-change\-sid SID1 \-\-new\-sid SID2 +.RS 4 +Change all occurrences of SID1 in +file +by SID2\&. +.RE +.PP +\-d|\-\-debuglevel=DEBUGLEVEL +.RS 4 +\fIlevel\fR +is an integer from 0 to 10\&. The default value if this parameter is not specified is 1 for client applications\&. +.sp +The higher this value, the more detail will be logged to the log files about the activities of the server\&. At level 0, only critical errors and serious warnings will be logged\&. Level 1 is a reasonable level for day\-to\-day running \- it generates a small amount of information about operations carried out\&. +.sp +Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&. +.sp +Note that specifying this parameter here will override the +\m[blue]\fBlog level\fR\m[] +parameter in the +smb\&.conf +file\&. +.RE +.PP +\-\-debug\-stdout +.RS 4 +This will redirect debug output to STDOUT\&. By default all clients are logging to STDERR\&. +.RE +.PP +\-\-configfile=<configuration file> +.RS 4 +The file specified contains the configuration details required by the client\&. The information in this file can be general for client and server or only provide client specific like options such as +\m[blue]\fBclient smb encrypt\fR\m[]\&. See +smb\&.conf +for more information\&. The default configuration file name is determined at compile time\&. +.RE +.PP +\-\-option=<name>=<value> +.RS 4 +Set the +\fBsmb.conf\fR(5) +option "<name>" to value "<value>" from the command line\&. This overrides compiled\-in defaults and options read from the configuration file\&. If a name or a value includes a space, wrap whole \-\-option=name=value into quotes\&. +.RE +.PP +\-l|\-\-log\-basename=logdirectory +.RS 4 +Base directory name for log/debug files\&. The extension +\fB"\&.progname"\fR +will be appended (e\&.g\&. log\&.smbclient, log\&.smbd, etc\&.\&.\&.)\&. The log file is never removed by the client\&. +.RE +.PP +\-\-leak\-report +.RS 4 +Enable talloc leak reporting on exit\&. +.RE +.PP +\-\-leak\-report\-full +.RS 4 +Enable full talloc leak reporting on exit\&. +.RE +.PP +\-V|\-\-version +.RS 4 +Prints the program version number\&. +.RE +.PP +\-?|\-\-help +.RS 4 +Print a summary of command line options\&. +.RE +.PP +\-\-usage +.RS 4 +Display brief usage message\&. +.RE +.SH "VERSION" +.PP +This man page is part of version 4\&.16\&.4 of the Samba suite\&. +.SH "AUTHOR" +.PP +The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&. +.PP +The profiles man page was written by Jelmer Vernooij\&. diff --git a/net/samba419/files/man/regdiff.1 b/net/samba419/files/man/regdiff.1 new file mode 100644 index 000000000000..4f0bbb103cf7 --- /dev/null +++ b/net/samba419/files/man/regdiff.1 @@ -0,0 +1,87 @@ +'\" t +.\" Title: regdiff +.\" Author: [see the "AUTHOR" section] +.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/> +.\" Date: 08/09/2022 +.\" Manual: System Administration tools +.\" Source: Samba 4.0 +.\" Language: English +.\" +.TH "REGDIFF" "1" "08/09/2022" "Samba 4\&.0" "System Administration tools" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +regdiff \- Diff program for Windows registry files +.SH "SYNOPSIS" +.HP \w'\fBregdiff\fR\ 'u +\fBregdiff\fR [\-\-help] [\-\-backend=BACKEND] [\-\-credentials=CREDENTIALS] [location] +.SH "DESCRIPTION" +.PP +regdiff compares two Windows registry files key by key and value by value and generates a text file that contains the differences between the two files\&. +.PP +A file generated by regdiff can later be applied to a registry file by the regpatch utility\&. +.PP +regdiff and regpatch use the same file format as the regedit32\&.exe utility from Windows\&. +.SH "OPTIONS" +.PP +\-\-help +.RS 4 +Show list of available options\&. +.RE +.PP +\-\-backend BACKEND +.RS 4 +Name of backend to load\&. Possible values are: creg, regf, dir and rpc\&. The default is +\fIdir\fR\&. +.sp +This argument can be specified twice: once for the first registry file and once for the second\&. +.RE +.PP +\-\-credentials=CREDENTIALS +.RS 4 +Credentials to use, if any\&. Password should be separated from user name by a percent sign\&. +.sp +This argument can be specified twice: once for the first registry file and once for the second\&. +.RE +.SH "VERSION" +.PP +This man page is correct for version 4\&.0 of the Samba suite\&. +.SH "SEE ALSO" +.PP +gregedit, regshell, regpatch, regtree, samba, patch, diff +.SH "AUTHOR" +.PP +This utility is part of the +\m[blue]\fBSamba\fR\m[]\&\s-2\u[1]\d\s+2 +suite, which is developed by the global +\m[blue]\fBSamba Team\fR\m[]\&\s-2\u[2]\d\s+2\&. +.PP +This manpage and regdiff were written by Jelmer Vernooij\&. +.SH "NOTES" +.IP " 1." 4 +Samba +.RS 4 +\%http://www.samba.org/ +.RE +.IP " 2." 4 +Samba Team +.RS 4 +\%http://www.samba.org/samba/team/ +.RE diff --git a/net/samba419/files/man/regpatch.1 b/net/samba419/files/man/regpatch.1 new file mode 100644 index 000000000000..e3e1a228cc8f --- /dev/null +++ b/net/samba419/files/man/regpatch.1 @@ -0,0 +1,81 @@ +'\" t +.\" Title: regpatch +.\" Author: [see the "AUTHOR" section] +.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/> +.\" Date: 08/09/2022 +.\" Manual: System Administration tools +.\" Source: Samba 4.0 +.\" Language: English +.\" +.TH "REGPATCH" "1" "08/09/2022" "Samba 4\&.0" "System Administration tools" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +regpatch \- Applies registry patches to registry files +.SH "SYNOPSIS" +.HP \w'\fBregpatch\fR\ 'u +\fBregpatch\fR [\-\-help] [\-\-backend=BACKEND] [\-\-credentials=CREDENTIALS] [location] [patch\-file] +.SH "DESCRIPTION" +.PP +The regpatch utility applies registry patches to Windows registry files\&. The patch files should have the same format as is being used by the regdiff utility and regedit32\&.exe from Windows\&. +.PP +If no patch file is specified on the command line, regpatch attempts to read it from standard input\&. +.SH "OPTIONS" +.PP +\-\-help +.RS 4 +Show list of available options\&. +.RE +.PP +\-\-backend BACKEND +.RS 4 +Name of backend to load\&. Possible values are: creg, regf, dir and rpc\&. The default is +\fIdir\fR\&. +.RE +.PP +\-\-credentials=CREDENTIALS +.RS 4 +Credentials to use, if any\&. Password should be separated from user name by a percent sign\&. +.RE +.SH "VERSION" +.PP +This man page is correct for version 4\&.0 of the Samba suite\&. +.SH "SEE ALSO" +.PP +regdiff, regtree, regshell, gregedit, samba, diff, patch +.SH "AUTHOR" +.PP +This utility is part of the +\m[blue]\fBSamba\fR\m[]\&\s-2\u[1]\d\s+2 +suite, which is developed by the global +\m[blue]\fBSamba Team\fR\m[]\&\s-2\u[2]\d\s+2\&. +.PP +This manpage and regpatch were written by Jelmer Vernooij\&. +.SH "NOTES" +.IP " 1." 4 +Samba +.RS 4 +\%http://www.samba.org/ +.RE +.IP " 2." 4 +Samba Team +.RS 4 +\%http://www.samba.org/samba/team/ +.RE diff --git a/net/samba419/files/man/regshell.1 b/net/samba419/files/man/regshell.1 new file mode 100644 index 000000000000..d15be6b01270 --- /dev/null +++ b/net/samba419/files/man/regshell.1 @@ -0,0 +1,177 @@ +'\" t +.\" Title: regshell +.\" Author: [see the "AUTHOR" section] +.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/> +.\" Date: 08/09/2022 +.\" Manual: System Administration tools +.\" Source: Samba 4.0 +.\" Language: English +.\" +.TH "REGSHELL" "1" "08/09/2022" "Samba 4\&.0" "System Administration tools" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +regshell \- Windows registry file browser using readline +.SH "SYNOPSIS" +.HP \w'\fBregshell\fR\ 'u +\fBregshell\fR [\-\-help] [\-\-backend=BACKEND] [\-\-credentials=CREDENTIALS] [location] +.SH "DESCRIPTION" +.PP +regshell is a utility that lets you browse thru a Windows registry file as if you were using a regular unix shell to browse thru a file system\&. +.SH "OPTIONS" +.PP +\-\-help +.RS 4 +Show list of available options\&. +.RE +.PP +\-\-backend BACKEND +.RS 4 +Name of backend to load\&. Possible values are: creg, regf, dir and rpc\&. The default is +\fIdir\fR\&. +.RE +.PP +\-\-credentials=CREDENTIALS +.RS 4 +Credentials to use, if any\&. Password should be separated from user name by a percent sign\&. +.RE +.SH "COMMANDS" +.PP +ck|cd <keyname> +.RS 4 +Go to the specified subkey\&. +.RE +.PP +ch|predef [predefined\-key\-name] +.RS 4 +Go to the specified predefined key\&. +.RE +.PP +list|ls +.RS 4 +List subkeys and values of the current key\&. +.RE +.PP +mkkey|mkdir <keyname> +.RS 4 +Create a key with the specified +\fIkeyname\fR +as a subkey of the current key\&. +.RE +.PP +rmval|rm <valname> +.RS 4 +Delete the specified value\&. +.RE +.PP +rmkey|rmdir <keyname> +.RS 4 +Delete the specified subkey recursively\&. +.RE +.PP +pwd|pwk +.RS 4 +Print the full name of the current key\&. +.RE +.PP +set|update +.RS 4 +Update the value of a key value\&. Not implemented at the moment\&. +.RE +.PP +help|? +.RS 4 +Print a list of available commands\&. +.RE +.PP +exit|quit +.RS 4 +Leave regshell\&. +.RE +.SH "EXAMPLES" +.PP +Browsing thru a nt4 registry file +.sp +.if n \{\ +.RS 4 +.\} +.nf +\fBregshell \-b nt4 NTUSER\&.DAT\fR +$$$PROTO\&.HIV> \fBls\fR +K AppEvents +K Console +K Control Panel +K Environment +K Identities +K Keyboard Layout +K Network +K Printers +K Software +K UNICODE Program Groups +K Windows 3\&.1 Migration Status +$$$PROTO\&.HIV> \fBexit\fR +.fi +.if n \{\ +.RE +.\} +.PP +Listing the subkeys of HKEY_CURRENT_USER\eAppEvents on a remote computer: +.sp +.if n \{\ +.RS 4 +.\} +.nf +\fBregshell \-\-remote=ncacn_np:aurelia \-c "jelmer%secret"\fR +HKEY_CURRENT_MACHINE> \fBpredef HKEY_CURRENT_USER\fR +HKEY_CURRENT_USER> \fBcd AppEvents\fR +Current path is: HKEY_CURRENT_USER\eAppEvents +HKEY_CURRENT_USER\eAppEvents> \fBls\fR +K EventLabels +K Schemes +HKEY_CURRENT_USER\eAppEvents> \fBexit\fR +.fi +.if n \{\ +.RE +.\} +.SH "VERSION" +.PP +This man page is correct for version 4\&.0 of the Samba suite\&. +.SH "SEE ALSO" +.PP +regtree, regdiff, regpatch, gregedit, samba +.SH "AUTHOR" +.PP +This utility is part of the +\m[blue]\fBSamba\fR\m[]\&\s-2\u[1]\d\s+2 +suite, which is developed by the global +\m[blue]\fBSamba Team\fR\m[]\&\s-2\u[2]\d\s+2\&. +.PP +This manpage and regshell were written by Jelmer Vernooij\&. +.SH "NOTES" +.IP " 1." 4 +Samba +.RS 4 +\%http://www.samba.org/ +.RE +.IP " 2." 4 +Samba Team +.RS 4 +\%http://www.samba.org/samba/team/ +.RE diff --git a/net/samba419/files/man/regtree.1 b/net/samba419/files/man/regtree.1 new file mode 100644 index 000000000000..f245298d49e0 --- /dev/null +++ b/net/samba419/files/man/regtree.1 @@ -0,0 +1,89 @@ +'\" t +.\" Title: regtree +.\" Author: [see the "AUTHOR" section] +.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/> +.\" Date: 08/09/2022 +.\" Manual: System Administration tools +.\" Source: Samba 4.0 +.\" Language: English +.\" +.TH "REGTREE" "1" "08/09/2022" "Samba 4\&.0" "System Administration tools" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +regtree \- Text\-mode registry viewer +.SH "SYNOPSIS" +.HP \w'\fBregtree\fR\ 'u +\fBregtree\fR [\-\-help] [\-\-backend=BACKEND] [\-\-fullpath] [\-\-no\-values] [\-\-credentials=CREDENTIALS] [location] +.SH "DESCRIPTION" +.PP +The regtree utility prints out all the contents of a Windows registry file\&. Subkeys are printed with one level more indentation than their parents\&. +.SH "OPTIONS" +.PP +\-\-help +.RS 4 +Show list of available options\&. +.RE +.PP +\-\-backend BACKEND +.RS 4 +Name of backend to load\&. Possible values are: creg, regf, dir and rpc\&. The default is +\fIdir\fR\&. +.RE +.PP +\-\-credentials=CREDENTIALS +.RS 4 +Credentials to use, if any\&. Password should be separated from user name by a percent sign\&. +.RE +.PP +\-\-fullpath +.RS 4 +Print the full path to each key instead of only its name\&. +.RE +.PP +\-\-no\-values +.RS 4 +Don\*(Aqt print values, just keys\&. +.RE +.SH "VERSION" +.PP +This man page is correct for version 4\&.0 of the Samba suite\&. +.SH "SEE ALSO" +.PP +gregedit, regshell, regdiff, regpatch, samba +.SH "AUTHOR" +.PP +This utility is part of the +\m[blue]\fBSamba\fR\m[]\&\s-2\u[1]\d\s+2 +suite, which is developed by the global +\m[blue]\fBSamba Team\fR\m[]\&\s-2\u[2]\d\s+2\&. +.PP +This manpage and regtree were written by Jelmer Vernooij\&. +.SH "NOTES" +.IP " 1." 4 +Samba +.RS 4 +\%http://www.samba.org/ +.RE +.IP " 2." 4 +Samba Team +.RS 4 +\%http://www.samba.org/samba/team/ +.RE diff --git a/net/samba419/files/man/rpcclient.1 b/net/samba419/files/man/rpcclient.1 new file mode 100644 index 000000000000..899c53ad68ad --- /dev/null +++ b/net/samba419/files/man/rpcclient.1 @@ -0,0 +1,1961 @@ +'\" t +.\" Title: rpcclient +.\" Author: [see the "AUTHOR" section] +.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/> +.\" Date: 08/09/2022 +.\" Manual: User Commands +.\" Source: Samba 4.16.4 +.\" Language: English +.\" +.TH "RPCCLIENT" "1" "08/09/2022" "Samba 4\&.16\&.4" "User Commands" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +rpcclient \- tool for executing client side MS\-RPC functions +.SH "SYNOPSIS" +.HP \w'\ 'u +rpcclient [\-c|\-\-command=COMMANDS] [\-I|\-\-dest\-ip=IP] [\-p|\-\-port=PORT] [\-?|\-\-help] [\-\-usage] [\-d|\-\-debuglevel=DEBUGLEVEL] [\-\-debug\-stdout] [\-\-configfile=CONFIGFILE] [\-\-option=name=value] [\-l|\-\-log\-basename=LOGFILEBASE] [\-\-leak\-report] [\-\-leak\-report\-full] [\-R|\-\-name\-resolve=NAME\-RESOLVE\-ORDER] [\-O|\-\-socket\-options=SOCKETOPTIONS] [\-m|\-\-max\-protocol=MAXPROTOCOL] [\-n|\-\-netbiosname=NETBIOSNAME] [\-\-netbios\-scope=SCOPE] [\-W|\-\-workgroup=WORKGROUP] [\-\-realm=REALM] [\-U|\-\-user=[DOMAIN/]USERNAME[%PASSWORD]] [\-N|\-\-no\-pass] [\-\-password=STRING] [\-\-pw\-nt\-hash] [\-A|\-\-authentication\-file=FILE] [\-P|\-\-machine\-pass] [\-\-simple\-bind\-dn=DN] [\-\-use\-kerberos=desired|required|off] [\-\-use\-krb5\-ccache=CCACHE] [\-\-use\-winbind\-ccache] [\-\-client\-protection=sign|encrypt|off] [\-V|\-\-version] {BINDING\-STRING|HOST} +.SH "DESCRIPTION" +.PP +This tool is part of the +\fBsamba\fR(7) +suite\&. +.PP +rpcclient +is a utility initially developed to test MS\-RPC functionality in Samba itself\&. It has undergone several stages of development and stability\&. Many system administrators have now written scripts around it to manage Windows NT clients from their UNIX workstation\&. +.SH "OPTIONS" +.PP +BINDING\-STRING|HOST +.RS 4 +When connecting to a dcerpc service you need to specify a binding string\&. +.sp +The format is: +.sp +TRANSPORT:host[options] +.sp +where TRANSPORT is either ncacn_np (named pipes) for SMB or ncacn_ip_tcp for DCERPC over TCP/IP\&. +.sp +"host" is an IP or hostname or netbios name\&. If the binding string identifies the server side of an endpoint, "host" may be an empty string\&. See below for more details\&. +.sp +"options" can include a SMB pipe name if using the ncacn_np transport or a TCP port number if using the ncacn_ip_tcp transport, otherwise they will be auto\-determined\&. +.sp +Examples: +.RS +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fIncacn_ip_tcp:samba\&.example\&.com[1024]\fR +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fIncacn_ip_tcp:samba\&.example\&.com[sign,seal,krb5]\fR +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fIncacn_ip_tcp:samba\&.example\&.com[sign,spnego]\fR +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fIncacn_np:samba\&.example\&.com\fR +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fIncacn_np:samba\&.example\&.com[samr]\fR +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fIncacn_np:samba\&.example\&.com[samr,sign,print]\fR +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fIncalrpc:/path/to/unix/socket\fR +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fI//SAMBA\fR +.RE +.sp +.RE +The supported transports are: +.RS +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fIncacn_np\fR +\- Connect using named pipes +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fIncacn_ip_tcp\fR +\- Connect over TCP/IP +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fIncalrpc\fR +\- Connect over local RPC (unix sockets) +.RE +.sp +.RE +The supported options are: +.RS +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fIsign\fR +\- Use RPC integrity authentication level +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fIseal\fR +\- Enable RPC privacy (encryption) authentication level +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fIconnect\fR +\- Use RPC connect level authentication (auth, but no sign or seal) +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fIpacket\fR +\- Use RPC packet authentication level +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fIspnego\fR +\- Use SPNEGO instead of NTLMSSP authentication +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fIntlm\fR +\- Use plain NTLM instead of SPNEGO or NTLMSSP +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fIkrb5\fR +\- Use Kerberos instead of NTLMSSP authentication +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fIschannel\fR +\- Create a schannel connection +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fIsmb1\fR +\- Use SMB1 for named pipes +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fIsmb2\fR +\- Use SMB2/3 for named pipes +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fIvalidate\fR +\- Enable the NDR validator +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fIprint\fR +\- Enable debug output of packets +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fIpadcheck\fR +\- Check reply data for non\-zero pad bytes +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fIbigendian\fR +\- Use big endian for RPC +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fIndr64\fR +\- Use NDR64 for RPC +.RE +.sp +.RE +.RE +.PP +\-c|\-\-command=<command string> +.RS 4 +Execute semicolon separated commands (listed below) +.RE +.PP +\-I|\-\-dest\-ip IP\-address +.RS 4 +\fIIP address\fR +is the address of the server to connect to\&. It should be specified in standard "a\&.b\&.c\&.d" notation\&. +.sp +Normally the client would attempt to locate a named SMB/CIFS server by looking it up via the NetBIOS name resolution mechanism described above in the +\fIname resolve order\fR +parameter above\&. Using this parameter will force the client to assume that the server is on the machine with the specified IP address and the NetBIOS name component of the resource being connected to will be ignored\&. +.sp +There is no default for this parameter\&. If not supplied, it will be determined automatically by the client as described above\&. +.RE +.PP +\-p|\-\-port port +.RS 4 +This number is the TCP port number that will be used when making connections to the server\&. The standard (well\-known) TCP port number for an SMB/CIFS server is 139, which is the default\&. +.RE +.PP +\-?|\-\-help +.RS 4 +Print a summary of command line options\&. +.RE +.PP +\-\-usage +.RS 4 +Display brief usage message\&. +.RE +.PP +\-d|\-\-debuglevel=DEBUGLEVEL +.RS 4 +\fIlevel\fR +is an integer from 0 to 10\&. The default value if this parameter is not specified is 1 for client applications\&. +.sp +The higher this value, the more detail will be logged to the log files about the activities of the server\&. At level 0, only critical errors and serious warnings will be logged\&. Level 1 is a reasonable level for day\-to\-day running \- it generates a small amount of information about operations carried out\&. +.sp +Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&. +.sp +Note that specifying this parameter here will override the +\m[blue]\fBlog level\fR\m[] +parameter in the +smb\&.conf +file\&. +.RE +.PP +\-\-debug\-stdout +.RS 4 +This will redirect debug output to STDOUT\&. By default all clients are logging to STDERR\&. +.RE +.PP +\-\-configfile=<configuration file> +.RS 4 +The file specified contains the configuration details required by the client\&. The information in this file can be general for client and server or only provide client specific like options such as +\m[blue]\fBclient smb encrypt\fR\m[]\&. See +smb\&.conf +for more information\&. The default configuration file name is determined at compile time\&. +.RE +.PP +\-\-option=<name>=<value> +.RS 4 +Set the +\fBsmb.conf\fR(5) +option "<name>" to value "<value>" from the command line\&. This overrides compiled\-in defaults and options read from the configuration file\&. If a name or a value includes a space, wrap whole \-\-option=name=value into quotes\&. +.RE +.PP +\-l|\-\-log\-basename=logdirectory +.RS 4 +Base directory name for log/debug files\&. The extension +\fB"\&.progname"\fR +will be appended (e\&.g\&. log\&.smbclient, log\&.smbd, etc\&.\&.\&.)\&. The log file is never removed by the client\&. +.RE +.PP +\-\-leak\-report +.RS 4 +Enable talloc leak reporting on exit\&. +.RE +.PP +\-\-leak\-report\-full +.RS 4 +Enable full talloc leak reporting on exit\&. +.RE +.PP +\-V|\-\-version +.RS 4 +Prints the program version number\&. +.RE +.PP +\-R|\-\-name\-resolve=NAME\-RESOLVE\-ORDER +.RS 4 +This option is used to determine what naming services and in what order to resolve host names to IP addresses\&. The option takes a space\-separated string of different name resolution options\&. The best ist to wrap the whole \-\-name\-resolve=NAME\-RESOLVE\-ORDER into quotes\&. +.sp +The options are: "lmhosts", "host", "wins" and "bcast"\&. They cause names to be resolved as follows: +.RS +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fBlmhosts\fR: Lookup an IP address in the Samba lmhosts file\&. If the line in lmhosts has no name type attached to the NetBIOS name (see the +\fBlmhosts\fR(5) +for details) then any name type matches for lookup\&. +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fBhost\fR: Do a standard host name to IP address resolution, using the system +/etc/hosts, NIS, or DNS lookups\&. This method of name resolution is operating system dependent, for instance on IRIX or Solaris this may be controlled by the +/etc/nsswitch\&.conf +file)\&. Note that this method is only used if the NetBIOS name type being queried is the 0x20 (server) name type, otherwise it is ignored\&. +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fBwins\fR: Query a name with the IP address listed in the +\fIwins server\fR +parameter\&. If no WINS server has been specified this method will be ignored\&. +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fBbcast\fR: Do a broadcast on each of the known local interfaces listed in the +\fIinterfaces\fR +parameter\&. This is the least reliable of the name resolution methods as it depends on the target host being on a locally connected subnet\&. +.RE +.sp +.RE +If this parameter is not set then the name resolve order defined in the +smb\&.conf +file parameter (\m[blue]\fBname resolve order\fR\m[]) will be used\&. +.sp +The default order is lmhosts, host, wins, bcast\&. Without this parameter or any entry in the +\m[blue]\fBname resolve order\fR\m[] +parameter of the +smb\&.conf +file, the name resolution methods will be attempted in this order\&. +.RE +.PP +\-O|\-\-socket\-options=SOCKETOPTIONS +.RS 4 +TCP socket options to set on the client socket\&. See the socket options parameter in the +smb\&.conf +manual page for the list of valid options\&. +.RE +.PP +\-m|\-\-max\-protocol=MAXPROTOCOL +.RS 4 +The value of the parameter (a string) is the highest protocol level that will be supported by the client\&. +.sp +Note that specifying this parameter here will override the +\m[blue]\fBclient max protocol\fR\m[] +parameter in the +smb\&.conf +file\&. +.RE +.PP +\-n|\-\-netbiosname=NETBIOSNAME +.RS 4 +This option allows you to override the NetBIOS name that Samba uses for itself\&. This is identical to setting the +\m[blue]\fBnetbios name\fR\m[] +parameter in the +smb\&.conf +file\&. However, a command line setting will take precedence over settings in +smb\&.conf\&. +.RE +.PP +\-\-netbios\-scope=SCOPE +.RS 4 +This specifies a NetBIOS scope that +nmblookup +will use to communicate with when generating NetBIOS names\&. For details on the use of NetBIOS scopes, see rfc1001\&.txt and rfc1002\&.txt\&. NetBIOS scopes are +\fIvery\fR +rarely used, only set this parameter if you are the system administrator in charge of all the NetBIOS systems you communicate with\&. +.RE +.PP +\-W|\-\-workgroup=WORKGROUP +.RS 4 +Set the SMB domain of the username\&. This overrides the default domain which is the domain defined in smb\&.conf\&. If the domain specified is the same as the servers NetBIOS name, it causes the client to log on using the servers local SAM (as opposed to the Domain SAM)\&. +.sp +Note that specifying this parameter here will override the +\m[blue]\fBworkgroup\fR\m[] +parameter in the +smb\&.conf +file\&. +.RE +.PP +\-r|\-\-realm=REALM +.RS 4 +Set the realm for the domain\&. +.sp +Note that specifying this parameter here will override the +\m[blue]\fBrealm\fR\m[] +parameter in the +smb\&.conf +file\&. +.RE +.PP +\-U|\-\-user=[DOMAIN\e]USERNAME[%PASSWORD] +.RS 4 +Sets the SMB username or username and password\&. +.sp +If %PASSWORD is not specified, the user will be prompted\&. The client will first check the +\fBUSER\fR +environment variable (which is also permitted to also contain the password seperated by a %), then the +\fBLOGNAME\fR +variable (which is not permitted to contain a password) and if either exists, the value is used\&. If these environmental variables are not found, the username found in a Kerberos Credentials cache may be used\&. +.sp +A third option is to use a credentials file which contains the plaintext of the username and password\&. This option is mainly provided for scripts where the admin does not wish to pass the credentials on the command line or via environment variables\&. If this method is used, make certain that the permissions on the file restrict access from unwanted users\&. See the +\fI\-A\fR +for more details\&. +.sp +Be cautious about including passwords in scripts or passing user\-supplied values onto the command line\&. For security it is better to let the Samba client tool ask for the password if needed, or obtain the password once with +kinit\&. +.sp +While Samba will attempt to scrub the password from the process title (as seen in ps), this is after startup and so is subject to a race\&. +.RE +.PP +\-N|\-\-no\-pass +.RS 4 +If specified, this parameter suppresses the normal password prompt from the client to the user\&. This is useful when accessing a service that does not require a password\&. +.sp +Unless a password is specified on the command line or this parameter is specified, the client will request a password\&. +.sp +If a password is specified on the command line and this option is also defined the password on the command line will be silently ignored and no password will be used\&. +.RE +.PP +\-\-password +.RS 4 +Specify the password on the commandline\&. +.sp +Be cautious about including passwords in scripts or passing user\-supplied values onto the command line\&. For security it is better to let the Samba client tool ask for the password if needed, or obtain the password once with +kinit\&. +.sp +If \-\-password is not specified, the tool will check the +\fBPASSWD\fR +environment variable, followed by +\fBPASSWD_FD\fR +which is expected to contain an open file descriptor (FD) number\&. +.sp +Finally it will check +\fBPASSWD_FILE\fR +(containing a file path to be opened)\&. The file should only contain the password\&. Make certain that the permissions on the file restrict access from unwanted users! +.sp +While Samba will attempt to scrub the password from the process title (as seen in ps), this is after startup and so is subject to a race\&. +.RE +.PP +\-\-pw\-nt\-hash +.RS 4 +The supplied password is the NT hash\&. +.RE +.PP +\-A|\-\-authentication\-file=filename +.RS 4 +This option allows you to specify a file from which to read the username and password used in the connection\&. The format of the file is: +.sp +.if n \{\ +.RS 4 +.\} +.nf + username = <value> + password = <value> + domain = <value> + +.fi +.if n \{\ +.RE +.\} +.sp +Make certain that the permissions on the file restrict access from unwanted users! +.RE +.PP +\-P|\-\-machine\-pass +.RS 4 +Use stored machine account password\&. +.RE +.PP +\-\-simple\-bind\-dn=DN +.RS 4 +DN to use for a simple bind\&. +.RE +.PP +\-\-use\-kerberos=desired|required|off +.RS 4 +This parameter determines whether Samba client tools will try to authenticate using Kerberos\&. For Kerberos authentication you need to use dns names instead of IP addresses when connnecting to a service\&. +.sp +Note that specifying this parameter here will override the +\m[blue]\fBclient use kerberos\fR\m[] +parameter in the +smb\&.conf +file\&. +.RE +.PP +\-\-use\-krb5\-ccache=CCACHE +.RS 4 +Specifies the credential cache location for Kerberos authentication\&. +.sp +This will set \-\-use\-kerberos=required too\&. +.RE +.PP +\-\-use\-winbind\-ccache +.RS 4 +Try to use the credential cache by winbind\&. +.RE +.PP +\-\-client\-protection=sign|encrypt|off +.RS 4 +Sets the connection protection the client tool should use\&. +.sp +Note that specifying this parameter here will override the +\m[blue]\fBclient protection\fR\m[] +parameter in the +smb\&.conf +file\&. +.sp +In case you need more fine grained control you can use: +\-\-option=clientsmbencrypt=OPTION, +\-\-option=clientipcsigning=OPTION, +\-\-option=clientsigning=OPTION\&. +.RE +.SH "COMMANDS" +.SS "LSARPC" +.PP +lsaquery +.RS 4 +Query info policy +.RE +.PP +lookupsids +.RS 4 +Convert SIDs to names +.RE +.PP +lookupsids3 +.RS 4 +Convert SIDs to names +.RE +.PP +lookupsids_level +.RS 4 +Convert SIDs to names +.RE +.PP +lookupnames +.RS 4 +Convert names to SIDs +.RE +.PP +lookupnames4 +.RS 4 +Convert names to SIDs +.RE +.PP +lookupnames_level +.RS 4 +Convert names to SIDs +.RE +.PP +enumtrust +.RS 4 +Enumerate trusted domains +.RE +.PP +enumprivs +.RS 4 +Enumerate privileges +.RE +.PP +getdispname +.RS 4 +Get the privilege name +.RE +.PP +lsaenumsid +.RS 4 +Enumerate the LSA SIDS +.RE +.PP +lsacreateaccount +.RS 4 +Create a new lsa account +.RE +.PP +lsaenumprivsaccount +.RS 4 +Enumerate the privileges of an SID +.RE +.PP +lsaenumacctrights +.RS 4 +Enumerate the rights of an SID +.RE +.PP +lsaaddpriv +.RS 4 +Assign a privilege to a SID +.RE +.PP +lsadelpriv +.RS 4 +Revoke a privilege from a SID +.RE +.PP +lsaaddacctrights +.RS 4 +Add rights to an account +.RE +.PP +lsaremoveacctrights +.RS 4 +Remove rights from an account +.RE +.PP +lsalookupprivvalue +.RS 4 +Get a privilege value given its name +.RE +.PP +lsaquerysecobj +.RS 4 +Query LSA security object +.RE +.PP +lsaquerytrustdominfo +.RS 4 +Query LSA trusted domains info (given a SID) +.RE +.PP +lsaquerytrustdominfobyname +.RS 4 +Query LSA trusted domains info (given a name), only works for Windows > 2k +.RE +.PP +lsaquerytrustdominfobysid +.RS 4 +Query LSA trusted domains info (given a SID) +.RE +.PP +lsasettrustdominfo +.RS 4 +Set LSA trusted domain info +.RE +.PP +getusername +.RS 4 +Get username +.RE +.PP +createsecret +.RS 4 +Create Secret +.RE +.PP +deletesecret +.RS 4 +Delete Secret +.RE +.PP +querysecret +.RS 4 +Query Secret +.RE +.PP +setsecret +.RS 4 +Set Secret +.RE +.PP +retrieveprivatedata +.RS 4 +Retrieve Private Data +.RE +.PP +storeprivatedata +.RS 4 +Store Private Data +.RE +.PP +createtrustdom +.RS 4 +Create Trusted Domain +.RE +.PP +deletetrustdom +.RS 4 +Delete Trusted Domain +.RE +.SS "LSARPC\-DS" +.PP +dsroledominfo +.RS 4 +Get Primary Domain Information +.RE +.SS "DFS" +.PP +dfsversion +.RS 4 +Query DFS support +.RE +.PP +dfsadd +.RS 4 +Add a DFS share +.RE +.PP +dfsremove +.RS 4 +Remove a DFS share +.RE +.PP +dfsgetinfo +.RS 4 +Query DFS share info +.RE +.PP +dfsenum +.RS 4 +Enumerate dfs shares +.RE +.PP +dfsenumex +.RS 4 +Enumerate dfs shares +.RE +.SS "SHUTDOWN" +.PP +shutdowninit +.RS 4 +syntax: shutdown [\-m message] +.RE +.PP +shutdownabort +.RS 4 +syntax: shutdownabort +.RE +.SS "SRVSVC" +.PP +srvinfo +.RS 4 +Server query info +.RE +.PP +netshareenum +.RS 4 +Enumerate shares +.RE +.PP +netshareenumall +.RS 4 +Enumerate all shares +.RE +.PP +netsharegetinfo +.RS 4 +Get Share Info +.RE +.PP +netsharesetinfo +.RS 4 +Set Share Info +.RE +.PP +netsharesetdfsflags +.RS 4 +Set DFS flags +.RE +.PP +netfileenum +.RS 4 +Enumerate open files +.RE +.PP +netremotetod +.RS 4 +Fetch remote time of day +.RE +.PP +netnamevalidate +.RS 4 +Validate sharename +.RE +.PP +netfilegetsec +.RS 4 +Get File security +.RE +.PP +netsessdel +.RS 4 +Delete Session +.RE +.PP +netsessenum +.RS 4 +Enumerate Sessions +.RE +.PP +netdiskenum +.RS 4 +Enumerate Disks +.RE +.PP +netconnenum +.RS 4 +Enumerate Connections +.RE +.PP +netshareadd +.RS 4 +Add share +.RE +.PP +netsharedel +.RS 4 +Delete share +.RE +.SS "SAMR" +.PP +queryuser +.RS 4 +Query user info +.RE +.PP +querygroup +.RS 4 +Query group info +.RE +.PP +queryusergroups +.RS 4 +Query user groups +.RE +.PP +queryuseraliases +.RS 4 +Query user aliases +.RE +.PP +querygroupmem +.RS 4 +Query group membership +.RE +.PP +queryaliasmem +.RS 4 +Query alias membership +.RE +.PP +queryaliasinfo +.RS 4 +Query alias info +.RE +.PP +deletealias +.RS 4 +Delete an alias +.RE +.PP +querydispinfo +.RS 4 +Query display info +.RE +.PP +querydispinfo2 +.RS 4 +Query display info +.RE +.PP +querydispinfo3 +.RS 4 +Query display info +.RE +.PP +querydominfo +.RS 4 +Query domain info +.RE +.PP +enumdomusers +.RS 4 +Enumerate domain users +.RE +.PP +enumdomgroups +.RS 4 +Enumerate domain groups +.RE +.PP +enumalsgroups +.RS 4 +Enumerate alias groups +.RE +.PP +enumdomains +.RS 4 +Enumerate domains +.RE +.PP +createdomuser +.RS 4 +Create domain user +.RE +.PP +createdomgroup +.RS 4 +Create domain group +.RE +.PP +createdomalias +.RS 4 +Create domain alias +.RE +.PP +samlookupnames +.RS 4 +Look up names +.RE +.PP +samlookuprids +.RS 4 +Look up names +.RE +.PP +deletedomgroup +.RS 4 +Delete domain group +.RE +.PP +deletedomuser +.RS 4 +Delete domain user +.RE +.PP +samquerysecobj +.RS 4 +Query SAMR security object +.RE +.PP +getdompwinfo +.RS 4 +Retrieve domain password info +.RE +.PP +getusrdompwinfo +.RS 4 +Retrieve user domain password info +.RE +.PP +lookupdomain +.RS 4 +Lookup Domain Name +.RE +.PP +chgpasswd +.RS 4 +Change user password +.RE +.PP +chgpasswd2 +.RS 4 +Change user password +.RE +.PP +chgpasswd3 +.RS 4 +Change user password +.RE +.PP +getdispinfoidx +.RS 4 +Get Display Information Index +.RE +.PP +setuserinfo +.RS 4 +Set user info +.RE +.PP +setuserinfo2 +.RS 4 +Set user info2 +.RE +.SS "SPOOLSS" +.PP +adddriver <arch> <config> [<version>] +.RS 4 +Execute an AddPrinterDriver() RPC to install the printer driver information on the server\&. Note that the driver files should already exist in the directory returned by +getdriverdir\&. Possible values for +\fIarch\fR +are the same as those for the +getdriverdir +command\&. The +\fIconfig\fR +parameter is defined as follows: +.sp +.if n \{\ +.RS 4 +.\} +.nf +Long Driver Name:\e +Driver File Name:\e +Data File Name:\e +Config File Name:\e +Help File Name:\e +Language Monitor Name:\e +Default Data Type:\e +Comma Separated list of Files +.fi +.if n \{\ +.RE +.\} +.sp +Any empty fields should be enter as the string "NULL"\&. +.sp +Samba does not need to support the concept of Print Monitors since these only apply to local printers whose driver can make use of a bi\-directional link for communication\&. This field should be "NULL"\&. On a remote NT print server, the Print Monitor for a driver must already be installed prior to adding the driver or else the RPC will fail\&. +.sp +The +\fIversion\fR +parameter lets you specify the printer driver version number\&. If omitted, the default driver version for the specified architecture will be used\&. This option can be used to upload Windows 2000 (version 3) printer drivers\&. +.RE +.PP +addprinter <printername> <sharename> <drivername> <port> +.RS 4 +Add a printer on the remote server\&. This printer will be automatically shared\&. Be aware that the printer driver must already be installed on the server (see +adddriver) and the +\fIport\fRmust be a valid port name (see +enumports\&. +.RE +.PP +deldriver <driver> +.RS 4 +Delete the specified printer driver for all architectures\&. This does not delete the actual driver files from the server, only the entry from the server\*(Aqs list of drivers\&. +.RE +.PP +deldriverex <driver> [architecture] [version] [flags] +.RS 4 +Delete the specified printer driver and optionally files associated with the driver\&. You can limit this action to a specific architecture and a specific version\&. If no architecture is given, all driver files of that driver will be deleted\&. +\fIflags\fR +correspond to numeric DPD_* values, i\&.e\&. a value of 3 requests (DPD_DELETE_UNUSED_FILES | DPD_DELETE_SPECIFIC_VERSION)\&. +.RE +.PP +enumdata +.RS 4 +Enumerate all printer setting data stored on the server\&. On Windows NT clients, these values are stored in the registry, while Samba servers store them in the printers TDB\&. This command corresponds to the MS Platform SDK GetPrinterData() function (* This command is currently unimplemented)\&. +.RE +.PP +enumdataex +.RS 4 +Enumerate printer data for a key +.RE +.PP +enumkey +.RS 4 +Enumerate printer keys +.RE +.PP +enumjobs <printer> +.RS 4 +List the jobs and status of a given printer\&. This command corresponds to the MS Platform SDK EnumJobs() function +.RE +.PP +getjob +.RS 4 +Get print job +.RE +.PP +setjob +.RS 4 +Set print job +.RE +.PP +enumports [level] +.RS 4 +Executes an EnumPorts() call using the specified info level\&. Currently only info levels 1 and 2 are supported\&. +.RE +.PP +enumdrivers [level] +.RS 4 +Execute an EnumPrinterDrivers() call\&. This lists the various installed printer drivers for all architectures\&. Refer to the MS Platform SDK documentation for more details of the various flags and calling options\&. Currently supported info levels are 1, 2, and 3\&. +.RE +.PP +enumprinters [level] +.RS 4 +Execute an EnumPrinters() call\&. This lists the various installed and share printers\&. Refer to the MS Platform SDK documentation for more details of the various flags and calling options\&. Currently supported info levels are 1, 2 and 5\&. +.RE +.PP +getdata <printername> <valuename;> +.RS 4 +Retrieve the data for a given printer setting\&. See the +enumdata +command for more information\&. This command corresponds to the GetPrinterData() MS Platform SDK function\&. +.RE +.PP +getdataex +.RS 4 +Get printer driver data with keyname +.RE +.PP +getdriver <printername> +.RS 4 +Retrieve the printer driver information (such as driver file, config file, dependent files, etc\&.\&.\&.) for the given printer\&. This command corresponds to the GetPrinterDriver() MS Platform SDK function\&. Currently info level 1, 2, and 3 are supported\&. +.RE +.PP +getdriverdir <arch> +.RS 4 +Execute a GetPrinterDriverDirectory() RPC to retrieve the SMB share name and subdirectory for storing printer driver files for a given architecture\&. Possible values for +\fIarch\fR +are "Windows 4\&.0" (for Windows 95/98), "Windows NT x86", "Windows NT PowerPC", "Windows Alpha_AXP", and "Windows NT R4000"\&. +.RE +.PP +getdriverpackagepath +.RS 4 +Get print driver package download directory +.RE +.PP +getprinter <printername> +.RS 4 +Retrieve the current printer information\&. This command corresponds to the GetPrinter() MS Platform SDK function\&. +.RE +.PP +openprinter <printername> +.RS 4 +Execute an OpenPrinterEx() and ClosePrinter() RPC against a given printer\&. +.RE +.PP +openprinter_ex <printername> +.RS 4 +Open printer handle +.RE +.PP +setdriver <printername> <drivername> +.RS 4 +Execute a SetPrinter() command to update the printer driver associated with an installed printer\&. The printer driver must already be correctly installed on the print server\&. +.sp +See also the +enumprinters +and +enumdrivers +commands for obtaining a list of of installed printers and drivers\&. +.RE +.PP +getprintprocdir +.RS 4 +Get print processor directory +.RE +.PP +addform +.RS 4 +Add form +.RE +.PP +setform +.RS 4 +Set form +.RE +.PP +getform +.RS 4 +Get form +.RE +.PP +deleteform +.RS 4 +Delete form +.RE +.PP +enumforms +.RS 4 +Enumerate form +.RE +.PP +setprinter +.RS 4 +Set printer comment +.RE +.PP +setprinterdata +.RS 4 +Set REG_SZ printer data +.RE +.PP +setprintername <printername> <newprintername> +.RS 4 +Set printer name +.RE +.PP +rffpcnex +.RS 4 +Rffpcnex test +.RE +.PP +printercmp +.RS 4 +Printer comparison test +.RE +.PP +enumprocs +.RS 4 +Enumerate Print Processors +.RE +.PP +enumprocdatatypes +.RS 4 +Enumerate Print Processor Data Types +.RE +.PP +enummonitors +.RS 4 +Enumerate Print Monitors +.RE +.PP +createprinteric +.RS 4 +Create Printer IC +.RE +.PP +playgdiscriptonprinteric +.RS 4 +Create Printer IC +.RE +.PP +getcoreprinterdrivers +.RS 4 +Get CorePrinterDriver +.RE +.PP +enumpermachineconnections +.RS 4 +Enumerate Per Machine Connections +.RE +.PP +addpermachineconnection +.RS 4 +Add Per Machine Connection +.RE +.PP +delpermachineconnection +.RS 4 +Delete Per Machine Connection +.RE +.SS "NETLOGON" +.PP +logonctrl2 +.RS 4 +Logon Control 2 +.RE +.PP +getanydcname +.RS 4 +Get trusted DC name +.RE +.PP +getdcname +.RS 4 +Get trusted PDC name +.RE +.PP +dsr_getdcname +.RS 4 +Get trusted DC name +.RE +.PP +dsr_getdcnameex +.RS 4 +Get trusted DC name +.RE +.PP +dsr_getdcnameex2 +.RS 4 +Get trusted DC name +.RE +.PP +dsr_getsitename +.RS 4 +Get sitename +.RE +.PP +dsr_getforesttrustinfo +.RS 4 +Get Forest Trust Info +.RE +.PP +logonctrl +.RS 4 +Logon Control +.RE +.PP +samlogon +.RS 4 +Sam Logon +.RE +.PP +change_trust_pw +.RS 4 +Change Trust Account Password +.RE +.PP +gettrustrid +.RS 4 +Get trust rid +.RE +.PP +dsr_enumtrustdom +.RS 4 +Enumerate trusted domains +.RE +.PP +dsenumdomtrusts +.RS 4 +Enumerate all trusted domains in an AD forest +.RE +.PP +deregisterdnsrecords +.RS 4 +Deregister DNS records +.RE +.PP +netrenumtrusteddomains +.RS 4 +Enumerate trusted domains +.RE +.PP +netrenumtrusteddomainsex +.RS 4 +Enumerate trusted domains +.RE +.PP +getdcsitecoverage +.RS 4 +Get the Site\-Coverage from a DC +.RE +.PP +capabilities +.RS 4 +Return Capabilities +.RE +.PP +logongetdomaininfo +.RS 4 +Return LogonGetDomainInfo +.RE +.SS "FSRVP" +.PP +fss_is_path_sup +.RS 4 +Check whether a share supports shadow\-copy +.RE +.PP +fss_get_sup_version +.RS 4 +Get supported FSRVP version from server +.RE +.PP +fss_create_expose +.RS 4 +Request shadow\-copy creation and exposure +.RE +.PP +fss_delete +.RS 4 +Request shadow\-copy share deletion +.RE +.PP +fss_has_shadow_copy +.RS 4 +Check for an associated share shadow\-copy +.RE +.PP +fss_get_mapping +.RS 4 +Get shadow\-copy share mapping information +.RE +.PP +fss_recovery_complete +.RS 4 +Flag read\-write snapshot as recovery complete, +.RE +.SS "CLUSAPI" +.PP +clusapi_open_cluster +.RS 4 +Open cluster +.RE +.PP +clusapi_get_cluster_name +.RS 4 +Get cluster name +.RE +.PP +clusapi_get_cluster_version +.RS 4 +Get cluster version +.RE +.PP +clusapi_get_quorum_resource +.RS 4 +Get quorum resource +.RE +.PP +clusapi_create_enum +.RS 4 +Create enum query +.RE +.PP +clusapi_create_enumex +.RS 4 +Create enumex query +.RE +.PP +clusapi_open_resource +.RS 4 +Open cluster resource +.RE +.PP +clusapi_online_resource +.RS 4 +Set cluster resource online +.RE +.PP +clusapi_offline_resource +.RS 4 +Set cluster resource offline +.RE +.PP +clusapi_get_resource_state +.RS 4 +Get cluster resource state +.RE +.PP +clusapi_get_cluster_version2 +.RS 4 +Get cluster version2 +.RE +.PP +clusapi_pause_node +.RS 4 +Pause cluster node +.RE +.PP +clusapi_resume_node +.RS 4 +Resume cluster node +.RE +.SS "DRSUAPI" +.PP +dscracknames +.RS 4 +Crack Name +.RE +.PP +dsgetdcinfo +.RS 4 +Get Domain Controller Info +.RE +.PP +dsgetncchanges +.RS 4 +Get NC Changes +.RE +.PP +dswriteaccountspn +.RS 4 +Write Account SPN +.RE +.SS "ECHO" +.PP +echoaddone +.RS 4 +Add one to a number +.RE +.PP +echodata +.RS 4 +Echo data +.RE +.PP +sinkdata +.RS 4 +Sink data +.RE +.PP +sourcedata +.RS 4 +Source data +.RE +.SS "EPMAPPER" +.PP +epmmap +.RS 4 +Map a binding +.RE +.PP +epmlookup +.RS 4 +Lookup bindings +.RE +.SS "EVENTLOG" +.PP +eventlog_readlog +.RS 4 +Read Eventlog +.RE +.PP +eventlog_numrecord +.RS 4 +Get number of records +.RE +.PP +eventlog_oldestrecord +.RS 4 +Get oldest record +.RE +.PP +eventlog_reportevent +.RS 4 +Report event +.RE +.PP +eventlog_reporteventsource +.RS 4 +Report event and source +.RE +.PP +eventlog_registerevsource +.RS 4 +Register event source +.RE +.PP +eventlog_backuplog +.RS 4 +Backup Eventlog File +.RE +.PP +eventlog_loginfo +.RS 4 +Get Eventlog Information +.RE +.SS "IRemoteWinspool" +.PP +winspool_AsyncOpenPrinter +.RS 4 +Open printer handle +.RE +.PP +winspool_AsyncCorePrinterDriverInstalled +.RS 4 +Query Core Printer Driver Installed +.RE +.SS "NTSVCS" +.PP +ntsvcs_getversion +.RS 4 +Query NTSVCS version +.RE +.PP +ntsvcs_validatedevinst +.RS 4 +Query NTSVCS device instance +.RE +.PP +ntsvcs_hwprofflags +.RS 4 +Query NTSVCS HW prof flags +.RE +.PP +ntsvcs_hwprofinfo +.RS 4 +Query NTSVCS HW prof info +.RE +.PP +ntsvcs_getdevregprop +.RS 4 +Query NTSVCS device registry property +.RE +.PP +ntsvcs_getdevlistsize +.RS 4 +Query NTSVCS device list size +.RE +.PP +ntsvcs_getdevlist +.RS 4 +Query NTSVCS device list +.RE +.SS "MDSSVC" +.PP +fetch_properties +.RS 4 +Fetch connection properties +.RE +.PP +fetch_attributes +.RS 4 +Fetch attributes for a CNID +.RE +.SS "WINREG" +.PP +winreg_enumkey +.RS 4 +Enumerate Keys +.RE +.PP +querymultiplevalues +.RS 4 +Query multiple values +.RE +.PP +querymultiplevalues2 +.RS 4 +Query multiple values +.RE +.SS "WITNESS" +.PP +GetInterfaceList +.RS 4 +List the interfaces to which witness client connections can be made +.RE +.PP +Register +.RS 4 +Register for resource state change notifications of a NetName and IPAddress +.RE +.PP +UnRegister +.RS 4 +Unregister for notifications from the server +.RE +.PP +AsyncNotify +.RS 4 +Request notification of registered resource changes from the server +.RE +.PP +RegisterEx +.RS 4 +Register for resource state change notifications of a NetName, ShareName and multiple IPAddresses +.RE +.SS "WKSSVC" +.PP +wkssvc_wkstagetinfo +.RS 4 +Query WKSSVC Workstation Information +.RE +.PP +wkssvc_getjoininformation +.RS 4 +Query WKSSVC Join Information +.RE +.PP +wkssvc_messagebuffersend +.RS 4 +Send WKSSVC message +.RE +.PP +wkssvc_enumeratecomputernames +.RS 4 +Enumerate WKSSVC computer names +.RE +.PP +wkssvc_enumerateusers +.RS 4 +Enumerate WKSSVC users +.RE +.SS "GENERAL OPTIONS" +.PP +help +.RS 4 +Get help on commands +.RE +.PP +? +.RS 4 +Get help on commands +.RE +.PP +debuglevel +.RS 4 +Set debug level +.RE +.PP +debug +.RS 4 +Set debug level +.RE +.PP +list +.RS 4 +List available commands on pipe +.RE +.PP +exit +.RS 4 +Exit program +.RE +.PP +quit +.RS 4 +Exit program +.RE +.PP +sign +.RS 4 +Force RPC pipe connections to be signed +.RE +.PP +seal +.RS 4 +Force RPC pipe connections to be sealed +.RE +.PP +packet +.RS 4 +Force RPC pipe connections with packet authentication level +.RE +.PP +schannel +.RS 4 +Force RPC pipe connections to be sealed with \*(Aqschannel\*(Aq\&. Force RPC pipe connections to be sealed with \*(Aqschannel\*(Aq\&. Assumes valid machine account to this domain controller\&. +.RE +.PP +schannelsign +.RS 4 +Force RPC pipe connections to be signed (not sealed) with \*(Aqschannel\*(Aq\&. Assumes valid machine account to this domain controller\&. +.RE +.PP +timeout +.RS 4 +Set timeout (in milliseconds) for RPC operations +.RE +.PP +transport +.RS 4 +Choose ncacn transport for RPC operations +.RE +.PP +none +.RS 4 +Force RPC pipe connections to have no special properties +.RE +.SH "BUGS" +.PP +rpcclient +is designed as a developer testing tool and may not be robust in certain areas (such as command line parsing)\&. It has been known to generate a core dump upon failures when invalid parameters where passed to the interpreter\&. +.PP +From Luke Leighton\*(Aqs original rpcclient man page: +.PP +\fIWARNING!\fR +The MSRPC over SMB code has been developed from examining Network traces\&. No documentation is available from the original creators (Microsoft) on how MSRPC over SMB works, or how the individual MSRPC services work\&. Microsoft\*(Aqs implementation of these services has been demonstrated (and reported) to be\&.\&.\&. a bit flaky in places\&. +.PP +The development of Samba\*(Aqs implementation is also a bit rough, and as more of the services are understood, it can even result in versions of +\fBsmbd\fR(8) +and +\fBrpcclient\fR(1) +that are incompatible for some commands or services\&. Additionally, the developers are sending reports to Microsoft, and problems found or reported to Microsoft are fixed in Service Packs, which may result in incompatibilities\&. +.SH "VERSION" +.PP +This man page is part of version 4\&.16\&.4 of the Samba suite\&. +.SH "AUTHOR" +.PP +The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&. +.PP +The original rpcclient man page was written by Matthew Geddes, Luke Kenneth Casson Leighton, and rewritten by Gerald Carter\&. The conversion to DocBook for Samba 2\&.2 was done by Gerald Carter\&. The conversion to DocBook XML 4\&.2 for Samba 3\&.0 was done by Alexander Bokovoy\&. diff --git a/net/samba419/files/man/samba-gpupdate.8 b/net/samba419/files/man/samba-gpupdate.8 new file mode 100644 index 000000000000..17e27207ebba --- /dev/null +++ b/net/samba419/files/man/samba-gpupdate.8 @@ -0,0 +1,122 @@ +'\" t +.\" Title: SAMBA_GPOUPDATE +.\" Author: [see the "AUTHOR" section] +.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/> +.\" Date: 2017-07-11 +.\" Manual: System Administration tools +.\" Source: Samba 4.8.0 +.\" Language: English +.\" +.TH "SAMBA_GPOUPDATE" "8" "2017\-07\-11" "Samba 4\&.8\&.0" "System Administration tools" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +samba-gpupdate \- apply group policy +.SH "SYNOPSIS" +.HP \w'\fBsamba\-gpupdate\fR\ 'u +\fBsamba\-gpupdate\fR +.HP \w'\fBsamba\-gpupdate\fR\ 'u +\fBsamba\-gpupdate\fR [\fIoptions\fR] +.SH "DESCRIPTION" +.PP +This tool is part of the +\fBsamba\fR(1) +suite\&. +.PP +\fBsamba\-gpupdate\fR +a script for applying and unapplying Group Policy\&. This applies password policies (minimum/maximum password age, minimum password length, and password complexity), kerberos policies (user/service ticket lifetime and renew lifetime), smb\&.conf policies, hourly/daily/weekly/monthly cron scripts, Sudo Privileges, Message of the Day and Logon Prompt messages, etc\&. +.SH "OPTIONS" +.PP +\fB\-h\fR, +\fB\-\-help\fR +show this help message and exit +.PP +\fB\-H \fRURL, +\fB\-\-url\fR=\fIURL\fR +URL for the samdb +.PP +\fB\-X\fR, +\fB\-\-unapply\fR +Unapply Group Policy +.PP +\fB\-\-target\fR +{Computer | User} +.PP +\fB\-\-force\fR +Reapplies all policy settings +.PP +\fB\-\-rsop\fR +Print the Resultant Set of Policy +.PP +Samba Common Options: +.PP +\fB\-s \fRFILE, +\fB\-\-configfile\fR=\fIFILE\fR +Configuration file +.PP +\fB\-d \fRDEBUGLEVEL, +\fB\-\-debuglevel\fR=\fIDEBUGLEVEL\fR +debug level +.PP +\fB\-\-option\fR=\fIOPTION\fR +set smb\&.conf option from command line +.PP +\fB\-\-realm\fR=\fIREALM\fR +set the realm name +.PP +Version Options: +.PP +\fB\-V\fR, +\fB\-\-version\fR +Display version number +.PP +Credentials Options: +.PP +\fB\-\-simple\-bind\-dn\fR=\fIDN\fR +DN to use for a simple bind +.PP +\fB\-\-password\fR=\fIPASSWORD\fR +Password +.PP +\fB\-U \fRUSERNAME, +\fB\-\-username\fR=\fIUSERNAME\fR +Username +.PP +\fB\-W \fRWORKGROUP, +\fB\-\-workgroup\fR=\fIWORKGROUP\fR +Workgroup +.PP +\fB\-N\fR, +\fB\-\-no\-pass\fR +Don\*(Aqt ask for a password +.PP +\fB\-k \fRKERBEROS, +\fB\-\-kerberos\fR=\fIKERBEROS\fR +Use Kerberos +.PP +\fB\-\-ipaddress\fR=\fIIPADDRESS\fR +IP address of server +.PP +\fB\-P\fR, +\fB\-\-machine\-pass\fR +Use stored machine account password +.SH "AUTHOR" +.PP +The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&. diff --git a/net/samba419/files/man/samba.7 b/net/samba419/files/man/samba.7 new file mode 100644 index 000000000000..e95fad49abb5 --- /dev/null +++ b/net/samba419/files/man/samba.7 @@ -0,0 +1,254 @@ +'\" t +.\" Title: samba +.\" Author: [see the "AUTHOR" section] +.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/> +.\" Date: 08/09/2022 +.\" Manual: Miscellanea +.\" Source: Samba 4.16.4 +.\" Language: English +.\" +.TH "SAMBA" "7" "08/09/2022" "Samba 4\&.16\&.4" "Miscellanea" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +samba \- A Windows AD and SMB/CIFS fileserver for UNIX +.SH "SYNOPSIS" +.HP \w'\ 'u +samba +.SH "DESCRIPTION" +.PP +The Samba software suite is a collection of programs that implements the Server Message Block (commonly abbreviated as SMB) protocol for UNIX systems and provides Active Directory services\&. The first version of the SMB protocol is sometimes also referred to as the Common Internet File System (CIFS)\&. For a more thorough description, see +http://www\&.ubiqx\&.org/cifs/\&. Samba also implements the NetBIOS protocol in nmbd\&. +.PP +\fBsamba\fR(8) +.RS 4 +The +samba +daemon provides the Active Directory services and file and print services to SMB clients\&. The configuration file for this daemon is described in +\fBsmb.conf\fR(5)\&. +.RE +.PP +\fBsmbd\fR(8) +.RS 4 +The +smbd +daemon provides the file and print services to SMB clients\&. The configuration file for this daemon is described in +\fBsmb.conf\fR(5)\&. +.RE +.PP +\fBnmbd\fR(8) +.RS 4 +The +nmbd +daemon provides NetBIOS nameservice and browsing support\&. The configuration file for this daemon is described in +\fBsmb.conf\fR(5)\&. +.RE +.PP +\fBwinbindd\fR(8) +.RS 4 +winbindd +is a daemon that is used for integrating authentication and the user database into unix\&. +.RE +.PP +\fBsmbclient\fR(1) +.RS 4 +The +smbclient +program implements a simple ftp\-like client\&. This is useful for accessing SMB shares on other compatible SMB servers, and can also be used to allow a UNIX box to print to a printer attached to any SMB server\&. +.RE +.PP +\fBsamba-tool\fR(8) +.RS 4 +The +samba\-tool +is the main Samba Administration tool regarding Active Directory services\&. +.RE +.PP +\fBtestparm\fR(1) +.RS 4 +The +testparm +utility is a simple syntax checker for Samba\*(Aqs +\fBsmb.conf\fR(5) +configuration file\&. In AD server mode +samba\-tool testparm +should be used though\&. +.RE +.PP +\fBsmbstatus\fR(1) +.RS 4 +The +smbstatus +tool provides access to information about the current connections to +smbd\&. +.RE +.PP +\fBnmblookup\fR(1) +.RS 4 +The +nmblookup +tool allows NetBIOS name queries to be made\&. +.RE +.PP +\fBsmbpasswd\fR(8) +.RS 4 +The +smbpasswd +command is a tool for setting passwords on local Samba but also on remote SMB servers\&. +.RE +.PP +\fBsmbcacls\fR(1) +.RS 4 +The +smbcacls +command is a tool to set ACL\*(Aqs on remote SMB servers\&. +.RE +.PP +\fBsmbtree\fR(1) +.RS 4 +The +smbtree +command is a text\-based network neighborhood tool\&. +.RE +.PP +\fBsmbtar\fR(1) +.RS 4 +The +smbtar |