Merge remote-tracking branch 'ms/squid-ad' into next

2026-04-11 19:55:52 +02:00 · 2014-07-27 12:01:50 +02:00
parent bb5902b6f4 889219356e
commit 2deb75c0f3
33 changed files with 896 additions and 254 deletions
--- a/config/etc/group
+++ b/config/etc/group
@@ -25,6 +25,7 @@ stunnel:x:51:
 lock:x:54:
 sshd:x:74:
 pcap:x:77:
+wbpriv:x:88:squid
 nobody:x:99:
 users:x:100:
 snort:x:101:
--- a/config/rootfiles/common/armv5tel/initscripts
+++ b/config/rootfiles/common/armv5tel/initscripts
@@ -131,7 +131,6 @@ etc/rc.d/init.d/upnpd
 #etc/rc.d/init.d/vdradmin
 #etc/rc.d/init.d/vsftpd
 #etc/rc.d/init.d/watchdog
-#etc/rc.d/init.d/winbind
 etc/rc.d/init.d/wlanclient
 #etc/rc.d/init.d/xinetd
 #etc/rc.d/rc0.d
--- a/config/rootfiles/common/i586/initscripts
+++ b/config/rootfiles/common/i586/initscripts
@@ -134,7 +134,6 @@ etc/rc.d/init.d/upnpd
 #etc/rc.d/init.d/vdradmin
 #etc/rc.d/init.d/vsftpd
 #etc/rc.d/init.d/watchdog
-#etc/rc.d/init.d/winbind
 etc/rc.d/init.d/wlanclient
 #etc/rc.d/init.d/xinetd
 #etc/rc.d/rc0.d
--- a/config/rootfiles/packages/krb5
+++ b/config/rootfiles/packages/krb5
@@ -0,0 +1,165 @@
+#usr/bin/gss-client
+#usr/bin/k5srvutil
+usr/bin/kadmin
+usr/bin/kdestroy
+usr/bin/kinit
+usr/bin/klist
+usr/bin/kpasswd
+#usr/bin/krb5-config
+#usr/bin/ksu
+#usr/bin/kswitch
+#usr/bin/ktutil
+#usr/bin/kvno
+#usr/bin/sclient
+#usr/bin/sim_client
+#usr/bin/uuclient
+#usr/include/gssapi
+#usr/include/gssapi.h
+#usr/include/gssapi/gssapi.h
+#usr/include/gssapi/gssapi_ext.h
+#usr/include/gssapi/gssapi_generic.h
+#usr/include/gssapi/gssapi_krb5.h
+#usr/include/gssapi/mechglue.h
+#usr/include/gssrpc
+#usr/include/gssrpc/auth.h
+#usr/include/gssrpc/auth_gss.h
+#usr/include/gssrpc/auth_gssapi.h
+#usr/include/gssrpc/auth_unix.h
+#usr/include/gssrpc/clnt.h
+#usr/include/gssrpc/netdb.h
+#usr/include/gssrpc/pmap_clnt.h
+#usr/include/gssrpc/pmap_prot.h
+#usr/include/gssrpc/pmap_rmt.h
+#usr/include/gssrpc/rename.h
+#usr/include/gssrpc/rpc.h
+#usr/include/gssrpc/rpc_msg.h
+#usr/include/gssrpc/svc.h
+#usr/include/gssrpc/svc_auth.h
+#usr/include/gssrpc/types.h
+#usr/include/gssrpc/xdr.h
+#usr/include/kadm5
+#usr/include/kadm5/admin.h
+#usr/include/kadm5/chpass_util_strings.h
+#usr/include/kadm5/kadm_err.h
+#usr/include/kdb.h
+#usr/include/krad.h
+#usr/include/krb5
+#usr/include/krb5.h
+#usr/include/krb5/ccselect_plugin.h
+#usr/include/krb5/clpreauth_plugin.h
+#usr/include/krb5/hostrealm_plugin.h
+#usr/include/krb5/kadm5_hook_plugin.h
+#usr/include/krb5/kdcpreauth_plugin.h
+#usr/include/krb5/krb5.h
+#usr/include/krb5/localauth_plugin.h
+#usr/include/krb5/locate_plugin.h
+#usr/include/krb5/plugin.h
+#usr/include/krb5/preauth_plugin.h
+#usr/include/krb5/pwqual_plugin.h
+#usr/include/profile.h
+#usr/include/verto-module.h
+#usr/include/verto.h
+usr/lib/krb5
+usr/lib/krb5/plugins
+usr/lib/krb5/plugins/authdata
+usr/lib/krb5/plugins/kdb
+usr/lib/krb5/plugins/kdb/db2.so
+usr/lib/krb5/plugins/libkrb5
+usr/lib/krb5/plugins/preauth
+usr/lib/krb5/plugins/preauth/otp.so
+usr/lib/krb5/plugins/preauth/pkinit.so
+#usr/lib/libgssapi_krb5.so
+usr/lib/libgssapi_krb5.so.2
+usr/lib/libgssapi_krb5.so.2.2
+#usr/lib/libgssrpc.so
+usr/lib/libgssrpc.so.4
+usr/lib/libgssrpc.so.4.2
+#usr/lib/libk5crypto.so
+usr/lib/libk5crypto.so.3
+usr/lib/libk5crypto.so.3.1
+#usr/lib/libkadm5clnt.so
+#usr/lib/libkadm5clnt_mit.so
+usr/lib/libkadm5clnt_mit.so.9
+usr/lib/libkadm5clnt_mit.so.9.0
+#usr/lib/libkadm5srv.so
+#usr/lib/libkadm5srv_mit.so
+usr/lib/libkadm5srv_mit.so.9
+usr/lib/libkadm5srv_mit.so.9.0
+#usr/lib/libkdb5.so
+usr/lib/libkdb5.so.7
+usr/lib/libkdb5.so.7.0
+#usr/lib/libkrad.so
+usr/lib/libkrad.so.0
+usr/lib/libkrad.so.0.0
+#usr/lib/libkrb5.so
+usr/lib/libkrb5.so.3
+usr/lib/libkrb5.so.3.3
+#usr/lib/libkrb5support.so
+usr/lib/libkrb5support.so.0
+usr/lib/libkrb5support.so.0.1
+#usr/lib/libverto.so
+usr/lib/libverto.so.0
+usr/lib/libverto.so.0.0
+#usr/lib/pkgconfig/gssrpc.pc
+#usr/lib/pkgconfig/kadm-client.pc
+#usr/lib/pkgconfig/kadm-server.pc
+#usr/lib/pkgconfig/kdb.pc
+#usr/lib/pkgconfig/krb5-gssapi.pc
+#usr/lib/pkgconfig/krb5.pc
+#usr/lib/pkgconfig/mit-krb5-gssapi.pc
+#usr/lib/pkgconfig/mit-krb5.pc
+#usr/sbin/gss-server
+#usr/sbin/kadmin.local
+#usr/sbin/kadmind
+#usr/sbin/kdb5_util
+#usr/sbin/kprop
+#usr/sbin/kpropd
+#usr/sbin/kproplog
+#usr/sbin/krb5-send-pr
+#usr/sbin/krb5kdc
+#usr/sbin/sim_server
+#usr/sbin/sserver
+#usr/sbin/uuserver
+#usr/share/examples
+#usr/share/examples/krb5
+#usr/share/examples/krb5/kdc.conf
+#usr/share/examples/krb5/krb5.conf
+#usr/share/examples/krb5/services.append
+#usr/share/gnats
+#usr/share/gnats/mit
+#usr/share/locale/en_US
+#usr/share/locale/en_US/LC_MESSAGES
+#usr/share/locale/en_US/LC_MESSAGES/mit-krb5.mo
+#usr/share/man/cat1
+#usr/share/man/cat5
+#usr/share/man/cat8
+#usr/share/man/man1/k5srvutil.1
+#usr/share/man/man1/kadmin.1
+#usr/share/man/man1/kdestroy.1
+#usr/share/man/man1/kinit.1
+#usr/share/man/man1/klist.1
+#usr/share/man/man1/kpasswd.1
+#usr/share/man/man1/krb5-config.1
+#usr/share/man/man1/krb5-send-pr.1
+#usr/share/man/man1/ksu.1
+#usr/share/man/man1/kswitch.1
+#usr/share/man/man1/ktutil.1
+#usr/share/man/man1/kvno.1
+#usr/share/man/man1/sclient.1
+#usr/share/man/man5/.k5identity.5
+#usr/share/man/man5/.k5login.5
+#usr/share/man/man5/k5identity.5
+#usr/share/man/man5/k5login.5
+#usr/share/man/man5/kadm5.acl.5
+#usr/share/man/man5/kdc.conf.5
+#usr/share/man/man5/krb5.conf.5
+#usr/share/man/man8/kadmin.local.8
+#usr/share/man/man8/kadmind.8
+#usr/share/man/man8/kdb5_ldap_util.8
+#usr/share/man/man8/kdb5_util.8
+#usr/share/man/man8/kprop.8
+#usr/share/man/man8/kpropd.8
+#usr/share/man/man8/kproplog.8
+#usr/share/man/man8/krb5kdc.8
+#usr/share/man/man8/sserver.8
+var/lib/krb5kdc
--- a/config/rootfiles/packages/samba
+++ b/config/rootfiles/packages/samba
@@ -219,10 +219,10 @@ var/ipfire/samba/shares
 var/ipfire/samba/smb.conf
 var/ipfire/samba/smb.conf.default
 var/lib/samba
+var/lib/samba/winbindd_privileged
 var/log/samba
 var/nmbd
 etc/rc.d/init.d/samba
-etc/rc.d/init.d/winbind
 srv/web/ipfire/cgi-bin/samba.cgi
 srv/web/ipfire/cgi-bin/sambahlp.cgi
 var/ipfire/menu.d/EX-samba.menu
--- a/doc/language_issues.de
+++ b/doc/language_issues.de
@@ -21,6 +21,7 @@ WARNING: translation string unused: add-route
 WARNING: translation string unused: addon
 WARNING: translation string unused: admin user password has been changed
 WARNING: translation string unused: administrator user password
+WARNING: translation string unused: adsl settings
 WARNING: translation string unused: advproxy LDAP auth
 WARNING: translation string unused: advproxy NTLM auth
 WARNING: translation string unused: advproxy advanced proxy
--- a/doc/language_issues.en
+++ b/doc/language_issues.en
@@ -20,6 +20,7 @@ WARNING: translation string unused: add xtaccess
 WARNING: translation string unused: add-route
 WARNING: translation string unused: admin user password has been changed
 WARNING: translation string unused: administrator user password
+WARNING: translation string unused: adsl settings
 WARNING: translation string unused: advproxy LDAP auth
 WARNING: translation string unused: advproxy NTLM auth
 WARNING: translation string unused: advproxy advanced proxy
--- a/doc/language_issues.es
+++ b/doc/language_issues.es
@@ -594,10 +594,16 @@ WARNING: untranslated string: Number of Countries for the pie chart
 WARNING: untranslated string: Scan for Songs
 WARNING: untranslated string: Set time on boot
 WARNING: untranslated string: addons
+WARNING: untranslated string: administrator password
+WARNING: untranslated string: administrator username
+WARNING: untranslated string: advproxy AUTH method ntlm
+WARNING: untranslated string: advproxy AUTH method ntlm auth
 WARNING: untranslated string: advproxy cache-digest
 WARNING: untranslated string: advproxy errmsg cache
 WARNING: untranslated string: advproxy errmsg invalid upstream proxy
 WARNING: untranslated string: advproxy errmsg proxy ports equal
+WARNING: untranslated string: advproxy group access control
+WARNING: untranslated string: advproxy group required
 WARNING: untranslated string: advproxy proxy port transparent
 WARNING: untranslated string: atm device
 WARNING: untranslated string: attention
@@ -861,6 +867,7 @@ WARNING: untranslated string: least preferred
 WARNING: untranslated string: lifetime
 WARNING: untranslated string: mac filter
 WARNING: untranslated string: maximum
+WARNING: untranslated string: messages
 WARNING: untranslated string: minimum
 WARNING: untranslated string: minute
 WARNING: untranslated string: model
@@ -932,6 +939,8 @@ WARNING: untranslated string: route config changed
 WARNING: untranslated string: routing config added
 WARNING: untranslated string: routing config changed
 WARNING: untranslated string: routing table
+WARNING: untranslated string: samba join a domain
+WARNING: untranslated string: samba join domain
 WARNING: untranslated string: server restart
 WARNING: untranslated string: show dh
 WARNING: untranslated string: show tls-auth key
--- a/doc/language_issues.fr
+++ b/doc/language_issues.fr
@@ -604,10 +604,16 @@ WARNING: untranslated string: MTU settings
 WARNING: untranslated string: Number of Countries for the pie chart
 WARNING: untranslated string: Scan for Songs
 WARNING: untranslated string: addons
+WARNING: untranslated string: administrator password
+WARNING: untranslated string: administrator username
+WARNING: untranslated string: advproxy AUTH method ntlm
+WARNING: untranslated string: advproxy AUTH method ntlm auth
 WARNING: untranslated string: advproxy cache-digest
 WARNING: untranslated string: advproxy errmsg cache
 WARNING: untranslated string: advproxy errmsg invalid upstream proxy
 WARNING: untranslated string: advproxy errmsg proxy ports equal
+WARNING: untranslated string: advproxy group access control
+WARNING: untranslated string: advproxy group required
 WARNING: untranslated string: advproxy proxy port transparent
 WARNING: untranslated string: atm device
 WARNING: untranslated string: attention
@@ -872,6 +878,7 @@ WARNING: untranslated string: least preferred
 WARNING: untranslated string: lifetime
 WARNING: untranslated string: mac filter
 WARNING: untranslated string: maximum
+WARNING: untranslated string: messages
 WARNING: untranslated string: minimum
 WARNING: untranslated string: minute
 WARNING: untranslated string: model
@@ -939,6 +946,8 @@ WARNING: untranslated string: route config changed
 WARNING: untranslated string: routing config added
 WARNING: untranslated string: routing config changed
 WARNING: untranslated string: routing table
+WARNING: untranslated string: samba join a domain
+WARNING: untranslated string: samba join domain
 WARNING: untranslated string: server restart
 WARNING: untranslated string: show dh
 WARNING: untranslated string: show tls-auth key
--- a/doc/language_issues.nl
+++ b/doc/language_issues.nl
@@ -661,6 +661,12 @@ WARNING: translation string unused: yearly firewallhits
 WARNING: untranslated string: MTU settings
 WARNING: untranslated string: Number of Countries for the pie chart
 WARNING: untranslated string: Scan for Songs
+WARNING: untranslated string: administrator password
+WARNING: untranslated string: administrator username
+WARNING: untranslated string: advproxy AUTH method ntlm
+WARNING: untranslated string: advproxy AUTH method ntlm auth
+WARNING: untranslated string: advproxy group access control
+WARNING: untranslated string: advproxy group required
 WARNING: untranslated string: atm device
 WARNING: untranslated string: bytes
 WARNING: untranslated string: capabilities
@@ -683,6 +689,7 @@ WARNING: untranslated string: gen dh
 WARNING: untranslated string: generate dh key
 WARNING: untranslated string: imei
 WARNING: untranslated string: imsi
+WARNING: untranslated string: messages
 WARNING: untranslated string: model
 WARNING: untranslated string: modem hardware details
 WARNING: untranslated string: modem information
@@ -712,6 +719,8 @@ WARNING: untranslated string: route config changed
 WARNING: untranslated string: routing config added
 WARNING: untranslated string: routing config changed
 WARNING: untranslated string: routing table
+WARNING: untranslated string: samba join a domain
+WARNING: untranslated string: samba join domain
 WARNING: untranslated string: show dh
 WARNING: untranslated string: show tls-auth key
 WARNING: untranslated string: software version
--- a/doc/language_issues.pl
+++ b/doc/language_issues.pl
@@ -594,10 +594,16 @@ WARNING: untranslated string: Number of Countries for the pie chart
 WARNING: untranslated string: Scan for Songs
 WARNING: untranslated string: Set time on boot
 WARNING: untranslated string: addons
+WARNING: untranslated string: administrator password
+WARNING: untranslated string: administrator username
+WARNING: untranslated string: advproxy AUTH method ntlm
+WARNING: untranslated string: advproxy AUTH method ntlm auth
 WARNING: untranslated string: advproxy cache-digest
 WARNING: untranslated string: advproxy errmsg cache
 WARNING: untranslated string: advproxy errmsg invalid upstream proxy
 WARNING: untranslated string: advproxy errmsg proxy ports equal
+WARNING: untranslated string: advproxy group access control
+WARNING: untranslated string: advproxy group required
 WARNING: untranslated string: advproxy proxy port transparent
 WARNING: untranslated string: atm device
 WARNING: untranslated string: attention
@@ -861,6 +867,7 @@ WARNING: untranslated string: least preferred
 WARNING: untranslated string: lifetime
 WARNING: untranslated string: mac filter
 WARNING: untranslated string: maximum
+WARNING: untranslated string: messages
 WARNING: untranslated string: minimum
 WARNING: untranslated string: minute
 WARNING: untranslated string: model
@@ -932,6 +939,8 @@ WARNING: untranslated string: route config changed
 WARNING: untranslated string: routing config added
 WARNING: untranslated string: routing config changed
 WARNING: untranslated string: routing table
+WARNING: untranslated string: samba join a domain
+WARNING: untranslated string: samba join domain
 WARNING: untranslated string: server restart
 WARNING: untranslated string: show dh
 WARNING: untranslated string: show tls-auth key
--- a/doc/language_issues.ru
+++ b/doc/language_issues.ru
@@ -597,10 +597,16 @@ WARNING: untranslated string: MTU settings
 WARNING: untranslated string: Number of Countries for the pie chart
 WARNING: untranslated string: Scan for Songs
 WARNING: untranslated string: addons
+WARNING: untranslated string: administrator password
+WARNING: untranslated string: administrator username
+WARNING: untranslated string: advproxy AUTH method ntlm
+WARNING: untranslated string: advproxy AUTH method ntlm auth
 WARNING: untranslated string: advproxy cache-digest
 WARNING: untranslated string: advproxy errmsg cache
 WARNING: untranslated string: advproxy errmsg invalid upstream proxy
 WARNING: untranslated string: advproxy errmsg proxy ports equal
+WARNING: untranslated string: advproxy group access control
+WARNING: untranslated string: advproxy group required
 WARNING: untranslated string: advproxy proxy port transparent
 WARNING: untranslated string: atm device
 WARNING: untranslated string: attention
@@ -857,6 +863,7 @@ WARNING: untranslated string: least preferred
 WARNING: untranslated string: lifetime
 WARNING: untranslated string: mac filter
 WARNING: untranslated string: maximum
+WARNING: untranslated string: messages
 WARNING: untranslated string: minimum
 WARNING: untranslated string: minute
 WARNING: untranslated string: model
@@ -922,6 +929,8 @@ WARNING: untranslated string: route config changed
 WARNING: untranslated string: routing config added
 WARNING: untranslated string: routing config changed
 WARNING: untranslated string: routing table
+WARNING: untranslated string: samba join a domain
+WARNING: untranslated string: samba join domain
 WARNING: untranslated string: server restart
 WARNING: untranslated string: show dh
 WARNING: untranslated string: show tls-auth key
--- a/doc/language_issues.tr
+++ b/doc/language_issues.tr
@@ -664,6 +664,12 @@ WARNING: translation string unused: yearly firewallhits
 WARNING: untranslated string: MTU settings
 WARNING: untranslated string: Number of Countries for the pie chart
 WARNING: untranslated string: Scan for Songs
+WARNING: untranslated string: administrator password
+WARNING: untranslated string: administrator username
+WARNING: untranslated string: advproxy AUTH method ntlm
+WARNING: untranslated string: advproxy AUTH method ntlm auth
+WARNING: untranslated string: advproxy group access control
+WARNING: untranslated string: advproxy group required
 WARNING: untranslated string: bytes
 WARNING: untranslated string: capabilities
 WARNING: untranslated string: default
@@ -683,6 +689,7 @@ WARNING: untranslated string: gen dh
 WARNING: untranslated string: generate dh key
 WARNING: untranslated string: imei
 WARNING: untranslated string: imsi
+WARNING: untranslated string: messages
 WARNING: untranslated string: model
 WARNING: untranslated string: modem hardware details
 WARNING: untranslated string: modem information
@@ -711,6 +718,8 @@ WARNING: untranslated string: route config changed
 WARNING: untranslated string: routing config added
 WARNING: untranslated string: routing config changed
 WARNING: untranslated string: routing table
+WARNING: untranslated string: samba join a domain
+WARNING: untranslated string: samba join domain
 WARNING: untranslated string: show dh
 WARNING: untranslated string: show tls-auth key
 WARNING: untranslated string: software version
--- a/doc/language_missings
+++ b/doc/language_missings
@@ -14,10 +14,17 @@
 # Checking cgi-bin translations for language: fr                           #
 ############################################################################
 < addon
+< administrator password
+< administrator username
+< adsl settings
+< advproxy AUTH method ntlm
+< advproxy AUTH method ntlm auth
 < advproxy cache-digest
 < advproxy errmsg cache
 < advproxy errmsg invalid upstream proxy
 < advproxy errmsg proxy ports equal
+< advproxy group access control
+< advproxy group required
 < advproxy proxy port transparent
 < age second
 < age seconds
@@ -337,6 +344,7 @@
 < maximum
 < MB read
 < MB written
+< messages
 < minimum
 < minute
 < model
@@ -407,6 +415,8 @@
 < qos enter bandwidths
 < random number generator daemon
 < red1
+< samba join a domain
+< samba join domain
 < server restart
 < show dh
 < snat new source ip address
@@ -545,10 +555,17 @@
 # Checking cgi-bin translations for language: es                           #
 ############################################################################
 < addon
+< administrator password
+< administrator username
+< adsl settings
+< advproxy AUTH method ntlm
+< advproxy AUTH method ntlm auth
 < advproxy cache-digest
 < advproxy errmsg cache
 < advproxy errmsg invalid upstream proxy
 < advproxy errmsg proxy ports equal
+< advproxy group access control
+< advproxy group required
 < advproxy proxy port transparent
 < age second
 < age seconds
@@ -868,6 +885,7 @@
 < maximum
 < MB read
 < MB written
+< messages
 < minimum
 < minute
 < model
@@ -954,6 +972,8 @@
 < qos enter bandwidths
 < random number generator daemon
 < red1
+< samba join a domain
+< samba join domain
 < server restart
 < Set time on boot
 < show dh
@@ -1069,10 +1089,17 @@
 # Checking cgi-bin translations for language: pl                           #
 ############################################################################
 < addon
+< administrator password
+< administrator username
+< adsl settings
+< advproxy AUTH method ntlm
+< advproxy AUTH method ntlm auth
 < advproxy cache-digest
 < advproxy errmsg cache
 < advproxy errmsg invalid upstream proxy
 < advproxy errmsg proxy ports equal
+< advproxy group access control
+< advproxy group required
 < advproxy proxy port transparent
 < age second
 < age seconds
@@ -1383,6 +1410,7 @@
 < maximum
 < MB read
 < MB written
+< messages
 < minimum
 < minute
 < model
@@ -1455,6 +1483,8 @@
 < qos enter bandwidths
 < random number generator daemon
 < red1
+< samba join a domain
+< samba join domain
 < server restart
 < show dh
 < snat new source ip address
@@ -1569,10 +1599,17 @@
 ############################################################################
 < Add a route
 < addon
+< administrator password
+< administrator username
+< adsl settings
+< advproxy AUTH method ntlm
+< advproxy AUTH method ntlm auth
 < advproxy cache-digest
 < advproxy errmsg cache
 < advproxy errmsg invalid upstream proxy
 < advproxy errmsg proxy ports equal
+< advproxy group access control
+< advproxy group required
 < advproxy proxy port transparent
 < age second
 < age seconds
@@ -1889,6 +1926,7 @@
 < maximum
 < MB read
 < MB written
+< messages
 < minimum
 < minute
 < model
@@ -1959,6 +1997,8 @@
 < qos enter bandwidths
 < random number generator daemon
 < red1
+< samba join a domain
+< samba join domain
 < server restart
 < show dh
 < snat new source ip address
--- a/html/cgi-bin/proxy.cgi
+++ b/html/cgi-bin/proxy.cgi
@@ -172,6 +172,8 @@ unless (-e $acl_include) { system("touch $acl_include"); }
 unless (-e $browserdb) { system("touch $browserdb"); }
 unless (-e $mimetypes) { system("touch $mimetypes"); }

+my $HAVE_NTLM_AUTH = (-e "/usr/bin/ntlm_auth");
+
 open FILE, $browserdb;
@useragentlist = sort { reverse(substr(reverse(substr($a,index($a,',')+1)),index(reverse(substr($a,index($a,','))),',')+1)) cmp reverse(substr(reverse(substr($b,index($b,',')+1)),index(reverse(substr($b,index($b,','))),',')+1))} grep !/(^$)|(^\s*#)/,<FILE>;
 close(FILE);
@@ -264,6 +266,7 @@ $proxysettings{'LDAP_PORT'} = '389';
 $proxysettings{'LDAP_BINDDN_USER'} = '';
 $proxysettings{'LDAP_BINDDN_PASS'} = '';
 $proxysettings{'LDAP_GROUP'} = '';
+$proxysettings{'NTLM_AUTH_GROUP'} = '';
 $proxysettings{'NTLM_DOMAIN'} = '';
 $proxysettings{'NTLM_PDC'} = '';
 $proxysettings{'NTLM_BDC'} = '';
@@ -860,6 +863,7 @@ $checked{'AUTH_METHOD'}{'ncsa'} = '';
 $checked{'AUTH_METHOD'}{'ident'} = '';
 $checked{'AUTH_METHOD'}{'ldap'} = '';
 $checked{'AUTH_METHOD'}{'ntlm'} = '';
+$checked{'AUTH_METHOD'}{'ntlm-auth'} = '';
 $checked{'AUTH_METHOD'}{'radius'} = '';
 $checked{'AUTH_METHOD'}{$proxysettings{'AUTH_METHOD'}} = "checked='checked'";

@@ -1686,18 +1690,33 @@ print <<END
 END
 ;

-print <<END
+my $auth_columns = 5;
+if ($HAVE_NTLM_AUTH) {
+	$auth_columns++;
+}
+my $auth_column_width = 100 / $auth_columns;
+
+print <<END;
 <table width='100%'>
 <tr>
-	<td colspan='5'><b>$Lang::tr{'advproxy AUTH method'}</b></td>
+	<td colspan='$auth_columns'><b>$Lang::tr{'advproxy AUTH method'}</b></td>
 </tr>
 <tr>
-	<td width='16%' class='base'><input type='radio' name='AUTH_METHOD' value='none' $checked{'AUTH_METHOD'}{'none'} />$Lang::tr{'advproxy AUTH method none'}</td>
-	<td width='16%' class='base'><input type='radio' name='AUTH_METHOD' value='ncsa' $checked{'AUTH_METHOD'}{'ncsa'} />$Lang::tr{'advproxy AUTH method ncsa'}</td>
-	<td width='16%' class='base'><input type='radio' name='AUTH_METHOD' value='ident' $checked{'AUTH_METHOD'}{'ident'} />$Lang::tr{'advproxy AUTH method ident'}</td>
-	<td width='16%' class='base'><input type='radio' name='AUTH_METHOD' value='ldap' $checked{'AUTH_METHOD'}{'ldap'} />$Lang::tr{'advproxy AUTH method ldap'}</td>
-	<td width='16%' class='base'><input type='radio' name='AUTH_METHOD' value='ntlm' $checked{'AUTH_METHOD'}{'ntlm'} />$Lang::tr{'advproxy AUTH method ntlm'}</td>
-	<td width='16%' class='base'><input type='radio' name='AUTH_METHOD' value='radius' $checked{'AUTH_METHOD'}{'radius'} />$Lang::tr{'advproxy AUTH method radius'}</td>
+	<td width='$auth_column_width%' class='base'><input type='radio' name='AUTH_METHOD' value='none' $checked{'AUTH_METHOD'}{'none'} />$Lang::tr{'advproxy AUTH method none'}</td>
+	<td width='$auth_column_width%' class='base'><input type='radio' name='AUTH_METHOD' value='ncsa' $checked{'AUTH_METHOD'}{'ncsa'} />$Lang::tr{'advproxy AUTH method ncsa'}</td>
+	<td width='$auth_column_width%' class='base'><input type='radio' name='AUTH_METHOD' value='ident' $checked{'AUTH_METHOD'}{'ident'} />$Lang::tr{'advproxy AUTH method ident'}</td>
+	<td width='$auth_column_width%' class='base'><input type='radio' name='AUTH_METHOD' value='ldap' $checked{'AUTH_METHOD'}{'ldap'} />$Lang::tr{'advproxy AUTH method ldap'}</td>
+	<td width='$auth_column_width%' class='base'><input type='radio' name='AUTH_METHOD' value='ntlm' $checked{'AUTH_METHOD'}{'ntlm'} />$Lang::tr{'advproxy AUTH method ntlm'}</td>
+END
+
+if ($HAVE_NTLM_AUTH) {
+	print <<END;
+	<td width='$auth_column_width%' class='base'><input type='radio' name='AUTH_METHOD' value='ntlm-auth' $checked{'AUTH_METHOD'}{'ntlm-auth'} />$Lang::tr{'advproxy AUTH method ntlm auth'}</td>
+END
+}
+
+print <<END
+	<td width='$auth_column_width%' class='base'><input type='radio' name='AUTH_METHOD' value='radius' $checked{'AUTH_METHOD'}{'radius'} />$Lang::tr{'advproxy AUTH method radius'}</td>
 </tr>
 </table>
 END
@@ -1976,6 +1995,27 @@ if ($proxysettings{'AUTH_METHOD'} eq 'ntlm') { print <<END
 END
 ; }

+# ===================================================================
+#  NTLM-AUTH settings
+# ===================================================================
+
+if ($proxysettings{'AUTH_METHOD'} eq 'ntlm-auth') {
+	print <<END;
+		<hr size ='1'>
+		<table width='100%'>
+			<tr>
+				<td colspan='4'><b>$Lang::tr{'advproxy group access control'}</b></td>
+			</tr>
+			<tr>
+				<td width='20%' class='base'>$Lang::tr{'advproxy group required'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
+				<td width='40%'><input type='text' name='NTLM_AUTH_GROUP' value='$proxysettings{'NTLM_AUTH_GROUP'}' size='37' /></td>
+				<td>&nbsp;</td>
+				<td>&nbsp;</td>
+			</tr>
+	</table>
+END
+}
+
 # ===================================================================
 #  LDAP auth settings
 # ===================================================================
@@ -3143,7 +3183,6 @@ END
 	print FILE <<END

 cache_effective_user squid
-cache_effective_group squid
 umask 022

 pid_filename /var/run/squid.pid
@@ -3326,6 +3365,20 @@ END
 			}
 		}

+		if ($proxysettings{'AUTH_METHOD'} eq 'ntlm-auth')
+		{
+			print FILE "auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp";
+			if ($proxysettings{'NTLM_AUTH_GROUP'}) {
+				my $ntlm_auth_group = $proxysettings{'NTLM_AUTH_GROUP'};
+				$ntlm_auth_group =~ s/\\/\+/;
+
+				print FILE " --require-membership-of=\"$ntlm_auth_group\"";
+			}
+			print FILE "\n";
+
+			print FILE "auth_param ntlm children $proxysettings{'AUTH_CHILDREN'}\n";
+		}
+
 		if ($proxysettings{'AUTH_METHOD'} eq 'radius')
 		{
 			print FILE "auth_param basic program $authdir/basic_radius_auth -h $proxysettings{'RADIUS_SERVER'} -p $proxysettings{'RADIUS_PORT'} ";
--- a/html/cgi-bin/samba.cgi
+++ b/html/cgi-bin/samba.cgi
@@ -67,8 +67,7 @@ $ovpnip[3]=$ovpnip[3]+1;
 ############################################################################################################################
 ############################################# Samba Dienste fr Statusberprfung ##########################################

-my %servicenames = ('SMB Daemon' => 'smbd','NetBIOS Nameserver' => 'nmbd');
-#my %servicenames = ('SMB Daemon' => 'smbd','NetBIOS Nameserver' => 'nmbd','Winbind Daemon' => 'winbindd');
+my %servicenames = ('SMB Daemon' => 'smbd', 'NetBIOS Nameserver' => 'nmbd', 'Winbind Daemon' => 'winbindd');

 &Header::showhttpheaders();

@@ -192,6 +191,10 @@ if ($sambasettings{'ACTION'} eq 'globalresetyes')
 	refreshpage();
 	}

+if ($sambasettings{'ACTION'} eq 'join') {
+	$message .= &joindomain($sambasettings{'USERNAME'}, $sambasettings{'PASSWORD'});
+}
+
 ############################################################################################################################
 ################################################ Sicherheitsabfrage für den Reset ##########################################

@@ -276,6 +279,7 @@ print FILE <<END
 netbios name = $sambasettings{'NETBIOSNAME'}
 server string = $sambasettings{'SRVSTRING'}
 workgroup = $sambasettings{'WORKGRP'}
+realm = $mainsettings{'DOMAINNAME'}
 passdb backend = smbpasswd

 wide links = $sambasettings{'WIDELINKS'}
@@ -315,8 +319,12 @@ username level = 1
 wins support = $sambasettings{'WINSSUPPORT'}
 wins server = $sambasettings{'WINSSRV'}

+winbind separator = +
+winbind uid = 10000-20000
+winbind gid = 10000-20000
+winbind use default domain = yes
+
 log file       = /var/log/samba/samba-log.%m
-lock directory = /var/lock/samba
 pid directory  = /var/run/
 log level = $sambasettings{'LOGLEVEL'}
 syslog = $sambasettings{'SYSLOGLEVEL'}
@@ -384,6 +392,15 @@ if ($errormessage)
 	&Header::closebox();
 	}

+if ($message) {
+	$message = &Header::cleanhtml($message);
+	$message =~ s/\n/<br>/g;
+
+	&Header::openbox('100%', 'left', $Lang::tr{'messages'});
+	print "$message\n";
+	&Header::closebox();
+}
+
 ############################################################################################################################
 ########################################## Aktivieren von Checkboxen und Dropdowns #########################################

@@ -440,14 +457,6 @@ $selected{'SECURITY'}{$sambasettings{'SECURITY'}} = "selected='selected'";
 print <<END
 <br />
 <table width='95%' cellspacing='0'>
-END
-;
-if ( $message ne "" )
-	{
-	print "<tr><td colspan='3' align='left'><font color='red'>$message</font>";
-	}
-
-print <<END
 <tr bgcolor='$color{'color20'}'><td colspan='2' align='left'><b>$Lang::tr{'all services'}</b></td></tr>
 </table><table width='95%' cellspacing='0'>
 END
@@ -875,6 +884,55 @@ END
 &Header::closebox();
 }

+if ($sambasettings{'SECURITY'} eq "ADS") {
+	&Header::openbox('100%', 'center', $Lang::tr{'samba join a domain'});
+
+	my $AD_DOMAINNAME = uc($mainsettings{'DOMAINNAME'});
+
+	print <<END;
+	<form method="POST" action="$ENV{'SCRIPT_NAME'}">
+		<input type="hidden" name="ACTION" value="join">
+
+		<table width="95%">
+			<tbody>
+				<tr>
+					<td width="40%">
+						$Lang::tr{'domain'}
+					</td>
+					<td>
+						$AD_DOMAINNAME
+					</td>
+				</tr>
+				<tr>
+					<td width="40%">
+						$Lang::tr{'administrator username'}
+					</td>
+					<td>
+						<input type="text" name="USERNAME" size="30">
+					</td>
+				</tr>
+				<tr>
+					<td width="40%">
+						$Lang::tr{'administrator password'}
+					</td>
+					<td>
+						<input type="password" name="PASSWORD" size="30">
+					</td>
+				</tr>
+				<tr>
+					<td></td>
+					<td>
+						<input type="submit" value="$Lang::tr{'samba join domain'}">
+					</td>
+				</tr>
+			</tbody>
+		</table>
+	</form>
+END
+
+	&Header::closebox();
+}
+
 ############################################################################################################################
 ############################################### Verwalten von Freigaben ####################################################

@@ -1304,3 +1362,13 @@ sub isrunning
 		}
 	return $status;
 	}
+
+sub joindomain {
+	my $username = shift;
+	my $password = shift;
+
+	my @options = ("/usr/local/bin/sambactrl", "join", $username, $password);
+	my $output = qx(@options);
+
+	return $output;
+}
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -99,7 +99,10 @@
 'addon' => 'Addons',
 'admin user password has been changed' => 'Passwort für Benutzer admin wurde geändert.',
 'admin users' => 'Liste der Benutzer mit Super User Rechten',
+'administrator password' => 'Administrator-Passwort',
 'administrator user password' => 'Passwort für Benutzer &quot;admin&quot;:',
+'administrator username' => 'Administrator-Benutzername',
+'adsl settings' => 'ADSL-Einstellungen',
 'advanced' => 'Erweitert',
 'advanced server' => 'Erweiterte Server-Optionen',
 'advproxy AUTH always required' => 'Authentifizierung für uneingeschränkte Quelladressen erforderlich',
@@ -111,7 +114,8 @@
 'advproxy AUTH method ldap' => 'LDAP',
 'advproxy AUTH method ncsa' => 'Lokal',
 'advproxy AUTH method none' => 'Keine',
-'advproxy AUTH method ntlm' => 'Windows',
+'advproxy AUTH method ntlm' => 'Windows NT4-Domäne',
+'advproxy AUTH method ntlm auth' => 'Windows Active Directory',
 'advproxy AUTH method radius' => 'RADIUS',
 'advproxy AUTH no auth' => 'Domains ohne Authentifizierung (eine pro Zeile)',
 'advproxy AUTH number of auth processes' => 'Anzahl der Authentifizierungsprozesse',
@@ -262,6 +266,8 @@
 'advproxy fake useragent' => 'Gefälschter Useragent für externe Web-Sites',
 'advproxy friday' => 'Fre',
 'advproxy from' => 'Von',
+'advproxy group access control' => 'Gruppenbasierte Zugriffskontrolle',
+'advproxy group required' => 'Erforderliche Gruppe',
 'advproxy hdd cache size' => 'Cachegröße auf der Festplatte (MB)',
 'advproxy invalid num of children' => 'Ungültige Anzahl der Filter-Prozesse',
 'advproxy log enabled' => 'Protokoll aktiviert',
@@ -1462,6 +1468,7 @@
 'memory' => 'Speicher',
 'memory information' => 'Speicherinformationen',
 'memory usage per' => 'Speichernutzung pro',
+'messages' => 'Meldungen',
 'messages logging' => 'Logeinstellungen für /var/log/messages',
 'method' => 'Methode:',
 'min costs' => 'Minimale Kosten',
@@ -1897,6 +1904,8 @@
 'running' => 'LÄUFT',
 'safe removal of umounted device' => 'Sie können gefahrlos das abgemeldete Gerät entfernen',
 'samba' => 'Samba',
+'samba join a domain' => 'Einer Domäne beitreten',
+'samba join domain' => 'Domäne beitreten',
 'samba status' => 'Samba Status',
 'saturday' => 'Samstag',
 'save' => 'Speichern',
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -99,7 +99,10 @@
 'addons' => 'Addons',
 'admin user password has been changed' => 'Admin user password has been changed.',
 'admin users' => 'User with superuser rights',
+'administrator password' => 'Administrator password',
 'administrator user password' => 'Admin user password:',
+'administrator username' => 'Administrator username',
+'adsl settings' => 'ADSL settings',
 'advanced' => 'Advanced',
 'advanced server' => 'Advanced server options',
 'advproxy AUTH always required' => 'Require authentication for unrestricted source addresses',
@@ -111,7 +114,8 @@
 'advproxy AUTH method ldap' => 'LDAP',
 'advproxy AUTH method ncsa' => 'Local',
 'advproxy AUTH method none' => 'None',
-'advproxy AUTH method ntlm' => 'Windows',
+'advproxy AUTH method ntlm' => 'Windows NT4 Domain',
+'advproxy AUTH method ntlm auth' => 'Windows Active Directory',
 'advproxy AUTH method radius' => 'RADIUS',
 'advproxy AUTH no auth' => 'Domains without authentication (one per line)',
 'advproxy AUTH number of auth processes' => 'Number of authentication processes',
@@ -262,6 +266,8 @@
 'advproxy fake useragent' => 'Fake useragent submitted to external sites',
 'advproxy friday' => 'Fri',
 'advproxy from' => 'From',
+'advproxy group access control' => 'Group based access control',
+'advproxy group required' => 'Required group',
 'advproxy hdd cache size' => 'Harddisk cache size (MB)',
 'advproxy invalid num of children' => 'Invalid number of filter processes',
 'advproxy log enabled' => 'Log enabled',
@@ -1492,6 +1498,7 @@
 'memory' => 'Memory',
 'memory information' => 'Memory information',
 'memory usage per' => 'Memory Usage per',
+'messages' => 'Messages',
 'messages logging' => 'Logsettings for /var/log/messages',
 'method' => 'Method:',
 'min costs' => 'Minimum costs',
@@ -1929,6 +1936,8 @@
 'running' => 'RUNNING',
 'safe removal of umounted device' => 'You can safely remove the unmounted device',
 'samba' => 'Samba',
+'samba join a domain' => 'Join a domain',
+'samba join domain' => 'Join domain',
 'samba status' => 'Samba Status',
 'saturday' => 'Saturday',
 'save' => 'Save',
--- a/langs/es/cgi-bin/es.pl
+++ b/langs/es/cgi-bin/es.pl
@@ -101,7 +101,6 @@
 'advproxy AUTH method ldap' => 'LDAP',
 'advproxy AUTH method ncsa' => 'Local',
 'advproxy AUTH method none' => 'Ninguno',
-'advproxy AUTH method ntlm' => 'Windows',
 'advproxy AUTH method radius' => 'RADIUS',
 'advproxy AUTH no auth' => 'Dominios sin autenticación (uno por línea)',
 'advproxy AUTH number of auth processes' => 'Número de proceso de autenticación',
--- a/langs/fr/cgi-bin/fr.pl
+++ b/langs/fr/cgi-bin/fr.pl
@@ -103,7 +103,6 @@
 'advproxy AUTH method ldap' => 'LDAP',
 'advproxy AUTH method ncsa' => 'Local',
 'advproxy AUTH method none' => 'Rien',
-'advproxy AUTH method ntlm' => 'Windows',
 'advproxy AUTH method radius' => 'RADIUS',
 'advproxy AUTH no auth' => 'Domaines sans authentification (un par ligne)',
 'advproxy AUTH number of auth processes' => 'Nombre de processus d\'authentification',
--- a/langs/nl/cgi-bin/nl.pl
+++ b/langs/nl/cgi-bin/nl.pl
@@ -110,7 +110,6 @@
 'advproxy AUTH method ldap' => 'LDAP',
 'advproxy AUTH method ncsa' => 'Lokaal',
 'advproxy AUTH method none' => 'Geen',
-'advproxy AUTH method ntlm' => 'Windows',
 'advproxy AUTH method radius' => 'RADIUS',
 'advproxy AUTH no auth' => 'Domeinen zonder authenticatie (een per regel)',
 'advproxy AUTH number of auth processes' => 'Aantal authenticatieprocessen',
--- a/langs/pl/cgi-bin/pl.pl
+++ b/langs/pl/cgi-bin/pl.pl
@@ -103,7 +103,6 @@
 'advproxy AUTH method ldap' => 'LDAP',
 'advproxy AUTH method ncsa' => 'Local',
 'advproxy AUTH method none' => 'None',
-'advproxy AUTH method ntlm' => 'Windows',
 'advproxy AUTH method radius' => 'RADIUS',
 'advproxy AUTH no auth' => 'Domeny bez autoryzacji (jedna w linii)',
 'advproxy AUTH number of auth processes' => 'Liczba procesów autoryzujących',
--- a/langs/ru/cgi-bin/ru.pl
+++ b/langs/ru/cgi-bin/ru.pl
@@ -101,7 +101,6 @@
 'advproxy AUTH method ldap' => 'LDAP',
 'advproxy AUTH method ncsa' => 'Локальный',
 'advproxy AUTH method none' => 'Нет',
-'advproxy AUTH method ntlm' => 'Windows',
 'advproxy AUTH method radius' => 'RADIUS',
 'advproxy AUTH no auth' => 'Домен без аутентификации (один на строчку)',
 'advproxy AUTH number of auth processes' => 'Кол-во процессов аутентификации',
--- a/langs/tr/cgi-bin/tr.pl
+++ b/langs/tr/cgi-bin/tr.pl
@@ -110,7 +110,6 @@
 'advproxy AUTH method ldap' => 'LDAP',
 'advproxy AUTH method ncsa' => 'Yerel',
 'advproxy AUTH method none' => 'Yok',
-'advproxy AUTH method ntlm' => 'Windows',
 'advproxy AUTH method radius' => 'RADIUS',
 'advproxy AUTH no auth' => 'Kimlik doğrulaması olmayan hedefler (her satırda bir tane)',
 'advproxy AUTH number of auth processes' => 'Kimlik doğrulama işlemlerinin sayısı',
--- a/lfs/krb5
+++ b/lfs/krb5
@@ -0,0 +1,105 @@
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2007  Michael Tremer & Christian Schmidt                      #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER        = 1.12.1
+
+THISAPP    = krb5-$(VER)
+DL_FILE    = $(THISAPP).tar.gz
+DL_FROM    = $(URL_IPFIRE)
+DIR_APP    = $(DIR_SRC)/$(THISAPP)/src
+TARGET     = $(DIR_INFO)/$(THISAPP)
+PROG       = krb5
+PAK_VER    = 1
+
+DEPS       = ""
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_MD5 = 4a631b3474d3e44773f1ecda96f04400
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+md5 : $(subst %,%_MD5,$(objects))
+
+dist: 
+	@$(PAK)
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+	@$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+	@$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+	@$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+	@$(PREBUILD)
+	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
+	cd $(DIR_APP) && patch -Np2 < $(DIR_SRC)/src/patches/mitkrb-1.12.1-db2_fix-1.patch
+
+	cd $(DIR_APP) && sed -e "s@python2.5/Python.h@& python2.7/Python.h@g" \
+		-e "s@-lpython2.5]@&,\n  AC_CHECK_LIB(python2.7,main,[PYTHON_LIB=-lpython2.7])@g" \
+		-i configure.in
+	cd $(DIR_APP) && autoconf
+
+	cd $(DIR_APP) && ./configure \
+		--prefix=/usr \
+		--sysconfdir=/etc \
+		--localstatedir=/var/lib \
+		--with-system-et \
+		--with-system-ss \
+		--enable-dns-for-realm \
+		CPPFLAGS="-I/usr/include/et"
+
+	cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE)
+	cd $(DIR_APP) && make $(EXTRA_INSTALL) install
+
+	for LIB in gssapi_krb5 gssrpc k5crypto kadm5clnt kadm5srv \
+        		kdb5 kdb_ldap krad krb5 krb5support verto; do \
+		chmod -f -v 755 "/usr/lib/lib$$LIB.so"; \
+	done
+
+	@rm -rf $(DIR_APP)
+	@$(POSTBUILD)
--- a/lfs/samba
+++ b/lfs/samba
@@ -34,7 +34,7 @@ TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = samba
 PAK_VER    = 58

-DEPS       = "cups"
+DEPS       = "cups krb5"

 ###############################################################################
 # Top-level Rules
@@ -78,16 +78,27 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	@$(PREBUILD)
 	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
 	cd $(DIR_APP)/source3 && ./configure \
-				--prefix=/usr \
-				--libdir=/usr/lib/ \
-				--sysconfdir=/var/ipfire \
-				--localstatedir=/var \
-				--with-piddir=/var/run \
-				--with-fhs \
-				--with-winbind \
-				--disable-swat \
-				--enable-cups \
-				--with-syslog
+		--prefix=/usr \
+		--libdir=/usr/lib/ \
+		--sysconfdir=/var/ipfire \
+		--localstatedir=/var \
+		--with-cachedir=/var/lib/samba \
+		--with-lockdir=/var/lib/samba \
+		--with-piddir=/var/run \
+		--with-ads \
+		--with-acl-support \
+		--with-libsmbclient \
+		--with-libsmbsharemodes \
+		--with-sendfile-support \
+		--without-smbwrapper \
+		--with-mmap \
+		--with-fhs \
+		--with-vfs \
+		--with-winbind \
+		--disable-swat \
+		--enable-cups \
+		--disable-avahi \
+		--with-syslog
 	cd $(DIR_APP)/source3 && make proto && make all $(MAKETUNING) $(EXTRA_MAKE)
 	cd $(DIR_APP)/source3 && make install
 	cd $(DIR_APP)/source3 && chmod -v 644 /usr/include/libsmbclient.h
@@ -107,5 +118,9 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	cat /var/ipfire/samba/global /var/ipfire/samba/shares > /var/ipfire/samba/smb.conf
 	-mkdir -p /var/log/samba
 	install -v -m 644 $(DIR_SRC)/config/backup/includes/samba /var/ipfire/backup/addons/includes/samba
+
+	-mkdir -p 750 /var/lib/samba/winbindd_privileged
+	chgrp wbpriv /var/lib/samba/winbindd_privileged
+
 	@rm -rf $(DIR_APP)
 	@$(POSTBUILD)
--- a/make.sh
+++ b/make.sh
@@ -616,6 +616,7 @@ buildipfire() {
  ipfiremake foomatic
  ipfiremake hplip
  ipfiremake cifs-utils
+  ipfiremake krb5
  ipfiremake samba
  ipfiremake sudo
  ipfiremake mc
--- a/src/initscripts/init.d/samba
+++ b/src/initscripts/init.d/samba
@@ -4,19 +4,28 @@
 # Based on sysklogd script from LFS-3.1 and earlier.
 # Rewritten by Gerard Beekmans  - gerard@linuxfromscratch.org

-#$LastChangedBy: bdubbs $
-#$Date: 2005-08-01 14:29:19 -0500 (Mon, 01 Aug 2005) $
-
 . /etc/sysconfig/rc
 . $rc_functions

+function fix_permissions() {
+	local lockdir="/var/lib/samba/winbindd_privileged"
+
+	chmod 750 "${lockdir}"
+	chgrp wbpriv "${lockdir}"
+}
+
 case "$1" in
 	start)
+		fix_permissions
+
 		boot_mesg "Starting nmbd..."
 		loadproc /usr/sbin/nmbd -D

 		boot_mesg "Starting smbd..."
 		loadproc /usr/sbin/smbd -D
+
+		boot_mesg "Starting winbind..."
+		loadproc /usr/sbin/winbindd
 		;;

 	stop)
@@ -25,6 +34,9 @@ case "$1" in

 		boot_mesg "Stopping nmbd..."
 		killproc -p /var/run/nmbd.pid /usr/sbin/nmbd
+
+		boot_mesg "Stopping winbind..."
+		killproc -p /var/run/winbindd.pid /usr/sbin/winbindd
                ;;

 	reload)
@@ -33,6 +45,9 @@ case "$1" in

 		boot_mesg "Reloading nmbd..."
 		reloadproc /usr/sbin/nmbd
+
+		boot_mesg "Reloading winbind..."
+		reloadproc /usr/sbin/winbindd
 		;;

 	restart)
@@ -44,6 +59,7 @@ case "$1" in
 	status)
 		statusproc /usr/sbin/nmbd
 		statusproc /usr/sbin/smbd
+		statusproc /usr/sbin/winbindd
 		;;

 	*)
--- a/src/initscripts/init.d/winbind
+++ b/src/initscripts/init.d/winbind
@@ -1,50 +0,0 @@
-#!/bin/bash
-# Begin $rc_base/init.d/winbind
-
-# Based on sysklogd script from LFS-3.1 and earlier.
-# Rewritten by Gerard Beekmans  - gerard@linuxfromscratch.org
-
-#$LastChangedBy: bdubbs $
-#$Date: 2005-08-01 14:29:19 -0500 (Mon, 01 Aug 2005) $
-
-. /etc/sysconfig/rc
-. $rc_functions
-
-PIDFILE="/var/run/winbindd.pid"
-KILLDELAY="10"
-
-case "$1" in
-
-        start)
-                boot_mesg "Starting winbind..."
-                loadproc /usr/sbin/winbindd
-                ;;
-
-        stop)
-                boot_mesg "Stopping winbind..."
-		killproc -p ${PIDFILE} /usr/sbin/winbind
-		;;
-
-	reload)
-		boot_mesg "Reloading winbind..."
-		reloadproc /usr/sbin/winbindd
-		;;
-
-        restart)
-                $0 stop
-                sleep 1
-                $0 start
-                ;;
-
-        status)
-                statusproc /usr/sbin/winbindd
-                ;;
-
-        *)
-                echo "Usage: $0 {start|stop|reload|restart|status}"
-                exit 1
-                ;;
-
-esac
-
-# End $rc_base/init.d/winbind
--- a/src/misc-progs/sambactrl.c
+++ b/src/misc-progs/sambactrl.c
@@ -10,165 +10,136 @@

 char command[BUFFER_SIZE]; 

-int main(int argc, char *argv[])
-{
+int main(int argc, char *argv[]) {
+	if (!(initsetuid()))
+		exit(1);

-if (!(initsetuid()))
-exit(1);
+	// Check what command is asked
+	if (argc == 1) {
+		fprintf (stderr, "Missing smbctrl command!\n");
+		return 1;

-// Check what command is asked
-if (argc==1)
-{
-fprintf (stderr, "Missing smbctrl command!\n");
-return 1;
-}
-else if (strcmp(argv[1], "smbuserdisable")==0)
-{
-snprintf(command, BUFFER_SIZE-1, "/usr/bin/smbpasswd -d %s >/dev/null", argv[2]);
-safe_system(command);
-return 0;
-}
-else if (strcmp(argv[1], "smbuserenable")==0)
-{
-snprintf(command, BUFFER_SIZE-1, "/usr/bin/smbpasswd -e %s >/dev/null", argv[2]);
-safe_system(command);
-return 0;
-}
-else if (strcmp(argv[1], "smbuserdelete")==0)
-{
-snprintf(command, BUFFER_SIZE-1, "/usr/bin/smbpasswd -x %s >/dev/null", argv[2]);
-safe_system(command);
-snprintf(command, BUFFER_SIZE-1, "/usr/sbin/userdel %s >/dev/null", argv[2]);
-safe_system(command);
-return 0;
-}
-else if (strcmp(argv[1], "smbsafeconf")==0)
-{
-safe_system("/bin/cat /var/ipfire/samba/global /var/ipfire/samba/shares > /var/ipfire/samba/smb.conf");
-return 0;
-}
-else if (strcmp(argv[1], "smbsafeconfcups")==0)
-{
-safe_system("/bin/cat /var/ipfire/samba/global /var/ipfire/samba/shares /var/ipfire/samba/printer > /var/ipfire/samba/smb.conf");
-return 0;
-}
-else if (strcmp(argv[1], "smbsafeconfpdc")==0)
-{
-safe_system("/bin/cat /var/ipfire/samba/global /var/ipfire/samba/pdc /var/ipfire/samba/shares > /var/ipfire/samba/smb.conf");
-return 0;
-}
-else if (strcmp(argv[1], "smbsafeconfpdccups")==0)
-{
-safe_system("/bin/cat /var/ipfire/samba/global /var/ipfire/samba/pdc /var/ipfire/samba/shares /var/ipfire/samba/printer > /var/ipfire/samba/smb.conf");
-return 0;
-}
-else if (strcmp(argv[1], "smbglobalreset")==0)
-{
-safe_system("/bin/cat /var/ipfire/samba/default.global /var/ipfire/samba/shares > /var/ipfire/samba/smb.conf");
-safe_system("/bin/cat /var/ipfire/samba/default.settings > /var/ipfire/samba/settings");
-safe_system("/bin/cat /var/ipfire/samba/default.global > /var/ipfire/samba/global");
-safe_system("/bin/cat /var/ipfire/samba/default.pdc > /var/ipfire/samba/pdc");
-return 0;
-}
-else if (strcmp(argv[1], "smbsharesreset")==0)
-{
-safe_system("/bin/cat /var/ipfire/samba/global /var/ipfire/samba/default.shares > /var/ipfire/samba/smb.conf");
-safe_system("/bin/cat /var/ipfire/samba/default.shares > /var/ipfire/samba/shares");
-return 0;
-}
-else if (strcmp(argv[1], "smbprinterreset")==0)
-{
-safe_system("/bin/cat /var/ipfire/samba/global /var/ipfire/samba/shares /var/default.printer > /var/ipfire/samba/smb.conf");
-safe_system("/bin/cat /var/ipfire/samba/default.printer > /var/ipfire/samba/printer");
-return 0;
-}
-else if (strcmp(argv[1], "smbstop")==0)
-{
-safe_system("/etc/rc.d/init.d/samba stop >/dev/null");
-safe_system("/usr/local/bin/sambactrl disable");
-return 0;
-}
-else if (strcmp(argv[1], "smbstart")==0)
-{
-safe_system("/etc/rc.d/init.d/samba start >/dev/null");
-safe_system("/usr/local/bin/sambactrl enable");
-return 0;
-}
-else if (strcmp(argv[1], "smbrestart")==0)
-{
-safe_system("/etc/rc.d/init.d/samba restart >/dev/null");
-return 0;
-}
-else if (strcmp(argv[1], "smbreload")==0)
-{
-safe_system("/etc/rc.d/init.d/samba reload >/dev/null");
-return 0;
-}
-else if (strcmp(argv[1], "smbstatus")==0)
-{
-snprintf(command, BUFFER_SIZE-1, "/usr/bin/smbstatus 2>/dev/null");
-safe_system(command);
-return 0;
-}
-else if (strcmp(argv[1], "smbuseradd")==0)
-{
-snprintf(command, BUFFER_SIZE-1, "/usr/sbin/groupadd sambauser >/dev/null");
-safe_system(command);
-snprintf(command, BUFFER_SIZE-1, "/usr/sbin/useradd -c 'Samba User' -m -g %s -s %s %s >/dev/null", argv[4], argv[5], argv[2]);
-safe_system(command);
-snprintf(command, BUFFER_SIZE-1, "echo %s:%s | chpasswd", argv[2], argv[3]);
-safe_system(command);
-snprintf(command, BUFFER_SIZE-1, "/usr/bin/printf '%s\n%s\n' | /usr/bin/smbpasswd -as %s >/dev/null", argv[3], argv[3], argv[2]);
-safe_system(command);
-return 0;
-}
-else if (strcmp(argv[1], "smbpcadd")==0)
-{
-snprintf(command, BUFFER_SIZE-1, "/usr/sbin/groupadd sambawks >/dev/null");
-safe_system(command);
-snprintf(command, BUFFER_SIZE-1, "/usr/sbin/useradd -c 'Samba Workstation' -g %s -s %s %s >/dev/null", argv[3], argv[4], argv[2]);
-safe_system(command);
-snprintf(command, BUFFER_SIZE-1, "/usr/bin/smbpasswd -a -m %s >/dev/null", argv[2]);
-safe_system(command);
-return 0;
-}
-else if (strcmp(argv[1], "smbchangepw")==0)
-{
-snprintf(command, BUFFER_SIZE-1, "echo %s:%s | chpasswd", argv[2], argv[3]);
-safe_system(command);
-snprintf(command, BUFFER_SIZE-1, "/usr/bin/printf '%s\n%s\n' | /usr/bin/smbpasswd -as %s >/dev/null", argv[3], argv[3], argv[2]);
-safe_system(command);
-return 0;
-}
-else if (strcmp(argv[1], "readsmbpasswd")==0)
-{
-safe_system("/bin/chown root:nobody /var/ipfire/samba/private >/dev/null");
-safe_system("/bin/chown root:nobody /var/ipfire/samba/private/smbpasswd >/dev/null");
-safe_system("/bin/chmod 640 /var/ipfire/samba/private/smbpasswd >/dev/null");
-safe_system("/bin/chmod 650 /var/ipfire/samba/private >/dev/null");
-return 0;
-}
-else if (strcmp(argv[1], "locksmbpasswd")==0)
-{
-safe_system("/bin/chown root:root /var/ipfire/samba/private >/dev/null");
-safe_system("/bin/chown root:root /var/ipfire/samba/private/smbpasswd >/dev/null");
-safe_system("/bin/chmod 600 /var/ipfire/samba/private/smbpasswd >/dev/null");
-safe_system("/bin/chmod 600 /var/ipfire/samba/private >/dev/null");
-return 0;
-}
-else if (strcmp(argv[1], "enable")==0)
-{
-safe_system("touch /var/ipfire/samba/enable");
-safe_system("ln -snf /etc/rc.d/init.d/samba /etc/rc.d/rc3.d/S45samba");
-safe_system("ln -snf /etc/rc.d/init.d/samba /etc/rc.d/rc0.d/K48samba");
-safe_system("ln -snf /etc/rc.d/init.d/samba /etc/rc.d/rc6.d/K48samba");
-return 0;
-}
-else if (strcmp(argv[1], "disable")==0)
-{
-safe_system("unlink /var/ipfire/samba/enable");
-safe_system("rm -rf /etc/rc.d/rc*.d/*samba");
-return 0;
-}
-return 0;
+	} else if (strcmp(argv[1], "smbuserdisable") == 0) {
+		snprintf(command, BUFFER_SIZE-1, "/usr/bin/smbpasswd -d %s >/dev/null", argv[2]);
+		safe_system(command);
+
+	} else if (strcmp(argv[1], "smbuserenable") == 0) {
+		snprintf(command, BUFFER_SIZE-1, "/usr/bin/smbpasswd -e %s >/dev/null", argv[2]);
+		safe_system(command);
+
+	} else if (strcmp(argv[1], "smbuserdelete") == 0) {
+		snprintf(command, BUFFER_SIZE-1, "/usr/bin/smbpasswd -x %s >/dev/null", argv[2]);
+		safe_system(command);
+
+		snprintf(command, BUFFER_SIZE-1, "/usr/sbin/userdel %s >/dev/null", argv[2]);
+		safe_system(command);
+
+	} else if (strcmp(argv[1], "smbsafeconf") == 0) {
+		safe_system("/bin/cat /var/ipfire/samba/global /var/ipfire/samba/shares > /var/ipfire/samba/smb.conf");
+
+	} else if (strcmp(argv[1], "smbsafeconfcups") == 0) {
+		safe_system("/bin/cat /var/ipfire/samba/global /var/ipfire/samba/shares /var/ipfire/samba/printer > /var/ipfire/samba/smb.conf");
+
+	} else if (strcmp(argv[1], "smbsafeconfpdc") == 0) {
+		safe_system("/bin/cat /var/ipfire/samba/global /var/ipfire/samba/pdc /var/ipfire/samba/shares > /var/ipfire/samba/smb.conf");
+
+	} else if (strcmp(argv[1], "smbsafeconfpdccups") == 0) {
+		safe_system("/bin/cat /var/ipfire/samba/global /var/ipfire/samba/pdc /var/ipfire/samba/shares /var/ipfire/samba/printer > /var/ipfire/samba/smb.conf");
+
+	} else if (strcmp(argv[1], "smbglobalreset") == 0) {
+		safe_system("/bin/cat /var/ipfire/samba/default.global /var/ipfire/samba/shares > /var/ipfire/samba/smb.conf");
+		safe_system("/bin/cat /var/ipfire/samba/default.settings > /var/ipfire/samba/settings");
+		safe_system("/bin/cat /var/ipfire/samba/default.global > /var/ipfire/samba/global");
+		safe_system("/bin/cat /var/ipfire/samba/default.pdc > /var/ipfire/samba/pdc");
+
+	} else if (strcmp(argv[1], "smbsharesreset") == 0) {
+		safe_system("/bin/cat /var/ipfire/samba/global /var/ipfire/samba/default.shares > /var/ipfire/samba/smb.conf");
+		safe_system("/bin/cat /var/ipfire/samba/default.shares > /var/ipfire/samba/shares");
+
+	} else if (strcmp(argv[1], "smbprinterreset") == 0) {
+		safe_system("/bin/cat /var/ipfire/samba/global /var/ipfire/samba/shares /var/default.printer > /var/ipfire/samba/smb.conf");
+		safe_system("/bin/cat /var/ipfire/samba/default.printer > /var/ipfire/samba/printer");
+
+	} else if (strcmp(argv[1], "smbstop") == 0) {
+		safe_system("/etc/rc.d/init.d/samba stop >/dev/null");
+		safe_system("/usr/local/bin/sambactrl disable");
+
+	} else if (strcmp(argv[1], "smbstart") == 0) {
+		safe_system("/etc/rc.d/init.d/samba start >/dev/null");
+		safe_system("/usr/local/bin/sambactrl enable");
+
+	} else if (strcmp(argv[1], "smbrestart") == 0) {
+		safe_system("/etc/rc.d/init.d/samba restart >/dev/null");
+
+	} else if (strcmp(argv[1], "smbreload") == 0) {
+		safe_system("/etc/rc.d/init.d/samba reload >/dev/null");
+
+	} else if (strcmp(argv[1], "smbstatus") == 0) {
+		snprintf(command, BUFFER_SIZE-1, "/usr/bin/smbstatus 2>/dev/null");
+		safe_system(command);
+
+	} else if (strcmp(argv[1], "smbuseradd") == 0) {
+		snprintf(command, BUFFER_SIZE-1, "/usr/sbin/groupadd sambauser >/dev/null");
+		safe_system(command);
+
+		snprintf(command, BUFFER_SIZE-1, "/usr/sbin/useradd -c 'Samba User' -m -g %s -s %s %s >/dev/null", argv[4], argv[5], argv[2]);
+		safe_system(command);
+
+		snprintf(command, BUFFER_SIZE-1, "echo %s:%s | chpasswd", argv[2], argv[3]);
+		safe_system(command);
+
+		snprintf(command, BUFFER_SIZE-1, "/usr/bin/printf '%s\n%s\n' | /usr/bin/smbpasswd -as %s >/dev/null", argv[3], argv[3], argv[2]);
+		safe_system(command);
+
+	} else if (strcmp(argv[1], "smbpcadd") == 0) {
+		snprintf(command, BUFFER_SIZE-1, "/usr/sbin/groupadd sambawks >/dev/null");
+		safe_system(command);
+
+		snprintf(command, BUFFER_SIZE-1, "/usr/sbin/useradd -c 'Samba Workstation' -g %s -s %s %s >/dev/null", argv[3], argv[4], argv[2]);
+		safe_system(command);
+
+		snprintf(command, BUFFER_SIZE-1, "/usr/bin/smbpasswd -a -m %s >/dev/null", argv[2]);
+		safe_system(command);
+
+	} else if (strcmp(argv[1], "smbchangepw") == 0) {
+		snprintf(command, BUFFER_SIZE-1, "echo %s:%s | chpasswd", argv[2], argv[3]);
+		safe_system(command);
+
+		snprintf(command, BUFFER_SIZE-1, "/usr/bin/printf '%s\n%s\n' | /usr/bin/smbpasswd -as %s >/dev/null", argv[3], argv[3], argv[2]);
+		safe_system(command);
+
+	} else if (strcmp(argv[1], "readsmbpasswd") == 0) {
+		safe_system("/bin/chown root:nobody /var/ipfire/samba/private >/dev/null");
+		safe_system("/bin/chown root:nobody /var/ipfire/samba/private/smbpasswd >/dev/null");
+		safe_system("/bin/chmod 640 /var/ipfire/samba/private/smbpasswd >/dev/null");
+		safe_system("/bin/chmod 650 /var/ipfire/samba/private >/dev/null");
+
+	} else if (strcmp(argv[1], "locksmbpasswd") == 0) {
+		safe_system("/bin/chown root:root /var/ipfire/samba/private >/dev/null");
+		safe_system("/bin/chown root:root /var/ipfire/samba/private/smbpasswd >/dev/null");
+		safe_system("/bin/chmod 600 /var/ipfire/samba/private/smbpasswd >/dev/null");
+		safe_system("/bin/chmod 600 /var/ipfire/samba/private >/dev/null");
+
+	} else if (strcmp(argv[1], "enable") == 0) {
+		safe_system("touch /var/ipfire/samba/enable");
+		safe_system("ln -snf /etc/rc.d/init.d/samba /etc/rc.d/rc3.d/S45samba");
+		safe_system("ln -snf /etc/rc.d/init.d/samba /etc/rc.d/rc0.d/K48samba");
+		safe_system("ln -snf /etc/rc.d/init.d/samba /etc/rc.d/rc6.d/K48samba");
+
+	} else if (strcmp(argv[1], "disable") == 0) {
+		safe_system("unlink /var/ipfire/samba/enable");
+		safe_system("rm -rf /etc/rc.d/rc*.d/*samba");
+
+	} else if (strcmp(argv[1], "join") == 0) {
+		if (argc == 4) {
+			snprintf(command, BUFFER_SIZE - 1, "/usr/bin/net join -U \"%s%%%s\"",
+				argv[2], argv[3]);
+			return safe_system(command);
+		} else {
+			fprintf(stderr, "Wrong number of arguments. Need username and password.\n");
+			return 1;
+		}
+	}
+
+	return 0;
 }
--- a/src/paks/samba/install.sh
+++ b/src/paks/samba/install.sh
@@ -22,6 +22,14 @@
 ############################################################################
 #
 . /opt/pakfire/lib/functions.sh
+
+# If the wbpriv group does not exist yet, then create it and put squid
+# into it.
+if ! getent group wbpriv >/dev/null; then
+	groupadd -g 88 wbpriv
+	usermod -a -G wbpriv squid
+fi
+
 extract_files
 restore_backup ${NAME}
 /usr/local/bin/sambactrl smbstart
--- a/src/paks/samba/update.sh
+++ b/src/paks/samba/update.sh
@@ -23,6 +23,14 @@
 #
 . /opt/pakfire/lib/functions.sh
 ./uninstall.sh
+
+# If the wbpriv group does not exist yet, then create it and put squid
+# into it.
+if ! getent group wbpriv >/dev/null; then
+	groupadd -g 88 wbpriv
+	usermod -a -G wbpriv squid
+fi
+
 extract_files
 restore_backup ${NAME}
 echo "passdb backend = smbpasswd" >> /var/ipfire/samba/smb.conf
--- a/src/patches/mitkrb-1.12.1-db2_fix-1.patch
+++ b/src/patches/mitkrb-1.12.1-db2_fix-1.patch
@@ -0,0 +1,175 @@
+Submitted By:            Pierre Labastie <pierre dot labastie at eamil dot fr>
+Date:                    2014-03-04
+Initial Package Version: 1.12.1
+Upstream Status:         In upstream GIT
+Origin:                  Upstream
+Description:             Fixes http://krbdev.mit.edu/rt/Ticket/Display.html?id=7860
+
+--- a/src/plugins/kdb/db2/libdb2/mpool/mpool.c
+++ b/src/plugins/kdb/db2/libdb2/mpool/mpool.c
+@@ -81,9 +81,9 @@ mpool_open(key, fd, pagesize, maxcache)
+ 	/* Allocate and initialize the MPOOL cookie. */
+ 	if ((mp = (MPOOL *)calloc(1, sizeof(MPOOL))) == NULL)
+ 		return (NULL);
+-	CIRCLEQ_INIT(&mp->lqh);
+	TAILQ_INIT(&mp->lqh);
+ 	for (entry = 0; entry < HASHSIZE; ++entry)
+-		CIRCLEQ_INIT(&mp->hqh[entry]);
+		TAILQ_INIT(&mp->hqh[entry]);
+ 	mp->maxcache = maxcache;
+ 	mp->npages = sb.st_size / pagesize;
+ 	mp->pagesize = pagesize;
+@@ -143,8 +143,8 @@ mpool_new(mp, pgnoaddr, flags)
+ 	bp->flags = MPOOL_PINNED | MPOOL_INUSE;
+ 
+ 	head = &mp->hqh[HASHKEY(bp->pgno)];
+-	CIRCLEQ_INSERT_HEAD(head, bp, hq);
+-	CIRCLEQ_INSERT_TAIL(&mp->lqh, bp, q);
+	TAILQ_INSERT_HEAD(head, bp, hq);
+	TAILQ_INSERT_TAIL(&mp->lqh, bp, q);
+ 	return (bp->page);
+ }
+ 
+@@ -168,8 +168,8 @@ mpool_delete(mp, page)
+ 
+ 	/* Remove from the hash and lru queues. */
+ 	head = &mp->hqh[HASHKEY(bp->pgno)];
+-	CIRCLEQ_REMOVE(head, bp, hq);
+-	CIRCLEQ_REMOVE(&mp->lqh, bp, q);
+	TAILQ_REMOVE(head, bp, hq);
+	TAILQ_REMOVE(&mp->lqh, bp, q);
+ 
+ 	free(bp);
+ 	return (RET_SUCCESS);
+@@ -208,10 +208,10 @@ mpool_get(mp, pgno, flags)
+ 		 * of the lru chain.
+ 		 */
+ 		head = &mp->hqh[HASHKEY(bp->pgno)];
+-		CIRCLEQ_REMOVE(head, bp, hq);
+-		CIRCLEQ_INSERT_HEAD(head, bp, hq);
+-		CIRCLEQ_REMOVE(&mp->lqh, bp, q);
+-		CIRCLEQ_INSERT_TAIL(&mp->lqh, bp, q);
+		TAILQ_REMOVE(head, bp, hq);
+		TAILQ_INSERT_HEAD(head, bp, hq);
+		TAILQ_REMOVE(&mp->lqh, bp, q);
+		TAILQ_INSERT_TAIL(&mp->lqh, bp, q);
+ 
+ 		/* Return a pinned page. */
+ 		bp->flags |= MPOOL_PINNED;
+@@ -261,8 +261,8 @@ mpool_get(mp, pgno, flags)
+ 	 * of the lru chain.
+ 	 */
+ 	head = &mp->hqh[HASHKEY(bp->pgno)];
+-	CIRCLEQ_INSERT_HEAD(head, bp, hq);
+-	CIRCLEQ_INSERT_TAIL(&mp->lqh, bp, q);
+	TAILQ_INSERT_HEAD(head, bp, hq);
+	TAILQ_INSERT_TAIL(&mp->lqh, bp, q);
+ 
+ 	/* Run through the user's filter. */
+ 	if (mp->pgin != NULL)
+@@ -311,8 +311,8 @@ mpool_close(mp)
+ 	BKT *bp;
+ 
+ 	/* Free up any space allocated to the lru pages. */
+-	while ((bp = mp->lqh.cqh_first) != (void *)&mp->lqh) {
+-		CIRCLEQ_REMOVE(&mp->lqh, mp->lqh.cqh_first, q);
+	while ((bp = mp->lqh.tqh_first) != NULL) {
+		TAILQ_REMOVE(&mp->lqh, mp->lqh.tqh_first, q);
+ 		free(bp);
+ 	}
+ 
+@@ -332,8 +332,7 @@ mpool_sync(mp)
+ 	BKT *bp;
+ 
+ 	/* Walk the lru chain, flushing any dirty pages to disk. */
+-	for (bp = mp->lqh.cqh_first;
+-	    bp != (void *)&mp->lqh; bp = bp->q.cqe_next)
+	for (bp = mp->lqh.tqh_first; bp != NULL; bp = bp->q.tqe_next)
+ 		if (bp->flags & MPOOL_DIRTY &&
+ 		    mpool_write(mp, bp) == RET_ERROR)
+ 			return (RET_ERROR);
+@@ -363,8 +362,7 @@ mpool_bkt(mp)
+ 	 * off any lists.  If we don't find anything we grow the cache anyway.
+ 	 * The cache never shrinks.
+ 	 */
+-	for (bp = mp->lqh.cqh_first;
+-	    bp != (void *)&mp->lqh; bp = bp->q.cqe_next)
+	for (bp = mp->lqh.tqh_first; bp != NULL; bp = bp->q.tqe_next)
+ 		if (!(bp->flags & MPOOL_PINNED)) {
+ 			/* Flush if dirty. */
+ 			if (bp->flags & MPOOL_DIRTY &&
+@@ -375,8 +373,8 @@ mpool_bkt(mp)
+ #endif
+ 			/* Remove from the hash and lru queues. */
+ 			head = &mp->hqh[HASHKEY(bp->pgno)];
+-			CIRCLEQ_REMOVE(head, bp, hq);
+-			CIRCLEQ_REMOVE(&mp->lqh, bp, q);
+			TAILQ_REMOVE(head, bp, hq);
+			TAILQ_REMOVE(&mp->lqh, bp, q);
+ #if defined(DEBUG) && !defined(DEBUG_IDX0SPLIT)
+ 			{ void *spage;
+ 				spage = bp->page;
+@@ -450,7 +448,7 @@ mpool_look(mp, pgno)
+ 	BKT *bp;
+ 
+ 	head = &mp->hqh[HASHKEY(pgno)];
+-	for (bp = head->cqh_first; bp != (void *)head; bp = bp->hq.cqe_next)
+	for (bp = head->tqh_first; bp != NULL; bp = bp->hq.tqe_next)
+ 		if ((bp->pgno == pgno) && (bp->flags & MPOOL_INUSE)) {
+ #ifdef STATISTICS
+ 			++mp->cachehit;
+@@ -494,8 +492,7 @@ mpool_stat(mp)
+ 
+ 	sep = "";
+ 	cnt = 0;
+-	for (bp = mp->lqh.cqh_first;
+-	    bp != (void *)&mp->lqh; bp = bp->q.cqe_next) {
+	for (bp = mp->lqh.tqh_first; bp != NULL; bp = bp->q.tqe_next) {
+ 		(void)fprintf(stderr, "%s%d", sep, bp->pgno);
+ 		if (bp->flags & MPOOL_DIRTY)
+ 			(void)fprintf(stderr, "d");
+
+--- a/src/plugins/kdb/db2/libdb2/mpool/mpool.h
+++ b/src/plugins/kdb/db2/libdb2/mpool/mpool.h
+@@ -47,8 +47,8 @@
+ 
+ /* The BKT structures are the elements of the queues. */
+ typedef struct _bkt {
+-	CIRCLEQ_ENTRY(_bkt) hq;		/* hash queue */
+-	CIRCLEQ_ENTRY(_bkt) q;		/* lru queue */
+	TAILQ_ENTRY(_bkt) hq;		/* hash queue */
+	TAILQ_ENTRY(_bkt) q;		/* lru queue */
+ 	void    *page;			/* page */
+ 	db_pgno_t   pgno;			/* page number */
+ 
+@@ -59,9 +59,9 @@ typedef struct _bkt {
+ } BKT;
+ 
+ typedef struct MPOOL {
+-	CIRCLEQ_HEAD(_lqh, _bkt) lqh;	/* lru queue head */
+	TAILQ_HEAD(_lqh, _bkt) lqh;	/* lru queue head */
+ 					/* hash queue array */
+-	CIRCLEQ_HEAD(_hqh, _bkt) hqh[HASHSIZE];
+	TAILQ_HEAD(_hqh, _bkt) hqh[HASHSIZE];
+ 	db_pgno_t	curcache;		/* current number of cached pages */
+ 	db_pgno_t	maxcache;		/* max number of cached pages */
+ 	db_pgno_t	npages;			/* number of pages in the file */
+
+--- a/src/plugins/kdb/db2/libdb2/test/run.test
+++ b/src/plugins/kdb/db2/libdb2/test/run.test
+@@ -71,10 +71,11 @@ main()
+ }
+ 
+ getnwords() {
+-	# Delete blank lines because the db code appears not to
+-	# like empty keys.  On Debian Linux, $DICT appears to contain
+-	# some non-ASCII characters, and "rev" chokes on them.
+-	sed -e '/^$/d' < $DICT | cat -v | sed -e ${1}q
+	# Delete blank lines because the db code appears not to like
+	# empty keys.  Omit lines with non-alphanumeric characters to
+	# avoid shell metacharacters and non-ASCII characters which
+	# could cause 'rev' to choke.
+	LC_ALL=C sed -e '/^$/d' -e '/[^A-Za-z]/d' < $DICT | sed -e ${1}q
+ }
+ 
+ # Take the first hundred entries in the dictionary, and make them