move from unstable: samba

packages/samba/0001-The-great-tmp-path-replacement.patch

@@ -0,0 +1,399 @@
+diff -uNr samba-4.14.4/auth/credentials/credentials_krb5.c samba-4.14.4.mod/auth/credentials/credentials_krb5.c
+--- samba-4.14.4/auth/credentials/credentials_krb5.c	2021-01-21 13:20:40.000000000 +0000
++++ samba-4.14.4.mod/auth/credentials/credentials_krb5.c	2021-05-06 11:30:43.338213898 +0000
+@@ -625,7 +625,7 @@
+ 		must_free_cc_name = true;
+ 
+ 		if (lpcfg_parm_bool(lp_ctx, NULL, "credentials", "krb5_cc_file", false)) {
+-			ccache_name = talloc_asprintf(ccc, "FILE:/tmp/krb5_cc_samba_%u_%p", 
++			ccache_name = talloc_asprintf(ccc, "FILE:@TERMUX_PREFIX@/tmp/krb5_cc_samba_%u_%p",
+ 						      (unsigned int)getpid(), ccc);
+ 		} else {
+ 			ccache_name = talloc_asprintf(ccc, "MEMORY:%p", 
+diff -uNr samba-4.14.4/ctdb/tests/src/porting_tests.c samba-4.14.4.mod/ctdb/tests/src/porting_tests.c
+--- samba-4.14.4/ctdb/tests/src/porting_tests.c	2021-01-21 13:20:40.000000000 +0000
++++ samba-4.14.4.mod/ctdb/tests/src/porting_tests.c	2021-05-06 11:30:43.338213898 +0000
+@@ -41,7 +41,7 @@
+ 	pid_t helper_pid;
+ 	int socket;
+ } globals = {
+-	.socketname = "/tmp/test.sock"
++	.socketname = "@TERMUX_PREFIX@/tmp/test.sock"
+ };
+ 
+ 
+diff -uNr samba-4.14.4/lib/ldb/tools/ldbedit.c samba-4.14.4.mod/lib/ldb/tools/ldbedit.c
+--- samba-4.14.4/lib/ldb/tools/ldbedit.c	2021-01-21 13:20:40.000000000 +0000
++++ samba-4.14.4.mod/lib/ldb/tools/ldbedit.c	2021-05-06 11:30:43.338213898 +0000
+@@ -218,7 +218,7 @@
+ {
+ 	int fd, ret;
+ 	FILE *f;
+-	char file_template[] = "/tmp/ldbedit.XXXXXX";
++	char file_template[] = "@TERMUX_PREFIX@/tmp/ldbedit.XXXXXX";
+ 	char *cmd;
+ 	struct ldb_ldif *ldif;
+ 	struct ldb_message **msgs2 = NULL;
+diff -uNr samba-4.14.4/lib/param/loadparm.c samba-4.14.4.mod/lib/param/loadparm.c
+--- samba-4.14.4/lib/param/loadparm.c	2021-01-21 13:20:40.000000000 +0000
++++ samba-4.14.4.mod/lib/param/loadparm.c	2021-05-06 11:30:43.338213898 +0000
+@@ -2514,12 +2514,12 @@
+ 
+ 		tmp = lpcfg_parm_string(lp_ctx, NULL, "vlp", "tdbfile");
+ 		if (tmp == NULL) {
+-			tmp = "/tmp/vlp.tdb";
++			tmp = "@TERMUX_PREFIX@/tmp/vlp.tdb";
+ 		}
+ 
+ 		tdbfile = talloc_asprintf(tmp_ctx, "tdbfile=%s", tmp);
+ 		if (tdbfile == NULL) {
+-			tdbfile="tdbfile=/tmp/vlp.tdb";
++			tdbfile="tdbfile=@TERMUX_PREFIX@/tmp/vlp.tdb";
+ 		}
+ 
+ 		tmp = talloc_asprintf(tmp_ctx, "vlp %s print %%p %%s",
+diff -uNr samba-4.14.4/lib/replace/wscript samba-4.14.4.mod/lib/replace/wscript
+--- samba-4.14.4/lib/replace/wscript	2021-01-21 13:20:40.000000000 +0000
++++ samba-4.14.4.mod/lib/replace/wscript	2021-05-06 11:30:43.342213897 +0000
+@@ -778,8 +778,8 @@
+ 
+     conf.CHECK_CODE('''
+                     struct stat st;
+-                    char tpl[20]="/tmp/test.XXXXXX";
+-                    char tpl2[20]="/tmp/test.XXXXXX";
++                    char tpl[51]="@TERMUX_PREFIX@/tmp/test.XXXXXX";
++                    char tpl2[51]="@TERMUX_PREFIX@/tmp/test.XXXXXX";
+                     int fd = mkstemp(tpl);
+                     int fd2 = mkstemp(tpl2);
+                     if (fd == -1) {
+@@ -793,7 +793,7 @@
+                     unlink(tpl2);
+                     if (fstat(fd, &st) != 0) exit(1);
+                     if ((st.st_mode & 0777) != 0600) exit(1);
+-                    if (strcmp(tpl, "/tmp/test.XXXXXX") == 0) {
++                    if (strcmp(tpl, "@TERMUX_PREFIX@/tmp/test.XXXXXX") == 0) {
+                           exit(1);
+                     }
+                     if (strcmp(tpl, tpl2) == 0) {
+diff -uNr samba-4.14.4/lib/util/util.c samba-4.14.4.mod/lib/util/util.c
+--- samba-4.14.4/lib/util/util.c	2021-01-21 13:20:40.000000000 +0000
++++ samba-4.14.4.mod/lib/util/util.c	2021-05-06 11:30:43.342213897 +0000
+@@ -62,7 +62,7 @@
+ 	char *p;
+ 	if ((p = getenv("TMPDIR")))
+ 		return p;
+-	return "/tmp";
++	return "@TERMUX_PREFIX@/tmp";
+ }
+ 
+ 
+diff -uNr samba-4.14.4/nsswitch/winbind_nss_aix.c samba-4.14.4.mod/nsswitch/winbind_nss_aix.c
+--- samba-4.14.4/nsswitch/winbind_nss_aix.c	2021-01-21 13:20:40.000000000 +0000
++++ samba-4.14.4.mod/nsswitch/winbind_nss_aix.c	2021-05-06 11:30:43.342213897 +0000
+@@ -63,7 +63,7 @@
+ 	if (!debug_enabled) {
+ 		return;
+ 	}
+-	f = fopen("/tmp/WINBIND_DEBUG.log", "a");
++	f = fopen("@TERMUX_PREFIX@/tmp/WINBIND_DEBUG.log", "a");
+ 	if (!f) return;
+ 	va_start(ap, format);
+ 	vfprintf(f, format, ap);
+diff -uNr samba-4.14.4/source3/client/smbspool_krb5_wrapper.c samba-4.14.4.mod/source3/client/smbspool_krb5_wrapper.c
+--- samba-4.14.4/source3/client/smbspool_krb5_wrapper.c	2021-01-21 13:20:40.000000000 +0000
++++ samba-4.14.4.mod/source3/client/smbspool_krb5_wrapper.c	2021-05-06 11:30:43.342213897 +0000
+@@ -309,7 +309,7 @@
+ 	}
+ 
+ 	/* Fallback to a FILE ccache */
+-	snprintf(gen_cc, sizeof(gen_cc), "FILE:/tmp/krb5cc_%u", uid);
++	snprintf(gen_cc, sizeof(gen_cc), "FILE:@TERMUX_PREFIX@/tmp/krb5cc_%u", uid);
+ 
+ create_env:
+ 	/*
+diff -uNr samba-4.14.4/source3/lib/smbconf/testsuite.c samba-4.14.4.mod/source3/lib/smbconf/testsuite.c
+--- samba-4.14.4/source3/lib/smbconf/testsuite.c	2021-01-21 13:20:40.000000000 +0000
++++ samba-4.14.4.mod/source3/lib/smbconf/testsuite.c	2021-05-06 11:30:43.342213897 +0000
+@@ -208,7 +208,7 @@
+ {
+ 	sbcErr err;
+ 	bool ret = true;
+-	const char *filename = "/tmp/smb.conf.smbconf_testsuite";
++	const char *filename = "@TERMUX_PREFIX@/tmp/smb.conf.smbconf_testsuite";
+ 	struct smbconf_ctx *conf_ctx = NULL;
+ 	TALLOC_CTX *mem_ctx = talloc_stackframe();
+ 
+diff -uNr samba-4.14.4/source3/modules/vfs_virusfilter.c samba-4.14.4.mod/source3/modules/vfs_virusfilter.c
+--- samba-4.14.4/source3/modules/vfs_virusfilter.c	2021-04-20 10:04:03.000000000 +0000
++++ samba-4.14.4.mod/source3/modules/vfs_virusfilter.c	2021-05-06 11:31:15.350214614 +0000
+@@ -292,7 +292,7 @@
+ 
+ 	quarantine_dir = lp_parm_const_string(
+ 		snum, "virusfilter", "quarantine directory",
+-		tmp ? tmp : "/tmp/.quarantine");
++		tmp ? tmp : "@TERMUX_PREFIX@/tmp/.quarantine");
+ 	if (quarantine_dir != NULL) {
+ 		config->quarantine_dir = talloc_strdup(config, quarantine_dir);
+ 		if (config->quarantine_dir == NULL) {
+diff -uNr samba-4.14.4/source3/modules/vfs_virusfilter_fsav.c samba-4.14.4.mod/source3/modules/vfs_virusfilter_fsav.c
+--- samba-4.14.4/source3/modules/vfs_virusfilter_fsav.c	2021-01-21 13:20:40.000000000 +0000
++++ samba-4.14.4.mod/source3/modules/vfs_virusfilter_fsav.c	2021-05-06 11:30:43.342213897 +0000
+@@ -23,7 +23,7 @@
+ #ifdef FSAV_DEFAULT_SOCKET_PATH
+ #  define VIRUSFILTER_DEFAULT_SOCKET_PATH	FSAV_DEFAULT_SOCKET_PATH
+ #else
+-#  define VIRUSFILTER_DEFAULT_SOCKET_PATH	"/tmp/.fsav-0"
++#  define VIRUSFILTER_DEFAULT_SOCKET_PATH	"@TERMUX_PREFIX@/tmp/.fsav-0"
+ #endif
+ 
+ /* Default values for module-specific configuration variables */
+diff -uNr samba-4.14.4/source3/registry/tests/test_regfio.c samba-4.14.4.mod/source3/registry/tests/test_regfio.c
+--- samba-4.14.4/source3/registry/tests/test_regfio.c	2021-01-21 13:20:40.000000000 +0000
++++ samba-4.14.4.mod/source3/registry/tests/test_regfio.c	2021-05-06 11:30:43.342213897 +0000
+@@ -65,7 +65,7 @@
+ 	if (ret == 0) {
+ 		test_ctx = talloc_get_type_abort(*state, struct test_ctx);
+ 
+-		test_ctx->tmp_regfile = talloc_strdup(test_ctx, "/tmp/regfio.XXXXXX");
++		test_ctx->tmp_regfile = talloc_strdup(test_ctx, "@TERMUX_PREFIX@/tmp/regfio.XXXXXX");
+ 		assert_non_null(test_ctx->tmp_regfile);
+ 
+ 		test_ctx->tmp_regfile_fd = mkstemp(test_ctx->tmp_regfile);
+diff -uNr samba-4.14.4/source3/smbd/notifyd/tests.c samba-4.14.4.mod/source3/smbd/notifyd/tests.c
+--- samba-4.14.4/source3/smbd/notifyd/tests.c	2021-01-21 13:20:40.000000000 +0000
++++ samba-4.14.4.mod/source3/smbd/notifyd/tests.c	2021-05-06 11:30:43.342213897 +0000
+@@ -66,12 +66,12 @@
+ 			.instance.filter = UINT32_MAX,
+ 			.instance.subdir_filter = UINT32_MAX
+ 		};
+-		char path[64];
++		char path[256];
+ 		size_t len;
+ 		struct iovec iov[2];
+ 		NTSTATUS status;
+ 
+-		len = snprintf(path, sizeof(path), "/tmp%u", i);
++		len = snprintf(path, sizeof(path), "@TERMUX_PREFIX@/tmp%u", i);
+ 
+ 		iov[0].iov_base = &msg;
+ 		iov[0].iov_len = offsetof(struct notify_rec_change_msg, path);
+diff -uNr samba-4.14.4/source3/smbd/process.c samba-4.14.4.mod/source3/smbd/process.c
+--- samba-4.14.4/source3/smbd/process.c	2021-01-21 13:20:40.000000000 +0000
++++ samba-4.14.4.mod/source3/smbd/process.c	2021-05-06 11:30:43.342213897 +0000
+@@ -1418,7 +1418,7 @@
+ 	len = smb_len_tcp(data)+4;
+ 	for (i=1;i<100;i++) {
+ 		fname = talloc_asprintf(talloc_tos(),
+-				"/tmp/%s.%d.%s",
++				"@TERMUX_PREFIX@/tmp/%s.%d.%s",
+ 				name,
+ 				i,
+ 				type ? "req" : "resp");
+diff -uNr samba-4.14.4/source3/utils/interact.c samba-4.14.4.mod/source3/utils/interact.c
+--- samba-4.14.4/source3/utils/interact.c	2021-01-21 13:20:40.000000000 +0000
++++ samba-4.14.4.mod/source3/utils/interact.c	2021-05-06 11:30:43.342213897 +0000
+@@ -76,7 +76,7 @@
+ 
+ 
+ char* interact_edit(TALLOC_CTX* mem_ctx, const char* str) {
+-	char fname[] = "/tmp/net_idmap_check.XXXXXX";
++	char fname[] = "@TERMUX_PREFIX@/tmp/net_idmap_check.XXXXXX";
+ 	char buf[128];
+ 	char* ret = NULL;
+ 	FILE* file;
+diff -uNr samba-4.14.4/source3/utils/net_rpc_samsync.c samba-4.14.4.mod/source3/utils/net_rpc_samsync.c
+--- samba-4.14.4/source3/utils/net_rpc_samsync.c	2021-01-21 13:20:40.000000000 +0000
++++ samba-4.14.4.mod/source3/utils/net_rpc_samsync.c	2021-05-06 11:30:43.342213897 +0000
+@@ -47,7 +47,7 @@
+ 		   "\t to pull accounts from a remote PDC where we are a BDC\n"
+ 		   "\t\t no args puts accounts in local passdb from smb.conf\n"
+ 		   "\t\t ldif - put accounts in ldif format (file defaults to "
+-		   "/tmp/tmp.ldif)\n"
++		   "@TERMUX_PREFIX@/tmp/tmp.ldif)\n"
+ 		   "\t\t keytab - put account passwords in krb5 keytab "
+ 		   "(defaults to system keytab)\n"));
+ 
+diff -uNr samba-4.14.4/source3/winbindd/winbindd_pam.c samba-4.14.4.mod/source3/winbindd/winbindd_pam.c
+--- samba-4.14.4/source3/winbindd/winbindd_pam.c	2021-02-04 08:24:37.000000000 +0000
++++ samba-4.14.4.mod/source3/winbindd/winbindd_pam.c	2021-05-06 11:30:43.342213897 +0000
+@@ -573,11 +573,11 @@
+ 	if (uid != -1) {
+ 		if (strequal(type, "FILE")) {
+ 			gen_cc = talloc_asprintf(
+-				mem_ctx, "FILE:/tmp/krb5cc_%d", uid);
++				mem_ctx, "FILE:@TERMUX_PREFIX@/tmp/krb5cc_%d", uid);
+ 		}
+ 		if (strequal(type, "WRFILE")) {
+ 			gen_cc = talloc_asprintf(
+-				mem_ctx, "WRFILE:/tmp/krb5cc_%d", uid);
++				mem_ctx, "WRFILE:@TERMUX_PREFIX@/tmp/krb5cc_%d", uid);
+ 		}
+ 		if (strequal(type, "KEYRING")) {
+ 			gen_cc = talloc_asprintf(
+diff -uNr samba-4.14.4/source4/heimdal/lib/krb5/expand_path.c samba-4.14.4.mod/source4/heimdal/lib/krb5/expand_path.c
+--- samba-4.14.4/source4/heimdal/lib/krb5/expand_path.c	2021-01-21 13:20:40.000000000 +0000
++++ samba-4.14.4.mod/source4/heimdal/lib/krb5/expand_path.c	2021-05-06 11:30:43.346213897 +0000
+@@ -287,11 +287,11 @@
+     const char *p = NULL;
+ 
+     if (issuid())
+-	p = getenv("TEMP");
++	p = getenv("TMPDIR");
+     if (p)
+ 	*ret = strdup(p);
+     else
+-	*ret = strdup("/tmp");
++	*ret = strdup("@TERMUX_PREFIX@/tmp");
+     if (*ret == NULL)
+ 	return ENOMEM;
+     return 0;
+diff -uNr samba-4.14.4/source4/heimdal/lib/krb5/krb5.h samba-4.14.4.mod/source4/heimdal/lib/krb5/krb5.h
+--- samba-4.14.4/source4/heimdal/lib/krb5/krb5.h	2021-01-21 13:20:40.000000000 +0000
++++ samba-4.14.4.mod/source4/heimdal/lib/krb5/krb5.h	2021-05-06 11:30:43.346213897 +0000
+@@ -351,7 +351,7 @@
+ #ifdef KRB5_USE_PATH_TOKENS
+ #define KRB5_DEFAULT_CCFILE_ROOT "%{TEMP}/krb5cc_"
+ #else
+-#define KRB5_DEFAULT_CCFILE_ROOT "/tmp/krb5cc_"
++#define KRB5_DEFAULT_CCFILE_ROOT "@TERMUX_PREFIX@/tmp/krb5cc_"
+ #endif
+ 
+ #define KRB5_DEFAULT_CCROOT "FILE:" KRB5_DEFAULT_CCFILE_ROOT
+diff -uNr samba-4.14.4/source4/heimdal/lib/krb5/krb5_locl.h samba-4.14.4.mod/source4/heimdal/lib/krb5/krb5_locl.h
+--- samba-4.14.4/source4/heimdal/lib/krb5/krb5_locl.h	2021-01-21 13:20:40.000000000 +0000
++++ samba-4.14.4.mod/source4/heimdal/lib/krb5/krb5_locl.h	2021-05-06 11:30:43.346213897 +0000
+@@ -303,7 +303,7 @@
+ } krb5_context_data;
+ 
+ #ifndef KRB5_USE_PATH_TOKENS
+-#define KRB5_DEFAULT_CCNAME_FILE "FILE:/tmp/krb5cc_%{uid}"
++#define KRB5_DEFAULT_CCNAME_FILE "FILE:@TERMUX_PREFIX@/tmp/krb5cc_%{uid}"
+ #else
+ #define KRB5_DEFAULT_CCNAME_FILE "FILE:%{TEMP}/krb5cc_%{uid}"
+ #endif
+diff -uNr samba-4.14.4/source4/heimdal/lib/krb5/krb5-v4compat.h samba-4.14.4.mod/source4/heimdal/lib/krb5/krb5-v4compat.h
+--- samba-4.14.4/source4/heimdal/lib/krb5/krb5-v4compat.h	2021-01-21 13:20:40.000000000 +0000
++++ samba-4.14.4.mod/source4/heimdal/lib/krb5/krb5-v4compat.h	2021-05-06 11:30:43.346213897 +0000
+@@ -108,7 +108,7 @@
+ #ifdef KRB5_USE_PATH_TOKENS
+ #define TKT_ROOT "%{TEMP}/tkt"
+ #else
+-#define TKT_ROOT "/tmp/tkt"
++#define TKT_ROOT "@TERMUX_PREFIX@/tmp/tkt"
+ #endif
+ #endif
+ 
+diff -uNr samba-4.14.4/source4/librpc/tests/binding_string.c samba-4.14.4.mod/source4/librpc/tests/binding_string.c
+--- samba-4.14.4/source4/librpc/tests/binding_string.c	2021-01-21 13:20:40.000000000 +0000
++++ samba-4.14.4.mod/source4/librpc/tests/binding_string.c	2021-05-06 11:30:43.346213897 +0000
+@@ -127,9 +127,9 @@
+ 	"ncadg_ip_udp:",
+ 	"308FB580-1EB2-11CA-923B-08002B1075A7@ncacn_np:localhost",
+ 	"308FB580-1EB2-11CA-923B-08002B1075A7@ncacn_ip_tcp:127.0.0.1",
+-	"ncacn_unix_stream:[/tmp/epmapper]",
++	"ncacn_unix_stream:[@TERMUX_PREFIX@/tmp/epmapper]",
+ 	"ncalrpc:[IDENTIFIER]",
+-	"ncacn_unix_stream:[/tmp/epmapper,sign]",
++	"ncacn_unix_stream:[@TERMUX_PREFIX@/tmp/epmapper,sign]",
+ 	"ncacn_ip_tcp:127.0.0.1[75,target_hostname=port75.example.com,target_principal=host/port75.example.com]",
+ 	"ncacn_ip_tcp:127.0.0.1[75,connect,target_hostname=port75.example.com,target_principal=host/port75.example.com,assoc_group_id=0x01234567]",
+ 	"ncacn_ip_tcp:127.0.0.1[75,packet,target_hostname=port75.example.com,target_principal=host/port75.example.com,assoc_group_id=0x01234567]",
+diff -uNr samba-4.14.4/source4/param/tests/share.c samba-4.14.4.mod/source4/param/tests/share.c
+--- samba-4.14.4/source4/param/tests/share.c	2021-01-21 13:20:40.000000000 +0000
++++ samba-4.14.4.mod/source4/param/tests/share.c	2021-05-06 11:30:43.346213897 +0000
+@@ -50,7 +50,7 @@
+ 	bool found = false;
+ 	struct share_info inf[] = { 
+ 		{ SHARE_INFO_STRING, SHARE_TYPE, discard_const_p(void *, "IPC$") },
+-		{ SHARE_INFO_STRING, SHARE_PATH, discard_const_p(void *, "/tmp/bla") }
++		{ SHARE_INFO_STRING, SHARE_PATH, discard_const_p(void *, "@TERMUX_PREFIX@/tmp/bla") }
+ 	};
+ 	NTSTATUS status;
+ 
+@@ -126,7 +126,7 @@
+ 	struct share_context *ctx = (struct share_context *)discard_const(tcase_data);
+ 	struct share_info inf[] = { 
+ 		{ SHARE_INFO_STRING, SHARE_TYPE, discard_const_p(void *, "IPC$") },
+-		{ SHARE_INFO_STRING, SHARE_PATH, discard_const_p(void *, "/tmp/bla") }
++		{ SHARE_INFO_STRING, SHARE_PATH, discard_const_p(void *, "@TERMUX_PREFIX@/tmp/bla") }
+ 	};
+ 	NTSTATUS status;
+ 
+@@ -149,7 +149,7 @@
+ 	struct share_context *ctx = (struct share_context *)discard_const(tcase_data);
+ 	struct share_info inf[] = { 
+ 		{ SHARE_INFO_STRING, SHARE_TYPE, discard_const_p(void *, "IPC$") },
+-		{ SHARE_INFO_STRING, SHARE_PATH, discard_const_p(void *, "/tmp/bla") }
++		{ SHARE_INFO_STRING, SHARE_PATH, discard_const_p(void *, "@TERMUX_PREFIX@/tmp/bla") }
+ 	};
+ 	NTSTATUS status;
+ 
+diff -uNr samba-4.14.4/testsuite/nsswitch/getgrent_r.c samba-4.14.4.mod/testsuite/nsswitch/getgrent_r.c
+--- samba-4.14.4/testsuite/nsswitch/getgrent_r.c	2021-01-21 13:20:41.000000000 +0000
++++ samba-4.14.4.mod/testsuite/nsswitch/getgrent_r.c	2021-05-06 11:30:43.346213897 +0000
+@@ -14,12 +14,12 @@
+ void dump_grent(char *id)
+ {
+     struct group *gr;
+-    char fname[255];
++    char fname[512];
+     FILE *fptr;
+ 
+     /* Open results file */
+ 
+-    sprintf(fname, "/tmp/getgrent_r-%s.out-%d", id, getpid());
++    sprintf(fname, "@TERMUX_PREFIX@/tmp/getgrent_r-%s.out-%d", id, getpid());
+ 
+     if ((fptr = fopen(fname, "w")) == NULL) {
+         fprintf(stderr, "ERROR: could not open file %s: %s\n", fname,
+diff -uNr samba-4.14.4/testsuite/nsswitch/getpwent_r.c samba-4.14.4.mod/testsuite/nsswitch/getpwent_r.c
+--- samba-4.14.4/testsuite/nsswitch/getpwent_r.c	2021-01-21 13:20:41.000000000 +0000
++++ samba-4.14.4.mod/testsuite/nsswitch/getpwent_r.c	2021-05-06 11:30:43.346213897 +0000
+@@ -14,12 +14,12 @@
+ void dump_pwent(char *id)
+ {
+     struct passwd *pw;
+-    char fname[255];
++    char fname[512];
+     FILE *fptr;
+ 
+     /* Open results file */
+ 
+-    sprintf(fname, "/tmp/getpwent_r-%s.out-%d", id, getpid());
++    sprintf(fname, "@TERMUX_PREFIX@/tmp/getpwent_r-%s.out-%d", id, getpid());
+ 
+     if ((fptr = fopen(fname, "w")) == 0) {
+         fprintf(stderr, "ERROR: could not open file %s: %s\n", fname,
+diff -uNr samba-4.14.4/testsuite/unittests/test_krb5_samba.c samba-4.14.4.mod/testsuite/unittests/test_krb5_samba.c
+--- samba-4.14.4/testsuite/unittests/test_krb5_samba.c	2021-01-21 13:20:41.000000000 +0000
++++ samba-4.14.4.mod/testsuite/unittests/test_krb5_samba.c	2021-05-06 11:30:43.346213897 +0000
+@@ -37,7 +37,7 @@
+ 	krb5_context context = *state;
+ 	krb5_keytab keytab = NULL;
+ 	krb5_error_code code;
+-	char keytab_template[] = "/tmp/keytab.XXXXXX";
++	char keytab_template[] = "@TERMUX_PREFIX@/tmp/keytab.XXXXXX";
+ 	int fd;
+ 
+ 	fd = mkstemp(keytab_template);
+@@ -59,7 +59,7 @@
+ 	krb5_context context = *state;
+ 	krb5_keytab keytab = NULL;
+ 	krb5_error_code code;
+-	char keytab_template[] = "/tmp/keytab.XXXXXX";
++	char keytab_template[] = "@TERMUX_PREFIX@/tmp/keytab.XXXXXX";
+ 	char keytab_file[6 + strlen(keytab_template)];
+ 	int fd;
+ 
+diff -uNr samba-4.14.4/third_party/pam_wrapper/pam_wrapper.c samba-4.14.4.mod/third_party/pam_wrapper/pam_wrapper.c
+--- samba-4.14.4/third_party/pam_wrapper/pam_wrapper.c	2021-01-21 13:20:41.000000000 +0000
++++ samba-4.14.4.mod/third_party/pam_wrapper/pam_wrapper.c	2021-05-06 11:30:43.346213897 +0000
+@@ -1158,7 +1158,7 @@
+ 
+ static void pwrap_init(void)
+ {
+-	char tmp_config_dir[] = "/tmp/pam.X";
++	char tmp_config_dir[] = "@TERMUX_PREFIX@/tmp/pam.X";
+ 	size_t len = strlen(tmp_config_dir);
+ 	const char *env;
+ 	struct stat sb;

packages/samba/0002-Remove-setuid-etc.patch

@@ -0,0 +1,315 @@
+When non-root, this only succeeds when SELinux is in permissive mode.
+
+diff -uNr samba-4.13.2/lib/replace/wscript samba-4.13.2.mod/lib/replace/wscript
+--- samba-4.13.2/lib/replace/wscript	2020-09-15 13:43:18.000000000 +0000
++++ samba-4.13.2.mod/lib/replace/wscript	2020-11-23 13:26:08.057004700 +0000
+@@ -389,8 +389,8 @@
+ 
+     conf.CHECK_FUNCS('shl_load shl_unload shl_findsym')
+     conf.CHECK_FUNCS('pipe strftime srandom random srand rand usleep setbuffer')
+-    conf.CHECK_FUNCS('lstat getpgrp utime utimes setuid seteuid setreuid setresuid setgid setegid')
+-    conf.CHECK_FUNCS('setregid setresgid chroot strerror vsyslog setlinebuf mktime')
++    conf.CHECK_FUNCS('lstat getpgrp utime utimes')
++    conf.CHECK_FUNCS('chroot strerror vsyslog setlinebuf mktime')
+     conf.CHECK_FUNCS('ftruncate chsize rename waitpid wait4')
+     conf.CHECK_FUNCS('initgroups pread pwrite strndup strcasestr strsep')
+     conf.CHECK_FUNCS('strtok_r mkdtemp dup2 dprintf vdprintf isatty chown lchown')
+@@ -460,7 +460,7 @@
+     conf.CHECK_FUNCS('if_nametoindex strerror_r')
+     conf.CHECK_FUNCS('syslog')
+     conf.CHECK_FUNCS('gai_strerror get_current_dir_name')
+-    conf.CHECK_FUNCS('timegm getifaddrs freeifaddrs mmap setgroups syscall setsid')
++    conf.CHECK_FUNCS('timegm getifaddrs freeifaddrs mmap syscall setsid')
+     conf.CHECK_FUNCS('getgrent_r getgrgid_r getgrnam_r getgrouplist getpagesize')
+     conf.CHECK_FUNCS('getpwent_r getpwnam_r getpwuid_r epoll_create')
+     conf.CHECK_FUNCS('port_create')
+diff -uNr samba-4.13.2/source3/lib/util_sec.c samba-4.13.2.mod/source3/lib/util_sec.c
+--- samba-4.13.2/source3/lib/util_sec.c	2020-07-09 09:33:56.000000000 +0000
++++ samba-4.13.2.mod/source3/lib/util_sec.c	2020-11-23 13:26:08.057004700 +0000
+@@ -132,11 +132,11 @@
+ 	if ((euid != (uid_t)-1 && geteuid() != euid) ||
+ 	    (ruid != (uid_t)-1 && getuid() != ruid)) {
+ 		if (!non_root_mode()) {
+-			DEBUG(0,("Failed to set uid privileges to (%d,%d) now set to (%d,%d)\n",
++			DEBUG(5,("Failed to set uid privileges to (%d,%d) now set to (%d,%d)\n",
+ 				 (int)ruid, (int)euid,
+ 				 (int)getuid(), (int)geteuid()));
+-			smb_panic("failed to set uid\n");
+-			exit(1);
++			/* smb_panic("failed to set uid\n");
++			exit(1); */
+ 		}
+ 	}
+ }
+@@ -149,12 +149,12 @@
+ 	if ((egid != (gid_t)-1 && getegid() != egid) ||
+ 	    (rgid != (gid_t)-1 && getgid() != rgid)) {
+ 		if (!non_root_mode()) {
+-			DEBUG(0,("Failed to set gid privileges to (%d,%d) now set to (%d,%d) uid=(%d,%d)\n",
++			DEBUG(5,("Failed to set gid privileges to (%d,%d) now set to (%d,%d) uid=(%d,%d)\n",
+ 				 (int)rgid, (int)egid,
+ 				 (int)getgid(), (int)getegid(),
+ 				 (int)getuid(), (int)geteuid()));
+-			smb_panic("failed to set gid\n");
+-			exit(1);
++			/* smb_panic("failed to set gid\n");
++			exit(1); */
+ 		}
+ 	}
+ }
+@@ -501,11 +501,11 @@
+ 	if (samba_setresuid(uid, uid, -1) != 0) {
+ 		return -1;
+ 	}
+-	if (geteuid() != uid || getuid() != uid ||
++	/* if (geteuid() != uid || getuid() != uid ||
+ 			getegid() != gid || getgid() != gid) {
+ 		smb_panic("set_thread_credentials failed\n");
+ 		return -1;
+-	}
++	} */
+ 
+ #ifdef HAVE___THREAD
+ 	cache.active = true;
+diff -uNr samba-4.13.2/source3/modules/vfs_aio_pthread.c samba-4.13.2.mod/source3/modules/vfs_aio_pthread.c
+--- samba-4.13.2/source3/modules/vfs_aio_pthread.c	2020-07-09 09:33:56.000000000 +0000
++++ samba-4.13.2.mod/source3/modules/vfs_aio_pthread.c	2020-11-23 13:27:37.643739200 +0000
+@@ -31,7 +31,7 @@
+ #include <linux/falloc.h>
+ #endif
+ 
+-#if defined(HAVE_OPENAT) && defined(HAVE_LINUX_THREAD_CREDENTIALS)
++#if defined(HAVE_OPENAT)
+ 
+ /*
+  * We must have openat() to do any thread-based
+@@ -53,7 +53,6 @@
+ 	struct smb_filename *smb_fname;
+ 	connection_struct *conn;
+ 	struct smbXsrv_connection *xconn;
+-	const struct security_unix_token *ux_tok;
+ 	uint64_t initial_allocation_size;
+ 	/* Returns. */
+ 	int ret_fd;
+@@ -185,16 +184,6 @@
+ 	struct aio_open_private_data *opd =
+ 		(struct aio_open_private_data *)private_data;
+ 
+-	/* Become the correct credential on this thread. */
+-	if (set_thread_credentials(opd->ux_tok->uid,
+-				opd->ux_tok->gid,
+-				(size_t)opd->ux_tok->ngroups,
+-				opd->ux_tok->groups) != 0) {
+-		opd->ret_fd = -1;
+-		opd->ret_errno = errno;
+-		return;
+-	}
+-
+ 	aio_open_do(opd);
+ }
+ 
+@@ -281,11 +270,11 @@
+ 	};
+ 
+ 	/* Copy our current credentials. */
+-	opd->ux_tok = copy_unix_token(opd, get_current_utok(fsp->conn));
++	/*opd->ux_tok = copy_unix_token(opd, get_current_utok(fsp->conn));
+ 	if (opd->ux_tok == NULL) {
+ 		opd_free(opd);
+ 		return NULL;
+-	}
++	}*/
+ 
+ 	/*
+ 	 * Copy the full fsp_name and smb_fname which is the basename.
+@@ -506,7 +495,7 @@
+ #endif
+ 
+ static struct vfs_fn_pointers vfs_aio_pthread_fns = {
+-#if defined(HAVE_OPENAT) && defined(HAVE_LINUX_THREAD_CREDENTIALS)
++#if defined(HAVE_OPENAT)
+ 	.openat_fn = aio_pthread_openat_fn,
+ #endif
+ };
+diff -uNr samba-4.13.2/source3/modules/vfs_aio_pthread.c.rej samba-4.13.2.mod/source3/modules/vfs_aio_pthread.c.rej
+--- samba-4.13.2/source3/modules/vfs_aio_pthread.c.rej	1970-01-01 00:00:00.000000000 +0000
++++ samba-4.13.2.mod/source3/modules/vfs_aio_pthread.c.rej	2020-11-23 13:26:08.058004764 +0000
+@@ -0,0 +1,11 @@
++--- source3/modules/vfs_aio_pthread.c
+++++ source3/modules/vfs_aio_pthread.c
++@@ -477,7 +466,7 @@ static int aio_pthread_open_fn(vfs_handle_struct *handle,
++ #endif
++ 
++ static struct vfs_fn_pointers vfs_aio_pthread_fns = {
++-#if defined(HAVE_OPENAT) && defined(HAVE_LINUX_THREAD_CREDENTIALS)
+++#if defined(HAVE_OPENAT)
++ 	.open_fn = aio_pthread_open_fn,
++ #endif
++ };
+diff -uNr samba-4.13.2/source3/modules/vfs_default.c samba-4.13.2.mod/source3/modules/vfs_default.c
+--- samba-4.13.2/source3/modules/vfs_default.c	2020-07-09 09:33:56.000000000 +0000
++++ samba-4.13.2.mod/source3/modules/vfs_default.c	2020-11-23 13:26:08.059004828 +0000
+@@ -3303,9 +3303,7 @@
+ 		 */
+ 		have_per_thread_cwd = per_thread_cwd_supported();
+ 	}
+-#ifdef HAVE_LINUX_THREAD_CREDENTIALS
+ 	have_per_thread_creds = true;
+-#endif
+ 	if (have_per_thread_cwd && have_per_thread_creds) {
+ 		do_async = true;
+ 	}
+diff -uNr samba-4.13.2/source3/wscript samba-4.13.2.mod/source3/wscript
+--- samba-4.13.2/source3/wscript	2020-09-07 10:52:25.000000000 +0000
++++ samba-4.13.2.mod/source3/wscript	2020-11-23 13:26:08.060004892 +0000
+@@ -131,7 +131,7 @@
+     conf.CHECK_FUNCS('setsid glob strpbrk crypt16 getauthuid')
+     conf.CHECK_FUNCS('innetgr')
+     conf.CHECK_FUNCS('initgroups select poll rdchk getgrnam getgrent pathconf')
+-    conf.CHECK_FUNCS('setpriv setgidx setuidx setgroups syscall sysconf')
++    conf.CHECK_FUNCS('setpriv syscall sysconf')
+     conf.CHECK_FUNCS('atexit grantpt posix_openpt fallocate')
+     conf.CHECK_FUNCS('fseeko setluid')
+     conf.CHECK_FUNCS('getpwnam', headers='sys/types.h pwd.h')
+@@ -452,15 +452,12 @@
+ rdchk
+ select
+ setenv
+-setgidx
+-setgroups
+ setlocale
+ setluid
+ setmntent
+ setpgid
+ setpriv
+ setsid
+-setuidx
+ statvfs
+ strcasecmp
+ strchr
+@@ -989,110 +986,6 @@
+ #
+ # Ensure we select the correct set of system calls on Linux.
+ #
+-    if (host_os.rfind('linux') > -1):
+-        conf.CHECK_CODE('''
+-#if defined(HAVE_UNISTD_H)
+-#include <unistd.h>
+-#endif
+-#include <stdlib.h>
+-#include <stdio.h>
+-#include <sys/types.h>
+-#include <errno.h>
+-
+-#ifdef HAVE_SYS_PRIV_H
+-#include <sys/priv.h>
+-#endif
+-#ifdef HAVE_SYS_ID_H
+-#include <sys/id.h>
+-#endif
+-
+-#if defined(HAVE_SYSCALL_H)
+-#include <syscall.h>
+-#endif
+-
+-#if defined(HAVE_SYS_SYSCALL_H)
+-#include <sys/syscall.h>
+-#endif
+-
+-syscall(SYS_setresuid32, -1, -1, -1);
+-syscall(SYS_setresgid32, -1, -1, -1);
+-syscall(SYS_setreuid32, -1, -1);
+-syscall(SYS_setregid32, -1, -1);
+-syscall(SYS_setuid32, -1);
+-syscall(SYS_setgid32, -1);
+-syscall(SYS_setgroups32, 0, NULL);
+-''',
+-            'USE_LINUX_32BIT_SYSCALLS',
+-            msg="Checking whether Linux should use 32-bit credential calls");
+-
+-        if (conf.CONFIG_SET('USE_LINUX_32BIT_SYSCALLS')):
+-            seteuid = conf.CHECK_CODE('''
+-                                #define AUTOCONF_TEST 1
+-                                #define HAVE_LINUX_THREAD_CREDENTIALS 1
+-                                #define USE_LINUX_32BIT_SYSCALLS 1
+-                                #include "../lib/util/setid.c"
+-                                #include "./lib/util_sec.c"
+-                                ''',
+-                                'HAVE_LINUX_THREAD_CREDENTIALS',
+-                                addmain=False,
+-                                execute=True,
+-                                msg="Checking whether we can use Linux thread-specific credentials with 32-bit system calls")
+-        else:
+-            seteuid = conf.CHECK_CODE('''
+-                                #define AUTOCONF_TEST 1
+-                                #define HAVE_LINUX_THREAD_CREDENTIALS 1
+-                                #include "../lib/util/setid.c"
+-                                #include "./lib/util_sec.c"
+-                                ''',
+-                                'HAVE_LINUX_THREAD_CREDENTIALS',
+-                                addmain=False,
+-                                execute=True,
+-                                msg="Checking whether we can use Linux thread-specific credentials")
+-    if not seteuid:
+-        seteuid = conf.CHECK_CODE('''
+-                                #define AUTOCONF_TEST 1
+-                                #define USE_SETREUID 1
+-                                #include "../lib/util/setid.c"
+-                                #include "./lib/util_sec.c"
+-                                ''',
+-                                'USE_SETREUID',
+-                                addmain=False,
+-                                execute=True,
+-                                msg="Checking whether setreuid is available")
+-    if not seteuid:
+-        seteuid = conf.CHECK_CODE('''
+-                                #define AUTOCONF_TEST 1
+-                                #define USE_SETRESUID 1
+-                                #include "../lib/util/setid.c"
+-                                #include "./lib/util_sec.c"
+-                                ''',
+-                                'USE_SETRESUID',
+-                                addmain=False,
+-                                execute=True,
+-                                msg="Checking whether setresuid is available")
+-    if not seteuid:
+-        seteuid = conf.CHECK_CODE('''
+-                                #define AUTOCONF_TEST 1
+-                                #define USE_SETEUID 1
+-                                #include "../lib/util/setid.c"
+-                                #include "./lib/util_sec.c"
+-                                ''',
+-                                'USE_SETEUID',
+-                                addmain=False,
+-                                execute=True,
+-                                msg="Checking whether seteuid is available")
+-    if not seteuid:
+-        seteuid = conf.CHECK_CODE('''
+-                                #define AUTOCONF_TEST 1
+-                                #define USE_SETUIDX 1
+-                                #include "../lib/util/setid.c"
+-                                #include "./lib/util_sec.c"
+-                                ''',
+-                                'USE_SETUIDX',
+-                                addmain=False,
+-                                execute=True,
+-                                mandatory=True,
+-                                msg="Checking whether setuidx is available")
+     if Options.options.with_dnsupdate:
+         if not conf.CONFIG_SET('HAVE_KRB5'):
+             Logs.warn("--with-dnsupdate=yes but gssapi support not sufficient")
+diff -uNr samba-4.13.2/tests/summary.c samba-4.13.2.mod/tests/summary.c
+--- samba-4.13.2/tests/summary.c	2020-07-09 09:33:57.000000000 +0000
++++ samba-4.13.2.mod/tests/summary.c	2020-11-23 13:26:08.060004892 +0000
+@@ -12,9 +12,11 @@
+ #warning "WARNING: No automated network interface determination"
+ #endif
+ 
++#ifndef __ANDROID__
+ #if !(defined(USE_SETEUID) || defined(USE_SETREUID) || defined(USE_SETRESUID) || defined(USE_SETUIDX) || defined(HAVE_LINUX_THREAD_CREDENTIALS))
+ #error "ERROR: no seteuid method available"
+ #endif
++#endif
+ 
+ #if !(defined(STAT_STATVFS) || defined(STAT_STATFS3_OSF1) || defined(STAT_STATFS2_BSIZE) || defined(STAT_STATFS4) || defined(STAT_STATFS2_FSIZE) || defined(STAT_STATFS2_FS_DATA))
+ #error "ERROR: No disk free routine!"

packages/samba/0003-smbpasswd-remove-root-related-restrictions.patch

@@ -0,0 +1,82 @@
+From a44362b264f38cff9bd8a1c3412bb3a7875c3a10 Mon Sep 17 00:00:00 2001
+From: Faheem Pervez <trippin1@gmail.com>
+Date: Tue, 14 Apr 2020 21:27:20 +0100
+Subject: [PATCH 3/6] smbpasswd: remove root-related restrictions
+
+* Allow -L to work when non-root
+* Allow deleting and renaming of user with uid = 0
+  A good sanity check, indeed, but when getpwnam etc. is modified
+  to return a passwd entry for root only, then this poses a problem...
+---
+ source3/passdb/pdb_interface.c | 22 ----------------------
+ source3/utils/smbpasswd.c      |  4 ----
+ 2 files changed, 26 deletions(-)
+
+diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c
+index 03aa4ff..b1a7fb1 100644
+--- a/source3/passdb/pdb_interface.c
++++ b/source3/passdb/pdb_interface.c
+@@ -619,23 +619,12 @@ static NTSTATUS pdb_default_delete_user(struct pdb_methods *methods,
+ NTSTATUS pdb_delete_user(TALLOC_CTX *mem_ctx, struct samu *sam_acct)
+ {
+ 	struct pdb_methods *pdb = pdb_get_methods();
+-	uid_t uid = -1;
+ 	NTSTATUS status;
+ 	const struct dom_sid *user_sid;
+ 	char *msg_data;
+ 
+ 	user_sid = pdb_get_user_sid(sam_acct);
+ 
+-	/* sanity check to make sure we don't delete root */
+-
+-	if ( !sid_to_uid(user_sid, &uid ) ) {
+-		return NT_STATUS_NO_SUCH_USER;
+-	}
+-
+-	if ( uid == 0 ) {
+-		return NT_STATUS_ACCESS_DENIED;
+-	}
+-
+ 	memcache_delete(NULL,
+ 			PDB_GETPWSID_CACHE,
+ 			data_blob_const(user_sid, sizeof(*user_sid)));
+@@ -691,21 +680,10 @@ NTSTATUS pdb_delete_sam_account(struct samu *sam_acct)
+ NTSTATUS pdb_rename_sam_account(struct samu *oldname, const char *newname)
+ {
+ 	struct pdb_methods *pdb = pdb_get_methods();
+-	uid_t uid;
+ 	NTSTATUS status;
+ 
+ 	memcache_flush(NULL, PDB_GETPWSID_CACHE);
+ 
+-	/* sanity check to make sure we don't rename root */
+-
+-	if ( !sid_to_uid( pdb_get_user_sid(oldname), &uid ) ) {
+-		return NT_STATUS_NO_SUCH_USER;
+-	}
+-
+-	if ( uid == 0 ) {
+-		return NT_STATUS_ACCESS_DENIED;
+-	}
+-
+ 	status = pdb->rename_sam_account(pdb, oldname, newname);
+ 
+ 	/* always flush the cache here just to be safe */
+diff --git a/source3/utils/smbpasswd.c b/source3/utils/smbpasswd.c
+index 4013120..4688257 100644
+--- a/source3/utils/smbpasswd.c
++++ b/source3/utils/smbpasswd.c
+@@ -100,10 +100,6 @@ static int process_options(int argc, char **argv, int local_flags)
+ 	while ((ch = getopt(argc, argv, "c:axdehminjr:sw:R:D:U:LWS:")) != EOF) {
+ 		switch(ch) {
+ 		case 'L':
+-			if (getuid() != 0) {
+-				fprintf(stderr, "smbpasswd -L can only be used by root.\n");
+-				exit(1);
+-			}
+ 			local_flags |= LOCAL_AM_ROOT;
+ 			break;
+ 		case 'c':
+-- 
+2.25.1
+

packages/samba/0005-samba-documents-provider-sambapatch.patch

@@ -0,0 +1,547 @@
+From cf315c2f59829ea70179e2f5342c19c796e7350c Mon Sep 17 00:00:00 2001
+From: Garfield Tan <xutan@google.com>
+Date: Thu, 18 Jun 2020 11:16:13 +0000
+Subject: [PATCH 5/6] samba-documents-provider-sambapatch
+
+https://github.com/google/samba-documents-provider/blob/master/sambapatch.diff
+
+smbd crash fix:
+https://github.com/elliott10/samba-4.5.1
+---
+ lib/param/loadparm.h               |   1 +
+ lib/replace/getifaddrs.c           |   8 +
+ lib/replace/netlink_ifaddrs.c      | 271 +++++++++++++++++++++++++++++
+ lib/replace/replace.c              |  14 ++
+ lib/replace/replace.h              |   5 +
+ lib/socket/interfaces.c            |   4 +
+ lib/util/util_pw.c                 |   2 -
+ librpc/ndr/util.c                  |   2 +-
+ nsswitch/libwbclient/wbc_pwd.c     |   5 -
+ nsswitch/libwbclient/wbc_sid.c     |   2 +-
+ nsswitch/winbind_struct_protocol.h |   4 +
+ source3/lib/dumpcore.c             |   2 +-
+ source3/lib/username.c             |   2 +
+ source3/passdb/passdb.c            |   1 +
+ source4/lib/socket/socket.c        |   2 +-
+ 15 files changed, 314 insertions(+), 11 deletions(-)
+ create mode 100644 lib/replace/netlink_ifaddrs.c
+
+diff --git a/lib/param/loadparm.h b/lib/param/loadparm.h
+index 65ff62c..e15546e 100644
+--- a/lib/param/loadparm.h
++++ b/lib/param/loadparm.h
+@@ -31,6 +31,7 @@
+ #define _LOADPARM_H
+ 
+ #include <talloc.h>
++#include "system/time.h"
+ 
+ struct parmlist_entry {
+ 	struct parmlist_entry *prev, *next;
+diff --git a/lib/replace/getifaddrs.c b/lib/replace/getifaddrs.c
+index a55ef7e..3f4f920 100644
+--- a/lib/replace/getifaddrs.c
++++ b/lib/replace/getifaddrs.c
+@@ -44,6 +44,7 @@
+ #define _FOUND_IFACE_ANY
+ #else
+ 
++#ifndef __ANDROID__
+ void rep_freeifaddrs(struct ifaddrs *ifp)
+ {
+ 	if (ifp != NULL) {
+@@ -55,6 +56,7 @@ void rep_freeifaddrs(struct ifaddrs *ifp)
+ 		free(ifp);
+ 	}
+ }
++#endif // __ANDROID__
+ 
+ static struct sockaddr *sockaddr_dup(struct sockaddr *sa)
+ {
+@@ -374,6 +376,12 @@ int rep_getifaddrs(struct ifaddrs **ifap)
+ 
+ #define _FOUND_IFACE_ANY
+ #endif /* HAVE_IFACE_AIX */
++
++#ifdef __ANDROID__
++#include "netlink_ifaddrs.c"
++#define _FOUND_IFACE_ANY
++#endif /* __ANDROID__ */
++
+ #ifndef _FOUND_IFACE_ANY
+ int rep_getifaddrs(struct ifaddrs **ifap)
+ {
+diff --git a/lib/replace/netlink_ifaddrs.c b/lib/replace/netlink_ifaddrs.c
+new file mode 100644
+index 0000000..4b0456b
+--- /dev/null
++++ b/lib/replace/netlink_ifaddrs.c
+@@ -0,0 +1,271 @@
++#include "system/network.h"
++
++#include <errno.h>
++#include <linux/if_packet.h>
++#include <net/if.h>
++#include <netinet/in.h>
++#include <linux/netlink.h>
++#include <linux/rtnetlink.h>
++#include <sys/socket.h>
++#include <stdlib.h>
++
++#define MAX_SIZE 8192
++char *__netlink_data_;
++
++struct ifaddrs_container {
++  // This needs to be the first because we use this struct as a ifaddrs struct.
++  struct ifaddrs ifa;
++
++  int idx;
++
++  // Storage for pointers in ifa
++  struct sockaddr_storage addr;
++  struct sockaddr_storage netmask;
++  struct sockaddr_storage dstaddr;
++  char name[IFNAMSIZ  1];
++};
++
++static void init(struct ifaddrs_container *ifa, struct ifaddrs_container** ifap) {
++  memset(ifa, 0, sizeof(*ifa));
++
++  ifa->ifa.ifa_next = (struct ifaddrs*)(*ifap);
++  *ifap = ifa;
++}
++
++static uint8_t* addr_bytes(int family, struct sockaddr_storage *ss) {
++  switch (family) {
++    case AF_INET: {
++      struct sockaddr_in *ss4 = (struct sockaddr_in *)ss;
++      return (uint8_t*) (&ss4->sin_addr);
++    }
++    case AF_INET6: {
++      struct sockaddr_in6 *ss6 = (struct sockaddr_in6 *)ss;
++      return (uint8_t*) (&ss6->sin6_addr);
++    }
++    case AF_PACKET: {
++      struct sockaddr_ll* sll = (struct sockaddr_ll*)ss;
++      return (uint8_t*) (&sll->sll_addr);
++    }
++    default:
++      return NULL;
++  }
++}
++
++static struct sockaddr* copy_addr(int family, const void* data, size_t byteCount, struct sockaddr_storage *ss, int idx) {
++  ss->ss_family = family;
++  memcpy(addr_bytes(family, ss), data, byteCount);
++
++  if (family == AF_INET6 && (IN6_IS_ADDR_LINKLOCAL((struct in6_addr*)data) || IN6_IS_ADDR_MC_LINKLOCAL((struct in6_addr*)data))) {
++    struct sockaddr_in6* ss6 = (struct sockaddr_in6*)ss;
++    ss6->sin6_scope_id = idx;
++  }
++
++  return (struct sockaddr*)ss;
++}
++
++static void set_addr(struct ifaddrs_container *ifa, int family, const void *data, size_t byteCount) {
++  if (ifa->ifa.ifa_addr = NULL) {
++    // Assume this is IFA_LOCAL, if not set_local_addr will fix it.
++    ifa->ifa.ifa_addr = copy_addr(family, data, byteCount, &ifa->addr, ifa->idx);
++  } else {
++    // We already have a IFA_LOCAL, this should be a destination address.
++    ifa->ifa.ifa_dstaddr = copy_addr(family, data, byteCount, &ifa->dstaddr, ifa->idx);
++  }
++}
++
++static void set_local_addr(struct ifaddrs_container *ifa, int family, const void *data, size_t byteCount) {
++  // For P2P interface IFA_ADDRESS is destination and local address is supplied
++  // in IFA_LOCAL attribute.
++  if (ifa->ifa.ifa_addr != NULL) {
++    ifa->ifa.ifa_dstaddr = (struct sockaddr*)memcpy(&ifa->dstaddr, &ifa->addr, sizeof(ifa->addr));
++  }
++
++  ifa->ifa.ifa_addr = copy_addr(family, data, byteCount, &ifa->addr, ifa->idx);
++}
++
++static void set_netmask(struct ifaddrs_container *ifa, int family, size_t prefix_len) {
++  ifa->netmask.ss_family = family;
++  uint8_t *dst = addr_bytes(family, &ifa->netmask);
++  memset(dst, 0xff, prefix_len / 8);
++  if ((prefix_len % 8) != 0) {
++    dst[prefix_len / 8] = (0xff << (8 - (prefix_len % 8)));
++  }
++  ifa->ifa.ifa_netmask = (struct sockaddr*)(&ifa->netmask);
++}
++
++static void set_packet_attr(struct ifaddrs_container *ifa, int ifindex, unsigned short hatype, unsigned char halen) {
++  struct sockaddr_ll *sll = (struct sockaddr_ll *)(&ifa->addr);
++  sll->sll_ifindex = ifindex;
++  sll->sll_hatype = hatype;
++  sll->sll_halen = halen;
++}
++
++static int send_request(int socket, int type) {
++  struct {
++    struct nlmsghdr hdr;
++    struct rtgenmsg msg;
++  } request;
++  memset(&request, 0, sizeof(request));
++  request.hdr.nlmsg_flags = NLM_F_DUMP | NLM_F_REQUEST;
++  request.hdr.nlmsg_type = type;
++  request.hdr.nlmsg_len = sizeof(request);
++  request.msg.rtgen_family = AF_UNSPEC;
++
++  int result = send(socket, &request, sizeof(request), 0);
++  return result == sizeof(request) ? 0 : -1;
++}
++
++static int read_response(int socket, struct ifaddrs_container **ifap, int (*callback)(struct ifaddrs_container**, struct nlmsghdr*)) {
++  if (!__netlink_data_) {
++    return -1;
++  }
++
++  ssize_t bytes_read;
++  while ((bytes_read = recv(socket, __netlink_data_, MAX_SIZE, 0)) > 0) {
++    struct nlmsghdr *hdr = (struct nlmsghdr *)__netlink_data_;
++    for (; NLMSG_OK(hdr, (size_t) bytes_read); hdr = NLMSG_NEXT(hdr, bytes_read)) {
++      switch (hdr->nlmsg_type) {
++        case NLMSG_DONE:
++          return 0;
++        case NLMSG_ERROR: {
++          struct nlmsgerr *err = (struct nlmsgerr *)NLMSG_DATA(hdr);
++          errno = (hdr->nlmsg_len >= NLMSG_LENGTH(sizeof(struct nlmsgerr))) ? -err->error : EIO;
++          return -1;
++        }
++        default:
++          if (callback(ifap, hdr)) {
++            return -1;
++          }
++      }
++    }
++  }
++
++  // Recv fails before we see NLMSG_OK.
++  return -1;
++}
++
++static int __newlink_callback(struct ifaddrs_container** ifap, struct nlmsghdr* hdr) {
++  if (hdr->nlmsg_type != RTM_NEWLINK) {
++    return -1;
++  }
++
++  struct ifinfomsg* ifi = (struct ifinfomsg *)NLMSG_DATA(hdr);
++  struct ifaddrs_container *addr = (struct ifaddrs_container *)malloc(sizeof(struct ifaddrs_container));
++  init(addr, ifap);
++  addr->idx = ifi->ifi_index;
++  addr->ifa.ifa_flags = ifi->ifi_flags;
++
++  struct rtattr *rta = IFLA_RTA(ifi);
++  size_t rta_len = IFLA_PAYLOAD(hdr);
++  for (; RTA_OK(rta, rta_len); rta = RTA_NEXT(rta, rta_len)) {
++    switch (rta->rta_type) {
++      case IFLA_ADDRESS:
++        if (RTA_PAYLOAD(rta) < sizeof(addr->addr)) {
++          set_addr(addr, AF_PACKET, RTA_DATA(rta), RTA_PAYLOAD(rta));
++          set_packet_attr(addr, ifi->ifi_index, ifi->ifi_type, RTA_PAYLOAD(rta));
++        }
++        break;
++      case IFLA_BROADCAST:
++        if (RTA_PAYLOAD(rta) < sizeof(addr->dstaddr)) {
++          set_packet_attr(addr, ifi->ifi_index, ifi->ifi_type, RTA_PAYLOAD(rta));
++        }
++        break;
++      case IFLA_IFNAME:
++        if (RTA_PAYLOAD(rta) < sizeof(addr->name)) {
++          memcpy(addr->name, RTA_DATA(rta), RTA_PAYLOAD(rta));
++          addr->ifa.ifa_name = addr->name;
++        }
++        break;
++      default:
++        break;
++    }
++  }
++
++  return 0;
++}
++
++static int __newaddr_callback(struct ifaddrs_container** ifap, struct nlmsghdr* hdr) {
++  if (hdr->nlmsg_type != RTM_NEWADDR) {
++    return -1;
++  }
++
++  struct ifaddrmsg *msg = (struct ifaddrmsg*)NLMSG_DATA(hdr);
++  const struct ifaddrs_container *addr = (const struct ifaddrs_container *)(*ifap);
++  while (addr != NULL && addr->idx != (int)msg->ifa_index) {
++    addr = (const struct ifaddrs_container *)addr->ifa.ifa_next;
++  }
++  if (addr == NULL) {
++    // Unknown interface... Ignore it and treat it as successful.
++    return 0;
++  }
++
++  // Copy whatever we know about the interface.
++  struct ifaddrs_container *new_addr = (struct ifaddrs_container *)malloc(sizeof(struct ifaddrs_container));
++  init(new_addr, ifap);
++  strcpy(new_addr->name, addr->name);
++  new_addr->ifa.ifa_name = new_addr->name;
++  new_addr->ifa.ifa_flags = addr->ifa.ifa_flags;
++  new_addr->idx = addr->idx;
++
++  struct rtattr *rta = IFA_RTA(msg);
++  size_t rta_len = IFA_PAYLOAD(hdr);
++  for (; RTA_OK(rta, rta_len); rta = RTA_NEXT(rta, rta_len)) {
++    switch (rta->rta_type) {
++      case IFA_ADDRESS:
++        if (msg->ifa_family == AF_INET || msg->ifa_family == AF_INET6) {
++          set_addr(new_addr, msg->ifa_family, RTA_DATA(rta), RTA_PAYLOAD(rta));
++          set_netmask(new_addr, msg->ifa_family, msg->ifa_prefixlen);
++        }
++        break;
++      case IFA_LOCAL:
++        if (msg->ifa_family == AF_INET || msg->ifa_family == AF_INET6) {
++          set_local_addr(new_addr, msg->ifa_family, RTA_DATA(rta), RTA_PAYLOAD(rta));
++        }
++        break;
++      default:
++        break;
++    }
++  }
++
++  return 0;
++}
++
++int rep_getifaddrs(struct ifaddrs **ifap) {
++  *ifap = NULL;
++
++  __netlink_data_ = (char *) malloc(MAX_SIZE);
++  if (!__netlink_data_) {
++    errno = ENOMEM;
++    return -1;
++  }
++
++  int fd = socket(PF_NETLINK, SOCK_RAW | SOCK_CLOEXEC, NETLINK_ROUTE);
++  if (fd < 0) {
++    errno = EIO;
++    return -1;
++  }
++
++  int result = send_request(fd, RTM_GETLINK) || read_response(fd, (struct ifaddrs_container**)ifap, __newlink_callback) ||
++      send_request(fd, RTM_GETADDR) || read_response(fd, (struct ifaddrs_container**)ifap, __newaddr_callback);
++
++  close(fd);
++
++  free(__netlink_data_);
++  __netlink_data_ = NULL;
++
++  if (result) {
++    freeifaddrs(*ifap);
++    *ifap = NULL;
++    return -1;
++  }
++
++  return 0;
++}
++
++void rep_freeifaddrs(struct ifaddrs *ifap) {
++  while (ifap != NULL) {
++    struct ifaddrs *cur = ifap;
++    ifap = ifap->ifa_next;
++    free(cur);
++  }
++}
+diff --git a/lib/replace/replace.c b/lib/replace/replace.c
+index 99b18e8..d77fa18 100644
+--- a/lib/replace/replace.c
++++ b/lib/replace/replace.c
+@@ -948,6 +948,20 @@ void rep_setproctitle_init(int argc, char *argv[], char *envp[])
+ }
+ #endif
+ 
++#ifndef HAVE_SWAB
++void rep_swab(const void *from, void *to, ssize_t n) {
++  ssize_t i;
++  if (n <= 0)
++    return;
++
++  n >>= 1;
++  for (i = 0; i < n; ++i) {
++    uint16_t src = *((uint16_t*)from+i);
++    *((uint16_t*)to+i) = (((src & 0x00ffU) << 8) | ((src & 0xff00U) >> 8));
++  }
++}
++#endif /* HAVE_SWAB */
++
+ #ifndef HAVE_MEMSET_S
+ # ifndef RSIZE_MAX
+ #  define RSIZE_MAX (SIZE_MAX >> 1)
+diff --git a/lib/replace/replace.h b/lib/replace/replace.h
+index 3f6b138..1c24ddb 100644
+--- a/lib/replace/replace.h
++++ b/lib/replace/replace.h
+@@ -958,6 +958,11 @@ const char *rep_getprogname(void);
+ # endif /* HAVE_FALLTHROUGH_ATTRIBUTE */
+ #endif /* FALL_THROUGH */
+ 
++#ifndef HAVE_SWAB
++#define swab rep_swab
++void rep_swab(const void *from, void *to, ssize_t n);
++#endif
++
+ bool nss_wrapper_enabled(void);
+ bool nss_wrapper_hosts_enabled(void);
+ bool socket_wrapper_enabled(void);
+diff --git a/lib/socket/interfaces.c b/lib/socket/interfaces.c
+index ac26b97..f5698f6 100644
+--- a/lib/socket/interfaces.c
++++ b/lib/socket/interfaces.c
+@@ -126,6 +126,10 @@ void make_net(struct sockaddr_storage *pss_out,
+ }
+ 
+ #ifdef HAVE_ETHTOOL
++static inline uint32_t ethtool_cmd_speed(const struct ethtool_cmd *ecmd) {
++  return (ecmd->speed_hi << 16) | ecmd->speed;
++}
++
+ static void query_iface_speed_from_name(const char *name, uint64_t *speed)
+ {
+ 	int ret = 0;
+diff --git a/lib/util/util_pw.c b/lib/util/util_pw.c
+index 8035de4..5d70615 100644
+--- a/lib/util/util_pw.c
++++ b/lib/util/util_pw.c
+@@ -37,7 +37,6 @@ struct passwd *tcopy_passwd(TALLOC_CTX *mem_ctx,
+ 
+ 	len += strlen(from->pw_name)+1;
+ 	len += strlen(from->pw_passwd)+1;
+-	len += strlen(from->pw_gecos)+1;
+ 	len += strlen(from->pw_dir)+1;
+ 	len += strlen(from->pw_shell)+1;
+ 
+@@ -51,7 +50,6 @@ struct passwd *tcopy_passwd(TALLOC_CTX *mem_ctx,
+ 	ret->pw_passwd = talloc_strdup(ret, from->pw_passwd);
+ 	ret->pw_uid = from->pw_uid;
+ 	ret->pw_gid = from->pw_gid;
+-	ret->pw_gecos = talloc_strdup(ret, from->pw_gecos);
+ 	ret->pw_dir = talloc_strdup(ret, from->pw_dir);
+ 	ret->pw_shell = talloc_strdup(ret, from->pw_shell);
+ 
+diff --git a/librpc/ndr/util.c b/librpc/ndr/util.c
+index 0eb7eba..c2a2470 100644
+--- a/librpc/ndr/util.c
++++ b/librpc/ndr/util.c
+@@ -20,8 +20,8 @@
+ */
+ 
+ #include "includes.h"
+-#include "../librpc/ndr/libndr.h"
+ #include "system/network.h"
++#include "../librpc/ndr/libndr.h"
+ #include "lib/util/util_net.h"
+ 
+ _PUBLIC_ void ndr_print_sockaddr_storage(struct ndr_print *ndr, const char *name, const struct sockaddr_storage *ss)
+diff --git a/nsswitch/libwbclient/wbc_pwd.c b/nsswitch/libwbclient/wbc_pwd.c
+index 805ab63..8484194 100644
+--- a/nsswitch/libwbclient/wbc_pwd.c
++++ b/nsswitch/libwbclient/wbc_pwd.c
+@@ -46,7 +46,6 @@ static void wbcPasswdDestructor(void *ptr)
+ 	struct passwd *pw = (struct passwd *)ptr;
+ 	free(pw->pw_name);
+ 	free(pw->pw_passwd);
+-	free(pw->pw_gecos);
+ 	free(pw->pw_shell);
+ 	free(pw->pw_dir);
+ }
+@@ -68,10 +67,6 @@ static struct passwd *copy_passwd_entry(struct winbindd_pw *p)
+ 	if (pw->pw_passwd == NULL) {
+ 		goto fail;
+ 	}
+-	pw->pw_gecos = strdup(p->pw_gecos);
+-	if (pw->pw_gecos == NULL) {
+-		goto fail;
+-	}
+ 	pw->pw_shell = strdup(p->pw_shell);
+ 	if (pw->pw_shell == NULL) {
+ 		goto fail;
+diff --git a/nsswitch/libwbclient/wbc_sid.c b/nsswitch/libwbclient/wbc_sid.c
+index aab96cf..6fed2d9 100644
+--- a/nsswitch/libwbclient/wbc_sid.c
++++ b/nsswitch/libwbclient/wbc_sid.c
+@@ -1054,7 +1054,7 @@ wbcErr wbcCtxGetDisplayName(struct wbcContext *ctx,
+ 
+ 		wbcFreeMemory(name);
+ 
+-		name = wbcStrDup(pwd->pw_gecos);
++		name = wbcStrDup(pwd->pw_name);
+ 		wbcFreeMemory(pwd);
+ 		BAIL_ON_PTR_ERROR(name, wbc_status);
+ 	}
+diff --git a/nsswitch/winbind_struct_protocol.h b/nsswitch/winbind_struct_protocol.h
+index 4a5255c..11fcc4e 100644
+--- a/nsswitch/winbind_struct_protocol.h
++++ b/nsswitch/winbind_struct_protocol.h
+@@ -23,6 +23,10 @@ typedef char fstring[FSTRING_LEN];
+ #ifndef _WINBINDD_NTDOM_H
+ #define _WINBINDD_NTDOM_H
+ 
++#ifdef pw_gecos
++#undef pw_gecos
++#endif
++
+ #define WINBINDD_SOCKET_NAME "pipe"            /* Name of PF_UNIX socket */
+ 
+ /* We let the build environment set the public winbindd socket
+diff --git a/source3/lib/dumpcore.c b/source3/lib/dumpcore.c
+index 0c91206..fa7908e 100644
+--- a/source3/lib/dumpcore.c
++++ b/source3/lib/dumpcore.c
+@@ -319,7 +319,7 @@ void dump_core_setup(const char *progname, const char *log_file)
+ 		}
+ 	}
+ 
+-	umask(~(0700));
++	umask(077);
+ 	dbgflush();
+ 
+ #if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE)
+diff --git a/source3/lib/username.c b/source3/lib/username.c
+index f69d9c3..3d44129 100644
+--- a/source3/lib/username.c
++++ b/source3/lib/username.c
+@@ -157,6 +157,8 @@ static struct passwd *Get_Pwnam_internals(TALLOC_CTX *mem_ctx,
+ done:
+ 	DEBUG(5,("Get_Pwnam_internals %s find user [%s]!\n",ret ?
+ 		 "did":"didn't", user));
++	/* if(ret)
++		DEBUG(5,("Get struct passwd: [%s:%s:%ld:%ld:%s:%s:%s]\n", ret->pw_name ? ret->pw_name : "pw_name == NULL", ret->pw_passwd ? ret->pw_passwd : "pw_passwd == NULL", (long) ret->pw_uid, (long) ret->pw_gid, ret->pw_gecos ? ret->pw_gecos : "pw_gecos == NULL", ret->pw_dir ? ret->pw_dir : "pw_dir == NULL", ret->pw_shell ? ret->pw_shell : "pw_shell == NULL")); */
+ 
+ 	return ret;
+ }
+diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
+index 8ed1baf..a66b646 100644
+--- a/source3/passdb/passdb.c
++++ b/source3/passdb/passdb.c
+@@ -115,6 +115,7 @@ static int count_commas(const char *str)
+ {
+ 	int num_commas = 0;
+ 	const char *comma = str;
++	if (!str) return 0;
+ 
+ 	while ((comma = strchr(comma, ',')) != NULL) {
+ 		comma += 1;
+diff --git a/source4/lib/socket/socket.c b/source4/lib/socket/socket.c
+index d7535bf..d54baa6 100644
+--- a/source4/lib/socket/socket.c
++++ b/source4/lib/socket/socket.c
+@@ -20,9 +20,9 @@
+ */
+ 
+ #include "includes.h"
++#include "system/network.h"
+ #include "lib/socket/socket.h"
+ #include "system/filesys.h"
+-#include "system/network.h"
+ #include "param/param.h"
+ #include "../lib/tsocket/tsocket.h"
+ #include "lib/util/util_net.h"
+-- 
+2.25.1
+

packages/samba/0006-add-berserker.-c-h.patch

@@ -0,0 +1,280 @@
+From 5131708f0337fc90b03dad4d180f571c973d07c6 Mon Sep 17 00:00:00 2001
+From: Faheem Pervez <trippin1@gmail.com>
+Date: Thu, 18 Jun 2020 11:51:38 +0000
+Subject: [PATCH 6/6] add berserker.{c,h}
+
+The idea of berserker.c is to define missing functions: 
+wrapping getpwnam etc. to return only a root entry, 
+giving any user added to Samba full access.
+
+getpasswd_wrapper is from JimmyChingala:
+https://forum.xda-developers.com/showpost.php?p=8239139&postcount=128
+
+The original berserker.c can be found here,
+from Berserker's port for SambaDroid:
+https://github.com/berserker/android_samba
+
+elliott10 updated it for Samba 4:
+https://github.com/elliott10/samba-4.5.1
+
+I've made the following changes:
+* Use Termux values for root user
+* _Naively_ (really - I know volatile won't help much) prevent
+  getpwent inf. loops
+* Wrap getgrnam and getgrgid, thanks
+  https://blog.csdn.net/jk198310/article/details/15809341
+* Add a couple o' more Android groups
+---
+ source3/include/berserker.c | 148 ++++++++++++++++++++++++++++++++++++
+ source3/include/berserker.h |  51 +++++++++++++
+ source3/include/includes.h  |   1 +
+ source3/wscript_build       |   2 +
+ 4 files changed, 202 insertions(+)
+ create mode 100644 source3/include/berserker.c
+ create mode 100644 source3/include/berserker.h
+
+diff --git a/source3/include/berserker.c b/source3/include/berserker.c
+new file mode 100644
+index 0000000..ac75cb7
+--- /dev/null
++++ b/source3/include/berserker.c
+@@ -0,0 +1,147 @@
++#define BERSERKER_USE_ORIG
++#include "includes.h"
++
++#ifndef AID_ROOT
++#define AID_ROOT 0
++#define AID_MEDIA_RW 1023
++#define AID_EVERYBODY 9997
++#endif
++
++//int getpwnam_r(const char* __name, struct passwd* __pwd, char* __buf, size_t __n, struct passwd** __result);
++
++static volatile int getpwent_ok = 1;
++
++static struct group *group_wrapper(gid_t __gid)
++{
++	static char *rootmem[] = {
++		"root",
++		NULL
++	};
++	static struct group rootgr = {
++		"root",
++		"x" /* NULL */,
++		AID_ROOT,
++		rootmem
++	};
++	static char *everybodymem[] = {
++		"everybody",
++		NULL
++	};
++	static struct group everybodygr = {
++		"everybody",
++		"x" /* NULL */,
++		AID_EVERYBODY,
++		everybodymem
++	};
++	static char *mediarwmem[] = {
++		"media_rw",
++		NULL
++	};
++	static struct group mediarwgr = {
++		"media_rw",
++		"x" /* NULL */,
++		AID_MEDIA_RW,
++		mediarwmem
++	};
++
++	if (__gid == AID_EVERYBODY)
++		return &everybodygr;
++	if (__gid == AID_MEDIA_RW)
++		return &mediarwgr;
++	return &rootgr;
++}
++
++static struct passwd *getpasswd_wrapper()
++{
++#if 0 /* Inconsistencies abound... */
++	static struct passwd pwd;
++	static struct passwd *result = NULL;
++	static char *buf = NULL;
++
++	if (!result) {
++		size_t bufsize;
++		memset(&pwd, 0, sizeof(pwd));
++
++		bufsize = sysconf(_SC_GETPW_R_SIZE_MAX);
++		if (bufsize == -1)
++			bufsize = 16384;
++
++		buf = malloc(bufsize);
++		if (buf == NULL)
++			return NULL;
++
++		(void) getpwnam_r("root", &pwd, buf, bufsize, &result);
++		if (!result) {
++			free(buf);
++			return NULL;
++		}
++
++		if (!pwd.pw_passwd || pwd.pw_passwd[0] == '*')
++			pwd.pw_passwd = "x";
++	}
++
++	return result;
++#else
++	static struct passwd pw = {
++		.pw_name = "root",
++		.pw_passwd = "x",
++		.pw_uid = AID_ROOT,
++		.pw_gid = AID_ROOT,
++		.pw_dir = "@TERMUX_HOME@",
++		.pw_shell = "@TERMUX_PREFIX@/bin/login"
++	 };
++	return &pw;
++#endif
++}
++
++/* getpwent restituisce il prossimo della lista */
++struct passwd *berserker_getpwnam(const char* __name)
++{
++	(void)__name;
++	return getpasswd_wrapper();
++}
++
++struct passwd *berserker_getpwuid(uid_t __uid)
++{
++	(void)__uid;
++	return getpasswd_wrapper();
++}
++
++/* setpwent resetta la lista per iterare su passwd */
++void berserker_setpwent()
++{
++	getpwent_ok = 1;
++}
++
++/* getpwent restituisce la prossima struttura passwd */
++struct passwd *berserker_getpwent()
++{
++	if (getpwent_ok) {
++		getpwent_ok = 0;
++		return getpasswd_wrapper();
++	}
++
++	return NULL;
++}
++
++/* termina il ciclo di iterazione su passwd */
++void berserker_endpwent()
++{
++	getpwent_ok = 1;
++}
++
++struct group *berserker_getgrnam(const char* __name)
++{
++	if (__name) {
++		if (!strcmp(__name, "everybody"))
++			return group_wrapper(AID_EVERYBODY);
++		if (!strcmp(__name, "media_rw"))
++			return group_wrapper(AID_MEDIA_RW);
++	}
++	return group_wrapper(AID_ROOT);
++}
++
++struct group *berserker_getgrgid(gid_t __gid)
++{
++	return group_wrapper(__gid);
++}
+diff --git a/source3/include/berserker.h b/source3/include/berserker.h
+new file mode 100644
+index 0000000..7882380
+--- /dev/null
++++ b/source3/include/berserker.h
+@@ -0,0 +1,51 @@
++#ifndef __BERSERKER_H__
++#define __BERSERKER_H__
++
++#define _PWD_H_	/* disabilita l'inclusione del file pwd.h sotto android */
++#define _GRP_H_
++
++#include <unistd.h>
++#include <sys/types.h>
++
++struct passwd {
++  char* pw_name;
++  char* pw_passwd;
++  uid_t pw_uid;
++  gid_t pw_gid;
++#ifdef __LP64__
++  char* pw_gecos;
++#endif
++  char* pw_dir;
++  char* pw_shell;
++};
++
++struct group {
++  char* gr_name;
++  char* gr_passwd;
++  gid_t gr_gid;
++  char** gr_mem;
++};
++
++#ifndef BERSERKER_USE_ORIG
++#define getpwnam berserker_getpwnam
++struct passwd *berserker_getpwnam(const char* __name);
++#define getpwuid berserker_getpwuid
++struct passwd *berserker_getpwuid(uid_t __uid);
++#define setpwent berserker_setpwent
++void berserker_setpwent(void);
++#define getpwent berserker_getpwent
++struct passwd *berserker_getpwent(void);
++#define endpwent berserker_endpwent
++void berserker_endpwent(void);
++#define getgrnam berserker_getgrnam
++struct group *berserker_getgrnam(const char* __name);
++#define getgrgid berserker_getgrgid
++struct group *berserker_getgrgid(gid_t __gid);
++#endif
++
++/* fix per defines mancanti di utmp.ut_type */
++#ifndef DEAD_PROCESS
++#define DEAD_PROCESS  8
++#endif
++
++#endif
+diff --git a/source3/include/includes.h b/source3/include/includes.h
+index 2dafc65..6937912 100644
+--- a/source3/include/includes.h
++++ b/source3/include/includes.h
+@@ -20,6 +20,7 @@
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+ 
++#include "berserker.h"
+ #include "../replace/replace.h"
+ 
+ /* make sure we have included the correct config.h */
+diff --git a/source3/wscript_build b/source3/wscript_build
+index 10d9f71..bbe3665 100644
+--- a/source3/wscript_build
++++ b/source3/wscript_build
+@@ -166,6 +166,7 @@ bld.SAMBA3_SUBSYSTEM('pdb',
+                           lib/privileges.c
+                           lib/util_nscd.c
+                           lib/winbind_util.c
++                          include/berserker.c
+                           passdb/pdb_util.c
+                           passdb/pdb_interface.c
+                           passdb/pdb_secrets.c''',
+@@ -392,6 +393,7 @@ bld.SAMBA3_SUBSYSTEM('samba3core',
+                           ../lib/util/debug_s3.c
+                           lib/dumpcore.c
+                           lib/interface.c
++                          include/berserker.c
+                           lib/username.c
+                           lib/smbrun.c
+                           lib/wins_srv.c
+-- 
+2.25.1
+

packages/samba/0007-nss-buflen-passwd.patch

@@ -0,0 +1,14 @@
+diff -uNr samba-4.12.5/lib/util/util_paths.c samba-4.12.5.mod/lib/util/util_paths.c
+--- samba-4.12.5/lib/util/util_paths.c	2020-07-02 14:12:21.000000000 +0300
++++ samba-4.12.5.mod/lib/util/util_paths.c	2020-07-19 14:38:37.598039736 +0300
+@@ -64,6 +64,10 @@
+ 	return get_dyn_SHLIBEXT();
+ }
+ 
++#ifndef NSS_BUFLEN_PASSWD
++#define NSS_BUFLEN_PASSWD 1024
++#endif
++
+ static char *get_user_home_dir(TALLOC_CTX *mem_ctx)
+ {
+ 	struct passwd pwd = {0};

packages/samba/build.sh

@@ -0,0 +1,148 @@
+TERMUX_PKG_HOMEPAGE=https://www.samba.org/
+TERMUX_PKG_DESCRIPTION="SMB/CIFS fileserver"
+TERMUX_PKG_LICENSE="GPL-3.0"
+TERMUX_PKG_MAINTAINER="@termux"
+TERMUX_PKG_VERSION=4.14.7
+TERMUX_PKG_REVISION=1
+TERMUX_PKG_SRCURL=https://download.samba.org/pub/samba/samba-${TERMUX_PKG_VERSION}.tar.gz
+TERMUX_PKG_SHA256=6f50353f9602aa20245eb18ceb00e7e5ec793df0974aebd5254c38f16d8f1906
+TERMUX_PKG_DEPENDS="libbsd, libcap, libcrypt, libgnutls, libiconv, libicu, libpopt, libtalloc, libtirpc, ncurses, openssl, readline, zlib"
+TERMUX_PKG_BUILD_DEPENDS="e2fsprogs"
+TERMUX_PKG_BUILD_IN_SRC=true
+
+termux_step_configure() {
+	:
+}
+
+termux_step_make() {
+	:
+}
+
+termux_step_make_install() {
+	local _auth_modules='auth_server,auth_netlogond,auth_script'
+	local _pdb_modules='pdb_tdbsam,pdb_smbpasswd,pdb_wbc_sam'
+	local _vfs_modules='vfs_fake_perms,!vfs_recycle,!vfs_btrfs,!vfs_glusterfs_fuse'
+	_vfs_modules+=',!vfs_virusfilter,!vfs_linux_xfs_sgid,!vfs_shell_snap,!vfs_expand_msdfs,!vfs_snapper'
+	_vfs_modules+=',!vfs_default_quota,!vfs_audit,!vfs_extd_audit,!vfs_full_audit'
+	_vfs_modules+=',!vfs_worm,!vfs_time_audit,!vfs_media_harmony,!vfs_unityed_media,!vfs_shadow_copy,!vfs_shadow_copy2'
+
+	cd "$TERMUX_PKG_SRCDIR"
+
+	cat <<EOF > cross-answers.txt
+Checking uname sysname type: "Linux"
+Checking uname machine type: "$TERMUX_ARCH"
+Checking uname release type: "dontcare"
+Checking uname version type: "dontcare"
+Checking simple C program: "hello world"
+rpath library support: OK
+-Wl,--version-script support: NO
+Checking getconf LFS_CFLAGS: NO
+Checking for large file support without additional flags: OK
+Checking for -D_FILE_OFFSET_BITS=64: OK
+Checking for -D_LARGE_FILES: OK
+Checking correct behavior of strtoll: NO
+Checking for working strptime: NO
+Checking for C99 vsnprintf: OK
+Checking for HAVE_SHARED_MMAP: OK
+Checking for HAVE_MREMAP: OK
+Checking for HAVE_INCOHERENT_MMAP: NO
+Checking for HAVE_SECURE_MKSTEMP: OK
+Checking value of NSIG: "65"
+Checking value of _NSIG: "65"
+Checking value of SIGRTMAX: "64"
+Checking value of SIGRTMIN: "36"
+Checking for a 64-bit host to support lmdb: OK
+Checking value of GNUTLS_CIPHER_AES_128_CFB8: "29"
+Checking value of GNUTLS_MAC_AES_CMAC_128: "203"
+Checking errno of iconv for illegal multibyte sequence: OK
+Checking for kernel change notify support: OK
+Checking for Linux kernel oplocks: OK
+Checking for kernel share modes: OK
+Checking whether POSIX capabilities are available: OK
+Checking if can we convert from CP850 to UCS-2LE: OK
+Checking if can we convert from UTF-8 to UCS-2LE: OK
+vfs_fileid checking for statfs() and struct statfs.f_fsid: OK
+Checking whether we can use Linux thread-specific credentials: NO
+Checking whether setreuid is available: NO
+Checking whether setresuid is available: NO
+Checking whether seteuid is available: NO
+Checking whether setuidx is available: NO
+Checking whether fcntl locking is available: OK
+Checking whether fcntl lock supports open file description locks: OK
+Checking whether fcntl supports flags to send direct I/O availability signals: OK
+Checking whether fcntl supports setting/geting hints: NO
+Checking for the maximum value of the 'time_t' type: NO
+Checking whether the realpath function allows a NULL argument: OK
+Checking for ftruncate extend: OK
+getcwd takes a NULL argument: OK
+EOF
+
+	USING_SYSTEM_ASN1_COMPILE=1 ASN1_COMPILE=/usr/bin/asn1_compile \
+	USING_SYSTEM_COMPILE_ET=1 COMPILE_ET=/usr/bin/compile_et \
+	CFLAGS="-D__ANDROID_API__=24 -D__USE_FILE_OFFSET64=1" \
+	./buildtools/bin/waf configure \
+		--jobs="$TERMUX_MAKE_PROCESSES" \
+		--bundled-libraries='!asn1_compile,!compile_et' \
+		--cross-compile \
+		--cross-answers=cross-answers.txt \
+		--enable-fhs \
+		--prefix="$TERMUX_PREFIX" \
+		--sysconfdir="$TERMUX_PREFIX/etc" \
+		--localstatedir="$TERMUX_PREFIX/var" \
+		--sbindir="$TERMUX_PREFIX/bin" \
+		--disable-avahi \
+		--disable-cephfs \
+		--disable-cups \
+		--disable-glusterfs \
+		--disable-iprint \
+		--disable-python \
+		--nopyc \
+		--nopyo \
+		--disable-rpath \
+		--disable-rpath-install \
+		--disable-spotlight \
+		--without-acl-support \
+		--without-ad-dc \
+		--without-ads \
+		--without-automount \
+		--without-dmapi \
+		--without-dnsupdate \
+		--without-fam \
+		--without-gettext \
+		--with-gpfs=/dev/null \
+		--without-gpgme \
+		--without-json \
+		--without-ldap \
+		--without-ldb-lmdb \
+		--without-libarchive \
+		--without-lttng \
+		--without-ntvfs-fileserver \
+		--without-pam \
+		--without-quotas \
+		--without-regedit \
+		--without-systemd \
+		--without-utmp \
+		--without-winbind \
+		--with-shared-modules="${_vfs_modules},${_pdb_modules},${_auth_modules}" \
+		--with-static-modules='!auth_winbind'
+		# --disable-fault-handling \
+		# --disable-rpath-private-install \
+		# --with-logfilebase="$TERMUX_PREFIX/tmp/log/samba" \
+
+	./buildtools/bin/waf install --jobs="$TERMUX_MAKE_PROCESSES"
+
+	mkdir -p "$TERMUX_PREFIX/share/doc/samba"
+	sed -e "s|@TERMUX_PREFIX@|${TERMUX_PREFIX}|g" \
+		"$TERMUX_PKG_BUILDER_DIR/smb.conf.example.in" \
+		> "$TERMUX_PREFIX/share/doc/samba/smb.conf.example"
+}
+
+termux_step_post_massage() {
+	# keep empty dirs which were deleted in massage
+	mkdir -p "$TERMUX_PKG_MASSAGEDIR/$TERMUX_PREFIX/var/lib/samba/bind-dns" "$TERMUX_PKG_MASSAGEDIR/$TERMUX_PREFIX/var/lib/samba/private"
+	for dir in cache lock log run; do
+		mkdir -p "$TERMUX_PKG_MASSAGEDIR/$TERMUX_PREFIX/var/$dir/samba"
+	done
+	# 755 - as opposed to 700 - because testparm throws up a warning otherwise
+	chmod 755 "$TERMUX_PKG_MASSAGEDIR/$TERMUX_PREFIX/var/lock/samba" "$TERMUX_PKG_MASSAGEDIR/$TERMUX_PREFIX/var/lib/samba" "$TERMUX_PKG_MASSAGEDIR/$TERMUX_PREFIX/var/cache/samba"
+}

packages/samba/krb-link-already-defined.patch

@@ -0,0 +1,12 @@
+diff --git a/source4/heimdal_build/et_compile_wrapper.sh b/source4/heimdal_build/et_compile_wrapper.sh
+index 939b434..84f8615 100755
+--- a/source4/heimdal_build/et_compile_wrapper.sh
++++ b/source4/heimdal_build/et_compile_wrapper.sh
+@@ -43,6 +43,7 @@ cd "${DESTDIR}" && {
+ 	mv "${SOURCE}" "${TMP}" && {
+ 		echo "#include \"config.h\"" > "${SOURCE}" && {
+ 			cat "${TMP}" >> "${SOURCE}"
++			sed -i 's/link/link_et/g' "${SOURCE}" || :
+ 		}
+ 	}
+ 	rm -f "${TMP}"

packages/samba/more-pw_gecos-removal.patch

@@ -0,0 +1,118 @@
+diff --git a/nsswitch/wbinfo.c b/nsswitch/wbinfo.c
+index ae89f87..6b4eb7a 100644
+--- a/nsswitch/wbinfo.c
++++ b/nsswitch/wbinfo.c
+@@ -180,7 +180,7 @@ static bool wbinfo_get_userinfo(char *user)
+ 		 pwd->pw_passwd,
+ 		 (unsigned int)pwd->pw_uid,
+ 		 (unsigned int)pwd->pw_gid,
+-		 pwd->pw_gecos,
++		 pwd->pw_name,
+ 		 pwd->pw_dir,
+ 		 pwd->pw_shell);
+ 
+@@ -207,7 +207,7 @@ static bool wbinfo_get_uidinfo(int uid)
+ 		 pwd->pw_passwd,
+ 		 (unsigned int)pwd->pw_uid,
+ 		 (unsigned int)pwd->pw_gid,
+-		 pwd->pw_gecos,
++		 pwd->pw_name,
+ 		 pwd->pw_dir,
+ 		 pwd->pw_shell);
+ 
+@@ -235,7 +235,7 @@ static bool wbinfo_get_user_sidinfo(const char *sid_str)
+ 		 pwd->pw_passwd,
+ 		 (unsigned int)pwd->pw_uid,
+ 		 (unsigned int)pwd->pw_gid,
+-		 pwd->pw_gecos,
++		 pwd->pw_name,
+ 		 pwd->pw_dir,
+ 		 pwd->pw_shell);
+ 
+diff --git a/nsswitch/winbind_nss_linux.c b/nsswitch/winbind_nss_linux.c
+index 635813c..0c69bb9 100644
+--- a/nsswitch/winbind_nss_linux.c
++++ b/nsswitch/winbind_nss_linux.c
+@@ -201,19 +201,6 @@ static NSS_STATUS fill_pwent(struct passwd *result,
+ 	result->pw_uid = pw->pw_uid;
+ 	result->pw_gid = pw->pw_gid;
+ 
+-	/* GECOS */
+-	len = strlen(pw->pw_gecos) + 1;
+-
+-	if ((result->pw_gecos =
+-	     get_static(buffer, buflen, len)) == NULL) {
+-
+-		/* Out of memory */
+-
+-		return NSS_STATUS_TRYAGAIN;
+-	}
+-
+-	memcpy(result->pw_gecos, pw->pw_gecos, len);
+-
+ 	/* Home directory */
+ 	len = strlen(pw->pw_dir) + 1;
+ 
+diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
+index a66b646..15c1251 100644
+--- a/source3/passdb/passdb.c
++++ b/source3/passdb/passdb.c
+@@ -148,21 +148,10 @@ static NTSTATUS samu_set_unix_internal(struct pdb_methods *methods,
+ 
+ 	fullname = NULL;
+ 
+-	if (count_commas(pwd->pw_gecos) == 3) {
+-		/*
+-		 * Heuristic: This seems to be a gecos field that has been
+-		 * edited by chfn(1). Only use the part before the first
+-		 * comma. Fixes bug 5198.
+-		 */
+-		fullname = talloc_strndup(
+-			talloc_tos(), pwd->pw_gecos,
+-			strchr(pwd->pw_gecos, ',') - pwd->pw_gecos);
+-	}
+-
+ 	if (fullname != NULL) {
+ 		pdb_set_fullname(user, fullname, PDB_SET);
+ 	} else {
+-		pdb_set_fullname(user, pwd->pw_gecos, PDB_SET);
++		pdb_set_fullname(user, pwd->pw_name, PDB_SET);
+ 	}
+ 	TALLOC_FREE(fullname);
+ 
+diff --git a/source3/winbindd/wb_getpwsid.c b/source3/winbindd/wb_getpwsid.c
+index 8dc09eb..52d1ecc 100644
+--- a/source3/winbindd/wb_getpwsid.c
++++ b/source3/winbindd/wb_getpwsid.c
+@@ -116,9 +116,6 @@ static void wb_getpwsid_queryuser_done(struct tevent_req *subreq)
+ 
+ 	strlcpy(pw->pw_name, output_username, sizeof(pw->pw_name));
+ 
+-	strlcpy(pw->pw_gecos, info->full_name ? info->full_name : "",
+-		sizeof(pw->pw_gecos));
+-
+ 	tmp = talloc_sub_specified(
+ 		state, info->homedir, acct_name,
+ 		info->primary_group_name, info->domain_name,
+diff --git a/source4/auth/ntlm/auth_unix.c b/source4/auth/ntlm/auth_unix.c
+index 67cd5f3..bf1bc6d 100644
+--- a/source4/auth/ntlm/auth_unix.c
++++ b/source4/auth/ntlm/auth_unix.c
+@@ -83,7 +83,7 @@ static NTSTATUS authunix_make_user_info_dc(TALLOC_CTX *mem_ctx,
+ 	user_info_dc->user_session_key = data_blob(NULL,0);
+ 	user_info_dc->lm_session_key = data_blob(NULL,0);
+ 
+-	info->full_name = talloc_steal(info, pwd->pw_gecos);
++	info->full_name = talloc_strdup(info, pwd->pw_name); /* XXX: I _think_ talloc_steal here for pw_name would be wrong */
+ 	NT_STATUS_HAVE_NO_MEMORY(info->full_name);
+ 	info->logon_script = talloc_strdup(info, "");
+ 	NT_STATUS_HAVE_NO_MEMORY(info->logon_script);
+@@ -132,8 +132,6 @@ static NTSTATUS talloc_getpwnam(TALLOC_CTX *ctx, const char *username, struct pa
+ 
+         ret->pw_uid = from->pw_uid;
+         ret->pw_gid = from->pw_gid;
+-        ret->pw_gecos = talloc_strdup(ctx, from->pw_gecos);
+-	NT_STATUS_HAVE_NO_MEMORY(ret->pw_gecos);
+ 
+         ret->pw_dir = talloc_strdup(ctx, from->pw_dir);
+ 	NT_STATUS_HAVE_NO_MEMORY(ret->pw_dir);

packages/samba/openwrt-fix-host-tools-checks.patch

@@ -0,0 +1,40 @@
+--- a/wscript_configure_embedded_heimdal	2019-12-17
++++ b/wscript_configure_embedded_heimdal	2019-12-17
+@@ -1 +1,12 @@
+ conf.RECURSE('source4/heimdal_build')
++
++def check_system_heimdal_binary(name):
++    if conf.LIB_MAY_BE_BUNDLED(name):
++        return False
++    if not conf.find_program(name, var=name.upper()):
++        return False
++    conf.define('USING_SYSTEM_%s' % name.upper(), 1)
++    return True
++
++check_system_heimdal_binary("compile_et")
++check_system_heimdal_binary("asn1_compile")
+--- a/wscript_configure_system_heimdal	2019-12-17
++++ b/wscript_configure_system_heimdal	2019-12-17
+@@ -37,14 +37,6 @@ def check_system_heimdal_lib(name, funct
+     conf.define('USING_SYSTEM_%s' % name.upper(), 1)
+     return True
+ 
+-def check_system_heimdal_binary(name):
+-    if conf.LIB_MAY_BE_BUNDLED(name):
+-        return False
+-    if not conf.find_program(name, var=name.upper()):
+-        return False
+-    conf.define('USING_SYSTEM_%s' % name.upper(), 1)
+-    return True
+-
+ check_system_heimdal_lib("com_err", "com_right_r com_err", "com_err.h")
+ 
+ if check_system_heimdal_lib("roken", "rk_socket_set_reuseaddr", "roken.h"):
+@@ -96,7 +88,4 @@ finally:
+ #if conf.CHECK_BUNDLED_SYSTEM('tommath', checkfunctions='mp_init', headers='tommath.h'):
+ #    conf.define('USING_SYSTEM_TOMMATH', 1)
+ 
+-check_system_heimdal_binary("compile_et")
+-check_system_heimdal_binary("asn1_compile")
+-
+ conf.define('USING_SYSTEM_KRB5', 1)

packages/samba/smb.conf.example.in

@@ -0,0 +1,134 @@
+# vim: filetype=samba
+[global]
+   ; these are very recommended to have, even if maybe superfluous
+   workgroup = WORKGROUP
+   unix password sync = no
+   pam password change = no
+   obey pam restrictions = no
+   passwd program = @TERMUX_PREFIX@/bin/true
+   add user script = @TERMUX_PREFIX@/bin/true
+   add group script = @TERMUX_PREFIX@/bin/true
+   add user to group script = @TERMUX_PREFIX@/bin/true
+   add machine script = @TERMUX_PREFIX@/bin/true
+   delete user script = @TERMUX_PREFIX@/bin/true
+   delete user from group script = @TERMUX_PREFIX@/bin/true
+   delete group script = @TERMUX_PREFIX@/bin/true
+   rename user script = @TERMUX_PREFIX@/bin/true
+   name resolve order = lmhosts host bcast
+   bind interfaces only = yes
+   interfaces = 127.0.0.0/8 wlan0
+
+   ;hosts allow = 192.168.1.5 127.
+   server string = Samba on Termux
+   security = user
+   server role = standalone
+   delete readonly = yes
+   inherit permissions = yes
+
+   ; Make smbd do less and announce nothing
+   ; for automatic discovery, you may need to remove some of these
+   local master = no
+   preferred master = no
+   lm announce = no
+   multicast dns register = no
+   host msdfs = no
+   dns proxy = no
+   allow dns updates = disabled
+   dns update command = @TERMUX_PREFIX@/bin/false
+   server services = smb
+   dcerpc endpoint servers = rpcecho
+
+   ; if you disable NetBIOS, which enables automatic discovery, 1139 can be removed from smb ports
+   ;disable netbios = yes
+   ; remember: ports < 1024 cannot be bound to by non-root processes
+   ; Windows can only see SMB servers on port 445, so if your phone is rooted
+   ; use iptables to redirect requests for port
+   ; 445 to, say, 4445 (capabilities may work instead. no clue)
+   smb ports = 1139 4445
+   max connections = 6
+   max smbd processes = 8
+   deadtime = 15
+
+   ; disable guest access
+   map to guest = Never
+   restrict anonymous = 2
+
+   ; basic attempt at performance tuning for my phone
+   ; change as necessary for your device
+   ;aio read size = 16384 
+   aio write size = 0
+   use sendfile = yes 
+   min receivefile size = 16384
+   socket options = TCP_NODELAY SO_KEEPALIVE
+   oplocks = yes
+   level2 oplocks = yes
+   kernel oplocks = no
+   strict locking = no
+   max stat cache size = 1024
+
+   ; turn off things that cannot be set on sdcardfs and vfat filesystems
+   nt acl support = no
+   unix extensions = no
+   ea support = no
+   store dos attributes = no
+   map archive = no
+   map hidden = no
+   map readonly = no
+   map system = no
+
+   ;log file = @TERMUX_PREFIX@/var/log/samba/log.%m
+   ;log level = 0
+   max log size = 50
+   ;logging = syslog
+   ;syslog only = yes
+   ;syslog = 0
+   enable core files = no
+
+   ; disable printing support as much as possible
+   load printers = no
+   printing = bsd
+   printcap name = /dev/null
+   disable spoolss = yes
+   show add printer wizard = no
+   max print jobs = 0
+   lpq command = @TERMUX_PREFIX@/bin/false
+   lprm command = @TERMUX_PREFIX@/bin/false
+   print command = @TERMUX_PREFIX@/bin/false
+
+#============================ Share Definitions ==============================
+; remember to run termux-setup-storage first
+[internal]
+   comment = Internal storage
+   path = @TERMUX_HOME@/storage/shared
+   vfs objects = aio_pthread
+   aio_pthread:aio open = yes
+   read only = no
+   browseable = no
+   writable = yes
+   guest ok = no
+; these are commented because it seems they're assumed on Android anyway
+;   force user = root
+;   force group = everybody
+;   create mask = 0660
+;   force create mode = 0660
+;   directory mask = 0770
+;   force directory mode = 0770
+;   vfs objects = fake_perms
+
+; replace /storage/ext_sd with the path to your external card in /storage
+; because of the way Android works, you cannot have write access
+; to external storage unless you're running a custom ROM or have
+; the Magisk module that enables it installed
+;[external]
+;   comment = microSD
+;   path = /storage/ext_sd
+;   vfs objects = aio_pthread
+;   aio_pthread:aio open = yes
+;   read only = yes
+;   browseable = no
+;   writable = yes
+;   guest ok = no
+;   fstype = FAT
+;;   force group = media_rw
+;;   create mask = 0770
+;;   force create mode = 0770